diff --git a/.appveyor.yml b/.appveyor.yml
index 28b9106d..cfc759b5 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -19,6 +19,7 @@ build:
   verbosity: minimal
 skip_branch_with_pr: true
 image: Visual Studio 2019
+clone_script: echo Skip AppVeyor Clone
 
 environment:
   global:
@@ -32,7 +33,7 @@ environment:
     PYTHON_DEF: "C:\\Python38-x64"
     PYTHON_VERSION: "3.8"
     # Python versions to build wheels for
-    PYTHONVERS: C:\Python36-x64 C:\Python37-x64 C:\Python38-x64 C:\Python39-x64 C:\Python310-x64 C:\Python311-x64
+    PYTHONVERS: C:\Python38-x64 C:\Python39-x64 C:\Python310-x64 C:\Python311-x64 C:\Python312-x64 C:\Python313-x64
     PYTHON_ARCH: "64"
 
 install:
@@ -45,7 +46,18 @@ install:
         https://ci.appveyor.com/api/projects/$env:APPVEYOR_ACCOUNT_NAME/$env:APPVEYOR_PROJECT_SLUG/history?recordsNumber=50).builds | `
         Where-Object pullRequestId -eq $env:APPVEYOR_PULL_REQUEST_NUMBER)[0].buildNumber) { `
           throw "There are newer queued builds for this pull request, failing early." }
-  - set OPENSSL_DIR="C:\OpenSSL-v11-Win%PYTHON_ARCH%"
+
+  # Git checkout
+  - git config --global filter.lfs.smudge "git-lfs smudge --skip -- %f"
+  - git config --global filter.lfs.process "git-lfs filter-process --skip"
+  - git init %APPVEYOR_BUILD_FOLDER%
+  - cd %APPVEYOR_BUILD_FOLDER%
+  - git remote add origin https://github.com/%APPVEYOR_REPO_NAME%.git
+  - git fetch -q origin %APPVEYOR_REPO_COMMIT%
+  - git fetch --tags
+  - git checkout -qf %APPVEYOR_REPO_COMMIT%
+
+  - set OPENSSL_DIR="C:\OpenSSL-v34-Win64"
   - set VCLIBDIR=%WINDIR%\System32
   - cp %VCLIBDIR%/vcruntime140.dll ssh/
   - cp %VCLIBDIR%/msvcr120.dll ssh/
@@ -60,15 +72,13 @@ install:
   # do not cause a version change.
   - "%PYTHON_DEF%\\python.exe ci/appveyor/fix_version.py ."
   - mv -f .git .git.bak
-  - 7z x ci\appveyor\zlib1211.zip
-  # - appveyor DownloadFile http://web.mit.edu/kerberos/dist/kfw/4.1/kfw-4.1-amd64.msi
-  # - msiexec /i kfw-4.1-amd64.msi /passive /qn
-  # - ps: ls "C:\Program Files\MIT\Kerberos\"
-  # - cp "C:\Program Files\MIT\Kerberos\*.dll" ssh/
+  - ps: ls ssh/*.dll
   - ps: ls ssh
   - ps: ls
 
 build_script:
+  - for %%I in (%PYTHONVERS%) do cp %OPENSSL_DIR%/lib/VC/x64/MD/libcrypto.lib %%I/libs/libcrypto64MD.lib
+  - for %%I in (%PYTHONVERS%) do cp %OPENSSL_DIR%/lib/VC/x64/MD/libssl.lib %%I/libs/libssl64MD.lib
   - ci\\appveyor\\build_zlib.bat
   - for %%I in (%PYTHONVERS%) do cp C:/zlib/lib/zlibstatic.lib %%I/libs/
   - for %%I in (%PYTHONVERS%) do ls %%I/libs/
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 515f5dbb..9f937255 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -15,46 +15,59 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 version: 2.1
 
-orbs:
-  python: circleci/python@2.1.1
 
 jobs:
   python_test:
     parameters:
       python_ver:
         type: string
-        default: "3.9"
+        default: "3.10"
     docker:
       - image: cimg/python:<< parameters.python_ver >>
     steps:
       - checkout
-      - python/install-packages:
-          pip-dependency-file: requirements_dev.txt
-          pkg-manager: pip
       - run:
           name: Deps
           command: |
             sudo apt-get update
             sudo apt-get install cmake openssh-server
+            pip install -r requirements_dev.txt
       - run:
           command: |
+            pip uninstall -y cython
             pip install -e .
+            python -c 'from ssh.session import Session; Session()'
             eval "$(ssh-agent -s)"
           name: Build
       - run:
           command: |
             set -x
-            ls -lhtr ssh/
-            pwd
-            ldd -r ssh/session*.so
             pytest tests
+          name: Test
+      - run:
+          command: |
+            pytest ci/integration_tests
+          name: Integration
+          max_auto_reruns: 3
+          auto_rerun_delay: 10s
+      - run:
+          command: |
             flake8 ssh
+          name: Flake
+      - run:
+          command: |
             python setup.py sdist
-            cd dist; pip install *; cd ..
+            cd dist
+            pip install *
+            python -c 'from ssh.session import Session; Session()'
+            cd ..
+          name: Sdist Install
+      - run:
+          command: |
             cd doc
             make html
             cd ..
-          name: Test
+          name: Docs
 
   osx:
     parameters:
@@ -70,7 +83,9 @@ jobs:
       - run:
           name: deps
           command: |
-            brew install cmake git-lfs krb5 python libssh
+            brew install cmake python libssh
+            brew link --force openssl
+            brew link --force libssh
             pip3 install twine
             which twine
       - run:
@@ -82,37 +97,28 @@ jobs:
       - run:
           name: Upload Wheel
           command: |
-            twine upload --skip-existing -u $PYPI_USER -p $PYPI_PASSWORD wheels/*
+            if [[ ! -z "$CIRCLE_TAG" ]]; then
+              twine upload --skip-existing -u $PYPI_USER -p $PYPI_PASSWORD wheels/*
+            fi
 
   manylinux-x86_64:
     machine:
-      image: ubuntu-2004:202201-02
+      image: ubuntu-2004:current
     steps: &manylinux-steps
       - checkout
-      - run:
-          name: sdist
-          command: python setup.py sdist
-      - python/install-packages:
-          pip-dependency-file: requirements_dev.txt
-          pkg-manager: pip
-      - run:
-          name: Git LFS
-          command: |
-            curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | sudo bash
-            sudo apt-get install git-lfs
-            git lfs install
-            git lfs pull
       - run:
           name: Deps
           command: |
             sudo apt-get install python3-pip
-            pip install -U pip
+            pip install -U pip setuptools
             pip install twine
             which twine
             which python3
       - run:
           name: Build Wheels
           command: |
+            export LIBSSH=0.11.1
+            export KRB=1.21.3
             if [[ -z "${CIRCLE_PR_NUMBER}" ]]; then
               echo "$DOCKER_PASSWORD" | docker login -u="$DOCKER_USERNAME" --password-stdin;
             fi
@@ -125,11 +131,13 @@ jobs:
       - run:
           name: Upload Wheels
           command: |
-            twine upload --skip-existing -u $PYPI_USER -p $PYPI_PASSWORD dist/* wheelhouse/*
+            if [[ ! -z "$CIRCLE_TAG" ]]; then
+              twine upload --skip-existing -u $PYPI_USER -p $PYPI_PASSWORD dist/* wheelhouse/*
+            fi
 
   manylinux-aarch64:
     machine:
-      image: ubuntu-2004:202101-01
+      image: ubuntu-2004:current
     resource_class: arm.medium
     steps: *manylinux-steps
 
@@ -141,10 +149,10 @@ workflows:
           matrix:
             parameters:
               python_ver:
-                - "3.6"
                 - "3.8"
-                - "3.9"
                 - "3.11"
+                - "3.12"
+                - "3.13"
           filters:
             tags:
               ignore: /.*/
@@ -161,7 +169,8 @@ workflows:
             parameters:
               xcode_ver:
                 - "14.0.0"
-                - "13.1.0"
+                - "15.0.0"
+                - "16.0.0"
           context: Docker
           filters:
             tags:
diff --git a/.gitattributes b/.gitattributes
index 7b7df679..80254c24 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,2 @@
-*.tar.gz filter=lfs diff=lfs merge=lfs -text
-*.rpm filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
+ci/appveyor/zlib1211.zip export-subst
+ssh/_version.py export-subst
diff --git a/.gitignore b/.gitignore
index 42fda467..ba168aeb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,5 +9,7 @@
 libssh/compile_commands.json
 /wheelhouse
 /.idea
-/tests/unit_test_cert_key-cert.pub
+/ci/integration_tests/unit_test_cert_key-cert.pub
 /doc/_build
+ci/docker/manylinux/*.tar.gz
+ci/appveyor/zlib-1.2.11.zip
diff --git a/.readthedocs.yml b/.readthedocs.yml
index e5226632..1b49f428 100644
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -1,9 +1,15 @@
 version: 2
 build:
+  os: ubuntu-24.04
+  tools:
+    python: "3"
   apt_packages:
     - cmake
     - openssl
+sphinx:
+  configuration: doc/conf.py
 python:
   install:
+    - requirements: doc/requirements.txt
     - method: pip
       path: .
diff --git a/Changelog.rst b/Changelog.rst
index 69cb0acd..d05874f1 100644
--- a/Changelog.rst
+++ b/Changelog.rst
@@ -1,6 +1,69 @@
 Change Log
 =============
 
+1.2.0
+++++++
+
+Changes
+--------
+
+* Added private key file formats to `ssh.key` and `ssh.key.Key.export_privkey_file_format` for exporting private key
+  file with specified format - #96
+* Added `ssh.channel.Channel.get_exit_status` implementation and tests.
+* Added key exchange types under `ssh.session`.
+* Added `ssh.session.Session.options_set_int_val` for setting an integer value `libssh` option - for example
+  compression level.
+
+
+Packaging
+----------
+
+* OSX wheel builds now use embedded `libssh` rather than brew package.
+* Dropped Windows Python 3.7 builds.
+* Added Python 3.14 manylinux wheels.
+
+
+1.1.1
++++++
+
+Changes
+--------
+
+No code changes.
+
+
+Packaging
+----------
+
+* Added Windows Python 3.7 and 3.13 wheel builds.
+* Removed manylinux 2010 wheels.
+* Wheel builds now use embedded libssh.
+* Source distribution now uses embedded libssh.
+* Added embedded krb5 for wheel builds.
+* Dockerfiles and scripts updates.
+
+
+1.1.0
++++++
+
+Changes
+--------
+
+* Updated embedded and manylinux libssh to `0.11.1`.
+* Support for Python >=3.12.
+* Upgraded wheel OpenSSL to 3.4.0.
+* Removed testing for Python versions <3.8.
+
+Packaging
+----------
+
+* Added binary wheels for Python versions 3.11, 3.12 and 3.13 on support manylinux wheel builds.
+* Added OSX 12.0, 13.0 and 14.0 wheels, Apple Silicon.
+* Support OSX brew OpenSSL from source builds.
+* Top level tests directory is now cross platform and can be run by vendors.
+* Moved CI specific integration tests to their own space.
+
+
 1.0.0
 ++++++
 
diff --git a/MANIFEST.in b/MANIFEST.in
index 6ff18aa4..3309e662 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,4 +1,5 @@
 recursive-exclude docker *
+recursive-exclude ci *
 include versioneer.py
 include ssh/_version.py
 exclude .travis.yml
diff --git a/README.rst b/README.rst
index ee70a65c..271c0809 100644
--- a/README.rst
+++ b/README.rst
@@ -25,7 +25,7 @@ Bindings for libssh_ C library.
 Installation
 _____________
 
-Binary wheels are provided for Linux (manylinux 2010), OSX (10.14 and 10.15 for brew Python), and Windows 64-bit (Python 3.6/3.7/3.8).
+Binary wheels are provided for Linux (manylinux 2014, x86_64 and aarch64), OSX (12, 13 and 14 for brew Python), and Windows 64-bit (Python 3.8+).
 
 Wheels have *no dependencies*.
 
@@ -52,12 +52,12 @@ See `command execution script <https://github.com/ParallelSSH/ssh-python/blob/ma
 Features
 _________
 
-The library uses `Cython`_ based native code extensions as wrappers to ``libssh``.
+The library provides Python bindings to the ``libssh`` C library.
 
 * Thread safe - GIL released as much as possible
 
   * libssh threading limitations apply - anything not supported in C is not supported in Python
-* Very low overhead thin wrapper
+* Very low overhead bindings
 * Object oriented
 
   * Memory freed automatically and safely as objects are garbage collected by Python
@@ -69,4 +69,3 @@ The library uses `Cython`_ based native code extensions as wrappers to ``libssh`
 
 
 .. _libssh: https://www.libssh.org
-.. _Cython: https://www.cython.org
diff --git a/_setup_libssh.py b/_setup_libssh.py
index d087721f..d63e414c 100644
--- a/_setup_libssh.py
+++ b/_setup_libssh.py
@@ -14,12 +14,11 @@
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 import os
-
-from sys import stderr
-from subprocess import check_call
 from glob import glob
-from shutil import copy2
 from multiprocessing import cpu_count
+from shutil import copy2
+from subprocess import check_call
+from sys import stderr
 
 
 def build_ssh():
@@ -28,6 +27,8 @@ def build_ssh():
         return
     if os.path.exists('/usr/local/opt/openssl'):
         os.environ['OPENSSL_ROOT_DIR'] = '/usr/local/opt/openssl'
+    if os.path.exists('/opt/homebrew/opt/openssl'):
+        os.environ['OPENSSL_ROOT_DIR'] = '/opt/homebrew/opt/openssl'
 
     if not os.path.exists('src'):
         os.mkdir('src')
@@ -44,6 +45,7 @@ def build_ssh():
     check_call("""cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=../local \
     -DWITH_GSSAPI=ON \
     -DWITH_EXAMPLES=OFF \
+    -DUNIT_TESTING=OFF \
     ../libssh""",
                shell=True, env=os.environ)
     check_call(['make', '-j%s' % (cpu_count(),), 'all', 'install'])
diff --git a/ci/appveyor/build_krb.bat b/ci/appveyor/build_krb.bat
index 1f241e14..452437d6 100755
--- a/ci/appveyor/build_krb.bat
+++ b/ci/appveyor/build_krb.bat
@@ -1,8 +1,25 @@
+@REM This file is part of ssh-python.
+@REM Copyright (C) 2018-2025 Panos Kittenis.
+@REM Copyright (C) 2018-2025 ssh-python Contributors.
+@REM
+@REM This library is free software; you can redistribute it and/or
+@REM modify it under the terms of the GNU Lesser General Public
+@REM License as published by the Free Software Foundation, version 2.1.
+@REM
+@REM This library is distributed in the hope that it will be useful,
+@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+@REM Lesser General Public License for more details.
+@REM
+@REM You should have received a copy of the GNU Lesser General Public
+@REM License along with this library; if not, write to the Free Software
+@REM Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 refreshenv
 set KRB_INSTALL_DIR=%APPVEYOR_HOME_DIR%/src/lib
 set CPU=AMD64
 setenv /x64 /release
-cd kfw-4.1/src
+cd krb-1.21.3/src
 make -f Makefile.in prep-windows
 make
 make install
diff --git a/ci/appveyor/build_ssh.bat b/ci/appveyor/build_ssh.bat
index a4e9ac44..ee15f288 100755
--- a/ci/appveyor/build_ssh.bat
+++ b/ci/appveyor/build_ssh.bat
@@ -1,3 +1,20 @@
+@REM This file is part of ssh-python.
+@REM Copyright (C) 2018-2025 Panos Kittenis.
+@REM Copyright (C) 2018-2025 ssh-python Contributors.
+@REM
+@REM This library is free software; you can redistribute it and/or
+@REM modify it under the terms of the GNU Lesser General Public
+@REM License as published by the Free Software Foundation, version 2.1.
+@REM
+@REM This library is distributed in the hope that it will be useful,
+@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+@REM Lesser General Public License for more details.
+@REM
+@REM You should have received a copy of the GNU Lesser General Public
+@REM License along with this library; if not, write to the Free Software
+@REM Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 IF "%PYTHON_VERSION%" == "2.7" (exit 0)
 
 mkdir src
@@ -10,11 +27,13 @@ cmake ..\libssh                                    ^
       -DZLIB_INCLUDE_DIR=C:/zlib/include           ^
       -DWITH_GSSAPI=ON                             ^
       -DWITH_EXAMPLES=OFF                          ^
+      -DUNIT_TESTING=OFF                           ^
       -DOPENSSL_ROOT_DIR=%OPENSSL_DIR%
 
 
-cp %OPENSSL_DIR%\lib\VC\libcrypto%PYTHON_ARCH%MD.lib %APPVEYOR_BUILD_FOLDER%
-cp %OPENSSL_DIR%\lib\VC\libssl%PYTHON_ARCH%MD.lib %APPVEYOR_BUILD_FOLDER%
+dir %OPENSSL_DIR%\lib\VC\x64\MD\
+cp %OPENSSL_DIR%\lib\VC\x64\MD\libcrypto.lib %APPVEYOR_BUILD_FOLDER%\libcrypto64MD.lib
+cp %OPENSSL_DIR%\lib\VC\x64\MD\libssl.lib %APPVEYOR_BUILD_FOLDER%\libssl64MD.lib
 
 cmake --build . --config Release
 cmake --install . --prefix ../local
diff --git a/ci/appveyor/build_zlib.bat b/ci/appveyor/build_zlib.bat
index f11fe412..1b6567c1 100755
--- a/ci/appveyor/build_zlib.bat
+++ b/ci/appveyor/build_zlib.bat
@@ -1,8 +1,25 @@
+@REM This file is part of ssh-python.
+@REM Copyright (C) 2018-2025 Panos Kittenis.
+@REM Copyright (C) 2018-2025 ssh-python Contributors.
+@REM
+@REM This library is free software; you can redistribute it and/or
+@REM modify it under the terms of the GNU Lesser General Public
+@REM License as published by the Free Software Foundation, version 2.1.
+@REM
+@REM This library is distributed in the hope that it will be useful,
+@REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+@REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+@REM Lesser General Public License for more details.
+@REM
+@REM You should have received a copy of the GNU Lesser General Public
+@REM License along with this library; if not, write to the Free Software
+@REM Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 IF "%PYTHON_VERSION%" == "2.7" (exit 0)
 
 mkdir zlib_build && cd zlib_build
 
-cmake ..\zlib-1.2.11                             ^
+cmake ..\zlib-1.3.1                              ^
     -A x64                                       ^
     -DCMAKE_INSTALL_PREFIX="C:\zlib"             ^
     -DCMAKE_BUILD_TYPE=Release                   ^
diff --git a/ci/appveyor/fix_version.py b/ci/appveyor/fix_version.py
index 582af74a..fb317cd9 100644
--- a/ci/appveyor/fix_version.py
+++ b/ci/appveyor/fix_version.py
@@ -1,11 +1,30 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 import os
 from datetime import datetime
 import subprocess
 import json
 import sys
 
+
 def get_describe_tag():
-    return subprocess.check_output(['git', 'describe', '--tags']).strip().decode('utf-8')
+    return subprocess.check_output(['git', 'describe', '--tags']).strip().decode('utf-8').split('-')[0]
+
 
 def make_version_file(basedir):
     rev = os.environ.get('APPVEYOR_REPO_COMMIT',
diff --git a/ci/appveyor/import_test.py b/ci/appveyor/import_test.py
index 70fc9266..5e473312 100644
--- a/ci/appveyor/import_test.py
+++ b/ci/appveyor/import_test.py
@@ -1,3 +1,20 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 from __future__ import print_function
 import sys
 
diff --git a/ci/appveyor/pypi_upload.py b/ci/appveyor/pypi_upload.py
index 1537b3c4..c6771623 100644
--- a/ci/appveyor/pypi_upload.py
+++ b/ci/appveyor/pypi_upload.py
@@ -1,3 +1,20 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 import sys
 import subprocess
 import os
diff --git a/ci/appveyor/zlib1211.zip b/ci/appveyor/zlib1211.zip
deleted file mode 100644
index db8c6583..00000000
--- a/ci/appveyor/zlib1211.zip
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d7510a8ee1918b7d0cad197a089c0a2cd4d6df05fee22389f67f115e738b178d
-size 747422
diff --git a/ci/build-manylinux.sh b/ci/build-manylinux.sh
index 593d4385..02586194 100755
--- a/ci/build-manylinux.sh
+++ b/ci/build-manylinux.sh
@@ -1,24 +1,27 @@
 #!/bin/bash -xe
-# This file is part of ssh-python.
-# Copyright (C) 2017-2022 Panos Kittenis and contributors.
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+tar -czf ci/docker/manylinux/libssh-${LIBSSH}.tar.gz libssh
+tar -czf ci/docker/manylinux/krb5-${KRB}.tar.gz krb5-${KRB}
 
 
 docker_repo="parallelssh/ssh-manylinux"
 docker_files=(
-              "ci/docker/manylinux/Dockerfile"
               "ci/docker/manylinux/Dockerfile.2014_x86_64"
 #              "ci/docker/manylinux/Dockerfile.manylinux_2_24_x86_64"
 #              "ci/docker/manylinux/Dockerfile.manylinux_2_28_x86_64"
@@ -36,7 +39,7 @@ if [[ $(uname -m) == "aarch64" ]]; then
 fi
 
 for docker_file in "${docker_files[@]}"; do
-    if [[ ${docker_file} == "ci/docker/manylinux/Dockerfile_2014_x86_64" ]]; then
+    if [[ ${docker_file} == "ci/docker/manylinux/Dockerfile.2014_x86_64" ]]; then
         docker_tag="${docker_repo}:2014_x86_64"
     elif [[ ${docker_file} == "ci/docker/manylinux/Dockerfile" ]]; then
         docker_tag="${docker_repo}:2010_x86_64"
@@ -53,7 +56,7 @@ for docker_file in "${docker_files[@]}"; do
     fi
     echo "Docker tag is ${docker_tag}"
     docker pull $docker_tag || echo
-    docker build --pull --cache-from $docker_tag ci/docker/manylinux -t $docker_tag -f "${docker_file}"
+    docker build --progress=plain --pull --cache-from $docker_tag ci/docker/manylinux -t $docker_tag -f "${docker_file}"
     if [[ -z "${CIRCLE_PULL_REQUEST}" ]]; then docker push $docker_tag; fi
     docker run --rm -v "$(pwd)":/io $docker_tag /io/ci/build-wheels.sh
     ls wheelhouse/
diff --git a/ci/build-wheels.sh b/ci/build-wheels.sh
index 58a247d7..548c03ee 100755
--- a/ci/build-wheels.sh
+++ b/ci/build-wheels.sh
@@ -1,36 +1,42 @@
 #!/bin/bash -xe
-# This file is part of ssh-python.
-# Copyright (C) 2017-2022 Panos Kittenis and contributors.
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 # Compile wheels
 rm -rf /io/build
 # For testing
 #for PYBIN in $(ls -1d /opt/python/cp310-cp310/bin | grep -v cpython); do
-for PYBIN in $(ls -1d /opt/python/*/bin | grep -v cpython); do
+for PYBIN in $(ls -1d /opt/python/*/bin | grep -v cpython | grep -v cp313t); do
+    echo "Building for Python binary ${PYBIN}"
     "${PYBIN}/pip" wheel /io/ -w wheelhouse/
 done
 
 # Bundle external shared libraries into the wheels
 for whl in wheelhouse/*.whl; do
+#    auditwheel show "$whl"
     auditwheel repair "$whl" -w /io/wheelhouse/
+    auditwheel show "$whl"
 done
 
 # Install packages and test
-#for PYBIN in $(ls -1d /opt/python/cp310-cp310/bin | grep -v cpython); do
-for PYBIN in $(ls -1d /opt/python/*/bin | grep -v cpython); do
+for PYBIN in $(ls -1d /opt/python/*/bin | grep -v cpython | grep -v cp313t); do
+# for PYBIN in `ls -1d /opt/python/cp310-cp310/bin | grep -v cpython`; do
+    echo "Installing for Python binary ${PYBIN}"
     "${PYBIN}/pip" install ssh-python --no-index -f /io/wheelhouse
-    (cd "$HOME"; "${PYBIN}/python" -c 'from ssh.session import Session; Session()')
+    (cd "$HOME"; "${PYBIN}/python" -c 'from ssh.session import Session; Session()' &&
+    echo "Import sanity check succeeded.")
 done
diff --git a/ci/docker/manylinux/Dockerfile b/ci/docker/manylinux/Dockerfile
deleted file mode 100644
index 7d1d8235..00000000
--- a/ci/docker/manylinux/Dockerfile
+++ /dev/null
@@ -1,35 +0,0 @@
-FROM quay.io/pypa/manylinux2010_x86_64
-
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
-
-RUN yum install zlib-devel cmake3 -y
-
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
-ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
-
-RUN tar -xzf ${OPENSSL}.tar.gz
-# Openssl
-RUN cd ${OPENSSL} && \
-    ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
-    make -j6 && make install_sw
-
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
-
-# Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake3 ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
-    make -j6 install/strip
-
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
-
-VOLUME /var/cache
diff --git a/ci/docker/manylinux/Dockerfile.2014_x86_64 b/ci/docker/manylinux/Dockerfile.2014_x86_64
index 3090212d..690828b0 100644
--- a/ci/docker/manylinux/Dockerfile.2014_x86_64
+++ b/ci/docker/manylinux/Dockerfile.2014_x86_64
@@ -1,16 +1,41 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 FROM quay.io/pypa/manylinux2014_x86_64
 
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
+ENV OPENSSL=openssl-3.4.0
+ENV LIBSSH=0.11.1
+ENV SYSTEM_LIBSSH=1
+ENV KRB=1.21.3
+ENV CFLAGS="-g0 -s"
 
-RUN yum install zlib-devel cmake3 -y
+RUN yum install zlib-devel cmake3 perl-IPC-Cmd -y
 
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
+ADD libssh-${LIBSSH}.tar.gz libssh.tar.gz
+ADD krb5-${KRB}.tar.gz krb5.tar.gz
 ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
+
+
+# Kerberos
+RUN cd krb5.tar.gz/krb5-${KRB}/src && \
+    ./configure && \
+    make -j6 && \
+    make install
+
 
 RUN tar -xzf ${OPENSSL}.tar.gz
 # Openssl
@@ -18,18 +43,13 @@ RUN cd ${OPENSSL} && \
     ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
     make -j6 && make install_sw
 
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
 
 # Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake3 ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
+RUN cc --version; openssl version -a; mkdir -p build_libssh && cd build_libssh && \
+    cmake3 ../libssh.tar.gz/libssh -DCMAKE_BUILD_TYPE=Release \
+          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF -DUNIT_TESTING=OFF && \
     make -j6 install/strip
 
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
+RUN rm -rf ${OPENSSL}* libssh.tar.gz build_libssh krb5.tar.gz
 
 VOLUME /var/cache
diff --git a/ci/docker/manylinux/Dockerfile.aarch64 b/ci/docker/manylinux/Dockerfile.aarch64
index fa00ac71..8cc26ce8 100644
--- a/ci/docker/manylinux/Dockerfile.aarch64
+++ b/ci/docker/manylinux/Dockerfile.aarch64
@@ -1,16 +1,41 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 FROM quay.io/pypa/manylinux2014_aarch64
 
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
+ENV OPENSSL=openssl-3.4.0
+ENV LIBSSH=0.11.1
+ENV SYSTEM_LIBSSH=1
+ENV KRB=1.21.3
+ENV CFLAGS="-g0 -s"
 
-RUN yum install epel-release -y && yum install zlib-devel cmake3 -y
+RUN yum install epel-release -y && yum install zlib-devel cmake3 perl-IPC-Cmd -y && yum remove -y openssl
 
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
+ADD libssh-${LIBSSH}.tar.gz libssh.tar.gz
+ADD krb5-${KRB}.tar.gz krb5.tar.gz
 ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
+
+
+# Kerberos
+RUN cd krb5.tar.gz/krb5-${KRB}/src && \
+    ./configure && \
+    make -j6 && \
+    make install
+
 
 RUN tar -xzf ${OPENSSL}.tar.gz
 # Openssl
@@ -18,18 +43,13 @@ RUN cd ${OPENSSL} && \
     ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
     make -j6 && make install_sw
 
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
 
 # Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake3 ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
+RUN cc --version; openssl version -a; mkdir -p build_libssh && cd build_libssh && \
+    cmake3 ../libssh.tar.gz/libssh -DCMAKE_BUILD_TYPE=Release \
+          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF -DUNIT_TESTING=OFF && \
     make -j6 install/strip
 
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
+RUN rm -rf ${OPENSSL}* libssh.tar.gz build_libssh krb5.tar.gz
 
 VOLUME /var/cache
diff --git a/ci/docker/manylinux/Dockerfile.aarch64_2_24 b/ci/docker/manylinux/Dockerfile.aarch64_2_24
index 98c48841..bc246e34 100644
--- a/ci/docker/manylinux/Dockerfile.aarch64_2_24
+++ b/ci/docker/manylinux/Dockerfile.aarch64_2_24
@@ -1,17 +1,41 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 FROM quay.io/pypa/manylinux_2_24_aarch64
 
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
-ENV OPENSSL_ROOT_DIR /usr/lib
+ENV OPENSSL=openssl-3.4.0
+ENV LIBSSH=0.11.1
+ENV SYSTEM_LIBSSH=1
+ENV KRB=1.21.3
+ENV CFLAGS="-g0 -s"
 
 RUN apt-get update -y && apt-get install zlib1g-dev cmake -y
 
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
+ADD libssh-${LIBSSH}.tar.gz libssh.tar.gz
+ADD krb5-${KRB}.tar.gz krb5.tar.gz
 ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
+
+
+# Kerberos
+RUN cd krb5.tar.gz/krb5-${KRB}/src && \
+    ./configure && \
+    make -j6 && \
+    make install
+
 
 RUN tar -xzf ${OPENSSL}.tar.gz
 # Openssl
@@ -19,18 +43,13 @@ RUN cd ${OPENSSL} && \
     ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
     make -j6 && make install_sw
 
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
 
 # Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
+RUN cc --version; openssl version -a; mkdir -p build_libssh && cd build_libssh && \
+    cmake3 ../libssh.tar.gz/libssh -DCMAKE_BUILD_TYPE=Release \
+          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF -DUNIT_TESTING=OFF && \
     make -j6 install/strip
 
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
+RUN rm -rf ${OPENSSL}* libssh.tar.gz build_libssh krb5.tar.gz
 
 VOLUME /var/cache
diff --git a/ci/docker/manylinux/Dockerfile.aarch64_2_28 b/ci/docker/manylinux/Dockerfile.aarch64_2_28
index 84977056..5e479637 100644
--- a/ci/docker/manylinux/Dockerfile.aarch64_2_28
+++ b/ci/docker/manylinux/Dockerfile.aarch64_2_28
@@ -1,17 +1,41 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 FROM quay.io/pypa/manylinux_2_28_aarch64
 
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
-ENV OPENSSL_ROOT_DIR /usr/lib
+ENV OPENSSL=openssl-3.4.0
+ENV LIBSSH=0.11.1
+ENV SYSTEM_LIBSSH=1
+ENV KRB=1.21.3
+ENV CFLAGS="-g0 -s"
 
 RUN yum install zlib-devel cmake3 -y
 
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
+ADD libssh-${LIBSSH}.tar.gz libssh.tar.gz
+ADD krb5-${KRB}.tar.gz krb5.tar.gz
 ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
+
+
+# Kerberos
+RUN cd krb5.tar.gz/krb5-${KRB}/src && \
+    ./configure && \
+    make -j6 && \
+    make install
+
 
 RUN tar -xzf ${OPENSSL}.tar.gz
 # Openssl
@@ -19,18 +43,13 @@ RUN cd ${OPENSSL} && \
     ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
     make -j6 && make install_sw
 
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
 
 # Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
+RUN cc --version; openssl version -a; mkdir -p build_libssh && cd build_libssh && \
+    cmake3 ../libssh.tar.gz/libssh -DCMAKE_BUILD_TYPE=Release \
+          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF -DUNIT_TESTING=OFF && \
     make -j6 install/strip
 
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
+RUN rm -rf ${OPENSSL}* libssh.tar.gz build_libssh krb5.tar.gz
 
 VOLUME /var/cache
diff --git a/ci/docker/manylinux/Dockerfile.manylinux_2_24_x86_64 b/ci/docker/manylinux/Dockerfile.manylinux_2_24_x86_64
index 1342fbeb..3bdf4692 100644
--- a/ci/docker/manylinux/Dockerfile.manylinux_2_24_x86_64
+++ b/ci/docker/manylinux/Dockerfile.manylinux_2_24_x86_64
@@ -1,17 +1,41 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 FROM quay.io/pypa/manylinux_2_24_x86_64
 
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
-ENV OPENSSL_ROOT_DIR /usr/lib
+ENV OPENSSL=openssl-3.4.0
+ENV LIBSSH=0.11.1
+ENV SYSTEM_LIBSSH=1
+ENV KRB=1.21.3
+ENV CFLAGS="-g0 -s"
 
 RUN apt-get update -y && apt-get install zlib1g-dev cmake -y
 
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
+ADD libssh-${LIBSSH}.tar.gz libssh.tar.gz
+ADD krb5-${KRB}.tar.gz krb5.tar.gz
 ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
+
+
+# Kerberos
+RUN cd krb5.tar.gz/krb5-${KRB}/src && \
+    ./configure && \
+    make -j6 && \
+    make install
+
 
 RUN tar -xzf ${OPENSSL}.tar.gz
 # Openssl
@@ -19,18 +43,13 @@ RUN cd ${OPENSSL} && \
     ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
     make -j6 && make install_sw
 
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
 
 # Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
+RUN cc --version; openssl version -a; mkdir -p build_libssh && cd build_libssh && \
+    cmake3 ../libssh.tar.gz/libssh -DCMAKE_BUILD_TYPE=Release \
+          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF -DUNIT_TESTING=OFF && \
     make -j6 install/strip
 
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
+RUN rm -rf ${OPENSSL}* libssh.tar.gz build_libssh krb5.tar.gz
 
 VOLUME /var/cache
diff --git a/ci/docker/manylinux/Dockerfile.manylinux_2_28_x86_64 b/ci/docker/manylinux/Dockerfile.manylinux_2_28_x86_64
index 83aa2683..5afb2866 100644
--- a/ci/docker/manylinux/Dockerfile.manylinux_2_28_x86_64
+++ b/ci/docker/manylinux/Dockerfile.manylinux_2_28_x86_64
@@ -1,17 +1,41 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 FROM quay.io/pypa/manylinux_2_28_x86_64
 
-ENV OPENSSL openssl-1.1.1q
-ENV LIBSSH 0.10.4
-ENV KRB 1.18.4
-ENV SYSTEM_LIBSSH 1
-ENV CFLAGS "-g0 -s"
-ENV OPENSSL_ROOT_DIR /usr/lib
+ENV OPENSSL=openssl-3.4.0
+ENV LIBSSH=0.11.1
+ENV SYSTEM_LIBSSH=1
+ENV KRB=1.21.3
+ENV CFLAGS="-g0 -s"
 
 RUN yum install zlib-devel cmake3 -y
 
-ADD libssh-${LIBSSH}.tar.xz libssh.tar.xz
+ADD libssh-${LIBSSH}.tar.gz libssh.tar.gz
+ADD krb5-${KRB}.tar.gz krb5.tar.gz
 ADD https://www.openssl.org/source/${OPENSSL}.tar.gz ${OPENSSL}.tar.gz
-ADD krb5-${KRB}.tar.xz krb5-${KRB}.tar.xz
+
+
+# Kerberos
+RUN cd krb5.tar.gz/krb5-${KRB}/src && \
+    ./configure && \
+    make -j6 && \
+    make install
+
 
 RUN tar -xzf ${OPENSSL}.tar.gz
 # Openssl
@@ -19,18 +43,13 @@ RUN cd ${OPENSSL} && \
     ./config --prefix=/usr --openssldir=/usr/openssl threads shared && \
     make -j6 && make install_sw
 
-# Kerberos
-RUN cd krb5-${KRB}.tar.xz/krb5-${KRB}/src && \
-    ./configure && \
-    make -j6 && \
-    make install
 
 # Libssh
-RUN mkdir -p build_libssh && cd build_libssh && \
-    cmake ../libssh.tar.xz/libssh-${LIBSSH} -DCMAKE_BUILD_TYPE=Release \
-          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF && \
+RUN cc --version; openssl version -a; mkdir -p build_libssh && cd build_libssh && \
+    cmake3 ../libssh.tar.gz/libssh -DCMAKE_BUILD_TYPE=Release \
+          -DWITH_GSSAPI=ON -DWITH_EXAMPLES=OFF -DUNIT_TESTING=OFF && \
     make -j6 install/strip
 
-RUN rm -rf ${OPENSSL}* libssh build_libssh krb5-${KRB}.tar.xz
+RUN rm -rf ${OPENSSL}* libssh.tar.gz build_libssh krb5.tar.gz
 
 VOLUME /var/cache
diff --git a/ci/docker/manylinux/krb5-1.18.4.tar.xz b/ci/docker/manylinux/krb5-1.18.4.tar.xz
deleted file mode 100644
index 7437932c..00000000
--- a/ci/docker/manylinux/krb5-1.18.4.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a98e2692c96d9eba586e491530a76bcf2e8e9022e07eadd5a490bb1ad38aaf3b
-size 6095136
diff --git a/ci/docker/manylinux/libssh-0.10.4.tar.xz b/ci/docker/manylinux/libssh-0.10.4.tar.xz
deleted file mode 100644
index 2faf80b1..00000000
--- a/ci/docker/manylinux/libssh-0.10.4.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:07392c54ab61476288d1c1f0a7c557b50211797ad00c34c3af2bbc4dbc4bd97d
-size 554920
diff --git a/ci/docker/manylinux/libssh-0.10.4.tar.xz.asc b/ci/docker/manylinux/libssh-0.10.4.tar.xz.asc
deleted file mode 100644
index d22b4b2c..00000000
--- a/ci/docker/manylinux/libssh-0.10.4.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmMYnSEACgkQfuD8TcwB
-Tj2qGBAAn/40MU/7PcyCRK9U+MhLo28peRpTF+i1/k0V5czVLiFubeFofsa6sjy8
-C6VyQsz0NYiTf6wXLlq9jO1p31LWQ13Z3K0d7Lg2eyftsVrGM1Ue9dTLlJrZ570d
-JjcBR/J3dpO9w5fz4HawWE8GIBBstZQnZYdoT75+tIeSMJ/tnovKfE1RGYc4kRJs
-quC7tyej7Y+t86U8psFSy2iUCajS82b+ddZEhuxwamel+RBRJZsmi5B2OvhkEaOj
-mhJOIkx3UD9XAjxeooVcTlzAaJ5JFZ7Im97o+DRbQYvJYe4ZqDo17lrzBh6wruLC
-vBo+/lwh9FbCqxbDpFfqwpf8qYsWu3m0Qlu5f+BZ/9WvjFCVoRmScNHJo42tu18r
-xcX2Txis8oWysgqhvIgTFRnLq010ErL8iE9WeZwrNJgcTnf+AQLolKQiVAHumMvk
-Djv0No+ZTBG03Hsb0tbvA8kVtxI0ZZtzPcRkRqmUwiLCtcO9oo1hInhu+D1sPZwI
-Q1xK6hI6LKsF80yPKGexZxlgV/vZYhIKtD0SIoZCpx7MSBxXqHYZARtTFUAXBSqF
-tIn800/pPhGuY1/x3ho4BeWCGj1eWG5zy7dr0q/d/OiqBj3OiUfxtTl4drqrYhca
-goNhzNTs0Ps+iYbVQlk4nEAjg54M8ru1jfcuNRgrhTqCI8yiESk=
-=AG91
------END PGP SIGNATURE-----
diff --git a/ci/integration_tests/__init__.py b/ci/integration_tests/__init__.py
new file mode 100644
index 00000000..c1b9dac2
--- /dev/null
+++ b/ci/integration_tests/__init__.py
@@ -0,0 +1,16 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
diff --git a/ci/integration_tests/base_case.py b/ci/integration_tests/base_case.py
new file mode 100644
index 00000000..2901a9aa
--- /dev/null
+++ b/ci/integration_tests/base_case.py
@@ -0,0 +1,90 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+import os
+import socket
+import subprocess
+import unittest
+
+import pwd
+from ssh.key import import_privkey_file
+from ssh.session import Session
+from sys import version_info
+
+from ssh import options
+from .embedded_server.openssh import OpenSSHServer
+
+PKEY_FILENAME = os.path.sep.join([os.path.dirname(__file__), 'unit_test_key'])
+PUB_FILE = "%s.pub" % (PKEY_FILENAME,)
+USER_CERT_PRIV_KEY = os.path.sep.join([os.path.dirname(__file__), 'unit_test_cert_key'])
+USER_CERT_PUB_KEY = os.path.sep.join([os.path.dirname(__file__), 'unit_test_cert_key.pub'])
+USER_CERT_FILE = os.path.sep.join([os.path.dirname(__file__), 'unit_test_cert_key-cert.pub'])
+CA_USER_KEY = os.path.sep.join([os.path.dirname(__file__), 'embedded_server', 'ca_user_key'])
+USER = pwd.getpwuid(os.geteuid()).pw_name
+
+
+class SSHTestCase(unittest.TestCase):
+
+    @classmethod
+    def sign_cert(cls):
+        cmd = [
+            'ssh-keygen', '-s', CA_USER_KEY, '-n', USER, '-I', 'tests', USER_CERT_PUB_KEY,
+        ]
+        subprocess.check_call(cmd)
+
+    @classmethod
+    def setUpClass(cls):
+        _mask = int('0600') if version_info <= (2,) else 0o600
+        for _file in [PKEY_FILENAME, USER_CERT_PRIV_KEY, CA_USER_KEY]:
+            os.chmod(_file, _mask)
+        cls.sign_cert()
+        cls.server = OpenSSHServer()
+        cls.server.start_server()
+
+    @classmethod
+    def tearDownClass(cls):
+        cls.server.stop()
+        del cls.server
+
+    def setUp(self):
+        self.host = '127.0.0.1'
+        self.port = 2222
+        self.cmd = 'echo me'
+        self.resp = u'me'
+        self.user_key = PKEY_FILENAME
+        self.user_pub_key = PUB_FILE
+        self.user_ca_key = USER_CERT_PRIV_KEY
+        self.user_cert_file = USER_CERT_FILE
+        self.user = USER
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.connect((self.host, self.port))
+        self.sock = sock
+        self.session = Session()
+        self.session.options_set(options.HOST, self.host)
+        self.session.options_set_port(self.port)
+        self.session.options_set(options.USER, self.user)
+        self.session.set_socket(sock)
+        self.pkey = import_privkey_file(self.user_key)
+        # self.session.options_set(options.LOG_VERBOSITY, '1')
+
+    def tearDown(self):
+        del self.session
+
+    def _auth(self):
+        self.assertEqual(self.session.connect(), 0)
+        self.assertEqual(
+            self.session.userauth_publickey(self.pkey), 0)
diff --git a/tests/embedded_server/__init__.py b/ci/integration_tests/embedded_server/__init__.py
similarity index 100%
rename from tests/embedded_server/__init__.py
rename to ci/integration_tests/embedded_server/__init__.py
diff --git a/tests/embedded_server/authorized_keys b/ci/integration_tests/embedded_server/authorized_keys
similarity index 100%
rename from tests/embedded_server/authorized_keys
rename to ci/integration_tests/embedded_server/authorized_keys
diff --git a/tests/embedded_server/ca_host_key b/ci/integration_tests/embedded_server/ca_host_key
similarity index 100%
rename from tests/embedded_server/ca_host_key
rename to ci/integration_tests/embedded_server/ca_host_key
diff --git a/tests/embedded_server/ca_host_key-cert.pub b/ci/integration_tests/embedded_server/ca_host_key-cert.pub
similarity index 100%
rename from tests/embedded_server/ca_host_key-cert.pub
rename to ci/integration_tests/embedded_server/ca_host_key-cert.pub
diff --git a/tests/embedded_server/ca_host_key.pub b/ci/integration_tests/embedded_server/ca_host_key.pub
similarity index 100%
rename from tests/embedded_server/ca_host_key.pub
rename to ci/integration_tests/embedded_server/ca_host_key.pub
diff --git a/tests/embedded_server/ca_user_key b/ci/integration_tests/embedded_server/ca_user_key
similarity index 100%
rename from tests/embedded_server/ca_user_key
rename to ci/integration_tests/embedded_server/ca_user_key
diff --git a/tests/embedded_server/ca_user_key.pub b/ci/integration_tests/embedded_server/ca_user_key.pub
similarity index 100%
rename from tests/embedded_server/ca_user_key.pub
rename to ci/integration_tests/embedded_server/ca_user_key.pub
diff --git a/tests/embedded_server/known_hosts b/ci/integration_tests/embedded_server/known_hosts
similarity index 100%
rename from tests/embedded_server/known_hosts
rename to ci/integration_tests/embedded_server/known_hosts
diff --git a/tests/embedded_server/openssh.py b/ci/integration_tests/embedded_server/openssh.py
similarity index 98%
rename from tests/embedded_server/openssh.py
rename to ci/integration_tests/embedded_server/openssh.py
index a8d82bc0..35465dd2 100644
--- a/tests/embedded_server/openssh.py
+++ b/ci/integration_tests/embedded_server/openssh.py
@@ -82,7 +82,7 @@ def start_server(self):
 
     def _wait_for_port(self):
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        while sock.connect_ex(('127.0.0.1', self.port)) != 0:
+        while sock.connect_ex((self.listen_ip, self.port)) != 0:
             sleep(.1)
         del sock
 
diff --git a/tests/embedded_server/principals.tmpl b/ci/integration_tests/embedded_server/principals.tmpl
similarity index 100%
rename from tests/embedded_server/principals.tmpl
rename to ci/integration_tests/embedded_server/principals.tmpl
diff --git a/tests/embedded_server/rsa.key b/ci/integration_tests/embedded_server/rsa.key
similarity index 100%
rename from tests/embedded_server/rsa.key
rename to ci/integration_tests/embedded_server/rsa.key
diff --git a/tests/embedded_server/sshd_config.tmpl b/ci/integration_tests/embedded_server/sshd_config.tmpl
similarity index 78%
rename from tests/embedded_server/sshd_config.tmpl
rename to ci/integration_tests/embedded_server/sshd_config.tmpl
index 1c53b639..6f87a3bd 100644
--- a/tests/embedded_server/sshd_config.tmpl
+++ b/ci/integration_tests/embedded_server/sshd_config.tmpl
@@ -8,6 +8,14 @@ HostCertificate {{parent_dir}}/ca_host_key-cert.pub
 TrustedUserCAKeys {{parent_dir}}/ca_user_key.pub
 AuthorizedPrincipalsFile {{parent_dir}}/principals
 
+
+MaxAuthTries 999
+MaxSessions 999
+MaxStartups 999
+# PerSourceMaxStartups 999
+# PerSourcePenaltyExemptList *.*.*.*
+
+
 AcceptEnv LANG LC_*
 Subsystem sftp internal-sftp
 AuthorizedKeysFile {{parent_dir}}/authorized_keys
diff --git a/ci/integration_tests/test_channel.py b/ci/integration_tests/test_channel.py
new file mode 100644
index 00000000..e4e8fe7a
--- /dev/null
+++ b/ci/integration_tests/test_channel.py
@@ -0,0 +1,228 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+import unittest
+from pytest import mark
+from time import sleep
+
+from ssh.key import SSHKey, import_pubkey_file, import_privkey_file
+from ssh import options
+from ssh.exceptions import KeyImportError
+from ssh.utils import wait_socket
+from ssh.error_codes import SSH_AGAIN
+from ssh.exceptions import EOF, SSHError
+
+from .base_case import SSHTestCase
+
+
+class ChannelTest(SSHTestCase):
+
+    def test_close(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        self.assertFalse(chan.closed)
+        chan.request_exec('echo me')
+        chan.read()
+        self.assertFalse(chan.closed)
+        chan.close()
+        self.assertTrue(chan.closed)
+        chan.close()
+        self.session.disconnect()
+        chan.close()
+
+    def test_channel_exec(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        self.assertTrue(chan.is_open())
+        self.assertFalse(chan.is_closed())
+        self.assertEqual(chan.request_exec(self.cmd), 0)
+        self.assertFalse(chan.is_eof())
+        self.assertFalse(chan.is_closed())
+        all_data = b""
+        size, data = chan.read()
+        while size > 0:
+            all_data += data
+            try:
+                size, data = chan.read()
+            except SSHError:
+                break
+        lines = [s.decode('utf-8') for s in all_data.splitlines()]
+        self.assertEqual(lines[0], self.resp)
+        sleep(1)
+        self.assertTrue(chan.is_eof())
+        self.assertEqual(chan.close(), 0)
+        self.assertFalse(chan.is_open())
+        self.assertTrue(chan.is_closed())
+
+    def test_channel_non_blocking_exec(self):
+        self._auth()
+        self.session.set_blocking(0)
+        chan = self.session.channel_new()
+        while chan == SSH_AGAIN:
+            wait_socket(self.session, self.sock)
+            chan = self.session.channel_new()
+        chan.set_blocking(0)
+        rc = chan.open_session()
+        while rc == SSH_AGAIN:
+            wait_socket(self.session, self.sock)
+            rc = chan.open_session()
+        self.assertEqual(rc, 0)
+        self.assertTrue(chan.is_open())
+        self.assertFalse(chan.is_closed())
+        rc = chan.request_exec(self.cmd)
+        while rc == SSH_AGAIN:
+            wait_socket(self.session, self.sock)
+            rc = chan.request_exec(self.cmd)
+        self.assertEqual(rc, 0)
+        self.assertFalse(chan.is_eof())
+        self.assertFalse(chan.is_closed())
+        all_data = b""
+        while True:
+            try:
+                if chan.poll():
+                    wait_socket(self.session, self.sock)
+                size, data = chan.read_nonblocking()
+                if size > 0:
+                    all_data += data
+            except EOF:
+                break
+        lines = [s.decode('utf-8') for s in all_data.splitlines()]
+        self.assertEqual(lines[0], self.resp)
+        self.assertRaises(EOF, chan.poll)
+        self.assertTrue(chan.is_eof())
+        rc = chan.close()
+        while rc == SSH_AGAIN:
+            wait_socket(self.session, self.sock)
+            rc = chan.close()
+        self.assertEqual(rc, 0)
+        self.assertFalse(chan.is_open())
+        self.assertTrue(chan.is_closed())
+
+    def test_exit_code(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        self.assertEqual(chan.request_exec('exit 2'), 0)
+        self.assertEqual(chan.send_eof(), 0)
+        self.assertEqual(chan.close(), 0)
+        status = chan.get_exit_status()
+        self.assertEqual(status, 2)
+
+    def test_exit_state(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        self.assertEqual(chan.request_exec('exit 2'), 0)
+        self.assertEqual(chan.send_eof(), 0)
+        self.assertEqual(chan.close(), 0)
+        exit_code, signal, pcore_dumped = chan.get_exit_state()
+        self.assertEqual(exit_code, 2)
+
+    def test_exit_state_w_signal(self):
+        self._auth()
+        chan = self.session.channel_new()
+        my_sig = 'TERM'
+        chan.open_session()
+        chan.request_exec('sleep 5 && exit 0')
+        chan.send_eof()
+        chan.request_send_signal(my_sig)
+        chan.close()
+        exit_code, signal, pcore_dumped = chan.get_exit_state()
+        self.assertNotEqual(exit_code, 0)
+        self.assertEqual(signal, bytes(my_sig, 'utf-8'))
+
+    def test_exit_state_w_signal_non_blocking(self):
+        self._auth()
+        chan = self.session.channel_new()
+        my_sig = 'TERM'
+        chan.open_session()
+        chan.request_exec('sleep 5 && exit 0')
+        chan.send_eof()
+        chan.request_send_signal(my_sig)
+        chan.close()
+        self.session.set_blocking(0)
+        exit_code, signal, pcore_dumped = chan.get_exit_state()
+        while exit_code == SSH_AGAIN:
+            self.assertEqual(signal, b"")
+            self.assertFalse(pcore_dumped)
+            wait_socket(self.session, self.sock)
+            exit_code, signal, pcore_dumped = chan.get_exit_state()
+        self.assertNotEqual(exit_code, 0)
+        self.assertEqual(signal, bytes(my_sig, 'utf-8'))
+
+    def test_long_running_execute(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        self.assertEqual(chan.request_exec('sleep 1; exit 3'), 0)
+        chan.send_eof()
+        self.assertEqual(chan.close(), 0)
+        self.assertEqual(chan.get_exit_status(), 3)
+
+    def test_read_stderr(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        expected = ['stderr output']
+        chan.request_exec('echo "stderr output" >&2')
+        size, data = chan.read(is_stderr=True)
+        self.assertTrue(size > 0)
+        lines = [s.decode('utf-8') for s in data.splitlines()]
+        self.assertListEqual(expected, lines)
+
+    def test_pty(self):
+        self._auth()
+        chan = self.session.channel_new()
+        chan.open_session()
+        self.assertTrue(chan.request_pty() == 0)
+        _out = u'stderr output'
+        expected = [_out]
+        chan.request_exec(u'echo "%s" >&2' % (_out,))
+        # stderr output gets redirected to stdout with a PTY
+        size, data = chan.read()
+        self.assertTrue(size > 0)
+        lines = [s.decode('utf-8') for s in data.splitlines()]
+        self.assertListEqual(expected, lines)
+
+    def test_write_stdin(self):
+        self._auth()
+        _in = u'writing to stdin'
+        chan = self.session.channel_new()
+        chan.open_session()
+        chan.request_exec('cat')
+        chan.write(_in + '\n')
+        self.assertEqual(chan.send_eof(), 0)
+        size, data = chan.read()
+        self.assertTrue(size > 0)
+        lines = [line.decode('utf-8') for line in data.splitlines()]
+        self.assertListEqual([_in], lines)
+        chan.close()
+        chan.read()
+        self.assertTrue(chan.is_eof())
+
+    def test_write_stderr(self):
+        self._auth()
+        chan = self.session.channel_new()
+        chan.open_session()
+        chan.request_exec('echo something')
+        _in = u'stderr'
+        rc, bytes_written = chan.write_stderr(_in + '\n')
+        self.assertEqual(rc, 7)
+        self.assertEqual(bytes_written, 7)
+        self.assertEqual(chan.close(), 0)
diff --git a/ci/integration_tests/test_session.py b/ci/integration_tests/test_session.py
new file mode 100644
index 00000000..a4b49d47
--- /dev/null
+++ b/ci/integration_tests/test_session.py
@@ -0,0 +1,223 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+import unittest
+import socket
+import os
+import base64
+from select import select
+
+from ssh.session import Session, SSH_AUTH_AGAIN, SSH_READ_PENDING, SSH_WRITE_PENDING
+from ssh.channel import Channel
+from ssh.key import SSHKey, import_pubkey_file, import_privkey_file, import_cert_file, \
+    import_cert_base64, copy_cert_to_privkey
+from ssh.keytypes import RSACert01Key
+from ssh import options
+from ssh.exceptions import KeyImportError, InvalidAPIUse, \
+    AuthenticationDenied
+from ssh.scp import SCP, SSH_SCP_READ, SSH_SCP_WRITE, SSH_SCP_RECURSIVE
+from ssh.error_codes import SSH_AGAIN
+from ssh.utils import wait_socket
+
+from .base_case import SSHTestCase
+
+
+class SessionTest(SSHTestCase):
+
+    def test_non_blocking_connect(self):
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.connect((self.host, self.port))
+        session = Session()
+        session.options_set(options.USER, self.user)
+        session.options_set(options.HOST, self.host)
+        session.options_set_port(self.port)
+        self.assertEqual(session.set_socket(sock), 0)
+        session.set_blocking(0)
+        rc = session.connect()
+        while rc == SSH_AGAIN:
+            wait_socket(session, sock)
+            rc = session.connect()
+        self.assertEqual(rc, 0)
+        rc = session.userauth_publickey(self.pkey)
+        while rc == SSH_AUTH_AGAIN:
+            wait_socket(session, sock)
+            rc = session.userauth_publickey(self.pkey)
+        self.assertEqual(rc, 0)
+
+    def test_should_not_segfault(self):
+        session = Session()
+        self.assertEqual(session.get_error(), '')
+        self.assertRaises(InvalidAPIUse, session.userauth_none)
+        self.assertRaises(InvalidAPIUse, session.userauth_publickey, self.pkey)
+        key = import_pubkey_file(self.user_pub_key)
+        self.assertRaises(InvalidAPIUse, session.userauth_try_publickey, key)
+        self.assertRaises(InvalidAPIUse, session.userauth_publickey_auto, '')
+        self.assertRaises(InvalidAPIUse, session.channel_new)
+        self.assertRaises(InvalidAPIUse, session.get_disconnect_message)
+        self.assertRaises(InvalidAPIUse, session.get_issue_banner)
+        self.assertRaises(InvalidAPIUse, session.get_openssh_version)
+        self.assertIsNone(session.dump_knownhost())
+        self.assertIsNone(session.get_clientbanner())
+        self.assertIsNone(session.get_serverbanner())
+        self.assertIsNone(session.get_kex_algo())
+        self.assertIsNone(session.get_cipher_in())
+        self.assertIsNone(session.get_cipher_out())
+        self.assertIsNone(session.get_hmac_in())
+        self.assertIsNone(session.get_hmac_out())
+        self.assertIsNotNone(session.get_error_code())
+        session.connector_new()
+
+    def test_disconnect(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertEqual(chan.open_session(), 0)
+        chan.close()
+        self.session.disconnect()
+        del chan
+
+    def test_socket_connect(self):
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.connect((self.host, self.port))
+        session = Session()
+        session.options_set(options.USER, self.user)
+        session.options_set(options.HOST, self.host)
+        session.options_set_port(self.port)
+        self.assertEqual(session.set_socket(sock), 0)
+        self.assertEqual(session.connect(), 0)
+        self.assertRaises(AuthenticationDenied, session.userauth_none)
+        self.assertEqual(
+            session.userauth_publickey(self.pkey), 0)
+
+    def test_connect(self):
+        self.assertEqual(self.session.connect(), 0)
+        self.assertRaises(AuthenticationDenied, self.session.userauth_none)
+        self.assertRaises(
+            AuthenticationDenied, self.session.userauth_publickey_auto, '')
+
+    def test_key_auth(self):
+        self.assertEqual(self.session.connect(), 0)
+        key = import_pubkey_file(self.user_pub_key)
+        self.assertIsInstance(key, SSHKey)
+        self.assertEqual(
+            self.session.userauth_try_publickey(key), 0)
+        # Private key as public key import error
+        self.assertRaises(KeyImportError, import_privkey_file, self.user_pub_key)
+        pkey = import_privkey_file(self.user_key)
+        self.assertEqual(
+            self.session.userauth_publickey(pkey), 0)
+
+    def test_cert_auth(self):
+        self.assertEqual(self.session.connect(), 0)
+        cert_key = import_cert_file(self.user_cert_file)
+        self.assertIsInstance(cert_key, SSHKey)
+        key_type = cert_key.key_type()
+        self.assertIsInstance(key_type, RSACert01Key)
+        cert_priv_key = import_privkey_file(self.user_ca_key)
+        copy_cert_to_privkey(cert_key, cert_priv_key)
+        self.assertEqual(self.session.userauth_try_publickey(cert_key), 0)
+        self.assertEqual(self.session.userauth_publickey(cert_priv_key), 0)
+        chan = self.session.channel_new()
+        self.assertIsInstance(chan, Channel)
+
+    def test_cert_imports(self):
+        self.assertRaises(KeyImportError, import_cert_file, self.user_key)
+        priv_key = SSHKey()
+        cert_key = import_cert_file(self.user_cert_file)
+        self.assertRaises(KeyImportError, copy_cert_to_privkey, cert_key, priv_key)
+        with open(self.user_cert_file, 'rb') as fh:
+            cert_key_data = base64.b64encode(fh.read())
+            # cert_key_data = fh.read()
+        rsa_cert = RSACert01Key()
+        self.assertIsNotNone(rsa_cert.value)
+        # Failing
+        # cert_key_b64 = import_cert_base64(cert_key_data, rsa_cert)
+        # self.assertIsInstance(cert_key_b64.key_type(), RSACert01Key)
+
+    def test_open_channel(self):
+        self._auth()
+        chan = self.session.channel_new()
+        self.assertIsInstance(chan, Channel)
+
+    def test_scp_push(self):
+        self._auth()
+        scp = self.session.scp_new(SSH_SCP_WRITE, 'test_file')
+        self.assertIsInstance(scp, SCP)
+        test_data = b"data\n"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        to_copy = os.sep.join([os.path.dirname(__file__),
+                               "copied"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        try:
+            fileinfo = os.stat(remote_filename)
+            scp.push_file64(to_copy, fileinfo.st_size, fileinfo.st_mode & 0o777)
+            scp.write(test_data)
+            del scp
+        finally:
+            os.unlink(remote_filename)
+
+    def test_gssapi_creds(self):
+        self.session.connect()
+        rc = self.session.options_set(options.GSSAPI_SERVER_IDENTITY, 'identity')
+        self.assertEqual(rc, 0)
+        rc = self.session.options_set(options.GSSAPI_CLIENT_IDENTITY, 'my_id')
+        self.assertEqual(rc, 0)
+        rc = self.session.options_set_gssapi_delegate_credentials(True)
+        self.assertEqual(rc, 0)
+        self.assertRaises(AuthenticationDenied, self.session.userauth_gssapi)
+        rc = self.session.options_set_gssapi_delegate_credentials(False)
+        self.assertEqual(rc, 0)
+        self.assertRaises(AuthenticationDenied, self.session.userauth_gssapi)
+
+    def test_agent_auth(self):
+        self.session.connect()
+        self.assertRaises(
+            AuthenticationDenied, self.session.userauth_agent, self.user)
+
+    def test_set_timeout(self):
+        session = Session()
+        self.assertEqual(session.options_set(options.TIMEOUT, "1000"), 0)
+        self.assertEqual(session.options_set(options.TIMEOUT_USEC, "1000"), 0)
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.connect((self.host, self.port))
+        session = Session()
+        session.options_set(options.USER, self.user)
+        session.options_set(options.HOST, self.host)
+        session.options_set_port(self.port)
+        self.assertEqual(session.set_socket(sock), 0)
+        self.assertEqual(session.options_set(options.TIMEOUT, "1000"), 0)
+        self.assertEqual(session.options_set(options.TIMEOUT_USEC, "1000"), 0)
+
+    def test_get_server_publickey(self):
+        self.session.connect()
+        self.assertIsInstance(self.session.get_server_publickey(), SSHKey)
+
+    def test_compression_connect(self):
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.connect((self.host, self.port))
+        session = Session()
+        session.options_set(options.USER, self.user)
+        session.options_set(options.HOST, self.host)
+        session.options_set_port(self.port)
+        # Great API, "yes" "no" as booleans
+        self.assertEqual(session.options_set(options.COMPRESSION, "yes"), 0)
+        self.assertEqual(session.options_set_int_val(options.COMPRESSION_LEVEL, 2), 0)
+        self.assertEqual(session.set_socket(sock), 0)
+        self.assertEqual(session.connect(), 0)
+        self.assertEqual(
+            session.userauth_publickey(self.pkey), 0)
diff --git a/ci/integration_tests/test_sftp.py b/ci/integration_tests/test_sftp.py
new file mode 100644
index 00000000..ae24308e
--- /dev/null
+++ b/ci/integration_tests/test_sftp.py
@@ -0,0 +1,408 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+import unittest
+import os
+import platform
+import stat
+from sys import version_info
+import shutil
+import socket
+from select import select
+import time
+
+from ssh.session import Session
+from ssh import options
+from ssh.sftp import SFTP
+from ssh.sftp_handles import SFTPDir, SFTPFile
+from ssh.sftp_attributes import SFTPAttributes
+from ssh.exceptions import InvalidAPIUse, SFTPHandleError, SFTPError
+from ssh.error_codes import SSH_AGAIN
+from ssh.utils import wait_socket
+
+
+from .base_case import SSHTestCase
+
+
+class SFTPTest(SSHTestCase):
+
+    def test_sftp_init(self):
+        self._auth()
+        sftp = self.session.sftp_new()
+        self.assertIsInstance(sftp, SFTP)
+        self.assertEqual(sftp.init(), 0)
+        del sftp
+        sftp = self.session.sftp_init()
+        self.assertIsInstance(sftp, SFTP)
+
+    def test_sftp_fail(self):
+        self.assertRaises(InvalidAPIUse, self.session.sftp_new)
+        self._auth()
+        sftp = self.session.sftp_new()
+        self.assertRaises(SFTPHandleError, sftp.opendir, '.')
+
+    def test_sftp_dir(self):
+        self._auth()
+        sftp = self.session.sftp_new()
+        sftp.init()
+        _dir = sftp.opendir('.')
+        self.assertIsInstance(_dir, SFTPDir)
+        self.assertFalse(_dir.eof())
+        self.assertEqual(_dir.closedir(), 0)
+        # dir handle from context manager
+        with sftp.opendir('.') as _dir:
+            for attr in _dir:
+                self.assertIsInstance(attr, SFTPAttributes)
+                self.assertIsNotNone(attr.name)
+        self.assertTrue(_dir.eof())
+
+    def test_sftp_readdir(self):
+        self._auth()
+        sftp = self.session.sftp_new()
+        sftp.init()
+        with sftp.opendir('.') as _dir:
+            attrs = _dir.readdir()
+            self.assertIsInstance(attrs, SFTPAttributes)
+            self.assertIsNotNone(attrs.uid)
+            self.assertIsNotNone(attrs.gid)
+            self.assertIsNotNone(attrs.owner)
+            self.assertIsNotNone(attrs.group)
+            self.assertTrue(attrs.size > 0)
+            self.assertTrue(isinstance(attrs.name, bytes))
+            self.assertTrue(len(attrs.longname) > 1)
+            self.assertFalse(_dir.closed)
+            self.assertEqual(_dir.closedir(), 0)
+            self.assertTrue(_dir.closed)
+        del _dir
+        with sftp.opendir('.') as _dir:
+            pass
+        self.assertTrue(_dir.closed)
+        del _dir
+
+    def test_sftp_file_read(self):
+        self._auth()
+        sftp = self.session.sftp_new()
+        sftp.init()
+        if int(platform.python_version_tuple()[0]) >= 3:
+            test_file_data = b'test' + bytes(os.linesep, 'utf-8')
+        else:
+            test_file_data = b'test' + os.linesep
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       'remote_test_file'])
+        with open(remote_filename, 'wb') as test_fh:
+            test_fh.write(test_file_data)
+        try:
+            with sftp.open(remote_filename, os.O_RDONLY, 0) as remote_fh:
+                self.assertIsInstance(remote_fh, SFTPFile)
+                remote_data = b""
+                for rc, data in remote_fh:
+                    remote_data += data
+                self.assertFalse(remote_fh.closed)
+                self.assertEqual(remote_fh.close(), 0)
+                self.assertTrue(remote_fh.closed)
+                self.assertEqual(remote_data, test_file_data)
+            self.assertTrue(remote_fh.closed)
+            del remote_fh
+            with sftp.open(remote_filename, os.O_RDONLY, 0) as remote_fh:
+                pass
+            self.assertTrue(remote_fh.closed)
+        finally:
+            os.unlink(remote_filename)
+
+    def test_sftp_write(self):
+        self._auth()
+        sftp = self.session.sftp_new()
+        sftp.init()
+        data = b"test file data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        mode = int("0666") if version_info <= (2,) else 0o666
+        with sftp.open(remote_filename,
+                       os.O_CREAT | os.O_WRONLY,
+                       mode) as remote_fh:
+            remote_fh.write(data)
+        with open(remote_filename, 'rb') as fh:
+            written_data = fh.read()
+        _stat = os.stat(remote_filename)
+        try:
+            self.assertEqual(stat.S_IMODE(_stat.st_mode), 420)
+            self.assertTrue(fh.closed)
+            self.assertEqual(data, written_data)
+        except Exception:
+            raise
+        finally:
+            os.unlink(remote_filename)
+
+    def test_sftp_attrs_cls(self):
+        attrs = SFTPAttributes.new_attrs(None)
+        self.assertIsInstance(attrs, SFTPAttributes)
+        self.assertEqual(attrs.uid, 0)
+        self.assertEqual(attrs.gid, 0)
+        attrs.flags = 1
+        attrs.type = 2
+        attrs.size = 3
+        attrs.uid = 4
+        attrs.gid = 5
+        attrs.permissions = 6
+        attrs.atime64 = 7
+        attrs.atime = 8
+        attrs.atime_nseconds = 9
+        attrs.createtime = 10
+        attrs.createtime_nseconds = 11
+        attrs.mtime64 = 12
+        attrs.mtime = 13
+        attrs.mtime_nseconds = 14
+        attrs.extended_count = 15
+        self.assertEqual(attrs.flags, 1)
+        self.assertEqual(attrs.type, 2)
+        self.assertEqual(attrs.size, 3)
+        self.assertEqual(attrs.uid, 4)
+        self.assertEqual(attrs.gid, 5)
+        self.assertEqual(attrs.permissions, 6)
+        self.assertEqual(attrs.atime64, 7)
+        self.assertEqual(attrs.atime, 8)
+        self.assertEqual(attrs.atime_nseconds, 9)
+        self.assertEqual(attrs.createtime, 10)
+        self.assertEqual(attrs.createtime_nseconds, 11)
+        self.assertEqual(attrs.mtime64, 12)
+        self.assertEqual(attrs.mtime, 13)
+        self.assertEqual(attrs.mtime_nseconds, 14)
+        self.assertEqual(attrs.extended_count, 15)
+        del attrs
+
+    def test_sftp_stat(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        self.assertIsInstance(sftp, SFTP)
+        test_data = b"data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        _mask = int('0644') if version_info <= (2,) else 0o644
+        os.chmod(remote_filename, _mask)
+        _size = os.stat(remote_filename).st_size
+        try:
+            attrs = sftp.stat(remote_filename)
+            self.assertTrue(isinstance(attrs, SFTPAttributes))
+            self.assertEqual(attrs.uid, os.getuid())
+            self.assertEqual(attrs.gid, os.getgid())
+            self.assertEqual(stat.S_IMODE(attrs.permissions), 420)
+            self.assertTrue(attrs.atime > 0)
+            self.assertTrue(attrs.mtime > 0)
+            self.assertTrue(attrs.flags > 0)
+            self.assertEqual(attrs.size, _size)
+        except Exception:
+            raise
+        finally:
+            os.unlink(remote_filename)
+        self.assertRaises(SFTPError, sftp.stat, remote_filename)
+        self.assertNotEqual(sftp.get_error(), 0)
+
+    def test_sftp_fstat(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        self.assertTrue(sftp is not None)
+        test_data = b"data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        try:
+            with sftp.open(remote_filename, 0, 0) as fh:
+                attrs = fh.fstat()
+                self.assertTrue(isinstance(attrs, SFTPAttributes))
+                self.assertEqual(attrs.uid, os.getuid())
+                self.assertEqual(attrs.gid, os.getgid())
+                self.assertTrue(attrs.flags > 0)
+        except Exception:
+            raise
+        finally:
+            os.unlink(remote_filename)
+
+    def test_sftp_setstat(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        self.assertTrue(sftp is not None)
+        test_data = b"data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        _mask = int('0644') if version_info <= (2,) else 0o644
+        os.chmod(remote_filename, _mask)
+        attrs = sftp.stat(remote_filename)
+        attrs.permissions = int("0400") if version_info <= (2,) else 0o400
+        try:
+            self.assertEqual(sftp.setstat(remote_filename, attrs), 0)
+            attrs = sftp.stat(remote_filename)
+            self.assertEqual(attrs.permissions, 33024)
+        except Exception:
+            raise
+        finally:
+            os.unlink(remote_filename)
+
+    def test_canonicalize_path(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        self.assertTrue(sftp is not None)
+        self.assertIsNotNone(sftp.canonicalize_path('.'))
+
+    def test_sftp_symlink_realpath_lstat(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        self.assertTrue(sftp is not None)
+        test_data = b"data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        symlink_target = os.sep.join([os.path.dirname(__file__),
+                                      'remote_symlink'])
+        try:
+            self.assertEqual(sftp.symlink(remote_filename, symlink_target), 0)
+            lstat = sftp.lstat(symlink_target)
+            self.assertTrue(lstat is not None)
+            self.assertEqual(lstat.size, os.lstat(symlink_target).st_size)
+            realpath = sftp.canonicalize_path(symlink_target)
+            self.assertTrue(realpath is not None)
+            self.assertEqual(realpath, remote_filename)
+        except Exception:
+            raise
+        finally:
+            os.unlink(symlink_target)
+            os.unlink(remote_filename)
+
+    def test_readdir(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        dir_data = [_dir for _dir in sftp.opendir('.')]
+        self.assertTrue(len(dir_data) > 0)
+        self.assertTrue(b'.' in (_ls.name for _ls in dir_data))
+        self.assertTrue(b'..' in (_ls.name for _ls in dir_data))
+
+    def test_readdir_failure(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        self.assertRaises(SFTPError, sftp.opendir, 'fakeyfakey')
+
+    def test_fsync(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        test_data = b"data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        try:
+            with sftp.open(remote_filename, 0, 0) as fh:
+                self.assertEqual(fh.fsync(), 0)
+        except Exception:
+            raise
+        finally:
+            os.unlink(remote_filename)
+
+    def test_statvfs(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        vfs = sftp.statvfs('.')
+        self.assertTrue(vfs is not None)
+        self.assertTrue(vfs.f_files > 0)
+        self.assertTrue(vfs.f_bsize > 0)
+        self.assertTrue(vfs.f_namemax > 0)
+
+    def test_fstatvfs(self):
+        self._auth()
+        sftp = self.session.sftp_init()
+        test_data = b"data"
+        remote_filename = os.sep.join([os.path.dirname(__file__),
+                                       "remote_test_file"])
+        with open(remote_filename, 'wb') as fh:
+            fh.write(test_data)
+        try:
+            with sftp.open(remote_filename, 0, 0) as fh:
+                vfs = fh.fstatvfs()
+                self.assertTrue(vfs is not None)
+                self.assertTrue(vfs.f_files > 0)
+                self.assertTrue(vfs.f_bsize > 0)
+                self.assertTrue(vfs.f_namemax > 0)
+        except Exception:
+            raise
+        finally:
+            os.unlink(remote_filename)
+
+    def test_mkdir(self):
+        mode = int("0644") if version_info <= (2,) else 0o644
+        _path = 'tmp'
+        abspath = os.path.join(os.path.expanduser('~'), _path)
+        self._auth()
+        sftp = self.session.sftp_init()
+        try:
+            shutil.rmtree(abspath)
+        except OSError:
+            pass
+        sftp.mkdir(_path, mode)
+        try:
+            self.assertTrue(os.path.isdir(abspath))
+        finally:
+            shutil.rmtree(abspath)
+
+    # def test_async_read(self):
+    #     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    #     sock.connect((self.host, self.port))
+    #     self.session = Session()
+    #     self.session.options_set(options.USER, self.user)
+    #     self.session.options_set(options.HOST, self.host)
+    #     self.session.options_set_port(self.port)
+    #     self.assertEqual(self.session.set_socket(sock), 0)
+    #     self.assertEqual(self.session.connect(), 0)
+    #     self.assertEqual(self.session.userauth_publickey(self.pkey), 0)
+    #     sftp = self.session.sftp_new()
+    #     sftp.init()
+    #     if int(platform.python_version_tuple()[0]) >= 3:
+    #         test_file_data = b'test' + bytes(os.linesep, 'utf-8')
+    #     else:
+    #         test_file_data = b'test' + os.linesep
+    #     remote_filename = os.sep.join([os.path.dirname(__file__),
+    #                                    'remote_test_file'])
+    #     with open(remote_filename, 'wb') as test_fh:
+    #         test_fh.write(test_file_data)
+    #     # self.session.set_blocking(False)
+    #     try:
+    #         with sftp.open(remote_filename, os.O_RDONLY, 0) as remote_fh:
+    #             self.assertIsInstance(remote_fh, SFTPFile)
+    #             remote_fh.set_nonblocking()
+    #             remote_data = b""
+    #             async_id = remote_fh.async_read_begin()
+    #             self.assertNotEqual(async_id, 0)
+    #             import ipdb; ipdb.set_trace()
+    #             size, data = remote_fh.async_read(async_id)
+    #             while size > 0 or size == SSH_AGAIN:
+    #                 if size == SSH_AGAIN:
+    #                     print("Would try again")
+    #                     wait_socket(sock, self.session, timeout=1)
+    #                     size, data = remote_fh.async_read(async_id)
+    #                     continue
+    #                 remote_data += data
+    #                 size, data = remote_fh.async_read(async_id)
+    #             self.assertFalse(remote_fh.closed)
+    #             self.assertEqual(remote_fh.close(), 0)
+    #             self.assertTrue(remote_fh.closed)
+    #             self.assertEqual(remote_data, test_file_data)
+    #         self.assertTrue(remote_fh.closed)
+    #     finally:
+    #         os.unlink(remote_filename)
diff --git a/tests/unit_test_cert_key b/ci/integration_tests/unit_test_cert_key
similarity index 100%
rename from tests/unit_test_cert_key
rename to ci/integration_tests/unit_test_cert_key
diff --git a/tests/unit_test_cert_key.pub b/ci/integration_tests/unit_test_cert_key.pub
similarity index 100%
rename from tests/unit_test_cert_key.pub
rename to ci/integration_tests/unit_test_cert_key.pub
diff --git a/tests/unit_test_key b/ci/integration_tests/unit_test_key
similarity index 100%
rename from tests/unit_test_key
rename to ci/integration_tests/unit_test_key
diff --git a/ci/integration_tests/unit_test_key.pub b/ci/integration_tests/unit_test_key.pub
new file mode 100644
index 00000000..4ff0ebc0
--- /dev/null
+++ b/ci/integration_tests/unit_test_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEsAAs2ew1xYntiiBAb3oqs7UC2Qd2kQ/eF+6WqOjeTFjWGksybnFidV91MwLjHdPmioz/1SleZqSqcD0csBcUs6jqclDlJ2MX8ZjL0e8hFDYpepFPTkwB2D6e55DwK0GJefiHUda5fKaaCzMN69h/RoBYurV/Zxf4+kRUAt+A5RXBGe22BdMtKW30J9endU9qWP4QDWtFXxvOjWHuJc7M/MNP2qww4yBo4xcKTabr8TC9uL7RUh4hMWdiNZnlmwSICT6k9NkkcBbDEIW0SjEcUMRB/V0qQ/J5Jeb8Lea82wDDdcfKaOPmI8ST5WtjfqPkKd9sqVhsq0gcCKtFZv0r zefrer@kirin
diff --git a/ci/osx-wheel.sh b/ci/osx-wheel.sh
index e525ba0d..e047141c 100755
--- a/ci/osx-wheel.sh
+++ b/ci/osx-wheel.sh
@@ -1,43 +1,61 @@
 #!/bin/bash -xe
-# This file is part of ssh-python.
-# Copyright (C) 2017-2022 Panos Kittenis and contributors.
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
+SYSTEM_LIBSSH_DIR="/opt/homebrew/opt/libssh/lib"
+MY_LIBSSH_DIR="local/lib"
+LIBSSH_INCLUDE_DIR="/opt/homebrew/opt/libssh/include"
+set -x
+
+export CPPFLAGS="-I${LIBSSH_INCLUDE_DIR}"
+sudo cp -a libssh/include/* ${LIBSSH_INCLUDE_DIR}/
 
+set +x
 pip3 install -U virtualenv
 python3 -m virtualenv -p "$(which python3)" venv
+set -x
 
-set +x
 source venv/bin/activate
-set -x
 
 python -V
 pip3 install -U setuptools pip
 pip3 install -U delocate wheel
-SYSTEM_LIBSSH=1 python3 setup.py bdist_wheel
-ls -lhtr /usr/local/lib/
+unset SYSTEM_LIBSSH
+
+python3 setup.py bdist_wheel
+
+sudo cp -a ${MY_LIBSSH_DIR}/libssh* ${SYSTEM_LIBSSH_DIR}/
+ls -lhtr ${SYSTEM_LIBSSH_DIR}
+
 delocate-listdeps dist/*.whl
 delocate-wheel -v -w wheels dist/*.whl
 delocate-listdeps wheels/*.whl
 
 ls -l wheels/*.whl
-rm -f /usr/local/lib/libssh*
+rm -f ${SYSTEM_LIBSSH_DIR}/libssh*
+rm -rf local
+ls -lhtr ${SYSTEM_LIBSSH_DIR}
+
 pip3 install -v wheels/*.whl
+
 pwd; mkdir -p temp; cd temp; pwd
 python3 -c "from ssh.session import Session; Session()" && echo "Import successful"
 cd ..; pwd
+
 set +x
 deactivate
 set -x
diff --git a/doc/conf.py b/doc/conf.py
index 0746768d..01964c0c 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -121,7 +121,7 @@
 
 # Output file base name for HTML help builder.
 htmlhelp_basename = 'ssh-pythondoc'
-intersphinx_mapping = {'https://docs.python.org/': None}
+intersphinx_mapping = {'python': ('https://docs.python.org/3', None)}
 autoclass_content = "both"
 
 # A list of files that should not be packed into the epub file.
diff --git a/doc/installation.rst b/doc/installation.rst
index 2756cf0a..d15b6bef 100644
--- a/doc/installation.rst
+++ b/doc/installation.rst
@@ -15,6 +15,8 @@ By default, the package will try to build against an embedded version of ``libss
 
 To build against a system library, export the ``SYSTEM_LIBSSH=1`` environment variable prior to building.
 
+Note that the library supports its embedded ``libssh`` version and only that version. Use previous ``ssh-python`` versions if wanting to build against older ``libssh`` versions. See `Changelog <Changelog.html>`_.
+
 The following libraries are required:
 
 * OpenSSL 1.0 or 1.1, >=1.1 for Ed25519 support
@@ -43,7 +45,7 @@ Building on Windows
 
 Requirements:
 
-* Python >= 3.6
+* Python >= 3.8
 * Visual Studio 14 or above
 * OpenSSL 1.1
 * Zlib
@@ -60,3 +62,5 @@ Steps
 Note dependencies will need to be built statically to be distributable to other Windows systems.
 
 Cygwin/MingW probably do not work.
+
+No support is offered for building on Windows from source.
diff --git a/doc/requirements.txt b/doc/requirements.txt
new file mode 100644
index 00000000..82133027
--- /dev/null
+++ b/doc/requirements.txt
@@ -0,0 +1,2 @@
+sphinx
+sphinx_rtd_theme
diff --git a/krb5-1.21.3/.github/workflows/build.yml b/krb5-1.21.3/.github/workflows/build.yml
new file mode 100644
index 00000000..68a4788a
--- /dev/null
+++ b/krb5-1.21.3/.github/workflows/build.yml
@@ -0,0 +1,104 @@
+name: Build
+
+on:
+    push: {paths: [src/**, .github/workflows/build.yml]}
+    pull_request: {paths: [src/**, .github/workflows/build.yml]}
+
+jobs:
+
+    unix:
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: false
+            matrix:
+                name: [linux-clang, linux-clang-openssl, linux-gcc]
+                include:
+                    - name: linux-clang
+                      os: ubuntu-latest
+                      compiler: clang
+                      makevars: CPPFLAGS=-Werror
+                      configureopts: --enable-asan
+                    - name: linux-clang-openssl
+                      os: ubuntu-latest
+                      compiler: clang
+                      makevars: CPPFLAGS=-Werror
+                      configureopts: --with-crypto-impl=openssl
+                    - name: linux-gcc
+                      os: ubuntu-latest
+                      compiler: gcc
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v1
+            - name: Linux setup
+              if: startsWith(matrix.os, 'ubuntu')
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y bison gettext keyutils ldap-utils libcmocka-dev libldap2-dev libkeyutils-dev libsasl2-dev libssl-dev python3-kdcproxy python3-pip slapd tcsh
+                pip3 install pyrad
+            - name: Build
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+                CONFIGURE_OPTS:  ${{ matrix.configureopts }}
+              run: |
+                cd src
+                autoreconf
+                ./configure --enable-maintainer-mode --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst
+                make $MAKEVARS
+                make check
+                make install
+            - name: Display skipped tests
+              run: cat src/skiptests
+            - name: Check for files unexpectedly not removed by make distclean
+              run: |
+                cd src
+                make distclean
+                rm -rf autom4te.cache configure include/autoconf.h.in
+                if [ -n "$(git ls-files -o)" ]; then
+                  echo "Files not removed by make distclean:"
+                  git ls-files -o
+                  exit 1
+                fi
+
+    windows:
+        runs-on: windows-latest
+        env:
+            KRB_INSTALL_DIR: C:\kfw
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v1
+            - name: Setup
+              shell: cmd
+              run: |
+                mkdir %KRB_INSTALL_DIR%
+            - uses: ilammy/msvc-dev-cmd@v1
+              with:
+                arch: x86
+            - name: Build 32-bit
+              shell: cmd
+              run: |
+                cd src
+                set
+                set PATH=%PATH%;%wix%bin
+                nmake -f Makefile.in prep-windows
+                nmake
+                nmake install
+                cd windows\installer\wix
+                nmake
+                rename kfw.msi kfw32.msi
+            - uses: ilammy/msvc-dev-cmd@v1
+              with:
+                arch: x64
+            - name: Build 64-bit
+              shell: cmd
+              run: |
+                cd src
+                set
+                set PATH=%PATH%;%wix%bin;"%WindowsSdkVerBinPath%"\x86
+                nmake clean
+                nmake
+                nmake install
+                cd windows\installer\wix
+                nmake clean
+                nmake
+                rename kfw.msi kfw64.msi
diff --git a/krb5-1.21.3/.github/workflows/doc.yml b/krb5-1.21.3/.github/workflows/doc.yml
new file mode 100644
index 00000000..f7f6b6b0
--- /dev/null
+++ b/krb5-1.21.3/.github/workflows/doc.yml
@@ -0,0 +1,41 @@
+name: Doc
+
+on:
+    push: {paths: [doc/**, src/doc/*, src/include/krb5/krb5.hin, .github/workflows/doc.yml]}
+    pull_request: {paths: [doc/**, src/doc/*, src/include/krb5/krb5.hin, .github/workflows/doc.yml]}
+
+jobs:
+    doc-older-sphinx:
+        runs-on: ubuntu-22.04
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v1
+            - name: Linux setup
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y doxygen python3-lxml python3-pip python3-sphinx
+                pip3 install Cheetah3
+            - name: Build documentation
+              run: |
+                cd src/doc
+                make -f Makefile.in SPHINX_ARGS=-W htmlsrc
+    doc-newest-sphinx:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v1
+            - name: Linux setup
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y doxygen python3-lxml python3-pip
+                pip3 install Cheetah3 sphinx
+            - name: Build documentation
+              run: |
+                cd src/doc
+                make -f Makefile.in SPHINX_ARGS=-W htmlsrc
+            - name: Upload HTML
+              uses: actions/upload-artifact@v2
+              with:
+                  name: html
+                  path: doc/html
+                  retention-days: 7
diff --git a/krb5-1.21.3/NOTICE b/krb5-1.21.3/NOTICE
new file mode 100644
index 00000000..85ecf5a9
--- /dev/null
+++ b/krb5-1.21.3/NOTICE
@@ -0,0 +1,1384 @@
+Copyright (C) 1985-2024 by the Massachusetts Institute of Technology.
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+* Redistributions of source code must retain the above copyright
+  notice, this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Downloading of this software may constitute an export of cryptographic
+software from the United States of America that is subject to the
+United States Export Administration Regulations (EAR), 15 CFR 730-774.
+Additional laws or regulations may apply.  It is the responsibility of
+the person or entity contemplating export to comply with all
+applicable export laws and regulations, including obtaining any
+required license from the U.S. government.
+
+The U.S. government prohibits export of encryption source code to
+certain countries and individuals, including, but not limited to, the
+countries of Cuba, Iran, North Korea, Sudan, Syria, and residents and
+nationals of those countries.
+
+Documentation components of this software distribution are licensed
+under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
+(https://creativecommons.org/licenses/by-sa/3.0/)
+
+Individual source code files are copyright MIT, Cygnus Support,
+Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems,
+FundsXpress, and others.
+
+Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+and Zephyr are trademarks of the Massachusetts Institute of Technology
+(MIT).  No commercial use of these trademarks may be made without
+prior written permission of MIT.
+
+"Commercial use" means use of a name in a product or other for-profit
+manner.  It does NOT prevent a commercial firm from referring to the
+MIT trademarks in order to convey information (although in doing so,
+recognition of their trademark status should be given).
+
+======================================================================
+
+The following copyright and permission notice applies to the
+OpenVision Kerberos Administration system located in "kadmin/create",
+"kadmin/dbutil", "kadmin/passwd", "kadmin/server", "lib/kadm5", and
+portions of "lib/rpc":
+
+   Copyright, OpenVision Technologies, Inc., 1993-1996, All Rights
+   Reserved
+
+   WARNING:  Retrieving the OpenVision Kerberos Administration system
+   source code, as described below, indicates your acceptance of the
+   following terms.  If you do not agree to the following terms, do
+   not retrieve the OpenVision Kerberos administration system.
+
+   You may freely use and distribute the Source Code and Object Code
+   compiled from it, with or without modification, but this Source
+   Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
+   INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
+   FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
+   EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
+   FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
+   SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
+   CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
+   WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
+   CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
+   OTHER REASON.
+
+   OpenVision retains all copyrights in the donated Source Code.
+   OpenVision also retains copyright to derivative works of the Source
+   Code, whether created by OpenVision or by a third party. The
+   OpenVision copyright notice must be preserved if derivative works
+   are made based on the donated Source Code.
+
+   OpenVision Technologies, Inc. has donated this Kerberos
+   Administration system to MIT for inclusion in the standard Kerberos
+   5 distribution. This donation underscores our commitment to
+   continuing Kerberos technology development and our gratitude for
+   the valuable work which has been performed by MIT and the Kerberos
+   community.
+
+======================================================================
+
+   Portions contributed by Matt Crawford "crawdad@fnal.gov" were work
+   performed at Fermi National Accelerator Laboratory, which is
+   operated by Universities Research Association, Inc., under contract
+   DE-AC02-76CHO3000 with the U.S. Department of Energy.
+
+======================================================================
+
+Portions of "src/lib/crypto" have the following copyright:
+
+   Copyright (C) 1998 by the FundsXpress, INC.
+
+   All rights reserved.
+
+      Export of this software from the United States of America may
+      require a specific license from the United States Government.
+      It is the responsibility of any person or organization
+      contemplating export to obtain such a license before exporting.
+
+   WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+   distribute this software and its documentation for any purpose and
+   without fee is hereby granted, provided that the above copyright
+   notice appear in all copies and that both that copyright notice and
+   this permission notice appear in supporting documentation, and that
+   the name of FundsXpress. not be used in advertising or publicity
+   pertaining to distribution of the software without specific,
+   written prior permission.  FundsXpress makes no representations
+   about the suitability of this software for any purpose.  It is
+   provided "as is" without express or implied warranty.
+
+   THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+   IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+   WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+======================================================================
+
+The implementation of the AES encryption algorithm in
+"src/lib/crypto/builtin/aes" has the following copyright:
+
+      Copyright (C) 1998-2013, Brian Gladman, Worcester, UK. All
+      rights reserved.
+
+   The redistribution and use of this software (with or without
+   changes) is allowed without the payment of fees or royalties
+   provided that:
+
+      source code distributions include the above copyright notice,
+      this list of conditions and the following disclaimer;
+
+      binary distributions include the above copyright notice, this
+      list of conditions and the following disclaimer in their
+      documentation.
+
+   This software is provided 'as is' with no explicit or implied
+   warranties in respect of its operation, including, but not limited
+   to, correctness and fitness for purpose.
+
+======================================================================
+
+Portions contributed by Red Hat, including the pre-authentication
+plug-in framework and the NSS crypto implementation, contain the
+following copyright:
+
+      Copyright (C) 2006 Red Hat, Inc.
+      Portions copyright (C) 2006 Massachusetts Institute of Technology
+      All Rights Reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials provided
+     with the distribution.
+
+   * Neither the name of Red Hat, Inc., nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+The bundled verto source code is subject to the following license:
+
+   Copyright 2011 Red Hat, Inc.
+
+   Permission is hereby granted, free of charge, to any person
+   obtaining a copy of this software and associated documentation
+   files (the "Software"), to deal in the Software without
+   restriction, including without limitation the rights to use, copy,
+   modify, merge, publish, distribute, sublicense, and/or sell copies
+   of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be
+   included in all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+   NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+
+======================================================================
+
+The MS-KKDCP client implementation has the following copyright:
+
+   Copyright 2013,2014 Red Hat, Inc.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+      1. Redistributions of source code must retain the above
+         copyright notice, this list of conditions and the following
+         disclaimer.
+
+      2. Redistributions in binary form must reproduce the above
+         copyright notice, this list of conditions and the following
+         disclaimer in the documentation and/or other materials
+         provided with the distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in
+"src/lib/gssapi", including the following files:
+
+   lib/gssapi/generic/gssapi_err_generic.et
+   lib/gssapi/mechglue/g_accept_sec_context.c
+   lib/gssapi/mechglue/g_acquire_cred.c
+   lib/gssapi/mechglue/g_canon_name.c
+   lib/gssapi/mechglue/g_compare_name.c
+   lib/gssapi/mechglue/g_context_time.c
+   lib/gssapi/mechglue/g_delete_sec_context.c
+   lib/gssapi/mechglue/g_dsp_name.c
+   lib/gssapi/mechglue/g_dsp_status.c
+   lib/gssapi/mechglue/g_dup_name.c
+   lib/gssapi/mechglue/g_exp_sec_context.c
+   lib/gssapi/mechglue/g_export_name.c
+   lib/gssapi/mechglue/g_glue.c
+   lib/gssapi/mechglue/g_imp_name.c
+   lib/gssapi/mechglue/g_imp_sec_context.c
+   lib/gssapi/mechglue/g_init_sec_context.c
+   lib/gssapi/mechglue/g_initialize.c
+   lib/gssapi/mechglue/g_inquire_context.c
+   lib/gssapi/mechglue/g_inquire_cred.c
+   lib/gssapi/mechglue/g_inquire_names.c
+   lib/gssapi/mechglue/g_process_context.c
+   lib/gssapi/mechglue/g_rel_buffer.c
+   lib/gssapi/mechglue/g_rel_cred.c
+   lib/gssapi/mechglue/g_rel_name.c
+   lib/gssapi/mechglue/g_rel_oid_set.c
+   lib/gssapi/mechglue/g_seal.c
+   lib/gssapi/mechglue/g_sign.c
+   lib/gssapi/mechglue/g_store_cred.c
+   lib/gssapi/mechglue/g_unseal.c
+   lib/gssapi/mechglue/g_userok.c
+   lib/gssapi/mechglue/g_utils.c
+   lib/gssapi/mechglue/g_verify.c
+   lib/gssapi/mechglue/gssd_pname_to_uid.c
+   lib/gssapi/mechglue/mglueP.h
+   lib/gssapi/mechglue/oid_ops.c
+   lib/gssapi/spnego/gssapiP_spnego.h
+   lib/gssapi/spnego/spnego_mech.c
+
+and the initial implementation of incremental propagation, including
+the following new or changed files:
+
+   include/iprop_hdr.h
+   kadmin/server/ipropd_svc.c
+   lib/kdb/iprop.x
+   lib/kdb/kdb_convert.c
+   lib/kdb/kdb_log.c
+   lib/kdb/kdb_log.h
+   lib/krb5/error_tables/kdb5_err.et
+   kprop/kpropd_rpc.c
+   kprop/kproplog.c
+
+are subject to the following license:
+
+   Copyright (C) 2004 Sun Microsystems, Inc.
+
+   Permission is hereby granted, free of charge, to any person
+   obtaining a copy of this software and associated documentation
+   files (the "Software"), to deal in the Software without
+   restriction, including without limitation the rights to use, copy,
+   modify, merge, publish, distribute, sublicense, and/or sell copies
+   of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be
+   included in all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+   BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+   ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+   CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+======================================================================
+
+Kerberos V5 includes documentation and software developed at the
+University of California at Berkeley, which includes this copyright
+notice:
+
+      Copyright (C) 1983 Regents of the University of California.
+      All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. Neither the name of the University nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+   TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS
+   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+======================================================================
+
+Portions contributed by Novell, Inc., including the LDAP database
+backend, are subject to the following license:
+
+      Copyright (C) 2004-2005, Novell, Inc.
+      All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials provided
+     with the distribution.
+
+   * The copyright holder's name is not used to endorse or promote
+     products derived from this software without specific prior
+     written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+Portions funded by Sandia National Laboratory and developed by the
+University of Michigan's Center for Information Technology
+Integration, including the PKINIT implementation, are subject to the
+following license:
+
+      COPYRIGHT (C) 2006-2007
+      THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+      ALL RIGHTS RESERVED
+
+   Permission is granted to use, copy, create derivative works and
+   redistribute this software and such derivative works for any
+   purpose, so long as the name of The University of Michigan is not
+   used in any advertising or publicity pertaining to the use of
+   distribution of this software without specific, written prior
+   authorization.  If the above copyright notice or any other
+   identification of the University of Michigan is included in any
+   copy of any portion of this software, then the disclaimer below
+   must also be included.
+
+   THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE
+   UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY PURPOSE, AND
+   WITHOUT WARRANTY BY THE UNIVERSITY OF MICHIGAN OF ANY KIND, EITHER
+   EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
+   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+   THE REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE FOR
+   ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+   CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING OUT OF OR
+   IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF IT HAS BEEN OR
+   IS HEREAFTER ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+======================================================================
+
+The pkcs11.h file included in the PKINIT code has the following
+license:
+
+      Copyright 2006 g10 Code GmbH
+      Copyright 2006 Andreas Jellinghaus
+
+   This file is free software; as a special exception the author gives
+   unlimited permission to copy and/or distribute it, with or without
+   modifications, as long as this notice is preserved.
+
+   This file is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+   the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+   PURPOSE.
+
+======================================================================
+
+Portions contributed by Apple Inc. are subject to the following
+license:
+
+   Copyright 2004-2008 Apple Inc.  All Rights Reserved.
+
+      Export of this software from the United States of America may
+      require a specific license from the United States Government.
+      It is the responsibility of any person or organization
+      contemplating export to obtain such a license before exporting.
+
+   WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+   distribute this software and its documentation for any purpose and
+   without fee is hereby granted, provided that the above copyright
+   notice appear in all copies and that both that copyright notice and
+   this permission notice appear in supporting documentation, and that
+   the name of Apple Inc. not be used in advertising or publicity
+   pertaining to distribution of the software without specific,
+   written prior permission.  Apple Inc. makes no representations
+   about the suitability of this software for any purpose.  It is
+   provided "as is" without express or implied warranty.
+
+   THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+   IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+   WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+======================================================================
+
+The implementations of UTF-8 string handling in src/util/support and
+src/lib/krb5/unicode are subject to the following copyright and
+permission notice:
+
+      The OpenLDAP Public License
+      Version 2.8, 17 August 2003
+
+   Redistribution and use of this software and associated
+   documentation ("Software"), with or without modification, are
+   permitted provided that the following conditions are met:
+
+   1. Redistributions in source form must retain copyright
+      statements and notices,
+
+   2. Redistributions in binary form must reproduce applicable
+      copyright statements and notices, this list of conditions, and
+      the following disclaimer in the documentation and/or other
+      materials provided with the distribution, and
+
+   3. Redistributions must contain a verbatim copy of this
+      document.
+
+   The OpenLDAP Foundation may revise this license from time to time.
+   Each revision is distinguished by a version number.  You may use
+   this Software under terms of this license revision or under the
+   terms of any subsequent revision of the license.
+
+   THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+   CONTRIBUTORS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   DISCLAIMED.  IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS
+   CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE
+   LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+   OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+   USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+   DAMAGE.
+
+   The names of the authors and copyright holders must not be used in
+   advertising or otherwise to promote the sale, use or other dealing
+   in this Software without specific, written prior permission.  Title
+   to copyright in this Software shall at all times remain with
+   copyright holders.
+
+   OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+   Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+   California, USA.  All Rights Reserved.  Permission to copy and
+   distribute verbatim copies of this document is granted.
+
+======================================================================
+
+Marked test programs in src/lib/krb5/krb have the following copyright:
+
+      Copyright (C) 2006 Kungliga Tekniska Högskola
+      (Royal Institute of Technology, Stockholm, Sweden).
+      All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. Neither the name of KTH nor the names of its contributors may
+      be used to endorse or promote products derived from this
+      software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS "AS IS" AND
+   ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS
+   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+======================================================================
+
+The KCM Mach RPC definition file used on macOS has the following
+copyright:
+
+      Copyright (C) 2009 Kungliga Tekniska Högskola
+      (Royal Institute of Technology, Stockholm, Sweden).
+      All rights reserved.
+
+   Portions Copyright (C) 2009 Apple Inc. All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. Neither the name of the Institute nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+   TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE
+   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+======================================================================
+
+Portions of the RPC implementation in src/lib/rpc and
+src/include/gssrpc have the following copyright and permission notice:
+
+   Copyright (C) 2010, Oracle America, Inc.
+
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. Neither the name of the "Oracle America, Inc." nor the names
+      of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written
+      permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+   Copyright (C) 2006,2007,2009 NTT (Nippon Telegraph and Telephone
+   Corporation).  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer as the first lines of this file unmodified.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   THIS SOFTWARE IS PROVIDED BY NTT "AS IS" AND ANY EXPRESS OR IMPLIED
+   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   DISCLAIMED. IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT,
+   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+   Copyright 2000 by Carnegie Mellon University
+
+   All Rights Reserved
+
+   Permission to use, copy, modify, and distribute this software and
+   its documentation for any purpose and without fee is hereby
+   granted, provided that the above copyright notice appear in all
+   copies and that both that copyright notice and this permission
+   notice appear in supporting documentation, and that the name of
+   Carnegie Mellon University not be used in advertising or publicity
+   pertaining to distribution of the software without specific,
+   written prior permission.
+
+   CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+   THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+   AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+   FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+   OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+   SOFTWARE.
+
+======================================================================
+
+   Copyright (C) 2002 Naval Research Laboratory (NRL/CCS)
+
+   Permission to use, copy, modify and distribute this software and
+   its documentation is hereby granted, provided that both the
+   copyright notice and this permission notice appear in all copies of
+   the software, derivative works or modified versions, and any
+   portions thereof.
+
+   NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND
+   DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
+   RESULTING FROM THE USE OF THIS SOFTWARE.
+
+======================================================================
+
+   Copyright (C) 2022 United States Government as represented by the
+   Secretary of the Navy.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials provided
+     with the distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+   Copyright (C) 1991, 1992, 1994 by Cygnus Support.
+
+   Permission to use, copy, modify, and distribute this software and
+   its documentation for any purpose and without fee is hereby
+   granted, provided that the above copyright notice appear in all
+   copies and that both that copyright notice and this permission
+   notice appear in supporting documentation. Cygnus Support makes no
+   representations about the suitability of this software for any
+   purpose.  It is provided "as is" without express or implied
+   warranty.
+
+======================================================================
+
+   Copyright (C) 2006 Secure Endpoints Inc.
+
+   Permission is hereby granted, free of charge, to any person
+   obtaining a copy of this software and associated documentation
+   files (the "Software"), to deal in the Software without
+   restriction, including without limitation the rights to use, copy,
+   modify, merge, publish, distribute, sublicense, and/or sell copies
+   of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be
+   included in all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+   BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+   ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+   CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+======================================================================
+
+Portions of the implementation of the Fortuna-like PRNG are subject to
+the following notice:
+
+      Copyright (C) 2005 Marko Kreen
+      All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+   TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR
+   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+   Copyright (C) 1994 by the University of Southern California
+
+      EXPORT OF THIS SOFTWARE from the United States of America may
+      require a specific license from the United States Government. It
+      is the responsibility of any person or organization
+      contemplating export to obtain such a license before exporting.
+
+   WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+   this software and its documentation in source and binary forms is
+   hereby granted, provided that any documentation or other materials
+   related to such distribution or use acknowledge that the software
+   was developed by the University of Southern California.
+
+   DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+   University of Southern California MAKES NO REPRESENTATIONS OR
+   WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+   limitation, the University of Southern California MAKES NO
+   REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+   PARTICULAR PURPOSE. The University of Southern California shall not
+   be held liable for any liability nor for any direct, indirect, or
+   consequential damages with respect to any claim by the user or
+   distributor of the ksu software.
+
+======================================================================
+
+      Copyright (C) 1995
+      The President and Fellows of Harvard University
+
+   This code is derived from software contributed to Harvard by Jeremy
+   Rassen.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. All advertising materials mentioning features or use of this
+      software must display the following acknowledgement:
+
+         This product includes software developed by the University of
+         California, Berkeley and its contributors.
+
+   4. Neither the name of the University nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+   TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS
+   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+======================================================================
+
+      Copyright (C) 2008 by the Massachusetts Institute of Technology.
+      Copyright 1995 by Richard P. Basch.  All Rights Reserved.
+      Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
+
+      Export of this software from the United States of America may
+      require a specific license from the United States Government. It
+      is the responsibility of any person or organization
+      contemplating export to obtain such a license before exporting.
+
+   WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+   distribute this software and its documentation for any purpose and
+   without fee is hereby granted, provided that the above copyright
+   notice appear in all copies and that both that copyright notice and
+   this permission notice appear in supporting documentation, and that
+   the name of Richard P. Basch, Lehman Brothers and M.I.T. not be
+   used in advertising or publicity pertaining to distribution of the
+   software without specific, written prior permission.  Richard P.
+   Basch, Lehman Brothers and M.I.T. make no representations about the
+   suitability of this software for any purpose.  It is provided "as
+   is" without express or implied warranty.
+
+======================================================================
+
+The following notice applies to "src/lib/krb5/krb/strptime.c" and
+"src/include/k5-queue.h".
+
+      Copyright (C) 1997, 1998 The NetBSD Foundation, Inc.
+      All rights reserved.
+
+   This code was contributed to The NetBSD Foundation by Klaus Klein.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. All advertising materials mentioning features or use of this
+      software must display the following acknowledgement:
+
+         This product includes software developed by the NetBSD
+         Foundation, Inc. and its contributors.
+
+   4. Neither the name of The NetBSD Foundation nor the names of
+      its contributors may be used to endorse or promote products
+      derived from this software without specific prior written
+      permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+   CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE
+   LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+   OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+   USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+   DAMAGE.
+
+======================================================================
+
+The following notice applies to Unicode library files in
+"src/lib/krb5/unicode":
+
+      Copyright 1997, 1998, 1999 Computing Research Labs,
+      New Mexico State University
+
+   Permission is hereby granted, free of charge, to any person
+   obtaining a copy of this software and associated documentation
+   files (the "Software"), to deal in the Software without
+   restriction, including without limitation the rights to use, copy,
+   modify, merge, publish, distribute, sublicense, and/or sell copies
+   of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be
+   included in all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+   NONINFRINGEMENT.  IN NO EVENT SHALL THE COMPUTING RESEARCH LAB OR
+   NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY CLAIM, DAMAGES OR
+   OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+   OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
+   OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+======================================================================
+
+The following notice applies to "src/util/support/strlcpy.c":
+
+   Copyright (C) 1998 Todd C. Miller "Todd.Miller@courtesan.com"
+
+   Permission to use, copy, modify, and distribute this software for
+   any purpose with or without fee is hereby granted, provided that
+   the above copyright notice and this permission notice appear in all
+   copies.
+
+   THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+   WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+   WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+   AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+   CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+   OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+   NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+   CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+======================================================================
+
+The following notice applies to "src/util/profile/argv_parse.c" and
+"src/util/profile/argv_parse.h":
+
+   Copyright 1999 by Theodore Ts'o.
+
+   Permission to use, copy, modify, and distribute this software for
+   any purpose with or without fee is hereby granted, provided that
+   the above copyright notice and this permission notice appear in all
+   copies.  THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE
+   AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+   INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
+   NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+   INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+   RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+   OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+   IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  (Isn't
+   it sick that the U.S. culture of lawsuit-happy lawyers requires
+   this kind of disclaimer?)
+
+======================================================================
+
+The following notice applies to SWIG-generated code in
+"src/util/profile/profile_tcl.c":
+
+   Copyright (C) 1999-2000, The University of Chicago
+
+   This file may be freely redistributed without license or fee
+   provided this copyright message remains intact.
+
+======================================================================
+
+The following notice applies to portiions of "src/lib/rpc" and
+"src/include/gssrpc":
+
+   Copyright (C) 2000 The Regents of the University of Michigan. All
+   rights reserved.
+
+   Copyright (C) 2000 Dug Song "dugsong@UMICH.EDU". All rights
+   reserved, all wrongs reversed.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. Neither the name of the University nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+   OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+   USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+   DAMAGE.
+
+======================================================================
+
+Implementations of the MD4 algorithm are subject to the following
+notice:
+
+   Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD4 Message Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD4 Message Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose.  It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+
+======================================================================
+
+Implementations of the MD5 algorithm are subject to the following
+notice:
+
+   Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message- Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose.  It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+
+======================================================================
+
+The following notice applies to
+"src/lib/crypto/crypto_tests/t_mddriver.c":
+
+   Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+   rights reserved.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is" without
+   express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+
+======================================================================
+
+Portions of "src/lib/krb5" are subject to the following notice:
+
+      Copyright (C) 1994 CyberSAFE Corporation.
+      Copyright 1990,1991,2007,2008 by the Massachusetts
+      Institute of Technology.
+      All Rights Reserved.
+
+      Export of this software from the United States of America may
+      require a specific license from the United States Government. It
+      is the responsibility of any person or organization
+      contemplating export to obtain such a license before exporting.
+
+   WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+   distribute this software and its documentation for any purpose and
+   without fee is hereby granted, provided that the above copyright
+   notice appear in all copies and that both that copyright notice and
+   this permission notice appear in supporting documentation, and that
+   the name of M.I.T. not be used in advertising or publicity
+   pertaining to distribution of the software without specific,
+   written prior permission.  Furthermore if you modify this software
+   you must label your software as modified software and not
+   distribute it in such a fashion that it might be confused with the
+   original M.I.T. software. Neither M.I.T., the Open Computing
+   Security Group, nor CyberSAFE Corporation make any representations
+   about the suitability of this software for any purpose.  It is
+   provided "as is" without express or implied warranty.
+
+======================================================================
+
+Portions contributed by PADL Software are subject to the following
+license:
+
+   Copyright (c) 2011, PADL Software Pty Ltd. All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above
+      copyright notice, this list of conditions and the following
+      disclaimer.
+
+   2. Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+   3. Neither the name of PADL Software nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+   TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE
+   OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+======================================================================
+
+The bundled libev source code is subject to the following license:
+
+   All files in libev are Copyright (C)2007,2008,2009 Marc Alexander
+   Lehmann.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials provided
+     with the distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+   Alternatively, the contents of this package may be used under the
+   terms of the GNU General Public License ("GPL") version 2 or any
+   later version, in which case the provisions of the GPL are
+   applicable instead of the above. If you wish to allow the use of
+   your version of this package only under the terms of the GPL and
+   not to allow others to use your version of this file under the BSD
+   license, indicate your decision by deleting the provisions above
+   and replace them with the notice and other provisions required by
+   the GPL in this and the other files of this package. If you do not
+   delete the provisions above, a recipient may use your version of
+   this file under either the BSD or the GPL.
+
+======================================================================
+
+Files copied from the Intel AESNI Sample Library are subject to the
+following license:
+
+   Copyright (C) 2010, Intel Corporation All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+      * Redistributions of source code must retain the above
+        copyright notice, this list of conditions and the following
+        disclaimer.
+
+      * Redistributions in binary form must reproduce the above
+        copyright notice, this list of conditions and the following
+        disclaimer in the documentation and/or other materials
+        provided with the distribution.
+
+      * Neither the name of Intel Corporation nor the names of its
+        contributors may be used to endorse or promote products
+        derived from this software without specific prior written
+        permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
+   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+The following notice applies to
+"src/ccapi/common/win/OldCC/autolock.hxx":
+
+   Copyright (C) 1998 by Danilo Almeida.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   * Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+
+   * Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials provided
+     with the distribution.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+   (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+   OF THE POSSIBILITY OF SUCH DAMAGE.
+
+======================================================================
+
+The following notice applies to portions of
+"src/plugins/preauth/spake/edwards25519.c" and
+"src/plugins/preauth/spake/edwards25519_tables.h":
+
+The MIT License (MIT)
+
+Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS
+file).
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+======================================================================
+
+The following notice applies to portions of
+"src/plugins/preauth/spake/edwards25519.c":
+
+Copyright (c) 2015-2016, Google Inc.
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all
+copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
diff --git a/krb5-1.21.3/README b/krb5-1.21.3/README
new file mode 100644
index 00000000..6d6f7f16
--- /dev/null
+++ b/krb5-1.21.3/README
@@ -0,0 +1,578 @@
+                   Kerberos Version 5, Release 1.21
+
+                            Release Notes
+                        The MIT Kerberos Team
+
+Copyright and Other Notices
+---------------------------
+
+Copyright (C) 1985-2024 by the Massachusetts Institute of Technology
+and its contributors.  All rights reserved.
+
+Please see the file named NOTICE for additional notices.
+
+Documentation
+-------------
+
+Unified documentation for Kerberos V5 is available in both HTML and
+PDF formats.  The table of contents of the HTML format documentation
+is at doc/html/index.html, and the PDF format documentation is in the
+doc/pdf directory.
+
+Additionally, you may find copies of the HTML format documentation
+online at
+
+    https://web.mit.edu/kerberos/krb5-latest/doc/
+
+for the most recent supported release, or at
+
+    https://web.mit.edu/kerberos/krb5-devel/doc/
+
+for the release under development.
+
+More information about Kerberos may be found at
+
+    https://web.mit.edu/kerberos/
+
+and at the MIT Kerberos Consortium web site
+
+    https://kerberos.org/
+
+Building and Installing Kerberos 5
+----------------------------------
+
+Build documentation is in doc/html/build/index.html or
+doc/pdf/build.pdf.
+
+The installation guide is in doc/html/admin/install.html or
+doc/pdf/install.pdf.
+
+If you are attempting to build under Windows, please see the
+src/windows/README file.
+
+Reporting Bugs
+--------------
+
+Please report any problems/bugs/comments by sending email to
+krb5-bugs@mit.edu.
+
+You may view bug reports by visiting
+
+https://krbdev.mit.edu/rt/
+
+and using the "Guest Login" button.  Please note that the web
+interface to our bug database is read-only for guests, and the primary
+way to interact with our bug database is via email.
+
+PAC transitions
+---------------
+
+Beginning with release 1.20, the KDC will include minimal PACs in
+tickets instead of AD-SIGNEDPATH authdata.  S4U requests (protocol
+transition and constrained delegation) must now contain valid PACs in
+the incoming tickets.  Beginning with release 1.21, service ticket
+PACs will contain a new KDC checksum buffer, to mitigate a hash
+collision attack against the old KDC checksum.  If only some KDCs in a
+realm have been upgraded across versions 1.20 or 1.21, the upgraded
+KDCs will reject S4U requests containing tickets from non-upgraded
+KDCs and vice versa.
+
+Triple-DES and RC4 transitions
+------------------------------
+
+Beginning with the krb5-1.21 release, the KDC will not issue tickets
+with triple-DES or RC4 session keys unless explicitly configured using
+the new allow_des3 and allow_rc4 variables in [libdefaults].  To
+facilitate the negotiation of session keys, the KDC will assume that
+all services can handle aes256-sha1 session keys unless the service
+principal has a session_enctypes string attribute.
+
+Beginning with the krb5-1.19 release, a warning will be issued if
+initial credentials are acquired using the des3-cbc-sha1 encryption
+type.  Beginning with the krb5-1.21 release, a warning will also be
+issued for the arcfour-hmac encryption type.  In future releases,
+these encryption types will be disabled by default and eventually
+removed.
+
+Beginning with the krb5-1.18 release, all support for single-DES
+encryption types has been removed.
+
+Major changes in 1.21.3 (2024-06-26)
+------------------------------------
+
+This is a bug fix release.
+
+* Fix vulnerabilities in GSS message token handling [CVE-2024-37370,
+  CVE-2024-37371].
+
+* Fix a potential bad pointer free in krb5_cccol_have_contents().
+
+* Fix a memory leak in the macOS ccache type.
+
+krb5-1.21.2 changes by ticket ID
+--------------------------------
+
+9102    Eliminate sim_client include of getopt.h
+9103    segfault trying to free a garbage pointer
+9104    Work around Doxygen 1.9.7 change
+9107    In PKINIT, check for null PKCS7 enveloped fields
+9109    memory leak on macos
+9115    Fix leak in KDC NDR encoding
+9125    Formatting error in realm_config.rst
+9128    Fix vulnerabilities in GSS message token handling
+
+Major changes in 1.21.2 (2023-08-14)
+------------------------------------
+
+This is a bug fix release.
+
+* Fix double-free in KDC TGS processing [CVE-2023-39975].
+
+krb5-1.21.2 changes by ticket ID
+--------------------------------
+
+9101    Fix double-free in KDC TGS processing
+
+Major changes in 1.21.1 (2023-07-10)
+------------------------------------
+
+This is a bug fix release.
+
+* Fix potential uninitialized pointer free in kadm5 XDR parsing
+  [CVE-2023-36054].
+
+krb5-1.21.1 changes by ticket ID
+--------------------------------
+
+9099    Ensure array count consistency in kadm5 RPC
+
+Major changes in 1.21 (2023-06-05)
+----------------------------------
+
+User experience:
+
+* Added a credential cache type providing compatibility with the macOS
+  11 native credential cache.
+
+Developer experience:
+
+* libkadm5 will use the provided krb5_context object to read
+  configuration values, instead of creating its own.
+
+* Added an interface to retrieve the ticket session key from a GSS
+  context.
+
+Protocol evolution:
+
+* The KDC will no longer issue tickets with RC4 or triple-DES session
+  keys unless explicitly configured with the new allow_rc4 or
+  allow_des3 variables respectively.
+
+* The KDC will assume that all services can handle aes256-sha1 session
+  keys unless the service principal has a session_enctypes string
+  attribute.
+
+* Support for PAC full KDC checksums has been added to mitigate an
+  S4U2Proxy privilege escalation attack.
+
+* The PKINIT client will advertise a more modern set of supported CMS
+  algorithms.
+
+Code quality:
+
+* Removed unused code in libkrb5, libkrb5support, and the PKINIT
+  module.
+
+* Modernized the KDC code for processing TGS requests, the code for
+  encrypting and decrypting key data, the PAC handling code, and the
+  GSS library packet parsing and composition code.
+
+* Improved the test framework's detection of memory errors in daemon
+  processes when used with asan.
+
+krb5-1.21 changes by ticket ID
+------------------------------
+
+9052    Support macOS 11 native credential cache
+9053    Make kprop work for dump files larger than 4GB
+9054    Replace macros with typedefs in gssrpc types.h
+9055    Use SHA-256 instead of SHA-1 for PKINIT CMS digest
+9057    Omit LDFLAGS from krb5-config --libs output
+9058    Add configure variable for default PKCS#11 module
+9059    Use context profile for libkadm5 configuration
+9066    Set reasonable supportedCMSTypes in PKINIT
+9069    Update error checking for OpenSSL CMS_verify
+9071    Add and use ts_interval() helper
+9072    Avoid small read overrun in UTF8 normalization
+9076    Use memmove() in Unicode functions
+9077    Fix aclocal.m4 syntax error for autoconf 2.72
+9078    Fix profile crash on memory exhaustion
+9079    Fix preauth crash on memory exhaustion
+9080    Fix gic_keytab crash on memory exhaustion
+9082    Fix policy DB fallback error handling
+9083    Fix kpropd crash with unrecognized option
+9084    Add PAC full checksums
+9085    Fix read overruns in SPNEGO parsing
+9086    Fix possible double-free during KDB creation
+9087    Fix meridian type in getdate.y
+9088    Use control flow guard flag in Windows builds
+9089    Add pac_privsvr_enctype string attribute
+9090    Convey realm names to certauth modules
+9091    Add GSS_C_INQ_ODBC_SESSION_KEY
+9092    Fix maintainer-mode build for binutils 2.37
+9093    Add PA-REDHAT-PASSKEY padata type
+
+Acknowledgements
+----------------
+
+Past Sponsors of the MIT Kerberos Consortium:
+
+    Apple
+    Carnegie Mellon University
+    Centrify Corporation
+    Columbia University
+    Cornell University
+    The Department of Defense of the United States of America (DoD)
+    Fidelity Investments
+    Google
+    Iowa State University
+    MIT
+    Michigan State University
+    Microsoft
+    MITRE Corporation
+    Morgan-Stanley
+    The National Aeronautics and Space Administration
+        of the United States of America (NASA)
+    Network Appliance (NetApp)
+    Nippon Telephone and Telegraph (NTT)
+    US Government Office of the National Coordinator for Health
+        Information Technology (ONC)
+    Oracle
+    Pennsylvania State University
+    Red Hat
+    Stanford University
+    TeamF1, Inc.
+    The University of Alaska
+    The University of Michigan
+    The University of Pennsylvania
+
+Past and present members of the Kerberos Team at MIT:
+
+    Danilo Almeida
+    Jeffrey Altman
+    Justin Anderson
+    Richard Basch
+    Mitch Berger
+    Jay Berkenbilt
+    Andrew Boardman
+    Bill Bryant
+    Steve Buckley
+    Joe Calzaretta
+    John Carr
+    Mark Colan
+    Don Davis
+    Sarah Day
+    Alexandra Ellwood
+    Carlos Garay
+    Dan Geer
+    Nancy Gilman
+    Matt Hancher
+    Thomas Hardjono
+    Sam Hartman
+    Paul Hill
+    Marc Horowitz
+    Eva Jacobus
+    Miroslav Jurisic
+    Barry Jaspan
+    Benjamin Kaduk
+    Geoffrey King
+    Kevin Koch
+    John Kohl
+    HaoQi Li
+    Jonathan Lin
+    Peter Litwack
+    Scott McGuire
+    Steve Miller
+    Kevin Mitchell
+    Cliff Neuman
+    Paul Park
+    Ezra Peisach
+    Chris Provenzano
+    Ken Raeburn
+    Jon Rochlis
+    Jeff Schiller
+    Jen Selby
+    Robert Silk
+    Bill Sommerfeld
+    Jennifer Steiner
+    Ralph Swick
+    Brad Thompson
+    Harry Tsai
+    Zhanna Tsitkova
+    Ted Ts'o
+    Marshall Vale
+    Taylor Yu
+
+The following external contributors have provided code, patches, bug
+reports, suggestions, and valuable resources:
+
+    Ian Abbott
+    Daniel Albers
+    Brandon Allbery
+    Russell Allbery
+    Brian Almeida
+    Michael B Allen
+    Pooja Anil
+    Jeffrey Arbuckle
+    Heinz-Ado Arnolds
+    Derek Atkins
+    Mark Bannister
+    David Bantz
+    Alex Baule
+    Nikhil Benesch
+    David Benjamin
+    Thomas Bernard
+    Adam Bernstein
+    Arlene Berry
+    Jeff Blaine
+    Toby Blake
+    Radoslav Bodo
+    Alexander Bokovoy
+    Sumit Bose
+    Emmanuel Bouillon
+    Isaac Boukris
+    Ulf Bremer
+    Pavel Březina
+    Philip Brown
+    Samuel Cabrero
+    Michael Calmer
+    Andrea Campi
+    Julien Chaffraix
+    Jacob Champion
+    Puran Chand
+    Ravi Channavajhala
+    Srinivas Cheruku
+    Leonardo Chiquitto
+    Rachit Chokshi
+    Seemant Choudhary
+    Howard Chu
+    Andrea Cirulli
+    Christopher D. Clausen
+    Kevin Coffman
+    Simon Cooper
+    Sylvain Cortes
+    Ian Crowther
+    Arran Cudbard-Bell
+    Adam Dabrowski
+    Jeff D'Angelo
+    Nalin Dahyabhai
+    Mark Davies
+    Dennis Davis
+    Alex Dehnert
+    Misty De Meo
+    Mark Deneen
+    Günther Deschner
+    John Devitofranceschi
+    Marc Dionne
+    Roland Dowdeswell
+    Ken Dreyer
+    Dorian Ducournau
+    Viktor Dukhovni
+    Jason Edgecombe
+    Mark Eichin
+    Shawn M. Emery
+    Douglas E. Engert
+    Peter Eriksson
+    Juha Erkkilä
+    Gilles Espinasse
+    Sergey Fedorov
+    Ronni Feldt
+    Bill Fellows
+    JC Ferguson
+    Remi Ferrand
+    Paul Fertser
+    Fabiano Fidêncio
+    Frank Filz
+    William Fiveash
+    Jacques Florent
+    Oliver Freyermuth
+    �kos Frohner
+    Sebastian Galiano
+    Marcus Granado
+    Dylan Gray
+    Norm Green
+    Scott Grizzard
+    Helmut Grohne
+    Steve Grubb
+    Philip Guenther
+    Timo Gurr
+    Dominic Hargreaves
+    Robbie Harwood
+    John Hascall
+    Jakob Haufe
+    Matthieu Hautreux
+    Jochen Hein
+    Paul B. Henson
+    Kihong Heo
+    Jeff Hodges
+    Christopher Hogan
+    Love Hörnquist Åstrand
+    Ken Hornstein
+    Henry B. Hotz
+    Luke Howard
+    Jakub Hrozek
+    Shumon Huque
+    Jeffrey Hutzelman
+    Sergey Ilinykh
+    Wyllys Ingersoll
+    Holger Isenberg
+    Spencer Jackson
+    Diogenes S. Jesus
+    Mike Jetzer
+    Pavel Jindra
+    Brian Johannesmeyer
+    Joel Johnson
+    Lutz Justen
+    Ganesh Kamath
+    Alexander Karaivanov
+    Anders Kaseorg
+    Bar Katz
+    Zentaro Kavanagh
+    Mubashir Kazia
+    W. Trevor King
+    Patrik Kis
+    Martin Kittel
+    Thomas Klausner
+    Tomasz KÅ‚oczko
+    Matthew Krupcale
+    Mikkel Kruse
+    Reinhard Kugler
+    Harshawardhan Kulkarni
+    Tomas Kuthan
+    Pierre Labastie
+    Andreas Ladanyi
+    Chris Leick
+    Volker Lendecke
+    Jan iankko Lieskovsky
+    Todd Lipcon
+    Oliver Loch
+    Chris Long
+    Kevin Longfellow
+    Frank Lonigro
+    Jon Looney
+    Nuno Lopes
+    Todd Lubin
+    Ryan Lynch
+    Glenn Machin
+    Roland Mainz
+    Sorin Manolache
+    Robert Marshall
+    Andrei Maslennikov
+    Michael Mattioli
+    Nathaniel McCallum
+    Greg McClement
+    Cameron Meadors
+    Vipul Mehta
+    Alexey Melnikov
+    Ivan A. Melnikov
+    Franklyn Mendez
+    Mantas MikulÄ—nas
+    Markus Moeller
+    Kyle Moffett
+    Jon Moore
+    Paul Moore
+    Keiichi Mori
+    Michael Morony
+    Robert Morris
+    Sam Morris
+    Zbysek Mraz
+    Edward Murrell
+    Joshua Neuheisel
+    Nikos Nikoleris
+    Demi Obenour
+    Felipe Ortega
+    Michael Osipov
+    Andrej Ota
+    Dmitri Pal
+    Javier Palacios
+    Dilyan Palauzov
+    Tom Parker
+    Eric Pauly
+    Leonard Peirce
+    Ezra Peisach
+    Alejandro Perez
+    Zoran Pericic
+    W. Michael Petullo
+    Mark Phalan
+    Sharwan Ram
+    Brett Randall
+    Jonathan Reams
+    Jonathan Reed
+    Robert Relyea
+    Tony Reix
+    Martin Rex
+    Pat Riehecky
+    Julien Rische
+    Jason Rogers
+    Matt Rogers
+    Nate Rosenblum
+    Solly Ross
+    Mike Roszkowski
+    Guillaume Rousse
+    Joshua Schaeffer
+    Alexander Scheel
+    Jens Schleusener
+    Ryan Schmidt
+    Andreas Schneider
+    Paul Seyfert
+    Tom Shaw
+    Jim Shi
+    Jerry Shipman
+    Peter Shoults
+    Richard Silverman
+    Cel Skeggs
+    Simo Sorce
+    Anthony Sottile
+    Michael Spang
+    Michael Ströder
+    Bjørn Tore Sund
+    Ondřej Surý
+    Joseph Sutton
+    Joe Travaglini
+    Sergei Trofimovich
+    Greg Troxel
+    Fraser Tweedale
+    Tim Uglow
+    Rathor Vipin
+    Denis Vlasenko
+    Thomas Wagner
+    Jorgen Wahlsten
+    Stef Walter
+    Max (Weijun) Wang
+    John Washington
+    Stef Walter
+    Xi Wang
+    Nehal J Wani
+    Kevin Wasserman
+    Margaret Wasserman
+    Marcus Watts
+    Andreas Wiese
+    Simon Wilkinson
+    Nicolas Williams
+    Ross Wilper
+    Augustin Wolf
+    Garrett Wollman
+    David Woodhouse
+    Tsu-Phong Wu
+    Xu Qiang
+    Neng Xue
+    Zhaomo Yang
+    Tianjiao Yin
+    Nickolai Zeldovich
+    Bean Zhang
+    ChenChen Zhou
+    Hanz van Zijst
+    Gertjan Zwartjes
+
+The above is not an exhaustive list; many others have contributed in
+various ways to the MIT Kerberos development effort over the years.
diff --git a/krb5-1.21.3/src/Makefile.in b/krb5-1.21.3/src/Makefile.in
new file mode 100644
index 00000000..8f14e9bf
--- /dev/null
+++ b/krb5-1.21.3/src/Makefile.in
@@ -0,0 +1,693 @@
+datadir=@datadir@
+
+mydir=.
+# Don't build sample by default, and definitely don't install them
+# for production use:
+#	plugins/locate/python
+#	plugins/preauth/wpse
+#	plugins/preauth/cksum_body
+SUBDIRS=util include lib \
+	@sam2_plugin@ \
+	plugins/audit \
+	plugins/audit/test \
+	@audit_plugin@ \
+	plugins/kadm5_hook/test \
+	plugins/kadm5_auth/test \
+	plugins/gssapi/negoextest \
+	plugins/hostrealm/test \
+	plugins/localauth/test \
+	plugins/pwqual/test \
+	plugins/authdata/greet_server \
+	plugins/authdata/greet_client \
+	plugins/certauth/test \
+	plugins/kdb/db2 \
+	@ldap_plugin_dir@ \
+	@lmdb_plugin_dir@ \
+	plugins/kdb/test \
+	plugins/kdcpolicy/test \
+	plugins/preauth/otp \
+	plugins/preauth/pkinit \
+	plugins/preauth/spake \
+	plugins/preauth/test \
+	plugins/tls/k5tls \
+	kdc kadmin kprop clients appl tests \
+	config-files build-tools man doc @po@
+WINSUBDIRS=include util lib ccapi windows clients appl plugins\preauth\spake
+BUILDTOP=$(REL).
+
+SRCS =  
+HDRS = 
+
+# Why aren't these flags showing up in Windows builds?
+##DOS##CPPFLAGS=$(CPPFLAGS) -D_X86_=1  -DWIN32 -D_WIN32 -W3 -D_WINNT
+
+# Lots of things will start to depend on the thread support, which
+# needs autoconf.h, but building "all" in include requires that util/et
+# have been built first.  Until we can untangle this, let's just check
+# that autoconf.h is up to date before going into any of the subdirectories.
+all-prerecurse generate-files-mac-prerecurse: update-autoconf-h
+update-autoconf-h:
+	(cd include && $(MAKE) autoconf.h osconf.h)
+
+##DOS##!if 0
+# This makefile doesn't use lib.in, but we still need shlib.conf here.
+config.status: $(top_srcdir)/config/shlib.conf
+##DOS##!endif
+
+all-windows: maybe-awk Makefile-windows
+
+world:
+	date
+	make $(MFLAGS) all
+	date
+
+INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \
+		$(ADMIN_BINDIR) $(SERVER_BINDIR) $(CLIENT_BINDIR) \
+		$(ADMIN_MANDIR) $(SERVER_MANDIR) $(CLIENT_MANDIR) \
+		$(FILE_MANDIR) $(OVERVIEW_MANDIR) \
+		$(ADMIN_CATDIR) $(SERVER_CATDIR) $(CLIENT_CATDIR) \
+		$(FILE_CATDIR) $(OVERVIEW_CATDIR) \
+		$(KRB5_LIBDIR) $(KRB5_INCDIR) \
+		$(KRB5_DB_MODULE_DIR) $(KRB5_PA_MODULE_DIR) \
+		$(KRB5_AD_MODULE_DIR) \
+		$(KRB5_LIBKRB5_MODULE_DIR) $(KRB5_TLS_MODULE_DIR) \
+		$(localstatedir) $(localstatedir)/krb5kdc \
+		$(runstatedir) $(runstatedir)/krb5kdc \
+		$(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \
+		$(PKGCONFIG_DIR)
+
+install-strip:
+	$(MAKE) install INSTALL_STRIP=-s
+
+install-recurse: install-mkdirs
+
+install-mkdirs:
+	@for i in $(INSTALLMKDIRS); do \
+		$(srcdir)/config/mkinstalldirs $(DESTDIR)$$i; \
+	done
+
+install-headers-mkdirs:
+	$(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)
+	$(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssapi
+	$(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssrpc
+install-headers-prerecurse: install-headers-mkdirs
+
+clean-:: clean-windows
+clean-unix::
+	$(RM) *.o core skiptests
+
+# Microsoft Windows build process...
+#
+
+config-windows: Makefile-windows
+#	@echo Making in include
+#	cd include
+#	$(MAKE) -$(MFLAGS)
+#	cd ..
+
+#
+# We need outpre-dir explicitly in here because we may
+# try to build wconfig on a config-windows.
+#
+##DOS##$(WCONFIG_EXE): outpre-dir wconfig.c
+##DOS##	$(CC) -Fe$@ -Fo$*.obj wconfig.c $(CCLINKOPTION)
+##DOS## $(_VC_MANIFEST_EMBED_EXE)
+
+##DOS##MKFDEP=$(WCONFIG_EXE) config\win-pre.in config\win-post.in
+
+WINMAKEFILES=Makefile \
+	appl\Makefile appl\gss-sample\Makefile \
+	ccapi\Makefile \
+	ccapi\lib\win\Makefile \
+	ccapi\server\win\Makefile \
+	ccapi\test\Makefile \
+	clients\Makefile clients\kdestroy\Makefile \
+	clients\kinit\Makefile clients\klist\Makefile \
+	clients\kpasswd\Makefile clients\kvno\Makefile \
+	clients\kcpytkt\Makefile clients\kdeltkt\Makefile \
+	clients\kswitch\Makefile \
+	include\Makefile \
+	lib\Makefile lib\crypto\Makefile lib\crypto\krb\Makefile \
+	lib\crypto\builtin\Makefile lib\crypto\builtin\aes\Makefile \
+	lib\crypto\builtin\enc_provider\Makefile \
+	lib\crypto\builtin\des\Makefile lib\crypto\builtin\md5\Makefile \
+	lib\crypto\builtin\camellia\Makefile lib\crypto\builtin\md4\Makefile \
+	lib\crypto\builtin\hash_provider\Makefile \
+	lib\crypto\builtin\sha2\Makefile lib\crypto\builtin\sha1\Makefile \
+	lib\crypto\crypto_tests\Makefile \
+	lib\gssapi\Makefile lib\gssapi\generic\Makefile \
+	lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \
+	lib\gssapi\spnego\Makefile \
+	lib\krb5\Makefile \
+	lib\krb5\asn.1\Makefile lib\krb5\ccache\Makefile \
+	lib\krb5\ccache\ccapi\Makefile \
+	lib\krb5\error_tables\Makefile \
+	lib\krb5\keytab\Makefile \
+	lib\krb5\krb\Makefile \
+	lib\krb5\os\Makefile lib\krb5\posix\Makefile \
+	lib\krb5\rcache\Makefile \
+	lib\krb5\unicode\Makefile \
+	util\Makefile \
+	util\et\Makefile util\profile\Makefile util\profile\testmod\Makefile \
+	util\support\Makefile \
+	util\windows\Makefile \
+	windows\Makefile windows\lib\Makefile windows\ms2mit\Makefile \
+	windows\kfwlogon\Makefile windows\leashdll\Makefile \
+	windows\leash\Makefile windows\leash\htmlhelp\Makefile \
+	plugins\preauth\spake\Makefile
+
+##DOS##Makefile-windows: $(MKFDEP) $(WINMAKEFILES)
+
+##DOS##Makefile: Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##appl\Makefile: appl\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##appl\gss-sample\Makefile: appl\gss-sample\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##ccapi\Makefile: ccapi\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##ccapi\lib\win\Makefile: ccapi\lib\win\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##ccapi\server\win\Makefile: ccapi\server\win\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##ccapi\test\Makefile: ccapi\test\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\Makefile: clients\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kdestroy\Makefile: clients\kdestroy\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kinit\Makefile: clients\kinit\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\klist\Makefile: clients\klist\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kpasswd\Makefile: clients\kpasswd\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kswitch\Makefile: clients\kswitch\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kvno\Makefile: clients\kvno\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kcpytkt\Makefile: clients\kcpytkt\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##clients\kdeltkt\Makefile: clients\kdeltkt\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##include\Makefile: include\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\Makefile: lib\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\Makefile: lib\crypto\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\krb\Makefile: lib\crypto\krb\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\aes\Makefile: lib\crypto\builtin\aes\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\enc_provider\Makefile: lib\crypto\builtin\enc_provider\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\des\Makefile: lib\crypto\builtin\des\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\md5\Makefile: lib\crypto\builtin\md5\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\camellia\Makefile: lib\crypto\builtin\camellia\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\md4\Makefile: lib\crypto\builtin\md4\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\hash_provider\Makefile: lib\crypto\builtin\hash_provider\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\sha2\Makefile: lib\crypto\builtin\sha2\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\sha1\Makefile: lib\crypto\builtin\sha1\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\builtin\Makefile: lib\crypto\builtin\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\crypto\crypto_tests\Makefile: lib\crypto\crypto_tests\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\gssapi\Makefile: lib\gssapi\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\gssapi\generic\Makefile: lib\gssapi\generic\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\gssapi\mechglue\Makefile: lib\gssapi\mechglue\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\gssapi\spnego\Makefile: lib\gssapi\spnego\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\asn.1\Makefile: lib\krb5\asn.1\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\ccache\Makefile: lib\krb5\ccache\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\ccache\ccapi\Makefile: lib\krb5\ccache\ccapi\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\error_tables\Makefile: lib\krb5\error_tables\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\keytab\Makefile: $$@.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\krb\Makefile: lib\krb5\krb\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\os\Makefile: lib\krb5\os\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\posix\Makefile: lib\krb5\posix\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\rcache\Makefile: lib\krb5\rcache\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##lib\krb5\unicode\Makefile: lib\krb5\unicode\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##util\Makefile: util\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##util\et\Makefile: util\et\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##util\profile\Makefile: util\profile\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##util\profile\testmod\Makefile: util\profile\testmod\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##util\support\Makefile: util\support\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##util\windows\Makefile: util\windows\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\Makefile: windows\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\lib\Makefile: windows\lib\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\ms2mit\Makefile: windows\ms2mit\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\kfwlogon\Makefile: windows\kfwlogon\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\leashdll\Makefile: windows\leashdll\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\leash\Makefile: windows\leash\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##windows\leash\htmlhelp\Makefile: windows\leash\htmlhelp\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+##DOS##plugins\preauth\spake\Makefile: plugins\preauth\spake\Makefile.in $(MKFDEP)
+##DOS##	$(WCONFIG) config < $@.in > $@
+
+clean-windows:: Makefile-windows
+
+#
+# Renames DOS 8.3 filenames back to their proper, longer names.
+#
+ren2long:
+	-sh config/ren2long
+
+#
+# Helper for the windows build
+#
+TOPLEVEL=dummy
+
+#
+# Building error tables requires awk.
+#
+AWK = awk
+AH  = util/et/et_h.awk
+AC  = util/et/et_c.awk
+INC = include/
+ET  = lib/krb5/error_tables/
+GG  = lib/gssapi/generic/
+GK  = lib/gssapi/krb5/
+PR  = util/profile/
+CE  = util/et/
+CCL = ccapi/lib/
+
+ETOUT =	\
+	$(INC)asn1_err.h $(ET)asn1_err.c \
+	$(INC)kdb5_err.h $(ET)kdb5_err.c \
+	$(INC)krb5_err.h $(ET)krb5_err.c \
+	$(INC)k5e1_err.h $(ET)k5e1_err.c \
+	$(INC)kv5m_err.h $(ET)kv5m_err.c \
+	$(INC)krb524_err.h $(ET)krb524_err.c \
+	$(PR)prof_err.h $(PR)prof_err.c \
+	$(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \
+	$(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \
+	$(CCL)ccapi_err.h $(CCL)ccapi_err.c
+
+HOUT =	$(INC)krb5/krb5.h $(GG)gssapi.h $(PR)profile.h
+
+CLEANUP= Makefile $(ETOUT) $(HOUT) \
+	include/profile.h include/osconf.h
+
+
+dos-Makefile:
+	cat config/win-pre.in Makefile.in config/win-post.in | \
+		sed -e "s/^##DOS##//" -e "s/^##DOS//" > Makefile.tmp
+	mv Makefile.tmp Makefile
+
+prep-windows: dos-Makefile awk-windows-mac
+
+
+$(INC)asn1_err.h: $(AH) $(ET)asn1_err.et
+	$(AWK) -f $(AH) outfile=$@ $(ET)asn1_err.et
+$(INC)kdb5_err.h: $(AH) $(ET)kdb5_err.et
+	$(AWK) -f $(AH) outfile=$@ $(ET)kdb5_err.et
+$(INC)krb5_err.h: $(AH) $(ET)krb5_err.et
+	$(AWK) -f $(AH) outfile=$@ $(ET)krb5_err.et
+$(INC)k5e1_err.h: $(AH) $(ET)k5e1_err.et
+	$(AWK) -f $(AH) outfile=$@ $(ET)k5e1_err.et
+$(INC)kv5m_err.h: $(AH) $(ET)kv5m_err.et
+	$(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et
+$(INC)krb524_err.h: $(AH) $(ET)krb524_err.et
+	$(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et
+$(PR)prof_err.h: $(AH) $(PR)prof_err.et
+	$(AWK) -f $(AH) outfile=$@ $(PR)prof_err.et
+$(GG)gssapi_err_generic.h: $(AH) $(GG)gssapi_err_generic.et
+	$(AWK) -f $(AH) outfile=$@ $(GG)gssapi_err_generic.et
+$(GK)gssapi_err_krb5.h: $(AH) $(GK)gssapi_err_krb5.et
+	$(AWK) -f $(AH) outfile=$@ $(GK)gssapi_err_krb5.et
+$(CCL)ccapi_err.h: $(AH) $(CCL)ccapi_err.et
+	$(AWK) -f $(AH) outfile=$@ $(CCL)ccapi_err.et
+$(CE)test1.h: $(AH) $(CE)test1.et
+	$(AWK) -f $(AH) outfile=$@ $(CE)test1.et
+$(CE)test2.h: $(AH) $(CE)test2.et
+	$(AWK) -f $(AH) outfile=$@ $(CE)test2.et
+
+$(ET)asn1_err.c: $(AC) $(ET)asn1_err.et
+	$(AWK) -f $(AC) outfile=$@ $(ET)asn1_err.et
+$(ET)kdb5_err.c: $(AC) $(ET)kdb5_err.et
+	$(AWK) -f $(AC) outfile=$@ $(ET)kdb5_err.et
+$(ET)krb5_err.c: $(AC) $(ET)krb5_err.et
+	$(AWK) -f $(AC) outfile=$@ $(ET)krb5_err.et
+$(ET)k5e1_err.c: $(AC) $(ET)k5e1_err.et
+	$(AWK) -f $(AC) outfile=$@ $(ET)k5e1_err.et
+$(ET)kv5m_err.c: $(AC) $(ET)kv5m_err.et
+	$(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et
+$(ET)krb524_err.c: $(AC) $(ET)krb524_err.et
+	$(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et
+$(PR)prof_err.c: $(AC) $(PR)prof_err.et
+	$(AWK) -f $(AC) outfile=$@ $(PR)prof_err.et
+$(GG)gssapi_err_generic.c: $(AC) $(GG)gssapi_err_generic.et
+	$(AWK) -f $(AC) outfile=$@ $(GG)gssapi_err_generic.et
+$(GK)gssapi_err_krb5.c: $(AC) $(GK)gssapi_err_krb5.et
+	$(AWK) -f $(AC) outfile=$@ $(GK)gssapi_err_krb5.et
+$(CCL)ccapi_err.c: $(AC) $(CCL)ccapi_err.et
+	$(AWK) -f $(AC) outfile=$@ $(CCL)ccapi_err.et
+$(CE)test1.c: $(AC) $(CE)test1.et
+	$(AWK) -f $(AC) outfile=$@ $(CE)test1.et
+$(CE)test2.c: $(AC) $(CE)test2.et
+	$(AWK) -f $(AC) outfile=$@ $(CE)test2.et
+
+KRBHDEP = $(INC)krb5/krb5.hin $(INC)krb5_err.h $(INC)k5e1_err.h \
+	$(INC)kdb5_err.h $(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h
+
+$(INC)krb5/krb5.h: $(KRBHDEP)
+	rm -f $@
+	cat $(KRBHDEP) > $@
+$(PR)profile.h: $(PR)profile.hin $(PR)prof_err.h
+	rm -f $@
+	cat $(PR)profile.hin $(PR)prof_err.h > $@
+$(GG)gssapi.h: $(GG)gssapi.hin
+	rm -f $@
+	cat $(GG)gssapi.hin > $@
+
+awk-windows-mac: $(ETOUT) $(HOUT)
+
+#
+# The maybe-awk target needs to happen after AWK is defined.
+#
+
+##DOS##maybe-awk:
+##DOS##!ifdef WHICH_CMD
+##DOS##!if ![ $(WHICH_CMD) $(AWK) ]
+##DOS##maybe-awk: awk-windows-mac
+##DOS##!endif
+##DOS##!endif
+
+clean-windows-mac:
+	rm -f $(CLEANUP)
+
+distclean-windows:
+	config\rm.bat $(CLEANUP:^/=^\)
+	config\rm.bat $(WINMAKEFILES)
+	config\rm.bat $(KBINDIR)\*.dll $(KBINDIR)\*.exe
+	@if exist $(KBINDIR)\nul rmdir $(KBINDIR)
+
+# Avoid using $(CP) here because the nul+ hack breaks implicit
+# destination filenames.
+install-windows:
+	@if "$(KRB_INSTALL_DIR)"=="" @echo KRB_INSTALL_DIR is not defined!  Please define it.
+	@if "$(KRB_INSTALL_DIR)"=="" @dir /b \nul\nul
+	@if not exist "$(KRB_INSTALL_DIR)\$(NULL)" @echo The directory $(KRB_INSTALL_DIR) does not exist.  Please create it.
+	@if not exist "$(KRB_INSTALL_DIR)\$(NULL)" @dir /b $(KRB_INSTALL_DIR)\nul
+	@if not exist "$(KRB_INSTALL_DIR)\include\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\include"
+	@if not exist "$(KRB_INSTALL_DIR)\include\krb5\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\include\krb5"
+	@if not exist "$(KRB_INSTALL_DIR)\include\gssapi\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\include\gssapi"
+	@if not exist "$(KRB_INSTALL_DIR)\lib\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\lib"
+	@if not exist "$(KRB_INSTALL_DIR)\bin\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\bin"
+	@if not exist "$(KRB_INSTALL_DIR)\bin\plugins\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\bin\plugins"
+	@if not exist "$(KRB_INSTALL_DIR)\bin\plugins\preauth\$(NULL)" @mkdir "$(KRB_INSTALL_DIR)\bin\plugins\preauth"
+	copy include\krb5.h "$(KRB_INSTALL_DIR)\include\."
+	copy include\krb5\krb5.h "$(KRB_INSTALL_DIR)\include\krb5\."
+	copy include\win-mac.h "$(KRB_INSTALL_DIR)\include\."
+	copy include\profile.h "$(KRB_INSTALL_DIR)\include\."
+	copy include\com_err.h "$(KRB_INSTALL_DIR)\include\."
+	copy include\gssapi\gssapi.h "$(KRB_INSTALL_DIR)\include\gssapi\."
+	copy include\gssapi\gssapi_alloc.h "$(KRB_INSTALL_DIR)\include\gssapi\."
+	copy include\gssapi\gssapi_krb5.h "$(KRB_INSTALL_DIR)\include\gssapi\."
+	copy include\gssapi\gssapi_ext.h "$(KRB_INSTALL_DIR)\include\gssapi\."
+	copy lib\$(OUTPRE)*.lib "$(KRB_INSTALL_DIR)\lib\."
+	copy lib\$(OUTPRE)*.dll "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) lib\$(OUTPRE)*.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy appl\gss-sample\$(OUTPRE)gss-server.exe "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) appl\gss-sample\$(OUTPRE)gss-server.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy appl\gss-sample\$(OUTPRE)gss-client.exe "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) appl\gss-sample\$(OUTPRE)gss-client.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy windows\ms2mit\$(OUTPRE)*.exe "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) windows\ms2mit\$(OUTPRE)*.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy windows\leashdll\$(OUTPRE)*.lib "$(KRB_INSTALL_DIR)\lib\."
+	copy windows\leashdll\$(OUTPRE)*.dll "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) windows\leashdll\$(OUTPRE)*.pdb "$(KRB_INSTALL_DIR)\bin\."
+##DOS##!ifndef NO_LEASH
+	copy windows\leash\$(OUTPRE)*.exe "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) windows\leash\$(OUTPRE)*.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy windows\leash\$(OUTPRE)*.chm "$(KRB_INSTALL_DIR)\bin\."
+	copy windows\leash\htmlhelp\*.chm "$(KRB_INSTALL_DIR)\bin\."
+##DOS##!endif
+	copy windows\kfwlogon\$(OUTPRE)*.lib "$(KRB_INSTALL_DIR)\lib\."
+	copy windows\kfwlogon\$(OUTPRE)*.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy windows\kfwlogon\$(OUTPRE)*.dll "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) windows\kfwlogon\$(OUTPRE)*.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy ccapi\lib\win\srctmp\$(OUTPRE)$(CCLIB).dll "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) ccapi\lib\win\srctmp\$(OUTPRE)$(CCLIB).pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy ccapi\lib\win\srctmp\$(CCLIB).lib "$(KRB_INSTALL_DIR)\lib\."
+	copy ccapi\server\win\srctmp\$(OUTPRE)ccapiserver.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kvno\$(OUTPRE)kvno.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\klist\$(OUTPRE)klist.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kinit\$(OUTPRE)kinit.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kdestroy\$(OUTPRE)kdestroy.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\."
+	copy clients\kswitch\$(OUTPRE)kswitch.exe "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) ccapi\server\win\srctmp\$(OUTPRE)ccapiserver.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kvno\$(OUTPRE)kvno.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\klist\$(OUTPRE)klist.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kinit\$(OUTPRE)kinit.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kdestroy\$(OUTPRE)kdestroy.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kcpytkt\$(OUTPRE)kcpytkt.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kdeltkt\$(OUTPRE)kdeltkt.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kpasswd\$(OUTPRE)kpasswd.pdb "$(KRB_INSTALL_DIR)\bin\."
+	$(INSTALLDBGSYMS) clients\kswitch\$(OUTPRE)kswitch.pdb "$(KRB_INSTALL_DIR)\bin\."
+	copy plugins\preauth\spake\$(OUTPRE)$(SPAKELIB).dll "$(KRB_INSTALL_DIR)\bin\plugins\preauth\."
+	$(INSTALLDBGSYMS) plugins\preauth\spake\$(OUTPRE)$(SPAKELIB).pdb "$(KRB_INSTALL_DIR)\bin\plugins\preauth\."
+
+check-prerecurse: runenv.py
+	$(RM) $(SKIPTESTS)
+	touch $(SKIPTESTS)
+
+check-unix: check-lmdb-$(HAVE_LMDB)
+	cat $(SKIPTESTS)
+
+MINPYTHON = @PYTHON_MINVERSION@
+check-pytests-no: check-postrecurse
+	@echo 'Skipped python test scripts: python $(MINPYTHON) required' >> \
+		$(SKIPTESTS)
+
+check-cmocka-no: check-postrecurse
+	@echo 'Skipped cmocka tests: cmocka library or header not found' >> \
+		$(SKIPTESTS)
+
+check-lmdb-yes:
+check-lmdb-no:
+	@echo 'Skipped LMDB tests: LMDB KDB module not built' >> $(SKIPTESTS)
+
+# Create a test realm and spawn a shell in an environment pointing to it.
+# If CROSSNUM is set, create that many fully connected test realms and
+# point the shell at the first one.
+testrealm: runenv.py
+	PYTHONPATH=$(top_srcdir)/util $(PYTHON) $(srcdir)/util/testrealm.py \
+		$(CROSSNUM)
+
+# environment variable settings to propagate to Python-based tests
+
+pyrunenv.vals: Makefile
+	$(RUN_SETUP); \
+	for i in $(RUN_VARS); do \
+		eval echo 'env['\\\'$$i\\\''] = '\\\'\$$$$i\\\'; \
+	done > $@
+	echo "tls_impl = '$(TLS_IMPL)'" >> $@
+	echo "have_sasl = '$(HAVE_SASL)'" >> $@
+	echo "have_spake_openssl = '$(HAVE_SPAKE_OPENSSL)'" >> $@
+	echo "have_lmdb = '$(HAVE_LMDB)'" >> $@
+	echo "sizeof_time_t = $(SIZEOF_TIME_T)" >> $@
+
+runenv.py: pyrunenv.vals
+	echo 'env = {}' > $@
+	cat pyrunenv.vals >> $@
+
+clean-unix::
+	$(RM) runenv.py runenv.pyc pyrunenv.vals
+	$(RM) -r __pycache__
+
+COV_BUILD=	cov-build
+COV_ANALYZE=	cov-analyze
+COV_COMMIT=	cov-commit-defects --product "$(COV_PRODUCT)" --user "$(COV_USER)" --target "$(COV_TARGET)" --description "$(COV_DESC)"
+COV_MAKE_LIB=	cov-make-library
+
+COV_PRODUCT=	krb5
+COV_USER=	admin
+COV_DATADIR=
+COV_TARGET=	$(host)
+COV_DESC=
+
+# Set to, e.g., "--all" or "--security".
+COV_ANALYSES=
+# Temporary directory, might as well put it in the build tree.
+COV_TEMPDIR=	cov-temp
+# Sources modeling some functions or macros confusing Prevent.
+COV_MODELS=\
+	$(top_srcdir)/util/coverity-models/threads.c
+
+# Depend on Makefiles to ensure that (in maintainer mode) the configure
+# scripts won't get rerun under cov-build.
+coverity prevent cov: Makefiles
+	$(COV_BUILD) --dir $(COV_TEMPDIR) $(MAKE) all
+	$(COV_ANALYZE) $(COV_ANALYSES) --dir $(COV_TEMPDIR)
+	if test "$(COV_DATADIR)" != ""; then \
+		$(COV_COMMIT) --dir $(COV_TEMPDIR) --datadir $(COV_DATADIR); \
+	else \
+		echo "** Coverity Prevent analysis results not commit to Defect Manager"; \
+	fi
+
+FIND = find
+XARGS = xargs
+EMACS = emacs
+
+INDENTDIRS = \
+	appl \
+	clients \
+	include \
+	kadmin \
+	kdc \
+	lib/apputils \
+	lib/crypto \
+	lib/gssapi \
+	lib/kadm5 \
+	lib/kdb \
+	lib/krb5 \
+	plugins \
+	prototype \
+	kprop \
+	tests \
+	util
+
+BSDFILES = \
+	kadmin/server/ipropd_svc.c \
+	kadmin/server/kadm_rpc_svc.c \
+	lib/apputils/daemon.c \
+	lib/kadm5/admin_xdr.h \
+	lib/kadm5/clnt/client_rpc.c \
+	lib/kadm5/kadm_rpc.h \
+	lib/kadm5/kadm_rpc_xdr.c \
+	lib/kadm5/srv/adb_xdr.c \
+	lib/krb5/krb/strptime.c \
+	kprop/kpropd_rpc.c \
+	util/support/getopt.c \
+	util/support/getopt_long.c \
+	util/support/mkstemp.c \
+	util/support/strlcpy.c
+
+OTHEREXCLUDES = \
+	include/iprop.h \
+	include/k5-platform.h \
+	include/gssrpc \
+	lib/apputils/dummy.c \
+	lib/crypto/crypto_tests/camellia-test.c \
+	lib/crypto/builtin/aes \
+	lib/crypto/builtin/camellia \
+	lib/crypto/builtin/sha2 \
+	lib/gssapi/generic/gssapiP_generic.h \
+	lib/gssapi/generic/gssapi_ext.h \
+	lib/gssapi/krb5/gssapiP_krb5.h \
+	lib/gssapi/mechglue \
+	lib/gssapi/spnego \
+	lib/krb5/krb/deltat.c \
+	lib/krb5/unicode \
+	plugins/kdb/db2/libdb2 \
+	plugins/kdb/db2/pol_xdr.c \
+	plugins/preauth/pkinit/pkcs11.h \
+	plugins/preauth/pkinit/pkinit_accessor.h \
+	plugins/preauth/pkinit/pkinit_crypto.h \
+	plugins/preauth/pkinit/pkinit.h \
+	plugins/preauth/pkinit/pkinit_crypto_openssl.h \
+	tests/asn.1/ktest.h \
+	tests/asn.1/ktest_equal.h \
+	tests/asn.1/utility.h \
+	tests/gss-threads/gss-misc.c \
+	tests/gss-threads/gss-misc.h \
+	tests/hammer/kdc5_hammer.c \
+	util/et/com_err.h \
+	util/profile/prof_int.h \
+	util/profile/profile.hin \
+	util/support/fnmatch.c \
+	util/verto \
+	util/k5ev
+
+EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null
+
+FIND_REINDENT = cd $(top_srcdir) && \
+	$(FIND) $(INDENTDIRS) \( $(EXCLUDES) \) -prune -o \
+	\( -name '*.[ch]' -o -name '*.hin' -o -name '*.[ch].in' \)
+
+show-reindentfiles:
+	($(FIND_REINDENT) -print)
+
+reindent:
+	($(FIND_REINDENT) \
+	-print0 | $(XARGS) -0 $(EMACS) -q -batch \
+	-l util/krb5-c-style.el \
+	-l util/krb5-batch-reindent.el)
+
+mark-cstyle: mark-cstyle-krb5 mark-cstyle-bsd
+
+mark-cstyle-krb5:
+	(cd $(top_srcdir) && \
+	$(FIND) $(INDENTDIRS) \( $(EXCLUDES) \) -prune -o \
+	-name '*.[ch]' \
+	-print0 | $(XARGS) -0 $(PYTHON) util/krb5-mark-cstyle.py \
+	--cstyle=krb5)
+
+mark-cstyle-bsd:
+	(cd $(top_srcdir) && $(FIND) $(BSDFILES) -print0 | $(XARGS) -0 \
+	$(PYTHON) util/krb5-mark-cstyle.py --cstyle=bsd)
+
+check-copyright:
+	(cd $(top_srcdir) && \
+	$(FIND) . \( -name '*.[ch]' -o -name '*.hin' \) -print0 | \
+	$(XARGS) -0 $(PYTHON) util/krb5-check-copyright.py)
+
+tags: FORCE
+	(cd $(top_srcdir) && \
+	$(FIND) . \( -name '*.[ch]' -o -name '*.hin' \) -print | \
+	etags --lang=c - && \
+	$(FIND) . -name '*.cpp' -print | etags --lang=c++ --append - && \
+	$(FIND) . -name '*.y' -print | etags --lang=yacc --append -)
+FORCE:
+.PHONY: FORCE tags
+
+# Update versioned automatically-generated files.
+regen:
+	$(MAKE) depend
+	(cd man && $(MAKE) man)
+	(cd po && $(MAKE) update-po)
+	(cd lib/krb5/krb && $(RM) deltat.c && $(MAKE) deltat.c)
+
+distclean-unix:
+	$(RM) $(top_srcdir)/TAGS
diff --git a/krb5-1.21.3/src/aclocal.m4 b/krb5-1.21.3/src/aclocal.m4
new file mode 100644
index 00000000..3d66a876
--- /dev/null
+++ b/krb5-1.21.3/src/aclocal.m4
@@ -0,0 +1,1460 @@
+AC_PREREQ(2.63)
+AC_COPYRIGHT([Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009
+Massachusetts Institute of Technology.
+])
+dnl
+define([K5_TOPDIR],[.])dnl
+dnl
+AC_DEFUN(V5_SET_TOPDIR,[dnl
+ac_reltopdir="K5_TOPDIR"
+if test ! -r "$srcdir/K5_TOPDIR/aclocal.m4"; then
+  AC_MSG_ERROR([Configure could not determine the relative topdir])
+fi
+ac_topdir=$srcdir/$ac_reltopdir
+ac_config_fragdir=$ac_reltopdir/config
+# echo "Looking for $srcdir/$ac_config_fragdir"
+AC_CONFIG_AUX_DIR(K5_TOPDIR/config)
+])dnl
+dnl
+dnl Version info.
+dnl
+pushdef([x],esyscmd([sed -n 's/#define \([A-Z0-9_]*\)[ \t]*\(.*\)/\1=\2/p' < ]K5_TOPDIR/patchlevel.h))
+define([PL_KRB5_MAJOR_RELEASE],regexp(x,[KRB5_MAJOR_RELEASE=\(.*\)],[\1]))
+ifelse(PL_KRB5_MAJOR_RELEASE,,[errprint([Can't determine KRB5_MAJOR_RELEASE value from patchlevel.h.
+]) m4exit(1) dnl sometimes that does not work?
+builtin(m4exit,1)])
+define([PL_KRB5_MINOR_RELEASE],regexp(x,[KRB5_MINOR_RELEASE=\(.*\)],[\1]))
+ifelse(PL_KRB5_MINOR_RELEASE,,[errprint([Can't determine KRB5_MINOR_RELEASE value from patchlevel.h.
+]) m4exit(1) dnl sometimes that does not work?
+builtin(m4exit,1)])
+define([PL_KRB5_PATCHLEVEL],regexp(x,[KRB5_PATCHLEVEL=\(.*\)],[\1]))
+ifelse(PL_KRB5_PATCHLEVEL,,[errprint([Can't determine KRB5_PATCHLEVEL value from patchlevel.h.
+]) m4exit(1) dnl sometimes that does not work?
+builtin(m4exit,1)])
+define([PL_KRB5_RELTAIL],regexp(x,[KRB5_RELTAIL="\(.*\)"],[\1]))
+dnl RELTAIL is allowed to not be defined.
+popdef([x])
+define([K5_VERSION],PL_KRB5_MAJOR_RELEASE.PL_KRB5_MINOR_RELEASE[]ifelse(PL_KRB5_PATCHLEVEL,0,,.PL_KRB5_PATCHLEVEL)ifelse(PL_KRB5_RELTAIL,,,-PL_KRB5_RELTAIL))
+define([K5_BUGADDR],krb5-bugs@mit.edu)
+define([K5_AC_INIT],[AC_INIT(Kerberos 5, K5_VERSION, K5_BUGADDR, krb5)
+AC_CONFIG_SRCDIR($1)
+build_dynobj=no])
+dnl
+dnl drop in standard rules for all configure files -- CONFIG_RULES
+dnl
+AC_DEFUN(CONFIG_RULES,[dnl
+AC_REQUIRE([V5_SET_TOPDIR]) dnl
+EXTRA_FILES=""
+AC_SUBST(EXTRA_FILES)
+dnl Consider using AC_USE_SYSTEM_EXTENSIONS when we require autoconf
+dnl 2.59c or later, but be sure to test on Solaris first.
+AC_DEFINE([_GNU_SOURCE], 1, [Define to enable extensions in glibc])
+AC_DEFINE([__STDC_WANT_LIB_EXT1__], 1, [Define to enable C11 extensions])
+
+WITH_CC dnl
+AC_REQUIRE_CPP
+if test -z "$LD" ; then LD=$CC; fi
+AC_ARG_VAR(LD,[linker command [CC]])
+AC_SUBST(LDFLAGS) dnl
+KRB5_AC_CHOOSE_ET dnl
+KRB5_AC_CHOOSE_SS dnl
+KRB5_AC_CHOOSE_DB dnl
+dnl allow stuff in tree to access deprecated stuff for now
+dnl AC_DEFINE([KRB5_DEPRECATED], 1, [Define only if building in-tree])
+AC_C_CONST dnl
+WITH_NETLIB dnl
+WITH_HESIOD dnl
+KRB5_AC_MAINTAINER_MODE dnl
+AC_ARG_PROGRAM dnl
+dnl
+dnl This identifies the top of the source tree relative to the directory 
+dnl in which the configure file lives.
+dnl
+CONFIG_RELTOPDIR=$ac_reltopdir
+AC_SUBST(CONFIG_RELTOPDIR)
+lib_frag=$srcdir/$ac_config_fragdir/lib.in
+AC_SUBST_FILE(lib_frag)
+libobj_frag=$srcdir/$ac_config_fragdir/libobj.in
+AC_SUBST_FILE(libobj_frag)
+libnover_frag=$srcdir/$ac_config_fragdir/libnover.in
+AC_SUBST_FILE(libnover_frag)
+libpriv_frag=$srcdir/$ac_config_fragdir/libpriv.in
+AC_SUBST_FILE(libpriv_frag)
+libnodeps_frag=$srcdir/$ac_config_fragdir/libnodeps.in
+AC_SUBST_FILE(libnodeps_frag)
+dnl
+KRB5_AC_PRAGMA_WEAK_REF
+WITH_LDAP
+KRB5_LIB_PARAMS
+KRB5_AC_INITFINI
+KRB5_AC_ENABLE_THREADS
+KRB5_AC_FIND_DLOPEN
+])dnl
+
+dnl Maintainer mode, akin to what automake provides, 'cept we don't
+dnl want to use automake right now.
+AC_DEFUN([KRB5_AC_MAINTAINER_MODE],
+[AC_ARG_ENABLE([maintainer-mode],
+  [AS_HELP_STRING([--enable-maintainer-mode],
+    [enable rebuilding of source files, Makefiles, etc])],
+  [USE_MAINTAINER_MODE=$enableval], [USE_MAINTAINER_MODE=no])
+if test "$USE_MAINTAINER_MODE" = yes; then
+  MAINTAINER_MODE_TRUE=
+  MAINTAINER_MODE_FALSE='#'
+  AC_MSG_NOTICE(enabling maintainer mode)
+else
+  MAINTAINER_MODE_TRUE='#'
+  MAINTAINER_MODE_FALSE=
+fi
+MAINT=$MAINTAINER_MODE_TRUE
+AC_SUBST(MAINTAINER_MODE_TRUE)
+AC_SUBST(MAINTAINER_MODE_FALSE)
+AC_SUBST(MAINT)
+])
+
+dnl
+AC_DEFUN([KRB5_AC_INITFINI],[
+dnl Do we want initialization at load time?
+AC_ARG_ENABLE([delayed-initialization],
+  [AS_HELP_STRING([--disable-delayed-initialization],
+    [initialize library code when loaded @<:@delay until first use@:>@])],
+  [], [enable_delayed_initialization=yes])
+case "$enable_delayed_initialization" in
+  yes)
+    AC_DEFINE(DELAY_INITIALIZER,1,[Define if library initialization should be delayed until first use]) ;;
+  no) ;;
+  *)  AC_MSG_ERROR(invalid option $enable_delayed_initialization for delayed-initialization) ;;
+esac
+dnl We always want finalization at unload time.
+dnl
+dnl Can we do things through gcc?
+KRB5_AC_GCC_ATTRS
+dnl How about with the linker?
+if test -z "$use_linker_init_option" ; then
+  AC_MSG_ERROR(ran INITFINI before checking shlib.conf?)
+fi
+if test "$use_linker_init_option" = yes; then
+  AC_DEFINE(USE_LINKER_INIT_OPTION,1,[Define if link-time options for library initialization will be used])
+fi
+if test "$use_linker_fini_option" = yes; then
+  AC_DEFINE(USE_LINKER_FINI_OPTION,1,[Define if link-time options for library finalization will be used])
+fi
+])
+
+dnl find dlopen
+AC_DEFUN([KRB5_AC_FIND_DLOPEN],[
+old_LIBS="$LIBS"
+DL_LIB=
+AC_SEARCH_LIBS(dlopen, dl, [
+if test "$ac_cv_search_dlopen" != "none required"; then
+  DL_LIB=$ac_cv_search_dlopen
+fi
+LIBS="$old_LIBS"
+AC_DEFINE(USE_DLOPEN,1,[Define if dlopen should be used])])
+AC_SUBST(DL_LIB)
+])
+
+
+dnl Hack for now.
+AC_DEFUN([KRB5_AC_ENABLE_THREADS],[
+AC_ARG_ENABLE([thread-support],
+  [AS_HELP_STRING([--disable-thread-support],
+    [don't enable thread support @<:@enabled@:>@])],
+  [], [enable_thread_support=yes])
+if test "$enable_thread_support" = yes ; then
+  AC_MSG_NOTICE(enabling thread support)
+  AC_DEFINE(ENABLE_THREADS,1,[Define if thread support enabled])
+fi
+dnl Maybe this should be inside the conditional above?  Doesn't cache....
+if test "$enable_thread_support" = yes; then
+  AX_PTHREAD(,[AC_MSG_ERROR([cannot determine options for enabling thread support; try --disable-thread-support])])
+  AC_MSG_NOTICE(PTHREAD_CC = $PTHREAD_CC)
+  AC_MSG_NOTICE(PTHREAD_CFLAGS = $PTHREAD_CFLAGS)
+  AC_MSG_NOTICE(PTHREAD_LIBS = $PTHREAD_LIBS)
+  dnl Not really needed -- if pthread.h isn't found, ACX_PTHREAD will fail.
+  dnl AC_CHECK_HEADERS(pthread.h)
+  # AIX and Tru64 don't support weak references, and don't have
+  # stub versions of the pthread code in libc.
+  case "${host_os}" in
+    aix* | osf*)
+      # On these platforms, we'll always pull in the thread support.
+      LIBS="$LIBS $PTHREAD_LIBS"
+      CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+      # We don't need to sometimes add the flags we've just folded in...
+      PTHREAD_LIBS=
+      PTHREAD_CFLAGS=
+      ;;
+    hpux*)
+      # These are the flags that "gcc -pthread" adds.  But we don't
+      # want "-pthread" because that has link-time effects, and we
+      # don't exclude CFLAGS when linking.  *sigh*
+      PTHREAD_CFLAGS="-D_REENTRANT -D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L"
+      ;;
+    solaris2.[[1-9]])
+      # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't
+      # get the right result.   XXX What about Solaris 9 and earlier?
+      if test "$GCC" = yes ; then
+        PTHREAD_CFLAGS="-D_REENTRANT -pthreads"
+      fi
+      ;;
+    solaris*)
+      # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't
+      # get the right result.
+      if test "$GCC" = yes ; then
+        PTHREAD_CFLAGS="-D_REENTRANT -pthreads"
+      fi
+      # On Solaris 10, the thread support is always available in libc.
+      AC_DEFINE(NO_WEAK_PTHREADS,1,[Define if references to pthread routines should be non-weak.])
+      ;;
+  esac
+  THREAD_SUPPORT=1
+else
+  PTHREAD_CC="$CC"
+  PTHREAD_CFLAGS=""
+  PTHREAD_LIBS=""
+  THREAD_SUPPORT=0
+fi
+AC_SUBST(THREAD_SUPPORT)
+dnl We want to know where these routines live, so on systems with weak
+dnl reference support we can figure out whether or not the pthread library
+dnl has been linked in.
+dnl If we don't add any libraries for thread support, don't bother.
+AC_CHECK_FUNCS(pthread_once pthread_rwlock_init)
+old_CC="$CC"
+test "$PTHREAD_CC" != "" && test "$ac_cv_c_compiler_gnu" = no && CC=$PTHREAD_CC
+old_CFLAGS="$CFLAGS"
+# On Solaris, -pthreads is added to CFLAGS, no extra explicit libraries.
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+AC_SUBST(PTHREAD_CFLAGS)
+old_LIBS="$LIBS"
+LIBS="$PTHREAD_LIBS $LIBS"
+AC_MSG_NOTICE(rechecking with PTHREAD_... options)
+AC_CHECK_LIB(c, pthread_rwlock_init,
+  [AC_DEFINE(HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB,1,[Define if pthread_rwlock_init is provided in the thread library.])])
+LIBS="$old_LIBS"
+CC="$old_CC"
+CFLAGS="$old_CFLAGS"
+])
+
+dnl This is somewhat gross and should go away when the build system
+dnl is revamped. -- tlyu
+dnl DECLARE_SYS_ERRLIST - check for sys_errlist in libc
+dnl
+AC_DEFUN([DECLARE_SYS_ERRLIST],
+[AC_CACHE_CHECK([for sys_errlist declaration], krb5_cv_decl_sys_errlist,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <stdio.h>
+      #include <errno.h>
+    ]],
+    [[1+sys_nerr;]])],
+  [krb5_cv_decl_sys_errlist=yes], [krb5_cv_decl_sys_errlist=no])])
+# assume sys_nerr won't be declared w/o being in libc
+if test $krb5_cv_decl_sys_errlist = yes; then
+  AC_DEFINE(SYS_ERRLIST_DECLARED,1,[Define if sys_errlist is defined in errno.h])
+  AC_DEFINE(HAVE_SYS_ERRLIST,1,[Define if sys_errlist in libc])
+else
+  # This means that sys_errlist is not declared in errno.h, but may still
+  # be in libc.
+  AC_CACHE_CHECK([for sys_errlist in libc], krb5_cv_var_sys_errlist,
+  [AC_LINK_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[extern int sys_nerr;]],
+      [[if (1+sys_nerr < 0) return 1;]])],
+    [krb5_cv_var_sys_errlist=yes], [krb5_cv_var_sys_errlist=no])])
+  if test $krb5_cv_var_sys_errlist = yes; then
+    AC_DEFINE(HAVE_SYS_ERRLIST,1,[Define if sys_errlist in libc])
+    # Do this cruft for backwards compatibility for now.
+    AC_DEFINE(NEED_SYS_ERRLIST,1,[Define if need to declare sys_errlist])
+  else
+    AC_MSG_WARN([sys_errlist is neither in errno.h nor in libc])
+  fi
+fi])
+
+dnl
+dnl check for sigmask/sigprocmask -- CHECK_SIGPROCMASK
+dnl
+AC_DEFUN(CHECK_SIGPROCMASK,[
+AC_MSG_CHECKING([for use of sigprocmask])
+AC_CACHE_VAL(krb5_cv_func_sigprocmask_use,
+[AC_LINK_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <signal.h>
+    ]],
+    [[sigprocmask(SIG_SETMASK, 0, 0);]])],
+  [krb5_cv_func_sigprocmask_use=yes],
+  [AC_LINK_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#include <signal.h>
+      ]],
+      [[sigmask(1);]])],
+    [krb5_cv_func_sigprocmask_use=no], [krb5_cv_func_sigprocmask_use=yes])])])
+AC_MSG_RESULT($krb5_cv_func_sigprocmask_use)
+if test $krb5_cv_func_sigprocmask_use = yes; then
+ AC_DEFINE(USE_SIGPROCMASK,1,[Define if sigprocmask should be used])
+fi
+])dnl
+dnl
+dnl
+dnl check for <dirent.h> -- CHECK_DIRENT
+dnl (may need to be more complex later)
+dnl
+AC_DEFUN(CHECK_DIRENT,[
+AC_CHECK_HEADER(dirent.h,AC_DEFINE(USE_DIRENT_H,1,[Define if you have dirent.h functionality]))])dnl
+dnl
+dnl check if union wait is defined, or if WAIT_USES_INT -- CHECK_WAIT_TYPE
+dnl
+AC_DEFUN(CHECK_WAIT_TYPE,[
+AC_MSG_CHECKING([if argument to wait is int *])
+AC_CACHE_VAL(krb5_cv_struct_wait,
+dnl Test for prototype clash - if there is none - then assume int * works
+[AC_COMPILE_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <sys/types.h>
+      #include <sys/wait.h>
+      extern pid_t wait(int *);]])],
+  [krb5_cv_struct_wait=no],
+  dnl Else fallback on old stuff
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#include <sys/wait.h>
+      ]],
+      [[union wait i;
+        #ifdef WEXITSTATUS
+        WEXITSTATUS (i);
+        #endif
+      ]])],
+    [krb5_cv_struct_wait=yes], [krb5_cv_struct_wait=no])])])
+AC_MSG_RESULT($krb5_cv_struct_wait)
+if test $krb5_cv_struct_wait = no; then
+	AC_DEFINE(WAIT_USES_INT,1,[Define if wait takes int as a argument])
+fi
+])dnl
+dnl
+dnl check for POSIX signal handling -- CHECK_SIGNALS
+dnl
+AC_DEFUN(CHECK_SIGNALS,[
+AC_CHECK_FUNC(sigprocmask,
+AC_MSG_CHECKING(for sigset_t and POSIX_SIGNALS)
+AC_CACHE_VAL(krb5_cv_type_sigset_t,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <signal.h>
+    ]],
+    [[sigset_t x]])],
+  [krb5_cv_type_sigset_t=yes], [krb5_cv_type_sigset_t=no])])
+AC_MSG_RESULT($krb5_cv_type_sigset_t)
+if test $krb5_cv_type_sigset_t = yes; then
+  AC_DEFINE(POSIX_SIGNALS,1,[Define if POSIX signal handling is used])
+fi
+)])dnl
+dnl
+dnl check for POSIX setjmp/longjmp -- CHECK_SETJMP
+dnl
+AC_DEFUN(CHECK_SETJMP,[
+AC_CHECK_FUNC(sigsetjmp,
+AC_MSG_CHECKING(for sigjmp_buf)
+AC_CACHE_VAL(krb5_cv_struct_sigjmp_buf,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <setjmp.h>
+    ]],
+    [[sigjmp_buf x]])],
+  [krb5_cv_struct_sigjmp_buf=yes], [krb5_cv_struct_sigjmp_buf=no])])
+AC_MSG_RESULT($krb5_cv_struct_sigjmp_buf)
+if test $krb5_cv_struct_sigjmp_buf = yes; then
+  AC_DEFINE(POSIX_SETJMP,1,[Define if setjmp indicates POSIX interface])
+fi
+)])dnl
+dnl
+dnl Check for IPv6 compile-time support.
+dnl
+AC_DEFUN(KRB5_AC_INET6,[
+AC_CHECK_HEADERS(sys/types.h sys/socket.h netinet/in.h netdb.h)
+AC_CHECK_FUNCS(inet_ntop inet_pton getnameinfo)
+dnl getaddrinfo test needs netdb.h, for proper compilation on alpha
+dnl under OSF/1^H^H^H^H^HDigital^H^H^H^H^H^H^HTru64 UNIX, where it's
+dnl a macro
+AC_MSG_CHECKING(for getaddrinfo)
+AC_CACHE_VAL(ac_cv_func_getaddrinfo,
+[AC_LINK_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#ifdef HAVE_NETDB_H
+      #include <netdb.h>
+      #endif
+    ]],
+    [[struct addrinfo *ai;
+      getaddrinfo("kerberos.mit.edu", "echo", 0, &ai);]])],
+  [ac_cv_func_getaddrinfo=yes], [ac_cv_func_getaddrinfo=no])])
+AC_MSG_RESULT($ac_cv_func_getaddrinfo)
+if test $ac_cv_func_getaddrinfo = yes; then
+  AC_DEFINE(HAVE_GETADDRINFO,1,[Define if you have the getaddrinfo function])
+fi
+dnl
+AC_REQUIRE([KRB5_SOCKADDR_SA_LEN])dnl
+AC_MSG_CHECKING(for IPv6 compile-time support without -DINET6)
+AC_CACHE_VAL(krb5_cv_inet6,[
+if test "$ac_cv_func_inet_ntop" != "yes" ; then
+  krb5_cv_inet6=no
+else
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#ifdef HAVE_SYS_TYPES_H
+        #include <sys/types.h>
+        #endif
+        #include <sys/socket.h>
+        #include <netinet/in.h>
+        #include <netdb.h>
+      ]],
+      [[struct sockaddr_in6 in;
+        AF_INET6;
+        IN6_IS_ADDR_LINKLOCAL(&in.sin6_addr);]])],
+    [krb5_cv_inet6=yes], [krb5_cv_inet6=no])
+fi])
+AC_MSG_RESULT($krb5_cv_inet6)
+if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then
+AC_MSG_CHECKING(for IPv6 compile-time support with -DINET6)
+AC_CACHE_VAL(krb5_cv_inet6_with_dinet6,[
+old_CC="$CC"
+CC="$CC -DINET6"
+AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#ifdef HAVE_SYS_TYPES_H
+      #include <sys/types.h>
+      #endif
+      #include <sys/socket.h>
+      #include <netinet/in.h>
+      #include <netdb.h>
+    ]],
+    [[struct sockaddr_in6 in;
+      AF_INET6;
+      IN6_IS_ADDR_LINKLOCAL (&in.sin6_addr);]])],
+  [krb5_cv_inet6_with_dinet6=yes], [krb5_cv_inet6_with_dinet6=no])
+CC="$old_CC"])
+AC_MSG_RESULT($krb5_cv_inet6_with_dinet6)
+fi
+if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes; then
+  if test "$krb5_cv_inet6_with_dinet6" = yes; then
+    AC_DEFINE(INET6,1,[May need to be defined to enable IPv6 support, for example on IRIX])
+  fi
+fi
+])dnl
+dnl
+AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[
+AC_BEFORE([$0],[AC_PROG_CC])
+AC_BEFORE([$0],[AC_PROG_CXX])
+krb5_ac_cflags_set=${CFLAGS+set}
+krb5_ac_cxxflags_set=${CXXFLAGS+set}
+krb5_ac_warn_cflags_set=${WARN_CFLAGS+set}
+krb5_ac_warn_cxxflags_set=${WARN_CXXFLAGS+set}
+])
+dnl
+AC_DEFUN(TRY_WARN_CC_FLAG_1,[dnl
+  cachevar=`echo "krb5_cv_cc_flag_$1" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[[^a-zA-Z0-9_]]/_/g`
+  AC_CACHE_CHECK([if C compiler supports $1], [$cachevar],
+  [# first try without, then with
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM([], [1;])],
+    [old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags $1"
+     AC_COMPILE_IFELSE(
+       [AC_LANG_PROGRAM([], [1;])],
+       [eval $cachevar=yes], [eval $cachevar=no])
+     CFLAGS="$old_cflags"],
+    [AC_MSG_ERROR(compiling simple test program with $CFLAGS failed)])])
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS $1"
+  fi
+  eval flag_supported='${'$cachevar'}'
+])dnl
+dnl
+dnl Are additional flags needed to make unsupported warning options
+dnl get reported as errors?
+AC_DEFUN(CHECK_CC_WARNING_TEST_FLAGS,[dnl
+  cflags_warning_test_flags=
+  TRY_WARN_CC_FLAG_1(-Werror=unknown-warning-option)
+  if test $flag_supported = yes; then
+    cflags_warning_test_flags=-Werror=unknown-warning-option
+  fi
+])dnl
+dnl
+AC_DEFUN(TRY_WARN_CC_FLAG,[dnl
+AC_REQUIRE([CHECK_CC_WARNING_TEST_FLAGS])dnl
+TRY_WARN_CC_FLAG_1($1)dnl
+])dnl
+dnl
+AC_DEFUN(WITH_CC,[dnl
+AC_REQUIRE([KRB5_AC_CHECK_FOR_CFLAGS])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_CXX])dnl
+if test $ac_cv_c_compiler_gnu = yes ; then
+     HAVE_GCC=yes
+     else HAVE_GCC=
+fi
+AC_SUBST(HAVE_GCC)
+AC_CACHE_CHECK([for GNU linker], krb5_cv_prog_gnu_ld,
+[krb5_cv_prog_gnu_ld=no
+if test "$GCC" = yes; then
+  if AC_TRY_COMMAND([$CC -Wl,-v 2>&1 dnl
+			| grep "GNU ld" > /dev/null]); then
+    krb5_cv_prog_gnu_ld=yes
+  fi
+fi])
+AC_ARG_WITH([size-optimizations],
+[  --with-size-optimizations enable a few optimizations to reduce code size
+                          possibly at some run-time cost],
+,
+withval=no)
+if test "$withval" = yes; then
+  AC_DEFINE(CONFIG_SMALL,1,[Define to reduce code size even if it means more cpu usage])
+fi
+# -Wno-long-long, if needed, for k5-platform.h without inttypes.h etc.
+extra_gcc_warn_opts="-Wall -Wcast-align -Wshadow"
+# -Wmissing-prototypes
+if test "$GCC" = yes ; then
+  # Putting this here means we get -Os after -O2, which works.
+  if test "$with_size_optimizations" = yes && test "x$krb5_ac_cflags_set" != xset; then
+    AC_MSG_NOTICE(adding -Os optimization option)
+    case "$CFLAGS" in
+      "-g -O2") CFLAGS="-g -Os" ;;
+      "-O2")    CFLAGS="-Os" ;;
+      *)        CFLAGS="$CFLAGS -Os" ;;
+    esac
+  fi
+  if test "x$krb5_ac_warn_cflags_set" = xset ; then
+    AC_MSG_NOTICE(not adding extra gcc warning flags because WARN_CFLAGS was set)
+  else
+    AC_MSG_NOTICE(adding extra warning flags for gcc)
+    WARN_CFLAGS="$WARN_CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes"
+    if test "`uname -s`" = Darwin ; then
+      AC_MSG_NOTICE(skipping pedantic warnings on Darwin)
+    elif test "`uname -s`" = Linux ; then
+      AC_MSG_NOTICE(skipping pedantic warnings on Linux)
+    else
+      WARN_CFLAGS="$WARN_CFLAGS -pedantic"
+    fi
+    if test "$ac_cv_cxx_compiler_gnu" = yes; then
+      if test "x$krb5_ac_warn_cxxflags_set" = xset ; then
+        AC_MSG_NOTICE(not adding extra g++ warnings because WARN_CXXFLAGS was set)
+      else
+        AC_MSG_NOTICE(adding extra warning flags for g++)
+        WARN_CXXFLAGS="$WARN_CXXFLAGS $extra_gcc_warn_opts"
+      fi
+    fi
+    # Currently, G++ does not support -Wno-format-zero-length.
+    TRY_WARN_CC_FLAG(-Wno-format-zero-length)
+    # Other flags here may not be supported on some versions of
+    # gcc that people want to use.
+    for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized no-maybe-uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers error=implicit-int ; do
+      TRY_WARN_CC_FLAG(-W$flag)
+    done
+    #  old-style-definition? generates many, many warnings
+    #
+    # Warnings that we'd like to turn into errors on versions of gcc
+    # that support promoting only specific warnings to errors, but
+    # we'll take as warnings on older compilers.  (If such a warning
+    # is added after the -Werror=foo feature, you can just put
+    # error=foo in the above list, and skip the test for the
+    # warning-only form.)  At least in some versions, -Werror= doesn't
+    # seem to make the conditions actual errors, but still issues
+    # warnings; I guess we'll take what we can get.
+    #
+    # We're currently targeting C89+, not C99, so disallow some
+    # constructs.
+    for flag in declaration-after-statement ; do
+      TRY_WARN_CC_FLAG(-Werror=$flag)
+      if test "$flag_supported" = no; then
+        TRY_WARN_CC_FLAG(-W$flag)
+      fi
+    done
+    # We require function declarations now.
+    #
+    # In some compiler versions -- e.g., "gcc version 4.2.1 (Apple
+    # Inc. build 5664)" -- the -Werror- option works, but the -Werror=
+    # version doesn't cause implicitly declared functions to be
+    # flagged as errors.  If neither works, -Wall implies
+    # -Wimplicit-function-declaration so don't bother.
+    TRY_WARN_CC_FLAG(-Werror-implicit-function-declaration)
+    if test "implicit-function-declaration_supported" = no; then
+      TRY_WARN_CC_FLAG(-Werror=implicit-function-declaration)
+    fi
+    #
+  fi
+  if test "`uname -s`" = Darwin ; then
+    # Someday this should be a feature test.
+    # One current (Jaguar = OS 10.2) problem:
+    # Archive library with foo.o undef sym X and bar.o common sym X,
+    # if foo.o is pulled in at link time, bar.o may not be, causing
+    # the linker to complain.
+    # Dynamic library problems too?
+    case "$CC $CFLAGS" in
+    *-fcommon*) ;; # why someone would do this, I don't know
+    *-fno-common*) ;; # okay, they're already doing the right thing
+    *)
+      AC_MSG_NOTICE(disabling the use of common storage on Darwin)
+      CFLAGS="$CFLAGS -fno-common"
+      ;;
+    esac
+  fi
+else
+  if test "`uname -s`" = AIX ; then
+    # Using AIX but not GCC, assume native compiler.
+    # The native compiler appears not to give a nonzero exit
+    # status for certain classes of errors, like missing arguments
+    # in function calls.  Let's try to fix that with -qhalt=e.
+    case "$CC $CFLAGS" in
+      *-qhalt=*) ;;
+      *)
+	CFLAGS="$CFLAGS -qhalt=e"
+	AC_MSG_NOTICE(adding -qhalt=e for better error reporting)
+	;;
+    esac
+    # Also, the optimizer isn't turned on by default, which means
+    # the static inline functions get left in random object files,
+    # leading to references to pthread_mutex_lock from anything that
+    # includes k5-int.h whether it uses threads or not.
+    case "$CC $CFLAGS" in
+      *-O*) ;;
+      *)
+	CFLAGS="$CFLAGS -O"
+	AC_MSG_NOTICE(adding -O for inline thread-support function elimination)
+	;;
+    esac
+  fi
+  if test "`uname -s`" = SunOS ; then
+    # Using Solaris but not GCC, assume Sunsoft compiler.
+    # We have some error-out-on-warning options available.
+    # Sunsoft 12 compiler defaults to -xc99=all, it appears, so "inline"
+    # works, but it also means that declaration-in-code warnings won't
+    # be issued.
+    # -v -fd -errwarn=E_DECLARATION_IN_CODE ...
+    if test "x$krb5_ac_warn_cflags_set" = xset ; then
+      AC_MSG_NOTICE(not adding extra warning flags because WARN_CFLAGS was set)
+    else
+      WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED,E_ATTRIBUTE_PARAM_UNDEFINED"
+    fi
+    if test "x$krb5_ac_warn_cxxflags_set" = xset ; then
+      AC_MSG_NOTICE(not adding extra warning flags because WARN_CXXFLAGS was set)
+    else
+      WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64"
+    fi
+  fi
+fi
+AC_SUBST(WARN_CFLAGS)
+AC_SUBST(WARN_CXXFLAGS)
+])dnl
+dnl
+dnl K5_GEN_MAKEFILE([dir, [frags]])
+dnl
+AC_DEFUN(K5_GEN_MAKEFILE,[dnl
+ifelse($1, ,[_K5_GEN_MAKEFILE(.,$2)],[_K5_GEN_MAKEFILE($1,$2)])
+])
+dnl
+dnl _K5_GEN_MAKEFILE(dir, [frags])
+dnl  dir must be present in this case
+dnl  Note: Be careful in quoting. 
+dnl        The m4_foreach_w generates the list of fragments to include
+dnl        or "" if $2 is empty
+AC_DEFUN(_K5_GEN_MAKEFILE,[dnl
+AC_CONFIG_FILES([$1/Makefile:$srcdir/]K5_TOPDIR[/config/pre.in:$1/Makefile.in:$1/deps:$srcdir/]K5_TOPDIR[/config/post.in])
+])
+dnl
+dnl K5_GEN_FILE( <ac_output arguments> )
+dnl
+AC_DEFUN(K5_GEN_FILE,[AC_CONFIG_FILES($1)])dnl
+dnl
+dnl K5_AC_OUTPUT
+dnl    Note: Adds the variables to config.status for individual 
+dnl          Makefile generation from config.status
+AC_DEFUN(K5_AC_OUTPUT,[AC_OUTPUT])dnl
+dnl
+dnl V5_AC_OUTPUT_MAKEFILE
+dnl
+AC_DEFUN(V5_AC_OUTPUT_MAKEFILE,
+[ifelse($1, , [_V5_AC_OUTPUT_MAKEFILE(.,$2)],[_V5_AC_OUTPUT_MAKEFILE($1,$2)])])
+dnl
+define(_V5_AC_OUTPUT_MAKEFILE,
+[ifelse($2, , ,AC_CONFIG_FILES($2))
+m4_foreach_w([DIR], [$1],dnl
+ [AC_CONFIG_FILES(DIR[/Makefile:$srcdir/]K5_TOPDIR[/config/pre.in:]DIR[/Makefile.in:]DIR[/deps:$srcdir/]K5_TOPDIR[/config/post.in])])
+K5_AC_OUTPUT])dnl
+dnl
+dnl
+dnl KRB5_SOCKADDR_SA_LEN: define HAVE_SA_LEN if sockaddr contains the sa_len
+dnl component
+dnl
+AC_DEFUN([KRB5_SOCKADDR_SA_LEN],[ dnl
+AC_CHECK_MEMBER(struct sockaddr.sa_len,
+  AC_DEFINE(HAVE_SA_LEN,1,[Define if struct sockaddr contains sa_len])
+,,[#include <sys/types.h>
+#include <sys/socket.h>])])
+dnl
+dnl WITH_NETLIB
+dnl 
+dnl
+AC_DEFUN(WITH_NETLIB,[
+AC_ARG_WITH([netlib],
+  [AS_HELP_STRING([--with-netlib=LIBS], [use user defined resolver library])],
+[  if test "$withval" = yes -o "$withval" = no ; then
+	AC_MSG_RESULT("netlib will link with C library resolver only")
+  else
+	LIBS="$LIBS $withval"
+	AC_MSG_RESULT("netlib will use \'$withval\'")
+  fi
+],dnl
+[AC_LIBRARY_NET]
+)])dnl
+dnl
+dnl
+AC_DEFUN(KRB5_AC_NEED_DAEMON, [
+KRB5_NEED_PROTO([#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif],daemon,1)])dnl
+
+dnl
+dnl KRB5_AC_NEED_LIBGEN --- check if libgen needs to be linked in for
+dnl 				compile/step	
+dnl
+dnl
+AC_DEFUN(KRB5_AC_NEED_LIBGEN,[
+AC_REQUIRE([AC_PROG_CC])dnl
+dnl
+dnl regcomp is present but non-functional on Solaris 2.4
+dnl
+AC_MSG_CHECKING(for working regcomp)
+AC_CACHE_VAL(ac_cv_func_regcomp,
+[AC_RUN_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/types.h>
+      #include <regex.h>
+      regex_t x; regmatch_t m;]],
+    [[return regcomp(&x,"pat.*",0) || regexec(&x,"pattern",1,&m,0);]])],
+  [ac_cv_func_regcomp=yes], [ac_cv_func_regcomp=no],
+  [AC_MSG_ERROR([Cannot test regcomp when cross compiling])])])
+AC_MSG_RESULT($ac_cv_func_regcomp)
+test $ac_cv_func_regcomp = yes && AC_DEFINE(HAVE_REGCOMP,1,[Define if regcomp exists and functions])
+dnl
+dnl Check for the compile and step functions - only if regcomp is not available
+dnl
+if test $ac_cv_func_regcomp = no; then
+ save_LIBS="$LIBS"
+ LIBS=-lgen
+dnl this will fail if there's no compile/step in -lgen, or if there's
+dnl no -lgen.  This is fine.
+ AC_CHECK_FUNCS(compile step)
+ LIBS="$save_LIBS"
+dnl
+dnl Set GEN_LIB if necessary 
+dnl
+ AC_CHECK_LIB(gen, compile, GEN_LIB=-lgen, GEN_LIB=)
+ AC_SUBST(GEN_LIB)
+fi
+])
+dnl
+dnl KRB5_AC_REGEX_FUNCS --- check for different regular expression 
+dnl				support functions
+dnl
+AC_DEFUN(KRB5_AC_REGEX_FUNCS,[
+AC_CHECK_FUNCS(re_comp re_exec regexec)
+AC_REQUIRE([KRB5_AC_NEED_LIBGEN])dnl
+])dnl
+dnl
+dnl WITH_HESIOD
+dnl
+AC_DEFUN(WITH_HESIOD,
+[AC_ARG_WITH(hesiod,
+  [AS_HELP_STRING([--with-hesiod[=path]],
+    [compile with hesiod support @<:@omitted@:>@])],
+  [hesiod=$with_hesiod], [with_hesiod=no])
+if test "$with_hesiod" != "no"; then
+	HESIOD_DEFS=-DHESIOD
+	AC_CHECK_LIB(resolv, res_send, res_lib=-lresolv)
+	if test "$hesiod" != "yes"; then
+		HESIOD_LIBS="-L${hesiod}/lib -lhesiod $res_lib"
+	else
+		HESIOD_LIBS="-lhesiod $res_lib"
+	fi
+else
+	HESIOD_DEFS=
+	HESIOD_LIBS=
+fi
+AC_SUBST(HESIOD_DEFS)
+AC_SUBST(HESIOD_LIBS)])
+
+
+dnl
+dnl KRB5_BUILD_LIBRARY
+dnl
+dnl Pull in the necessary stuff to create the libraries.
+
+AC_DEFUN(KRB5_BUILD_LIBRARY,
+[AC_REQUIRE([KRB5_LIB_AUX])dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+AC_REQUIRE([AC_PROG_RANLIB])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+AC_CHECK_TOOL(AR, ar, false)
+if test "$AR" = "false"; then
+  AC_MSG_ERROR([ar not found in PATH])
+fi
+AC_CHECK_PROG(PERL, perl, perl, false)
+if test "$ac_cv_prog_PERL" = "false"; then
+  AC_MSG_ERROR(Perl is now required for Kerberos builds.)
+fi
+AC_SUBST(LIBLIST)
+AC_SUBST(LIBLINKS)
+AC_SUBST(PLUGIN)
+AC_SUBST(PLUGINLINK)
+AC_SUBST(PLUGININST)
+AC_SUBST(KDB5_PLUGIN_DEPLIBS)
+AC_SUBST(KDB5_PLUGIN_LIBS)
+AC_SUBST(MAKE_SHLIB_COMMAND)
+AC_SUBST(SHLIB_RPATH_FLAGS)
+AC_SUBST(SHLIB_EXPFLAGS)
+AC_SUBST(SHLIB_EXPORT_FILE_DEP)
+AC_SUBST(DYNOBJ_EXPDEPS)
+AC_SUBST(DYNOBJ_EXPFLAGS)
+AC_SUBST(INSTALL_SHLIB)
+AC_SUBST(STLIBEXT)
+AC_SUBST(SHLIBEXT)
+AC_SUBST(SHLIBVEXT)
+AC_SUBST(SHLIBSEXT)
+AC_SUBST(DEPLIBEXT)
+AC_SUBST(PFLIBEXT)
+AC_SUBST(LIBINSTLIST)
+AC_SUBST(DYNOBJEXT)
+AC_SUBST(MAKE_DYNOBJ_COMMAND)
+AC_SUBST(UNDEF_CHECK)
+])
+
+dnl
+dnl KRB5_BUILD_LIBOBJS
+dnl
+dnl Pull in the necessary stuff to build library objects.
+
+AC_DEFUN(KRB5_BUILD_LIBOBJS,
+[AC_REQUIRE([KRB5_LIB_AUX])dnl
+AC_SUBST(OBJLISTS)
+AC_SUBST(STOBJEXT)
+AC_SUBST(SHOBJEXT)
+AC_SUBST(PFOBJEXT)
+AC_SUBST(PICFLAGS)
+AC_SUBST(PROFFLAGS)])
+
+dnl
+dnl KRB5_BUILD_PROGRAM
+dnl
+dnl Set variables to build a program.
+
+AC_DEFUN(KRB5_BUILD_PROGRAM,
+[AC_REQUIRE([KRB5_LIB_AUX])dnl
+AC_REQUIRE([KRB5_AC_NEED_LIBGEN])dnl
+AC_SUBST(CC_LINK)
+AC_SUBST(CXX_LINK)
+AC_SUBST(RPATH_FLAG)
+AC_SUBST(PROG_RPATH_FLAGS)
+AC_SUBST(DEPLIBEXT)])
+
+dnl
+dnl KRB5_RUN_FLAGS
+dnl
+dnl Set up environment for running dynamic executables out of build tree
+
+AC_DEFUN(KRB5_RUN_FLAGS,
+[AC_REQUIRE([KRB5_LIB_AUX])dnl
+KRB5_RUN_ENV="$RUN_ENV"
+KRB5_RUN_VARS="$RUN_VARS"
+AC_SUBST(KRB5_RUN_ENV)
+AC_SUBST(KRB5_RUN_VARS)])
+
+dnl
+dnl KRB5_LIB_AUX
+dnl
+dnl Parse configure options related to library building.
+
+AC_DEFUN(KRB5_LIB_AUX,
+[AC_REQUIRE([KRB5_LIB_PARAMS])dnl
+
+AC_ARG_ENABLE([static],,, [enable_static=no])
+AC_ARG_ENABLE([shared],,, [enable_shared=yes])
+
+if test "x$enable_static" = "x$enable_shared"; then
+  AC_MSG_ERROR([--enable-static must be specified with --disable-shared])
+fi
+
+AC_ARG_ENABLE([rpath],
+  [AS_HELP_STRING([--disable-rpath],[suppress run path flags in link lines])],
+  [], [enable_rpath=yes])
+
+if test "x$enable_rpath" != xyes ; then
+	# Unset the rpath flag values set by shlib.conf
+	SHLIB_RPATH_FLAGS=
+	RPATH_FLAG=
+	PROG_RPATH_FLAGS=
+fi
+
+if test "$SHLIBEXT" = ".so-nobuild"; then
+   AC_MSG_ERROR([Shared libraries are not yet supported on this platform.])
+fi
+
+DEPLIBEXT=$SHLIBEXT
+
+if test "x$enable_static" = xyes; then
+	AC_MSG_NOTICE([using static libraries])
+	LIBLIST='lib$(LIBBASE)$(STLIBEXT)'
+	LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)'
+	PLUGIN='libkrb5_$(LIBBASE)$(STLIBEXT)'
+	PLUGINLINK='$(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT)'
+	PLUGININST=install-static
+	OBJLISTS=OBJS.ST
+	LIBINSTLIST=install-static
+	DEPLIBEXT=$STLIBEXT
+	AC_DEFINE([STATIC_PLUGINS], 1, [Define for static plugin linkage])
+
+	KDB5_PLUGIN_DEPLIBS='$(TOPLIBD)/libkrb5_db2$(DEPLIBEXT)'
+	KDB5_PLUGIN_LIBS='-lkrb5_db2'
+	if test "x$OPENLDAP_PLUGIN" = xyes; then
+		KDB5_PLUGIN_DEBLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkrb5_ldap$(DEPLIBEXT) $(TOPLIBD)/libkdb_ldap$(DEPLIBEXT)'
+		KDB5_PLUGIN_LIBS=$KDB5_PLUGIN_LIBS' -lkrb5_kldap -lkdb_ldap $(LDAP_LIBS)'
+	fi
+	# kadm5srv_mit normally comes before kdb on the link line.  Add it
+	# again after the KDB plugins, since they depend on it for XDR stuff.
+	KDB5_PLUGIN_DEPLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkadm5srv_mit$(DEPLIBEXT)'
+	KDB5_PLUGIN_LIBS=$KDB5_PLUGIN_LIBS' -lkadm5srv_mit'
+
+	# avoid duplicate rules generation for AIX and such
+	SHLIBEXT=.so-nobuild
+	SHLIBVEXT=.so.v-nobuild
+	SHLIBSEXT=.so.s-nobuild
+else
+	AC_MSG_NOTICE([using shared libraries])
+
+	# Clear some stuff in case of AIX, etc.
+	if test "$STLIBEXT" = "$SHLIBEXT" ; then
+		STLIBEXT=.a-nobuild
+	fi
+	case "$SHLIBSEXT" in
+	.so.s-nobuild)
+		LIBLIST='lib$(LIBBASE)$(SHLIBEXT)'
+		LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT)'
+		LIBINSTLIST="install-shared"
+		;;
+	*)
+		LIBLIST='lib$(LIBBASE)$(SHLIBEXT) lib$(LIBBASE)$(SHLIBSEXT)'
+		LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT)'
+		LIBINSTLIST="install-shlib-soname"
+		;;
+	esac
+	OBJLISTS="OBJS.SH"
+	PLUGIN='$(LIBBASE)$(DYNOBJEXT)'
+	PLUGINLINK='../$(PLUGIN)'
+	PLUGININST=install-plugin
+	KDB5_PLUGIN_DEPLIBS=
+	KDB5_PLUGIN_LIBS=
+fi
+CC_LINK="$CC_LINK_SHARED"
+CXX_LINK="$CXX_LINK_SHARED"
+
+if test -z "$LIBLIST"; then
+	AC_MSG_ERROR([must enable one of shared or static libraries])
+fi
+
+# Check whether to build profiled libraries.
+AC_ARG_ENABLE([profiled],
+dnl [  --enable-profiled       build profiled libraries @<:@disabled@:>@]
+,
+[if test "$enableval" = yes; then
+  AC_MSG_ERROR([Sorry, profiled libraries do not work in this release.])
+fi])])
+
+dnl
+dnl KRB5_LIB_PARAMS
+dnl
+dnl Determine parameters related to libraries, e.g. various extensions.
+
+AC_DEFUN(KRB5_LIB_PARAMS,
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+krb5_cv_host=$host
+AC_SUBST(krb5_cv_host)
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([V5_SET_TOPDIR])dnl
+. $ac_topdir/config/shlib.conf])
+dnl
+dnl The following was written by jhawk@mit.edu
+dnl
+dnl AC_LIBRARY_NET: Id: net.m4,v 1.4 1997/10/25 20:49:53 jhawk Exp 
+dnl
+dnl This test is for network applications that need socket() and
+dnl gethostbyname() -ish functions.  Under Solaris, those applications need to
+dnl link with "-lsocket -lnsl".  Under IRIX, they should *not* link with
+dnl "-lsocket" because libsocket.a breaks a number of things (for instance:
+dnl gethostbyname() under IRIX 5.2, and snoop sockets under most versions of
+dnl IRIX).
+dnl 
+dnl Unfortunately, many application developers are not aware of this, and
+dnl mistakenly write tests that cause -lsocket to be used under IRIX.  It is
+dnl also easy to write tests that cause -lnsl to be used under operating
+dnl systems where neither are necessary (or useful), such as SunOS 4.1.4, which
+dnl uses -lnsl for TLI.
+dnl 
+dnl This test exists so that every application developer does not test this in
+dnl a different, and subtly broken fashion.
+dnl 
+dnl It has been argued that this test should be broken up into two separate
+dnl tests, one for the resolver libraries, and one for the libraries necessary
+dnl for using Sockets API. Unfortunately, the two are carefully intertwined and
+dnl allowing the autoconf user to use them independantly potentially results in
+dnl unfortunate ordering dependencies -- as such, such component macros would
+dnl have to carefully use indirection and be aware if the other components were
+dnl executed. Since other autoconf macros do not go to this trouble, and almost
+dnl no applications use sockets without the resolver, this complexity has not
+dnl been implemented.
+dnl
+dnl The check for libresolv is in case you are attempting to link statically
+dnl and happen to have a libresolv.a lying around (and no libnsl.a).
+dnl
+AC_DEFUN(AC_LIBRARY_NET, [
+   # Most operating systems have gethostbyname() in the default searched
+   # libraries (i.e. libc):
+   AC_CHECK_FUNC(gethostbyname, , [
+     # Some OSes (eg. Solaris) place it in libnsl:
+     AC_CHECK_LIB(nsl, gethostbyname, , [
+       # Some strange OSes (SINIX) have it in libsocket:
+       AC_CHECK_LIB(socket, gethostbyname, , [
+          # Unfortunately libsocket sometimes depends on libnsl.
+          # AC_CHECK_LIB's API is essentially broken so the following
+          # ugliness is necessary:
+          AC_CHECK_LIB(socket, gethostbyname,
+             LIBS="-lsocket -lnsl $LIBS",
+               [AC_CHECK_LIB(resolv, gethostbyname,
+			     LIBS="-lresolv $LIBS" )],
+             -lnsl)
+       ])
+     ])
+   ])
+  AC_CHECK_FUNC(socket, , AC_CHECK_LIB(socket, socket, ,
+    AC_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , -lnsl)))
+  KRB5_AC_ENABLE_DNS
+  if test "$enable_dns" = yes ; then
+    # We assume that if libresolv exists we can link against it.
+    # This may get us a gethostby* that doesn't respect nsswitch.
+    AC_CHECK_LIB(resolv, main)
+
+_KRB5_AC_CHECK_RES_FUNCS(res_ninit res_nclose res_ndestroy res_nsearch dnl
+ns_initparse ns_name_uncompress dn_skipname res_search)
+    if test $krb5_cv_func_res_nsearch = no \
+      && test $krb5_cv_func_res_search = no; then
+	# Attempt to link with res_search(), in case it's not prototyped.
+	AC_CHECK_FUNC(res_search,
+	  [AC_DEFINE(HAVE_RES_SEARCH, 1,
+	    [Define to 1 if you have the `res_search' function])],
+          [AC_MSG_ERROR([cannot find res_nsearch or res_search])])
+    fi
+  fi
+])
+AC_DEFUN([_KRB5_AC_CHECK_RES_FUNCS],
+[m4_foreach_w([AC_Func], [$1],
+  [AH_TEMPLATE(AS_TR_CPP(HAVE_[]AC_Func),
+               [Define to 1 if you have the `]AC_Func[' function.])])dnl
+for krb5_func in $1; do
+_KRB5_AC_CHECK_RES_FUNC($krb5_func)
+done
+])
+AC_DEFUN([_KRB5_AC_CHECK_RES_FUNC], [
+# Solaris 9 prototypes ns_name_uncompress() in arpa/nameser.h, but
+# doesn't export it from libresolv.so, so we use extreme paranoia here
+# and check both for the declaration and that we can link against the
+# function.
+AC_CACHE_CHECK([for $1], [krb5_cv_func_$1],
+[AC_LINK_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/types.h>
+      #include <netinet/in.h>
+      #include <arpa/nameser.h>
+      #include <resolv.h>
+    ]],
+    [[/*
+       * Use volatile, or else optimization can cause false positives.
+       */
+      void (* volatile p)() = (void (*)())$1;]])],
+    [AS_VAR_SET(krb5_cv_func_$1, yes)],
+    [AS_VAR_SET(krb5_cv_func_$1, no)])])
+AS_IF([test AS_VAR_GET(krb5_cv_func_$1) = yes],
+      [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$1]), 1,
+			  [Define to 1 if you have the `$1' function])])[]dnl
+])
+dnl
+dnl
+dnl KRB5_AC_ENABLE_DNS
+dnl
+AC_DEFUN(KRB5_AC_ENABLE_DNS, [
+enable_dns=yes
+  AC_ARG_ENABLE([dns-for-realm],
+[  --enable-dns-for-realm  enable DNS lookups of Kerberos realm names], ,
+[enable_dns_for_realm=no])
+  if test "$enable_dns_for_realm" = yes; then
+    AC_DEFINE(KRB5_DNS_LOOKUP_REALM,1,[Define to enable DNS lookups of Kerberos realm names])
+  fi
+
+AC_DEFINE(KRB5_DNS_LOOKUP, 1,[Define for DNS support of locating realms and KDCs])
+
+])
+dnl
+dnl
+dnl Check if we need the prototype for a function - we give it a bogus 
+dnl prototype and if it complains - then a valid prototype exists on the 
+dnl system.
+dnl
+dnl KRB5_NEED_PROTO(includes, function, [bypass])
+dnl if $3 set, don't see if library defined. 
+dnl Useful for case where we will define in libkrb5 the function if need be
+dnl but want to know if a prototype exists in either case on system.
+dnl
+AC_DEFUN([KRB5_NEED_PROTO], [
+ifelse([$3], ,[if test "x$ac_cv_func_$2" = xyes; then])
+AC_CACHE_CHECK([if $2 needs a prototype provided], krb5_cv_func_$2_noproto,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[$1]],
+    [[#undef $2
+      struct k5foo {int foo; } xx;
+      extern int $2 (struct k5foo*);
+      $2(&xx);]])],
+  [krb5_cv_func_$2_noproto=yes], [krb5_cv_func_$2_noproto=no])])
+if test $krb5_cv_func_$2_noproto = yes; then
+	AC_DEFINE([NEED_]translit($2, [a-z], [A-Z])[_PROTO], 1, dnl
+[define if the system header files are missing prototype for $2()])
+fi
+ifelse([$3], ,[fi])
+])
+dnl
+dnl =============================================================
+dnl Internal function for testing for getpeername prototype
+dnl
+AC_DEFUN([KRB5_GETPEERNAME_ARGS],[
+AC_DEFINE([GETPEERNAME_ARG3_TYPE],GETSOCKNAME_ARG3_TYPE,[Type of getpeername second argument.])
+])
+dnl
+dnl =============================================================
+dnl Internal function for testing for getsockname arguments
+dnl
+AC_DEFUN([TRY_GETSOCK_INT],[
+krb5_lib_var=`echo "$1 $2" | sed 'y% ./+-*%___p_p%'`
+AC_MSG_CHECKING([if getsockname() takes arguments $1 and $2])
+AC_CACHE_VAL(krb5_cv_getsockname_proto_$krb5_lib_var,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <sys/types.h>
+      #include <sys/socket.h>
+      extern int getsockname(int, $1, $2);]])],
+  [eval "krb5_cv_getsockname_proto_$krb5_lib_var=yes"],
+  [eval "krb5_cv_getsockname_proto_$krb5_lib_var=no"])])
+if eval "test \"`echo '$krb5_cv_getsockname_proto_'$krb5_lib_var`\" = yes"; then
+	AC_MSG_RESULT(yes)
+	sock_set=yes; res1="$1"; res2="$2"
+else
+	AC_MSG_RESULT(no)
+fi
+])
+dnl
+dnl Determines the types of the second and third arguments to getsockname().
+dnl
+AC_DEFUN([KRB5_GETSOCKNAME_ARGS],[
+sock_set=no
+for sock_arg1 in "struct sockaddr *" "void *"
+do
+  for sock_arg2 in "size_t *" "int *" "socklen_t *"
+  do
+	if test $sock_set = no; then
+	  TRY_GETSOCK_INT($sock_arg1, $sock_arg2)
+	fi
+  done 
+done
+if test "$sock_set" = no; then
+  AC_MSG_NOTICE(assuming struct sockaddr and socklen_t for getsockname args)
+  res1="struct sockaddr *"
+  res2="socklen_t *"
+fi
+res1=`echo "$res1" | tr -d '*' | sed -e 's/ *$//'`
+res2=`echo "$res2" | tr -d '*' | sed -e 's/ *$//'`
+AC_DEFINE_UNQUOTED([GETSOCKNAME_ARG3_TYPE],$res2,[Type of pointer target for argument 3 to getsockname])
+])
+dnl
+dnl
+AC_DEFUN([KRB5_AC_CHOOSE_ET],[
+AC_ARG_WITH([system-et],
+  [AS_HELP_STRING([--with-system-et],
+    [use system compile_et and -lcom_err @<:@default: build and install a local version@:>@])])
+AC_MSG_CHECKING(which version of com_err to use)
+if test "x$with_system_et" = xyes ; then
+  # This will be changed to "intlsys" if textdomain support is present.
+  COM_ERR_VERSION=sys
+  AC_MSG_RESULT(system)
+else
+  COM_ERR_VERSION=k5
+  AC_MSG_RESULT(krb5)
+fi
+OLDLIBS="$LIBS"
+COM_ERR_LIB=-lcom_err
+if test $COM_ERR_VERSION = sys; then
+  PKG_CHECK_MODULES(COM_ERR, com_err, [have_com_err=yes], [have_com_err=no])
+  if test "x$have_com_err = xyes"; then
+    COM_ERR_LIB="$COM_ERR_LIBS"
+  fi
+  LIBS="$LIBS $COM_ERR_LIB"
+  # check for various functions we need
+  AC_CHECK_LIB(com_err, add_error_table, :, AC_MSG_ERROR(cannot find add_error_table in com_err library))
+  AC_CHECK_LIB(com_err, remove_error_table, :, AC_MSG_ERROR(cannot find remove_error_table in com_err library))
+  # make sure compile_et provides "et_foo" name
+  cat >> conf$$e.et <<EOF
+error_table foo
+error_code ERR_FOO, "foo"
+end
+EOF
+  AC_CHECK_PROGS(compile_et,compile_et,false)
+  if test "$compile_et" = false; then
+    AC_MSG_ERROR(cannot find compile_et)
+  fi
+  AC_CACHE_CHECK(whether compile_et is useful,krb5_cv_compile_et_useful,[
+  if compile_et conf$$e.et >/dev/null 2>&1 ; then true ; else
+    AC_MSG_ERROR(execution failed)
+  fi
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#include "conf$$e.h"
+      ]],
+      [[&et_foo_error_table;]])],
+    [], [AC_MSG_ERROR(cannot use et_foo_error_table)])
+  # Anything else we need to test for?
+  rm -f conf$$e.c conf$$e.h
+  krb5_cv_compile_et_useful=yes
+  ])
+  AC_CACHE_CHECK(whether compile_et supports --textdomain,
+                 krb5_cv_compile_et_textdomain,[
+  krb5_cv_compile_et_textdomain=no
+  if compile_et --textdomain=xyzw conf$$e.et >/dev/null 2>&1 ; then
+    if grep -q xyzw conf$$e.c; then
+      krb5_cv_compile_et_textdomain=yes
+    fi
+  fi
+  rm -f conf$$e.c conf$$e.h
+  ])
+  if test "$krb5_cv_compile_et_textdomain" = yes; then
+    COM_ERR_VERSION=intlsys
+  fi
+  rm -f conf$$e.et
+fi
+AC_SUBST(COM_ERR_VERSION)
+AC_SUBST(COM_ERR_LIB)
+LIBS="$OLDLIBS"
+if test "$COM_ERR_VERSION" = k5 -o "$COM_ERR_VERSION" = intlsys; then
+  AC_DEFINE(HAVE_COM_ERR_INTL,1,
+            [Define if com_err has compatible gettext support])
+fi
+])
+AC_DEFUN([KRB5_AC_CHOOSE_SS],[
+AC_ARG_WITH(system-ss,
+  [AS_HELP_STRING([--with-system-ss],
+    [use system -lss and mk_cmds @<:@private version@:>@])])
+AC_ARG_VAR(SS_LIB,[system libraries for 'ss' package [-lss]])
+AC_MSG_CHECKING(which version of subsystem package to use)
+if test "x$with_system_ss" = xyes ; then
+  SS_VERSION=sys
+  AC_MSG_RESULT(system)
+  # todo: check for various libraries we might need
+  # in the meantime...
+  test "x${SS_LIB+set}" = xset || SS_LIB=-lss
+  old_LIBS="$LIBS"
+  LIBS="$LIBS $SS_LIB"
+  AC_CACHE_CHECK(whether system ss package works, krb5_cv_system_ss_okay,
+  [AC_RUN_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <ss/ss.h>
+        int main(int argc, char *argv[]) {
+            if (argc == 42) {
+                int i, err;
+                i = ss_create_invocation("foo","foo","",0,&err);
+                ss_listen(i);
+            }
+            return 0;
+        }]])],
+    [krb5_cv_system_ss_okay=yes], [AC_MSG_ERROR(cannot run test program)],
+    [krb5_cv_system_ss_okay=assumed])])
+  LIBS="$old_LIBS"
+  KRB5_NEED_PROTO([#include <ss/ss.h>],ss_execute_command,1)
+else
+  SS_VERSION=k5
+  AC_MSG_RESULT(krb5)
+fi
+AC_SUBST(SS_LIB)
+AC_SUBST(SS_VERSION)
+])
+dnl
+AC_DEFUN([KRB5_AC_CHOOSE_DB],[
+AC_ARG_WITH(system-db,
+  [AS_HELP_STRING([--with-system-db],
+    [use system Berkeley db @<:@private version@:>@])])
+AC_ARG_VAR(DB_HEADER,[header file for system Berkeley db package [db.h]])
+AC_ARG_VAR(DB_LIB,[library for system Berkeley db package [-ldb]])
+if test "x$with_system_db" = xyes ; then
+  DB_VERSION=sys
+  # TODO: Do we have specific routines we should check for?
+  # How about known, easily recognizable bugs?
+  # We want to use bt_rseq in some cases, but no other version but
+  # ours has it right now.
+  #
+  # Okay, check the variables.
+  test "x${DB_HEADER+set}" = xset || DB_HEADER=db.h
+  test "x${DB_LIB+set}" = xset || DB_LIB=-ldb
+  #
+  if test "x${DB_HEADER}" = xdb.h ; then
+    DB_HEADER_VERSION=sys
+  else
+    DB_HEADER_VERSION=redirect
+  fi
+  KDB5_DB_LIB="$DB_LIB"
+else
+  DB_VERSION=k5
+  AC_DEFINE(HAVE_BT_RSEQ,1,[Define if bt_rseq is available, for recursive btree traversal.])
+  DB_HEADER=db.h
+  DB_HEADER_VERSION=k5
+  # libdb gets sucked into libkdb
+  KDB5_DB_LIB=
+  # needed for a couple of things that need libdb for its own sake
+  DB_LIB=-ldb
+fi
+AC_SUBST(DB_VERSION)
+AC_SUBST(DB_HEADER)
+AC_SUBST(DB_HEADER_VERSION)
+AC_SUBST(DB_LIB)
+AC_SUBST(KDB5_DB_LIB)
+])
+dnl
+dnl KRB5_AC_PRIOCNTL_HACK
+dnl
+dnl
+AC_DEFUN([KRB5_AC_PRIOCNTL_HACK],
+[AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_LANG_COMPILER_REQUIRE])dnl
+AC_CACHE_CHECK([whether to use priocntl hack], [krb5_cv_priocntl_hack],
+[case $krb5_cv_host in
+*-*-solaris2.9*)
+	if test "$cross_compiling" = yes; then
+		krb5_cv_priocntl_hack=yes
+	else
+		# Solaris patch 117171-11 (sparc) or 117172-11 (x86)
+		# fixes the Solaris 9 bug where final pty output
+		# gets lost on close.
+		if showrev -p | $AWK 'BEGIN { e = 1 }
+/Patch: 11717[[12]]/ { x = index[]([$]2, "-");
+if (substr[]([$]2, x + 1, length([$]2) - x) >= 11)
+{ e = 0 } else { e = 1 } }
+END { exit e; }'; then
+			krb5_cv_priocntl_hack=no
+		else
+			krb5_cv_priocntl_hack=yes
+		fi
+	fi
+	;;
+*)
+	krb5_cv_priocntl_hack=no
+	;;
+esac])
+if test "$krb5_cv_priocntl_hack" = yes; then
+	PRIOCNTL_HACK=1
+else
+	PRIOCNTL_HACK=0
+fi
+AC_SUBST(PRIOCNTL_HACK)])
+dnl
+dnl
+dnl KRB5_AC_GCC_ATTRS
+AC_DEFUN([KRB5_AC_GCC_ATTRS],
+[AC_CACHE_CHECK([for constructor/destructor attribute support],krb5_cv_attr_constructor_destructor,
+[rm -f conftest.1 conftest.2
+if test -r conftest.1 || test -r conftest.2 ; then
+  AC_MSG_ERROR(write error in local file system?)
+fi
+true > conftest.1
+true > conftest.2
+if test -r conftest.1 && test -r conftest.2 ; then true ; else
+  AC_MSG_ERROR(write error in local file system?)
+fi
+a=no
+b=no
+# blindly assume we have 'unlink' and unistd.h.
+AC_RUN_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <unistd.h>
+      void foo1() __attribute__((constructor));
+      void foo1() { unlink("conftest.1"); }
+      void foo2() __attribute__((destructor));
+      void foo2() { unlink("conftest.2"); }
+      int main () { return 0; }]])],
+    [test -r conftest.1 || a=yes
+     test -r conftest.2 || b=yes],
+  [], [AC_MSG_ERROR(Cannot test for constructor/destructor support when cross compiling)])
+case $krb5_cv_host in
+*-*-aix4.*)
+	# Under AIX 4.3.3, at least, shared library destructor functions
+	# appear to get executed in reverse link order (right to left),
+	# so that a library's destructor function may run after that of
+	# libraries it depends on, and may still have to access in the
+	# destructor.
+	#
+	# That counts as "not working", for me, but it's a much more
+	# complicated test case to set up.
+	b=no
+	;;
+esac
+krb5_cv_attr_constructor_destructor="$a,$b"
+])
+# Okay, krb5_cv_... should be set now.
+case $krb5_cv_attr_constructor_destructor in
+  yes,*)
+    AC_DEFINE(CONSTRUCTOR_ATTR_WORKS,1,[Define if __attribute__((constructor)) works]) ;;
+esac
+case $krb5_cv_attr_constructor_destructor in
+  *,yes)
+    AC_DEFINE(DESTRUCTOR_ATTR_WORKS,1,[Define if __attribute__((destructor)) works]) ;;
+esac
+dnl End of attributes we care about right now.
+])
+dnl
+dnl
+dnl KRB5_AC_PRAGMA_WEAK_REF
+AC_DEFUN([KRB5_AC_PRAGMA_WEAK_REF],
+[AC_CACHE_CHECK([whether pragma weak references are supported],
+krb5_cv_pragma_weak_ref,
+[AC_LINK_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#pragma weak flurbl
+      extern int flurbl(void);]],
+    [[if (&flurbl != 0) return flurbl();]])],
+  [krb5_cv_pragma_weak_ref=yes], [krb5_cv_pragma_weak_ref=no])])
+if test $krb5_cv_pragma_weak_ref = yes ; then
+  AC_DEFINE(HAVE_PRAGMA_WEAK_REF,1,[Define if #pragma weak references work])
+fi])
+dnl
+dnl
+m4_include(config/ac-archive/ax_pthread.m4)
+m4_include(config/ac-archive/ax_recursive_eval.m4)
+m4_include(config/pkg.m4)
+dnl
+dnl
+dnl
+dnl --with-ldap=value
+dnl
+AC_DEFUN(WITH_LDAP,[
+AC_ARG_WITH([ldap],
+[AS_HELP_STRING([--with-ldap], [compile OpenLDAP database backend module])],
+[case "$withval" in
+    OPENLDAP) with_ldap=yes ;;
+    yes | no) ;;
+    *)  AC_MSG_ERROR(Invalid option value --with-ldap="$withval") ;;
+esac], with_ldap=no)dnl
+
+if test "$with_ldap" = yes; then
+  AC_MSG_NOTICE(enabling OpenLDAP database backend module support)
+  OPENLDAP_PLUGIN=yes
+fi
+])dnl
diff --git a/krb5-1.21.3/src/appl/Makefile.in b/krb5-1.21.3/src/appl/Makefile.in
new file mode 100644
index 00000000..32fe175c
--- /dev/null
+++ b/krb5-1.21.3/src/appl/Makefile.in
@@ -0,0 +1,5 @@
+mydir=appl
+BUILDTOP=$(REL)..
+
+SUBDIRS= sample simple user_user gss-sample
+WINSUBDIRS= gss-sample
diff --git a/krb5-1.21.3/src/appl/deps b/krb5-1.21.3/src/appl/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/gss-sample/Makefile.in b/krb5-1.21.3/src/appl/gss-sample/Makefile.in
new file mode 100644
index 00000000..35d808d0
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/Makefile.in
@@ -0,0 +1,50 @@
+mydir=appl$(S)gss-sample
+BUILDTOP=$(REL)..$(S)..
+DEFINES = -DUSE_AUTOCONF_H -DGSSAPI_V2
+
+SRCS= $(srcdir)/gss-client.c $(srcdir)/gss-misc.c $(srcdir)/gss-server.c
+
+OBJS= gss-client.o gss-misc.o gss-server.o
+
+all-unix: gss-server gss-client
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##GSSCLIENT=$(OUTPRE)gss-client.exe
+##WIN32##GSSSERVER=$(OUTPRE)gss-server.exe
+
+##WIN32##CLIENTRES=$(GSSCLIENT:.exe=.res)
+##WIN32##SERVERRES=$(GSSSERVER:.exe=.res)
+
+##WIN32##$(CLIENTRES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DGSS_CLIENT_APP -fo $@ -r $**
+##WIN32##$(SERVERRES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DGSS_SERVER_APP -fo $@ -r $**
+
+
+##WIN32##all-windows: $(OUTPRE)gss-server.exe $(OUTPRE)gss-client.exe
+
+gss-server: gss-server.o gss-misc.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o gss-server gss-server.o gss-misc.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+
+gss-client: gss-client.o gss-misc.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o gss-client gss-client.o gss-misc.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+
+##WIN32##$(GSSSERVER): $(OUTPRE)gss-server.obj $(OUTPRE)gss-misc.obj $(GLIB) $(KLIB) $(SERVERRES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+##WIN32##$(GSSCLIENT): $(OUTPRE)gss-client.obj $(OUTPRE)gss-misc.obj $(GLIB) $(KLIB) $(CLIENTRES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) gss-server gss-client
+
+check-pytests:
+	$(RUNPYTEST) $(srcdir)/t_gss_sample.py $(PYTESTFLAGS)
+
+install-unix:
+	$(INSTALL_PROGRAM) gss-client $(DESTDIR)$(CLIENT_BINDIR)/gss-client
+	$(INSTALL_PROGRAM) gss-server $(DESTDIR)$(SERVER_BINDIR)/gss-server
diff --git a/krb5-1.21.3/src/appl/gss-sample/README b/krb5-1.21.3/src/appl/gss-sample/README
new file mode 100644
index 00000000..c207aba8
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/README
@@ -0,0 +1,165 @@
+# Copyright 1993 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+This directory contains a sample GSS-API client and server
+application.  In addition to serving as an example of GSS-API
+programming, this application is also intended to be a tool for
+testing the performance of GSS-API implementations.
+
+Each time the client is invoked, it performs one or more exchanges
+with the server.  Each exchange with the server consists primarily of
+the following steps:
+
+	1. A TCP/IP connection is established.
+
+	2. (optional, on by default) The client and server establish a
+	   GSS-API context, and the server prints the identify of the
+	   client.
+
+      /	3. The client sends a message to the server.  The message may
+     /     be plaintext, cryptographically "signed" but not encrypted,
+     |     or encrypted (default).
+     |
+0 or |  4. The server decrypts the message (if necessary), verifies
+more |     its signature (if there is one) and prints it.
+times|
+     |  5. The server sends either a signature block (the default) or an
+     |     empty token back to the client to acknowledge the message.
+     \
+      \ 6. If the server sent a signature block, the client verifies
+           it and prints a message indicating that it was verified.
+  
+	7. The client sends an empty block to the server to tell it
+	   that the exchange is finished.
+  
+	8. The client and server close the TCP/IP connection and
+	   destroy the GSS-API context.
+
+The client also supports the -v1 flag which uses an older exchange
+format compatible with previous releases of Kerberos and with samples
+shipped in the Microsoft SDK.
+  
+The server's command line usage is
+  
+	gss-server [-port port] [-verbose] [-once] [-inetd] [-export]
+		[-logfile file] service_name
+  
+where service_name is a GSS-API service name of the form
+"service@host" (or just "service", in which case the local host name
+is used).  The command-line options have the following meanings:
+  
+-port	The TCP port on which to accept connections.  Default is 4444.
+  
+-once	Tells the server to exit after a single exchange, rather than
+	persisting.
+  
+-inetd	Tells the server that it is running out of inetd, so it should
+	interact with the client on stdin rather than binding to a
+	network port.  Implies "-once".
+  
+-export	Tells the server to test the gss_export_sec_context function
+	after establishing a context with a client.
+
+-logfile
+	The file to which the server should append its output, rather
+	than sending it to stdout.
+  
+The client's command line usage is
+
+	gss-client [-port port] [-mech mechanism] [-d] [-f] [-q]
+        [-seq] [-noreplay] [-nomutual] [-dce]
+        [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm]
+		host service_name msg
+
+where host is the host running the server, service_name is the service
+name that the server will establish connections as (if you don't
+specify the host name in the service name when running gss-server, and
+it's running on a different machine from gss-client, make sure to
+specify the server's host name in the service name you specify to
+gss-client!) and msg is the message.  The command-line options have
+the following meanings:
+
+-port	The TCP port to which to connect.  Default is 4444.
+
+-mech	The OID of the GSS-API mechanism to use.
+
+-d	Tells the client to delegate credentials to the server.  For
+	the Kerberos GSS-API mechanism, this means that a forwardable
+	TGT will be sent to the server, which will put it in its
+	credential cache (you must have acquired your tickets with
+	"kinit -f" for this to work).
+
+-seq Tells the client to enforce ordered message delivery via
+    sequencing.  
+
+-noreplay Tells the client to disable the use of replay
+    detection.
+
+-dce	Tells the client to request DCE-style authentication.
+
+-nomutual Tells the client to disable the use of mutual authentication.
+
+-f	Tells the client that the "msg" argument is actually the name
+	of a file whose contents should be used as the message.
+
+-q	Tells the client to be quiet, i.e., to only print error
+	messages.
+
+-ccount	Specifies how many sessions the client should initiate with
+	the server (the "connection count").
+
+-mcount	Specifies how many times the message should be sent to the
+	server in each session (the "message count").
+
+-na	Tells the client not to do any authentication with the
+	server.  Implies "-nw", "-nx" and "-nm".
+
+-nw	Tells the client not to "wrap" messages.  Implies "-nx".
+
+-nx	Tells the client not to encrypt messages.
+
+-nm	Tells the client not to ask the server to send back a
+	cryptographic checksum ("MIC").
+
+To run the server on a host, you need to make sure that the principal
+corresponding to service_name is in the default keytab on the server
+host, and that the gss-server process can read the keytab.  For
+example, the service name "host@server" corresponds to the Kerberos
+principal "host/server.domain.com@REALM".
+
+This sample application uses the following GSS-API functions:
+
+	gss_accept_sec_context		gss_inquire_names_for_mech
+	gss_acquire_cred		gss_oid_to_str
+	gss_delete_sec_context		gss_release_buffer
+	gss_display_name		gss_release_cred
+	gss_display_status		gss_release_name
+	gss_export_sec_context		gss_release_oid
+	gss_get_mic			gss_release_oid_set
+	gss_import_name			gss_str_to_oid
+	gss_import_sec_context		gss_unwrap
+	gss_init_sec_context		gss_verify_mic
+	gss_inquire_context		gss_wrap
+  
+This application was originally written by Barry Jaspan of OpenVision
+Technologies, Inc.  It was updated significantly by Jonathan Kamens of
+OpenVision Technologies, Inc.
+
+$Id$
diff --git a/krb5-1.21.3/src/appl/gss-sample/deps b/krb5-1.21.3/src/appl/gss-sample/deps
new file mode 100644
index 00000000..8d306a05
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/deps
@@ -0,0 +1,16 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/port-sockets.h gss-client.c gss-misc.h
+$(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  gss-misc.c gss-misc.h
+$(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/port-sockets.h gss-misc.h gss-server.c
diff --git a/krb5-1.21.3/src/appl/gss-sample/gss-client.c b/krb5-1.21.3/src/appl/gss-sample/gss-client.c
new file mode 100644
index 00000000..6e2aa336
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/gss-client.c
@@ -0,0 +1,921 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (C) 2003, 2004, 2005 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <winsock2.h>
+#else
+#include <assert.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#endif
+
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+#include <gssapi/gssapi_ext.h>
+#include "gss-misc.h"
+#include "port-sockets.h"
+
+static int verbose = 1;
+static int spnego = 0;
+static gss_OID_desc gss_spnego_mechanism_oid_desc =
+{6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+
+static void
+usage()
+{
+    fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] "
+            "[-spnego] [-d]\n");
+    fprintf(stderr, "       [-seq] [-noreplay] [-nomutual] [-user user] "
+            "[-pass pw]");
+#ifdef _WIN32
+    fprintf(stderr, " [-threads num]");
+#endif
+    fprintf(stderr, "\n");
+    fprintf(stderr, "       [-f] [-q] [-ccount count] [-mcount count]\n");
+    fprintf(stderr, "       [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
+    exit(1);
+}
+
+/*
+ * Function: connect_to_server
+ *
+ * Purpose: Opens a TCP connection to the name host and port.
+ *
+ * Arguments:
+ *
+ *      host            (r) the target host name
+ *      port            (r) the target port, in host byte order
+ *
+ * Returns: the established socket file descriptor, or -1 on failure
+ *
+ * Effects:
+ *
+ * The host name is resolved with gethostbyname(), and the socket is
+ * opened and connected.  If an error occurs, an error message is
+ * displayed and -1 is returned.
+ */
+static int
+connect_to_server(char *host, u_short port)
+{
+    struct sockaddr_in saddr;
+    struct hostent *hp;
+    int     s;
+
+#ifdef _WIN32
+    WSADATA wsadata;
+    int wsastartuperror = WSAStartup(0x202, &wsadata);
+    if (wsastartuperror) {
+        fprintf(stderr, "WSAStartup error: %x\n", wsastartuperror);
+        return -1;
+    }
+#endif
+
+    if ((hp = gethostbyname(host)) == NULL) {
+        fprintf(stderr, "Unknown host: %s\n", host);
+        return -1;
+    }
+
+    saddr.sin_family = hp->h_addrtype;
+    memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
+    saddr.sin_port = htons(port);
+
+    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        perror("creating socket");
+        return -1;
+    }
+    if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
+        perror("connecting to server");
+        (void) closesocket(s);
+        return -1;
+    }
+    return s;
+}
+
+/*
+ * Function: client_establish_context
+ *
+ * Purpose: establishes a GSS-API context with a specified service and
+ * returns the context handle
+ *
+ * Arguments:
+ *
+ *      s                   (r) an established TCP connection to the service
+ *      service_name(r) the ASCII service name of the service
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to actually do authentication
+ *  v1_format   (r) whether the v1 sample protocol should be used
+ *      oid                 (r) OID of the mechanism to use
+ *      context         (w) the established GSS-API context
+ *      ret_flags       (w) the returned flags from init_sec_context
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * service_name is imported as a GSS-API name and a GSS-API context is
+ * established with the corresponding service; the service should be
+ * listening on the TCP connection s.  The default GSS-API mechanism
+ * is used, and mutual authentication and replay detection are
+ * requested.
+ *
+ * If successful, the context handle is returned in context.  If
+ * unsuccessful, the GSS-API error messages are displayed on stderr
+ * and -1 is returned.
+ */
+static int
+client_establish_context(int s, char *service_name, OM_uint32 gss_flags,
+                         int auth_flag, int v1_format, gss_OID oid,
+                         char *username, char *password,
+                         gss_ctx_id_t *gss_context, OM_uint32 *ret_flags)
+{
+    if (auth_flag) {
+        gss_buffer_desc send_tok, recv_tok, *token_ptr;
+        gss_name_t target_name;
+        OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+        int token_flags;
+        gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+        gss_name_t gss_username = GSS_C_NO_NAME;
+        gss_OID_set_desc mechs, *mechsp = GSS_C_NO_OID_SET;
+
+        if (spnego) {
+            mechs.elements = &gss_spnego_mechanism_oid_desc;
+            mechs.count = 1;
+            mechsp = &mechs;
+        } else if (oid != GSS_C_NO_OID) {
+            mechs.elements = oid;
+            mechs.count = 1;
+            mechsp = &mechs;
+        } else {
+            mechs.elements = NULL;
+            mechs.count = 0;
+        }
+
+        if (username != NULL) {
+            send_tok.value = username;
+            send_tok.length = strlen(username);
+
+            maj_stat = gss_import_name(&min_stat, &send_tok,
+                                       (gss_OID) gss_nt_user_name,
+                                       &gss_username);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("parsing client name", maj_stat, min_stat);
+                return -1;
+            }
+        }
+
+        if (password != NULL) {
+            gss_buffer_desc pwbuf;
+
+            pwbuf.value = password;
+            pwbuf.length = strlen(password);
+
+            maj_stat = gss_acquire_cred_with_password(&min_stat,
+                                                      gss_username,
+                                                      &pwbuf, 0,
+                                                      mechsp, GSS_C_INITIATE,
+                                                      &cred, NULL, NULL);
+        } else if (gss_username != GSS_C_NO_NAME) {
+            maj_stat = gss_acquire_cred(&min_stat,
+                                        gss_username, 0,
+                                        mechsp, GSS_C_INITIATE,
+                                        &cred, NULL, NULL);
+        } else
+            maj_stat = GSS_S_COMPLETE;
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("acquiring creds", maj_stat, min_stat);
+            gss_release_name(&min_stat, &gss_username);
+            return -1;
+        }
+        if (spnego && oid != GSS_C_NO_OID) {
+            gss_OID_set_desc neg_mechs;
+
+            neg_mechs.elements = oid;
+            neg_mechs.count = 1;
+
+            maj_stat = gss_set_neg_mechs(&min_stat, cred, &neg_mechs);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("setting neg mechs", maj_stat, min_stat);
+                gss_release_name(&min_stat, &gss_username);
+                gss_release_cred(&min_stat, &cred);
+                return -1;
+            }
+        }
+        gss_release_name(&min_stat, &gss_username);
+
+        /*
+         * Import the name into target_name.  Use send_tok to save
+         * local variable space.
+         */
+        send_tok.value = service_name;
+        send_tok.length = strlen(service_name);
+        maj_stat = gss_import_name(&min_stat, &send_tok,
+                                   (gss_OID) gss_nt_service_name,
+                                   &target_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("parsing name", maj_stat, min_stat);
+            return -1;
+        }
+
+        if (!v1_format) {
+            if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) <
+                0) {
+                (void) gss_release_name(&min_stat, &target_name);
+                return -1;
+            }
+        }
+
+        /*
+         * Perform the context-establishement loop.
+         *
+         * On each pass through the loop, token_ptr points to the token
+         * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+         * Every generated token is stored in send_tok which is then
+         * transmitted to the server; every received token is stored in
+         * recv_tok, which token_ptr is then set to, to be processed by
+         * the next call to gss_init_sec_context.
+         *
+         * GSS-API guarantees that send_tok's length will be non-zero
+         * if and only if the server is expecting another token from us,
+         * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+         * and only if the server has another token to send us.
+         */
+
+        token_ptr = GSS_C_NO_BUFFER;
+        *gss_context = GSS_C_NO_CONTEXT;
+
+        do {
+            maj_stat = gss_init_sec_context(&init_sec_min_stat,
+                                            cred, gss_context,
+                                            target_name, mechs.elements,
+                                            gss_flags, 0,
+                                            NULL, /* channel bindings */
+                                            token_ptr, NULL, /* mech type */
+                                            &send_tok, ret_flags,
+                                            NULL);  /* time_rec */
+
+            if (token_ptr != GSS_C_NO_BUFFER)
+                free(recv_tok.value);
+
+            if (send_tok.length != 0) {
+                if (verbose)
+                    printf("Sending init_sec_context token (size=%d)...",
+                           (int) send_tok.length);
+                if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) <
+                    0) {
+                    (void) gss_release_buffer(&min_stat, &send_tok);
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+            }
+            (void) gss_release_buffer(&min_stat, &send_tok);
+
+            if (maj_stat != GSS_S_COMPLETE
+                && maj_stat != GSS_S_CONTINUE_NEEDED) {
+                display_status("initializing context", maj_stat,
+                               init_sec_min_stat);
+                (void) gss_release_name(&min_stat, &target_name);
+                (void) gss_release_cred(&min_stat, &cred);
+                if (*gss_context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, gss_context,
+                                           GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+                if (verbose)
+                    printf("continue needed...");
+                if (recv_token(s, &token_flags, &recv_tok) < 0) {
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+                token_ptr = &recv_tok;
+            }
+            if (verbose)
+                printf("\n");
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        (void) gss_release_cred(&min_stat, &cred);
+        (void) gss_release_name(&min_stat, &target_name);
+    } else {
+        if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+            return -1;
+    }
+
+    return 0;
+}
+
+static void
+read_file(file_name, in_buf)
+    char   *file_name;
+    gss_buffer_t in_buf;
+{
+    int     fd, count;
+    struct stat stat_buf;
+
+    if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
+        perror("open");
+        fprintf(stderr, "Couldn't open file %s\n", file_name);
+        exit(1);
+    }
+    if (fstat(fd, &stat_buf) < 0) {
+        perror("fstat");
+        exit(1);
+    }
+    in_buf->length = stat_buf.st_size;
+
+    if (in_buf->length == 0) {
+        in_buf->value = NULL;
+        return;
+    }
+
+    if ((in_buf->value = malloc(in_buf->length)) == 0) {
+        fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
+                (int) in_buf->length);
+        exit(1);
+    }
+
+    /* this code used to check for incomplete reads, but you can't get
+     * an incomplete read on any file for which fstat() is meaningful */
+
+    count = read(fd, in_buf->value, in_buf->length);
+    if (count < 0) {
+        perror("read");
+        exit(1);
+    }
+    if (count < (int)in_buf->length)
+        fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
+                count, (int) in_buf->length);
+}
+
+/*
+ * Function: call_server
+ *
+ * Purpose: Call the "sign" service.
+ *
+ * Arguments:
+ *
+ *      host            (r) the host providing the service
+ *      port            (r) the port to connect to on host
+ *      service_name    (r) the GSS-API service name to authenticate to
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to do authentication
+ *      wrap_flag       (r) whether to do message wrapping at all
+ *      encrypt_flag    (r) whether to do encryption while wrapping
+ *      mic_flag        (r) whether to request a MIC from the server
+ *      msg             (r) the message to have "signed"
+ *      use_file        (r) whether to treat msg as an input file name
+ *      mcount          (r) the number of times to send the message
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * call_server opens a TCP connection to <host:port> and establishes a
+ * GSS-API context with service_name over the connection.  It then
+ * seals msg in a GSS-API token with gss_wrap, sends it to the server,
+ * reads back a GSS-API signature block for msg from the server, and
+ * verifies it with gss_verify.  -1 is returned if any step fails,
+ * otherwise 0 is returned.  */
+static int
+call_server(host, port, oid, service_name, gss_flags, auth_flag,
+            wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
+            mcount, username, password)
+    char   *host;
+    u_short port;
+    gss_OID oid;
+    char   *service_name;
+    OM_uint32 gss_flags;
+    int     auth_flag, wrap_flag, encrypt_flag, mic_flag;
+    int     v1_format;
+    char   *msg;
+    int     use_file;
+    int     mcount;
+    char    *username;
+    char    *password;
+{
+    gss_ctx_id_t context = GSS_C_NO_CONTEXT;
+    gss_buffer_desc in_buf, out_buf;
+    int     s, state;
+    OM_uint32 ret_flags;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t src_name, targ_name;
+    gss_buffer_desc sname, tname;
+    OM_uint32 lifetime;
+    gss_OID mechanism, name_type;
+    int     is_local;
+    OM_uint32 context_flags;
+    int     is_open;
+    gss_qop_t qop_state;
+    gss_OID_set mech_names;
+    gss_buffer_desc oid_name;
+    size_t  i;
+    int     token_flags;
+
+    /* Open connection */
+    if ((s = connect_to_server(host, port)) < 0)
+        return -1;
+
+    /* Establish context */
+    if (client_establish_context(s, service_name, gss_flags, auth_flag,
+                                 v1_format, oid, username, password,
+                                 &context, &ret_flags) < 0) {
+        (void) closesocket(s);
+        return -1;
+    }
+
+    if (auth_flag && verbose) {
+        /* display the flags */
+        display_ctx_flags(ret_flags);
+
+        /* Get context information */
+        maj_stat = gss_inquire_context(&min_stat, context,
+                                       &src_name, &targ_name, &lifetime,
+                                       &mechanism, &context_flags,
+                                       &is_local, &is_open);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring context", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying source name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_display_name(&min_stat, targ_name, &tname,
+                                    (gss_OID *) NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying target name", maj_stat, min_stat);
+            return -1;
+        }
+        printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
+               (int) sname.length, (char *) sname.value,
+               (int) tname.length, (char *) tname.value, lifetime,
+               context_flags,
+               (is_local) ? "locally initiated" : "remotely initiated",
+               (is_open) ? "open" : "closed");
+
+        (void) gss_release_name(&min_stat, &src_name);
+        (void) gss_release_name(&min_stat, &targ_name);
+        (void) gss_release_buffer(&min_stat, &sname);
+        (void) gss_release_buffer(&min_stat, &tname);
+
+        maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Name type of source name is %.*s.\n",
+               (int) oid_name.length, (char *) oid_name.value);
+        (void) gss_release_buffer(&min_stat, &oid_name);
+
+        /* Now get the names supported by the mechanism */
+        maj_stat = gss_inquire_names_for_mech(&min_stat,
+                                              mechanism, &mech_names);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring mech names", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Mechanism %.*s supports %d names\n",
+               (int) oid_name.length, (char *) oid_name.value,
+               (int) mech_names->count);
+        (void) gss_release_buffer(&min_stat, &oid_name);
+
+        for (i = 0; i < mech_names->count; i++) {
+            maj_stat = gss_oid_to_str(&min_stat,
+                                      &mech_names->elements[i], &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            printf("  %d: %.*s\n", (int) i,
+                   (int) oid_name.length, (char *) oid_name.value);
+
+            (void) gss_release_buffer(&min_stat, &oid_name);
+        }
+        (void) gss_release_oid_set(&min_stat, &mech_names);
+    }
+
+    if (use_file) {
+        read_file(msg, &in_buf);
+    } else {
+        /* Seal the message */
+        in_buf.value = msg;
+        in_buf.length = strlen((char *)in_buf.value);
+    }
+
+    for (i = 0; i < (size_t)mcount; i++) {
+        if (wrap_flag) {
+            maj_stat =
+                gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
+                         &in_buf, &state, &out_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("wrapping message", maj_stat, min_stat);
+                (void) closesocket(s);
+                (void) gss_delete_sec_context(&min_stat, &context,
+                                              GSS_C_NO_BUFFER);
+                return -1;
+            } else if (encrypt_flag && !state) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+        } else {
+            out_buf = in_buf;
+        }
+
+        /* Send to server */
+        if (send_token(s, (v1_format ? 0
+                           : (TOKEN_DATA |
+                              (wrap_flag ? TOKEN_WRAPPED : 0) |
+                              (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+                              (mic_flag ? TOKEN_SEND_MIC : 0))),
+                       &out_buf) < 0) {
+            (void) closesocket(s);
+            (void) gss_delete_sec_context(&min_stat, &context,
+                                          GSS_C_NO_BUFFER);
+            return -1;
+        }
+        if (out_buf.value != in_buf.value)
+            (void) gss_release_buffer(&min_stat, &out_buf);
+
+        /* Read signature block into out_buf */
+        if (recv_token(s, &token_flags, &out_buf) < 0) {
+            (void) closesocket(s);
+            (void) gss_delete_sec_context(&min_stat, &context,
+                                          GSS_C_NO_BUFFER);
+            return -1;
+        }
+
+        if (mic_flag) {
+            /* Verify signature block */
+            maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
+                                      &out_buf, &qop_state);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("verifying signature", maj_stat, min_stat);
+                (void) closesocket(s);
+                (void) gss_delete_sec_context(&min_stat, &context,
+                                              GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (verbose)
+                printf("Signature verified.\n");
+        } else {
+            if (verbose)
+                printf("Response received.\n");
+        }
+
+        free(out_buf.value);
+    }
+
+    if (use_file)
+        free(in_buf.value);
+
+    /* Send NOOP */
+    if (!v1_format)
+        (void) send_token(s, TOKEN_NOOP, empty_token);
+
+    if (auth_flag) {
+        /* Delete context */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            (void) closesocket(s);
+            (void) gss_delete_sec_context(&min_stat, &context,
+                                          GSS_C_NO_BUFFER);
+            return -1;
+        }
+
+        (void) gss_release_buffer(&min_stat, &out_buf);
+    }
+
+    (void) closesocket(s);
+
+    return 0;
+}
+
+static void
+parse_oid(char *mechanism, gss_OID * oid)
+{
+    char   *mechstr = 0;
+    gss_buffer_desc tok;
+    OM_uint32 maj_stat, min_stat;
+    size_t i, mechlen = strlen(mechanism);
+
+    if (isdigit((int) mechanism[0])) {
+        mechstr = malloc(mechlen + 5);
+        if (!mechstr) {
+            fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
+            return;
+        }
+        mechstr[0] = '{';
+        mechstr[1] = ' ';
+        for (i = 0; i < mechlen; i++)
+            mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i];
+        mechstr[mechlen + 2] = ' ';
+        mechstr[mechlen + 3] = ' ';
+        mechstr[mechlen + 4] = '\0';
+        tok.value = mechstr;
+    } else
+        tok.value = mechanism;
+    tok.length = strlen(tok.value);
+    maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("str_to_oid", maj_stat, min_stat);
+        return;
+    }
+    if (mechstr)
+        free(mechstr);
+}
+
+static int max_threads = 1;
+
+#ifdef _WIN32
+static  thread_count = 0;
+static HANDLE hMutex = NULL;
+static HANDLE hEvent = NULL;
+
+void
+InitHandles(void)
+{
+    hMutex = CreateMutex(NULL, FALSE, NULL);
+    hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
+}
+
+void
+CleanupHandles(void)
+{
+    CloseHandle(hMutex);
+    CloseHandle(hEvent);
+}
+
+BOOL
+WaitAndIncrementThreadCounter(void)
+{
+    for (;;) {
+        if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+            if (thread_count < max_threads) {
+                thread_count++;
+                ReleaseMutex(hMutex);
+                return TRUE;
+            } else {
+                ReleaseMutex(hMutex);
+
+                if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+                    continue;
+                } else {
+                    return FALSE;
+                }
+            }
+        } else {
+            return FALSE;
+        }
+    }
+}
+
+BOOL
+DecrementAndSignalThreadCounter(void)
+{
+    if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+        if (thread_count == max_threads)
+            ResetEvent(hEvent);
+        thread_count--;
+        ReleaseMutex(hMutex);
+        return TRUE;
+    } else {
+        return FALSE;
+    }
+}
+#endif
+
+static char *service_name, *server_host, *msg;
+static char *mechanism = 0;
+static u_short port = 4444;
+static int use_file = 0;
+static OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+static OM_uint32 min_stat;
+static gss_OID oid = GSS_C_NULL_OID;
+static int mcount = 1, ccount = 1;
+static int auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format;
+static char *username = NULL;
+static char *password = NULL;
+
+static void
+worker_bee(void *unused)
+{
+    if (call_server(server_host, port, oid, service_name,
+                    gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+                    v1_format, msg, use_file, mcount, username, password) < 0)
+        exit(1);
+
+#ifdef _WIN32
+    if (max_threads > 1)
+        DecrementAndSignalThreadCounter();
+#endif
+}
+
+int
+main(argc, argv)
+    int     argc;
+    char  **argv;
+{
+    int     i;
+
+    display_file = stdout;
+    auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
+    v1_format = 0;
+
+    /* Parse arguments. */
+    argc--;
+    argv++;
+    while (argc) {
+        if (strcmp(*argv, "-port") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            port = atoi(*argv);
+        } else if (strcmp(*argv, "-mech") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            mechanism = *argv;
+        } else if (strcmp(*argv, "-user") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            username = *argv;
+        } else if (strcmp(*argv, "-pass") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            password = *argv;
+        } else if (strcmp(*argv, "-iakerb") == 0) {
+            mechanism = "{ 1 3 6 1 5 2 5 }";
+        } else if (strcmp(*argv, "-spnego") == 0) {
+            spnego = 1;
+        } else if (strcmp(*argv, "-krb5") == 0) {
+            mechanism = "{ 1 2 840 113554 1 2 2 }";
+#ifdef _WIN32
+        } else if (strcmp(*argv, "-threads") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            max_threads = atoi(*argv);
+#endif
+        } else if (strcmp(*argv, "-dce") == 0) {
+            gss_flags |= GSS_C_DCE_STYLE;
+        } else if (strcmp(*argv, "-d") == 0) {
+            gss_flags |= GSS_C_DELEG_FLAG;
+        } else if (strcmp(*argv, "-seq") == 0) {
+            gss_flags |= GSS_C_SEQUENCE_FLAG;
+        } else if (strcmp(*argv, "-noreplay") == 0) {
+            gss_flags &= ~GSS_C_REPLAY_FLAG;
+        } else if (strcmp(*argv, "-nomutual") == 0) {
+            gss_flags &= ~GSS_C_MUTUAL_FLAG;
+        } else if (strcmp(*argv, "-f") == 0) {
+            use_file = 1;
+        } else if (strcmp(*argv, "-q") == 0) {
+            verbose = 0;
+        } else if (strcmp(*argv, "-ccount") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            ccount = atoi(*argv);
+            if (ccount <= 0)
+                usage();
+        } else if (strcmp(*argv, "-mcount") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            mcount = atoi(*argv);
+            if (mcount < 0)
+                usage();
+        } else if (strcmp(*argv, "-na") == 0) {
+            auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
+        } else if (strcmp(*argv, "-nw") == 0) {
+            wrap_flag = 0;
+        } else if (strcmp(*argv, "-nx") == 0) {
+            encrypt_flag = 0;
+        } else if (strcmp(*argv, "-nm") == 0) {
+            mic_flag = 0;
+        } else if (strcmp(*argv, "-v1") == 0) {
+            v1_format = 1;
+        } else
+            break;
+        argc--;
+        argv++;
+    }
+    if (argc != 3)
+        usage();
+
+#ifdef _WIN32
+    if (max_threads < 1) {
+        fprintf(stderr, "warning: there must be at least one thread\n");
+        max_threads = 1;
+    }
+#endif
+
+    server_host = *argv++;
+    service_name = *argv++;
+    msg = *argv++;
+
+    if (mechanism)
+        parse_oid(mechanism, &oid);
+
+    if (max_threads == 1) {
+        for (i = 0; i < ccount; i++) {
+            worker_bee(0);
+        }
+    } else {
+#ifdef _WIN32
+        for (i = 0; i < ccount; i++) {
+            if (WaitAndIncrementThreadCounter()) {
+                uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0);
+                if (handle == (uintptr_t) - 1) {
+                    exit(1);
+                }
+            } else {
+                exit(1);
+            }
+        }
+#else
+        /* boom */
+        assert(max_threads == 1);
+#endif
+    }
+
+    if (oid != GSS_C_NULL_OID)
+        (void) gss_release_oid(&min_stat, &oid);
+
+#ifdef _WIN32
+    CleanupHandles();
+#endif
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/appl/gss-sample/gss-misc.c b/krb5-1.21.3/src/appl/gss-sample/gss-misc.c
new file mode 100644
index 00000000..1d051edf
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/gss-misc.c
@@ -0,0 +1,425 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <autoconf.h>
+
+#include <stdio.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <winsock.h>
+#else
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#endif
+#include <errno.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+
+/* need struct timeval */
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#else
+#include <time.h>
+#endif
+
+#include <gssapi/gssapi_generic.h>
+#include "gss-misc.h"
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#else
+extern char *malloc();
+#endif
+
+FILE   *display_file;
+
+gss_buffer_desc empty_token_buf = { 0, (void *) "" };
+gss_buffer_t empty_token = &empty_token_buf;
+
+static void display_status_1(char *m, OM_uint32 code, int type);
+
+static int
+write_all(int fildes, const void *data, unsigned int nbyte)
+{
+    int ret;
+    const char *ptr, *buf = data;
+
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+        ret = send(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            if (errno == EINTR)
+                continue;
+            return (ret);
+        } else if (ret == 0) {
+            return (ptr - buf);
+        }
+    }
+
+    return (ptr - buf);
+}
+
+static int
+read_all(int fildes, void *data, unsigned int nbyte)
+{
+    int     ret;
+    char   *ptr, *buf = data;
+    fd_set  rfds;
+    struct timeval tv;
+
+    FD_ZERO(&rfds);
+    FD_SET(fildes, &rfds);
+    tv.tv_sec = 300;
+    tv.tv_usec = 0;
+
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+        if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
+            || !FD_ISSET(fildes, &rfds))
+            return (ptr - buf);
+        ret = recv(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            if (errno == EINTR)
+                continue;
+            return (ret);
+        } else if (ret == 0) {
+            return (ptr - buf);
+        }
+    }
+
+    return (ptr - buf);
+}
+
+/*
+ * Function: send_token
+ *
+ * Purpose: Writes a token to a file descriptor.
+ *
+ * Arguments:
+ *
+ *      s               (r) an open file descriptor
+ *      flags           (r) the flags to write
+ *      tok             (r) the token to write
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * If the flags are non-null, send_token writes the token flags (a
+ * single byte, even though they're passed in in an integer). Next,
+ * the token length (as a network long) and then the token data are
+ * written to the file descriptor s.  It returns 0 on success, and -1
+ * if an error occurs or if it could not write all the data.
+ */
+int
+send_token(s, flags, tok)
+    int     s;
+    int     flags;
+    gss_buffer_t tok;
+{
+    int     ret;
+    unsigned char char_flags = (unsigned char) flags;
+    unsigned char lenbuf[4];
+
+    if (char_flags) {
+        ret = write_all(s, (char *) &char_flags, 1);
+        if (ret != 1) {
+            perror("sending token flags");
+            return -1;
+        }
+    }
+    if (tok->length > 0xffffffffUL)
+        abort();
+    lenbuf[0] = (tok->length >> 24) & 0xff;
+    lenbuf[1] = (tok->length >> 16) & 0xff;
+    lenbuf[2] = (tok->length >> 8) & 0xff;
+    lenbuf[3] = tok->length & 0xff;
+
+    ret = write_all(s, lenbuf, 4);
+    if (ret < 0) {
+        perror("sending token length");
+        return -1;
+    } else if (ret != 4) {
+        if (display_file)
+            fprintf(display_file,
+                    "sending token length: %d of %d bytes written\n", ret, 4);
+        return -1;
+    }
+
+    ret = write_all(s, tok->value, tok->length);
+    if (ret < 0) {
+        perror("sending token data");
+        return -1;
+    } else if ((size_t)ret != tok->length) {
+        if (display_file)
+            fprintf(display_file,
+                    "sending token data: %d of %d bytes written\n",
+                    ret, (int) tok->length);
+        return -1;
+    }
+
+    return 0;
+}
+
+/*
+ * Function: recv_token
+ *
+ * Purpose: Reads a token from a file descriptor.
+ *
+ * Arguments:
+ *
+ *      s               (r) an open file descriptor
+ *      flags           (w) the read flags
+ *      tok             (w) the read token
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * recv_token reads the token flags (a single byte, even though
+ * they're stored into an integer, then reads the token length (as a
+ * network long), allocates memory to hold the data, and then reads
+ * the token data from the file descriptor s.  It blocks to read the
+ * length and data, if necessary.  On a successful return, the token
+ * should be freed with gss_release_buffer.  It returns 0 on success,
+ * and -1 if an error occurs or if it could not read all the data.
+ */
+int
+recv_token(s, flags, tok)
+    int     s;
+    int    *flags;
+    gss_buffer_t tok;
+{
+    int     ret;
+    unsigned char char_flags;
+    unsigned char lenbuf[4];
+
+    ret = read_all(s, (char *) &char_flags, 1);
+    if (ret < 0) {
+        perror("reading token flags");
+        return -1;
+    } else if (!ret) {
+        if (display_file)
+            fputs("reading token flags: 0 bytes read\n", display_file);
+        return -1;
+    } else {
+        *flags = (int) char_flags;
+    }
+
+    if (char_flags == 0) {
+        lenbuf[0] = 0;
+        ret = read_all(s, &lenbuf[1], 3);
+        if (ret < 0) {
+            perror("reading token length");
+            return -1;
+        } else if (ret != 3) {
+            if (display_file)
+                fprintf(display_file,
+                        "reading token length: %d of %d bytes read\n", ret, 3);
+            return -1;
+        }
+    } else {
+        ret = read_all(s, lenbuf, 4);
+        if (ret < 0) {
+            perror("reading token length");
+            return -1;
+        } else if (ret != 4) {
+            if (display_file)
+                fprintf(display_file,
+                        "reading token length: %d of %d bytes read\n", ret, 4);
+            return -1;
+        }
+    }
+
+    tok->length = ((lenbuf[0] << 24)
+                   | (lenbuf[1] << 16)
+                   | (lenbuf[2] << 8)
+                   | lenbuf[3]);
+    tok->value = (char *) malloc(tok->length ? tok->length : 1);
+    if (tok->length && tok->value == NULL) {
+        if (display_file)
+            fprintf(display_file, "Out of memory allocating token data\n");
+        return -1;
+    }
+
+    ret = read_all(s, (char *) tok->value, tok->length);
+    if (ret < 0) {
+        perror("reading token data");
+        free(tok->value);
+        return -1;
+    } else if ((size_t)ret != tok->length) {
+        fprintf(stderr, "sending token data: %d of %d bytes written\n",
+                ret, (int) tok->length);
+        free(tok->value);
+        return -1;
+    }
+
+    return 0;
+}
+
+static void
+display_status_1(m, code, type)
+    char   *m;
+    OM_uint32 code;
+    int     type;
+{
+    OM_uint32 min_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+                                  &msg_ctx, &msg);
+        if (display_file)
+            fprintf(display_file, "GSS-API error %s: %s\n", m,
+                    (char *) msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
+}
+
+/*
+ * Function: display_status
+ *
+ * Purpose: displays GSS-API messages
+ *
+ * Arguments:
+ *
+ *      msg             a string to be displayed with the message
+ *      maj_stat        the GSS-API major status code
+ *      min_stat        the GSS-API minor status code
+ *
+ * Effects:
+ *
+ * The GSS-API messages associated with maj_stat and min_stat are
+ * displayed on stderr, each preceded by "GSS-API error <msg>: " and
+ * followed by a newline.
+ */
+void
+display_status(msg, maj_stat, min_stat)
+    char   *msg;
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
+{
+    display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
+    display_status_1(msg, min_stat, GSS_C_MECH_CODE);
+}
+
+/*
+ * Function: display_ctx_flags
+ *
+ * Purpose: displays the flags returned by context initiation in
+ *          a human-readable form
+ *
+ * Arguments:
+ *
+ *      int             ret_flags
+ *
+ * Effects:
+ *
+ * Strings corresponding to the context flags are printed on
+ * stdout, preceded by "context flag: " and followed by a newline
+ */
+
+void
+display_ctx_flags(flags)
+    OM_uint32 flags;
+{
+    if (flags & GSS_C_DELEG_FLAG)
+        fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
+    if (flags & GSS_C_MUTUAL_FLAG)
+        fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
+    if (flags & GSS_C_REPLAY_FLAG)
+        fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
+    if (flags & GSS_C_SEQUENCE_FLAG)
+        fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
+    if (flags & GSS_C_CONF_FLAG)
+        fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
+    if (flags & GSS_C_INTEG_FLAG)
+        fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
+}
+
+void
+print_token(tok)
+    gss_buffer_t tok;
+{
+    unsigned int   i;
+    unsigned char *p = tok->value;
+
+    if (!display_file)
+        return;
+    for (i = 0; i < tok->length; i++, p++) {
+        fprintf(display_file, "%02x ", *p);
+        if ((i % 16) == 15) {
+            fprintf(display_file, "\n");
+        }
+    }
+    fprintf(display_file, "\n");
+    fflush(display_file);
+}
+
+#ifdef _WIN32
+#include <sys\timeb.h>
+#include <time.h>
+
+int
+gettimeofday(struct timeval *tv, void *ignore_tz)
+{
+    struct _timeb tb;
+    _tzset();
+    _ftime(&tb);
+    if (tv) {
+        tv->tv_sec = tb.time;
+        tv->tv_usec = tb.millitm * 1000;
+    }
+    return 0;
+}
+#endif /* _WIN32 */
diff --git a/krb5-1.21.3/src/appl/gss-sample/gss-misc.h b/krb5-1.21.3/src/appl/gss-sample/gss-misc.h
new file mode 100644
index 00000000..98bcc222
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/gss-misc.h
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#ifndef _GSSMISC_H_
+#define _GSSMISC_H_
+
+#include <gssapi/gssapi_generic.h>
+#include <stdio.h>
+
+extern FILE *display_file;
+
+int send_token(int s, int flags, gss_buffer_t tok);
+int recv_token(int s, int *flags, gss_buffer_t tok);
+void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
+void display_ctx_flags(OM_uint32 flags);
+void print_token(gss_buffer_t tok);
+
+/* Token types */
+#define TOKEN_NOOP              (1<<0)
+#define TOKEN_CONTEXT           (1<<1)
+#define TOKEN_DATA              (1<<2)
+#define TOKEN_MIC               (1<<3)
+
+/* Token flags */
+#define TOKEN_CONTEXT_NEXT      (1<<4)
+#define TOKEN_WRAPPED           (1<<5)
+#define TOKEN_ENCRYPTED         (1<<6)
+#define TOKEN_SEND_MIC          (1<<7)
+
+extern gss_buffer_t empty_token;
+
+#endif
diff --git a/krb5-1.21.3/src/appl/gss-sample/gss-server.c b/krb5-1.21.3/src/appl/gss-sample/gss-server.c
new file mode 100644
index 00000000..9b6ce9ff
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/gss-server.c
@@ -0,0 +1,912 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (C) 2004,2005 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <winsock.h>
+#else
+#include "port-sockets.h"
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <stdlib.h>
+#include <ctype.h>
+
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+#include "gss-misc.h"
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+
+static OM_uint32
+enumerateAttributes(OM_uint32 *minor, gss_name_t name, int noisy);
+static OM_uint32
+showLocalIdentity(OM_uint32 *minor, gss_name_t name);
+
+static void
+usage()
+{
+    fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]");
+#ifdef _WIN32
+    fprintf(stderr, " [-threads num]");
+#endif
+    fprintf(stderr, "\n");
+    fprintf(stderr,
+            "       [-inetd] [-export] [-logfile file] [-keytab keytab]\n"
+            "       service_name\n");
+    exit(1);
+}
+
+static FILE *logfile;
+
+int     verbose = 0;
+
+/*
+ * Function: server_acquire_creds
+ *
+ * Purpose: imports a service name and acquires credentials for it
+ *
+ * Arguments:
+ *
+ *      service_name    (r) the ASCII service name
+ *      mech            (r) the desired mechanism (or GSS_C_NO_OID)
+ *      server_creds    (w) the GSS-API service credentials
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * The service name is imported with gss_import_name, and service
+ * credentials are acquired with gss_acquire_cred.  If either operation
+ * fails, an error message is displayed and -1 is returned; otherwise,
+ * 0 is returned.  If mech is given, credentials are acquired for the
+ * specified mechanism.
+ */
+
+static int
+server_acquire_creds(char *service_name, gss_OID mech,
+                     gss_cred_id_t *server_creds)
+{
+    gss_buffer_desc name_buf;
+    gss_name_t server_name;
+    OM_uint32 maj_stat, min_stat;
+    gss_OID_set_desc mechlist;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
+
+    name_buf.value = service_name;
+    name_buf.length = strlen(name_buf.value) + 1;
+    maj_stat = gss_import_name(&min_stat, &name_buf,
+                               (gss_OID) gss_nt_service_name, &server_name);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("importing name", maj_stat, min_stat);
+        return -1;
+    }
+
+    if (mech != GSS_C_NO_OID) {
+        mechlist.count = 1;
+        mechlist.elements = mech;
+        mechs = &mechlist;
+    }
+    maj_stat = gss_acquire_cred(&min_stat, server_name, 0, mechs, GSS_C_ACCEPT,
+                                server_creds, NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("acquiring credentials", maj_stat, min_stat);
+        return -1;
+    }
+
+    (void) gss_release_name(&min_stat, &server_name);
+
+    return 0;
+}
+
+/*
+ * Function: server_establish_context
+ *
+ * Purpose: establishses a GSS-API context as a specified service with
+ * an incoming client, and returns the context handle and associated
+ * client name
+ *
+ * Arguments:
+ *
+ *      s               (r) an established TCP connection to the client
+ *      service_creds   (r) server credentials, from gss_acquire_cred
+ *      context         (w) the established GSS-API context
+ *      client_name     (w) the client's ASCII name
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * Any valid client request is accepted.  If a context is established,
+ * its handle is returned in context and the client name is returned
+ * in client_name and 0 is returned.  If unsuccessful, an error
+ * message is displayed and -1 is returned.
+ */
+static int
+server_establish_context(int s, gss_cred_id_t server_creds,
+                         gss_ctx_id_t *context, gss_buffer_t client_name,
+                         OM_uint32 *ret_flags)
+{
+    gss_buffer_desc send_tok, recv_tok;
+    gss_name_t client;
+    gss_OID doid;
+    OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
+    gss_buffer_desc oid_name;
+    int     token_flags;
+
+    if (recv_token(s, &token_flags, &recv_tok) < 0)
+        return -1;
+
+    if (recv_tok.value) {
+        free(recv_tok.value);
+        recv_tok.value = NULL;
+    }
+
+    if (!(token_flags & TOKEN_NOOP)) {
+        if (logfile)
+            fprintf(logfile, "Expected NOOP token, got %d token instead\n",
+                    token_flags);
+        return -1;
+    }
+
+    *context = GSS_C_NO_CONTEXT;
+
+    if (token_flags & TOKEN_CONTEXT_NEXT) {
+        do {
+            if (recv_token(s, &token_flags, &recv_tok) < 0)
+                return -1;
+
+            if (verbose && logfile) {
+                fprintf(logfile, "Received token (size=%d): \n",
+                        (int) recv_tok.length);
+                print_token(&recv_tok);
+            }
+
+            maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context,
+                                              server_creds, &recv_tok,
+                                              GSS_C_NO_CHANNEL_BINDINGS,
+                                              &client, &doid, &send_tok,
+                                              ret_flags,
+                                              NULL,  /* time_rec */
+                                              NULL); /* del_cred_handle */
+
+            if (recv_tok.value) {
+                free(recv_tok.value);
+                recv_tok.value = NULL;
+            }
+
+            if (send_tok.length != 0) {
+                if (verbose && logfile) {
+                    fprintf(logfile,
+                            "Sending accept_sec_context token (size=%d):\n",
+                            (int) send_tok.length);
+                    print_token(&send_tok);
+                }
+                if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+                    if (logfile)
+                        fprintf(logfile, "failure sending token\n");
+                    return -1;
+                }
+
+                (void) gss_release_buffer(&min_stat, &send_tok);
+            }
+            if (maj_stat != GSS_S_COMPLETE
+                && maj_stat != GSS_S_CONTINUE_NEEDED) {
+                display_status("accepting context", maj_stat,
+                               acc_sec_min_stat);
+                if (*context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, context,
+                                           GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (verbose && logfile) {
+                if (maj_stat == GSS_S_CONTINUE_NEEDED)
+                    fprintf(logfile, "continue needed...\n");
+                else
+                    fprintf(logfile, "\n");
+                fflush(logfile);
+            }
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        /* display the flags */
+        display_ctx_flags(*ret_flags);
+
+        if (verbose && logfile) {
+            maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
+                    (int) oid_name.length, (char *) oid_name.value);
+            (void) gss_release_buffer(&min_stat, &oid_name);
+        }
+
+        maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying name", maj_stat, min_stat);
+            return -1;
+        }
+        enumerateAttributes(&min_stat, client, TRUE);
+        showLocalIdentity(&min_stat, client);
+        maj_stat = gss_release_name(&min_stat, &client);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("releasing name", maj_stat, min_stat);
+            return -1;
+        }
+    } else {
+        client_name->length = *ret_flags = 0;
+
+        if (logfile)
+            fprintf(logfile, "Accepted unauthenticated connection.\n");
+    }
+
+    return 0;
+}
+
+/*
+ * Function: create_socket
+ *
+ * Purpose: Opens a listening TCP socket.
+ *
+ * Arguments:
+ *
+ *      port            (r) the port number on which to listen
+ *
+ * Returns: the listening socket file descriptor, or -1 on failure
+ *
+ * Effects:
+ *
+ * A listening socket on the specified port and created and returned.
+ * On error, an error message is displayed and -1 is returned.
+ */
+static int
+create_socket(u_short port)
+{
+    struct sockaddr_in saddr;
+    int     s;
+    int     on = 1;
+
+    saddr.sin_family = AF_INET;
+    saddr.sin_port = htons(port);
+    saddr.sin_addr.s_addr = INADDR_ANY;
+
+    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        perror("creating socket");
+        return -1;
+    }
+    /* Let the socket be reused right away */
+    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on));
+    if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
+        perror("binding socket");
+        (void) closesocket(s);
+        return -1;
+    }
+    if (listen(s, 5) < 0) {
+        perror("listening on socket");
+        (void) closesocket(s);
+        return -1;
+    }
+    return s;
+}
+
+static float
+timeval_subtract(struct timeval *tv1, struct timeval *tv2)
+{
+    return ((tv1->tv_sec - tv2->tv_sec) +
+            ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+}
+
+/*
+ * Yes, yes, this isn't the best place for doing this test.
+ * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
+ *                                      -TYT
+ */
+static int
+test_import_export_context(gss_ctx_id_t *context)
+{
+    OM_uint32 min_stat, maj_stat;
+    gss_buffer_desc context_token, copied_token;
+    struct timeval tm1, tm2;
+
+    /*
+     * Attempt to save and then restore the context.
+     */
+    gettimeofday(&tm1, (struct timezone *) 0);
+    maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("exporting context", maj_stat, min_stat);
+        return 1;
+    }
+    gettimeofday(&tm2, (struct timezone *) 0);
+    if (verbose && logfile)
+        fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
+                (int) context_token.length, timeval_subtract(&tm2, &tm1));
+    copied_token.length = context_token.length;
+    copied_token.value = malloc(context_token.length);
+    if (copied_token.value == 0) {
+        if (logfile)
+            fprintf(logfile,
+                    "Couldn't allocate memory to copy context token.\n");
+        return 1;
+    }
+    memcpy(copied_token.value, context_token.value, copied_token.length);
+    maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("importing context", maj_stat, min_stat);
+        return 1;
+    }
+    free(copied_token.value);
+    gettimeofday(&tm1, (struct timezone *) 0);
+    if (verbose && logfile)
+        fprintf(logfile, "Importing context: %7.4f seconds\n",
+                timeval_subtract(&tm1, &tm2));
+    (void) gss_release_buffer(&min_stat, &context_token);
+    return 0;
+}
+
+/*
+ * Function: sign_server
+ *
+ * Purpose: Performs the "sign" service.
+ *
+ * Arguments:
+ *
+ *      s               (r) a TCP socket on which a connection has been
+ *                      accept()ed
+ *      service_name    (r) the ASCII name of the GSS-API service to
+ *                      establish a context as
+ *      export          (r) whether to test context exporting
+ *
+ * Returns: -1 on error
+ *
+ * Effects:
+ *
+ * sign_server establishes a context, and performs a single sign request.
+ *
+ * A sign request is a single GSS-API sealed token.  The token is
+ * unsealed and a signature block, produced with gss_sign, is returned
+ * to the sender.  The context is the destroyed and the connection
+ * closed.
+ *
+ * If any error occurs, -1 is returned.
+ */
+static int
+sign_server(int s, gss_cred_id_t server_creds, int export)
+{
+    gss_buffer_desc client_name, recv_buf, unwrap_buf, mic_buf, *msg_buf, *send_buf;
+    gss_ctx_id_t context;
+    OM_uint32 maj_stat, min_stat;
+    int     i, conf_state;
+    OM_uint32 ret_flags;
+    char   *cp;
+    int     token_flags;
+    int     send_flags;
+
+    /* Establish a context with the client */
+    if (server_establish_context(s, server_creds, &context,
+                                 &client_name, &ret_flags) < 0)
+        return (-1);
+
+    if (context == GSS_C_NO_CONTEXT) {
+        printf("Accepted unauthenticated connection.\n");
+    } else {
+        printf("Accepted connection: \"%.*s\"\n",
+               (int) client_name.length, (char *) client_name.value);
+        (void) gss_release_buffer(&min_stat, &client_name);
+
+        if (export) {
+            for (i = 0; i < 3; i++)
+                if (test_import_export_context(&context))
+                    return -1;
+        }
+    }
+
+    do {
+        /* Receive the message token */
+        if (recv_token(s, &token_flags, &recv_buf) < 0)
+            return (-1);
+
+        if (token_flags & TOKEN_NOOP) {
+            if (logfile)
+                fprintf(logfile, "NOOP token\n");
+            if (recv_buf.value) {
+                free(recv_buf.value);
+                recv_buf.value = 0;
+            }
+            break;
+        }
+
+        if (verbose && logfile) {
+            fprintf(logfile, "Message token (flags=%d):\n", token_flags);
+            print_token(&recv_buf);
+        }
+
+        if ((context == GSS_C_NO_CONTEXT) &&
+            (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC)))
+        {
+            if (logfile)
+                fprintf(logfile,
+                        "Unauthenticated client requested authenticated services!\n");
+            if (recv_buf.value) {
+                free(recv_buf.value);
+                recv_buf.value = 0;
+            }
+            return (-1);
+        }
+
+        if (token_flags & TOKEN_WRAPPED) {
+            maj_stat = gss_unwrap(&min_stat, context, &recv_buf, &unwrap_buf,
+                                  &conf_state, (gss_qop_t *) NULL);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("unsealing message", maj_stat, min_stat);
+                if (recv_buf.value) {
+                    free(recv_buf.value);
+                    recv_buf.value = 0;
+                }
+                return (-1);
+            } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+
+            if (recv_buf.value) {
+                free(recv_buf.value);
+                recv_buf.value = 0;
+            }
+            msg_buf = &unwrap_buf;
+        } else {
+            unwrap_buf.value = NULL;
+            unwrap_buf.length = 0;
+            msg_buf = &recv_buf;
+        }
+
+        if (logfile) {
+            fprintf(logfile, "Received message: ");
+            cp = msg_buf->value;
+            if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
+                (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+                fprintf(logfile, "\"%.*s\"\n", (int) msg_buf->length,
+                        (char *) msg_buf->value);
+            } else {
+                fprintf(logfile, "\n");
+                print_token(msg_buf);
+            }
+        }
+
+        if (token_flags & TOKEN_SEND_MIC) {
+            /* Produce a signature block for the message */
+            maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+                                   msg_buf, &mic_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("signing message", maj_stat, min_stat);
+                return (-1);
+            }
+            send_flags = TOKEN_MIC;
+            send_buf = &mic_buf;
+        } else {
+            mic_buf.value = NULL;
+            mic_buf.length = 0;
+            send_flags = TOKEN_NOOP;
+            send_buf = empty_token;
+        }
+        if (recv_buf.value) {
+            free(recv_buf.value);
+            recv_buf.value = NULL;
+        }
+        if (unwrap_buf.value) {
+            gss_release_buffer(&min_stat, &unwrap_buf);
+        }
+
+        /* Send the signature block or NOOP to the client */
+        if (send_token(s, send_flags, send_buf) < 0)
+            return (-1);
+
+        if (mic_buf.value) {
+            gss_release_buffer(&min_stat, &mic_buf);
+        }
+    } while (1 /* loop will break if NOOP received */ );
+
+    if (context != GSS_C_NO_CONTEXT) {
+        /* Delete context */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            return (-1);
+        }
+    }
+
+    if (logfile)
+        fflush(logfile);
+
+    return (0);
+}
+
+static int max_threads = 1;
+
+#ifdef _WIN32
+static  thread_count = 0;
+static HANDLE hMutex = NULL;
+static HANDLE hEvent = NULL;
+
+void
+InitHandles(void)
+{
+    hMutex = CreateMutex(NULL, FALSE, NULL);
+    hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
+}
+
+void
+CleanupHandles(void)
+{
+    CloseHandle(hMutex);
+    CloseHandle(hEvent);
+}
+
+BOOL
+WaitAndIncrementThreadCounter(void)
+{
+    for (;;) {
+        if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+            if (thread_count < max_threads) {
+                thread_count++;
+                ReleaseMutex(hMutex);
+                return TRUE;
+            } else {
+                ReleaseMutex(hMutex);
+
+                if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+                    continue;
+                } else {
+                    return FALSE;
+                }
+            }
+        } else {
+            return FALSE;
+        }
+    }
+}
+
+BOOL
+DecrementAndSignalThreadCounter(void)
+{
+    if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+        if (thread_count == max_threads)
+            ResetEvent(hEvent);
+        thread_count--;
+        ReleaseMutex(hMutex);
+        return TRUE;
+    } else {
+        return FALSE;
+    }
+}
+#endif
+
+struct _work_plan
+{
+    int     s;
+    gss_cred_id_t server_creds;
+    int     export;
+};
+
+static void
+worker_bee(void *param)
+{
+    struct _work_plan *work = (struct _work_plan *) param;
+
+    /* this return value is not checked, because there's
+     * not really anything to do if it fails
+     */
+    sign_server(work->s, work->server_creds, work->export);
+    closesocket(work->s);
+    free(work);
+
+#ifdef _WIN32
+    if (max_threads > 1)
+        DecrementAndSignalThreadCounter();
+#endif
+}
+
+int
+main(int argc, char **argv)
+{
+    char   *service_name;
+    gss_cred_id_t server_creds;
+    gss_OID mech = GSS_C_NO_OID;
+    OM_uint32 min_stat;
+    u_short port = 4444;
+    int     once = 0;
+    int     do_inetd = 0;
+    int     export = 0;
+
+    logfile = stdout;
+    display_file = stdout;
+    argc--;
+    argv++;
+    while (argc) {
+        if (strcmp(*argv, "-port") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            port = atoi(*argv);
+        }
+#ifdef _WIN32
+        else if (strcmp(*argv, "-threads") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            max_threads = atoi(*argv);
+        }
+#endif
+        else if (strcmp(*argv, "-verbose") == 0) {
+            verbose = 1;
+        } else if (strcmp(*argv, "-once") == 0) {
+            once = 1;
+        } else if (strcmp(*argv, "-inetd") == 0) {
+            do_inetd = 1;
+        } else if (strcmp(*argv, "-export") == 0) {
+            export = 1;
+        } else if (strcmp(*argv, "-logfile") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            /* Gross hack, but it makes it unnecessary to add an
+             * extra argument to disable logging, and makes the code
+             * more efficient because it doesn't actually write data
+             * to /dev/null. */
+            if (!strcmp(*argv, "/dev/null")) {
+                logfile = display_file = NULL;
+            } else {
+                logfile = fopen(*argv, "a");
+                display_file = logfile;
+                if (!logfile) {
+                    perror(*argv);
+                    exit(1);
+                }
+            }
+        } else if (strcmp(*argv, "-keytab") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            if (krb5_gss_register_acceptor_identity(*argv)) {
+                fprintf(stderr, "failed to register keytab\n");
+                exit(1);
+            }
+        } else if (strcmp(*argv, "-iakerb") == 0) {
+            mech = (gss_OID)gss_mech_iakerb;
+        } else
+            break;
+        argc--;
+        argv++;
+    }
+    if (argc != 1)
+        usage();
+
+    if ((*argv)[0] == '-')
+        usage();
+
+#ifdef _WIN32
+    if (max_threads < 1) {
+        fprintf(stderr, "warning: there must be at least one thread\n");
+        max_threads = 1;
+    }
+
+    if (max_threads > 1 && do_inetd)
+        fprintf(stderr,
+                "warning: one thread may be used in conjunction with inetd\n");
+
+    InitHandles();
+#endif
+
+    service_name = *argv;
+
+    if (server_acquire_creds(service_name, mech, &server_creds) < 0)
+        return -1;
+
+    if (do_inetd) {
+        close(1);
+        close(2);
+
+        sign_server(0, server_creds, export);
+        close(0);
+    } else {
+        int     stmp;
+
+        if ((stmp = create_socket(port)) >= 0) {
+            fprintf(stderr, "starting...\n");
+
+            do {
+                struct _work_plan *work = malloc(sizeof(struct _work_plan));
+
+                if (work == NULL) {
+                    fprintf(stderr, "fatal error: out of memory");
+                    break;
+                }
+
+                /* Accept a TCP connection */
+                if ((work->s = accept(stmp, NULL, 0)) < 0) {
+                    perror("accepting connection");
+                    free(work);
+                    continue;
+                }
+
+                work->server_creds = server_creds;
+                work->export = export;
+
+                if (max_threads == 1) {
+                    worker_bee((void *) work);
+                }
+#ifdef _WIN32
+                else {
+                    if (WaitAndIncrementThreadCounter()) {
+                        uintptr_t handle =
+                            _beginthread(worker_bee, 0, (void *) work);
+                        if (handle == (uintptr_t) - 1) {
+                            closesocket(work->s);
+                            free(work);
+                        }
+                    } else {
+                        fprintf(stderr,
+                                "fatal error incrementing thread counter");
+                        closesocket(work->s);
+                        free(work);
+                        break;
+                    }
+                }
+#endif
+            } while (!once);
+
+            closesocket(stmp);
+        }
+    }
+
+    (void) gss_release_cred(&min_stat, &server_creds);
+
+#ifdef _WIN32
+    CleanupHandles();
+#endif
+
+    return 0;
+}
+
+static void
+dumpAttribute(OM_uint32 *minor,
+              gss_name_t name,
+              gss_buffer_t attribute,
+              int noisy)
+{
+    OM_uint32 major, tmp;
+    gss_buffer_desc value;
+    gss_buffer_desc display_value;
+    int authenticated = 0;
+    int complete = 0;
+    int more = -1;
+    unsigned int i;
+
+    while (more != 0) {
+        value.value = NULL;
+        display_value.value = NULL;
+
+        major = gss_get_name_attribute(minor, name, attribute, &authenticated,
+                                       &complete, &value, &display_value,
+                                       &more);
+        if (GSS_ERROR(major)) {
+            display_status("gss_get_name_attribute", major, *minor);
+            break;
+        }
+
+        printf("Attribute %.*s %s %s\n\n%.*s\n",
+               (int)attribute->length, (char *)attribute->value,
+               authenticated ? "Authenticated" : "",
+               complete ? "Complete" : "",
+               (int)display_value.length, (char *)display_value.value);
+
+        if (noisy) {
+            for (i = 0; i < value.length; i++) {
+                if ((i % 32) == 0)
+                    printf("\n");
+                printf("%02x", ((char *)value.value)[i] & 0xFF);
+            }
+            printf("\n\n");
+        }
+
+        gss_release_buffer(&tmp, &value);
+        gss_release_buffer(&tmp, &display_value);
+    }
+}
+
+static OM_uint32
+enumerateAttributes(OM_uint32 *minor,
+                    gss_name_t name,
+                    int noisy)
+{
+    OM_uint32 major, tmp;
+    int name_is_MN;
+    gss_OID mech = GSS_C_NO_OID;
+    gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
+    unsigned int i;
+
+    major = gss_inquire_name(minor, name, &name_is_MN, &mech, &attrs);
+    if (GSS_ERROR(major)) {
+        display_status("gss_inquire_name", major, *minor);
+        return major;
+    }
+
+    if (attrs != GSS_C_NO_BUFFER_SET) {
+        for (i = 0; i < attrs->count; i++)
+            dumpAttribute(minor, name, &attrs->elements[i], noisy);
+    }
+
+    gss_release_oid(&tmp, &mech);
+    gss_release_buffer_set(&tmp, &attrs);
+
+    return major;
+}
+
+static OM_uint32
+showLocalIdentity(OM_uint32 *minor, gss_name_t name)
+{
+    OM_uint32 major;
+    gss_buffer_desc buf;
+
+    major = gss_localname(minor, name, GSS_C_NO_OID, &buf);
+    if (major == GSS_S_COMPLETE)
+        printf("localname: %-*s\n", (int)buf.length, (char *)buf.value);
+    else if (major != GSS_S_UNAVAILABLE)
+        display_status("gss_localname", major, *minor);
+    gss_release_buffer(minor, &buf);
+    return major;
+}
diff --git a/krb5-1.21.3/src/appl/gss-sample/t_gss_sample.py b/krb5-1.21.3/src/appl/gss-sample/t_gss_sample.py
new file mode 100755
index 00000000..36083591
--- /dev/null
+++ b/krb5-1.21.3/src/appl/gss-sample/t_gss_sample.py
@@ -0,0 +1,133 @@
+# Copyright (C) 2010 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+appdir = os.path.join(buildtop, 'appl', 'gss-sample')
+gss_client = os.path.join(appdir, 'gss-client')
+gss_server = os.path.join(appdir, 'gss-server')
+
+# Run a gss-server process and a gss-client process, with additional
+# gss-client flags given by options and additional gss-server flags
+# given by server_options.  Return the output of gss-client.
+def run_client_server(realm, options, server_options, **kwargs):
+    portstr = str(realm.server_port())
+    server_args = [gss_server, '-export', '-port', portstr]
+    server_args += server_options + ['host']
+    server = realm.start_server(server_args, 'starting...')
+    realm.run([gss_client, '-port', portstr] + options +
+              [hostname, 'host', 'testmsg'], **kwargs)
+
+    seen1 = seen2 = False
+    while 'expected_code' not in kwargs and not (seen1 and seen2):
+        line = server.stdout.readline()
+        if line == '':
+            fail('gss-server process exited unexpectedly')
+        if line == 'Accepted connection: "user@KRBTEST.COM"\n':
+            seen1 = True
+        if line == 'Received message: "testmsg"\n':
+            seen2 = True
+
+    stop_daemon(server)
+
+# Run a gss-server and gss-client process, and verify that gss-client
+# displayed the expected output for a successful negotiation.
+def server_client_test(realm, options, server_options):
+    run_client_server(realm, options, server_options,
+                      expected_msg='Signature verified.')
+
+# Make up a filename to hold user's initial credentials.
+def ccache_savefile(realm):
+    return os.path.join(realm.testdir, 'ccache.copy')
+
+# Move user's initial credentials into the save file.
+def ccache_save(realm):
+    os.rename(realm.ccache, ccache_savefile(realm))
+
+# Copy user's initial credentials from the save file into the ccache.
+def ccache_restore(realm):
+    shutil.copyfile(ccache_savefile(realm), realm.ccache)
+
+# Perform a regular (TGS path) test of the server and client.
+def tgs_test(realm, options, server_options=[]):
+    ccache_restore(realm)
+    server_client_test(realm, options, server_options)
+    realm.klist(realm.user_princ, realm.host_princ)
+
+# Perform a test of the server and client with initial credentials
+# obtained through gss_acquire_cred_with_password().
+def pw_test(realm, options, server_options=[]):
+    if os.path.exists(realm.ccache):
+        os.remove(realm.ccache)
+    options = options + ['-user', realm.user_princ, '-pass', password('user')]
+    server_client_test(realm, options, server_options)
+    if os.path.exists(realm.ccache):
+        fail('gss_acquire_cred_with_password created ccache')
+
+# Perform a test using the wrong password, and make sure that failure
+# occurs during the expected operation (gss_init_sec_context() for
+# IAKERB, gss_aqcuire_cred_with_password() otherwise).
+def wrong_pw_test(realm, options, server_options=[], iakerb=False):
+    options = options + ['-user', realm.user_princ, '-pass', 'wrongpw']
+    failed_op = 'initializing context' if iakerb else 'acquiring creds'
+    msg = 'GSS-API error ' + failed_op
+    run_client_server(realm, options, server_options, expected_code=1,
+                      expected_msg=msg)
+
+# Perform a test of the server and client with initial credentials
+# obtained with the client keytab
+def kt_test(realm, options, server_options=[]):
+    if os.path.exists(realm.ccache):
+        os.remove(realm.ccache)
+    server_client_test(realm, options, server_options)
+    realm.klist(realm.user_princ, realm.host_princ)
+
+for realm in multipass_realms():
+    ccache_save(realm)
+
+    mark('TGS')
+    tgs_test(realm, ['-krb5'])
+    tgs_test(realm, ['-spnego'])
+    tgs_test(realm, ['-iakerb'], ['-iakerb'])
+    # test default (i.e., krb5) mechanism with GSS_C_DCE_STYLE
+    tgs_test(realm, ['-dce'])
+
+    mark('pw')
+    pw_test(realm, ['-krb5'])
+    pw_test(realm, ['-spnego'])
+    pw_test(realm, ['-iakerb'], ['-iakerb'])
+    pw_test(realm, ['-dce'])
+
+    mark('wrong pw')
+    wrong_pw_test(realm, ['-krb5'])
+    wrong_pw_test(realm, ['-spnego'])
+    wrong_pw_test(realm, ['-iakerb'], ['-iakerb'], True)
+    wrong_pw_test(realm, ['-dce'])
+
+    mark('client keytab')
+    realm.extract_keytab(realm.user_princ, realm.client_keytab)
+    kt_test(realm, ['-krb5'])
+    kt_test(realm, ['-spnego'])
+    kt_test(realm, ['-iakerb'], ['-iakerb'])
+    kt_test(realm, ['-dce'])
+
+success('GSS sample application')
diff --git a/krb5-1.21.3/src/appl/sample/Makefile.in b/krb5-1.21.3/src/appl/sample/Makefile.in
new file mode 100644
index 00000000..50caa864
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/Makefile.in
@@ -0,0 +1,6 @@
+mydir=appl$(S)sample
+SUBDIRS = sclient sserver
+BUILDTOP=$(REL)..$(S)..
+
+check-pytests:
+	$(RUNPYTEST) $(srcdir)/t_sample.py $(PYTESTFLAGS)
diff --git a/krb5-1.21.3/src/appl/sample/deps b/krb5-1.21.3/src/appl/sample/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/sample/sample.h b/krb5-1.21.3/src/appl/sample/sample.h
new file mode 100644
index 00000000..2fda2f43
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sample.h
@@ -0,0 +1,33 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/sample/sample.h - Common declarations for sample client/server */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KRB5_SAMPLE__
+#define KRB5_SAMPLE__
+
+#define SAMPLE_SERVICE "sample"
+#define SAMPLE_PORT "sample"
+#define SAMPLE_VERSION "KRB5_sample_protocol_v1.0"
+
+#endif /* KRB5_SAMPLE__ */
diff --git a/krb5-1.21.3/src/appl/sample/sclient/Makefile.in b/krb5-1.21.3/src/appl/sample/sclient/Makefile.in
new file mode 100644
index 00000000..b09cc090
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sclient/Makefile.in
@@ -0,0 +1,13 @@
+mydir=appl$(S)sample$(S)sclient
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+all: sclient
+
+sclient: sclient.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o sclient sclient.o $(KRB5_BASE_LIBS)
+
+clean:
+	$(RM) sclient.o sclient
+
+install:
+	$(INSTALL_PROGRAM) sclient ${DESTDIR}$(CLIENT_BINDIR)/sclient
diff --git a/krb5-1.21.3/src/appl/sample/sclient/deps b/krb5-1.21.3/src/appl/sample/sclient/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sclient/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/sample/sclient/sclient.c b/krb5-1.21.3/src/appl/sample/sclient/sclient.c
new file mode 100644
index 00000000..7ec8edd0
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sclient/sclient.c
@@ -0,0 +1,260 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/sample/sclient/sclient.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Sample Kerberos v5 client.
+ *
+ * Usage: sample_client hostname
+ */
+
+#include "krb5.h"
+#include "com_err.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include "fake-addrinfo.h" /* not everyone implements getaddrinfo yet */
+
+#include <signal.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <stdlib.h>
+
+#include "../sample.h"
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+static int
+net_read(int fd, char *buf, int len)
+{
+    int cc, len2 = 0;
+
+    do {
+        cc = SOCKET_READ((SOCKET)fd, buf, len);
+        if (cc < 0) {
+            if (SOCKET_ERRNO == SOCKET_EINTR)
+                continue;
+
+            /* XXX this interface sucks! */
+            errno = SOCKET_ERRNO;
+
+            return(cc);          /* errno is already set */
+        }
+        else if (cc == 0) {
+            return(len2);
+        } else {
+            buf += cc;
+            len2 += cc;
+            len -= cc;
+        }
+    } while (len > 0);
+    return(len2);
+}
+
+int
+main(int argc, char *argv[])
+{
+    struct addrinfo *ap, aihints, *apstart;
+    int aierr;
+    int sock;
+    krb5_context context;
+    krb5_data recv_data;
+    krb5_data cksum_data;
+    krb5_error_code retval;
+    krb5_ccache ccdef;
+    krb5_principal client, server;
+    krb5_error *err_ret;
+    krb5_ap_rep_enc_part *rep_ret;
+    krb5_auth_context auth_context = 0;
+    short xmitlen;
+    char *portstr;
+    char *service = SAMPLE_SERVICE;
+
+    if (argc != 2 && argc != 3 && argc != 4) {
+        fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]);
+        exit(1);
+    }
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+    (void) signal(SIGPIPE, SIG_IGN);
+
+    if (argc > 2)
+        portstr = argv[2];
+    else
+        portstr = SAMPLE_PORT;
+
+    memset(&aihints, 0, sizeof(aihints));
+    aihints.ai_socktype = SOCK_STREAM;
+    aihints.ai_flags = AI_ADDRCONFIG;
+    aierr = getaddrinfo(argv[1], portstr, &aihints, &ap);
+    if (aierr) {
+        fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n",
+                argv[0], argv[1], portstr, gai_strerror(aierr));
+        exit(1);
+    }
+    if (ap == 0) {
+        /* Should never happen.  */
+        fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n",
+                argv[0], argv[1], portstr);
+        exit(1);
+    }
+
+    if (argc > 3) {
+        service = argv[3];
+    }
+
+    retval = krb5_sname_to_principal(context, argv[1], service,
+                                     KRB5_NT_SRV_HST, &server);
+    if (retval) {
+        com_err(argv[0], retval, "while creating server name for host %s service %s",
+                argv[1], service);
+        exit(1);
+    }
+
+    /* set up the address of the foreign socket for connect() */
+    apstart = ap; /* For freeing later */
+    for (sock = -1; ap && sock == -1; ap = ap->ai_next) {
+        char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+        char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
+        if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
+                        pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+            memset(abuf, 0, sizeof(abuf));
+            memset(pbuf, 0, sizeof(pbuf));
+            strncpy(abuf, "[error, cannot print address?]",
+                    sizeof(abuf)-1);
+            strncpy(pbuf, "[?]", sizeof(pbuf)-1);
+        }
+        memset(mbuf, 0, sizeof(mbuf));
+        strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
+        strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
+        strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
+        strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
+        sock = socket(ap->ai_family, SOCK_STREAM, 0);
+        if (sock < 0) {
+            fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno));
+            continue;
+        }
+        if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) {
+            fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno));
+            close(sock);
+            sock = -1;
+            continue;
+        }
+        /* connected, yay! */
+    }
+    if (sock == -1)
+        /* Already printed error message above.  */
+        exit(1);
+    printf("connected\n");
+
+    cksum_data.data = argv[1];
+    cksum_data.length = strlen(argv[1]);
+
+    retval = krb5_cc_default(context, &ccdef);
+    if (retval) {
+        com_err(argv[0], retval, "while getting default ccache");
+        exit(1);
+    }
+
+    retval = krb5_cc_get_principal(context, ccdef, &client);
+    if (retval) {
+        com_err(argv[0], retval, "while getting client principal name");
+        exit(1);
+    }
+    retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock,
+                           SAMPLE_VERSION, client, server,
+                           AP_OPTS_MUTUAL_REQUIRED,
+                           &cksum_data,
+                           0,           /* no creds, use ccache instead */
+                           ccdef, &err_ret, &rep_ret, NULL);
+
+    krb5_free_principal(context, server);       /* finished using it */
+    krb5_free_principal(context, client);
+    krb5_cc_close(context, ccdef);
+    if (auth_context) krb5_auth_con_free(context, auth_context);
+
+    if (retval && retval != KRB5_SENDAUTH_REJECTED) {
+        com_err(argv[0], retval, "while using sendauth");
+        exit(1);
+    }
+    if (retval == KRB5_SENDAUTH_REJECTED) {
+        /* got an error */
+        printf("sendauth rejected, error reply is:\n\t\"%*s\"\n",
+               err_ret->text.length, err_ret->text.data);
+    } else if (rep_ret) {
+        /* got a reply */
+        krb5_free_ap_rep_enc_part(context, rep_ret);
+
+        printf("sendauth succeeded, reply is:\n");
+        if ((retval = net_read(sock, (char *)&xmitlen,
+                               sizeof(xmitlen))) <= 0) {
+            if (retval == 0)
+                errno = ECONNABORTED;
+            com_err(argv[0], errno, "while reading data from server");
+            exit(1);
+        }
+        recv_data.length = ntohs(xmitlen);
+        if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) {
+            com_err(argv[0], ENOMEM,
+                    "while allocating buffer to read from server");
+            exit(1);
+        }
+        if ((retval = net_read(sock, (char *)recv_data.data,
+                               recv_data.length)) <= 0) {
+            if (retval == 0)
+                errno = ECONNABORTED;
+            com_err(argv[0], errno, "while reading data from server");
+            exit(1);
+        }
+        recv_data.data[recv_data.length] = '\0';
+        printf("reply len %d, contents:\n%s\n",
+               recv_data.length,recv_data.data);
+        free(recv_data.data);
+    } else {
+        com_err(argv[0], 0, "no error or reply from sendauth!");
+        exit(1);
+    }
+    freeaddrinfo(apstart);
+    krb5_free_context(context);
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/appl/sample/sserver/Makefile.in b/krb5-1.21.3/src/appl/sample/sserver/Makefile.in
new file mode 100644
index 00000000..c2e6d40a
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sserver/Makefile.in
@@ -0,0 +1,13 @@
+mydir=appl$(S)sample$(S)sserver
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+all: sserver
+
+sserver: sserver.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o sserver sserver.o $(KRB5_BASE_LIBS)
+
+clean:
+	$(RM) sserver.o sserver
+
+install:
+	$(INSTALL_PROGRAM) sserver ${DESTDIR}$(SERVER_BINDIR)/sserver
diff --git a/krb5-1.21.3/src/appl/sample/sserver/deps b/krb5-1.21.3/src/appl/sample/sserver/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sserver/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/sample/sserver/sserver.c b/krb5-1.21.3/src/appl/sample/sserver/sserver.c
new file mode 100644
index 00000000..805ead73
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/sserver/sserver.c
@@ -0,0 +1,246 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/sample/sserver/sserver.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Sample Kerberos v5 server.
+ *
+ * sample_server:
+ * A sample Kerberos server, which reads an AP_REQ from a TCP socket,
+ * decodes it, and writes back the results (in ASCII) to the client.
+ *
+ * Usage:
+ * sample_server servername
+ *
+ * file descriptor 0 (zero) should be a socket connected to the requesting
+ * client (this will be correct if this server is started by inetd).
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <syslog.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "../sample.h"
+
+extern krb5_deltat krb5_clockskew;
+
+#ifndef GETPEERNAME_ARG3_TYPE
+#define GETPEERNAME_ARG3_TYPE int
+#endif
+
+static void
+usage(char *name)
+{
+    fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n",
+            name);
+}
+
+int
+main(int argc, char *argv[])
+{
+    krb5_context context;
+    krb5_auth_context auth_context = NULL;
+    krb5_ticket * ticket;
+    struct sockaddr_in peername;
+    GETPEERNAME_ARG3_TYPE  namelen = sizeof(peername);
+    int sock = -1;                      /* incoming connection fd */
+    krb5_data recv_data;
+    short xmitlen;
+    krb5_error_code retval;
+    krb5_principal server;
+    char repbuf[BUFSIZ];
+    char *cname;
+    char *service = SAMPLE_SERVICE;
+    short port = 0;             /* If user specifies port */
+    extern int opterr, optind;
+    extern char * optarg;
+    int ch;
+    krb5_keytab keytab = NULL;  /* Allow specification on command line */
+    char *progname;
+    int on = 1;
+
+    progname = *argv;
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+    /* open a log connection */
+    openlog("sserver", 0, LOG_DAEMON);
+
+    /*
+     * Parse command line arguments
+     *
+     */
+    opterr = 0;
+    while ((ch = getopt(argc, argv, "p:S:s:")) != -1) {
+        switch (ch) {
+        case 'p':
+            port = atoi(optarg);
+            break;
+        case 's':
+            service = optarg;
+            break;
+        case 'S':
+            if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
+                com_err(progname, retval,
+                        "while resolving keytab file %s", optarg);
+                exit(2);
+            }
+            break;
+
+        case '?':
+        default:
+            usage(progname);
+            exit(1);
+            break;
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+
+    /* Backwards compatibility, allow port to be specified at end */
+    if (argc > 1) {
+        port = atoi(argv[1]);
+    }
+
+    retval = krb5_sname_to_principal(context, NULL, service,
+                                     KRB5_NT_SRV_HST, &server);
+    if (retval) {
+        syslog(LOG_ERR, "while generating service name (%s): %s",
+               service, error_message(retval));
+        exit(1);
+    }
+
+    /*
+     * If user specified a port, then listen on that port; otherwise,
+     * assume we've been started out of inetd.
+     */
+
+    if (port) {
+        int acc;
+        struct sockaddr_in sockin;
+
+        if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+            syslog(LOG_ERR, "socket: %m");
+            exit(3);
+        }
+        /* Let the socket be reused right away */
+        (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
+                          sizeof(on));
+
+        sockin.sin_family = AF_INET;
+        sockin.sin_addr.s_addr = 0;
+        sockin.sin_port = htons(port);
+        if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) {
+            syslog(LOG_ERR, "bind: %m");
+            exit(3);
+        }
+        if (listen(sock, 1) == -1) {
+            syslog(LOG_ERR, "listen: %m");
+            exit(3);
+        }
+
+        printf("starting...\n");
+        fflush(stdout);
+
+        if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
+            syslog(LOG_ERR, "accept: %m");
+            exit(3);
+        }
+        dup2(acc, 0);
+        close(sock);
+        sock = 0;
+    } else {
+        /*
+         * To verify authenticity, we need to know the address of the
+         * client.
+         */
+        if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) {
+            syslog(LOG_ERR, "getpeername: %m");
+            exit(1);
+        }
+        sock = 0;
+    }
+
+    retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&sock,
+                           SAMPLE_VERSION, server,
+                           0,   /* no flags */
+                           keytab,      /* default keytab is NULL */
+                           &ticket);
+    if (retval) {
+        syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
+        exit(1);
+    }
+
+    /* Get client name */
+    repbuf[sizeof(repbuf) - 1] = '\0';
+    retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname);
+    if (retval){
+        syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
+        strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1);
+    } else {
+        strncpy(repbuf, "You are ", sizeof(repbuf) - 1);
+        strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
+        strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
+        free(cname);
+    }
+    xmitlen = htons(strlen(repbuf));
+    recv_data.length = strlen(repbuf);
+    recv_data.data = repbuf;
+    if ((retval = krb5_net_write(context, 0, (char *)&xmitlen,
+                                 sizeof(xmitlen))) < 0) {
+        syslog(LOG_ERR, "%m: while writing len to client");
+        exit(1);
+    }
+    if ((retval = krb5_net_write(context, 0, (char *)recv_data.data,
+                                 recv_data.length)) < 0) {
+        syslog(LOG_ERR, "%m: while writing data to client");
+        exit(1);
+    }
+
+    krb5_free_ticket(context, ticket);
+    if(keytab)
+        krb5_kt_close(context, keytab);
+    krb5_free_principal(context, server);
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_context(context);
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/appl/sample/t_sample.py b/krb5-1.21.3/src/appl/sample/t_sample.py
new file mode 100644
index 00000000..1b75fa2f
--- /dev/null
+++ b/krb5-1.21.3/src/appl/sample/t_sample.py
@@ -0,0 +1,22 @@
+from k5test import *
+
+sclient = os.path.join(buildtop, 'appl', 'sample', 'sclient', 'sclient')
+sserver = os.path.join(buildtop, 'appl', 'sample', 'sserver', 'sserver')
+
+for realm in multipass_realms(create_host=False):
+    server_princ = 'sample/%s@%s' % (hostname, realm.realm)
+    realm.addprinc(server_princ)
+    realm.extract_keytab(server_princ, realm.keytab)
+
+    portstr = str(realm.server_port())
+    server = realm.start_server([sserver, '-p', portstr], 'starting...')
+    out = realm.run([sclient, hostname, portstr],
+                    expected_msg='You are user@KRBTEST.COM')
+    await_daemon_exit(server)
+
+    server = realm.start_in_inetd([sserver])
+    out = realm.run([sclient, hostname, portstr],
+                    expected_msg='You are user@KRBTEST.COM')
+    await_daemon_exit(server)
+
+success('sim_client/sim_server tests')
diff --git a/krb5-1.21.3/src/appl/simple/Makefile.in b/krb5-1.21.3/src/appl/simple/Makefile.in
new file mode 100644
index 00000000..5b9af1be
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/Makefile.in
@@ -0,0 +1,6 @@
+mydir=appl$(S)simple
+SUBDIRS = client server
+BUILDTOP=$(REL)..$(S)..
+
+check-pytests:
+	$(RUNPYTEST) $(srcdir)/t_simple.py $(PYTESTFLAGS)
diff --git a/krb5-1.21.3/src/appl/simple/client/Makefile.in b/krb5-1.21.3/src/appl/simple/client/Makefile.in
new file mode 100644
index 00000000..3859fcea
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/client/Makefile.in
@@ -0,0 +1,15 @@
+mydir=appl$(S)simple$(S)client
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+all: sim_client
+
+LOCALINCLUDES= -I$(srcdir)/..
+
+sim_client: sim_client.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o sim_client sim_client.o $(KRB5_BASE_LIBS)
+
+install:
+	$(INSTALL_PROGRAM) sim_client $(DESTDIR)$(CLIENT_BINDIR)/sim_client
+
+clean:
+	$(RM) sim_client.o sim_client
diff --git a/krb5-1.21.3/src/appl/simple/client/deps b/krb5-1.21.3/src/appl/simple/client/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/client/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/simple/client/sim_client.c b/krb5-1.21.3/src/appl/simple/client/sim_client.c
new file mode 100644
index 00000000..6f428337
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/client/sim_client.c
@@ -0,0 +1,290 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/simple/client/sim_client.c */
+/*
+ * Copyright 1989,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Simple UDP-based sample client program.  For demonstration.
+ * This program performs no useful function.
+ */
+
+#include <krb5.h>
+#include "com_err.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <netdb.h>
+#include <unistd.h>
+
+#include "simple.h"
+
+/* for old Unixes and friends ... */
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+#define MSG "hi there!"                 /* message text */
+
+void usage (char *);
+
+void
+usage(char *name)
+{
+    fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name);
+}
+
+int
+main(int argc, char *argv[])
+{
+    int sock, i;
+    socklen_t len;
+    int flags = 0;                      /* flags for sendto() */
+    struct servent *serv;
+    struct hostent *host;
+#ifdef BROKEN_STREAMS_SOCKETS
+    char my_hostname[MAXHOSTNAMELEN];
+#endif
+    struct sockaddr_in s_sock;          /* server address */
+    struct sockaddr_in c_sock;          /* client address */
+    extern int opterr, optind;
+    extern char * optarg;
+    int ch;
+
+    short port = 0;
+    char *message = MSG;
+    char *hostname = 0;
+    char *service = SIMPLE_SERVICE;
+    char *progname = 0;
+
+    krb5_error_code retval;
+    krb5_data packet, inbuf;
+    krb5_ccache ccdef;
+    krb5_address addr;
+
+    krb5_context          context;
+    krb5_auth_context     auth_context = NULL;
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+    progname = argv[0];
+
+    /*
+     * Parse command line arguments
+     *
+     */
+    opterr = 0;
+    while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1)
+        switch (ch) {
+        case 'p':
+            port = atoi(optarg);
+            break;
+        case 'm':
+            message = optarg;
+            break;
+        case 'h':
+            hostname = optarg;
+            break;
+        case 's':
+            service = optarg;
+            break;
+        case '?':
+        default:
+            usage(progname);
+            exit(1);
+            break;
+        }
+    argc -= optind;
+    argv += optind;
+    if (argc > 0) {
+        if (hostname)
+            usage(progname);
+        hostname = argv[0];
+    }
+
+    if (hostname == 0) {
+        fprintf(stderr, "You must specify a hostname to contact.\n\n");
+        usage(progname);
+        exit(1);
+    }
+
+    /* Look up server host */
+    if ((host = gethostbyname(hostname)) == (struct hostent *) 0) {
+        fprintf(stderr, "%s: unknown host\n", hostname);
+        exit(1);
+    }
+
+    /* Set server's address */
+    (void) memset(&s_sock, 0, sizeof(s_sock));
+
+    memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
+#ifdef DEBUG
+    printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr));
+#endif
+    s_sock.sin_family = AF_INET;
+
+    if (port == 0) {
+        /* Look up service */
+        if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
+            fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
+            exit(1);
+        }
+        s_sock.sin_port = serv->s_port;
+    } else {
+        s_sock.sin_port = htons(port);
+    }
+
+    /* Open a socket */
+    if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+        com_err(progname, errno, "opening datagram socket");
+        exit(1);
+    }
+
+    memset(&c_sock, 0, sizeof(c_sock));
+    c_sock.sin_family = AF_INET;
+#ifdef BROKEN_STREAMS_SOCKETS
+    if (gethostname(my_hostname, sizeof(my_hostname)) < 0) {
+        perror("gethostname");
+        exit(1);
+    }
+
+    if ((host = gethostbyname(my_hostname)) == (struct hostent *)0) {
+        fprintf(stderr, "%s: unknown host\n", hostname);
+        exit(1);
+    }
+    memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
+#endif
+
+
+    /* Bind it to set the address; kernel will fill in port # */
+    if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
+        com_err(progname, errno, "while binding datagram socket");
+        exit(1);
+    }
+
+    /* PREPARE KRB_AP_REQ MESSAGE */
+
+    inbuf.data = hostname;
+    inbuf.length = strlen(hostname);
+
+    /* Get credentials for server */
+    if ((retval = krb5_cc_default(context, &ccdef))) {
+        com_err(progname, retval, "while getting default ccache");
+        exit(1);
+    }
+
+    retval = krb5_mk_req(context, &auth_context, AP_OPTS_USE_SUBKEY, service,
+                         hostname, &inbuf, ccdef, &packet);
+    if (retval) {
+        com_err(progname, retval, "while preparing AP_REQ");
+        exit(1);
+    }
+    printf("Got credentials for %s.\n", service);
+
+    /* "connect" the datagram socket; this is necessary to get a local address
+       properly bound for getsockname() below. */
+
+    if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
+        com_err(progname, errno, "while connecting to server");
+        exit(1);
+    }
+    /* Send authentication info to server */
+    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
+                  flags)) < 0)
+        com_err(progname, errno, "while sending KRB_AP_REQ message");
+    printf("Sent authentication data: %d bytes\n", i);
+    krb5_free_data_contents(context, &packet);
+
+    /* PREPARE KRB_SAFE MESSAGE */
+
+    /* Get my address */
+    memset(&c_sock, 0, sizeof(c_sock));
+    len = sizeof(c_sock);
+    if (getsockname(sock, (struct sockaddr *)&c_sock, &len) < 0) {
+        com_err(progname, errno, "while getting socket name");
+        exit(1);
+    }
+
+    addr.addrtype = ADDRTYPE_IPPORT;
+    addr.length = sizeof(c_sock.sin_port);
+    addr.contents = (krb5_octet *)&c_sock.sin_port;
+    if ((retval = krb5_auth_con_setports(context, auth_context,
+                                         &addr, NULL))) {
+        com_err(progname, retval, "while setting local port\n");
+        exit(1);
+    }
+
+    addr.addrtype = ADDRTYPE_INET;
+    addr.length = sizeof(c_sock.sin_addr);
+    addr.contents = (krb5_octet *)&c_sock.sin_addr;
+    if ((retval = krb5_auth_con_setaddrs(context, auth_context,
+                                         &addr, NULL))) {
+        com_err(progname, retval, "while setting local addr\n");
+        exit(1);
+    }
+
+    /* Make the safe message */
+    inbuf.data = message;
+    inbuf.length = strlen(message);
+
+    if ((retval = krb5_mk_safe(context, auth_context, &inbuf, &packet, NULL))){
+        com_err(progname, retval, "while making KRB_SAFE message");
+        exit(1);
+    }
+
+    /* Send it */
+    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
+                  flags)) < 0)
+        com_err(progname, errno, "while sending SAFE message");
+    printf("Sent checksummed message: %d bytes\n", i);
+    krb5_free_data_contents(context, &packet);
+
+    /* PREPARE KRB_PRIV MESSAGE */
+
+    /* Make the encrypted message */
+    if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
+                               &packet, NULL))) {
+        com_err(progname, retval, "while making KRB_PRIV message");
+        exit(1);
+    }
+
+    /* Send it */
+    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
+                  flags)) < 0)
+        com_err(progname, errno, "while sending PRIV message");
+    printf("Sent encrypted message: %d bytes\n", i);
+    krb5_free_data_contents(context, &packet);
+
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_context(context);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/appl/simple/deps b/krb5-1.21.3/src/appl/simple/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/simple/server/Makefile.in b/krb5-1.21.3/src/appl/simple/server/Makefile.in
new file mode 100644
index 00000000..83f4fccc
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/server/Makefile.in
@@ -0,0 +1,15 @@
+mydir=appl$(S)simple$(S)server
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LOCALINCLUDES= -I$(srcdir)/..
+
+all: sim_server
+
+sim_server: sim_server.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o sim_server sim_server.o $(KRB5_BASE_LIBS)
+
+install:
+	$(INSTALL_PROGRAM) sim_server $(DESTDIR)$(SERVER_BINDIR)/sim_server
+
+clean:
+	$(RM) sim_server.o sim_server
diff --git a/krb5-1.21.3/src/appl/simple/server/deps b/krb5-1.21.3/src/appl/simple/server/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/server/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/simple/server/sim_server.c b/krb5-1.21.3/src/appl/simple/server/sim_server.c
new file mode 100644
index 00000000..093ed55d
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/server/sim_server.c
@@ -0,0 +1,269 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/simple/server/sim_server.c */
+/*
+ * Copyright 1989,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Usage:
+ * sample_server servername
+ *
+ * Simple UDP-based server application.  For demonstration.
+ * This program performs no useful function.
+ */
+
+#include "krb5.h"
+#include "port-sockets.h"
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <arpa/inet.h>
+
+#include "com_err.h"
+
+#include "simple.h"
+
+/* for old Unixes and friends ... */
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+#define PROGNAME argv[0]
+
+static void
+usage(char *name)
+{
+    fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name);
+}
+
+int
+main(int argc, char *argv[])
+{
+    int sock, i;
+    socklen_t len;
+    int flags = 0;                      /* for recvfrom() */
+    int on = 1;
+    struct servent *serv;
+    struct sockaddr_in s_sock;          /* server's address */
+    struct sockaddr_in c_sock;          /* client's address */
+    char *cp;
+    extern char * optarg;
+    int ch;
+
+    short port = 0;             /* If user specifies port */
+    krb5_keytab keytab = NULL;  /* Allow specification on command line */
+    char *service = SIMPLE_SERVICE;
+
+    krb5_error_code retval;
+    krb5_data packet, message;
+    unsigned char pktbuf[BUFSIZ];
+    krb5_principal sprinc;
+    krb5_context context;
+    krb5_auth_context auth_context = NULL;
+    krb5_address addr;
+    krb5_ticket *ticket = NULL;
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+    /*
+     * Parse command line arguments
+     *
+     */
+    while ((ch = getopt(argc, argv, "p:s:S:")) != -1) {
+        switch (ch) {
+        case 'p':
+            port = atoi(optarg);
+            break;
+        case 's':
+            service = optarg;
+            break;
+        case 'S':
+            if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
+                com_err(PROGNAME, retval,
+                        "while resolving keytab file %s", optarg);
+                exit(2);
+            }
+            break;
+
+        case '?':
+        default:
+            usage(PROGNAME);
+            exit(1);
+            break;
+        }
+    }
+
+    if ((retval = krb5_sname_to_principal(context, NULL, service,
+                                          KRB5_NT_SRV_HST, &sprinc))) {
+        com_err(PROGNAME, retval, "while generating service name %s", service);
+        exit(1);
+    }
+
+    /* Set up server address */
+    memset(&s_sock, 0, sizeof(s_sock));
+    s_sock.sin_family = AF_INET;
+    s_sock.sin_addr.s_addr = INADDR_ANY;
+
+    if (port == 0) {
+        /* Look up service */
+        if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
+            fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
+            exit(1);
+        }
+        s_sock.sin_port = serv->s_port;
+    } else {
+        s_sock.sin_port = htons(port);
+    }
+
+    /* Open socket */
+    if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+        perror("opening datagram socket");
+        exit(1);
+    }
+
+    /* Let the socket be reused right away */
+    (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
+                      sizeof(on));
+
+    /* Bind the socket */
+    if (bind(sock, (struct sockaddr *)&s_sock, sizeof(s_sock))) {
+        perror("binding datagram socket");
+        exit(1);
+    }
+
+    printf("starting...\n");
+    fflush(stdout);
+
+#ifdef DEBUG
+    printf("socket has port # %d\n", ntohs(s_sock.sin_port));
+#endif
+
+    /* GET KRB_AP_REQ MESSAGE */
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(struct sockaddr_in);
+    if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
+                      (struct sockaddr *)&c_sock, &len)) < 0) {
+        perror("receiving datagram");
+        exit(1);
+    }
+
+    printf("Received %d bytes\n", i);
+    packet.length = i;
+    packet.data = (krb5_pointer) pktbuf;
+
+    /* Check authentication info */
+    if ((retval = krb5_rd_req(context, &auth_context, &packet,
+                              sprinc, keytab, NULL, &ticket))) {
+        com_err(PROGNAME, retval, "while reading request");
+        exit(1);
+    }
+    if ((retval = krb5_unparse_name(context, ticket->enc_part2->client,
+                                    &cp))) {
+        com_err(PROGNAME, retval, "while unparsing client name");
+        exit(1);
+    }
+    printf("Got authentication info from %s\n", cp);
+    free(cp);
+
+    /* Set foreign_addr for rd_safe() and rd_priv() */
+    addr.addrtype = ADDRTYPE_INET;
+    addr.length = sizeof(c_sock.sin_addr);
+    addr.contents = (krb5_octet *)&c_sock.sin_addr;
+    if ((retval = krb5_auth_con_setaddrs(context, auth_context,
+                                         NULL, &addr))) {
+        com_err(PROGNAME, retval, "while setting foreign addr");
+        exit(1);
+    }
+
+    addr.addrtype = ADDRTYPE_IPPORT;
+    addr.length = sizeof(c_sock.sin_port);
+    addr.contents = (krb5_octet *)&c_sock.sin_port;
+    if ((retval = krb5_auth_con_setports(context, auth_context,
+                                         NULL, &addr))) {
+        com_err(PROGNAME, retval, "while setting foreign port");
+        exit(1);
+    }
+
+    /* GET KRB_MK_SAFE MESSAGE */
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(struct sockaddr_in);
+    if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
+                      (struct sockaddr *)&c_sock, &len)) < 0) {
+        perror("receiving datagram");
+        exit(1);
+    }
+#ifdef DEBUG
+    printf("&c_sock.sin_addr is %s\n", inet_ntoa(c_sock.sin_addr));
+#endif
+    printf("Received %d bytes\n", i);
+
+    packet.length = i;
+    packet.data = (krb5_pointer) pktbuf;
+
+    if ((retval = krb5_rd_safe(context, auth_context, &packet,
+                               &message, NULL))) {
+        com_err(PROGNAME, retval, "while verifying SAFE message");
+        exit(1);
+    }
+    printf("Safe message is: '%.*s'\n", (int) message.length, message.data);
+
+    krb5_free_data_contents(context, &message);
+
+    /* NOW GET ENCRYPTED MESSAGE */
+
+    /* use "recvfrom" so we know client's address */
+    len = sizeof(struct sockaddr_in);
+    if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
+                      (struct sockaddr *)&c_sock, &len)) < 0) {
+        perror("receiving datagram");
+        exit(1);
+    }
+    printf("Received %d bytes\n", i);
+
+    packet.length = i;
+    packet.data = (krb5_pointer) pktbuf;
+
+    if ((retval = krb5_rd_priv(context, auth_context, &packet,
+                               &message, NULL))) {
+        com_err(PROGNAME, retval, "while verifying PRIV message");
+        exit(1);
+    }
+    printf("Decrypted message is: '%.*s'\n", (int) message.length,
+           message.data);
+
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_context(context);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/appl/simple/simple.h b/krb5-1.21.3/src/appl/simple/simple.h
new file mode 100644
index 00000000..2de17d33
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/simple.h
@@ -0,0 +1,33 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/simple/simple.h */
+/*
+ * Copyright 1988,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Common definitions for the simple UDP-based Kerberos-mediated
+ * server & client applications.
+ */
+
+#define SIMPLE_SERVICE  "sample"
+#define SIMPLE_PORT     "sample"
diff --git a/krb5-1.21.3/src/appl/simple/t_simple.py b/krb5-1.21.3/src/appl/simple/t_simple.py
new file mode 100644
index 00000000..b720732a
--- /dev/null
+++ b/krb5-1.21.3/src/appl/simple/t_simple.py
@@ -0,0 +1,34 @@
+from k5test import *
+
+sim_client = os.path.join(buildtop, 'appl', 'simple', 'client', 'sim_client')
+sim_server = os.path.join(buildtop, 'appl', 'simple', 'server', 'sim_server')
+
+for realm in multipass_realms(create_host=False):
+    server_princ = 'sample/%s@%s' % (hostname, realm.realm)
+    realm.addprinc(server_princ)
+    realm.extract_keytab(server_princ, realm.keytab)
+
+    portstr = str(realm.server_port())
+    server = realm.start_server([sim_server, '-p', portstr], 'starting...')
+
+    out = realm.run([sim_client, '-p', portstr, hostname])
+    if ('Sent checksummed message:' not in out or
+        'Sent encrypted message:' not in out):
+        fail('Expected client messages not seen')
+
+    # sim_server exits after one client execution, so we can read
+    # until it closes stdout.
+    seen1 = seen2 = seen3 = False
+    for line in server.stdout:
+        if line == 'Got authentication info from user@KRBTEST.COM\n':
+            seen1 = True
+        if line == "Safe message is: 'hi there!'\n":
+            seen2 = True
+        if line == "Decrypted message is: 'hi there!'\n":
+            seen3 = True
+    if not (seen1 and seen2 and seen3):
+        fail('Expected server messages not seen')
+
+    await_daemon_exit(server)
+
+success('sim_client/sim_server tests')
diff --git a/krb5-1.21.3/src/appl/user_user/Makefile.in b/krb5-1.21.3/src/appl/user_user/Makefile.in
new file mode 100644
index 00000000..8b553f1b
--- /dev/null
+++ b/krb5-1.21.3/src/appl/user_user/Makefile.in
@@ -0,0 +1,22 @@
+mydir=appl$(S)user_user
+BUILDTOP=$(REL)..$(S)..
+# If you remove the -DDEBUG, the test program needs a line changed
+DEFINES = -DDEBUG
+
+all: uuclient uuserver
+
+check-pytests: uuclient uuserver
+	$(RUNPYTEST) $(srcdir)/t_user2user.py $(PYTESTFLAGS)
+
+uuclient: client.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o uuclient client.o $(KRB5_BASE_LIBS)
+
+uuserver: server.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o uuserver server.o $(KRB5_BASE_LIBS)
+
+install:
+	$(INSTALL_PROGRAM) uuclient $(DESTDIR)$(CLIENT_BINDIR)/uuclient
+	$(INSTALL_PROGRAM) uuserver $(DESTDIR)$(SERVER_BINDIR)/uuserver
+
+clean:
+	$(RM) client.o server.o uuclient uuserver
diff --git a/krb5-1.21.3/src/appl/user_user/client.c b/krb5-1.21.3/src/appl/user_user/client.c
new file mode 100644
index 00000000..9a05345c
--- /dev/null
+++ b/krb5-1.21.3/src/appl/user_user/client.c
@@ -0,0 +1,283 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/user_user/client.c - Other end of user-user client/server pair */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+int main (int argc, char *argv[])
+{
+    int s;
+    int retval, i;
+    char *hname;          /* full name of server */
+    char **srealms;       /* realm(s) of server */
+    char *princ;          /* principal in credentials cache */
+    struct servent *serv;
+    struct hostent *host;
+    struct sockaddr_in serv_net_addr, cli_net_addr;
+    krb5_ccache cc;
+    krb5_creds creds, *new_creds;
+    krb5_data reply, msg, princ_data;
+    krb5_auth_context auth_context = NULL;
+    krb5_ticket * ticket = NULL;
+    krb5_context context;
+    unsigned short port;
+
+    if (argc < 2 || argc > 4) {
+        fputs ("usage: uu-client <hostname> [message [port]]\n", stderr);
+        exit(1);
+    }
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+    if (argc == 4) {
+        port = htons(atoi(argv[3]));
+    }
+    else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL)
+    {
+        fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr);
+        exit(2);
+    } else {
+        port = serv->s_port;
+    }
+
+    if ((host = gethostbyname (argv[1])) == NULL) {
+        fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
+                 argv[1]);
+        exit(3);
+    }
+
+    if (host->h_addrtype != AF_INET) {
+        fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
+                 host->h_addrtype, argv[1]);
+        exit(3);
+    }
+
+    hname = strdup (host->h_name);
+
+#ifndef USE_STDOUT
+    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        com_err ("uu-client", errno, "creating socket");
+        exit(4);
+    } else {
+        cli_net_addr.sin_family = AF_INET;
+        cli_net_addr.sin_port = 0;
+        cli_net_addr.sin_addr.s_addr = 0;
+        if (bind (s, (struct sockaddr *)&cli_net_addr,
+                  sizeof (cli_net_addr)) < 0) {
+            com_err ("uu-client", errno, "binding socket");
+            exit(4);
+        }
+    }
+
+    serv_net_addr.sin_family = AF_INET;
+    serv_net_addr.sin_port = port;
+
+    i = 0;
+    while (1) {
+        if (host->h_addr_list[i] == 0) {
+            fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
+            exit(5);
+        }
+
+        memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++],
+                sizeof(serv_net_addr.sin_addr));
+
+        if (connect(s, (struct sockaddr *)&serv_net_addr,
+                    sizeof (serv_net_addr)) == 0)
+            break;
+        com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
+                 hname, inet_ntoa(serv_net_addr.sin_addr));
+    }
+#else
+    s = 1;
+#endif
+
+    retval = krb5_cc_default(context, &cc);
+    if (retval) {
+        com_err("uu-client", retval, "getting credentials cache");
+        exit(6);
+    }
+
+    memset (&creds, 0, sizeof(creds));
+
+    retval = krb5_cc_get_principal(context, cc, &creds.client);
+    if (retval) {
+        com_err("uu-client", retval, "getting principal name");
+        exit(6);
+    }
+
+    retval = krb5_unparse_name(context, creds.client, &princ);
+    if (retval) {
+        com_err("uu-client", retval, "printing principal name");
+        exit(7);
+    }
+    else
+        fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
+
+    retval = krb5_get_host_realm(context, hname, &srealms);
+    if (retval) {
+        com_err("uu-client", retval, "getting realms for \"%s\"", hname);
+        exit(7);
+    }
+
+    retval =
+        krb5_build_principal_ext(context, &creds.server,
+                                 krb5_princ_realm(context,
+                                                  creds.client)->length,
+                                 krb5_princ_realm(context,
+                                                  creds.client)->data,
+                                 6, "krbtgt",
+                                 krb5_princ_realm(context,
+                                                  creds.client)->length,
+                                 krb5_princ_realm(context,
+                                                  creds.client)->data,
+                                 0);
+    if (retval) {
+        com_err("uu-client", retval, "setting up tgt server name");
+        exit(7);
+    }
+
+    /* Get TGT from credentials cache */
+    retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
+                                  &creds, &new_creds);
+    if (retval) {
+        com_err("uu-client", retval, "getting TGT");
+        exit(6);
+    }
+
+    i = strlen(princ) + 1;
+
+    fprintf(stderr, "uu-client: sending %d bytes\n",
+            new_creds->ticket.length + i);
+    princ_data.data = princ;
+    princ_data.length = i;                /* include null terminator for
+                                             server's convenience */
+    retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
+    if (retval) {
+        com_err("uu-client", retval, "sending principal name to server");
+        exit(8);
+    }
+
+    free(princ);
+
+    retval = krb5_write_message(context, (krb5_pointer) &s,
+                                &new_creds->ticket);
+    if (retval) {
+        com_err("uu-client", retval, "sending ticket to server");
+        exit(8);
+    }
+
+    retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
+    if (retval) {
+        com_err("uu-client", retval, "reading reply from server");
+        exit(9);
+    }
+
+    retval = krb5_auth_con_init(context, &auth_context);
+    if (retval) {
+        com_err("uu-client", retval, "initializing the auth_context");
+        exit(9);
+    }
+
+    retval =
+        krb5_auth_con_genaddrs(context, auth_context, s,
+                               KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+                               KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+    if (retval) {
+        com_err("uu-client", retval, "generating addrs for auth_context");
+        exit(9);
+    }
+
+    retval = krb5_auth_con_setflags(context, auth_context,
+                                    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    if (retval) {
+        com_err("uu-client", retval, "initializing the auth_context flags");
+        exit(9);
+    }
+
+    retval = krb5_auth_con_setuseruserkey(context, auth_context,
+                                          &new_creds->keyblock);
+    if (retval) {
+        com_err("uu-client", retval, "setting useruserkey for authcontext");
+        exit(9);
+    }
+
+    /* read the ap_req to get the session key */
+    retval = krb5_rd_req(context, &auth_context, &reply, creds.client, NULL,
+                         NULL, &ticket);
+    krb5_free_data_contents(context, &reply);
+    if (retval) {
+        com_err("uu-client", retval, "reading AP_REQ from server");
+        exit(9);
+    }
+
+    retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ);
+    if (retval)
+        com_err("uu-client", retval, "while unparsing client name");
+    else {
+        printf("server is named \"%s\"\n", princ);
+        free(princ);
+    }
+
+    retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
+    if (retval) {
+        com_err("uu-client", retval, "reading reply from server");
+        exit(9);
+    }
+
+    retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
+    if (retval) {
+        com_err("uu-client", retval, "decoding reply from server");
+        exit(10);
+    }
+
+    printf ("uu-client: server says \"%s\".\n", msg.data);
+
+#ifndef USE_STDOUT
+    close(s);
+#endif
+    krb5_free_ticket(context, ticket);
+    krb5_free_host_realm(context, srealms);
+    free(hname);
+    krb5_free_cred_contents(context, &creds);
+    krb5_free_creds(context, new_creds);
+    krb5_free_data_contents(context, &msg);
+    krb5_free_data_contents(context, &reply);
+    krb5_cc_close(context, cc);
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/appl/user_user/deps b/krb5-1.21.3/src/appl/user_user/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/appl/user_user/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/appl/user_user/server.c b/krb5-1.21.3/src/appl/user_user/server.c
new file mode 100644
index 00000000..f2b5b614
--- /dev/null
+++ b/krb5-1.21.3/src/appl/user_user/server.c
@@ -0,0 +1,247 @@
+
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* appl/user_user/server.c - One end of user-user client-server pair */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "port-sockets.h"
+#include "com_err.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+/* fd 0 is a tcp socket used to talk to the client */
+
+int main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_data pname_data, tkt_data;
+    int sock = 0;
+    socklen_t l;
+    int retval;
+    struct sockaddr_in l_inaddr, f_inaddr;        /* local, foreign address */
+    krb5_creds creds, *new_creds;
+    krb5_ccache cc;
+    krb5_data msgtext, msg;
+    krb5_context context;
+    krb5_auth_context auth_context = NULL;
+
+#ifndef DEBUG
+    freopen("/tmp/uu-server.log", "w", stderr);
+#endif
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+#ifdef DEBUG
+    {
+        int one = 1;
+        int acc;
+        struct servent *sp;
+        socklen_t namelen = sizeof(f_inaddr);
+
+        if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+            com_err("uu-server", errno, "creating socket");
+            exit(3);
+        }
+
+        l_inaddr.sin_family = AF_INET;
+        l_inaddr.sin_addr.s_addr = 0;
+        if (argc == 2) {
+            l_inaddr.sin_port = htons(atoi(argv[1]));
+        } else  {
+            if (!(sp = getservbyname("uu-sample", "tcp"))) {
+                com_err("uu-server", 0, "can't find uu-sample/tcp service");
+                exit(3);
+            }
+            l_inaddr.sin_port = sp->s_port;
+        }
+
+        (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
+        if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
+            com_err("uu-server", errno, "binding socket");
+            exit(3);
+        }
+        if (listen(sock, 1) == -1) {
+            com_err("uu-server", errno, "listening");
+            exit(3);
+        }
+
+        printf("Server started\n");
+        fflush(stdout);
+
+        if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
+            com_err("uu-server", errno, "accepting");
+            exit(3);
+        }
+        dup2(acc, 0);
+        close(sock);
+        sock = 0;
+    }
+#endif
+
+    /* principal name must be sent null-terminated. */
+    retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
+    if (retval || pname_data.length == 0 ||
+        pname_data.data[pname_data.length - 1] != '\0') {
+        com_err ("uu-server", retval, "reading pname");
+        return 2;
+    }
+
+    retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data);
+    if (retval) {
+        com_err ("uu-server", retval, "reading ticket data");
+        return 2;
+    }
+
+    retval = krb5_cc_default(context, &cc);
+    if (retval) {
+        com_err("uu-server", retval, "getting credentials cache");
+        return 4;
+    }
+
+    memset (&creds, 0, sizeof(creds));
+    retval = krb5_cc_get_principal(context, cc, &creds.client);
+    if (retval) {
+        com_err("uu-client", retval, "getting principal name");
+        return 6;
+    }
+
+    /* client sends it already null-terminated. */
+    printf ("uu-server: client principal is \"%s\".\n", pname_data.data);
+
+    retval = krb5_parse_name(context, pname_data.data, &creds.server);
+    if (retval) {
+        com_err("uu-server", retval, "parsing client name");
+        return 3;
+    }
+
+    creds.second_ticket = tkt_data;
+    printf ("uu-server: client ticket is %d bytes.\n",
+            creds.second_ticket.length);
+
+    retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
+                                  &creds, &new_creds);
+    if (retval) {
+        com_err("uu-server", retval, "getting user-user ticket");
+        return 5;
+    }
+
+#ifndef DEBUG
+    l = sizeof(f_inaddr);
+    if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1)
+    {
+        com_err("uu-server", errno, "getting client address");
+        return 6;
+    }
+#endif
+    l = sizeof(l_inaddr);
+    if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1)
+    {
+        com_err("uu-server", errno, "getting local address");
+        return 6;
+    }
+
+    /* send a ticket/authenticator to the other side, so it can get the key
+       we're using for the krb_safe below. */
+
+    retval = krb5_auth_con_init(context, &auth_context);
+    if (retval) {
+        com_err("uu-server", retval, "making auth_context");
+        return 8;
+    }
+
+    retval = krb5_auth_con_setflags(context, auth_context,
+                                    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    if (retval) {
+        com_err("uu-server", retval, "initializing the auth_context flags");
+        return 8;
+    }
+
+    retval =
+        krb5_auth_con_genaddrs(context, auth_context, sock,
+                               KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+                               KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+    if (retval) {
+        com_err("uu-server", retval, "generating addrs for auth_context");
+        return 9;
+    }
+
+#if 1
+    retval = krb5_mk_req_extended(context, &auth_context,
+                                  AP_OPTS_USE_SESSION_KEY,
+                                  NULL, new_creds, &msg);
+    if (retval) {
+        com_err("uu-server", retval, "making AP_REQ");
+        return 8;
+    }
+    retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+#else
+    retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock, "???",
+                           0, 0,
+                           AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
+                           NULL, &creds, cc, NULL, NULL, NULL);
+#endif
+    if (retval)
+        goto cl_short_wrt;
+
+    free(msg.data);
+
+    msgtext.length = 32;
+    msgtext.data = "Hello, other end of connection.";
+
+    retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
+    if (retval) {
+        com_err("uu-server", retval, "encoding message to client");
+        return 6;
+    }
+
+    retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+    if (retval) {
+    cl_short_wrt:
+        com_err("uu-server", retval, "writing message to client");
+        return 7;
+    }
+
+
+    krb5_free_data_contents(context, &msg);
+    krb5_free_data_contents(context, &pname_data);
+    /* tkt_data freed with creds */
+    krb5_free_cred_contents(context, &creds);
+    krb5_free_creds(context, new_creds);
+    krb5_cc_close(context, cc);
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/appl/user_user/t_user2user.py b/krb5-1.21.3/src/appl/user_user/t_user2user.py
new file mode 100755
index 00000000..9c967596
--- /dev/null
+++ b/krb5-1.21.3/src/appl/user_user/t_user2user.py
@@ -0,0 +1,18 @@
+from k5test import *
+
+# If uuserver is not compiled under -DDEBUG, then set to 0
+debug_compiled=1
+
+for realm in multipass_realms():
+    if debug_compiled == 0:
+        server = realm.start_in_inetd(['./uuserver'], port=9999)
+    else:
+        server = realm.start_server(['./uuserver', '9999'], 'Server started')
+
+    msg = 'uu-client: server says "Hello, other end of connection."'
+    realm.run(['./uuclient', hostname, 'testing message', '9999'],
+              expected_msg=msg)
+
+    await_daemon_exit(server)
+
+success('User-2-user test programs')
diff --git a/krb5-1.21.3/src/build-tools/Makefile.in b/krb5-1.21.3/src/build-tools/Makefile.in
new file mode 100644
index 00000000..5dcae118
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/Makefile.in
@@ -0,0 +1,50 @@
+mydir=build-tools
+BUILDTOP=$(REL)..
+
+PKGCONFIG_FILES = \
+	kadm-client.pc \
+	kadm-server.pc \
+	kdb.pc \
+	mit-krb5.pc \
+	krb5.pc \
+	mit-krb5-gssapi.pc \
+	krb5-gssapi.pc \
+	gssrpc.pc
+
+all-unix: krb5-config $(PKGCONFIG_FILES)
+
+krb5-config $(PKGCONFIG_FILES): $(BUILDTOP)/config.status
+	(cd $(BUILDTOP) && $(SHELL) config.status $(mydir)/$@)
+krb5-config: $(srcdir)/krb5-config.in
+kadm-client.pc: $(srcdir)/kadm-client.pc.in
+kadm-server.pc: $(srcdir)/kadm-server.pc.in
+kdb.pc: $(srcdir)/kdb.pc.in
+mit-krb5.pc: $(srcdir)/mit-krb5.pc.in
+krb5.pc: $(srcdir)/krb5.pc.in
+mit-krb5-gssapi.pc: $(srcdir)/mit-krb5-gssapi.pc.in
+krb5-gssapi.pc: $(srcdir)/krb5-gssapi.pc.in
+gssrpc.pc: $(srcdir)/gssrpc.pc.in
+
+install-unix:
+	$(INSTALL_SCRIPT) krb5-config $(DESTDIR)$(CLIENT_BINDIR)/krb5-config
+	$(INSTALL_DATA) kadm-client.pc \
+		$(DESTDIR)$(PKGCONFIG_DIR)/kadm-client.pc
+	$(INSTALL_DATA) kadm-server.pc \
+		$(DESTDIR)$(PKGCONFIG_DIR)/kadm-server.pc
+	$(INSTALL_DATA) kdb.pc $(DESTDIR)$(PKGCONFIG_DIR)/kdb.pc
+	$(INSTALL_DATA) mit-krb5.pc $(DESTDIR)$(PKGCONFIG_DIR)/mit-krb5.pc
+	$(INSTALL_DATA) krb5.pc $(DESTDIR)$(PKGCONFIG_DIR)/krb5.pc
+	$(INSTALL_DATA) mit-krb5-gssapi.pc \
+		$(DESTDIR)$(PKGCONFIG_DIR)/mit-krb5-gssapi.pc
+	$(INSTALL_DATA) krb5-gssapi.pc \
+		$(DESTDIR)$(PKGCONFIG_DIR)/krb5-gssapi.pc
+	$(INSTALL_DATA) gssrpc.pc \
+		$(DESTDIR)$(PKGCONFIG_DIR)/gssrpc.pc
+
+# Test to ensure that krb5-config does not spit out things like
+# $(PURE) or $(LDFLAGS) in case someone changes config/shlib.conf
+check-unix: krb5-config
+	$(SHELL) $(srcdir)/t_krbconf
+
+distclean-unix:
+	$(RM) $(PKGCONFIG_FILES) krb5-config
diff --git a/krb5-1.21.3/src/build-tools/deps b/krb5-1.21.3/src/build-tools/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/build-tools/gssrpc.pc.in b/krb5-1.21.3/src/build-tools/gssrpc.pc.in
new file mode 100644
index 00000000..ca909217
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/gssrpc.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+vendor=MIT
+
+Name: gssrpc
+Description: GSSAPI RPC implementation
+Version: @KRB5_VERSION@
+Cflags: -I${includedir}
+Libs: -L${libdir} -lgssrpc
+Requires.private: mit-krb5-gssapi
diff --git a/krb5-1.21.3/src/build-tools/kadm-client.pc.in b/krb5-1.21.3/src/build-tools/kadm-client.pc.in
new file mode 100644
index 00000000..c8d1cd12
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/kadm-client.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: kadm-client
+Description: Kerberos administration client library
+Version: @KRB5_VERSION@
+Requires.private: mit-krb5-gssapi gssrpc
+Cflags: -I${includedir}
+Libs: -L${libdir} -lkadm5clnt_mit
diff --git a/krb5-1.21.3/src/build-tools/kadm-server.pc.in b/krb5-1.21.3/src/build-tools/kadm-server.pc.in
new file mode 100644
index 00000000..cd2f86c6
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/kadm-server.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: kadm-server
+Description: Kerberos administration server library
+Version: @KRB5_VERSION@
+Requires.private: kdb mit-krb5-gssapi
+Cflags: -I${includedir}
+Libs: -L${libdir} -lkadm5srv_mit
diff --git a/krb5-1.21.3/src/build-tools/kdb.pc.in b/krb5-1.21.3/src/build-tools/kdb.pc.in
new file mode 100644
index 00000000..461a8d01
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/kdb.pc.in
@@ -0,0 +1,14 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+KDB5_DB_LIB=@KDB5_DB_LIB@
+
+Name: kdb
+Description: Kerberos database access libraries
+Version: @KRB5_VERSION@
+Requires.private: mit-krb5-gssapi mit-krb5 gssrpc
+Cflags: -I${includedir}
+Libs: -L${libdir} -lkdb5
+Libs.private: ${KDB5_DB_LIB}
diff --git a/krb5-1.21.3/src/build-tools/krb5-config.in b/krb5-1.21.3/src/build-tools/krb5-config.in
new file mode 100755
index 00000000..8e6eb866
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/krb5-config.in
@@ -0,0 +1,262 @@
+#!/bin/sh
+
+# Copyright 2001, 2002, 2003 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+#
+#
+
+# Configurable parameters set by autoconf
+version_string="Kerberos 5 release @KRB5_VERSION@"
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+includedir=@includedir@
+libdir=@libdir@
+CC_LINK='@CC_LINK@'
+KDB5_DB_LIB=@KDB5_DB_LIB@
+RPATH_FLAG='@RPATH_FLAG@'
+PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
+PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
+DL_LIB='@DL_LIB@'
+DEFCCNAME='@DEFCCNAME@'
+DEFKTNAME='@DEFKTNAME@'
+DEFCKTNAME='@DEFCKTNAME@'
+
+LIBS='@LIBS@'
+GEN_LIB=@GEN_LIB@
+
+# Defaults for program
+library=krb5
+
+# Some constants
+vendor_string="Massachusetts Institute of Technology"
+
+# Process arguments
+# Yes, we are sloppy, library specifications can come before options
+while test $# != 0; do
+    case $1 in
+	--all)
+	    do_all=1
+	    ;;
+	--cflags)
+	    do_cflags=1
+	    ;;
+	--defccname)
+	    do_defccname=1
+	    ;;
+	--defcktname)
+	    do_defcktname=1
+	    ;;
+	--defktname)
+	    do_defktname=1
+	    ;;
+	--deps) # historically a no-op
+	    ;;
+	--exec-prefix)
+	    do_exec_prefix=1
+	    ;;
+	--help)
+	    do_help=1
+	    ;;
+	--libs)
+	    do_libs=1
+	    ;;
+	--prefix)
+	    do_prefix=1
+	    ;;
+	--vendor)
+	    do_vendor=1
+	    ;;
+	--version)
+	    do_version=1
+	    ;;
+	krb5)
+	    library=krb5
+	    ;;
+	gssapi)
+	    library=gssapi
+	    ;;
+	gssrpc)
+	    library=gssrpc
+	    ;;
+	kadm-client)
+	    library=kadm_client
+	    ;;
+	kadm-server)
+	    library=kadm_server
+	    ;;
+	kdb)
+	    library=kdb
+	    ;;
+	*)
+	    echo "$0: Unknown option \`$1' -- use \`--help' for usage"
+	    exit 1
+    esac
+    shift
+done
+
+# If required options - provide help
+if test -z "$do_all" -a -z "$do_version" -a -z "$do_vendor" -a \
+    -z "$do_prefix" -a -z "$do_vendor" -a -z "$do_exec_prefix" -a \
+    -z "$do_defccname" -a -z "$do_defktname" -a -z "$do_defcktname" -a \
+    -z "$do_cflags" -a -z "$do_libs"; then
+    do_help=1
+fi
+
+
+if test -n "$do_help"; then
+    echo "Usage: $0 [OPTIONS] [LIBRARIES]"
+    echo "Options:"
+    echo "        [--help]          Help"
+    echo "        [--all]           Display version, vendor, and various values"
+    echo "        [--version]       Version information"
+    echo "        [--vendor]        Vendor information"
+    echo "        [--prefix]        Kerberos installed prefix"
+    echo "        [--exec-prefix]   Kerberos installed exec_prefix"
+    echo "        [--defccname]     Show built-in default ccache name"
+    echo "        [--defktname]     Show built-in default keytab name"
+    echo "        [--defcktname]    Show built-in default client keytab name"
+    echo "        [--cflags]        Compile time CFLAGS"
+    echo "        [--libs]          List libraries required to link [LIBRARIES]"
+    echo "Libraries:"
+    echo "        krb5              Kerberos 5 application"
+    echo "        gssapi            GSSAPI application with Kerberos 5 bindings"
+    echo "        gssrpc            GSSAPI RPC application"
+    echo "        kadm-client       Kadmin client"
+    echo "        kadm-server       Kadmin server"
+    echo "        kdb               Application that accesses the kerberos database"
+    exit 0
+fi
+
+if test -n "$do_all"; then
+    all_exit=
+    do_version=1
+    do_prefix=1
+    do_exec_prefix=1
+    do_vendor=1
+    title_version="Version:     "
+    title_prefix="Prefix:      "
+    title_exec_prefix="Exec_prefix: "
+    title_vendor="Vendor:      "
+else
+    all_exit="exit 0"
+fi
+
+if test -n "$do_version"; then
+    echo "$title_version$version_string"
+    $all_exit
+fi
+
+if test -n "$do_vendor"; then
+    echo "$title_vendor$vendor_string"
+    $all_exit
+fi
+
+if test -n "$do_prefix"; then
+    echo "$title_prefix$prefix"
+    $all_exit
+fi
+
+if test -n "$do_exec_prefix"; then
+    echo "$title_exec_prefix$exec_prefix"
+    $all_exit
+fi
+
+if test -n "$do_defccname"; then
+    echo "$DEFCCNAME"
+    $all_exit
+fi
+
+if test -n "$do_defktname"; then
+    echo "$DEFKTNAME"
+    $all_exit
+fi
+
+if test -n "$do_defcktname"; then
+    echo "$DEFCKTNAME"
+    $all_exit
+fi
+
+if test -n "$do_cflags"; then
+    if test x"$includedir" != x"/usr/include" ; then
+        echo "-I${includedir}"
+    else
+        echo ''
+    fi
+fi
+
+
+if test -n "$do_libs"; then
+    # Assumes /usr/lib is the standard library directory everywhere...
+    if test "$libdir" = /usr/lib; then
+	libdirarg=
+    else
+	libdirarg="-L$libdir"
+    fi
+    # Ugly gross hack for our build tree
+    lib_flags=`echo $CC_LINK | sed -e 's/\$(CC)//' \
+	    -e 's/\$(PURE)//' \
+	    -e 's#\$(PROG_RPATH_FLAGS)#'"$PROG_RPATH_FLAGS"'#' \
+	    -e 's#\$(PROG_RPATH)#'$libdir'#' \
+	    -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \
+	    -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
+	    -e 's#\$(LDFLAGS)##' \
+	    -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
+	    -e 's#\$(CFLAGS)##'`
+
+    if test $library = 'kdb'; then
+	lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
+	library=krb5
+    fi
+
+    if test $library = 'kadm_server'; then
+	lib_flags="$lib_flags -lkadm5srv_mit -lkdb5 $KDB5_DB_LIB"
+	library=gssrpc
+    fi
+
+    if test $library = 'kadm_client'; then
+	lib_flags="$lib_flags -lkadm5clnt_mit"
+	library=gssrpc
+    fi
+
+    if test $library = 'gssrpc'; then
+	lib_flags="$lib_flags -lgssrpc"
+	library=gssapi
+    fi
+
+    if test $library = 'gssapi'; then
+	lib_flags="$lib_flags -lgssapi_krb5"
+	library=krb5
+    fi
+
+    if test $library = 'krb5'; then
+	lib_flags="$lib_flags -lkrb5 -lk5crypto @COM_ERR_LIB@"
+    fi
+
+    # If we ever support a flag to generate output suitable for static
+    # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
+    # here.
+
+    echo $lib_flags
+fi
+
+exit 0
diff --git a/krb5-1.21.3/src/build-tools/krb5-gssapi.pc.in b/krb5-1.21.3/src/build-tools/krb5-gssapi.pc.in
new file mode 100644
index 00000000..4e2d8324
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/krb5-gssapi.pc.in
@@ -0,0 +1,10 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+vendor=MIT
+
+Name: krb5-gssapi
+Description: Kerberos implementation of the GSSAPI
+Version: @KRB5_VERSION@
+Requires: mit-krb5-gssapi
diff --git a/krb5-1.21.3/src/build-tools/krb5.pc.in b/krb5-1.21.3/src/build-tools/krb5.pc.in
new file mode 100644
index 00000000..5f810496
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/krb5.pc.in
@@ -0,0 +1,14 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+vendor=MIT
+
+defccname=@DEFCCNAME@
+defktname=@DEFKTNAME@
+defcktname=@DEFCKTNAME@
+
+Name: krb5
+Description: An implementation of Kerberos network authentication
+Version: @KRB5_VERSION@
+Requires: mit-krb5
diff --git a/krb5-1.21.3/src/build-tools/mit-krb5-gssapi.pc.in b/krb5-1.21.3/src/build-tools/mit-krb5-gssapi.pc.in
new file mode 100644
index 00000000..7b91b19f
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/mit-krb5-gssapi.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: mit-krb5-gssapi
+Description: Kerberos implementation of the GSSAPI
+Version: @KRB5_VERSION@
+Requires.private: mit-krb5
+Cflags: -I${includedir}
+Libs: -L${libdir} -lgssapi_krb5
diff --git a/krb5-1.21.3/src/build-tools/mit-krb5.pc.in b/krb5-1.21.3/src/build-tools/mit-krb5.pc.in
new file mode 100644
index 00000000..fdc55778
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/mit-krb5.pc.in
@@ -0,0 +1,15 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+defccname=@DEFCCNAME@
+defktname=@DEFKTNAME@
+defcktname=@DEFCKTNAME@
+
+Name: mit-krb5
+Description: An implementation of Kerberos network authentication
+Version: @KRB5_VERSION@
+Cflags: -I${includedir}
+Libs: -L${libdir} -lkrb5 -lk5crypto @COM_ERR_LIB@
+Libs.private: -lkrb5support
diff --git a/krb5-1.21.3/src/build-tools/t_krbconf b/krb5-1.21.3/src/build-tools/t_krbconf
new file mode 100644
index 00000000..5a141f5f
--- /dev/null
+++ b/krb5-1.21.3/src/build-tools/t_krbconf
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# Copyright 2003 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+echo "Testing if krb5-config outputs shell variables"
+echo "  Testing --libs argument"
+if ./krb5-config --libs kdb | egrep -s '\$' > /dev/null; then
+	echo "Error './krb5-config --libs kdb' contains shell variables"
+	exit 1
+fi
+
+echo "  Testing --cflags argument"
+if ./krb5-config --cflags | egrep -s '\$' > /dev/null; then
+	echo "Error './krb5-config --cflags' contains shell variables"
+	exit 1
+fi
+echo "krb5-config tests pass"
+exit 0
diff --git a/krb5-1.21.3/src/ccapi/Makefile.in b/krb5-1.21.3/src/ccapi/Makefile.in
new file mode 100644
index 00000000..3f80d87e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/Makefile.in
@@ -0,0 +1,5 @@
+mydir=ccapi
+BUILDTOP=$(REL)..
+
+SUBDIRS= lib server test
+WINSUBDIRS= lib\win server\win test
diff --git a/krb5-1.21.3/src/ccapi/common/Makefile.in b/krb5-1.21.3/src/ccapi/common/Makefile.in
new file mode 100644
index 00000000..b51cfe2b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/Makefile.in
@@ -0,0 +1,65 @@
+mydir=ccapi$(S)common
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS=unix
+
+SRCS= \
+	cci_array_internal.c \
+	cci_cred_union.c \
+	cci_debugging.c \
+	cci_identifier.c \
+	cci_message.c \
+	cci_stream.c
+
+STLIBOBJS= \
+	cci_array_internal.o \
+	cci_cred_union.o \
+	cci_debugging.o \
+	cci_identifier.o \
+	cci_message.o \
+	cci_stream.o
+
+OBJS= \
+	$(OUTPRE)cci_array_internal.$(OBJEXT) \
+	$(OUTPRE)cci_cred_union.$(OBJEXT) \
+	$(OUTPRE)cci_debugging.$(OBJEXT) \
+	$(OUTPRE)cci_identifier.$(OBJEXT) \
+	$(OUTPRE)cci_message.$(OBJEXT) \
+	$(OUTPRE)cci_stream.$(OBJEXT)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
+# +++ Dependency line eater +++
+# 
+# Makefile dependencies follow.  This must be the last section in
+# the Makefile.in file
+#
+cci_array_internal.so cci_array_internal.po $(OUTPRE)cci_array_internal.$(OBJEXT): \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  cci_array_internal.c cci_array_internal.h cci_common.h \
+  cci_cred_union.h cci_debugging.h cci_identifier.h cci_message.h \
+  cci_stream.h cci_types.h
+cci_cred_union.so cci_cred_union.po $(OUTPRE)cci_cred_union.$(OBJEXT): \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  cci_common.h cci_cred_union.c cci_cred_union.h cci_debugging.h \
+  cci_identifier.h cci_message.h cci_stream.h cci_types.h
+cci_debugging.so cci_debugging.po $(OUTPRE)cci_debugging.$(OBJEXT): \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  cci_common.h cci_cred_union.h cci_debugging.c cci_debugging.h \
+  cci_identifier.h cci_message.h cci_os_debugging.h cci_stream.h \
+  cci_types.h
+cci_identifier.so cci_identifier.po $(OUTPRE)cci_identifier.$(OBJEXT): \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  cci_common.h cci_cred_union.h cci_debugging.h cci_identifier.c \
+  cci_identifier.h cci_message.h cci_os_identifier.h \
+  cci_stream.h cci_types.h
+cci_message.so cci_message.po $(OUTPRE)cci_message.$(OBJEXT): \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  cci_common.h cci_cred_union.h cci_debugging.h cci_identifier.h \
+  cci_message.c cci_message.h cci_stream.h cci_types.h
+cci_stream.so cci_stream.po $(OUTPRE)cci_stream.$(OBJEXT): \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  cci_common.h cci_cred_union.h cci_debugging.h cci_identifier.h \
+  cci_message.h cci_stream.c cci_stream.h cci_types.h
diff --git a/krb5-1.21.3/src/ccapi/common/cci_array_internal.c b/krb5-1.21.3/src/ccapi/common/cci_array_internal.c
new file mode 100644
index 00000000..7a205d72
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_array_internal.c
@@ -0,0 +1,312 @@
+/* ccapi/common/cci_array_internal.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+#include "cci_array_internal.h"
+
+#ifdef WIN32
+#include "k5-platform.h"
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+struct cci_array_d {
+    cci_array_object_t *objects;
+    cc_uint64 count;
+    cc_uint64 max_count;
+
+    cci_array_object_release_t object_release;
+};
+
+struct cci_array_d cci_array_initializer = { NULL, 0, 0, NULL };
+
+#define CCI_ARRAY_COUNT_INCREMENT 16
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 cci_array_resize (cci_array_t io_array,
+                                  cc_uint64   in_new_count)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 new_max_count = 0;
+
+    if (!io_array) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint64 old_max_count = io_array->max_count;
+        new_max_count = io_array->max_count;
+
+        if (in_new_count > old_max_count) {
+            /* Expand the array */
+            while (in_new_count > new_max_count) {
+                new_max_count += CCI_ARRAY_COUNT_INCREMENT;
+            }
+
+        } else if ((in_new_count + CCI_ARRAY_COUNT_INCREMENT) < old_max_count) {
+            /* Shrink the array, but never drop below CC_ARRAY_COUNT_INCREMENT */
+            while ((in_new_count + CCI_ARRAY_COUNT_INCREMENT) < new_max_count &&
+                   (new_max_count > CCI_ARRAY_COUNT_INCREMENT)) {
+                new_max_count -= CCI_ARRAY_COUNT_INCREMENT;
+            }
+        }
+    }
+
+    if (!err && io_array->max_count != new_max_count) {
+        cci_array_object_t *objects = io_array->objects;
+
+        if (!objects) {
+            objects = malloc (new_max_count * sizeof (*objects));
+        } else {
+            objects = realloc (objects, new_max_count * sizeof (*objects));
+        }
+        if (!objects) { err = cci_check_error (ccErrNoMem); }
+
+        if (!err) {
+            io_array->objects = objects;
+            io_array->max_count = new_max_count;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_array_new (cci_array_t                *out_array,
+                        cci_array_object_release_t  in_array_object_release)
+{
+    cc_int32 err = ccNoError;
+    cci_array_t array = NULL;
+
+    if (!out_array) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        array = malloc (sizeof (*array));
+        if (array) {
+            *array = cci_array_initializer;
+            array->object_release = in_array_object_release;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        *out_array = array;
+        array = NULL;
+    }
+
+    cci_array_release (array);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_array_release (cci_array_t io_array)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_array) {
+        cc_uint64 i;
+
+        if (io_array->object_release) {
+	    for (i = 0; i < io_array->count; i++) {
+		io_array->object_release (io_array->objects[i]);
+	    }
+	}
+        free (io_array->objects);
+        free (io_array);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 cci_array_count (cci_array_t in_array)
+{
+    return in_array ? in_array->count : 0;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cci_array_object_t cci_array_object_at_index (cci_array_t io_array,
+                                              cc_uint64   in_position)
+{
+    if (io_array && in_position < io_array->count) {
+        return io_array->objects[in_position];
+    } else {
+        if (!io_array) {
+            cci_debug_printf ("%s() got NULL array", __FUNCTION__);
+        } else {
+            cci_debug_printf ("%s() got bad index %lld (count = %lld)", __FUNCTION__,
+                              in_position, io_array->count);
+        }
+        return NULL;
+    }
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_array_insert (cci_array_t        io_array,
+                           cci_array_object_t in_object,
+                           cc_uint64          in_position)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_array ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_object) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        /* Don't try to insert past the end and don't overflow the array */
+        if (in_position > io_array->count || io_array->count == UINT64_MAX) {
+            err = cci_check_error (ccErrBadParam);
+        }
+    }
+
+    if (!err) {
+        err = cci_array_resize (io_array, io_array->count + 1);
+    }
+
+    if (!err) {
+        cc_uint64 move_count = io_array->count - in_position;
+
+        if (move_count > 0) {
+            memmove (&io_array->objects[in_position + 1], &io_array->objects[in_position],
+                     move_count * sizeof (*io_array->objects));
+        }
+
+        io_array->objects[in_position] = in_object;
+        io_array->count++;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_array_remove (cci_array_t io_array,
+                           cc_uint64   in_position)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_array) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && in_position >= io_array->count) {
+        err = cci_check_error (ccErrBadParam);
+    }
+
+    if (!err) {
+        cc_uint64 move_count = io_array->count - in_position - 1;
+        cci_array_object_t object = io_array->objects[in_position];
+
+        if (move_count > 0) {
+            memmove (&io_array->objects[in_position], &io_array->objects[in_position + 1],
+                     move_count * sizeof (*io_array->objects));
+        }
+        io_array->count--;
+
+        if (io_array->object_release) { io_array->object_release (object); }
+
+        cci_array_resize (io_array, io_array->count);
+     }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_array_move (cci_array_t  io_array,
+                         cc_uint64    in_position,
+                         cc_uint64    in_new_position,
+                         cc_uint64   *out_real_new_position)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_array             ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_real_new_position) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && in_position >= io_array->count) {
+        err = cci_check_error (ccErrBadParam);
+    }
+
+    if (!err && in_new_position > io_array->count) {
+        err = cci_check_error (ccErrBadParam);
+    }
+    if (!err) {
+        cc_uint64 move_from = 0;
+        cc_uint64 move_to = 0;
+        cc_uint64 move_count = 0;
+        cc_uint64 real_new_position = 0;
+
+        if (in_position < in_new_position) {
+            /* shift right, making an empty space so the
+             * actual new position is one less in_new_position */
+            move_from = in_position + 1;
+            move_to = in_position;
+            move_count = in_new_position - in_position - 1;
+            real_new_position = in_new_position - 1;
+
+        } else if (in_position > in_new_position) {
+            /* shift left */
+            move_from = in_new_position;
+            move_to = in_new_position + 1;
+            move_count = in_position - in_new_position;
+            real_new_position = in_new_position;
+
+        } else {
+            real_new_position = in_new_position;
+        }
+
+        if (move_count > 0) {
+            cci_array_object_t object = io_array->objects[in_position];
+
+            memmove (&io_array->objects[move_to], &io_array->objects[move_from],
+                     move_count * sizeof (*io_array->objects));
+            io_array->objects[real_new_position] = object;
+        }
+
+        *out_real_new_position = real_new_position;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_array_push_front (cci_array_t io_array,
+                               cc_uint64   in_position)
+{
+    cc_uint64 real_new_position = 0;
+    return cci_array_move (io_array, in_position, 0, &real_new_position);
+}
diff --git a/krb5-1.21.3/src/ccapi/common/cci_array_internal.h b/krb5-1.21.3/src/ccapi/common/cci_array_internal.h
new file mode 100644
index 00000000..364de767
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_array_internal.h
@@ -0,0 +1,65 @@
+/* ccapi/common/cci_array_internal.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_ARRAY_INTERNAL_H
+#define CCI_ARRAY_INTERNAL_H
+
+#include "cci_types.h"
+
+struct cci_array_object_d;
+typedef struct cci_array_object_d *cci_array_object_t;
+
+typedef cc_int32 (*cci_array_object_release_t) (cci_array_object_t);
+
+struct cci_array_d;
+typedef struct cci_array_d *cci_array_t;
+
+cc_int32 cci_array_new (cci_array_t                *out_array,
+                        cci_array_object_release_t  in_array_object_release);
+
+cc_int32 cci_array_release (cci_array_t io_array);
+
+cc_uint64 cci_array_count (cci_array_t in_array);
+
+cci_array_object_t cci_array_object_at_index (cci_array_t io_array,
+                                              cc_uint64   in_position);
+
+cc_int32 cci_array_insert (cci_array_t        io_array,
+                           cci_array_object_t in_object,
+                           cc_uint64          in_position);
+
+cc_int32 cci_array_remove (cci_array_t io_array,
+                           cc_uint64   in_position);
+
+cc_int32 cci_array_move (cci_array_t  io_array,
+                         cc_uint64    in_position,
+                         cc_uint64    in_new_position,
+                         cc_uint64   *out_real_new_position);
+
+cc_int32 cci_array_push_front (cci_array_t io_array,
+                               cc_uint64   in_position);
+
+
+#endif /* CCI_ARRAY_INTERNAL_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_common.h b/krb5-1.21.3/src/ccapi/common/cci_common.h
new file mode 100644
index 00000000..ec9d10b9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_common.h
@@ -0,0 +1,56 @@
+/* ccapi/common/cci_common.h */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_COMMON_H
+#define CCI_COMMON_H
+
+#include <CredentialsCache.h>
+
+#include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <com_err.h>
+
+#if TARGET_OS_MAC
+#include <unistd.h>
+#define VECTOR_FUNCTIONS_INITIALIZER ,NULL
+#else
+#include "win-mac.h"
+#define VECTOR_FUNCTIONS_INITIALIZER
+#endif
+
+#define k_cci_context_initial_ccache_name "Initial default ccache"
+
+#include "cci_cred_union.h"
+#include "cci_debugging.h"
+#include "cci_identifier.h"
+#include "cci_message.h"
+
+#include "k5-ipc_stream.h"
+
+#endif /* CCI_COMMON_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_cred_union.c b/krb5-1.21.3/src/ccapi/common/cci_cred_union.c
new file mode 100644
index 00000000..424a93da
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_cred_union.c
@@ -0,0 +1,848 @@
+/* ccapi/common/cci_cred_union.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_contents_release (cc_data *io_ccdata)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccdata && io_ccdata->data) { err = ccErrBadParam; }
+
+    if (!err) {
+        if (io_ccdata->length) {
+            memset (io_ccdata->data, 0, io_ccdata->length);
+        }
+        free (io_ccdata->data);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_release (cc_data *io_ccdata)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccdata) { err = ccErrBadParam; }
+
+    if (!err) {
+        cci_cc_data_contents_release (io_ccdata);
+        free (io_ccdata);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_read (cc_data      *io_ccdata,
+                                   k5_ipc_stream io_stream)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 type = 0;
+    cc_uint32 length = 0;
+    char *data = NULL;
+
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccdata) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &type);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &length);
+    }
+
+    if (!err && length > 0) {
+        data = malloc (length);
+        if (!data) { err = cci_check_error (ccErrNoMem); }
+
+        if (!err) {
+            err = krb5int_ipc_stream_read (io_stream, data, length);
+        }
+    }
+
+    if (!err) {
+        io_ccdata->type = type;
+        io_ccdata->length = length;
+        io_ccdata->data = data;
+        data = NULL;
+    }
+
+    free (data);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_write (cc_data      *in_ccdata,
+                                    k5_ipc_stream io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccdata) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (io_stream, in_ccdata->type);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (io_stream, in_ccdata->length);
+    }
+
+    if (!err && in_ccdata->length > 0) {
+        err = krb5int_ipc_stream_write (io_stream, in_ccdata->data, in_ccdata->length);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_array_release (cc_data **io_ccdata_array)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccdata_array) { err = ccErrBadParam; }
+
+    if (!err) {
+        cc_uint32 i;
+
+        for (i = 0; io_ccdata_array && io_ccdata_array[i]; i++) {
+            cci_cc_data_release (io_ccdata_array[i]);
+        }
+        free (io_ccdata_array);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_array_read (cc_data      ***io_ccdata_array,
+                                         k5_ipc_stream    io_stream)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 count = 0;
+    cc_data **array = NULL;
+    cc_uint32 i;
+
+    if (!io_stream      ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccdata_array) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &count);
+    }
+
+    if (!err && count > 0) {
+        array = malloc ((count + 1) * sizeof (*array));
+        if (array) {
+            for (i = 0; i <= count; i++) { array[i] = NULL; }
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        for (i = 0; !err && i < count; i++) {
+            array[i] = malloc (sizeof (cc_data));
+            if (!array[i]) { err = cci_check_error (ccErrNoMem); }
+
+            if (!err) {
+                err = cci_cc_data_read (array[i], io_stream);
+            }
+        }
+    }
+
+    if (!err) {
+        *io_ccdata_array = array;
+        array = NULL;
+    }
+
+    cci_cc_data_array_release (array);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_array_write (cc_data      **in_ccdata_array,
+                                          k5_ipc_stream   io_stream)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 count = 0;
+
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+    /* in_ccdata_array may be NULL */
+
+    if (!err) {
+        for (count = 0; in_ccdata_array && in_ccdata_array[count]; count++);
+
+        err = krb5int_ipc_stream_write_uint32 (io_stream, count);
+    }
+
+    if (!err) {
+        cc_uint32 i;
+
+        for (i = 0; !err && i < count; i++) {
+            err = cci_cc_data_write (in_ccdata_array[i], io_stream);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_credentials_v5_t cci_credentials_v5_initializer = {
+    NULL,
+    NULL,
+    { 0, 0, NULL },
+    0, 0, 0, 0, 0, 0,
+    NULL,
+    { 0, 0, NULL },
+    { 0, 0, NULL },
+    NULL
+};
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_credentials_v5_release (cc_credentials_v5_t *io_v5creds)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_v5creds) { err = ccErrBadParam; }
+
+    if (!err) {
+        free (io_v5creds->client);
+        free (io_v5creds->server);
+        cci_cc_data_contents_release (&io_v5creds->keyblock);
+        cci_cc_data_array_release (io_v5creds->addresses);
+        cci_cc_data_contents_release (&io_v5creds->ticket);
+        cci_cc_data_contents_release (&io_v5creds->second_ticket);
+        cci_cc_data_array_release (io_v5creds->authdata);
+        free (io_v5creds);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_credentials_v5_read (cc_credentials_v5_t **out_v5creds,
+                                          k5_ipc_stream          io_stream)
+{
+    cc_int32 err = ccNoError;
+    cc_credentials_v5_t *v5creds = NULL;
+
+    if (!io_stream  ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_v5creds) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        v5creds = malloc (sizeof (*v5creds));
+        if (v5creds) {
+            *v5creds = cci_credentials_v5_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (io_stream, &v5creds->client);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (io_stream, &v5creds->server);
+    }
+
+    if (!err) {
+        err = cci_cc_data_read (&v5creds->keyblock, io_stream);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (io_stream, &v5creds->authtime);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (io_stream, &v5creds->starttime);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (io_stream, &v5creds->endtime);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (io_stream, &v5creds->renew_till);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &v5creds->is_skey);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &v5creds->ticket_flags);
+    }
+
+    if (!err) {
+        err = cci_cc_data_array_read (&v5creds->addresses, io_stream);
+    }
+
+    if (!err) {
+        err = cci_cc_data_read (&v5creds->ticket, io_stream);
+    }
+
+    if (!err) {
+        err = cci_cc_data_read (&v5creds->second_ticket, io_stream);
+    }
+
+    if (!err) {
+        err = cci_cc_data_array_read (&v5creds->authdata, io_stream);
+    }
+
+    if (!err) {
+        *out_v5creds = v5creds;
+        v5creds = NULL;
+    }
+
+    cci_credentials_v5_release (v5creds);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_credentials_v5_write (cc_credentials_v5_t *in_v5creds,
+                                           k5_ipc_stream         io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_v5creds) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (io_stream, in_v5creds->client);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (io_stream, in_v5creds->server);
+    }
+
+    if (!err) {
+        err = cci_cc_data_write (&in_v5creds->keyblock, io_stream);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->authtime);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->starttime);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->endtime);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->renew_till);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (io_stream, in_v5creds->is_skey);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (io_stream, in_v5creds->ticket_flags);
+    }
+
+    if (!err) {
+        err = cci_cc_data_array_write (in_v5creds->addresses, io_stream);
+    }
+
+    if (!err) {
+        err = cci_cc_data_write (&in_v5creds->ticket, io_stream);
+    }
+
+    if (!err) {
+        err = cci_cc_data_write (&in_v5creds->second_ticket, io_stream);
+    }
+
+    if (!err) {
+        err = cci_cc_data_array_write (in_v5creds->authdata, io_stream);
+    }
+
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_credentials_union_release (cc_credentials_union *io_cred_union)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_cred_union) { err = ccErrBadParam; }
+
+    if (!err) {
+        if (io_cred_union->version == cc_credentials_v5) {
+            cci_credentials_v5_release (io_cred_union->credentials.credentials_v5);
+        }
+        free (io_cred_union);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_credentials_union_read (cc_credentials_union **out_credentials_union,
+                                      k5_ipc_stream           io_stream)
+{
+    cc_int32 err = ccNoError;
+    cc_credentials_union *credentials_union = NULL;
+
+    if (!io_stream            ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_union) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        credentials_union = calloc (1, sizeof (*credentials_union));
+        if (!credentials_union) { err = cci_check_error (ccErrNoMem); }
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &credentials_union->version);
+    }
+
+    if (!err) {
+        if (credentials_union->version == cc_credentials_v5) {
+            err = cci_credentials_v5_read (&credentials_union->credentials.credentials_v5,
+                                           io_stream);
+
+
+        } else {
+            err = ccErrBadCredentialsVersion;
+        }
+    }
+
+    if (!err) {
+        *out_credentials_union = credentials_union;
+        credentials_union = NULL;
+    }
+
+    if (credentials_union) { cci_credentials_union_release (credentials_union); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_credentials_union_write (const cc_credentials_union *in_credentials_union,
+                                       k5_ipc_stream                io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_stream           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (io_stream, in_credentials_union->version);
+    }
+
+    if (!err) {
+        if (in_credentials_union->version == cc_credentials_v5) {
+            err = cci_credentials_v5_write (in_credentials_union->credentials.credentials_v5,
+                                            io_stream);
+
+        } else {
+            err = ccErrBadCredentialsVersion;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#pragma mark -- CCAPI v2 Compat --
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_credentials_v5_compat cci_credentials_v5_compat_initializer = {
+    NULL,
+    NULL,
+    { 0, 0, NULL },
+    0, 0, 0, 0, 0, 0,
+    NULL,
+    { 0, 0, NULL },
+    { 0, 0, NULL },
+    NULL
+};
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_cred_union_release (cred_union *io_cred_union)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_cred_union) { err = ccErrBadParam; }
+
+    if (!err) {
+        if (io_cred_union->cred_type == CC_CRED_V5) {
+            free (io_cred_union->cred.pV5Cred->client);
+            free (io_cred_union->cred.pV5Cred->server);
+            cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->keyblock);
+            cci_cc_data_array_release (io_cred_union->cred.pV5Cred->addresses);
+            cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->ticket);
+            cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->second_ticket);
+            cci_cc_data_array_release (io_cred_union->cred.pV5Cred->authdata);
+            free (io_cred_union->cred.pV5Cred);
+        }
+        free (io_cred_union);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_copy_contents (cc_data      *io_ccdata,
+                                            cc_data      *in_ccdata)
+{
+    cc_int32 err = ccNoError;
+    char *data = NULL;
+
+    if (!io_ccdata) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccdata) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && in_ccdata->length > 0) {
+        data = malloc (in_ccdata->length);
+        if (data) {
+            memcpy (data, in_ccdata->data, in_ccdata->length);
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        io_ccdata->type = in_ccdata->type;
+        io_ccdata->length = in_ccdata->length;
+        io_ccdata->data = data;
+        data = NULL;
+    }
+
+    free (data);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_uint32 cci_cc_data_array_copy (cc_data      ***io_ccdata_array,
+                                         cc_data       **in_ccdata_array)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 count = 0;
+    cc_data **array = NULL;
+    cc_uint32 i;
+
+    if (!io_ccdata_array) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        for (count = 0; in_ccdata_array && in_ccdata_array[count]; count++);
+    }
+
+    if (!err && count > 0) {
+        array = malloc ((count + 1) * sizeof (*array));
+        if (array) {
+            for (i = 0; i <= count; i++) { array[i] = NULL; }
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        for (i = 0; !err && i < count; i++) {
+            array[i] = malloc (sizeof (cc_data));
+            if (!array[i]) { err = cci_check_error (ccErrNoMem); }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (array[i], in_ccdata_array[i]);
+            }
+        }
+    }
+
+    if (!err) {
+        *io_ccdata_array = array;
+        array = NULL;
+    }
+
+    cci_cc_data_array_release (array);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_credentials_union_to_cred_union (const cc_credentials_union  *in_credentials_union,
+                                               cred_union                 **out_cred_union)
+{
+    cc_int32 err = ccNoError;
+    cred_union *compat_cred_union = NULL;
+
+    if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
+    if (!out_cred_union      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        compat_cred_union = calloc (1, sizeof (*compat_cred_union));
+        if (!compat_cred_union) { err = cci_check_error (ccErrNoMem); }
+    }
+
+    if (!err) {
+        if (in_credentials_union->version == cc_credentials_v5) {
+            cc_credentials_v5_t *v5creds = in_credentials_union->credentials.credentials_v5;
+            cc_credentials_v5_compat *compat_v5creds = NULL;
+
+            compat_v5creds = malloc (sizeof (*compat_v5creds));
+            if (compat_v5creds) {
+                *compat_v5creds = cci_credentials_v5_compat_initializer;
+            } else {
+                err = cci_check_error (ccErrNoMem);
+            }
+
+            if (!err) {
+                if (!v5creds->client) {
+                    err = cci_check_error (ccErrBadParam);
+                } else {
+                    compat_v5creds->client = strdup (v5creds->client);
+                    if (!compat_v5creds->client) { err = cci_check_error (ccErrNoMem); }
+                }
+            }
+
+            if (!err) {
+                if (!v5creds->server) {
+                    err = cci_check_error (ccErrBadParam);
+                } else {
+                    compat_v5creds->server = strdup (v5creds->server);
+                    if (!compat_v5creds->server) { err = cci_check_error (ccErrNoMem); }
+                }
+            }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (&compat_v5creds->keyblock, &v5creds->keyblock);
+            }
+
+            if (!err) {
+                err = cci_cc_data_array_copy (&compat_v5creds->addresses, v5creds->addresses);
+            }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (&compat_v5creds->ticket, &v5creds->ticket);
+            }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (&compat_v5creds->second_ticket, &v5creds->second_ticket);
+            }
+
+            if (!err) {
+                err = cci_cc_data_array_copy (&compat_v5creds->authdata, v5creds->authdata);
+            }
+
+            if (!err) {
+                compat_cred_union->cred_type = CC_CRED_V5;
+                compat_cred_union->cred.pV5Cred = compat_v5creds;
+
+                compat_v5creds->keyblock      = v5creds->keyblock;
+                compat_v5creds->authtime      = v5creds->authtime;
+                compat_v5creds->starttime     = v5creds->starttime;
+                compat_v5creds->endtime       = v5creds->endtime;
+                compat_v5creds->renew_till    = v5creds->renew_till;
+                compat_v5creds->is_skey       = v5creds->is_skey;
+                compat_v5creds->ticket_flags  = v5creds->ticket_flags;
+            }
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        *out_cred_union = compat_cred_union;
+        compat_cred_union = NULL;
+    }
+
+    if (compat_cred_union) { cci_cred_union_release (compat_cred_union); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_cred_union_to_credentials_union (const cred_union      *in_cred_union,
+                                               cc_credentials_union **out_credentials_union)
+{
+    cc_int32 err = ccNoError;
+    cc_credentials_union *creds_union = NULL;
+
+    if (!in_cred_union        ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_union) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        creds_union = calloc (1, sizeof (*creds_union));
+        if (!creds_union) { err = cci_check_error (ccErrNoMem); }
+    }
+
+    if (!err) {
+        if (in_cred_union->cred_type == CC_CRED_V5) {
+            cc_credentials_v5_compat *compat_v5creds = in_cred_union->cred.pV5Cred;
+            cc_credentials_v5_t *v5creds = NULL;
+
+            if (!err) {
+                v5creds = malloc (sizeof (*v5creds));
+                if (v5creds) {
+                    *v5creds = cci_credentials_v5_initializer;
+                } else {
+                    err = cci_check_error (ccErrNoMem);
+                }
+            }
+
+            if (!err) {
+                if (!compat_v5creds->client) {
+                    err = cci_check_error (ccErrBadParam);
+                } else {
+                    v5creds->client = strdup (compat_v5creds->client);
+                    if (!v5creds->client) { err = cci_check_error (ccErrNoMem); }
+                }
+            }
+
+            if (!err) {
+                if (!compat_v5creds->server) {
+                    err = cci_check_error (ccErrBadParam);
+                } else {
+                    v5creds->server = strdup (compat_v5creds->server);
+                    if (!v5creds->server) { err = cci_check_error (ccErrNoMem); }
+                }
+            }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (&v5creds->keyblock, &compat_v5creds->keyblock);
+            }
+
+            if (!err) {
+                err = cci_cc_data_array_copy (&v5creds->addresses, compat_v5creds->addresses);
+            }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (&v5creds->ticket, &compat_v5creds->ticket);
+            }
+
+            if (!err) {
+                err = cci_cc_data_copy_contents (&v5creds->second_ticket, &compat_v5creds->second_ticket);
+            }
+
+            if (!err) {
+                err = cci_cc_data_array_copy (&v5creds->authdata, compat_v5creds->authdata);
+            }
+
+            if (!err) {
+                creds_union->version = cc_credentials_v5;
+                creds_union->credentials.credentials_v5 = v5creds;
+
+                v5creds->authtime      = compat_v5creds->authtime;
+                v5creds->starttime     = compat_v5creds->starttime;
+                v5creds->endtime       = compat_v5creds->endtime;
+                v5creds->renew_till    = compat_v5creds->renew_till;
+                v5creds->is_skey       = compat_v5creds->is_skey;
+                v5creds->ticket_flags  = compat_v5creds->ticket_flags;
+            }
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        *out_credentials_union = creds_union;
+        creds_union = NULL;
+    }
+
+    if (creds_union) { cci_credentials_union_release (creds_union); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_cred_union_compare_to_credentials_union (const cred_union           *in_cred_union_compat,
+                                                       const cc_credentials_union *in_credentials_union,
+                                                       cc_uint32                  *out_equal)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 equal = 0;
+
+    if (!in_cred_union_compat) { err = cci_check_error (ccErrBadParam); }
+    if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal           ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        if (in_cred_union_compat->cred_type == CC_CRED_V5 &&
+                   in_credentials_union->version == cc_credentials_v5) {
+            cc_credentials_v5_compat *old_creds_v5 = in_cred_union_compat->cred.pV5Cred;
+            cc_credentials_v5_t *new_creds_v5 = in_credentials_union->credentials.credentials_v5;
+
+            /* Really should use krb5_parse_name and krb5_principal_compare */
+            if (old_creds_v5 && new_creds_v5 &&
+                !strcmp (old_creds_v5->client, new_creds_v5->client) &&
+                !strcmp (old_creds_v5->server, new_creds_v5->server) &&
+                (old_creds_v5->starttime == new_creds_v5->starttime)) {
+                equal = 1;
+            }
+        }
+    }
+
+    if (!err) {
+        *out_equal = equal;
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/common/cci_cred_union.h b/krb5-1.21.3/src/ccapi/common/cci_cred_union.h
new file mode 100644
index 00000000..2e40476c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_cred_union.h
@@ -0,0 +1,52 @@
+/* ccapi/common/cci_cred_union.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_CRED_UNION_H
+#define CCI_CRED_UNION_H
+
+#include "cci_types.h"
+#include <CredentialsCache2.h>
+
+cc_uint32 cci_credentials_union_release (cc_credentials_union *io_credentials);
+
+cc_uint32 cci_credentials_union_read (cc_credentials_union **out_credentials_union,
+                                      k5_ipc_stream           io_stream);
+
+cc_uint32 cci_credentials_union_write (const cc_credentials_union *in_credentials_union,
+                                       k5_ipc_stream                io_stream);
+
+cc_uint32 cci_cred_union_release (cred_union *io_cred_union);
+
+cc_uint32 cci_credentials_union_to_cred_union (const cc_credentials_union  *in_credentials_union,
+                                               cred_union                 **out_cred_union);
+
+cc_uint32 cci_cred_union_to_credentials_union (const cred_union      *in_cred_union,
+                                               cc_credentials_union **out_credentials_union);
+
+cc_uint32 cci_cred_union_compare_to_credentials_union (const cred_union           *in_cred_union_compat,
+                                                       const cc_credentials_union *in_credentials_union,
+                                                       cc_uint32                  *out_equal);
+
+#endif /* CCI_CRED_UNION_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_debugging.c b/krb5-1.21.3/src/ccapi/common/cci_debugging.c
new file mode 100644
index 00000000..42d8a772
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_debugging.c
@@ -0,0 +1,54 @@
+/* ccapi/common/cci_debugging.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+#include "cci_os_debugging.h"
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 _cci_check_error (cc_int32    in_error,
+                           const char *in_function,
+                           const char *in_file,
+                           int         in_line)
+{
+    /* Do not log for flow control errors or when there is no error at all */
+    if (in_error != ccNoError && in_error != ccIteratorEnd) {
+        cci_debug_printf ("%s() got %d at %s: %d", in_function,
+                          in_error, in_file, in_line);
+    }
+
+    return in_error;
+}
+
+/* ------------------------------------------------------------------------ */
+
+void cci_debug_printf (const char *in_format, ...)
+{
+    va_list args;
+
+    va_start (args, in_format);
+    cci_os_debug_vprintf (in_format, args);
+    va_end (args);
+}
diff --git a/krb5-1.21.3/src/ccapi/common/cci_debugging.h b/krb5-1.21.3/src/ccapi/common/cci_debugging.h
new file mode 100644
index 00000000..64413e23
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_debugging.h
@@ -0,0 +1,43 @@
+/* ccapi/common/cci_debugging.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_DEBUGGING_H
+#define CCI_DEBUGGING_H
+
+#include "cci_types.h"
+
+cc_int32 _cci_check_error (cc_int32    in_err,
+                           const char *in_function,
+                           const char *in_file,
+                           int         in_line);
+#define cci_check_error(err) _cci_check_error(err, __FUNCTION__, __FILE__, __LINE__)
+
+void cci_debug_printf (const char *in_format, ...)
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+__attribute__ ((__format__ (__printf__, 1, 2)))
+#endif
+;
+
+#endif /* CCI_DEBUGGING_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_identifier.c b/krb5-1.21.3/src/ccapi/common/cci_identifier.c
new file mode 100644
index 00000000..a672c18f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_identifier.c
@@ -0,0 +1,290 @@
+/* ccapi/common/cci_identifier.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+#include "cci_os_identifier.h"
+
+struct cci_identifier_d {
+    cci_uuid_string_t server_id;
+    cci_uuid_string_t object_id;
+};
+
+struct cci_identifier_d cci_identifier_initializer = { NULL, NULL };
+
+#define cci_uninitialized_server_id "NEEDS_SYNC"
+#define cci_uninitialized_object_id "NEEDS_SYNC"
+
+struct cci_identifier_d cci_identifier_uninitialized_d = {
+    cci_uninitialized_server_id,
+    cci_uninitialized_object_id
+};
+const cci_identifier_t cci_identifier_uninitialized = &cci_identifier_uninitialized_d;
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_new_uuid (cci_uuid_string_t *out_uuid_string)
+{
+    return cci_os_identifier_new_uuid (out_uuid_string);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 cci_identifier_alloc (cci_identifier_t *out_identifier,
+                                      cci_uuid_string_t in_server_id,
+                                      cci_uuid_string_t in_object_id)
+{
+    cc_int32 err = ccNoError;
+    cci_identifier_t identifier = NULL;
+
+    if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!in_server_id  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_object_id  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        identifier = malloc (sizeof (*identifier));
+        if (identifier) {
+            *identifier = cci_identifier_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        identifier->server_id = strdup (in_server_id);
+        if (!identifier->server_id) { err = cci_check_error (ccErrNoMem); }
+    }
+
+    if (!err) {
+        identifier->object_id = strdup (in_object_id);
+        if (!identifier->object_id) { err = cci_check_error (ccErrNoMem); }
+    }
+
+    if (!err) {
+        *out_identifier = identifier;
+        identifier = NULL; /* take ownership */
+    }
+
+    cci_identifier_release (identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_new (cci_identifier_t *out_identifier,
+                             cci_uuid_string_t in_server_id)
+{
+    cc_int32 err = ccNoError;
+    cci_uuid_string_t object_id = NULL;
+
+    if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!in_server_id  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_os_identifier_new_uuid (&object_id);
+    }
+
+    if (!err) {
+        err = cci_identifier_alloc (out_identifier, in_server_id, object_id);
+    }
+
+    if (object_id) { free (object_id); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_copy (cci_identifier_t *out_identifier,
+                              cci_identifier_t  in_identifier)
+{
+    cc_int32 err = ccNoError;
+
+    if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_alloc (out_identifier,
+                                    in_identifier->server_id,
+                                    in_identifier->object_id);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_release (cci_identifier_t in_identifier)
+{
+    cc_int32 err = ccNoError;
+
+    /* Do not free the static "uninitialized" identifier */
+    if (!err && in_identifier && in_identifier != cci_identifier_uninitialized) {
+        free (in_identifier->server_id);
+        free (in_identifier->object_id);
+        free (in_identifier);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_compare (cci_identifier_t  in_identifier,
+                                 cci_identifier_t  in_compare_to_identifier,
+                                 cc_uint32        *out_equal)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_compare_to_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal               ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_equal = (!strcmp (in_identifier->object_id,
+                               in_compare_to_identifier->object_id) &&
+                      !strcmp (in_identifier->server_id,
+                               in_compare_to_identifier->server_id));
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_is_for_server (cci_identifier_t  in_identifier,
+                                       cci_uuid_string_t in_server_id,
+                                       cc_uint32        *out_is_for_server)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_identifier    ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_server_id     ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_is_for_server) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_is_for_server = (!strcmp (in_identifier->server_id, in_server_id) ||
+                              !strcmp (in_identifier->server_id, cci_uninitialized_server_id));
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_compare_server_id (cci_identifier_t  in_identifier,
+                                           cci_identifier_t  in_compare_to_identifier,
+                                           cc_uint32        *out_equal_server_id)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_compare_to_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal_server_id     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_equal_server_id = (!strcmp (in_identifier->server_id,
+                                         in_compare_to_identifier->server_id));
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_identifier_is_initialized (cci_identifier_t  in_identifier,
+                                        cc_uint32        *out_is_initialized)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_identifier     ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_is_initialized) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_is_initialized = (strcmp (in_identifier->server_id,
+                                       cci_uninitialized_server_id) != 0);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_identifier_read (cci_identifier_t *out_identifier,
+                               k5_ipc_stream      io_stream)
+{
+    cc_int32 err = ccNoError;
+    cci_uuid_string_t server_id = NULL;
+    cci_uuid_string_t object_id = NULL;
+
+    if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!io_stream     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (io_stream, &server_id);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (io_stream, &object_id);
+    }
+
+    if (!err) {
+        err = cci_identifier_alloc (out_identifier, server_id, object_id);
+    }
+
+    krb5int_ipc_stream_free_string (server_id);
+    krb5int_ipc_stream_free_string (object_id);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 cci_identifier_write (cci_identifier_t in_identifier,
+                                k5_ipc_stream     io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!io_stream    ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (io_stream, in_identifier->server_id);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (io_stream, in_identifier->object_id);
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/common/cci_identifier.h b/krb5-1.21.3/src/ccapi/common/cci_identifier.h
new file mode 100644
index 00000000..d5e1da4f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_identifier.h
@@ -0,0 +1,64 @@
+/* ccapi/common/cci_identifier.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_IDENTIFIER_H
+#define CCI_IDENTIFIER_H
+
+#include "cci_types.h"
+
+extern const cci_identifier_t cci_identifier_uninitialized;
+
+cc_int32 cci_identifier_new_uuid (cci_uuid_string_t *out_uuid_string);
+
+cc_int32 cci_identifier_new (cci_identifier_t *out_identifier,
+                             cci_uuid_string_t in_server_id);
+
+cc_int32 cci_identifier_copy (cci_identifier_t *out_identifier,
+                              cci_identifier_t  in_handle);
+
+cc_int32 cci_identifier_release (cci_identifier_t in_identifier);
+
+cc_int32 cci_identifier_compare (cci_identifier_t  in_identifier,
+                                 cci_identifier_t  in_compare_to_identifier,
+                                 cc_uint32        *out_equal);
+
+cc_int32 cci_identifier_is_for_server (cci_identifier_t  in_identifier,
+                                       cci_uuid_string_t in_server_id,
+                                       cc_uint32        *out_is_for_server);
+
+cc_int32 cci_identifier_compare_server_id (cci_identifier_t  in_identifier,
+                                           cci_identifier_t  in_compare_to_identifier,
+                                           cc_uint32        *out_equal_server_id);
+
+cc_int32 cci_identifier_is_initialized (cci_identifier_t  in_identifier,
+                                        cc_uint32        *out_is_initialized);
+
+cc_uint32 cci_identifier_read (cci_identifier_t *out_identifier,
+                               k5_ipc_stream      io_stream);
+
+cc_uint32 cci_identifier_write (cci_identifier_t in_identifier,
+                                k5_ipc_stream     io_stream);
+
+#endif /* CCI_IDENTIFIER_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_message.c b/krb5-1.21.3/src/ccapi/common/cci_message.c
new file mode 100644
index 00000000..3f610759
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_message.c
@@ -0,0 +1,213 @@
+/* ccapi/common/cci_message.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_message_invalid_object_err (enum cci_msg_id_t in_request_name)
+{
+    cc_int32 err = ccNoError;
+
+    if (in_request_name > cci_context_first_msg_id &&
+        in_request_name < cci_context_last_msg_id) {
+        err = ccErrInvalidContext;
+
+    } else if (in_request_name > cci_ccache_first_msg_id &&
+               in_request_name < cci_ccache_last_msg_id) {
+        err = ccErrInvalidCCache;
+
+    } else if (in_request_name > cci_ccache_iterator_first_msg_id &&
+               in_request_name < cci_ccache_iterator_last_msg_id) {
+        err = ccErrInvalidCCacheIterator;
+
+    } else if (in_request_name > cci_credentials_iterator_first_msg_id &&
+               in_request_name < cci_credentials_iterator_last_msg_id) {
+        err = ccErrInvalidCredentialsIterator;
+
+    } else {
+        err = ccErrBadInternalMessage;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_message_new_request_header (k5_ipc_stream      *out_request,
+                                         enum cci_msg_id_t  in_request_name,
+                                         cci_identifier_t   in_identifier)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream request = NULL;
+
+    if (!out_request) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_request_name);
+    }
+
+    if (!err) {
+        err = cci_identifier_write (in_identifier, request);
+    }
+
+    if (!err) {
+        *out_request = request;
+        request = NULL;
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_message_read_request_header (k5_ipc_stream       in_request,
+                                          enum cci_msg_id_t *out_request_name,
+                                          cci_identifier_t  *out_identifier)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 request_name;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_request      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_request_name) { err = cci_check_error (ccErrBadParam); }
+    if (!out_identifier  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request, &request_name);
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, in_request);
+    }
+
+    if (!err) {
+        *out_request_name = request_name;
+        *out_identifier = identifier;
+        identifier = NULL; /* take ownership */
+    }
+
+    cci_identifier_release (identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_message_new_reply_header (k5_ipc_stream     *out_reply,
+                                       cc_int32          in_error)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream reply = NULL;
+
+    if (!out_reply) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_int32 (reply, in_error);
+    }
+
+    if (!err) {
+        *out_reply = reply;
+        reply = NULL;
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_message_read_reply_header (k5_ipc_stream      in_reply,
+                                        cc_int32         *out_reply_error)
+{
+    cc_int32 err = ccNoError;
+    cc_int32 reply_err = 0;
+
+    if (!in_reply       ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_error) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_int32 (in_reply, &reply_err);
+    }
+
+    if (!err) {
+        *out_reply_error = reply_err;
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream  io_stream,
+                                  cc_time_t     *out_time)
+{
+    int32_t err = 0;
+    int64_t t = 0;
+
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+    if (!out_time ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_int64 (io_stream, &t);
+    }
+
+    if (!err) {
+        *out_time = t;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream,
+					cc_time_t     in_time)
+{
+    int32_t err = 0;
+
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_int64 (io_stream, in_time);
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/common/cci_message.h b/krb5-1.21.3/src/ccapi/common/cci_message.h
new file mode 100644
index 00000000..6babb560
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_message.h
@@ -0,0 +1,52 @@
+/* ccapi/common/cci_message.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_MESSAGE_H
+#define CCI_MESSAGE_H
+
+#include "cci_types.h"
+
+cc_int32 cci_message_invalid_object_err (enum cci_msg_id_t in_request_name);
+
+cc_int32 cci_message_new_request_header (k5_ipc_stream     *out_request,
+                                         enum cci_msg_id_t in_request_name,
+                                         cci_identifier_t  in_identifier);
+
+cc_int32 cci_message_read_request_header (k5_ipc_stream       in_request,
+                                          enum cci_msg_id_t *out_request_name,
+                                          cci_identifier_t  *out_identifier);
+
+cc_int32 cci_message_new_reply_header (k5_ipc_stream     *out_reply,
+                                       cc_int32          in_error);
+
+cc_int32 cci_message_read_reply_header (k5_ipc_stream in_reply,
+                                        cc_int32     *out_reply_error);
+
+uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream  io_stream,
+				       cc_time_t     *out_time);
+uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream,
+					cc_time_t     in_time);
+
+#endif /* CCI_MESSAGE_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_os_debugging.h b/krb5-1.21.3/src/ccapi/common/cci_os_debugging.h
new file mode 100644
index 00000000..c99c79a9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_os_debugging.h
@@ -0,0 +1,34 @@
+/* ccapi/common/cci_os_debugging.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_OS_DEBUGGING_H
+#define CCI_OS_DEBUGGING_H
+
+#include "cci_types.h"
+#include <stdarg.h>
+
+void cci_os_debug_vprintf (const char *in_format, va_list in_args);
+
+#endif /* CCI_OS_DEBUGGING_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_os_identifier.h b/krb5-1.21.3/src/ccapi/common/cci_os_identifier.h
new file mode 100644
index 00000000..7ee67eb3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_os_identifier.h
@@ -0,0 +1,33 @@
+/* ccapi/common/cci_os_identifier.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_OS_IDENTIFIER_H
+#define CCI_OS_IDENTIFIER_H
+
+#include "cci_types.h"
+
+cc_int32 cci_os_identifier_new_uuid (cci_uuid_string_t *out_uuid_string);
+
+#endif /* CCI_OS_IDENTIFIER_H */
diff --git a/krb5-1.21.3/src/ccapi/common/cci_types.h b/krb5-1.21.3/src/ccapi/common/cci_types.h
new file mode 100644
index 00000000..87597d44
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/cci_types.h
@@ -0,0 +1,102 @@
+/* ccapi/common/cci_types.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCI_TYPES_H
+#define CCI_TYPES_H
+
+#include <CredentialsCache.h>
+#include <k5-ipc_stream.h>
+
+typedef char *cci_uuid_string_t;
+
+struct cci_identifier_d;
+typedef struct cci_identifier_d *cci_identifier_t;
+
+enum cci_msg_id_t {
+    /* cc_context_t */
+    cci_context_first_msg_id,
+
+    cci_context_unused_release_msg_id,  /* Unused. Handle for old clients. */
+    cci_context_sync_msg_id,
+    cci_context_get_change_time_msg_id,
+    cci_context_wait_for_change_msg_id,
+    cci_context_get_default_ccache_name_msg_id,
+    cci_context_open_ccache_msg_id,
+    cci_context_open_default_ccache_msg_id,
+    cci_context_create_ccache_msg_id,
+    cci_context_create_default_ccache_msg_id,
+    cci_context_create_new_ccache_msg_id,
+    cci_context_new_ccache_iterator_msg_id,
+    cci_context_lock_msg_id,
+    cci_context_unlock_msg_id,
+
+    cci_context_last_msg_id,
+
+    /* cc_ccache_t */
+    cci_ccache_first_msg_id,
+
+    cci_ccache_destroy_msg_id,
+    cci_ccache_set_default_msg_id,
+    cci_ccache_get_credentials_version_msg_id,
+    cci_ccache_get_name_msg_id,
+    cci_ccache_get_principal_msg_id,
+    cci_ccache_set_principal_msg_id,
+    cci_ccache_store_credentials_msg_id,
+    cci_ccache_remove_credentials_msg_id,
+    cci_ccache_new_credentials_iterator_msg_id,
+    cci_ccache_move_msg_id,
+    cci_ccache_lock_msg_id,
+    cci_ccache_unlock_msg_id,
+    cci_ccache_get_last_default_time_msg_id,
+    cci_ccache_get_change_time_msg_id,
+    cci_ccache_wait_for_change_msg_id,
+    cci_ccache_get_kdc_time_offset_msg_id,
+    cci_ccache_set_kdc_time_offset_msg_id,
+    cci_ccache_clear_kdc_time_offset_msg_id,
+
+    cci_ccache_last_msg_id,
+
+    /* cc_ccache_iterator_t */
+    cci_ccache_iterator_first_msg_id,
+
+    cci_ccache_iterator_release_msg_id,
+    cci_ccache_iterator_next_msg_id,
+    cci_ccache_iterator_clone_msg_id,
+
+    cci_ccache_iterator_last_msg_id,
+
+    /* cc_credentials_iterator_t */
+    cci_credentials_iterator_first_msg_id,
+
+    cci_credentials_iterator_release_msg_id,
+    cci_credentials_iterator_next_msg_id,
+    cci_credentials_iterator_clone_msg_id,
+
+    cci_credentials_iterator_last_msg_id,
+
+    cci_max_msg_id  /* must be last! */
+};
+
+#endif /* CCI_TYPES_H */
diff --git a/krb5-1.21.3/src/ccapi/common/unix/Makefile.in b/krb5-1.21.3/src/ccapi/common/unix/Makefile.in
new file mode 100644
index 00000000..ecacabd6
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/unix/Makefile.in
@@ -0,0 +1,13 @@
+mydir=ccapi$(S)common$(S)unix
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+STLIBOBJS=
+OBJS=
+SRCS=
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
+# +++ Dependency line eater +++
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/autolock.hxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/autolock.hxx
new file mode 100644
index 00000000..b88172d2
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/autolock.hxx
@@ -0,0 +1,66 @@
+/* ccapi/common/win/OldCC/autolock.hxx */
+/*
+ * Copyright (C) 1998 by Danilo Almeida.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __AUTOLOCK_HXX__
+#define __AUTOLOCK_HXX__
+
+#include <windows.h>
+
+class CcOsLock {
+    CRITICAL_SECTION cs;
+    bool valid;
+public:
+    CcOsLock()      {InitializeCriticalSection(&cs);   valid = true; }
+    ~CcOsLock()     {DeleteCriticalSection(&cs);       valid = false;}
+    void lock()     {if (valid) EnterCriticalSection(&cs);}
+    void unlock()   {if (valid) LeaveCriticalSection(&cs);}
+    bool trylock()  {return valid ? (TryEnterCriticalSection(&cs) ? true : false)
+                                  : false; }
+};
+
+class CcAutoLock {
+    CcOsLock& m_lock;
+public:
+    static void Start(CcAutoLock*& a, CcOsLock& lock) { a = new CcAutoLock(lock); };
+    static void Stop (CcAutoLock*& a) { delete a; a = 0; };
+    CcAutoLock(CcOsLock& lock):m_lock(lock) { m_lock.lock(); }
+    ~CcAutoLock() { m_lock.unlock(); }
+};
+
+class CcAutoTryLock {
+    CcOsLock& m_lock;
+    bool m_locked;
+public:
+    CcAutoTryLock(CcOsLock& lock):m_lock(lock) { m_locked = m_lock.trylock(); }
+    ~CcAutoTryLock() { if (m_locked) m_lock.unlock(); m_locked = false; }
+    bool IsLocked() const { return m_locked; }
+};
+
+#endif /* __AUTOLOCK_HXX */
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutil.cxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutil.cxx
new file mode 100644
index 00000000..b6092316
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutil.cxx
@@ -0,0 +1,187 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <windows.h>
+#include "init.hxx"
+#include "secure.hxx"
+
+extern "C" {
+#include "cci_debugging.h"
+    }
+
+
+CcOsLock Init::s_lock;
+DWORD Init::s_refcount = 0;
+DWORD Init::s_error = ERROR_INVALID_HANDLE;
+bool Init::s_init = false;
+Init::InitInfo Init::s_info = { 0 };
+HINSTANCE Init::s_hRpcDll = 0;
+
+#define INIT "INIT: "
+
+static
+void
+ShowInfo(
+    Init::InitInfo& info
+    );
+
+DWORD
+Init::Info(
+    InitInfo& info
+    )
+{
+    // This function will not do automatic initialization.
+    CcAutoLock AL(s_lock);
+    if (!s_init) {
+        memset(&info, 0, sizeof(info));
+        return s_error ? s_error : ERROR_INVALID_HANDLE;
+    } else {
+        info = s_info;
+        return 0;
+    }
+}
+
+DWORD
+Init::Initialize() {
+    CcAutoLock AL(s_lock);
+    cci_debug_printf("%s s_init:%d", __FUNCTION__, s_init);
+    if (s_init) {
+        s_refcount++;
+        return 0;
+        }
+    SecureClient s;
+    DWORD status = 0;
+    OSVERSIONINFO osvi;
+    BOOL isSupportedVersion = FALSE;
+    memset(&s_info, 0, sizeof(s_info));
+    memset(&osvi, 0, sizeof(osvi));
+    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+
+    status = !GetVersionEx(&osvi);       // Returns a boolean.  Invert to 0 is OK.
+
+    if (!status) {
+        switch(osvi.dwPlatformId) {
+        case VER_PLATFORM_WIN32_WINDOWS:
+            s_info.isNT = FALSE;
+            isSupportedVersion = TRUE;
+            break;
+        case VER_PLATFORM_WIN32_NT:
+            s_info.isNT = TRUE;
+            isSupportedVersion = TRUE;
+            break;
+        case VER_PLATFORM_WIN32s:
+        default:
+            s_info.isNT = FALSE;
+            break;
+            }
+    
+        if (!isSupportedVersion) {
+            cci_debug_printf("%s Trying to run on an unsupported version of Windows", __FUNCTION__);
+            status  = 1;
+            }
+        }
+
+    if (!status) {status  = !s_info.isNT;}
+
+    if (!status) {status = !(s_hRpcDll = LoadLibrary(TEXT("rpcrt4.dll")));}
+
+    if (!status) {
+        s_info.fRpcBindingSetAuthInfoEx = (FP_RpcBindingSetAuthInfoEx)
+            GetProcAddress(s_hRpcDll, TEXT(FN_RpcBindingSetAuthInfoEx));
+        if (!s_info.fRpcBindingSetAuthInfoEx) {
+            cci_debug_printf("  Running on NT but could not find RpcBindinSetAuthInfoEx");
+            status = 1;
+            }
+        }
+    
+    if (!status) {
+        s_info.fRpcServerRegisterIfEx = (FP_RpcServerRegisterIfEx)
+            GetProcAddress(s_hRpcDll, TEXT(FN_RpcServerRegisterIfEx));
+        if (!s_info.fRpcServerRegisterIfEx) {
+            cci_debug_printf("  Running on NT but could not find RpcServerRegisterIfEx");
+            status = 1;
+            }
+        }
+
+    if (!status) {
+        status = SecureClient::Attach();
+        if (status) {
+            cci_debug_printf("  SecureClient::Attach() failed (%u)", status);
+            }
+        }
+
+    if (status) {
+        memset(&s_info, 0, sizeof(s_info));
+        if (s_hRpcDll) {
+            FreeLibrary(s_hRpcDll);
+            s_hRpcDll = 0;
+        }
+        cci_debug_printf("  Init::Attach() failed (%u)", status);
+    } else {
+        s_refcount++;
+        s_init = true;
+        ShowInfo(s_info);
+    }
+    s_error = status;
+    return status;
+}
+
+DWORD
+Init::Cleanup(
+    )
+{
+    CcAutoLock AL(s_lock);
+    s_refcount--;
+    if (s_refcount) return 0;
+    if (!s_init) return 0;
+    DWORD error = 0;
+    if (s_hRpcDll) {
+        FreeLibrary(s_hRpcDll);
+        s_hRpcDll = 0;
+    }
+    error = SecureClient::Detach();
+    memset(&s_info, 0, sizeof(s_info));
+    s_init = false;
+    s_error = 0;
+    if (error) {
+        cci_debug_printf("  Init::Detach() had an error (%u)", error);
+        }
+    return error;
+}
+
+static
+void
+ShowInfo(
+    Init::InitInfo& info
+    )
+{
+    if (info.isNT) {
+        cci_debug_printf("  Running on Windows NT using secure mode");
+    } else {
+        cci_debug_printf("  Running insecurely on non-NT Windows");
+    }
+    return;
+}
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutil.def b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutil.def
new file mode 100644
index 00000000..57113f09
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutil.def
@@ -0,0 +1,5 @@
+;LIBRARY		COMERR32
+HEAPSIZE	8192
+
+EXPORTS
+    
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutils.c b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutils.c
new file mode 100644
index 00000000..403c67eb
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutils.c
@@ -0,0 +1,133 @@
+/* ccapi/common/win/OldCC/ccutils.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <windows.h>
+#include <stdlib.h>
+#include <malloc.h>
+
+#include "cci_debugging.h"
+#include "util.h"
+
+BOOL isNT() {
+    OSVERSIONINFO osvi;
+    DWORD   status              = 0;
+    BOOL    bSupportedVersion   = FALSE;
+    BOOL    bIsNT               = FALSE;
+
+    memset(&osvi, 0, sizeof(osvi));
+    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+
+    status = !GetVersionEx(&osvi);       // Returns a boolean.  Invert to 0 is OK.
+
+    if (!status) {
+        switch(osvi.dwPlatformId) {
+        case VER_PLATFORM_WIN32_WINDOWS:
+            bIsNT = FALSE;
+            bSupportedVersion = TRUE;
+            break;
+        case VER_PLATFORM_WIN32_NT:
+            bIsNT = TRUE;
+            bSupportedVersion = TRUE;
+            break;
+        case VER_PLATFORM_WIN32s:
+        default:
+            bIsNT = FALSE;
+            break;
+            }
+
+        if (!bSupportedVersion) {
+            cci_debug_printf("%s Running on an unsupported version of Windows", __FUNCTION__);
+            status  = 1;
+            }
+        }
+
+    return (!status && bIsNT && bSupportedVersion);
+    }
+
+char*   allocEventName(char* uuid_string, char* suffix) {
+    LPSTR       event_name      = NULL;
+    cc_int32    err             = ccNoError;
+
+    event_name = malloc(strlen(uuid_string) + strlen(suffix) + 3);
+    if (!event_name) err = cci_check_error(ccErrNoMem);
+
+    if (!err) {
+        strcpy(event_name, uuid_string);
+        strcat(event_name, "_");
+        strcat(event_name, suffix);
+        }
+
+    return event_name;
+    }
+
+HANDLE createThreadEvent(char* uuid, char* suffix) {
+    LPSTR                   event_name  = NULL;
+    HANDLE                  hEvent      = NULL;
+    PSECURITY_ATTRIBUTES    psa         = 0;        // Everything having to do with
+    SECURITY_ATTRIBUTES     sa          = { 0 };    // sa, psa, security is copied
+    DWORD                   status      = 0;        // from the previous implementation.
+
+    psa = isNT() ? &sa : 0;
+
+    if (isNT()) {
+        sa.nLength = sizeof(sa);
+        status = alloc_own_security_descriptor_NT(&sa.lpSecurityDescriptor);
+        cci_check_error(status);
+        }
+
+    if (!status) {
+        event_name = allocEventName(uuid, suffix);
+        if (!event_name) status = cci_check_error(ccErrNoMem);
+        }
+    if (!status) {
+        hEvent = CreateEvent(psa, FALSE, FALSE, event_name);
+        if (!hEvent)     status = cci_check_error(GetLastError());
+        }
+
+    if (!status) ResetEvent(hEvent);
+
+
+    if (event_name) free(event_name);
+    if (isNT())     free(sa.lpSecurityDescriptor);
+
+    return hEvent;
+    }
+
+HANDLE openThreadEvent(char* uuid, char* suffix) {
+    LPSTR   event_name  = NULL;
+    HANDLE  hEvent      = NULL;
+    DWORD   status      = 0;
+
+    event_name = allocEventName(uuid, suffix);
+    if (!event_name) status = cci_check_error(ccErrNoMem);
+    if (!status) {
+        hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, event_name);
+        if (!hEvent) status = cci_check_error(GetLastError());
+        }
+
+    if (event_name) free(event_name);
+
+    return hEvent;
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutils.h b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutils.h
new file mode 100644
index 00000000..9da3d87f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/ccutils.h
@@ -0,0 +1,45 @@
+/* ccapi/common/win/OldCC/ccutils.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __CCUTILS_H__
+#define __CCUTILS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define REPLY_SUFFIX    (char*)"reply"
+#define LISTEN_SUFFIX   (char*)"listen"
+
+BOOL    isNT();
+char*   allocEventName   (char* uuid, char* suffix);
+HANDLE  createThreadEvent(char* uuid, char* suffix);
+HANDLE  openThreadEvent  (char* uuid, char* suffix);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __CCUTILS_H__ */
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/init.cxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/init.cxx
new file mode 100644
index 00000000..baa8e280
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/init.cxx
@@ -0,0 +1,187 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <windows.h>
+#include "init.hxx"
+#include "secure.hxx"
+
+extern "C" {
+#include "cci_debugging.h"
+    }
+
+
+CcOsLock Init::s_lock;
+DWORD Init::s_refcount = 0;
+DWORD Init::s_error = ERROR_INVALID_HANDLE;
+bool Init::s_init = false;
+Init::InitInfo Init::s_info = { 0 };
+HINSTANCE Init::s_hRpcDll = 0;
+
+#define INIT "INIT: "
+
+static
+void
+ShowInfo(
+    Init::InitInfo& info
+    );
+
+DWORD
+Init::Info(
+    InitInfo& info
+    )
+{
+    // This function will not do automatic initialization.
+    CcAutoLock AL(s_lock);
+    if (!s_init) {
+        memset(&info, 0, sizeof(info));
+        return s_error ? s_error : ERROR_INVALID_HANDLE;
+    } else {
+        info = s_info;
+        return 0;
+    }
+}
+
+DWORD
+Init::Initialize() {
+    CcAutoLock AL(s_lock);
+//    cci_debug_printf("%s s_init:%d", __FUNCTION__, s_init);
+    if (s_init) {
+        s_refcount++;
+        return 0;
+        }
+    SecureClient s;
+    DWORD status = 0;
+    OSVERSIONINFO osvi;
+    BOOL isSupportedVersion = FALSE;
+    memset(&s_info, 0, sizeof(s_info));
+    memset(&osvi, 0, sizeof(osvi));
+    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+
+    status = !GetVersionEx(&osvi);       // Returns a boolean.  Invert to 0 is OK.
+
+    if (!status) {
+        switch(osvi.dwPlatformId) {
+        case VER_PLATFORM_WIN32_WINDOWS:
+            s_info.isNT = FALSE;
+            isSupportedVersion = TRUE;
+            break;
+        case VER_PLATFORM_WIN32_NT:
+            s_info.isNT = TRUE;
+            isSupportedVersion = TRUE;
+            break;
+        case VER_PLATFORM_WIN32s:
+        default:
+            s_info.isNT = FALSE;
+            break;
+            }
+    
+        if (!isSupportedVersion) {
+            cci_debug_printf("%s Trying to run on an unsupported version of Windows", __FUNCTION__);
+            status  = 1;
+            }
+        }
+
+    if (!status) {status  = !s_info.isNT;}
+
+    if (!status) {status = !(s_hRpcDll = LoadLibrary(TEXT("rpcrt4.dll")));}
+
+    if (!status) {
+        s_info.fRpcBindingSetAuthInfoEx = (FP_RpcBindingSetAuthInfoEx)
+            GetProcAddress(s_hRpcDll, TEXT(FN_RpcBindingSetAuthInfoEx));
+        if (!s_info.fRpcBindingSetAuthInfoEx) {
+            cci_debug_printf("  Running on NT but could not find RpcBindinSetAuthInfoEx");
+            status = 1;
+            }
+        }
+    
+    if (!status) {
+        s_info.fRpcServerRegisterIfEx = (FP_RpcServerRegisterIfEx)
+            GetProcAddress(s_hRpcDll, TEXT(FN_RpcServerRegisterIfEx));
+        if (!s_info.fRpcServerRegisterIfEx) {
+            cci_debug_printf("  Running on NT but could not find RpcServerRegisterIfEx");
+            status = 1;
+            }
+        }
+
+    if (!status) {
+        status = SecureClient::Attach();
+        if (status) {
+            cci_debug_printf("  SecureClient::Attach() failed (%u)", status);
+            }
+        }
+
+    if (status) {
+        memset(&s_info, 0, sizeof(s_info));
+        if (s_hRpcDll) {
+            FreeLibrary(s_hRpcDll);
+            s_hRpcDll = 0;
+        }
+        cci_debug_printf("  Init::Attach() failed (%u)", status);
+    } else {
+        s_refcount++;
+        s_init = true;
+        ShowInfo(s_info);
+    }
+    s_error = status;
+    return status;
+}
+
+DWORD
+Init::Cleanup(
+    )
+{
+    CcAutoLock AL(s_lock);
+    s_refcount--;
+    if (s_refcount) return 0;
+    if (!s_init) return 0;
+    DWORD error = 0;
+    if (s_hRpcDll) {
+        FreeLibrary(s_hRpcDll);
+        s_hRpcDll = 0;
+    }
+    error = SecureClient::Detach();
+    memset(&s_info, 0, sizeof(s_info));
+    s_init = false;
+    s_error = 0;
+    if (error) {
+        cci_debug_printf("  Init::Detach() had an error (%u)", error);
+        }
+    return error;
+}
+
+static
+void
+ShowInfo(
+    Init::InitInfo& info
+    )
+{
+    if (info.isNT) {
+        cci_debug_printf("  Running on Windows NT using secure mode");
+    } else {
+        cci_debug_printf("  Running insecurely on non-NT Windows");
+    }
+    return;
+}
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/init.hxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/init.hxx
new file mode 100644
index 00000000..9bac7f8f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/init.hxx
@@ -0,0 +1,102 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#pragma once
+#include "autolock.hxx"
+#include <rpc.h>
+
+typedef RPC_STATUS (RPC_ENTRY *FP_RpcBindingSetAuthInfoExA)(
+    IN RPC_BINDING_HANDLE Binding,
+    IN unsigned char __RPC_FAR * ServerPrincName,
+    IN unsigned long AuthnLevel,
+    IN unsigned long AuthnSvc,
+    IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, OPTIONAL
+    IN unsigned long AuthzSvc,
+    IN RPC_SECURITY_QOS *SecurityQos OPTIONAL
+    );
+
+typedef RPC_STATUS (RPC_ENTRY *FP_RpcBindingSetAuthInfoExW)(
+    IN RPC_BINDING_HANDLE Binding,
+    IN unsigned short __RPC_FAR * ServerPrincName,
+    IN unsigned long AuthnLevel,
+    IN unsigned long AuthnSvc,
+    IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, OPTIONAL
+    IN unsigned long AuthzSvc, OPTIONAL
+    IN RPC_SECURITY_QOS *SecurityQOS
+    );
+
+typedef RPC_STATUS (RPC_ENTRY *FP_RpcServerRegisterIfEx)(
+    IN RPC_IF_HANDLE IfSpec,
+    IN UUID __RPC_FAR * MgrTypeUuid,
+    IN RPC_MGR_EPV __RPC_FAR * MgrEpv,
+    IN unsigned int Flags,
+    IN unsigned int MaxCalls,
+    IN RPC_IF_CALLBACK_FN __RPC_FAR *IfCallback
+    );
+
+#ifdef UNICODE
+#define FP_RpcBindingSetAuthInfoEx FP_RpcBindingSetAuthInfoExW
+#define FN_RpcBindingSetAuthInfoEx "RpcBindingSetAuthInfoExW"
+#else
+#define FP_RpcBindingSetAuthInfoEx FP_RpcBindingSetAuthInfoExA
+#define FN_RpcBindingSetAuthInfoEx "RpcBindingSetAuthInfoExA"
+#endif
+
+#define FN_RpcServerRegisterIfEx   "RpcServerRegisterIfEx"
+
+class Init
+{
+public:
+    struct InitInfo {
+        BOOL isNT;
+        FP_RpcBindingSetAuthInfoEx fRpcBindingSetAuthInfoEx;
+        FP_RpcServerRegisterIfEx fRpcServerRegisterIfEx;
+    };
+
+    static DWORD Initialize();
+    static DWORD Cleanup();
+    static DWORD Info(InitInfo& info);
+
+    static bool Initialized() { return s_init; }
+
+private:
+    static CcOsLock s_lock;
+    static DWORD s_refcount;
+    static DWORD s_error;
+    static bool s_init;
+    static InitInfo s_info;
+    static HINSTANCE s_hRpcDll;
+};
+
+#define INIT_INIT_EX(trap, error) \
+do \
+{ \
+    if (!Init::Initialized()) \
+    { \
+        DWORD rc = Init::Initialize(); \
+        if (rc) return (trap) ? (error) : rc; \
+    } \
+} while(0)
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/name.h b/krb5-1.21.3/src/ccapi/common/win/OldCC/name.h
new file mode 100644
index 00000000..66ca3a9f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/name.h
@@ -0,0 +1,34 @@
+/* ccapi/common/win/OldCC/name.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#pragma once
+
+#ifdef _WIN64
+#define CCAPI_MODULE "krbcc64"
+#else
+#define CCAPI_MODULE "krbcc32"
+#endif
+#define CCAPI_DLL CCAPI_MODULE ".dll"
+#define CCAPI_EXE   "ccapiserver.exe"
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/opts.cxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/opts.cxx
new file mode 100644
index 00000000..c9776638
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/opts.cxx
@@ -0,0 +1,149 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <opts.hxx>
+
+bool
+ParseOpts::IsValidOpt(
+    char ch
+    )
+{
+    return (m_ValidOpts[ch % 256] != 0);
+}
+
+void
+ParseOpts::PrintOpt(
+    char ch,
+    char* text
+    )
+{
+    if (IsValidOpt(ch))
+        fprintf(stderr, "  -%c %s\n", ch, text);
+}
+
+void
+ParseOpts::UsageOpts(
+    char * program,
+    int code
+    )
+{
+    fprintf(stderr, "Usage: %s [options]\n", program);
+    PrintOpt('k', "stop server");
+#ifdef CCAPI_TEST_OPTIONS
+    PrintOpt('s', "string");
+    PrintOpt('e', "endpoint");
+    PrintOpt('m', "maxcalls");
+    PrintOpt('n', "mincalls");
+    PrintOpt('f', "flag_wait_op");
+    PrintOpt('u', "unprotected");
+    PrintOpt('b', "use security callback");
+#endif
+    PrintOpt('c', "output debug info to console");
+    exit(code);
+}
+
+void
+ParseOpts::SetValidOpts(
+    char* valid_opts
+    )
+{
+    memset(m_ValidOpts, 0, sizeof(m_ValidOpts));
+    char *p = valid_opts;
+    for (p = valid_opts; *p; p++) {
+        m_ValidOpts[*p % sizeof(m_ValidOpts)] = 1;
+    }
+}
+
+void
+ParseOpts::Parse(
+    Opts& opts,
+    int argc,
+    char **argv
+    )
+{
+    int i;
+    for (i = 1; i < argc; i++) {
+        if ((*argv[i] == '-') || (*argv[i] == '/')) {
+            char ch = tolower(*(argv[i]+1));
+            if (!IsValidOpt(ch))
+                UsageOpts(argv[0]);
+            switch (ch) {
+            case 'k':
+                opts.bShutdown = TRUE;
+                break;
+#ifdef CCAPI_TEST_OPTIONS
+            case 's':
+                opts.pszString = argv[++i];
+                break;
+            case 'e':
+                opts.pszEndpoint = argv[++i];
+                break;
+            case 'm':
+                opts.cMaxCalls = (unsigned int) atoi(argv[++i]);
+                break;
+            case 'n':
+                opts.cMinCalls = (unsigned int) atoi(argv[++i]);
+                break;
+            case 'f':
+                opts.fDontWait = (unsigned int) atoi(argv[++i]);
+                break;
+            case 'u':
+                opts.bDontProtect = TRUE;
+                break;
+            case 'b':
+                opts.bSecCallback = TRUE;
+                break;
+#endif
+            case 'c':
+                opts.bConsole = TRUE;
+                break;
+            case 'h':
+            case '?':
+            default:
+                UsageOpts(argv[0]);
+            }
+        }
+        else
+            UsageOpts(argv[0]);
+    }
+
+}
+
+ParseOpts::ParseOpts(char* valid_opts)
+{
+    SetValidOpts(valid_opts);
+}
+
+ParseOpts::ParseOpts()
+{
+}
+
+ParseOpts::~ParseOpts()
+{
+}
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/opts.hxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/opts.hxx
new file mode 100644
index 00000000..755ce4ae
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/opts.hxx
@@ -0,0 +1,56 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#pragma once
+
+class ParseOpts
+{
+public:
+    struct Opts {
+        char* pszString;
+        char* pszEndpoint;
+        unsigned int cMinCalls;
+        unsigned int cMaxCalls;
+        unsigned int fDontWait;
+        bool bDontProtect;
+        bool bShutdown;
+        bool bSecCallback;
+        bool bConsole;
+    };
+
+    ParseOpts(char* valid_opts);
+    ParseOpts();
+    ~ParseOpts();
+    void SetValidOpts(char* valid_opts);
+    void Parse(Opts& opts, int argc, char **argv);
+
+private:
+    bool IsValidOpt(char ch);
+    void PrintOpt(char ch, char* text);
+    void UsageOpts(char* program, int code = 0);
+
+    char m_ValidOpts[256];
+};
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/secure.cxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/secure.cxx
new file mode 100644
index 00000000..99ba08a2
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/secure.cxx
@@ -0,0 +1,161 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <windows.h>
+#include "secure.hxx"
+
+extern "C" {
+#include "cci_debugging.h"
+    }
+
+CcOsLock SecureClient::s_lock;
+DWORD SecureClient::s_refcount = 0;
+DWORD SecureClient::s_error = 0;
+HANDLE SecureClient::s_hToken = 0;
+
+#include "util.h"
+
+#define SC "SecureClient::"
+
+DWORD
+SecureClient::Attach(
+    )
+{
+    CcAutoLock AL(s_lock);
+    if (s_hToken) {
+        s_refcount++;
+        return 0;
+    }
+    if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, 
+                         &s_hToken)) {
+        s_refcount++;
+        s_error = 0;
+    } else {
+        s_hToken = 0;
+        s_error = GetLastError();
+    }
+    return s_error;
+}
+
+DWORD
+SecureClient::Detach(
+    )
+{
+    CcAutoLock AL(s_lock);
+    s_refcount--;
+    if (s_refcount) return 0;
+    if (!s_hToken) return 0;
+    DWORD error = 0;
+    if (!CloseHandle(s_hToken))
+        error = GetLastError();
+    s_hToken = 0;
+    s_error = 0;
+    return error;
+}
+
+DWORD SecureClient::Token(HANDLE& hToken) {
+    // This function will not do automatic initialization.
+    CcAutoLock AL(s_lock);
+    hToken = 0;
+    if (!s_hToken) {
+        cci_debug_printf("%s no process token initialized (%u)", __FUNCTION__, s_error);
+        return s_error ? s_error : ERROR_INVALID_HANDLE;
+        } 
+    else {
+        DWORD status = 0;
+        if (!DuplicateHandle(GetCurrentProcess(), s_hToken, 
+                             GetCurrentProcess(), &hToken, 0, FALSE, 
+                             DUPLICATE_SAME_ACCESS)) {
+            status = GetLastError();
+            cci_debug_printf("  Could not duplicate handle (%u)", status);
+            }
+        return status;
+        }
+    }
+
+void
+SecureClient::Start(SecureClient*& s) {
+    s = new SecureClient;
+}
+
+void
+SecureClient::Stop(SecureClient*& s) {
+    delete s;
+    s = 0;
+}
+
+///////////////////////////////////////////////////////////////////////////////
+
+/* This constructor turns off impersonation.
+ * It is OK for OpenThreadToken to return an error -- that just means impersonation
+ * is off.
+ */
+SecureClient::SecureClient():
+    m_Error(0),
+    m_hToken(0),
+    m_NeedRestore(false) {
+
+    HANDLE hThread = GetCurrentThread();
+    HANDLE hThDuplicate;
+    
+    int status  = DuplicateHandle(  GetCurrentProcess(),
+                                    hThread,
+                                    GetCurrentProcess(),
+                                    &hThDuplicate,
+                                    TOKEN_ALL_ACCESS,
+                                    FALSE,
+                                    0);
+    if (!status) return;
+
+    if (!OpenThreadToken(hThDuplicate, TOKEN_ALL_ACCESS, FALSE, &m_hToken)) {
+        m_Error = GetLastError();
+        return;
+        }
+    if (SetThreadToken(&hThDuplicate, NULL)) {
+        m_NeedRestore = true;
+    } else {
+        m_Error = GetLastError();
+        }
+    CloseHandle(hThDuplicate);
+    }
+
+SecureClient::~SecureClient() {
+    if (m_NeedRestore) {
+        HANDLE hThread = GetCurrentThread();
+        if (!SetThreadToken(&hThread, m_hToken)) {
+            m_Error = cci_check_error(GetLastError());
+            }
+        }
+    if (m_hToken) {
+        if (!CloseHandle(m_hToken)) {
+            m_Error = cci_check_error(GetLastError());
+            }
+        }
+    }
+
+DWORD SecureClient::Error() {
+    return m_Error;
+    }
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/secure.hxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/secure.hxx
new file mode 100644
index 00000000..1b2e7532
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/secure.hxx
@@ -0,0 +1,54 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#pragma once
+
+#include <windows.h>
+#include "autolock.hxx"
+
+class SecureClient
+{
+public:
+    static DWORD Attach();
+    static DWORD Detach();
+    static DWORD Token(HANDLE& hToken);
+    static void Start(SecureClient*& s);
+    static void Stop(SecureClient*& s);
+
+    SecureClient();
+    ~SecureClient();
+    DWORD Error();
+
+private:
+    static CcOsLock s_lock;
+    static DWORD s_refcount;
+    static DWORD s_error;
+    static HANDLE s_hToken;
+
+    DWORD m_Error;
+    HANDLE m_hToken;
+    bool m_NeedRestore;
+};
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/util.cxx b/krb5-1.21.3/src/ccapi/common/win/OldCC/util.cxx
new file mode 100644
index 00000000..327f5f87
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/util.cxx
@@ -0,0 +1,520 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <windows.h>
+#include <stdio.h>  // for _snprintf
+#include <malloc.h>
+#include <stdlib.h>
+
+extern "C" {
+#include "cci_debugging.h"
+#include "ccutils.h"
+    }
+
+#include "util.h"
+#include "secure.hxx"
+
+
+void* malloc_alloc_p(size_t size) {
+    return malloc(size);
+    }
+
+void free_alloc_p(void *pptr) {
+    void **real_pptr = (void**)pptr;
+    if (*real_pptr) {
+        free(*real_pptr);
+        *real_pptr = 0;
+        }
+    }
+
+extern "C" DWORD alloc_textual_sid(
+    PSID pSid,          // binary Sid
+    LPSTR *pTextualSid  // buffer for Textual representation of Sid
+    ) {
+    PSID_IDENTIFIER_AUTHORITY psia;
+    DWORD dwSubAuthorities;
+    DWORD dwSidRev = SID_REVISION;
+    DWORD dwCounter;
+    DWORD dwSidSize;
+
+    *pTextualSid = 0;
+
+    //
+    // test if Sid passed in is valid
+    //
+    if(!IsValidSid(pSid)) return ERROR_INVALID_PARAMETER;
+
+    // obtain SidIdentifierAuthority
+    psia = GetSidIdentifierAuthority(pSid);
+ 
+    // obtain sidsubauthority count
+    dwSubAuthorities =* GetSidSubAuthorityCount(pSid);
+ 
+    //
+    // compute buffer length
+    // S-SID_REVISION- + identifierauthority- + subauthorities- + NULL
+    //
+    dwSidSize = (15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
+    *pTextualSid = (LPSTR)malloc_alloc_p(dwSidSize);
+    if (!*pTextualSid)
+        return GetLastError();
+
+    LPSTR TextualSid = *pTextualSid;
+
+    //
+    // prepare S-SID_REVISION-
+    //
+    wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
+ 
+    //
+    // prepare SidIdentifierAuthority
+    //
+    if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
+    {
+        wsprintf(TextualSid + lstrlen(TextualSid),
+                 TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
+                 (USHORT)psia->Value[0],
+                 (USHORT)psia->Value[1],
+                 (USHORT)psia->Value[2],
+                 (USHORT)psia->Value[3],
+                 (USHORT)psia->Value[4],
+                 (USHORT)psia->Value[5]);
+    }
+    else
+    {
+        wsprintf(TextualSid + lstrlen(TextualSid), TEXT("%lu"),
+                 (ULONG)(psia->Value[5]      )   +
+                 (ULONG)(psia->Value[4] <<  8)   +
+                 (ULONG)(psia->Value[3] << 16)   +
+                 (ULONG)(psia->Value[2] << 24)   );
+    }
+ 
+    //
+    // loop through SidSubAuthorities
+    //
+    for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
+    {
+        wsprintf(TextualSid + lstrlen(TextualSid), TEXT("-%lu"),
+                 *GetSidSubAuthority(pSid, dwCounter) );
+    }
+    return 0;
+}
+
+DWORD alloc_token_user(HANDLE hToken, PTOKEN_USER *pptu) {
+    DWORD status = 0;
+    DWORD size = 0;
+    *pptu = 0;
+
+    GetTokenInformation(hToken, TokenUser, *pptu, 0, &size);
+    if (size == 0) status = GetLastError();
+
+    if (!status) {
+        if (!(*pptu = (PTOKEN_USER)malloc_alloc_p(size)))
+            status = GetLastError();
+        }
+
+    if (!status) {
+        if (!GetTokenInformation(hToken, TokenUser, *pptu, size, &size))
+            status = GetLastError();
+        }
+
+    if (status && *pptu) {
+        free_alloc_p(pptu);
+        }
+    return status;
+    }
+
+DWORD
+alloc_username(
+    PSID Sid,
+    LPSTR* pname,
+    LPSTR* pdomain = 0
+    )
+{
+    DWORD status = 0;
+    DWORD name_len = 0;
+    DWORD domain_len = 0;
+    SID_NAME_USE snu;
+    LPSTR name = 0;
+    LPSTR domain = 0;
+
+    *pname = 0;
+    if (pdomain) *pdomain = 0;
+
+    LookupAccountSidA(NULL, Sid, 0, &name_len, 0, &domain_len, &snu);
+    if ((name_len == 0) || (domain_len == 0)) status = GetLastError();
+
+    if (!status) {
+        if (!(name = (LPSTR)malloc_alloc_p(name_len))) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!(domain = (LPSTR)malloc_alloc_p(domain_len))) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!LookupAccountSidA(NULL, Sid, name, &name_len, domain, &domain_len, &snu)) status = GetLastError();
+        }
+
+    if (status) {
+        if (name)   free_alloc_p(&name);
+        if (domain) free_alloc_p(&domain);
+        } 
+    else {
+        if (pdomain) {
+            *pname = name;
+            *pdomain = domain;
+            } 
+        else {
+            DWORD size = name_len + domain_len + 1;
+            *pname = (LPSTR)malloc_alloc_p(size);
+            if (!*pname) status = GetLastError();
+            else _snprintf(*pname, size, "%s\\%s", name, domain);
+            }
+        }
+    return status;
+    }
+
+DWORD get_authentication_id(HANDLE hToken, LUID* pAuthId) {
+    TOKEN_STATISTICS ts;
+    DWORD len;
+
+    if (!GetTokenInformation(hToken, TokenStatistics, &ts, sizeof(ts), &len))
+        return GetLastError();
+    *pAuthId = ts.AuthenticationId;
+    return 0;
+    }
+
+DWORD
+alloc_name_9x(
+    LPSTR* pname,
+    LPSTR postfix
+    )
+{
+    char prefix[] = "krbcc";
+    DWORD len = (sizeof(prefix) - 1) + 1 + strlen(postfix) + 1;
+
+    *pname = (LPSTR)malloc_alloc_p(len);
+    if (!*pname) return GetLastError();
+    _snprintf(*pname, len, "%s.%s", prefix, postfix);
+    return 0;
+}
+
+DWORD alloc_name_NT(LPSTR* pname, LPSTR postfix) {
+    DWORD status = 0;
+    HANDLE hToken = 0;
+    LUID auth_id;
+#ifdef _DEBUG
+    PTOKEN_USER ptu = 0;
+    LPSTR name = 0;
+    LPSTR domain = 0;
+    LPSTR sid = 0;
+#endif
+    char prefix[] = "krbcc";
+    // Play it safe and say 3 characters are needed per 8 bits (byte).
+    // Note that 20 characters are needed for a 64-bit number in
+    // decimal (plus one for the string termination.
+    // and include room for sessionId.
+    char lid[3*sizeof(LUID)+1+5];
+    DWORD sessionId;
+    DWORD len = 0;
+
+    *pname = 0;
+
+    status = SecureClient::Token(hToken);
+
+    if (!status) {
+        status = get_authentication_id(hToken, &auth_id);
+        }
+
+    if (!status) {
+        if (!ProcessIdToSessionId(GetCurrentProcessId(), &sessionId))
+	        sessionId = 0;
+        }
+
+#ifdef _DEBUG
+    if (!status) {status = alloc_token_user(hToken, &ptu);}
+    if (!status) {status = alloc_username(ptu->User.Sid, &name, &domain);}
+    if (!status) {status = alloc_textual_sid(ptu->User.Sid, &sid);}
+#endif
+
+    if (!status) {
+        _snprintf(lid, sizeof(lid), "%I64u.%u", auth_id, sessionId);
+        lid[sizeof(lid)-1] = 0; // be safe
+
+        len = (sizeof(prefix) - 1) + 1 + strlen(lid) + 1 + strlen(postfix) + 1;
+        *pname = (LPSTR)malloc_alloc_p(len);
+        if (!*pname) status = GetLastError();
+        }
+
+    //
+    // We used to allocate a name of the form:
+    // "prefix.domain.name.sid.lid.postfix" (usually under 80
+    // characters, depending on username).  However, XP thought this
+    // was "invalid" (too long?) for some reason.
+    //
+    // Therefore, we now use "prefix.lid.postfix"
+    // and for Terminal server we use "prefix.lid.sessionId.postfix"
+    //
+
+    if (!status) {
+        _snprintf(*pname, len, "%s.%s.%s", prefix, lid, postfix);
+        }
+
+#ifdef _DEBUG
+    if (sid)
+        free_alloc_p(&sid);
+    if (name)
+        free_alloc_p(&name);
+    if (domain)
+        free_alloc_p(&domain);
+    if (ptu)
+        free_alloc_p(&ptu);
+#endif
+    if (hToken && hToken != INVALID_HANDLE_VALUE)
+        CloseHandle(hToken);
+    if (status && *pname)
+        free_alloc_p(pname);
+    return status;
+}
+
+extern "C" DWORD alloc_name(LPSTR* pname, LPSTR postfix, BOOL isNT) {
+    return isNT ? alloc_name_NT(pname, postfix) : 
+        alloc_name_9x(pname, postfix);
+    }
+
+extern "C" DWORD alloc_own_security_descriptor_NT(PSECURITY_DESCRIPTOR* ppsd) {
+    DWORD status = 0;
+    HANDLE hToken = 0;
+    PTOKEN_USER ptu = 0;
+    PSID pSid = 0;
+    PACL pAcl = 0;
+    DWORD size = 0;
+    SECURITY_DESCRIPTOR sd;
+
+    *ppsd = 0;
+
+    if (!status) {status = SecureClient::Token(hToken);}
+
+    // Get SID:
+    if (!status) {status = alloc_token_user(hToken, &ptu);}
+
+    if (!status) {
+        size = GetLengthSid(ptu->User.Sid);
+        pSid = (PSID) malloc_alloc_p(size);
+        if (!pSid) status = GetLastError();
+        }
+    if (!status) {
+        if (!CopySid(size, pSid, ptu->User.Sid)) status = GetLastError();
+        }
+
+    if (!status) {
+        // Prepare ACL:
+        size = sizeof(ACL);
+        // Add an ACE:
+        size += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid(pSid);
+        pAcl = (PACL) malloc_alloc_p(size);
+        if (!pAcl) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!InitializeAcl(pAcl, size, ACL_REVISION)) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, pSid)) status = GetLastError();
+        }
+
+    if (!status) {
+        // Prepare SD itself:
+        if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!SetSecurityDescriptorDacl(&sd, TRUE, pAcl, FALSE)) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!SetSecurityDescriptorOwner(&sd, pSid, FALSE)) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!IsValidSecurityDescriptor(&sd)) status = ERROR_INVALID_PARAMETER;
+        }
+
+    if (!status) {
+        // We now have a SD.  Let's copy it.
+        {
+            // This should not succeed.  Instead it should give us the size.
+            BOOL ok = MakeSelfRelativeSD(&sd, 0, &size);
+            }
+        if (size == 0) status = GetLastError();
+        }
+
+    if (!status) {
+        *ppsd = (PSECURITY_DESCRIPTOR) malloc_alloc_p(size);
+        if (!*ppsd) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!MakeSelfRelativeSD(&sd, *ppsd, &size)) status = GetLastError();
+        }
+
+    if (ptu)                free_alloc_p(&ptu);
+    if (pSid)               free_alloc_p(&pSid);
+    if (pAcl)               free_alloc_p(&pAcl);
+    if (hToken && hToken != INVALID_HANDLE_VALUE)   CloseHandle(hToken);
+    if (status && *ppsd)    free_alloc_p(ppsd);
+    return status;
+}
+
+DWORD
+alloc_module_file_name(
+    char* module,
+    char** pname
+    )
+{
+    const DWORD max = 8192;
+    DWORD status = 0;
+    DWORD got = 0;
+    DWORD size = 512; // use low number to test...
+    HMODULE h = 0;
+    BOOL ok = FALSE;
+    char* name = 0;
+
+    if (!pname)
+        return ERROR_INVALID_PARAMETER;
+    *pname = 0;
+
+    h = GetModuleHandle(module);
+
+    if (!h) return GetLastError();
+
+    // We assume size < max and size > 0
+    while (!status && !ok) {
+        if (size > max) {
+            // XXX - Assert?
+            status = ERROR_INVALID_DATA;
+            continue;
+        }
+        if (name) free_alloc_p(&name);
+        name = (char*)malloc_alloc_p(size + 1);
+        if (!name) {
+            status = ERROR_NOT_ENOUGH_MEMORY;
+            continue;
+        }
+        name[size] = 0;
+        got = GetModuleFileName(h, name, size);
+        if (!got) {
+            status = GetLastError();
+            // sanity check:
+            if (!status) {
+                // XXX - print nasty message...assert?
+                status = ERROR_INVALID_DATA;
+            }
+            continue;
+        }
+        // To know we're ok, we need to verify that what we got
+        // was bigger than GetModuleSize thought it got.
+        ok = got && (got < size) && !name[got];
+        size *= 2;
+    }
+    if (status && name)
+        free_alloc_p(&name);
+    else
+        *pname = name;
+    return status;
+}
+
+DWORD
+alloc_module_dir_name(
+    char* module,
+    char** pname
+    )
+{
+    DWORD status = alloc_module_file_name(module, pname);
+    if (!status) {
+        char* name = *pname;
+        char* p = name + strlen(name);
+        while ((p >= name) && (*p != '\\') && (*p != '/')) p--;
+        if (p < name) {
+            free_alloc_p(pname);
+            status = ERROR_INVALID_DATA;
+        } else {
+            *p = 0;
+        }
+    }
+    return status;
+}
+
+DWORD
+alloc_module_dir_name_with_file(
+    char* module,
+    char* file,
+    char** pname
+    )
+{
+    DWORD status = alloc_module_dir_name(module, pname);
+    if (!status) {
+        char* name = *pname;
+        size_t name_size = strlen(name);
+        size_t size = name_size + 1 + strlen(file) + 1;
+        char* result = (char*)malloc_alloc_p(size);
+        if (!result) {
+            status = ERROR_NOT_ENOUGH_MEMORY;
+            free_alloc_p(pname);
+        } else {
+            strcpy(result, name);
+            result[name_size] = '\\';
+            strcpy(result + name_size + 1, file);
+            free_alloc_p(pname);
+            *pname = result;
+        }
+    }
+    return status;
+}
+
+DWORD alloc_cmdline_2_args(char* prog,
+                           char* arg1,
+                           char* arg2,
+                           char** pname) {
+    DWORD   status  = 0;
+    size_t  size    = strlen(prog) + strlen(arg1) + strlen(arg2) + 4;
+    char*   result  = (char*)malloc_alloc_p(size);
+    if (!result) {
+        status = ERROR_NOT_ENOUGH_MEMORY;
+        } 
+    else {
+        strcpy(result, prog);
+        strcat(result, " ");
+        strcat(result, arg1);
+        strcat(result, " ");
+        strcat(result, arg2);
+        *pname = result;
+        }
+    cci_debug_printf("%s made <%s>", __FUNCTION__, result);
+    return status;
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/OldCC/util.h b/krb5-1.21.3/src/ccapi/common/win/OldCC/util.h
new file mode 100644
index 00000000..45e069a7
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/OldCC/util.h
@@ -0,0 +1,85 @@
+/* ccapi/common/win/OldCC/util.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __UTIL_H__
+#define __UTIL_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+BOOL isNT();
+
+void*
+user_allocate(
+    size_t size
+    );
+
+void
+user_free(
+    void* ptr
+    );
+
+void
+free_alloc_p(
+    void* pptr
+    );
+
+DWORD
+alloc_name(
+    LPSTR* pname,
+    LPSTR postfix,
+    BOOL isNT
+    );
+
+DWORD
+alloc_own_security_descriptor_NT(
+    PSECURITY_DESCRIPTOR* ppsd
+    );
+
+DWORD
+alloc_module_dir_name(
+    char* module,
+    char** pname
+    );
+
+DWORD
+alloc_module_dir_name_with_file(
+    char* module,
+    char* file,
+    char** pname
+    );
+
+DWORD alloc_cmdline_2_args(
+    char* prog,
+    char* arg1,
+    char* arg2,
+    char** pname);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __UTIL_H__ */
diff --git a/krb5-1.21.3/src/ccapi/common/win/cci_os_debugging.c b/krb5-1.21.3/src/ccapi/common/win/cci_os_debugging.c
new file mode 100644
index 00000000..597ac856
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/cci_os_debugging.c
@@ -0,0 +1,40 @@
+/* ccapi/common/win/cci_os_debugging.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "cci_os_debugging.h"
+#include "win-utils.h"
+
+/* ------------------------------------------------------------------------ */
+
+void cci_os_debug_vprintf (const char *in_format, va_list in_args) {
+#ifdef DEBUG
+    printf  ( "%s %ld ", timestamp(), GetCurrentThreadId() );
+    vprintf ( in_format, in_args );
+    printf  ( "\n" );
+#endif
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/cci_os_identifier.c b/krb5-1.21.3/src/ccapi/common/win/cci_os_identifier.c
new file mode 100644
index 00000000..4be2638b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/cci_os_identifier.c
@@ -0,0 +1,57 @@
+/* ccapi/common/win/cci_os_identifier.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+#include "cci_os_identifier.h"
+
+#include <rpc.h>
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_os_identifier_new_uuid (cci_uuid_string_t *out_uuid_string) {
+    cc_int32        err = ccNoError;
+    UUID            uuid;
+    char*           uuidStringTemp;
+
+    err = UuidCreate(&uuid);
+
+    if (!err) {
+        err = UuidToString(&uuid, &uuidStringTemp);
+        }
+
+    if (!err) {
+        *out_uuid_string = malloc(1+strlen(uuidStringTemp));
+
+        if (*out_uuid_string) {
+            strcpy(*out_uuid_string, uuidStringTemp);
+            }
+
+        RpcStringFree(&uuidStringTemp);
+        }
+
+    cci_debug_printf("cci_os_identifier_new_uuid returning %s", *out_uuid_string);
+
+    return cci_check_error (err);
+    }
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/common/win/ccs_reply.Acf b/krb5-1.21.3/src/ccapi/common/win/ccs_reply.Acf
new file mode 100644
index 00000000..aea44d74
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/ccs_reply.Acf
@@ -0,0 +1,31 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+[implicit_handle(handle_t ccs_reply_IfHandle)]
+
+interface ccs_reply {
+    [async] ccapi_listen();
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/ccs_reply.Idl b/krb5-1.21.3/src/ccapi/common/win/ccs_reply.Idl
new file mode 100644
index 00000000..73e81868
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/ccs_reply.Idl
@@ -0,0 +1,60 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+[ uuid (6E3B5060-CA46-1067-B31A-00DD010662DA),
+  version(1.0),
+  pointer_default(unique)
+]
+
+/* This interface sends a cci_stream via rpc.
+ */
+
+interface ccs_reply {
+    const long HSIZE = 8;
+
+/* The reply from the server to a request from the client: */
+void ccs_rpc_request_reply(
+    [in]                    const long              rpcmsg,         /* Message type */
+    [in, size_is(HSIZE)]    const char              tsphandle[],
+    [in, string]            const char*             uuid,
+    [in]                    const long              srvStartTime,   /* Server Start Time */
+    [in]                    const long              cbIn,           /* Length of buffer */
+    [in,  size_is(cbIn)]    const unsigned char     chIn[],         /* Data buffer */
+    [out]                   long*                   status );       /* Return code */
+
+void ccs_rpc_connect_reply(
+    [in]                    const long      rpcmsg,         /* Message type */
+    [in, size_is(HSIZE)]    const char      tsphandle[],
+    [in, string]            const char*     uuid,
+    [in]                    const long      srvStartTime,   /* Server Start Time */
+    [out]                   long*           status );       /* Return code */
+
+void ccapi_listen(
+    handle_t                hBinding,   
+    [in]                    const long rpcmsg,              /* Message type */
+    [out]                   long* status );                 /* Return code */
+
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/ccs_request.Acf b/krb5-1.21.3/src/ccapi/common/win/ccs_request.Acf
new file mode 100644
index 00000000..625bcce6
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/ccs_request.Acf
@@ -0,0 +1,31 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+[implicit_handle(handle_t ccs_request_IfHandle)]
+interface ccs_request
+{
+
+}
diff --git a/krb5-1.21.3/src/ccapi/common/win/ccs_request.idl b/krb5-1.21.3/src/ccapi/common/win/ccs_request.idl
new file mode 100644
index 00000000..cad5e444
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/ccs_request.idl
@@ -0,0 +1,58 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+[ uuid (906B0CE0-C70B-1067-B317-00DD010662DA),
+  version(1.0),
+  pointer_default(unique)
+]
+
+interface ccs_request {
+
+typedef char CC_CHAR;
+typedef unsigned char CC_UCHAR;
+typedef int CC_INT32;
+typedef unsigned int CC_UINT32;
+
+const long HSIZE = 8;
+
+void ccs_rpc_request(
+    [in]                        const long  rpcmsg,         /* Message type */
+    [in, size_is(HSIZE)]        const char  tsphandle[],
+    [in,  string]               const char* pszUUID,        /* Requestor's UUID */
+    [in]                        const long  lenRequest,     /* Length of buffer */
+    [in,  size_is(lenRequest)]  const char* pszRequest,     /* Data buffer */
+    [in]                        const long  serverStartTime,/* Which server session we're talking to */
+    [out]                       long*       status );       /* Return code */
+
+void ccs_rpc_connect(
+    [in]                        const long  rpcmsg,         /* Message type */
+    [in, size_is(HSIZE)]        const char  tsphandle[],
+    [in,  string]               const char* pszUUID,        /* Requestor's UUID */
+    [out]                       long*       status );       /* Return code */
+
+CC_UINT32 ccs_authenticate(
+    [in, string]                const CC_CHAR* name );
+}
diff --git a/krb5-1.21.3/src/ccapi/common/win/tls.c b/krb5-1.21.3/src/ccapi/common/win/tls.c
new file mode 100644
index 00000000..6c13d5a9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/tls.c
@@ -0,0 +1,77 @@
+/* ccapi/common/win/tls.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "string.h"
+#include <stdlib.h>
+#include <malloc.h>
+
+#include "tls.h"
+
+void tspdata_setUUID(struct tspdata* p, unsigned char __RPC_FAR* uuidString) {
+    strncpy(p->_uuid, uuidString, UUID_SIZE-1);
+    };
+
+void         tspdata_setListening (struct tspdata* p, BOOL b)           {p->_listening = b;}
+
+void         tspdata_setConnected (struct tspdata* p, BOOL b)           {p->_CCAPI_Connected = b;}
+
+void         tspdata_setReplyEvent(struct tspdata* p, HANDLE h)         {p->_replyEvent = h;}
+
+void         tspdata_setRpcAState (struct tspdata* p, RPC_ASYNC_STATE* rpcState) {
+    p->_rpcState = rpcState;}
+
+void         tspdata_setSST       (struct tspdata* p, time_t t)         {p->_sst = t;}
+
+void         tspdata_setStream    (struct tspdata* p, k5_ipc_stream s)   {p->_stream = s;}
+
+BOOL         tspdata_getListening (const struct tspdata* p)         {return p->_listening;}
+
+BOOL         tspdata_getConnected (const struct tspdata* p)         {return p->_CCAPI_Connected;}
+
+HANDLE       tspdata_getReplyEvent(const struct tspdata* p)         {return p->_replyEvent;}
+
+time_t       tspdata_getSST       (const struct tspdata* p)         {return p->_sst;}
+
+k5_ipc_stream tspdata_getStream    (const struct tspdata* p)         {return p->_stream;}
+
+char*        tspdata_getUUID      (const struct tspdata* p)         {return p->_uuid;}
+
+RPC_ASYNC_STATE* tspdata_getRpcAState (const struct tspdata* p)     {return p->_rpcState;}
+
+
+BOOL WINAPI GetTspData(DWORD dwTlsIndex, struct tspdata**  pdw) {
+    struct tspdata*  pData;      // The stored memory pointer
+
+    pData = (struct tspdata*)TlsGetValue(dwTlsIndex);
+    if (pData == NULL) {
+        pData = malloc(sizeof(*pData));
+        if (pData == NULL)
+            return FALSE;
+        memset(pData, 0, sizeof(*pData));
+        TlsSetValue(dwTlsIndex, pData);
+    }
+    (*pdw) = pData;
+    return TRUE;
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/tls.h b/krb5-1.21.3/src/ccapi/common/win/tls.h
new file mode 100644
index 00000000..bd2bb9e1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/tls.h
@@ -0,0 +1,71 @@
+/* ccapi/common/win/tls.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Thread local storage for client threads. */
+
+#ifndef _tls_h
+#define _tls_h
+
+#include "windows.h"
+#include "time.h"
+#include "rpc.h"
+
+#include "k5-ipc_stream.h"
+
+#define UUID_SIZE   128
+
+/* The client code can be run in any client thread.
+   The thread-specific data is defined here.
+ */
+
+struct tspdata {
+    BOOL                _listening;
+    BOOL                _CCAPI_Connected;
+    RPC_ASYNC_STATE*    _rpcState;
+    HANDLE              _replyEvent;
+    time_t              _sst;
+    k5_ipc_stream        _stream;
+    char                _uuid[UUID_SIZE];
+    };
+
+void            tspdata_setListening (struct tspdata* p, BOOL b);
+void            tspdata_setConnected (struct tspdata* p, BOOL b);
+void            tspdata_setReplyEvent(struct tspdata* p, HANDLE h);
+void            tspdata_setRpcAState (struct tspdata* p, RPC_ASYNC_STATE* rpcState);
+void            tspdata_setSST       (struct tspdata* p, time_t t);
+void            tspdata_setStream    (struct tspdata* p, k5_ipc_stream s);
+void            tspdata_setUUID      (struct tspdata* p, unsigned char __RPC_FAR* uuidString);
+HANDLE          tspdata_getReplyEvent(const struct tspdata* p);
+
+BOOL             tspdata_getListening(const struct tspdata* p);
+BOOL             tspdata_getConnected(const struct tspdata* p);
+RPC_ASYNC_STATE* tspdata_getRpcAState(const struct tspdata* p);
+time_t           tspdata_getSST      (const struct tspdata* p);
+k5_ipc_stream     tspdata_getStream   (const struct tspdata* p);
+char*            tspdata_getUUID     (const struct tspdata* p);
+
+BOOL WINAPI GetTspData(DWORD tlsIndex, struct tspdata** pdw);
+
+#endif _tls_h
diff --git a/krb5-1.21.3/src/ccapi/common/win/win-utils.c b/krb5-1.21.3/src/ccapi/common/win/win-utils.c
new file mode 100644
index 00000000..b49cca85
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/win-utils.c
@@ -0,0 +1,68 @@
+/* ccapi/common/win/win-utils.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include "windows.h"
+#include <stdlib.h>
+#include <malloc.h>
+
+
+#include "win-utils.h"
+#include "cci_debugging.h"
+
+#pragma warning (disable : 4996)
+
+#define UUID_SIZE   128
+
+char*           clientPrefix        = "CCAPI_CLIENT_";
+char*           serverPrefix        = "CCS_LISTEN_";
+unsigned char*  pszProtocolSequence = "ncalrpc";
+
+#define         MAX_TIMESTAMP   40
+char            _ts[MAX_TIMESTAMP];
+
+char* clientEndpoint(const char* UUID) {
+    char* _clientEndpoint   = (char*)malloc(strlen(UUID) + strlen(clientPrefix) + 2);
+    strcpy(_clientEndpoint, clientPrefix);
+    strncat(_clientEndpoint, UUID, UUID_SIZE);
+//    cci_debug_printf("%s returning %s", __FUNCTION__, _clientEndpoint);
+    return _clientEndpoint;
+    }
+
+char* serverEndpoint(const char* user) {
+    char* _serverEndpoint   = (char*)malloc(strlen(user) + strlen(serverPrefix) + 2);
+    strcpy(_serverEndpoint, serverPrefix);
+    strncat(_serverEndpoint, user, UUID_SIZE);
+    return _serverEndpoint;
+    }
+
+char* timestamp() {
+    SYSTEMTIME  _stime;
+    GetSystemTime(&_stime);
+    GetTimeFormat(LOCALE_SYSTEM_DEFAULT, 0, &_stime, "HH:mm:ss", _ts, sizeof(_ts)-1);
+    return _ts;
+    }
diff --git a/krb5-1.21.3/src/ccapi/common/win/win-utils.h b/krb5-1.21.3/src/ccapi/common/win/win-utils.h
new file mode 100644
index 00000000..41cab24d
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/common/win/win-utils.h
@@ -0,0 +1,55 @@
+/* ccapi/common/win/win-utils.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef _win_utils_h
+#define _win_utils_h
+
+#ifndef TRUE
+#define TRUE    (1==1)
+#endif
+
+#ifndef FALSE
+#define FALSE   (1==0)
+#endif
+
+static enum ccapiMsgType {
+    CCMSG_INVALID   = 0,
+    CCMSG_CONNECT,
+    CCMSG_REQUEST,
+    CCMSG_CONNECT_REPLY,
+    CCMSG_REQUEST_REPLY,
+    CCMSG_DISCONNECT,
+    CCMSG_LISTEN,
+    CCMSG_PING,
+    CCMSG_QUIT
+    };
+
+char*                   clientEndpoint(const char* UUID);
+char*                   serverEndpoint(const char* UUID);
+extern unsigned char*   pszProtocolSequence;
+
+char* timestamp();
+
+#endif // _win_utils_h
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/deps b/krb5-1.21.3/src/ccapi/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/ccapi/doc/CCAPI-Windows-Design.html b/krb5-1.21.3/src/ccapi/doc/CCAPI-Windows-Design.html
new file mode 100644
index 00000000..dd32acba
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/doc/CCAPI-Windows-Design.html
@@ -0,0 +1,148 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="https://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+<title>Windows CCAPI RPC design</title>
+<style type="text/css">
+<!--
+.style2 {color: 0}
+.style3 {font-family: "Courier New", Courier, monospace}
+.style5 {color: #CC3300}
+.style6 {color: #999999}
+.style7 {color: #000099}
+-->
+</style>
+</head>
+
+<body>
+<h2 class="style5">Proposed RPC design for Windows CCAPI clients and server</h2>
+<p>The proposal is for a single user; the solution is replicated for each user logged onto the PC.</p>
+<h2>Conventions &amp; clarifications </h2>
+<p>&quot;Client&quot; and &quot;server&quot; refer to the CCAPI client and server. </p>
+<p>The CCAPI client acts as both an RPC client and RPC server and the CCAPI server acts as both an RPC client and RPC server. </p>
+<ul>
+  <li class="style2">The RPC call from the CCAPI client to the CCAPI server is called the &quot;request.&quot; In this mode, the CCAPI client is the RPC client and the CCAPI server is the RPC server.</li>
+  <li class="style2">The RPC call from the CCAPI server to the CCAPI client is called the &quot;reply.&quot; In this mode, the CCAPI client is the RPC server and the CCAPI server is the RPC client. </li>
+</ul>
+<p>The Windows username is referred to below as &quot;&lt;USER&gt;.&quot; </p>
+<p>The Windows Logon Security Identifier is referred to as &quot;&lt;LSID&gt;.&quot; </p>
+<p>&lt;UUID&gt; means a thread-specific UUID.</p>
+<p>&lt;SST&gt; means <strong>s</strong>erver <strong>s</strong>tart <strong>t</strong>ime, a time_t. </p>
+<p>A description of client and server authentication has not been added yet.</p>
+<h2>Design Requirements </h2>
+<ul>
+  <li>The server's OS-independent code is single threaded, because it must operate on platforms that do not allow multiple threads. </li>
+  <li>The client and server must be able to maintain connections, where state is maintained between individual messages.</li>
+  <li>Individual messages must be handled in a single threaded server. </li>
+  <li>The server must be able to detect when a client dies, so that any connection state can be cleaned up.  </li>
+</ul>
+<h2>Design</h2>
+<p>The server and each client create an RPC endpoint. The server's endpoint is CCS_&lt;LSID&gt; and the client's endpoint is CCAPI_&lt;UUID&gt;, where each client geta a UUID. </p>
+<p>On Windows, the server's ccs_pipe_t type is a char* and is set to the client UUID.</p>
+<h3>How is the request handled in the server and the reply sent to the client? </h3>
+<p>One straightforward way is for the reply to be the returned data in the request RPC call (an [out] parameter). That is, data passed from the RPC server to the RPC client. The request handler calls <span class="style3">ccs_server_handle_request</span>. Eventually, the server code calls <span class="style3">ccs_os_server_send_reply,</span> which saves the reply somewhere. When the server eventually returns to the request handler, the handler  returns the saved reply to the client.</p>
+<p>But this doesn't work. If two clients A and B ask for the same lock, A will acquire the lock and B will have to wait. But if the single threaded server waits for B's lock, it will never handle A's unlock message. Therefore the server must return to B's request handler and <em>not</em> send a reply to B. So this method will not work. </p>
+<p>Instead, there are listener and worker threads in Windows-specific code. </p>
+<p>The client's <span class="style3">cci_os_ipc </span>function waits for <span class="style3">ccs_reply</span>. The client sends the request, including <em>its UUID,</em> from which the server can construct the endpoint on which to call <span class="style3">ccs_reply</span>. </p>
+<p>The server's listener thread listens for RPC requests. The request handler puts each request/<em>reply</em> endpoint in a queue and returns to the client.</p>
+<p>The server's worker thread removes items from the queue, calls <span class="style3">ccs_server_handle_request</span>. <span class="style3">ccs_server_handle_request</span> takes both the request data and the client UUID . Eventually <span class="style3">ccs_os_server_send_reply</span> is called, with the reply data and client UUID in the reply_pipe. <span class="style3">ccs_os_server_send_reply</span> calls <span class="style3">ccs_reply</span> on the client's endpoint, which sends the reply to the client. </p>
+<p>Is there any security issue with the client listening for RPC calls from the server?</p>
+<h3>Connections</h3>
+<p>If the client wants state to be maintained on the server, the client creates a connection. When the connection is closed, the server cleans up any state associated with the connection. </p>
+<p>Any given thread in an application process could want to create a connection. When cci_ipc_thread_init is called, the connection thread-local variables are initialized. New connections are created when cci_os_ipc() (via _cci_ipc_send) is called and no connection was previously established.  Basically we lazily establish connections so the client doesn't talk to the server until it has to.</p>
+<h3>Detecting client exit</h3>
+<p>The server must be able to detect when clients disappear, so the server can free any resources that had been held for the client. </p>
+<p>The Windows RPC API does not appear to provide a notification for an endpoint disappearing. It does provide a way to ask if an endpoint is listening. This is useful for polling, but we want a better performing solution than that. </p>
+<p>The client has an <em>isAlive</em> function on its endpoint. </p>
+<p>To detect the client disappearing without using polling, the server makes an asynchronous call to the <em>isAlive</em> function on the client's endpoint. The <em>isAlive</em> function never returns. When the client exits for any reason, its <em>endpoint</em> will be closed and the server's function call will return an error. The asynchronous call on the server means no additional threads are used. </p>
+<p>Windows provides a number of notification methods to signal I/O completion. Among them are I/O completion ports and callback functions. I chose callback functions because they appear to consume fewer resources. </p>
+<h3>RPC Endpoint / Function summary</h3>
+<ul>
+  <li>The server creates one CCS_&lt;LSID&gt; endpoint to listen for connection requests and client requests. 
+    It has the functions
+    <ul>
+      <li>ccs_rpc_connect(msgtype, UUIDlen, &lt;UUID&gt;, status)</li>
+      <li>ccs_rpc_request(msgtype, UUIDlen, &lt;UUID&gt;, msglen, msg, SST, status) called by client. NB: The windows server sets the <span class="style3">in_client_pipe </span>to the <span class="style3">in_reply_pipe</span>.<br />
+  </li>
+    </ul>
+  </li>
+  <li>Each client thread creates a CCAPI_&lt;UUID&gt; endpoint.  It has the functions
+    <ul>
+      <li>isAlive [function never returns.]    </li>
+      <li>ccs_rpc_request_reply(msgtype, SST, replylen, reply, status)</li>
+      <li>ccs_rpc_connect_reply(msgtype, SST, status</li>
+    </ul>
+  </li>
+</ul>
+<h2>Windows-specific implementation details </h2>
+<h3>Client CCAPI library initialization:</h3>
+<p>This code runs when the CCAPI DLL is loaded. </p>
+<ul>
+  <li>?</li>
+</ul>
+<h3>Client initialization: </h3>
+<p>This code runs when cci_os_ipc_thread_init is called: </p>
+<ul>
+  <li>Generate &lt;UUID&gt; and save in thread-specific storage. This serves as the client ID / ccs_pipe_t. </li>
+  <li>Create client endpoint.</li>
+  <li>Listen on client <em></em>endpoint.</li>
+  <li>Create canonical server connection endpoint from the &lt;LSID&gt;, which the client and server should have in common. </li>
+  <li>Test if server is listening to the CCS_&lt;LSID&gt; endpoint.
+      <ul>
+        <li>If not, quit. (! Start it?) </li>
+      </ul>
+  </li>
+  <li>Call ccs_connect(&lt;UUID&gt;) on the CCS_&lt;LSID&gt; endpoint.</li>
+  <li>Save SST in thread-specific storage. </li>
+</ul>
+<h3>Server initialization:</h3>
+<p class="style6">[old]</p>
+<ul>
+  <li class="style6">Server is initialized by client starting a new process.   There should be only one server process per Windows username. </li>
+</ul>
+<p class="style7">[new]</p>
+<ul>
+  <li class="style7">Server is started by kfwlogon (as is done currently). </li>
+  <li>Capture <strong>s</strong>erver <strong>s</strong>tart <strong>t</strong>ime (SST). </li>
+  <li>Start listener thread, create listener endpoint, listen on CCS_&lt;LSID&gt; endpoint. </li>
+</ul>
+<h3>Establishing a connection: </h3>
+<ul>
+  <li>Client calls ccs_connect(&lt;UUID&gt;) on server's CCS_&lt;LSID&gt; endpoint.</li>
+  <li>Client gets back and stores SST in thread-specific storage.</li>
+  <li>If new connection, server ...
+    <ul>
+      <li>adds connection to connection table</li>
+      <li>calls isAlive on CCAPI_&lt;UUID&gt;.
+        <ul>
+          <li>NB: isAlive never returns. </li>
+        </ul>
+      </li>
+    </ul>
+  </li>
+</ul>
+<h3>Client request:</h3>
+<p>The server's reply to the client's request is not synchronous.</p>
+<ul>
+  <li>Client calls     ccs_rpc_request(msglen, msg, msgtype, UUIDlen, &lt;UUID&gt;, SST, status) on server's endpoint.</li>
+  <li>Server listen thread receives message, queues request.</li>
+  <li>Server worker thread dequeues request, processes, calls ccs_rpc_reply(replylen, reply, msgtype, status) on CCAPI_&lt;UUID&gt;.</li>
+  <li>Server checks SST. If server's SST is different, it means server has restarted since client created connection. </li>
+  <li>Client receives reply.  </li>
+</ul>
+<h3>Detecting client exit</h3>
+<ul>
+  <li>When connection created, client created an endpoint.</li>
+  <li>Server calls isAlive on client's endpoint. </li>
+  <li>When isAlive returns, the server's notification callback will be called. Call back routine queues a DISCONNECT pseudo-message. When the server's worker thread handles the DISCONNECT, it will release connection resources.</li>
+</ul>
+<h3>Detecting server exit </h3>
+<ul>
+  <li>Client's call to ccs_rpc_request will return an error if the server has gone away. </li>
+</ul>
+<p>&nbsp;</p>
+<p>------<br />
+  Stop: <br />
+Start: </p>
+</body>
+</html>
diff --git a/krb5-1.21.3/src/ccapi/lib/Makefile.in b/krb5-1.21.3/src/ccapi/lib/Makefile.in
new file mode 100644
index 00000000..241e28b0
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/Makefile.in
@@ -0,0 +1,61 @@
+mydir=ccapi$(S)lib
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS=unix
+LOCALINCLUDES=-I$(srcdir)/../common -I.
+
+SHLIB_EXPDEPS= $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS=$(COM_ERR_LIB) $(SUPPORT_LIB)
+RELDIR=../ccapi/lib
+
+LIBBASE=krb5-ccapi
+LIBMAJOR=1
+LIBMINOR=0
+
+STOBJLISTS= \
+	OBJS.ST \
+	unix/OBJS.ST
+
+STLIBOBJS= \
+	ccapi_ccache.o \
+	ccapi_ccache_iterator.o \
+	ccapi_context.o \
+	ccapi_context_change_time.o \
+	ccapi_credentials.o \
+	ccapi_credentials_iterator.o \
+	ccapi_err.o \
+	ccapi_ipc.o \
+	ccapi_string.o \
+	ccapi_v2.o
+
+OBJS= \
+	$(OUTPRE)ccapi_ccache.$(OUTPRE) \
+	$(OUTPRE)ccapi_ccache_iterator.$(OUTPRE) \
+	$(OUTPRE)ccapi_context.$(OUTPRE) \
+	$(OUTPRE)ccapi_context_change_time.$(OUTPRE) \
+	$(OUTPRE)ccapi_credentials.$(OUTPRE) \
+	$(OUTPRE)ccapi_credentials_iterator.$(OUTPRE) \
+	$(OUTPRE)ccapi_err.$(OUTPRE) \
+	$(OUTPRE)ccapi_ipc.$(OUTPRE) \
+	$(OUTPRE)ccapi_string.$(OUTPRE) \
+	$(OUTPRE)ccapi_v2.$(OUTPRE)
+
+SRCS= \
+	ccapi_ccache.c \
+	ccapi_ccache_iterator.c \
+	ccapi_context.c \
+	ccapi_context_change_time.c \
+	ccapi_credentials.c \
+	ccapi_credentials_iterator.c \
+	ccapi_err.c \
+	ccapi_ipc.c \
+	ccapi_string.c \
+	ccapi_v2.c
+
+ccapi_err.c ccapi_err.h : ccapi_err.et
+
+all-unix: all-libobjs all-liblinks
+clean-unix:: clean-libobjs clean-liblinks clean-libs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi.exports b/krb5-1.21.3/src/ccapi/lib/ccapi.exports
new file mode 100644
index 00000000..92c859bd
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi.exports
@@ -0,0 +1 @@
+cc_initialize
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_ccache.c b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache.c
new file mode 100644
index 00000000..9e8ba36c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache.c
@@ -0,0 +1,793 @@
+/* ccapi/lib/ccapi_ccache.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_ccache.h"
+
+#include "ccapi_string.h"
+#include "ccapi_credentials.h"
+#include "ccapi_credentials_iterator.h"
+#include "ccapi_ipc.h"
+
+/* ------------------------------------------------------------------------ */
+
+typedef struct cci_ccache_d {
+    cc_ccache_f *functions;
+#if TARGET_OS_MAC
+    cc_ccache_f *vector_functions;
+#endif
+    cci_identifier_t identifier;
+    cc_time_t last_wait_for_change_time;
+    cc_uint32 compat_version;
+} *cci_ccache_t;
+
+/* ------------------------------------------------------------------------ */
+
+struct cci_ccache_d cci_ccache_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
+    NULL,
+    0
+};
+
+cc_ccache_f cci_ccache_f_initializer = {
+    ccapi_ccache_release,
+    ccapi_ccache_destroy,
+    ccapi_ccache_set_default,
+    ccapi_ccache_get_credentials_version,
+    ccapi_ccache_get_name,
+    ccapi_ccache_get_principal,
+    ccapi_ccache_set_principal,
+    ccapi_ccache_store_credentials,
+    ccapi_ccache_remove_credentials,
+    ccapi_ccache_new_credentials_iterator,
+    ccapi_ccache_move,
+    ccapi_ccache_lock,
+    ccapi_ccache_unlock,
+    ccapi_ccache_get_last_default_time,
+    ccapi_ccache_get_change_time,
+    ccapi_ccache_compare,
+    ccapi_ccache_get_kdc_time_offset,
+    ccapi_ccache_set_kdc_time_offset,
+    ccapi_ccache_clear_kdc_time_offset,
+    ccapi_ccache_wait_for_change
+};
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_new (cc_ccache_t      *out_ccache,
+                         cci_identifier_t  in_identifier)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = NULL;
+
+    if (!out_ccache   ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        ccache = malloc (sizeof (*ccache));
+        if (ccache) {
+            *ccache = cci_ccache_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        ccache->functions = malloc (sizeof (*ccache->functions));
+        if (ccache->functions) {
+            *ccache->functions = cci_ccache_f_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = cci_identifier_copy (&ccache->identifier, in_identifier);
+    }
+
+    if (!err) {
+        *out_ccache = (cc_ccache_t) ccache;
+        ccache = NULL; /* take ownership */
+    }
+
+    ccapi_ccache_release ((cc_ccache_t) ccache);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_write (cc_ccache_t  in_ccache,
+                           k5_ipc_stream in_stream)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+
+    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (ccache->identifier, in_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_release (cc_ccache_t io_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+
+    if (!io_ccache) { err = ccErrBadParam; }
+
+    if (!err) {
+        cci_identifier_release (ccache->identifier);
+
+        free ((char *) ccache->functions);
+        free (ccache);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_destroy (cc_ccache_t io_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_destroy_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             NULL);
+    }
+
+    if (!err) {
+        err = ccapi_ccache_release (io_ccache);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_set_default (cc_ccache_t io_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_set_default_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             NULL);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_get_credentials_version (cc_ccache_t  in_ccache,
+                                               cc_uint32   *out_credentials_version)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_ccache              ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_version) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_get_credentials_version_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (reply, out_credentials_version);
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_get_name (cc_ccache_t  in_ccache,
+                                cc_string_t *out_name)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream reply = NULL;
+    char *name = NULL;
+
+    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
+    if (!out_name ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_get_name_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (reply, &name);
+    }
+
+    if (!err) {
+        err = cci_string_new (out_name, name);
+    }
+
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_free_string (name);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_get_principal (cc_ccache_t  in_ccache,
+                                     cc_uint32    in_credentials_version,
+                                     cc_string_t *out_principal)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+    char *principal = NULL;
+
+    if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_principal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_get_principal_msg_id,
+                             ccache->identifier,
+                             request,
+                             &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (reply, &principal);
+    }
+
+    if (!err) {
+        err = cci_string_new (out_principal, principal);
+    }
+
+    krb5int_ipc_stream_release (request);
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_free_string (principal);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_set_principal (cc_ccache_t  io_ccache,
+                                     cc_uint32    in_credentials_version,
+                                     const char  *in_principal)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_ccache   ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (request, in_principal);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_set_principal_msg_id,
+                             ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_store_credentials (cc_ccache_t                 io_ccache,
+                                         const cc_credentials_union *in_credentials_union)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_ccache           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = cci_credentials_union_write (in_credentials_union, request);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_store_credentials_msg_id,
+                             ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_remove_credentials (cc_ccache_t      io_ccache,
+                                          cc_credentials_t in_credentials)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_ccache     ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = cci_credentials_write (in_credentials, request);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_remove_credentials_msg_id,
+                             ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_new_credentials_iterator (cc_ccache_t                in_ccache,
+                                                cc_credentials_iterator_t *out_credentials_iterator)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_ccache               ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_new_credentials_iterator_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err =  cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_credentials_iterator_new (out_credentials_iterator, identifier);
+    }
+
+    krb5int_ipc_stream_release (reply);
+    cci_identifier_release (identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+/* Note: message is sent as the destination to avoid extra work on the      */
+/* server when deleting it the source ccache.                               */
+
+cc_int32 ccapi_ccache_move (cc_ccache_t io_source_ccache,
+                            cc_ccache_t io_destination_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t source_ccache = (cci_ccache_t) io_source_ccache;
+    cci_ccache_t destination_ccache = (cci_ccache_t) io_destination_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_source_ccache     ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = cci_identifier_write (source_ccache->identifier, request);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_move_msg_id,
+                             destination_ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_lock (cc_ccache_t io_ccache,
+                            cc_uint32   in_lock_type,
+                            cc_uint32   in_block)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_lock_type);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_block);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_lock_msg_id,
+                             ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_unlock (cc_ccache_t io_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_unlock_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             NULL);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_get_last_default_time (cc_ccache_t  in_ccache,
+                                             cc_time_t   *out_last_default_time)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_ccache            ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_last_default_time) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_get_last_default_time_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (reply, out_last_default_time);
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_get_change_time (cc_ccache_t  in_ccache,
+                                       cc_time_t   *out_change_time)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_ccache      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_change_time) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_get_change_time_msg_id,
+                             ccache->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (reply, out_change_time);
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_wait_for_change (cc_ccache_t  in_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (request, ccache->last_wait_for_change_time);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_wait_for_change_msg_id,
+                             ccache->identifier,
+                             request,
+			     &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (reply, &ccache->last_wait_for_change_time);
+    }
+
+    krb5int_ipc_stream_release (request);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_compare (cc_ccache_t  in_ccache,
+                               cc_ccache_t  in_compare_to_ccache,
+                               cc_uint32   *out_equal)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    cci_ccache_t compare_to_ccache = (cci_ccache_t) in_compare_to_ccache;
+
+    if (!in_ccache           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_compare_to_ccache) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal           ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_compare (ccache->identifier,
+                                      compare_to_ccache->identifier,
+                                      out_equal);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_get_kdc_time_offset (cc_ccache_t  in_ccache,
+                                           cc_uint32    in_credentials_version,
+                                           cc_time_t   *out_time_offset)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_ccache      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_time_offset) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_get_kdc_time_offset_msg_id,
+                             ccache->identifier,
+                             request,
+                             &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (reply, out_time_offset);
+    }
+
+    krb5int_ipc_stream_release (request);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_set_kdc_time_offset (cc_ccache_t io_ccache,
+                                           cc_uint32   in_credentials_version,
+                                           cc_time_t   in_time_offset)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (request, in_time_offset);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_set_kdc_time_offset_msg_id,
+                             ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_clear_kdc_time_offset (cc_ccache_t io_ccache,
+                                             cc_uint32   in_credentials_version)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+    k5_ipc_stream request = NULL;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_clear_kdc_time_offset_msg_id,
+                             ccache->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_get_compat_version (cc_ccache_t  in_ccache,
+                                        cc_uint32   *out_compat_version)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) in_ccache;
+
+    if (!in_ccache         ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_compat_version) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_compat_version = ccache->compat_version;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_set_compat_version (cc_ccache_t io_ccache,
+                                        cc_uint32   in_compat_version)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_t ccache = (cci_ccache_t) io_ccache;
+
+    if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        ccache->compat_version = in_compat_version;
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_ccache.h b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache.h
new file mode 100644
index 00000000..e6fc129a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache.h
@@ -0,0 +1,105 @@
+/* ccapi/lib/ccapi_ccache.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_CCACHE_H
+#define CCAPI_CCACHE_H
+
+#include "cci_common.h"
+
+cc_int32 cci_ccache_new (cc_ccache_t      *out_ccache,
+                         cci_identifier_t  in_identifier);
+
+cc_int32 ccapi_ccache_release (cc_ccache_t io_ccache);
+
+cc_int32 cci_ccache_write (cc_ccache_t  in_ccache,
+                           k5_ipc_stream in_stream);
+
+cc_int32 ccapi_ccache_destroy (cc_ccache_t io_ccache);
+
+cc_int32 ccapi_ccache_set_default (cc_ccache_t io_ccache);
+
+cc_int32 ccapi_ccache_get_credentials_version (cc_ccache_t  in_ccache,
+                                               cc_uint32   *out_credentials_version);
+
+cc_int32 ccapi_ccache_get_name (cc_ccache_t  in_ccache,
+                                cc_string_t *out_name);
+
+cc_int32 ccapi_ccache_get_principal (cc_ccache_t  in_ccache,
+                                     cc_uint32    in_credentials_version,
+                                     cc_string_t *out_principal);
+
+cc_int32 ccapi_ccache_set_principal (cc_ccache_t  io_ccache,
+                                     cc_uint32    in_credentials_version,
+                                     const char  *in_principal);
+
+cc_int32 ccapi_ccache_store_credentials (cc_ccache_t                 io_ccache,
+                                         const cc_credentials_union *in_credentials_union);
+
+cc_int32 ccapi_ccache_remove_credentials (cc_ccache_t      io_ccache,
+                                          cc_credentials_t in_credentials);
+
+cc_int32 ccapi_ccache_new_credentials_iterator (cc_ccache_t                in_ccache,
+                                                cc_credentials_iterator_t *out_credentials_iterator);
+
+cc_int32 ccapi_ccache_move (cc_ccache_t io_source_ccache,
+                            cc_ccache_t io_destination_ccache);
+
+cc_int32 ccapi_ccache_lock (cc_ccache_t io_ccache,
+                            cc_uint32   in_lock_type,
+                            cc_uint32   in_block);
+
+cc_int32 ccapi_ccache_unlock (cc_ccache_t io_ccache);
+
+cc_int32 ccapi_ccache_get_last_default_time (cc_ccache_t  in_ccache,
+                                             cc_time_t   *out_last_default_time);
+
+cc_int32 ccapi_ccache_get_change_time (cc_ccache_t  in_ccache,
+                                       cc_time_t   *out_change_time);
+
+cc_int32 ccapi_ccache_wait_for_change (cc_ccache_t  in_ccache);
+
+cc_int32 ccapi_ccache_compare (cc_ccache_t  in_ccache,
+                               cc_ccache_t  in_compare_to_ccache,
+                               cc_uint32   *out_equal);
+
+cc_int32 ccapi_ccache_get_kdc_time_offset (cc_ccache_t  in_ccache,
+                                           cc_uint32    in_credentials_version,
+                                           cc_time_t   *out_time_offset);
+
+cc_int32 ccapi_ccache_set_kdc_time_offset (cc_ccache_t io_ccache,
+                                           cc_uint32   in_credentials_version,
+                                           cc_time_t   in_time_offset);
+
+cc_int32 ccapi_ccache_clear_kdc_time_offset (cc_ccache_t io_ccache,
+                                             cc_uint32   in_credentials_version);
+
+cc_int32 cci_ccache_get_compat_version (cc_ccache_t  in_ccache,
+                                        cc_uint32   *out_compat_version);
+
+cc_int32 cci_ccache_set_compat_version (cc_ccache_t io_ccache,
+                                        cc_uint32   in_compat_version);
+
+
+#endif /* CCAPI_CCACHE_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_ccache_iterator.c b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache_iterator.c
new file mode 100644
index 00000000..795610d9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache_iterator.c
@@ -0,0 +1,291 @@
+/* ccapi/lib/ccapi_ccache_iterator.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_ccache_iterator.h"
+#include "ccapi_ccache.h"
+#include "ccapi_ipc.h"
+
+/* ------------------------------------------------------------------------ */
+
+typedef struct cci_ccache_iterator_d {
+    cc_ccache_iterator_f *functions;
+#if TARGET_OS_MAC
+    cc_ccache_iterator_f *vector_functions;
+#endif
+    cci_identifier_t identifier;
+    char *saved_ccache_name;
+} *cci_ccache_iterator_t;
+
+/* ------------------------------------------------------------------------ */
+
+struct cci_ccache_iterator_d cci_ccache_iterator_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
+    NULL,
+    NULL
+};
+
+cc_ccache_iterator_f cci_ccache_iterator_f_initializer = {
+    ccapi_ccache_iterator_release,
+    ccapi_ccache_iterator_next,
+    ccapi_ccache_iterator_clone
+};
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_iterator_new (cc_ccache_iterator_t *out_ccache_iterator,
+                                  cci_identifier_t      in_identifier)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = NULL;
+
+    if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        ccache_iterator = malloc (sizeof (*ccache_iterator));
+        if (ccache_iterator) {
+            *ccache_iterator = cci_ccache_iterator_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        ccache_iterator->functions = malloc (sizeof (*ccache_iterator->functions));
+        if (ccache_iterator->functions) {
+            *ccache_iterator->functions = cci_ccache_iterator_f_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = cci_identifier_copy (&ccache_iterator->identifier, in_identifier);
+    }
+
+    if (!err) {
+        *out_ccache_iterator = (cc_ccache_iterator_t) ccache_iterator;
+        ccache_iterator = NULL; /* take ownership */
+    }
+
+    ccapi_ccache_iterator_release ((cc_ccache_iterator_t) ccache_iterator);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_iterator_write (cc_ccache_iterator_t in_ccache_iterator,
+                                   k5_ipc_stream          in_stream)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
+
+    if (!in_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_identifier_write (ccache_iterator->identifier, in_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_iterator_release (cc_ccache_iterator_t io_ccache_iterator)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) io_ccache_iterator;
+
+    if (!io_ccache_iterator) { err = ccErrBadParam; }
+
+    if (!err) {
+        cc_uint32 initialized = 0;
+
+        err = cci_identifier_is_initialized (ccache_iterator->identifier,
+                                             &initialized);
+
+        if (!err && initialized) {
+            err =  cci_ipc_send (cci_ccache_iterator_release_msg_id,
+                                 ccache_iterator->identifier,
+                                 NULL,
+                                 NULL);
+            if (err) {
+                cci_debug_printf ("%s: cci_ipc_send failed with error %d",
+                                 __FUNCTION__, err);
+                err = ccNoError;
+            }
+        }
+    }
+
+    if (!err) {
+        free ((char *) ccache_iterator->functions);
+        cci_identifier_release (ccache_iterator->identifier);
+        free (ccache_iterator->saved_ccache_name);
+        free (ccache_iterator);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_iterator_next (cc_ccache_iterator_t  in_ccache_iterator,
+                                     cc_ccache_t          *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache        ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint32 initialized = 0;
+
+        err = cci_identifier_is_initialized (ccache_iterator->identifier,
+                                             &initialized);
+
+        if (!err && !initialized) {
+            /* server doesn't actually exist.  Pretend we're empty. */
+            err = cci_check_error (ccIteratorEnd);
+        }
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_ccache_iterator_next_msg_id,
+                             ccache_iterator->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_ccache_new (out_ccache, identifier);
+    }
+
+    krb5int_ipc_stream_release (reply);
+    cci_identifier_release (identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_ccache_iterator_clone (cc_ccache_iterator_t  in_ccache_iterator,
+                                      cc_ccache_iterator_t *out_ccache_iterator)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
+    k5_ipc_stream reply = NULL;
+    cc_uint32 initialized = 0;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_is_initialized (ccache_iterator->identifier,
+                                             &initialized);
+    }
+
+    if (!err) {
+        if (initialized) {
+            err =  cci_ipc_send (cci_ccache_iterator_next_msg_id,
+                                 ccache_iterator->identifier,
+                                 NULL,
+                                 &reply);
+
+            if (!err) {
+                err =  cci_identifier_read (&identifier, reply);
+            }
+
+        } else {
+            /* server doesn't actually exist.  Make another dummy one. */
+            identifier = cci_identifier_uninitialized;
+        }
+    }
+
+    if (!err) {
+        err = cci_ccache_iterator_new (out_ccache_iterator, identifier);
+    }
+
+    cci_identifier_release (identifier);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_iterator_get_saved_ccache_name (cc_ccache_iterator_t   in_ccache_iterator,
+                                                    const char           **out_saved_ccache_name)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
+
+    if (!in_ccache_iterator   ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_saved_ccache_name) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_saved_ccache_name = ccache_iterator->saved_ccache_name;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ccache_iterator_set_saved_ccache_name (cc_ccache_iterator_t  io_ccache_iterator,
+                                                    const char            *in_saved_ccache_name)
+{
+    cc_int32 err = ccNoError;
+    cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) io_ccache_iterator;
+    char *new_saved_ccache_name = NULL;
+
+    if (!io_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && in_saved_ccache_name) {
+        new_saved_ccache_name = strdup (in_saved_ccache_name);
+        if (!new_saved_ccache_name) { err = ccErrNoMem; }
+    }
+
+    if (!err) {
+        free (ccache_iterator->saved_ccache_name);
+
+        ccache_iterator->saved_ccache_name = new_saved_ccache_name;
+        new_saved_ccache_name = NULL; /* take ownership */
+    }
+
+    free (new_saved_ccache_name);
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_ccache_iterator.h b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache_iterator.h
new file mode 100644
index 00000000..88947eaf
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_ccache_iterator.h
@@ -0,0 +1,51 @@
+/* ccapi/lib/ccapi_ccache_iterator.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_CCACHE_ITERATOR_H
+#define CCAPI_CCACHE_ITERATOR_H
+
+#include "cci_common.h"
+
+cc_int32 cci_ccache_iterator_new (cc_ccache_iterator_t *out_ccache_iterator,
+                                  cci_identifier_t      in_identifier);
+
+cc_int32 cci_ccache_iterator_write (cc_ccache_iterator_t in_ccache_iterator,
+                                    k5_ipc_stream          in_stream);
+
+cc_int32 ccapi_ccache_iterator_release (cc_ccache_iterator_t io_ccache_iterator);
+
+cc_int32 ccapi_ccache_iterator_next (cc_ccache_iterator_t  in_ccache_iterator,
+                                     cc_ccache_t          *out_ccache);
+
+cc_int32 ccapi_ccache_iterator_clone (cc_ccache_iterator_t  in_ccache_iterator,
+                                      cc_ccache_iterator_t *out_ccache_iterator);
+
+cc_int32 cci_ccache_iterator_get_saved_ccache_name (cc_ccache_iterator_t   in_ccache_iterator,
+                                                    const char           **out_saved_ccache_name);
+
+cc_int32 cci_ccache_iterator_set_saved_ccache_name (cc_ccache_iterator_t  io_ccache_iterator,
+                                                    const char           *in_saved_ccache_name);
+
+#endif /* CCAPI_CCACHE_ITERATOR_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_context.c b/krb5-1.21.3/src/ccapi/lib/ccapi_context.c
new file mode 100644
index 00000000..cf677fc5
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_context.c
@@ -0,0 +1,831 @@
+/* ccapi/lib/ccapi_context.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_context.h"
+
+#include "k5-platform.h"
+
+#include "ccapi_ccache.h"
+#include "ccapi_ccache_iterator.h"
+#include "ccapi_string.h"
+#include "ccapi_ipc.h"
+#include "ccapi_context_change_time.h"
+#include "ccapi_err.h"
+
+#include <CredentialsCache2.h>
+
+typedef struct cci_context_d {
+    cc_context_f *functions;
+#if TARGET_OS_MAC
+    cc_context_f *vector_functions;
+#endif
+    cci_identifier_t identifier;
+    cc_uint32 synchronized;
+    cc_time_t last_wait_for_change_time;
+} *cci_context_t;
+
+/* ------------------------------------------------------------------------ */
+
+struct cci_context_d cci_context_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
+    NULL,
+    0,
+    0
+};
+
+cc_context_f cci_context_f_initializer = {
+    ccapi_context_release,
+    ccapi_context_get_change_time,
+    ccapi_context_get_default_ccache_name,
+    ccapi_context_open_ccache,
+    ccapi_context_open_default_ccache,
+    ccapi_context_create_ccache,
+    ccapi_context_create_default_ccache,
+    ccapi_context_create_new_ccache,
+    ccapi_context_new_ccache_iterator,
+    ccapi_context_lock,
+    ccapi_context_unlock,
+    ccapi_context_compare,
+    ccapi_context_wait_for_change
+};
+
+static cc_int32 cci_context_sync (cci_context_t in_context,
+                                  cc_uint32     in_launch);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+MAKE_INIT_FUNCTION(cci_process_init);
+MAKE_FINI_FUNCTION(cci_process_fini);
+
+/* ------------------------------------------------------------------------ */
+
+static int cci_process_init (void)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err) {
+        err = cci_context_change_time_thread_init ();
+    }
+
+    if (!err) {
+        err = cci_ipc_process_init ();
+    }
+
+    if (!err) {
+        add_error_table (&et_CAPI_error_table);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+static void cci_process_fini (void)
+{
+    if (!INITIALIZER_RAN (cci_process_init) || PROGRAM_EXITING ()) {
+	return;
+    }
+
+    remove_error_table(&et_CAPI_error_table);
+    cci_context_change_time_thread_fini ();
+}
+
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cc_initialize (cc_context_t  *out_context,
+                        cc_int32       in_version,
+                        cc_int32      *out_supported_version,
+                        char const   **out_vendor)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = NULL;
+    static char *vendor_string = "MIT Kerberos CCAPI";
+
+    if (!out_context) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = CALL_INIT_FUNCTION (cci_process_init);
+    }
+
+    if (!err) {
+        switch (in_version) {
+            case ccapi_version_2:
+            case ccapi_version_3:
+            case ccapi_version_4:
+            case ccapi_version_5:
+            case ccapi_version_6:
+            case ccapi_version_7:
+                break;
+
+            default:
+                err = ccErrBadAPIVersion;
+                break;
+        }
+    }
+
+    if (!err) {
+        context = malloc (sizeof (*context));
+        if (context) {
+            *context = cci_context_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        context->functions = malloc (sizeof (*context->functions));
+        if (context->functions) {
+            *context->functions = cci_context_f_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        context->identifier = cci_identifier_uninitialized;
+
+        *out_context = (cc_context_t) context;
+        context = NULL; /* take ownership */
+
+        if (out_supported_version) {
+            *out_supported_version = ccapi_version_max;
+        }
+
+        if (out_vendor) {
+            *out_vendor = vendor_string;
+        }
+    }
+
+    ccapi_context_release ((cc_context_t) context);
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+/*
+ * Currently does not need to talk to the server since the server must
+ * handle cleaning up resources from crashed clients anyway.
+ *
+ * NOTE: if server communication is ever added here, make sure that
+ * krb5_stdcc_shutdown calls an internal function which does not talk to the
+ * server.  krb5_stdcc_shutdown is called from thread fini functions and may
+ * crash talking to the server depending on what order the OS calls the fini
+ * functions (ie: if the ipc layer fini function is called first).
+ */
+
+cc_int32 ccapi_context_release (cc_context_t in_context)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+
+    if (!in_context) { err = ccErrBadParam; }
+
+    if (!err) {
+        cci_identifier_release (context->identifier);
+        free (context->functions);
+        free (context);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_get_change_time (cc_context_t  in_context,
+                                        cc_time_t    *out_change_time)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_context     ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_change_time) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_context_sync (context, 0);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send_no_launch (cci_context_get_change_time_msg_id,
+                                       context->identifier,
+                                       NULL, &reply);
+    }
+
+    if (!err && krb5int_ipc_stream_size (reply) > 0) {
+        cc_time_t change_time = 0;
+
+        /* got a response from the server */
+        err = krb5int_ipc_stream_read_time (reply, &change_time);
+
+        if (!err) {
+            err = cci_context_change_time_update (context->identifier,
+                                                  change_time);
+        }
+    }
+
+    if (!err) {
+        err = cci_context_change_time_get (out_change_time);
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_wait_for_change (cc_context_t  in_context)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (request, context->last_wait_for_change_time);
+    }
+
+    if (!err) {
+        err = cci_context_sync (context, 1);
+    }
+
+    if (!err) {
+        err = cci_ipc_send (cci_context_wait_for_change_msg_id,
+			    context->identifier,
+			    request,
+			    &reply);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (reply, &context->last_wait_for_change_time);
+    }
+
+    krb5int_ipc_stream_release (request);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_get_default_ccache_name (cc_context_t  in_context,
+                                                cc_string_t  *out_name)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream reply = NULL;
+    char *reply_name = NULL;
+    char *name = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!out_name  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_context_sync (context, 0);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send_no_launch (cci_context_get_default_ccache_name_msg_id,
+                                       context->identifier,
+                                       NULL,
+                                       &reply);
+    }
+
+    if (!err) {
+        if (krb5int_ipc_stream_size (reply) > 0) {
+            /* got a response from the server */
+            err = krb5int_ipc_stream_read_string (reply, &reply_name);
+
+            if (!err) {
+                name = reply_name;
+            }
+        } else {
+            name = k_cci_context_initial_ccache_name;
+        }
+    }
+
+    if (!err) {
+        err = cci_string_new (out_name, name);
+    }
+
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_free_string (reply_name);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_open_ccache (cc_context_t  in_context,
+                                    const char   *in_name,
+                                    cc_ccache_t  *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (request, in_name);
+    }
+
+    if (!err) {
+        err = cci_context_sync (context, 0);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send_no_launch (cci_context_open_ccache_msg_id,
+                                       context->identifier,
+                                       request,
+                                       &reply);
+    }
+
+    if (!err && !(krb5int_ipc_stream_size (reply) > 0)) {
+        err = ccErrCCacheNotFound;
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_ccache_new (out_ccache, identifier);
+    }
+
+    cci_identifier_release (identifier);
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_open_default_ccache (cc_context_t  in_context,
+                                            cc_ccache_t  *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_context_sync (context, 0);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send_no_launch (cci_context_open_default_ccache_msg_id,
+                                       context->identifier,
+                                       NULL,
+                                       &reply);
+    }
+
+    if (!err && !(krb5int_ipc_stream_size (reply) > 0)) {
+        err = ccErrCCacheNotFound;
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_ccache_new (out_ccache, identifier);
+    }
+
+    cci_identifier_release (identifier);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_create_ccache (cc_context_t  in_context,
+                                      const char   *in_name,
+                                      cc_uint32     in_cred_vers,
+                                      const char   *in_principal,
+                                      cc_ccache_t  *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (request, in_name);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (request, in_principal);
+    }
+
+    if (!err) {
+        err = cci_context_sync (context, 1);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_context_create_ccache_msg_id,
+                             context->identifier,
+                             request,
+                             &reply);
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_ccache_new (out_ccache, identifier);
+    }
+
+    cci_identifier_release (identifier);
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_create_default_ccache (cc_context_t  in_context,
+                                              cc_uint32     in_cred_vers,
+                                              const char   *in_principal,
+                                              cc_ccache_t  *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (request, in_principal);
+    }
+
+    if (!err) {
+        err = cci_context_sync (context, 1);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_context_create_default_ccache_msg_id,
+                             context->identifier,
+                             request,
+                             &reply);
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_ccache_new (out_ccache, identifier);
+    }
+
+    cci_identifier_release (identifier);
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_create_new_ccache (cc_context_t in_context,
+                                          cc_uint32    in_cred_vers,
+                                          const char  *in_principal,
+                                          cc_ccache_t *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (request, in_principal);
+    }
+
+    if (!err) {
+        err = cci_context_sync (context, 1);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_context_create_new_ccache_msg_id,
+                             context->identifier,
+                             request,
+                             &reply);
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_ccache_new (out_ccache, identifier);
+    }
+
+    cci_identifier_release (identifier);
+    krb5int_ipc_stream_release (reply);
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_new_ccache_iterator (cc_context_t          in_context,
+                                            cc_ccache_iterator_t *out_iterator)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_context_sync (context, 0);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send_no_launch (cci_context_new_ccache_iterator_msg_id,
+                                       context->identifier,
+                                       NULL,
+                                       &reply);
+    }
+
+    if (!err) {
+        if (krb5int_ipc_stream_size (reply) > 0) {
+            err = cci_identifier_read (&identifier, reply);
+        } else {
+            identifier = cci_identifier_uninitialized;
+        }
+    }
+
+    if (!err) {
+        err = cci_ccache_iterator_new (out_iterator, identifier);
+    }
+
+    krb5int_ipc_stream_release (reply);
+    cci_identifier_release (identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_lock (cc_context_t in_context,
+                             cc_uint32    in_lock_type,
+                             cc_uint32    in_block)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream request = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&request);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_lock_type);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (request, in_block);
+    }
+
+    if (!err) {
+        err = cci_context_sync (context, 1);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_context_lock_msg_id,
+                             context->identifier,
+                             request,
+                             NULL);
+    }
+
+    krb5int_ipc_stream_release (request);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_unlock (cc_context_t in_context)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_context_sync (context, 1);
+    }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_context_unlock_msg_id,
+                             context->identifier,
+                             NULL,
+                             NULL);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_context_compare (cc_context_t  in_context,
+                                cc_context_t  in_compare_to_context,
+                                cc_uint32    *out_equal)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    cci_context_t compare_to_context = (cci_context_t) in_compare_to_context;
+
+    if (!in_context           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_compare_to_context) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal            ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_context_sync (context, 0);
+    }
+
+    if (!err) {
+        err = cci_context_sync (compare_to_context, 0);
+    }
+
+    if (!err) {
+        /* If both contexts can't talk to the server, then
+         * we assume they are equivalent */
+        err = cci_identifier_compare (context->identifier,
+                                      compare_to_context->identifier,
+                                      out_equal);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 cci_context_sync (cci_context_t in_context,
+                                  cc_uint32     in_launch)
+{
+    cc_int32 err = ccNoError;
+    cci_context_t context = (cci_context_t) in_context;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t new_identifier = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        /* Use the uninitialized identifier because we may be talking  */
+        /* to a different server which would reject our identifier and */
+        /* the point of this message is to sync with the server's id   */
+        if (in_launch) {
+            err =  cci_ipc_send (cci_context_sync_msg_id,
+                                 cci_identifier_uninitialized,
+                                 NULL,
+                                 &reply);
+        } else {
+            err =  cci_ipc_send_no_launch (cci_context_sync_msg_id,
+                                           cci_identifier_uninitialized,
+                                           NULL,
+                                           &reply);
+        }
+    }
+
+    if (!err) {
+        if (krb5int_ipc_stream_size (reply) > 0) {
+            err = cci_identifier_read (&new_identifier, reply);
+        } else {
+            new_identifier = cci_identifier_uninitialized;
+        }
+    }
+
+    if (!err) {
+        cc_uint32 equal = 0;
+
+        err = cci_identifier_compare (context->identifier, new_identifier, &equal);
+
+        if (!err && !equal) {
+            if (context->identifier) {
+                cci_identifier_release (context->identifier);
+            }
+            context->identifier = new_identifier;
+            new_identifier = NULL;  /* take ownership */
+        }
+    }
+
+    if (!err && context->synchronized) {
+        err = cci_context_change_time_sync (context->identifier);
+    }
+
+    if (!err && !context->synchronized) {
+        /* Keep state about whether this is the first call to avoid always   */
+        /* modifying the global change time on the context's first ipc call. */
+        context->synchronized = 1;
+    }
+
+    cci_identifier_release (new_identifier);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_context.h b/krb5-1.21.3/src/ccapi/lib/ccapi_context.h
new file mode 100644
index 00000000..51b8982e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_context.h
@@ -0,0 +1,86 @@
+/* ccapi/lib/ccapi_context.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_CONTEXT_H
+#define CCAPI_CONTEXT_H
+
+#include "cci_common.h"
+
+/* Used for freeing ccapi context in thread fini calls
+ * Does not tell the server you are exiting. */
+cc_int32 cci_context_destroy (cc_context_t in_context);
+
+cc_int32 ccapi_context_release (cc_context_t in_context);
+
+cc_int32 ccapi_context_get_change_time (cc_context_t  in_context,
+                                        cc_time_t    *out_time);
+
+cc_int32 ccapi_context_wait_for_change (cc_context_t  in_context);
+
+cc_int32 ccapi_context_get_default_ccache_name (cc_context_t  in_context,
+                                                cc_string_t  *out_name);
+
+cc_int32 ccapi_context_open_ccache (cc_context_t  in_context,
+                                    const char   *in_name,
+                                    cc_ccache_t  *out_ccache);
+
+cc_int32 ccapi_context_open_default_ccache (cc_context_t  in_context,
+                                            cc_ccache_t  *out_ccache);
+
+cc_int32 ccapi_context_create_ccache (cc_context_t  in_context,
+                                      const char   *in_name,
+                                      cc_uint32     in_cred_vers,
+                                      const char   *in_principal,
+                                      cc_ccache_t  *out_ccache);
+
+cc_int32 ccapi_context_create_default_ccache (cc_context_t  in_context,
+                                              cc_uint32     in_cred_vers,
+                                              const char   *in_principal,
+                                              cc_ccache_t  *out_ccache);
+
+cc_int32 ccapi_context_create_new_ccache (cc_context_t in_context,
+                                          cc_uint32    in_cred_vers,
+                                          const char  *in_principal,
+                                          cc_ccache_t *out_ccache);
+
+cc_int32 ccapi_context_new_ccache_iterator (cc_context_t          in_context,
+                                            cc_ccache_iterator_t *out_iterator);
+
+cc_int32 ccapi_context_lock (cc_context_t in_context,
+                             cc_uint32    in_lock_type,
+                             cc_uint32    in_block);
+
+cc_int32 ccapi_context_unlock (cc_context_t in_context);
+
+cc_int32 ccapi_context_compare (cc_context_t  in_context,
+                                cc_context_t  in_compare_to_context,
+                                cc_uint32    *out_equal);
+
+#ifdef WIN32
+void cci_thread_init__auxinit();
+#endif
+
+
+#endif /* CCAPI_CONTEXT_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_context_change_time.c b/krb5-1.21.3/src/ccapi/lib/ccapi_context_change_time.c
new file mode 100644
index 00000000..ec6b955e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_context_change_time.c
@@ -0,0 +1,199 @@
+/* ccapi/lib/ccapi_context_change_time.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_context_change_time.h"
+#include "cci_common.h"
+
+#include "k5-thread.h"
+
+static cci_identifier_t g_change_time_identifer = NULL;
+static cc_time_t g_change_time = 0;
+static cc_time_t g_change_time_offset = 0;
+static k5_mutex_t g_change_time_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_context_change_time_thread_init (void)
+{
+    return k5_mutex_finish_init(&g_change_time_mutex);
+}
+
+/* ------------------------------------------------------------------------ */
+
+void cci_context_change_time_thread_fini (void)
+{
+    k5_mutex_destroy(&g_change_time_mutex);
+}
+
+/* ------------------------------------------------------------------------ */
+/* WARNING!  Mutex must be locked when calling this!                        */
+
+static cc_int32 cci_context_change_time_update_identifier (cci_identifier_t  in_new_identifier,
+                                                           cc_uint32        *out_server_ids_match,
+                                                           cc_uint32        *out_old_server_running,
+                                                           cc_uint32        *out_new_server_running)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 server_ids_match = 0;
+    cc_uint32 old_server_running = 0;
+    cc_uint32 new_server_running = 0;
+
+    if (!in_new_identifier) { err = cci_check_error (err); }
+
+    if (!err && !g_change_time_identifer) {
+       g_change_time_identifer = cci_identifier_uninitialized;
+    }
+
+    if (!err) {
+        err = cci_identifier_compare_server_id (g_change_time_identifer,
+                                                in_new_identifier,
+                                                &server_ids_match);
+    }
+
+    if (!err && out_old_server_running) {
+        err = cci_identifier_is_initialized (g_change_time_identifer, &old_server_running);
+    }
+
+    if (!err && out_new_server_running) {
+        err = cci_identifier_is_initialized (in_new_identifier, &new_server_running);
+    }
+
+    if (!err && !server_ids_match) {
+        cci_identifier_t new_change_time_identifer = NULL;
+
+        err = cci_identifier_copy (&new_change_time_identifer, in_new_identifier);
+
+        if (!err) {
+            /* Save the new identifier */
+            if (g_change_time_identifer) {
+                cci_identifier_release (g_change_time_identifer);
+            }
+            g_change_time_identifer = new_change_time_identifer;
+        }
+    }
+
+    if (!err) {
+        if (out_server_ids_match  ) { *out_server_ids_match = server_ids_match; }
+        if (out_old_server_running) { *out_old_server_running = old_server_running; }
+        if (out_new_server_running) { *out_new_server_running = new_server_running; }
+    }
+
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_context_change_time_get (cc_time_t *out_change_time)
+{
+    cc_int32 err = ccNoError;
+
+    k5_mutex_lock (&g_change_time_mutex);
+
+    *out_change_time = g_change_time + g_change_time_offset;
+    k5_mutex_unlock (&g_change_time_mutex);
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_context_change_time_update (cci_identifier_t in_identifier,
+                                         cc_time_t        in_new_change_time)
+{
+    cc_int32 err = ccNoError;
+    k5_mutex_lock (&g_change_time_mutex);
+
+    if (!in_identifier) { err = cci_check_error (err); }
+
+    if (!err) {
+        if (g_change_time < in_new_change_time) {
+            /* Only update if it increases the time.  May be a different server. */
+            g_change_time = in_new_change_time;
+            cci_debug_printf ("%s: setting change time to %d",
+                              __FUNCTION__, in_new_change_time);
+        }
+    }
+
+    if (!err) {
+        err = cci_context_change_time_update_identifier (in_identifier,
+                                                         NULL, NULL, NULL);
+    }
+
+    k5_mutex_unlock (&g_change_time_mutex);
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_context_change_time_sync (cci_identifier_t in_new_identifier)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 server_ids_match = 0;
+    cc_uint32 server_was_running = 0;
+    cc_uint32 server_is_running = 0;
+
+    k5_mutex_lock (&g_change_time_mutex);
+
+    if (!in_new_identifier) { err = cci_check_error (err); }
+
+    if (!err) {
+        err = cci_context_change_time_update_identifier (in_new_identifier,
+                                                         &server_ids_match,
+                                                         &server_was_running,
+                                                         &server_is_running);
+    }
+
+    if (!err && !server_ids_match) {
+        /* Increment the change time so callers re-read */
+        g_change_time_offset++;
+
+        /* If the server died, absorb the offset */
+        if (server_was_running && !server_is_running) {
+            cc_time_t now = time (NULL);
+
+            g_change_time += g_change_time_offset;
+            g_change_time_offset = 0;
+
+            /* Make sure the change time increases, ideally with the current time */
+            g_change_time = (g_change_time < now) ? now : g_change_time;
+        }
+
+        cci_debug_printf ("%s noticed server changed ("
+                          "server_was_running = %d; server_is_running = %d; "
+                          "g_change_time = %d; g_change_time_offset = %d",
+                          __FUNCTION__, server_was_running, server_is_running,
+                          g_change_time, g_change_time_offset);
+    }
+
+    k5_mutex_unlock (&g_change_time_mutex);
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_context_change_time.h b/krb5-1.21.3/src/ccapi/lib/ccapi_context_change_time.h
new file mode 100644
index 00000000..b1fa110e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_context_change_time.h
@@ -0,0 +1,41 @@
+/* ccapi/lib/ccapi_context_change_time.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_CONTEXT_CHANGE_TIME_H
+#define CCAPI_CONTEXT_CHANGE_TIME_H
+
+#include "cci_common.h"
+
+cc_int32 cci_context_change_time_thread_init (void);
+void cci_context_change_time_thread_fini (void);
+
+cc_int32 cci_context_change_time_get (cc_time_t *out_change_time);
+
+cc_int32 cci_context_change_time_update (cci_identifier_t in_identifier,
+                                         cc_time_t        in_new_change_time);
+
+cc_int32 cci_context_change_time_sync (cci_identifier_t in_new_identifier);
+
+#endif /* CCAPI_CONTEXT_CHANGE_TIME_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_credentials.c b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials.c
new file mode 100644
index 00000000..cb175a31
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials.c
@@ -0,0 +1,165 @@
+/* ccapi/lib/ccapi_credentials.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_credentials.h"
+
+#include "ccapi_string.h"
+
+/* ------------------------------------------------------------------------ */
+
+typedef struct cci_credentials_d {
+    cc_credentials_union *data;
+    cc_credentials_f *functions;
+#if TARGET_OS_MAC
+    cc_credentials_f *vector_functions;
+#endif
+    cci_identifier_t identifier;
+} *cci_credentials_t;
+
+/* ------------------------------------------------------------------------ */
+
+struct cci_credentials_d cci_credentials_initializer = {
+    NULL,
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
+    NULL
+};
+
+cc_credentials_f cci_credentials_f_initializer = {
+    ccapi_credentials_release,
+    ccapi_credentials_compare
+};
+
+cc_credentials_union cci_credentials_union_initializer = {
+    0,
+    { NULL }
+};
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_credentials_read (cc_credentials_t *out_credentials,
+                               k5_ipc_stream      in_stream)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_t credentials = NULL;
+
+    if (!out_credentials) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        credentials = malloc (sizeof (*credentials));
+        if (credentials) {
+            *credentials = cci_credentials_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        credentials->functions = malloc (sizeof (*credentials->functions));
+        if (credentials->functions) {
+            *credentials->functions = cci_credentials_f_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = cci_identifier_read (&credentials->identifier, in_stream);
+    }
+
+    if (!err) {
+        err = cci_credentials_union_read (&credentials->data, in_stream);
+    }
+
+    if (!err) {
+        *out_credentials = (cc_credentials_t) credentials;
+        credentials = NULL; /* take ownership */
+    }
+
+    if (credentials) { ccapi_credentials_release ((cc_credentials_t) credentials); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_credentials_write (cc_credentials_t in_credentials,
+                                k5_ipc_stream     in_stream)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_t credentials = (cci_credentials_t) in_credentials;
+
+    if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (credentials->identifier, in_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_credentials_compare (cc_credentials_t  in_credentials,
+                                    cc_credentials_t  in_compare_to_credentials,
+                                    cc_uint32        *out_equal)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_t credentials = (cci_credentials_t) in_credentials;
+    cci_credentials_t compare_to_credentials = (cci_credentials_t) in_compare_to_credentials;
+
+    if (!in_credentials           ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_compare_to_credentials) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal                ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_compare (credentials->identifier,
+                                      compare_to_credentials->identifier,
+                                      out_equal);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_credentials_release (cc_credentials_t io_credentials)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_t credentials = (cci_credentials_t) io_credentials;
+
+    if (!io_credentials) { err = ccErrBadParam; }
+
+    if (!err) {
+        cci_credentials_union_release (credentials->data);
+        free ((char *) credentials->functions);
+        cci_identifier_release (credentials->identifier);
+        free (credentials);
+    }
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_credentials.h b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials.h
new file mode 100644
index 00000000..aea6a412
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials.h
@@ -0,0 +1,43 @@
+/* ccapi/lib/ccapi_credentials.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_CREDENTIALS_H
+#define CCAPI_CREDENTIALS_H
+
+#include "cci_common.h"
+
+cc_int32 cci_credentials_read (cc_credentials_t *out_credentials,
+                               k5_ipc_stream      in_stream);
+
+cc_int32 cci_credentials_write (cc_credentials_t in_credentials,
+                                k5_ipc_stream     in_stream);
+
+cc_int32 ccapi_credentials_compare (cc_credentials_t  in_credentials,
+                                    cc_credentials_t  in_compare_to_credentials,
+                                    cc_uint32        *out_equal);
+
+cc_int32 ccapi_credentials_release (cc_credentials_t io_credentials);
+
+#endif /* CCAPI_CREDENTIALS_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_credentials_iterator.c b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials_iterator.c
new file mode 100644
index 00000000..f1efc7f8
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials_iterator.c
@@ -0,0 +1,246 @@
+/* ccapi/lib/ccapi_credentials_iterator.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_credentials_iterator.h"
+#include "ccapi_credentials.h"
+#include "ccapi_ipc.h"
+
+/* ------------------------------------------------------------------------ */
+
+typedef struct cci_credentials_iterator_d {
+    cc_credentials_iterator_f *functions;
+#if TARGET_OS_MAC
+    cc_credentials_iterator_f *vector_functions;
+#endif
+    cci_identifier_t identifier;
+    cc_uint32 compat_version;
+} *cci_credentials_iterator_t;
+
+/* ------------------------------------------------------------------------ */
+
+struct cci_credentials_iterator_d cci_credentials_iterator_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
+    NULL,
+    0
+};
+
+cc_credentials_iterator_f cci_credentials_iterator_f_initializer = {
+    ccapi_credentials_iterator_release,
+    ccapi_credentials_iterator_next,
+    ccapi_credentials_iterator_clone
+};
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_credentials_iterator_new (cc_credentials_iterator_t *out_credentials_iterator,
+                                       cci_identifier_t           in_identifier)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = NULL;
+
+    if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        credentials_iterator = malloc (sizeof (*credentials_iterator));
+        if (credentials_iterator) {
+            *credentials_iterator = cci_credentials_iterator_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        credentials_iterator->functions = malloc (sizeof (*credentials_iterator->functions));
+        if (credentials_iterator->functions) {
+            *credentials_iterator->functions = cci_credentials_iterator_f_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = cci_identifier_copy (&credentials_iterator->identifier, in_identifier);
+    }
+
+    if (!err) {
+        *out_credentials_iterator = (cc_credentials_iterator_t) credentials_iterator;
+        credentials_iterator = NULL; /* take ownership */
+    }
+
+    if (credentials_iterator) { ccapi_credentials_iterator_release ((cc_credentials_iterator_t) credentials_iterator); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_credentials_iterator_write (cc_credentials_iterator_t in_credentials_iterator,
+                                         k5_ipc_stream              in_stream)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
+
+    if (!in_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (credentials_iterator->identifier, in_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_credentials_iterator_release (cc_credentials_iterator_t io_credentials_iterator)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) io_credentials_iterator;
+
+    if (!io_credentials_iterator) { err = ccErrBadParam; }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_credentials_iterator_release_msg_id,
+                             credentials_iterator->identifier,
+                             NULL,
+                             NULL);
+        if (err) {
+            cci_debug_printf ("%s: cci_ipc_send failed with error %d",
+                             __FUNCTION__, err);
+            err = ccNoError;
+        }
+    }
+
+    if (!err) {
+        free ((char *) credentials_iterator->functions);
+        cci_identifier_release (credentials_iterator->identifier);
+        free (credentials_iterator);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_credentials_iterator_next (cc_credentials_iterator_t  in_credentials_iterator,
+                                          cc_credentials_t          *out_credentials)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
+    k5_ipc_stream reply = NULL;
+
+    if (!in_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials        ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_credentials_iterator_next_msg_id,
+                             credentials_iterator->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err = cci_credentials_read (out_credentials, reply);
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_credentials_iterator_clone (cc_credentials_iterator_t  in_credentials_iterator,
+                                           cc_credentials_iterator_t *out_credentials_iterator)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
+    k5_ipc_stream reply = NULL;
+    cci_identifier_t identifier = NULL;
+
+    if (!in_credentials_iterator ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err =  cci_ipc_send (cci_credentials_iterator_next_msg_id,
+                             credentials_iterator->identifier,
+                             NULL,
+                             &reply);
+    }
+
+    if (!err) {
+        err =  cci_identifier_read (&identifier, reply);
+    }
+
+    if (!err) {
+        err = cci_credentials_iterator_new (out_credentials_iterator, identifier);
+    }
+
+    krb5int_ipc_stream_release (reply);
+    cci_identifier_release (identifier);
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_credentials_iterator_get_compat_version (cc_credentials_iterator_t  in_credentials_iterator,
+                                                      cc_uint32                 *out_compat_version)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
+
+    if (!in_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!out_compat_version     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_compat_version = credentials_iterator->compat_version;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_credentials_iterator_set_compat_version (cc_credentials_iterator_t io_credentials_iterator,
+                                                      cc_uint32                 in_compat_version)
+{
+    cc_int32 err = ccNoError;
+    cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) io_credentials_iterator;
+
+    if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        credentials_iterator->compat_version = in_compat_version;
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_credentials_iterator.h b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials_iterator.h
new file mode 100644
index 00000000..56c4505d
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_credentials_iterator.h
@@ -0,0 +1,51 @@
+/* ccapi/lib/ccapi_credentials_iterator.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_CREDENTIALS_ITERATOR_H
+#define CCAPI_CREDENTIALS_ITERATOR_H
+
+#include "cci_common.h"
+
+cc_int32 cci_credentials_iterator_new (cc_credentials_iterator_t *out_credentials_iterator,
+                                       cci_identifier_t           in_identifier);
+
+cc_int32 cci_credentials_iterator_write (cc_credentials_iterator_t in_credentials_iterator,
+                                         k5_ipc_stream              in_stream);
+
+cc_int32 ccapi_credentials_iterator_release (cc_credentials_iterator_t io_credentials_iterator);
+
+cc_int32 ccapi_credentials_iterator_next (cc_credentials_iterator_t  in_credentials_iterator,
+                                          cc_credentials_t          *out_credentials);
+
+cc_int32 ccapi_credentials_iterator_clone (cc_credentials_iterator_t  in_credentials_iterator,
+                                           cc_credentials_iterator_t *out_credentials_iterator);
+
+cc_int32 cci_credentials_iterator_get_compat_version (cc_credentials_iterator_t  in_credentials_iterator,
+                                                      cc_uint32                 *out_compat_version);
+
+cc_int32 cci_credentials_iterator_set_compat_version (cc_credentials_iterator_t io_credentials_iterator,
+                                                      cc_uint32                 in_compat_version);
+
+#endif /* CCAPI_CREDENTIALS_ITERATOR_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_err.et b/krb5-1.21.3/src/ccapi/lib/ccapi_err.et
new file mode 100644
index 00000000..44cd2d0b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_err.et
@@ -0,0 +1,74 @@
+#
+# $Header$
+#
+# Copyright 1998-2006 Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+# require a specific license from the United States Government.
+# It is the responsibility of any person or organization contemplating
+# export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+#
+
+error_table_base 201
+error_table_manager "Credentials Cache"
+error_table CAPI
+
+# 201
+error_code ccIteratorEnd,                       "Reached end of iterator"
+error_code ccErrBadParam,                       "Invalid argument"
+error_code ccErrNoMem,                          "Out of memory"
+error_code ccErrInvalidContext,                 "Invalid credentials cache context"
+error_code ccErrInvalidCCache,                  "Invalid credentials cache"
+
+# 206
+index 5
+error_code ccErrInvalidString,                  "Invalid credentials cache string"
+error_code ccErrInvalidCredentials,             "Invalid credentials"
+error_code ccErrInvalidCCacheIterator,          "Invalid credentials cache iterator"
+error_code ccErrInvalidCredentialsIterator,     "Invalid credentials iterator"
+error_code ccErrInvalidLock,                    "Invalid iterator"
+
+# 211
+index 10
+error_code ccErrBadName,                        "Invalid credentials cache name"
+error_code ccErrBadCredentialsVersion,          "Invalid credentials cache version (not 4 or 5)"
+error_code ccErrBadAPIVersion,                  "Invalid CCAPI version"
+error_code ccErrContextLocked,                  "Credentials cache context is already locked"
+error_code ccErrContextUnlocked,                "Credentials cache context is already unlocked"
+
+# 216
+index 15
+error_code ccErrCCacheLocked,                   "Credentials cache is already locked"
+error_code ccErrCCacheUnlocked,                 "Credentials cache is already unlocked"
+error_code ccErrBadLockType,                    "Invalid credentials cache lock type"
+error_code ccErrNeverDefault,                   "Credentials cache has never been the default cache"
+error_code ccErrCredentialsNotFound,            "Credentials not found"
+
+# 221
+index 20
+error_code ccErrCCacheNotFound,                 "Credentials cache not found"
+error_code ccErrContextNotFound,                "Credentials cache context not found"
+error_code ccErrServerUnavailable,              "Credentials cache server unavailable"
+error_code ccErrServerInsecure,                 "Credentials cache server in this bootstrap is owned by another user"
+error_code ccErrServerCantBecomeUID,            "Credentials cache server failed to change effective uids"
+
+# 226
+index 25
+error_code ccErrTimeOffsetNotSet,               "Credentials cache time offset not set"
+
+end
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_ipc.c b/krb5-1.21.3/src/ccapi/lib/ccapi_ipc.c
new file mode 100644
index 00000000..2c1fcba6
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_ipc.c
@@ -0,0 +1,119 @@
+/* ccapi/lib/ccapi_ipc.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_ipc.h"
+#include "ccapi_os_ipc.h"
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ipc_process_init (void)
+{
+    return cci_os_ipc_process_init ();
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ipc_thread_init (void)
+{
+    return cci_os_ipc_thread_init ();
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 _cci_ipc_send (enum cci_msg_id_t  in_request_name,
+                               cc_int32           in_launch_server,
+                               cci_identifier_t   in_identifier,
+                               k5_ipc_stream       in_request_data,
+                               k5_ipc_stream      *out_reply_data)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream request = NULL;
+    k5_ipc_stream reply = NULL;
+    cc_int32 reply_error = 0;
+
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+    /* in_request_data may be NULL */
+    /* out_reply_data may be NULL */
+
+    if (!err) {
+        err = cci_message_new_request_header (&request,
+                                              in_request_name,
+                                              in_identifier);
+    }
+
+    if (!err && in_request_data) {
+        err = krb5int_ipc_stream_write (request,
+                                krb5int_ipc_stream_data (in_request_data),
+                                krb5int_ipc_stream_size (in_request_data));
+    }
+
+    if (!err) {
+        err = cci_os_ipc (in_launch_server, request, &reply);
+
+        if (!err && krb5int_ipc_stream_size (reply) > 0) {
+            err = cci_message_read_reply_header (reply, &reply_error);
+        }
+    }
+
+    if (!err && reply_error) {
+        err = reply_error;
+    }
+
+    if (!err && out_reply_data) {
+        *out_reply_data = reply;
+        reply = NULL; /* take ownership */
+    }
+
+    krb5int_ipc_stream_release (request);
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ipc_send (enum cci_msg_id_t  in_request_name,
+                       cci_identifier_t   in_identifier,
+                       k5_ipc_stream       in_request_data,
+                       k5_ipc_stream      *out_reply_data)
+{
+    return cci_check_error (_cci_ipc_send (in_request_name, 1,
+                                           in_identifier,
+                                           in_request_data,
+                                           out_reply_data));
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_ipc_send_no_launch (enum cci_msg_id_t  in_request_name,
+                                 cci_identifier_t   in_identifier,
+                                 k5_ipc_stream       in_request_data,
+                                 k5_ipc_stream      *out_reply_data)
+{
+    return cci_check_error (_cci_ipc_send (in_request_name, 0,
+                                           in_identifier,
+                                           in_request_data,
+                                           out_reply_data));
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_ipc.h b/krb5-1.21.3/src/ccapi/lib/ccapi_ipc.h
new file mode 100644
index 00000000..a23772b2
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_ipc.h
@@ -0,0 +1,45 @@
+/* ccapi/lib/ccapi_ipc.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_IPC_H
+#define CCAPI_IPC_H
+
+#include "cci_common.h"
+
+cc_int32 cci_ipc_process_init (void);
+
+cc_int32 cci_ipc_thread_init (void);
+
+cc_int32 cci_ipc_send (enum cci_msg_id_t  in_request_name,
+                       cci_identifier_t   in_identifier,
+                       k5_ipc_stream       in_request_data,
+                       k5_ipc_stream      *out_reply_data);
+
+cc_int32 cci_ipc_send_no_launch (enum cci_msg_id_t  in_request_name,
+                                 cci_identifier_t   in_identifier,
+                                 k5_ipc_stream       in_request_data,
+                                 k5_ipc_stream      *out_reply_data);
+
+#endif /* CCAPI_IPC_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_os_ipc.h b/krb5-1.21.3/src/ccapi/lib/ccapi_os_ipc.h
new file mode 100644
index 00000000..fe7c87a0
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_os_ipc.h
@@ -0,0 +1,39 @@
+/* ccapi/lib/ccapi_os_ipc.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_OS_IPC_H
+#define CCAPI_OS_IPC_H
+
+#include "cci_common.h"
+
+cc_int32 cci_os_ipc_process_init (void);
+
+cc_int32 cci_os_ipc_thread_init (void);
+
+cc_int32 cci_os_ipc (cc_int32      in_launch_server,
+                     k5_ipc_stream in_request_stream,
+                     k5_ipc_stream *out_reply_stream);
+
+#endif /* CCAPI_OS_IPC_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_string.c b/krb5-1.21.3/src/ccapi/lib/ccapi_string.c
new file mode 100644
index 00000000..ab84dfe3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_string.c
@@ -0,0 +1,101 @@
+/* ccapi/lib/ccapi_string.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccapi_string.h"
+
+/* ------------------------------------------------------------------------ */
+
+cc_string_d cci_string_d_initializer = {
+    NULL,
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER };
+
+cc_string_f cci_string_f_initializer = {
+    ccapi_string_release
+};
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_string_new (cc_string_t *out_string,
+                         char        *in_cstring)
+{
+    cc_int32 err = ccNoError;
+    cc_string_t string = NULL;
+
+    if (!out_string) { err = cci_check_error (ccErrBadParam); }
+    if (!in_cstring) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        string = malloc (sizeof (*string));
+        if (string) {
+            *string = cci_string_d_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        string->functions = malloc (sizeof (*string->functions));
+        if (string->functions) {
+            *((cc_string_f *) string->functions) = cci_string_f_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        string->data = strdup (in_cstring);
+        if (!string->data) {
+            err = cci_check_error (ccErrNoMem);
+        }
+
+    }
+
+    if (!err) {
+        *out_string = string;
+        string = NULL; /* take ownership */
+    }
+
+    if (string) { ccapi_string_release (string); }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccapi_string_release (cc_string_t in_string)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_string) { err = ccErrBadParam; }
+
+    if (!err) {
+        free ((char *) in_string->data);
+        free ((char *) in_string->functions);
+        free (in_string);
+    }
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_string.h b/krb5-1.21.3/src/ccapi/lib/ccapi_string.h
new file mode 100644
index 00000000..02debde9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_string.h
@@ -0,0 +1,36 @@
+/* ccapi/lib/ccapi_string.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCAPI_STRING_H
+#define CCAPI_STRING_H
+
+#include "cci_common.h"
+
+cc_int32 cci_string_new (cc_string_t *out_string,
+                         char        *in_cstring);
+
+cc_int32 ccapi_string_release (cc_string_t in_string);
+
+#endif /* CCAPI_STRING_H */
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_v2.c b/krb5-1.21.3/src/ccapi/lib/ccapi_v2.c
new file mode 100644
index 00000000..ae9b790b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_v2.c
@@ -0,0 +1,889 @@
+/* ccapi/lib/ccapi_v2.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cci_common.h"
+#include "ccapi_string.h"
+#include "ccapi_context.h"
+#include "ccapi_ccache.h"
+#include "ccapi_ccache_iterator.h"
+#include "ccapi_credentials.h"
+#include "ccapi_credentials_iterator.h"
+#include <CredentialsCache2.h>
+
+infoNC infoNC_initializer = { NULL, NULL, CC_CRED_UNKNOWN };
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 cci_remap_version (cc_int32   in_v2_version,
+                                   cc_uint32 *out_v3_version)
+{
+    cc_result err = ccNoError;
+
+    if (!out_v3_version) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        if (in_v2_version == CC_CRED_V5) {
+            *out_v3_version = cc_credentials_v5;
+
+        } else {
+            err = ccErrBadCredentialsVersion;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_result _cci_remap_error (cc_result   in_error,
+                                   const char *in_function,
+                                   const char *in_file,
+                                   int         in_line)
+{
+    _cci_check_error (in_error, in_function, in_file, in_line);
+
+    if (in_error >= CC_NOERROR && in_error <= CC_ERR_CRED_VERSION) {
+        return in_error;
+    }
+
+    switch (in_error) {
+        case ccNoError:
+            return CC_NOERROR;
+
+        case ccIteratorEnd:
+            return CC_END;
+
+        case ccErrBadParam:
+        case ccErrContextNotFound:
+        case ccErrInvalidContext:
+        case ccErrInvalidCredentials:
+        case ccErrInvalidCCacheIterator:
+        case ccErrInvalidCredentialsIterator:
+        case ccErrInvalidLock:
+        case ccErrBadLockType:
+            return CC_BAD_PARM;
+
+        case ccErrNoMem:
+            return CC_NOMEM;
+
+        case ccErrInvalidCCache:
+        case ccErrCCacheNotFound:
+            return CC_NO_EXIST;
+
+        case ccErrCredentialsNotFound:
+            return CC_NOTFOUND;
+
+        case ccErrBadName:
+            return CC_BADNAME;
+
+        case ccErrBadCredentialsVersion:
+            return CC_ERR_CRED_VERSION;
+
+        case ccErrBadAPIVersion:
+            return CC_BAD_API_VERSION;
+
+        case ccErrContextLocked:
+        case ccErrContextUnlocked:
+        case ccErrCCacheLocked:
+        case ccErrCCacheUnlocked:
+            return CC_LOCKED;
+
+        case ccErrServerUnavailable:
+        case ccErrServerInsecure:
+        case ccErrServerCantBecomeUID:
+        case ccErrBadInternalMessage:
+        case ccErrClientNotFound:
+            return CC_IO;
+
+        case ccErrNotImplemented:
+            return CC_NOT_SUPP;
+
+        default:
+            cci_debug_printf ("%s(): Unhandled error", __FUNCTION__);
+            return CC_BAD_PARM;
+    }
+}
+#define cci_remap_error(err) _cci_remap_error(err, __FUNCTION__, __FILE__, __LINE__)
+
+
+#if TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_shutdown (apiCB **io_context)
+{
+    cc_result err = ccNoError;
+
+    if (!io_context) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_context_release (*io_context);
+    }
+
+    if (!err) {
+        *io_context = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_get_change_time (apiCB     *in_context,
+                              cc_time_t *out_change_time)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context     ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_change_time) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_context_get_change_time (in_context, out_change_time);
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_get_NC_info (apiCB    *in_context,
+                          infoNC ***out_info)
+{
+    cc_result err = CC_NOERROR;
+    infoNC **info = NULL;
+    cc_uint64 count = 0; /* Preflight the size */
+    cc_uint64 i;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!out_info  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        ccache_cit *iterator = NULL;
+
+        err = cc_seq_fetch_NCs_begin (in_context, &iterator);
+
+        while (!err) {
+            ccache_p *ccache = NULL;
+
+            err = cc_seq_fetch_NCs_next (in_context, &ccache, iterator);
+
+            if (!err) { count++; }
+
+            if (ccache) { cc_close (in_context, &ccache); }
+        }
+        if (err == CC_END) { err = CC_NOERROR; }
+
+        if (!err) {
+            err = cc_seq_fetch_NCs_end (in_context, &iterator);
+        }
+    }
+
+    if (!err) {
+        info = malloc (sizeof (*info) * (count + 1));
+        if (info) {
+            for (i = 0; i < count + 1; i++) { info[i] = NULL; }
+        } else {
+            err = cci_check_error (CC_NOMEM);
+        }
+    }
+
+    if (!err) {
+        ccache_cit *iterator = NULL;
+
+        err = cc_seq_fetch_NCs_begin (in_context, &iterator);
+
+        for (i = 0; !err && i < count; i++) {
+            ccache_p *ccache = NULL;
+
+            err = cc_seq_fetch_NCs_next (in_context, &ccache, iterator);
+
+            if (!err) {
+                info[i] = malloc (sizeof (*info[i]));
+                if (info[i]) {
+                    *info[i] = infoNC_initializer;
+                } else {
+                    err = cci_check_error (CC_NOMEM);
+                }
+            }
+
+            if (!err) {
+                err = cc_get_name (in_context, ccache, &info[i]->name);
+            }
+
+            if (!err) {
+                err = cc_get_principal (in_context, ccache, &info[i]->principal);
+            }
+
+            if (!err) {
+                err = cc_get_cred_version (in_context, ccache, &info[i]->vers);
+            }
+
+            if (ccache) { cc_close (in_context, &ccache); }
+        }
+
+        if (!err) {
+            err = cc_seq_fetch_NCs_end (in_context, &iterator);
+        }
+    }
+
+    if (!err) {
+        *out_info = info;
+        info = NULL;
+    }
+
+    if (info) { cc_free_NC_info (in_context, &info); }
+
+    return cci_check_error (err);
+}
+
+#if TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cc_open (apiCB       *in_context,
+                  const char  *in_name,
+                  cc_int32     in_version,
+                  cc_uint32    in_flags,
+                  ccache_p   **out_ccache)
+{
+    cc_result err = ccNoError;
+    cc_ccache_t ccache = NULL;
+    cc_uint32 compat_version;
+    cc_uint32 real_version;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name   ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_remap_version (in_version, &compat_version);
+    }
+
+    if (!err) {
+        err = ccapi_context_open_ccache (in_context, in_name, &ccache);
+    }
+
+    /* We must not allow a CCAPI v2 caller to open a v5-only ccache
+     as a v4 ccache and vice versa. Allowing that would break
+     (valid) assumptions made by CCAPI v2 callers. */
+
+    if (!err) {
+        err = ccapi_ccache_get_credentials_version (ccache, &real_version);
+    }
+
+    if (!err) {
+        /* check the version and set up the ccache to use it */
+        if (compat_version & real_version) {
+            err = cci_ccache_set_compat_version (ccache, compat_version);
+        } else {
+            err = ccErrBadCredentialsVersion;
+        }
+    }
+
+    if (!err) {
+        *out_ccache = ccache;
+        ccache = NULL;
+    }
+
+    if (ccache) { ccapi_ccache_release (ccache); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_create (apiCB       *in_context,
+                     const char  *in_name,
+                     const char  *in_principal,
+                     cc_int32     in_version,
+                     cc_uint32    in_flags,
+                     ccache_p   **out_ccache)
+{
+    cc_result err = ccNoError;
+    cc_ccache_t	ccache = NULL;
+    cc_uint32 compat_version;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name   ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_remap_version (in_version, &compat_version);
+    }
+
+    if (!err) {
+        err = ccapi_context_create_ccache (in_context, in_name, compat_version,
+                                           in_principal, &ccache);
+    }
+
+    if (!err) {
+        err = cci_ccache_set_compat_version (ccache, compat_version);
+    }
+
+    if (!err) {
+        *out_ccache = ccache;
+        ccache = NULL;
+    }
+
+    if (ccache) { ccapi_ccache_release (ccache); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_close (apiCB     *in_context,
+                    ccache_p **io_ccache)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_ccache_release (*io_ccache);
+    }
+
+    if (!err) {
+        *io_ccache = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_destroy (apiCB     *in_context,
+                      ccache_p **io_ccache)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_ccache_destroy (*io_ccache);
+    }
+
+    if (!err) {
+        *io_ccache = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_get_name (apiCB     *in_context,
+                       ccache_p  *in_ccache,
+                       char     **out_name)
+{
+    cc_result err = ccNoError;
+    cc_string_t name = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccache ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_name  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_ccache_get_name (in_ccache, &name);
+    }
+
+    if (!err) {
+        char *string = strdup (name->data);
+        if (string) {
+            *out_name = string;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (name) { ccapi_string_release (name); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_get_cred_version (apiCB    *in_context,
+                               ccache_p *in_ccache,
+                               cc_int32 *out_version)
+{
+    cc_result err = ccNoError;
+    cc_uint32 compat_version;
+
+    if (!in_context ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccache  ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_version) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_ccache_get_compat_version (in_ccache, &compat_version);
+    }
+
+    if (!err) {
+        if (compat_version == cc_credentials_v5) {
+            *out_version = CC_CRED_V5;
+
+        } else {
+            err = ccErrBadCredentialsVersion;
+        }
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_set_principal (apiCB    *in_context,
+                            ccache_p *io_ccache,
+                            cc_int32  in_version,
+                            char     *in_principal)
+{
+    cc_result err = ccNoError;
+    cc_uint32 version;
+    cc_uint32 compat_version;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache   ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_remap_version (in_version, &version);
+    }
+
+    if (!err) {
+        err = cci_ccache_get_compat_version (io_ccache, &compat_version);
+    }
+
+    if (!err && version != compat_version) {
+        err = cci_check_error (ccErrBadCredentialsVersion);
+    }
+
+    if (!err) {
+        err = ccapi_ccache_set_principal (io_ccache, version, in_principal);
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_get_principal (apiCB      *in_context,
+                            ccache_p   *in_ccache,
+                            char      **out_principal)
+{
+    cc_result err = ccNoError;
+    cc_uint32 compat_version;
+    cc_string_t principal = NULL;
+
+    if (!in_context   ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_principal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_ccache_get_compat_version (in_ccache, &compat_version);
+    }
+
+    if (!err) {
+        err = ccapi_ccache_get_principal (in_ccache, compat_version, &principal);
+    }
+
+    if (!err) {
+        char *string = strdup (principal->data);
+        if (string) {
+            *out_principal = string;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (principal) { ccapi_string_release (principal); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_store (apiCB      *in_context,
+                    ccache_p   *io_ccache,
+                    cred_union  in_credentials)
+{
+    cc_result err = ccNoError;
+    cc_credentials_union *creds_union = NULL;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_cred_union_to_credentials_union (&in_credentials,
+                                                   &creds_union);
+    }
+
+    if (!err) {
+        err = ccapi_ccache_store_credentials (io_ccache, creds_union);
+    }
+
+    if (creds_union) { cci_credentials_union_release (creds_union); }
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_remove_cred (apiCB      *in_context,
+                          ccache_p   *in_ccache,
+                          cred_union  in_credentials)
+{
+    cc_result err = ccNoError;
+    cc_credentials_iterator_t iterator = NULL;
+    cc_uint32 found = 0;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccache ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_ccache_new_credentials_iterator (in_ccache, &iterator);
+    }
+
+    while (!err && !found) {
+        cc_credentials_t creds = NULL;
+
+        err = ccapi_credentials_iterator_next (iterator, &creds);
+
+        if (!err) {
+            err = cci_cred_union_compare_to_credentials_union (&in_credentials,
+                                                               creds->data,
+                                                               &found);
+        }
+
+        if (!err && found) {
+            err = ccapi_ccache_remove_credentials (in_ccache, creds);
+        }
+
+        ccapi_credentials_release (creds);
+    }
+    if (err == ccIteratorEnd) { err = cci_check_error (ccErrCredentialsNotFound); }
+
+    return cci_remap_error (err);
+}
+
+#if TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_seq_fetch_NCs_begin (apiCB       *in_context,
+                                  ccache_cit **out_iterator)
+{
+    cc_result err = ccNoError;
+    cc_ccache_iterator_t iterator = NULL;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_context_new_ccache_iterator (in_context, &iterator);
+    }
+
+    if (!err) {
+        *out_iterator = (ccache_cit *) iterator;
+        iterator = NULL; /* take ownership */
+    }
+
+    if (iterator) { ccapi_ccache_iterator_release (iterator); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_seq_fetch_NCs_next (apiCB       *in_context,
+                                 ccache_p   **out_ccache,
+                                 ccache_cit  *in_iterator)
+{
+    cc_result err = ccNoError;
+    cc_ccache_iterator_t iterator = (cc_ccache_iterator_t) in_iterator;
+    cc_ccache_t ccache = NULL;
+    const char *saved_ccache_name;
+
+    if (!in_context ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_ccache_iterator_get_saved_ccache_name (iterator,
+                                                         &saved_ccache_name);
+    }
+
+    if (!err) {
+        if (saved_ccache_name) {
+            err = ccapi_context_open_ccache (in_context, saved_ccache_name,
+                                             &ccache);
+
+            if (!err) {
+                err = cci_ccache_set_compat_version (ccache, cc_credentials_v5);
+            }
+
+            if (!err) {
+                err = cci_ccache_iterator_set_saved_ccache_name (iterator, NULL);
+            }
+
+        } else {
+            cc_uint32 version = 0;
+
+            err = ccapi_ccache_iterator_next (iterator, &ccache);
+
+            if (!err) {
+                err = ccapi_ccache_get_credentials_version (ccache, &version);
+            }
+
+            if (!err) {
+                err = cci_ccache_set_compat_version (ccache, version);
+            }
+        }
+    }
+
+    if (!err) {
+        *out_ccache = ccache;
+        ccache = NULL; /* take ownership */
+    }
+
+    if (ccache) { ccapi_ccache_release (ccache); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_seq_fetch_NCs_end (apiCB       *in_context,
+                                ccache_cit **io_iterator)
+{
+    cc_result err = ccNoError;
+    cc_ccache_iterator_t iterator = (cc_ccache_iterator_t) *io_iterator;
+
+    if (!in_context ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_ccache_iterator_release (iterator);
+    }
+
+    if (!err) {
+        *io_iterator = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+#if TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_seq_fetch_creds_begin (apiCB           *in_context,
+                                    const ccache_p  *in_ccache,
+                                    ccache_cit     **out_iterator)
+{
+    cc_result err = ccNoError;
+    cc_credentials_iterator_t iterator = NULL;
+    cc_uint32 compat_version;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_ccache   ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_ccache_get_compat_version ((cc_ccache_t) in_ccache,
+                                             &compat_version);
+    }
+
+    if (!err) {
+        err = ccapi_ccache_new_credentials_iterator ((cc_ccache_t) in_ccache,
+                                                     &iterator);
+    }
+
+    if (!err) {
+        err = cci_credentials_iterator_set_compat_version (iterator,
+                                                           compat_version);
+    }
+
+    if (!err) {
+        *out_iterator = (ccache_cit *) iterator;
+        iterator = NULL; /* take ownership */
+    }
+
+    if (iterator) { ccapi_credentials_iterator_release (iterator); }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_seq_fetch_creds_next (apiCB       *in_context,
+                                   cred_union **out_creds,
+                                   ccache_cit  *in_iterator)
+{
+    cc_result err = ccNoError;
+    cc_credentials_iterator_t iterator = (cc_credentials_iterator_t) in_iterator;
+    cc_uint32 compat_version;
+
+    if (!in_context ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_creds  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_credentials_iterator_get_compat_version (iterator,
+                                                           &compat_version);
+    }
+
+    while (!err) {
+        cc_credentials_t credentials = NULL;
+
+        err = ccapi_credentials_iterator_next (iterator, &credentials);
+
+        if (!err && (credentials->data->version & compat_version)) {
+            /* got the next credentials for the correct version */
+            err = cci_credentials_union_to_cred_union (credentials->data,
+                                                       out_creds);
+            break;
+        }
+
+        if (credentials) { ccapi_credentials_release (credentials); }
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_seq_fetch_creds_end (apiCB       *in_context,
+                                  ccache_cit **io_iterator)
+{
+    cc_result err = ccNoError;
+    cc_credentials_iterator_t iterator = (cc_credentials_iterator_t) *io_iterator;
+
+    if (!in_context ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccapi_credentials_iterator_release (iterator);
+    }
+
+    if (!err) {
+        *io_iterator = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+#if TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_free_principal (apiCB  *in_context,
+                             char  **io_principal)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_principal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        free (*io_principal);
+        *io_principal = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_free_name (apiCB  *in_context,
+                        char  **io_name)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!io_name   ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        free (*io_name);
+        *io_name = NULL;
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_free_creds (apiCB       *in_context,
+                         cred_union **io_credentials)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_credentials) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_cred_union_release (*io_credentials);
+        if (!err) { *io_credentials = NULL; }
+    }
+
+    return cci_remap_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_result cc_free_NC_info (apiCB    *in_context,
+                           infoNC ***io_info)
+{
+    cc_result err = ccNoError;
+
+    if (!in_context) { err = cci_check_error (ccErrBadParam); }
+    if (!io_info   ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && *io_info) {
+        infoNC **data = *io_info;
+        int i;
+
+        for (i = 0; data[i] != NULL; i++) {
+            cc_free_principal (in_context, &data[i]->principal);
+            cc_free_name (in_context, &data[i]->name);
+            free (data[i]);
+        }
+        free (data);
+
+        *io_info = NULL;
+    }
+
+    return cci_remap_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/ccapi_v2.exports b/krb5-1.21.3/src/ccapi/lib/ccapi_v2.exports
new file mode 100644
index 00000000..efa9fcec
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/ccapi_v2.exports
@@ -0,0 +1,23 @@
+cc_shutdown
+cc_create
+cc_close
+cc_destroy
+cc_get_change_time
+cc_open
+cc_store
+cc_remove_cred
+cc_set_principal
+cc_get_principal
+cc_get_cred_version
+cc_get_name
+cc_seq_fetch_NCs_begin
+cc_seq_fetch_NCs_next
+cc_seq_fetch_NCs_end
+cc_seq_fetch_creds_begin
+cc_seq_fetch_creds_next
+cc_seq_fetch_creds_end
+cc_get_NC_info
+cc_free_principal
+cc_free_name
+cc_free_creds
+cc_free_NC_info
diff --git a/krb5-1.21.3/src/ccapi/lib/deps b/krb5-1.21.3/src/ccapi/lib/deps
new file mode 100644
index 00000000..ad996d9f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/deps
@@ -0,0 +1,86 @@
+# 
+# Generated makefile dependencies follow.
+#
+ccapi_ccache.so ccapi_ccache.po $(OUTPRE)ccapi_ccache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_ccache.c ccapi_ccache.h ccapi_credentials.h ccapi_credentials_iterator.h \
+  ccapi_ipc.h ccapi_string.h
+ccapi_ccache_iterator.so ccapi_ccache_iterator.po $(OUTPRE)ccapi_ccache_iterator.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_ccache.h ccapi_ccache_iterator.c ccapi_ccache_iterator.h \
+  ccapi_ipc.h
+ccapi_context.so ccapi_context.po $(OUTPRE)ccapi_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_ccache.h ccapi_ccache_iterator.h ccapi_context.c \
+  ccapi_context.h ccapi_context_change_time.h ccapi_err.h \
+  ccapi_ipc.h ccapi_string.h
+ccapi_context_change_time.so ccapi_context_change_time.po \
+  $(OUTPRE)ccapi_context_change_time.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_context_change_time.c ccapi_context_change_time.h
+ccapi_credentials.so ccapi_credentials.po $(OUTPRE)ccapi_credentials.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_credentials.c ccapi_credentials.h ccapi_string.h
+ccapi_credentials_iterator.so ccapi_credentials_iterator.po \
+  $(OUTPRE)ccapi_credentials_iterator.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_credentials.h ccapi_credentials_iterator.c ccapi_credentials_iterator.h \
+  ccapi_ipc.h
+ccapi_err.so ccapi_err.po $(OUTPRE)ccapi_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) ccapi_err.c
+ccapi_ipc.so ccapi_ipc.po $(OUTPRE)ccapi_ipc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_ipc.c ccapi_ipc.h ccapi_os_ipc.h
+ccapi_string.so ccapi_string.po $(OUTPRE)ccapi_string.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_string.c ccapi_string.h
+ccapi_v2.so ccapi_v2.po $(OUTPRE)ccapi_v2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccapi_ccache.h ccapi_ccache_iterator.h ccapi_context.h \
+  ccapi_credentials.h ccapi_credentials_iterator.h ccapi_string.h \
+  ccapi_v2.c
diff --git a/krb5-1.21.3/src/ccapi/lib/libkrb5-ccapi.exports b/krb5-1.21.3/src/ccapi/lib/libkrb5-ccapi.exports
new file mode 100644
index 00000000..1a8560f0
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/libkrb5-ccapi.exports
@@ -0,0 +1 @@
+cc_close
diff --git a/krb5-1.21.3/src/ccapi/lib/unix/Makefile.in b/krb5-1.21.3/src/ccapi/lib/unix/Makefile.in
new file mode 100644
index 00000000..ce47d65d
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/unix/Makefile.in
@@ -0,0 +1,12 @@
+mydir=ccapi$(S)lib$(S)unix
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES= -I$(srcdir)/.. -I$(srcdir)/../../common
+
+STLIBOBJS= stubs.o
+OBJS= $(OUTPRE)stubs.$(OBJEXT)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/ccapi/lib/unix/deps b/krb5-1.21.3/src/ccapi/lib/unix/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/unix/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/ccapi/lib/unix/stubs.c b/krb5-1.21.3/src/ccapi/lib/unix/stubs.c
new file mode 100644
index 00000000..3afd8f10
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/unix/stubs.c
@@ -0,0 +1,10 @@
+#include <errno.h>
+#include "ccapi_os_ipc.h"
+
+cc_int32 cci_os_ipc_thread_init (void)
+{
+    return EINVAL;
+}
+void cci_os_ipc_thread_fini (void)
+{
+}
diff --git a/krb5-1.21.3/src/ccapi/lib/win/Makefile.in b/krb5-1.21.3/src/ccapi/lib/win/Makefile.in
new file mode 100644
index 00000000..ef6c1cc2
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/Makefile.in
@@ -0,0 +1,123 @@
+# makefile: Constructs the Kerberos for Windows CCAPI DLL.
+#
+OBJS	= $(OUTPRE)ccapi_ccache.obj \
+          $(OUTPRE)ccapi_ccache_iterator.obj \
+          $(OUTPRE)ccapi_context.obj \
+          $(OUTPRE)ccapi_context_change_time.obj \
+          $(OUTPRE)ccapi_credentials.obj \
+          $(OUTPRE)ccapi_credentials_iterator.obj \
+          $(OUTPRE)ccapi_ipc.obj \
+	  $(OUTPRE)ccapi_err.obj \
+          $(OUTPRE)ccapi_os_ipc.obj \
+          $(OUTPRE)ccapi_string.obj \
+          $(OUTPRE)ccapi_v2.obj \
+          $(OUTPRE)cci_array_internal.obj \
+          $(OUTPRE)cci_cred_union.obj \
+          $(OUTPRE)cci_debugging.obj \
+          $(OUTPRE)cci_identifier.obj \
+          $(OUTPRE)cci_message.obj \
+          $(OUTPRE)cci_os_debugging.obj \
+          $(OUTPRE)cci_os_identifier.obj \
+          $(OUTPRE)ccs_reply_proc.obj \
+          $(OUTPRE)ccs_reply_s.obj \
+          $(OUTPRE)ccs_request_c.obj \
+          $(OUTPRE)ccutils.obj \
+          $(OUTPRE)client.obj \
+          $(OUTPRE)dllmain.obj \
+          $(OUTPRE)init.obj \
+          $(OUTPRE)secure.obj \
+          $(OUTPRE)tls.obj \
+          $(OUTPRE)util.obj \
+          $(OUTPRE)win-utils.obj
+
+##### Options
+# Set NODEBUG if building release instead of debug
+
+#BUILDTOP is krb5/src and is relative to krb5/src/ccapi/lib/win, for making Makefile.
+BUILDTOP= ..\..\..
+CCAPI   = $(BUILDTOP)\CCAPI
+CO      = $(CCAPI)\common
+COWIN   = $(CCAPI)\common\win
+CCUTIL  = $(CCAPI)\common\win\OldCC
+LIBDIR  = $(CCAPI)\lib
+LIBWIN  = $(LIBDIR)\win
+POSIX   = $(BUILDTOP)\lib\krb5\posix
+OLDCC   = $(LIBWIN)\OldCC
+SRCTMP  = $(LIBWIN)\srctmp
+
+!if defined(KRB5_KFW_COMPILE)
+KFWINC= /I$(BUILDTOP)\..\..\krbcc\include
+!endif
+
+# Because all the sources are pulled together into the temp directory SRCTMP,
+#  the only includes we need are to directories outside of ccapi.
+LOCALINCLUDES = /I..\$(BUILDTOP) /I..\$(BUILDTOP)\include /I..\$(BUILDTOP)\include\krb5 $(KFWINC) \
+    -I..\$(BUILDTOP)\util\et
+MIDLINCLUDES  = /I..\$(BUILDTOP)\include
+
+CPPFLAGS = $(CPPFLAGS) /EHsc -D_CRTAPI1=_cdecl -D_CRTAPI2=_cdecl -DWINVER=0x0501 \
+-D_WIN32_WINNT=0x0501 -D_CRT_SECURE_NO_WARNINGS $(cvarsdll)
+
+
+##### Linker
+LINK	= link
+LIBS	= ..\$(CLIB) ..\$(SLIB) kernel32.lib ws2_32.lib user32.lib advapi32.lib
+LFLAGS	= /nologo $(LOPTS)
+
+all: Makefile copysrc midl $(OUTPRE)$(CCLIB).dll finish
+
+ccs_request.h ccs_request_c.c ccs_request_s.c : ccs_request.idl ccs_request.acf
+    midl $(MIDL_OPTIMIZATION) $(MIDLI) -oldnames -cpp_cmd $(CC) -cpp_opt "-E" \
+    ccs_request.idl
+
+ccs_reply.h   ccs_reply_c.c   ccs_reply_s.c   : ccs_reply.idl   ccs_reply.acf
+    midl $(MIDL_OPTIMIZATION) $(MIDLI) -oldnames -cpp_cmd $(CC) -cpp_opt "-E" \
+    ccs_reply.idl
+
+copysrc :
+    echo "Copying all sources needed to build $(CCLIB).dll to $(SRCTMP)"
+    if NOT exist $(SRCTMP)\nul mkdir $(SRCTMP)
+    xcopy /D/Y   $(CO)\*.*     $(SRCTMP)
+    xcopy /D/Y   $(COWIN)\*.*  $(SRCTMP)
+    xcopy /D/Y   $(CCUTIL)\*.* $(SRCTMP)
+    xcopy /D/Y   $(LIBDIR)\*.* $(SRCTMP)
+    xcopy /D/Y   $(LIBWIN)\*.* $(SRCTMP)
+    xcopy /D/Y   $(OLDCC)\*.*  $(SRCTMP)
+    cd $(SRCTMP)
+    if NOT exist $(OUTPRE)\nul mkdir $(OUTPRE)
+
+midl : ccs_request.h ccs_reply.h
+
+VERSIONRC = $(BUILDTOP)\..\windows\version.rc
+CCLIBRES = $(OUTPRE)$(CCLIB).res
+# Main program:
+$(CCLIBRES): $(VERSIONRC)
+	$(RC) $(RCFLAGS) -DCCAPI_LIB -fo $@ -r $**
+
+$(OUTPRE)$(CCLIB).dll: $(OBJS) $(CCLIB).def $(CCLIBRES)
+	$(LINK) $(LFLAGS) -entry:$(ENTRYPOINT) -dll /map:$*.map /out:$@ /DEF:$(CCLIB).def $(OBJS) \
+	    /implib:$(CCLIB).lib $(dllflags) $(LIBS) $(KFWLIB) $(CCLIBRES) rpcrt4.lib $(conlibsdll) $(conflags)
+
+$(CCLIB).def:
+    echo ;$(CCLIB).def is generated by a Makefile rule. > $(CCLIB).def
+    echo HEAPSIZE	8192  >> $(CCLIB).def
+    echo EXPORTS          >> $(CCLIB).def
+    type ccapi.exports    >> $(CCLIB).def
+    type ccapi_v2.exports >> $(CCLIB).def
+    type debug.exports    >> $(CCLIB).def
+
+finish:
+    echo "Finished in ccapi/lib/win."
+    cd ..
+
+install:
+    echo "Doing nothing for make install"
+
+clean:
+	if exist $(OUTPRE)*.exe del $(OUTPRE)*.exe
+	if exist $(OUTPRE)*.obj del $(OUTPRE)*.obj
+	if exist $(OUTPRE)*.res del $(OUTPRE)*.res
+	if exist $(OUTPRE)*.map del $(OUTPRE)*.map
+	if exist $(OUTPRE)*.pdb del $(OUTPRE)*.pdb
+	if exist *.err del *.err
+    if exist $(SRCTMP) rmdir /s /q $(SRCTMP)
diff --git a/krb5-1.21.3/src/ccapi/lib/win/OldCC/ccapi.h b/krb5-1.21.3/src/ccapi/lib/win/OldCC/ccapi.h
new file mode 100644
index 00000000..4d6f3faa
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/OldCC/ccapi.h
@@ -0,0 +1,260 @@
+/* this ALWAYS GENERATED file contains the definitions for the interfaces */
+
+
+ /* File created by MIDL compiler version 6.00.0366 */
+/* at Fri Nov 30 10:06:16 2007
+ */
+/* Compiler settings for ccapi.idl:
+    Oic, W1, Zp8, env=Win32 (32b run)
+    protocol : dce , ms_ext, c_ext, oldnames
+    error checks: allocation ref bounds_check enum stub_data
+    VC __declspec() decoration level:
+         __declspec(uuid()), __declspec(selectany), __declspec(novtable)
+         DECLSPEC_UUID(), MIDL_INTERFACE()
+*/
+//@@MIDL_FILE_HEADING(  )
+
+#pragma warning( disable: 4049 )  /* more than 64k source lines */
+
+
+/* verify that the <rpcndr.h> version is high enough to compile this file*/
+#ifndef __REQUIRED_RPCNDR_H_VERSION__
+#define __REQUIRED_RPCNDR_H_VERSION__ 440
+#endif
+
+#include "rpc.h"
+#include "rpcndr.h"
+
+#ifndef __ccapi_h__
+#define __ccapi_h__
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1020)
+#pragma once
+#endif
+
+/* Forward Declarations */
+
+#ifdef __cplusplus
+extern "C"{
+#endif
+
+void * __RPC_USER MIDL_user_allocate(size_t);
+void __RPC_USER MIDL_user_free( void * );
+
+#ifndef __ccapi_INTERFACE_DEFINED__
+#define __ccapi_INTERFACE_DEFINED__
+
+/* interface ccapi */
+/* [implicit_handle][unique][version][uuid] */
+
+typedef /* [context_handle] */ struct opaque_handle_CTX *HCTX;
+
+typedef /* [context_handle] */ struct opaque_handle_CACHE *HCACHE;
+
+typedef /* [context_handle] */ struct opaque_handle_CACHE_ITER *HCACHE_ITER;
+
+typedef /* [context_handle] */ struct opaque_handle_CRED_ITER *HCRED_ITER;
+
+typedef unsigned char CC_CHAR;
+
+typedef unsigned char CC_UCHAR;
+
+typedef int CC_INT32;
+
+typedef unsigned int CC_UINT32;
+
+typedef CC_INT32 CC_TIME_T;
+
+
+enum __MIDL_ccapi_0001
+    {	STK_AFS	= 0,
+	STK_DES	= 1
+    } ;
+
+enum __MIDL_ccapi_0002
+    {	CC_API_VER_1	= 1,
+	CC_API_VER_2	= 2
+    } ;
+
+enum __MIDL_ccapi_0003
+    {	KRB_NAME_SZ	= 40,
+	KRB_INSTANCE_SZ	= 40,
+	KRB_REALM_SZ	= 40,
+    } ;
+typedef struct _NC_INFO
+    {
+    /* [string] */ CC_CHAR *name;
+    /* [string] */ CC_CHAR *principal;
+    CC_INT32 vers;
+    } 	NC_INFO;
+
+typedef struct _NC_INFO_LIST
+    {
+    CC_UINT32 length;
+    /* [size_is] */ NC_INFO *info;
+    } 	NC_INFO_LIST;
+
+typedef struct _CC_DATA
+    {
+    CC_UINT32 type;
+    CC_UINT32 length;
+    /* [size_is] */ CC_UCHAR *data;
+    } 	CC_DATA;
+
+typedef struct _CC_DATA_LIST
+    {
+    CC_UINT32 count;
+    /* [size_is] */ CC_DATA *data;
+    } 	CC_DATA_LIST;
+
+typedef struct _V5_CRED
+    {
+    /* [string] */ CC_CHAR *client;
+    /* [string] */ CC_CHAR *server;
+    CC_DATA keyblock;
+    CC_TIME_T authtime;
+    CC_TIME_T starttime;
+    CC_TIME_T endtime;
+    CC_TIME_T renew_till;
+    CC_UINT32 is_skey;
+    CC_UINT32 ticket_flags;
+    CC_DATA_LIST addresses;
+    CC_DATA ticket;
+    CC_DATA second_ticket;
+    CC_DATA_LIST authdata;
+    } 	V5_CRED;
+
+typedef /* [switch_type] */ union _CRED_PTR_UNION
+    {
+    /* [case()] */ V5_CRED *pV5Cred;
+    } 	CRED_PTR_UNION;
+
+typedef struct _CRED_UNION
+    {
+    CC_INT32 cred_type;
+    /* [switch_is] */ CRED_PTR_UNION cred;
+    } 	CRED_UNION;
+
+CC_INT32 rcc_initialize(
+    /* [out] */ HCTX *pctx);
+
+CC_INT32 rcc_shutdown(
+    /* [out][in] */ HCTX *pctx);
+
+CC_INT32 rcc_get_change_time(
+    /* [in] */ HCTX ctx,
+    /* [out] */ CC_TIME_T *time);
+
+CC_INT32 rcc_create(
+    /* [in] */ HCTX ctx,
+    /* [string][in] */ const CC_CHAR *name,
+    /* [string][in] */ const CC_CHAR *principal,
+    /* [in] */ CC_INT32 vers,
+    /* [in] */ CC_UINT32 flags,
+    /* [out] */ HCACHE *pcache);
+
+CC_INT32 rcc_open(
+    /* [in] */ HCTX ctx,
+    /* [string][in] */ const CC_CHAR *name,
+    /* [in] */ CC_INT32 vers,
+    /* [in] */ CC_UINT32 flags,
+    /* [out] */ HCACHE *pcache);
+
+CC_INT32 rcc_close(
+    /* [out][in] */ HCACHE *pcache);
+
+CC_INT32 rcc_destroy(
+    /* [out][in] */ HCACHE *pcache);
+
+CC_INT32 rcc_seq_fetch_NCs_begin(
+    /* [in] */ HCTX ctx,
+    /* [out] */ HCACHE_ITER *piter);
+
+CC_INT32 rcc_seq_fetch_NCs_end(
+    /* [out][in] */ HCACHE_ITER *piter);
+
+CC_INT32 rcc_seq_fetch_NCs_next(
+    /* [in] */ HCACHE_ITER iter,
+    /* [out] */ HCACHE *pcache);
+
+CC_INT32 rcc_seq_fetch_NCs(
+    /* [in] */ HCTX ctx,
+    /* [out][in] */ HCACHE_ITER *piter,
+    /* [out] */ HCACHE *pcache);
+
+CC_INT32 rcc_get_NC_info(
+    /* [in] */ HCTX ctx,
+    /* [out] */ NC_INFO_LIST **info_list);
+
+CC_INT32 rcc_get_name(
+    /* [in] */ HCACHE cache,
+    /* [string][out] */ CC_CHAR **name);
+
+CC_INT32 rcc_set_principal(
+    /* [in] */ HCACHE cache,
+    /* [in] */ CC_INT32 vers,
+    /* [string][in] */ const CC_CHAR *principal);
+
+CC_INT32 rcc_get_principal(
+    /* [in] */ HCACHE cache,
+    /* [string][out] */ CC_CHAR **principal);
+
+CC_INT32 rcc_get_cred_version(
+    /* [in] */ HCACHE cache,
+    /* [out] */ CC_INT32 *vers);
+
+CC_INT32 rcc_lock_request(
+    /* [in] */ HCACHE cache,
+    /* [in] */ CC_INT32 lock_type);
+
+CC_INT32 rcc_store(
+    /* [in] */ HCACHE cache,
+    /* [in] */ CRED_UNION cred);
+
+CC_INT32 rcc_remove_cred(
+    /* [in] */ HCACHE cache,
+    /* [in] */ CRED_UNION cred);
+
+CC_INT32 rcc_seq_fetch_creds(
+    /* [in] */ HCACHE cache,
+    /* [out][in] */ HCRED_ITER *piter,
+    /* [out] */ CRED_UNION **cred);
+
+CC_INT32 rcc_seq_fetch_creds_begin(
+    /* [in] */ HCACHE cache,
+    /* [out] */ HCRED_ITER *piter);
+
+CC_INT32 rcc_seq_fetch_creds_end(
+    /* [out][in] */ HCRED_ITER *piter);
+
+CC_INT32 rcc_seq_fetch_creds_next(
+    /* [in] */ HCRED_ITER iter,
+    /* [out] */ CRED_UNION **cred);
+
+CC_UINT32 Connect(
+    /* [string][in] */ CC_CHAR *name);
+
+void Shutdown( void);
+
+
+extern handle_t ccapi_IfHandle;
+
+
+extern RPC_IF_HANDLE ccapi_ClientIfHandle;
+extern RPC_IF_HANDLE ccapi_ServerIfHandle;
+#endif /* __ccapi_INTERFACE_DEFINED__ */
+
+/* Additional Prototypes for ALL interfaces */
+
+void __RPC_USER HCTX_rundown( HCTX );
+void __RPC_USER HCACHE_rundown( HCACHE );
+void __RPC_USER HCACHE_ITER_rundown( HCACHE_ITER );
+void __RPC_USER HCRED_ITER_rundown( HCRED_ITER );
+
+/* end of Additional Prototypes */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/ccapi/lib/win/OldCC/client.cxx b/krb5-1.21.3/src/ccapi/lib/win/OldCC/client.cxx
new file mode 100644
index 00000000..0f95dfce
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/OldCC/client.cxx
@@ -0,0 +1,388 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "stdio.h"    // KPKDBG
+
+#include "ccs_request.h"
+
+#include "ccapi.h"
+#include "util.h"
+
+extern "C" {
+#include "cci_debugging.h"
+#include "tls.h"    // KPKDBG
+    }
+
+#include "client.h"
+#include "init.hxx"
+#include "name.h"
+#include "secure.hxx"
+
+#define SECONDS_TO_WAIT 10
+
+#define STARTUP "CLIENT STARTUP: "
+#define DISCONNECT "CLIENT DISCONNECT: "
+
+bool Client::s_init = false;
+CcOsLock Client::sLock;
+
+static DWORD bind_client(char* ep OPTIONAL, Init::InitInfo& info, LPSTR* endpoint) {
+    DWORD status = 0;
+    unsigned char * pszStringBinding = NULL;
+
+    if (!ep) {
+        status = alloc_name(endpoint, "ep", isNT());
+        } 
+    else {
+        *endpoint = ep;
+        }
+
+    if (!status) {
+        /* Use a convenience function to concatenate the elements of */
+        /* the string binding into the proper sequence.              */
+        status = RpcStringBindingCompose(0,            // uuid
+                                         (unsigned char*)"ncalrpc",    // protseq
+                                         0,            // address
+                                         (unsigned char*)(*endpoint),  // endpoint
+                                         0,            // options
+                                         &pszStringBinding);
+        cci_check_error(status);
+        }
+            
+    if (!status) {
+        /* Set the binding handle that will be used to bind to the server. */
+        status = RpcBindingFromStringBinding(pszStringBinding, &ccs_request_IfHandle);
+        cci_check_error(status);
+        }
+
+    if (!status) {
+        // Win9x might call RpcBindingSetAuthInfo (not Ex), but it does not
+        // quite work on Win9x...
+        if (isNT()) {
+            RPC_SECURITY_QOS qos;
+            qos.Version = RPC_C_SECURITY_QOS_VERSION;
+            qos.Capabilities = RPC_C_QOS_CAPABILITIES_DEFAULT;
+            qos.IdentityTracking = RPC_C_QOS_IDENTITY_STATIC;
+            qos.ImpersonationType = RPC_C_IMP_LEVEL_IDENTIFY;
+
+            status = info.fRpcBindingSetAuthInfoEx(ccs_request_IfHandle,
+                                                   0, // principal
+                                                   RPC_C_AUTHN_LEVEL_CONNECT,
+                                                   RPC_C_AUTHN_WINNT,
+                                                   0, // current address space
+                                                   RPC_C_AUTHZ_NAME,
+                                                   &qos);
+            cci_check_error(status);
+            }
+        }
+
+    if (pszStringBinding) {
+        DWORD status = RpcStringFree(&pszStringBinding); 
+        cci_check_error(status);
+        }
+    return cci_check_error(status);
+    }
+
+DWORD find_server(Init::InitInfo& info, LPSTR endpoint) {
+    DWORD               status      = 0;
+    LPSTR               event_name  = 0;
+    HANDLE              hEvent      = 0;
+    SECURITY_ATTRIBUTES sa          = { 0 };
+    PSECURITY_ATTRIBUTES psa        = 0;
+    STARTUPINFO         si          = { 0 };
+    PROCESS_INFORMATION pi          = { 0 };
+    char*               szExe       = 0;
+    char*               szDir       = 0;
+    BOOL                bRes        = FALSE;
+    char*               cmdline     = NULL;
+
+    psa = isNT() ? &sa : 0;
+
+    cci_debug_printf("%s Looking for server; ccs_request_IfHandle:0x%X", __FUNCTION__, ccs_request_IfHandle);
+    status = cci_check_error(RpcMgmtIsServerListening(ccs_request_IfHandle));
+    if (status == RPC_S_NOT_LISTENING) {
+        cci_debug_printf("  Server *NOT* found!");
+        si.cb = sizeof(si);
+
+        status = alloc_module_dir_name(CCAPI_DLL, &szDir);
+
+        if (!status) {
+            status = alloc_module_dir_name_with_file(CCAPI_DLL, CCAPI_EXE, &szExe);
+            }
+
+        if (!status) {
+            status = alloc_name(&event_name, "startup", isNT());
+            cci_check_error(status);
+            }
+
+        if (!status) {
+            if (isNT()) {
+                sa.nLength = sizeof(sa);
+                status = alloc_own_security_descriptor_NT(&sa.lpSecurityDescriptor);
+                cci_check_error(status);
+                }
+            }
+
+        if (!status) {
+            hEvent = CreateEvent(psa, FALSE, FALSE, event_name);
+            cci_debug_printf("  CreateEvent(... %s) returned hEvent 0x%X", event_name, hEvent);
+            if (!hEvent) status = GetLastError();
+            }
+
+        if (!status) {
+                alloc_cmdline_2_args(szExe, endpoint, "-D", &cmdline);
+                bRes = CreateProcess(  szExe,       // app name
+                                       NULL, //cmdline,     // cmd line is <server endpoint -[DC]>
+                                       psa,         // SA
+                                       psa,         // SA
+                                       FALSE, 
+                                       CREATE_NEW_PROCESS_GROUP | 
+                                       NORMAL_PRIORITY_CLASS |
+#ifdef CCAPI_LAUNCH_SERVER_WITH_CONSOLE
+                                       CREATE_NEW_CONSOLE |
+#else
+                                       DETACHED_PROCESS |
+#endif
+                                       0,
+                                       NULL,        // environment
+                                       szDir,       // current dir
+                                       &si,
+                                       &pi);
+            if (!bRes) {
+                status = GetLastError();
+                cci_debug_printf("  CreateProcess returned %d; LastError: %d", bRes, status);
+                }
+            cci_debug_printf("  Waiting...");
+            }
+        cci_check_error(status);
+
+        if (!status) {
+            status = WaitForSingleObject(hEvent, (SECONDS_TO_WAIT)*1000);
+            status = RpcMgmtIsServerListening(ccs_request_IfHandle);
+            }
+        } 
+    else if (status) {
+            cci_debug_printf("  unexpected error while looking for server: 0D%d / 0U%u / 0X%X", status, status, status);
+            } 
+
+    if (szDir)                      free_alloc_p(&szDir);
+    if (szExe)                      free_alloc_p(&szExe);
+    if (hEvent)                     CloseHandle(hEvent);
+    if (pi.hThread)                 CloseHandle(pi.hThread);
+    if (pi.hProcess)                CloseHandle(pi.hProcess);
+    if (sa.lpSecurityDescriptor)    free_alloc_p(&sa.lpSecurityDescriptor);
+    return cci_check_error(status);
+
+}
+
+static
+DWORD
+make_random_challenge(DWORD *challenge_out) {
+    HCRYPTPROV provider;
+    DWORD status = 0;
+    *challenge_out = 0;
+    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+                             CRYPT_VERIFYCONTEXT)) {
+        status = GetLastError();
+        cci_check_error(status);
+        return status;
+        }
+    if (!CryptGenRandom(provider, sizeof(*challenge_out),
+                        (BYTE *)challenge_out)) {
+        status = GetLastError();
+        cci_check_error(status);
+        return status;
+        }
+    if (!CryptReleaseContext(provider, 0)) {
+        /*
+         * Note: even though CryptReleaseContext() failed, we don't really
+         * care since a) we've already successfully obtained our challenge
+         * anyway and b) at least one of the potential errors, "ERROR_BUSY"
+         * does not really seem to be an error at all.  So GetLastError() is
+         * logged for informational purposes only and should not be returned.
+         */
+        cci_check_error(GetLastError());
+        }
+    return status;
+}
+
+static
+DWORD
+authenticate_server(Init::InitInfo& info) {
+    DWORD               challenge, desired_response;
+    HANDLE              hMap            = 0;
+    LPSTR               mem_name        = 0;
+    PDWORD              pvalue          = 0;
+    CC_UINT32           response        = 0;
+    SECURITY_ATTRIBUTES sa              = { 0 };
+    DWORD               status          = 0;
+
+    cci_debug_printf("%s entry", __FUNCTION__);
+
+    status = alloc_name(&mem_name, "auth", isNT());
+    cci_check_error(status);
+
+    if (!status) {
+        status = make_random_challenge(&challenge);
+        desired_response = challenge + 1;
+        cci_check_error(status);
+        }
+
+    if (!status) {
+        if (isNT()) {
+            sa.nLength = sizeof(sa);
+            status = alloc_own_security_descriptor_NT(&sa.lpSecurityDescriptor);
+            }
+        }
+    cci_check_error(status);
+
+    if (!status) {
+        hMap = CreateFileMapping(INVALID_HANDLE_VALUE, isNT() ? &sa : 0, 
+                                 PAGE_READWRITE, 0, sizeof(DWORD), mem_name);
+        if (!hMap)
+        status = GetLastError();
+        }
+    cci_check_error(status);
+
+    if (!status) {
+        pvalue = (PDWORD)MapViewOfFile(hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0);
+        if (!pvalue) status = GetLastError();
+        }
+    cci_check_error(status);
+
+    if (!status) {
+        *pvalue = challenge;
+
+        RpcTryExcept {
+            response = ccs_authenticate( (CC_CHAR*)mem_name );
+            }
+        RpcExcept(1) {
+            status = RpcExceptionCode();
+            cci_check_error(status);
+            }
+        RpcEndExcept;
+        }
+    cci_check_error(status);
+
+    if (!status) {
+        // Check response
+        if ((response != desired_response) && (*pvalue != desired_response)) {
+            cci_debug_printf("  Could not authenticate server.");
+            status = ERROR_ACCESS_DENIED; // XXX - CO_E_NOMATCHINGSIDFOUND?
+            } 
+        else {
+            cci_debug_printf("  Server authenticated!");
+            }
+        cci_check_error(status);
+        }
+
+    free_alloc_p(&mem_name);
+    free_alloc_p(&sa.lpSecurityDescriptor);
+    if (pvalue) {
+        BOOL ok = UnmapViewOfFile(pvalue);
+//        DEBUG_ASSERT(ok);
+        }
+    if (hMap) CloseHandle(hMap);
+    return status;
+}
+
+DWORD
+Client::Disconnect() {
+    DWORD status = 0;
+    if (ccs_request_IfHandle) {
+        /*  The calls to the remote procedures are complete. */
+        /*  Free the binding handle           */
+        status = RpcBindingFree(&ccs_request_IfHandle);
+        }
+    s_init  = false;
+    return status;
+    }
+
+DWORD
+Client::Connect(char* ep OPTIONAL) {
+    LPSTR   endpoint    = 0;
+    DWORD   status      = 0;
+
+    if (!ccs_request_IfHandle) {
+        Init::InitInfo info;
+
+        status = Init::Info(info);
+        cci_check_error(status);
+
+        if (!status) {
+            status = bind_client(ep, info, &endpoint);
+            cci_check_error(status);
+            }
+
+        if (!status) {
+            status = find_server(info, endpoint);
+            cci_check_error(status);
+            }
+
+        if (!status) {
+            status = authenticate_server(info);
+            cci_check_error(status);
+            }
+        }
+
+
+    if (endpoint && (endpoint != ep)) free_alloc_p(&endpoint);
+    
+    if (status) Client::Disconnect();
+    return status;
+    }
+
+DWORD Client::Initialize(char* ep OPTIONAL) {
+    CcAutoTryLock AL(Client::sLock);
+    if (!AL.IsLocked() || s_init)
+        return 0;
+    SecureClient s;
+    ccs_request_IfHandle  = NULL;
+    DWORD status = Client::Connect(ep);
+    if (!status) s_init = true;
+    return status;
+    }
+
+DWORD Client::Cleanup() {
+    CcAutoLock AL(Client::sLock);
+    SecureClient s;
+    return Client::Disconnect();
+    }
+
+DWORD Client::Reconnect(char* ep OPTIONAL) {
+    CcAutoLock AL(Client::sLock);
+    SecureClient s;
+    DWORD status = 0;
+
+    if (Initialized()) {
+        DWORD status = Client::Cleanup();
+        }
+    if ( (!status) ) {
+        status = Client::Initialize(ep);
+        }
+
+    return status;
+    }
diff --git a/krb5-1.21.3/src/ccapi/lib/win/OldCC/client.h b/krb5-1.21.3/src/ccapi/lib/win/OldCC/client.h
new file mode 100644
index 00000000..1c67acd1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/OldCC/client.h
@@ -0,0 +1,60 @@
+/* ccapi/lib/win/OldCC/client.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __DLL_CLIENT_H__
+#define __DLL_CLIENT_H__
+
+#include "autolock.hxx"
+#include "init.hxx"
+
+class Client {
+public:
+    static DWORD Initialize(char* ep OPTIONAL);
+    static DWORD Cleanup();
+    static DWORD Reconnect(char* ep OPTIONAL);
+
+    static bool Initialized() { return s_init; }
+
+    static CcOsLock sLock;
+
+private:
+    static bool s_init;
+
+    static DWORD Disconnect();
+    static DWORD Connect(char* ep OPTIONAL);
+    };
+
+#define CLIENT_INIT_EX(trap, error) \
+do \
+{ \
+    INIT_INIT_EX(trap, error); \
+    if (!Client::Initialized()) \
+    { \
+        DWORD status = Client::Initialize(0); \
+        if (status) return (trap) ? (error) : status; \
+    } \
+} while(0)
+
+#endif
diff --git a/krb5-1.21.3/src/ccapi/lib/win/WINCCAPI.sln b/krb5-1.21.3/src/ccapi/lib/win/WINCCAPI.sln
new file mode 100644
index 00000000..cee98915
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/WINCCAPI.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WINCCAPI", "WINCCAPI.vcproj", "{1137FC16-E53E-48C1-8293-085B4BE68C32}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{1137FC16-E53E-48C1-8293-085B4BE68C32}.Debug|Win32.ActiveCfg = Debug|Win32
+		{1137FC16-E53E-48C1-8293-085B4BE68C32}.Debug|Win32.Build.0 = Debug|Win32
+		{1137FC16-E53E-48C1-8293-085B4BE68C32}.Release|Win32.ActiveCfg = Release|Win32
+		{1137FC16-E53E-48C1-8293-085B4BE68C32}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/krb5-1.21.3/src/ccapi/lib/win/WINCCAPI.vcproj b/krb5-1.21.3/src/ccapi/lib/win/WINCCAPI.vcproj
new file mode 100644
index 00000000..9af0e21a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/WINCCAPI.vcproj
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8.00"
+	Name="WINCCAPI"
+	ProjectGUID="{1137FC16-E53E-48C1-8293-085B4BE68C32}"
+	RootNamespace="WINCCAPI"
+	Keyword="MakeFileProj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="Debug"
+			IntermediateDirectory="Debug"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="nmake"
+				ReBuildCommandLine="nmake"
+				CleanCommandLine="nmake clean"
+				Output="output.log"
+				PreprocessorDefinitions="WIN32;_DEBUG;"
+				IncludeSearchPath=""
+				ForcedIncludes=""
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="Release"
+			IntermediateDirectory="Release"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="nmake"
+				ReBuildCommandLine="nmake"
+				CleanCommandLine="nmake clean"
+				Output="output.log"
+				PreprocessorDefinitions="WIN32;NDEBUG;"
+				IncludeSearchPath=""
+				ForcedIncludes=""
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath="..\..\common\win\win-utils.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath="..\..\common\win\ccs_reply.Idl"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccs_request.idl"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\win-utils.c"
+				>
+			</File>
+		</Filter>
+		<File
+			RelativePath="..\..\common\win\ccs_reply.Acf"
+			>
+		</File>
+		<File
+			RelativePath="..\..\common\win\ccs_request.Acf"
+			>
+		</File>
+		<File
+			RelativePath=".\Makefile"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/krb5-1.21.3/src/ccapi/lib/win/ccapi_os_ipc.cxx b/krb5-1.21.3/src/ccapi/lib/win/ccapi_os_ipc.cxx
new file mode 100644
index 00000000..1b1f874e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/ccapi_os_ipc.cxx
@@ -0,0 +1,365 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+extern "C" {
+#include "k5-thread.h"
+#include "ccapi_os_ipc.h"
+#include "cci_debugging.h"
+#include "ccs_reply.h"
+#include "ccs_request.h"
+#include "ccutils.h"
+#include "tls.h"
+#include "util.h"
+#include "win-utils.h"
+    }
+
+#include "autolock.hxx"
+#include "CredentialsCache.h"
+#include "secure.hxx"
+#include "opts.hxx"
+#include "client.h"
+
+extern "C" DWORD GetTlsIndex();
+
+#define SECONDS_TO_WAIT 10
+#define CLIENT_REQUEST_RPC_HANDLE ccs_request_IfHandle
+
+extern HANDLE           hCCAPIv2Mutex;
+ParseOpts::Opts         opts                = { 0 };
+PSECURITY_ATTRIBUTES    psa                 = 0;
+SECURITY_ATTRIBUTES     sa                  = { 0 };
+
+/* The layout of the rest of this module:  
+
+   The entrypoints defined in ccs_os_ipc.h:
+    cci_os_ipc_thread_init
+    cci_os_ipc
+
+   Other routines needed by those four.
+    cci_os_connect
+    handle_exception
+ */
+
+cc_int32        ccapi_connect(const struct tspdata* tsp);
+static DWORD    handle_exception(DWORD code, struct tspdata* ptspdata);
+
+extern "C" {
+cc_int32        cci_os_ipc_msg( cc_int32        in_launch_server,
+                                k5_ipc_stream    in_request_stream,
+                                cc_int32        in_msg,
+                                k5_ipc_stream*   out_reply_stream);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+extern "C" cc_int32 cci_os_ipc_process_init (void) {
+    RPC_STATUS status;
+
+    if (!isNT()) {
+        status = RpcServerRegisterIf(ccs_reply_ServerIfHandle,  // interface
+                                     NULL,                      // MgrTypeUuid
+                                     NULL);                     // MgrEpv; null means use default
+        }
+    else {
+        status = RpcServerRegisterIfEx(ccs_reply_ServerIfHandle,  // interface
+                                       NULL,                      // MgrTypeUuid
+                                       NULL,                      // MgrEpv; 0 means default
+                                       RPC_IF_ALLOW_SECURE_ONLY,
+                                       RPC_C_LISTEN_MAX_CALLS_DEFAULT,
+                                       NULL);                     // No security callback.
+        }
+    cci_check_error(status);
+
+    if (!status) {
+        status = RpcServerRegisterAuthInfo(0, // server principal
+                                           RPC_C_AUTHN_WINNT,
+                                           0,
+                                           0 );
+        cci_check_error(status);
+        }
+
+    return status; // ugh. needs translation
+}
+
+/* ------------------------------------------------------------------------ */
+
+extern "C" cc_int32 cci_os_ipc_thread_init (void) {
+    cc_int32                    err         = ccNoError;
+    struct tspdata*             ptspdata;
+    HANDLE                      replyEvent  = NULL;
+    UUID __RPC_FAR              uuid;
+    RPC_CSTR __RPC_FAR          uuidString  = NULL;
+    char*                       endpoint    = NULL;
+
+    if (!GetTspData(GetTlsIndex(), &ptspdata)) return ccErrNoMem;
+
+    err   = cci_check_error(UuidCreate(&uuid)); // Get a UUID
+    if (err == RPC_S_OK) {                      // Convert to string
+        err = UuidToString(&uuid, &uuidString);
+        cci_check_error(err);
+        }
+    if (!err) {                                 // Save in thread local storage
+        tspdata_setUUID(ptspdata, uuidString);
+        endpoint = clientEndpoint((const char *)uuidString);
+        err = RpcServerUseProtseqEp((RPC_CSTR)"ncalrpc",
+                                    RPC_C_PROTSEQ_MAX_REQS_DEFAULT,
+                                    (RPC_CSTR)endpoint,
+                                    sa.lpSecurityDescriptor);  // SD
+        free(endpoint);
+        cci_check_error(err);
+        }
+
+    // Initialize old CCAPI if necessary:
+    if (!err) if (!Init::  Initialized()) err = Init::  Initialize( );
+    if (!err) if (!Client::Initialized()) err = Client::Initialize(0);
+
+    if (!err) {
+        /* Whenever a reply to an RPC request is received, the RPC caller needs to
+           know when the reply has been received.  It does that by waiting for a 
+           client-specific event to be set.  Define the event name to be <UUID>_reply:  */
+        replyEvent = createThreadEvent((char*)uuidString, REPLY_SUFFIX);
+        }
+
+    if (!err) {
+        static bool bListening = false;
+        if (!bListening) {
+            err = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, TRUE);
+            cci_check_error(err);
+            }
+            bListening = err == 0;
+        }
+
+    if (replyEvent) tspdata_setReplyEvent(ptspdata, replyEvent);
+    else            err = cci_check_error(GetLastError());
+
+    if (uuidString) RpcStringFree(&uuidString);
+
+    return cci_check_error(err);
+    }
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 cci_os_ipc (cc_int32      in_launch_server,
+                     k5_ipc_stream in_request_stream,
+                     k5_ipc_stream* out_reply_stream) {
+    return cci_os_ipc_msg(  in_launch_server, 
+                            in_request_stream, 
+                            CCMSG_REQUEST, 
+                            out_reply_stream);
+    }
+
+extern "C" cc_int32 cci_os_ipc_msg( cc_int32        in_launch_server,
+                                    k5_ipc_stream    in_request_stream,
+                                    cc_int32        in_msg,
+                                    k5_ipc_stream*   out_reply_stream) {
+
+    cc_int32        err             = ccNoError;
+    cc_int32        done            = FALSE;
+    cc_int32        try_count       = 0;
+    cc_int32        server_died     = FALSE;
+    TCHAR*          pszStringBinding= NULL;
+    struct tspdata* ptspdata        = NULL;
+    char*           uuid            = NULL;
+    int             lenUUID         = 0;
+    unsigned int    trycount        = 0;
+    time_t          sst             = 0;
+    STARTUPINFO             si      = { 0 };
+    PROCESS_INFORMATION     pi      = { 0 };
+    HANDLE          replyEvent      = 0;
+    BOOL            bCCAPI_Connected= FALSE;
+    BOOL            bListening      = FALSE;
+    unsigned char tspdata_handle[8] = { 0 };
+
+    if (!in_request_stream) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_stream ) { err = cci_check_error (ccErrBadParam); }
+    
+    if (!GetTspData(GetTlsIndex(), &ptspdata)) {return ccErrBadParam;}
+    bListening = tspdata_getListening(ptspdata);
+    if (!bListening) {
+        err = cci_check_error(cci_os_ipc_thread_init());
+        bListening = !err;
+        tspdata_setListening(ptspdata, bListening);
+        }
+
+    bCCAPI_Connected = tspdata_getConnected  (ptspdata);
+    replyEvent       = tspdata_getReplyEvent (ptspdata);
+    sst              = tspdata_getSST (ptspdata);
+    uuid             = tspdata_getUUID(ptspdata);
+
+    // The lazy connection to the server has been put off as long as possible!
+    // ccapi_connect starts listening for replies as an RPC server and then
+    //   calls ccs_rpc_connect.
+    if (!err && !bCCAPI_Connected) {
+        err                 = cci_check_error(ccapi_connect(ptspdata));
+        bCCAPI_Connected    = !err;
+        tspdata_setConnected(ptspdata, bCCAPI_Connected);
+        }
+
+    // Clear replyEvent so we can detect when a reply to our request has been received:
+    ResetEvent(replyEvent);
+    
+    //++ Use the old CCAPI implementation to try to talk to the server:
+    // It has all the code to use the RPC in a thread-safe way, make the endpoint, 
+    //   (re)connect and (re)start the server.
+    // Note:  the old implementation wrapped the thread-safety stuff in a macro.
+    //   Here it is expanded and thus duplicated for each RPC call.  The new code has
+    //   a very limited number of RPC calls, unlike the older code.
+    WaitForSingleObject( hCCAPIv2Mutex, INFINITE );
+    SecureClient*   s = 0;
+    SecureClient::Start(s);
+    CcAutoLock*     a = 0;
+    CcAutoLock::Start(a, Client::sLock);
+
+    // New code using new RPC procedures for sending the data and receiving a reply:
+    if (!err) {
+        RpcTryExcept {
+            if (!GetTspData(GetTlsIndex(), &ptspdata)) {return ccErrBadParam;}
+            uuid    = tspdata_getUUID(ptspdata);
+            lenUUID = 1 + strlen(uuid);     /* 1+ includes terminating \0. */
+            /* copy ptr into handle; ptr may be 4 or 8 bytes, depending on platform; handle is always 8 */
+            memcpy(tspdata_handle, &ptspdata, sizeof(ptspdata));
+            ccs_rpc_request(                    /* make call with user message: */
+                in_msg,                         /* Message type */
+                tspdata_handle,                 /* Our tspdata* will be sent back to the reply proc. */
+                (unsigned char*)uuid,
+                krb5int_ipc_stream_size(in_request_stream),
+                (unsigned char*)krb5int_ipc_stream_data(in_request_stream), /* Data buffer */
+                sst,                            /* session start time */
+                (long*)(&err) );                /* Return code */
+            }
+        RpcExcept(1) {
+            err = handle_exception(RpcExceptionCode(), ptspdata);
+            }
+        RpcEndExcept;
+        }
+
+    cci_check_error(err);
+    CcAutoLock::Stop(a);
+    SecureClient::Stop(s);
+    ReleaseMutex(hCCAPIv2Mutex);       
+    //-- Use the old CCAPI implementation to try to talk to the server.
+
+    // Wait for reply handler to set event:
+    if (!err) {
+        err = cci_check_error(WaitForSingleObject(replyEvent, INFINITE));//(SECONDS_TO_WAIT)*1000));
+        }
+
+    if (!err) {
+        err = cci_check_error(RpcMgmtIsServerListening(CLIENT_REQUEST_RPC_HANDLE));
+        }
+
+    if (!err && server_died) {
+        err = cci_check_error (ccErrServerUnavailable);
+        }
+
+    if (!err) {
+        *out_reply_stream = tspdata_getStream(ptspdata);
+        }
+
+    return cci_check_error (err);    
+    }
+
+
+
+static DWORD handle_exception(DWORD code, struct tspdata* ptspdata) {
+    cci_debug_printf("%s code %u; ccs_request_IfHandle:0x%X", __FUNCTION__, code, ccs_request_IfHandle);
+    if ( (code == RPC_S_SERVER_UNAVAILABLE) || (code == RPC_S_INVALID_BINDING) ) {
+        Client::Cleanup();
+        tspdata_setConnected(ptspdata, FALSE);
+        }
+    return code;
+    }
+
+
+/* Establish a CCAPI connection with the server.
+ * The connect logic here is identical to the logic in the send request code.
+ * TODO:  merge this connect code with that request code.
+ */
+cc_int32 ccapi_connect(const struct tspdata* tsp) {
+    BOOL                    bListen     = TRUE;
+    HANDLE                  replyEvent  = 0;
+    RPC_STATUS              status      = FALSE;
+    char*                   uuid        = NULL;
+    unsigned char           tspdata_handle[8] = {0};
+
+    /* Start listening to our uuid before establishing the connection,
+     *  so that when the server tries to call ccapi_listen, we will be ready.
+     */
+
+    /* Build complete RPC uuid using previous CCAPI implementation: */
+    replyEvent      = tspdata_getReplyEvent(tsp);
+    uuid            = tspdata_getUUID(tsp);
+
+    cci_debug_printf("%s is listening ...", __FUNCTION__);
+
+    // Clear replyEvent so we can detect when a reply to our connect request has been received:
+    ResetEvent(replyEvent);
+
+    // We use the old CCAPI implementation to try to talk to the server.  
+    // It has all the code to make the uuid, (re)connect and (re)start the server.
+    WaitForSingleObject( hCCAPIv2Mutex, INFINITE );
+    SecureClient*   s = 0;
+    SecureClient::Start(s);
+    CcAutoLock*     a = 0;
+    CcAutoLock::Start(a, Client::sLock);
+
+    // Initialize old CCAPI if necessary:
+    if (!status) if (!Init::  Initialized()) status = Init::  Initialize( );
+    if (!status) if (!Client::Initialized()) status = Client::Initialize(0);
+
+    // New code using new RPC procedures for sending the data and receiving a reply:
+    if (!status) {
+        memcpy(tspdata_handle, &tsp, sizeof(tsp));
+        RpcTryExcept {
+            ccs_rpc_connect(                /* make call with user message: */
+                CCMSG_CONNECT,              /* Message type */
+                tspdata_handle,             /* Our tspdata* will be sent back to the reply proc. */
+                (unsigned char*)uuid,
+                (long*)(&status) );         /* Return code */
+            }
+        RpcExcept(1) {
+            cci_check_error(RpcExceptionCode());
+            status  = ccErrBadInternalMessage;
+            }
+        RpcEndExcept;
+        }
+
+    CcAutoLock::Stop(a);
+    SecureClient::Stop(s);
+    ReleaseMutex(hCCAPIv2Mutex);       
+
+    if (!status) {
+        status = WaitForSingleObject(replyEvent, INFINITE);//(SECONDS_TO_WAIT)*1000);
+        status = cci_check_error(RpcMgmtIsServerListening(CLIENT_REQUEST_RPC_HANDLE));
+        cci_debug_printf("  Server %sFOUND!", (status) ? "NOT " : "");
+        }
+    if (status) {
+        cci_debug_printf("  unexpected error while looking for server... (%u)", status);
+        } 
+    
+    return status;
+    }
diff --git a/krb5-1.21.3/src/ccapi/lib/win/ccs_reply_proc.c b/krb5-1.21.3/src/ccapi/lib/win/ccs_reply_proc.c
new file mode 100644
index 00000000..b4dbc0d1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/ccs_reply_proc.c
@@ -0,0 +1,91 @@
+/* ccapi/lib/win/ccs_reply_proc.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <windows.h>
+
+#include "cci_debugging.h"
+#include "ccs_reply.h"          /* generated by MIDL compiler */
+#include "ccutils.h"
+#include "tls.h"
+#include "win-utils.h"
+
+
+void ccs_rpc_request_reply(
+    const long  rpcmsg,         /* Message type */
+    const char  tspHandle[],    /* Client's tspdata* */
+    const char* uuid,           /* uuid for making thread-specific event name */
+    const long  srvStartTime,   /* Server Start Time */
+    const long  cbIn,           /* Length of buffer */
+    const char* chIn,           /* Data buffer */
+    long*       ret_status ) {  /* Return code */
+
+    HANDLE          hEvent  = openThreadEvent(uuid, REPLY_SUFFIX);
+    struct tspdata* tsp;
+    k5_ipc_stream    stream;
+    long            status  = 0;
+
+    memcpy(&tsp, tspHandle, sizeof(tsp));
+    if (!status) {
+        status = krb5int_ipc_stream_new (&stream);  /* Create a stream for the request data */
+        }
+
+    if (!status) {                          /* Put the data into the stream */
+        status = krb5int_ipc_stream_write (stream, chIn, cbIn);
+        }
+
+    if (!status) {                          /* Put the data into the stream */
+        tspdata_setStream(tsp, stream);
+        }
+
+    SetEvent(hEvent);
+    CloseHandle(hEvent);
+    *ret_status  = status;
+    }
+
+void ccs_rpc_connect_reply(
+    const long  rpcmsg,         /* Message type */
+    const char  tspHandle[],    /* Client's tspdata* */
+    const char* uuid,           /* uuid for making thread-specific event name */
+    const long  srvStartTime,   /* Server Start Time */
+    long*       status ) {      /* Return code */
+
+    HANDLE  hEvent  = openThreadEvent(uuid, REPLY_SUFFIX);
+    DWORD*  p       = (DWORD*)(tspHandle);
+
+    SetEvent(hEvent);
+    CloseHandle(hEvent);
+    }
+
+void ccapi_listen(
+    RPC_ASYNC_STATE*    rpcState,
+    handle_t            hBinding,
+    const long          rpcmsg,         /* Message type */
+    long*               status ) {      /* Return code */
+
+    cci_debug_printf("%s %s!", __FUNCTION__, rpcState->UserInfo);
+    *status = 0;
+    }
diff --git a/krb5-1.21.3/src/ccapi/lib/win/debug.exports b/krb5-1.21.3/src/ccapi/lib/win/debug.exports
new file mode 100644
index 00000000..6dc1fc08
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/debug.exports
@@ -0,0 +1,11 @@
+    cci_debug_printf
+    _cci_check_error
+    cci_os_ipc
+    cci_os_ipc_msg
+    cci_os_ipc_thread_init
+    krb5int_ipc_stream_data
+    krb5int_ipc_stream_write
+    krb5int_ipc_stream_new
+
+    ccs_authenticate
+    cci_os_ipc_process_init
diff --git a/krb5-1.21.3/src/ccapi/lib/win/dllmain.cxx b/krb5-1.21.3/src/ccapi/lib/win/dllmain.cxx
new file mode 100644
index 00000000..18aa0055
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/dllmain.cxx
@@ -0,0 +1,212 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+extern "C" {
+#include <windows.h>
+#include <LMCons.h>
+
+#include "dllmain.h"
+#include "tls.h"
+#include "cci_debugging.h"
+#include "ccapi_context.h"
+#include "ccapi_ipc.h"
+#include "client.h"
+
+void cci_process_init__auxinit();
+    }
+
+
+#define CCAPI_V2_MUTEX_NAME     TEXT("MIT_CCAPI_V4_MUTEX")
+
+// Process-specific data:
+static DWORD    dwTlsIndex;
+static char     _user[UNLEN+1];     // Username is used as part of the server and client endpoints.
+static  HANDLE  sessionToken;
+static char*    ep_prefices[]   = {"CCS", "CCAPI"};
+HANDLE          hCCAPIv2Mutex   = NULL;
+DWORD           firstThreadID   = 0;
+
+// These data structures are used by the old CCAPI implementation 
+//  to keep track of the state of the RPC connection.  All data is static.
+static Init     init;
+static Client   client;
+
+DWORD    GetTlsIndex()  {return dwTlsIndex;}
+
+// DllMain() is the entry-point function for this DLL. 
+BOOL WINAPI DllMain(HINSTANCE hinstDLL,     // DLL module handle
+                    DWORD fdwReason,        // reason called
+                    LPVOID lpvReserved) {   // reserved 
+
+    struct tspdata* ptspdata;
+    BOOL            fIgnore;
+    BOOL            bStatus;
+    DWORD           status      = 0;        // 0 is success.
+    DWORD           maxUN       = sizeof(_user);
+    unsigned int    i           = 0;
+    unsigned int    j           = 0;
+ 
+    switch (fdwReason) { 
+        // The DLL is loading due to process initialization or a call to LoadLibrary:
+        case DLL_PROCESS_ATTACH: 
+            cci_debug_printf("%s DLL_PROCESS_ATTACH", __FUNCTION__);
+            // Process-wide mutex used to allow only one thread at a time into the RPC code:
+            hCCAPIv2Mutex = CreateMutex(NULL, FALSE, CCAPI_V2_MUTEX_NAME);
+
+            // Figure out our username; it's process-wide:
+            bStatus = GetUserName(_user, &maxUN);
+            if (!bStatus) return bStatus;
+
+            // Remove any characters that aren't valid endpoint characters:
+            while (_user[j] != 0) {
+                if (isalnum(_user[j])) _user[i++] = _user[j];
+                j++;
+                }
+            _user[i]    = '\0';
+
+            // Our logon session is determined in client.cxx, old CCAPI code carried
+            //  over to this implementation.
+
+            // Allocate a TLS index:
+            if ((dwTlsIndex = TlsAlloc()) == TLS_OUT_OF_INDEXES) return FALSE; 
+
+            cci_process_init__auxinit();
+            // Don't break; fallthrough: Initialize the TLS index for first thread.
+ 
+        // The attached process creates a new thread:
+        case DLL_THREAD_ATTACH:
+            cci_debug_printf("%s DLL_THREAD_ATTACH", __FUNCTION__);
+            // Don't actually rely on this case for allocation of resources.
+            // Applications (like SecureCRT) may have threads already
+            // created (say 'A' and 'B') before the dll is loaded. If the dll
+            // is loaded in thread 'A' but then used in thread 'B', thread 'B'
+            // will never execute this code.
+            fIgnore     = TlsSetValue(dwTlsIndex, NULL);
+
+            // Do not call cci_ipc_thread_init() yet; defer until we actually
+            // need it.  On XP, cci_ipc_thread_init() will cause additional
+            // threads to be immediately spawned, which will bring us right
+            // back here again ad infinitum, until windows
+            // resources are exhausted.
+            break;
+ 
+        // The thread of the attached process terminates:
+        case DLL_THREAD_DETACH: 
+            cci_debug_printf("%s DLL_THREAD_DETACH", __FUNCTION__);
+            // Release the allocated memory for this thread
+            ptspdata = (struct tspdata*)TlsGetValue(dwTlsIndex); 
+            if (ptspdata != NULL) {
+                free(ptspdata);
+                TlsSetValue(dwTlsIndex, NULL); 
+                }
+            break; 
+ 
+        // DLL unload due to process termination or FreeLibrary:
+        case DLL_PROCESS_DETACH: 
+            cci_debug_printf("%s DLL_PROCESS_DETACH", __FUNCTION__);
+            //++ Copied from previous implementation:
+            // Process Teardown "Problem"
+            //
+            // There are two problems that occur during process teardown:
+            //
+            // 1) Windows (NT/9x/2000) does not keep track of load/unload
+            //    ordering dependencies for use in process teardown.
+            //
+            // 2) The RPC exception handling in the RPC calls do not work
+            //    during process shutdown in Win9x.
+            //
+            // When a process is being torn down in Windows, the krbcc DLL
+            // may get a DLL_PROCESS_DETACH before other DLLs are done
+            // with it.  Thus, it may disconnect from the RPC server
+            // before the last shutdown RPC call.
+            //
+            // On NT/2000, this is ok because the RPC call will fail and just
+            // return an error.
+            //
+            // On Win9x/Me, the RPC exception will not be caught.
+            // However, Win9x ignores exceptions during process shutdown,
+            // so the exception will never be seen unless a debugger is
+            // attached to the process.
+            //
+            // A good potential workaround would be to have a global
+            // variable that denotes whether the DLL is attached to the
+            // process.  If it is not, all entrypoints into the DLL should
+            // return failure.
+            //
+            // A not as good workaround is below but ifdefed out.
+            //
+            // However, we can safely ignore this problem since it can
+            // only affects people running debuggers under 9x/Me who are
+            // using multiple DLLs that use this DLL.
+            //
+            WaitForSingleObject( hCCAPIv2Mutex, INFINITE );
+
+            // return value is ignored, so we set status for debugging purposes
+            status = Client::Cleanup();
+            status = Init::Cleanup();
+            ReleaseMutex( hCCAPIv2Mutex );
+            CloseHandle( hCCAPIv2Mutex );
+            //-- Copied from previous implementation.
+
+            // Release the allocated memory for this thread:
+            ptspdata = (struct tspdata*)TlsGetValue(dwTlsIndex); 
+            if (ptspdata != NULL)
+                free(ptspdata);
+            TlsFree(dwTlsIndex);    // Release the TLS index.
+            // Ideally, we would enumerate all other threads here and
+            // release their thread local storage as well.
+            break; 
+ 
+        default:
+            cci_debug_printf("%s unexpected reason %d", __FUNCTION__, fdwReason);
+            break;
+        } 
+ 
+    UNREFERENCED_PARAMETER(hinstDLL);       // no whining!
+    UNREFERENCED_PARAMETER(lpvReserved); 
+    return status ? FALSE : TRUE;
+}
+
+
+#ifdef __cplusplus    // If used by C++ code, 
+extern "C" {          // we need to export the C interface
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+/*********************************************************************/
+/*                 MIDL allocate and free                            */
+/*********************************************************************/
+
+extern "C" void  __RPC_FAR * __RPC_USER MIDL_user_allocate(size_t len) {
+    return(malloc(len));
+    }
+
+extern "C" void __RPC_USER MIDL_user_free(void __RPC_FAR * ptr) {
+    free(ptr);
+    }
diff --git a/krb5-1.21.3/src/ccapi/lib/win/dllmain.h b/krb5-1.21.3/src/ccapi/lib/win/dllmain.h
new file mode 100644
index 00000000..8238566e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/lib/win/dllmain.h
@@ -0,0 +1,41 @@
+/* ccapi/lib/win/dllmain.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef _dll_h
+#define _dll_h
+
+#include "windows.h"
+
+#ifdef __cplusplus    // If used by C++ code,
+extern "C" {          // we need to export the C interface
+#endif
+
+DWORD GetTlsIndex();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif _dll_h
diff --git a/krb5-1.21.3/src/ccapi/server/Makefile.in b/krb5-1.21.3/src/ccapi/server/Makefile.in
new file mode 100644
index 00000000..2c01307f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/Makefile.in
@@ -0,0 +1,59 @@
+mydir=ccapi$(S)server
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS=unix
+
+LOCALINCLUDES= -I$(srcdir)/../common
+
+STLIBOBJS= \
+	ccs_array.o \
+	ccs_cache_collection.o \
+	ccs_callback.o \
+	ccs_ccache.o \
+	ccs_ccache_iterator.o \
+	ccs_client.o \
+	ccs_credentials.o \
+	ccs_credentials_iterator.o \
+	ccs_list.o \
+	ccs_list_internal.o \
+	ccs_lock.o \
+	ccs_lock_state.o \
+	ccs_pipe.o \
+	ccs_server.o
+
+OBJS= \
+	$(OUTPRE)ccs_array.$(OBJEXT) \
+	$(OUTPRE)ccs_cache_collection.$(OBJEXT) \
+	$(OUTPRE)ccs_callback.$(OBJEXT) \
+	$(OUTPRE)ccs_ccache.$(OBJEXT) \
+	$(OUTPRE)ccs_ccache_iterator.$(OBJEXT) \
+	$(OUTPRE)ccs_client.$(OBJEXT) \
+	$(OUTPRE)ccs_credentials.$(OBJEXT) \
+	$(OUTPRE)ccs_credentials_iterator.$(OBJEXT) \
+	$(OUTPRE)ccs_list.$(OBJEXT) \
+	$(OUTPRE)ccs_list_internal.$(OBJEXT) \
+	$(OUTPRE)ccs_lock.$(OBJEXT) \
+	$(OUTPRE)ccs_lock_state.$(OBJEXT) \
+	$(OUTPRE)ccs_pipe.$(OBJEXT) \
+	$(OUTPRE)ccs_server.$(OBJEXT)
+
+SRCS= \
+	ccs_array.c \
+	ccs_cache_collection.c \
+	ccs_callback.c \
+	ccs_ccache.c \
+	ccs_ccache_iterator.c \
+	ccs_client.c \
+	ccs_credentials.c \
+	ccs_credentials_iterator.c \
+	ccs_list.c \
+	ccs_list_internal.c \
+	ccs_lock.c \
+	ccs_lock_state.c \
+	ccs_pipe.c \
+	ccs_server.c
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_array.c b/krb5-1.21.3/src/ccapi/server/ccs_array.c
new file mode 100644
index 00000000..7e0874a8
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_array.c
@@ -0,0 +1,309 @@
+/* ccapi/server/ccs_array.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+#include "cci_array_internal.h"
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_client_object_release (cci_array_object_t io_client)
+{
+    return cci_check_error (ccs_client_release ((ccs_client_t) io_client));
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_array_new (ccs_client_array_t *out_array)
+{
+    return cci_array_new (out_array, ccs_client_object_release);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_array_release (ccs_client_array_t io_array)
+{
+    return cci_array_release (io_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 ccs_client_array_count (ccs_client_array_t in_array)
+{
+    return cci_array_count (in_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+ccs_client_t ccs_client_array_object_at_index (ccs_client_array_t io_array,
+                                               cc_uint64          in_position)
+{
+    return (ccs_client_t) cci_array_object_at_index (io_array, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_array_insert (ccs_client_array_t io_array,
+                                  ccs_client_t       in_client,
+                                  cc_uint64          in_position)
+{
+    return cci_array_insert (io_array, (cci_array_object_t) in_client, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_array_remove (ccs_client_array_t io_array,
+                                  cc_uint64          in_position)
+{
+    return cci_array_remove (io_array, in_position);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_object_release (cci_array_object_t io_lock)
+{
+    return cci_check_error (ccs_lock_release ((ccs_lock_t) io_lock));
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_array_new (ccs_lock_array_t *out_array)
+{
+    return cci_array_new (out_array, ccs_lock_object_release);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_array_release (ccs_lock_array_t io_array)
+{
+    return cci_array_release (io_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 ccs_lock_array_count (ccs_lock_array_t in_array)
+{
+    return cci_array_count (in_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+ccs_lock_t ccs_lock_array_object_at_index (ccs_lock_array_t io_array,
+                                           cc_uint64        in_position)
+{
+    return (ccs_lock_t) cci_array_object_at_index (io_array, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_array_insert (ccs_lock_array_t io_array,
+                                ccs_lock_t       in_lock,
+                                cc_uint64        in_position)
+{
+    return cci_array_insert (io_array, (cci_array_object_t) in_lock, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_array_remove (ccs_lock_array_t io_array,
+                                cc_uint64        in_position)
+{
+    return cci_array_remove (io_array, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+cc_int32 ccs_lock_array_move (ccs_lock_array_t  io_array,
+                              cc_uint64         in_position,
+                              cc_uint64         in_new_position,
+                              cc_uint64        *out_real_new_position)
+{
+    return cci_array_move (io_array, in_position, in_new_position, out_real_new_position);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_callback_object_release (cci_array_object_t io_callback)
+{
+    return cci_check_error (ccs_callback_release ((ccs_callback_t) io_callback));
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_array_new (ccs_callback_array_t *out_array)
+{
+    return cci_array_new (out_array, ccs_callback_object_release);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_array_release (ccs_callback_array_t io_array)
+{
+    return cci_array_release (io_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 ccs_callback_array_count (ccs_callback_array_t in_array)
+{
+    return cci_array_count (in_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+ccs_callback_t ccs_callback_array_object_at_index (ccs_callback_array_t io_array,
+						   cc_uint64            in_position)
+{
+    return (ccs_callback_t) cci_array_object_at_index (io_array, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_array_insert (ccs_callback_array_t io_array,
+				    ccs_callback_t       in_callback,
+				    cc_uint64            in_position)
+{
+    return cci_array_insert (io_array, (cci_array_object_t) in_callback, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_array_remove (ccs_callback_array_t io_array,
+				    cc_uint64           in_position)
+{
+    return cci_array_remove (io_array, in_position);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callbackref_array_new (ccs_callbackref_array_t *out_array)
+{
+    /* Ref arrays do not own their contents; pass NULL for release function */
+    return cci_array_new (out_array, NULL);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callbackref_array_release (ccs_callbackref_array_t io_array)
+{
+    return cci_array_release (io_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 ccs_callbackref_array_count (ccs_callbackref_array_t in_array)
+{
+    return cci_array_count (in_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+ccs_callback_t ccs_callbackref_array_object_at_index (ccs_callbackref_array_t io_array,
+						      cc_uint64               in_position)
+{
+    return (ccs_callback_t) cci_array_object_at_index (io_array, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callbackref_array_insert (ccs_callbackref_array_t io_array,
+				       ccs_callback_t          in_callback,
+				       cc_uint64               in_position)
+{
+    return cci_array_insert (io_array, (cci_array_object_t) in_callback, in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callbackref_array_remove (ccs_callbackref_array_t io_array,
+				       cc_uint64               in_position)
+{
+    return cci_array_remove (io_array, in_position);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_iteratorref_array_new (ccs_iteratorref_array_t *out_array)
+{
+    /* Ref arrays do not own their contents; pass NULL for release function */
+    return cci_array_new (out_array, NULL);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_iteratorref_array_release (ccs_iteratorref_array_t io_array)
+{
+    return cci_array_release (io_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 ccs_iteratorref_array_count (ccs_iteratorref_array_t in_array)
+{
+    return cci_array_count (in_array);
+}
+
+/* ------------------------------------------------------------------------ */
+
+ccs_generic_list_iterator_t ccs_iteratorref_array_object_at_index (ccs_iteratorref_array_t io_array,
+                                                                   cc_uint64               in_position)
+{
+    return (ccs_generic_list_iterator_t) cci_array_object_at_index (io_array,
+                                                                    in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_iteratorref_array_insert (ccs_iteratorref_array_t     io_array,
+				       ccs_generic_list_iterator_t in_iterator,
+				       cc_uint64                   in_position)
+{
+    return cci_array_insert (io_array,
+                             (cci_array_object_t) in_iterator,
+                             in_position);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_iteratorref_array_remove (ccs_iteratorref_array_t io_array,
+				       cc_uint64               in_position)
+{
+    return cci_array_remove (io_array, in_position);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_array.h b/krb5-1.21.3/src/ccapi/server/ccs_array.h
new file mode 100644
index 00000000..470812b3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_array.h
@@ -0,0 +1,132 @@
+/* ccapi/server/ccs_array.h */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_ARRAY_H
+#define CCS_ARRAY_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_client_array_new (ccs_client_array_t *out_array);
+
+cc_int32 ccs_client_array_release (ccs_client_array_t io_array);
+
+cc_uint64 ccs_client_array_count (ccs_client_array_t in_array);
+
+ccs_client_t ccs_client_array_object_at_index (ccs_client_array_t io_array,
+                                               cc_uint64          in_position);
+
+cc_int32 ccs_client_array_insert (ccs_client_array_t io_array,
+                                  ccs_client_t       in_client,
+                                  cc_uint64          in_position);
+
+cc_int32 ccs_client_array_remove (ccs_client_array_t io_array,
+                                  cc_uint64          in_position);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_lock_array_new (ccs_lock_array_t *out_array);
+
+cc_int32 ccs_lock_array_release (ccs_lock_array_t io_array);
+
+cc_uint64 ccs_lock_array_count (ccs_lock_array_t in_array);
+
+ccs_lock_t ccs_lock_array_object_at_index (ccs_lock_array_t io_array,
+                                           cc_uint64        in_position);
+
+cc_int32 ccs_lock_array_insert (ccs_lock_array_t io_array,
+                                ccs_lock_t       in_lock,
+                                cc_uint64        in_position);
+
+cc_int32 ccs_lock_array_remove (ccs_lock_array_t io_array,
+                                cc_uint64        in_position);
+
+cc_int32 ccs_lock_array_move (ccs_lock_array_t  io_array,
+                              cc_uint64         in_position,
+                              cc_uint64         in_new_position,
+                              cc_uint64        *out_real_new_position);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_callback_array_new (ccs_callback_array_t *out_array);
+
+cc_int32 ccs_callback_array_release (ccs_callback_array_t io_array);
+
+cc_uint64 ccs_callback_array_count (ccs_callback_array_t in_array);
+
+ccs_callback_t ccs_callback_array_object_at_index (ccs_callback_array_t io_array,
+						   cc_uint64            in_position);
+
+cc_int32 ccs_callback_array_insert (ccs_callback_array_t io_array,
+				    ccs_callback_t       in_callback,
+				    cc_uint64            in_position);
+
+cc_int32 ccs_callback_array_remove (ccs_callback_array_t io_array,
+				    cc_uint64           in_position);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_callbackref_array_new (ccs_callbackref_array_t *out_array);
+
+cc_int32 ccs_callbackref_array_release (ccs_callbackref_array_t io_array);
+
+cc_uint64 ccs_callbackref_array_count (ccs_callbackref_array_t in_array);
+
+ccs_callback_t ccs_callbackref_array_object_at_index (ccs_callbackref_array_t io_array,
+						      cc_uint64               in_position);
+
+cc_int32 ccs_callbackref_array_insert (ccs_callbackref_array_t io_array,
+				       ccs_callback_t          in_callback,
+				       cc_uint64               in_position);
+
+cc_int32 ccs_callbackref_array_remove (ccs_callbackref_array_t io_array,
+				       cc_uint64               in_position);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_iteratorref_array_new (ccs_iteratorref_array_t *out_array);
+
+cc_int32 ccs_iteratorref_array_release (ccs_iteratorref_array_t io_array);
+
+cc_uint64 ccs_iteratorref_array_count (ccs_iteratorref_array_t in_array);
+
+ccs_generic_list_iterator_t ccs_iteratorref_array_object_at_index (ccs_iteratorref_array_t io_array,
+                                                                   cc_uint64               in_position);
+
+cc_int32 ccs_iteratorref_array_insert (ccs_iteratorref_array_t     io_array,
+                                       ccs_generic_list_iterator_t in_iterator,
+                                       cc_uint64                   in_position);
+
+cc_int32 ccs_iteratorref_array_remove (ccs_iteratorref_array_t io_array,
+                                       cc_uint64               in_position);
+
+#endif /* CCS_ARRAY_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_cache_collection.c b/krb5-1.21.3/src/ccapi/server/ccs_cache_collection.c
new file mode 100644
index 00000000..33300735
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_cache_collection.c
@@ -0,0 +1,1109 @@
+/* ccapi/server/ccs_cache_collection.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"	/* pull in asprintf decl/defn */
+#include "ccs_common.h"
+#include "ccs_os_notify.h"
+
+struct ccs_cache_collection_d {
+    cc_time_t last_changed_time;
+    cc_uint64 next_unique_name;
+    cci_identifier_t identifier;
+    ccs_lock_state_t lock_state;
+    ccs_ccache_list_t ccaches;
+    ccs_callback_array_t change_callbacks;
+};
+
+struct ccs_cache_collection_d ccs_cache_collection_initializer = { 0, 0, NULL, NULL, NULL, NULL };
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_new (ccs_cache_collection_t *out_cache_collection)
+{
+    cc_int32 err = ccNoError;
+    ccs_cache_collection_t cache_collection = NULL;
+
+    if (!out_cache_collection) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cache_collection = malloc (sizeof (*cache_collection));
+        if (cache_collection) {
+            *cache_collection = ccs_cache_collection_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = ccs_server_new_identifier (&cache_collection->identifier);
+    }
+
+    if (!err) {
+        err = ccs_lock_state_new (&cache_collection->lock_state,
+                                  ccErrInvalidContext,
+                                  ccErrContextLocked,
+                                  ccErrContextUnlocked);
+    }
+
+    if (!err) {
+        err = ccs_ccache_list_new (&cache_collection->ccaches);
+    }
+
+    if (!err) {
+        err = ccs_callback_array_new (&cache_collection->change_callbacks);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_changed (cache_collection);
+    }
+
+    if (!err) {
+        *out_cache_collection = cache_collection;
+        cache_collection = NULL;
+    }
+
+    ccs_cache_collection_release (cache_collection);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_release (ccs_cache_collection_t io_cache_collection)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_cache_collection) {
+        cci_identifier_release (io_cache_collection->identifier);
+        ccs_lock_state_release (io_cache_collection->lock_state);
+        ccs_ccache_list_release (io_cache_collection->ccaches);
+        ccs_callback_array_release (io_cache_collection->change_callbacks);
+        free (io_cache_collection);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_compare_identifier (ccs_cache_collection_t  in_cache_collection,
+                                                  cci_identifier_t        in_identifier,
+                                                  cc_uint32              *out_equal)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal          ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_compare (in_cache_collection->identifier,
+                                      in_identifier,
+                                      out_equal);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_changed (ccs_cache_collection_t io_cache_collection)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_time_t now = time (NULL);
+
+        if (io_cache_collection->last_changed_time < now) {
+            io_cache_collection->last_changed_time = now;
+        } else {
+            io_cache_collection->last_changed_time++;
+        }
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply_data);
+    }
+
+    if (!err) {
+	err = krb5int_ipc_stream_write_time (reply_data, io_cache_collection->last_changed_time);
+    }
+
+    if (!err) {
+	/* Loop over callbacks sending messages to them */
+	cc_uint64 i;
+        cc_uint64 count = ccs_callback_array_count (io_cache_collection->change_callbacks);
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_callback_t callback = ccs_callback_array_object_at_index (io_cache_collection->change_callbacks, i);
+
+	    err = ccs_callback_reply_to_client (callback, reply_data);
+
+	    if (!err) {
+		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
+		err = ccs_callback_array_remove (io_cache_collection->change_callbacks, i);
+		break;
+	    }
+        }
+    }
+
+    if (!err) {
+        err = ccs_os_notify_cache_collection_changed (io_cache_collection);
+    }
+
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_invalidate_change_callback (ccs_callback_owner_t io_cache_collection,
+								 ccs_callback_t       in_callback)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_callback        ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	/* Remove callback */
+	ccs_cache_collection_t cache_collection = (ccs_cache_collection_t) io_cache_collection;
+	cc_uint64 i;
+        cc_uint64 count = ccs_callback_array_count (cache_collection->change_callbacks);
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_callback_t callback = ccs_callback_array_object_at_index (cache_collection->change_callbacks, i);
+
+	    if (callback == in_callback) {
+		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
+		err = ccs_callback_array_remove (cache_collection->change_callbacks, i);
+		break;
+	    }
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_find_ccache_by_name (ccs_cache_collection_t  in_cache_collection,
+                                                          const char             *in_name,
+                                                          ccs_ccache_t           *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_list_iterator_t iterator = NULL;
+
+    if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name            ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches,
+                                            CCS_PIPE_NULL,
+                                            &iterator);
+    }
+
+    while (!err) {
+        ccs_ccache_t ccache = NULL;
+
+        err = ccs_ccache_list_iterator_next (iterator, &ccache);
+
+        if (!err) {
+            cc_uint32 equal = 0;
+
+            err = ccs_ccache_compare_name (ccache, in_name, &equal);
+
+            if (!err && equal) {
+                *out_ccache = ccache;
+                break;
+            }
+        }
+    }
+    if (err == ccIteratorEnd) { err = ccErrCCacheNotFound; }
+
+    if (iterator) { ccs_ccache_list_iterator_release (iterator); }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_find_ccache (ccs_cache_collection_t  in_cache_collection,
+                                           cci_identifier_t        in_identifier,
+                                           ccs_ccache_t           *out_ccache)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_find (in_cache_collection->ccaches,
+                                    in_identifier, out_ccache);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_collection_move_ccache (ccs_cache_collection_t io_cache_collection,
+                                            cci_identifier_t       in_source_identifier,
+                                            ccs_ccache_t           io_destination_ccache)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_t source_ccache = NULL;
+
+    if (!io_cache_collection  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_source_identifier ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_find_ccache (io_cache_collection,
+                                                in_source_identifier,
+                                                &source_ccache);
+    }
+
+    if (!err) {
+        err = ccs_ccache_swap_contents (source_ccache,
+					io_destination_ccache,
+					io_cache_collection);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_destroy_ccache (io_cache_collection,
+                                                   in_source_identifier);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_destroy_ccache (ccs_cache_collection_t  io_cache_collection,
+                                              cci_identifier_t        in_identifier)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_find_ccache (io_cache_collection,
+                                                in_identifier,
+                                                &ccache);
+    }
+
+    if (!err) {
+        /* Notify before deletion because after deletion the ccache
+         * will no longer exist (and won't know about its clients) */
+        err = ccs_ccache_changed (ccache, io_cache_collection);
+    }
+
+    if (!err) {
+        err = ccs_ccache_list_remove (io_cache_collection->ccaches,
+                                      in_identifier);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_find_ccache_iterator (ccs_cache_collection_t  in_cache_collection,
+                                                    cci_identifier_t        in_identifier,
+                                                    ccs_ccache_iterator_t  *out_ccache_iterator)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_find_iterator (in_cache_collection->ccaches,
+                                             in_identifier,
+                                             out_ccache_iterator);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_find_credentials_iterator (ccs_cache_collection_t      in_cache_collection,
+                                                         cci_identifier_t            in_identifier,
+                                                         ccs_ccache_t               *out_ccache,
+                                                         ccs_credentials_iterator_t *out_credentials_iterator)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_list_iterator_t iterator = NULL;
+
+    if (!in_cache_collection     ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches,
+                                            CCS_PIPE_NULL,
+                                            &iterator);
+    }
+
+    while (!err) {
+        ccs_ccache_t ccache = NULL;
+
+        err = ccs_ccache_list_iterator_next (iterator, &ccache);
+
+        if (!err) {
+            cc_int32 terr = ccs_ccache_find_credentials_iterator (ccache,
+                                                                  in_identifier,
+                                                                  out_credentials_iterator);
+            if (!terr) {
+                *out_ccache = ccache;
+                break;
+            }
+        }
+    }
+    if (err == ccIteratorEnd) { err = cci_check_error (ccErrInvalidCredentialsIterator); }
+
+    if (iterator) { ccs_ccache_list_iterator_release (iterator); }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_get_next_unique_ccache_name (ccs_cache_collection_t   io_cache_collection,
+                                                                  char                   **out_name)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 count = 0;
+    char *name = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!out_name           ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_list_count (io_cache_collection->ccaches, &count);
+    }
+
+    if (!err) {
+        if (count > 0) {
+            while (!err) {
+                int ret = asprintf (&name, "%lld", io_cache_collection->next_unique_name++);
+                if (ret < 0 || !name) { err = cci_check_error (ccErrNoMem); }
+
+                if (!err) {
+                    ccs_ccache_t ccache = NULL;  /* temporary to hold ccache pointer */
+                    err = ccs_cache_collection_find_ccache_by_name (io_cache_collection,
+                                                                    name, &ccache);
+                }
+
+                if (err == ccErrCCacheNotFound) {
+                    err = ccNoError;
+                    break;   /* found a unique one */
+                }
+            }
+        } else {
+            name = strdup (k_cci_context_initial_ccache_name);
+            if (!name) { err = cci_check_error (ccErrNoMem); }
+        }
+    }
+
+    if (!err) {
+        *out_name = name;
+        name = NULL;
+    }
+
+    free (name);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_get_default_ccache (ccs_cache_collection_t  in_cache_collection,
+                                                         ccs_ccache_t           *out_ccache)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 count = 0;
+
+    if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!out_ccache         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_count (in_cache_collection->ccaches, &count);
+    }
+
+    if (!err) {
+        if (count > 0) {
+            /* First ccache is the default */
+            ccs_ccache_list_iterator_t iterator = NULL;
+
+            err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches,
+                                                CCS_PIPE_NULL,
+                                                &iterator);
+
+            if (!err) {
+                err = ccs_ccache_list_iterator_next (iterator, out_ccache);
+            }
+
+            ccs_ccache_list_iterator_release (iterator);
+
+        } else {
+            err = cci_check_error (ccErrCCacheNotFound);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t  io_cache_collection,
+                                                  cci_identifier_t        in_identifier)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_t old_default = NULL;
+    ccs_ccache_t new_default = NULL;
+    cc_uint32 equal = 0;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_get_default_ccache (io_cache_collection,
+                                                       &old_default);
+    }
+
+    if (!err) {
+	err = ccs_ccache_compare_identifier (old_default, in_identifier, &equal);
+    }
+
+
+    if (!err && !equal) {
+        err = ccs_ccache_list_push_front (io_cache_collection->ccaches,
+                                          in_identifier);
+
+	if (!err) {
+	    err = ccs_ccache_notify_default_state_changed (old_default,
+							   io_cache_collection,
+							   0 /* no longer default */);
+	}
+
+	if (!err) {
+	    err = ccs_cache_collection_get_default_ccache (io_cache_collection,
+							   &new_default);
+	}
+
+	if (!err) {
+	    err = ccs_ccache_notify_default_state_changed (new_default,
+							   io_cache_collection,
+							   1 /* now default */);
+	}
+
+	if (!err) {
+	    err = ccs_cache_collection_changed (io_cache_collection);
+	}
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#pragma mark -- IPC Messages --
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_sync (ccs_cache_collection_t io_cache_collection,
+                                            k5_ipc_stream           in_request_data,
+                                            k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (io_cache_collection->identifier, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_get_change_time (ccs_cache_collection_t io_cache_collection,
+                                                       k5_ipc_stream           in_request_data,
+                                                       k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_wait_for_change (ccs_pipe_t              in_client_pipe,
+						      ccs_pipe_t              in_reply_pipe,
+						      ccs_cache_collection_t  io_cache_collection,
+						      k5_ipc_stream            in_request_data,
+						      k5_ipc_stream            io_reply_data,
+						      cc_uint32              *out_will_block)
+{
+    cc_int32 err = ccNoError;
+    cc_time_t last_wait_for_change_time = 0;
+    cc_uint32 will_block = 0;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe )) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (in_request_data, &last_wait_for_change_time);
+    }
+
+    if (!err) {
+	if (last_wait_for_change_time < io_cache_collection->last_changed_time) {
+	    err = krb5int_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time);
+
+	} else {
+	    ccs_callback_t callback = NULL;
+
+	    err = ccs_callback_new (&callback,
+				    ccErrInvalidContext,
+				    in_client_pipe,
+				    in_reply_pipe,
+				    (ccs_callback_owner_t) io_cache_collection,
+				    ccs_cache_collection_invalidate_change_callback);
+
+	    if (!err) {
+		err = ccs_callback_array_insert (io_cache_collection->change_callbacks, callback,
+						 ccs_callback_array_count (io_cache_collection->change_callbacks));
+		if (!err) { callback = NULL; /* take ownership */ }
+
+		will_block = 1;
+	    }
+
+	    ccs_callback_release (callback);
+	}
+    }
+
+    if (!err) {
+	*out_will_block = will_block;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_get_default_ccache_name (ccs_cache_collection_t io_cache_collection,
+                                                               k5_ipc_stream           in_request_data,
+                                                               k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 count = 0;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_list_count (io_cache_collection->ccaches, &count);
+    }
+
+    if (!err) {
+        if (count > 0) {
+            ccs_ccache_t ccache = NULL;
+
+            err = ccs_cache_collection_get_default_ccache (io_cache_collection, &ccache);
+
+            if (!err) {
+                err = ccs_ccache_write_name (ccache, io_reply_data);
+            }
+        } else {
+            err = krb5int_ipc_stream_write_string (io_reply_data,
+                                           k_cci_context_initial_ccache_name);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_open_ccache (ccs_cache_collection_t io_cache_collection,
+                                                   k5_ipc_stream           in_request_data,
+                                                   k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    char *name = NULL;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (in_request_data, &name);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_find_ccache_by_name (io_cache_collection,
+                                                        name, &ccache);
+    }
+
+    if (!err) {
+        err = ccs_ccache_write (ccache, io_reply_data);
+    }
+
+    krb5int_ipc_stream_free_string (name);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_open_default_ccache (ccs_cache_collection_t io_cache_collection,
+                                                           k5_ipc_stream           in_request_data,
+                                                           k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+         err = ccs_cache_collection_get_default_ccache (io_cache_collection,
+                                                        &ccache);
+    }
+
+    if (!err) {
+        err = ccs_ccache_write (ccache, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_create_ccache (ccs_cache_collection_t io_cache_collection,
+                                                    k5_ipc_stream           in_request_data,
+                                                    k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    char *name = NULL;
+    cc_uint32 cred_vers;
+    char *principal = NULL;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (in_request_data, &name);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (in_request_data, &principal);
+    }
+
+    if (!err) {
+        cc_int32 terr = ccs_cache_collection_find_ccache_by_name (io_cache_collection,
+                                                                  name,
+                                                                  &ccache);
+
+        if (!terr) {
+            err = ccs_ccache_reset (ccache, io_cache_collection, cred_vers, principal);
+
+        } else {
+            err = ccs_ccache_new (&ccache, cred_vers, name, principal,
+                                  io_cache_collection->ccaches);
+        }
+    }
+
+    if (!err) {
+        err = ccs_ccache_write (ccache, io_reply_data);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_changed (io_cache_collection);
+    }
+
+    krb5int_ipc_stream_free_string (name);
+    krb5int_ipc_stream_free_string (principal);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_create_default_ccache (ccs_cache_collection_t io_cache_collection,
+                                                            k5_ipc_stream           in_request_data,
+                                                            k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 cred_vers;
+    char *principal = NULL;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (in_request_data, &principal);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_get_default_ccache (io_cache_collection,
+                                                       &ccache);
+
+        if (!err) {
+            err = ccs_ccache_reset (ccache, io_cache_collection, cred_vers, principal);
+
+        } else if (err == ccErrCCacheNotFound) {
+            char *name = NULL;
+
+            err = ccs_cache_collection_get_next_unique_ccache_name (io_cache_collection,
+                                                                    &name);
+
+            if (!err) {
+                err = ccs_ccache_new (&ccache, cred_vers, name, principal,
+                                      io_cache_collection->ccaches);
+            }
+
+            free (name);
+        }
+    }
+
+    if (!err) {
+        err = ccs_ccache_write (ccache, io_reply_data);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_changed (io_cache_collection);
+    }
+
+    krb5int_ipc_stream_free_string (principal);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_create_new_ccache (ccs_cache_collection_t io_cache_collection,
+                                                        k5_ipc_stream           in_request_data,
+                                                        k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 cred_vers;
+    char *principal = NULL;
+    char *name = NULL;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (in_request_data, &principal);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_get_next_unique_ccache_name (io_cache_collection,
+                                                                &name);
+    }
+
+    if (!err) {
+        err = ccs_ccache_new (&ccache, cred_vers, name, principal,
+                              io_cache_collection->ccaches);
+    }
+
+    if (!err) {
+        err = ccs_ccache_write (ccache, io_reply_data);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_changed (io_cache_collection);
+    }
+
+    free (name);
+    krb5int_ipc_stream_free_string (principal);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static  cc_int32 ccs_cache_collection_new_ccache_iterator (ccs_cache_collection_t io_cache_collection,
+                                                           ccs_pipe_t             in_client_pipe,
+                                                           k5_ipc_stream           in_request_data,
+                                                           k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_iterator_t ccache_iterator = NULL;
+
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_new_iterator (io_cache_collection->ccaches,
+                                            in_client_pipe,
+                                            &ccache_iterator);
+    }
+
+    if (!err) {
+        err = ccs_ccache_list_iterator_write (ccache_iterator, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_lock (ccs_pipe_t              in_client_pipe,
+                                           ccs_pipe_t              in_reply_pipe,
+                                           ccs_cache_collection_t  io_cache_collection,
+                                           k5_ipc_stream            in_request_data,
+                                           cc_uint32              *out_will_block,
+                                           k5_ipc_stream            io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 lock_type;
+    cc_uint32 block;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &lock_type);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &block);
+    }
+
+    if (!err) {
+        err = ccs_lock_state_add (io_cache_collection->lock_state,
+                                  in_client_pipe, in_reply_pipe,
+                                  lock_type, block, out_will_block);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_unlock (ccs_pipe_t             in_client_pipe,
+                                             ccs_cache_collection_t io_cache_collection,
+                                             k5_ipc_stream           in_request_data,
+                                             k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_lock_state_remove (io_cache_collection->lock_state,
+                                     in_client_pipe);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+ cc_int32 ccs_cache_collection_handle_message (ccs_pipe_t              in_client_pipe,
+                                               ccs_pipe_t              in_reply_pipe,
+                                               ccs_cache_collection_t  io_cache_collection,
+                                               enum cci_msg_id_t       in_request_name,
+                                               k5_ipc_stream            in_request_data,
+                                               cc_uint32              *out_will_block,
+                                               k5_ipc_stream           *out_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 will_block = 0;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_data                 ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply_data);
+    }
+
+    if (!err) {
+        if (in_request_name == cci_context_unused_release_msg_id) {
+            /* Old release message.  Do nothing. */
+
+        } else if (in_request_name == cci_context_sync_msg_id) {
+            err = ccs_cache_collection_sync (io_cache_collection,
+                                             in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_get_change_time_msg_id) {
+            err = ccs_cache_collection_get_change_time (io_cache_collection,
+                                                        in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_wait_for_change_msg_id) {
+            err = ccs_cache_collection_wait_for_change (in_client_pipe, in_reply_pipe,
+							io_cache_collection,
+                                                        in_request_data, reply_data,
+							&will_block);
+
+        } else if (in_request_name == cci_context_get_default_ccache_name_msg_id) {
+            err = ccs_cache_collection_get_default_ccache_name (io_cache_collection,
+                                                                in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_open_ccache_msg_id) {
+            err = ccs_cache_collection_open_ccache (io_cache_collection,
+                                                    in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_open_default_ccache_msg_id) {
+            err = ccs_cache_collection_open_default_ccache (io_cache_collection,
+                                                            in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_create_ccache_msg_id) {
+            err = ccs_cache_collection_create_ccache (io_cache_collection,
+                                                      in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_create_default_ccache_msg_id) {
+            err = ccs_cache_collection_create_default_ccache (io_cache_collection,
+                                                              in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_create_new_ccache_msg_id) {
+            err = ccs_cache_collection_create_new_ccache (io_cache_collection,
+                                                          in_request_data, reply_data);
+
+        } else if (in_request_name == cci_context_new_ccache_iterator_msg_id) {
+            err = ccs_cache_collection_new_ccache_iterator (io_cache_collection,
+                                                            in_client_pipe,
+                                                            in_request_data,
+                                                            reply_data);
+
+        } else if (in_request_name == cci_context_lock_msg_id) {
+            err = ccs_cache_collection_lock (in_client_pipe, in_reply_pipe,
+                                             io_cache_collection,
+                                             in_request_data,
+                                             &will_block, reply_data);
+
+        } else if (in_request_name == cci_context_unlock_msg_id) {
+            err = ccs_cache_collection_unlock (in_client_pipe, io_cache_collection,
+                                               in_request_data, reply_data);
+
+        } else {
+            err = ccErrBadInternalMessage;
+        }
+    }
+
+    if (!err) {
+        *out_will_block = will_block;
+        if (!will_block) {
+            *out_reply_data = reply_data;
+            reply_data = NULL; /* take ownership */
+        } else {
+            *out_reply_data = NULL;
+        }
+    }
+
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_cache_collection.h b/krb5-1.21.3/src/ccapi/server/ccs_cache_collection.h
new file mode 100644
index 00000000..37f7633a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_cache_collection.h
@@ -0,0 +1,72 @@
+/* ccapi/server/ccs_cache_collection.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CACHE_COLLECTION_H
+#define CCS_CACHE_COLLECTION_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_cache_collection_new (ccs_cache_collection_t *out_cache_collection);
+
+cc_int32 ccs_cache_collection_release (ccs_cache_collection_t io_cache_collection);
+
+cc_int32 ccs_cache_collection_compare_identifier (ccs_cache_collection_t  in_cache_collection,
+                                                  cci_identifier_t        in_identifier,
+                                                  cc_uint32              *out_equal);
+
+cc_int32 ccs_cache_collection_changed (ccs_cache_collection_t io_cache_collection);
+
+cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t  in_cache_collection,
+                                                  cci_identifier_t        in_identifier);
+
+cc_int32 ccs_cache_collection_find_ccache (ccs_cache_collection_t  in_cache_collection,
+                                           cci_identifier_t        in_identifier,
+                                           ccs_ccache_t           *out_ccache);
+
+cc_int32 ccs_ccache_collection_move_ccache (ccs_cache_collection_t io_cache_collection,
+                                            cci_identifier_t       in_source_identifier,
+                                            ccs_ccache_t           io_destination_ccache);
+
+cc_int32 ccs_cache_collection_destroy_ccache (ccs_cache_collection_t  in_cache_collection,
+                                              cci_identifier_t        in_identifier);
+
+cc_int32 ccs_cache_collection_find_ccache_iterator (ccs_cache_collection_t  in_cache_collection,
+                                                    cci_identifier_t        in_identifier,
+                                                    ccs_ccache_iterator_t  *out_ccache_iterator);
+
+cc_int32 ccs_cache_collection_find_credentials_iterator (ccs_cache_collection_t      in_cache_collection,
+                                                         cci_identifier_t            in_identifier,
+                                                         ccs_ccache_t               *out_ccache,
+                                                         ccs_credentials_iterator_t *out_credentials_iterator);
+
+cc_int32 ccs_cache_collection_handle_message (ccs_pipe_t              in_client_pipe,
+                                              ccs_pipe_t              in_reply_pipe,
+                                              ccs_cache_collection_t  io_cache_collection,
+                                              enum cci_msg_id_t       in_request_name,
+                                              k5_ipc_stream            in_request_data,
+                                              cc_uint32              *out_will_block,
+                                              k5_ipc_stream           *out_reply_data);
+
+#endif /* CCS_CACHE_COLLECTION_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_callback.c b/krb5-1.21.3/src/ccapi/server/ccs_callback.c
new file mode 100644
index 00000000..d758acb1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_callback.c
@@ -0,0 +1,238 @@
+/* ccapi/server/ccs_callback.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+struct ccs_callback_d {
+    cc_int32 pending;
+    cc_int32 invalid_object_err;
+    ccs_pipe_t client_pipe;
+    ccs_pipe_t reply_pipe;
+    ccs_callback_owner_t owner; /* pointer to owner */
+    ccs_callback_owner_invalidate_t owner_invalidate;
+};
+
+struct ccs_callback_d ccs_callback_initializer = { 1, 1, CCS_PIPE_NULL, CCS_PIPE_NULL, NULL, NULL };
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_new (ccs_callback_t                  *out_callback,
+			   cc_int32                         in_invalid_object_err,
+			   ccs_pipe_t                       in_client_pipe,
+			   ccs_pipe_t                       in_reply_pipe,
+			   ccs_callback_owner_t             in_owner,
+			   ccs_callback_owner_invalidate_t  in_owner_invalidate_function)
+{
+    cc_int32 err = ccNoError;
+    ccs_callback_t callback = NULL;
+    ccs_client_t client = NULL;
+
+    if (!out_callback                   ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_owner                       ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_owner_invalidate_function   ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        callback = malloc (sizeof (*callback));
+        if (callback) {
+            *callback = ccs_callback_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = ccs_server_client_for_pipe (in_client_pipe, &client);
+    }
+
+    if (!err) {
+	err = ccs_pipe_copy (&callback->client_pipe, in_client_pipe);
+    }
+
+    if (!err) {
+	err = ccs_pipe_copy (&callback->reply_pipe, in_reply_pipe);
+    }
+
+    if (!err) {
+        callback->client_pipe = in_client_pipe;
+        callback->reply_pipe = in_reply_pipe;
+        callback->invalid_object_err = in_invalid_object_err;
+        callback->owner = in_owner;
+        callback->owner_invalidate = in_owner_invalidate_function;
+
+        err = ccs_client_add_callback (client, callback);
+    }
+
+    if (!err) {
+        *out_callback = callback;
+        callback = NULL;
+    }
+
+    ccs_callback_release (callback);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_release (ccs_callback_t io_callback)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_callback) {
+	ccs_client_t client = NULL;
+
+	if (io_callback->pending) {
+	    err = ccs_server_send_reply (io_callback->reply_pipe,
+					 io_callback->invalid_object_err, NULL);
+
+	    io_callback->pending = 0;
+	}
+
+	if (!err) {
+	    err = ccs_server_client_for_pipe (io_callback->client_pipe, &client);
+	}
+
+	if (!err && client) {
+	    /* if client object still has a reference to us, remove it */
+	    err = ccs_client_remove_callback (client, io_callback);
+	}
+
+	if (!err) {
+	    ccs_pipe_release (io_callback->client_pipe);
+	    ccs_pipe_release (io_callback->reply_pipe);
+	    free (io_callback);
+	}
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_invalidate (ccs_callback_t io_callback)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_callback) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        io_callback->pending = 0; /* client is dead, don't try to talk to it */
+	if (io_callback->owner_invalidate) {
+	    err = io_callback->owner_invalidate (io_callback->owner, io_callback);
+	} else {
+	    cci_debug_printf ("WARNING %s() unable to notify callback owner!",
+			      __FUNCTION__);
+	}
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_reply_to_client (ccs_callback_t io_callback,
+				       k5_ipc_stream   in_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_callback) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        if (io_callback->pending) {
+	    cci_debug_printf ("%s: callback %p replying to client.", __FUNCTION__, io_callback);
+
+            err = ccs_server_send_reply (io_callback->reply_pipe, err, in_stream);
+
+            if (err) {
+                cci_debug_printf ("WARNING %s() called on a lock belonging to a dead client!",
+                                  __FUNCTION__);
+            }
+
+            io_callback->pending = 0;
+        } else {
+            cci_debug_printf ("WARNING %s() called on non-pending callback!",
+                              __FUNCTION__);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 ccs_callback_is_pending (ccs_callback_t  in_callback,
+				   cc_uint32      *out_pending)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_callback) { err = cci_check_error (ccErrBadParam); }
+    if (!out_pending) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_pending = in_callback->pending;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_is_for_client_pipe (ccs_callback_t  in_callback,
+					  ccs_pipe_t      in_client_pipe,
+					  cc_uint32      *out_is_for_client_pipe)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_callback                    ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!out_is_for_client_pipe         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_pipe_compare (in_callback->client_pipe, in_client_pipe,
+                                out_is_for_client_pipe);
+    }
+
+    return cci_check_error (err);
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_callback_client_pipe (ccs_callback_t  in_callback,
+				   ccs_pipe_t     *out_client_pipe)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_callback    ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_client_pipe) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_client_pipe = in_callback->client_pipe;
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_callback.h b/krb5-1.21.3/src/ccapi/server/ccs_callback.h
new file mode 100644
index 00000000..30c22280
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_callback.h
@@ -0,0 +1,61 @@
+/* ccapi/server/ccs_callback.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CALLBACK_H
+#define CCS_CALLBACK_H
+
+#include "ccs_types.h"
+
+struct ccs_callback_owner_d;
+typedef struct ccs_callback_owner_d *ccs_callback_owner_t;
+
+typedef cc_int32 (*ccs_callback_owner_invalidate_t) (ccs_callback_owner_t, ccs_callback_t);
+
+
+cc_int32 ccs_callback_new (ccs_callback_t                  *out_callback,
+			   cc_int32                         in_invalid_object_err,
+			   ccs_pipe_t                       in_client_pipe,
+			   ccs_pipe_t                       in_reply_pipe,
+			   ccs_callback_owner_t             in_owner,
+			   ccs_callback_owner_invalidate_t  in_owner_invalidate_function);
+
+cc_int32 ccs_callback_release (ccs_callback_t io_callback);
+
+cc_int32 ccs_callback_invalidate (ccs_callback_t io_callback);
+
+cc_int32 ccs_callback_reply_to_client (ccs_callback_t io_callback,
+				       k5_ipc_stream   in_stream);
+
+cc_uint32 ccs_callback_is_pending (ccs_callback_t  in_callback,
+				   cc_uint32      *out_pending);
+
+cc_int32 ccs_callback_is_for_client_pipe (ccs_callback_t  in_callback,
+					  ccs_pipe_t      in_client_pipe,
+					  cc_uint32      *out_is_for_client_pipe);
+
+cc_int32 ccs_callback_client_pipe (ccs_callback_t  in_callback,
+				   ccs_pipe_t     *out_client_pipe);
+
+#endif /* CCS_CALLBACK_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_ccache.c b/krb5-1.21.3/src/ccapi/server/ccs_ccache.c
new file mode 100644
index 00000000..645380a7
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_ccache.c
@@ -0,0 +1,1183 @@
+/* ccapi/server/ccs_ccache.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+#include "ccs_os_notify.h"
+
+struct ccs_ccache_d {
+    cci_identifier_t identifier;
+    ccs_lock_state_t lock_state;
+    cc_uint32 creds_version;
+    char *name;
+    char *v5_principal;
+    cc_time_t last_default_time;
+    cc_time_t last_changed_time;
+    cc_uint32 kdc_time_offset_v5_valid;
+    cc_time_t kdc_time_offset_v5;
+    ccs_credentials_list_t credentials;
+    ccs_callback_array_t change_callbacks;
+};
+
+struct ccs_ccache_d ccs_ccache_initializer = { NULL, NULL, 0, NULL, NULL, 0, 0, 0, 0, NULL, NULL };
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_new (ccs_ccache_t      *out_ccache,
+                         cc_uint32          in_creds_version,
+                         const char        *in_name,
+                         const char        *in_principal,
+                         ccs_ccache_list_t  io_ccache_list)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_t ccache = NULL;
+
+    if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        ccache = malloc (sizeof (*ccache));
+        if (ccache) {
+            *ccache = ccs_ccache_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = ccs_server_new_identifier (&ccache->identifier);
+    }
+
+    if (!err) {
+        err = ccs_lock_state_new (&ccache->lock_state,
+                                  ccErrInvalidCCache,
+                                  ccErrCCacheLocked,
+                                  ccErrCCacheUnlocked);
+    }
+
+    if (!err) {
+        ccache->name = strdup (in_name);
+        if (!ccache->name) { err = cci_check_error (ccErrNoMem); }
+    }
+
+    if (!err) {
+        ccache->creds_version = in_creds_version;
+
+        if (ccache->creds_version == cc_credentials_v5) {
+            ccache->v5_principal = strdup (in_principal);
+            if (!ccache->v5_principal) { err = cci_check_error (ccErrNoMem); }
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        err = ccs_credentials_list_new (&ccache->credentials);
+    }
+
+    if (!err) {
+        err = ccs_callback_array_new (&ccache->change_callbacks);
+    }
+
+    if (!err) {
+        cc_uint64 now = time (NULL);
+        cc_uint64 count = 0;
+
+        err = ccs_ccache_list_count (io_ccache_list, &count);
+
+        if (!err) {
+            /* first cache is default */
+            ccache->last_default_time = (count == 0) ? now : 0;
+	    cci_debug_printf ("%s ccache->last_default_time is %d.",
+			     __FUNCTION__, ccache->last_default_time);
+            ccache->last_changed_time = now;
+        }
+    }
+
+    if (!err) {
+        /* Add self to the list of ccaches */
+        err = ccs_ccache_list_add (io_ccache_list, ccache);
+    }
+
+    if (!err) {
+        *out_ccache = ccache;
+        ccache = NULL;
+    }
+
+    ccs_ccache_release (ccache);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_reset (ccs_ccache_t            io_ccache,
+			   ccs_cache_collection_t  io_cache_collection,
+                           cc_uint32               in_creds_version,
+                           const char             *in_principal)
+{
+    cc_int32 err = ccNoError;
+    char *v5_principal = NULL;
+    ccs_credentials_list_t credentials = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_principal       ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        io_ccache->creds_version = in_creds_version;
+
+        if (io_ccache->creds_version == cc_credentials_v5) {
+            v5_principal = strdup (in_principal);
+            if (!v5_principal) { err = cci_check_error (ccErrNoMem); }
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        err = ccs_credentials_list_new (&credentials);
+    }
+
+    if (!err) {
+        io_ccache->kdc_time_offset_v5 = 0;
+        io_ccache->kdc_time_offset_v5_valid = 0;
+
+        if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
+        io_ccache->v5_principal = v5_principal;
+        v5_principal = NULL; /* take ownership */
+
+        ccs_credentials_list_release (io_ccache->credentials);
+        io_ccache->credentials = credentials;
+        credentials = NULL; /* take ownership */
+
+	err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    free (v5_principal);
+    ccs_credentials_list_release (credentials);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache,
+                                   ccs_ccache_t           io_destination_ccache,
+				   ccs_cache_collection_t io_cache_collection)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_source_ccache     ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        struct ccs_ccache_d temp_ccache = *io_destination_ccache;
+
+        /* swap everything */
+        *io_destination_ccache = *io_source_ccache;
+        *io_source_ccache = temp_ccache;
+
+        /* swap back the name and identifier */
+        io_source_ccache->identifier = io_destination_ccache->identifier;
+        io_destination_ccache->identifier = temp_ccache.identifier;
+
+        io_source_ccache->name = io_destination_ccache->name;
+        io_destination_ccache->name = temp_ccache.name;
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_source_ccache, io_cache_collection);
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_destination_ccache, io_cache_collection);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_release (ccs_ccache_t io_ccache)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_ccache) {
+        cci_identifier_release (io_ccache->identifier);
+        ccs_lock_state_release (io_ccache->lock_state);
+        free (io_ccache->name);
+        free (io_ccache->v5_principal);
+        ccs_credentials_list_release (io_ccache->credentials);
+        ccs_callback_array_release (io_ccache->change_callbacks);
+        free (io_ccache);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_compare_identifier (ccs_ccache_t      in_ccache,
+                                        cci_identifier_t  in_identifier,
+                                        cc_uint32        *out_equal)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal    ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_compare (in_ccache->identifier,
+                                      in_identifier,
+                                      out_equal);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_compare_name (ccs_ccache_t  in_ccache,
+                                  const char   *in_name,
+                                  cc_uint32    *out_equal)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
+    if (!in_name  ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_equal = (strcmp (in_ccache->name, in_name) == 0);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_changed (ccs_ccache_t           io_ccache,
+                             ccs_cache_collection_t io_cache_collection)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_time_t now = time (NULL);
+
+        if (io_ccache->last_changed_time < now) {
+            io_ccache->last_changed_time = now;
+        } else {
+            io_ccache->last_changed_time++;
+        }
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_changed (io_cache_collection);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply_data);
+    }
+
+    if (!err) {
+	err = krb5int_ipc_stream_write_time (reply_data, io_ccache->last_changed_time);
+    }
+
+    if (!err) {
+	/* Loop over callbacks sending messages to them */
+	cc_uint64 i;
+        cc_uint64 count = ccs_callback_array_count (io_ccache->change_callbacks);
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_callback_t callback = ccs_callback_array_object_at_index (io_ccache->change_callbacks, i);
+
+	    err = ccs_callback_reply_to_client (callback, reply_data);
+
+	    if (!err) {
+		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
+		err = ccs_callback_array_remove (io_ccache->change_callbacks, i);
+		break;
+	    }
+        }
+    }
+
+    if (!err) {
+        err = ccs_os_notify_ccache_changed (io_cache_collection,
+                                            io_ccache->name);
+    }
+
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_invalidate_change_callback (ccs_callback_owner_t io_ccache,
+						       ccs_callback_t       in_callback)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_callback) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	/* Remove callback */
+	ccs_ccache_t ccache = (ccs_ccache_t) io_ccache;
+	cc_uint64 i;
+        cc_uint64 count = ccs_callback_array_count (ccache->change_callbacks);
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_callback_t callback = ccs_callback_array_object_at_index (ccache->change_callbacks, i);
+
+	    if (callback == in_callback) {
+		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
+		err = ccs_callback_array_remove (ccache->change_callbacks, i);
+		break;
+	    }
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_notify_default_state_changed (ccs_ccache_t           io_ccache,
+                                                  ccs_cache_collection_t io_cache_collection,
+                                                  cc_uint32              in_new_default_state)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && in_new_default_state) {
+        cc_time_t now = time (NULL);
+
+        if (io_ccache->last_default_time < now) {
+            io_ccache->last_default_time = now;
+        } else {
+            io_ccache->last_default_time++;
+        }
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_find_credentials_iterator (ccs_ccache_t                in_ccache,
+                                               cci_identifier_t            in_identifier,
+                                               ccs_credentials_iterator_t *out_credentials_iterator)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_ccache               ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_credentials_list_find_iterator (in_ccache->credentials,
+                                                  in_identifier,
+                                                  out_credentials_iterator);
+    }
+
+    // Don't report ccErrInvalidCredentials to the log file.  Non-fatal.
+    return (err == ccErrInvalidCredentials) ? err : cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_write (ccs_ccache_t in_ccache,
+                           k5_ipc_stream io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (in_ccache->identifier, io_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_write_name (ccs_ccache_t in_ccache,
+                                k5_ipc_stream io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
+    if (!io_stream) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (io_stream, in_ccache->name);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#pragma mark -- IPC Messages --
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_destroy (ccs_ccache_t           io_ccache,
+                                    ccs_cache_collection_t io_cache_collection,
+                                    k5_ipc_stream           in_request_data,
+                                    k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_destroy_ccache (io_cache_collection,
+                                                   io_ccache->identifier);
+    }
+
+    if (!err) {
+        /* ccache has been destroyed so just mark the cache collection */
+        err = ccs_cache_collection_changed (io_cache_collection);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_set_default (ccs_ccache_t           io_ccache,
+                                        ccs_cache_collection_t io_cache_collection,
+                                        k5_ipc_stream           in_request_data,
+                                        k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_cache_collection_set_default_ccache (io_cache_collection,
+                                                       io_ccache->identifier);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_get_credentials_version (ccs_ccache_t           io_ccache,
+                                                    ccs_cache_collection_t io_cache_collection,
+                                                    k5_ipc_stream           in_request_data,
+                                                    k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_uint32 (io_reply_data, io_ccache->creds_version);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_get_name (ccs_ccache_t           io_ccache,
+                                     ccs_cache_collection_t io_cache_collection,
+                                     k5_ipc_stream           in_request_data,
+                                     k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->name);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_get_principal (ccs_ccache_t           io_ccache,
+                                          ccs_cache_collection_t io_cache_collection,
+                                          k5_ipc_stream           in_request_data,
+                                          k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 version = 0;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &version);
+    }
+
+    if (!err) {
+        if (version == cc_credentials_v5) {
+            err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal);
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_set_principal (ccs_ccache_t           io_ccache,
+                                          ccs_cache_collection_t io_cache_collection,
+                                          k5_ipc_stream           in_request_data,
+                                          k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 version = 0;
+    char *principal = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &version);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_string (in_request_data, &principal);
+    }
+
+    if (!err) {
+        /* reset KDC time offsets because they are per-KDC */
+        if (version == cc_credentials_v5) {
+            io_ccache->kdc_time_offset_v5 = 0;
+            io_ccache->kdc_time_offset_v5_valid = 0;
+
+            if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
+            io_ccache->v5_principal = principal;
+            principal = NULL; /* take ownership */
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        io_ccache->creds_version |= version;
+
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    krb5int_ipc_stream_free_string (principal);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_store_credentials (ccs_ccache_t           io_ccache,
+                                              ccs_cache_collection_t io_cache_collection,
+                                              k5_ipc_stream           in_request_data,
+                                              k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_credentials_t credentials = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_credentials_new (&credentials, in_request_data,
+                                   io_ccache->creds_version,
+                                   io_ccache->credentials);
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_remove_credentials (ccs_ccache_t           io_ccache,
+                                               ccs_cache_collection_t io_cache_collection,
+                                               k5_ipc_stream           in_request_data,
+                                               k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cci_identifier_t credentials_identifier = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_read (&credentials_identifier, in_request_data);
+    }
+
+    if (!err) {
+        err = ccs_credentials_list_remove (io_ccache->credentials, credentials_identifier);
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    cci_identifier_release (credentials_identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_new_credentials_iterator (ccs_ccache_t           io_ccache,
+                                                     ccs_cache_collection_t io_cache_collection,
+                                                     ccs_pipe_t             in_client_pipe,
+                                                     k5_ipc_stream           in_request_data,
+                                                     k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_credentials_iterator_t credentials_iterator = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_credentials_list_new_iterator (io_ccache->credentials,
+                                                 in_client_pipe,
+                                                 &credentials_iterator);
+    }
+
+    if (!err) {
+        err = ccs_credentials_list_iterator_write (credentials_iterator, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_move (ccs_ccache_t           io_ccache,
+                                 ccs_cache_collection_t io_cache_collection,
+                                 k5_ipc_stream           in_request_data,
+                                 k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cci_identifier_t source_identifier = NULL;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        /* Note: message is sent as the destination ccache to avoid     */
+        /* extra work on the server when deleting it the source ccache. */
+        err = cci_identifier_read (&source_identifier, in_request_data);
+    }
+
+    if (!err) {
+        err = ccs_ccache_collection_move_ccache (io_cache_collection,
+                                                 source_identifier,
+                                                 io_ccache);
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    cci_identifier_release (source_identifier);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_lock (ccs_pipe_t             in_client_pipe,
+                                 ccs_pipe_t             in_reply_pipe,
+                                 ccs_ccache_t           io_ccache,
+                                 ccs_cache_collection_t io_cache_collection,
+                                 k5_ipc_stream           in_request_data,
+                                 cc_uint32              *out_will_block,
+                                 k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 lock_type;
+    cc_uint32 block;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &lock_type);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &block);
+    }
+
+    if (!err) {
+        err = ccs_lock_state_add (io_ccache->lock_state,
+                                  in_client_pipe, in_reply_pipe,
+                                  lock_type, block, out_will_block);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_unlock (ccs_pipe_t             in_client_pipe,
+                                   ccs_ccache_t           io_ccache,
+                                   ccs_cache_collection_t io_cache_collection,
+                                   k5_ipc_stream           in_request_data,
+                                   k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_lock_state_remove (io_ccache->lock_state, in_client_pipe);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_get_last_default_time (ccs_ccache_t           io_ccache,
+                                                  ccs_cache_collection_t io_cache_collection,
+                                                  k5_ipc_stream           in_request_data,
+                                                  k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && io_ccache->last_default_time == 0) {
+        err = cci_check_error (ccErrNeverDefault);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_default_time);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_get_change_time (ccs_ccache_t           io_ccache,
+                                            ccs_cache_collection_t io_cache_collection,
+                                            k5_ipc_stream           in_request_data,
+                                            k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_wait_for_change (ccs_pipe_t              in_client_pipe,
+					    ccs_pipe_t              in_reply_pipe,
+					    ccs_ccache_t            io_ccache,
+					    ccs_cache_collection_t  io_cache_collection,
+					    k5_ipc_stream            in_request_data,
+					    k5_ipc_stream            io_reply_data,
+					    cc_uint32              *out_will_block)
+{
+    cc_int32 err = ccNoError;
+    cc_time_t last_wait_for_change_time = 0;
+    cc_uint32 will_block = 0;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe )) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_time (in_request_data, &last_wait_for_change_time);
+    }
+
+    if (!err) {
+	if (last_wait_for_change_time < io_ccache->last_changed_time) {
+	    cci_debug_printf ("%s returning immediately", __FUNCTION__);
+	    err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time);
+
+	} else {
+	    ccs_callback_t callback = NULL;
+
+	    err = ccs_callback_new (&callback,
+				    ccErrInvalidCCache,
+				    in_client_pipe,
+				    in_reply_pipe,
+				    (ccs_callback_owner_t) io_ccache,
+				    ccs_ccache_invalidate_change_callback);
+
+	    if (!err) {
+		err = ccs_callback_array_insert (io_ccache->change_callbacks, callback,
+						 ccs_callback_array_count (io_ccache->change_callbacks));
+		if (!err) { callback = NULL; /* take ownership */ }
+
+		cci_debug_printf ("%s blocking", __FUNCTION__);
+		will_block = 1;
+	    }
+
+	    ccs_callback_release (callback);
+	}
+    }
+
+    if (!err) {
+	*out_will_block = will_block;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_get_kdc_time_offset (ccs_ccache_t           io_ccache,
+                                                ccs_cache_collection_t io_cache_collection,
+                                                k5_ipc_stream           in_request_data,
+                                                k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 cred_vers = 0;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
+    }
+
+    if (!err) {
+        if (cred_vers == cc_credentials_v5) {
+            if (io_ccache->kdc_time_offset_v5_valid) {
+                err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5);
+            } else {
+                err = cci_check_error (ccErrTimeOffsetNotSet);
+            }
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_set_kdc_time_offset (ccs_ccache_t           io_ccache,
+                                                ccs_cache_collection_t io_cache_collection,
+                                                k5_ipc_stream           in_request_data,
+                                                k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 cred_vers = 0;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
+    }
+
+    if (!err) {
+        if (cred_vers == cc_credentials_v5) {
+            err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5);
+
+            if (!err) {
+                io_ccache->kdc_time_offset_v5_valid = 1;
+            }
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_clear_kdc_time_offset (ccs_ccache_t           io_ccache,
+                                                  ccs_cache_collection_t io_cache_collection,
+                                                  k5_ipc_stream           in_request_data,
+                                                  k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 cred_vers = 0;
+
+    if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
+    }
+
+    if (!err) {
+        if (cred_vers == cc_credentials_v5) {
+            io_ccache->kdc_time_offset_v5 = 0;
+            io_ccache->kdc_time_offset_v5_valid = 0;
+
+        } else {
+            err = cci_check_error (ccErrBadCredentialsVersion);
+        }
+    }
+
+    if (!err) {
+        err = ccs_ccache_changed (io_ccache, io_cache_collection);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_handle_message (ccs_pipe_t              in_client_pipe,
+                                    ccs_pipe_t              in_reply_pipe,
+                                    ccs_ccache_t            io_ccache,
+                                    ccs_cache_collection_t  io_cache_collection,
+                                    enum cci_msg_id_t       in_request_name,
+                                    k5_ipc_stream            in_request_data,
+                                    cc_uint32              *out_will_block,
+                                    k5_ipc_stream           *out_reply_data)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 will_block = 0;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_data                 ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply_data);
+    }
+
+    if (!err) {
+        if (in_request_name == cci_ccache_destroy_msg_id) {
+            err = ccs_ccache_destroy (io_ccache, io_cache_collection,
+                                      in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_set_default_msg_id) {
+            err = ccs_ccache_set_default (io_ccache, io_cache_collection,
+                                          in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_get_credentials_version_msg_id) {
+            err = ccs_ccache_get_credentials_version (io_ccache, io_cache_collection,
+                                                      in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_get_name_msg_id) {
+            err = ccs_ccache_get_name (io_ccache, io_cache_collection,
+                                       in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_get_principal_msg_id) {
+            err = ccs_ccache_get_principal (io_ccache, io_cache_collection,
+                                            in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_set_principal_msg_id) {
+            err = ccs_ccache_set_principal (io_ccache, io_cache_collection,
+                                            in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_store_credentials_msg_id) {
+            err = ccs_ccache_store_credentials (io_ccache, io_cache_collection,
+                                                in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_remove_credentials_msg_id) {
+            err = ccs_ccache_remove_credentials (io_ccache, io_cache_collection,
+                                                 in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_new_credentials_iterator_msg_id) {
+            err = ccs_ccache_new_credentials_iterator (io_ccache,
+                                                       io_cache_collection,
+                                                       in_client_pipe,
+                                                       in_request_data,
+                                                       reply_data);
+
+        } else if (in_request_name == cci_ccache_move_msg_id) {
+            err = ccs_ccache_move (io_ccache, io_cache_collection,
+                                   in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_lock_msg_id) {
+            err = ccs_ccache_lock (in_client_pipe, in_reply_pipe,
+                                   io_ccache, io_cache_collection,
+                                   in_request_data,
+                                   &will_block, reply_data);
+
+        } else if (in_request_name == cci_ccache_unlock_msg_id) {
+            err = ccs_ccache_unlock (in_client_pipe,
+                                     io_ccache, io_cache_collection,
+                                     in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_get_last_default_time_msg_id) {
+            err = ccs_ccache_get_last_default_time (io_ccache, io_cache_collection,
+                                                    in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_get_change_time_msg_id) {
+            err = ccs_ccache_get_change_time (io_ccache, io_cache_collection,
+                                              in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_wait_for_change_msg_id) {
+            err = ccs_ccache_wait_for_change (in_client_pipe, in_reply_pipe,
+					      io_ccache, io_cache_collection,
+					      in_request_data, reply_data,
+					      &will_block);
+
+        } else if (in_request_name == cci_ccache_get_kdc_time_offset_msg_id) {
+            err = ccs_ccache_get_kdc_time_offset (io_ccache, io_cache_collection,
+                                                  in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_set_kdc_time_offset_msg_id) {
+            err = ccs_ccache_set_kdc_time_offset (io_ccache, io_cache_collection,
+                                                  in_request_data, reply_data);
+
+        } else if (in_request_name == cci_ccache_clear_kdc_time_offset_msg_id) {
+            err = ccs_ccache_clear_kdc_time_offset (io_ccache, io_cache_collection,
+                                                    in_request_data, reply_data);
+
+        } else {
+            err = ccErrBadInternalMessage;
+        }
+    }
+
+    if (!err) {
+        *out_will_block = will_block;
+        if (!will_block) {
+            *out_reply_data = reply_data;
+            reply_data = NULL; /* take ownership */
+        } else {
+            *out_reply_data = NULL;
+        }
+    }
+
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_ccache.h b/krb5-1.21.3/src/ccapi/server/ccs_ccache.h
new file mode 100644
index 00000000..8dab0651
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_ccache.h
@@ -0,0 +1,82 @@
+/* ccapi/server/ccs_ccache.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CCACHE_H
+#define CCS_CCACHE_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_ccache_new (ccs_ccache_t      *out_ccache,
+                         cc_uint32          in_cred_vers,
+                         const char        *in_name,
+                         const char        *in_principal,
+                         ccs_ccache_list_t  io_ccache_list);
+
+cc_int32 ccs_ccache_reset (ccs_ccache_t            io_ccache,
+			   ccs_cache_collection_t  io_cache_collection,
+                           cc_uint32               in_cred_vers,
+                           const char             *in_principal);
+
+cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache,
+                                   ccs_ccache_t           io_destination_ccache,
+				   ccs_cache_collection_t io_cache_collection);
+
+cc_int32 ccs_ccache_release (ccs_ccache_t io_ccache);
+
+cc_int32 ccs_ccache_changed (ccs_ccache_t           io_ccache,
+                             ccs_cache_collection_t io_cache_collection);
+
+cc_int32 ccs_ccache_compare_identifier (ccs_ccache_t      in_ccache,
+                                        cci_identifier_t  in_identifier,
+                                        cc_uint32        *out_equal);
+
+cc_int32 ccs_ccache_compare_name (ccs_ccache_t  in_ccache,
+                                  const char   *in_name,
+                                  cc_uint32    *out_equal);
+
+cc_int32 ccs_ccache_notify_default_state_changed (ccs_ccache_t           io_ccache,
+                                                  ccs_cache_collection_t io_cache_collection,
+                                                  cc_uint32              in_new_default_state);
+
+cc_int32 ccs_ccache_find_credentials_iterator (ccs_ccache_t                in_ccache,
+                                               cci_identifier_t            in_identifier,
+                                               ccs_credentials_iterator_t *out_credentials_iterator);
+
+cc_int32 ccs_ccache_write (ccs_ccache_t in_ccache,
+                           k5_ipc_stream io_stream);
+
+cc_int32 ccs_ccache_write_name (ccs_ccache_t in_ccache,
+                                k5_ipc_stream io_stream);
+
+cc_int32 ccs_ccache_handle_message (ccs_pipe_t              in_client_pipe,
+                                    ccs_pipe_t              in_reply_pipe,
+                                    ccs_ccache_t            io_ccache,
+                                    ccs_cache_collection_t  io_cache_collection,
+                                    enum cci_msg_id_t       in_request_name,
+                                    k5_ipc_stream            in_request_data,
+                                    cc_uint32              *out_will_block,
+                                    k5_ipc_stream           *out_reply_data);
+
+#endif /* CCS_CCACHE_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_ccache_iterator.c b/krb5-1.21.3/src/ccapi/server/ccs_ccache_iterator.c
new file mode 100644
index 00000000..172e68a8
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_ccache_iterator.c
@@ -0,0 +1,156 @@
+/* ccapi/server/ccs_ccache_iterator.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+/* ------------------------------------------------------------------------ */
+
+static  cc_int32 ccs_ccache_iterator_release (ccs_ccache_iterator_t  io_ccache_iterator,
+                                              ccs_cache_collection_t io_cache_collection,
+                                              k5_ipc_stream           in_request_data,
+                                              k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_iterator_release (io_ccache_iterator);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static  cc_int32 ccs_ccache_iterator_next (ccs_ccache_iterator_t  io_ccache_iterator,
+                                           ccs_cache_collection_t io_cache_collection,
+                                           k5_ipc_stream           in_request_data,
+                                           k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_t ccache = NULL;
+
+    if (!io_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_iterator_next (io_ccache_iterator, &ccache);
+    }
+
+    if (!err) {
+        err = ccs_ccache_write (ccache, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static  cc_int32 ccs_ccache_iterator_clone (ccs_ccache_iterator_t  io_ccache_iterator,
+                                            ccs_cache_collection_t io_cache_collection,
+                                            k5_ipc_stream           in_request_data,
+                                            k5_ipc_stream           io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_ccache_iterator_t ccache_iterator = NULL;
+
+    if (!io_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_ccache_list_iterator_clone (io_ccache_iterator,
+                                              &ccache_iterator);
+    }
+
+    if (!err) {
+        err = ccs_ccache_list_iterator_write (ccache_iterator, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+ cc_int32 ccs_ccache_iterator_handle_message (ccs_ccache_iterator_t  io_ccache_iterator,
+                                              ccs_cache_collection_t io_cache_collection,
+                                              enum cci_msg_id_t      in_request_name,
+                                              k5_ipc_stream           in_request_data,
+                                              k5_ipc_stream          *out_reply_data)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!in_request_data) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply_data);
+    }
+
+    if (!err) {
+        if (in_request_name == cci_ccache_iterator_release_msg_id) {
+            err = ccs_ccache_iterator_release (io_ccache_iterator,
+                                               io_cache_collection,
+                                               in_request_data,
+                                               reply_data);
+
+        } else if (in_request_name == cci_ccache_iterator_next_msg_id) {
+            err = ccs_ccache_iterator_next (io_ccache_iterator,
+                                            io_cache_collection,
+                                            in_request_data,
+                                            reply_data);
+
+        } else if (in_request_name == cci_ccache_iterator_clone_msg_id) {
+            err = ccs_ccache_iterator_clone (io_ccache_iterator,
+                                             io_cache_collection,
+                                             in_request_data,
+                                             reply_data);
+
+        } else {
+            err = ccErrBadInternalMessage;
+        }
+    }
+
+    if (!err) {
+        *out_reply_data = reply_data;
+        reply_data = NULL; /* take ownership */
+    }
+
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_ccache_iterator.h b/krb5-1.21.3/src/ccapi/server/ccs_ccache_iterator.h
new file mode 100644
index 00000000..96bf929d
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_ccache_iterator.h
@@ -0,0 +1,37 @@
+/* ccapi/server/ccs_ccache_iterator.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CCACHE_ITERATOR_H
+#define CCS_CCACHE_ITERATOR_H
+
+#include "ccs_types.h"
+
+ cc_int32 ccs_ccache_iterator_handle_message (ccs_ccache_iterator_t  io_ccache_iterator,
+                                              ccs_cache_collection_t io_cache_collection,
+                                              enum cci_msg_id_t      in_request_name,
+                                              k5_ipc_stream           in_request_data,
+                                              k5_ipc_stream          *out_reply_data);
+
+#endif /* CCS_CCACHE_ITERATOR_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_client.c b/krb5-1.21.3/src/ccapi/server/ccs_client.c
new file mode 100644
index 00000000..a7b0ad0b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_client.c
@@ -0,0 +1,236 @@
+/* ccapi/server/ccs_client.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+struct ccs_client_d {
+    ccs_pipe_t client_pipe;
+
+    /* The following arrays do not own their contents */
+    ccs_callbackref_array_t callbacks;
+    ccs_iteratorref_array_t iterators;
+};
+
+struct ccs_client_d ccs_client_initializer = { CCS_PIPE_NULL, NULL, NULL };
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_new (ccs_client_t *out_client,
+                         ccs_pipe_t    in_client_pipe)
+{
+    cc_int32 err = ccNoError;
+    ccs_client_t client = NULL;
+
+    if (!out_client                     ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        client = malloc (sizeof (*client));
+        if (client) {
+            *client = ccs_client_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = ccs_callbackref_array_new (&client->callbacks);
+    }
+
+    if (!err) {
+        err = ccs_iteratorref_array_new (&client->iterators);
+    }
+
+    if (!err) {
+	err = ccs_pipe_copy (&client->client_pipe, in_client_pipe);
+    }
+
+    if (!err) {
+        *out_client = client;
+        client = NULL;
+    }
+
+    ccs_client_release (client);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_release (ccs_client_t io_client)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_client) {
+	cc_uint64 i;
+	cc_uint64 callback_count = ccs_callbackref_array_count (io_client->callbacks);
+	cc_uint64 iterator_count = ccs_iteratorref_array_count (io_client->iterators);
+
+	for (i = 0; !err && i < callback_count; i++) {
+	    ccs_callback_t callback = ccs_callbackref_array_object_at_index (io_client->callbacks, i);
+
+	    cci_debug_printf ("%s: Invalidating callback reference %p.",
+                              __FUNCTION__, callback);
+	    ccs_callback_invalidate (callback);
+	}
+
+	for (i = 0; !err && i < iterator_count; i++) {
+	    ccs_generic_list_iterator_t iterator = ccs_iteratorref_array_object_at_index (io_client->iterators, i);
+
+	    cci_debug_printf ("%s: Invalidating iterator reference %p.",
+                              __FUNCTION__, iterator);
+	    ccs_generic_list_iterator_invalidate (iterator);
+	}
+
+	ccs_callbackref_array_release (io_client->callbacks);
+	ccs_iteratorref_array_release (io_client->iterators);
+	ccs_pipe_release (io_client->client_pipe);
+	free (io_client);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_add_callback (ccs_client_t   io_client,
+				  ccs_callback_t in_callback)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_client  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_callback) { err = cci_check_error (ccErrBadParam); }
+
+     if (!err) {
+        err = ccs_callbackref_array_insert (io_client->callbacks, in_callback,
+					    ccs_callbackref_array_count (io_client->callbacks));
+     }
+
+    return cci_check_error (err);
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_remove_callback (ccs_client_t   io_client,
+				     ccs_callback_t in_callback)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 found_callback = 0;
+
+    if (!io_client) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint64 i;
+        cc_uint64 lock_count = ccs_callbackref_array_count (io_client->callbacks);
+
+        for (i = 0; !err && i < lock_count; i++) {
+            ccs_callback_t callback = ccs_callbackref_array_object_at_index (io_client->callbacks, i);
+
+            if (callback == in_callback) {
+		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
+		found_callback = 1;
+		err = ccs_callbackref_array_remove (io_client->callbacks, i);
+		break;
+            }
+        }
+    }
+
+    if (!err && !found_callback) {
+        cci_debug_printf ("%s: WARNING! callback not found.", __FUNCTION__);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_add_iterator (ccs_client_t                io_client,
+				  ccs_generic_list_iterator_t in_iterator)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_client  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_iteratorref_array_insert (io_client->iterators, in_iterator,
+                                            ccs_iteratorref_array_count (io_client->iterators));
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_remove_iterator (ccs_client_t                io_client,
+				     ccs_generic_list_iterator_t in_iterator)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 found_iterator = 0;
+
+    if (!io_client) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint64 i;
+        cc_uint64 lock_count = ccs_iteratorref_array_count (io_client->iterators);
+
+        for (i = 0; !err && i < lock_count; i++) {
+            ccs_generic_list_iterator_t iterator = ccs_iteratorref_array_object_at_index (io_client->iterators, i);
+
+            if (iterator == in_iterator) {
+		cci_debug_printf ("%s: Removing iterator reference %p.", __FUNCTION__, iterator);
+		found_iterator = 1;
+		err = ccs_iteratorref_array_remove (io_client->iterators, i);
+		break;
+            }
+        }
+    }
+
+    if (!err && !found_iterator) {
+        cci_debug_printf ("%s: WARNING! iterator not found.", __FUNCTION__);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_client_uses_pipe (ccs_client_t  in_client,
+                               ccs_pipe_t    in_pipe,
+                               cc_uint32    *out_uses_pipe)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_client    ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_pipe      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_uses_pipe) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_pipe_compare (in_client->client_pipe, in_pipe, out_uses_pipe);
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_client.h b/krb5-1.21.3/src/ccapi/server/ccs_client.h
new file mode 100644
index 00000000..b6070daa
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_client.h
@@ -0,0 +1,52 @@
+/* ccapi/server/ccs_client.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CLIENT_H
+#define CCS_CLIENT_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_client_new (ccs_client_t *out_client,
+                         ccs_pipe_t    in_client_pipe);
+
+cc_int32 ccs_client_release (ccs_client_t io_client);
+
+cc_int32 ccs_client_add_callback (ccs_client_t   io_client,
+				  ccs_callback_t in_lock);
+
+cc_int32 ccs_client_remove_callback (ccs_client_t   io_client,
+				     ccs_callback_t in_lock);
+
+cc_int32 ccs_client_add_iterator (ccs_client_t                io_client,
+				  ccs_generic_list_iterator_t in_iterator);
+
+cc_int32 ccs_client_remove_iterator (ccs_client_t                io_client,
+				     ccs_generic_list_iterator_t in_iterator);
+
+cc_int32 ccs_client_uses_pipe (ccs_client_t  in_client,
+                               ccs_pipe_t    in_pipe,
+                               cc_uint32    *out_uses_pipe);
+
+#endif /* CCS_CLIENT_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_common.h b/krb5-1.21.3/src/ccapi/server/ccs_common.h
new file mode 100644
index 00000000..eafecd83
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_common.h
@@ -0,0 +1,47 @@
+/* ccapi/server/ccs_common.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_COMMON_H
+#define CCS_COMMON_H
+
+#include "cci_common.h"
+
+#include <time.h>
+
+#include "ccs_array.h"
+#include "ccs_list.h"
+#include "ccs_cache_collection.h"
+#include "ccs_ccache_iterator.h"
+#include "ccs_ccache.h"
+#include "ccs_credentials_iterator.h"
+#include "ccs_credentials.h"
+#include "ccs_lock.h"
+#include "ccs_lock_state.h"
+#include "ccs_pipe.h"
+#include "ccs_client.h"
+#include "ccs_callback.h"
+#include "ccs_server.h"
+
+#endif /* CCS_COMMON_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_credentials.c b/krb5-1.21.3/src/ccapi/server/ccs_credentials.c
new file mode 100644
index 00000000..2c68e0f9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_credentials.c
@@ -0,0 +1,139 @@
+/* ccapi/server/ccs_credentials.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+struct ccs_credentials_d {
+    cc_credentials_union *cred_union;
+    cci_identifier_t identifier;
+};
+
+struct ccs_credentials_d ccs_credentials_initializer = { NULL, NULL };
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_new (ccs_credentials_t      *out_credentials,
+                              k5_ipc_stream            in_stream,
+                              cc_uint32               in_ccache_version,
+                              ccs_credentials_list_t  io_credentials_list)
+{
+    cc_int32 err = ccNoError;
+    ccs_credentials_t credentials = NULL;
+
+    if (!out_credentials) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        credentials = malloc (sizeof (*credentials));
+        if (credentials) {
+            *credentials = ccs_credentials_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = cci_credentials_union_read (&credentials->cred_union, in_stream);
+    }
+
+    if (!err && !(credentials->cred_union->version & in_ccache_version)) {
+        /* ccache does not have a principal set for this credentials version */
+        err = cci_check_error (ccErrBadCredentialsVersion);
+    }
+
+    if (!err) {
+        err = ccs_server_new_identifier (&credentials->identifier);
+    }
+
+    if (!err) {
+        err = ccs_credentials_list_add (io_credentials_list, credentials);
+    }
+
+    if (!err) {
+        *out_credentials = credentials;
+        credentials = NULL;
+    }
+
+    ccs_credentials_release (credentials);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_release (ccs_credentials_t io_credentials)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_credentials) {
+        cci_credentials_union_release (io_credentials->cred_union);
+        cci_identifier_release (io_credentials->identifier);
+        free (io_credentials);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_write (ccs_credentials_t in_credentials,
+                                k5_ipc_stream      io_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
+    if (!io_stream     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (in_credentials->identifier, io_stream);
+    }
+
+    if (!err) {
+        err = cci_credentials_union_write (in_credentials->cred_union, io_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_compare_identifier (ccs_credentials_t  in_credentials,
+                                             cci_identifier_t   in_identifier,
+                                             cc_uint32         *out_equal)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_equal     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_compare (in_credentials->identifier,
+                                      in_identifier,
+                                      out_equal);
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_credentials.h b/krb5-1.21.3/src/ccapi/server/ccs_credentials.h
new file mode 100644
index 00000000..5f096b86
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_credentials.h
@@ -0,0 +1,46 @@
+/* ccapi/server/ccs_credentials.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CREDENTIALS_H
+#define CCS_CREDENTIALS_H
+
+#include "ccs_types.h"
+
+
+cc_int32 ccs_credentials_new (ccs_credentials_t      *out_credentials,
+                              k5_ipc_stream            in_stream,
+                              cc_uint32               in_ccache_version,
+                              ccs_credentials_list_t  io_credentials_list);
+
+cc_int32 ccs_credentials_release (ccs_credentials_t io_credentials);
+
+cc_int32 ccs_credentials_write (ccs_credentials_t in_credentials,
+                                k5_ipc_stream      io_stream);
+
+cc_int32 ccs_credentials_compare_identifier (ccs_credentials_t  in_credentials,
+                                             cci_identifier_t   in_identifier,
+                                             cc_uint32         *out_equal);
+
+#endif /* CCS_CREDENTIALS_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_credentials_iterator.c b/krb5-1.21.3/src/ccapi/server/ccs_credentials_iterator.c
new file mode 100644
index 00000000..df18041c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_credentials_iterator.c
@@ -0,0 +1,158 @@
+/* ccapi/server/ccs_credentials_iterator.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_credentials_iterator_release (ccs_credentials_iterator_t io_credentials_iterator,
+						  ccs_ccache_t               io_ccache,
+						  k5_ipc_stream               in_request_data,
+						  k5_ipc_stream               io_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache              ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data        ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data          ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_credentials_list_iterator_release (io_credentials_iterator);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_credentials_iterator_next (ccs_credentials_iterator_t io_credentials_iterator,
+					       ccs_ccache_t               io_ccache,
+					       k5_ipc_stream               in_request_data,
+					       k5_ipc_stream               io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_credentials_t credentials = NULL;
+
+    if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache              ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data        ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data          ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_credentials_list_iterator_next (io_credentials_iterator,
+                                                  &credentials);
+    }
+
+    if (!err) {
+        err = ccs_credentials_write (credentials, io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static  cc_int32 ccs_credentials_iterator_clone (ccs_credentials_iterator_t io_credentials_iterator,
+                                                 ccs_ccache_t               io_ccache,
+                                                 k5_ipc_stream               in_request_data,
+                                                 k5_ipc_stream               io_reply_data)
+{
+    cc_int32 err = ccNoError;
+    ccs_credentials_iterator_t credentials_iterator = NULL;
+
+    if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!io_ccache              ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data        ) { err = cci_check_error (ccErrBadParam); }
+    if (!io_reply_data          ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_credentials_list_iterator_clone (io_credentials_iterator,
+                                                   &credentials_iterator);
+    }
+
+    if (!err) {
+        err = ccs_credentials_list_iterator_write (credentials_iterator,
+                                                   io_reply_data);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+ cc_int32 ccs_credentials_iterator_handle_message (ccs_credentials_iterator_t  io_credentials_iterator,
+                                                   ccs_ccache_t                io_ccache,
+                                                   enum cci_msg_id_t           in_request_name,
+                                                   k5_ipc_stream                in_request_data,
+                                                   k5_ipc_stream               *out_reply_data)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!in_request_data) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_new (&reply_data);
+    }
+
+    if (!err) {
+        if (in_request_name == cci_credentials_iterator_release_msg_id) {
+            err = ccs_credentials_iterator_release (io_credentials_iterator,
+                                                    io_ccache,
+                                                    in_request_data,
+                                                    reply_data);
+
+        } else if (in_request_name == cci_credentials_iterator_next_msg_id) {
+            err = ccs_credentials_iterator_next (io_credentials_iterator,
+                                                 io_ccache,
+                                                 in_request_data,
+                                                 reply_data);
+
+        } else if (in_request_name == cci_credentials_iterator_clone_msg_id) {
+            err = ccs_credentials_iterator_clone (io_credentials_iterator,
+                                                  io_ccache,
+                                                  in_request_data,
+                                                  reply_data);
+
+        } else {
+            err = ccErrBadInternalMessage;
+        }
+    }
+
+    if (!err) {
+        *out_reply_data = reply_data;
+        reply_data = NULL; /* take ownership */
+    }
+
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_credentials_iterator.h b/krb5-1.21.3/src/ccapi/server/ccs_credentials_iterator.h
new file mode 100644
index 00000000..fc81a82b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_credentials_iterator.h
@@ -0,0 +1,37 @@
+/* ccapi/server/ccs_credentials_iterator.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_CREDENTIALS_ITERATOR_H
+#define CCS_CREDENTIALS_ITERATOR_H
+
+#include "ccs_types.h"
+
+ cc_int32 ccs_credentials_iterator_handle_message (ccs_credentials_iterator_t  io_credentials_iterator,
+                                                   ccs_ccache_t                io_ccache,
+                                                   enum cci_msg_id_t           in_request_name,
+                                                   k5_ipc_stream                in_request_data,
+                                                   k5_ipc_stream               *out_reply_data);
+
+#endif /* CCS_CREDENTIALS_ITERATOR_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_list.c b/krb5-1.21.3/src/ccapi/server/ccs_list.c
new file mode 100644
index 00000000..ef9a1906
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_list.c
@@ -0,0 +1,361 @@
+/* ccapi/server/ccs_list.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+#include "ccs_list_internal.h"
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_list_object_release (ccs_list_object_t io_object)
+{
+    return cci_check_error (ccs_cache_collection_release ((ccs_cache_collection_t) io_object));
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_cache_collection_list_object_compare_identifier (ccs_list_object_t in_cache_collection,
+                                                                     cci_identifier_t  in_identifier,
+                                                                     cc_uint32        *out_equal)
+{
+    return ccs_cache_collection_compare_identifier ((ccs_cache_collection_t) in_cache_collection,
+                                                    in_identifier,
+                                                    out_equal);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_list_new (ccs_cache_collection_list_t *out_list)
+{
+    return ccs_list_new (out_list,
+                         ccErrInvalidContext,
+                         ccErrInvalidContext,
+                         ccs_cache_collection_list_object_compare_identifier,
+                         ccs_cache_collection_list_object_release);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_list_count (ccs_cache_collection_list_t  in_list,
+                                          cc_uint64                   *out_count)
+{
+    return ccs_list_count (in_list, out_count);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_list_find (ccs_cache_collection_list_t  in_list,
+                                         cci_identifier_t             in_identifier,
+                                         ccs_cache_collection_t       *out_cache_collection)
+{
+    return ccs_list_find (in_list, in_identifier, (ccs_list_object_t *) out_cache_collection);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_list_add (ccs_cache_collection_list_t io_list,
+                                        ccs_cache_collection_t      in_cache_collection)
+{
+    return ccs_list_add (io_list, (ccs_list_object_t) in_cache_collection);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_list_remove (ccs_cache_collection_list_t io_list,
+                                           cci_identifier_t            in_identifier)
+{
+    return ccs_list_remove (io_list, in_identifier);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_cache_collection_list_release (ccs_cache_collection_list_t io_list)
+{
+    return ccs_list_release (io_list);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_list_object_release (ccs_list_object_t io_ccache)
+{
+    return cci_check_error (ccs_ccache_release ((ccs_ccache_t) io_ccache));
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_ccache_list_object_compare_identifier (ccs_list_object_t  in_ccache,
+                                                           cci_identifier_t   in_identifier,
+                                                           cc_uint32         *out_equal)
+{
+    return ccs_ccache_compare_identifier ((ccs_ccache_t) in_ccache,
+                                          in_identifier,
+                                          out_equal);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_new (ccs_ccache_list_t *out_list)
+{
+    return ccs_list_new (out_list,
+                         ccErrInvalidCCache,
+                         ccErrInvalidCCacheIterator,
+                         ccs_ccache_list_object_compare_identifier,
+                         ccs_ccache_list_object_release);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_new_iterator (ccs_ccache_list_t           in_list,
+                                       ccs_pipe_t                  in_client_pipe,
+                                       ccs_ccache_list_iterator_t *out_list_iterator)
+{
+    return ccs_list_new_iterator (in_list, in_client_pipe, out_list_iterator);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_count (ccs_ccache_list_t  in_list,
+                                cc_uint64         *out_count)
+{
+    return ccs_list_count (in_list, out_count);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_find (ccs_ccache_list_t  in_list,
+                               cci_identifier_t   in_identifier,
+                               ccs_ccache_t      *out_ccache)
+{
+    return ccs_list_find (in_list, in_identifier, (ccs_list_object_t *) out_ccache);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_find_iterator (ccs_ccache_list_t           in_list,
+                                        cci_identifier_t            in_identifier,
+                                        ccs_ccache_list_iterator_t *out_list_iterator)
+{
+    return ccs_list_find_iterator (in_list, in_identifier,
+                                   (ccs_list_iterator_t *) out_list_iterator);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_add (ccs_ccache_list_t io_list,
+                              ccs_ccache_t      in_ccache)
+{
+    return ccs_list_add (io_list, (ccs_list_object_t) in_ccache);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_remove (ccs_ccache_list_t io_list,
+                                 cci_identifier_t  in_identifier)
+{
+    return ccs_list_remove (io_list, in_identifier);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_push_front (ccs_ccache_list_t io_list,
+                                     cci_identifier_t  in_identifier)
+{
+    return ccs_list_push_front (io_list, in_identifier);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_release (ccs_ccache_list_t io_list)
+{
+    return ccs_list_release (io_list);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_iterator_write (ccs_ccache_list_iterator_t in_list_iterator,
+                                         k5_ipc_stream               in_stream)
+{
+    return ccs_list_iterator_write (in_list_iterator, in_stream);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_iterator_clone (ccs_ccache_list_iterator_t  in_list_iterator,
+                                         ccs_ccache_list_iterator_t *out_list_iterator)
+{
+    return ccs_list_iterator_clone (in_list_iterator, out_list_iterator);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_iterator_next (ccs_ccache_list_iterator_t  io_list_iterator,
+                                        ccs_ccache_t               *out_ccache)
+{
+    return ccs_list_iterator_next (io_list_iterator, (ccs_list_object_t *) out_ccache);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_ccache_list_iterator_release (ccs_ccache_list_iterator_t io_list_iterator)
+{
+    return ccs_list_iterator_release (io_list_iterator);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark-
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_credentials_list_object_release (ccs_list_object_t io_object)
+{
+    return cci_check_error (ccs_credentials_release ((ccs_credentials_t) io_object));
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_credentials_list_object_compare_identifier (ccs_list_object_t  in_credentials,
+                                                                cci_identifier_t   in_identifier,
+                                                                cc_uint32         *out_equal)
+{
+    return ccs_credentials_compare_identifier ((ccs_credentials_t) in_credentials,
+                                               in_identifier,
+                                               out_equal);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_new (ccs_credentials_list_t *out_list)
+{
+    return ccs_list_new (out_list,
+                         ccErrInvalidCredentials,
+                         ccErrInvalidCredentialsIterator,
+                         ccs_credentials_list_object_compare_identifier,
+                         ccs_credentials_list_object_release);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_new_iterator (ccs_credentials_list_t              in_list,
+                                            ccs_pipe_t                          in_client_pipe,
+                                            ccs_credentials_list_iterator_t    *out_list_iterator)
+{
+    return ccs_list_new_iterator (in_list, in_client_pipe, out_list_iterator);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_count (ccs_credentials_list_t  in_list,
+                                     cc_uint64              *out_count)
+{
+    return ccs_list_count (in_list, out_count);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_find (ccs_credentials_list_t  in_list,
+                                    cci_identifier_t        in_identifier,
+                                    ccs_credentials_t      *out_credentials)
+{
+    return ccs_list_find (in_list, in_identifier, (ccs_list_object_t *) out_credentials);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_find_iterator (ccs_credentials_list_t           in_list,
+                                             cci_identifier_t                 in_identifier,
+                                             ccs_credentials_list_iterator_t *out_list_iterator)
+{
+    return ccs_list_find_iterator (in_list, in_identifier,
+                                   (ccs_list_iterator_t *) out_list_iterator);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_add (ccs_credentials_list_t io_list,
+                                   ccs_credentials_t      in_credential)
+{
+    return ccs_list_add (io_list, (ccs_list_object_t) in_credential);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_remove (ccs_credentials_list_t io_list,
+                                      cci_identifier_t       in_identifier)
+{
+    return ccs_list_remove (io_list, in_identifier);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_release (ccs_credentials_list_t io_list)
+{
+    return ccs_list_release (io_list);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_iterator_write (ccs_credentials_list_iterator_t in_list_iterator,
+                                              k5_ipc_stream                    in_stream)
+{
+    return ccs_list_iterator_write (in_list_iterator, in_stream);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_iterator_clone (ccs_credentials_list_iterator_t  in_list_iterator,
+                                              ccs_credentials_list_iterator_t *out_list_iterator)
+{
+    return ccs_list_iterator_clone (in_list_iterator, out_list_iterator);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_iterator_next (ccs_credentials_list_iterator_t  io_list_iterator,
+                                             ccs_credentials_t               *out_credential)
+{
+    return ccs_list_iterator_next (io_list_iterator, (ccs_list_object_t *) out_credential);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_credentials_list_iterator_release (ccs_credentials_list_iterator_t io_list_iterator)
+{
+    return ccs_list_iterator_release (io_list_iterator);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark-
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_generic_list_iterator_invalidate (ccs_generic_list_iterator_t io_list_iterator)
+{
+    return ccs_list_iterator_invalidate (io_list_iterator);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_list.h b/krb5-1.21.3/src/ccapi/server/ccs_list.h
new file mode 100644
index 00000000..7b818f92
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_list.h
@@ -0,0 +1,140 @@
+/* ccapi/server/ccs_list.h */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_LIST_H
+#define CCS_LIST_H
+
+
+#include "ccs_types.h"
+
+cc_int32 ccs_cache_collection_list_new (ccs_cache_collection_list_t *out_list);
+
+cc_int32 ccs_cache_collection_list_count (ccs_cache_collection_list_t  in_list,
+                                          cc_uint64                   *out_count);
+
+cc_int32 ccs_cache_collection_list_find (ccs_cache_collection_list_t  in_list,
+                                         cci_identifier_t             in_identifier,
+                                         ccs_cache_collection_t       *out_cache_collection);
+
+cc_int32 ccs_cache_collection_list_add (ccs_cache_collection_list_t io_list,
+                                        ccs_cache_collection_t      in_cache_collection);
+
+cc_int32 ccs_cache_collection_list_remove (ccs_cache_collection_list_t io_list,
+                                           cci_identifier_t            in_identifier);
+
+cc_int32 ccs_cache_collection_list_release (ccs_cache_collection_list_t io_list);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_ccache_list_new (ccs_ccache_list_t *out_list);
+
+cc_int32 ccs_ccache_list_new_iterator (ccs_ccache_list_t           in_list,
+                                       ccs_pipe_t                  in_client_pipe,
+                                       ccs_ccache_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_ccache_list_count (ccs_ccache_list_t  in_list,
+                                cc_uint64         *out_count);
+
+cc_int32 ccs_ccache_list_find (ccs_ccache_list_t  in_list,
+                               cci_identifier_t   in_identifier,
+                               ccs_ccache_t      *out_ccache);
+
+cc_int32 ccs_ccache_list_find_iterator (ccs_ccache_list_t           in_list,
+                                        cci_identifier_t            in_identifier,
+                                        ccs_ccache_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_ccache_list_add (ccs_ccache_list_t io_list,
+                              ccs_ccache_t      in_ccache);
+
+cc_int32 ccs_ccache_list_remove (ccs_ccache_list_t io_list,
+                                 cci_identifier_t  in_identifier);
+
+cc_int32 ccs_ccache_list_push_front (ccs_ccache_list_t io_list,
+                                     cci_identifier_t  in_identifier);
+
+cc_int32 ccs_ccache_list_release (ccs_ccache_list_t io_list);
+
+
+cc_int32 ccs_ccache_list_iterator_write (ccs_ccache_list_iterator_t in_list_iterator,
+                                         k5_ipc_stream               in_stream);
+
+cc_int32 ccs_ccache_list_iterator_clone (ccs_ccache_list_iterator_t  in_list_iterator,
+                                         ccs_ccache_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_ccache_list_iterator_next (ccs_ccache_list_iterator_t  io_list_iterator,
+                                        ccs_ccache_t               *out_ccache);
+
+cc_int32 ccs_ccache_list_iterator_release (ccs_ccache_list_iterator_t io_list_iterator);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_credentials_list_new (ccs_credentials_list_t *out_list);
+
+cc_int32 ccs_credentials_list_new_iterator (ccs_credentials_list_t           in_list,
+                                            ccs_pipe_t                       in_client_pipe,
+                                            ccs_credentials_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_credentials_list_count (ccs_credentials_list_t  in_list,
+                                     cc_uint64              *out_count);
+
+cc_int32 ccs_credentials_list_find (ccs_credentials_list_t  in_list,
+                                    cci_identifier_t        in_identifier,
+                                    ccs_credentials_t      *out_credentials);
+
+cc_int32 ccs_credentials_list_find_iterator (ccs_credentials_list_t           in_list,
+                                             cci_identifier_t                 in_identifier,
+                                             ccs_credentials_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_credentials_list_add (ccs_credentials_list_t io_list,
+                                   ccs_credentials_t      in_credential);
+
+cc_int32 ccs_credentials_list_remove (ccs_credentials_list_t io_list,
+                                      cci_identifier_t       in_identifier);
+
+cc_int32 ccs_credentials_list_release (ccs_credentials_list_t io_list);
+
+
+cc_int32 ccs_credentials_list_iterator_write (ccs_credentials_list_iterator_t in_list_iterator,
+                                              k5_ipc_stream                    in_stream);
+
+cc_int32 ccs_credentials_list_iterator_clone (ccs_credentials_list_iterator_t  in_list_iterator,
+                                              ccs_credentials_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_credentials_list_iterator_next (ccs_credentials_list_iterator_t  io_list_iterator,
+                                             ccs_credentials_t               *out_credential);
+
+cc_int32 ccs_credentials_list_iterator_release (ccs_credentials_list_iterator_t io_list_iterator);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+cc_int32 ccs_generic_list_iterator_invalidate (ccs_generic_list_iterator_t io_list_iterator);
+
+#endif /* CCS_LIST_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_list_internal.c b/krb5-1.21.3/src/ccapi/server/ccs_list_internal.c
new file mode 100644
index 00000000..82d64652
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_list_internal.c
@@ -0,0 +1,675 @@
+/* ccapi/server/ccs_list_internal.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_list_internal.h"
+#include "cci_array_internal.h"
+#include "cci_identifier.h"
+#include "ccs_server.h"
+
+typedef enum {
+    ccs_list_action_insert,
+    ccs_list_action_remove,
+    ccs_list_action_push_front
+} ccs_list_action_enum;
+
+/* ------------------------------------------------------------------------ */
+
+struct ccs_list_d {
+    cci_array_t objects;
+    cci_array_t iterators;
+
+    cc_int32 object_not_found_err;
+    cc_int32 iterator_not_found_err;
+
+    ccs_object_compare_identifier_t object_compare_identifier;
+};
+
+struct ccs_list_d ccs_list_initializer = { NULL, NULL, -1, -1, NULL };
+
+/* ------------------------------------------------------------------------ */
+
+struct ccs_list_iterator_d {
+    cci_identifier_t identifier;
+    ccs_pipe_t client_pipe;
+    ccs_list_t list;
+    cc_uint64 current;
+};
+
+struct ccs_list_iterator_d ccs_list_iterator_initializer = { NULL, CCS_PIPE_NULL, NULL, 0 };
+
+static cc_int32 ccs_list_iterator_new (ccs_list_iterator_t *out_list_iterator,
+                                       ccs_list_t           in_list,
+                                       ccs_pipe_t           in_client_pipe);
+
+static cc_int32 ccs_list_iterator_object_release (cci_array_object_t io_list_iterator);
+
+static cc_int32 ccs_list_iterator_update (ccs_list_iterator_t  io_list_iterator,
+                                          ccs_list_action_enum in_action,
+                                          cc_uint64 in_object_index);
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_new (ccs_list_t                      *out_list,
+                       cc_int32                         in_object_not_found_err,
+                       cc_int32                         in_iterator_not_found_err,
+                       ccs_object_compare_identifier_t  in_object_compare_identifier,
+                       ccs_object_release_t             in_object_release)
+{
+    cc_int32 err = ccNoError;
+    ccs_list_t list = NULL;
+
+    if (!out_list) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        list = malloc (sizeof (*list));
+        if (list) {
+            *list = ccs_list_initializer;
+            list->object_not_found_err = in_object_not_found_err;
+            list->iterator_not_found_err = in_iterator_not_found_err;
+            list->object_compare_identifier = in_object_compare_identifier;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = cci_array_new (&list->objects, in_object_release);
+    }
+
+    if (!err) {
+        err = cci_array_new (&list->iterators, ccs_list_iterator_object_release);
+    }
+
+    if (!err) {
+        *out_list = list;
+        list = NULL;
+    }
+
+    ccs_list_release (list);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_release (ccs_list_t io_list)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_list) {
+        cci_array_release (io_list->iterators);
+        cci_array_release (io_list->objects);
+        free (io_list);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_new_iterator (ccs_list_t           io_list,
+                                ccs_pipe_t           in_client_pipe,
+                                ccs_list_iterator_t *out_list_iterator)
+{
+    return cci_check_error (ccs_list_iterator_new (out_list_iterator,
+                                                   io_list,
+                                                   in_client_pipe));
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_release_iterator (ccs_list_t       io_list,
+                                    cci_identifier_t in_identifier)
+{
+    cc_int32 err = ccNoError;
+    ccs_list_iterator_t iterator = NULL;
+
+    if (!io_list      ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_list_find_iterator (io_list, in_identifier, &iterator);
+    }
+
+    if (!err) {
+        err = ccs_list_iterator_release (iterator);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_count (ccs_list_t  in_list,
+                         cc_uint64  *out_count)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_list  ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_count) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_count = cci_array_count (in_list->objects);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static ccs_list_iterator_t ccs_list_iterator_at_index (ccs_list_t in_list,
+						       cc_uint64  in_index)
+{
+    return (ccs_list_iterator_t) cci_array_object_at_index (in_list->iterators, in_index);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_list_find_index (ccs_list_t        in_list,
+                                     cci_identifier_t  in_identifier,
+                                     cc_uint64        *out_object_index)
+{
+    cc_int32 err = ccNoError;
+    cc_int32 found = 0;
+
+    if (!in_list         ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier   ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_object_index) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && !found) {
+        cc_uint64 i;
+
+        for (i = 0; !err && i < cci_array_count (in_list->objects); i++) {
+            cc_uint32 equal = 0;
+            cci_array_object_t object = cci_array_object_at_index (in_list->objects, i);
+
+            err = in_list->object_compare_identifier (object, in_identifier, &equal);
+
+            if (!err && equal) {
+                found = 1;
+                *out_object_index = i;
+                break;
+            }
+        }
+    }
+
+    if (!err && !found) {
+        err = cci_check_error (in_list->object_not_found_err);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+cc_int32 ccs_list_find (ccs_list_t         in_list,
+                        cci_identifier_t   in_identifier,
+                        ccs_list_object_t *out_object)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 i;
+
+    if (!in_list      ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+    if (!out_object   ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_list_find_index (in_list, in_identifier, &i);
+    }
+
+    if (!err) {
+        *out_object = cci_array_object_at_index (in_list->objects, i);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_list_find_iterator_index (ccs_list_t        in_list,
+                                              cci_identifier_t  in_identifier,
+                                              cc_uint64        *out_object_index)
+{
+    cc_int32 err = ccNoError;
+    cc_int32 found = 0;
+
+    if (!in_list         ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier   ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_object_index) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err && !found) {
+        cc_uint64 i;
+
+        for (i = 0; !err && i < cci_array_count (in_list->iterators); i++) {
+            cc_uint32 equal = 0;
+            ccs_list_iterator_t iterator = ccs_list_iterator_at_index (in_list, i);
+
+            err = cci_identifier_compare (iterator->identifier, in_identifier, &equal);
+
+            if (!err && equal) {
+                found = 1;
+                *out_object_index = i;
+                break;
+            }
+        }
+    }
+
+    if (!err && !found) {
+        // Don't report this error to the log file.  Non-fatal.
+        return in_list->object_not_found_err;
+    } else {
+        return cci_check_error (err);
+    }
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_find_iterator (ccs_list_t           in_list,
+                                 cci_identifier_t     in_identifier,
+                                 ccs_list_iterator_t *out_list_iterator)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 i;
+
+    if (!in_list          ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier    ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_list_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_list_find_iterator_index (in_list, in_identifier, &i);
+    }
+
+    if (!err) {
+        *out_list_iterator = ccs_list_iterator_at_index (in_list, i);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_add (ccs_list_t        io_list,
+                       ccs_list_object_t in_object)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 add_index;
+
+    if (!io_list  ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_object) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        add_index = cci_array_count (io_list->objects);
+
+        err = cci_array_insert (io_list->objects, in_object, add_index);
+    }
+
+    if (!err) {
+        /* Fixup iterator indexes */
+        cc_uint64 i;
+
+        for (i = 0; !err && i < cci_array_count (io_list->iterators); i++) {
+            ccs_list_iterator_t iterator = ccs_list_iterator_at_index (io_list, i);
+
+            err = ccs_list_iterator_update (iterator, ccs_list_action_insert, add_index);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_remove (ccs_list_t       io_list,
+                          cci_identifier_t in_identifier)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 remove_index;
+
+    if (!io_list      ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_list_find_index (io_list, in_identifier, &remove_index);
+    }
+
+    if (!err) {
+        err = cci_array_remove (io_list->objects, remove_index);
+    }
+
+    if (!err) {
+        /* Fixup iterator indexes */
+        cc_uint64 i;
+
+        for (i = 0; !err && i < cci_array_count (io_list->iterators); i++) {
+            ccs_list_iterator_t iterator = ccs_list_iterator_at_index (io_list, i);
+
+            err = ccs_list_iterator_update (iterator, ccs_list_action_remove, remove_index);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_push_front (ccs_list_t       io_list,
+                              cci_identifier_t in_identifier)
+{
+    cc_int32 err = ccNoError;
+    cc_uint64 push_front_index;
+
+    if (!io_list      ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_list_find_index (io_list, in_identifier, &push_front_index);
+    }
+
+    if (!err) {
+        err = cci_array_push_front (io_list->objects, push_front_index);
+    }
+
+    if (!err) {
+        /* Fixup iterator indexes */
+        cc_uint64 i;
+
+        for (i = 0; !err && i < cci_array_count (io_list->iterators); i++) {
+            ccs_list_iterator_t iterator = ccs_list_iterator_at_index (io_list, i);
+
+            err = ccs_list_iterator_update (iterator,
+                                            ccs_list_action_push_front,
+                                            push_front_index);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_list_iterator_new (ccs_list_iterator_t *out_list_iterator,
+                                       ccs_list_t           io_list,
+                                       ccs_pipe_t           in_client_pipe)
+{
+    cc_int32 err = ccNoError;
+    ccs_list_iterator_t list_iterator = NULL;
+
+    if (!out_list_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!io_list          ) { err = cci_check_error (ccErrBadParam); }
+    /* client_pipe may be NULL if the iterator exists for internal server use */
+
+    if (!err) {
+        list_iterator = malloc (sizeof (*list_iterator));
+        if (list_iterator) {
+            *list_iterator = ccs_list_iterator_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = ccs_server_new_identifier (&list_iterator->identifier);
+    }
+
+    if (!err) {
+        list_iterator->list = io_list;
+        list_iterator->current = 0;
+
+        err = cci_array_insert (io_list->iterators,
+                                (cci_array_object_t) list_iterator,
+				cci_array_count (io_list->iterators));
+    }
+
+    if (!err && ccs_pipe_valid (in_client_pipe)) {
+        ccs_client_t client = NULL;
+
+        err = ccs_pipe_copy (&list_iterator->client_pipe, in_client_pipe);
+
+        if (!err) {
+            err = ccs_server_client_for_pipe (in_client_pipe, &client);
+        }
+
+        if (!err) {
+            err = ccs_client_add_iterator (client, list_iterator);
+        }
+    }
+
+    if (!err) {
+        *out_list_iterator = list_iterator;
+        list_iterator = NULL;
+    }
+
+    ccs_list_iterator_release (list_iterator);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_iterator_write (ccs_list_iterator_t in_list_iterator,
+                                  k5_ipc_stream        in_stream)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_list_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!in_stream       ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_identifier_write (in_list_iterator->identifier,
+                                    in_stream);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_iterator_clone (ccs_list_iterator_t  in_list_iterator,
+                                  ccs_list_iterator_t *out_list_iterator)
+{
+    cc_int32 err = ccNoError;
+    ccs_list_iterator_t list_iterator = NULL;
+
+    if (!in_list_iterator ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_list_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_list_iterator_new (&list_iterator,
+                                     in_list_iterator->list,
+                                     in_list_iterator->client_pipe);
+    }
+
+    if (!err) {
+        list_iterator->current = in_list_iterator->current;
+
+        *out_list_iterator = list_iterator;
+        list_iterator = NULL;
+    }
+
+    ccs_list_iterator_release (list_iterator);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_list_iterator_object_release (cci_array_object_t io_list_iterator)
+{
+    cc_int32 err = ccNoError;
+    ccs_list_iterator_t list_iterator = (ccs_list_iterator_t) io_list_iterator;
+
+    if (!io_list_iterator) { err = ccErrBadParam; }
+
+    if (!err && ccs_pipe_valid (list_iterator->client_pipe)) {
+	ccs_client_t client = NULL;
+
+        err = ccs_server_client_for_pipe (list_iterator->client_pipe, &client);
+
+        if (!err && client) {
+	    /* if client object still has a reference to us, remove it */
+	    err = ccs_client_remove_iterator (client, list_iterator);
+        }
+    }
+
+    if (!err) {
+        ccs_pipe_release (list_iterator->client_pipe);
+        cci_identifier_release (list_iterator->identifier);
+        free (io_list_iterator);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_iterator_release (ccs_list_iterator_t io_list_iterator)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_list_iterator) {
+        cc_uint64 i = 0;
+
+        if (ccs_list_find_iterator_index (io_list_iterator->list,
+                                          io_list_iterator->identifier,
+                                          &i) == ccNoError) {
+            /* cci_array_remove will call ccs_list_iterator_object_release */
+            err = cci_array_remove (io_list_iterator->list->iterators, i);
+        } else {
+            cci_debug_printf ("Warning: iterator not in iterator list!");
+        }
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_iterator_invalidate (ccs_list_iterator_t io_list_iterator)
+{
+    cc_int32 err = ccNoError;
+    ccs_list_iterator_t list_iterator = (ccs_list_iterator_t) io_list_iterator;
+
+    if (!io_list_iterator) { err = ccErrBadParam; }
+
+    if (!err) {
+        /* Client owner died.  Remove client reference and then the iterator. */
+        if (ccs_pipe_valid (list_iterator->client_pipe)) {
+            ccs_pipe_release (list_iterator->client_pipe);
+            list_iterator->client_pipe = CCS_PIPE_NULL;
+        }
+
+        err = ccs_list_iterator_release (io_list_iterator);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_iterator_current (ccs_list_iterator_t  io_list_iterator,
+                                    ccs_list_object_t   *out_object)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_list_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!out_object      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        if (io_list_iterator->current < cci_array_count (io_list_iterator->list->objects)) {
+            *out_object = cci_array_object_at_index (io_list_iterator->list->objects,
+                                                     io_list_iterator->current);
+        } else {
+            err = ccIteratorEnd;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_list_iterator_next (ccs_list_iterator_t  io_list_iterator,
+                                 ccs_list_object_t   *out_object)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_list_iterator) { err = cci_check_error (ccErrBadParam); }
+    if (!out_object      ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        if (io_list_iterator->current < cci_array_count (io_list_iterator->list->objects)) {
+            *out_object = cci_array_object_at_index (io_list_iterator->list->objects,
+                                                     io_list_iterator->current);
+            io_list_iterator->current++;
+        } else {
+            err = ccIteratorEnd;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_list_iterator_update (ccs_list_iterator_t  io_list_iterator,
+                                          ccs_list_action_enum in_action,
+                                          cc_uint64            in_object_index)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_list_iterator) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        /* When the list changes adjust the current index so that */
+        /* we don't unnecessarily skip or double count items      */
+        if (in_action == ccs_list_action_insert) {
+            if (io_list_iterator->current > in_object_index) {
+                io_list_iterator->current++;
+            }
+
+        } else if (in_action == ccs_list_action_remove) {
+            if (io_list_iterator->current >= in_object_index) {
+                io_list_iterator->current--;
+            }
+
+        } else if (in_action == ccs_list_action_push_front) {
+            if (io_list_iterator->current < in_object_index) {
+                io_list_iterator->current++;
+            }
+
+        } else {
+            err = cci_check_error (ccErrBadParam);
+        }
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_list_internal.h b/krb5-1.21.3/src/ccapi/server/ccs_list_internal.h
new file mode 100644
index 00000000..08cfa201
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_list_internal.h
@@ -0,0 +1,94 @@
+/* ccapi/server/ccs_list_internal.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_LIST_INTERNAL_H
+#define CCS_LIST_INTERNAL_H
+
+#include "ccs_common.h"
+#include "cci_array_internal.h"
+
+struct ccs_list_d;
+typedef struct ccs_list_d *ccs_list_t;
+
+struct ccs_list_iterator_d;
+typedef struct ccs_list_iterator_d *ccs_list_iterator_t;
+
+typedef cci_array_object_t ccs_list_object_t;
+typedef cc_int32 (*ccs_object_release_t) (ccs_list_object_t);
+typedef cc_int32 (*ccs_object_compare_identifier_t) (ccs_list_object_t, cci_identifier_t, cc_uint32 *);
+
+cc_int32 ccs_list_new (ccs_list_t                      *out_list,
+                       cc_int32                         in_object_not_found_err,
+                       cc_int32                         in_iterator_not_found_err,
+                       ccs_object_compare_identifier_t  in_object_compare_identifier,
+                       ccs_object_release_t             in_object_release);
+
+cc_int32 ccs_list_release (ccs_list_t io_list);
+
+cc_int32 ccs_list_new_iterator (ccs_list_t           io_list,
+                                ccs_pipe_t           in_client_pipe,
+                                ccs_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_list_release_iterator (ccs_list_t       io_list,
+                                    cci_identifier_t in_identifier);
+
+cc_int32 ccs_list_count (ccs_list_t  in_list,
+                         cc_uint64  *out_count);
+
+cc_int32 ccs_list_find (ccs_list_t         in_list,
+                        cci_identifier_t   in_identifier,
+                        ccs_list_object_t *out_object);
+
+cc_int32 ccs_list_find_iterator (ccs_list_t           in_list,
+                                 cci_identifier_t     in_identifier,
+                                 ccs_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_list_add (ccs_list_t        io_list,
+                       ccs_list_object_t in_object);
+
+cc_int32 ccs_list_remove (ccs_list_t       io_list,
+                          cci_identifier_t in_identifier);
+
+cc_int32 ccs_list_push_front (ccs_list_t       io_list,
+                              cci_identifier_t in_identifier);
+
+
+cc_int32 ccs_list_iterator_write (ccs_list_iterator_t in_list_iterator,
+                                  k5_ipc_stream        in_stream);
+
+cc_int32 ccs_list_iterator_clone (ccs_list_iterator_t  in_list_iterator,
+                                  ccs_list_iterator_t *out_list_iterator);
+
+cc_int32 ccs_list_iterator_current (ccs_list_iterator_t  io_list_iterator,
+                                    ccs_list_object_t   *out_object);
+
+cc_int32 ccs_list_iterator_next (ccs_list_iterator_t  io_list_iterator,
+                                 ccs_list_object_t   *out_object);
+
+cc_int32 ccs_list_iterator_invalidate (ccs_list_iterator_t io_list_iterator);
+
+cc_int32 ccs_list_iterator_release (ccs_list_iterator_t io_list_iterator);
+
+#endif /* CCS_LIST_INTERNAL_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_lock.c b/krb5-1.21.3/src/ccapi/server/ccs_lock.c
new file mode 100644
index 00000000..06886f8c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_lock.c
@@ -0,0 +1,248 @@
+/* ccapi/server/ccs_lock.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+struct ccs_lock_d {
+    cc_uint32 type;
+    ccs_lock_state_t lock_state_owner;
+    ccs_callback_t callback;
+};
+
+struct ccs_lock_d ccs_lock_initializer = { 0, NULL, NULL };
+
+static cc_int32 ccs_lock_invalidate_callback (ccs_callback_owner_t io_lock,
+					      ccs_callback_t       in_callback);
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_new (ccs_lock_t       *out_lock,
+                       cc_uint32         in_type,
+                       cc_int32          in_invalid_object_err,
+                       ccs_pipe_t        in_client_pipe,
+                       ccs_pipe_t        in_reply_pipe,
+                       ccs_lock_state_t  in_lock_state_owner)
+{
+    cc_int32 err = ccNoError;
+    ccs_lock_t lock = NULL;
+
+    if (!out_lock                       ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_lock_state_owner            ) { err = cci_check_error (ccErrBadParam); }
+
+    if (in_type != cc_lock_read &&
+        in_type != cc_lock_write &&
+        in_type != cc_lock_upgrade &&
+        in_type != cc_lock_downgrade) {
+        err = cci_check_error (ccErrBadLockType);
+    }
+
+    if (!err) {
+        lock = malloc (sizeof (*lock));
+        if (lock) {
+            *lock = ccs_lock_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        lock->type = in_type;
+        lock->lock_state_owner = in_lock_state_owner;
+
+        err = ccs_callback_new (&lock->callback,
+				in_invalid_object_err,
+				in_client_pipe,
+				in_reply_pipe,
+				(ccs_callback_owner_t) lock,
+				ccs_lock_invalidate_callback);
+    }
+
+    if (!err) {
+        *out_lock = lock;
+        lock = NULL;
+    }
+
+    ccs_lock_release (lock);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_release (ccs_lock_t io_lock)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_lock) {
+	ccs_callback_release (io_lock->callback);
+        free (io_lock);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_invalidate_callback (ccs_callback_owner_t io_lock,
+					      ccs_callback_t       in_callback)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_lock    ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_callback) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	ccs_lock_t lock = (ccs_lock_t) io_lock;
+
+	err = ccs_lock_state_invalidate_lock (lock->lock_state_owner, lock);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_grant_lock (ccs_lock_t io_lock)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_lock) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	err = ccs_callback_reply_to_client (io_lock->callback, NULL);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint32 ccs_lock_is_pending (ccs_lock_t  in_lock,
+                               cc_uint32  *out_pending)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_lock    ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_pending) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	err = ccs_callback_is_pending (in_lock->callback, out_pending);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_type (ccs_lock_t  in_lock,
+                        cc_uint32  *out_lock_type)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_lock      ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_lock_type) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_lock_type = in_lock->type;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_is_read_lock (ccs_lock_t  in_lock,
+                                cc_uint32  *out_is_read_lock)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_lock         ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_is_read_lock) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_is_read_lock = (in_lock->type == cc_lock_read ||
+                             in_lock->type == cc_lock_downgrade);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_is_write_lock (ccs_lock_t  in_lock,
+                                 cc_uint32  *out_is_write_lock)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_lock          ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_is_write_lock) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        *out_is_write_lock = (in_lock->type == cc_lock_write ||
+                              in_lock->type == cc_lock_upgrade);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_is_for_client_pipe (ccs_lock_t     in_lock,
+                                      ccs_pipe_t     in_client_pipe,
+                                      cc_uint32     *out_is_for_client_pipe)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_lock                        ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!out_is_for_client_pipe         ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	err = ccs_callback_is_for_client_pipe (in_lock->callback, in_client_pipe,
+					       out_is_for_client_pipe);
+    }
+
+    return cci_check_error (err);
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_client_pipe (ccs_lock_t  in_lock,
+                               ccs_pipe_t *out_client_pipe)
+{
+    cc_int32 err = ccNoError;
+
+    if (!in_lock        ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_client_pipe) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+	err = ccs_callback_client_pipe (in_lock->callback, out_client_pipe);
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_lock.h b/krb5-1.21.3/src/ccapi/server/ccs_lock.h
new file mode 100644
index 00000000..71863ab1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_lock.h
@@ -0,0 +1,61 @@
+/* ccapi/server/ccs_lock.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_LOCK_H
+#define CCS_LOCK_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_lock_new (ccs_lock_t       *out_lock,
+                       cc_uint32         in_type,
+                       cc_int32          in_invalid_object_err,
+                       ccs_pipe_t        in_client_pipe,
+                       ccs_pipe_t        in_reply_pipe,
+                       ccs_lock_state_t  in_lock_state_owner);
+
+cc_int32 ccs_lock_release (ccs_lock_t io_lock);
+
+cc_int32 ccs_lock_grant_lock (ccs_lock_t io_lock);
+
+cc_uint32 ccs_lock_is_pending (ccs_lock_t  in_lock,
+                               cc_uint32  *out_pending);
+
+cc_int32 ccs_lock_type (ccs_lock_t  in_lock,
+                        cc_uint32  *out_lock_type);
+
+cc_int32 ccs_lock_is_read_lock (ccs_lock_t  in_lock,
+                                cc_uint32  *out_is_read_lock);
+
+cc_int32 ccs_lock_is_write_lock (ccs_lock_t  in_lock,
+                                 cc_uint32  *out_is_write_lock);
+
+cc_int32 ccs_lock_is_for_client_pipe (ccs_lock_t     in_lock,
+                                      ccs_pipe_t     in_client_pipe,
+                                      cc_uint32     *out_is_for_client_pipe);
+
+cc_int32 ccs_lock_client_pipe (ccs_lock_t  in_lock,
+                               ccs_pipe_t *out_client_pipe);
+
+#endif /* CCS_LOCK_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_lock_state.c b/krb5-1.21.3/src/ccapi/server/ccs_lock_state.c
new file mode 100644
index 00000000..681661ea
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_lock_state.c
@@ -0,0 +1,525 @@
+/* ccapi/server/ccs_lock_state.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+
+struct ccs_lock_state_d {
+    cc_int32 invalid_object_err;
+    cc_int32 pending_lock_err;
+    cc_int32 no_lock_err;
+    ccs_lock_array_t locks;
+    cc_uint64 first_pending_lock_index;
+};
+
+struct ccs_lock_state_d ccs_lock_state_initializer = { 1, 1, 1, NULL, 0 };
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state,
+                             cc_int32          in_invalid_object_err,
+                             cc_int32          in_pending_lock_err,
+                             cc_int32          in_no_lock_err)
+{
+    cc_int32 err = ccNoError;
+    ccs_lock_state_t lock_state = NULL;
+
+    if (!out_lock_state) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        lock_state = malloc (sizeof (*lock_state));
+        if (lock_state) {
+            *lock_state = ccs_lock_state_initializer;
+        } else {
+            err = cci_check_error (ccErrNoMem);
+        }
+    }
+
+    if (!err) {
+        err = ccs_lock_array_new (&lock_state->locks);
+    }
+
+    if (!err) {
+        lock_state->invalid_object_err = in_invalid_object_err;
+        lock_state->pending_lock_err = in_pending_lock_err;
+        lock_state->no_lock_err = in_no_lock_err;
+
+        *out_lock_state = lock_state;
+        lock_state = NULL;
+    }
+
+    ccs_lock_state_release (lock_state);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_state_release (ccs_lock_state_t io_lock_state)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err && io_lock_state) {
+        ccs_lock_array_release (io_lock_state->locks);
+        free (io_lock_state);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_status_add_pending_lock (ccs_lock_state_t  io_lock_state,
+                                                  ccs_pipe_t        in_client_pipe,
+                                                  ccs_pipe_t        in_reply_pipe,
+                                                  cc_uint32         in_lock_type,
+                                                  cc_uint64        *out_lock_index)
+{
+    cc_int32 err = ccNoError;
+    ccs_lock_t lock = NULL;
+
+    if (!io_lock_state                  ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_lock_new (&lock, in_lock_type,
+                            io_lock_state->invalid_object_err,
+                            in_client_pipe, in_reply_pipe,
+                            io_lock_state);
+    }
+
+    if (!err) {
+        err = ccs_lock_array_insert (io_lock_state->locks, lock,
+                                     ccs_lock_array_count (io_lock_state->locks));
+        if (!err) { lock = NULL; /* take ownership */ }
+    }
+
+    if (!err) {
+        *out_lock_index = ccs_lock_array_count (io_lock_state->locks) - 1;
+    }
+
+    ccs_lock_release (lock);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_status_remove_lock (ccs_lock_state_t io_lock_state,
+                                             cc_uint64        in_lock_index)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_lock_state) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_lock_array_remove (io_lock_state->locks, in_lock_index);
+
+        if (!err && in_lock_index < io_lock_state->first_pending_lock_index) {
+            io_lock_state->first_pending_lock_index--;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_status_grant_lock (ccs_lock_state_t io_lock_state,
+                                            cc_uint64        in_pending_lock_index)
+{
+    cc_int32 err = ccNoError;
+    ccs_lock_t pending_lock = NULL;
+    cc_uint32 type = 0;
+
+    if (!io_lock_state) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        pending_lock = ccs_lock_array_object_at_index (io_lock_state->locks,
+                                                       in_pending_lock_index);
+        if (!pending_lock || in_pending_lock_index < io_lock_state->first_pending_lock_index) {
+            err = cci_check_error (ccErrBadParam);
+        }
+    }
+
+    if (!err) {
+        err = ccs_lock_type (pending_lock, &type);
+    }
+
+    if (!err && (type == cc_lock_upgrade || type == cc_lock_downgrade)) {
+        /* lock upgrades or downgrades.  Find the old lock and remove it. */
+        ccs_pipe_t pending_client_pipe = CCS_PIPE_NULL;
+
+        err = ccs_lock_client_pipe (pending_lock, &pending_client_pipe);
+
+        if (!err) {
+            cc_uint64 i;
+
+            for (i = 0; !err && i < io_lock_state->first_pending_lock_index; i++) {
+                ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
+                cc_uint32 is_lock_for_client = 0;
+
+                err = ccs_lock_is_for_client_pipe (lock, pending_client_pipe, &is_lock_for_client);
+
+                if (!err && is_lock_for_client) {
+                    cci_debug_printf ("%s: Removing old lock %p at index %d to replace with pending lock %p.",
+                                      __FUNCTION__, lock, (int) i, pending_lock);
+                    err = ccs_lock_status_remove_lock (io_lock_state, i);
+                    if (!err) { i--; in_pending_lock_index--; /* We removed one so back up an index */ }
+                    break;
+                }
+            }
+        }
+    }
+
+    if (!err) {
+        cc_uint64 new_lock_index = 0;
+
+        err = ccs_lock_array_move (io_lock_state->locks,
+                                   in_pending_lock_index,
+                                   io_lock_state->first_pending_lock_index,
+                                   &new_lock_index);
+        if (!err) { io_lock_state->first_pending_lock_index++; }
+    }
+
+    if (!err) {
+        err = ccs_lock_grant_lock (pending_lock);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_state_check_pending_lock (ccs_lock_state_t  io_lock_state,
+                                                   ccs_pipe_t        in_pending_lock_client_pipe,
+                                                   cc_uint32         in_pending_lock_type,
+                                                   cc_uint32        *out_grant_lock)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 is_write_locked = 0;
+    cc_uint32 client_has_lock = 0;
+    cc_uint32 other_clients_have_locks = 0;
+    cc_uint32 client_lock_type = 0;
+    cc_uint64 client_lock_index = 0;
+    cc_uint32 grant_lock = 0;
+
+    if (!io_lock_state                               ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_pending_lock_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!out_grant_lock                              ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint64 i;
+        cc_uint64 lock_count = io_lock_state->first_pending_lock_index;
+
+        for (i = 0; !err && i < lock_count; i++) {
+            ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
+            cc_uint32 lock_type = 0;
+            cc_uint32 lock_is_for_client = 0;
+
+            err = ccs_lock_type (lock, &lock_type);
+
+            if (!err) {
+                err = ccs_lock_is_for_client_pipe (lock, in_pending_lock_client_pipe,
+                                                   &lock_is_for_client);
+            }
+
+            if (!err) {
+                if (lock_type == cc_lock_write || lock_type == cc_lock_upgrade) {
+                    is_write_locked = 1;
+                }
+
+                if (!lock_is_for_client) {
+                    other_clients_have_locks = 1;
+
+                } else if (!client_has_lock) { /* only record type of 1st lock */
+                    client_has_lock = 1;
+                    client_lock_type = lock_type;
+                    client_lock_index = i;
+                }
+            }
+        }
+    }
+
+    if (!err) {
+        cc_uint64 lock_count = io_lock_state->first_pending_lock_index;
+
+        if (in_pending_lock_type == cc_lock_write) {
+            if (client_has_lock) {
+                err = cci_check_error (ccErrBadLockType);
+            } else {
+                grant_lock = (lock_count == 0);
+            }
+
+        } else if (in_pending_lock_type == cc_lock_read) {
+            if (client_has_lock) {
+                err = cci_check_error (ccErrBadLockType);
+            } else {
+                grant_lock = !is_write_locked;
+            }
+
+        } else if (in_pending_lock_type == cc_lock_upgrade) {
+            if (!client_has_lock || (client_lock_type != cc_lock_read &&
+                                     client_lock_type != cc_lock_downgrade)) {
+                err = cci_check_error (ccErrBadLockType);
+            } else {
+                /* don't grant if other clients have read locks */
+                grant_lock = !other_clients_have_locks;
+            }
+
+        } else if (in_pending_lock_type == cc_lock_downgrade) {
+            if (!client_has_lock || (client_lock_type != cc_lock_write &&
+                                     client_lock_type != cc_lock_upgrade)) {
+                err = cci_check_error (ccErrBadLockType);
+            } else {
+                /* downgrades can never block */
+                grant_lock = 1;
+            }
+        } else {
+            err = cci_check_error (ccErrBadLockType);
+        }
+    }
+
+    if (!err) {
+        *out_grant_lock = grant_lock;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_lock_status_try_to_grant_pending_locks (ccs_lock_state_t io_lock_state)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 done = 0;
+
+    if (!io_lock_state) { err = cci_check_error (ccErrBadParam); }
+
+    /* Look at the pending locks and see if we can grant them.
+     * Note that downgrade locks mean we must check all pending locks each pass
+     * since a downgrade lock might be last in the list. */
+
+    while (!err && !done) {
+        cc_uint64 i;
+        cc_uint64 count = ccs_lock_array_count (io_lock_state->locks);
+        cc_uint32 granted_lock = 0;
+
+        for (i = io_lock_state->first_pending_lock_index; !err && i < count; i++) {
+            ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
+            cc_uint32 lock_type = 0;
+            ccs_pipe_t client_pipe = CCS_PIPE_NULL;
+            cc_uint32 can_grant_lock_now = 0;
+
+            err = ccs_lock_client_pipe (lock, &client_pipe);
+
+            if (!err) {
+                err = ccs_lock_type (lock, &lock_type);
+            }
+
+            if (!err) {
+                err = ccs_lock_state_check_pending_lock (io_lock_state, client_pipe,
+                                                         lock_type, &can_grant_lock_now);
+            }
+
+            if (!err && can_grant_lock_now) {
+                err = ccs_lock_status_grant_lock (io_lock_state, i);
+                if (!err) { granted_lock = 1; }
+            }
+        }
+
+        if (!err && !granted_lock) {
+            /* we walked over all the locks and couldn't grant any of them */
+            done = 1;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_state_add (ccs_lock_state_t  io_lock_state,
+                             ccs_pipe_t        in_client_pipe,
+                             ccs_pipe_t        in_reply_pipe,
+                             cc_uint32         in_lock_type,
+                             cc_uint32         in_block,
+                             cc_uint32        *out_will_send_reply)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 can_grant_lock_now = 0;
+
+    if (!io_lock_state                  ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_send_reply            ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        /* Sanity check: if there are any pending locks for this client
+         * the client must have timed out waiting for our reply.  Remove any
+         * existing pending locks for the client. */
+        cc_uint64 i;
+
+        for (i = io_lock_state->first_pending_lock_index; !err && i < ccs_lock_array_count (io_lock_state->locks); i++) {
+            ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
+            cc_uint32 has_pending_lock_for_client = 0;
+
+            err = ccs_lock_is_for_client_pipe (lock, in_client_pipe, &has_pending_lock_for_client);
+
+            if (!err && has_pending_lock_for_client) {
+                cci_debug_printf ("WARNING %s: Removing unexpected pending lock %p at index %d.",
+                                  __FUNCTION__, lock, (int) i);
+                err = ccs_lock_status_remove_lock (io_lock_state, i);
+                if (!err) { i--;  /* We removed one so back up an index */ }
+            }
+        }
+    }
+
+    if (!err) {
+        err = ccs_lock_state_check_pending_lock (io_lock_state, in_client_pipe,
+                                                 in_lock_type, &can_grant_lock_now);
+    }
+
+    if (!err) {
+        if (!can_grant_lock_now && (in_block == cc_lock_noblock)) {
+            err = cci_check_error (io_lock_state->pending_lock_err);
+
+        } else {
+            cc_uint64 new_lock_index = 0;
+
+            err = ccs_lock_status_add_pending_lock (io_lock_state,
+                                                    in_client_pipe,
+                                                    in_reply_pipe,
+                                                    in_lock_type,
+                                                    &new_lock_index);
+
+            if (!err && can_grant_lock_now) {
+                err = ccs_lock_status_grant_lock (io_lock_state, new_lock_index);
+
+                if (!err && (in_lock_type == cc_lock_downgrade)) {
+                    /* downgrades can allow us to grant other locks */
+                    err = ccs_lock_status_try_to_grant_pending_locks (io_lock_state);
+                }
+            }
+        }
+    }
+
+    if (!err) {
+        /* ccs_lock_state_add sends its replies via callback so caller shouldn't */
+        *out_will_send_reply = 1;
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_state_remove (ccs_lock_state_t io_lock_state,
+                                ccs_pipe_t       in_client_pipe)
+{
+    cc_int32 err = ccNoError;
+    cc_uint32 found_lock = 0;
+
+    if (!io_lock_state                  ) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint64 i;
+
+        /* Remove all locks for this client.
+         * There should only be one so warn if there are multiple */
+        for (i = 0; !err && i < io_lock_state->first_pending_lock_index; i++) {
+            ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
+            cc_uint32 is_for_client = 0;
+
+            err = ccs_lock_is_for_client_pipe (lock, in_client_pipe, &is_for_client);
+
+            if (!err && is_for_client) {
+                if (found_lock) {
+                    cci_debug_printf ("WARNING %s: Found multiple locks for client.",
+                                      __FUNCTION__);
+                }
+
+                found_lock = 1;
+
+                cci_debug_printf ("%s: Removing lock %p at index %d.", __FUNCTION__, lock, (int) i);
+                err = ccs_lock_status_remove_lock (io_lock_state, i);
+                if (!err) { i--;  /* We removed one so back up an index */ }
+            }
+        }
+    }
+
+    if (!err && !found_lock) {
+        err = cci_check_error (io_lock_state->no_lock_err);
+    }
+
+    if (!err) {
+        err = ccs_lock_status_try_to_grant_pending_locks (io_lock_state);
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_lock_state_invalidate_lock (ccs_lock_state_t io_lock_state,
+                                         ccs_lock_t       in_lock)
+{
+    cc_int32 err = ccNoError;
+
+    if (!io_lock_state) { err = ccErrBadParam; }
+
+    if (!err) {
+        cc_uint64 i;
+        cc_uint64 count = ccs_lock_array_count (io_lock_state->locks);
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
+
+            if (lock == in_lock) {
+                err = ccs_lock_status_remove_lock (io_lock_state, i);
+
+                if (!err) {
+                    err = ccs_lock_status_try_to_grant_pending_locks (io_lock_state);
+                    break;
+                }
+            }
+        }
+    }
+
+    return cci_check_error (err);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_lock_state.h b/krb5-1.21.3/src/ccapi/server/ccs_lock_state.h
new file mode 100644
index 00000000..de91fca4
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_lock_state.h
@@ -0,0 +1,51 @@
+/* ccapi/server/ccs_lock_state.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_LOCK_STATE_H
+#define CCS_LOCK_STATE_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state,
+                             cc_int32          in_invalid_object_err,
+                             cc_int32          in_pending_lock_err,
+                             cc_int32          in_no_lock_err);
+
+cc_int32 ccs_lock_state_release (ccs_lock_state_t io_lock_state);
+
+cc_int32 ccs_lock_state_add (ccs_lock_state_t  io_lock_state,
+                             ccs_pipe_t        in_client_pipe,
+                             ccs_pipe_t        in_reply_pipe,
+                             cc_uint32         in_lock_type,
+                             cc_uint32         in_block,
+                             cc_uint32        *out_will_send_reply);
+
+cc_int32 ccs_lock_state_remove (ccs_lock_state_t io_lock_state,
+                                ccs_pipe_t       in_client_pipe);
+
+cc_int32 ccs_lock_state_invalidate_lock (ccs_lock_state_t io_lock_state,
+                                         ccs_lock_t       in_lock);
+
+#endif /* CCS_LOCK_STATE_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_os_notify.h b/krb5-1.21.3/src/ccapi/server/ccs_os_notify.h
new file mode 100644
index 00000000..4021568f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_os_notify.h
@@ -0,0 +1,37 @@
+/* ccapi/server/ccs_os_notify.h */
+/*
+ * Copyright 2006-2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_OS_NOTIFY_H
+#define CCS_OS_NOTIFY_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_os_notify_cache_collection_changed (ccs_cache_collection_t io_cache_collection);
+
+cc_int32 ccs_os_notify_ccache_changed (ccs_cache_collection_t  io_cache_collection,
+                                       const char             *in_ccache_name);
+
+
+#endif /* CCS_OS_NOTIFY_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_os_pipe.h b/krb5-1.21.3/src/ccapi/server/ccs_os_pipe.h
new file mode 100644
index 00000000..4f6a379c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_os_pipe.h
@@ -0,0 +1,42 @@
+/* ccapi/server/ccs_os_pipe.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_OS_PIPE_H
+#define CCS_OS_PIPE_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_os_pipe_valid (ccs_pipe_t in_pipe);
+
+cc_int32 ccs_os_pipe_compare (ccs_pipe_t  in_pipe,
+                              ccs_pipe_t  in_compare_to_pipe,
+                              cc_uint32  *out_equal);
+
+cc_int32 ccs_os_pipe_copy (ccs_pipe_t *out_pipe,
+			   ccs_pipe_t  in_pipe);
+
+cc_int32 ccs_os_pipe_release (ccs_pipe_t io_pipe);
+
+#endif /* CCS_OS_PIPE_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_os_server.h b/krb5-1.21.3/src/ccapi/server/ccs_os_server.h
new file mode 100644
index 00000000..dc89f1d6
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_os_server.h
@@ -0,0 +1,40 @@
+/* ccapi/server/ccs_os_server.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_OS_SERVER_H
+#define CCS_OS_SERVER_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_os_server_initialize (int argc, const char *argv[]);
+
+cc_int32 ccs_os_server_cleanup (int argc, const char *argv[]);
+
+cc_int32 ccs_os_server_listen_loop (int argc, const char *argv[]);
+
+cc_int32 ccs_os_server_send_reply (ccs_pipe_t   in_reply_pipe,
+                                   k5_ipc_stream in_reply_stream);
+
+#endif /* CCS_OS_SERVER_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_pipe.c b/krb5-1.21.3/src/ccapi/server/ccs_pipe.c
new file mode 100644
index 00000000..37744f61
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_pipe.c
@@ -0,0 +1,58 @@
+/* ccapi/server/ccs_pipe.c */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+#include "ccs_os_pipe.h"
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_pipe_valid (ccs_pipe_t in_pipe)
+{
+    return ccs_os_pipe_valid (in_pipe);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_pipe_compare (ccs_pipe_t  in_pipe,
+                           ccs_pipe_t  in_compare_to_pipe,
+                           cc_uint32  *out_equal)
+{
+    return ccs_os_pipe_compare (in_pipe, in_compare_to_pipe, out_equal);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_pipe_copy (ccs_pipe_t *out_pipe,
+			ccs_pipe_t  in_pipe)
+{
+    return ccs_os_pipe_copy (out_pipe, in_pipe);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_pipe_release (ccs_pipe_t io_pipe)
+{
+    return ccs_os_pipe_release (io_pipe);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_pipe.h b/krb5-1.21.3/src/ccapi/server/ccs_pipe.h
new file mode 100644
index 00000000..6e4f9efa
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_pipe.h
@@ -0,0 +1,42 @@
+/* ccapi/server/ccs_pipe.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_PIPE_H
+#define CCS_PIPE_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_pipe_valid (ccs_pipe_t in_pipe);
+
+cc_int32 ccs_pipe_compare (ccs_pipe_t  in_pipe,
+                           ccs_pipe_t  in_compare_to_pipe,
+                           cc_uint32  *out_equal);
+
+cc_int32 ccs_pipe_copy (ccs_pipe_t *out_pipe,
+			ccs_pipe_t  in_pipe);
+
+cc_int32 ccs_pipe_release (ccs_pipe_t io_pipe);
+
+#endif /* CCS_PIPE_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_server.c b/krb5-1.21.3/src/ccapi/server/ccs_server.c
new file mode 100644
index 00000000..1fc8d2c5
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_server.c
@@ -0,0 +1,408 @@
+/* ccapi/server/ccs_server.c */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+#include "ccs_os_server.h"
+
+/* Server Globals: */
+
+cci_uuid_string_t g_server_id = NULL;
+ccs_cache_collection_t g_cache_collection = NULL;
+ccs_client_array_t g_client_array = NULL;
+
+/* ------------------------------------------------------------------------ */
+
+int main (int argc, const char *argv[])
+{
+    cc_int32 err = 0;
+
+    if (!err) {
+        err = ccs_os_server_initialize (argc, argv);
+    }
+
+    if (!err) {
+        err = cci_identifier_new_uuid (&g_server_id);
+    }
+
+    if (!err) {
+        err = ccs_cache_collection_new (&g_cache_collection);
+    }
+
+    if (!err) {
+        err = ccs_client_array_new (&g_client_array);
+    }
+
+    if (!err) {
+        err = ccs_os_server_listen_loop (argc, argv);
+    }
+
+    if (!err) {
+        free (g_server_id);
+        cci_check_error (ccs_cache_collection_release (g_cache_collection));
+        cci_check_error (ccs_client_array_release (g_client_array));
+
+        err = ccs_os_server_cleanup (argc, argv);
+    }
+
+    return cci_check_error (err) ? 1 : 0;
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_new_identifier (cci_identifier_t *out_identifier)
+{
+    return cci_check_error (cci_identifier_new (out_identifier,
+                                                g_server_id));
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_add_client (ccs_pipe_t in_connection_pipe)
+{
+    cc_int32 err = ccNoError;
+    ccs_client_t client = NULL;
+
+    if (!err) {
+        err = ccs_client_new (&client, in_connection_pipe);
+    }
+
+    if (!err) {
+        cci_debug_printf ("%s: Adding client %p.", __FUNCTION__, client);
+        err = ccs_client_array_insert (g_client_array,
+                                       client,
+                                       ccs_client_array_count (g_client_array));
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_remove_client (ccs_pipe_t in_connection_pipe)
+{
+    cc_int32 err = ccNoError;
+
+    if (!err) {
+        cc_uint64 i;
+        cc_uint64 count = ccs_client_array_count (g_client_array);
+        cc_uint32 found = 0;
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_client_t client = ccs_client_array_object_at_index (g_client_array, i);
+
+            err = ccs_client_uses_pipe (client, in_connection_pipe, &found);
+
+            if (!err && found) {
+                cci_debug_printf ("%s: Removing client %p.", __FUNCTION__, client);
+                err = ccs_client_array_remove (g_client_array, i);
+                break;
+            }
+        }
+
+        if (!err && !found) {
+            cci_debug_printf ("WARNING %s() didn't find client in client list.",
+                              __FUNCTION__);
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_client_for_pipe (ccs_pipe_t    in_client_pipe,
+                                     ccs_client_t *out_client)
+{
+    cc_int32 err = ccNoError;
+    ccs_client_t client_for_pipe = NULL;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!out_client                     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        cc_uint64 i;
+        cc_uint64 count = ccs_client_array_count (g_client_array);
+
+        for (i = 0; !err && i < count; i++) {
+            ccs_client_t client = ccs_client_array_object_at_index (g_client_array, i);
+            cc_uint32 uses_pipe = 0;
+
+            err = ccs_client_uses_pipe (client, in_client_pipe, &uses_pipe);
+
+            if (!err && uses_pipe) {
+                client_for_pipe = client;
+                break;
+            }
+        }
+    }
+
+    if (!err) {
+        *out_client = client_for_pipe; /* may be NULL if not found */
+    }
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_client_is_valid (ccs_pipe_t  in_client_pipe,
+                                     cc_uint32  *out_client_is_valid)
+{
+    cc_int32 err = ccNoError;
+    ccs_client_t client = NULL;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!out_client_is_valid            ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = ccs_server_client_for_pipe (in_client_pipe, &client);
+    }
+
+    if (!err) {
+        *out_client_is_valid = (client != NULL);
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+static cc_int32 ccs_server_request_demux (ccs_pipe_t              in_client_pipe,
+                                          ccs_pipe_t              in_reply_pipe,
+                                          ccs_cache_collection_t  in_cache_collection,
+                                          enum cci_msg_id_t       in_request_name,
+                                          cci_identifier_t        in_request_identifier,
+                                          k5_ipc_stream            in_request_data,
+                                          cc_uint32              *out_will_block,
+                                          k5_ipc_stream           *out_reply_data)
+{
+    cc_int32 err = ccNoError;
+
+    if (!ccs_pipe_valid (in_reply_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request_data               ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_will_block                ) { err = cci_check_error (ccErrBadParam); }
+    if (!out_reply_data                ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        if (in_request_name > cci_context_first_msg_id &&
+            in_request_name < cci_context_last_msg_id) {
+            /* Note: context identifier doesn't need to match.
+             * Client just uses the identifier to detect server relaunch. */
+
+            if (!err) {
+                err = ccs_cache_collection_handle_message (in_client_pipe,
+                                                           in_reply_pipe,
+                                                           in_cache_collection,
+                                                           in_request_name,
+                                                           in_request_data,
+                                                           out_will_block,
+                                                           out_reply_data);
+            }
+
+        } else if (in_request_name > cci_ccache_first_msg_id &&
+                   in_request_name < cci_ccache_last_msg_id) {
+            ccs_ccache_t ccache = NULL;
+
+            err = ccs_cache_collection_find_ccache (in_cache_collection,
+                                                    in_request_identifier,
+                                                    &ccache);
+
+            if (!err) {
+                err = ccs_ccache_handle_message (in_client_pipe,
+                                                 in_reply_pipe,
+                                                 ccache,
+                                                 in_cache_collection,
+                                                 in_request_name,
+                                                 in_request_data,
+                                                 out_will_block,
+                                                 out_reply_data);
+            }
+
+        } else if (in_request_name > cci_ccache_iterator_first_msg_id &&
+                   in_request_name < cci_ccache_iterator_last_msg_id) {
+            ccs_ccache_iterator_t ccache_iterator = NULL;
+
+            err = ccs_cache_collection_find_ccache_iterator (in_cache_collection,
+                                                             in_request_identifier,
+                                                             &ccache_iterator);
+
+            if (!err) {
+                err = ccs_ccache_iterator_handle_message (ccache_iterator,
+                                                          in_cache_collection,
+                                                          in_request_name,
+                                                          in_request_data,
+                                                          out_reply_data);
+            }
+
+            if (!err) {
+                *out_will_block = 0; /* can't block */
+            }
+
+        } else if (in_request_name > cci_credentials_iterator_first_msg_id &&
+                   in_request_name < cci_credentials_iterator_last_msg_id) {
+            ccs_credentials_iterator_t credentials_iterator = NULL;
+            ccs_ccache_t ccache = NULL;
+
+            err = ccs_cache_collection_find_credentials_iterator (in_cache_collection,
+                                                                  in_request_identifier,
+                                                                  &ccache,
+                                                                  &credentials_iterator);
+
+            if (!err) {
+                err = ccs_credentials_iterator_handle_message (credentials_iterator,
+                                                               ccache,
+                                                               in_request_name,
+                                                               in_request_data,
+                                                               out_reply_data);
+            }
+
+            if (!err) {
+                *out_will_block = 0; /* can't block */
+            }
+
+        } else {
+            err = ccErrBadInternalMessage;
+        }
+    }
+
+    return cci_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_handle_request (ccs_pipe_t     in_client_pipe,
+                                    ccs_pipe_t     in_reply_pipe,
+                                    k5_ipc_stream   in_request)
+{
+    cc_int32 err = ccNoError;
+    enum cci_msg_id_t request_name = 0;
+    cci_identifier_t request_identifier = NULL;
+    cc_uint32 will_block = 0;
+    k5_ipc_stream reply_data = NULL;
+
+    if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+    if (!in_request                     ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_message_read_request_header (in_request,
+                                               &request_name,
+                                               &request_identifier);
+    }
+
+    if (!err) {
+        cc_uint32 server_err = 0;
+        cc_uint32 valid = 0;
+        ccs_cache_collection_t cache_collection = g_cache_collection;
+
+        server_err = cci_identifier_is_for_server (request_identifier,
+                                                   g_server_id,
+                                                   &valid);
+
+        if (!server_err && !valid) {
+            server_err = cci_message_invalid_object_err (request_name);
+        }
+
+        if (!server_err) {
+
+            /* Monolithic server implementation would need to select
+             * cache collection here.  Currently we only support per-user
+             * servers so we always use the same cache collection. */
+
+            server_err = ccs_server_request_demux (in_client_pipe,
+                                                   in_reply_pipe,
+                                                   cache_collection,
+                                                   request_name,
+                                                   request_identifier,
+                                                   in_request,
+                                                   &will_block,
+                                                   &reply_data);
+        }
+
+        if (server_err || !will_block) {
+
+            /* send a reply now if the server isn't blocked on something */
+            err = ccs_server_send_reply (in_reply_pipe, server_err, reply_data);
+        }
+    }
+
+    cci_identifier_release (request_identifier);
+    krb5int_ipc_stream_release (reply_data);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_server_send_reply (ccs_pipe_t     in_reply_pipe,
+                                cc_int32       in_reply_err,
+                                k5_ipc_stream   in_reply_data)
+{
+    cc_int32 err = ccNoError;
+    k5_ipc_stream reply = NULL;
+
+    if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
+
+    if (!err) {
+        err = cci_message_new_reply_header (&reply, in_reply_err);
+    }
+
+    if (!err && in_reply_data && krb5int_ipc_stream_size (in_reply_data) > 0) {
+        err = krb5int_ipc_stream_write (reply,
+                                krb5int_ipc_stream_data (in_reply_data),
+                                krb5int_ipc_stream_size (in_reply_data));
+    }
+
+    if (!err) {
+        err = ccs_os_server_send_reply (in_reply_pipe, reply);
+    }
+
+    krb5int_ipc_stream_release (reply);
+
+    return cci_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+cc_uint64 ccs_server_client_count ()
+{
+    return ccs_client_array_count (g_client_array);
+}
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_server.h b/krb5-1.21.3/src/ccapi/server/ccs_server.h
new file mode 100644
index 00000000..e920ad93
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_server.h
@@ -0,0 +1,53 @@
+/* ccapi/server/ccs_server.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_SERVER_H
+#define CCS_SERVER_H
+
+#include "ccs_types.h"
+
+cc_int32 ccs_server_new_identifier (cci_identifier_t *out_identifier);
+
+cc_int32 ccs_server_add_client (ccs_pipe_t in_connection_pipe);
+
+cc_int32 ccs_server_remove_client (ccs_pipe_t in_connection_pipe);
+
+cc_int32 ccs_server_client_for_pipe (ccs_pipe_t    in_client_pipe,
+                                     ccs_client_t *out_client);
+
+cc_int32 ccs_server_client_is_valid (ccs_pipe_t  in_client_pipe,
+                                     cc_uint32  *out_client_is_valid);
+
+cc_int32 ccs_server_handle_request (ccs_pipe_t     in_client_pipe,
+                                    ccs_pipe_t     in_reply_pipe,
+                                    k5_ipc_stream   in_request);
+
+cc_int32 ccs_server_send_reply (ccs_pipe_t     in_reply_pipe,
+                                cc_int32       in_reply_err,
+                                k5_ipc_stream   in_reply_data);
+
+cc_uint64 ccs_server_client_count ();
+
+#endif /* CCS_SERVER_H */
diff --git a/krb5-1.21.3/src/ccapi/server/ccs_types.h b/krb5-1.21.3/src/ccapi/server/ccs_types.h
new file mode 100644
index 00000000..773b3166
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/ccs_types.h
@@ -0,0 +1,120 @@
+/* ccapi/server/ccs_types.h */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef CCS_TYPES_H
+#define CCS_TYPES_H
+
+#ifdef WIN32
+#pragma warning ( disable : 4068)
+#endif
+
+#include "cci_types.h"
+
+struct cci_array_d;
+
+typedef struct cci_array_d *ccs_client_array_t;
+
+typedef struct cci_array_d *ccs_callback_array_t;
+
+typedef struct cci_array_d *ccs_callbackref_array_t;
+
+typedef struct cci_array_d *ccs_iteratorref_array_t;
+
+typedef struct cci_array_d *ccs_lock_array_t;
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ccs_os_pipe_t is IPC-specific so it's special cased here */
+
+#if TARGET_OS_MAC
+#include <mach/mach_types.h>
+typedef mach_port_t ccs_pipe_t;  /* Mach IPC port */
+#define CCS_PIPE_NULL MACH_PORT_NULL
+
+#else
+
+#ifdef WIN32
+/* On Windows, a pipe is s struct: */
+#include "ccs_win_pipe.h"
+typedef struct ccs_win_pipe_t* ccs_pipe_t;
+#define CCS_PIPE_NULL (ccs_pipe_t)NULL
+
+#else
+typedef int ccs_pipe_t; /* Unix domain socket */
+#define CCS_PIPE_NULL -1
+
+#endif
+#endif
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+struct ccs_callback_d;
+typedef struct ccs_callback_d *ccs_callback_t;
+
+struct ccs_list_d;
+struct ccs_list_iterator_d;
+
+/* Used for iterator array invalidate function */
+typedef struct ccs_list_iterator_d *ccs_generic_list_iterator_t;
+
+typedef struct ccs_list_d *ccs_cache_collection_list_t;
+
+typedef struct ccs_list_d *ccs_ccache_list_t;
+typedef struct ccs_list_iterator_d *ccs_ccache_list_iterator_t;
+
+typedef struct ccs_list_d *ccs_credentials_list_t;
+typedef struct ccs_list_iterator_d *ccs_credentials_list_iterator_t;
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+struct ccs_client_d;
+typedef struct ccs_client_d *ccs_client_t;
+
+struct ccs_lock_d;
+typedef struct ccs_lock_d *ccs_lock_t;
+
+struct ccs_lock_state_d;
+typedef struct ccs_lock_state_d *ccs_lock_state_t;
+
+struct ccs_credentials_d;
+typedef struct ccs_credentials_d *ccs_credentials_t;
+
+typedef ccs_credentials_list_iterator_t ccs_credentials_iterator_t;
+
+struct ccs_ccache_d;
+typedef struct ccs_ccache_d *ccs_ccache_t;
+
+typedef ccs_ccache_list_iterator_t ccs_ccache_iterator_t;
+
+struct ccs_cache_collection_d;
+typedef struct ccs_cache_collection_d *ccs_cache_collection_t;
+
+#endif /* CCS_TYPES_H */
diff --git a/krb5-1.21.3/src/ccapi/server/deps b/krb5-1.21.3/src/ccapi/server/deps
new file mode 100644
index 00000000..31582f58
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/deps
@@ -0,0 +1,170 @@
+# 
+# Generated makefile dependencies follow.
+#
+ccs_array.so ccs_array.po $(OUTPRE)ccs_array.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \
+  $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \
+  $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \
+  $(srcdir)/../common/cci_types.h ccs_array.c ccs_array.h \
+  ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \
+  ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \
+  ccs_pipe.h ccs_server.h ccs_types.h
+ccs_cache_collection.so ccs_cache_collection.po $(OUTPRE)ccs_cache_collection.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.c ccs_cache_collection.h \
+  ccs_callback.h ccs_ccache.h ccs_ccache_iterator.h ccs_client.h \
+  ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \
+  ccs_list.h ccs_lock.h ccs_lock_state.h ccs_os_notify.h \
+  ccs_pipe.h ccs_server.h ccs_types.h
+ccs_callback.so ccs_callback.po $(OUTPRE)ccs_callback.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.c ccs_callback.h \
+  ccs_ccache.h ccs_ccache_iterator.h ccs_client.h ccs_common.h \
+  ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \
+  ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
+  ccs_types.h
+ccs_ccache.so ccs_ccache.po $(OUTPRE)ccs_ccache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.c \
+  ccs_ccache.h ccs_ccache_iterator.h ccs_client.h ccs_common.h \
+  ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \
+  ccs_lock.h ccs_lock_state.h ccs_os_notify.h ccs_pipe.h \
+  ccs_server.h ccs_types.h
+ccs_ccache_iterator.so ccs_ccache_iterator.po $(OUTPRE)ccs_ccache_iterator.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.c ccs_ccache_iterator.h ccs_client.h \
+  ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \
+  ccs_list.h ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
+  ccs_types.h
+ccs_client.so ccs_client.po $(OUTPRE)ccs_client.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.c ccs_client.h ccs_common.h \
+  ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \
+  ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
+  ccs_types.h
+ccs_credentials.so ccs_credentials.po $(OUTPRE)ccs_credentials.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.c \
+  ccs_credentials.h ccs_credentials_iterator.h ccs_list.h \
+  ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
+  ccs_types.h
+ccs_credentials_iterator.so ccs_credentials_iterator.po \
+  $(OUTPRE)ccs_credentials_iterator.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \
+  ccs_credentials_iterator.c ccs_credentials_iterator.h \
+  ccs_list.h ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
+  ccs_types.h
+ccs_list.so ccs_list.po $(OUTPRE)ccs_list.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \
+  $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \
+  $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \
+  $(srcdir)/../common/cci_types.h ccs_array.h ccs_cache_collection.h \
+  ccs_callback.h ccs_ccache.h ccs_ccache_iterator.h ccs_client.h \
+  ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \
+  ccs_list.c ccs_list.h ccs_list_internal.h ccs_lock.h \
+  ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h
+ccs_list_internal.so ccs_list_internal.po $(OUTPRE)ccs_list_internal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \
+  $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \
+  $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \
+  $(srcdir)/../common/cci_types.h ccs_array.h ccs_cache_collection.h \
+  ccs_callback.h ccs_ccache.h ccs_ccache_iterator.h ccs_client.h \
+  ccs_common.h ccs_credentials.h ccs_credentials_iterator.h \
+  ccs_list.h ccs_list_internal.c ccs_list_internal.h \
+  ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
+  ccs_types.h
+ccs_lock.so ccs_lock.po $(OUTPRE)ccs_lock.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \
+  ccs_credentials_iterator.h ccs_list.h ccs_lock.c ccs_lock.h \
+  ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h
+ccs_lock_state.so ccs_lock_state.po $(OUTPRE)ccs_lock_state.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \
+  ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.c \
+  ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h
+ccs_pipe.so ccs_pipe.po $(OUTPRE)ccs_pipe.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \
+  ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \
+  ccs_os_pipe.h ccs_pipe.c ccs_pipe.h ccs_server.h ccs_types.h
+ccs_server.so ccs_server.po $(OUTPRE)ccs_server.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
+  $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
+  $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
+  ccs_array.h ccs_cache_collection.h ccs_callback.h ccs_ccache.h \
+  ccs_ccache_iterator.h ccs_client.h ccs_common.h ccs_credentials.h \
+  ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \
+  ccs_os_server.h ccs_pipe.h ccs_server.c ccs_server.h \
+  ccs_types.h
diff --git a/krb5-1.21.3/src/ccapi/server/unix/Makefile.in b/krb5-1.21.3/src/ccapi/server/unix/Makefile.in
new file mode 100644
index 00000000..b3743f06
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/unix/Makefile.in
@@ -0,0 +1,12 @@
+mydir=ccapi$(S)server$(S)unix
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+STLIBOBJS=
+OBJS=
+SRCS=
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/ccapi/server/unix/deps b/krb5-1.21.3/src/ccapi/server/unix/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/unix/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/ccapi/server/win/Makefile.in b/krb5-1.21.3/src/ccapi/server/win/Makefile.in
new file mode 100644
index 00000000..1c925a28
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/Makefile.in
@@ -0,0 +1,114 @@
+# makefile: Constructs the Kerberos for Windows CCAPI server.
+
+#BUILDTOP is krb5/src and is relative to krb5/src/ccapi/server/win, for making Makefile.
+BUILDTOP=..\..\..
+CCAPI   = $(BUILDTOP)\CCAPI
+CO      = $(CCAPI)\common
+COWIN   = $(CCAPI)\common\win
+CCUTIL  = $(CCAPI)\common\win\OldCC
+SRVDIR  = $(CCAPI)\server
+SRVWIN  = $(SRVDIR)\win
+POSIX   = $(BUILDTOP)\lib\krb5\posix
+SRCTMP  = $(SRVWIN)\srctmp
+
+!if defined(KRB5_KFW_COMPILE)
+KFWINC= /I$(BUILDTOP)\..\..\krbcc\include
+!endif
+
+OBJS	= $(OUTPRE)cci_array_internal.$(OBJEXT) \
+          $(OUTPRE)cci_cred_union.$(OBJEXT) \
+          $(OUTPRE)cci_debugging.$(OBJEXT) \
+          $(OUTPRE)cci_identifier.$(OBJEXT) \
+          $(OUTPRE)cci_message.$(OBJEXT) \
+          $(OUTPRE)cci_os_debugging.$(OBJEXT) \
+          $(OUTPRE)cci_os_identifier.$(OBJEXT) \
+          $(OUTPRE)ccs_array.$(OBJEXT) \
+          $(OUTPRE)ccs_cache_collection.$(OBJEXT) \
+          $(OUTPRE)ccs_callback.$(OBJEXT) \
+          $(OUTPRE)ccs_ccache.$(OBJEXT) \
+          $(OUTPRE)ccs_ccache_iterator.$(OBJEXT) \
+          $(OUTPRE)ccs_client.$(OBJEXT) \
+          $(OUTPRE)ccs_credentials.$(OBJEXT) \
+          $(OUTPRE)ccs_credentials_iterator.$(OBJEXT) \
+          $(OUTPRE)ccs_list.$(OBJEXT) \
+          $(OUTPRE)ccs_list_internal.$(OBJEXT) \
+          $(OUTPRE)ccs_lock.$(OBJEXT) \
+          $(OUTPRE)ccs_lock_state.$(OBJEXT) \
+          $(OUTPRE)ccs_os_pipe.$(OBJEXT) \
+          $(OUTPRE)ccs_os_server.$(OBJEXT) \
+          $(OUTPRE)ccs_pipe.$(OBJEXT) \
+          $(OUTPRE)ccs_reply_c.$(OBJEXT) \
+          $(OUTPRE)ccs_request_proc.$(OBJEXT) \
+          $(OUTPRE)ccs_server.$(OBJEXT) \
+          $(OUTPRE)ccs_win_pipe.$(OBJEXT) \
+          $(OUTPRE)ccs_request_s.$(OBJEXT) \
+          $(OUTPRE)ccutils.$(OBJEXT) \
+          $(OUTPRE)init.$(OBJEXT) \
+          $(OUTPRE)opts.$(OBJEXT) \
+          $(OUTPRE)secure.$(OBJEXT) \
+          $(OUTPRE)tls.$(OBJEXT) \
+          $(OUTPRE)util.$(OBJEXT) \
+          $(OUTPRE)win-utils.$(OBJEXT) \
+          $(OUTPRE)WorkItem.$(OBJEXT) \
+          $(OUTPRE)WorkQueue.$(OBJEXT)
+
+##### Options
+
+# Because all the sources are pulled together into the temp directory SRCTMP,
+#  the only includes we need are to directories outside of ccapi.
+LOCALINCLUDES = /I..\$(BUILDTOP) /I..\$(BUILDTOP)\include /I..\$(BUILDTOP)\include\krb5 $(KFWINC) \
+    -I..\$(BUILDTOP)\util\et /I.
+MIDLI  = /I..\$(BUILDTOP)\include
+
+CPPFLAGS = $(CPPFLAGS) /EHsc -D_CRTAPI1=_cdecl -D_CRTAPI2=_cdecl -DWINVER=0x0501 \
+-D_WIN32_WINNT=0x0501 -D_CRT_SECURE_NO_WARNINGS
+
+##### Linker
+LINK	= link
+LIBS	= ..\$(SLIB) rpcrt4.lib advapi32.lib ws2_32.lib user32.lib
+LFLAGS	= /nologo $(LOPTS)
+
+
+all: Makefile copysrc midl $(OUTPRE)ccapiserver.exe finish
+
+ccs_request.h ccs_request_c.c ccs_request_s.c : ccs_request.idl ccs_request.acf
+    midl $(MIDL_OPTIMIZATION) $(MIDLI) -oldnames -cpp_cmd $(CC) -cpp_opt "-E" \
+    ccs_request.idl
+
+ccs_reply.h   ccs_reply_c.c   ccs_reply_s.c   : ccs_reply.idl   ccs_reply.acf
+    midl $(MIDL_OPTIMIZATION) $(MIDLI) -oldnames -cpp_cmd $(CC) -cpp_opt "-E" \
+    ccs_reply.idl
+
+copysrc :
+    echo "Copying all sources needed to build ccapiserver.exe to $(SRCTMP)"
+    if NOT exist $(SRCTMP)\nul mkdir $(SRCTMP)
+    xcopy /D/Y   $(CO)\*.*     $(SRCTMP)
+    xcopy /D/Y   $(COWIN)\*.*  $(SRCTMP)
+    xcopy /D/Y   $(CCUTIL)\*.* $(SRCTMP)
+    xcopy /D/Y   $(SRVDIR)\*.* $(SRCTMP)
+    xcopy /D/Y   $(SRVWIN)\*.* $(SRCTMP)
+    cd $(SRCTMP)
+    if NOT exist $(OUTPRE)\nul mkdir $(OUTPRE)
+
+midl : ccs_request.h ccs_reply.h
+
+VERSIONRC = $(BUILDTOP)\..\windows\version.rc
+CCAPISERVERRES = $(OUTPRE)ccapiserver.res
+$(CCAPISERVERRES): $(VERSIONRC)
+	$(RC) $(RCFLAGS) -DCCAPISERVER_APP -fo $@ -r $**
+
+$(OUTPRE)ccapiserver.exe: $(OBJS) $(CCAPISERVERRES)
+	$(LINK) $(LFLAGS) /map:$*.map /out:$@ $(OBJS) $(LIBS) $(CCAPISERVERRES) $(conlibsdll) $(conflags)
+
+finish :
+    @echo "Finished building ccapiserver.exe"
+    cd
+
+clean:
+	if exist $(OUTPRE)*.exe del $(OUTPRE)*.exe
+	if exist $(OUTPRE)*.obj del $(OUTPRE)*.obj
+	if exist $(OUTPRE)*.res del $(OUTPRE)*.res
+	if exist $(OUTPRE)*.map del $(OUTPRE)*.map
+	if exist $(OUTPRE)*.pdb del $(OUTPRE)*.pdb
+	if exist *.err del *.err
+    if exist $(SRCTMP) rmdir /s /q $(SRCTMP)
diff --git a/krb5-1.21.3/src/ccapi/server/win/Server.sln b/krb5-1.21.3/src/ccapi/server/win/Server.sln
new file mode 100644
index 00000000..ea1bd455
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/Server.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Server", "Server.vcproj", "{114DCD80-6D13-4AAA-9510-B51CE6D94C1C}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{114DCD80-6D13-4AAA-9510-B51CE6D94C1C}.Debug|Win32.ActiveCfg = Debug|Win32
+		{114DCD80-6D13-4AAA-9510-B51CE6D94C1C}.Debug|Win32.Build.0 = Debug|Win32
+		{114DCD80-6D13-4AAA-9510-B51CE6D94C1C}.Release|Win32.ActiveCfg = Release|Win32
+		{114DCD80-6D13-4AAA-9510-B51CE6D94C1C}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/krb5-1.21.3/src/ccapi/server/win/Server.vcproj b/krb5-1.21.3/src/ccapi/server/win/Server.vcproj
new file mode 100644
index 00000000..626c7a3c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/Server.vcproj
@@ -0,0 +1,227 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="8.00"
+	Name="Server"
+	ProjectGUID="{114DCD80-6D13-4AAA-9510-B51CE6D94C1C}"
+	RootNamespace="Server"
+	Keyword="MakeFileProj"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="Debug"
+			IntermediateDirectory="Debug"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="nmake"
+				ReBuildCommandLine="nmake"
+				CleanCommandLine="nmake clean"
+				Output=""
+				PreprocessorDefinitions="WIN32;_DEBUG;"
+				IncludeSearchPath=""
+				ForcedIncludes=""
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="Release"
+			IntermediateDirectory="Release"
+			ConfigurationType="0"
+			>
+			<Tool
+				Name="VCNMakeTool"
+				BuildCommandLine="nmake"
+				ReBuildCommandLine="nmake"
+				CleanCommandLine="nmake clean"
+				Output=""
+				PreprocessorDefinitions="WIN32;NDEBUG;"
+				IncludeSearchPath=""
+				ForcedIncludes=""
+				AssemblySearchPath=""
+				ForcedUsingAssemblies=""
+				CompileAsManaged=""
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
+			<File
+				RelativePath="..\..\common\cci_debugging.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\cci_os_debugging.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\cci_stream.h"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_reply.h"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_request.h"
+				>
+			</File>
+			<File
+				RelativePath="..\ccs_server.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\ccutils.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\init.hxx"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\include\k5-platform.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\secure.hxx"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\util.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\win-utils.h"
+				>
+			</File>
+			<File
+				RelativePath=".\workitem.h"
+				>
+			</File>
+			<File
+				RelativePath=".\WorkQueue.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
+		</Filter>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
+			<File
+				RelativePath="..\..\common\cci_debugging.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\cci_os_debugging.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\cci_stream.c"
+				>
+			</File>
+			<File
+				RelativePath="..\ccs_lock.c"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_os_pipe.c"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_os_server.cpp"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccs_reply.Idl"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_reply_c.c"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_reply_s.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccs_request.idl"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_request_c.c"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_request_proc.c"
+				>
+			</File>
+			<File
+				RelativePath=".\ccs_request_s.cpp"
+				>
+			</File>
+			<File
+				RelativePath="..\ccs_server.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\ccutils.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\init.cxx"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\secure.cxx"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\ccutil\util.cxx"
+				>
+			</File>
+			<File
+				RelativePath="..\..\common\win\win-utils.c"
+				>
+			</File>
+			<File
+				RelativePath=".\WorkItem.cpp"
+				>
+			</File>
+			<File
+				RelativePath=".\WorkQueue.cpp"
+				>
+			</File>
+		</Filter>
+		<File
+			RelativePath="..\..\common\win\ccs_reply.Acf"
+			>
+		</File>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/krb5-1.21.3/src/ccapi/server/win/WorkItem.cpp b/krb5-1.21.3/src/ccapi/server/win/WorkItem.cpp
new file mode 100644
index 00000000..79a34873
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/WorkItem.cpp
@@ -0,0 +1,142 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <string.h>
+#include "assert.h"
+
+#pragma warning (disable : 4996)
+
+#include "win-utils.h"
+#include "WorkItem.h"
+
+extern "C" {
+#include "cci_debugging.h"
+    }
+
+// CountedBuffer makes a copy of the data.  Each CountedBuffer must be deleted.
+
+void deleteBuffer(char** buf) {
+    if (*buf) {
+        delete [](*buf);
+        *buf = NULL;
+        }
+    }
+
+// WorkItem contains a CountedBuffer which must be deleted,
+//  so each WorkItem must be deleted.
+WorkItem::WorkItem(k5_ipc_stream buf, WIN_PIPE* pipe, const long type, const long sst)
+: _buf(buf), _rpcmsg(type), _pipe(pipe), _sst(sst) { }
+
+WorkItem::WorkItem(const WorkItem& item) : _buf(NULL), _rpcmsg(0), _pipe(NULL), _sst(0) {
+
+    k5_ipc_stream    _buf = NULL;
+    krb5int_ipc_stream_new(&_buf);
+    krb5int_ipc_stream_write(_buf,
+                     krb5int_ipc_stream_data(item.payload()),
+                     krb5int_ipc_stream_size(item.payload()) );
+    WorkItem(_buf, item._pipe, item._rpcmsg, item._sst);
+    }
+
+WorkItem::WorkItem() : _buf(NULL), _rpcmsg(CCMSG_INVALID), _pipe(NULL), _sst(0) { }
+
+WorkItem::~WorkItem() {
+    if (_buf)   krb5int_ipc_stream_release(_buf);
+    if (_pipe)  ccs_win_pipe_release(_pipe);
+    }
+
+const k5_ipc_stream WorkItem::take_payload() {
+    k5_ipc_stream temp  = payload();
+    _buf                = NULL;
+    return temp;
+    }
+
+WIN_PIPE* WorkItem::take_pipe() {
+    WIN_PIPE* temp  = pipe();
+    _pipe           = NULL;
+    return temp;
+    }
+
+WorkList::WorkList() {
+    assert(InitializeCriticalSectionAndSpinCount(&cs, 0x80000400));
+    }
+
+WorkList::~WorkList() {
+    // Delete any WorkItems in the queue:
+    WorkItem*   item;
+    cci_debug_printf("%s", __FUNCTION__);
+    char        buf[2048];
+    char*       pbuf        = (char*)buf;
+    while (remove(&item)) {
+        cci_debug_printf("WorkList::~WorkList() deleting %s", item->print(pbuf));
+        delete item;
+        }
+
+    DeleteCriticalSection(&cs);
+    }
+
+char* WorkItem::print(char* buf) {
+    sprintf(buf, "WorkItem msg#:%d sst:%ld pipe:<%s>/0x%X", _rpcmsg, _sst,
+        ccs_win_pipe_getUuid(_pipe), ccs_win_pipe_getHandle(_pipe));
+    return buf;
+    }
+
+int WorkList::initialize() {
+    hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
+    return 0;
+    }
+
+int WorkList::cleanup() {
+    CloseHandle(hEvent);
+    hEvent = INVALID_HANDLE_VALUE;
+    return 0;
+    }
+
+void WorkList::wait() {
+    WaitForSingleObject(hEvent, INFINITE);
+    }
+
+int WorkList::add(WorkItem* item) {
+    EnterCriticalSection(&cs);
+        wl.push_front(item);
+    LeaveCriticalSection(&cs);
+    SetEvent(hEvent);
+    return 1;
+    }
+
+int WorkList::remove(WorkItem** item) {
+    bool    bEmpty;
+
+    bEmpty = wl.empty() & 1;
+
+    if (!bEmpty) {
+        EnterCriticalSection(&cs);
+            *item    = wl.back();
+            wl.pop_back();
+        LeaveCriticalSection(&cs);
+        }
+
+    return !bEmpty;
+    }
diff --git a/krb5-1.21.3/src/ccapi/server/win/WorkQueue.cpp b/krb5-1.21.3/src/ccapi/server/win/WorkQueue.cpp
new file mode 100644
index 00000000..fc5fa7e1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/WorkQueue.cpp
@@ -0,0 +1,74 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "WorkQueue.h"
+extern "C" {
+    #include "cci_debugging.h"
+    }
+
+#include "WorkItem.h"
+
+WorkList    worklist;
+
+EXTERN_C    int worklist_initialize() {
+        return worklist.initialize();
+        }
+
+EXTERN_C    int worklist_cleanup() {
+        return worklist.cleanup();
+        }
+
+EXTERN_C    void worklist_wait() {
+        worklist.wait();
+        }
+
+/* C interfaces: */
+EXTERN_C    BOOL worklist_isEmpty() {
+        return worklist.isEmpty() ? TRUE : FALSE;
+        }
+
+EXTERN_C    int worklist_add(   const long          rpcmsg,
+                                const ccs_pipe_t    pipe,
+                                const k5_ipc_stream stream,
+                                const time_t        serverStartTime) {
+        return worklist.add(new WorkItem(stream, pipe, rpcmsg, serverStartTime) );
+        }
+
+EXTERN_C    int  worklist_remove(long*              rpcmsg,
+                                 ccs_pipe_t*        pipe,
+                                 k5_ipc_stream*      stream,
+                                 time_t*            sst) {
+        WorkItem*   item    = NULL;
+        cc_int32    err     = worklist.remove(&item);
+
+        *rpcmsg         = item->type();
+        *pipe           = item->take_pipe();
+        *stream         = item->take_payload();
+        *sst            = item->sst();
+        delete item;
+        return err;
+        }
+
diff --git a/krb5-1.21.3/src/ccapi/server/win/WorkQueue.h b/krb5-1.21.3/src/ccapi/server/win/WorkQueue.h
new file mode 100644
index 00000000..68aa8b1c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/WorkQueue.h
@@ -0,0 +1,51 @@
+/* ccapi/server/win/WorkQueue.h */
+/*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef _work_queue_h
+#define _work_queue_h
+
+#include "windows.h"
+#include "ccs_pipe.h"
+
+EXTERN_C    int worklist_initialize();
+
+EXTERN_C    int worklist_cleanup();
+
+/* Wait for work to be added to the list (via worklist_add) from another thread */
+EXTERN_C    void worklist_wait();
+
+EXTERN_C    BOOL worklist_isEmpty();
+
+EXTERN_C    int worklist_add(  const long          rpcmsg,
+                                const ccs_pipe_t    pipe,
+                                const k5_ipc_stream stream,
+                                const time_t        serverStartTime);
+
+EXTERN_C    int  worklist_remove(long*              rpcmsg,
+                                 ccs_pipe_t*        pipe,
+                                 k5_ipc_stream*      stream,
+                                 time_t*            serverStartTime);
+
+#endif // _work_queue_h
diff --git a/krb5-1.21.3/src/ccapi/server/win/ccs_os_pipe.c b/krb5-1.21.3/src/ccapi/server/win/ccs_os_pipe.c
new file mode 100644
index 00000000..7e190cee
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/ccs_os_pipe.c
@@ -0,0 +1,62 @@
+/* ccapi/server/win/ccs_os_pipe.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ccs_common.h"
+#include "ccs_os_pipe.h"
+#include "ccs_win_pipe.h"
+
+/* ------------------------------------------------------------------------ */
+
+/* On Windows, a pipe is a struct.  See ccs_win_pipe.h for details.         */
+
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_pipe_valid (ccs_pipe_t in_pipe) {
+    return ccs_win_pipe_valid(in_pipe);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_pipe_copy (ccs_pipe_t* out_pipe, ccs_pipe_t  in_pipe) {
+    return ccs_win_pipe_copy(
+        out_pipe,
+        in_pipe);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_pipe_release (ccs_pipe_t io_pipe) {
+    return ccs_win_pipe_release(io_pipe);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_pipe_compare (ccs_pipe_t  pipe_1,
+                              ccs_pipe_t  pipe_2,
+                              cc_uint32  *out_equal) {
+
+    return ccs_win_pipe_compare(pipe_1, pipe_2, out_equal);
+    }
diff --git a/krb5-1.21.3/src/ccapi/server/win/ccs_os_server.cpp b/krb5-1.21.3/src/ccapi/server/win/ccs_os_server.cpp
new file mode 100644
index 00000000..1b54718a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/ccs_os_server.cpp
@@ -0,0 +1,950 @@
+/*
+ * $Header$
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "process.h"
+#include "windows.h"
+
+extern "C" {
+#include "ccs_common.h"
+#include "ccs_os_notify.h"
+#include "ccs_os_server.h"
+#include "ccs_reply.h"
+#include "ccs_request.h"
+#include "win-utils.h"
+#include "ccutils.h"
+    }
+
+#include "WorkQueue.h"
+#include "util.h"
+#include "opts.hxx"
+#include "init.hxx"
+
+#pragma warning (disable : 4996)
+
+BOOL                bListen             = TRUE; /* Why aren't bool and true defined? */
+const char*         sessID              = NULL; /* The logon session we are running on behalf of. */
+time_t              _sst                = 0;
+unsigned char*      pszNetworkAddress   = NULL;
+unsigned char*      pszStringBinding    = NULL;
+BOOL                bRpcHandleInited    = FALSE;
+_RPC_ASYNC_STATE*    rpcState            = NULL;
+
+/* Thread procedures can take only one void* argument.  We put all the args we want
+   to pass into this struct and then pass a pointer to the struct: */
+struct RpcRcvArgs {
+    char*               networkAddress;
+    unsigned char*      protocolSequence;
+    unsigned char*      sessID;                     /* Used for this server's endpoint */
+    unsigned char*      uuid;                       /* Used for client's UUID */
+    ParseOpts::Opts*    opts;
+    RPC_STATUS          status;
+    } rpcargs = {   NULL,                       /* pszNetworkAddress    */
+                    (unsigned char*)"ncalrpc",  /* pszProtocolSequence  */
+                    NULL,                       /* sessID placeholder   */
+                    NULL,                       /* uuid   placeholder   */
+                    NULL };                     /* Opts placeholder     */
+
+/* Command line format:
+   argv[0] Program name
+   argv[1] session ID to use
+   argv[2] "D" Debug: go into infinite loop in ccs_os_server_initialize so process
+           can be attached in debugger.
+           Any other value: continue
+ */
+#define N_FIXED_ARGS 3
+#define SERVER_REPLY_RPC_HANDLE ccs_reply_IfHandle
+
+/* Forward declarations: */
+void            receiveLoop(void* rpcargs);
+void            connectionListener(void* rpcargs);
+void            Usage(const char* argv0);
+void            printError(TCHAR* msg);
+void            setMySST()      {_sst = time(&_sst);}
+time_t          getMySST()      {return _sst;}
+RPC_STATUS      send_connection_reply(ccs_pipe_t in_pipe);
+void RPC_ENTRY  clientListener( _RPC_ASYNC_STATE*,
+                                void* Context,
+                                RPC_ASYNC_EVENT Event);
+RPC_STATUS RPC_ENTRY sec_callback(  IN RPC_IF_ID *Interface,
+                                    IN void *Context);
+RPC_STATUS      send_init(char* clientUUID);
+//DWORD alloc_name(LPSTR* pname, LPSTR postfix);
+
+
+/* The layout of the rest of this module:
+
+   The four entrypoints defined in ccs_os_server.h:
+      ccs_os_server_initialize
+      cc_int32 ccs_os_server_cleanup
+      cc_int32 ccs_os_server_listen_loop
+      cc_int32 ccs_os_server_send_reply
+
+   Other routines needed by those four.
+ */
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_server_initialize (int argc, const char *argv[]) {
+    cc_int32        err                 = 0;
+    ParseOpts::Opts opts                = { 0 };
+    ParseOpts       PO;
+    BOOL            bAdjustedShutdown   = FALSE;
+    HMODULE         hKernel32           = GetModuleHandle("kernel32");
+
+    if (!err) {
+        sessID = argv[1];
+        setMySST();
+
+        opts.cMinCalls  = 1;
+        opts.cMaxCalls  = 20;
+        opts.fDontWait  = TRUE;
+
+#ifdef CCAPI_TEST_OPTIONS
+        PO.SetValidOpts("kemnfubc");
+#else
+        PO.SetValidOpts("kc");
+#endif
+
+        PO.Parse(opts, argc, (char**)argv);
+
+//        while(*argv[2] == 'D') {}       /* Hang here to attach process with debugger. */
+
+        if (hKernel32) {
+            typedef BOOL (WINAPI *FP_SetProcessShutdownParameters)(DWORD, DWORD);
+            FP_SetProcessShutdownParameters pSetProcessShutdownParameters =
+                (FP_SetProcessShutdownParameters)
+                GetProcAddress(hKernel32, "SetProcessShutdownParameters");
+            if (pSetProcessShutdownParameters) {
+                bAdjustedShutdown = pSetProcessShutdownParameters(100, 0);
+                }
+            }
+        cci_debug_printf("%s Shutdown Parameters",
+            bAdjustedShutdown ? "Adjusted" : "Did not adjust");
+
+        err = Init::Initialize();
+        }
+
+//    if (!err) {
+//        if (opts.bShutdown) {
+//            status = shutdown_server(opts.pszEndpoint);
+//            }
+//        }
+//    else {
+//        status = startup_server(opts);
+//        }
+
+    if (!err) {
+        err = worklist_initialize();
+        }
+
+    if (err) {
+        Init::Cleanup();
+        fprintf(    stderr, "An error occurred while %s the server (%u)\n",
+                    opts.bShutdown ? "shutting down" : "starting/running",
+                    err);
+        exit(cci_check_error (err));
+        }
+
+    return cci_check_error (err);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_server_cleanup (int argc, const char *argv[]) {
+    cc_int32 err = 0;
+
+    cci_debug_printf("%s for user <%s> shutting down.", argv[0], argv[1]);
+
+    worklist_cleanup();
+
+    return cci_check_error (err);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+/* This function takes work items off the work queue and executes them.
+ * This is the one and only place where the multi-threaded Windows code
+ * calls into the single-threaded common code.
+ *
+ * The actual 'listening' for requests from clients happens after receiveloop
+ * establishes the RPC endpoint the clients will connect to and the RPC procedures
+ * put the work items into the work queue.
+ */
+cc_int32 ccs_os_server_listen_loop (int argc, const char *argv[]) {
+    cc_int32        err = 0;
+    uintptr_t       threadStatus;
+
+    ParseOpts::Opts opts         = { 0 };
+    ParseOpts       PO;
+    BOOL            bQuitIfNoClients = FALSE;
+
+    opts.cMinCalls  = 1;
+    opts.cMaxCalls  = 20;
+    opts.fDontWait  = TRUE;
+
+#ifdef CCAPI_TEST_OPTIONS
+    PO.SetValidOpts("kemnfubc");
+#else
+    PO.SetValidOpts("kc");
+#endif
+    PO.Parse(opts, argc, (char**)argv);
+
+
+    //++ debug stuff
+    #define INFO_BUFFER_SIZE 32767
+    TCHAR  infoBuf[INFO_BUFFER_SIZE];
+    DWORD  bufCharCount = INFO_BUFFER_SIZE;
+    // Get and display the user name.
+    bufCharCount = INFO_BUFFER_SIZE;
+    if( !GetUserName( infoBuf, &bufCharCount ) )  printError( TEXT("GetUserName") );
+    //--
+
+    /* Sending the reply from within the request RPC handler doesn't seem to work.
+       So we listen for requests in a separate thread and put the requests in a
+       queue.  */
+    rpcargs.sessID  = (unsigned char*)sessID;
+    rpcargs.opts    = &opts;
+    /// TODO: check for NULL handle, error, etc.  probably move to initialize func...
+    threadStatus    = _beginthread(receiveLoop, 0, (void*)&rpcargs);
+
+    /* We handle the queue entries here.  Work loop: */
+    while (ccs_server_client_count() > 0 || !bQuitIfNoClients) {
+        worklist_wait();
+        while (!worklist_isEmpty()) {
+            k5_ipc_stream    buf             = NULL;
+            long            rpcmsg          = CCMSG_INVALID;
+            time_t          serverStartTime = 0xDEADDEAD;
+            RPC_STATUS      status          = 0;
+            char*           uuid            = NULL;
+            k5_ipc_stream    stream          = NULL;
+            ccs_pipe_t     pipe             = NULL;
+            ccs_pipe_t     pipe2            = NULL;
+
+            if (worklist_remove(&rpcmsg, &pipe, &buf, &serverStartTime)) {
+                uuid = ccs_win_pipe_getUuid(pipe);
+
+                if (serverStartTime <= getMySST()) {
+                    switch (rpcmsg) {
+                        case CCMSG_CONNECT: {
+                            cci_debug_printf("  Processing CONNECT");
+                            rpcargs.uuid    = (unsigned char*)uuid;
+
+                            // Even if a disconnect message is received before this code finishes,
+                            //  it won't be dequeued and processed until after this code finishes.
+                            //  So we can add the client after starting the connection listener.
+                            connectionListener((void*)&rpcargs);
+                            status  = rpcargs.status;
+
+                            if (!status) {
+                                status = ccs_server_add_client(pipe);
+                                }
+                            if (!status) {status = send_connection_reply(pipe);}
+                            break;
+                            }
+                        case CCMSG_DISCONNECT: {
+                            cci_debug_printf("  Processing DISCONNECT");
+                            if (!status) {
+                                status = ccs_server_remove_client(pipe);
+                                }
+                            break;
+                            }
+                        case CCMSG_REQUEST:
+                            cci_debug_printf("  Processing REQUEST");
+                            ccs_pipe_copy(&pipe2, pipe);
+                            // Dispatch message here, setting both pipes to the client UUID:
+                            err = ccs_server_handle_request (pipe, pipe2, buf);
+                            break;
+                        case CCMSG_PING:
+                            cci_debug_printf("  Processing PING");
+                            err = krb5int_ipc_stream_new  (&stream);
+                            err = krb5int_ipc_stream_write(stream, "This is a test of the emergency broadcasting system", 52);
+                            err = ccs_os_server_send_reply(pipe, stream);
+                            break;
+                        case CCMSG_QUIT:
+                            bQuitIfNoClients = TRUE;
+                            break;
+                        default:
+                            cci_debug_printf("Huh?  Received invalid message type %ld from UUID:<%s>",
+                                rpcmsg, uuid);
+                            break;
+                        }
+                    if (buf)        krb5int_ipc_stream_release(buf);
+                    /* Don't free uuid, which was allocated here.  A pointer to it is in the
+                       rpcargs struct which was passed to connectionListener which will be
+                       received by ccapi_listen when the client exits.  ccapi_listen needs
+                       the uuid to know which client to disconnect.
+                     */
+                    }
+                // Server's start time is different from what the client thinks.
+                // That means the server has rebooted since the client connected.
+                else {
+                    cci_debug_printf("Whoops!  Server has rebooted since client established connection.");
+                    }
+                }
+            else {cci_debug_printf("Huh?  Queue not empty but no item to remove.");}
+            }
+        }
+    return cci_check_error (err);
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_os_server_send_reply (ccs_pipe_t   in_pipe,
+                                   k5_ipc_stream in_reply_stream) {
+
+    /* ccs_pipe_t in_reply_pipe     is a char* reply endpoint.
+       k5_ipc_stream in_reply_stream is the data to be sent.
+     */
+
+    cc_int32    err     = 0;
+    char*       uuid    = ccs_win_pipe_getUuid(in_pipe);
+    UINT64      h       = ccs_win_pipe_getHandle(in_pipe);
+
+    if (!err) {
+        err = send_init(uuid);      // Sets RPC handle to be used.
+        }
+
+    if (!err) {
+        RpcTryExcept {
+            long    status;
+            ccs_rpc_request_reply(                  // make call with user message
+                CCMSG_REQUEST_REPLY,                /* Message type */
+                (unsigned char*)&h,                 /* client's tspdata* */
+                (unsigned char*)uuid,
+                getMySST(),
+                krb5int_ipc_stream_size(in_reply_stream),   /* Length of buffer */
+                (const unsigned char*)krb5int_ipc_stream_data(in_reply_stream),   /* Data buffer */
+                &status );                          /* Return code */
+            }
+        RpcExcept(1) {
+            cci_check_error(RpcExceptionCode());
+            }
+        RpcEndExcept
+        }
+
+    /*  The calls to the remote procedures are complete. */
+    /*  Free whatever we allocated:                      */
+    err = RpcBindingFree(&SERVER_REPLY_RPC_HANDLE);
+
+    return cci_check_error (err);
+    }
+
+
+/* Windows-specific routines: */
+
+void Usage(const char* argv0) {
+    printf("Usage:\n");
+    printf("%s [m maxcalls] [n mincalls] [f dontwait] [h|?]]\n", argv0);
+    printf("    CCAPI server process.\n");
+    printf("    h|? whow usage message. <\n");
+    }
+
+/* ------------------------------------------------------------------------ */
+/* The receive thread repeatedly issues RpcServerListen.
+   When a message arrives, it is handled in the RPC procedure.
+ */
+void    receiveLoop(void* rpcargs) {
+
+    struct RpcRcvArgs*      rcvargs     = (struct RpcRcvArgs*)rpcargs;
+    RPC_STATUS              status      = FALSE;
+    unsigned char*          pszSecurity = NULL;
+    LPSTR                   endpoint    = NULL;
+    LPSTR                   event_name  = NULL;
+    PSECURITY_DESCRIPTOR    psd         = NULL;
+    HANDLE                  hEvent      = 0;
+    Init::InitInfo          info;
+
+    cci_debug_printf("THREAD BEGIN: %s", __FUNCTION__);
+
+    status = Init::Info(info);
+
+    /* Build complete RPC endpoint using previous CCAPI implementation: */
+    if (!status) {
+        if (!rcvargs->opts->pszEndpoint) {
+            if (!status) {
+                status  = alloc_name(&endpoint,     "ep", isNT());
+                }
+
+            if (!status) {
+                status  = alloc_name(&event_name,   "startup", isNT());
+                }
+
+            if (!status) {
+                 hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, event_name);
+                // We ignore any error opening the event because we do not know who started us.
+                //  [Comment paraphrased from previous implementation, whence it was copied.]
+                }
+            }
+        else {
+            endpoint = rcvargs->opts->pszEndpoint;
+            }
+        }
+
+    cci_debug_printf("%s Registering endpoint %s", __FUNCTION__, endpoint);
+
+    if (!status && isNT()) {
+        status = alloc_own_security_descriptor_NT(&psd);
+        }
+
+    if (!status) {
+        status = RpcServerUseProtseqEp(rcvargs->protocolSequence,
+                                       rcvargs->opts->cMaxCalls,
+                                       (RPC_CSTR)endpoint,
+                                       rcvargs->opts->bDontProtect ? 0 : psd);  // SD
+        }
+
+    if (!status) {
+        status = RpcServerRegisterAuthInfo(0, // server principal
+                                           RPC_C_AUTHN_WINNT,
+                                           0,
+                                           0);
+        }
+
+    while (bListen && !status) {
+        cci_debug_printf("%s is listening ...", __FUNCTION__);
+
+        if (!info.isNT) {
+            status = RpcServerRegisterIf(ccs_request_ServerIfHandle,    // interface
+                                         NULL,                          // MgrTypeUuid
+                                         NULL);                         // MgrEpv; null means use default
+            }
+        else {
+            status = info.fRpcServerRegisterIfEx(ccs_request_ServerIfHandle,  // interface
+                                         NULL,                          // MgrTypeUuid
+                                         NULL,                          // MgrEpv; 0 means default
+                                         RPC_IF_ALLOW_SECURE_ONLY,
+                                         rcvargs->opts->cMaxCalls,
+                                         rcvargs->opts->bSecCallback ?
+                                         (RPC_IF_CALLBACK_FN*)sec_callback : 0 );
+            }
+
+        if (!status) {
+            status = RpcServerListen(rcvargs->opts->cMinCalls,
+                                     rcvargs->opts->cMaxCalls,
+                                     rcvargs->opts->fDontWait);
+            }
+
+        if (!status) {
+            if (rcvargs->opts->fDontWait) {
+                if (hEvent) SetEvent(hEvent);   // Ignore any error -- SetEvent is an optimization.
+                status = RpcMgmtWaitServerListen();
+                }
+            }
+        }
+
+    if (status) {           // Cleanup in case of errors:
+        if (hEvent) CloseHandle(hEvent);
+        free_alloc_p(&event_name);
+        free_alloc_p(&psd);
+        if (endpoint && (endpoint != rcvargs->opts->pszEndpoint))
+            free_alloc_p(&endpoint);
+        }
+
+    // tell main thread to shutdown since it won't receive any more messages
+    worklist_add(CCMSG_QUIT, NULL, NULL, 0);
+    _endthread();
+    }   // End receiveLoop
+
+
+
+/* ------------------------------------------------------------------------ */
+/* The connection listener thread waits forever for a call to the CCAPI_CLIENT_<UUID>
+   endpoint, ccapi_listen function to complete.  If the call completes or gets an
+   RPC exception, it means the client has disappeared.
+
+   A separate connectionListener is started for each client that has connected to the server.
+ */
+
+void    connectionListener(void* rpcargs) {
+
+    struct RpcRcvArgs*  rcvargs     = (struct RpcRcvArgs*)rpcargs;
+    RPC_STATUS          status      = FALSE;
+    char*               endpoint;
+    unsigned char*      pszOptions  = NULL;
+    unsigned char *     pszUuid     = NULL;
+
+    endpoint    = clientEndpoint((char*)rcvargs->uuid);
+    rpcState    = (RPC_ASYNC_STATE*)malloc(sizeof(RPC_ASYNC_STATE));
+    status      = RpcAsyncInitializeHandle(rpcState, sizeof(RPC_ASYNC_STATE));
+    cci_debug_printf("");
+    cci_debug_printf("%s About to LISTEN to <%s>", __FUNCTION__, endpoint);
+
+    rpcState->UserInfo                  = rcvargs->uuid;
+    rpcState->NotificationType          = RpcNotificationTypeApc;
+    rpcState->u.APC.NotificationRoutine = clientListener;
+    rpcState->u.APC.hThread             = 0;
+
+    /* [If in use] Free previous binding: */
+    if (bRpcHandleInited) {
+        // Free previous binding (could have been used to call ccapi_listen
+        //  in a different client thread).
+        // Don't check result or update status.
+        RpcStringFree(&pszStringBinding);
+        RpcBindingFree(&SERVER_REPLY_RPC_HANDLE);
+        bRpcHandleInited  = FALSE;
+        }
+
+    /* Set up binding to the client's endpoint: */
+    if (!status) {
+        status = RpcStringBindingCompose(
+                    pszUuid,
+                    pszProtocolSequence,
+                    pszNetworkAddress,
+                    (RPC_CSTR)endpoint,
+                    pszOptions,
+                    &pszStringBinding);
+        }
+
+    /* Set the binding handle that will be used to bind to the server. */
+    if (!status) {
+        status = RpcBindingFromStringBinding(pszStringBinding, &SERVER_REPLY_RPC_HANDLE);
+        }
+    if (!status) {bRpcHandleInited  = TRUE;}
+
+    RpcTryExcept {
+        cci_debug_printf("  Calling remote procedure ccapi_listen");
+        ccapi_listen(rpcState, SERVER_REPLY_RPC_HANDLE, CCMSG_LISTEN, &status);
+        /* Asynchronous call will return immediately. */
+        }
+    RpcExcept(1) {
+        status = cci_check_error(RpcExceptionCode());
+        }
+    RpcEndExcept
+
+    rcvargs->status = status;
+    }   // End connectionListener
+
+
+void RPC_ENTRY clientListener(
+    _RPC_ASYNC_STATE* pAsync,
+    void* Context,
+    RPC_ASYNC_EVENT Event
+    ) {
+
+    ccs_pipe_t pipe = ccs_win_pipe_new((char*)pAsync->UserInfo, NULL);
+
+    cci_debug_printf("%s(0x%X, ...) async routine for <0x%X:%s>!",
+        __FUNCTION__, pAsync, pAsync->UserInfo, pAsync->UserInfo);
+
+    worklist_add(   CCMSG_DISCONNECT,
+                    pipe,
+                    NULL,               /* No payload with connect request */
+                    (const time_t)0 );  /* No server session number with connect request */
+    }
+
+
+void printError( TCHAR* msg ) {
+    DWORD eNum;
+    TCHAR sysMsg[256];
+    TCHAR* p;
+
+    eNum = GetLastError( );
+    FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM |
+         FORMAT_MESSAGE_IGNORE_INSERTS,
+         NULL, eNum,
+         MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+         sysMsg, 256, NULL );
+
+    // Trim the end of the line and terminate it with a null
+    p = sysMsg;
+    while( ( *p > 31 ) || ( *p == 9 ) )
+        ++p;
+    do { *p-- = 0; } while( ( p >= sysMsg ) &&
+                          ( ( *p == '.' ) || ( *p < 33 ) ) );
+
+    // Display the message
+    cci_debug_printf("%s failed with error %d (%s)", msg, eNum, sysMsg);
+    }
+
+
+RPC_STATUS send_init(char* clientUUID) {
+    RPC_STATUS      status;
+    unsigned char * pszUuid             = NULL;
+    unsigned char * pszOptions          = NULL;
+
+    /* Use a convenience function to concatenate the elements of */
+    /* the string binding into the proper sequence.              */
+    status = RpcStringBindingCompose(pszUuid,
+                                     pszProtocolSequence,
+                                     pszNetworkAddress,
+                                     (unsigned char*)clientEndpoint(clientUUID),
+                                     pszOptions,
+                                     &pszStringBinding);
+    if (status) {return (status);}
+
+    /* Set the binding handle that will be used to bind to the RPC server [the 'client']. */
+    status = RpcBindingFromStringBinding(pszStringBinding, &SERVER_REPLY_RPC_HANDLE);
+    return (status);
+    }
+
+RPC_STATUS send_finish() {
+    RPC_STATUS  status;
+    /* Can't shut down client -- it runs listen function which  */
+    /* server uses to detect the client going away.             */
+
+    /*  The calls to the remote procedures are complete. */
+    /*  Free the string and the binding handle           */
+    status = RpcStringFree(&pszStringBinding);  // remote calls done; unbind
+    if (status) {return (status);}
+
+    status = RpcBindingFree(&SERVER_REPLY_RPC_HANDLE);  // remote calls done; unbind
+
+    return (status);
+    }
+
+RPC_STATUS send_connection_reply(ccs_pipe_t in_pipe) {
+    char*       uuid    = ccs_win_pipe_getUuid  (in_pipe);
+    UINT64      h       = ccs_win_pipe_getHandle(in_pipe);
+    RPC_STATUS  status  = send_init(uuid);
+
+    RpcTryExcept {
+        ccs_rpc_connect_reply(      // make call with user message
+            CCMSG_CONNECT_REPLY,    /* Message type */
+            (unsigned char*)&h,      /* client's tspdata* */
+            (unsigned char*)uuid,
+            getMySST(),             /* Server's session number = its start time */
+            &status );              /* Return code */
+        }
+    RpcExcept(1) {
+        cci_check_error(RpcExceptionCode());
+        }
+    RpcEndExcept
+
+    status  = send_finish();
+    return (status);
+    }
+
+RPC_STATUS GetPeerName( RPC_BINDING_HANDLE hClient,
+                        LPTSTR pszClientName,
+                        int iMaxLen) {
+    RPC_STATUS Status		= RPC_S_OK;
+    RPC_BINDING_HANDLE hServer	= NULL;
+    PTBYTE pszStringBinding	= NULL;
+    PTBYTE pszClientNetAddr	= NULL;
+    PTBYTE pszProtSequence	= NULL;
+
+    memset(pszClientName, 0, iMaxLen * sizeof(TCHAR));
+
+    __try {
+        // Create a partially bound server handle from the client handle.
+        Status = RpcBindingServerFromClient (hClient, &hServer);
+        if (Status != RPC_S_OK) __leave;
+
+        // Get the partially bound server string binding and parse it.
+        Status = RpcBindingToStringBinding (hServer,
+                                            &pszStringBinding);
+        if (Status != RPC_S_OK) __leave;
+
+        // String binding only contains protocol sequence and client
+        // address, and is not currently implemented for named pipes.
+        Status = RpcStringBindingParse (pszStringBinding, NULL,
+                                        &pszProtSequence, &pszClientNetAddr,
+                                        NULL, NULL);
+        if (Status != RPC_S_OK)
+            __leave;
+        int iLen = lstrlen(pszClientName) + 1;
+        if (iMaxLen < iLen)
+            Status = RPC_S_BUFFER_TOO_SMALL;
+        lstrcpyn(pszClientName, (LPCTSTR)pszClientNetAddr, iMaxLen);
+    }
+    __finally {
+        if (pszProtSequence)
+            RpcStringFree (&pszProtSequence);
+
+        if (pszClientNetAddr)
+            RpcStringFree (&pszClientNetAddr);
+
+        if (pszStringBinding)
+            RpcStringFree (&pszStringBinding);
+
+        if (hServer)
+            RpcBindingFree (&hServer);
+    }
+    return Status;
+}
+
+struct client_auth_info {
+    RPC_AUTHZ_HANDLE authz_handle;
+    unsigned char* server_principal; // need to RpcFreeString this
+    ULONG authn_level;
+    ULONG authn_svc;
+    ULONG authz_svc;
+};
+
+RPC_STATUS
+GetClientId(
+    RPC_BINDING_HANDLE hClient,
+    char* client_id,
+    int max_len,
+    client_auth_info* info
+    )
+{
+    RPC_AUTHZ_HANDLE authz_handle = 0;
+    unsigned char* server_principal = 0;
+    ULONG authn_level = 0;
+    ULONG authn_svc = 0;
+    ULONG authz_svc = 0;
+    RPC_STATUS status = 0;
+
+    memset(client_id, 0, max_len);
+
+    if (info) {
+        memset(info, 0, sizeof(client_auth_info));
+    }
+
+    status = RpcBindingInqAuthClient(hClient, &authz_handle,
+                                     info ? &server_principal : 0,
+                                     &authn_level, &authn_svc, &authz_svc);
+    if (status == RPC_S_OK)
+    {
+        if (info) {
+            info->server_principal = server_principal;
+            info->authz_handle = authz_handle;
+            info->authn_level = authn_level;
+            info->authn_svc = authn_svc;
+            info->authz_svc = authz_svc;
+        }
+
+        if (authn_svc == RPC_C_AUTHN_WINNT) {
+            WCHAR* username = (WCHAR*)authz_handle;
+            int len = lstrlenW(username) + 1;
+            if (max_len < len)
+                status = RPC_S_BUFFER_TOO_SMALL;
+            _snprintf(client_id, max_len, "%S", username);
+        } else {
+            status = RPC_S_UNKNOWN_AUTHN_SERVICE;
+        }
+    }
+    return status;
+}
+
+char*
+rpc_error_to_string(
+    RPC_STATUS status
+    )
+{
+    switch(status) {
+    case RPC_S_OK:
+        return "OK";
+    case RPC_S_INVALID_BINDING:
+        return "Invalid binding";
+    case RPC_S_WRONG_KIND_OF_BINDING:
+        return "Wrong binding";
+    case RPC_S_BINDING_HAS_NO_AUTH:
+        RpcRaiseException(RPC_S_BINDING_HAS_NO_AUTH);
+        return "Binding has no auth";
+    default:
+        return "BUG: I am confused";
+    }
+}
+
+void
+print_client_info(
+    RPC_STATUS peer_status,
+    const char* peer_name,
+    RPC_STATUS client_status,
+    const char* client_id,
+    client_auth_info* info
+    )
+{
+    if (peer_status == RPC_S_OK || peer_status == RPC_S_BUFFER_TOO_SMALL) {
+        cci_debug_printf("%s Peer Name is \"%s\"", __FUNCTION__, peer_name);
+    } else {
+        cci_debug_printf("%s Error %u getting Peer Name (%s)",
+                     __FUNCTION__, peer_status, rpc_error_to_string(peer_status));
+    }
+
+    if (client_status == RPC_S_OK || client_status == RPC_S_BUFFER_TOO_SMALL) {
+        if (info) {
+            cci_debug_printf("%s Client Auth Info"
+                         "\tServer Principal:       %s\n"
+                         "\tAuthentication Level:   %d\n"
+                         "\tAuthentication Service: %d\n"
+                         "\tAuthorization Service:  %d\n",
+                         __FUNCTION__,
+                         info->server_principal,
+                         info->authn_level,
+                         info->authn_svc,
+                         info->authz_svc);
+        }
+        cci_debug_printf("%s Client ID is \"%s\"", __FUNCTION__, client_id);
+    } else {
+        cci_debug_printf("%s Error getting Client Info (%u = %s)",
+                     __FUNCTION__, client_status, rpc_error_to_string(client_status));
+    }
+}
+
+DWORD sid_check() {
+    DWORD status = 0;
+    HANDLE hToken_c = 0;
+    HANDLE hToken_s = 0;
+    PTOKEN_USER ptu_c = 0;
+    PTOKEN_USER ptu_s = 0;
+    DWORD len = 0;
+    BOOL bImpersonate = FALSE;
+
+    // Note GetUserName will fail while impersonating at identify
+    // level.  The workaround is to impersonate, OpenThreadToken,
+    // revert, call GetTokenInformation, and finally, call
+    // LookupAccountSid.
+
+    // XXX - Note: This workaround does not appear to work.
+    // OpenThreadToken fails with error 1346: "Either a requid
+    // impersonation level was not provided or the provided
+    // impersonation level is invalid".
+
+    status = RpcImpersonateClient(0);
+
+    if (!status) {
+        bImpersonate = TRUE;
+        if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken_c))
+            status = GetLastError();
+        }
+
+    if (!status) {
+        status = RpcRevertToSelf();
+        }
+
+    if (!status) {
+        bImpersonate = FALSE;
+
+        len = 0;
+        GetTokenInformation(hToken_c, TokenUser, ptu_c, 0, &len);
+        if (len == 0) status = 1;
+        }
+
+    if (!status) {
+        if (!(ptu_c = (PTOKEN_USER)LocalAlloc(0, len)))
+            status = GetLastError();
+        }
+
+    if (!status) {
+        if (!GetTokenInformation(hToken_c, TokenUser, ptu_c, len, &len))
+            status = GetLastError();
+        }
+
+    if (!status) {
+        if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken_s))
+            status = GetLastError();
+        }
+
+    if (!status) {
+        len = 0;
+        GetTokenInformation(hToken_s, TokenUser, ptu_s, 0, &len);
+        if (len == 0) status = GetLastError();
+        }
+
+    if (!status) {
+        if (!(ptu_s = (PTOKEN_USER)LocalAlloc(0, len)))
+            status = GetLastError();
+        }
+
+    if (!status) {
+        if (!GetTokenInformation(hToken_s, TokenUser, ptu_s, len, &len))
+            status = GetLastError();
+        }
+
+    if (!EqualSid(ptu_s->User.Sid, ptu_c->User.Sid))
+        status = RPC_S_ACCESS_DENIED;
+
+/* Cleanup: */
+    if (!hToken_c && !bImpersonate)
+        cci_debug_printf("%s Cannot impersonate (%u)", __FUNCTION__, status);
+    else if (!hToken_c)
+        cci_debug_printf("%s Failed to open client token (%u)", __FUNCTION__, status);
+    else if (bImpersonate)
+        cci_debug_printf("%s Failed to revert (%u)", __FUNCTION__, status);
+    else if (!ptu_c)
+        cci_debug_printf("%s Failed to get client token user info (%u)",
+                     __FUNCTION__, status);
+    else if (!hToken_s)
+        cci_debug_printf("%s Failed to open server token (%u)", __FUNCTION__, status);
+    else if (!ptu_s)
+        cci_debug_printf("%s Failed to get server token user info (%u)",
+                     __FUNCTION__, status);
+    else if (status == RPC_S_ACCESS_DENIED)
+        cci_debug_printf("%s SID **does not** match!", __FUNCTION__);
+    else if (status == RPC_S_OK)
+        cci_debug_printf("%s SID matches!", __FUNCTION__);
+    else
+        if (status) {
+            cci_debug_printf("%s unrecognized error %u", __FUNCTION__, status);
+            abort();
+            }
+
+    if (bImpersonate)   RpcRevertToSelf();
+    if (hToken_c && hToken_c != INVALID_HANDLE_VALUE)
+        CloseHandle(hToken_c);
+    if (ptu_c)          LocalFree(ptu_c);
+    if (hToken_s && hToken_s != INVALID_HANDLE_VALUE)
+        CloseHandle(hToken_s);
+    if (ptu_s)          LocalFree(ptu_s);
+    if (status) cci_debug_printf("%s returning %u", __FUNCTION__, status);
+    return status;
+    }
+
+RPC_STATUS RPC_ENTRY sec_callback(  IN RPC_IF_ID *Interface,
+                                    IN void *Context) {
+    char peer_name[1024];
+    char client_name[1024];
+    RPC_STATUS peer_status;
+    RPC_STATUS client_status;
+
+    cci_debug_printf("%s", __FUNCTION__);
+    peer_status = GetPeerName(Context, peer_name, sizeof(peer_name));
+    client_status = GetClientId(Context, client_name, sizeof(client_name), 0);
+    print_client_info(peer_status, peer_name, client_status, client_name, 0);
+    DWORD sid_status = sid_check();
+    cci_debug_printf("%s returning (%u)", __FUNCTION__, sid_status);
+    return sid_status;
+    }
+
+
+
+/*********************************************************************/
+/*                 MIDL allocate and free                            */
+/*********************************************************************/
+
+extern "C" void  __RPC_FAR * __RPC_USER midl_user_allocate(size_t len) {
+    return(malloc(len));
+    }
+
+extern "C" void __RPC_USER midl_user_free(void __RPC_FAR * ptr) {
+    free(ptr);
+    }
+
+/* stubs */
+extern "C" cc_int32
+ccs_os_notify_cache_collection_changed (ccs_cache_collection_t cc)
+{
+    return 0;
+}
+
+extern "C" cc_int32
+ccs_os_notify_ccache_changed (ccs_cache_collection_t cc, const char *name)
+{
+    return 0;
+}
diff --git a/krb5-1.21.3/src/ccapi/server/win/ccs_request_proc.c b/krb5-1.21.3/src/ccapi/server/win/ccs_request_proc.c
new file mode 100644
index 00000000..c0328ea7
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/ccs_request_proc.c
@@ -0,0 +1,108 @@
+/* ccapi/server/win/ccs_request_proc.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "ccs_request.h"    // header file generated by MIDL compiler
+#include "cci_debugging.h"
+#include "WorkQueue.h"
+#include "win-utils.h"
+#include "ccs_win_pipe.h"
+
+void ccs_rpc_request(
+    const long  rpcmsg,             /* Message type */
+    const char  tspHandle[],        /* Client's tspdata* */
+    const char* pszUUID,            /* Where client will listen for the reply */
+    const long  lenRequest,         /* Length of buffer */
+    const char  pbRequest[],        /* Data buffer */
+    const long  serverStartTime,    /* Which server session we're talking to */
+    long*       return_status ) {   /* Return code */
+
+    cc_int32        status  = 0;
+    k5_ipc_stream   stream;
+    UINT64*         p       = (UINT64*)(tspHandle);
+    WIN_PIPE*       pipe    = NULL;
+
+    status = (rpcmsg != CCMSG_REQUEST) && (rpcmsg != CCMSG_PING);
+
+    if (!status) {
+        status = krb5int_ipc_stream_new (&stream);  /* Create a stream for the request data */
+        }
+
+    if (!status) {                          /* Put the data into the stream */
+        status = krb5int_ipc_stream_write (stream, pbRequest, lenRequest);
+        }
+
+    pipe = ccs_win_pipe_new(pszUUID, *p);
+    worklist_add(rpcmsg, pipe, stream, serverStartTime);
+    *return_status = status;
+    }
+
+
+void ccs_rpc_connect(
+    const long  rpcmsg,             /* Message type */
+    const char  tspHandle[],        /* Client's tspdata* */
+    const char* pszUUID,            /* Data buffer */
+    long*       return_status ) {   /* Return code */
+
+    UINT64*     p       = (UINT64*)(tspHandle);
+    WIN_PIPE*   pipe    = ccs_win_pipe_new(pszUUID, *p);
+
+    worklist_add(   rpcmsg,
+                    pipe,
+                    NULL,               /* No payload with connect request */
+                    (const time_t)0 );  /* No server session number with connect request */
+    }
+
+
+// 'Authentication' is client setting a value in a file and the server
+//   returning that value plus one.
+CC_UINT32 ccs_authenticate(const CC_CHAR* name) {
+    HANDLE      hMap    = 0;
+    PDWORD      pvalue  = 0;
+    CC_UINT32   result  = 0;
+    DWORD       status  = 0;
+
+    hMap = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, (LPSTR)name);
+    status  = !hMap;
+
+    if (!status) {
+        pvalue = (PDWORD)MapViewOfFile(hMap, FILE_MAP_WRITE, 0, 0, 0);
+        status = !pvalue;
+        }
+
+    if (!status) {
+        *pvalue += 1;
+        result = *pvalue;
+        }
+
+    if (pvalue) {
+        UnmapViewOfFile(pvalue);
+        }
+
+    if (hMap) CloseHandle(hMap);
+    return result;
+    }
diff --git a/krb5-1.21.3/src/ccapi/server/win/ccs_win_pipe.c b/krb5-1.21.3/src/ccapi/server/win/ccs_win_pipe.c
new file mode 100644
index 00000000..99c66701
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/ccs_win_pipe.c
@@ -0,0 +1,162 @@
+/* ccapi/server/win/ccs_win_pipe.c */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "assert.h"
+#include <stdlib.h>
+#include <malloc.h>
+
+#include "ccs_win_pipe.h"
+#include "cci_debugging.h"
+
+/* Ref:
+struct ccs_win_pipe_t {
+    char*   uuid;
+    UINT64  clientHandle;
+    }
+ */
+
+/* ------------------------------------------------------------------------ */
+
+struct ccs_win_pipe_t* ccs_win_pipe_new (const char* uuid, const UINT64 h) {
+
+    cc_int32                err         = ccNoError;
+    struct ccs_win_pipe_t*  out_pipe    = NULL;
+    char*                   uuidCopy    = NULL;
+
+    if (!err) {
+        if (!uuid)      {err = cci_check_error(ccErrBadParam);}
+        }
+
+    if (!err) {
+        uuidCopy = (char*)malloc(1+strlen(uuid));
+        if (!uuidCopy)  {err = cci_check_error(ccErrBadParam);}
+        strcpy(uuidCopy, uuid);
+        }
+
+    if (!err) {
+        out_pipe = (struct ccs_win_pipe_t*)malloc(sizeof(struct ccs_win_pipe_t));
+        if (!out_pipe)  {err = cci_check_error(ccErrBadParam);}
+        out_pipe->uuid          = uuidCopy;
+        out_pipe->clientHandle  = h;
+        }
+
+    return out_pipe;
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_win_pipe_copy (WIN_PIPE** out_pipe,
+                            const WIN_PIPE* in_pipe) {
+
+    *out_pipe =
+        ccs_win_pipe_new(
+            ccs_win_pipe_getUuid  (in_pipe),
+            ccs_win_pipe_getHandle(in_pipe) );
+
+    return (*out_pipe) ? ccNoError : ccErrBadParam;
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_win_pipe_release(const WIN_PIPE* in_pipe) {
+
+    cc_int32 err = ccNoError;
+
+    if (!ccs_win_pipe_valid(in_pipe))   {err = cci_check_error(ccErrBadParam);}
+
+    if (!err) {
+        if (!in_pipe->uuid) free(in_pipe->uuid);
+        if (!in_pipe)       free(in_pipe);
+        }
+
+    return err;
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_win_pipe_valid (const WIN_PIPE* in_pipe) {
+
+    if (!in_pipe) {
+        cci_check_error(ccErrBadParam);
+        return FALSE;
+        }
+
+    if (!in_pipe->uuid) {
+        cci_check_error(ccErrBadParam);
+        return FALSE;
+        }
+
+    return TRUE;
+    }
+
+/* ------------------------------------------------------------------------ */
+
+cc_int32 ccs_win_pipe_compare    (const WIN_PIPE*   in_pipe_1,
+                                  const WIN_PIPE*   in_pipe_2,
+                                  cc_uint32         *out_equal) {
+
+    cc_int32 err    = ccNoError;
+    int      seq    = 0;
+    *out_equal      = FALSE;
+
+    if (!ccs_win_pipe_valid(in_pipe_1)) {err = cci_check_error(ccErrBadParam);}
+    if (!ccs_win_pipe_valid(in_pipe_2)) {err = cci_check_error(ccErrBadParam);}
+    if (!out_equal)                     {err = cci_check_error(ccErrBadParam);}
+
+    /* A disconnect doesn't have a tls* with it -- only the uuid.  SO only
+       compare the uuids.
+     */
+    if (!err) {
+        seq = strcmp(   ccs_win_pipe_getUuid(in_pipe_1),
+                        ccs_win_pipe_getUuid(in_pipe_2) );
+        *out_equal = (seq == 0);
+        }
+
+    return err;
+    }
+
+/* ------------------------------------------------------------------------ */
+
+char* ccs_win_pipe_getUuid    (const WIN_PIPE* in_pipe) {
+
+    char*   result = NULL;
+
+    if (!ccs_win_pipe_valid(in_pipe)) {cci_check_error(ccErrBadParam);}
+    else                              {result = in_pipe->uuid;}
+
+    return result;
+    }
+
+/* ------------------------------------------------------------------------ */
+
+UINT64 ccs_win_pipe_getHandle  (const WIN_PIPE* in_pipe) {
+
+    UINT64 result = 0;
+
+    if (!ccs_win_pipe_valid(in_pipe)) {cci_check_error(ccErrBadParam);}
+    else                              {result = in_pipe->clientHandle;}
+
+    return result;
+    }
diff --git a/krb5-1.21.3/src/ccapi/server/win/ccs_win_pipe.h b/krb5-1.21.3/src/ccapi/server/win/ccs_win_pipe.h
new file mode 100644
index 00000000..fef99953
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/ccs_win_pipe.h
@@ -0,0 +1,68 @@
+/* ccapi/server/win/ccs_win_pipe.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef _ccs_win_pipe_h_
+#define _ccs_win_pipe_h_
+
+#include "windows.h"
+
+#include "CredentialsCache.h"
+
+/* ------------------------------------------------------------------------ */
+
+/* On Windows, a pipe is a struct containing a UUID and a handle.  Both the
+   UUID and handle are supplied by the client.
+
+   The UUID is used to build the client's reply endpoint.
+
+   The handle is to the requesting client thread's thread local storage struct,
+   so that the client's one and only reply handler can put reply data where
+   the requesting thread will be able to see it.
+ */
+
+struct ccs_win_pipe_t {
+    char*   uuid;
+    UINT64  clientHandle;
+    };
+
+typedef struct ccs_win_pipe_t WIN_PIPE;
+
+struct ccs_win_pipe_t*  ccs_win_pipe_new(const char* uuid, const UINT64 h);
+
+cc_int32    ccs_win_pipe_release    (const WIN_PIPE* io_pipe);
+
+cc_int32    ccs_win_pipe_compare    (const WIN_PIPE* win_pipe_1,
+                                     const WIN_PIPE* win_pipe_2,
+                                     cc_uint32  *out_equal);
+
+cc_int32    ccs_win_pipe_copy       (WIN_PIPE** out_pipe,
+                                     const WIN_PIPE* in_pipe);
+
+cc_int32    ccs_win_pipe_valid      (const WIN_PIPE* in_pipe);
+
+char*       ccs_win_pipe_getUuid    (const WIN_PIPE* in_pipe);
+UINT64      ccs_win_pipe_getHandle  (const WIN_PIPE* in_pipe);
+
+#endif // _ccs_win_pipe_h_
diff --git a/krb5-1.21.3/src/ccapi/server/win/workitem.h b/krb5-1.21.3/src/ccapi/server/win/workitem.h
new file mode 100644
index 00000000..fff56f32
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/server/win/workitem.h
@@ -0,0 +1,51 @@
+#ifndef __WorkItem
+#define __WorkItem
+
+#include <list>
+#include "windows.h"
+
+extern "C" {
+    #include "ccs_pipe.h"
+    }
+
+class WorkItem {
+private:
+          k5_ipc_stream    _buf;
+          WIN_PIPE*       _pipe;
+    const long            _rpcmsg;
+    const long            _sst;
+public:
+    WorkItem(   k5_ipc_stream buf,
+                WIN_PIPE*     pipe,
+                const long    type,
+                const long    serverStartTime);
+    WorkItem(   const         WorkItem&);
+    WorkItem();
+    ~WorkItem();
+
+    const k5_ipc_stream payload()       const   {return _buf;}
+    const k5_ipc_stream take_payload();
+          WIN_PIPE*     take_pipe();
+          WIN_PIPE*     pipe()          const   {return _pipe;}
+    const long          type()          const   {return _rpcmsg;}
+    const long          sst()           const   {return _sst;}
+    char*               print(char* buf);
+    };
+
+class WorkList {
+private:
+    std::list <WorkItem*>   wl;
+    CRITICAL_SECTION        cs;
+    HANDLE                  hEvent;
+public:
+    WorkList();
+    ~WorkList();
+    int initialize();
+    int cleanup();
+    void wait();
+    int add(WorkItem*);
+    int remove(WorkItem**);
+    bool isEmpty() {return wl.empty();}
+    };
+
+#endif  // __WorkItem
diff --git a/krb5-1.21.3/src/ccapi/test/Makefile.in b/krb5-1.21.3/src/ccapi/test/Makefile.in
new file mode 100644
index 00000000..23befe8e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/Makefile.in
@@ -0,0 +1,225 @@
+mydir=ccapi$(S)test
+BUILDTOP=..$(S)..
+CCAPI=$(BUILDTOP)$(S)CCAPI
+
+!if defined(KRB5_KFW_COMPILE)
+KFWINC= /I$(BUILDTOP)\..\..\krbcc\include
+!endif
+
+# Because all the sources are in .,
+#  the only includes we need are to directories outside of ccapi.
+LOCALINCLUDES = /I$(BUILDTOP) /I$(BUILDTOP)$(S)include /I$(BUILDTOP)$(S)include$(S)krb5 $(KFWINC) \
+    -I$(BUILDTOP)$(S)util$(S)et /I. -I$(CCAPI)$(S)COMMON -I$(CCAPI)$(S)LIB
+
+# run with "make all" to create CCAPI tests in "/tmp/ccapi_test"
+# run resulting tests with "sh test_ccapi.sh"
+
+##DOS##CPPFLAGS = $(CPPFLAGS) /EHsc -D_CRTAPI1=_cdecl -D_CRTAPI2=_cdecl -DWINVER=0x0501 \
+##DOS##    -D_WIN32_WINNT=0x0501 -D_CRT_SECURE_NO_WARNINGS
+
+##DOS##WINH = cci_debugging.h \
+##DOS##       ccs_reply.h \
+##DOS##       ccs_request.h \
+##DOS##       ccs_request_c.c \
+##DOS##       cci_types.h \
+##DOS##       win-utils.h
+
+##DOS##LIBSRC=ccapi_ccache.c \
+##DOS##       ccapi_ccache_iterator.c \
+##DOS##       ccapi_context.c \
+##DOS##       ccapi_context_change_time.c \
+##DOS##       ccapi_err.c \
+##DOS##       ccapi_ipc.c \
+##DOS##       ccapi_credentials.c \
+##DOS##       ccapi_credentials_iterator.c \
+##DOS##       ccapi_string.c \
+##DOS##       ccapi_v2.c
+
+##DOS##COMSRC=cci_cred_union.c \
+##DOS##       cci_identifier.c \
+##DOS##       cci_message.c
+
+##DOS##COWSRC=cci_os_identifier.c
+
+SRCDIR  = .
+DSTROOT = $(SRCDIR)
+OBJDIR  = $(DSTROOT)$(S)ccapi_intermediates
+DSTDIR  = $(DSTROOT)$(S)ccapi_test
+TESTDIR = $(DSTDIR)$(S)tests
+SRCTMP  = $(SRCDIR)\srctmp
+
+SCRIPT_NAME = test_ccapi.sh
+
+OBJECTS =   $(OUTPRE)test_ccapi_ccache.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_check.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_constants.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_context.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_v2.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_globals.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_iterators.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_log.$(OBJEXT) \
+            $(OUTPRE)test_ccapi_util.$(OBJEXT)
+
+PINGOBJS =  $(OUTPRE)ccapi_ccache.$(OBJEXT) \
+            $(OUTPRE)ccapi_ccache_iterator.$(OBJEXT) \
+            $(OUTPRE)ccapi_context.$(OBJEXT) \
+            $(OUTPRE)ccapi_context_change_time.$(OBJEXT) \
+            $(OUTPRE)ccapi_err.$(OBJEXT) \
+            $(OUTPRE)ccapi_ipc.$(OBJEXT) \
+            $(OUTPRE)ccapi_credentials.$(OBJEXT) \
+            $(OUTPRE)ccapi_credentials_iterator.$(OBJEXT) \
+            $(OUTPRE)ccapi_string.$(OBJEXT) \
+            $(OUTPRE)ccapi_v2.$(OBJEXT) \
+            $(OUTPRE)cci_cred_union.$(OBJEXT) \
+            $(OUTPRE)cci_identifier.$(OBJEXT) \
+            $(OUTPRE)cci_os_identifier.$(OBJEXT) \
+            $(OUTPRE)cci_message.$(OBJEXT) \
+            $(OUTPRE)ccs_request_c.$(OBJEXT) \
+            $(OUTPRE)pingtest.$(OBJEXT) \
+            $(OBJECTS)
+
+TESTALLOBJS=$(OUTPRE)main.$(OBJEXT) \
+            $(OBJECTS)
+
+TEST_NAMES =    test_cc_ccache_iterator_next \
+                test_constants \
+                test_cc_initialize \
+                test_cc_credentials_iterator_next
+
+MORE_TESTS =    test_cc_context_release \
+                test_cc_context_get_change_time \
+                test_cc_context_get_default_ccache_name \
+                test_cc_context_open_ccache \
+                test_cc_context_open_default_ccache \
+                test_cc_context_create_ccache \
+                test_cc_context_create_default_ccache \
+                test_cc_context_create_new_ccache \
+                test_cc_context_new_ccache_iterator \
+                test_cc_context_compare \
+                test_cc_ccache_release \
+                test_cc_ccache_destroy \
+                test_cc_ccache_set_default \
+                test_cc_ccache_get_credentials_version \
+                test_cc_ccache_get_name \
+                test_cc_ccache_get_principal \
+                test_cc_ccache_set_principal \
+                test_cc_ccache_store_credentials \
+                test_cc_ccache_remove_credentials \
+                test_cc_ccache_new_credentials_iterator \
+                test_cc_ccache_get_change_time \
+                test_cc_ccache_get_last_default_time \
+                test_cc_ccache_move \
+                test_cc_ccache_compare \
+                test_cc_ccache_get_kdc_time_offset \
+                test_cc_ccache_set_kdc_time_offset \
+                test_cc_ccache_clear_kdc_time_offset \
+                test_cc_shutdown \
+                test_cc_get_change_time \
+                test_cc_open \
+                test_cc_create \
+                test_cc_close \
+                test_cc_destroy \
+                test_cc_get_cred_version \
+                test_cc_get_name \
+                test_cc_get_principal \
+                test_cc_set_principal \
+                test_cc_store \
+                test_cc_remove_cred \
+                test_cc_seq_fetch_NCs_begin \
+                test_cc_seq_fetch_NCs_next \
+                test_cc_seq_fetch_creds_begin \
+                test_cc_seq_fetch_creds_next \
+                test_cc_get_NC_info
+
+
+##### Linker
+LINK	= link
+LIBS    = -lkrb5
+##DOS##LIBS = $(CLIB) $(SLIB) advapi32.lib rpcrt4.lib user32.lib ws2_32.lib $(CCLIB).lib
+LFLAGS	= /nologo $(LOPTS)
+
+all-mac:     setup-test-dir pingtest simple_lock_test build-base build-tests link-tests copy-script success-message
+all-windows: setup-windows build-base $(OUTPRE)pingtest.exe build-tests build-testall copy-script success-message
+
+# compile base files used by all tests
+build-base: $(PINGOBJS)
+
+##++ These two rules build each element of the list:
+# compile each test
+build-tests: $(TEST_NAMES)
+    @echo build-tests complete.
+
+$(TEST_NAMES):
+    @echo DBG: $@
+    $(CC) $(ALL_CFLAGS) -Fe$(TESTDIR)$(S)$@.exe -Fd$(OBJDIR)$(S)$@.pdb $@.c $(OBJECTS) $(LIBS)
+# Clean .obj from .:
+    $(RM) $@.$(OBJEXT)
+##-- These two rules build each element of the list.
+
+# Make a build directory
+setup-test-dir:
+	@echo "Removing old destination directory... $(DSTDIR)"
+	if [ -d "$(DSTDIR)" ]; then chmod -R u+w "$(DSTDIR)" && rm -rf "$(DSTDIR)"; fi
+	mkdir -p "$(TESTDIR)"
+	if [ -d "$(OBJDIR)" ]; then chmod -R u+w "$(OBJDIR)" && rm -rf "$(OBJDIR)"; fi
+	mkdir -p "$(OBJDIR)"
+
+## The same trick as used in TEST_NAMES to run an action on each element ofthe list WINH:
+setup-windows: $(WINH) $(LIBSRC) $(COMSRC) $(COWSRC)
+	if NOT exist $(TESTDIR) mkdir $(TESTDIR)
+	if NOT exist $(OBJDIR)  mkdir $(OBJDIR)
+	set LINK = link
+
+# This rule assumes that nmake in ..\lib\win has already run.
+#   That is how ..\Makefile.in is set up.
+$(WINH):
+    copy ..\lib\win\srctmp\$@ .
+
+$(LIBSRC):
+    copy ..\lib\$@ .
+
+$(COMSRC):
+    copy ..\common\$@ .
+
+$(COWSRC):
+    copy ..\common\win\$@ .
+
+# This rule assumes that nmake in ..\lib\win\ has already run.
+$(OUTPRE)pingtest.exe: $(OBJECTS) $(PINGOBJS)
+# There doesn't appear to be any way to examine a variable and return a value
+#  indicating whether a string is present in it.  We use a perl script to
+#  check the LIB variable.  If the path to $(CCLIB).lib isn't present, the script
+#  deletes a.tmp and the following nmake actions correct LIB.
+	echo %%PATH%% > a.tmp
+    perl setlib.pl
+    if not exist a.tmp (
+        @echo Adding ..\lib\win\srctmp to LIB
+        set LIB=%%LIB%%;..\lib\win\srctmp
+        )
+    $(LINK) $(linkdebug) /map:$(@B)1.map -out:$(*B)1.exe $(conflags) $(PINGOBJS) $(LIBS)
+	$(LINK) $(LFLAGS)    /map:$(@B)2.map /out:$(*B)2.exe $(conflags) $(PINGOBJS) $(LIBS) $(conlibsdll)
+
+link-tests: $(TEST_NAMES)
+
+build-testall: $(TEST_NAMES) $(OBJECTS) $(TESTALLOBJS) testall.exe
+
+testall.exe:
+    $(LINK) $(linkdebug) /map:$(@B)1.map -out:$(*B)1.exe $(conflags) $(TESTALLOBJS) $(LIBS) $(conslibdll)
+
+
+simple_lock_test:
+	$(CC) -o $(TESTDIR)/simple_lock_test simple_lock_test.c $(LIBS)
+
+copy-script:
+	$(CP) $(SCRIPT_NAME) $(DSTDIR)$(S)$(SCRIPT_NAME)
+
+success-message:
+	@echo
+	@echo "CCAPI tests created in $(DSTDIR)"
+
+.PHONY: clean
+
+clean:
+	-rm -rf "$(OBJDIR)"
+	-rm -rf $(LIBSRC)
+	-rm -rf $(WINH)
diff --git a/krb5-1.21.3/src/ccapi/test/Makefile.w32 b/krb5-1.21.3/src/ccapi/test/Makefile.w32
new file mode 100644
index 00000000..8c3da951
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/Makefile.w32
@@ -0,0 +1,75 @@
+# . is ccapi/test.
+CO      = ..\common
+COWIN   = $(CO)\win
+LIBDIR  = ..\lib
+LIBWIN  = $(LIBDIR)\win
+SRV     = ..\server
+SRVWIN  = ..\server\win
+
+!include <Win32.Mak>
+
+INC = -I..\..\include -I..\..\util\et -I$(CO) -I$(COWIN) -I$(LIBDIR) -I$(LIBWIN)
+
+!if "$(CPU)" == "i386"
+cflags = $(cflags) /EHsc /MTd -D_CRTAPI1=_cdecl -D_CRTAPI2=_cdecl -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 \
+$(INC)
+!else
+cflags = $(cflags) /W3 -D_CRTAPI1= -D_CRTAPI2= $(INC)
+!endif
+LIBS = $(LIBWIN)\ccapi.lib
+
+DSTROOT = .
+SRC = $(DSTROOT)
+#OBJDIR = $(DSTROOT)\obj
+OBJDIR = .
+OBJEXT = obj
+TESTDIR = $(DSTROOT)\tests
+TESTEXT = exe
+DSTDIR = $(DSTROOT)\ccapi_tests
+
+PINGOBJS = pingtest.obj 
+SIMPLEOBJS = simple_lock_test.obj
+
+comobjs =   cci_debugging.obj cci_stream.obj
+cowobjs =   cci_os_debugging.obj 
+libobjs =   ccs_request_c.obj
+        
+#all: build-base simple_lock_test pingtest 
+all: build-base pingtest 
+
+# compile base files used by all tests
+build-base: $(comobjs) $(libobjs) $(srvobjs)
+    @echo "Base objects built."
+
+# rule to compile src files
+.c.obj:
+    $(cc) $(cdebug) $(cflags) /Fo$(OBJDIR)\$(*B).$(OBJEXT) $(SRC)\$(*B).c
+
+$(comobjs) : $(CO)\$(*B).c
+   $(cc) $(cdebug) $(cflags) $(CO)\$(*B).c
+
+$(cowobjs) : $(COWIN)\$(*B).c
+   $(cc) $(cdebug) $(cflags) $(COWIN)\$(*B).c
+
+$(libobjs) : $(LIBWIN)\$(*B).c
+   $(cc) $(cdebug) $(cflags) $(LIBWIN)\$(*B).c
+
+#$(srvobjs) : $(SRVWIN)\$*.c
+#   $(cc) $(cdebug) $(cflags) $(SRVWIN)\$*.c
+
+simple_lock_test: simple_lock_test.obj $(OBJS)
+	@echo R3+ Build $(*B) in $(TESTDIR)
+    $(cc) $(cdebug) $(cflags) $(*B).c
+    $(link) $(linkdebug) $(conflags) -out:$(TESTDIR)\$(*B).exe $(*B).obj \
+        $(LIBS) rpcrt4.lib
+	@echo R3- Built $(*B) in $(TESTDIR)
+
+pingtest: pingtest.obj
+	@echo R4+ Build $(*B) in $(TESTDIR)
+    $(cc) $(cdebug) $(cflags) $(*B).c
+    $(link) $(linkdebug) $(conflags) -out:$(*B).exe $(PINGOBJS) $(libobjs) $(srvobjs) \
+        $(LIBS) rpcrt4.lib
+	@echo R4- Built $(*B) in $(TESTDIR)
+
+clean:
+	DEL *.$(OBJEXT)
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/test/Pingtest.sln b/krb5-1.21.3/src/ccapi/test/Pingtest.sln
new file mode 100644
index 00000000..cf43a1e4
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/Pingtest.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Pingtest", "Pingtest.vcproj", "{04017001-3222-43C4-A03C-8423B5349276}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{04017001-3222-43C4-A03C-8423B5349276}.Debug|Win32.ActiveCfg = Debug|Win32
+		{04017001-3222-43C4-A03C-8423B5349276}.Debug|Win32.Build.0 = Debug|Win32
+		{04017001-3222-43C4-A03C-8423B5349276}.Release|Win32.ActiveCfg = Release|Win32
+		{04017001-3222-43C4-A03C-8423B5349276}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/krb5-1.21.3/src/ccapi/test/deps b/krb5-1.21.3/src/ccapi/test/deps
new file mode 100644
index 00000000..e69de29b
diff --git a/krb5-1.21.3/src/ccapi/test/main.c b/krb5-1.21.3/src/ccapi/test/main.c
new file mode 100644
index 00000000..2ace9678
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/main.c
@@ -0,0 +1,90 @@
+#include <stdio.h>
+#include <limits.h>
+
+// #include <Kerberos.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+#include "test_ccapi_iterators.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+//	cc_ccache_iterator_t cache_iterator = NULL;
+//	cc_credentials_iterator_t cred_iterator = NULL;
+
+	fprintf(stdout, "Testing CCAPI against CCAPI v3 rev 8 documentation...\n");
+	fprintf(stdout, "Warning: this test suite is woefully incomplete and unpolished.\n");
+
+	T_CCAPI_INIT;
+
+	// *** ccapi v2 compat ***
+	err = check_cc_shutdown();
+	err = check_cc_get_change_time();
+	err = check_cc_open();
+	err = check_cc_create();
+	err = check_cc_close();
+	err = check_cc_destroy();
+	err = check_cc_get_cred_version();
+	err = check_cc_get_name();
+	err = check_cc_get_principal();
+	err = check_cc_set_principal();
+	err = check_cc_store();
+	err = check_cc_remove_cred();
+	err = check_cc_seq_fetch_NCs_begin();
+	err = check_cc_seq_fetch_NCs_next();
+	err = check_cc_seq_fetch_creds_begin();
+	err = check_cc_seq_fetch_creds_next();
+	err = check_cc_get_NC_info();
+
+	err = check_constants();
+
+	// *** cc_context ***
+	err = check_cc_initialize();
+	err = check_cc_context_release();
+	err = check_cc_context_get_change_time();
+	err = check_cc_context_get_default_ccache_name();
+	err = check_cc_context_open_ccache();
+	err = check_cc_context_open_default_ccache();
+	err = check_cc_context_create_ccache();
+	err = check_cc_context_create_default_ccache();
+	err = check_cc_context_create_new_ccache();
+	err = check_cc_context_new_ccache_iterator();
+	// err = check_cc_context_lock();
+	// err = check_cc_context_unlock();
+	err = check_cc_context_compare();
+
+	// *** cc_ccache ***
+	err = check_cc_ccache_release();
+	err = check_cc_ccache_destroy();
+	err = check_cc_ccache_set_default();
+	err = check_cc_ccache_get_credentials_version();
+	err = check_cc_ccache_get_name();
+	err = check_cc_ccache_get_principal();
+	err = check_cc_ccache_set_principal();
+	err = check_cc_ccache_store_credentials();
+	err = check_cc_ccache_remove_credentials();
+	err = check_cc_ccache_new_credentials_iterator();
+	// err = check_cc_ccache_lock();
+	// err = check_cc_ccache_unlock();
+	err = check_cc_ccache_get_change_time();
+	err = check_cc_ccache_get_last_default_time();
+	err = check_cc_ccache_move();
+	err = check_cc_ccache_compare();
+	err = check_cc_ccache_get_kdc_time_offset();
+	err = check_cc_ccache_set_kdc_time_offset();
+	err = check_cc_ccache_clear_kdc_time_offset();
+
+	// *** cc_ccache_iterator ***
+	err = check_cc_ccache_iterator_next();
+
+	// *** cc_credentials_iterator ***
+	err = check_cc_credentials_iterator_next();
+
+	fprintf(stdout, "\nFinished testing CCAPI. %d failure%s in total.\n", total_failure_count, (total_failure_count == 1) ? "" : "s");
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/pingtest.c b/krb5-1.21.3/src/ccapi/test/pingtest.c
new file mode 100644
index 00000000..0ffc15e7
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/pingtest.c
@@ -0,0 +1,110 @@
+// pingtest.c
+//
+// Test RPC to server, with PING message, which exists for no other purpose than this test.
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <malloc.h>
+
+#include "cci_debugging.h"
+#include "CredentialsCache.h"
+#include "win-utils.h"
+
+#include "ccs_request.h"
+#define CLIENT_REQUEST_RPC_HANDLE ccs_request_IfHandle
+
+
+extern cc_int32 cci_os_ipc_thread_init (void);
+extern cc_int32 cci_os_ipc_msg( cc_int32        in_launch_server,
+                                k5_ipc_stream   in_request_stream,
+                                cc_int32        in_msg,
+                                k5_ipc_stream*  out_reply_stream);
+
+static DWORD    dwTlsIndex;
+
+DWORD GetTlsIndex()    {return dwTlsIndex;}
+
+RPC_STATUS send_test(char* endpoint) {
+    unsigned char*  pszNetworkAddress   = NULL;
+    unsigned char*  pszOptions          = NULL;
+    unsigned char*  pszStringBinding    = NULL;
+    unsigned char*  pszUuid             = NULL;
+    RPC_STATUS      status;
+
+    status = RpcStringBindingCompose(pszUuid,
+                                     (RPC_CSTR)"ncalrpc",
+                                     pszNetworkAddress,
+                                     (unsigned char*)endpoint,
+                                     pszOptions,
+                                     &pszStringBinding);
+    cci_debug_printf("%s pszStringBinding = %s", __FUNCTION__, pszStringBinding);
+    if (status) {return cci_check_error(status);}
+
+    /* Set the binding handle that will be used to bind to the RPC server [the 'client']. */
+    status = RpcBindingFromStringBinding(pszStringBinding, &CLIENT_REQUEST_RPC_HANDLE);
+    if (status) {return cci_check_error(status);}
+
+    status = RpcStringFree(&pszStringBinding);  // Temp var no longer needed.
+
+    if (!status) {
+        RpcTryExcept {
+            cci_debug_printf("%s calling remote procedure 'ccs_authenticate'", __FUNCTION__);
+            status = ccs_authenticate((CC_CHAR*)"DLLMAIN TEST!");
+            cci_debug_printf("  ccs_authenticate returned %d", status);
+            }
+        RpcExcept(1) {
+            status = cci_check_error(RpcExceptionCode());
+            }
+        RpcEndExcept
+        }
+
+    cci_check_error(RpcBindingFree(&CLIENT_REQUEST_RPC_HANDLE));
+
+    return (status);
+    }
+
+int main(   int argc, char *argv[]) {
+    cc_int32        err             = 0;
+    cc_context_t    context         = NULL;
+    k5_ipc_stream   send_stream     = NULL;
+    k5_ipc_stream   reply_stream    = NULL;
+    char*           message         = "Hello, RPC!";
+
+
+    if ((dwTlsIndex = TlsAlloc()) == TLS_OUT_OF_INDEXES) return FALSE;
+
+    if (!err) {
+        err = cci_os_ipc_thread_init();
+        }
+    if (!err) {
+        err = krb5int_ipc_stream_new  (&send_stream);
+        err = krb5int_ipc_stream_write(send_stream, message,
+				       1+strlen(message));
+        }
+
+    if (!err) {
+        err = cci_os_ipc_msg(TRUE, send_stream, CCMSG_PING, &reply_stream);
+        }
+    Sleep(10*1000);
+    cci_debug_printf("Try finishing async call.");
+
+    Sleep(INFINITE);
+    cci_debug_printf("main: return. err == %d", err);
+
+    return 0;
+    }
+
+
+
+/*********************************************************************/
+/*                 MIDL allocate and free                            */
+/*********************************************************************/
+
+void  __RPC_FAR * __RPC_USER midl_user_allocate(size_t len) {
+    return(malloc(len));
+    }
+
+void __RPC_USER midl_user_free(void __RPC_FAR * ptr) {
+    free(ptr);
+    }
diff --git a/krb5-1.21.3/src/ccapi/test/setlib.pl b/krb5-1.21.3/src/ccapi/test/setlib.pl
new file mode 100644
index 00000000..bba22506
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/setlib.pl
@@ -0,0 +1,10 @@
+#!perl -w
+
+$b = "lib\\win\\srctmp";
+$a = $ENV{LIB};
+if (! ($a =~ /$b/) ) {
+    print "$b Not in LIB!\n";
+    system("del a.tmp");
+    }
+else {print "$b in LIB.\n";}
+exit(0);
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/test/simple_lock_test.c b/krb5-1.21.3/src/ccapi/test/simple_lock_test.c
new file mode 100644
index 00000000..8961d999
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/simple_lock_test.c
@@ -0,0 +1,91 @@
+/*
+    simple_lock_test.c
+
+    Initializes two contexts in two different threads and tries to get read locks on both at the same time.
+    Hangs at line 24.
+*/
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "test_ccapi_log.h"
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#include <TargetConditionals.h>
+#endif
+
+#ifdef TARGET_OS_MAC
+#include <stdlib.h>
+#include <pthread.h>
+#include <Kerberos/CredentialsCache.h>
+#else
+#include "CredentialsCache.h"
+#endif
+
+
+void *other_thread (void) {
+    cc_int32 err;
+    cc_context_t context = NULL;
+
+    err = cc_initialize(&context, ccapi_version_7, NULL, NULL);
+
+    log_error("thread: attempting lock. may hang. err == %d", err);
+
+    if (!err) {
+        // hangs with cc_lock_read which should succeed immediately, but does not hang with write, upgrade, and downgrade, which fail immediately
+        err = cc_context_lock(context, cc_lock_read, cc_lock_noblock);
+    }
+
+    if (context) {
+        cc_context_unlock(context);
+        cc_context_release(context);
+        context = NULL;
+    }
+    log_error("thread: return. err == %d", err);
+}
+
+
+int main (int argc, char *argv[]) {
+    cc_int32        err;
+    int             status;
+    cc_context_t    context = NULL;
+
+#ifdef TARGET_OS_MAC
+    pthread_t       thread_id;
+#endif
+
+    err = cc_initialize(&context, ccapi_version_7, NULL, NULL);
+    if (!err) {
+        err = cc_context_lock(context, cc_lock_read, cc_lock_noblock);
+    }
+
+    log_error("main: initialized and read locked context. err == %d", err);
+
+#ifdef TARGET_OS_MAC
+   status = pthread_create (&thread_id, NULL, (void *) other_thread, NULL);
+    if (status != 0) {
+        log_error("pthread_create() returned %d", status);
+        exit(-1);
+    }
+
+    pthread_join(thread_id, NULL);
+#else
+
+#endif
+
+    log_error("main: unlocking and releasing context. err == %d", err);
+
+    if (context) {
+        log_error("main: calling cc_context_unlock");
+        cc_context_unlock(context);
+        log_error("main: calling cc_context_release");
+        cc_context_release(context);
+        context = NULL;
+    }
+
+    log_error("main: return. err == %d", err);
+
+#if defined(_WIN32)
+    UNREFERENCED_PARAMETER(status);       // no whining!
+#endif
+    return 0;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_clear_kdc_time_offset.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_clear_kdc_time_offset.c
new file mode 100644
index 00000000..1698535f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_clear_kdc_time_offset.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_clear_kdc_time_offset();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_compare.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_compare.c
new file mode 100644
index 00000000..96aaa56c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_compare.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_compare();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_destroy.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_destroy.c
new file mode 100644
index 00000000..95c417ca
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_destroy.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_destroy();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_change_time.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_change_time.c
new file mode 100644
index 00000000..a515d5bd
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_change_time.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_get_change_time();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_credentials_version.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_credentials_version.c
new file mode 100644
index 00000000..f5df7c07
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_credentials_version.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_get_credentials_version();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c
new file mode 100644
index 00000000..13e61165
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_get_kdc_time_offset();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_last_default_time.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_last_default_time.c
new file mode 100644
index 00000000..4de22e4a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_last_default_time.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_get_last_default_time();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_name.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_name.c
new file mode 100644
index 00000000..f6649974
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_name.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_get_name();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_principal.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_principal.c
new file mode 100644
index 00000000..05d7c434
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_get_principal.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_get_principal();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_iterator_next.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_iterator_next.c
new file mode 100644
index 00000000..945a98d2
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_iterator_next.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_iterator_next();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_move.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_move.c
new file mode 100644
index 00000000..880198c8
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_move.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_move();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c
new file mode 100644
index 00000000..1338e832
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_new_credentials_iterator();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_release.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_release.c
new file mode 100644
index 00000000..75d604c9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_release.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_release();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_remove_credentials.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_remove_credentials.c
new file mode 100644
index 00000000..679da85c
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_remove_credentials.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_remove_credentials();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_default.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_default.c
new file mode 100644
index 00000000..71bba2a4
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_default.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_set_default();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c
new file mode 100644
index 00000000..b8b21e98
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_set_kdc_time_offset();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_principal.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_principal.c
new file mode 100644
index 00000000..ec55acd7
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_set_principal.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_set_principal();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_ccache_store_credentials.c b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_store_credentials.c
new file mode 100644
index 00000000..c52125bd
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_ccache_store_credentials.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_ccache_store_credentials();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_close.c b/krb5-1.21.3/src/ccapi/test/test_cc_close.c
new file mode 100644
index 00000000..b6bc3afa
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_close.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_close();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_compare.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_compare.c
new file mode 100644
index 00000000..f4965af3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_compare.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_compare();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_create_ccache.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_create_ccache.c
new file mode 100644
index 00000000..c9429451
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_create_ccache.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_create_ccache();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_create_default_ccache.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_create_default_ccache.c
new file mode 100644
index 00000000..c3fb4054
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_create_default_ccache.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_create_default_ccache();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_create_new_ccache.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_create_new_ccache.c
new file mode 100644
index 00000000..d89fa4f3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_create_new_ccache.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_create_new_ccache();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_get_change_time.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_get_change_time.c
new file mode 100644
index 00000000..ad5c0a34
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_get_change_time.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_get_change_time();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_get_default_ccache_name.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_get_default_ccache_name.c
new file mode 100644
index 00000000..06fff955
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_get_default_ccache_name.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_get_default_ccache_name();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_new_ccache_iterator.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_new_ccache_iterator.c
new file mode 100644
index 00000000..82209854
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_new_ccache_iterator.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_new_ccache_iterator();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_open_ccache.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_open_ccache.c
new file mode 100644
index 00000000..461d8df6
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_open_ccache.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_open_ccache();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_open_default_ccache.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_open_default_ccache.c
new file mode 100644
index 00000000..09c6b7c3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_open_default_ccache.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_open_default_ccache();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_context_release.c b/krb5-1.21.3/src/ccapi/test/test_cc_context_release.c
new file mode 100644
index 00000000..03faf233
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_context_release.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_context_release();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_create.c b/krb5-1.21.3/src/ccapi/test/test_cc_create.c
new file mode 100644
index 00000000..a21c4433
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_create.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_create();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_credentials_iterator_next.c b/krb5-1.21.3/src/ccapi/test/test_cc_credentials_iterator_next.c
new file mode 100644
index 00000000..ff5f4673
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_credentials_iterator_next.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+#include "test_ccapi_iterators.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_credentials_iterator_next();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_destroy.c b/krb5-1.21.3/src/ccapi/test/test_cc_destroy.c
new file mode 100644
index 00000000..e55a8378
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_destroy.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_destroy();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_get_NC_info.c b/krb5-1.21.3/src/ccapi/test/test_cc_get_NC_info.c
new file mode 100644
index 00000000..6b8eb374
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_get_NC_info.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_get_NC_info();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_get_change_time.c b/krb5-1.21.3/src/ccapi/test/test_cc_get_change_time.c
new file mode 100644
index 00000000..d2058fec
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_get_change_time.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_get_change_time();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_get_cred_version.c b/krb5-1.21.3/src/ccapi/test/test_cc_get_cred_version.c
new file mode 100644
index 00000000..1ff86781
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_get_cred_version.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_get_cred_version();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_get_name.c b/krb5-1.21.3/src/ccapi/test/test_cc_get_name.c
new file mode 100644
index 00000000..5b6e1462
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_get_name.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_get_name();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_get_principal.c b/krb5-1.21.3/src/ccapi/test/test_cc_get_principal.c
new file mode 100644
index 00000000..a809e5d1
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_get_principal.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_get_principal();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_initialize.c b/krb5-1.21.3/src/ccapi/test/test_cc_initialize.c
new file mode 100644
index 00000000..1669a29a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_initialize.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_cc_initialize();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_open.c b/krb5-1.21.3/src/ccapi/test/test_cc_open.c
new file mode 100644
index 00000000..83bb6020
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_open.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_open();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_remove_cred.c b/krb5-1.21.3/src/ccapi/test/test_cc_remove_cred.c
new file mode 100644
index 00000000..6f841bbc
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_remove_cred.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_remove_cred();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c
new file mode 100644
index 00000000..329ca26e
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_seq_fetch_NCs_begin();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_NCs_next.c b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_NCs_next.c
new file mode 100644
index 00000000..31b5ac07
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_NCs_next.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_seq_fetch_NCs_next();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_creds_begin.c b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_creds_begin.c
new file mode 100644
index 00000000..5bb5e916
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_creds_begin.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_seq_fetch_creds_begin();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_creds_next.c b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_creds_next.c
new file mode 100644
index 00000000..83528b30
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_seq_fetch_creds_next.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_seq_fetch_creds_next();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_set_principal.c b/krb5-1.21.3/src/ccapi/test/test_cc_set_principal.c
new file mode 100644
index 00000000..04b55df9
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_set_principal.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_set_principal();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_shutdown.c b/krb5-1.21.3/src/ccapi/test/test_cc_shutdown.c
new file mode 100644
index 00000000..8756ca9f
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_shutdown.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_shutdown();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_cc_store.c b/krb5-1.21.3/src/ccapi/test/test_cc_store.c
new file mode 100644
index 00000000..507b3612
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_cc_store.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_v2.h"
+
+int main (int argc, const char * argv[]) {
+
+    cc_int32 err = ccNoError;
+    T_CCAPI_INIT;
+    err = check_cc_store();
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi.bat b/krb5-1.21.3/src/ccapi/test/test_ccapi.bat
new file mode 100644
index 00000000..2d5bec53
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi.bat
@@ -0,0 +1,43 @@
+# test_ccapi.bat
+
+@echo "\nBeginning test of CCAPI...\n"
+@echo "\nThese tests are based on the CCAPI v3 revision 8 draft documentation.\n"
+
+#run_test simple_lock_test
+
+teststest_constants.exe
+tests\test_cc_initialize.exe
+tests\test_cc_context_get_version.exe
+exit 0
+
+tests\test_cc_context_release.exe
+tests\test_cc_context_get_change_time.exe
+tests\test_cc_context_get_default_ccache_name.exe
+tests\test_cc_context_open_ccache.exe
+tests\test_cc_context_open_default_ccache.exe
+tests\test_cc_context_create_ccache.exe
+tests\test_cc_context_create_default_ccache.exe
+tests\test_cc_context_create_new_ccache.exe
+tests\test_cc_context_new_ccache_iterator.exe
+tests\test_cc_context_compare.exe
+tests\test_cc_ccache_release.exe
+tests\test_cc_ccache_destroy.exe
+tests\test_cc_ccache_set_default.exe
+tests\test_cc_ccache_get_credentials_version.exe
+tests\test_cc_ccache_get_name.exe
+tests\test_cc_ccache_get_principal.exe
+tests\test_cc_ccache_set_principal.exe
+tests\test_cc_ccache_store_credentials.exe
+tests\test_cc_ccache_remove_credentials.exe
+tests\test_cc_ccache_new_credentials_iterator.exe
+tests\test_cc_ccache_get_change_time.exe
+tests\test_cc_ccache_get_last_default_time.exe
+tests\test_cc_ccache_move.exe
+tests\test_cc_ccache_compare.exe
+tests\test_cc_ccache_get_kdc_time_offset.exe
+tests\test_cc_ccache_set_kdc_time_offset.exe
+tests\test_cc_ccache_clear_kdc_time_offset.exe
+tests\test_cc_ccache_iterator_next.exe
+tests\test_cc_credentials_iterator_next.exe
+
+@echo "Finished testing CCAPI."
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi.sh b/krb5-1.21.3/src/ccapi/test/test_ccapi.sh
new file mode 100644
index 00000000..c8959d68
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi.sh
@@ -0,0 +1,76 @@
+#!/bin/sh
+
+# run with ./test-ccapi.sh to run CCAPI tests
+
+TEST_DIR="tests"
+failure_count=0
+
+function run_test {
+	if [[ -e $TEST_DIR/$1 ]]; then
+		./$TEST_DIR/$1
+		failure_count=`expr $failure_count + $?`
+	fi
+}
+
+printf "\nBeginning test of CCAPI...\n"
+printf "\nThese tests are based on the CCAPI v3 revision 8 draft documentation.\n"
+
+run_test simple_lock_test
+
+run_test test_constants
+
+run_test test_cc_initialize
+run_test test_cc_context_release
+run_test test_cc_context_get_change_time
+run_test test_cc_context_get_default_ccache_name
+run_test test_cc_context_open_ccache
+run_test test_cc_context_open_default_ccache
+run_test test_cc_context_create_ccache
+run_test test_cc_context_create_default_ccache
+run_test test_cc_context_create_new_ccache
+run_test test_cc_context_new_ccache_iterator
+run_test test_cc_context_compare
+
+run_test test_cc_ccache_release
+run_test test_cc_ccache_destroy
+run_test test_cc_ccache_set_default
+run_test test_cc_ccache_get_credentials_version
+run_test test_cc_ccache_get_name
+run_test test_cc_ccache_get_principal
+run_test test_cc_ccache_set_principal
+run_test test_cc_ccache_store_credentials
+run_test test_cc_ccache_remove_credentials
+run_test test_cc_ccache_new_credentials_iterator
+run_test test_cc_ccache_get_change_time
+run_test test_cc_ccache_get_last_default_time
+run_test test_cc_ccache_move
+run_test test_cc_ccache_compare
+run_test test_cc_ccache_get_kdc_time_offset
+run_test test_cc_ccache_set_kdc_time_offset
+run_test test_cc_ccache_clear_kdc_time_offset
+
+run_test test_cc_ccache_iterator_next
+
+run_test test_cc_credentials_iterator_next
+
+run_test test_cc_shutdown
+run_test test_cc_get_change_time
+run_test test_cc_open
+run_test test_cc_create
+run_test test_cc_close
+run_test test_cc_destroy
+run_test test_cc_get_cred_version
+run_test test_cc_get_name
+run_test test_cc_get_principal
+run_test test_cc_set_principal
+run_test test_cc_store
+run_test test_cc_remove_cred
+run_test test_cc_seq_fetch_NCs_begin
+run_test test_cc_seq_fetch_NCs_next
+run_test test_cc_seq_fetch_creds_begin
+run_test test_cc_seq_fetch_creds_next
+run_test test_cc_get_NC_info
+
+printf "\nFinished testing CCAPI. $failure_count failures in total.\n"
+
+exit 0
\ No newline at end of file
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_ccache.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_ccache.c
new file mode 100644
index 00000000..fe63e671
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_ccache.c
@@ -0,0 +1,1875 @@
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <limits.h>
+#include "test_ccapi_check.h"
+#include "test_ccapi_util.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_release(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_release");
+
+	#ifndef cc_ccache_release
+	log_error("cc_ccache_release is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+
+
+	if (!err) {
+		check_once_cc_ccache_release(context, ccache, ccNoError, NULL);
+		ccache = NULL;
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_ccache_release */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_release(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[2] = {
+		ccNoError,
+		ccErrInvalidCCache,
+	};
+
+	cc_string_t name = NULL;
+
+	err = cc_ccache_get_name(ccache, &name);
+	err = cc_ccache_release(ccache);
+	ccache = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_release
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err && name) { // try opening released ccache to make sure it still exists
+		err = cc_context_open_ccache(context, name->data, &ccache);
+	}
+	check_if(err == ccErrCCacheNotFound, "released ccache was actually destroyed instead");
+
+	if (ccache) { cc_ccache_destroy(ccache); }
+	if (name) { cc_string_release(name); }
+
+	#endif /* cc_ccache_release */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_destroy(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_destroy");
+
+	#ifndef cc_ccache_destroy
+	log_error("cc_ccache_destroy is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+
+
+	if (!err) {
+		check_once_cc_ccache_destroy(context, ccache, ccNoError, NULL);
+		ccache = NULL;
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_ccache_destroy */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_destroy(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[2] = {
+		ccNoError,
+		ccErrInvalidCCache,
+	};
+
+	cc_string_t name = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_destroy
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_get_name(ccache, &name);
+	err = cc_ccache_destroy(ccache);
+	ccache = NULL;
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err && name) { // try opening released ccache to make sure it still exists
+		err = cc_context_open_ccache(context, name->data, &ccache);
+	}
+	check_if(err != ccErrCCacheNotFound, "destroyed ccache was actually released instead");
+
+	if (ccache) { cc_ccache_destroy(ccache); }
+	if (name) { cc_string_release(name); }
+
+	#endif /* cc_ccache_destroy */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_set_default(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_set_default");
+
+	#ifndef cc_ccache_set_default
+	log_error("cc_ccache_set_default is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	// try when it's the only ccache (already default)
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_set_default(context, ccache, ccNoError, "when it's the only ccache (already default)");
+	}
+	if (ccache) {
+		err = cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	// try when it's not the only ccache (and not default)
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "baz@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_set_default(context, ccache, ccNoError, "when it's not the only ccache (and not default)");
+	}
+	if (ccache) {
+		err = cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	// try when it's not the only ccache (and already default)
+	if (!err) {
+		err = cc_context_open_default_ccache(context, &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_set_default(context, ccache, ccNoError, "when it's not the only ccache (and already default)");
+	}
+	if (ccache) {
+		err = cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_ccache_set_default */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_set_default(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[3] = {
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrCCacheNotFound,
+	};
+
+	cc_ccache_t default_ccache = NULL;
+	cc_string_t name = NULL;
+	cc_string_t default_name = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_set_default
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_set_default(ccache);
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		err = cc_ccache_get_name(ccache, &name);
+	}
+	if (!err) {
+		err = cc_context_open_default_ccache(context, &default_ccache);
+	}
+	if (!err) {
+		err = cc_ccache_get_name(default_ccache, &default_name);
+	}
+	if (name && default_name) {
+		check_if(strcmp(name->data, default_name->data), NULL);
+	}
+	else {
+		check_if(1, "cc_ccache_get_name failed");
+	}
+
+	if (default_ccache) { cc_ccache_release(default_ccache); }
+	//if (ccache) { cc_ccache_destroy(ccache); } // ccache is released by the caller
+	if (default_name) { cc_string_release(default_name); }
+	if (name) { cc_string_release(name); }
+
+	#endif /* cc_ccache_set_default */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_get_credentials_version(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_get_credentials_version");
+
+	#ifndef cc_ccache_get_credentials_version
+	log_error("cc_ccache_get_credentials_version is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	// try one created with v5 creds
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v5, ccNoError, "v5 creds");
+	}
+	else {
+		log_error("cc_context_create_new_ccache failed, can't complete test");
+		failure_count++;
+	}
+
+	if (ccache) {
+		cc_ccache_destroy(ccache);
+		ccache = NULL;
+	}
+
+	err = ccNoError;
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_ccache_get_credentials_version */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_get_credentials_version(cc_ccache_t ccache, cc_uint32 expected_cred_vers, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
+	};
+
+	cc_uint32 stored_cred_vers = 0;
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_get_credentials_version
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_get_credentials_version(ccache, &stored_cred_vers);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		check_if(stored_cred_vers != expected_cred_vers, NULL);
+	}
+
+	#endif /* cc_ccache_get_credentials_version */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_get_name(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_get_name");
+
+	#ifndef cc_ccache_get_name
+	log_error("cc_ccache_get_name is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// try with unique ccache (which happens to be default)
+	if (!err) {
+		err = cc_context_create_ccache(context, "0", cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_name(ccache, "0", ccNoError, "unique ccache (which happens to be default)");
+	}
+	else {
+		log_error("cc_context_create_ccache failed, can't complete test");
+		failure_count++;
+	}
+	if (ccache) {
+		cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	// try with unique ccache (which is not default)
+	if (!err) {
+		err = cc_context_create_ccache(context, "1", cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_name(ccache, "1", ccNoError, "unique ccache (which is not default)");
+	}
+	else {
+		log_error("cc_context_create_ccache failed, can't complete test");
+		failure_count++;
+	}
+
+	// try with bad param
+	if (!err) {
+		check_once_cc_ccache_get_name(ccache, NULL, ccErrBadParam, "NULL param");
+	}
+	if (ccache) {
+		cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_get_name */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_get_name(cc_ccache_t ccache, const char *expected_name, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
+	};
+
+	cc_string_t stored_name = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_get_name
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (expected_name == NULL) { // we want to try with a NULL param
+		err = cc_ccache_get_name(ccache, NULL);
+	}
+	else {
+		err = cc_ccache_get_name(ccache, &stored_name);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		check_if(strcmp(stored_name->data, expected_name), NULL);
+	}
+
+	if (stored_name) { cc_string_release(stored_name); }
+
+	#endif /* cc_ccache_get_name */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+cc_int32 check_once_cc_ccache_get_principal(cc_ccache_t ccache,
+                                            cc_uint32 cred_vers,
+                                            const char *expected_principal,
+                                            cc_int32 expected_err,
+                                            const char *description) {
+	cc_int32 err = ccNoError;
+	cc_string_t stored_principal = NULL;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_get_principal
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (expected_principal == NULL) { // we want to try with a NULL param
+		err = cc_ccache_get_principal(ccache, cred_vers, NULL);
+	}
+	else {
+		err = cc_ccache_get_principal(ccache, cred_vers, &stored_principal);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		check_if(strcmp(stored_principal->data, expected_principal), "expected princ == \"%s\" stored princ == \"%s\"", expected_principal, stored_principal->data);
+	}
+
+	if (stored_principal) { cc_string_release(stored_principal); }
+
+	#endif /* cc_ccache_get_principal */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_get_principal(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_get_principal");
+
+	#ifndef cc_ccache_get_principal
+	log_error("cc_ccache_get_principal is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// try with krb5 principal
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo/BAR@BAZ.ORG", &ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_principal(ccache, cc_credentials_v5, "foo/BAR@BAZ.ORG", ccNoError, "trying to get krb5 princ for krb5 ccache");
+	}
+	else {
+		log_error("cc_context_create_new_ccache failed, can't complete test");
+		failure_count++;
+	}
+
+        // try with bad param
+        if (!err) {
+            check_once_cc_ccache_get_principal(ccache, cc_credentials_v5,
+                                               NULL, ccErrBadParam,
+                                               "passed null out param");
+        }
+
+	if (ccache) {
+		cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_get_principal */
+
+	END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_set_principal(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_set_principal");
+
+	#ifndef cc_ccache_set_principal
+	log_error("cc_ccache_set_principal is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+        // replace v5 only ccache's principal
+        if (!err) {
+            err = cc_context_create_new_ccache(context, cc_credentials_v5,
+                                               "foo@BAZ.ORG", &ccache);
+        }
+        if (!err) {
+            check_once_cc_ccache_set_principal(
+                ccache, cc_credentials_v5, "foo/BAZ@BAR.ORG", ccNoError,
+                "replace v5 only ccache's principal (empty ccache)");
+        }
+        else {
+            log_error(
+                "cc_context_create_new_ccache failed, can't complete test");
+            failure_count++;
+        }
+
+        // bad params
+        if (!err) {
+            check_once_cc_ccache_set_principal(ccache, cc_credentials_v5,
+                                               NULL, ccErrBadParam,
+                                               "NULL principal");
+        }
+
+        if (ccache) {
+            cc_ccache_destroy(ccache);
+            ccache = NULL;
+        }
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_set_principal */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_set_principal(cc_ccache_t ccache, cc_uint32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_string_t stored_principal = NULL;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrNoMem,
+		ccErrInvalidCCache,
+		ccErrBadCredentialsVersion,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_set_principal
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_set_principal(ccache, cred_vers, in_principal);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		err = cc_ccache_get_principal(ccache, cred_vers, &stored_principal);
+	}
+
+	// compare stored with input
+	if (!err) {
+		check_if(strcmp(stored_principal->data, in_principal), "expected princ == \"%s\" stored princ == \"%s\"", in_principal, stored_principal->data);
+	}
+
+	if (stored_principal) { cc_string_release(stored_principal); }
+
+	#endif /* cc_ccache_set_principal */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_store_credentials(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_ccache_t dup_ccache = NULL;
+	cc_credentials_union creds_union;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_ccache_store_credentials");
+
+	#ifndef cc_ccache_store_credentials
+	log_error("cc_ccache_store_credentials is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+	// cred with matching version and realm
+	if (!err) {
+		err = new_v5_creds_union(&creds_union, "BAR.ORG");
+	}
+
+	if (!err) {
+		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccNoError, "ok creds");
+	}
+
+	if (&creds_union) { release_v5_creds_union(&creds_union); }
+
+	// try with bad params
+	check_once_cc_ccache_store_credentials(ccache, NULL, ccErrBadParam, "NULL creds param");
+
+	// invalid creds
+	if (!err) {
+		err = new_v5_creds_union(&creds_union, "BAR.ORG");
+	}
+
+	if (!err) {
+		if (creds_union.credentials.credentials_v5->client) {
+			free(creds_union.credentials.credentials_v5->client);
+			creds_union.credentials.credentials_v5->client = NULL;
+		}
+		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadParam, "invalid creds (NULL client string)");
+	}
+
+	if (&creds_union) { release_v5_creds_union(&creds_union); }
+
+	// non-existent ccache
+	if (ccache) {
+		err = cc_ccache_get_name(ccache, &name);
+		if (!err) {
+			err = cc_context_open_ccache(context, name->data, &dup_ccache);
+		}
+		if (name) { cc_string_release(name); }
+		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
+	}
+
+	if (!err) {
+		err = new_v5_creds_union(&creds_union, "BAR.ORG");
+	}
+
+	if (!err) {
+		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrInvalidCCache, "invalid ccache");
+	}
+
+	if (&creds_union) { release_v5_creds_union(&creds_union); }
+	if (ccache) { cc_ccache_release(ccache); }
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_store_credentials */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_store_credentials(cc_ccache_t ccache, const cc_credentials_union *credentials, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_credentials_iterator_t creds_iterator = NULL;
+	cc_credentials_t creds = NULL;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrInvalidCredentials,
+		ccErrBadCredentialsVersion,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_store_credentials
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_store_credentials(ccache, credentials);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	// make sure credentials were truly stored
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
+	}
+	while (!err) {
+		err = cc_credentials_iterator_next(creds_iterator, &creds);
+		if (creds) {
+			if (compare_v5_creds_unions(credentials, creds->data) == 0) {
+				break;
+			}
+			cc_credentials_release(creds);
+			creds = NULL;
+		}
+	}
+
+	if (err == ccIteratorEnd) {
+		check_if((creds != NULL), "stored credentials not found in ccache");
+		err = ccNoError;
+	}
+	if (creds) { cc_credentials_release(creds); }
+
+	#endif /* cc_ccache_store_credentials */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_remove_credentials(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_ccache_t dup_ccache = NULL;
+	cc_credentials_t creds_array[10];
+	cc_credentials_t creds = NULL;
+	cc_credentials_union creds_union;
+	cc_credentials_iterator_t creds_iterator = NULL;
+	cc_string_t name = NULL;
+	unsigned int i;
+
+	BEGIN_TEST("cc_ccache_remove_credentials");
+
+	#ifndef cc_ccache_remove_credentials
+	log_error("cc_ccache_remove_credentials is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+	// store 10 creds and retrieve their cc_credentials_t representations
+	for(i = 0; !err && (i < 10); i++) {
+		new_v5_creds_union(&creds_union, "BAR.ORG");
+		err = cc_ccache_store_credentials(ccache, &creds_union);
+		if (&creds_union) { release_v5_creds_union(&creds_union); }
+	}
+	if (err) {
+		log_error("failure to store creds_union in remove_creds test");
+	}
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
+	}
+	i = 0;
+	while (!err && i < 10) {
+		err = cc_credentials_iterator_next(creds_iterator, &creds);
+		if (creds) {
+			creds_array[i++] = creds;
+			creds = NULL;
+		}
+	}
+	if (err == ccIteratorEnd) { err = ccNoError; }
+
+	// remove 10 valid creds
+	for (i = 0; !err && (i < 8); i++) {
+		check_once_cc_ccache_remove_credentials(ccache, creds_array[i], ccNoError, "10 ok creds");
+	}
+
+	// NULL param
+	check_once_cc_ccache_remove_credentials(ccache, NULL, ccErrBadParam, "NULL creds in param");
+
+	// non-existent creds (remove same one twice)
+	check_once_cc_ccache_remove_credentials(ccache, creds_array[0], ccErrInvalidCredentials, "removed same creds twice");
+
+	// non-existent ccache
+	if (ccache) {
+		err = cc_ccache_get_name(ccache, &name);
+		if (!err) {
+			err = cc_context_open_ccache(context, name->data, &dup_ccache);
+		}
+		if (name) { cc_string_release(name); }
+		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
+	}
+
+	if (!err) {
+		err = new_v5_creds_union(&creds_union, "BAR.ORG");
+	}
+
+	if (!err) {
+		check_once_cc_ccache_remove_credentials(ccache, creds_array[8], ccErrInvalidCCache, "invalid ccache");
+	}
+
+	for(i = 0; i < 10; i++) {
+		if (creds_array[i]) { cc_credentials_release(creds_array[i]); }
+	}
+
+	if (ccache) { cc_ccache_release(ccache); }
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_remove_credentials */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_remove_credentials(cc_ccache_t ccache, cc_credentials_t in_creds, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_credentials_iterator_t creds_iterator = NULL;
+	cc_credentials_t creds = NULL;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrInvalidCredentials,
+		ccErrCredentialsNotFound,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_remove_credentials
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_remove_credentials(ccache, in_creds);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	// make sure credentials were truly removed
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
+	}
+	while (!err) {
+		err = cc_credentials_iterator_next(creds_iterator, &creds);
+		if (creds) {
+			if (compare_v5_creds_unions(in_creds->data, creds->data) == 0) {
+				break;
+			}
+			cc_credentials_release(creds);
+			creds = NULL;
+		}
+	}
+
+	if (err == ccIteratorEnd) {
+		err = ccNoError;
+	}
+	else {
+		check_if((creds != NULL), "credentials not removed from ccache");
+	}
+	if (creds) { cc_credentials_release(creds); }
+
+	#endif /* cc_ccache_remove_credentials */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+
+int check_cc_ccache_new_credentials_iterator(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_ccache_t dup_ccache = NULL;
+	cc_credentials_iterator_t creds_iterator = NULL;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_ccache_new_credentials_iterator");
+
+	#ifndef cc_ccache_new_credentials_iterator
+	log_error("cc_ccache_new_credentials_iterator is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+	// valid params
+	if (!err) {
+		check_once_cc_ccache_new_credentials_iterator(ccache, &creds_iterator, ccNoError, "valid params");
+	}
+	if (creds_iterator) {
+		cc_credentials_iterator_release(creds_iterator);
+		creds_iterator = NULL;
+	}
+
+	// NULL out param
+	if (!err) {
+		check_once_cc_ccache_new_credentials_iterator(ccache, NULL, ccErrBadParam, "NULL out iterator param");
+	}
+	if (creds_iterator) {
+		cc_credentials_iterator_release(creds_iterator);
+		creds_iterator = NULL;
+	}
+
+	// non-existent ccache
+	if (ccache) {
+		err = cc_ccache_get_name(ccache, &name);
+		if (!err) {
+			err = cc_context_open_ccache(context, name->data, &dup_ccache);
+		}
+		if (name) { cc_string_release(name); }
+		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
+	}
+
+	if (!err) {
+		check_once_cc_ccache_new_credentials_iterator(ccache, &creds_iterator, ccErrInvalidCCache, "invalid ccache");
+	}
+
+	if (creds_iterator) {
+		cc_credentials_iterator_release(creds_iterator);
+		creds_iterator = NULL;
+	}
+	if (ccache) { cc_ccache_release(ccache); }
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_new_credentials_iterator */
+
+	END_TEST_AND_RETURN
+}
+
+
+cc_int32 check_once_cc_ccache_new_credentials_iterator(cc_ccache_t ccache, cc_credentials_iterator_t *iterator, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[5] = {
+		ccNoError,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_new_credentials_iterator
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_new_credentials_iterator(ccache, iterator);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	#endif /* cc_ccache_new_credentials_iterator */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+cc_int32 check_once_cc_ccache_get_change_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_time_t this_time = 0;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_get_change_time
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (last_time == NULL) {
+		err = cc_ccache_get_change_time(ccache, NULL); // passed NULL to compare against because intention is actually to pass bad param instead
+	} else {
+		err = cc_ccache_get_change_time(ccache, &this_time);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if ((!err) && last_time) {
+		check_if(this_time <= *last_time, "change time didn't increase when expected");
+		*last_time = this_time;
+	}
+
+	#endif /* cc_ccache_get_change_time */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_get_change_time(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t dummy_ccache = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_credentials_union creds_union;
+	cc_credentials_iterator_t creds_iterator = NULL;
+	cc_credentials_t credentials = NULL;
+	cc_time_t last_time = 0;
+
+    BEGIN_TEST("cc_ccache_get_change_time");
+
+	#ifndef cc_ccache_get_change_time
+	log_error("cc_ccache_get_change_time is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// create some ccaches (so that the one we keep around as 'ccache' is not default)
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (ccache) {
+		cc_ccache_release(ccache);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
+	}
+
+	// change it in all the ways it can change, checking after each
+
+	// the ccache is created
+	if (!err) {
+		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "new ccache (change time should be > 0)");
+	}
+
+	// the ccache is made default
+	if (!err) {
+		err = cc_ccache_set_default(ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "non-default ccache became default");
+	}
+
+	// the ccache is made not-default
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "something@ELSE.COM", &dummy_ccache);
+	}
+	if (!err) {
+		err = cc_ccache_set_default(dummy_ccache);
+	}
+	if (dummy_ccache) {
+		cc_ccache_release(dummy_ccache);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "default ccache became non-default");
+	}
+
+	// try with bad params
+
+	// NULL out param
+	if (!err) {
+		check_once_cc_ccache_get_change_time(ccache, NULL, ccErrBadParam, "NULL out param for time");
+	}
+
+	// store a credential
+	if (!err) {
+		new_v5_creds_union(&creds_union, "BAR.ORG");
+		err = cc_ccache_store_credentials(ccache, &creds_union);
+		release_v5_creds_union(&creds_union);
+	}
+	check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "stored new credential");
+
+	if (!err) {
+		// change principal (fails with ccErrBadInternalMessage)
+		err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
+		if (err) {
+			log_error("failed to change ccache's principal - %s (%d)", translate_ccapi_error(err), err);
+			failure_count++;
+			err = ccNoError;
+		}
+	}
+	check_once_cc_context_get_change_time(context, &last_time, ccNoError, "after changing a principle");
+
+	// remove a credential
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
+	}
+	if (!err) {
+		err = cc_credentials_iterator_next(creds_iterator, &credentials);
+	}
+	if (err == ccIteratorEnd) {
+		err = ccNoError;
+	}
+	if (!err) {
+		err = cc_ccache_remove_credentials(ccache, credentials);
+	}
+	check_once_cc_context_get_change_time(context, &last_time, ccNoError, "after removing a credential");
+
+
+	// invalid ccache
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_change_time(ccache, &last_time, ccErrInvalidCCache, "getting change time on destroyed ccache");
+	}
+
+	if (ccache) { cc_ccache_release(ccache); }
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_get_change_time */
+
+	END_TEST_AND_RETURN
+}
+
+
+// ---------------------------------------------------------------------------
+
+cc_int32 check_once_cc_ccache_get_last_default_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_time_t this_time = 0;
+
+	cc_int32 possible_return_values[5] = {
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrNeverDefault,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_get_last_default_time
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (last_time == NULL) {
+		err = cc_ccache_get_last_default_time(ccache, NULL); // passed NULL to compare against because intention is actually to pass bad param instead
+	} else {
+		err = cc_ccache_get_last_default_time(ccache, &this_time);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err && last_time) {
+		check_if(this_time > *last_time, "last default time isn't as expected");
+		*last_time = this_time;
+	}
+
+	#endif /* cc_ccache_get_last_default_time */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_get_last_default_time(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache_1 = NULL;
+	cc_ccache_t ccache_2 = NULL;
+	cc_time_t last_time_1 = 0;
+	cc_time_t last_time_2 = 0;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_ccache_get_last_default_time");
+
+	#ifndef cc_ccache_get_last_default_time
+	log_error("cc_ccache_get_last_default_time is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// create 2 ccaches
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@ONE.ORG", &ccache_1);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@TWO.ORG", &ccache_2);
+	}
+
+	if (!err) {
+		err = cc_ccache_get_change_time(ccache_1, &last_time_1);
+	}
+
+	// since we destroyed all ccaches before creating these two,
+	// ccache_1 should be default and ccache_2 should never have been default
+	if (!err) {
+		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccNoError, "ccache_1 default at creation");
+		check_once_cc_ccache_get_last_default_time(ccache_2, &last_time_2, ccErrNeverDefault, "ccache_2 never default");
+	}
+
+	// make ccache_2 default and check each of their times again
+	if (!err) {
+		err = cc_ccache_set_default(ccache_2);
+	}
+	if (!err) {
+		err = cc_ccache_get_change_time(ccache_2, &last_time_2);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccNoError, "ccache_1 no longer default");
+		check_once_cc_ccache_get_last_default_time(ccache_2, &last_time_2, ccNoError, "ccache_2 newly default");
+	}
+
+	// NULL param
+	if (!err) {
+		check_once_cc_ccache_get_last_default_time(ccache_1, NULL, ccErrBadParam, "NULL out param");
+	}
+
+	// non-existent ccache
+	if (ccache_2) {
+		cc_ccache_release(ccache_2);
+		ccache_2 = NULL;
+	}
+	if (!err) {
+		err = cc_ccache_get_name(ccache_1, &name);
+	}
+	if (!err) {
+		err = cc_context_open_ccache(context, name->data, &ccache_2);
+	}
+	if (!err) {
+		cc_ccache_destroy(ccache_2);
+		ccache_2 = NULL;
+	}
+
+	if (!err) {
+		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccErrInvalidCCache, "destroyed ccache");
+	}
+
+	if (ccache_1) { cc_ccache_release(ccache_1); }
+
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_get_last_default_time */
+
+	END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_move(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t source = NULL;
+	cc_ccache_t destination = NULL;
+
+	cc_credentials_union creds_union;
+	unsigned int i = 0;
+
+	BEGIN_TEST("cc_ccache_move");
+
+	#ifndef cc_ccache_move
+	log_error("cc_ccache_move is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// create 2 ccaches
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@ONE.ORG", &source);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@TWO.ORG", &destination);
+	}
+
+	// store credentials in each
+	for (i = 0; !err && (i < 10); i++) {
+		new_v5_creds_union(&creds_union, "ONE.ORG");
+		err = cc_ccache_store_credentials(source, &creds_union);
+	}
+	for (i = 0; !err && (i < 10); i++) {
+		new_v5_creds_union(&creds_union, "TWO.ORG");
+		err = cc_ccache_store_credentials(destination, &creds_union);
+	}
+
+	// move source into destination
+	if (!err) {
+		check_once_cc_ccache_move(source, destination, ccNoError, "valid params");
+	}
+
+	// NULL param
+	if (!err) {
+		check_once_cc_ccache_move(destination, NULL, ccErrBadParam, "NULL destination param");
+	}
+
+	// non-existent ccache
+	if (!err) {
+		check_once_cc_ccache_move(destination, source, ccErrInvalidCCache, "recently moved source as destination param");
+	}
+
+	if (source) { cc_ccache_release(source); }
+	if (destination) { cc_ccache_release(destination); }
+
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_move */
+
+	END_TEST_AND_RETURN
+
+
+}
+
+cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_credentials_t dst_creds[10] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, };
+	cc_credentials_t creds = NULL;
+	cc_credentials_iterator_t cred_iterator = NULL;
+	unsigned int i = 0;
+
+	cc_string_t src_principal = NULL;
+	cc_string_t dst_principal = NULL;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrCCacheNotFound,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_move
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (destination) {
+		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)
+		if (!err) {
+			err = cc_ccache_new_credentials_iterator(destination, &cred_iterator);
+		}
+		while (!err && (i < 10)) {
+			err = cc_credentials_iterator_next(cred_iterator, &creds);
+			if (creds) {
+				dst_creds[i++] = creds;
+			}
+		}
+		if (err == ccIteratorEnd) {
+			err = ccNoError;
+		}
+		if (cred_iterator) {
+			cc_credentials_iterator_release(cred_iterator);
+			cred_iterator = NULL;
+		}
+
+		// verify that destination's principal has changed to source's (strcmp)
+		if (!err) {
+			err = cc_ccache_get_principal(source, cc_credentials_v5, &src_principal);
+		}
+	}
+
+
+	if (!err) {
+		err = cc_ccache_move(source, destination);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+
+	if (!err) {
+		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)
+		i = 0;
+		while (dst_creds[i] && (i < 10)) {
+			err = cc_ccache_remove_credentials(destination, dst_creds[i]);
+			check_if(!(!err || err == ccErrCredentialsNotFound || ccErrInvalidCredentials), "credentials in destination not removed as promised");
+			cc_credentials_release(dst_creds[i]);
+			i++;
+		}
+		err = ccNoError;
+	}
+
+		// verify that destination's principal has changed to source's (strcmp)
+		if (!err) {
+			err = cc_ccache_get_principal(destination, cc_credentials_v5, &dst_principal);
+		}
+		if (!err) {
+			check_if(strcmp(src_principal->data, dst_principal->data), "destination principal not overwritten by source");
+		}
+
+		// verify that handles for source are no longer valid (get_change_time)
+		if (src_principal) {
+			cc_string_release(src_principal);
+			src_principal = NULL;
+		}
+		if (!err) {
+			err = cc_ccache_get_principal(source, cc_credentials_v5, &src_principal);
+			check_if(err != ccErrInvalidCCache, "source ccache was not invalidated after move");
+		}
+
+
+	if (cred_iterator) { cc_credentials_iterator_release(cred_iterator); }
+	if (src_principal) { cc_string_release(src_principal); }
+	if (dst_principal) { cc_string_release(dst_principal); }
+
+	#endif /* cc_ccache_move */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_compare(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache_a = NULL;
+	cc_ccache_t ccache_b = NULL;
+	cc_uint32 equal = 0;
+
+	BEGIN_TEST("cc_ccache_compare");
+
+	#ifndef cc_ccache_compare
+	log_error("cc_ccache_compare is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache_a);
+	}
+	if (!err) {
+		err = cc_context_open_default_ccache(context, &ccache_b);
+	}
+
+	equal = 1;
+	check_once_cc_ccache_compare(ccache_a, ccache_a, &equal, ccNoError, "compare ccache with same pointer");
+	equal = 1;
+	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different handles to same ccache");
+
+	if (ccache_b) {
+		cc_ccache_release(ccache_b);
+		ccache_b = NULL;
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "baz@BAR.ORG", &ccache_b);
+	}
+	equal = 0;
+	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different ccaches");
+	check_once_cc_ccache_compare(ccache_a, NULL, &equal, ccErrBadParam, "NULL compare_to ccache");
+	check_once_cc_ccache_compare(ccache_a, ccache_b, NULL, ccErrBadParam, "NULL out param");
+
+	if (ccache_a) { cc_ccache_release(ccache_a); }
+	if (ccache_b) { cc_ccache_release(ccache_b); }
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_compare */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_uint32 actually_equal = 0;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
+		ccErrServerUnavailable,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_compare
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (equal) {
+		actually_equal = *equal;
+	}
+
+	err = cc_ccache_compare(ccache, compare_to, equal);
+
+	if (!err && equal) {
+		if (actually_equal) {
+			check_if(actually_equal != *equal, "equal ccaches not considered equal");
+		}
+		else {
+			check_if(actually_equal != *equal, "non-equal ccaches considered equal");
+		}
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	#endif /* cc_ccache_compare */
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_get_kdc_time_offset(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_time_t time_offset = 0;
+
+	BEGIN_TEST("cc_ccache_get_kdc_time_offset");
+
+	#ifndef cc_ccache_get_kdc_time_offset
+	log_error("cc_ccache_get_kdc_time_offset is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+	time_offset = 0;
+	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccErrTimeOffsetNotSet, "brand new ccache (offset not yet set)");
+
+	time_offset = 10;
+	if (!err) {
+		err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, time_offset);
+	}
+	if (!err) {
+		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccNoError, "offset set for v5");
+	}
+
+	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL time_offset out param");
+
+	if (ccache) { cc_ccache_release(ccache); }
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_get_kdc_time_offset */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_get_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t *time_offset, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_time_t expected_offset;
+
+	cc_int32 possible_return_values[7] = {
+		ccNoError,
+		ccErrTimeOffsetNotSet,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrServerUnavailable,
+		ccErrBadCredentialsVersion,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_get_kdc_time_offset
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (time_offset) {
+		expected_offset = *time_offset;
+	}
+
+	err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, time_offset);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err && time_offset) {
+		check_if(*time_offset != expected_offset, "kdc time offset doesn't match expected value");
+	}
+
+	#endif /* cc_ccache_get_kdc_time_offset */
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_set_kdc_time_offset(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_set_kdc_time_offset");
+
+	#ifndef cc_ccache_set_kdc_time_offset
+	log_error("cc_ccache_set_kdc_time_offset is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0, ccNoError, "first time setting offset (v5)");
+
+	if (ccache) { cc_ccache_release(ccache); }
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_set_kdc_time_offset */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_set_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t time_offset, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_time_t stored_offset = 0;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrServerUnavailable,
+		ccErrBadCredentialsVersion,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_set_kdc_time_offset
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_set_kdc_time_offset(ccache, credentials_version, time_offset);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, &stored_offset);
+	}
+
+	if (!err) {
+		check_if(time_offset != stored_offset, "kdc time offset doesn't match expected value");
+	}
+
+	#endif /* cc_ccache_set_kdc_time_offset */
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_clear_kdc_time_offset(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_ccache_clear_kdc_time_offset");
+
+	#ifndef cc_ccache_clear_kdc_time_offset
+	log_error("cc_ccache_clear_kdc_time_offset is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+
+	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing an offset that was never set (v5)");
+
+	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0);
+
+	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing v5");
+
+	if (ccache) { cc_ccache_release(ccache); }
+
+	if (context) {
+		err = destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	#endif /* cc_ccache_clear_kdc_time_offset */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_clear_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+	cc_time_t stored_offset = 0;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrServerUnavailable,
+		ccErrBadCredentialsVersion,
+	};
+	BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_ccache_clear_kdc_time_offset
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_ccache_clear_kdc_time_offset(ccache, credentials_version);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, &stored_offset);
+		check_if(err != ccErrTimeOffsetNotSet, "time offset not cleared");
+	}
+
+	#endif /* cc_ccache_clear_kdc_time_offset */
+
+	return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_ccache.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_ccache.h
new file mode 100644
index 00000000..ecb06219
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_ccache.h
@@ -0,0 +1,49 @@
+#ifndef _TEST_CCAPI_CCACHE_H_
+#define _TEST_CCAPI_CCACHE_H_
+
+#include "test_ccapi_globals.h"
+
+int check_cc_ccache_release(void);
+cc_int32 check_once_cc_ccache_release(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description);
+int check_cc_ccache_destroy(void);
+cc_int32 check_once_cc_ccache_destroy(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description);
+int check_cc_ccache_set_default(void);
+cc_int32 check_once_cc_ccache_set_default(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description);
+int check_cc_ccache_get_credentials_version(void);
+cc_int32 check_once_cc_ccache_get_credentials_version(cc_ccache_t ccache, cc_uint32 expected_cred_vers, cc_int32 expected_err, const char *description);
+int check_cc_ccache_get_name(void);
+cc_int32 check_once_cc_ccache_get_name(cc_ccache_t ccache, const char *expected_name, cc_int32 expected_err, const char *description);
+int check_cc_ccache_get_principal(void);
+cc_int32 check_once_cc_ccache_get_principal(cc_ccache_t ccache, cc_uint32 cred_vers, const char *expected_principal, cc_int32 expected_err, const char *description);
+int check_cc_ccache_set_principal(void);
+cc_int32 check_once_cc_ccache_set_principal(cc_ccache_t ccache, cc_uint32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_store_credentials(void);
+cc_int32 check_once_cc_ccache_store_credentials(cc_ccache_t ccache, const cc_credentials_union *credentials, cc_int32 expected_err, const char *description);
+int check_cc_ccache_remove_credentials(void);
+cc_int32 check_once_cc_ccache_remove_credentials(cc_ccache_t ccache, cc_credentials_t in_creds, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_new_credentials_iterator(void);
+cc_int32 check_once_cc_ccache_new_credentials_iterator(cc_ccache_t ccache, cc_credentials_iterator_t *iterator, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_get_change_time(void);
+cc_int32 check_once_cc_ccache_get_change_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description);
+int check_cc_ccache_get_last_default_time(void);
+cc_int32 check_once_cc_ccache_get_last_default_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_move(void);
+cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_compare(void);
+cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_get_kdc_time_offset(void);
+cc_int32 check_once_cc_ccache_get_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t *time_offset, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_set_kdc_time_offset(void);
+cc_int32 check_once_cc_ccache_set_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t time_offset, cc_int32 expected_err, const char *description);
+
+int check_cc_ccache_clear_kdc_time_offset(void);
+cc_int32 check_once_cc_ccache_clear_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_int32 expected_err, const char *description);
+
+#endif /* _TEST_CCAPI_CCACHE_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_check.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_check.c
new file mode 100644
index 00000000..7f55b455
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_check.c
@@ -0,0 +1,37 @@
+#include "test_ccapi_check.h"
+
+int _check_if(int expression, const char *file, int line, const char *expression_string, const char *format, ...) {
+	if (expression) {
+		failure_count++;
+		// call with NULL format to get a generic error message
+		if (format == NULL) {
+			_log_error(file, line, expression_string);
+		}
+		// call with format and varargs for a more useful error message
+		else {
+			va_list ap;
+			va_start(ap, format);
+			_log_error_v(file, line, format, ap);
+			va_end(ap);
+		}
+
+		if (current_test_activity) {
+			fprintf(stdout, " (%s)", current_test_activity);
+		}
+	}
+
+	return (expression != 0);
+}
+
+int array_contains_int(cc_int32 *array, int size, cc_int32 value) {
+	if (array != NULL && size > 0) {
+		int i = 0;
+		while (i < size && array[i] != value) {
+			i++;
+		}
+		if (i < size) {
+			return 1;
+		}
+	}
+	return 0;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_check.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_check.h
new file mode 100644
index 00000000..0a953481
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_check.h
@@ -0,0 +1,43 @@
+#ifndef _TEST_CCAPI_CHECK_H_
+#define _TEST_CCAPI_CHECK_H_
+
+#include <stdio.h>
+#include <stdarg.h>
+#include "test_ccapi_log.h"
+#include "test_ccapi_globals.h"
+
+int _check_if(int expression, const char *file, int line, const char *expression_string, const char *format, ...);
+
+#define check_int(a, b) \
+		check_if(a != b, NULL)
+
+/*
+ *	if expression evaluates to true, check_if increments the failure_count and prints:
+ *
+ *	check_if(a!=a, NULL);
+ *	==> "/path/to/file:line: a!=a"
+ *
+ *	check_if(a!=a, "This shouldn't be happening");
+ *	==> "/path/to/file:line: This shouldn't be happening"
+ *
+ *	check_if(a!=a, "This has happened %d times now", 3);
+ *	==> "/path/to/file:line: This has happened 3 times now"
+*/
+
+#define check_if(expression, format, ...) \
+		_check_if(expression, __FILE__, __LINE__, #expression, format , ## __VA_ARGS__)
+
+#define check_if_not(expression, format, ...) \
+		check_if(!(expression), format, ## __VA_ARGS__)
+
+// first check if err is what we were expecting to get back
+// then check if err is even in the set of errors documented for the function
+#define check_err(err, expected_err, possible_return_values) \
+		do { \
+			check_if(err != expected_err, "unexpected error %s (%d), expected %s (%d)", translate_ccapi_error(err), err, translate_ccapi_error(expected_err), expected_err); \
+			check_if_not(array_contains_int(possible_return_values, possible_ret_val_count, err), "error not documented as a possible return value: %s (%d)", translate_ccapi_error(err), err); \
+		} while( 0 )
+
+int array_contains_int(cc_int32 *array, int size, cc_int32 value);
+
+#endif /* _TEST_CCAPI_CHECK_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_constants.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_constants.c
new file mode 100644
index 00000000..57377262
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_constants.c
@@ -0,0 +1,64 @@
+#include "test_ccapi_constants.h"
+#include "test_ccapi_globals.h"
+#include "test_ccapi_check.h"
+
+int check_constants(void) {
+	BEGIN_TEST("constants");
+	/* API versions */
+
+	check_int(ccapi_version_2, 2);
+	check_int(ccapi_version_3, 3);
+	check_int(ccapi_version_4, 4);
+	check_int(ccapi_version_5, 5);
+	check_int(ccapi_version_6, 6);
+
+	/* Errors */
+
+	check_int(ccNoError 					  , 0  );	 //   0
+	check_int(ccIteratorEnd 				  , 201);    // 201
+	check_int(ccErrBadParam 			      , 202);    // 202
+	check_int(ccErrNoMem 					  , 203);    // 203
+	check_int(ccErrInvalidContext             , 204);    // 204
+	check_int(ccErrInvalidCCache              , 205);    // 205
+	check_int(ccErrInvalidString              , 206);    // 206
+	check_int(ccErrInvalidCredentials         , 207);    // 207
+	check_int(ccErrInvalidCCacheIterator      , 208);    // 208
+	check_int(ccErrInvalidCredentialsIterator , 209);    // 209
+	check_int(ccErrInvalidLock                , 210);    // 210
+	check_int(ccErrBadName                    , 211);    // 211
+	check_int(ccErrBadCredentialsVersion      , 212);    // 212
+	check_int(ccErrBadAPIVersion              , 213);    // 213
+	check_int(ccErrContextLocked              , 214);    // 214
+	check_int(ccErrContextUnlocked            , 215);    // 215
+	check_int(ccErrCCacheLocked               , 216);    // 216
+	check_int(ccErrCCacheUnlocked             , 217);    // 217
+	check_int(ccErrBadLockType                , 218);    // 218
+	check_int(ccErrNeverDefault               , 219);    // 219
+	check_int(ccErrCredentialsNotFound        , 220);    // 220
+	check_int(ccErrCCacheNotFound             , 221);    // 221
+	check_int(ccErrContextNotFound            , 222);    // 222
+	check_int(ccErrServerUnavailable          , 223);    // 223
+	check_int(ccErrServerInsecure             , 224);    // 224
+	check_int(ccErrServerCantBecomeUID        , 225);    // 225
+	check_int(ccErrTimeOffsetNotSet           , 226);    // 226
+	check_int(ccErrBadInternalMessage         , 227);    // 227
+	check_int(ccErrNotImplemented             , 228);    // 228
+
+	/* Credentials versions */
+
+	check_int(cc_credentials_v5,    2);
+
+	/* Lock types */
+
+	check_int(cc_lock_read,      0);
+	check_int(cc_lock_write,     1);
+	check_int(cc_lock_upgrade,   2);
+	check_int(cc_lock_downgrade, 3);
+
+    /* Locking Modes */
+
+	check_int(cc_lock_noblock, 0);
+	check_int(cc_lock_block,   1);
+
+	END_TEST_AND_RETURN
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_constants.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_constants.h
new file mode 100644
index 00000000..bc3f4f3b
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_constants.h
@@ -0,0 +1,6 @@
+#ifndef _TEST_CCAPI_CONSTANTS_H_
+#define _TEST_CCAPI_CONSTANTS_H_
+
+int check_constants(void);
+
+#endif /* _TEST_CCAPI_CONSTANTS_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_context.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_context.c
new file mode 100644
index 00000000..2dc348ea
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_context.c
@@ -0,0 +1,987 @@
+#include <string.h>
+#include "test_ccapi_context.h"
+#include <limits.h>
+#include "test_ccapi_check.h"
+#include "test_ccapi_util.h"
+
+int check_cc_initialize(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+
+	BEGIN_TEST("cc_initialize");
+
+	// try every api_version
+	err = check_once_cc_initialize(&context, ccapi_version_2, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_2");   	   // err == CC_BAD_API_VERSION (9) would be imported by CredentialsCache2.h
+	err = check_once_cc_initialize(&context, ccapi_version_3, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_3");   	   // !err
+	err = check_once_cc_initialize(&context, ccapi_version_4, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_4");   	   //        "
+	err = check_once_cc_initialize(&context, ccapi_version_5, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_5");   	   //        "
+	err = check_once_cc_initialize(&context, ccapi_version_6, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_6");   	   //        "
+
+	// try bad api_version
+	err = check_once_cc_initialize(&context, INT_MAX,         NULL, NULL, ccErrBadAPIVersion, NULL); // err == ccErrBadAPIVersion
+
+	// try bad param
+	err = check_once_cc_initialize(NULL,     ccapi_version_3, NULL, NULL, ccErrBadParam, NULL);  	   // err == ccErrBadParam
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_initialize(cc_context_t *out_context, cc_int32 in_version, cc_int32 *out_supported_version, char const **out_vendor, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_context_t context;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrNoMem,
+		ccErrBadAPIVersion,
+		ccErrBadParam,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_initialize(out_context, in_version, out_supported_version, out_vendor);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (out_context) { context = *out_context; }
+	else { context = NULL; }
+
+	// check output parameters
+	if (!err) {
+		check_if(context == NULL, NULL);
+		if (context) {
+			cc_context_release(context);
+			*out_context = NULL;
+		}
+	} else {
+		check_if(context != NULL, NULL);
+	}
+
+	return err;
+}
+
+int check_cc_context_release(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+
+	BEGIN_TEST("cc_context_release");
+
+	#ifndef cc_context_release
+	log_error("cc_context_release is not implemented yet");
+	failure_count++;
+	#else
+
+	// try with valid context
+	err = check_once_cc_context_release(&context, ccNoError, NULL);
+
+	// try with NULL
+	//err = check_once_cc_context_release(NULL, ccErrInvalidContext);
+	/* calling with NULL context crashes, because this macro expands to
+	   ((NULL) -> functions -> release (NULL)) which is dereferencing NULL which is bad. */
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_release */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_release(cc_context_t *out_context, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+
+	cc_int32 possible_return_values[2] = {
+		ccNoError,
+		ccErrInvalidContext,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_release
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (out_context) {
+		err = cc_initialize(out_context, ccapi_version_3, NULL, NULL);
+		if (!err) {
+			context = *out_context;
+		}
+	}
+
+	if (err != ccNoError) {
+		log_error("failure in cc_initialize, unable to perform check");
+		return err;
+	}
+	else {
+		err = cc_context_release(context);
+		// check returned error
+		check_err(err, expected_err, possible_return_values);
+	}
+
+	*out_context = NULL;
+
+	#endif /* cc_context_release */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_get_change_time(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_time_t last_change_time = 0;
+	cc_ccache_t ccache = NULL;
+	cc_credentials_union creds_union;
+	cc_credentials_iterator_t creds_iterator = NULL;
+	cc_credentials_t credentials = NULL;
+
+	BEGIN_TEST("cc_context_get_change_time");
+
+	#ifndef cc_context_get_change_time
+	log_error("cc_context_get_change_time is not implemented yet");
+	failure_count++;
+	#else
+
+	/*
+	 * Make a context
+	 * make sure the change time changes after:
+	 * 	a ccache is created
+	 * 	a ccache is destroyed
+	 * 	a credential is stored
+	 * 	a credential is removed
+	 * 	a ccache principal is changed
+	 * 	the default ccache is changed
+	 * clean up memory
+	 */
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+
+		// try bad parameters first
+		err = check_once_cc_context_get_change_time(context, NULL, ccErrBadParam, "NULL param, should fail");
+
+		// make sure we have a default ccache
+		err = cc_context_open_default_ccache(context, &ccache);
+		if (err == ccErrCCacheNotFound) {
+			err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo/bar@BAZ.ORG", &ccache);
+		}
+		if (!err) {
+			err = cc_ccache_release(ccache);
+		}
+		// either the default ccache already existed or we just created it
+		// either way, the get_change_time should now give something > 0
+		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "first-run, should be > 0");
+
+		// create a ccache
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after creating a new ccache");
+
+		// store a credential
+		if (!err) {
+			new_v5_creds_union(&creds_union, "BAR.ORG");
+			err = cc_ccache_store_credentials(ccache, &creds_union);
+			release_v5_creds_union(&creds_union);
+		}
+		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after storing a credential");
+
+		if (!err) {
+			// change principal (fails with ccErrBadInternalMessage)
+			err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
+			if (err) {
+				log_error("failed to change ccache's principal - %s (%d)", translate_ccapi_error(err), err);
+				failure_count++;
+				err = ccNoError;
+			}
+		}
+		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after changing a principle");
+
+		// remove a credential
+		if (!err) {
+			err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
+		}
+		if (!err) {
+			err = cc_credentials_iterator_next(creds_iterator, &credentials);
+		}
+		if (err == ccIteratorEnd) {
+			err = ccNoError;
+		}
+		if (!err) {
+			err = cc_ccache_remove_credentials(ccache, credentials);
+		}
+		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after removing a credential");
+
+		if (!err) {
+			// change default ccache
+			err = cc_ccache_set_default(ccache);
+			check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after changing default ccache");
+		}
+
+		if (ccache) {
+			// destroy a ccache
+			err = cc_ccache_destroy(ccache);
+			check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after destroying a ccache");
+		}
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_get_change_time */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_get_change_time(cc_context_t context, cc_time_t *time, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_time_t last_change_time;
+	cc_time_t current_change_time = 0;
+
+	cc_int32 possible_return_values[3] = {
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_get_change_time
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (time != NULL) { // if we were passed NULL, then we're looking to pass a bad param
+		err = cc_context_get_change_time(context, &current_change_time);
+	} else {
+		err = cc_context_get_change_time(context, NULL);
+	}
+
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		last_change_time = *time;
+		check_if(current_change_time <= last_change_time, "context change time did not increase when it was supposed to (%d <= %d)", current_change_time, last_change_time);
+		*time = current_change_time;
+	}
+
+	#endif /* cc_context_get_change_time */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_get_default_ccache_name(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_context_get_default_ccache_name");
+
+	#ifndef cc_context_get_default_ccache_name
+	log_error("cc_context_get_default_ccache_name is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		// try bad parameters first
+		err = check_once_cc_context_get_default_ccache_name(context, NULL, ccErrBadParam, NULL);
+
+		// try with no default
+		err = destroy_all_ccaches(context);
+		err = cc_context_open_default_ccache(context, &ccache);
+		if (err != ccErrCCacheNotFound) {
+			log_error("didn't remove all ccaches");
+		}
+		err = check_once_cc_context_get_default_ccache_name(context, &name, ccNoError, NULL);
+
+		// try normally
+		err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+		if (ccache) { cc_ccache_release(ccache); }
+		err = check_once_cc_context_get_default_ccache_name(context, &name, ccNoError, NULL);
+
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_get_default_ccache_name */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_get_default_ccache_name(cc_context_t context, cc_string_t *name, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
+		ccErrNoMem,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_get_default_ccache_name
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (name != NULL) { // if we were passed NULL, then we're looking to pass a bad param
+		err = cc_context_get_default_ccache_name(context, name);
+	} else {
+		err = cc_context_get_default_ccache_name(context, NULL);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	// not really anything else to check
+
+	if (name && *name) { cc_string_release(*name); }
+
+	#endif /* cc_context_get_default_ccache_name */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_open_ccache(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_context_open_ccache");
+
+	#ifndef cc_context_open_ccache
+	log_error("cc_context_open_ccache is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		// make sure we have a default ccache
+		err = cc_context_open_default_ccache(context, &ccache);
+		if (err == ccErrCCacheNotFound) {
+			err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo/bar@BAZ.ORG", &ccache);
+		}
+		if (!err) {
+			err = cc_ccache_release(ccache);
+			ccache = NULL;
+		}
+
+		// try default ccache
+		err = cc_context_get_default_ccache_name(context, &name);
+		if (!err) {
+			err = check_once_cc_context_open_ccache(context, name->data, &ccache, ccNoError, NULL);
+		}
+
+		// try bad parameters
+		err = check_once_cc_context_open_ccache(context, NULL, &ccache, ccErrBadParam, NULL);
+		err = check_once_cc_context_open_ccache(context, name->data, NULL, ccErrBadParam, NULL);
+
+		// try a ccache that doesn't exist (create one and then destroy it)
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+		if (!err) {
+			err = cc_ccache_get_name(ccache, &name);
+		}
+		if (!err) {
+			err = cc_ccache_destroy(ccache);
+			ccache = NULL;
+		}
+
+		err = check_once_cc_context_open_ccache(context, name->data, &ccache, ccErrCCacheNotFound, NULL);
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_open_ccache */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_open_ccache(cc_context_t context, const char *name, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_string_t stored_name = NULL;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrBadName,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrCCacheNotFound,
+		ccErrBadParam,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_open_ccache
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (ccache != NULL) { // if we were passed NULL, then we're looking to pass a bad param
+		err = cc_context_open_ccache(context, name, ccache);
+	} else {
+		err = cc_context_open_ccache(context, name, NULL);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		check_if(*ccache == NULL, NULL);
+
+		if (!err) {
+			err = cc_ccache_get_name(*ccache, &stored_name);
+		}
+		if (!err) {
+			check_if(strcmp(stored_name->data, name), NULL);
+		}
+		if (stored_name) { cc_string_release(stored_name); }
+
+
+		if (ccache && *ccache) {
+			cc_ccache_release(*ccache);
+			*ccache = NULL;
+		}
+	}
+
+	#endif /* cc_context_open_ccache */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_open_default_ccache(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+
+	BEGIN_TEST("cc_context_open_default_ccache");
+
+	#ifndef cc_context_open_default_ccache
+	log_error("cc_context_open_default_ccache is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		// make sure we have a default ccache
+		err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo/bar@BAZ.ORG", &ccache);
+		if (ccache) { cc_ccache_release(ccache); }
+
+		// try default ccache
+		if (!err) {
+			err = check_once_cc_context_open_default_ccache(context, &ccache, ccNoError, NULL);
+		}
+
+		// try bad parameters
+		err = check_once_cc_context_open_default_ccache(context, NULL, ccErrBadParam, NULL);
+
+		// try with no default ccache (destroy all ccaches first)
+		err = destroy_all_ccaches(context);
+
+		err = check_once_cc_context_open_default_ccache(context, &ccache, ccErrCCacheNotFound, NULL);
+	}
+
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_open_default_ccache */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_open_default_ccache(cc_context_t context, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_string_t given_name = NULL;
+	cc_string_t default_name = NULL;
+
+	cc_int32 possible_return_values[5] = {
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrCCacheNotFound,
+		ccErrBadParam,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_open_default_ccache
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	if (ccache != NULL) { // if we were passed NULL, then we're looking to pass a bad param
+		err = cc_context_open_default_ccache(context, ccache);
+	} else {
+		err = cc_context_open_default_ccache(context, NULL);
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		check_if(*ccache == NULL, NULL);
+
+		// make sure this ccache is the one we were looking to get back (compare name with cc_context_get_default_ccache_name)
+		err = cc_ccache_get_name(*ccache, &given_name);
+		err = cc_context_get_default_ccache_name(context, &default_name);
+		if (given_name && default_name) {
+			check_if(strcmp(given_name->data, default_name->data), "name of ccache returned by cc_context_open_default_ccache doesn't match name returned by cc_context_get_default_ccache_name");
+		}
+		if (given_name) { cc_string_release(given_name); }
+		if (default_name) { cc_string_release(default_name); }
+
+		if (ccache && *ccache) {
+			cc_ccache_release(*ccache);
+			*ccache = NULL;
+		}
+	}
+
+	#endif /* cc_context_open_default_ccache */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_create_ccache(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_context_create_ccache");
+
+	#ifndef cc_context_create_ccache
+	log_error("cc_context_create_ccache is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		// try making a ccache with a non-unique name (the existing default's name)
+		if (!err) {
+			err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo/bar@BAZ.ORG", &ccache);
+		}
+		if (!err) {
+			err = cc_ccache_get_name(ccache, &name);
+		}
+		if (ccache) { cc_ccache_release(ccache); }
+		if (!err) {
+			err = check_once_cc_context_create_ccache(context, name->data, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccNoError, NULL);
+		}
+
+		// try making a ccache with a unique name (the now destroyed default's name)
+		if (ccache) { cc_ccache_destroy(ccache); }
+		if (!err) {
+			err = check_once_cc_context_create_ccache(context, name->data, cc_credentials_v5, "foo/baz@BAR.ORG", &ccache, ccNoError, NULL);
+		}
+
+		// try bad parameters
+		err = check_once_cc_context_create_ccache(context, NULL, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccErrBadParam, "NULL name");                    // NULL name
+		err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal");                          // NULL principal
+		err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache");                    // NULL ccache
+	}
+
+	if (name) { cc_string_release(name); }
+	if (ccache) { cc_ccache_destroy(ccache); }
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_create_ccache */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_create_ccache(cc_context_t context, const char *name, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_string_t stored_name = NULL;
+	cc_string_t stored_principal = NULL;
+	cc_uint32 stored_creds_vers = 0;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrBadName,
+		ccErrBadParam,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
+	};
+	BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_create_ccache
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_context_create_ccache(context, name, cred_vers, principal, ccache);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		check_if(*ccache == NULL, NULL);
+
+		// make sure all of the ccache's info matches what we gave it
+		// name
+		err = cc_ccache_get_name(*ccache, &stored_name);
+		if (!err) { check_if(strcmp(stored_name->data, name), NULL); }
+		if (stored_name) { cc_string_release(stored_name); }
+		// cred_vers
+		// FIXME Documented function name of cc_ccache_get_credentials_version is a typo.
+		// FIXME Documented type of creds param the wrong signedness (should be unsigned) for cc_ccache_get_credentials_version, cc_context_create_ccache, cc_context_create_default_ccache, cc_context_create_new_ccache
+		err = cc_ccache_get_credentials_version(*ccache, &stored_creds_vers);
+		if (!err) { check_if(stored_creds_vers != cred_vers, NULL); }
+		// principal
+		err = cc_ccache_get_principal(*ccache, cc_credentials_v5, &stored_principal);
+		if (!err) { check_if(strcmp(stored_principal->data, principal), NULL); }
+		if (stored_principal) { cc_string_release(stored_principal); }
+
+		if (ccache && *ccache) {
+			cc_ccache_destroy(*ccache);
+			*ccache = NULL;
+		}
+	}
+
+	#endif /* cc_context_create_ccache */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_create_default_ccache(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_context_create_default_ccache");
+
+	#ifndef cc_context_create_default_ccache
+	log_error("cc_context_create_default_ccache is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		// try making the default when there are no existing ccaches
+		err = destroy_all_ccaches(context);
+		if (!err) {
+			err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccNoError, NULL);
+		}
+		if (ccache) { cc_ccache_release(ccache); }
+
+		// try making a new default when one already exists
+		if (!err) {
+			err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo/baz@BAR.ORG", &ccache, ccNoError, NULL);
+		}
+
+		// try bad parameters
+		err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal");                          // NULL principal
+		err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache");                    // NULL ccache
+	}
+
+	if (name) { cc_string_release(name); }
+	if (ccache) { cc_ccache_destroy(ccache); }
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_create_default_ccache */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_create_default_ccache(cc_context_t context, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_string_t stored_principal = NULL;
+	cc_uint32 stored_creds_vers = 0;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrBadName, // how can this be possible when the name isn't a parameter?
+		ccErrBadParam,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_create_default_ccache
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_context_create_default_ccache(context, cred_vers, principal, ccache);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		if (ccache) { check_if(*ccache == NULL, NULL); }
+		// make sure all of the ccache's info matches what we gave it
+		// cred_vers
+		err = cc_ccache_get_credentials_version(*ccache, &stored_creds_vers);
+		if (!err) { check_if(stored_creds_vers != cred_vers, NULL); }
+		// principal
+		err = cc_ccache_get_principal(*ccache, cc_credentials_v5, &stored_principal);
+		if (!err) { check_if(strcmp(stored_principal->data, principal), NULL); }
+		if (stored_principal) { cc_string_release(stored_principal); }
+
+		if (ccache && *ccache) {
+			cc_ccache_release(*ccache);
+			*ccache = NULL;
+		}
+	}
+
+	#endif /* cc_context_create_default_ccache */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_create_new_ccache(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_string_t name = NULL;
+
+	BEGIN_TEST("cc_context_create_new_ccache");
+
+	#ifndef cc_context_create_new_ccache
+	log_error("cc_context_create_new_ccache is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		// try making when there are no existing ccaches (should have name of default)
+		err = destroy_all_ccaches(context);
+		if (!err) {
+			err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccNoError, NULL);
+		}
+		if (ccache) { cc_ccache_release(ccache); }
+
+		// try making a new ccache when one already exists (should not have name of default)
+		if (!err) {
+			err = check_once_cc_context_create_new_ccache(context, 0, cc_credentials_v5, "foo/baz@BAR.ORG", &ccache, ccNoError, NULL);
+		}
+		if (ccache) { cc_ccache_release(ccache); }
+
+		// try bad parameters
+		err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal");                          // NULL principal
+		err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache");                    // NULL ccache
+	}
+
+	if (name) { cc_string_release(name); }
+	if (ccache) { cc_ccache_destroy(ccache); }
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_create_new_ccache */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_create_new_ccache(cc_context_t context, cc_int32 should_be_default, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
+	cc_int32 err = 0;
+	cc_string_t name = NULL;
+	cc_string_t stored_name = NULL;
+	cc_string_t stored_principal = NULL;
+	cc_uint32 stored_creds_vers = 0;
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccErrBadName, // how can this be possible when the name isn't a parameter?
+		ccErrBadParam,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_create_new_ccache
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_context_create_new_ccache(context, cred_vers, principal, ccache);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	if (!err) {
+		if (ccache) { check_if(*ccache == NULL, NULL); }
+		// make sure all of the ccache's info matches what we gave it
+		if (!err) {
+			err = cc_context_get_default_ccache_name(context, &name);
+		}
+		if (!err) {
+			err = cc_ccache_get_name(*ccache, &stored_name);
+		}
+		if (!err) {
+			if (should_be_default) {
+				check_if(strcmp(stored_name->data, name->data), "new ccache does not have name of default");
+			}
+			else {
+				check_if((strcmp(stored_name->data, name->data) == 0), "new cache has name of default");
+			}
+		}
+		if (name) { cc_string_release(name); }
+		if (stored_name) { cc_string_release(stored_name); }
+
+		// cred_vers
+		err = cc_ccache_get_credentials_version(*ccache, &stored_creds_vers);
+		if (!err) { check_if(stored_creds_vers != cred_vers, NULL); }
+		// principal
+		err = cc_ccache_get_principal(*ccache, cc_credentials_v5, &stored_principal);
+		if (!err) { check_if(strcmp(stored_principal->data, principal), NULL); }
+		if (stored_principal) { cc_string_release(stored_principal); }
+
+		if (ccache && *ccache) {
+			cc_ccache_release(*ccache);
+			*ccache = NULL;
+		}
+	}
+
+	#endif /* cc_context_create_new_ccache */
+
+	END_CHECK_ONCE;
+
+	return err;
+}
+
+int check_cc_context_new_ccache_iterator(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_string_t name = NULL;
+	cc_ccache_iterator_t iterator = NULL;
+
+	BEGIN_TEST("cc_context_new_ccache_iterator");
+
+	#ifndef cc_context_new_ccache_iterator
+	log_error("cc_context_new_ccache_iterator is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+	if (!err) {
+		// try making when there are no existing ccaches (shouldn't make a difference, but just in case)
+		check_once_cc_context_new_ccache_iterator(context, &iterator, ccNoError, "when there are no existing ccaches");
+
+		err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		// try making when at least one ccache already exists (just to cover all our bases)
+		check_once_cc_context_new_ccache_iterator(context, &iterator, ccNoError, "when at least one ccache already exists");
+
+		// try bad parameters
+		check_once_cc_context_new_ccache_iterator(context, NULL, ccErrBadParam, "NULL param"); // NULL iterator
+	}
+		// we'll do a comprehensive test of cc_ccache_iterator related functions later in the test suite
+
+	if (name) { cc_string_release(name); }
+	if (ccache) { cc_ccache_destroy(ccache); }
+	if (context) { cc_context_release(context); }
+
+	#endif /* cc_context_new_ccache_iterator */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_new_ccache_iterator(cc_context_t context, cc_ccache_iterator_t *iterator, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrInvalidContext,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_create_new_ccache
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_context_new_ccache_iterator(context, iterator);
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	// we'll do a comprehensive test of cc_ccache_iterator related functions later
+
+	#endif /* cc_context_create_new_ccache */
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_context_compare(void) {
+	cc_int32 err = 0;
+	cc_context_t context_a = NULL;
+	cc_context_t context_b = NULL;
+	cc_uint32 equal = 0;
+
+	BEGIN_TEST("cc_context_compare");
+
+	#ifndef cc_context_compare
+	log_error("cc_context_compare is not implemented yet");
+	failure_count++;
+	#else
+
+	err = cc_initialize(&context_a, ccapi_version_3, NULL, NULL);
+	if (!err) {
+		err = cc_initialize(&context_b, ccapi_version_3, NULL, NULL);
+	}
+
+	check_once_cc_context_compare(context_a, context_a, &equal, ccNoError, "valid params, same contexts");
+	check_once_cc_context_compare(context_a, context_b, &equal, ccNoError, "valid params, different contexts");
+	check_once_cc_context_compare(context_a, NULL, &equal, ccErrBadParam, "NULL compare_to context");
+	check_once_cc_context_compare(context_a, context_b, NULL, ccErrBadParam, "NULL out param");
+
+	if (context_a) { cc_context_release(context_a); }
+	if (context_b) { cc_context_release(context_b); }
+
+	#endif /* cc_context_compare */
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_context_compare(cc_context_t context, cc_context_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+	cc_int32 possible_return_values[4] = {
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
+		ccErrServerUnavailable,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#ifdef cc_context_compare
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	err = cc_context_compare(context, compare_to, equal);
+
+	if (!err) {
+		*equal = 0;
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	#endif /* cc_context_compare */
+
+	return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_context.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_context.h
new file mode 100644
index 00000000..2c3a4ab8
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_context.h
@@ -0,0 +1,32 @@
+#ifndef _TEST_CCAPI_CONTEXT_H_
+#define _TEST_CCAPI_CONTEXT_H_
+
+#include "test_ccapi_globals.h"
+
+int check_cc_initialize(void);
+cc_int32 check_once_cc_initialize(cc_context_t *out_context, cc_int32 in_version, cc_int32 *out_supported_version, char const **out_vendor, cc_int32 expected_err, const char *description);
+int check_cc_context_get_version(void);
+cc_int32 check_once_cc_context_get_version(cc_context_t *out_context, cc_int32 in_version, cc_int32 *out_supported_version, char const **out_vendor, cc_int32 expected_err, const char *description);
+int check_cc_context_release(void);
+cc_int32 check_once_cc_context_release(cc_context_t *out_context, cc_int32 expected_err, const char *description);
+int check_cc_context_get_change_time(void);
+cc_int32 check_once_cc_context_get_change_time(cc_context_t context, cc_time_t *time, cc_int32 expected_err, const char *description);
+int check_cc_context_get_default_ccache_name(void);
+cc_int32 check_once_cc_context_get_default_ccache_name(cc_context_t context, cc_string_t *name, cc_int32 expected_err, const char *description);
+int check_cc_context_open_ccache(void);
+cc_int32 check_once_cc_context_open_ccache(cc_context_t context, const char *name, cc_ccache_t *ccache, cc_int32 expected_err, const char *description);
+int check_cc_context_open_default_ccache(void);
+cc_int32 check_once_cc_context_open_default_ccache(cc_context_t context, cc_ccache_t *ccache, cc_int32 expected_err, const char *description);
+int check_cc_context_create_ccache(void);
+cc_int32 check_once_cc_context_create_ccache(cc_context_t context, const char *name, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description);
+int check_cc_context_create_default_ccache(void);
+cc_int32 check_once_cc_context_create_default_ccache(cc_context_t context, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description);
+int check_cc_context_create_new_ccache(void);
+cc_int32 check_once_cc_context_create_new_ccache(cc_context_t context, cc_int32 should_be_default, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description);
+int check_cc_context_new_ccache_iterator(void);
+cc_int32 check_once_cc_context_new_ccache_iterator(cc_context_t context, cc_ccache_iterator_t *iterator, cc_int32 expected_err, const char *description);
+
+int check_cc_context_compare(void);
+cc_int32 check_once_cc_context_compare(cc_context_t context, cc_context_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description);
+
+#endif /* _TEST_CCAPI_CONTEXT_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_globals.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_globals.c
new file mode 100644
index 00000000..a4ea6315
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_globals.c
@@ -0,0 +1,87 @@
+#include "test_ccapi_globals.h"
+
+/* GLOBALS */
+unsigned int total_failure_count = 0;
+unsigned int failure_count = 0;
+
+const char *current_test_name;
+const char *current_test_activity;
+
+const char * ccapi_error_strings[30] = {
+
+	"ccNoError",						/* 0 */
+	"ccIteratorEnd",					/* 201 */
+    "ccErrBadParam",
+    "ccErrNoMem",
+    "ccErrInvalidContext",
+    "ccErrInvalidCCache",
+
+    "ccErrInvalidString",				/* 206 */
+    "ccErrInvalidCredentials",
+    "ccErrInvalidCCacheIterator",
+    "ccErrInvalidCredentialsIterator",
+    "ccErrInvalidLock",
+
+    "ccErrBadName",						/* 211 */
+    "ccErrBadCredentialsVersion",
+    "ccErrBadAPIVersion",
+    "ccErrContextLocked",
+    "ccErrContextUnlocked",
+
+    "ccErrCCacheLocked",				/* 216 */
+    "ccErrCCacheUnlocked",
+    "ccErrBadLockType",
+    "ccErrNeverDefault",
+    "ccErrCredentialsNotFound",
+
+    "ccErrCCacheNotFound",				/* 221 */
+    "ccErrContextNotFound",
+    "ccErrServerUnavailable",
+    "ccErrServerInsecure",
+    "ccErrServerCantBecomeUID",
+
+    "ccErrTimeOffsetNotSet",			/* 226 */
+    "ccErrBadInternalMessage",
+    "ccErrNotImplemented",
+
+};
+
+const char * ccapiv2_error_strings[24] = {
+
+    "CC_NOERROR",
+    "CC_BADNAME",
+    "CC_NOTFOUND",
+    "CC_END",
+    "CC_IO",
+    "CC_WRITE",
+    "CC_NOMEM",
+    "CC_FORMAT",
+    "CC_LOCKED",
+    "CC_BAD_API_VERSION",
+    "CC_NO_EXIST",
+    "CC_NOT_SUPP",
+    "CC_BAD_PARM",
+    "CC_ERR_CACHE_ATTACH",
+    "CC_ERR_CACHE_RELEASE",
+    "CC_ERR_CACHE_FULL",
+    "CC_ERR_CRED_VERSION"
+
+};
+
+const char *translate_ccapi_error(cc_int32 err) {
+
+	if (err == 0) {
+		return ccapi_error_strings[0];
+	} else
+            if (err >= 0 && err <= 16){
+		return ccapiv2_error_strings[err];
+        } else
+            if (err >= 201 && err <= 228){
+		return ccapi_error_strings[err - 200];
+	}
+	else {
+		return "\"Invalid or private CCAPI error\"";
+	}
+
+	return "";
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_globals.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_globals.h
new file mode 100644
index 00000000..fb2d5dbb
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_globals.h
@@ -0,0 +1,57 @@
+#ifndef _TEST_CCAPI_GLOBALS_H_
+#define _TEST_CCAPI_GLOBALS_H_
+
+#include <krb5.h> // gets us TARGET_OS_MAC
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#include <TargetConditionals.h>
+#endif
+
+#ifdef TARGET_OS_MAC
+#include <Kerberos/CredentialsCache.h>
+#else
+#include <CredentialsCache.h>
+#endif
+
+/* GLOBALS */
+extern unsigned int total_failure_count;
+extern unsigned int failure_count;
+
+extern const char *current_test_name;
+extern const char *current_test_activity;
+
+extern const char * ccapi_error_strings[30];
+
+const char *translate_ccapi_error(cc_int32 err);
+
+#define T_CCAPI_INIT \
+		do { \
+			current_test_name = NULL; \
+			current_test_activity = NULL; \
+		} while( 0 )
+
+#define BEGIN_TEST(name) \
+		do { \
+			current_test_name = name; \
+			failure_count = 0; \
+			test_header(current_test_name);	\
+		} while( 0 )
+
+#define BEGIN_CHECK_ONCE(x) \
+		do { \
+			if (x) { \
+				current_test_activity = x; \
+			} \
+		} while( 0 )
+
+#define END_CHECK_ONCE \
+		do { \
+			current_test_activity = NULL; \
+		} while( 0 )
+
+#define END_TEST_AND_RETURN \
+		test_footer(current_test_name, failure_count); \
+		total_failure_count += failure_count; \
+		return failure_count;
+
+#endif /* _TEST_CCAPI_GLOBALS_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_iterators.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_iterators.c
new file mode 100644
index 00000000..e51c7cf3
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_iterators.c
@@ -0,0 +1,246 @@
+#include "test_ccapi_globals.h"
+#include "test_ccapi_iterators.h"
+#include "test_ccapi_check.h"
+#include "test_ccapi_util.h"
+
+// ---------------------------------------------------------------------------
+
+int check_cc_ccache_iterator_next(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_ccache_iterator_t iterator = NULL;
+	unsigned int i;
+
+    BEGIN_TEST("cc_ccache_iterator_next");
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// iterate with no ccaches
+	if (!err) {
+		err = cc_context_new_ccache_iterator(context, &iterator);
+	}
+	check_once_cc_ccache_iterator_next(iterator, 0, ccNoError, "iterating over an empty collection");
+	if (iterator) {
+		cc_ccache_iterator_release(iterator);
+		iterator = NULL;
+	}
+
+	// iterate with one ccache
+	if (!err) {
+		destroy_all_ccaches(context);
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (ccache) {
+		cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+	if (!err) {
+		err = cc_context_new_ccache_iterator(context, &iterator);
+	}
+	check_once_cc_ccache_iterator_next(iterator, 1, ccNoError, "iterating over a collection of 1 ccache");
+	if (iterator) {
+		cc_ccache_iterator_release(iterator);
+		iterator = NULL;
+	}
+
+	// iterate with several ccaches
+	if (!err) {
+		destroy_all_ccaches(context);
+	}
+	for(i = 0; !err && (i < 1000); i++)
+	{
+        if (i%100 == 0) fprintf(stdout, ".");
+        err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+		if (ccache) {
+			cc_ccache_release(ccache);
+			ccache = NULL;
+		}
+	}
+	if (!err) {
+		err = cc_context_new_ccache_iterator(context, &iterator);
+	}
+	check_once_cc_ccache_iterator_next(iterator, 1000, ccNoError, "iterating over a collection of 1000 ccache");
+	if (iterator) {
+		cc_ccache_iterator_release(iterator);
+		iterator = NULL;
+	}
+
+
+	if (ccache) { cc_ccache_release(ccache); }
+	if (iterator) { cc_ccache_iterator_release(iterator); }
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_ccache_iterator_next(cc_ccache_iterator_t iterator, cc_uint32 expected_count, cc_int32 expected_err, const char *description) {
+	cc_int32 err = ccNoError;
+
+//	BEGIN_CHECK_ONCE(description);
+
+	cc_int32 possible_return_values[6] = {
+		ccNoError,
+		ccIteratorEnd,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrInvalidCCacheIterator,
+		ccErrCCacheNotFound,
+	};
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	cc_ccache_t ccache = NULL;
+	cc_uint32 actual_count = 0;
+
+	while (!err) {
+		err = cc_ccache_iterator_next(iterator, &ccache);
+		if (ccache) {
+			actual_count++;
+			cc_ccache_release(ccache);
+			ccache = NULL;
+		}
+	}
+	if (err == ccIteratorEnd) {
+		err = ccNoError;
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
+
+//	END_CHECK_ONCE;
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_credentials_iterator_next(void) {
+	cc_int32 err = 0;
+	cc_context_t context = NULL;
+	cc_ccache_t ccache = NULL;
+	cc_credentials_union creds_union;
+	cc_credentials_iterator_t iterator = NULL;
+	unsigned int i;
+
+	BEGIN_TEST("cc_credentials_iterator_next");
+
+	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
+
+	if (!err) {
+		err = destroy_all_ccaches(context);
+	}
+
+	// iterate with no creds
+	if (!err) {
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &iterator);
+	}
+	check_once_cc_credentials_iterator_next(iterator, 0, ccNoError, "iterating over an empty ccache");
+	if (iterator) {
+		cc_ccache_iterator_release(iterator);
+		iterator = NULL;
+	}
+	if (ccache) {
+		cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	// iterate with one cred
+	if (!err) {
+		destroy_all_ccaches(context);
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	if (!err) {
+		new_v5_creds_union(&creds_union, "BAR.ORG");
+		err = cc_ccache_store_credentials(ccache, &creds_union);
+		release_v5_creds_union(&creds_union);
+	}
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &iterator);
+	}
+	check_once_cc_credentials_iterator_next(iterator, 1, ccNoError, "iterating over a ccache with 1 cred");
+	if (iterator) {
+		cc_credentials_iterator_release(iterator);
+		iterator = NULL;
+	}
+	if (ccache) {
+		cc_ccache_release(ccache);
+		ccache = NULL;
+	}
+
+	// iterate with several creds
+	if (!err) {
+		destroy_all_ccaches(context);
+		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
+	}
+	for(i = 0; !err && (i < 1000); i++) {
+        if (i%100 == 0) fprintf(stdout, ".");
+		new_v5_creds_union(&creds_union, "BAR.ORG");
+		err = cc_ccache_store_credentials(ccache, &creds_union);
+		release_v5_creds_union(&creds_union);
+	}
+	if (!err) {
+		err = cc_ccache_new_credentials_iterator(ccache, &iterator);
+	}
+	check_once_cc_credentials_iterator_next(iterator, 1000, ccNoError, "iterating over a ccache with 1000 creds");
+
+	if (ccache) { cc_ccache_release(ccache); }
+	if (iterator) { cc_credentials_iterator_release(iterator); }
+	if (context) {
+		destroy_all_ccaches(context);
+		cc_context_release(context);
+	}
+
+	END_TEST_AND_RETURN
+}
+
+cc_int32 check_once_cc_credentials_iterator_next(cc_credentials_iterator_t iterator, cc_uint32 expected_count, cc_int32 expected_err, const char *description) {
+	cc_int32            err             = ccNoError;
+	cc_credentials_t    creds           = NULL;
+	cc_uint32           actual_count    = 0;
+
+	cc_int32 possible_return_values[5] = {
+		ccNoError,
+		ccIteratorEnd,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrInvalidCredentialsIterator,
+	};
+
+    BEGIN_CHECK_ONCE(description);
+
+	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+	while (!err) {
+		err = cc_credentials_iterator_next(iterator, &creds);
+		if (creds) {
+			actual_count++;
+			cc_credentials_release(creds);
+			creds = NULL;
+		}
+	}
+	if (err == ccIteratorEnd) {
+		err = ccNoError;
+	}
+
+	// check returned error
+	check_err(err, expected_err, possible_return_values);
+
+	check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
+
+	END_CHECK_ONCE;
+
+	return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_iterators.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_iterators.h
new file mode 100644
index 00000000..7308c7c4
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_iterators.h
@@ -0,0 +1,12 @@
+#ifndef _TEST_CCAPI_ITERATORS_H_
+#define _TEST_CCAPI_ITERATORS_H_
+
+#include "test_ccapi_globals.h"
+
+int check_cc_ccache_iterator_next(void);
+cc_int32 check_once_cc_ccache_iterator_next(cc_ccache_iterator_t iterator, cc_uint32 expected_count, cc_int32 expected_err, const char *description);
+
+int check_cc_credentials_iterator_next(void);
+cc_int32 check_once_cc_credentials_iterator_next(cc_credentials_iterator_t iterator, cc_uint32 expected_count, cc_int32 expected_err, const char *description);
+
+#endif /* _TEST_CCAPI_ITERATORS_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_log.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_log.c
new file mode 100644
index 00000000..8ecb6931
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_log.c
@@ -0,0 +1,45 @@
+#ifndef _TEST_CCAPI_LOG_C_
+#define _TEST_CCAPI_LOG_C_
+
+#include "test_ccapi_log.h"
+
+void _log_error_v(const char *file, int line, const char *format, va_list ap)
+{
+	fprintf(stdout, "\n\t%s:%d: ", file, line);
+	if (!format) {
+		fprintf(stdout, "An unknown error occurred");
+	} else {
+		vfprintf(stdout, format, ap);
+	}
+	fflush(stdout);
+}
+
+void _log_error(const char *file, int line, const char *format, ...)
+{
+	va_list ap;
+	va_start(ap, format);
+	_log_error_v(file, line, format, ap);
+	va_end(ap);
+}
+
+void test_header(const char *msg) {
+	if (msg != NULL) {
+		fprintf(stdout, "\nChecking %s... ", msg);
+		fflush(stdout);
+	}
+}
+
+void test_footer(const char *msg, int err) {
+	if (msg != NULL) {
+		if (!err) {
+			fprintf(stdout, "OK\n");
+		}
+		else {
+			fprintf(stdout, "\n*** %d failure%s in %s ***\n", err, (err == 1) ? "" : "s", msg);
+		}
+	}
+}
+
+
+
+#endif /* _TEST_CCAPI_LOG_C_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_log.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_log.h
new file mode 100644
index 00000000..6305c184
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_log.h
@@ -0,0 +1,20 @@
+#ifndef _TEST_CCAPI_LOG_H_
+#define _TEST_CCAPI_LOG_H_
+
+#include <stdio.h>
+#include <stdarg.h>
+#include "test_ccapi_globals.h"
+
+#define log_error(format, ...) \
+		_log_error(__FILE__, __LINE__, format , ## __VA_ARGS__)
+
+void _log_error_v(const char *file, int line, const char *format, va_list ap);
+void _log_error(const char *file, int line, const char *format, ...)
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+__attribute__ ((__format__ (__printf__, 3, 4)))
+#endif
+;
+void test_header(const char *msg);
+void test_footer(const char *msg, int err);
+
+#endif /* _TEST_CCAPI_LOG_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_util.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_util.c
new file mode 100644
index 00000000..9af1a6b6
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_util.c
@@ -0,0 +1,142 @@
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <malloc.h>
+
+#include "k5-platform.h"	/* pull in asprintf decl/defn */
+#include "test_ccapi_util.h"
+
+
+// ---------------------------------------------------------------------------
+
+cc_int32 destroy_all_ccaches(cc_context_t context) {
+	cc_int32 err = ccNoError;
+	cc_ccache_t ccache = NULL;
+
+	while (!err) {
+		err = cc_context_open_default_ccache(context, &ccache);
+		if (!err) {
+			err = cc_ccache_destroy(ccache);
+		}
+	}
+	if (err == ccErrCCacheNotFound) {
+		err = ccNoError;
+	}
+	else {
+		log_error("cc_context_open_default_ccache or cc_ccache_destroy failed with %s (%d)", translate_ccapi_error(err), err);
+	}
+
+	return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+cc_int32 new_v5_creds_union (cc_credentials_union *out_union, const char *realm)
+{
+    cc_int32 err = ccNoError;
+    cc_credentials_union *cred_union = NULL;
+	cc_credentials_v5_t *v5creds = NULL;
+    static int num_runs = 1;
+	char *client = NULL;
+	char *server = NULL;
+
+    if (!out_union) { err = ccErrBadParam; }
+
+	if (!err) {
+		v5creds = malloc (sizeof (*v5creds));
+		if (!v5creds) {
+			err = ccErrNoMem;
+		}
+	}
+
+	if (!err) {
+		asprintf(&client, "client@%s", realm);
+		asprintf(&server, "host/%d%s@%s", num_runs++, realm, realm);
+		if (!client || !server) {
+			err = ccErrNoMem;
+		}
+	}
+
+	if (!err) {
+		v5creds->client = client;
+		v5creds->server = server;
+		v5creds->keyblock.type = 1;
+		v5creds->keyblock.length = 0;
+		v5creds->keyblock.data = NULL;
+		v5creds->authtime = time (NULL);
+		v5creds->starttime = time (NULL);
+		v5creds->endtime = time(NULL) + 1000;
+		v5creds->renew_till = time(NULL) + 10000;
+		v5creds->is_skey = 0;
+		v5creds->ticket_flags = TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE | TKT_FLG_RENEWABLE | TKT_FLG_INITIAL;
+		v5creds->addresses = NULL;
+		v5creds->ticket.type = 0;
+		v5creds->ticket.length = 0;
+		v5creds->ticket.data = NULL;
+		v5creds->second_ticket.type = 0;
+		v5creds->second_ticket.length = 0;
+		v5creds->second_ticket.data = NULL;
+		v5creds->authdata = NULL;
+	}
+
+
+    if (!err) {
+        cred_union = malloc (sizeof (*cred_union));
+        if (cred_union) {
+			cred_union->version = cc_credentials_v5;
+			cred_union->credentials.credentials_v5 = v5creds;
+        } else {
+            err = ccErrNoMem;
+        }
+    }
+	if (!err) {
+		*out_union = *cred_union;
+		cred_union = NULL;
+	}
+
+    return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+void release_v5_creds_union(cc_credentials_union *creds_union) {
+	cc_credentials_v5_t *v5creds = NULL;
+
+	if (creds_union) {
+		if (creds_union->credentials.credentials_v5) {
+			v5creds = creds_union->credentials.credentials_v5;
+			if (v5creds->client) { free(v5creds->client); }
+			if (v5creds->server) { free(v5creds->server); }
+			if (v5creds->keyblock.data) { free(v5creds->keyblock.data); }
+			if (v5creds->ticket.data) { free(v5creds->ticket.data); }
+			if (v5creds->second_ticket.data) { free(v5creds->second_ticket.data); }
+			free(v5creds);
+		}
+		//free(creds_union);
+	}
+}
+
+
+// ---------------------------------------------------------------------------
+
+// return zero when both unions are considered equal, non-zero when not
+
+int compare_v5_creds_unions(const cc_credentials_union *a, const cc_credentials_union *b) {
+	int retval = -1;
+
+	if (a &&
+		b &&
+		(a->version == cc_credentials_v5) &&
+		(a->version == b->version) &&
+		(strcmp(a->credentials.credentials_v5->client, b->credentials.credentials_v5->client) == 0) &&
+		(strcmp(a->credentials.credentials_v5->server, b->credentials.credentials_v5->server) == 0))
+	{
+		retval = 0;
+	}
+
+	return retval;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_util.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_util.h
new file mode 100644
index 00000000..4e98e257
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_util.h
@@ -0,0 +1,13 @@
+#ifndef _TEST_CCAPI_UTIL_H_
+#define _TEST_CCAPI_UTIL_H_
+
+#include "test_ccapi_globals.h"
+#include "test_ccapi_log.h"
+
+cc_int32 destroy_all_ccaches(cc_context_t context);
+
+cc_int32 new_v5_creds_union(cc_credentials_union *out_union, const char *realm);
+void release_v5_creds_union(cc_credentials_union *creds_union);
+int compare_v5_creds_unions(const cc_credentials_union *a, const cc_credentials_union *b);
+
+#endif /* _TEST_CCAPI_UTIL_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_v2.c b/krb5-1.21.3/src/ccapi/test/test_ccapi_v2.c
new file mode 100644
index 00000000..c71bb45a
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_v2.c
@@ -0,0 +1,1750 @@
+#include <string.h>
+#include "k5-platform.h"	/* pull in asprintf decl/defn */
+#include "test_ccapi_v2.h"
+#include <limits.h>
+#include <time.h>
+#include "test_ccapi_check.h"
+#include "test_ccapi_util.h"
+
+// ---------------------------------------------------------------------------
+
+static cc_result destroy_all_ccaches_v2(apiCB *context) {
+    cc_result err = CC_NOERROR;
+    infoNC **info = NULL;
+    int i = 0;
+
+    err = cc_get_NC_info(context, &info);
+
+    for (i = 0; !err && info[i]; i++) {
+        ccache_p *ccache = NULL;
+
+        err = cc_open(context, info[i]->name, info[i]->vers, 0, &ccache);
+
+        if (!err) { cc_destroy(context, &ccache); }
+    }
+
+    if (info) { cc_free_NC_info(context, &info); }
+
+    if (err) {
+        log_error("cc_get_NC_info or cc_open failed with %s (%d)", translate_ccapi_error(err), err);
+    }
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+// return zero when both unions are considered equal, non-zero when not
+
+static int compare_v5_creds_unions_compat(const cred_union *a, const cred_union *b) {
+    int retval = -1;
+
+    if (a && b && a->cred_type == b->cred_type) {
+        if (a->cred_type == CC_CRED_V5) {
+            if (!strcmp(a->cred.pV5Cred->client, b->cred.pV5Cred->client) &&
+                !strcmp(a->cred.pV5Cred->server, b->cred.pV5Cred->server) &&
+                a->cred.pV5Cred->starttime == b->cred.pV5Cred->starttime) {
+                retval = 0;
+            }
+        }
+    }
+
+    return retval;
+}
+
+// ---------------------------------------------------------------------------
+
+static cc_result new_v5_creds_union_compat (cred_union *out_union, const char *realm)
+{
+    cc_result err = CC_NOERROR;
+    cred_union *creds_union = NULL;
+    cc_credentials_v5_compat *v5creds = NULL;
+    static int num_runs = 1;
+    char *client = NULL;
+    char *server = NULL;
+
+    if (!out_union) { err = CC_BAD_PARM; }
+
+    if (!err) {
+        v5creds = malloc (sizeof (*v5creds));
+        if (!v5creds) {
+            err = CC_NOMEM;
+        }
+    }
+
+    if (!err) {
+        asprintf(&client, "client@%s", realm);
+        asprintf(&server, "host/%d%s@%s", num_runs++, realm, realm);
+        if (!client || !server) {
+            err = CC_NOMEM;
+        }
+    }
+
+    if (!err) {
+        v5creds->client = client;
+        v5creds->server = server;
+        v5creds->keyblock.type = 1;
+        v5creds->keyblock.length = 0;
+        v5creds->keyblock.data = NULL;
+        v5creds->authtime = time (NULL);
+        v5creds->starttime = time (NULL);
+        v5creds->endtime = time(NULL) + 1000;
+        v5creds->renew_till = time(NULL) + 10000;
+        v5creds->is_skey = 0;
+        v5creds->ticket_flags = TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE | TKT_FLG_RENEWABLE | TKT_FLG_INITIAL;
+        v5creds->addresses = NULL;
+        v5creds->ticket.type = 0;
+        v5creds->ticket.length = 0;
+        v5creds->ticket.data = NULL;
+        v5creds->second_ticket.type = 0;
+        v5creds->second_ticket.length = 0;
+        v5creds->second_ticket.data = NULL;
+        v5creds->authdata = NULL;
+    }
+
+
+    if (!err) {
+        creds_union = malloc (sizeof (*creds_union));
+        if (creds_union) {
+            creds_union->cred_type = CC_CRED_V5;
+            creds_union->cred.pV5Cred = v5creds;
+        } else {
+            err = CC_NOMEM;
+        }
+    }
+    if (!err) {
+        *out_union = *creds_union;
+        creds_union = NULL;
+    }
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+static void release_v5_creds_union_compat(cred_union *creds_union) {
+    cc_credentials_v5_compat *v5creds = NULL;
+
+    if (creds_union) {
+        if (creds_union->cred.pV5Cred) {
+            v5creds = creds_union->cred.pV5Cred;
+            if (v5creds->client) { free(v5creds->client); }
+            if (v5creds->server) { free(v5creds->server); }
+            if (v5creds->keyblock.data) { free(v5creds->keyblock.data); }
+            if (v5creds->ticket.data) { free(v5creds->ticket.data); }
+            if (v5creds->second_ticket.data) { free(v5creds->second_ticket.data); }
+            free(v5creds);
+        }
+    }
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_shutdown(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+
+    BEGIN_TEST("cc_shutdown");
+
+    // try with valid context
+    err = check_once_cc_shutdown(&context, CC_NOERROR, NULL);
+
+    // try with NULL
+    err = check_once_cc_shutdown(NULL, CC_BAD_PARM, NULL);
+
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+cc_result check_once_cc_shutdown(apiCB **out_context, cc_result expected_err, const char *description) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+
+    cc_result possible_return_values[2] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    if (out_context) {
+        err = cc_initialize(out_context, ccapi_version_2, NULL, NULL);
+        if (!err) {
+            context = *out_context;
+        } else {
+            log_error("failure in cc_initialize, unable to perform check");
+            return err;
+        }
+    }
+
+    if (!err) {
+        err = cc_shutdown(&context);
+        // check returned error
+        check_err(err, expected_err, possible_return_values);
+
+    }
+
+    if (out_context) {
+        *out_context = NULL;
+    }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_get_change_time(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    cc_time_t last_change_time = 0;
+    ccache_p *ccache = NULL;
+    cred_union creds_union;
+
+    BEGIN_TEST("cc_get_change_time");
+
+    /*
+     * Make a context
+     * make sure the change time changes after:
+     * 	a ccache is created
+     * 	a ccache is destroyed
+     * 	a credential is stored
+     * 	a credential is removed
+     * 	a ccache principal is changed
+     * clean up memory
+     */
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+    if (!err) {
+
+        // try bad parameters first
+        err = check_once_cc_get_change_time(context, NULL, CC_BAD_PARM, "NULL param, should fail");
+
+        // get_change_time should always give something > 0
+        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "first-run, should be > 0");
+
+        // create a ccache
+        err = cc_create(context, "TEST_CCACHE", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+        if (err) {
+            log_error("failed to create a ccache - %s (%d)", translate_ccapi_error(err), err);
+            failure_count++;
+        }
+        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after creating a new ccache");
+
+        if (!err) {
+            // change principal
+            err = cc_set_principal(context, ccache, CC_CRED_V5, "foo@BAR.ORG");
+            if (err) {
+                log_error("failed to change ccache's principal - %s (%d)", translate_ccapi_error(err), err);
+                failure_count++;
+                err = CC_NOERROR;
+            }
+        }
+        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after changing a principle");
+
+        new_v5_creds_union_compat(&creds_union, "BAR.ORG");
+
+        // store a credential
+        if (!err) {
+            err = cc_store(context, ccache, creds_union);
+            if (err) {
+                log_error("failed to store a credential - %s (%d)", translate_ccapi_error(err), err);
+                failure_count++;
+                err = CC_NOERROR;
+            }
+        }
+        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after storing a credential");
+
+        // remove a credential
+        if (!err) {
+            err = cc_remove_cred(context, ccache, creds_union);
+            if (err) {
+                log_error("failed to remove a credential - %s (%d)", translate_ccapi_error(err), err);
+                failure_count++;
+                err = CC_NOERROR;
+            }
+        }
+        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after removing a credential");
+
+        release_v5_creds_union_compat(&creds_union);
+
+        if (ccache) {
+            // destroy a ccache
+            err = cc_destroy(context, &ccache);
+            check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after destroying a ccache");
+        }
+    }
+
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_int32 check_once_cc_get_change_time(apiCB *context, cc_time_t *last_time, cc_result expected_err, const char *description) {
+    cc_result err = 0;
+    cc_time_t last_change_time;
+    cc_time_t current_change_time = 0;
+
+    cc_result possible_return_values[3] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    if (last_time != NULL) { // if we were passed NULL, then we're looking to pass a bad param
+        err = cc_get_change_time(context, &current_change_time);
+    } else {
+        err = cc_get_change_time(context, NULL);
+    }
+
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        last_change_time = *last_time;
+        check_if(current_change_time <= last_change_time, "context change time did not increase when it was supposed to (%d <= %d)", current_change_time, last_change_time);
+        *last_time = current_change_time;
+    }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_open(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name = "TEST_OPEN_CCACHE";
+
+    BEGIN_TEST("cc_open");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+    if (!err) {
+        // create a ccache
+        err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+        if (err) {
+            log_error("failed to create a ccache - %s (%d)", translate_ccapi_error(err), err);
+            failure_count++;
+        }
+        if (!err) {
+            err = cc_close(context, &ccache);
+            ccache = NULL;
+        }
+
+        // try default ccache
+        if (!err) {
+            err = check_once_cc_open(context, name, CC_CRED_V5, &ccache, CC_NOERROR, NULL);
+        }
+
+        // try bad parameters
+        err = check_once_cc_open(context, NULL, CC_CRED_V5, &ccache, CC_BAD_PARM, NULL);
+        err = check_once_cc_open(context, name, CC_CRED_V5, NULL, CC_BAD_PARM, NULL);
+        err = check_once_cc_open(context, name, CC_CRED_UNKNOWN, &ccache, CC_ERR_CRED_VERSION, NULL);
+     }
+
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_open(apiCB *context, const char *name, cc_int32 version, ccache_p **ccache, cc_result expected_err, const char *description) {
+    cc_result err = 0;
+    char *stored_name = NULL;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
+        CC_NOMEM,
+        CC_ERR_CRED_VERSION
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    if (ccache != NULL) { // if we were passed NULL, then we're looking to pass a bad param
+        err = cc_open(context, name, version, 0, ccache);
+    } else {
+        err = cc_open(context, name, version, 0, NULL);
+    }
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        check_if(*ccache == NULL, NULL);
+
+        if (!err) {
+            err = cc_get_name(context, *ccache, &stored_name);
+        }
+        if (!err) {
+            check_if(strcmp(stored_name, name), NULL);
+        }
+        if (stored_name) { cc_free_name(context, &stored_name); }
+
+
+        if (ccache && *ccache) {
+            cc_ccache_release(*ccache);
+            *ccache = NULL;
+        }
+    }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_create(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name = "TEST_CC_CREATE";
+
+    BEGIN_TEST("cc_create");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+    if (!err) {
+        if (!err) {
+            err = cc_open(context, name, CC_CRED_V5, 0, &ccache);
+            if (!err) {
+                err = cc_destroy (context, &ccache);
+            } else {
+                err = CC_NOERROR;  /* ccache does not exist */
+            }
+        }
+        // try making a ccache with a unique name (the now destroyed cache's name)
+        if (!err) {
+            err = check_once_cc_create(context, name, CC_CRED_V5, "foo@BAR.ORG", &ccache, CC_NOERROR, NULL);
+        }
+
+        // try making a ccache with a non-unique name (the existing cache's name)
+        if (!err) {
+            err = check_once_cc_create(context, name, CC_CRED_V5, "foo/baz@BAR.ORG", &ccache, CC_NOERROR, NULL);
+        }
+
+        // try bad parameters
+        err = check_once_cc_create(context, NULL, CC_CRED_V5, "foo@BAR.ORG", &ccache, CC_BAD_PARM, "NULL name");                    // NULL name
+        err = check_once_cc_create(context, "name", CC_CRED_MAX, "foo@BAR.ORG", &ccache, CC_ERR_CRED_VERSION, "invalid creds_vers"); // invalid creds_vers
+        err = check_once_cc_create(context, "name", CC_CRED_V5, NULL, &ccache, CC_BAD_PARM, "NULL principal");                          // NULL principal
+        err = check_once_cc_create(context, "name", CC_CRED_V5, "foo@BAR.ORG", NULL, CC_BAD_PARM, "NULL ccache");                    // NULL ccache
+    }
+
+    if (ccache) { cc_destroy(context, &ccache); }
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_create(apiCB  *context, const char *name, cc_int32 cred_vers, const char *principal, ccache_p **ccache, cc_int32 expected_err, const char *description) {
+    cc_result err = 0;
+    char *stored_name = NULL;
+    char *stored_principal = NULL;
+    cc_int32 stored_creds_vers = 0;
+
+    cc_result possible_return_values[6] = {
+        CC_NOERROR,
+        CC_BADNAME,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
+        CC_NOMEM,
+        CC_ERR_CRED_VERSION,
+    };
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_create(context, name, principal, cred_vers, 0, ccache);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        check_if(*ccache == NULL, NULL);
+
+        // make sure all of the ccache's info matches what we gave it
+        // name
+        err = cc_get_name(context, *ccache, &stored_name);
+        if (!err) { check_if(strcmp(stored_name, name), NULL); }
+        if (stored_name) { cc_free_name(context, &stored_name); }
+        // cred_vers
+        err = cc_get_cred_version(context, *ccache, &stored_creds_vers);
+        if (!err) { check_if(stored_creds_vers != cred_vers, NULL); }
+        // principal
+        err = cc_get_principal(context, *ccache, &stored_principal);
+        if (!err) { check_if(strcmp(stored_principal, principal), NULL); }
+        if (stored_principal) { cc_free_principal(context, &stored_principal); }
+
+        if (ccache && *ccache) {
+            cc_destroy(context, ccache);
+            *ccache = NULL;
+        }
+    }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_close(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name = "TEST_CC_CLOSE";
+
+    BEGIN_TEST("cc_close");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+
+    if (!err) {
+        check_once_cc_close(context, ccache, CC_NOERROR, NULL);
+        ccache = NULL;
+    }
+
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_close(apiCB *context, ccache_p *ccache, cc_result expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[2] = {
+        CC_NOERROR,
+        CC_BAD_PARM
+    };
+
+    char *name = NULL;
+
+    err = cc_get_name(context, ccache, &name);
+    err = cc_close(context, &ccache);
+    ccache = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err && name) { // try opening released ccache to make sure it still exists
+        err = cc_open(context, name, CC_CRED_V5, 0, &ccache);
+    }
+    check_if(err == CC_NO_EXIST, "released ccache was actually destroyed instead");
+    check_if(err != CC_NOERROR, "released ccache cannot be opened");
+
+    if (ccache) { cc_destroy(context, &ccache); }
+    if (name) { cc_free_name(context, &name); }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_destroy(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name = "TEST_CC_DESTROY";
+
+    BEGIN_TEST("cc_destroy");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+
+    if (!err) {
+        check_once_cc_destroy(context, ccache, CC_NOERROR, NULL);
+        ccache = NULL;
+    }
+
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_destroy(apiCB *context, ccache_p *ccache, cc_int32 expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[2] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+    };
+
+    char *name = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+#ifdef cc_ccache_destroy
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_get_name(context, ccache, &name);
+    err = cc_destroy(context, &ccache);
+    ccache = NULL;
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err && name) { // try opening released ccache to make sure it still exists
+        err = cc_open(context, name, CC_CRED_V5, 0, &ccache);
+    }
+    check_if(err != CC_NO_EXIST, "destroyed ccache was actually released instead");
+
+    if (ccache) { cc_destroy(context, &ccache); }
+    if (name) { cc_free_name(context, &name); }
+
+#endif /* cc_ccache_destroy */
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_get_cred_version(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name = "TEST_CC_GET_CRED_VERSION_V5";
+
+    BEGIN_TEST("cc_get_cred_version");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    // try one created with v5 creds
+    if (!err) {
+        err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        check_once_cc_get_cred_version(context, ccache, CC_CRED_V5, CC_NOERROR, "v5 creds");
+    }
+    else {
+        log_error("cc_context_create_new_ccache failed, can't complete test");
+        failure_count++;
+    }
+
+    if (ccache) {
+        cc_destroy(context, &ccache);
+        ccache = NULL;
+    }
+
+    err = CC_NOERROR;
+
+    if (ccache) {
+        cc_destroy(context, &ccache);
+        ccache = NULL;
+    }
+
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_get_cred_version(apiCB *context, ccache_p *ccache, cc_int32 expected_cred_vers, cc_int32 expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[3] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
+    };
+
+    cc_int32 stored_cred_vers = 0;
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_get_cred_version(context, ccache, &stored_cred_vers);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        check_if(stored_cred_vers != expected_cred_vers, NULL);
+    }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_get_name(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+
+    BEGIN_TEST("cc_get_name");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    // try with unique ccache (which happens to be default)
+    if (!err) {
+        err = cc_create(context, "0", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        check_once_cc_get_name(context, ccache, "0", CC_NOERROR, "unique ccache (which happens to be default)");
+    }
+    else {
+        log_error("cc_context_create_ccache failed, can't complete test");
+        failure_count++;
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+
+    // try with unique ccache (which is not default)
+    if (!err) {
+        err = cc_context_create_ccache(context, "1", CC_CRED_V5, "foo@BAR.ORG", &ccache);
+    }
+    if (!err) {
+        check_once_cc_get_name(context, ccache, "1", CC_NOERROR, "unique ccache (which is not default)");
+    }
+    else {
+        log_error("cc_context_create_ccache failed, can't complete test");
+        failure_count++;
+    }
+
+    // try with bad param
+    if (!err) {
+        check_once_cc_get_name(context, ccache, NULL, CC_BAD_PARM, "NULL param");
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+
+    if (context) {
+        err = destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_int32 check_once_cc_get_name(apiCB *context, ccache_p *ccache, const char *expected_name, cc_int32 expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[4] = {
+        CC_NOERROR,
+        CC_NOMEM,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
+    };
+
+    char *stored_name = NULL;
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    if (expected_name == NULL) { // we want to try with a NULL param
+        err = cc_get_name(context, ccache, NULL);
+    }
+    else {
+        err = cc_get_name(context, ccache, &stored_name);
+    }
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        check_if(strcmp(stored_name, expected_name), NULL);
+    }
+
+    if (stored_name) { cc_free_name(context, &stored_name); }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+
+// ---------------------------------------------------------------------------
+
+int check_cc_get_principal(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
+
+    BEGIN_TEST("cc_get_principal");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    // try with krb5 principal
+    if (!err) {
+        err = cc_create(context, name_v5, "foo/BAR@BAZ.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        check_once_cc_get_principal(context, ccache, "foo/BAR@BAZ.ORG", CC_NOERROR, "trying to get krb5 princ for krb5 ccache");
+    }
+    else {
+        log_error("cc_create failed, can't complete test");
+        failure_count++;
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+
+    // try with bad param
+    if (!err) {
+        check_once_cc_get_principal(context, ccache, NULL, CC_BAD_PARM, "passed null out param");
+    }
+
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+
+    if (context) {
+        err = destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_get_principal(apiCB *context,
+                                      ccache_p *ccache,
+                                      const char *expected_principal,
+                                      cc_int32 expected_err,
+                                      const char *description) {
+    cc_result err = CC_NOERROR;
+    char *stored_principal = NULL;
+
+    cc_result possible_return_values[4] = {
+        CC_NOERROR,
+        CC_NOMEM,
+        CC_NO_EXIST,
+        CC_BAD_PARM
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    if (expected_principal == NULL) { // we want to try with a NULL param
+        err = cc_get_principal(context, ccache, NULL);
+    }
+    else {
+        err = cc_get_principal(context, ccache, &stored_principal);
+    }
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        check_if(strcmp(stored_principal, expected_principal), "expected princ == \"%s\" stored princ == \"%s\"", expected_principal, stored_principal);
+    }
+
+    if (stored_principal) { cc_free_principal(context, &stored_principal); }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_set_principal(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
+
+    BEGIN_TEST("cc_set_principal");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    // bad params
+    if (!err) {
+        err = cc_create(context, name_v5, "foo@BAZ.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        check_once_cc_set_principal(context, ccache, CC_CRED_MAX, "foo/BAZ@BAR.ORG", CC_ERR_CRED_VERSION, "CC_CRED_MAX (not allowed)");
+        check_once_cc_set_principal(context, ccache, CC_CRED_V5, NULL, CC_BAD_PARM, "NULL principal");
+    }
+    else {
+        log_error("cc_create failed, can't complete test");
+        failure_count++;
+    }
+    if (ccache) {
+        cc_destroy(context, &ccache);
+        ccache = NULL;
+    }
+
+    if (ccache) {
+        cc_destroy(context, &ccache);
+        ccache = NULL;
+    }
+
+    if (context) {
+        err = destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_int32 check_once_cc_set_principal(apiCB *context, ccache_p *ccache, cc_int32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+    char *stored_principal = NULL;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_NOMEM,
+        CC_NO_EXIST,
+        CC_ERR_CRED_VERSION,
+        CC_BAD_PARM
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_set_principal(context, ccache, cred_vers, (char *) in_principal);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    if (!err) {
+        err = cc_get_principal(context, ccache, &stored_principal);
+    }
+
+    // compare stored with input
+    if (!err) {
+        check_if(strcmp(stored_principal, in_principal), "expected princ == \"%s\" stored princ == \"%s\"", in_principal, stored_principal);
+    }
+
+    if (stored_principal) { cc_free_principal(context, &stored_principal); }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_store(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    ccache_p *dup_ccache = NULL;
+    cred_union creds_union;
+    char *name = NULL;
+
+    BEGIN_TEST("cc_store");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    if (!err) {
+        err = cc_create(context, "TEST_CC_STORE", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+
+    // cred with matching version and realm
+    if (!err) {
+        err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
+
+        if (!err) {
+            check_once_cc_store(context, ccache, creds_union, CC_NOERROR, "ok creds");
+            release_v5_creds_union_compat(&creds_union);
+        }
+    }
+
+    // invalid creds
+    if (!err) {
+        err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
+
+        if (!err) {
+            if (creds_union.cred.pV5Cred->client) {
+                free(creds_union.cred.pV5Cred->client);
+                creds_union.cred.pV5Cred->client = NULL;
+            }
+            check_once_cc_store(context, ccache, creds_union, CC_BAD_PARM, "invalid creds (NULL client string)");
+
+            release_v5_creds_union_compat(&creds_union);
+        }
+    }
+
+    // non-existent ccache
+    if (ccache) {
+        err = cc_get_name(context, ccache, &name);
+        if (!err) {
+            err = cc_open(context, name, CC_CRED_V5, 0, &dup_ccache);
+        }
+        if (name) { cc_free_name(context, &name); }
+        if (dup_ccache) { cc_destroy(context, &dup_ccache); }
+    }
+
+    if (!err) {
+        err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
+
+        if (!err) {
+            check_once_cc_store(context, ccache, creds_union, CC_NO_EXIST, "invalid ccache");
+
+            release_v5_creds_union_compat(&creds_union);
+        }
+    }
+
+    if (ccache) { cc_close(context, &ccache); }
+    if (context) {
+        destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_store(apiCB *context, ccache_p *ccache, const cred_union in_creds, cc_int32 expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+    ccache_cit *iterator = NULL;
+    int found = 0;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_ERR_CACHE_FULL,
+        CC_ERR_CRED_VERSION,
+        CC_NO_EXIST
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_store(context, ccache, in_creds);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    // make sure credentials were truly stored
+    if (!err) {
+        err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
+    }
+    while (!err && !found) {
+        cred_union *creds = NULL;
+
+        err = cc_seq_fetch_creds_next(context, &creds, iterator);
+        if (!err) {
+            found = !compare_v5_creds_unions_compat(&in_creds, creds);
+        }
+
+        if (creds) { cc_free_creds(context, &creds); }
+    }
+
+    if (err == CC_END) {
+        check_if(found, "stored credentials not found in ccache");
+        err = CC_NOERROR;
+    }
+
+    if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_remove_cred(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    cred_union *creds_array[10];
+    ccache_cit *iterator = NULL;
+    char *name = NULL;
+    unsigned int i;
+
+    BEGIN_TEST("cc_remove_cred");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    if (!err) {
+        err = cc_create(context, "TEST_CC_REMOVE_CRED", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+
+    // store 10 creds and retrieve their cc_credentials_t representations
+    for(i = 0; !err && (i < 10); i++) {
+        cred_union creds;
+
+        new_v5_creds_union_compat(&creds, "BAR.ORG");
+        err = cc_store(context, ccache, creds);
+        if (err) {
+            log_error("failure to store creds_union in remove_creds test");
+        }
+        release_v5_creds_union_compat(&creds);
+    }
+
+    if (!err) {
+        err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
+    }
+
+    for (i = 0; !err && i < 10; i++) {
+        creds_array[i] = NULL;
+        err = cc_seq_fetch_creds_next(context, &creds_array[i], iterator);
+    }
+    if (err == CC_END) { err = CC_NOERROR; }
+
+    // remove 10 valid creds
+    for (i = 0; !err && (i < 10); i++) {
+        check_once_cc_remove_cred(context, ccache, *creds_array[i], CC_NOERROR, "10 ok creds");
+    }
+
+    // non-existent creds (remove same one twice)
+    check_once_cc_remove_cred(context, ccache, *creds_array[0], CC_NOTFOUND, "removed same creds twice");
+
+    // non-existent ccache
+    if (ccache) {
+        ccache_p *dup_ccache = NULL;
+
+        err = cc_get_name(context, ccache, &name);
+
+        if (!err) {
+            err = cc_open(context, name, CC_CRED_V5, 0, &dup_ccache);
+        }
+
+        if (!err) {
+            err = cc_destroy(context, &dup_ccache);
+            check_once_cc_remove_cred(context, ccache, *creds_array[0], CC_NO_EXIST, "invalid ccache");
+        }
+
+        if (name) { cc_free_name(context, &name); }
+    }
+
+     for(i = 0; i < 10 && creds_array[i]; i++) {
+        cc_free_creds(context, &creds_array[i]);
+    }
+
+
+    if (iterator) { cc_seq_fetch_creds_end(context, &iterator); iterator = NULL; }
+    if (ccache) { cc_close(context, &ccache); }
+    if (context) {
+        destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_remove_cred(apiCB *context, ccache_p *ccache, cred_union in_creds, cc_int32 expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+    ccache_cit *iterator = NULL;
+    int found = 0;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_ERR_CRED_VERSION,
+        CC_NOTFOUND,
+        CC_NO_EXIST
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_remove_cred(context, ccache, in_creds);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    // make sure credentials were truly stored
+    if (!err) {
+        err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
+    }
+
+    while (!err && !found) {
+        cred_union *creds = NULL;
+
+        err = cc_seq_fetch_creds_next(context, &creds, iterator);
+        if (!err) {
+            found = !compare_v5_creds_unions_compat(&in_creds, creds);
+        }
+
+        if (creds) { cc_free_creds(context, &creds); }
+    }
+
+    if (err == CC_END) {
+        check_if(found, "credentials not removed from ccache");
+        err = CC_NOERROR;
+    }
+
+    if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_seq_fetch_NCs_begin(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    ccache_cit *iterator = NULL;
+
+    BEGIN_TEST("cc_seq_fetch_NCs_begin");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+    if (!err) {
+        // try making when there are no existing ccaches (shouldn't make a difference, but just in case)
+        check_once_cc_seq_fetch_NCs_begin(context, &iterator, CC_NOERROR, "when there are no existing ccaches");
+
+        err = cc_create(context, "TEST_CC_SEQ_FETCH_NCS_BEGIN", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        // try making when at least one ccache already exists (just to cover all our bases)
+        check_once_cc_seq_fetch_NCs_begin(context, &iterator, CC_NOERROR, "when at least one ccache already exists");
+
+        // try bad parameters
+        check_once_cc_seq_fetch_NCs_begin(context, NULL, CC_BAD_PARM, "NULL param"); // NULL iterator
+    }
+    // we'll do a comprehensive test of cc_ccache_iterator related functions later in the test suite
+
+    if (ccache ) { cc_close(context, &ccache); }
+    if (context) { cc_shutdown(&context); }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_seq_fetch_NCs_begin(apiCB *context, ccache_cit **iterator, cc_result expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[4] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NOMEM,
+        CC_NO_EXIST
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+     err = cc_seq_fetch_NCs_begin(context, iterator);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    // we'll do a comprehensive test of cc_ccache_iterator related functions later
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_seq_fetch_NCs_next(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    ccache_cit *iterator = NULL;
+    unsigned int i;
+
+    BEGIN_TEST("cc_seq_fetch_NCs_next");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    // iterate with no ccaches
+    if (!err) {
+        err = cc_seq_fetch_NCs_begin(context, &iterator);
+    }
+    check_once_cc_seq_fetch_NCs_next(context, iterator, 0, CC_NOERROR, "iterating over an empty collection");
+    if (iterator) {
+        cc_seq_fetch_creds_end(context, &iterator);
+        iterator = NULL;
+    }
+
+    // iterate with one ccache
+    if (!err) {
+        destroy_all_ccaches_v2(context);
+        err = cc_create(context, "TEST_CC_SEQ_FETCH_NCS_NEXT", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+    if (!err) {
+        err = cc_seq_fetch_NCs_begin(context, &iterator);
+    }
+    check_once_cc_seq_fetch_NCs_next(context, iterator, 1, CC_NOERROR, "iterating over a collection of 1 ccache");
+    if (iterator) {
+        cc_seq_fetch_creds_end(context, &iterator);
+        iterator = NULL;
+    }
+
+    // iterate with several ccaches
+    if (!err) {
+        destroy_all_ccaches_v2(context);
+    }
+    for(i = 0; !err && (i < 1000); i++)
+    {
+        char *name = NULL;
+
+        if (i%100 == 0) fprintf(stdout, ".");
+        asprintf (&name, "TEST_CC_SEQ_FETCH_NCS_NEXT_%d", i);
+        err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+        if (ccache) {
+            cc_close(context, &ccache);
+            ccache = NULL;
+        }
+        free (name);
+    }
+    if (!err) {
+        err = cc_seq_fetch_NCs_begin(context, &iterator);
+    }
+    check_once_cc_seq_fetch_NCs_next(context, iterator, 1000, CC_NOERROR, "iterating over a collection of 1000 ccache");
+    if (iterator) {
+        cc_seq_fetch_creds_end(context, &iterator);
+        iterator = NULL;
+    }
+
+
+    if (ccache) { cc_close(context, &ccache); }
+    if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
+    if (context) {
+        destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_seq_fetch_NCs_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_END,
+        CC_BAD_PARM,
+        CC_NOMEM,
+        CC_NO_EXIST
+    };
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    ccache_p *ccache = NULL;
+    cc_uint32 actual_count = 0;
+
+    BEGIN_CHECK_ONCE(description);
+
+    while (!err) {
+        err = cc_seq_fetch_NCs_next(context, &ccache, iterator);
+        if (ccache) {
+            actual_count++;
+            cc_close(context, &ccache);
+            ccache = NULL;
+        }
+    }
+    if (err == CC_END) {
+        err = CC_NOERROR;
+    }
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_get_NC_info(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    unsigned int i;
+
+    BEGIN_TEST("cc_get_NC_info");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    // iterate with no ccaches
+    check_once_cc_get_NC_info(context, "", "", CC_CRED_MAX, 0, CC_NOERROR, "iterating over an empty collection");
+
+    // iterate with one ccache
+    if (!err) {
+        destroy_all_ccaches_v2(context);
+        err = cc_create(context, "TEST_CC_GET_NC_INFO", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+    check_once_cc_get_NC_info(context, "TEST_CC_GET_NC_INFO", "foo@BAR.ORG", CC_CRED_V5, 1, CC_NOERROR, "iterating over a collection of 1 ccache");
+
+    // iterate with several ccaches
+    if (!err) {
+        destroy_all_ccaches_v2(context);
+    }
+    for(i = 0; !err && (i < 1000); i++)
+    {
+        char *name = NULL;
+
+        if (i%100 == 0) fprintf(stdout, ".");
+        asprintf (&name, "TEST_CC_GET_NC_INFO_%d", i);
+        err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+        if (ccache) {
+            cc_close(context, &ccache);
+            ccache = NULL;
+        }
+        free (name);
+    }
+    check_once_cc_get_NC_info(context, "TEST_CC_GET_NC_INFO", "foo@BAR.ORG", CC_CRED_V5, 1000, CC_NOERROR, "iterating over a collection of 1000 ccache");
+
+    if (ccache) { cc_close(context, &ccache); }
+    if (context) {
+        destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_get_NC_info(apiCB *context,
+                                    const char *expected_name_prefix,
+                                    const char *expected_principal,
+                                    cc_int32 expected_version,
+                                    cc_uint32 expected_count,
+                                    cc_result expected_err,
+                                    const char *description) {
+    cc_result err = CC_NOERROR;
+    infoNC **info = NULL;
+
+    cc_result possible_return_values[4] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NOMEM,
+        CC_NO_EXIST
+    };
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    cc_uint32 actual_count = 0;
+
+    BEGIN_CHECK_ONCE(description);
+
+    err = cc_get_NC_info(context, &info);
+
+    for (actual_count = 0; !err && info[actual_count]; actual_count++) {
+        check_if(strncmp(info[actual_count]->name, expected_name_prefix, strlen(expected_name_prefix)), "got incorrect ccache name");
+        check_if(strcmp(info[actual_count]->principal, expected_principal), "got incorrect principal name");
+        check_if(info[actual_count]->vers != expected_version, "got incorrect cred version");
+    }
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    check_if(actual_count != expected_count, "NC info didn't list all ccaches");
+
+    if (info) { cc_free_NC_info (context, &info); }
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_seq_fetch_creds_begin(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    ccache_p *dup_ccache = NULL;
+    ccache_cit *creds_iterator = NULL;
+    char *name = NULL;
+
+    BEGIN_TEST("cc_seq_fetch_creds_begin");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    if (!err) {
+        err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_BEGIN", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+
+    // valid params
+    if (!err) {
+        check_once_cc_seq_fetch_creds_begin(context, ccache, &creds_iterator, CC_NOERROR, "valid params");
+    }
+    if (creds_iterator) {
+        cc_seq_fetch_creds_end(context, &creds_iterator);
+        creds_iterator = NULL;
+    }
+
+    // NULL out param
+    if (!err) {
+        check_once_cc_seq_fetch_creds_begin(context, ccache, NULL, CC_BAD_PARM, "NULL out iterator param");
+    }
+    if (creds_iterator) {
+        cc_seq_fetch_creds_end(context, &creds_iterator);
+        creds_iterator = NULL;
+    }
+
+    // non-existent ccache
+    if (ccache) {
+        err = cc_get_name(context, ccache, &name);
+        if (!err) {
+            err = cc_open(context, name, CC_CRED_V5, 0, &dup_ccache);
+        }
+        if (name) { cc_free_name(context, &name); }
+        if (dup_ccache) { cc_destroy(context, &dup_ccache); }
+    }
+
+    if (!err) {
+        check_once_cc_seq_fetch_creds_begin(context, ccache, &creds_iterator, CC_NO_EXIST, "invalid ccache");
+    }
+
+    if (creds_iterator) {
+        cc_seq_fetch_creds_end(context, &creds_iterator);
+        creds_iterator = NULL;
+    }
+    if (ccache) { cc_close(context, &ccache); }
+    if (context) {
+        destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_seq_fetch_creds_begin(apiCB *context, ccache_p *ccache, ccache_cit **iterator, cc_result expected_err, const char *description) {
+    cc_result err = CC_NOERROR;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NOMEM,
+        CC_NO_EXIST
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    err = cc_seq_fetch_creds_begin(context, ccache, iterator);
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    END_CHECK_ONCE;
+
+    return err;
+}
+
+// ---------------------------------------------------------------------------
+
+int check_cc_seq_fetch_creds_next(void) {
+    cc_result err = 0;
+    apiCB *context = NULL;
+    ccache_p *ccache = NULL;
+    cred_union creds_union;
+    ccache_cit *iterator = NULL;
+    unsigned int i;
+
+    BEGIN_TEST("cc_seq_fetch_creds_next");
+
+    err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
+
+    if (!err) {
+        err = destroy_all_ccaches_v2(context);
+    }
+
+    // iterate with no creds
+    if (!err) {
+        err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_NEXT", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
+    }
+    check_once_cc_seq_fetch_creds_next(context, iterator, 0, CC_NOERROR, "iterating over an empty ccache");
+    if (iterator) {
+        cc_seq_fetch_creds_end(context, &iterator);
+        iterator = NULL;
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+
+    // iterate with one cred
+    if (!err) {
+        destroy_all_ccaches_v2(context);
+        err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_NEXT", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    if (!err) {
+        new_v5_creds_union_compat(&creds_union, "BAR.ORG");
+        err = cc_store(context, ccache, creds_union);
+        release_v5_creds_union_compat(&creds_union);
+    }
+    if (!err) {
+        err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
+    }
+    check_once_cc_seq_fetch_creds_next(context, iterator, 1, CC_NOERROR, "iterating over a ccache with 1 cred");
+    if (iterator) {
+        cc_seq_fetch_creds_end(context, &iterator);
+        iterator = NULL;
+    }
+    if (ccache) {
+        cc_close(context, &ccache);
+        ccache = NULL;
+    }
+
+    // iterate with several creds
+    if (!err) {
+        destroy_all_ccaches_v2(context);
+        err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_NEXT", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
+    }
+    for(i = 0; !err && (i < 1000); i++) {
+        if (i%100 == 0) fprintf(stdout, ".");
+        new_v5_creds_union_compat(&creds_union, "BAR.ORG");
+        err = cc_store(context, ccache, creds_union);
+        release_v5_creds_union_compat(&creds_union);
+    }
+    if (!err) {
+        err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
+    }
+    check_once_cc_seq_fetch_creds_next(context, iterator, 1000, CC_NOERROR, "iterating over a ccache with 1000 creds");
+
+    if (ccache) { cc_close(context, &ccache); }
+    if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
+    if (context) {
+        destroy_all_ccaches_v2(context);
+        cc_shutdown(&context);
+    }
+
+    END_TEST_AND_RETURN
+}
+
+// ---------------------------------------------------------------------------
+
+cc_result check_once_cc_seq_fetch_creds_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description) {
+    cc_result   err             = CC_NOERROR;
+    cred_union *creds           = NULL;
+    cc_uint32   actual_count    = 0;
+
+    cc_result possible_return_values[5] = {
+        CC_NOERROR,
+        CC_END,
+        CC_BAD_PARM,
+        CC_NOMEM,
+        CC_NO_EXIST,
+    };
+
+    BEGIN_CHECK_ONCE(description);
+
+#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
+
+    while (!err) {
+        err = cc_seq_fetch_creds_next(context, &creds, iterator);
+        if (creds) {
+            actual_count++;
+            cc_free_creds(context, &creds);
+            creds = NULL;
+        }
+    }
+    if (err == CC_END) {
+        err = CC_NOERROR;
+    }
+
+    // check returned error
+    check_err(err, expected_err, possible_return_values);
+
+    check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
+
+    END_CHECK_ONCE;
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/ccapi/test/test_ccapi_v2.h b/krb5-1.21.3/src/ccapi/test/test_ccapi_v2.h
new file mode 100644
index 00000000..8508daa4
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_ccapi_v2.h
@@ -0,0 +1,73 @@
+#ifndef _TEST_CCAPI_V2_H_
+#define _TEST_CCAPI_V2_H_
+
+#include "test_ccapi_globals.h"
+#ifdef TARGET_OS_MAC
+#include <Kerberos/CredentialsCache2.h>
+#else
+#include <CredentialsCache2.h>
+#endif
+
+
+int check_cc_shutdown(void);
+cc_result check_once_cc_shutdown(apiCB **out_context, cc_result expected_err, const char *description);
+
+int check_cc_get_change_time(void);
+cc_int32 check_once_cc_get_change_time(apiCB *context, cc_time_t *time, cc_result expected_err, const char *description);
+
+int check_cc_open(void);
+cc_result check_once_cc_open(apiCB *context, const char *name, cc_int32 version, ccache_p **ccache, cc_result expected_err, const char *description);
+
+int check_cc_create(void);
+cc_result check_once_cc_create(apiCB  *context, const char *name, cc_int32 cred_vers, const char *principal, ccache_p **ccache, cc_int32 expected_err, const char *description);
+
+int check_cc_close(void);
+cc_result check_once_cc_close(apiCB *context, ccache_p *ccache, cc_result expected_err, const char *description);
+
+int check_cc_destroy(void);
+cc_result check_once_cc_destroy(apiCB *context, ccache_p *ccache, cc_int32 expected_err, const char *description);
+
+int check_cc_get_cred_version(void);
+cc_result check_once_cc_get_cred_version(apiCB *context, ccache_p *ccache, cc_int32 expected_cred_vers, cc_int32 expected_err, const char *description);
+
+int check_cc_get_name(void);
+cc_int32 check_once_cc_get_name(apiCB *context, ccache_p *ccache, const char *expected_name, cc_int32 expected_err, const char *description);
+
+int check_cc_get_principal(void);
+cc_result check_once_cc_get_principal(apiCB *context,
+                                      ccache_p *ccache,
+                                      const char *expected_principal,
+                                      cc_int32 expected_err,
+                                      const char *description);
+
+int check_cc_set_principal(void);
+cc_int32 check_once_cc_set_principal(apiCB *context, ccache_p *ccache, cc_int32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description);
+
+int check_cc_store(void);
+cc_result check_once_cc_store(apiCB *context, ccache_p *ccache, const cred_union in_creds, cc_int32 expected_err, const char *description);
+
+int check_cc_remove_cred(void);
+cc_result check_once_cc_remove_cred(apiCB *context, ccache_p *ccache, cred_union in_creds, cc_int32 expected_err, const char *description);
+
+int check_cc_seq_fetch_NCs_begin(void);
+cc_result check_once_cc_seq_fetch_NCs_begin(apiCB *context, ccache_cit **iterator, cc_result expected_err, const char *description);
+
+int check_cc_seq_fetch_NCs_next(void);
+cc_result check_once_cc_seq_fetch_NCs_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description);
+
+int check_cc_get_NC_info(void);
+cc_result check_once_cc_get_NC_info(apiCB *context,
+                                    const char *expected_name,
+                                    const char *expected_principal,
+                                    cc_int32 expected_version,
+                                    cc_uint32 expected_count,
+                                    cc_result expected_err,
+                                    const char *description);
+
+int check_cc_seq_fetch_creds_begin(void);
+cc_result check_once_cc_seq_fetch_creds_begin(apiCB *context, ccache_p *ccache, ccache_cit **iterator, cc_result expected_err, const char *description);
+
+int check_cc_seq_fetch_creds_next(void);
+cc_result check_once_cc_seq_fetch_creds_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description);
+
+#endif /* _TEST_CCAPI_V2_H_ */
diff --git a/krb5-1.21.3/src/ccapi/test/test_constants.c b/krb5-1.21.3/src/ccapi/test/test_constants.c
new file mode 100644
index 00000000..f4f272c4
--- /dev/null
+++ b/krb5-1.21.3/src/ccapi/test/test_constants.c
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <limits.h>
+
+#include "test_ccapi_check.h"
+#include "test_ccapi_constants.h"
+#include "test_ccapi_context.h"
+#include "test_ccapi_ccache.h"
+
+int main (int argc, const char * argv[]) {
+
+	cc_int32 err = ccNoError;
+	T_CCAPI_INIT;
+	err = check_constants();
+    return err;
+}
diff --git a/krb5-1.21.3/src/clients/Makefile.in b/krb5-1.21.3/src/clients/Makefile.in
new file mode 100644
index 00000000..4beb32a6
--- /dev/null
+++ b/krb5-1.21.3/src/clients/Makefile.in
@@ -0,0 +1,7 @@
+mydir=clients
+BUILDTOP=$(REL)..
+
+SUBDIRS= klist kinit kdestroy kpasswd ksu kvno kcpytkt kdeltkt kswitch
+WINSUBDIRS= klist kinit kdestroy kpasswd kvno kcpytkt kdeltkt kswitch
+
+NO_OUTPRE=1
diff --git a/krb5-1.21.3/src/clients/deps b/krb5-1.21.3/src/clients/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/clients/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/clients/kcpytkt/Makefile.in b/krb5-1.21.3/src/clients/kcpytkt/Makefile.in
new file mode 100644
index 00000000..cad4dd41
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kcpytkt/Makefile.in
@@ -0,0 +1,32 @@
+mydir=kcpytkt
+BUILDTOP=$(REL)..$(S)..
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KCPYTKT=$(OUTPRE)kcpytkt.exe
+
+##WIN32##EXERES=$(KCPYTKT:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKCPYTKT_APP -fo $@ -r $**
+
+all-unix: kcpytkt
+##WIN32##all-windows: $(KCPYTKT)
+all-mac:
+
+kcpytkt: kcpytkt.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ kcpytkt.o $(KRB5_BASE_LIBS)
+
+##WIN32##$(KCPYTKT): $(OUTPRE)kcpytkt.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) /out:$@ $**
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) kcpytkt.o kcpytkt
+
+install-unix:
+	for f in kcpytkt; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/kcpytkt/kcpytkt.c b/krb5-1.21.3/src/clients/kcpytkt/kcpytkt.c
new file mode 100644
index 00000000..0b880226
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kcpytkt/kcpytkt.c
@@ -0,0 +1,174 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <krb5.h>
+#include "k5-platform.h"
+
+static char *prog;
+static int quiet = 0;
+
+static void
+xusage()
+{
+    fprintf(stderr, "xusage: %s [-c from_ccache] [-e etype] [-f flags] "
+            "dest_ccache service1 service2 ...\n", prog);
+    exit(1);
+}
+
+static void
+do_kcpytkt(int argc, char *argv[], char *fromccachestr, char *etypestr,
+           int flags);
+
+int
+main(int argc, char *argv[])
+{
+    int option;
+    char *etypestr = NULL, *fromccachestr = NULL;
+    int flags = 0;
+
+    prog = strrchr(argv[0], '/');
+    prog = (prog != NULL) ? prog + 1 : argv[0];
+
+    while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
+        switch (option) {
+        case 'c':
+            fromccachestr = optarg;
+            break;
+        case 'e':
+            etypestr = optarg;
+            break;
+        case 'f':
+            flags = atoi(optarg);
+            break;
+        case 'q':
+            quiet = 1;
+            break;
+        case 'h':
+        default:
+            xusage();
+            break;
+        }
+    }
+
+    if (argc - optind < 2)
+        xusage();
+
+    do_kcpytkt(argc - optind, argv + optind, fromccachestr, etypestr, flags);
+    return 0;
+}
+
+static void
+do_kcpytkt(int count, char *names[], const char *fromccachestr, char *etypestr,
+           int flags)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    krb5_enctype etype;
+    krb5_ccache fromccache, destccache;
+    krb5_principal me;
+    krb5_creds in_creds, out_creds;
+    int i, errors, retflags;
+    char *princ;
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(prog, ret, "while initializing krb5 library");
+        exit(1);
+    }
+    if (etypestr != NULL) {
+        ret = krb5_string_to_enctype(etypestr, &etype);
+        if (ret) {
+            com_err(prog, ret, "while converting etype");
+            exit(1);
+        }
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES;
+    } else {
+        etype = 0;
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+    }
+
+    if (fromccachestr != NULL)
+        ret = krb5_cc_resolve(context, fromccachestr, &fromccache);
+    else
+        ret = krb5_cc_default(context, &fromccache);
+    if (ret) {
+        com_err(prog, ret, "while opening source ccache");
+        exit(1);
+    }
+
+    ret = krb5_cc_get_principal(context, fromccache, &me);
+    if (ret) {
+        com_err(prog, ret, "while getting client principal name");
+        exit(1);
+    }
+
+    ret = krb5_cc_resolve(context, names[0], &destccache);
+    if (ret) {
+        com_err(prog, ret, "while opening destination cache");
+        exit(1);
+    }
+
+    errors = 0;
+
+    for (i = 1; i < count; i++) {
+        memset(&in_creds, 0, sizeof(in_creds));
+
+        in_creds.client = me;
+
+        ret = krb5_parse_name(context, names[i], &in_creds.server);
+        if (ret) {
+            if (!quiet) {
+                fprintf(stderr, "%s: %s while parsing principal name\n",
+                        names[i], error_message(ret));
+            }
+            errors++;
+            continue;
+        }
+
+        ret = krb5_unparse_name(context, in_creds.server, &princ);
+        if (ret) {
+            fprintf(stderr, "%s: %s while printing principal name\n",
+                    names[i], error_message(ret));
+            errors++;
+            continue;
+        }
+
+        in_creds.keyblock.enctype = etype;
+
+        ret = krb5_cc_retrieve_cred(context, fromccache, retflags,
+                                    &in_creds, &out_creds);
+        if (ret) {
+            fprintf(stderr, "%s: %s while retrieving credentials\n",
+                    princ, error_message(ret));
+            krb5_free_unparsed_name(context, princ);
+            errors++;
+            continue;
+        }
+
+        ret = krb5_cc_store_cred(context, destccache, &out_creds);
+        krb5_free_principal(context, in_creds.server);
+        if (ret) {
+            fprintf(stderr, "%s: %s while removing credentials\n",
+                    princ, error_message(ret));
+            krb5_free_cred_contents(context, &out_creds);
+            krb5_free_unparsed_name(context, princ);
+            errors++;
+            continue;
+        }
+
+        krb5_free_unparsed_name(context, princ);
+        krb5_free_cred_contents(context, &out_creds);
+    }
+
+    krb5_free_principal(context, me);
+    krb5_cc_close(context, fromccache);
+    krb5_cc_close(context, destccache);
+    krb5_free_context(context);
+
+    if (errors)
+        exit(1);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/clients/kdeltkt/Makefile.in b/krb5-1.21.3/src/clients/kdeltkt/Makefile.in
new file mode 100644
index 00000000..b7e0e73e
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kdeltkt/Makefile.in
@@ -0,0 +1,32 @@
+mydir=kvno
+BUILDTOP=$(REL)..$(S)..
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KDELTKT=$(OUTPRE)kdeltkt.exe
+
+##WIN32##EXERES=$(KDELTKT:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKDELTKT_APP -fo $@ -r $**
+
+all-unix: kdeltkt
+##WIN32##all-windows: $(KDELTKT)
+all-mac:
+
+kdeltkt: kdeltkt.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ kdeltkt.o $(KRB5_BASE_LIBS)
+
+##WIN32##$(KDELTKT): $(OUTPRE)kdeltkt.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) /out:$@ $**
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) kdeltkt.o kdeltkt
+
+install-unix:
+	for f in kdeltkt; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/kdeltkt/kdeltkt.c b/krb5-1.21.3/src/clients/kdeltkt/kdeltkt.c
new file mode 100644
index 00000000..cd0bf637
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kdeltkt/kdeltkt.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <krb5.h>
+#include "k5-platform.h"
+
+static char *prog;
+static int quiet = 0;
+
+static void
+xusage()
+{
+    fprintf(stderr, "xusage: %s [-c ccache] [-e etype] [-f flags] service1 "
+            "service2 ...\n", prog);
+    exit(1);
+}
+
+static void
+do_kdeltkt(int argc, char *argv[], char *ccachestr, char *etypestr, int flags);
+
+int
+main(int argc, char *argv[])
+{
+    int option;
+    char *etypestr = NULL, *ccachestr = NULL;
+    int flags = 0;
+
+    prog = strrchr(argv[0], '/');
+    prog = (prog != NULL) ? prog + 1 : argv[0];
+
+    while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
+        switch (option) {
+        case 'c':
+            ccachestr = optarg;
+            break;
+        case 'e':
+            etypestr = optarg;
+            break;
+        case 'f':
+            flags = atoi(optarg);
+            break;
+        case 'q':
+            quiet = 1;
+            break;
+        case 'h':
+        default:
+            xusage();
+            break;
+        }
+    }
+
+    if (argc - optind < 1)
+        xusage();
+
+    do_kdeltkt(argc - optind, argv + optind, ccachestr, etypestr, flags);
+    return 0;
+}
+
+static void
+do_kdeltkt(int count, char *names[], const char *ccachestr, char *etypestr,
+           int flags)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    int i, errors;
+    krb5_enctype etype;
+    krb5_ccache ccache;
+    krb5_principal me;
+    krb5_creds in_creds, out_creds;
+    int retflags;
+    char *princ;
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(prog, ret, "while initializing krb5 library");
+        exit(1);
+    }
+
+    if (etypestr != NULL) {
+        ret = krb5_string_to_enctype(etypestr, &etype);
+        if (ret) {
+            com_err(prog, ret, "while converting etype");
+            exit(1);
+        }
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES;
+    } else {
+        etype = 0;
+        retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
+    }
+
+    if (ccachestr)
+        ret = krb5_cc_resolve(context, ccachestr, &ccache);
+    else
+        ret = krb5_cc_default(context, &ccache);
+    if (ret) {
+        com_err(prog, ret, "while opening ccache");
+        exit(1);
+    }
+
+    ret = krb5_cc_get_principal(context, ccache, &me);
+    if (ret) {
+        com_err(prog, ret, "while getting client principal name");
+        exit(1);
+    }
+
+    errors = 0;
+
+    for (i = 0; i < count; i++) {
+        memset(&in_creds, 0, sizeof(in_creds));
+
+        in_creds.client = me;
+
+        ret = krb5_parse_name(context, names[i], &in_creds.server);
+        if (ret) {
+            if (!quiet) {
+                fprintf(stderr, "%s: %s while parsing principal name\n",
+                        names[i], error_message(ret));
+            }
+            errors++;
+            continue;
+        }
+
+        ret = krb5_unparse_name(context, in_creds.server, &princ);
+        if (ret) {
+            fprintf(stderr, "%s: %s while printing principal name\n",
+                    names[i], error_message(ret));
+            errors++;
+            continue;
+        }
+
+        in_creds.keyblock.enctype = etype;
+
+        ret = krb5_cc_retrieve_cred(context, ccache, retflags,
+                                    &in_creds, &out_creds);
+        if (ret) {
+            fprintf(stderr, "%s: %s while retrieving credentials\n",
+                    princ, error_message(ret));
+            krb5_free_unparsed_name(context, princ);
+            errors++;
+            continue;
+        }
+
+        ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
+
+        krb5_free_principal(context, in_creds.server);
+
+        if (ret) {
+            fprintf(stderr, "%s: %s while removing credentials\n",
+                    princ, error_message(ret));
+            krb5_free_cred_contents(context, &out_creds);
+            krb5_free_unparsed_name(context, princ);
+            errors++;
+            continue;
+        }
+        krb5_free_unparsed_name(context, princ);
+        krb5_free_cred_contents(context, &out_creds);
+    }
+
+    krb5_free_principal(context, me);
+    krb5_cc_close(context, ccache);
+    krb5_free_context(context);
+
+    if (errors)
+        exit(1);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/clients/kdestroy/Makefile.in b/krb5-1.21.3/src/clients/kdestroy/Makefile.in
new file mode 100644
index 00000000..beb7d6fa
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kdestroy/Makefile.in
@@ -0,0 +1,35 @@
+mydir=clients$(S)kdestroy
+BUILDTOP=$(REL)..$(S)..
+
+##WIN32##LOCALINCLUDES=-I$(BUILDTOP)\util\windows\
+
+SRCS=kdestroy.c
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KDESTROY=$(OUTPRE)kdestroy.exe
+
+##WIN32##EXERES=$(KDESTROY:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKDESTROY_APP -fo $@ -r $**
+
+all-unix: kdestroy
+##WIN32##all-windows: $(KDESTROY)
+
+kdestroy: kdestroy.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ kdestroy.o $(KRB5_BASE_LIBS)
+
+##WIN32##$(KDESTROY): $(OUTPRE)kdestroy.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $**
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) kdestroy.o kdestroy
+
+install-unix:
+	for f in kdestroy; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/kdestroy/deps b/krb5-1.21.3/src/clients/kdestroy/deps
new file mode 100644
index 00000000..bfc94c4c
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kdestroy/deps
@@ -0,0 +1,7 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdestroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  kdestroy.c
diff --git a/krb5-1.21.3/src/clients/kdestroy/kdestroy.c b/krb5-1.21.3/src/clients/kdestroy/kdestroy.c
new file mode 100644
index 00000000..774b729f
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kdestroy/kdestroy.c
@@ -0,0 +1,229 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/kdestroy/kdestroy.c - Destroy contents of credential cache */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include <krb5.h>
+#include <com_err.h>
+#include <locale.h>
+#include <string.h>
+#include <stdio.h>
+
+#ifdef __STDC__
+#define BELL_CHAR '\a'
+#else
+#define BELL_CHAR '\007'
+#endif
+
+#ifndef _WIN32
+#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/') + 1 : (x))
+#else
+#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
+#endif
+
+char *progname;
+
+
+static void
+usage()
+{
+    fprintf(stderr, _("Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n"),
+            progname);
+    fprintf(stderr, _("\t-A destroy all credential caches in collection\n"));
+    fprintf(stderr, _("\t-q quiet mode\n"));
+    fprintf(stderr, _("\t-c specify name of credentials cache\n"));
+    fprintf(stderr, _("\t-p specify principal name within collection\n"));
+    exit(2);
+}
+
+/* Print a warning if there are still un-destroyed caches in the collection. */
+static void
+print_remaining_cc_warning(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_ccache cache;
+    krb5_cccol_cursor cursor;
+
+    ret = krb5_cccol_cursor_new(context, &cursor);
+    if (ret) {
+        com_err(progname, ret, _("while listing credential caches"));
+        exit(1);
+    }
+
+    ret = krb5_cccol_cursor_next(context, cursor, &cache);
+    if (ret == 0 && cache != NULL) {
+        fprintf(stderr,
+                _("Other credential caches present, use -A to destroy all\n"));
+        krb5_cc_close(context, cache);
+    }
+
+    krb5_cccol_cursor_free(context, &cursor);
+}
+
+int
+main(int argc, char *argv[])
+{
+    krb5_context context;
+    krb5_error_code ret;
+    krb5_ccache cache = NULL;
+    krb5_cccol_cursor cursor;
+    krb5_principal princ;
+    char *cache_name = NULL;
+    const char *princ_name = NULL;
+    int code = 0, errflg = 0, quiet = 0, all = 0, c;
+
+    setlocale(LC_ALL, "");
+    progname = GET_PROGNAME(argv[0]);
+
+    while ((c = getopt(argc, argv, "54Aqc:p:")) != -1) {
+        switch (c) {
+        case 'A':
+            all = 1;
+            break;
+        case 'q':
+            quiet = 1;
+            break;
+        case 'c':
+            if (cache_name) {
+                fprintf(stderr, _("Only one -c option allowed\n"));
+                errflg++;
+            } else {
+                cache_name = optarg;
+            }
+            break;
+        case 'p':
+            if (princ_name != NULL) {
+                fprintf(stderr, _("Only one -p option allowed\n"));
+                errflg++;
+            } else {
+                princ_name = optarg;
+            }
+            break;
+        case '4':
+            fprintf(stderr, _("Kerberos 4 is no longer supported\n"));
+            exit(3);
+            break;
+        case '5':
+            break;
+        case '?':
+        default:
+            errflg++;
+            break;
+        }
+    }
+
+    if (all && princ_name != NULL) {
+        fprintf(stderr, _("-A option is exclusive with -p option\n"));
+        errflg++;
+    }
+
+    if (optind != argc)
+        errflg++;
+
+    if (errflg)
+        usage();
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(progname, ret, _("while initializing krb5"));
+        exit(1);
+    }
+
+    if (cache_name != NULL) {
+        code = krb5_cc_set_default_name(context, cache_name);
+        if (code) {
+            com_err(progname, code, _("while setting default cache name"));
+            exit(1);
+        }
+    }
+
+    if (all) {
+        code = krb5_cccol_cursor_new(context, &cursor);
+        if (code) {
+            com_err(progname, code, _("while listing credential caches"));
+            exit(1);
+        }
+        while (krb5_cccol_cursor_next(context, cursor, &cache) == 0 &&
+               cache != NULL) {
+            code = krb5_cc_get_full_name(context, cache, &cache_name);
+            if (code) {
+                com_err(progname, code, _("composing ccache name"));
+                exit(1);
+            }
+            code = krb5_cc_destroy(context, cache);
+            if (code && code != KRB5_FCC_NOFILE) {
+                com_err(progname, code, _("while destroying cache %s"),
+                        cache_name);
+            }
+            krb5_free_string(context, cache_name);
+        }
+        krb5_cccol_cursor_free(context, &cursor);
+        krb5_free_context(context);
+        return 0;
+    }
+
+    if (princ_name != NULL) {
+        code = krb5_parse_name(context, princ_name, &princ);
+        if (code) {
+            com_err(progname, code, _("while parsing principal name %s"),
+                    princ_name);
+            exit(1);
+        }
+        code = krb5_cc_cache_match(context, princ, &cache);
+        if (code) {
+            com_err(progname, code, _("while finding cache for %s"),
+                    princ_name);
+            exit(1);
+        }
+        krb5_free_principal(context, princ);
+    } else {
+        code = krb5_cc_default(context, &cache);
+        if (code) {
+            com_err(progname, code, _("while resolving ccache"));
+            exit(1);
+        }
+    }
+
+    code = krb5_cc_destroy(context, cache);
+    if (code != 0) {
+        com_err(progname, code, _("while destroying cache"));
+        if (code != KRB5_FCC_NOFILE) {
+            if (quiet) {
+                fprintf(stderr, _("Ticket cache NOT destroyed!\n"));
+            } else {
+                fprintf(stderr, _("Ticket cache %cNOT%c destroyed!\n"),
+                        BELL_CHAR, BELL_CHAR);
+            }
+            errflg = 1;
+        }
+    }
+
+    if (!quiet && !errflg && princ_name == NULL)
+        print_remaining_cc_warning(context);
+
+    krb5_free_context(context);
+
+    return errflg;
+}
diff --git a/krb5-1.21.3/src/clients/kinit/Makefile.in b/krb5-1.21.3/src/clients/kinit/Makefile.in
new file mode 100644
index 00000000..9d02174d
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kinit/Makefile.in
@@ -0,0 +1,34 @@
+mydir=clients$(S)kinit
+BUILDTOP=$(REL)..$(S)..
+
+SRCS=kinit.c kinit_kdb.c
+##WIN32##LOCALINCLUDES=-I$(BUILDTOP)\util\windows -I$(BUILDTOP)\util\support
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KINIT=$(OUTPRE)kinit.exe
+
+##WIN32##EXERES=$(KINIT:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKINIT_APP -fo $@ -r $**
+
+all-unix: kinit
+##WIN32##all-windows: $(KINIT)
+
+kinit: kinit.o kinit_kdb.o $(KRB5_BASE_DEPLIBS) $(KADMSRV_DEPLIBS)
+	$(CC_LINK) -o $@ kinit.o kinit_kdb.o $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+
+##WIN32##$(KINIT): $(OUTPRE)kinit.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) kinit.o kinit_kdb.o kinit
+
+install-unix:
+	for f in kinit; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/kinit/deps b/krb5-1.21.3/src/clients/kinit/deps
new file mode 100644
index 00000000..56e9d669
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kinit/deps
@@ -0,0 +1,32 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kinit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kinit.c
+$(OUTPRE)kinit_kdb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  extern.h kinit_kdb.c
diff --git a/krb5-1.21.3/src/clients/kinit/extern.h b/krb5-1.21.3/src/clients/kinit/extern.h
new file mode 100644
index 00000000..2c286231
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kinit/extern.h
@@ -0,0 +1,33 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/kinit/extern.h - Global declarations for kinit */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KINIT_EXTERN_H
+#define KINIT_EXTERN_H
+
+krb5_error_code kinit_kdb_init(krb5_context *pcontext, char *realm);
+void kinit_kdb_fini(void);
+
+#endif /* KINIT_EXTERN_H */
diff --git a/krb5-1.21.3/src/clients/kinit/kinit.c b/krb5-1.21.3/src/clients/kinit/kinit.c
new file mode 100644
index 00000000..f4c7b2b8
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kinit/kinit.c
@@ -0,0 +1,892 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/kinit/kinit.c - Initialize a credential cache */
+/*
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include "k5-platform.h"        /* For asprintf and getopt */
+#include <krb5.h>
+#include "extern.h"
+#include <locale.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <com_err.h>
+
+#ifndef _WIN32
+#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/') + 1 : (x))
+#else
+#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
+#endif
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+static char *
+get_name_from_os()
+{
+    struct passwd *pw;
+
+    pw = getpwuid(getuid());
+    return (pw != NULL) ? pw->pw_name : NULL;
+}
+#else /* HAVE_PWD_H */
+#ifdef _WIN32
+static char *
+get_name_from_os()
+{
+    static char name[1024];
+    DWORD name_size = sizeof(name);
+
+    if (GetUserName(name, &name_size)) {
+        name[sizeof(name) - 1] = '\0'; /* Just to be extra safe */
+        return name;
+    } else {
+        return NULL;
+    }
+}
+#else /* _WIN32 */
+static char *
+get_name_from_os()
+{
+    return NULL;
+}
+#endif /* _WIN32 */
+#endif /* HAVE_PWD_H */
+
+static char *progname;
+
+typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
+
+struct k_opts
+{
+    /* In seconds */
+    krb5_deltat starttime;
+    krb5_deltat lifetime;
+    krb5_deltat rlife;
+
+    int forwardable;
+    int proxiable;
+    int request_pac;
+    int anonymous;
+    int addresses;
+
+    int not_forwardable;
+    int not_proxiable;
+    int not_request_pac;
+    int no_addresses;
+
+    int verbose;
+
+    char *principal_name;
+    char *service_name;
+    char *keytab_name;
+    char *k5_in_cache_name;
+    char *k5_out_cache_name;
+    char *armor_ccache;
+
+    action_type action;
+    int use_client_keytab;
+
+    int num_pa_opts;
+    krb5_gic_opt_pa_data *pa_opts;
+
+    int canonicalize;
+    int enterprise;
+};
+
+struct k5_data
+{
+    krb5_context ctx;
+    krb5_ccache in_cc, out_cc;
+    krb5_principal me;
+    char *name;
+    krb5_boolean switch_to_cache;
+};
+
+/*
+ * If struct[2] == NULL, then long_getopt acts as if the short flag struct[3]
+ * were specified.  If struct[2] != NULL, then struct[3] is stored in
+ * *(struct[2]), the array index which was specified is stored in *index, and
+ * long_getopt() returns 0.
+ */
+const char *shopts = "r:fpFPn54aAVl:s:c:kit:T:RS:vX:CEI:";
+
+#define USAGE_BREAK "\n\t"
+
+static void
+usage()
+{
+    fprintf(stderr,
+            _("Usage: %s [-V] [-l lifetime] [-s start_time] "
+              "[-r renewable_life]\n"
+              "\t[-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]\n"
+              "\t[--request-pac | --no-request-pac]\n"
+              "\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
+              "\t[-S service_name] [-I input_ccache] [-T ticket_armor_cache]\n"
+              "\t[-X <attribute>[=<value>]] [principal]\n"
+              "\n"), progname);
+
+    fprintf(stderr, "    options:\n");
+    fprintf(stderr, _("\t-V verbose\n"));
+    fprintf(stderr, _("\t-l lifetime\n"));
+    fprintf(stderr, _("\t-s start time\n"));
+    fprintf(stderr, _("\t-r renewable lifetime\n"));
+    fprintf(stderr, _("\t-f forwardable\n"));
+    fprintf(stderr, _("\t-F not forwardable\n"));
+    fprintf(stderr, _("\t-p proxiable\n"));
+    fprintf(stderr, _("\t-P not proxiable\n"));
+    fprintf(stderr, _("\t-n anonymous\n"));
+    fprintf(stderr, _("\t-a include addresses\n"));
+    fprintf(stderr, _("\t-A do not include addresses\n"));
+    fprintf(stderr, _("\t-v validate\n"));
+    fprintf(stderr, _("\t-R renew\n"));
+    fprintf(stderr, _("\t-C canonicalize\n"));
+    fprintf(stderr, _("\t-E client is enterprise principal name\n"));
+    fprintf(stderr, _("\t-k use keytab\n"));
+    fprintf(stderr, _("\t-i use default client keytab (with -k)\n"));
+    fprintf(stderr, _("\t-t filename of keytab to use\n"));
+    fprintf(stderr, _("\t-c Kerberos 5 cache name\n"));
+    fprintf(stderr, _("\t-S service\n"));
+    fprintf(stderr, _("\t-I input credential cache\n"));
+    fprintf(stderr, _("\t-T armor credential cache\n"));
+    fprintf(stderr, _("\t-X <attribute>[=<value>]\n"));
+    fprintf(stderr,
+            _("\t--{,no}-request-pac request KDC include/exclude a PAC\n"));
+    exit(2);
+}
+
+static krb5_context errctx;
+static void
+extended_com_err_fn(const char *myprog, errcode_t code, const char *fmt,
+                    va_list args)
+{
+    const char *emsg;
+
+    emsg = krb5_get_error_message(errctx, code);
+    fprintf(stderr, "%s: %s ", myprog, emsg);
+    krb5_free_error_message(errctx, emsg);
+    vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\n");
+}
+
+static int
+add_preauth_opt(struct k_opts *opts, char *av)
+{
+    char *sep, *v;
+    krb5_gic_opt_pa_data *p, *x;
+    size_t newsize = (opts->num_pa_opts + 1) * sizeof(*opts->pa_opts);
+
+    x = realloc(opts->pa_opts, newsize);
+    if (x == NULL)
+        return ENOMEM;
+    opts->pa_opts = x;
+
+    p = &opts->pa_opts[opts->num_pa_opts];
+    sep = strchr(av, '=');
+    if (sep) {
+        *sep = '\0';
+        v = ++sep;
+        p->value = v;
+    } else {
+        p->value = "yes";
+    }
+    p->attr = av;
+    opts->num_pa_opts++;
+    return 0;
+}
+
+static char *
+parse_options(int argc, char **argv, struct k_opts *opts)
+{
+    struct option long_options[] = {
+        { "noforwardable", 0, NULL, 'F' },
+        { "noproxiable", 0, NULL, 'P' },
+        { "addresses", 0, NULL, 'a'},
+        { "forwardable", 0, NULL, 'f' },
+        { "proxiable", 0, NULL, 'p' },
+        { "noaddresses", 0, NULL, 'A' },
+        { "canonicalize", 0, NULL, 'C' },
+        { "enterprise", 0, NULL, 'E' },
+        { "request-pac", 0, &opts->request_pac, 1 },
+        { "no-request-pac", 0, &opts->not_request_pac, 1 },
+        { NULL, 0, NULL, 0 }
+    };
+    krb5_error_code ret;
+    int errflg = 0;
+    int i;
+
+    while ((i = getopt_long(argc, argv, shopts, long_options, 0)) != -1) {
+        switch (i) {
+        case 'V':
+            opts->verbose = 1;
+            break;
+        case 'l':
+            /* Lifetime */
+            ret = krb5_string_to_deltat(optarg, &opts->lifetime);
+            if (ret || opts->lifetime == 0) {
+                fprintf(stderr, _("Bad lifetime value %s\n"), optarg);
+                errflg++;
+            }
+            break;
+        case 'r':
+            /* Renewable Time */
+            ret = krb5_string_to_deltat(optarg, &opts->rlife);
+            if (ret || opts->rlife == 0) {
+                fprintf(stderr, _("Bad lifetime value %s\n"), optarg);
+                errflg++;
+            }
+            break;
+        case 'f':
+            opts->forwardable = 1;
+            break;
+        case 'F':
+            opts->not_forwardable = 1;
+            break;
+        case 'p':
+            opts->proxiable = 1;
+            break;
+        case 'P':
+            opts->not_proxiable = 1;
+            break;
+        case 'n':
+            opts->anonymous = 1;
+            break;
+        case 'a':
+            opts->addresses = 1;
+            break;
+        case 'A':
+            opts->no_addresses = 1;
+            break;
+        case 's':
+            ret = krb5_string_to_deltat(optarg, &opts->starttime);
+            if (ret || opts->starttime == 0) {
+                /* Parse as an absolute time; intentionally undocumented
+                 * but left for backwards compatibility. */
+                krb5_timestamp abs_starttime;
+
+                ret = krb5_string_to_timestamp(optarg, &abs_starttime);
+                if (ret || abs_starttime == 0) {
+                    fprintf(stderr, _("Bad start time value %s\n"), optarg);
+                    errflg++;
+                } else {
+                    opts->starttime = ts_delta(abs_starttime, time(NULL));
+                }
+            }
+            break;
+        case 'S':
+            opts->service_name = optarg;
+            break;
+        case 'k':
+            opts->action = INIT_KT;
+            break;
+        case 'i':
+            opts->use_client_keytab = 1;
+            break;
+        case 't':
+            if (opts->keytab_name != NULL) {
+                fprintf(stderr, _("Only one -t option allowed.\n"));
+                errflg++;
+            } else {
+                opts->keytab_name = optarg;
+            }
+            break;
+        case 'T':
+            if (opts->armor_ccache != NULL) {
+                fprintf(stderr, _("Only one armor_ccache\n"));
+                errflg++;
+            } else {
+                opts->armor_ccache = optarg;
+            }
+            break;
+        case 'R':
+            opts->action = RENEW;
+            break;
+        case 'v':
+            opts->action = VALIDATE;
+            break;
+        case 'c':
+            if (opts->k5_out_cache_name != NULL) {
+                fprintf(stderr, _("Only one -c option allowed\n"));
+                errflg++;
+            } else {
+                opts->k5_out_cache_name = optarg;
+            }
+            break;
+        case 'I':
+            if (opts->k5_in_cache_name != NULL) {
+                fprintf(stderr, _("Only one -I option allowed\n"));
+                errflg++;
+            } else {
+                opts->k5_in_cache_name = optarg;
+            }
+            break;
+        case 'X':
+            ret = add_preauth_opt(opts, optarg);
+            if (ret) {
+                com_err(progname, ret, _("while adding preauth option"));
+                errflg++;
+            }
+            break;
+        case 'C':
+            opts->canonicalize = 1;
+            break;
+        case 'E':
+            opts->enterprise = 1;
+            break;
+        case '4':
+            fprintf(stderr, _("Kerberos 4 is no longer supported\n"));
+            exit(3);
+            break;
+        case '5':
+            break;
+        case 0:
+            /* If this option set a flag, do nothing else now. */
+            break;
+        default:
+            errflg++;
+            break;
+        }
+    }
+
+    if (opts->forwardable && opts->not_forwardable) {
+        fprintf(stderr, _("Only one of -f and -F allowed\n"));
+        errflg++;
+    }
+    if (opts->proxiable && opts->not_proxiable) {
+        fprintf(stderr, _("Only one of -p and -P allowed\n"));
+        errflg++;
+    }
+    if (opts->request_pac && opts->not_request_pac) {
+        fprintf(stderr, _("Only one of --request-pac and --no-request-pac "
+                          "allowed\n"));
+        errflg++;
+    }
+    if (opts->addresses && opts->no_addresses) {
+        fprintf(stderr, _("Only one of -a and -A allowed\n"));
+        errflg++;
+    }
+    if (opts->keytab_name != NULL && opts->use_client_keytab == 1) {
+        fprintf(stderr, _("Only one of -t and -i allowed\n"));
+        errflg++;
+    }
+    if ((opts->keytab_name != NULL || opts->use_client_keytab == 1) &&
+        opts->action != INIT_KT) {
+        opts->action = INIT_KT;
+        fprintf(stderr, _("keytab specified, forcing -k\n"));
+    }
+    if (argc - optind > 1) {
+        fprintf(stderr, _("Extra arguments (starting with \"%s\").\n"),
+                argv[optind + 1]);
+        errflg++;
+    }
+
+    if (errflg)
+        usage();
+
+    opts->principal_name = (optind == argc - 1) ? argv[optind] : 0;
+    return opts->principal_name;
+}
+
+static int
+k5_begin(struct k_opts *opts, struct k5_data *k5)
+{
+    krb5_error_code ret;
+    int success = 0;
+    int flags = opts->enterprise ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0;
+    krb5_ccache defcache = NULL;
+    krb5_principal defcache_princ = NULL, princ;
+    krb5_keytab keytab;
+    const char *deftype = NULL;
+    char *defrealm, *name;
+
+    ret = krb5_init_context(&k5->ctx);
+    if (ret) {
+        com_err(progname, ret, _("while initializing Kerberos 5 library"));
+        return 0;
+    }
+    errctx = k5->ctx;
+
+    if (opts->k5_out_cache_name) {
+        ret = krb5_cc_resolve(k5->ctx, opts->k5_out_cache_name, &k5->out_cc);
+        if (ret) {
+            com_err(progname, ret, _("resolving ccache %s"),
+                    opts->k5_out_cache_name);
+            goto cleanup;
+        }
+        if (opts->verbose) {
+            fprintf(stderr, _("Using specified cache: %s\n"),
+                    opts->k5_out_cache_name);
+        }
+    } else {
+        /* Resolve the default ccache and get its type and default principal
+         * (if it is initialized). */
+        ret = krb5_cc_default(k5->ctx, &defcache);
+        if (ret) {
+            com_err(progname, ret, _("while getting default ccache"));
+            goto cleanup;
+        }
+        deftype = krb5_cc_get_type(k5->ctx, defcache);
+        if (krb5_cc_get_principal(k5->ctx, defcache, &defcache_princ) != 0)
+            defcache_princ = NULL;
+    }
+
+    /* Choose a client principal name. */
+    if (opts->principal_name != NULL) {
+        /* Use the specified principal name. */
+        ret = krb5_parse_name_flags(k5->ctx, opts->principal_name, flags,
+                                    &k5->me);
+        if (ret) {
+            com_err(progname, ret, _("when parsing name %s"),
+                    opts->principal_name);
+            goto cleanup;
+        }
+    } else if (opts->anonymous) {
+        /* Use the anonymous principal for the local realm. */
+        ret = krb5_get_default_realm(k5->ctx, &defrealm);
+        if (ret) {
+            com_err(progname, ret, _("while getting default realm"));
+            goto cleanup;
+        }
+        ret = krb5_build_principal_ext(k5->ctx, &k5->me,
+                                       strlen(defrealm), defrealm,
+                                       strlen(KRB5_WELLKNOWN_NAMESTR),
+                                       KRB5_WELLKNOWN_NAMESTR,
+                                       strlen(KRB5_ANONYMOUS_PRINCSTR),
+                                       KRB5_ANONYMOUS_PRINCSTR, 0);
+        krb5_free_default_realm(k5->ctx, defrealm);
+        if (ret) {
+            com_err(progname, ret, _("while building principal"));
+            goto cleanup;
+        }
+    } else if (opts->action == INIT_KT && opts->use_client_keytab) {
+        /* Use the first entry from the client keytab. */
+        ret = krb5_kt_client_default(k5->ctx, &keytab);
+        if (ret) {
+            com_err(progname, ret,
+                    _("When resolving the default client keytab"));
+            goto cleanup;
+        }
+        ret = k5_kt_get_principal(k5->ctx, keytab, &k5->me);
+        krb5_kt_close(k5->ctx, keytab);
+        if (ret) {
+            com_err(progname, ret,
+                    _("When determining client principal name from keytab"));
+            goto cleanup;
+        }
+    } else if (opts->action == INIT_KT) {
+        /* Use the default host/service name. */
+        ret = krb5_sname_to_principal(k5->ctx, NULL, NULL, KRB5_NT_SRV_HST,
+                                      &k5->me);
+        if (ret) {
+            com_err(progname, ret,
+                    _("when creating default server principal name"));
+            goto cleanup;
+        }
+    } else if (k5->out_cc != NULL) {
+        /* If the output ccache is initialized, use its principal. */
+        if (krb5_cc_get_principal(k5->ctx, k5->out_cc, &princ) == 0)
+            k5->me = princ;
+    } else if (defcache_princ != NULL) {
+        /* Use the default cache's principal, and use the default cache as the
+         * output cache. */
+        k5->out_cc = defcache;
+        defcache = NULL;
+        k5->me = defcache_princ;
+        defcache_princ = NULL;
+    }
+
+    /* If we still haven't chosen, use the local username. */
+    if (k5->me == NULL) {
+        name = get_name_from_os();
+        if (name == NULL) {
+            fprintf(stderr, _("Unable to identify user\n"));
+            goto cleanup;
+        }
+        ret = krb5_parse_name_flags(k5->ctx, name, flags, &k5->me);
+        if (ret) {
+            com_err(progname, ret, _("when parsing name %s"), name);
+            goto cleanup;
+        }
+    }
+
+    if (k5->out_cc == NULL && krb5_cc_support_switch(k5->ctx, deftype)) {
+        /* Use an existing cache for the client principal if we can. */
+        ret = krb5_cc_cache_match(k5->ctx, k5->me, &k5->out_cc);
+        if (ret && ret != KRB5_CC_NOTFOUND) {
+            com_err(progname, ret, _("while searching for ccache for %s"),
+                    opts->principal_name);
+            goto cleanup;
+        }
+        if (!ret) {
+            if (opts->verbose) {
+                fprintf(stderr, _("Using existing cache: %s\n"),
+                        krb5_cc_get_name(k5->ctx, k5->out_cc));
+            }
+            k5->switch_to_cache = 1;
+        } else if (defcache_princ != NULL) {
+            /* Create a new cache to avoid overwriting the initialized default
+             * cache. */
+            ret = krb5_cc_new_unique(k5->ctx, deftype, NULL, &k5->out_cc);
+            if (ret) {
+                com_err(progname, ret, _("while generating new ccache"));
+                goto cleanup;
+            }
+            if (opts->verbose) {
+                fprintf(stderr, _("Using new cache: %s\n"),
+                        krb5_cc_get_name(k5->ctx, k5->out_cc));
+            }
+            k5->switch_to_cache = 1;
+        }
+    }
+
+    /* Use the default cache if we haven't picked one yet. */
+    if (k5->out_cc == NULL) {
+        k5->out_cc = defcache;
+        defcache = NULL;
+        if (opts->verbose) {
+            fprintf(stderr, _("Using default cache: %s\n"),
+                    krb5_cc_get_name(k5->ctx, k5->out_cc));
+        }
+    }
+
+    if (opts->k5_in_cache_name) {
+        ret = krb5_cc_resolve(k5->ctx, opts->k5_in_cache_name, &k5->in_cc);
+        if (ret) {
+            com_err(progname, ret, _("resolving ccache %s"),
+                    opts->k5_in_cache_name);
+            goto cleanup;
+        }
+        if (opts->verbose) {
+            fprintf(stderr, _("Using specified input cache: %s\n"),
+                    opts->k5_in_cache_name);
+        }
+    }
+
+    ret = krb5_unparse_name(k5->ctx, k5->me, &k5->name);
+    if (ret) {
+        com_err(progname, ret, _("when unparsing name"));
+        goto cleanup;
+    }
+    if (opts->verbose)
+        fprintf(stderr, _("Using principal: %s\n"), k5->name);
+
+    opts->principal_name = k5->name;
+
+    success = 1;
+
+cleanup:
+    if (defcache != NULL)
+        krb5_cc_close(k5->ctx, defcache);
+    krb5_free_principal(k5->ctx, defcache_princ);
+    return success;
+}
+
+static void
+k5_end(struct k5_data *k5)
+{
+    krb5_free_unparsed_name(k5->ctx, k5->name);
+    krb5_free_principal(k5->ctx, k5->me);
+    if (k5->in_cc != NULL)
+        krb5_cc_close(k5->ctx, k5->in_cc);
+    if (k5->out_cc != NULL)
+        krb5_cc_close(k5->ctx, k5->out_cc);
+    krb5_free_context(k5->ctx);
+    errctx = NULL;
+    memset(k5, 0, sizeof(*k5));
+}
+
+static krb5_error_code KRB5_CALLCONV
+kinit_prompter(krb5_context ctx, void *data, const char *name,
+               const char *banner, int num_prompts, krb5_prompt prompts[])
+{
+    krb5_boolean *pwprompt = data;
+    krb5_prompt_type *ptypes;
+    int i;
+
+    /* Make a note if we receive a password prompt. */
+    ptypes = krb5_get_prompt_types(ctx);
+    for (i = 0; i < num_prompts; i++) {
+        if (ptypes != NULL && ptypes[i] == KRB5_PROMPT_TYPE_PASSWORD)
+            *pwprompt = TRUE;
+    }
+    return krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
+}
+
+static int
+k5_kinit(struct k_opts *opts, struct k5_data *k5)
+{
+    int notix = 1;
+    krb5_keytab keytab = 0;
+    krb5_creds my_creds;
+    krb5_error_code ret;
+    krb5_get_init_creds_opt *options = NULL;
+    krb5_boolean pwprompt = FALSE;
+    krb5_address **addresses = NULL;
+    krb5_principal cprinc;
+    krb5_ccache mcc = NULL;
+    int i;
+
+    memset(&my_creds, 0, sizeof(my_creds));
+
+    ret = krb5_get_init_creds_opt_alloc(k5->ctx, &options);
+    if (ret)
+        goto cleanup;
+
+    if (opts->lifetime)
+        krb5_get_init_creds_opt_set_tkt_life(options, opts->lifetime);
+    if (opts->rlife)
+        krb5_get_init_creds_opt_set_renew_life(options, opts->rlife);
+    if (opts->forwardable)
+        krb5_get_init_creds_opt_set_forwardable(options, 1);
+    if (opts->not_forwardable)
+        krb5_get_init_creds_opt_set_forwardable(options, 0);
+    if (opts->proxiable)
+        krb5_get_init_creds_opt_set_proxiable(options, 1);
+    if (opts->not_proxiable)
+        krb5_get_init_creds_opt_set_proxiable(options, 0);
+    if (opts->canonicalize)
+        krb5_get_init_creds_opt_set_canonicalize(options, 1);
+    if (opts->anonymous)
+        krb5_get_init_creds_opt_set_anonymous(options, 1);
+    if (opts->addresses) {
+        ret = krb5_os_localaddr(k5->ctx, &addresses);
+        if (ret) {
+            com_err(progname, ret, _("getting local addresses"));
+            goto cleanup;
+        }
+        krb5_get_init_creds_opt_set_address_list(options, addresses);
+    }
+    if (opts->no_addresses)
+        krb5_get_init_creds_opt_set_address_list(options, NULL);
+    if (opts->armor_ccache != NULL) {
+        krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options,
+                                                     opts->armor_ccache);
+    }
+    if (opts->request_pac)
+        krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, TRUE);
+    if (opts->not_request_pac)
+        krb5_get_init_creds_opt_set_pac_request(k5->ctx, options, FALSE);
+
+
+    if (opts->action == INIT_KT && opts->keytab_name != NULL) {
+#ifndef _WIN32
+        if (strncmp(opts->keytab_name, "KDB:", 4) == 0) {
+            ret = kinit_kdb_init(&k5->ctx, k5->me->realm.data);
+            errctx = k5->ctx;
+            if (ret) {
+                com_err(progname, ret,
+                        _("while setting up KDB keytab for realm %s"),
+                        k5->me->realm.data);
+                goto cleanup;
+            }
+        }
+#endif
+
+        ret = krb5_kt_resolve(k5->ctx, opts->keytab_name, &keytab);
+        if (ret) {
+            com_err(progname, ret, _("resolving keytab %s"),
+                    opts->keytab_name);
+            goto cleanup;
+        }
+        if (opts->verbose)
+            fprintf(stderr, _("Using keytab: %s\n"), opts->keytab_name);
+    } else if (opts->action == INIT_KT && opts->use_client_keytab) {
+        ret = krb5_kt_client_default(k5->ctx, &keytab);
+        if (ret) {
+            com_err(progname, ret, _("resolving default client keytab"));
+            goto cleanup;
+        }
+    }
+
+    for (i = 0; i < opts->num_pa_opts; i++) {
+        ret = krb5_get_init_creds_opt_set_pa(k5->ctx, options,
+                                             opts->pa_opts[i].attr,
+                                             opts->pa_opts[i].value);
+        if (ret) {
+            com_err(progname, ret, _("while setting '%s'='%s'"),
+                    opts->pa_opts[i].attr, opts->pa_opts[i].value);
+            goto cleanup;
+        }
+        if (opts->verbose) {
+            fprintf(stderr, _("PA Option %s = %s\n"), opts->pa_opts[i].attr,
+                    opts->pa_opts[i].value);
+        }
+    }
+    if (k5->in_cc) {
+        ret = krb5_get_init_creds_opt_set_in_ccache(k5->ctx, options,
+                                                    k5->in_cc);
+        if (ret)
+            goto cleanup;
+    }
+    ret = krb5_get_init_creds_opt_set_out_ccache(k5->ctx, options, k5->out_cc);
+    if (ret)
+        goto cleanup;
+
+    switch (opts->action) {
+    case INIT_PW:
+        ret = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me, 0,
+                                           kinit_prompter, &pwprompt,
+                                           opts->starttime, opts->service_name,
+                                           options);
+        break;
+    case INIT_KT:
+        ret = krb5_get_init_creds_keytab(k5->ctx, &my_creds, k5->me, keytab,
+                                         opts->starttime, opts->service_name,
+                                         options);
+        break;
+    case VALIDATE:
+        ret = krb5_get_validated_creds(k5->ctx, &my_creds, k5->me, k5->out_cc,
+                                       opts->service_name);
+        break;
+    case RENEW:
+        ret = krb5_get_renewed_creds(k5->ctx, &my_creds, k5->me, k5->out_cc,
+                                     opts->service_name);
+        break;
+    }
+
+    if (ret) {
+        char *doing = NULL;
+        switch (opts->action) {
+        case INIT_PW:
+        case INIT_KT:
+            doing = _("getting initial credentials");
+            break;
+        case VALIDATE:
+            doing = _("validating credentials");
+            break;
+        case RENEW:
+            doing = _("renewing credentials");
+            break;
+        }
+
+        /* If reply decryption failed, or if pre-authentication failed and we
+         * were prompted for a password, assume the password was wrong. */
+        if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY ||
+            (pwprompt && ret == KRB5KDC_ERR_PREAUTH_FAILED)) {
+            fprintf(stderr, _("%s: Password incorrect while %s\n"), progname,
+                    doing);
+        } else {
+            com_err(progname, ret, _("while %s"), doing);
+        }
+        goto cleanup;
+    }
+
+    if (opts->action != INIT_PW && opts->action != INIT_KT) {
+        cprinc = opts->canonicalize ? my_creds.client : k5->me;
+        ret = krb5_cc_new_unique(k5->ctx, "MEMORY", NULL, &mcc);
+        if (!ret)
+            ret = krb5_cc_initialize(k5->ctx, mcc, cprinc);
+        if (ret) {
+            com_err(progname, ret, _("when creating temporary cache"));
+            goto cleanup;
+        }
+        if (opts->verbose)
+            fprintf(stderr, _("Initialized cache\n"));
+
+        ret = k5_cc_store_primary_cred(k5->ctx, mcc, &my_creds);
+        if (ret) {
+            com_err(progname, ret, _("while storing credentials"));
+            goto cleanup;
+        }
+        ret = krb5_cc_move(k5->ctx, mcc, k5->out_cc);
+        if (ret) {
+            com_err(progname, ret, _("while saving to cache %s"),
+                    opts->k5_out_cache_name ? opts->k5_out_cache_name : "");
+            goto cleanup;
+        }
+        mcc = NULL;
+        if (opts->verbose)
+            fprintf(stderr, _("Stored credentials\n"));
+    }
+    notix = 0;
+    if (k5->switch_to_cache) {
+        ret = krb5_cc_switch(k5->ctx, k5->out_cc);
+        if (ret) {
+            com_err(progname, ret, _("while switching to new ccache"));
+            goto cleanup;
+        }
+    }
+
+cleanup:
+#ifndef _WIN32
+    kinit_kdb_fini();
+#endif
+    if (mcc != NULL)
+        krb5_cc_destroy(k5->ctx, mcc);
+    if (options)
+        krb5_get_init_creds_opt_free(k5->ctx, options);
+    if (my_creds.client == k5->me)
+        my_creds.client = 0;
+    if (opts->pa_opts) {
+        free(opts->pa_opts);
+        opts->pa_opts = NULL;
+        opts->num_pa_opts = 0;
+    }
+    krb5_free_cred_contents(k5->ctx, &my_creds);
+    if (keytab != NULL)
+        krb5_kt_close(k5->ctx, keytab);
+    return notix ? 0 : 1;
+}
+
+int
+main(int argc, char *argv[])
+{
+    struct k_opts opts;
+    struct k5_data k5;
+    int authed_k5 = 0;
+
+    setlocale(LC_ALL, "");
+    progname = GET_PROGNAME(argv[0]);
+
+    /* Ensure we can be driven from a pipe */
+    if (!isatty(fileno(stdin)))
+        setvbuf(stdin, 0, _IONBF, 0);
+    if (!isatty(fileno(stdout)))
+        setvbuf(stdout, 0, _IONBF, 0);
+    if (!isatty(fileno(stderr)))
+        setvbuf(stderr, 0, _IONBF, 0);
+
+    memset(&opts, 0, sizeof(opts));
+    opts.action = INIT_PW;
+
+    memset(&k5, 0, sizeof(k5));
+
+    set_com_err_hook(extended_com_err_fn);
+
+    parse_options(argc, argv, &opts);
+
+    if (k5_begin(&opts, &k5))
+        authed_k5 = k5_kinit(&opts, &k5);
+
+    if (authed_k5 && opts.verbose)
+        fprintf(stderr, _("Authenticated to Kerberos v5\n"));
+
+    k5_end(&k5);
+
+    if (!authed_k5)
+        exit(1);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/clients/kinit/kinit_kdb.c b/krb5-1.21.3/src/clients/kinit/kinit_kdb.c
new file mode 100644
index 00000000..fbd174bf
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kinit/kinit_kdb.c
@@ -0,0 +1,75 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/kinit/kinit_kdb.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/**
+ *    @file kinit_kdb.c
+ *    Operations to open the KDB and make the KDB key table available
+ *    for kinit.
+ */
+
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+#include <kdb.h>
+#include "extern.h"
+
+/* Server handle */
+static void *server_handle;
+
+/* Free and reinitialize *pcontext with the KDB opened to the given realm, so
+ * that it can be used with the KDB keytab type. */
+krb5_error_code
+kinit_kdb_init(krb5_context *pcontext, char *realm)
+{
+    kadm5_config_params config;
+    krb5_error_code ret;
+
+    if (*pcontext) {
+        krb5_free_context(*pcontext);
+        *pcontext = NULL;
+    }
+    memset(&config, 0, sizeof config);
+
+    ret = kadm5_init_krb5_context(pcontext);
+    if (ret)
+        return ret;
+
+    config.mask = KADM5_CONFIG_REALM;
+    config.realm = realm;
+    ret = kadm5_init(*pcontext, "kinit", NULL, "kinit", &config,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
+                     &server_handle);
+    if (ret)
+        return ret;
+
+    return krb5_db_register_keytab(*pcontext);
+}
+
+void
+kinit_kdb_fini()
+{
+    kadm5_destroy(server_handle);
+}
diff --git a/krb5-1.21.3/src/clients/klist/Makefile.in b/krb5-1.21.3/src/clients/klist/Makefile.in
new file mode 100644
index 00000000..32348251
--- /dev/null
+++ b/krb5-1.21.3/src/clients/klist/Makefile.in
@@ -0,0 +1,35 @@
+mydir=clients$(S)klist
+BUILDTOP=$(REL)..$(S)..
+
+##WIN32##LOCALINCLUDES=-I$(BUILDTOP)\util\windows\
+
+SRCS = klist.c
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KLIST=$(OUTPRE)klist.exe
+
+##WIN32##EXERES=$(KLIST:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKLIST_APP -fo $@ -r $**
+
+all-unix: klist
+##WIN32##all-windows: $(KLIST)
+
+klist: klist.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ klist.o $(KRB5_BASE_LIBS)
+
+##WIN32##$(KLIST): $(OUTPRE)klist.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) klist.o klist
+
+install-unix:
+	for f in klist; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/klist/deps b/krb5-1.21.3/src/clients/klist/deps
new file mode 100644
index 00000000..ef0edbc3
--- /dev/null
+++ b/krb5-1.21.3/src/clients/klist/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)klist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  klist.c
diff --git a/krb5-1.21.3/src/clients/klist/klist.c b/krb5-1.21.3/src/clients/klist/klist.c
new file mode 100644
index 00000000..dcdc5a2d
--- /dev/null
+++ b/krb5-1.21.3/src/clients/klist/klist.c
@@ -0,0 +1,870 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/klist/klist.c - List contents of credential cache or keytab */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <krb5.h>
+#include <com_err.h>
+#include <locale.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+
+/* Need definition of INET6 before network headers, for IRIX.  */
+#if defined(HAVE_ARPA_INET_H)
+#include <arpa/inet.h>
+#endif
+
+#ifndef _WIN32
+#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/') + 1 : (x))
+#else
+#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
+#endif
+
+#ifndef _WIN32
+#include <sys/socket.h>
+#include <netdb.h>
+#endif
+
+int show_flags = 0, show_time = 0, status_only = 0, show_keys = 0;
+int show_etype = 0, show_addresses = 0, no_resolve = 0, print_version = 0;
+int show_adtype = 0, show_all = 0, list_all = 0, use_client_keytab = 0;
+int show_config = 0;
+char *defname;
+char *progname;
+krb5_timestamp now;
+unsigned int timestamp_width;
+
+krb5_context context;
+
+static krb5_boolean is_local_tgt(krb5_principal princ, krb5_data *realm);
+static char *etype_string(krb5_enctype );
+static void show_credential(krb5_creds *);
+
+static void list_all_ccaches(void);
+static int list_ccache(krb5_ccache);
+static void show_all_ccaches(void);
+static void do_ccache(void);
+static int show_ccache(krb5_ccache);
+static int check_ccache(krb5_ccache);
+static void do_keytab(const char *);
+static void printtime(krb5_timestamp);
+static void one_addr(krb5_address *);
+static void fillit(FILE *, unsigned int, int);
+
+#define DEFAULT 0
+#define CCACHE 1
+#define KEYTAB 2
+
+static void
+usage()
+{
+    fprintf(stderr, _("Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] "
+                      "[-a [-n]]] [-k [-i] [-t] [-K]] [-C] [name]\n"),
+            progname);
+    fprintf(stderr, _("\t-c specifies credentials cache\n"));
+    fprintf(stderr, _("\t-k specifies keytab\n"));
+    fprintf(stderr, _("\t   (Default is credentials cache)\n"));
+    fprintf(stderr, _("\t-i uses default client keytab if no name given\n"));
+    fprintf(stderr, _("\t-l lists credential caches in collection\n"));
+    fprintf(stderr, _("\t-A shows content of all credential caches\n"));
+    fprintf(stderr, _("\t-e shows the encryption type\n"));
+    fprintf(stderr, _("\t-V shows the Kerberos version and exits\n"));
+    fprintf(stderr, _("\toptions for credential caches:\n"));
+    fprintf(stderr, _("\t\t-d shows the submitted authorization data "
+                      "types\n"));
+    fprintf(stderr, _("\t\t-f shows credentials flags\n"));
+    fprintf(stderr, _("\t\t-s sets exit status based on valid tgt "
+                      "existence\n"));
+    fprintf(stderr, _("\t\t-a displays the address list\n"));
+    fprintf(stderr, _("\t\t\t-n do not reverse-resolve\n"));
+    fprintf(stderr, _("\toptions for keytabs:\n"));
+    fprintf(stderr, _("\t\t-t shows keytab entry timestamps\n"));
+    fprintf(stderr, _("\t\t-K shows keytab entry keys\n"));
+    fprintf(stderr, _("\t\t-C includes configuration data entries\n"));
+    exit(1);
+}
+
+static void
+extended_com_err_fn(const char *prog, errcode_t code, const char *fmt,
+                    va_list args)
+{
+    const char *msg;
+
+    msg = krb5_get_error_message(context, code);
+    fprintf(stderr, "%s: %s%s", prog, msg, (*fmt == '\0') ? "" : " ");
+    krb5_free_error_message(context, msg);
+    vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\n");
+}
+
+int
+main(int argc, char *argv[])
+{
+    krb5_error_code ret;
+    char *name, tmp[BUFSIZ];
+    int c, mode;
+
+    setlocale(LC_ALL, "");
+    progname = GET_PROGNAME(argv[0]);
+    set_com_err_hook(extended_com_err_fn);
+
+    name = NULL;
+    mode = DEFAULT;
+    /* V = version so v can be used for verbose later if desired. */
+    while ((c = getopt(argc, argv, "dfetKsnacki45lAVC")) != -1) {
+        switch (c) {
+        case 'd':
+            show_adtype = 1;
+            break;
+        case 'f':
+            show_flags = 1;
+            break;
+        case 'e':
+            show_etype = 1;
+            break;
+        case 't':
+            show_time = 1;
+            break;
+        case 'K':
+            show_keys = 1;
+            break;
+        case 's':
+            status_only = 1;
+            break;
+        case 'n':
+            no_resolve = 1;
+            break;
+        case 'a':
+            show_addresses = 1;
+            break;
+        case 'c':
+            if (mode != DEFAULT)
+                usage();
+            mode = CCACHE;
+            break;
+        case 'k':
+            if (mode != DEFAULT)
+                usage();
+            mode = KEYTAB;
+            break;
+        case 'i':
+            use_client_keytab = 1;
+            break;
+        case '4':
+            fprintf(stderr, _("Kerberos 4 is no longer supported\n"));
+            exit(3);
+            break;
+        case '5':
+            break;
+        case 'l':
+            list_all = 1;
+            break;
+        case 'A':
+            show_all = 1;
+            break;
+        case 'C':
+            show_config = 1;
+            break;
+        case 'V':
+            print_version = 1;
+            break;
+        default:
+            usage();
+            break;
+        }
+    }
+
+    if (no_resolve && !show_addresses)
+        usage();
+
+    if (mode == DEFAULT || mode == CCACHE) {
+        if (show_time || show_keys)
+            usage();
+        if ((show_all && list_all) || (status_only && list_all))
+            usage();
+    } else {
+        if (show_flags || status_only || show_addresses ||
+            show_all || list_all)
+            usage();
+    }
+
+    if (argc - optind > 1) {
+        fprintf(stderr, _("Extra arguments (starting with \"%s\").\n"),
+                argv[optind + 1]);
+        usage();
+    }
+
+    if (print_version) {
+#ifdef _WIN32                   /* No access to autoconf vars; fix somehow. */
+        printf("Kerberos for Windows\n");
+#else
+        printf(_("%s version %s\n"), PACKAGE_NAME, PACKAGE_VERSION);
+#endif
+        exit(0);
+    }
+
+    name = (optind == argc - 1) ? argv[optind] : NULL;
+    now = time(0);
+
+    if (!krb5_timestamp_to_sfstring(now, tmp, 20, NULL) ||
+        !krb5_timestamp_to_sfstring(now, tmp, sizeof(tmp), NULL))
+        timestamp_width = (int)strlen(tmp);
+    else
+        timestamp_width = 15;
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(progname, ret, _("while initializing krb5"));
+        exit(1);
+    }
+
+    if (name != NULL && mode != KEYTAB) {
+        ret = krb5_cc_set_default_name(context, name);
+        if (ret) {
+            com_err(progname, ret, _("while setting default cache name"));
+            exit(1);
+        }
+    }
+
+    if (list_all)
+        list_all_ccaches();
+    else if (show_all)
+        show_all_ccaches();
+    else if (mode == DEFAULT || mode == CCACHE)
+        do_ccache();
+    else
+        do_keytab(name);
+    return 0;
+}
+
+static void
+do_keytab(const char *name)
+{
+    krb5_error_code ret;
+    krb5_keytab kt;
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    unsigned int i;
+    char buf[BUFSIZ]; /* Hopefully large enough for any type */
+    char *pname;
+
+    if (name == NULL && use_client_keytab) {
+        ret = krb5_kt_client_default(context, &kt);
+        if (ret) {
+            com_err(progname, ret, _("while getting default client keytab"));
+            exit(1);
+        }
+    } else if (name == NULL) {
+        ret = krb5_kt_default(context, &kt);
+        if (ret) {
+            com_err(progname, ret, _("while getting default keytab"));
+            exit(1);
+        }
+    } else {
+        ret = krb5_kt_resolve(context, name, &kt);
+        if (ret) {
+            com_err(progname, ret, _("while resolving keytab %s"), name);
+            exit(1);
+        }
+    }
+
+    ret = krb5_kt_get_name(context, kt, buf, BUFSIZ);
+    if (ret) {
+        com_err(progname, ret, _("while getting keytab name"));
+        exit(1);
+    }
+
+    printf("Keytab name: %s\n", buf);
+
+    ret = krb5_kt_start_seq_get(context, kt, &cursor);
+    if (ret) {
+        com_err(progname, ret, _("while starting keytab scan"));
+        exit(1);
+    }
+
+    /* XXX Translating would disturb table alignment; skip for now. */
+    if (show_time) {
+        printf("KVNO Timestamp");
+        fillit(stdout, timestamp_width - sizeof("Timestamp") + 2, (int) ' ');
+        printf("Principal\n");
+        printf("---- ");
+        fillit(stdout, timestamp_width, (int) '-');
+        printf(" ");
+        fillit(stdout, 78 - timestamp_width - sizeof("KVNO"), (int) '-');
+        printf("\n");
+    } else {
+        printf("KVNO Principal\n");
+        printf("---- ------------------------------------------------"
+               "--------------------------\n");
+    }
+
+    while ((ret = krb5_kt_next_entry(context, kt, &entry, &cursor)) == 0) {
+        ret = krb5_unparse_name(context, entry.principal, &pname);
+        if (ret) {
+            com_err(progname, ret, _("while unparsing principal name"));
+            exit(1);
+        }
+        printf("%4d ", entry.vno);
+        if (show_time) {
+            printtime(entry.timestamp);
+            printf(" ");
+        }
+        printf("%s", pname);
+        if (show_etype)
+            printf(" (%s) " , etype_string(entry.key.enctype));
+        if (show_keys) {
+            printf(" (0x");
+            for (i = 0; i < entry.key.length; i++)
+                printf("%02x", entry.key.contents[i]);
+            printf(")");
+        }
+        printf("\n");
+        krb5_free_unparsed_name(context, pname);
+        krb5_free_keytab_entry_contents(context, &entry);
+    }
+    if (ret && ret != KRB5_KT_END) {
+        com_err(progname, ret, _("while scanning keytab"));
+        exit(1);
+    }
+    ret = krb5_kt_end_seq_get(context, kt, &cursor);
+    if (ret) {
+        com_err(progname, ret, _("while ending keytab scan"));
+        exit(1);
+    }
+    exit(0);
+}
+
+static void
+list_all_ccaches()
+{
+    krb5_error_code ret;
+    krb5_ccache cache;
+    krb5_cccol_cursor cursor;
+    int exit_status;
+
+    ret = krb5_cccol_cursor_new(context, &cursor);
+    if (ret) {
+        if (!status_only)
+            com_err(progname, ret, _("while listing ccache collection"));
+        exit(1);
+    }
+
+    /* XXX Translating would disturb table alignment; skip for now. */
+    printf("%-30s %s\n", "Principal name", "Cache name");
+    printf("%-30s %s\n", "--------------", "----------");
+    exit_status = 1;
+    while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
+           cache != NULL) {
+        exit_status = list_ccache(cache) && exit_status;
+        krb5_cc_close(context, cache);
+    }
+    krb5_cccol_cursor_free(context, &cursor);
+    exit(exit_status);
+}
+
+static int
+list_ccache(krb5_ccache cache)
+{
+    krb5_error_code ret;
+    krb5_principal princ = NULL;
+    char *princname = NULL, *ccname = NULL;
+    int expired, status = 1;
+
+    ret = krb5_cc_get_principal(context, cache, &princ);
+    if (ret)                    /* Uninitialized cache file, probably. */
+        goto cleanup;
+    ret = krb5_unparse_name(context, princ, &princname);
+    if (ret)
+        goto cleanup;
+    ret = krb5_cc_get_full_name(context, cache, &ccname);
+    if (ret)
+        goto cleanup;
+
+    expired = check_ccache(cache);
+
+    printf("%-30.30s %s", princname, ccname);
+    if (expired)
+        printf(" %s", _("(Expired)"));
+    printf("\n");
+
+    status = 0;
+
+cleanup:
+    krb5_free_principal(context, princ);
+    krb5_free_unparsed_name(context, princname);
+    krb5_free_string(context, ccname);
+    return status;
+}
+
+static void
+show_all_ccaches(void)
+{
+    krb5_error_code ret;
+    krb5_ccache cache;
+    krb5_cccol_cursor cursor;
+    krb5_boolean first;
+    int exit_status, st;
+
+    ret = krb5_cccol_cursor_new(context, &cursor);
+    if (ret) {
+        if (!status_only)
+            com_err(progname, ret, _("while listing ccache collection"));
+        exit(1);
+    }
+    exit_status = 1;
+    first = TRUE;
+    while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
+           cache != NULL) {
+        if (!status_only && !first)
+            printf("\n");
+        first = FALSE;
+        st = status_only ? check_ccache(cache) : show_ccache(cache);
+        exit_status = st && exit_status;
+        krb5_cc_close(context, cache);
+    }
+    krb5_cccol_cursor_free(context, &cursor);
+    exit(exit_status);
+}
+
+static void
+do_ccache()
+{
+    krb5_error_code ret;
+    krb5_ccache cache;
+
+    ret = krb5_cc_default(context, &cache);
+    if (ret) {
+        if (!status_only)
+            com_err(progname, ret, _("while resolving ccache"));
+        exit(1);
+    }
+    exit(status_only ? check_ccache(cache) : show_ccache(cache));
+}
+
+/* Display the contents of cache. */
+static int
+show_ccache(krb5_ccache cache)
+{
+    krb5_cc_cursor cur;
+    krb5_creds creds;
+    krb5_principal princ;
+    krb5_error_code ret;
+
+    ret = krb5_cc_get_principal(context, cache, &princ);
+    if (ret) {
+        com_err(progname, ret, "");
+        return 1;
+    }
+    ret = krb5_unparse_name(context, princ, &defname);
+    if (ret) {
+        com_err(progname, ret, _("while unparsing principal name"));
+        return 1;
+    }
+
+    printf(_("Ticket cache: %s:%s\nDefault principal: %s\n\n"),
+           krb5_cc_get_type(context, cache), krb5_cc_get_name(context, cache),
+           defname);
+    /* XXX Translating would disturb table alignment; skip for now. */
+    fputs("Valid starting", stdout);
+    fillit(stdout, timestamp_width - sizeof("Valid starting") + 3, (int) ' ');
+    fputs("Expires", stdout);
+    fillit(stdout, timestamp_width - sizeof("Expires") + 3, (int) ' ');
+    fputs("Service principal\n", stdout);
+
+    ret = krb5_cc_start_seq_get(context, cache, &cur);
+    if (ret) {
+        com_err(progname, ret, _("while starting to retrieve tickets"));
+        return 1;
+    }
+    while ((ret = krb5_cc_next_cred(context, cache, &cur, &creds)) == 0) {
+        if (show_config || !krb5_is_config_principal(context, creds.server))
+            show_credential(&creds);
+        krb5_free_cred_contents(context, &creds);
+    }
+    krb5_free_principal(context, princ);
+    krb5_free_unparsed_name(context, defname);
+    defname = NULL;
+    if (ret == KRB5_CC_END) {
+        ret = krb5_cc_end_seq_get(context, cache, &cur);
+        if (ret) {
+            com_err(progname, ret, _("while finishing ticket retrieval"));
+            return 1;
+        }
+        return 0;
+    } else {
+        com_err(progname, ret, _("while retrieving a ticket"));
+        return 1;
+    }
+}
+
+/* Return 0 if cache is accessible, present, and unexpired; return 1 if not. */
+static int
+check_ccache(krb5_ccache cache)
+{
+    krb5_error_code ret;
+    krb5_cc_cursor cur;
+    krb5_creds creds;
+    krb5_principal princ;
+    krb5_boolean found_tgt, found_current_tgt, found_current_cred;
+
+    if (krb5_cc_get_principal(context, cache, &princ) != 0)
+        return 1;
+    if (krb5_cc_start_seq_get(context, cache, &cur) != 0)
+        return 1;
+    found_tgt = found_current_tgt = found_current_cred = FALSE;
+    while ((ret = krb5_cc_next_cred(context, cache, &cur, &creds)) == 0) {
+        if (is_local_tgt(creds.server, &princ->realm)) {
+            found_tgt = TRUE;
+            if (ts_after(creds.times.endtime, now))
+                found_current_tgt = TRUE;
+        } else if (!krb5_is_config_principal(context, creds.server) &&
+                   ts_after(creds.times.endtime, now)) {
+            found_current_cred = TRUE;
+        }
+        krb5_free_cred_contents(context, &creds);
+    }
+    krb5_free_principal(context, princ);
+    if (ret != KRB5_CC_END)
+        return 1;
+    if (krb5_cc_end_seq_get(context, cache, &cur) != 0)
+        return 1;
+
+    /* If the cache contains at least one local TGT, require that it be
+     * current.  Otherwise accept any current cred. */
+    if (found_tgt)
+        return found_current_tgt ? 0 : 1;
+    return found_current_cred ? 0 : 1;
+}
+
+/* Return true if princ is the local krbtgt principal for local_realm. */
+static krb5_boolean
+is_local_tgt(krb5_principal princ, krb5_data *realm)
+{
+    return princ->length == 2 && data_eq(princ->realm, *realm) &&
+        data_eq_string(princ->data[0], KRB5_TGS_NAME) &&
+        data_eq(princ->data[1], *realm);
+}
+
+static char *
+etype_string(krb5_enctype enctype)
+{
+    static char buf[100];
+    char *bp = buf;
+    size_t deplen, buflen = sizeof(buf);
+
+    if (krb5int_c_deprecated_enctype(enctype)) {
+        deplen = strlcpy(bp, "DEPRECATED:", buflen);
+        buflen -= deplen;
+        bp += deplen;
+    }
+
+    if (krb5_enctype_to_name(enctype, FALSE, bp, buflen))
+        snprintf(bp, buflen, "etype %d", enctype);
+    return buf;
+}
+
+static char *
+flags_string(krb5_creds *cred)
+{
+    static char buf[32];
+    int i = 0;
+
+    if (cred->ticket_flags & TKT_FLG_FORWARDABLE)
+        buf[i++] = 'F';
+    if (cred->ticket_flags & TKT_FLG_FORWARDED)
+        buf[i++] = 'f';
+    if (cred->ticket_flags & TKT_FLG_PROXIABLE)
+        buf[i++] = 'P';
+    if (cred->ticket_flags & TKT_FLG_PROXY)
+        buf[i++] = 'p';
+    if (cred->ticket_flags & TKT_FLG_MAY_POSTDATE)
+        buf[i++] = 'D';
+    if (cred->ticket_flags & TKT_FLG_POSTDATED)
+        buf[i++] = 'd';
+    if (cred->ticket_flags & TKT_FLG_INVALID)
+        buf[i++] = 'i';
+    if (cred->ticket_flags & TKT_FLG_RENEWABLE)
+        buf[i++] = 'R';
+    if (cred->ticket_flags & TKT_FLG_INITIAL)
+        buf[i++] = 'I';
+    if (cred->ticket_flags & TKT_FLG_HW_AUTH)
+        buf[i++] = 'H';
+    if (cred->ticket_flags & TKT_FLG_PRE_AUTH)
+        buf[i++] = 'A';
+    if (cred->ticket_flags & TKT_FLG_TRANSIT_POLICY_CHECKED)
+        buf[i++] = 'T';
+    if (cred->ticket_flags & TKT_FLG_OK_AS_DELEGATE)
+        buf[i++] = 'O';         /* D/d are taken.  Use short strings? */
+    if (cred->ticket_flags & TKT_FLG_ANONYMOUS)
+        buf[i++] = 'a';
+    buf[i] = '\0';
+    return buf;
+}
+
+static void
+printtime(krb5_timestamp ts)
+{
+    char timestring[BUFSIZ], fill = ' ';
+
+    if (!krb5_timestamp_to_sfstring(ts, timestring, timestamp_width + 1,
+                                    &fill))
+        printf("%s", timestring);
+}
+
+static void
+print_config_data(int col, krb5_data *data)
+{
+    unsigned int i;
+
+    for (i = 0; i < data->length; i++) {
+        while (col < 8) {
+            putchar(' ');
+            col++;
+        }
+        if (data->data[i] > 0x20 && data->data[i] < 0x7f) {
+            putchar(data->data[i]);
+            col++;
+        } else {
+            col += printf("\\%03o", (unsigned char)data->data[i]);
+        }
+        if (col > 72) {
+            putchar('\n');
+            col = 0;
+        }
+    }
+    if (col > 0)
+        putchar('\n');
+}
+
+static void
+show_credential(krb5_creds *cred)
+{
+    krb5_error_code ret;
+    krb5_ticket *tkt = NULL;
+    char *name = NULL, *sname = NULL, *tktsname, *flags;
+    int extra_field = 0, ccol = 0, i;
+    krb5_boolean is_config = krb5_is_config_principal(context, cred->server);
+
+    ret = krb5_unparse_name(context, cred->client, &name);
+    if (ret) {
+        com_err(progname, ret, _("while unparsing client name"));
+        goto cleanup;
+    }
+    ret = krb5_unparse_name(context, cred->server, &sname);
+    if (ret) {
+        com_err(progname, ret, _("while unparsing server name"));
+        goto cleanup;
+    }
+    if (!is_config)
+        (void)krb5_decode_ticket(&cred->ticket, &tkt);
+    if (!cred->times.starttime)
+        cred->times.starttime = cred->times.authtime;
+
+    if (!is_config) {
+        printtime(cred->times.starttime);
+        putchar(' ');
+        putchar(' ');
+        printtime(cred->times.endtime);
+        putchar(' ');
+        putchar(' ');
+        printf("%s\n", sname);
+    } else {
+        fputs("config: ", stdout);
+        ccol = 8;
+        for (i = 1; i < cred->server->length; i++) {
+            ccol += printf("%s%.*s%s",
+                           i > 1 ? "(" : "",
+                           (int)cred->server->data[i].length,
+                           cred->server->data[i].data,
+                           i > 1 ? ")" : "");
+        }
+        fputs(" = ", stdout);
+        ccol += 3;
+    }
+
+    if (strcmp(name, defname)) {
+        printf(_("\tfor client %s"), name);
+        extra_field++;
+    }
+
+    if (is_config)
+        print_config_data(ccol, &cred->ticket);
+
+    if (cred->times.renew_till) {
+        if (!extra_field)
+            fputs("\t",stdout);
+        else
+            fputs(", ",stdout);
+        fputs(_("renew until "), stdout);
+        printtime(cred->times.renew_till);
+        extra_field += 2;
+    }
+
+    if (show_flags) {
+        flags = flags_string(cred);
+        if (flags && *flags) {
+            if (!extra_field)
+                fputs("\t",stdout);
+            else
+                fputs(", ",stdout);
+            printf(_("Flags: %s"), flags);
+            extra_field++;
+        }
+    }
+
+    if (extra_field > 2) {
+        fputs("\n", stdout);
+        extra_field = 0;
+    }
+
+    if (show_etype && tkt != NULL) {
+        if (!extra_field)
+            fputs("\t",stdout);
+        else
+            fputs(", ",stdout);
+        printf(_("Etype (skey, tkt): %s, "),
+               etype_string(cred->keyblock.enctype));
+        printf("%s ", etype_string(tkt->enc_part.enctype));
+        extra_field++;
+    }
+
+    if (show_adtype) {
+        if (cred->authdata != NULL) {
+            if (!extra_field)
+                fputs("\t",stdout);
+            else
+                fputs(", ",stdout);
+            printf(_("AD types: "));
+            for (i = 0; cred->authdata[i] != NULL; i++) {
+                if (i)
+                    printf(", ");
+                printf("%d", cred->authdata[i]->ad_type);
+            }
+            extra_field++;
+        }
+    }
+
+    /* If any additional info was printed, extra_field is non-zero. */
+    if (extra_field)
+        putchar('\n');
+
+    if (show_addresses) {
+        if (cred->addresses == NULL || cred->addresses[0] == NULL) {
+            printf(_("\tAddresses: (none)\n"));
+        } else {
+            printf(_("\tAddresses: "));
+            one_addr(cred->addresses[0]);
+
+            for (i = 1; cred->addresses[i] != NULL; i++) {
+                printf(", ");
+                one_addr(cred->addresses[i]);
+            }
+
+            printf("\n");
+        }
+    }
+
+    /* Display the ticket server if it is different from the server name the
+     * entry was cached under (most commonly for referrals). */
+    if (tkt != NULL &&
+        !krb5_principal_compare(context, cred->server, tkt->server)) {
+        ret = krb5_unparse_name(context, tkt->server, &tktsname);
+        if (ret) {
+            com_err(progname, ret, _("while unparsing ticket server name"));
+            goto cleanup;
+        }
+        printf(_("\tTicket server: %s\n"), tktsname);
+        krb5_free_unparsed_name(context, tktsname);
+    }
+
+cleanup:
+    krb5_free_unparsed_name(context, name);
+    krb5_free_unparsed_name(context, sname);
+    krb5_free_ticket(context, tkt);
+}
+
+#include "port-sockets.h"
+#include "socket-utils.h" /* For ss2sin etc. */
+#include "fake-addrinfo.h"
+
+static void
+one_addr(krb5_address *a)
+{
+    struct sockaddr_storage ss;
+    struct sockaddr_in *sinp;
+    struct sockaddr_in6 *sin6p;
+    int err;
+    char namebuf[NI_MAXHOST];
+
+    memset(&ss, 0, sizeof(ss));
+
+    switch (a->addrtype) {
+    case ADDRTYPE_INET:
+        if (a->length != 4) {
+            printf(_("broken address (type %d length %d)"),
+                   a->addrtype, a->length);
+            return;
+        }
+        sinp = ss2sin(&ss);
+        sinp->sin_family = AF_INET;
+        memcpy(&sinp->sin_addr, a->contents, 4);
+        break;
+    case ADDRTYPE_INET6:
+        if (a->length != 16) {
+            printf(_("broken address (type %d length %d)"),
+                   a->addrtype, a->length);
+            return;
+        }
+        sin6p = ss2sin6(&ss);
+        sin6p->sin6_family = AF_INET6;
+        memcpy(&sin6p->sin6_addr, a->contents, 16);
+        break;
+    default:
+        printf(_("unknown addrtype %d"), a->addrtype);
+        return;
+    }
+
+    namebuf[0] = 0;
+    err = getnameinfo(ss2sa(&ss), sa_socklen(ss2sa(&ss)), namebuf,
+                      sizeof(namebuf), 0, 0,
+                      no_resolve ? NI_NUMERICHOST : 0U);
+    if (err) {
+        printf(_("unprintable address (type %d, error %d %s)"), a->addrtype,
+               err, gai_strerror(err));
+        return;
+    }
+    printf("%s", namebuf);
+}
+
+static void
+fillit(FILE *f, unsigned int num, int c)
+{
+    unsigned int i;
+
+    for (i = 0; i < num; i++)
+        fputc(c, f);
+}
diff --git a/krb5-1.21.3/src/clients/kpasswd/Makefile.in b/krb5-1.21.3/src/clients/kpasswd/Makefile.in
new file mode 100644
index 00000000..9c0bbeb1
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kpasswd/Makefile.in
@@ -0,0 +1,33 @@
+mydir=clients$(S)kpasswd
+BUILDTOP=$(REL)..$(S)..
+
+SRCS=kpasswd.c
+
+kpasswd: kpasswd.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o kpasswd kpasswd.o $(KRB5_BASE_LIBS)
+
+kpasswd.o:	$(srcdir)/kpasswd.c
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KPWD=$(OUTPRE)kpasswd.exe
+
+##WIN32##EXERES=$(KPWD:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKPASSWD_APP -fo $@ -r $**
+
+all-unix: kpasswd
+
+clean-unix::
+	$(RM) kpasswd.o kpasswd
+
+install-all install-kdc install-server install-client install-unix:
+	$(INSTALL_PROGRAM) kpasswd $(DESTDIR)$(CLIENT_BINDIR)/`echo kpasswd|sed '$(transform)'`
+
+##WIN32##all-windows: $(KPWD)
+
+##WIN32##$(KPWD): $(OUTPRE)kpasswd.obj $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $**
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
diff --git a/krb5-1.21.3/src/clients/kpasswd/deps b/krb5-1.21.3/src/clients/kpasswd/deps
new file mode 100644
index 00000000..360b6d73
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kpasswd/deps
@@ -0,0 +1,7 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  kpasswd.c
diff --git a/krb5-1.21.3/src/clients/kpasswd/kpasswd.c b/krb5-1.21.3/src/clients/kpasswd/kpasswd.c
new file mode 100644
index 00000000..bf2a5bd4
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kpasswd/kpasswd.c
@@ -0,0 +1,177 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#include "k5-platform.h"
+#include <locale.h>
+#include <sys/types.h>
+
+#ifndef _WIN32
+#include <unistd.h>
+#endif
+
+#include <krb5.h>
+
+#define P1 _("Enter new password")
+#define P2 _("Enter it again")
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+
+static void
+get_name_from_passwd_file(char *program_name, krb5_context context,
+                          krb5_principal *me)
+{
+    struct passwd *pw;
+    krb5_error_code ret;
+
+    pw = getpwuid(getuid());
+    if (pw != NULL) {
+        ret = krb5_parse_name(context, pw->pw_name, me);
+        if (ret) {
+            com_err(program_name, ret, _("when parsing name %s"), pw->pw_name);
+            exit(1);
+        }
+    } else {
+        fprintf(stderr, _("Unable to identify user from password file\n"));
+        exit(1);
+    }
+}
+#else /* HAVE_PWD_H */
+static void
+get_name_from_passwd_file(char *program_name, krb5_context context,
+                          krb5_principal *me)
+{
+    fprintf(stderr, _("Unable to identify user\n"));
+    exit(1);
+}
+#endif /* HAVE_PWD_H */
+
+int main(int argc, char *argv[])
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_principal princ = NULL;
+    char *pname, *message;
+    char pw[1024];
+    krb5_ccache ccache;
+    krb5_get_init_creds_opt *opts = NULL;
+    krb5_creds creds;
+    unsigned int pwlen;
+    int result_code;
+    krb5_data result_code_string, result_string;
+
+    setlocale(LC_ALL, "");
+    if (argc > 2) {
+        fprintf(stderr, _("usage: %s [principal]\n"), argv[0]);
+        exit(1);
+    }
+
+    pname = argv[1];
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(argv[0], ret, _("initializing kerberos library"));
+        exit(1);
+    }
+    ret = krb5_get_init_creds_opt_alloc(context, &opts);
+    if (ret) {
+        com_err(argv[0], ret, _("allocating krb5_get_init_creds_opt"));
+        exit(1);
+    }
+
+    /*
+     * In order, use the first of:
+     * - A name specified on the command line
+     * - The principal name from an existing ccache
+     * - The name corresponding to the ruid of the process
+     *
+     * Otherwise, it's an error.
+     * We always attempt to open the default ccache in order to use FAST if
+     * possible.
+     */
+    ret = krb5_cc_default(context, &ccache);
+    if (ret) {
+        com_err(argv[0], ret, _("opening default ccache"));
+        exit(1);
+    }
+    ret = krb5_cc_get_principal(context, ccache, &princ);
+    if (ret && ret != KRB5_CC_NOTFOUND && ret != KRB5_FCC_NOFILE) {
+        com_err(argv[0], ret, _("getting principal from ccache"));
+        exit(1);
+    } else if (princ != NULL) {
+        ret = krb5_get_init_creds_opt_set_fast_ccache(context, opts, ccache);
+        if (ret) {
+            com_err(argv[0], ret, _("while setting FAST ccache"));
+            exit(1);
+        }
+    }
+    ret = krb5_cc_close(context, ccache);
+    if (ret) {
+        com_err(argv[0], ret, _("closing ccache"));
+        exit(1);
+    }
+    if (pname != NULL) {
+        krb5_free_principal(context, princ);
+        princ = NULL;
+        ret = krb5_parse_name(context, pname, &princ);
+        if (ret) {
+            com_err(argv[0], ret, _("parsing client name"));
+            exit(1);
+        }
+    }
+    if (princ == NULL)
+        get_name_from_passwd_file(argv[0], context, &princ);
+
+    krb5_get_init_creds_opt_set_tkt_life(opts, 5 * 60);
+    krb5_get_init_creds_opt_set_renew_life(opts, 0);
+    krb5_get_init_creds_opt_set_forwardable(opts, 0);
+    krb5_get_init_creds_opt_set_proxiable(opts, 0);
+
+    ret = krb5_get_init_creds_password(context, &creds, princ, NULL,
+                                       krb5_prompter_posix, NULL, 0,
+                                       "kadmin/changepw", opts);
+    if (ret) {
+        if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+            com_err(argv[0], 0,
+                    _("Password incorrect while getting initial ticket"));
+        } else {
+            com_err(argv[0], ret, _("getting initial ticket"));
+        }
+
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(1);
+    }
+
+    pwlen = sizeof(pw);
+    ret = krb5_read_password(context, P1, P2, pw, &pwlen);
+    if (ret) {
+        com_err(argv[0], ret, _("while reading password"));
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(1);
+    }
+
+    ret = krb5_change_password(context, &creds, pw, &result_code,
+                               &result_code_string, &result_string);
+    if (ret) {
+        com_err(argv[0], ret, _("changing password"));
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(1);
+    }
+
+    if (result_code) {
+        if (krb5_chpw_message(context, &result_string, &message) != 0)
+            message = NULL;
+        printf("%.*s%s%s\n",
+               (int)result_code_string.length, result_code_string.data,
+               message ? ": " : "", message ? message : NULL);
+        krb5_free_string(context, message);
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(2);
+    }
+
+    free(result_string.data);
+    free(result_code_string.data);
+    krb5_get_init_creds_opt_free(context, opts);
+
+    printf(_("Password changed.\n"));
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/clients/ksu/Makefile.in b/krb5-1.21.3/src/clients/ksu/Makefile.in
new file mode 100644
index 00000000..8b4edce4
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/Makefile.in
@@ -0,0 +1,35 @@
+mydir=clients$(S)ksu
+BUILDTOP=$(REL)..$(S)..
+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"'
+
+KSU_LIBS=@KSU_LIBS@
+
+SRCS = \
+	$(srcdir)/krb_auth_su.c \
+	$(srcdir)/ccache.c \
+	$(srcdir)/authorization.c \
+	$(srcdir)/main.c \
+	$(srcdir)/heuristic.c \
+	$(srcdir)/xmalloc.c \
+	$(srcdir)/setenv.c
+OBJS = \
+	krb_auth_su.o \
+	ccache.o \
+	authorization.o \
+	main.o \
+	heuristic.o \
+	xmalloc.o @SETENVOBJ@
+
+all: ksu
+
+ksu: $(OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS)
+
+clean:
+	$(RM) ksu
+
+install:
+	-for f in ksu; do \
+	  $(INSTALL_SETUID) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/ksu/authorization.c b/krb5-1.21.3/src/clients/ksu/authorization.c
new file mode 100644
index 00000000..fb9d5d09
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/authorization.c
@@ -0,0 +1,710 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1994 by the University of Southern California
+ *
+ * EXPORT OF THIS SOFTWARE from the United States of America may
+ *     require a specific license from the United States Government.
+ *     It is the responsibility of any person or organization contemplating
+ *     export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+ *     this software and its documentation in source and binary forms is
+ *     hereby granted, provided that any documentation or other materials
+ *     related to such distribution or use acknowledge that the software
+ *     was developed by the University of Southern California.
+ *
+ * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+ *     University of Southern California MAKES NO REPRESENTATIONS OR
+ *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ *     limitation, the University of Southern California MAKES NO
+ *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+ *     PARTICULAR PURPOSE. The University of Southern
+ *     California shall not be held liable for any liability nor for any
+ *     direct, indirect, or consequential damages with respect to any
+ *     claim by the user or distributor of the ksu software.
+ *
+ * KSU was written by:  Ari Medvinsky, ari@isi.edu
+ */
+
+#include "ksu.h"
+
+static void auth_cleanup (FILE *, FILE *, char *);
+
+krb5_boolean fowner(fp, uid)
+    FILE *fp;
+    uid_t uid;
+{
+    struct stat sbuf;
+
+    /*
+     * For security reasons, file must be owned either by
+     * the user himself, or by root.  Otherwise, don't grant access.
+     */
+    if (fstat(fileno(fp), &sbuf)) {
+        return(FALSE);
+    }
+
+    if ((sbuf.st_uid != uid) && sbuf.st_uid) {
+        return(FALSE);
+    }
+
+    return(TRUE);
+}
+
+/*
+ * Given a Kerberos principal "principal", and a local username "luser",
+ * determine whether user is authorized to login according to the
+ * authorization files ~luser/.k5login" and ~luser/.k5users.  Returns TRUE
+ * if authorized, FALSE if not authorized.
+ *
+ */
+
+krb5_error_code krb5_authorization(context, principal, luser,
+                                   cmd, ok, out_fcmd)
+/* IN */
+    krb5_context context;
+    krb5_principal principal;
+    const char *luser;
+    char *cmd;
+    /* OUT */
+    krb5_boolean *ok;
+    char **out_fcmd;
+{
+    struct passwd *pwd;
+    char *princname;
+    int k5login_flag =0;
+    int k5users_flag =0;
+    krb5_boolean retbool =FALSE;
+    FILE * login_fp = 0, * users_fp = 0;
+    krb5_error_code retval = 0;
+    struct stat st_temp;
+
+    *ok =FALSE;
+
+    /* no account => no access */
+    if ((pwd = getpwnam(luser)) == NULL)
+        return 0;
+
+    retval = krb5_unparse_name(context, principal, &princname);
+    if (retval)
+        return retval;
+
+#ifdef DEBUG
+    printf("principal to be authorized %s\n", princname);
+    printf("login file: %s\n", k5login_path);
+    printf("users file: %s\n", k5users_path);
+#endif
+
+    k5login_flag = stat(k5login_path, &st_temp);
+    k5users_flag = stat(k5users_path, &st_temp);
+
+    /* k5login and k5users must be owned by target user or root */
+    if (!k5login_flag){
+        if ((login_fp = fopen(k5login_path, "r")) == NULL)
+            return 0;
+        if ( fowner(login_fp, pwd->pw_uid) == FALSE) {
+            fclose(login_fp);
+            return 0;
+        }
+    }
+
+    if (!k5users_flag){
+        if ((users_fp = fopen(k5users_path, "r")) == NULL) {
+            return 0;
+        }
+        if ( fowner(users_fp, pwd->pw_uid) == FALSE){
+            fclose(users_fp);
+            return 0;
+        }
+    }
+
+    if (auth_debug){
+        fprintf(stderr,
+                "In krb5_authorization: if auth files exist -> can access\n");
+    }
+
+    /* if either file exists,
+       first see if the principal is in the login in file,
+       if it's not there check the k5users file */
+
+    if (!k5login_flag){
+        if (auth_debug)
+            fprintf(stderr,
+                    "In krb5_authorization: principal to be authorized %s\n",
+                    princname);
+
+        retval = k5login_lookup(login_fp,  princname, &retbool);
+        if (retval) {
+            auth_cleanup(users_fp, login_fp, princname);
+            return retval;
+        }
+        if (retbool) {
+            if (cmd)
+                *out_fcmd = xstrdup(cmd);
+        }
+    }
+
+    if ((!k5users_flag) && (retbool == FALSE) ){
+        retval = k5users_lookup (users_fp, princname,
+                                 cmd, &retbool, out_fcmd);
+        if(retval) {
+            auth_cleanup(users_fp, login_fp, princname);
+            return retval;
+        }
+    }
+
+    if (k5login_flag && k5users_flag){
+
+        char * kuser =  (char *) xcalloc (strlen(princname), sizeof(char));
+        if (!(krb5_aname_to_localname(context, principal,
+                                      strlen(princname), kuser))
+            && (strcmp(kuser, luser) == 0)) {
+            retbool = TRUE;
+        }
+
+        free(kuser);
+    }
+
+    *ok =retbool;
+    auth_cleanup(users_fp, login_fp, princname);
+    return 0;
+}
+
+/***********************************************************
+k5login_lookup looks for princname in file fp. Spaces
+before the princaname (in the file ) are not ignored
+spaces after the princname are ignored. If there are
+any tokens after the principal name  FALSE is returned.
+
+***********************************************************/
+
+krb5_error_code k5login_lookup (fp, princname, found)
+    FILE *fp;
+    char *princname;
+    krb5_boolean *found;
+{
+
+    krb5_error_code retval;
+    char * line;
+    char * fprinc;
+    char * lp;
+    krb5_boolean loc_found = FALSE;
+
+    retval = get_line(fp, &line);
+    if (retval)
+        return retval;
+
+    while (line){
+        fprinc = get_first_token (line, &lp);
+
+        if (fprinc && (!strcmp(princname, fprinc))){
+            if( get_next_token (&lp) ){
+                free (line);
+                break;  /* nothing should follow princname*/
+            }
+            else{
+                loc_found = TRUE;
+                free (line);
+                break;
+            }
+        }
+
+        free (line);
+
+        retval = get_line(fp, &line);
+        if (retval)
+            return retval;
+    }
+
+
+    *found = loc_found;
+    return 0;
+
+}
+
+/***********************************************************
+k5users_lookup looks for princname in file fp. Spaces
+before the princaname (in the file ) are not ignored
+spaces after the princname are ignored.
+
+authorization alg:
+
+if princname is not found return false.
+
+if princname is found{
+         if cmd == NULL then the file entry after principal
+                        name must be nothing or *
+
+         if cmd !=NULL  then entry must be matched (* is ok)
+}
+
+
+***********************************************************/
+krb5_error_code k5users_lookup (fp, princname, cmd, found, out_fcmd)
+    FILE *fp;
+    char *princname;
+    char *cmd;
+    krb5_boolean *found;
+    char **out_fcmd;
+{
+    krb5_error_code retval;
+    char * line;
+    char * fprinc, *fcmd;
+    char * lp;
+    char * loc_fcmd = NULL;
+    krb5_boolean loc_found = FALSE;
+
+    retval = get_line(fp, &line);
+    if (retval)
+        return retval;
+
+    while (line){
+        fprinc = get_first_token (line, &lp);
+
+        if (fprinc && (!strcmp(princname, fprinc))){
+            fcmd = get_next_token (&lp);
+
+            if ((fcmd) && (!strcmp(fcmd, PERMIT_ALL_COMMANDS))){
+                if (get_next_token(&lp) == NULL){
+                    loc_fcmd =cmd ? xstrdup(cmd): NULL;
+                    loc_found = TRUE;
+                }
+                free (line);
+                break;
+            }
+
+            if (cmd == NULL){
+                if (fcmd == NULL)
+                    loc_found = TRUE;
+                free (line);
+                break;
+
+            }else{
+                if (fcmd != NULL) {
+                    char * temp_rfcmd, *err;
+                    krb5_boolean match;
+                    do {
+                        if(match_commands(fcmd,cmd,&match,
+                                          &temp_rfcmd, &err)){
+                            if (auth_debug){
+                                fprintf(stderr,"%s",err);
+                            }
+                            loc_fcmd = err;
+                            break;
+                        }else{
+                            if (match == TRUE){
+                                loc_fcmd = temp_rfcmd;
+                                loc_found = TRUE;
+                                break;
+                            }
+                        }
+
+                    }while ((fcmd = get_next_token( &lp)));
+                }
+                free (line);
+                break;
+            }
+        }
+
+        free (line);
+
+        retval = get_line(fp, &line);
+        if (retval) {
+            return retval;
+        }
+    }
+
+    *out_fcmd = loc_fcmd;
+    *found = loc_found;
+    return 0;
+
+}
+
+
+/***********************************************
+fcmd_resolve -
+takes a command specified .k5users file and
+resolves it into a full path name.
+
+************************************************/
+
+krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err)
+    char *fcmd;
+    char ***out_fcmd;
+    char **out_err;
+{
+    char * err;
+    char ** tmp_fcmd;
+    char * path_ptr, *path;
+    char * lp, * tc;
+    int i=0;
+
+    tmp_fcmd = (char **) xcalloc (MAX_CMD, sizeof(char *));
+
+    if (*fcmd == '/'){  /* must be full path */
+        tmp_fcmd[0] = xstrdup(fcmd);
+        tmp_fcmd[1] = NULL;
+        *out_fcmd = tmp_fcmd;
+        return TRUE;
+    }else{
+        /* must be either full path or just the cmd name */
+        if (strchr(fcmd, '/')){
+            asprintf(&err, _("Error: bad entry - %s in %s file, must be "
+                             "either full path or just the cmd name\n"),
+                     fcmd, KRB5_USERS_NAME);
+            *out_err = err;
+            return FALSE;
+        }
+
+#ifndef CMD_PATH
+        asprintf(&err, _("Error: bad entry - %s in %s file, since %s is just "
+                         "the cmd name, CMD_PATH must be defined \n"),
+                 fcmd, KRB5_USERS_NAME, fcmd);
+        *out_err = err;
+        return FALSE;
+#else
+
+        path = xstrdup (CMD_PATH);
+        path_ptr = path;
+
+        while ((*path_ptr == ' ') || (*path_ptr == '\t')) path_ptr ++;
+
+        tc = get_first_token (path_ptr, &lp);
+
+        if (! tc){
+            asprintf(&err, _("Error: bad entry - %s in %s file, CMD_PATH "
+                             "contains no paths \n"), fcmd, KRB5_USERS_NAME);
+            *out_err = err;
+            return FALSE;
+        }
+
+        i=0;
+        do{
+            if (*tc != '/'){  /* must be full path */
+                asprintf(&err, _("Error: bad path %s in CMD_PATH for %s must "
+                                 "start with '/' \n"), tc, KRB5_USERS_NAME );
+                *out_err = err;
+                return FALSE;
+            }
+
+            tmp_fcmd[i] = xasprintf("%s/%s", tc, fcmd);
+
+            i++;
+
+        } while((tc = get_next_token (&lp)));
+
+        tmp_fcmd[i] = NULL;
+        *out_fcmd = tmp_fcmd;
+        return TRUE;
+
+#endif /* CMD_PATH */
+    }
+}
+
+/********************************************
+cmd_single - checks if cmd consists of a path
+             or a single token
+
+********************************************/
+
+krb5_boolean cmd_single(cmd)
+    char * cmd;
+{
+
+    if ( ( strrchr( cmd, '/')) ==  NULL){
+        return TRUE;
+    }else{
+        return FALSE;
+    }
+}
+
+/********************************************
+cmd_arr_cmp_postfix - compares a command with the postfix
+         of fcmd
+********************************************/
+
+int cmd_arr_cmp_postfix(fcmd_arr, cmd)
+    char **fcmd_arr;
+    char *cmd;
+{
+    char  * temp_fcmd;
+    char *ptr;
+    int result =1;
+    int i = 0;
+
+    while(fcmd_arr[i]){
+        if ( (ptr = strrchr( fcmd_arr[i], '/')) ==  NULL){
+            temp_fcmd = fcmd_arr[i];
+        }else {
+            temp_fcmd = ptr + 1;
+        }
+
+        result = strcmp (temp_fcmd, cmd);
+        if (result == 0){
+            break;
+        }
+        i++;
+    }
+
+    return result;
+
+
+}
+
+/**********************************************
+cmd_arr_cmp - checks if cmd matches any
+              of the fcmd entries.
+
+**********************************************/
+
+int cmd_arr_cmp (fcmd_arr, cmd)
+    char **fcmd_arr;
+    char *cmd;
+{
+    int result =1;
+    int i = 0;
+
+    while(fcmd_arr[i]){
+        result = strcmp (fcmd_arr[i], cmd);
+        if (result == 0){
+            break;
+        }
+        i++;
+    }
+    return result;
+}
+
+
+krb5_boolean find_first_cmd_that_exists(fcmd_arr, cmd_out, err_out)
+    char **fcmd_arr;
+    char **cmd_out;
+    char **err_out;
+{
+    struct stat st_temp;
+    int i = 0;
+    krb5_boolean retbool= FALSE;
+    int j =0;
+    struct k5buf buf;
+
+    while(fcmd_arr[i]){
+        if (!stat (fcmd_arr[i], &st_temp )){
+            *cmd_out = xstrdup(fcmd_arr[i]);
+            retbool = TRUE;
+            break;
+        }
+        i++;
+    }
+
+    if (retbool == FALSE ){
+        k5_buf_init_dynamic(&buf);
+        k5_buf_add(&buf, _("Error: not found -> "));
+        for(j= 0; j < i; j ++)
+            k5_buf_add_fmt(&buf, " %s ", fcmd_arr[j]);
+        k5_buf_add(&buf, "\n");
+        *err_out = k5_buf_cstring(&buf);
+        if (*err_out == NULL) {
+            perror(prog_name);
+            exit(1);
+        }
+    }
+
+
+    return retbool;
+}
+
+/***************************************************************
+returns 1 if there is an error, 0 if no error.
+
+***************************************************************/
+
+int match_commands (fcmd, cmd, match, cmd_out, err_out)
+    char *fcmd;
+    char *cmd;
+    krb5_boolean *match;
+    char **cmd_out;
+    char **err_out;
+{
+    char ** fcmd_arr;
+    char * err;
+    char * cmd_temp;
+
+    if(fcmd_resolve(fcmd, &fcmd_arr, &err )== FALSE ){
+        *err_out = err;
+        return 1;
+    }
+
+    if (cmd_single( cmd ) == TRUE){
+        if (!cmd_arr_cmp_postfix(fcmd_arr, cmd)){ /* found */
+
+            if(find_first_cmd_that_exists( fcmd_arr,&cmd_temp,&err)== TRUE){
+                *match = TRUE;
+                *cmd_out = cmd_temp;
+                return 0;
+            }else{
+                *err_out = err;
+                return 1;
+            }
+        }else{
+            *match = FALSE;
+            return 0;
+        }
+    }else{
+        if (!cmd_arr_cmp(fcmd_arr, cmd)){  /* found */
+            *match = TRUE;
+            *cmd_out = xstrdup(cmd);
+            return 0;
+        } else{
+            *match = FALSE;
+            return 0;
+        }
+    }
+
+}
+
+/*********************************************************
+   get_line - returns a line of any length.  out_line
+              is set to null if eof.
+*********************************************************/
+
+krb5_error_code get_line (fp, out_line)
+/* IN */
+    FILE *fp;
+    /* OUT */
+    char **out_line;
+{
+    char * line, *r, *newline , *line_ptr;
+    int chunk_count = 1;
+
+    line = (char *) xcalloc (BUFSIZ, sizeof (char ));
+    line_ptr = line;
+    line[0] = '\0';
+
+    while (( r = fgets(line_ptr, BUFSIZ , fp)) != NULL){
+        newline = strchr(line_ptr, '\n');
+        if (newline) {
+            *newline = '\0';
+            break;
+        }
+        else {
+            chunk_count ++;
+            if(!( line = (char *) realloc( line,
+                                           chunk_count * sizeof(char) * BUFSIZ))){
+                return  ENOMEM;
+            }
+
+            line_ptr = line + (BUFSIZ -1) *( chunk_count -1) ;
+        }
+    }
+
+    if ((r == NULL) && (strlen(line) == 0)) {
+        *out_line = NULL;
+    }
+    else{
+        *out_line = line;
+    }
+
+    return 0;
+}
+
+/*******************************************************
+get_first_token -
+Expects a '\0' terminated input line .
+If there are any spaces before the first token, they
+will be returned as part of the first token.
+
+Note: this routine reuses the space pointed to by line
+******************************************************/
+
+char *  get_first_token (line, lnext)
+    char *line;
+    char **lnext;
+{
+
+    char * lptr, * out_ptr;
+
+
+    out_ptr = line;
+    lptr = line;
+
+    while (( *lptr == ' ') || (*lptr == '\t')) lptr ++;
+
+    if (strlen(lptr) == 0) return NULL;
+
+    while (( *lptr != ' ') && (*lptr != '\t') && (*lptr != '\0')) lptr ++;
+
+    if (*lptr == '\0'){
+        *lnext = lptr;
+    } else{
+        *lptr = '\0';
+        *lnext = lptr + 1;
+    }
+
+    return out_ptr;
+}
+/**********************************************************
+get_next_token -
+returns the next token pointed to by *lnext.
+returns NULL if there is no more tokens.
+Note: that this function modifies the stream
+      pointed to by *lnext and does not allocate
+      space for the returned tocken. It also advances
+      lnext to the next tocken.
+**********************************************************/
+
+char *  get_next_token (lnext)
+    char **lnext;
+{
+    char * lptr, * out_ptr;
+
+
+    lptr = *lnext;
+
+    while (( *lptr == ' ') || (*lptr == '\t')) lptr ++;
+
+    if (strlen(lptr) == 0) return NULL;
+
+    out_ptr = lptr;
+
+    while (( *lptr != ' ') && (*lptr != '\t') && (*lptr != '\0')) lptr ++;
+
+    if (*lptr == '\0'){
+        *lnext = lptr;
+    } else{
+        *lptr = '\0';
+        *lnext = lptr + 1;
+    }
+
+    return out_ptr;
+}
+
+static void auth_cleanup(users_fp, login_fp, princname)
+    FILE *users_fp;
+    FILE *login_fp;
+    char *princname;
+{
+
+    free (princname);
+    if (users_fp)
+        fclose(users_fp);
+    if (login_fp)
+        fclose(login_fp);
+}
+
+void init_auth_names(pw_dir)
+    char *pw_dir;
+{
+    const char *sep;
+    int r1, r2;
+
+    sep = ((strlen(pw_dir) == 1) && (*pw_dir == '/')) ? "" : "/";
+    r1 = snprintf(k5login_path, sizeof(k5login_path), "%s%s%s",
+                  pw_dir, sep, KRB5_LOGIN_NAME);
+    r2 = snprintf(k5users_path, sizeof(k5users_path), "%s%s%s",
+                  pw_dir, sep, KRB5_USERS_NAME);
+    if (SNPRINTF_OVERFLOW(r1, sizeof(k5login_path)) ||
+        SNPRINTF_OVERFLOW(r2, sizeof(k5users_path))) {
+        fprintf(stderr, _("home directory name `%s' too long, can't search "
+                          "for .k5login\n"), pw_dir);
+        exit (1);
+    }
+}
diff --git a/krb5-1.21.3/src/clients/ksu/ccache.c b/krb5-1.21.3/src/clients/ksu/ccache.c
new file mode 100644
index 00000000..cbb9aa2b
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/ccache.c
@@ -0,0 +1,732 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1994 by the University of Southern California
+ *
+ * EXPORT OF THIS SOFTWARE from the United States of America may
+ *     require a specific license from the United States Government.
+ *     It is the responsibility of any person or organization contemplating
+ *     export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+ *     this software and its documentation in source and binary forms is
+ *     hereby granted, provided that any documentation or other materials
+ *     related to such distribution or use acknowledge that the software
+ *     was developed by the University of Southern California.
+ *
+ * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+ *     University of Southern California MAKES NO REPRESENTATIONS OR
+ *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ *     limitation, the University of Southern California MAKES NO
+ *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+ *     PARTICULAR PURPOSE. The University of Southern
+ *     California shall not be held liable for any liability nor for any
+ *     direct, indirect, or consequential damages with respect to any
+ *     claim by the user or distributor of the ksu software.
+ *
+ * KSU was written by:  Ari Medvinsky, ari@isi.edu
+ */
+
+#include "ksu.h"
+#include "k5-base64.h"
+#include "adm_proto.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+
+/******************************************************************
+krb5_cache_copy
+
+gets rid of any expired tickets in the secondary cache,
+copies the default cache into the secondary cache,
+
+************************************************************************/
+
+void show_credential();
+
+/* modifies only the cc_other, the algorithm may look a bit funny,
+   but I had to do it this way, since remove function did not come
+   with k5 beta 3 release.
+*/
+
+krb5_error_code krb5_ccache_copy(context, cc_def, target_principal, cc_target,
+                                 restrict_creds, primary_principal, stored)
+/* IN */
+    krb5_context context;
+    krb5_ccache cc_def;
+    krb5_principal target_principal;
+    krb5_ccache cc_target;
+    krb5_boolean restrict_creds;
+    krb5_principal primary_principal;
+    /* OUT */
+    krb5_boolean *stored;
+{
+    int i=0;
+    krb5_error_code retval=0;
+    krb5_creds ** cc_def_creds_arr = NULL;
+    krb5_creds ** cc_other_creds_arr = NULL;
+
+    if (ks_ccache_is_initialized(context, cc_def)) {
+        if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
+            return retval;
+        }
+    }
+
+    retval = krb5_cc_initialize(context, cc_target, target_principal);
+    if (retval)
+        return retval;
+
+    if (restrict_creds) {
+        retval = krb5_store_some_creds(context, cc_target, cc_def_creds_arr,
+                                       cc_other_creds_arr, primary_principal,
+                                       stored);
+    } else {
+        *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr,
+                                               primary_principal);
+        retval = krb5_store_all_creds(context, cc_target, cc_def_creds_arr,
+                                      cc_other_creds_arr);
+    }
+
+    if (cc_def_creds_arr){
+        while (cc_def_creds_arr[i]){
+            krb5_free_creds(context, cc_def_creds_arr[i]);
+            i++;
+        }
+    }
+
+    i=0;
+
+    if(cc_other_creds_arr){
+        while (cc_other_creds_arr[i]){
+            krb5_free_creds(context, cc_other_creds_arr[i]);
+            i++;
+        }
+    }
+
+    return retval;
+}
+
+
+krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_creds **creds_def;
+    krb5_creds **creds_other;
+{
+
+    int i = 0;
+    krb5_error_code retval = 0;
+    krb5_creds ** temp_creds= NULL;
+
+
+    if ((creds_def == NULL) && (creds_other == NULL))
+        return 0;
+
+    if ((creds_def == NULL) && (creds_other != NULL))
+        temp_creds = creds_other;
+
+    if ((creds_def != NULL) && (creds_other == NULL))
+        temp_creds = creds_def;
+
+
+    if (temp_creds){
+        while(temp_creds[i]){
+            if ((retval= krb5_cc_store_cred(context, cc,
+                                            temp_creds[i]))){
+                return retval;
+            }
+            i++;
+        }
+    }
+    else { /* both arrays have elements in them */
+
+        return  KRB5KRB_ERR_GENERIC;
+
+/************   while(creds_other[i]){
+                        cmp = FALSE;
+                        j = 0;
+                        while(creds_def[j]){
+                           cmp = compare_creds(creds_other[i],creds_def[j]);
+
+                           if( cmp == TRUE) break;
+
+                           j++;
+                        }
+                        if (cmp == FALSE){
+                                if (retval= krb5_cc_store_cred(context, cc,
+                                                         creds_other[i])){
+                                                return retval;
+                                }
+                        }
+                        i ++;
+                }
+
+                i=0;
+                while(creds_def[i]){
+                        if (retval= krb5_cc_store_cred(context, cc,
+                                                       creds_def[i])){
+                                return retval;
+                        }
+                        i++;
+                }
+
+**************/
+    }
+    return 0;
+}
+
+krb5_boolean compare_creds(context, cred1, cred2)
+    krb5_context context;
+    krb5_creds *cred1;
+    krb5_creds *cred2;
+{
+    krb5_boolean retval;
+
+    retval = krb5_principal_compare (context, cred1->client, cred2->client);
+
+    if (retval == TRUE)
+        retval = krb5_principal_compare (context, cred1->server,                                                         cred2->server);
+
+    return retval;
+}
+
+
+
+
+krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_creds ***creds_array;
+{
+
+    krb5_creds creds, temp_tktq, temp_tkt;
+    krb5_creds **temp_creds;
+    krb5_error_code retval=0;
+    krb5_cc_cursor cur;
+    int count = 0;
+    int chunk_count = 1;
+
+    if ( ! ( temp_creds = (krb5_creds **) malloc( CHUNK * sizeof(krb5_creds *)))){
+        return ENOMEM;
+    }
+
+
+    memset(&temp_tktq, 0, sizeof(temp_tktq));
+    memset(&temp_tkt, 0, sizeof(temp_tkt));
+    memset(&creds, 0, sizeof(creds));
+
+    /* initialize the cursor */
+    if ((retval = krb5_cc_start_seq_get(context, cc, &cur))) {
+        return retval;
+    }
+
+    while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){
+
+        if (!krb5_is_config_principal(context, creds.server) &&
+            (retval = krb5_check_exp(context, creds.times))){
+            if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){
+                return retval;
+            }
+            if (auth_debug){
+                fprintf(stderr,"krb5_ccache_copy: CREDS EXPIRED:\n");
+                fputs("  Valid starting         Expires         Service principal\n",stdout);
+                show_credential(context, &creds, cc);
+                fprintf(stderr,"\n");
+            }
+        }
+        else {   /* these credentials didn't expire */
+
+            if ((retval = krb5_copy_creds(context, &creds,
+                                          &temp_creds[count]))){
+                return retval;
+            }
+            count ++;
+
+            if (count == (chunk_count * CHUNK -1)){
+                chunk_count ++;
+                if (!(temp_creds = (krb5_creds **) realloc(temp_creds,
+                                                           chunk_count * CHUNK * sizeof(krb5_creds *)))){
+                    return ENOMEM;
+                }
+            }
+        }
+
+    }
+
+    temp_creds[count] = NULL;
+    *creds_array   = temp_creds;
+
+    if (retval == KRB5_CC_END) {
+        retval = krb5_cc_end_seq_get(context, cc, &cur);
+    }
+
+    return retval;
+
+}
+
+
+krb5_error_code krb5_check_exp(context, tkt_time)
+    krb5_context context;
+    krb5_ticket_times tkt_time;
+{
+    krb5_error_code retval =0;
+    krb5_timestamp currenttime;
+
+    if ((retval = krb5_timeofday (context, &currenttime))){
+        return retval;
+    }
+    if (auth_debug){
+        fprintf(stderr,"krb5_check_exp: the krb5_clockskew is %d \n",
+                context->clockskew);
+
+        fprintf(stderr,"krb5_check_exp: currenttime - endtime %d \n",
+                ts_delta(currenttime, tkt_time.endtime));
+
+    }
+
+    if (ts_after(currenttime, ts_incr(tkt_time.endtime, context->clockskew))) {
+        retval = KRB5KRB_AP_ERR_TKT_EXPIRED ;
+        return retval;
+    }
+
+    return 0;
+}
+
+
+char *flags_string(cred)
+    krb5_creds *cred;
+{
+    static char buf[32];
+    int i = 0;
+
+    if (cred->ticket_flags & TKT_FLG_FORWARDABLE)
+        buf[i++] = 'F';
+    if (cred->ticket_flags & TKT_FLG_FORWARDED)
+        buf[i++] = 'f';
+    if (cred->ticket_flags & TKT_FLG_PROXIABLE)
+        buf[i++] = 'P';
+    if (cred->ticket_flags & TKT_FLG_PROXY)
+        buf[i++] = 'p';
+    if (cred->ticket_flags & TKT_FLG_MAY_POSTDATE)
+        buf[i++] = 'D';
+    if (cred->ticket_flags & TKT_FLG_POSTDATED)
+        buf[i++] = 'd';
+    if (cred->ticket_flags & TKT_FLG_INVALID)
+        buf[i++] = 'i';
+    if (cred->ticket_flags & TKT_FLG_RENEWABLE)
+        buf[i++] = 'R';
+    if (cred->ticket_flags & TKT_FLG_INITIAL)
+        buf[i++] = 'I';
+    if (cred->ticket_flags & TKT_FLG_HW_AUTH)
+        buf[i++] = 'H';
+    if (cred->ticket_flags & TKT_FLG_PRE_AUTH)
+        buf[i++] = 'A';
+    buf[i] = '\0';
+    return(buf);
+}
+
+void printtime(krb5_timestamp ts)
+{
+    char fmtbuf[18], fill = ' ';
+
+    if (!krb5_timestamp_to_sfstring(ts, fmtbuf, sizeof(fmtbuf), &fill))
+        printf("%s", fmtbuf);
+}
+
+
+krb5_error_code
+krb5_get_login_princ(luser, princ_list)
+    const char *luser;
+    char ***princ_list;
+{
+    struct stat sbuf;
+    struct passwd *pwd;
+    char pbuf[MAXPATHLEN];
+    FILE *fp;
+    char * linebuf;
+    char *newline;
+    int gobble, result;
+    char ** buf_out;
+    struct stat st_temp;
+    int count = 0, chunk_count = 1;
+
+    /* no account => no access */
+
+    if ((pwd = getpwnam(luser)) == NULL) {
+        return 0;
+    }
+    result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir);
+    if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) {
+        fprintf(stderr, _("home directory path for %s too long\n"), luser);
+        exit (1);
+    }
+
+    if (stat(pbuf, &st_temp)) {  /* not accessible */
+        return 0;
+    }
+
+
+    /* open ~/.k5login */
+    if ((fp = fopen(pbuf, "r")) == NULL) {
+        return 0;
+    }
+    /*
+     * For security reasons, the .k5login file must be owned either by
+     * the user himself, or by root.  Otherwise, don't grant access.
+     */
+    if (fstat(fileno(fp), &sbuf)) {
+        fclose(fp);
+        return 0;
+    }
+    if ((sbuf.st_uid != pwd->pw_uid) && sbuf.st_uid) {
+        fclose(fp);
+        return 0;
+    }
+
+    /* check each line */
+
+
+    if( !(linebuf = (char *) calloc (BUFSIZ, sizeof(char)))) return ENOMEM;
+
+    if (!(buf_out = (char **) malloc( CHUNK * sizeof(char *)))) return ENOMEM;
+
+    while ( fgets(linebuf, BUFSIZ, fp) != NULL) {
+        /* null-terminate the input string */
+        linebuf[BUFSIZ-1] = '\0';
+        newline = NULL;
+        /* nuke the newline if it exists */
+        if ((newline = strchr(linebuf, '\n')))
+            *newline = '\0';
+
+        buf_out[count] = linebuf;
+        count ++;
+
+        if (count == (chunk_count * CHUNK -1)){
+            chunk_count ++;
+            if (!(buf_out = (char **) realloc(buf_out,
+                                              chunk_count * CHUNK * sizeof(char *)))){
+                return ENOMEM;
+            }
+        }
+
+        /* clean up the rest of the line if necessary */
+        if (!newline)
+            while (((gobble = getc(fp)) != EOF) && gobble != '\n');
+
+        if( !(linebuf = (char *) calloc (BUFSIZ, sizeof(char)))) return ENOMEM;
+    }
+
+    buf_out[count] = NULL;
+    *princ_list = buf_out;
+    fclose(fp);
+    return 0;
+}
+
+
+
+void
+show_credential(context, cred, cc)
+    krb5_context context;
+    krb5_creds *cred;
+    krb5_ccache cc;
+{
+    krb5_error_code retval;
+    char *name, *sname, *flags;
+    int first = 1;
+    krb5_principal princ;
+    char * defname;
+    int show_flags =1;
+
+    retval = krb5_unparse_name(context, cred->client, &name);
+    if (retval) {
+        com_err(prog_name, retval, _("while unparsing client name"));
+        return;
+    }
+    retval = krb5_unparse_name(context, cred->server, &sname);
+    if (retval) {
+        com_err(prog_name, retval, _("while unparsing server name"));
+        free(name);
+        return;
+    }
+
+    if ((retval = krb5_cc_get_principal(context, cc, &princ))) {
+        com_err(prog_name, retval, _("while retrieving principal name"));
+        return;
+    }
+    if ((retval = krb5_unparse_name(context, princ, &defname))) {
+        com_err(prog_name, retval, _("while unparsing principal name"));
+        return;
+    }
+
+    if (!cred->times.starttime)
+        cred->times.starttime = cred->times.authtime;
+
+    printtime(cred->times.starttime);
+    putchar(' '); putchar(' ');
+    printtime(cred->times.endtime);
+    putchar(' '); putchar(' ');
+
+    printf("%s\n", sname);
+
+    if (strcmp(name, defname)) {
+        printf(_("\tfor client %s"), name);
+        first = 0;
+    }
+
+    if (cred->times.renew_till) {
+        if (first)
+            fputs("\t",stdout);
+        else
+            fputs(", ",stdout);
+        fputs(_("renew until "), stdout);
+        printtime(cred->times.renew_till);
+    }
+    if (show_flags) {
+        flags = flags_string(cred);
+        if (flags && *flags) {
+            if (first)
+                fputs("\t",stdout);
+            else
+                fputs(", ",stdout);
+            printf(_("Flags: %s"), flags);
+            first = 0;
+        }
+    }
+    putchar('\n');
+    free(name);
+    free(sname);
+}
+
+/* Create a random string suitable for a filename extension. */
+krb5_error_code
+gen_sym(krb5_context context, char **sym_out)
+{
+    krb5_error_code retval;
+    char bytes[6], *p, *sym;
+    krb5_data data = make_data(bytes, sizeof(bytes));
+
+    *sym_out = NULL;
+    retval = krb5_c_random_make_octets(context, &data);
+    if (retval)
+        return retval;
+    sym = k5_base64_encode(data.data, data.length);
+    if (sym == NULL)
+        return ENOMEM;
+    /* Tweak the output alphabet just a bit. */
+    while ((p = strchr(sym, '/')) != NULL)
+        *p = '_';
+    while ((p = strchr(sym, '+')) != NULL)
+        *p = '-';
+    *sym_out = sym;
+    return 0;
+}
+
+krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal)
+    krb5_context context;
+    krb5_ccache ccs;
+    krb5_ccache cct;
+    krb5_principal primary_principal;
+{
+    krb5_error_code retval=0;
+    krb5_principal temp_principal;
+    krb5_creds ** ccs_creds_arr = NULL;
+    int i=0;
+
+    if (ks_ccache_is_initialized(context, ccs)) {
+        if ((retval = krb5_get_nonexp_tkts(context,  ccs, &ccs_creds_arr))){
+            return retval;
+        }
+    }
+
+    if (ks_ccache_is_initialized(context, cct)) {
+        if ((retval = krb5_cc_get_principal(context, cct, &temp_principal))){
+            return retval;
+        }
+    }else{
+        temp_principal = primary_principal;
+    }
+
+    if ((retval = krb5_cc_initialize(context, cct, temp_principal))){
+        return retval;
+    }
+
+    retval = krb5_store_all_creds(context, cct, ccs_creds_arr, NULL);
+
+    if (ccs_creds_arr){
+        while (ccs_creds_arr[i]){
+            krb5_free_creds(context, ccs_creds_arr[i]);
+            i++;
+        }
+    }
+
+    return retval;
+}
+
+krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst,
+                                      stored)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_creds **creds_def;
+    krb5_creds **creds_other;
+    krb5_principal prst;
+    krb5_boolean *stored;
+{
+
+    int i = 0;
+    krb5_error_code retval = 0;
+    krb5_creds ** temp_creds= NULL;
+    krb5_boolean temp_stored = FALSE;
+
+
+    if ((creds_def == NULL) && (creds_other == NULL))
+        return 0;
+
+    if ((creds_def == NULL) && (creds_other != NULL))
+        temp_creds = creds_other;
+
+    if ((creds_def != NULL) && (creds_other == NULL))
+        temp_creds = creds_def;
+
+
+    if (temp_creds){
+        while(temp_creds[i]){
+            if (krb5_principal_compare(context,
+                                       temp_creds[i]->client,
+                                       prst)== TRUE) {
+
+                if ((retval = krb5_cc_store_cred(context,
+                                                 cc,temp_creds[i]))){
+                    return retval;
+                }
+                temp_stored = TRUE;
+            }
+
+            i++;
+        }
+    }
+    else { /* both arrays have elements in them */
+        return KRB5KRB_ERR_GENERIC;
+    }
+
+    *stored = temp_stored;
+    return 0;
+}
+
+krb5_error_code krb5_ccache_filter (context, cc, prst)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_principal prst;
+{
+
+    int i=0;
+    krb5_error_code retval=0;
+    krb5_principal temp_principal;
+    krb5_creds ** cc_creds_arr = NULL;
+    const char * cc_name;
+    krb5_boolean stored;
+
+    cc_name = krb5_cc_get_name(context, cc);
+
+    if (ks_ccache_is_initialized(context, cc)) {
+        if (auth_debug) {
+            fprintf(stderr,"putting cache %s through a filter for -z option\n",                     cc_name);
+        }
+
+        if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){
+            return retval;
+        }
+
+        if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){
+            return retval;
+        }
+
+        if ((retval = krb5_cc_initialize(context, cc, temp_principal))){
+            return retval;
+        }
+
+        if ((retval = krb5_store_some_creds(context, cc, cc_creds_arr,
+                                            NULL, prst, &stored))){
+            return retval;
+        }
+
+        if (cc_creds_arr){
+            while (cc_creds_arr[i]){
+                krb5_free_creds(context, cc_creds_arr[i]);
+                i++;
+            }
+        }
+    }
+    return 0;
+}
+
+krb5_boolean  krb5_find_princ_in_cred_list (context, creds_list, princ)
+    krb5_context context;
+    krb5_creds **creds_list;
+    krb5_principal princ;
+{
+
+    int i = 0;
+    krb5_boolean temp_stored = FALSE;
+
+    if (creds_list){
+        while(creds_list[i]){
+            if (krb5_principal_compare(context,
+                                       creds_list[i]->client,
+                                       princ)== TRUE){
+                temp_stored = TRUE;
+                break;
+            }
+
+            i++;
+        }
+    }
+
+    return temp_stored;
+}
+
+krb5_error_code  krb5_find_princ_in_cache (context, cc, princ, found)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_principal princ;
+    krb5_boolean *found;
+{
+    krb5_error_code retval;
+    krb5_creds ** creds_list = NULL;
+
+    if (ks_ccache_is_initialized(context, cc)) {
+        if ((retval = krb5_get_nonexp_tkts(context, cc, &creds_list))){
+            return retval;
+        }
+    }
+
+    *found = krb5_find_princ_in_cred_list(context, creds_list, princ);
+    return 0;
+}
+
+krb5_boolean
+ks_ccache_name_is_initialized(krb5_context context, const char *cctag)
+{
+    krb5_boolean result;
+    krb5_ccache cc;
+
+    if (krb5_cc_resolve(context, cctag, &cc) != 0)
+        return FALSE;
+    result = ks_ccache_is_initialized(context, cc);
+    krb5_cc_close(context, cc);
+
+    return result;
+}
+
+krb5_boolean
+ks_ccache_is_initialized(krb5_context context, krb5_ccache cc)
+{
+    krb5_principal princ;
+    krb5_error_code retval;
+
+    if (cc == NULL)
+        return FALSE;
+
+    retval = krb5_cc_get_principal(context, cc, &princ);
+    if (retval == 0)
+        krb5_free_principal(context, princ);
+
+    return retval == 0;
+}
diff --git a/krb5-1.21.3/src/clients/ksu/deps b/krb5-1.21.3/src/clients/ksu/deps
new file mode 100644
index 00000000..a3a07b94
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/deps
@@ -0,0 +1,72 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)krb_auth_su.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  krb_auth_su.c ksu.h
+$(OUTPRE)ccache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-base64.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ccache.c ksu.h
+$(OUTPRE)authorization.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  authorization.c ksu.h
+$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-util.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ksu.h main.c
+$(OUTPRE)heuristic.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  heuristic.c ksu.h
+$(OUTPRE)xmalloc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ksu.h xmalloc.c
+$(OUTPRE)setenv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  setenv.c
diff --git a/krb5-1.21.3/src/clients/ksu/heuristic.c b/krb5-1.21.3/src/clients/ksu/heuristic.c
new file mode 100644
index 00000000..4f7280f4
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/heuristic.c
@@ -0,0 +1,749 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1994 by the University of Southern California
+ *
+ * EXPORT OF THIS SOFTWARE from the United States of America may
+ *     require a specific license from the United States Government.
+ *     It is the responsibility of any person or organization contemplating
+ *     export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+ *     this software and its documentation in source and binary forms is
+ *     hereby granted, provided that any documentation or other materials
+ *     related to such distribution or use acknowledge that the software
+ *     was developed by the University of Southern California.
+ *
+ * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+ *     University of Southern California MAKES NO REPRESENTATIONS OR
+ *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ *     limitation, the University of Southern California MAKES NO
+ *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+ *     PARTICULAR PURPOSE. The University of Southern
+ *     California shall not be held liable for any liability nor for any
+ *     direct, indirect, or consequential damages with respect to any
+ *     claim by the user or distributor of the ksu software.
+ *
+ * KSU was written by:  Ari Medvinsky, ari@isi.edu
+ */
+
+#include "ksu.h"
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+
+/*******************************************************************
+get_all_princ_from_file - retrieves all principal names
+                        from file pointed to by fp.
+
+*******************************************************************/
+static void close_time (int, FILE *, int, FILE *);
+static krb5_boolean find_str_in_list (char **, char *);
+
+krb5_error_code get_all_princ_from_file (fp, plist)
+    FILE *fp;
+    char ***plist;
+{
+
+    krb5_error_code retval;
+    char * line, * fprinc, * lp, ** temp_list = NULL;
+    int count = 0, chunk_count = 1;
+
+    if (!(temp_list = (char **) malloc( CHUNK * sizeof(char *))))
+        return ENOMEM;
+
+    retval = get_line(fp, &line);
+    if (retval)
+        return retval;
+
+    while (line){
+        fprinc = get_first_token (line, &lp);
+
+        if (fprinc ){
+            temp_list[count] = xstrdup(fprinc);
+            count ++;
+        }
+
+        if(count == (chunk_count * CHUNK -1)){
+            chunk_count ++;
+            if (!(temp_list = (char **) realloc(temp_list,
+                                                chunk_count * CHUNK * sizeof(char *)))){
+                return ENOMEM;
+            }
+        }
+
+
+        free (line);
+        retval = get_line(fp, &line);
+        if (retval)
+            return retval;
+    }
+
+    temp_list[count] = NULL;
+
+    *plist = temp_list;
+    return 0;
+}
+
+/*************************************************************
+list_union - combines list1 and list2 into combined_list.
+             the  space for list1 and list2 is either freed
+             or used by combined_list.
+**************************************************************/
+
+krb5_error_code list_union(list1, list2, combined_list)
+    char **list1;
+    char **list2;
+    char ***combined_list;
+{
+
+    unsigned int c1 =0, c2 = 0, i=0, j=0;
+    char ** tlist;
+
+    if (! list1){
+        *combined_list = list2;
+        return 0;
+    }
+
+    if (! list2){
+        *combined_list = list1;
+        return 0;
+    }
+
+    while (list1[c1]) c1++;
+    while (list2[c2]) c2++;
+
+    if (!(tlist = (char **) calloc( c1 + c2 + 1, sizeof ( char *))))
+        return ENOMEM;
+
+    i = 0;
+    while(list1[i]) {
+        tlist[i] = list1[i];
+        i++;
+    }
+    j = 0;
+    while(list2[j]){
+        if(find_str_in_list(list1, list2[j])==FALSE){
+            tlist[i] = list2[j];
+            i++;
+        }
+        j++;
+    }
+
+    free (list1);
+    free (list2);
+
+    tlist[i]= NULL;
+
+    *combined_list = tlist;
+    return 0;
+}
+
+krb5_error_code
+filter(fp, cmd, k5users_list, k5users_filt_list)
+    FILE *fp;
+    char *cmd;
+    char **k5users_list;
+    char ***k5users_filt_list;
+{
+
+    krb5_error_code retval =0;
+    krb5_boolean found = FALSE;
+    char * out_cmd = NULL;
+    unsigned int i=0, j=0, found_count = 0, k=0;
+    char ** temp_filt_list;
+
+    *k5users_filt_list = NULL;
+
+    if (! k5users_list){
+        return 0;
+    }
+
+    while(k5users_list[i]){
+
+        retval= k5users_lookup(fp, k5users_list[i], cmd, &found, &out_cmd);
+        if (retval)
+            return retval;
+
+        if (found == FALSE){
+            free (k5users_list[i]);
+            k5users_list[i] = NULL;
+            if (out_cmd) gb_err = out_cmd;
+        } else
+            found_count ++;
+
+        i++;
+    }
+
+    if (! (temp_filt_list = (char **) calloc(found_count +1, sizeof (char*))))
+        return ENOMEM;
+
+    for(j= 0, k=0; j < i; j++ ) {
+        if (k5users_list[j]){
+            temp_filt_list[k] = k5users_list[j];
+            k++;
+        }
+    }
+
+    temp_filt_list[k] = NULL;
+
+    free (k5users_list);
+
+    *k5users_filt_list = temp_filt_list;
+    return 0;
+}
+
+krb5_error_code
+get_authorized_princ_names(luser, cmd, princ_list)
+    const char *luser;
+    char *cmd;
+    char ***princ_list;
+{
+
+    struct passwd *pwd;
+    int k5login_flag =0;
+    int k5users_flag =0;
+    FILE * login_fp = NULL , * users_fp = NULL;
+    char **  k5login_list = NULL, ** k5users_list = NULL;
+    char ** k5users_filt_list = NULL;
+    char ** combined_list = NULL;
+    struct stat tb;
+    krb5_error_code retval;
+
+    *princ_list = NULL;
+
+    /* no account => no access */
+
+    if ((pwd = getpwnam(luser)) == NULL)
+        return 0;
+
+    k5login_flag = stat(k5login_path, &tb);
+    k5users_flag = stat(k5users_path, &tb);
+
+    if (!k5login_flag){
+        if ((login_fp = fopen(k5login_path, "r")) == NULL)
+            return 0;
+        if ( fowner(login_fp, pwd->pw_uid) == FALSE){
+            close_time(1 /*k5users_flag*/, (FILE *) 0 /*users_fp*/,
+                       k5login_flag,login_fp);
+            return 0;
+        }
+    }
+    if (!k5users_flag){
+        if ((users_fp = fopen(k5users_path, "r")) == NULL)
+            return 0;
+
+        if ( fowner(users_fp, pwd->pw_uid) == FALSE){
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return 0;
+        }
+
+        retval = get_all_princ_from_file (users_fp, &k5users_list);
+        if(retval) {
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return retval;
+        }
+
+        rewind(users_fp);
+
+        retval = filter(users_fp,cmd, k5users_list, &k5users_filt_list);
+        if(retval) {
+            close_time(k5users_flag,users_fp, k5login_flag, login_fp);
+            return retval;
+        }
+    }
+
+    if (!k5login_flag){
+        retval = get_all_princ_from_file (login_fp, &k5login_list);
+        if(retval) {
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return retval;
+        }
+    }
+
+    close_time(k5users_flag,users_fp, k5login_flag, login_fp);
+
+    retval = list_union(k5login_list, k5users_filt_list, &combined_list);
+    if (retval){
+        return retval;
+    }
+    *princ_list = combined_list;
+    return 0;
+}
+
+static void close_time(k5users_flag, users_fp, k5login_flag, login_fp)
+    int k5users_flag;
+    FILE *users_fp;
+    int k5login_flag;
+    FILE *login_fp;
+{
+
+    if (!k5users_flag) fclose(users_fp);
+    if (!k5login_flag) fclose(login_fp);
+
+}
+
+static krb5_boolean find_str_in_list(list , elm)
+    char **list;
+    char *elm;
+{
+
+    int i=0;
+    krb5_boolean found = FALSE;
+
+    if (!list) return found;
+
+    while (list[i] ){
+        if (!strcmp(list[i], elm)){
+            found = TRUE;
+            break;
+        }
+        i++;
+    }
+
+    return found;
+}
+
+/**********************************************************************
+returns the principal that is closes to client (can be the the client
+himself). plist contains
+a principal list obtained from .k5login and .k5users file.
+A principal is picked that has the best chance of getting in.
+
+**********************************************************************/
+
+
+krb5_error_code get_closest_principal(context, plist, client, found)
+    krb5_context context;
+    char **plist;
+    krb5_principal *client;
+    krb5_boolean *found;
+{
+    krb5_error_code retval =0;
+    krb5_principal temp_client, best_client = NULL;
+    int i = 0, j=0, cnelem, pnelem;
+    krb5_boolean got_one;
+
+    *found = FALSE;
+
+    if (! plist ) return 0;
+
+    cnelem = krb5_princ_size(context, *client);
+
+    while(plist[i]){
+
+        retval = krb5_parse_name(context, plist[i], &temp_client);
+        if (retval)
+            return retval;
+
+        pnelem = krb5_princ_size(context, temp_client);
+
+        if ( cnelem > pnelem){
+            i++;
+            continue;
+        }
+
+        if (data_eq(*krb5_princ_realm(context, *client),
+                    *krb5_princ_realm(context, temp_client))) {
+
+            got_one = TRUE;
+            for(j =0; j < cnelem; j ++){
+                krb5_data *p1 =
+                    krb5_princ_component(context, *client, j);
+                krb5_data *p2 =
+                    krb5_princ_component(context, temp_client, j);
+
+                if (!p1 || !p2 || !data_eq(*p1, *p2)) {
+                    got_one = FALSE;
+                    break;
+                }
+            }
+            if (got_one == TRUE){
+                if(best_client){
+                    if(krb5_princ_size(context, best_client) >
+                       krb5_princ_size(context, temp_client)){
+                        best_client = temp_client;
+                    }
+                }else
+                    best_client = temp_client;
+            }
+        }
+        i++;
+    }
+
+    if (best_client) {
+        *found = TRUE;
+        *client = best_client;
+    }
+
+    return 0;
+}
+
+/****************************************************************
+find_either_ticket checks to see whether there is a ticket for the
+   end server or tgt, if neither is there the return FALSE,
+*****************************************************************/
+
+krb5_error_code find_either_ticket (context, cc, client, end_server, found)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_principal client;
+    krb5_principal end_server;
+    krb5_boolean *found;
+{
+
+    krb5_principal kdc_server;
+    krb5_error_code retval;
+    krb5_boolean temp_found = FALSE;
+
+    if (ks_ccache_is_initialized(context, cc)) {
+
+        retval = find_ticket(context, cc, client, end_server, &temp_found);
+        if (retval)
+            return retval;
+
+        if (temp_found == FALSE){
+            retval = ksu_tgtname(context,
+                                 krb5_princ_realm(context, client),
+                                 krb5_princ_realm(context, client),
+                                 &kdc_server);
+            if (retval)
+                return retval;
+
+            retval = find_ticket(context, cc,client, kdc_server, &temp_found);
+            if(retval)
+                return retval;
+        }
+        else if (auth_debug)
+            printf("find_either_ticket: found end server ticket\n");
+    }
+
+    *found = temp_found;
+
+    return 0;
+}
+
+
+krb5_error_code find_ticket (context, cc, client, server, found)
+    krb5_context context;
+    krb5_ccache cc;
+    krb5_principal client;
+    krb5_principal server;
+    krb5_boolean *found;
+{
+
+    krb5_creds tgt, tgtq;
+    krb5_error_code retval;
+
+    *found = FALSE;
+
+    memset(&tgtq, 0, sizeof(tgtq));
+    memset(&tgt, 0, sizeof(tgt));
+
+    retval= krb5_copy_principal(context,  client, &tgtq.client);
+    if (retval)
+        return retval;
+
+    retval= krb5_copy_principal(context,  server, &tgtq.server);
+    if (retval)
+        return retval ;
+
+    retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
+                                   &tgtq, &tgt);
+
+    if (! retval) retval = krb5_check_exp(context, tgt.times);
+
+    if (retval){
+        if ((retval != KRB5_CC_NOTFOUND) &&
+            (retval != KRB5KRB_AP_ERR_TKT_EXPIRED)){
+            return retval ;
+        }
+    } else{
+        *found = TRUE;
+        return 0;
+    }
+
+    free(tgtq.server);
+    free(tgtq.client);
+
+    return 0;
+}
+
+
+
+krb5_error_code find_princ_in_list (context, princ, plist, found)
+    krb5_context context;
+    krb5_principal princ;
+    char **plist;
+    krb5_boolean *found;
+{
+
+    int i=0;
+    char * princname;
+    krb5_error_code retval;
+
+    *found = FALSE;
+
+    if (!plist) return 0;
+
+    retval = krb5_unparse_name(context, princ, &princname);
+    if (retval)
+        return retval;
+
+    while (plist[i] ){
+        if (!strcmp(plist[i], princname)){
+            *found = TRUE;
+            break;
+        }
+        i++;
+    }
+
+    return 0;
+
+}
+
+typedef struct princ_info {
+    krb5_principal p;
+    krb5_boolean found;
+}princ_info;
+
+/**********************************************************************
+get_best_princ_for_target -
+
+sets the client name, path_out gets set, if authorization is not possible
+path_out gets set to ...
+
+***********************************************************************/
+
+krb5_error_code get_best_princ_for_target(context, source_uid, target_uid,
+                                          source_user, target_user,
+                                          cc_source, options, cmd,
+                                          hostname, client, path_out)
+    krb5_context context;
+    uid_t source_uid;
+    uid_t target_uid;
+    char *source_user;
+    char *target_user;
+    krb5_ccache cc_source;
+    krb5_get_init_creds_opt *options;
+    char *cmd;
+    char *hostname;
+    krb5_principal *client;
+    int *path_out;
+{
+
+    princ_info princ_trials[10];
+    krb5_principal cc_def_princ = NULL;
+    krb5_principal temp_client;
+    krb5_principal target_client;
+    krb5_principal source_client;
+    krb5_principal end_server;
+    krb5_error_code retval;
+    char ** aplist =NULL;
+    krb5_boolean found = FALSE;
+    struct stat tb;
+    int count =0;
+    int i;
+
+    *path_out = 0;
+
+    /* -n option was specified client is set we are done */
+    if (*client != NULL)
+        return 0;
+
+    if (ks_ccache_is_initialized(context, cc_source)) {
+        retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
+        if (retval)
+            return retval;
+    }
+
+    retval=krb5_parse_name(context, target_user, &target_client);
+    if (retval)
+        return retval;
+
+    retval=krb5_parse_name(context, source_user, &source_client);
+    if (retval)
+        return retval;
+
+    if (source_uid == 0){
+        if (target_uid != 0)
+            *client = target_client; /* this will be used to restrict
+                                        the cache copty */
+        else {
+            if(cc_def_princ)
+                *client = cc_def_princ;
+            else
+                *client = target_client;
+        }
+
+        if (auth_debug)
+            printf(" GET_best_princ_for_target: via source_uid == 0\n");
+
+        return 0;
+    }
+
+    /* from here on, the code is for source_uid !=  0 */
+
+    if (source_uid && (source_uid == target_uid)){
+        if(cc_def_princ)
+            *client = cc_def_princ;
+        else
+            *client = target_client;
+        if (auth_debug)
+            printf("GET_best_princ_for_target: via source_uid == target_uid\n");
+        return 0;
+    }
+
+    /* Become root, then target for looking at .k5login.*/
+    if (krb5_seteuid(0) || krb5_seteuid(target_uid) ) {
+        return errno;
+    }
+
+    /* if .k5users and .k5login do not exist */
+    if (stat(k5login_path, &tb) && stat(k5users_path, &tb) ){
+        *client = target_client;
+
+        if (cmd)
+            *path_out = NOT_AUTHORIZED;
+
+        if (auth_debug)
+            printf(" GET_best_princ_for_target: via no auth files path\n");
+
+        return 0;
+    }else{
+        retval = get_authorized_princ_names(target_user, cmd, &aplist);
+        if (retval)
+            return retval;
+
+        /* .k5users or .k5login exist, but no authorization */
+        if ((!aplist) || (!aplist[0])) {
+            *path_out = NOT_AUTHORIZED;
+            if (auth_debug)
+                printf("GET_best_princ_for_target: via empty auth files path\n");
+            return 0;
+        }
+    }
+
+    retval = krb5_sname_to_principal(context, hostname, NULL,
+                                     KRB5_NT_SRV_HST, &end_server);
+    if (retval)
+        return retval;
+
+
+    /* first see if default principal of the source cache
+     * can get us in, then the target_user@realm, then the
+     * source_user@realm. If all of them fail, try any
+     * other ticket in the cache. */
+
+    if (cc_def_princ)
+        princ_trials[count ++].p = cc_def_princ;
+    else
+        princ_trials[count ++].p = NULL;
+
+    princ_trials[count ++].p = target_client;
+    princ_trials[count ++].p = source_client;
+
+    for (i= 0; i < count; i ++)
+        princ_trials[i].found = FALSE;
+
+    for (i= 0; i < count; i ++){
+        if(princ_trials[i].p) {
+            retval= find_princ_in_list(context, princ_trials[i].p, aplist,
+                                       &found);
+            if (retval)
+                return retval;
+
+            if (found == TRUE){
+                princ_trials[i].found = TRUE;
+
+                retval = find_either_ticket (context, cc_source,
+                                             princ_trials[i].p,
+                                             end_server, &found);
+                if (retval)
+                    return retval;
+                if (found == TRUE){
+                    *client = princ_trials[i].p;
+                    if (auth_debug)
+                        printf("GET_best_princ_for_target: via ticket file, choice #%d\n", i);
+                    return 0;
+                }
+            }
+        }
+    }
+
+    /* out of preferred principals, see if there is any ticket that will
+       get us in */
+
+    i=0;
+    while (aplist[i]){
+        retval = krb5_parse_name(context, aplist[i], &temp_client);
+        if (retval)
+            return retval;
+
+        retval = find_either_ticket (context, cc_source, temp_client,
+                                     end_server, &found);
+        if (retval)
+            return retval;
+
+        if (found == TRUE){
+            if (auth_debug)
+                printf("GET_best_princ_for_target: via ticket file, choice: any ok ticket \n" );
+            *client = temp_client;
+            return 0;
+        }
+
+        krb5_free_principal(context, temp_client);
+
+        i++;
+    }
+
+    /* no tickets qualified, select a principal, that may be used
+       for password promting */
+
+
+    for (i=0; i < count; i ++){
+        if (princ_trials[i].found == TRUE){
+            *client = princ_trials[i].p;
+
+            if (auth_debug)
+                printf("GET_best_princ_for_target: via prompt passwd list choice #%d \n",i);
+            return  0;
+        }
+    }
+
+#ifdef PRINC_LOOK_AHEAD
+    for (i=0; i < count; i ++){
+        if (princ_trials[i].p){
+            retval=krb5_copy_principal(context, princ_trials[i].p,
+                                       &temp_client);
+            if(retval)
+                return retval;
+
+            /* get the client name that is the closest
+               to the three princ in trials */
+
+            retval=get_closest_principal(context, aplist, &temp_client,
+                                         &found);
+            if(retval)
+                return retval;
+
+            if (found == TRUE){
+                *client = temp_client;
+                if (auth_debug)
+                    printf("GET_best_princ_for_target: via prompt passwd list choice: approximation of princ in trials # %d \n",i);
+                return 0;
+            }
+            krb5_free_principal(context, temp_client);
+        }
+    }
+
+#endif /* PRINC_LOOK_AHEAD */
+
+
+    if(auth_debug)
+        printf( "GET_best_princ_for_target: out of luck, can't get appropriate default principal\n");
+
+    *path_out = NOT_AUTHORIZED;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/clients/ksu/krb_auth_su.c b/krb5-1.21.3/src/clients/ksu/krb_auth_su.c
new file mode 100644
index 00000000..fb848dca
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/krb_auth_su.c
@@ -0,0 +1,311 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1994 by the University of Southern California
+ *
+ * EXPORT OF THIS SOFTWARE from the United States of America may
+ *     require a specific license from the United States Government.
+ *     It is the responsibility of any person or organization contemplating
+ *     export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+ *     this software and its documentation in source and binary forms is
+ *     hereby granted, provided that any documentation or other materials
+ *     related to such distribution or use acknowledge that the software
+ *     was developed by the University of Southern California.
+ *
+ * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+ *     University of Southern California MAKES NO REPRESENTATIONS OR
+ *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ *     limitation, the University of Southern California MAKES NO
+ *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+ *     PARTICULAR PURPOSE. The University of Southern
+ *     California shall not be held liable for any liability nor for any
+ *     direct, indirect, or consequential damages with respect to any
+ *     claim by the user or distributor of the ksu software.
+ *
+ * KSU was written by:  Ari Medvinsky, ari@isi.edu
+ */
+
+#include "ksu.h"
+
+
+void plain_dump_principal ();
+
+krb5_boolean krb5_auth_check(context, client_pname, hostname, options,
+                             target_user, cc, path_passwd, target_uid)
+    krb5_context context;
+    krb5_principal client_pname;
+    char *hostname;
+    krb5_get_init_creds_opt *options;
+    char *target_user;
+    uid_t target_uid;
+    krb5_ccache cc;
+    int *path_passwd;
+{
+    krb5_principal client;
+    krb5_verify_init_creds_opt vfy_opts;
+    krb5_creds tgt, tgtq;
+    krb5_error_code retval =0;
+    int got_it = 0;
+    krb5_boolean zero_password;
+
+    *path_passwd = 0;
+    memset(&tgtq, 0, sizeof(tgtq));
+    memset(&tgt, 0, sizeof(tgt));
+
+    if ((retval= krb5_copy_principal(context,  client_pname, &client))){
+        com_err(prog_name, retval, _("while copying client principal"));
+        return (FALSE) ;
+    }
+
+    if ((retval= krb5_copy_principal(context,  client, &tgtq.client))){
+        com_err(prog_name, retval, _("while copying client principal"));
+        return (FALSE) ;
+    }
+
+    if ((retval = ksu_tgtname(context,  krb5_princ_realm(context, client),
+                              krb5_princ_realm(context, client),
+                              &tgtq.server))){
+        com_err(prog_name, retval, _("while creating tgt for local realm"));
+        krb5_free_principal(context, client);
+        return (FALSE) ;
+    }
+
+    if (auth_debug){ dump_principal(context, "local tgt principal name", tgtq.server ); }
+    retval = krb5_cc_retrieve_cred(context, cc,
+                                   KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
+                                   &tgtq, &tgt);
+
+    if (! retval) retval = krb5_check_exp(context, tgt.times);
+
+    if (retval){
+        if ((retval != KRB5_CC_NOTFOUND) &&
+            (retval != KRB5KRB_AP_ERR_TKT_EXPIRED)){
+            com_err(prog_name, retval, _("while retrieving creds from cache"));
+            return (FALSE) ;
+        }
+    } else{
+        got_it = 1;
+    }
+
+    if (! got_it){
+
+#ifdef GET_TGT_VIA_PASSWD
+        if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
+            com_err("ksu", errno, _("while switching to target uid"));
+            return FALSE;
+        }
+
+
+        fprintf(stderr, _("WARNING: Your password may be exposed if you enter "
+                          "it here and are logged \n"));
+        fprintf(stderr, _("         in remotely using an unsecure "
+                          "(non-encrypted) channel. \n"));
+
+        /*get the ticket granting ticket, via passwd(prompt for passwd)*/
+        if (ksu_get_tgt_via_passwd(context, client, options, &zero_password,
+                                   &tgt) == FALSE) {
+            krb5_seteuid(0);
+
+            return FALSE;
+        }
+        *path_passwd = 1;
+        if (krb5_seteuid(0)) {
+            com_err("ksu", errno, _("while reclaiming root uid"));
+            return FALSE;
+        }
+
+#else
+        plain_dump_principal (context, client);
+        fprintf(stderr,
+                _("does not have any appropriate tickets in the cache.\n"));
+        return FALSE;
+
+#endif /* GET_TGT_VIA_PASSWD */
+
+    }
+
+    krb5_verify_init_creds_opt_init(&vfy_opts);
+    krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1);
+    retval = krb5_verify_init_creds(context, &tgt, NULL, NULL, NULL,
+                                    &vfy_opts);
+    if (retval) {
+        com_err(prog_name, retval, _("while verifying ticket for server"));
+        return (FALSE);
+    }
+
+    return (TRUE);
+}
+
+krb5_boolean ksu_get_tgt_via_passwd(context, client, options, zero_password,
+                                    creds_out)
+    krb5_context context;
+    krb5_principal client;
+    krb5_get_init_creds_opt *options;
+    krb5_boolean *zero_password;
+    krb5_creds *creds_out;
+{
+    krb5_error_code code;
+    krb5_creds creds;
+    krb5_timestamp now;
+    unsigned int pwsize;
+    char password[255], *client_name, prompt[255];
+    int result;
+
+    *zero_password = FALSE;
+    if (creds_out != NULL)
+        memset(creds_out, 0, sizeof(*creds_out));
+
+    if ((code = krb5_unparse_name(context, client, &client_name))) {
+        com_err (prog_name, code, _("when unparsing name"));
+        return (FALSE);
+    }
+
+    memset(&creds, 0, sizeof(creds));
+
+    if ((code = krb5_timeofday(context, &now))) {
+        com_err(prog_name, code, _("while getting time of day"));
+        return (FALSE);
+    }
+
+    result = snprintf(prompt, sizeof(prompt), _("Kerberos password for %s: "),
+                      client_name);
+    if (SNPRINTF_OVERFLOW(result, sizeof(prompt))) {
+        fprintf(stderr,
+                _("principal name %s too long for internal buffer space\n"),
+                client_name);
+        return FALSE;
+    }
+
+    pwsize = sizeof(password);
+
+    code = krb5_read_password(context, prompt, 0, password, &pwsize);
+    if (code ) {
+        com_err(prog_name, code, _("while reading password for '%s'\n"),
+                client_name);
+        return (FALSE);
+    }
+
+    if ( pwsize == 0) {
+        fprintf(stderr, _("No password given\n"));
+        *zero_password = TRUE;
+        return (FALSE);
+    }
+
+    code = krb5_get_init_creds_password(context, &creds, client, password,
+                                        krb5_prompter_posix, NULL, 0, NULL,
+                                        options);
+    zap(password, sizeof(password));
+
+
+    if (code) {
+        if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+            fprintf(stderr, _("%s: Password incorrect\n"), prog_name);
+        else
+            com_err(prog_name, code, _("while getting initial credentials"));
+        return (FALSE);
+    }
+    if (creds_out != NULL)
+        *creds_out = creds;
+    else
+        krb5_free_cred_contents(context, &creds);
+    return (TRUE);
+}
+
+
+void dump_principal (context, str, p)
+    krb5_context context;
+    char *str;
+    krb5_principal p;
+{
+    char * stname;
+    krb5_error_code retval;
+
+    if ((retval = krb5_unparse_name(context, p, &stname))) {
+        fprintf(stderr, _(" %s while unparsing name\n"),
+                error_message(retval));
+    }
+    fprintf(stderr, " %s: %s\n", str, stname);
+}
+
+void plain_dump_principal (context, p)
+    krb5_context context;
+    krb5_principal p;
+{
+    char * stname;
+    krb5_error_code retval;
+
+    if ((retval = krb5_unparse_name(context, p, &stname))) {
+        fprintf(stderr, _(" %s while unparsing name\n"),
+                error_message(retval));
+    }
+    fprintf(stderr, "%s ", stname);
+}
+
+
+/**********************************************************************
+returns the principal that is closest to client. plist contains
+a principal list obtained from .k5login and parhaps .k5users file.
+This routine gets called before getting the password for a tgt.
+A principal is picked that has the best chance of getting in.
+
+**********************************************************************/
+
+
+krb5_error_code get_best_principal(context, plist, client)
+    krb5_context context;
+    char **plist;
+    krb5_principal *client;
+{
+    krb5_error_code retval =0;
+    krb5_principal temp_client, best_client = NULL;
+
+    int i = 0, nelem;
+
+    if (! plist ) return 0;
+
+    nelem = krb5_princ_size(context, *client);
+
+    while(plist[i]){
+
+        if ((retval = krb5_parse_name(context, plist[i], &temp_client))){
+            return retval;
+        }
+
+        if (data_eq(*krb5_princ_realm(context, *client),
+                    *krb5_princ_realm(context, temp_client))) {
+
+            if (nelem &&
+                krb5_princ_size(context, *client) > 0 &&
+                krb5_princ_size(context, temp_client) > 0) {
+                krb5_data *p1 =
+                    krb5_princ_component(context, *client, 0);
+                krb5_data *p2 =
+                    krb5_princ_component(context, temp_client, 0);
+
+                if (data_eq(*p1, *p2)) {
+
+                    if (auth_debug){
+                        fprintf(stderr,
+                                "get_best_principal: compare with %s\n",
+                                plist[i]);
+                    }
+
+                    if(best_client){
+                        if(krb5_princ_size(context, best_client) >
+                           krb5_princ_size(context, temp_client)){
+                            best_client = temp_client;
+                        }
+                    }else{
+                        best_client = temp_client;
+                    }
+                }
+            }
+
+        }
+        i++;
+    }
+
+    if (best_client) *client = best_client;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/clients/ksu/ksu.h b/krb5-1.21.3/src/clients/ksu/ksu.h
new file mode 100644
index 00000000..66fb4bcc
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/ksu.h
@@ -0,0 +1,247 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1994 by the University of Southern California
+ *
+ * EXPORT OF THIS SOFTWARE from the United States of America may
+ *     require a specific license from the United States Government.
+ *     It is the responsibility of any person or organization contemplating
+ *     export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+ *     this software and its documentation in source and binary forms is
+ *     hereby granted, provided that any documentation or other materials
+ *     related to such distribution or use acknowledge that the software
+ *     was developed by the University of Southern California.
+ *
+ * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+ *     University of Southern California MAKES NO REPRESENTATIONS OR
+ *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ *     limitation, the University of Southern California MAKES NO
+ *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+ *     PARTICULAR PURPOSE. The University of Southern
+ *     California shall not be held liable for any liability nor for any
+ *     direct, indirect, or consequential damages with respect to any
+ *     claim by the user or distributor of the ksu software.
+ *
+ * KSU was written by:  Ari Medvinsky, ari@isi.edu
+ */
+
+#include "k5-int.h"
+#include "k5-util.h"
+#include <stdio.h>
+#include "com_err.h"
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <string.h>
+#include <syslog.h>
+/* <stdarg.h> or <varargs.h> is already included by com_err.h.  */
+
+#define NO_TARGET_FILE '.'
+#define SOURCE_USER_LOGIN "."
+
+#define KRB5_DEFAULT_OPTIONS 0
+#define KRB5_DEFAULT_TKT_LIFE 60*60*12 /* 12 hours */
+
+#define KRB5_LOGIN_NAME ".k5login"
+#define KRB5_USERS_NAME ".k5users"
+#define USE_DEFAULT_REALM_NAME "."
+#define PERMIT_ALL_COMMANDS "*"
+#define KRB5_SEC_BUFFSIZE 80
+#define NOT_AUTHORIZED 1
+
+#define CHUNK 3
+#define CACHE_MODE 0600
+#define MAX_CMD 2048 /* this is temp, should use realloc instead,
+                        as done in most of the code */
+
+
+extern int optind;
+extern char * optarg;
+
+/* globals */
+extern char * prog_name;
+extern int auth_debug;
+extern int quiet;
+extern char k5login_path[MAXPATHLEN];
+extern char k5users_path[MAXPATHLEN];
+extern char * gb_err;
+/***********/
+
+/* krb_auth_su.c */
+extern krb5_boolean krb5_auth_check
+(krb5_context, krb5_principal, char *, krb5_get_init_creds_opt *,
+ char *, krb5_ccache, int *, uid_t);
+
+extern krb5_boolean krb5_fast_auth
+(krb5_context, krb5_principal, krb5_principal, char *,
+ krb5_ccache);
+
+extern krb5_boolean ksu_get_tgt_via_passwd
+(krb5_context,
+ krb5_principal, krb5_get_init_creds_opt *, krb5_boolean *, krb5_creds *);
+
+extern void dump_principal
+(krb5_context, char *, krb5_principal);
+
+extern void plain_dump_principal
+(krb5_context, krb5_principal);
+
+
+extern krb5_error_code krb5_parse_lifetime
+(char *, long *);
+
+extern krb5_error_code get_best_principal
+(krb5_context, char **, krb5_principal *);
+
+/* ccache.c */
+extern krb5_error_code krb5_ccache_copy
+(krb5_context, krb5_ccache, krb5_principal, krb5_ccache,
+ krb5_boolean, krb5_principal, krb5_boolean *);
+
+extern krb5_error_code krb5_store_all_creds
+(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
+
+extern krb5_error_code krb5_store_all_creds
+(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
+
+extern krb5_boolean compare_creds
+(krb5_context, krb5_creds *, krb5_creds *);
+
+extern krb5_error_code krb5_get_nonexp_tkts
+(krb5_context, krb5_ccache, krb5_creds ***);
+
+extern krb5_error_code krb5_check_exp
+(krb5_context, krb5_ticket_times);
+
+extern char *flags_string (krb5_creds *);
+
+extern krb5_error_code krb5_get_login_princ
+(const char *, char ***);
+
+extern void show_credential
+(krb5_context, krb5_creds *, krb5_ccache);
+
+krb5_error_code gen_sym(krb5_context context, char **sym);
+
+extern krb5_error_code krb5_ccache_overwrite
+(krb5_context, krb5_ccache, krb5_ccache, krb5_principal);
+
+extern krb5_error_code krb5_store_some_creds
+(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **,
+ krb5_principal, krb5_boolean *);
+
+extern krb5_boolean ks_ccache_name_is_initialized
+(krb5_context, const char *);
+
+extern krb5_boolean ks_ccache_is_initialized
+(krb5_context, krb5_ccache);
+
+extern krb5_error_code krb5_ccache_refresh
+(krb5_context, krb5_ccache);
+
+extern krb5_error_code krb5_ccache_filter
+(krb5_context, krb5_ccache, krb5_principal);
+
+extern krb5_boolean krb5_find_princ_in_cred_list
+(krb5_context, krb5_creds **, krb5_principal);
+
+extern krb5_error_code krb5_find_princ_in_cache
+(krb5_context, krb5_ccache, krb5_principal, krb5_boolean *);
+
+extern void printtime (krb5_timestamp);
+
+/* authorization.c */
+extern krb5_boolean fowner (FILE *, uid_t);
+
+extern krb5_error_code krb5_authorization
+(krb5_context, krb5_principal, const char *, char *,
+ krb5_boolean *, char **);
+
+extern krb5_error_code k5login_lookup (FILE *, char *,
+                                       krb5_boolean *);
+
+extern krb5_error_code k5users_lookup
+(FILE *, char *, char *, krb5_boolean *, char **);
+
+extern krb5_boolean fcmd_resolve
+(char *, char ***, char **);
+
+extern krb5_boolean cmd_single (char *);
+
+extern int cmd_arr_cmp_postfix (char **, char *);
+
+extern int cmd_arr_cmp (char **, char *);
+
+extern krb5_boolean find_first_cmd_that_exists
+(char **, char **, char **);
+
+extern int match_commands
+(char *, char *, krb5_boolean *, char **, char **);
+
+extern krb5_error_code get_line (FILE *, char **);
+
+extern char *  get_first_token (char *, char **);
+
+extern char *  get_next_token (char **);
+
+extern void init_auth_names (char *);
+
+/* main.c */
+extern void usage (void);
+
+extern int standard_shell (char *);
+
+extern krb5_error_code get_params (int *, int, char **, char ***);
+
+/* heuristic.c */
+extern krb5_error_code get_all_princ_from_file (FILE *, char ***);
+
+extern krb5_error_code list_union (char **, char **, char ***);
+
+extern krb5_error_code filter (FILE *, char *, char **, char ***);
+
+extern krb5_error_code get_authorized_princ_names
+(const char *, char *, char ***);
+
+extern krb5_error_code get_closest_principal
+(krb5_context, char **, krb5_principal *, krb5_boolean *);
+
+extern krb5_error_code find_either_ticket
+(krb5_context, krb5_ccache, krb5_principal,
+ krb5_principal, krb5_boolean *);
+
+extern krb5_error_code find_ticket
+(krb5_context, krb5_ccache, krb5_principal,
+ krb5_principal, krb5_boolean *);
+
+
+extern krb5_error_code find_princ_in_list
+(krb5_context, krb5_principal, char **, krb5_boolean *);
+
+extern krb5_error_code get_best_princ_for_target
+(krb5_context, uid_t, uid_t, char *, char *, krb5_ccache,
+ krb5_get_init_creds_opt *, char *, char *, krb5_principal *, int *);
+
+extern krb5_error_code ksu_tgtname (krb5_context, const krb5_data *,
+                                    const krb5_data *,
+                                    krb5_principal *tgtprinc);
+
+#ifndef min
+#define min(a,b) ((a) > (b) ? (b) : (a))
+#endif /* min */
+
+
+extern char *krb5_lname_file;  /* Note: print this out just be sure
+                                  that it gets set */
+
+extern void *xmalloc (size_t),
+    *xrealloc (void *, size_t),
+    *xcalloc (size_t, size_t);
+                             extern char *xstrdup (const char *);
+                             extern char *xasprintf (const char *format, ...);
+
+#ifndef HAVE_UNSETENV
+                             void unsetenv (char *);
+#endif
diff --git a/krb5-1.21.3/src/clients/ksu/main.c b/krb5-1.21.3/src/clients/ksu/main.c
new file mode 100644
index 00000000..af128617
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/main.c
@@ -0,0 +1,1087 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1994 by the University of Southern California
+ *
+ * EXPORT OF THIS SOFTWARE from the United States of America may
+ *     require a specific license from the United States Government.
+ *     It is the responsibility of any person or organization contemplating
+ *     export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute
+ *     this software and its documentation in source and binary forms is
+ *     hereby granted, provided that any documentation or other materials
+ *     related to such distribution or use acknowledge that the software
+ *     was developed by the University of Southern California.
+ *
+ * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
+ *     University of Southern California MAKES NO REPRESENTATIONS OR
+ *     WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ *     limitation, the University of Southern California MAKES NO
+ *     REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY
+ *     PARTICULAR PURPOSE. The University of Southern
+ *     California shall not be held liable for any liability nor for any
+ *     direct, indirect, or consequential damages with respect to any
+ *     claim by the user or distributor of the ksu software.
+ *
+ * KSU was written by:  Ari Medvinsky, ari@isi.edu
+ */
+
+#include "ksu.h"
+#include "adm_proto.h"
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
+#include <grp.h>
+
+/* globals */
+char * prog_name;
+int auth_debug =0;
+char k5login_path[MAXPATHLEN];
+char k5users_path[MAXPATHLEN];
+char * gb_err = NULL;
+int quiet = 0;
+/***********/
+
+#define KS_TEMPORARY_CACHE "MEMORY:_ksu"
+#define KS_TEMPORARY_PRINC "_ksu/_ksu@_ksu"
+#define _DEF_CSH "/bin/csh"
+static int set_env_var (char *, char *);
+static void sweep_up (krb5_context, krb5_ccache);
+static char * ontty (void);
+static krb5_error_code init_ksu_context(krb5_context *);
+static krb5_error_code set_ccname_env(krb5_context, krb5_ccache);
+static void print_status( const char *fmt, ...)
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+    __attribute__ ((__format__ (__printf__, 1, 2)))
+#endif
+    ;
+static krb5_error_code resolve_target_cache(krb5_context ksu_context,
+                                            krb5_principal princ,
+                                            krb5_ccache *ccache_out,
+                                            krb5_boolean *ccache_reused);
+
+/* Note -e and -a options are mutually exclusive */
+/* insure the proper specification of target user as well as catching
+   ill specified arguments to commands */
+
+void usage (){
+    fprintf(stderr,
+            _("Usage: %s [target user] [-n principal] [-c source cachename] "
+              "[-k] [-r time] [-p|-P] [-f|-F] [-l lifetime] [-zZ] [-q] "
+              "[-e command [args... ] ] [-a [args... ] ]\n"), prog_name);
+}
+
+/* for Ultrix and friends ... */
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+/* These are file static so sweep_up can get to them*/
+static uid_t source_uid, target_uid;
+
+int
+main (argc, argv)
+    int argc;
+    char ** argv;
+{
+    int hp =0;
+    int some_rest_copy = 0;
+    int all_rest_copy = 0;
+    char *localhostname = NULL;
+    krb5_get_init_creds_opt *options = NULL;
+    int option=0;
+    int statusp=0;
+    krb5_error_code retval = 0;
+    krb5_principal client = NULL, tmp_princ = NULL;
+    krb5_ccache cc_tmp = NULL, cc_target = NULL;
+    krb5_context ksu_context;
+    char * cc_target_tag = NULL;
+    char * target_user = NULL;
+    char * source_user;
+
+    krb5_ccache cc_source = NULL;
+    const char * cc_source_tag = NULL;
+    const char * cc_source_tag_tmp = NULL;
+    char * cmd = NULL, * exec_cmd = NULL;
+    int errflg = 0;
+    krb5_boolean auth_val;
+    krb5_boolean authorization_val = FALSE;
+    int path_passwd = 0;
+    int done =0,i,j;
+    uid_t ruid = getuid ();
+    struct passwd *pwd=NULL,  *target_pwd ;
+    char * shell;
+    char ** params;
+    int keep_target_cache = 0;
+    int child_pid, child_pgrp, ret_pid;
+    extern char * getpass(), *crypt();
+    int pargc;
+    char ** pargv;
+    krb5_boolean stored = FALSE, cc_reused = FALSE, given_princ = FALSE;
+    krb5_boolean zero_password;
+    krb5_boolean restrict_creds;
+    krb5_deltat lifetime, rlife;
+
+    if (argc == 0)
+        exit(1);
+
+    params = (char **) xcalloc (2, sizeof (char *));
+    params[1] = NULL;
+
+    unsetenv ("KRB5_CONFIG");
+
+    retval = init_ksu_context(&ksu_context);
+    if (retval) {
+        com_err(argv[0], retval, _("while initializing krb5"));
+        exit(1);
+    }
+
+    retval = krb5_get_init_creds_opt_alloc(ksu_context, &options);
+    if (retval) {
+        com_err(argv[0], retval, _("while initializing krb5"));
+        exit(1);
+    }
+
+    if (strrchr(argv[0], '/'))
+        argv[0] = strrchr(argv[0], '/')+1;
+    prog_name = argv[0];
+    if (strlen (prog_name) > 50) {
+        /* this many chars *after* last / ?? */
+        com_err(prog_name, 0,
+                _("program name too long - quitting to avoid triggering "
+                  "system logging bugs"));
+        exit (1);
+    }
+
+
+#ifndef LOG_NDELAY
+#define LOG_NDELAY 0
+#endif
+
+#ifndef LOG_AUTH /* 4.2 syslog */
+    openlog(prog_name, LOG_PID|LOG_NDELAY);
+#else
+    openlog(prog_name, LOG_PID | LOG_NDELAY, LOG_AUTH);
+#endif /* 4.2 syslog */
+
+
+    if (( argc == 1) || (argv[1][0] == '-')){
+        target_user = xstrdup("root");
+        pargc = argc;
+        pargv = argv;
+    } else {
+        target_user = xstrdup(argv[1]);
+        pargc = argc -1;
+
+        if ((pargv =(char **) calloc(pargc +1,sizeof(char *)))==NULL){
+            com_err(prog_name, errno, _("while allocating memory"));
+            exit(1);
+        }
+
+        pargv[pargc] = NULL;
+        pargv[0] = argv[0];
+
+        for(i =1; i< pargc; i ++){
+            pargv[i] = argv[i + 1];
+        }
+    }
+
+    if (krb5_seteuid (ruid)) {
+        com_err (prog_name, errno, _("while setting euid to source user"));
+        exit (1);
+    }
+    while (!done &&
+           (option = getopt(pargc, pargv,"n:c:r:a:zZDfFpPkql:e:")) != -1) {
+        switch (option) {
+        case 'r':
+            if (strlen (optarg) >= 14)
+                optarg = "bad-time";
+            retval = krb5_string_to_deltat(optarg, &rlife);
+            if (retval != 0 || rlife == 0) {
+                fprintf(stderr, _("Bad lifetime value (%s hours?)\n"), optarg);
+                errflg++;
+            }
+            krb5_get_init_creds_opt_set_renew_life(options, rlife);
+            break;
+        case 'a':
+            /* when integrating this remember to pass in pargc, pargv and
+               take care of params argument */
+            optind --;
+            if (auth_debug){printf("Before get_params optind=%d\n", optind);}
+
+            if ((retval = get_params( & optind, pargc, pargv, &params))){
+                com_err(prog_name, retval, _("when gathering parameters"));
+                errflg++;
+            }
+            if(auth_debug){ printf("After get_params optind=%d\n", optind);}
+            done = 1;
+            break;
+        case 'p':
+            krb5_get_init_creds_opt_set_proxiable(options, 1);
+            break;
+        case 'P':
+            krb5_get_init_creds_opt_set_proxiable(options, 0);
+            break;
+        case 'f':
+            krb5_get_init_creds_opt_set_forwardable(options, 1);
+            break;
+        case 'F':
+            krb5_get_init_creds_opt_set_forwardable(options, 0);
+            break;
+        case 'k':
+            keep_target_cache =1;
+            break;
+        case 'q':
+            quiet =1;
+            break;
+        case 'l':
+            if (strlen (optarg) >= 14)
+                optarg = "bad-time";
+            retval = krb5_string_to_deltat(optarg, &lifetime);
+            if (retval != 0 || lifetime == 0) {
+                fprintf(stderr, _("Bad lifetime value (%s hours?)\n"), optarg);
+                errflg++;
+            }
+            krb5_get_init_creds_opt_set_tkt_life(options, lifetime);
+            break;
+        case 'n':
+            if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+                com_err(prog_name, retval, _("when parsing name %s"), optarg);
+                errflg++;
+            }
+            given_princ = TRUE;
+            break;
+#ifdef DEBUG
+        case 'D':
+            auth_debug = 1;
+            break;
+#endif
+        case 'z':
+            some_rest_copy = 1;
+            if(all_rest_copy) {
+                fprintf(stderr,
+                        _("-z option is mutually exclusive with -Z.\n"));
+                errflg++;
+            }
+            break;
+        case 'Z':
+            all_rest_copy = 1;
+            if(some_rest_copy) {
+                fprintf(stderr,
+                        _("-Z option is mutually exclusive with -z.\n"));
+                errflg++;
+            }
+            break;
+        case 'c':
+            if (cc_source_tag == NULL) {
+                cc_source_tag = xstrdup(optarg);
+                if ( strchr(cc_source_tag, ':')){
+                    cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
+
+                    if (!ks_ccache_name_is_initialized(ksu_context,
+                                                       cc_source_tag)) {
+                        com_err(prog_name, errno,
+                                _("while looking for credentials cache %s"),
+                                cc_source_tag_tmp);
+                        exit (1);
+                    }
+                }
+                else {
+                    fprintf(stderr, _("malformed credential cache name %s\n"),
+                            cc_source_tag);
+                    errflg++;
+                }
+
+            } else {
+                fprintf(stderr, _("Only one -c option allowed\n"));
+                errflg++;
+            }
+            break;
+        case 'e':
+            cmd = xstrdup(optarg);
+            if(auth_debug){printf("Before get_params optind=%d\n", optind);}
+            if ((retval = get_params( & optind, pargc, pargv, &params))){
+                com_err(prog_name, retval, _("when gathering parameters"));
+                errflg++;
+            }
+            if(auth_debug){printf("After get_params optind=%d\n", optind);}
+            done = 1;
+
+            if (auth_debug){
+                fprintf(stderr,"Command to be executed: %s\n", cmd);
+            }
+            break;
+        case '?':
+        default:
+            errflg++;
+            break;
+        }
+    }
+
+    if (errflg) {
+        usage();
+        exit(2);
+    }
+
+    if (optind != pargc ){
+        usage();
+        exit(2);
+    }
+
+    if (auth_debug){
+        for(j=1; params[j] != NULL; j++){
+            fprintf (stderr,"params[%d]= %s\n", j,params[j]);
+        }
+    }
+
+    /***********************************/
+    source_user = getlogin(); /*checks for the the login name in /etc/utmp*/
+
+    /* verify that that the user exists and get his passwd structure */
+
+    if (source_user == NULL ||(pwd = getpwnam(source_user)) == NULL ||
+        pwd->pw_uid != ruid){
+        pwd = getpwuid(ruid);
+    }
+
+    if (pwd == NULL) {
+        fprintf(stderr, _("ksu: who are you?\n"));
+        exit(1);
+    }
+    if (pwd->pw_uid != ruid) {
+        fprintf (stderr, _("Your uid doesn't match your passwd entry?!\n"));
+        exit (1);
+    }
+    /* Okay, now we have *some* passwd entry that matches the
+       current real uid.  */
+
+    /* allocate space and copy the usernamane there */
+    source_user = xstrdup(pwd->pw_name);
+    source_uid = pwd->pw_uid;
+
+    if (!strcmp(SOURCE_USER_LOGIN, target_user)){
+        target_user = xstrdup (source_user);
+    }
+
+    if ((target_pwd = getpwnam(target_user)) == NULL){
+        fprintf(stderr, _("ksu: unknown login %s\n"), target_user);
+        exit(1);
+    }
+    target_uid = target_pwd->pw_uid;
+
+    init_auth_names(target_pwd->pw_dir);
+
+    /***********************************/
+
+    if (cc_source_tag == NULL){
+        cc_source_tag = krb5_cc_default_name(ksu_context);
+        cc_source_tag_tmp = strchr(cc_source_tag, ':');
+        if (cc_source_tag_tmp == 0)
+            cc_source_tag_tmp = cc_source_tag;
+        else
+            cc_source_tag_tmp++;
+    }
+
+    /* get a handle for the cache */
+    if ((retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source))){
+        com_err(prog_name, retval, _("while getting source cache"));
+        exit(1);
+    }
+
+    if ((retval = get_best_princ_for_target(ksu_context, source_uid,
+                                            target_uid, source_user,
+                                            target_user, cc_source,
+                                            options, cmd, localhostname,
+                                            &client, &hp))){
+        com_err(prog_name,retval, _("while selecting the best principal"));
+        exit(1);
+    }
+
+    /* We may be running as either source or target, depending on
+       what happened; become source.*/
+    if ( geteuid() != source_uid) {
+        if (krb5_seteuid(0) || krb5_seteuid(source_uid) ) {
+            com_err(prog_name, errno, _("while returning to source uid after "
+                                        "finding best principal"));
+            exit(1);
+        }
+    }
+
+    if (auth_debug){
+        if (hp){
+            fprintf(stderr,
+                    "GET_best_princ_for_target result: NOT AUTHORIZED\n");
+        }else{
+            fprintf(stderr,
+                    "GET_best_princ_for_target result-best principal ");
+            plain_dump_principal (ksu_context, client);
+            fprintf(stderr,"\n");
+        }
+    }
+
+    if (hp){
+        if (gb_err) fprintf(stderr, "%s", gb_err);
+        fprintf(stderr, _("account %s: authorization failed\n"), target_user);
+
+        if (cmd != NULL) {
+            syslog(LOG_WARNING,
+                   "Account %s: authorization for %s for execution of %s failed",
+                   target_user, source_user, cmd);
+        } else {
+            syslog(LOG_WARNING, "Account %s: authorization of %s failed",
+                   target_user, source_user);
+        }
+
+        exit(1);
+    }
+
+    if (auth_debug)
+        fprintf(stderr, " source cache =  %s\n", cc_source_tag);
+
+    /*
+     * After proper authentication and authorization, populate a cache for the
+     * target user.
+     */
+
+    /*
+     * We read the set of creds we want to copy from the source ccache as the
+     * source uid, become root for authentication, and then become the target
+     * user to handle authorization and creating the target user's cache.
+     */
+
+    /* if root ksu's to a regular user, then
+       then only the credentials for that particular user
+       should be copied */
+
+    restrict_creds = (source_uid == 0) && (target_uid != 0);
+    retval = krb5_parse_name(ksu_context, KS_TEMPORARY_PRINC, &tmp_princ);
+    if (retval) {
+        com_err(prog_name, retval, _("while parsing temporary name"));
+        exit(1);
+    }
+    retval = krb5_cc_resolve(ksu_context, KS_TEMPORARY_CACHE, &cc_tmp);
+    if (retval) {
+        com_err(prog_name, retval, _("while creating temporary cache"));
+        exit(1);
+    }
+    retval = krb5_ccache_copy(ksu_context, cc_source, tmp_princ, cc_tmp,
+                              restrict_creds, client, &stored);
+    if (retval) {
+        com_err(prog_name, retval, _("while copying cache %s to %s"),
+                krb5_cc_get_name(ksu_context, cc_source), KS_TEMPORARY_CACHE);
+        exit(1);
+    }
+    krb5_cc_close(ksu_context, cc_source);
+
+    krb5_get_init_creds_opt_set_out_ccache(ksu_context, options, cc_tmp);
+
+    /* Become root for authentication*/
+
+    if (krb5_seteuid(0)) {
+        com_err(prog_name, errno, _("while reclaiming root uid"));
+        exit(1);
+    }
+
+    if ((source_uid == 0) || (target_uid == source_uid)){
+#ifdef GET_TGT_VIA_PASSWD
+        if (!all_rest_copy && given_princ && client != NULL && !stored) {
+            fprintf(stderr, _("WARNING: Your password may be exposed if you "
+                              "enter it here and are logged\n"));
+            fprintf(stderr, _("         in remotely using an unsecure "
+                              "(non-encrypted) channel.\n"));
+            if (ksu_get_tgt_via_passwd(ksu_context, client, options,
+                                       &zero_password, NULL) == FALSE) {
+
+                if (zero_password == FALSE){
+                    fprintf(stderr, _("Goodbye\n"));
+                    exit(1);
+                }
+
+                fprintf(stderr, _("Could not get a tgt for "));
+                plain_dump_principal (ksu_context, client);
+                fprintf(stderr, "\n");
+
+            }
+            stored = TRUE;
+        }
+#endif /* GET_TGT_VIA_PASSWD */
+    }
+
+    /* if the user is root or same uid then authentication is not necessary,
+       root gets in automatically */
+
+    if (source_uid && (source_uid != target_uid)) {
+        char * client_name;
+
+        auth_val = krb5_auth_check(ksu_context, client, localhostname,
+                                   options, target_user, cc_tmp,
+                                   &path_passwd, target_uid);
+
+        /* if Kerberos authentication failed then exit */
+        if (auth_val ==FALSE){
+            fprintf(stderr, _("Authentication failed.\n"));
+            syslog(LOG_WARNING, "'%s %s' authentication failed for %s%s",
+                   prog_name,target_user,source_user,ontty());
+            exit(1);
+        }
+        stored = TRUE;
+
+        if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
+            com_err(prog_name, retval, _("When unparsing name"));
+            exit(1);
+        }
+
+        print_status(_("Authenticated %s\n"), client_name);
+        syslog(LOG_NOTICE,"'%s %s' authenticated %s for %s%s",
+               prog_name,target_user,client_name,
+               source_user,ontty());
+
+        /* Run authorization as target.*/
+        if (krb5_seteuid(target_uid)) {
+            com_err(prog_name, errno, _("while switching to target for "
+                                        "authorization check"));
+            exit(1);
+        }
+
+        if ((retval = krb5_authorization(ksu_context, client,target_user,
+                                         cmd, &authorization_val, &exec_cmd))){
+            com_err(prog_name,retval, _("while checking authorization"));
+            krb5_seteuid(0); /*So we have some chance of sweeping up*/
+            exit(1);
+        }
+
+        if (krb5_seteuid(0)) {
+            com_err(prog_name, errno, _("while switching back from target "
+                                        "after authorization check"));
+            exit(1);
+        }
+        if (authorization_val == TRUE){
+
+            if (cmd) {
+                print_status(_("Account %s: authorization for %s for "
+                               "execution of\n"), target_user, client_name);
+                print_status(_("               %s successful\n"), exec_cmd);
+                syslog(LOG_NOTICE,
+                       "Account %s: authorization for %s for execution of %s successful",
+                       target_user, client_name, exec_cmd);
+
+            }else{
+                print_status(_("Account %s: authorization for %s "
+                               "successful\n"), target_user, client_name);
+                syslog(LOG_NOTICE,
+                       "Account %s: authorization for %s successful",
+                       target_user, client_name);
+            }
+        }else {
+            if (cmd){
+                if (exec_cmd){ /* was used to pass back the error msg */
+                    fprintf(stderr, "%s", exec_cmd );
+                    syslog(LOG_WARNING, "%s",exec_cmd);
+                }
+                fprintf(stderr, _("Account %s: authorization for %s for "
+                                  "execution of %s failed\n"),
+                        target_user, client_name, cmd );
+                syslog(LOG_WARNING,
+                       "Account %s: authorization for %s for execution of %s failed",
+                       target_user, client_name, cmd );
+
+            }else{
+                fprintf(stderr, _("Account %s: authorization of %s failed\n"),
+                        target_user, client_name);
+                syslog(LOG_WARNING,
+                       "Account %s: authorization of %s failed",
+                       target_user, client_name);
+
+            }
+
+            exit(1);
+        }
+    }
+
+    if( some_rest_copy){
+        retval = krb5_ccache_filter(ksu_context, cc_tmp, client);
+        if (retval) {
+            com_err(prog_name,retval, _("while calling cc_filter"));
+            exit(1);
+        }
+    }
+
+    if (all_rest_copy){
+        retval = krb5_cc_initialize(ksu_context, cc_tmp, tmp_princ);
+        if (retval) {
+            com_err(prog_name, retval, _("while erasing target cache"));
+            exit(1);
+        }
+        stored = FALSE;
+    }
+
+    /* get the shell of the user, this will be the shell used by su */
+    target_pwd = getpwnam(target_user);
+
+    if (target_pwd->pw_shell)
+        shell = xstrdup(target_pwd->pw_shell);
+    else {
+        shell = _DEF_CSH;  /* default is cshell */
+    }
+
+#ifdef HAVE_GETUSERSHELL
+
+    /* insist that the target login uses a standard shell (root is omitted) */
+
+    if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+        fprintf(stderr, _("ksu: permission denied (shell).\n"));
+        exit(1);
+    }
+#endif /* HAVE_GETUSERSHELL */
+
+    if (target_pwd->pw_uid){
+
+        if(set_env_var("USER", target_pwd->pw_name)){
+            fprintf(stderr,
+                    _("ksu: couldn't set environment variable USER\n"));
+            exit(1);
+        }
+    }
+
+    if(set_env_var( "HOME", target_pwd->pw_dir)){
+        fprintf(stderr, _("ksu: couldn't set environment variable HOME\n"));
+        exit(1);
+    }
+
+    if(set_env_var( "SHELL", shell)){
+        fprintf(stderr, _("ksu: couldn't set environment variable SHELL\n"));
+        exit(1);
+    }
+
+    /* set permissions */
+    if (setgid(target_pwd->pw_gid) < 0) {
+        perror("ksu: setgid");
+        exit(1);
+    }
+
+    if (initgroups(target_user, target_pwd->pw_gid)) {
+        fprintf(stderr, _("ksu: initgroups failed.\n"));
+        exit(1);
+    }
+
+    if ( ! strcmp(target_user, source_user)){
+        print_status(_("Leaving uid as %s (%ld)\n"),
+                     target_user, (long) target_pwd->pw_uid);
+    }else{
+        print_status(_("Changing uid to %s (%ld)\n"),
+                     target_user, (long) target_pwd->pw_uid);
+    }
+
+#ifdef  HAVE_SETLUID
+    /*
+     * If we're on a system which keeps track of login uids, then
+     * set the login uid. If this fails this opens up a problem on DEC OSF
+     * with C2 enabled.
+     */
+    if (setluid((uid_t) pwd->pw_uid) < 0) {
+        perror("setluid");
+        exit(1);
+    }
+#endif  /* HAVE_SETLUID */
+
+    if (setuid(target_pwd->pw_uid) < 0) {
+        perror("ksu: setuid");
+        exit(1);
+    }
+
+    retval = resolve_target_cache(ksu_context, client, &cc_target, &cc_reused);
+    if (retval)
+        exit(1);
+    retval = krb5_cc_get_full_name(ksu_context, cc_target, &cc_target_tag);
+    if (retval) {
+        com_err(prog_name, retval, _("while getting name of target ccache"));
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+    if (auth_debug)
+        fprintf(stderr, " target cache =  %s\n", cc_target_tag);
+    if (cc_reused)
+        keep_target_cache = TRUE;
+
+    if (stored) {
+        retval = krb5_ccache_copy(ksu_context, cc_tmp, client, cc_target,
+                                  FALSE, client, &stored);
+        if (retval) {
+            com_err(prog_name, retval, _("while copying cache %s to %s"),
+                    KS_TEMPORARY_CACHE, cc_target_tag);
+            exit(1);
+        }
+
+        if (!ks_ccache_is_initialized(ksu_context, cc_target)) {
+            com_err(prog_name, errno,
+                    _("%s does not have correct permissions for %s, "
+                      "%s aborted"), target_user, cc_target_tag, prog_name);
+            exit(1);
+        }
+    }
+
+    krb5_free_string(ksu_context, cc_target_tag);
+
+    /* Set the cc env name to target. */
+    retval = set_ccname_env(ksu_context, cc_target);
+    if (retval != 0) {
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+
+    if (cmd){
+        if ((source_uid == 0) || (source_uid == target_uid )){
+            exec_cmd = cmd;
+        }
+
+        if( !exec_cmd){
+            fprintf(stderr, _("Internal error: command %s did not get "
+                              "resolved\n"), cmd);
+            exit(1);
+        }
+
+        params[0] = exec_cmd;
+    }
+    else{
+        params[0] = shell;
+    }
+
+    if (auth_debug){
+        fprintf(stderr, "program to be execed %s\n",params[0]);
+    }
+
+    if( keep_target_cache ) {
+        execv(params[0], params);
+        com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }else{
+        statusp = 1;
+        switch ((child_pid = fork())) {
+        default:
+            if (auth_debug){
+                printf(" The child pid is %ld\n", (long) child_pid);
+                printf(" The parent pid is %ld\n", (long) getpid());
+            }
+            while ((ret_pid = waitpid(child_pid, &statusp, WUNTRACED)) != -1) {
+                if (WIFSTOPPED(statusp)) {
+                    child_pgrp = tcgetpgrp(1);
+                    kill(getpid(), SIGSTOP);
+                    tcsetpgrp(1, child_pgrp);
+                    kill(child_pid, SIGCONT);
+                    statusp = 1;
+                    continue;
+                }
+                break;
+            }
+            if (auth_debug){
+                printf("The exit status of the child is %d\n", statusp);
+            }
+            if (ret_pid == -1) {
+                com_err(prog_name, errno, _("while calling waitpid"));
+            }
+            sweep_up(ksu_context, cc_target);
+            exit (statusp);
+        case -1:
+            com_err(prog_name, errno, _("while trying to fork."));
+            sweep_up(ksu_context, cc_target);
+            exit (1);
+        case 0:
+            execv(params[0], params);
+            com_err(prog_name, errno, _("while trying to execv %s"),
+                    params[0]);
+            exit (1);
+        }
+    }
+}
+
+static krb5_error_code
+init_ksu_context(krb5_context *context_out)
+{
+    krb5_error_code retval;
+    const char *env_ccname;
+    krb5_context context;
+
+    *context_out = NULL;
+
+    retval = krb5_init_secure_context(&context);
+    if (retval)
+        return retval;
+
+    /* We want to obey KRB5CCNAME in this context even though this is a setuid
+     * program.  (It will only be used when operating as the real uid.) */
+    env_ccname = getenv(KRB5_ENV_CCNAME);
+    if (env_ccname != NULL) {
+        retval = krb5_cc_set_default_name(context, env_ccname);
+        if (retval) {
+            krb5_free_context(context);
+            return retval;
+        }
+    }
+
+    *context_out = context;
+    return 0;
+}
+
+/* Set KRB5CCNAME in the environment to point to ccache.  Print an error
+ * message on failure. */
+static krb5_error_code
+set_ccname_env(krb5_context ksu_context, krb5_ccache ccache)
+{
+    krb5_error_code retval;
+    char *ccname;
+
+    retval = krb5_cc_get_full_name(ksu_context, ccache, &ccname);
+    if (retval) {
+        com_err(prog_name, retval, _("while reading cache name from ccache"));
+        return retval;
+    }
+    if (set_env_var(KRB5_ENV_CCNAME, ccname)) {
+        retval = errno;
+        fprintf(stderr,
+                _("ksu: couldn't set environment variable %s\n"),
+                KRB5_ENV_CCNAME);
+    }
+    krb5_free_string(ksu_context, ccname);
+    return retval;
+}
+
+/*
+ * Get the configured default ccache name.  Unset KRB5CCNAME and force a
+ * recomputation so we don't use values for the source user.  Print an error
+ * message on failure.
+ */
+static krb5_error_code
+get_configured_defccname(krb5_context context, char **target_out)
+{
+    krb5_error_code retval;
+    const char *defname;
+    char *target = NULL;
+
+    *target_out = NULL;
+
+    unsetenv(KRB5_ENV_CCNAME);
+
+    /* Make sure we don't have a cached value for a different uid. */
+    retval = krb5_cc_set_default_name(context, NULL);
+    if (retval != 0) {
+        com_err(prog_name, retval, _("while resetting target ccache name"));
+        return retval;
+    }
+
+    defname = krb5_cc_default_name(context);
+    if (defname != NULL) {
+        if (strchr(defname, ':') != NULL) {
+            target = strdup(defname);
+        } else {
+            if (asprintf(&target, "FILE:%s", defname) < 0)
+                target = NULL;
+        }
+    }
+    if (target == NULL) {
+        com_err(prog_name, ENOMEM, _("while determining target ccache name"));
+        return ENOMEM;
+    }
+    *target_out = target;
+    return 0;
+}
+
+/* Determine where the target user's creds should be stored.  Print an error
+ * message on failure. */
+static krb5_error_code
+resolve_target_cache(krb5_context context, krb5_principal princ,
+                     krb5_ccache *ccache_out, krb5_boolean *ccache_reused)
+{
+    krb5_error_code retval;
+    krb5_boolean switchable, reused = FALSE;
+    krb5_ccache ccache = NULL;
+    char *sep, *ccname = NULL, *sym = NULL, *target;
+
+    *ccache_out = NULL;
+    *ccache_reused = FALSE;
+
+    retval = get_configured_defccname(context, &target);
+    if (retval != 0)
+        return retval;
+
+    /* Check if the configured default name uses a switchable type. */
+    sep = strchr(target, ':');
+    *sep = '\0';
+    switchable = krb5_cc_support_switch(context, target);
+    *sep = ':';
+
+    if (!switchable) {
+        /* Try to avoid destroying an in-use target ccache by coming up with
+         * the name of a cache that doesn't exist yet. */
+        do {
+            free(ccname);
+            retval = gen_sym(context, &sym);
+            if (retval) {
+                com_err(prog_name, retval,
+                        _("while generating part of the target ccache name"));
+                return retval;
+            }
+            if (asprintf(&ccname, "%s.%s", target, sym) < 0) {
+                retval = ENOMEM;
+                free(sym);
+                com_err(prog_name, retval, _("while allocating memory for the "
+                                             "target ccache name"));
+                goto cleanup;
+            }
+            free(sym);
+        } while (ks_ccache_name_is_initialized(context, ccname));
+        retval = krb5_cc_resolve(context, ccname, &ccache);
+    } else {
+        /* Look for a cache in the collection that we can reuse. */
+        retval = krb5_cc_cache_match(context, princ, &ccache);
+        if (retval == 0) {
+            reused = TRUE;
+        } else {
+            /* There isn't one, so create a new one. */
+            *sep = '\0';
+            retval = krb5_cc_new_unique(context, target, NULL, &ccache);
+            *sep = ':';
+            if (retval) {
+                com_err(prog_name, retval,
+                        _("while creating new target ccache"));
+                goto cleanup;
+            }
+            retval = krb5_cc_initialize(context, ccache, princ);
+            if (retval) {
+                com_err(prog_name, retval,
+                        _("while initializing target cache"));
+                goto cleanup;
+            }
+        }
+    }
+
+    *ccache_out = ccache;
+    *ccache_reused = reused;
+
+cleanup:
+    free(target);
+    return retval;
+}
+
+#ifdef HAVE_GETUSERSHELL
+
+int standard_shell(sh)
+    char *sh;
+{
+    char *cp;
+    char *getusershell();
+
+    while ((cp = getusershell()) != NULL)
+        if (!strcmp(cp, sh))
+            return (1);
+    return (0);
+}
+
+#endif /* HAVE_GETUSERSHELL */
+
+static char * ontty()
+{
+    char *p;
+    static char buf[MAXPATHLEN + 5];
+    int result;
+
+    buf[0] = 0;
+    if ((p = ttyname(STDERR_FILENO))) {
+        result = snprintf(buf, sizeof(buf), " on %s", p);
+        if (SNPRINTF_OVERFLOW(result, sizeof(buf))) {
+            fprintf(stderr, _("terminal name %s too long\n"), p);
+            exit (1);
+        }
+    }
+    return (buf);
+}
+
+
+static int set_env_var(name, value)
+    char *name;
+    char *value;
+{
+    char * env_var_buf;
+
+    asprintf(&env_var_buf,"%s=%s",name, value);
+    return putenv(env_var_buf);
+
+}
+
+static void sweep_up(context, cc)
+    krb5_context context;
+    krb5_ccache cc;
+{
+    krb5_error_code retval;
+
+    krb5_seteuid(0);
+    if (krb5_seteuid(target_uid) < 0) {
+        com_err(prog_name, errno,
+                _("while changing to target uid for destroying ccache"));
+        exit(1);
+    }
+
+    if (ks_ccache_is_initialized(context, cc)) {
+        if ((retval = krb5_cc_destroy(context, cc)))
+            com_err(prog_name, retval, _("while destroying cache"));
+    }
+}
+
+/*****************************************************************
+get_params is to be called for the -a option or -e option to
+           collect all params passed in for the shell or for
+           cmd.  An array is returned containing all params.
+           optindex is incremented accordingly and the first
+           element in the returned array is reserved for the
+           name of the command to be executed or the name of the
+           shell.
+*****************************************************************/
+
+krb5_error_code
+get_params(optindex, pargc, pargv, params)
+    int *optindex;
+    int pargc;
+    char **pargv;
+    char ***params;
+{
+
+    int i,j;
+    char ** ret_params;
+    int size = pargc - *optindex + 2;
+
+    if ((ret_params = (char **) calloc(size, sizeof (char *)))== NULL ){
+        return ENOMEM;
+    }
+
+    for (i = *optindex, j=1; i < pargc; i++,j++){
+        ret_params[j] = pargv[i];
+        *optindex = *optindex + 1;
+    }
+
+    ret_params[size-1] = NULL;
+    *params = ret_params;
+    return 0;
+}
+
+static
+void print_status(const char *fmt, ...)
+{
+    va_list ap;
+    if (! quiet){
+        va_start(ap, fmt);
+        vfprintf(stderr, fmt, ap);
+        va_end(ap);
+    }
+}
+
+krb5_error_code
+ksu_tgtname(context, server, client, tgtprinc)
+    krb5_context context;
+    const krb5_data *server, *client;
+    krb5_principal *tgtprinc;
+{
+    return krb5_build_principal_ext(context, tgtprinc, client->length, client->data,
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    server->length, server->data,
+                                    0);
+}
diff --git a/krb5-1.21.3/src/clients/ksu/setenv.c b/krb5-1.21.3/src/clients/ksu/setenv.c
new file mode 100644
index 00000000..c7bd369b
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/setenv.c
@@ -0,0 +1,174 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 1987 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright (c) 1987 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* based on @(#)setenv.c        5.2 (Berkeley) 6/27/88 */
+
+#include "autoconf.h"
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static char *_findenv(char *, int *);
+
+#ifndef HAVE_SETENV
+extern int setenv(char *, char *, int);
+#endif
+#ifndef HAVE_UNSETENV
+extern void unsetenv(char *);
+#endif
+
+/*
+ * setenv --
+ *      Set the value of the environmental variable "name" to be
+ *      "value".  If rewrite is set, replace any current value.
+ */
+#ifndef HAVE_SETENV
+int
+setenv(name, value, rewrite)
+    char *name, *value;
+    int rewrite;
+{
+    extern char **environ;
+    static int alloced;                     /* if allocated space before */
+    char *C;
+    int l_value, offset;
+
+    if (*value == '=')                      /* no `=' in value */
+        ++value;
+    l_value = strlen(value);
+    if ((C = _findenv(name, &offset))) {    /* find if already exists */
+        if (!rewrite)
+            return(0);
+        if (strlen(C) >= l_value) {     /* old larger; copy over */
+            while ((*C++ = *value++));
+            return(0);
+        }
+    }
+    else {                                  /* create new slot */
+        int    cnt;
+        char   **P;
+
+        for (P = environ, cnt = 0; *P; ++P, ++cnt);
+        if (alloced) {                  /* just increase size */
+            environ = (char **)realloc((char *)environ,
+                                       (u_int)(sizeof(char *) * (cnt + 2)));
+            if (!environ)
+                return(-1);
+        }
+        else {                          /* get new space */
+            alloced = 1;            /* copy old entries into it */
+            P = (char **)malloc((u_int)(sizeof(char *) *
+                                        (cnt + 2)));
+            if (!P)
+                return(-1);
+            memcpy(P, environ, cnt * sizeof(char *));
+            environ = P;
+        }
+        environ[cnt + 1] = NULL;
+        offset = cnt;
+    }
+    for (C = name; *C && *C != '='; ++C);   /* no `=' in name */
+    if (!(environ[offset] =                 /* name + `=' + value */
+          malloc((u_int)((int)(C - name) + l_value + 2))))
+        return(-1);
+    for (C = environ[offset]; (*C = *name++) &&( *C != '='); ++C);
+    for (*C++ = '='; (*C++ = *value++) != NULL;);
+    return(0);
+}
+#endif
+
+/*
+ * unsetenv(name) --
+ *      Delete environmental variable "name".
+ */
+#ifndef HAVE_UNSETENV
+void
+unsetenv(name)
+    char    *name;
+{
+    extern  char    **environ;
+    char   **P;
+    int     offset;
+
+    while (_findenv(name, &offset))         /* if set multiple times */
+        for (P = &environ[offset];; ++P)
+            if (!(*P = *(P + 1)))
+                break;
+}
+#endif
+
+/* based on @(#)getenv.c        5.5 (Berkeley) 6/27/88 */
+
+/*
+ * getenv --
+ *      Returns ptr to value associated with name, if any, else NULL.
+ */
+#ifndef HAVE_GETENV
+char *
+getenv(name)
+    char *name;
+{
+    int offset;
+
+    return(_findenv(name, &offset));
+}
+#endif
+
+/*
+ * _findenv --
+ *      Returns pointer to value associated with name, if any, else NULL.
+ *      Sets offset to be the offset of the name/value combination in the
+ *      environmental array, for use by setenv(3) and unsetenv(3).
+ *      Explicitly removes '=' in argument name.
+ *
+ */
+static char *
+_findenv(name, offset)
+    char *name;
+    int *offset;
+{
+    extern char **environ;
+    int len;
+    char **P, *C;
+
+    for (C = name, len = 0; *C && *C != '='; ++C, ++len);
+    for (P = environ; *P; ++P)
+        if (!strncmp(*P, name, len))
+            if (*(C = *P + len) == '=') {
+                *offset = P - environ;
+                return(++C);
+            }
+    return(NULL);
+}
diff --git a/krb5-1.21.3/src/clients/ksu/xmalloc.c b/krb5-1.21.3/src/clients/ksu/xmalloc.c
new file mode 100644
index 00000000..430a6b3b
--- /dev/null
+++ b/krb5-1.21.3/src/clients/ksu/xmalloc.c
@@ -0,0 +1,80 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/ksu/xmalloc.c - Exit-on-failure allocation wrappers */
+/*
+ * Copyright 1999 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include "ksu.h"
+
+void *xmalloc (size_t sz)
+{
+    void *ret = malloc (sz);
+    if (ret == 0 && sz != 0) {
+        perror (prog_name);
+        exit (1);
+    }
+    return ret;
+}
+
+void *xrealloc (void *old, size_t newsz)
+{
+    void *ret = realloc (old, newsz);
+    if (ret == 0 && newsz != 0) {
+        perror (prog_name);
+        exit (1);
+    }
+    return ret;
+}
+
+void *xcalloc (size_t nelts, size_t eltsz)
+{
+    void *ret = calloc (nelts, eltsz);
+    if (ret == 0 && nelts != 0 && eltsz != 0) {
+        perror (prog_name);
+        exit (1);
+    }
+    return ret;
+}
+
+char *xstrdup (const char *src)
+{
+    size_t len = strlen (src) + 1;
+    char *dst = xmalloc (len);
+    memcpy (dst, src, len);
+    return dst;
+}
+
+char *xasprintf (const char *format, ...)
+{
+    char *out;
+    va_list args;
+
+    va_start (args, format);
+    if (vasprintf(&out, format, args) < 0) {
+        perror (prog_name);
+        exit (1);
+    }
+    va_end(args);
+    return out;
+}
diff --git a/krb5-1.21.3/src/clients/kswitch/Makefile.in b/krb5-1.21.3/src/clients/kswitch/Makefile.in
new file mode 100644
index 00000000..e3d36806
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kswitch/Makefile.in
@@ -0,0 +1,33 @@
+mydir=clients$(S)kswitch
+BUILDTOP=$(REL)..$(S)..
+
+SRCS=kswitch.c
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KSWITCH=$(OUTPRE)kswitch.exe
+
+##WIN32##EXERES=$(KSWITCH:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKSWITCH_APP -fo $@ -r $**
+
+all-unix: kswitch
+##WIN32##all-windows: $(KSWITCH)
+
+kswitch: kswitch.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ kswitch.o $(KRB5_BASE_LIBS)
+
+##WIN32##$(KSWITCH): $(OUTPRE)kswitch.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) -out:$@ $**
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+clean-unix::
+	$(RM) kswitch.o kswitch
+
+install-unix:
+	for f in kswitch; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/kswitch/deps b/krb5-1.21.3/src/clients/kswitch/deps
new file mode 100644
index 00000000..0bb88b62
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kswitch/deps
@@ -0,0 +1,13 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kswitch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kswitch.c
diff --git a/krb5-1.21.3/src/clients/kswitch/kswitch.c b/krb5-1.21.3/src/clients/kswitch/kswitch.c
new file mode 100644
index 00000000..9cba7cb2
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kswitch/kswitch.c
@@ -0,0 +1,129 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* clients/kswitch/kswitch.c - Switch primary credential cache */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <locale.h>
+
+#ifndef _WIN32
+#define GET_PROGNAME(x) (strrchr((x), '/') ? strrchr((x), '/')+1 : (x))
+#else
+#define GET_PROGNAME(x) max(max(strrchr((x), '/'), strrchr((x), '\\')) + 1,(x))
+#endif
+
+static char *progname;
+
+static void
+usage(void)
+{
+    fprintf(stderr, _("Usage: %s {-c cache_name | -p principal}\n"), progname);
+    fprintf(stderr, _("\t-c specify name of credentials cache\n"));
+    fprintf(stderr, _("\t-p specify name of principal\n"));
+    exit(2);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_error_code ret;
+    int c;
+    krb5_ccache cache = NULL;
+    krb5_principal princ = NULL;
+    const char *cache_name = NULL, *princ_name = NULL;
+    krb5_boolean errflag = FALSE;
+
+    setlocale(LC_ALL, "");
+    progname = GET_PROGNAME(argv[0]);
+
+    while ((c = getopt(argc, argv, "c:p:")) != -1) {
+        switch (c) {
+        case 'c':
+        case 'p':
+            if (cache_name || princ_name) {
+                fprintf(stderr, _("Only one -c or -p option allowed\n"));
+                errflag = TRUE;
+            } else if (c == 'c') {
+                cache_name = optarg;
+            } else {
+                princ_name = optarg;
+            }
+            break;
+        case '?':
+        default:
+            errflag = TRUE;
+            break;
+        }
+    }
+
+    if (optind != argc)
+        errflag = TRUE;
+
+    if (!cache_name && !princ_name) {
+        fprintf(stderr, _("One of -c or -p must be specified\n"));
+        errflag = TRUE;
+    }
+
+    if (errflag)
+        usage();
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(progname, ret, _("while initializing krb5"));
+        exit(1);
+    }
+
+    if (cache_name) {
+        ret = krb5_cc_resolve(context, cache_name, &cache);
+        if (ret != 0) {
+            com_err(progname, ret, _("while resolving %s"), cache_name);
+            exit(1);
+        }
+    } else {
+        ret = krb5_parse_name(context, princ_name, &princ);
+        if (ret) {
+            com_err(progname, ret, _("while parsing principal name %s"),
+                    princ_name);
+            exit(1);
+        }
+        ret = krb5_cc_cache_match(context, princ, &cache);
+        if (ret) {
+            com_err(progname, ret, _("while searching for ccache for %s"),
+                    princ_name);
+            exit(1);
+        }
+        krb5_free_principal(context, princ);
+    }
+
+    ret = krb5_cc_switch(context, cache);
+    if (ret != 0) {
+        com_err(progname, ret, _("while switching to credential cache"));
+        exit(1);
+    }
+
+    krb5_cc_close(context, cache);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/clients/kvno/Makefile.in b/krb5-1.21.3/src/clients/kvno/Makefile.in
new file mode 100644
index 00000000..5ba87727
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kvno/Makefile.in
@@ -0,0 +1,39 @@
+mydir=clients$(S)kvno
+BUILDTOP=$(REL)..$(S)..
+
+##WIN32##LOCALINCLUDES=-I$(BUILDTOP)\util\windows\
+
+SRCS=kvno.c
+
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##KVNO=$(OUTPRE)kvno.exe
+
+##WIN32##EXERES=$(KVNO:.exe=.res)
+
+##WIN32##$(EXERES): $(VERSIONRC)
+##WIN32##        $(RC) $(RCFLAGS) -DKVNO_APP -fo $@ -r $**
+
+all-unix: kvno
+
+##WIN32##all-windows: $(KVNO)
+
+kvno: kvno.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ kvno.o $(KRB5_BASE_LIBS)
+
+##WIN32##$(KVNO): $(OUTPRE)kvno.obj $(SLIB) $(KLIB) $(CLIB) $(EXERES)
+##WIN32##	link $(EXE_LINKOPTS) /out:$@ $**
+##WIN32##	$(_VC_MANIFEST_EMBED_EXE)
+
+check-pytests: kvno
+	$(RUNPYTEST) $(srcdir)/t_kvno.py $(PYTESTFLAGS)
+
+clean-unix::
+	$(RM) kvno.o kvno
+
+install-unix:
+	for f in kvno; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
diff --git a/krb5-1.21.3/src/clients/kvno/deps b/krb5-1.21.3/src/clients/kvno/deps
new file mode 100644
index 00000000..d37d764c
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kvno/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kvno.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-base64.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kvno.c
diff --git a/krb5-1.21.3/src/clients/kvno/kvno.c b/krb5-1.21.3/src/clients/kvno/kvno.c
new file mode 100644
index 00000000..03f72f59
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kvno/kvno.c
@@ -0,0 +1,609 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-platform.h"
+#include "k5-buf.h"
+#include "k5-base64.h"
+#include <locale.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+#include <ctype.h>
+
+static char *prog;
+static int quiet = 0;
+
+static void
+xusage()
+{
+    fprintf(stderr, _("usage: %s [-c ccache] [-e etype] [-k keytab] [-q] "
+                      "[-u | -S sname]\n"
+                      "\t[[{-F cert_file | {-I | -U} for_user} [-P]] | "
+                      "--u2u ccache]\n"
+                      "\t[--cached-only] [--no-store] [--out-cache] "
+                      "service1 service2 ...\n"),
+            prog);
+    exit(1);
+}
+
+static void do_v5_kvno(int argc, char *argv[], char *ccachestr, char *etypestr,
+                       char *keytab_name, char *sname, int cached_only,
+                       int canon, int no_store, int unknown, char *for_user,
+                       int for_user_enterprise, char *for_user_cert_file,
+                       int proxy, const char *out_ccname,
+                       const char *u2u_ccname);
+
+#include <com_err.h>
+static void extended_com_err_fn(const char *myprog, errcode_t code,
+                                const char *fmt, va_list args);
+
+int
+main(int argc, char *argv[])
+{
+    enum { OPTION_U2U = 256, OPTION_OUT_CACHE = 257 };
+    const char *shopts = "uCc:e:hk:qPS:I:U:F:";
+    int option;
+    char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL;
+    char *sname = NULL, *for_user = NULL, *u2u_ccname = NULL;
+    char *for_user_cert_file = NULL, *out_ccname = NULL;
+    int canon = 0, unknown = 0, proxy = 0, for_user_enterprise = 0;
+    int impersonate = 0, cached_only = 0, no_store = 0;
+    struct option lopts[] = {
+        { "cached-only", 0, &cached_only, 1 },
+        { "no-store", 0, &no_store, 1 },
+        { "out-cache", 1, NULL, OPTION_OUT_CACHE },
+        { "u2u", 1, NULL, OPTION_U2U },
+        { NULL, 0, NULL, 0 }
+    };
+
+    setlocale(LC_ALL, "");
+    set_com_err_hook(extended_com_err_fn);
+
+    prog = strrchr(argv[0], '/');
+    prog = prog ? (prog + 1) : argv[0];
+
+    while ((option = getopt_long(argc, argv, shopts, lopts, NULL)) != -1) {
+        switch (option) {
+        case 'C':
+            canon = 1;
+            break;
+        case 'c':
+            ccachestr = optarg;
+            break;
+        case 'e':
+            etypestr = optarg;
+            break;
+        case 'h':
+            xusage();
+            break;
+        case 'k':
+            keytab_name = optarg;
+            break;
+        case 'q':
+            quiet = 1;
+            break;
+        case 'P':
+            proxy = 1; /* S4U2Proxy - constrained delegation */
+            break;
+        case 'S':
+            sname = optarg;
+            if (unknown == 1) {
+                fprintf(stderr,
+                        _("Options -u and -S are mutually exclusive\n"));
+                xusage();
+            }
+            break;
+        case 'u':
+            unknown = 1;
+            if (sname != NULL) {
+                fprintf(stderr,
+                        _("Options -u and -S are mutually exclusive\n"));
+                xusage();
+            }
+            break;
+        case 'I':
+            impersonate = 1;
+            for_user = optarg;
+            break;
+        case 'U':
+            impersonate = 1;
+            for_user_enterprise = 1;
+            for_user = optarg;
+            break;
+        case 'F':
+            impersonate = 1;
+            for_user_cert_file = optarg;
+            break;
+        case OPTION_U2U:
+            u2u_ccname = optarg;
+            break;
+        case OPTION_OUT_CACHE:
+            out_ccname = optarg;
+            break;
+        case 0:
+            /* If this option set a flag, do nothing else now. */
+            break;
+        default:
+            xusage();
+            break;
+        }
+    }
+
+    if (u2u_ccname != NULL && impersonate) {
+        fprintf(stderr,
+                _("Options --u2u and -I|-U|-F are mutually exclusive\n"));
+        xusage();
+    }
+
+    if (proxy) {
+        if (!impersonate) {
+            fprintf(stderr, _("Option -P (constrained delegation) requires "
+                              "option -I|-U|-F (protocol transition)\n"));
+            xusage();
+        }
+    }
+
+    if (argc - optind < 1)
+        xusage();
+
+    do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name,
+               sname, cached_only, canon, no_store, unknown, for_user,
+               for_user_enterprise, for_user_cert_file, proxy, out_ccname,
+               u2u_ccname);
+    return 0;
+}
+
+#include <k5-int.h>
+static krb5_context context;
+static void extended_com_err_fn(const char *myprog, errcode_t code,
+                                const char *fmt, va_list args)
+{
+    const char *emsg;
+
+    emsg = krb5_get_error_message(context, code);
+    fprintf(stderr, "%s: %s ", myprog, emsg);
+    krb5_free_error_message(context, emsg);
+    vfprintf(stderr, fmt, args);
+    fprintf(stderr, "\n");
+}
+
+/* Read a line from fp into buf.  Trim any trailing whitespace, and return a
+ * pointer to the first non-whitespace character. */
+static const char *
+read_line(FILE *fp, char *buf, size_t bufsize)
+{
+    char *end, *begin;
+
+    if (fgets(buf, bufsize, fp) == NULL)
+        return NULL;
+
+    end = buf + strlen(buf);
+    while (end > buf && isspace((uint8_t)end[-1]))
+        *--end = '\0';
+
+    begin = buf;
+    while (isspace((uint8_t)*begin))
+        begin++;
+
+    return begin;
+}
+
+/* Read a certificate from file_name in PEM format, placing the DER
+ * representation of the certificate in *der_out. */
+static krb5_error_code
+read_pem_file(char *file_name, krb5_data *der_out)
+{
+    krb5_error_code ret = 0;
+    FILE *fp = NULL;
+    const char *begin_line = "-----BEGIN CERTIFICATE-----";
+    const char *end_line = "-----END ", *line;
+    char linebuf[256], *b64;
+    struct k5buf buf = EMPTY_K5BUF;
+    uint8_t *der_cert;
+    size_t dlen;
+
+    *der_out = empty_data();
+
+    fp = fopen(file_name, "r");
+    if (fp == NULL)
+        return errno;
+
+    for (;;) {
+        line = read_line(fp, linebuf, sizeof(linebuf));
+        if (line == NULL) {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("No begin line not found"));
+            goto cleanup;
+        }
+        if (strncmp(line, begin_line, strlen(begin_line)) == 0)
+            break;
+    }
+
+    k5_buf_init_dynamic(&buf);
+    for (;;) {
+        line = read_line(fp, linebuf, sizeof(linebuf));
+        if (line == NULL) {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("No end line found"));
+            goto cleanup;
+        }
+
+        if (strncmp(line, end_line, strlen(end_line)) == 0)
+            break;
+
+        /* Header lines would be expected for an actual privacy-enhanced mail
+         * message, but not for a certificate. */
+        if (*line == '\0' || strchr(line, ':') != NULL) {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("Unexpected header line"));
+            goto cleanup;
+        }
+
+        k5_buf_add(&buf, line);
+    }
+
+    b64 = k5_buf_cstring(&buf);
+    if (b64 == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    der_cert = k5_base64_decode(b64, &dlen);
+    if (der_cert == NULL) {
+        ret = EINVAL;
+        k5_setmsg(context, ret, _("Invalid base64"));
+        goto cleanup;
+    }
+
+    *der_out = make_data(der_cert, dlen);
+
+cleanup:
+    fclose(fp);
+    k5_buf_free(&buf);
+    return ret;
+}
+
+/* Request a single service ticket and display its status (unless quiet is
+ * set).  On failure, display an error message and return non-zero. */
+static krb5_error_code
+kvno(const char *name, krb5_ccache ccache, krb5_principal me,
+     krb5_enctype etype, krb5_keytab keytab, const char *sname,
+     krb5_flags options, int unknown, krb5_principal for_user_princ,
+     krb5_data *for_user_cert, int proxy, krb5_data *u2u_ticket,
+     krb5_creds **creds_out)
+{
+    krb5_error_code ret;
+    krb5_principal server = NULL;
+    krb5_ticket *ticket = NULL;
+    krb5_creds in_creds, *creds = NULL;
+    char *princ = NULL;
+
+    *creds_out = NULL;
+    memset(&in_creds, 0, sizeof(in_creds));
+
+    if (sname != NULL) {
+        ret = krb5_sname_to_principal(context, name, sname, KRB5_NT_SRV_HST,
+                                      &server);
+    } else {
+        ret = krb5_parse_name(context, name, &server);
+    }
+    if (ret) {
+        if (!quiet)
+            com_err(prog, ret, _("while parsing principal name %s"), name);
+        goto cleanup;
+    }
+    if (unknown)
+        krb5_princ_type(context, server) = KRB5_NT_UNKNOWN;
+
+    ret = krb5_unparse_name(context, server, &princ);
+    if (ret) {
+        com_err(prog, ret, _("while formatting parsed principal name for "
+                             "'%s'"), name);
+        goto cleanup;
+    }
+
+    in_creds.keyblock.enctype = etype;
+
+    if (u2u_ticket != NULL)
+        in_creds.second_ticket = *u2u_ticket;
+
+    if (for_user_princ != NULL || for_user_cert != NULL) {
+        if (!proxy && !krb5_principal_compare(context, me, server)) {
+            ret = EINVAL;
+            com_err(prog, ret,
+                    _("client and server principal names must match"));
+            goto cleanup;
+        }
+
+        in_creds.client = for_user_princ;
+        in_creds.server = me;
+        ret = krb5_get_credentials_for_user(context, options, ccache,
+                                            &in_creds, for_user_cert, &creds);
+    } else {
+        in_creds.client = me;
+        in_creds.server = server;
+        ret = krb5_get_credentials(context, options, ccache, &in_creds,
+                                   &creds);
+    }
+
+    if (ret) {
+        com_err(prog, ret, _("while getting credentials for %s"), princ);
+        goto cleanup;
+    }
+
+    /* We need a native ticket. */
+    ret = krb5_decode_ticket(&creds->ticket, &ticket);
+    if (ret) {
+        com_err(prog, ret, _("while decoding ticket for %s"), princ);
+        goto cleanup;
+    }
+
+    if (keytab != NULL) {
+        ret = krb5_server_decrypt_ticket_keytab(context, keytab, ticket);
+        if (ret) {
+            if (!quiet) {
+                fprintf(stderr, "%s: kvno = %d, keytab entry invalid\n", princ,
+                        ticket->enc_part.kvno);
+            }
+            com_err(prog, ret, _("while decrypting ticket for %s"), princ);
+            goto cleanup;
+        }
+        if (!quiet) {
+            printf(_("%s: kvno = %d, keytab entry valid\n"), princ,
+                   ticket->enc_part.kvno);
+        }
+    } else {
+        if (!quiet)
+            printf(_("%s: kvno = %d\n"), princ, ticket->enc_part.kvno);
+    }
+
+    if (proxy) {
+        in_creds.client = creds->client;
+        creds->client = NULL;
+        krb5_free_creds(context, creds);
+        creds = NULL;
+        in_creds.server = server;
+
+        ret = krb5_get_credentials_for_proxy(context, KRB5_GC_CANONICALIZE,
+                                             ccache, &in_creds, ticket,
+                                             &creds);
+        krb5_free_principal(context, in_creds.client);
+        if (ret) {
+            com_err(prog, ret, _("%s: constrained delegation failed"),
+                    princ);
+            goto cleanup;
+        }
+    }
+
+    *creds_out = creds;
+    creds = NULL;
+
+cleanup:
+    krb5_free_principal(context, server);
+    krb5_free_ticket(context, ticket);
+    krb5_free_creds(context, creds);
+    krb5_free_unparsed_name(context, princ);
+    return ret;
+}
+
+/* Fetch the encoded local TGT for ccname's default client principal. */
+static krb5_error_code
+get_u2u_ticket(const char *ccname, krb5_data **ticket_out)
+{
+    krb5_error_code ret;
+    krb5_ccache cc = NULL;
+    krb5_creds mcred, *creds = NULL;
+
+    *ticket_out = NULL;
+    memset(&mcred, 0, sizeof(mcred));
+
+    ret = krb5_cc_resolve(context, ccname, &cc);
+    if (ret)
+        goto cleanup;
+    ret = krb5_cc_get_principal(context, cc, &mcred.client);
+    if (ret)
+        goto cleanup;
+    ret = krb5_build_principal_ext(context, &mcred.server,
+                                   mcred.client->realm.length,
+                                   mcred.client->realm.data,
+                                   KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                   mcred.client->realm.length,
+                                   mcred.client->realm.data, 0);
+    if (ret)
+        goto cleanup;
+    ret = krb5_get_credentials(context, KRB5_GC_CACHED, cc, &mcred, &creds);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_copy_data(context, &creds->ticket, ticket_out);
+
+cleanup:
+    if (cc != NULL)
+        krb5_cc_close(context, cc);
+    krb5_free_cred_contents(context, &mcred);
+    krb5_free_creds(context, creds);
+    return ret;
+}
+
+static void
+do_v5_kvno(int count, char *names[], char * ccachestr, char *etypestr,
+           char *keytab_name, char *sname, int cached_only, int canon,
+           int no_store, int unknown, char *for_user, int for_user_enterprise,
+           char *for_user_cert_file, int proxy, const char *out_ccname,
+           const char *u2u_ccname)
+{
+    krb5_error_code ret;
+    int i, errors, flags, initialized = 0;
+    krb5_enctype etype;
+    krb5_ccache ccache, mcc, out_ccache = NULL;
+    krb5_principal me;
+    krb5_keytab keytab = NULL;
+    krb5_principal for_user_princ = NULL;
+    krb5_flags options = 0;
+    krb5_data cert_data = empty_data(), *user_cert = NULL, *u2u_ticket = NULL;
+    krb5_creds *creds;
+
+    if (canon)
+        options |= KRB5_GC_CANONICALIZE;
+    if (cached_only)
+        options |= KRB5_GC_CACHED;
+    if (no_store || out_ccname != NULL)
+        options |= KRB5_GC_NO_STORE;
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(prog, ret, _("while initializing krb5 library"));
+        exit(1);
+    }
+
+    if (etypestr) {
+        ret = krb5_string_to_enctype(etypestr, &etype);
+        if (ret) {
+            com_err(prog, ret, _("while converting etype"));
+            exit(1);
+        }
+    } else {
+        etype = 0;
+    }
+
+    if (ccachestr)
+        ret = krb5_cc_resolve(context, ccachestr, &ccache);
+    else
+        ret = krb5_cc_default(context, &ccache);
+    if (ret) {
+        com_err(prog, ret, _("while opening ccache"));
+        exit(1);
+    }
+
+    if (out_ccname != NULL) {
+        ret = krb5_cc_resolve(context, out_ccname, &out_ccache);
+        if (ret) {
+            com_err(prog, ret, _("while resolving output ccache"));
+            exit(1);
+        }
+    }
+
+    if (keytab_name != NULL) {
+        ret = krb5_kt_resolve(context, keytab_name, &keytab);
+        if (ret) {
+            com_err(prog, ret, _("resolving keytab %s"), keytab_name);
+            exit(1);
+        }
+    }
+
+    if (for_user) {
+        flags = for_user_enterprise ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0;
+        ret = krb5_parse_name_flags(context, for_user, flags, &for_user_princ);
+        if (ret) {
+            com_err(prog, ret, _("while parsing principal name %s"), for_user);
+            exit(1);
+        }
+    }
+
+    if (for_user_cert_file != NULL) {
+        ret = read_pem_file(for_user_cert_file, &cert_data);
+        if (ret) {
+            com_err(prog, ret, _("while reading certificate file %s"),
+                    for_user_cert_file);
+            exit(1);
+        }
+        user_cert = &cert_data;
+    }
+
+    if (u2u_ccname != NULL) {
+        ret = get_u2u_ticket(u2u_ccname, &u2u_ticket);
+        if (ret) {
+            com_err(prog, ret, _("while getting user-to-user ticket from %s"),
+                    u2u_ccname);
+            exit(1);
+        }
+        options |= KRB5_GC_USER_USER;
+    }
+
+    ret = krb5_cc_get_principal(context, ccache, &me);
+    if (ret) {
+        com_err(prog, ret, _("while getting client principal name"));
+        exit(1);
+    }
+
+    if (out_ccache != NULL) {
+        ret = krb5_cc_new_unique(context, "MEMORY", NULL, &mcc);
+        if (ret) {
+            com_err(prog, ret, _("while creating temporary output ccache"));
+            exit(1);
+        }
+    }
+
+    errors = 0;
+    for (i = 0; i < count; i++) {
+        if (kvno(names[i], ccache, me, etype, keytab, sname, options, unknown,
+                 for_user_princ, user_cert, proxy, u2u_ticket, &creds) != 0) {
+            errors++;
+        } else if (out_ccache != NULL) {
+            if (!initialized) {
+                ret = krb5_cc_initialize(context, mcc, creds->client);
+                if (ret) {
+                    com_err(prog, ret, _("while initializing output ccache"));
+                    exit(1);
+                }
+                initialized = 1;
+            }
+            if (count == 1)
+                ret = k5_cc_store_primary_cred(context, mcc, creds);
+            else
+                ret = krb5_cc_store_cred(context, mcc, creds);
+            if (ret) {
+                com_err(prog, ret, _("while storing creds in output ccache"));
+                exit(1);
+            }
+        }
+
+        krb5_free_creds(context, creds);
+    }
+
+    if (!errors && out_ccache != NULL) {
+        ret = krb5_cc_move(context, mcc, out_ccache);
+        if (ret) {
+            com_err(prog, ret, _("while writing output ccache"));
+            exit(1);
+        }
+    }
+
+    if (keytab != NULL)
+        krb5_kt_close(context, keytab);
+    krb5_free_principal(context, me);
+    krb5_free_principal(context, for_user_princ);
+    krb5_cc_close(context, ccache);
+    krb5_free_data(context, u2u_ticket);
+    krb5_free_data_contents(context, &cert_data);
+    krb5_free_context(context);
+
+    if (errors)
+        exit(1);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/clients/kvno/t_kvno.py b/krb5-1.21.3/src/clients/kvno/t_kvno.py
new file mode 100644
index 00000000..e98b90e8
--- /dev/null
+++ b/krb5-1.21.3/src/clients/kvno/t_kvno.py
@@ -0,0 +1,75 @@
+from k5test import *
+
+realm = K5Realm()
+
+def check_cache(ccache, expected_services):
+    # Fetch the klist output and skip past the header.
+    lines = realm.run([klist, '-c', ccache]).splitlines()
+    lines = lines[4:]
+
+    # For each line not beginning with an indent, match against the
+    # expected service principals.
+    svcs = {x: True for x in expected_services}
+    for l in lines:
+        if not l.startswith('\t'):
+            svcprinc = l.split()[4]
+            if svcprinc in svcs:
+                del svcs[svcprinc]
+            else:
+                fail('unexpected service princ ' + svcprinc)
+
+    if svcs:
+        fail('services not found in klist output: ' + ' '.join(svcs.keys()))
+
+
+mark('no options')
+realm.run([kvno, realm.user_princ], expected_msg='user@KRBTEST.COM: kvno = 1')
+check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
+
+mark('-e')
+msgs = ('etypes requested in TGS request: camellia128-cts',
+        '/KDC has no support for encryption type')
+realm.run([kvno, '-e', 'camellia128-cts', realm.host_princ],
+          expected_code=1, expected_trace=msgs)
+
+mark('--cached-only')
+realm.run([kvno, '--cached-only', realm.user_princ], expected_msg='kvno = 1')
+realm.run([kvno, '--cached-only', realm.host_princ],
+          expected_code=1, expected_msg='Matching credential not found')
+check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
+
+mark('--no-store')
+realm.run([kvno, '--no-store', realm.host_princ], expected_msg='kvno = 1')
+check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
+
+mark('--out-cache') # and multiple services
+out_ccache = os.path.join(realm.testdir, 'ccache.out')
+realm.run([kvno, '--out-cache', out_ccache,
+           realm.host_princ, realm.admin_princ])
+check_cache(realm.ccache, [realm.krbtgt_princ, realm.user_princ])
+check_cache(out_ccache, [realm.host_princ, realm.admin_princ])
+
+mark('--out-cache --cached-only') # tests out-cache overwriting, and -q
+realm.run([kvno, '--out-cache', out_ccache, '--cached-only', realm.host_princ],
+          expected_code=1, expected_msg='Matching credential not found')
+out = realm.run([kvno, '-q', '--out-cache', out_ccache, '--cached-only',
+                 realm.user_princ])
+if out:
+    fail('unexpected kvno output with -q')
+check_cache(out_ccache, [realm.user_princ])
+
+mark('-U') # and -c
+svc_ccache = os.path.join(realm.testdir, 'ccache.svc')
+realm.run([kinit, '-k', '-c', svc_ccache, realm.host_princ])
+realm.run([kvno, '-c', svc_ccache, '-U', 'user', realm.host_princ])
+realm.run([klist, '-c', svc_ccache], expected_msg='for client user@')
+realm.run([kvno, '-c', svc_ccache, '-U', 'user', '--out-cache', out_ccache,
+           realm.host_princ])
+out = realm.run([klist, '-c', out_ccache])
+if ('Default principal: user@KRBTEST.COM' not in out):
+    fail('wrong default principal in klist output')
+
+# More S4U options are tested in tests/gssapi/t_s4u.py.
+# --u2u is tested in tests/t_u2u.py.
+
+success('kvno tests')
diff --git a/krb5-1.21.3/src/config-files/Makefile.in b/krb5-1.21.3/src/config-files/Makefile.in
new file mode 100644
index 00000000..0f2a0b2c
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/Makefile.in
@@ -0,0 +1,8 @@
+mydir=config-files
+BUILDTOP=$(REL)..
+all:
+
+install:
+	$(INSTALL_DATA) $(srcdir)/kdc.conf ${DESTDIR}$(EXAMPLEDIR)/kdc.conf
+	$(INSTALL_DATA) $(srcdir)/krb5.conf ${DESTDIR}$(EXAMPLEDIR)/krb5.conf
+	$(INSTALL_DATA) $(srcdir)/services.append ${DESTDIR}$(EXAMPLEDIR)/services.append
diff --git a/krb5-1.21.3/src/config-files/convert-config-files b/krb5-1.21.3/src/config-files/convert-config-files
new file mode 100644
index 00000000..53ddefff
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/convert-config-files
@@ -0,0 +1,84 @@
+#!/usr/bin/perl
+#
+# This program converts the old-style krb.conf and krb.realms files into the
+# new-format krb5.conf file.  It takes two arguments; the first is the krb.conf
+# file, and the second is the krb.realms file.  The krb5.conf file is output
+# to stdout.
+#
+# Written by Theodore Ts'o, 4/25/95
+#
+
+if ($#ARGV >= 0) {
+	$krb_conf_file = $ARGV[0];
+} else {
+	$krb_conf_file = "/etc/krb.conf";
+}
+
+if ($#ARGV >= 1) {
+	$krb_realms_file = $ARGV[1];
+} else {
+	$krb_realms_file = "/etc/krb.realms";
+}
+
+open(FILE, "<$krb_conf_file") || die "Couldn't open the krb.conf file\n";
+
+$_ = <FILE>;
+strip;
+$default_realm = $_;
+
+while(<FILE>) {
+	strip;
+	($realm, $host, $admin) = split;
+	if (!defined($realmpt{$realm})) {
+		$realmpt{$realm} = 1;
+	}
+	$realmkdc{$realm . "##" . $realmpt{$realm}} = $host;
+	$realmpt{$realm}++;
+	if ($admin eq "admin") {	
+		$realmadmin{$realm} = $host;
+	}
+}
+
+close(FILE);
+
+open(FILE, "<$krb_realms_file") || die "Couldn't open krb.realms file";
+
+while (<FILE>) {
+	strip;
+	($domain, $realm) = split;
+	$domain =~ s/\.$//;
+	$domain =~ tr/[A-Z]/[a-z]/;
+	$dom_realm{$domain} = $realm;
+	if ($domain =~ /^\./) {
+		$domain =~ s/^\.//;
+		$def_realm{$realm} = $domain;
+	}
+}
+
+print "[libdefaults]\n\tdefault_realm = $default_realm\n";
+
+print "[realms]\n";
+
+foreach $realm (sort(keys(%realmpt))) {
+	print "\t$realm = {\n";
+	for ($i = 1; $i < $realmpt{$realm}; $i++) {
+		printf("\t\tkdc = %s\n", $realmkdc{$realm . "##" . $i});
+		
+	}
+	if (defined($realmadmin{$realm})) {
+		print "\t\tadmin_server = $realmadmin{$realm}\n";
+	}
+	if (defined($def_realm{$realm})) {
+		print "\t\tdefault_domain = $def_realm{$realm}\n";
+	}
+	print "\t}\n";
+}
+
+print "\n[domain_realm]\n";
+
+foreach $domain (keys(%dom_realm)) {
+	print "\t$domain = $dom_realm{$domain}\n";
+}
+
+
+
diff --git a/krb5-1.21.3/src/config-files/deps b/krb5-1.21.3/src/config-files/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/config-files/kdc.conf b/krb5-1.21.3/src/config-files/kdc.conf
new file mode 100644
index 00000000..bc5076d5
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/kdc.conf
@@ -0,0 +1,14 @@
+[kdcdefaults]
+	kdc_listen = 88
+	kdc_tcp_listen = 88
+
+[realms]
+	ATHENA.MIT.EDU = {
+		database_name = /usr/local/var/krb5kdc/principal
+		acl_file = /usr/local/var/krb5kdc/kadm5.acl
+		key_stash_file = /usr/local/var/krb5kdc/.k5.ATHENA.MIT.EDU
+		kdc_listen = 88
+		kdc_tcp_listen = 88
+		max_life = 10h 0m 0s
+		max_renewable_life = 7d 0h 0m 0s
+	}
diff --git a/krb5-1.21.3/src/config-files/krb5.conf b/krb5-1.21.3/src/config-files/krb5.conf
new file mode 100644
index 00000000..9d250bfa
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/krb5.conf
@@ -0,0 +1,19 @@
+[libdefaults]
+	default_realm = ATHENA.MIT.EDU
+
+[realms]
+# use "kdc = ..." if realm admins haven't put SRV records into DNS
+	ATHENA.MIT.EDU = {
+		admin_server = kerberos.mit.edu
+	}
+	ANDREW.CMU.EDU = {
+		admin_server = kdc-01.andrew.cmu.edu
+	}
+
+[domain_realm]
+	mit.edu = ATHENA.MIT.EDU
+	csail.mit.edu = CSAIL.MIT.EDU
+	.ucsc.edu = CATS.UCSC.EDU
+
+[logging]
+#	kdc = CONSOLE
diff --git a/krb5-1.21.3/src/config-files/mech b/krb5-1.21.3/src/config-files/mech
new file mode 100644
index 00000000..15c9fcd0
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/mech
@@ -0,0 +1,3 @@
+#kerberos_v5		1.2.840.48018.1.2.2	mech_krb5.so 
+#mskrb			1.2.840.113554.1.2.2	mech_krb5.so 
+#spnego			1.3.6.1.5.5.2		mech_spnego.so
diff --git a/krb5-1.21.3/src/config-files/services.append b/krb5-1.21.3/src/config-files/services.append
new file mode 100644
index 00000000..34d19566
--- /dev/null
+++ b/krb5-1.21.3/src/config-files/services.append
@@ -0,0 +1,12 @@
+kerberos	88/udp 		kdc		# Kerberos authentication--udp
+kerberos	88/tcp 		kdc		# Kerberos authentication--tcp
+kerberos_master	751/udp 			# Kerberos authentication
+kerberos_master	751/tcp 			# Kerberos authentication
+kerberos-adm	749/tcp				# Kerberos 5 admin/changepw
+kerberos-adm	749/udp				# Kerberos 5 admin/changepw
+kpop		1109/tcp			# Pop with Kerberos
+kshell		544/tcp		cmd		# and remote shell
+klogin		543/tcp				# Kerberos authenticated rlogin
+eklogin		2105/tcp			# Kerberos encrypted rlogin
+krb5_prop	754/tcp				# Kerberos replica propagation
+krb524		4444/tcp			# Kerberos 5 to 4 ticket xlator
diff --git a/krb5-1.21.3/src/config/ac-archive/README b/krb5-1.21.3/src/config/ac-archive/README
new file mode 100644
index 00000000..7c28643c
--- /dev/null
+++ b/krb5-1.21.3/src/config/ac-archive/README
@@ -0,0 +1,9 @@
+-*- text -*-
+
+These macros are taken from the autoconf archive at
+https://www.gnu.org/software/autoconf-archive/ .  They are licensed
+under a modified version of the GNU General Public License as noted in
+the comments near the top of each file.
+
+ax_pthread.m4 serial 31 2023-02-20
+ax_recursive_eval.m4 serial 1 2017-01-05
diff --git a/krb5-1.21.3/src/config/ac-archive/ax_pthread.m4 b/krb5-1.21.3/src/config/ac-archive/ax_pthread.m4
new file mode 100644
index 00000000..9f35d139
--- /dev/null
+++ b/krb5-1.21.3/src/config/ac-archive/ax_pthread.m4
@@ -0,0 +1,522 @@
+# ===========================================================================
+#        https://www.gnu.org/software/autoconf-archive/ax_pthread.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
+#
+# DESCRIPTION
+#
+#   This macro figures out how to build C programs using POSIX threads. It
+#   sets the PTHREAD_LIBS output variable to the threads library and linker
+#   flags, and the PTHREAD_CFLAGS output variable to any special C compiler
+#   flags that are needed. (The user can also force certain compiler
+#   flags/libs to be tested by setting these environment variables.)
+#
+#   Also sets PTHREAD_CC and PTHREAD_CXX to any special C compiler that is
+#   needed for multi-threaded programs (defaults to the value of CC
+#   respectively CXX otherwise). (This is necessary on e.g. AIX to use the
+#   special cc_r/CC_r compiler alias.)
+#
+#   NOTE: You are assumed to not only compile your program with these flags,
+#   but also to link with them as well. For example, you might link with
+#   $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
+#   $PTHREAD_CXX $CXXFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
+#
+#   If you are only building threaded programs, you may wish to use these
+#   variables in your default LIBS, CFLAGS, and CC:
+#
+#     LIBS="$PTHREAD_LIBS $LIBS"
+#     CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+#     CXXFLAGS="$CXXFLAGS $PTHREAD_CFLAGS"
+#     CC="$PTHREAD_CC"
+#     CXX="$PTHREAD_CXX"
+#
+#   In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
+#   has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to
+#   that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
+#
+#   Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
+#   PTHREAD_PRIO_INHERIT symbol is defined when compiling with
+#   PTHREAD_CFLAGS.
+#
+#   ACTION-IF-FOUND is a list of shell commands to run if a threads library
+#   is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it
+#   is not found. If ACTION-IF-FOUND is not specified, the default action
+#   will define HAVE_PTHREAD.
+#
+#   Please let the authors know if this macro fails on any platform, or if
+#   you have any other suggestions or comments. This macro was based on work
+#   by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help
+#   from M. Frigo), as well as ac_pthread and hb_pthread macros posted by
+#   Alejandro Forero Cuervo to the autoconf macro repository. We are also
+#   grateful for the helpful feedback of numerous users.
+#
+#   Updated for Autoconf 2.68 by Daniel Richard G.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu>
+#   Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
+#   Copyright (c) 2019 Marc Stevens <marc.stevens@cwi.nl>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 31
+
+AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
+AC_DEFUN([AX_PTHREAD], [
+AC_REQUIRE([AC_CANONICAL_HOST])
+AC_REQUIRE([AC_PROG_CC])
+AC_REQUIRE([AC_PROG_SED])
+AC_LANG_PUSH([C])
+ax_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on Tru64 or Sequent).
+# It gets checked for in the link test anyway.
+
+# First of all, check if the user has set any of the PTHREAD_LIBS,
+# etcetera environment variables, and if threads linking works using
+# them:
+if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then
+        ax_pthread_save_CC="$CC"
+        ax_pthread_save_CFLAGS="$CFLAGS"
+        ax_pthread_save_LIBS="$LIBS"
+        AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"])
+        AS_IF([test "x$PTHREAD_CXX" != "x"], [CXX="$PTHREAD_CXX"])
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS])
+        AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes])
+        AC_MSG_RESULT([$ax_pthread_ok])
+        if test "x$ax_pthread_ok" = "xno"; then
+                PTHREAD_LIBS=""
+                PTHREAD_CFLAGS=""
+        fi
+        CC="$ax_pthread_save_CC"
+        CFLAGS="$ax_pthread_save_CFLAGS"
+        LIBS="$ax_pthread_save_LIBS"
+fi
+
+# We must check for the threads library under a number of different
+# names; the ordering is very important because some systems
+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
+# libraries is broken (non-POSIX).
+
+# Create a list of thread flags to try. Items with a "," contain both
+# C compiler flags (before ",") and linker flags (after ","). Other items
+# starting with a "-" are C compiler flags, and remaining items are
+# library names, except for "none" which indicates that we try without
+# any flags at all, and "pthread-config" which is a program returning
+# the flags for the Pth emulation library.
+
+ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
+
+# The ordering *is* (sometimes) important.  Some notes on the
+# individual items follow:
+
+# pthreads: AIX (must check this before -lpthread)
+# none: in case threads are in libc; should be tried before -Kthread and
+#       other compiler flags to prevent continual compiler warnings
+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64
+#           (Note: HP C rejects this with "bad form for `-t' option")
+# -pthreads: Solaris/gcc (Note: HP C also rejects)
+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
+#      doesn't hurt to check since this sometimes defines pthreads and
+#      -D_REENTRANT too), HP C (must be checked before -lpthread, which
+#      is present but should not be used directly; and before -mthreads,
+#      because the compiler interprets this as "-mt" + "-hreads")
+# -mthreads: Mingw32/gcc, Lynx/gcc
+# pthread: Linux, etcetera
+# --thread-safe: KAI C++
+# pthread-config: use pthread-config program (for GNU Pth library)
+
+case $host_os in
+
+        freebsd*)
+
+        # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
+        # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
+
+        ax_pthread_flags="-kthread lthread $ax_pthread_flags"
+        ;;
+
+        hpux*)
+
+        # From the cc(1) man page: "[-mt] Sets various -D flags to enable
+        # multi-threading and also sets -lpthread."
+
+        ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags"
+        ;;
+
+        openedition*)
+
+        # IBM z/OS requires a feature-test macro to be defined in order to
+        # enable POSIX threads at all, so give the user a hint if this is
+        # not set. (We don't define these ourselves, as they can affect
+        # other portions of the system API in unpredictable ways.)
+
+        AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING],
+            [
+#            if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS)
+             AX_PTHREAD_ZOS_MISSING
+#            endif
+            ],
+            [AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])])
+        ;;
+
+        solaris*)
+
+        # On Solaris (at least, for some versions), libc contains stubbed
+        # (non-functional) versions of the pthreads routines, so link-based
+        # tests will erroneously succeed. (N.B.: The stubs are missing
+        # pthread_cleanup_push, or rather a function called by this macro,
+        # so we could check for that, but who knows whether they'll stub
+        # that too in a future libc.)  So we'll check first for the
+        # standard Solaris way of linking pthreads (-mt -lpthread).
+
+        ax_pthread_flags="-mt,-lpthread pthread $ax_pthread_flags"
+        ;;
+esac
+
+# Are we compiling with Clang?
+
+AC_CACHE_CHECK([whether $CC is Clang],
+    [ax_cv_PTHREAD_CLANG],
+    [ax_cv_PTHREAD_CLANG=no
+     # Note that Autoconf sets GCC=yes for Clang as well as GCC
+     if test "x$GCC" = "xyes"; then
+        AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG],
+            [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */
+#            if defined(__clang__) && defined(__llvm__)
+             AX_PTHREAD_CC_IS_CLANG
+#            endif
+            ],
+            [ax_cv_PTHREAD_CLANG=yes])
+     fi
+    ])
+ax_pthread_clang="$ax_cv_PTHREAD_CLANG"
+
+
+# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC)
+
+# Note that for GCC and Clang -pthread generally implies -lpthread,
+# except when -nostdlib is passed.
+# This is problematic using libtool to build C++ shared libraries with pthread:
+# [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25460
+# [2] https://bugzilla.redhat.com/show_bug.cgi?id=661333
+# [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555
+# To solve this, first try -pthread together with -lpthread for GCC
+
+AS_IF([test "x$GCC" = "xyes"],
+      [ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags"])
+
+# Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first
+
+AS_IF([test "x$ax_pthread_clang" = "xyes"],
+      [ax_pthread_flags="-pthread,-lpthread -pthread"])
+
+
+# The presence of a feature test macro requesting re-entrant function
+# definitions is, on some systems, a strong hint that pthreads support is
+# correctly enabled
+
+case $host_os in
+        darwin* | hpux* | linux* | osf* | solaris*)
+        ax_pthread_check_macro="_REENTRANT"
+        ;;
+
+        aix*)
+        ax_pthread_check_macro="_THREAD_SAFE"
+        ;;
+
+        *)
+        ax_pthread_check_macro="--"
+        ;;
+esac
+AS_IF([test "x$ax_pthread_check_macro" = "x--"],
+      [ax_pthread_check_cond=0],
+      [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"])
+
+
+if test "x$ax_pthread_ok" = "xno"; then
+for ax_pthread_try_flag in $ax_pthread_flags; do
+
+        case $ax_pthread_try_flag in
+                none)
+                AC_MSG_CHECKING([whether pthreads work without any flags])
+                ;;
+
+                *,*)
+                PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"`
+                PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"`
+                AC_MSG_CHECKING([whether pthreads work with "$PTHREAD_CFLAGS" and "$PTHREAD_LIBS"])
+                ;;
+
+                -*)
+                AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag])
+                PTHREAD_CFLAGS="$ax_pthread_try_flag"
+                ;;
+
+                pthread-config)
+                AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no])
+                AS_IF([test "x$ax_pthread_config" = "xno"], [continue])
+                PTHREAD_CFLAGS="`pthread-config --cflags`"
+                PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
+                ;;
+
+                *)
+                AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag])
+                PTHREAD_LIBS="-l$ax_pthread_try_flag"
+                ;;
+        esac
+
+        ax_pthread_save_CFLAGS="$CFLAGS"
+        ax_pthread_save_LIBS="$LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+
+        # Check for various functions.  We must include pthread.h,
+        # since some functions may be macros.  (On the Sequent, we
+        # need a special flag -Kthread to make this header compile.)
+        # We check for pthread_join because it is in -lpthread on IRIX
+        # while pthread_create is in libc.  We check for pthread_attr_init
+        # due to DEC craziness with -lpthreads.  We check for
+        # pthread_cleanup_push because it is one of the few pthread
+        # functions on Solaris that doesn't have a non-functional libc stub.
+        # We try pthread_create on general principles.
+
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
+#                       if $ax_pthread_check_cond
+#                        error "$ax_pthread_check_macro must be defined"
+#                       endif
+                        static void *some_global = NULL;
+                        static void routine(void *a)
+                          {
+                             /* To avoid any unused-parameter or
+                                unused-but-set-parameter warning.  */
+                             some_global = a;
+                          }
+                        static void *start_routine(void *a) { return a; }],
+                       [pthread_t th; pthread_attr_t attr;
+                        pthread_create(&th, 0, start_routine, 0);
+                        pthread_join(th, 0);
+                        pthread_attr_init(&attr);
+                        pthread_cleanup_push(routine, 0);
+                        pthread_cleanup_pop(0) /* ; */])],
+            [ax_pthread_ok=yes],
+            [])
+
+        CFLAGS="$ax_pthread_save_CFLAGS"
+        LIBS="$ax_pthread_save_LIBS"
+
+        AC_MSG_RESULT([$ax_pthread_ok])
+        AS_IF([test "x$ax_pthread_ok" = "xyes"], [break])
+
+        PTHREAD_LIBS=""
+        PTHREAD_CFLAGS=""
+done
+fi
+
+
+# Clang needs special handling, because older versions handle the -pthread
+# option in a rather... idiosyncratic way
+
+if test "x$ax_pthread_clang" = "xyes"; then
+
+        # Clang takes -pthread; it has never supported any other flag
+
+        # (Note 1: This will need to be revisited if a system that Clang
+        # supports has POSIX threads in a separate library.  This tends not
+        # to be the way of modern systems, but it's conceivable.)
+
+        # (Note 2: On some systems, notably Darwin, -pthread is not needed
+        # to get POSIX threads support; the API is always present and
+        # active.  We could reasonably leave PTHREAD_CFLAGS empty.  But
+        # -pthread does define _REENTRANT, and while the Darwin headers
+        # ignore this macro, third-party headers might not.)
+
+        # However, older versions of Clang make a point of warning the user
+        # that, in an invocation where only linking and no compilation is
+        # taking place, the -pthread option has no effect ("argument unused
+        # during compilation").  They expect -pthread to be passed in only
+        # when source code is being compiled.
+        #
+        # Problem is, this is at odds with the way Automake and most other
+        # C build frameworks function, which is that the same flags used in
+        # compilation (CFLAGS) are also used in linking.  Many systems
+        # supported by AX_PTHREAD require exactly this for POSIX threads
+        # support, and in fact it is often not straightforward to specify a
+        # flag that is used only in the compilation phase and not in
+        # linking.  Such a scenario is extremely rare in practice.
+        #
+        # Even though use of the -pthread flag in linking would only print
+        # a warning, this can be a nuisance for well-run software projects
+        # that build with -Werror.  So if the active version of Clang has
+        # this misfeature, we search for an option to squash it.
+
+        AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread],
+            [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG],
+            [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
+             # Create an alternate version of $ac_link that compiles and
+             # links in two steps (.c -> .o, .o -> exe) instead of one
+             # (.c -> exe), because the warning occurs only in the second
+             # step
+             ax_pthread_save_ac_link="$ac_link"
+             ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g'
+             ax_pthread_link_step=`AS_ECHO(["$ac_link"]) | sed "$ax_pthread_sed"`
+             ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)"
+             ax_pthread_save_CFLAGS="$CFLAGS"
+             for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do
+                AS_IF([test "x$ax_pthread_try" = "xunknown"], [break])
+                CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS"
+                ac_link="$ax_pthread_save_ac_link"
+                AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])],
+                    [ac_link="$ax_pthread_2step_ac_link"
+                     AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])],
+                         [break])
+                    ])
+             done
+             ac_link="$ax_pthread_save_ac_link"
+             CFLAGS="$ax_pthread_save_CFLAGS"
+             AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no])
+             ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try"
+            ])
+
+        case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in
+                no | unknown) ;;
+                *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;;
+        esac
+
+fi # $ax_pthread_clang = yes
+
+
+
+# Various other checks:
+if test "x$ax_pthread_ok" = "xyes"; then
+        ax_pthread_save_CFLAGS="$CFLAGS"
+        ax_pthread_save_LIBS="$LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+
+        # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
+        AC_CACHE_CHECK([for joinable pthread attribute],
+            [ax_cv_PTHREAD_JOINABLE_ATTR],
+            [ax_cv_PTHREAD_JOINABLE_ATTR=unknown
+             for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
+                 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
+                                                 [int attr = $ax_pthread_attr; return attr /* ; */])],
+                                [ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break],
+                                [])
+             done
+            ])
+        AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \
+               test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \
+               test "x$ax_pthread_joinable_attr_defined" != "xyes"],
+              [AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE],
+                                  [$ax_cv_PTHREAD_JOINABLE_ATTR],
+                                  [Define to necessary symbol if this constant
+                                   uses a non-standard name on your system.])
+               ax_pthread_joinable_attr_defined=yes
+              ])
+
+        AC_CACHE_CHECK([whether more special flags are required for pthreads],
+            [ax_cv_PTHREAD_SPECIAL_FLAGS],
+            [ax_cv_PTHREAD_SPECIAL_FLAGS=no
+             case $host_os in
+             solaris*)
+             ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS"
+             ;;
+             esac
+            ])
+        AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \
+               test "x$ax_pthread_special_flags_added" != "xyes"],
+              [PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS"
+               ax_pthread_special_flags_added=yes])
+
+        AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
+            [ax_cv_PTHREAD_PRIO_INHERIT],
+            [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]],
+                                             [[int i = PTHREAD_PRIO_INHERIT;
+                                               return i;]])],
+                            [ax_cv_PTHREAD_PRIO_INHERIT=yes],
+                            [ax_cv_PTHREAD_PRIO_INHERIT=no])
+            ])
+        AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \
+               test "x$ax_pthread_prio_inherit_defined" != "xyes"],
+              [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])
+               ax_pthread_prio_inherit_defined=yes
+              ])
+
+        CFLAGS="$ax_pthread_save_CFLAGS"
+        LIBS="$ax_pthread_save_LIBS"
+
+        # More AIX lossage: compile with *_r variant
+        if test "x$GCC" != "xyes"; then
+            case $host_os in
+                aix*)
+                AS_CASE(["x/$CC"],
+                    [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
+                    [#handle absolute path differently from PATH based program lookup
+                     AS_CASE(["x$CC"],
+                         [x/*],
+                         [
+			   AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])
+			   AS_IF([test "x${CXX}" != "x"], [AS_IF([AS_EXECUTABLE_P([${CXX}_r])],[PTHREAD_CXX="${CXX}_r"])])
+			 ],
+                         [
+			   AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])
+			   AS_IF([test "x${CXX}" != "x"], [AC_CHECK_PROGS([PTHREAD_CXX],[${CXX}_r],[$CXX])])
+			 ]
+                     )
+                    ])
+                ;;
+            esac
+        fi
+fi
+
+test -n "$PTHREAD_CC" || PTHREAD_CC="$CC"
+test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX"
+
+AC_SUBST([PTHREAD_LIBS])
+AC_SUBST([PTHREAD_CFLAGS])
+AC_SUBST([PTHREAD_CC])
+AC_SUBST([PTHREAD_CXX])
+
+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
+if test "x$ax_pthread_ok" = "xyes"; then
+        ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1])
+        :
+else
+        ax_pthread_ok=no
+        $2
+fi
+AC_LANG_POP
+])dnl AX_PTHREAD
diff --git a/krb5-1.21.3/src/config/ac-archive/ax_recursive_eval.m4 b/krb5-1.21.3/src/config/ac-archive/ax_recursive_eval.m4
new file mode 100644
index 00000000..0625aca2
--- /dev/null
+++ b/krb5-1.21.3/src/config/ac-archive/ax_recursive_eval.m4
@@ -0,0 +1,56 @@
+# ===========================================================================
+#    https://www.gnu.org/software/autoconf-archive/ax_recursive_eval.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_RECURSIVE_EVAL(VALUE, RESULT)
+#
+# DESCRIPTION
+#
+#   Interpolate the VALUE in loop until it doesn't change, and set the
+#   result to $RESULT. WARNING: It's easy to get an infinite loop with some
+#   unsane input.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Alexandre Duret-Lutz <adl@gnu.org>
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 2 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 1
+
+AC_DEFUN([AX_RECURSIVE_EVAL],
+[_lcl_receval="$1"
+$2=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix"
+     test "x$exec_prefix" = xNONE && exec_prefix="${prefix}"
+     _lcl_receval_old=''
+     while test "[$]_lcl_receval_old" != "[$]_lcl_receval"; do
+       _lcl_receval_old="[$]_lcl_receval"
+       eval _lcl_receval="\"[$]_lcl_receval\""
+     done
+     echo "[$]_lcl_receval")`])
diff --git a/krb5-1.21.3/src/config/config.guess b/krb5-1.21.3/src/config/config.guess
new file mode 100755
index 00000000..69188da7
--- /dev/null
+++ b/krb5-1.21.3/src/config/config.guess
@@ -0,0 +1,1774 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright 1992-2023 Free Software Foundation, Inc.
+
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2023-01-01'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+#
+# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
+#
+# You can get the latest version of this script from:
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
+#
+# Please send patches to <config-patches@gnu.org>.
+
+
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX.  However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Options:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright 1992-2023 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+# Just in case it came from the environment.
+GUESS=
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+tmp=
+# shellcheck disable=SC2172
+trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15
+
+set_cc_for_build() {
+    # prevent multiple calls if $tmp is already set
+    test "$tmp" && return 0
+    : "${TMPDIR=/tmp}"
+    # shellcheck disable=SC2039,SC3028
+    { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+	{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
+	{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+	{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
+    dummy=$tmp/dummy
+    case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
+	,,)    echo "int x;" > "$dummy.c"
+	       for driver in cc gcc c89 c99 ; do
+		   if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
+		       CC_FOR_BUILD=$driver
+		       break
+		   fi
+	       done
+	       if test x"$CC_FOR_BUILD" = x ; then
+		   CC_FOR_BUILD=no_compiler_found
+	       fi
+	       ;;
+	,,*)   CC_FOR_BUILD=$CC ;;
+	,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+    esac
+}
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if test -f /.attbin/uname ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case $UNAME_SYSTEM in
+Linux|GNU|GNU/*)
+	LIBC=unknown
+
+	set_cc_for_build
+	cat <<-EOF > "$dummy.c"
+	#include <features.h>
+	#if defined(__UCLIBC__)
+	LIBC=uclibc
+	#elif defined(__dietlibc__)
+	LIBC=dietlibc
+	#elif defined(__GLIBC__)
+	LIBC=gnu
+	#else
+	#include <stdarg.h>
+	/* First heuristic to detect musl libc.  */
+	#ifdef __DEFINED_va_list
+	LIBC=musl
+	#endif
+	#endif
+	EOF
+	cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
+	eval "$cc_set_libc"
+
+	# Second heuristic to detect musl libc.
+	if [ "$LIBC" = unknown ] &&
+	   command -v ldd >/dev/null &&
+	   ldd --version 2>&1 | grep -q ^musl; then
+		LIBC=musl
+	fi
+
+	# If the system lacks a compiler, then just pick glibc.
+	# We could probably try harder.
+	if [ "$LIBC" = unknown ]; then
+		LIBC=gnu
+	fi
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+	    /sbin/sysctl -n hw.machine_arch 2>/dev/null || \
+	    /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
+	    echo unknown)`
+	case $UNAME_MACHINE_ARCH in
+	    aarch64eb) machine=aarch64_be-unknown ;;
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    earmv*)
+		arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+		endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
+		machine=${arch}${endian}-unknown
+		;;
+	    *) machine=$UNAME_MACHINE_ARCH-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently (or will in the future) and ABI.
+	case $UNAME_MACHINE_ARCH in
+	    earm*)
+		os=netbsdelf
+		;;
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+		os=netbsd
+		;;
+	esac
+	# Determine ABI tags.
+	case $UNAME_MACHINE_ARCH in
+	    earm*)
+		expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+		abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case $UNAME_VERSION in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	GUESS=$machine-${os}${release}${abi-}
+	;;
+    *:Bitrig:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
+	GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE
+	;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE
+	;;
+    *:SecBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'`
+	GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE
+	;;
+    *:LibertyBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
+	GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE
+	;;
+    *:MidnightBSD:*:*)
+	GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE
+	;;
+    *:ekkoBSD:*:*)
+	GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE
+	;;
+    *:SolidBSD:*:*)
+	GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE
+	;;
+    *:OS108:*:*)
+	GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE
+	;;
+    macppc:MirBSD:*:*)
+	GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE
+	;;
+    *:MirBSD:*:*)
+	GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE
+	;;
+    *:Sortix:*:*)
+	GUESS=$UNAME_MACHINE-unknown-sortix
+	;;
+    *:Twizzler:*:*)
+	GUESS=$UNAME_MACHINE-unknown-twizzler
+	;;
+    *:Redox:*:*)
+	GUESS=$UNAME_MACHINE-unknown-redox
+	;;
+    mips:OSF1:*.*)
+	GUESS=mips-dec-osf1
+	;;
+    alpha:OSF1:*:*)
+	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+	trap '' 0
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case $ALPHA_CPU_TYPE in
+	    "EV4 (21064)")
+		UNAME_MACHINE=alpha ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE=alpha ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE=alpha ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE=alphaev5 ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE=alphaev56 ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE=alphapca56 ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE=alphapca57 ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE=alphaev6 ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE=alphaev67 ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE=alphaev69 ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE=alphaev7 ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE=alphaev79 ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	GUESS=$UNAME_MACHINE-dec-osf$OSF_REL
+	;;
+    Amiga*:UNIX_System_V:4.0:*)
+	GUESS=m68k-unknown-sysv4
+	;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	GUESS=$UNAME_MACHINE-unknown-amigaos
+	;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	GUESS=$UNAME_MACHINE-unknown-morphos
+	;;
+    *:OS/390:*:*)
+	GUESS=i370-ibm-openedition
+	;;
+    *:z/VM:*:*)
+	GUESS=s390-ibm-zvmoe
+	;;
+    *:OS400:*:*)
+	GUESS=powerpc-ibm-os400
+	;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	GUESS=arm-acorn-riscix$UNAME_RELEASE
+	;;
+    arm*:riscos:*:*|arm*:RISCOS:*:*)
+	GUESS=arm-unknown-riscos
+	;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	GUESS=hppa1.1-hitachi-hiuxmpp
+	;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	case `(/bin/universe) 2>/dev/null` in
+	    att) GUESS=pyramid-pyramid-sysv3 ;;
+	    *)   GUESS=pyramid-pyramid-bsd   ;;
+	esac
+	;;
+    NILE*:*:*:dcosx)
+	GUESS=pyramid-pyramid-svr4
+	;;
+    DRS?6000:unix:4.0:6*)
+	GUESS=sparc-icl-nx6
+	;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) GUESS=sparc-icl-nx7 ;;
+	esac
+	;;
+    s390x:SunOS:*:*)
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL
+	;;
+    sun4H:SunOS:5.*:*)
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=sparc-hal-solaris2$SUN_REL
+	;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=sparc-sun-solaris2$SUN_REL
+	;;
+    i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+	GUESS=i386-pc-auroraux$UNAME_RELEASE
+	;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	set_cc_for_build
+	SUN_ARCH=i386
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if test "$CC_FOR_BUILD" != no_compiler_found; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH=x86_64
+	    fi
+	fi
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=$SUN_ARCH-pc-solaris2$SUN_REL
+	;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=sparc-sun-solaris3$SUN_REL
+	;;
+    sun4*:SunOS:*:*)
+	case `/usr/bin/arch -k` in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'`
+	GUESS=sparc-sun-sunos$SUN_REL
+	;;
+    sun3*:SunOS:*:*)
+	GUESS=m68k-sun-sunos$UNAME_RELEASE
+	;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
+	case `/bin/arch` in
+	    sun3)
+		GUESS=m68k-sun-sunos$UNAME_RELEASE
+		;;
+	    sun4)
+		GUESS=sparc-sun-sunos$UNAME_RELEASE
+		;;
+	esac
+	;;
+    aushp:SunOS:*:*)
+	GUESS=sparc-auspex-sunos$UNAME_RELEASE
+	;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+	GUESS=m68k-atari-mint$UNAME_RELEASE
+	;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	GUESS=m68k-atari-mint$UNAME_RELEASE
+	;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+	GUESS=m68k-atari-mint$UNAME_RELEASE
+	;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+	GUESS=m68k-milan-mint$UNAME_RELEASE
+	;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+	GUESS=m68k-hades-mint$UNAME_RELEASE
+	;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+	GUESS=m68k-unknown-mint$UNAME_RELEASE
+	;;
+    m68k:machten:*:*)
+	GUESS=m68k-apple-machten$UNAME_RELEASE
+	;;
+    powerpc:machten:*:*)
+	GUESS=powerpc-apple-machten$UNAME_RELEASE
+	;;
+    RISC*:Mach:*:*)
+	GUESS=mips-dec-mach_bsd4.3
+	;;
+    RISC*:ULTRIX:*:*)
+	GUESS=mips-dec-ultrix$UNAME_RELEASE
+	;;
+    VAX*:ULTRIX*:*:*)
+	GUESS=vax-dec-ultrix$UNAME_RELEASE
+	;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	GUESS=clipper-intergraph-clix$UNAME_RELEASE
+	;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	set_cc_for_build
+	sed 's/^	//' << EOF > "$dummy.c"
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
+	  dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	GUESS=mips-mips-riscos$UNAME_RELEASE
+	;;
+    Motorola:PowerMAX_OS:*:*)
+	GUESS=powerpc-motorola-powermax
+	;;
+    Motorola:*:4.3:PL8-*)
+	GUESS=powerpc-harris-powermax
+	;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	GUESS=powerpc-harris-powermax
+	;;
+    Night_Hawk:Power_UNIX:*:*)
+	GUESS=powerpc-harris-powerunix
+	;;
+    m88k:CX/UX:7*:*)
+	GUESS=m88k-harris-cxux7
+	;;
+    m88k:*:4*:R4*)
+	GUESS=m88k-motorola-sysv4
+	;;
+    m88k:*:3*:R3*)
+	GUESS=m88k-motorola-sysv3
+	;;
+    AViiON:dgux:*:*)
+	# DG/UX returns AViiON for all architectures
+	UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
+	then
+	    if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
+	       test "$TARGET_BINARY_INTERFACE"x = x
+	    then
+		GUESS=m88k-dg-dgux$UNAME_RELEASE
+	    else
+		GUESS=m88k-dg-dguxbcs$UNAME_RELEASE
+	    fi
+	else
+	    GUESS=i586-dg-dgux$UNAME_RELEASE
+	fi
+	;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	GUESS=m88k-dolphin-sysv3
+	;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	GUESS=m88k-motorola-sysv3
+	;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	GUESS=m88k-tektronix-sysv3
+	;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	GUESS=m68k-tektronix-bsd
+	;;
+    *:IRIX*:*:*)
+	IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'`
+	GUESS=mips-sgi-irix$IRIX_REL
+	;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	GUESS=romp-ibm-aix    # uname -m gives an 8 hex-code CPU id
+	;;                    # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	GUESS=i386-ibm-aix
+	;;
+    ia64:AIX:*:*)
+	if test -x /usr/bin/oslevel ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
+	fi
+	GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV
+	;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		set_cc_for_build
+		sed 's/^		//' << EOF > "$dummy.c"
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
+		then
+			GUESS=$SYSTEM_NAME
+		else
+			GUESS=rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		GUESS=rs6000-ibm-aix3.2.4
+	else
+		GUESS=rs6000-ibm-aix3.2
+	fi
+	;;
+    *:AIX:*:[4567])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if test -x /usr/bin/lslpp ; then
+		IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \
+			   awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
+	else
+		IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
+	fi
+	GUESS=$IBM_ARCH-ibm-aix$IBM_REV
+	;;
+    *:AIX:*:*)
+	GUESS=rs6000-ibm-aix
+	;;
+    ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*)
+	GUESS=romp-ibm-bsd4.4
+	;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	GUESS=romp-ibm-bsd$UNAME_RELEASE    # 4.3 with uname added to
+	;;                                  # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	GUESS=rs6000-bull-bosx
+	;;
+    DPX/2?00:B.O.S.:*:*)
+	GUESS=m68k-bull-sysv3
+	;;
+    9000/[34]??:4.3bsd:1.*:*)
+	GUESS=m68k-hp-bsd
+	;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	GUESS=m68k-hp-bsd4.4
+	;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
+	case $UNAME_MACHINE in
+	    9000/31?)            HP_ARCH=m68000 ;;
+	    9000/[34]??)         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if test -x /usr/bin/getconf; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+		    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+		    case $sc_cpu_version in
+		      523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
+		      528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
+		      532)                      # CPU_PA_RISC2_0
+			case $sc_kernel_bits in
+			  32) HP_ARCH=hppa2.0n ;;
+			  64) HP_ARCH=hppa2.0w ;;
+			  '') HP_ARCH=hppa2.0 ;;   # HP-UX 10.20
+			esac ;;
+		    esac
+		fi
+		if test "$HP_ARCH" = ""; then
+		    set_cc_for_build
+		    sed 's/^		//' << EOF > "$dummy.c"
+
+		#define _HPUX_SOURCE
+		#include <stdlib.h>
+		#include <unistd.h>
+
+		int main ()
+		{
+		#if defined(_SC_KERNEL_BITS)
+		    long bits = sysconf(_SC_KERNEL_BITS);
+		#endif
+		    long cpu  = sysconf (_SC_CPU_VERSION);
+
+		    switch (cpu)
+			{
+			case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+			case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+			case CPU_PA_RISC2_0:
+		#if defined(_SC_KERNEL_BITS)
+			    switch (bits)
+				{
+				case 64: puts ("hppa2.0w"); break;
+				case 32: puts ("hppa2.0n"); break;
+				default: puts ("hppa2.0"); break;
+				} break;
+		#else  /* !defined(_SC_KERNEL_BITS) */
+			    puts ("hppa2.0"); break;
+		#endif
+			default: puts ("hppa1.0"); break;
+			}
+		    exit (0);
+		}
+EOF
+		    (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if test "$HP_ARCH" = hppa2.0w
+	then
+	    set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH=hppa2.0w
+	    else
+		HP_ARCH=hppa64
+	    fi
+	fi
+	GUESS=$HP_ARCH-hp-hpux$HPUX_REV
+	;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
+	GUESS=ia64-hp-hpux$HPUX_REV
+	;;
+    3050*:HI-UX:*:*)
+	set_cc_for_build
+	sed 's/^	//' << EOF > "$dummy.c"
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	GUESS=unknown-hitachi-hiuxwe2
+	;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*)
+	GUESS=hppa1.1-hp-bsd
+	;;
+    9000/8??:4.3bsd:*:*)
+	GUESS=hppa1.0-hp-bsd
+	;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	GUESS=hppa1.0-hp-mpeix
+	;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*)
+	GUESS=hppa1.1-hp-osf
+	;;
+    hp8??:OSF1:*:*)
+	GUESS=hppa1.0-hp-osf
+	;;
+    i*86:OSF1:*:*)
+	if test -x /usr/sbin/sysversion ; then
+	    GUESS=$UNAME_MACHINE-unknown-osf1mk
+	else
+	    GUESS=$UNAME_MACHINE-unknown-osf1
+	fi
+	;;
+    parisc*:Lites*:*:*)
+	GUESS=hppa1.1-hp-lites
+	;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	GUESS=c1-convex-bsd
+	;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	GUESS=c34-convex-bsd
+	;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	GUESS=c38-convex-bsd
+	;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	GUESS=c4-convex-bsd
+	;;
+    CRAY*Y-MP:*:*:*)
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=ymp-cray-unicos$CRAY_REL
+	;;
+    CRAY*[A-Z]90:*:*:*)
+	echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=t90-cray-unicos$CRAY_REL
+	;;
+    CRAY*T3E:*:*:*)
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=alphaev5-cray-unicosmk$CRAY_REL
+	;;
+    CRAY*SV1:*:*:*)
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=sv1-cray-unicos$CRAY_REL
+	;;
+    *:UNICOS/mp:*:*)
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=craynv-cray-unicosmp$CRAY_REL
+	;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
+	GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
+	;;
+    5000:UNIX_System_V:4.*:*)
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
+	GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
+	;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE
+	;;
+    sparc*:BSD/OS:*:*)
+	GUESS=sparc-unknown-bsdi$UNAME_RELEASE
+	;;
+    *:BSD/OS:*:*)
+	GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE
+	;;
+    arm:FreeBSD:*:*)
+	UNAME_PROCESSOR=`uname -p`
+	set_cc_for_build
+	if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_PCS_VFP
+	then
+	    FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	    GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi
+	else
+	    FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	    GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf
+	fi
+	;;
+    *:FreeBSD:*:*)
+	UNAME_PROCESSOR=`/usr/bin/uname -p`
+	case $UNAME_PROCESSOR in
+	    amd64)
+		UNAME_PROCESSOR=x86_64 ;;
+	    i386)
+		UNAME_PROCESSOR=i586 ;;
+	esac
+	FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL
+	;;
+    i*:CYGWIN*:*)
+	GUESS=$UNAME_MACHINE-pc-cygwin
+	;;
+    *:MINGW64*:*)
+	GUESS=$UNAME_MACHINE-pc-mingw64
+	;;
+    *:MINGW*:*)
+	GUESS=$UNAME_MACHINE-pc-mingw32
+	;;
+    *:MSYS*:*)
+	GUESS=$UNAME_MACHINE-pc-msys
+	;;
+    i*:PW*:*)
+	GUESS=$UNAME_MACHINE-pc-pw32
+	;;
+    *:SerenityOS:*:*)
+        GUESS=$UNAME_MACHINE-pc-serenity
+        ;;
+    *:Interix*:*)
+	case $UNAME_MACHINE in
+	    x86)
+		GUESS=i586-pc-interix$UNAME_RELEASE
+		;;
+	    authenticamd | genuineintel | EM64T)
+		GUESS=x86_64-unknown-interix$UNAME_RELEASE
+		;;
+	    IA64)
+		GUESS=ia64-unknown-interix$UNAME_RELEASE
+		;;
+	esac ;;
+    i*:UWIN*:*)
+	GUESS=$UNAME_MACHINE-pc-uwin
+	;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	GUESS=x86_64-pc-cygwin
+	;;
+    prep*:SunOS:5.*:*)
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=powerpcle-unknown-solaris2$SUN_REL
+	;;
+    *:GNU:*:*)
+	# the GNU system
+	GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'`
+	GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'`
+	GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL
+	;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"`
+	GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
+	;;
+    x86_64:[Mm]anagarm:*:*|i?86:[Mm]anagarm:*:*)
+	GUESS="$UNAME_MACHINE-pc-managarm-mlibc"
+	;;
+    *:[Mm]anagarm:*:*)
+	GUESS="$UNAME_MACHINE-unknown-managarm-mlibc"
+	;;
+    *:Minix:*:*)
+	GUESS=$UNAME_MACHINE-unknown-minix
+	;;
+    aarch64:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    aarch64_be:Linux:*:*)
+	UNAME_MACHINE=aarch64_be
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+	esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    arm*:Linux:*:*)
+	set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	else
+	    if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+		| grep -q __ARM_PCS_VFP
+	    then
+		GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi
+	    else
+		GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf
+	    fi
+	fi
+	;;
+    avr32*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    cris:Linux:*:*)
+	GUESS=$UNAME_MACHINE-axis-linux-$LIBC
+	;;
+    crisv32:Linux:*:*)
+	GUESS=$UNAME_MACHINE-axis-linux-$LIBC
+	;;
+    e2k:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    frv:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    hexagon:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    i*86:Linux:*:*)
+	GUESS=$UNAME_MACHINE-pc-linux-$LIBC
+	;;
+    ia64:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    k1om:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    loongarch32:Linux:*:* | loongarch64:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    m32r*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    m68*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	set_cc_for_build
+	IS_GLIBC=0
+	test x"${LIBC}" = xgnu && IS_GLIBC=1
+	sed 's/^	//' << EOF > "$dummy.c"
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#undef mips64
+	#undef mips64el
+	#if ${IS_GLIBC} && defined(_ABI64)
+	LIBCABI=gnuabi64
+	#else
+	#if ${IS_GLIBC} && defined(_ABIN32)
+	LIBCABI=gnuabin32
+	#else
+	LIBCABI=${LIBC}
+	#endif
+	#endif
+
+	#if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+	CPU=mipsisa64r6
+	#else
+	#if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+	CPU=mipsisa32r6
+	#else
+	#if defined(__mips64)
+	CPU=mips64
+	#else
+	CPU=mips
+	#endif
+	#endif
+	#endif
+
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	MIPS_ENDIAN=el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	MIPS_ENDIAN=
+	#else
+	MIPS_ENDIAN=
+	#endif
+	#endif
+EOF
+	cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`
+	eval "$cc_set_vars"
+	test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
+	;;
+    mips64el:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    openrisc*:Linux:*:*)
+	GUESS=or1k-unknown-linux-$LIBC
+	;;
+    or32:Linux:*:* | or1k*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    padre:Linux:*:*)
+	GUESS=sparc-unknown-linux-$LIBC
+	;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	GUESS=hppa64-unknown-linux-$LIBC
+	;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;;
+	  PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;;
+	  *)    GUESS=hppa-unknown-linux-$LIBC ;;
+	esac
+	;;
+    ppc64:Linux:*:*)
+	GUESS=powerpc64-unknown-linux-$LIBC
+	;;
+    ppc:Linux:*:*)
+	GUESS=powerpc-unknown-linux-$LIBC
+	;;
+    ppc64le:Linux:*:*)
+	GUESS=powerpc64le-unknown-linux-$LIBC
+	;;
+    ppcle:Linux:*:*)
+	GUESS=powerpcle-unknown-linux-$LIBC
+	;;
+    riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	GUESS=$UNAME_MACHINE-ibm-linux-$LIBC
+	;;
+    sh64*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    sh*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    tile*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    vax:Linux:*:*)
+	GUESS=$UNAME_MACHINE-dec-linux-$LIBC
+	;;
+    x86_64:Linux:*:*)
+	set_cc_for_build
+	CPU=$UNAME_MACHINE
+	LIBCABI=$LIBC
+	if test "$CC_FOR_BUILD" != no_compiler_found; then
+	    ABI=64
+	    sed 's/^	    //' << EOF > "$dummy.c"
+	    #ifdef __i386__
+	    ABI=x86
+	    #else
+	    #ifdef __ILP32__
+	    ABI=x32
+	    #endif
+	    #endif
+EOF
+	    cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'`
+	    eval "$cc_set_abi"
+	    case $ABI in
+		x86) CPU=i686 ;;
+		x32) LIBCABI=${LIBC}x32 ;;
+	    esac
+	fi
+	GUESS=$CPU-pc-linux-$LIBCABI
+	;;
+    xtensa*:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	GUESS=i386-sequent-sysv4
+	;;
+    i*86:UNIX_SV:4.2MP:2.*)
+	# Unixware is an offshoot of SVR4, but it has its own version
+	# number series starting with 2...
+	# I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+	# Use sysv4.2uw... so that sysv4* matches it.
+	GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION
+	;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	GUESS=$UNAME_MACHINE-pc-os2-emx
+	;;
+    i*86:XTS-300:*:STOP)
+	GUESS=$UNAME_MACHINE-unknown-stop
+	;;
+    i*86:atheos:*:*)
+	GUESS=$UNAME_MACHINE-unknown-atheos
+	;;
+    i*86:syllable:*:*)
+	GUESS=$UNAME_MACHINE-pc-syllable
+	;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	GUESS=i386-unknown-lynxos$UNAME_RELEASE
+	;;
+    i*86:*DOS:*:*)
+	GUESS=$UNAME_MACHINE-pc-msdosdjgpp
+	;;
+    i*86:*:4.*:*)
+	UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL
+	else
+		GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL
+	fi
+	;;
+    i*86:*:5:[678]*)
+	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		GUESS=$UNAME_MACHINE-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL
+	else
+		GUESS=$UNAME_MACHINE-pc-sysv32
+	fi
+	;;
+    pc:*:*:*)
+	# Left here for compatibility:
+	# uname -m prints for DJGPP always 'pc', but it prints nothing about
+	# the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configure will decide that
+	# this is a cross-build.
+	GUESS=i586-pc-msdosdjgpp
+	;;
+    Intel:Mach:3*:*)
+	GUESS=i386-pc-mach3
+	;;
+    paragon:*:*:*)
+	GUESS=i860-intel-osf1
+	;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  GUESS=i860-stardent-sysv$UNAME_RELEASE    # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  GUESS=i860-unknown-sysv$UNAME_RELEASE     # Unknown i860-SVR4
+	fi
+	;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	GUESS=m68010-convergent-sysv
+	;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	GUESS=m68k-convergent-sysv
+	;;
+    M680?0:D-NIX:5.3:*)
+	GUESS=m68k-diab-dnix
+	;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3"$OS_REL"; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	GUESS=m68k-unknown-lynxos$UNAME_RELEASE
+	;;
+    mc68030:UNIX_System_V:4.*:*)
+	GUESS=m68k-atari-sysv4
+	;;
+    TSUNAMI:LynxOS:2.*:*)
+	GUESS=sparc-unknown-lynxos$UNAME_RELEASE
+	;;
+    rs6000:LynxOS:2.*:*)
+	GUESS=rs6000-unknown-lynxos$UNAME_RELEASE
+	;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	GUESS=powerpc-unknown-lynxos$UNAME_RELEASE
+	;;
+    SM[BE]S:UNIX_SV:*:*)
+	GUESS=mips-dde-sysv$UNAME_RELEASE
+	;;
+    RM*:ReliantUNIX-*:*:*)
+	GUESS=mips-sni-sysv4
+	;;
+    RM*:SINIX-*:*:*)
+	GUESS=mips-sni-sysv4
+	;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		GUESS=$UNAME_MACHINE-sni-sysv4
+	else
+		GUESS=ns32k-sni-sysv
+	fi
+	;;
+    PENTIUM:*:4.0*:*)	# Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+			# says <Richard.M.Bartel@ccMail.Census.GOV>
+	GUESS=i586-unisys-sysv4
+	;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	GUESS=hppa1.1-stratus-sysv4
+	;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	GUESS=i860-stratus-sysv4
+	;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	GUESS=$UNAME_MACHINE-stratus-vos
+	;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	GUESS=hppa1.1-stratus-vos
+	;;
+    mc68*:A/UX:*:*)
+	GUESS=m68k-apple-aux$UNAME_RELEASE
+	;;
+    news*:NEWS-OS:6*:*)
+	GUESS=mips-sony-newsos6
+	;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if test -d /usr/nec; then
+		GUESS=mips-nec-sysv$UNAME_RELEASE
+	else
+		GUESS=mips-unknown-sysv$UNAME_RELEASE
+	fi
+	;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	GUESS=powerpc-be-beos
+	;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	GUESS=powerpc-apple-beos
+	;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	GUESS=i586-pc-beos
+	;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	GUESS=i586-pc-haiku
+	;;
+    ppc:Haiku:*:*)	# Haiku running on Apple PowerPC
+	GUESS=powerpc-apple-haiku
+	;;
+    *:Haiku:*:*)	# Haiku modern gcc (not bound by BeOS compat)
+	GUESS=$UNAME_MACHINE-unknown-haiku
+	;;
+    SX-4:SUPER-UX:*:*)
+	GUESS=sx4-nec-superux$UNAME_RELEASE
+	;;
+    SX-5:SUPER-UX:*:*)
+	GUESS=sx5-nec-superux$UNAME_RELEASE
+	;;
+    SX-6:SUPER-UX:*:*)
+	GUESS=sx6-nec-superux$UNAME_RELEASE
+	;;
+    SX-7:SUPER-UX:*:*)
+	GUESS=sx7-nec-superux$UNAME_RELEASE
+	;;
+    SX-8:SUPER-UX:*:*)
+	GUESS=sx8-nec-superux$UNAME_RELEASE
+	;;
+    SX-8R:SUPER-UX:*:*)
+	GUESS=sx8r-nec-superux$UNAME_RELEASE
+	;;
+    SX-ACE:SUPER-UX:*:*)
+	GUESS=sxace-nec-superux$UNAME_RELEASE
+	;;
+    Power*:Rhapsody:*:*)
+	GUESS=powerpc-apple-rhapsody$UNAME_RELEASE
+	;;
+    *:Rhapsody:*:*)
+	GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE
+	;;
+    arm64:Darwin:*:*)
+	GUESS=aarch64-apple-darwin$UNAME_RELEASE
+	;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p`
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	if command -v xcode-select > /dev/null 2> /dev/null && \
+		! xcode-select --print-path > /dev/null 2> /dev/null ; then
+	    # Avoid executing cc if there is no toolchain installed as
+	    # cc will be a stub that puts up a graphical alert
+	    # prompting the user to install developer tools.
+	    CC_FOR_BUILD=no_compiler_found
+	else
+	    set_cc_for_build
+	fi
+	if test "$CC_FOR_BUILD" != no_compiler_found; then
+	    if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+		   (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		   grep IS_64BIT_ARCH >/dev/null
+	    then
+		case $UNAME_PROCESSOR in
+		    i386) UNAME_PROCESSOR=x86_64 ;;
+		    powerpc) UNAME_PROCESSOR=powerpc64 ;;
+		esac
+	    fi
+	    # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
+	    if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
+		   (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		   grep IS_PPC >/dev/null
+	    then
+		UNAME_PROCESSOR=powerpc
+	    fi
+	elif test "$UNAME_PROCESSOR" = i386 ; then
+	    # uname -m returns i386 or x86_64
+	    UNAME_PROCESSOR=$UNAME_MACHINE
+	fi
+	GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE
+	;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = x86; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE
+	;;
+    *:QNX:*:4*)
+	GUESS=i386-pc-qnx
+	;;
+    NEO-*:NONSTOP_KERNEL:*:*)
+	GUESS=neo-tandem-nsk$UNAME_RELEASE
+	;;
+    NSE-*:NONSTOP_KERNEL:*:*)
+	GUESS=nse-tandem-nsk$UNAME_RELEASE
+	;;
+    NSR-*:NONSTOP_KERNEL:*:*)
+	GUESS=nsr-tandem-nsk$UNAME_RELEASE
+	;;
+    NSV-*:NONSTOP_KERNEL:*:*)
+	GUESS=nsv-tandem-nsk$UNAME_RELEASE
+	;;
+    NSX-*:NONSTOP_KERNEL:*:*)
+	GUESS=nsx-tandem-nsk$UNAME_RELEASE
+	;;
+    *:NonStop-UX:*:*)
+	GUESS=mips-compaq-nonstopux
+	;;
+    BS2000:POSIX*:*:*)
+	GUESS=bs2000-siemens-sysv
+	;;
+    DS/*:UNIX_System_V:*:*)
+	GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE
+	;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "${cputype-}" = 386; then
+	    UNAME_MACHINE=i386
+	elif test "x${cputype-}" != x; then
+	    UNAME_MACHINE=$cputype
+	fi
+	GUESS=$UNAME_MACHINE-unknown-plan9
+	;;
+    *:TOPS-10:*:*)
+	GUESS=pdp10-unknown-tops10
+	;;
+    *:TENEX:*:*)
+	GUESS=pdp10-unknown-tenex
+	;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	GUESS=pdp10-dec-tops20
+	;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	GUESS=pdp10-xkl-tops20
+	;;
+    *:TOPS-20:*:*)
+	GUESS=pdp10-unknown-tops20
+	;;
+    *:ITS:*:*)
+	GUESS=pdp10-unknown-its
+	;;
+    SEI:*:*:SEIUX)
+	GUESS=mips-sei-seiux$UNAME_RELEASE
+	;;
+    *:DragonFly:*:*)
+	DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL
+	;;
+    *:*VMS:*:*)
+	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case $UNAME_MACHINE in
+	    A*) GUESS=alpha-dec-vms ;;
+	    I*) GUESS=ia64-dec-vms ;;
+	    V*) GUESS=vax-dec-vms ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	GUESS=i386-pc-xenix
+	;;
+    i*86:skyos:*:*)
+	SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`
+	GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL
+	;;
+    i*86:rdos:*:*)
+	GUESS=$UNAME_MACHINE-pc-rdos
+	;;
+    i*86:Fiwix:*:*)
+	GUESS=$UNAME_MACHINE-pc-fiwix
+	;;
+    *:AROS:*:*)
+	GUESS=$UNAME_MACHINE-unknown-aros
+	;;
+    x86_64:VMkernel:*:*)
+	GUESS=$UNAME_MACHINE-unknown-esx
+	;;
+    amd64:Isilon\ OneFS:*:*)
+	GUESS=x86_64-unknown-onefs
+	;;
+    *:Unleashed:*:*)
+	GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
+	;;
+esac
+
+# Do we have a guess based on uname results?
+if test "x$GUESS" != x; then
+    echo "$GUESS"
+    exit
+fi
+
+# No uname command or uname output not recognized.
+set_cc_for_build
+cat > "$dummy.c" <<EOF
+#ifdef _SEQUENT_
+#include <sys/types.h>
+#include <sys/utsname.h>
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#include <signal.h>
+#if defined(_SIZE_T_) || defined(SIGLOST)
+#include <sys/utsname.h>
+#endif
+#endif
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+  "4"
+#else
+  ""
+#endif
+  ); exit (0);
+#endif
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+  struct utsname un;
+
+  uname(&un);
+  if (strncmp(un.version, "V2", 2) == 0) {
+    printf ("i386-sequent-ptx2\n"); exit (0);
+  }
+  if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+    printf ("i386-sequent-ptx1\n"); exit (0);
+  }
+  printf ("i386-sequent-ptx\n"); exit (0);
+#endif
+
+#if defined (vax)
+#if !defined (ultrix)
+#include <sys/param.h>
+#if defined (BSD)
+#if BSD == 43
+  printf ("vax-dec-bsd4.3\n"); exit (0);
+#else
+#if BSD == 199006
+  printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#else
+  printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#endif
+#else
+  printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#else
+#if defined(_SIZE_T_) || defined(SIGLOST)
+  struct utsname un;
+  uname (&un);
+  printf ("vax-dec-ultrix%s\n", un.release); exit (0);
+#else
+  printf ("vax-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#if defined(_SIZE_T_) || defined(SIGLOST)
+  struct utsname *un;
+  uname (&un);
+  printf ("mips-dec-ultrix%s\n", un.release); exit (0);
+#else
+  printf ("mips-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
+
+echo "$0: unable to guess system type" >&2
+
+case $UNAME_MACHINE:$UNAME_SYSTEM in
+    mips:Linux | mips64:Linux)
+	# If we got here on MIPS GNU/Linux, output extra information.
+	cat >&2 <<EOF
+
+NOTE: MIPS GNU/Linux systems require a C compiler to fully recognize
+the system type. Please install a C compiler and try again.
+EOF
+	;;
+esac
+
+cat >&2 <<EOF
+
+This script (version $timestamp), has failed to recognize the
+operating system you are using. If your script is old, overwrite *all*
+copies of config.guess and config.sub with the latest versions from:
+
+  https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
+and
+  https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
+EOF
+
+our_year=`echo $timestamp | sed 's,-.*,,'`
+thisyear=`date +%Y`
+# shellcheck disable=SC2003
+script_age=`expr "$thisyear" - "$our_year"`
+if test "$script_age" -lt 3 ; then
+   cat >&2 <<EOF
+
+If $0 has already been updated, send the following data and any
+information you think might be pertinent to config-patches@gnu.org to
+provide the necessary information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = "$UNAME_MACHINE"
+UNAME_RELEASE = "$UNAME_RELEASE"
+UNAME_SYSTEM  = "$UNAME_SYSTEM"
+UNAME_VERSION = "$UNAME_VERSION"
+EOF
+fi
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/krb5-1.21.3/src/config/config.sub b/krb5-1.21.3/src/config/config.sub
new file mode 100755
index 00000000..de4259e4
--- /dev/null
+++ b/krb5-1.21.3/src/config/config.sub
@@ -0,0 +1,1907 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright 1992-2023 Free Software Foundation, Inc.
+
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2023-01-21'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+
+
+# Please send patches to <config-patches@gnu.org>.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX.  However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
+
+Canonicalize a configuration name.
+
+Options:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright 1992-2023 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo "$1"
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Split fields of configuration type
+# shellcheck disable=SC2162
+saved_IFS=$IFS
+IFS="-" read field1 field2 field3 field4 <<EOF
+$1
+EOF
+IFS=$saved_IFS
+
+# Separate into logical components for further validation
+case $1 in
+	*-*-*-*-*)
+		echo Invalid configuration \`"$1"\': more than four components >&2
+		exit 1
+		;;
+	*-*-*-*)
+		basic_machine=$field1-$field2
+		basic_os=$field3-$field4
+		;;
+	*-*-*)
+		# Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two
+		# parts
+		maybe_os=$field2-$field3
+		case $maybe_os in
+			nto-qnx* | linux-* | uclinux-uclibc* \
+			| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
+			| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
+			| storm-chaos* | os2-emx* | rtmk-nova* | managarm-*)
+				basic_machine=$field1
+				basic_os=$maybe_os
+				;;
+			android-linux)
+				basic_machine=$field1-unknown
+				basic_os=linux-android
+				;;
+			*)
+				basic_machine=$field1-$field2
+				basic_os=$field3
+				;;
+		esac
+		;;
+	*-*)
+		# A lone config we happen to match not fitting any pattern
+		case $field1-$field2 in
+			decstation-3100)
+				basic_machine=mips-dec
+				basic_os=
+				;;
+			*-*)
+				# Second component is usually, but not always the OS
+				case $field2 in
+					# Prevent following clause from handling this valid os
+					sun*os*)
+						basic_machine=$field1
+						basic_os=$field2
+						;;
+					zephyr*)
+						basic_machine=$field1-unknown
+						basic_os=$field2
+						;;
+					# Manufacturers
+					dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
+					| att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
+					| unicom* | ibm* | next | hp | isi* | apollo | altos* \
+					| convergent* | ncr* | news | 32* | 3600* | 3100* \
+					| hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
+					| ultra | tti* | harris | dolphin | highlevel | gould \
+					| cbm | ns | masscomp | apple | axis | knuth | cray \
+					| microblaze* | sim | cisco \
+					| oki | wec | wrs | winbond)
+						basic_machine=$field1-$field2
+						basic_os=
+						;;
+					*)
+						basic_machine=$field1
+						basic_os=$field2
+						;;
+				esac
+			;;
+		esac
+		;;
+	*)
+		# Convert single-component short-hands not valid as part of
+		# multi-component configurations.
+		case $field1 in
+			386bsd)
+				basic_machine=i386-pc
+				basic_os=bsd
+				;;
+			a29khif)
+				basic_machine=a29k-amd
+				basic_os=udi
+				;;
+			adobe68k)
+				basic_machine=m68010-adobe
+				basic_os=scout
+				;;
+			alliant)
+				basic_machine=fx80-alliant
+				basic_os=
+				;;
+			altos | altos3068)
+				basic_machine=m68k-altos
+				basic_os=
+				;;
+			am29k)
+				basic_machine=a29k-none
+				basic_os=bsd
+				;;
+			amdahl)
+				basic_machine=580-amdahl
+				basic_os=sysv
+				;;
+			amiga)
+				basic_machine=m68k-unknown
+				basic_os=
+				;;
+			amigaos | amigados)
+				basic_machine=m68k-unknown
+				basic_os=amigaos
+				;;
+			amigaunix | amix)
+				basic_machine=m68k-unknown
+				basic_os=sysv4
+				;;
+			apollo68)
+				basic_machine=m68k-apollo
+				basic_os=sysv
+				;;
+			apollo68bsd)
+				basic_machine=m68k-apollo
+				basic_os=bsd
+				;;
+			aros)
+				basic_machine=i386-pc
+				basic_os=aros
+				;;
+			aux)
+				basic_machine=m68k-apple
+				basic_os=aux
+				;;
+			balance)
+				basic_machine=ns32k-sequent
+				basic_os=dynix
+				;;
+			blackfin)
+				basic_machine=bfin-unknown
+				basic_os=linux
+				;;
+			cegcc)
+				basic_machine=arm-unknown
+				basic_os=cegcc
+				;;
+			convex-c1)
+				basic_machine=c1-convex
+				basic_os=bsd
+				;;
+			convex-c2)
+				basic_machine=c2-convex
+				basic_os=bsd
+				;;
+			convex-c32)
+				basic_machine=c32-convex
+				basic_os=bsd
+				;;
+			convex-c34)
+				basic_machine=c34-convex
+				basic_os=bsd
+				;;
+			convex-c38)
+				basic_machine=c38-convex
+				basic_os=bsd
+				;;
+			cray)
+				basic_machine=j90-cray
+				basic_os=unicos
+				;;
+			crds | unos)
+				basic_machine=m68k-crds
+				basic_os=
+				;;
+			da30)
+				basic_machine=m68k-da30
+				basic_os=
+				;;
+			decstation | pmax | pmin | dec3100 | decstatn)
+				basic_machine=mips-dec
+				basic_os=
+				;;
+			delta88)
+				basic_machine=m88k-motorola
+				basic_os=sysv3
+				;;
+			dicos)
+				basic_machine=i686-pc
+				basic_os=dicos
+				;;
+			djgpp)
+				basic_machine=i586-pc
+				basic_os=msdosdjgpp
+				;;
+			ebmon29k)
+				basic_machine=a29k-amd
+				basic_os=ebmon
+				;;
+			es1800 | OSE68k | ose68k | ose | OSE)
+				basic_machine=m68k-ericsson
+				basic_os=ose
+				;;
+			gmicro)
+				basic_machine=tron-gmicro
+				basic_os=sysv
+				;;
+			go32)
+				basic_machine=i386-pc
+				basic_os=go32
+				;;
+			h8300hms)
+				basic_machine=h8300-hitachi
+				basic_os=hms
+				;;
+			h8300xray)
+				basic_machine=h8300-hitachi
+				basic_os=xray
+				;;
+			h8500hms)
+				basic_machine=h8500-hitachi
+				basic_os=hms
+				;;
+			harris)
+				basic_machine=m88k-harris
+				basic_os=sysv3
+				;;
+			hp300 | hp300hpux)
+				basic_machine=m68k-hp
+				basic_os=hpux
+				;;
+			hp300bsd)
+				basic_machine=m68k-hp
+				basic_os=bsd
+				;;
+			hppaosf)
+				basic_machine=hppa1.1-hp
+				basic_os=osf
+				;;
+			hppro)
+				basic_machine=hppa1.1-hp
+				basic_os=proelf
+				;;
+			i386mach)
+				basic_machine=i386-mach
+				basic_os=mach
+				;;
+			isi68 | isi)
+				basic_machine=m68k-isi
+				basic_os=sysv
+				;;
+			m68knommu)
+				basic_machine=m68k-unknown
+				basic_os=linux
+				;;
+			magnum | m3230)
+				basic_machine=mips-mips
+				basic_os=sysv
+				;;
+			merlin)
+				basic_machine=ns32k-utek
+				basic_os=sysv
+				;;
+			mingw64)
+				basic_machine=x86_64-pc
+				basic_os=mingw64
+				;;
+			mingw32)
+				basic_machine=i686-pc
+				basic_os=mingw32
+				;;
+			mingw32ce)
+				basic_machine=arm-unknown
+				basic_os=mingw32ce
+				;;
+			monitor)
+				basic_machine=m68k-rom68k
+				basic_os=coff
+				;;
+			morphos)
+				basic_machine=powerpc-unknown
+				basic_os=morphos
+				;;
+			moxiebox)
+				basic_machine=moxie-unknown
+				basic_os=moxiebox
+				;;
+			msdos)
+				basic_machine=i386-pc
+				basic_os=msdos
+				;;
+			msys)
+				basic_machine=i686-pc
+				basic_os=msys
+				;;
+			mvs)
+				basic_machine=i370-ibm
+				basic_os=mvs
+				;;
+			nacl)
+				basic_machine=le32-unknown
+				basic_os=nacl
+				;;
+			ncr3000)
+				basic_machine=i486-ncr
+				basic_os=sysv4
+				;;
+			netbsd386)
+				basic_machine=i386-pc
+				basic_os=netbsd
+				;;
+			netwinder)
+				basic_machine=armv4l-rebel
+				basic_os=linux
+				;;
+			news | news700 | news800 | news900)
+				basic_machine=m68k-sony
+				basic_os=newsos
+				;;
+			news1000)
+				basic_machine=m68030-sony
+				basic_os=newsos
+				;;
+			necv70)
+				basic_machine=v70-nec
+				basic_os=sysv
+				;;
+			nh3000)
+				basic_machine=m68k-harris
+				basic_os=cxux
+				;;
+			nh[45]000)
+				basic_machine=m88k-harris
+				basic_os=cxux
+				;;
+			nindy960)
+				basic_machine=i960-intel
+				basic_os=nindy
+				;;
+			mon960)
+				basic_machine=i960-intel
+				basic_os=mon960
+				;;
+			nonstopux)
+				basic_machine=mips-compaq
+				basic_os=nonstopux
+				;;
+			os400)
+				basic_machine=powerpc-ibm
+				basic_os=os400
+				;;
+			OSE68000 | ose68000)
+				basic_machine=m68000-ericsson
+				basic_os=ose
+				;;
+			os68k)
+				basic_machine=m68k-none
+				basic_os=os68k
+				;;
+			paragon)
+				basic_machine=i860-intel
+				basic_os=osf
+				;;
+			parisc)
+				basic_machine=hppa-unknown
+				basic_os=linux
+				;;
+			psp)
+				basic_machine=mipsallegrexel-sony
+				basic_os=psp
+				;;
+			pw32)
+				basic_machine=i586-unknown
+				basic_os=pw32
+				;;
+			rdos | rdos64)
+				basic_machine=x86_64-pc
+				basic_os=rdos
+				;;
+			rdos32)
+				basic_machine=i386-pc
+				basic_os=rdos
+				;;
+			rom68k)
+				basic_machine=m68k-rom68k
+				basic_os=coff
+				;;
+			sa29200)
+				basic_machine=a29k-amd
+				basic_os=udi
+				;;
+			sei)
+				basic_machine=mips-sei
+				basic_os=seiux
+				;;
+			sequent)
+				basic_machine=i386-sequent
+				basic_os=
+				;;
+			sps7)
+				basic_machine=m68k-bull
+				basic_os=sysv2
+				;;
+			st2000)
+				basic_machine=m68k-tandem
+				basic_os=
+				;;
+			stratus)
+				basic_machine=i860-stratus
+				basic_os=sysv4
+				;;
+			sun2)
+				basic_machine=m68000-sun
+				basic_os=
+				;;
+			sun2os3)
+				basic_machine=m68000-sun
+				basic_os=sunos3
+				;;
+			sun2os4)
+				basic_machine=m68000-sun
+				basic_os=sunos4
+				;;
+			sun3)
+				basic_machine=m68k-sun
+				basic_os=
+				;;
+			sun3os3)
+				basic_machine=m68k-sun
+				basic_os=sunos3
+				;;
+			sun3os4)
+				basic_machine=m68k-sun
+				basic_os=sunos4
+				;;
+			sun4)
+				basic_machine=sparc-sun
+				basic_os=
+				;;
+			sun4os3)
+				basic_machine=sparc-sun
+				basic_os=sunos3
+				;;
+			sun4os4)
+				basic_machine=sparc-sun
+				basic_os=sunos4
+				;;
+			sun4sol2)
+				basic_machine=sparc-sun
+				basic_os=solaris2
+				;;
+			sun386 | sun386i | roadrunner)
+				basic_machine=i386-sun
+				basic_os=
+				;;
+			sv1)
+				basic_machine=sv1-cray
+				basic_os=unicos
+				;;
+			symmetry)
+				basic_machine=i386-sequent
+				basic_os=dynix
+				;;
+			t3e)
+				basic_machine=alphaev5-cray
+				basic_os=unicos
+				;;
+			t90)
+				basic_machine=t90-cray
+				basic_os=unicos
+				;;
+			toad1)
+				basic_machine=pdp10-xkl
+				basic_os=tops20
+				;;
+			tpf)
+				basic_machine=s390x-ibm
+				basic_os=tpf
+				;;
+			udi29k)
+				basic_machine=a29k-amd
+				basic_os=udi
+				;;
+			ultra3)
+				basic_machine=a29k-nyu
+				basic_os=sym1
+				;;
+			v810 | necv810)
+				basic_machine=v810-nec
+				basic_os=none
+				;;
+			vaxv)
+				basic_machine=vax-dec
+				basic_os=sysv
+				;;
+			vms)
+				basic_machine=vax-dec
+				basic_os=vms
+				;;
+			vsta)
+				basic_machine=i386-pc
+				basic_os=vsta
+				;;
+			vxworks960)
+				basic_machine=i960-wrs
+				basic_os=vxworks
+				;;
+			vxworks68)
+				basic_machine=m68k-wrs
+				basic_os=vxworks
+				;;
+			vxworks29k)
+				basic_machine=a29k-wrs
+				basic_os=vxworks
+				;;
+			xbox)
+				basic_machine=i686-pc
+				basic_os=mingw32
+				;;
+			ymp)
+				basic_machine=ymp-cray
+				basic_os=unicos
+				;;
+			*)
+				basic_machine=$1
+				basic_os=
+				;;
+		esac
+		;;
+esac
+
+# Decode 1-component or ad-hoc basic machines
+case $basic_machine in
+	# Here we handle the default manufacturer of certain CPU types.  It is in
+	# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		cpu=hppa1.1
+		vendor=winbond
+		;;
+	op50n)
+		cpu=hppa1.1
+		vendor=oki
+		;;
+	op60c)
+		cpu=hppa1.1
+		vendor=oki
+		;;
+	ibm*)
+		cpu=i370
+		vendor=ibm
+		;;
+	orion105)
+		cpu=clipper
+		vendor=highlevel
+		;;
+	mac | mpw | mac-mpw)
+		cpu=m68k
+		vendor=apple
+		;;
+	pmac | pmac-mpw)
+		cpu=powerpc
+		vendor=apple
+		;;
+
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		cpu=m68000
+		vendor=att
+		;;
+	3b*)
+		cpu=we32k
+		vendor=att
+		;;
+	bluegene*)
+		cpu=powerpc
+		vendor=ibm
+		basic_os=cnk
+		;;
+	decsystem10* | dec10*)
+		cpu=pdp10
+		vendor=dec
+		basic_os=tops10
+		;;
+	decsystem20* | dec20*)
+		cpu=pdp10
+		vendor=dec
+		basic_os=tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		cpu=m68k
+		vendor=motorola
+		;;
+	dpx2*)
+		cpu=m68k
+		vendor=bull
+		basic_os=sysv3
+		;;
+	encore | umax | mmax)
+		cpu=ns32k
+		vendor=encore
+		;;
+	elxsi)
+		cpu=elxsi
+		vendor=elxsi
+		basic_os=${basic_os:-bsd}
+		;;
+	fx2800)
+		cpu=i860
+		vendor=alliant
+		;;
+	genix)
+		cpu=ns32k
+		vendor=ns
+		;;
+	h3050r* | hiux*)
+		cpu=hppa1.1
+		vendor=hitachi
+		basic_os=hiuxwe2
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		cpu=hppa1.0
+		vendor=hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		cpu=m68000
+		vendor=hp
+		;;
+	hp9k3[2-9][0-9])
+		cpu=m68k
+		vendor=hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		cpu=hppa1.0
+		vendor=hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		cpu=hppa1.0
+		vendor=hp
+		;;
+	i*86v32)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=sysv32
+		;;
+	i*86v4*)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=sysv4
+		;;
+	i*86v)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=sysv
+		;;
+	i*86sol2)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=solaris2
+		;;
+	j90 | j90-cray)
+		cpu=j90
+		vendor=cray
+		basic_os=${basic_os:-unicos}
+		;;
+	iris | iris4d)
+		cpu=mips
+		vendor=sgi
+		case $basic_os in
+		    irix*)
+			;;
+		    *)
+			basic_os=irix4
+			;;
+		esac
+		;;
+	miniframe)
+		cpu=m68000
+		vendor=convergent
+		;;
+	*mint | mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		cpu=m68k
+		vendor=atari
+		basic_os=mint
+		;;
+	news-3600 | risc-news)
+		cpu=mips
+		vendor=sony
+		basic_os=newsos
+		;;
+	next | m*-next)
+		cpu=m68k
+		vendor=next
+		case $basic_os in
+		    openstep*)
+		        ;;
+		    nextstep*)
+			;;
+		    ns2*)
+		      basic_os=nextstep2
+			;;
+		    *)
+		      basic_os=nextstep3
+			;;
+		esac
+		;;
+	np1)
+		cpu=np1
+		vendor=gould
+		;;
+	op50n-* | op60c-*)
+		cpu=hppa1.1
+		vendor=oki
+		basic_os=proelf
+		;;
+	pa-hitachi)
+		cpu=hppa1.1
+		vendor=hitachi
+		basic_os=hiuxwe2
+		;;
+	pbd)
+		cpu=sparc
+		vendor=tti
+		;;
+	pbb)
+		cpu=m68k
+		vendor=tti
+		;;
+	pc532)
+		cpu=ns32k
+		vendor=pc532
+		;;
+	pn)
+		cpu=pn
+		vendor=gould
+		;;
+	power)
+		cpu=power
+		vendor=ibm
+		;;
+	ps2)
+		cpu=i386
+		vendor=ibm
+		;;
+	rm[46]00)
+		cpu=mips
+		vendor=siemens
+		;;
+	rtpc | rtpc-*)
+		cpu=romp
+		vendor=ibm
+		;;
+	sde)
+		cpu=mipsisa32
+		vendor=sde
+		basic_os=${basic_os:-elf}
+		;;
+	simso-wrs)
+		cpu=sparclite
+		vendor=wrs
+		basic_os=vxworks
+		;;
+	tower | tower-32)
+		cpu=m68k
+		vendor=ncr
+		;;
+	vpp*|vx|vx-*)
+		cpu=f301
+		vendor=fujitsu
+		;;
+	w65)
+		cpu=w65
+		vendor=wdc
+		;;
+	w89k-*)
+		cpu=hppa1.1
+		vendor=winbond
+		basic_os=proelf
+		;;
+	none)
+		cpu=none
+		vendor=none
+		;;
+	leon|leon[3-9])
+		cpu=sparc
+		vendor=$basic_machine
+		;;
+	leon-*|leon[3-9]-*)
+		cpu=sparc
+		vendor=`echo "$basic_machine" | sed 's/-.*//'`
+		;;
+
+	*-*)
+		# shellcheck disable=SC2162
+		saved_IFS=$IFS
+		IFS="-" read cpu vendor <<EOF
+$basic_machine
+EOF
+		IFS=$saved_IFS
+		;;
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+		cpu=$basic_machine
+		vendor=pc
+		;;
+	# These rules are duplicated from below for sake of the special case above;
+	# i.e. things that normalized to x86 arches should also default to "pc"
+	pc98)
+		cpu=i386
+		vendor=pc
+		;;
+	x64 | amd64)
+		cpu=x86_64
+		vendor=pc
+		;;
+	# Recognize the basic CPU types without company name.
+	*)
+		cpu=$basic_machine
+		vendor=unknown
+		;;
+esac
+
+unset -v basic_machine
+
+# Decode basic machines in the full and proper CPU-Company form.
+case $cpu-$vendor in
+	# Here we handle the default manufacturer of certain CPU types in canonical form. It is in
+	# some cases the only manufacturer, in others, it is the most popular.
+	craynv-unknown)
+		vendor=cray
+		basic_os=${basic_os:-unicosmp}
+		;;
+	c90-unknown | c90-cray)
+		vendor=cray
+		basic_os=${Basic_os:-unicos}
+		;;
+	fx80-unknown)
+		vendor=alliant
+		;;
+	romp-unknown)
+		vendor=ibm
+		;;
+	mmix-unknown)
+		vendor=knuth
+		;;
+	microblaze-unknown | microblazeel-unknown)
+		vendor=xilinx
+		;;
+	rs6000-unknown)
+		vendor=ibm
+		;;
+	vax-unknown)
+		vendor=dec
+		;;
+	pdp11-unknown)
+		vendor=dec
+		;;
+	we32k-unknown)
+		vendor=att
+		;;
+	cydra-unknown)
+		vendor=cydrome
+		;;
+	i370-ibm*)
+		vendor=ibm
+		;;
+	orion-unknown)
+		vendor=highlevel
+		;;
+	xps-unknown | xps100-unknown)
+		cpu=xps100
+		vendor=honeywell
+		;;
+
+	# Here we normalize CPU types with a missing or matching vendor
+	armh-unknown | armh-alt)
+		cpu=armv7l
+		vendor=alt
+		basic_os=${basic_os:-linux-gnueabihf}
+		;;
+	dpx20-unknown | dpx20-bull)
+		cpu=rs6000
+		vendor=bull
+		basic_os=${basic_os:-bosx}
+		;;
+
+	# Here we normalize CPU types irrespective of the vendor
+	amd64-*)
+		cpu=x86_64
+		;;
+	blackfin-*)
+		cpu=bfin
+		basic_os=linux
+		;;
+	c54x-*)
+		cpu=tic54x
+		;;
+	c55x-*)
+		cpu=tic55x
+		;;
+	c6x-*)
+		cpu=tic6x
+		;;
+	e500v[12]-*)
+		cpu=powerpc
+		basic_os=${basic_os}"spe"
+		;;
+	mips3*-*)
+		cpu=mips64
+		;;
+	ms1-*)
+		cpu=mt
+		;;
+	m68knommu-*)
+		cpu=m68k
+		basic_os=linux
+		;;
+	m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
+		cpu=s12z
+		;;
+	openrisc-*)
+		cpu=or32
+		;;
+	parisc-*)
+		cpu=hppa
+		basic_os=linux
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		cpu=i586
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-* | athlon_*-*)
+		cpu=i686
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		cpu=i686
+		;;
+	pentium4-*)
+		cpu=i786
+		;;
+	pc98-*)
+		cpu=i386
+		;;
+	ppc-* | ppcbe-*)
+		cpu=powerpc
+		;;
+	ppcle-* | powerpclittle-*)
+		cpu=powerpcle
+		;;
+	ppc64-*)
+		cpu=powerpc64
+		;;
+	ppc64le-* | powerpc64little-*)
+		cpu=powerpc64le
+		;;
+	sb1-*)
+		cpu=mipsisa64sb1
+		;;
+	sb1el-*)
+		cpu=mipsisa64sb1el
+		;;
+	sh5e[lb]-*)
+		cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
+		;;
+	spur-*)
+		cpu=spur
+		;;
+	strongarm-* | thumb-*)
+		cpu=arm
+		;;
+	tx39-*)
+		cpu=mipstx39
+		;;
+	tx39el-*)
+		cpu=mipstx39el
+		;;
+	x64-*)
+		cpu=x86_64
+		;;
+	xscale-* | xscalee[bl]-*)
+		cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
+		;;
+	arm64-* | aarch64le-*)
+		cpu=aarch64
+		;;
+
+	# Recognize the canonical CPU Types that limit and/or modify the
+	# company names they are paired with.
+	cr16-*)
+		basic_os=${basic_os:-elf}
+		;;
+	crisv32-* | etraxfs*-*)
+		cpu=crisv32
+		vendor=axis
+		;;
+	cris-* | etrax*-*)
+		cpu=cris
+		vendor=axis
+		;;
+	crx-*)
+		basic_os=${basic_os:-elf}
+		;;
+	neo-tandem)
+		cpu=neo
+		vendor=tandem
+		;;
+	nse-tandem)
+		cpu=nse
+		vendor=tandem
+		;;
+	nsr-tandem)
+		cpu=nsr
+		vendor=tandem
+		;;
+	nsv-tandem)
+		cpu=nsv
+		vendor=tandem
+		;;
+	nsx-tandem)
+		cpu=nsx
+		vendor=tandem
+		;;
+	mipsallegrexel-sony)
+		cpu=mipsallegrexel
+		vendor=sony
+		;;
+	tile*-*)
+		basic_os=${basic_os:-linux-gnu}
+		;;
+
+	*)
+		# Recognize the canonical CPU types that are allowed with any
+		# company name.
+		case $cpu in
+			1750a | 580 \
+			| a29k \
+			| aarch64 | aarch64_be \
+			| abacus \
+			| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
+			| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
+			| alphapca5[67] | alpha64pca5[67] \
+			| am33_2.0 \
+			| amdgcn \
+			| arc | arceb | arc32 | arc64 \
+			| arm | arm[lb]e | arme[lb] | armv* \
+			| avr | avr32 \
+			| asmjs \
+			| ba \
+			| be32 | be64 \
+			| bfin | bpf | bs2000 \
+			| c[123]* | c30 | [cjt]90 | c4x \
+			| c8051 | clipper | craynv | csky | cydra \
+			| d10v | d30v | dlx | dsp16xx \
+			| e2k | elxsi | epiphany \
+			| f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
+			| h8300 | h8500 \
+			| hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+			| hexagon \
+			| i370 | i*86 | i860 | i960 | ia16 | ia64 \
+			| ip2k | iq2000 \
+			| k1om \
+			| le32 | le64 \
+			| lm32 \
+			| loongarch32 | loongarch64 \
+			| m32c | m32r | m32rle \
+			| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
+			| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
+			| m88110 | m88k | maxq | mb | mcore | mep | metag \
+			| microblaze | microblazeel \
+			| mips | mipsbe | mipseb | mipsel | mipsle \
+			| mips16 \
+			| mips64 | mips64eb | mips64el \
+			| mips64octeon | mips64octeonel \
+			| mips64orion | mips64orionel \
+			| mips64r5900 | mips64r5900el \
+			| mips64vr | mips64vrel \
+			| mips64vr4100 | mips64vr4100el \
+			| mips64vr4300 | mips64vr4300el \
+			| mips64vr5000 | mips64vr5000el \
+			| mips64vr5900 | mips64vr5900el \
+			| mipsisa32 | mipsisa32el \
+			| mipsisa32r2 | mipsisa32r2el \
+			| mipsisa32r3 | mipsisa32r3el \
+			| mipsisa32r5 | mipsisa32r5el \
+			| mipsisa32r6 | mipsisa32r6el \
+			| mipsisa64 | mipsisa64el \
+			| mipsisa64r2 | mipsisa64r2el \
+			| mipsisa64r3 | mipsisa64r3el \
+			| mipsisa64r5 | mipsisa64r5el \
+			| mipsisa64r6 | mipsisa64r6el \
+			| mipsisa64sb1 | mipsisa64sb1el \
+			| mipsisa64sr71k | mipsisa64sr71kel \
+			| mipsr5900 | mipsr5900el \
+			| mipstx39 | mipstx39el \
+			| mmix \
+			| mn10200 | mn10300 \
+			| moxie \
+			| mt \
+			| msp430 \
+			| nds32 | nds32le | nds32be \
+			| nfp \
+			| nios | nios2 | nios2eb | nios2el \
+			| none | np1 | ns16k | ns32k | nvptx \
+			| open8 \
+			| or1k* \
+			| or32 \
+			| orion \
+			| picochip \
+			| pdp10 | pdp11 | pj | pjl | pn | power \
+			| powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
+			| pru \
+			| pyramid \
+			| riscv | riscv32 | riscv32be | riscv64 | riscv64be \
+			| rl78 | romp | rs6000 | rx \
+			| s390 | s390x \
+			| score \
+			| sh | shl \
+			| sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
+			| sh[1234]e[lb] |  sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
+			| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
+			| sparclite \
+			| sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
+			| spu \
+			| tahoe \
+			| thumbv7* \
+			| tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
+			| tron \
+			| ubicom32 \
+			| v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
+			| vax \
+			| visium \
+			| w65 \
+			| wasm32 | wasm64 \
+			| we32k \
+			| x86 | x86_64 | xc16x | xgate | xps100 \
+			| xstormy16 | xtensa* \
+			| ymp \
+			| z8k | z80)
+				;;
+
+			*)
+				echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2
+				exit 1
+				;;
+		esac
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $vendor in
+	digital*)
+		vendor=dec
+		;;
+	commodore*)
+		vendor=cbm
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if test x$basic_os != x
+then
+
+# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
+# set os.
+case $basic_os in
+	gnu/linux*)
+		kernel=linux
+		os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'`
+		;;
+	os2-emx)
+		kernel=os2
+		os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'`
+		;;
+	nto-qnx*)
+		kernel=nto
+		os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'`
+		;;
+	*-*)
+		# shellcheck disable=SC2162
+		saved_IFS=$IFS
+		IFS="-" read kernel os <<EOF
+$basic_os
+EOF
+		IFS=$saved_IFS
+		;;
+	# Default OS when just kernel was specified
+	nto*)
+		kernel=nto
+		os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
+		;;
+	linux*)
+		kernel=linux
+		os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
+		;;
+	managarm*)
+		kernel=managarm
+		os=`echo "$basic_os" | sed -e 's|managarm|mlibc|'`
+		;;
+	*)
+		kernel=
+		os=$basic_os
+		;;
+esac
+
+# Now, normalize the OS (knowing we just have one component, it's not a kernel,
+# etc.)
+case $os in
+	# First match some system type aliases that might get confused
+	# with valid system types.
+	# solaris* is a basic system type, with this one exception.
+	auroraux)
+		os=auroraux
+		;;
+	bluegene*)
+		os=cnk
+		;;
+	solaris1 | solaris1.*)
+		os=`echo "$os" | sed -e 's|solaris1|sunos4|'`
+		;;
+	solaris)
+		os=solaris2
+		;;
+	unixware*)
+		os=sysv4.2uw
+		;;
+	# es1800 is here to avoid being matched by es* (a different OS)
+	es1800*)
+		os=ose
+		;;
+	# Some version numbers need modification
+	chorusos*)
+		os=chorusos
+		;;
+	isc)
+		os=isc2.2
+		;;
+	sco6)
+		os=sco5v6
+		;;
+	sco5)
+		os=sco3.2v5
+		;;
+	sco4)
+		os=sco3.2v4
+		;;
+	sco3.2.[4-9]*)
+		os=`echo "$os" | sed -e 's/sco3.2./sco3.2v/'`
+		;;
+	sco*v* | scout)
+		# Don't match below
+		;;
+	sco*)
+		os=sco3.2v2
+		;;
+	psos*)
+		os=psos
+		;;
+	qnx*)
+		os=qnx
+		;;
+	hiux*)
+		os=hiuxwe2
+		;;
+	lynx*178)
+		os=lynxos178
+		;;
+	lynx*5)
+		os=lynxos5
+		;;
+	lynxos*)
+		# don't get caught up in next wildcard
+		;;
+	lynx*)
+		os=lynxos
+		;;
+	mac[0-9]*)
+		os=`echo "$os" | sed -e 's|mac|macos|'`
+		;;
+	opened*)
+		os=openedition
+		;;
+	os400*)
+		os=os400
+		;;
+	sunos5*)
+		os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
+		;;
+	sunos6*)
+		os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
+		;;
+	wince*)
+		os=wince
+		;;
+	utek*)
+		os=bsd
+		;;
+	dynix*)
+		os=bsd
+		;;
+	acis*)
+		os=aos
+		;;
+	atheos*)
+		os=atheos
+		;;
+	syllable*)
+		os=syllable
+		;;
+	386bsd)
+		os=bsd
+		;;
+	ctix* | uts*)
+		os=sysv
+		;;
+	nova*)
+		os=rtmk-nova
+		;;
+	ns2)
+		os=nextstep2
+		;;
+	# Preserve the version number of sinix5.
+	sinix5.*)
+		os=`echo "$os" | sed -e 's|sinix|sysv|'`
+		;;
+	sinix*)
+		os=sysv4
+		;;
+	tpf*)
+		os=tpf
+		;;
+	triton*)
+		os=sysv3
+		;;
+	oss*)
+		os=sysv3
+		;;
+	svr4*)
+		os=sysv4
+		;;
+	svr3)
+		os=sysv3
+		;;
+	sysvr4)
+		os=sysv4
+		;;
+	ose*)
+		os=ose
+		;;
+	*mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
+		os=mint
+		;;
+	dicos*)
+		os=dicos
+		;;
+	pikeos*)
+		# Until real need of OS specific support for
+		# particular features comes up, bare metal
+		# configurations are quite functional.
+		case $cpu in
+		    arm*)
+			os=eabi
+			;;
+		    *)
+			os=elf
+			;;
+		esac
+		;;
+	*)
+		# No normalization, but not necessarily accepted, that comes below.
+		;;
+esac
+
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+kernel=
+case $cpu-$vendor in
+	score-*)
+		os=elf
+		;;
+	spu-*)
+		os=elf
+		;;
+	*-acorn)
+		os=riscix1.2
+		;;
+	arm*-rebel)
+		kernel=linux
+		os=gnu
+		;;
+	arm*-semi)
+		os=aout
+		;;
+	c4x-* | tic4x-*)
+		os=coff
+		;;
+	c8051-*)
+		os=elf
+		;;
+	clipper-intergraph)
+		os=clix
+		;;
+	hexagon-*)
+		os=elf
+		;;
+	tic54x-*)
+		os=coff
+		;;
+	tic55x-*)
+		os=coff
+		;;
+	tic6x-*)
+		os=coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=tops20
+		;;
+	pdp11-*)
+		os=none
+		;;
+	*-dec | vax-*)
+		os=ultrix4.2
+		;;
+	m68*-apollo)
+		os=domain
+		;;
+	i386-sun)
+		os=sunos4.0.2
+		;;
+	m68000-sun)
+		os=sunos3
+		;;
+	m68*-cisco)
+		os=aout
+		;;
+	mep-*)
+		os=elf
+		;;
+	mips*-cisco)
+		os=elf
+		;;
+	mips*-*)
+		os=elf
+		;;
+	or32-*)
+		os=coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=sysv3
+		;;
+	sparc-* | *-sun)
+		os=sunos4.1.1
+		;;
+	pru-*)
+		os=elf
+		;;
+	*-be)
+		os=beos
+		;;
+	*-ibm)
+		os=aix
+		;;
+	*-knuth)
+		os=mmixware
+		;;
+	*-wec)
+		os=proelf
+		;;
+	*-winbond)
+		os=proelf
+		;;
+	*-oki)
+		os=proelf
+		;;
+	*-hp)
+		os=hpux
+		;;
+	*-hitachi)
+		os=hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=sysv
+		;;
+	*-cbm)
+		os=amigaos
+		;;
+	*-dg)
+		os=dgux
+		;;
+	*-dolphin)
+		os=sysv3
+		;;
+	m68k-ccur)
+		os=rtu
+		;;
+	m88k-omron*)
+		os=luna
+		;;
+	*-next)
+		os=nextstep
+		;;
+	*-sequent)
+		os=ptx
+		;;
+	*-crds)
+		os=unos
+		;;
+	*-ns)
+		os=genix
+		;;
+	i370-*)
+		os=mvs
+		;;
+	*-gould)
+		os=sysv
+		;;
+	*-highlevel)
+		os=bsd
+		;;
+	*-encore)
+		os=bsd
+		;;
+	*-sgi)
+		os=irix
+		;;
+	*-siemens)
+		os=sysv4
+		;;
+	*-masscomp)
+		os=rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=uxpv
+		;;
+	*-rom68k)
+		os=coff
+		;;
+	*-*bug)
+		os=coff
+		;;
+	*-apple)
+		os=macos
+		;;
+	*-atari*)
+		os=mint
+		;;
+	*-wrs)
+		os=vxworks
+		;;
+	*)
+		os=none
+		;;
+esac
+
+fi
+
+# Now, validate our (potentially fixed-up) OS.
+case $os in
+	# Sometimes we do "kernel-libc", so those need to count as OSes.
+	musl* | newlib* | relibc* | uclibc*)
+		;;
+	# Likewise for "kernel-abi"
+	eabi* | gnueabi*)
+		;;
+	# VxWorks passes extra cpu info in the 4th filed.
+	simlinux | simwindows | spe)
+		;;
+	# Now accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST end in a * to match a version number.
+	gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \
+	     | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \
+	     | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \
+	     | sym* |  plan9* | psp* | sim* | xray* | os68k* | v88r* \
+	     | hiux* | abug | nacl* | netware* | windows* \
+	     | os9* | macos* | osx* | ios* \
+	     | mpw* | magic* | mmixware* | mon960* | lnews* \
+	     | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \
+	     | aos* | aros* | cloudabi* | sortix* | twizzler* \
+	     | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
+	     | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
+	     | mirbsd* | netbsd* | dicos* | openedition* | ose* \
+	     | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
+	     | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
+	     | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
+	     | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
+	     | udi* | lites* | ieee* | go32* | aux* | hcos* \
+	     | chorusrdb* | cegcc* | glidix* | serenity* \
+	     | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
+	     | midipix* | mingw32* | mingw64* | mint* \
+	     | uxpv* | beos* | mpeix* | udk* | moxiebox* \
+	     | interix* | uwin* | mks* | rhapsody* | darwin* \
+	     | openstep* | oskit* | conix* | pw32* | nonstopux* \
+	     | storm-chaos* | tops10* | tenex* | tops20* | its* \
+	     | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \
+	     | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \
+	     | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \
+	     | skyos* | haiku* | rdos* | toppers* | drops* | es* \
+	     | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
+	     | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
+	     | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
+	     | fiwix* | mlibc* )
+		;;
+	# This one is extra strict with allowed versions
+	sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		;;
+	none)
+		;;
+	kernel* )
+		# Restricted further below
+		;;
+	*)
+		echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# As a final step for OS-related things, validate the OS-kernel combination
+# (given a valid OS), if there is a kernel.
+case $kernel-$os in
+	linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
+		   | linux-musl* | linux-relibc* | linux-uclibc* | linux-mlibc* )
+		;;
+	uclinux-uclibc* )
+		;;
+	managarm-mlibc* | managarm-kernel* )
+		;;
+	-dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* )
+		# These are just libc implementations, not actual OSes, and thus
+		# require a kernel.
+		echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
+		exit 1
+		;;
+	-kernel* )
+		echo "Invalid configuration \`$1': \`$os' needs explicit kernel." 1>&2
+		exit 1
+		;;
+	*-kernel* )
+		echo "Invalid configuration \`$1': \`$kernel' does not support \`$os'." 1>&2
+		exit 1
+		;;
+	kfreebsd*-gnu* | kopensolaris*-gnu*)
+		;;
+	vxworks-simlinux | vxworks-simwindows | vxworks-spe)
+		;;
+	nto-qnx*)
+		;;
+	os2-emx)
+		;;
+	*-eabi* | *-gnueabi*)
+		;;
+	-*)
+		# Blank kernel with real OS is always fine.
+		;;
+	*-*)
+		echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2
+		exit 1
+		;;
+esac
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+case $vendor in
+	unknown)
+		case $cpu-$os in
+			*-riscix*)
+				vendor=acorn
+				;;
+			*-sunos*)
+				vendor=sun
+				;;
+			*-cnk* | *-aix*)
+				vendor=ibm
+				;;
+			*-beos*)
+				vendor=be
+				;;
+			*-hpux*)
+				vendor=hp
+				;;
+			*-mpeix*)
+				vendor=hp
+				;;
+			*-hiux*)
+				vendor=hitachi
+				;;
+			*-unos*)
+				vendor=crds
+				;;
+			*-dgux*)
+				vendor=dg
+				;;
+			*-luna*)
+				vendor=omron
+				;;
+			*-genix*)
+				vendor=ns
+				;;
+			*-clix*)
+				vendor=intergraph
+				;;
+			*-mvs* | *-opened*)
+				vendor=ibm
+				;;
+			*-os400*)
+				vendor=ibm
+				;;
+			s390-* | s390x-*)
+				vendor=ibm
+				;;
+			*-ptx*)
+				vendor=sequent
+				;;
+			*-tpf*)
+				vendor=ibm
+				;;
+			*-vxsim* | *-vxworks* | *-windiss*)
+				vendor=wrs
+				;;
+			*-aux*)
+				vendor=apple
+				;;
+			*-hms*)
+				vendor=hitachi
+				;;
+			*-mpw* | *-macos*)
+				vendor=apple
+				;;
+			*-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*)
+				vendor=atari
+				;;
+			*-vos*)
+				vendor=stratus
+				;;
+		esac
+		;;
+esac
+
+echo "$cpu-$vendor-${kernel:+$kernel-}$os"
+exit
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/krb5-1.21.3/src/config/install-sh b/krb5-1.21.3/src/config/install-sh
new file mode 100755
index 00000000..f5061e7e
--- /dev/null
+++ b/krb5-1.21.3/src/config/install-sh
@@ -0,0 +1,295 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2003-09-24.23
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=
+transform_arg=
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=
+chgrpcmd=
+stripcmd=
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=
+dst=
+dir_arg=
+
+usage="Usage: $0 [OPTION]... SRCFILE DSTFILE
+   or: $0 -d DIR1 DIR2...
+
+In the first form, install SRCFILE to DSTFILE, removing SRCFILE by default.
+In the second, create the directory path DIR.
+
+Options:
+-b=TRANSFORMBASENAME
+-c         copy source (using $cpprog) instead of moving (using $mvprog).
+-d         create directories instead of installing files.
+-g GROUP   $chgrp installed files to GROUP.
+-m MODE    $chmod installed files to MODE.
+-o USER    $chown installed files to USER.
+-s         strip installed files (using $stripprog).
+-t=TRANSFORM
+--help     display this help and exit.
+--version  display version info and exit.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test -n "$1"; do
+  case $1 in
+    -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+        shift
+        continue;;
+
+    -c) instcmd=$cpprog
+        shift
+        continue;;
+
+    -d) dir_arg=true
+        shift
+        continue;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift
+        shift
+        continue;;
+
+    --help) echo "$usage"; exit 0;;
+
+    -m) chmodcmd="$chmodprog $2"
+        shift
+        shift
+        continue;;
+
+    -o) chowncmd="$chownprog $2"
+        shift
+        shift
+        continue;;
+
+    -s) stripcmd=$stripprog
+        shift
+        continue;;
+
+    -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+        shift
+        continue;;
+
+    --version) echo "$0 $scriptversion"; exit 0;;
+
+    *)  if test -z "$src"; then
+          src=$1
+        else
+          # this colon is to work around a 386BSD /bin/sh bug
+          :
+          dst=$1
+        fi
+        shift
+        continue;;
+  esac
+done
+
+if test -z "$src"; then
+  echo "$0: no input file specified." >&2
+  exit 1
+fi
+
+# Protect names starting with `-'.
+case $src in
+  -*) src=./$src ;;
+esac
+
+if test -n "$dir_arg"; then
+  dst=$src
+  src=
+
+  if test -d "$dst"; then
+    instcmd=:
+    chmodcmd=
+  else
+    instcmd=$mkdirprog
+  fi
+else
+  # Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+  # might cause directories to be created, which would be especially bad
+  # if $src (and thus $dsttmp) contains '*'.
+  if test ! -f "$src" && test ! -d "$src"; then
+    echo "$0: $src does not exist." >&2
+    exit 1
+  fi
+
+  if test -z "$dst"; then
+    echo "$0: no destination specified." >&2
+    exit 1
+  fi
+
+  # Protect names starting with `-'.
+  case $dst in
+    -*) dst=./$dst ;;
+  esac
+
+  # If destination is a directory, append the input filename; won't work
+  # if double slashes aren't ignored.
+  if test -d "$dst"; then
+    dst=$dst/`basename "$src"`
+  fi
+fi
+
+# This sed command emulates the dirname command.
+dstdir=`echo "$dst" | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+
+# Skip lots of stat calls in the usual case.
+if test ! -d "$dstdir"; then
+  defaultIFS='
+	'
+  IFS="${IFS-$defaultIFS}"
+
+  oIFS=$IFS
+  # Some sh's can't handle IFS=/ for some reason.
+  IFS='%'
+  set - `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'`
+  IFS=$oIFS
+
+  pathcomp=
+
+  while test $# -ne 0 ; do
+    pathcomp=$pathcomp$1
+    shift
+    test -d "$pathcomp" || $mkdirprog "$pathcomp"
+    pathcomp=$pathcomp/
+  done
+fi
+
+if test -n "$dir_arg"; then
+  $doit $instcmd "$dst" \
+    && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
+    && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
+    && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
+    && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; }
+
+else
+  # If we're going to rename the final executable, determine the name now.
+  if test -z "$transformarg"; then
+    dstfile=`basename "$dst"`
+  else
+    dstfile=`basename "$dst" $transformbasename \
+             | sed $transformarg`$transformbasename
+  fi
+
+  # don't allow the sed command to completely eliminate the filename.
+  test -z "$dstfile" && dstfile=`basename "$dst"`
+
+  # Make a couple of temp file names in the proper directory.
+  dsttmp=$dstdir/_inst.$$_
+  rmtmp=$dstdir/_rm.$$_
+
+  # Trap to clean up those temp files at exit.
+  trap 'status=$?; rm -f "$dsttmp" "$rmtmp" && exit $status' 0
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Move or copy the file name to the temp name
+  $doit $instcmd "$src" "$dsttmp" &&
+
+  # and set any options; do chmod last to preserve setuid bits.
+  #
+  # If any of these fail, we abort the whole thing.  If we want to
+  # ignore errors from any of these, just make sure not to ignore
+  # errors from the above "$doit $instcmd $src $dsttmp" command.
+  #
+  { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+    && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+    && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+    && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } &&
+
+  # Now remove or move aside any old file at destination location.  We
+  # try this two ways since rm can't unlink itself on some systems and
+  # the destination file might be busy for other reasons.  In this case,
+  # the final cleanup might fail but the new file should still install
+  # successfully.
+  {
+    if test -f "$dstdir/$dstfile"; then
+      $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \
+      || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \
+      || {
+	  echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2
+	  (exit 1); exit
+      }
+    else
+      :
+    fi
+  } &&
+
+  # Now rename the file to the real destination.
+  $doit $mvcmd "$dsttmp" "$dstdir/$dstfile"
+fi &&
+
+# The final little trick to "correctly" pass the exit status to the exit trap.
+{
+  (exit 0); exit
+}
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/krb5-1.21.3/src/config/lib.in b/krb5-1.21.3/src/config/lib.in
new file mode 100644
index 00000000..774e120a
--- /dev/null
+++ b/krb5-1.21.3/src/config/lib.in
@@ -0,0 +1,164 @@
+### config/lib.in
+# *** keep this in sync with libnover.in
+#
+# Makefile fragment that creates static, shared, and profiled libraries.
+#
+# The following variables must be set in the Makefile.in:
+#
+# LIBBASE	library name without "lib" or extension
+# LIBMAJOR	library major version
+# LIBMINOR	library minor version
+# SHLIB_EXPDEPS	list of libraries that this one has explicit
+#			dependencies on, pref. in the form libfoo$(SHLIBEXT)
+# SHLIB_EXPLIBS	list of libraries that this one has explicit
+#			dependencies on, in "-lfoo" form.
+# RELDIR	path to this directory relative to $(TOPLIBD)
+#
+# Makefile.in can also override the defaults for SHLIB_DIRS,
+# SHLIB_RDIRS, and STOBJLISTS from pre.in.
+
+LIBPREFIX=lib
+
+SHOBJLISTS=$(STOBJLISTS:.ST=.SH)
+PFOBJLISTS=$(STOBJLISTS:.ST=.PF)
+
+dummy-target-1 $(SUBDIROBJLISTS) $(SUBDIROBJLISTS:.ST=.SH) $(SUBDIROBJLISTS:.ST=.PF): all-recurse
+
+# Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files
+PARSE_OBJLISTS= set -x && $(PERL) -p -e 'BEGIN { $$SIG{__WARN__} = sub {die @_} }; $$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;'
+
+lib$(LIBBASE)$(STLIBEXT): $(STOBJLISTS)
+	$(RM) $@
+	@echo "building static $(LIBBASE) library"
+	set -x; objlist=`$(PARSE_OBJLISTS) $(STOBJLISTS)` && $(AR) cq $@ $$objlist
+	$(RANLIB) $@
+
+lib$(LIBBASE)$(SHLIBVEXT): $(SHOBJLISTS) $(SHLIB_EXPDEPS) $(SHLIB_EXPORT_FILE_DEP)
+	$(RM) $@
+	@echo "building shared $(LIBBASE) library ($(LIBMAJOR).$(LIBMINOR))"
+	set -x; objlist=`$(PARSE_OBJLISTS) $(SHOBJLISTS)` && $(MAKE_SHLIB_COMMAND)
+
+lib$(LIBBASE)$(SHLIBSEXT): lib$(LIBBASE)$(SHLIBVEXT)
+	$(RM) $@
+	$(LN_S) lib$(LIBBASE)$(SHLIBVEXT) $@
+lib$(LIBBASE)$(SHLIBEXT): lib$(LIBBASE)$(SHLIBVEXT)
+	$(RM) $@
+	$(LN_S) lib$(LIBBASE)$(SHLIBVEXT) $@
+
+binutils.versions: $(SHLIB_EXPORT_FILE) Makefile
+	base=`echo "$(LIBBASE)" | sed -e 's/-/_/'`; \
+	echo >  binutils.versions "$${base}_$(LIBMAJOR)_MIT {"
+	sed  >> binutils.versions < $(SHLIB_EXPORT_FILE) "s/$$/;/"
+	echo >> binutils.versions "};"
+	echo >> binutils.versions "HIDDEN { local: __*; _rest*; _save*; *; };"
+
+darwin.exports: $(SHLIB_EXPORT_FILE) Makefile
+	sed > darwin-exports.tmp < $(SHLIB_EXPORT_FILE) "s/^/_/"
+	$(MV) darwin-exports.tmp darwin.exports
+
+osf1.exports: $(SHLIB_EXPORT_FILE) Makefile
+	$(RM) osf1.tmp osf1.exports
+	sed "s/^/-exported_symbol /" < $(SHLIB_EXPORT_FILE) > osf1.tmp
+	for f in . $(LIBINITFUNC); do \
+	  if test "$$f" != "." ; then \
+	    echo " -init $$f"__auxinit >> osf1.tmp; \
+	  else :; fi; \
+	done
+	a=""; \
+	for f in . $(LIBFINIFUNC); do \
+	  if test "$$f" != "." ; then \
+	    a="-fini $$f $$a"; \
+	  else :; fi; \
+	done; echo " $$a" >> osf1.tmp
+	mv -f osf1.tmp osf1.exports
+
+hpux.exports: $(SHLIB_EXPORT_FILE) Makefile
+	$(RM) hpux.tmp hpux.exports
+	sed "s/^/+e /" < $(SHLIB_EXPORT_FILE) > hpux.tmp
+	a=""; \
+	for f in . $(LIBFINIFUNC); do \
+	  if test "$$f" != .; then \
+	    a="+I $${f}__auxfini $$a"; \
+	  else :; fi; \
+	done; echo "$$a" >> hpux.tmp
+	echo "+e errno" >> hpux.tmp
+	base=`echo "$(LIBBASE)" | sed -e 's/-/_/'`; \
+	echo "+e _GLOBAL__FD_lib$${base}_$(LIBMAJOR)_$(LIBMINOR)" >> hpux.tmp; \
+	echo "+e _GLOBAL__FI_lib$${base}_$(LIBMAJOR)_$(LIBMINOR)" >> hpux.tmp
+	mv -f hpux.tmp hpux.exports
+
+lib$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS)
+	$(RM) $@
+	@echo "building profiled $(LIBBASE) library"
+	set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist
+	$(RANLIB) $@
+
+$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT): lib$(LIBBASE)$(STLIBEXT)
+	$(RM) $@
+	(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(STLIBEXT) .)
+$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT): lib$(LIBBASE)$(SHLIBEXT)
+	$(RM) $@
+	(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(SHLIBEXT) .)
+$(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT): lib$(LIBBASE)$(SHLIBSEXT)
+	$(RM) $@
+	(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(SHLIBSEXT) .)
+$(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT): lib$(LIBBASE)$(SHLIBVEXT)
+	$(RM) $@
+	(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(SHLIBVEXT) .)
+$(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT): lib$(LIBBASE)$(PFLIBEXT)
+	$(RM) $@
+	(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/lib$(LIBBASE)$(PFLIBEXT) .)
+
+all-libs: $(LIBLIST)
+all-liblinks: $(LIBLINKS)
+
+clean-libs:
+	$(RM) lib$(LIBBASE)$(STLIBEXT)
+	$(RM) lib$(LIBBASE)$(SHLIBVEXT)
+	$(RM) lib$(LIBBASE)$(SHLIBSEXT)
+	$(RM) lib$(LIBBASE)$(SHLIBEXT)
+	$(RM) lib$(LIBBASE)$(PFLIBEXT)
+	$(RM) binutils.versions osf1.exports darwin.exports hpux.exports
+
+clean-liblinks:
+	$(RM) $(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)
+	$(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT)
+	$(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT)
+	$(RM) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT)
+	$(RM) $(TOPLIBD)/lib$(LIBBASE)$(PFLIBEXT)
+
+install-libs: $(LIBINSTLIST)
+install-static:
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(STLIBEXT)
+	$(INSTALL_DATA) lib$(LIBBASE)$(STLIBEXT) $(DESTDIR)$(KRB5_LIBDIR)
+	$(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(STLIBEXT)
+install-shared:
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(SHLIBVEXT)
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(SHLIBEXT)
+	$(INSTALL_SHLIB) lib$(LIBBASE)$(SHLIBVEXT) $(DESTDIR)$(KRB5_LIBDIR)
+	(cd $(DESTDIR)$(KRB5_LIBDIR) && $(LN_S) lib$(LIBBASE)$(SHLIBVEXT) \
+		lib$(LIBBASE)$(SHLIBEXT))
+install-shlib-soname: install-shared
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(SHLIBSEXT)
+	(cd $(DESTDIR)$(KRB5_LIBDIR) && $(LN_S) lib$(LIBBASE)$(SHLIBVEXT) \
+		lib$(LIBBASE)$(SHLIBSEXT))
+install-profiled:
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT)
+	$(INSTALL_DATA) lib$(LIBBASE)$(PFLIBEXT) $(DESTDIR)$(KRB5_LIBDIR)
+	$(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT)
+
+Makefile: $(top_srcdir)/config/lib.in
+$(BUILDTOP)/config.status: $(top_srcdir)/config/shlib.conf
+
+# Use the following if links need to be made to $(TOPLIBD):
+# all-unix: all-liblinks
+# install-unix: install-libs
+# clean-unix:: clean-liblinks clean-libs
+
+# Use the following if links need not be made:
+# all-unix: all-libs
+# install-unix: install-libs
+# clean-unix:: clean-libs
+
+###
+### end config/lib.in
diff --git a/krb5-1.21.3/src/config/libnodeps.in b/krb5-1.21.3/src/config/libnodeps.in
new file mode 100644
index 00000000..6416a300
--- /dev/null
+++ b/krb5-1.21.3/src/config/libnodeps.in
@@ -0,0 +1,4 @@
+# Must override when there are no dependencies, because on some
+# platforms there's a prefix stuck in front of the library path that
+# we won't set (SHLIB_RDIRS).
+SHLIB_EXPFLAGS=
diff --git a/krb5-1.21.3/src/config/libnover.in b/krb5-1.21.3/src/config/libnover.in
new file mode 100644
index 00000000..ab6baea8
--- /dev/null
+++ b/krb5-1.21.3/src/config/libnover.in
@@ -0,0 +1,132 @@
+### config/libnover.in
+# *** keep this in sync with lib.in
+#
+# Makefile fragment that creates shared libraries sans version
+# info (plugin modules).
+#
+# The following variables must be set in the Makefile.in:
+#
+# LIBBASE	library name without "lib" or extension
+# SHLIB_EXPDEPS	list of libraries that this one has explicit
+#			dependencies on, pref. in the form libfoo$(SHLIBEXT)
+# SHLIB_EXPLIBS	list of libraries that this one has explicit
+#			dependencies on, in "-lfoo" form.
+# RELDIR	path to this directory relative to $(TOPLIBD)
+#
+# Makefile.in can also override the defaults for SHLIB_DIRS,
+# SHLIB_RDIRS, and STOBJLISTS from pre.in.
+
+LIBPREFIX=
+
+SHOBJLISTS=$(STOBJLISTS:.ST=.SH)
+PFOBJLISTS=$(STOBJLISTS:.ST=.PF)
+
+dummy-target-1 $(SUBDIROBJLISTS) $(SUBDIROBJLISTS:.ST=.SH) $(SUBDIROBJLISTS:.ST=.PF): all-recurse
+
+# Gets invoked as $(PARSE_OBJLISTS) list-of-OBJS.*-files
+PARSE_OBJLISTS= set -x && $(PERL) -p -e 'BEGIN { $$SIG{__WARN__} = sub {die @_} }; $$e=$$ARGV; $$e =~ s/OBJS\...$$//; s/^/ /; s/ $$//; s/ / $$e/g;'
+
+LIBINSTLIST=install-shared
+
+libkrb5_$(LIBBASE)$(STLIBEXT): $(STOBJLISTS)
+	$(RM) $@
+	@echo "building static $(LIBBASE) library"
+	set -x; objlist=`$(PARSE_OBJLISTS) $(STOBJLISTS)` && $(AR) cq $@ $$objlist
+	$(RANLIB) $@
+
+$(LIBBASE)$(DYNOBJEXT): $(SHOBJLISTS) $(DYNOBJ_EXPDEPS) $(SHLIB_EXPORT_FILE_DEP)
+	$(RM) $@
+	@echo "building dynamic $(LIBBASE) object"
+	set -x; objlist=`$(PARSE_OBJLISTS) $(SHOBJLISTS)` && $(MAKE_DYNOBJ_COMMAND)
+
+binutils.versions: $(SHLIB_EXPORT_FILE) Makefile
+	echo >  binutils.versions "HIDDEN { local: __*; _rest*; _save*; *; };"
+	echo >> binutils.versions "$(LIBBASE)_$(LIBMAJOR)_MIT {"
+	sed  >> binutils.versions < $(SHLIB_EXPORT_FILE) "s/$$/;/"
+	echo >> binutils.versions "};"
+
+osf1.exports: $(SHLIB_EXPORT_FILE) Makefile
+	$(RM) osf1.tmp osf1.exports
+	sed "s/^/-exported_symbol /" < $(SHLIB_EXPORT_FILE) > osf1.tmp
+	for f in . $(LIBINITFUNC); do \
+	  if test "$$f" != "." ; then \
+	    echo " -init $$f"__auxinit >> osf1.tmp; \
+	  else :; fi; \
+	done
+	a=""; \
+	for f in . $(LIBFINIFUNC); do \
+	  if test "$$f" != "." ; then \
+	    a="-fini $$f $$a"; \
+	  else :; fi; \
+	done; echo " $$a" >> osf1.tmp; \
+	mv -f osf1.tmp osf1.exports
+
+hpux.exports: $(SHLIB_EXPORT_FILE) Makefile
+	$(RM) hpux.tmp hpux.exports
+	sed "s/^/+e /" < $(SHLIB_EXPORT_FILE) > hpux.tmp
+	a=""; \
+	for f in . $(LIBFINIFUNC); do \
+	  if test "$$f" != .; then \
+	    a="+I $${f}__auxfini $$a"; \
+	  else :; fi; \
+	done; echo "$$a" >> hpux.tmp
+	echo "+e errno" >> hpux.tmp
+	mv -f hpux.tmp hpux.exports
+
+darwin.exports: $(SHLIB_EXPORT_FILE) Makefile
+	$(RM) darwin.exports
+	sed "s/^/_/" < $(SHLIB_EXPORT_FILE) > darwin.exports
+
+libkrb5_$(LIBBASE)$(PFLIBEXT): $(PFOBJLISTS)
+	$(RM) $@
+	@echo "building profiled $(LIBBASE) library"
+	set -x; objlist=`$(PARSE_OBJLISTS) $(PFOBJLISTS)` && $(AR) cq $@ $$objlist
+	$(RANLIB) $@
+
+# For static builds, we make a symlink in the main library directory,
+# allowing the plugin library to be a dependency of the core libraries
+# which use it.
+$(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT):
+	$(RM) $@
+	(cd $(TOPLIBD) && $(LN_S) $(RELDIR)/libkrb5_$(LIBBASE)$(STLIBEXT) .)
+
+# For shared builds, we make a symlink in the parent directory, allowing
+# tests to point plugin_base_dir at $(BUILDTOP)/plugins.
+../$(LIBBASE)$(DYNOBJEXT):
+	$(RM) $@
+	(cd .. && $(LN_S) `basename $(mydir)`/$(LIBBASE)$(DYNOBJEXT) .)
+
+all-liblinks: all-libs $(PLUGINLINK)
+all-libs: $(PLUGIN)
+
+clean-libs:
+	$(RM) $(LIBBASE)$(DYNOBJEXT)
+	$(RM) binutils.versions osf1.exports darwin.exports hpux.exports
+
+clean-liblinks:
+	$(RM) $(PLUGINLINK)
+
+install-libs: $(PLUGININST)
+install-static:
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/libkrb5_$(LIBBASE)$(STLIBEXT)
+	$(INSTALL_DATA) libkrb5_$(LIBBASE)$(STLIBEXT) $(DESTDIR)$(KRB5_LIBDIR)
+	$(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libkrb5_$(LIBBASE)$(STLIBEXT)
+install-plugin:
+	$(RM) $(DESTDIR)$(MODULE_INSTALL_DIR)/$(LIBBASE)$(DYNOBJEXT)
+	$(INSTALL_SHLIB) $(LIBBASE)$(DYNOBJEXT) $(DESTDIR)$(MODULE_INSTALL_DIR)
+
+Makefile: $(top_srcdir)/config/libnover.in
+$(BUILDTOP)/config.status: $(top_srcdir)/config/shlib.conf
+
+# Use the following if links need to be made to $(TOPLIBD):
+# all-unix: all-liblinks
+# install-unix: install-libs
+# clean-unix:: clean-liblinks clean-libs
+
+# Use the following if links need not be made:
+# all-unix: all-libs
+# install-unix: install-libs
+# clean-unix:: clean-libs
+
+###
+### end config/libnovers.in
diff --git a/krb5-1.21.3/src/config/libobj.in b/krb5-1.21.3/src/config/libobj.in
new file mode 100644
index 00000000..0f7d2f5b
--- /dev/null
+++ b/krb5-1.21.3/src/config/libobj.in
@@ -0,0 +1,42 @@
+### config/libobj.in
+#
+# Makefile fragment that builds object files for libraries.
+#
+# The following variables must be set in Makefile.in:
+#
+# STLIBOBJS	list of .o objects; this must not contain variable
+#		references.
+
+.SUFFIXES: .c .so .po
+.c.so:
+	$(CC) $(PICFLAGS) -DSHARED $(ALL_CFLAGS) -c $< -o $*.so.o && $(MV) $*.so.o $*.so
+.c.po:
+	$(CC) $(PROFFLAGS) $(ALL_CFLAGS) -c $< -o $*.po.o && $(MV) $*.po.o $*.po
+
+# rules to generate object file lists
+
+OBJS.ST: $(STLIBOBJS) Makefile
+	@echo $(STLIBOBJS) > $@
+	: updated $@
+
+OBJS.SH: $(SHLIBOBJS) Makefile
+	@echo $(SHLIBOBJS) > $@
+	: updated $@
+
+OBJS.PF: $(PFLIBOBJS) Makefile
+	@echo $(PFLIBOBJS) > $@
+	: updated $@
+
+all-libobjs: $(OBJLISTS)
+
+clean-libobjs:
+	$(RM) OBJS.ST OBJS.SH OBJS.PF $(STLIBOBJS) $(SHLIBOBJS) $(PFLIBOBJS)
+
+Makefile: $(top_srcdir)/config/libobj.in
+config.status: $(top_srcdir)/config/shlib.conf
+
+# clean-unix:: clean-libobjs
+# all-unix: all-libobjs
+
+###
+### end config/libobj.in
diff --git a/krb5-1.21.3/src/config/libpriv.in b/krb5-1.21.3/src/config/libpriv.in
new file mode 100644
index 00000000..4fe13c3b
--- /dev/null
+++ b/krb5-1.21.3/src/config/libpriv.in
@@ -0,0 +1,12 @@
+# Additional definitions for private libraries, which we build as archive
+# libraries (or equivalent) and do not install.
+#
+# The defaults (for installed shared libraries) are in pre.in.  We
+# override them here, before lib.in uses them.
+LIBLIST=lib$(LIBBASE)$(STLIBEXT)
+LIBLINKS=$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)
+OBJLISTS=OBJS.ST
+LIBINSTLIST=
+SHLIBEXT=.so-nobuild
+SHLIBVEXT=.so.v-nobuild
+SHLIBSEXT=.so.s-nobuild
diff --git a/krb5-1.21.3/src/config/mkinstalldirs b/krb5-1.21.3/src/config/mkinstalldirs
new file mode 100755
index 00000000..6b3b5fc5
--- /dev/null
+++ b/krb5-1.21.3/src/config/mkinstalldirs
@@ -0,0 +1,40 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+# $Id$
+
+errstatus=0
+
+for file
+do
+   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+   shift
+
+   pathcomp=
+   for d
+   do
+     pathcomp="$pathcomp$d"
+     case "$pathcomp" in
+       -* ) pathcomp=./$pathcomp ;;
+     esac
+
+     if test ! -d "$pathcomp"; then
+        echo "mkdir $pathcomp"
+
+        mkdir "$pathcomp" || lasterr=$?
+
+        if test ! -d "$pathcomp"; then
+  	  errstatus=$lasterr
+        fi
+     fi
+
+     pathcomp="$pathcomp/"
+   done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
diff --git a/krb5-1.21.3/src/config/move-if-changed b/krb5-1.21.3/src/config/move-if-changed
new file mode 100755
index 00000000..21403e12
--- /dev/null
+++ b/krb5-1.21.3/src/config/move-if-changed
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Move file 1 to file 2 if they don't already match.
+# Good for "make depend" for example, where it'd be nice to keep the
+# old datestamp.
+if [ $# != 2 ]; then
+  echo 2>&1 usage: $0 newfile oldfilename
+  exit 1
+fi
+#
+if [ ! -r "$2" ]; then
+  exec mv -f "$1" "$2"
+fi
+if cmp "$1" "$2" >/dev/null; then
+  echo "$2 is unchanged"
+  exec rm -f "$1"
+fi
+exec mv -f "$1" "$2"
diff --git a/krb5-1.21.3/src/config/pkg.m4 b/krb5-1.21.3/src/config/pkg.m4
new file mode 100644
index 00000000..01628d8a
--- /dev/null
+++ b/krb5-1.21.3/src/config/pkg.m4
@@ -0,0 +1,275 @@
+# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $2])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+        AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+	m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+        AC_MSG_RESULT([no])
+	m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <https://www.freedesktop.org/wiki/Software/pkg-config/>.])[]dnl
+        ])
+else
+	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+	$3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
diff --git a/krb5-1.21.3/src/config/post.in b/krb5-1.21.3/src/config/post.in
new file mode 100644
index 00000000..4d0cb753
--- /dev/null
+++ b/krb5-1.21.3/src/config/post.in
@@ -0,0 +1,242 @@
+############################################################
+## config/post.in
+##
+
+# in case there is no default target (very unlikely)
+all:
+
+check-windows:
+
+# In a few parts of "make check" we run shell scripts which run
+# programs linked against krb5 libraries.  On macOS 10.11 and higher,
+# DYLD_LIBRARY_PATH is cleared by the shell unless System Integrity
+# Protection is turned off, so we need to set runtime linker
+# environment variables from within test scripts.  A Makefile.in which
+# runs shell script tests should make its check rule depend on
+# runenv.sh and make each script begin with ". ./runenv.sh".
+runenv.sh:
+	$(RUN_SETUP); for i in $(RUN_VARS); do \
+		eval echo "$$i=\\\"\$$$$i\\\""; \
+		echo "export $$i"; done > $@
+
+##############################
+# dependency generation
+#
+
+depend: depend-postrecurse
+depend-postrecurse: depend-recurse
+depend-recurse: depend-prerecurse
+
+depend-prerecurse:
+depend-postrecurse:
+
+depend-postrecurse: depend-update-makefile
+
+ALL_DEP_SRCS= $(SRCS) $(EXTRADEPSRCS)
+
+# be sure to check ALL_DEP_SRCS against *what it would be if SRCS and
+# EXTRADEPSRCS are both empty*
+$(BUILDTOP)/.depend-verify-srcdir:
+	@if test "$(srcdir)" = "." ; then \
+		echo 1>&2 error: cannot build dependencies with srcdir=. ; \
+		echo 1>&2 "(can't distinguish generated files from source files)" ; \
+		echo 1>&2 "Run 'make distclean' and create a separate build dir" ; \
+		exit 1 ; \
+	elif test -f "$(top_srcdir)/include/autoconf.h"; then \
+		echo 1>&2 "error: generated headers found in source tree" ; \
+		echo 1>&2 "Run 'make distclean' in source tree first" ; \
+		exit 1 ; \
+	else \
+		if test -r $(BUILDTOP)/.depend-verify-srcdir; then :; \
+			else (set -x; touch $(BUILDTOP)/.depend-verify-srcdir); fi \
+	fi
+$(BUILDTOP)/.depend-verify-et: depend-verify-et-$(COM_ERR_VERSION)
+depend-verify-et-k5:
+	@if test -r $(BUILDTOP)/.depend-verify-et; then :; \
+		else (set -x; touch $(BUILDTOP)/.depend-verify-et); fi
+depend-verify-et-sys depend-verify-et-intlsys:
+	@echo 1>&2 error: cannot build dependencies using system et package
+	@exit 1
+$(BUILDTOP)/.depend-verify-ss: depend-verify-ss-$(SS_VERSION)
+depend-verify-ss-k5:
+	@if test -r $(BUILDTOP)/.depend-verify-ss; then :; \
+		else (set -x; touch $(BUILDTOP)/.depend-verify-ss); fi
+depend-verify-ss-sys:
+	@echo 1>&2 error: cannot build dependencies using system ss package
+	@exit 1
+$(BUILDTOP)/.depend-verify-verto: depend-verify-verto-$(VERTO_VERSION)
+depend-verify-verto-k5:
+	@if test -r $(BUILDTOP)/.depend-verify-verto; then :; \
+		else (set -x; touch $(BUILDTOP)/.depend-verify-verto); fi
+depend-verify-verto-sys:
+	@echo 1>&2 error: cannot build dependencies using system verto package
+	@echo 1>&2 Please configure with --without-system-verto
+	@exit 1
+$(BUILDTOP)/.depend-verify-gcc: depend-verify-gcc-@HAVE_GCC@
+depend-verify-gcc-yes:
+	@if test -r $(BUILDTOP)/.depend-verify-gcc; then :; \
+		else (set -x; touch $(BUILDTOP)/.depend-verify-gcc); fi
+depend-verify-gcc-no:
+	@echo 1>&2 error: The '"depend"' rules are written for gcc.
+	@echo 1>&2 Please use gcc, or update the rules to handle your compiler.
+	@exit 1
+
+DEP_CFG_VERIFY = $(BUILDTOP)/.depend-verify-srcdir \
+	$(BUILDTOP)/.depend-verify-et $(BUILDTOP)/.depend-verify-ss \
+	$(BUILDTOP)/.depend-verify-verto
+DEP_VERIFY = $(DEP_CFG_VERIFY) $(BUILDTOP)/.depend-verify-gcc
+
+.d: $(ALL_DEP_SRCS) $(DEP_CFG_VERIFY) depend-dependencies
+	if test "$(ALL_DEP_SRCS)" != " " ; then \
+		$(RM) .dtmp && $(MAKE) .dtmp && mv -f .dtmp .d ; \
+	else \
+		touch .d ; \
+	fi
+
+# These are dependencies of the depend target that do not get fed to
+# the compiler.  Examples include generated header files.
+depend-dependencies:
+
+# .dtmp must *always* be out of date so that $? can be used to perform
+# VPATH searches on the sources.
+#
+# NOTE: This will fail when using Make programs whose VPATH support is
+# broken.
+.dtmp: $(ALL_DEP_SRCS)
+	$(CC) -M -DDEPEND $(ALL_CFLAGS) $? > .dtmp
+
+# NOTE: This will also generate spurious $(OUTPRE) and $(OBJEXT)
+# references in rules for non-library objects in a directory where
+# library objects happen to be built.  It's mostly harmless.
+.depend: .d $(top_srcdir)/util/depfix.pl
+	perl $(top_srcdir)/util/depfix.pl '$(top_srcdir)' '$(mydir)' \
+		'$(srcdir)' '$(BUILDTOP)' '$(STLIBOBJS)' < .d > .depend
+
+# Temporarily keep the rule for removing the dependency line eater
+# until we're sure we've gotten everything converted and excised the
+# old stuff from Makefile.in files.
+depend-update-makefile: .depend depend-recurse
+	if test "$(ALL_DEP_SRCS)" != " " ; then \
+		$(CP) .depend $(srcdir)/deps.new ; \
+	else \
+		echo "# No dependencies here." > $(srcdir)/deps.new ; \
+	fi
+	$(top_srcdir)/config/move-if-changed $(srcdir)/deps.new $(srcdir)/deps
+	sed -e '/^# +++ Dependency line eater +++/,$$d' \
+		< $(srcdir)/Makefile.in > $(srcdir)/Makefile.in.new
+	$(top_srcdir)/config/move-if-changed $(srcdir)/Makefile.in.new \
+		$(srcdir)/Makefile.in
+
+DEPTARGETS = .depend .d .dtmp $(DEP_VERIFY)
+DEPTARGETS_CLEAN = .depend .d .dtmp $(DEPTARGETS_@srcdir@_@CONFIG_RELTOPDIR@)
+DEPTARGETS_@top_srcdir@_. = $(DEP_VERIFY)
+
+# Clear out dependencies.  Should only be used temporarily, e.g., while
+# moving or renaming headers and then rebuilding dependencies.
+undepend: undepend-postrecurse
+undepend-recurse:
+undepend-postrecurse: undepend-recurse
+	if test -n "$(SRCS)" ; then \
+		sed -e '/^# +++ Dependency line eater +++/,$$d' \
+			< $(srcdir)/Makefile.in \
+			> $(srcdir)/Makefile.in.new ;\
+		echo "# +++ Dependency line eater +++" >> $(srcdir)/Makefile.in.new ;\
+		echo "# (dependencies temporarily removed)" >> $(srcdir)/Makefile.in.new ;\
+		$(top_srcdir)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in;\
+	else :; fi
+
+#
+# end dependency generation
+##############################
+
+# Python tests
+check-unix: check-pytests-@HAVE_PYTHON@
+
+# Makefile.in should add rules to check-pytests to execute Python tests.
+check-pytests-yes: check-pytests
+check-pytests-no:
+check-pytests:
+
+# cmocka tests
+check-unix: check-cmocka-@HAVE_CMOCKA@
+
+check-cmocka-yes: check-cmocka
+check-cmocka-no:
+check-cmocka:
+
+clean: clean-$(WHAT)
+
+clean-unix::
+	$(RM) $(OBJS) $(DEPTARGETS_CLEAN) $(EXTRA_FILES)
+	$(RM) et-[ch]-*.et et-[ch]-*.[ch] testlog testtrace runenv.sh
+	-$(RM) -r testdir
+
+clean-windows::
+	$(RM) *.$(OBJEXT)
+	$(RM) msvc.pdb *.err
+
+distclean: distclean-$(WHAT)
+
+distclean-normal-clean:
+	$(MAKE) NORECURSE=true clean
+distclean-prerecurse: distclean-normal-clean
+distclean-nuke-configure-state:
+	$(RM) config.log config.cache config.status Makefile
+distclean-postrecurse: distclean-nuke-configure-state
+
+Makefiles-prerecurse: Makefile
+
+# mydir = relative path from top to this Makefile
+Makefile: $(srcdir)/Makefile.in $(srcdir)/deps $(BUILDTOP)/config.status \
+		$(top_srcdir)/config/pre.in $(top_srcdir)/config/post.in
+	(cd $(BUILDTOP) && $(SHELL) config.status $(mydir)/Makefile)
+$(BUILDTOP)/config.status: $(top_srcdir)/configure
+	(cd $(BUILDTOP) && $(SHELL) config.status --recheck)
+$(top_srcdir)/configure: @MAINT@ \
+		$(top_srcdir)/configure.ac \
+		$(top_srcdir)/patchlevel.h \
+		$(top_srcdir)/aclocal.m4
+	(cd $(top_srcdir) && \
+		$(AUTOCONF) -f --include=$(CONFIG_RELTOPDIR) $(AUTOCONFFLAGS))
+
+RECURSE_TARGETS=all-recurse clean-recurse distclean-recurse install-recurse \
+	generate-files-mac-recurse \
+	check-recurse depend-recurse undepend-recurse \
+	Makefiles-recurse install-headers-recurse
+
+# MY_SUBDIRS overrides any setting of SUBDIRS generated by the
+# configure script that generated this Makefile.  This is needed when
+# the configure script that produced this Makefile creates multiple
+# Makefiles in different directories; the setting of SUBDIRS will be
+# the same in each.
+#
+# LOCAL_SUBDIRS seems to account for the case where the configure
+# script doesn't call any other subsidiary configure scripts, but
+# generates multiple Makefiles.
+$(RECURSE_TARGETS):
+	@case "`echo 'x$(MFLAGS)'|sed -e 's/^x//' -e 's/ --.*$$//'`" \
+		in *[ik]*) e="status=1" ;; *) e="exit 1";; esac; \
+	do_subdirs="$(SUBDIRS)" ; \
+	status=0; \
+	if test -n "$$do_subdirs" && test -z "$(NORECURSE)"; then \
+	for i in $$do_subdirs ; do \
+		if test -d $$i && test -r $$i/Makefile ; then \
+		case $$i in .);; *) \
+			target=`echo $@|sed s/-recurse//`; \
+			echo "making $$target in $(CURRENT_DIR)$$i..."; \
+			if (cd $$i ; $(MAKE) \
+			    CURRENT_DIR=$(CURRENT_DIR)$$i/ $$target) then :; \
+			else eval $$e; fi; \
+			;; \
+		esac; \
+		else \
+			echo "Skipping missing directory $(CURRENT_DIR)$$i" ; \
+		fi; \
+	done; \
+	else :; \
+	fi;\
+	exit $$status
+
+##
+## end of post.in
+############################################################
diff --git a/krb5-1.21.3/src/config/pre.in b/krb5-1.21.3/src/config/pre.in
new file mode 100644
index 00000000..a0c60c70
--- /dev/null
+++ b/krb5-1.21.3/src/config/pre.in
@@ -0,0 +1,610 @@
+############################################################
+## config/pre.in
+## common prefix for all Makefile.in in the Kerberos V5 tree.
+##
+
+# These are set per-directory by autoconf 2.52 and 2.53:
+#  srcdir=@srcdir@
+#  top_srcdir=@top_srcdir@
+# but these are only set by autoconf 2.53, and thus not useful to us on
+# macOS yet (as of 10.2):
+#  abs_srcdir=@abs_srcdir@
+#  abs_top_srcdir=@abs_top_srcdir@
+#  builddir=@builddir@
+#  abs_builddir=@abs_builddir@
+#  top_builddir=@top_builddir@
+#  abs_top_builddir=@abs_top_builddir@
+# The "top" variables refer to the directory with the configure (or
+# config.status) script.
+
+WHAT = unix
+SHELL=/bin/sh
+
+all: all-$(WHAT)
+
+clean: clean-$(WHAT)
+
+distclean: distclean-$(WHAT)
+
+install: install-$(WHAT)
+
+check: check-$(WHAT)
+
+install-headers: install-headers-$(WHAT)
+
+##############################
+# Recursion rule support
+#
+
+# The commands for the recursion targets live in config/post.in.
+#
+# General form of recursion rules:
+#
+# Each recursive target foo-unix has related targets: foo-prerecurse,
+# foo-recurse, and foo-postrecurse
+#
+# The foo-recurse rule is in post.in.  It is what actually recursively
+# calls make.
+#
+# foo-recurse depends on foo-prerecurse, so any targets that must be
+# built before descending into subdirectories must be dependencies of
+# foo-prerecurse.
+#
+# foo-postrecurse depends on foo-recurse, but targets that must be
+# built after descending into subdirectories should be have
+# foo-recurse as dependencies in addition to being listed under
+# foo-postrecurse, to avoid ordering issues.
+#
+# The foo-prerecurse, foo-recurse, and foo-postrecurse rules are all
+# single-colon rules, to avoid nasty ordering problems with
+# double-colon rules.
+#
+# e.g.
+# all: includes foo
+# foo:
+#	echo foo
+# includes:
+#	echo bar
+# includes:
+#	echo baz
+#
+# will result in "bar", "foo", "baz" on AIX, and possibly others.
+all-unix: all-postrecurse
+all-postrecurse: all-recurse
+all-recurse: all-prerecurse
+
+all-prerecurse:
+all-postrecurse:
+
+clean-unix:: clean-postrecurse
+clean-postrecurse: clean-recurse
+clean-recurse: clean-prerecurse
+
+clean-prerecurse:
+clean-postrecurse:
+
+distclean-unix: distclean-postrecurse
+distclean-postrecurse: distclean-recurse
+distclean-recurse: distclean-prerecurse
+
+distclean-prerecurse:
+distclean-postrecurse:
+
+install-unix: install-postrecurse
+install-postrecurse: install-recurse
+install-recurse: install-prerecurse
+
+install-prerecurse:
+install-postrecurse:
+
+install-headers-unix: install-headers-postrecurse
+install-headers-postrecurse: install-headers-recurse
+install-headers-recurse: install-headers-prerecurse
+
+install-headers-prerecurse:
+install-headers-postrecurse:
+
+check-unix: check-postrecurse
+check-postrecurse: check-recurse
+check-recurse: check-prerecurse
+
+check-prerecurse:
+check-postrecurse:
+
+Makefiles: Makefiles-postrecurse
+Makefiles-postrecurse: Makefiles-recurse
+Makefiles-recurse: Makefiles-prerecurse
+
+Makefiles-prerecurse:
+Makefiles-postrecurse:
+
+generate-files-mac: generate-files-mac-postrecurse
+generate-files-mac-postrecurse: generate-files-mac-recurse
+generate-files-mac-recurse: generate-files-mac-prerecurse
+generate-files-mac-prerecurse:
+
+#
+# end recursion rule support
+##############################
+
+# Directory syntax:
+#
+# begin relative path
+REL=
+# this is magic... should only be used for preceding a program invocation
+C=./
+# "/" for UNIX, "\" for Windows; *sigh*
+S=/
+
+#
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+CONFIG_RELTOPDIR = @CONFIG_RELTOPDIR@
+
+# DEFS		set by configure
+# DEFINES	set by local Makefile.in
+# LOCALINCLUDES	set by local Makefile.in
+# CPPFLAGS	user override
+# CFLAGS	user override but starts off set by configure
+# WARN_CFLAGS	user override but starts off set by configure
+# PTHREAD_CFLAGS set by configure, not included in CFLAGS so that we
+#		don't pull the pthreads library into shared libraries
+# ASAN_FLAGS    set by configure when --enable-asan is used
+ALL_CFLAGS = $(DEFS) $(DEFINES) $(KRB_INCLUDES) $(LOCALINCLUDES) \
+	-DKRB5_DEPRECATED=1 \
+	-DKRB5_PRIVATE \
+	$(CPPFLAGS) $(CFLAGS) $(WARN_CFLAGS) $(PTHREAD_CFLAGS) $(ASAN_FLAGS)
+ALL_CXXFLAGS = $(DEFS) $(DEFINES) $(KRB_INCLUDES) $(LOCALINCLUDES) \
+	-DKRB5_DEPRECATED=1 \
+	-DKRB5_PRIVATE \
+	$(CPPFLAGS) $(CXXFLAGS) $(WARN_CXXFLAGS) $(PTHREAD_CFLAGS) \
+	$(ASAN_FLAGS)
+
+CFLAGS = @CFLAGS@
+CXXFLAGS = @CXXFLAGS@
+WARN_CFLAGS = @WARN_CFLAGS@
+WARN_CXXFLAGS = @WARN_CXXFLAGS@
+ASAN_FLAGS = @ASAN_FLAGS@
+PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
+PTHREAD_LIBS = @PTHREAD_LIBS@
+THREAD_LINKOPTS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS)
+CPPFLAGS = @CPPFLAGS@
+DEFS = @DEFS@
+CC = @CC@
+CXX = @CXX@
+LD = $(PURE) @LD@
+KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
+LDFLAGS = @LDFLAGS@
+LIBS = @LIBS@
+
+INSTALL=@INSTALL@
+INSTALL_STRIP=
+INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
+INSTALL_SCRIPT=@INSTALL_PROGRAM@
+INSTALL_DATA=@INSTALL_DATA@
+INSTALL_SHLIB=@INSTALL_SHLIB@
+INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
+## This is needed because autoconf will sometimes define @exec_prefix@ to be
+## ${prefix}.
+prefix=@prefix@
+INSTALL_PREFIX=$(prefix)
+INSTALL_EXEC_PREFIX=@exec_prefix@
+exec_prefix=@exec_prefix@
+datarootdir=@datarootdir@
+localstatedir=@localstatedir@
+runstatedir=@runstatedir@
+datadir = @datadir@
+EXAMPLEDIR = $(datadir)/examples/krb5
+
+KRB5MANROOT = @mandir@
+ADMIN_BINDIR = @sbindir@
+SERVER_BINDIR = @sbindir@
+CLIENT_BINDIR =@bindir@
+PKGCONFIG_DIR = @libdir@/pkgconfig
+ADMIN_MANDIR = $(KRB5MANROOT)/man8
+SERVER_MANDIR = $(KRB5MANROOT)/man8
+CLIENT_MANDIR = $(KRB5MANROOT)/man1
+FILE_MANDIR = $(KRB5MANROOT)/man5
+ADMIN_CATDIR = $(KRB5MANROOT)/cat8
+SERVER_CATDIR = $(KRB5MANROOT)/cat8
+CLIENT_CATDIR = $(KRB5MANROOT)/cat1
+FILE_CATDIR = $(KRB5MANROOT)/cat5
+OVERVIEW_MANDIR = $(KRB5MANROOT)/man7
+OVERVIEW_CATDIR = $(KRB5MANROOT)/cat7
+KRB5_LIBDIR = @libdir@
+KRB5_INCDIR = @includedir@
+MODULE_DIR = @libdir@/krb5/plugins
+KRB5_DB_MODULE_DIR = $(MODULE_DIR)/kdb
+KRB5_PA_MODULE_DIR = $(MODULE_DIR)/preauth
+KRB5_AD_MODULE_DIR = $(MODULE_DIR)/authdata
+KRB5_LIBKRB5_MODULE_DIR = $(MODULE_DIR)/libkrb5
+KRB5_TLS_MODULE_DIR = $(MODULE_DIR)/tls
+KRB5_LOCALEDIR = @localedir@
+GSS_MODULE_DIR = @libdir@/gss
+KRB5_INCSUBDIRS = \
+	$(KRB5_INCDIR)/kadm5 \
+	$(KRB5_INCDIR)/krb5 \
+	$(KRB5_INCDIR)/gssapi \
+	$(KRB5_INCDIR)/gssrpc
+
+SKIPTESTS	= $(BUILDTOP)/skiptests
+
+RUNPYTEST	= PYTHONPATH=$(top_srcdir)/util VALGRIND="$(VALGRIND)" \
+			$(PYTHON)
+
+
+transform = @program_transform_name@
+
+RM = rm -f
+CP = cp
+MV = mv -f
+RANLIB = @RANLIB@
+AWK = @AWK@
+YACC = @YACC@
+PERL = @PERL@
+PYTHON = @PYTHON@
+AUTOCONF = autoconf
+AUTOCONFFLAGS =
+AUTOHEADER = autoheader
+AUTOHEADERFLAGS =
+MOVEIFCHANGED = $(top_srcdir)/config/move-if-changed
+
+TOPLIBD = $(BUILDTOP)/lib
+
+OBJEXT = o
+EXEEXT =
+
+#
+# variables for libraries, for use in linking programs
+# -- this may want to get broken out into a separate frag later
+#
+# invocation is like:
+# prog: foo.o bar.o $(KRB5_BASE_DEPLIBS)
+# 	$(CC_LINK) -o $@ foo.o bar.o $(KRB5_BASE_LIBS)
+
+CC_LINK=@CC_LINK@ $(ASAN_FLAGS)
+CXX_LINK=@CXX_LINK@ $(ASAN_FLAGS)
+
+# Makefile.in files which build programs can override the list of
+# directories to look for dependent libraries in (in the form -Ldir1
+# -Ldir2 ...) and also the list of rpath directories to search (in the
+# form dir1:dir2:...).
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+# Library Makefile.in files can override this list of directories to
+# look for dependent libraries in (in the form -Ldir1 -Ldir2 ...) and
+# also the list of rpath directories to search (in the form
+# dir1:dir2:...)
+SHLIB_DIRS=-L$(TOPLIBD)
+SHLIB_RDIRS=$(KRB5_LIBDIR)
+
+# Multi-directory library Makefile.in files should override this list
+# of object files with the full list.
+STOBJLISTS=OBJS.ST
+
+# prefix (with no spaces after) for rpath flag to cc
+RPATH_FLAG=@RPATH_FLAG@
+
+# link flags to add PROG_RPATH to the rpath
+PROG_RPATH_FLAGS=@PROG_RPATH_FLAGS@
+
+# this gets set by configure to either $(STLIBEXT) or $(SHLIBEXT),
+# depending on whether we're building with shared libraries.
+DEPLIBEXT=@DEPLIBEXT@
+
+KDB5_PLUGIN_DEPLIBS = @KDB5_PLUGIN_DEPLIBS@
+KDB5_PLUGIN_LIBS = @KDB5_PLUGIN_LIBS@
+
+KADMCLNT_DEPLIB	= $(TOPLIBD)/libkadm5clnt_mit$(DEPLIBEXT)
+KADMSRV_DEPLIB	= $(TOPLIBD)/libkadm5srv_mit$(DEPLIBEXT)
+KDB5_DEPLIB	= $(TOPLIBD)/libkdb5$(DEPLIBEXT)
+GSSRPC_DEPLIB	= $(TOPLIBD)/libgssrpc$(DEPLIBEXT)
+GSS_DEPLIB	= $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT)
+KRB5_DEPLIB	= $(TOPLIBD)/libkrb5$(DEPLIBEXT)
+CRYPTO_DEPLIB	= $(TOPLIBD)/libk5crypto$(DEPLIBEXT)
+COM_ERR_DEPLIB	= $(COM_ERR_DEPLIB-@COM_ERR_VERSION@)
+COM_ERR_DEPLIB-sys = # empty
+COM_ERR_DEPLIB-intlsys = # empty
+COM_ERR_DEPLIB-k5 = $(TOPLIBD)/libcom_err$(DEPLIBEXT)
+COM_ERR_LIB = @COM_ERR_LIB@
+SUPPORT_LIBNAME=krb5support
+SUPPORT_DEPLIB	= $(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(DEPLIBEXT)
+
+# These are forced to use ".a" as an extension because they're never
+# built shared.
+SS_DEPLIB	= $(SS_DEPLIB-@SS_VERSION@)
+SS_DEPLIB-k5	= $(TOPLIBD)/libss.a
+SS_DEPLIB-sys	=
+APPUTILS_DEPLIB	= $(TOPLIBD)/libapputils.a
+
+KRB5_BASE_DEPLIBS	= $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+KDB5_DEPLIBS		= $(KDB5_DEPLIB) $(KDB5_PLUGIN_DEPLIBS)
+GSS_DEPLIBS		= $(GSS_DEPLIB)
+GSSRPC_DEPLIBS		= $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
+KADM_COMM_DEPLIBS	= $(GSSRPC_DEPLIBS) $(KDB5_DEPLIBS) $(GSSRPC_DEPLIBS)
+KADMSRV_DEPLIBS		= $(KADMSRV_DEPLIB) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS)
+KADMCLNT_DEPLIBS	= $(KADMCLNT_DEPLIB) $(KADM_COMM_DEPLIBS)
+
+# Header file dependencies we might override.
+# See util/depfix.sed.
+# Also see depend-verify-* in post.in, which wants to confirm that we're using
+# the in-tree versions.
+COM_ERR_VERSION = @COM_ERR_VERSION@
+COM_ERR_DEPS	= $(COM_ERR_DEPS-@COM_ERR_VERSION@)
+COM_ERR_DEPS-sys =
+COM_ERR_DEPS-intlsys =
+COM_ERR_DEPS-k5	= $(BUILDTOP)/include/com_err.h
+SS_VERSION	= @SS_VERSION@
+SS_DEPS		= $(SS_DEPS-@SS_VERSION@)
+SS_DEPS-sys	=
+SS_DEPS-k5	= $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h
+VERTO_VERSION	= @VERTO_VERSION@
+VERTO_DEPS	= $(VERTO_DEPS-@VERTO_VERSION@)
+VERTO_DEPS-sys	=
+VERTO_DEPS-k5	= $(BUILDTOP)/include/verto.h
+
+# LIBS gets substituted in... e.g. -lnsl -lsocket
+
+# GEN_LIB is -lgen if needed for regexp
+GEN_LIB		= @GEN_LIB@
+
+# Editline or readline flags and libraries.
+RL_CFLAGS	= @RL_CFLAGS@
+RL_LIBS		= @RL_LIBS@
+
+SS_LIB		= $(SS_LIB-@SS_VERSION@)
+SS_LIB-sys	= @SS_LIB@
+SS_LIB-k5	= $(TOPLIBD)/libss.a $(RL_LIBS)
+KDB5_LIB	= -lkdb5 $(KDB5_PLUGIN_LIBS)
+
+VERTO_DEPLIB	= $(VERTO_DEPLIB-@VERTO_VERSION@)
+VERTO_DEPLIB-sys = # empty
+VERTO_DEPLIB-k5	= $(TOPLIBD)/libverto$(DEPLIBEXT)
+VERTO_CFLAGS	= @VERTO_CFLAGS@
+VERTO_LIBS	= @VERTO_LIBS@
+
+DL_LIB		= @DL_LIB@
+
+CMOCKA_LIBS	= @CMOCKA_LIBS@
+LDAP_LIBS	= @LDAP_LIBS@
+LMDB_LIBS	= @LMDB_LIBS@
+
+KRB5_LIB			= -lkrb5
+K5CRYPTO_LIB			= -lk5crypto
+GSS_KRB5_LIB			= -lgssapi_krb5
+SUPPORT_LIB			= -l$(SUPPORT_LIBNAME)
+
+# HESIOD_LIBS is -lhesiod...
+HESIOD_LIBS	= @HESIOD_LIBS@
+
+KRB5_BASE_LIBS	= $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)
+KDB5_LIBS	= $(KDB5_LIB) $(GSSRPC_LIBS)
+GSS_LIBS	= $(GSS_KRB5_LIB)
+# needs fixing if ever used on macOS!
+GSSRPC_LIBS	= -lgssrpc $(GSS_LIBS)
+KADM_COMM_LIBS	= $(GSSRPC_LIBS)
+# need fixing if ever used on macOS!
+KADMSRV_LIBS	= -lkadm5srv_mit $(HESIOD_LIBS) $(KDB5_LIBS) $(KADM_COMM_LIBS)
+KADMCLNT_LIBS	= -lkadm5clnt_mit $(KADM_COMM_LIBS)
+
+# Misc stuff for linking server programs (and maybe some others,
+# eventually) but which we don't want to install.
+APPUTILS_LIB	= -lapputils
+
+# So test programs can find their libraries without "make install", etc.
+RUN_SETUP=@KRB5_RUN_ENV@
+RUN_VARS=@KRB5_RUN_VARS@
+
+# Appropriate command prefix for most C test programs: use libraries
+# from the build tree, avoid referencing the installed krb5.conf and
+# message catalog, and use valgrind when asked.
+RUN_TEST=$(RUN_SETUP) KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf \
+    LC_ALL=C $(VALGRIND)
+
+# libk5crypto dependencies
+CRYPTO_IMPL_CFLAGS	= @CRYPTO_IMPL_CFLAGS@
+CRYPTO_IMPL_LIBS	= @CRYPTO_IMPL_LIBS@
+
+# TLS implementation selection
+TLS_IMPL	= @TLS_IMPL@
+TLS_IMPL_CFLAGS = @TLS_IMPL_CFLAGS@
+TLS_IMPL_LIBS	= @TLS_IMPL_LIBS@
+
+# SPAKE preauth back-end libraries
+SPAKE_OPENSSL_LIBS = @SPAKE_OPENSSL_LIBS@
+
+# Whether we have the SASL header file for the LDAP KDB module
+HAVE_SASL = @HAVE_SASL@
+
+# Whether we are building support for NIST SPAKE groups using OpenSSL
+HAVE_SPAKE_OPENSSL = @HAVE_SPAKE_OPENSSL@
+
+# Whether we are building the LMDB KDB module
+HAVE_LMDB = @HAVE_LMDB@
+
+# Whether we have libresolv 1.1.5 for URI discovery tests
+HAVE_RESOLV_WRAPPER = @HAVE_RESOLV_WRAPPER@
+
+SIZEOF_TIME_T = @SIZEOF_TIME_T@
+
+# error table rules
+#
+### /* these are invoked as $(...) foo.et, which works, but could be better */
+COMPILE_ET= $(COMPILE_ET-@COM_ERR_VERSION@)
+COMPILE_ET-sys= compile_et
+COMPILE_ET-intlsys= compile_et --textdomain mit-krb5
+COMPILE_ET-k5= $(BUILDTOP)/util/et/compile_et -d $(top_srcdir)/util/et \
+	--textdomain mit-krb5
+
+.SUFFIXES:  .h .c .et .ct
+
+# These versions cause both .c and .h files to be generated at once.
+# But GNU make doesn't understand this, and parallel builds can trigger
+# both of them at once, causing them to stomp on each other.  The versions
+# below only update one of the files, so compile_et has to get run twice,
+# but it won't break parallel builds.
+#.et.h: ; $(COMPILE_ET) $<
+#.et.c: ; $(COMPILE_ET) $<
+
+.et.h:
+	$(RM) et-h-$*.et et-h-$*.c et-h-$*.h
+	$(CP) $< et-h-$*.et
+	$(COMPILE_ET) et-h-$*.et
+	$(MV) et-h-$*.h $*.h
+	$(RM) et-h-$*.et et-h-$*.c
+.et.c:
+	$(RM) et-c-$*.et et-c-$*.c et-c-$*.h
+	$(CP) $< et-c-$*.et
+	$(COMPILE_ET) et-c-$*.et
+	$(MV) et-c-$*.c $*.c
+	$(RM) et-c-$*.et et-c-$*.h
+
+# rule to make object files
+#
+.SUFFIXES: .cpp .c .o
+.c.o:
+	$(CC) $(ALL_CFLAGS) -c $<
+# Use .cpp because that's what autoconf uses in its test.
+# If the compiler doesn't accept a .cpp suffix here, it wouldn't
+# have accepted it when autoconf tested it.
+.cpp.o:
+	$(CXX) $(ALL_CXXFLAGS) -c $<
+
+# ss command table rules
+#
+MAKE_COMMANDS= $(MAKE_COMMANDS-@SS_VERSION@)
+MAKE_COMMANDS-sys= mk_cmds
+MAKE_COMMANDS-k5= $(BUILDTOP)/util/ss/mk_cmds
+
+.ct.c:
+	$(MAKE_COMMANDS) $<
+
+## Parameters to be set by configure for use in lib.in:
+##
+#
+# These settings are for building shared libraries only.  Including
+# libpriv.in will override with values appropriate for static
+# libraries that we don't install.  Some values will depend on whether
+# the platform supports major and minor version number extensions on
+# shared libraries, hence the FOO_@@ settings.
+
+LN_S=@LN_S@
+AR=@AR@
+
+# Set to "lib$(LIBBASE)$(STLIBEXT) lib$(LIBBASE)$(SHLIBEXT)" or some
+# subset thereof by configure; determines which types of libs get
+# built.
+LIBLIST=@LIBLIST@
+
+# Set by configure; list of library symlinks to make to $(TOPLIBD)
+LIBLINKS=@LIBLINKS@
+
+# Set by configure; name of plugin module to build (libfoo.a or foo.so)
+PLUGIN=@PLUGIN@
+
+# Set by configure; symlink for plugin module for static plugin linking
+PLUGINLINK=@PLUGINLINK@
+
+# Set by configure; list of install targets for libraries
+LIBINSTLIST=@LIBINSTLIST@
+
+# Set by configure; install target
+PLUGININST=@PLUGININST@
+
+# Some of these should really move to pre.in, since programs will need
+# it too. (e.g. stuff that has dependencies on the libraries)
+
+# usually .a
+STLIBEXT=@STLIBEXT@
+
+# usually .so.$(LIBMAJOR).$(LIBMINOR)
+SHLIBVEXT=@SHLIBVEXT@
+
+# usually .so.$(LIBMAJOR) (to allow for major-version compat)
+SHLIBSEXT=@SHLIBSEXT@
+
+# usually .so
+SHLIBEXT=@SHLIBEXT@
+
+# usually _p.a
+PFLIBEXT=@PFLIBEXT@
+
+#
+DYNOBJEXT=@DYNOBJEXT@
+MAKE_DYNOBJ_COMMAND=@MAKE_DYNOBJ_COMMAND@
+DYNOBJ_EXPDEPS=@DYNOBJ_EXPDEPS@
+DYNOBJ_EXPFLAGS=@DYNOBJ_EXPFLAGS@
+
+# For some platforms, a flag which causes shared library creation to
+# check for undefined symbols.  Suppressed when using --enable-asan.
+UNDEF_CHECK=@UNDEF_CHECK@
+
+# File with symbol names to be exported, both functions and data,
+# currently not distinguished.
+SHLIB_EXPORT_FILE=$(srcdir)/$(LIBPREFIX)$(LIBBASE).exports
+
+# File that needs to be current for building the shared library,
+# usually SHLIB_EXPORT_FILE, but not always, if we have to convert
+# it to another, intermediate form for the linker.
+SHLIB_EXPORT_FILE_DEP=@SHLIB_EXPORT_FILE_DEP@
+
+# Export file checker to run when building in maintainer mode on
+# Linux.  This gets included in LDCOMBINE_TAIL.
+EXPORT_CHECK_CMD = && $(PERL) -w $(top_srcdir)/util/export-check.pl \
+	$(SHLIB_EXPORT_FILE) $@
+EXPORT_CHECK = @MAINT@ $(EXPORT_CHECK_CMD)
+
+# Command to run to build a shared library.
+# In systems that require multiple commands, like AIX, it may need
+# to change to rearrange where the various parameters fit in.
+MAKE_SHLIB_COMMAND=@MAKE_SHLIB_COMMAND@
+
+# run path flags for explicit libraries depending on this one,
+# e.g. "-R$(SHLIB_RPATH)"
+SHLIB_RPATH_FLAGS=@SHLIB_RPATH_FLAGS@
+
+# flags for explicit libraries depending on this one,
+# e.g. "$(SHLIB_RPATH_FLAGS) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)"
+SHLIB_EXPFLAGS=@SHLIB_EXPFLAGS@
+
+## Parameters to be set by configure for use in libobj.in:
+
+# Set to "OBJS.ST OBJS.SH OBJS.PF" or some subset thereof by
+# configure; determines which types of object files get built.
+OBJLISTS=@OBJLISTS@
+
+# Note that $(LIBSRCS) *cannot* contain any variable references, or
+# the suffix substitution will break on some platforms!
+SHLIBOBJS=$(STLIBOBJS:.o=@SHOBJEXT@)
+PFLIBOBJS=$(STLIBOBJS:.o=@PFOBJEXT@)
+
+#
+# rules to make various types of object files
+#
+PICFLAGS=@PICFLAGS@
+PROFFLAGS=@PROFFLAGS@
+
+# platform-dependent temporary files that should get cleaned up
+EXTRA_FILES=@EXTRA_FILES@
+
+VALGRIND=
+# Need absolute paths here because under kshd or ftpd we may run programs
+# while in other directories.
+VALGRIND_LOGDIR = `cd $(BUILDTOP)&&pwd`
+VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg.%p --trace-children=yes --leak-check=yes --suppressions=`cd $(top_srcdir)&&pwd`/util/valgrind-suppressions
+
+# Set OFFLINE=yes to disable tests that assume network connectivity.
+# (Specifically, this concerns the ability to fetch DNS data for
+# mit.edu, to verify that SRV queries are working.)  Note that other
+# tests still assume that the local hostname can be resolved into
+# something that looks like an FQDN, with an IPv4 address.
+OFFLINE=no
+
+# Used when running Python tests.
+PYTESTFLAGS=
+
+##
+## end of pre.in
+############################################################
diff --git a/krb5-1.21.3/src/config/ren2long b/krb5-1.21.3/src/config/ren2long
new file mode 100755
index 00000000..e44dc8d5
--- /dev/null
+++ b/krb5-1.21.3/src/config/ren2long
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Shell script that changes names that have been truncated to 8.3 format
+# back to their original longer name. The awk script produces a script with
+# lines of the following format:
+#     if [ -f <short> ]; then echo ::mv <short> <long> ; mv <short> <long> ; fi
+# These lines then get executed in bin/sh.
+#
+find . -type f -print | gawk -f $0.awk | sh -x 2> /dev/null
diff --git a/krb5-1.21.3/src/config/ren2long.awk b/krb5-1.21.3/src/config/ren2long.awk
new file mode 100644
index 00000000..fcf0177e
--- /dev/null
+++ b/krb5-1.21.3/src/config/ren2long.awk
@@ -0,0 +1,75 @@
+#
+# Awk script to convert filenames shortened down to 8.3 
+# back to their larger size. 
+#
+# Works by looking at every filename and seeing if it's shortened
+# 8.3 version exists, and if so then mv the short name to the long
+# name.
+#
+# Usage: find . -type f -print | gawk -f ren2long.awk | sh -x [ 2> /dev/null ]
+#
+
+
+# Parse_path
+#
+# Takes the whole path and converts the basename part to 8.3. If it
+# changed in the process we emit a sh command to mv it if the shortened
+# name exists.
+# 
+function parse_path(p,P2,N,NEW) {
+
+     P2 = tolower(p)
+
+     NEW = ""
+     while(1) {
+	  N = index(P2,"/")			# Go until all / are parsed
+	  if (N == 0) break
+
+	  NEW = NEW name83(substr(P2,1,N-1)) "/"; # More of the path
+	  P2 = substr(P2,N+1)
+     }
+
+     if (bad[P2] == 1) {
+	  print "echo skipping " p
+	  return
+     }
+     NEW = NEW name83(P2)			# Append path and 8.3 name
+
+     if (bad[P2] == 2) {
+	  print "if [ -f " NEW " ]; then echo ::rm " NEW " ; rm " NEW " ; fi"
+	  return
+     }
+     if (NEW != p) 
+	  print "if [ -f " NEW " ]; then echo ::mv " NEW " " p " ; mv " NEW " " p " ; fi"
+}
+#
+# Name83
+# 
+# Converts the a single component part of a file name into 8.3 format
+#
+function name83(fname,P,B,E) {
+     P = index(fname,".");			# Find the extension
+
+     if (P == 0) {				# No extension
+	  B = substr(fname,1,8);		# Just truncate at 8 chars
+	  return B;
+    }
+
+    B = substr(fname, 1, P <= 8 ? P-1 : 8);	# At most 8 chars in name
+    E = substr(fname, P+1, 3)			# And 3 in extension
+    P = index(E, ".")				# 2 dot problem
+    if (P)
+	 E = substr(E, 1, P-1)
+
+     B = B "." E				# Put name together
+     return B
+}
+BEGIN {
+     bad["krb5-types-aux.h"] = 1
+     bad["autoconf.h.in"] = 1
+     bad["conv_tkt_skey.c"] = 1
+     ##bad["makefile"] = 2 -- windows have legitimate files with this name
+}
+{
+     parse_path($1)				# Do it
+}
diff --git a/krb5-1.21.3/src/config/rm.bat b/krb5-1.21.3/src/config/rm.bat
new file mode 100644
index 00000000..4cb1c882
--- /dev/null
+++ b/krb5-1.21.3/src/config/rm.bat
@@ -0,0 +1,32 @@
+@echo off
+:loop
+if exist %1 del %1
+shift
+if not %1.==. goto loop
+exit
+
+Rem
+Rem rm.bat
+Rem
+Rem Copyright 1995 by the Massachusetts Institute of Technology.
+Rem All Rights Reserved.
+Rem
+Rem Export of this software from the United States of America may
+Rem   require a specific license from the United States Government.
+Rem   It is the responsibility of any person or organization contemplating
+Rem   export to obtain such a license before exporting.
+Rem 
+Rem WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+Rem distribute this software and its documentation for any purpose and
+Rem without fee is hereby granted, provided that the above copyright
+Rem notice appear in all copies and that both that copyright notice and
+Rem this permission notice appear in supporting documentation, and that
+Rem the name of M.I.T. not be used in advertising or publicity pertaining
+Rem to distribution of the software without specific, written prior
+Rem permission.  M.I.T. makes no representations about the suitability of
+Rem this software for any purpose.  It is provided "as is" without express
+Rem or implied warranty.
+Rem 
+Rem
+Rem Batch file to mimic the functionality of the Unix rm command
+Rem
diff --git a/krb5-1.21.3/src/config/shlib.conf b/krb5-1.21.3/src/config/shlib.conf
new file mode 100644
index 00000000..75b7cc3a
--- /dev/null
+++ b/krb5-1.21.3/src/config/shlib.conf
@@ -0,0 +1,552 @@
+# This shell script fragment should set a bunch of variables:
+#
+# CC_LINK_STATIC: How to link a program if we're only building static
+#  libraries for krb5 (but may use other shared libs, and there may
+#  be a shared krb5 lib already installed that we shouldn't use).
+# CC_LINK_SHARED: How to link a program if we're building shared
+#  libraries.
+# CXX_LINK_STATIC, CXX_LINK_SHARED: Variants for C++.
+# STLIBEXT: Static library extension.
+# SHLIBEXT: Shared library extension.
+# SHLIBVEXT: Shared library extension, with major version.
+# SHLIBSEXT: Shared library extension, with full version.
+# (... finish documenting these ...)
+
+#
+# Set up some defaults.
+#
+STLIBEXT=.a
+# Default to being unable to build shared libraries.
+SHLIBEXT=.so-nobuild
+SHLIBVEXT=.so.v-nobuild
+SHLIBSEXT=.so.s-nobuild
+# Most systems support profiled libraries.
+PFLIBEXT=_p.a
+# Install libraries executable.  Some systems (e.g., RPM-based ones) require
+# this for package dependency generation, while others are ambivalent or will
+# strip it during packaging.
+INSTALL_SHLIB='$(INSTALL)'
+# Most systems use the same objects for shared libraries and dynamically
+# loadable objects.
+DYNOBJEXT='$(SHLIBEXT)'
+MAKE_DYNOBJ_COMMAND='$(MAKE_SHLIB_COMMAND)'
+DYNOBJ_EXPDEPS='$(SHLIB_EXPDEPS)'
+DYNOBJ_EXPFLAGS='$(SHLIB_EXPFLAGS)'
+#
+use_linker_init_option=no
+use_linker_fini_option=no
+
+STOBJEXT=.o
+SHOBJEXT=.so
+PFOBJEXT=.po
+# Default for systems w/o shared libraries
+CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+#
+SHLIB_EXPORT_FILE_DEP='$(SHLIB_EXPORT_FILE)'
+# This will do for most platforms, and we'll substitute for
+# LDCOMBINE, SHLIB_EXPFLAGS, and LDCOMBINE_TAIL below.
+MAKE_SHLIB_COMMAND=x
+INIT_FINI_PREP=:
+
+# Default to static or shared libraries?
+default_static=no
+default_shared=yes
+
+# Set up architecture-specific variables.
+case $krb5_cv_host in
+alpha*-dec-osf*)
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	# Alpha OSF/1 doesn't need separate PIC objects
+	SHOBJEXT=.o
+	INIT_FINI_PREP=initfini=
+	LDCOMBINE='$(CC) $(CFLAGS) $(PTHREAD_CFLAGS) -shared -Wl,-expect_unresolved -Wl,\* -Wl,-update_registry -Wl,$(BUILDTOP)/so_locations -Wl,-soname -Wl,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -Wl,-hidden -Wl,-input,osf1.exports $$initfini'
+	SHLIB_EXPORT_FILE_DEP=osf1.exports
+	use_linker_init_option=yes
+	use_linker_fini_option=yes
+	EXTRA_FILES="$EXTRA_FILES export"
+	SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	PROFFLAGS=-pg
+	RPATH_FLAG='-Wl,-rpath -Wl,'
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
+	if test "$ac_cv_c_compiler_gnu" = yes \
+		&& test "$krb5_cv_prog_gnu_ld" = yes; then
+		# Really should check for gnu ld vs system ld, too.
+		CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
+	else
+		# Need -oldstyle_liblookup to avoid picking up shared libs from
+		# other builds.  OSF/1 / Tru64 ld programs look through the entire
+		# library path for shared libs prior to looking through the
+		# entire library path for static libs.
+		CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) -Wl,-oldstyle_liblookup $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
+	fi
+	if test "$ac_cv_cxx_compiler_gnu" = yes \
+		&& test "$krb5_cv_prog_gnu_ld" = yes; then
+		# Really should check for gnu ld vs system ld, too.
+		CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
+	else
+		# Need -oldstyle_liblookup to avoid picking up shared libs from
+		# other builds.  OSF/1 / Tru64 ld programs look through the entire
+		# library path for shared libs prior to looking through the
+		# entire library path for static libs.
+		CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) -Wl,-oldstyle_liblookup $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)'
+	fi
+	# _RLD_ROOT hack needed to repoint "root" directory for purposes
+	# of searching for shared libs, since RPATHs take precedence over
+	# LD_LIBRARY_PATH.
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`$${LD_LIBRARY_PATH+:$$LD_LIBRARY_PATH} _RLD_ROOT=$${_RLD_ROOT+$$_RLD_ROOT}$${_RLD_ROOT-/}'
+	RUN_VARS='LD_LIBRARY_PATH _RLD_ROOT'
+	;;
+
+# Note: "-Wl,+s" when building executables enables the use of the
+# SHLIB_PATH environment variable for finding shared libraries 
+# in non-standard directories.  If a non-standard search-path for
+#  shared libraries is compiled into the executable (using 
+# -Wl,+b,$KRB5_SHLIBDIR), then the order of "-Wl,+b,..." and "-Wl,+s" 
+# on the commandline of the linker will determine which path
+# (compiled-in or SHLIB_PATH) will be searched first.
+#
+# +I initproc routine gets called at load and unload time for
+#    shl_load calls, but appears to never be called for link-time
+#    specified libraries.
+# +e sym exports symbol and supposedly prevents other symbols
+#    from being exported, according to the man page, but the
+#    latter bit doesn't actually seem to work
+# -O +dpv should display any routines eliminated as unused, but -b
+#	  apparently turns that off
+*-*-hpux*)
+	case $host_cpu in
+	hppa*)
+		SHLIBEXT=.sl
+		;;
+	ia64*)
+		SHLIBEXT=.so
+		;;
+	esac
+	SHLIBVEXT='.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.$(LIBMAJOR)'
+	RPATH_FLAG='-Wl,+b,'
+	if test "$ac_cv_c_compiler_gnu" = yes; then
+		PICFLAGS=-fPIC
+		SHLIB_RPATH_FLAGS='-Wl,+b,$(SHLIB_RDIRS)'
+		SHLIB_EXPFLAGS='-Wl,+s $(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+		LDCOMBINE='gcc -fPIC -shared -Wl,+h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -Wl,-c,hpux.exports'
+	else
+		PICFLAGS=+z
+		SHLIB_RPATH_FLAGS='+b $(SHLIB_RDIRS)'
+		SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+		LDCOMBINE='ld -b +h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -c hpux.exports'
+	fi
+	MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(LDFLAGS) \$(SHLIB_EXPFLAGS) ${LDCOMBINE_TAIL}"
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='SHLIB_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='SHLIB_PATH'
+	SHLIB_EXPORT_FILE_DEP=hpux.exports
+	# Do *not* set use_linker_init_option=yes here, because in the
+	# case where the library is specified at program link time, the
+	# initialization function appears not to get called, only for
+	# shl_load.  But for finalization functions, the shl_load case
+	# is the one we care about.
+	#
+	# Not setting use_linker_init_option here should cause compilation
+	# failures if the user tries to disable delayed initialization.
+	use_linker_fini_option=yes
+	;;
+
+mips-sgi-irix6.3)	# This is a Kludge; see below
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	SHOBJEXT=.o
+	# Kludge follows: (gcc makes n32 object files but ld expects o32, so we reeducate ld)
+	if test "$ac_cv_c_compiler_gnu" = yes; then
+		LDCOMBINE='ld -n32 -shared -ignore_unresolved -update_registry $(BUILDTOP)/so_locations -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	else
+		LDCOMBINE='ld -shared -ignore_unresolved -update_registry $(BUILDTOP)/so_locations -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	fi
+	SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	# no gprof for Irix...
+	PROFFLAGS=-p
+	RPATH_FLAG='-Wl,-rpath -Wl,'
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	# This grossness is necessary due to the presence of *three*
+	# supported ABIs on Irix, and the precedence of the rpath over
+	# LD_LIBRARY*_PATH.  Like OSF/1, _RLD*_ROOT needs to be set to
+	# work around this lossage.
+	#
+	# Set the N32 and 64 variables first because the unqualified
+	# variables affect all three and can cause the sed command to fail.
+	#
+	# This loop is to reduce the clutter a slight bit.
+	add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_ENV=
+	for i in N32 64 ''; do
+		RUN_ENV="${RUN_ENV+$RUN_ENV }LD_LIBRARY${i}_PATH=$add\$\${LD_LIBRARY${i}_PATH+:\$\$LD_LIBRARY${i}_PATH}"
+		RUN_ENV="${RUN_ENV} _RLD${i}_ROOT=\$\${_RLD${i}_ROOT+\$\${_RLD${i}_ROOT}}\$\${_RLD${i}_ROOT-/}"
+		RUN_VARS="$RUN_VARS LD_LIBRARY${i}_PATH _RLD${i}_ROOT"
+	done
+	;;
+
+mips-sgi-irix*)
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	SHOBJEXT=.o
+	if test "$ac_cv_c_compiler_gnu" = yes; then
+		LDCOMBINE_TAIL=""
+		INIT_FINI_PREP="initfini="
+	else
+		use_linker_init_option=yes
+		use_linker_fini_option=yes
+		INIT_FINI_PREP='initfini=; for f in . $(LIBINITFUNC); do if test $$f = .; then :; else initfini="$$initfini -Wl,-init,$${f}__auxinit"; fi; done; for f in . $(LIBFINIFUNC); do if test $$f = .; then :; else initfini="$$initfini -Wl,-fini,$${f}"; fi; done'
+		LDCOMBINE_TAIL='-Wl,-exports_file -Wl,$(SHLIB_EXPORT_FILE)'
+	fi
+	opts='-Wl,-ignore_unresolved -Wl,-update_registry -Wl,$(BUILDTOP)/so_locations'
+
+	if test "$ac_cv_c_compiler_gnu" = yes \
+		&& test "$krb5_cv_prog_gnu_ld" = yes; then
+		opts=''
+	fi
+	LDCOMBINE='$(CC) -shared '$opts' -Wl,-soname -Wl,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $$initfini'
+	SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	# no gprof for Irix...
+	PROFFLAGS=-p
+	RPATH_FLAG='-Wl,-rpath -Wl,'
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	# This grossness is necessary due to the presence of *three*
+	# supported ABIs on Irix, and the precedence of the rpath over
+	# LD_LIBRARY*_PATH.  Like OSF/1, _RLD*_ROOT needs to be set to
+	# work around this lossage.
+	#
+	# Set the N32 and 64 variables first because the unqualified
+	# variables affect all three and can cause the sed command to fail.
+	#
+	# This loop is to reduce the clutter a slight bit.
+	add='`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_ENV=
+	for i in N32 64 ''; do
+		RUN_ENV="${RUN_ENV+$RUN_ENV }LD_LIBRARY${i}_PATH=$add\$\${LD_LIBRARY${i}_PATH+:\$\$LD_LIBRARY${i}_PATH}"
+		RUN_ENV="${RUN_ENV} _RLD${i}_ROOT=\$\${_RLD${i}_ROOT+\$\${_RLD${i}_ROOT}}\$\${_RLD${i}_ROOT-/}"
+		RUN_VARS="$RUN_VARS LD_LIBRARY${i}_PATH _RLD${i}_ROOT"
+	done
+	;;
+
+# untested...
+mips-sni-sysv4)
+	if test "$ac_cv_c_compiler_gnu" = yes; then
+		PICFLAGS=-fpic
+		LDCOMBINE='$(CC) -G -Wl,-h -Wl,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	else
+		PICFLAGS=-Kpic
+		LDCOMBINE='$(CC) -G -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	fi
+	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	SHLIBEXT=.so
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	RPATH_FLAG=-R
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	PROFFLAGS=-pg
+	;;
+
+mips-*-netbsd*)
+	PICFLAGS=-fPIC
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	LDCOMBINE='ld -shared -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	RPATH_FLAG='-Wl,-rpath -Wl,'
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	PROFFLAGS=-pg
+	;;
+
+*-*-netbsd*)
+	PICFLAGS=-fPIC
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBEXT=.so
+	LDCOMBINE='$(CC) -shared'
+	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	RPATH_FLAG=-R
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	PROFFLAGS=-pg
+	;;
+
+*-*-freebsd*)
+	case $krb5_cv_host in
+		sparc64-*)
+			PICFLAGS=-fPIC
+			;;
+		*)
+			PICFLAGS=-fpic
+			;;
+	esac
+	SHLIBVEXT='.so.$(LIBMAJOR)'
+	RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	SHLIBEXT=.so
+	LDCOMBINE='ld -Bshareable'
+	SHLIB_RPATH_FLAGS='--enable-new-dtags -rpath $(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	PROFFLAGS=-pg
+	;;
+
+*-*-openbsd*)
+	PICFLAGS=-fpic
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBEXT=.so
+	LDCOMBINE='ld -Bshareable'
+	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	RPATH_FLAG=-R
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	PROFFLAGS=-pg
+	;;
+
+*-*-darwin* | *-*-rhapsody*)
+	SHLIBVEXT='.$(LIBMAJOR).$(LIBMINOR).dylib'
+	SHLIBSEXT='.$(LIBMAJOR).dylib'
+	SHLIB_EXPFLAGS='$(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	SHLIBEXT=.dylib
+	DYNOBJEXT=.so
+	SHLIB_EXPORT_FILE_DEP=darwin.exports
+	LDCOMBINE='$(CC) -undefined error -dead_strip -dynamiclib -compatibility_version $(LIBMAJOR) -current_version $(LIBMAJOR).$(LIBMINOR) -install_name "$(KRB5_LIBDIR)/$(LIBPREFIX)$(LIBBASE)$(SHLIBVEXT)" -exported_symbols_list darwin.exports $(CFLAGS)'
+	# The -dylib_file option tells the linker where to find indirect dependent
+	# libraries, without adding them to the dependency list.  We need this because
+	# the direct dependent libraries contain the pathname where the indirect
+	# dependent libraries will be installed (but haven't been yet).
+	LDCOMBINE_TAIL=""
+	for lib in libkrb5support.1.1.dylib libkadm5srv.5.1.dylib libkdb5.4.0.dylib; do
+	    LDCOMBINE_TAIL="$LDCOMBINE_TAIL -dylib_file \"\$(KRB5_LIBDIR)/$lib\":\$(TOPLIBD)/$lib"
+	done
+	MAKE_DYNOBJ_COMMAND='$(CC) -bundle $(CFLAGS) $(LDFLAGS) -o $@ $$objlist $(DYNOBJ_EXPFLAGS) $(LDFLAGS) -exported_symbols_list darwin.exports'" ${LDCOMBINE_TAIL}"
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -dynamic $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='DYLD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='DYLD_LIBRARY_PATH'
+	;;
+
+*-*-solaris*)
+	if test "$ac_cv_c_compiler_gnu" = yes; then
+		PICFLAGS=-fPIC
+		LDCOMBINE='$(CC) $(CFLAGS) -shared -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	else
+		PICFLAGS=-KPIC
+		# Solaris cc doesn't default to stuffing the SONAME field...
+		LDCOMBINE='$(CC) $(CFLAGS) -dy -G -z text -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $$initfini'
+		#
+		case $krb5_cv_host in
+		*-*-solaris2.[1-7] | *-*-solaris2.[1-7].*)
+		    # Did Solaris 7 and earlier have a linker option for this?
+		    ;;
+		*)
+		    INIT_FINI_PREP='initfini=; for f in . $(LIBINITFUNC); do if test $$f = .; then :; else initfini="$$initfini -Wl,-z,initarray=$${f}__auxinit"; fi; done; for f in . $(LIBFINIFUNC); do if test $$f = .; then :; else initfini="$$initfini -Wl,-z,finiarray=$$f"; fi; done'
+		    use_linker_init_option=yes
+		    use_linker_fini_option=yes
+		    ;;
+		esac
+	fi
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	PROFFLAGS=-pg
+	RPATH_FLAG=-R
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(PURE) $(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(PURE) $(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(PURE) $(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(PURE) $(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	;;
+
+*-*-linux* | *-*-gnu* | *-*-k*bsd*-gnu)
+	PICFLAGS=-fPIC
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBSEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	# Linux ld doesn't default to stuffing the SONAME field...
+	# Use objdump -x to examine the fields of the library
+	# UNDEF_CHECK is suppressed by --enable-asan
+	LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)'
+	UNDEF_CHECK='-Wl,--no-undefined'
+	# $(EXPORT_CHECK) runs export-check.pl when in maintainer mode.
+	LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)'
+	SHLIB_EXPORT_FILE_DEP=binutils.versions
+	RPATH_FLAG='-Wl,--enable-new-dtags -Wl,-rpath -Wl,'
+	# For cases where we do have dependencies on other libraries
+	# built in this tree...
+	SHLIB_RPATH_FLAGS='$(RPATH_FLAG)$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	PROFFLAGS=-pg
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+
+	## old version:
+	# Linux libc does weird stuff at shlib link time, must be
+	# explicitly listed here.  This also makes it get used even
+	# for the libraries marked as not having any dependencies; while
+	# that's not strictly correct, the resulting behavior -- not adding
+	# extra -R directories -- is still what we want.
+	#LDCOMBINE='ld -shared -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)'
+	#LDCOMBINE_TAIL="-lc"
+	#SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+
+	;;
+
+*-*-bsdi4*)
+	PICFLAGS=-fpic
+	SHLIBVEXT='.so.$(LIBMAJOR)'
+	SHLIBEXT=.so
+	LDCOMBINE='ld -Bshareable'
+	SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)'
+	SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	PROG_RPATH_FLAGS='-Wl,-rpath,$(PROG_RPATH)'
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH)'
+	RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/
+/:/g"`'
+	RUN_VARS='LD_LIBRARY_PATH'
+	PROFFLAGS=-pg
+	;;
+
+*-*-aix5*)
+	SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBEXT=.so
+	# AIX doesn't need separate PIC objects
+	SHOBJEXT=.o
+	SHLIB_EXPFLAGS='  $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	PROFFLAGS=-pg
+	if test "$ac_cv_c_compiler_gnu" = "yes" ; then
+	  wl_prefix=-Wl,
+	  RPATH_FLAG='-Wl,-blibpath:'
+	  LDCOMBINE='$(CC) -shared -v -o $@ $$objlist -nostartfiles -Xlinker -bgcbypass:1 -Xlinker -bfilelist -Xlinker -bM:SRE -Xlinker -bE:$(SHLIB_EXPORT_FILE) -Xlinker -bernotok -Xlinker -brtl $(SHLIB_EXPFLAGS) $(LDFLAGS) -lc $$initfini'
+	else
+	  wl_prefix=
+	  RPATH_FLAG=-blibpath:
+	  LDCOMBINE='/bin/ld -o $@ $$objlist -H512 -T512 -bnoentry -bgcbypass:1 -bnodelcsect -bfilelist -bM:SRE -bE:$(SHLIB_EXPORT_FILE) -bernotok -brtl $(SHLIB_EXPFLAGS) $(LDFLAGS) -lc $$initfini'
+	fi
+	# Assume initialization always delayed.
+	INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done'
+	use_linker_fini_option=yes
+	MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}"
+	RPATH_TAIL=:/usr/lib:/lib
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	# $(PROG_RPATH) is here to handle things like a shared tcl library
+	RUN_ENV='LIBPATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`:$(PROG_RPATH):/usr/lib:/usr/local/lib'
+	RUN_VARS='LIBPATH'
+	;;
+
+*-*-aix4.*)
+	SHLIBVEXT='.a.$(LIBMAJOR).$(LIBMINOR)'
+	SHLIBEXT=.a
+	# AIX doesn't need separate PIC objects
+	SHOBJEXT=.o
+	SHLIB_EXPFLAGS='  $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
+	PROFFLAGS=-pg
+	# Dynamically loaded object can have whatever suffix, but don't
+	# make archives like for shared libraries.
+	DYNOBJEXT=.so
+	#
+	if test "$ac_cv_c_compiler_gnu" = "yes" ; then
+	  wl_prefix=-Wl,
+	  RPATH_FLAG='-Wl,-blibpath:'
+	  LDCOMBINE='$(CC) -shared -v -o shr.o.$(LIBMAJOR).$(LIBMINOR) $$objlist -nostartfiles -Xlinker -bgcbypass:1 -Xlinker -bfilelist -Xlinker -bM:SRE -Xlinker -bE:$(SHLIB_EXPORT_FILE) -Xlinker -bernotok $(SHLIB_EXPFLAGS) $(LDFLAGS) -lc $$initfini'
+	  LDCOMBINE_DYN='$(CC) -shared -v -o $@ $$objlist -nostartfiles -Xlinker -bgcbypass:1 -Xlinker -bfilelist -Xlinker -bM:SRE -Xlinker -bE:$(SHLIB_EXPORT_FILE) -Xlinker -bernotok $(SHLIB_EXPFLAGS) $(LDFLAGS) -lc $$initfini'
+	else
+	  wl_prefix=
+	  RPATH_FLAG=-blibpath:
+	  LDCOMBINE='/bin/ld -o shr.o.$(LIBMAJOR).$(LIBMINOR) $$objlist -H512 -T512 -bnoentry -bgcbypass:1 -bnodelcsect -bfilelist -bM:SRE -bE:$(SHLIB_EXPORT_FILE) -bernotok $(SHLIB_EXPFLAGS) $(LDFLAGS) -lc $$initfini'
+	  LDCOMBINE_DYN='/bin/ld -o $@ $$objlist -H512 -T512 -bnoentry -bgcbypass:1 -bnodelcsect -bfilelist -bM:SRE -bE:$(SHLIB_EXPORT_FILE) -bernotok $(SHLIB_EXPFLAGS) $(LDFLAGS) -lc $$initfini'
+	fi
+	# Assume initialization always delayed.
+	INIT_FINI_PREP="wl=${wl_prefix}; "'i=1; initfini=; for f in . $(LIBFINIFUNC); do if test $$f != .; then initfini="$$initfini $${wl}-binitfini::$$f:$$i"; else :; fi; i=`expr $$i + 1`; done'
+	use_linker_fini_option=yes
+	MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}"' && ar cq $@ shr.o.$(LIBMAJOR).$(LIBMINOR) && chmod +x $@ && rm -f shr.o.$(LIBMAJOR).$(LIBMINOR)'
+	MAKE_DYNOBJ_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE_DYN}"
+	RPATH_TAIL=:/usr/lib:/lib
+	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"
+	CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
+	CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
+	CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
+	CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
+	# $(PROG_RPATH) is here to handle things like a shared tcl library
+	RUN_ENV='LIBPATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`:$(PROG_RPATH):/usr/lib:/usr/local/lib'
+	RUN_VARS='LIBPATH'
+	;;
+esac
+
+if test "${MAKE_SHLIB_COMMAND}" = "x" ; then
+  if test "${INIT_FINI_PREP}" != ":"; then
+    MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) \$(LDFLAGS) ${LDCOMBINE_TAIL}"
+  else
+    MAKE_SHLIB_COMMAND="${LDCOMBINE} -o \$@ \$\$objlist \$(SHLIB_EXPFLAGS) \$(LDFLAGS) ${LDCOMBINE_TAIL}"
+  fi
+fi
diff --git a/krb5-1.21.3/src/config/wconfig.pl b/krb5-1.21.3/src/config/wconfig.pl
new file mode 100755
index 00000000..8a9d19f7
--- /dev/null
+++ b/krb5-1.21.3/src/config/wconfig.pl
@@ -0,0 +1,77 @@
+#! perl
+$win_flag = "WIN32##";
+@wflags = ();
+$mit_specific = 0;
+@ignore_list = ( "DOS#?#?" );
+
+foreach $arg (@ARGV) {
+    if ($arg =~ /^-/) { push @wflags, $arg; }
+    if ("--mit" eq $arg) {
+	$mit_specific = 1;
+    } elsif ("--win16" eq $arg) {
+	$win_flag = "WIN16##";
+    } elsif ("--win32" eq $arg) {
+	$win_flag = "WIN32##";
+    } elsif ($arg =~ /^--enable-/) {
+	my($a) = $arg . "##";
+	$a =~ s/^--enable-//;
+	$a =~ tr/a-z/A-Z/;
+	push @ignore_list, $a;
+    } elsif ($arg =~ /^--ignore=/) {
+	my($a) = $arg;
+	$a =~ s/--ignore=//;
+	push @ignore_list, $a;
+    } elsif ($arg =~ /^-/) {
+	print STDERR "Invalid option '$arg'\n";
+	exit 1;
+    } else {
+	if (! defined $dir) {
+	    $dir = $arg;
+	}
+    }
+}
+push @ignore_list, $win_flag;
+push @ignore_list, "MIT##" if $mit_specific;
+
+if ($#wflags >= 0) { printf "WCONFIG_FLAGS=%s\n", join (" ", @wflags); }
+
+# This has a couple variations from the old wconfig.c.
+#
+# The old script wouldn't treat the input strings as regular expressions.
+# This one does, and actually it builds one regexp, so the strict order of
+# checks done by wconfig.c no longer applies.
+#
+# And the old script would change "##DOS#" to "#", whereas this
+# version (with the regexp given above) will accept and discard 0, 1
+# or 2 "#" marks.
+$sub = "sub do_subst { my (\$a) = shift; \$a =~ s/^##(" . join("|", @ignore_list) . ")//; return \$a; }";
+#print STDERR $sub, "\n";
+eval $sub;
+
+sub process {
+    my $fh = shift;
+    while (<$fh>) {
+	if (/^@/) {
+	    # This branch isn't actually used as far as I can tell.
+	    print "\n";
+	    next;
+	}
+	# Do we want to do any autoconf-style @FOO@ substitutions?
+	# s/@MAINT@/#/g;
+	# Are there any options we might want to set at configure time?
+	print &do_subst($_);
+    }
+}
+
+if (defined $dir) {
+    open AUX, "<$dir/win-pre.in" || die "Couldn't open win-pre.in: $!\n";
+    &process(\*AUX);
+    close AUX;
+}
+&process(\*STDIN);
+if (defined $dir) {
+    open AUX, "<$dir/win-post.in" || die "Couldn't open win-post.in: $!\n";
+    &process(\*AUX);
+    close AUX;
+}
+exit 0;
diff --git a/krb5-1.21.3/src/config/win-post.in b/krb5-1.21.3/src/config/win-post.in
new file mode 100644
index 00000000..3f43bda7
--- /dev/null
+++ b/krb5-1.21.3/src/config/win-post.in
@@ -0,0 +1,128 @@
+#
+# Start of Win32 post-config lines (config/win-post.in)
+#
+
+setup-msg:
+	@set C_RULE_PRINT=	$(C_RULE_PRINT)
+	@set DO_C_RULE_PRINT=1
+
+!if defined(NO_OUTPRE) || defined(NO_OUTDIR)
+outpre-dir:
+!else
+outpre-dir: $(OUTPRE3)$(DIRNUL)
+!endif
+
+#
+# put all: first just in case no other rules occur here
+#
+all:
+
+#
+# Set the #define to indicate that we are compiling a DLL.  We default to 
+# compiling the Kerberos library
+#
+!if defined(DLL_EXP_TYPE)
+DLL_FILE_DEF=/D$(DLL_EXP_TYPE)_DLL_FILE
+!else
+DLL_FILE_DEF=/DKRB5_DLL_FILE
+!endif
+
+# Build the Makefile unless we are in the top-level
+#(where there is already an explicit rule).
+!if !defined(TOPLEVEL)
+Makefile: Makefile.in $(BUILDTOP)\config\win-pre.in $(BUILDTOP)\config\win-post.in
+	$(WCONFIG) $(BUILDTOP)\config < Makefile.in > Makefile
+!endif
+
+# Recurse into subdirs if WINSUBDIRS or SUBDIRS is defined.  Makefiles
+# can depend on all-recurse, clean-recurse, or check-recurse to perform
+# actions after recursion.
+!if defined(SUBDIRS) && !defined(WINSUBDIRS)
+WINSUBDIRS=$(SUBDIRS)
+!endif
+!ifdef WINSUBDIRS
+
+all-recurse:
+	@for %d in ($(WINSUBDIRS)) do @(echo Making in $(mydir)\%d && \
+		pushd %d && $(MAKE) -$(MFLAGS) && popd) || exit 1
+	@echo Making in $(mydir)
+all-windows: all-recurse
+
+clean-recurse:
+	@for %d in ($(WINSUBDIRS)) do @(echo Making clean in $(mydir)\%d && \
+		pushd %d && $(MAKE) -$(MFLAGS) clean && popd) || exit 1
+	@echo Making clean in $(mydir)
+clean-windows:: clean-recurse
+
+check-recurse:
+	@for %d in ($(WINSUBDIRS)) do @(echo Making check in $(mydir)\%d && \
+		pushd %d && $(MAKE) -$(MFLAGS) check && popd) || exit 1
+	@echo Making check in $(mydir)
+check-windows: check-recurse
+
+!endif # WINSUBDIRS
+
+# Use 64-bit LIBNAME and OBJFILE on 64-bit platforms, if defined.
+!if ("$(CPU)" == "IA64") || ("$(CPU)" == "AMD64") || ("$(CPU)" == "ALPHA64")
+!if defined(WIN64LIBNAME)
+LIBNAME=$(WIN64LIBNAME)
+!endif
+!if defined(WIN64OBJFILE)
+OBJFILE=$(WIN64OBJFILE)
+!endif
+!endif
+
+# Build a library if LIBNAME is defined.
+!if defined(LIBNAME)
+
+!if !defined(OBJFILELIST)
+OBJFILELIST=@$(OBJFILE)
+!endif
+!if !defined(OBJFILEDEP)
+OBJFILEDEP=$(OBJFILE)
+!endif
+
+all-windows: $(LIBNAME)
+$(LIBNAME): $(OBJFILEDEP)
+	$(LIBCMD) /out:$(LIBNAME) /nologo $(OBJFILELIST)
+
+!endif # LIBNAME
+
+
+# Build an object file list if OBJFILE is defined.
+!if defined(OBJFILE)
+all-windows: $(OBJFILE)
+!if defined(LIBOBJS)
+$(OBJFILE): $(LIBOBJS)
+	if exist $(OBJFILE) del $(OBJFILE)
+!if defined(PREFIXDIR)
+	$(LIBECHO) -p $(PREFIXDIR)\ $** > $(OBJFILE)
+!else
+	$(LIBECHO) $** > $(OBJFILE)
+!endif # !PREFIXDIR
+!endif # LIBOBJS
+!endif # OBJFILE
+
+
+check:
+check-windows:
+
+clean-windows:: clean-windows-files clean-windows-dir
+
+
+# This needs to be in the post because we need RM to be defined in terms
+# of BUILDTOP
+clean-windows-files:
+!if "$(OUTPRE3)" == ""
+!error ASSERTION FAILURE: OUTPRE3 must be defined!!!
+!endif
+!if "$(OS)" == "Windows_NT"
+	@if exist $(OUTPRE3)$(DIRNUL) rd /s/q $(OUTPRE3)
+!else
+	@if exist $(OUTPRE3)$(DIRNUL) deltree /y $(OUTPRE3)
+!endif
+
+# Dependencies
+!if exist($(srcdir)/deps)
+!include $(srcdir)/deps
+!endif
diff --git a/krb5-1.21.3/src/config/win-pre.in b/krb5-1.21.3/src/config/win-pre.in
new file mode 100644
index 00000000..8ac5fa2f
--- /dev/null
+++ b/krb5-1.21.3/src/config/win-pre.in
@@ -0,0 +1,240 @@
+WHAT=windows
+
+all: setup-msg outpre-dir
+
+all: all-$(WHAT)
+clean: clean-$(WHAT)
+install: install-$(WHAT)
+check: check-$(WHAT)
+
+all-windows:
+clean-windows::
+install-windows:
+check-windows:
+
+all-windows: Makefile
+clean-windows:: Makefile
+
+#
+# Figure out the CPU
+#
+!if !defined(CPU) || "$(CPU)" == ""
+CPU=$(PROCESSOR_ARCHITECTURE)
+!endif # CPU
+
+!if "$(CPU)" == ""
+CPU=i386
+!endif
+
+# Change x86 or X86 to i386
+!if ( "$(CPU)" == "X86" ) || ( "$(CPU)" == "x86" )
+CPU=i386
+!endif # CPU == X86
+
+!if ( "$(CPU)" != "i386" ) && ( "$(CPU)" != "ALPHA" ) && ( "$(CPU)" != "ALPHA64" ) && ( "$(CPU)" != "IA64" ) && ( "$(CPU)" != "AMD64" )
+!error Must specify CPU environment variable ( CPU=i386, CPU=ALPHA, CPU=ALPHA64,CPU=IA64, CPU=AMD64)
+!endif
+
+!if  ("$(CPU)" == "IA64" ) || ("$(CPU)" == "AMD64" ) || ("$(CPU)" == "ALPHA64" )
+BITS=64
+!else
+BITS=32
+!endif
+
+#
+# End of figuring out CPU
+#
+
+!if "$(OS)" == "Windows_NT"
+DIRNUL=
+!else 
+DIRNUL=\nul
+!endif
+
+# NOTE: ^ is an escape char for NMAKE.
+!ifdef NODEBUG
+OUTPRE_DBG=rel
+!else
+OUTPRE_DBG=dbg
+!endif
+OUTPRE1=obj
+OUTPRE2=$(OUTPRE1)\$(CPU)
+OUTPRE3=$(OUTPRE2)\$(OUTPRE_DBG)
+OUTPRE=$(OUTPRE3)^\
+
+$(OUTPRE3)$(DIRNUL):
+	-@if not exist $(OUTPRE1)$(DIRNUL) mkdir $(OUTPRE1)
+	-@if not exist $(OUTPRE2)$(DIRNUL) mkdir $(OUTPRE2)
+	-@if not exist $(OUTPRE3)$(DIRNUL) mkdir $(OUTPRE3)
+	@if exist $(OUTPRE3)$(DIRNUL) echo Output going into $(OUTPRE3)
+	@if not exist $(OUTPRE1)$(DIRNUL) echo The directory $(OUTPRE1) could not be created.
+	@if exist $(OUTPRE1)$(DIRNUL) if not exist $(OUTPRE2)$(DIRNUL) echo The directory $(OUTPRE2) could not be created.
+	@if exist $(OUTPRE2)$(DIRNUL) if not exist $(OUTPRE3)$(DIRNUL) echo The directory $(OUTPRE3) could not be created.
+
+
+clean-windows-dir:
+	-@if exist $(OUTPRE3)$(DIRNUL) rmdir $(OUTPRE3)
+	-@if exist $(OUTPRE2)$(DIRNUL) rmdir $(OUTPRE2)
+	-@if exist $(OUTPRE1)$(DIRNUL) rmdir $(OUTPRE1)
+	@if exist $(OUTPRE2)$(DIRNUL) echo The directory $(OUTPRE2) is not empty.
+	@if not exist $(OUTPRE2)$(DIRNUL) if exist $(OUTPRE1)$(DIRNUL) echo The directory $(OUTPRE1) is not empty.
+
+# Directory syntax:
+#
+# begin absolute path
+ABS=^\
+# begin relative path
+REL=
+# up-directory
+U=..
+# path separator
+S=^\
+# this is magic... should only be used for preceding a program invocation
+C=.^\
+
+srcdir = .
+top_srcdir = $(srcdir)\$(BUILDTOP)
+
+DNSLIBS=dnsapi.lib
+DNSFLAGS=-DKRB5_DNS_LOOKUP=1
+!if defined(KRB5_USE_DNS_REALMS)
+DNSFLAGS=$(DNSFLAGS) -DKRB5_DNS_LOOKUP_REALM=1
+!endif
+
+!if ("$(CPU)" == "i386")
+TIME_T_FLAGS=-D_USE_32BIT_TIME_T
+!endif
+
+!if defined (NODEBUG)
+KFWFLAGS=-DUSE_LEASH=1
+!else
+KFWFLAGS=-DUSE_LEASH=1 -DDEBUG -D_CRTDBG_MAP_ALLOC
+!endif
+
+#
+# The name of the C compiler for the target
+#
+CC=cl
+
+PDB_OPTS=-Fd$(OUTPRE)\ -FD
+CPPFLAGS=-I$(top_srcdir)\include -I$(top_srcdir)\include\krb5 $(DNSFLAGS) -DWIN32_LEAN_AND_MEAN -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE -D_CRT_SECURE_NO_DEPRECATE $(KFWFLAGS) $(TIME_T_FLAGS)
+# Treat the following warnings as errors:
+#  4020: too many actual parameters
+#  4024: different types for formal and actual parameter
+#  4047: different levels of indirection
+CCOPTS=-nologo /EHsc /W3 /we4020 /we4024 /we4047 $(PDB_OPTS) $(DLL_FILE_DEF)
+LOPTS=-nologo -incremental:no -manifest
+
+!if  ("$(BITS)" == "64" )
+ENTRYPOINT=_DllMainCRTStartup
+!else
+ENTRYPOINT=_DllMainCRTStartup@12
+!endif
+CCLINKOPTION=
+DEBUGOPT=/guard:cf /Zi
+
+#if the compiler is vstudio 8, generate manifest
+!if exists("$(VCINSTALLDIR)\..\..\MICROSOFT VISUAL STUDIO 8")
+CCLINKOPTION = $(CCLINKOPTION) /MANIFEST
+_VC_MANIFEST_EMBED_EXE = if exist $*.exe.manifest mt.exe -manifest $*.exe.manifest -outputresource:$*.exe;1
+_VC_MANIFEST_EMBED_DLL = if exist $*.dll.manifest mt.exe -manifest $*.dll.manifest -outputresource:$*.dll;2
+!endif 
+
+# /ZI gives better debug info in each object file (MSVC 6.0 or higher).
+# /Zi gives debug info in each object file.
+# /Gs Avoid stack probes (they don't seem to work anyway)
+# /Os optimize for space.  FIXME:  Do not use /Ox; it miscompiles the DES lib!
+# /Od disable optimization (for debugging)
+# /MD (Win32) thread safe, ML would be single threaded, don't build with ML
+
+#
+# CCOPTS  was for DLL compiles
+# CCOPTS2 was for non-DLL compiles (EXEs, for example)
+#
+!ifdef NODEBUG
+!ifdef DEBUG_SYMBOL
+CCOPTS=$(DEBUGOPT) $(CCOPTS)
+LOPTS=$(LOPTS) -debug
+!endif
+CCOPTS=/Os /MD $(CCOPTS)
+LOPTS=$(LOPTS)
+!ifdef DEBUG_SYMBOL
+INSTALLDBGSYMS=copy
+!else
+INSTALLDBGSYMS=rem
+!endif
+!else
+CCOPTS=/Od $(DEBUGOPT) /MDd $(CCOPTS)
+LOPTS=$(LOPTS) -debug
+INSTALLDBGSYMS=copy
+!endif
+
+# XXX - NOTE: We should probably use DllMainCRTStartup
+DLL_LINKOPTS=$(LOPTS) -dll -entry:DllMain
+EXE_LINKOPTS=$(LOPTS)
+
+RM=$(BUILDTOP)\config\rm.bat
+LIBECHO=$(BUILDTOP)\util\windows\$(OUTPRE)libecho
+CP=copy/b nul:+
+MV=ren
+LN=copy
+LIBCMD=lib
+AWK=rem
+RC = rc
+CVTRES = cvtres
+PERL=perl
+
+WCONFIG_EXE=$(BUILDTOP)\$(OUTPRE)wconfig.exe
+WCONFIG=$(WCONFIG_EXE:.exe=) $(WCONFIG_FLAGS)
+
+CLIB=$(BUILDTOP)\lib\$(OUTPRE)comerr$(BITS).lib
+PLIB=$(BUILDTOP)\lib\$(OUTPRE)xpprof$(BITS).lib
+KLIB=$(BUILDTOP)\lib\$(OUTPRE)krb5_$(BITS).lib
+SLIB=$(BUILDTOP)\lib\$(OUTPRE)k5sprt$(BITS).lib
+GLIB=$(BUILDTOP)\lib\$(OUTPRE)gssapi$(BITS).lib
+CCLIB=krbcc$(BITS)
+SPAKELIB=spake$(BITS)
+
+KRB4_INCLUDES=-I$(BUILDTOP)/include/kerberosIV
+
+COM_ERR_DEPS	= $(BUILDTOP)/include/com_err.h
+
+RANLIB=rem
+
+OBJEXT=obj
+EXEEXT=.exe
+
+MFLAGS=$(MAKEFLAGS)
+!ifdef MIGNORE
+MAKE=-$(MAKE)
+!endif
+
+CFLAGS = $(CCOPTS)
+ALL_CFLAGS = $(DEFS) $(DEFINES) $(LOCALINCLUDES) $(CPPFLAGS) $(CFLAGS)
+
+C_RULE_STUFF=$(CC) $(ALL_CFLAGS) -Fo$(OUTPRE)\ -c
+C_RULE_PRINT=$(C_RULE_STUFF)
+C_RULE=$(C_RULE_STUFF) $<
+
+{}.rc{$(OUTPRE)}.res:
+	$(RC) $(RCFLAGS) -fo $@ -r $<
+
+{}.c{$(OUTPRE)}.obj:
+	@if "%DO_C_RULE_PRINT%"=="1" echo %C_RULE_PRINT% ...
+	@set DO_C_RULE_PRINT=
+	@$(C_RULE)
+
+{}.cxx{$(OUTPRE)}.obj:
+	@if "%DO_C_RULE_PRINT%"=="1" echo %C_RULE_PRINT% ...
+	@set DO_C_RULE_PRINT=
+	@$(C_RULE)
+
+{}.cpp{$(OUTPRE)}.obj:
+	@if "%DO_C_RULE_PRINT%"=="1" echo %C_RULE_PRINT% ...
+	@set DO_C_RULE_PRINT=
+	@$(C_RULE)
+
+#
+# End of Win32 pre-config lines (config/win-pre.in)
+#
+
diff --git a/krb5-1.21.3/src/configure b/krb5-1.21.3/src/configure
new file mode 100755
index 00000000..1d676796
--- /dev/null
+++ b/krb5-1.21.3/src/configure
@@ -0,0 +1,16426 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.71 for Kerberos 5 1.21.3.
+#
+# Report bugs to <krb5-bugs@mit.edu>.
+#
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009
+# Massachusetts Institute of Technology.
+#
+#
+#
+# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
+# Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else $as_nop
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
+as_nl='
+'
+export as_nl
+IFS=" ""	$as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh).  This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2)            ; then :; else exec 2>/dev/null; fi
+
+# The user is always right.
+if ${PATH_SEPARATOR+false} :; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    test -r "$as_dir$0" && as_myself=$as_dir$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+
+# Use a proper internal environment variable to ensure we don't fall
+  # into an infinite loop, continuously re-executing ourselves.
+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+    _as_can_reexec=no; export _as_can_reexec;
+    # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+  fi
+  # We don't want this to propagate to other subprocesses.
+          { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="as_nop=:
+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else \$as_nop
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" )
+then :
+
+else \$as_nop
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+blah=\$(echo \$(echo blah))
+test x\"\$blah\" = xblah || exit 1
+test -x / || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+  if (eval "$as_required") 2>/dev/null
+then :
+  as_have_required=yes
+else $as_nop
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
+then :
+
+else $as_nop
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
+then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+  if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi
+fi
+
+
+      if test "x$CONFIG_SHELL" != x
+then :
+  export CONFIG_SHELL
+             # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+    if test x$as_have_required = xno
+then :
+  printf "%s\n" "$0: This script requires a shell more modern than all"
+  printf "%s\n" "$0: the shells that I found on your system."
+  if test ${ZSH_VERSION+y} ; then
+    printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    printf "%s\n" "$0: Please tell bug-autoconf@gnu.org and krb5-bugs@mit.edu
+$0: about your system, including any error possibly output
+$0: before this message. Then install a modern shell, or
+$0: manually run the script under such a shell if you do
+$0: have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+# as_fn_nop
+# ---------
+# Do nothing but, unlike ":", preserve the value of $?.
+as_fn_nop ()
+{
+  return $?
+}
+as_nop=as_fn_nop
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else $as_nop
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else $as_nop
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+# as_fn_nop
+# ---------
+# Do nothing but, unlike ":", preserve the value of $?.
+as_fn_nop ()
+{
+  return $?
+}
+as_nop=as_fn_nop
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  printf "%s\n" "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+  # already done that, so ensure we don't try to do so again and fall
+  # in an infinite loop.  This has already happened in practice.
+  _as_can_reexec=no; export _as_can_reexec
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n.  New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_echo='printf %s\n'
+as_echo_n='printf %s'
+
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='Kerberos 5'
+PACKAGE_TARNAME='krb5'
+PACKAGE_VERSION='1.21.3'
+PACKAGE_STRING='Kerberos 5 1.21.3'
+PACKAGE_BUGREPORT='krb5-bugs@mit.edu'
+PACKAGE_URL=''
+
+ac_unique_file="aclocal.m4"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stddef.h>
+#ifdef HAVE_STDIO_H
+# include <stdio.h>
+#endif
+#ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+#endif
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_header_c_list=
+ac_subst_vars='LTLIBOBJS
+PKCS11_MODNAME
+DEFCKTNAME
+DEFKTNAME
+DEFCCNAME
+MACOS_FRAMEWORK
+OSX
+GROFF
+VERTO_VERSION
+VERTO_LIBS
+VERTO_CFLAGS
+RL_LIBS
+RL_CFLAGS
+LIBEDIT_LIBS
+LIBEDIT_CFLAGS
+lmdb_plugin_dir
+LMDB_LIBS
+HAVE_LMDB
+sam2_plugin
+LDAP
+ldap_plugin_dir
+HAVE_SASL
+LDAP_LIBS
+SUPPORTLIB_MAJOR
+DB_EXTRA_LIBS
+HAVE_RESOLV_WRAPPER
+CMOCKA_LIBS
+HAVE_CMOCKA
+HAVE_PYTHON
+PYTHON
+PYTHON_MINVERSION
+LIBOBJS
+PKINIT
+GSSRPC__BSD_TYPEALIASES
+GSSRPC__NETDB_H
+GSSRPC__SYS_PARAM_H
+GSSRPC__UNISTD_H
+GSSRPC__SYS_TIME_H
+GSSRPC__SYS_SELECT_H
+rpcent_define
+include_xom
+PRIOCNTL_HACK
+YFLAGS
+YACC
+NSLOOKUP
+DIG
+FCTSH
+BASH
+SH5
+SH
+KRB5_RCTMPDIR
+SIZEOF_TIME_T
+SETENVOBJ
+KSU_LIBS
+EXTRA_SUPPORT_SYMS
+GETTIMEOFDAY_ST_OBJ
+GETTIMEOFDAY_OBJ
+MKSTEMP_ST_OBJ
+MKSTEMP_OBJ
+ASAN
+ASAN_FLAGS
+KRB5_RUN_VARS
+KRB5_RUN_ENV
+AESNI_FLAGS
+AESNI_OBJ
+YASM
+SPAKE_OPENSSL_LIBS
+HAVE_SPAKE_OPENSSL
+TLS_IMPL_LIBS
+TLS_IMPL_CFLAGS
+TLS_IMPL
+CRYPTO_BUILTIN_TESTS
+CRYPTO_IMPL_LIBS
+CRYPTO_IMPL_CFLAGS
+audit_plugin
+AUDIT_IMPL_LIBS
+AWK
+SECURE_GETENV_INIT
+SECURE_GETENV_ST_OBJ
+SECURE_GETENV_OBJ
+PRINTF_ST_OBJ
+PRINTF_OBJ
+FNMATCH_ST_OBJ
+FNMATCH_OBJ
+GETOPT_LONG_ST_OBJ
+GETOPT_LONG_OBJ
+GETOPT_ST_OBJ
+GETOPT_OBJ
+STRLCPY_ST_OBJ
+STRLCPY_OBJ
+po
+MSGFMT
+LIBUTIL
+PROG_RPATH_FLAGS
+RPATH_FLAG
+CXX_LINK
+CC_LINK
+GEN_LIB
+UNDEF_CHECK
+MAKE_DYNOBJ_COMMAND
+DYNOBJEXT
+LIBINSTLIST
+PFLIBEXT
+DEPLIBEXT
+SHLIBSEXT
+SHLIBVEXT
+SHLIBEXT
+STLIBEXT
+INSTALL_SHLIB
+DYNOBJ_EXPFLAGS
+DYNOBJ_EXPDEPS
+SHLIB_EXPORT_FILE_DEP
+SHLIB_EXPFLAGS
+SHLIB_RPATH_FLAGS
+MAKE_SHLIB_COMMAND
+KDB5_PLUGIN_LIBS
+KDB5_PLUGIN_DEPLIBS
+PLUGININST
+PLUGINLINK
+PLUGIN
+LIBLINKS
+LIBLIST
+PERL
+AR
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+RANLIB
+LN_S
+PROFFLAGS
+PICFLAGS
+PFOBJEXT
+SHOBJEXT
+STOBJEXT
+OBJLISTS
+KRB5_VERSION
+DL_LIB
+THREAD_SUPPORT
+PTHREAD_CFLAGS
+PTHREAD_LIBS
+PTHREAD_CXX
+PTHREAD_CC
+ax_pthread_config
+EGREP
+GREP
+SED
+krb5_cv_host
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+CONFIG_RELTOPDIR
+MAINT
+MAINTAINER_MODE_FALSE
+MAINTAINER_MODE_TRUE
+HESIOD_LIBS
+HESIOD_DEFS
+KDB5_DB_LIB
+DB_HEADER_VERSION
+DB_VERSION
+DB_LIB
+DB_HEADER
+SS_VERSION
+SS_LIB
+COM_ERR_LIB
+COM_ERR_VERSION
+compile_et
+COM_ERR_LIBS
+COM_ERR_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
+LD
+CPP
+WARN_CXXFLAGS
+WARN_CFLAGS
+HAVE_GCC
+ac_ct_CXX
+CXXFLAGS
+CXX
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+EXTRA_FILES
+SYSCONFCONF
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+runstatedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files='lib_frag
+libobj_frag
+libnover_frag
+libpriv_frag
+libnodeps_frag'
+ac_user_opts='
+enable_option_checking
+with_size_optimizations
+with_system_et
+with_system_ss
+with_system_db
+with_netlib
+enable_dns_for_realm
+with_hesiod
+enable_maintainer_mode
+with_ldap
+enable_delayed_initialization
+enable_thread_support
+enable_static
+enable_shared
+enable_rpath
+enable_profiled
+enable_athena
+enable_nls
+with_vague_errors
+enable_audit_plugin
+with_crypto_impl
+with_tls_impl
+with_keyutils
+with_spake_openssl
+enable_aesni
+enable_kdc_lookaside_cache
+enable_asan
+enable_pkinit
+with_lmdb
+with_libedit
+with_readline
+with_system_verto
+with_krb5_config
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CXX
+CXXFLAGS
+CCC
+CPP
+LD
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+COM_ERR_CFLAGS
+COM_ERR_LIBS
+SS_LIB
+DB_HEADER
+DB_LIB
+YACC
+YFLAGS
+LIBEDIT_CFLAGS
+LIBEDIT_LIBS
+VERTO_CFLAGS
+VERTO_LIBS
+DEFCCNAME
+DEFKTNAME
+DEFCKTNAME
+PKCS11_MODNAME'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *=)   ac_optarg= ;;
+  *)    ac_optarg=yes ;;
+  esac
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: \`$ac_useropt'"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: \`$ac_useropt'"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: \`$ac_useropt'"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: \`$ac_useropt'"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir runstatedir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures Kerberos 5 1.21.3 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/krb5]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of Kerberos 5 1.21.3:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-dns-for-realm  enable DNS lookups of Kerberos realm names
+  --enable-maintainer-mode
+                          enable rebuilding of source files, Makefiles, etc
+  --disable-delayed-initialization
+                          initialize library code when loaded [delay until
+                          first use]
+  --disable-thread-support
+                          don't enable thread support [enabled]
+
+  --disable-rpath         suppress run path flags in link lines
+  --enable-athena         build with MIT Project Athena configuration
+  --disable-nls           disable native language support
+  --enable-audit-plugin=IMPL
+                          use audit plugin [ do not use audit ]
+  --disable-aesni         Do not build with AES-NI support
+  --disable-kdc-lookaside-cache
+                          Disable the cache which detects client retransmits
+  --enable-asan           Build with asan memory checking
+  --disable-pkinit        disable PKINIT plugin support
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-size-optimizations enable a few optimizations to reduce code size
+                          possibly at some run-time cost
+  --with-system-et        use system compile_et and -lcom_err [default: build
+                          and install a local version]
+  --with-system-ss        use system -lss and mk_cmds [private version]
+  --with-system-db        use system Berkeley db [private version]
+  --with-netlib=LIBS      use user defined resolver library
+  --with-hesiod=path      compile with hesiod support [omitted]
+  --with-ldap             compile OpenLDAP database backend module
+  --with-vague-errors     Do not [do] send helpful errors to client
+  --with-crypto-impl=IMPL use specified crypto implementation [builtin]
+  --with-tls-impl=IMPL    use specified TLS implementation [auto]
+  --without-keyutils      do not link with libkeyutils
+  --with-spake-openssl    use OpenSSL for SPAKE preauth [auto]
+  --with-lmdb             compile LMDB database backend module [auto]
+  --without-libedit       do not compile with libedit
+  --with-readline         compile with GNU Readline
+  --with-system-verto     always use system verto library
+  --with-krb5-config=PATH path to existing krb5-config program for defaults
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+  CXX         C++ compiler command
+  CXXFLAGS    C++ compiler flags
+  CPP         C preprocessor
+  LD          linker command [CC]
+  PKG_CONFIG  path to pkg-config utility
+  PKG_CONFIG_PATH
+              directories to add to pkg-config's search path
+  PKG_CONFIG_LIBDIR
+              path overriding pkg-config's built-in search path
+  COM_ERR_CFLAGS
+              C compiler flags for COM_ERR, overriding pkg-config
+  COM_ERR_LIBS
+              linker flags for COM_ERR, overriding pkg-config
+  SS_LIB      system libraries for 'ss' package [-lss]
+  DB_HEADER   header file for system Berkeley db package [db.h]
+  DB_LIB      library for system Berkeley db package [-ldb]
+  YACC        The `Yet Another Compiler Compiler' implementation to use.
+              Defaults to the first program found out of: `bison -y', `byacc',
+              `yacc'.
+  YFLAGS      The list of arguments that will be passed by default to $YACC.
+              This script will default YFLAGS to the empty string to avoid a
+              default value of `-d' given by some make applications.
+  LIBEDIT_CFLAGS
+              C compiler flags for LIBEDIT, overriding pkg-config
+  LIBEDIT_LIBS
+              linker flags for LIBEDIT, overriding pkg-config
+  VERTO_CFLAGS
+              C compiler flags for VERTO, overriding pkg-config
+  VERTO_LIBS  linker flags for VERTO, overriding pkg-config
+  DEFCCNAME   Default ccache name
+  DEFKTNAME   Default keytab name
+  DEFCKTNAME  Default client keytab name
+  PKCS11_MODNAME
+              Default PKCS11 module name
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <krb5-bugs@mit.edu>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for configure.gnu first; this name is used for a wrapper for
+    # Metaconfig's "Configure" on case-insensitive file systems.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+Kerberos 5 configure 1.21.3
+generated by GNU Autoconf 2.71
+
+Copyright (C) 2021 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+
+Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009
+Massachusetts Institute of Technology.
+
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest.beam
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest.beam
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } > conftest.i && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 test -x conftest$ac_exeext
+       }
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that
+# executables *can* be run.
+ac_fn_c_try_run ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: program exited with status $ac_status" >&5
+       printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+       ac_retval=$ac_status
+fi
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+   which can conflict with char $2 (); below.  */
+
+#include <limits.h>
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main (void)
+{
+return $2 ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  eval "$3=yes"
+else $as_nop
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$3=yes"
+else $as_nop
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  eval "$3=no"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+if (sizeof ($2))
+	 return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+if (sizeof (($2)))
+	    return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+else $as_nop
+  eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
+# ----------------------------------------------------
+# Tries to find if the field MEMBER exists in type AGGR, after including
+# INCLUDES, setting cache variable VAR accordingly.
+ac_fn_c_check_member ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
+printf %s "checking for $2.$3... " >&6; }
+if eval test \${$4+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$5
+int
+main (void)
+{
+static $2 ac_aggr;
+if (ac_aggr.$3)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$4=yes"
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$5
+int
+main (void)
+{
+static $2 ac_aggr;
+if (sizeof ac_aggr.$3)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$4=yes"
+else $as_nop
+  eval "$4=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$4
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_member
+
+# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR
+# ------------------------------------------------------------------
+# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
+# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR.
+ac_fn_check_decl ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  as_decl_name=`echo $2|sed 's/ *(.*//'`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
+printf %s "checking whether $as_decl_name is declared... " >&6; }
+if eval test \${$3+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+  eval ac_save_FLAGS=\$$6
+  as_fn_append $6 " $5"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+#ifndef $as_decl_name
+#ifdef __cplusplus
+  (void) $as_decl_use;
+#else
+  (void) $as_decl_name;
+#endif
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$3=yes"
+else $as_nop
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  eval $6=\$ac_save_FLAGS
+
+fi
+eval ac_res=\$$3
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_check_decl
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if test "$cross_compiling" = yes; then
+    # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_lo=0 ac_mid=0
+  while :; do
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_hi=$ac_mid; break
+else $as_nop
+  as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  done
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_hi=-1 ac_mid=-1
+  while :; do
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_lo=$ac_mid; break
+else $as_nop
+  as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  done
+else $as_nop
+  ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+  as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main (void)
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_hi=$ac_mid
+else $as_nop
+  as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+  else
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+static long int longval (void) { return $2; }
+static unsigned long int ulongval (void) { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main (void)
+{
+
+  FILE *f = fopen ("conftest.val", "w");
+  if (! f)
+    return 1;
+  if (($2) < 0)
+    {
+      long int i = longval ();
+      if (i != ($2))
+	return 1;
+      fprintf (f, "%ld", i);
+    }
+  else
+    {
+      unsigned long int i = ulongval ();
+      if (i != ($2))
+	return 1;
+      fprintf (f, "%lu", i);
+    }
+  /* Do not output a trailing newline, as this causes \r\n confusion
+     on some platforms.  */
+  return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else $as_nop
+  ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+  fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+ac_configure_args_raw=
+for ac_arg
+do
+  case $ac_arg in
+  *\'*)
+    ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+  esac
+  as_fn_append ac_configure_args_raw " '$ac_arg'"
+done
+
+case $ac_configure_args_raw in
+  *$as_nl*)
+    ac_safe_unquote= ;;
+  *)
+    ac_unsafe_z='|&;<>()$`\\"*?[ ''	' # This string ends in space, tab.
+    ac_unsafe_a="$ac_unsafe_z#~"
+    ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
+    ac_configure_args_raw=`      printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
+esac
+
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by Kerberos 5 $as_me 1.21.3, which was
+generated by GNU Autoconf 2.71.  Invocation command line was
+
+  $ $0$ac_configure_args_raw
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    printf "%s\n" "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Sanitize IFS.
+  IFS=" ""	$as_nl"
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    printf "%s\n" "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    printf "%s\n" "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      printf "%s\n" "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      printf "%s\n" "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	printf "%s\n" "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      printf "%s\n" "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      printf "%s\n" "$as_me: caught signal $ac_signal"
+    printf "%s\n" "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+printf "%s\n" "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
+
+printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
+
+printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
+
+printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
+
+printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
+
+printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+if test -n "$CONFIG_SITE"; then
+  ac_site_files="$CONFIG_SITE"
+elif test "x$prefix" != xNONE; then
+  ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
+else
+  ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+fi
+
+for ac_site_file in $ac_site_files
+do
+  case $ac_site_file in #(
+  */*) :
+     ;; #(
+  *) :
+    ac_site_file=./$ac_site_file ;;
+esac
+  if test -f "$ac_site_file" && test -r "$ac_site_file"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file" \
+      || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Test code for whether the C compiler supports C89 (global declarations)
+ac_c_conftest_c89_globals='
+/* Does the compiler advertise C89 conformance?
+   Do not test the value of __STDC__, because some compilers set it to 0
+   while being otherwise adequately conformant. */
+#if !defined __STDC__
+# error "Compiler does not advertise C89 conformance"
+#endif
+
+#include <stddef.h>
+#include <stdarg.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7 src/conf.sh.  */
+struct buf { int x; };
+struct buf * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not \xHH hex character constants.
+   These do not provoke an error unfortunately, instead are silently treated
+   as an "x".  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously \x00 != x always comes out true, for an
+   array size at least.  It is necessary to write \x00 == 0 to get something
+   that is true only with -std.  */
+int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) '\''x'\''
+int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
+               int, int);'
+
+# Test code for whether the C compiler supports C89 (body of main).
+ac_c_conftest_c89_main='
+ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
+'
+
+# Test code for whether the C compiler supports C99 (global declarations)
+ac_c_conftest_c99_globals='
+// Does the compiler advertise C99 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
+# error "Compiler does not advertise C99 conformance"
+#endif
+
+#include <stdbool.h>
+extern int puts (const char *);
+extern int printf (const char *, ...);
+extern int dprintf (int, const char *, ...);
+extern void *malloc (size_t);
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+// dprintf is used instead of fprintf to avoid needing to declare
+// FILE and stderr.
+#define debug(...) dprintf (2, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  #error "your preprocessor is broken"
+#endif
+#if BIG_OK
+#else
+  #error "your preprocessor is broken"
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static bool
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str = "";
+  int number = 0;
+  float fnumber = 0;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case '\''s'\'': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case '\''d'\'': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case '\''f'\'': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+
+  return *str && number && fnumber;
+}
+'
+
+# Test code for whether the C compiler supports C99 (body of main).
+ac_c_conftest_c99_main='
+  // Check bool.
+  _Bool success = false;
+  success |= (argc != 0);
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[0] = argv[0][0];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
+	 || dynamic_array[ni.number - 1] != 543);
+'
+
+# Test code for whether the C compiler supports C11 (global declarations)
+ac_c_conftest_c11_globals='
+// Does the compiler advertise C11 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
+# error "Compiler does not advertise C11 conformance"
+#endif
+
+// Check _Alignas.
+char _Alignas (double) aligned_as_double;
+char _Alignas (0) no_special_alignment;
+extern char aligned_as_int;
+char _Alignas (0) _Alignas (int) aligned_as_int;
+
+// Check _Alignof.
+enum
+{
+  int_alignment = _Alignof (int),
+  int_array_alignment = _Alignof (int[100]),
+  char_alignment = _Alignof (char)
+};
+_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
+
+// Check _Noreturn.
+int _Noreturn does_not_return (void) { for (;;) continue; }
+
+// Check _Static_assert.
+struct test_static_assert
+{
+  int x;
+  _Static_assert (sizeof (int) <= sizeof (long int),
+                  "_Static_assert does not work in struct");
+  long int y;
+};
+
+// Check UTF-8 literals.
+#define u8 syntax error!
+char const utf8_literal[] = u8"happens to be ASCII" "another string";
+
+// Check duplicate typedefs.
+typedef long *long_ptr;
+typedef long int *long_ptr;
+typedef long_ptr long_ptr;
+
+// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
+struct anonymous
+{
+  union {
+    struct { int i; int j; };
+    struct { int k; long int l; } w;
+  };
+  int m;
+} v1;
+'
+
+# Test code for whether the C compiler supports C11 (body of main).
+ac_c_conftest_c11_main='
+  _Static_assert ((offsetof (struct anonymous, i)
+		   == offsetof (struct anonymous, w.k)),
+		  "Anonymous union alignment botch");
+  v1.i = 2;
+  v1.w.k = 5;
+  ok |= v1.i != 5;
+'
+
+# Test code for whether the C compiler supports C11 (complete).
+ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+${ac_c_conftest_c11_globals}
+
+int
+main (int argc, char **argv)
+{
+  int ok = 0;
+  ${ac_c_conftest_c89_main}
+  ${ac_c_conftest_c99_main}
+  ${ac_c_conftest_c11_main}
+  return ok;
+}
+"
+
+# Test code for whether the C compiler supports C99 (complete).
+ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+
+int
+main (int argc, char **argv)
+{
+  int ok = 0;
+  ${ac_c_conftest_c89_main}
+  ${ac_c_conftest_c99_main}
+  return ok;
+}
+"
+
+# Test code for whether the C compiler supports C89 (complete).
+ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
+
+int
+main (int argc, char **argv)
+{
+  int ok = 0;
+  ${ac_c_conftest_c89_main}
+  return ok;
+}
+"
+
+# Test code for whether the C++ compiler supports C++98 (global declarations)
+ac_cxx_conftest_cxx98_globals='
+// Does the compiler advertise C++98 conformance?
+#if !defined __cplusplus || __cplusplus < 199711L
+# error "Compiler does not advertise C++98 conformance"
+#endif
+
+// These inclusions are to reject old compilers that
+// lack the unsuffixed header files.
+#include <cstdlib>
+#include <exception>
+
+// <cassert> and <cstring> are *not* freestanding headers in C++98.
+extern void assert (int);
+namespace std {
+  extern int strcmp (const char *, const char *);
+}
+
+// Namespaces, exceptions, and templates were all added after "C++ 2.0".
+using std::exception;
+using std::strcmp;
+
+namespace {
+
+void test_exception_syntax()
+{
+  try {
+    throw "test";
+  } catch (const char *s) {
+    // Extra parentheses suppress a warning when building autoconf itself,
+    // due to lint rules shared with more typical C programs.
+    assert (!(strcmp) (s, "test"));
+  }
+}
+
+template <typename T> struct test_template
+{
+  T const val;
+  explicit test_template(T t) : val(t) {}
+  template <typename U> T add(U u) { return static_cast<T>(u) + val; }
+};
+
+} // anonymous namespace
+'
+
+# Test code for whether the C++ compiler supports C++98 (body of main)
+ac_cxx_conftest_cxx98_main='
+  assert (argc);
+  assert (! argv[0]);
+{
+  test_exception_syntax ();
+  test_template<double> tt (2.0);
+  assert (tt.add (4) == 6.0);
+  assert (true && !false);
+}
+'
+
+# Test code for whether the C++ compiler supports C++11 (global declarations)
+ac_cxx_conftest_cxx11_globals='
+// Does the compiler advertise C++ 2011 conformance?
+#if !defined __cplusplus || __cplusplus < 201103L
+# error "Compiler does not advertise C++11 conformance"
+#endif
+
+namespace cxx11test
+{
+  constexpr int get_val() { return 20; }
+
+  struct testinit
+  {
+    int i;
+    double d;
+  };
+
+  class delegate
+  {
+  public:
+    delegate(int n) : n(n) {}
+    delegate(): delegate(2354) {}
+
+    virtual int getval() { return this->n; };
+  protected:
+    int n;
+  };
+
+  class overridden : public delegate
+  {
+  public:
+    overridden(int n): delegate(n) {}
+    virtual int getval() override final { return this->n * 2; }
+  };
+
+  class nocopy
+  {
+  public:
+    nocopy(int i): i(i) {}
+    nocopy() = default;
+    nocopy(const nocopy&) = delete;
+    nocopy & operator=(const nocopy&) = delete;
+  private:
+    int i;
+  };
+
+  // for testing lambda expressions
+  template <typename Ret, typename Fn> Ret eval(Fn f, Ret v)
+  {
+    return f(v);
+  }
+
+  // for testing variadic templates and trailing return types
+  template <typename V> auto sum(V first) -> V
+  {
+    return first;
+  }
+  template <typename V, typename... Args> auto sum(V first, Args... rest) -> V
+  {
+    return first + sum(rest...);
+  }
+}
+'
+
+# Test code for whether the C++ compiler supports C++11 (body of main)
+ac_cxx_conftest_cxx11_main='
+{
+  // Test auto and decltype
+  auto a1 = 6538;
+  auto a2 = 48573953.4;
+  auto a3 = "String literal";
+
+  int total = 0;
+  for (auto i = a3; *i; ++i) { total += *i; }
+
+  decltype(a2) a4 = 34895.034;
+}
+{
+  // Test constexpr
+  short sa[cxx11test::get_val()] = { 0 };
+}
+{
+  // Test initializer lists
+  cxx11test::testinit il = { 4323, 435234.23544 };
+}
+{
+  // Test range-based for
+  int array[] = {9, 7, 13, 15, 4, 18, 12, 10, 5, 3,
+                 14, 19, 17, 8, 6, 20, 16, 2, 11, 1};
+  for (auto &x : array) { x += 23; }
+}
+{
+  // Test lambda expressions
+  using cxx11test::eval;
+  assert (eval ([](int x) { return x*2; }, 21) == 42);
+  double d = 2.0;
+  assert (eval ([&](double x) { return d += x; }, 3.0) == 5.0);
+  assert (d == 5.0);
+  assert (eval ([=](double x) mutable { return d += x; }, 4.0) == 9.0);
+  assert (d == 5.0);
+}
+{
+  // Test use of variadic templates
+  using cxx11test::sum;
+  auto a = sum(1);
+  auto b = sum(1, 2);
+  auto c = sum(1.0, 2.0, 3.0);
+}
+{
+  // Test constructor delegation
+  cxx11test::delegate d1;
+  cxx11test::delegate d2();
+  cxx11test::delegate d3(45);
+}
+{
+  // Test override and final
+  cxx11test::overridden o1(55464);
+}
+{
+  // Test nullptr
+  char *c = nullptr;
+}
+{
+  // Test template brackets
+  test_template<::test_template<int>> v(test_template<int>(12));
+}
+{
+  // Unicode literals
+  char const *utf8 = u8"UTF-8 string \u2500";
+  char16_t const *utf16 = u"UTF-8 string \u2500";
+  char32_t const *utf32 = U"UTF-32 string \u2500";
+}
+'
+
+# Test code for whether the C compiler supports C++11 (complete).
+ac_cxx_conftest_cxx11_program="${ac_cxx_conftest_cxx98_globals}
+${ac_cxx_conftest_cxx11_globals}
+
+int
+main (int argc, char **argv)
+{
+  int ok = 0;
+  ${ac_cxx_conftest_cxx98_main}
+  ${ac_cxx_conftest_cxx11_main}
+  return ok;
+}
+"
+
+# Test code for whether the C compiler supports C++98 (complete).
+ac_cxx_conftest_cxx98_program="${ac_cxx_conftest_cxx98_globals}
+int
+main (int argc, char **argv)
+{
+  int ok = 0;
+  ${ac_cxx_conftest_cxx98_main}
+  return ok;
+}
+"
+
+as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
+as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
+as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
+as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
+as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
+as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
+as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
+as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
+as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
+
+# Auxiliary files required by this configure script.
+ac_aux_files="install-sh config.guess config.sub"
+
+# Locations in which to look for auxiliary files.
+ac_aux_dir_candidates="${srcdir}/./config"
+
+# Search for a directory containing all of the required auxiliary files,
+# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
+# If we don't find one directory that contains all the files we need,
+# we report the set of missing files from the *first* directory in
+# $ac_aux_dir_candidates and give up.
+ac_missing_aux_files=""
+ac_first_candidate=:
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in $ac_aux_dir_candidates
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+  as_found=:
+
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}:  trying $as_dir" >&5
+  ac_aux_dir_found=yes
+  ac_install_sh=
+  for ac_aux in $ac_aux_files
+  do
+    # As a special case, if "install-sh" is required, that requirement
+    # can be satisfied by any of "install-sh", "install.sh", or "shtool",
+    # and $ac_install_sh is set appropriately for whichever one is found.
+    if test x"$ac_aux" = x"install-sh"
+    then
+      if test -f "${as_dir}install-sh"; then
+        printf "%s\n" "$as_me:${as_lineno-$LINENO}:   ${as_dir}install-sh found" >&5
+        ac_install_sh="${as_dir}install-sh -c"
+      elif test -f "${as_dir}install.sh"; then
+        printf "%s\n" "$as_me:${as_lineno-$LINENO}:   ${as_dir}install.sh found" >&5
+        ac_install_sh="${as_dir}install.sh -c"
+      elif test -f "${as_dir}shtool"; then
+        printf "%s\n" "$as_me:${as_lineno-$LINENO}:   ${as_dir}shtool found" >&5
+        ac_install_sh="${as_dir}shtool install -c"
+      else
+        ac_aux_dir_found=no
+        if $ac_first_candidate; then
+          ac_missing_aux_files="${ac_missing_aux_files} install-sh"
+        else
+          break
+        fi
+      fi
+    else
+      if test -f "${as_dir}${ac_aux}"; then
+        printf "%s\n" "$as_me:${as_lineno-$LINENO}:   ${as_dir}${ac_aux} found" >&5
+      else
+        ac_aux_dir_found=no
+        if $ac_first_candidate; then
+          ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
+        else
+          break
+        fi
+      fi
+    fi
+  done
+  if test "$ac_aux_dir_found" = yes; then
+    ac_aux_dir="$as_dir"
+    break
+  fi
+  ac_first_candidate=false
+
+  as_found=false
+done
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+  as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
+fi
+
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+if test -f "${ac_aux_dir}config.guess"; then
+  ac_config_guess="$SHELL ${ac_aux_dir}config.guess"
+fi
+if test -f "${ac_aux_dir}config.sub"; then
+  ac_config_sub="$SHELL ${ac_aux_dir}config.sub"
+fi
+if test -f "$ac_aux_dir/configure"; then
+  ac_configure="$SHELL ${ac_aux_dir}configure"
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+printf "%s\n" "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+printf "%s\n" "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
+	    and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+build_dynobj=no
+
+# If $runstatedir isn't set by autoconf (<2.70), set it manually.
+if test x"$runstatedir" = x; then
+  runstatedir='${localstatedir}/run'
+fi
+
+
+# Don't make duplicate profile path entries for /etc/krb5.conf if
+# $sysconfdir is /etc
+if test "$sysconfdir" = /etc; then
+  SYSCONFCONF=""
+else
+  SYSCONFCONF=":${sysconfdir}/krb5.conf"
+fi
+
+
+ac_reltopdir="."
+if test ! -r "$srcdir/./aclocal.m4"; then
+  as_fn_error $? "Configure could not determine the relative topdir" "$LINENO" 5
+fi
+ac_topdir=$srcdir/$ac_reltopdir
+ac_config_fragdir=$ac_reltopdir/config
+# echo "Looking for $srcdir/$ac_config_fragdir"
+
+
+
+
+
+krb5_ac_cflags_set=${CFLAGS+set}
+krb5_ac_cxxflags_set=${CXXFLAGS+set}
+krb5_ac_warn_cflags_set=${WARN_CFLAGS+set}
+krb5_ac_warn_cxxflags_set=${WARN_CXXFLAGS+set}
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
+set dummy ${ac_tool_prefix}clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}clang"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "clang", so it can be a program name with args.
+set dummy clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="clang"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+fi
+
+
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion -version; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+printf %s "checking whether the C compiler works... " >&6; }
+ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+then :
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else $as_nop
+  ac_file=''
+fi
+if test -z "$ac_file"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+printf %s "checking for C compiler default output file name... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+printf "%s\n" "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+printf %s "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+then :
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else $as_nop
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+printf "%s\n" "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+int
+main (void)
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+printf %s "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+  { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+  if { ac_try='./conftest$ac_cv_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+    fi
+  fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+printf "%s\n" "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+printf %s "checking for suffix of object files... " >&6; }
+if test ${ac_cv_objext+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+then :
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+printf "%s\n" "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
+printf %s "checking whether the compiler supports GNU C... " >&6; }
+if test ${ac_cv_c_compiler_gnu+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_compiler_gnu=yes
+else $as_nop
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+y}
+ac_save_CFLAGS=$CFLAGS
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+printf %s "checking whether $CC accepts -g... " >&6; }
+if test ${ac_cv_prog_cc_g+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_prog_cc_g=yes
+else $as_nop
+  CFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+else $as_nop
+  ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
+if test $ac_test_CFLAGS; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+ac_prog_cc_stdc=no
+if test x$ac_prog_cc_stdc = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
+printf %s "checking for $CC option to enable C11 features... " >&6; }
+if test ${ac_cv_prog_cc_c11+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_cv_prog_cc_c11=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_c_conftest_c11_program
+_ACEOF
+for ac_arg in '' -std=gnu11
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_prog_cc_c11=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+  test "x$ac_cv_prog_cc_c11" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c11" = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+  if test "x$ac_cv_prog_cc_c11" = x
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
+     CC="$CC $ac_cv_prog_cc_c11"
+fi
+  ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
+  ac_prog_cc_stdc=c11
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
+printf %s "checking for $CC option to enable C99 features... " >&6; }
+if test ${ac_cv_prog_cc_c99+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_c_conftest_c99_program
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_prog_cc_c99=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c99" = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+  if test "x$ac_cv_prog_cc_c99" = x
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
+     CC="$CC $ac_cv_prog_cc_c99"
+fi
+  ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
+  ac_prog_cc_stdc=c99
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
+printf %s "checking for $CC option to enable C89 features... " >&6; }
+if test ${ac_cv_prog_cc_c89+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_c_conftest_c89_program
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c89" = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+  if test "x$ac_cv_prog_cc_c89" = x
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
+     CC="$CC $ac_cv_prog_cc_c89"
+fi
+  ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
+  ac_prog_cc_stdc=c89
+fi
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+  if test -n "$CCC"; then
+    CXX=$CCC
+  else
+    if test -n "$ac_tool_prefix"; then
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC clang++
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CXX+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$CXX"; then
+  ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+printf "%s\n" "$CXX" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    test -n "$CXX" && break
+  done
+fi
+if test -z "$CXX"; then
+  ac_ct_CXX=$CXX
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC clang++
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CXX+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_CXX"; then
+  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CXX="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+printf "%s\n" "$ac_ct_CXX" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CXX" && break
+done
+
+  if test "x$ac_ct_CXX" = x; then
+    CXX="g++"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CXX=$ac_ct_CXX
+  fi
+fi
+
+  fi
+fi
+# Provide some information about the compiler.
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C++" >&5
+printf %s "checking whether the compiler supports GNU C++... " >&6; }
+if test ${ac_cv_cxx_compiler_gnu+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"
+then :
+  ac_compiler_gnu=yes
+else $as_nop
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+printf "%s\n" "$ac_cv_cxx_compiler_gnu" >&6; }
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+if test $ac_compiler_gnu = yes; then
+  GXX=yes
+else
+  GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+y}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+printf %s "checking whether $CXX accepts -g... " >&6; }
+if test ${ac_cv_prog_cxx_g+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+   ac_cxx_werror_flag=yes
+   ac_cv_prog_cxx_g=no
+   CXXFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"
+then :
+  ac_cv_prog_cxx_g=yes
+else $as_nop
+  CXXFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"
+then :
+
+else $as_nop
+  ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+	 CXXFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"
+then :
+  ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+printf "%s\n" "$ac_cv_prog_cxx_g" >&6; }
+if test $ac_test_CXXFLAGS; then
+  CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+  if test "$GXX" = yes; then
+    CXXFLAGS="-g -O2"
+  else
+    CXXFLAGS="-g"
+  fi
+else
+  if test "$GXX" = yes; then
+    CXXFLAGS="-O2"
+  else
+    CXXFLAGS=
+  fi
+fi
+ac_prog_cxx_stdcxx=no
+if test x$ac_prog_cxx_stdcxx = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CXX option to enable C++11 features" >&5
+printf %s "checking for $CXX option to enable C++11 features... " >&6; }
+if test ${ac_cv_prog_cxx_11+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_cv_prog_cxx_11=no
+ac_save_CXX=$CXX
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_cxx_conftest_cxx11_program
+_ACEOF
+for ac_arg in '' -std=gnu++11 -std=gnu++0x -std=c++11 -std=c++0x -qlanglvl=extended0x -AA
+do
+  CXX="$ac_save_CXX $ac_arg"
+  if ac_fn_cxx_try_compile "$LINENO"
+then :
+  ac_cv_prog_cxx_cxx11=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+  test "x$ac_cv_prog_cxx_cxx11" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CXX=$ac_save_CXX
+fi
+
+if test "x$ac_cv_prog_cxx_cxx11" = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+  if test "x$ac_cv_prog_cxx_cxx11" = x
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_cxx11" >&5
+printf "%s\n" "$ac_cv_prog_cxx_cxx11" >&6; }
+     CXX="$CXX $ac_cv_prog_cxx_cxx11"
+fi
+  ac_cv_prog_cxx_stdcxx=$ac_cv_prog_cxx_cxx11
+  ac_prog_cxx_stdcxx=cxx11
+fi
+fi
+if test x$ac_prog_cxx_stdcxx = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CXX option to enable C++98 features" >&5
+printf %s "checking for $CXX option to enable C++98 features... " >&6; }
+if test ${ac_cv_prog_cxx_98+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_cv_prog_cxx_98=no
+ac_save_CXX=$CXX
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_cxx_conftest_cxx98_program
+_ACEOF
+for ac_arg in '' -std=gnu++98 -std=c++98 -qlanglvl=extended -AA
+do
+  CXX="$ac_save_CXX $ac_arg"
+  if ac_fn_cxx_try_compile "$LINENO"
+then :
+  ac_cv_prog_cxx_cxx98=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+  test "x$ac_cv_prog_cxx_cxx98" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CXX=$ac_save_CXX
+fi
+
+if test "x$ac_cv_prog_cxx_cxx98" = xno
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+  if test "x$ac_cv_prog_cxx_cxx98" = x
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_cxx98" >&5
+printf "%s\n" "$ac_cv_prog_cxx_cxx98" >&6; }
+     CXX="$CXX $ac_cv_prog_cxx_cxx98"
+fi
+  ac_cv_prog_cxx_stdcxx=$ac_cv_prog_cxx_cxx98
+  ac_prog_cxx_stdcxx=cxx98
+fi
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+  cflags_warning_test_flags=
+    cachevar=`echo "krb5_cv_cc_flag_-Werror=unknown-warning-option" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror=unknown-warning-option" >&5
+printf %s "checking if C compiler supports -Werror=unknown-warning-option... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror=unknown-warning-option"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -Werror=unknown-warning-option"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+  if test $flag_supported = yes; then
+    cflags_warning_test_flags=-Werror=unknown-warning-option
+  fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+printf %s "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test ${ac_cv_prog_CPP+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+      # Double quotes because $CC needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+
+else $as_nop
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  # Broken: success on invalid input.
+continue
+else $as_nop
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok
+then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+printf "%s\n" "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+
+else $as_nop
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  # Broken: success on invalid input.
+continue
+else $as_nop
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok
+then :
+
+else $as_nop
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+  ac_pt_PKG_CONFIG=$PKG_CONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $ac_pt_PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKG_CONFIG" = x; then
+    PKG_CONFIG=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKG_CONFIG=$ac_pt_PKG_CONFIG
+  fi
+else
+  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=0.9.0
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	else
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+		PKG_CONFIG=""
+	fi
+fi
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
+
+
+
+
+  # Make sure we can run config.sub.
+$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
+  as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+printf %s "checking build system type... " >&6; }
+if test ${ac_cv_build+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
+test "x$ac_build_alias" = x &&
+  as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
+  as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+printf "%s\n" "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+printf %s "checking host system type... " >&6; }
+if test ${ac_cv_host+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
+    as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+printf "%s\n" "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+     for ac_i in 1 2 3 4 5 6 7; do
+       ac_script="$ac_script$as_nl$ac_script"
+     done
+     echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+     { ac_script=; unset ac_script;}
+     if test -z "$SED"; then
+  ac_path_SED_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_prog in sed gsed
+   do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
+  # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+  ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+  ac_count=0
+  printf %s 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    printf "%s\n" '' >> "conftest.nl"
+    "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_SED_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_SED="$ac_path_SED"
+      ac_path_SED_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_SED_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_SED"; then
+    as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+  fi
+else
+  ac_cv_path_SED=$SED
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+  rm -f conftest.sed
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+printf %s "checking for grep that handles long lines and -e... " >&6; }
+if test ${ac_cv_path_GREP+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -z "$GREP"; then
+  ac_path_GREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_prog in grep ggrep
+   do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  printf %s 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    printf "%s\n" 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_GREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_GREP"; then
+    as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+printf "%s\n" "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+printf %s "checking for egrep... " >&6; }
+if test ${ac_cv_path_EGREP+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     if test -z "$EGREP"; then
+  ac_path_EGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_prog in egrep
+   do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  printf %s 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    printf "%s\n" 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP"; then
+    as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_EGREP=$EGREP
+fi
+
+   fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+printf "%s\n" "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+ EXTRA_FILES=""
+
+
+printf "%s\n" "#define _GNU_SOURCE 1" >>confdefs.h
+
+
+printf "%s\n" "#define __STDC_WANT_LIB_EXT1__ 1" >>confdefs.h
+
+
+if test $ac_cv_c_compiler_gnu = yes ; then
+     HAVE_GCC=yes
+     else HAVE_GCC=
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU linker" >&5
+printf %s "checking for GNU linker... " >&6; }
+if test ${krb5_cv_prog_gnu_ld+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  krb5_cv_prog_gnu_ld=no
+if test "$GCC" = yes; then
+  if { ac_try='$CC -Wl,-v 2>&1 			| grep "GNU ld" > /dev/null'
+  { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    krb5_cv_prog_gnu_ld=yes
+  fi
+fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_prog_gnu_ld" >&5
+printf "%s\n" "$krb5_cv_prog_gnu_ld" >&6; }
+
+# Check whether --with-size-optimizations was given.
+if test ${with_size_optimizations+y}
+then :
+  withval=$with_size_optimizations;
+else $as_nop
+  withval=no
+fi
+
+if test "$withval" = yes; then
+
+printf "%s\n" "#define CONFIG_SMALL 1" >>confdefs.h
+
+fi
+# -Wno-long-long, if needed, for k5-platform.h without inttypes.h etc.
+extra_gcc_warn_opts="-Wall -Wcast-align -Wshadow"
+# -Wmissing-prototypes
+if test "$GCC" = yes ; then
+  # Putting this here means we get -Os after -O2, which works.
+  if test "$with_size_optimizations" = yes && test "x$krb5_ac_cflags_set" != xset; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding -Os optimization option" >&5
+printf "%s\n" "$as_me: adding -Os optimization option" >&6;}
+    case "$CFLAGS" in
+      "-g -O2") CFLAGS="-g -Os" ;;
+      "-O2")    CFLAGS="-Os" ;;
+      *)        CFLAGS="$CFLAGS -Os" ;;
+    esac
+  fi
+  if test "x$krb5_ac_warn_cflags_set" = xset ; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not adding extra gcc warning flags because WARN_CFLAGS was set" >&5
+printf "%s\n" "$as_me: not adding extra gcc warning flags because WARN_CFLAGS was set" >&6;}
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding extra warning flags for gcc" >&5
+printf "%s\n" "$as_me: adding extra warning flags for gcc" >&6;}
+    WARN_CFLAGS="$WARN_CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes"
+    if test "`uname -s`" = Darwin ; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: skipping pedantic warnings on Darwin" >&5
+printf "%s\n" "$as_me: skipping pedantic warnings on Darwin" >&6;}
+    elif test "`uname -s`" = Linux ; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: skipping pedantic warnings on Linux" >&5
+printf "%s\n" "$as_me: skipping pedantic warnings on Linux" >&6;}
+    else
+      WARN_CFLAGS="$WARN_CFLAGS -pedantic"
+    fi
+    if test "$ac_cv_cxx_compiler_gnu" = yes; then
+      if test "x$krb5_ac_warn_cxxflags_set" = xset ; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not adding extra g++ warnings because WARN_CXXFLAGS was set" >&5
+printf "%s\n" "$as_me: not adding extra g++ warnings because WARN_CXXFLAGS was set" >&6;}
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding extra warning flags for g++" >&5
+printf "%s\n" "$as_me: adding extra warning flags for g++" >&6;}
+        WARN_CXXFLAGS="$WARN_CXXFLAGS $extra_gcc_warn_opts"
+      fi
+    fi
+    # Currently, G++ does not support -Wno-format-zero-length.
+      cachevar=`echo "krb5_cv_cc_flag_-Wno-format-zero-length" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Wno-format-zero-length" >&5
+printf %s "checking if C compiler supports -Wno-format-zero-length... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -Wno-format-zero-length"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -Wno-format-zero-length"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+    # Other flags here may not be supported on some versions of
+    # gcc that people want to use.
+    for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized no-maybe-uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers error=implicit-int ; do
+        cachevar=`echo "krb5_cv_cc_flag_-W$flag" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -W$flag" >&5
+printf %s "checking if C compiler supports -W$flag... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -W$flag"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -W$flag"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+    done
+    #  old-style-definition? generates many, many warnings
+    #
+    # Warnings that we'd like to turn into errors on versions of gcc
+    # that support promoting only specific warnings to errors, but
+    # we'll take as warnings on older compilers.  (If such a warning
+    # is added after the -Werror=foo feature, you can just put
+    # error=foo in the above list, and skip the test for the
+    # warning-only form.)  At least in some versions, -Werror= doesn't
+    # seem to make the conditions actual errors, but still issues
+    # warnings; I guess we'll take what we can get.
+    #
+    # We're currently targeting C89+, not C99, so disallow some
+    # constructs.
+    for flag in declaration-after-statement ; do
+        cachevar=`echo "krb5_cv_cc_flag_-Werror=$flag" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror=$flag" >&5
+printf %s "checking if C compiler supports -Werror=$flag... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror=$flag"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -Werror=$flag"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+      if test "$flag_supported" = no; then
+          cachevar=`echo "krb5_cv_cc_flag_-W$flag" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -W$flag" >&5
+printf %s "checking if C compiler supports -W$flag... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -W$flag"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -W$flag"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+      fi
+    done
+    # We require function declarations now.
+    #
+    # In some compiler versions -- e.g., "gcc version 4.2.1 (Apple
+    # Inc. build 5664)" -- the -Werror- option works, but the -Werror=
+    # version doesn't cause implicitly declared functions to be
+    # flagged as errors.  If neither works, -Wall implies
+    # -Wimplicit-function-declaration so don't bother.
+      cachevar=`echo "krb5_cv_cc_flag_-Werror-implicit-function-declaration" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror-implicit-function-declaration" >&5
+printf %s "checking if C compiler supports -Werror-implicit-function-declaration... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror-implicit-function-declaration"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -Werror-implicit-function-declaration"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+    if test "implicit-function-declaration_supported" = no; then
+        cachevar=`echo "krb5_cv_cc_flag_-Werror=implicit-function-declaration" | sed -e s/=/_eq_/g -e s/-/_dash_/g -e s/[^a-zA-Z0-9_]/_/g`
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if C compiler supports -Werror=implicit-function-declaration" >&5
+printf %s "checking if C compiler supports -Werror=implicit-function-declaration... " >&6; }
+if eval test \${$cachevar+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  # first try without, then with
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  old_cflags="$CFLAGS"
+     CFLAGS="$CFLAGS $cflags_warning_test_flags -Werror=implicit-function-declaration"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval $cachevar=yes
+else $as_nop
+  eval $cachevar=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+     CFLAGS="$old_cflags"
+else $as_nop
+  as_fn_error $? "compiling simple test program with $CFLAGS failed" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$cachevar
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  if eval test '"${'$cachevar'}"' = yes; then
+    WARN_CFLAGS="$WARN_CFLAGS -Werror=implicit-function-declaration"
+  fi
+  eval flag_supported='${'$cachevar'}'
+
+    fi
+    #
+  fi
+  if test "`uname -s`" = Darwin ; then
+    # Someday this should be a feature test.
+    # One current (Jaguar = OS 10.2) problem:
+    # Archive library with foo.o undef sym X and bar.o common sym X,
+    # if foo.o is pulled in at link time, bar.o may not be, causing
+    # the linker to complain.
+    # Dynamic library problems too?
+    case "$CC $CFLAGS" in
+    *-fcommon*) ;; # why someone would do this, I don't know
+    *-fno-common*) ;; # okay, they're already doing the right thing
+    *)
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: disabling the use of common storage on Darwin" >&5
+printf "%s\n" "$as_me: disabling the use of common storage on Darwin" >&6;}
+      CFLAGS="$CFLAGS -fno-common"
+      ;;
+    esac
+  fi
+else
+  if test "`uname -s`" = AIX ; then
+    # Using AIX but not GCC, assume native compiler.
+    # The native compiler appears not to give a nonzero exit
+    # status for certain classes of errors, like missing arguments
+    # in function calls.  Let's try to fix that with -qhalt=e.
+    case "$CC $CFLAGS" in
+      *-qhalt=*) ;;
+      *)
+	CFLAGS="$CFLAGS -qhalt=e"
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding -qhalt=e for better error reporting" >&5
+printf "%s\n" "$as_me: adding -qhalt=e for better error reporting" >&6;}
+	;;
+    esac
+    # Also, the optimizer isn't turned on by default, which means
+    # the static inline functions get left in random object files,
+    # leading to references to pthread_mutex_lock from anything that
+    # includes k5-int.h whether it uses threads or not.
+    case "$CC $CFLAGS" in
+      *-O*) ;;
+      *)
+	CFLAGS="$CFLAGS -O"
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding -O for inline thread-support function elimination" >&5
+printf "%s\n" "$as_me: adding -O for inline thread-support function elimination" >&6;}
+	;;
+    esac
+  fi
+  if test "`uname -s`" = SunOS ; then
+    # Using Solaris but not GCC, assume Sunsoft compiler.
+    # We have some error-out-on-warning options available.
+    # Sunsoft 12 compiler defaults to -xc99=all, it appears, so "inline"
+    # works, but it also means that declaration-in-code warnings won't
+    # be issued.
+    # -v -fd -errwarn=E_DECLARATION_IN_CODE ...
+    if test "x$krb5_ac_warn_cflags_set" = xset ; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not adding extra warning flags because WARN_CFLAGS was set" >&5
+printf "%s\n" "$as_me: not adding extra warning flags because WARN_CFLAGS was set" >&6;}
+    else
+      WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION,E_BAD_PTR_INT_COMB_ARG,E_PTR_TO_VOID_IN_ARITHMETIC,E_NO_IMPLICIT_DECL_ALLOWED,E_ATTRIBUTE_PARAM_UNDEFINED"
+    fi
+    if test "x$krb5_ac_warn_cxxflags_set" = xset ; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not adding extra warning flags because WARN_CXXFLAGS was set" >&5
+printf "%s\n" "$as_me: not adding extra warning flags because WARN_CXXFLAGS was set" >&6;}
+    else
+      WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64"
+    fi
+  fi
+fi
+
+
+
+if test -z "$LD" ; then LD=$CC; fi
+
+
+
+# Check whether --with-system-et was given.
+if test ${with_system_et+y}
+then :
+  withval=$with_system_et;
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which version of com_err to use" >&5
+printf %s "checking which version of com_err to use... " >&6; }
+if test "x$with_system_et" = xyes ; then
+  # This will be changed to "intlsys" if textdomain support is present.
+  COM_ERR_VERSION=sys
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: system" >&5
+printf "%s\n" "system" >&6; }
+else
+  COM_ERR_VERSION=k5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: krb5" >&5
+printf "%s\n" "krb5" >&6; }
+fi
+OLDLIBS="$LIBS"
+COM_ERR_LIB=-lcom_err
+if test $COM_ERR_VERSION = sys; then
+
+pkg_failed=no
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for com_err" >&5
+printf %s "checking for com_err... " >&6; }
+
+if test -n "$COM_ERR_CFLAGS"; then
+    pkg_cv_COM_ERR_CFLAGS="$COM_ERR_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"com_err\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "com_err") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_COM_ERR_CFLAGS=`$PKG_CONFIG --cflags "com_err" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$COM_ERR_LIBS"; then
+    pkg_cv_COM_ERR_LIBS="$COM_ERR_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"com_err\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "com_err") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_COM_ERR_LIBS=`$PKG_CONFIG --libs "com_err" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        COM_ERR_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "com_err" 2>&1`
+        else
+	        COM_ERR_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "com_err" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$COM_ERR_PKG_ERRORS" >&5
+
+	have_com_err=no
+elif test $pkg_failed = untried; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+	have_com_err=no
+else
+	COM_ERR_CFLAGS=$pkg_cv_COM_ERR_CFLAGS
+	COM_ERR_LIBS=$pkg_cv_COM_ERR_LIBS
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	have_com_err=yes
+fi
+  if test "x$have_com_err = xyes"; then
+    COM_ERR_LIB="$COM_ERR_LIBS"
+  fi
+  LIBS="$LIBS $COM_ERR_LIB"
+  # check for various functions we need
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for add_error_table in -lcom_err" >&5
+printf %s "checking for add_error_table in -lcom_err... " >&6; }
+if test ${ac_cv_lib_com_err_add_error_table+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcom_err  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char add_error_table ();
+int
+main (void)
+{
+return add_error_table ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_com_err_add_error_table=yes
+else $as_nop
+  ac_cv_lib_com_err_add_error_table=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_add_error_table" >&5
+printf "%s\n" "$ac_cv_lib_com_err_add_error_table" >&6; }
+if test "x$ac_cv_lib_com_err_add_error_table" = xyes
+then :
+  :
+else $as_nop
+  as_fn_error $? "cannot find add_error_table in com_err library" "$LINENO" 5
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for remove_error_table in -lcom_err" >&5
+printf %s "checking for remove_error_table in -lcom_err... " >&6; }
+if test ${ac_cv_lib_com_err_remove_error_table+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcom_err  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char remove_error_table ();
+int
+main (void)
+{
+return remove_error_table ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_com_err_remove_error_table=yes
+else $as_nop
+  ac_cv_lib_com_err_remove_error_table=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_com_err_remove_error_table" >&5
+printf "%s\n" "$ac_cv_lib_com_err_remove_error_table" >&6; }
+if test "x$ac_cv_lib_com_err_remove_error_table" = xyes
+then :
+  :
+else $as_nop
+  as_fn_error $? "cannot find remove_error_table in com_err library" "$LINENO" 5
+fi
+
+  # make sure compile_et provides "et_foo" name
+  cat >> conf$$e.et <<EOF
+error_table foo
+error_code ERR_FOO, "foo"
+end
+EOF
+  for ac_prog in compile_et
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_compile_et+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$compile_et"; then
+  ac_cv_prog_compile_et="$compile_et" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_compile_et="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+compile_et=$ac_cv_prog_compile_et
+if test -n "$compile_et"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $compile_et" >&5
+printf "%s\n" "$compile_et" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$compile_et" && break
+done
+test -n "$compile_et" || compile_et="false"
+
+  if test "$compile_et" = false; then
+    as_fn_error $? "cannot find compile_et" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether compile_et is useful" >&5
+printf %s "checking whether compile_et is useful... " >&6; }
+if test ${krb5_cv_compile_et_useful+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+  if compile_et conf$$e.et >/dev/null 2>&1 ; then true ; else
+    as_fn_error $? "execution failed" "$LINENO" 5
+  fi
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include "conf$$e.h"
+
+int
+main (void)
+{
+&et_foo_error_table;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+else $as_nop
+  as_fn_error $? "cannot use et_foo_error_table" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  # Anything else we need to test for?
+  rm -f conf$$e.c conf$$e.h
+  krb5_cv_compile_et_useful=yes
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_compile_et_useful" >&5
+printf "%s\n" "$krb5_cv_compile_et_useful" >&6; }
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether compile_et supports --textdomain" >&5
+printf %s "checking whether compile_et supports --textdomain... " >&6; }
+if test ${krb5_cv_compile_et_textdomain+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+  krb5_cv_compile_et_textdomain=no
+  if compile_et --textdomain=xyzw conf$$e.et >/dev/null 2>&1 ; then
+    if grep -q xyzw conf$$e.c; then
+      krb5_cv_compile_et_textdomain=yes
+    fi
+  fi
+  rm -f conf$$e.c conf$$e.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_compile_et_textdomain" >&5
+printf "%s\n" "$krb5_cv_compile_et_textdomain" >&6; }
+  if test "$krb5_cv_compile_et_textdomain" = yes; then
+    COM_ERR_VERSION=intlsys
+  fi
+  rm -f conf$$e.et
+fi
+
+
+LIBS="$OLDLIBS"
+if test "$COM_ERR_VERSION" = k5 -o "$COM_ERR_VERSION" = intlsys; then
+
+printf "%s\n" "#define HAVE_COM_ERR_INTL 1" >>confdefs.h
+
+fi
+
+
+# Check whether --with-system-ss was given.
+if test ${with_system_ss+y}
+then :
+  withval=$with_system_ss;
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which version of subsystem package to use" >&5
+printf %s "checking which version of subsystem package to use... " >&6; }
+if test "x$with_system_ss" = xyes ; then
+  SS_VERSION=sys
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: system" >&5
+printf "%s\n" "system" >&6; }
+  # todo: check for various libraries we might need
+  # in the meantime...
+  test "x${SS_LIB+set}" = xset || SS_LIB=-lss
+  old_LIBS="$LIBS"
+  LIBS="$LIBS $SS_LIB"
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether system ss package works" >&5
+printf %s "checking whether system ss package works... " >&6; }
+if test ${krb5_cv_system_ss_okay+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test "$cross_compiling" = yes
+then :
+  krb5_cv_system_ss_okay=assumed
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ss/ss.h>
+        int main(int argc, char *argv[]) {
+            if (argc == 42) {
+                int i, err;
+                i = ss_create_invocation("foo","foo","",0,&err);
+                ss_listen(i);
+            }
+            return 0;
+        }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  krb5_cv_system_ss_okay=yes
+else $as_nop
+  as_fn_error $? "cannot run test program" "$LINENO" 5
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_system_ss_okay" >&5
+printf "%s\n" "$krb5_cv_system_ss_okay" >&6; }
+  LIBS="$old_LIBS"
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ss_execute_command needs a prototype provided" >&5
+printf %s "checking if ss_execute_command needs a prototype provided... " >&6; }
+if test ${krb5_cv_func_ss_execute_command_noproto+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ss/ss.h>
+int
+main (void)
+{
+#undef ss_execute_command
+      struct k5foo {int foo; } xx;
+      extern int ss_execute_command (struct k5foo*);
+      ss_execute_command(&xx);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_func_ss_execute_command_noproto=yes
+else $as_nop
+  krb5_cv_func_ss_execute_command_noproto=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_ss_execute_command_noproto" >&5
+printf "%s\n" "$krb5_cv_func_ss_execute_command_noproto" >&6; }
+if test $krb5_cv_func_ss_execute_command_noproto = yes; then
+
+printf "%s\n" "#define NEED_SS_EXECUTE_COMMAND_PROTO 1" >>confdefs.h
+
+fi
+
+
+else
+  SS_VERSION=k5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: krb5" >&5
+printf "%s\n" "krb5" >&6; }
+fi
+
+
+
+
+# Check whether --with-system-db was given.
+if test ${with_system_db+y}
+then :
+  withval=$with_system_db;
+fi
+
+
+
+if test "x$with_system_db" = xyes ; then
+  DB_VERSION=sys
+  # TODO: Do we have specific routines we should check for?
+  # How about known, easily recognizable bugs?
+  # We want to use bt_rseq in some cases, but no other version but
+  # ours has it right now.
+  #
+  # Okay, check the variables.
+  test "x${DB_HEADER+set}" = xset || DB_HEADER=db.h
+  test "x${DB_LIB+set}" = xset || DB_LIB=-ldb
+  #
+  if test "x${DB_HEADER}" = xdb.h ; then
+    DB_HEADER_VERSION=sys
+  else
+    DB_HEADER_VERSION=redirect
+  fi
+  KDB5_DB_LIB="$DB_LIB"
+else
+  DB_VERSION=k5
+
+printf "%s\n" "#define HAVE_BT_RSEQ 1" >>confdefs.h
+
+  DB_HEADER=db.h
+  DB_HEADER_VERSION=k5
+  # libdb gets sucked into libkdb
+  KDB5_DB_LIB=
+  # needed for a couple of things that need libdb for its own sake
+  DB_LIB=-ldb
+fi
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+printf %s "checking for an ANSI C-conforming const... " >&6; }
+if test ${ac_cv_c_const+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this sort of thing.  */
+  typedef int charset[2];
+  const charset cs = { 0, 0 };
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *pcpcc;
+  char **ppc;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* IBM XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  pcpcc = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
+  { /* SCO 3.2v4 cc rejects this sort of thing.  */
+    char tx;
+    char *t = &tx;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+    if (s) return 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; } bx;
+    struct s *b = &bx; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+    if (!foo) return 0;
+  }
+  return !cs[0] && !zero.x;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_c_const=yes
+else $as_nop
+  ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+printf "%s\n" "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+printf "%s\n" "#define const /**/" >>confdefs.h
+
+fi
+
+
+# Check whether --with-netlib was given.
+if test ${with_netlib+y}
+then :
+  withval=$with_netlib;   if test "$withval" = yes -o "$withval" = no ; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: \"netlib will link with C library resolver only\"" >&5
+printf "%s\n" "\"netlib will link with C library resolver only\"" >&6; }
+  else
+	LIBS="$LIBS $withval"
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: \"netlib will use \'$withval\'\"" >&5
+printf "%s\n" "\"netlib will use \'$withval\'\"" >&6; }
+  fi
+
+else $as_nop
+
+   # Most operating systems have gethostbyname() in the default searched
+   # libraries (i.e. libc):
+   ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname"
+if test "x$ac_cv_func_gethostbyname" = xyes
+then :
+
+else $as_nop
+
+     # Some OSes (eg. Solaris) place it in libnsl:
+     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5
+printf %s "checking for gethostbyname in -lnsl... " >&6; }
+if test ${ac_cv_lib_nsl_gethostbyname+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char gethostbyname ();
+int
+main (void)
+{
+return gethostbyname ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_nsl_gethostbyname=yes
+else $as_nop
+  ac_cv_lib_nsl_gethostbyname=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5
+printf "%s\n" "$ac_cv_lib_nsl_gethostbyname" >&6; }
+if test "x$ac_cv_lib_nsl_gethostbyname" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBNSL 1" >>confdefs.h
+
+  LIBS="-lnsl $LIBS"
+
+else $as_nop
+
+       # Some strange OSes (SINIX) have it in libsocket:
+       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lsocket" >&5
+printf %s "checking for gethostbyname in -lsocket... " >&6; }
+if test ${ac_cv_lib_socket_gethostbyname+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char gethostbyname ();
+int
+main (void)
+{
+return gethostbyname ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_socket_gethostbyname=yes
+else $as_nop
+  ac_cv_lib_socket_gethostbyname=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_gethostbyname" >&5
+printf "%s\n" "$ac_cv_lib_socket_gethostbyname" >&6; }
+if test "x$ac_cv_lib_socket_gethostbyname" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBSOCKET 1" >>confdefs.h
+
+  LIBS="-lsocket $LIBS"
+
+else $as_nop
+
+          # Unfortunately libsocket sometimes depends on libnsl.
+          # AC_CHECK_LIB's API is essentially broken so the following
+          # ugliness is necessary:
+          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lsocket" >&5
+printf %s "checking for gethostbyname in -lsocket... " >&6; }
+if test ${ac_cv_lib_socket_gethostbyname+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket -lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char gethostbyname ();
+int
+main (void)
+{
+return gethostbyname ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_socket_gethostbyname=yes
+else $as_nop
+  ac_cv_lib_socket_gethostbyname=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_gethostbyname" >&5
+printf "%s\n" "$ac_cv_lib_socket_gethostbyname" >&6; }
+if test "x$ac_cv_lib_socket_gethostbyname" = xyes
+then :
+  LIBS="-lsocket -lnsl $LIBS"
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lresolv" >&5
+printf %s "checking for gethostbyname in -lresolv... " >&6; }
+if test ${ac_cv_lib_resolv_gethostbyname+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char gethostbyname ();
+int
+main (void)
+{
+return gethostbyname ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_resolv_gethostbyname=yes
+else $as_nop
+  ac_cv_lib_resolv_gethostbyname=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_gethostbyname" >&5
+printf "%s\n" "$ac_cv_lib_resolv_gethostbyname" >&6; }
+if test "x$ac_cv_lib_resolv_gethostbyname" = xyes
+then :
+  LIBS="-lresolv $LIBS"
+fi
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+  ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket"
+if test "x$ac_cv_func_socket" = xyes
+then :
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+printf %s "checking for socket in -lsocket... " >&6; }
+if test ${ac_cv_lib_socket_socket+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char socket ();
+int
+main (void)
+{
+return socket ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_socket_socket=yes
+else $as_nop
+  ac_cv_lib_socket_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5
+printf "%s\n" "$ac_cv_lib_socket_socket" >&6; }
+if test "x$ac_cv_lib_socket_socket" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBSOCKET 1" >>confdefs.h
+
+  LIBS="-lsocket $LIBS"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+printf %s "checking for socket in -lsocket... " >&6; }
+if test ${ac_cv_lib_socket_socket+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket -lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char socket ();
+int
+main (void)
+{
+return socket ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_socket_socket=yes
+else $as_nop
+  ac_cv_lib_socket_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5
+printf "%s\n" "$ac_cv_lib_socket_socket" >&6; }
+if test "x$ac_cv_lib_socket_socket" = xyes
+then :
+  LIBS="-lsocket -lnsl $LIBS"
+fi
+
+fi
+
+fi
+
+
+enable_dns=yes
+  # Check whether --enable-dns-for-realm was given.
+if test ${enable_dns_for_realm+y}
+then :
+  enableval=$enable_dns_for_realm;
+else $as_nop
+  enable_dns_for_realm=no
+fi
+
+  if test "$enable_dns_for_realm" = yes; then
+
+printf "%s\n" "#define KRB5_DNS_LOOKUP_REALM 1" >>confdefs.h
+
+  fi
+
+
+printf "%s\n" "#define KRB5_DNS_LOOKUP 1" >>confdefs.h
+
+
+
+  if test "$enable_dns" = yes ; then
+    # We assume that if libresolv exists we can link against it.
+    # This may get us a gethostby* that doesn't respect nsswitch.
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5
+printf %s "checking for main in -lresolv... " >&6; }
+if test ${ac_cv_lib_resolv_main+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main (void)
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_resolv_main=yes
+else $as_nop
+  ac_cv_lib_resolv_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_main" >&5
+printf "%s\n" "$ac_cv_lib_resolv_main" >&6; }
+if test "x$ac_cv_lib_resolv_main" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBRESOLV 1" >>confdefs.h
+
+  LIBS="-lresolv $LIBS"
+
+fi
+
+
+for krb5_func in res_ninit res_nclose res_ndestroy res_nsearch ns_initparse ns_name_uncompress dn_skipname res_search; do
+
+# Solaris 9 prototypes ns_name_uncompress() in arpa/nameser.h, but
+# doesn't export it from libresolv.so, so we use extreme paranoia here
+# and check both for the declaration and that we can link against the
+# function.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $krb5_func" >&5
+printf %s "checking for $krb5_func... " >&6; }
+if eval test \${krb5_cv_func_$krb5_func+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+      #include <netinet/in.h>
+      #include <arpa/nameser.h>
+      #include <resolv.h>
+
+int
+main (void)
+{
+/*
+       * Use volatile, or else optimization can cause false positives.
+       */
+      void (* volatile p)() = (void (*)())$krb5_func;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  eval "krb5_cv_func_$krb5_func=yes"
+else $as_nop
+  eval "krb5_cv_func_$krb5_func=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$krb5_cv_func_$krb5_func
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+if test `eval 'as_val=${'krb5_cv_func_$krb5_func'};printf "%s\n" "$as_val"'` = yes
+then :
+
+cat >>confdefs.h <<_ACEOF
+#define `printf "%s\n" "HAVE_$krb5_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+    if test $krb5_cv_func_res_nsearch = no \
+      && test $krb5_cv_func_res_search = no; then
+	# Attempt to link with res_search(), in case it's not prototyped.
+	ac_fn_c_check_func "$LINENO" "res_search" "ac_cv_func_res_search"
+if test "x$ac_cv_func_res_search" = xyes
+then :
+
+printf "%s\n" "#define HAVE_RES_SEARCH 1" >>confdefs.h
+
+else $as_nop
+  as_fn_error $? "cannot find res_nsearch or res_search" "$LINENO" 5
+fi
+
+    fi
+  fi
+
+
+fi
+
+# Check whether --with-hesiod was given.
+if test ${with_hesiod+y}
+then :
+  withval=$with_hesiod; hesiod=$with_hesiod
+else $as_nop
+  with_hesiod=no
+fi
+
+if test "$with_hesiod" != "no"; then
+	HESIOD_DEFS=-DHESIOD
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for res_send in -lresolv" >&5
+printf %s "checking for res_send in -lresolv... " >&6; }
+if test ${ac_cv_lib_resolv_res_send+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char res_send ();
+int
+main (void)
+{
+return res_send ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_resolv_res_send=yes
+else $as_nop
+  ac_cv_lib_resolv_res_send=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_send" >&5
+printf "%s\n" "$ac_cv_lib_resolv_res_send" >&6; }
+if test "x$ac_cv_lib_resolv_res_send" = xyes
+then :
+  res_lib=-lresolv
+fi
+
+	if test "$hesiod" != "yes"; then
+		HESIOD_LIBS="-L${hesiod}/lib -lhesiod $res_lib"
+	else
+		HESIOD_LIBS="-lhesiod $res_lib"
+	fi
+else
+	HESIOD_DEFS=
+	HESIOD_LIBS=
+fi
+
+ # Check whether --enable-maintainer-mode was given.
+if test ${enable_maintainer_mode+y}
+then :
+  enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
+else $as_nop
+  USE_MAINTAINER_MODE=no
+fi
+
+if test "$USE_MAINTAINER_MODE" = yes; then
+  MAINTAINER_MODE_TRUE=
+  MAINTAINER_MODE_FALSE='#'
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: enabling maintainer mode" >&5
+printf "%s\n" "$as_me: enabling maintainer mode" >&6;}
+else
+  MAINTAINER_MODE_TRUE='#'
+  MAINTAINER_MODE_FALSE=
+fi
+MAINT=$MAINTAINER_MODE_TRUE
+
+
+
+  CONFIG_RELTOPDIR=$ac_reltopdir
+
+lib_frag=$srcdir/$ac_config_fragdir/lib.in
+
+libobj_frag=$srcdir/$ac_config_fragdir/libobj.in
+
+libnover_frag=$srcdir/$ac_config_fragdir/libnover.in
+
+libpriv_frag=$srcdir/$ac_config_fragdir/libpriv.in
+
+libnodeps_frag=$srcdir/$ac_config_fragdir/libnodeps.in
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pragma weak references are supported" >&5
+printf %s "checking whether pragma weak references are supported... " >&6; }
+if test ${krb5_cv_pragma_weak_ref+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#pragma weak flurbl
+      extern int flurbl(void);
+int
+main (void)
+{
+if (&flurbl != 0) return flurbl();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_pragma_weak_ref=yes
+else $as_nop
+  krb5_cv_pragma_weak_ref=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_pragma_weak_ref" >&5
+printf "%s\n" "$krb5_cv_pragma_weak_ref" >&6; }
+if test $krb5_cv_pragma_weak_ref = yes ; then
+
+printf "%s\n" "#define HAVE_PRAGMA_WEAK_REF 1" >>confdefs.h
+
+fi
+
+
+# Check whether --with-ldap was given.
+if test ${with_ldap+y}
+then :
+  withval=$with_ldap; case "$withval" in
+    OPENLDAP) with_ldap=yes ;;
+    yes | no) ;;
+    *)  as_fn_error $? "Invalid option value --with-ldap=\"$withval\"" "$LINENO" 5 ;;
+esac
+else $as_nop
+  with_ldap=no
+fi
+
+if test "$with_ldap" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: enabling OpenLDAP database backend module support" >&5
+printf "%s\n" "$as_me: enabling OpenLDAP database backend module support" >&6;}
+  OPENLDAP_PLUGIN=yes
+fi
+
+krb5_cv_host=$host
+
+. $ac_topdir/config/shlib.conf
+
+# Check whether --enable-delayed-initialization was given.
+if test ${enable_delayed_initialization+y}
+then :
+  enableval=$enable_delayed_initialization;
+else $as_nop
+  enable_delayed_initialization=yes
+fi
+
+case "$enable_delayed_initialization" in
+  yes)
+
+printf "%s\n" "#define DELAY_INITIALIZER 1" >>confdefs.h
+ ;;
+  no) ;;
+  *)  as_fn_error $? "invalid option $enable_delayed_initialization for delayed-initialization" "$LINENO" 5 ;;
+esac
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for constructor/destructor attribute support" >&5
+printf %s "checking for constructor/destructor attribute support... " >&6; }
+if test ${krb5_cv_attr_constructor_destructor+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  rm -f conftest.1 conftest.2
+if test -r conftest.1 || test -r conftest.2 ; then
+  as_fn_error $? "write error in local file system?" "$LINENO" 5
+fi
+true > conftest.1
+true > conftest.2
+if test -r conftest.1 && test -r conftest.2 ; then true ; else
+  as_fn_error $? "write error in local file system?" "$LINENO" 5
+fi
+a=no
+b=no
+# blindly assume we have 'unlink' and unistd.h.
+if test "$cross_compiling" = yes
+then :
+  as_fn_error $? "Cannot test for constructor/destructor support when cross compiling" "$LINENO" 5
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <unistd.h>
+      void foo1() __attribute__((constructor));
+      void foo1() { unlink("conftest.1"); }
+      void foo2() __attribute__((destructor));
+      void foo2() { unlink("conftest.2"); }
+      int main () { return 0; }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  test -r conftest.1 || a=yes
+     test -r conftest.2 || b=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+case $krb5_cv_host in
+*-*-aix4.*)
+	# Under AIX 4.3.3, at least, shared library destructor functions
+	# appear to get executed in reverse link order (right to left),
+	# so that a library's destructor function may run after that of
+	# libraries it depends on, and may still have to access in the
+	# destructor.
+	#
+	# That counts as "not working", for me, but it's a much more
+	# complicated test case to set up.
+	b=no
+	;;
+esac
+krb5_cv_attr_constructor_destructor="$a,$b"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_attr_constructor_destructor" >&5
+printf "%s\n" "$krb5_cv_attr_constructor_destructor" >&6; }
+# Okay, krb5_cv_... should be set now.
+case $krb5_cv_attr_constructor_destructor in
+  yes,*)
+
+printf "%s\n" "#define CONSTRUCTOR_ATTR_WORKS 1" >>confdefs.h
+ ;;
+esac
+case $krb5_cv_attr_constructor_destructor in
+  *,yes)
+
+printf "%s\n" "#define DESTRUCTOR_ATTR_WORKS 1" >>confdefs.h
+ ;;
+esac
+
+if test -z "$use_linker_init_option" ; then
+  as_fn_error $? "ran INITFINI before checking shlib.conf?" "$LINENO" 5
+fi
+if test "$use_linker_init_option" = yes; then
+
+printf "%s\n" "#define USE_LINKER_INIT_OPTION 1" >>confdefs.h
+
+fi
+if test "$use_linker_fini_option" = yes; then
+
+printf "%s\n" "#define USE_LINKER_FINI_OPTION 1" >>confdefs.h
+
+fi
+
+
+# Check whether --enable-thread-support was given.
+if test ${enable_thread_support+y}
+then :
+  enableval=$enable_thread_support;
+else $as_nop
+  enable_thread_support=yes
+fi
+
+if test "$enable_thread_support" = yes ; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: enabling thread support" >&5
+printf "%s\n" "$as_me: enabling thread support" >&6;}
+
+printf "%s\n" "#define ENABLE_THREADS 1" >>confdefs.h
+
+fi
+if test "$enable_thread_support" = yes; then
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ax_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on Tru64 or Sequent).
+# It gets checked for in the link test anyway.
+
+# First of all, check if the user has set any of the PTHREAD_LIBS,
+# etcetera environment variables, and if threads linking works using
+# them:
+if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then
+        ax_pthread_save_CC="$CC"
+        ax_pthread_save_CFLAGS="$CFLAGS"
+        ax_pthread_save_LIBS="$LIBS"
+        if test "x$PTHREAD_CC" != "x"
+then :
+  CC="$PTHREAD_CC"
+fi
+        if test "x$PTHREAD_CXX" != "x"
+then :
+  CXX="$PTHREAD_CXX"
+fi
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS" >&5
+printf %s "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS... " >&6; }
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char pthread_join ();
+int
+main (void)
+{
+return pthread_join ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ax_pthread_ok=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5
+printf "%s\n" "$ax_pthread_ok" >&6; }
+        if test "x$ax_pthread_ok" = "xno"; then
+                PTHREAD_LIBS=""
+                PTHREAD_CFLAGS=""
+        fi
+        CC="$ax_pthread_save_CC"
+        CFLAGS="$ax_pthread_save_CFLAGS"
+        LIBS="$ax_pthread_save_LIBS"
+fi
+
+# We must check for the threads library under a number of different
+# names; the ordering is very important because some systems
+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
+# libraries is broken (non-POSIX).
+
+# Create a list of thread flags to try. Items with a "," contain both
+# C compiler flags (before ",") and linker flags (after ","). Other items
+# starting with a "-" are C compiler flags, and remaining items are
+# library names, except for "none" which indicates that we try without
+# any flags at all, and "pthread-config" which is a program returning
+# the flags for the Pth emulation library.
+
+ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
+
+# The ordering *is* (sometimes) important.  Some notes on the
+# individual items follow:
+
+# pthreads: AIX (must check this before -lpthread)
+# none: in case threads are in libc; should be tried before -Kthread and
+#       other compiler flags to prevent continual compiler warnings
+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64
+#           (Note: HP C rejects this with "bad form for `-t' option")
+# -pthreads: Solaris/gcc (Note: HP C also rejects)
+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
+#      doesn't hurt to check since this sometimes defines pthreads and
+#      -D_REENTRANT too), HP C (must be checked before -lpthread, which
+#      is present but should not be used directly; and before -mthreads,
+#      because the compiler interprets this as "-mt" + "-hreads")
+# -mthreads: Mingw32/gcc, Lynx/gcc
+# pthread: Linux, etcetera
+# --thread-safe: KAI C++
+# pthread-config: use pthread-config program (for GNU Pth library)
+
+case $host_os in
+
+        freebsd*)
+
+        # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
+        # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
+
+        ax_pthread_flags="-kthread lthread $ax_pthread_flags"
+        ;;
+
+        hpux*)
+
+        # From the cc(1) man page: "[-mt] Sets various -D flags to enable
+        # multi-threading and also sets -lpthread."
+
+        ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags"
+        ;;
+
+        openedition*)
+
+        # IBM z/OS requires a feature-test macro to be defined in order to
+        # enable POSIX threads at all, so give the user a hint if this is
+        # not set. (We don't define these ourselves, as they can affect
+        # other portions of the system API in unpredictable ways.)
+
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#            if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS)
+             AX_PTHREAD_ZOS_MISSING
+#            endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5
+printf "%s\n" "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;}
+fi
+rm -rf conftest*
+
+        ;;
+
+        solaris*)
+
+        # On Solaris (at least, for some versions), libc contains stubbed
+        # (non-functional) versions of the pthreads routines, so link-based
+        # tests will erroneously succeed. (N.B.: The stubs are missing
+        # pthread_cleanup_push, or rather a function called by this macro,
+        # so we could check for that, but who knows whether they'll stub
+        # that too in a future libc.)  So we'll check first for the
+        # standard Solaris way of linking pthreads (-mt -lpthread).
+
+        ax_pthread_flags="-mt,-lpthread pthread $ax_pthread_flags"
+        ;;
+esac
+
+# Are we compiling with Clang?
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC is Clang" >&5
+printf %s "checking whether $CC is Clang... " >&6; }
+if test ${ax_cv_PTHREAD_CLANG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ax_cv_PTHREAD_CLANG=no
+     # Note that Autoconf sets GCC=yes for Clang as well as GCC
+     if test "x$GCC" = "xyes"; then
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Note: Clang 2.7 lacks __clang_[a-z]+__ */
+#            if defined(__clang__) && defined(__llvm__)
+             AX_PTHREAD_CC_IS_CLANG
+#            endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1
+then :
+  ax_cv_PTHREAD_CLANG=yes
+fi
+rm -rf conftest*
+
+     fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5
+printf "%s\n" "$ax_cv_PTHREAD_CLANG" >&6; }
+ax_pthread_clang="$ax_cv_PTHREAD_CLANG"
+
+
+# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC)
+
+# Note that for GCC and Clang -pthread generally implies -lpthread,
+# except when -nostdlib is passed.
+# This is problematic using libtool to build C++ shared libraries with pthread:
+# [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25460
+# [2] https://bugzilla.redhat.com/show_bug.cgi?id=661333
+# [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555
+# To solve this, first try -pthread together with -lpthread for GCC
+
+if test "x$GCC" = "xyes"
+then :
+  ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags"
+fi
+
+# Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first
+
+if test "x$ax_pthread_clang" = "xyes"
+then :
+  ax_pthread_flags="-pthread,-lpthread -pthread"
+fi
+
+
+# The presence of a feature test macro requesting re-entrant function
+# definitions is, on some systems, a strong hint that pthreads support is
+# correctly enabled
+
+case $host_os in
+        darwin* | hpux* | linux* | osf* | solaris*)
+        ax_pthread_check_macro="_REENTRANT"
+        ;;
+
+        aix*)
+        ax_pthread_check_macro="_THREAD_SAFE"
+        ;;
+
+        *)
+        ax_pthread_check_macro="--"
+        ;;
+esac
+if test "x$ax_pthread_check_macro" = "x--"
+then :
+  ax_pthread_check_cond=0
+else $as_nop
+  ax_pthread_check_cond="!defined($ax_pthread_check_macro)"
+fi
+
+
+if test "x$ax_pthread_ok" = "xno"; then
+for ax_pthread_try_flag in $ax_pthread_flags; do
+
+        case $ax_pthread_try_flag in
+                none)
+                { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5
+printf %s "checking whether pthreads work without any flags... " >&6; }
+                ;;
+
+                *,*)
+                PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"`
+                PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"`
+                { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"" >&5
+printf %s "checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"... " >&6; }
+                ;;
+
+                -*)
+                { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $ax_pthread_try_flag" >&5
+printf %s "checking whether pthreads work with $ax_pthread_try_flag... " >&6; }
+                PTHREAD_CFLAGS="$ax_pthread_try_flag"
+                ;;
+
+                pthread-config)
+                # Extract the first word of "pthread-config", so it can be a program name with args.
+set dummy pthread-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ax_pthread_config+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ax_pthread_config"; then
+  ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ax_pthread_config="yes"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_prog_ax_pthread_config" && ac_cv_prog_ax_pthread_config="no"
+fi
+fi
+ax_pthread_config=$ac_cv_prog_ax_pthread_config
+if test -n "$ax_pthread_config"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5
+printf "%s\n" "$ax_pthread_config" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+                if test "x$ax_pthread_config" = "xno"
+then :
+  continue
+fi
+                PTHREAD_CFLAGS="`pthread-config --cflags`"
+                PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
+                ;;
+
+                *)
+                { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$ax_pthread_try_flag" >&5
+printf %s "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; }
+                PTHREAD_LIBS="-l$ax_pthread_try_flag"
+                ;;
+        esac
+
+        ax_pthread_save_CFLAGS="$CFLAGS"
+        ax_pthread_save_LIBS="$LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+
+        # Check for various functions.  We must include pthread.h,
+        # since some functions may be macros.  (On the Sequent, we
+        # need a special flag -Kthread to make this header compile.)
+        # We check for pthread_join because it is in -lpthread on IRIX
+        # while pthread_create is in libc.  We check for pthread_attr_init
+        # due to DEC craziness with -lpthreads.  We check for
+        # pthread_cleanup_push because it is one of the few pthread
+        # functions on Solaris that doesn't have a non-functional libc stub.
+        # We try pthread_create on general principles.
+
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pthread.h>
+#                       if $ax_pthread_check_cond
+#                        error "$ax_pthread_check_macro must be defined"
+#                       endif
+                        static void *some_global = NULL;
+                        static void routine(void *a)
+                          {
+                             /* To avoid any unused-parameter or
+                                unused-but-set-parameter warning.  */
+                             some_global = a;
+                          }
+                        static void *start_routine(void *a) { return a; }
+int
+main (void)
+{
+pthread_t th; pthread_attr_t attr;
+                        pthread_create(&th, 0, start_routine, 0);
+                        pthread_join(th, 0);
+                        pthread_attr_init(&attr);
+                        pthread_cleanup_push(routine, 0);
+                        pthread_cleanup_pop(0) /* ; */
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ax_pthread_ok=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+
+        CFLAGS="$ax_pthread_save_CFLAGS"
+        LIBS="$ax_pthread_save_LIBS"
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5
+printf "%s\n" "$ax_pthread_ok" >&6; }
+        if test "x$ax_pthread_ok" = "xyes"
+then :
+  break
+fi
+
+        PTHREAD_LIBS=""
+        PTHREAD_CFLAGS=""
+done
+fi
+
+
+# Clang needs special handling, because older versions handle the -pthread
+# option in a rather... idiosyncratic way
+
+if test "x$ax_pthread_clang" = "xyes"; then
+
+        # Clang takes -pthread; it has never supported any other flag
+
+        # (Note 1: This will need to be revisited if a system that Clang
+        # supports has POSIX threads in a separate library.  This tends not
+        # to be the way of modern systems, but it's conceivable.)
+
+        # (Note 2: On some systems, notably Darwin, -pthread is not needed
+        # to get POSIX threads support; the API is always present and
+        # active.  We could reasonably leave PTHREAD_CFLAGS empty.  But
+        # -pthread does define _REENTRANT, and while the Darwin headers
+        # ignore this macro, third-party headers might not.)
+
+        # However, older versions of Clang make a point of warning the user
+        # that, in an invocation where only linking and no compilation is
+        # taking place, the -pthread option has no effect ("argument unused
+        # during compilation").  They expect -pthread to be passed in only
+        # when source code is being compiled.
+        #
+        # Problem is, this is at odds with the way Automake and most other
+        # C build frameworks function, which is that the same flags used in
+        # compilation (CFLAGS) are also used in linking.  Many systems
+        # supported by AX_PTHREAD require exactly this for POSIX threads
+        # support, and in fact it is often not straightforward to specify a
+        # flag that is used only in the compilation phase and not in
+        # linking.  Such a scenario is extremely rare in practice.
+        #
+        # Even though use of the -pthread flag in linking would only print
+        # a warning, this can be a nuisance for well-run software projects
+        # that build with -Werror.  So if the active version of Clang has
+        # this misfeature, we search for an option to squash it.
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread" >&5
+printf %s "checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread... " >&6; }
+if test ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown
+             # Create an alternate version of $ac_link that compiles and
+             # links in two steps (.c -> .o, .o -> exe) instead of one
+             # (.c -> exe), because the warning occurs only in the second
+             # step
+             ax_pthread_save_ac_link="$ac_link"
+             ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g'
+             ax_pthread_link_step=`printf "%s\n" "$ac_link" | sed "$ax_pthread_sed"`
+             ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)"
+             ax_pthread_save_CFLAGS="$CFLAGS"
+             for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do
+                if test "x$ax_pthread_try" = "xunknown"
+then :
+  break
+fi
+                CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS"
+                ac_link="$ax_pthread_save_ac_link"
+                cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void){return 0;}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_link="$ax_pthread_2step_ac_link"
+                     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void){return 0;}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+             done
+             ac_link="$ax_pthread_save_ac_link"
+             CFLAGS="$ax_pthread_save_CFLAGS"
+             if test "x$ax_pthread_try" = "x"
+then :
+  ax_pthread_try=no
+fi
+             ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5
+printf "%s\n" "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; }
+
+        case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in
+                no | unknown) ;;
+                *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;;
+        esac
+
+fi # $ax_pthread_clang = yes
+
+
+
+# Various other checks:
+if test "x$ax_pthread_ok" = "xyes"; then
+        ax_pthread_save_CFLAGS="$CFLAGS"
+        ax_pthread_save_LIBS="$LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+
+        # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5
+printf %s "checking for joinable pthread attribute... " >&6; }
+if test ${ax_cv_PTHREAD_JOINABLE_ATTR+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ax_cv_PTHREAD_JOINABLE_ATTR=unknown
+             for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
+                 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pthread.h>
+int
+main (void)
+{
+int attr = $ax_pthread_attr; return attr /* ; */
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+             done
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5
+printf "%s\n" "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; }
+        if test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \
+               test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \
+               test "x$ax_pthread_joinable_attr_defined" != "xyes"
+then :
+
+printf "%s\n" "#define PTHREAD_CREATE_JOINABLE $ax_cv_PTHREAD_JOINABLE_ATTR" >>confdefs.h
+
+               ax_pthread_joinable_attr_defined=yes
+
+fi
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether more special flags are required for pthreads" >&5
+printf %s "checking whether more special flags are required for pthreads... " >&6; }
+if test ${ax_cv_PTHREAD_SPECIAL_FLAGS+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ax_cv_PTHREAD_SPECIAL_FLAGS=no
+             case $host_os in
+             solaris*)
+             ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS"
+             ;;
+             esac
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5
+printf "%s\n" "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; }
+        if test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \
+               test "x$ax_pthread_special_flags_added" != "xyes"
+then :
+  PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS"
+               ax_pthread_special_flags_added=yes
+fi
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5
+printf %s "checking for PTHREAD_PRIO_INHERIT... " >&6; }
+if test ${ax_cv_PTHREAD_PRIO_INHERIT+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pthread.h>
+int
+main (void)
+{
+int i = PTHREAD_PRIO_INHERIT;
+                                               return i;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ax_cv_PTHREAD_PRIO_INHERIT=yes
+else $as_nop
+  ax_cv_PTHREAD_PRIO_INHERIT=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5
+printf "%s\n" "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; }
+        if test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \
+               test "x$ax_pthread_prio_inherit_defined" != "xyes"
+then :
+
+printf "%s\n" "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h
+
+               ax_pthread_prio_inherit_defined=yes
+
+fi
+
+        CFLAGS="$ax_pthread_save_CFLAGS"
+        LIBS="$ax_pthread_save_LIBS"
+
+        # More AIX lossage: compile with *_r variant
+        if test "x$GCC" != "xyes"; then
+            case $host_os in
+                aix*)
+                case "x/$CC" in #(
+  x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6) :
+    #handle absolute path differently from PATH based program lookup
+                     case "x$CC" in #(
+  x/*) :
+
+			   if as_fn_executable_p ${CC}_r
+then :
+  PTHREAD_CC="${CC}_r"
+fi
+			   if test "x${CXX}" != "x"
+then :
+  if as_fn_executable_p ${CXX}_r
+then :
+  PTHREAD_CXX="${CXX}_r"
+fi
+fi
+			  ;; #(
+  *) :
+
+			   for ac_prog in ${CC}_r
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PTHREAD_CC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$PTHREAD_CC"; then
+  ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_PTHREAD_CC="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+PTHREAD_CC=$ac_cv_prog_PTHREAD_CC
+if test -n "$PTHREAD_CC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5
+printf "%s\n" "$PTHREAD_CC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$PTHREAD_CC" && break
+done
+test -n "$PTHREAD_CC" || PTHREAD_CC="$CC"
+
+			   if test "x${CXX}" != "x"
+then :
+  for ac_prog in ${CXX}_r
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PTHREAD_CXX+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$PTHREAD_CXX"; then
+  ac_cv_prog_PTHREAD_CXX="$PTHREAD_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_PTHREAD_CXX="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+PTHREAD_CXX=$ac_cv_prog_PTHREAD_CXX
+if test -n "$PTHREAD_CXX"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CXX" >&5
+printf "%s\n" "$PTHREAD_CXX" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$PTHREAD_CXX" && break
+done
+test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX"
+
+fi
+
+                      ;;
+esac
+                     ;; #(
+  *) :
+     ;;
+esac
+                ;;
+            esac
+        fi
+fi
+
+test -n "$PTHREAD_CC" || PTHREAD_CC="$CC"
+test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX"
+
+
+
+
+
+
+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
+if test "x$ax_pthread_ok" = "xyes"; then
+
+printf "%s\n" "#define HAVE_PTHREAD 1" >>confdefs.h
+
+        :
+else
+        ax_pthread_ok=no
+        as_fn_error $? "cannot determine options for enabling thread support; try --disable-thread-support" "$LINENO" 5
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: PTHREAD_CC = $PTHREAD_CC" >&5
+printf "%s\n" "$as_me: PTHREAD_CC = $PTHREAD_CC" >&6;}
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: PTHREAD_CFLAGS = $PTHREAD_CFLAGS" >&5
+printf "%s\n" "$as_me: PTHREAD_CFLAGS = $PTHREAD_CFLAGS" >&6;}
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: PTHREAD_LIBS = $PTHREAD_LIBS" >&5
+printf "%s\n" "$as_me: PTHREAD_LIBS = $PTHREAD_LIBS" >&6;}
+      # AIX and Tru64 don't support weak references, and don't have
+  # stub versions of the pthread code in libc.
+  case "${host_os}" in
+    aix* | osf*)
+      # On these platforms, we'll always pull in the thread support.
+      LIBS="$LIBS $PTHREAD_LIBS"
+      CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+      # We don't need to sometimes add the flags we've just folded in...
+      PTHREAD_LIBS=
+      PTHREAD_CFLAGS=
+      ;;
+    hpux*)
+      # These are the flags that "gcc -pthread" adds.  But we don't
+      # want "-pthread" because that has link-time effects, and we
+      # don't exclude CFLAGS when linking.  *sigh*
+      PTHREAD_CFLAGS="-D_REENTRANT -D_THREAD_SAFE -D_POSIX_C_SOURCE=199506L"
+      ;;
+    solaris2.[1-9])
+      # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't
+      # get the right result.   XXX What about Solaris 9 and earlier?
+      if test "$GCC" = yes ; then
+        PTHREAD_CFLAGS="-D_REENTRANT -pthreads"
+      fi
+      ;;
+    solaris*)
+      # On Solaris 10 with gcc 3.4.3, the autoconf archive macro doesn't
+      # get the right result.
+      if test "$GCC" = yes ; then
+        PTHREAD_CFLAGS="-D_REENTRANT -pthreads"
+      fi
+      # On Solaris 10, the thread support is always available in libc.
+
+printf "%s\n" "#define NO_WEAK_PTHREADS 1" >>confdefs.h
+
+      ;;
+  esac
+  THREAD_SUPPORT=1
+else
+  PTHREAD_CC="$CC"
+  PTHREAD_CFLAGS=""
+  PTHREAD_LIBS=""
+  THREAD_SUPPORT=0
+fi
+
+ac_fn_c_check_func "$LINENO" "pthread_once" "ac_cv_func_pthread_once"
+if test "x$ac_cv_func_pthread_once" = xyes
+then :
+  printf "%s\n" "#define HAVE_PTHREAD_ONCE 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "pthread_rwlock_init" "ac_cv_func_pthread_rwlock_init"
+if test "x$ac_cv_func_pthread_rwlock_init" = xyes
+then :
+  printf "%s\n" "#define HAVE_PTHREAD_RWLOCK_INIT 1" >>confdefs.h
+
+fi
+
+old_CC="$CC"
+test "$PTHREAD_CC" != "" && test "$ac_cv_c_compiler_gnu" = no && CC=$PTHREAD_CC
+old_CFLAGS="$CFLAGS"
+# On Solaris, -pthreads is added to CFLAGS, no extra explicit libraries.
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+old_LIBS="$LIBS"
+LIBS="$PTHREAD_LIBS $LIBS"
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: rechecking with PTHREAD_... options" >&5
+printf "%s\n" "$as_me: rechecking with PTHREAD_... options" >&6;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_rwlock_init in -lc" >&5
+printf %s "checking for pthread_rwlock_init in -lc... " >&6; }
+if test ${ac_cv_lib_c_pthread_rwlock_init+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lc  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char pthread_rwlock_init ();
+int
+main (void)
+{
+return pthread_rwlock_init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_c_pthread_rwlock_init=yes
+else $as_nop
+  ac_cv_lib_c_pthread_rwlock_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_pthread_rwlock_init" >&5
+printf "%s\n" "$ac_cv_lib_c_pthread_rwlock_init" >&6; }
+if test "x$ac_cv_lib_c_pthread_rwlock_init" = xyes
+then :
+
+printf "%s\n" "#define HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB 1" >>confdefs.h
+
+fi
+
+LIBS="$old_LIBS"
+CC="$old_CC"
+CFLAGS="$old_CFLAGS"
+
+
+old_LIBS="$LIBS"
+DL_LIB=
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
+printf %s "checking for library containing dlopen... " >&6; }
+if test ${ac_cv_search_dlopen+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+int
+main (void)
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' dl
+do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_search_dlopen=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext
+  if test ${ac_cv_search_dlopen+y}
+then :
+  break
+fi
+done
+if test ${ac_cv_search_dlopen+y}
+then :
+
+else $as_nop
+  ac_cv_search_dlopen=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
+printf "%s\n" "$ac_cv_search_dlopen" >&6; }
+ac_res=$ac_cv_search_dlopen
+if test "$ac_res" != no
+then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+if test "$ac_cv_search_dlopen" != "none required"; then
+  DL_LIB=$ac_cv_search_dlopen
+fi
+LIBS="$old_LIBS"
+
+printf "%s\n" "#define USE_DLOPEN 1" >>confdefs.h
+
+fi
+
+
+
+
+KRB5_VERSION=1.21.3
+
+
+
+
+
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+  ac_pt_PKG_CONFIG=$PKG_CONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $ac_pt_PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKG_CONFIG" = x; then
+    PKG_CONFIG=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKG_CONFIG=$ac_pt_PKG_CONFIG
+  fi
+else
+  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=0.9.0
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	else
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+		PKG_CONFIG=""
+	fi
+fi
+
+ac_header= ac_cache=
+for ac_item in $ac_header_c_list
+do
+  if test $ac_cache; then
+    ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
+    if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
+      printf "%s\n" "#define $ac_item 1" >> confdefs.h
+    fi
+    ac_header= ac_cache=
+  elif test $ac_header; then
+    ac_cache=$ac_item
+  else
+    ac_header=$ac_item
+  fi
+done
+
+
+
+
+
+
+
+
+if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
+then :
+
+printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes
+then :
+
+else $as_nop
+  as_fn_error $? "stdint.h is required" "$LINENO" 5
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether integers are two's complement" >&5
+printf %s "checking whether integers are two's complement... " >&6; }
+if test ${krb5_cv_ints_twos_compl+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+
+int
+main (void)
+{
+static int test_array [1 - 2 * !(/* Basic two's complement check */
+	  ~(-1) == 0 && ~(-1L) == 0L &&
+	  /* Check that values with sign bit 1 and value bits 0 are valid */
+	  -(INT_MIN + 1) == INT_MAX && -(LONG_MIN + 1) == LONG_MAX &&
+	  /* Check that unsigned-to-signed conversions preserve bit patterns */
+	  (int)((unsigned int)INT_MAX + 1) == INT_MIN &&
+	  (long)((unsigned long)LONG_MAX + 1) == LONG_MIN)];
+test_array [0] = 0;
+return test_array [0];
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_ints_twos_compl=yes
+else $as_nop
+  krb5_cv_ints_twos_compl=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_ints_twos_compl" >&5
+printf "%s\n" "$krb5_cv_ints_twos_compl" >&6; }
+
+if test "$krb5_cv_ints_twos_compl" = "no"; then
+  as_fn_error $? "integers are not two's complement" "$LINENO" 5
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether CHAR_BIT is 8" >&5
+printf %s "checking whether CHAR_BIT is 8... " >&6; }
+if test ${krb5_cv_char_bit_8+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+#if CHAR_BIT != 8
+  #error CHAR_BIT != 8
+#endif
+
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"
+then :
+  krb5_cv_char_bit_8=yes
+else $as_nop
+  krb5_cv_char_bit_8=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_char_bit_8" >&5
+printf "%s\n" "$krb5_cv_char_bit_8" >&6; }
+
+if test "$krb5_cv_char_bit_8" = "no"; then
+  as_fn_error $? "CHAR_BIT is not 8" "$LINENO" 5
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if va_copy is available" >&5
+printf %s "checking if va_copy is available... " >&6; }
+if test ${krb5_cv_va_copy+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <stdarg.h>
+void f(va_list ap) {
+  va_list ap2;
+  va_copy(ap2, ap);
+  va_end(ap2);
+}
+va_list x;
+int main()
+{
+  f(x);
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_va_copy=yes
+else $as_nop
+  krb5_cv_va_copy=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_va_copy" >&5
+printf "%s\n" "$krb5_cv_va_copy" >&6; }
+if test "$krb5_cv_va_copy" = yes; then
+
+printf "%s\n" "#define HAS_VA_COPY 1" >>confdefs.h
+
+fi
+
+# Note that this isn't checking if the copied value *works*, just
+# whether the C language constraints permit the copying.  If
+# va_list is defined as an array type, it can't be assigned.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if va_list objects can be copied by assignment" >&5
+printf %s "checking if va_list objects can be copied by assignment... " >&6; }
+if test ${krb5_cv_va_simple_copy+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <stdarg.h>
+void f(va_list va2) {
+  va_list va1;
+  va1 = va2;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_va_simple_copy=yes
+else $as_nop
+  krb5_cv_va_simple_copy=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_va_simple_copy" >&5
+printf "%s\n" "$krb5_cv_va_simple_copy" >&6; }
+if test "$krb5_cv_va_simple_copy" = yes; then
+
+printf "%s\n" "#define CAN_COPY_VA_LIST 1" >>confdefs.h
+
+fi
+
+# The following lines are so that configure --help gives some global
+# configuration options.
+
+
+# Check whether --enable-static was given.
+if test ${enable_static+y}
+then :
+  enableval=$enable_static;
+else $as_nop
+  enable_static=no
+fi
+
+# Check whether --enable-shared was given.
+if test ${enable_shared+y}
+then :
+  enableval=$enable_shared;
+else $as_nop
+  enable_shared=yes
+fi
+
+
+if test "x$enable_static" = "x$enable_shared"; then
+  as_fn_error $? "--enable-static must be specified with --disable-shared" "$LINENO" 5
+fi
+
+# Check whether --enable-rpath was given.
+if test ${enable_rpath+y}
+then :
+  enableval=$enable_rpath;
+else $as_nop
+  enable_rpath=yes
+fi
+
+
+if test "x$enable_rpath" != xyes ; then
+	# Unset the rpath flag values set by shlib.conf
+	SHLIB_RPATH_FLAGS=
+	RPATH_FLAG=
+	PROG_RPATH_FLAGS=
+fi
+
+if test "$SHLIBEXT" = ".so-nobuild"; then
+   as_fn_error $? "Shared libraries are not yet supported on this platform." "$LINENO" 5
+fi
+
+DEPLIBEXT=$SHLIBEXT
+
+if test "x$enable_static" = xyes; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: using static libraries" >&5
+printf "%s\n" "$as_me: using static libraries" >&6;}
+	LIBLIST='lib$(LIBBASE)$(STLIBEXT)'
+	LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(STLIBEXT)'
+	PLUGIN='libkrb5_$(LIBBASE)$(STLIBEXT)'
+	PLUGINLINK='$(TOPLIBD)/libkrb5_$(LIBBASE)$(STLIBEXT)'
+	PLUGININST=install-static
+	OBJLISTS=OBJS.ST
+	LIBINSTLIST=install-static
+	DEPLIBEXT=$STLIBEXT
+
+printf "%s\n" "#define STATIC_PLUGINS 1" >>confdefs.h
+
+
+	KDB5_PLUGIN_DEPLIBS='$(TOPLIBD)/libkrb5_db2$(DEPLIBEXT)'
+	KDB5_PLUGIN_LIBS='-lkrb5_db2'
+	if test "x$OPENLDAP_PLUGIN" = xyes; then
+		KDB5_PLUGIN_DEBLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkrb5_ldap$(DEPLIBEXT) $(TOPLIBD)/libkdb_ldap$(DEPLIBEXT)'
+		KDB5_PLUGIN_LIBS=$KDB5_PLUGIN_LIBS' -lkrb5_kldap -lkdb_ldap $(LDAP_LIBS)'
+	fi
+	# kadm5srv_mit normally comes before kdb on the link line.  Add it
+	# again after the KDB plugins, since they depend on it for XDR stuff.
+	KDB5_PLUGIN_DEPLIBS=$KDB5_PLUGIN_DEPLIBS' $(TOPLIBD)/libkadm5srv_mit$(DEPLIBEXT)'
+	KDB5_PLUGIN_LIBS=$KDB5_PLUGIN_LIBS' -lkadm5srv_mit'
+
+	# avoid duplicate rules generation for AIX and such
+	SHLIBEXT=.so-nobuild
+	SHLIBVEXT=.so.v-nobuild
+	SHLIBSEXT=.so.s-nobuild
+else
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: using shared libraries" >&5
+printf "%s\n" "$as_me: using shared libraries" >&6;}
+
+	# Clear some stuff in case of AIX, etc.
+	if test "$STLIBEXT" = "$SHLIBEXT" ; then
+		STLIBEXT=.a-nobuild
+	fi
+	case "$SHLIBSEXT" in
+	.so.s-nobuild)
+		LIBLIST='lib$(LIBBASE)$(SHLIBEXT)'
+		LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT)'
+		LIBINSTLIST="install-shared"
+		;;
+	*)
+		LIBLIST='lib$(LIBBASE)$(SHLIBEXT) lib$(LIBBASE)$(SHLIBSEXT)'
+		LIBLINKS='$(TOPLIBD)/lib$(LIBBASE)$(SHLIBEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBVEXT) $(TOPLIBD)/lib$(LIBBASE)$(SHLIBSEXT)'
+		LIBINSTLIST="install-shlib-soname"
+		;;
+	esac
+	OBJLISTS="OBJS.SH"
+	PLUGIN='$(LIBBASE)$(DYNOBJEXT)'
+	PLUGINLINK='../$(PLUGIN)'
+	PLUGININST=install-plugin
+	KDB5_PLUGIN_DEPLIBS=
+	KDB5_PLUGIN_LIBS=
+fi
+CC_LINK="$CC_LINK_SHARED"
+CXX_LINK="$CXX_LINK_SHARED"
+
+if test -z "$LIBLIST"; then
+	as_fn_error $? "must enable one of shared or static libraries" "$LINENO" 5
+fi
+
+# Check whether to build profiled libraries.
+# Check whether --enable-profiled was given.
+if test ${enable_profiled+y}
+then :
+  enableval=$enable_profiled; if test "$enableval" = yes; then
+  as_fn_error $? "Sorry, profiled libraries do not work in this release." "$LINENO" 5
+fi
+fi
+
+# Check whether --enable-athena was given.
+if test ${enable_athena+y}
+then :
+  enableval=$enable_athena;
+fi
+
+
+# Begin autoconf tests for the Makefiles generated out of the top-level
+# configure.in...
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+printf %s "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+printf "%s\n" "no, using $LN_S" >&6; }
+fi
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RANLIB+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+printf "%s\n" "$RANLIB" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RANLIB+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+printf "%s\n" "$ac_ct_RANLIB" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+
+  # Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+printf %s "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test ${ac_cv_path_install+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    # Account for fact that we put trailing slashes in our PATH walk.
+case $as_dir in #((
+  ./ | /[cC]/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+  done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test ${ac_cv_path_install+y}; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+printf "%s\n" "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AR+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AR="${ac_tool_prefix}ar"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+printf "%s\n" "$AR" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+  ac_ct_AR=$AR
+  # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_AR+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_AR="ar"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+printf "%s\n" "$ac_ct_AR" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+else
+  AR="$ac_cv_prog_AR"
+fi
+
+if test "$AR" = "false"; then
+  as_fn_error $? "ar not found in PATH" "$LINENO" 5
+fi
+# Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PERL+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$PERL"; then
+  ac_cv_prog_PERL="$PERL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_PERL="perl"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_prog_PERL" && ac_cv_prog_PERL="false"
+fi
+fi
+PERL=$ac_cv_prog_PERL
+if test -n "$PERL"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+printf "%s\n" "$PERL" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+if test "$ac_cv_prog_PERL" = "false"; then
+  as_fn_error $? "Perl is now required for Kerberos builds." "$LINENO" 5
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working regcomp" >&5
+printf %s "checking for working regcomp... " >&6; }
+if test ${ac_cv_func_regcomp+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test "$cross_compiling" = yes
+then :
+  as_fn_error $? "Cannot test regcomp when cross compiling" "$LINENO" 5
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+      #include <regex.h>
+      regex_t x; regmatch_t m;
+int
+main (void)
+{
+return regcomp(&x,"pat.*",0) || regexec(&x,"pattern",1,&m,0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  ac_cv_func_regcomp=yes
+else $as_nop
+  ac_cv_func_regcomp=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_regcomp" >&5
+printf "%s\n" "$ac_cv_func_regcomp" >&6; }
+test $ac_cv_func_regcomp = yes &&
+printf "%s\n" "#define HAVE_REGCOMP 1" >>confdefs.h
+
+if test $ac_cv_func_regcomp = no; then
+ save_LIBS="$LIBS"
+ LIBS=-lgen
+ ac_fn_c_check_func "$LINENO" "compile" "ac_cv_func_compile"
+if test "x$ac_cv_func_compile" = xyes
+then :
+  printf "%s\n" "#define HAVE_COMPILE 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "step" "ac_cv_func_step"
+if test "x$ac_cv_func_step" = xyes
+then :
+  printf "%s\n" "#define HAVE_STEP 1" >>confdefs.h
+
+fi
+
+ LIBS="$save_LIBS"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for compile in -lgen" >&5
+printf %s "checking for compile in -lgen... " >&6; }
+if test ${ac_cv_lib_gen_compile+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char compile ();
+int
+main (void)
+{
+return compile ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_gen_compile=yes
+else $as_nop
+  ac_cv_lib_gen_compile=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_compile" >&5
+printf "%s\n" "$ac_cv_lib_gen_compile" >&6; }
+if test "x$ac_cv_lib_gen_compile" = xyes
+then :
+  GEN_LIB=-lgen
+else $as_nop
+  GEN_LIB=
+fi
+
+
+fi
+
+
+
+
+
+
+# for kprop
+ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default"
+if test "x$ac_cv_type_mode_t" = xyes
+then :
+
+else $as_nop
+
+printf "%s\n" "#define mode_t int" >>confdefs.h
+
+fi
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if daemon needs a prototype provided" >&5
+printf %s "checking if daemon needs a prototype provided... " >&6; }
+if test ${krb5_cv_func_daemon_noproto+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+int
+main (void)
+{
+#undef daemon
+      struct k5foo {int foo; } xx;
+      extern int daemon (struct k5foo*);
+      daemon(&xx);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_func_daemon_noproto=yes
+else $as_nop
+  krb5_cv_func_daemon_noproto=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_daemon_noproto" >&5
+printf "%s\n" "$krb5_cv_func_daemon_noproto" >&6; }
+if test $krb5_cv_func_daemon_noproto = yes; then
+
+printf "%s\n" "#define NEED_DAEMON_PROTO 1" >>confdefs.h
+
+fi
+
+
+
+sock_set=no
+for sock_arg1 in "struct sockaddr *" "void *"
+do
+  for sock_arg2 in "size_t *" "int *" "socklen_t *"
+  do
+	if test $sock_set = no; then
+
+krb5_lib_var=`echo "$sock_arg1 $sock_arg2" | sed 'y% ./+-*%___p_p%'`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getsockname() takes arguments $sock_arg1 and $sock_arg2" >&5
+printf %s "checking if getsockname() takes arguments $sock_arg1 and $sock_arg2... " >&6; }
+if eval test \${krb5_cv_getsockname_proto_$krb5_lib_var+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+      #include <sys/socket.h>
+      extern int getsockname(int, $sock_arg1, $sock_arg2);
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "krb5_cv_getsockname_proto_$krb5_lib_var=yes"
+else $as_nop
+  eval "krb5_cv_getsockname_proto_$krb5_lib_var=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+if eval "test \"`echo '$krb5_cv_getsockname_proto_'$krb5_lib_var`\" = yes"; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	sock_set=yes; res1="$sock_arg1"; res2="$sock_arg2"
+else
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+	fi
+  done
+done
+if test "$sock_set" = no; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: assuming struct sockaddr and socklen_t for getsockname args" >&5
+printf "%s\n" "$as_me: assuming struct sockaddr and socklen_t for getsockname args" >&6;}
+  res1="struct sockaddr *"
+  res2="socklen_t *"
+fi
+res1=`echo "$res1" | tr -d '*' | sed -e 's/ *$//'`
+res2=`echo "$res2" | tr -d '*' | sed -e 's/ *$//'`
+
+printf "%s\n" "#define GETSOCKNAME_ARG3_TYPE $res2" >>confdefs.h
+
+
+
+
+printf "%s\n" "#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE" >>confdefs.h
+
+
+LIBUTIL=
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lutil" >&5
+printf %s "checking for main in -lutil... " >&6; }
+if test ${ac_cv_lib_util_main+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main (void)
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_util_main=yes
+else $as_nop
+  ac_cv_lib_util_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_main" >&5
+printf "%s\n" "$ac_cv_lib_util_main" >&6; }
+if test "x$ac_cv_lib_util_main" = xyes
+then :
+
+printf "%s\n" "#define HAVE_LIBUTIL 1" >>confdefs.h
+
+LIBUTIL=-lutil
+
+fi
+
+
+
+# Determine if NLS is desired and supported.
+po=
+# Check whether --enable-nls was given.
+if test ${enable_nls+y}
+then :
+  enableval=$enable_nls;
+else $as_nop
+  enable_nls=check
+fi
+
+if test "$enable_nls" != no; then
+  ac_fn_c_check_header_compile "$LINENO" "libintl.h" "ac_cv_header_libintl_h" "$ac_includes_default"
+if test "x$ac_cv_header_libintl_h" = xyes
+then :
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dgettext" >&5
+printf %s "checking for library containing dgettext... " >&6; }
+if test ${ac_cv_search_dgettext+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char dgettext ();
+int
+main (void)
+{
+return dgettext ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' intl
+do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_search_dgettext=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext
+  if test ${ac_cv_search_dgettext+y}
+then :
+  break
+fi
+done
+if test ${ac_cv_search_dgettext+y}
+then :
+
+else $as_nop
+  ac_cv_search_dgettext=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dgettext" >&5
+printf "%s\n" "$ac_cv_search_dgettext" >&6; }
+ac_res=$ac_cv_search_dgettext
+if test "$ac_res" != no
+then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+
+printf "%s\n" "#define ENABLE_NLS 1" >>confdefs.h
+
+      nls_enabled=yes
+fi
+
+fi
+
+
+  # Extract the first word of "msgfmt", so it can be a program name with args.
+set dummy msgfmt; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_MSGFMT+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$MSGFMT"; then
+  ac_cv_prog_MSGFMT="$MSGFMT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_MSGFMT="msgfmt"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+MSGFMT=$ac_cv_prog_MSGFMT
+if test -n "$MSGFMT"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5
+printf "%s\n" "$MSGFMT" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  if test x"$MSGFMT" != x; then
+    ac_config_files="$ac_config_files po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in"
+
+
+
+    po=po
+  fi
+
+  # Error out if --enable-nls was explicitly requested but can't be enabled.
+  if test "$enable_nls" = yes; then
+    if test "$nls_enabled" != yes -o "x$po" = x; then
+      as_fn_error $? "NLS support requested but cannot be built" "$LINENO" 5
+    fi
+  fi
+fi
+
+
+# for kdc
+ac_fn_c_check_header_compile "$LINENO" "sys/sockio.h" "ac_cv_header_sys_sockio_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_sockio_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_SOCKIO_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "ifaddrs.h" "ac_cv_header_ifaddrs_h" "$ac_includes_default"
+if test "x$ac_cv_header_ifaddrs_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_IFADDRS_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "fnmatch.h" "ac_cv_header_fnmatch_h" "$ac_includes_default"
+if test "x$ac_cv_header_fnmatch_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_FNMATCH_H 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_func "$LINENO" "vsprintf" "ac_cv_func_vsprintf"
+if test "x$ac_cv_func_vsprintf" = xyes
+then :
+  printf "%s\n" "#define HAVE_VSPRINTF 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "vasprintf" "ac_cv_func_vasprintf"
+if test "x$ac_cv_func_vasprintf" = xyes
+then :
+  printf "%s\n" "#define HAVE_VASPRINTF 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf"
+if test "x$ac_cv_func_vsnprintf" = xyes
+then :
+  printf "%s\n" "#define HAVE_VSNPRINTF 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy"
+if test "x$ac_cv_func_strlcpy" = xyes
+then :
+  printf "%s\n" "#define HAVE_STRLCPY 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "fnmatch" "ac_cv_func_fnmatch"
+if test "x$ac_cv_func_fnmatch" = xyes
+then :
+  printf "%s\n" "#define HAVE_FNMATCH 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
+if test "x$ac_cv_func_secure_getenv" = xyes
+then :
+  printf "%s\n" "#define HAVE_SECURE_GETENV 1" >>confdefs.h
+
+fi
+
+
+EXTRA_SUPPORT_SYMS=
+ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy"
+if test "x$ac_cv_func_strlcpy" = xyes
+then :
+  STRLCPY_ST_OBJ=
+STRLCPY_OBJ=
+else $as_nop
+  STRLCPY_ST_OBJ=strlcpy.o
+STRLCPY_OBJ='$(OUTPRE)strlcpy.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_strlcpy krb5int_strlcat"
+fi
+
+
+
+
+ac_fn_c_check_func "$LINENO" "getopt" "ac_cv_func_getopt"
+if test "x$ac_cv_func_getopt" = xyes
+then :
+  GETOPT_ST_OBJ=
+GETOPT_OBJ=
+
+printf "%s\n" "#define HAVE_GETOPT 1" >>confdefs.h
+
+else $as_nop
+  GETOPT_ST_OBJ='getopt.o'
+GETOPT_OBJ='$(OUTPRE)getopt.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_optind k5_optarg k5_opterr k5_optopt k5_getopt"
+fi
+
+
+
+
+ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long"
+if test "x$ac_cv_func_getopt_long" = xyes
+then :
+  GETOPT_LONG_ST_OBJ=
+GETOPT_LONG_OBJ=
+
+printf "%s\n" "#define HAVE_GETOPT_LONG 1" >>confdefs.h
+
+else $as_nop
+  GETOPT_LONG_ST_OBJ='getopt_long.o'
+GETOPT_LONG_OBJ='$(OUTPRE)getopt_long.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_getopt_long"
+fi
+
+
+
+
+ac_fn_c_check_func "$LINENO" "fnmatch" "ac_cv_func_fnmatch"
+if test "x$ac_cv_func_fnmatch" = xyes
+then :
+  FNMATCH_ST_OBJ=
+FNMATCH_OBJ=
+else $as_nop
+  FNMATCH_ST_OBJ=fnmatch.o
+FNMATCH_OBJ='$(OUTPRE)fnmatch.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_fnmatch"
+fi
+
+
+
+
+ac_fn_c_check_func "$LINENO" "vasprintf" "ac_cv_func_vasprintf"
+if test "x$ac_cv_func_vasprintf" = xyes
+then :
+  PRINTF_ST_OBJ=
+PRINTF_OBJ=
+else $as_nop
+  PRINTF_ST_OBJ=printf.o
+PRINTF_OBJ='$(OUTPRE)printf.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_asprintf krb5int_vasprintf"
+fi
+
+
+
+
+if test "x$ac_cv_func_vasprintf" = xyes; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if vasprintf needs a prototype provided" >&5
+printf %s "checking if vasprintf needs a prototype provided... " >&6; }
+if test ${krb5_cv_func_vasprintf_noproto+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+
+int
+main (void)
+{
+#undef vasprintf
+      struct k5foo {int foo; } xx;
+      extern int vasprintf (struct k5foo*);
+      vasprintf(&xx);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_func_vasprintf_noproto=yes
+else $as_nop
+  krb5_cv_func_vasprintf_noproto=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_vasprintf_noproto" >&5
+printf "%s\n" "$krb5_cv_func_vasprintf_noproto" >&6; }
+if test $krb5_cv_func_vasprintf_noproto = yes; then
+
+printf "%s\n" "#define NEED_VASPRINTF_PROTO 1" >>confdefs.h
+
+fi
+fi
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if swab needs a prototype provided" >&5
+printf %s "checking if swab needs a prototype provided... " >&6; }
+if test ${krb5_cv_func_swab_noproto+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+/* Solaris 8 declares swab in stdlib.h.  */
+#include <stdlib.h>
+
+int
+main (void)
+{
+#undef swab
+      struct k5foo {int foo; } xx;
+      extern int swab (struct k5foo*);
+      swab(&xx);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_func_swab_noproto=yes
+else $as_nop
+  krb5_cv_func_swab_noproto=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_swab_noproto" >&5
+printf "%s\n" "$krb5_cv_func_swab_noproto" >&6; }
+if test $krb5_cv_func_swab_noproto = yes; then
+
+printf "%s\n" "#define NEED_SWAB_PROTO 1" >>confdefs.h
+
+fi
+
+
+
+ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
+if test "x$ac_cv_func_secure_getenv" = xyes
+then :
+  SECURE_GETENV_ST_OBJ=
+SECURE_GETENV_OBJ=
+SECURE_GETENV_INIT=
+else $as_nop
+  SECURE_GETENV_ST_OBJ=secure_getenv.o
+SECURE_GETENV_OBJ='$(OUTPRE)secure_getenv.$(OBJEXT)'
+SECURE_GETENV_INIT=k5_secure_getenv_init
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_secure_getenv"
+fi
+
+
+
+
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AWK+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AWK="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+printf "%s\n" "$AWK" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+ ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" "#include <sys/types.h>
+#include <sys/socket.h>
+"
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes
+then :
+
+printf "%s\n" "#define HAVE_SA_LEN 1" >>confdefs.h
+
+
+fi
+
+
+ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_types_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_socket_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_SOCKET_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "netinet/in.h" "ac_cv_header_netinet_in_h" "$ac_includes_default"
+if test "x$ac_cv_header_netinet_in_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_NETINET_IN_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "$ac_includes_default"
+if test "x$ac_cv_header_netdb_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_NETDB_H 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop"
+if test "x$ac_cv_func_inet_ntop" = xyes
+then :
+  printf "%s\n" "#define HAVE_INET_NTOP 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton"
+if test "x$ac_cv_func_inet_pton" = xyes
+then :
+  printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "getnameinfo" "ac_cv_func_getnameinfo"
+if test "x$ac_cv_func_getnameinfo" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETNAMEINFO 1" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5
+printf %s "checking for getaddrinfo... " >&6; }
+if test ${ac_cv_func_getaddrinfo+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef HAVE_NETDB_H
+      #include <netdb.h>
+      #endif
+
+int
+main (void)
+{
+struct addrinfo *ai;
+      getaddrinfo("kerberos.mit.edu", "echo", 0, &ai);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_func_getaddrinfo=yes
+else $as_nop
+  ac_cv_func_getaddrinfo=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5
+printf "%s\n" "$ac_cv_func_getaddrinfo" >&6; }
+if test $ac_cv_func_getaddrinfo = yes; then
+
+printf "%s\n" "#define HAVE_GETADDRINFO 1" >>confdefs.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for IPv6 compile-time support without -DINET6" >&5
+printf %s "checking for IPv6 compile-time support without -DINET6... " >&6; }
+if test ${krb5_cv_inet6+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+if test "$ac_cv_func_inet_ntop" != "yes" ; then
+  krb5_cv_inet6=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef HAVE_SYS_TYPES_H
+        #include <sys/types.h>
+        #endif
+        #include <sys/socket.h>
+        #include <netinet/in.h>
+        #include <netdb.h>
+
+int
+main (void)
+{
+struct sockaddr_in6 in;
+        AF_INET6;
+        IN6_IS_ADDR_LINKLOCAL(&in.sin6_addr);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_inet6=yes
+else $as_nop
+  krb5_cv_inet6=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_inet6" >&5
+printf "%s\n" "$krb5_cv_inet6" >&6; }
+if test "$krb5_cv_inet6" = no && test "$ac_cv_func_inet_ntop" = yes; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for IPv6 compile-time support with -DINET6" >&5
+printf %s "checking for IPv6 compile-time support with -DINET6... " >&6; }
+if test ${krb5_cv_inet6_with_dinet6+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+old_CC="$CC"
+CC="$CC -DINET6"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef HAVE_SYS_TYPES_H
+      #include <sys/types.h>
+      #endif
+      #include <sys/socket.h>
+      #include <netinet/in.h>
+      #include <netdb.h>
+
+int
+main (void)
+{
+struct sockaddr_in6 in;
+      AF_INET6;
+      IN6_IS_ADDR_LINKLOCAL (&in.sin6_addr);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_inet6_with_dinet6=yes
+else $as_nop
+  krb5_cv_inet6_with_dinet6=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+CC="$old_CC"
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_inet6_with_dinet6" >&5
+printf "%s\n" "$krb5_cv_inet6_with_dinet6" >&6; }
+fi
+if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes; then
+  if test "$krb5_cv_inet6_with_dinet6" = yes; then
+
+printf "%s\n" "#define INET6 1" >>confdefs.h
+
+  fi
+fi
+
+ ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" "#include <sys/types.h>
+#include <sys/socket.h>
+"
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes
+then :
+
+printf "%s\n" "#define HAVE_SA_LEN 1" >>confdefs.h
+
+
+fi
+
+
+ac_fn_c_check_func "$LINENO" "sigprocmask" "ac_cv_func_sigprocmask"
+if test "x$ac_cv_func_sigprocmask" = xyes
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sigset_t and POSIX_SIGNALS" >&5
+printf %s "checking for sigset_t and POSIX_SIGNALS... " >&6; }
+if test ${krb5_cv_type_sigset_t+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <signal.h>
+
+int
+main (void)
+{
+sigset_t x
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_type_sigset_t=yes
+else $as_nop
+  krb5_cv_type_sigset_t=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_type_sigset_t" >&5
+printf "%s\n" "$krb5_cv_type_sigset_t" >&6; }
+if test $krb5_cv_type_sigset_t = yes; then
+
+printf "%s\n" "#define POSIX_SIGNALS 1" >>confdefs.h
+
+fi
+
+fi
+
+
+# --with-vague-errors disables useful error messages.
+
+
+# Check whether --with-vague-errors was given.
+if test ${with_vague_errors+y}
+then :
+  withval=$with_vague_errors;
+else $as_nop
+  withval=no
+fi
+
+if test "$withval" = yes; then
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: Supplying vague error messages to KDC clients" >&5
+printf "%s\n" "$as_me: Supplying vague error messages to KDC clients" >&6;}
+
+printf "%s\n" "#define KRBCONF_VAGUE_ERRORS 1" >>confdefs.h
+
+fi
+
+# Check which (if any) audit plugin to build
+audit_plugin=""
+# Check whether --enable-audit-plugin was given.
+if test ${enable_audit_plugin+y}
+then :
+  enableval=$enable_audit_plugin;
+else $as_nop
+  enableval=no
+fi
+
+if test "$enableval" != no; then
+    case "$enableval" in
+    simple)
+        # if audit_log_user_message is found, we assume
+        # that audit_open and audit_close are also defined.
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for audit_log_user_message in -laudit" >&5
+printf %s "checking for audit_log_user_message in -laudit... " >&6; }
+if test ${ac_cv_lib_audit_audit_log_user_message+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-laudit  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char audit_log_user_message ();
+int
+main (void)
+{
+return audit_log_user_message ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_audit_audit_log_user_message=yes
+else $as_nop
+  ac_cv_lib_audit_audit_log_user_message=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_audit_audit_log_user_message" >&5
+printf "%s\n" "$ac_cv_lib_audit_audit_log_user_message" >&6; }
+if test "x$ac_cv_lib_audit_audit_log_user_message" = xyes
+then :
+  AUDIT_IMPL_LIBS=-laudit
+                     ac_config_files="$ac_config_files plugins/audit/simple/Makefile:$srcdir/./config/pre.in:plugins/audit/simple/Makefile.in:plugins/audit/simple/deps:$srcdir/./config/post.in"
+
+
+
+                     audit_plugin=plugins/audit/simple
+else $as_nop
+  as_fn_error $? "libaudit not found or undefined symbol audit_log_user_message" "$LINENO" 5
+fi
+
+        ;;
+    *)
+        as_fn_error $? "Unknown audit plugin implementation $enableval." "$LINENO" 5
+        ;;
+    esac
+fi
+
+
+
+# WITH_CRYPTO_IMPL
+
+CRYPTO_IMPL=builtin
+
+# Check whether --with-crypto-impl was given.
+if test ${with_crypto_impl+y}
+then :
+  withval=$with_crypto_impl; CRYPTO_IMPL=$withval
+   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: k5crypto will use '$withval'" >&5
+printf "%s\n" "$as_me: k5crypto will use '$withval'" >&6;}
+fi
+
+
+CRYPTO_BUILTIN_TESTS=no
+case $CRYPTO_IMPL in
+builtin)
+  CRYPTO_BUILTIN_TESTS=yes
+  ;;
+openssl)
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PKCS7_get_signer_info in -lcrypto" >&5
+printf %s "checking for PKCS7_get_signer_info in -lcrypto... " >&6; }
+if test ${ac_cv_lib_crypto_PKCS7_get_signer_info+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char PKCS7_get_signer_info ();
+int
+main (void)
+{
+return PKCS7_get_signer_info ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_crypto_PKCS7_get_signer_info=yes
+else $as_nop
+  ac_cv_lib_crypto_PKCS7_get_signer_info=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_PKCS7_get_signer_info" >&5
+printf "%s\n" "$ac_cv_lib_crypto_PKCS7_get_signer_info" >&6; }
+if test "x$ac_cv_lib_crypto_PKCS7_get_signer_info" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBCRYPTO 1" >>confdefs.h
+
+  LIBS="-lcrypto $LIBS"
+
+fi
+
+
+printf "%s\n" "#define CRYPTO_OPENSSL 1" >>confdefs.h
+
+  ;;
+*)
+  as_fn_error $? "Unknown crypto implementation $withval" "$LINENO" 5
+  ;;
+esac
+
+
+
+
+# WITH_TLS_IMPL
+
+
+# Check whether --with-tls-impl was given.
+if test ${with_tls_impl+y}
+then :
+  withval=$with_tls_impl; TLS_IMPL=$withval
+else $as_nop
+  TLS_IMPL=auto
+fi
+
+case "$TLS_IMPL" in
+openssl|auto)
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_new in -lssl" >&5
+printf %s "checking for SSL_CTX_new in -lssl... " >&6; }
+if test ${ac_cv_lib_ssl_SSL_CTX_new+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lssl -lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char SSL_CTX_new ();
+int
+main (void)
+{
+return SSL_CTX_new ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_ssl_SSL_CTX_new=yes
+else $as_nop
+  ac_cv_lib_ssl_SSL_CTX_new=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_new" >&5
+printf "%s\n" "$ac_cv_lib_ssl_SSL_CTX_new" >&6; }
+if test "x$ac_cv_lib_ssl_SSL_CTX_new" = xyes
+then :
+  have_lib_ssl=true
+else $as_nop
+  have_lib_ssl=false
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5
+printf %s "checking for OpenSSL... " >&6; }
+  if test x$have_lib_ssl = xtrue ; then
+
+printf "%s\n" "#define TLS_IMPL_OPENSSL 1" >>confdefs.h
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+    TLS_IMPL_LIBS="-lssl -lcrypto"
+    TLS_IMPL=openssl
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: TLS module will use OpenSSL" >&5
+printf "%s\n" "$as_me: TLS module will use OpenSSL" >&6;}
+  else
+    if test "$TLS_IMPL" = openssl ; then
+      as_fn_error $? "OpenSSL not found!" "$LINENO" 5
+    else
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL not found!" >&5
+printf "%s\n" "$as_me: WARNING: OpenSSL not found!" >&2;}
+    fi
+    TLS_IMPL=no
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: building without TLS support" >&5
+printf "%s\n" "$as_me: building without TLS support" >&6;}
+  fi
+  ;;
+no)
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: building without TLS support" >&5
+printf "%s\n" "$as_me: building without TLS support" >&6;}
+  ;;
+*)
+  as_fn_error $? "Unsupported TLS implementation $withval" "$LINENO" 5
+  ;;
+esac
+
+if test "$TLS_IMPL" = no; then
+
+printf "%s\n" "#define TLS_IMPL_NONE 1" >>confdefs.h
+
+fi
+
+
+
+
+
+
+# Check whether --with-keyutils was given.
+if test ${with_keyutils+y}
+then :
+  withval=$with_keyutils;
+else $as_nop
+  with_keyutils=check
+fi
+
+if test "$with_keyutils" != no; then
+  have_keyutils=false
+         for ac_header in keyutils.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "keyutils.h" "ac_cv_header_keyutils_h" "$ac_includes_default"
+if test "x$ac_cv_header_keyutils_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_KEYUTILS_H 1" >>confdefs.h
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for add_key in -lkeyutils" >&5
+printf %s "checking for add_key in -lkeyutils... " >&6; }
+if test ${ac_cv_lib_keyutils_add_key+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkeyutils  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char add_key ();
+int
+main (void)
+{
+return add_key ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_keyutils_add_key=yes
+else $as_nop
+  ac_cv_lib_keyutils_add_key=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_add_key" >&5
+printf "%s\n" "$ac_cv_lib_keyutils_add_key" >&6; }
+if test "x$ac_cv_lib_keyutils_add_key" = xyes
+then :
+  have_keyutils=true
+fi
+
+fi
+
+done
+  if test "$have_keyutils" = true; then
+
+printf "%s\n" "#define USE_KEYRING_CCACHE 1" >>confdefs.h
+
+    LIBS="-lkeyutils $LIBS"
+    # If libkeyutils supports persistent keyrings, use them.
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for keyctl_get_persistent in -lkeyutils" >&5
+printf %s "checking for keyctl_get_persistent in -lkeyutils... " >&6; }
+if test ${ac_cv_lib_keyutils_keyctl_get_persistent+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkeyutils  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char keyctl_get_persistent ();
+int
+main (void)
+{
+return keyctl_get_persistent ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_keyutils_keyctl_get_persistent=yes
+else $as_nop
+  ac_cv_lib_keyutils_keyctl_get_persistent=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_keyctl_get_persistent" >&5
+printf "%s\n" "$ac_cv_lib_keyutils_keyctl_get_persistent" >&6; }
+if test "x$ac_cv_lib_keyutils_keyctl_get_persistent" = xyes
+then :
+
+printf "%s\n" "#define HAVE_PERSISTENT_KEYRING 1" >>confdefs.h
+
+
+fi
+
+  elif test "$with_keyutils" = yes; then
+    as_fn_error $? "libkeyutils not found" "$LINENO" 5
+  fi
+fi
+
+# The SPAKE preauth plugin currently supports edwards25519 natively,
+# and can support three NIST groups using OpenSSL.
+HAVE_SPAKE_OPENSSL=no
+
+# Check whether --with-spake-openssl was given.
+if test ${with_spake_openssl+y}
+then :
+  withval=$with_spake_openssl;
+else $as_nop
+  withval=auto
+fi
+
+if test "$withval" = auto -o "$withval" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EC_POINT_new in -lcrypto" >&5
+printf %s "checking for EC_POINT_new in -lcrypto... " >&6; }
+if test ${ac_cv_lib_crypto_EC_POINT_new+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char EC_POINT_new ();
+int
+main (void)
+{
+return EC_POINT_new ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_crypto_EC_POINT_new=yes
+else $as_nop
+  ac_cv_lib_crypto_EC_POINT_new=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EC_POINT_new" >&5
+printf "%s\n" "$ac_cv_lib_crypto_EC_POINT_new" >&6; }
+if test "x$ac_cv_lib_crypto_EC_POINT_new" = xyes
+then :
+  have_crypto=true
+else $as_nop
+  have_crypto=false
+fi
+
+  if test "$have_crypto" = true; then
+
+printf "%s\n" "#define SPAKE_OPENSSL 1" >>confdefs.h
+
+    SPAKE_OPENSSL_LIBS=-lcrypto
+    HAVE_SPAKE_OPENSSL=yes
+  elif test "$withval" = yes; then
+    as_fn_error $? "OpenSSL libcrypto not found" "$LINENO" 5
+  fi
+fi
+
+
+
+# Check whether --enable-aesni was given.
+if test ${enable_aesni+y}
+then :
+  enableval=$enable_aesni;
+else $as_nop
+  enable_aesni=check
+fi
+
+if test "$CRYPTO_IMPL" = builtin -a "x$enable_aesni" != xno; then
+    case "$host" in
+    i686-*)
+	aesni_obj=iaesx86.o
+	aesni_machine=x86
+	;;
+    x86_64-*)
+	aesni_obj=iaesx64.o
+	aesni_machine=amd64
+	;;
+    esac
+    case "$host" in
+    *-*-linux* | *-*-gnu* | *-*-*bsd* | *-*-solaris*)
+	# All Unix-like platforms need -D__linux__ for iaesx64.s to
+	# use the System V x86-64 calling convention.
+	aesni_flags="-D__linux__ -f elf -m $aesni_machine"
+	;;
+    esac
+    if test "x$aesni_obj" != x && test "x$aesni_flags" != x; then
+	# Extract the first word of "yasm", so it can be a program name with args.
+set dummy yasm; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_YASM+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$YASM"; then
+  ac_cv_prog_YASM="$YASM" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_YASM="yasm"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+YASM=$ac_cv_prog_YASM
+if test -n "$YASM"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YASM" >&5
+printf "%s\n" "$YASM" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+	ac_fn_c_check_header_compile "$LINENO" "cpuid.h" "ac_cv_header_cpuid_h" "$ac_includes_default"
+if test "x$ac_cv_header_cpuid_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_CPUID_H 1" >>confdefs.h
+
+fi
+
+	if test x"$YASM" != x -a "x$ac_cv_header_cpuid_h" = xyes; then
+	    AESNI_OBJ=$aesni_obj
+	    AESNI_FLAGS=$aesni_flags
+
+printf "%s\n" "#define AESNI 1" >>confdefs.h
+
+	    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Building with AES-NI support" >&5
+printf "%s\n" "$as_me: Building with AES-NI support" >&6;}
+	fi
+    fi
+    if test "x$enable_aesni" = xyes -a "x$AESNI_OBJ" = x; then
+	as_fn_error $? "AES-NI support requested but cannot be built" "$LINENO" 5
+    fi
+fi
+
+
+
+# Check whether --enable-kdc-lookaside-cache was given.
+if test ${enable_kdc_lookaside_cache+y}
+then :
+  enableval=$enable_kdc_lookaside_cache;
+else $as_nop
+  enableval=yes
+fi
+
+if test "$enableval" = no ; then
+
+printf "%s\n" "#define NOCACHE 1" >>confdefs.h
+
+fi
+KRB5_RUN_ENV="$RUN_ENV"
+KRB5_RUN_VARS="$RUN_VARS"
+
+
+
+# asan is a gcc and clang facility to instrument the code with memory
+# error checking.  To use it, we compile C and C++ source files with
+# -fsanitize=address, and set ASAN=yes to suppress the undefined
+# symbols check when building shared libraries.
+# Check whether --enable-asan was given.
+if test ${enable_asan+y}
+then :
+  enableval=$enable_asan;
+else $as_nop
+  enable_asan=no
+fi
+
+if test "$enable_asan" != no; then
+    if test "$enable_asan" = yes; then
+        enable_asan=address
+    fi
+    ASAN_FLAGS="$DEFS -fsanitize=$enable_asan"
+    ASAN=yes
+    UNDEF_CHECK=
+else
+    ASAN_FLAGS=
+    ASAN=no
+fi
+
+
+
+# from old include/configure.in
+
+
+ac_config_headers="$ac_config_headers include/autoconf.h"
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+printf %s "checking for an ANSI C-conforming const... " >&6; }
+if test ${ac_cv_c_const+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this sort of thing.  */
+  typedef int charset[2];
+  const charset cs = { 0, 0 };
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *pcpcc;
+  char **ppc;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* IBM XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  pcpcc = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
+  { /* SCO 3.2v4 cc rejects this sort of thing.  */
+    char tx;
+    char *t = &tx;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+    if (s) return 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; } bx;
+    struct s *b = &bx; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+    if (!foo) return 0;
+  }
+  return !cs[0] && !zero.x;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_c_const=yes
+else $as_nop
+  ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+printf "%s\n" "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+printf "%s\n" "#define const /**/" >>confdefs.h
+
+fi
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+  as_ac_Header=`printf "%s\n" "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
+printf %s "checking for $ac_hdr that defines DIR... " >&6; }
+if eval test \${$as_ac_Header+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main (void)
+{
+if ((DIR *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$as_ac_Header=yes"
+else $as_nop
+  eval "$as_ac_Header=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$as_ac_Header
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Header"\" = x"yes"
+then :
+  cat >>confdefs.h <<_ACEOF
+#define `printf "%s\n" "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+printf %s "checking for library containing opendir... " >&6; }
+if test ${ac_cv_search_opendir+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main (void)
+{
+return opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' dir
+do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext
+  if test ${ac_cv_search_opendir+y}
+then :
+  break
+fi
+done
+if test ${ac_cv_search_opendir+y}
+then :
+
+else $as_nop
+  ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+printf "%s\n" "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no
+then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+printf %s "checking for library containing opendir... " >&6; }
+if test ${ac_cv_search_opendir+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main (void)
+{
+return opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' x
+do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext
+  if test ${ac_cv_search_opendir+y}
+then :
+  break
+fi
+done
+if test ${ac_cv_search_opendir+y}
+then :
+
+else $as_nop
+  ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+printf "%s\n" "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no
+then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5
+printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; }
+if test ${ac_cv_c_undeclared_builtin_options+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_save_CFLAGS=$CFLAGS
+   ac_cv_c_undeclared_builtin_options='cannot detect'
+   for ac_arg in '' -fno-builtin; do
+     CFLAGS="$ac_save_CFLAGS $ac_arg"
+     # This test program should *not* compile successfully.
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+(void) strchr;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+else $as_nop
+  # This test program should compile successfully.
+        # No library function is consistently available on
+        # freestanding implementations, so test against a dummy
+        # declaration.  Include always-available headers on the
+        # off chance that they somehow elicit warnings.
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <float.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stddef.h>
+extern void ac_decl (int, char *);
+
+int
+main (void)
+{
+(void) ac_decl (0, (char *) 0);
+  (void) ac_decl;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  if test x"$ac_arg" = x
+then :
+  ac_cv_c_undeclared_builtin_options='none needed'
+else $as_nop
+  ac_cv_c_undeclared_builtin_options=$ac_arg
+fi
+          break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+    done
+    CFLAGS=$ac_save_CFLAGS
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5
+printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; }
+  case $ac_cv_c_undeclared_builtin_options in #(
+  'cannot detect') :
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot make $CC report undeclared builtins
+See \`config.log' for more details" "$LINENO" 5; } ;; #(
+  'none needed') :
+    ac_c_undeclared_builtin_options='' ;; #(
+  *) :
+    ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;;
+esac
+
+ac_fn_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
+if test "x$ac_cv_have_decl_strerror_r" = xyes
+then :
+  ac_have_decl=1
+else $as_nop
+  ac_have_decl=0
+fi
+printf "%s\n" "#define HAVE_DECL_STRERROR_R $ac_have_decl" >>confdefs.h
+
+
+if test $ac_cv_have_decl_strerror_r = yes; then
+  # For backward compatibility's sake, define HAVE_STRERROR_R.
+  # (We used to run AC_CHECK_FUNCS_ONCE for strerror_r, as well
+  # as AC_CHECK_DECLS_ONCE.)
+
+printf "%s\n" "#define HAVE_STRERROR_R 1" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether strerror_r returns char *" >&5
+printf %s "checking whether strerror_r returns char *... " >&6; }
+if test ${ac_cv_func_strerror_r_char_p+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+    ac_cv_func_strerror_r_char_p=no
+    if test $ac_cv_have_decl_strerror_r = yes; then
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+int
+main (void)
+{
+
+	  char buf[100];
+	  char x = *strerror_r (0, buf, sizeof buf);
+	  char *p = strerror_r (0, buf, sizeof buf);
+	  return !p || x;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_func_strerror_r_char_p=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+
+    fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_char_p" >&5
+printf "%s\n" "$ac_cv_func_strerror_r_char_p" >&6; }
+if test $ac_cv_func_strerror_r_char_p = yes; then
+
+printf "%s\n" "#define STRERROR_R_CHAR_P 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_func "$LINENO" "strdup" "ac_cv_func_strdup"
+if test "x$ac_cv_func_strdup" = xyes
+then :
+  printf "%s\n" "#define HAVE_STRDUP 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setvbuf" "ac_cv_func_setvbuf"
+if test "x$ac_cv_func_setvbuf" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETVBUF 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid"
+if test "x$ac_cv_func_seteuid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETEUID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
+if test "x$ac_cv_func_setresuid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETRESUID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
+if test "x$ac_cv_func_setreuid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETREUID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setegid" "ac_cv_func_setegid"
+if test "x$ac_cv_func_setegid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETEGID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid"
+if test "x$ac_cv_func_setresgid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETRESGID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setregid" "ac_cv_func_setregid"
+if test "x$ac_cv_func_setregid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETREGID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid"
+if test "x$ac_cv_func_setsid" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETSID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "flock" "ac_cv_func_flock"
+if test "x$ac_cv_func_flock" = xyes
+then :
+  printf "%s\n" "#define HAVE_FLOCK 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "fchmod" "ac_cv_func_fchmod"
+if test "x$ac_cv_func_fchmod" = xyes
+then :
+  printf "%s\n" "#define HAVE_FCHMOD 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "chmod" "ac_cv_func_chmod"
+if test "x$ac_cv_func_chmod" = xyes
+then :
+  printf "%s\n" "#define HAVE_CHMOD 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "strptime" "ac_cv_func_strptime"
+if test "x$ac_cv_func_strptime" = xyes
+then :
+  printf "%s\n" "#define HAVE_STRPTIME 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "geteuid" "ac_cv_func_geteuid"
+if test "x$ac_cv_func_geteuid" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETEUID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv"
+if test "x$ac_cv_func_setenv" = xyes
+then :
+  printf "%s\n" "#define HAVE_SETENV 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv"
+if test "x$ac_cv_func_unsetenv" = xyes
+then :
+  printf "%s\n" "#define HAVE_UNSETENV 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "getenv" "ac_cv_func_getenv"
+if test "x$ac_cv_func_getenv" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETENV 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r"
+if test "x$ac_cv_func_gmtime_r" = xyes
+then :
+  printf "%s\n" "#define HAVE_GMTIME_R 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r"
+if test "x$ac_cv_func_localtime_r" = xyes
+then :
+  printf "%s\n" "#define HAVE_LOCALTIME_R 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "bswap16" "ac_cv_func_bswap16"
+if test "x$ac_cv_func_bswap16" = xyes
+then :
+  printf "%s\n" "#define HAVE_BSWAP16 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "bswap64" "ac_cv_func_bswap64"
+if test "x$ac_cv_func_bswap64" = xyes
+then :
+  printf "%s\n" "#define HAVE_BSWAP64 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "mkstemp" "ac_cv_func_mkstemp"
+if test "x$ac_cv_func_mkstemp" = xyes
+then :
+  printf "%s\n" "#define HAVE_MKSTEMP 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "getusershell" "ac_cv_func_getusershell"
+if test "x$ac_cv_func_getusershell" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETUSERSHELL 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "access" "ac_cv_func_access"
+if test "x$ac_cv_func_access" = xyes
+then :
+  printf "%s\n" "#define HAVE_ACCESS 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd"
+if test "x$ac_cv_func_getcwd" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETCWD 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "srand48" "ac_cv_func_srand48"
+if test "x$ac_cv_func_srand48" = xyes
+then :
+  printf "%s\n" "#define HAVE_SRAND48 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "srand" "ac_cv_func_srand"
+if test "x$ac_cv_func_srand" = xyes
+then :
+  printf "%s\n" "#define HAVE_SRAND 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "srandom" "ac_cv_func_srandom"
+if test "x$ac_cv_func_srandom" = xyes
+then :
+  printf "%s\n" "#define HAVE_SRANDOM 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "stat" "ac_cv_func_stat"
+if test "x$ac_cv_func_stat" = xyes
+then :
+  printf "%s\n" "#define HAVE_STAT 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "strchr" "ac_cv_func_strchr"
+if test "x$ac_cv_func_strchr" = xyes
+then :
+  printf "%s\n" "#define HAVE_STRCHR 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "strerror" "ac_cv_func_strerror"
+if test "x$ac_cv_func_strerror" = xyes
+then :
+  printf "%s\n" "#define HAVE_STRERROR 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "timegm" "ac_cv_func_timegm"
+if test "x$ac_cv_func_timegm" = xyes
+then :
+  printf "%s\n" "#define HAVE_TIMEGM 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
+if test "x$ac_cv_func_explicit_bzero" = xyes
+then :
+  printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "explicit_memset" "ac_cv_func_explicit_memset"
+if test "x$ac_cv_func_explicit_memset" = xyes
+then :
+  printf "%s\n" "#define HAVE_EXPLICIT_MEMSET 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "getresuid" "ac_cv_func_getresuid"
+if test "x$ac_cv_func_getresuid" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETRESUID 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "getresgid" "ac_cv_func_getresgid"
+if test "x$ac_cv_func_getresgid" = xyes
+then :
+  printf "%s\n" "#define HAVE_GETRESGID 1" >>confdefs.h
+
+fi
+
+
+ac_fn_c_check_func "$LINENO" "mkstemp" "ac_cv_func_mkstemp"
+if test "x$ac_cv_func_mkstemp" = xyes
+then :
+  MKSTEMP_ST_OBJ=
+MKSTEMP_OBJ=
+else $as_nop
+  MKSTEMP_ST_OBJ='mkstemp.o'
+MKSTEMP_OBJ='$(OUTPRE)mkstemp.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_mkstemp"
+fi
+
+
+
+
+ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday"
+if test "x$ac_cv_func_gettimeofday" = xyes
+then :
+  GETTIMEOFDAY_ST_OBJ=
+	GETTIMEOFDAY_OBJ=
+
+printf "%s\n" "#define HAVE_GETTIMEOFDAY 1" >>confdefs.h
+
+
+else $as_nop
+  GETTIMEOFDAY_ST_OBJ='gettimeofday.o'
+	GETTIMEOFDAY_OBJ='$(OUTPRE)gettimeofday.$(OBJEXT)'
+	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_gettimeofday"
+fi
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sys_errlist declaration" >&5
+printf %s "checking for sys_errlist declaration... " >&6; }
+if test ${krb5_cv_decl_sys_errlist+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+      #include <errno.h>
+
+int
+main (void)
+{
+1+sys_nerr;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_decl_sys_errlist=yes
+else $as_nop
+  krb5_cv_decl_sys_errlist=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_decl_sys_errlist" >&5
+printf "%s\n" "$krb5_cv_decl_sys_errlist" >&6; }
+# assume sys_nerr won't be declared w/o being in libc
+if test $krb5_cv_decl_sys_errlist = yes; then
+
+printf "%s\n" "#define SYS_ERRLIST_DECLARED 1" >>confdefs.h
+
+
+printf "%s\n" "#define HAVE_SYS_ERRLIST 1" >>confdefs.h
+
+else
+  # This means that sys_errlist is not declared in errno.h, but may still
+  # be in libc.
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sys_errlist in libc" >&5
+printf %s "checking for sys_errlist in libc... " >&6; }
+if test ${krb5_cv_var_sys_errlist+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+extern int sys_nerr;
+int
+main (void)
+{
+if (1+sys_nerr < 0) return 1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_var_sys_errlist=yes
+else $as_nop
+  krb5_cv_var_sys_errlist=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_var_sys_errlist" >&5
+printf "%s\n" "$krb5_cv_var_sys_errlist" >&6; }
+  if test $krb5_cv_var_sys_errlist = yes; then
+
+printf "%s\n" "#define HAVE_SYS_ERRLIST 1" >>confdefs.h
+
+    # Do this cruft for backwards compatibility for now.
+
+printf "%s\n" "#define NEED_SYS_ERRLIST 1" >>confdefs.h
+
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: sys_errlist is neither in errno.h nor in libc" >&5
+printf "%s\n" "$as_me: WARNING: sys_errlist is neither in errno.h nor in libc" >&2;}
+  fi
+fi
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "paths.h" "ac_cv_header_paths_h" "$ac_includes_default"
+if test "x$ac_cv_header_paths_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_PATHS_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "regex.h" "ac_cv_header_regex_h" "$ac_includes_default"
+if test "x$ac_cv_header_regex_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_REGEX_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "regexpr.h" "ac_cv_header_regexpr_h" "$ac_includes_default"
+if test "x$ac_cv_header_regexpr_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_REGEXPR_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "$ac_includes_default"
+if test "x$ac_cv_header_fcntl_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "memory.h" "ac_cv_header_memory_h" "$ac_includes_default"
+if test "x$ac_cv_header_memory_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_MEMORY_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "ifaddrs.h" "ac_cv_header_ifaddrs_h" "$ac_includes_default"
+if test "x$ac_cv_header_ifaddrs_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_IFADDRS_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/filio.h" "ac_cv_header_sys_filio_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_filio_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_FILIO_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "byteswap.h" "ac_cv_header_byteswap_h" "$ac_includes_default"
+if test "x$ac_cv_header_byteswap_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_BYTESWAP_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "machine/endian.h" "ac_cv_header_machine_endian_h" "$ac_includes_default"
+if test "x$ac_cv_header_machine_endian_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_MACHINE_ENDIAN_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "machine/byte_order.h" "ac_cv_header_machine_byte_order_h" "$ac_includes_default"
+if test "x$ac_cv_header_machine_byte_order_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_MACHINE_BYTE_ORDER_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/bswap.h" "ac_cv_header_sys_bswap_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_bswap_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_BSWAP_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "endian.h" "ac_cv_header_endian_h" "$ac_includes_default"
+if test "x$ac_cv_header_endian_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_ENDIAN_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "pwd.h" "ac_cv_header_pwd_h" "$ac_includes_default"
+if test "x$ac_cv_header_pwd_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_PWD_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "arpa/inet.h" "ac_cv_header_arpa_inet_h" "$ac_includes_default"
+if test "x$ac_cv_header_arpa_inet_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_ARPA_INET_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "alloca.h" "ac_cv_header_alloca_h" "$ac_includes_default"
+if test "x$ac_cv_header_alloca_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_ALLOCA_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default"
+if test "x$ac_cv_header_dlfcn_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "limits.h" "ac_cv_header_limits_h" "$ac_includes_default"
+if test "x$ac_cv_header_limits_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIMITS_H 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_header_compile "$LINENO" "regexp.h" "ac_cv_header_regexp_h" "#define INIT char *sp = instring;
+#define GETC() (*sp++)
+#define PEEKC() (*sp)
+#define UNGETC(c) (--sp)
+#define RETURN(c) return(c)
+#define ERROR(c)
+
+"
+if test "x$ac_cv_header_regexp_h" = xyes
+then :
+
+fi
+
+ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimensec" "ac_cv_member_struct_stat_st_mtimensec" "#include <sys/types.h>
+#include <sys/stat.h>
+"
+if test "x$ac_cv_member_struct_stat_st_mtimensec" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIMENSEC 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimespec.tv_nsec" "ac_cv_member_struct_stat_st_mtimespec_tv_nsec" "#include <sys/types.h>
+#include <sys/stat.h>
+"
+if test "x$ac_cv_member_struct_stat_st_mtimespec_tv_nsec" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim.tv_nsec" "ac_cv_member_struct_stat_st_mtim_tv_nsec" "#include <sys/types.h>
+#include <sys/stat.h>
+"
+if test "x$ac_cv_member_struct_stat_st_mtim_tv_nsec" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC 1" >>confdefs.h
+
+
+fi
+
+
+ac_fn_c_check_func "$LINENO" "re_comp" "ac_cv_func_re_comp"
+if test "x$ac_cv_func_re_comp" = xyes
+then :
+  printf "%s\n" "#define HAVE_RE_COMP 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "re_exec" "ac_cv_func_re_exec"
+if test "x$ac_cv_func_re_exec" = xyes
+then :
+  printf "%s\n" "#define HAVE_RE_EXEC 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "regexec" "ac_cv_func_regexec"
+if test "x$ac_cv_func_regexec" = xyes
+then :
+  printf "%s\n" "#define HAVE_REGEXEC 1" >>confdefs.h
+
+fi
+
+
+ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default"
+if test "x$ac_cv_type_off_t" = xyes
+then :
+
+else $as_nop
+
+printf "%s\n" "#define off_t long int" >>confdefs.h
+
+fi
+
+
+# Fancy caching of perror result...
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for perror declaration" >&5
+printf %s "checking for perror declaration... " >&6; }
+if test ${krb5_cv_decl_perror+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <errno.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "perror" >/dev/null 2>&1
+then :
+  krb5_cv_decl_perror=yes
+else $as_nop
+  krb5_cv_decl_perror=no
+fi
+rm -rf conftest*
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_decl_perror" >&5
+printf "%s\n" "$krb5_cv_decl_perror" >&6; }
+if test $krb5_cv_decl_perror = yes; then
+
+printf "%s\n" "#define HDR_HAS_PERROR 1" >>confdefs.h
+
+fi
+
+
+if test "x$ac_cv_func_strptime" = xyes; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strptime needs a prototype provided" >&5
+printf %s "checking if strptime needs a prototype provided... " >&6; }
+if test ${krb5_cv_func_strptime_noproto+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <time.h>
+int
+main (void)
+{
+#undef strptime
+      struct k5foo {int foo; } xx;
+      extern int strptime (struct k5foo*);
+      strptime(&xx);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_func_strptime_noproto=yes
+else $as_nop
+  krb5_cv_func_strptime_noproto=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_strptime_noproto" >&5
+printf "%s\n" "$krb5_cv_func_strptime_noproto" >&6; }
+if test $krb5_cv_func_strptime_noproto = yes; then
+
+printf "%s\n" "#define NEED_STRPTIME_PROTO 1" >>confdefs.h
+
+fi
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if argument to wait is int *" >&5
+printf %s "checking if argument to wait is int *... " >&6; }
+if test ${krb5_cv_struct_wait+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+      #include <sys/wait.h>
+      extern pid_t wait(int *);
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_struct_wait=no
+else $as_nop
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/wait.h>
+
+int
+main (void)
+{
+union wait i;
+        #ifdef WEXITSTATUS
+        WEXITSTATUS (i);
+        #endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_struct_wait=yes
+else $as_nop
+  krb5_cv_struct_wait=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_struct_wait" >&5
+printf "%s\n" "$krb5_cv_struct_wait" >&6; }
+if test $krb5_cv_struct_wait = no; then
+
+printf "%s\n" "#define WAIT_USES_INT 1" >>confdefs.h
+
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for use of sigprocmask" >&5
+printf %s "checking for use of sigprocmask... " >&6; }
+if test ${krb5_cv_func_sigprocmask_use+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <signal.h>
+
+int
+main (void)
+{
+sigprocmask(SIG_SETMASK, 0, 0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_func_sigprocmask_use=yes
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <signal.h>
+
+int
+main (void)
+{
+sigmask(1);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_func_sigprocmask_use=no
+else $as_nop
+  krb5_cv_func_sigprocmask_use=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_func_sigprocmask_use" >&5
+printf "%s\n" "$krb5_cv_func_sigprocmask_use" >&6; }
+if test $krb5_cv_func_sigprocmask_use = yes; then
+
+printf "%s\n" "#define USE_SIGPROCMASK 1" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+printf %s "checking for uid_t in sys/types.h... " >&6; }
+if test ${ac_cv_type_uid_t+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1
+then :
+  ac_cv_type_uid_t=yes
+else $as_nop
+  ac_cv_type_uid_t=no
+fi
+rm -rf conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+printf "%s\n" "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+printf "%s\n" "#define uid_t int" >>confdefs.h
+
+
+printf "%s\n" "#define gid_t int" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5
+printf %s "checking type of array argument to getgroups... " >&6; }
+if test ${ac_cv_type_getgroups+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test "$cross_compiling" = yes
+then :
+  ac_cv_type_getgroups=cross
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Thanks to Mike Rendell for this test.  */
+$ac_includes_default
+#define NGID 256
+#undef MAX
+#define MAX(x, y) ((x) > (y) ? (x) : (y))
+
+int
+main (void)
+{
+  gid_t gidset[NGID];
+  int i, n;
+  union { gid_t gval; long int lval; }  val;
+
+  val.lval = -1;
+  for (i = 0; i < NGID; i++)
+    gidset[i] = val.gval;
+  n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1,
+		 gidset);
+  /* Exit non-zero if getgroups seems to require an array of ints.  This
+     happens when gid_t is short int but getgroups modifies an array
+     of ints.  */
+  return n > 0 && gidset[n] != val.gval;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  ac_cv_type_getgroups=gid_t
+else $as_nop
+  ac_cv_type_getgroups=int
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+if test $ac_cv_type_getgroups = cross; then
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <unistd.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1
+then :
+  ac_cv_type_getgroups=gid_t
+else $as_nop
+  ac_cv_type_getgroups=int
+fi
+rm -rf conftest*
+
+fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5
+printf "%s\n" "$ac_cv_type_getgroups" >&6; }
+
+printf "%s\n" "#define GETGROUPS_T $ac_cv_type_getgroups" >>confdefs.h
+
+
+
+ac_fn_c_check_func "$LINENO" "sigsetjmp" "ac_cv_func_sigsetjmp"
+if test "x$ac_cv_func_sigsetjmp" = xyes
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sigjmp_buf" >&5
+printf %s "checking for sigjmp_buf... " >&6; }
+if test ${krb5_cv_struct_sigjmp_buf+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <setjmp.h>
+
+int
+main (void)
+{
+sigjmp_buf x
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_struct_sigjmp_buf=yes
+else $as_nop
+  krb5_cv_struct_sigjmp_buf=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_struct_sigjmp_buf" >&5
+printf "%s\n" "$krb5_cv_struct_sigjmp_buf" >&6; }
+if test $krb5_cv_struct_sigjmp_buf = yes; then
+
+printf "%s\n" "#define POSIX_SETJMP 1" >>confdefs.h
+
+fi
+
+fi
+
+
+# *rpcent return types needed for lib/rpc
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking return type of setrpcent" >&5
+printf %s "checking return type of setrpcent... " >&6; }
+if test ${k5_cv_type_setrpcent+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+                    extern void setrpcent();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  k5_cv_type_setrpcent=void
+else $as_nop
+  k5_cv_type_setrpcent=int
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_setrpcent" >&5
+printf "%s\n" "$k5_cv_type_setrpcent" >&6; }
+
+printf "%s\n" "#define SETRPCENT_TYPE $k5_cv_type_setrpcent" >>confdefs.h
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking return type of endrpcent" >&5
+printf %s "checking return type of endrpcent... " >&6; }
+if test ${k5_cv_type_endrpcent+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+      extern void endrpcent();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  k5_cv_type_endrpcent=void
+else $as_nop
+  k5_cv_type_endrpcent=int
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_endrpcent" >&5
+printf "%s\n" "$k5_cv_type_endrpcent" >&6; }
+
+printf "%s\n" "#define ENDRPCENT_TYPE $k5_cv_type_endrpcent" >>confdefs.h
+
+
+
+# bswap_16 is a macro in byteswap.h under GNU libc
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for bswap_16" >&5
+printf %s "checking for bswap_16... " >&6; }
+if test ${krb5_cv_bswap_16+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#if HAVE_BYTESWAP_H
+      #include <byteswap.h>
+      #endif
+
+int
+main (void)
+{
+bswap_16(37);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_bswap_16=yes
+else $as_nop
+  krb5_cv_bswap_16=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_bswap_16" >&5
+printf "%s\n" "$krb5_cv_bswap_16" >&6; }
+if test "$krb5_cv_bswap_16" = yes; then
+
+printf "%s\n" "#define HAVE_BSWAP_16 1" >>confdefs.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for bswap_64" >&5
+printf %s "checking for bswap_64... " >&6; }
+if test ${krb5_cv_bswap_64+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#if HAVE_BYTESWAP_H
+      #include <byteswap.h>
+      #endif
+
+int
+main (void)
+{
+bswap_64(37);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_bswap_64=yes
+else $as_nop
+  krb5_cv_bswap_64=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_bswap_64" >&5
+printf "%s\n" "$krb5_cv_bswap_64" >&6; }
+if test "$krb5_cv_bswap_64" = yes; then
+
+printf "%s\n" "#define HAVE_BSWAP_64 1" >>confdefs.h
+
+fi
+
+# Needed for ksu and some appl stuff.
+
+case $krb5_cv_host in
+alpha*-dec-osf*)
+	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for setluid in -lsecurity" >&5
+printf %s "checking for setluid in -lsecurity... " >&6; }
+if test ${ac_cv_lib_security_setluid+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsecurity  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char setluid ();
+int
+main (void)
+{
+return setluid ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_security_setluid=yes
+else $as_nop
+  ac_cv_lib_security_setluid=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_security_setluid" >&5
+printf "%s\n" "$ac_cv_lib_security_setluid" >&6; }
+if test "x$ac_cv_lib_security_setluid" = xyes
+then :
+
+printf "%s\n" "#define HAVE_SETLUID 1" >>confdefs.h
+
+		KSU_LIBS="-lsecurity"
+
+fi
+
+	;;
+esac
+
+
+if test $ac_cv_func_setenv = no || test $ac_cv_func_unsetenv = no \
+  || test $ac_cv_func_getenv = no; then
+  SETENVOBJ=setenv.o
+else
+  SETENVOBJ=
+fi
+
+
+# Check what the return types for gethostbyname_r and getservbyname_r are.
+
+ac_fn_c_check_func "$LINENO" "gethostbyname_r" "ac_cv_func_gethostbyname_r"
+if test "x$ac_cv_func_gethostbyname_r" = xyes
+then :
+
+ac_cv_func_gethostbyname_r=yes
+if test "$ac_cv_func_gethostbyname_r" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if gethostbyname_r returns an int" >&5
+printf %s "checking if gethostbyname_r returns an int... " >&6; }
+  if test ${krb5_cv_gethostbyname_r_returns_int+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+        extern int gethostbyname_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_gethostbyname_r_returns_int=yes
+else $as_nop
+  krb5_cv_gethostbyname_r_returns_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_gethostbyname_r_returns_int" >&5
+printf "%s\n" "$krb5_cv_gethostbyname_r_returns_int" >&6; }
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if gethostbyname_r returns a pointer" >&5
+printf %s "checking if gethostbyname_r returns a pointer... " >&6; }
+  if test ${krb5_cv_gethostbyname_r_returns_ptr+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+        extern struct hostent *gethostbyname_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_gethostbyname_r_returns_ptr=yes
+else $as_nop
+  krb5_cv_gethostbyname_r_returns_ptr=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_gethostbyname_r_returns_ptr" >&5
+printf "%s\n" "$krb5_cv_gethostbyname_r_returns_ptr" >&6; }
+
+  if test "$krb5_cv_gethostbyname_r_returns_int" = "$krb5_cv_gethostbyname_r_returns_ptr"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine return type of gethostbyname_r -- disabling" >&5
+printf "%s\n" "$as_me: WARNING: cannot determine return type of gethostbyname_r -- disabling" >&2;}
+    ac_cv_func_gethostbyname_r=no
+  fi
+  if test "$krb5_cv_gethostbyname_r_returns_int" = yes; then
+
+printf "%s\n" "#define GETHOSTBYNAME_R_RETURNS_INT 1" >>confdefs.h
+
+  fi
+fi
+if test "$ac_cv_func_gethostbyname_r" = yes; then
+
+printf "%s\n" "#define HAVE_GETHOSTBYNAME_R 1" >>confdefs.h
+
+  ac_fn_c_check_func "$LINENO" "gethostbyaddr_r" "ac_cv_func_gethostbyaddr_r"
+if test "x$ac_cv_func_gethostbyaddr_r" = xyes
+then :
+
+fi
+
+fi
+
+fi
+
+
+
+# PTHREAD_CFLAGS changes which variant of these functions is declared
+# on Solaris 11, so use it for these tests.
+old_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+ac_fn_c_check_func "$LINENO" "getpwnam_r" "ac_cv_func_getpwnam_r"
+if test "x$ac_cv_func_getpwnam_r" = xyes
+then :
+  ac_cv_func_getpwnam_r=yes
+else $as_nop
+  ac_cv_func_getpwnam_r=no
+fi
+
+ac_fn_c_check_func "$LINENO" "getpwuid_r" "ac_cv_func_getpwuid_r"
+if test "x$ac_cv_func_getpwuid_r" = xyes
+then :
+  ac_cv_func_getpwuid_r=yes
+else $as_nop
+  ac_cv_func_getpwuid_r=no
+fi
+
+if test "$ac_cv_func_getpwnam_r" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking return type of getpwnam_r" >&5
+printf %s "checking return type of getpwnam_r... " >&6; }
+  if test ${krb5_cv_getpwnam_r_return_type+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pwd.h>
+        extern int getpwnam_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  getpwnam_r_returns_int=yes
+else $as_nop
+  getpwnam_r_returns_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pwd.h>
+        extern struct passwd *getpwnam_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  getpwnam_r_returns_ptr=yes
+else $as_nop
+  getpwnam_r_returns_ptr=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   case "$getpwnam_r_returns_int/$getpwnam_r_returns_ptr" in
+     yes/no) krb5_cv_getpwnam_r_return_type=int ;;
+     no/yes) krb5_cv_getpwnam_r_return_type=ptr ;;
+     *) krb5_cv_getpwnam_r_return_type=unknown ;;
+   esac
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getpwnam_r_return_type" >&5
+printf "%s\n" "$krb5_cv_getpwnam_r_return_type" >&6; }
+  if test $krb5_cv_getpwnam_r_return_type = int; then
+
+printf "%s\n" "#define GETPWNAM_R_RETURNS_INT 1" >>confdefs.h
+
+  elif test $krb5_cv_getpwnam_r_return_type = unknown; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine getpwnam_r return type, disabling getpwnam_r" >&5
+printf "%s\n" "$as_me: WARNING: Cannot determine getpwnam_r return type, disabling getpwnam_r" >&2;}
+    ac_cv_func_getpwnam_r=no
+  fi
+fi
+if test "$ac_cv_func_getpwnam_r" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking number of arguments to getpwnam_r" >&5
+printf %s "checking number of arguments to getpwnam_r... " >&6; }
+  if test ${krb5_cv_getpwnam_r_args+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pwd.h>
+        struct passwd pwx; char buf[1024];
+int
+main (void)
+{
+getpwnam_r("", &pwx, buf, sizeof(buf));
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  args4=yes
+else $as_nop
+  args4=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <pwd.h>
+         struct passwd pwx, *p;
+         char buf[1024];
+int
+main (void)
+{
+getpwnam_r("", &pwx, buf, sizeof(buf), &p);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  args5=yes
+else $as_nop
+  args5=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   case $args4/$args5 in
+     yes/no) krb5_cv_getpwnam_r_args=4 ;;
+     no/yes) krb5_cv_getpwnam_r_args=5 ;;
+     *) krb5_cv_getpwnam_r_args=unknown ;;
+   esac
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getpwnam_r_args" >&5
+printf "%s\n" "$krb5_cv_getpwnam_r_args" >&6; }
+  if test "$krb5_cv_getpwnam_r_args" = unknown; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Cannot determine number of arguments to getpwnam_r, disabling its use." >&5
+printf "%s\n" "$as_me: WARNING: Cannot determine number of arguments to getpwnam_r, disabling its use." >&2;}
+    ac_cv_func_getpwnam_r=no
+  else
+
+printf "%s\n" "#define HAVE_GETPWNAM_R 1" >>confdefs.h
+
+    if test "$krb5_cv_getpwnam_r_args" = 4; then
+
+printf "%s\n" "#define GETPWNAM_R_4_ARGS 1" >>confdefs.h
+
+    fi
+  fi
+fi
+CFLAGS=$old_CFLAGS
+
+if test "$ac_cv_func_getpwnam_r" = no && test "$ac_cv_func_getpwuid_r" = yes; then
+  # Actually, we could do this check, and the corresponding checks
+  # for return type and number of arguments, but I doubt we'll run
+  # into a system where we'd get to use getpwuid_r but not getpwnam_r.
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: getpwnam_r not useful, so disabling getpwuid_r too" >&5
+printf "%s\n" "$as_me: getpwnam_r not useful, so disabling getpwuid_r too" >&6;}
+  ac_cv_func_getpwuid_r=no
+fi
+if test "$ac_cv_func_getpwuid_r" = yes; then
+
+printf "%s\n" "#define HAVE_GETPWUID_R 1" >>confdefs.h
+
+  # Hack: Assume getpwuid_r is the shorter form if getpwnam_r is.
+  if test "$krb5_cv_getpwnam_r_args" = 4; then
+
+printf "%s\n" "#define GETPWUID_R_4_ARGS 1" >>confdefs.h
+
+  fi
+fi
+
+if test "$ac_cv_func_gmtime_r" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether gmtime_r returns int" >&5
+printf %s "checking whether gmtime_r returns int... " >&6; }
+  if test ${krb5_cv_gmtime_r_returns_int+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <time.h>
+        extern int gmtime_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  return_int=yes
+else $as_nop
+  return_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+     #include <time.h>
+         extern struct tm *gmtime_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  return_ptr=yes
+else $as_nop
+  return_ptr=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+   case $return_int/$return_ptr in
+     yes/no) krb5_cv_gmtime_r_returns_int=yes ;;
+     no/yes) krb5_cv_gmtime_r_returns_int=no ;;
+     *)      # Can't figure it out, punt the function.
+             ac_cv_func_gmtime_r=no ;;
+   esac
+fi
+
+  if test "$ac_cv_func_gmtime_r" = no; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unknown -- ignoring gmtime_r" >&5
+printf "%s\n" "unknown -- ignoring gmtime_r" >&6; }
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_gmtime_r_returns_int" >&5
+printf "%s\n" "$krb5_cv_gmtime_r_returns_int" >&6; }
+    if test "$krb5_cv_gmtime_r_returns_int" = yes; then
+
+printf "%s\n" "#define GMTIME_R_RETURNS_INT 1" >>confdefs.h
+
+    fi
+  fi
+fi
+
+ac_fn_c_check_func "$LINENO" "getservbyname_r" "ac_cv_func_getservbyname_r"
+if test "x$ac_cv_func_getservbyname_r" = xyes
+then :
+
+ac_cv_func_getservbyname_r=yes
+if test "$ac_cv_func_getservbyname_r" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getservbyname_r returns an int" >&5
+printf %s "checking if getservbyname_r returns an int... " >&6; }
+  if test ${krb5_cv_getservbyname_r_returns_int+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+        extern int getservbyname_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_getservbyname_r_returns_int=yes
+else $as_nop
+  krb5_cv_getservbyname_r_returns_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getservbyname_r_returns_int" >&5
+printf "%s\n" "$krb5_cv_getservbyname_r_returns_int" >&6; }
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getservbyname_r returns a pointer" >&5
+printf %s "checking if getservbyname_r returns a pointer... " >&6; }
+  if test ${krb5_cv_getservbyname_r_returns_ptr+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+        extern struct servent *getservbyname_r();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_getservbyname_r_returns_ptr=yes
+else $as_nop
+  krb5_cv_getservbyname_r_returns_ptr=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_getservbyname_r_returns_ptr" >&5
+printf "%s\n" "$krb5_cv_getservbyname_r_returns_ptr" >&6; }
+
+  if test "$krb5_cv_getservbyname_r_returns_int" = "$krb5_cv_getservbyname_r_returns_ptr"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine return type of getservbyname_r -- disabling" >&5
+printf "%s\n" "$as_me: WARNING: cannot determine return type of getservbyname_r -- disabling" >&2;}
+    ac_cv_func_getservbyname_r=no
+  fi
+  if test "$krb5_cv_getservbyname_r_returns_int" = yes; then
+
+printf "%s\n" "#define GETSERVBYNAME_R_RETURNS_INT 1" >>confdefs.h
+
+  fi
+fi
+if test "$ac_cv_func_getservbyname_r" = yes; then
+
+printf "%s\n" "#define HAVE_GETSERVBYNAME_R 1" >>confdefs.h
+
+  ac_fn_c_check_func "$LINENO" "getservbyport_r" "ac_cv_func_getservbyport_r"
+if test "x$ac_cv_func_getservbyport_r" = xyes
+then :
+
+fi
+
+fi
+
+fi
+
+
+
+ac_fn_c_check_header_compile "$LINENO" "dirent.h" "ac_cv_header_dirent_h" "$ac_includes_default"
+if test "x$ac_cv_header_dirent_h" = xyes
+then :
+
+printf "%s\n" "#define USE_DIRENT_H 1" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+printf %s "checking for uid_t in sys/types.h... " >&6; }
+if test ${ac_cv_type_uid_t+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1
+then :
+  ac_cv_type_uid_t=yes
+else $as_nop
+  ac_cv_type_uid_t=no
+fi
+rm -rf conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+printf "%s\n" "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+printf "%s\n" "#define uid_t int" >>confdefs.h
+
+
+printf "%s\n" "#define gid_t int" >>confdefs.h
+
+fi
+
+
+ac_fn_c_check_header_compile "$LINENO" "termios.h" "ac_cv_header_termios_h" "$ac_includes_default"
+if test "x$ac_cv_header_termios_h" = xyes
+then :
+  ac_fn_c_check_func "$LINENO" "tcsetattr" "ac_cv_func_tcsetattr"
+if test "x$ac_cv_func_tcsetattr" = xyes
+then :
+
+printf "%s\n" "#define POSIX_TERMIOS 1" >>confdefs.h
+
+fi
+
+fi
+
+
+ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_poll_h" "$ac_includes_default"
+if test "x$ac_cv_header_poll_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_POLL_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdlib_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_STDLIB_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "string.h" "ac_cv_header_string_h" "$ac_includes_default"
+if test "x$ac_cv_header_string_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_STRING_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "stddef.h" "ac_cv_header_stddef_h" "$ac_includes_default"
+if test "x$ac_cv_header_stddef_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_STDDEF_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_types_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/file.h" "ac_cv_header_sys_file_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_file_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_FILE_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_param_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_PARAM_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_stat_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_STAT_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/time.h" "ac_cv_header_sys_time_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_time_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_TIME_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "netinet/in.h" "ac_cv_header_netinet_in_h" "$ac_includes_default"
+if test "x$ac_cv_header_netinet_in_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_NETINET_IN_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/uio.h" "ac_cv_header_sys_uio_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_uio_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_UIO_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/filio.h" "ac_cv_header_sys_filio_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_filio_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_FILIO_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_select_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "time.h" "ac_cv_header_time_h" "$ac_includes_default"
+if test "x$ac_cv_header_time_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_TIME_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "paths.h" "ac_cv_header_paths_h" "$ac_includes_default"
+if test "x$ac_cv_header_paths_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_PATHS_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "errno.h" "ac_cv_header_errno_h" "$ac_includes_default"
+if test "x$ac_cv_header_errno_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_ERRNO_H 1" >>confdefs.h
+
+fi
+
+
+# If compiling with IPv6 support, test if in6addr_any functions.
+# Irix 6.5.16 defines it, but lacks support in the C library.
+if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes ; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for in6addr_any definition in library" >&5
+printf %s "checking for in6addr_any definition in library... " >&6; }
+if test ${krb5_cv_var_in6addr_any+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef HAVE_SYS_TYPES_H
+        #include <sys/types.h>
+        #endif
+        #include <sys/socket.h>
+        #include <netinet/in.h>
+        #include <netdb.h>
+        #include <stdio.h>
+
+int
+main (void)
+{
+struct sockaddr_in6 in;
+        in.sin6_addr = in6addr_any;
+        printf("%x", &in);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  krb5_cv_var_in6addr_any=yes
+else $as_nop
+  krb5_cv_var_in6addr_any=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_var_in6addr_any" >&5
+printf "%s\n" "$krb5_cv_var_in6addr_any" >&6; }
+  if test $krb5_cv_var_in6addr_any = no; then
+
+printf "%s\n" "#define NEED_INSIXADDR_ANY 1" >>confdefs.h
+
+  fi
+fi
+
+# then from osconf.h, we have
+
+ac_fn_c_check_type "$LINENO" "time_t" "ac_cv_type_time_t" "$ac_includes_default"
+if test "x$ac_cv_type_time_t" = xyes
+then :
+
+else $as_nop
+
+printf "%s\n" "#define time_t long" >>confdefs.h
+
+fi
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
+printf %s "checking size of time_t... " >&6; }
+if test ${ac_cv_sizeof_time_t+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t"        "$ac_includes_default"
+then :
+
+else $as_nop
+  if test "$ac_cv_type_time_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (time_t)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_time_t=0
+   fi
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
+printf "%s\n" "$ac_cv_sizeof_time_t" >&6; }
+
+
+
+printf "%s\n" "#define SIZEOF_TIME_T $ac_cv_sizeof_time_t" >>confdefs.h
+
+
+SIZEOF_TIME_T=$ac_cv_sizeof_time_t
+
+
+# Determine where to put the replay cache.
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for replay cache directory" >&5
+printf %s "checking for replay cache directory... " >&6; }
+if test ${krb5_cv_sys_rcdir+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+if test $cross_compiling = yes; then
+	krb5_cv_sys_rcdir=/var/tmp
+else
+	for t_dir in /var/tmp /usr/tmp /var/usr/tmp /tmp ; do
+		test -d $t_dir || continue
+		krb5_cv_sys_rcdir=$t_dir
+		break
+	done
+fi
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_sys_rcdir" >&5
+printf "%s\n" "$krb5_cv_sys_rcdir" >&6; }
+KRB5_RCTMPDIR=$krb5_cv_sys_rcdir
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5
+printf %s "checking for socklen_t... " >&6; }
+if test ${krb5_cv_has_type_socklen_t+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+      #include <sys/socket.h>
+
+int
+main (void)
+{
+sizeof(socklen_t);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_has_type_socklen_t=yes
+else $as_nop
+  krb5_cv_has_type_socklen_t=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_type_socklen_t" >&5
+printf "%s\n" "$krb5_cv_has_type_socklen_t" >&6; }
+if test $krb5_cv_has_type_socklen_t = yes; then
+
+printf "%s\n" "#define HAVE_SOCKLEN_T 1" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct lifconf" >&5
+printf %s "checking for struct lifconf... " >&6; }
+if test ${krb5_cv_has_struct_lifconf+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/socket.h>
+      #include <net/if.h>
+
+int
+main (void)
+{
+sizeof (struct lifconf);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_has_struct_lifconf=yes
+else $as_nop
+  krb5_cv_has_struct_lifconf=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_struct_lifconf" >&5
+printf "%s\n" "$krb5_cv_has_struct_lifconf" >&6; }
+if test $krb5_cv_has_struct_lifconf = yes; then
+
+printf "%s\n" "#define HAVE_STRUCT_LIFCONF 1" >>confdefs.h
+
+fi
+# HP-UX 11 uses stuct if_laddrconf
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct if_laddrconf" >&5
+printf %s "checking for struct if_laddrconf... " >&6; }
+if test ${krb5_cv_has_struct_if_laddrconf+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/socket.h>
+      #include <net/if.h>
+      #include <net/if6.h>
+
+int
+main (void)
+{
+sizeof(struct if_laddrconf);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_has_struct_if_laddrconf=yes
+else $as_nop
+  krb5_cv_has_struct_if_laddrconf=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_has_struct_if_laddrconf" >&5
+printf "%s\n" "$krb5_cv_has_struct_if_laddrconf" >&6; }
+if test $krb5_cv_has_struct_if_laddrconf = yes; then
+
+printf "%s\n" "#define HAVE_STRUCT_IF_LADDRCONF 1" >>confdefs.h
+
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for h_errno in netdb.h" >&5
+printf %s "checking for h_errno in netdb.h... " >&6; }
+if test ${krb5_cv_header_netdb_h_h_errno+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+int
+main (void)
+{
+int x = h_errno;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_header_netdb_h_h_errno=yes
+else $as_nop
+  krb5_cv_header_netdb_h_h_errno=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_header_netdb_h_h_errno" >&5
+printf "%s\n" "$krb5_cv_header_netdb_h_h_errno" >&6; }
+if test $krb5_cv_header_netdb_h_h_errno = yes; then
+
+printf "%s\n" "#define HAVE_NETDB_H_H_ERRNO 1" >>confdefs.h
+
+fi
+
+
+# Check whether --enable-athena was given.
+if test ${enable_athena+y}
+then :
+  enableval=$enable_athena;
+printf "%s\n" "#define KRB5_ATHENA_COMPAT 1" >>confdefs.h
+
+fi
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+printf %s "checking for inline... " >&6; }
+if test ${ac_cv_c_inline+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo (void) {return 0; }
+$ac_kw foo_t foo (void) {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+printf "%s\n" "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+  inline | yes) ;;
+  *)
+    case $ac_cv_c_inline in
+      no) ac_val=;;
+      *) ac_val=$ac_cv_c_inline;;
+    esac
+    cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+    ;;
+esac
+
+
+
+
+ac_fn_c_check_type "$LINENO" "struct cmsghdr" "ac_cv_type_struct_cmsghdr" "
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+"
+if test "x$ac_cv_type_struct_cmsghdr" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_CMSGHDR 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "struct in_pktinfo" "ac_cv_type_struct_in_pktinfo" "
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+"
+if test "x$ac_cv_type_struct_in_pktinfo" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_IN_PKTINFO 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "struct in6_pktinfo" "ac_cv_type_struct_in6_pktinfo" "
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+"
+if test "x$ac_cv_type_struct_in6_pktinfo" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_IN6_PKTINFO 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" "
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+"
+if test "x$ac_cv_type_struct_sockaddr_storage" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h
+
+
+fi
+
+ac_fn_c_check_type "$LINENO" "struct rt_msghdr" "ac_cv_type_struct_rt_msghdr" "
+#include <sys/socket.h>
+#include <net/if.h>
+#include <net/route.h>
+
+"
+if test "x$ac_cv_type_struct_rt_msghdr" = xyes
+then :
+
+printf "%s\n" "#define HAVE_STRUCT_RT_MSGHDR 1" >>confdefs.h
+
+
+fi
+
+
+# Tests for 64-bit edwards25519 code.
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
+printf %s "checking size of size_t... " >&6; }
+if test ${ac_cv_sizeof_size_t+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t"        "$ac_includes_default"
+then :
+
+else $as_nop
+  if test "$ac_cv_type_size_t" = yes; then
+     { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (size_t)
+See \`config.log' for more details" "$LINENO" 5; }
+   else
+     ac_cv_sizeof_size_t=0
+   fi
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5
+printf "%s\n" "$ac_cv_sizeof_size_t" >&6; }
+
+
+
+printf "%s\n" "#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t" >>confdefs.h
+
+
+ac_fn_c_check_type "$LINENO" "__int128_t" "ac_cv_type___int128_t" "$ac_includes_default"
+if test "x$ac_cv_type___int128_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE___INT128_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "__uint128_t" "ac_cv_type___uint128_t" "$ac_includes_default"
+if test "x$ac_cv_type___uint128_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE___UINT128_T 1" >>confdefs.h
+
+
+fi
+
+
+# types libdb2 wants
+
+ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default"
+if test "x$ac_cv_type_ssize_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_SSIZE_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "u_char" "ac_cv_type_u_char" "$ac_includes_default"
+if test "x$ac_cv_type_u_char" = xyes
+then :
+
+printf "%s\n" "#define HAVE_U_CHAR 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "u_int" "ac_cv_type_u_int" "$ac_includes_default"
+if test "x$ac_cv_type_u_int" = xyes
+then :
+
+printf "%s\n" "#define HAVE_U_INT 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "u_long" "ac_cv_type_u_long" "$ac_includes_default"
+if test "x$ac_cv_type_u_long" = xyes
+then :
+
+printf "%s\n" "#define HAVE_U_LONG 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "u_int8_t" "ac_cv_type_u_int8_t" "$ac_includes_default"
+if test "x$ac_cv_type_u_int8_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_U_INT8_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "u_int16_t" "ac_cv_type_u_int16_t" "$ac_includes_default"
+if test "x$ac_cv_type_u_int16_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_U_INT16_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "u_int32_t" "ac_cv_type_u_int32_t" "$ac_includes_default"
+if test "x$ac_cv_type_u_int32_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_U_INT32_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default"
+if test "x$ac_cv_type_int8_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_INT8_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default"
+if test "x$ac_cv_type_int16_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_INT16_T 1" >>confdefs.h
+
+
+fi
+ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default"
+if test "x$ac_cv_type_int32_t" = xyes
+then :
+
+printf "%s\n" "#define HAVE_INT32_T 1" >>confdefs.h
+
+
+fi
+
+
+# Some libdb2 test programs want a shell that supports functions.
+FCTSH=false
+# Extract the first word of "sh", so it can be a program name with args.
+set dummy sh; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_SH+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $SH in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_SH="$SH" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_SH="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_path_SH" && ac_cv_path_SH="false"
+  ;;
+esac
+fi
+SH=$ac_cv_path_SH
+if test -n "$SH"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
+printf "%s\n" "$SH" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+# Extract the first word of "sh5", so it can be a program name with args.
+set dummy sh5; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_SH5+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $SH5 in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_SH5="$SH5" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_SH5="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_path_SH5" && ac_cv_path_SH5="false"
+  ;;
+esac
+fi
+SH5=$ac_cv_path_SH5
+if test -n "$SH5"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SH5" >&5
+printf "%s\n" "$SH5" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+# Extract the first word of "bash", so it can be a program name with args.
+set dummy bash; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_BASH+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $BASH in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_BASH="$BASH" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_BASH="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_path_BASH" && ac_cv_path_BASH="false"
+  ;;
+esac
+fi
+BASH=$ac_cv_path_BASH
+if test -n "$BASH"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $BASH" >&5
+printf "%s\n" "$BASH" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+for prog in $SH $SH5 $BASH; do
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $prog supports functions" >&5
+printf %s "checking if $prog supports functions... " >&6; }
+  if $prog -c 'foo() { true; }; foo' >/dev/null 2>&1; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+    FCTSH=$prog
+    break
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+  fi
+done
+
+
+# Test for POSIX 2001 *printf support (X/Open System Interfaces extension
+# to ANSI/ISO C 1999 specification).  Specifically, positional
+# specifications; not checking for other features like %zx at present.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for POSIX printf positional specification support" >&5
+printf %s "checking for POSIX printf positional specification support... " >&6; }
+if test ${ac_cv_printf_positional+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test "$cross_compiling" = yes
+then :
+  as_fn_error $? "Cannot test for printf positional argument support when cross compiling" "$LINENO" 5
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+      #include <string.h>
+      const char expected[] = "200 100";
+      int main()
+      {
+          char buf[30];
+          sprintf(buf, "%2\$x %1\$d", 100, 512);
+          if (strcmp(expected, buf)) {
+              fprintf(stderr, "bad result: <%s> wanted: <%s>\n",
+                      buf, expected);
+              return 1;
+          }
+          return 0;
+      }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  ac_cv_printf_positional=yes
+else $as_nop
+  ac_cv_printf_positional=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+# Nothing for autoconf.h for now.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_printf_positional" >&5
+printf "%s\n" "$ac_cv_printf_positional" >&6; }
+
+
+# for t_locate_kdc test
+
+# Extract the first word of "dig", so it can be a program name with args.
+set dummy dig; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_DIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $DIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_DIG="$DIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_DIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_path_DIG" && ac_cv_path_DIG="false"
+  ;;
+esac
+fi
+DIG=$ac_cv_path_DIG
+if test -n "$DIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DIG" >&5
+printf "%s\n" "$DIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+# Extract the first word of "nslookup", so it can be a program name with args.
+set dummy nslookup; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_NSLOOKUP+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $NSLOOKUP in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_NSLOOKUP="$NSLOOKUP" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_NSLOOKUP="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_path_NSLOOKUP" && ac_cv_path_NSLOOKUP="false"
+  ;;
+esac
+fi
+NSLOOKUP=$ac_cv_path_NSLOOKUP
+if test -n "$NSLOOKUP"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NSLOOKUP" >&5
+printf "%s\n" "$NSLOOKUP" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+
+# for kadmin
+
+for ac_prog in 'bison -y' byacc
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_YACC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$YACC"; then
+  ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_YACC="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+YACC=$ac_cv_prog_YACC
+if test -n "$YACC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+printf "%s\n" "$YACC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$YACC" && break
+done
+test -n "$YACC" || YACC="yacc"
+
+ath_compat=
+# Check whether --enable-athena was given.
+if test ${enable_athena+y}
+then :
+  enableval=$enable_athena; ath_compat=compat
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to use priocntl hack" >&5
+printf %s "checking whether to use priocntl hack... " >&6; }
+if test ${krb5_cv_priocntl_hack+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $krb5_cv_host in
+*-*-solaris2.9*)
+	if test "$cross_compiling" = yes; then
+		krb5_cv_priocntl_hack=yes
+	else
+		# Solaris patch 117171-11 (sparc) or 117172-11 (x86)
+		# fixes the Solaris 9 bug where final pty output
+		# gets lost on close.
+		if showrev -p | $AWK 'BEGIN { e = 1 }
+/Patch: 11717[12]/ { x = index($2, "-");
+if (substr($2, x + 1, length($2) - x) >= 11)
+{ e = 0 } else { e = 1 } }
+END { exit e; }'; then
+			krb5_cv_priocntl_hack=no
+		else
+			krb5_cv_priocntl_hack=yes
+		fi
+	fi
+	;;
+*)
+	krb5_cv_priocntl_hack=no
+	;;
+esac
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_priocntl_hack" >&5
+printf "%s\n" "$krb5_cv_priocntl_hack" >&6; }
+if test "$krb5_cv_priocntl_hack" = yes; then
+	PRIOCNTL_HACK=1
+else
+	PRIOCNTL_HACK=0
+fi
+
+
+# Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PERL+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$PERL"; then
+  ac_cv_prog_PERL="$PERL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_PERL="perl"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+PERL=$ac_cv_prog_PERL
+if test -n "$PERL"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+printf "%s\n" "$PERL" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+
+# lib/gssapi
+ac_fn_c_check_header_compile "$LINENO" "xom.h" "ac_cv_header_xom_h" "$ac_includes_default"
+if test "x$ac_cv_header_xom_h" = xyes
+then :
+
+	include_xom='awk '\''END{printf("%cinclude <xom.h>\n", 35);}'\'' < /dev/null'
+else $as_nop
+
+	include_xom='echo "/* no xom.h */"'
+fi
+
+
+
+
+# lib/rpc
+### Check where struct rpcent is declared.
+
+# This is necessary to determine:
+# 1. If /usr/include/netdb.h declares struct rpcent
+# 2. If /usr/include/rpc/netdb.h declares struct rpcent
+
+# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes
+# rpc/netdb.h, then nastiness could happen.
+
+# Logic: If /usr/include/netdb.h declares struct rpcent, then check
+# rpc/netdb.h.  If /usr/include/rpc/netdb.h declares struct rpcent,
+# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not.  If
+# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define
+# STRUCT_RPCENT_IN_RPC_NETDB_H anyway.
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking where struct rpcent is declared" >&5
+printf %s "checking where struct rpcent is declared... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+
+int
+main (void)
+{
+struct rpcent e;
+      char c = e.r_name[0];
+      int i = e.r_number;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  netdb_rpcent=yes
+else $as_nop
+  netdb_rpcent=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+if test "$netdb_rpcent" = yes; then
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <rpc/netdb.h>
+
+int
+main (void)
+{
+struct rpcent e;
+        char c = e.r_name[0];
+        int i = e.r_number;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  rpc_netdb_rpcent=yes
+else $as_nop
+  rpc_netdb_rpcent=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  if test "$rpc_netdb_rpcent" = yes; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: rpc/netdb.h" >&5
+printf "%s\n" "rpc/netdb.h" >&6; }
+    rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: netdb.h" >&5
+printf "%s\n" "netdb.h" >&6; }
+  fi
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: nowhere" >&5
+printf "%s\n" "nowhere" >&6; }
+  rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'
+fi
+
+
+ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_select_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "sys/time.h" "ac_cv_header_sys_time_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_time_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SYS_TIME_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
+
+fi
+
+if test $ac_cv_header_sys_select_h = yes; then
+  GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
+else
+  GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
+fi
+
+if test $ac_cv_header_sys_time_h = yes; then
+  GSSRPC__SYS_TIME_H='#include <sys/time.h>'
+else
+  GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
+fi
+
+if test $ac_cv_header_unistd_h = yes; then
+  GSSRPC__UNISTD_H='#include <unistd.h>'
+else
+  GSSRPC__UNISTD_H='/* #include <unistd.h> */'
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for MAXHOSTNAMELEN in sys/param.h" >&5
+printf %s "checking for MAXHOSTNAMELEN in sys/param.h... " >&6; }
+if test ${krb5_cv_header_sys_param_h_maxhostnamelen+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/param.h>
+
+int
+main (void)
+{
+int i = MAXHOSTNAMELEN;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_header_sys_param_h_maxhostnamelen=yes
+else $as_nop
+  krb5_cv_header_sys_param_h_maxhostnamelen=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_header_sys_param_h_maxhostnamelen" >&5
+printf "%s\n" "$krb5_cv_header_sys_param_h_maxhostnamelen" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for MAXHOSTNAMELEN in netdb.h" >&5
+printf %s "checking for MAXHOSTNAMELEN in netdb.h... " >&6; }
+if test ${krb5_cv_header_netdb_h_maxhostnamelen+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+
+int
+main (void)
+{
+int i = MAXHOSTNAMELEN;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_header_netdb_h_maxhostnamelen=yes
+else $as_nop
+  krb5_cv_header_netdb_h_maxhostnamelen=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_header_netdb_h_maxhostnamelen" >&5
+printf "%s\n" "$krb5_cv_header_netdb_h_maxhostnamelen" >&6; }
+
+GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
+GSSRPC__NETDB_H='/* #include <netdb.h> */'
+if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
+  GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
+else
+  if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
+    GSSRPC__NETDB_H='#include <netdb.h>'
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: can't find MAXHOSTNAMELEN definition; faking it" >&5
+printf "%s\n" "$as_me: WARNING: can't find MAXHOSTNAMELEN definition; faking it" >&2;}
+  fi
+fi
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD type aliases" >&5
+printf %s "checking for BSD type aliases... " >&6; }
+if test ${krb5_cv_type_bsdaliases+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+      #if HAVE_UNISTD_H
+      #include <unistd.h>
+      #endif
+
+int
+main (void)
+{
+u_char c;
+      u_int i;
+      u_long l;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  krb5_cv_type_bsdaliases=yes
+else $as_nop
+  krb5_cv_type_bsdaliases=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $krb5_cv_type_bsdaliases" >&5
+printf "%s\n" "$krb5_cv_type_bsdaliases" >&6; }
+if test $krb5_cv_type_bsdaliases = yes; then
+  GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
+else
+  GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking return type of setrpcent" >&5
+printf %s "checking return type of setrpcent... " >&6; }
+if test ${k5_cv_type_setrpcent+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+      extern void setrpcent();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  k5_cv_type_setrpcent=void
+else $as_nop
+  k5_cv_type_setrpcent=int
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_setrpcent" >&5
+printf "%s\n" "$k5_cv_type_setrpcent" >&6; }
+
+printf "%s\n" "#define SETRPCENT_TYPE $k5_cv_type_setrpcent" >>confdefs.h
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking return type of endrpcent" >&5
+printf %s "checking return type of endrpcent... " >&6; }
+if test ${k5_cv_type_endrpcent+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <netdb.h>
+      extern void endrpcent();
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  k5_cv_type_endrpcent=void
+else $as_nop
+  k5_cv_type_endrpcent=int
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $k5_cv_type_endrpcent" >&5
+printf "%s\n" "$k5_cv_type_endrpcent" >&6; }
+
+printf "%s\n" "#define ENDRPCENT_TYPE $k5_cv_type_endrpcent" >>confdefs.h
+
+ac_config_files="$ac_config_files include/gssrpc/types.h:include/gssrpc/types.hin"
+
+
+# for pkinit
+# Check whether --enable-pkinit was given.
+if test ${enable_pkinit+y}
+then :
+  enableval=$enable_pkinit;
+else $as_nop
+  enable_pkinit=try
+fi
+
+if test "$enable_pkinit" = yes || test "$enable_pkinit" = try; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a recent enough OpenSSL" >&5
+printf %s "checking for a recent enough OpenSSL... " >&6; }
+if test ${k5_cv_openssl_version_okay+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+# error openssl is too old, need 1.0.0
+#endif
+int i = 1;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  k5_cv_openssl_version_okay=yes
+else $as_nop
+  k5_cv_openssl_version_okay=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $k5_cv_openssl_version_okay" >&5
+printf "%s\n" "$k5_cv_openssl_version_okay" >&6; }
+  old_LIBS="$LIBS"
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PKCS7_get_signer_info in -lcrypto" >&5
+printf %s "checking for PKCS7_get_signer_info in -lcrypto... " >&6; }
+if test ${ac_cv_lib_crypto_PKCS7_get_signer_info+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char PKCS7_get_signer_info ();
+int
+main (void)
+{
+return PKCS7_get_signer_info ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_crypto_PKCS7_get_signer_info=yes
+else $as_nop
+  ac_cv_lib_crypto_PKCS7_get_signer_info=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_PKCS7_get_signer_info" >&5
+printf "%s\n" "$ac_cv_lib_crypto_PKCS7_get_signer_info" >&6; }
+if test "x$ac_cv_lib_crypto_PKCS7_get_signer_info" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBCRYPTO 1" >>confdefs.h
+
+  LIBS="-lcrypto $LIBS"
+
+fi
+
+  ac_fn_c_check_func "$LINENO" "EVP_PKEY_get_bn_param" "ac_cv_func_EVP_PKEY_get_bn_param"
+if test "x$ac_cv_func_EVP_PKEY_get_bn_param" = xyes
+then :
+  printf "%s\n" "#define HAVE_EVP_PKEY_GET_BN_PARAM 1" >>confdefs.h
+
+fi
+
+  LIBS="$old_LIBS"
+fi
+if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
+  ac_config_files="$ac_config_files plugins/preauth/pkinit/Makefile:$srcdir/./config/pre.in:plugins/preauth/pkinit/Makefile.in:plugins/preauth/pkinit/deps:$srcdir/./config/post.in"
+
+
+
+  ac_config_files="$ac_config_files tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in"
+
+
+
+  PKINIT=yes
+elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
+  as_fn_error $? "Version of OpenSSL is too old; cannot enable PKINIT." "$LINENO" 5
+else
+
+printf "%s\n" "#define DISABLE_PKINIT 1" >>confdefs.h
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Disabling PKINIT support." >&5
+printf "%s\n" "$as_me: Disabling PKINIT support." >&6;}
+  PKINIT=no
+fi
+
+
+# for lib/apputils
+ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon"
+if test "x$ac_cv_func_daemon" = xyes
+then :
+  printf "%s\n" "#define HAVE_DAEMON 1" >>confdefs.h
+
+else $as_nop
+  case " $LIBOBJS " in
+  *" daemon.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS daemon.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+# For Python tests.  Python version 3.2.4 is required as prior
+# versions do not accept string input to subprocess.Popen.communicate
+# when universal_newlines is set.
+PYTHON_MINVERSION=3.2.4
+
+# Extract the first word of "python3", so it can be a program name with args.
+set dummy python3; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PYTHON+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$PYTHON"; then
+  ac_cv_prog_PYTHON="$PYTHON" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_PYTHON="python3"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+PYTHON=$ac_cv_prog_PYTHON
+if test -n "$PYTHON"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+if test x"$PYTHON" = x; then
+	# Extract the first word of "python", so it can be a program name with args.
+set dummy python; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PYTHON+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$PYTHON"; then
+  ac_cv_prog_PYTHON="$PYTHON" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_PYTHON="python"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+PYTHON=$ac_cv_prog_PYTHON
+if test -n "$PYTHON"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+HAVE_PYTHON=no
+if test x"$PYTHON" != x; then
+	wantver="(sys.hexversion >= 0x30204F0)"
+	if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
+		HAVE_PYTHON=yes
+	fi
+fi
+
+
+# For cmocka tests.
+CMOCKA_LIBS=
+HAVE_CMOCKA=no
+HAVE_CMOCKA_H=no
+HAVE_CMOCKA_LIB=no
+ac_fn_c_check_header_compile "$LINENO" "cmocka.h" "ac_cv_header_cmocka_h" "
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+"
+if test "x$ac_cv_header_cmocka_h" = xyes
+then :
+  HAVE_CMOCKA_H=yes
+else $as_nop
+  :
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _cmocka_run_group_tests in -lcmocka" >&5
+printf %s "checking for _cmocka_run_group_tests in -lcmocka... " >&6; }
+if test ${ac_cv_lib_cmocka__cmocka_run_group_tests+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcmocka  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char _cmocka_run_group_tests ();
+int
+main (void)
+{
+return _cmocka_run_group_tests ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_cmocka__cmocka_run_group_tests=yes
+else $as_nop
+  ac_cv_lib_cmocka__cmocka_run_group_tests=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cmocka__cmocka_run_group_tests" >&5
+printf "%s\n" "$ac_cv_lib_cmocka__cmocka_run_group_tests" >&6; }
+if test "x$ac_cv_lib_cmocka__cmocka_run_group_tests" = xyes
+then :
+  HAVE_CMOCKA_LIB=yes
+fi
+
+if test "$HAVE_CMOCKA_LIB" = yes && test "$HAVE_CMOCKA_H" = yes; then
+    HAVE_CMOCKA=yes
+    CMOCKA_LIBS='-lcmocka'
+
+printf "%s\n" "#define HAVE_CMOCKA 1" >>confdefs.h
+
+fi
+
+
+
+# For URI lookup tests. Requires resolv_wrapper >= 1.1.5 for URI
+# support.
+HAVE_RESOLV_WRAPPER=0
+if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"resolv_wrapper >= 1.1.5\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "resolv_wrapper >= 1.1.5") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  HAVE_RESOLV_WRAPPER=1
+fi
+
+
+# for plugins/kdb/db2
+
+# AIX is unusual in that it wants all symbols resolved at link time
+#  Fortunately, it will allow us to link the kdb library now, even if
+# it is linked again later.
+case $krb5_cv_host in
+*-*-aix*)
+	DB_EXTRA_LIBS=-ldb
+	;;
+*)
+	DB_EXTRA_LIBS=
+	;;
+esac
+
+
+
+
+# Warn about possible thread safety issues.  These functions have all
+# been checked for previously.
+tsfuncs="getpwnam_r getpwuid_r gethostbyname_r getservbyname_r gmtime_r localtime_r"
+if test "$enable_thread_support" = yes; then
+  tsmissing=""
+  for ts in $tsfuncs; do
+    if eval "test \"\${ac_cv_func_$ts}\" != yes"; then
+      tsmissing="$tsmissing $ts"
+    fi
+  done
+  if test "$ac_cv_func_res_nsearch/$ac_cv_lib_resolv_res_nsearch" = "no/no"; then
+    tsmissing="$tsmissing res_nsearch"
+  fi
+  if test "$tsmissing" != ""; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Some functions that are needed for library thread" >&5
+printf "%s\n" "$as_me: WARNING: Some functions that are needed for library thread" >&2;}
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: safety appear to be missing." >&5
+printf "%s\n" "$as_me: WARNING: safety appear to be missing." >&2;}
+    for ts in $tsmissing; do
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING:   missing thread-safe function: $ts" >&5
+printf "%s\n" "$as_me: WARNING:   missing thread-safe function: $ts" >&2;}
+    done
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Without these functions, the installed libraries" >&5
+printf "%s\n" "$as_me: WARNING: Without these functions, the installed libraries" >&2;}
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: may not be thread-safe." >&5
+printf "%s\n" "$as_me: WARNING: may not be thread-safe." >&2;}
+  fi # tsmissing not empty
+fi # enable_thread_support
+
+# Sadly, we seem to have accidentally committed ourselves in 1.4 to
+# an ABI that includes the existence of libkrb5support.0 even
+# though random apps should never use anything from it.  And on
+# the Mac, to which that didn't apply, we can't use major version 0.
+
+case $krb5_cv_host in
+*-*-darwin* | *-*-rhapsody*) SUPPORTLIB_MAJOR=1 ;;
+*)			     SUPPORTLIB_MAJOR=0 ;;
+esac
+
+
+
+if test "$COM_ERR_VERSION" = k5 ; then
+  ac_config_files="$ac_config_files util/et/Makefile:$srcdir/./config/pre.in:util/et/Makefile.in:util/et/deps:$srcdir/./config/post.in"
+
+
+
+fi
+if test "$SS_VERSION" = k5 ; then
+  ac_config_files="$ac_config_files util/ss/Makefile:$srcdir/./config/pre.in:util/ss/Makefile.in:util/ss/deps:$srcdir/./config/post.in"
+
+
+
+fi
+
+
+ldap_plugin_dir=""
+ldap_lib=""
+if test -n "$OPENLDAP_PLUGIN"; then
+         for ac_header in ldap.h lber.h
+do :
+  as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"
+then :
+  cat >>confdefs.h <<_ACEOF
+#define `printf "%s\n" "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ :
+else $as_nop
+  as_fn_error $? "$ac_header not found" "$LINENO" 5
+fi
+
+done
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ldap_str2dn in -lldap" >&5
+printf %s "checking for ldap_str2dn in -lldap... " >&6; }
+if test ${ac_cv_lib_ldap_ldap_str2dn+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char ldap_str2dn ();
+int
+main (void)
+{
+return ldap_str2dn ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_ldap_ldap_str2dn=yes
+else $as_nop
+  ac_cv_lib_ldap_ldap_str2dn=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_str2dn" >&5
+printf "%s\n" "$ac_cv_lib_ldap_ldap_str2dn" >&6; }
+if test "x$ac_cv_lib_ldap_ldap_str2dn" = xyes
+then :
+  :
+else $as_nop
+  as_fn_error $? "libldap not found or missing ldap_str2dn" "$LINENO" 5
+fi
+
+
+  BER_OKAY=0
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ber_init in -lldap" >&5
+printf %s "checking for ber_init in -lldap... " >&6; }
+if test ${ac_cv_lib_ldap_ber_init+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char ber_init ();
+int
+main (void)
+{
+return ber_init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_ldap_ber_init=yes
+else $as_nop
+  ac_cv_lib_ldap_ber_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ber_init" >&5
+printf "%s\n" "$ac_cv_lib_ldap_ber_init" >&6; }
+if test "x$ac_cv_lib_ldap_ber_init" = xyes
+then :
+  BER_OKAY=1
+fi
+
+  if test "$BER_OKAY" = "1"; then
+    LDAP_LIBS='-lldap'
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ber_init in -llber" >&5
+printf %s "checking for ber_init in -llber... " >&6; }
+if test ${ac_cv_lib_lber_ber_init+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-llber  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char ber_init ();
+int
+main (void)
+{
+return ber_init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_lber_ber_init=yes
+else $as_nop
+  ac_cv_lib_lber_ber_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_ber_init" >&5
+printf "%s\n" "$ac_cv_lib_lber_ber_init" >&6; }
+if test "x$ac_cv_lib_lber_ber_init" = xyes
+then :
+  BER_OKAY=1
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libber not found" >&5
+printf "%s\n" "$as_me: WARNING: libber not found" >&2;}
+fi
+
+    if test "$BER_OKAY" = "1"; then
+      LDAP_LIBS='-lldap -llber'
+    else
+      as_fn_error $? "\"BER library missing - cannot build LDAP database module\"" "$LINENO" 5
+    fi
+  fi
+
+printf "%s\n" "#define ENABLE_LDAP 1" >>confdefs.h
+
+
+
+         for ac_header in sasl/sasl.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "sasl/sasl.h" "ac_cv_header_sasl_sasl_h" "$ac_includes_default"
+if test "x$ac_cv_header_sasl_sasl_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_SASL_SASL_H 1" >>confdefs.h
+ HAVE_SASL=yes
+else $as_nop
+  HAVE_SASL=no
+fi
+
+done
+
+  if test "$HAVE_SASL" = no; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: not building LDAP SASL support" >&5
+printf "%s\n" "$as_me: WARNING: not building LDAP SASL support" >&2;}
+  fi
+
+  ac_config_files="$ac_config_files plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:plugins/kdb/ldap/deps:$srcdir/./config/post.in"
+
+
+
+  ac_config_files="$ac_config_files plugins/kdb/ldap/ldap_util/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/ldap_util/Makefile.in:plugins/kdb/ldap/ldap_util/deps:$srcdir/./config/post.in"
+
+
+
+  ac_config_files="$ac_config_files plugins/kdb/ldap/libkdb_ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/libkdb_ldap/Makefile.in:plugins/kdb/ldap/libkdb_ldap/deps:$srcdir/./config/post.in"
+
+
+
+  ldap_plugin_dir='plugins/kdb/ldap plugins/kdb/ldap/ldap_util'
+  LDAP=yes
+else
+  LDAP=no
+fi
+
+
+# This check is for plugins/preauth/securid_sam2
+sam2_plugin=""
+old_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SD_Init in -laceclnt" >&5
+printf %s "checking for SD_Init in -laceclnt... " >&6; }
+if test ${ac_cv_lib_aceclnt_SD_Init+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-laceclnt  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char SD_Init ();
+int
+main (void)
+{
+return SD_Init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_aceclnt_SD_Init=yes
+else $as_nop
+  ac_cv_lib_aceclnt_SD_Init=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_aceclnt_SD_Init" >&5
+printf "%s\n" "$ac_cv_lib_aceclnt_SD_Init" >&6; }
+if test "x$ac_cv_lib_aceclnt_SD_Init" = xyes
+then :
+
+	     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Enabling RSA securID support" >&5
+printf "%s\n" "$as_me: Enabling RSA securID support" >&6;}
+	     ac_config_files="$ac_config_files plugins/preauth/securid_sam2/Makefile:$srcdir/./config/pre.in:plugins/preauth/securid_sam2/Makefile.in:plugins/preauth/securid_sam2/deps:$srcdir/./config/post.in"
+
+
+
+	     sam2_plugin=plugins/preauth/securid_sam2
+
+fi
+
+
+CFLAGS=$old_CFLAGS
+
+lmdb_plugin_dir=""
+HAVE_LMDB=no
+
+# Check whether --with-lmdb was given.
+if test ${with_lmdb+y}
+then :
+  withval=$with_lmdb;
+else $as_nop
+  withval=auto
+fi
+
+if test "$withval" = auto -o "$withval" = yes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mdb_env_create in -llmdb" >&5
+printf %s "checking for mdb_env_create in -llmdb... " >&6; }
+if test ${ac_cv_lib_lmdb_mdb_env_create+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-llmdb  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char mdb_env_create ();
+int
+main (void)
+{
+return mdb_env_create ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_lmdb_mdb_env_create=yes
+else $as_nop
+  ac_cv_lib_lmdb_mdb_env_create=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lmdb_mdb_env_create" >&5
+printf "%s\n" "$ac_cv_lib_lmdb_mdb_env_create" >&6; }
+if test "x$ac_cv_lib_lmdb_mdb_env_create" = xyes
+then :
+  have_lmdb=true
+else $as_nop
+  have_lmdb=false
+fi
+
+  if test "$have_lmdb" = true; then
+    LMDB_LIBS=-llmdb
+    HAVE_LMDB=yes
+    lmdb_plugin_dir='plugins/kdb/lmdb'
+    ac_config_files="$ac_config_files plugins/kdb/lmdb/Makefile:$srcdir/./config/pre.in:plugins/kdb/lmdb/Makefile.in:plugins/kdb/lmdb/deps:$srcdir/./config/post.in"
+
+
+
+  elif test "$withval" = yes; then
+    as_fn_error $? "liblmdb not found" "$LINENO" 5
+  fi
+fi
+
+
+
+
+# Kludge for simple server --- FIXME is this the best way to do this?
+
+if test "$ac_cv_lib_socket" = "yes" -a "$ac_cv_lib_nsl" = "yes"; then
+
+printf "%s\n" "#define BROKEN_STREAMS_SOCKETS 1" >>confdefs.h
+
+fi
+
+# Compile with libedit support in ss by default if available.  Compile
+# with readline only if asked, to avoid a default GPL dependency.
+
+# Check whether --with-libedit was given.
+if test ${with_libedit+y}
+then :
+  withval=$with_libedit;
+else $as_nop
+  with_libedit=default
+fi
+
+
+# Check whether --with-readline was given.
+if test ${with_readline+y}
+then :
+  withval=$with_readline;
+else $as_nop
+  with_readline=no
+fi
+
+if test "x$with_readline" = xyes; then
+  with_libedit=no
+fi
+RL_CFLAGS=
+RL_LIBS=
+if test "x$with_libedit" != xno; then
+
+pkg_failed=no
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libedit" >&5
+printf %s "checking for libedit... " >&6; }
+
+if test -n "$LIBEDIT_CFLAGS"; then
+    pkg_cv_LIBEDIT_CFLAGS="$LIBEDIT_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libedit\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libedit") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_LIBEDIT_CFLAGS=`$PKG_CONFIG --cflags "libedit" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$LIBEDIT_LIBS"; then
+    pkg_cv_LIBEDIT_LIBS="$LIBEDIT_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libedit\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libedit") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_LIBEDIT_LIBS=`$PKG_CONFIG --libs "libedit" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        LIBEDIT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libedit" 2>&1`
+        else
+	        LIBEDIT_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libedit" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$LIBEDIT_PKG_ERRORS" >&5
+
+	have_libedit=no
+elif test $pkg_failed = untried; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+	have_libedit=no
+else
+	LIBEDIT_CFLAGS=$pkg_cv_LIBEDIT_CFLAGS
+	LIBEDIT_LIBS=$pkg_cv_LIBEDIT_LIBS
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	have_libedit=yes
+fi
+  if test "x$have_libedit" = xyes; then
+    RL_CFLAGS=$LIBEDIT_CFLAGS
+    RL_LIBS=$LIBEDIT_LIBS
+
+printf "%s\n" "#define HAVE_LIBEDIT 1" >>confdefs.h
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using libedit for readline support" >&5
+printf "%s\n" "$as_me: Using libedit for readline support" >&6;}
+  elif test "x$with_libedit" = xyes; then
+    # We were explicitly asked for libedit and couldn't find it.
+    as_fn_error $? "Could not detect libedit with pkg-config" "$LINENO" 5
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Not using any readline support" >&5
+printf "%s\n" "$as_me: Not using any readline support" >&6;}
+  fi
+elif test "x$with_readline" = xyes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using GNU Readline" >&5
+printf "%s\n" "$as_me: Using GNU Readline" >&6;}
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for main in -lreadline" >&5
+printf %s "checking for main in -lreadline... " >&6; }
+if test ${ac_cv_lib_readline_main+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lreadline  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main (void)
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_readline_main=yes
+else $as_nop
+  ac_cv_lib_readline_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_readline_main" >&5
+printf "%s\n" "$ac_cv_lib_readline_main" >&6; }
+if test "x$ac_cv_lib_readline_main" = xyes
+then :
+  :
+else $as_nop
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Cannot find readline library.
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+
+printf "%s\n" "#define HAVE_READLINE 1" >>confdefs.h
+
+  RL_LIBS='-lreadline'
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Not using any readline support" >&5
+printf "%s\n" "Not using any readline support" >&6; }
+fi
+
+
+
+
+# Check whether --with-system-verto was given.
+if test ${with_system_verto+y}
+then :
+  withval=$with_system_verto;
+else $as_nop
+  with_system_verto=default
+fi
+
+VERTO_VERSION=k5
+if test "x$with_system_verto" != xno; then
+
+pkg_failed=no
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libverto" >&5
+printf %s "checking for libverto... " >&6; }
+
+if test -n "$VERTO_CFLAGS"; then
+    pkg_cv_VERTO_CFLAGS="$VERTO_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libverto\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libverto") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_VERTO_CFLAGS=`$PKG_CONFIG --cflags "libverto" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+if test -n "$VERTO_LIBS"; then
+    pkg_cv_VERTO_LIBS="$VERTO_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libverto\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "libverto") 2>&5
+  ac_status=$?
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_VERTO_LIBS=`$PKG_CONFIG --libs "libverto" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
+else
+  pkg_failed=yes
+fi
+ else
+    pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi
+        if test $_pkg_short_errors_supported = yes; then
+	        VERTO_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libverto" 2>&1`
+        else
+	        VERTO_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libverto" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$VERTO_PKG_ERRORS" >&5
+
+	have_sysverto=no
+elif test $pkg_failed = untried; then
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+	have_sysverto=no
+else
+	VERTO_CFLAGS=$pkg_cv_VERTO_CFLAGS
+	VERTO_LIBS=$pkg_cv_VERTO_LIBS
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+	have_sysverto=yes
+fi
+  if test "x$have_sysverto" = xyes; then
+    VERTO_VERSION=sys
+  elif test "x$with_system_verto" = xyes; then
+    as_fn_error $? "cannot detect system libverto" "$LINENO" 5
+  fi
+fi
+if test "x$VERTO_VERSION" = xsys; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using system libverto" >&5
+printf "%s\n" "$as_me: Using system libverto" >&6;}
+else
+  VERTO_CFLAGS=
+  VERTO_LIBS="-lverto"
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using built-in libverto" >&5
+printf "%s\n" "$as_me: Using built-in libverto" >&6;}
+fi
+
+
+
+
+# Extract the first word of "groff", so it can be a program name with args.
+set dummy groff; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_GROFF+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $GROFF in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_GROFF="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+GROFF=$ac_cv_path_GROFF
+if test -n "$GROFF"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5
+printf "%s\n" "$GROFF" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+
+# Make localedir work in autoconf 2.5x.
+if test "${localedir+set}" != set; then
+    localedir='$(datadir)/locale'
+fi
+
+
+# Determine the default macOS ccache type and whether to build the KCM
+# Mach RPC support.
+MACOS_FRAMEWORK=
+case $host in
+*-*-darwin[0-9].* | *-*-darwin10.*)
+  # Use the normal default cache type for macOS 10.6 (Darwin 10) and
+  # prior.  Build the KCM Mach RPC support.
+  OSX=osx
+  ;;
+*-*-darwin*)
+  # macOS 10.6 (Darwin 11) uses the KCM type by default.  macOS 11
+  # (Darwin 20) uses an xpc-based cache type called XCACHE by default.
+  # We can access either of these collections via a macos-specific
+  # implementation of the API cache type.  Build the KCM Mach RPC
+  # support.
+  OSX=osx
+  macos_defccname=API:
+  MACOS_FRAMEWORK="-framework Kerberos"
+  ;;
+*)
+  # This is not macOS; do not build the Mach RPC support and use the
+  # normal default cache type.
+  OSX=no
+  ;;
+esac
+if test "$macos_defccname" = API:; then
+
+printf "%s\n" "#define USE_CCAPI_MACOS 1" >>confdefs.h
+
+fi
+
+
+
+# Build-time default ccache, keytab, and client keytab names.  These
+# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
+# DEFCKTNAME.  Otherwise, we try to get the OS defaults from
+# krb5-config if we can, or fall back to hardcoded defaults.
+
+
+
+
+# Check whether --with-krb5-config was given.
+if test ${with_krb5_config+y}
+then :
+  withval=$with_krb5_config;
+else $as_nop
+  with_krb5_config=krb5-config
+fi
+
+if test "x$with_krb5_config" != xno; then
+	if test "x$with_krb5_config" = xyes; then
+		with_krb5_config=krb5-config
+	fi
+	if $with_krb5_config --help 2>&1 | grep defccname >/dev/null; then
+		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using $with_krb5_config for build defaults" >&5
+printf "%s\n" "$as_me: Using $with_krb5_config for build defaults" >&6;}
+		: "${DEFCCNAME=`$with_krb5_config --defccname`}"
+		: "${DEFKTNAME=`$with_krb5_config --defktname`}"
+		: "${DEFCKTNAME=`$with_krb5_config --defcktname`}"
+	fi
+fi
+if test "${DEFCCNAME+set}" != set; then
+	if test "${macos_defccname+set}" = set; then
+		DEFCCNAME=$macos_defccname
+	else
+		DEFCCNAME=FILE:/tmp/krb5cc_%{uid}
+	fi
+fi
+if test "${DEFKTNAME+set}" != set; then
+	DEFKTNAME=FILE:/etc/krb5.keytab
+fi
+if test "${DEFCKTNAME+set}" != set; then
+	_lcl_receval="$localstatedir"
+exp_localstatedir=`(test "x$prefix" = xNONE && prefix="$ac_default_prefix"
+     test "x$exec_prefix" = xNONE && exec_prefix="${prefix}"
+     _lcl_receval_old=''
+     while test "$_lcl_receval_old" != "$_lcl_receval"; do
+       _lcl_receval_old="$_lcl_receval"
+       eval _lcl_receval="\"$_lcl_receval\""
+     done
+     echo "$_lcl_receval")`
+	DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: Default ccache name: $DEFCCNAME" >&5
+printf "%s\n" "$as_me: Default ccache name: $DEFCCNAME" >&6;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: Default keytab name: $DEFKTNAME" >&5
+printf "%s\n" "$as_me: Default keytab name: $DEFKTNAME" >&6;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: Default client keytab name: $DEFCKTNAME" >&5
+printf "%s\n" "$as_me: Default client keytab name: $DEFCKTNAME" >&6;}
+
+printf "%s\n" "#define DEFCCNAME \"$DEFCCNAME\"" >>confdefs.h
+
+
+printf "%s\n" "#define DEFKTNAME \"$DEFKTNAME\"" >>confdefs.h
+
+
+printf "%s\n" "#define DEFCKTNAME \"$DEFCKTNAME\"" >>confdefs.h
+
+
+
+if test "${PKCS11_MODNAME+set}" != set; then
+	PKCS11_MODNAME=opensc-pkcs11.so
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: Default PKCS11 module name: $PKCS11_MODNAME" >&5
+printf "%s\n" "$as_me: Default PKCS11 module name: $PKCS11_MODNAME" >&6;}
+
+printf "%s\n" "#define PKCS11_MODNAME \"$PKCS11_MODNAME\"" >>confdefs.h
+
+
+ac_config_files="$ac_config_files build-tools/krb5-config"
+
+ac_config_files="$ac_config_files build-tools/kadm-server.pc build-tools/kadm-client.pc build-tools/kdb.pc build-tools/krb5.pc build-tools/krb5-gssapi.pc build-tools/mit-krb5.pc build-tools/mit-krb5-gssapi.pc build-tools/gssrpc.pc"
+
+
+ ac_config_files="$ac_config_files ./Makefile:$srcdir/./config/pre.in:./Makefile.in:./deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files util/Makefile:$srcdir/./config/pre.in:util/Makefile.in:util/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files util/support/Makefile:$srcdir/./config/pre.in:util/support/Makefile.in:util/support/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files util/profile/Makefile:$srcdir/./config/pre.in:util/profile/Makefile.in:util/profile/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files util/profile/testmod/Makefile:$srcdir/./config/pre.in:util/profile/testmod/Makefile.in:util/profile/testmod/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files util/verto/Makefile:$srcdir/./config/pre.in:util/verto/Makefile.in:util/verto/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/Makefile:$srcdir/./config/pre.in:lib/Makefile.in:lib/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/kdb/Makefile:$srcdir/./config/pre.in:lib/kdb/Makefile.in:lib/kdb/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/Makefile:$srcdir/./config/pre.in:lib/crypto/Makefile.in:lib/crypto/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/krb/Makefile:$srcdir/./config/pre.in:lib/crypto/krb/Makefile.in:lib/crypto/krb/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/crypto_tests/Makefile:$srcdir/./config/pre.in:lib/crypto/crypto_tests/Makefile.in:lib/crypto/crypto_tests/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/Makefile.in:lib/crypto/builtin/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/des/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/des/Makefile.in:lib/crypto/builtin/des/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/aes/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/aes/Makefile.in:lib/crypto/builtin/aes/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/camellia/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/camellia/Makefile.in:lib/crypto/builtin/camellia/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/md4/Makefile.in:lib/crypto/builtin/md4/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/md5/Makefile.in:lib/crypto/builtin/md5/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/sha1/Makefile.in:lib/crypto/builtin/sha1/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/sha2/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/sha2/Makefile.in:lib/crypto/builtin/sha2/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/enc_provider/Makefile.in:lib/crypto/builtin/enc_provider/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/builtin/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/hash_provider/Makefile.in:lib/crypto/builtin/hash_provider/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/openssl/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/Makefile.in:lib/crypto/openssl/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/openssl/des/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/des/Makefile.in:lib/crypto/openssl/des/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/openssl/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/enc_provider/Makefile.in:lib/crypto/openssl/enc_provider/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/crypto/openssl/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/hash_provider/Makefile.in:lib/crypto/openssl/hash_provider/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/Makefile:$srcdir/./config/pre.in:lib/krb5/Makefile.in:lib/krb5/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/error_tables/Makefile:$srcdir/./config/pre.in:lib/krb5/error_tables/Makefile.in:lib/krb5/error_tables/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/asn.1/Makefile:$srcdir/./config/pre.in:lib/krb5/asn.1/Makefile.in:lib/krb5/asn.1/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/ccache/Makefile:$srcdir/./config/pre.in:lib/krb5/ccache/Makefile.in:lib/krb5/ccache/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/keytab/Makefile:$srcdir/./config/pre.in:lib/krb5/keytab/Makefile.in:lib/krb5/keytab/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/krb/Makefile:$srcdir/./config/pre.in:lib/krb5/krb/Makefile.in:lib/krb5/krb/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/rcache/Makefile:$srcdir/./config/pre.in:lib/krb5/rcache/Makefile.in:lib/krb5/rcache/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/os/Makefile:$srcdir/./config/pre.in:lib/krb5/os/Makefile.in:lib/krb5/os/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krb5/unicode/Makefile:$srcdir/./config/pre.in:lib/krb5/unicode/Makefile.in:lib/krb5/unicode/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/gssapi/Makefile:$srcdir/./config/pre.in:lib/gssapi/Makefile.in:lib/gssapi/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/gssapi/generic/Makefile:$srcdir/./config/pre.in:lib/gssapi/generic/Makefile.in:lib/gssapi/generic/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/gssapi/krb5/Makefile:$srcdir/./config/pre.in:lib/gssapi/krb5/Makefile.in:lib/gssapi/krb5/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/gssapi/spnego/Makefile:$srcdir/./config/pre.in:lib/gssapi/spnego/Makefile.in:lib/gssapi/spnego/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/gssapi/mechglue/Makefile:$srcdir/./config/pre.in:lib/gssapi/mechglue/Makefile.in:lib/gssapi/mechglue/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/rpc/Makefile:$srcdir/./config/pre.in:lib/rpc/Makefile.in:lib/rpc/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/rpc/unit-test/Makefile:$srcdir/./config/pre.in:lib/rpc/unit-test/Makefile.in:lib/rpc/unit-test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/kadm5/Makefile:$srcdir/./config/pre.in:lib/kadm5/Makefile.in:lib/kadm5/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/kadm5/clnt/Makefile:$srcdir/./config/pre.in:lib/kadm5/clnt/Makefile.in:lib/kadm5/clnt/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/kadm5/srv/Makefile:$srcdir/./config/pre.in:lib/kadm5/srv/Makefile.in:lib/kadm5/srv/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/krad/Makefile:$srcdir/./config/pre.in:lib/krad/Makefile.in:lib/krad/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files lib/apputils/Makefile:$srcdir/./config/pre.in:lib/apputils/Makefile.in:lib/apputils/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kdc/Makefile:$srcdir/./config/pre.in:kdc/Makefile.in:kdc/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kprop/Makefile:$srcdir/./config/pre.in:kprop/Makefile.in:kprop/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files config-files/Makefile:$srcdir/./config/pre.in:config-files/Makefile.in:config-files/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files build-tools/Makefile:$srcdir/./config/pre.in:build-tools/Makefile.in:build-tools/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files man/Makefile:$srcdir/./config/pre.in:man/Makefile.in:man/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kadm5_auth/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_auth/test/Makefile.in:plugins/kadm5_auth/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/pwqual/test/Makefile:$srcdir/./config/pre.in:plugins/pwqual/test/Makefile.in:plugins/pwqual/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/audit/Makefile:$srcdir/./config/pre.in:plugins/audit/Makefile.in:plugins/audit/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/audit/test/Makefile:$srcdir/./config/pre.in:plugins/audit/test/Makefile.in:plugins/audit/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/Makefile.in:plugins/kdb/db2/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/Makefile.in:plugins/kdb/db2/libdb2/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/hash/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/hash/Makefile.in:plugins/kdb/db2/libdb2/hash/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/btree/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/btree/Makefile.in:plugins/kdb/db2/libdb2/btree/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/db/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/db/Makefile.in:plugins/kdb/db2/libdb2/db/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/mpool/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/mpool/Makefile.in:plugins/kdb/db2/libdb2/mpool/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/recno/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/recno/Makefile.in:plugins/kdb/db2/libdb2/recno/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/db2/libdb2/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/test/Makefile.in:plugins/kdb/db2/libdb2/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdb/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/test/Makefile.in:plugins/kdb/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/kdcpolicy/test/Makefile:$srcdir/./config/pre.in:plugins/kdcpolicy/test/Makefile.in:plugins/kdcpolicy/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/preauth/otp/Makefile:$srcdir/./config/pre.in:plugins/preauth/otp/Makefile.in:plugins/preauth/otp/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/preauth/spake/Makefile:$srcdir/./config/pre.in:plugins/preauth/spake/Makefile.in:plugins/preauth/spake/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/preauth/test/Makefile:$srcdir/./config/pre.in:plugins/preauth/test/Makefile.in:plugins/preauth/test/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/authdata/greet_client/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_client/Makefile.in:plugins/authdata/greet_client/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/authdata/greet_server/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_server/Makefile.in:plugins/authdata/greet_server/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files plugins/tls/k5tls/Makefile:$srcdir/./config/pre.in:plugins/tls/k5tls/Makefile.in:plugins/tls/k5tls/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/Makefile:$srcdir/./config/pre.in:clients/Makefile.in:clients/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/klist/Makefile:$srcdir/./config/pre.in:clients/klist/Makefile.in:clients/klist/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/kinit/Makefile:$srcdir/./config/pre.in:clients/kinit/Makefile.in:clients/kinit/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/kvno/Makefile:$srcdir/./config/pre.in:clients/kvno/Makefile.in:clients/kvno/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/kdestroy/Makefile:$srcdir/./config/pre.in:clients/kdestroy/Makefile.in:clients/kdestroy/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/kpasswd/Makefile:$srcdir/./config/pre.in:clients/kpasswd/Makefile.in:clients/kpasswd/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/ksu/Makefile:$srcdir/./config/pre.in:clients/ksu/Makefile.in:clients/ksu/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files clients/kswitch/Makefile:$srcdir/./config/pre.in:clients/kswitch/Makefile.in:clients/kswitch/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kadmin/Makefile:$srcdir/./config/pre.in:kadmin/Makefile.in:kadmin/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kadmin/cli/Makefile:$srcdir/./config/pre.in:kadmin/cli/Makefile.in:kadmin/cli/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kadmin/dbutil/Makefile:$srcdir/./config/pre.in:kadmin/dbutil/Makefile.in:kadmin/dbutil/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kadmin/ktutil/Makefile:$srcdir/./config/pre.in:kadmin/ktutil/Makefile.in:kadmin/ktutil/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files kadmin/server/Makefile:$srcdir/./config/pre.in:kadmin/server/Makefile.in:kadmin/server/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/Makefile:$srcdir/./config/pre.in:appl/Makefile.in:appl/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/sample/Makefile:$srcdir/./config/pre.in:appl/sample/Makefile.in:appl/sample/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/sample/sclient/Makefile:$srcdir/./config/pre.in:appl/sample/sclient/Makefile.in:appl/sample/sclient/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/sample/sserver/Makefile:$srcdir/./config/pre.in:appl/sample/sserver/Makefile.in:appl/sample/sserver/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/simple/Makefile:$srcdir/./config/pre.in:appl/simple/Makefile.in:appl/simple/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/simple/client/Makefile:$srcdir/./config/pre.in:appl/simple/client/Makefile.in:appl/simple/client/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/simple/server/Makefile:$srcdir/./config/pre.in:appl/simple/server/Makefile.in:appl/simple/server/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/gss-sample/Makefile:$srcdir/./config/pre.in:appl/gss-sample/Makefile.in:appl/gss-sample/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files appl/user_user/Makefile:$srcdir/./config/pre.in:appl/user_user/Makefile.in:appl/user_user/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/Makefile:$srcdir/./config/pre.in:tests/Makefile.in:tests/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/asn.1/Makefile:$srcdir/./config/pre.in:tests/asn.1/Makefile.in:tests/asn.1/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/create/Makefile:$srcdir/./config/pre.in:tests/create/Makefile.in:tests/create/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/hammer/Makefile:$srcdir/./config/pre.in:tests/hammer/Makefile.in:tests/hammer/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/verify/Makefile:$srcdir/./config/pre.in:tests/verify/Makefile.in:tests/verify/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/gssapi/Makefile:$srcdir/./config/pre.in:tests/gssapi/Makefile.in:tests/gssapi/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/threads/Makefile:$srcdir/./config/pre.in:tests/threads/Makefile.in:tests/threads/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in"
+ ac_config_files="$ac_config_files tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    if test "x$cache_file" != "x/dev/null"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
+      if test ! -f "$cache_file" || test -h "$cache_file"; then
+	cat confcache >"$cache_file"
+      else
+        case $cache_file in #(
+        */* | ?:*)
+	  mv -f confcache "$cache_file"$$ &&
+	  mv -f "$cache_file"$$ "$cache_file" ;; #(
+        *)
+	  mv -f confcache "$cache_file" ;;
+	esac
+      fi
+    fi
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else $as_nop
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
+as_nl='
+'
+export as_nl
+IFS=" ""	$as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh).  This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2)            ; then :; else exec 2>/dev/null; fi
+
+# The user is always right.
+if ${PATH_SEPARATOR+false} :; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    test -r "$as_dir$0" && as_myself=$as_dir$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  printf "%s\n" "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else $as_nop
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else $as_nop
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n.  New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_echo='printf %s\n'
+as_echo_n='printf %s'
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by Kerberos 5 $as_me 1.21.3, which was
+generated by GNU Autoconf 2.71.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Report bugs to <krb5-bugs@mit.edu>."
+
+_ACEOF
+ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
+ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config='$ac_cs_config_escaped'
+ac_cs_version="\\
+Kerberos 5 config.status 1.21.3
+configured by $0, generated by GNU Autoconf 2.71,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2021 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=?*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  --*=)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    printf "%s\n" "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    printf "%s\n" "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    '') as_fn_error $? "missing file argument" ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+  --help | --hel | -h )
+    printf "%s\n" "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  printf "%s\n" "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "po/Makefile") CONFIG_FILES="$CONFIG_FILES po/Makefile:$srcdir/./config/pre.in:po/Makefile.in:po/deps:$srcdir/./config/post.in" ;;
+    "plugins/audit/simple/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/simple/Makefile:$srcdir/./config/pre.in:plugins/audit/simple/Makefile.in:plugins/audit/simple/deps:$srcdir/./config/post.in" ;;
+    "include/autoconf.h") CONFIG_HEADERS="$CONFIG_HEADERS include/autoconf.h" ;;
+    "include/gssrpc/types.h") CONFIG_FILES="$CONFIG_FILES include/gssrpc/types.h:include/gssrpc/types.hin" ;;
+    "plugins/preauth/pkinit/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/pkinit/Makefile:$srcdir/./config/pre.in:plugins/preauth/pkinit/Makefile.in:plugins/preauth/pkinit/deps:$srcdir/./config/post.in" ;;
+    "tests/softpkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES tests/softpkcs11/Makefile:$srcdir/./config/pre.in:tests/softpkcs11/Makefile.in:tests/softpkcs11/deps:$srcdir/./config/post.in" ;;
+    "util/et/Makefile") CONFIG_FILES="$CONFIG_FILES util/et/Makefile:$srcdir/./config/pre.in:util/et/Makefile.in:util/et/deps:$srcdir/./config/post.in" ;;
+    "util/ss/Makefile") CONFIG_FILES="$CONFIG_FILES util/ss/Makefile:$srcdir/./config/pre.in:util/ss/Makefile.in:util/ss/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/Makefile.in:plugins/kdb/ldap/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/ldap/ldap_util/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/ldap_util/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/ldap_util/Makefile.in:plugins/kdb/ldap/ldap_util/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/ldap/libkdb_ldap/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/ldap/libkdb_ldap/Makefile:$srcdir/./config/pre.in:plugins/kdb/ldap/libkdb_ldap/Makefile.in:plugins/kdb/ldap/libkdb_ldap/deps:$srcdir/./config/post.in" ;;
+    "plugins/preauth/securid_sam2/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/securid_sam2/Makefile:$srcdir/./config/pre.in:plugins/preauth/securid_sam2/Makefile.in:plugins/preauth/securid_sam2/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/lmdb/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/lmdb/Makefile:$srcdir/./config/pre.in:plugins/kdb/lmdb/Makefile.in:plugins/kdb/lmdb/deps:$srcdir/./config/post.in" ;;
+    "build-tools/krb5-config") CONFIG_FILES="$CONFIG_FILES build-tools/krb5-config" ;;
+    "build-tools/kadm-server.pc") CONFIG_FILES="$CONFIG_FILES build-tools/kadm-server.pc" ;;
+    "build-tools/kadm-client.pc") CONFIG_FILES="$CONFIG_FILES build-tools/kadm-client.pc" ;;
+    "build-tools/kdb.pc") CONFIG_FILES="$CONFIG_FILES build-tools/kdb.pc" ;;
+    "build-tools/krb5.pc") CONFIG_FILES="$CONFIG_FILES build-tools/krb5.pc" ;;
+    "build-tools/krb5-gssapi.pc") CONFIG_FILES="$CONFIG_FILES build-tools/krb5-gssapi.pc" ;;
+    "build-tools/mit-krb5.pc") CONFIG_FILES="$CONFIG_FILES build-tools/mit-krb5.pc" ;;
+    "build-tools/mit-krb5-gssapi.pc") CONFIG_FILES="$CONFIG_FILES build-tools/mit-krb5-gssapi.pc" ;;
+    "build-tools/gssrpc.pc") CONFIG_FILES="$CONFIG_FILES build-tools/gssrpc.pc" ;;
+    "./Makefile") CONFIG_FILES="$CONFIG_FILES ./Makefile:$srcdir/./config/pre.in:./Makefile.in:./deps:$srcdir/./config/post.in" ;;
+    "util/Makefile") CONFIG_FILES="$CONFIG_FILES util/Makefile:$srcdir/./config/pre.in:util/Makefile.in:util/deps:$srcdir/./config/post.in" ;;
+    "util/support/Makefile") CONFIG_FILES="$CONFIG_FILES util/support/Makefile:$srcdir/./config/pre.in:util/support/Makefile.in:util/support/deps:$srcdir/./config/post.in" ;;
+    "util/profile/Makefile") CONFIG_FILES="$CONFIG_FILES util/profile/Makefile:$srcdir/./config/pre.in:util/profile/Makefile.in:util/profile/deps:$srcdir/./config/post.in" ;;
+    "util/profile/testmod/Makefile") CONFIG_FILES="$CONFIG_FILES util/profile/testmod/Makefile:$srcdir/./config/pre.in:util/profile/testmod/Makefile.in:util/profile/testmod/deps:$srcdir/./config/post.in" ;;
+    "util/verto/Makefile") CONFIG_FILES="$CONFIG_FILES util/verto/Makefile:$srcdir/./config/pre.in:util/verto/Makefile.in:util/verto/deps:$srcdir/./config/post.in" ;;
+    "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile:$srcdir/./config/pre.in:lib/Makefile.in:lib/deps:$srcdir/./config/post.in" ;;
+    "lib/kdb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kdb/Makefile:$srcdir/./config/pre.in:lib/kdb/Makefile.in:lib/kdb/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/Makefile:$srcdir/./config/pre.in:lib/crypto/Makefile.in:lib/crypto/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/krb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/krb/Makefile:$srcdir/./config/pre.in:lib/crypto/krb/Makefile.in:lib/crypto/krb/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/crypto_tests/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/crypto_tests/Makefile:$srcdir/./config/pre.in:lib/crypto/crypto_tests/Makefile.in:lib/crypto/crypto_tests/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/Makefile.in:lib/crypto/builtin/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/des/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/des/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/des/Makefile.in:lib/crypto/builtin/des/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/aes/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/aes/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/aes/Makefile.in:lib/crypto/builtin/aes/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/camellia/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/camellia/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/camellia/Makefile.in:lib/crypto/builtin/camellia/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/md4/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/md4/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/md4/Makefile.in:lib/crypto/builtin/md4/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/md5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/md5/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/md5/Makefile.in:lib/crypto/builtin/md5/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/sha1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/sha1/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/sha1/Makefile.in:lib/crypto/builtin/sha1/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/sha2/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/sha2/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/sha2/Makefile.in:lib/crypto/builtin/sha2/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/enc_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/enc_provider/Makefile.in:lib/crypto/builtin/enc_provider/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/builtin/hash_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/builtin/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/builtin/hash_provider/Makefile.in:lib/crypto/builtin/hash_provider/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/openssl/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/Makefile.in:lib/crypto/openssl/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/openssl/des/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/openssl/des/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/des/Makefile.in:lib/crypto/openssl/des/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/openssl/enc_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/openssl/enc_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/enc_provider/Makefile.in:lib/crypto/openssl/enc_provider/deps:$srcdir/./config/post.in" ;;
+    "lib/crypto/openssl/hash_provider/Makefile") CONFIG_FILES="$CONFIG_FILES lib/crypto/openssl/hash_provider/Makefile:$srcdir/./config/pre.in:lib/crypto/openssl/hash_provider/Makefile.in:lib/crypto/openssl/hash_provider/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/Makefile:$srcdir/./config/pre.in:lib/krb5/Makefile.in:lib/krb5/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/error_tables/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/error_tables/Makefile:$srcdir/./config/pre.in:lib/krb5/error_tables/Makefile.in:lib/krb5/error_tables/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/asn.1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/asn.1/Makefile:$srcdir/./config/pre.in:lib/krb5/asn.1/Makefile.in:lib/krb5/asn.1/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/ccache/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/ccache/Makefile:$srcdir/./config/pre.in:lib/krb5/ccache/Makefile.in:lib/krb5/ccache/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/keytab/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/keytab/Makefile:$srcdir/./config/pre.in:lib/krb5/keytab/Makefile.in:lib/krb5/keytab/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/krb/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/krb/Makefile:$srcdir/./config/pre.in:lib/krb5/krb/Makefile.in:lib/krb5/krb/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/rcache/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/rcache/Makefile:$srcdir/./config/pre.in:lib/krb5/rcache/Makefile.in:lib/krb5/rcache/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/os/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/os/Makefile:$srcdir/./config/pre.in:lib/krb5/os/Makefile.in:lib/krb5/os/deps:$srcdir/./config/post.in" ;;
+    "lib/krb5/unicode/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krb5/unicode/Makefile:$srcdir/./config/pre.in:lib/krb5/unicode/Makefile.in:lib/krb5/unicode/deps:$srcdir/./config/post.in" ;;
+    "lib/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/Makefile:$srcdir/./config/pre.in:lib/gssapi/Makefile.in:lib/gssapi/deps:$srcdir/./config/post.in" ;;
+    "lib/gssapi/generic/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/generic/Makefile:$srcdir/./config/pre.in:lib/gssapi/generic/Makefile.in:lib/gssapi/generic/deps:$srcdir/./config/post.in" ;;
+    "lib/gssapi/krb5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/krb5/Makefile:$srcdir/./config/pre.in:lib/gssapi/krb5/Makefile.in:lib/gssapi/krb5/deps:$srcdir/./config/post.in" ;;
+    "lib/gssapi/spnego/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/spnego/Makefile:$srcdir/./config/pre.in:lib/gssapi/spnego/Makefile.in:lib/gssapi/spnego/deps:$srcdir/./config/post.in" ;;
+    "lib/gssapi/mechglue/Makefile") CONFIG_FILES="$CONFIG_FILES lib/gssapi/mechglue/Makefile:$srcdir/./config/pre.in:lib/gssapi/mechglue/Makefile.in:lib/gssapi/mechglue/deps:$srcdir/./config/post.in" ;;
+    "lib/rpc/Makefile") CONFIG_FILES="$CONFIG_FILES lib/rpc/Makefile:$srcdir/./config/pre.in:lib/rpc/Makefile.in:lib/rpc/deps:$srcdir/./config/post.in" ;;
+    "lib/rpc/unit-test/Makefile") CONFIG_FILES="$CONFIG_FILES lib/rpc/unit-test/Makefile:$srcdir/./config/pre.in:lib/rpc/unit-test/Makefile.in:lib/rpc/unit-test/deps:$srcdir/./config/post.in" ;;
+    "lib/kadm5/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/Makefile:$srcdir/./config/pre.in:lib/kadm5/Makefile.in:lib/kadm5/deps:$srcdir/./config/post.in" ;;
+    "lib/kadm5/clnt/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/clnt/Makefile:$srcdir/./config/pre.in:lib/kadm5/clnt/Makefile.in:lib/kadm5/clnt/deps:$srcdir/./config/post.in" ;;
+    "lib/kadm5/srv/Makefile") CONFIG_FILES="$CONFIG_FILES lib/kadm5/srv/Makefile:$srcdir/./config/pre.in:lib/kadm5/srv/Makefile.in:lib/kadm5/srv/deps:$srcdir/./config/post.in" ;;
+    "lib/krad/Makefile") CONFIG_FILES="$CONFIG_FILES lib/krad/Makefile:$srcdir/./config/pre.in:lib/krad/Makefile.in:lib/krad/deps:$srcdir/./config/post.in" ;;
+    "lib/apputils/Makefile") CONFIG_FILES="$CONFIG_FILES lib/apputils/Makefile:$srcdir/./config/pre.in:lib/apputils/Makefile.in:lib/apputils/deps:$srcdir/./config/post.in" ;;
+    "kdc/Makefile") CONFIG_FILES="$CONFIG_FILES kdc/Makefile:$srcdir/./config/pre.in:kdc/Makefile.in:kdc/deps:$srcdir/./config/post.in" ;;
+    "kprop/Makefile") CONFIG_FILES="$CONFIG_FILES kprop/Makefile:$srcdir/./config/pre.in:kprop/Makefile.in:kprop/deps:$srcdir/./config/post.in" ;;
+    "config-files/Makefile") CONFIG_FILES="$CONFIG_FILES config-files/Makefile:$srcdir/./config/pre.in:config-files/Makefile.in:config-files/deps:$srcdir/./config/post.in" ;;
+    "build-tools/Makefile") CONFIG_FILES="$CONFIG_FILES build-tools/Makefile:$srcdir/./config/pre.in:build-tools/Makefile.in:build-tools/deps:$srcdir/./config/post.in" ;;
+    "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile:$srcdir/./config/pre.in:man/Makefile.in:man/deps:$srcdir/./config/post.in" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile:$srcdir/./config/pre.in:doc/Makefile.in:doc/deps:$srcdir/./config/post.in" ;;
+    "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile:$srcdir/./config/pre.in:include/Makefile.in:include/deps:$srcdir/./config/post.in" ;;
+    "plugins/certauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/certauth/test/Makefile:$srcdir/./config/pre.in:plugins/certauth/test/Makefile.in:plugins/certauth/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/gssapi/negoextest/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/gssapi/negoextest/Makefile:$srcdir/./config/pre.in:plugins/gssapi/negoextest/Makefile.in:plugins/gssapi/negoextest/deps:$srcdir/./config/post.in" ;;
+    "plugins/hostrealm/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/hostrealm/test/Makefile:$srcdir/./config/pre.in:plugins/hostrealm/test/Makefile.in:plugins/hostrealm/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/localauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/localauth/test/Makefile:$srcdir/./config/pre.in:plugins/localauth/test/Makefile.in:plugins/localauth/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/kadm5_hook/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kadm5_hook/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_hook/test/Makefile.in:plugins/kadm5_hook/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/kadm5_auth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kadm5_auth/test/Makefile:$srcdir/./config/pre.in:plugins/kadm5_auth/test/Makefile.in:plugins/kadm5_auth/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/pwqual/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/pwqual/test/Makefile:$srcdir/./config/pre.in:plugins/pwqual/test/Makefile.in:plugins/pwqual/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/audit/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/Makefile:$srcdir/./config/pre.in:plugins/audit/Makefile.in:plugins/audit/deps:$srcdir/./config/post.in" ;;
+    "plugins/audit/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/audit/test/Makefile:$srcdir/./config/pre.in:plugins/audit/test/Makefile.in:plugins/audit/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/Makefile.in:plugins/kdb/db2/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/Makefile.in:plugins/kdb/db2/libdb2/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/hash/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/hash/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/hash/Makefile.in:plugins/kdb/db2/libdb2/hash/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/btree/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/btree/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/btree/Makefile.in:plugins/kdb/db2/libdb2/btree/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/db/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/db/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/db/Makefile.in:plugins/kdb/db2/libdb2/db/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/mpool/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/mpool/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/mpool/Makefile.in:plugins/kdb/db2/libdb2/mpool/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/recno/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/recno/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/recno/Makefile.in:plugins/kdb/db2/libdb2/recno/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/db2/libdb2/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/db2/libdb2/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/db2/libdb2/test/Makefile.in:plugins/kdb/db2/libdb2/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdb/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdb/test/Makefile:$srcdir/./config/pre.in:plugins/kdb/test/Makefile.in:plugins/kdb/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/kdcpolicy/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/kdcpolicy/test/Makefile:$srcdir/./config/pre.in:plugins/kdcpolicy/test/Makefile.in:plugins/kdcpolicy/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/preauth/otp/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/otp/Makefile:$srcdir/./config/pre.in:plugins/preauth/otp/Makefile.in:plugins/preauth/otp/deps:$srcdir/./config/post.in" ;;
+    "plugins/preauth/spake/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/spake/Makefile:$srcdir/./config/pre.in:plugins/preauth/spake/Makefile.in:plugins/preauth/spake/deps:$srcdir/./config/post.in" ;;
+    "plugins/preauth/test/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/preauth/test/Makefile:$srcdir/./config/pre.in:plugins/preauth/test/Makefile.in:plugins/preauth/test/deps:$srcdir/./config/post.in" ;;
+    "plugins/authdata/greet_client/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/authdata/greet_client/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_client/Makefile.in:plugins/authdata/greet_client/deps:$srcdir/./config/post.in" ;;
+    "plugins/authdata/greet_server/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/authdata/greet_server/Makefile:$srcdir/./config/pre.in:plugins/authdata/greet_server/Makefile.in:plugins/authdata/greet_server/deps:$srcdir/./config/post.in" ;;
+    "plugins/tls/k5tls/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/tls/k5tls/Makefile:$srcdir/./config/pre.in:plugins/tls/k5tls/Makefile.in:plugins/tls/k5tls/deps:$srcdir/./config/post.in" ;;
+    "clients/Makefile") CONFIG_FILES="$CONFIG_FILES clients/Makefile:$srcdir/./config/pre.in:clients/Makefile.in:clients/deps:$srcdir/./config/post.in" ;;
+    "clients/klist/Makefile") CONFIG_FILES="$CONFIG_FILES clients/klist/Makefile:$srcdir/./config/pre.in:clients/klist/Makefile.in:clients/klist/deps:$srcdir/./config/post.in" ;;
+    "clients/kinit/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kinit/Makefile:$srcdir/./config/pre.in:clients/kinit/Makefile.in:clients/kinit/deps:$srcdir/./config/post.in" ;;
+    "clients/kvno/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kvno/Makefile:$srcdir/./config/pre.in:clients/kvno/Makefile.in:clients/kvno/deps:$srcdir/./config/post.in" ;;
+    "clients/kdestroy/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kdestroy/Makefile:$srcdir/./config/pre.in:clients/kdestroy/Makefile.in:clients/kdestroy/deps:$srcdir/./config/post.in" ;;
+    "clients/kpasswd/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kpasswd/Makefile:$srcdir/./config/pre.in:clients/kpasswd/Makefile.in:clients/kpasswd/deps:$srcdir/./config/post.in" ;;
+    "clients/ksu/Makefile") CONFIG_FILES="$CONFIG_FILES clients/ksu/Makefile:$srcdir/./config/pre.in:clients/ksu/Makefile.in:clients/ksu/deps:$srcdir/./config/post.in" ;;
+    "clients/kswitch/Makefile") CONFIG_FILES="$CONFIG_FILES clients/kswitch/Makefile:$srcdir/./config/pre.in:clients/kswitch/Makefile.in:clients/kswitch/deps:$srcdir/./config/post.in" ;;
+    "kadmin/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/Makefile:$srcdir/./config/pre.in:kadmin/Makefile.in:kadmin/deps:$srcdir/./config/post.in" ;;
+    "kadmin/cli/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/cli/Makefile:$srcdir/./config/pre.in:kadmin/cli/Makefile.in:kadmin/cli/deps:$srcdir/./config/post.in" ;;
+    "kadmin/dbutil/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/dbutil/Makefile:$srcdir/./config/pre.in:kadmin/dbutil/Makefile.in:kadmin/dbutil/deps:$srcdir/./config/post.in" ;;
+    "kadmin/ktutil/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/ktutil/Makefile:$srcdir/./config/pre.in:kadmin/ktutil/Makefile.in:kadmin/ktutil/deps:$srcdir/./config/post.in" ;;
+    "kadmin/server/Makefile") CONFIG_FILES="$CONFIG_FILES kadmin/server/Makefile:$srcdir/./config/pre.in:kadmin/server/Makefile.in:kadmin/server/deps:$srcdir/./config/post.in" ;;
+    "appl/Makefile") CONFIG_FILES="$CONFIG_FILES appl/Makefile:$srcdir/./config/pre.in:appl/Makefile.in:appl/deps:$srcdir/./config/post.in" ;;
+    "appl/sample/Makefile") CONFIG_FILES="$CONFIG_FILES appl/sample/Makefile:$srcdir/./config/pre.in:appl/sample/Makefile.in:appl/sample/deps:$srcdir/./config/post.in" ;;
+    "appl/sample/sclient/Makefile") CONFIG_FILES="$CONFIG_FILES appl/sample/sclient/Makefile:$srcdir/./config/pre.in:appl/sample/sclient/Makefile.in:appl/sample/sclient/deps:$srcdir/./config/post.in" ;;
+    "appl/sample/sserver/Makefile") CONFIG_FILES="$CONFIG_FILES appl/sample/sserver/Makefile:$srcdir/./config/pre.in:appl/sample/sserver/Makefile.in:appl/sample/sserver/deps:$srcdir/./config/post.in" ;;
+    "appl/simple/Makefile") CONFIG_FILES="$CONFIG_FILES appl/simple/Makefile:$srcdir/./config/pre.in:appl/simple/Makefile.in:appl/simple/deps:$srcdir/./config/post.in" ;;
+    "appl/simple/client/Makefile") CONFIG_FILES="$CONFIG_FILES appl/simple/client/Makefile:$srcdir/./config/pre.in:appl/simple/client/Makefile.in:appl/simple/client/deps:$srcdir/./config/post.in" ;;
+    "appl/simple/server/Makefile") CONFIG_FILES="$CONFIG_FILES appl/simple/server/Makefile:$srcdir/./config/pre.in:appl/simple/server/Makefile.in:appl/simple/server/deps:$srcdir/./config/post.in" ;;
+    "appl/gss-sample/Makefile") CONFIG_FILES="$CONFIG_FILES appl/gss-sample/Makefile:$srcdir/./config/pre.in:appl/gss-sample/Makefile.in:appl/gss-sample/deps:$srcdir/./config/post.in" ;;
+    "appl/user_user/Makefile") CONFIG_FILES="$CONFIG_FILES appl/user_user/Makefile:$srcdir/./config/pre.in:appl/user_user/Makefile.in:appl/user_user/deps:$srcdir/./config/post.in" ;;
+    "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile:$srcdir/./config/pre.in:tests/Makefile.in:tests/deps:$srcdir/./config/post.in" ;;
+    "tests/asn.1/Makefile") CONFIG_FILES="$CONFIG_FILES tests/asn.1/Makefile:$srcdir/./config/pre.in:tests/asn.1/Makefile.in:tests/asn.1/deps:$srcdir/./config/post.in" ;;
+    "tests/create/Makefile") CONFIG_FILES="$CONFIG_FILES tests/create/Makefile:$srcdir/./config/pre.in:tests/create/Makefile.in:tests/create/deps:$srcdir/./config/post.in" ;;
+    "tests/hammer/Makefile") CONFIG_FILES="$CONFIG_FILES tests/hammer/Makefile:$srcdir/./config/pre.in:tests/hammer/Makefile.in:tests/hammer/deps:$srcdir/./config/post.in" ;;
+    "tests/verify/Makefile") CONFIG_FILES="$CONFIG_FILES tests/verify/Makefile:$srcdir/./config/pre.in:tests/verify/Makefile.in:tests/verify/deps:$srcdir/./config/post.in" ;;
+    "tests/gssapi/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gssapi/Makefile:$srcdir/./config/pre.in:tests/gssapi/Makefile.in:tests/gssapi/deps:$srcdir/./config/post.in" ;;
+    "tests/threads/Makefile") CONFIG_FILES="$CONFIG_FILES tests/threads/Makefile:$srcdir/./config/pre.in:tests/threads/Makefile.in:tests/threads/deps:$srcdir/./config/post.in" ;;
+    "tests/shlib/Makefile") CONFIG_FILES="$CONFIG_FILES tests/shlib/Makefile:$srcdir/./config/pre.in:tests/shlib/Makefile.in:tests/shlib/deps:$srcdir/./config/post.in" ;;
+    "tests/gss-threads/Makefile") CONFIG_FILES="$CONFIG_FILES tests/gss-threads/Makefile:$srcdir/./config/pre.in:tests/gss-threads/Makefile.in:tests/gss-threads/deps:$srcdir/./config/post.in" ;;
+    "tests/misc/Makefile") CONFIG_FILES="$CONFIG_FILES tests/misc/Makefile:$srcdir/./config/pre.in:tests/misc/Makefile.in:tests/misc/deps:$srcdir/./config/post.in" ;;
+
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
+  test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp= ac_tmp=
+  trap 'exit_status=$?
+  : "${ac_tmp:=$tmp}"
+  { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+if $AWK 'BEGIN { getline <"/dev/null" }' </dev/null 2>/dev/null; then
+  ac_cs_awk_getline=:
+  ac_cs_awk_pipe_init=
+  ac_cs_awk_read_file='
+      while ((getline aline < (F[key])) > 0)
+	print(aline)
+      close(F[key])'
+  ac_cs_awk_pipe_fini=
+else
+  ac_cs_awk_getline=false
+  ac_cs_awk_pipe_init="print \"cat <<'|#_!!_#|' &&\""
+  ac_cs_awk_read_file='
+      print "|#_!!_#|"
+      print "cat " F[key] " &&"
+      '$ac_cs_awk_pipe_init
+  # The final `:' finishes the AND list.
+  ac_cs_awk_pipe_fini='END { print "|#_!!_#|"; print ":" }'
+fi
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+# Create commands to substitute file output variables.
+{
+  echo "cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1" &&
+  echo 'cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&' &&
+  echo "$ac_subst_files" | sed 's/.*/F["&"]="$&"/' &&
+  echo "_ACAWK" &&
+  echo "_ACEOF"
+} >conf$$files.sh &&
+. ./conf$$files.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+rm -f conf$$files.sh
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+  \$ac_cs_awk_pipe_init
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+  if (nfields == 3 && !substed) {
+    key = field[2]
+    if (F[key] != "" && line ~ /^[	 ]*@.*@[	 ]*$/) {
+      \$ac_cs_awk_read_file
+      next
+    }
+  }
+  print line
+}
+\$ac_cs_awk_pipe_fini
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+  || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=[	 ]*/{
+h
+s///
+s/^/:/
+s/[	 ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[	 ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_tt"; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS    "
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$ac_tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+printf "%s\n" "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`printf "%s\n" "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$ac_tmp/stdin" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" |
+if $ac_cs_awk_getline; then
+  $AWK -f "$ac_tmp/subs.awk"
+else
+  $AWK -f "$ac_tmp/subs.awk" | $SHELL
+fi \
+  >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
+      "$ac_tmp/out"`; test -z "$ac_out"; } &&
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&2;}
+
+  rm -f "$ac_tmp/stdin"
+  case $ac_file in
+  -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+  *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      printf "%s\n" "/* $configure_input  */" >&1 \
+      && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+    } >"$ac_tmp/config.h" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+    if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+printf "%s\n" "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$ac_tmp/config.h" "$ac_file" \
+	|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
+    fi
+  else
+    printf "%s\n" "/* $configure_input  */" >&1 \
+      && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+      || as_fn_error $? "could not create -" "$LINENO" 5
+  fi
+ ;;
+
+
+  esac
+
+
+  case $ac_file$ac_mode in
+    "include/autoconf.h":H) echo timestamp > include/autoconf.stamp ;;
+    "build-tools/krb5-config":F) chmod +x build-tools/krb5-config ;;
+
+  esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
diff --git a/krb5-1.21.3/src/configure.ac b/krb5-1.21.3/src/configure.ac
new file mode 100644
index 00000000..77be7a20
--- /dev/null
+++ b/krb5-1.21.3/src/configure.ac
@@ -0,0 +1,1573 @@
+K5_AC_INIT([aclocal.m4])
+
+# If $runstatedir isn't set by autoconf (<2.70), set it manually.
+if test x"$runstatedir" = x; then
+  runstatedir='${localstatedir}/run'
+fi
+AC_SUBST(runstatedir)
+
+# Don't make duplicate profile path entries for /etc/krb5.conf if
+# $sysconfdir is /etc
+if test "$sysconfdir" = /etc; then
+  SYSCONFCONF=""
+else
+  SYSCONFCONF=":${sysconfdir}/krb5.conf"
+fi
+AC_SUBST(SYSCONFCONF)
+
+CONFIG_RULES
+KRB5_VERSION=K5_VERSION
+AC_SUBST(KRB5_VERSION)
+
+
+AC_REQUIRE_CPP
+
+PKG_PROG_PKG_CONFIG
+
+AC_CHECK_HEADER([stdint.h], [],
+  [AC_MSG_ERROR([stdint.h is required])])
+
+AC_CACHE_CHECK([whether integers are two's complement],
+  [krb5_cv_ints_twos_compl],
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_BOOL_COMPILE_TRY(
+[#include <limits.h>
+],
+	[/* Basic two's complement check */
+	  ~(-1) == 0 && ~(-1L) == 0L &&
+	  /* Check that values with sign bit 1 and value bits 0 are valid */
+	  -(INT_MIN + 1) == INT_MAX && -(LONG_MIN + 1) == LONG_MAX &&
+	  /* Check that unsigned-to-signed conversions preserve bit patterns */
+	  (int)((unsigned int)INT_MAX + 1) == INT_MIN &&
+	  (long)((unsigned long)LONG_MAX + 1) == LONG_MIN])],
+    [krb5_cv_ints_twos_compl=yes],
+    [krb5_cv_ints_twos_compl=no])])
+
+if test "$krb5_cv_ints_twos_compl" = "no"; then
+  AC_MSG_ERROR([integers are not two's complement])
+fi
+
+AC_CACHE_CHECK([whether CHAR_BIT is 8],
+  [krb5_cv_char_bit_8],
+  [AC_PREPROC_IFELSE([AC_LANG_SOURCE(
+[[#include <limits.h>
+#if CHAR_BIT != 8
+  #error CHAR_BIT != 8
+#endif
+]])],
+    [krb5_cv_char_bit_8=yes], [krb5_cv_char_bit_8=no])])
+
+if test "$krb5_cv_char_bit_8" = "no"; then
+  AC_MSG_ERROR([CHAR_BIT is not 8])
+fi
+
+AC_CACHE_CHECK(if va_copy is available, krb5_cv_va_copy,
+[AC_LINK_IFELSE([AC_LANG_SOURCE([
+#include <stdarg.h>
+void f(va_list ap) {
+  va_list ap2;
+  va_copy(ap2, ap);
+  va_end(ap2);
+}
+va_list x;
+int main()
+{
+  f(x);
+  return 0;
+}])], krb5_cv_va_copy=yes, krb5_cv_va_copy=no)])
+if test "$krb5_cv_va_copy" = yes; then
+  AC_DEFINE(HAS_VA_COPY,1,[Define if va_copy macro or function is available.])
+fi
+
+# Note that this isn't checking if the copied value *works*, just
+# whether the C language constraints permit the copying.  If
+# va_list is defined as an array type, it can't be assigned.
+AC_CACHE_CHECK(if va_list objects can be copied by assignment,
+	       krb5_cv_va_simple_copy,
+[AC_COMPILE_IFELSE([
+AC_LANG_SOURCE([#include <stdarg.h>
+void f(va_list va2) {
+  va_list va1;
+  va1 = va2;
+}])], krb5_cv_va_simple_copy=yes, krb5_cv_va_simple_copy=no)])
+if test "$krb5_cv_va_simple_copy" = yes; then
+  AC_DEFINE(CAN_COPY_VA_LIST,1,[Define if va_list objects can be simply copied by assignment.])
+fi
+
+# The following lines are so that configure --help gives some global
+# configuration options.
+
+KRB5_LIB_AUX
+AC_ARG_ENABLE([athena],
+[  --enable-athena         build with MIT Project Athena configuration],,)
+
+# Begin autoconf tests for the Makefiles generated out of the top-level
+# configure.in...
+
+KRB5_BUILD_LIBOBJS
+KRB5_BUILD_LIBRARY
+KRB5_BUILD_PROGRAM
+# for kprop
+AC_TYPE_MODE_T
+AC_PROG_INSTALL
+KRB5_AC_NEED_DAEMON
+KRB5_GETSOCKNAME_ARGS
+KRB5_GETPEERNAME_ARGS
+LIBUTIL=
+AC_CHECK_LIB(util,main,[AC_DEFINE(HAVE_LIBUTIL,1,[Define if the util library is available])
+LIBUTIL=-lutil
+])
+AC_SUBST(LIBUTIL)
+
+# Determine if NLS is desired and supported.
+po=
+AC_ARG_ENABLE([nls],
+  [AS_HELP_STRING([--disable-nls], [disable native language support])],
+  [], [enable_nls=check])
+if test "$enable_nls" != no; then
+  AC_CHECK_HEADER(libintl.h, [
+    AC_SEARCH_LIBS(dgettext, intl, [
+      AC_DEFINE(ENABLE_NLS, 1,
+                [Define if translation functions should be used.])
+      nls_enabled=yes])])
+
+  AC_CHECK_PROG(MSGFMT,msgfmt,msgfmt)
+  if test x"$MSGFMT" != x; then
+    K5_GEN_MAKEFILE(po)
+    po=po
+  fi
+
+  # Error out if --enable-nls was explicitly requested but can't be enabled.
+  if test "$enable_nls" = yes; then
+    if test "$nls_enabled" != yes -o "x$po" = x; then
+      AC_MSG_ERROR([NLS support requested but cannot be built])
+    fi
+  fi
+fi
+AC_SUBST(po)
+
+# for kdc
+AC_CHECK_HEADERS(sys/sockio.h ifaddrs.h unistd.h fnmatch.h)
+AC_CHECK_FUNCS(vsprintf vasprintf vsnprintf strlcpy fnmatch secure_getenv)
+
+EXTRA_SUPPORT_SYMS=
+AC_CHECK_FUNC(strlcpy,
+[STRLCPY_ST_OBJ=
+STRLCPY_OBJ=],
+[STRLCPY_ST_OBJ=strlcpy.o
+STRLCPY_OBJ='$(OUTPRE)strlcpy.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_strlcpy krb5int_strlcat"])
+AC_SUBST(STRLCPY_OBJ)
+AC_SUBST(STRLCPY_ST_OBJ)
+
+AC_CHECK_FUNC(getopt,
+[GETOPT_ST_OBJ=
+GETOPT_OBJ=
+AC_DEFINE(HAVE_GETOPT, 1, [Define if system getopt should be used.])],
+[GETOPT_ST_OBJ='getopt.o'
+GETOPT_OBJ='$(OUTPRE)getopt.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_optind k5_optarg k5_opterr k5_optopt k5_getopt"])
+AC_SUBST(GETOPT_OBJ)
+AC_SUBST(GETOPT_ST_OBJ)
+
+AC_CHECK_FUNC(getopt_long,
+[GETOPT_LONG_ST_OBJ=
+GETOPT_LONG_OBJ=
+AC_DEFINE(HAVE_GETOPT_LONG, 1, [Define if system getopt_long should be used.])],
+[GETOPT_LONG_ST_OBJ='getopt_long.o'
+GETOPT_LONG_OBJ='$(OUTPRE)getopt_long.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_getopt_long"])
+AC_SUBST(GETOPT_LONG_OBJ)
+AC_SUBST(GETOPT_LONG_ST_OBJ)
+
+AC_CHECK_FUNC(fnmatch,
+[FNMATCH_ST_OBJ=
+FNMATCH_OBJ=],
+[FNMATCH_ST_OBJ=fnmatch.o
+FNMATCH_OBJ='$(OUTPRE)fnmatch.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_fnmatch"])
+AC_SUBST(FNMATCH_OBJ)
+AC_SUBST(FNMATCH_ST_OBJ)
+
+AC_CHECK_FUNC(vasprintf,
+[PRINTF_ST_OBJ=
+PRINTF_OBJ=],
+[PRINTF_ST_OBJ=printf.o
+PRINTF_OBJ='$(OUTPRE)printf.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_asprintf krb5int_vasprintf"])
+AC_SUBST(PRINTF_OBJ)
+AC_SUBST(PRINTF_ST_OBJ)
+KRB5_NEED_PROTO([#include <stdarg.h>
+#include <stdio.h>
+],vasprintf)
+KRB5_NEED_PROTO([#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+/* Solaris 8 declares swab in stdlib.h.  */
+#include <stdlib.h>
+],swab,1)
+
+AC_CHECK_FUNC(secure_getenv,
+[SECURE_GETENV_ST_OBJ=
+SECURE_GETENV_OBJ=
+SECURE_GETENV_INIT=],
+[SECURE_GETENV_ST_OBJ=secure_getenv.o
+SECURE_GETENV_OBJ='$(OUTPRE)secure_getenv.$(OBJEXT)'
+SECURE_GETENV_INIT=k5_secure_getenv_init
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS k5_secure_getenv"])
+AC_SUBST(SECURE_GETENV_OBJ)
+AC_SUBST(SECURE_GETENV_ST_OBJ)
+AC_SUBST(SECURE_GETENV_INIT)
+
+AC_PROG_AWK
+KRB5_AC_INET6
+KRB5_SOCKADDR_SA_LEN
+CHECK_SIGNALS
+
+# --with-vague-errors disables useful error messages.
+
+AC_ARG_WITH([vague-errors],
+  [AS_HELP_STRING([--with-vague-errors],
+    [Do not @<:@do@:>@ send helpful errors to client])],
+  [], [withval=no])
+if test "$withval" = yes; then
+	AC_MSG_NOTICE(Supplying vague error messages to KDC clients)
+	AC_DEFINE(KRBCONF_VAGUE_ERRORS,1,[Define if the KDC should return only vague error codes to clients])
+fi
+
+# Check which (if any) audit plugin to build
+audit_plugin=""
+AC_ARG_ENABLE([audit-plugin],
+  [AS_HELP_STRING([--enable-audit-plugin=IMPL],
+    [use audit plugin @<:@ do not use audit @:>@])],
+  [], enableval=no)
+if test "$enableval" != no; then
+    case "$enableval" in
+    simple)
+        # if audit_log_user_message is found, we assume
+        # that audit_open and audit_close are also defined.
+        AC_CHECK_LIB(audit, audit_log_user_message,
+                     [AUDIT_IMPL_LIBS=-laudit
+                     K5_GEN_MAKEFILE(plugins/audit/simple)
+                     audit_plugin=plugins/audit/simple ],
+                     AC_MSG_ERROR([libaudit not found or undefined symbol audit_log_user_message]))
+        ;;
+    *)
+        AC_MSG_ERROR([Unknown audit plugin implementation $enableval.])
+        ;;
+    esac
+fi
+AC_SUBST(AUDIT_IMPL_LIBS)
+AC_SUBST(audit_plugin)
+
+# WITH_CRYPTO_IMPL
+
+CRYPTO_IMPL=builtin
+AC_ARG_WITH([crypto-impl],
+  [AS_HELP_STRING([--with-crypto-impl=IMPL],
+    [use specified crypto implementation @<:@builtin@:>@])],
+  [CRYPTO_IMPL=$withval
+   AC_MSG_NOTICE(k5crypto will use '$withval')])
+
+CRYPTO_BUILTIN_TESTS=no
+case $CRYPTO_IMPL in
+builtin)
+  CRYPTO_BUILTIN_TESTS=yes
+  ;;
+openssl)
+  AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
+  AC_DEFINE([CRYPTO_OPENSSL], 1, [Define to use OpenSSL crypto library])
+  ;;
+*)
+  AC_MSG_ERROR([Unknown crypto implementation $withval])
+  ;;
+esac
+AC_SUBST([CRYPTO_IMPL_CFLAGS])
+AC_SUBST([CRYPTO_IMPL_LIBS])
+AC_SUBST([CRYPTO_BUILTIN_TESTS])
+
+# WITH_TLS_IMPL
+
+AC_ARG_WITH([tls-impl],
+  [AS_HELP_STRING([--with-tls-impl=IMPL],
+    [use specified TLS implementation @<:@auto@:>@])],
+  [TLS_IMPL=$withval], [TLS_IMPL=auto])
+case "$TLS_IMPL" in
+openssl|auto)
+  AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
+               -lcrypto)
+  AC_MSG_CHECKING([for OpenSSL])
+  if test x$have_lib_ssl = xtrue ; then
+    AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
+    AC_MSG_RESULT([yes])
+    TLS_IMPL_LIBS="-lssl -lcrypto"
+    TLS_IMPL=openssl
+    AC_MSG_NOTICE([TLS module will use OpenSSL])
+  else
+    if test "$TLS_IMPL" = openssl ; then
+      AC_MSG_ERROR([OpenSSL not found!])
+    else
+      AC_MSG_WARN([OpenSSL not found!])
+    fi
+    TLS_IMPL=no
+    AC_MSG_NOTICE(building without TLS support)
+  fi
+  ;;
+no)
+  AC_MSG_NOTICE(building without TLS support)
+  ;;
+*)
+  AC_MSG_ERROR([Unsupported TLS implementation $withval])
+  ;;
+esac
+
+if test "$TLS_IMPL" = no; then
+   AC_DEFINE(TLS_IMPL_NONE,1,[Define if no TLS implementation is selected])
+fi
+
+AC_SUBST(TLS_IMPL)
+AC_SUBST(TLS_IMPL_CFLAGS)
+AC_SUBST(TLS_IMPL_LIBS)
+
+AC_ARG_WITH([keyutils],
+  [AS_HELP_STRING([--without-keyutils], [do not link with libkeyutils])],
+  [], [with_keyutils=check])
+if test "$with_keyutils" != no; then
+  have_keyutils=false
+  AC_CHECK_HEADERS([keyutils.h],
+    AC_CHECK_LIB(keyutils, add_key, [have_keyutils=true]))
+  if test "$have_keyutils" = true; then
+    AC_DEFINE(USE_KEYRING_CCACHE, 1,
+              [Define if the keyring ccache should be enabled])
+    LIBS="-lkeyutils $LIBS"
+    # If libkeyutils supports persistent keyrings, use them.
+    AC_CHECK_LIB(keyutils, keyctl_get_persistent,
+      [AC_DEFINE(HAVE_PERSISTENT_KEYRING, 1,
+                 [Define if persistent keyrings are supported])
+      ])
+  elif test "$with_keyutils" = yes; then
+    AC_MSG_ERROR([libkeyutils not found])
+  fi
+fi
+
+# The SPAKE preauth plugin currently supports edwards25519 natively,
+# and can support three NIST groups using OpenSSL.
+HAVE_SPAKE_OPENSSL=no
+AC_ARG_WITH([spake-openssl],
+  [AS_HELP_STRING([--with-spake-openssl],
+    [use OpenSSL for SPAKE preauth @<:@auto@:>@])],
+  [], [withval=auto])
+if test "$withval" = auto -o "$withval" = yes; then
+  AC_CHECK_LIB([crypto],[EC_POINT_new],[have_crypto=true],[have_crypto=false])
+  if test "$have_crypto" = true; then
+    AC_DEFINE(SPAKE_OPENSSL,1,[Define to use OpenSSL for SPAKE preauth])
+    SPAKE_OPENSSL_LIBS=-lcrypto
+    HAVE_SPAKE_OPENSSL=yes
+  elif test "$withval" = yes; then
+    AC_MSG_ERROR([OpenSSL libcrypto not found])
+  fi
+fi
+AC_SUBST(HAVE_SPAKE_OPENSSL)
+AC_SUBST(SPAKE_OPENSSL_LIBS)
+
+AC_ARG_ENABLE([aesni],
+  [AS_HELP_STRING([--disable-aesni], [Do not build with AES-NI support])],
+  [], [enable_aesni=check])
+if test "$CRYPTO_IMPL" = builtin -a "x$enable_aesni" != xno; then
+    case "$host" in
+    i686-*)
+	aesni_obj=iaesx86.o
+	aesni_machine=x86
+	;;
+    x86_64-*)
+	aesni_obj=iaesx64.o
+	aesni_machine=amd64
+	;;
+    esac
+    case "$host" in
+    *-*-linux* | *-*-gnu* | *-*-*bsd* | *-*-solaris*)
+	# All Unix-like platforms need -D__linux__ for iaesx64.s to
+	# use the System V x86-64 calling convention.
+	aesni_flags="-D__linux__ -f elf -m $aesni_machine"
+	;;
+    esac
+    if test "x$aesni_obj" != x && test "x$aesni_flags" != x; then
+	AC_CHECK_PROG(YASM,yasm,yasm)
+	AC_CHECK_HEADERS(cpuid.h)
+	if test x"$YASM" != x -a "x$ac_cv_header_cpuid_h" = xyes; then
+	    AESNI_OBJ=$aesni_obj
+	    AESNI_FLAGS=$aesni_flags
+	    AC_DEFINE(AESNI,1,[Define if AES-NI support is enabled])
+	    AC_MSG_NOTICE([Building with AES-NI support])
+	fi
+    fi
+    if test "x$enable_aesni" = xyes -a "x$AESNI_OBJ" = x; then
+	AC_MSG_ERROR([AES-NI support requested but cannot be built])
+    fi
+fi
+AC_SUBST(AESNI_OBJ)
+AC_SUBST(AESNI_FLAGS)
+
+AC_ARG_ENABLE([kdc-lookaside-cache],
+  AS_HELP_STRING([--disable-kdc-lookaside-cache],
+    [Disable the cache which detects client retransmits]),
+  [], [enableval=yes])
+if test "$enableval" = no ; then
+	AC_DEFINE(NOCACHE,1,[Define if the KDC should use no lookaside cache])
+fi
+KRB5_RUN_FLAGS
+
+# asan is a gcc and clang facility to instrument the code with memory
+# error checking.  To use it, we compile C and C++ source files with
+# -fsanitize=address, and set ASAN=yes to suppress the undefined
+# symbols check when building shared libraries.
+AC_ARG_ENABLE([asan],
+  [AS_HELP_STRING([--enable-asan], [Build with asan memory checking])],
+  [], [enable_asan=no])
+if test "$enable_asan" != no; then
+    if test "$enable_asan" = yes; then
+        enable_asan=address
+    fi
+    ASAN_FLAGS="$DEFS -fsanitize=$enable_asan"
+    ASAN=yes
+    UNDEF_CHECK=
+else
+    ASAN_FLAGS=
+    ASAN=no
+fi
+AC_SUBST(ASAN_FLAGS)
+AC_SUBST(ASAN)
+
+# from old include/configure.in
+AH_TEMPLATE([HAVE_STRUCT_SOCKADDR_STORAGE],
+[Define if "struct sockaddr_storage" is available.])
+
+AC_CONFIG_HEADERS(include/autoconf.h, [echo timestamp > include/autoconf.stamp])
+AC_C_CONST
+AC_HEADER_DIRENT
+AC_FUNC_STRERROR_R
+AC_CHECK_FUNCS(strdup setvbuf seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strptime geteuid setenv unsetenv getenv gmtime_r localtime_r bswap16 bswap64 mkstemp getusershell access getcwd srand48 srand srandom stat strchr strerror timegm explicit_bzero explicit_memset getresuid getresgid)
+
+AC_CHECK_FUNC(mkstemp,
+[MKSTEMP_ST_OBJ=
+MKSTEMP_OBJ=],
+[MKSTEMP_ST_OBJ='mkstemp.o'
+MKSTEMP_OBJ='$(OUTPRE)mkstemp.$(OBJEXT)'
+EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_mkstemp"])
+AC_SUBST(MKSTEMP_OBJ)
+AC_SUBST(MKSTEMP_ST_OBJ)
+
+AC_CHECK_FUNC(gettimeofday,
+	[GETTIMEOFDAY_ST_OBJ=
+	GETTIMEOFDAY_OBJ=
+	AC_DEFINE(HAVE_GETTIMEOFDAY, 1, [Have the gettimeofday function])
+],
+	[GETTIMEOFDAY_ST_OBJ='gettimeofday.o'
+	GETTIMEOFDAY_OBJ='$(OUTPRE)gettimeofday.$(OBJEXT)'
+	EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_gettimeofday"])
+AC_SUBST(GETTIMEOFDAY_OBJ)
+AC_SUBST(GETTIMEOFDAY_ST_OBJ)
+AC_SUBST(EXTRA_SUPPORT_SYMS)
+
+DECLARE_SYS_ERRLIST
+AC_CHECK_HEADERS(unistd.h paths.h regex.h regexpr.h fcntl.h memory.h ifaddrs.h sys/filio.h byteswap.h machine/endian.h machine/byte_order.h sys/bswap.h endian.h pwd.h arpa/inet.h alloca.h dlfcn.h limits.h)
+AC_CHECK_HEADER(regexp.h, [], [],
+[#define INIT char *sp = instring;
+#define GETC() (*sp++)
+#define PEEKC() (*sp)
+#define UNGETC(c) (--sp)
+#define RETURN(c) return(c)
+#define ERROR(c)
+])
+AC_CHECK_MEMBERS([struct stat.st_mtimensec,struct stat.st_mtimespec.tv_nsec,struct stat.st_mtim.tv_nsec],,,[#include <sys/types.h>
+#include <sys/stat.h>])
+KRB5_AC_REGEX_FUNCS
+AC_TYPE_OFF_T
+
+# Fancy caching of perror result...
+AC_MSG_CHECKING(for perror declaration)
+AC_CACHE_VAL(krb5_cv_decl_perror,
+[AC_EGREP_HEADER(perror, errno.h,
+  krb5_cv_decl_perror=yes, krb5_cv_decl_perror=no)])
+AC_MSG_RESULT($krb5_cv_decl_perror)
+if test $krb5_cv_decl_perror = yes; then
+	AC_DEFINE(HDR_HAS_PERROR,1,[Define if errno.h declares perror])
+fi
+
+KRB5_NEED_PROTO([#include <time.h>],strptime)
+CHECK_WAIT_TYPE
+CHECK_SIGPROCMASK
+AC_TYPE_GETGROUPS
+CHECK_SETJMP
+
+# *rpcent return types needed for lib/rpc
+
+AC_MSG_CHECKING([return type of setrpcent])
+AC_CACHE_VAL(k5_cv_type_setrpcent,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_SOURCE([[#include <netdb.h>
+                    extern void setrpcent();]])],
+  [k5_cv_type_setrpcent=void],
+  [k5_cv_type_setrpcent=int])])
+AC_MSG_RESULT($k5_cv_type_setrpcent)
+AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
+
+AC_MSG_CHECKING([return type of endrpcent])
+AC_CACHE_VAL(k5_cv_type_endrpcent,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <netdb.h>
+      extern void endrpcent();]])],
+  [k5_cv_type_endrpcent=void], [k5_cv_type_endrpcent=int])])
+AC_MSG_RESULT($k5_cv_type_endrpcent)
+AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
+
+
+# bswap_16 is a macro in byteswap.h under GNU libc
+AC_MSG_CHECKING(for bswap_16)
+AC_CACHE_VAL(krb5_cv_bswap_16,
+[AC_LINK_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#if HAVE_BYTESWAP_H
+      #include <byteswap.h>
+      #endif
+    ]],
+    [[bswap_16(37);]])],
+  [krb5_cv_bswap_16=yes], [krb5_cv_bswap_16=no])])
+AC_MSG_RESULT($krb5_cv_bswap_16)
+if test "$krb5_cv_bswap_16" = yes; then
+  AC_DEFINE(HAVE_BSWAP_16,1,[Define to 1 if bswap_16 is available via byteswap.h])
+fi
+AC_MSG_CHECKING(for bswap_64)
+AC_CACHE_VAL(krb5_cv_bswap_64,
+[AC_LINK_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#if HAVE_BYTESWAP_H
+      #include <byteswap.h>
+      #endif
+    ]],
+    [[bswap_64(37);]])],
+  [krb5_cv_bswap_64=yes], [krb5_cv_bswap_64=no])])
+AC_MSG_RESULT($krb5_cv_bswap_64)
+if test "$krb5_cv_bswap_64" = yes; then
+  AC_DEFINE(HAVE_BSWAP_64,1,[Define to 1 if bswap_64 is available via byteswap.h])
+fi
+
+# Needed for ksu and some appl stuff.
+
+case $krb5_cv_host in
+alpha*-dec-osf*)
+	AC_CHECK_LIB(security,setluid,
+		AC_DEFINE(HAVE_SETLUID,1,[Define if setluid provided in OSF/1 security library])
+		KSU_LIBS="-lsecurity"
+	)
+	;;
+esac
+AC_SUBST(KSU_LIBS)
+
+if test $ac_cv_func_setenv = no || test $ac_cv_func_unsetenv = no \
+  || test $ac_cv_func_getenv = no; then
+  SETENVOBJ=setenv.o
+else
+  SETENVOBJ=
+fi
+AC_SUBST(SETENVOBJ)
+
+# Check what the return types for gethostbyname_r and getservbyname_r are.
+
+AC_CHECK_FUNC(gethostbyname_r,[
+ac_cv_func_gethostbyname_r=yes
+if test "$ac_cv_func_gethostbyname_r" = yes; then
+  AC_MSG_CHECKING([if gethostbyname_r returns an int])
+  AC_CACHE_VAL(krb5_cv_gethostbyname_r_returns_int,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <netdb.h>
+        extern int gethostbyname_r();]])],
+    [krb5_cv_gethostbyname_r_returns_int=yes],
+    [krb5_cv_gethostbyname_r_returns_int=no])])
+  AC_MSG_RESULT($krb5_cv_gethostbyname_r_returns_int)
+
+  AC_MSG_CHECKING([if gethostbyname_r returns a pointer])
+  AC_CACHE_VAL(krb5_cv_gethostbyname_r_returns_ptr,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <netdb.h>
+        extern struct hostent *gethostbyname_r();]])],
+    [krb5_cv_gethostbyname_r_returns_ptr=yes],
+    [krb5_cv_gethostbyname_r_returns_ptr=no])])
+  AC_MSG_RESULT($krb5_cv_gethostbyname_r_returns_ptr)
+
+  if test "$krb5_cv_gethostbyname_r_returns_int" = "$krb5_cv_gethostbyname_r_returns_ptr"; then
+    AC_MSG_WARN(cannot determine return type of gethostbyname_r -- disabling)
+    ac_cv_func_gethostbyname_r=no
+  fi
+  if test "$krb5_cv_gethostbyname_r_returns_int" = yes; then
+    AC_DEFINE(GETHOSTBYNAME_R_RETURNS_INT, 1, [Define if gethostbyname_r returns int rather than struct hostent * ])
+  fi
+fi
+if test "$ac_cv_func_gethostbyname_r" = yes; then
+  AC_DEFINE(HAVE_GETHOSTBYNAME_R, 1, [Define if gethostbyname_r exists and its return type is known])
+  AC_CHECK_FUNC(gethostbyaddr_r)
+fi
+])
+
+
+# PTHREAD_CFLAGS changes which variant of these functions is declared
+# on Solaris 11, so use it for these tests.
+old_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+AC_CHECK_FUNC(getpwnam_r,ac_cv_func_getpwnam_r=yes,ac_cv_func_getpwnam_r=no)
+AC_CHECK_FUNC(getpwuid_r,ac_cv_func_getpwuid_r=yes,ac_cv_func_getpwuid_r=no)
+if test "$ac_cv_func_getpwnam_r" = yes; then
+  AC_MSG_CHECKING([return type of getpwnam_r])
+  AC_CACHE_VAL(krb5_cv_getpwnam_r_return_type,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <pwd.h>
+        extern int getpwnam_r();]])],
+    [getpwnam_r_returns_int=yes], [getpwnam_r_returns_int=no])
+   AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <pwd.h>
+        extern struct passwd *getpwnam_r();]])],
+    [getpwnam_r_returns_ptr=yes], [getpwnam_r_returns_ptr=no])
+   case "$getpwnam_r_returns_int/$getpwnam_r_returns_ptr" in
+     yes/no) krb5_cv_getpwnam_r_return_type=int ;;
+     no/yes) krb5_cv_getpwnam_r_return_type=ptr ;;
+     *) krb5_cv_getpwnam_r_return_type=unknown ;;
+   esac])
+  AC_MSG_RESULT($krb5_cv_getpwnam_r_return_type)
+  if test $krb5_cv_getpwnam_r_return_type = int; then
+    AC_DEFINE(GETPWNAM_R_RETURNS_INT, 1, [Define if getpwnam_r returns an int])
+  elif test $krb5_cv_getpwnam_r_return_type = unknown; then
+    AC_MSG_WARN([Cannot determine getpwnam_r return type, disabling getpwnam_r])
+    ac_cv_func_getpwnam_r=no
+  fi
+fi
+if test "$ac_cv_func_getpwnam_r" = yes; then
+  AC_MSG_CHECKING([number of arguments to getpwnam_r])
+  AC_CACHE_VAL(krb5_cv_getpwnam_r_args,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#include <pwd.h>
+        struct passwd pwx; char buf[1024];]],
+      [[getpwnam_r("", &pwx, buf, sizeof(buf));]])],
+    [args4=yes], [args4=no])
+   AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM(
+       [[#include <pwd.h>
+         struct passwd pwx, *p;
+         char buf[1024];]],
+       [[getpwnam_r("", &pwx, buf, sizeof(buf), &p);]])],
+     [args5=yes], [args5=no])
+   case $args4/$args5 in
+     yes/no) krb5_cv_getpwnam_r_args=4 ;;
+     no/yes) krb5_cv_getpwnam_r_args=5 ;;
+     *) krb5_cv_getpwnam_r_args=unknown ;;
+   esac])
+  AC_MSG_RESULT($krb5_cv_getpwnam_r_args)
+  if test "$krb5_cv_getpwnam_r_args" = unknown; then
+    AC_MSG_WARN([Cannot determine number of arguments to getpwnam_r, disabling its use.])
+    ac_cv_func_getpwnam_r=no
+  else
+    AC_DEFINE(HAVE_GETPWNAM_R,1,[Define if getpwnam_r is available and useful.])
+    if test "$krb5_cv_getpwnam_r_args" = 4; then
+      AC_DEFINE(GETPWNAM_R_4_ARGS,1,[Define if getpwnam_r exists but takes only 4 arguments (e.g., POSIX draft 6 implementations like some Solaris releases).])
+    fi
+  fi
+fi
+CFLAGS=$old_CFLAGS
+
+if test "$ac_cv_func_getpwnam_r" = no && test "$ac_cv_func_getpwuid_r" = yes; then
+  # Actually, we could do this check, and the corresponding checks
+  # for return type and number of arguments, but I doubt we'll run
+  # into a system where we'd get to use getpwuid_r but not getpwnam_r.
+  AC_MSG_NOTICE([getpwnam_r not useful, so disabling getpwuid_r too])
+  ac_cv_func_getpwuid_r=no
+fi
+if test "$ac_cv_func_getpwuid_r" = yes; then
+  AC_DEFINE(HAVE_GETPWUID_R,1,[Define if getpwuid_r is available and useful.])
+  # Hack: Assume getpwuid_r is the shorter form if getpwnam_r is.
+  if test "$krb5_cv_getpwnam_r_args" = 4; then
+    AC_DEFINE(GETPWUID_R_4_ARGS,1,[Define if getpwuid_r exists but takes only 4 arguments (e.g., POSIX draft 6 implementations like some Solaris releases).])
+  fi
+fi
+
+if test "$ac_cv_func_gmtime_r" = yes; then
+  AC_MSG_CHECKING([whether gmtime_r returns int])
+  AC_CACHE_VAL(krb5_cv_gmtime_r_returns_int,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <time.h>
+        extern int gmtime_r();]])],
+    [return_int=yes], [return_int=no])
+   AC_COMPILE_IFELSE([
+     AC_LANG_SOURCE(
+       [[#include <time.h>
+         extern struct tm *gmtime_r();]])],
+     [return_ptr=yes], [return_ptr=no])
+   case $return_int/$return_ptr in
+     yes/no) krb5_cv_gmtime_r_returns_int=yes ;;
+     no/yes) krb5_cv_gmtime_r_returns_int=no ;;
+     *)      # Can't figure it out, punt the function.
+             ac_cv_func_gmtime_r=no ;;
+   esac])
+  if test "$ac_cv_func_gmtime_r" = no; then
+    AC_MSG_RESULT(unknown -- ignoring gmtime_r)
+  else
+    AC_MSG_RESULT($krb5_cv_gmtime_r_returns_int)
+    if test "$krb5_cv_gmtime_r_returns_int" = yes; then
+      AC_DEFINE(GMTIME_R_RETURNS_INT,1,[Define if gmtime_r returns int instead of struct tm pointer, as on old HP-UX systems.])
+    fi
+  fi
+fi
+
+AC_CHECK_FUNC(getservbyname_r,[
+ac_cv_func_getservbyname_r=yes
+if test "$ac_cv_func_getservbyname_r" = yes; then
+  AC_MSG_CHECKING([if getservbyname_r returns an int])
+  AC_CACHE_VAL(krb5_cv_getservbyname_r_returns_int,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <netdb.h>
+        extern int getservbyname_r();]])],
+    [krb5_cv_getservbyname_r_returns_int=yes],
+    [krb5_cv_getservbyname_r_returns_int=no])])
+  AC_MSG_RESULT($krb5_cv_getservbyname_r_returns_int)
+
+  AC_MSG_CHECKING([if getservbyname_r returns a pointer])
+  AC_CACHE_VAL(krb5_cv_getservbyname_r_returns_ptr,
+  [AC_COMPILE_IFELSE(
+    [AC_LANG_SOURCE(
+      [[#include <netdb.h>
+        extern struct servent *getservbyname_r();]])],
+    [krb5_cv_getservbyname_r_returns_ptr=yes],
+    [krb5_cv_getservbyname_r_returns_ptr=no])])
+  AC_MSG_RESULT($krb5_cv_getservbyname_r_returns_ptr)
+
+  if test "$krb5_cv_getservbyname_r_returns_int" = "$krb5_cv_getservbyname_r_returns_ptr"; then
+    AC_MSG_WARN(cannot determine return type of getservbyname_r -- disabling)
+    ac_cv_func_getservbyname_r=no
+  fi
+  if test "$krb5_cv_getservbyname_r_returns_int" = yes; then
+    AC_DEFINE(GETSERVBYNAME_R_RETURNS_INT, 1, [Define if getservbyname_r returns int rather than struct servent * ])
+  fi
+fi
+if test "$ac_cv_func_getservbyname_r" = yes; then
+  AC_DEFINE(HAVE_GETSERVBYNAME_R, 1, [Define if getservbyname_r exists and its return type is known])
+  AC_CHECK_FUNC(getservbyport_r)
+fi
+])
+
+CHECK_DIRENT
+AC_TYPE_UID_T
+
+AC_CHECK_HEADER(termios.h,
+[AC_CHECK_FUNC([tcsetattr],
+  AC_DEFINE(POSIX_TERMIOS,1,[Define if termios.h exists and tcsetattr exists]))])
+
+AC_CHECK_HEADERS(poll.h stdlib.h string.h stddef.h sys/types.h sys/file.h sys/param.h sys/stat.h sys/time.h netinet/in.h sys/uio.h sys/filio.h sys/select.h time.h paths.h errno.h)
+
+# If compiling with IPv6 support, test if in6addr_any functions.
+# Irix 6.5.16 defines it, but lacks support in the C library.
+if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes ; then
+  AC_CACHE_CHECK([for in6addr_any definition in library],
+  [krb5_cv_var_in6addr_any],
+  [AC_LINK_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#ifdef HAVE_SYS_TYPES_H
+        #include <sys/types.h>
+        #endif
+        #include <sys/socket.h>
+        #include <netinet/in.h>
+        #include <netdb.h>
+        #include <stdio.h>
+      ]],
+      [[struct sockaddr_in6 in;
+        in.sin6_addr = in6addr_any;
+        printf("%x", &in);]])],
+    [krb5_cv_var_in6addr_any=yes], [krb5_cv_var_in6addr_any=no])])
+  if test $krb5_cv_var_in6addr_any = no; then
+    AC_DEFINE(NEED_INSIXADDR_ANY,1,[Define if in6addr_any is not defined in libc])
+  fi
+fi
+
+# then from osconf.h, we have
+
+AC_CHECK_TYPE(time_t, long)
+AC_CHECK_SIZEOF(time_t)
+SIZEOF_TIME_T=$ac_cv_sizeof_time_t
+AC_SUBST(SIZEOF_TIME_T)
+
+# Determine where to put the replay cache.
+
+AC_MSG_CHECKING([for replay cache directory])
+AC_CACHE_VAL(krb5_cv_sys_rcdir,
+[
+if test $cross_compiling = yes; then
+	krb5_cv_sys_rcdir=/var/tmp
+else
+	for t_dir in /var/tmp /usr/tmp /var/usr/tmp /tmp ; do
+		test -d $t_dir || continue
+		krb5_cv_sys_rcdir=$t_dir
+		break
+	done
+fi])
+AC_MSG_RESULT($krb5_cv_sys_rcdir)
+KRB5_RCTMPDIR=$krb5_cv_sys_rcdir
+AC_SUBST(KRB5_RCTMPDIR)
+
+
+AC_MSG_CHECKING(for socklen_t)
+AC_CACHE_VAL(krb5_cv_has_type_socklen_t,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/types.h>
+      #include <sys/socket.h>
+    ]],
+    [[sizeof(socklen_t);]])],
+  [krb5_cv_has_type_socklen_t=yes], [krb5_cv_has_type_socklen_t=no])])
+AC_MSG_RESULT($krb5_cv_has_type_socklen_t)
+if test $krb5_cv_has_type_socklen_t = yes; then
+    AC_DEFINE(HAVE_SOCKLEN_T,1,[Define if there is a socklen_t type. If not, probably use size_t])
+fi
+
+AC_MSG_CHECKING(for struct lifconf)
+AC_CACHE_VAL(krb5_cv_has_struct_lifconf,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/socket.h>
+      #include <net/if.h>
+    ]],
+    [[sizeof (struct lifconf);]])],
+  [krb5_cv_has_struct_lifconf=yes], [krb5_cv_has_struct_lifconf=no])])
+AC_MSG_RESULT($krb5_cv_has_struct_lifconf)
+if test $krb5_cv_has_struct_lifconf = yes; then
+    AC_DEFINE(HAVE_STRUCT_LIFCONF,1,[Define if there is a struct lifconf.])
+fi
+# HP-UX 11 uses stuct if_laddrconf
+AC_MSG_CHECKING(for struct if_laddrconf)
+AC_CACHE_VAL(krb5_cv_has_struct_if_laddrconf,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/socket.h>
+      #include <net/if.h>
+      #include <net/if6.h>
+    ]],
+    [[sizeof(struct if_laddrconf);]])],
+  [krb5_cv_has_struct_if_laddrconf=yes],
+  [krb5_cv_has_struct_if_laddrconf=no])])
+AC_MSG_RESULT($krb5_cv_has_struct_if_laddrconf)
+if test $krb5_cv_has_struct_if_laddrconf = yes; then
+    AC_DEFINE(HAVE_STRUCT_IF_LADDRCONF,1,[Define if there is a struct if_laddrconf.])
+fi
+
+
+AC_MSG_CHECKING([for h_errno in netdb.h])
+AC_CACHE_VAL(krb5_cv_header_netdb_h_h_errno,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <netdb.h>]],
+    [[int x = h_errno;]])],
+    [krb5_cv_header_netdb_h_h_errno=yes],
+    [krb5_cv_header_netdb_h_h_errno=no])])
+AC_MSG_RESULT($krb5_cv_header_netdb_h_h_errno)
+if test $krb5_cv_header_netdb_h_h_errno = yes; then
+    AC_DEFINE([HAVE_NETDB_H_H_ERRNO], 1,
+	[Define if netdb.h declares h_errno])
+fi
+
+
+AC_ARG_ENABLE([athena],
+[  --enable-athena         build with MIT Project Athena configuration],
+AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),)
+
+
+AC_C_INLINE
+AH_TOP([
+#ifndef KRB5_AUTOCONF_H
+#define KRB5_AUTOCONF_H
+])
+AH_BOTTOM([
+#if defined(__GNUC__) && !defined(inline)
+/* Silence gcc pedantic warnings about ANSI C.  */
+# define inline __inline__
+#endif
+#endif /* KRB5_AUTOCONF_H */
+])
+
+AC_CHECK_TYPES([struct cmsghdr, struct in_pktinfo, struct in6_pktinfo, struct sockaddr_storage], , , [
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+])
+AC_CHECK_TYPES([struct rt_msghdr], , , [
+#include <sys/socket.h>
+#include <net/if.h>
+#include <net/route.h>
+])
+
+# Tests for 64-bit edwards25519 code.
+AC_CHECK_SIZEOF([size_t])
+AC_CHECK_TYPES([__int128_t, __uint128_t])
+
+# types libdb2 wants
+
+AC_CHECK_TYPES([ssize_t, u_char, u_int, u_long, u_int8_t, u_int16_t, u_int32_t, int8_t, int16_t, int32_t])
+
+# Some libdb2 test programs want a shell that supports functions.
+FCTSH=false
+AC_PATH_PROG(SH,sh,false)
+AC_PATH_PROG(SH5,sh5,false)
+AC_PATH_PROG(BASH,bash,false)
+for prog in $SH $SH5 $BASH; do
+  AC_MSG_CHECKING(if $prog supports functions)
+  if $prog -c 'foo() { true; }; foo' >/dev/null 2>&1; then
+    AC_MSG_RESULT(yes)
+    FCTSH=$prog
+    break
+  else
+    AC_MSG_RESULT(no)
+  fi
+done
+AC_SUBST(FCTSH)
+
+# Test for POSIX 2001 *printf support (X/Open System Interfaces extension
+# to ANSI/ISO C 1999 specification).  Specifically, positional
+# specifications; not checking for other features like %zx at present.
+AC_MSG_CHECKING(for POSIX printf positional specification support)
+AC_CACHE_VAL(ac_cv_printf_positional,
+[AC_RUN_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <stdio.h>
+      #include <string.h>
+      const char expected[] = "200 100";
+      int main()
+      {
+          char buf[30];
+          sprintf(buf, "%2\$x %1\$d", 100, 512);
+          if (strcmp(expected, buf)) {
+              fprintf(stderr, "bad result: <%s> wanted: <%s>\n",
+                      buf, expected);
+              return 1;
+          }
+          return 0;
+      }]])],
+  [ac_cv_printf_positional=yes], [ac_cv_printf_positional=no],
+  [AC_MSG_ERROR(Cannot test for printf positional argument support when cross compiling)])])
+# Nothing for autoconf.h for now.
+AC_MSG_RESULT($ac_cv_printf_positional)
+
+
+# for t_locate_kdc test
+
+AC_PATH_PROG(DIG, dig, false)
+AC_PATH_PROG(NSLOOKUP, nslookup, false)
+
+# for kadmin
+
+AC_PROG_YACC
+ath_compat=
+AC_ARG_ENABLE([athena],
+[  --enable-athena         build with MIT Project Athena configuration],
+ath_compat=compat,)
+
+KRB5_AC_PRIOCNTL_HACK
+
+AC_CHECK_PROG(PERL,perl,perl)
+
+# lib/gssapi
+AC_CHECK_HEADER(xom.h,[
+	include_xom='awk '\''END{printf("%cinclude <xom.h>\n", 35);}'\'' < /dev/null'], [
+	include_xom='echo "/* no xom.h */"'])
+AC_SUBST(include_xom)
+
+
+# lib/rpc
+### Check where struct rpcent is declared.
+
+# This is necessary to determine:
+# 1. If /usr/include/netdb.h declares struct rpcent
+# 2. If /usr/include/rpc/netdb.h declares struct rpcent
+
+# We have our own rpc/netdb.h, and if /usr/include/netdb.h includes
+# rpc/netdb.h, then nastiness could happen.
+
+# Logic: If /usr/include/netdb.h declares struct rpcent, then check
+# rpc/netdb.h.  If /usr/include/rpc/netdb.h declares struct rpcent,
+# then define STRUCT_RPCENT_IN_RPC_NETDB_H, otherwise do not.  If
+# neither netdb.h nor rpc/netdb.h declares struct rpcent, then define
+# STRUCT_RPCENT_IN_RPC_NETDB_H anyway.
+
+AC_MSG_CHECKING([where struct rpcent is declared])
+AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <netdb.h>
+    ]],
+    [[struct rpcent e;
+      char c = e.r_name[0];
+      int i = e.r_number;]])],
+    [netdb_rpcent=yes], [netdb_rpcent=no])
+if test "$netdb_rpcent" = yes; then
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[#include <rpc/netdb.h>
+      ]],
+      [[struct rpcent e;
+        char c = e.r_name[0];
+        int i = e.r_number;]])],
+    [rpc_netdb_rpcent=yes], [rpc_netdb_rpcent=no])
+  if test "$rpc_netdb_rpcent" = yes; then
+    AC_MSG_RESULT([rpc/netdb.h])
+    rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'
+  else
+    AC_MSG_RESULT([netdb.h])
+  fi
+else
+  AC_MSG_RESULT([nowhere])
+  rpcent_define='#define STRUCT_RPCENT_IN_RPC_NETDB_H'
+fi
+AC_SUBST(rpcent_define)
+
+AC_CHECK_HEADERS(sys/select.h sys/time.h unistd.h)
+if test $ac_cv_header_sys_select_h = yes; then
+  GSSRPC__SYS_SELECT_H='#include <sys/select.h>'
+else
+  GSSRPC__SYS_SELECT_H='/* #include <sys/select.h> */'
+fi
+AC_SUBST(GSSRPC__SYS_SELECT_H)
+if test $ac_cv_header_sys_time_h = yes; then
+  GSSRPC__SYS_TIME_H='#include <sys/time.h>'
+else
+  GSSRPC__SYS_TIME_H='/* #include <sys/time.h> */'
+fi
+AC_SUBST(GSSRPC__SYS_TIME_H)
+if test $ac_cv_header_unistd_h = yes; then
+  GSSRPC__UNISTD_H='#include <unistd.h>'
+else
+  GSSRPC__UNISTD_H='/* #include <unistd.h> */'
+fi
+AC_SUBST(GSSRPC__UNISTD_H)
+
+AC_CACHE_CHECK([for MAXHOSTNAMELEN in sys/param.h],
+[krb5_cv_header_sys_param_h_maxhostnamelen],
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/param.h>
+    ]],
+    [[int i = MAXHOSTNAMELEN;]])],
+    [krb5_cv_header_sys_param_h_maxhostnamelen=yes],
+    [krb5_cv_header_sys_param_h_maxhostnamelen=no])])
+AC_CACHE_CHECK([for MAXHOSTNAMELEN in netdb.h],
+[krb5_cv_header_netdb_h_maxhostnamelen],
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <netdb.h>
+    ]],
+    [[int i = MAXHOSTNAMELEN;]])],
+    [krb5_cv_header_netdb_h_maxhostnamelen=yes],
+    [krb5_cv_header_netdb_h_maxhostnamelen=no])])
+
+GSSRPC__SYS_PARAM_H='/* #include <sys/param.h> */'
+GSSRPC__NETDB_H='/* #include <netdb.h> */'
+if test $krb5_cv_header_sys_param_h_maxhostnamelen = yes; then
+  GSSRPC__SYS_PARAM_H='#include <sys/param.h>'
+else
+  if test $krb5_cv_header_netdb_h_maxhostnamelen = yes; then
+    GSSRPC__NETDB_H='#include <netdb.h>'
+  else
+    AC_MSG_WARN([can't find MAXHOSTNAMELEN definition; faking it])
+  fi
+fi
+AC_SUBST(GSSRPC__SYS_PARAM_H)
+AC_SUBST(GSSRPC__NETDB_H)
+
+AC_CACHE_CHECK([for BSD type aliases], [krb5_cv_type_bsdaliases],
+[AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM(
+    [[#include <sys/types.h>
+      #if HAVE_UNISTD_H
+      #include <unistd.h>
+      #endif
+    ]],
+    [[u_char c;
+      u_int i;
+      u_long l;]])],
+  [krb5_cv_type_bsdaliases=yes], [krb5_cv_type_bsdaliases=no])])
+if test $krb5_cv_type_bsdaliases = yes; then
+  GSSRPC__BSD_TYPEALIASES='/* #undef GSSRPC__BSD_TYPEALIASES */'
+else
+  GSSRPC__BSD_TYPEALIASES='#define GSSRPC__BSD_TYPEALIASES 1'
+fi
+AC_SUBST(GSSRPC__BSD_TYPEALIASES)
+
+AC_MSG_CHECKING([return type of setrpcent])
+AC_CACHE_VAL(k5_cv_type_setrpcent,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <netdb.h>
+      extern void setrpcent();]])],
+  [k5_cv_type_setrpcent=void], [k5_cv_type_setrpcent=int])])
+AC_MSG_RESULT($k5_cv_type_setrpcent)
+AC_DEFINE_UNQUOTED(SETRPCENT_TYPE, $k5_cv_type_setrpcent, [Define as return type of setrpcent])
+
+AC_MSG_CHECKING([return type of endrpcent])
+AC_CACHE_VAL(k5_cv_type_endrpcent,
+[AC_COMPILE_IFELSE(
+  [AC_LANG_SOURCE(
+    [[#include <netdb.h>
+      extern void endrpcent();]])],
+  [k5_cv_type_endrpcent=void], [k5_cv_type_endrpcent=int])])
+AC_MSG_RESULT($k5_cv_type_endrpcent)
+AC_DEFINE_UNQUOTED(ENDRPCENT_TYPE, $k5_cv_type_endrpcent, [Define as return type of endrpcent])
+K5_GEN_FILE(include/gssrpc/types.h:include/gssrpc/types.hin)
+
+# for pkinit
+AC_ARG_ENABLE([pkinit],
+[  --disable-pkinit        disable PKINIT plugin support],,
+enable_pkinit=try)
+if test "$enable_pkinit" = yes || test "$enable_pkinit" = try; then
+  AC_CACHE_CHECK(for a recent enough OpenSSL, k5_cv_openssl_version_okay,
+[AC_COMPILE_IFELSE([AC_LANG_SOURCE([#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+# error openssl is too old, need 1.0.0
+#endif
+int i = 1;
+])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)])
+  old_LIBS="$LIBS"
+  AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
+  AC_CHECK_FUNCS(EVP_PKEY_get_bn_param)
+  LIBS="$old_LIBS"
+fi
+if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
+  K5_GEN_MAKEFILE(plugins/preauth/pkinit)
+  K5_GEN_MAKEFILE(tests/softpkcs11)
+  PKINIT=yes
+elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
+  AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
+else
+  AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support])
+  AC_MSG_NOTICE([Disabling PKINIT support.])
+  PKINIT=no
+fi
+AC_SUBST(PKINIT)
+
+# for lib/apputils
+AC_REPLACE_FUNCS(daemon)
+
+# For Python tests.  Python version 3.2.4 is required as prior
+# versions do not accept string input to subprocess.Popen.communicate
+# when universal_newlines is set.
+PYTHON_MINVERSION=3.2.4
+AC_SUBST(PYTHON_MINVERSION)
+AC_CHECK_PROG(PYTHON,python3,python3)
+if test x"$PYTHON" = x; then
+	AC_CHECK_PROG(PYTHON,python,python)
+fi
+HAVE_PYTHON=no
+if test x"$PYTHON" != x; then
+	wantver="(sys.hexversion >= 0x30204F0)"
+	if "$PYTHON" -c "import sys; sys.exit(not $wantver and 1 or 0)"; then
+		HAVE_PYTHON=yes
+	fi
+fi
+AC_SUBST(HAVE_PYTHON)
+
+# For cmocka tests.
+CMOCKA_LIBS=
+HAVE_CMOCKA=no
+HAVE_CMOCKA_H=no
+HAVE_CMOCKA_LIB=no
+AC_CHECK_HEADER(cmocka.h, [HAVE_CMOCKA_H=yes], :, [
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h> ])
+AC_CHECK_LIB(cmocka, _cmocka_run_group_tests, [HAVE_CMOCKA_LIB=yes])
+if test "$HAVE_CMOCKA_LIB" = yes && test "$HAVE_CMOCKA_H" = yes; then
+    HAVE_CMOCKA=yes
+    CMOCKA_LIBS='-lcmocka'
+    AC_DEFINE([HAVE_CMOCKA],1,[Define if cmocka library is available.])
+fi
+AC_SUBST(HAVE_CMOCKA)
+AC_SUBST(CMOCKA_LIBS)
+
+# For URI lookup tests. Requires resolv_wrapper >= 1.1.5 for URI
+# support.
+HAVE_RESOLV_WRAPPER=0
+PKG_CHECK_EXISTS([resolv_wrapper >= 1.1.5], [HAVE_RESOLV_WRAPPER=1])
+AC_SUBST(HAVE_RESOLV_WRAPPER)
+
+# for plugins/kdb/db2
+
+# AIX is unusual in that it wants all symbols resolved at link time
+#  Fortunately, it will allow us to link the kdb library now, even if
+# it is linked again later.
+case $krb5_cv_host in
+*-*-aix*)
+	DB_EXTRA_LIBS=-ldb
+	;;
+*)
+	DB_EXTRA_LIBS=
+	;;
+esac
+AC_SUBST(DB_EXTRA_LIBS)
+
+
+
+# Warn about possible thread safety issues.  These functions have all
+# been checked for previously.
+tsfuncs="getpwnam_r getpwuid_r gethostbyname_r getservbyname_r gmtime_r localtime_r"
+if test "$enable_thread_support" = yes; then
+  tsmissing=""
+  for ts in $tsfuncs; do
+    if eval "test \"\${ac_cv_func_$ts}\" != yes"; then
+      tsmissing="$tsmissing $ts"
+    fi
+  done
+  if test "$ac_cv_func_res_nsearch/$ac_cv_lib_resolv_res_nsearch" = "no/no"; then
+    tsmissing="$tsmissing res_nsearch"
+  fi
+  if test "$tsmissing" != ""; then
+    AC_MSG_WARN([Some functions that are needed for library thread])
+    AC_MSG_WARN([safety appear to be missing.])
+    for ts in $tsmissing; do
+      AC_MSG_WARN([  missing thread-safe function: $ts])
+    done
+    AC_MSG_WARN([Without these functions, the installed libraries])
+    AC_MSG_WARN([may not be thread-safe.])
+  fi # tsmissing not empty
+fi # enable_thread_support
+
+# Sadly, we seem to have accidentally committed ourselves in 1.4 to
+# an ABI that includes the existence of libkrb5support.0 even
+# though random apps should never use anything from it.  And on
+# the Mac, to which that didn't apply, we can't use major version 0.
+
+case $krb5_cv_host in
+*-*-darwin* | *-*-rhapsody*) SUPPORTLIB_MAJOR=1 ;;
+*)			     SUPPORTLIB_MAJOR=0 ;;
+esac
+AC_SUBST(SUPPORTLIB_MAJOR)
+
+
+if test "$COM_ERR_VERSION" = k5 ; then
+  K5_GEN_MAKEFILE(util/et)
+fi
+if test "$SS_VERSION" = k5 ; then
+  K5_GEN_MAKEFILE(util/ss)
+fi
+
+
+ldap_plugin_dir=""
+ldap_lib=""
+if test -n "$OPENLDAP_PLUGIN"; then
+  AC_CHECK_HEADERS(ldap.h lber.h, :, [AC_MSG_ERROR($ac_header not found)])
+  AC_CHECK_LIB(ldap, ldap_str2dn, :, [AC_MSG_ERROR(libldap not found or missing ldap_str2dn)])
+
+  BER_OKAY=0
+  AC_CHECK_LIB(ldap, ber_init, [BER_OKAY=1])
+  if test "$BER_OKAY" = "1"; then
+    LDAP_LIBS='-lldap'
+  else
+    AC_CHECK_LIB(lber, ber_init, [BER_OKAY=1], [AC_MSG_WARN([libber not found])])
+    if test "$BER_OKAY" = "1"; then
+      LDAP_LIBS='-lldap -llber'
+    else
+      AC_MSG_ERROR("BER library missing - cannot build LDAP database module")
+    fi
+  fi
+  AC_DEFINE([ENABLE_LDAP], 1, [Define if LDAP KDB support within the Kerberos library (mainly ASN.1 code) should be enabled.])
+  AC_SUBST(LDAP_LIBS)
+
+  AC_CHECK_HEADERS([sasl/sasl.h], [HAVE_SASL=yes], [HAVE_SASL=no])
+  AC_SUBST(HAVE_SASL)
+  if test "$HAVE_SASL" = no; then
+    AC_MSG_WARN([not building LDAP SASL support])
+  fi
+
+  K5_GEN_MAKEFILE(plugins/kdb/ldap)
+  K5_GEN_MAKEFILE(plugins/kdb/ldap/ldap_util)
+  K5_GEN_MAKEFILE(plugins/kdb/ldap/libkdb_ldap)
+  ldap_plugin_dir='plugins/kdb/ldap plugins/kdb/ldap/ldap_util'
+  LDAP=yes
+else
+  LDAP=no
+fi
+AC_SUBST(ldap_plugin_dir)
+AC_SUBST(LDAP)
+# This check is for plugins/preauth/securid_sam2
+sam2_plugin=""
+old_CFLAGS=$CFLAGS
+CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+AC_CHECK_LIB(aceclnt, SD_Init, [
+	     AC_MSG_NOTICE([Enabling RSA securID support])
+	     K5_GEN_MAKEFILE(plugins/preauth/securid_sam2)
+	     sam2_plugin=plugins/preauth/securid_sam2
+	     ])
+AC_SUBST(sam2_plugin)
+CFLAGS=$old_CFLAGS
+
+lmdb_plugin_dir=""
+HAVE_LMDB=no
+AC_ARG_WITH([lmdb],
+  [AS_HELP_STRING([--with-lmdb],
+    [compile LMDB database backend module @<:@auto@:>@])],
+  [], [withval=auto])
+if test "$withval" = auto -o "$withval" = yes; then
+  AC_CHECK_LIB([lmdb],[mdb_env_create],[have_lmdb=true],[have_lmdb=false])
+  if test "$have_lmdb" = true; then
+    LMDB_LIBS=-llmdb
+    HAVE_LMDB=yes
+    lmdb_plugin_dir='plugins/kdb/lmdb'
+    K5_GEN_MAKEFILE(plugins/kdb/lmdb)
+  elif test "$withval" = yes; then
+    AC_MSG_ERROR([liblmdb not found])
+  fi
+fi
+AC_SUBST(HAVE_LMDB)
+AC_SUBST(LMDB_LIBS)
+AC_SUBST(lmdb_plugin_dir)
+
+# Kludge for simple server --- FIXME is this the best way to do this?
+
+if test "$ac_cv_lib_socket" = "yes" -a "$ac_cv_lib_nsl" = "yes"; then
+	AC_DEFINE(BROKEN_STREAMS_SOCKETS,1,[Define if socket can't be bound to 0.0.0.0])
+fi
+
+# Compile with libedit support in ss by default if available.  Compile
+# with readline only if asked, to avoid a default GPL dependency.
+AC_ARG_WITH([libedit],
+  [AS_HELP_STRING([--without-libedit], [do not compile with libedit])],
+  [], [with_libedit=default])
+AC_ARG_WITH([readline],
+  [AS_HELP_STRING([--with-readline], [compile with GNU Readline])],
+  [], [with_readline=no])
+if test "x$with_readline" = xyes; then
+  with_libedit=no
+fi
+RL_CFLAGS=
+RL_LIBS=
+if test "x$with_libedit" != xno; then
+  PKG_CHECK_MODULES(LIBEDIT, libedit, [have_libedit=yes], [have_libedit=no])
+  if test "x$have_libedit" = xyes; then
+    RL_CFLAGS=$LIBEDIT_CFLAGS
+    RL_LIBS=$LIBEDIT_LIBS
+    AC_DEFINE([HAVE_LIBEDIT], 1, [Define if building with libedit.])
+    AC_MSG_NOTICE([Using libedit for readline support])
+  elif test "x$with_libedit" = xyes; then
+    # We were explicitly asked for libedit and couldn't find it.
+    AC_MSG_ERROR([Could not detect libedit with pkg-config])
+  else
+    AC_MSG_NOTICE([Not using any readline support])
+  fi
+elif test "x$with_readline" = xyes; then
+  AC_MSG_NOTICE([Using GNU Readline])
+  AC_CHECK_LIB([readline], [main], :,
+	       AC_MSG_FAILURE([Cannot find readline library.]))
+  AC_DEFINE([HAVE_READLINE], 1, [Define if building with GNU Readline.])
+  RL_LIBS='-lreadline'
+else
+  AC_MSG_RESULT([Not using any readline support])
+fi
+AC_SUBST([RL_CFLAGS])
+AC_SUBST([RL_LIBS])
+
+AC_ARG_WITH([system-verto],
+  [AS_HELP_STRING([--with-system-verto], [always use system verto library])],
+  [], [with_system_verto=default])
+VERTO_VERSION=k5
+if test "x$with_system_verto" != xno; then
+  PKG_CHECK_MODULES(VERTO, libverto, [have_sysverto=yes], [have_sysverto=no])
+  if test "x$have_sysverto" = xyes; then
+    VERTO_VERSION=sys
+  elif test "x$with_system_verto" = xyes; then
+    AC_MSG_ERROR([cannot detect system libverto])
+  fi
+fi
+if test "x$VERTO_VERSION" = xsys; then
+  AC_MSG_NOTICE([Using system libverto])
+else
+  VERTO_CFLAGS=
+  VERTO_LIBS="-lverto"
+  AC_MSG_NOTICE([Using built-in libverto])
+fi
+AC_SUBST([VERTO_CFLAGS])
+AC_SUBST([VERTO_LIBS])
+AC_SUBST([VERTO_VERSION])
+
+AC_PATH_PROG(GROFF, groff)
+
+# Make localedir work in autoconf 2.5x.
+if test "${localedir+set}" != set; then
+    localedir='$(datadir)/locale'
+fi
+AC_SUBST(localedir)
+
+# Determine the default macOS ccache type and whether to build the KCM
+# Mach RPC support.
+MACOS_FRAMEWORK=
+dnl The outer brackets around the case statement prevent m4 from
+dnl eating the brackets in the glob patterns, but also prevent us from
+dnl using AC_DEFINE within the body.
+[case $host in
+*-*-darwin[0-9].* | *-*-darwin10.*)
+  # Use the normal default cache type for macOS 10.6 (Darwin 10) and
+  # prior.  Build the KCM Mach RPC support.
+  OSX=osx
+  ;;
+*-*-darwin*)
+  # macOS 10.6 (Darwin 11) uses the KCM type by default.  macOS 11
+  # (Darwin 20) uses an xpc-based cache type called XCACHE by default.
+  # We can access either of these collections via a macos-specific
+  # implementation of the API cache type.  Build the KCM Mach RPC
+  # support.
+  OSX=osx
+  macos_defccname=API:
+  MACOS_FRAMEWORK="-framework Kerberos"
+  ;;
+*)
+  # This is not macOS; do not build the Mach RPC support and use the
+  # normal default cache type.
+  OSX=no
+  ;;
+esac]
+if test "$macos_defccname" = API:; then
+  AC_DEFINE(USE_CCAPI_MACOS, 1, [Define to build macOS CCAPI client])
+fi
+AC_SUBST(OSX)
+AC_SUBST(MACOS_FRAMEWORK)
+
+# Build-time default ccache, keytab, and client keytab names.  These
+# can be given as variable arguments DEFCCNAME, DEFKTNAME, and
+# DEFCKTNAME.  Otherwise, we try to get the OS defaults from
+# krb5-config if we can, or fall back to hardcoded defaults.
+AC_ARG_VAR(DEFCCNAME, [Default ccache name])
+AC_ARG_VAR(DEFKTNAME, [Default keytab name])
+AC_ARG_VAR(DEFCKTNAME, [Default client keytab name])
+AC_ARG_WITH([krb5-config],
+  [AS_HELP_STRING([--with-krb5-config=PATH],
+    [path to existing krb5-config program for defaults])],
+  [], [with_krb5_config=krb5-config])
+if test "x$with_krb5_config" != xno; then
+	if test "x$with_krb5_config" = xyes; then
+		with_krb5_config=krb5-config
+	fi
+	if $with_krb5_config --help 2>&1 | grep defccname >/dev/null; then
+		AC_MSG_NOTICE([Using $with_krb5_config for build defaults])
+		: "${DEFCCNAME=`$with_krb5_config --defccname`}"
+		: "${DEFKTNAME=`$with_krb5_config --defktname`}"
+		: "${DEFCKTNAME=`$with_krb5_config --defcktname`}"
+	fi
+fi
+if test "${DEFCCNAME+set}" != set; then
+	if test "${macos_defccname+set}" = set; then
+		DEFCCNAME=$macos_defccname
+	else
+		DEFCCNAME=FILE:/tmp/krb5cc_%{uid}
+	fi
+fi
+if test "${DEFKTNAME+set}" != set; then
+	DEFKTNAME=FILE:/etc/krb5.keytab
+fi
+if test "${DEFCKTNAME+set}" != set; then
+	AX_RECURSIVE_EVAL($localstatedir, exp_localstatedir)
+	DEFCKTNAME=FILE:$exp_localstatedir/krb5/user/%{euid}/client.keytab
+fi
+AC_MSG_NOTICE([Default ccache name: $DEFCCNAME])
+AC_MSG_NOTICE([Default keytab name: $DEFKTNAME])
+AC_MSG_NOTICE([Default client keytab name: $DEFCKTNAME])
+AC_DEFINE_UNQUOTED(DEFCCNAME, ["$DEFCCNAME"], [Define to default ccache name])
+AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNAME"], [Define to default keytab name])
+AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"],
+                   [Define to default client keytab name])
+
+AC_ARG_VAR(PKCS11_MODNAME, [Default PKCS11 module name])
+if test "${PKCS11_MODNAME+set}" != set; then
+	PKCS11_MODNAME=opensc-pkcs11.so
+fi
+AC_MSG_NOTICE([Default PKCS11 module name: $PKCS11_MODNAME])
+AC_DEFINE_UNQUOTED(PKCS11_MODNAME, ["$PKCS11_MODNAME"],
+                   [Default PKCS11 module name])
+
+AC_CONFIG_FILES([build-tools/krb5-config], [chmod +x build-tools/krb5-config])
+AC_CONFIG_FILES([build-tools/kadm-server.pc
+	build-tools/kadm-client.pc
+	build-tools/kdb.pc
+	build-tools/krb5.pc
+	build-tools/krb5-gssapi.pc
+	build-tools/mit-krb5.pc
+	build-tools/mit-krb5-gssapi.pc
+	build-tools/gssrpc.pc
+])
+V5_AC_OUTPUT_MAKEFILE(.
+
+	util util/support util/profile util/profile/testmod
+	util/verto
+
+	lib lib/kdb
+
+	lib/crypto lib/crypto/krb lib/crypto/crypto_tests
+	lib/crypto/builtin lib/crypto/builtin/des
+	lib/crypto/builtin/aes lib/crypto/builtin/camellia
+	lib/crypto/builtin/md4 lib/crypto/builtin/md5
+	lib/crypto/builtin/sha1 lib/crypto/builtin/sha2
+	lib/crypto/builtin/enc_provider lib/crypto/builtin/hash_provider
+	lib/crypto/openssl lib/crypto/openssl/des
+	lib/crypto/openssl/enc_provider lib/crypto/openssl/hash_provider
+
+	lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
+	lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os
+	lib/krb5/unicode
+
+	lib/gssapi lib/gssapi/generic lib/gssapi/krb5 lib/gssapi/spnego
+	lib/gssapi/mechglue
+
+	lib/rpc lib/rpc/unit-test
+
+	lib/kadm5 lib/kadm5/clnt lib/kadm5/srv
+	lib/krad
+	lib/apputils
+
+	kdc kprop config-files build-tools man doc include
+
+	plugins/certauth/test
+	plugins/gssapi/negoextest
+	plugins/hostrealm/test
+	plugins/localauth/test
+	plugins/kadm5_hook/test
+	plugins/kadm5_auth/test
+	plugins/pwqual/test
+	plugins/audit
+	plugins/audit/test
+	plugins/kdb/db2
+	plugins/kdb/db2/libdb2
+	plugins/kdb/db2/libdb2/hash
+	plugins/kdb/db2/libdb2/btree
+	plugins/kdb/db2/libdb2/db
+	plugins/kdb/db2/libdb2/mpool
+	plugins/kdb/db2/libdb2/recno
+	plugins/kdb/db2/libdb2/test
+	plugins/kdb/test
+	plugins/kdcpolicy/test
+	plugins/preauth/otp
+	plugins/preauth/spake
+	plugins/preauth/test
+	plugins/authdata/greet_client
+	plugins/authdata/greet_server
+	plugins/tls/k5tls
+
+	clients clients/klist clients/kinit clients/kvno
+	clients/kdestroy clients/kpasswd clients/ksu clients/kswitch
+
+	kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
+
+	appl
+	appl/sample appl/sample/sclient appl/sample/sserver
+	appl/simple appl/simple/client appl/simple/server
+	appl/gss-sample appl/user_user
+
+	tests tests/asn.1 tests/create tests/hammer tests/verify tests/gssapi
+	tests/threads tests/shlib tests/gss-threads tests/misc
+)
diff --git a/krb5-1.21.3/src/deps b/krb5-1.21.3/src/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/doc/Doxyfile.in b/krb5-1.21.3/src/doc/Doxyfile.in
new file mode 100644
index 00000000..aeaae645
--- /dev/null
+++ b/krb5-1.21.3/src/doc/Doxyfile.in
@@ -0,0 +1,15 @@
+PROJECT_NAME           = Kerberos_doxygen
+OUTPUT_DIRECTORY       = doxy
+JAVADOC_AUTOBRIEF      = YES
+OPTIMIZE_OUTPUT_FOR_C  = YES
+WARN_IF_UNDOCUMENTED   = NO
+SHOW_FILES             = NO
+EXTENSION_MAPPING      = hin=C
+INPUT                  = @SRC@/include/krb5/krb5.hin @DOC@/doxy_examples
+EXAMPLE_PATH           = @DOC@/doxy_examples
+GENERATE_HTML          = NO
+GENERATE_LATEX         = NO
+GENERATE_XML           = YES
+PREDEFINED             = KRB5_DEPRECATED KRB5_OLD_CRYPTO
+CASE_SENSE_NAMES       = NO
+QUIET                  = YES
diff --git a/krb5-1.21.3/src/doc/Makefile.in b/krb5-1.21.3/src/doc/Makefile.in
new file mode 100644
index 00000000..a1b0cff0
--- /dev/null
+++ b/krb5-1.21.3/src/doc/Makefile.in
@@ -0,0 +1,135 @@
+mydir=doc
+BUILDTOP=$(REL)..
+
+SPHINX_ARGS=@MAINT@-W
+SPHINX_BUILD=sphinx-build $(SPHINX_ARGS)
+DOXYGEN=doxygen
+
+docsrc=$(top_srcdir)/../doc
+sysconfdir=@sysconfdir@
+DEFCCNAME=@DEFCCNAME@
+DEFKTNAME=@DEFKTNAME@
+DEFCKTNAME=@DEFCKTNAME@
+PKCS11_MODNAME=@PKCS11_MODNAME@
+
+RST_SOURCES= _static \
+	_templates \
+	conf.py \
+	index.rst \
+	admin \
+	appdev \
+	basic \
+	build \
+	formats \
+	plugindev \
+	user \
+	about.rst \
+	build_this.rst \
+	copyright.rst \
+	mitK5defaults.rst \
+	mitK5features.rst \
+	mitK5license.rst \
+	notice.rst \
+	resources.rst
+
+PDFDIR=$(docsrc)/pdf
+PDFDOCS= admin appdev basic build plugindev user
+LATEXOPTS=
+
+# Create HTML documentation in $(docsrc)/html suitable for a
+# release tarball or the web site (that is, without substitutions for
+# configured paths).  This can be done in an unconfigured source tree
+# as:
+#     make -f Makefile.in SPHINX_ARGS= htmlsrc
+html: composite
+	rm -rf $(docsrc)/html
+	$(SPHINX_BUILD) -q rst_composite $(docsrc)/html
+
+# Dummy target for use in an unconfigured source tree.
+htmlsrc:
+	$(MAKE) -f Makefile.in srcdir=. top_srcdir=.. PYTHON=python3 html clean
+
+# Create HTML documentation in html_subst suitable for
+# installation by an OS package, with substitutions for configured
+# paths.
+substhtml: composite paths.py
+	rm -rf html_subst
+	cp paths.py rst_composite
+	$(SPHINX_BUILD) -t pathsubs -q rst_composite html_subst
+
+# Create an ASCII (okay, UTF-8) version of the NOTICE file
+notice.txt: $(docsrc)/conf.py $(docsrc)/notice.rst $(docsrc)/version.py
+	$(SPHINX_BUILD) -b text -t notice -q $(docsrc) .
+
+NOTICE: notice.txt
+	cp notice.txt $(top_srcdir)/../NOTICE
+
+$(PDFDIR): composite
+	$(SPHINX_BUILD) -b latex -q rst_composite $(PDFDIR)
+	# sphinx-build generates a gmake-specific Makefile that we don't use
+	mv $(PDFDIR)/Makefile $(PDFDIR)/GMakefile
+
+# Not pretty.  Can't use a suffix rule .tex.pdf without a Makefile in
+# $(PDFDIR) because pdflatex looks for include files in the current
+# working directory.  The sphinx-build Makefile is quite conservative
+# and runs pdflatex five times; we can be slightly less conservative.
+pdf: $(PDFDIR)
+	(cd $(PDFDIR) && \
+	 for i in $(PDFDOCS); do \
+		texfile=`echo $${i}.tex` && \
+		idxfile=`echo $${i}.idx` && \
+		pdflatex $(LATEXOPTS) $$texfile && \
+		pdflatex $(LATEXOPTS) $$texfile && \
+		makeindex -s python.ist $$idxfile || true; \
+		pdflatex $(LATEXOPTS) $$texfile && \
+		pdflatex $(LATEXOPTS) $$texfile; done && \
+	 rm -f *.dvi *.log *.ind *.aux *.toc *.syn *.idx *.out *.ilg *.pla \
+	)
+
+# Use doxygen to generate API documentation, translate it into RST
+# format, and then create a composite of $(docsrc)'s RST and the
+# generated files in rst_composite.  Used by the html and substhtml targets.
+composite: Doxyfile $(docsrc)/version.py
+	rm -rf doxy rst_apiref rst_composite
+	$(DOXYGEN)
+	(cwd=`pwd`; cd $(docsrc)/tools && \
+		$(PYTHON) doxy.py -i $$cwd/doxy/xml -o $$cwd/rst_apiref)
+	mkdir -p rst_composite
+	do_subdirs="$(RST_SOURCES)" ; \
+	for i in $$do_subdirs; do \
+		cp -r $(docsrc)/$$i rst_composite; \
+	done
+	cp rst_apiref/*.rst rst_composite/appdev/refs/api
+	cp rst_apiref/types/*.rst rst_composite/appdev/refs/types
+	cp rst_apiref/macros/*.rst rst_composite/appdev/refs/macros
+	cp $(docsrc)/version.py rst_composite
+
+Doxyfile: $(srcdir)/Doxyfile.in
+	sed -e 's|@SRC@|$(top_srcdir)|g' \
+	    -e 's|@DOC@|$(top_srcdir)/../doc|g' $(srcdir)/Doxyfile.in > $@
+
+paths.py:
+	rm -f $@
+	echo 'bindir = "``$(CLIENT_BINDIR)``"' > $@
+	echo 'sbindir = "``$(SERVER_BINDIR)``"' >> $@
+	echo 'libdir = "``$(KRB5_LIBDIR)``"' >> $@
+	echo 'localstatedir = "``$(localstatedir)``"' >> $@
+	echo 'runstatedir = "``$(runstatedir)``"' >> $@
+	echo 'sysconfdir = "``$(sysconfdir)``"' >> $@
+	echo 'ccache = "``$(DEFCCNAME)``"' >> $@
+	echo 'keytab = "``$(DEFKTNAME)``"' >> $@
+	echo 'ckeytab = "``$(DEFCKTNAME)``"' >> $@
+	echo 'pkcs11_modname = "``$(PKCS11_MODNAME)``"' >> $@
+
+# Dummy rule that man/Makefile can invoke
+version.py: $(docsrc)/version.py
+
+$(docsrc)/version.py: $(top_srcdir)/patchlevel.h $(srcdir)/version.py.in
+	rm -f $@
+	$(CC) -E -I$(top_srcdir) - < $(srcdir)/version.py.in > $@
+
+clean:
+	rm -rf doxy rst_apiref rst_composite rst_notice html_subst \
+		Doxyfile paths.py $(docsrc)/version.py notice.txt \
+		$(docsrc)/html/.doctrees $(docsrc)/pdf/.doctrees \
+		$(docsrc)/tools/*.pyc
diff --git a/krb5-1.21.3/src/doc/deps b/krb5-1.21.3/src/doc/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/doc/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/doc/version.py.in b/krb5-1.21.3/src/doc/version.py.in
new file mode 100644
index 00000000..0a344a77
--- /dev/null
+++ b/krb5-1.21.3/src/doc/version.py.in
@@ -0,0 +1,21 @@
+#include "patchlevel.h"
+
+r_major = KRB5_MAJOR_RELEASE
+r_minor = KRB5_MINOR_RELEASE
+r_patch = KRB5_PATCHLEVEL
+
+#ifdef KRB5_RELTAIL
+r_tail = KRB5_RELTAIL
+#else
+r_tail = None
+#endif
+#ifdef KRB5_RELDATE
+r_date = KRB5_RELDATE
+#else
+r_date = None
+#endif
+#ifdef KRB5_RELTAG
+r_tag = KRB5_RELTAG
+#else
+r_date = None
+#endif
diff --git a/krb5-1.21.3/src/include/CredentialsCache.h b/krb5-1.21.3/src/include/CredentialsCache.h
new file mode 100644
index 00000000..1c20f9de
--- /dev/null
+++ b/krb5-1.21.3/src/include/CredentialsCache.h
@@ -0,0 +1,1529 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/CredentialsCache.h */
+/*
+ * Copyright 1998-2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __CREDENTIALSCACHE__
+#define __CREDENTIALSCACHE__
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#include <TargetConditionals.h>
+
+/* Notifications which are sent when the ccache collection or a ccache change.
+ * Notifications are sent to the distributed notification center.
+ * The object for kCCAPICacheCollectionChangedNotification is NULL.
+ * The object for kCCAPICCacheChangedNotification is a CFString containing the
+ * name of the ccache.
+ *
+ * Note: Notifications are not sent if the CCacheServer crashes.  */
+#define kCCAPICacheCollectionChangedNotification CFSTR ("CCAPICacheCollectionChangedNotification")
+#define kCCAPICCacheChangedNotification          CFSTR ("CCAPICCacheChangedNotification")
+#endif
+
+#if defined(_WIN32)
+#include <winsock.h>
+#include "win-mac.h"
+#else
+#include <stdint.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(push,2)
+#endif
+
+#if defined(_WIN32)
+#define CCACHE_API      __declspec(dllexport)
+
+#if _INTEGRAL_MAX_BITS >= 64 && _MSC_VER >= 1500 && !defined(_WIN64) && !defined(_USE_32BIT_TIME_T)
+#if defined(_TIME_T_DEFINED) || defined(_INC_IO) || defined(_INC_TIME) || defined(_INC_WCHAR)
+#error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform.
+#endif /* _TIME_T_DEFINED */
+#define _USE_32BIT_TIME_T
+#endif
+#else
+#define CCACHE_API
+#endif
+
+/*!
+ * \mainpage Credentials Cache API (CCAPI) Documentation
+ *
+ * \section toc Table of Contents
+ *
+ * \li \ref introduction
+ * \li \ref error_handling
+ * \li \ref synchronization_atomicity
+ * \li \ref memory_management
+ * \li \ref opaque_types
+ *
+ * \li \ref ccapi_constants_reference
+ * \li \ref ccapi_types_reference
+ *
+ * \li \ref cc_context_reference
+ * \li \ref cc_context_f "cc_context_t Functions"
+ *
+ * \li \ref cc_ccache_reference
+ * \li \ref cc_ccache_f "cc_ccache_t Functions"
+ *
+ * \li \ref cc_credentials_reference
+ * \li \ref cc_credentials_f "cc_credentials_t Functions"
+ *
+ * \li \ref cc_ccache_iterator_reference
+ * \li \ref cc_ccache_iterator_f "cc_ccache_iterator_t Functions"
+ *
+ * \li \ref cc_credentials_iterator_reference
+ * \li \ref cc_credentials_iterator_f "cc_credentials_iterator_t Functions"
+ *
+ * \li \ref cc_string_reference
+ * \li \ref cc_string_f "cc_string_t Functions"
+ *
+ * \section introduction Introduction
+ *
+ * This is the specification for an API which provides Credentials Cache
+ * services for Kerberos v5 (and previously v4). The idea behind this API is
+ * that multiple Kerberos implementations can share a single collection of
+ * credentials caches, mediated by this API specification. On the Mac OS and
+ * Microsoft Windows platforms this will allow single-login, even when more
+ * than one Kerberos shared library is in use on a particular system.
+ *
+ * Abstractly, a credentials cache collection contains one or more credentials
+ * caches, or ccaches. A ccache is uniquely identified by its name, which is
+ * a string internal to the API and not intended to be presented to users.
+ * The user presentable identifier of a ccache is its principal.
+ *
+ * Unlike the previous versions of the API, version 3 of the API could store
+ * credentials for multiple Kerberos versions in the same ccache.
+ *
+ * At any given time, one ccache is the "default" ccache. The exact meaning
+ * of a default ccache is OS-specific; refer to implementation requirements
+ * for details.
+ *
+ * \section error_handling Error Handling
+ *
+ * All functions of the API return some of the error constants listed FIXME;
+ * the exact list of error constants returned by any API function is provided
+ * in the function descriptions below.
+ *
+ * When returning an error constant other than ccNoError or ccIteratorEnd, API
+ * functions never modify any of the values passed in by reference.
+ *
+ * \section synchronization_atomicity Synchronization and Atomicity
+ *
+ * Every function in the API is atomic.  In order to make a series of calls
+ * atomic, callers should lock the ccache or cache collection they are working
+ * with to advise other callers not to modify that container.  Note that
+ * advisory locks are per container so even if you have a read lock on the cache
+ * collection other callers can obtain write locks on ccaches in that cache
+ * collection.
+ *
+ * Note that iterators do not iterate over ccaches and credentials atomically
+ * because locking ccaches and the cache collection over every iteration would
+ * degrade performance considerably under high load.  However, iterators do
+ * guarantee a consistent view of items they are iterating over.  Iterators
+ * will never return duplicate entries or skip entries when items are removed
+ * or added to the container they are iterating over.
+ *
+ * An application can always lock a ccache or the cache collection to guarantee
+ * that other callers participating in the advisory locking system do not
+ * modify the ccache or cache collection.
+ *
+ * Implementations should not use copy-on-write techniques to implement locks
+ * because those techniques imply that same parts of the ccache collection
+ * remain visible to some callers even though they are not present in the
+ * collection, which is a potential security risk. For example, a copy-on-write
+ * technique might make a copy of the entire collection when a read lock is
+ * acquired, so as to allow the owner of the lock to access the collection in
+ * an apparently unmodified state, while also allowing others to make
+ * modifications to the collection. However, this would also enable the owner
+ * of the lock to indefinitely (until the expiration time) use credentials that
+ * have actually been deleted from the collection.
+ *
+ * \section memory_management Object Memory Management
+ *
+ * The lifetime of an object returned by the API is until release() is called
+ * for it. Releasing one object has no effect on existence of any other object.
+ * For example, a ccache obtained within a context continue to exist when the
+ * context is released.
+ *
+ * Every object returned by the API (cc_context_t, cc_ccache_t, cc_ccache_iterator_t,
+ * cc_credentials_t, cc_credentials_iterator_t, cc_string_t) is owned by the
+ * caller of the API, and it is the responsibility of the caller to call release()
+ * for every object to prevent memory leaks.
+ *
+ * \section opaque_types Opaque Types
+ *
+ * All of the opaque high-level types in CCache API are implemented as structures
+ * of function pointers and private data. To perform some operation on a type, the
+ * caller of the API has to first obtain an instance of that type, and then call the
+ * appropriate function pointer from that instance. For example, to call
+ * get_change_time() on a cc_context_t, one would call cc_initialize() which creates
+ * a new cc_context_t and then call its get_change_time(), like this:
+ *
+ * \code
+ * cc_context_t context;
+ * cc_int32 err = cc_initialize (&context, ccapi_version_3, nil, nil);
+ * if (err == ccNoError)
+ * time = context->functions->get_change_time (context)
+ * \endcode
+ *
+ * All API functions also have convenience preprocessor macros, which make the API
+ * seem completely function-based. For example, cc_context_get_change_time
+ * (context, time) is equivalent to context->functions->get_change_time
+ * (context, time). The convenience macros follow the following naming convention:
+ *
+ * The API function some_function()
+ * \code
+ * cc_type_t an_object;
+ * result = an_object->functions->some_function (opaque_pointer, args)
+ * \endcode
+ *
+ * has an equivalent convenience macro of the form cc_type_some_function():
+ * \code
+ * cc_type_t an_object;
+ * result = cc_type_some_function (an_object, args)
+ * \endcode
+ *
+ * The specifications below include the names for both the functions and the
+ * convenience macros, in that order. For clarity, it is recommended that clients
+ * using the API use the convenience macros, but that is merely a stylistic choice.
+ *
+ * Implementing the API in this manner allows us to extend and change the interface
+ * in the future, while preserving compatibility with older clients.
+ *
+ * For example, consider the case when the signature or the semantics of a cc_ccache_t
+ * function is changed. The API version number is incremented. The library
+ * implementation contains both a function with the old signature and semantics and
+ * a function with the new signature and semantics. When a context is created, the API
+ * version number used in that context is stored in the context, and therefore it can
+ * be used whenever a ccache is created in that context. When a ccache is created in a
+ * context with the old API version number, the function pointer structure for the
+ * ccache is filled with pointers to functions implementing the old semantics; when a
+ * ccache is created in a context with the new API version number, the function pointer
+ * structure for the ccache is filled with poitners to functions implementing the new
+ * semantics.
+ *
+ * Similarly, if a function is added to the API, the version number in the context can
+ * be used to decide whether to include the implementation of the new function in the
+ * appropriate function pointer structure or not.
+ */
+
+/*!
+ * \defgroup ccapi_constants_reference Constants
+ * @{
+ */
+
+/*!
+ * API version numbers
+ *
+ * These constants are passed into cc_initialize() to indicate the version
+ * of the API the caller wants to use.
+ *
+ * CCAPI v1 and v2 are deprecated and should not be used.
+ */
+enum {
+    ccapi_version_2 = 2,
+    ccapi_version_3 = 3,
+    ccapi_version_4 = 4,
+    ccapi_version_5 = 5,
+    ccapi_version_6 = 6,
+    ccapi_version_7 = 7,
+    ccapi_version_max = ccapi_version_7
+};
+
+/*!
+ * Error codes
+ */
+enum {
+
+    ccNoError = 0,  /*!< Success. */
+
+    ccIteratorEnd = 201,  /*!< Iterator is done iterating. */
+    ccErrBadParam,  /*!< Bad parameter (NULL or invalid pointer where valid pointer expected). */
+    ccErrNoMem,  /*!< Not enough memory to complete the operation. */
+    ccErrInvalidContext,  /*!< Context is invalid (e.g., it was released). */
+    ccErrInvalidCCache,  /*!< CCache is invalid (e.g., it was released or destroyed). */
+
+    /* 206 */
+    ccErrInvalidString,  /*!< String is invalid (e.g., it was released). */
+    ccErrInvalidCredentials,  /*!< Credentials are invalid (e.g., they were released), or they have a bad version. */
+    ccErrInvalidCCacheIterator,  /*!< CCache iterator is invalid (e.g., it was released). */
+    ccErrInvalidCredentialsIterator,  /*!< Credentials iterator is invalid (e.g., it was released). */
+    ccErrInvalidLock,  /*!< Lock is invalid (e.g., it was released). */
+
+    /* 211 */
+    ccErrBadName,  /*!< Bad credential cache name format. */
+    ccErrBadCredentialsVersion,  /*!< Credentials version is invalid. */
+    ccErrBadAPIVersion,  /*!< Unsupported API version. */
+    ccErrContextLocked,  /*!< Context is already locked. */
+    ccErrContextUnlocked,  /*!< Context is not locked by the caller. */
+
+    /* 216 */
+    ccErrCCacheLocked,   /*!< CCache is already locked. */
+    ccErrCCacheUnlocked,  /*!< CCache is not locked by the caller. */
+    ccErrBadLockType,  /*!< Bad lock type. */
+    ccErrNeverDefault,  /*!< CCache was never default. */
+    ccErrCredentialsNotFound,  /*!< Matching credentials not found in the ccache. */
+
+    /* 221 */
+    ccErrCCacheNotFound,  /*!< Matching ccache not found in the collection. */
+    ccErrContextNotFound,  /*!< Matching cache collection not found. */
+    ccErrServerUnavailable,  /*!< CCacheServer is unavailable. */
+    ccErrServerInsecure,  /*!< CCacheServer has detected that it is running as the wrong user. */
+    ccErrServerCantBecomeUID,  /*!< CCacheServer failed to start running as the user. */
+
+    /* 226 */
+    ccErrTimeOffsetNotSet,  /*!< KDC time offset not set for this ccache. */
+    ccErrBadInternalMessage,  /*!< The client and CCacheServer can't communicate (e.g., a version mismatch). */
+    ccErrNotImplemented,  /*!< API function not supported by this implementation. */
+    ccErrClientNotFound  /*!< CCacheServer has no record of the caller's process (e.g., the server crashed). */
+};
+
+/*!
+ * Credentials versions
+ *
+ * These constants are used in several places in the API to discern Kerberos
+ * versions. Not all values are valid inputs and outputs for all functions;
+ * function specifications below detail the allowed values.
+ *
+ * Kerberos version constants will always be a bit-field, and can be
+ * tested as such; for example the following test will tell you if
+ * a ccacheVersion includes v5 credentials:
+ *
+ * if ((ccacheVersion & cc_credentials_v5) != 0)
+ */
+enum cc_credential_versions {
+    /* cc_credentials_v4 = 1, */
+    cc_credentials_v5 = 2,
+    /* cc_credentials_v4_v5 = 3 */
+};
+
+/*!
+ * Lock types
+ *
+ * These constants are used in the locking functions to describe the
+ * type of lock requested.  Note that all CCAPI locks are advisory
+ * so only callers using the lock calls will be blocked by each other.
+ * This is because locking functions were introduced after the CCAPI
+ * came into common use and we did not want to break existing callers.
+ */
+enum cc_lock_types {
+    cc_lock_read = 0,
+    cc_lock_write = 1,
+    cc_lock_upgrade = 2,
+    cc_lock_downgrade = 3
+};
+
+/*!
+ * Locking Modes
+ *
+ * These constants are used in the advisory locking functions to
+ * describe whether or not the lock function should block waiting for
+ * a lock or return an error immediately.   For example, attempting to
+ * acquire a lock with a non-blocking call will result in an error if the
+ * lock cannot be acquired; otherwise, the call will block until the lock
+ * can be acquired.
+ */
+enum cc_lock_modes {
+    cc_lock_noblock = 0,
+    cc_lock_block = 1
+};
+
+/*!@}*/
+
+/*!
+ * \defgroup ccapi_types_reference Basic Types
+ * @{
+ */
+
+/*! Unsigned 32-bit integer type */
+typedef uint32_t            cc_uint32;
+/*! Signed 32-bit integer type */
+typedef int32_t             cc_int32;
+#if defined (WIN32)
+typedef __int64             cc_int64;
+typedef unsigned __int64    cc_uint64;
+#else
+/*! Unsigned 64-bit integer type */
+typedef int64_t             cc_int64;
+/*! Signed 64-bit integer type */
+typedef uint64_t            cc_uint64;
+#endif
+/*!
+ * The cc_time_t type is used to represent a time in seconds. The time must
+ * be stored as the number of seconds since midnight GMT on January 1, 1970.
+ */
+typedef cc_uint32           cc_time_t;
+
+/*!@}*/
+
+/*!
+ * \defgroup cc_context_reference cc_context_t Overview
+ * @{
+ *
+ * The cc_context_t type gives the caller access to a ccache collection.
+ * Before being able to call any functions in the CCache API, the caller
+ * needs to acquire an instance of cc_context_t by calling cc_initialize().
+ *
+ * For API function documentation see \ref cc_context_f.
+ */
+struct cc_context_f;
+typedef struct cc_context_f cc_context_f;
+
+struct cc_context_d {
+    const cc_context_f *functions;
+#if TARGET_OS_MAC
+    const cc_context_f *vector_functions;
+#endif
+};
+typedef struct cc_context_d cc_context_d;
+typedef cc_context_d *cc_context_t;
+
+/*!@}*/
+
+/*!
+ * \defgroup cc_ccache_reference cc_ccache_t Overview
+ * @{
+ *
+ * The cc_ccache_t type represents a reference to a ccache.
+ * Callers can access a ccache and the credentials stored in it
+ * via a cc_ccache_t. A cc_ccache_t can be acquired via
+ * cc_context_open_ccache(), cc_context_open_default_ccache(), or
+ * cc_ccache_iterator_next().
+ *
+ * For API function documentation see \ref cc_ccache_f.
+ */
+struct cc_ccache_f;
+typedef struct cc_ccache_f cc_ccache_f;
+
+struct cc_ccache_d {
+    const cc_ccache_f *functions;
+#if TARGET_OS_MAC
+    const cc_ccache_f *vector_functions;
+#endif
+};
+typedef struct cc_ccache_d cc_ccache_d;
+typedef cc_ccache_d *cc_ccache_t;
+
+/*!@}*/
+
+/*!
+ * \defgroup cc_ccache_iterator_reference cc_ccache_iterator_t Overview
+ * @{
+ *
+ * The cc_ccache_iterator_t type represents an iterator that
+ * iterates over a set of ccaches and returns them in all in some
+ * order. A new instance of this type can be obtained by calling
+ * cc_context_new_ccache_iterator().
+ *
+ * For API function documentation see \ref cc_ccache_iterator_f.
+ */
+struct cc_ccache_iterator_f;
+typedef struct cc_ccache_iterator_f cc_ccache_iterator_f;
+
+struct cc_ccache_iterator_d {
+    const cc_ccache_iterator_f *functions;
+#if TARGET_OS_MAC
+    const cc_ccache_iterator_f *vector_functions;
+#endif
+};
+typedef struct cc_ccache_iterator_d cc_ccache_iterator_d;
+typedef cc_ccache_iterator_d *cc_ccache_iterator_t;
+/*!@}*/
+
+/*!
+ * \defgroup cc_credentials_reference cc_credentials_t Overview
+ * @{
+ *
+ * The cc_credentials_t type is used to store a single set of credentials for
+ * Kerberos v5. In addition to its only function, release(), it contains a
+ * pointer to a cc_credentials_union structure. A cc_credentials_union
+ * structure contains an integer of the enumerator type
+ * cc_credentials_version, which is #cc_credentials_v5, and a pointer union,
+ * which contains a cc_credentials_v5_t pointer, depending on the value in
+ * version.
+ *
+ * Variables of the type cc_credentials_t are allocated by the CCAPI
+ * implementation, and should be released with their release()
+ * function. API functions which receive credentials structures
+ * from the caller always accept cc_credentials_union, which is
+ * allocated by the caller, and accordingly disposed by the caller.
+ *
+ * For API functions see \ref cc_credentials_f.
+ */
+
+/*!
+ * The CCAPI data structure.  This structure is similar to a krb5_data structure.
+ * In a v5 credentials structure, cc_data structures are used
+ * to store tagged variable-length binary data. Specifically,
+ * for cc_credentials_v5.ticket and
+ * cc_credentials_v5.second_ticket, the cc_data.type field must
+ * be zero. For the cc_credentials_v5.addresses,
+ * cc_credentials_v5.authdata, and cc_credentials_v5.keyblock,
+ * the cc_data.type field should be the address type,
+ * authorization data type, and encryption type, as defined by
+ * the Kerberos v5 protocol definition.
+ */
+struct cc_data {
+    /*! The type of the data as defined by the krb5_data structure. */
+    cc_uint32                   type;
+    /*! The length of \a data. */
+    cc_uint32                   length;
+    /*! The data buffer. */
+    void*                       data;
+};
+typedef struct cc_data cc_data;
+
+/*!
+ * If a cc_credentials_t variable is used to store Kerberos v5 c
+ * redentials, and then credentials.credentials_v5 points to a
+ * v5 credentials structure.  This structure is similar to a
+ * krb5_creds structure.
+ */
+struct cc_credentials_v5_t {
+    /*! A properly quoted string representation of the client principal. */
+    char*      client;
+    /*! A properly quoted string representation of the service principal. */
+    char*      server;
+    /*! Session encryption key info. */
+    cc_data    keyblock;
+    /*! The time when the ticket was issued. */
+    cc_time_t  authtime;
+    /*! The time when the ticket becomes valid. */
+    cc_time_t  starttime;
+    /*! The time when the ticket expires. */
+    cc_time_t  endtime;
+    /*! The time when the ticket becomes no longer renewable (if renewable). */
+    cc_time_t  renew_till;
+    /*! 1 if the ticket is encrypted in another ticket's key, or 0 otherwise. */
+    cc_uint32  is_skey;
+    /*! Ticket flags, as defined by the Kerberos 5 API. */
+    cc_uint32  ticket_flags;
+    /*! The the list of network addresses of hosts that are allowed to authenticate
+     * using this ticket. */
+    cc_data**  addresses;
+    /*! Ticket data. */
+    cc_data    ticket;
+    /*! Second ticket data. */
+    cc_data    second_ticket;
+    /*! Authorization data. */
+    cc_data**  authdata;
+};
+typedef struct cc_credentials_v5_t cc_credentials_v5_t;
+
+struct cc_credentials_union {
+    /*! The credentials version of this credentials object. */
+    cc_uint32                   version;
+    /*! The credentials. */
+    union {
+        /*! If \a version is #cc_credentials_v5, a pointer to a cc_credentials_v5_t. */
+        cc_credentials_v5_t*    credentials_v5;
+    }                           credentials;
+};
+typedef struct cc_credentials_union cc_credentials_union;
+
+struct cc_credentials_f;
+typedef struct cc_credentials_f cc_credentials_f;
+
+struct cc_credentials_d {
+    const cc_credentials_union *data;
+    const cc_credentials_f *functions;
+#if TARGET_OS_MAC
+    const cc_credentials_f *otherFunctions;
+#endif
+};
+typedef struct cc_credentials_d cc_credentials_d;
+typedef cc_credentials_d *cc_credentials_t;
+/*!@}*/
+
+/*!
+ * \defgroup cc_credentials_iterator_reference cc_credentials_iterator_t
+ * @{
+ * The cc_credentials_iterator_t type represents an iterator that
+ * iterates over a set of credentials. A new instance of this type
+ * can be obtained by calling cc_ccache_new_credentials_iterator().
+ *
+ * For API function documentation see \ref cc_credentials_iterator_f.
+ */
+struct cc_credentials_iterator_f;
+typedef struct cc_credentials_iterator_f cc_credentials_iterator_f;
+
+struct cc_credentials_iterator_d {
+    const cc_credentials_iterator_f *functions;
+#if TARGET_OS_MAC
+    const cc_credentials_iterator_f *vector_functions;
+#endif
+};
+typedef struct cc_credentials_iterator_d cc_credentials_iterator_d;
+typedef cc_credentials_iterator_d *cc_credentials_iterator_t;
+/*!@}*/
+
+/*!
+ * \defgroup cc_string_reference cc_string_t Overview
+ * @{
+ * The cc_string_t represents a C string returned by the API.
+ * It has a pointer to the string data and a release() function.
+ * This type is used for both principal names and ccache names
+ * returned by the API. Principal names may contain UTF-8 encoded
+ * strings for internationalization purposes.
+ *
+ * For API function documentation see \ref cc_string_f.
+ */
+struct cc_string_f;
+typedef struct cc_string_f cc_string_f;
+
+struct cc_string_d {
+    const char *data;
+    const cc_string_f *functions;
+#if TARGET_OS_MAC
+    const cc_string_f *vector_functions;
+#endif
+};
+typedef struct cc_string_d cc_string_d;
+typedef cc_string_d *cc_string_t;
+/*!@}*/
+
+/*!
+ * Function pointer table for cc_context_t.  For more information see
+ * \ref cc_context_reference.
+ */
+struct cc_context_f {
+    /*!
+     * \param io_context the context object to free.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_release(): Release memory associated with a cc_context_t.
+     */
+    cc_int32 (*release) (cc_context_t io_context);
+
+    /*!
+     * \param in_context the context object for the cache collection to examine.
+     * \param out_time on exit, the time of the most recent change for the entire ccache collection.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_get_change_time(): Get the last time the cache collection changed.
+     *
+     * This function returns the time of the most recent change for the entire ccache collection.
+     * By maintaining a local copy the caller can deduce whether or not the ccache collection has
+     * been modified since the previous call to cc_context_get_change_time().
+     *
+     * The time returned by cc_context_get_changed_time() increases whenever:
+     *
+     * \li a ccache is created
+     * \li a ccache is destroyed
+     * \li a credential is stored
+     * \li a credential is removed
+     * \li a ccache principal is changed
+     * \li the default ccache is changed
+     *
+     * \note In order to be able to compare two values returned by cc_context_get_change_time(),
+     * the caller must use the same context to acquire them. Callers should maintain a single
+     * context in memory for cc_context_get_change_time() calls rather than creating a new
+     * context for every call.
+     *
+     * \sa wait_for_change
+     */
+    cc_int32 (*get_change_time) (cc_context_t  in_context,
+                                 cc_time_t    *out_time);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param out_name on exit, the name of the default ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_get_default_ccache_name(): Get the name of the default ccache.
+     *
+     * This function returns the name of the default ccache. When the default ccache
+     * exists, its name is returned. If there are no ccaches in the collection, and
+     * thus there is no default ccache, the name that the default ccache should have
+     * is returned. The ccache with that name will be used as the default ccache by
+     * all processes which initialized Kerberos libraries before the ccache was created.
+     *
+     * If there is no default ccache, and the client is creating a new ccache, it
+     * should be created with the default name. If there already is a default ccache,
+     * and the client wants to create a new ccache (as opposed to reusing an existing
+     * ccache), it should be created with any unique name; #create_new_ccache()
+     * can be used to accomplish that more easily.
+     *
+     * If the first ccache is created with a name other than the default name, then
+     * the processes already running will not notice the credentials stored in the
+     * new ccache, which is normally undesirable.
+     */
+    cc_int32 (*get_default_ccache_name) (cc_context_t  in_context,
+                                         cc_string_t  *out_name);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param in_name the name of the ccache to open.
+     * \param out_ccache on exit, a ccache object for the ccache
+     * \return On success, #ccNoError.  If no ccache named \a in_name exists,
+     * #ccErrCCacheNotFound. On failure, an error code representing the failure.
+     * \brief \b cc_context_open_ccache(): Open a ccache.
+     *
+     * Opens an already existing ccache identified by its name. It returns a reference
+     * to the ccache in \a out_ccache.
+     *
+     * The list of all ccache names, principals, and credentials versions may be retrieved
+     * by calling cc_context_new_cache_iterator(), cc_ccache_get_name(),
+     * cc_ccache_get_principal(), and cc_ccache_get_cred_version().
+     */
+    cc_int32 (*open_ccache) (cc_context_t  in_context,
+                             const char   *in_name,
+                             cc_ccache_t  *out_ccache);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param out_ccache on exit, a ccache object for the default ccache
+     * \return On success, #ccNoError.  If no default ccache exists,
+     * #ccErrCCacheNotFound. On failure, an error code representing the failure.
+     * \brief \b cc_context_open_default_ccache(): Open the default ccache.
+     *
+     * Opens the default ccache. It returns a reference to the ccache in *ccache.
+     *
+     * This function performs the same function as calling
+     * cc_context_get_default_ccache_name followed by cc_context_open_ccache,
+     * but it performs it atomically.
+     */
+    cc_int32 (*open_default_ccache) (cc_context_t  in_context,
+                                     cc_ccache_t  *out_ccache);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param in_name the name of the new ccache to create
+     * \param in_cred_vers the version of the credentials the new ccache will hold
+     * \param in_principal the client principal of the credentials the new ccache will hold
+     * \param out_ccache on exit, a ccache object for the newly created ccache
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_create_ccache(): Create a new ccache.
+     *
+     * Create a new credentials cache. The ccache is uniquely identified by
+     * its name.  The principal given is also associated with the ccache and
+     * the credentials version specified. A NULL name is not allowed (and
+     * ccErrBadName is returned if one is passed in). Only cc_credentials_v5
+     * can be an input value for cred_vers.
+     *
+     * If you want to create a new ccache (with a unique name), you should use
+     * cc_context_create_new_ccache() instead. If you want to create or reinitialize
+     * the default cache, you should use cc_context_create_default_ccache().
+     *
+     * If name is non-NULL and there is already a ccache named name:
+     *
+     * \li the credentials in the ccache whose version is cred_vers are removed
+     * \li the principal (of the existing ccache) associated with cred_vers is set to principal
+     * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid
+     *
+     * If no ccache named name already exists:
+     *
+     * \li a new empty ccache is created
+     * \li the principal of the new ccache associated with cred_vers is set to principal
+     * \li a handle for the new ccache is returned
+     *
+     * For a new ccache, the name should be any unique string. The name is not
+     * intended to be presented to users.
+     *
+     * If the created ccache is the first ccache in the collection, it is made
+     * the default ccache. Note that normally it is undesirable to create the first
+     * ccache with a name different from the default ccache name (as returned by
+     * cc_context_get_default_ccache_name()); see the description of
+     * cc_context_get_default_ccache_name() for details.
+     *
+     * The principal should be a C string containing an unparsed Kerberos
+     * principal in the format of the appropriate Kerberos version,
+     * i.e. \verbatim foo/bar/@BAZ \endverbatim for Kerberos v5.
+     */
+    cc_int32 (*create_ccache) (cc_context_t  in_context,
+                               const char   *in_name,
+                               cc_uint32     in_cred_vers,
+                               const char   *in_principal,
+                               cc_ccache_t  *out_ccache);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param in_cred_vers the version of the credentials the new default ccache will hold
+     * \param in_principal the client principal of the credentials the new default ccache will hold
+     * \param out_ccache on exit, a ccache object for the newly created default ccache
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_create_default_ccache(): Create a new default ccache.
+     *
+     * Create the default credentials cache. The behavior of this function is
+     * similar to that of cc_create_ccache(). If there is a default ccache
+     * (which is always the case except when there are no ccaches at all in
+     * the collection), it is initialized with the specified credentials version
+     * and principal, as per cc_create_ccache(); otherwise, a new ccache is
+     * created, and its name is the name returned by
+     * cc_context_get_default_ccache_name().
+     */
+    cc_int32 (*create_default_ccache) (cc_context_t  in_context,
+                                       cc_uint32     in_cred_vers,
+                                       const char   *in_principal,
+                                       cc_ccache_t  *out_ccache);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param in_cred_vers the version of the credentials the new ccache will hold
+     * \param in_principal the client principal of the credentials the new ccache will hold
+     * \param out_ccache on exit, a ccache object for the newly created ccache
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache.
+     *
+     * Create a new unique credentials cache. The behavior of this function
+     * is similar to that of cc_create_ccache(). If there are no ccaches, and
+     * therefore no default ccache, the new ccache is created with the default
+     * ccache name as would be returned by get_default_ccache_name(). If there
+     * are some ccaches, and therefore there is a default ccache, the new ccache
+     * is created with a new unique name. Clearly, this function never reinitializes
+     * a ccache, since it always uses a unique name.
+     */
+    cc_int32 (*create_new_ccache) (cc_context_t in_context,
+                                   cc_uint32    in_cred_vers,
+                                   const char  *in_principal,
+                                   cc_ccache_t *out_ccache);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param out_iterator on exit, a ccache iterator object for the ccache collection.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection.
+     *
+     * Used to allocate memory and initialize iterator. Successive calls to iterator's
+     * next() function will return ccaches in the collection.
+     *
+     * If changes are made to the collection while an iterator is being used
+     * on it, the iterator must return at least the intersection, and at most
+     * the union, of the set of ccaches that were present when the iteration
+     * began and the set of ccaches that are present when it ends.
+     */
+    cc_int32 (*new_ccache_iterator) (cc_context_t          in_context,
+                                     cc_ccache_iterator_t *out_iterator);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \param in_lock_type the type of lock to obtain.
+     * \param in_block whether or not the function should block if the lock cannot be obtained immediately.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_lock(): Lock the cache collection.
+     *
+     * Attempts to acquire an advisory lock for the ccache collection. Allowed values
+     * for lock_type are:
+     *
+     * \li cc_lock_read: a read lock.
+     * \li cc_lock_write: a write lock
+     * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock
+     * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock
+     *
+     * If block is cc_lock_block, lock() will not return until the lock is acquired.
+     * If block is cc_lock_noblock, lock() will return immediately, either acquiring
+     * the lock and returning ccNoError, or failing to acquire the lock and returning
+     * an error explaining why.
+     *
+     * Locks apply only to the list of ccaches, not the contents of those ccaches.  To
+     * prevent callers participating in the advisory locking from changing the credentials
+     * in a cache you must also lock that ccache with cc_ccache_lock().  This is so
+     * that you can get the list of ccaches without preventing applications from
+     * simultaneously obtaining service tickets.
+     *
+     * To avoid having to deal with differences between thread semantics on different
+     * platforms, locks are granted per context, rather than per thread or per process.
+     * That means that different threads of execution have to acquire separate contexts
+     * in order to be able to synchronize with each other.
+     *
+     * The lock should be unlocked by using cc_context_unlock().
+     *
+     * \note All locks are advisory.  For example, callers which do not call
+     * cc_context_lock() and cc_context_unlock() will not be prevented from writing
+     * to the cache collection when you have a read lock.  This is because the CCAPI
+     * locking was added after the first release and thus adding mandatory locks would
+     * have changed the user experience and performance of existing applications.
+     */
+    cc_int32 (*lock) (cc_context_t in_context,
+                      cc_uint32    in_lock_type,
+                      cc_uint32    in_block);
+
+    /*!
+     * \param in_context the context object for the cache collection.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_unlock(): Unlock the cache collection.
+     */
+    cc_int32 (*unlock) (cc_context_t in_cc_context);
+
+    /*!
+     * \param in_context a context object.
+     * \param in_compare_to_context a context object to compare with \a in_context.
+     * \param out_equal on exit, whether or not the two contexts refer to the same cache collection.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_compare(): Compare two context objects.
+     */
+    cc_int32 (*compare) (cc_context_t  in_cc_context,
+                         cc_context_t  in_compare_to_context,
+                         cc_uint32    *out_equal);
+
+    /*!
+     * \param in_context a context object.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection.
+     *
+     * This function blocks until the next change is made to the cache collection
+     * ccache collection. By repeatedly calling cc_context_wait_for_change() from
+     * a worker thread the caller can effectively receive callbacks whenever the
+     * cache collection changes.  This is considerably more efficient than polling
+     * with cc_context_get_change_time().
+     *
+     * cc_context_wait_for_change() will return whenever:
+     *
+     * \li a ccache is created
+     * \li a ccache is destroyed
+     * \li a credential is stored
+     * \li a credential is removed
+     * \li a ccache principal is changed
+     * \li the default ccache is changed
+     *
+     * \note In order to make sure that the caller doesn't miss any changes,
+     * cc_context_wait_for_change() always returns immediately after the first time it
+     * is called on a new context object. Callers must use the same context object
+     * for successive calls to cc_context_wait_for_change() rather than creating a new
+     * context for every call.
+     *
+     * \sa get_change_time
+     */
+    cc_int32 (*wait_for_change) (cc_context_t in_cc_context);
+};
+
+/*!
+ * Function pointer table for cc_ccache_t.  For more information see
+ * \ref cc_ccache_reference.
+ */
+struct cc_ccache_f {
+    /*!
+     * \param io_ccache the ccache object to release.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_release(): Release memory associated with a cc_ccache_t object.
+     * \note Does not modify the ccache.  If you wish to remove the ccache see cc_ccache_destroy().
+     */
+    cc_int32 (*release) (cc_ccache_t io_ccache);
+
+    /*!
+     * \param io_ccache the ccache object to destroy and release.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_destroy(): Destroy a ccache.
+     *
+     * Destroy the ccache referred to by \a io_ccache and releases memory associated with
+     * the \a io_ccache object.  After this call \a io_ccache becomes invalid.  If
+     * \a io_ccache was the default ccache, the next ccache in the cache collection (if any)
+     * becomes the new default.
+     */
+    cc_int32 (*destroy) (cc_ccache_t io_ccache);
+
+    /*!
+     * \param io_ccache a ccache object to make the new default ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_set_default(): Make a ccache the default ccache.
+     */
+    cc_int32 (*set_default) (cc_ccache_t io_ccache);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param out_credentials_version on exit, the credentials version of \a in_ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_get_credentials_version(): Get the credentials version of a ccache.
+     *
+     * cc_ccache_get_credentials_version() returns one value of the enumerated
+     * type cc_credentials_vers. The return value is #cc_credentials_v5 (if
+     * ccache's v5 principal has been set).  A ccache's principal is set with
+     * one of cc_context_create_ccache(), cc_context_create_new_ccache(),
+     * cc_context_create_default_ccache(), or cc_ccache_set_principal().
+     */
+    cc_int32 (*get_credentials_version) (cc_ccache_t  in_ccache,
+                                         cc_uint32   *out_credentials_version);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param out_name on exit, a cc_string_t representing the name of \a in_ccache.
+     * \a out_name must be released with cc_string_release().
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_get_name(): Get the name of a ccache.
+     */
+    cc_int32 (*get_name) (cc_ccache_t  in_ccache,
+                          cc_string_t *out_name);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param in_credentials_version the credentials version to get the principal for.
+     * \param out_principal on exit, a cc_string_t representing the principal of \a in_ccache.
+     * \a out_principal must be released with cc_string_release().
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_get_principal(): Get the principal of a ccache.
+     *
+     * Return the principal for the ccache that was set via cc_context_create_ccache(),
+     * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
+     * cc_ccache_set_principal().
+     */
+    cc_int32 (*get_principal) (cc_ccache_t  in_ccache,
+                               cc_uint32    in_credentials_version,
+                               cc_string_t *out_principal);
+
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param in_credentials_version the credentials version to set the principal for.
+     * \param in_principal a C string representing the new principal of \a in_ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_set_principal(): Set the principal of a ccache.
+     *
+     * Set the a principal for ccache.
+     */
+    cc_int32 (*set_principal) (cc_ccache_t  io_ccache,
+                               cc_uint32    in_credentials_version,
+                               const char  *in_principal);
+
+    /*!
+     * \param io_ccache a ccache object.
+     * \param in_credentials_union the credentials to store in \a io_ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_store_credentials(): Store credentials in a ccache.
+     *
+     * Store a copy of credentials in the ccache.
+     *
+     * See the description of the credentials types for the meaning of
+     * cc_credentials_union fields.
+     *
+     * Before credentials of a specific credential type can be stored in a
+     * ccache, the corresponding principal version has to be set.  That is,
+     * before you can store Kerberos v5 credentials in a ccache, the Kerberos
+     * v5 principal has to be set either by cc_context_create_ccache(),
+     * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
+     * cc_ccache_set_principal(); otherwise, ccErrBadCredentialsVersion is
+     * returned.
+     */
+    cc_int32 (*store_credentials) (cc_ccache_t                 io_ccache,
+                                   const cc_credentials_union *in_credentials_union);
+
+    /*!
+     * \param io_ccache a ccache object.
+     * \param in_credentials the credentials to remove from \a io_ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_remove_credentials(): Remove credentials from a ccache.
+     *
+     * Removes credentials from a ccache. Note that credentials must be previously
+     * acquired from the CCache API; only exactly matching credentials will be
+     * removed. (This places the burden of determining exactly which credentials
+     * to remove on the caller, but ensures there is no ambigity about which
+     * credentials will be removed.) cc_credentials_t objects can be obtained by
+     * iterating over the ccache's credentials with cc_ccache_new_credentials_iterator().
+     *
+     * If found, the credentials are removed from the ccache. The credentials
+     * parameter is not modified and should be freed by the caller. It is
+     * legitimate to call this function while an iterator is traversing the
+     * ccache, and the deletion of a credential already returned by
+     * cc_credentials_iterator_next() will not disturb sequence of credentials
+     * returned by cc_credentials_iterator_next().
+     */
+    cc_int32 (*remove_credentials) (cc_ccache_t      io_ccache,
+                                    cc_credentials_t in_credentials);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param out_credentials_iterator a credentials iterator for \a io_ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_new_credentials_iterator(): Iterate over credentials in a ccache.
+     *
+     * Allocates memory for iterator and initializes it. Successive calls to
+     * cc_credentials_iterator_next() will return credentials from the ccache.
+     *
+     * If changes are made to the ccache while an iterator is being used on it,
+     * the iterator must return at least the intersection, and at most the union,
+     * of the set of credentials that were in the ccache when the iteration began
+     * and the set of credentials that are in the ccache when it ends.
+     */
+    cc_int32 (*new_credentials_iterator) (cc_ccache_t                in_ccache,
+                                          cc_credentials_iterator_t *out_credentials_iterator);
+
+    /*!
+     * \param io_source_ccache a ccache object to move.
+     * \param io_destination_ccache a ccache object replace with the contents of \a io_source_ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_move(): Move the contents of one ccache into another, destroying the source.
+     *
+     * cc_ccache_move() atomically copies the credentials, credential versions and principals
+     * from one ccache to another.  On successful completion \a io_source_ccache will be
+     * released and the ccache it points to will be destroyed.  Any credentials previously
+     * in \a io_destination_ccache will be replaced with credentials from \a io_source_ccache.
+     * The only part of \a io_destination_ccache which remains constant is the name.  Any other
+     * callers referring to \a io_destination_ccache will suddenly see new data in it.
+     *
+     * Typically cc_ccache_move() is used when the caller wishes to safely overwrite the
+     * contents of a ccache with new data which requires several steps to generate.
+     * cc_ccache_move() allows the caller to create a temporary ccache
+     * (which can be destroyed if any intermediate step fails) and the atomically copy
+     * the temporary cache into the destination.
+     */
+    cc_int32 (*move) (cc_ccache_t io_source_ccache,
+                      cc_ccache_t io_destination_ccache);
+
+    /*!
+     * \param io_ccache the ccache object for the ccache you wish to lock.
+     * \param in_lock_type the type of lock to obtain.
+     * \param in_block whether or not the function should block if the lock cannot be obtained immediately.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_lock(): Lock a ccache.
+     *
+     * Attempts to acquire an advisory lock for a ccache. Allowed values for lock_type are:
+     *
+     * \li cc_lock_read: a read lock.
+     * \li cc_lock_write: a write lock
+     * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock
+     * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock
+     *
+     * If block is cc_lock_block, lock() will not return until the lock is acquired.
+     * If block is cc_lock_noblock, lock() will return immediately, either acquiring
+     * the lock and returning ccNoError, or failing to acquire the lock and returning
+     * an error explaining why.
+     *
+     * To avoid having to deal with differences between thread semantics on different
+     * platforms, locks are granted per ccache, rather than per thread or per process.
+     * That means that different threads of execution have to acquire separate contexts
+     * in order to be able to synchronize with each other.
+     *
+     * The lock should be unlocked by using cc_ccache_unlock().
+     *
+     * \note All locks are advisory.  For example, callers which do not call
+     * cc_ccache_lock() and cc_ccache_unlock() will not be prevented from writing
+     * to the ccache when you have a read lock.  This is because the CCAPI
+     * locking was added after the first release and thus adding mandatory locks would
+     * have changed the user experience and performance of existing applications.
+     */
+    cc_int32 (*lock) (cc_ccache_t io_ccache,
+                      cc_uint32   in_lock_type,
+                      cc_uint32   in_block);
+
+    /*!
+     * \param io_ccache a ccache object.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_unlock(): Unlock a ccache.
+     */
+    cc_int32 (*unlock) (cc_ccache_t io_ccache);
+
+    /*!
+     * \param in_ccache a cache object.
+     * \param out_last_default_time on exit, the last time the ccache was default.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_get_change_time(): Get the last time a ccache was the default ccache.
+     *
+     * This function returns the last time when the ccache was made the default ccache.
+     * This allows clients to sort the ccaches by how recently they were default, which
+     * is useful for user listing of ccaches. If the ccache was never default,
+     * ccErrNeverDefault is returned.
+     */
+    cc_int32 (*get_last_default_time) (cc_ccache_t  in_ccache,
+                                       cc_time_t   *out_last_default_time);
+
+    /*!
+     * \param in_ccache a cache object.
+     * \param out_change_time on exit, the last time the ccache changed.
+     * \return On success, #ccNoError.  If the ccache was never the default ccache,
+     * #ccErrNeverDefault.  Otherwise, an error code representing the failure.
+     * \brief \b cc_ccache_get_change_time(): Get the last time a ccache changed.
+     *
+     * This function returns the time of the most recent change made to a ccache.
+     * By maintaining a local copy the caller can deduce whether or not the ccache has
+     * been modified since the previous call to cc_ccache_get_change_time().
+     *
+     * The time returned by cc_ccache_get_change_time() increases whenever:
+     *
+     * \li a credential is stored
+     * \li a credential is removed
+     * \li a ccache principal is changed
+     * \li the ccache becomes the default ccache
+     * \li the ccache is no longer the default ccache
+     *
+     * \note In order to be able to compare two values returned by cc_ccache_get_change_time(),
+     * the caller must use the same ccache object to acquire them. Callers should maintain a
+     * single ccache object in memory for cc_ccache_get_change_time() calls rather than
+     * creating a new ccache object for every call.
+     *
+     * \sa wait_for_change
+     */
+    cc_int32 (*get_change_time) (cc_ccache_t  in_ccache,
+                                 cc_time_t   *out_change_time);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param in_compare_to_ccache a ccache object to compare with \a in_ccache.
+     * \param out_equal on exit, whether or not the two ccaches refer to the same ccache.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_compare(): Compare two ccache objects.
+     */
+    cc_int32 (*compare) (cc_ccache_t  in_ccache,
+                         cc_ccache_t  in_compare_to_ccache,
+                         cc_uint32   *out_equal);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param in_credentials_version the credentials version to get the time offset for.
+     * \param out_time_offset on exit, the KDC time offset for \a in_ccache for credentials version
+     * \a in_credentials_version.
+     * \return On success, #ccNoError if a time offset was obtained or #ccErrTimeOffsetNotSet
+     * if a time offset has not been set.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_get_kdc_time_offset(): Get the KDC time offset for credentials in a ccache.
+     * \sa set_kdc_time_offset, clear_kdc_time_offset
+     *
+     * Sometimes the KDC and client's clocks get out of sync.  cc_ccache_get_kdc_time_offset()
+     * returns the difference between the KDC and client's clocks at the time credentials were
+     * acquired.  This offset allows callers to figure out how much time is left on a given
+     * credential even though the end_time is based on the KDC's clock not the client's clock.
+     */
+    cc_int32 (*get_kdc_time_offset) (cc_ccache_t  in_ccache,
+                                     cc_uint32    in_credentials_version,
+                                     cc_time_t   *out_time_offset);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param in_credentials_version the credentials version to get the time offset for.
+     * \param in_time_offset the new KDC time offset for \a in_ccache for credentials version
+     * \a in_credentials_version.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_set_kdc_time_offset(): Set the KDC time offset for credentials in a ccache.
+     * \sa get_kdc_time_offset, clear_kdc_time_offset
+     *
+     * Sometimes the KDC and client's clocks get out of sync.  cc_ccache_set_kdc_time_offset()
+     * sets the difference between the KDC and client's clocks at the time credentials were
+     * acquired.  This offset allows callers to figure out how much time is left on a given
+     * credential even though the end_time is based on the KDC's clock not the client's clock.
+     */
+    cc_int32 (*set_kdc_time_offset) (cc_ccache_t io_ccache,
+                                     cc_uint32   in_credentials_version,
+                                     cc_time_t   in_time_offset);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \param in_credentials_version the credentials version to get the time offset for.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_clear_kdc_time_offset(): Clear the KDC time offset for credentials in a ccache.
+     * \sa get_kdc_time_offset, set_kdc_time_offset
+     *
+     * Sometimes the KDC and client's clocks get out of sync.  cc_ccache_clear_kdc_time_offset()
+     * clears the difference between the KDC and client's clocks at the time credentials were
+     * acquired.  This offset allows callers to figure out how much time is left on a given
+     * credential even though the end_time is based on the KDC's clock not the client's clock.
+     */
+    cc_int32 (*clear_kdc_time_offset) (cc_ccache_t io_ccache,
+                                       cc_uint32   in_credentials_version);
+
+    /*!
+     * \param in_ccache a ccache object.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_wait_for_change(): Wait for the next change to a ccache.
+     *
+     * This function blocks until the next change is made to the ccache referenced by
+     * \a in_ccache. By repeatedly calling cc_ccache_wait_for_change() from
+     * a worker thread the caller can effectively receive callbacks whenever the
+     * ccache changes.  This is considerably more efficient than polling
+     * with cc_ccache_get_change_time().
+     *
+     * cc_ccache_wait_for_change() will return whenever:
+     *
+     * \li a credential is stored
+     * \li a credential is removed
+     * \li the ccache principal is changed
+     * \li the ccache becomes the default ccache
+     * \li the ccache is no longer the default ccache
+     *
+     * \note In order to make sure that the caller doesn't miss any changes,
+     * cc_ccache_wait_for_change() always returns immediately after the first time it
+     * is called on a new ccache object. Callers must use the same ccache object
+     * for successive calls to cc_ccache_wait_for_change() rather than creating a new
+     * ccache object for every call.
+     *
+     * \sa get_change_time
+     */
+    cc_int32 (*wait_for_change) (cc_ccache_t in_ccache);
+};
+
+/*!
+ * Function pointer table for cc_string_t.  For more information see
+ * \ref cc_string_reference.
+ */
+struct cc_string_f {
+    /*!
+     * \param io_string the string object to release.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_string_release(): Release memory associated with a cc_string_t object.
+     */
+    cc_int32 (*release) (cc_string_t io_string);
+};
+
+/*!
+ * Function pointer table for cc_credentials_t.  For more information see
+ * \ref cc_credentials_reference.
+ */
+struct cc_credentials_f {
+    /*!
+     * \param io_credentials the credentials object to release.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_credentials_release(): Release memory associated with a cc_credentials_t object.
+     */
+    cc_int32 (*release) (cc_credentials_t  io_credentials);
+
+    /*!
+     * \param in_credentials a credentials object.
+     * \param in_compare_to_credentials a credentials object to compare with \a in_credentials.
+     * \param out_equal on exit, whether or not the two credentials objects refer to the
+     * same credentials in the cache collection.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_credentials_compare(): Compare two credentials objects.
+     */
+    cc_int32 (*compare) (cc_credentials_t  in_credentials,
+                         cc_credentials_t  in_compare_to_credentials,
+                         cc_uint32        *out_equal);
+};
+
+/*!
+ * Function pointer table for cc_ccache_iterator_t.  For more information see
+ * \ref cc_ccache_iterator_reference.
+ */
+struct cc_ccache_iterator_f {
+    /*!
+     * \param io_ccache_iterator the ccache iterator object to release.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_iterator_release(): Release memory associated with a cc_ccache_iterator_t object.
+     */
+    cc_int32 (*release) (cc_ccache_iterator_t io_ccache_iterator);
+
+    /*!
+     * \param in_ccache_iterator a ccache iterator object.
+     * \param out_ccache on exit, the next ccache in the cache collection.
+     * \return On success, #ccNoError if the next ccache in the cache collection was
+     * obtained or #ccIteratorEnd if there are no more ccaches.
+     * On failure, an error code representing the failure.
+     * \brief \b cc_ccache_iterator_next(): Get the next ccache in the cache collection.
+     */
+    cc_int32 (*next) (cc_ccache_iterator_t  in_ccache_iterator,
+                      cc_ccache_t          *out_ccache);
+
+    /*!
+     * \param in_ccache_iterator a ccache iterator object.
+     * \param out_ccache_iterator on exit, a copy of \a in_ccache_iterator.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_ccache_iterator_clone(): Make a copy of a ccache iterator.
+     */
+    cc_int32 (*clone) (cc_ccache_iterator_t  in_ccache_iterator,
+                       cc_ccache_iterator_t *out_ccache_iterator);
+};
+
+/*!
+ * Function pointer table for cc_credentials_iterator_t.  For more information see
+ * \ref cc_credentials_iterator_reference.
+ */
+struct cc_credentials_iterator_f {
+    /*!
+     * \param io_credentials_iterator the credentials iterator object to release.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_credentials_iterator_release(): Release memory associated with a cc_credentials_iterator_t object.
+     */
+    cc_int32 (*release) (cc_credentials_iterator_t io_credentials_iterator);
+
+    /*!
+     * \param in_credentials_iterator a credentials iterator object.
+     * \param out_credentials on exit, the next credentials in the ccache.
+     * \return On success, #ccNoError if the next credential in the ccache was obtained
+     * or #ccIteratorEnd if there are no more credentials.
+     * On failure, an error code representing the failure.
+     * \brief \b cc_credentials_iterator_next(): Get the next credentials in the ccache.
+     */
+    cc_int32 (*next) (cc_credentials_iterator_t  in_credentials_iterator,
+                      cc_credentials_t          *out_credentials);
+
+    /*!
+     * \ingroup cc_credentials_iterator_reference
+     * \param in_credentials_iterator a credentials iterator object.
+     * \param out_credentials_iterator on exit, a copy of \a in_credentials_iterator.
+     * \return On success, #ccNoError.  On failure, an error code representing the failure.
+     * \brief \b cc_credentials_iterator_clone(): Make a copy of a credentials iterator.
+     */
+    cc_int32 (*clone) (cc_credentials_iterator_t  in_credentials_iterator,
+                       cc_credentials_iterator_t *out_credentials_iterator);
+};
+
+/*!
+ * \ingroup cc_context_reference
+ * \param out_context on exit, a new context object.  Must be free with cc_context_release().
+ * \param in_version  the requested API version.  This should be the maximum version the
+ * application supports.
+ * \param out_supported_version if non-NULL, on exit contains the maximum API version
+ * supported by the implementation.
+ * \param out_vendor if non-NULL, on exit contains a pointer to a read-only C string which
+ * contains a string describing the vendor which implemented the credentials cache API.
+ * \return On success, #ccNoError.  On failure, an error code representing the failure.
+ * May return CCAPI v2 error CC_BAD_API_VERSION if #ccapi_version_2 is passed in.
+ * \brief Initialize a new cc_context.
+ */
+CCACHE_API cc_int32 cc_initialize (cc_context_t  *out_context,
+                                   cc_int32       in_version,
+                                   cc_int32      *out_supported_version,
+                                   char const   **out_vendor);
+
+
+/*! \defgroup helper_macros CCAPI Function Helper Macros
+ * @{ */
+
+/*! Helper macro for cc_context_f release() */
+#define         cc_context_release(context)             \
+    ((context) -> functions -> release (context))
+/*! Helper macro for cc_context_f get_change_time() */
+#define         cc_context_get_change_time(context, change_time)        \
+    ((context) -> functions -> get_change_time (context, change_time))
+/*! Helper macro for cc_context_f get_default_ccache_name() */
+#define         cc_context_get_default_ccache_name(context, name)       \
+    ((context) -> functions -> get_default_ccache_name (context, name))
+/*! Helper macro for cc_context_f open_ccache() */
+#define         cc_context_open_ccache(context, name, ccache)           \
+    ((context) -> functions -> open_ccache (context, name, ccache))
+/*! Helper macro for cc_context_f open_default_ccache() */
+#define         cc_context_open_default_ccache(context, ccache)         \
+    ((context) -> functions -> open_default_ccache (context, ccache))
+/*! Helper macro for cc_context_f create_ccache() */
+#define         cc_context_create_ccache(context, name, version, principal, ccache) \
+    ((context) -> functions -> create_ccache (context, name, version, principal, ccache))
+/*! Helper macro for cc_context_f create_default_ccache() */
+#define         cc_context_create_default_ccache(context, version, principal, ccache) \
+    ((context) -> functions -> create_default_ccache (context, version, principal, ccache))
+/*! Helper macro for cc_context_f create_new_ccache() */
+#define         cc_context_create_new_ccache(context, version, principal, ccache) \
+    ((context) -> functions -> create_new_ccache (context, version, principal, ccache))
+/*! Helper macro for cc_context_f new_ccache_iterator() */
+#define         cc_context_new_ccache_iterator(context, iterator)       \
+    ((context) -> functions -> new_ccache_iterator (context, iterator))
+/*! Helper macro for cc_context_f lock() */
+#define         cc_context_lock(context, type, block)           \
+    ((context) -> functions -> lock (context, type, block))
+/*! Helper macro for cc_context_f unlock() */
+#define         cc_context_unlock(context)              \
+    ((context) -> functions -> unlock (context))
+/*! Helper macro for cc_context_f compare() */
+#define         cc_context_compare(context, compare_to, equal)          \
+    ((context) -> functions -> compare (context, compare_to, equal))
+/*! Helper macro for cc_context_f wait_for_change() */
+#define         cc_context_wait_for_change(context)             \
+    ((context) -> functions -> wait_for_change (context))
+
+/*! Helper macro for cc_ccache_f release() */
+#define         cc_ccache_release(ccache)       \
+    ((ccache) -> functions -> release (ccache))
+/*! Helper macro for cc_ccache_f destroy() */
+#define         cc_ccache_destroy(ccache)       \
+    ((ccache) -> functions -> destroy (ccache))
+/*! Helper macro for cc_ccache_f set_default() */
+#define         cc_ccache_set_default(ccache)           \
+    ((ccache) -> functions -> set_default (ccache))
+/*! Helper macro for cc_ccache_f get_credentials_version() */
+#define         cc_ccache_get_credentials_version(ccache, version)      \
+    ((ccache) -> functions -> get_credentials_version (ccache, version))
+/*! Helper macro for cc_ccache_f get_name() */
+#define         cc_ccache_get_name(ccache, name)        \
+    ((ccache) -> functions -> get_name (ccache, name))
+/*! Helper macro for cc_ccache_f get_principal() */
+#define         cc_ccache_get_principal(ccache, version, principal)     \
+    ((ccache) -> functions -> get_principal (ccache, version, principal))
+/*! Helper macro for cc_ccache_f set_principal() */
+#define         cc_ccache_set_principal(ccache, version, principal)     \
+    ((ccache) -> functions -> set_principal (ccache, version, principal))
+/*! Helper macro for cc_ccache_f store_credentials() */
+#define         cc_ccache_store_credentials(ccache, credentials)        \
+    ((ccache) -> functions -> store_credentials (ccache, credentials))
+/*! Helper macro for cc_ccache_f remove_credentials() */
+#define         cc_ccache_remove_credentials(ccache, credentials)       \
+    ((ccache) -> functions -> remove_credentials (ccache, credentials))
+/*! Helper macro for cc_ccache_f new_credentials_iterator() */
+#define         cc_ccache_new_credentials_iterator(ccache, iterator)    \
+    ((ccache) -> functions -> new_credentials_iterator (ccache, iterator))
+/*! Helper macro for cc_ccache_f lock() */
+#define         cc_ccache_lock(ccache, type, block)             \
+    ((ccache) -> functions -> lock (ccache, type, block))
+/*! Helper macro for cc_ccache_f unlock() */
+#define         cc_ccache_unlock(ccache)        \
+    ((ccache) -> functions -> unlock (ccache))
+/*! Helper macro for cc_ccache_f get_last_default_time() */
+#define         cc_ccache_get_last_default_time(ccache, last_default_time) \
+    ((ccache) -> functions -> get_last_default_time (ccache, last_default_time))
+/*! Helper macro for cc_ccache_f get_change_time() */
+#define         cc_ccache_get_change_time(ccache, change_time)          \
+    ((ccache) -> functions -> get_change_time (ccache, change_time))
+/*! Helper macro for cc_ccache_f move() */
+#define         cc_ccache_move(source, destination)             \
+    ((source) -> functions -> move (source, destination))
+/*! Helper macro for cc_ccache_f compare() */
+#define         cc_ccache_compare(ccache, compare_to, equal)            \
+    ((ccache) -> functions -> compare (ccache, compare_to, equal))
+/*! Helper macro for cc_ccache_f get_kdc_time_offset() */
+#define         cc_ccache_get_kdc_time_offset(ccache, version, time_offset) \
+    ((ccache) -> functions -> get_kdc_time_offset (ccache, version, time_offset))
+/*! Helper macro for cc_ccache_f set_kdc_time_offset() */
+#define         cc_ccache_set_kdc_time_offset(ccache, version, time_offset) \
+    ((ccache) -> functions -> set_kdc_time_offset (ccache, version, time_offset))
+/*! Helper macro for cc_ccache_f clear_kdc_time_offset() */
+#define         cc_ccache_clear_kdc_time_offset(ccache, version)        \
+    ((ccache) -> functions -> clear_kdc_time_offset (ccache, version))
+/*! Helper macro for cc_ccache_f wait_for_change() */
+#define         cc_ccache_wait_for_change(ccache)       \
+    ((ccache) -> functions -> wait_for_change (ccache))
+
+/*! Helper macro for cc_string_f release() */
+#define         cc_string_release(string)       \
+    ((string) -> functions -> release (string))
+
+/*! Helper macro for cc_credentials_f release() */
+#define         cc_credentials_release(credentials)             \
+    ((credentials) -> functions -> release (credentials))
+/*! Helper macro for cc_credentials_f compare() */
+#define         cc_credentials_compare(credentials, compare_to, equal)  \
+    ((credentials) -> functions -> compare (credentials, compare_to, equal))
+
+/*! Helper macro for cc_ccache_iterator_f release() */
+#define         cc_ccache_iterator_release(iterator)    \
+    ((iterator) -> functions -> release (iterator))
+/*! Helper macro for cc_ccache_iterator_f next() */
+#define         cc_ccache_iterator_next(iterator, ccache)       \
+    ((iterator) -> functions -> next (iterator, ccache))
+/*! Helper macro for cc_ccache_iterator_f clone() */
+#define         cc_ccache_iterator_clone(iterator, new_iterator)        \
+    ((iterator) -> functions -> clone (iterator, new_iterator))
+
+/*! Helper macro for cc_credentials_iterator_f release() */
+#define         cc_credentials_iterator_release(iterator)       \
+    ((iterator) -> functions -> release (iterator))
+/*! Helper macro for cc_credentials_iterator_f next() */
+#define         cc_credentials_iterator_next(iterator, credentials)     \
+    ((iterator) -> functions -> next (iterator, credentials))
+/*! Helper macro for cc_credentials_iterator_f clone() */
+#define         cc_credentials_iterator_clone(iterator, new_iterator)   \
+    ((iterator) -> functions -> clone (iterator, new_iterator))
+/*!@}*/
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(pop)
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __CREDENTIALSCACHE__ */
diff --git a/krb5-1.21.3/src/include/CredentialsCache2.h b/krb5-1.21.3/src/include/CredentialsCache2.h
new file mode 100644
index 00000000..8a5871b0
--- /dev/null
+++ b/krb5-1.21.3/src/include/CredentialsCache2.h
@@ -0,0 +1,302 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/CredentialsCache2.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This is backwards compatibility for CCache API v2 clients to be able to run
+ * against the CCache API v3 library
+ */
+
+#ifndef CCAPI_V2_H
+#define CCAPI_V2_H
+
+#include <CredentialsCache.h>
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+#ifdef DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER
+#define CCAPI_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER
+#endif
+#endif
+
+#ifndef CCAPI_DEPRECATED
+#define CCAPI_DEPRECATED
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(push,2)
+#endif
+
+/* Some old types get directly mapped to new types */
+
+typedef cc_context_d apiCB;
+typedef cc_ccache_d ccache_p;
+typedef cc_credentials_iterator_d ccache_cit_creds;
+typedef cc_ccache_iterator_d ccache_cit_ccache;
+typedef cc_data cc_data_compat;
+typedef cc_int32 cc_cred_vers;
+typedef cc_int32 cc_result;
+
+/* This doesn't exist in API v3 */
+typedef cc_uint32 cc_flags;
+
+/* Credentials types are visible to the caller so we have to keep binary compatibility */
+
+typedef struct cc_credentials_v5_compat {
+    char*                       client;
+    char*                       server;
+    cc_data_compat              keyblock;
+    cc_time_t                   authtime;
+    cc_time_t                   starttime;
+    cc_time_t                   endtime;
+    cc_time_t                   renew_till;
+    cc_uint32                   is_skey;
+    cc_uint32                   ticket_flags;
+    cc_data_compat**            addresses;
+    cc_data_compat              ticket;
+    cc_data_compat              second_ticket;
+    cc_data_compat**            authdata;
+} cc_credentials_v5_compat;
+
+enum {
+    KRB_NAME_SZ = 40,
+    KRB_INSTANCE_SZ = 40,
+    KRB_REALM_SZ = 40
+};
+
+typedef union cred_ptr_union_compat {
+    cc_credentials_v5_compat* pV5Cred;
+} cred_ptr_union_compat;
+
+typedef struct cred_union {
+    cc_int32              cred_type;  /* cc_cred_vers */
+    cred_ptr_union_compat cred;
+} cred_union;
+
+/* NC info structure is gone in v3 */
+
+struct infoNC {
+    char*       name;
+    char*       principal;
+    cc_int32    vers;
+};
+
+typedef struct infoNC infoNC;
+
+/* Some old type names */
+
+typedef cc_credentials_v5_compat cc_creds;
+struct ccache_cit;
+typedef struct ccache_cit ccache_cit;
+
+enum {
+    CC_API_VER_2 = ccapi_version_2
+};
+
+enum {
+    CC_NOERROR,
+    CC_BADNAME,
+    CC_NOTFOUND,
+    CC_END,
+    CC_IO,
+    CC_WRITE,
+    CC_NOMEM,
+    CC_FORMAT,
+    CC_LOCKED,
+    CC_BAD_API_VERSION,
+    CC_NO_EXIST,
+    CC_NOT_SUPP,
+    CC_BAD_PARM,
+    CC_ERR_CACHE_ATTACH,
+    CC_ERR_CACHE_RELEASE,
+    CC_ERR_CACHE_FULL,
+    CC_ERR_CRED_VERSION
+};
+
+enum {
+    CC_CRED_UNKNOWN,
+    /* CC_CRED_V4, */
+    CC_CRED_V5,
+    CC_CRED_MAX
+};
+
+enum {
+    CC_LOCK_UNLOCK = 1,
+    CC_LOCK_READER = 2,
+    CC_LOCK_WRITER = 3,
+    CC_LOCK_NOBLOCK = 16
+};
+
+CCACHE_API cc_int32
+cc_shutdown (apiCB **io_context)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_get_NC_info (apiCB    *in_context,
+                infoNC ***out_info)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_get_change_time (apiCB     *in_context,
+                    cc_time_t *out_change_time)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_open (apiCB       *in_context,
+         const char  *in_name,
+         cc_int32     in_version,
+         cc_uint32    in_flags,
+         ccache_p   **out_ccache)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_create (apiCB       *in_context,
+           const char  *in_name,
+           const char  *in_principal,
+           cc_int32     in_version,
+           cc_uint32    in_flags,
+           ccache_p   **out_ccache)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_close (apiCB     *in_context,
+          ccache_p **ioCCache)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_destroy (apiCB     *in_context,
+            ccache_p **io_ccache)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_seq_fetch_NCs_begin (apiCB       *in_context,
+                        ccache_cit **out_nc_iterator)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_seq_fetch_NCs_next (apiCB       *in_context,
+                       ccache_p   **out_ccache,
+                       ccache_cit  *in_nc_iterator)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_seq_fetch_NCs_end (apiCB       *in_context,
+                      ccache_cit **io_nc_iterator)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_get_name (apiCB     *in_context,
+             ccache_p  *in_ccache,
+             char     **out_name)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_get_cred_version (apiCB    *in_context,
+                     ccache_p *in_ccache,
+                     cc_int32 *out_version)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_set_principal (apiCB    *in_context,
+                  ccache_p *in_ccache,
+                  cc_int32  in_version,
+                  char     *in_principal)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_get_principal (apiCB     *in_context,
+                  ccache_p  *in_ccache,
+                  char     **out_principal)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_store (apiCB      *in_context,
+          ccache_p   *in_ccache,
+          cred_union  in_credentials)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_remove_cred (apiCB      *in_context,
+                ccache_p   *in_ccache,
+                cred_union  in_credentials)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_seq_fetch_creds_begin (apiCB           *in_context,
+                          const ccache_p  *in_ccache,
+                          ccache_cit     **out_ccache_iterator)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_seq_fetch_creds_next (apiCB       *in_context,
+                         cred_union **out_cred_union,
+                         ccache_cit  *in_ccache_iterator)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_seq_fetch_creds_end (apiCB       *in_context,
+                        ccache_cit **io_ccache_iterator)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_free_principal (apiCB  *in_context,
+                   char  **io_principal)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_free_name (apiCB  *in_context,
+              char  **io_name)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_free_creds (apiCB       *in_context,
+               cred_union **io_cred_union)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_free_NC_info (apiCB    *in_context,
+                 infoNC ***io_info)
+    CCAPI_DEPRECATED;
+
+CCACHE_API cc_int32
+cc_lock_request (apiCB          *in_context,
+                 const ccache_p *in_ccache,
+                 const cc_int32  in_lock_type)
+    CCAPI_DEPRECATED;
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(pop)
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* CCAPI_V2_H */
diff --git a/krb5-1.21.3/src/include/Makefile.in b/krb5-1.21.3/src/include/Makefile.in
new file mode 100644
index 00000000..b9dd98e0
--- /dev/null
+++ b/krb5-1.21.3/src/include/Makefile.in
@@ -0,0 +1,160 @@
+mydir=include
+BUILDTOP=$(REL)..
+KRB5RCTMPDIR= @KRB5_RCTMPDIR@
+##DOSBUILDTOP = ..
+NO_OUTPRE=1
+
+all-unix: krb5/krb5.h
+
+all-unix: maybe-make-db.h-@DB_HEADER_VERSION@
+
+generate-files-mac: krb5/krb5.h
+
+maybe-make-db.h-k5:
+	: db.h will be installed by util/db2
+maybe-make-db.h-sys:
+	: fall back to system db.h 
+maybe-make-db.h-redirect:
+	test -r db.h || echo '#include <@DB_HEADER@>' > db.h
+
+ET_HEADERS = adm_err.h asn1_err.h kdb5_err.h krb5_err.h k5e1_err.h
+K5_ET_HEADERS = \
+	../lib/krb5/error_tables/krb5_err.h \
+	../lib/krb5/error_tables/k5e1_err.h \
+	../lib/krb5/error_tables/kdb5_err.h \
+	../lib/krb5/error_tables/kv5m_err.h \
+	../lib/krb5/error_tables/krb524_err.h \
+	../lib/krb5/error_tables/asn1_err.h
+BUILT_HEADERS = osconf.h
+
+all-unix: autoconf.h $(BUILT_HEADERS)
+all-windows: autoconf.h $(BUILT_HEADERS) verify-calling-conventions-krb5
+
+all-unix: @MAINT@ verify-calling-conventions-krb5
+
+$(srcdir)/autoconf.h.in: @MAINT@ $(srcdir)/autoconf.stmp
+$(srcdir)/autoconf.stmp: $(top_srcdir)/configure.ac $(top_srcdir)/aclocal.m4
+	(cd $(top_srcdir) && $(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS))
+	touch $(srcdir)/autoconf.stmp
+
+##DOS##autoconf.h: win-mac.h
+##DOS##	$(CP) win-mac.h $@
+##DOS##osconf.h: osconf.hin
+##DOS##	$(CP) osconf.hin $@
+
+###############################################################################
+##DOS##!if 0
+# config.status will now update autoconf.stamp itself.
+autoconf.h: autoconf.stamp
+autoconf.stamp: $(srcdir)/autoconf.h.in $(BUILDTOP)/config.status
+	(cd $(BUILDTOP) && $(SHELL) config.status $(mydir)/autoconf.h)
+
+SYSCONFDIR = @sysconfdir@
+LOCALSTATEDIR = @localstatedir@
+RUNSTATEDIR = @runstatedir@
+BINDIR = @bindir@
+SBINDIR = @sbindir@
+LIBDIR  = @libdir@
+SYSCONFCONF = @SYSCONFCONF@
+
+PROCESS_REPLACE = -e "s\"@KRB5RCTMPDIR\"$(KRB5RCTMPDIR)\"" \
+		  -e "s\"@PREFIX\"$(INSTALL_PREFIX)\"" \
+		  -e "s\"@EXEC_PREFIX\"$(INSTALL_EXEC_PREFIX)\"" \
+		  -e "s\"@BINDIR\"$(BINDIR)\"" \
+		  -e "s\"@LIBDIR\"$(LIBDIR)\"" \
+		  -e "s\"@SBINDIR\"$(SBINDIR)\"" \
+		  -e "s\"@MODULEDIR\"$(MODULE_DIR)\"" \
+		  -e "s\"@GSSMODULEDIR\"$(GSS_MODULE_DIR)\"" \
+		  -e "s\"@LOCALSTATEDIR\"$(LOCALSTATEDIR)\"" \
+		  -e "s\"@RUNSTATEDIR\"$(RUNSTATEDIR)\"" \
+		  -e "s\"@SYSCONFDIR\"$(SYSCONFDIR)\"" \
+		  -e "s\"@DYNOBJEXT\"$(DYNOBJEXT)\"" \
+		  -e "s\"@SYSCONFCONF\"$(SYSCONFCONF)\""
+
+OSCONFSRC = $(srcdir)/osconf.hin
+
+osconf.h: $(OSCONFSRC) Makefile
+	cat $(OSCONFSRC) | sed $(PROCESS_REPLACE) > osconf.new
+	$(MOVEIFCHANGED) osconf.new osconf.h
+##DOS##!endif
+###############################################################################
+
+krb5/krb5.h: krb5.stamp; : krb5.h
+krb5.stamp: $(srcdir)/krb5/krb5.hin $(K5_ET_HEADERS)
+	test -d krb5 || mkdir krb5
+	if test -r krb5.h; then \
+	  if cmp -s krb5.h $(srcdir)/krb5.h; then :; else rm -f krb5.h; fi; \
+	else :; fi
+	echo "/* This file is generated, please don't edit it directly.  */" > krb5/krb5.new
+	echo "#ifndef KRB5_KRB5_H_INCLUDED" >> krb5/krb5.new
+	echo "#define KRB5_KRB5_H_INCLUDED" >> krb5/krb5.new
+	cat $(srcdir)/krb5/krb5.hin $(K5_ET_HEADERS) >> krb5/krb5.new
+	echo "#endif /* KRB5_KRB5_H_INCLUDED */" >> krb5/krb5.new
+	$(MOVEIFCHANGED) krb5/krb5.new krb5/krb5.h
+	touch krb5.stamp
+
+verify-calling-conventions-krb5: private-and-public-decls
+	$(PERL) -w $(top_srcdir)/util/def-check.pl private-and-public-decls $(top_srcdir)/lib/krb5_32.def
+
+##DOS##!if 0
+HEADERS_TO_CHECK = krb5/krb5.h $(srcdir)/k5-int.h $(srcdir)/krb5/clpreauth_plugin.h
+
+private-and-public-decls: $(HEADERS_TO_CHECK)
+	cat $(HEADERS_TO_CHECK) > $@
+##DOS##!endif
+##DOS##private-and-public-decls:
+##DOS##	copy /y krb5\krb5.h+k5-int.h+krb5\clpreauth_plugin.h $@
+
+#
+# Build the error table include files:
+# asn1_err.h kdb5_err.h krb5_err.h k5e1_err.h kv5m_err.h krb524_err.h
+
+$(K5_ET_HEADERS): rebuild-error-tables
+	: $@
+rebuild-error-tables:
+	(cd ../lib/krb5/error_tables && $(MAKE) includes)
+
+.PHONY: force rebuild-error-tables
+force:
+
+clean-unix::
+	$(RM) krb5/krb5.h krb5_err.h k5e1_err.h kdb5_err.h kv5m_err.h \
+		krb524_err.h asn1_err.h private-and-public-decls krb5.stamp
+	$(RM) $(ET_HEADERS) autoconf.stamp
+
+clean-windows::
+	$(RM) com_err.h profile.h
+	$(RM) gssapi\gssapi.h gssapi\gssapi_generic.h gssapi\gssapi_krb5.h
+	$(RM) gssapi\gssapi_alloc.h gssapi\gssapi_ext.h gssapi\timestamp
+	if exist gssapi\nul rmdir /s /q gssapi
+	$(RM) osconf.h autoconf.h autoconf.stamp
+	@echo Making clean in include
+
+clean:
+	$(RM) osconf.new $(BUILT_HEADERS)
+
+distclean:
+	$(RM) autoconf.h $(srcdir)/autoconf.stmp
+
+install-headers-unix install: krb5/krb5.h profile.h
+	$(INSTALL_DATA) $(srcdir)/krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5.h
+	$(INSTALL_DATA) $(srcdir)/kdb.h $(DESTDIR)$(KRB5_INCDIR)$(S)kdb.h
+	$(INSTALL_DATA) krb5/krb5.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)krb5.h
+	$(INSTALL_DATA) $(srcdir)/krb5/certauth_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)certauth_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/ccselect_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)ccselect_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/clpreauth_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)clpreauth_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/hostrealm_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)hostrealm_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/kdcpolicy_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)kdcpolicy_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/kdcpreauth_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)kdcpreauth_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/localauth_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)localauth_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/locate_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)locate_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/preauth_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)preauth_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/pwqual_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)pwqual_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/kadm5_auth_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)kadm5_auth_plugin.h
+	$(INSTALL_DATA) $(srcdir)/krb5/kadm5_hook_plugin.h $(DESTDIR)$(KRB5_INCDIR)$(S)krb5$(S)kadm5_hook_plugin.h
+	$(INSTALL_DATA) profile.h $(DESTDIR)$(KRB5_INCDIR)$(S)profile.h
+	$(INSTALL_DATA) $(srcdir)/gssapi.h $(DESTDIR)$(KRB5_INCDIR)$(S)gssapi.h
+	$(INSTALL_DATA) $(srcdir)/krad.h $(DESTDIR)$(KRB5_INCDIR)/krad.h
+
+depend: krb5/krb5.h $(BUILT_HEADERS)
diff --git a/krb5-1.21.3/src/include/adm_proto.h b/krb5-1.21.3/src/include/adm_proto.h
new file mode 100644
index 00000000..5d876aa3
--- /dev/null
+++ b/krb5-1.21.3/src/include/adm_proto.h
@@ -0,0 +1,91 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/adm_proto.h */
+/*
+ * Copyright 1995, 2007,2008,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KRB5_ADM_PROTO_H__
+#define KRB5_ADM_PROTO_H__
+
+/*
+ * This is ugly, but avoids having to include k5-int or kdb.h for this.
+ */
+#ifndef KRB5_KDB5__
+struct _krb5_db_entry;
+typedef struct _krb5_db_entry krb5_db_entry;
+#endif  /* KRB5_KDB5__ */
+
+/* Ditto for admin.h */
+
+#ifndef KRB5_KDB5__
+struct ___krb5_key_salt_tuple;
+typedef struct ___krb5_key_salt_tuple krb5_key_salt_tuple;
+#endif  /* KRB5_KDB5__ */
+
+/*
+ * Function prototypes.
+ */
+
+/* logger.c */
+krb5_error_code krb5_klog_init(krb5_context, char *, char *, krb5_boolean);
+void krb5_klog_set_context(krb5_context);
+void krb5_klog_close(krb5_context);
+int krb5_klog_syslog(int, const char *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 3)))
+#endif
+    ;
+void krb5_klog_reopen (krb5_context);
+
+/* alt_prof.c */
+krb5_error_code krb5_aprof_getvals(krb5_pointer, const char **, char ***);
+krb5_error_code krb5_aprof_get_boolean(krb5_pointer, const char **, int,
+                                       krb5_boolean *);
+krb5_error_code krb5_aprof_get_deltat(krb5_pointer, const char **,
+                                      krb5_boolean, krb5_deltat *);
+krb5_error_code krb5_aprof_get_string(krb5_pointer, const char **,
+                                      krb5_boolean, char **);
+krb5_error_code krb5_aprof_get_string_all(krb5_pointer, const char **,
+                                          char **);
+krb5_error_code krb5_aprof_get_int32(krb5_pointer, const char **,
+                                     krb5_boolean, krb5_int32 *);
+
+/* str_conv.c */
+krb5_error_code krb5_flagspec_to_mask(const char *,
+                                      krb5_flags *, krb5_flags *);
+krb5_error_code krb5_flagnum_to_string(int, char **);
+krb5_error_code krb5_flags_to_strings(krb5_int32, char ***);
+
+/* keysalt.c */
+krb5_boolean krb5_keysalt_is_present(krb5_key_salt_tuple *, krb5_int32,
+                                     krb5_enctype, krb5_int32);
+krb5_error_code krb5_keysalt_iterate(krb5_key_salt_tuple *, krb5_int32,
+                                     krb5_boolean,
+                                     krb5_error_code (*)(krb5_key_salt_tuple *,
+                                                         krb5_pointer),
+                                     krb5_pointer);
+
+krb5_error_code krb5_string_to_keysalts(const char *, const char *,
+                                        const char *, krb5_boolean,
+                                        krb5_key_salt_tuple **, krb5_int32 *);
+#endif  /* KRB5_ADM_PROTO_H__ */
diff --git a/krb5-1.21.3/src/include/autoconf.h.in b/krb5-1.21.3/src/include/autoconf.h.in
new file mode 100644
index 00000000..8a6384c4
--- /dev/null
+++ b/krb5-1.21.3/src/include/autoconf.h.in
@@ -0,0 +1,765 @@
+/* include/autoconf.h.in.  Generated from configure.ac by autoheader.  */
+
+
+#ifndef KRB5_AUTOCONF_H
+#define KRB5_AUTOCONF_H
+
+
+/* Define if AES-NI support is enabled */
+#undef AESNI
+
+/* Define if socket can't be bound to 0.0.0.0 */
+#undef BROKEN_STREAMS_SOCKETS
+
+/* Define if va_list objects can be simply copied by assignment. */
+#undef CAN_COPY_VA_LIST
+
+/* Define to reduce code size even if it means more cpu usage */
+#undef CONFIG_SMALL
+
+/* Define if __attribute__((constructor)) works */
+#undef CONSTRUCTOR_ATTR_WORKS
+
+/* Define to use OpenSSL crypto library */
+#undef CRYPTO_OPENSSL
+
+/* Define to default ccache name */
+#undef DEFCCNAME
+
+/* Define to default client keytab name */
+#undef DEFCKTNAME
+
+/* Define to default keytab name */
+#undef DEFKTNAME
+
+/* Define if library initialization should be delayed until first use */
+#undef DELAY_INITIALIZER
+
+/* Define if __attribute__((destructor)) works */
+#undef DESTRUCTOR_ATTR_WORKS
+
+/* Define to disable PKINIT plugin support */
+#undef DISABLE_PKINIT
+
+/* Define if LDAP KDB support within the Kerberos library (mainly ASN.1 code)
+   should be enabled. */
+#undef ENABLE_LDAP
+
+/* Define if translation functions should be used. */
+#undef ENABLE_NLS
+
+/* Define if thread support enabled */
+#undef ENABLE_THREADS
+
+/* Define as return type of endrpcent */
+#undef ENDRPCENT_TYPE
+
+/* Define to the type of elements in the array set by `getgroups'. Usually
+   this is either `int' or `gid_t'. */
+#undef GETGROUPS_T
+
+/* Define if gethostbyname_r returns int rather than struct hostent * */
+#undef GETHOSTBYNAME_R_RETURNS_INT
+
+/* Type of getpeername second argument. */
+#undef GETPEERNAME_ARG3_TYPE
+
+/* Define if getpwnam_r exists but takes only 4 arguments (e.g., POSIX draft 6
+   implementations like some Solaris releases). */
+#undef GETPWNAM_R_4_ARGS
+
+/* Define if getpwnam_r returns an int */
+#undef GETPWNAM_R_RETURNS_INT
+
+/* Define if getpwuid_r exists but takes only 4 arguments (e.g., POSIX draft 6
+   implementations like some Solaris releases). */
+#undef GETPWUID_R_4_ARGS
+
+/* Define if getservbyname_r returns int rather than struct servent * */
+#undef GETSERVBYNAME_R_RETURNS_INT
+
+/* Type of pointer target for argument 3 to getsockname */
+#undef GETSOCKNAME_ARG3_TYPE
+
+/* Define if gmtime_r returns int instead of struct tm pointer, as on old
+   HP-UX systems. */
+#undef GMTIME_R_RETURNS_INT
+
+/* Define if va_copy macro or function is available. */
+#undef HAS_VA_COPY
+
+/* Define to 1 if you have the `access' function. */
+#undef HAVE_ACCESS
+
+/* Define to 1 if you have the <alloca.h> header file. */
+#undef HAVE_ALLOCA_H
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the `bswap16' function. */
+#undef HAVE_BSWAP16
+
+/* Define to 1 if you have the `bswap64' function. */
+#undef HAVE_BSWAP64
+
+/* Define to 1 if bswap_16 is available via byteswap.h */
+#undef HAVE_BSWAP_16
+
+/* Define to 1 if bswap_64 is available via byteswap.h */
+#undef HAVE_BSWAP_64
+
+/* Define if bt_rseq is available, for recursive btree traversal. */
+#undef HAVE_BT_RSEQ
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#undef HAVE_BYTESWAP_H
+
+/* Define to 1 if you have the `chmod' function. */
+#undef HAVE_CHMOD
+
+/* Define if cmocka library is available. */
+#undef HAVE_CMOCKA
+
+/* Define to 1 if you have the `compile' function. */
+#undef HAVE_COMPILE
+
+/* Define if com_err has compatible gettext support */
+#undef HAVE_COM_ERR_INTL
+
+/* Define to 1 if you have the <cpuid.h> header file. */
+#undef HAVE_CPUID_H
+
+/* Define to 1 if you have the `daemon' function. */
+#undef HAVE_DAEMON
+
+/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
+   don't. */
+#undef HAVE_DECL_STRERROR_R
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the `dn_skipname' function. */
+#undef HAVE_DN_SKIPNAME
+
+/* Define to 1 if you have the <endian.h> header file. */
+#undef HAVE_ENDIAN_H
+
+/* Define to 1 if you have the <errno.h> header file. */
+#undef HAVE_ERRNO_H
+
+/* Define to 1 if you have the `EVP_PKEY_get_bn_param' function. */
+#undef HAVE_EVP_PKEY_GET_BN_PARAM
+
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
+/* Define to 1 if you have the `explicit_memset' function. */
+#undef HAVE_EXPLICIT_MEMSET
+
+/* Define to 1 if you have the `fchmod' function. */
+#undef HAVE_FCHMOD
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have the `flock' function. */
+#undef HAVE_FLOCK
+
+/* Define to 1 if you have the `fnmatch' function. */
+#undef HAVE_FNMATCH
+
+/* Define to 1 if you have the <fnmatch.h> header file. */
+#undef HAVE_FNMATCH_H
+
+/* Define if you have the getaddrinfo function */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getcwd' function. */
+#undef HAVE_GETCWD
+
+/* Define to 1 if you have the `getenv' function. */
+#undef HAVE_GETENV
+
+/* Define to 1 if you have the `geteuid' function. */
+#undef HAVE_GETEUID
+
+/* Define if gethostbyname_r exists and its return type is known */
+#undef HAVE_GETHOSTBYNAME_R
+
+/* Define to 1 if you have the `getnameinfo' function. */
+#undef HAVE_GETNAMEINFO
+
+/* Define if system getopt should be used. */
+#undef HAVE_GETOPT
+
+/* Define if system getopt_long should be used. */
+#undef HAVE_GETOPT_LONG
+
+/* Define if getpwnam_r is available and useful. */
+#undef HAVE_GETPWNAM_R
+
+/* Define if getpwuid_r is available and useful. */
+#undef HAVE_GETPWUID_R
+
+/* Define to 1 if you have the `getresgid' function. */
+#undef HAVE_GETRESGID
+
+/* Define to 1 if you have the `getresuid' function. */
+#undef HAVE_GETRESUID
+
+/* Define if getservbyname_r exists and its return type is known */
+#undef HAVE_GETSERVBYNAME_R
+
+/* Have the gettimeofday function */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `getusershell' function. */
+#undef HAVE_GETUSERSHELL
+
+/* Define to 1 if you have the `gmtime_r' function. */
+#undef HAVE_GMTIME_R
+
+/* Define to 1 if you have the <ifaddrs.h> header file. */
+#undef HAVE_IFADDRS_H
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#undef HAVE_INET_NTOP
+
+/* Define to 1 if you have the `inet_pton' function. */
+#undef HAVE_INET_PTON
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <keyutils.h> header file. */
+#undef HAVE_KEYUTILS_H
+
+/* Define to 1 if you have the <lber.h> header file. */
+#undef HAVE_LBER_H
+
+/* Define to 1 if you have the <ldap.h> header file. */
+#undef HAVE_LDAP_H
+
+/* Define to 1 if you have the `crypto' library (-lcrypto). */
+#undef HAVE_LIBCRYPTO
+
+/* Define if building with libedit. */
+#undef HAVE_LIBEDIT
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#undef HAVE_LIBNSL
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#undef HAVE_LIBRESOLV
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define if the util library is available */
+#undef HAVE_LIBUTIL
+
+/* Define to 1 if you have the <limits.h> header file. */
+#undef HAVE_LIMITS_H
+
+/* Define to 1 if you have the `localtime_r' function. */
+#undef HAVE_LOCALTIME_R
+
+/* Define to 1 if you have the <machine/byte_order.h> header file. */
+#undef HAVE_MACHINE_BYTE_ORDER_H
+
+/* Define to 1 if you have the <machine/endian.h> header file. */
+#undef HAVE_MACHINE_ENDIAN_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `mkstemp' function. */
+#undef HAVE_MKSTEMP
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define if netdb.h declares h_errno */
+#undef HAVE_NETDB_H_H_ERRNO
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `ns_initparse' function. */
+#undef HAVE_NS_INITPARSE
+
+/* Define to 1 if you have the `ns_name_uncompress' function. */
+#undef HAVE_NS_NAME_UNCOMPRESS
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define if persistent keyrings are supported */
+#undef HAVE_PERSISTENT_KEYRING
+
+/* Define to 1 if you have the <poll.h> header file. */
+#undef HAVE_POLL_H
+
+/* Define if #pragma weak references work */
+#undef HAVE_PRAGMA_WEAK_REF
+
+/* Define if you have POSIX threads libraries and header files. */
+#undef HAVE_PTHREAD
+
+/* Define to 1 if you have the `pthread_once' function. */
+#undef HAVE_PTHREAD_ONCE
+
+/* Have PTHREAD_PRIO_INHERIT. */
+#undef HAVE_PTHREAD_PRIO_INHERIT
+
+/* Define to 1 if you have the `pthread_rwlock_init' function. */
+#undef HAVE_PTHREAD_RWLOCK_INIT
+
+/* Define if pthread_rwlock_init is provided in the thread library. */
+#undef HAVE_PTHREAD_RWLOCK_INIT_IN_THREAD_LIB
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
+/* Define if building with GNU Readline. */
+#undef HAVE_READLINE
+
+/* Define if regcomp exists and functions */
+#undef HAVE_REGCOMP
+
+/* Define to 1 if you have the `regexec' function. */
+#undef HAVE_REGEXEC
+
+/* Define to 1 if you have the <regexpr.h> header file. */
+#undef HAVE_REGEXPR_H
+
+/* Define to 1 if you have the <regex.h> header file. */
+#undef HAVE_REGEX_H
+
+/* Define to 1 if you have the `res_nclose' function. */
+#undef HAVE_RES_NCLOSE
+
+/* Define to 1 if you have the `res_ndestroy' function. */
+#undef HAVE_RES_NDESTROY
+
+/* Define to 1 if you have the `res_ninit' function. */
+#undef HAVE_RES_NINIT
+
+/* Define to 1 if you have the `res_nsearch' function. */
+#undef HAVE_RES_NSEARCH
+
+/* Define to 1 if you have the `res_search' function */
+#undef HAVE_RES_SEARCH
+
+/* Define to 1 if you have the `re_comp' function. */
+#undef HAVE_RE_COMP
+
+/* Define to 1 if you have the `re_exec' function. */
+#undef HAVE_RE_EXEC
+
+/* Define to 1 if you have the <sasl/sasl.h> header file. */
+#undef HAVE_SASL_SASL_H
+
+/* Define if struct sockaddr contains sa_len */
+#undef HAVE_SA_LEN
+
+/* Define to 1 if you have the `secure_getenv' function. */
+#undef HAVE_SECURE_GETENV
+
+/* Define to 1 if you have the `setegid' function. */
+#undef HAVE_SETEGID
+
+/* Define to 1 if you have the `setenv' function. */
+#undef HAVE_SETENV
+
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
+/* Define if setluid provided in OSF/1 security library */
+#undef HAVE_SETLUID
+
+/* Define to 1 if you have the `setregid' function. */
+#undef HAVE_SETREGID
+
+/* Define to 1 if you have the `setresgid' function. */
+#undef HAVE_SETRESGID
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
+/* Define to 1 if you have the `setreuid' function. */
+#undef HAVE_SETREUID
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the `setvbuf' function. */
+#undef HAVE_SETVBUF
+
+/* Define if there is a socklen_t type. If not, probably use size_t */
+#undef HAVE_SOCKLEN_T
+
+/* Define to 1 if you have the `srand' function. */
+#undef HAVE_SRAND
+
+/* Define to 1 if you have the `srand48' function. */
+#undef HAVE_SRAND48
+
+/* Define to 1 if you have the `srandom' function. */
+#undef HAVE_SRANDOM
+
+/* Define to 1 if the system has the type `ssize_t'. */
+#undef HAVE_SSIZE_T
+
+/* Define to 1 if you have the `stat' function. */
+#undef HAVE_STAT
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `step' function. */
+#undef HAVE_STEP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define if you have `strerror_r'. */
+#undef HAVE_STRERROR_R
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the `strptime' function. */
+#undef HAVE_STRPTIME
+
+/* Define to 1 if the system has the type `struct cmsghdr'. */
+#undef HAVE_STRUCT_CMSGHDR
+
+/* Define if there is a struct if_laddrconf. */
+#undef HAVE_STRUCT_IF_LADDRCONF
+
+/* Define to 1 if the system has the type `struct in6_pktinfo'. */
+#undef HAVE_STRUCT_IN6_PKTINFO
+
+/* Define to 1 if the system has the type `struct in_pktinfo'. */
+#undef HAVE_STRUCT_IN_PKTINFO
+
+/* Define if there is a struct lifconf. */
+#undef HAVE_STRUCT_LIFCONF
+
+/* Define to 1 if the system has the type `struct rt_msghdr'. */
+#undef HAVE_STRUCT_RT_MSGHDR
+
+/* Define to 1 if the system has the type `struct sockaddr_storage'. */
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Define to 1 if `st_mtimensec' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_MTIMENSEC
+
+/* Define to 1 if `st_mtimespec.tv_nsec' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
+
+/* Define to 1 if `st_mtim.tv_nsec' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
+
+/* Define to 1 if you have the <sys/bswap.h> header file. */
+#undef HAVE_SYS_BSWAP_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_DIR_H
+
+/* Define if sys_errlist in libc */
+#undef HAVE_SYS_ERRLIST
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#undef HAVE_SYS_FILE_H
+
+/* Define to 1 if you have the <sys/filio.h> header file. */
+#undef HAVE_SYS_FILIO_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the `timegm' function. */
+#undef HAVE_TIMEGM
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `unsetenv' function. */
+#undef HAVE_UNSETENV
+
+/* Define to 1 if the system has the type `u_char'. */
+#undef HAVE_U_CHAR
+
+/* Define to 1 if the system has the type `u_int'. */
+#undef HAVE_U_INT
+
+/* Define to 1 if the system has the type `u_int16_t'. */
+#undef HAVE_U_INT16_T
+
+/* Define to 1 if the system has the type `u_int32_t'. */
+#undef HAVE_U_INT32_T
+
+/* Define to 1 if the system has the type `u_int8_t'. */
+#undef HAVE_U_INT8_T
+
+/* Define to 1 if the system has the type `u_long'. */
+#undef HAVE_U_LONG
+
+/* Define to 1 if you have the `vasprintf' function. */
+#undef HAVE_VASPRINTF
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#undef HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `vsprintf' function. */
+#undef HAVE_VSPRINTF
+
+/* Define to 1 if the system has the type `__int128_t'. */
+#undef HAVE___INT128_T
+
+/* Define to 1 if the system has the type `__uint128_t'. */
+#undef HAVE___UINT128_T
+
+/* Define if errno.h declares perror */
+#undef HDR_HAS_PERROR
+
+/* May need to be defined to enable IPv6 support, for example on IRIX */
+#undef INET6
+
+/* Define if MIT Project Athena default configuration should be used */
+#undef KRB5_ATHENA_COMPAT
+
+/* Define for DNS support of locating realms and KDCs */
+#undef KRB5_DNS_LOOKUP
+
+/* Define to enable DNS lookups of Kerberos realm names */
+#undef KRB5_DNS_LOOKUP_REALM
+
+/* Define if the KDC should return only vague error codes to clients */
+#undef KRBCONF_VAGUE_ERRORS
+
+/* define if the system header files are missing prototype for daemon() */
+#undef NEED_DAEMON_PROTO
+
+/* Define if in6addr_any is not defined in libc */
+#undef NEED_INSIXADDR_ANY
+
+/* define if the system header files are missing prototype for
+   ss_execute_command() */
+#undef NEED_SS_EXECUTE_COMMAND_PROTO
+
+/* define if the system header files are missing prototype for strptime() */
+#undef NEED_STRPTIME_PROTO
+
+/* define if the system header files are missing prototype for swab() */
+#undef NEED_SWAB_PROTO
+
+/* Define if need to declare sys_errlist */
+#undef NEED_SYS_ERRLIST
+
+/* define if the system header files are missing prototype for vasprintf() */
+#undef NEED_VASPRINTF_PROTO
+
+/* Define if the KDC should use no lookaside cache */
+#undef NOCACHE
+
+/* Define if references to pthread routines should be non-weak. */
+#undef NO_WEAK_PTHREADS
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Default PKCS11 module name */
+#undef PKCS11_MODNAME
+
+/* Define if setjmp indicates POSIX interface */
+#undef POSIX_SETJMP
+
+/* Define if POSIX signal handling is used */
+#undef POSIX_SIGNALS
+
+/* Define if termios.h exists and tcsetattr exists */
+#undef POSIX_TERMIOS
+
+/* Define to necessary symbol if this constant uses a non-standard name on
+   your system. */
+#undef PTHREAD_CREATE_JOINABLE
+
+/* Define as return type of setrpcent */
+#undef SETRPCENT_TYPE
+
+/* The size of `size_t', as computed by sizeof. */
+#undef SIZEOF_SIZE_T
+
+/* The size of `time_t', as computed by sizeof. */
+#undef SIZEOF_TIME_T
+
+/* Define to use OpenSSL for SPAKE preauth */
+#undef SPAKE_OPENSSL
+
+/* Define for static plugin linkage */
+#undef STATIC_PLUGINS
+
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
+#undef STDC_HEADERS
+
+/* Define to 1 if strerror_r returns char *. */
+#undef STRERROR_R_CHAR_P
+
+/* Define if sys_errlist is defined in errno.h */
+#undef SYS_ERRLIST_DECLARED
+
+/* Define if no TLS implementation is selected */
+#undef TLS_IMPL_NONE
+
+/* Define if TLS implementation is OpenSSL */
+#undef TLS_IMPL_OPENSSL
+
+/* Define to build macOS CCAPI client */
+#undef USE_CCAPI_MACOS
+
+/* Define if you have dirent.h functionality */
+#undef USE_DIRENT_H
+
+/* Define if dlopen should be used */
+#undef USE_DLOPEN
+
+/* Define if the keyring ccache should be enabled */
+#undef USE_KEYRING_CCACHE
+
+/* Define if link-time options for library finalization will be used */
+#undef USE_LINKER_FINI_OPTION
+
+/* Define if link-time options for library initialization will be used */
+#undef USE_LINKER_INIT_OPTION
+
+/* Define if sigprocmask should be used */
+#undef USE_SIGPROCMASK
+
+/* Define if wait takes int as a argument */
+#undef WAIT_USES_INT
+
+/* Define to enable extensions in glibc */
+#undef _GNU_SOURCE
+
+/* Define to enable C11 extensions */
+#undef __STDC_WANT_LIB_EXT1__
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef mode_t
+
+/* Define to `long int' if <sys/types.h> does not define. */
+#undef off_t
+
+/* Define to `long' if <sys/types.h> does not define. */
+#undef time_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+
+#if defined(__GNUC__) && !defined(inline)
+/* Silence gcc pedantic warnings about ANSI C.  */
+# define inline __inline__
+#endif
+#endif /* KRB5_AUTOCONF_H */
+
diff --git a/krb5-1.21.3/src/include/copyright.h b/krb5-1.21.3/src/include/copyright.h
new file mode 100644
index 00000000..705e0a75
--- /dev/null
+++ b/krb5-1.21.3/src/include/copyright.h
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1989-1994 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
diff --git a/krb5-1.21.3/src/include/deps b/krb5-1.21.3/src/include/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/include/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/include/fake-addrinfo.h b/krb5-1.21.3/src/include/fake-addrinfo.h
new file mode 100644
index 00000000..6d18d4f4
--- /dev/null
+++ b/krb5-1.21.3/src/include/fake-addrinfo.h
@@ -0,0 +1,234 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2001,2002,2003,2004 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+/* Approach overview:
+
+   If a system version is available but buggy, save handles to it (via
+   inline functions in a support library), redefine the names to refer
+   to library functions, and in those functions, call the system
+   versions and fix up the returned data.  Use the native data
+   structures and flag values.
+
+   If no system version exists, use gethostby* and fake it.  Define
+   the data structures and flag values locally.
+
+
+   On macOS, getaddrinfo results aren't cached (though
+   gethostbyname results are), so we need to build a cache here.  Now
+   things are getting really messy.  Because the cache is in use, we
+   use getservbyname, and throw away thread safety.  (Not that the
+   cache is thread safe, but when we get locking support, that'll be
+   dealt with.)  This code needs tearing down and rebuilding, soon.
+
+
+   Note that recent Windows developers' code has an interesting hack:
+   When you include the right header files, with the right set of
+   macros indicating system versions, you'll get an inline function
+   that looks for getaddrinfo (or whatever) in the system library, and
+   calls it if it's there.  If it's not there, it fakes it with
+   gethostby* calls.
+
+   We're taking a simpler approach: A system provides these routines or
+   it does not.
+
+   Someday, we may want to take into account different versions (say,
+   different revs of GNU libc) where some are broken in one way, and
+   some work or are broken in another way.  Cross that bridge when we
+   come to it.  */
+
+/* To do, maybe:
+
+   + For AIX 4.3.3, using the RFC 2133 definition: Implement
+   AI_NUMERICHOST.  It's not defined in the header file.
+
+   For certain (old?) versions of GNU libc, AI_NUMERICHOST is
+   defined but not implemented.
+
+   + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
+   functions if available.  But, see
+   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
+   gethostbyname2 problem on Linux.  And besides, if a platform is
+   supporting IPv6 at all, they really should be doing getaddrinfo
+   by now.
+
+   + inet_ntop, inet_pton
+
+   + Conditionally export/import the function definitions, so a
+   library can have a single copy instead of multiple.
+
+   + Upgrade host requirements to include working implementations of
+   these functions, and throw all this away.  Pleeease?  :-)  */
+
+#ifndef FAI_DEFINED
+#define FAI_DEFINED
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+#if !defined (HAVE_GETADDRINFO)
+
+#undef  addrinfo
+#define addrinfo        my_fake_addrinfo
+
+struct addrinfo {
+    int ai_family;              /* PF_foo */
+    int ai_socktype;            /* SOCK_foo */
+    int ai_protocol;            /* 0, IPPROTO_foo */
+    int ai_flags;               /* AI_PASSIVE etc */
+    size_t ai_addrlen;          /* real length of socket address */
+    char *ai_canonname;         /* canonical name of host */
+    struct sockaddr *ai_addr;   /* pointer to variable-size address */
+    struct addrinfo *ai_next;   /* next in linked list */
+};
+
+#undef  AI_PASSIVE
+#define AI_PASSIVE      0x01
+#undef  AI_CANONNAME
+#define AI_CANONNAME    0x02
+#undef  AI_NUMERICHOST
+#define AI_NUMERICHOST  0x04
+/* RFC 2553 says these are part of the interface for getipnodebyname,
+   not for getaddrinfo.  RFC 3493 says they're part of the interface
+   for getaddrinfo, and getipnodeby* are deprecated.  Our fake
+   getaddrinfo implementation here does IPv4 only anyways.  */
+#undef  AI_V4MAPPED
+#define AI_V4MAPPED     0
+#undef  AI_ADDRCONFIG
+#define AI_ADDRCONFIG   0
+#undef  AI_ALL
+#define AI_ALL          0
+#undef  AI_DEFAULT
+#define AI_DEFAULT      (AI_V4MAPPED|AI_ADDRCONFIG)
+
+#ifndef NI_MAXHOST
+#define NI_MAXHOST 1025
+#endif
+#ifndef NI_MAXSERV
+#define NI_MAXSERV 32
+#endif
+
+#undef  NI_NUMERICHOST
+#define NI_NUMERICHOST  0x01
+#undef  NI_NUMERICSERV
+#define NI_NUMERICSERV  0x02
+#undef  NI_NAMEREQD
+#define NI_NAMEREQD     0x04
+#undef  NI_DGRAM
+#define NI_DGRAM        0x08
+#undef  NI_NOFQDN
+#define NI_NOFQDN       0x10
+
+
+#undef  EAI_ADDRFAMILY
+#define EAI_ADDRFAMILY  1
+#undef  EAI_AGAIN
+#define EAI_AGAIN       2
+#undef  EAI_BADFLAGS
+#define EAI_BADFLAGS    3
+#undef  EAI_FAIL
+#define EAI_FAIL        4
+#undef  EAI_FAMILY
+#define EAI_FAMILY      5
+#undef  EAI_MEMORY
+#define EAI_MEMORY      6
+#undef  EAI_NODATA
+#define EAI_NODATA      7
+#undef  EAI_NONAME
+#define EAI_NONAME      8
+#undef  EAI_SERVICE
+#define EAI_SERVICE     9
+#undef  EAI_SOCKTYPE
+#define EAI_SOCKTYPE    10
+#undef  EAI_SYSTEM
+#define EAI_SYSTEM      11
+
+#endif /* ! HAVE_GETADDRINFO */
+
+/* Fudge things on older gai implementations.  */
+/* AIX 4.3.3 is based on RFC 2133; no AI_NUMERICHOST.  */
+#ifndef AI_NUMERICHOST
+# define AI_NUMERICHOST 0
+#endif
+/* Partial RFC 2553 implementations may not have AI_ADDRCONFIG and
+   friends, which RFC 3493 says are now part of the getaddrinfo
+   interface, and we'll want to use.  */
+#ifndef AI_ADDRCONFIG
+# define AI_ADDRCONFIG 0
+#endif
+#ifndef AI_V4MAPPED
+# define AI_V4MAPPED 0
+#endif
+#ifndef AI_ALL
+# define AI_ALL 0
+#endif
+#ifndef AI_DEFAULT
+# define AI_DEFAULT (AI_ADDRCONFIG|AI_V4MAPPED)
+#endif
+
+#if defined(NEED_INSIXADDR_ANY)
+/* If compiling with IPv6 support and C library does not define in6addr_any */
+extern const struct in6_addr krb5int_in6addr_any;
+#undef in6addr_any
+#define in6addr_any krb5int_in6addr_any
+#endif
+
+/* Call out to stuff defined in libkrb5support.  */
+extern int krb5int_getaddrinfo (const char *node, const char *service,
+                                const struct addrinfo *hints,
+                                struct addrinfo **aip);
+extern void krb5int_freeaddrinfo (struct addrinfo *ai);
+extern const char *krb5int_gai_strerror(int err);
+extern int krb5int_getnameinfo (const struct sockaddr *sa, socklen_t salen,
+                                char *hbuf, size_t hbuflen,
+                                char *sbuf, size_t sbuflen,
+                                int flags);
+#ifndef IMPLEMENT_FAKE_GETADDRINFO
+#undef  getaddrinfo
+#define getaddrinfo krb5int_getaddrinfo
+#undef  freeaddrinfo
+#define freeaddrinfo krb5int_freeaddrinfo
+#undef  gai_strerror
+#define gai_strerror krb5int_gai_strerror
+#undef  getnameinfo
+#define getnameinfo krb5int_getnameinfo
+#endif
+
+#endif /* FAI_DEFINED */
diff --git a/krb5-1.21.3/src/include/foreachaddr.h b/krb5-1.21.3/src/include/foreachaddr.h
new file mode 100644
index 00000000..9ed35eab
--- /dev/null
+++ b/krb5-1.21.3/src/include/foreachaddr.h
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/foreachaddr.h */
+/*
+ * Copyright 1990,1991,2000,2001,2002,2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Iterate over the protocol addresses supported by this host, invoking
+ * a callback function or three supplied by the caller.
+ *
+ * XNS support is untested, but "should just work".  (Hah!)
+ */
+
+/* This function iterates over all the addresses it can find for the
+   local system, in one or two passes.  In each pass, and between the
+   two, it can invoke callback functions supplied by the caller.  The
+   two passes should operate on the same information, though not
+   necessarily in the same order each time.  Duplicate and local
+   addresses should be eliminated.  Storage passed to callback
+   functions should not be assumed to be valid after foreach_localaddr
+   returns.
+
+   The int return value is an errno value (XXX or krb5_error_code
+   returned for a socket error) if something internal to
+   foreach_localaddr fails.  If one of the callback functions wants to
+   indicate an error, it should store something via the 'data' handle.
+   If any callback function returns a non-zero value,
+   foreach_localaddr will clean up and return immediately.
+
+   Multiple definitions are provided below, dependent on various
+   system facilities for extracting the necessary information.  */
+
+extern int
+krb5int_foreach_localaddr (/*@null@*/ void *data,
+                           int (*pass1fn) (/*@null@*/ void *,
+                                           struct sockaddr *) /*@*/,
+                           /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                           /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                                      struct sockaddr *) /*@*/)
+#if defined(DEBUG) || defined(TEST)
+/*@modifies fileSystem@*/
+#endif
+    ;
+
+#define foreach_localaddr krb5int_foreach_localaddr
diff --git a/krb5-1.21.3/src/include/gssapi.h b/krb5-1.21.3/src/include/gssapi.h
new file mode 100644
index 00000000..9383dabd
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssapi.h
@@ -0,0 +1,6 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Wrapper so that #include <gssapi.h> will work without special include
+ * paths.
+ */
+#include <gssapi/gssapi.h>
diff --git a/krb5-1.21.3/src/include/gssrpc/auth.h b/krb5-1.21.3/src/include/gssrpc/auth.h
new file mode 100644
index 00000000..0bfa3ec8
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/auth.h
@@ -0,0 +1,205 @@
+/* @(#)auth.h	2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * auth.h, Authentication interface.
+ *
+ * The data structures are completely opaque to the client.  The client
+ * is required to pass a AUTH * to routines that create rpc
+ * "sessions".
+ */
+#ifndef GSSRPC_AUTH_H
+#define GSSRPC_AUTH_H
+
+#include <gssrpc/xdr.h>
+
+GSSRPC__BEGIN_DECLS
+
+#define MAX_AUTH_BYTES	400
+#define MAXNETNAMELEN	255	/* maximum length of network user's name */
+
+/*
+ * Status returned from authentication check
+ */
+enum auth_stat {
+	AUTH_OK=0,
+	/*
+	 * failed at remote end
+	 */
+	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */
+	AUTH_REJECTEDCRED=2,		/* client should begin new session */
+	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */
+	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */
+	AUTH_TOOWEAK=5,			/* rejected due to security reasons */
+	/*
+	 * failed locally
+	*/
+	AUTH_INVALIDRESP=6,		/* bogus response verifier */
+	AUTH_FAILED=7,			/* some unknown reason */
+	/*
+	 * RPCSEC_GSS errors
+	 */
+	RPCSEC_GSS_CREDPROBLEM = 13,
+	RPCSEC_GSS_CTXPROBLEM = 14
+};
+
+union des_block {
+	char c[8];
+};
+typedef union des_block des_block;
+extern bool_t	xdr_des_block(XDR *, des_block *);
+
+/*
+ * Authentication info.  Opaque to client.
+ */
+struct opaque_auth {
+	enum_t	oa_flavor;		/* flavor of auth */
+	caddr_t	oa_base;		/* address of more auth stuff */
+	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */
+};
+
+
+/*
+ * Auth handle, interface to client side authenticators.
+ */
+struct rpc_msg;
+
+typedef struct AUTH {
+	struct	opaque_auth	ah_cred;
+	struct	opaque_auth	ah_verf;
+	union	des_block	ah_key;
+	struct auth_ops {
+		void	(*ah_nextverf)(struct AUTH *);
+	        /* nextverf & serialize */
+		int	(*ah_marshal)(struct AUTH *, XDR *);
+	        /* validate varifier */
+		int	(*ah_validate)(struct AUTH *,
+				       struct opaque_auth *);
+	        /* refresh credentials */
+		int	(*ah_refresh)(struct AUTH *, struct rpc_msg *);
+	        /* destroy this structure */
+		void	(*ah_destroy)(struct AUTH *);
+		/* encode data for wire */
+		int     (*ah_wrap)(struct AUTH *, XDR *,
+				   xdrproc_t, caddr_t);
+	        /* decode data from wire */
+  	        int	(*ah_unwrap)(struct AUTH *, XDR *,
+				     xdrproc_t, caddr_t);
+	} *ah_ops;
+	void *ah_private;
+} AUTH;
+
+
+/*
+ * Authentication ops.
+ * The ops and the auth handle provide the interface to the authenticators.
+ *
+ * AUTH	*auth;
+ * XDR	*xdrs;
+ * struct opaque_auth verf;
+ */
+#define AUTH_NEXTVERF(auth)		\
+		((*((auth)->ah_ops->ah_nextverf))(auth))
+#define auth_nextverf(auth)		\
+		((*((auth)->ah_ops->ah_nextverf))(auth))
+
+#define AUTH_MARSHALL(auth, xdrs)	\
+		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
+#define auth_marshall(auth, xdrs)	\
+		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
+
+#define AUTH_VALIDATE(auth, verfp)	\
+		((*((auth)->ah_ops->ah_validate))((auth), verfp))
+#define auth_validate(auth, verfp)	\
+		((*((auth)->ah_ops->ah_validate))((auth), verfp))
+
+#define AUTH_REFRESH(auth, msg)		\
+		((*((auth)->ah_ops->ah_refresh))(auth, msg))
+#define auth_refresh(auth, msg)		\
+		((*((auth)->ah_ops->ah_refresh))(auth, msg))
+
+#define AUTH_WRAP(auth, xdrs, xfunc, xwhere)		\
+		((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
+					      xfunc, xwhere))
+#define auth_wrap(auth, xdrs, xfunc, xwhere)		\
+		((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
+					      xfunc, xwhere))
+#define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere)		\
+		((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
+					      xfunc, xwhere))
+#define auth_unwrap(auth, xdrs, xfunc, xwhere)		\
+		((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
+					      xfunc, xwhere))
+
+#define AUTH_DESTROY(auth)		\
+		((*((auth)->ah_ops->ah_destroy))(auth))
+#define auth_destroy(auth)		\
+		((*((auth)->ah_ops->ah_destroy))(auth))
+
+
+#ifdef GSSRPC__IMPL
+/* RENAMED: should be _null_auth if we can use reserved namespace. */
+extern struct opaque_auth gssrpc__null_auth;
+#endif
+
+/*
+ * These are the various implementations of client side authenticators.
+ */
+
+/*
+ * Unix style authentication
+ * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
+ *	char *machname;
+ *	int uid;
+ *	int gid;
+ *	int len;
+ *	int *aup_gids;
+ */
+extern AUTH *authunix_create(char *machname, int uid, int gid, int len,
+			     int *aup_gids);
+extern AUTH *authunix_create_default(void);	/* takes no parameters */
+extern AUTH *authnone_create(void);		/* takes no parameters */
+extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
+
+#define AUTH_NONE	0		/* no authentication */
+#define	AUTH_NULL	0		/* backward compatibility */
+#define	AUTH_UNIX	1		/* unix style (uid, gids) */
+#define	AUTH_SHORT	2		/* short hand unix style */
+#define AUTH_DES	3		/* des style (encrypted timestamps) */
+#define AUTH_GSSAPI	300001		/* GSS-API style */
+#define RPCSEC_GSS	6		/* RPCSEC_GSS */
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_AUTH_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/auth_gss.h b/krb5-1.21.3/src/include/gssrpc/auth_gss.h
new file mode 100644
index 00000000..9fa87742
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/auth_gss.h
@@ -0,0 +1,148 @@
+/* include/gssrpc/auth_gss.h */
+/*
+  Copyright (c) 2000 The Regents of the University of Michigan.
+  All rights reserved.
+
+  Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+  All rights reserved, all wrongs reversed.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+  3. Neither the name of the University nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+  Id: auth_gss.h,v 1.13 2002/05/08 16:54:33 andros Exp
+*/
+
+#ifndef GSSRPC_AUTH_GSS_H
+#define GSSRPC_AUTH_GSS_H
+
+#include <gssrpc/rpc.h>
+#include <gssrpc/clnt.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+
+GSSRPC__BEGIN_DECLS
+
+/* RPCSEC_GSS control procedures. */
+typedef enum {
+	RPCSEC_GSS_DATA = 0,
+	RPCSEC_GSS_INIT = 1,
+	RPCSEC_GSS_CONTINUE_INIT = 2,
+	RPCSEC_GSS_DESTROY = 3
+} rpc_gss_proc_t;
+
+/* RPCSEC_GSS services. */
+typedef enum {
+	RPCSEC_GSS_SVC_NONE = 1,
+	RPCSEC_GSS_SVC_INTEGRITY = 2,
+	RPCSEC_GSS_SVC_PRIVACY = 3
+} rpc_gss_svc_t;
+
+#define RPCSEC_GSS_VERSION	1
+
+/* RPCSEC_GSS security triple. */
+struct rpc_gss_sec {
+	gss_OID		mech;		/* mechanism */
+	gss_qop_t	qop;		/* quality of protection */
+	rpc_gss_svc_t	svc;		/* service */
+	gss_cred_id_t   cred;		/* cred handle */
+	uint32_t	req_flags;	/* req flags for init_sec_context */
+};
+
+/* Private data required for kernel implementation */
+struct authgss_private_data {
+	gss_ctx_id_t	pd_ctx;		/* Session context handle */
+	gss_buffer_desc	pd_ctx_hndl;	/* Credentials context handle */
+	uint32_t	pd_seq_win;	/* Sequence window */
+};
+
+/* Krb 5 default mechanism
+#define KRB5OID  "1.2.840.113554.1.2.2"
+
+gss_OID_desc krb5oid = {
+	20, KRB5OID
+};
+ */
+
+/*
+struct rpc_gss_sec krb5mech = {
+	(gss_OID)&krb5oid,
+	GSS_QOP_DEFAULT,
+	RPCSEC_GSS_SVC_NONE
+};
+*/
+
+/* Credentials. */
+struct rpc_gss_cred {
+	u_int		gc_v;		/* version */
+	rpc_gss_proc_t	gc_proc;	/* control procedure */
+	uint32_t	gc_seq;		/* sequence number */
+	rpc_gss_svc_t	gc_svc;		/* service */
+	gss_buffer_desc	gc_ctx;		/* context handle */
+};
+
+/* Context creation response. */
+struct rpc_gss_init_res {
+	gss_buffer_desc		gr_ctx;		/* context handle */
+	uint32_t		gr_major;	/* major status */
+	uint32_t		gr_minor;	/* minor status */
+	uint32_t		gr_win;		/* sequence window */
+	gss_buffer_desc		gr_token;	/* token */
+};
+
+/* Maximum sequence number value. */
+#define MAXSEQ		0x80000000
+
+/* Prototypes. */
+bool_t	xdr_rpc_gss_buf		(XDR *xdrs, gss_buffer_t, u_int maxsize);
+bool_t	xdr_rpc_gss_cred	(XDR *xdrs, struct rpc_gss_cred *p);
+bool_t	xdr_rpc_gss_init_args	(XDR *xdrs, gss_buffer_desc *p);
+bool_t	xdr_rpc_gss_init_res	(XDR *xdrs, struct rpc_gss_init_res *p);
+bool_t	xdr_rpc_gss_data	(XDR *xdrs, xdrproc_t xdr_func,
+				 caddr_t xdr_ptr, gss_ctx_id_t ctx,
+				 gss_qop_t qop, rpc_gss_svc_t svc,
+				 uint32_t seq);
+bool_t	xdr_rpc_gss_wrap_data	(XDR *xdrs, xdrproc_t xdr_func, caddr_t
+				 xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop,
+				 rpc_gss_svc_t svc, uint32_t seq);
+bool_t	xdr_rpc_gss_unwrap_data	(XDR *xdrs, xdrproc_t xdr_func, caddr_t
+				 xdr_ptr, gss_ctx_id_t ctx, gss_qop_t qop,
+				 rpc_gss_svc_t svc, uint32_t seq);
+
+AUTH   *authgss_create		(CLIENT *, gss_name_t, struct rpc_gss_sec *);
+AUTH   *authgss_create_default	(CLIENT *, char *, struct rpc_gss_sec *);
+bool_t authgss_service		(AUTH *auth, int svc);
+bool_t authgss_get_private_data (AUTH *auth, struct authgss_private_data *);
+
+#ifdef GSSRPC__IMPL
+void	log_debug		(const char *fmt, ...);
+void	log_status		(char *m, OM_uint32 major, OM_uint32 minor);
+void	log_hexdump		(const u_char *buf, int len, int offset);
+#endif
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_AUTH_GSS_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/auth_gssapi.h b/krb5-1.21.3/src/include/gssrpc/auth_gssapi.h
new file mode 100644
index 00000000..9d948532
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/auth_gssapi.h
@@ -0,0 +1,162 @@
+/* include/gssrpc/auth_gssapi.h - GSS-API style auth parameters for RPC */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ */
+
+#ifndef GSSRPC_AUTH_GSSAPI_H
+#define GSSRPC_AUTH_GSSAPI_H
+
+GSSRPC__BEGIN_DECLS
+
+#define AUTH_GSSAPI_EXIT		0
+#define AUTH_GSSAPI_INIT 		1
+#define AUTH_GSSAPI_CONTINUE_INIT 	2
+#define AUTH_GSSAPI_MSG 		3
+#define AUTH_GSSAPI_DESTROY 		4
+
+/*
+ * Yuck.  Some sys/types.h files leak symbols
+ */
+#ifdef major
+#undef major
+#endif
+#ifdef minor
+#undef minor
+#endif
+
+typedef struct _auth_gssapi_name {
+     char *name;
+     gss_OID type;
+} auth_gssapi_name;
+
+typedef struct _auth_gssapi_creds {
+     uint32_t version;
+     bool_t auth_msg;
+     gss_buffer_desc client_handle;
+} auth_gssapi_creds;
+
+typedef struct _auth_gssapi_init_arg {
+     uint32_t version;
+     gss_buffer_desc token;
+} auth_gssapi_init_arg;
+
+typedef struct _auth_gssapi_init_res {
+     uint32_t version;
+     gss_buffer_desc client_handle;
+     OM_uint32 gss_major, gss_minor;
+     gss_buffer_desc token;
+     gss_buffer_desc signed_isn;
+} auth_gssapi_init_res;
+
+typedef void (*auth_gssapi_log_badauth_func)
+     (OM_uint32 major,
+		OM_uint32 minor,
+		struct sockaddr_in *raddr,
+		caddr_t data);
+
+/* auth_gssapi_log_badauth_func is IPv4-specific; this version gives the
+ * transport handle so the fd can be used to get the address. */
+typedef void (*auth_gssapi_log_badauth2_func)
+     (OM_uint32 major,
+		OM_uint32 minor,
+		SVCXPRT *xprt,
+		caddr_t data);
+
+typedef void (*auth_gssapi_log_badverf_func)
+     (gss_name_t client,
+		gss_name_t server,
+		struct svc_req *rqst,
+		struct rpc_msg *msg,
+		caddr_t data);
+
+typedef void (*auth_gssapi_log_miscerr_func)
+     (struct svc_req *rqst,
+		struct rpc_msg *msg,
+		char *error,
+		caddr_t data);
+
+bool_t xdr_gss_buf(XDR *, gss_buffer_t);
+bool_t xdr_authgssapi_creds(XDR *, auth_gssapi_creds *);
+bool_t xdr_authgssapi_init_arg(XDR *, auth_gssapi_init_arg *);
+bool_t xdr_authgssapi_init_res(XDR *, auth_gssapi_init_res *);
+
+bool_t auth_gssapi_wrap_data
+(OM_uint32 *major, OM_uint32 *minor,
+	   gss_ctx_id_t context, uint32_t seq_num, XDR
+	   *out_xdrs, bool_t (*xdr_func)(), caddr_t
+	   xdr_ptr);
+bool_t auth_gssapi_unwrap_data
+(OM_uint32 *major, OM_uint32 *minor,
+	   gss_ctx_id_t context, uint32_t seq_num, XDR
+	   *in_xdrs, bool_t (*xdr_func)(), caddr_t
+	   xdr_ptr);
+
+AUTH *auth_gssapi_create
+(CLIENT *clnt,
+	   OM_uint32 *major_status,
+	   OM_uint32 *minor_status,
+	   gss_cred_id_t claimant_cred_handle,
+	   gss_name_t target_name,
+	   gss_OID mech_type,
+	   OM_uint32 req_flags,
+	   OM_uint32 time_req,
+	   gss_OID *actual_mech_type,
+	   OM_uint32 *ret_flags,
+	   OM_uint32 *time_rec);
+
+AUTH *auth_gssapi_create_default
+(CLIENT *clnt, char *service_name);
+
+void auth_gssapi_display_status
+(char *msg, OM_uint32 major,
+	   OM_uint32 minor);
+
+bool_t auth_gssapi_seal_seq
+(gss_ctx_id_t context, uint32_t seq_num, gss_buffer_t out_buf);
+
+bool_t auth_gssapi_unseal_seq
+(gss_ctx_id_t context, gss_buffer_t in_buf, uint32_t *seq_num);
+
+bool_t svcauth_gssapi_set_names
+(auth_gssapi_name *names, int num);
+void svcauth_gssapi_unset_names
+(void);
+
+void svcauth_gssapi_set_log_badauth_func
+(auth_gssapi_log_badauth_func func,
+	   caddr_t data);
+void svcauth_gssapi_set_log_badauth2_func
+(auth_gssapi_log_badauth2_func func,
+	   caddr_t data);
+void svcauth_gssapi_set_log_badverf_func
+(auth_gssapi_log_badverf_func func,
+	   caddr_t data);
+void svcauth_gssapi_set_log_miscerr_func
+(auth_gssapi_log_miscerr_func func,
+	   caddr_t data);
+
+void svcauth_gss_set_log_badauth_func(auth_gssapi_log_badauth_func,
+				      caddr_t);
+void svcauth_gss_set_log_badauth2_func(auth_gssapi_log_badauth2_func,
+				       caddr_t);
+void svcauth_gss_set_log_badverf_func(auth_gssapi_log_badverf_func,
+				      caddr_t);
+void svcauth_gss_set_log_miscerr_func(auth_gssapi_log_miscerr_func,
+				      caddr_t data);
+
+#define GSS_COPY_BUFFER(dest, src) { \
+     (dest).length = (src).length; \
+     (dest).value = (src).value; }
+
+#define GSS_DUP_BUFFER(dest, src) { \
+     (dest).length = (src).length; \
+     (dest).value = (void *) malloc((dest).length); \
+     memcpy((dest).value, (src).value, (dest).length); }
+
+#define GSS_BUFFERS_EQUAL(b1, b2) (((b1).length == (b2).length) && \
+				   !memcmp((b1).value,(b2).value,(b1.length)))
+
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_AUTH_GSSAPI_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/auth_unix.h b/krb5-1.21.3/src/include/gssrpc/auth_unix.h
new file mode 100644
index 00000000..6dda1af5
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/auth_unix.h
@@ -0,0 +1,82 @@
+/* @(#)auth_unix.h	2.2 88/07/29 4.0 RPCSRC; from 1.8 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*      @(#)auth_unix.h 1.5 86/07/16 SMI      */
+
+/*
+ * auth_unix.h, Protocol for UNIX style authentication parameters for RPC
+ */
+
+#ifndef GSSRPC_AUTH_UNIX_H
+#define GSSRPC_AUTH_UNIX_H
+
+GSSRPC__BEGIN_DECLS
+/*
+ * The system is very weak.  The client uses no encryption for  it
+ * credentials and only sends null verifiers.  The server sends backs
+ * null verifiers or optionally a verifier that suggests a new short hand
+ * for the credentials.
+ */
+
+/* The machine name is part of a credential; it may not exceed 255 bytes */
+#define MAX_MACHINE_NAME 255
+
+/* gids compose part of a credential; there may not be more than 16 of them */
+#define NGRPS 16
+
+/*
+ * Unix style credentials.
+ */
+struct authunix_parms {
+	uint32_t	 aup_time;
+	char	*aup_machname;
+	int	 aup_uid;
+	int	 aup_gid;
+	u_int	 aup_len;
+	int	*aup_gids;
+};
+
+extern bool_t xdr_authunix_parms(XDR *, struct authunix_parms *);
+
+/*
+ * If a response verifier has flavor AUTH_SHORT,
+ * then the body of the response verifier encapsulates the following structure;
+ * again it is serialized in the obvious fashion.
+ */
+struct short_hand_verf {
+	struct opaque_auth new_cred;
+};
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_AUTH_UNIX_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/clnt.h b/krb5-1.21.3/src/include/gssrpc/clnt.h
new file mode 100644
index 00000000..e5af80d4
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/clnt.h
@@ -0,0 +1,346 @@
+/* @(#)clnt.h	2.1 88/07/29 4.0 RPCSRC; from 1.31 88/02/08 SMI*/
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * clnt.h - Client side remote procedure call interface.
+ */
+
+#ifndef GSSRPC_CLNT_H
+#define GSSRPC_CLNT_H
+
+GSSRPC__BEGIN_DECLS
+/*
+ * Rpc calls return an enum clnt_stat.  This should be looked at more,
+ * since each implementation is required to live with this (implementation
+ * independent) list of errors.
+ */
+enum clnt_stat {
+	RPC_SUCCESS=0,			/* call succeeded */
+	/*
+	 * local errors
+	 */
+	RPC_CANTENCODEARGS=1,		/* can't encode arguments */
+	RPC_CANTDECODERES=2,		/* can't decode results */
+	RPC_CANTSEND=3,			/* failure in sending call */
+	RPC_CANTRECV=4,			/* failure in receiving result */
+	RPC_TIMEDOUT=5,			/* call timed out */
+	/*
+	 * remote errors
+	 */
+	RPC_VERSMISMATCH=6,		/* rpc versions not compatible */
+	RPC_AUTHERROR=7,		/* authentication error */
+	RPC_PROGUNAVAIL=8,		/* program not available */
+	RPC_PROGVERSMISMATCH=9,		/* program version mismatched */
+	RPC_PROCUNAVAIL=10,		/* procedure unavailable */
+	RPC_CANTDECODEARGS=11,		/* decode arguments error */
+	RPC_SYSTEMERROR=12,		/* generic "other problem" */
+
+	/*
+	 * callrpc & clnt_create errors
+	 */
+	RPC_UNKNOWNHOST=13,		/* unknown host name */
+	RPC_UNKNOWNPROTO=17,		/* unknown protocol */
+
+	/*
+	 * _ create errors
+	 */
+	RPC_PMAPFAILURE=14,		/* the pmapper failed in its call */
+	RPC_PROGNOTREGISTERED=15,	/* remote program is not registered */
+	/*
+	 * unspecified error
+	 */
+	RPC_FAILED=16
+};
+
+
+/*
+ * Error info.
+ */
+struct rpc_err {
+	enum clnt_stat re_status;
+	union {
+		int RE_errno;		/* realated system error */
+		enum auth_stat RE_why;	/* why the auth error occurred */
+		struct {
+			rpcvers_t low;	/* lowest version supported */
+			rpcvers_t high;	/* highest version supported */
+		} RE_vers;
+		struct {		/* maybe meaningful if RPC_FAILED */
+			int32_t s1;
+			int32_t s2;
+		} RE_lb;		/* life boot & debugging only */
+	} ru;
+#define	re_errno	ru.RE_errno
+#define	re_why		ru.RE_why
+#define	re_vers		ru.RE_vers
+#define	re_lb		ru.RE_lb
+};
+
+
+/*
+ * Client rpc handle.
+ * Created by individual implementations, see e.g. rpc_udp.c.
+ * Client is responsible for initializing auth, see e.g. auth_none.c.
+ */
+typedef struct CLIENT {
+	AUTH	*cl_auth;			/* authenticator */
+	struct clnt_ops {
+		/* call remote procedure */
+		enum clnt_stat	(*cl_call)(struct CLIENT *,
+					   rpcproc_t, xdrproc_t, void *,
+					   xdrproc_t, void *,
+					   struct timeval);
+		/* abort a call */
+		void		(*cl_abort)(struct CLIENT *);
+		/* get specific error code */
+		void		(*cl_geterr)(struct CLIENT *,
+					     struct rpc_err *);
+		/* frees results */
+		bool_t		(*cl_freeres)(struct CLIENT *,
+					      xdrproc_t, void *);
+		/* destroy this structure */
+		void		(*cl_destroy)(struct CLIENT *);
+		/* the ioctl() of rpc */
+		/* XXX CITI makes 2nd arg take u_int */
+		bool_t          (*cl_control)(struct CLIENT *, int,
+					      void *);
+	} *cl_ops;
+	void			*cl_private;	/* private stuff */
+} CLIENT;
+
+
+/*
+ * client side rpc interface ops
+ *
+ * Parameter types are:
+ *
+ */
+
+/*
+ * enum clnt_stat
+ * CLNT_CALL(rh, proc, xargs, argsp, xres, resp, timeout)
+ * 	CLIENT *rh;
+ *	rpcproc_t proc;
+ *	xdrproc_t xargs;
+ *	caddr_t argsp;
+ *	xdrproc_t xres;
+ *	caddr_t resp;
+ *	struct timeval timeout;
+ */
+#define	CLNT_CALL(rh, proc, xargs, argsp, xres, resp, secs)	\
+	((*(rh)->cl_ops->cl_call)(rh, proc, xargs, argsp, xres, resp, secs))
+#define	clnt_call(rh, proc, xargs, argsp, xres, resp, secs)	\
+	((*(rh)->cl_ops->cl_call)(rh, proc, xargs, argsp, xres, resp, secs))
+
+/*
+ * void
+ * CLNT_ABORT(rh);
+ * 	CLIENT *rh;
+ */
+#define	CLNT_ABORT(rh)	((*(rh)->cl_ops->cl_abort)(rh))
+#define	clnt_abort(rh)	((*(rh)->cl_ops->cl_abort)(rh))
+
+/*
+ * struct rpc_err
+ * CLNT_GETERR(rh);
+ * 	CLIENT *rh;
+ */
+#define	CLNT_GETERR(rh,errp)	((*(rh)->cl_ops->cl_geterr)(rh, errp))
+#define	clnt_geterr(rh,errp)	((*(rh)->cl_ops->cl_geterr)(rh, errp))
+
+
+/*
+ * bool_t
+ * CLNT_FREERES(rh, xres, resp);
+ * 	CLIENT *rh;
+ *	xdrproc_t xres;
+ *	caddr_t resp;
+ */
+#define	CLNT_FREERES(rh,xres,resp) ((*(rh)->cl_ops->cl_freeres)(rh,xres,resp))
+#define	clnt_freeres(rh,xres,resp) ((*(rh)->cl_ops->cl_freeres)(rh,xres,resp))
+
+/*
+ * bool_t
+ * CLNT_CONTROL(cl, request, info)
+ *      CLIENT *cl;
+ *      u_int request;
+ *      char *info;
+ */
+#define	CLNT_CONTROL(cl,rq,in) ((*(cl)->cl_ops->cl_control)(cl,rq,in))
+#define	clnt_control(cl,rq,in) ((*(cl)->cl_ops->cl_control)(cl,rq,in))
+
+/*
+ * control operations that apply to both udp and tcp transports
+ */
+#define CLSET_TIMEOUT       1   /* set timeout (timeval) */
+#define CLGET_TIMEOUT       2   /* get timeout (timeval) */
+#define CLGET_SERVER_ADDR   3   /* get server's address (sockaddr) */
+/*
+ * udp only control operations
+ */
+#define CLSET_RETRY_TIMEOUT 4   /* set retry timeout (timeval) */
+#define CLGET_RETRY_TIMEOUT 5   /* get retry timeout (timeval) */
+/*
+ * new control operations
+ */
+#define CLGET_LOCAL_ADDR    6	/* get local address (sockaddr, getsockname)*/
+
+/*
+ * void
+ * CLNT_DESTROY(rh);
+ * 	CLIENT *rh;
+ */
+#define	CLNT_DESTROY(rh)	((*(rh)->cl_ops->cl_destroy)(rh))
+#define	clnt_destroy(rh)	((*(rh)->cl_ops->cl_destroy)(rh))
+
+
+/*
+ * RPCTEST is a test program which is accessible on every rpc
+ * transport/port.  It is used for testing, performance evaluation,
+ * and network administration.
+ */
+
+#define RPCTEST_PROGRAM		((rpcprog_t)1)
+#define RPCTEST_VERSION		((rpcvers_t)1)
+#define RPCTEST_NULL_PROC	((rpcproc_t)2)
+#define RPCTEST_NULL_BATCH_PROC	((rpcproc_t)3)
+
+/*
+ * By convention, procedure 0 takes null arguments and returns them
+ */
+
+#define NULLPROC ((rpcproc_t)0)
+
+/*
+ * Below are the client handle creation routines for the various
+ * implementations of client side rpc.  They can return NULL if a
+ * creation failure occurs.
+ */
+
+/*
+ * Memory based rpc (for speed check and testing)
+ * CLIENT *
+ * clntraw_create(prog, vers)
+ *	rpcprog_t prog;
+ *	rpcvers_t vers;
+ */
+extern CLIENT *clntraw_create(rpcprog_t, rpcvers_t);
+
+/*
+ * Generic client creation routine. Supported protocols are "udp" and "tcp"
+ */
+extern CLIENT *clnt_create(char *, rpcprog_t, rpcvers_t, char *);
+
+
+/*
+ * TCP based rpc
+ * CLIENT *
+ * clnttcp_create(raddr, prog, vers, sockp, sendsz, recvsz)
+ *	struct sockaddr_in *raddr;
+ *	rpcprog_t prog;
+ *	rpcvers_t version;
+ *	int *sockp;
+ *	u_int sendsz;
+ *	u_int recvsz;
+ */
+extern CLIENT *clnttcp_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
+			      int *, u_int, u_int);
+
+/*
+ * UDP based rpc.
+ * CLIENT *
+ * clntudp_create(raddr, program, version, wait, sockp)
+ *	struct sockaddr_in *raddr;
+ *	rpcprog_t program;
+ *	rpcvers_t version;
+ *	struct timeval wait;
+ *	int *sockp;
+ *
+ * Same as above, but you specify max packet sizes.
+ * CLIENT *
+ * clntudp_bufcreate(raddr, program, version, wait, sockp, sendsz, recvsz)
+ *	struct sockaddr_in *raddr;
+ *	rpcprog_t program;
+ *	rpcvers_t version;
+ *	struct timeval wait;
+ *	int *sockp;
+ *	u_int sendsz;
+ *	u_int recvsz;
+ */
+extern CLIENT *clntudp_create(struct sockaddr_in *, rpcprog_t,
+			      rpcvers_t, struct timeval, int *);
+extern CLIENT *clntudp_bufcreate(struct sockaddr_in *, rpcprog_t,
+				 rpcvers_t, struct timeval, int *,
+				 u_int, u_int);
+
+/*
+ * Print why creation failed
+ */
+void clnt_pcreateerror(char *);	/* stderr */
+char *clnt_spcreateerror(char *);	/* string */
+
+/*
+ * Like clnt_perror(), but is more verbose in its output
+ */
+void clnt_perrno(enum clnt_stat);	/* stderr */
+
+/*
+ * Print an English error message, given the client error code
+ */
+void clnt_perror(CLIENT *, char *); 	/* stderr */
+char *clnt_sperror(CLIENT *, char *);	/* string */
+
+/*
+ * If a creation fails, the following allows the user to figure out why.
+ */
+struct rpc_createerr {
+	enum clnt_stat cf_stat;
+	struct rpc_err cf_error; /* useful when cf_stat == RPC_PMAPFAILURE */
+};
+
+extern struct rpc_createerr rpc_createerr;
+
+
+
+/*
+ * Copy error message to buffer.
+ */
+char *clnt_sperrno(enum clnt_stat num);	/* string */
+
+#define UDPMSGSIZE	8800	/* rpc imposed limit on udp msg size */
+#define RPCSMALLMSGSIZE	400	/* a more reasonable packet size */
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_CLNT_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/netdb.h b/krb5-1.21.3/src/include/gssrpc/netdb.h
new file mode 100644
index 00000000..f933fbb7
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/netdb.h
@@ -0,0 +1,58 @@
+/* include/gssrpc/netdb.h */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* @(#)netdb.h	2.1 88/07/29 3.9 RPCSRC */
+/*	@(#)rpc.h 1.8 87/07/24 SMI	*/
+
+#ifndef RPC_NETDB_H
+#define RPC_NETDB_H
+
+#include <gssrpc/types.h>
+/* since the gssrpc library requires that any application using it be
+built with these header files, I am making the decision that any app
+which uses the rpcent routines must use this header file, or something
+compatible (which most <netdb.h> are) --marc */
+
+/* Really belongs in <netdb.h> */
+#ifdef STRUCT_RPCENT_IN_RPC_NETDB_H
+struct rpcent {
+      char    *r_name;        /* name of server for this rpc program */
+      char    **r_aliases;    /* alias list */
+      int     r_number;       /* rpc program number */
+};
+#endif /*STRUCT_RPCENT_IN_RPC_NETDB_H*/
+
+struct rpcent *getrpcbyname(), *getrpcbynumber(), *getrpcent();
+
+#endif
diff --git a/krb5-1.21.3/src/include/gssrpc/pmap_clnt.h b/krb5-1.21.3/src/include/gssrpc/pmap_clnt.h
new file mode 100644
index 00000000..993bce27
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/pmap_clnt.h
@@ -0,0 +1,83 @@
+/* @(#)pmap_clnt.h	2.1 88/07/29 4.0 RPCSRC; from 1.11 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * pmap_clnt.h
+ * Supplies C routines to get to portmap services.
+ */
+
+#ifndef GSSRPC_PMAP_CLNT_H
+#define GSSRPC_PMAP_CLNT_H
+
+/*
+ * Usage:
+ *	success = pmap_set(program, version, protocol, port);
+ *	success = pmap_unset(program, version);
+ *	port = pmap_getport(address, program, version, protocol);
+ *	head = pmap_getmaps(address);
+ *	clnt_stat = pmap_rmtcall(address, program, version, procedure,
+ *		xdrargs, argsp, xdrres, resp, tout, port_ptr)
+ *		(works for udp only.)
+ * 	clnt_stat = clnt_broadcast(program, version, procedure,
+ *		xdrargs, argsp,	xdrres, resp, eachresult)
+ *		(like pmap_rmtcall, except the call is broadcasted to all
+ *		locally connected nets.  For each valid response received,
+ *		the procedure eachresult is called.  Its form is:
+ *	done = eachresult(resp, raddr)
+ *		bool_t done;
+ *		caddr_t resp;
+ *		struct sockaddr_in raddr;
+ *		where resp points to the results of the call and raddr is the
+ *		address if the responder to the broadcast.
+ */
+
+GSSRPC__BEGIN_DECLS
+extern bool_t		pmap_set(rpcprog_t, rpcvers_t, rpcprot_t, u_int);
+extern bool_t		pmap_unset(rpcprog_t, rpcvers_t);
+extern struct pmaplist	*pmap_getmaps(struct sockaddr_in *);
+enum clnt_stat		pmap_rmtcall(struct sockaddr_in *, rpcprog_t,
+				     rpcvers_t, rpcproc_t, xdrproc_t,
+				     caddr_t, xdrproc_t, caddr_t,
+				     struct timeval, rpcport_t *);
+
+typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *);
+
+enum clnt_stat		clnt_broadcast(rpcprog_t, rpcvers_t, rpcproc_t,
+				       xdrproc_t, caddr_t, xdrproc_t,
+				       caddr_t, resultproc_t);
+extern u_short		pmap_getport(struct sockaddr_in *,
+				     rpcprog_t,
+				     rpcvers_t, rpcprot_t);
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_PMAP_CLNT_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/pmap_prot.h b/krb5-1.21.3/src/include/gssrpc/pmap_prot.h
new file mode 100644
index 00000000..0e35d6b9
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/pmap_prot.h
@@ -0,0 +1,103 @@
+/* @(#)pmap_prot.h	2.1 88/07/29 4.0 RPCSRC; from 1.14 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * pmap_prot.h
+ * Protocol for the local binder service, or pmap.
+ *
+ * The following procedures are supported by the protocol:
+ *
+ * PMAPPROC_NULL() returns ()
+ * 	takes nothing, returns nothing
+ *
+ * PMAPPROC_SET(struct pmap) returns (bool_t)
+ * 	TRUE is success, FALSE is failure.  Registers the tuple
+ *	[prog, vers, prot, port].
+ *
+ * PMAPPROC_UNSET(struct pmap) returns (bool_t)
+ *	TRUE is success, FALSE is failure.  Un-registers pair
+ *	[prog, vers].  prot and port are ignored.
+ *
+ * PMAPPROC_GETPORT(struct pmap) returns (u_short).
+ *	0 is failure.  Otherwise returns the port number where the pair
+ *	[prog, vers] is registered.  It may lie!
+ *
+ * PMAPPROC_DUMP() RETURNS (struct pmaplist *)
+ *
+ * PMAPPROC_CALLIT(rpcprog_t, rpcvers_t, rpcproc_t, string<>)
+ * 	RETURNS (port, string<>);
+ * usage: encapsulatedresults = PMAPPROC_CALLIT(prog, vers, proc, encapsulatedargs);
+ * 	Calls the procedure on the local machine.  If it is not registered,
+ *	this procedure is quite; ie it does not return error information!!!
+ *	This procedure only is supported on rpc/udp and calls via
+ *	rpc/udp.  This routine only passes null authentication parameters.
+ *	This file has no interface to xdr routines for PMAPPROC_CALLIT.
+ *
+ * The service supports remote procedure calls on udp/ip or tcp/ip socket 111.
+ */
+
+#ifndef GSSRPC_PMAP_PROT_H
+#define GSSRPC_PMAP_PROT_H
+GSSRPC__BEGIN_DECLS
+
+#define PMAPPORT		((u_short)111)
+#define PMAPPROG		((rpcprog_t)100000)
+#define PMAPVERS		((rpcvers_t)2)
+#define PMAPVERS_PROTO		((rpcprot_t)2)
+#define PMAPVERS_ORIG		((rpcvers_t)1)
+#define PMAPPROC_NULL		((rpcproc_t)0)
+#define PMAPPROC_SET		((rpcproc_t)1)
+#define PMAPPROC_UNSET		((rpcproc_t)2)
+#define PMAPPROC_GETPORT	((rpcproc_t)3)
+#define PMAPPROC_DUMP		((rpcproc_t)4)
+#define PMAPPROC_CALLIT		((rpcproc_t)5)
+
+struct pmap {
+	rpcprog_t pm_prog;
+	rpcvers_t pm_vers;
+	rpcprot_t pm_prot;
+	rpcport_t pm_port;
+};
+
+extern bool_t xdr_pmap(XDR *, struct pmap *);
+
+struct pmaplist {
+	struct pmap	pml_map;
+	struct pmaplist *pml_next;
+};
+
+extern bool_t xdr_pmaplist(XDR *, struct pmaplist **);
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_PMAP_PROT_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/pmap_rmt.h b/krb5-1.21.3/src/include/gssrpc/pmap_rmt.h
new file mode 100644
index 00000000..e978a8ee
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/pmap_rmt.h
@@ -0,0 +1,65 @@
+/* @(#)pmap_rmt.h	2.1 88/07/29 4.0 RPCSRC; from 1.2 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Structures and XDR routines for parameters to and replies from
+ * the portmapper remote-call-service.
+ */
+
+#ifndef GSSRPC_PMAP_RMT_H
+#define GSSRPC_PMAP_RMT_H
+GSSRPC__BEGIN_DECLS
+
+struct rmtcallargs {
+	rpcprog_t prog;
+	rpcvers_t vers;
+	rpcproc_t proc;
+	uint32_t arglen;
+	caddr_t args_ptr;
+	xdrproc_t xdr_args;
+};
+
+bool_t xdr_rmtcall_args(XDR *, struct rmtcallargs *);
+
+struct rmtcallres {
+	rpcport_t *port_ptr;
+	uint32_t resultslen;
+	caddr_t results_ptr;
+	xdrproc_t xdr_results;
+};
+
+bool_t xdr_rmtcallres(XDR *, struct rmtcallres *);
+
+GSSRPC__END_DECLS
+#endif /* !defined(GSSRPC_PMAP_RMT_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/rename.h b/krb5-1.21.3/src/include/gssrpc/rename.h
new file mode 100644
index 00000000..d67502fe
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/rename.h
@@ -0,0 +1,280 @@
+/* include/gssrpc/rename.h */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Namespace mangling for various purposes.
+ *
+ * Symbols in the object code need to be renamed to not conflict with
+ * an OS-provided RPC implementation.  Without renaming, the conflicts
+ * can cause problems with things like RPC-enabled NSS
+ * implementations.
+ *
+ * Symbols in headers should not conflict with implementation-reserved
+ * namespace (prefixes "_[A-Z_]" for any purpose; prefix "_"
+ * for file scope identifiers and tag names), or unnecessarily impinge
+ * on user namespace.
+ *
+ * The renaming of the header directory is done to avoid problems when
+ * the OS header files include <rpc/foo.h> and might get ours instead.
+ * OS vendors should replace all the <gssrpc/foo.h> inclusions with
+ * <rpc/foo.h> inclusions, as appropriate.  Additionally, vendors
+ * should probably put some symbols into the implementation namespace.
+ *
+ * For example, inclusion protection should change from "GSSRPC_*_H"
+ * to "_RPC_*_H", struct tags should get "__" prefixes, etc.
+ *
+ * This implementation reserves the object code prefix "gssrpc_".
+ * External names in the RPC API not beginning with "_" get renamed
+ * with the prefix "gssrpc_" via #define, e.g., "foo" -> "gssrpc_foo".
+ * External names in the RPC API beginning with "_" get textually
+ * rewritten.
+ */
+
+#ifndef GSSRPC_RENAME_H
+#define GSSRPC_RENAME_H
+
+/* auth.h */
+
+#define xdr_des_block		gssrpc_xdr_des_block
+
+#define authunix_create		gssrpc_authunix_create
+#define authunix_create_default	gssrpc_authunix_create_default
+#define authnone_create		gssrpc_authnone_create
+#define xdr_opaque_auth		gssrpc_xdr_opaque_auth
+
+/* auth_gss.c */
+
+#define auth_debug_gss		gssrpc_auth_debug_gss
+#define misc_debug_gss		gssrpc_misc_debug_gss
+
+/* auth_gss.h */
+
+#define xdr_rpc_gss_buf		gssrpc_xdr_rpc_gss_buf
+#define xdr_rpc_gss_cred	gssrpc_xdr_rpc_gss_cred
+#define xdr_rpc_gss_init_args	gssrpc_xdr_rpc_gss_init_args
+#define xdr_rpc_gss_init_res	gssrpc_xdr_rpc_gss_init_res
+#define xdr_rpc_gss_data	gssrpc_xdr_rpc_gss_data
+#define xdr_rpc_gss_wrap_data	gssrpc_xdr_rpc_gss_wrap_data
+#define xdr_rpc_gss_unwrap_data	gssrpc_xdr_rpc_gss_unwrap_data
+
+#define authgss_create		gssrpc_authgss_create
+#define authgss_create_default	gssrpc_authgss_create_default
+#define authgss_get_private_data	gssrpc_authgss_get_private_data
+#define authgss_service		gssrpc_authgss_service
+
+#ifdef GSSRPC__IMPL
+#define log_debug		gssrpc_log_debug
+#define log_status		gssrpc_log_status
+#define	log_hexdump		gssrpc_log_hexdump
+#endif
+
+/* auth_gssapi.c */
+
+#define auth_debug_gssapi	gssrpc_auth_debug_gssapi
+#define misc_debug_gssapi	gssrpc_misc_debug_gssapi
+
+/* auth_gssapi.h */
+
+#define xdr_gss_buf		gssrpc_xdr_gss_buf
+#define xdr_authgssapi_creds	gssrpc_xdr_authgssapi_creds
+#define xdr_authgssapi_init_arg	gssrpc_xdr_authgssapi_init_arg
+#define xdr_authgssapi_init_res	gssrpc_xdr_authgssapi_init_res
+
+#define auth_gssapi_wrap_data	gssrpc_auth_gssapi_wrap_data
+#define auth_gssapi_unwrap_data	gssrpc_auth_gssapi_unwrap_data
+#define auth_gssapi_create	gssrpc_auth_gssapi_create
+#define auth_gssapi_create_default	gssrpc_auth_gssapi_create_default
+#define auth_gssapi_display_status	gssrpc_auth_gssapi_display_status
+#define auth_gssapi_seal_seq	gssrpc_auth_gssapi_seal_seq
+#define auth_gssapi_unseal_seq	gssrpc_auth_gssapi_unseal_seq
+
+#define svcauth_gssapi_set_names	gssrpc_svcauth_gssapi_set_names
+#define svcauth_gssapi_unset_names	gssrpc_svcauth_gssapi_unset_names
+#define svcauth_gssapi_set_log_badauth_func	gssrpc_svcauth_gssapi_set_log_badauth_func
+#define svcauth_gssapi_set_log_badauth2_func	gssrpc_svcauth_gssapi_set_log_badauth2_func
+#define svcauth_gssapi_set_log_badverf_func	gssrpc_svcauth_gssapi_set_log_badverf_func
+#define svcauth_gssapi_set_log_miscerr_func	gssrpc_svcauth_gssapi_set_log_miscerr_func
+
+#define svcauth_gss_set_log_badauth_func	gssrpc_svcauth_gss_set_log_badauth_func
+#define svcauth_gss_set_log_badauth2_func	gssrpc_svcauth_gss_set_log_badauth2_func
+#define svcauth_gss_set_log_badverf_func	gssrpc_svcauth_gss_set_log_badverf_func
+#define svcauth_gss_set_log_miscerr_func	gssrpc_svcauth_gss_set_log_miscerr_func
+
+/* auth_unix.h */
+
+#define xdr_authunix_parms	gssrpc_xdr_authunix_parms
+
+/* clnt.h */
+
+#define clntraw_create		gssrpc_clntraw_create
+#define clnt_create		gssrpc_clnt_create
+#define clnttcp_create		gssrpc_clnttcp_create
+#define clntudp_create		gssrpc_clntudp_create
+#define clntudp_bufcreate	gssrpc_clntudp_bufcreate
+#define clnt_pcreateerror	gssrpc_clnt_pcreateerror
+#define clnt_spcreateerror	gssrpc_clnt_spcreateerror
+#define clnt_perrno		gssrpc_clnt_perrno
+#define clnt_perror		gssrpc_clnt_perror
+#define clnt_sperror		gssrpc_clnt_sperror
+/* XXX do we need to rename the struct? */
+#define rpc_createerr		gssrpc_rpc_createrr
+#define clnt_sperrno		gssrpc_clnt_sperrno
+
+/* pmap_clnt.h */
+
+#define pmap_set		gssrpc_pmap_set
+#define pmap_unset		gssrpc_pmap_unset
+#define pmap_getmaps		gssrpc_pmap_getmaps
+#define pmap_rmtcall		gssrpc_pmap_rmtcall
+#define clnt_broadcast		gssrpc_clnt_broadcast
+#define pmap_getport		gssrpc_pmap_getport
+
+/* pmap_prot.h */
+
+#define xdr_pmap		gssrpc_xdr_pmap
+#define xdr_pmaplist		gssrpc_xdr_pmaplist
+
+/* pmap_rmt.h */
+
+#define xdr_rmtcall_args	gssrpc_xdr_rmtcall_args
+#define xdr_rmtcallres		gssrpc_xdr_rmtcallres
+
+/* rpc.h */
+
+#define get_myaddress		gssrpc_get_myaddress
+#define bindresvport		gssrpc_bindresvport
+#define bindresvport_sa		gssrpc_bindresvport_sa
+#define callrpc			gssrpc_callrpc
+#define getrpcport		gssrpc_getrpcport
+
+/* rpc_msg.h */
+
+#define xdr_callmsg		gssrpc_xdr_callmsg
+#define xdr_callhdr		gssrpc_xdr_callhdr
+#define xdr_replymsg		gssrpc_xdr_replymsg
+#define xdr_accepted_reply	gssrpc_xdr_accepted_reply
+#define xdr_rejected_reply	gssrpc_xdr_rejected_reply
+
+/* svc.h */
+
+#define svc_register		gssrpc_svc_register
+#define registerrpc             gssrpc_registerrpc
+#define svc_unregister		gssrpc_svc_unregister
+#define xprt_register		gssrpc_xprt_register
+#define xprt_unregister		gssrpc_xprt_unregister
+
+#define svc_sendreply		gssrpc_svc_sendreply
+#define svcerr_decode		gssrpc_svcerr_decode
+#define svcerr_weakauth		gssrpc_svcerr_weakauth
+#define svcerr_noproc		gssrpc_svcerr_noproc
+#define svcerr_progvers		gssrpc_svcerr_progvers
+#define svcerr_auth		gssrpc_svcerr_auth
+#define svcerr_noprog		gssrpc_svcerr_noprog
+#define svcerr_systemerr	gssrpc_svcerr_systemerr
+
+#define svc_maxfd		gssrpc_svc_maxfd
+#define svc_fdset		gssrpc_svc_fdset
+#define svc_fds			gssrpc_svc_fds
+
+#define svc_getreq		gssrpc_svc_getreq
+#define svc_getreqset		gssrpc_svc_getreqset
+#define svc_run			gssrpc_svc_run
+
+#define svcraw_create		gssrpc_svcraw_create
+
+#define svcudp_create		gssrpc_svcudp_create
+#define svcudp_bufcreate	gssrpc_svcudp_bufcreate
+#define svcudp_enablecache	gssrpc_svcudp_enablecache
+
+#define svctcp_create		gssrpc_svctcp_create
+
+#define svcfd_create            gssrpc_svcfd_create
+
+/* svc_auth.h */
+
+#define svc_auth_none_ops	gssrpc_svc_auth_none_ops
+#define svc_auth_gssapi_ops	gssrpc_svc_auth_gssapi_ops
+#define svc_auth_gss_ops	gssrpc_svc_auth_gss_ops
+
+#define svcauth_gss_set_svc_name	gssrpc_svcauth_gss_set_svc_name
+#define svcauth_gss_get_principal	gssrpc_svcauth_gss_get_principal
+
+/* svc_auth_gss.c */
+
+#define svc_debug_gss		gssrpc_svc_debug_gss
+
+/* svc_auth_gssapi.c */
+
+#define svc_debug_gssapi	gssrpc_svc_debug_gssapi
+
+/* svc_auth_none.c */
+
+#define svc_auth_none		gssrpc_svc_auth_none
+
+/* xdr.h */
+
+#define xdr_void	gssrpc_xdr_void
+#define xdr_int		gssrpc_xdr_int
+#define xdr_u_int	gssrpc_xdr_u_int
+#define xdr_long	gssrpc_xdr_long
+#define xdr_u_long	gssrpc_xdr_u_long
+#define xdr_short	gssrpc_xdr_short
+#define xdr_u_short	gssrpc_xdr_u_short
+#define xdr_bool	gssrpc_xdr_bool
+#define xdr_enum	gssrpc_xdr_enum
+#define xdr_array	gssrpc_xdr_array
+#define xdr_bytes	gssrpc_xdr_bytes
+#define xdr_opaque	gssrpc_xdr_opaque
+#define xdr_string	gssrpc_xdr_string
+#define xdr_union	gssrpc_xdr_union
+#define xdr_char	gssrpc_xdr_char
+#define xdr_u_char	gssrpc_xdr_u_char
+#define xdr_vector	gssrpc_xdr_vector
+#define xdr_float	gssrpc_xdr_float
+#define xdr_double	gssrpc_xdr_double
+#define xdr_reference	gssrpc_xdr_reference
+#define xdr_pointer	gssrpc_xdr_pointer
+#define xdr_wrapstring	gssrpc_xdr_wrapstring
+#define xdr_free	gssrpc_xdr_free
+
+#define xdr_sizeof	gssrpc_xdr_sizeof
+
+#define xdr_netobj	gssrpc_xdr_netobj
+#define xdr_int32	gssrpc_xdr_int32
+#define xdr_u_int32	gssrpc_xdr_u_int32
+
+#define xdralloc_create		gssrpc_xdralloc_create
+#define xdralloc_release	gssrpc_xdralloc_release
+#define xdralloc_getdata	gssrpc_xdralloc_getdata
+
+#define xdrmem_create		gssrpc_xdrmem_create
+#define xdrstdio_create		gssrpc_xdrstdio_create
+#define xdrrec_create		gssrpc_xdrrec_create
+#define xdrrec_endofrecord	gssrpc_xdrrec_endofrecord
+#define xdrrec_skiprecord	gssrpc_xdrrec_skiprecord
+#define xdrrec_eof		gssrpc_xdrrec_eof
+
+#endif /* !defined(GSSRPC_RENAME_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/rpc.h b/krb5-1.21.3/src/include/gssrpc/rpc.h
new file mode 100644
index 00000000..78727c49
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/rpc.h
@@ -0,0 +1,77 @@
+/* @(#)rpc.h	2.3 88/08/10 4.0 RPCSRC; from 1.9 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * rpc.h, Just includes the billions of rpc header files necessary to
+ * do remote procedure calling.
+ */
+#ifndef GSSRPC_RPC_H
+#define GSSRPC_RPC_H
+
+#include <gssrpc/types.h>		/* some typedefs */
+#include <netinet/in.h>
+
+/* external data representation interfaces */
+#include <gssrpc/xdr.h>		/* generic (de)serializer */
+
+/* Client side only authentication */
+#include <gssrpc/auth.h>		/* generic authenticator (client side) */
+
+/* Client side (mostly) remote procedure call */
+#include <gssrpc/clnt.h>		/* generic rpc stuff */
+
+/* semi-private protocol headers */
+#include <gssrpc/rpc_msg.h>	/* protocol for rpc messages */
+#include <gssrpc/auth_unix.h>	/* protocol for unix style cred */
+#include <gssrpc/auth_gss.h>	/* RPCSEC_GSS */
+
+/* Server side only remote procedure callee */
+#include <gssrpc/svc_auth.h>	/* service side authenticator */
+#include <gssrpc/svc.h>		/* service manager and multiplexer */
+
+/*
+ * get the local host's IP address without consulting
+ * name service library functions
+ */
+GSSRPC__BEGIN_DECLS
+extern int get_myaddress(struct sockaddr_in *);
+extern int bindresvport(int, struct sockaddr_in *);
+extern int bindresvport_sa(int, struct sockaddr *);
+extern int callrpc(char *, rpcprog_t, rpcvers_t, rpcproc_t, xdrproc_t,
+		   char *, xdrproc_t , char *);
+extern int getrpcport(char *, rpcprog_t, rpcvers_t, rpcprot_t);
+extern int gssrpc__rpc_dtablesize(void);
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_RPC_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/rpc_msg.h b/krb5-1.21.3/src/include/gssrpc/rpc_msg.h
new file mode 100644
index 00000000..9403bfc1
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/rpc_msg.h
@@ -0,0 +1,207 @@
+/* @(#)rpc_msg.h	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*      @(#)rpc_msg.h 1.7 86/07/16 SMI      */
+
+/*
+ * rpc_msg.h
+ * rpc message definition
+ */
+
+#ifndef GSSRPC_RPC_MSG_H
+#define GSSRPC_RPC_MSG_H
+
+GSSRPC__BEGIN_DECLS
+
+#define RPC_MSG_VERSION		((uint32_t) 2)
+#define RPC_SERVICE_PORT	((u_short) 2048)
+
+/*
+ * Bottom up definition of an rpc message.
+ * NOTE: call and reply use the same overall struct but
+ * different parts of unions within it.
+ */
+
+enum msg_type {
+	CALL=0,
+	REPLY=1
+};
+
+enum reply_stat {
+	MSG_ACCEPTED=0,
+	MSG_DENIED=1
+};
+
+enum accept_stat {
+	SUCCESS=0,
+	PROG_UNAVAIL=1,
+	PROG_MISMATCH=2,
+	PROC_UNAVAIL=3,
+	GARBAGE_ARGS=4,
+	SYSTEM_ERR=5
+};
+
+enum reject_stat {
+	RPC_MISMATCH=0,
+	AUTH_ERROR=1
+};
+
+/*
+ * Reply part of an rpc exchange
+ */
+
+/*
+ * Reply to an rpc request that was accepted by the server.
+ * Note: there could be an error even though the request was
+ * accepted.
+ */
+struct accepted_reply {
+	struct opaque_auth	ar_verf;
+	enum accept_stat	ar_stat;
+	union {
+		struct {
+			rpcvers_t	low;
+			rpcvers_t	high;
+		} AR_versions;
+		struct {
+			caddr_t	where;
+			xdrproc_t proc;
+		} AR_results;
+		/* and many other null cases */
+	} ru;
+#define	ar_results	ru.AR_results
+#define	ar_vers		ru.AR_versions
+};
+
+/*
+ * Reply to an rpc request that was rejected by the server.
+ */
+struct rejected_reply {
+	enum reject_stat rj_stat;
+	union {
+		struct {
+			rpcvers_t low;
+			rpcvers_t high;
+		} RJ_versions;
+		enum auth_stat RJ_why;  /* why authentication did not work */
+	} ru;
+#define	rj_vers	ru.RJ_versions
+#define	rj_why	ru.RJ_why
+};
+
+/*
+ * Body of a reply to an rpc request.
+ */
+struct reply_body {
+	enum reply_stat rp_stat;
+	union {
+		struct accepted_reply RP_ar;
+		struct rejected_reply RP_dr;
+	} ru;
+#define	rp_acpt	ru.RP_ar
+#define	rp_rjct	ru.RP_dr
+};
+
+/*
+ * Body of an rpc request call.
+ */
+struct call_body {
+	rpcvers_t cb_rpcvers;	/* must be equal to two */
+	rpcprog_t cb_prog;
+	rpcvers_t cb_vers;
+	rpcproc_t cb_proc;
+	struct opaque_auth cb_cred;
+	struct opaque_auth cb_verf; /* protocol specific - provided by client */
+};
+
+/*
+ * The rpc message
+ */
+struct rpc_msg {
+	uint32_t		rm_xid;
+	enum msg_type		rm_direction;
+	union {
+		struct call_body RM_cmb;
+		struct reply_body RM_rmb;
+	} ru;
+#define	rm_call		ru.RM_cmb
+#define	rm_reply	ru.RM_rmb
+};
+#define	acpted_rply	ru.RM_rmb.ru.RP_ar
+#define	rjcted_rply	ru.RM_rmb.ru.RP_dr
+
+
+/*
+ * XDR routine to handle a rpc message.
+ * xdr_callmsg(xdrs, cmsg)
+ * 	XDR *xdrs;
+ * 	struct rpc_msg *cmsg;
+ */
+extern bool_t	xdr_callmsg(XDR *, struct rpc_msg *);
+
+/*
+ * XDR routine to pre-serialize the static part of a rpc message.
+ * xdr_callhdr(xdrs, cmsg)
+ * 	XDR *xdrs;
+ * 	struct rpc_msg *cmsg;
+ */
+extern bool_t	xdr_callhdr(XDR *, struct rpc_msg *);
+
+/*
+ * XDR routine to handle a rpc reply.
+ * xdr_replymsg(xdrs, rmsg)
+ * 	XDR *xdrs;
+ * 	struct rpc_msg *rmsg;
+ */
+extern bool_t	xdr_replymsg(XDR *, struct rpc_msg *);
+
+/*
+ * Fills in the error part of a reply message.
+ * _seterr_reply(msg, error)
+ * 	struct rpc_msg *msg;
+ * 	struct rpc_err *error;
+ */
+/*
+ * RENAMED: should be _seterr_reply or __seterr_reply if we can use
+ * reserved namespace.
+ */
+extern void	gssrpc__seterr_reply(struct rpc_msg *, struct rpc_err *);
+
+/* XDR the MSG_ACCEPTED part of a reply message union */
+extern bool_t	xdr_accepted_reply(XDR *, struct accepted_reply *);
+
+/* XDR the MSG_DENIED part of a reply message union */
+extern bool_t	xdr_rejected_reply(XDR *, struct rejected_reply *);
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_RPC_MSG_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/svc.h b/krb5-1.21.3/src/include/gssrpc/svc.h
new file mode 100644
index 00000000..6ef52b95
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/svc.h
@@ -0,0 +1,336 @@
+/* @(#)svc.h	2.2 88/07/29 4.0 RPCSRC; from 1.20 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * svc.h, Server-side remote procedure call interface.
+ */
+
+#ifndef GSSRPC_SVC_H
+#define GSSRPC_SVC_H
+
+#include <gssrpc/svc_auth.h>
+
+GSSRPC__BEGIN_DECLS
+/*
+ * This interface must manage two items concerning remote procedure calling:
+ *
+ * 1) An arbitrary number of transport connections upon which rpc requests
+ * are received.  The two most notable transports are TCP and UDP;  they are
+ * created and registered by routines in svc_tcp.c and svc_udp.c, respectively;
+ * they in turn call xprt_register and xprt_unregister.
+ *
+ * 2) An arbitrary number of locally registered services.  Services are
+ * described by the following four data: program number, version number,
+ * "service dispatch" function, a transport handle, and a boolean that
+ * indicates whether or not the exported program should be registered with a
+ * local binder service;  if true the program's number and version and the
+ * port number from the transport handle are registered with the binder.
+ * These data are registered with the rpc svc system via svc_register.
+ *
+ * A service's dispatch function is called whenever an rpc request comes in
+ * on a transport.  The request's program and version numbers must match
+ * those of the registered service.  The dispatch function is passed two
+ * parameters, struct svc_req * and SVCXPRT *, defined below.
+ */
+
+enum xprt_stat {
+	XPRT_DIED,
+	XPRT_MOREREQS,
+	XPRT_IDLE
+};
+
+/*
+ * Server side transport handle
+ */
+typedef struct SVCXPRT {
+#ifdef _WIN32
+        SOCKET          xp_sock;
+#else
+	int		xp_sock;
+#endif
+	u_short		xp_port;	 /* associated port number */
+	struct xp_ops {
+	    /* receive incoming requests */
+	    bool_t	(*xp_recv)(struct SVCXPRT *, struct rpc_msg *);
+	    /* get transport status */
+	    enum xprt_stat (*xp_stat)(struct SVCXPRT *);
+	    /* get arguments */
+	    bool_t	(*xp_getargs)(struct SVCXPRT *, xdrproc_t,
+				      void *);
+	    /* send reply */
+	    bool_t	(*xp_reply)(struct SVCXPRT *,
+				    struct rpc_msg *);
+            /* free mem allocated for args */
+	    bool_t	(*xp_freeargs)(struct SVCXPRT *, xdrproc_t,
+				       void *);
+	    /* destroy this struct */
+	    void	(*xp_destroy)(struct SVCXPRT *);
+	} *xp_ops;
+	int		xp_addrlen;	 /* length of remote address */
+	struct sockaddr_in xp_raddr;	 /* remote address */
+	struct opaque_auth xp_verf;	 /* raw response verifier */
+	SVCAUTH		*xp_auth;	 /* auth flavor of current req */
+	void		*xp_p1;		 /* private */
+	void		*xp_p2;		 /* private */
+	int		xp_laddrlen;	 /* length of local address */
+	struct sockaddr_in xp_laddr;	 /* local address */
+} SVCXPRT;
+
+/*
+ *  Approved way of getting address of caller
+ */
+#define svc_getcaller(x) (&(x)->xp_raddr)
+
+/*
+ * Operations defined on an SVCXPRT handle
+ *
+ * SVCXPRT		*xprt;
+ * struct rpc_msg	*msg;
+ * xdrproc_t		 xargs;
+ * caddr_t		 argsp;
+ */
+#define SVC_RECV(xprt, msg)				\
+	(*(xprt)->xp_ops->xp_recv)((xprt), (msg))
+#define svc_recv(xprt, msg)				\
+	(*(xprt)->xp_ops->xp_recv)((xprt), (msg))
+
+#define SVC_STAT(xprt)					\
+	(*(xprt)->xp_ops->xp_stat)(xprt)
+#define svc_stat(xprt)					\
+	(*(xprt)->xp_ops->xp_stat)(xprt)
+
+#define SVC_GETARGS(xprt, xargs, argsp)			\
+	(*(xprt)->xp_ops->xp_getargs)((xprt), (xargs), (argsp))
+#define svc_getargs(xprt, xargs, argsp)			\
+	(*(xprt)->xp_ops->xp_getargs)((xprt), (xargs), (argsp))
+
+#define SVC_GETARGS_REQ(xprt, req, xargs, argsp)	\
+	(*(xprt)->xp_ops->xp_getargs_req)((xprt), (req), (xargs), (argsp))
+#define svc_getargs_req(xprt, req, xargs, argsp)	\
+	(*(xprt)->xp_ops->xp_getargs_req)((xprt), (req), (xargs), (argsp))
+
+#define SVC_REPLY(xprt, msg)				\
+	(*(xprt)->xp_ops->xp_reply) ((xprt), (msg))
+#define svc_reply(xprt, msg)				\
+	(*(xprt)->xp_ops->xp_reply) ((xprt), (msg))
+
+#define SVC_REPLY_REQ(xprt, req, msg)			\
+	(*(xprt)->xp_ops->xp_reply_req) ((xprt), (req), (msg))
+#define svc_reply_req(xprt, msg)			\
+	(*(xprt)->xp_ops->xp_reply_req) ((xprt), (req), (msg))
+
+#define SVC_FREEARGS(xprt, xargs, argsp)		\
+	(*(xprt)->xp_ops->xp_freeargs)((xprt), (xargs), (argsp))
+#define svc_freeargs(xprt, xargs, argsp)		\
+	(*(xprt)->xp_ops->xp_freeargs)((xprt), (xargs), (argsp))
+
+#define SVC_DESTROY(xprt)				\
+	(*(xprt)->xp_ops->xp_destroy)(xprt)
+#define svc_destroy(xprt)				\
+	(*(xprt)->xp_ops->xp_destroy)(xprt)
+
+
+/*
+ * Service request
+ */
+struct svc_req {
+	rpcprog_t		rq_prog;	/* service program number */
+	rpcvers_t		rq_vers;	/* service protocol version */
+	rpcproc_t		rq_proc;	/* the desired procedure */
+	struct opaque_auth rq_cred;	/* raw creds from the wire */
+	void *		rq_clntcred;	/* read only cooked client cred */
+	void *		rq_svccred;	/* read only svc cred/context */
+	void *		rq_clntname;	/* read only client name */
+	SVCXPRT		*rq_xprt;	/* associated transport */
+	/* The request's auth flavor *should* be here, but the svc_req 	*/
+	/* isn't passed around everywhere it is necessary.  The 	*/
+	/* transport *is* passed around, so the auth flavor it stored 	*/
+	/* there.  This means that the transport must be single 	*/
+	/* threaded, but other parts of SunRPC already require that. 	*/
+	/*SVCAUTH		*rq_auth;	 associated auth flavor */
+};
+
+
+/*
+ * Service registration
+ *
+ * svc_register(xprt, prog, vers, dispatch, protocol)
+ *	SVCXPRT *xprt;
+ *	rpcprog_t prog;
+ *	rpcvers_t vers;
+ *	void (*dispatch)();
+ *	int protocol;  like IPPROTO_TCP or _UDP; zero means do not register
+ *
+ * registerrpc(prog, vers, proc, routine, inproc, outproc)
+ * 	returns 0 upon success, -1 if error.
+ */
+extern bool_t	svc_register(SVCXPRT *, rpcprog_t, rpcvers_t,
+			     void (*)(struct svc_req *, SVCXPRT *), int);
+
+extern int registerrpc(rpcprog_t, rpcvers_t, rpcproc_t,
+		       char *(*)(void *),
+		       xdrproc_t, xdrproc_t);
+
+/*
+ * Service un-registration
+ *
+ * svc_unregister(prog, vers)
+ *	rpcprog_t prog;
+ *	rpcvers_t vers;
+ */
+extern void	svc_unregister(rpcprog_t, rpcvers_t);
+
+/*
+ * Transport registration.
+ *
+ * xprt_register(xprt)
+ *	SVCXPRT *xprt;
+ */
+extern void	xprt_register(SVCXPRT *);
+
+/*
+ * Transport un-register
+ *
+ * xprt_unregister(xprt)
+ *	SVCXPRT *xprt;
+ */
+extern void	xprt_unregister(SVCXPRT *);
+
+
+/*
+ * When the service routine is called, it must first check to see if
+ * it knows about the procedure; if not, it should call svcerr_noproc
+ * and return.  If so, it should deserialize its arguments via
+ * SVC_GETARGS or the new SVC_GETARGS_REQ (both defined above).  If
+ * the deserialization does not work, svcerr_decode should be called
+ * followed by a return.  Successful decoding of the arguments should
+ * be followed the execution of the procedure's code and a call to
+ * svc_sendreply or the new svc_sendreply_req.
+ *
+ * Also, if the service refuses to execute the procedure due to too-
+ * weak authentication parameters, svcerr_weakauth should be called.
+ * Note: do not confuse access-control failure with weak authentication!
+ *
+ * NB: In pure implementations of rpc, the caller always waits for a reply
+ * msg.  This message is sent when svc_sendreply is called.
+ * Therefore pure service implementations should always call
+ * svc_sendreply even if the function logically returns void;  use
+ * xdr.h - xdr_void for the xdr routine.  HOWEVER, tcp based rpc allows
+ * for the abuse of pure rpc via batched calling or pipelining.  In the
+ * case of a batched call, svc_sendreply should NOT be called since
+ * this would send a return message, which is what batching tries to avoid.
+ * It is the service/protocol writer's responsibility to know which calls are
+ * batched and which are not.  Warning: responding to batch calls may
+ * deadlock the caller and server processes!
+ */
+
+extern bool_t	svc_sendreply(SVCXPRT *, xdrproc_t, caddr_t);
+extern void	svcerr_decode(SVCXPRT *);
+extern void	svcerr_weakauth(SVCXPRT *);
+extern void	svcerr_noproc(SVCXPRT *);
+extern void	svcerr_progvers(SVCXPRT *, rpcvers_t, rpcvers_t);
+extern void	svcerr_auth(SVCXPRT *, enum auth_stat);
+extern void	svcerr_noprog(SVCXPRT *);
+extern void	svcerr_systemerr(SVCXPRT *);
+
+/*
+ * Lowest level dispatching -OR- who owns this process anyway.
+ * Somebody has to wait for incoming requests and then call the correct
+ * service routine.  The routine svc_run does infinite waiting; i.e.,
+ * svc_run never returns.
+ * Since another (co-existant) package may wish to selectively wait for
+ * incoming calls or other events outside of the rpc architecture, the
+ * routine svc_getreq is provided.  It must be passed readfds, the
+ * "in-place" results of a select system call (see select, section 2).
+ */
+
+/*
+ * Global keeper of rpc service descriptors in use
+ * dynamic; must be inspected before each call to select
+ */
+extern int svc_maxfd;
+#ifdef FD_SETSIZE
+extern fd_set svc_fdset;
+/* RENAMED */
+#define gssrpc_svc_fds gsssrpc_svc_fdset.fds_bits[0]	/* compatibility */
+#else
+extern int svc_fds;
+#endif /* def FD_SETSIZE */
+extern int svc_maxfd;
+
+extern void	svc_getreq(int);
+#ifdef FD_SETSIZE
+extern void	svc_getreqset(fd_set *);/* takes fdset instead of int */
+#else
+extern void	svc_getreqset(int *);
+#endif
+extern void	svc_run(void); 	 /* never returns */
+
+/*
+ * Socket to use on svcxxx_create call to get default socket
+ */
+#define	RPC_ANYSOCK	-1
+
+/*
+ * These are the existing service side transport implementations
+ */
+
+/*
+ * Memory based rpc for testing and timing.
+ */
+extern SVCXPRT *svcraw_create(void);
+
+/*
+ * Udp based rpc.
+ */
+extern SVCXPRT *svcudp_create(int);
+extern SVCXPRT *svcudp_bufcreate(int, u_int, u_int);
+extern int svcudp_enablecache(SVCXPRT *, uint32_t);
+
+/*
+ * Tcp based rpc.
+ */
+extern SVCXPRT *svctcp_create(int, u_int, u_int);
+
+/*
+ * Like svtcp_create(), except the routine takes any *open* UNIX file
+ * descriptor as its first input.
+ */
+extern SVCXPRT *svcfd_create(int, u_int, u_int);
+
+/* XXX add auth_gsapi_log_*? */
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_SVC_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/svc_auth.h b/krb5-1.21.3/src/include/gssrpc/svc_auth.h
new file mode 100644
index 00000000..45853747
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/svc_auth.h
@@ -0,0 +1,119 @@
+/* @(#)svc_auth.h	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*      @(#)svc_auth.h 1.6 86/07/16 SMI      */
+
+/*
+ * svc_auth.h, Service side of rpc authentication.
+ */
+
+/*
+ * Interface to server-side authentication flavors.
+ */
+
+#ifndef GSSRPC_SVC_AUTH_H
+#define GSSRPC_SVC_AUTH_H
+
+#include <gssapi/gssapi.h>
+
+GSSRPC__BEGIN_DECLS
+
+struct svc_req;
+
+typedef struct SVCAUTH {
+	struct svc_auth_ops {
+		int	(*svc_ah_wrap)(struct SVCAUTH *, XDR *, xdrproc_t,
+				       caddr_t);
+		int	(*svc_ah_unwrap)(struct SVCAUTH *, XDR *, xdrproc_t,
+					 caddr_t);
+		int	(*svc_ah_destroy)(struct SVCAUTH *);
+	} *svc_ah_ops;
+	void * svc_ah_private;
+} SVCAUTH;
+
+#ifdef GSSRPC__IMPL
+
+extern SVCAUTH svc_auth_none;
+
+extern struct svc_auth_ops svc_auth_none_ops;
+extern struct svc_auth_ops svc_auth_gssapi_ops;
+extern struct svc_auth_ops svc_auth_gss_ops;
+
+/*
+ * Server side authenticator
+ */
+/* RENAMED: should be _authenticate. */
+extern enum auth_stat gssrpc__authenticate(struct svc_req *rqst,
+	struct rpc_msg *msg, bool_t *no_dispatch);
+
+#define SVCAUTH_WRAP(auth, xdrs, xfunc, xwhere) \
+     ((*((auth)->svc_ah_ops->svc_ah_wrap))(auth, xdrs, xfunc, xwhere))
+#define SVCAUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
+     ((*((auth)->svc_ah_ops->svc_ah_unwrap))(auth, xdrs, xfunc, xwhere))
+#define SVCAUTH_DESTROY(auth) \
+     ((*((auth)->svc_ah_ops->svc_ah_destroy))(auth))
+
+/* no authentication */
+/* RENAMED: should be _svcauth_none. */
+enum auth_stat gssrpc__svcauth_none(struct svc_req *,
+	struct rpc_msg *, bool_t *);
+/* unix style (uid, gids) */
+/* RENAMED: should be _svcauth_unix. */
+enum auth_stat gssrpc__svcauth_unix(struct svc_req *,
+	struct rpc_msg *, bool_t *);
+/* short hand unix style */
+/* RENAMED: should be _svcauth_short. */
+enum auth_stat gssrpc__svcauth_short(struct svc_req *,
+	struct rpc_msg *, bool_t *);
+/* GSS-API style */
+/* RENAMED: should be _svcauth_gssapi. */
+enum auth_stat gssrpc__svcauth_gssapi(struct svc_req *,
+	struct rpc_msg *, bool_t *);
+/* RPCSEC_GSS */
+enum auth_stat gssrpc__svcauth_gss(struct svc_req *,
+	struct rpc_msg *, bool_t *);
+
+#endif /* defined(GSSRPC__IMPL) */
+
+/*
+ * Approved way of getting principal of caller
+ */
+char *svcauth_gss_get_principal(SVCAUTH *auth);
+/*
+ * Approved way of setting server principal
+ */
+bool_t svcauth_gss_set_svc_name(gss_name_t name);
+
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_SVC_AUTH_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/types.hin b/krb5-1.21.3/src/include/gssrpc/types.hin
new file mode 100644
index 00000000..25901794
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/types.hin
@@ -0,0 +1,130 @@
+/* @(#)types.h	2.3 88/08/15 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the “Oracle America, Inc.� nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*      @(#)types.h 1.18 87/07/24 SMI      */
+
+/*
+ * Rpc additions to <sys/types.h>
+ */
+#ifndef GSSRPC_TYPES_H
+#define GSSRPC_TYPES_H
+
+#include <sys/types.h>
+
+@GSSRPC__SYS_SELECT_H@
+@GSSRPC__SYS_TIME_H@
+@GSSRPC__UNISTD_H@
+
+/*
+ * Try to get MAXHOSTNAMELEN from somewhere.
+ */
+@GSSRPC__SYS_PARAM_H@
+@GSSRPC__NETDB_H@
+
+/* Get htonl(), ntohl(), etc. */
+#include <netinet/in.h>
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <limits.h>
+
+#ifndef GSSRPC__BEGIN_DECLS
+#ifdef __cplusplus
+#define GSSRPC__BEGIN_DECLS	extern "C" {
+#define GSSRPC__END_DECLS	}
+#else
+#define GSSRPC__BEGIN_DECLS
+#define GSSRPC__END_DECLS
+#endif
+#endif
+
+GSSRPC__BEGIN_DECLS
+
+#if defined(CHAR_BIT) && CHAR_BIT != 8
+#error "Bytes must be exactly 8 bits."
+#endif
+
+/* Define if we need to fake up some BSD type aliases. */
+#ifndef GSSRPC__BSD_TYPEALIASES	/* Allow application to override. */
+@GSSRPC__BSD_TYPEALIASES@
+#endif
+#if GSSRPC__BSD_TYPEALIASES
+typedef unsigned char	u_char;
+typedef unsigned short	u_short;
+typedef unsigned int	u_int;
+typedef unsigned long	u_long;
+#endif
+
+typedef uint32_t	rpcprog_t;
+typedef uint32_t	rpcvers_t;
+typedef uint32_t	rpcprot_t;
+typedef uint32_t	rpcproc_t;
+typedef uint32_t	rpcport_t;
+typedef int32_t		rpc_inline_t;
+
+/* This is for rpc/netdb.h */
+@rpcent_define@
+
+typedef int bool_t;
+typedef int enum_t;
+#ifndef FALSE
+#	define	FALSE	(0)
+#endif
+#ifndef TRUE
+#	define	TRUE	(1)
+#endif
+/* XXX namespace */
+#define __dontcare__	-1
+#ifndef NULL
+#	define NULL 0
+#endif
+
+/*
+ * The below should probably be internal-only, but seem to be
+ * traditionally exported in RPC implementations.
+ */
+#define mem_alloc(bsize)	malloc(bsize)
+#define mem_free(ptr, bsize)	free(ptr)
+
+#ifndef INADDR_LOOPBACK
+#define       INADDR_LOOPBACK         (uint32_t)0x7F000001
+#endif
+#ifndef MAXHOSTNAMELEN
+#define        MAXHOSTNAMELEN  64
+#endif
+
+GSSRPC__END_DECLS
+
+#include <gssrpc/rename.h>
+
+#endif /* !defined(GSSRPC_TYPES_H) */
diff --git a/krb5-1.21.3/src/include/gssrpc/xdr.h b/krb5-1.21.3/src/include/gssrpc/xdr.h
new file mode 100644
index 00000000..da9e1737
--- /dev/null
+++ b/krb5-1.21.3/src/include/gssrpc/xdr.h
@@ -0,0 +1,338 @@
+/* @(#)xdr.h	2.2 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*      @(#)xdr.h 1.19 87/04/22 SMI      */
+
+/*
+ * xdr.h, External Data Representation Serialization Routines.
+ */
+
+#ifndef GSSRPC_XDR_H
+#define GSSRPC_XDR_H
+
+#include <stdio.h>		/* for FILE */
+
+GSSRPC__BEGIN_DECLS
+/*
+ * XDR provides a conventional way for converting between C data
+ * types and an external bit-string representation.  Library supplied
+ * routines provide for the conversion on built-in C data types.  These
+ * routines and utility routines defined here are used to help implement
+ * a type encode/decode routine for each user-defined type.
+ *
+ * Each data type provides a single procedure which takes two arguments:
+ *
+ *	bool_t
+ *	xdrproc(xdrs, argresp)
+ *		XDR *xdrs;
+ *		<type> *argresp;
+ *
+ * xdrs is an instance of a XDR handle, to which or from which the data
+ * type is to be converted.  argresp is a pointer to the structure to be
+ * converted.  The XDR handle contains an operation field which indicates
+ * which of the operations (ENCODE, DECODE * or FREE) is to be performed.
+ *
+ * XDR_DECODE may allocate space if the pointer argresp is null.  This
+ * data can be freed with the XDR_FREE operation.
+ *
+ * We write only one procedure per data type to make it easy
+ * to keep the encode and decode procedures for a data type consistent.
+ * In many cases the same code performs all operations on a user defined type,
+ * because all the hard work is done in the component type routines.
+ * decode as a series of calls on the nested data types.
+ */
+
+/*
+ * Xdr operations.  XDR_ENCODE causes the type to be encoded into the
+ * stream.  XDR_DECODE causes the type to be extracted from the stream.
+ * XDR_FREE can be used to release the space allocated by an XDR_DECODE
+ * request.
+ */
+enum xdr_op {
+	XDR_ENCODE=0,
+	XDR_DECODE=1,
+	XDR_FREE=2
+};
+
+/*
+ * This is the number of bytes per unit of external data.
+ */
+#define BYTES_PER_XDR_UNIT	(4)
+#define RNDUP(x)  ((((x) + BYTES_PER_XDR_UNIT - 1) / BYTES_PER_XDR_UNIT) \
+		    * BYTES_PER_XDR_UNIT)
+
+/*
+ * A xdrproc_t exists for each data type which is to be encoded or decoded.
+ *
+ * The second argument to the xdrproc_t is a pointer to an opaque pointer.
+ * The opaque pointer generally points to a structure of the data type
+ * to be decoded.  If this pointer is 0, then the type routines should
+ * allocate dynamic storage of the appropriate size and return it.
+ * bool_t	(*xdrproc_t)(XDR *, caddr_t *);
+ *
+ * XXX can't actually prototype it, because some take three args!!!
+ */
+typedef	bool_t (*xdrproc_t)();
+
+/*
+ * The XDR handle.
+ * Contains operation which is being applied to the stream,
+ * an operations vector for the particular implementation (e.g. see xdr_mem.c),
+ * and two private fields for the use of the particular impelementation.
+ */
+typedef struct XDR {
+	enum xdr_op	x_op;		/* operation; fast additional param */
+	struct xdr_ops {
+		/* get a long from underlying stream */
+		bool_t	(*x_getlong)(struct XDR *, long *);
+
+		/* put a long to underlying stream */
+		bool_t	(*x_putlong)(struct XDR *, long *);
+
+		/* get some bytes from underlying stream */
+		bool_t	(*x_getbytes)(struct XDR *, caddr_t, u_int);
+
+		/* put some bytes to underlying stream */
+		bool_t	(*x_putbytes)(struct XDR *, caddr_t, u_int);
+
+		/* returns bytes off from beginning */
+		u_int	(*x_getpostn)(struct XDR *);
+
+		/* lets you reposition the stream */
+		bool_t	(*x_setpostn)(struct XDR *, u_int);
+
+		/* buf quick ptr to buffered data */
+		rpc_inline_t *(*x_inline)(struct XDR *, int);
+
+		/* free privates of this xdr_stream */
+		void	(*x_destroy)(struct XDR *);
+	} *x_ops;
+	caddr_t 	x_public;	/* users' data */
+	void *		x_private;	/* pointer to private data */
+	caddr_t 	x_base;		/* private used for position info */
+	int		x_handy;	/* extra private word */
+} XDR;
+
+/*
+ * Operations defined on a XDR handle
+ *
+ * XDR		*xdrs;
+ * int32_t	*longp;
+ * caddr_t	 addr;
+ * u_int	 len;
+ * u_int	 pos;
+ */
+#define XDR_GETLONG(xdrs, longp)			\
+	(*(xdrs)->x_ops->x_getlong)(xdrs, longp)
+#define xdr_getlong(xdrs, longp)			\
+	(*(xdrs)->x_ops->x_getlong)(xdrs, longp)
+
+#define XDR_PUTLONG(xdrs, longp)			\
+	(*(xdrs)->x_ops->x_putlong)(xdrs, longp)
+#define xdr_putlong(xdrs, longp)			\
+	(*(xdrs)->x_ops->x_putlong)(xdrs, longp)
+
+#define XDR_GETBYTES(xdrs, addr, len)			\
+	(*(xdrs)->x_ops->x_getbytes)(xdrs, addr, len)
+#define xdr_getbytes(xdrs, addr, len)			\
+	(*(xdrs)->x_ops->x_getbytes)(xdrs, addr, len)
+
+#define XDR_PUTBYTES(xdrs, addr, len)			\
+	(*(xdrs)->x_ops->x_putbytes)(xdrs, addr, len)
+#define xdr_putbytes(xdrs, addr, len)			\
+	(*(xdrs)->x_ops->x_putbytes)(xdrs, addr, len)
+
+#define XDR_GETPOS(xdrs)				\
+	(*(xdrs)->x_ops->x_getpostn)(xdrs)
+#define xdr_getpos(xdrs)				\
+	(*(xdrs)->x_ops->x_getpostn)(xdrs)
+
+#define XDR_SETPOS(xdrs, pos)				\
+	(*(xdrs)->x_ops->x_setpostn)(xdrs, pos)
+#define xdr_setpos(xdrs, pos)				\
+	(*(xdrs)->x_ops->x_setpostn)(xdrs, pos)
+
+#define	XDR_INLINE(xdrs, len)				\
+	(*(xdrs)->x_ops->x_inline)(xdrs, len)
+#define	xdr_inline(xdrs, len)				\
+	(*(xdrs)->x_ops->x_inline)(xdrs, len)
+
+#define	XDR_DESTROY(xdrs)				\
+	if ((xdrs)->x_ops->x_destroy) 			\
+		(*(xdrs)->x_ops->x_destroy)(xdrs)
+#define	xdr_destroy(xdrs)				\
+	if ((xdrs)->x_ops->x_destroy) 			\
+		(*(xdrs)->x_ops->x_destroy)(xdrs)
+
+/*
+ * Support struct for discriminated unions.
+ * You create an array of xdrdiscrim structures, terminated with
+ * a entry with a null procedure pointer.  The xdr_union routine gets
+ * the discriminant value and then searches the array of structures
+ * for a matching value.  If a match is found the associated xdr routine
+ * is called to handle that part of the union.  If there is
+ * no match, then a default routine may be called.
+ * If there is no match and no default routine it is an error.
+ */
+#define NULL_xdrproc_t ((xdrproc_t)0)
+struct xdr_discrim {
+	int	value;
+	xdrproc_t proc;
+};
+
+/*
+ * In-line routines for fast encode/decode of primitive data types.
+ * Caveat emptor: these use single memory cycles to get the
+ * data from the underlying buffer, and will fail to operate
+ * properly if the data is not aligned.  The standard way to use these
+ * is to say:
+ *	if ((buf = XDR_INLINE(xdrs, count)) == NULL)
+ *		return (FALSE);
+ *	<<< macro calls >>>
+ * where ``count'' is the number of bytes of data occupied
+ * by the primitive data types.
+ *
+ * N.B. and frozen for all time: each data type here uses 4 bytes
+ * of external representation.
+ */
+#define IXDR_GET_INT32(buf)		((int32_t)IXDR_GET_U_INT32(buf))
+#define IXDR_PUT_INT32(buf, v)		IXDR_PUT_U_INT32((buf),((uint32_t)(v)))
+#define IXDR_GET_U_INT32(buf)		(ntohl((uint32_t)*(buf)++))
+#define IXDR_PUT_U_INT32(buf, v)	(*(buf)++ = (int32_t)htonl((v)))
+
+#define IXDR_GET_LONG(buf)		((long)IXDR_GET_INT32(buf))
+#define IXDR_PUT_LONG(buf, v)		IXDR_PUT_U_INT32((buf),((uint32_t)(v)))
+
+#define IXDR_GET_BOOL(buf)		((bool_t)IXDR_GET_LONG(buf))
+#define IXDR_GET_ENUM(buf, t)		((t)IXDR_GET_INT32(buf))
+#define IXDR_GET_U_LONG(buf)		((u_long)IXDR_GET_U_INT32(buf))
+#define IXDR_GET_SHORT(buf)		((short)IXDR_GET_INT32(buf))
+#define IXDR_GET_U_SHORT(buf)		((u_short)IXDR_GET_U_INT32(buf))
+
+#define IXDR_PUT_BOOL(buf, v)		IXDR_PUT_INT32((buf),((int32_t)(v)))
+#define IXDR_PUT_ENUM(buf, v)		IXDR_PUT_INT32((buf),((int32_t)(v)))
+#define IXDR_PUT_U_LONG(buf, v)		IXDR_PUT_U_INT32((buf),((uint32_t)(v)))
+#define IXDR_PUT_SHORT(buf, v)		IXDR_PUT_INT32((buf),((int32_t)(v)))
+#define IXDR_PUT_U_SHORT(buf, v)	IXDR_PUT_U_INT32((buf),((uint32_t)(v)))
+
+/*
+ * These are the "generic" xdr routines.
+ */
+extern bool_t	xdr_void(XDR *, void *);
+extern bool_t	xdr_int(XDR *, int *);
+extern bool_t	xdr_u_int(XDR *, u_int *);
+extern bool_t	xdr_long(XDR *, long *);
+extern bool_t	xdr_u_long(XDR *, u_long *);
+extern bool_t	xdr_short(XDR *, short *);
+extern bool_t	xdr_u_short(XDR *, u_short *);
+extern bool_t	xdr_bool(XDR *, bool_t *);
+extern bool_t	xdr_enum(XDR *, enum_t *);
+extern bool_t	xdr_array(XDR *, caddr_t *, u_int *,
+			u_int, u_int, xdrproc_t);
+extern bool_t	xdr_bytes(XDR *, char **, u_int *, u_int);
+extern bool_t	xdr_opaque(XDR *, caddr_t, u_int);
+extern bool_t	xdr_string(XDR *, char **, u_int);
+extern bool_t	xdr_union(XDR *, enum_t *, char *, struct xdr_discrim *,
+			xdrproc_t);
+extern bool_t	xdr_char(XDR *, char *);
+extern bool_t	xdr_u_char(XDR *, u_char *);
+extern bool_t	xdr_vector(XDR *, char *, u_int, u_int, xdrproc_t);
+extern bool_t	xdr_float(XDR *, float *);
+extern bool_t	xdr_double(XDR *, double *);
+extern bool_t	xdr_reference(XDR *, caddr_t *, u_int, xdrproc_t);
+extern bool_t	xdr_pointer(XDR *, char **, u_int, xdrproc_t);
+extern bool_t	xdr_wrapstring(XDR *, char **);
+
+extern unsigned long xdr_sizeof(xdrproc_t, void *);
+
+#define xdr_rpcprog	xdr_u_int32
+#define xdr_rpcvers	xdr_u_int32
+#define xdr_rpcprot	xdr_u_int32
+#define xdr_rpcproc	xdr_u_int32
+#define xdr_rpcport	xdr_u_int32
+
+/*
+ * Common opaque bytes objects used by many rpc protocols;
+ * declared here due to commonality.
+ */
+#define MAX_NETOBJ_SZ 2048
+struct netobj {
+	u_int	n_len;
+	char	*n_bytes;
+};
+typedef struct netobj netobj;
+
+extern bool_t   xdr_netobj(XDR *, struct netobj *);
+
+extern bool_t	xdr_int32(XDR *, int32_t *);
+extern bool_t	xdr_u_int32(XDR *, uint32_t *);
+
+/*
+ * These are the public routines for the various implementations of
+ * xdr streams.
+ */
+
+/* XDR allocating memory buffer */
+extern void	xdralloc_create(XDR *, enum xdr_op);
+
+/* destroy xdralloc, save buf */
+extern void	xdralloc_release(XDR *);
+
+/* get buffer from xdralloc */
+extern caddr_t	xdralloc_getdata(XDR *);
+
+/* XDR using memory buffers */
+extern void	xdrmem_create(XDR *, caddr_t, u_int, enum xdr_op);
+
+/* XDR using stdio library */
+extern void	xdrstdio_create(XDR *, FILE *, enum xdr_op);
+
+/* XDR pseudo records for tcp */
+extern void	xdrrec_create(XDR *xdrs, u_int, u_int, caddr_t,
+			int (*) (caddr_t, caddr_t, int),
+			int (*) (caddr_t, caddr_t, int));
+
+/* make end of xdr record */
+extern bool_t	xdrrec_endofrecord(XDR *, bool_t);
+
+/* move to beginning of next record */
+extern bool_t	xdrrec_skiprecord (XDR *xdrs);
+
+/* true if no more input */
+extern bool_t	xdrrec_eof (XDR *xdrs);
+
+/* free memory buffers for xdr */
+extern void	xdr_free (xdrproc_t, void *);
+GSSRPC__END_DECLS
+
+#endif /* !defined(GSSRPC_XDR_H) */
diff --git a/krb5-1.21.3/src/include/iprop.h b/krb5-1.21.3/src/include/iprop.h
new file mode 100644
index 00000000..7367666e
--- /dev/null
+++ b/krb5-1.21.3/src/include/iprop.h
@@ -0,0 +1,275 @@
+/*
+ * Please do not edit this file.
+ * It was generated using rpcgen.
+ */
+
+#ifndef _IPROP_H_RPCGEN
+#define _IPROP_H_RPCGEN
+
+#include <gssrpc/rpc.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	u_int utf8str_t_len;
+	char *utf8str_t_val;
+} utf8str_t;
+
+typedef uint32_t kdb_sno_t;
+
+struct kdbe_time_t {
+	uint32_t seconds;
+	uint32_t useconds;
+};
+typedef struct kdbe_time_t kdbe_time_t;
+
+struct kdbe_key_t {
+	int32_t k_ver;
+	int32_t k_kvno;
+	struct {
+		u_int k_enctype_len;
+		int32_t *k_enctype_val;
+	} k_enctype;
+	struct {
+		u_int k_contents_len;
+		utf8str_t *k_contents_val;
+	} k_contents;
+};
+typedef struct kdbe_key_t kdbe_key_t;
+
+struct kdbe_data_t {
+	int32_t k_magic;
+	utf8str_t k_data;
+};
+typedef struct kdbe_data_t kdbe_data_t;
+
+struct kdbe_princ_t {
+	utf8str_t k_realm;
+	struct {
+		u_int k_components_len;
+		kdbe_data_t *k_components_val;
+	} k_components;
+	int32_t k_nametype;
+};
+typedef struct kdbe_princ_t kdbe_princ_t;
+
+struct kdbe_tl_t {
+	int16_t tl_type;
+	struct {
+		u_int tl_data_len;
+		char *tl_data_val;
+	} tl_data;
+};
+typedef struct kdbe_tl_t kdbe_tl_t;
+
+typedef struct {
+	u_int kdbe_pw_hist_t_len;
+	kdbe_key_t *kdbe_pw_hist_t_val;
+} kdbe_pw_hist_t;
+
+enum kdbe_attr_type_t {
+	AT_ATTRFLAGS = 0,
+	AT_MAX_LIFE = 1,
+	AT_MAX_RENEW_LIFE = 2,
+	AT_EXP = 3,
+	AT_PW_EXP = 4,
+	AT_LAST_SUCCESS = 5,
+	AT_LAST_FAILED = 6,
+	AT_FAIL_AUTH_COUNT = 7,
+	AT_PRINC = 8,
+	AT_KEYDATA = 9,
+	AT_TL_DATA = 10,
+	AT_LEN = 11,
+	AT_MOD_PRINC = 12,
+	AT_MOD_TIME = 13,
+	AT_MOD_WHERE = 14,
+	AT_PW_LAST_CHANGE = 15,
+	AT_PW_POLICY = 16,
+	AT_PW_POLICY_SWITCH = 17,
+	AT_PW_HIST_KVNO = 18,
+	AT_PW_HIST = 19
+};
+typedef enum kdbe_attr_type_t kdbe_attr_type_t;
+
+struct kdbe_val_t {
+	kdbe_attr_type_t av_type;
+	union {
+		uint32_t av_attrflags;
+		uint32_t av_max_life;
+		uint32_t av_max_renew_life;
+		uint32_t av_exp;
+		uint32_t av_pw_exp;
+		uint32_t av_last_success;
+		uint32_t av_last_failed;
+		uint32_t av_fail_auth_count;
+		kdbe_princ_t av_princ;
+		struct {
+			u_int av_keydata_len;
+			kdbe_key_t *av_keydata_val;
+		} av_keydata;
+		struct {
+			u_int av_tldata_len;
+			kdbe_tl_t *av_tldata_val;
+		} av_tldata;
+		int16_t av_len;
+		uint32_t av_pw_last_change;
+		kdbe_princ_t av_mod_princ;
+		uint32_t av_mod_time;
+		utf8str_t av_mod_where;
+		utf8str_t av_pw_policy;
+		bool_t av_pw_policy_switch;
+		uint32_t av_pw_hist_kvno;
+		struct {
+			u_int av_pw_hist_len;
+			kdbe_pw_hist_t *av_pw_hist_val;
+		} av_pw_hist;
+		struct {
+			u_int av_extension_len;
+			char *av_extension_val;
+		} av_extension;
+	} kdbe_val_t_u;
+};
+typedef struct kdbe_val_t kdbe_val_t;
+
+typedef struct {
+	u_int kdbe_t_len;
+	kdbe_val_t *kdbe_t_val;
+} kdbe_t;
+
+struct kdb_incr_update_t {
+	utf8str_t kdb_princ_name;
+	kdb_sno_t kdb_entry_sno;
+	kdbe_time_t kdb_time;
+	kdbe_t kdb_update;
+	bool_t kdb_deleted;
+	bool_t kdb_commit;
+	struct {
+		u_int kdb_kdcs_seen_by_len;
+		utf8str_t *kdb_kdcs_seen_by_val;
+	} kdb_kdcs_seen_by;
+	struct {
+		u_int kdb_futures_len;
+		char *kdb_futures_val;
+	} kdb_futures;
+};
+typedef struct kdb_incr_update_t kdb_incr_update_t;
+
+typedef struct {
+	u_int kdb_ulog_t_len;
+	kdb_incr_update_t *kdb_ulog_t_val;
+} kdb_ulog_t;
+
+enum update_status_t {
+	UPDATE_OK = 0,
+	UPDATE_ERROR = 1,
+	UPDATE_FULL_RESYNC_NEEDED = 2,
+	UPDATE_BUSY = 3,
+	UPDATE_NIL = 4,
+	UPDATE_PERM_DENIED = 5
+};
+typedef enum update_status_t update_status_t;
+
+struct kdb_last_t {
+	kdb_sno_t last_sno;
+	kdbe_time_t last_time;
+};
+typedef struct kdb_last_t kdb_last_t;
+
+struct kdb_incr_result_t {
+	kdb_last_t lastentry;
+	kdb_ulog_t updates;
+	update_status_t ret;
+};
+typedef struct kdb_incr_result_t kdb_incr_result_t;
+
+struct kdb_fullresync_result_t {
+	kdb_last_t lastentry;
+	update_status_t ret;
+};
+typedef struct kdb_fullresync_result_t kdb_fullresync_result_t;
+
+#define KRB5_IPROP_PROG 100423
+#define KRB5_IPROP_VERS 1
+
+#if defined(__STDC__) || defined(__cplusplus)
+#define IPROP_NULL 0
+extern  void * iprop_null_1(void *, CLIENT *);
+extern  void * iprop_null_1_svc(void *, struct svc_req *);
+#define IPROP_GET_UPDATES 1
+extern  kdb_incr_result_t * iprop_get_updates_1(kdb_last_t *, CLIENT *);
+extern  kdb_incr_result_t * iprop_get_updates_1_svc(kdb_last_t *, struct svc_req *);
+#define IPROP_FULL_RESYNC 2
+extern  kdb_fullresync_result_t * iprop_full_resync_1(void *, CLIENT *);
+extern  kdb_fullresync_result_t * iprop_full_resync_1_svc(void *, struct svc_req *);
+#define IPROP_FULL_RESYNC_EXT 3
+extern	kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *);
+extern	kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *);
+extern int krb5_iprop_prog_1_freeresult (SVCXPRT *, xdrproc_t, caddr_t);
+
+#else /* K&R C */
+#define IPROP_NULL 0
+extern  void * iprop_null_1();
+extern  void * iprop_null_1_svc();
+#define IPROP_GET_UPDATES 1
+extern  kdb_incr_result_t * iprop_get_updates_1();
+extern  kdb_incr_result_t * iprop_get_updates_1_svc();
+#define IPROP_FULL_RESYNC 2
+extern  kdb_fullresync_result_t * iprop_full_resync_1();
+extern  kdb_fullresync_result_t * iprop_full_resync_1_svc();
+#define IPROP_FULL_RESYNC_EXT 3
+extern  kdb_fullresync_result_t * iprop_full_resync_ext_1(uint32_t *, CLIENT *);
+extern  kdb_fullresync_result_t * iprop_full_resync_ext_1_svc(uint32_t *, struct svc_req *);
+extern int krb5_iprop_prog_1_freeresult ();
+#endif /* K&R C */
+
+/* the xdr functions */
+
+#if defined(__STDC__) || defined(__cplusplus)
+extern  bool_t xdr_utf8str_t (XDR *, utf8str_t*);
+extern  bool_t xdr_kdb_sno_t (XDR *, kdb_sno_t*);
+extern  bool_t xdr_kdbe_time_t (XDR *, kdbe_time_t*);
+extern  bool_t xdr_kdbe_key_t (XDR *, kdbe_key_t*);
+extern  bool_t xdr_kdbe_data_t (XDR *, kdbe_data_t*);
+extern  bool_t xdr_kdbe_princ_t (XDR *, kdbe_princ_t*);
+extern  bool_t xdr_kdbe_tl_t (XDR *, kdbe_tl_t*);
+extern  bool_t xdr_kdbe_pw_hist_t (XDR *, kdbe_pw_hist_t*);
+extern  bool_t xdr_kdbe_attr_type_t (XDR *, kdbe_attr_type_t*);
+extern  bool_t xdr_kdbe_val_t (XDR *, kdbe_val_t*);
+extern  bool_t xdr_kdbe_t (XDR *, kdbe_t*);
+extern  bool_t xdr_kdb_incr_update_t (XDR *, kdb_incr_update_t*);
+extern  bool_t xdr_kdb_ulog_t (XDR *, kdb_ulog_t*);
+extern  bool_t xdr_update_status_t (XDR *, update_status_t*);
+extern  bool_t xdr_kdb_last_t (XDR *, kdb_last_t*);
+extern  bool_t xdr_kdb_incr_result_t (XDR *, kdb_incr_result_t*);
+extern  bool_t xdr_kdb_fullresync_result_t (XDR *, kdb_fullresync_result_t*);
+
+#else /* K&R C */
+extern bool_t xdr_utf8str_t ();
+extern bool_t xdr_kdb_sno_t ();
+extern bool_t xdr_kdbe_time_t ();
+extern bool_t xdr_kdbe_key_t ();
+extern bool_t xdr_kdbe_data_t ();
+extern bool_t xdr_kdbe_princ_t ();
+extern bool_t xdr_kdbe_tl_t ();
+extern bool_t xdr_kdbe_pw_hist_t ();
+extern bool_t xdr_kdbe_attr_type_t ();
+extern bool_t xdr_kdbe_val_t ();
+extern bool_t xdr_kdbe_t ();
+extern bool_t xdr_kdb_incr_update_t ();
+extern bool_t xdr_kdb_ulog_t ();
+extern bool_t xdr_update_status_t ();
+extern bool_t xdr_kdb_last_t ();
+extern bool_t xdr_kdb_incr_result_t ();
+extern bool_t xdr_kdb_fullresync_result_t ();
+
+#endif /* K&R C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !_IPROP_H_RPCGEN */
diff --git a/krb5-1.21.3/src/include/iprop_hdr.h b/krb5-1.21.3/src/include/iprop_hdr.h
new file mode 100644
index 00000000..d2145493
--- /dev/null
+++ b/krb5-1.21.3/src/include/iprop_hdr.h
@@ -0,0 +1,50 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+
+#ifndef _IPROP_HDR_H
+#define _IPROP_HDR_H
+
+/* #pragma ident        "@(#)iprop_hdr.h        1.1     04/02/20 SMI" */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This file has some defines common to the iprop client and
+ * server routines.
+ */
+
+/*
+ * Maximum size for each ulog entry is 2KB and maximum
+ * possible attribute-value pairs for each ulog entry is 20
+ */
+#define MAXENTRY_SIZE   2048
+#define MAXATTRS_SIZE   20
+
+#define KIPROP_SVC_NAME "kiprop"
+#define MAX_BACKOFF     300     /* Backoff for a maximum for 5 mts */
+
+enum iprop_role {
+    IPROP_NULL = 0,
+    IPROP_PRIMARY = 1,
+    IPROP_REPLICA = 2
+};
+typedef enum iprop_role iprop_role;
+
+/*
+ * Full resync dump versioning
+ */
+#define IPROPX_VERSION_0    0
+#define IPROPX_VERSION_1    1
+#define IPROPX_VERSION      IPROPX_VERSION_1
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* !_IPROP_HDR_H */
diff --git a/krb5-1.21.3/src/include/k5-base64.h b/krb5-1.21.3/src/include/k5-base64.h
new file mode 100644
index 00000000..a7cc48fb
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-base64.h
@@ -0,0 +1,52 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-base64.h - base64 declarations */
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef K5_BASE64_H
+#define K5_BASE64_H
+
+#include <stddef.h>
+
+/* base64-encode data and return it in an allocated buffer.  Return NULL if out
+ * of memory. */
+char *k5_base64_encode(const void *data, size_t len);
+
+/*
+ * Decode str as base64 and return the result in an allocated buffer, setting
+ * *len_out to the length.  Return NULL and *len_out == 0 if out of memory,
+ * NULL and *len_out == SIZE_MAX on invalid input.
+ */
+void *k5_base64_decode(const char *str, size_t *len_out);
+
+#endif /* K5_BASE64_H */
diff --git a/krb5-1.21.3/src/include/k5-buf.h b/krb5-1.21.3/src/include/k5-buf.h
new file mode 100644
index 00000000..0db90ccf
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-buf.h
@@ -0,0 +1,177 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-buf.h - k5buf interface declarations */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef K5_BUF_H
+#define K5_BUF_H
+
+#include <stdarg.h>
+#include <string.h>
+
+/*
+ * The k5buf module is intended to allow multi-step string construction in a
+ * fixed or dynamic buffer without the need to check for a failure at each step
+ * (and without aborting on malloc failure).  If an allocation failure occurs
+ * or the fixed buffer runs out of room, the buffer will be set to an error
+ * state which can be detected with k5_buf_status.  Data in a buffer is not
+ * automatically terminated with a zero byte; call k5_buf_cstring() to use the
+ * contents as a C string.
+ *
+ * k5buf structures are usually stack-allocated.  Do not put k5buf structure
+ * pointers into public APIs.  It is okay to reference the data and len fields
+ * of a buffer (they will be NULL/0 if the buffer is in an error state), but do
+ * not change them.
+ */
+
+/* Buffer type values */
+enum k5buftype { K5BUF_ERROR, K5BUF_FIXED, K5BUF_DYNAMIC, K5BUF_DYNAMIC_ZAP };
+
+struct k5buf {
+    enum k5buftype buftype;
+    void *data;
+    size_t space;
+    size_t len;
+};
+
+#define EMPTY_K5BUF { K5BUF_ERROR }
+
+/* Initialize a k5buf using a fixed-sized, existing buffer.  SPACE must be
+ * more than zero, or an assertion failure will result. */
+void k5_buf_init_fixed(struct k5buf *buf, void *data, size_t space);
+
+/* Initialize a k5buf using an internally allocated dynamic buffer. */
+void k5_buf_init_dynamic(struct k5buf *buf);
+
+/* Initialize a k5buf using an internally allocated dynamic buffer, zeroing
+ * memory when reallocating or freeing. */
+void k5_buf_init_dynamic_zap(struct k5buf *buf);
+
+/* Add a C string to BUF. */
+void k5_buf_add(struct k5buf *buf, const char *data);
+
+/* Add a counted series of bytes to BUF. */
+void k5_buf_add_len(struct k5buf *buf, const void *data, size_t len);
+
+/* Add sprintf-style formatted data to BUF.  For a fixed-length buffer this
+ * operation will fail if there isn't room for a zero terminator. */
+void k5_buf_add_fmt(struct k5buf *buf, const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 3)))
+#endif
+    ;
+
+/* Add sprintf-style formatted data to BUF, with a va_list.  The value of ap is
+ * undefined after the call. */
+void k5_buf_add_vfmt(struct k5buf *buf, const char *fmt, va_list ap)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 0)))
+#endif
+    ;
+
+/* Without changing the length of buf, ensure that there is a zero byte after
+ * buf.data and return it.  Return NULL on error. */
+char *k5_buf_cstring(struct k5buf *buf);
+
+/* Extend the length of buf by len and return a pointer to the reserved space,
+ * to be filled in by the caller.  Return NULL on error. */
+void *k5_buf_get_space(struct k5buf *buf, size_t len);
+
+/* Truncate BUF.  LEN must be between 0 and the existing buffer
+ * length, or an assertion failure will result. */
+void k5_buf_truncate(struct k5buf *buf, size_t len);
+
+/* Return ENOMEM if buf is in an error state, 0 otherwise. */
+int k5_buf_status(struct k5buf *buf);
+
+/*
+ * Free the storage used in the dynamic buffer BUF.  The caller may choose to
+ * take responsibility for freeing the data pointer instead of using this
+ * function.  If BUF is a fixed buffer, an assertion failure will result.
+ * Freeing a buffer in the error state, a buffer initialized with EMPTY_K5BUF,
+ * or a zeroed k5buf structure is a no-op.
+ */
+void k5_buf_free(struct k5buf *buf);
+
+static inline void
+k5_buf_add_byte(struct k5buf *buf, uint8_t val)
+{
+    k5_buf_add_len(buf, &val, 1);
+}
+
+static inline void
+k5_buf_add_uint16_be(struct k5buf *buf, uint16_t val)
+{
+    void *p = k5_buf_get_space(buf, 2);
+
+    if (p != NULL)
+        store_16_be(val, p);
+}
+
+static inline void
+k5_buf_add_uint16_le(struct k5buf *buf, uint16_t val)
+{
+    void *p = k5_buf_get_space(buf, 2);
+
+    if (p != NULL)
+        store_16_le(val, p);
+}
+
+static inline void
+k5_buf_add_uint32_be(struct k5buf *buf, uint32_t val)
+{
+    void *p = k5_buf_get_space(buf, 4);
+
+    if (p != NULL)
+        store_32_be(val, p);
+}
+
+static inline void
+k5_buf_add_uint32_le(struct k5buf *buf, uint32_t val)
+{
+    void *p = k5_buf_get_space(buf, 4);
+
+    if (p != NULL)
+        store_32_le(val, p);
+}
+
+static inline void
+k5_buf_add_uint64_be(struct k5buf *buf, uint64_t val)
+{
+    void *p = k5_buf_get_space(buf, 8);
+
+    if (p != NULL)
+        store_64_be(val, p);
+}
+
+static inline void
+k5_buf_add_uint64_le(struct k5buf *buf, uint64_t val)
+{
+    void *p = k5_buf_get_space(buf, 8);
+
+    if (p != NULL)
+        store_64_le(val, p);
+}
+
+#endif /* K5_BUF_H */
diff --git a/krb5-1.21.3/src/include/k5-cmocka.h b/krb5-1.21.3/src/include/k5-cmocka.h
new file mode 100644
index 00000000..c35b10be
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-cmocka.h
@@ -0,0 +1,16 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-cmocka.h - indirect header file for cmocka test programs */
+
+/*
+ * This header conditionally includes cmocka.h, so that "make depend" can work
+ * on cmocka test programs when cmocka isn't available.  It also includes the
+ * three system headers required for cmocka.h.
+ */
+
+#include "autoconf.h"
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#ifdef HAVE_CMOCKA
+#include <cmocka.h>
+#endif
diff --git a/krb5-1.21.3/src/include/k5-der.h b/krb5-1.21.3/src/include/k5-der.h
new file mode 100644
index 00000000..b8371d9b
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-der.h
@@ -0,0 +1,149 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-der.h - Distinguished Encoding Rules (DER) declarations */
+/*
+ * Copyright (C) 2023 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Most ASN.1 encoding and decoding is done using the table-driven framework in
+ * libkrb5.  When that is not an option, these helpers can be used to encode
+ * and decode simple types.
+ */
+
+#ifndef K5_DER_H
+#define K5_DER_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include "k5-buf.h"
+#include "k5-input.h"
+
+/* Return the number of bytes needed to encode len as a DER encoding length. */
+static inline size_t
+k5_der_len_len(size_t len)
+{
+    size_t llen;
+
+    if (len < 128)
+        return 1;
+    llen = 1;
+    while (len > 0) {
+        len >>= 8;
+        llen++;
+    }
+    return llen;
+}
+
+/* Return the number of bytes needed to encode a DER value (with identifier
+ * byte and length) for a given contents length. */
+static inline size_t
+k5_der_value_len(size_t contents_len)
+{
+    return 1 + k5_der_len_len(contents_len) + contents_len;
+}
+
+/* Add a DER identifier byte (composed by the caller, including the ASN.1
+ * class, tag, and constructed bit) and length. */
+static inline void
+k5_der_add_taglen(struct k5buf *buf, uint8_t idbyte, size_t len)
+{
+    uint8_t *p;
+    size_t llen = k5_der_len_len(len);
+
+    p = k5_buf_get_space(buf, 1 + llen);
+    if (p == NULL)
+        return;
+    *p++ = idbyte;
+    if (len < 128) {
+        *p = len;
+    } else {
+        *p = 0x80 | (llen - 1);
+        /* Encode the length bytes backwards so the most significant byte is
+         * first. */
+        p += llen;
+        while (len > 0) {
+            *--p = len & 0xFF;
+            len >>= 8;
+        }
+    }
+}
+
+/* Add a DER value (identifier byte, length, and contents). */
+static inline void
+k5_der_add_value(struct k5buf *buf, uint8_t idbyte, const void *contents,
+                 size_t len)
+{
+    k5_der_add_taglen(buf, idbyte, len);
+    k5_buf_add_len(buf, contents, len);
+}
+
+/*
+ * If the next byte in in matches idbyte and the subsequent DER length is
+ * valid, advance in past the value, set *contents_out to the value contents,
+ * and return true.  Otherwise return false.  Only set an error on in if the
+ * next bytes matches idbyte but the ensuing length is invalid.  contents_out
+ * may be aliased to in; it will only be written to on successful decoding of a
+ * value.
+ */
+static inline bool
+k5_der_get_value(struct k5input *in, uint8_t idbyte,
+                 struct k5input *contents_out)
+{
+    uint8_t lenbyte, i;
+    size_t len;
+    const void *bytes;
+
+    /* Do nothing if in is empty or the next byte doesn't match idbyte. */
+    if (in->status || in->len == 0 || *in->ptr != idbyte)
+        return false;
+
+    /* Advance past the identifier byte and decode the length. */
+    (void)k5_input_get_byte(in);
+    lenbyte = k5_input_get_byte(in);
+    if (lenbyte < 128) {
+        len = lenbyte;
+    } else {
+        len = 0;
+        for (i = 0; i < (lenbyte & 0x7F); i++) {
+            if (len > (SIZE_MAX >> 8)) {
+                k5_input_set_status(in, EOVERFLOW);
+                return false;
+            }
+            len = (len << 8) | k5_input_get_byte(in);
+        }
+    }
+
+    bytes = k5_input_get_bytes(in, len);
+    if (bytes == NULL)
+        return false;
+    k5_input_init(contents_out, bytes, len);
+    return true;
+}
+
+#endif /* K5_DER_H */
diff --git a/krb5-1.21.3/src/include/k5-err.h b/krb5-1.21.3/src/include/k5-err.h
new file mode 100644
index 00000000..d9292076
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-err.h
@@ -0,0 +1,69 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-err.h */
+/*
+ * Copyright 2006, 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Error-message handling
+ */
+
+#ifndef K5_ERR_H
+#define K5_ERR_H
+
+#if defined(_MSDOS) || defined(_WIN32)
+#include <win-mac.h>
+#endif
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif
+
+#include <stdarg.h>
+
+struct errinfo {
+    long code;
+    char *msg;
+};
+#define EMPTY_ERRINFO { 0, NULL }
+
+void k5_set_error(struct errinfo *ep, long code, const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+
+void k5_vset_error(struct errinfo *ep, long code, const char *fmt,
+                   va_list args)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 0)))
+#endif
+    ;
+
+const char *k5_get_error(struct errinfo *ep, long code);
+void k5_free_error(struct errinfo *ep, const char *msg);
+void k5_clear_error(struct errinfo *ep);
+void k5_set_error_info_callout_fn(const char *(KRB5_CALLCONV *f)(long));
+
+#endif /* K5_ERR_H */
diff --git a/krb5-1.21.3/src/include/k5-gmt_mktime.h b/krb5-1.21.3/src/include/k5-gmt_mktime.h
new file mode 100644
index 00000000..aa82e838
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-gmt_mktime.h
@@ -0,0 +1,43 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-gmt_mktime.h */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * GMT struct tm conversion
+ *
+ * Because of ordering of things in the UNIX build, we can't just keep
+ * the declaration in k5-int.h and include it in
+ * util/support/gmt_mktime.c, since k5-int.h includes krb5.h which
+ * hasn't been built when gmt_mktime.c gets compiled.  Hence this
+ * silly little helper header.
+ */
+
+#ifndef K5_GMT_MKTIME_H
+#define K5_GMT_MKTIME_H
+
+time_t krb5int_gmt_mktime (struct tm *);
+
+#endif /* K5_GMT_MKTIME_H */
diff --git a/krb5-1.21.3/src/include/k5-hashtab.h b/krb5-1.21.3/src/include/k5-hashtab.h
new file mode 100644
index 00000000..e68970ba
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-hashtab.h
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-hash.h - hash table interface definitions */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file contains declarations for a simple hash table using siphash.  Some
+ * limitations which might need to be addressed in the future:
+ *
+ * - The table does not manage caller memory.  This limitation could be
+ *   addressed by adding an optional free callback to k5_hashtab_create(), to
+ *   be called by k5_hashtab_free() and k5_hashtab_remove().
+ *
+ * - There is no way to iterate over a hash table.
+ *
+ * - k5_hashtab_add() does not check for duplicate entries.
+ */
+
+#ifndef K5_HASH_H
+#define K5_HASH_H
+
+#define K5_HASH_SEED_LEN 16
+
+struct k5_hashtab;
+
+/*
+ * Create a new hash table in *ht_out.  seed must point to random bytes if keys
+ * might be under the control of an attacker; otherwise it may be NULL.
+ * initial_buckets controls the initial allocation of hash buckets; pass zero
+ * to use a default value.  The number of hash buckets will be doubled as the
+ * number of entries increases.  Return 0 on success, ENOMEM on failure.
+ */
+int k5_hashtab_create(const uint8_t seed[K5_HASH_SEED_LEN],
+                      size_t initial_buckets, struct k5_hashtab **ht_out);
+
+/* Release the memory used by a hash table.  Keys and values are the caller's
+ * responsibility. */
+void k5_hashtab_free(struct k5_hashtab *ht);
+
+/* Add an entry to a hash table.  key and val must remain valid until the entry
+ * is removed or the hash table is freed.  The caller must avoid duplicates. */
+int k5_hashtab_add(struct k5_hashtab *ht, const void *key, size_t klen,
+                   void *val);
+
+/* Remove an entry from a hash table by key.  Does not free key or the
+ * associated value.  Return 1 if the key was found and removed, 0 if not. */
+int k5_hashtab_remove(struct k5_hashtab *ht, const void *key, size_t klen);
+
+/* Retrieve a value from a hash table by key. */
+void *k5_hashtab_get(struct k5_hashtab *ht, const void *key, size_t klen);
+
+uint64_t k5_siphash24(const uint8_t *data, size_t len,
+                      const uint8_t seed[K5_HASH_SEED_LEN]);
+
+#endif /* K5_HASH_H */
diff --git a/krb5-1.21.3/src/include/k5-hex.h b/krb5-1.21.3/src/include/k5-hex.h
new file mode 100644
index 00000000..75bd2cb1
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-hex.h
@@ -0,0 +1,53 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-hex.h - libkrb5support hex encoding/decoding declarations */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef K5_HEX_H
+#define K5_HEX_H
+
+#include "k5-platform.h"
+
+/*
+ * Encode len bytes in hex, placing the result in allocated storage in
+ * *hex_out.  Use uppercase hex digits if uppercase is non-zero.  Return 0 on
+ * success, ENOMEM on error.
+ */
+int k5_hex_encode(const void *bytes, size_t len, int uppercase,
+                  char **hex_out);
+
+/*
+ * Decode hex bytes, placing the result in allocated storage in *bytes_out and
+ * *len_out.  Null-terminate the result (primarily for decoding passwords in
+ * libkdb_ldap).  Return 0 on success, ENOMEM or EINVAL on error.
+ */
+int k5_hex_decode(const char *hex, uint8_t **bytes_out, size_t *len_out);
+
+#endif /* K5_HEX_H */
diff --git a/krb5-1.21.3/src/include/k5-input.h b/krb5-1.21.3/src/include/k5-input.h
new file mode 100644
index 00000000..9f47fa7a
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-input.h
@@ -0,0 +1,143 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-input.h - k5input helper functions */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef K5_INPUT_H
+#define K5_INPUT_H
+
+#include "k5-platform.h"
+
+/*
+ * The k5input module defines helpers for safely consuming a fixed-sized block
+ * of memory.  If an overrun or allocation failure occurs at any step,
+ * subsequent functions will return default values until the error is detected
+ * by looking at the status field.
+ */
+
+struct k5input {
+    const unsigned char *ptr;
+    size_t len;
+    int32_t status;
+};
+
+static inline void
+k5_input_init(struct k5input *in, const void *ptr, size_t len)
+{
+    in->ptr = ptr;
+    in->len = len;
+    in->status = 0;
+}
+
+/* Only set the status value of in if it hasn't already been set, so status
+ * reflects the first thing to go wrong. */
+static inline void
+k5_input_set_status(struct k5input *in, int32_t status)
+{
+    if (!in->status)
+        in->status = status;
+}
+
+static inline const unsigned char *
+k5_input_get_bytes(struct k5input *in, size_t len)
+{
+    if (in->len < len)
+        k5_input_set_status(in, EINVAL);
+    if (in->status)
+        return NULL;
+    in->len -= len;
+    in->ptr += len;
+    return in->ptr - len;
+}
+
+static inline unsigned char
+k5_input_get_byte(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 1);
+    return (ptr == NULL) ? '\0' : *ptr;
+}
+
+static inline uint16_t
+k5_input_get_uint16_be(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 2);
+    return (ptr == NULL) ? 0 : load_16_be(ptr);
+}
+
+static inline uint16_t
+k5_input_get_uint16_le(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 2);
+    return (ptr == NULL) ? 0 : load_16_le(ptr);
+}
+
+static inline uint16_t
+k5_input_get_uint16_n(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 2);
+    return (ptr == NULL) ? 0 : load_16_n(ptr);
+}
+
+static inline uint32_t
+k5_input_get_uint32_be(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 4);
+    return (ptr == NULL) ? 0 : load_32_be(ptr);
+}
+
+static inline uint32_t
+k5_input_get_uint32_le(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 4);
+    return (ptr == NULL) ? 0 : load_32_le(ptr);
+}
+
+static inline uint32_t
+k5_input_get_uint32_n(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 4);
+    return (ptr == NULL) ? 0 : load_32_n(ptr);
+}
+
+static inline uint64_t
+k5_input_get_uint64_be(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 8);
+    return (ptr == NULL) ? 0 : load_64_be(ptr);
+}
+
+static inline uint64_t
+k5_input_get_uint64_le(struct k5input *in)
+{
+    const unsigned char *ptr = k5_input_get_bytes(in, 8);
+    return (ptr == NULL) ? 0 : load_64_le(ptr);
+}
+
+#endif /* K5_BUF_H */
diff --git a/krb5-1.21.3/src/include/k5-int-pkinit.h b/krb5-1.21.3/src/include/k5-int-pkinit.h
new file mode 100644
index 00000000..915904e5
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-int-pkinit.h
@@ -0,0 +1,204 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#ifndef _KRB5_INT_PKINIT_H
+#define _KRB5_INT_PKINIT_H
+
+/*
+ * pkinit structures
+ */
+
+/* PKAuthenticator */
+typedef struct _krb5_pk_authenticator {
+    krb5_int32      cusec;  /* (0..999999) */
+    krb5_timestamp  ctime;
+    krb5_int32      nonce;  /* (0..4294967295) */
+    krb5_checksum   paChecksum;
+    krb5_data      *freshnessToken;
+} krb5_pk_authenticator;
+
+/* AlgorithmIdentifier */
+typedef struct _krb5_algorithm_identifier {
+    krb5_data algorithm;      /* OID */
+    krb5_data parameters; /* Optional */
+} krb5_algorithm_identifier;
+
+/** AuthPack from RFC 4556*/
+typedef struct _krb5_auth_pack {
+    krb5_pk_authenticator       pkAuthenticator;
+    krb5_data                   clientPublicValue; /* Optional */
+    krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
+    krb5_data                   clientDHNonce; /* Optional */
+    krb5_data                   **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
+} krb5_auth_pack;
+
+/* ExternalPrincipalIdentifier */
+typedef struct _krb5_external_principal_identifier {
+    krb5_data subjectName; /* Optional */
+    krb5_data issuerAndSerialNumber; /* Optional */
+    krb5_data subjectKeyIdentifier; /* Optional */
+} krb5_external_principal_identifier;
+
+/* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
+typedef struct _krb5_pa_pk_as_req {
+    krb5_data signedAuthPack;
+    krb5_external_principal_identifier **trustedCertifiers; /* Optional array */
+    krb5_data kdcPkId; /* Optional */
+} krb5_pa_pk_as_req;
+
+/** Pkinit DHRepInfo */
+typedef struct _krb5_dh_rep_info {
+    krb5_data dhSignedData;
+    krb5_data serverDHNonce; /* Optional */
+    krb5_data *kdfID; /* OID of selected KDF OPTIONAL */
+} krb5_dh_rep_info;
+
+/* KDCDHKeyInfo */
+typedef struct _krb5_kdc_dh_key_info {
+    krb5_data       subjectPublicKey; /* BIT STRING */
+    krb5_int32      nonce;  /* (0..4294967295) */
+    krb5_timestamp  dhKeyExpiration; /* Optional */
+} krb5_kdc_dh_key_info;
+
+/* ReplyKeyPack */
+typedef struct _krb5_reply_key_pack {
+    krb5_keyblock   replyKey;
+    krb5_checksum   asChecksum;
+} krb5_reply_key_pack;
+
+/* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
+typedef struct _krb5_pa_pk_as_rep {
+    enum krb5_pa_pk_as_rep_selection {
+        choice_pa_pk_as_rep_UNKNOWN = -1,
+        choice_pa_pk_as_rep_dhInfo = 0,
+        choice_pa_pk_as_rep_encKeyPack = 1
+    } choice;
+    union krb5_pa_pk_as_rep_choices {
+        krb5_dh_rep_info    dh_Info;
+        krb5_data           encKeyPack;
+    } u;
+} krb5_pa_pk_as_rep;
+
+/* SP80056A OtherInfo, for pkinit algorithm agility */
+typedef struct _krb5_sp80056a_other_info {
+    krb5_algorithm_identifier algorithm_identifier;
+    krb5_principal  party_u_info;
+    krb5_principal  party_v_info;
+    krb5_data supp_pub_info;
+} krb5_sp80056a_other_info;
+
+/* PkinitSuppPubInfo, for pkinit algorithm agility */
+typedef struct _krb5_pkinit_supp_pub_info {
+    krb5_enctype      enctype;
+    krb5_data         as_req;
+    krb5_data         pk_as_rep;
+} krb5_pkinit_supp_pub_info;
+
+/*
+ * Begin "asn1.h"
+ */
+
+/*************************************************************************
+ * Prototypes for pkinit asn.1 encode routines
+ *************************************************************************/
+
+krb5_error_code
+encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_pa_pk_as_rep(const krb5_pa_pk_as_rep *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_auth_pack(const krb5_auth_pack *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_kdc_dh_key_info(const krb5_kdc_dh_key_info *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_reply_key_pack(const krb5_reply_key_pack *, krb5_data **code);
+
+krb5_error_code
+encode_krb5_td_trusted_certifiers(krb5_external_principal_identifier *const *,
+                                  krb5_data **code);
+
+krb5_error_code
+encode_krb5_td_dh_parameters(krb5_algorithm_identifier *const *,
+                             krb5_data **code);
+
+krb5_error_code
+encode_krb5_sp80056a_other_info(const krb5_sp80056a_other_info *,
+                                krb5_data **);
+
+krb5_error_code
+encode_krb5_pkinit_supp_pub_info(const krb5_pkinit_supp_pub_info *,
+                                 krb5_data **);
+
+/*************************************************************************
+ * Prototypes for pkinit asn.1 decode routines
+ *************************************************************************/
+
+krb5_error_code
+decode_krb5_pa_pk_as_req(const krb5_data *, krb5_pa_pk_as_req **);
+
+krb5_error_code
+decode_krb5_pa_pk_as_rep(const krb5_data *, krb5_pa_pk_as_rep **);
+
+krb5_error_code
+decode_krb5_auth_pack(const krb5_data *, krb5_auth_pack **);
+
+krb5_error_code
+decode_krb5_kdc_dh_key_info(const krb5_data *, krb5_kdc_dh_key_info **);
+
+krb5_error_code
+decode_krb5_principal_name(const krb5_data *, krb5_principal_data **);
+
+krb5_error_code
+decode_krb5_reply_key_pack(const krb5_data *, krb5_reply_key_pack **);
+
+krb5_error_code
+decode_krb5_td_trusted_certifiers(const krb5_data *,
+                                  krb5_external_principal_identifier ***);
+
+krb5_error_code
+decode_krb5_td_dh_parameters(const krb5_data *, krb5_algorithm_identifier ***);
+
+krb5_error_code
+encode_krb5_enc_data(const krb5_enc_data *, krb5_data **);
+
+krb5_error_code
+encode_krb5_encryption_key(const krb5_keyblock *rep, krb5_data **code);
+
+krb5_error_code
+krb5_encrypt_helper(krb5_context context, const krb5_keyblock *key,
+                    krb5_keyusage keyusage, const krb5_data *plain,
+                    krb5_enc_data *cipher);
+
+#endif /* _KRB5_INT_PKINIT_H */
diff --git a/krb5-1.21.3/src/include/k5-int.h b/krb5-1.21.3/src/include/k5-int.h
new file mode 100644
index 00000000..2f7791b7
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-int.h
@@ -0,0 +1,2407 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001,
+ * 2003,2006,2007,2008,2009 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/*
+ * This prototype for k5-int.h (Krb5 internals include file)
+ * includes the user-visible definitions from krb5.h and then
+ * includes other definitions that are not user-visible but are
+ * required for compiling Kerberos internal routines.
+ *
+ * John Gilmore, Cygnus Support, Sat Jan 21 22:45:52 PST 1995
+ */
+
+#ifndef _KRB5_INT_H
+#define _KRB5_INT_H
+
+#ifdef KRB5_GENERAL__
+#error krb5.h included before k5-int.h
+#endif /* KRB5_GENERAL__ */
+
+#include "osconf.h"
+
+#if defined(__MACH__) && defined(__APPLE__)
+#       include <TargetConditionals.h>
+#    if TARGET_RT_MAC_CFM
+#       error "Use KfM 4.0 SDK headers for CFM compilation."
+#    endif
+#endif
+
+/*
+ * Begin "k5-config.h"
+ */
+#ifndef KRB5_CONFIG__
+#define KRB5_CONFIG__
+
+/*
+ * Machine-type definitions: PC Clone 386 running Microloss Windows
+ */
+
+#if defined(_MSDOS) || defined(_WIN32)
+#include "win-mac.h"
+
+/* Kerberos Windows initialization file */
+#define KERBEROS_INI    "kerberos.ini"
+#define INI_FILES       "Files"
+#define INI_KRB_CCACHE  "krb5cc"        /* Location of the ccache */
+#define INI_KRB5_CONF   "krb5.ini"      /* Location of krb5.conf file */
+#endif
+
+#include "autoconf.h"
+
+#ifndef KRB5_SYSTYPES__
+#define KRB5_SYSTYPES__
+
+#ifdef HAVE_SYS_TYPES_H         /* From autoconf.h */
+#include <sys/types.h>
+#else /* HAVE_SYS_TYPES_H */
+typedef unsigned long   u_long;
+typedef unsigned int    u_int;
+typedef unsigned short  u_short;
+typedef unsigned char   u_char;
+#endif /* HAVE_SYS_TYPES_H */
+#endif /* KRB5_SYSTYPES__ */
+
+
+#include "k5-platform.h"
+
+#define KRB5_KDB_MAX_LIFE       (60*60*24) /* one day */
+#define KRB5_KDB_MAX_RLIFE      (60*60*24*7) /* one week */
+#define KRB5_KDB_EXPIRATION     2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
+
+/*
+ * Windows requires a different api interface to each function. Here
+ * just define it as NULL.
+ */
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+/* #define KRB5_OLD_CRYPTO is done in krb5.h */
+
+#endif /* KRB5_CONFIG__ */
+
+/*
+ * End "k5-config.h"
+ */
+
+/*
+ * After loading the configuration definitions, load the Kerberos definitions.
+ */
+#include <errno.h>
+#include "krb5.h"
+#include <krb5/plugin.h>
+#include "profile.h"
+
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+/* Get mutex support; currently used only for the replay cache.  */
+#include "k5-thread.h"
+
+/* Get error info support.  */
+#include "k5-err.h"
+
+/* Get string buffer support. */
+#include "k5-buf.h"
+
+/* Define tracing macros. */
+#include "k5-trace.h"
+
+/* Profile variables.  Constants are named KRB5_CONF_STRING, where STRING
+ * matches the variable name.  Keep these alphabetized. */
+#define KRB5_CONF_ACL_FILE                     "acl_file"
+#define KRB5_CONF_ADMIN_SERVER                 "admin_server"
+#define KRB5_CONF_ALLOW_DES3                   "allow_des3"
+#define KRB5_CONF_ALLOW_RC4                    "allow_rc4"
+#define KRB5_CONF_ALLOW_WEAK_CRYPTO            "allow_weak_crypto"
+#define KRB5_CONF_AUTH_TO_LOCAL                "auth_to_local"
+#define KRB5_CONF_AUTH_TO_LOCAL_NAMES          "auth_to_local_names"
+#define KRB5_CONF_CANONICALIZE                 "canonicalize"
+#define KRB5_CONF_CCACHE_TYPE                  "ccache_type"
+#define KRB5_CONF_CLOCKSKEW                    "clockskew"
+#define KRB5_CONF_DATABASE_NAME                "database_name"
+#define KRB5_CONF_DB_MODULE_DIR                "db_module_dir"
+#define KRB5_CONF_DEBUG                        "debug"
+#define KRB5_CONF_DEFAULT                      "default"
+#define KRB5_CONF_DEFAULT_CCACHE_NAME          "default_ccache_name"
+#define KRB5_CONF_DEFAULT_CLIENT_KEYTAB_NAME   "default_client_keytab_name"
+#define KRB5_CONF_DEFAULT_DOMAIN               "default_domain"
+#define KRB5_CONF_DEFAULT_KEYTAB_NAME          "default_keytab_name"
+#define KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION "default_principal_expiration"
+#define KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS      "default_principal_flags"
+#define KRB5_CONF_DEFAULT_RCACHE_NAME          "default_rcache_name"
+#define KRB5_CONF_DEFAULT_REALM                "default_realm"
+#define KRB5_CONF_DEFAULT_TGS_ENCTYPES         "default_tgs_enctypes"
+#define KRB5_CONF_DEFAULT_TKT_ENCTYPES         "default_tkt_enctypes"
+#define KRB5_CONF_DICT_FILE                    "dict_file"
+#define KRB5_CONF_DISABLE                      "disable"
+#define KRB5_CONF_DISABLE_ENCRYPTED_TIMESTAMP  "disable_encrypted_timestamp"
+#define KRB5_CONF_DISABLE_LAST_SUCCESS         "disable_last_success"
+#define KRB5_CONF_DISABLE_LOCKOUT              "disable_lockout"
+#define KRB5_CONF_DISABLE_PAC                  "disable_pac"
+#define KRB5_CONF_DNS_CANONICALIZE_HOSTNAME    "dns_canonicalize_hostname"
+#define KRB5_CONF_DNS_FALLBACK                 "dns_fallback"
+#define KRB5_CONF_DNS_LOOKUP_KDC               "dns_lookup_kdc"
+#define KRB5_CONF_DNS_LOOKUP_REALM             "dns_lookup_realm"
+#define KRB5_CONF_DNS_URI_LOOKUP               "dns_uri_lookup"
+#define KRB5_CONF_DOMAIN_REALM                 "domain_realm"
+#define KRB5_CONF_ENABLE_ONLY                  "enable_only"
+#define KRB5_CONF_ENCRYPTED_CHALLENGE_INDICATOR "encrypted_challenge_indicator"
+#define KRB5_CONF_ENFORCE_OK_AS_DELEGATE       "enforce_ok_as_delegate"
+#define KRB5_CONF_ERR_FMT                      "err_fmt"
+#define KRB5_CONF_EXTRA_ADDRESSES              "extra_addresses"
+#define KRB5_CONF_FORWARDABLE                  "forwardable"
+#define KRB5_CONF_HOST_BASED_SERVICES          "host_based_services"
+#define KRB5_CONF_HTTP_ANCHORS                 "http_anchors"
+#define KRB5_CONF_IGNORE_ACCEPTOR_HOSTNAME     "ignore_acceptor_hostname"
+#define KRB5_CONF_IPROP_ENABLE                 "iprop_enable"
+#define KRB5_CONF_IPROP_LISTEN                 "iprop_listen"
+#define KRB5_CONF_IPROP_LOGFILE                "iprop_logfile"
+#define KRB5_CONF_IPROP_MASTER_ULOGSIZE        "iprop_master_ulogsize"
+#define KRB5_CONF_IPROP_PORT                   "iprop_port"
+#define KRB5_CONF_IPROP_RESYNC_TIMEOUT         "iprop_resync_timeout"
+#define KRB5_CONF_IPROP_REPLICA_POLL           "iprop_replica_poll"
+#define KRB5_CONF_IPROP_SLAVE_POLL             "iprop_slave_poll"
+#define KRB5_CONF_IPROP_ULOGSIZE               "iprop_ulogsize"
+#define KRB5_CONF_K5LOGIN_AUTHORITATIVE        "k5login_authoritative"
+#define KRB5_CONF_K5LOGIN_DIRECTORY            "k5login_directory"
+#define KRB5_CONF_KADMIND_LISTEN               "kadmind_listen"
+#define KRB5_CONF_KADMIND_PORT                 "kadmind_port"
+#define KRB5_CONF_KCM_MACH_SERVICE             "kcm_mach_service"
+#define KRB5_CONF_KCM_SOCKET                   "kcm_socket"
+#define KRB5_CONF_KDC                          "kdc"
+#define KRB5_CONF_KDCDEFAULTS                  "kdcdefaults"
+#define KRB5_CONF_KDC_DEFAULT_OPTIONS          "kdc_default_options"
+#define KRB5_CONF_KDC_LISTEN                   "kdc_listen"
+#define KRB5_CONF_KDC_MAX_DGRAM_REPLY_SIZE     "kdc_max_dgram_reply_size"
+#define KRB5_CONF_KDC_PORTS                    "kdc_ports"
+#define KRB5_CONF_KDC_TCP_PORTS                "kdc_tcp_ports"
+#define KRB5_CONF_KDC_TCP_LISTEN               "kdc_tcp_listen"
+#define KRB5_CONF_KDC_TCP_LISTEN_BACKLOG       "kdc_tcp_listen_backlog"
+#define KRB5_CONF_KDC_TIMESYNC                 "kdc_timesync"
+#define KRB5_CONF_KEY_STASH_FILE               "key_stash_file"
+#define KRB5_CONF_KPASSWD_LISTEN               "kpasswd_listen"
+#define KRB5_CONF_KPASSWD_PORT                 "kpasswd_port"
+#define KRB5_CONF_KPASSWD_SERVER               "kpasswd_server"
+#define KRB5_CONF_KRB524_SERVER                "krb524_server"
+#define KRB5_CONF_LDAP_CONNS_PER_SERVER        "ldap_conns_per_server"
+#define KRB5_CONF_LDAP_KADMIND_DN              "ldap_kadmind_dn"
+#define KRB5_CONF_LDAP_KADMIND_SASL_AUTHCID    "ldap_kadmind_sasl_authcid"
+#define KRB5_CONF_LDAP_KADMIND_SASL_AUTHZID    "ldap_kadmind_sasl_authzid"
+#define KRB5_CONF_LDAP_KADMIND_SASL_MECH       "ldap_kadmind_sasl_mech"
+#define KRB5_CONF_LDAP_KADMIND_SASL_REALM      "ldap_kadmind_sasl_realm"
+#define KRB5_CONF_LDAP_KDC_DN                  "ldap_kdc_dn"
+#define KRB5_CONF_LDAP_KDC_SASL_AUTHCID        "ldap_kdc_sasl_authcid"
+#define KRB5_CONF_LDAP_KDC_SASL_AUTHZID        "ldap_kdc_sasl_authzid"
+#define KRB5_CONF_LDAP_KDC_SASL_MECH           "ldap_kdc_sasl_mech"
+#define KRB5_CONF_LDAP_KDC_SASL_REALM          "ldap_kdc_sasl_realm"
+#define KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN   "ldap_kerberos_container_dn"
+#define KRB5_CONF_LDAP_SERVERS                 "ldap_servers"
+#define KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE   "ldap_service_password_file"
+#define KRB5_CONF_LIBDEFAULTS                  "libdefaults"
+#define KRB5_CONF_LOGGING                      "logging"
+#define KRB5_CONF_MAPSIZE                      "mapsize"
+#define KRB5_CONF_MASTER_KDC                   "master_kdc"
+#define KRB5_CONF_MASTER_KEY_NAME              "master_key_name"
+#define KRB5_CONF_MASTER_KEY_TYPE              "master_key_type"
+#define KRB5_CONF_MAX_LIFE                     "max_life"
+#define KRB5_CONF_MAX_READERS                  "max_readers"
+#define KRB5_CONF_MAX_RENEWABLE_LIFE           "max_renewable_life"
+#define KRB5_CONF_MODULE                       "module"
+#define KRB5_CONF_NOADDRESSES                  "noaddresses"
+#define KRB5_CONF_NOSYNC                       "nosync"
+#define KRB5_CONF_NO_HOST_REFERRAL             "no_host_referral"
+#define KRB5_CONF_PERMITTED_ENCTYPES           "permitted_enctypes"
+#define KRB5_CONF_PLUGINS                      "plugins"
+#define KRB5_CONF_PLUGIN_BASE_DIR              "plugin_base_dir"
+#define KRB5_CONF_PREFERRED_PREAUTH_TYPES      "preferred_preauth_types"
+#define KRB5_CONF_PRIMARY_KDC                  "primary_kdc"
+#define KRB5_CONF_PROXIABLE                    "proxiable"
+#define KRB5_CONF_QUALIFY_SHORTNAME            "qualify_shortname"
+#define KRB5_CONF_RDNS                         "rdns"
+#define KRB5_CONF_REALMS                       "realms"
+#define KRB5_CONF_REALM_TRY_DOMAINS            "realm_try_domains"
+#define KRB5_CONF_REJECT_BAD_TRANSIT           "reject_bad_transit"
+#define KRB5_CONF_RENEW_LIFETIME               "renew_lifetime"
+#define KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT    "restrict_anonymous_to_tgt"
+#define KRB5_CONF_SUPPORTED_ENCTYPES           "supported_enctypes"
+#define KRB5_CONF_SPAKE_PREAUTH_INDICATOR      "spake_preauth_indicator"
+#define KRB5_CONF_SPAKE_PREAUTH_KDC_CHALLENGE  "spake_preauth_kdc_challenge"
+#define KRB5_CONF_SPAKE_PREAUTH_GROUPS         "spake_preauth_groups"
+#define KRB5_CONF_TICKET_LIFETIME              "ticket_lifetime"
+#define KRB5_CONF_UDP_PREFERENCE_LIMIT         "udp_preference_limit"
+#define KRB5_CONF_UNLOCKITER                   "unlockiter"
+#define KRB5_CONF_V4_INSTANCE_CONVERT          "v4_instance_convert"
+#define KRB5_CONF_V4_REALM                     "v4_realm"
+#define KRB5_CONF_VERIFY_AP_REQ_NOFAIL         "verify_ap_req_nofail"
+#define KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS    "client_aware_channel_bindings"
+
+/* Cache configuration variables */
+#define KRB5_CC_CONF_FAST_AVAIL                "fast_avail"
+#define KRB5_CC_CONF_PA_CONFIG_DATA            "pa_config_data"
+#define KRB5_CC_CONF_PA_TYPE                   "pa_type"
+#define KRB5_CC_CONF_PROXY_IMPERSONATOR        "proxy_impersonator"
+#define KRB5_CC_CONF_REFRESH_TIME              "refresh_time"
+#define KRB5_CC_CONF_START_REALM               "start_realm"
+
+/* Error codes used in KRB_ERROR protocol messages.
+   Return values of library routines are based on a different error table
+   (which allows non-ambiguous error codes between subsystems) */
+
+/* KDC errors */
+#define KDC_ERR_NONE                    0 /* No error */
+#define KDC_ERR_NAME_EXP                1 /* Client's entry in DB expired */
+#define KDC_ERR_SERVICE_EXP             2 /* Server's entry in DB expired */
+#define KDC_ERR_BAD_PVNO                3 /* Requested pvno not supported */
+#define KDC_ERR_C_OLD_MAST_KVNO         4 /* C's key encrypted in old master */
+#define KDC_ERR_S_OLD_MAST_KVNO         5 /* S's key encrypted in old master */
+#define KDC_ERR_C_PRINCIPAL_UNKNOWN     6 /* Client not found in Kerberos DB */
+#define KDC_ERR_S_PRINCIPAL_UNKNOWN     7 /* Server not found in Kerberos DB */
+#define KDC_ERR_PRINCIPAL_NOT_UNIQUE    8 /* Multiple entries in Kerberos DB */
+#define KDC_ERR_NULL_KEY                9 /* The C or S has a null key */
+#define KDC_ERR_CANNOT_POSTDATE         10 /* Tkt ineligible for postdating */
+#define KDC_ERR_NEVER_VALID             11 /* Requested starttime > endtime */
+#define KDC_ERR_POLICY                  12 /* KDC policy rejects request */
+#define KDC_ERR_BADOPTION               13 /* KDC can't do requested opt. */
+#define KDC_ERR_ENCTYPE_NOSUPP          14 /* No support for encryption type */
+#define KDC_ERR_SUMTYPE_NOSUPP          15 /* No support for checksum type */
+#define KDC_ERR_PADATA_TYPE_NOSUPP      16 /* No support for padata type */
+#define KDC_ERR_TRTYPE_NOSUPP           17 /* No support for transited type */
+#define KDC_ERR_CLIENT_REVOKED          18 /* C's creds have been revoked */
+#define KDC_ERR_SERVICE_REVOKED         19 /* S's creds have been revoked */
+#define KDC_ERR_TGT_REVOKED             20 /* TGT has been revoked */
+#define KDC_ERR_CLIENT_NOTYET           21 /* C not yet valid */
+#define KDC_ERR_SERVICE_NOTYET          22 /* S not yet valid */
+#define KDC_ERR_KEY_EXP                 23 /* Password has expired */
+#define KDC_ERR_PREAUTH_FAILED          24 /* Preauthentication failed */
+#define KDC_ERR_PREAUTH_REQUIRED        25 /* Additional preauthentication */
+                                           /* required */
+#define KDC_ERR_SERVER_NOMATCH          26 /* Requested server and */
+                                           /* ticket don't match*/
+#define KDC_ERR_MUST_USE_USER2USER      27 /* Server principal valid for */
+                                           /*   user2user only */
+#define KDC_ERR_PATH_NOT_ACCEPTED       28 /* KDC policy rejected transited */
+                                           /*   path */
+#define KDC_ERR_SVC_UNAVAILABLE         29 /* A service is not
+                                            * available that is
+                                            * required to process the
+                                            * request */
+/* Application errors */
+#define KRB_AP_ERR_BAD_INTEGRITY 31     /* Decrypt integrity check failed */
+#define KRB_AP_ERR_TKT_EXPIRED  32      /* Ticket expired */
+#define KRB_AP_ERR_TKT_NYV      33      /* Ticket not yet valid */
+#define KRB_AP_ERR_REPEAT       34      /* Request is a replay */
+#define KRB_AP_ERR_NOT_US       35      /* The ticket isn't for us */
+#define KRB_AP_ERR_BADMATCH     36      /* Ticket/authenticator don't match */
+#define KRB_AP_ERR_SKEW         37      /* Clock skew too great */
+#define KRB_AP_ERR_BADADDR      38      /* Incorrect net address */
+#define KRB_AP_ERR_BADVERSION   39      /* Protocol version mismatch */
+#define KRB_AP_ERR_MSG_TYPE     40      /* Invalid message type */
+#define KRB_AP_ERR_MODIFIED     41      /* Message stream modified */
+#define KRB_AP_ERR_BADORDER     42      /* Message out of order */
+#define KRB_AP_ERR_BADKEYVER    44      /* Key version is not available */
+#define KRB_AP_ERR_NOKEY        45      /* Service key not available */
+#define KRB_AP_ERR_MUT_FAIL     46      /* Mutual authentication failed */
+#define KRB_AP_ERR_BADDIRECTION 47      /* Incorrect message direction */
+#define KRB_AP_ERR_METHOD       48      /* Alternative authentication */
+                                        /* method required */
+#define KRB_AP_ERR_BADSEQ       49      /* Incorrect sequence numnber */
+                                        /* in message */
+#define KRB_AP_ERR_INAPP_CKSUM  50      /* Inappropriate type of */
+                                        /* checksum in message */
+#define KRB_AP_PATH_NOT_ACCEPTED 51     /* Policy rejects transited path */
+#define KRB_ERR_RESPONSE_TOO_BIG 52     /* Response too big for UDP, */
+                                        /*   retry with TCP */
+
+/* other errors */
+#define KRB_ERR_GENERIC         60      /* Generic error (description */
+                                        /* in e-text) */
+#define KRB_ERR_FIELD_TOOLONG   61      /* Field is too long for impl. */
+
+/* PKINIT server-reported errors */
+#define KDC_ERR_CLIENT_NOT_TRUSTED              62 /* client cert not trusted */
+#define KDC_ERR_KDC_NOT_TRUSTED                 63
+#define KDC_ERR_INVALID_SIG                     64 /* client signature verify failed */
+#define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED  65 /* invalid Diffie-Hellman parameters */
+#define KDC_ERR_CERTIFICATE_MISMATCH            66
+#define KRB_AP_ERR_NO_TGT                       67
+#define KDC_ERR_WRONG_REALM                     68
+#define KRB_AP_ERR_USER_TO_USER_REQUIRED        69
+#define KDC_ERR_CANT_VERIFY_CERTIFICATE         70 /* client cert not verifiable to */
+                                                   /* trusted root cert */
+#define KDC_ERR_INVALID_CERTIFICATE             71 /* client cert had invalid signature */
+#define KDC_ERR_REVOKED_CERTIFICATE             72 /* client cert was revoked */
+#define KDC_ERR_REVOCATION_STATUS_UNKNOWN       73 /* client cert revoked, reason unknown */
+#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE   74
+#define KDC_ERR_CLIENT_NAME_MISMATCH            75 /* mismatch between client cert and */
+                                                   /* principal name */
+#define KDC_ERR_INCONSISTENT_KEY_PURPOSE        77 /* bad extended key use */
+#define KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED     78 /* bad digest algorithm in client cert */
+#define KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED    79 /* missing paChecksum in PA-PK-AS-REQ */
+#define KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED 80 /* bad digest algorithm in SignedData */
+#define KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED 81
+#define KRB_AP_ERR_IAKERB_KDC_NOT_FOUND         85 /* The IAKERB proxy could
+                                                      not find a KDC */
+#define KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE       86 /* The KDC did not respond
+                                                      to the IAKERB proxy */
+#define KDC_ERR_PREAUTH_EXPIRED                 90 /* RFC 6113 */
+#define KDC_ERR_MORE_PREAUTH_DATA_REQUIRED      91 /* RFC 6113 */
+#define KRB_ERR_MAX 127 /* err table base max offset for protocol err codes */
+
+/*
+ * A null-terminated array of this structure is returned by the KDC as
+ * the data part of the ETYPE_INFO preauth type.  It informs the
+ * client which encryption types are supported.
+ * The  same data structure is used by both etype-info and etype-info2
+ * but s2kparams must be null when encoding etype-info.
+ */
+typedef struct _krb5_etype_info_entry {
+    krb5_magic      magic;
+    krb5_enctype    etype;
+    unsigned int    length;
+    krb5_octet      *salt;
+    krb5_data s2kparams;
+} krb5_etype_info_entry;
+
+/*
+ *  This is essentially -1 without sign extension which can screw up
+ *  comparisons on 64 bit machines. If the length is this value, then
+ *  the salt data is not present. This is to distinguish between not
+ *  being set and being of 0 length.
+ */
+#define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
+
+typedef krb5_etype_info_entry ** krb5_etype_info;
+
+/* RFC 4537 */
+typedef struct _krb5_etype_list {
+    int             length;
+    krb5_enctype    *etypes;
+} krb5_etype_list;
+
+/* sam_type values -- informational only */
+#define PA_SAM_TYPE_ENIGMA     1   /*  Enigma Logic */
+#define PA_SAM_TYPE_DIGI_PATH  2   /*  Digital Pathways */
+#define PA_SAM_TYPE_SKEY_K0    3   /*  S/key where  KDC has key 0 */
+#define PA_SAM_TYPE_SKEY       4   /*  Traditional S/Key */
+#define PA_SAM_TYPE_SECURID    5   /*  Security Dynamics */
+#define PA_SAM_TYPE_CRYPTOCARD 6   /*  CRYPTOCard */
+#if 1 /* XXX need to figure out who has which numbers assigned */
+#define PA_SAM_TYPE_ACTIVCARD_DEC  6   /*  ActivCard decimal mode */
+#define PA_SAM_TYPE_ACTIVCARD_HEX  7   /*  ActivCard hex mode */
+#define PA_SAM_TYPE_DIGI_PATH_HEX  8   /*  Digital Pathways hex mode */
+#endif
+#define PA_SAM_TYPE_EXP_BASE    128 /* experimental */
+#define PA_SAM_TYPE_GRAIL               (PA_SAM_TYPE_EXP_BASE+0) /* testing */
+#define PA_SAM_TYPE_SECURID_PREDICT     (PA_SAM_TYPE_EXP_BASE+1) /* special */
+
+typedef struct _krb5_sam_challenge_2 {
+    krb5_data       sam_challenge_2_body;
+    krb5_checksum   **sam_cksum;            /* Array of checksums */
+} krb5_sam_challenge_2;
+
+typedef struct _krb5_sam_challenge_2_body {
+    krb5_magic      magic;
+    krb5_int32      sam_type; /* information */
+    krb5_flags      sam_flags; /* KRB5_SAM_* values */
+    krb5_data       sam_type_name;
+    krb5_data       sam_track_id;
+    krb5_data       sam_challenge_label;
+    krb5_data       sam_challenge;
+    krb5_data       sam_response_prompt;
+    krb5_data       sam_pk_for_sad;
+    krb5_int32      sam_nonce;
+    krb5_enctype    sam_etype;
+} krb5_sam_challenge_2_body;
+
+typedef struct _krb5_sam_response_2 {
+    krb5_magic      magic;
+    krb5_int32      sam_type; /* informational */
+    krb5_flags      sam_flags; /* KRB5_SAM_* values */
+    krb5_data       sam_track_id; /* copied */
+    krb5_enc_data   sam_enc_nonce_or_sad; /* krb5_enc_sam_response_enc */
+    krb5_int32      sam_nonce;
+} krb5_sam_response_2;
+
+typedef struct _krb5_enc_sam_response_enc_2 {
+    krb5_magic      magic;
+    krb5_int32      sam_nonce;
+    krb5_data       sam_sad;
+} krb5_enc_sam_response_enc_2;
+
+/*
+ * Keep the pkinit definitions in a separate file so that the plugin
+ * only has to include k5-int-pkinit.h rather than k5-int.h
+ */
+
+#include "k5-int-pkinit.h"
+
+#define KRB5_OTP_FLAG_NEXTOTP        0x40000000
+#define KRB5_OTP_FLAG_COMBINE        0x20000000
+#define KRB5_OTP_FLAG_COLLECT_PIN    0x10000000
+#define KRB5_OTP_FLAG_NO_COLLECT_PIN 0x08000000
+#define KRB5_OTP_FLAG_ENCRYPT_NONCE  0x04000000
+#define KRB5_OTP_FLAG_SEPARATE_PIN   0x02000000
+#define KRB5_OTP_FLAG_CHECK_DIGIT    0x01000000
+
+#define KRB5_OTP_FORMAT_DECIMAL      0x00000000
+#define KRB5_OTP_FORMAT_HEXADECIMAL  0x00000001
+#define KRB5_OTP_FORMAT_ALPHANUMERIC 0x00000002
+#define KRB5_OTP_FORMAT_BINARY       0x00000003
+#define KRB5_OTP_FORMAT_BASE64       0x00000004
+
+typedef struct _krb5_otp_tokeninfo {
+    krb5_flags flags;
+    krb5_data vendor;
+    krb5_data challenge;
+    krb5_int32 length;          /* -1 for unspecified */
+    krb5_int32 format;          /* -1 for unspecified */
+    krb5_data token_id;
+    krb5_data alg_id;
+    krb5_algorithm_identifier **supported_hash_alg;
+    krb5_int32 iteration_count; /* -1 for unspecified */
+} krb5_otp_tokeninfo;
+
+typedef struct _krb5_pa_otp_challenge {
+    krb5_data nonce;
+    krb5_data service;
+    krb5_otp_tokeninfo **tokeninfo;
+    krb5_data salt;
+    krb5_data s2kparams;
+} krb5_pa_otp_challenge;
+
+typedef struct _krb5_pa_otp_req {
+    krb5_int32 flags;
+    krb5_data nonce;
+    krb5_enc_data enc_data;
+    krb5_algorithm_identifier *hash_alg;
+    krb5_int32 iteration_count; /* -1 for unspecified */
+    krb5_data otp_value;
+    krb5_data pin;
+    krb5_data challenge;
+    krb5_timestamp time;
+    krb5_data counter;
+    krb5_int32 format;          /* -1 for unspecified */
+    krb5_data token_id;
+    krb5_data alg_id;
+    krb5_data vendor;
+} krb5_pa_otp_req;
+
+typedef struct _krb5_kkdcp_message {
+    krb5_data kerb_message;
+    krb5_data target_domain;
+    krb5_int32 dclocator_hint;
+} krb5_kkdcp_message;
+
+/* Plain text of an encrypted PA-FX-COOKIE value produced by the KDC. */
+typedef struct _krb5_secure_cookie {
+    time_t time;
+    krb5_pa_data **data;
+} krb5_secure_cookie;
+
+typedef struct _krb5_pa_pac_options {
+    krb5_flags options;
+} krb5_pa_pac_options;
+
+/* In PAC options, indicates Resource-Based Constrained Delegation support. */
+#define KRB5_PA_PAC_OPTIONS_RBCD 0x10000000
+
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef HAVE_STRDUP
+extern char *strdup (const char *);
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#include <time.h>
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>                   /* struct stat, stat() */
+#endif
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>                  /* MAXPATHLEN */
+#endif
+
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>                   /* prototypes for file-related
+                                           syscalls; flags for open &
+                                           friends */
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <stdio.h>
+
+#include "k5-gmt_mktime.h"
+
+/* libos.spec */
+krb5_error_code krb5_lock_file(krb5_context, int, int);
+krb5_error_code krb5_unlock_file(krb5_context, int);
+krb5_error_code krb5_sendto_kdc(krb5_context, const krb5_data *,
+                                const krb5_data *, krb5_data *, int *, int);
+
+krb5_error_code krb5int_init_context_kdc(krb5_context *);
+
+struct derived_key {
+    krb5_data constant;
+    krb5_key dkey;
+    struct derived_key *next;
+};
+
+/* Internal structure of an opaque key identifier */
+struct krb5_key_st {
+    krb5_keyblock keyblock;
+    int refcount;
+    struct derived_key *derived;
+    /*
+     * Cache of data private to the cipher implementation, which we
+     * don't want to have to recompute for every operation.  This may
+     * include key schedules, iteration counts, etc.
+     *
+     * The cipher implementation is responsible for setting this up
+     * whenever needed, and the enc_provider key_cleanup method must
+     * then be provided to dispose of it.
+     */
+    void *cache;
+};
+
+krb5_error_code
+krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
+                         const krb5_data *kd_data, krb5_crypto_iov *data,
+                         size_t num_data);
+
+#define K5_SHA256_HASHLEN (256 / 8)
+
+/* Write the SHA-256 hash of in (containing n elements) to out. */
+krb5_error_code
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN]);
+
+/* Convenience function: zap and free ptr if it is non-NULL. */
+static inline void
+zapfree(void *ptr, size_t len)
+{
+    if (ptr != NULL) {
+        zap(ptr, len);
+        free(ptr);
+    }
+}
+
+/* Convenience function: zap and free zero-terminated str if it is non-NULL. */
+static inline void
+zapfreestr(void *str)
+{
+    if (str != NULL) {
+        zap(str, strlen((char *)str));
+        free(str);
+    }
+}
+
+/* Convenience function: zap and free krb5_data pointer if it is non-NULL. */
+static inline void
+zapfreedata(krb5_data *data)
+{
+    if (data != NULL) {
+        zapfree(data->data, data->length);
+        free(data);
+    }
+}
+
+void krb5int_c_free_keyblock(krb5_context, krb5_keyblock *key);
+void krb5int_c_free_keyblock_contents(krb5_context, krb5_keyblock *);
+krb5_error_code krb5int_c_init_keyblock(krb5_context, krb5_enctype enctype,
+                                        size_t length, krb5_keyblock **out);
+krb5_error_code krb5int_c_copy_keyblock(krb5_context context,
+                                        const krb5_keyblock *from,
+                                        krb5_keyblock **to);
+krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context,
+                                                 const krb5_keyblock *from,
+                                                 krb5_keyblock *to);
+
+krb5_error_code krb5_crypto_us_timeofday(krb5_timestamp *, krb5_int32 *);
+
+/*
+ * End "los-proto.h"
+ */
+
+typedef struct _krb5_os_context {
+    krb5_magic              magic;
+    krb5_int32              time_offset;
+    krb5_int32              usec_offset;
+    krb5_int32              os_flags;
+    char *                  default_ccname;
+} *krb5_os_context;
+
+/*
+ * Flags for the os_flags field
+ *
+ * KRB5_OS_TOFFSET_VALID means that the time offset fields are valid.
+ * The intention is that this facility to correct the system clocks so
+ * that they reflect the "real" time, for systems where for some
+ * reason we can't set the system clock.  Instead we calculate the
+ * offset between the system time and real time, and store the offset
+ * in the os context so that we can correct the system clock as necessary.
+ *
+ * KRB5_OS_TOFFSET_TIME means that the time offset fields should be
+ * returned as the time by the krb5 time routines.  This should only
+ * be used for testing purposes (obviously!)
+ */
+#define KRB5_OS_TOFFSET_VALID   1
+#define KRB5_OS_TOFFSET_TIME    2
+
+/* lock mode flags */
+#define KRB5_LOCKMODE_SHARED    0x0001
+#define KRB5_LOCKMODE_EXCLUSIVE 0x0002
+#define KRB5_LOCKMODE_DONTBLOCK 0x0004
+#define KRB5_LOCKMODE_UNLOCK    0x0008
+
+/*
+ * Begin "preauth.h"
+ *
+ * (Originally written by Glen Machin at Sandia Labs.)
+ */
+/*
+ * Sandia National Laboratories also makes no representations about the
+ * suitability of the modifications, or additions to this software for
+ * any purpose.  It is provided "as is" without express or implied warranty.
+ */
+#ifndef KRB5_PREAUTH__
+#define KRB5_PREAUTH__
+
+typedef struct _krb5_pa_enc_ts {
+    krb5_timestamp      patimestamp;
+    krb5_int32          pausec;
+} krb5_pa_enc_ts;
+
+typedef struct _krb5_pa_for_user {
+    krb5_principal      user;
+    krb5_checksum       cksum;
+    krb5_data           auth_package;
+} krb5_pa_for_user;
+
+typedef struct _krb5_s4u_userid {
+    krb5_int32          nonce;
+    krb5_principal      user;
+    krb5_data           subject_cert;
+    krb5_flags          options;
+} krb5_s4u_userid;
+
+#define KRB5_S4U_OPTS_CHECK_LOGON_HOURS         0x40000000 /* check logon hour restrictions */
+#define KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE       0x20000000 /* sign with usage 27 instead of 26 */
+
+typedef struct _krb5_pa_s4u_x509_user {
+    krb5_s4u_userid     user_id;
+    krb5_checksum       cksum;
+} krb5_pa_s4u_x509_user;
+
+enum {
+    KRB5_FAST_ARMOR_AP_REQUEST = 0x1
+};
+
+typedef struct _krb5_fast_armor {
+    krb5_int32 armor_type;
+    krb5_data armor_value;
+} krb5_fast_armor;
+typedef struct _krb5_fast_armored_req {
+    krb5_magic magic;
+    krb5_fast_armor *armor;
+    krb5_checksum req_checksum;
+    krb5_enc_data enc_part;
+} krb5_fast_armored_req;
+
+typedef struct _krb5_fast_req {
+    krb5_magic magic;
+    krb5_flags fast_options;
+    /* padata from req_body is used*/
+    krb5_kdc_req *req_body;
+} krb5_fast_req;
+
+/* Bits 0-15 are critical in FAST options (RFC 6113 section 7.3). */
+#define UNSUPPORTED_CRITICAL_FAST_OPTIONS   0xbfff0000
+#define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES  0x40000000
+
+typedef struct _krb5_fast_finished {
+    krb5_timestamp timestamp;
+    krb5_int32 usec;
+    krb5_principal client;
+    krb5_checksum ticket_checksum;
+} krb5_fast_finished;
+
+typedef struct _krb5_fast_response {
+    krb5_magic magic;
+    krb5_pa_data **padata;
+    krb5_keyblock *strengthen_key;
+    krb5_fast_finished *finished;
+    krb5_int32 nonce;
+} krb5_fast_response;
+
+typedef struct _krb5_ad_kdcissued {
+    krb5_checksum ad_checksum;
+    krb5_principal i_principal;
+    krb5_authdata **elements;
+} krb5_ad_kdcissued;
+
+typedef struct _krb5_iakerb_header {
+    krb5_data target_realm;
+    krb5_data *cookie;
+} krb5_iakerb_header;
+
+typedef struct _krb5_iakerb_finished {
+    krb5_checksum checksum;
+} krb5_iakerb_finished;
+
+typedef struct _krb5_verifier_mac {
+    krb5_principal princ;
+    krb5_kvno kvno;
+    krb5_enctype enctype;
+    krb5_checksum checksum;
+} krb5_verifier_mac;
+
+/*
+ * AD-CAMMAC's other-verifiers field is a sequence of Verifier, which is an
+ * extensible choice with only one selection, Verifier-MAC.  For the time being
+ * we will represent this field directly as an array of krb5_verifier_mac.
+ * That will have to change if other selections are added.
+ */
+typedef struct _krb5_cammac {
+    krb5_authdata **elements;
+    krb5_verifier_mac *kdc_verifier;
+    krb5_verifier_mac *svc_verifier;
+    krb5_verifier_mac **other_verifiers;
+} krb5_cammac;
+
+void krb5_free_etype_info(krb5_context, krb5_etype_info);
+
+krb5_pa_data *
+krb5int_find_pa_data(krb5_context, krb5_pa_data *const *, krb5_preauthtype);
+/* Does not return a copy; original padata sequence responsible for freeing*/
+
+/* Allocate a pa-data object with uninitialized contents of size len.  If len
+ * is 0, set the contents field to NULL. */
+krb5_error_code
+k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out);
+
+/* Free a single pa-data object. */
+void
+k5_free_pa_data_element(krb5_pa_data *pa);
+
+/* Without copying, add single element *pa to *list, reallocating as necessary.
+ * If *list is NULL, allocate a new list.  Set *pa to NULL on success. */
+krb5_error_code
+k5_add_pa_data_element(krb5_pa_data ***list, krb5_pa_data **pa);
+
+/* Without copying, add a pa-data element of type pa_type to *list with the
+ * contents in data.  Set *data to empty_data() on success. */
+krb5_error_code
+k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type,
+                         krb5_data *data);
+
+/* Add an empty pa-data element of type pa_type to *list. */
+krb5_error_code
+k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type);
+
+#endif /* KRB5_PREAUTH__ */
+/*
+ * End "preauth.h"
+ */
+
+krb5_error_code
+krb5int_copy_data_contents(krb5_context, const krb5_data *, krb5_data *);
+
+krb5_error_code
+krb5int_copy_data_contents_add0(krb5_context, const krb5_data *, krb5_data *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2(krb5_context, krb5_sam_challenge_2 *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_body(krb5_context, krb5_sam_challenge_2_body *);
+
+void KRB5_CALLCONV
+krb5_free_sam_response_2(krb5_context, krb5_sam_response_2 *);
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_2(krb5_context, krb5_enc_sam_response_enc_2 *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_contents(krb5_context, krb5_sam_challenge_2 *);
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_body_contents(krb5_context,
+                                        krb5_sam_challenge_2_body *);
+
+void KRB5_CALLCONV
+krb5_free_sam_response_2_contents(krb5_context, krb5_sam_response_2 *);
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_2_contents(krb5_context,
+                                          krb5_enc_sam_response_enc_2 * );
+
+void KRB5_CALLCONV
+krb5_free_pa_enc_ts(krb5_context, krb5_pa_enc_ts *);
+
+void KRB5_CALLCONV
+krb5_free_pa_for_user(krb5_context, krb5_pa_for_user *);
+
+void KRB5_CALLCONV
+krb5_free_s4u_userid_contents(krb5_context, krb5_s4u_userid *);
+
+void KRB5_CALLCONV
+krb5_free_pa_s4u_x509_user(krb5_context, krb5_pa_s4u_x509_user *);
+
+void KRB5_CALLCONV
+krb5_free_pa_pac_req(krb5_context, krb5_pa_pac_req * );
+
+void KRB5_CALLCONV krb5_free_fast_armor(krb5_context, krb5_fast_armor *);
+void KRB5_CALLCONV krb5_free_fast_armored_req(krb5_context,
+                                              krb5_fast_armored_req *);
+void KRB5_CALLCONV krb5_free_fast_req(krb5_context, krb5_fast_req *);
+void KRB5_CALLCONV krb5_free_fast_finished(krb5_context, krb5_fast_finished *);
+void KRB5_CALLCONV krb5_free_fast_response(krb5_context, krb5_fast_response *);
+void KRB5_CALLCONV krb5_free_ad_kdcissued(krb5_context, krb5_ad_kdcissued *);
+void KRB5_CALLCONV krb5_free_iakerb_header(krb5_context, krb5_iakerb_header *);
+void KRB5_CALLCONV krb5_free_iakerb_finished(krb5_context,
+                                             krb5_iakerb_finished *);
+void k5_free_algorithm_identifier(krb5_context context,
+                                  krb5_algorithm_identifier *val);
+void k5_free_otp_tokeninfo(krb5_context context, krb5_otp_tokeninfo *val);
+void k5_free_pa_otp_challenge(krb5_context context,
+                              krb5_pa_otp_challenge *val);
+void k5_free_pa_otp_req(krb5_context context, krb5_pa_otp_req *val);
+void k5_free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val);
+void k5_free_cammac(krb5_context context, krb5_cammac *val);
+void k5_free_secure_cookie(krb5_context context, krb5_secure_cookie *val);
+
+krb5_error_code
+k5_unwrap_cammac_svc(krb5_context context, const krb5_authdata *ad,
+                     const krb5_keyblock *key, krb5_authdata ***adata_out);
+krb5_error_code
+k5_authind_decode(const krb5_authdata *ad, krb5_data ***indicators);
+
+/* #include "krb5/wordsize.h" -- comes in through base-defs.h. */
+#include "com_err.h"
+#include "k5-plugin.h"
+
+#include <krb5/authdata_plugin.h>
+
+struct _krb5_authdata_context {
+    krb5_magic magic;
+    int n_modules;
+    struct _krb5_authdata_context_module {
+        krb5_authdatatype ad_type;
+        void *plugin_context;
+        authdata_client_plugin_fini_proc client_fini;
+        krb5_flags flags;
+        krb5plugin_authdata_client_ftable_v0 *ftable;
+        authdata_client_request_init_proc client_req_init;
+        authdata_client_request_fini_proc client_req_fini;
+        const char *name;
+        void *request_context;
+        void **request_context_pp;
+    } *modules;
+    struct plugin_dir_handle plugins;
+};
+
+typedef struct _krb5_authdata_context *krb5_authdata_context;
+
+void
+k5_free_data_ptr_list(krb5_data **list);
+
+void
+k5_zapfree_pa_data(krb5_pa_data **val);
+
+void KRB5_CALLCONV
+krb5int_free_data_list(krb5_context context, krb5_data *data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_context_init(krb5_context kcontext,
+                           krb5_authdata_context *pcontext);
+
+void KRB5_CALLCONV
+krb5_authdata_context_free(krb5_context kcontext,
+                           krb5_authdata_context context);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_authdata(krb5_context kcontext,
+                              krb5_authdata_context context, krb5_flags usage,
+                              krb5_authdata ***pauthdata);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_get_attribute_types(krb5_context kcontext,
+                                  krb5_authdata_context context,
+                                  krb5_data **attrs);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_get_attribute(krb5_context kcontext,
+                            krb5_authdata_context context,
+                            const krb5_data *attribute,
+                            krb5_boolean *authenticated,
+                            krb5_boolean *complete, krb5_data *value,
+                            krb5_data *display_value, int *more);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_set_attribute(krb5_context kcontext,
+                            krb5_authdata_context context,
+                            krb5_boolean complete, const krb5_data *attribute,
+                            const krb5_data *value);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_delete_attribute(krb5_context kcontext,
+                               krb5_authdata_context context,
+                               const krb5_data *attribute);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_import_attributes(krb5_context kcontext,
+                                krb5_authdata_context context,
+                                krb5_flags usage, const krb5_data *attributes);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_attributes(krb5_context kcontext,
+                                krb5_authdata_context context,
+                                krb5_flags usage, krb5_data **pattributes);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_internal(krb5_context kcontext,
+                              krb5_authdata_context context,
+                              krb5_boolean restrict_authenticated,
+                              const char *module, void **ptr);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_context_copy(krb5_context kcontext, krb5_authdata_context src,
+                           krb5_authdata_context *dst);
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_free_internal(krb5_context kcontext,
+                            krb5_authdata_context context, const char *module,
+                            void *ptr);
+
+/*** Plugin framework ***/
+
+/*
+ * This framework can be used to create pluggable interfaces.  Not all existing
+ * pluggable interface use this framework, but new ones should.  A new
+ * pluggable interface entails:
+ *
+ * - An interface ID definition in the list of #defines below.
+ *
+ * - A name in the interface_names array in lib/krb5/krb/plugins.c.
+ *
+ * - An installed public header file in include/krb5.  The public header should
+ *   include <krb5/plugin.h> and should declare a vtable structure for each
+ *   supported major version of the interface.
+ *
+ * - A consumer API implementation, located within the code unit which makes
+ *   use of the pluggable interface.  The consumer API should consist of:
+ *
+ *   . An interface-specific handle type which contains a vtable structure for
+ *     the module (or a union of several such structures, if there are multiple
+ *     supported major versions) and, optionally, resource data bound to the
+ *     handle.
+ *
+ *   . An interface-specific loader function which creates a handle or list of
+ *     handles.  A list of handles would be created if the interface is a
+ *     one-to-many interface where the consumer wants to consult all available
+ *     modules; a single handle would be created for an interface where the
+ *     consumer wants to consult a specific module.  The loader function should
+ *     use k5_plugin_load or k5_plugin_load_all to produce one or a list of
+ *     vtable initializer functions, and should use those functions to fill in
+ *     the vtable structure for the module (if necessary, trying each supported
+ *     major version starting from the most recent).  The loader function can
+ *     also bind resource data into the handle based on caller arguments, if
+ *     appropriate.
+ *
+ *   . For each plugin method, a wrapper function which accepts a krb5_context,
+ *     a plugin handle, and the method arguments.  Wrapper functions should
+ *     invoke the method function contained in the handle's vtable.
+ *
+ * - Possibly, built-in implementations of the interface, also located within
+ *   the code unit which makes use of the interface.  Built-in implementations
+ *   must be registered with k5_plugin_register before the first call to
+ *   k5_plugin_load or k5_plugin_load_all.
+ *
+ * A pluggable interface should have one or more currently supported major
+ * versions, starting at 1.  Each major version should have a current minor
+ * version, also starting at 1.  If new methods are added to a vtable, the
+ * minor version should be incremented and the vtable structure should document
+ * where each minor vtable version ends.  If method signatures for a vtable are
+ * changed, the major version should be incremented.
+ *
+ * Plugin module implementations (either built-in or dynamically loaded) should
+ * define a function named <interfacename>_<modulename>_initvt, matching the
+ * signature of krb5_plugin_initvt_fn as declared in include/krb5/plugin.h.
+ * The initvt function should check the given maj_ver argument against its own
+ * supported major versions, cast the vtable pointer to the appropriate
+ * interface-specific vtable type, and fill in the vtable methods, stopping as
+ * appropriate for the given min_ver.  Memory for the vtable structure is
+ * allocated by the caller, not by the module.
+ *
+ * Dynamic plugin modules are registered with the framework through the
+ * [plugins] section of the profile, as described in the admin documentation
+ * and krb5.conf man page.
+ */
+
+struct plugin_mapping;
+
+/* Holds krb5_context information about each pluggable interface. */
+struct plugin_interface {
+    struct plugin_mapping **modules;
+    krb5_boolean configured;
+};
+
+/* A list of plugin interface IDs.  Make sure to increment
+ * PLUGIN_NUM_INTERFACES when a new interface is added, and add an entry to the
+ * interface_names table in lib/krb5/krb/plugin.c. */
+#define PLUGIN_INTERFACE_PWQUAL      0
+#define PLUGIN_INTERFACE_KADM5_HOOK  1
+#define PLUGIN_INTERFACE_CLPREAUTH   2
+#define PLUGIN_INTERFACE_KDCPREAUTH  3
+#define PLUGIN_INTERFACE_CCSELECT    4
+#define PLUGIN_INTERFACE_LOCALAUTH   5
+#define PLUGIN_INTERFACE_HOSTREALM   6
+#define PLUGIN_INTERFACE_AUDIT       7
+#define PLUGIN_INTERFACE_TLS         8
+#define PLUGIN_INTERFACE_KDCAUTHDATA 9
+#define PLUGIN_INTERFACE_CERTAUTH    10
+#define PLUGIN_INTERFACE_KADM5_AUTH  11
+#define PLUGIN_INTERFACE_KDCPOLICY   12
+#define PLUGIN_NUM_INTERFACES        13
+
+/* Retrieve the plugin module of type interface_id and name modname,
+ * storing the result into module. */
+krb5_error_code
+k5_plugin_load(krb5_context context, int interface_id, const char *modname,
+               krb5_plugin_initvt_fn *module);
+
+/* Retrieve all plugin modules of type interface_id, storing the result
+ * into modules.  Free the result with k5_plugin_free_handles. */
+krb5_error_code
+k5_plugin_load_all(krb5_context context, int interface_id,
+                   krb5_plugin_initvt_fn **modules);
+
+/* Release a module list allocated by k5_plugin_load_all. */
+void
+k5_plugin_free_modules(krb5_context context, krb5_plugin_initvt_fn *modules);
+
+/* Register a plugin module of type interface_id and name modname. */
+krb5_error_code
+k5_plugin_register(krb5_context context, int interface_id, const char *modname,
+                   krb5_plugin_initvt_fn module);
+
+/*
+ * Register a plugin module which is part of the krb5 tree but is built as a
+ * dynamic plugin.  Look for the module in modsubdir relative to the
+ * context->base_plugin_dir.
+ */
+krb5_error_code
+k5_plugin_register_dyn(krb5_context context, int interface_id,
+                       const char *modname, const char *modsubdir);
+
+/* Destroy the module state within context; used by krb5_free_context. */
+void
+k5_plugin_free_context(krb5_context context);
+
+enum dns_canonhost {
+    CANONHOST_FALSE = 0,
+    CANONHOST_TRUE = 1,
+    CANONHOST_FALLBACK = 2
+};
+
+struct _kdb5_dal_handle;        /* private, in kdb5.h */
+typedef struct _kdb5_dal_handle kdb5_dal_handle;
+struct _kdb_log_context;
+typedef struct krb5_preauth_context_st *krb5_preauth_context;
+struct ccselect_module_handle;
+struct localauth_module_handle;
+struct hostrealm_module_handle;
+struct k5_tls_vtable_st;
+struct _krb5_context {
+    krb5_magic      magic;
+    krb5_enctype    *tgs_etypes;
+    struct _krb5_os_context os_context;
+    char            *default_realm;
+    profile_t       profile;
+    kdb5_dal_handle *dal_handle;
+    /* allowable clock skew */
+    krb5_deltat     clockskew;
+    krb5_flags      kdc_default_options;
+    krb5_flags      library_options;
+    krb5_boolean    profile_secure;
+    int             fcc_default_format;
+    krb5_prompt_type *prompt_types;
+    /* Message size above which we'll try TCP first in send-to-kdc
+       type code.  Aside from the 2**16 size limit, we put no
+       absolute limit on the UDP packet size.  */
+    int             udp_pref_limit;
+
+    /* Use the config-file ktypes instead of app-specified?  */
+    krb5_boolean    use_conf_ktypes;
+
+    /* locate_kdc module stuff */
+    struct plugin_dir_handle libkrb5_plugins;
+
+    /* preauth module stuff */
+    krb5_preauth_context preauth_context;
+
+    /* cache module stuff */
+    struct ccselect_module_handle **ccselect_handles;
+
+    /* localauth module stuff */
+    struct localauth_module_handle **localauth_handles;
+
+    /* hostrealm module stuff */
+    struct hostrealm_module_handle **hostrealm_handles;
+
+    /* TLS module vtable (if loaded) */
+    struct k5_tls_vtable_st *tls;
+
+    /* error detail info */
+    struct errinfo err;
+    char *err_fmt;
+
+    /* For Sun iprop code; does this really have to be here?  */
+    struct _kdb_log_context *kdblog_context;
+
+    krb5_boolean allow_weak_crypto;
+    krb5_boolean allow_des3;
+    krb5_boolean allow_rc4;
+    krb5_boolean ignore_acceptor_hostname;
+    krb5_boolean enforce_ok_as_delegate;
+    enum dns_canonhost dns_canonicalize_hostname;
+
+    krb5_trace_callback trace_callback;
+    void *trace_callback_data;
+
+    krb5_pre_send_fn kdc_send_hook;
+    void *kdc_send_hook_data;
+
+    krb5_post_recv_fn kdc_recv_hook;
+    void *kdc_recv_hook_data;
+
+    struct plugin_interface plugins[PLUGIN_NUM_INTERFACES];
+    char *plugin_base_dir;
+};
+
+/* could be used in a table to find an etype and initialize a block */
+
+
+#define KRB5_LIBOPT_SYNC_KDCTIME        0x0001
+
+/* internal message representations */
+
+typedef struct _krb5_safe {
+    krb5_magic magic;
+    krb5_data user_data;                /* user data */
+    krb5_timestamp timestamp;           /* client time, optional */
+    krb5_int32 usec;                    /* microsecond portion of time,
+                                           optional */
+    krb5_ui_4 seq_number;               /* sequence #, optional */
+    krb5_address *s_address;    /* sender address */
+    krb5_address *r_address;    /* recipient address, optional */
+    krb5_checksum *checksum;    /* data integrity checksum */
+} krb5_safe;
+
+typedef struct _krb5_priv {
+    krb5_magic magic;
+    krb5_enc_data enc_part;             /* encrypted part */
+} krb5_priv;
+
+typedef struct _krb5_priv_enc_part {
+    krb5_magic magic;
+    krb5_data user_data;                /* user data */
+    krb5_timestamp timestamp;           /* client time, optional */
+    krb5_int32 usec;                    /* microsecond portion of time, opt. */
+    krb5_ui_4 seq_number;               /* sequence #, optional */
+    krb5_address *s_address;    /* sender address */
+    krb5_address *r_address;    /* recipient address, optional */
+} krb5_priv_enc_part;
+
+void KRB5_CALLCONV krb5_free_safe(krb5_context, krb5_safe *);
+void KRB5_CALLCONV krb5_free_priv(krb5_context, krb5_priv *);
+void KRB5_CALLCONV krb5_free_priv_enc_part(krb5_context, krb5_priv_enc_part *);
+
+/*
+ * Begin "asn1.h"
+ */
+#ifndef KRB5_ASN1__
+#define KRB5_ASN1__
+
+/* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
+/* here we use some knowledge of ASN.1 encodings */
+/*
+  Ticket is APPLICATION 1.
+  Authenticator is APPLICATION 2.
+  AS_REQ is APPLICATION 10.
+  AS_REP is APPLICATION 11.
+  TGS_REQ is APPLICATION 12.
+  TGS_REP is APPLICATION 13.
+  AP_REQ is APPLICATION 14.
+  AP_REP is APPLICATION 15.
+  KRB_SAFE is APPLICATION 20.
+  KRB_PRIV is APPLICATION 21.
+  KRB_CRED is APPLICATION 22.
+  EncASRepPart is APPLICATION 25.
+  EncTGSRepPart is APPLICATION 26.
+  EncAPRepPart is APPLICATION 27.
+  EncKrbPrivPart is APPLICATION 28.
+  EncKrbCredPart is APPLICATION 29.
+  KRB_ERROR is APPLICATION 30.
+*/
+/* allow either constructed or primitive encoding, so check for bit 6
+   set or reset */
+#define krb5int_is_app_tag(dat,tag)                     \
+    ((dat != NULL) && (dat)->length &&                  \
+     ((((dat)->data[0] & ~0x20) == ((tag) | 0x40))))
+#define krb5_is_krb_ticket(dat)               krb5int_is_app_tag(dat, 1)
+#define krb5_is_krb_authenticator(dat)        krb5int_is_app_tag(dat, 2)
+#define krb5_is_as_req(dat)                   krb5int_is_app_tag(dat, 10)
+#define krb5_is_as_rep(dat)                   krb5int_is_app_tag(dat, 11)
+#define krb5_is_tgs_req(dat)                  krb5int_is_app_tag(dat, 12)
+#define krb5_is_tgs_rep(dat)                  krb5int_is_app_tag(dat, 13)
+#define krb5_is_ap_req(dat)                   krb5int_is_app_tag(dat, 14)
+#define krb5_is_ap_rep(dat)                   krb5int_is_app_tag(dat, 15)
+#define krb5_is_krb_safe(dat)                 krb5int_is_app_tag(dat, 20)
+#define krb5_is_krb_priv(dat)                 krb5int_is_app_tag(dat, 21)
+#define krb5_is_krb_cred(dat)                 krb5int_is_app_tag(dat, 22)
+#define krb5_is_krb_enc_as_rep_part(dat)      krb5int_is_app_tag(dat, 25)
+#define krb5_is_krb_enc_tgs_rep_part(dat)     krb5int_is_app_tag(dat, 26)
+#define krb5_is_krb_enc_ap_rep_part(dat)      krb5int_is_app_tag(dat, 27)
+#define krb5_is_krb_enc_krb_priv_part(dat)    krb5int_is_app_tag(dat, 28)
+#define krb5_is_krb_enc_krb_cred_part(dat)    krb5int_is_app_tag(dat, 29)
+#define krb5_is_krb_error(dat)                krb5int_is_app_tag(dat, 30)
+
+/*************************************************************************
+ * Prototypes for krb5_encode.c
+ *************************************************************************/
+
+/*
+  krb5_error_code encode_krb5_structure(const krb5_structure *rep,
+  krb5_data **code);
+  modifies  *code
+  effects   Returns the ASN.1 encoding of *rep in **code.
+  Returns ASN1_MISSING_FIELD if a required field is empty in *rep.
+  Returns ENOMEM if memory runs out.
+*/
+
+krb5_error_code
+encode_krb5_authenticator(const krb5_authenticator *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep,
+                             krb5_data **code);
+
+/* yes, the translation is identical to that used for KDC__REP */
+krb5_error_code
+encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code);
+
+/* yes, the translation is identical to that used for KDC__REP */
+krb5_error_code
+encode_krb5_tgs_rep(const krb5_kdc_rep *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_ap_req(const krb5_ap_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_ap_rep(const krb5_ap_rep *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_as_req(const krb5_kdc_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_tgs_req(const krb5_kdc_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_kdc_req_body(const krb5_kdc_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_safe(const krb5_safe *rep, krb5_data **code);
+
+struct krb5_safe_with_body {
+    krb5_safe *safe;
+    krb5_data *body;
+};
+krb5_error_code
+encode_krb5_safe_with_body(const struct krb5_safe_with_body *rep,
+                           krb5_data **code);
+
+krb5_error_code
+encode_krb5_priv(const krb5_priv *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_cred(const krb5_cred *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_checksum(const krb5_checksum *, krb5_data **);
+
+krb5_error_code
+encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_error(const krb5_error *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_authdata(krb5_authdata *const *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_typed_data(krb5_pa_data *const *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_etype_info(krb5_etype_info_entry *const *, krb5_data **code);
+
+krb5_error_code
+encode_krb5_etype_info2(krb5_etype_info_entry *const *, krb5_data **code);
+
+krb5_error_code
+encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *, krb5_data **);
+
+krb5_error_code
+encode_krb5_sam_challenge_2(const krb5_sam_challenge_2 * , krb5_data **);
+
+krb5_error_code
+encode_krb5_sam_challenge_2_body(const krb5_sam_challenge_2_body *,
+                                 krb5_data **);
+
+krb5_error_code
+encode_krb5_enc_sam_response_enc_2(const krb5_enc_sam_response_enc_2 *,
+                                   krb5_data **);
+
+krb5_error_code
+encode_krb5_sam_response_2(const krb5_sam_response_2 * , krb5_data **);
+
+struct krb5_setpw_req {
+    krb5_principal target;
+    krb5_data password;
+};
+krb5_error_code
+encode_krb5_setpw_req(const struct krb5_setpw_req *rep, krb5_data **code);
+
+krb5_error_code
+encode_krb5_pa_for_user(const krb5_pa_for_user *, krb5_data **);
+
+krb5_error_code
+encode_krb5_s4u_userid(const krb5_s4u_userid *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_s4u_x509_user(const krb5_pa_s4u_x509_user *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_pac_req(const krb5_pa_pac_req *, krb5_data **);
+
+krb5_error_code
+encode_krb5_etype_list(const krb5_etype_list * , krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_fx_fast_request(const krb5_fast_armored_req *, krb5_data **);
+
+krb5_error_code
+encode_krb5_fast_req(const krb5_fast_req *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_fx_fast_reply(const krb5_enc_data *, krb5_data **);
+
+krb5_error_code
+encode_krb5_iakerb_header(const krb5_iakerb_header *, krb5_data **);
+
+krb5_error_code
+encode_krb5_iakerb_finished(const krb5_iakerb_finished *, krb5_data **);
+
+krb5_error_code
+encode_krb5_fast_response(const krb5_fast_response *, krb5_data **);
+
+krb5_error_code
+encode_krb5_ad_kdcissued(const krb5_ad_kdcissued *, krb5_data **);
+
+krb5_error_code
+encode_krb5_otp_tokeninfo(const krb5_otp_tokeninfo *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_otp_challenge(const krb5_pa_otp_challenge *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_otp_req(const krb5_pa_otp_req *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **);
+
+krb5_error_code
+encode_krb5_kkdcp_message(const krb5_kkdcp_message *, krb5_data **);
+
+krb5_error_code
+encode_krb5_cammac(const krb5_cammac *, krb5_data **);
+
+krb5_error_code
+encode_utf8_strings(krb5_data *const *ut8fstrings, krb5_data **);
+
+krb5_error_code
+encode_krb5_secure_cookie(const krb5_secure_cookie *, krb5_data **);
+
+krb5_error_code
+encode_krb5_pa_pac_options(const krb5_pa_pac_options *, krb5_data **);
+
+/*************************************************************************
+ * End of prototypes for krb5_encode.c
+ *************************************************************************/
+
+krb5_error_code
+decode_krb5_sam_challenge_2(const krb5_data *, krb5_sam_challenge_2 **);
+
+krb5_error_code
+decode_krb5_sam_challenge_2_body(const krb5_data *,
+                                 krb5_sam_challenge_2_body **);
+
+krb5_error_code
+decode_krb5_enc_sam_response_enc_2(const krb5_data *,
+                                   krb5_enc_sam_response_enc_2 **);
+
+krb5_error_code
+decode_krb5_sam_response_2(const krb5_data *, krb5_sam_response_2 **);
+
+
+/*************************************************************************
+ * Prototypes for krb5_decode.c
+ *************************************************************************/
+/*
+  krb5_error_code decode_krb5_structure(const krb5_data *code,
+  krb5_structure **rep);
+
+  requires  Expects **rep to not have been allocated;
+  a new *rep is allocated regardless of the old value.
+  effects   Decodes *code into **rep.
+  Returns ENOMEM if memory is exhausted.
+  Returns asn1 and krb5 errors.
+*/
+
+krb5_error_code
+decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **rep);
+
+krb5_error_code
+decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep);
+
+krb5_error_code
+decode_krb5_encryption_key(const krb5_data *output, krb5_keyblock **rep);
+
+krb5_error_code
+decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep);
+
+krb5_error_code
+decode_krb5_enc_kdc_rep_part(const krb5_data *output,
+                             krb5_enc_kdc_rep_part **rep);
+
+krb5_error_code
+decode_krb5_as_rep(const krb5_data *output, krb5_kdc_rep **rep);
+
+krb5_error_code
+decode_krb5_tgs_rep(const krb5_data *output, krb5_kdc_rep **rep);
+
+krb5_error_code
+decode_krb5_ap_req(const krb5_data *output, krb5_ap_req **rep);
+
+krb5_error_code
+decode_krb5_ap_rep(const krb5_data *output, krb5_ap_rep **rep);
+
+krb5_error_code
+decode_krb5_ap_rep_enc_part(const krb5_data *output,
+                            krb5_ap_rep_enc_part **rep);
+
+krb5_error_code
+decode_krb5_as_req(const krb5_data *output, krb5_kdc_req **rep);
+
+krb5_error_code
+decode_krb5_tgs_req(const krb5_data *output, krb5_kdc_req **rep);
+
+krb5_error_code
+decode_krb5_kdc_req_body(const krb5_data *output, krb5_kdc_req **rep);
+
+krb5_error_code
+decode_krb5_safe(const krb5_data *output, krb5_safe **rep);
+
+krb5_error_code
+decode_krb5_safe_with_body(const krb5_data *output, krb5_safe **rep,
+                           krb5_data **body);
+
+krb5_error_code
+decode_krb5_priv(const krb5_data *output, krb5_priv **rep);
+
+krb5_error_code
+decode_krb5_enc_priv_part(const krb5_data *output, krb5_priv_enc_part **rep);
+krb5_error_code
+decode_krb5_checksum(const krb5_data *, krb5_checksum **);
+
+krb5_error_code
+decode_krb5_cred(const krb5_data *output, krb5_cred **rep);
+
+krb5_error_code
+decode_krb5_enc_cred_part(const krb5_data *output, krb5_cred_enc_part **rep);
+
+krb5_error_code
+decode_krb5_error(const krb5_data *output, krb5_error **rep);
+
+krb5_error_code
+decode_krb5_authdata(const krb5_data *output, krb5_authdata ***rep);
+
+krb5_error_code
+decode_krb5_padata_sequence(const krb5_data *output, krb5_pa_data ***rep);
+
+krb5_error_code
+decode_krb5_typed_data(const krb5_data *, krb5_pa_data ***);
+
+krb5_error_code
+decode_krb5_etype_info(const krb5_data *output, krb5_etype_info_entry ***rep);
+
+krb5_error_code
+decode_krb5_etype_info2(const krb5_data *output, krb5_etype_info_entry ***rep);
+
+krb5_error_code
+decode_krb5_enc_data(const krb5_data *output, krb5_enc_data **rep);
+
+krb5_error_code
+decode_krb5_pa_enc_ts(const krb5_data *output, krb5_pa_enc_ts **rep);
+
+krb5_error_code
+decode_krb5_setpw_req(const krb5_data *, krb5_data **, krb5_principal *);
+
+krb5_error_code
+decode_krb5_pa_for_user(const krb5_data *, krb5_pa_for_user **);
+
+krb5_error_code
+decode_krb5_pa_s4u_x509_user(const krb5_data *, krb5_pa_s4u_x509_user **);
+
+krb5_error_code
+decode_krb5_pa_pac_req(const krb5_data *, krb5_pa_pac_req **);
+
+krb5_error_code
+decode_krb5_etype_list(const krb5_data *, krb5_etype_list **);
+
+krb5_error_code
+decode_krb5_pa_fx_fast_request(const krb5_data *, krb5_fast_armored_req **);
+
+krb5_error_code
+decode_krb5_fast_req(const krb5_data *, krb5_fast_req **);
+
+krb5_error_code
+decode_krb5_pa_fx_fast_reply(const krb5_data *, krb5_enc_data **);
+
+krb5_error_code
+decode_krb5_fast_response(const krb5_data *, krb5_fast_response **);
+
+krb5_error_code
+decode_krb5_ad_kdcissued(const krb5_data *, krb5_ad_kdcissued **);
+
+krb5_error_code
+decode_krb5_iakerb_header(const krb5_data *, krb5_iakerb_header **);
+
+krb5_error_code
+decode_krb5_iakerb_finished(const krb5_data *, krb5_iakerb_finished **);
+
+krb5_error_code
+decode_krb5_otp_tokeninfo(const krb5_data *, krb5_otp_tokeninfo **);
+
+krb5_error_code
+decode_krb5_pa_otp_challenge(const krb5_data *, krb5_pa_otp_challenge **);
+
+krb5_error_code
+decode_krb5_pa_otp_req(const krb5_data *, krb5_pa_otp_req **);
+
+krb5_error_code
+decode_krb5_pa_otp_enc_req(const krb5_data *, krb5_data **);
+
+krb5_error_code
+decode_krb5_kkdcp_message(const krb5_data *, krb5_kkdcp_message **);
+
+krb5_error_code
+decode_krb5_cammac(const krb5_data *, krb5_cammac **);
+
+krb5_error_code
+decode_utf8_strings(const krb5_data *, krb5_data ***);
+
+krb5_error_code
+decode_krb5_secure_cookie(const krb5_data *, krb5_secure_cookie **);
+
+krb5_error_code
+decode_krb5_pa_pac_options(const krb5_data *, krb5_pa_pac_options **);
+
+struct _krb5_key_data;          /* kdb.h */
+
+struct ldap_seqof_key_data {
+    krb5_int32 mkvno;           /* Master key version number */
+    krb5_ui_2 kvno;             /* kvno of key_data elements (all the same) */
+    struct _krb5_key_data *key_data;
+    krb5_int16 n_key_data;
+};
+typedef struct ldap_seqof_key_data ldap_seqof_key_data;
+
+krb5_error_code
+krb5int_ldap_encode_sequence_of_keys(const ldap_seqof_key_data *val,
+                                     krb5_data **code);
+
+krb5_error_code
+krb5int_ldap_decode_sequence_of_keys(const krb5_data *in,
+                                     ldap_seqof_key_data **rep);
+
+/*************************************************************************
+ * End of prototypes for krb5_decode.c
+ *************************************************************************/
+
+#endif /* KRB5_ASN1__ */
+/*
+ * End "asn1.h"
+ */
+
+
+/*
+ * Internal krb5 library routines
+ */
+krb5_error_code
+krb5_encrypt_tkt_part(krb5_context, const krb5_keyblock *, krb5_ticket *);
+
+krb5_error_code
+krb5_encode_kdc_rep(krb5_context, krb5_msgtype, const krb5_enc_kdc_rep_part *,
+                    int using_subkey, const krb5_keyblock *, krb5_kdc_rep *,
+                    krb5_data ** );
+
+/* Return true if s is non-empty and composed solely of digits. */
+krb5_boolean
+k5_is_string_numeric(const char *s);
+
+krb5_error_code
+k5_parse_host_string(const char *address, int default_port, char **host_out,
+                     int *port_out);
+
+krb5_error_code
+k5_size_authdata_context(krb5_context kcontext, krb5_authdata_context context,
+                         size_t *sizep);
+
+krb5_error_code
+k5_externalize_authdata_context(krb5_context kcontext,
+                                krb5_authdata_context context,
+                                krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_authdata_context(krb5_context kcontext,
+                                krb5_authdata_context *ptr,
+                                krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_auth_context(krb5_auth_context auth_context, size_t *sizep);
+
+krb5_error_code
+k5_externalize_auth_context(krb5_auth_context auth_context,
+                            krb5_octet **buffer, size_t *lenremain);
+krb5_error_code
+k5_internalize_auth_context(krb5_auth_context *argp,
+                            krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_authdata(krb5_authdata *authdata, size_t *sizep);
+
+krb5_error_code
+k5_externalize_authdata(krb5_authdata *authdata,
+                        krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_authdata(krb5_authdata **authdata,
+                        krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_address(krb5_address *address, size_t *sizep);
+
+krb5_error_code
+k5_externalize_address(krb5_address *address,
+                       krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_address(krb5_address **argp,
+                       krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_authenticator(krb5_authenticator *authenticator, size_t *sizep);
+
+krb5_error_code
+k5_externalize_authenticator(krb5_authenticator *authenticator,
+                             krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_authenticator(krb5_authenticator **argp,
+                             krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_checksum(krb5_checksum *checksum, size_t *sizep);
+
+krb5_error_code
+k5_externalize_checksum(krb5_checksum *checksum,
+                        krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_checksum(krb5_checksum **argp,
+                        krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_context(krb5_context context, size_t *sizep);
+
+krb5_error_code
+k5_externalize_context(krb5_context context,
+                       krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_context(krb5_context *argp,
+                       krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_keyblock(krb5_keyblock *keyblock, size_t *sizep);
+
+krb5_error_code
+k5_externalize_keyblock(krb5_keyblock *keyblock,
+                        krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_keyblock(krb5_keyblock **argp,
+                        krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_size_principal(krb5_principal principal, size_t *sizep);
+
+krb5_error_code
+k5_externalize_principal(krb5_principal principal,
+                         krb5_octet **buffer, size_t *lenremain);
+
+krb5_error_code
+k5_internalize_principal(krb5_principal *argp,
+                         krb5_octet **buffer, size_t *lenremain);
+
+/*
+ * Initialization routines.
+ */
+
+/* [De]serialize 4-byte integer */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int32(krb5_int32, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int32(krb5_int32 *, krb5_octet **, size_t *);
+
+/* [De]serialize 8-byte integer */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int64(int64_t, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int64(int64_t *, krb5_octet **, size_t *);
+
+/* [De]serialize byte string */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *);
+
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_default(krb5_context, krb5_ccache *);
+
+krb5_error_code
+k5_cc_store_primary_cred(krb5_context, krb5_ccache, krb5_creds *);
+
+/* Fill in the buffer with random alphanumeric data. */
+krb5_error_code
+krb5int_random_string(krb5_context, char *string, unsigned int length);
+
+/* value to use when requesting a keytab entry and KVNO doesn't matter */
+#define IGNORE_VNO 0
+/* value to use when requesting a keytab entry and enctype doesn't matter */
+#define IGNORE_ENCTYPE 0
+
+/* To keep happy libraries which are (for now) accessing internal stuff */
+
+/* Make sure to increment by one when changing the struct */
+#define KRB5INT_ACCESS_STRUCT_VERSION 23
+
+typedef struct _krb5int_access {
+    krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
+                                                   krb5_auth_context,
+                                                   krb5_enctype *);
+
+    krb5_error_code (*mandatory_cksumtype)(krb5_context, krb5_enctype,
+                                           krb5_cksumtype *);
+    krb5_error_code (KRB5_CALLCONV *ser_pack_int64)(int64_t, krb5_octet **,
+                                                    size_t *);
+    krb5_error_code (KRB5_CALLCONV *ser_unpack_int64)(int64_t *, krb5_octet **,
+                                                      size_t *);
+
+    /* Used for KDB LDAP back end.  */
+    krb5_error_code
+    (*asn1_ldap_encode_sequence_of_keys)(const ldap_seqof_key_data *val,
+                                         krb5_data **code);
+
+    krb5_error_code
+    (*asn1_ldap_decode_sequence_of_keys)(const krb5_data *in,
+                                         ldap_seqof_key_data **);
+
+    /*
+     * pkinit asn.1 encode/decode functions
+     */
+    krb5_error_code
+    (*encode_krb5_auth_pack)(const krb5_auth_pack *rep, krb5_data **code);
+
+    krb5_error_code
+    (*encode_krb5_kdc_dh_key_info)(const krb5_kdc_dh_key_info *rep,
+                                   krb5_data **code);
+
+    krb5_error_code
+    (*encode_krb5_pa_pk_as_rep)(const krb5_pa_pk_as_rep *rep,
+                                krb5_data **code);
+
+    krb5_error_code
+    (*encode_krb5_pa_pk_as_req)(const krb5_pa_pk_as_req *rep,
+                                krb5_data **code);
+
+    krb5_error_code
+    (*encode_krb5_reply_key_pack)(const krb5_reply_key_pack *,
+                                  krb5_data **code);
+
+    krb5_error_code
+    (*encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
+                                    krb5_data **code);
+
+    krb5_error_code
+    (*encode_krb5_td_trusted_certifiers)(krb5_external_principal_identifier *
+                                         const *, krb5_data **code);
+
+    krb5_error_code
+    (*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **);
+
+    krb5_error_code
+    (*decode_krb5_pa_pk_as_req)(const krb5_data *, krb5_pa_pk_as_req **);
+
+    krb5_error_code
+    (*decode_krb5_pa_pk_as_rep)(const krb5_data *, krb5_pa_pk_as_rep **);
+
+    krb5_error_code
+    (*decode_krb5_kdc_dh_key_info)(const krb5_data *, krb5_kdc_dh_key_info **);
+
+    krb5_error_code
+    (*decode_krb5_principal_name)(const krb5_data *, krb5_principal_data **);
+
+    krb5_error_code
+    (*decode_krb5_reply_key_pack)(const krb5_data *, krb5_reply_key_pack **);
+
+    krb5_error_code
+    (*decode_krb5_td_dh_parameters)(const krb5_data *,
+                                    krb5_algorithm_identifier ***);
+
+    krb5_error_code
+    (*decode_krb5_td_trusted_certifiers)(const krb5_data *,
+                                         krb5_external_principal_identifier
+                                         ***);
+
+    krb5_error_code
+    (*encode_krb5_kdc_req_body)(const krb5_kdc_req *rep, krb5_data **code);
+
+    void
+    (KRB5_CALLCONV *free_kdc_req)(krb5_context, krb5_kdc_req * );
+    void
+    (*set_prompt_types)(krb5_context, krb5_prompt_type *);
+} krb5int_access;
+
+#define KRB5INT_ACCESS_VERSION                                          \
+    (((krb5_int32)((sizeof(krb5int_access) & 0xFFFF) |                  \
+                   (KRB5INT_ACCESS_STRUCT_VERSION << 16))) & 0xFFFFFFFF)
+
+krb5_error_code KRB5_CALLCONV
+krb5int_accessor(krb5int_access*, krb5_int32);
+
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_user_set_default_name(krb5_context context, const char *name);
+
+krb5_error_code k5_rc_default(krb5_context context, krb5_rcache *rc_out);
+krb5_error_code k5_rc_resolve(krb5_context context, const char *name,
+                              krb5_rcache *rc_out);
+void k5_rc_close(krb5_context context, krb5_rcache rc);
+krb5_error_code k5_rc_store(krb5_context context, krb5_rcache rc,
+                            const krb5_enc_data *authenticator);
+const char *k5_rc_get_name(krb5_context context, krb5_rcache rc);
+
+/* Set *tag_out to the integrity tag of *enc.  (Does not allocate memory;
+ * returned buffer is a subrange of *ctext.) */
+krb5_error_code
+k5_rc_tag_from_ciphertext(krb5_context context, const krb5_enc_data *enc,
+                          krb5_data *tag_out);
+
+/*
+ * This structure was exposed and used in macros in krb5 1.2, so do not
+ * change its ABI.
+ */
+typedef struct _krb5_kt_ops {
+    krb5_magic magic;
+    char *prefix;
+
+    /* routines always present */
+    krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, const char *,
+                                             krb5_keytab *);
+    krb5_error_code (KRB5_CALLCONV *get_name)(krb5_context, krb5_keytab,
+                                              char *, unsigned int);
+    krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_keytab);
+    krb5_error_code (KRB5_CALLCONV *get)(krb5_context, krb5_keytab,
+                                         krb5_const_principal, krb5_kvno,
+                                         krb5_enctype, krb5_keytab_entry *);
+    krb5_error_code (KRB5_CALLCONV *start_seq_get)(krb5_context, krb5_keytab,
+                                                   krb5_kt_cursor *);
+    krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_keytab,
+                                              krb5_keytab_entry *,
+                                              krb5_kt_cursor *);
+    krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_keytab,
+                                             krb5_kt_cursor *);
+    /* routines to be included on extended version (write routines) */
+    krb5_error_code (KRB5_CALLCONV *add)(krb5_context, krb5_keytab,
+                                         krb5_keytab_entry *);
+    krb5_error_code (KRB5_CALLCONV *remove)(krb5_context, krb5_keytab,
+                                            krb5_keytab_entry *);
+} krb5_kt_ops;
+
+/* Not sure it's ready for exposure just yet.  */
+extern krb5_error_code
+krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
+
+/*
+ * Referral definitions and subfunctions.
+ */
+#define        KRB5_REFERRAL_MAXHOPS    10
+
+struct _krb5_kt {       /* should move into k5-int.h */
+    krb5_magic magic;
+    const struct _krb5_kt_ops *ops;
+    krb5_pointer data;
+};
+
+krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context, krb5_enctype **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **);
+
+krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype);
+
+krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
+krb5_boolean KRB5_CALLCONV krb5int_c_deprecated_enctype(krb5_enctype);
+krb5_error_code k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out);
+
+krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *,
+                                          krb5_const_pointer, krb5_kdc_rep *);
+krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part(krb5_context,
+                                                    const krb5_keyblock *,
+                                                    krb5_ticket * );
+
+krb5_error_code krb5_get_cred_via_tkt(krb5_context, krb5_creds *, krb5_flags,
+                                      krb5_address *const *, krb5_creds *,
+                                      krb5_creds **);
+
+krb5_error_code KRB5_CALLCONV krb5_copy_addr(krb5_context,
+                                             const krb5_address *,
+                                             krb5_address **);
+
+void krb5_init_ets(krb5_context);
+void krb5_free_ets(krb5_context);
+krb5_error_code krb5_generate_subkey(krb5_context, const krb5_keyblock *,
+                                     krb5_keyblock **);
+krb5_error_code krb5_generate_subkey_extended(krb5_context,
+                                              const krb5_keyblock *,
+                                              krb5_enctype, krb5_keyblock **);
+krb5_error_code krb5_generate_seq_number(krb5_context, const krb5_keyblock *,
+                                         krb5_ui_4 *);
+
+krb5_error_code KRB5_CALLCONV krb5_kt_register(krb5_context,
+                                               const struct _krb5_kt_ops *);
+
+krb5_error_code k5_kt_get_principal(krb5_context context, krb5_keytab keytab,
+                                    krb5_principal *princ_out);
+
+krb5_error_code k5_kt_have_match(krb5_context context, krb5_keytab keytab,
+                                 krb5_principal mprinc);
+
+krb5_error_code krb5_principal2salt_norealm(krb5_context, krb5_const_principal,
+                                            krb5_data *);
+
+unsigned int KRB5_CALLCONV krb5_get_notification_message(void);
+
+/* chk_trans.c */
+krb5_error_code krb5_check_transited_list(krb5_context, const krb5_data *trans,
+                                          const krb5_data *realm1,
+                                          const krb5_data *realm2);
+
+/* free_rtree.c */
+void krb5_free_realm_tree(krb5_context, krb5_principal *);
+
+void KRB5_CALLCONV krb5_free_authenticator_contents(krb5_context,
+                                                    krb5_authenticator *);
+
+void KRB5_CALLCONV krb5_free_address(krb5_context, krb5_address *);
+
+void KRB5_CALLCONV krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *);
+
+void KRB5_CALLCONV krb5_free_tickets(krb5_context, krb5_ticket **);
+void KRB5_CALLCONV krb5_free_kdc_req(krb5_context, krb5_kdc_req *);
+void KRB5_CALLCONV krb5_free_kdc_rep(krb5_context, krb5_kdc_rep *);
+void KRB5_CALLCONV krb5_free_last_req(krb5_context, krb5_last_req_entry **);
+void KRB5_CALLCONV krb5_free_enc_kdc_rep_part(krb5_context,
+                                              krb5_enc_kdc_rep_part *);
+void KRB5_CALLCONV krb5_free_ap_req(krb5_context, krb5_ap_req *);
+void KRB5_CALLCONV krb5_free_ap_rep(krb5_context, krb5_ap_rep *);
+void KRB5_CALLCONV krb5_free_cred(krb5_context, krb5_cred *);
+void KRB5_CALLCONV krb5_free_cred_enc_part(krb5_context, krb5_cred_enc_part *);
+void KRB5_CALLCONV krb5_free_pa_data(krb5_context, krb5_pa_data **);
+void KRB5_CALLCONV krb5_free_tkt_authent(krb5_context, krb5_tkt_authent *);
+void KRB5_CALLCONV krb5_free_enc_data(krb5_context, krb5_enc_data *);
+krb5_error_code krb5_set_config_files(krb5_context, const char **);
+
+krb5_error_code KRB5_CALLCONV krb5_get_default_config_files(char ***filenames);
+
+void KRB5_CALLCONV krb5_free_config_files(char **filenames);
+
+krb5_error_code krb5_rd_req_decoded(krb5_context, krb5_auth_context *,
+                                    const krb5_ap_req *, krb5_const_principal,
+                                    krb5_keytab, krb5_flags *, krb5_ticket **);
+
+krb5_error_code krb5_rd_req_decoded_anyflag(krb5_context, krb5_auth_context *,
+                                            const krb5_ap_req *,
+                                            krb5_const_principal, krb5_keytab,
+                                            krb5_flags *, krb5_ticket **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_register(krb5_context, const krb5_cc_ops *, krb5_boolean );
+
+krb5_error_code krb5_walk_realm_tree(krb5_context, const krb5_data *,
+                                     const krb5_data *, krb5_principal **,
+                                     int);
+
+krb5_error_code
+krb5_auth_con_set_safe_cksumtype(krb5_context, krb5_auth_context,
+                                 krb5_cksumtype);
+
+krb5_error_code krb5_auth_con_setivector(krb5_context, krb5_auth_context,
+                                         krb5_pointer);
+
+krb5_error_code krb5_auth_con_getivector(krb5_context, krb5_auth_context,
+                                         krb5_pointer *);
+
+krb5_error_code krb5_auth_con_setpermetypes(krb5_context, krb5_auth_context,
+                                            const krb5_enctype *);
+
+krb5_error_code krb5_auth_con_getpermetypes(krb5_context, krb5_auth_context,
+                                            krb5_enctype **);
+
+krb5_error_code krb5_auth_con_get_subkey_enctype(krb5_context context,
+                                                 krb5_auth_context,
+                                                 krb5_enctype *);
+
+krb5_error_code
+krb5_auth_con_get_authdata_context(krb5_context context,
+                                   krb5_auth_context auth_context,
+                                   krb5_authdata_context *ad_context);
+
+krb5_error_code
+krb5_auth_con_set_authdata_context(krb5_context context,
+                                   krb5_auth_context auth_context,
+                                   krb5_authdata_context ad_context);
+
+krb5_error_code krb5_read_message(krb5_context, krb5_pointer, krb5_data *);
+krb5_error_code krb5_write_message(krb5_context, krb5_pointer, krb5_data *);
+int krb5_net_read(krb5_context, int , char *, int);
+int krb5_net_write(krb5_context, int , const char *, int);
+
+krb5_error_code KRB5_CALLCONV krb5_get_realm_domain(krb5_context,
+                                                    const char *, char ** );
+
+krb5_error_code krb5_gen_portaddr(krb5_context, const krb5_address *,
+                                  krb5_const_pointer, krb5_address **);
+
+krb5_error_code krb5_gen_replay_name(krb5_context, const krb5_address *,
+                                     const char *, char **);
+krb5_error_code krb5_make_fulladdr(krb5_context, krb5_address *,
+                                   krb5_address *, krb5_address *);
+
+krb5_error_code krb5_set_debugging_time(krb5_context, krb5_timestamp,
+                                        krb5_int32);
+krb5_error_code krb5_use_natural_time(krb5_context);
+krb5_error_code krb5_set_time_offsets(krb5_context, krb5_timestamp,
+                                      krb5_int32);
+
+/* Some data comparison and conversion functions.  */
+static inline int
+data_eq(krb5_data d1, krb5_data d2)
+{
+    return (d1.length == d2.length && (d1.length == 0 ||
+                                       !memcmp(d1.data, d2.data, d1.length)));
+}
+
+static inline int
+data_eq_string (krb5_data d, const char *s)
+{
+    return (d.length == strlen(s) && (d.length == 0 ||
+                                      !memcmp(d.data, s, d.length)));
+}
+
+static inline krb5_data
+make_data(void *data, unsigned int len)
+{
+    krb5_data d;
+
+    d.magic = KV5M_DATA;
+    d.data = (char *) data;
+    d.length = len;
+    return d;
+}
+
+static inline krb5_data
+empty_data()
+{
+    return make_data(NULL, 0);
+}
+
+static inline krb5_data
+string2data(char *str)
+{
+    return make_data(str, strlen(str));
+}
+
+static inline krb5_error_code
+alloc_data(krb5_data *data, unsigned int len)
+{
+    /* Allocate at least one byte since zero-byte allocs may return NULL. */
+    char *ptr = (char *) calloc((len > 0) ? len : 1, 1);
+
+    if (ptr == NULL)
+        return ENOMEM;
+    data->magic = KV5M_DATA;
+    data->data = ptr;
+    data->length = len;
+    return 0;
+}
+
+static inline int
+authdata_eq(krb5_authdata a1, krb5_authdata a2)
+{
+    return (a1.ad_type == a2.ad_type && a1.length == a2.length &&
+            (a1.length == 0 || !memcmp(a1.contents, a2.contents, a1.length)));
+}
+
+/* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */
+static inline void *
+k5calloc(size_t nmemb, size_t size, krb5_error_code *code)
+{
+    void *ptr;
+
+    /* Allocate at least one byte since zero-byte allocs may return NULL. */
+    ptr = calloc(nmemb ? nmemb : 1, size ? size : 1);
+    *code = (ptr == NULL) ? ENOMEM : 0;
+    return ptr;
+}
+
+/* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */
+static inline void *
+k5alloc(size_t size, krb5_error_code *code)
+{
+    return k5calloc(1, size, code);
+}
+
+/* Return a copy of the len bytes of memory at in; set *code to 0 or ENOMEM. */
+static inline void *
+k5memdup(const void *in, size_t len, krb5_error_code *code)
+{
+    void *ptr = k5alloc(len, code);
+
+    if (ptr != NULL && len > 0)
+        memcpy(ptr, in, len);
+    return ptr;
+}
+
+/* Like k5memdup, but add a final null byte. */
+static inline void *
+k5memdup0(const void *in, size_t len, krb5_error_code *code)
+{
+    void *ptr = k5alloc(len + 1, code);
+
+    if (ptr != NULL && len > 0)
+        memcpy(ptr, in, len);
+    return ptr;
+}
+
+/* Convert a krb5_timestamp to a time_t value, treating the negative range of
+ * krb5_timestamp as times between 2038 and 2106 (if time_t is 64-bit). */
+static inline time_t
+ts2tt(krb5_timestamp timestamp)
+{
+    return (time_t)(uint32_t)timestamp;
+}
+
+/* Return the delta between two timestamps (a - b) as a signed 32-bit value,
+ * without relying on undefined behavior. */
+static inline krb5_deltat
+ts_delta(krb5_timestamp a, krb5_timestamp b)
+{
+    return (krb5_deltat)((uint32_t)a - (uint32_t)b);
+}
+
+/* Return (end - start) as an unsigned 32-bit value, or 0 if start > end. */
+static inline uint32_t
+ts_interval(krb5_timestamp start, krb5_timestamp end)
+{
+    if ((uint32_t)start > (uint32_t)end)
+        return 0;
+    return (uint32_t)end - (uint32_t)start;
+}
+
+/* Increment a timestamp by a signed 32-bit interval, without relying on
+ * undefined behavior. */
+static inline krb5_timestamp
+ts_incr(krb5_timestamp ts, krb5_deltat delta)
+{
+    return (krb5_timestamp)((uint32_t)ts + (uint32_t)delta);
+}
+
+/* Return true if a comes after b. */
+static inline krb5_boolean
+ts_after(krb5_timestamp a, krb5_timestamp b)
+{
+    return (uint32_t)a > (uint32_t)b;
+}
+
+/* Return true if a and b are within d seconds. */
+static inline krb5_boolean
+ts_within(krb5_timestamp a, krb5_timestamp b, krb5_deltat d)
+{
+    return !ts_after(a, ts_incr(b, d)) && !ts_after(b, ts_incr(a, d));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
+                              krb5_ccache ccache,
+                              krb5_creds *in_creds,
+                              krb5_data *cert,
+                              krb5_creds **out_creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_for_proxy(krb5_context context,
+                               krb5_flags options,
+                               krb5_ccache ccache,
+                               krb5_creds *in_creds,
+                               krb5_ticket *evidence_tkt,
+                               krb5_creds **out_creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5int_get_authdata_containee_types(krb5_context context,
+                                     const krb5_authdata *container,
+                                     unsigned int *nad_types,
+                                     krb5_authdatatype **ad_types);
+
+krb5_error_code krb5int_parse_enctype_list(krb5_context context,
+                                           const char *profkey, char *profstr,
+                                           krb5_enctype *default_list,
+                                           krb5_enctype **result);
+
+krb5_boolean k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype);
+
+void k5_change_error_message_code(krb5_context ctx, krb5_error_code oldcode,
+                                  krb5_error_code newcode);
+
+/* Define shorter internal names for setting error messages. */
+#define k5_setmsg krb5_set_error_message
+#define k5_prependmsg krb5_prepend_error_message
+#define k5_wrapmsg krb5_wrap_error_message
+
+/*
+ * Like krb5_principal_compare(), but with canonicalization of sname if
+ * fallback is enabled.  This function should be avoided if multiple matches
+ * are required, since repeated canonicalization is inefficient.
+ */
+krb5_boolean
+k5_sname_compare(krb5_context context, krb5_const_principal sname,
+                 krb5_const_principal princ);
+
+#endif /* _KRB5_INT_H */
diff --git a/krb5-1.21.3/src/include/k5-ipc_stream.h b/krb5-1.21.3/src/include/k5-ipc_stream.h
new file mode 100644
index 00000000..11f8bc76
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-ipc_stream.h
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-ipc_stream.h */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef K5_IPC_STREAM_H
+#define K5_IPC_STREAM_H
+
+#include "k5-platform.h"
+
+struct k5_ipc_stream_s;
+typedef struct k5_ipc_stream_s *k5_ipc_stream;
+
+
+int32_t krb5int_ipc_stream_new (k5_ipc_stream *out_stream);
+
+uint32_t krb5int_ipc_stream_release (k5_ipc_stream io_stream);
+
+uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream);
+
+const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream);
+
+uint32_t krb5int_ipc_stream_read (k5_ipc_stream  in_stream,
+                                  void          *io_data,
+                                  uint64_t       in_size);
+uint32_t krb5int_ipc_stream_write (k5_ipc_stream  in_stream,
+                                   const void    *in_data,
+                                   uint64_t       in_size);
+
+uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream,
+                                         char          **out_string);
+uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
+                                          const char    *in_string);
+void krb5int_ipc_stream_free_string (char *in_string);
+
+uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream,
+                                        int32_t       *out_int32);
+uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
+                                         int32_t       in_int32);
+
+uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream,
+                                         uint32_t      *out_uint32);
+uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
+                                          uint32_t      in_uint32);
+
+uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream,
+                                        int64_t       *out_int64);
+uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
+                                         int64_t       in_int64);
+
+uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream,
+                                         uint64_t      *out_uint64);
+uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream,
+                                          uint64_t      in_uint64);
+
+#endif /* K5_IPC_STREAM_H */
diff --git a/krb5-1.21.3/src/include/k5-json.h b/krb5-1.21.3/src/include/k5-json.h
new file mode 100644
index 00000000..8b22cd39
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-json.h
@@ -0,0 +1,218 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-json.h - JSON declarations */
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef K5_JSON_H
+#define K5_JSON_H
+
+#include <stddef.h>
+
+#define K5_JSON_TID_NUMBER 0
+#define K5_JSON_TID_NULL 1
+#define K5_JSON_TID_BOOL 2
+#define K5_JSON_TID_MEMORY 128
+#define K5_JSON_TID_ARRAY 129
+#define K5_JSON_TID_OBJECT 130
+#define K5_JSON_TID_STRING 131
+
+/*
+ * The k5_json_value C type can represent any kind of JSON value.  It has no
+ * static type safety since it is represented using a void pointer, so be
+ * careful with it.  Its type can be checked dynamically with k5_json_get_tid()
+ * and the above constants.
+ */
+typedef void *k5_json_value;
+typedef unsigned int k5_json_tid;
+
+k5_json_tid k5_json_get_tid(k5_json_value val);
+
+/*
+ * k5_json_value objects are reference-counted.  These functions increment and
+ * decrement the refcount, possibly freeing the value.  k5_json_retain returns
+ * its argument and always succeeds.  Both functions gracefully accept NULL.
+ */
+k5_json_value k5_json_retain(k5_json_value val);
+void k5_json_release(k5_json_value val);
+
+/*
+ * If a k5_json_* function can fail, it returns 0 on success and an errno value
+ * on failure.
+ */
+
+/*
+ * Null
+ */
+
+typedef struct k5_json_null_st *k5_json_null;
+
+int k5_json_null_create(k5_json_null *null_out);
+
+/* Create a null value as a k5_json_value, for polymorphic convenience. */
+int k5_json_null_create_val(k5_json_value *val_out);
+
+/*
+ * Boolean
+ */
+
+typedef struct k5_json_bool_st *k5_json_bool;
+
+int k5_json_bool_create(int truth, k5_json_bool *val_out);
+int k5_json_bool_value(k5_json_bool bval);
+
+/*
+ * Array
+ */
+
+typedef struct k5_json_array_st *k5_json_array;
+
+int k5_json_array_create(k5_json_array *val_out);
+size_t k5_json_array_length(k5_json_array array);
+
+/* Both of these functions increment the reference count on val. */
+int k5_json_array_add(k5_json_array array, k5_json_value val);
+void k5_json_array_set(k5_json_array array, size_t idx, k5_json_value val);
+
+/* Get an alias to the idx-th element of array, without incrementing the
+ * reference count.  The caller must check idx against the array length. */
+k5_json_value k5_json_array_get(k5_json_array array, size_t idx);
+
+/*
+ * Create an array from a template and a variable argument list.  template
+ * characters are:
+ *   v: a k5_json_value argument is read, retained, and stored
+ *   n: no argument is read; a null value is stored
+ *   b: an int argument is read and stored as a boolean value
+ *   i: an int argument is read and stored as a number value
+ *   L: a long long argument is read and stored as a number value
+ *   s: a const char * argument is read and stored as a null or string value
+ *   B: const void * and size_t arguments are read and stored as a base64
+ *      string value
+ */
+int
+k5_json_array_fmt(k5_json_array *array_out, const char *template, ...);
+
+/*
+ * Object
+ */
+
+typedef struct k5_json_object_st *k5_json_object;
+typedef void (*k5_json_object_iterator_fn)(void *arg, const char *key,
+                                           k5_json_value val);
+
+int k5_json_object_create(k5_json_object *val_out);
+void k5_json_object_iterate(k5_json_object obj,
+                            k5_json_object_iterator_fn func, void *arg);
+
+/* Return the number of mappings in an object. */
+size_t k5_json_object_count(k5_json_object obj);
+
+/*
+ * Store val into object at key, incrementing val's reference count and
+ * releasing any previous value at key.  If val is NULL, key is removed from
+ * obj if it exists, and obj remains unchanged if it does not.
+ */
+int k5_json_object_set(k5_json_object obj, const char *key, k5_json_value val);
+
+/* Get an alias to the object's value for key, without incrementing the
+ * reference count.  Returns NULL if there is no value for key. */
+k5_json_value k5_json_object_get(k5_json_object obj, const char *key);
+
+/*
+ * String
+ */
+
+typedef struct k5_json_string_st *k5_json_string;
+
+int k5_json_string_create(const char *cstring, k5_json_string *val_out);
+int k5_json_string_create_len(const void *data, size_t len,
+                              k5_json_string *val_out);
+const char *k5_json_string_utf8(k5_json_string string);
+
+
+/* Create a base64 string value from binary data. */
+int k5_json_string_create_base64(const void *data, size_t len,
+                                 k5_json_string *val_out);
+
+/* Decode the base64 contents of string. */
+int k5_json_string_unbase64(k5_json_string string, unsigned char **data_out,
+                            size_t *len_out);
+
+/*
+ * Number
+ */
+
+typedef struct k5_json_number_st *k5_json_number;
+
+int k5_json_number_create(long long number, k5_json_number *val_out);
+long long k5_json_number_value(k5_json_number number);
+
+/*
+ * JSON encoding and decoding
+ */
+
+int k5_json_encode(k5_json_value val, char **json_out);
+int k5_json_decode(const char *str, k5_json_value *val_out);
+
+#endif /* K5_JSON_H */
diff --git a/krb5-1.21.3/src/include/k5-platform.h b/krb5-1.21.3/src/include/k5-platform.h
new file mode 100644
index 00000000..11249317
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-platform.h
@@ -0,0 +1,1151 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* include/k5-platform.h */
+/*
+ * Copyright 2003, 2004, 2005, 2007, 2008, 2009 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Some platform-dependent definitions to sync up the C support level.
+ * Some to a C99-ish level, some related utility code.
+ *
+ * Currently:
+ * + [u]int{8,16,32}_t types
+ * + 64-bit types and load/store code
+ * + SIZE_MAX
+ * + shared library init/fini hooks
+ * + consistent getpwnam/getpwuid interfaces
+ * + va_copy fudged if not provided
+ * + strlcpy/strlcat
+ * + fnmatch
+ * + [v]asprintf
+ * + strerror_r
+ * + mkstemp
+ * + zap (support function and macro)
+ * + constant time memory comparison
+ * + path manipulation
+ * + _, N_, dgettext, bindtextdomain (for localization)
+ * + getopt_long
+ * + secure_getenv
+ * + fetching filenames from a directory
+ */
+
+#ifndef K5_PLATFORM_H
+#define K5_PLATFORM_H
+
+#include "autoconf.h"
+#include <assert.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <errno.h>
+#ifdef HAVE_FNMATCH_H
+#include <fnmatch.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef _WIN32
+#define CAN_COPY_VA_LIST
+#endif
+
+/* This attribute prevents unused function warnings in gcc and clang. */
+#ifdef __GNUC__
+#define UNUSED __attribute__((__unused__))
+#else
+#define UNUSED
+#endif
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#include <TargetConditionals.h>
+#endif
+
+/* Initialization and finalization function support for libraries.
+
+   At top level, before the functions are defined or even declared:
+   MAKE_INIT_FUNCTION(init_fn);
+   MAKE_FINI_FUNCTION(fini_fn);
+   Then:
+   int init_fn(void) { ... }
+   void fini_fn(void) { if (INITIALIZER_RAN(init_fn)) ... }
+   In code, in the same file:
+   err = CALL_INIT_FUNCTION(init_fn);
+
+   To trigger or verify the initializer invocation from another file,
+   a helper function must be created.
+
+   This model handles both the load-time execution (Windows) and
+   delayed execution (pthread_once) approaches, and should be able to
+   guarantee in both cases that the init function is run once, in one
+   thread, before other stuff in the library is done; furthermore, the
+   finalization code should only run if the initialization code did.
+   (Maybe I could've made the "if INITIALIZER_RAN" test implicit, via
+   another function hidden in macros, but this is hairy enough
+   already.)
+
+   The init_fn and fini_fn names should be chosen such that any
+   exported names staring with those names, and optionally followed by
+   additional characters, fits in with any namespace constraints on
+   the library in question.
+
+
+   There's also PROGRAM_EXITING() currently always defined as zero.
+   If there's some trivial way to find out if the fini function is
+   being called because the program that the library is linked into is
+   exiting, we can just skip all the work because the resources are
+   about to be freed up anyways.  Generally this is likely to be the
+   same as distinguishing whether the library was loaded dynamically
+   while the program was running, or loaded as part of program
+   startup.  On most platforms, I don't think we can distinguish these
+   cases easily, and it's probably not worth expending any significant
+   effort.  (Note in particular that atexit() won't do, because if the
+   library is explicitly loaded and unloaded, it would have to be able
+   to deregister the atexit callback function.  Also, the system limit
+   on atexit callbacks may be small.)
+
+
+   Implementation outline:
+
+   Windows: MAKE_FINI_FUNCTION creates a symbol with a magic name that
+   is sought at library build time, and code is added to invoke the
+   function when the library is unloaded.  MAKE_INIT_FUNCTION does
+   likewise, but the function is invoked when the library is loaded,
+   and an extra variable is declared to hold an error code and a "yes
+   the initializer ran" flag.  CALL_INIT_FUNCTION blows up if the flag
+   isn't set, otherwise returns the error code.
+
+   UNIX: MAKE_INIT_FUNCTION creates and initializes a variable with a
+   name derived from the function name, containing a k5_once_t
+   (pthread_once_t or int), an error code, and a pointer to the
+   function.  The function itself is declared static, but the
+   associated variable has external linkage.  CALL_INIT_FUNCTION
+   ensures thath the function is called exactly once (pthread_once or
+   just check the flag) and returns the stored error code (or the
+   pthread_once error).
+
+   (That's the basic idea.  With some debugging assert() calls and
+   such, it's a bit more complicated.  And we also need to handle
+   doing the pthread test at run time on systems where that works, so
+   we use the k5_once_t stuff instead.)
+
+   UNIX, with compiler support: MAKE_FINI_FUNCTION declares the
+   function as a destructor, and the run time linker support or
+   whatever will cause it to be invoked when the library is unloaded,
+   the program ends, etc.
+
+   UNIX, with linker support: MAKE_FINI_FUNCTION creates a symbol with
+   a magic name that is sought at library build time, and linker
+   options are used to mark it as a finalization function for the
+   library.  The symbol must be exported.
+
+   UNIX, no library finalization support: The finalization function
+   never runs, and we leak memory.  Tough.
+
+   DELAY_INITIALIZER will be defined by the configure script if we
+   want to use k5_once instead of load-time initialization.  That'll
+   be the preferred method on most systems except Windows, where we
+   have to initialize some mutexes.
+
+
+
+
+   For maximum flexibility in defining the macros, the function name
+   parameter should be a simple name, not even a macro defined as
+   another name.  The function should have a unique name, and should
+   conform to whatever namespace is used by the library in question.
+   (We do have export lists, but (1) they're not used for all
+   platforms, and (2) they're not used for static libraries.)
+
+   If the macro expansion needs the function to have been declared, it
+   must include a declaration.  If it is not necessary for the symbol
+   name to be exported from the object file, the macro should declare
+   it as "static".  Hence the signature must exactly match "void
+   foo(void)".  (ANSI C allows a static declaration followed by a
+   non-static one; the result is internal linkage.)  The macro
+   expansion has to come before the function, because gcc apparently
+   won't act on "__attribute__((constructor))" if it comes after the
+   function definition.
+
+   This is going to be compiler- and environment-specific, and may
+   require some support at library build time, and/or "asm"
+   statements.  But through macro expansion and auxiliary functions,
+   we should be able to handle most things except #pragma.
+
+   It's okay for this code to require that the library be built
+   with the same compiler and compiler options throughout, but
+   we shouldn't require that the library and application use the
+   same compiler.
+
+   For static libraries, we don't really care about cleanup too much,
+   since it's all memory handling and mutex allocation which will all
+   be cleaned up when the program exits.  Thus, it's okay if gcc-built
+   static libraries don't play nicely with cc-built executables when
+   it comes to static constructors, just as long as it doesn't cause
+   linking to fail.
+
+   For dynamic libraries on UNIX, we'll use pthread_once-type support
+   to do delayed initialization, so if finalization can't be made to
+   work, we'll only have memory leaks in a load/use/unload cycle.  If
+   anyone (like, say, the OS vendor) complains about this, they can
+   tell us how to get a shared library finalization function invoked
+   automatically.
+
+   Currently there's --disable-delayed-initialization for preventing
+   the initialization from being delayed on UNIX, but that's mainly
+   just for testing the linker options for initialization, and will
+   probably be removed at some point.  */
+
+/* Helper macros.  */
+
+# define JOIN__2_2(A,B) A ## _ ## _ ## B
+# define JOIN__2(A,B) JOIN__2_2(A,B)
+
+/* XXX Should test USE_LINKER_INIT_OPTION early, and if it's set,
+   always provide a function by the expected name, even if we're
+   delaying initialization.  */
+
+#if defined(DELAY_INITIALIZER)
+
+/* Run the initialization code during program execution, at the latest
+   possible moment.  This means multiple threads may be active.  */
+# include "k5-thread.h"
+typedef struct { k5_once_t once; int error, did_run; void (*fn)(void); } k5_init_t;
+# ifdef USE_LINKER_INIT_OPTION
+#  define MAYBE_DUMMY_INIT(NAME)                \
+        void JOIN__2(NAME, auxinit) () { }
+# else
+#  define MAYBE_DUMMY_INIT(NAME)
+# endif
+# ifdef __GNUC__
+/* Do it in macro form so we get the file/line of the invocation if
+   the assertion fails.  */
+#  define k5_call_init_function(I)                                      \
+        (__extension__ ({                                               \
+                k5_init_t *k5int_i = (I);                               \
+                int k5int_err = k5_once(&k5int_i->once, k5int_i->fn);   \
+                (k5int_err                                              \
+                 ? k5int_err                                            \
+                 : (assert(k5int_i->did_run != 0), k5int_i->error));    \
+            }))
+#  define MAYBE_DEFINE_CALLINIT_FUNCTION
+# else
+#  define MAYBE_DEFINE_CALLINIT_FUNCTION                        \
+        static inline int k5_call_init_function(k5_init_t *i)   \
+        {                                                       \
+            int err;                                            \
+            err = k5_once(&i->once, i->fn);                     \
+            if (err)                                            \
+                return err;                                     \
+            assert (i->did_run != 0);                           \
+            return i->error;                                    \
+        }
+# endif
+# define MAKE_INIT_FUNCTION(NAME)                               \
+        static int NAME(void);                                  \
+        MAYBE_DUMMY_INIT(NAME)                                  \
+        /* forward declaration for use in initializer */        \
+        static void JOIN__2(NAME, aux) (void);                  \
+        static k5_init_t JOIN__2(NAME, once) =                  \
+                { K5_ONCE_INIT, 0, 0, JOIN__2(NAME, aux) };     \
+        MAYBE_DEFINE_CALLINIT_FUNCTION                          \
+        static void JOIN__2(NAME, aux) (void)                   \
+        {                                                       \
+            JOIN__2(NAME, once).did_run = 1;                    \
+            JOIN__2(NAME, once).error = NAME();                 \
+        }                                                       \
+        /* so ';' following macro use won't get error */        \
+        static int NAME(void)
+# define CALL_INIT_FUNCTION(NAME)       \
+        k5_call_init_function(& JOIN__2(NAME, once))
+/* This should be called in finalization only, so we shouldn't have
+   multiple active threads mucking around in our library at this
+   point.  So ignore the once_t object and just look at the flag.
+
+   XXX Could we have problems with memory coherence between processors
+   if we don't invoke mutex/once routines?  Probably not, the
+   application code should already be coordinating things such that
+   the library code is not in use by this point, and memory
+   synchronization will be needed there.  */
+# define INITIALIZER_RAN(NAME)  \
+        (JOIN__2(NAME, once).did_run && JOIN__2(NAME, once).error == 0)
+
+# define PROGRAM_EXITING()              (0)
+
+#elif defined(__GNUC__) && !defined(_WIN32) && defined(CONSTRUCTOR_ATTR_WORKS)
+
+/* Run initializer at load time, via GCC/C++ hook magic.  */
+
+# ifdef USE_LINKER_INIT_OPTION
+     /* Both gcc and linker option??  Favor gcc.  */
+#  define MAYBE_DUMMY_INIT(NAME)                \
+        void JOIN__2(NAME, auxinit) () { }
+# else
+#  define MAYBE_DUMMY_INIT(NAME)
+# endif
+
+typedef struct { int error; unsigned char did_run; } k5_init_t;
+# define MAKE_INIT_FUNCTION(NAME)               \
+        MAYBE_DUMMY_INIT(NAME)                  \
+        static k5_init_t JOIN__2(NAME, ran)     \
+                = { 0, 2 };                     \
+        static void JOIN__2(NAME, aux)(void)    \
+            __attribute__((constructor));       \
+        static int NAME(void);                  \
+        static void JOIN__2(NAME, aux)(void)    \
+        {                                       \
+            JOIN__2(NAME, ran).error = NAME();  \
+            JOIN__2(NAME, ran).did_run = 3;     \
+        }                                       \
+        static int NAME(void)
+# define CALL_INIT_FUNCTION(NAME)               \
+        (JOIN__2(NAME, ran).did_run == 3        \
+         ? JOIN__2(NAME, ran).error             \
+         : (abort(),0))
+# define INITIALIZER_RAN(NAME)  (JOIN__2(NAME,ran).did_run == 3 && JOIN__2(NAME, ran).error == 0)
+
+# define PROGRAM_EXITING()              (0)
+
+#elif defined(USE_LINKER_INIT_OPTION) || defined(_WIN32)
+
+/* Run initializer at load time, via linker magic, or in the
+   case of WIN32, win_glue.c hard-coded knowledge.  */
+typedef struct { int error; unsigned char did_run; } k5_init_t;
+# define MAKE_INIT_FUNCTION(NAME)               \
+        static k5_init_t JOIN__2(NAME, ran)     \
+                = { 0, 2 };                     \
+        static int NAME(void);                  \
+        void JOIN__2(NAME, auxinit)()           \
+        {                                       \
+            JOIN__2(NAME, ran).error = NAME();  \
+            JOIN__2(NAME, ran).did_run = 3;     \
+        }                                       \
+        static int NAME(void)
+# define CALL_INIT_FUNCTION(NAME)               \
+        (JOIN__2(NAME, ran).did_run == 3        \
+         ? JOIN__2(NAME, ran).error             \
+         : (abort(),0))
+# define INITIALIZER_RAN(NAME)  \
+        (JOIN__2(NAME, ran).error == 0)
+
+# define PROGRAM_EXITING()              (0)
+
+#else
+
+# error "Don't know how to do load-time initializers for this configuration."
+
+# define PROGRAM_EXITING()              (0)
+
+#endif
+
+
+
+#if defined(USE_LINKER_FINI_OPTION) || defined(_WIN32)
+/* If we're told the linker option will be used, it doesn't really
+   matter what compiler we're using.  Do it the same way
+   regardless.  */
+
+# ifdef __hpux
+
+     /* On HP-UX, we need this auxiliary function.  At dynamic load or
+        unload time (but *not* program startup and termination for
+        link-time specified libraries), the linker-indicated function
+        is called with a handle on the library and a flag indicating
+        whether it's being loaded or unloaded.
+
+        The "real" fini function doesn't need to be exported, so
+        declare it static.
+
+        As usual, the final declaration is just for syntactic
+        convenience, so the top-level invocation of this macro can be
+        followed by a semicolon.  */
+
+#  include <dl.h>
+#  define MAKE_FINI_FUNCTION(NAME)                                          \
+        static void NAME(void);                                             \
+        void JOIN__2(NAME, auxfini)(shl_t, int); /* silence gcc warnings */ \
+        void JOIN__2(NAME, auxfini)(shl_t h, int l) { if (!l) NAME(); }     \
+        static void NAME(void)
+
+# else /* not hpux */
+
+#  define MAKE_FINI_FUNCTION(NAME)      \
+        void NAME(void)
+
+# endif
+
+#elif !defined(SHARED)
+
+/*
+ * In this case, we just don't care about finalization.  The code will still
+ * define the function, but we won't do anything with it.
+ */
+# define MAKE_FINI_FUNCTION(NAME)               \
+        static void NAME(void) UNUSED
+
+#elif defined(__GNUC__) && defined(DESTRUCTOR_ATTR_WORKS)
+/* If we're using gcc, if the C++ support works, the compiler should
+   build executables and shared libraries that support the use of
+   static constructors and destructors.  The C compiler supports a
+   function attribute that makes use of the same facility as C++.
+
+   XXX How do we know if the C++ support actually works?  */
+# define MAKE_FINI_FUNCTION(NAME)       \
+        static void NAME(void) __attribute__((destructor))
+
+#else
+
+# error "Don't know how to do unload-time finalization for this configuration."
+
+#endif
+
+#ifndef SIZE_MAX
+# define SIZE_MAX ((size_t)((size_t)0 - 1))
+#endif
+
+#ifdef _WIN32
+# define SSIZE_MAX ((ssize_t)(SIZE_MAX/2))
+#endif
+
+/* Read and write integer values as (unaligned) octet strings in
+   specific byte orders.  Add per-platform optimizations as
+   needed.  */
+
+#if HAVE_ENDIAN_H
+# include <endian.h>
+#elif HAVE_MACHINE_ENDIAN_H
+# include <machine/endian.h>
+#endif
+/* Check for BIG/LITTLE_ENDIAN macros.  If exactly one is defined, use
+   it.  If both are defined, then BYTE_ORDER should be defined and
+   match one of them.  Try those symbols, then try again with an
+   underscore prefix.  */
+#if defined(BIG_ENDIAN) && defined(LITTLE_ENDIAN)
+# if BYTE_ORDER == BIG_ENDIAN
+#  define K5_BE
+# endif
+# if BYTE_ORDER == LITTLE_ENDIAN
+#  define K5_LE
+# endif
+#elif defined(BIG_ENDIAN)
+# define K5_BE
+#elif defined(LITTLE_ENDIAN)
+# define K5_LE
+#elif defined(_BIG_ENDIAN) && defined(_LITTLE_ENDIAN)
+# if _BYTE_ORDER == _BIG_ENDIAN
+#  define K5_BE
+# endif
+# if _BYTE_ORDER == _LITTLE_ENDIAN
+#  define K5_LE
+# endif
+#elif defined(_BIG_ENDIAN)
+# define K5_BE
+#elif defined(_LITTLE_ENDIAN)
+# define K5_LE
+#elif defined(__BIG_ENDIAN__) && !defined(__LITTLE_ENDIAN__)
+# define K5_BE
+#elif defined(__LITTLE_ENDIAN__) && !defined(__BIG_ENDIAN__)
+# define K5_LE
+#endif
+#if !defined(K5_BE) && !defined(K5_LE)
+/* Look for some architectures we know about.
+
+   MIPS can use either byte order, but the preprocessor tells us which
+   mode we're compiling for.  The GCC config files indicate that
+   variants of Alpha and IA64 might be out there with both byte
+   orders, but until we encounter the "wrong" ones in the real world,
+   just go with the default (unless there are cpp predefines to help
+   us there too).
+
+   As far as I know, only PDP11 and ARM (which we don't handle here)
+   have strange byte orders where an 8-byte value isn't laid out as
+   either 12345678 or 87654321.  */
+# if defined(__i386__) || defined(_MIPSEL) || defined(__alpha__) || (defined(__ia64__) && !defined(__hpux))
+#  define K5_LE
+# endif
+# if defined(__hppa__) || defined(__rs6000__) || defined(__sparc__) || defined(_MIPSEB) || defined(__m68k__) || defined(__sparc64__) || defined(__ppc__) || defined(__ppc64__) || (defined(__hpux) && defined(__ia64__))
+#  define K5_BE
+# endif
+#endif
+#if defined(K5_BE) && defined(K5_LE)
+# error "oops, check the byte order macros"
+#endif
+
+/* Optimize for GCC on platforms with known byte orders.
+
+   GCC's packed structures can be written to with any alignment; the
+   compiler will use byte operations, unaligned-word operations, or
+   normal memory ops as appropriate for the architecture.
+
+   This assumes the availability of uint##_t types, which should work
+   on most of our platforms except Windows, where we're not using
+   GCC.  */
+#ifdef __GNUC__
+# define PUT(SIZE,PTR,VAL)      (((struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i = (VAL))
+# define GET(SIZE,PTR)          (((const struct { uint##SIZE##_t i; } __attribute__((packed)) *)(PTR))->i)
+# define PUTSWAPPED(SIZE,PTR,VAL)       PUT(SIZE,PTR,SWAP##SIZE(VAL))
+# define GETSWAPPED(SIZE,PTR)           SWAP##SIZE(GET(SIZE,PTR))
+#endif
+/* To do: Define SWAP16, SWAP32, SWAP64 macros to byte-swap values
+   with the indicated numbers of bits.
+
+   Linux: byteswap.h, bswap_16 etc.
+   Solaris 10: none
+   macOS: machine/endian.h or byte_order.h, NXSwap{Short,Int,LongLong}
+   NetBSD: sys/bswap.h, bswap16 etc.  */
+
+#if defined(HAVE_BYTESWAP_H) && defined(HAVE_BSWAP_16)
+# include <byteswap.h>
+# define SWAP16                 bswap_16
+# define SWAP32                 bswap_32
+# ifdef HAVE_BSWAP_64
+#  define SWAP64                bswap_64
+# endif
+#elif TARGET_OS_MAC
+# include <architecture/byte_order.h>
+# define SWAP16                k5_swap16
+static inline unsigned int k5_swap16 (unsigned int x) {
+    x &= 0xffff;
+    return (x >> 8) | ((x & 0xff) << 8);
+}
+# define SWAP32                 OSSwapInt32
+# define SWAP64                 OSSwapInt64
+#elif defined(HAVE_SYS_BSWAP_H)
+/* XXX NetBSD/x86 5.0.1 defines bswap16 and bswap32 as inline
+   functions only, so autoconf doesn't pick up on their existence.
+   So, no feature macro test for them here.  The 64-bit version isn't
+   inline at all, though, for whatever reason.  */
+# include <sys/bswap.h>
+# define SWAP16                 bswap16
+# define SWAP32                 bswap32
+/* However, bswap64 causes lots of warnings about 'long long'
+   constants; probably only on 32-bit platforms.  */
+# if LONG_MAX > 0x7fffffffL
+#  define SWAP64                bswap64
+# endif
+#endif
+
+/* Note that on Windows at least this file can be included from C++
+   source, so casts *from* void* are required.  */
+static inline void
+store_16_be (unsigned int val, void *vp)
+{
+    unsigned char *p = (unsigned char *) vp;
+#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus)
+    PUT(16,p,val);
+#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) && !defined(__cplusplus)
+    PUTSWAPPED(16,p,val);
+#else
+    p[0] = (val >>  8) & 0xff;
+    p[1] = (val      ) & 0xff;
+#endif
+}
+static inline void
+store_32_be (unsigned int val, void *vp)
+{
+    unsigned char *p = (unsigned char *) vp;
+#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus)
+    PUT(32,p,val);
+#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) && !defined(__cplusplus)
+    PUTSWAPPED(32,p,val);
+#else
+    p[0] = (val >> 24) & 0xff;
+    p[1] = (val >> 16) & 0xff;
+    p[2] = (val >>  8) & 0xff;
+    p[3] = (val      ) & 0xff;
+#endif
+}
+static inline void
+store_64_be (uint64_t val, void *vp)
+{
+    unsigned char *p = (unsigned char *) vp;
+#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus)
+    PUT(64,p,val);
+#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) && !defined(__cplusplus)
+    PUTSWAPPED(64,p,val);
+#else
+    p[0] = (unsigned char)((val >> 56) & 0xff);
+    p[1] = (unsigned char)((val >> 48) & 0xff);
+    p[2] = (unsigned char)((val >> 40) & 0xff);
+    p[3] = (unsigned char)((val >> 32) & 0xff);
+    p[4] = (unsigned char)((val >> 24) & 0xff);
+    p[5] = (unsigned char)((val >> 16) & 0xff);
+    p[6] = (unsigned char)((val >>  8) & 0xff);
+    p[7] = (unsigned char)((val      ) & 0xff);
+#endif
+}
+static inline unsigned short
+load_16_be (const void *cvp)
+{
+    const unsigned char *p = (const unsigned char *) cvp;
+#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus)
+    return GET(16,p);
+#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP16) && !defined(__cplusplus)
+    return GETSWAPPED(16,p);
+#else
+    return (p[1] | (p[0] << 8));
+#endif
+}
+static inline unsigned int
+load_32_be (const void *cvp)
+{
+    const unsigned char *p = (const unsigned char *) cvp;
+#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus)
+    return GET(32,p);
+#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP32) && !defined(__cplusplus)
+    return GETSWAPPED(32,p);
+#else
+    return (p[3] | (p[2] << 8)
+            | ((uint32_t) p[1] << 16)
+            | ((uint32_t) p[0] << 24));
+#endif
+}
+static inline uint64_t
+load_64_be (const void *cvp)
+{
+    const unsigned char *p = (const unsigned char *) cvp;
+#if defined(__GNUC__) && defined(K5_BE) && !defined(__cplusplus)
+    return GET(64,p);
+#elif defined(__GNUC__) && defined(K5_LE) && defined(SWAP64) && !defined(__cplusplus)
+    return GETSWAPPED(64,p);
+#else
+    return ((uint64_t)load_32_be(p) << 32) | load_32_be(p+4);
+#endif
+}
+static inline void
+store_16_le (unsigned int val, void *vp)
+{
+    unsigned char *p = (unsigned char *) vp;
+#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus)
+    PUT(16,p,val);
+#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) && !defined(__cplusplus)
+    PUTSWAPPED(16,p,val);
+#else
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+#endif
+}
+static inline void
+store_32_le (unsigned int val, void *vp)
+{
+    unsigned char *p = (unsigned char *) vp;
+#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus)
+    PUT(32,p,val);
+#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) && !defined(__cplusplus)
+    PUTSWAPPED(32,p,val);
+#else
+    p[3] = (val >> 24) & 0xff;
+    p[2] = (val >> 16) & 0xff;
+    p[1] = (val >>  8) & 0xff;
+    p[0] = (val      ) & 0xff;
+#endif
+}
+static inline void
+store_64_le (uint64_t val, void *vp)
+{
+    unsigned char *p = (unsigned char *) vp;
+#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus)
+    PUT(64,p,val);
+#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) && !defined(__cplusplus)
+    PUTSWAPPED(64,p,val);
+#else
+    p[7] = (unsigned char)((val >> 56) & 0xff);
+    p[6] = (unsigned char)((val >> 48) & 0xff);
+    p[5] = (unsigned char)((val >> 40) & 0xff);
+    p[4] = (unsigned char)((val >> 32) & 0xff);
+    p[3] = (unsigned char)((val >> 24) & 0xff);
+    p[2] = (unsigned char)((val >> 16) & 0xff);
+    p[1] = (unsigned char)((val >>  8) & 0xff);
+    p[0] = (unsigned char)((val      ) & 0xff);
+#endif
+}
+static inline unsigned short
+load_16_le (const void *cvp)
+{
+    const unsigned char *p = (const unsigned char *) cvp;
+#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus)
+    return GET(16,p);
+#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP16) && !defined(__cplusplus)
+    return GETSWAPPED(16,p);
+#else
+    return (p[0] | (p[1] << 8));
+#endif
+}
+static inline unsigned int
+load_32_le (const void *cvp)
+{
+    const unsigned char *p = (const unsigned char *) cvp;
+#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus)
+    return GET(32,p);
+#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP32) && !defined(__cplusplus)
+    return GETSWAPPED(32,p);
+#else
+    return (p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24));
+#endif
+}
+static inline uint64_t
+load_64_le (const void *cvp)
+{
+    const unsigned char *p = (const unsigned char *) cvp;
+#if defined(__GNUC__) && defined(K5_LE) && !defined(__cplusplus)
+    return GET(64,p);
+#elif defined(__GNUC__) && defined(K5_BE) && defined(SWAP64) && !defined(__cplusplus)
+    return GETSWAPPED(64,p);
+#else
+    return ((uint64_t)load_32_le(p+4) << 32) | load_32_le(p);
+#endif
+}
+
+#define UINT16_TYPE uint16_t
+#define UINT32_TYPE uint32_t
+
+static inline void
+store_16_n (unsigned int val, void *vp)
+{
+    UINT16_TYPE n = val;
+    memcpy(vp, &n, 2);
+}
+static inline void
+store_32_n (unsigned int val, void *vp)
+{
+    UINT32_TYPE n = val;
+    memcpy(vp, &n, 4);
+}
+static inline void
+store_64_n (uint64_t val, void *vp)
+{
+    uint64_t n = val;
+    memcpy(vp, &n, 8);
+}
+static inline unsigned short
+load_16_n (const void *p)
+{
+    UINT16_TYPE n;
+    memcpy(&n, p, 2);
+    return n;
+}
+static inline unsigned int
+load_32_n (const void *p)
+{
+    UINT32_TYPE n;
+    memcpy(&n, p, 4);
+    return n;
+}
+static inline uint64_t
+load_64_n (const void *p)
+{
+    uint64_t n;
+    memcpy(&n, p, 8);
+    return n;
+}
+#undef UINT16_TYPE
+#undef UINT32_TYPE
+
+/* Assume for simplicity that these swaps are identical.  */
+static inline uint64_t
+k5_htonll (uint64_t val)
+{
+#ifdef K5_BE
+    return val;
+#elif defined K5_LE && defined SWAP64
+    return SWAP64 (val);
+#else
+    return load_64_be ((unsigned char *)&val);
+#endif
+}
+static inline uint64_t
+k5_ntohll (uint64_t val)
+{
+    return k5_htonll (val);
+}
+
+/* Make the interfaces to getpwnam and getpwuid consistent.
+   Model the wrappers on the POSIX thread-safe versions, but
+   use the unsafe system versions if the safe ones don't exist
+   or we can't figure out their interfaces.  */
+
+/* int k5_getpwnam_r(const char *, blah blah) */
+#ifdef HAVE_GETPWNAM_R
+# ifndef GETPWNAM_R_4_ARGS
+/* POSIX */
+#  define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT)   \
+        (getpwnam_r(NAME,REC,BUF,BUFSIZE,OUT) == 0      \
+         ? (*(OUT) == NULL ? -1 : 0) : -1)
+# else
+/* POSIX drafts? */
+#  ifdef GETPWNAM_R_RETURNS_INT
+#   define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT)  \
+        (getpwnam_r(NAME,REC,BUF,BUFSIZE) == 0          \
+         ? (*(OUT) = REC, 0)                            \
+         : (*(OUT) = NULL, -1))
+#  else
+#   define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT)  \
+        (*(OUT) = getpwnam_r(NAME,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0)
+#  endif
+# endif
+#else /* no getpwnam_r, or can't figure out #args or return type */
+/* Will get warnings about unused variables.  */
+# define k5_getpwnam_r(NAME, REC, BUF, BUFSIZE, OUT) \
+        (*(OUT) = getpwnam(NAME), *(OUT) == NULL ? -1 : 0)
+#endif
+
+/* int k5_getpwuid_r(uid_t, blah blah) */
+#ifdef HAVE_GETPWUID_R
+# ifndef GETPWUID_R_4_ARGS
+/* POSIX */
+#  define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT)    \
+        (getpwuid_r(UID,REC,BUF,BUFSIZE,OUT) == 0       \
+         ? (*(OUT) == NULL ? -1 : 0) : -1)
+# else
+/* POSIX drafts?  Yes, I mean to test GETPWNAM... here.  Less junk to
+   do at configure time.  */
+#  ifdef GETPWNAM_R_RETURNS_INT
+#   define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT)   \
+        (getpwuid_r(UID,REC,BUF,BUFSIZE) == 0           \
+         ? (*(OUT) = REC, 0)                            \
+         : (*(OUT) = NULL, -1))
+#  else
+#   define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT)  \
+        (*(OUT) = getpwuid_r(UID,REC,BUF,BUFSIZE), *(OUT) == NULL ? -1 : 0)
+#  endif
+# endif
+#else /* no getpwuid_r, or can't figure out #args or return type */
+/* Will get warnings about unused variables.  */
+# define k5_getpwuid_r(UID, REC, BUF, BUFSIZE, OUT) \
+        (*(OUT) = getpwuid(UID), *(OUT) == NULL ? -1 : 0)
+#endif
+
+/* Ensure, if possible, that the indicated file descriptor won't be
+   kept open if we exec another process (e.g., launching a ccapi
+   server).  If we don't know how to do it... well, just go about our
+   business.  Probably most callers won't check the return status
+   anyways.  */
+
+/* Macros make the Sun compiler happier, and all variants of this do a
+   single evaluation of the argument, and fcntl and fileno should
+   produce reasonable error messages on type mismatches, on any system
+   with F_SETFD.  */
+#ifdef F_SETFD
+# ifdef FD_CLOEXEC
+#  define set_cloexec_fd(FD)    ((void)fcntl((FD), F_SETFD, FD_CLOEXEC))
+# else
+#  define set_cloexec_fd(FD)    ((void)fcntl((FD), F_SETFD, 1))
+# endif
+#else
+# define set_cloexec_fd(FD)     ((void)(FD))
+#endif
+#define set_cloexec_file(F)     set_cloexec_fd(fileno(F))
+
+/* Since the original ANSI C spec left it undefined whether or
+   how you could copy around a va_list, C 99 added va_copy.
+   For old implementations, let's do our best to fake it.
+
+   XXX Doesn't yet handle implementations with __va_copy (early draft)
+   or GCC's __builtin_va_copy.  */
+#if defined(HAS_VA_COPY) || defined(va_copy)
+/* Do nothing.  */
+#elif defined(CAN_COPY_VA_LIST)
+#define va_copy(dest, src)      ((dest) = (src))
+#else
+/* Assume array type, but still simply copyable.
+
+   There is, theoretically, the possibility that va_start will
+   allocate some storage pointed to by the va_list, and in that case
+   we'll just lose.  If anyone cares, we could try to devise a test
+   for that case.  */
+#define va_copy(dest, src)      memcpy(dest, src, sizeof(va_list))
+#endif
+
+/* Provide strlcpy/strlcat interfaces. */
+#ifndef HAVE_STRLCPY
+#define strlcpy krb5int_strlcpy
+#define strlcat krb5int_strlcat
+extern size_t krb5int_strlcpy(char *dst, const char *src, size_t siz);
+extern size_t krb5int_strlcat(char *dst, const char *src, size_t siz);
+#endif
+
+/* Provide fnmatch interface. */
+#ifndef HAVE_FNMATCH
+#define fnmatch k5_fnmatch
+int k5_fnmatch(const char *pattern, const char *string, int flags);
+#define FNM_NOMATCH     1       /* Match failed. */
+#define FNM_NOSYS       2       /* Function not implemented. */
+#define FNM_NORES       3       /* Out of resources */
+#define FNM_NOESCAPE    0x01    /* Disable backslash escaping. */
+#define FNM_PATHNAME    0x02    /* Slash must be matched by slash. */
+#define FNM_PERIOD      0x04    /* Period must be matched by period. */
+#define FNM_CASEFOLD    0x08    /* Pattern is matched case-insensitive */
+#define FNM_LEADING_DIR 0x10    /* Ignore /<tail> after Imatch. */
+#endif
+
+/* Provide [v]asprintf interfaces.  */
+#ifndef HAVE_VSNPRINTF
+#ifdef _WIN32
+static inline int
+vsnprintf(char *str, size_t size, const char *format, va_list args)
+{
+    va_list args_copy;
+    int length;
+
+    va_copy(args_copy, args);
+    length = _vscprintf(format, args_copy);
+    va_end(args_copy);
+    if (size > 0) {
+        _vsnprintf(str, size, format, args);
+        str[size - 1] = '\0';
+    }
+    return length;
+}
+static inline int
+snprintf(char *str, size_t size, const char *format, ...)
+{
+    va_list args;
+    int n;
+
+    va_start(args, format);
+    n = vsnprintf(str, size, format, args);
+    va_end(args);
+    return n;
+}
+#else /* not win32 */
+#error We need an implementation of vsnprintf.
+#endif /* win32? */
+#endif /* no vsnprintf */
+
+#ifndef HAVE_VASPRINTF
+
+extern int krb5int_vasprintf(char **, const char *, va_list)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 0)))
+#endif
+    ;
+extern int krb5int_asprintf(char **, const char *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 3)))
+#endif
+    ;
+
+#define vasprintf krb5int_vasprintf
+/* Assume HAVE_ASPRINTF iff HAVE_VASPRINTF.  */
+#define asprintf krb5int_asprintf
+
+#elif defined(NEED_VASPRINTF_PROTO)
+
+extern int vasprintf(char **, const char *, va_list)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 0)))
+#endif
+    ;
+extern int asprintf(char **, const char *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 3)))
+#endif
+    ;
+
+#endif /* have vasprintf and prototype? */
+
+/* Return true if the snprintf return value RESULT reflects a buffer
+   overflow for the buffer size SIZE.
+
+   We cast the result to unsigned int for two reasons.  First, old
+   implementations of snprintf (such as the one in Solaris 9 and
+   prior) return -1 on a buffer overflow.  Casting the result to -1
+   will convert that value to UINT_MAX, which should compare larger
+   than any reasonable buffer size.  Second, comparing signed and
+   unsigned integers will generate warnings with some compilers, and
+   can have unpredictable results, particularly when the relative
+   widths of the types is not known (size_t may be the same width as
+   int or larger).
+*/
+#define SNPRINTF_OVERFLOW(result, size) \
+    ((unsigned int)(result) >= (size_t)(size))
+
+#if defined(_WIN32) || !defined(HAVE_STRERROR_R) || defined(STRERROR_R_CHAR_P)
+#define strerror_r k5_strerror_r
+#endif
+extern int k5_strerror_r(int errnum, char *buf, size_t buflen);
+
+#ifndef HAVE_MKSTEMP
+extern int krb5int_mkstemp(char *);
+#define mkstemp krb5int_mkstemp
+#endif
+
+#ifndef HAVE_GETTIMEOFDAY
+extern int krb5int_gettimeofday(struct timeval *tp, void *ignore);
+#define gettimeofday krb5int_gettimeofday
+#endif
+
+/*
+ * Attempt to zero memory in a way that compilers won't optimize out.
+ *
+ * This mechanism should work even for heap storage about to be freed,
+ * or automatic storage right before we return from a function.
+ *
+ * Then, even if we leak uninitialized memory someplace, or UNIX
+ * "core" files get created with world-read access, some of the most
+ * sensitive data in the process memory will already be safely wiped.
+ *
+ * We're not going so far -- yet -- as to try to protect key data that
+ * may have been written into swap space....
+ */
+#ifdef _WIN32
+# define zap(ptr, len) SecureZeroMemory(ptr, len)
+#elif defined(__STDC_LIB_EXT1__)
+/*
+ * Use memset_s() which cannot be optimized out.  Avoid memset_s(NULL, 0, 0, 0)
+ * which would cause a runtime constraint violation.
+ */
+static inline void zap(void *ptr, size_t len)
+{
+    if (len > 0)
+        memset_s(ptr, len, 0, len);
+}
+#elif defined(HAVE_EXPLICIT_BZERO)
+# define zap(ptr, len) explicit_bzero(ptr, len)
+#elif defined(HAVE_EXPLICIT_MEMSET)
+# define zap(ptr, len) explicit_memset(ptr, 0, len)
+#elif defined(__GNUC__) || defined(__clang__)
+/*
+ * Use an asm statement which declares a memory clobber to force the memset to
+ * be carried out.  Avoid memset(NULL, 0, 0) which has undefined behavior.
+ */
+static inline void zap(void *ptr, size_t len)
+{
+    if (len > 0)
+        memset(ptr, 0, len);
+    __asm__ __volatile__("" : : "g" (ptr) : "memory");
+}
+#else
+/*
+ * Use a function from libkrb5support to defeat inlining unless link-time
+ * optimization is used.  The function uses a volatile pointer, which prevents
+ * current compilers from optimizing out the memset.
+ */
+# define zap(ptr, len) krb5int_zap(ptr, len)
+#endif
+
+extern void krb5int_zap(void *ptr, size_t len);
+
+/*
+ * Return 0 if the n-byte memory regions p1 and p2 are equal, and nonzero if
+ * they are not.  The function is intended to take the same amount of time
+ * regardless of how many bytes of p1 and p2 are equal.
+ */
+int k5_bcmp(const void *p1, const void *p2, size_t n);
+
+/*
+ * Split a path into parent directory and basename.  Either output parameter
+ * may be NULL if the caller doesn't need it.  parent_out will be empty if path
+ * has no basename.  basename_out will be empty if path ends with a path
+ * separator.  Returns 0 on success or ENOMEM on allocation failure.
+ */
+long k5_path_split(const char *path, char **parent_out, char **basename_out);
+
+/*
+ * Compose two path components, inserting the platform-appropriate path
+ * separator if needed.  If path2 is an absolute path, path1 will be discarded
+ * and path_out will be a copy of path2.  Returns 0 on success or ENOMEM on
+ * allocation failure.
+ */
+long k5_path_join(const char *path1, const char *path2, char **path_out);
+
+/* Return 1 if path is absolute, 0 if it is relative. */
+int k5_path_isabs(const char *path);
+
+/*
+ * Localization macros.  If we have gettext, define _ appropriately for
+ * translating a string.  If we do not have gettext, define _ and
+ * bindtextdomain as no-ops.  N_ is always a no-op; it marks a string for
+ * extraction to pot files but does not translate it.
+ */
+#ifdef ENABLE_NLS
+#include <libintl.h>
+#define KRB5_TEXTDOMAIN "mit-krb5"
+#define _(s) dgettext(KRB5_TEXTDOMAIN, s)
+#else
+#define _(s) s
+#define dgettext(d, m) m
+#define ngettext(m1, m2, n) (((n) == 1) ? m1 : m2)
+#define bindtextdomain(p, d)
+#endif
+#define N_(s) s
+
+#if !defined(HAVE_GETOPT) || !defined(HAVE_UNISTD_H)
+/* Data objects imported from DLLs must be declared as such on Windows. */
+#if defined(_WIN32) && !defined(K5_GETOPT_C)
+#define K5_GETOPT_DECL __declspec(dllimport)
+#else
+#define K5_GETOPT_DECL
+#endif
+K5_GETOPT_DECL extern int k5_opterr;
+K5_GETOPT_DECL extern int k5_optind;
+K5_GETOPT_DECL extern int k5_optopt;
+K5_GETOPT_DECL extern char *k5_optarg;
+#define opterr k5_opterr
+#define optind k5_optind
+#define optopt k5_optopt
+#define optarg k5_optarg
+
+extern int k5_getopt(int nargc, char * const nargv[], const char *ostr);
+#define getopt k5_getopt
+#endif /* HAVE_GETOPT */
+
+#ifdef HAVE_GETOPT_LONG
+#include <getopt.h>
+#else
+
+struct option
+{
+  const char *name;
+  int has_arg;
+  int *flag;
+  int val;
+};
+
+#define no_argument       0
+#define required_argument 1
+#define optional_argument 2
+
+extern int k5_getopt_long(int nargc, char **nargv, char *options,
+                          struct option *long_options, int *index);
+#define getopt_long k5_getopt_long
+#endif /* HAVE_GETOPT_LONG */
+
+#if defined(_WIN32)
+/* On Windows there is never a need to ignore the process environment. */
+#define secure_getenv getenv
+#elif !defined(HAVE_SECURE_GETENV)
+#define secure_getenv k5_secure_getenv
+extern char *k5_secure_getenv(const char *name);
+#endif
+
+/* Set *fnames_out to a null-terminated list of filenames within dirname,
+ * sorted according to strcmp().  Return 0 on success, or ENOENT/ENOMEM. */
+int k5_dir_filenames(const char *dirname, char ***fnames_out);
+void k5_free_filenames(char **fnames);
+
+#endif /* K5_PLATFORM_H */
diff --git a/krb5-1.21.3/src/include/k5-plugin.h b/krb5-1.21.3/src/include/k5-plugin.h
new file mode 100644
index 00000000..90809e16
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-plugin.h
@@ -0,0 +1,121 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+/* Just those definitions which are needed by util/support/plugins.c,
+   which gets compiled before util/et is built, which happens before
+   we can construct krb5.h, which is included by k5-int.h.
+
+   So, no krb5 types.  */
+
+#ifndef K5_PLUGIN_H
+#define K5_PLUGIN_H
+
+#if defined(_MSDOS) || defined(_WIN32)
+#include "win-mac.h"
+#endif
+#include "autoconf.h"
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif
+
+#include "k5-err.h"
+
+/*
+ * Plugins normally export fixed symbol names, but when statically
+ * linking plugins, we need a different symbol name for each plugin.
+ * The first argument to PLUGIN_SYMBOL_NAME acts as the
+ * differentiator, and is only used for static plugin linking.
+ *
+ * Although this macro (and thus this header file) are used in plugins
+ * whose code lies inside the krb5 tree, plugins maintained separately
+ * from the krb5 tree do not need it; they can just use the fixed
+ * symbol name unconditionally.
+ */
+#ifdef STATIC_PLUGINS
+#define PLUGIN_SYMBOL_NAME(prefix, symbol) prefix ## _ ## symbol
+#else
+#define PLUGIN_SYMBOL_NAME(prefix, symbol) symbol
+#endif
+
+struct plugin_file_handle;      /* opaque */
+
+struct plugin_dir_handle {
+    /* This points to a NULL-terminated list of pointers to plugin_file_handle structs */
+    struct plugin_file_handle **files;
+};
+#define PLUGIN_DIR_INIT(P) ((P)->files = NULL)
+#define PLUGIN_DIR_OPEN(P) ((P)->files != NULL)
+
+long KRB5_CALLCONV
+krb5int_open_plugin (const char *, struct plugin_file_handle **, struct errinfo *);
+void KRB5_CALLCONV
+krb5int_close_plugin (struct plugin_file_handle *);
+
+long KRB5_CALLCONV
+krb5int_get_plugin_data (struct plugin_file_handle *, const char *, void **,
+                         struct errinfo *);
+
+long KRB5_CALLCONV
+krb5int_get_plugin_func (struct plugin_file_handle *, const char *,
+                         void (**)(), struct errinfo *);
+
+
+long KRB5_CALLCONV
+krb5int_open_plugin_dirs (const char * const *, const char * const *,
+                          struct plugin_dir_handle *, struct errinfo *);
+void KRB5_CALLCONV
+krb5int_close_plugin_dirs (struct plugin_dir_handle *);
+
+long KRB5_CALLCONV
+krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *,
+                             void ***, struct errinfo *);
+void KRB5_CALLCONV
+krb5int_free_plugin_dir_data (void **);
+
+long KRB5_CALLCONV
+krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *,
+                             void (***)(void), struct errinfo *);
+void KRB5_CALLCONV
+krb5int_free_plugin_dir_func (void (**)(void));
+
+#endif /* K5_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/k5-queue.h b/krb5-1.21.3/src/include/k5-queue.h
new file mode 100644
index 00000000..ad6d866f
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-queue.h
@@ -0,0 +1,637 @@
+/*
+ * This is a copy of NetBSD's sys/queue.h, edited to use a different symbol for
+ * multiple inclusion protection and to suppress the include of <sys/null.h>.
+ */
+
+/*	$NetBSD: queue.h,v 1.53 2011/11/19 22:51:31 tls Exp $	*/
+
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)queue.h	8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef	K5_QUEUE_H
+#define	K5_QUEUE_H
+
+/* #include <sys/null.h> */
+
+/*
+ * This file defines five types of data structures: singly-linked lists,
+ * lists, simple queues, tail queues, and circular queues.
+ *
+ * A singly-linked list is headed by a single forward pointer. The
+ * elements are singly linked for minimum space and pointer manipulation
+ * overhead at the expense of O(n) removal for arbitrary elements. New
+ * elements can be added to the list after an existing element or at the
+ * head of the list.  Elements being removed from the head of the list
+ * should use the explicit macro for this purpose for optimum
+ * efficiency. A singly-linked list may only be traversed in the forward
+ * direction.  Singly-linked lists are ideal for applications with large
+ * datasets and few or no removals or for implementing a LIFO queue.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before
+ * or after an existing element or at the head of the list. A list
+ * may only be traversed in the forward direction.
+ *
+ * A simple queue is headed by a pair of pointers, one the head of the
+ * list and the other to the tail of the list. The elements are singly
+ * linked to save space, so elements can only be removed from the
+ * head of the list. New elements can be added to the list after
+ * an existing element, at the head of the list, or at the end of the
+ * list. A simple queue may only be traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or
+ * after an existing element, at the head of the list, or at the end of
+ * the list. A tail queue may be traversed in either direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ */
+
+/*
+ * List definitions.
+ */
+#define	K5_LIST_HEAD(name, type)					\
+struct name {								\
+	struct type *lh_first;	/* first element */			\
+}
+
+#define	K5_LIST_HEAD_INITIALIZER(head)					\
+	{ NULL }
+
+#define	K5_LIST_ENTRY(type)						\
+struct {								\
+	struct type *le_next;	/* next element */			\
+	struct type **le_prev;	/* address of previous next element */	\
+}
+
+/*
+ * List functions.
+ */
+#define	K5_LIST_INIT(head) do {						\
+	(head)->lh_first = NULL;					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_LIST_INSERT_AFTER(listelm, elm, field) do {			\
+	if (((elm)->field.le_next = (listelm)->field.le_next) != NULL)	\
+		(listelm)->field.le_next->field.le_prev =		\
+		    &(elm)->field.le_next;				\
+	(listelm)->field.le_next = (elm);				\
+	(elm)->field.le_prev = &(listelm)->field.le_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	K5_LIST_INSERT_BEFORE(listelm, elm, field) do {			\
+	(elm)->field.le_prev = (listelm)->field.le_prev;		\
+	(elm)->field.le_next = (listelm);				\
+	*(listelm)->field.le_prev = (elm);				\
+	(listelm)->field.le_prev = &(elm)->field.le_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	K5_LIST_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.le_next = (head)->lh_first) != NULL)		\
+		(head)->lh_first->field.le_prev = &(elm)->field.le_next;\
+	(head)->lh_first = (elm);					\
+	(elm)->field.le_prev = &(head)->lh_first;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_LIST_REMOVE(elm, field) do {					\
+	if ((elm)->field.le_next != NULL)				\
+		(elm)->field.le_next->field.le_prev = 			\
+		    (elm)->field.le_prev;				\
+	*(elm)->field.le_prev = (elm)->field.le_next;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_LIST_FOREACH(var, head, field)				\
+	for ((var) = ((head)->lh_first);				\
+		(var);							\
+		(var) = ((var)->field.le_next))
+
+#define	K5_LIST_FOREACH_SAFE(var, head, field, tvar)			\
+	for ((var) = K5_LIST_FIRST((head));				\
+		(var) && ((tvar) = K5_LIST_NEXT((var), field), 1);	\
+		(var) = (tvar))
+/*
+ * List access methods.
+ */
+#define	K5_LIST_EMPTY(head)		((head)->lh_first == NULL)
+#define	K5_LIST_FIRST(head)		((head)->lh_first)
+#define	K5_LIST_NEXT(elm, field)	((elm)->field.le_next)
+
+
+/*
+ * Singly-linked List definitions.
+ */
+#define	K5_SLIST_HEAD(name, type)					\
+struct name {								\
+	struct type *slh_first;	/* first element */			\
+}
+
+#define	K5_SLIST_HEAD_INITIALIZER(head)					\
+	{ NULL }
+
+#define	K5_SLIST_ENTRY(type)						\
+struct {								\
+	struct type *sle_next;	/* next element */			\
+}
+
+/*
+ * Singly-linked List functions.
+ */
+#define	K5_SLIST_INIT(head) do {					\
+	(head)->slh_first = NULL;					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SLIST_INSERT_AFTER(slistelm, elm, field) do {		\
+	(elm)->field.sle_next = (slistelm)->field.sle_next;		\
+	(slistelm)->field.sle_next = (elm);				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SLIST_INSERT_HEAD(head, elm, field) do {			\
+	(elm)->field.sle_next = (head)->slh_first;			\
+	(head)->slh_first = (elm);					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SLIST_REMOVE_HEAD(head, field) do {				\
+	(head)->slh_first = (head)->slh_first->field.sle_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SLIST_REMOVE(head, elm, type, field) do {			\
+	if ((head)->slh_first == (elm)) {				\
+		K5_SLIST_REMOVE_HEAD((head), field);			\
+	}								\
+	else {								\
+		struct type *curelm = (head)->slh_first;		\
+		while(curelm->field.sle_next != (elm))			\
+			curelm = curelm->field.sle_next;		\
+		curelm->field.sle_next =				\
+		    curelm->field.sle_next->field.sle_next;		\
+	}								\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SLIST_REMOVE_AFTER(slistelm, field) do {			\
+	(slistelm)->field.sle_next =					\
+	    K5_SLIST_NEXT(K5_SLIST_NEXT((slistelm), field), field);	\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SLIST_FOREACH(var, head, field)				\
+	for((var) = (head)->slh_first; (var); (var) = (var)->field.sle_next)
+
+#define	K5_SLIST_FOREACH_SAFE(var, head, field, tvar)			\
+	for ((var) = K5_SLIST_FIRST((head));				\
+	    (var) && ((tvar) = K5_SLIST_NEXT((var), field), 1);		\
+	    (var) = (tvar))
+
+/*
+ * Singly-linked List access methods.
+ */
+#define	K5_SLIST_EMPTY(head)	((head)->slh_first == NULL)
+#define	K5_SLIST_FIRST(head)	((head)->slh_first)
+#define	K5_SLIST_NEXT(elm, field)	((elm)->field.sle_next)
+
+
+/*
+ * Singly-linked Tail queue declarations.
+ */
+#define	K5_STAILQ_HEAD(name, type)					\
+struct name {								\
+	struct type *stqh_first;	/* first element */			\
+	struct type **stqh_last;	/* addr of last next element */		\
+}
+
+#define	K5_STAILQ_HEAD_INITIALIZER(head)				\
+	{ NULL, &(head).stqh_first }
+
+#define	K5_STAILQ_ENTRY(type)						\
+struct {								\
+	struct type *stqe_next;	/* next element */			\
+}
+
+/*
+ * Singly-linked Tail queue functions.
+ */
+#define	K5_STAILQ_INIT(head) do {					\
+	(head)->stqh_first = NULL;					\
+	(head)->stqh_last = &(head)->stqh_first;				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.stqe_next = (head)->stqh_first) == NULL)	\
+		(head)->stqh_last = &(elm)->field.stqe_next;		\
+	(head)->stqh_first = (elm);					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.stqe_next = NULL;					\
+	*(head)->stqh_last = (elm);					\
+	(head)->stqh_last = &(elm)->field.stqe_next;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	if (((elm)->field.stqe_next = (listelm)->field.stqe_next) == NULL)\
+		(head)->stqh_last = &(elm)->field.stqe_next;		\
+	(listelm)->field.stqe_next = (elm);				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_REMOVE_HEAD(head, field) do {				\
+	if (((head)->stqh_first = (head)->stqh_first->field.stqe_next) == NULL) \
+		(head)->stqh_last = &(head)->stqh_first;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_REMOVE(head, elm, type, field) do {			\
+	if ((head)->stqh_first == (elm)) {				\
+		K5_STAILQ_REMOVE_HEAD((head), field);			\
+	} else {							\
+		struct type *curelm = (head)->stqh_first;		\
+		while (curelm->field.stqe_next != (elm))		\
+			curelm = curelm->field.stqe_next;		\
+		if ((curelm->field.stqe_next =				\
+			curelm->field.stqe_next->field.stqe_next) == NULL) \
+			    (head)->stqh_last = &(curelm)->field.stqe_next; \
+	}								\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_FOREACH(var, head, field)				\
+	for ((var) = ((head)->stqh_first);				\
+		(var);							\
+		(var) = ((var)->field.stqe_next))
+
+#define	K5_STAILQ_FOREACH_SAFE(var, head, field, tvar)			\
+	for ((var) = K5_STAILQ_FIRST((head));				\
+	    (var) && ((tvar) = K5_STAILQ_NEXT((var), field), 1);	\
+	    (var) = (tvar))
+
+#define	K5_STAILQ_CONCAT(head1, head2) do {				\
+	if (!K5_STAILQ_EMPTY((head2))) {				\
+		*(head1)->stqh_last = (head2)->stqh_first;		\
+		(head1)->stqh_last = (head2)->stqh_last;		\
+		K5_STAILQ_INIT((head2));				\
+	}								\
+} while (/*CONSTCOND*/0)
+
+#define	K5_STAILQ_LAST(head, type, field)				\
+	(K5_STAILQ_EMPTY((head)) ?					\
+		NULL :							\
+	        ((struct type *)(void *)				\
+		((char *)((head)->stqh_last) - offsetof(struct type, field))))
+
+/*
+ * Singly-linked Tail queue access methods.
+ */
+#define	K5_STAILQ_EMPTY(head)	((head)->stqh_first == NULL)
+#define	K5_STAILQ_FIRST(head)	((head)->stqh_first)
+#define	K5_STAILQ_NEXT(elm, field)	((elm)->field.stqe_next)
+
+
+/*
+ * Simple queue definitions.
+ */
+#define	K5_SIMPLEQ_HEAD(name, type)					\
+struct name {								\
+	struct type *sqh_first;	/* first element */			\
+	struct type **sqh_last;	/* addr of last next element */		\
+}
+
+#define	K5_SIMPLEQ_HEAD_INITIALIZER(head)				\
+	{ NULL, &(head).sqh_first }
+
+#define	K5_SIMPLEQ_ENTRY(type)						\
+struct {								\
+	struct type *sqe_next;	/* next element */			\
+}
+
+/*
+ * Simple queue functions.
+ */
+#define	K5_SIMPLEQ_INIT(head) do {					\
+	(head)->sqh_first = NULL;					\
+	(head)->sqh_last = &(head)->sqh_first;				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.sqe_next = (head)->sqh_first) == NULL)	\
+		(head)->sqh_last = &(elm)->field.sqe_next;		\
+	(head)->sqh_first = (elm);					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.sqe_next = NULL;					\
+	*(head)->sqh_last = (elm);					\
+	(head)->sqh_last = &(elm)->field.sqe_next;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
+		(head)->sqh_last = &(elm)->field.sqe_next;		\
+	(listelm)->field.sqe_next = (elm);				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_REMOVE_HEAD(head, field) do {			\
+	if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \
+		(head)->sqh_last = &(head)->sqh_first;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_REMOVE(head, elm, type, field) do {			\
+	if ((head)->sqh_first == (elm)) {				\
+		K5_SIMPLEQ_REMOVE_HEAD((head), field);			\
+	} else {							\
+		struct type *curelm = (head)->sqh_first;		\
+		while (curelm->field.sqe_next != (elm))			\
+			curelm = curelm->field.sqe_next;		\
+		if ((curelm->field.sqe_next =				\
+			curelm->field.sqe_next->field.sqe_next) == NULL) \
+			    (head)->sqh_last = &(curelm)->field.sqe_next; \
+	}								\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_FOREACH(var, head, field)				\
+	for ((var) = ((head)->sqh_first);				\
+		(var);							\
+		(var) = ((var)->field.sqe_next))
+
+#define	K5_SIMPLEQ_FOREACH_SAFE(var, head, field, next)			\
+	for ((var) = ((head)->sqh_first);				\
+		(var) && ((next = ((var)->field.sqe_next)), 1);		\
+		(var) = (next))
+
+#define	K5_SIMPLEQ_CONCAT(head1, head2) do {				\
+	if (!K5_SIMPLEQ_EMPTY((head2))) {				\
+		*(head1)->sqh_last = (head2)->sqh_first;		\
+		(head1)->sqh_last = (head2)->sqh_last;		\
+		K5_SIMPLEQ_INIT((head2));				\
+	}								\
+} while (/*CONSTCOND*/0)
+
+#define	K5_SIMPLEQ_LAST(head, type, field)				\
+	(K5_SIMPLEQ_EMPTY((head)) ?					\
+		NULL :							\
+	        ((struct type *)(void *)				\
+		((char *)((head)->sqh_last) - offsetof(struct type, field))))
+
+/*
+ * Simple queue access methods.
+ */
+#define	K5_SIMPLEQ_EMPTY(head)		((head)->sqh_first == NULL)
+#define	K5_SIMPLEQ_FIRST(head)		((head)->sqh_first)
+#define	K5_SIMPLEQ_NEXT(elm, field)	((elm)->field.sqe_next)
+
+
+/*
+ * Tail queue definitions.
+ */
+#define	_K5_TAILQ_HEAD(name, type, qual)				\
+struct name {								\
+	qual type *tqh_first;		/* first element */		\
+	qual type *qual *tqh_last;	/* addr of last next element */	\
+}
+#define K5_TAILQ_HEAD(name, type)	_K5_TAILQ_HEAD(name, struct type,)
+
+#define	K5_TAILQ_HEAD_INITIALIZER(head)					\
+	{ NULL, &(head).tqh_first }
+
+#define	_K5_TAILQ_ENTRY(type, qual)					\
+struct {								\
+	qual type *tqe_next;		/* next element */		\
+	qual type *qual *tqe_prev;	/* address of previous next element */\
+}
+#define K5_TAILQ_ENTRY(type)	_K5_TAILQ_ENTRY(struct type,)
+
+/*
+ * Tail queue functions.
+ */
+#define	K5_TAILQ_INIT(head) do {					\
+	(head)->tqh_first = NULL;					\
+	(head)->tqh_last = &(head)->tqh_first;				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_TAILQ_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
+		(head)->tqh_first->field.tqe_prev =			\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(head)->tqh_first = (elm);					\
+	(elm)->field.tqe_prev = &(head)->tqh_first;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_TAILQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.tqe_next = NULL;					\
+	(elm)->field.tqe_prev = (head)->tqh_last;			\
+	*(head)->tqh_last = (elm);					\
+	(head)->tqh_last = &(elm)->field.tqe_next;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_TAILQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+		(elm)->field.tqe_next->field.tqe_prev = 		\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(listelm)->field.tqe_next = (elm);				\
+	(elm)->field.tqe_prev = &(listelm)->field.tqe_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	K5_TAILQ_INSERT_BEFORE(listelm, elm, field) do {		\
+	(elm)->field.tqe_prev = (listelm)->field.tqe_prev;		\
+	(elm)->field.tqe_next = (listelm);				\
+	*(listelm)->field.tqe_prev = (elm);				\
+	(listelm)->field.tqe_prev = &(elm)->field.tqe_next;		\
+} while (/*CONSTCOND*/0)
+
+#define	K5_TAILQ_REMOVE(head, elm, field) do {				\
+	if (((elm)->field.tqe_next) != NULL)				\
+		(elm)->field.tqe_next->field.tqe_prev = 		\
+		    (elm)->field.tqe_prev;				\
+	else								\
+		(head)->tqh_last = (elm)->field.tqe_prev;		\
+	*(elm)->field.tqe_prev = (elm)->field.tqe_next;			\
+} while (/*CONSTCOND*/0)
+
+#define	K5_TAILQ_FOREACH(var, head, field)				\
+	for ((var) = ((head)->tqh_first);				\
+		(var);							\
+		(var) = ((var)->field.tqe_next))
+
+#define	K5_TAILQ_FOREACH_SAFE(var, head, field, next)			\
+	for ((var) = ((head)->tqh_first);				\
+	        (var) != NULL && ((next) = K5_TAILQ_NEXT(var, field), 1);	\
+		(var) = (next))
+
+#define	K5_TAILQ_FOREACH_REVERSE(var, head, headname, field)		\
+	for ((var) = (*(((struct headname *)((head)->tqh_last))->tqh_last));	\
+		(var);							\
+		(var) = (*(((struct headname *)((var)->field.tqe_prev))->tqh_last)))
+
+#define	K5_TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, prev)	\
+	for ((var) = K5_TAILQ_LAST((head), headname);			\
+		(var) && ((prev) = K5_TAILQ_PREV((var), headname, field), 1);\
+		(var) = (prev))
+
+#define	K5_TAILQ_CONCAT(head1, head2, field) do {			\
+	if (!K5_TAILQ_EMPTY(head2)) {					\
+		*(head1)->tqh_last = (head2)->tqh_first;		\
+		(head2)->tqh_first->field.tqe_prev = (head1)->tqh_last;	\
+		(head1)->tqh_last = (head2)->tqh_last;			\
+		K5_TAILQ_INIT((head2));					\
+	}								\
+} while (/*CONSTCOND*/0)
+
+/*
+ * Tail queue access methods.
+ */
+#define	K5_TAILQ_EMPTY(head)		((head)->tqh_first == NULL)
+#define	K5_TAILQ_FIRST(head)		((head)->tqh_first)
+#define	K5_TAILQ_NEXT(elm, field)	((elm)->field.tqe_next)
+
+#define	K5_TAILQ_LAST(head, headname) \
+	(*(((struct headname *)((head)->tqh_last))->tqh_last))
+#define	K5_TAILQ_PREV(elm, headname, field) \
+	(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+
+
+/*
+ * Circular queue definitions.
+ */
+#define	K5_CIRCLEQ_HEAD(name, type)					\
+struct name {								\
+	struct type *cqh_first;		/* first element */		\
+	struct type *cqh_last;		/* last element */		\
+}
+
+#define	K5_CIRCLEQ_HEAD_INITIALIZER(head)				\
+	{ (void *)&head, (void *)&head }
+
+#define	K5_CIRCLEQ_ENTRY(type)						\
+struct {								\
+	struct type *cqe_next;		/* next element */		\
+	struct type *cqe_prev;		/* previous element */		\
+}
+
+/*
+ * Circular queue functions.
+ */
+#define	K5_CIRCLEQ_INIT(head) do {					\
+	(head)->cqh_first = (void *)(head);				\
+	(head)->cqh_last = (void *)(head);				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	(elm)->field.cqe_next = (listelm)->field.cqe_next;		\
+	(elm)->field.cqe_prev = (listelm);				\
+	if ((listelm)->field.cqe_next == (void *)(head))		\
+		(head)->cqh_last = (elm);				\
+	else								\
+		(listelm)->field.cqe_next->field.cqe_prev = (elm);	\
+	(listelm)->field.cqe_next = (elm);				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do {	\
+	(elm)->field.cqe_next = (listelm);				\
+	(elm)->field.cqe_prev = (listelm)->field.cqe_prev;		\
+	if ((listelm)->field.cqe_prev == (void *)(head))		\
+		(head)->cqh_first = (elm);				\
+	else								\
+		(listelm)->field.cqe_prev->field.cqe_next = (elm);	\
+	(listelm)->field.cqe_prev = (elm);				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_CIRCLEQ_INSERT_HEAD(head, elm, field) do {			\
+	(elm)->field.cqe_next = (head)->cqh_first;			\
+	(elm)->field.cqe_prev = (void *)(head);				\
+	if ((head)->cqh_last == (void *)(head))				\
+		(head)->cqh_last = (elm);				\
+	else								\
+		(head)->cqh_first->field.cqe_prev = (elm);		\
+	(head)->cqh_first = (elm);					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_CIRCLEQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.cqe_next = (void *)(head);				\
+	(elm)->field.cqe_prev = (head)->cqh_last;			\
+	if ((head)->cqh_first == (void *)(head))			\
+		(head)->cqh_first = (elm);				\
+	else								\
+		(head)->cqh_last->field.cqe_next = (elm);		\
+	(head)->cqh_last = (elm);					\
+} while (/*CONSTCOND*/0)
+
+#define	K5_CIRCLEQ_REMOVE(head, elm, field) do {			\
+	if ((elm)->field.cqe_next == (void *)(head))			\
+		(head)->cqh_last = (elm)->field.cqe_prev;		\
+	else								\
+		(elm)->field.cqe_next->field.cqe_prev =			\
+		    (elm)->field.cqe_prev;				\
+	if ((elm)->field.cqe_prev == (void *)(head))			\
+		(head)->cqh_first = (elm)->field.cqe_next;		\
+	else								\
+		(elm)->field.cqe_prev->field.cqe_next =			\
+		    (elm)->field.cqe_next;				\
+} while (/*CONSTCOND*/0)
+
+#define	K5_CIRCLEQ_FOREACH(var, head, field)				\
+	for ((var) = ((head)->cqh_first);				\
+		(var) != (const void *)(head);				\
+		(var) = ((var)->field.cqe_next))
+
+#define	K5_CIRCLEQ_FOREACH_REVERSE(var, head, field)			\
+	for ((var) = ((head)->cqh_last);				\
+		(var) != (const void *)(head);				\
+		(var) = ((var)->field.cqe_prev))
+
+/*
+ * Circular queue access methods.
+ */
+#define	K5_CIRCLEQ_EMPTY(head)		((head)->cqh_first == (void *)(head))
+#define	K5_CIRCLEQ_FIRST(head)		((head)->cqh_first)
+#define	K5_CIRCLEQ_LAST(head)		((head)->cqh_last)
+#define	K5_CIRCLEQ_NEXT(elm, field)	((elm)->field.cqe_next)
+#define	K5_CIRCLEQ_PREV(elm, field)	((elm)->field.cqe_prev)
+
+#define K5_CIRCLEQ_LOOP_NEXT(head, elm, field)				\
+	(((elm)->field.cqe_next == (void *)(head))			\
+	    ? ((head)->cqh_first)					\
+	    : (elm->field.cqe_next))
+#define K5_CIRCLEQ_LOOP_PREV(head, elm, field)				\
+	(((elm)->field.cqe_prev == (void *)(head))			\
+	    ? ((head)->cqh_last)					\
+	    : (elm->field.cqe_prev))
+
+#endif	/* !K5_QUEUE_H */
diff --git a/krb5-1.21.3/src/include/k5-spake.h b/krb5-1.21.3/src/include/k5-spake.h
new file mode 100644
index 00000000..ddb5d810
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-spake.h
@@ -0,0 +1,107 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-spake.h - SPAKE preauth mech declarations */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The SPAKE preauth mechanism allows long-term client keys to be used for
+ * preauthentication without exposing them to offline dictionary attacks.  The
+ * negotiated key can also be used for second-factor authentication.  This
+ * header file declares structures and encoder/decoder functions for the
+ * mechanism's padata messages.
+ */
+
+#ifndef K5_SPAKE_H
+#define K5_SPAKE_H
+
+#include "k5-int.h"
+
+/* SPAKESecondFactor is contained within a SPAKEChallenge, SPAKEResponse, or
+ * EncryptedData message and contains a second-factor challenge or response. */
+typedef struct krb5_spake_factor_st {
+    int32_t type;
+    krb5_data *data;
+} krb5_spake_factor;
+
+/* SPAKESupport is sent from the client to the KDC to indicate which group the
+ * client supports. */
+typedef struct krb5_spake_support_st {
+    int32_t ngroups;
+    int32_t *groups;
+} krb5_spake_support;
+
+/* SPAKEChallenge is sent from the KDC to the client to communicate its group
+ * selection, public value, and second-factor challenge options. */
+typedef struct krb5_spake_challenge_st {
+    int32_t group;
+    krb5_data pubkey;
+    krb5_spake_factor **factors;
+} krb5_spake_challenge;
+
+/* SPAKEResponse is sent from the client to the KDC to communicate its public
+ * value and encrypted second-factor response. */
+typedef struct krb5_spake_response_st {
+    krb5_data pubkey;
+    krb5_enc_data factor;
+} krb5_spake_response;
+
+enum krb5_spake_msgtype {
+    SPAKE_MSGTYPE_UNKNOWN = -1,
+    SPAKE_MSGTYPE_SUPPORT = 0,
+    SPAKE_MSGTYPE_CHALLENGE = 1,
+    SPAKE_MSGTYPE_RESPONSE = 2,
+    SPAKE_MSGTYPE_ENCDATA = 3
+};
+
+/* PA-SPAKE is a choice among the message types which can appear in a PA-SPAKE
+ * padata element. */
+typedef struct krb5_pa_spake_st {
+    enum krb5_spake_msgtype choice;
+    union krb5_spake_message_choices {
+        krb5_spake_support support;
+        krb5_spake_challenge challenge;
+        krb5_spake_response response;
+        krb5_enc_data encdata;
+    } u;
+} krb5_pa_spake;
+
+krb5_error_code encode_krb5_spake_factor(const krb5_spake_factor *val,
+                                         krb5_data **code_out);
+krb5_error_code decode_krb5_spake_factor(const krb5_data *code,
+                                         krb5_spake_factor **val_out);
+void k5_free_spake_factor(krb5_context context, krb5_spake_factor *val);
+
+krb5_error_code encode_krb5_pa_spake(const krb5_pa_spake *val,
+                                     krb5_data **code_out);
+krb5_error_code decode_krb5_pa_spake(const krb5_data *code,
+                                     krb5_pa_spake **val_out);
+void k5_free_pa_spake(krb5_context context, krb5_pa_spake *val);
+
+#endif /* K5_SPAKE_H */
diff --git a/krb5-1.21.3/src/include/k5-thread.h b/krb5-1.21.3/src/include/k5-thread.h
new file mode 100644
index 00000000..a3101239
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-thread.h
@@ -0,0 +1,443 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-thread.h - Preliminary portable thread support */
+/*
+ * Copyright 2004,2005,2006,2007,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef K5_THREAD_H
+#define K5_THREAD_H
+
+#include "autoconf.h"
+#ifndef KRB5_CALLCONV
+# define KRB5_CALLCONV
+#endif
+#ifndef KRB5_CALLCONV_C
+# define KRB5_CALLCONV_C
+#endif
+
+/* Interface (tentative):
+
+     Mutex support:
+
+     // Between these two, we should be able to do pure compile-time
+     // and pure run-time initialization.
+     //   POSIX:   partial initializer is PTHREAD_MUTEX_INITIALIZER,
+     //            finish does nothing
+     //   Windows: partial initializer is an invalid handle,
+     //            finish does the real initialization work
+     k5_mutex_t foo_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+     int k5_mutex_finish_init(k5_mutex_t *);
+     // for dynamic allocation
+     int k5_mutex_init(k5_mutex_t *);
+     // Must work for both kinds of alloc, even if it means adding flags.
+     int k5_mutex_destroy(k5_mutex_t *);
+
+     // As before.
+     int k5_mutex_lock(k5_mutex_t *);
+     int k5_mutex_unlock(k5_mutex_t *);
+
+     In each library, one new function to finish the static mutex init,
+     and any other library-wide initialization that might be desired.
+     On POSIX, this function would be called via the second support
+     function (see below).  On Windows, it would be called at library
+     load time.  These functions, or functions they calls, should be the
+     only places that k5_mutex_finish_init gets called.
+
+     A second function or macro called at various possible "first" entry
+     points which either calls pthread_once on the first function
+     (POSIX), or checks some flag set by the first function (Windows),
+     and possibly returns an error.  (In the non-threaded case, a simple
+     flag can be used to avoid multiple invocations, and the mutexes
+     don't need run-time initialization anyways.)
+
+     A third function for library termination calls mutex_destroy on
+     each mutex for the library.  This function would be called
+     automatically at library unload time.  If it turns out to be needed
+     at exit time for libraries that don't get unloaded, perhaps we
+     should also use atexit().  Any static mutexes should be cleaned up
+     with k5_mutex_destroy here.
+
+     How does that second support function invoke the first support
+     function only once?  Through something modelled on pthread_once
+     that I haven't written up yet.  Probably:
+
+     k5_once_t foo_once = K5_ONCE_INIT;
+     k5_once(k5_once_t *, void (*)(void));
+
+     For POSIX: Map onto pthread_once facility.
+     For non-threaded case: A simple flag.
+     For Windows: Not needed; library init code takes care of it.
+
+     XXX: A general k5_once mechanism isn't possible for Windows,
+     without faking it through named mutexes or mutexes initialized at
+     startup.  I was only using it in one place outside these headers,
+     so I'm dropping the general scheme.  Eventually the existing uses
+     in k5-thread.h and k5-platform.h will be converted to pthread_once
+     or static variables.
+
+
+     Thread-specific data:
+
+     // TSD keys are limited in number in gssapi/krb5/com_err; enumerate
+     // them all.  This allows support code init to allocate the
+     // necessary storage for pointers all at once, and avoids any
+     // possible error in key creation.
+     enum { ... } k5_key_t;
+     // Register destructor function.  Called in library init code.
+     int k5_key_register(k5_key_t, void (*destructor)(void *));
+     // Returns NULL or data.
+     void *k5_getspecific(k5_key_t);
+     // Returns error if key out of bounds, or the pointer table can't
+     // be allocated.  A call to k5_key_register must have happened first.
+     // This may trigger the calling of pthread_setspecific on POSIX.
+     int k5_setspecific(k5_key_t, void *);
+     // Called in library termination code.
+     // Trashes data in all threads, calling the registered destructor
+     // (but calling it from the current thread).
+     int k5_key_delete(k5_key_t);
+
+     For the non-threaded version, the support code will have a static
+     array indexed by k5_key_t values, and get/setspecific simply access
+     the array elements.
+
+     The TSD destructor table is global state, protected by a mutex if
+     threads are enabled.
+
+
+     Any actual external symbols will use the krb5int_ prefix.  The k5_
+     names will be simple macros or inline functions to rename the
+     external symbols, or slightly more complex ones to expand the
+     implementation inline (e.g., map to POSIX versions and/or debug
+     code using __FILE__ and the like).
+
+
+     More to be added, perhaps.  */
+
+#include <assert.h>
+#ifndef NDEBUG
+#include <stdio.h>
+#include <string.h>
+#endif
+
+/* The mutex structure we use, k5_mutex_t, is defined to some
+   OS-specific bits.  The use of multiple layers of typedefs are an
+   artifact resulting from debugging code we once used, implemented as
+   wrappers around the OS mutex scheme.
+
+   The OS specific bits, in k5_os_mutex, break down into three primary
+   implementations, POSIX threads, Windows threads, and no thread
+   support.  However, the POSIX thread version is further subdivided:
+   In one case, we can determine at run time whether the thread
+   library is linked into the application, and use it only if it is
+   present; in the other case, we cannot, and the thread library must
+   be linked in always, but can be used unconditionally.  In the
+   former case, the k5_os_mutex structure needs to hold both the POSIX
+   and the non-threaded versions.
+
+   The various k5_os_mutex_* operations are the OS-specific versions,
+   applied to the OS-specific data, and k5_mutex_* uses k5_os_mutex_*
+   to do the OS-specific parts of the work.  */
+
+/* Define the OS mutex bit.  */
+
+typedef char k5_os_nothread_mutex;
+# define K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER       0
+/* Empty inline functions avoid the "statement with no effect"
+   warnings, and do better type-checking than functions that don't use
+   their arguments.  */
+static inline int k5_os_nothread_mutex_finish_init(k5_os_nothread_mutex *m) {
+    return 0;
+}
+static inline int k5_os_nothread_mutex_init(k5_os_nothread_mutex *m) {
+    return 0;
+}
+static inline int k5_os_nothread_mutex_destroy(k5_os_nothread_mutex *m) {
+    return 0;
+}
+static inline int k5_os_nothread_mutex_lock(k5_os_nothread_mutex *m) {
+    return 0;
+}
+static inline int k5_os_nothread_mutex_unlock(k5_os_nothread_mutex *m) {
+    return 0;
+}
+
+/* Values:
+   2 - function has not been run
+   3 - function has been run
+   4 - function is being run -- deadlock detected */
+typedef unsigned char k5_os_nothread_once_t;
+# define K5_OS_NOTHREAD_ONCE_INIT       2
+# define k5_os_nothread_once(O,F)                               \
+    (*(O) == 3 ? 0                                              \
+     : *(O) == 2 ? (*(O) = 4, (F)(), *(O) = 3, 0)               \
+     : (assert(*(O) != 4), assert(*(O) == 2 || *(O) == 3), 0))
+
+
+
+#ifndef ENABLE_THREADS
+
+typedef k5_os_nothread_mutex k5_os_mutex;
+# define K5_OS_MUTEX_PARTIAL_INITIALIZER        \
+    K5_OS_NOTHREAD_MUTEX_PARTIAL_INITIALIZER
+# define k5_os_mutex_finish_init        k5_os_nothread_mutex_finish_init
+# define k5_os_mutex_init               k5_os_nothread_mutex_init
+# define k5_os_mutex_destroy            k5_os_nothread_mutex_destroy
+# define k5_os_mutex_lock               k5_os_nothread_mutex_lock
+# define k5_os_mutex_unlock             k5_os_nothread_mutex_unlock
+
+# define k5_once_t                      k5_os_nothread_once_t
+# define K5_ONCE_INIT                   K5_OS_NOTHREAD_ONCE_INIT
+# define k5_once                        k5_os_nothread_once
+
+#elif HAVE_PTHREAD
+
+# include <pthread.h>
+
+/* Weak reference support, etc.
+
+   Linux: Stub mutex routines exist, but pthread_once does not.
+
+   Solaris <10: In libc there's a pthread_once that doesn't seem to do
+   anything.  Bleah.  But pthread_mutexattr_setrobust_np is defined
+   only in libpthread.  However, some version of GNU libc (Red Hat's
+   Fedora Core 5, reportedly) seems to have that function, but no
+   declaration, so we'd have to declare it in order to test for its
+   address.  We now have tests to see if pthread_once actually works,
+   so stick with that for now.
+
+   Solaris 10: The real thread support now lives in libc, and
+   libpthread is just a filter object.  So we might as well use the
+   real functions unconditionally.  Since we haven't got a test for
+   this property yet, we use NO_WEAK_PTHREADS defined in aclocal.m4
+   depending on the OS type.
+
+   IRIX 6.5 stub pthread support in libc is really annoying.  The
+   pthread_mutex_lock function returns ENOSYS for a program not linked
+   against -lpthread.  No link-time failure, no weak symbols, etc.
+   The C library doesn't provide pthread_once; we can use weak
+   reference support for that.
+
+   If weak references are not available, then for now, we assume that
+   the pthread support routines will always be available -- either the
+   real thing, or functional stubs that merely prohibit creating
+   threads.
+
+   If we find a platform with non-functional stubs and no weak
+   references, we may have to resort to some hack like dlsym on the
+   symbol tables of the current process.  */
+
+#if defined(HAVE_PRAGMA_WEAK_REF) && !defined(NO_WEAK_PTHREADS)
+# define USE_CONDITIONAL_PTHREADS
+#endif
+
+#ifdef USE_CONDITIONAL_PTHREADS
+
+/* Can't rely on useful stubs -- see above regarding Solaris.  */
+typedef struct {
+    pthread_once_t o;
+    k5_os_nothread_once_t n;
+} k5_once_t;
+# define K5_ONCE_INIT   { PTHREAD_ONCE_INIT, K5_OS_NOTHREAD_ONCE_INIT }
+
+int k5_once(k5_once_t *once, void (*fn)(void));
+#else
+
+/* no pragma weak support */
+
+typedef pthread_once_t k5_once_t;
+# define K5_ONCE_INIT   PTHREAD_ONCE_INIT
+# define k5_once        pthread_once
+
+#endif
+
+#if defined(__mips) && defined(__sgi) && (defined(_SYSTYPE_SVR4) || defined(__SYSTYPE_SVR4__))
+# ifndef HAVE_PRAGMA_WEAK_REF
+#  if defined(__GNUC__) && __GNUC__ < 3
+#   error "Please update to a newer gcc with weak symbol support, or switch to native cc, reconfigure and recompile."
+#  else
+#   error "Weak reference support is required"
+#  endif
+# endif
+#endif
+
+typedef pthread_mutex_t k5_os_mutex;
+# define K5_OS_MUTEX_PARTIAL_INITIALIZER        \
+    PTHREAD_MUTEX_INITIALIZER
+
+#ifdef USE_CONDITIONAL_PTHREADS
+
+# define k5_os_mutex_finish_init(M)             (0)
+int k5_os_mutex_init(k5_os_mutex *m);
+int k5_os_mutex_destroy(k5_os_mutex *m);
+int k5_os_mutex_lock(k5_os_mutex *m);
+int k5_os_mutex_unlock(k5_os_mutex *m);
+
+#else
+
+static inline int k5_os_mutex_finish_init(k5_os_mutex *m) { return 0; }
+# define k5_os_mutex_init(M)            pthread_mutex_init((M), 0)
+# define k5_os_mutex_destroy(M)         pthread_mutex_destroy((M))
+# define k5_os_mutex_lock(M)            pthread_mutex_lock(M)
+# define k5_os_mutex_unlock(M)          pthread_mutex_unlock(M)
+
+#endif /* is pthreads always available? */
+
+#elif defined _WIN32
+
+# define k5_once_t k5_os_nothread_once_t
+
+typedef struct {
+    HANDLE h;
+    int is_locked;
+} k5_os_mutex;
+
+# define K5_OS_MUTEX_PARTIAL_INITIALIZER { INVALID_HANDLE_VALUE, 0 }
+
+# define k5_os_mutex_finish_init(M)                                     \
+    (assert((M)->h == INVALID_HANDLE_VALUE),                            \
+     ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError())
+# define k5_os_mutex_init(M)                                            \
+    ((M)->is_locked = 0,                                                \
+     ((M)->h = CreateMutex(NULL, FALSE, NULL)) ? 0 : GetLastError())
+# define k5_os_mutex_destroy(M)                                 \
+    (CloseHandle((M)->h) ? ((M)->h = 0, 0) : GetLastError())
+# define k5_os_mutex_lock k5_win_mutex_lock
+
+static inline int k5_win_mutex_lock(k5_os_mutex *m)
+{
+    DWORD res;
+    res = WaitForSingleObject(m->h, INFINITE);
+    if (res == WAIT_FAILED)
+        return GetLastError();
+    /* Eventually these should be turned into some reasonable error
+       code.  */
+    assert(res != WAIT_TIMEOUT);
+    assert(res != WAIT_ABANDONED);
+    assert(res == WAIT_OBJECT_0);
+    /* Avoid locking twice.  */
+    assert(m->is_locked == 0);
+    m->is_locked = 1;
+    return 0;
+}
+
+# define k5_os_mutex_unlock(M)                  \
+    (assert((M)->is_locked == 1),               \
+     (M)->is_locked = 0,                        \
+     ReleaseMutex((M)->h) ? 0 : GetLastError())
+
+#else
+
+# error "Thread support enabled, but thread system unknown"
+
+#endif
+
+typedef k5_os_mutex k5_mutex_t;
+#define K5_MUTEX_PARTIAL_INITIALIZER    K5_OS_MUTEX_PARTIAL_INITIALIZER
+static inline int k5_mutex_init(k5_mutex_t *m)
+{
+    return k5_os_mutex_init(m);
+}
+static inline int k5_mutex_finish_init(k5_mutex_t *m)
+{
+    return k5_os_mutex_finish_init(m);
+}
+#define k5_mutex_destroy(M)                     \
+    (k5_os_mutex_destroy(M))
+
+static inline void k5_mutex_lock(k5_mutex_t *m)
+{
+    int r = k5_os_mutex_lock(m);
+#ifndef NDEBUG
+    if (r != 0) {
+        fprintf(stderr, "k5_mutex_lock: Received error %d (%s)\n",
+                r, strerror(r));
+    }
+#endif
+    assert(r == 0);
+}
+
+static inline void k5_mutex_unlock(k5_mutex_t *m)
+{
+    int r = k5_os_mutex_unlock(m);
+#ifndef NDEBUG
+    if (r != 0) {
+        fprintf(stderr, "k5_mutex_unlock: Received error %d (%s)\n",
+                r, strerror(r));
+    }
+#endif
+    assert(r == 0);
+}
+
+#define k5_mutex_assert_locked(M)       ((void)(M))
+#define k5_mutex_assert_unlocked(M)     ((void)(M))
+#define k5_assert_locked        k5_mutex_assert_locked
+#define k5_assert_unlocked      k5_mutex_assert_unlocked
+
+/* Thread-specific data; implemented in a support file, because we'll
+   need to keep track of some global data for cleanup purposes.
+
+   Note that the callback function type is such that the C library
+   routine free() is a valid callback.  */
+typedef enum {
+    K5_KEY_COM_ERR,
+    K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME,
+    K5_KEY_GSS_KRB5_CCACHE_NAME,
+    K5_KEY_GSS_KRB5_ERROR_MESSAGE,
+    K5_KEY_GSS_SPNEGO_STATUS,
+#if defined(__MACH__) && defined(__APPLE__)
+    K5_KEY_IPC_CONNECTION_INFO,
+#endif
+    K5_KEY_MAX
+} k5_key_t;
+/* rename shorthand symbols for export */
+#define k5_key_register krb5int_key_register
+#define k5_getspecific  krb5int_getspecific
+#define k5_setspecific  krb5int_setspecific
+#define k5_key_delete   krb5int_key_delete
+extern int k5_key_register(k5_key_t, void (*)(void *));
+extern void *k5_getspecific(k5_key_t);
+extern int k5_setspecific(k5_key_t, void *);
+extern int k5_key_delete(k5_key_t);
+
+extern int  KRB5_CALLCONV krb5int_mutex_alloc  (k5_mutex_t **);
+extern void KRB5_CALLCONV krb5int_mutex_free   (k5_mutex_t *);
+extern void KRB5_CALLCONV krb5int_mutex_lock   (k5_mutex_t *);
+extern void KRB5_CALLCONV krb5int_mutex_unlock (k5_mutex_t *);
+
+/* In time, many of the definitions above should move into the support
+   library, and this file should be greatly simplified.  For type
+   definitions, that'll take some work, since other data structures
+   incorporate mutexes directly, and our mutex type is dependent on
+   configuration options and system attributes.  For most functions,
+   though, it should be relatively easy.
+
+   For now, plugins should use the exported functions, and not the
+   above macros, and use krb5int_mutex_alloc for allocations.  */
+#if defined(PLUGIN) || (defined(CONFIG_SMALL) && !defined(THREAD_SUPPORT_IMPL))
+#undef k5_mutex_lock
+#define k5_mutex_lock krb5int_mutex_lock
+#undef k5_mutex_unlock
+#define k5_mutex_unlock krb5int_mutex_unlock
+#endif
+
+#endif /* multiple inclusion? */
diff --git a/krb5-1.21.3/src/include/k5-tls.h b/krb5-1.21.3/src/include/k5-tls.h
new file mode 100644
index 00000000..0661c058
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-tls.h
@@ -0,0 +1,104 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-tls.h - internal pluggable interface for TLS */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This internal pluggable interface allows libkrb5 to load an in-tree module
+ * providing TLS support at runtime.  It is currently tailored for the needs of
+ * the OpenSSL module as used for HTTP proxy support.  As an internal
+ * interface, it can be changed to fit different implementations and consumers
+ * without regard for backward compatibility.
+ */
+
+#ifndef K5_TLS_H
+#define K5_TLS_H
+
+#include "k5-int.h"
+
+/* An abstract type for localauth module data. */
+typedef struct k5_tls_handle_st *k5_tls_handle;
+
+typedef enum {
+    DATA_READ, DONE, WANT_READ, WANT_WRITE, ERROR_TLS
+} k5_tls_status;
+
+/*
+ * Create a handle for fd, where the server certificate must match servername
+ * and be trusted according to anchors.  anchors is a null-terminated list
+ * using the DIR:/FILE:/ENV: syntax borrowed from PKINIT.  If anchors is null,
+ * use the system default trust anchors.
+ */
+typedef krb5_error_code
+(*k5_tls_setup_fn)(krb5_context context, SOCKET fd, const char *servername,
+                   char **anchors, k5_tls_handle *handle_out);
+
+/*
+ * Write len bytes of data using TLS.  Return DONE if writing is complete,
+ * WANT_READ or WANT_WRITE if the underlying socket must be readable or
+ * writable to continue, and ERROR_TLS if the TLS channel or underlying socket
+ * experienced an error.  After WANT_READ or WANT_WRITE, the operation will be
+ * retried with the same arguments even if some data has already been written.
+ * (OpenSSL makes this contract easy to fulfill.  For other implementations we
+ * might want to change it.)
+ */
+typedef k5_tls_status
+(*k5_tls_write_fn)(krb5_context context, k5_tls_handle handle,
+                   const void *data, size_t len);
+
+/*
+ * Read up to data_size bytes of data using TLS.  Return DATA_READ and set
+ * *len_out if any data is read.  Return DONE if there is no more data to be
+ * read on the connection, WANT_READ or WANT_WRITE if the underlying socket
+ * must be readable or writable to continue, and ERROR_TLS if the TLS channel
+ * or underlying socket experienced an error.
+ *
+ * After DATA_READ, there may still be pending buffered data to read.  The
+ * caller must call this method again with additional buffer space before
+ * selecting for reading on the underlying socket.
+ */
+typedef k5_tls_status
+(*k5_tls_read_fn)(krb5_context context, k5_tls_handle handle, void *data,
+                  size_t data_size, size_t *len_out);
+
+/* Release a handle.  Do not pass a null pointer. */
+typedef void
+(*k5_tls_free_handle_fn)(krb5_context context, k5_tls_handle handle);
+
+/* All functions are mandatory unless they are all null, in which case the
+ * caller should assume that TLS is unsupported. */
+typedef struct k5_tls_vtable_st {
+    k5_tls_setup_fn setup;
+    k5_tls_write_fn write;
+    k5_tls_read_fn read;
+    k5_tls_free_handle_fn free_handle;
+} *k5_tls_vtable;
+
+#endif /* K5_TLS_H */
diff --git a/krb5-1.21.3/src/include/k5-trace.h b/krb5-1.21.3/src/include/k5-trace.h
new file mode 100644
index 00000000..16a898fe
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-trace.h
@@ -0,0 +1,523 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-trace.h */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This header contains trace macro definitions, which map trace points within
+ * the code to krb5int_trace() calls with descriptive text strings.
+ *
+ * A new trace macro must be defined in this file for each new location to
+ * be traced; the TRACE() macro should never be used directly.  This keeps
+ * the tracing logic centralized in one place, to facilitate integration with
+ * alternate tracing backends such as DTrace.
+ *
+ * Trace logging is intended to aid power users in diagnosing configuration
+ * problems by showing what's going on behind the scenes of complex operations.
+ * Although trace logging is sometimes useful to developers, it is not intended
+ * as a replacement for a debugger, and it is not desirable to drown the user
+ * in output.  Observe the following guidelines when adding trace points:
+ *
+ *   - Avoid mentioning function or variable names in messages.
+ *
+ *   - Try to convey what decisions are being made and what external inputs
+ *     they are based on, not the process of making decisions.
+ *
+ *   - It is generally not necessary to trace before returning an unrecoverable
+ *     error.  If an error code is unclear by itself, make it clearer with
+ *     krb5_set_error_message().
+ *
+ *   - Keep macros simple.  Add format specifiers to krb5int_trace's formatter
+ *     as necessary (and document them here) instead of transforming macro
+ *     arguments.
+ *
+ *   - Like printf, the trace formatter interface is not type-safe.  Check your
+ *     formats carefully.  Cast integral arguments to the appropriate type if
+ *     they do not already patch.
+ *
+ * The following specifiers are supported by the formatter (see the
+ * implementation in lib/krb5/os/trace.c for details):
+ *
+ *   {int}         int, in decimal
+ *   {long}        long, in decimal
+ *   {str}         const char *, display as C string
+ *   {lenstr}      size_t and const char *, as a counted string
+ *   {hexlenstr}   size_t and const char *, as hex bytes
+ *   {hashlenstr}  size_t and const char *, as four-character hex hash
+ *   {raddr}       struct remote_address *, show socket type, address, port
+ *   {data}        krb5_data *, display as counted string
+ *   {hexdata}     krb5_data *, display as hex bytes
+ *   {errno}       int, display as number/errorstring
+ *   {kerr}        krb5_error_code, display as number/errorstring
+ *   {keyblock}    const krb5_keyblock *, display enctype and hash of key
+ *   {key}         krb5_key, display enctype and hash of key
+ *   {cksum}       const krb5_checksum *, display cksumtype and hex checksum
+ *   {princ}       krb5_principal, unparse and display
+ *   {ptype}       krb5_int32, krb5_principal type, display name
+ *   {patype}      krb5_preauthtype, a single padata type number
+ *   {patypes}     krb5_pa_data **, display list of padata type numbers
+ *   {etype}       krb5_enctype, display shortest name of enctype
+ *   {etypes}      krb5_enctype *, display list of enctypes
+ *   {ccache}      krb5_ccache, display type:name
+ *   {keytab}      krb5_keytab, display name
+ *   {creds}       krb5_creds *, display clientprinc -> serverprinc
+ */
+
+#ifndef K5_TRACE_H
+#define K5_TRACE_H
+
+#ifdef DISABLE_TRACING
+#define TRACE(ctx, ...)
+#else
+
+void krb5int_trace(krb5_context context, const char *fmt, ...);
+
+/* Try to optimize away argument evaluation and function call when we're not
+ * tracing, if this source file knows the internals of the context. */
+#ifdef _KRB5_INT_H
+#define TRACE(ctx, ...)                                        \
+    do { if (ctx->trace_callback != NULL)                      \
+            krb5int_trace(ctx, __VA_ARGS__); } while (0)
+#else
+#define TRACE(ctx, ...) krb5int_trace(ctx, __VA_ARGS__)
+#endif
+
+#endif /* DISABLE_TRACING */
+
+#define TRACE_CC_CACHE_MATCH(c, princ, ret)                             \
+    TRACE(c, "Matching {princ} in collection with result: {kerr}",      \
+          princ, ret)
+#define TRACE_CC_DESTROY(c, cache)                      \
+    TRACE(c, "Destroying ccache {ccache}", cache)
+#define TRACE_CC_GEN_NEW(c, cache)                                      \
+    TRACE(c, "Generating new unique ccache based on {ccache}", cache)
+#define TRACE_CC_GET_CONFIG(c, cache, princ, key, data)             \
+    TRACE(c, "Read config in {ccache} for {princ}: {str}: {data}",  \
+          cache, princ, key, data)
+#define TRACE_CC_INIT(c, cache, princ)                              \
+    TRACE(c, "Initializing {ccache} with default princ {princ}",    \
+          cache, princ)
+#define TRACE_CC_MOVE(c, src, dst)                                      \
+    TRACE(c, "Moving ccache {ccache} to {ccache}", src, dst)
+#define TRACE_CC_NEW_UNIQUE(c, type)                            \
+    TRACE(c, "Resolving unique ccache of type {str}", type)
+#define TRACE_CC_REMOVE(c, cache, creds)                        \
+    TRACE(c, "Removing {creds} from {ccache}", creds, cache)
+#define TRACE_CC_RETRIEVE(c, cache, creds, ret)                      \
+    TRACE(c, "Retrieving {creds} from {ccache} with result: {kerr}", \
+              creds, cache, ret)
+#define TRACE_CC_RETRIEVE_REF(c, cache, creds, ret)                     \
+    TRACE(c, "Retrying {creds} with result: {kerr}", creds, ret)
+#define TRACE_CC_SET_CONFIG(c, cache, princ, key, data)               \
+    TRACE(c, "Storing config in {ccache} for {princ}: {str}: {data}", \
+          cache, princ, key, data)
+#define TRACE_CC_STORE(c, cache, creds)                         \
+    TRACE(c, "Storing {creds} in {ccache}", creds, cache)
+#define TRACE_CC_STORE_TKT(c, cache, creds)                     \
+    TRACE(c, "Also storing {creds} based on ticket", creds)
+
+#define TRACE_CCSELECT_VTINIT_FAIL(c, ret)                              \
+    TRACE(c, "ccselect module failed to init vtable: {kerr}", ret)
+#define TRACE_CCSELECT_INIT_FAIL(c, name, ret)                          \
+    TRACE(c, "ccselect module {str} failed to init: {kerr}", name, ret)
+#define TRACE_CCSELECT_MODCHOICE(c, name, server, cache, princ)         \
+    TRACE(c, "ccselect module {str} chose cache {ccache} with client "  \
+          "principal {princ} for server principal {princ}", name, cache, \
+          princ, server)
+#define TRACE_CCSELECT_MODNOTFOUND(c, name, server, princ)              \
+    TRACE(c, "ccselect module {str} chose client principal {princ} "    \
+          "for server principal {princ} but found no cache", name, princ, \
+          server)
+#define TRACE_CCSELECT_MODFAIL(c, name, ret, server)                  \
+    TRACE(c, "ccselect module {str} yielded error {kerr} for server " \
+          "principal {princ}", name, ret, server)
+#define TRACE_CCSELECT_NOTFOUND(c, server)                          \
+    TRACE(c, "ccselect can't find appropriate cache for server "    \
+          "principal {princ}", server)
+#define TRACE_CCSELECT_DEFAULT(c, cache, server)                    \
+    TRACE(c, "ccselect choosing default cache {ccache} for server " \
+          "principal {princ}", cache, server)
+
+#define TRACE_DNS_SRV_ANS(c, host, port, prio, weight)                \
+    TRACE(c, "SRV answer: {int} {int} {int} \"{str}\"", prio, weight, \
+          port, host)
+#define TRACE_DNS_SRV_NOTFOUND(c)               \
+    TRACE(c, "No SRV records found")
+#define TRACE_DNS_SRV_SEND(c, domain)                   \
+    TRACE(c, "Sending DNS SRV query for {str}", domain)
+#define TRACE_DNS_URI_ANS(c, uri, prio, weight)                         \
+    TRACE(c, "URI answer: {int} {int} \"{str}\"", prio, weight, uri)
+#define TRACE_DNS_URI_NOTFOUND(c)               \
+    TRACE(c, "No URI records found")
+#define TRACE_DNS_URI_SEND(c, domain)                   \
+    TRACE(c, "Sending DNS URI query for {str}", domain)
+
+#define TRACE_FAST_ARMOR_CCACHE(c, ccache_name)         \
+    TRACE(c, "FAST armor ccache: {str}", ccache_name)
+#define TRACE_FAST_ARMOR_CCACHE_KEY(c, keyblock)                \
+    TRACE(c, "Armor ccache session key: {keyblock}", keyblock)
+#define TRACE_FAST_ARMOR_KEY(c, keyblock)               \
+    TRACE(c, "FAST armor key: {keyblock}", keyblock)
+#define TRACE_FAST_CCACHE_CONFIG(c)                                     \
+    TRACE(c, "Using FAST due to armor ccache negotiation result")
+#define TRACE_FAST_DECODE(c)                    \
+    TRACE(c, "Decoding FAST response")
+#define TRACE_FAST_ENCODE(c)                                            \
+    TRACE(c, "Encoding request body and padata into FAST request")
+#define TRACE_FAST_NEGO(c, avail)                                       \
+    TRACE(c, "FAST negotiation: {str}available", (avail) ? "" : "un")
+#define TRACE_FAST_PADATA_UPGRADE(c)                                    \
+    TRACE(c, "Upgrading to FAST due to presence of PA_FX_FAST in reply")
+#define TRACE_FAST_REPLY_KEY(c, keyblock)                       \
+    TRACE(c, "FAST reply key: {keyblock}", keyblock)
+#define TRACE_FAST_REQUIRED(c)                                  \
+    TRACE(c, "Using FAST due to KRB5_FAST_REQUIRED flag")
+
+#define TRACE_GET_CREDS_FALLBACK(c, hostname)                           \
+    TRACE(c, "Falling back to canonicalized server hostname {str}", hostname)
+
+#define TRACE_GIC_PWD_CHANGED(c)                                \
+    TRACE(c, "Getting initial TGT with changed password")
+#define TRACE_GIC_PWD_CHANGEPW(c, tries)                                \
+    TRACE(c, "Attempting password change; {int} tries remaining", tries)
+#define TRACE_GIC_PWD_EXPIRED(c)                                \
+    TRACE(c, "Principal expired; getting changepw ticket")
+#define TRACE_GIC_PWD_PRIMARY(c)                        \
+    TRACE(c, "Retrying AS request with primary KDC")
+
+#define TRACE_GSS_CLIENT_KEYTAB_FAIL(c, ret)                            \
+    TRACE(c, "Unable to resolve default client keytab: {kerr}", ret)
+
+#define TRACE_ENCTYPE_LIST_UNKNOWN(c, profvar, name)                    \
+    TRACE(c, "Unrecognized enctype name in {str}: {str}", profvar, name)
+
+#define TRACE_HOSTREALM_VTINIT_FAIL(c, ret)                             \
+    TRACE(c, "hostrealm module failed to init vtable: {kerr}", ret)
+#define TRACE_HOSTREALM_INIT_FAIL(c, name, ret)                         \
+    TRACE(c, "hostrealm module {str} failed to init: {kerr}", name, ret)
+
+#define TRACE_INIT_CREDS(c, princ)                              \
+    TRACE(c, "Getting initial credentials for {princ}", princ)
+#define TRACE_INIT_CREDS_AS_KEY_GAK(c, keyblock)                        \
+    TRACE(c, "AS key obtained from gak_fct: {keyblock}", keyblock)
+#define TRACE_INIT_CREDS_AS_KEY_PREAUTH(c, keyblock)                    \
+    TRACE(c, "AS key determined by preauth: {keyblock}", keyblock)
+#define TRACE_INIT_CREDS_DECRYPTED_REPLY(c, keyblock)                   \
+    TRACE(c, "Decrypted AS reply; session key is: {keyblock}", keyblock)
+#define TRACE_INIT_CREDS_ERROR_REPLY(c, code)           \
+    TRACE(c, "Received error from KDC: {kerr}", code)
+#define TRACE_INIT_CREDS_GAK(c, salt, s2kparams)                    \
+    TRACE(c, "Getting AS key, salt \"{data}\", params \"{data}\"",  \
+          salt, s2kparams)
+#define TRACE_INIT_CREDS_IDENTIFIED_REALM(c, realm)                     \
+    TRACE(c, "Identified realm of client principal as {data}", realm)
+#define TRACE_INIT_CREDS_KEYTAB_LOOKUP(c, princ, etypes)                \
+    TRACE(c, "Found entries for {princ} in keytab: {etypes}", princ, etypes)
+#define TRACE_INIT_CREDS_KEYTAB_LOOKUP_FAILED(c, code)          \
+    TRACE(c, "Couldn't lookup etypes in keytab: {kerr}", code)
+#define TRACE_INIT_CREDS_PREAUTH(c)                     \
+    TRACE(c, "Preauthenticating using KDC method data")
+#define TRACE_INIT_CREDS_PREAUTH_DECRYPT_FAIL(c, code)                  \
+    TRACE(c, "Decrypt with preauth AS key failed: {kerr}", code)
+#define TRACE_INIT_CREDS_PREAUTH_MORE(c, patype)                \
+    TRACE(c, "Continuing preauth mech {patype}", patype)
+#define TRACE_INIT_CREDS_PREAUTH_NONE(c)        \
+    TRACE(c, "Sending unauthenticated request")
+#define TRACE_INIT_CREDS_PREAUTH_OPTIMISTIC(c)  \
+    TRACE(c, "Attempting optimistic preauth")
+#define TRACE_INIT_CREDS_PREAUTH_TRYAGAIN(c, patype, code)              \
+    TRACE(c, "Recovering from KDC error {int} using preauth mech {patype}", \
+          patype, (int)code)
+#define TRACE_INIT_CREDS_RESTART_FAST(c)        \
+    TRACE(c, "Restarting to upgrade to FAST")
+#define TRACE_INIT_CREDS_RESTART_PREAUTH_FAILED(c)                      \
+    TRACE(c, "Restarting due to PREAUTH_FAILED from FAST negotiation")
+#define TRACE_INIT_CREDS_REFERRAL(c, realm)                     \
+    TRACE(c, "Following referral to realm {data}", realm)
+#define TRACE_INIT_CREDS_RETRY_TCP(c)                                   \
+    TRACE(c, "Request or response is too big for UDP; retrying with TCP")
+#define TRACE_INIT_CREDS_SALT_PRINC(c, salt)                    \
+    TRACE(c, "Salt derived from principal: {data}", salt)
+#define TRACE_INIT_CREDS_SERVICE(c, service)                    \
+    TRACE(c, "Setting initial creds service to {str}", service)
+
+#define TRACE_KADM5_AUTH_VTINIT_FAIL(c, ret)                            \
+    TRACE(c, "kadm5_auth module failed to init vtable: {kerr}", ret)
+#define TRACE_KADM5_AUTH_INIT_FAIL(c, name, ret)                        \
+    TRACE(c, "kadm5_auth module {str} failed to init: {kerr}", ret)
+#define TRACE_KADM5_AUTH_INIT_SKIP(c, name)                             \
+    TRACE(c, "kadm5_auth module {str} declined to initialize", name)
+
+#define TRACE_KT_GET_ENTRY(c, keytab, princ, vno, enctype, err)         \
+    TRACE(c, "Retrieving {princ} from {keytab} (vno {int}, enctype {etype}) " \
+          "with result: {kerr}", princ, keytab, (int) vno, enctype, err)
+
+#define TRACE_LOCALAUTH_INIT_CONFLICT(c, type, oldname, newname)        \
+    TRACE(c, "Ignoring localauth module {str} because it conflicts "    \
+          "with an2ln type {str} from module {str}", newname, type, oldname)
+#define TRACE_LOCALAUTH_VTINIT_FAIL(c, ret)                             \
+    TRACE(c, "localauth module failed to init vtable: {kerr}", ret)
+#define TRACE_LOCALAUTH_INIT_FAIL(c, name, ret)                         \
+    TRACE(c, "localauth module {str} failed to init: {kerr}", name, ret)
+
+#define TRACE_MK_REP(c, ctime, cusec, subkey, seqnum)                   \
+    TRACE(c, "Creating AP-REP, time {long}.{int}, subkey {keyblock}, "  \
+          "seqnum {int}", (long) ctime, (int) cusec, subkey, (int) seqnum)
+
+#define TRACE_MK_REQ(c, creds, seqnum, subkey, sesskeyblock)            \
+    TRACE(c, "Creating authenticator for {creds}, seqnum {int}, "       \
+          "subkey {key}, session key {keyblock}", creds, (int) seqnum,  \
+          subkey, sesskeyblock)
+#define TRACE_MK_REQ_ETYPES(c, etypes)                                  \
+    TRACE(c, "Negotiating for enctypes in authenticator: {etypes}", etypes)
+
+#define TRACE_MSPAC_VERIFY_FAIL(c, err)                         \
+    TRACE(c, "PAC checksum verification failed: {kerr}", err)
+#define TRACE_MSPAC_DISCARD_UNVERF(c)           \
+    TRACE(c, "Filtering out unverified MS PAC")
+
+#define TRACE_NEGOEX_INCOMING(c, seqnum, typestr, info)                 \
+    TRACE(c, "NegoEx received [{int}]{str}: {str}", (int)seqnum, typestr, info)
+#define TRACE_NEGOEX_OUTGOING(c, seqnum, typestr, info)                 \
+    TRACE(c, "NegoEx sending [{int}]{str}: {str}", (int)seqnum, typestr, info)
+
+#define TRACE_PLUGIN_LOAD_FAIL(c, modname, err)                         \
+    TRACE(c, "Error loading plugin module {str}: {kerr}", modname, err)
+#define TRACE_PLUGIN_LOOKUP_FAIL(c, modname, err)                       \
+    TRACE(c, "Error initializing module {str}: {kerr}", modname, err)
+
+#define TRACE_PREAUTH_CONFLICT(c, name1, name2, patype)                 \
+    TRACE(c, "Preauth module {str} conflicts with module {str} for pa " \
+          "type {patype}", name1, name2, patype)
+#define TRACE_PREAUTH_COOKIE(c, len, data)                      \
+    TRACE(c, "Received cookie: {lenstr}", (size_t) len, data)
+#define TRACE_PREAUTH_ENC_TS_KEY_GAK(c, keyblock)                       \
+    TRACE(c, "AS key obtained for encrypted timestamp: {keyblock}", keyblock)
+#define TRACE_PREAUTH_ENC_TS(c, sec, usec, plain, enc)                  \
+    TRACE(c, "Encrypted timestamp (for {long}.{int}): plain {hexdata}, " \
+          "encrypted {hexdata}", (long) sec, (int) usec, plain, enc)
+#define TRACE_PREAUTH_ENC_TS_DISABLED(c)                                \
+    TRACE(c, "Ignoring encrypted timestamp because it is disabled")
+#define TRACE_PREAUTH_ETYPE_INFO(c, etype, salt, s2kparams)          \
+    TRACE(c, "Selected etype info: etype {etype}, salt \"{data}\", " \
+          "params \"{data}\"", etype, salt, s2kparams)
+#define TRACE_PREAUTH_INFO_FAIL(c, patype, code)                        \
+    TRACE(c, "Preauth builtin info function failure, type={patype}: {kerr}", \
+          patype, code)
+#define TRACE_PREAUTH_INPUT(c, padata)                          \
+    TRACE(c, "Processing preauth types: {patypes}", padata)
+#define TRACE_PREAUTH_OUTPUT(c, padata)                                 \
+    TRACE(c, "Produced preauth for next request: {patypes}", padata)
+#define TRACE_PREAUTH_PROCESS(c, name, patype, real, code)              \
+    TRACE(c, "Preauth module {str} ({int}) ({str}) returned: "          \
+          "{kerr}", name, (int) patype, real ? "real" : "info", code)
+#define TRACE_PREAUTH_SAM_KEY_GAK(c, keyblock)                  \
+    TRACE(c, "AS key obtained for SAM: {keyblock}", keyblock)
+#define TRACE_PREAUTH_SALT(c, salt, patype)                          \
+    TRACE(c, "Received salt \"{data}\" via padata type {patype}", salt, \
+          patype)
+#define TRACE_PREAUTH_SKIP(c, name, patype)                           \
+    TRACE(c, "Skipping previously used preauth module {str} ({int})", \
+          name, (int) patype)
+#define TRACE_PREAUTH_TRYAGAIN_INPUT(c, patype, padata)                 \
+    TRACE(c, "Preauth tryagain input types ({int}): {patypes}", patype, padata)
+#define TRACE_PREAUTH_TRYAGAIN(c, name, patype, code)                   \
+    TRACE(c, "Preauth module {str} ({int}) tryagain returned: {kerr}",  \
+          name, (int)patype, code)
+#define TRACE_PREAUTH_TRYAGAIN_OUTPUT(c, padata)                        \
+    TRACE(c, "Followup preauth for next request: {patypes}", padata)
+#define TRACE_PREAUTH_WRONG_CONTEXT(c)                                  \
+    TRACE(c, "Wrong context passed to krb5_init_creds_free(); leaking " \
+          "modreq objects")
+
+#define TRACE_PROFILE_ERR(c,subsection, section, retval)             \
+    TRACE(c, "Bad value of {str} from [{str}] in conf file: {kerr}", \
+          subsection, section, retval)
+
+#define TRACE_RD_REP(c, ctime, cusec, subkey, seqnum)               \
+    TRACE(c, "Read AP-REP, time {long}.{int}, subkey {keyblock}, "      \
+          "seqnum {int}", (long) ctime, (int) cusec, subkey, (int) seqnum)
+#define TRACE_RD_REP_DCE(c, ctime, cusec, seqnum)                      \
+    TRACE(c, "Read DCE-style AP-REP, time {long}.{int}, seqnum {int}", \
+          (long) ctime, (int) cusec, (int) seqnum)
+
+#define TRACE_RD_REQ_DECRYPT_ANY(c, princ, keyblock)                \
+    TRACE(c, "Decrypted AP-REQ with server principal {princ}: "     \
+          "{keyblock}", princ, keyblock)
+#define TRACE_RD_REQ_DECRYPT_SPECIFIC(c, princ, keyblock)               \
+    TRACE(c, "Decrypted AP-REQ with specified server principal {princ}: " \
+          "{keyblock}", princ, keyblock)
+#define TRACE_RD_REQ_DECRYPT_FAIL(c, err)                       \
+    TRACE(c, "Failed to decrypt AP-REQ ticket: {kerr}", err)
+#define TRACE_RD_REQ_NEGOTIATED_ETYPE(c, etype)                     \
+    TRACE(c, "Negotiated enctype based on authenticator: {etype}",  \
+          etype)
+#define TRACE_RD_REQ_SUBKEY(c, keyblock)                                \
+    TRACE(c, "Authenticator contains subkey: {keyblock}", keyblock)
+#define TRACE_RD_REQ_TICKET(c, client, server, keyblock)                \
+    TRACE(c, "AP-REQ ticket: {princ} -> {princ}, session key {keyblock}", \
+          client, server, keyblock)
+
+#define TRACE_SENDTO_KDC_ERROR_SET_MESSAGE(c, raddr, err)               \
+    TRACE(c, "Error preparing message to send to {raddr}: {errno}",     \
+          raddr, err)
+#define TRACE_SENDTO_KDC(c, len, rlm, primary, tcp)                     \
+    TRACE(c, "Sending request ({int} bytes) to {data}{str}{str}", len,  \
+          rlm, (primary) ? " (primary)" : "", (tcp) ? " (tcp only)" : "")
+#define TRACE_SENDTO_KDC_K5TLS_LOAD_ERROR(c, ret)       \
+    TRACE(c, "Error loading k5tls module: {kerr}", ret)
+#define TRACE_SENDTO_KDC_PRIMARY(c, primary)                            \
+    TRACE(c, "Response was{str} from primary KDC", (primary) ? "" : " not")
+#define TRACE_SENDTO_KDC_RESOLVING(c, hostname)         \
+    TRACE(c, "Resolving hostname {str}", hostname)
+#define TRACE_SENDTO_KDC_RESPONSE(c, len, raddr)                        \
+    TRACE(c, "Received answer ({int} bytes) from {raddr}", len, raddr)
+#define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr)          \
+    TRACE(c, "HTTPS error connecting to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr)             \
+    TRACE(c, "HTTPS error receiving from {raddr}", raddr)
+#define TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(c, raddr)     \
+    TRACE(c, "HTTPS error sending to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_HTTPS_SEND(c, raddr)                           \
+    TRACE(c, "Sending HTTPS request to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_HTTPS_ERROR(c, errs)                           \
+    TRACE(c, "HTTPS error: {str}", errs)
+#define TRACE_SENDTO_KDC_TCP_CONNECT(c, raddr)                  \
+    TRACE(c, "Initiating TCP connection to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_TCP_DISCONNECT(c, raddr)               \
+    TRACE(c, "Terminating TCP connection to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_TCP_ERROR_CONNECT(c, raddr, err)               \
+    TRACE(c, "TCP error connecting to {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_TCP_ERROR_RECV(c, raddr, err)                  \
+    TRACE(c, "TCP error receiving from {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_TCP_ERROR_RECV_LEN(c, raddr, err)              \
+    TRACE(c, "TCP error receiving from {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_TCP_ERROR_SEND(c, raddr, err)                  \
+    TRACE(c, "TCP error sending to {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_TCP_SEND(c, raddr)             \
+    TRACE(c, "Sending TCP request to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_UDP_ERROR_RECV(c, raddr, err)                  \
+    TRACE(c, "UDP error receiving from {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_UDP_ERROR_SEND_INITIAL(c, raddr, err)          \
+    TRACE(c, "UDP error sending to {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_UDP_ERROR_SEND_RETRY(c, raddr, err)            \
+    TRACE(c, "UDP error sending to {raddr}: {errno}", raddr, err)
+#define TRACE_SENDTO_KDC_UDP_SEND_INITIAL(c, raddr)             \
+    TRACE(c, "Sending initial UDP request to {raddr}", raddr)
+#define TRACE_SENDTO_KDC_UDP_SEND_RETRY(c, raddr)               \
+    TRACE(c, "Sending retry UDP request to {raddr}", raddr)
+
+#define TRACE_SEND_TGS_ETYPES(c, etypes)                                \
+    TRACE(c, "etypes requested in TGS request: {etypes}", etypes)
+#define TRACE_SEND_TGS_SUBKEY(c, keyblock)                              \
+    TRACE(c, "Generated subkey for TGS request: {keyblock}", keyblock)
+
+#define TRACE_TGS_REPLY(c, client, server, keyblock)                 \
+    TRACE(c, "TGS reply is for {princ} -> {princ} with session key " \
+          "{keyblock}", client, server, keyblock)
+#define TRACE_TGS_REPLY_DECODE_SESSION(c, keyblock)                     \
+    TRACE(c, "TGS reply didn't decode with subkey; trying session key " \
+          "({keyblock)}", keyblock)
+
+#define TRACE_TLS_ERROR(c, errs)                \
+    TRACE(c, "TLS error: {str}", errs)
+#define TRACE_TLS_NO_REMOTE_CERTIFICATE(c)              \
+    TRACE(c, "TLS server certificate not received")
+#define TRACE_TLS_CERT_ERROR(c, depth, namelen, name, err, errs)        \
+    TRACE(c, "TLS certificate error at {int} ({lenstr}): {int} ({str})", \
+          depth, namelen, name, err, errs)
+#define TRACE_TLS_SERVER_NAME_MISMATCH(c, hostname)                     \
+    TRACE(c, "TLS certificate name mismatch: server certificate is "    \
+          "not for \"{str}\"", hostname)
+#define TRACE_TLS_SERVER_NAME_MATCH(c, hostname)                        \
+    TRACE(c, "TLS certificate name matched \"{str}\"", hostname)
+
+#define TRACE_TKT_CREDS(c, creds, cache)                            \
+    TRACE(c, "Getting credentials {creds} using ccache {ccache}",   \
+          creds, cache)
+#define TRACE_TKT_CREDS_ADVANCE(c, realm)                               \
+    TRACE(c, "Received TGT for {data}; advancing current realm", realm)
+#define TRACE_TKT_CREDS_CACHED_INTERMEDIATE_TGT(c, tgt)                 \
+    TRACE(c, "Found cached TGT for intermediate realm: {creds}", tgt)
+#define TRACE_TKT_CREDS_CACHED_SERVICE_TGT(c, tgt)                      \
+    TRACE(c, "Found cached TGT for service realm: {creds}", tgt)
+#define TRACE_TKT_CREDS_CLOSER_REALM(c, realm)                  \
+    TRACE(c, "Trying next closer realm in path: {data}", realm)
+#define TRACE_TKT_CREDS_COMPLETE(c, princ)                              \
+    TRACE(c, "Received creds for desired service {princ}", princ)
+#define TRACE_TKT_CREDS_FALLBACK(c, realm)                              \
+    TRACE(c, "Local realm referral failed; trying fallback realm {data}", \
+          realm)
+#define TRACE_TKT_CREDS_LOCAL_TGT(c, tgt)                               \
+    TRACE(c, "Starting with TGT for client realm: {creds}", tgt)
+#define TRACE_TKT_CREDS_NON_TGT(c, princ)                            \
+    TRACE(c, "Received non-TGT referral response ({princ}); trying " \
+          "again without referrals", princ)
+#define TRACE_TKT_CREDS_OFFPATH(c, realm)                       \
+    TRACE(c, "Received TGT for offpath realm {data}", realm)
+#define TRACE_TKT_CREDS_REFERRAL(c, princ)              \
+    TRACE(c, "Following referral TGT {princ}", princ)
+#define TRACE_TKT_CREDS_REFERRAL_REALM(c, princ)                        \
+    TRACE(c, "Server has referral realm; starting with {princ}", princ)
+#define TRACE_TKT_CREDS_RESPONSE_CODE(c, code)          \
+    TRACE(c, "TGS request result: {kerr}", code)
+#define TRACE_TKT_CREDS_RETRY_TCP(c)                                    \
+    TRACE(c, "Request or response is too big for UDP; retrying with TCP")
+#define TRACE_TKT_CREDS_SAME_REALM_TGT(c, realm)                        \
+    TRACE(c, "Received TGT referral back to same realm ({data}); trying " \
+          "again without referrals", realm)
+#define TRACE_TKT_CREDS_SERVICE_REQ(c, princ, referral)                \
+    TRACE(c, "Requesting tickets for {princ}, referrals {str}", princ, \
+          (referral) ? "on" : "off")
+#define TRACE_TKT_CREDS_TARGET_TGT(c, princ)                    \
+    TRACE(c, "Received TGT for service realm: {princ}", princ)
+#define TRACE_TKT_CREDS_TARGET_TGT_OFFPATH(c, princ)            \
+    TRACE(c, "Received TGT for service realm: {princ}", princ)
+#define TRACE_TKT_CREDS_TGT_REQ(c, next, cur)                           \
+    TRACE(c, "Requesting TGT {princ} using TGT {princ}", next, cur)
+#define TRACE_TKT_CREDS_WRONG_ENCTYPE(c)                                \
+    TRACE(c, "Retrying TGS request with desired service ticket enctypes")
+
+#define TRACE_TXT_LOOKUP_NOTFOUND(c, host)              \
+    TRACE(c, "TXT record {str} not found", host)
+#define TRACE_TXT_LOOKUP_SUCCESS(c, host, realm)                \
+    TRACE(c, "TXT record {str} found: {str}", host, realm)
+
+#define TRACE_CHECK_REPLY_SERVER_DIFFERS(c, request, reply) \
+    TRACE(c, "Reply server {princ} differs from requested {princ}", \
+          reply, request)
+
+#define TRACE_GET_CRED_VIA_TKT_EXT(c, request, reply, kdcoptions) \
+    TRACE(c, "Get cred via TGT {princ} after requesting {princ} " \
+          "(canonicalize {str})", \
+          reply, request, (kdcoptions & KDC_OPT_CANONICALIZE) ? "on" : "off")
+#define TRACE_GET_CRED_VIA_TKT_EXT_RETURN(c, ret) \
+    TRACE(c, "Got cred; {kerr}", ret)
+
+#define TRACE_KDCPOLICY_VTINIT_FAIL(c, ret)                             \
+    TRACE(c, "KDC policy module failed to init vtable: {kerr}", ret)
+#define TRACE_KDCPOLICY_INIT_SKIP(c, name)                              \
+    TRACE(c, "kadm5_auth module {str} declined to initialize", name)
+
+#endif /* K5_TRACE_H */
diff --git a/krb5-1.21.3/src/include/k5-unicode.h b/krb5-1.21.3/src/include/k5-unicode.h
new file mode 100644
index 00000000..81c495f6
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-unicode.h
@@ -0,0 +1,103 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Copyright (C) 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTPS://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ */
+
+/* This work is part of OpenLDAP Software <https://www.openldap.org/>. */
+
+#ifndef K5_UNICODE_H
+#define K5_UNICODE_H
+
+#include "autoconf.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#include "k5-utf8.h"
+
+typedef krb5_ucs4 krb5_unicode;
+
+#define KRB5_UTF8_NOCASEFOLD    0x0U
+#define KRB5_UTF8_CASEFOLD      0x1U
+#define KRB5_UTF8_ARG1NFC       0x2U
+#define KRB5_UTF8_ARG2NFC       0x4U
+#define KRB5_UTF8_APPROX        0x8U
+
+int krb5int_utf8_normcmp(
+    const krb5_data *,
+    const krb5_data *,
+    unsigned);
+
+krb5_boolean k5_utf8_validate(const krb5_data *data);
+
+#endif /* K5_UNICODE_H */
diff --git a/krb5-1.21.3/src/include/k5-utf8.h b/krb5-1.21.3/src/include/k5-utf8.h
new file mode 100644
index 00000000..11949f9f
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-utf8.h
@@ -0,0 +1,120 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * Copyright (C) 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES.
+ * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION
+ * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT
+ * HTTPS://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE
+ * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS
+ * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC
+ * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE
+ * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ */
+/* This work is part of OpenLDAP Software <https://www.openldap.org/>. */
+
+#ifndef K5_UTF8_H
+#define K5_UTF8_H
+
+#include "k5-platform.h"
+
+typedef uint16_t krb5_ucs2;
+typedef uint32_t krb5_ucs4;
+
+int krb5int_utf8_to_ucs4(const char *p, krb5_ucs4 *out);
+size_t krb5int_ucs4_to_utf8(krb5_ucs4 c, char *buf);
+
+/*
+ * Convert a little-endian UTF-16 string to an allocated null-terminated UTF-8
+ * string.  nbytes is the length of ucs2bytes in bytes, and must be an even
+ * number.  Return EINVAL on invalid input, ENOMEM on out of memory, or 0 on
+ * success.
+ */
+int k5_utf16le_to_utf8(const uint8_t *utf16bytes, size_t nbytes,
+                       char **utf8_out);
+
+/*
+ * Convert a UTF-8 string to an allocated little-endian UTF-16 string.  The
+ * resulting length is in bytes and will always be even.  Return EINVAL on
+ * invalid input, ENOMEM on out of memory, or 0 on success.
+ */
+int k5_utf8_to_utf16le(const char *utf8, uint8_t **utf16_out,
+                       size_t *nbytes_out);
+
+/* Optimizations */
+extern const char krb5int_utf8_lentab[128];
+extern const char krb5int_utf8_mintab[32];
+
+#define KRB5_UTF8_BV(p) (*(const unsigned char *)(p))
+#define KRB5_UTF8_ISASCII(p) (!(KRB5_UTF8_BV(p) & 0x80))
+#define KRB5_UTF8_CHARLEN(p) (KRB5_UTF8_ISASCII(p) ? 1 :                \
+                              krb5int_utf8_lentab[KRB5_UTF8_BV(p) ^ 0x80])
+
+/* This is like CHARLEN but additionally validates to make sure
+ * the char used the shortest possible encoding.
+ * 'l' is used to temporarily hold the result of CHARLEN.
+ */
+#define KRB5_UTF8_CHARLEN2(p, l) (                                      \
+        ((l = KRB5_UTF8_CHARLEN(p)) < 3 ||                              \
+         (krb5int_utf8_mintab[KRB5_UTF8_BV(p) & 0x1f] & (p)[1])) ?      \
+        l : 0)
+
+/*
+ * these macros assume 'x' is an ASCII x
+ * and assume the "C" locale
+ */
+#define KRB5_UPPER(c)           ((c) >= 'A' && (c) <= 'Z')
+
+#endif /* K5_UTF8_H */
diff --git a/krb5-1.21.3/src/include/k5-util.h b/krb5-1.21.3/src/include/k5-util.h
new file mode 100644
index 00000000..b978760c
--- /dev/null
+++ b/krb5-1.21.3/src/include/k5-util.h
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1989-1998,2002 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+/*
+ * "internal" utility functions used by various applications.
+ * They live in libkrb5util.
+ */
+
+#include "autoconf.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#include <errno.h>
+
+#ifndef krb5_seteuid
+
+#if defined(HAVE_SETEUID)
+#  define krb5_seteuid(EUID)    (seteuid((uid_t)(EUID)))
+#elif defined(HAVE_SETRESUID)
+#  define krb5_seteuid(EUID)    setresuid(getuid(), (uid_t)(EUID), geteuid())
+#elif defined(HAVE_SETREUID)
+#  define krb5_seteuid(EUID)    setreuid(geteuid(), (uid_t)(EUID))
+#else
+/* You need to add a case to deal with this operating system.*/
+#  define krb5_seteuid(EUID)    (errno = EPERM, -1)
+#endif
+
+#ifdef HAVE_SETEGID
+#  define krb5_setegid(EGID)    (setegid((gid_t)(EGID)))
+#elif defined(HAVE_SETRESGID)
+#  define krb5_setegid(EGID)    (setresgid(getgid(), (gid_t)(EGID), getegid()))
+#elif defined(HAVE_SETREGID)
+#  define krb5_setegid(EGID)    (setregid(getegid(), (gid_t)(EGID)))
+#else
+/* You need to add a case to deal with this operating system.*/
+#  define krb5_setegid(EGID)    (errno = EPERM, -1)
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/include/kcm.h b/krb5-1.21.3/src/include/kcm.h
new file mode 100644
index 00000000..d5d74aaf
--- /dev/null
+++ b/krb5-1.21.3/src/include/kcm.h
@@ -0,0 +1,120 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/kcm.h - Kerberos cache manager protocol declarations */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef KCM_H
+#define KCM_H
+
+#define KCM_PROTOCOL_VERSION_MAJOR 2
+#define KCM_PROTOCOL_VERSION_MINOR 0
+
+#define KCM_UUID_LEN 16
+
+/* This should ideally be in RUNSTATEDIR, but Heimdal uses a hardcoded
+ * /var/run, and we need to use the same default path. */
+#define DEFAULT_KCM_SOCKET_PATH "/var/run/.heim_org.h5l.kcm-socket"
+#define DEFAULT_KCM_MACH_SERVICE "org.h5l.kcm"
+
+/*
+ * All requests begin with:
+ *   major version (1 bytes)
+ *   minor version (1 bytes)
+ *   opcode (16-bit big-endian)
+ *
+ * All replies begin with a 32-bit big-endian reply code.
+ *
+ * Parameters are appended to the request or reply with no delimiters.  Flags,
+ * time offsets, and lengths are stored as 32-bit big-endian integers.  Names
+ * are marshalled as zero-terminated strings.  Principals and credentials are
+ * marshalled in the v4 FILE ccache format.  UUIDs are 16 bytes.  UUID lists
+ * are not delimited, so nothing can come after them.
+ *
+ * Flag words must use Heimdal flag values, which are not the same as MIT krb5
+ * values for KRB5_GC and KRB5_TC constants.  The same flag word may contain
+ * both kinds of flags in Heimdal, but not in MIT krb5.  Defines for the
+ * applicable Heimdal flag values are given below using KCM_GC and KCM_TC
+ * prefixes.
+ */
+
+#define KCM_GC_CACHED                   (1U << 0)
+
+#define KCM_TC_DONT_MATCH_REALM         (1U << 31)
+#define KCM_TC_MATCH_KEYTYPE            (1U << 30)
+#define KCM_TC_MATCH_SRV_NAMEONLY       (1U << 29)
+#define KCM_TC_MATCH_FLAGS_EXACT        (1U << 28)
+#define KCM_TC_MATCH_FLAGS              (1U << 27)
+#define KCM_TC_MATCH_TIMES_EXACT        (1U << 26)
+#define KCM_TC_MATCH_TIMES              (1U << 25)
+#define KCM_TC_MATCH_AUTHDATA           (1U << 24)
+#define KCM_TC_MATCH_2ND_TKT            (1U << 23)
+#define KCM_TC_MATCH_IS_SKEY            (1U << 22)
+
+/* Opcodes without comments are currently unused in the MIT client
+ * implementation. */
+typedef enum kcm_opcode {
+    KCM_OP_NOOP,
+    KCM_OP_GET_NAME,
+    KCM_OP_RESOLVE,
+    KCM_OP_GEN_NEW,             /*                     () -> (name)      */
+    KCM_OP_INITIALIZE,          /*          (name, princ) -> ()          */
+    KCM_OP_DESTROY,             /*                 (name) -> ()          */
+    KCM_OP_STORE,               /*           (name, cred) -> ()          */
+    KCM_OP_RETRIEVE,            /* (name, flags, credtag) -> (cred)      */
+    KCM_OP_GET_PRINCIPAL,       /*                 (name) -> (princ)     */
+    KCM_OP_GET_CRED_UUID_LIST,  /*                 (name) -> (uuid, ...) */
+    KCM_OP_GET_CRED_BY_UUID,    /*           (name, uuid) -> (cred)      */
+    KCM_OP_REMOVE_CRED,         /* (name, flags, credtag) -> ()          */
+    KCM_OP_SET_FLAGS,
+    KCM_OP_CHOWN,
+    KCM_OP_CHMOD,
+    KCM_OP_GET_INITIAL_TICKET,
+    KCM_OP_GET_TICKET,
+    KCM_OP_MOVE_CACHE,
+    KCM_OP_GET_CACHE_UUID_LIST, /*                     () -> (uuid, ...) */
+    KCM_OP_GET_CACHE_BY_UUID,   /*                 (uuid) -> (name)      */
+    KCM_OP_GET_DEFAULT_CACHE,   /*                     () -> (name)      */
+    KCM_OP_SET_DEFAULT_CACHE,   /*                 (name) -> ()          */
+    KCM_OP_GET_KDC_OFFSET,      /*                 (name) -> (offset)    */
+    KCM_OP_SET_KDC_OFFSET,      /*         (name, offset) -> ()          */
+    KCM_OP_ADD_NTLM_CRED,
+    KCM_OP_HAVE_NTLM_CRED,
+    KCM_OP_DEL_NTLM_CRED,
+    KCM_OP_DO_NTLM_AUTH,
+    KCM_OP_GET_NTLM_USER_LIST,
+
+    /* MIT extensions */
+    KCM_OP_MIT_EXTENSION_BASE = 13000,
+    KCM_OP_GET_CRED_LIST,       /* (name) -> (count, count*{len, cred}) */
+    KCM_OP_REPLACE,             /* (name, offset, princ,
+                                 *  count, count*{len, cred}) -> () */
+} kcm_opcode;
+
+#endif /* KCM_H */
diff --git a/krb5-1.21.3/src/include/kdb.h b/krb5-1.21.3/src/include/kdb.h
new file mode 100644
index 00000000..745b24f3
--- /dev/null
+++ b/krb5-1.21.3/src/include/kdb.h
@@ -0,0 +1,1457 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1990, 1991, 2016 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* KDC Database interface definitions */
+
+/* This API is not considered as stable as the main krb5 API.
+ *
+ * - We may make arbitrary incompatible changes between feature
+ *   releases (e.g. from 1.7 to 1.8).
+ * - We will make some effort to avoid making incompatible changes for
+ *   bugfix releases, but will make them if necessary.
+ */
+
+#ifndef KRB5_KDB5__
+#define KRB5_KDB5__
+
+#include <time.h>
+#include <krb5.h>
+
+/* This version will be incremented when incompatible changes are made to the
+ * KDB API, and will be kept in sync with the libkdb major version. */
+#define KRB5_KDB_API_VERSION 10
+
+/* Salt types */
+#define KRB5_KDB_SALTTYPE_NORMAL        0
+/* #define KRB5_KDB_SALTTYPE_V4            1 */
+#define KRB5_KDB_SALTTYPE_NOREALM       2
+#define KRB5_KDB_SALTTYPE_ONLYREALM     3
+#define KRB5_KDB_SALTTYPE_SPECIAL       4
+/* #define KRB5_KDB_SALTTYPE_AFS3          5 */
+#define KRB5_KDB_SALTTYPE_CERTHASH      6
+
+/* Attributes */
+#define KRB5_KDB_DISALLOW_POSTDATED     0x00000001
+#define KRB5_KDB_DISALLOW_FORWARDABLE   0x00000002
+#define KRB5_KDB_DISALLOW_TGT_BASED     0x00000004
+#define KRB5_KDB_DISALLOW_RENEWABLE     0x00000008
+#define KRB5_KDB_DISALLOW_PROXIABLE     0x00000010
+#define KRB5_KDB_DISALLOW_DUP_SKEY      0x00000020
+#define KRB5_KDB_DISALLOW_ALL_TIX       0x00000040
+#define KRB5_KDB_REQUIRES_PRE_AUTH      0x00000080
+#define KRB5_KDB_REQUIRES_HW_AUTH       0x00000100
+#define KRB5_KDB_REQUIRES_PWCHANGE      0x00000200
+#define KRB5_KDB_DISALLOW_SVR           0x00001000
+#define KRB5_KDB_PWCHANGE_SERVICE       0x00002000
+#define KRB5_KDB_SUPPORT_DESMD5         0x00004000
+#define KRB5_KDB_NEW_PRINC              0x00008000
+#define KRB5_KDB_OK_AS_DELEGATE         0x00100000
+#define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000 /* S4U2Self OK */
+#define KRB5_KDB_NO_AUTH_DATA_REQUIRED  0x00400000
+#define KRB5_KDB_LOCKDOWN_KEYS          0x00800000
+
+/* Creation flags */
+#define KRB5_KDB_CREATE_BTREE           0x00000001
+#define KRB5_KDB_CREATE_HASH            0x00000002
+
+/* Entry get flags */
+/* Okay to generate a referral on lookup */
+#define KRB5_KDB_FLAG_REFERRAL_OK               0x00000010
+/* Client principal lookup (client referrals only) */
+#define KRB5_KDB_FLAG_CLIENT                    0x00000040
+/* Map cross-realm principals */
+#define KRB5_KDB_FLAG_MAP_PRINCIPALS            0x00000080
+/* Protocol transition */
+#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION       0x00000100
+/* Constrained delegation */
+#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION    0x00000200
+/* User-to-user */
+#define KRB5_KDB_FLAG_USER_TO_USER              0x00000800
+/* Cross-realm */
+#define KRB5_KDB_FLAG_CROSS_REALM               0x00001000
+/* Issuing referral */
+#define KRB5_KDB_FLAG_ISSUING_REFERRAL          0x00004000
+
+
+#define KRB5_KDB_FLAGS_S4U                      ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \
+                                                  KRB5_KDB_FLAG_CONSTRAINED_DELEGATION )
+
+/* KDB iteration flags */
+#define KRB5_DB_ITER_WRITE      0x00000001
+#define KRB5_DB_ITER_REV        0x00000002
+#define KRB5_DB_ITER_RECURSE    0x00000004
+
+/* String attribute names recognized by krb5 */
+#define KRB5_KDB_SK_PAC_PRIVSVR_ENCTYPE         "pac_privsvr_enctype"
+#define KRB5_KDB_SK_SESSION_ENCTYPES            "session_enctypes"
+#define KRB5_KDB_SK_REQUIRE_AUTH                "require_auth"
+
+#if !defined(_WIN32)
+
+/*
+ * Note --- these structures cannot be modified without changing the
+ * database version number in libkdb.a, but should be expandable by
+ * adding new tl_data types.
+ */
+typedef struct _krb5_tl_data {
+    struct _krb5_tl_data* tl_data_next;         /* NOT saved */
+    krb5_int16            tl_data_type;
+    krb5_ui_2             tl_data_length;
+    krb5_octet          * tl_data_contents;
+} krb5_tl_data;
+
+/* String attributes (currently stored inside tl-data) map C string keys to
+ * values.  They can be set via kadmin and consumed by KDC plugins. */
+typedef struct krb5_string_attr_st {
+    char *key;
+    char *value;
+} krb5_string_attr;
+
+/*
+ * If this ever changes up the version number and make the arrays be as
+ * big as necessary.
+ *
+ * Currently the first type is the enctype and the second is the salt type.
+ */
+typedef struct _krb5_key_data {
+    krb5_int16            key_data_ver;         /* Version */
+    krb5_ui_2             key_data_kvno;        /* Key Version */
+    krb5_int16            key_data_type[2];     /* Array of types */
+    krb5_ui_2             key_data_length[2];   /* Array of lengths */
+    krb5_octet          * key_data_contents[2]; /* Array of pointers */
+} krb5_key_data;
+
+#define KRB5_KDB_V1_KEY_DATA_ARRAY      2       /* # of array elements */
+
+typedef struct _krb5_keysalt {
+    krb5_int16            type;
+    krb5_data             data;                 /* Length, data */
+} krb5_keysalt;
+
+/*
+ * A principal database entry.  Extensions to this structure currently use the
+ * tl_data list.  The e_data and e_length fields are not used by any calling
+ * code except kdb5_util dump and load, which marshal and unmarshal the array
+ * in the dump record.  KDB modules may use these fields internally as long as
+ * they set e_length appropriately (non-zero if the data should be marshalled
+ * across dump and load, zero if not) and handle null e_data values in
+ * caller-constructed principal entries.
+ */
+typedef struct _krb5_db_entry_new {
+    krb5_magic            magic;                /* NOT saved */
+    krb5_ui_2             len;
+    krb5_ui_4             mask;                 /* members currently changed/set */
+    krb5_flags            attributes;
+    krb5_deltat           max_life;
+    krb5_deltat           max_renewable_life;
+    krb5_timestamp        expiration;           /* When the client expires */
+    krb5_timestamp        pw_expiration;        /* When its passwd expires */
+    krb5_timestamp        last_success;         /* Last successful passwd */
+    krb5_timestamp        last_failed;          /* Last failed passwd attempt */
+    krb5_kvno             fail_auth_count;      /* # of failed passwd attempt */
+    krb5_int16            n_tl_data;
+    krb5_int16            n_key_data;
+    krb5_ui_2             e_length;             /* Length of extra data */
+    krb5_octet          * e_data;               /* Extra data to be saved */
+
+    krb5_principal        princ;                /* Length, data */
+    krb5_tl_data        * tl_data;              /* Linked list */
+
+    /* key_data must be sorted by kvno in descending order. */
+    krb5_key_data       * key_data;             /* Array */
+} krb5_db_entry;
+
+typedef struct _osa_policy_ent_t {
+    int               version;
+    char      *name;
+    krb5_ui_4       pw_min_life;
+    krb5_ui_4       pw_max_life;
+    krb5_ui_4       pw_min_length;
+    krb5_ui_4       pw_min_classes;
+    krb5_ui_4       pw_history_num;
+    krb5_ui_4       policy_refcnt;              /* no longer used */
+    /* Only valid if version > 1 */
+    krb5_ui_4       pw_max_fail;                /* pwdMaxFailure */
+    krb5_ui_4       pw_failcnt_interval;        /* pwdFailureCountInterval */
+    krb5_ui_4       pw_lockout_duration;        /* pwdLockoutDuration */
+    /* Only valid if version > 2 */
+    krb5_ui_4       attributes;
+    krb5_ui_4       max_life;
+    krb5_ui_4       max_renewable_life;
+    char          * allowed_keysalts;
+    krb5_int16      n_tl_data;
+    krb5_tl_data  * tl_data;
+} osa_policy_ent_rec, *osa_policy_ent_t;
+
+typedef       void    (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
+
+typedef struct __krb5_key_salt_tuple {
+    krb5_enctype        ks_enctype;
+    krb5_int32          ks_salttype;
+} krb5_key_salt_tuple;
+
+#define KRB5_KDB_MAGIC_NUMBER           0xdbdbdbdb
+#define KRB5_KDB_V1_BASE_LENGTH         38
+
+#define KRB5_KDB_MAX_ALLOWED_KS_LEN     512
+
+#define KRB5_TL_LAST_PWD_CHANGE         0x0001
+#define KRB5_TL_MOD_PRINC               0x0002
+#define KRB5_TL_KADM_DATA               0x0003
+#define KRB5_TL_KADM5_E_DATA            0x0004
+#define KRB5_TL_RB1_CHALLENGE           0x0005
+#ifdef SECURID
+#define KRB5_TL_SECURID_STATE           0x0006
+#endif /* SECURID */
+#define KRB5_TL_USER_CERTIFICATE        0x0007
+#define KRB5_TL_MKVNO                   0x0008
+#define KRB5_TL_ACTKVNO                 0x0009
+#define KRB5_TL_MKEY_AUX                0x000a
+
+/* String attributes may not always be represented in tl-data.  kadmin clients
+ * must use the get_strings and set_string RPCs. */
+#define KRB5_TL_STRING_ATTRS            0x000b
+
+#define KRB5_TL_PAC_LOGON_INFO          0x0100 /* NDR encoded validation info */
+#define KRB5_TL_SERVER_REFERRAL         0x0200 /* ASN.1 encoded ServerReferralInfo */
+#define KRB5_TL_SVR_REFERRAL_DATA       0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */
+#define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */
+#define KRB5_TL_LM_KEY                  0x0500 /* LM OWF */
+#define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* <I>IssuerDN<S>SubjectDN */
+#define KRB5_TL_LAST_ADMIN_UNLOCK       0x0700 /* Timestamp of admin unlock */
+
+#define KRB5_TL_DB_ARGS                 0x7fff
+
+/* version number for KRB5_TL_ACTKVNO data */
+#define KRB5_TL_ACTKVNO_VER     1
+
+/* version number for KRB5_TL_MKEY_AUX data */
+#define KRB5_TL_MKEY_AUX_VER    1
+
+typedef struct _krb5_actkvno_node {
+    struct _krb5_actkvno_node *next;
+    krb5_kvno      act_kvno;
+    krb5_timestamp act_time;
+} krb5_actkvno_node;
+
+typedef struct _krb5_mkey_aux_node {
+    struct _krb5_mkey_aux_node *next;
+    krb5_kvno        mkey_kvno; /* kvno of mkey protecting the latest_mkey */
+    krb5_key_data    latest_mkey; /* most recent mkey */
+} krb5_mkey_aux_node;
+
+typedef struct _krb5_keylist_node {
+    krb5_keyblock keyblock;
+    krb5_kvno     kvno;
+    struct _krb5_keylist_node *next;
+} krb5_keylist_node;
+
+/*
+ * Determines the number of failed KDC requests before DISALLOW_ALL_TIX is set
+ * on the principal.
+ */
+#define KRB5_MAX_FAIL_COUNT             5
+
+/* XXX depends on knowledge of krb5_parse_name() formats */
+#define KRB5_KDB_M_NAME         "K/M"   /* Kerberos/Master */
+
+/* prompts used by default when reading the KDC password from the keyboard. */
+#define KRB5_KDC_MKEY_1 "Enter KDC database master key"
+#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify"
+
+
+extern char *krb5_mkey_pwd_prompt1;
+extern char *krb5_mkey_pwd_prompt2;
+
+/*
+ * These macros specify the encoding of data within the database.
+ *
+ * Data encoding is little-endian.
+ */
+#ifdef _KRB5_INT_H
+#include "k5-platform.h"
+#define krb5_kdb_decode_int16(cp, i16)          \
+    *((krb5_int16 *) &(i16)) = load_16_le(cp)
+#define krb5_kdb_decode_int32(cp, i32)          \
+    *((krb5_int32 *) &(i32)) = load_32_le(cp)
+#define krb5_kdb_encode_int16(i16, cp)  store_16_le(i16, cp)
+#define krb5_kdb_encode_int32(i32, cp)  store_32_le(i32, cp)
+#endif /* _KRB5_INT_H */
+
+#define KRB5_KDB_OPEN_RW                0
+#define KRB5_KDB_OPEN_RO                1
+
+#ifndef KRB5_KDB_SRV_TYPE_KDC
+#define KRB5_KDB_SRV_TYPE_KDC           0x0100
+#endif
+
+#ifndef KRB5_KDB_SRV_TYPE_ADMIN
+#define KRB5_KDB_SRV_TYPE_ADMIN         0x0200
+#endif
+
+/* 0x0300 was KRB5_KDB_SRV_TYPE_PASSWD but it is no longer used. */
+
+#ifndef KRB5_KDB_SRV_TYPE_OTHER
+#define KRB5_KDB_SRV_TYPE_OTHER         0x0400
+#endif
+
+#define KRB5_KDB_OPT_SET_DB_NAME        0
+#define KRB5_KDB_OPT_SET_LOCK_MODE      1
+
+#define KRB5_DB_LOCKMODE_SHARED       0x0001
+#define KRB5_DB_LOCKMODE_EXCLUSIVE    0x0002
+#define KRB5_DB_LOCKMODE_PERMANENT    0x0008
+
+/* libkdb.spec */
+krb5_error_code krb5_db_setup_lib_handle(krb5_context kcontext);
+krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode );
+krb5_error_code krb5_db_init  ( krb5_context kcontext );
+krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_inited  ( krb5_context kcontext );
+krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_fini ( krb5_context kcontext );
+const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code );
+krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_promote ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t );
+krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode );
+krb5_error_code krb5_db_unlock ( krb5_context kcontext );
+krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
+                                        krb5_const_principal search_for,
+                                        unsigned int flags,
+                                        krb5_db_entry **entry );
+void krb5_db_free_principal ( krb5_context kcontext, krb5_db_entry *entry );
+krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
+                                        krb5_db_entry *entry );
+krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
+                                           krb5_principal search_for );
+krb5_error_code krb5_db_rename_principal ( krb5_context kcontext,
+                                           krb5_principal source,
+                                           krb5_principal target );
+
+/*
+ * Iterate over principals in the KDB.  If the callback may write to the DB,
+ * the caller must get an exclusive lock with krb5_db_lock before iterating,
+ * and release it with krb5_db_unlock after iterating.
+ */
+krb5_error_code krb5_db_iterate ( krb5_context kcontext,
+                                  char *match_entry,
+                                  int (*func) (krb5_pointer, krb5_db_entry *),
+                                  krb5_pointer func_arg, krb5_flags iterflags );
+
+
+krb5_error_code krb5_db_store_master_key  ( krb5_context kcontext,
+                                            char *keyfile,
+                                            krb5_principal mname,
+                                            krb5_kvno kvno,
+                                            krb5_keyblock *key,
+                                            char *master_pwd);
+krb5_error_code krb5_db_store_master_key_list  ( krb5_context kcontext,
+                                                 char *keyfile,
+                                                 krb5_principal mname,
+                                                 char *master_pwd);
+krb5_error_code krb5_db_fetch_mkey  ( krb5_context   context,
+                                      krb5_principal mname,
+                                      krb5_enctype   etype,
+                                      krb5_boolean   fromkeyboard,
+                                      krb5_boolean   twice,
+                                      char          *db_args,
+                                      krb5_kvno     *kvno,
+                                      krb5_data     *salt,
+                                      krb5_keyblock *key);
+krb5_error_code
+krb5_db_fetch_mkey_list( krb5_context    context,
+                         krb5_principal  mname,
+                         const krb5_keyblock * mkey );
+
+krb5_error_code
+krb5_dbe_find_enctype( krb5_context     kcontext,
+                       krb5_db_entry    *dbentp,
+                       krb5_int32               ktype,
+                       krb5_int32               stype,
+                       krb5_int32               kvno,
+                       krb5_key_data    **kdatap);
+
+
+krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext,
+                                          krb5_db_entry *dbentp,
+                                          krb5_int32 *start,
+                                          krb5_int32 ktype,
+                                          krb5_int32 stype,
+                                          krb5_int32 kvno,
+                                          krb5_key_data **kdatap);
+
+krb5_error_code
+krb5_db_setup_mkey_name ( krb5_context context,
+                          const char *keyname,
+                          const char *realm,
+                          char **fullname,
+                          krb5_principal *principal);
+
+/**
+ * Decrypts the key given in @@a key_data. If @a mkey is specified, that
+ * master key is used. If @a mkey is NULL, then all master keys are tried.
+ */
+krb5_error_code
+krb5_dbe_decrypt_key_data( krb5_context         context,
+                           const krb5_keyblock        * mkey,
+                           const krb5_key_data        * key_data,
+                           krb5_keyblock      * dbkey,
+                           krb5_keysalt       * keysalt);
+
+krb5_error_code
+krb5_dbe_encrypt_key_data( krb5_context                 context,
+                           const krb5_keyblock        * mkey,
+                           const krb5_keyblock        * dbkey,
+                           const krb5_keysalt         * keysalt,
+                           int                          keyver,
+                           krb5_key_data              * key_data);
+
+krb5_error_code
+krb5_dbe_fetch_act_key_list(krb5_context          context,
+                            krb5_principal       princ,
+                            krb5_actkvno_node  **act_key_list);
+
+krb5_error_code
+krb5_dbe_find_act_mkey( krb5_context          context,
+                        krb5_actkvno_node   * act_mkey_list,
+                        krb5_kvno           * act_kvno,
+                        krb5_keyblock      ** act_mkey);
+
+krb5_error_code
+krb5_dbe_find_mkey( krb5_context         context,
+                    krb5_db_entry      * entry,
+                    krb5_keyblock      ** mkey);
+
+/* Set *mkvno to mkvno in entry tl_data, or 0 if not present. */
+krb5_error_code
+krb5_dbe_lookup_mkvno( krb5_context    context,
+                       krb5_db_entry * entry,
+                       krb5_kvno     * mkvno);
+
+krb5_keylist_node *
+krb5_db_mkey_list_alias( krb5_context kcontext );
+
+/* Set *mkvno to mkvno in entry tl_data, or minimum value from mkey_list. */
+krb5_error_code
+krb5_dbe_get_mkvno( krb5_context        context,
+                    krb5_db_entry     * entry,
+                    krb5_kvno         * mkvno);
+
+krb5_error_code
+krb5_dbe_lookup_mod_princ_data( krb5_context          context,
+                                krb5_db_entry       * entry,
+                                krb5_timestamp      * mod_time,
+                                krb5_principal      * mod_princ);
+
+krb5_error_code
+krb5_dbe_lookup_mkey_aux( krb5_context         context,
+                          krb5_db_entry      * entry,
+                          krb5_mkey_aux_node ** mkey_aux_data_list);
+krb5_error_code
+krb5_dbe_update_mkvno( krb5_context    context,
+                       krb5_db_entry * entry,
+                       krb5_kvno       mkvno);
+
+krb5_error_code
+krb5_dbe_lookup_actkvno( krb5_context         context,
+                         krb5_db_entry      * entry,
+                         krb5_actkvno_node ** actkvno_list);
+
+krb5_error_code
+krb5_dbe_update_mkey_aux( krb5_context          context,
+                          krb5_db_entry       * entry,
+                          krb5_mkey_aux_node  * mkey_aux_data_list);
+
+krb5_error_code
+krb5_dbe_update_actkvno(krb5_context    context,
+                        krb5_db_entry * entry,
+                        const krb5_actkvno_node *actkvno_list);
+
+krb5_error_code
+krb5_dbe_update_last_pwd_change( krb5_context     context,
+                                 krb5_db_entry  * entry,
+                                 krb5_timestamp   stamp);
+
+krb5_error_code
+krb5_dbe_update_last_admin_unlock( krb5_context     context,
+                                   krb5_db_entry  * entry,
+                                   krb5_timestamp   stamp);
+
+krb5_error_code
+krb5_dbe_lookup_tl_data( krb5_context          context,
+                         krb5_db_entry       * entry,
+                         krb5_tl_data        * ret_tl_data);
+
+krb5_error_code
+krb5_dbe_create_key_data( krb5_context          context,
+                          krb5_db_entry       * entry);
+
+
+krb5_error_code
+krb5_dbe_update_mod_princ_data( krb5_context          context,
+                                krb5_db_entry       * entry,
+                                krb5_timestamp        mod_date,
+                                krb5_const_principal  mod_princ);
+
+/*
+ * These are wrappers around realloc() and free().  Applications and KDB
+ * modules can use them when manipulating principal and policy entries to
+ * ensure that they allocate and free memory in a manner compatible with the
+ * library.  Using libkrb5 or libkbd5 functions to construct values (such as
+ * krb5_copy_principal() to construct the princ field of a krb5_db_entry) is
+ * also safe.  On Unix platforms, just using malloc() and free() is safe as
+ * long as the application or module does not use a malloc replacement.
+ */
+void *krb5_db_alloc( krb5_context kcontext,
+                     void *ptr,
+                     size_t size );
+void krb5_db_free( krb5_context kcontext,
+                   void *ptr);
+
+
+krb5_error_code
+krb5_dbe_lookup_last_pwd_change( krb5_context          context,
+                                 krb5_db_entry       * entry,
+                                 krb5_timestamp      * stamp);
+
+krb5_error_code
+krb5_dbe_lookup_last_admin_unlock( krb5_context          context,
+                                   krb5_db_entry       * entry,
+                                   krb5_timestamp      * stamp);
+
+/* Retrieve the set of string attributes in entry, in no particular order.
+ * Free *strings_out with krb5_dbe_free_strings when done. */
+krb5_error_code
+krb5_dbe_get_strings(krb5_context context, krb5_db_entry *entry,
+                     krb5_string_attr **strings_out, int *count_out);
+
+/* Retrieve a single string attribute from entry, or NULL if there is no
+ * attribute for key.  Free *value_out with krb5_dbe_free_string when done. */
+krb5_error_code
+krb5_dbe_get_string(krb5_context context, krb5_db_entry *entry,
+                    const char *key, char **value_out);
+
+/* Change or add a string attribute in entry, or delete it if value is NULL. */
+krb5_error_code
+krb5_dbe_set_string(krb5_context context, krb5_db_entry *entry,
+                    const char *key, const char *value);
+
+krb5_error_code
+krb5_dbe_delete_tl_data( krb5_context    context,
+                         krb5_db_entry * entry,
+                         krb5_int16      tl_data_type);
+
+krb5_error_code
+krb5_db_update_tl_data(krb5_context          context,
+                       krb5_int16          * n_tl_datap,
+                       krb5_tl_data        **tl_datap,
+                       krb5_tl_data        * new_tl_data);
+
+krb5_error_code
+krb5_dbe_update_tl_data( krb5_context          context,
+                         krb5_db_entry       * entry,
+                         krb5_tl_data        * new_tl_data);
+
+/* Compute the salt for a key data entry given the corresponding principal. */
+krb5_error_code
+krb5_dbe_compute_salt(krb5_context context, const krb5_key_data *key,
+                      krb5_const_principal princ, krb5_int16 *salttype_out,
+                      krb5_data **salt_out);
+
+/*
+ * Modify the key data of entry to explicitly store salt values using the
+ * KRB5_KDB_SALTTYPE_SPECIAL salt type.
+ */
+krb5_error_code
+krb5_dbe_specialize_salt(krb5_context context, krb5_db_entry *entry);
+
+krb5_error_code
+krb5_dbe_cpw( krb5_context        kcontext,
+              krb5_keyblock       * master_key,
+              krb5_key_salt_tuple       * ks_tuple,
+              int                         ks_tuple_count,
+              char              * passwd,
+              int                         new_kvno,
+              krb5_boolean        keepold,
+              krb5_db_entry     * db_entry);
+
+
+krb5_error_code
+krb5_dbe_ark( krb5_context        context,
+              krb5_keyblock       * master_key,
+              krb5_key_salt_tuple       * ks_tuple,
+              int                         ks_tuple_count,
+              krb5_db_entry     * db_entry);
+
+krb5_error_code
+krb5_dbe_crk( krb5_context        context,
+              krb5_keyblock       * master_key,
+              krb5_key_salt_tuple       * ks_tuple,
+              int                         ks_tuple_count,
+              krb5_boolean        keepold,
+              krb5_db_entry     * db_entry);
+
+krb5_error_code
+krb5_dbe_apw( krb5_context        context,
+              krb5_keyblock       * master_key,
+              krb5_key_salt_tuple       * ks_tuple,
+              int                         ks_tuple_count,
+              char              * passwd,
+              krb5_db_entry     * db_entry);
+
+int
+krb5_db_get_key_data_kvno( krb5_context    context,
+                           int             count,
+                           krb5_key_data * data);
+
+krb5_error_code krb5_db_check_transited_realms(krb5_context kcontext,
+                                               const krb5_data *tr_contents,
+                                               const krb5_data *client_realm,
+                                               const krb5_data *server_realm);
+
+krb5_error_code krb5_db_check_policy_as(krb5_context kcontext,
+                                        krb5_kdc_req *request,
+                                        krb5_db_entry *client,
+                                        krb5_db_entry *server,
+                                        krb5_timestamp kdc_time,
+                                        const char **status,
+                                        krb5_pa_data ***e_data);
+
+krb5_error_code krb5_db_check_policy_tgs(krb5_context kcontext,
+                                         krb5_kdc_req *request,
+                                         krb5_db_entry *server,
+                                         krb5_ticket *ticket,
+                                         const char **status,
+                                         krb5_pa_data ***e_data);
+
+void krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+                          const krb5_address *local_addr,
+                          const krb5_address *remote_addr,
+                          krb5_db_entry *client, krb5_db_entry *server,
+                          krb5_timestamp authtime, krb5_error_code error_code);
+
+void krb5_db_refresh_config(krb5_context kcontext);
+
+krb5_error_code krb5_db_check_allowed_to_delegate(krb5_context kcontext,
+                                                  krb5_const_principal client,
+                                                  const krb5_db_entry *server,
+                                                  krb5_const_principal proxy);
+
+krb5_error_code krb5_db_get_s4u_x509_principal(krb5_context kcontext,
+                                               const krb5_data *client_cert,
+                                               krb5_const_principal in_princ,
+                                               unsigned int flags,
+                                               krb5_db_entry **entry);
+
+krb5_error_code krb5_db_allowed_to_delegate_from(krb5_context context,
+                                                 krb5_const_principal client,
+                                                 krb5_const_principal server,
+                                                 krb5_pac server_pac,
+                                                 const krb5_db_entry *proxy);
+
+/**
+ * Sort an array of @a krb5_key_data keys in descending order by their kvno.
+ * Key data order within a kvno is preserved.
+ *
+ * @param key_data
+ *     The @a krb5_key_data array to sort.  This is sorted in place so the
+ *     array will be modified.
+ * @param key_data_length
+ *     The length of @a key_data.
+ */
+void
+krb5_dbe_sort_key_data(krb5_key_data *key_data, size_t key_data_length);
+
+krb5_error_code
+krb5_db_issue_pac(krb5_context context, unsigned int flags,
+                  krb5_db_entry *client, krb5_keyblock *replaced_reply_key,
+                  krb5_db_entry *server, krb5_db_entry *krbtgt,
+                  krb5_timestamp authtime, krb5_pac old_pac, krb5_pac new_pac,
+                  krb5_data ***auth_indicators);
+
+/* default functions. Should not be directly called */
+/*
+ *   Default functions prototype
+ */
+
+krb5_error_code
+krb5_dbe_def_search_enctype( krb5_context kcontext,
+                             krb5_db_entry *dbentp,
+                             krb5_int32 *start,
+                             krb5_int32 ktype,
+                             krb5_int32 stype,
+                             krb5_int32 kvno,
+                             krb5_key_data **kdatap);
+
+krb5_error_code
+krb5_def_store_mkey_list( krb5_context context,
+                          char *keyfile,
+                          krb5_principal mname,
+                          krb5_keylist_node *keylist,
+                          char *master_pwd);
+
+krb5_error_code
+krb5_db_def_fetch_mkey( krb5_context   context,
+                        krb5_principal mname,
+                        krb5_keyblock *key,
+                        krb5_kvno     *kvno,
+                        char          *db_args);
+
+krb5_error_code
+krb5_def_fetch_mkey_list( krb5_context            context,
+                          krb5_principal        mprinc,
+                          const krb5_keyblock  *mkey,
+                          krb5_keylist_node  **mkeys_list);
+
+krb5_error_code
+krb5_dbe_def_cpw( krb5_context    context,
+                  krb5_keyblock       * master_key,
+                  krb5_key_salt_tuple   * ks_tuple,
+                  int                     ks_tuple_count,
+                  char          * passwd,
+                  int                     new_kvno,
+                  krb5_boolean    keepold,
+                  krb5_db_entry * db_entry);
+
+krb5_error_code
+krb5_dbe_def_decrypt_key_data( krb5_context             context,
+                               const krb5_keyblock    * mkey,
+                               const krb5_key_data    * key_data,
+                               krb5_keyblock          * dbkey,
+                               krb5_keysalt           * keysalt);
+
+krb5_error_code
+krb5_dbe_def_encrypt_key_data( krb5_context             context,
+                               const krb5_keyblock    * mkey,
+                               const krb5_keyblock    * dbkey,
+                               const krb5_keysalt     * keysalt,
+                               int                      keyver,
+                               krb5_key_data          * key_data);
+
+krb5_error_code
+krb5_db_def_rename_principal( krb5_context kcontext,
+                              krb5_const_principal source,
+                              krb5_const_principal target);
+
+krb5_error_code
+krb5_db_create_policy( krb5_context kcontext,
+                       osa_policy_ent_t policy);
+
+krb5_error_code
+krb5_db_get_policy ( krb5_context kcontext,
+                     char *name,
+                     osa_policy_ent_t *policy );
+
+krb5_error_code
+krb5_db_put_policy( krb5_context kcontext,
+                    osa_policy_ent_t policy);
+
+krb5_error_code
+krb5_db_iter_policy( krb5_context kcontext,
+                     char *match_entry,
+                     osa_adb_iter_policy_func func,
+                     void *data);
+
+krb5_error_code
+krb5_db_delete_policy( krb5_context kcontext,
+                       char *policy);
+
+void
+krb5_db_free_policy( krb5_context kcontext,
+                     osa_policy_ent_t policy);
+
+
+krb5_error_code
+krb5_db_set_context(krb5_context, void *db_context);
+
+krb5_error_code
+krb5_db_get_context(krb5_context, void **db_context);
+
+void
+krb5_dbe_free_key_data_contents(krb5_context, krb5_key_data *);
+
+void
+krb5_dbe_free_key_list(krb5_context, krb5_keylist_node *);
+
+void
+krb5_dbe_free_actkvno_list(krb5_context, krb5_actkvno_node *);
+
+void
+krb5_dbe_free_mkey_aux_list(krb5_context, krb5_mkey_aux_node *);
+
+void
+krb5_dbe_free_tl_data(krb5_context, krb5_tl_data *);
+
+void
+krb5_dbe_free_strings(krb5_context, krb5_string_attr *, int count);
+
+void
+krb5_dbe_free_string(krb5_context, char *);
+
+/*
+ * Register the KDB keytab type, allowing "KDB:" to be used as a keytab name.
+ * For this type to work, the context used for keytab operations must have an
+ * associated database handle (via krb5_db_open()).
+ */
+krb5_error_code krb5_db_register_keytab(krb5_context context);
+
+#define KRB5_KDB_DEF_FLAGS      0
+
+#define KDB_MAX_DB_NAME                 128
+#define KDB_REALM_SECTION               "realms"
+#define KDB_MODULE_POINTER              "database_module"
+#define KDB_MODULE_DEF_SECTION          "dbdefaults"
+#define KDB_MODULE_SECTION              "dbmodules"
+#define KDB_LIB_POINTER                 "db_library"
+#define KDB_DATABASE_CONF_FILE          DEFAULT_SECURE_PROFILE_PATH
+#define KDB_DATABASE_ENV_PROF           KDC_PROFILE_ENV
+
+#define KRB5_KDB_OPEN_RW                0
+#define KRB5_KDB_OPEN_RO                1
+
+#define KRB5_KDB_OPT_SET_DB_NAME        0
+#define KRB5_KDB_OPT_SET_LOCK_MODE      1
+
+/*
+ * This number indicates the date of the last incompatible change to the DAL.
+ * The maj_ver field of the module's vtable structure must match this version.
+ */
+#define KRB5_KDB_DAL_MAJOR_VERSION 9
+
+/*
+ * Note the following when converting a module to DAL version 9:
+ *
+ * - get_authdata_info() and sign_authdata() have been removed, and issue_pac()
+ *   has been added.
+ *
+ * - check_allowed_to_delegate() must handle a null proxy argument, returning
+ *   success if server has any authorized delegation targets in the traditional
+ *   scheme.
+ *
+ * - allowed_to_delegate_from() accepts a krb5_pac parameter (in place
+ *   server_ad_info) for the impersonator's PAC.
+ *
+ * - check_allowed_to_delegate() and allowed_to_delegate_from() must return
+ *   KRB5KDC_ERR_BADOPTION on authorization failure.
+ *
+ * - the KRB5_KDB_FLAG_ISSUE_PAC and KRB5_FLAG_CLIENT_REFERRALS_ONLY flags have
+ *   been combined into KRB5_KDB_FLAG_CLIENT.
+ *
+ * - the KRB5_KDB_FLAG_CANONICALIZE flag has been renamed to
+ *   KRB5_KDB_FLAG_REFERRAL_OK, and is only passed to get_principal() when a
+ *   realm referral is allowed (AS client and TGS server lookups, when the
+ *   CANONICALIZE option is requested or, for AS requests, when the client is
+ *   an enterprise principal).  As of DAL version 8 the KDB module should
+ *   always canonicalize aliases within a realm; the KDC will decide whether to
+ *   use the original or canonical principal.
+ */
+
+/*
+ * A krb5_context can hold one database object.  Modules should use
+ * krb5_db_set_context and krb5_db_get_context to store state associated with
+ * the database object.
+ *
+ * Some module functions are mandatory for KDC operation; others are optional
+ * or apply only to administrative operations.  If a function is optional, a
+ * module can leave the function pointer as NULL.  Alternatively, modules can
+ * return KRB5_PLUGIN_OP_NOTSUPP when asked to perform an inapplicable action.
+ *
+ * Some module functions have default implementations which will call back into
+ * the vtable interface.  Leave these functions as NULL to use the default
+ * implementations.
+ *
+ * The documentation in these comments describes the DAL as it is currently
+ * implemented and used, not as it should be.  So if anything seems off, that
+ * probably means the current state of things is off.
+ *
+ * Modules must allocate memory for principal entries, policy entries, and
+ * other structures using an allocator compatible with malloc() as seen by
+ * libkdb5 and libkrb5.  Modules may link against libkdb5 and call
+ * krb5_db_alloc() to be certain that the same malloc implementation is used.
+ */
+
+typedef struct _kdb_vftabl {
+    short int maj_ver;
+    short int min_ver;
+
+    /*
+     * Mandatory: Invoked after the module library is loaded, when the first DB
+     * using the module is opened, across all contexts.
+     */
+    krb5_error_code (*init_library)(void);
+
+    /*
+     * Mandatory: Invoked before the module library is unloaded, after the last
+     * DB using the module is closed, across all contexts.
+     */
+    krb5_error_code (*fini_library)(void);
+
+    /*
+     * Mandatory: Initialize a database object.  Profile settings should be
+     * read from conf_section inside KDB_MODULE_SECTION.  db_args communicates
+     * command-line arguments for module-specific flags.  mode will be one of
+     * KRB5_KDB_OPEN_{RW,RO} or'd with one of
+     * KRB5_KDB_SRV_TYPE_{KDC,ADMIN,PASSWD,OTHER}.
+     */
+    krb5_error_code (*init_module)(krb5_context kcontext, char *conf_section,
+                                   char **db_args, int mode);
+
+    /*
+     * Mandatory: Finalize the database object contained in a context.  Free
+     * any state contained in the db_context pointer and null it out.
+     */
+    krb5_error_code (*fini_module)(krb5_context kcontext);
+
+    /*
+     * Optional: Initialize a database object while creating the underlying
+     * database.  conf_section and db_args have the same meaning as in
+     * init_module.  This function may return an error if the database already
+     * exists.  Used by kdb5_util create.
+     *
+     * If db_args contains the value "temporary", the module should create an
+     * exclusively locked side copy of the database suitable for loading in a
+     * propagation from primary to replica.  This side copy will later be
+     * promoted with promote_db, allowing complete updates of the DB with no
+     * loss in read availability.  If the module cannot comply with this
+     * architecture, it should return an error.
+     */
+    krb5_error_code (*create)(krb5_context kcontext, char *conf_section,
+                              char **db_args);
+
+    /*
+     * Optional: Destroy a database.  conf_section and db_args have the same
+     * meaning as in init_module.  Used by kdb5_util destroy.  In current
+     * usage, the database is destroyed while open, so the module should handle
+     * that.
+     */
+    krb5_error_code (*destroy)(krb5_context kcontext, char *conf_section,
+                               char **db_args);
+
+    /*
+     * Deprecated: No longer used as of krb5 1.10; can be removed in the next
+     * DAL revision.  Modules should leave as NULL.
+     */
+    krb5_error_code (*get_age)(krb5_context kcontext, char *db_name,
+                               time_t *age);
+
+    /*
+     * Optional: Lock the database, with semantics depending on the mode
+     * argument:
+     *
+     * KRB5_DB_LOCKMODE_SHARED: Lock may coexist with other shared locks.
+     * KRB5_DB_LOCKMODE_EXCLUSIVE: Lock may not coexist with other locks.
+     * KRB5_DB_LOCKMODE_PERMANENT: Exclusive lock surviving process exit.
+     *
+     * Used by the "kadmin lock" command, incremental propagation, and
+     * kdb5_util dump.  Incremental propagation support requires shared locks
+     * to operate.  kdb5_util dump will continue unlocked if the module returns
+     * KRB5_PLUGIN_OP_NOTSUPP.
+     */
+    krb5_error_code (*lock)(krb5_context kcontext, int mode);
+
+    /* Optional: Release a lock created with db_lock. */
+    krb5_error_code (*unlock)(krb5_context kcontext);
+
+    /*
+     * Mandatory: Set *entry to an allocated entry for the principal
+     * search_for.  If the principal is not found, return KRB5_KDB_NOENTRY.
+     *
+     * The meaning of flags are as follows:
+     *
+     * KRB5_KDB_FLAG_REFERRAL_OK: Set by the KDC when looking up entries for an
+     *     AS client with canonicalization requested or for an enterprise
+     *     principal, or for a TGS request server with canonicalization
+     *     requested.  Determines whether the module should return out-of-realm
+     *     referrals.
+     *
+     * KRB5_KDB_FLAG_CLIENT: Set by the KDC when looking up a client principal
+     *     during an AS or TGS request.  Affects how the module should return
+     *     out-of-realm referrals.
+     *
+     * KRB5_KDB_FLAG_MAP_PRINCIPALS: Set by the KDC when looking up the client
+     *     entry during TGS requests, except for S4U TGS requests and requests
+     *     where the server entry has the KRB5_KDB_NO_AUTH_DATA_REQUIRED
+     *     attribute.  Indicates that the module should map foreign principals
+     *     to local principals if it supports doing so.
+     *
+     * KRB5_KDB_FLAG_PROTOCOL_TRANSITION: Set by the KDC when looking up the
+     *     client entry during an S4U2Self TGS request.  This affects the PAC
+     *     information which should be included when authorization data is
+     *     generated; see the Microsoft S4U specification for details.
+     *
+     * KRB5_KDB_FLAG_CONSTRAINED_DELEGATION: Set by the KDC when looking up the
+     *     client entry during an S4U2Proxy TGS request.  Also affects PAC
+     *     generation.
+     *
+     * KRB5_KDB_FLAG_CROSS_REALM: Set by the KDC after looking up a server
+     *     entry during a TGS request, if the header ticket was issued by a
+     *     different realm.
+     *
+     * KRB5_KDB_FLAG_ISSUING_REFERRAL: Set by the KDC after looking up a server
+     *     entry during a TGS request, if the requested server principal is not
+     *     part of the realm being served, and a referral or alternate TGT will
+     *     be issued instead.
+     *
+     * A module may return an in-realm alias by setting (*entry)->princ to the
+     * canonical name.  The KDC will decide based on the request whether to use
+     * the requested name or the canonical name in the issued ticket.
+     *
+     * A module can return a referral to another realm if flags contains
+     * KRB5_KDB_FLAG_REFERRAL_OK.  If KRB5_KDB_FLAG_CLIENT is also set, the
+     * module should return a referral by simply filling in an out-of-realm
+     * name in (*entry)->princ and setting all other fields to NULL.
+     * Otherwise, the module should return the entry for the cross-realm TGS of
+     * the referred-to realm.
+     */
+    krb5_error_code (*get_principal)(krb5_context kcontext,
+                                     krb5_const_principal search_for,
+                                     unsigned int flags,
+                                     krb5_db_entry **entry);
+
+    /*
+     * Optional: Create or modify a principal entry.  db_args communicates
+     * command-line arguments for module-specific flags.
+     *
+     * The mask field of an entry indicates the changed fields.  Mask values
+     * are defined in kadmin's admin.h header.  If KADM5_PRINCIPAL is set in
+     * the mask, the entry is new; otherwise it already exists.  All fields of
+     * an entry are expected to contain correct values, regardless of whether
+     * they are specified in the mask, so it is acceptable for a module to
+     * ignore the mask and update the entire entry.
+     */
+    krb5_error_code (*put_principal)(krb5_context kcontext,
+                                     krb5_db_entry *entry, char **db_args);
+
+    /*
+     * Optional: Delete the entry for the principal search_for.  If the
+     * principal did not exist, return KRB5_KDB_NOENTRY.
+     */
+    krb5_error_code (*delete_principal)(krb5_context kcontext,
+                                        krb5_const_principal search_for);
+
+    /*
+     * Optional with default: Rename a principal.  If the source principal does
+     * not exist, return KRB5_KDB_NOENTRY.  If the target exists, return an
+     * error.
+     *
+     * NOTE: If the module chooses to implement a custom function for renaming
+     * a principal instead of using the default, then rename operations will
+     * fail if iprop logging is enabled.
+     */
+    krb5_error_code (*rename_principal)(krb5_context kcontext,
+                                        krb5_const_principal source,
+                                        krb5_const_principal target);
+
+    /*
+     * Optional: For each principal entry in the database, invoke func with the
+     * arguments func_arg and the entry data.  If match_entry is specified, the
+     * module may narrow the iteration to principal names matching that regular
+     * expression; a module may alternatively ignore match_entry.
+     */
+    krb5_error_code (*iterate)(krb5_context kcontext,
+                               char *match_entry,
+                               int (*func)(krb5_pointer, krb5_db_entry *),
+                               krb5_pointer func_arg, krb5_flags iterflags);
+
+    /*
+     * Optional: Create a password policy entry.  Return an error if the policy
+     * already exists.
+     */
+    krb5_error_code (*create_policy)(krb5_context kcontext,
+                                     osa_policy_ent_t policy);
+
+    /*
+     * Optional: Set *policy to the policy entry of the specified name.  If the
+     * entry does not exist, return KRB5_KDB_NOENTRY.
+     */
+    krb5_error_code (*get_policy)(krb5_context kcontext, char *name,
+                                  osa_policy_ent_t *policy);
+
+    /*
+     * Optional: Modify an existing password policy entry to match the values
+     * in policy.  Return an error if the policy does not already exist.
+     */
+    krb5_error_code (*put_policy)(krb5_context kcontext,
+                                  osa_policy_ent_t policy);
+
+    /*
+     * Optional: For each password policy entry in the database, invoke func
+     * with the arguments data and the entry data.  If match_entry is
+     * specified, the module may narrow the iteration to policy names matching
+     * that regular expression; a module may alternatively ignore match_entry.
+     */
+    krb5_error_code (*iter_policy)(krb5_context kcontext, char *match_entry,
+                                   osa_adb_iter_policy_func func,
+                                   void *data);
+
+    /*
+     * Optional: Delete the password policy entry with the name policy.  Return
+     * an error if the entry does not exist.
+     */
+    krb5_error_code (*delete_policy)(krb5_context kcontext, char *policy);
+
+    /*
+     * Optional with default: Retrieve a master keyblock from the stash file
+     * db_args, filling in *key and *kvno.  mname is the name of the master
+     * principal for the realm.
+     *
+     * The default implementation reads the master keyblock from a keytab or
+     * old-format stash file.
+     */
+    krb5_error_code (*fetch_master_key)(krb5_context kcontext,
+                                        krb5_principal mname,
+                                        krb5_keyblock *key, krb5_kvno *kvno,
+                                        char *db_args);
+
+    /*
+     * Optional with default: Given a keyblock for some version of the
+     * database's master key, fetch the decrypted master key values from the
+     * database and store the list into *mkeys_list.  The caller will free
+     * *mkeys_list using a libkdb5 function which uses the standard free()
+     * function, so the module must not use a custom allocator.
+     *
+     * The caller may not know the version number of the master key it has, in
+     * which case it will pass IGNORE_VNO.
+     *
+     * The default implementation ignores kvno and tries the key against the
+     * current master key data and all KRB5_TL_MKEY_AUX values, which contain
+     * copies of the master keys encrypted with old master keys.
+     */
+    krb5_error_code (*fetch_master_key_list)(krb5_context kcontext,
+                                             krb5_principal mname,
+                                             const krb5_keyblock *key,
+                                             krb5_keylist_node **mkeys_list);
+
+    /*
+     * Optional with default: Save a list of master keyblocks, obtained from
+     * fetch_master_key_list, into the stash file db_arg.  The caller will set
+     * master_pwd to NULL, so the module should just ignore it.  mname is the
+     * name of the master principal for the realm.
+     *
+     * The default implementation saves the list of master keys in a
+     * keytab-format file.
+     */
+    krb5_error_code (*store_master_key_list)(krb5_context kcontext,
+                                             char *db_arg,
+                                             krb5_principal mname,
+                                             krb5_keylist_node *keylist,
+                                             char *master_pwd);
+
+    /*
+     * Optional with default: Starting at position *start, scan the key data of
+     * a database entry for a key matching the enctype ktype, the salt type
+     * stype, and the version kvno.  Store the resulting key into *kdatap and
+     * set *start to the position after the key found.  If ktype is negative,
+     * match any enctype.  If stype is negative, match any salt type.  If kvno
+     * is zero or negative, find the most recent key version satisfying the
+     * other constraints.
+     */
+    krb5_error_code (*dbe_search_enctype)(krb5_context kcontext,
+                                          krb5_db_entry *dbentp,
+                                          krb5_int32 *start, krb5_int32 ktype,
+                                          krb5_int32 stype, krb5_int32 kvno,
+                                          krb5_key_data **kdatap);
+
+
+    /*
+     * Optional with default: Change the key data for db_entry to include keys
+     * derived from the password passwd in each of the specified key-salt
+     * types, at version new_kvno.  Discard the old key data if keepold is not
+     * set.
+     *
+     * The default implementation uses the keyblock master_key to encrypt each
+     * new key, via the function encrypt_key_data.
+     */
+    krb5_error_code (*change_pwd)(krb5_context context,
+                                  krb5_keyblock *master_key,
+                                  krb5_key_salt_tuple *ks_tuple,
+                                  int ks_tuple_count, char *passwd,
+                                  int new_kvno, krb5_boolean keepold,
+                                  krb5_db_entry *db_entry);
+
+    /*
+     * Optional: Promote a temporary database to be the live one.  context must
+     * be initialized with an exclusively locked database created with the
+     * "temporary" db_arg.  On success, the database object contained in
+     * context will be finalized.
+     *
+     * This method is used by kdb5_util load to replace the live database with
+     * minimal loss of read availability.
+     */
+    krb5_error_code (*promote_db)(krb5_context context, char *conf_section,
+                                  char **db_args);
+
+    /*
+     * Optional with default: Decrypt the key in key_data with master keyblock
+     * mkey, placing the result into dbkey.  Copy the salt from key_data, if
+     * any, into keysalt.  Either dbkey or keysalt may be left unmodified on
+     * successful return if key_data does not contain key or salt information.
+     *
+     * The default implementation expects the encrypted key (in krb5_c_encrypt
+     * format) to be stored in key_data_contents[0], with length given by
+     * key_data_length[0].  If key_data_ver is 2, it expects the salt to be
+     * stored, unencrypted, in key_data_contents[1], with length given by
+     * key_data_length[1].
+     */
+    krb5_error_code (*decrypt_key_data)(krb5_context kcontext,
+                                        const krb5_keyblock *mkey,
+                                        const krb5_key_data *key_data,
+                                        krb5_keyblock *dbkey,
+                                        krb5_keysalt *keysalt);
+
+    /*
+     * Optional with default: Encrypt dbkey with master keyblock mkey, placing
+     * the result into key_data along with keysalt.
+     *
+     * The default implementation stores the encrypted key (in krb5_c_encrypt
+     * format) in key_data_contents[0] and the length in key_data_length[0].
+     * If keysalt is specified, it sets key_data_ver to 2, and stores the salt
+     * in key_data_contents[1] and its length in key_data_length[1].  If
+     * keysalt is not specified, key_data_ver is set to 1.
+     */
+    krb5_error_code (*encrypt_key_data)(krb5_context kcontext,
+                                        const krb5_keyblock *mkey,
+                                        const krb5_keyblock *dbkey,
+                                        const krb5_keysalt *keysalt,
+                                        int keyver, krb5_key_data *key_data);
+
+    /*
+     * Optional: Perform a policy check on a cross-realm ticket's transited
+     * field.  Return 0 if the check authoritatively succeeds,
+     * KRB5_PLUGIN_NO_HANDLE to use the core transited-checking mechanisms, or
+     * another error (other than KRB5_PLUGIN_OP_NOTSUPP) if the check fails.
+     */
+    krb5_error_code (*check_transited_realms)(krb5_context kcontext,
+                                              const krb5_data *tr_contents,
+                                              const krb5_data *client_realm,
+                                              const krb5_data *server_realm);
+
+    /*
+     * Optional: Perform a policy check on an AS request, in addition to the
+     * standard policy checks.  Return 0 if the AS request is allowed.  If the
+     * AS request is not allowed:
+     *   - Place a short string literal into *status.
+     *   - If desired, place data into e_data.  Any data placed here will be
+     *     freed by the caller using the standard free function.
+     *   - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
+     */
+    krb5_error_code (*check_policy_as)(krb5_context kcontext,
+                                       krb5_kdc_req *request,
+                                       krb5_db_entry *client,
+                                       krb5_db_entry *server,
+                                       krb5_timestamp kdc_time,
+                                       const char **status,
+                                       krb5_pa_data ***e_data);
+
+    /*
+     * Optional: Perform a policy check on a TGS request, in addition to the
+     * standard policy checks.  Return 0 if the TGS request is allowed.  If the
+     * TGS request is not allowed:
+     *   - Place a short string literal into *status.
+     *   - If desired, place data into e_data.  Any data placed here will be
+     *     freed by the caller using the standard free function.
+     *   - Return an appropriate error (such as KRB5KDC_ERR_POLICY).
+     * The input parameter ticket contains the TGT used in the TGS request.
+     */
+    krb5_error_code (*check_policy_tgs)(krb5_context kcontext,
+                                        krb5_kdc_req *request,
+                                        krb5_db_entry *server,
+                                        krb5_ticket *ticket,
+                                        const char **status,
+                                        krb5_pa_data ***e_data);
+
+    /*
+     * Optional: This method informs the module of a successful or unsuccessful
+     * AS request.
+     */
+    void (*audit_as_req)(krb5_context kcontext, krb5_kdc_req *request,
+                         const krb5_address *local_addr,
+                         const krb5_address *remote_addr,
+                         krb5_db_entry *client, krb5_db_entry *server,
+                         krb5_timestamp authtime, krb5_error_code error_code);
+
+    /* Note: there is currently no method for auditing TGS requests. */
+
+    /*
+     * Optional: This method informs the module of a request to reload
+     * configuration or other state (that is, the KDC received a SIGHUP).
+     */
+    void (*refresh_config)(krb5_context kcontext);
+
+    /*
+     * Optional: Perform a policy check on server being allowed to obtain
+     * tickets from client to proxy.  If proxy is NULL, check if server has any
+     * authorized delegation targets (client will also be NULL in this case).
+     * (Note that proxy is the target of the delegation, not the delegating
+     * service; the term "proxy" is from the viewpoint of the delegating
+     * service asking another service to perform some of its work in the
+     * authentication context of the client.  This terminology comes from the
+     * Microsoft S4U protocol documentation.)  Return 0 if policy allows
+     * delegation to the specified target (or to any target if proxy is NULL),
+     * or KRB5KDC_ERR_BADOPTION if not.  If this method is not implemented, all
+     * S4U2Proxy delegation requests will be rejected.
+     */
+    krb5_error_code (*check_allowed_to_delegate)(krb5_context context,
+                                                 krb5_const_principal client,
+                                                 const krb5_db_entry *server,
+                                                 krb5_const_principal proxy);
+
+    /*
+     * Optional: Free the e_data pointer of a database entry.  If this method
+     * is not implemented, the e_data pointer in principal entries will be
+     * freed with free() as seen by libkdb5.
+     */
+    void (*free_principal_e_data)(krb5_context kcontext, krb5_octet *e_data);
+
+    /*
+     * Optional: get a client principal entry based on an X.509 certificate.
+     *
+     * If flags include KRB5_KDB_FLAG_REFERRAL_OK, the certificate was
+     * presented in an AS request.  princ->realm indicates the request realm,
+     * but the data components should be ignored.  The module can return an
+     * out-of-realm client referral as it would for get_principal().
+     *
+     * Otherwise, princ is from a TGS request.  If it contains data components
+     * (and not just a realm), the module should verify that it is the same as
+     * the lookup result for client_cert.  The module should not return a
+     * referral.
+     */
+    krb5_error_code (*get_s4u_x509_principal)(krb5_context kcontext,
+                                              const krb5_data *client_cert,
+                                              krb5_const_principal princ,
+                                              unsigned int flags,
+                                              krb5_db_entry **entry_out);
+
+    /*
+     * Optional: Perform a policy check on server being allowed to obtain
+     * tickets from client to proxy.  This method is similar to
+     * check_allowed_to_delegate, but it operates on the target server DB entry
+     * (called "proxy" here as in Microsoft's protocol documentation) rather
+     * than the intermediate server entry.  server_pac is the verified PAC from
+     * the authdata of the intermediate server.  Return 0 if policy allows the
+     * delegation, or KRB5KDC_ERR_BADOPTION if not.
+     *
+     * This method is called for S4U2Proxy requests and implements the
+     * resource-based constrained delegation variant, which can support
+     * cross-realm delegation.  If this method is not implemented or if it
+     * returns a policy error, the KDC will fall back to
+     * check_allowed_to_delegate if the intermediate and target servers are in
+     * the same realm and the evidence ticket is forwardable.
+     */
+    krb5_error_code (*allowed_to_delegate_from)(krb5_context context,
+                                                krb5_const_principal client,
+                                                krb5_const_principal server,
+                                                krb5_pac server_pac,
+                                                const krb5_db_entry *proxy);
+
+    /*
+     * Optional: Add buffers to new_pac using krb5_pac_add_buffer() before it
+     * is signed.
+     *
+     * The caller will handle the following buffer types, so do not copy or add
+     * them:
+     *
+     *   KRB5_PAC_SERVER_CHECKSUM
+     *   KRB5_PAC_PRIVSVR_CHECKSUM
+     *   KRB5_PAC_TICKET_CHECKSUM
+     *   KRB5_PAC_CLIENT_INFO
+     *   KRB5_PAC_DELEGATION_INFO
+     *
+     * For TGS requests, old_pac is the PAC of the header ticket, except when
+     * KRB5_KDB_FLAG_CONTRAINED_DELEGATION is present in flags, in which case
+     * it is the PAC of the second ticket.  If
+     * KRB5_KDB_FLAG_PROTOCOL_TRANSITION is present in flags and client is not
+     * NULL, old_pac is the PAC of the requesting service, not the subject of
+     * the S4U2Self request, and its buffers should not be copied into new_pac.
+     * The signatures and PAC_CLIENT_INFO of old_pac have been verified by the
+     * caller.
+     *
+     * If replaced_reply_key is not null, the request is an AS request and the
+     * reply key was replaced by a preauth mechanism such as PKINIT, meaning
+     * the Kerberos password or long-term key was not used.  The module may use
+     * this key to encrypt a PAC_CREDENTIALS_INFO buffer containing credentials
+     * (such as an NTLM hash) that the client would ordinarily derive from the
+     * Kerberos password or long-term key.
+     *
+     * server is the database entry of the server the ticket will be issued to,
+     * which may be a referral TGS.
+     *
+     * signing_krbtgt is the database entry of the krbtgt principal used to
+     * verify old_pac (or null if old_pac is null).  If
+     * KRB5_KDB_FLAG_CROSS_REALM is present in flags, this entry will be an
+     * incoming cross-realm TGS, and the PAC fields should undergo appropriate
+     * filtering based on the trust level of the cross-realm relationship.
+     *
+     * auth_indicators points to NULL or a null-terminated list of krb5_data
+     * pointers, each containing an authentication indicator (RFC 8129).  The
+     * method may modify this list, or free it and replace *auth_indicators
+     * with NULL, to change which auth indicators will be included in the
+     * ticket.
+     */
+    krb5_error_code (*issue_pac)(krb5_context context, unsigned int flags,
+                                 krb5_db_entry *client,
+                                 krb5_keyblock *replaced_reply_key,
+                                 krb5_db_entry *server,
+                                 krb5_db_entry *signing_krbtgt,
+                                 krb5_timestamp authtime, krb5_pac old_pac,
+                                 krb5_pac new_pac,
+                                 krb5_data ***auth_indicators);
+
+    /* End of minor version 0 for major version 9. */
+} kdb_vftabl;
+
+#endif /* !defined(_WIN32) */
+
+#endif /* KRB5_KDB5__ */
diff --git a/krb5-1.21.3/src/include/kdb_kt.h b/krb5-1.21.3/src/include/kdb_kt.h
new file mode 100644
index 00000000..6a71c3c1
--- /dev/null
+++ b/krb5-1.21.3/src/include/kdb_kt.h
@@ -0,0 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/kdb_kt.h - KDC keytab declarations */
+/*
+ * Copyright 1997 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KRB5_KDB5_KT_H
+#define KRB5_KDB5_KT_H
+
+#include "kdb.h"
+
+extern struct _krb5_kt_ops krb5_kt_kdb_ops;
+
+krb5_error_code krb5_ktkdb_resolve (krb5_context, const char *, krb5_keytab *);
+
+krb5_error_code krb5_ktkdb_set_context(krb5_context);
+
+#endif /* KRB5_KDB5_DBM__ */
diff --git a/krb5-1.21.3/src/include/kdb_log.h b/krb5-1.21.3/src/include/kdb_log.h
new file mode 100644
index 00000000..42395756
--- /dev/null
+++ b/krb5-1.21.3/src/include/kdb_log.h
@@ -0,0 +1,113 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#ifndef _KDB_LOG_H
+#define _KDB_LOG_H
+
+/* #pragma ident        "@(#)kdb_log.h  1.3     04/02/23 SMI" */
+
+#include <iprop_hdr.h>
+#include <iprop.h>
+#include <limits.h>
+#include "kdb.h"
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * DB macros
+ */
+#define INDEX(ulog, i) (kdb_ent_header_t *)(void *)                     \
+    ((char *)(ulog) + sizeof(kdb_hlog_t) + (i) * ulog->kdb_block)
+
+/*
+ * Current DB version #
+ */
+#define KDB_VERSION     1
+
+/*
+ * DB log states
+ */
+#define KDB_STABLE      1
+#define KDB_UNSTABLE    2
+#define KDB_CORRUPT     3
+
+/*
+ * DB log constants
+ */
+#define KDB_ULOG_MAGIC          0x6661212
+#define KDB_ULOG_HDR_MAGIC      0x6662323
+
+/*
+ * Default ulog file attributes
+ */
+#define DEF_ULOGENTRIES 1000
+#define ULOG_IDLE_TIME  10              /* in seconds */
+/*
+ * Max size of update entry + update header
+ * We make this large since resizing can be costly.
+ */
+#define ULOG_BLOCK      2048            /* Default size of principal record */
+
+#define MAXLOGLEN       0x10000000      /* 256 MB log file */
+
+/*
+ * Prototype declarations
+ */
+krb5_error_code ulog_map(krb5_context context, const char *logname,
+                         uint32_t entries);
+krb5_error_code ulog_init_header(krb5_context context);
+krb5_error_code ulog_add_update(krb5_context context, kdb_incr_update_t *upd);
+krb5_error_code ulog_get_entries(krb5_context context, const kdb_last_t *last,
+                                 kdb_incr_result_t *ulog_handle);
+krb5_error_code ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret,
+                            char **db_args);
+krb5_error_code ulog_conv_2logentry(krb5_context context, krb5_db_entry *entry,
+                                    kdb_incr_update_t *update);
+krb5_error_code ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
+                                   kdb_incr_update_t *update);
+void ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates);
+krb5_error_code ulog_set_role(krb5_context ctx, iprop_role role);
+update_status_t ulog_get_sno_status(krb5_context context,
+                                    const kdb_last_t *last);
+krb5_error_code ulog_get_last(krb5_context context, kdb_last_t *last_out);
+krb5_error_code ulog_set_last(krb5_context context, const kdb_last_t *last);
+void ulog_fini(krb5_context context);
+
+typedef struct kdb_hlog {
+    uint32_t        kdb_hmagic;     /* Log header magic # */
+    uint16_t        db_version_num; /* Kerberos database version no. */
+    uint32_t        kdb_num;        /* # of updates in log */
+    kdbe_time_t     kdb_first_time; /* Timestamp of first update */
+    kdbe_time_t     kdb_last_time;  /* Timestamp of last update */
+    kdb_sno_t       kdb_first_sno;  /* First serial # in the update log */
+    kdb_sno_t       kdb_last_sno;   /* Last serial # in the update log */
+    uint16_t        kdb_state;      /* State of update log */
+    uint16_t        kdb_block;      /* Block size of each element */
+} kdb_hlog_t;
+
+typedef struct kdb_ent_header {
+    uint32_t        kdb_umagic;     /* Update entry magic # */
+    kdb_sno_t       kdb_entry_sno;  /* Serial # of entry */
+    kdbe_time_t     kdb_time;       /* Timestamp of update */
+    bool_t          kdb_commit;     /* Is the entry committed or not */
+    uint32_t        kdb_entry_size; /* Size of update entry */
+    uint8_t         entry_data[4];  /* Address of kdb_incr_update_t */
+} kdb_ent_header_t;
+
+typedef struct _kdb_log_context {
+    iprop_role      iproprole;
+    kdb_hlog_t      *ulog;
+    uint32_t        ulogentries;
+    int             ulogfd;
+} kdb_log_context;
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif  /* !_KDB_LOG_H */
diff --git a/krb5-1.21.3/src/include/krad.h b/krb5-1.21.3/src/include/krad.h
new file mode 100644
index 00000000..e4edb524
--- /dev/null
+++ b/krb5-1.21.3/src/include/krad.h
@@ -0,0 +1,265 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This API is not considered as stable as the main krb5 API.
+ *
+ * - We may make arbitrary incompatible changes between feature releases
+ *   (e.g. from 1.12 to 1.13).
+ * - We will make some effort to avoid making incompatible changes for
+ *   bugfix releases, but will make them if necessary.
+ */
+
+#ifndef KRAD_H_
+#define KRAD_H_
+
+#include <krb5.h>
+#include <verto.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#define KRAD_PACKET_SIZE_MAX 4096
+
+#define KRAD_SERVICE_TYPE_LOGIN 1
+#define KRAD_SERVICE_TYPE_FRAMED 2
+#define KRAD_SERVICE_TYPE_CALLBACK_LOGIN 3
+#define KRAD_SERVICE_TYPE_CALLBACK_FRAMED 4
+#define KRAD_SERVICE_TYPE_OUTBOUND 5
+#define KRAD_SERVICE_TYPE_ADMINISTRATIVE 6
+#define KRAD_SERVICE_TYPE_NAS_PROMPT 7
+#define KRAD_SERVICE_TYPE_AUTHENTICATE_ONLY 8
+#define KRAD_SERVICE_TYPE_CALLBACK_NAS_PROMPT 9
+#define KRAD_SERVICE_TYPE_CALL_CHECK 10
+#define KRAD_SERVICE_TYPE_CALLBACK_ADMINISTRATIVE 11
+
+typedef struct krad_attrset_st krad_attrset;
+typedef struct krad_packet_st krad_packet;
+typedef struct krad_client_st krad_client;
+typedef unsigned char krad_code;
+typedef unsigned char krad_attr;
+
+/* Called when a response is received or the request times out. */
+typedef void
+(*krad_cb)(krb5_error_code retval, const krad_packet *request,
+           const krad_packet *response, void *data);
+
+/*
+ * Called to iterate over a set of requests.  Either the callback will be
+ * called until it returns NULL, or it will be called with cancel = TRUE to
+ * terminate in the middle of an iteration.
+ */
+typedef const krad_packet *
+(*krad_packet_iter_cb)(void *data, krb5_boolean cancel);
+
+/*
+ * Code
+ */
+
+/* Convert a code name to its number. Only works for codes defined
+ * by RFC 2875 or 2882. Returns 0 if the name was not found. */
+krad_code
+krad_code_name2num(const char *name);
+
+/* Convert a code number to its name. Only works for attributes defined
+ * by RFC 2865 or 2882. Returns NULL if the name was not found. */
+const char *
+krad_code_num2name(krad_code code);
+
+/*
+ * Attribute
+ */
+
+/* Convert an attribute name to its number. Only works for attributes defined
+ * by RFC 2865. Returns 0 if the name was not found. */
+krad_attr
+krad_attr_name2num(const char *name);
+
+/* Convert an attribute number to its name. Only works for attributes defined
+ * by RFC 2865. Returns NULL if the name was not found. */
+const char *
+krad_attr_num2name(krad_attr type);
+
+/*
+ * Attribute set
+ */
+
+/* Create a new attribute set. */
+krb5_error_code
+krad_attrset_new(krb5_context ctx, krad_attrset **set);
+
+/* Create a deep copy of an attribute set. */
+krb5_error_code
+krad_attrset_copy(const krad_attrset *set, krad_attrset **copy);
+
+/* Free an attribute set. */
+void
+krad_attrset_free(krad_attrset *set);
+
+/* Add an attribute to a set. */
+krb5_error_code
+krad_attrset_add(krad_attrset *set, krad_attr type, const krb5_data *data);
+
+/* Add a four-octet unsigned number attribute to the given set. */
+krb5_error_code
+krad_attrset_add_number(krad_attrset *set, krad_attr type, krb5_ui_4 num);
+
+/* Delete the specified attribute. */
+void
+krad_attrset_del(krad_attrset *set, krad_attr type, size_t indx);
+
+/* Get the specified attribute. */
+const krb5_data *
+krad_attrset_get(const krad_attrset *set, krad_attr type, size_t indx);
+
+/*
+ * Packet
+ */
+
+/* Determine the bytes needed from the socket to get the whole packet.  Don't
+ * cache the return value as it can change! Returns -1 on EBADMSG. */
+ssize_t
+krad_packet_bytes_needed(const krb5_data *buffer);
+
+/* Free a packet. */
+void
+krad_packet_free(krad_packet *pkt);
+
+/*
+ * Create a new request packet.
+ *
+ * This function takes the attributes specified in set and converts them into a
+ * radius packet. The packet will have a randomized id. If cb is not NULL, it
+ * will be called passing data as the argument to iterate over a set of
+ * outstanding requests. In this case, the id will be both random and unique
+ * across the set of requests.
+ */
+krb5_error_code
+krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code,
+                        const krad_attrset *set, krad_packet_iter_cb cb,
+                        void *data, krad_packet **request);
+
+/*
+ * Create a new response packet.
+ *
+ * This function is similar to krad_packet_new_requst() except that it crafts a
+ * packet in response to a request packet. This new packet will borrow values
+ * from the request such as the id and the authenticator.
+ */
+krb5_error_code
+krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code,
+                         const krad_attrset *set, const krad_packet *request,
+                         krad_packet **response);
+
+/*
+ * Decode a request radius packet from krb5_data.
+ *
+ * The resulting decoded packet will be a request packet stored in *reqpkt.
+ *
+ * If cb is NULL, *duppkt will always be NULL.
+ *
+ * If cb is not NULL, it will be called (with the data argument) to iterate
+ * over a set of requests currently being processed. In this case, if the
+ * packet is a duplicate of an already received request, the original request
+ * will be set in *duppkt.
+ */
+krb5_error_code
+krad_packet_decode_request(krb5_context ctx, const char *secret,
+                           const krb5_data *buffer, krad_packet_iter_cb cb,
+                           void *data, const krad_packet **duppkt,
+                           krad_packet **reqpkt);
+
+/*
+ * Decode a response radius packet from krb5_data.
+ *
+ * The resulting decoded packet will be a response packet stored in *rsppkt.
+ *
+ * If cb is NULL, *reqpkt will always be NULL.
+ *
+ * If cb is not NULL, it will be called (with the data argument) to iterate
+ * over a set of requests awaiting responses. In this case, if the response
+ * packet matches one of these requests, the original request will be set in
+ * *reqpkt.
+ */
+krb5_error_code
+krad_packet_decode_response(krb5_context ctx, const char *secret,
+                            const krb5_data *buffer, krad_packet_iter_cb cb,
+                            void *data, const krad_packet **reqpkt,
+                            krad_packet **rsppkt);
+
+/* Encode packet. */
+const krb5_data *
+krad_packet_encode(const krad_packet *pkt);
+
+/* Get the code for the given packet. */
+krad_code
+krad_packet_get_code(const krad_packet *pkt);
+
+/* Get the specified attribute. */
+const krb5_data *
+krad_packet_get_attr(const krad_packet *pkt, krad_attr type, size_t indx);
+
+/*
+ * Client
+ */
+
+/* Create a new client. */
+krb5_error_code
+krad_client_new(krb5_context kctx, verto_ctx *vctx, krad_client **client);
+
+/* Free the client. */
+void
+krad_client_free(krad_client *client);
+
+/*
+ * Send a request to a radius server.
+ *
+ * The remote host may be specified by one of the following formats:
+ *  - /path/to/unix.socket
+ *  - IPv4
+ *  - IPv4:port
+ *  - IPv4:service
+ *  - [IPv6]
+ *  - [IPv6]:port
+ *  - [IPv6]:service
+ *  - hostname
+ *  - hostname:port
+ *  - hostname:service
+ *
+ * The timeout parameter (milliseconds) is the total timeout across all remote
+ * hosts (when DNS returns multiple entries) and all retries.  For stream
+ * sockets, the retries parameter is ignored and no retries are performed.
+ *
+ * The cb function will be called with the data argument when either a response
+ * is received or the request times out on all possible remote hosts.
+ */
+krb5_error_code
+krad_client_send(krad_client *rc, krad_code code, const krad_attrset *attrs,
+                 const char *remote, const char *secret, int timeout,
+                 size_t retries, krad_cb cb, void *data);
+
+#endif /* KRAD_H_ */
diff --git a/krb5-1.21.3/src/include/krb5.h b/krb5-1.21.3/src/include/krb5.h
new file mode 100644
index 00000000..62ef9bb9
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5.h
@@ -0,0 +1,8 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* The MIT Kerberos header file krb5.h used to live here.
+
+   As of the 1.5 release, we're installing multiple Kerberos headers,
+   so they're all moving to a krb5/ subdirectory.  This file is
+   present just to keep old software still compiling.  Please update
+   your code to use the new path for the header.  */
+#include <krb5/krb5.h>
diff --git a/krb5-1.21.3/src/include/krb5/audit_plugin.h b/krb5-1.21.3/src/include/krb5/audit_plugin.h
new file mode 100644
index 00000000..3315d77d
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/audit_plugin.h
@@ -0,0 +1,270 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/krb5/audit_plugin.h - Audit plugin interface */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * NOTE: This is a private interface and may change incompatibly
+ *       between versions.
+ */
+/*
+ * Declarations for KDC audit plugin module implementers.  Audit modules allow
+ * the KDC to produce log output or audit records in any desired form.
+ *
+ * The audit interface has a single supported major version, which is 1.  Major
+ * version 1 has a current minor version of 1.  Audit modules should define a
+ * function named audit_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   audit_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                        krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for the interface and maj_ver:
+ *   maj_ver == 1: Cast to krb5_audit_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_AU_PLUGIN_H_INCLUDED
+#define KRB5_AU_PLUGIN_H_INCLUDED
+#include <krb5/krb5.h>
+
+/** KDC processing steps */
+#define AUTHN_REQ_CL 1 /**< Authenticate request and client */
+#define SRVC_PRINC   2 /**< Determine service principal */
+#define VALIDATE_POL 3 /**< Validate local and protocol policies */
+#define ISSUE_TKT    4 /**< Issue ticket */
+#define ENCR_REP     5 /**< Encrypt reply */
+
+/** Types of violations */
+#define PROT_CONSTRAINT 1 /**< Protocol constraint */
+#define LOCAL_POLICY    2 /**< Local policy violation */
+
+#define REQID_LEN 32 /* Size of the alphanumeric request ID */
+
+/** KDC audit state structure and declarations */
+typedef struct _krb5_audit_state {
+    krb5_kdc_req *request;
+    krb5_kdc_rep *reply;
+    krb5_address *cl_addr; /**< client address */
+    krb5_ui_4 cl_port;     /**< client port */
+    int stage;             /**< step in KDC processing */
+    const char *status;    /**< KDC status message */
+    char *tkt_in_id;       /**< primary (TGT) ticket ID */
+    char *tkt_out_id;      /**< derived (service or referral TGT) ticket ID */
+    /** for s4u2proxy - evidence ticket ID; for u2u - second ticket ID */
+    char *evid_tkt_id;
+    char req_id[REQID_LEN];  /**< request ID */
+    krb5_data *cl_realm;     /**< referrals: remote client's realm */
+    krb5_principal s4u2self_user; /**< impersonated user */
+    int violation;           /**< local or protocol policy problem */
+} krb5_audit_state;
+
+/** An abstract type for audit module data. */
+typedef struct krb5_audit_moddata_st *krb5_audit_moddata;
+
+/*
+ * Mandatory:
+ * - krb5_audit_open_fn,
+ * Open connection to the audit system and initialize audit module data.  If
+ * the underlying (OS or third party) audit facility fails to open, no
+ * auditable KDC events should be recorded.
+ */
+typedef krb5_error_code
+(*krb5_audit_open_fn)(krb5_audit_moddata *auctx);
+
+/*
+ * Mandatory:
+ * - krb5_audit_close_fn.
+ * Close connection to the underlying audit system.
+ */
+typedef krb5_error_code
+(*krb5_audit_close_fn)(krb5_audit_moddata auctx);
+
+/**
+ * Log KDC-start event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Success/failure of the event being audited
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_kdc_start_fn)(krb5_audit_moddata auctx, krb5_boolean ev_success);
+
+/**
+ * Log KDC-stop event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Success/failure of the event being audited
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_kdc_stop_fn)(krb5_audit_moddata auctx, krb5_boolean ev_success);
+
+/**
+ * Log AS exchange event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Success/failure of the event being audited
+ * @param [in] state       AS-request related auditable information
+ *
+ * The @a state provides the following data:
+ * - Full information about KDC request, assigned request ID, client address
+ *   and port, and stage of the AS exchange
+ * - If available, the information about the encryption types of the short- and
+ *   long-term keys, non-local client's referral realm, KDC status, the TGT
+ *   and its ticket ID
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_as_req_fn)(krb5_audit_moddata auctx,
+                        krb5_boolean ev_success, krb5_audit_state *state);
+
+/**
+ * Log TGS exchange event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Success/failure of the event being audited
+ * @param [in] state       TGS-request related auditable information
+ *
+ * The @a state provides the following data:
+ * - Full information about KDC request, assigned request ID, primary ticket
+ *   ID, client address and port, and stage of the TGS exchange
+ * - If available, the information about the encryption types of the short- and
+ *   long-term keys, KDC status, KDC reply, and the output ticket ID
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_tgs_req_fn)(krb5_audit_moddata auctx,
+                         krb5_boolean ev_success, krb5_audit_state *state);
+
+/**
+ * Log S4U2SELF event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Report on success or failure
+ * @param [in] state       s4u2self related auditable information
+ *
+ * The @a state provides the following data:
+ * - Full information about KDC request, assigned request ID, client address
+ *   and port, and stage of the TGS exchange
+ * - Requesting server's TGT ID, impersonated user principal name, and service
+ *   "to self" ticket or referral TGT ID
+ * - If available, KDC status, local policy violation or S4U protocol
+ *   constraints
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_s4u2self_fn)(krb5_audit_moddata auctx,
+                          krb5_boolean ev_success, krb5_audit_state *state);
+
+/**
+ * Log S4U2PROXY event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Report on success or failure
+ * @param [in] state       s4u2proxy related auditable information
+ *
+ * The @a state provides the following data:
+ * - Full information about request, assigned request ID, client address and
+ *   port, and stage of the TGS exchange
+ * - Requesting server's TGT ID, delegated user principal name, and evidence
+ *   ticket ID
+ * - If available, KDC status, local policy violation or S4U protocol
+ *   constraints
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_s4u2proxy_fn)(krb5_audit_moddata auctx,
+                           krb5_boolean ev_success, krb5_audit_state *state);
+
+/**
+ * Log U2U event.
+ *
+ * @param [in] auctx       Audit context
+ * @param [in] ev_success  Report on success or failure
+ * @param [in] state       user-to-user related auditable information
+ *
+ * The @a state provides the following data:
+ * - Full information about request, assigned request ID, client address and
+ *   port, and stage of the TGS exchange,
+ * - Requestor's TGT ID, service ticket ID, and client's principal name in the
+ *   second ticket
+ * - If available, KDC status
+ *
+ * @note Optional.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+typedef krb5_error_code
+(*krb5_audit_u2u_fn)(krb5_audit_moddata auctx,
+                     krb5_boolean ev_success, krb5_audit_state *state);
+
+/* vtable declaration */
+typedef struct krb5_audit_vtable_st {
+    /* Mandatory: name of module. */
+    const char             *name;
+    krb5_audit_open_fn      open;
+    krb5_audit_close_fn     close;
+    krb5_audit_kdc_start_fn kdc_start;
+    krb5_audit_kdc_stop_fn  kdc_stop;
+    krb5_audit_as_req_fn    as_req;
+    krb5_audit_tgs_req_fn   tgs_req;
+    krb5_audit_s4u2self_fn  tgs_s4u2self;
+    krb5_audit_s4u2proxy_fn tgs_s4u2proxy;
+    krb5_audit_u2u_fn       tgs_u2u;
+} *krb5_audit_vtable;
+
+#endif /* KRB5_AU_PLUGIN_H_INCLUDED */
diff --git a/krb5-1.21.3/src/include/krb5/authdata_plugin.h b/krb5-1.21.3/src/include/krb5/authdata_plugin.h
new file mode 100644
index 00000000..d59a8eb7
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/authdata_plugin.h
@@ -0,0 +1,216 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2007 Apple Inc.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Authorization data plugin definitions for Kerberos 5.
+ * This is considered an INTERNAL interface at this time.
+ *
+ * Some work is needed before exporting it:
+ *
+ * + Documentation.
+ * + Sample code.
+ * + Test cases (preferably automated testing under "make check").
+ *
+ * Other changes that would be nice to have, but not necessarily
+ * before making this interface public:
+ *
+ * + Library support for AD-IF-RELEVANT and similar wrappers.  (We can
+ *   make the plugin construct them if it wants them.)
+ * + KDC could combine/optimize wrapped AD elements provided by
+ *   multiple plugins, e.g., two IF-RELEVANT sequences could be
+ *   merged.  (The preauth plugin API also has this bug, we're going
+ *   to need a general fix.)
+ */
+
+#ifndef KRB5_AUTHDATA_PLUGIN_H_INCLUDED
+#define KRB5_AUTHDATA_PLUGIN_H_INCLUDED
+#include <krb5/krb5.h>
+
+typedef krb5_error_code
+(*authdata_client_plugin_init_proc)(krb5_context context,
+                                    void **plugin_context);
+
+#define AD_USAGE_AS_REQ         0x01
+#define AD_USAGE_TGS_REQ        0x02
+#define AD_USAGE_AP_REQ         0x04
+#define AD_USAGE_KDC_ISSUED     0x08
+#define AD_INFORMATIONAL        0x10
+#define AD_CAMMAC_PROTECTED     0x20
+#define AD_USAGE_MASK           0x2F
+
+struct _krb5_authdata_context;
+
+typedef void
+(*authdata_client_plugin_flags_proc)(krb5_context kcontext,
+                                     void *plugin_context,
+                                     krb5_authdatatype ad_type,
+                                     krb5_flags *flags);
+
+typedef void
+(*authdata_client_plugin_fini_proc)(krb5_context kcontext,
+                                    void *plugin_context);
+
+typedef krb5_error_code
+(*authdata_client_request_init_proc)(krb5_context kcontext,
+                                     struct _krb5_authdata_context *context,
+                                     void *plugin_context,
+                                     void **request_context);
+
+typedef void
+(*authdata_client_request_fini_proc)(krb5_context kcontext,
+                                     struct _krb5_authdata_context *context,
+                                     void *plugin_context,
+                                     void *request_context);
+
+typedef krb5_error_code
+(*authdata_client_import_authdata_proc)(krb5_context kcontext,
+                                        struct _krb5_authdata_context *context,
+                                        void *plugin_context,
+                                        void *request_context,
+                                        krb5_authdata **authdata,
+                                        krb5_boolean kdc_issued_flag,
+                                        krb5_const_principal issuer);
+
+typedef krb5_error_code
+(*authdata_client_export_authdata_proc)(krb5_context kcontext,
+                                        struct _krb5_authdata_context *context,
+                                        void *plugin_context,
+                                        void *request_context,
+                                        krb5_flags usage,
+                                        krb5_authdata ***authdata);
+
+typedef krb5_error_code
+(*authdata_client_get_attribute_types_proc)(krb5_context kcontext,
+                                            struct _krb5_authdata_context *context,
+                                            void *plugin_context,
+                                            void *request_context,
+                                            krb5_data **attrs);
+
+typedef krb5_error_code
+(*authdata_client_get_attribute_proc)(krb5_context kcontext,
+                                      struct _krb5_authdata_context *context,
+                                      void *plugin_context,
+                                      void *request_context,
+                                      const krb5_data *attribute,
+                                      krb5_boolean *authenticated,
+                                      krb5_boolean *complete,
+                                      krb5_data *value,
+                                      krb5_data *display_value,
+                                      int *more);
+
+typedef krb5_error_code
+(*authdata_client_set_attribute_proc)(krb5_context kcontext,
+                                      struct _krb5_authdata_context *context,
+                                      void *plugin_context,
+                                      void *request_context,
+                                      krb5_boolean complete,
+                                      const krb5_data *attribute,
+                                      const krb5_data *value);
+
+typedef krb5_error_code
+(*authdata_client_delete_attribute_proc)(krb5_context kcontext,
+                                         struct _krb5_authdata_context *context,
+                                         void *plugin_context,
+                                         void *request_context,
+                                         const krb5_data *attribute);
+
+typedef krb5_error_code
+(*authdata_client_export_internal_proc)(krb5_context kcontext,
+                                        struct _krb5_authdata_context *context,
+                                        void *plugin_context,
+                                        void *request_context,
+                                        krb5_boolean restrict_authenticated,
+                                        void **ptr);
+
+typedef void
+(*authdata_client_free_internal_proc)(krb5_context kcontext,
+                                      struct _krb5_authdata_context *context,
+                                      void *plugin_context,
+                                      void *request_context,
+                                      void *ptr);
+
+typedef krb5_error_code
+(*authdata_client_verify_proc)(krb5_context kcontext,
+                               struct _krb5_authdata_context *context,
+                               void *plugin_context,
+                               void *request_context,
+                               const krb5_auth_context *auth_context,
+                               const krb5_keyblock *key,
+                               const krb5_ap_req *req);
+
+typedef krb5_error_code
+(*authdata_client_size_proc)(krb5_context kcontext,
+                             struct _krb5_authdata_context *context,
+                             void *plugin_context,
+                             void *request_context,
+                             size_t *sizep);
+
+typedef krb5_error_code
+(*authdata_client_externalize_proc)(krb5_context kcontext,
+                                    struct _krb5_authdata_context *context,
+                                    void *plugin_context,
+                                    void *request_context,
+                                    krb5_octet **buffer,
+                                    size_t *lenremain);
+
+typedef krb5_error_code
+(*authdata_client_internalize_proc)(krb5_context kcontext,
+                                    struct _krb5_authdata_context *context,
+                                    void *plugin_context,
+                                    void *request_context,
+                                    krb5_octet **buffer,
+                                    size_t *lenremain);
+
+typedef krb5_error_code
+(*authdata_client_copy_proc)(krb5_context kcontext,
+                             struct _krb5_authdata_context *context,
+                             void *plugin_context,
+                             void *request_context,
+                             void *dst_plugin_context,
+                             void *dst_request_context);
+
+typedef struct krb5plugin_authdata_client_ftable_v0 {
+    const char *name;
+    krb5_authdatatype *ad_type_list;
+    authdata_client_plugin_init_proc init;
+    authdata_client_plugin_fini_proc fini;
+    authdata_client_plugin_flags_proc flags;
+    authdata_client_request_init_proc request_init;
+    authdata_client_request_fini_proc request_fini;
+    authdata_client_get_attribute_types_proc get_attribute_types;
+    authdata_client_get_attribute_proc get_attribute;
+    authdata_client_set_attribute_proc set_attribute;
+    authdata_client_delete_attribute_proc delete_attribute;
+    authdata_client_export_authdata_proc export_authdata;
+    authdata_client_import_authdata_proc import_authdata;
+    authdata_client_export_internal_proc export_internal;
+    authdata_client_free_internal_proc free_internal;
+    authdata_client_verify_proc verify;
+    authdata_client_size_proc size;
+    authdata_client_externalize_proc externalize;
+    authdata_client_internalize_proc internalize;
+    authdata_client_copy_proc copy; /* optional */
+} krb5plugin_authdata_client_ftable_v0;
+
+#endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */
diff --git a/krb5-1.21.3/src/include/krb5/ccselect_plugin.h b/krb5-1.21.3/src/include/krb5/ccselect_plugin.h
new file mode 100644
index 00000000..ff963131
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/ccselect_plugin.h
@@ -0,0 +1,105 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Declarations for credential cache selection module implementors.
+ *
+ * The ccselect pluggable interface currently has only one supported major
+ * version, which is 1.  Major version 1 has a current minor version number of
+ * 1.
+ *
+ * Credential cache selection modules should define a function named
+ * ccselect_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   ccselect_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                           krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to krb5_ccselect_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_CCSELECT_PLUGIN_H
+#define KRB5_CCSELECT_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* An abstract type for credential cache selection module data. */
+typedef struct krb5_ccselect_moddata_st *krb5_ccselect_moddata;
+
+#define KRB5_CCSELECT_PRIORITY_AUTHORITATIVE 2
+#define KRB5_CCSELECT_PRIORITY_HEURISTIC     1
+
+/*** Method type declarations ***/
+
+/*
+ * Mandatory: Initialize module data and set *priority_out to one of the
+ * KRB5_CCSELECT_PRIORITY constants above.  Authoritative modules will be
+ * consulted before heuristic ones.
+ */
+typedef krb5_error_code
+(*krb5_ccselect_init_fn)(krb5_context context, krb5_ccselect_moddata *data_out,
+                         int *priority_out);
+
+/*
+ * Mandatory: Select a cache based on a server principal.  Return 0 on success,
+ * with *cache_out set to the selected cache and *princ_out set to its default
+ * principal.  Return KRB5_PLUGIN_NO_HANDLE to defer to other modules.  Return
+ * KRB5_CC_NOTFOUND with *princ_out set if the client principal can be
+ * authoritatively determined but no cache exists for it.  Return other errors
+ * as appropriate.
+ */
+typedef krb5_error_code
+(*krb5_ccselect_choose_fn)(krb5_context context, krb5_ccselect_moddata data,
+                           krb5_principal server, krb5_ccache *cache_out,
+                           krb5_principal *princ_out);
+
+/* Optional: Release resources used by module data. */
+typedef void
+(*krb5_ccselect_fini_fn)(krb5_context context, krb5_ccselect_moddata data);
+
+/*** vtable declarations **/
+
+/* Credential cache selection plugin vtable for major version 1. */
+typedef struct krb5_ccselect_vtable_st {
+    const char *name;           /* Mandatory: name of module. */
+    krb5_ccselect_init_fn init;
+    krb5_ccselect_choose_fn choose;
+    krb5_ccselect_fini_fn fini;
+    /* Minor version 1 ends here. */
+} *krb5_ccselect_vtable;
+
+#endif /* KRB5_CCSELECT_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/certauth_plugin.h b/krb5-1.21.3/src/include/krb5/certauth_plugin.h
new file mode 100644
index 00000000..bc8c88ac
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/certauth_plugin.h
@@ -0,0 +1,148 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/krb5/certauth_plugin.h - certauth plugin header. */
+/*
+ * Copyright (C) 2017 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for certauth plugin module implementors.
+ *
+ * The certauth pluggable interface currently has only one supported major
+ * version, which is 1.  Major version 1 has a current minor version number of
+ * 2.
+ *
+ * certauth plugin modules should define a function named
+ * certauth_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   certauth_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                           krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to krb5_certauth_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_CERTAUTH_PLUGIN_H
+#define KRB5_CERTAUTH_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* Abstract module data type. */
+typedef struct krb5_certauth_moddata_st *krb5_certauth_moddata;
+
+/* A module can optionally include <kdb.h> to inspect the client principal
+ * entry when authorizing a request. */
+struct _krb5_db_entry_new;
+
+/*
+ * Optional: Initialize module data.
+ */
+typedef krb5_error_code
+(*krb5_certauth_init_fn)(krb5_context context,
+                         krb5_certauth_moddata *moddata_out);
+
+/*
+ * Optional: Initialize module data.  Supersedes init if present.
+ */
+typedef krb5_error_code
+(*krb5_certauth_init_ex_fn)(krb5_context context, const char *const *realmlist,
+                            krb5_certauth_moddata *moddata_out);
+
+/*
+ * Optional: Clean up the module data.
+ */
+typedef void
+(*krb5_certauth_fini_fn)(krb5_context context, krb5_certauth_moddata moddata);
+
+/*
+ * Mandatory: decode cert as an X.509 certificate and determine whether it is
+ * authorized to authenticate as the requested client principal princ using
+ * PKINIT.  Return 0 or KRB5_CERTAUTH_HWAUTH if the certificate is authorized.
+ * Otherwise return one of the following error codes:
+ *
+ * - KRB5KDC_ERR_CLIENT_NAME_MISMATCH - incorrect SAN value
+ * - KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE - incorrect EKU
+ * - KRB5KDC_ERR_CERTIFICATE_MISMATCH - other extension error
+ * - KRB5_PLUGIN_NO_HANDLE or KRB5_CERTAUTH_HWAUTH_PASS - the module has no
+ *   opinion about whether cert is authorized
+ *
+ * Returning KRB5_CERTAUTH_HWAUTH will authorize the PKINIT authentication and
+ * cause the hw-authent flag to be set in the issued ticket (new in release
+ * 1.19).  Returning KRB5_CERTAUTH_HWAUTH_PASS does not authorize the PKINIT
+ * authentication, but causes the hw-authent flag to be set if another module
+ * authorizes it (new in release 1.20)
+ *
+ * - opts is used by built-in modules to receive internal data, and must be
+ *   ignored by other modules.
+ * - db_entry receives the client principal database entry, and can be ignored
+ *   by modules that do not link with libkdb5.
+ * - *authinds_out optionally returns a null-terminated list of authentication
+ *   indicator strings upon KRB5_PLUGIN_NO_HANDLE or accepted authorization.
+ */
+typedef krb5_error_code
+(*krb5_certauth_authorize_fn)(krb5_context context,
+                              krb5_certauth_moddata moddata,
+                              const uint8_t *cert, size_t cert_len,
+                              krb5_const_principal princ, const void *opts,
+                              const struct _krb5_db_entry_new *db_entry,
+                              char ***authinds_out);
+
+/*
+ * Free indicators allocated by a module.  Mandatory if authorize returns
+ * authentication indicators.
+ */
+typedef void
+(*krb5_certauth_free_indicator_fn)(krb5_context context,
+                                   krb5_certauth_moddata moddata,
+                                   char **authinds);
+
+typedef struct krb5_certauth_vtable_st {
+    const char *name;
+    krb5_certauth_init_fn init;
+    krb5_certauth_fini_fn fini;
+    krb5_certauth_authorize_fn authorize;
+    krb5_certauth_free_indicator_fn free_ind;
+    /* Minor version 1 ends here. */
+
+    krb5_certauth_init_ex_fn init_ex;
+    /* Minor version 2 ends here. */
+} *krb5_certauth_vtable;
+
+#endif /* KRB5_CERTAUTH_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/clpreauth_plugin.h b/krb5-1.21.3/src/include/krb5/clpreauth_plugin.h
new file mode 100644
index 00000000..8832a687
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/clpreauth_plugin.h
@@ -0,0 +1,346 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2006 Red Hat, Inc.
+ * Portions copyright (c) 2006, 2011 Massachusetts Institute of Technology
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name of Red Hat, Inc., nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for clpreauth plugin module implementors.
+ *
+ * The clpreauth interface has a single supported major version, which is
+ * 1.  Major version 1 has a current minor version of 2.  clpreauth modules
+ * should define a function named clpreauth_<modulename>_initvt, matching
+ * the signature:
+ *
+ *   krb5_error_code
+ *   clpreauth_modname_initvt(krb5_context context, int maj_ver,
+ *                            int min_ver, krb5_plugin_vtable vtable);
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for the interface and maj_ver:
+ *     maj_ver == 1: Cast to krb5_clpreauth_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_CLPREAUTH_PLUGIN_H
+#define KRB5_CLPREAUTH_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* clpreauth mechanism property flags */
+
+/* Provides a real answer which we can send back to the KDC.  The client
+ * assumes that one real answer will be enough. */
+#define PA_REAL         0x00000001
+
+/* Doesn't provide a real answer, but must be given a chance to run before any
+ * REAL mechanism callbacks. */
+#define PA_INFO         0x00000002
+
+/* Abstract type for a client request information handle. */
+typedef struct krb5_clpreauth_rock_st *krb5_clpreauth_rock;
+
+/* Abstract types for module data and per-request module data. */
+typedef struct krb5_clpreauth_moddata_st *krb5_clpreauth_moddata;
+typedef struct krb5_clpreauth_modreq_st *krb5_clpreauth_modreq;
+
+/* Before using a callback after version 1, modules must check the vers
+ * field of the callback structure. */
+typedef struct krb5_clpreauth_callbacks_st {
+    int vers;
+
+    /*
+     * If an AS-REP has been received, return the enctype of the AS-REP
+     * encrypted part.  Otherwise return the enctype chosen from etype-info, or
+     * the first requested enctype if no etype-info was received.
+     */
+    krb5_enctype (*get_etype)(krb5_context context, krb5_clpreauth_rock rock);
+
+    /* Get a pointer to the FAST armor key, or NULL if the client is not using
+     * FAST.  The returned pointer is an alias and should not be freed. */
+    krb5_keyblock *(*fast_armor)(krb5_context context,
+                                 krb5_clpreauth_rock rock);
+
+    /*
+     * Get a pointer to the client-supplied reply key, possibly invoking the
+     * prompter to ask for a password if this has not already been done.  The
+     * returned pointer is an alias and should not be freed.
+     */
+    krb5_error_code (*get_as_key)(krb5_context context,
+                                  krb5_clpreauth_rock rock,
+                                  krb5_keyblock **keyblock);
+
+    /* Replace the reply key to be used to decrypt the AS response. */
+    krb5_error_code (*set_as_key)(krb5_context context,
+                                  krb5_clpreauth_rock rock,
+                                  const krb5_keyblock *keyblock);
+
+    /* End of version 1 clpreauth callbacks. */
+
+    /*
+     * Get the current time for use in a preauth response.  If
+     * allow_unauth_time is true and the library has been configured to allow
+     * it, the current time will be offset using unauthenticated timestamp
+     * information received from the KDC in the preauth-required error, if one
+     * has been received.  Otherwise, the timestamp in a preauth-required error
+     * will only be used if it is protected by a FAST channel.  Only set
+     * allow_unauth_time if using an unauthenticated time offset would not
+     * create a security issue.
+     */
+    krb5_error_code (*get_preauth_time)(krb5_context context,
+                                        krb5_clpreauth_rock rock,
+                                        krb5_boolean allow_unauth_time,
+                                        krb5_timestamp *time_out,
+                                        krb5_int32 *usec_out);
+
+    /* Set a question to be answered by the responder and optionally provide
+     * a challenge. */
+    krb5_error_code (*ask_responder_question)(krb5_context context,
+                                              krb5_clpreauth_rock rock,
+                                              const char *question,
+                                              const char *challenge);
+
+    /* Get an answer from the responder, or NULL if the question was
+     * unanswered. */
+    const char *(*get_responder_answer)(krb5_context context,
+                                        krb5_clpreauth_rock rock,
+                                        const char *question);
+
+    /* Indicate interest in the AS key through the responder interface. */
+    void (*need_as_key)(krb5_context context, krb5_clpreauth_rock rock);
+
+    /*
+     * Get a configuration/state item from an input ccache, which may allow it
+     * to retrace the steps it took last time.  The returned data string is an
+     * alias and should not be freed.
+     */
+    const char *(*get_cc_config)(krb5_context context,
+                                 krb5_clpreauth_rock rock, const char *key);
+
+    /*
+     * Set a configuration/state item which will be recorded to an output
+     * ccache, if the calling application supplied one.  Both key and data
+     * should be valid UTF-8 text.
+     */
+    krb5_error_code (*set_cc_config)(krb5_context context,
+                                     krb5_clpreauth_rock rock,
+                                     const char *key, const char *data);
+
+    /* End of version 2 clpreauth callbacks (added in 1.11). */
+
+    /*
+     * Prevent further fallbacks to other preauth mechanisms if the KDC replies
+     * with an error.  (The module itself can still respond to errors with its
+     * tryagain method, or continue after KDC_ERR_MORE_PREAUTH_DATA_REQUIRED
+     * errors with its process method.)  A module should invoke this callback
+     * from the process method when it generates an authenticated request using
+     * credentials; often this will be the first or only client message
+     * generated by the mechanism.
+     */
+    void (*disable_fallback)(krb5_context context, krb5_clpreauth_rock rock);
+
+    /* End of version 3 clpreauth callbacks (added in 1.17). */
+} *krb5_clpreauth_callbacks;
+
+/*
+ * Optional: per-plugin initialization/cleanup.  The init function is called by
+ * libkrb5 when the plugin is loaded, and the fini function is called before
+ * the plugin is unloaded.  These may be called multiple times in case the
+ * plugin is used in multiple contexts.  The returned context lives the
+ * lifetime of the krb5_context.
+ */
+typedef krb5_error_code
+(*krb5_clpreauth_init_fn)(krb5_context context,
+                          krb5_clpreauth_moddata *moddata_out);
+typedef void
+(*krb5_clpreauth_fini_fn)(krb5_context context,
+                          krb5_clpreauth_moddata moddata);
+
+/*
+ * Optional (mandatory before MIT krb5 1.12): pa_type will be a member of the
+ * vtable's pa_type_list.  Return PA_REAL if pa_type is a real
+ * preauthentication type or PA_INFO if it is an informational type.  If this
+ * function is not defined in 1.12 or later, all pa_type values advertised by
+ * the module will be assumed to be real.
+ */
+typedef int
+(*krb5_clpreauth_get_flags_fn)(krb5_context context, krb5_preauthtype pa_type);
+
+/*
+ * Optional: per-request initialization/cleanup.  The request_init function is
+ * called when beginning to process a get_init_creds request and the
+ * request_fini function is called when processing of the request is complete.
+ * This is optional.  It may be called multiple times in the lifetime of a
+ * krb5_context.
+ */
+typedef void
+(*krb5_clpreauth_request_init_fn)(krb5_context context,
+                                  krb5_clpreauth_moddata moddata,
+                                  krb5_clpreauth_modreq *modreq_out);
+typedef void
+(*krb5_clpreauth_request_fini_fn)(krb5_context context,
+                                  krb5_clpreauth_moddata moddata,
+                                  krb5_clpreauth_modreq modreq);
+
+/*
+ * Optional: process server-supplied data in pa_data and set responder
+ * questions.
+ *
+ * encoded_previous_request may be NULL if there has been no previous request
+ * in the AS exchange.
+ */
+typedef krb5_error_code
+(*krb5_clpreauth_prep_questions_fn)(krb5_context context,
+                                    krb5_clpreauth_moddata moddata,
+                                    krb5_clpreauth_modreq modreq,
+                                    krb5_get_init_creds_opt *opt,
+                                    krb5_clpreauth_callbacks cb,
+                                    krb5_clpreauth_rock rock,
+                                    krb5_kdc_req *request,
+                                    krb5_data *encoded_request_body,
+                                    krb5_data *encoded_previous_request,
+                                    krb5_pa_data *pa_data);
+
+/*
+ * Mandatory: process server-supplied data in pa_data and return created data
+ * in pa_data_out.  Also called after the AS-REP is received if the AS-REP
+ * includes preauthentication data of the associated type.
+ *
+ * as_key contains the client-supplied key if known, or an empty keyblock if
+ * not.  If it is empty, the module may use gak_fct to fill it in.
+ *
+ * encoded_previous_request may be NULL if there has been no previous request
+ * in the AS exchange.
+ */
+typedef krb5_error_code
+(*krb5_clpreauth_process_fn)(krb5_context context,
+                             krb5_clpreauth_moddata moddata,
+                             krb5_clpreauth_modreq modreq,
+                             krb5_get_init_creds_opt *opt,
+                             krb5_clpreauth_callbacks cb,
+                             krb5_clpreauth_rock rock,
+                             krb5_kdc_req *request,
+                             krb5_data *encoded_request_body,
+                             krb5_data *encoded_previous_request,
+                             krb5_pa_data *pa_data,
+                             krb5_prompter_fct prompter, void *prompter_data,
+                             krb5_pa_data ***pa_data_out);
+
+/*
+ * Optional: Attempt to use error and error_padata to try to recover from the
+ * given error.  To work with both FAST and non-FAST errors, an implementation
+ * should generally consult error_padata rather than decoding error->e_data.
+ * For non-FAST errors, it contains the e_data decoded as either pa-data or
+ * typed-data.
+ *
+ * If this function is provided, and it returns 0 and stores data in
+ * pa_data_out, then the client library will retransmit the request.
+ */
+typedef krb5_error_code
+(*krb5_clpreauth_tryagain_fn)(krb5_context context,
+                              krb5_clpreauth_moddata moddata,
+                              krb5_clpreauth_modreq modreq,
+                              krb5_get_init_creds_opt *opt,
+                              krb5_clpreauth_callbacks cb,
+                              krb5_clpreauth_rock rock,
+                              krb5_kdc_req *request,
+                              krb5_data *encoded_request_body,
+                              krb5_data *encoded_previous_request,
+                              krb5_preauthtype pa_type,
+                              krb5_error *error,
+                              krb5_pa_data **error_padata,
+                              krb5_prompter_fct prompter, void *prompter_data,
+                              krb5_pa_data ***pa_data_out);
+
+/*
+ * Optional: receive krb5_get_init_creds_opt information.  The attr and value
+ * information supplied should be copied into moddata by the module if it
+ * wishes to reference it after returning from this call.
+ */
+typedef krb5_error_code
+(*krb5_clpreauth_supply_gic_opts_fn)(krb5_context context,
+                                     krb5_clpreauth_moddata moddata,
+                                     krb5_get_init_creds_opt *opt,
+                                     const char *attr, const char *value);
+
+typedef struct krb5_clpreauth_vtable_st {
+    /* Mandatory: name of module. */
+    const char *name;
+
+    /* Mandatory: pointer to zero-terminated list of pa_types which this module
+     * can provide services for. */
+    krb5_preauthtype *pa_type_list;
+
+    /* Optional: pointer to zero-terminated list of enc_types which this module
+     * claims to add support for. */
+    krb5_enctype *enctype_list;
+
+    krb5_clpreauth_init_fn init;
+    krb5_clpreauth_fini_fn fini;
+    krb5_clpreauth_get_flags_fn flags;
+    krb5_clpreauth_request_init_fn request_init;
+    krb5_clpreauth_request_fini_fn request_fini;
+    krb5_clpreauth_process_fn process;
+    krb5_clpreauth_tryagain_fn tryagain;
+    krb5_clpreauth_supply_gic_opts_fn gic_opts;
+    /* Minor version 1 ends here. */
+
+    krb5_clpreauth_prep_questions_fn prep_questions;
+    /* Minor version 2 ends here. */
+} *krb5_clpreauth_vtable;
+
+/*
+ * This function allows a clpreauth plugin to obtain preauth options.  The
+ * preauth_data returned from this function should be freed by calling
+ * krb5_get_init_creds_opt_free_pa().
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_pa(krb5_context context,
+                               krb5_get_init_creds_opt *opt,
+                               int *num_preauth_data,
+                               krb5_gic_opt_pa_data **preauth_data);
+
+/*
+ * This function frees the preauth_data that was returned by
+ * krb5_get_init_creds_opt_get_pa().
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_free_pa(krb5_context context,
+                                int num_preauth_data,
+                                krb5_gic_opt_pa_data *preauth_data);
+
+#endif /* KRB5_CLPREAUTH_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/hostrealm_plugin.h b/krb5-1.21.3/src/include/krb5/hostrealm_plugin.h
new file mode 100644
index 00000000..5012c8cb
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/hostrealm_plugin.h
@@ -0,0 +1,135 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for hostrealm plugin module implementors.
+ *
+ * The hostrealm pluggable interface currently has only one supported major
+ * version, which is 1.  Major version 1 has a current minor version number of
+ * 1.
+ *
+ * Hostrealm plugin modules should define a function named
+ * hostrealm_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   hostrealm_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                            krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to krb5_hostrealm_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_HOSTREALM_PLUGIN_H
+#define KRB5_HOSTREALM_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* An abstract type for hostrealm module data. */
+typedef struct krb5_hostrealm_moddata_st *krb5_hostrealm_moddata;
+
+/*** Method type declarations ***/
+
+/* Optional: Initialize module data. */
+typedef krb5_error_code
+(*krb5_hostrealm_init_fn)(krb5_context context,
+                          krb5_hostrealm_moddata *data);
+
+/*
+ * Optional: Determine the possible realms of a hostname, using only secure,
+ * authoritative mechanisms (ones which should be used prior to trying
+ * referrals when getting a service ticket).  Return success with a
+ * null-terminated list of realms in *realms_out, KRB5_PLUGIN_NO_HANDLE to
+ * defer to later modules, or another error to terminate processing.
+ */
+typedef krb5_error_code
+(*krb5_hostrealm_host_realm_fn)(krb5_context context,
+                                krb5_hostrealm_moddata data,
+                                const char *host, char ***realms_out);
+
+/*
+ * Optional: Determine the possible realms of a hostname, using heuristic or
+ * less secure mechanisms (ones which should be used after trying referrals
+ * when getting a service ticket).  Return success with a null-terminated list
+ * of realms in *realms_out, KRB5_PLUGIN_NO_HANDLE to defer to later modules,
+ * or another error to terminate processing.
+ */
+typedef krb5_error_code
+(*krb5_hostrealm_fallback_realm_fn)(krb5_context context,
+                                    krb5_hostrealm_moddata data,
+                                    const char *host, char ***realms_out);
+
+/*
+ * Optional: Determine the possible default realms of the local host.  Return
+ * success with a null-terminated list of realms in *realms_out,
+ * KRB5_PLUGIN_NO_HANDLE to defer to later modules, or another error to
+ * terminate processing.
+ */
+typedef krb5_error_code
+(*krb5_hostrealm_default_realm_fn)(krb5_context context,
+                                   krb5_hostrealm_moddata data,
+                                   char ***realms_out);
+
+/*
+ * Mandatory (if any of the query methods are implemented): Release the memory
+ * returned by one of the interface methods.
+ */
+typedef void
+(*krb5_hostrealm_free_list_fn)(krb5_context context,
+                               krb5_hostrealm_moddata data, char **list);
+
+/* Optional: Release resources used by module data. */
+typedef void
+(*krb5_hostrealm_fini_fn)(krb5_context context, krb5_hostrealm_moddata data);
+
+/* hostrealm vtable for major version 1. */
+typedef struct krb5_hostrealm_vtable_st {
+    const char *name;           /* Mandatory: name of module. */
+    krb5_hostrealm_init_fn init;
+    krb5_hostrealm_fini_fn fini;
+    krb5_hostrealm_host_realm_fn host_realm;
+    krb5_hostrealm_fallback_realm_fn fallback_realm;
+    krb5_hostrealm_default_realm_fn default_realm;
+    krb5_hostrealm_free_list_fn free_list;
+    /* Minor version 1 ends here. */
+} *krb5_hostrealm_vtable;
+
+#endif /* KRB5_HOSTREALM_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/kadm5_auth_plugin.h b/krb5-1.21.3/src/include/krb5/kadm5_auth_plugin.h
new file mode 100644
index 00000000..d514e99b
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/kadm5_auth_plugin.h
@@ -0,0 +1,306 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for kadm5_auth plugin module implementors.
+ *
+ * The kadm5_auth pluggable interface currently has only one supported major
+ * version, which is 1.  Major version 1 has a current minor version number of
+ * 1.
+ *
+ * kadm5_auth plugin modules should define a function named
+ * kadm5_auth_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   kadm5_auth_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                             krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to krb5_kadm5_auth_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_KADM5_AUTH_PLUGIN_H
+#define KRB5_KADM5_AUTH_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* An abstract type for kadm5_auth module data. */
+typedef struct kadm5_auth_moddata_st *kadm5_auth_moddata;
+
+/*
+ * A module can optionally include <kadm5/admin.h> to inspect principal or
+ * policy records from requests that add or modify principals or policies.
+ * Note that fields of principal and policy structures are only valid if the
+ * corresponding bit is set in the accompanying mask parameter.
+ */
+struct _kadm5_principal_ent_t;
+struct _kadm5_policy_ent_t;
+
+/*
+ * A module can optionally generate restrictions when checking permissions for
+ * adding or modifying a principal entry.  Restriction fields will only be
+ * honored if the corresponding mask bit is set.  The operable mask bits are
+ * defined in <kadmin/admin.h> and are:
+ *
+ * - KADM5_ATTRIBUTES for require_attrs, forbid_attrs
+ * - KADM5_POLICY for policy
+ * - KADM5_POLICY_CLR to require that policy be unset
+ * - KADM5_PRINC_EXPIRE_TIME for princ_lifetime
+ * - KADM5_PW_EXPIRATION for pw_lifetime
+ * - KADM5_MAX_LIFE for max_life
+ * - KADM5_MAX_RLIFE for max_renewable_life
+ */
+struct kadm5_auth_restrictions {
+    long mask;
+    krb5_flags require_attrs;
+    krb5_flags forbid_attrs;
+    krb5_deltat princ_lifetime;
+    krb5_deltat pw_lifetime;
+    krb5_deltat max_life;
+    krb5_deltat max_renewable_life;
+    char *policy;
+};
+
+/*** Method type declarations ***/
+
+/*
+ * Optional: Initialize module data.  acl_file is the realm's configured ACL
+ * file, or NULL if none was configured.  Return 0 on success,
+ * KRB5_PLUGIN_NO_HANDLE if the module is inoperable (due to configuration, for
+ * example), and any other error code to abort kadmind startup.  Optionally set
+ * *data_out to a module data object to be passed to future calls.
+ */
+typedef krb5_error_code
+(*kadm5_auth_init_fn)(krb5_context context, const char *acl_file,
+                      kadm5_auth_moddata *data_out);
+
+/* Optional: Release resources used by module data. */
+typedef void
+(*kadm5_auth_fini_fn)(krb5_context context, kadm5_auth_moddata data);
+
+/*
+ * Each check method below should return 0 to explicitly authorize the request,
+ * KRB5_PLUGIN_NO_HANDLE to neither authorize nor deny the request, and any
+ * other error code (such as EPERM) to explicitly deny the request.  If a check
+ * method is not defined, the module will neither authorize nor deny the
+ * request.  A request succeeds if at least one kadm5_auth module explicitly
+ * authorizes the request and none of the modules explicitly deny it.
+ */
+
+/* Optional: authorize an add-principal operation, and optionally generate
+ * restrictions. */
+typedef krb5_error_code
+(*kadm5_auth_addprinc_fn)(krb5_context context, kadm5_auth_moddata data,
+                          krb5_const_principal client,
+                          krb5_const_principal target,
+                          const struct _kadm5_principal_ent_t *ent, long mask,
+                          struct kadm5_auth_restrictions **rs_out);
+
+/* Optional: authorize a modify-principal operation, and optionally generate
+ * restrictions. */
+typedef krb5_error_code
+(*kadm5_auth_modprinc_fn)(krb5_context context, kadm5_auth_moddata data,
+                          krb5_const_principal client,
+                          krb5_const_principal target,
+                          const struct _kadm5_principal_ent_t *ent, long mask,
+                          struct kadm5_auth_restrictions **rs_out);
+
+/* Optional: authorize a set-string operation. */
+typedef krb5_error_code
+(*kadm5_auth_setstr_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client,
+                        krb5_const_principal target,
+                        const char *key, const char *value);
+
+/* Optional: authorize a change-password operation. */
+typedef krb5_error_code
+(*kadm5_auth_cpw_fn)(krb5_context context, kadm5_auth_moddata data,
+                     krb5_const_principal client, krb5_const_principal target);
+
+/* Optional: authorize a randomize-keys operation. */
+typedef krb5_error_code
+(*kadm5_auth_chrand_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client,
+                        krb5_const_principal target);
+
+/* Optional: authorize a set-key operation. */
+typedef krb5_error_code
+(*kadm5_auth_setkey_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client,
+                        krb5_const_principal target);
+
+/* Optional: authorize a purgekeys operation. */
+typedef krb5_error_code
+(*kadm5_auth_purgekeys_fn)(krb5_context context, kadm5_auth_moddata data,
+                           krb5_const_principal client,
+                           krb5_const_principal target);
+
+/* Optional: authorize a delete-principal operation. */
+typedef krb5_error_code
+(*kadm5_auth_delprinc_fn)(krb5_context context, kadm5_auth_moddata data,
+                          krb5_const_principal client,
+                          krb5_const_principal target);
+
+/* Optional: authorize a rename-principal operation. */
+typedef krb5_error_code
+(*kadm5_auth_renprinc_fn)(krb5_context context, kadm5_auth_moddata data,
+                          krb5_const_principal client,
+                          krb5_const_principal src,
+                          krb5_const_principal dest);
+
+/* Optional: authorize a get-principal operation. */
+typedef krb5_error_code
+(*kadm5_auth_getprinc_fn)(krb5_context context, kadm5_auth_moddata data,
+                          krb5_const_principal client,
+                          krb5_const_principal target);
+
+/* Optional: authorize a get-strings operation. */
+typedef krb5_error_code
+(*kadm5_auth_getstrs_fn)(krb5_context context, kadm5_auth_moddata data,
+                         krb5_const_principal client,
+                         krb5_const_principal target);
+
+/* Optional: authorize an extract-keys operation. */
+typedef krb5_error_code
+(*kadm5_auth_extract_fn)(krb5_context context, kadm5_auth_moddata data,
+                         krb5_const_principal client,
+                         krb5_const_principal target);
+
+/* Optional: authorize a list-principals operation. */
+typedef krb5_error_code
+(*kadm5_auth_listprincs_fn)(krb5_context context, kadm5_auth_moddata data,
+                            krb5_const_principal client);
+
+/* Optional: authorize an add-policy operation. */
+typedef krb5_error_code
+(*kadm5_auth_addpol_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client, const char *policy,
+                        const struct _kadm5_policy_ent_t *ent, long mask);
+
+/* Optional: authorize a modify-policy operation. */
+typedef krb5_error_code
+(*kadm5_auth_modpol_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client, const char *policy,
+                        const struct _kadm5_policy_ent_t *ent, long mask);
+
+/* Optional: authorize a delete-policy operation. */
+typedef krb5_error_code
+(*kadm5_auth_delpol_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client, const char *policy);
+
+/* Optional: authorize a get-policy operation.  client_policy is the client
+ * principal's policy name, or NULL if it does not have one. */
+typedef krb5_error_code
+(*kadm5_auth_getpol_fn)(krb5_context context, kadm5_auth_moddata data,
+                        krb5_const_principal client, const char *policy,
+                        const char *client_policy);
+
+/* Optional: authorize a list-policies operation. */
+typedef krb5_error_code
+(*kadm5_auth_listpols_fn)(krb5_context context, kadm5_auth_moddata data,
+                          krb5_const_principal client);
+
+/* Optional: authorize an iprop operation. */
+typedef krb5_error_code
+(*kadm5_auth_iprop_fn)(krb5_context context, kadm5_auth_moddata data,
+                       krb5_const_principal client);
+
+/*
+ * Optional: receive a notification that the most recent authorized operation
+ * has ended.  If a kadm5_auth module is also a KDB module, it can assume that
+ * all KDB methods invoked between a kadm5_auth authorization method invocation
+ * and a kadm5_auth end invocation are performed as part of the authorized
+ * operation.
+ *
+ * The end method may be invoked without a preceding authorization method in
+ * some cases; the module must be prepared to ignore such calls.
+ */
+typedef void
+(*kadm5_auth_end_fn)(krb5_context context, kadm5_auth_moddata data);
+
+/*
+ * Optional: free a restrictions object.  This method does not need to be
+ * defined if the module does not generate restrictions objects, or if it
+ * returns aliases to restrictions objects contained from within the module
+ * data.
+ */
+typedef void
+(*kadm5_auth_free_restrictions_fn)(krb5_context context,
+                                   kadm5_auth_moddata data,
+                                   struct kadm5_auth_restrictions *rs);
+
+/* kadm5_auth vtable for major version 1. */
+typedef struct kadm5_auth_vtable_st {
+    const char *name;           /* Mandatory: name of module. */
+    kadm5_auth_init_fn init;
+    kadm5_auth_fini_fn fini;
+
+    kadm5_auth_addprinc_fn addprinc;
+    kadm5_auth_modprinc_fn modprinc;
+    kadm5_auth_setstr_fn setstr;
+    kadm5_auth_cpw_fn cpw;
+    kadm5_auth_chrand_fn chrand;
+    kadm5_auth_setkey_fn setkey;
+    kadm5_auth_purgekeys_fn purgekeys;
+    kadm5_auth_delprinc_fn delprinc;
+    kadm5_auth_renprinc_fn renprinc;
+
+    kadm5_auth_getprinc_fn getprinc;
+    kadm5_auth_getstrs_fn getstrs;
+    kadm5_auth_extract_fn extract;
+    kadm5_auth_listprincs_fn listprincs;
+
+    kadm5_auth_addpol_fn addpol;
+    kadm5_auth_modpol_fn modpol;
+    kadm5_auth_delpol_fn delpol;
+    kadm5_auth_getpol_fn getpol;
+    kadm5_auth_listpols_fn listpols;
+
+    kadm5_auth_iprop_fn iprop;
+
+    kadm5_auth_end_fn end;
+
+    kadm5_auth_free_restrictions_fn free_restrictions;
+    /* Minor version 1 ends here. */
+} *kadm5_auth_vtable;
+
+#endif /* KRB5_KADM5_AUTH_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/kadm5_hook_plugin.h b/krb5-1.21.3/src/include/krb5/kadm5_hook_plugin.h
new file mode 100644
index 00000000..f4f3730f
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/kadm5_hook_plugin.h
@@ -0,0 +1,154 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef H_KRB5_KADM5_HOOK_PLUGIN
+#define H_KRB5_KADM5_HOOK_PLUGIN
+
+/**
+ * @file krb5/krb5_kadm5_hook_plugin.h
+ * Provide a plugin interface for kadm5 operations. This interface
+ * permits a plugin to intercept principal modification, creation and
+ * change password operations. Operations run at two stages: a
+ * precommit stage that runs before the operation is committed to the
+ * database and a postcommit operation that runs after the database
+ * is updated; see #kadm5_hook_stage for details on semantics.
+ *
+ * This interface is based on a proposed extension to Heimdal by Russ
+ * Allbery; it is likely that Heimdal will adopt an approach based on
+ * stacked kdb modules rather than this interface. For MIT, writing a
+ * plugin to this interface is significantly easier than stacking kdb
+ * modules. Also, the kadm5 interface is significantly more stable
+ * than the kdb interface, so this approach is more desirable than
+ * stacked kdb modules.
+ *
+ * This interface depends on kadm5/admin.h. As such, the interface
+ * does not provide strong guarantees of ABI stability.
+ *
+ * The kadm5_hook interface currently has only one supported major version,
+ * which is 1.  Major version 1 has a current minor version number of 2.
+ *
+ * kadm5_hook plugins should:
+ * kadm5_hook_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   kadm5_hook_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                         krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to kadm5_hook_vftable_1
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+#include <kadm5/admin.h>
+
+/**
+ * Whether the operation is being run before or after the database
+ * update.
+ */
+enum kadm5_hook_stage {
+    /** In this stage, any plugin failure prevents following plugins from
+     *         running and aborts the operation.*/
+    KADM5_HOOK_STAGE_PRECOMMIT,
+    /** In this stage, plugin failures are logged but otherwise ignored.*/
+    KADM5_HOOK_STAGE_POSTCOMMIT
+};
+
+/** Opaque module data pointer. */
+typedef struct kadm5_hook_modinfo_st kadm5_hook_modinfo;
+
+/**
+ * Interface for the v1 virtual table for the kadm5_hook plugin.
+ * All entry points are optional. The name field must be provided.
+ */
+typedef struct kadm5_hook_vtable_1_st {
+
+    /** A text string identifying the plugin for logging messages. */
+    const char *name;
+
+    /** Initialize a plugin module.
+     * @param modinfo returns newly allocated module info for future
+     * calls.  Cleaned up by the fini() function.
+     */
+    kadm5_ret_t (*init)(krb5_context, kadm5_hook_modinfo **modinfo);
+
+    /** Clean up a module and free @a modinfo. */
+    void (*fini)(krb5_context, kadm5_hook_modinfo *modinfo);
+
+    /** Indicates that the password is being changed.
+     * @param stage is an integer from #kadm5_hook_stage enumeration
+     * @param keepold is true if existing keys are being kept.
+     * @param newpass is NULL if the key sare being randomized.
+     */
+    kadm5_ret_t (*chpass)(krb5_context,
+                          kadm5_hook_modinfo *modinfo,
+                          int stage,
+                          krb5_principal, krb5_boolean keepold,
+                          int n_ks_tuple,
+                          krb5_key_salt_tuple *ks_tuple,
+                          const char *newpass);
+
+    /** Indicate a principal is created. */
+    kadm5_ret_t (*create)(krb5_context,
+                          kadm5_hook_modinfo *,
+                          int stage,
+                          kadm5_principal_ent_t, long mask,
+                          int n_ks_tuple,
+                          krb5_key_salt_tuple *ks_tuple,
+                          const char *password);
+
+    /** Modify a principal. */
+    kadm5_ret_t (*modify)(krb5_context,
+                          kadm5_hook_modinfo *,
+                          int stage,
+                          kadm5_principal_ent_t, long mask);
+
+    /** Indicate a principal is deleted. */
+    kadm5_ret_t (*remove)(krb5_context,
+                          kadm5_hook_modinfo *modinfo,
+                          int stage, krb5_principal);
+
+    /* End of minor version 1. */
+
+    /** Indicate a principal is renamed. */
+    kadm5_ret_t (*rename)(krb5_context,
+                          kadm5_hook_modinfo *modinfo,
+                          int stage, krb5_principal, krb5_principal);
+
+    /* End of minor version 2. */
+
+} kadm5_hook_vftable_1;
+
+#endif /*H_KRB5_KADM5_HOOK_PLUGIN*/
diff --git a/krb5-1.21.3/src/include/krb5/kdcauthdata_plugin.h b/krb5-1.21.3/src/include/krb5/kdcauthdata_plugin.h
new file mode 100644
index 00000000..53fe69cd
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/kdcauthdata_plugin.h
@@ -0,0 +1,129 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This interface is not yet public and may change without honoring the
+ * pluggable interface version system.  The header file is deliberately not
+ * installed by "make install".
+ *
+ * This interface references kdb.h, which is not stable.  A module which
+ * references fields of krb5_db_entry, invokes libkdb5 functions, or uses the
+ * flags argument may not be future-proof even if this interface becomes
+ * public.
+ *
+ * Expecting modules to hand-modify enc_tkt_reply->authorization_data is
+ * cumbersome for the module, and doesn't work if the module uses a different
+ * allocator from the krb5 tree.  A libkrb5 API to add an authdata value to a
+ * list would improve this situation.
+ */
+
+/*
+ * Declarations for kdcauthdata plugin module implementors.
+ *
+ * The kdcauthdata interface has a single supported major version, which is 1.
+ * Major version 1 has a current minor version of 1.  kdcauthdata modules
+ * should define a function named kdcauthdata_<modulename>_initvt, matching the
+ * signature:
+ *
+ *   krb5_error_code
+ *   kdcauthdata_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                              krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for the interface and maj_ver:
+ *     maj_ver == 1: Cast to krb5_kdcauthdata_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_KDCAUTHDATA_PLUGIN_H
+#define KRB5_KDCAUTHDATA_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+#include <kdb.h>
+
+/* Abstract type for module data. */
+typedef struct krb5_kdcauthdata_moddata_st *krb5_kdcauthdata_moddata;
+
+/* Optional: module initialization function.  If this function returns an
+ * error, the KDC will log the failure and ignore the module. */
+typedef krb5_error_code
+(*krb5_kdcauthdata_init_fn)(krb5_context context,
+                            krb5_kdcauthdata_moddata *moddata_out);
+
+/* Optional: module cleanup function. */
+typedef void
+(*krb5_kdcauthdata_fini_fn)(krb5_context context,
+                            krb5_kdcauthdata_moddata moddata);
+
+/*
+ * Mandatory: authorization data handling function.
+ *
+ * All values should be considered input-only, except that the method can
+ * modify enc_tkt_reply->authorization_data to add authdata values.  This field
+ * is a null-terminated list of allocated pointers; the plugin method must
+ * reallocate it to make room for any added authdata values.
+ *
+ * If this function returns an error, the AS or TGS request will be rejected.
+ */
+typedef krb5_error_code
+(*krb5_kdcauthdata_handle_fn)(krb5_context context,
+                              krb5_kdcauthdata_moddata moddata,
+                              unsigned int flags,
+                              krb5_db_entry *client, krb5_db_entry *server,
+                              krb5_db_entry *header_server,
+                              krb5_keyblock *client_key,
+                              krb5_keyblock *server_key,
+                              krb5_keyblock *header_key,
+                              krb5_data *req_pkt, krb5_kdc_req *req,
+                              krb5_const_principal for_user_princ,
+                              krb5_enc_tkt_part *enc_tkt_req,
+                              krb5_enc_tkt_part *enc_tkt_reply);
+
+typedef struct krb5_kdcauthdata_vtable_st {
+    /* Mandatory: name of module. */
+    const char *name;
+
+    krb5_kdcauthdata_init_fn init;
+    krb5_kdcauthdata_fini_fn fini;
+    krb5_kdcauthdata_handle_fn handle;
+    /* Minor 1 ends here. */
+} *krb5_kdcauthdata_vtable;
+
+#endif /* KRB5_KDCAUTHDATA_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/kdcpolicy_plugin.h b/krb5-1.21.3/src/include/krb5/kdcpolicy_plugin.h
new file mode 100644
index 00000000..c7592c5d
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/kdcpolicy_plugin.h
@@ -0,0 +1,128 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/krb5/kdcpolicy_plugin.h - KDC policy plugin interface */
+/*
+ * Copyright (C) 2017 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for kdcpolicy plugin module implementors.
+ *
+ * The kdcpolicy pluggable interface currently has only one supported major
+ * version, which is 1.  Major version 1 has a current minor version number of
+ * 1.
+ *
+ * kdcpolicy plugin modules should define a function named
+ * kdcpolicy_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   kdcpolicy_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                            krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *   maj_ver == 1: Cast to krb5_kdcpolicy_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_POLICY_PLUGIN_H
+#define KRB5_POLICY_PLUGIN_H
+
+#include <krb5/krb5.h>
+
+/* Abstract module datatype. */
+typedef struct krb5_kdcpolicy_moddata_st *krb5_kdcpolicy_moddata;
+
+/* A module can optionally include kdb.h to inspect principal entries when
+ * authorizing requests. */
+struct _krb5_db_entry_new;
+
+/*
+ * Optional: Initialize module data.  Return 0 on success,
+ * KRB5_PLUGIN_NO_HANDLE if the module is inoperable (due to configuration, for
+ * example), and any other error code to abort KDC startup.  Optionally set
+ * *data_out to a module data object to be passed to future calls.
+ */
+typedef krb5_error_code
+(*krb5_kdcpolicy_init_fn)(krb5_context context,
+                          krb5_kdcpolicy_moddata *data_out);
+
+/* Optional: Clean up module data. */
+typedef krb5_error_code
+(*krb5_kdcpolicy_fini_fn)(krb5_context context,
+                          krb5_kdcpolicy_moddata moddata);
+
+/*
+ * Optional: return an error code and set status to an appropriate string
+ * literal to deny an AS request; otherwise return 0.  lifetime_out, if set,
+ * restricts the ticket lifetime.  renew_lifetime_out, if set, restricts the
+ * ticket renewable lifetime.
+ */
+typedef krb5_error_code
+(*krb5_kdcpolicy_check_as_fn)(krb5_context context,
+                              krb5_kdcpolicy_moddata moddata,
+                              const krb5_kdc_req *request,
+                              const struct _krb5_db_entry_new *client,
+                              const struct _krb5_db_entry_new *server,
+                              const char *const *auth_indicators,
+                              const char **status, krb5_deltat *lifetime_out,
+                              krb5_deltat *renew_lifetime_out);
+
+/*
+ * Optional: return an error code and set status to an appropriate string
+ * literal to deny a TGS request; otherwise return 0.  lifetime_out, if set,
+ * restricts the ticket lifetime.  renew_lifetime_out, if set, restricts the
+ * ticket renewable lifetime.
+ */
+typedef krb5_error_code
+(*krb5_kdcpolicy_check_tgs_fn)(krb5_context context,
+                               krb5_kdcpolicy_moddata moddata,
+                               const krb5_kdc_req *request,
+                               const struct _krb5_db_entry_new *server,
+                               const krb5_ticket *ticket,
+                               const char *const *auth_indicators,
+                               const char **status, krb5_deltat *lifetime_out,
+                               krb5_deltat *renew_lifetime_out);
+
+typedef struct krb5_kdcpolicy_vtable_st {
+    const char *name;
+    krb5_kdcpolicy_init_fn init;
+    krb5_kdcpolicy_fini_fn fini;
+    krb5_kdcpolicy_check_as_fn check_as;
+    krb5_kdcpolicy_check_tgs_fn check_tgs;
+} *krb5_kdcpolicy_vtable;
+
+#endif /* KRB5_POLICY_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/kdcpreauth_plugin.h b/krb5-1.21.3/src/include/krb5/kdcpreauth_plugin.h
new file mode 100644
index 00000000..f40e368c
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/kdcpreauth_plugin.h
@@ -0,0 +1,417 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2006 Red Hat, Inc.
+ * Portions copyright (c) 2006, 2011 Massachusetts Institute of Technology
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name of Red Hat, Inc., nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for kdcpreauth plugin module implementors.
+ *
+ * The kdcpreauth interface has a single supported major version, which is 1.
+ * Major version 1 has a current minor version of 2.  kdcpreauth modules should
+ * define a function named kdcpreauth_<modulename>_initvt, matching the
+ * signature:
+ *
+ *   krb5_error_code
+ *   kdcpreauth_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                             krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for the interface and maj_ver:
+ *     kdcpreauth, maj_ver == 1: Cast to krb5_kdcpreauth_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_KDCPREAUTH_PLUGIN_H
+#define KRB5_KDCPREAUTH_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* kdcpreauth mechanism property flags */
+
+/*
+ * Causes the KDC to include this mechanism in a list of supported preauth
+ * types if the user's DB entry flags the user as requiring hardware-based
+ * preauthentication.
+ */
+#define PA_HARDWARE     0x00000004
+
+/*
+ * Causes the KDC to include this mechanism in a list of supported preauth
+ * types if the user's DB entry flags the user as requiring preauthentication,
+ * and to fail preauthentication if we can't verify the client data.  The
+ * flipside of PA_SUFFICIENT.
+ */
+#define PA_REQUIRED     0x00000008
+
+/*
+ * Causes the KDC to include this mechanism in a list of supported preauth
+ * types if the user's DB entry flags the user as requiring preauthentication,
+ * and to mark preauthentication as successful if we can verify the client
+ * data.  The flipside of PA_REQUIRED.
+ */
+#define PA_SUFFICIENT   0x00000010
+
+/*
+ * Marks this preauthentication mechanism as one which changes the key which is
+ * used for encrypting the response to the client.  Modules which have this
+ * flag have their server_return_fn called before modules which do not, and are
+ * passed over if a previously-called module has modified the encrypting key.
+ */
+#define PA_REPLACES_KEY 0x00000020
+
+/*
+ * Not really a padata type, so don't include it in any list of preauth types
+ * which gets sent over the wire.
+ */
+#define PA_PSEUDO       0x00000080
+
+/*
+ * Indicates that e_data in non-FAST errors should be encoded as typed data
+ * instead of padata.
+ */
+#define PA_TYPED_E_DATA 0x00000100
+
+/* Abstract type for a KDC callback data handle. */
+typedef struct krb5_kdcpreauth_rock_st *krb5_kdcpreauth_rock;
+
+/* Abstract type for module data and per-request module data. */
+typedef struct krb5_kdcpreauth_moddata_st *krb5_kdcpreauth_moddata;
+typedef struct krb5_kdcpreauth_modreq_st *krb5_kdcpreauth_modreq;
+
+/* The verto context structure type (typedef is in verto.h; we want to avoid a
+ * header dependency for the moment). */
+struct verto_ctx;
+
+/* Before using a callback after version 1, modules must check the vers
+ * field of the callback structure. */
+typedef struct krb5_kdcpreauth_callbacks_st {
+    int vers;
+
+    krb5_deltat (*max_time_skew)(krb5_context context,
+                                 krb5_kdcpreauth_rock rock);
+
+    /*
+     * Get an array of krb5_keyblock structures containing the client keys
+     * matching the request enctypes, terminated by an entry with key type = 0.
+     * Returns ENOENT if no keys are available for the request enctypes.  Free
+     * the resulting object with the free_keys callback.
+     */
+    krb5_error_code (*client_keys)(krb5_context context,
+                                   krb5_kdcpreauth_rock rock,
+                                   krb5_keyblock **keys_out);
+
+    /* Free the result of client_keys. */
+    void (*free_keys)(krb5_context context, krb5_kdcpreauth_rock rock,
+                      krb5_keyblock *keys);
+
+    /*
+     * Get the encoded request body, which is sometimes needed for checksums.
+     * For a FAST request this is the encoded inner request body.  The returned
+     * pointer is an alias and should not be freed.
+     */
+    krb5_data *(*request_body)(krb5_context context,
+                               krb5_kdcpreauth_rock rock);
+
+    /* Get a pointer to the FAST armor key, or NULL if the request did not use
+     * FAST.  The returned pointer is an alias and should not be freed. */
+    krb5_keyblock *(*fast_armor)(krb5_context context,
+                                 krb5_kdcpreauth_rock rock);
+
+    /* Retrieve a string attribute from the client DB entry, or NULL if no such
+     * attribute is set.  Free the result with the free_string callback. */
+    krb5_error_code (*get_string)(krb5_context context,
+                                  krb5_kdcpreauth_rock rock, const char *key,
+                                  char **value_out);
+
+    /* Free the result of get_string. */
+    void (*free_string)(krb5_context context, krb5_kdcpreauth_rock rock,
+                        char *string);
+
+    /* Get a pointer to the client DB entry (returned as a void pointer to
+     * avoid a dependency on a libkdb5 type). */
+    void *(*client_entry)(krb5_context context, krb5_kdcpreauth_rock rock);
+
+    /* Get a pointer to the verto context which should be used by an
+     * asynchronous edata or verify method. */
+    struct verto_ctx *(*event_context)(krb5_context context,
+                                       krb5_kdcpreauth_rock rock);
+
+    /* End of version 1 kdcpreauth callbacks. */
+
+    /* Return true if the client DB entry contains any keys matching the
+     * request enctypes. */
+    krb5_boolean (*have_client_keys)(krb5_context context,
+                                     krb5_kdcpreauth_rock rock);
+
+    /* End of version 2 kdcpreauth callbacks. */
+
+    /*
+     * Get the current reply key.  Initially the reply key is the decrypted
+     * client long-term key chosen according to the request enctype list, or
+     * NULL if no matching key was found.  The value may be changed by the
+     * replace_reply_key callback or a return_padata method modifying
+     * encrypting_key.  The returned pointer is an alias and should not be
+     * freed.
+     */
+    const krb5_keyblock *(*client_keyblock)(krb5_context context,
+                                            krb5_kdcpreauth_rock rock);
+
+    /* Assert an authentication indicator in the AS-REP authdata.  Duplicate
+     * indicators will be ignored. */
+    krb5_error_code (*add_auth_indicator)(krb5_context context,
+                                          krb5_kdcpreauth_rock rock,
+                                          const char *indicator);
+
+    /*
+     * Read a data value for pa_type from the request cookie, placing it in
+     * *out.  The value placed there is an alias and must not be freed.
+     * Returns true if a value for pa_type was retrieved, false if not.
+     */
+    krb5_boolean (*get_cookie)(krb5_context context, krb5_kdcpreauth_rock rock,
+                               krb5_preauthtype pa_type, krb5_data *out);
+
+    /*
+     * Set a data value for pa_type to be sent in a secure cookie in the next
+     * error response.  If pa_type is already present, the value is ignored.
+     * If the preauth mechanism has different preauth types for requests and
+     * responses, use the request type.  Secure cookies are encrypted in a key
+     * known only to the KDCs, but can be replayed within a short time window
+     * for requests using the same client principal.
+     */
+    krb5_error_code (*set_cookie)(krb5_context context,
+                                  krb5_kdcpreauth_rock rock,
+                                  krb5_preauthtype pa_type,
+                                  const krb5_data *data);
+
+    /* End of version 3 kdcpreauth callbacks. */
+
+    /*
+     * Return true if princ matches the principal named in the request or the
+     * client principal (possibly canonicalized).  If princ does not match,
+     * attempt a database lookup of princ with aliases allowed and compare the
+     * result to the client principal, returning true if it matches.
+     * Otherwise, return false.
+     */
+    krb5_boolean (*match_client)(krb5_context context,
+                                 krb5_kdcpreauth_rock rock,
+                                 krb5_principal princ);
+
+    /*
+     * Get an alias to the client DB entry principal (possibly canonicalized).
+     */
+    krb5_principal (*client_name)(krb5_context context,
+                                  krb5_kdcpreauth_rock rock);
+
+    /* End of version 4 kdcpreauth callbacks. */
+
+    /*
+     * Instruct the KDC to send a freshness token in the method data
+     * accompanying a PREAUTH_REQUIRED or PREAUTH_FAILED error, if the client
+     * indicated support for freshness tokens.  This callback should only be
+     * invoked from the edata method.
+     */
+    void (*send_freshness_token)(krb5_context context,
+                                 krb5_kdcpreauth_rock rock);
+
+    /* Validate a freshness token sent by the client.  Return 0 on success,
+     * KRB5KDC_ERR_PREAUTH_EXPIRED on error. */
+    krb5_error_code (*check_freshness_token)(krb5_context context,
+                                             krb5_kdcpreauth_rock rock,
+                                             const krb5_data *token);
+
+    /* End of version 5 kdcpreauth callbacks. */
+
+    /*
+     * Replace the reply key with key.  If is_strengthen is true, key must be a
+     * derivative of the client long-term key.  This callback may be invoked
+     * from the verify or return_padata methods.  If it is invoked from the
+     * verify method, the new key will appear as the encrypting_key input to
+     * return_padata.
+     */
+    krb5_error_code (*replace_reply_key)(krb5_context context,
+                                         krb5_kdcpreauth_rock rock,
+                                         const krb5_keyblock *key,
+                                         krb5_boolean is_strengthen);
+
+    /* End of version 6 kdcpreauth callbacks. */
+
+} *krb5_kdcpreauth_callbacks;
+
+/* Optional: preauth plugin initialization function. */
+typedef krb5_error_code
+(*krb5_kdcpreauth_init_fn)(krb5_context context,
+                           krb5_kdcpreauth_moddata *moddata_out,
+                           const char **realmnames);
+
+/* Optional: preauth plugin cleanup function. */
+typedef void
+(*krb5_kdcpreauth_fini_fn)(krb5_context context,
+                           krb5_kdcpreauth_moddata moddata);
+
+/*
+ * Optional: return the flags which the KDC should use for this module.  This
+ * is a callback instead of a static value because the module may or may not
+ * wish to count itself as a hardware preauthentication module (in other words,
+ * the flags may be affected by the configuration, for example if a site
+ * administrator can force a particular preauthentication type to be supported
+ * using only hardware).  This function is called for each entry entry in the
+ * server_pa_type_list.
+ */
+typedef int
+(*krb5_kdcpreauth_flags_fn)(krb5_context context, krb5_preauthtype pa_type);
+
+/*
+ * Responder for krb5_kdcpreauth_edata_fn.  If invoked with a non-zero code, pa
+ * will be ignored and the padata type will not be included in the hint list.
+ * If invoked with a zero code and a null pa value, the padata type will be
+ * included in the list with an empty value.  If invoked with a zero code and a
+ * non-null pa value, pa will be included in the hint list and will later be
+ * freed by the KDC.
+ */
+typedef void
+(*krb5_kdcpreauth_edata_respond_fn)(void *arg, krb5_error_code code,
+                                    krb5_pa_data *pa);
+
+/*
+ * Optional: provide pa_data to send to the client as part of the "you need to
+ * use preauthentication" error.  The implementation must invoke the respond
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
+ *
+ * This function is not allowed to create a modreq object because we have no
+ * guarantee that the client will ever make a follow-up request, or that it
+ * will hit this KDC if it does.
+ */
+typedef void
+(*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
+                            krb5_kdcpreauth_callbacks cb,
+                            krb5_kdcpreauth_rock rock,
+                            krb5_kdcpreauth_moddata moddata,
+                            krb5_preauthtype pa_type,
+                            krb5_kdcpreauth_edata_respond_fn respond,
+                            void *arg);
+
+/*
+ * Responder for krb5_kdcpreauth_verify_fn.  Invoke with the arg parameter
+ * supplied to verify, the error code (0 for success), an optional module
+ * request state object to be consumed by return_fn or free_modreq_fn, optional
+ * e_data to be passed to the caller if code is nonzero, and optional
+ * authorization data to be included in the ticket.  In non-FAST replies,
+ * e_data will be encoded as typed-data if the module sets the PA_TYPED_E_DATA
+ * flag, and as pa-data otherwise.  e_data and authz_data will be freed by the
+ * KDC.
+ */
+typedef void
+(*krb5_kdcpreauth_verify_respond_fn)(void *arg, krb5_error_code code,
+                                     krb5_kdcpreauth_modreq modreq,
+                                     krb5_pa_data **e_data,
+                                     krb5_authdata **authz_data);
+
+/*
+ * Optional: verify preauthentication data sent by the client, setting the
+ * TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
+ * field as appropriate.  The implementation must invoke the respond function
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
+ */
+typedef void
+(*krb5_kdcpreauth_verify_fn)(krb5_context context,
+                             krb5_data *req_pkt, krb5_kdc_req *request,
+                             krb5_enc_tkt_part *enc_tkt_reply,
+                             krb5_pa_data *data,
+                             krb5_kdcpreauth_callbacks cb,
+                             krb5_kdcpreauth_rock rock,
+                             krb5_kdcpreauth_moddata moddata,
+                             krb5_kdcpreauth_verify_respond_fn respond,
+                             void *arg);
+
+/*
+ * Optional: generate preauthentication response data to send to the client as
+ * part of the AS-REP.  If it needs to override the key which is used to
+ * encrypt the response, it can do so by modifying encrypting_key, but it is
+ * preferrable to use the replace_reply_key callback.
+ */
+typedef krb5_error_code
+(*krb5_kdcpreauth_return_fn)(krb5_context context,
+                             krb5_pa_data *padata,
+                             krb5_data *req_pkt,
+                             krb5_kdc_req *request,
+                             krb5_kdc_rep *reply,
+                             krb5_keyblock *encrypting_key,
+                             krb5_pa_data **send_pa_out,
+                             krb5_kdcpreauth_callbacks cb,
+                             krb5_kdcpreauth_rock rock,
+                             krb5_kdcpreauth_moddata moddata,
+                             krb5_kdcpreauth_modreq modreq);
+
+/* Optional: free a per-request context. */
+typedef void
+(*krb5_kdcpreauth_free_modreq_fn)(krb5_context,
+                                  krb5_kdcpreauth_moddata moddata,
+                                  krb5_kdcpreauth_modreq modreq);
+
+/* Optional: invoked after init_fn to provide the module with a pointer to the
+ * verto main loop. */
+typedef krb5_error_code
+(*krb5_kdcpreauth_loop_fn)(krb5_context context,
+                           krb5_kdcpreauth_moddata moddata,
+                           struct verto_ctx *ctx);
+
+typedef struct krb5_kdcpreauth_vtable_st {
+    /* Mandatory: name of module. */
+    const char *name;
+
+    /* Mandatory: pointer to zero-terminated list of pa_types which this module
+     * can provide services for. */
+    krb5_preauthtype *pa_type_list;
+
+    krb5_kdcpreauth_init_fn init;
+    krb5_kdcpreauth_fini_fn fini;
+    krb5_kdcpreauth_flags_fn flags;
+    krb5_kdcpreauth_edata_fn edata;
+    krb5_kdcpreauth_verify_fn verify;
+    krb5_kdcpreauth_return_fn return_padata;
+    krb5_kdcpreauth_free_modreq_fn free_modreq;
+    /* Minor 1 ends here. */
+
+    krb5_kdcpreauth_loop_fn loop;
+    /* Minor 2 ends here. */
+} *krb5_kdcpreauth_vtable;
+
+#endif /* KRB5_KDCPREAUTH_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/krb5.hin b/krb5-1.21.3/src/include/krb5/krb5.hin
new file mode 100644
index 00000000..4e09ed34
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/krb5.hin
@@ -0,0 +1,8590 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* General definitions for Kerberos version 5. */
+/*
+ * Copyright 1989, 1990, 1995, 2001, 2003, 2007, 2011 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef KRB5_GENERAL__
+#define KRB5_GENERAL__
+
+ /* By default, do not expose deprecated interfaces. */
+#ifndef KRB5_DEPRECATED
+#define KRB5_DEPRECATED 0
+#endif
+
+#if defined(__MACH__) && defined(__APPLE__)
+#       include <TargetConditionals.h>
+#    if TARGET_RT_MAC_CFM
+#       error "Use KfM 4.0 SDK headers for CFM compilation."
+#    endif
+#endif
+
+#if defined(_MSDOS) || defined(_WIN32)
+#include <win-mac.h>
+#endif
+
+#ifndef KRB5_CONFIG__
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif /* !KRB5_CALLCONV */
+#endif /* !KRB5_CONFIG__ */
+
+#ifndef KRB5_CALLCONV_WRONG
+#define KRB5_CALLCONV_WRONG
+#endif
+
+#ifndef THREEPARAMOPEN
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
+#endif
+
+#define KRB5_OLD_CRYPTO
+
+#include <stdlib.h>
+#include <limits.h>             /* for *_MAX */
+#include <stdarg.h>
+#include <stdint.h>
+
+#ifndef KRB5INT_BEGIN_DECLS
+#if defined(__cplusplus)
+#define KRB5INT_BEGIN_DECLS     extern "C" {
+#define KRB5INT_END_DECLS       }
+#else
+#define KRB5INT_BEGIN_DECLS
+#define KRB5INT_END_DECLS
+#endif
+#endif
+
+KRB5INT_BEGIN_DECLS
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(push,2)
+#endif
+
+#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= 30203
+# define KRB5_ATTR_DEPRECATED __attribute__((deprecated))
+#elif defined _WIN32
+# define KRB5_ATTR_DEPRECATED __declspec(deprecated)
+#else
+# define KRB5_ATTR_DEPRECATED
+#endif
+
+/* from profile.h */
+struct _profile_t;
+/* typedef struct _profile_t *profile_t; */
+
+/*
+ * begin wordsize.h
+ */
+
+/*
+ * Word-size related definition.
+ */
+
+typedef uint8_t krb5_octet;
+typedef int16_t krb5_int16;
+typedef uint16_t krb5_ui_2;
+typedef int32_t krb5_int32;
+typedef uint32_t krb5_ui_4;
+
+#define VALID_INT_BITS    INT_MAX
+#define VALID_UINT_BITS   UINT_MAX
+
+#define KRB5_INT32_MAX  2147483647
+/* this strange form is necessary since - is a unary operator, not a sign
+   indicator */
+#define KRB5_INT32_MIN  (-KRB5_INT32_MAX-1)
+
+#define KRB5_INT16_MAX 65535
+/* this strange form is necessary since - is a unary operator, not a sign
+   indicator */
+#define KRB5_INT16_MIN  (-KRB5_INT16_MAX-1)
+
+/*
+ * end wordsize.h
+ */
+
+/*
+ * begin "base-defs.h"
+ */
+
+/*
+ * Basic definitions for Kerberos V5 library
+ */
+
+#ifndef FALSE
+#define FALSE   0
+#endif
+#ifndef TRUE
+#define TRUE    1
+#endif
+
+typedef unsigned int krb5_boolean;
+typedef unsigned int krb5_msgtype;
+typedef unsigned int krb5_kvno;
+
+typedef krb5_int32 krb5_addrtype;
+typedef krb5_int32 krb5_enctype;
+typedef krb5_int32 krb5_cksumtype;
+typedef krb5_int32 krb5_authdatatype;
+typedef krb5_int32 krb5_keyusage;
+typedef krb5_int32 krb5_cryptotype;
+
+typedef krb5_int32      krb5_preauthtype; /* This may change, later on */
+typedef krb5_int32      krb5_flags;
+
+/**
+ * Represents a timestamp in seconds since the POSIX epoch.  This legacy type
+ * is used frequently in the ABI, but cannot represent timestamps after 2038 as
+ * a positive number.  Code which uses this type should cast values of it to
+ * uint32_t so that negative values are treated as timestamps between 2038 and
+ * 2106 on platforms with 64-bit time_t.
+ */
+typedef krb5_int32      krb5_timestamp;
+
+typedef krb5_int32      krb5_deltat;
+
+/**
+ * Used to convey an operation status.  The value 0 indicates success; any
+ * other values are com_err codes.  Use krb5_get_error_message() to obtain a
+ * string describing the error.
+ */
+typedef krb5_int32      krb5_error_code;
+
+typedef krb5_error_code krb5_magic;
+
+typedef struct _krb5_data {
+    krb5_magic magic;
+    unsigned int length;
+    char *data;
+} krb5_data;
+
+/* Originally introduced for PKINIT; now unused.  Do not use this. */
+typedef struct _krb5_octet_data {
+    krb5_magic magic;
+    unsigned int length;
+    krb5_octet *data;
+} krb5_octet_data;
+
+/* Originally used to recognize AFS and default salts.  No longer used. */
+#define SALT_TYPE_AFS_LENGTH UINT_MAX
+#define SALT_TYPE_NO_LENGTH  UINT_MAX
+
+typedef void * krb5_pointer;
+typedef void const * krb5_const_pointer;
+
+typedef struct krb5_principal_data {
+    krb5_magic magic;
+    krb5_data realm;
+    krb5_data *data;            /**< An array of strings */
+    krb5_int32 length;
+    krb5_int32 type;
+} krb5_principal_data;
+
+typedef krb5_principal_data * krb5_principal;
+
+/*
+ * Per V5 spec on definition of principal types
+ */
+
+#define KRB5_NT_UNKNOWN        0 /**<  Name type not known */
+#define KRB5_NT_PRINCIPAL      1 /**< Just the name of the principal
+                                      as in DCE, or for users */
+#define KRB5_NT_SRV_INST       2 /**< Service and other unique instance (krbtgt) */
+#define KRB5_NT_SRV_HST        3 /**< Service with host name as instance
+                                      (telnet, rcommands) */
+#define KRB5_NT_SRV_XHST       4 /**< Service with host as remaining components */
+#define KRB5_NT_UID            5 /**< Unique ID */
+#define KRB5_NT_X500_PRINCIPAL 6 /**< PKINIT */
+#define KRB5_NT_SMTP_NAME      7 /**< Name in form of SMTP email name */
+#define KRB5_NT_ENTERPRISE_PRINCIPAL  10        /**< Windows 2000 UPN */
+#define KRB5_NT_WELLKNOWN      11 /**< Well-known (special) principal */
+#define KRB5_WELLKNOWN_NAMESTR "WELLKNOWN" /**< First component of
+                                                NT_WELLKNOWN principals */
+#define KRB5_NT_MS_PRINCIPAL         -128 /**< Windows 2000 UPN and SID */
+#define KRB5_NT_MS_PRINCIPAL_AND_ID  -129 /**< NT 4 style name */
+#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130 /**< NT 4 style name and SID */
+
+/** Constant version of krb5_principal_data. */
+typedef const krb5_principal_data *krb5_const_principal;
+
+#define krb5_princ_realm(context, princ) (&(princ)->realm)
+#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value))
+#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value)
+#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value)
+#define krb5_princ_size(context, princ) (princ)->length
+#define krb5_princ_type(context, princ) (princ)->type
+#define krb5_princ_name(context, princ) (princ)->data
+#define krb5_princ_component(context, princ,i)  \
+    (((i) < krb5_princ_size(context, princ))    \
+     ? (princ)->data + (i)                      \
+     : NULL)
+
+/** Constant for realm referrals. */
+#define        KRB5_REFERRAL_REALM      ""
+
+/*
+ * Referral-specific functions.
+ */
+
+/**
+ * Check for a match with KRB5_REFERRAL_REALM.
+ *
+ * @param [in] r                Realm to check
+ *
+ * @return @c TRUE if @a r is zero-length, @c FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_is_referral_realm(const krb5_data *r);
+
+/**
+ * Return an anonymous realm data.
+ *
+ * This function returns constant storage that must not be freed.
+ *
+ * @sa #KRB5_ANONYMOUS_REALMSTR
+ */
+const krb5_data *KRB5_CALLCONV
+krb5_anonymous_realm(void);
+
+/**
+ * Build an anonymous principal.
+ *
+ * This function returns constant storage that must not be freed.
+ *
+ * @sa #KRB5_ANONYMOUS_PRINCSTR
+ */
+krb5_const_principal KRB5_CALLCONV
+krb5_anonymous_principal(void);
+
+#define KRB5_ANONYMOUS_REALMSTR "WELLKNOWN:ANONYMOUS" /**< Anonymous realm */
+#define KRB5_ANONYMOUS_PRINCSTR "ANONYMOUS" /**< Anonymous principal name */
+/*
+ * end "base-defs.h"
+ */
+
+/*
+ * begin "hostaddr.h"
+ */
+
+/** Structure for address */
+typedef struct _krb5_address {
+    krb5_magic magic;
+    krb5_addrtype addrtype;
+    unsigned int length;
+    krb5_octet *contents;
+} krb5_address;
+
+/* per Kerberos v5 protocol spec */
+#define ADDRTYPE_INET           0x0002
+#define ADDRTYPE_CHAOS          0x0005
+#define ADDRTYPE_XNS            0x0006
+#define ADDRTYPE_ISO            0x0007
+#define ADDRTYPE_DDP            0x0010
+#define ADDRTYPE_NETBIOS        0x0014
+#define ADDRTYPE_INET6          0x0018
+/* not yet in the spec... */
+#define ADDRTYPE_ADDRPORT       0x0100
+#define ADDRTYPE_IPPORT         0x0101
+
+/* macros to determine if a type is a local type */
+#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000)
+
+/*
+ * end "hostaddr.h"
+ */
+
+
+struct _krb5_context;
+typedef struct _krb5_context * krb5_context;
+
+struct _krb5_auth_context;
+typedef struct _krb5_auth_context * krb5_auth_context;
+
+struct _krb5_cryptosystem_entry;
+
+/*
+ * begin "encryption.h"
+ */
+
+/** Exposed contents of a key. */
+typedef struct _krb5_keyblock {
+    krb5_magic magic;
+    krb5_enctype enctype;
+    unsigned int length;
+    krb5_octet *contents;
+} krb5_keyblock;
+
+struct krb5_key_st;
+/**
+ * Opaque identifier for a key.
+ *
+ * Use with the krb5_k APIs for better performance for repeated operations with
+ * the same key and usage.  Key identifiers must not be used simultaneously
+ * within multiple threads, as they may contain mutable internal state and are
+ * not mutex-protected.
+ */
+typedef struct krb5_key_st *krb5_key;
+
+#ifdef KRB5_OLD_CRYPTO
+typedef struct _krb5_encrypt_block {
+    krb5_magic magic;
+    krb5_enctype crypto_entry;          /* to call krb5_encrypt_size, you need
+                                           this.  it was a pointer, but it
+                                           doesn't have to be.  gross. */
+    krb5_keyblock *key;
+} krb5_encrypt_block;
+#endif
+
+typedef struct _krb5_checksum {
+    krb5_magic magic;
+    krb5_cksumtype checksum_type;       /* checksum type */
+    unsigned int length;
+    krb5_octet *contents;
+} krb5_checksum;
+
+typedef struct _krb5_enc_data {
+    krb5_magic magic;
+    krb5_enctype enctype;
+    krb5_kvno kvno;
+    krb5_data ciphertext;
+} krb5_enc_data;
+
+/**
+ * Structure to describe a region of text to be encrypted or decrypted.
+ *
+ * The @a flags member describes the type of the iov.
+ * The @a data member points to the memory that will be manipulated.
+ * All iov APIs take a pointer to the first element of an array of krb5_crypto_iov's
+ * along with the size of that array. Buffer contents are manipulated in-place;
+ * data is overwritten. Callers must allocate the right number of krb5_crypto_iov
+ * structures before calling into an iov API.
+ */
+typedef struct _krb5_crypto_iov {
+    krb5_cryptotype flags; /**< iov type (see KRB5_CRYPTO_TYPE macros) */
+    krb5_data data;
+} krb5_crypto_iov;
+
+/* per Kerberos v5 protocol spec */
+#define ENCTYPE_NULL            0x0000
+#define ENCTYPE_DES_CBC_CRC     0x0001  /**< @deprecated no longer supported */
+#define ENCTYPE_DES_CBC_MD4     0x0002  /**< @deprecated no longer supported */
+#define ENCTYPE_DES_CBC_MD5     0x0003  /**< @deprecated no longer supported */
+#define ENCTYPE_DES_CBC_RAW     0x0004  /**< @deprecated no longer supported */
+#define ENCTYPE_DES3_CBC_SHA    0x0005  /**< @deprecated DES-3 cbc with SHA1 */
+#define ENCTYPE_DES3_CBC_RAW    0x0006  /**< @deprecated DES-3 cbc mode raw */
+#define ENCTYPE_DES_HMAC_SHA1   0x0008  /**< @deprecated no longer supported */
+/* PKINIT */
+#define ENCTYPE_DSA_SHA1_CMS    0x0009  /**< DSA with SHA1, CMS signature */
+#define ENCTYPE_MD5_RSA_CMS     0x000a  /**< MD5 with RSA, CMS signature */
+#define ENCTYPE_SHA1_RSA_CMS    0x000b  /**< SHA1 with RSA, CMS signature */
+#define ENCTYPE_RC2_CBC_ENV     0x000c  /**< RC2 cbc mode, CMS enveloped data */
+#define ENCTYPE_RSA_ENV         0x000d  /**< RSA encryption, CMS enveloped data */
+#define ENCTYPE_RSA_ES_OAEP_ENV 0x000e  /**< RSA w/OEAP encryption, CMS enveloped data */
+#define ENCTYPE_DES3_CBC_ENV    0x000f  /**< DES-3 cbc mode, CMS enveloped data */
+
+#define ENCTYPE_DES3_CBC_SHA1               0x0010
+#define ENCTYPE_AES128_CTS_HMAC_SHA1_96     0x0011 /**< RFC 3962 */
+#define ENCTYPE_AES256_CTS_HMAC_SHA1_96     0x0012 /**< RFC 3962 */
+#define ENCTYPE_AES128_CTS_HMAC_SHA256_128  0x0013 /**< RFC 8009 */
+#define ENCTYPE_AES256_CTS_HMAC_SHA384_192  0x0014 /**< RFC 8009 */
+#define ENCTYPE_ARCFOUR_HMAC                0x0017 /**< RFC 4757 */
+#define ENCTYPE_ARCFOUR_HMAC_EXP            0x0018 /**< RFC 4757 */
+#define ENCTYPE_CAMELLIA128_CTS_CMAC        0x0019 /**< RFC 6803 */
+#define ENCTYPE_CAMELLIA256_CTS_CMAC        0x001a /**< RFC 6803 */
+#define ENCTYPE_UNKNOWN                     0x01ff
+
+/*
+ * Historically we used the value 9 for unkeyed SHA-1.  RFC 3961 assigns this
+ * value to rsa-md5-des3, which fortunately is unused.  For ABI compatibility
+ * we allow either 9 or 14 for SHA-1.
+ */
+#define CKSUMTYPE_CRC32         0x0001
+#define CKSUMTYPE_RSA_MD4       0x0002
+#define CKSUMTYPE_RSA_MD4_DES   0x0003
+#define CKSUMTYPE_DESCBC        0x0004
+/* des-mac-k */
+/* rsa-md4-des-k */
+#define CKSUMTYPE_RSA_MD5       0x0007
+#define CKSUMTYPE_RSA_MD5_DES   0x0008
+#define CKSUMTYPE_NIST_SHA      0x0009
+#define CKSUMTYPE_HMAC_SHA1_DES3      0x000c
+#define CKSUMTYPE_SHA1          0x000e /**< RFC 3961 */
+#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f /**< RFC 3962. Used with
+                                                ENCTYPE_AES128_CTS_HMAC_SHA1_96 */
+#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with
+                                                ENCTYPE_AES256_CTS_HMAC_SHA1_96 */
+#define CKSUMTYPE_HMAC_SHA256_128_AES128 0x0013 /**< RFC 8009 */
+#define CKSUMTYPE_HMAC_SHA384_192_AES256 0x0014 /**< RFC 8009 */
+#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011 /**< RFC 6803 */
+#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012 /**< RFC 6803 */
+#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /* Microsoft netlogon */
+#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /**< RFC 4757 */
+
+/* Constants for the deprecated krb5_c_random_add_entropy() */
+enum {
+    KRB5_C_RANDSOURCE_OLDAPI = 0,
+    KRB5_C_RANDSOURCE_OSRAND = 1,
+    KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2,
+    KRB5_C_RANDSOURCE_TIMING = 3,
+    KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4,
+    KRB5_C_RANDSOURCE_MAX = 5
+};
+
+#ifndef krb5_roundup
+/* round x up to nearest multiple of y */
+#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y))
+#endif /* roundup */
+
+/* macro function definitions to help clean up code */
+
+#if 1
+#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
+#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
+#else
+#define krb5_x(ptr,args) ((*(ptr)) args)
+#define krb5_xc(ptr,args) ((*(ptr)) args)
+#endif
+
+/**
+ * Encrypt data using a key (operates on keyblock).
+ *
+ * @param [in]     context      Library context
+ * @param [in]     key          Encryption key
+ * @param [in]     usage        Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in,out] cipher_state Cipher state; specify NULL if not needed
+ * @param [in]     input        Data to be encrypted
+ * @param [out]    output       Encrypted data
+ *
+ * This function encrypts the data block @a input and stores the output into @a
+ * output.  The actual encryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the encryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ *
+ * @note The caller must initialize @a output and allocate at least enough
+ * space for the result (using krb5_c_encrypt_length() to determine the amount
+ * of space needed).  @a output->length will be set to the actual length of the
+ * ciphertext.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_encrypt(krb5_context context, const krb5_keyblock *key,
+               krb5_keyusage usage, const krb5_data *cipher_state,
+               const krb5_data *input, krb5_enc_data *output);
+
+/**
+ * Decrypt data using a key (operates on keyblock).
+ *
+ * @param [in]     context      Library context
+ * @param [in]     key          Encryption key
+ * @param [in]     usage        Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in,out] cipher_state Cipher state; specify NULL if not needed
+ * @param [in]     input        Encrypted data
+ * @param [out]    output       Decrypted data
+ *
+ * This function decrypts the data block @a input and stores the output into @a
+ * output. The actual decryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the decryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ *
+ * @note The caller must initialize @a output and allocate at least enough
+ * space for the result.  The usual practice is to allocate an output buffer as
+ * long as the ciphertext, and let krb5_c_decrypt() trim @a output->length.
+ * For some enctypes, the resulting @a output->length may include padding
+ * bytes.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_decrypt(krb5_context context, const krb5_keyblock *key,
+               krb5_keyusage usage, const krb5_data *cipher_state,
+               const krb5_enc_data *input, krb5_data *output);
+
+/**
+ * Compute encrypted data length.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [in]  inputlen        Length of the data to be encrypted
+ * @param [out] length          Length of the encrypted data
+ *
+ * This function computes the length of the ciphertext produced by encrypting
+ * @a inputlen bytes including padding, confounder, and checksum.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
+                      size_t inputlen, size_t *length);
+
+/**
+ * Return cipher block size.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [out] blocksize       Block size for @a enctype
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_block_size(krb5_context context, krb5_enctype enctype,
+                  size_t *blocksize);
+
+/**
+ * Return length of the specified key in bytes.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [out] keybytes        Number of bytes required to make a key
+ * @param [out] keylength       Length of final key
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
+                  size_t *keybytes, size_t *keylength);
+
+/**
+ * Initialize a new cipher state.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  key             Key
+ * @param [in]  usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [out] new_state       New cipher state
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_init_state(krb5_context context, const krb5_keyblock *key,
+                  krb5_keyusage usage, krb5_data *new_state);
+
+/**
+ * Free a cipher state previously allocated by krb5_c_init_state().
+ *
+ * @param [in] context          Library context
+ * @param [in] key              Key
+ * @param [in] state            Cipher state to be freed
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
+                  krb5_data *state);
+
+/**
+ * Generate enctype-specific pseudo-random bytes.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keyblock        Key
+ * @param [in]  input           Input data
+ * @param [out] output          Output data
+ *
+ * This function selects a pseudo-random function based on @a keyblock and
+ * computes its value over @a input, placing the result into @a output.
+ * The caller must preinitialize @a output and allocate space for the
+ * result, using krb5_c_prf_length() to determine the required length.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf(krb5_context context, const krb5_keyblock *keyblock,
+           krb5_data *input, krb5_data *output);
+
+/**
+ * Get the output length of pseudo-random functions for an encryption type.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [out] len             Length of PRF output
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len);
+
+/**
+ * Generate pseudo-random bytes using RFC 6113 PRF+.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  k               KDC contribution key
+ * @param [in]  input           Input data
+ * @param [out] output          Pseudo-random output buffer
+ *
+ * This function fills @a output with PRF+(k, input) as defined in RFC 6113
+ * section 5.1.  The caller must preinitialize @a output and allocate the
+ * desired amount of space.  The length of the pseudo-random output will match
+ * the length of @a output.
+ *
+ * @note RFC 4402 defines a different PRF+ operation.  This function does not
+ * implement that operation.
+ *
+ * @return 0 on success, @c E2BIG if output->length is too large for PRF+ to
+ * generate, @c ENOMEM on allocation failure, or an error code from
+ * krb5_c_prf()
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_prfplus(krb5_context context, const krb5_keyblock *k,
+               const krb5_data *input, krb5_data *output);
+
+/**
+ * Derive a key using some input data (via RFC 6113 PRF+).
+ *
+ * @param [in]  context         Library context
+ * @param [in]  k               KDC contribution key
+ * @param [in]  input           Input string
+ * @param [in]  enctype         Output key enctype (or @c ENCTYPE_NULL)
+ * @param [out] out             Derived keyblock
+ *
+ * This function uses PRF+ as defined in RFC 6113 to derive a key from another
+ * key and an input string.  If @a enctype is @c ENCTYPE_NULL, the output key
+ * will have the same enctype as the input key.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_derive_prfplus(krb5_context context, const krb5_keyblock *k,
+                      const krb5_data *input, krb5_enctype enctype,
+                      krb5_keyblock **out);
+
+/**
+ * Compute the KRB-FX-CF2 combination of two keys and pepper strings.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  k1              KDC contribution key
+ * @param [in]  pepper1         String "PKINIT"
+ * @param [in]  k2              Reply key
+ * @param [in]  pepper2         String "KeyExchange"
+ * @param [out] out             Output key
+ *
+ * This function computes the KRB-FX-CF2 function over its inputs and places
+ * the results in a newly allocated keyblock.  This function is simple in that
+ * it assumes that @a pepper1 and @a pepper2 are C strings with no internal
+ * nulls and that the enctype of the result will be the same as that of @a k1.
+ * @a k1 and @a k2 may be of different enctypes.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_fx_cf2_simple(krb5_context context,
+                     const krb5_keyblock *k1, const char *pepper1,
+                     const krb5_keyblock *k2, const char *pepper2,
+                     krb5_keyblock **out);
+
+/**
+ * Generate an enctype-specific random encryption key.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type of the generated key
+ * @param [out] k5_random_key   An allocated and initialized keyblock
+ *
+ * Use krb5_free_keyblock_contents() to free @a k5_random_key when
+ * no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
+                       krb5_keyblock *k5_random_key);
+
+/**
+ * Generate an enctype-specific key from random data.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [in]  random_data     Random input data
+ * @param [out] k5_random_key   Resulting key
+ *
+ * This function takes random input data @a random_data and produces a valid
+ * key @a k5_random_key for a given @a enctype.
+ *
+ * @note It is assumed that @a k5_random_key has already been initialized and
+ * @a k5_random_key->contents has been allocated with the correct length.
+ *
+ * @sa krb5_c_keylengths()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
+                     krb5_data *random_data, krb5_keyblock *k5_random_key);
+
+/** @deprecated This call is no longer necessary. */
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+                          const krb5_data *data);
+
+/**
+ * Generate pseudo-random bytes.
+ *
+ * @param [in]  context         Library context
+ * @param [out] data            Random data
+ *
+ * Fills in @a data with bytes from the PRNG used by krb5 crypto operations.
+ * The caller must preinitialize @a data and allocate the desired amount of
+ * space.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *data);
+
+/** @deprecated This call is no longer necessary. */
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success);
+
+/** @deprecated This call is no longer necessary. */
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_seed(krb5_context context, krb5_data *data);
+
+/**
+ * Convert a string (such a password) to a key.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [in]  string          String to be converted
+ * @param [in]  salt            Salt value
+ * @param [out] key             Generated key
+ *
+ * This function converts @a string to a @a key of encryption type @a enctype,
+ * using the specified @a salt.  The newly created @a key must be released by
+ * calling krb5_free_keyblock_contents() when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key(krb5_context context, krb5_enctype enctype,
+                     const krb5_data *string, const krb5_data *salt,
+                     krb5_keyblock *key);
+
+/**
+ * Convert a string (such as a password) to a key with additional parameters.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [in]  string          String to be converted
+ * @param [in]  salt            Salt value
+ * @param [in]  params          Parameters
+ * @param [out] key             Generated key
+ *
+ * This function is similar to krb5_c_string_to_key(), but also takes
+ * parameters which may affect the algorithm in an enctype-dependent way.  The
+ * newly created @a key must be released by calling
+ * krb5_free_keyblock_contents() when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key_with_params(krb5_context context,
+                                 krb5_enctype enctype,
+                                 const krb5_data *string,
+                                 const krb5_data *salt,
+                                 const krb5_data *params,
+                                 krb5_keyblock *key);
+
+/**
+ * Compare two encryption types.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  e1              First encryption type
+ * @param [in]  e2              Second encryption type
+ * @param [out] similar         @c TRUE if types are similar, @c FALSE if not
+ *
+ * This function determines whether two encryption types use the same kind of
+ * keys.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
+                       krb5_boolean *similar);
+
+/**
+ * Compute a checksum (operates on keyblock).
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cksumtype       Checksum type (0 for mandatory type)
+ * @param [in]  key             Encryption key for a keyed checksum
+ * @param [in]  usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]  input           Input data
+ * @param [out] cksum           Generated checksum
+ *
+ * This function computes a checksum of type @a cksumtype over @a input, using
+ * @a key if the checksum type is a keyed checksum.  If @a cksumtype is 0 and
+ * @a key is non-null, the checksum type will be the mandatory-to-implement
+ * checksum type for the key's encryption type.  The actual checksum key will
+ * be derived from @a key and @a usage if key derivation is specified for the
+ * checksum type.  The newly created @a cksum must be released by calling
+ * krb5_free_checksum_contents() when it is no longer needed.
+ *
+ * @note This function is similar to krb5_k_make_checksum(), but operates
+ * on keyblock @a key.
+ *
+ * @sa krb5_c_verify_checksum()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+                     const krb5_keyblock *key, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum);
+
+/**
+ * Verify a checksum (operates on keyblock).
+ *
+ * @param [in]  context         Library context
+ * @param [in]  key             Encryption key for a keyed checksum
+ * @param [in]  usage           @a key usage
+ * @param [in]  data            Data to be used to compute a new checksum
+ *                              using @a key to compare @a cksum against
+ * @param [in]  cksum           Checksum to be verified
+ * @param [out] valid           Non-zero for success, zero for failure
+ *
+ * This function verifies that @a cksum is a valid checksum for @a data.  If
+ * the checksum type of @a cksum is a keyed checksum, @a key is used to verify
+ * the checksum.  If the checksum type in @a cksum is 0 and @a key is not NULL,
+ * the mandatory checksum type for @a key will be used.  The actual checksum
+ * key will be derived from @a key and @a usage if key derivation is specified
+ * for the checksum type.
+ *
+ * @note This function is similar to krb5_k_verify_checksum(), but operates
+ * on keyblock @a key.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid);
+
+/**
+ * Return the length of checksums for a checksum type.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cksumtype       Checksum type
+ * @param [out] length          Checksum length
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
+                       size_t *length);
+
+/**
+ * Return a list of keyed checksum types usable with an encryption type.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [out] count           Count of allowable checksum types
+ * @param [out] cksumtypes      Array of allowable checksum types
+ *
+ * Use krb5_free_cksumtypes() to free @a cksumtypes when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
+                            unsigned int *count, krb5_cksumtype **cksumtypes);
+
+#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS          1
+#define KRB5_KEYUSAGE_KDC_REP_TICKET            2
+#define KRB5_KEYUSAGE_AS_REP_ENCPART            3
+#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY        4
+#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY         5
+#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM        6
+#define KRB5_KEYUSAGE_TGS_REQ_AUTH              7
+#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY   8
+#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY    9
+#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM         10
+#define KRB5_KEYUSAGE_AP_REQ_AUTH               11
+#define KRB5_KEYUSAGE_AP_REP_ENCPART            12
+#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART          13
+#define KRB5_KEYUSAGE_KRB_CRED_ENCPART          14
+#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM            15
+#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT          16
+#define KRB5_KEYUSAGE_APP_DATA_CKSUM            17
+#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM           18
+#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM        19
+#define KRB5_KEYUSAGE_AD_MTE                    20
+#define KRB5_KEYUSAGE_AD_ITE                    21
+
+/* XXX need to register these */
+
+#define KRB5_KEYUSAGE_GSS_TOK_MIC               22
+#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG        23
+#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV         24
+
+/* Defined in Integrating SAM Mechanisms with Kerberos draft */
+#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM    25
+/* Note conflict with KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST */
+#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID  26
+/* Note conflict with KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY */
+#define KRB5_KEYUSAGE_PA_SAM_RESPONSE           27
+
+/* Defined in [MS-SFU] */
+/* Note conflict with KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID */
+#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST  26
+/* Note conflict with KRB5_KEYUSAGE_PA_SAM_RESPONSE */
+#define KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY    27
+
+/* unused */
+#define KRB5_KEYUSAGE_PA_REFERRAL               26
+
+#define KRB5_KEYUSAGE_AD_SIGNEDPATH             -21
+#define KRB5_KEYUSAGE_IAKERB_FINISHED           42
+#define KRB5_KEYUSAGE_PA_PKINIT_KX              44
+#define KRB5_KEYUSAGE_PA_OTP_REQUEST  45  /**< See RFC 6560 section 4.2 */
+/* define in draft-ietf-krb-wg-preauth-framework*/
+#define KRB5_KEYUSAGE_FAST_REQ_CHKSUM 50
+#define KRB5_KEYUSAGE_FAST_ENC 51
+#define KRB5_KEYUSAGE_FAST_REP 52
+#define KRB5_KEYUSAGE_FAST_FINISHED 53
+#define KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT 54
+#define KRB5_KEYUSAGE_ENC_CHALLENGE_KDC 55
+#define KRB5_KEYUSAGE_AS_REQ 56
+#define KRB5_KEYUSAGE_CAMMAC 64
+#define KRB5_KEYUSAGE_SPAKE 65
+
+/* Key usage values 512-1023 are reserved for uses internal to a Kerberos
+ * implementation. */
+#define KRB5_KEYUSAGE_PA_FX_COOKIE 513  /**< Used for encrypted FAST cookies */
+#define KRB5_KEYUSAGE_PA_AS_FRESHNESS 514  /**< Used for freshness tokens */
+
+/**
+ * Verify that a specified encryption type is a valid Kerberos encryption type.
+ *
+ * @param [in] ktype            Encryption type
+ *
+ * @return @c TRUE if @a ktype is valid, @c FALSE if not
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_c_valid_enctype(krb5_enctype ktype);
+
+/**
+ * Verify that specified checksum type is a valid Kerberos checksum type.
+ *
+ * @param [in] ctype            Checksum type
+ *
+ * @return @c TRUE if @a ctype is valid, @c FALSE if not
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_c_valid_cksumtype(krb5_cksumtype ctype);
+
+/**
+ * Test whether a checksum type is collision-proof.
+ *
+ * @param [in] ctype            Checksum type
+ *
+ * @return @c TRUE if @a ctype is collision-proof, @c FALSE if it is not
+ * collision-proof or not a valid checksum type.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype);
+
+/**
+ * Test whether a checksum type is keyed.
+ *
+ * @param [in] ctype            Checksum type
+ *
+ * @return @c TRUE if @a ctype is a keyed checksum type, @c FALSE otherwise.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_c_is_keyed_cksum(krb5_cksumtype ctype);
+
+/* AEAD APIs */
+#define KRB5_CRYPTO_TYPE_EMPTY      0   /**< [in] ignored */
+#define KRB5_CRYPTO_TYPE_HEADER     1   /**< [out] header */
+#define KRB5_CRYPTO_TYPE_DATA       2   /**< [in, out] plaintext */
+#define KRB5_CRYPTO_TYPE_SIGN_ONLY  3   /**< [in] associated data */
+#define KRB5_CRYPTO_TYPE_PADDING    4   /**< [out] padding */
+#define KRB5_CRYPTO_TYPE_TRAILER    5   /**< [out] checksum for encrypt */
+#define KRB5_CRYPTO_TYPE_CHECKSUM   6   /**< [out] checksum for MIC */
+#define KRB5_CRYPTO_TYPE_STREAM     7   /**< [in] entire message without
+                                           decomposing the structure into
+                                           header, data and trailer buffers */
+
+/**
+ * Fill in a checksum element in IOV array (operates on keyblock)
+ *
+ * @param [in]     context         Library context
+ * @param [in]     cksumtype       Checksum type (0 for mandatory type)
+ * @param [in]     key             Encryption key for a keyed checksum
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in,out] data            IOV array
+ * @param [in]     num_data        Size of @a data
+ *
+ * Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over
+ * #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in @a data.
+ * Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified.
+ *
+ * @note This function is similar to krb5_k_make_checksum_iov(), but operates
+ * on keyblock @a key.
+ *
+ * @sa krb5_c_verify_checksum_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+                         const krb5_keyblock *key, krb5_keyusage usage,
+                         krb5_crypto_iov *data, size_t num_data);
+
+/**
+ * Validate a checksum element in IOV array (operates on keyblock).
+ *
+ * @param [in]     context         Library context
+ * @param [in]     cksumtype       Checksum type (0 for mandatory type)
+ * @param [in]     key             Encryption key for a keyed checksum
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]     data            IOV array
+ * @param [in]     num_data        Size of @a data
+ * @param [out]    valid           Non-zero for success, zero for failure
+ *
+ * Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a
+ * valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY
+ * regions in the iov.
+ *
+ * @note This function is similar to krb5_k_verify_checksum_iov(), but operates
+ * on keyblock @a key.
+ *
+ * @sa krb5_c_make_checksum_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+                           const krb5_keyblock *key, krb5_keyusage usage,
+                           const krb5_crypto_iov *data, size_t num_data,
+                           krb5_boolean *valid);
+
+/**
+ * Encrypt data in place supporting AEAD (operates on keyblock).
+ *
+ * @param [in]     context         Library context
+ * @param [in]     keyblock        Encryption key
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]     cipher_state    Cipher state; specify NULL if not needed
+ * @param [in,out] data            IOV array. Modified in-place.
+ * @param [in]     num_data        Size of @a data
+ *
+ * This function encrypts the data block @a data and stores the output in-place.
+ * The actual encryption key will be derived from @a keyblock and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the encryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ * The caller must allocate the right number of krb5_crypto_iov
+ * structures before calling into this API.
+ *
+ * @note On return from a krb5_c_encrypt_iov() call, the @a data->length in the
+ * iov structure are adjusted to reflect actual lengths of the ciphertext used.
+ * For example, if the padding length is too large, the length will be reduced.
+ * Lengths are never increased.
+ *
+ * @note This function is similar to krb5_k_encrypt_iov(), but operates
+ * on keyblock @a keyblock.
+ *
+ * @sa krb5_c_decrypt_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                   krb5_keyusage usage, const krb5_data *cipher_state,
+                   krb5_crypto_iov *data, size_t num_data);
+
+/**
+ * Decrypt data in place supporting AEAD (operates on keyblock).
+ *
+ * @param [in]     context         Library context
+ * @param [in]     keyblock        Encryption key
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]     cipher_state    Cipher state; specify NULL if not needed
+ * @param [in,out] data            IOV array. Modified in-place.
+ * @param [in]     num_data        Size of @a data
+ *
+ * This function decrypts the data block @a data and stores the output in-place.
+ * The actual decryption key will be derived from @a keyblock and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the decryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ * The caller must allocate the right number of krb5_crypto_iov
+ * structures before calling into this API.
+ *
+ * @note On return from a krb5_c_decrypt_iov() call, the @a data->length in the
+ * iov structure are adjusted to reflect actual lengths of the ciphertext used.
+ * For example, if the padding length is too large, the length will be reduced.
+ * Lengths are never increased.
+ *
+ * @note This function is similar to krb5_k_decrypt_iov(), but operates
+ * on keyblock @a keyblock.
+ *
+ * @sa krb5_c_decrypt_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                   krb5_keyusage usage, const krb5_data *cipher_state,
+                   krb5_crypto_iov *data, size_t num_data);
+
+/**
+ * Return a length of a message field specific to the encryption type.
+ *
+ * @param [in]  context      Library context
+ * @param [in]  enctype      Encryption type
+ * @param [in]  type         Type field (See KRB5_CRYPTO_TYPE macros)
+ * @param [out] size         Length of the @a type specific to @a enctype
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
+                     krb5_cryptotype type, unsigned int *size);
+
+/**
+ * Fill in lengths for header, trailer and padding in a IOV array.
+ *
+ * @param [in]      context      Library context
+ * @param [in]      enctype      Encryption type
+ * @param [in,out]  data         IOV array
+ * @param [in]      num_data     Size of @a data
+ *
+ * Padding is set to the actual padding required based on the provided
+ * @a data buffers. Typically this API is used after setting up the data
+ * buffers and #KRB5_CRYPTO_TYPE_SIGN_ONLY buffers, but before actually
+ * allocating header, trailer and padding.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
+                         krb5_crypto_iov *data, size_t num_data);
+
+/**
+ * Return a number of padding octets.
+ *
+ * @param [in]  context      Library context
+ * @param [in]  enctype      Encryption type
+ * @param [in]  data_length  Length of the plaintext to pad
+ * @param [out] size         Number of padding octets
+ *
+ * This function returns the number of the padding octets required to pad
+ * @a data_length octets of plaintext.
+ *
+ * @retval 0 Success; otherwise - KRB5_BAD_ENCTYPE
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
+                      size_t data_length, unsigned int *size);
+
+/**
+ * Create a krb5_key from the enctype and key data in a keyblock.
+ *
+ * @param [in]  context      Library context
+ * @param [in]  key_data     Keyblock
+ * @param [out] out          Opaque key
+ *
+ * The reference count on a key @a out is set to 1.
+ * Use krb5_k_free_key() to free @a out when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - KRB5_BAD_ENCTYPE
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
+                  krb5_key *out);
+
+/** Increment the reference count on a key. */
+void KRB5_CALLCONV
+krb5_k_reference_key(krb5_context context, krb5_key key);
+
+/** Decrement the reference count on a key and free it if it hits zero. */
+void KRB5_CALLCONV
+krb5_k_free_key(krb5_context context, krb5_key key);
+
+/** Retrieve a copy of the keyblock from a krb5_key structure. */
+krb5_error_code KRB5_CALLCONV
+krb5_k_key_keyblock(krb5_context context, krb5_key key,
+                    krb5_keyblock **key_data);
+
+/** Retrieve the enctype of a krb5_key structure. */
+krb5_enctype KRB5_CALLCONV
+krb5_k_key_enctype(krb5_context context, krb5_key key);
+
+/**
+ * Encrypt data using a key (operates on opaque key).
+ *
+ * @param [in]     context      Library context
+ * @param [in]     key          Encryption key
+ * @param [in]     usage        Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in,out] cipher_state Cipher state; specify NULL if not needed
+ * @param [in]     input        Data to be encrypted
+ * @param [out]    output       Encrypted data
+ *
+ * This function encrypts the data block @a input and stores the output into @a
+ * output.  The actual encryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the encryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ *
+ * @note The caller must initialize @a output and allocate at least enough
+ * space for the result (using krb5_c_encrypt_length() to determine the amount
+ * of space needed).  @a output->length will be set to the actual length of the
+ * ciphertext.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
+               const krb5_data *cipher_state, const krb5_data *input,
+               krb5_enc_data *output);
+
+/**
+ * Encrypt data in place supporting AEAD (operates on opaque key).
+ *
+ * @param [in]     context         Library context
+ * @param [in]     key             Encryption key
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]     cipher_state    Cipher state; specify NULL if not needed
+ * @param [in,out] data            IOV array. Modified in-place.
+ * @param [in]     num_data        Size of @a data
+ *
+ * This function encrypts the data block @a data and stores the output in-place.
+ * The actual encryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the encryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ * The caller must allocate the right number of krb5_crypto_iov
+ * structures before calling into this API.
+ *
+ * @note On return from a krb5_c_encrypt_iov() call, the @a data->length in the
+ * iov structure are adjusted to reflect actual lengths of the ciphertext used.
+ * For example, if the padding length is too large, the length will be reduced.
+ * Lengths are never increased.
+ *
+ * @note This function is similar to krb5_c_encrypt_iov(), but operates
+ * on opaque key @a key.
+ *
+ * @sa krb5_k_decrypt_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                   const krb5_data *cipher_state, krb5_crypto_iov *data,
+                   size_t num_data);
+
+/**
+ * Decrypt data using a key (operates on opaque key).
+ *
+ * @param [in]     context      Library context
+ * @param [in]     key          Encryption key
+ * @param [in]     usage        Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in,out] cipher_state Cipher state; specify NULL if not needed
+ * @param [in]     input        Encrypted data
+ * @param [out]    output       Decrypted data
+ *
+ * This function decrypts the data block @a input and stores the output into @a
+ * output. The actual decryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the decryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ *
+ * @note The caller must initialize @a output and allocate at least enough
+ * space for the result.  The usual practice is to allocate an output buffer as
+ * long as the ciphertext, and let krb5_c_decrypt() trim @a output->length.
+ * For some enctypes, the resulting @a output->length may include padding
+ * bytes.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
+               const krb5_data *cipher_state, const krb5_enc_data *input,
+               krb5_data *output);
+
+/**
+ * Decrypt data in place supporting AEAD (operates on opaque key).
+ *
+ * @param [in]     context         Library context
+ * @param [in]     key             Encryption key
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]     cipher_state    Cipher state; specify NULL if not needed
+ * @param [in,out] data            IOV array. Modified in-place.
+ * @param [in]     num_data        Size of @a data
+ *
+ * This function decrypts the data block @a data and stores the output in-place.
+ * The actual decryption key will be derived from @a key and @a usage
+ * if key derivation is specified for the encryption type.  If non-null, @a
+ * cipher_state specifies the beginning state for the decryption operation, and
+ * is updated with the state to be passed as input to the next operation.
+ * The caller must allocate the right number of krb5_crypto_iov
+ * structures before calling into this API.
+ *
+ * @note On return from a krb5_c_decrypt_iov() call, the @a data->length in the
+ * iov structure are adjusted to reflect actual lengths of the ciphertext used.
+ * For example, if the padding length is too large, the length will be reduced.
+ * Lengths are never increased.
+ *
+ * @note This function is similar to krb5_c_decrypt_iov(), but operates
+ * on opaque key @a key.
+ *
+ * @sa krb5_k_encrypt_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                   const krb5_data *cipher_state, krb5_crypto_iov *data,
+                   size_t num_data);
+/**
+ * Compute a checksum (operates on opaque key).
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cksumtype       Checksum type (0 for mandatory type)
+ * @param [in]  key             Encryption key for a keyed checksum
+ * @param [in]  usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]  input           Input data
+ * @param [out] cksum           Generated checksum
+ *
+ * This function computes a checksum of type @a cksumtype over @a input, using
+ * @a key if the checksum type is a keyed checksum.  If @a cksumtype is 0 and
+ * @a key is non-null, the checksum type will be the mandatory-to-implement
+ * checksum type for the key's encryption type.  The actual checksum key will
+ * be derived from @a key and @a usage if key derivation is specified for the
+ * checksum type.  The newly created @a cksum must be released by calling
+ * krb5_free_checksum_contents() when it is no longer needed.
+ *
+ * @note This function is similar to krb5_c_make_checksum(), but operates
+ * on opaque @a key.
+ *
+ * @sa krb5_c_verify_checksum()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+                     krb5_key key, krb5_keyusage usage, const krb5_data *input,
+                     krb5_checksum *cksum);
+
+/**
+ * Fill in a checksum element in IOV array (operates on opaque key)
+ *
+ * @param [in]     context         Library context
+ * @param [in]     cksumtype       Checksum type (0 for mandatory type)
+ * @param [in]     key             Encryption key for a keyed checksum
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in,out] data            IOV array
+ * @param [in]     num_data        Size of @a data
+ *
+ * Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over
+ * #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in @a data.
+ * Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified.
+ *
+ * @note This function is similar to krb5_c_make_checksum_iov(), but operates
+ * on opaque @a key.
+ *
+ * @sa krb5_k_verify_checksum_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+                         krb5_key key, krb5_keyusage usage,
+                         krb5_crypto_iov *data, size_t num_data);
+
+/**
+ * Verify a checksum (operates on opaque key).
+ *
+ * @param [in]  context         Library context
+ * @param [in]  key             Encryption key for a keyed checksum
+ * @param [in]  usage           @a key usage
+ * @param [in]  data            Data to be used to compute a new checksum
+ *                              using @a key to compare @a cksum against
+ * @param [in]  cksum           Checksum to be verified
+ * @param [out] valid           Non-zero for success, zero for failure
+ *
+ * This function verifies that @a cksum is a valid checksum for @a data.  If
+ * the checksum type of @a cksum is a keyed checksum, @a key is used to verify
+ * the checksum.  If the checksum type in @a cksum is 0 and @a key is not NULL,
+ * the mandatory checksum type for @a key will be used.  The actual checksum
+ * key will be derived from @a key and @a usage if key derivation is specified
+ * for the checksum type.
+ *
+ * @note This function is similar to krb5_c_verify_checksum(), but operates
+ * on opaque @a key.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage,
+                       const krb5_data *data, const krb5_checksum *cksum,
+                       krb5_boolean *valid);
+
+/**
+ * Validate a checksum element in IOV array (operates on opaque key).
+ *
+ * @param [in]     context         Library context
+ * @param [in]     cksumtype       Checksum type (0 for mandatory type)
+ * @param [in]     key             Encryption key for a keyed checksum
+ * @param [in]     usage           Key usage (see KRB5_KEYUSAGE macros)
+ * @param [in]     data            IOV array
+ * @param [in]     num_data        Size of @a data
+ * @param [out]    valid           Non-zero for success, zero for failure
+ *
+ * Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a
+ * valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY
+ * regions in the iov.
+ *
+ * @note This function is similar to krb5_c_verify_checksum_iov(), but operates
+ * on opaque @a key.
+ *
+ * @sa krb5_k_make_checksum_iov()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+                           krb5_key key, krb5_keyusage usage,
+                           const krb5_crypto_iov *data, size_t num_data,
+                           krb5_boolean *valid);
+
+/**
+ * Generate enctype-specific pseudo-random bytes (operates on opaque key).
+ *
+ * @param [in]  context      Library context
+ * @param [in]  key          Key
+ * @param [in]  input        Input data
+ * @param [out] output       Output data
+ *
+ * This function selects a pseudo-random function based on @a key and
+ * computes its value over @a input, placing the result into @a output.
+ * The caller must preinitialize @a output and allocate space for the
+ * result.
+ *
+ * @note This function is similar to krb5_c_prf(), but operates
+ * on opaque @a key.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_k_prf(krb5_context context, krb5_key key, krb5_data *input, krb5_data *output);
+
+#ifdef KRB5_OLD_CRYPTO
+/*
+ * old cryptosystem routine prototypes.  These are now layered
+ * on top of the functions above.
+ */
+/** @deprecated Replaced by krb5_c_* API family.*/
+krb5_error_code KRB5_CALLCONV
+krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_process_key(krb5_context context, krb5_encrypt_block *eblock,
+                 const krb5_keyblock * key);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_finish_key(krb5_context context, krb5_encrypt_block * eblock);
+
+/** @deprecated See krb5_c_string_to_key() */
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock,
+                   krb5_keyblock * keyblock, const krb5_data *data,
+                   const krb5_data *salt);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+                     const krb5_keyblock *keyblock, krb5_pointer *ptr);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+                       krb5_pointer *ptr);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+                krb5_pointer ptr, krb5_keyblock **keyblock);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_enctype KRB5_CALLCONV
+krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+krb5_error_code KRB5_CALLCONV
+krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock,
+                 krb5_enctype enctype);
+
+/** @deprecated Replaced by krb5_c_* API family. */
+size_t KRB5_CALLCONV
+krb5_encrypt_size(size_t length, krb5_enctype crypto);
+
+/** @deprecated See krb5_c_checksum_length() */
+size_t KRB5_CALLCONV
+krb5_checksum_size(krb5_context context, krb5_cksumtype ctype);
+
+/** @deprecated See krb5_c_make_checksum() */
+krb5_error_code KRB5_CALLCONV
+krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
+                        krb5_const_pointer in, size_t in_length,
+                        krb5_const_pointer seed, size_t seed_length,
+                        krb5_checksum * outcksum);
+
+/** @deprecated See krb5_c_verify_checksum() */
+krb5_error_code KRB5_CALLCONV
+krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
+                     const krb5_checksum * cksum, krb5_const_pointer in,
+                     size_t in_length, krb5_const_pointer seed,
+                     size_t seed_length);
+
+#endif /* KRB5_OLD_CRYPTO */
+
+/*
+ * end "encryption.h"
+ */
+
+/*
+ * begin "fieldbits.h"
+ */
+
+/* kdc_options for kdc_request */
+/* options is 32 bits; each host is responsible to put the 4 bytes
+   representing these bits into net order before transmission */
+/* #define      KDC_OPT_RESERVED        0x80000000 */
+#define KDC_OPT_FORWARDABLE             0x40000000
+#define KDC_OPT_FORWARDED               0x20000000
+#define KDC_OPT_PROXIABLE               0x10000000
+#define KDC_OPT_PROXY                   0x08000000
+#define KDC_OPT_ALLOW_POSTDATE          0x04000000
+#define KDC_OPT_POSTDATED               0x02000000
+/* #define      KDC_OPT_UNUSED          0x01000000 */
+#define KDC_OPT_RENEWABLE               0x00800000
+/* #define      KDC_OPT_UNUSED          0x00400000 */
+/* #define      KDC_OPT_RESERVED        0x00200000 */
+/* #define      KDC_OPT_RESERVED        0x00100000 */
+/* #define      KDC_OPT_RESERVED        0x00080000 */
+/* #define      KDC_OPT_RESERVED        0x00040000 */
+#define KDC_OPT_CNAME_IN_ADDL_TKT       0x00020000
+#define KDC_OPT_CANONICALIZE            0x00010000
+#define KDC_OPT_REQUEST_ANONYMOUS       0x00008000
+/* #define      KDC_OPT_RESERVED        0x00004000 */
+/* #define      KDC_OPT_RESERVED        0x00002000 */
+/* #define      KDC_OPT_RESERVED        0x00001000 */
+/* #define      KDC_OPT_RESERVED        0x00000800 */
+/* #define      KDC_OPT_RESERVED        0x00000400 */
+/* #define      KDC_OPT_RESERVED        0x00000200 */
+/* #define      KDC_OPT_RESERVED        0x00000100 */
+/* #define      KDC_OPT_RESERVED        0x00000080 */
+/* #define      KDC_OPT_RESERVED        0x00000040 */
+#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020
+#define KDC_OPT_RENEWABLE_OK            0x00000010
+#define KDC_OPT_ENC_TKT_IN_SKEY         0x00000008
+/* #define      KDC_OPT_UNUSED          0x00000004 */
+#define KDC_OPT_RENEW                   0x00000002
+#define KDC_OPT_VALIDATE                0x00000001
+
+/*
+ * Mask of ticket flags in the TGT which should be converted into KDC
+ * options when using the TGT to get derivative tickets.
+ *
+ *  New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
+ *             KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
+ */
+#define KDC_TKT_COMMON_MASK             0x54800000
+
+/* definitions for ap_options fields */
+
+/*
+ * ap_options are 32 bits; each host is responsible to put the 4 bytes
+ * representing these bits into net order before transmission
+ */
+#define AP_OPTS_RESERVED           0x80000000
+#define AP_OPTS_USE_SESSION_KEY    0x40000000 /**< Use session key */
+#define AP_OPTS_MUTUAL_REQUIRED    0x20000000 /**< Perform a mutual
+                                                 authentication exchange */
+#define AP_OPTS_ETYPE_NEGOTIATION  0x00000002
+#define AP_OPTS_USE_SUBKEY         0x00000001 /**< Generate a subsession key
+                                                 from the current session key
+                                                 obtained from the
+                                                 credentials */
+/* #define      AP_OPTS_RESERVED        0x10000000 */
+/* #define      AP_OPTS_RESERVED        0x08000000 */
+/* #define      AP_OPTS_RESERVED        0x04000000 */
+/* #define      AP_OPTS_RESERVED        0x02000000 */
+/* #define      AP_OPTS_RESERVED        0x01000000 */
+/* #define      AP_OPTS_RESERVED        0x00800000 */
+/* #define      AP_OPTS_RESERVED        0x00400000 */
+/* #define      AP_OPTS_RESERVED        0x00200000 */
+/* #define      AP_OPTS_RESERVED        0x00100000 */
+/* #define      AP_OPTS_RESERVED        0x00080000 */
+/* #define      AP_OPTS_RESERVED        0x00040000 */
+/* #define      AP_OPTS_RESERVED        0x00020000 */
+/* #define      AP_OPTS_RESERVED        0x00010000 */
+/* #define      AP_OPTS_RESERVED        0x00008000 */
+/* #define      AP_OPTS_RESERVED        0x00004000 */
+/* #define      AP_OPTS_RESERVED        0x00002000 */
+/* #define      AP_OPTS_RESERVED        0x00001000 */
+/* #define      AP_OPTS_RESERVED        0x00000800 */
+/* #define      AP_OPTS_RESERVED        0x00000400 */
+/* #define      AP_OPTS_RESERVED        0x00000200 */
+/* #define      AP_OPTS_RESERVED        0x00000100 */
+/* #define      AP_OPTS_RESERVED        0x00000080 */
+/* #define      AP_OPTS_RESERVED        0x00000040 */
+/* #define      AP_OPTS_RESERVED        0x00000020 */
+/* #define      AP_OPTS_RESERVED        0x00000010 */
+/* #define      AP_OPTS_RESERVED        0x00000008 */
+/* #define      AP_OPTS_RESERVED        0x00000004 */
+
+
+#define AP_OPTS_WIRE_MASK               0xfffffff0
+
+/* definitions for ad_type fields. */
+#define AD_TYPE_RESERVED        0x8000
+#define AD_TYPE_EXTERNAL        0x4000
+#define AD_TYPE_REGISTERED      0x2000
+
+#define AD_TYPE_FIELD_TYPE_MASK 0x1fff
+
+/* Ticket flags */
+/* flags are 32 bits; each host is responsible to put the 4 bytes
+   representing these bits into net order before transmission */
+/* #define      TKT_FLG_RESERVED        0x80000000 */
+#define TKT_FLG_FORWARDABLE             0x40000000
+#define TKT_FLG_FORWARDED               0x20000000
+#define TKT_FLG_PROXIABLE               0x10000000
+#define TKT_FLG_PROXY                   0x08000000
+#define TKT_FLG_MAY_POSTDATE            0x04000000
+#define TKT_FLG_POSTDATED               0x02000000
+#define TKT_FLG_INVALID                 0x01000000
+#define TKT_FLG_RENEWABLE               0x00800000
+#define TKT_FLG_INITIAL                 0x00400000
+#define TKT_FLG_PRE_AUTH                0x00200000
+#define TKT_FLG_HW_AUTH                 0x00100000
+#define TKT_FLG_TRANSIT_POLICY_CHECKED  0x00080000
+#define TKT_FLG_OK_AS_DELEGATE          0x00040000
+#define TKT_FLG_ENC_PA_REP              0x00010000
+#define TKT_FLG_ANONYMOUS               0x00008000
+/* #define      TKT_FLG_RESERVED        0x00004000 */
+/* #define      TKT_FLG_RESERVED        0x00002000 */
+/* #define      TKT_FLG_RESERVED        0x00001000 */
+/* #define      TKT_FLG_RESERVED        0x00000800 */
+/* #define      TKT_FLG_RESERVED        0x00000400 */
+/* #define      TKT_FLG_RESERVED        0x00000200 */
+/* #define      TKT_FLG_RESERVED        0x00000100 */
+/* #define      TKT_FLG_RESERVED        0x00000080 */
+/* #define      TKT_FLG_RESERVED        0x00000040 */
+/* #define      TKT_FLG_RESERVED        0x00000020 */
+/* #define      TKT_FLG_RESERVED        0x00000010 */
+/* #define      TKT_FLG_RESERVED        0x00000008 */
+/* #define      TKT_FLG_RESERVED        0x00000004 */
+/* #define      TKT_FLG_RESERVED        0x00000002 */
+/* #define      TKT_FLG_RESERVED        0x00000001 */
+
+/* definitions for lr_type fields. */
+#define LR_TYPE_THIS_SERVER_ONLY        0x8000
+
+#define LR_TYPE_INTERPRETATION_MASK     0x7fff
+
+/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */
+#define MSEC_DIRBIT             0x8000
+#define MSEC_VAL_MASK           0x7fff
+
+/*
+ * end "fieldbits.h"
+ */
+
+/*
+ * begin "proto.h"
+ */
+
+/** Protocol version number */
+#define KRB5_PVNO       5
+
+/* Message types */
+
+#define KRB5_AS_REQ   ((krb5_msgtype)10) /**< Initial authentication request */
+#define KRB5_AS_REP   ((krb5_msgtype)11) /**< Response to AS request */
+#define KRB5_TGS_REQ  ((krb5_msgtype)12) /**< Ticket granting server request */
+#define KRB5_TGS_REP  ((krb5_msgtype)13) /**< Response to TGS request */
+#define KRB5_AP_REQ   ((krb5_msgtype)14) /**< Auth req to application server */
+#define KRB5_AP_REP   ((krb5_msgtype)15) /**< Response to mutual AP request */
+#define KRB5_SAFE     ((krb5_msgtype)20) /**< Safe application message */
+#define KRB5_PRIV     ((krb5_msgtype)21) /**< Private application message */
+#define KRB5_CRED     ((krb5_msgtype)22) /**< Cred forwarding message */
+#define KRB5_ERROR    ((krb5_msgtype)30) /**< Error response */
+
+/* LastReq types */
+#define KRB5_LRQ_NONE                   0
+#define KRB5_LRQ_ALL_LAST_TGT           1
+#define KRB5_LRQ_ONE_LAST_TGT           (-1)
+#define KRB5_LRQ_ALL_LAST_INITIAL       2
+#define KRB5_LRQ_ONE_LAST_INITIAL       (-2)
+#define KRB5_LRQ_ALL_LAST_TGT_ISSUED    3
+#define KRB5_LRQ_ONE_LAST_TGT_ISSUED    (-3)
+#define KRB5_LRQ_ALL_LAST_RENEWAL       4
+#define KRB5_LRQ_ONE_LAST_RENEWAL       (-4)
+#define KRB5_LRQ_ALL_LAST_REQ           5
+#define KRB5_LRQ_ONE_LAST_REQ           (-5)
+#define KRB5_LRQ_ALL_PW_EXPTIME         6
+#define KRB5_LRQ_ONE_PW_EXPTIME         (-6)
+#define KRB5_LRQ_ALL_ACCT_EXPTIME       7
+#define KRB5_LRQ_ONE_ACCT_EXPTIME       (-7)
+
+/* PADATA types */
+#define KRB5_PADATA_NONE                0
+#define KRB5_PADATA_AP_REQ              1
+#define KRB5_PADATA_TGS_REQ             KRB5_PADATA_AP_REQ
+#define KRB5_PADATA_ENC_TIMESTAMP       2 /**< RFC 4120 */
+#define KRB5_PADATA_PW_SALT             3 /**< RFC 4120 */
+#if 0                           /* Not used */
+#define KRB5_PADATA_ENC_ENCKEY          4  /* Key encrypted within itself */
+#endif
+#define KRB5_PADATA_ENC_UNIX_TIME       5  /**< timestamp encrypted in key. RFC 4120 */
+#define KRB5_PADATA_ENC_SANDIA_SECURID  6  /**< SecurId passcode. RFC 4120 */
+#define KRB5_PADATA_SESAME              7  /**< Sesame project. RFC 4120 */
+#define KRB5_PADATA_OSF_DCE             8  /**< OSF DCE. RFC 4120 */
+#define KRB5_CYBERSAFE_SECUREID         9  /**< Cybersafe. RFC 4120 */
+#define KRB5_PADATA_AFS3_SALT           10 /**< Cygnus. RFC 4120, 3961 */
+#define KRB5_PADATA_ETYPE_INFO          11 /**< Etype info for preauth. RFC 4120 */
+#define KRB5_PADATA_SAM_CHALLENGE       12 /**< SAM/OTP */
+#define KRB5_PADATA_SAM_RESPONSE        13 /**< SAM/OTP */
+#define KRB5_PADATA_PK_AS_REQ_OLD       14 /**< PKINIT */
+#define KRB5_PADATA_PK_AS_REP_OLD       15 /**< PKINIT */
+#define KRB5_PADATA_PK_AS_REQ           16 /**< PKINIT. RFC 4556 */
+#define KRB5_PADATA_PK_AS_REP           17 /**< PKINIT. RFC 4556 */
+#define KRB5_PADATA_ETYPE_INFO2         19 /**< RFC 4120 */
+#define KRB5_PADATA_USE_SPECIFIED_KVNO  20 /**< RFC 4120 */
+#define KRB5_PADATA_SVR_REFERRAL_INFO   20 /**< Windows 2000 referrals. RFC 6820 */
+#define KRB5_PADATA_SAM_REDIRECT        21 /**< SAM/OTP. RFC 4120 */
+#define KRB5_PADATA_GET_FROM_TYPED_DATA 22 /**< Embedded in typed data. RFC 4120 */
+#define KRB5_PADATA_REFERRAL            25 /**< draft referral system */
+#define KRB5_PADATA_SAM_CHALLENGE_2     30 /**< draft challenge system, updated */
+#define KRB5_PADATA_SAM_RESPONSE_2      31 /**< draft challenge system, updated */
+/* MS-KILE */
+#define KRB5_PADATA_PAC_REQUEST         128 /**< include Windows PAC */
+#define KRB5_PADATA_FOR_USER            129 /**< username protocol transition request */
+#define KRB5_PADATA_S4U_X509_USER       130 /**< certificate protocol transition request */
+#define KRB5_PADATA_AS_CHECKSUM         132 /**< AS checksum */
+#define KRB5_PADATA_FX_COOKIE           133 /**< RFC 6113 */
+#define KRB5_PADATA_FX_FAST             136 /**< RFC 6113 */
+#define KRB5_PADATA_FX_ERROR            137 /**< RFC 6113 */
+#define KRB5_PADATA_ENCRYPTED_CHALLENGE 138 /**< RFC 6113 */
+#define KRB5_PADATA_OTP_CHALLENGE       141 /**< RFC 6560 section 4.1 */
+#define KRB5_PADATA_OTP_REQUEST         142 /**< RFC 6560 section 4.2 */
+#define KRB5_PADATA_OTP_PIN_CHANGE      144 /**< RFC 6560 section 4.3 */
+#define KRB5_PADATA_PKINIT_KX           147 /**< RFC 6112 */
+#define KRB5_ENCPADATA_REQ_ENC_PA_REP   149 /**< RFC 6806 */
+#define KRB5_PADATA_AS_FRESHNESS        150 /**< RFC 8070 */
+#define KRB5_PADATA_SPAKE               151
+#define KRB5_PADATA_REDHAT_IDP_OAUTH2   152 /**< Red Hat IdP mechanism */
+#define KRB5_PADATA_REDHAT_PASSKEY      153 /**< Red Hat Passkey mechanism */
+#define KRB5_PADATA_PAC_OPTIONS         167 /**< MS-KILE and MS-SFU */
+
+#define KRB5_SAM_USE_SAD_AS_KEY         0x80000000
+#define KRB5_SAM_SEND_ENCRYPTED_SAD     0x40000000
+#define KRB5_SAM_MUST_PK_ENCRYPT_SAD    0x20000000 /**< currently must be zero */
+
+/** Transited encoding types */
+#define KRB5_DOMAIN_X500_COMPRESS               1
+
+/** alternate authentication types */
+#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE     64
+
+/* authorization data types. See RFC 4120 section 5.2.6 */
+
+#define KRB5_AUTHDATA_IF_RELEVANT   1
+#define KRB5_AUTHDATA_KDC_ISSUED    4
+#define KRB5_AUTHDATA_AND_OR        5
+#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8
+#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS      9
+#define KRB5_AUTHDATA_OSF_DCE   64
+#define KRB5_AUTHDATA_SESAME    65
+#define KRB5_AUTHDATA_CAMMAC    96
+#define KRB5_AUTHDATA_WIN2K_PAC 128
+#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129     /**< RFC 4537 */
+#define KRB5_AUTHDATA_SIGNTICKET        512     /**< @deprecated use PAC */
+#define KRB5_AUTHDATA_FX_ARMOR 71
+#define KRB5_AUTHDATA_AUTH_INDICATOR 97
+#define KRB5_AUTHDATA_AP_OPTIONS 143
+
+/* password change constants */
+#define KRB5_KPASSWD_SUCCESS            0  /**< Success */
+#define KRB5_KPASSWD_MALFORMED          1  /**< Malformed request */
+#define KRB5_KPASSWD_HARDERROR          2  /**< Server error */
+#define KRB5_KPASSWD_AUTHERROR          3  /**< Authentication error */
+#define KRB5_KPASSWD_SOFTERROR          4  /**< Password change rejected */
+/* These are Microsoft's extensions in RFC 3244, and it looks like
+   they'll become standardized, possibly with other additions.  */
+#define KRB5_KPASSWD_ACCESSDENIED       5  /**< Not authorized */
+#define KRB5_KPASSWD_BAD_VERSION        6  /**< Unknown RPC version */
+/** The presented credentials were not obtained using a password directly */
+#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
+
+/*
+ * end "proto.h"
+ */
+
+/* Time set */
+/** Ticket start time, end time, and renewal duration. */
+typedef struct _krb5_ticket_times {
+    krb5_timestamp authtime;    /**< Time at which KDC issued the initial ticket that corresponds to this ticket */
+    /* XXX ? should ktime in KDC_REP == authtime
+       in ticket? otherwise client can't get this */
+    krb5_timestamp starttime;   /**< optional in ticket, if not present, use @a authtime */
+    krb5_timestamp endtime;     /**< Ticket expiration time */
+    krb5_timestamp renew_till;  /**< Latest time at which renewal of ticket can be valid */
+} krb5_ticket_times;
+
+/** Structure for auth data */
+typedef struct _krb5_authdata {
+    krb5_magic magic;
+    krb5_authdatatype ad_type; /**< ADTYPE */
+    unsigned int length;       /**< Length of data */
+    krb5_octet *contents;      /**< Data */
+} krb5_authdata;
+
+/** Structure for transited encoding */
+typedef struct _krb5_transited {
+    krb5_magic magic;
+    krb5_octet tr_type;     /**< Transited encoding type */
+    krb5_data tr_contents;  /**< Contents */
+} krb5_transited;
+
+/** Encrypted part of ticket. */
+typedef struct _krb5_enc_tkt_part {
+    krb5_magic magic;
+    /* to-be-encrypted portion */
+    krb5_flags flags;                   /**< flags */
+    krb5_keyblock *session;             /**< session key: includes enctype */
+    krb5_principal client;              /**< client name/realm */
+    krb5_transited transited;           /**< list of transited realms */
+    krb5_ticket_times times;            /**< auth, start, end, renew_till */
+    krb5_address **caddrs;              /**< array of ptrs to addresses */
+    krb5_authdata **authorization_data; /**< auth data */
+} krb5_enc_tkt_part;
+
+/**
+ * Ticket structure.
+ *
+ * The C representation of the ticket message, with a pointer to the
+ * C representation of the encrypted part.
+ */
+typedef struct _krb5_ticket {
+    krb5_magic magic;
+    /* cleartext portion */
+    krb5_principal server;              /**< server name/realm */
+    krb5_enc_data enc_part;             /**< encryption type, kvno, encrypted encoding */
+    krb5_enc_tkt_part *enc_part2;       /**< ptr to decrypted version, if available */
+} krb5_ticket;
+
+/* the unencrypted version */
+/**
+ * Ticket authenticator.
+ *
+ * The C representation of an unencrypted authenticator.
+ */
+typedef struct _krb5_authenticator {
+    krb5_magic magic;
+    krb5_principal client;              /**< client name/realm */
+    krb5_checksum *checksum;            /**< checksum, includes type, optional */
+    krb5_int32 cusec;                   /**< client usec portion */
+    krb5_timestamp ctime;               /**< client sec portion */
+    krb5_keyblock *subkey;              /**< true session key, optional */
+    krb5_ui_4 seq_number;               /**< sequence #, optional */
+    krb5_authdata **authorization_data; /**< authoriazation data */
+} krb5_authenticator;
+
+/** Ticket authentication data. */
+typedef struct _krb5_tkt_authent {
+    krb5_magic magic;
+    krb5_ticket *ticket;
+    krb5_authenticator *authenticator;
+    krb5_flags ap_options;
+} krb5_tkt_authent;
+
+/** Credentials structure including ticket, session key, and lifetime info. */
+typedef struct _krb5_creds {
+    krb5_magic magic;
+    krb5_principal client;              /**< client's principal identifier */
+    krb5_principal server;              /**< server's principal identifier */
+    krb5_keyblock keyblock;             /**< session encryption key info */
+    krb5_ticket_times times;            /**< lifetime info */
+    krb5_boolean is_skey;               /**< true if ticket is encrypted in
+                                           another ticket's skey */
+    krb5_flags ticket_flags;            /**< flags in ticket */
+    krb5_address **addresses;           /**< addrs in ticket */
+    krb5_data ticket;                   /**< ticket string itself */
+    krb5_data second_ticket;            /**< second ticket, if related to
+                                           ticket (via DUPLICATE-SKEY or
+                                           ENC-TKT-IN-SKEY) */
+    krb5_authdata **authdata;           /**< authorization data */
+} krb5_creds;
+
+/** Last request entry */
+typedef struct _krb5_last_req_entry {
+    krb5_magic magic;
+    krb5_int32 lr_type;         /**< LR type */
+    krb5_timestamp value;       /**< Timestamp */
+} krb5_last_req_entry;
+
+/** Pre-authentication data */
+typedef struct _krb5_pa_data {
+    krb5_magic magic;
+    krb5_preauthtype pa_type;   /**< Preauthentication data type */
+    unsigned int length;        /**< Length of data */
+    krb5_octet *contents;       /**< Data */
+} krb5_pa_data;
+
+/* Don't use this; use krb5_pa_data instead. */
+typedef struct _krb5_typed_data {
+    krb5_magic magic;
+    krb5_int32 type;
+    unsigned int length;
+    krb5_octet *data;
+} krb5_typed_data;
+
+/** C representation of KDC-REQ protocol message, including KDC-REQ-BODY */
+typedef struct _krb5_kdc_req {
+    krb5_magic magic;
+    krb5_msgtype msg_type;      /**< KRB5_AS_REQ or KRB5_TGS_REQ */
+    krb5_pa_data **padata;      /**< Preauthentication data */
+    /* real body */
+    krb5_flags kdc_options;     /**< Requested options */
+    krb5_principal client;      /**< Client principal and realm */
+    krb5_principal server;      /**< Server principal and realm */
+    krb5_timestamp from;        /**< Requested start time */
+    krb5_timestamp till;        /**< Requested end time */
+    krb5_timestamp rtime;       /**< Requested renewable end time */
+    krb5_int32 nonce;           /**< Nonce to match request and response */
+    int nktypes;                /**< Number of enctypes */
+    krb5_enctype *ktype;        /**< Requested enctypes */
+    krb5_address **addresses;   /**< Requested addresses (optional) */
+    krb5_enc_data authorization_data;  /**< Encrypted authz data (optional) */
+    krb5_authdata **unenc_authdata;    /**< Unencrypted authz data */
+    krb5_ticket **second_ticket;       /**< Second ticket array (optional) */
+} krb5_kdc_req;
+
+/**
+ * C representation of @c EncKDCRepPart protocol message.
+ *
+ * This is the cleartext message that is encrypted and inserted in @c KDC-REP.
+ */
+typedef struct _krb5_enc_kdc_rep_part {
+    krb5_magic magic;
+    /* encrypted part: */
+    krb5_msgtype msg_type;           /**< krb5 message type */
+    krb5_keyblock *session;          /**< Session key */
+    krb5_last_req_entry **last_req;  /**< Array of pointers to entries */
+    krb5_int32 nonce;                /**< Nonce from request */
+    krb5_timestamp key_exp;          /**< Expiration date */
+    krb5_flags flags;                /**< Ticket flags */
+    krb5_ticket_times times;         /**< Lifetime info */
+    krb5_principal server;           /**< Server's principal identifier */
+    krb5_address **caddrs;           /**< Array of ptrs to addrs, optional */
+    krb5_pa_data **enc_padata;       /**< Encrypted preauthentication data */
+} krb5_enc_kdc_rep_part;
+
+/** Representation of the @c KDC-REP protocol message. */
+typedef struct _krb5_kdc_rep {
+    krb5_magic magic;
+    /* cleartext part: */
+    krb5_msgtype msg_type;            /**< KRB5_AS_REP or KRB5_KDC_REP */
+    krb5_pa_data **padata;            /**< Preauthentication data from KDC */
+    krb5_principal client;            /**< Client principal and realm */
+    krb5_ticket *ticket;              /**< Ticket */
+    krb5_enc_data enc_part;           /**< Encrypted part of reply */
+    krb5_enc_kdc_rep_part *enc_part2; /**< Unencrypted version, if available */
+} krb5_kdc_rep;
+
+/** Error message structure */
+typedef struct _krb5_error {
+    krb5_magic magic;
+    /* some of these may be meaningless in certain contexts */
+    krb5_timestamp ctime;       /**< Client sec portion; optional */
+    krb5_int32 cusec;           /**< Client usec portion; optional */
+    krb5_int32 susec;           /**< Server usec portion */
+    krb5_timestamp stime;       /**< Server sec portion */
+    krb5_ui_4 error;            /**< Error code (protocol error #'s) */
+    krb5_principal client;      /**< Client principal and realm */
+    krb5_principal server;      /**< Server principal and realm */
+    krb5_data text;             /**< Descriptive text */
+    krb5_data e_data;           /**< Additional error-describing data */
+} krb5_error;
+
+/** Authentication header. */
+typedef struct _krb5_ap_req {
+    krb5_magic magic;
+    krb5_flags ap_options;        /**< Requested options */
+    krb5_ticket *ticket;          /**< Ticket */
+    krb5_enc_data authenticator;  /**< Encrypted authenticator */
+} krb5_ap_req;
+
+/**
+ * C representaton of AP-REP message.
+ *
+ * The server's response to a client's request for mutual authentication.
+ */
+typedef struct _krb5_ap_rep {
+    krb5_magic magic;
+    krb5_enc_data enc_part;     /**< Ciphertext of ApRepEncPart */
+} krb5_ap_rep;
+
+/** Cleartext that is encrypted and put into @c _krb5_ap_rep. */
+typedef struct _krb5_ap_rep_enc_part {
+    krb5_magic magic;
+    krb5_timestamp ctime;       /**< Client time, seconds portion */
+    krb5_int32 cusec;           /**< Client time, microseconds portion */
+    krb5_keyblock *subkey;      /**< Subkey (optional) */
+    krb5_ui_4 seq_number;       /**< Sequence number */
+} krb5_ap_rep_enc_part;
+
+/* Unused */
+typedef struct _krb5_response {
+    krb5_magic magic;
+    krb5_octet message_type;
+    krb5_data response;
+    krb5_int32 expected_nonce;
+    krb5_timestamp request_time;
+} krb5_response;
+
+/** Credentials information inserted into @c EncKrbCredPart. */
+typedef struct _krb5_cred_info {
+    krb5_magic magic;
+    krb5_keyblock *session;     /**< Session key used to encrypt ticket */
+    krb5_principal client;      /**< Client principal and realm */
+    krb5_principal server;      /**< Server principal and realm */
+    krb5_flags flags;           /**< Ticket flags */
+    krb5_ticket_times times;    /**< Auth, start, end, renew_till */
+    krb5_address **caddrs;      /**< Array of pointers to addrs (optional) */
+} krb5_cred_info;
+
+/** Cleartext credentials information. */
+typedef struct _krb5_cred_enc_part {
+    krb5_magic magic;
+    krb5_int32 nonce;           /**< Nonce (optional) */
+    krb5_timestamp timestamp;   /**< Generation time, seconds portion */
+    krb5_int32 usec;            /**< Generation time, microseconds portion */
+    krb5_address *s_address;    /**< Sender address (optional) */
+    krb5_address *r_address;    /**< Recipient address (optional) */
+    krb5_cred_info **ticket_info;
+} krb5_cred_enc_part;
+
+/** Credentials data structure.*/
+typedef struct _krb5_cred {
+    krb5_magic magic;
+    krb5_ticket **tickets;          /**< Tickets */
+    krb5_enc_data enc_part;         /**< Encrypted part */
+    krb5_cred_enc_part *enc_part2;  /**< Unencrypted version, if available */
+} krb5_cred;
+
+/* Unused, but here for API compatibility. */
+typedef struct _passwd_phrase_element {
+    krb5_magic magic;
+    krb5_data *passwd;
+    krb5_data *phrase;
+} passwd_phrase_element;
+
+/* Unused, but here for API compatibility. */
+typedef struct _krb5_pwd_data {
+    krb5_magic magic;
+    int sequence_count;
+    passwd_phrase_element **element;
+} krb5_pwd_data;
+
+/* Unused, but here for API compatibility. */
+typedef struct _krb5_pa_svr_referral_data {
+    /** Referred name, only realm is required */
+    krb5_principal     principal;
+} krb5_pa_svr_referral_data;
+
+/* Unused, but here for API compatibility. */
+typedef struct _krb5_pa_server_referral_data {
+    krb5_data          *referred_realm;
+    krb5_principal     true_principal_name;
+    krb5_principal     requested_principal_name;
+    krb5_timestamp     referral_valid_until;
+    krb5_checksum      rep_cksum;
+} krb5_pa_server_referral_data;
+
+typedef struct _krb5_pa_pac_req {
+    /** TRUE if a PAC should be included in TGS-REP */
+    krb5_boolean       include_pac;
+} krb5_pa_pac_req;
+
+/*
+ * begin "safepriv.h"
+ */
+
+/** Prevent replays with timestamps and replay cache. */
+#define KRB5_AUTH_CONTEXT_DO_TIME       0x00000001
+/** Save timestamps for application. */
+#define KRB5_AUTH_CONTEXT_RET_TIME      0x00000002
+/** Prevent replays with sequence numbers. */
+#define KRB5_AUTH_CONTEXT_DO_SEQUENCE   0x00000004
+/** Save sequence numbers for application. */
+#define KRB5_AUTH_CONTEXT_RET_SEQUENCE  0x00000008
+#define KRB5_AUTH_CONTEXT_PERMIT_ALL    0x00000010
+#define KRB5_AUTH_CONTEXT_USE_SUBKEY    0x00000020
+
+/**
+ * Replay data.
+ *
+ * Sequence number and timestamp information output by krb5_rd_priv() and
+ * krb5_rd_safe().
+ */
+typedef struct krb5_replay_data {
+    krb5_timestamp      timestamp;  /**< Timestamp, seconds portion */
+    krb5_int32          usec;       /**< Timestamp, microseconds portion */
+    krb5_ui_4           seq;        /**< Sequence number */
+} krb5_replay_data;
+
+/* Flags for krb5_auth_con_genaddrs(). */
+
+/** Generate the local network address. */
+#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR       0x00000001
+/** Generate the remote network address. */
+#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR      0x00000002
+/** Generate the local network address and the local port. */
+#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  0x00000004
+/** Generate the remote network address and the remote port. */
+#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008
+
+/** Type of function used as a callback to generate checksum data for mk_req */
+typedef krb5_error_code
+(KRB5_CALLCONV * krb5_mk_req_checksum_func)(krb5_context, krb5_auth_context,
+                                            void *, krb5_data **);
+
+/*
+ * end "safepriv.h"
+ */
+
+
+/*
+ * begin "ccache.h"
+ */
+
+/** Cursor for sequential lookup */
+typedef krb5_pointer    krb5_cc_cursor;
+
+struct _krb5_ccache;
+typedef struct _krb5_ccache *krb5_ccache;
+struct _krb5_cc_ops;
+typedef struct _krb5_cc_ops krb5_cc_ops;
+
+struct _krb5_cccol_cursor;
+/** Cursor for iterating over all ccaches */
+typedef struct _krb5_cccol_cursor *krb5_cccol_cursor;
+
+/* Flags for krb5_cc_retrieve_cred. */
+/** The requested lifetime must be at least as great as the time specified. */
+#define KRB5_TC_MATCH_TIMES        0x00000001
+/** The is_skey field must match exactly. */
+#define KRB5_TC_MATCH_IS_SKEY      0x00000002
+/** All the flags set in the match credentials must be set. */
+#define KRB5_TC_MATCH_FLAGS        0x00000004
+/** All the time fields must match exactly. */
+#define KRB5_TC_MATCH_TIMES_EXACT  0x00000008
+/** All the flags must match exactly. */
+#define KRB5_TC_MATCH_FLAGS_EXACT  0x00000010
+/** The authorization data must match. */
+#define KRB5_TC_MATCH_AUTHDATA     0x00000020
+/** Only the name portion of the principal name must match. */
+#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040
+/** The second ticket must match. */
+#define KRB5_TC_MATCH_2ND_TKT      0x00000080
+/** The encryption key type must match. */
+#define KRB5_TC_MATCH_KTYPE        0x00000100
+/** The supported key types must match. */
+#define KRB5_TC_SUPPORTED_KTYPES   0x00000200
+
+/* Flags for krb5_cc_set_flags and similar. */
+/** Open and close the file for each cache operation. */
+#define KRB5_TC_OPENCLOSE          0x00000001 /**< @deprecated has no effect */
+#define KRB5_TC_NOTICKET           0x00000002
+
+/**
+ * Retrieve the name, but not type of a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ *
+ * @warning Returns the name of the credential cache.  The result is an alias
+ * into @a cache and should not be freed or modified by the caller.  This name
+ * does not include the cache type, so should not be used as input to
+ * krb5_cc_resolve().
+ *
+ * @return
+ * On success - the name of the credential cache.
+ */
+const char * KRB5_CALLCONV
+krb5_cc_get_name(krb5_context context, krb5_ccache cache);
+
+/**
+ * Retrieve the full name of a credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [out] fullname_out    Full name of cache
+ *
+ * Use krb5_free_string() to free @a fullname_out when it is no longer needed.
+ *
+ * @version New in 1.10
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
+                      char **fullname_out);
+
+#if KRB5_DEPRECATED
+krb5_error_code KRB5_CALLCONV
+krb5_cc_gen_new(krb5_context context, krb5_ccache *cache);
+#endif /* KRB5_DEPRECATED */
+
+/**
+ * Initialize a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ * @param [in] principal        Default principal name
+ *
+ * Destroy any existing contents of @a cache and initialize it for the default
+ * principal @a principal.
+ *
+ * @retval
+ *  0  Success
+ * @return
+ *  System errors; Permission errors; Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_initialize(krb5_context context, krb5_ccache cache,
+                   krb5_principal principal);
+
+/**
+ * Destroy a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ *
+ * This function destroys any existing contents of @a cache and closes the
+ * handle to it.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Permission errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_destroy(krb5_context context, krb5_ccache cache);
+
+/**
+ * Close a credential cache handle.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ *
+ * This function closes a credential cache handle @a cache without affecting
+ * the contents of the cache.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_close(krb5_context context, krb5_ccache cache);
+
+/**
+ * Store credentials in a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ * @param [in] creds            Credentials to be stored in cache
+ *
+ * This function stores @a creds into @a cache.  If @a creds->server and the
+ * server in the decoded ticket @a creds->ticket differ, the credentials will
+ * be stored under both server principal names.
+ *
+ * @retval
+ *  0  Success
+ * @return Permission errors; storage failure errors; Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_store_cred(krb5_context context, krb5_ccache cache, krb5_creds *creds);
+
+/**
+ * Retrieve a specified credentials from a credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [in]  flags           Flags bit mask
+ * @param [in]  mcreds          Credentials to match
+ * @param [out] creds           Credentials matching the requested value
+ *
+ * This function searches a credential cache for credentials matching @a mcreds
+ * and returns it if found.
+ *
+ * Valid values for @a flags are:
+ *
+ * @li #KRB5_TC_MATCH_TIMES        The requested lifetime must be at least as
+ *                                 great as in @a mcreds .
+ * @li #KRB5_TC_MATCH_IS_SKEY      The @a is_skey field much match exactly.
+ * @li #KRB5_TC_MATCH_FLAGS        Flags set in @a mcreds must be set.
+ * @li #KRB5_TC_MATCH_TIMES_EXACT  The requested lifetime must match exactly.
+ * @li #KRB5_TC_MATCH_FLAGS_EXACT  Flags must match exactly.
+ * @li #KRB5_TC_MATCH_AUTHDATA     The authorization data must match.
+ * @li #KRB5_TC_MATCH_SRV_NAMEONLY Only the name portion of the principal
+ *                                 name must match, not the realm.
+ * @li #KRB5_TC_MATCH_2ND_TKT      The second tickets must match.
+ * @li #KRB5_TC_MATCH_KTYPE        The encryption key types must match.
+ * @li #KRB5_TC_SUPPORTED_KTYPES   Check all matching entries that have any
+ *                                 supported encryption type and return the
+ *                                 one with the encryption type listed earliest.
+ *
+ * Use krb5_free_cred_contents() to free @a creds when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache,
+                      krb5_flags flags, krb5_creds *mcreds,
+                      krb5_creds *creds);
+
+/**
+ * Get the default principal of a credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [out] principal       Primary principal
+ *
+ * Returns the default client principal of a credential cache as set by
+ * krb5_cc_initialize().
+ *
+ * Use krb5_free_principal() to free @a principal when it is no longer needed.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_principal(krb5_context context, krb5_ccache cache,
+                      krb5_principal *principal);
+
+/**
+ * Prepare to sequentially read every credential in a credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [out] cursor          Cursor
+ *
+ * krb5_cc_end_seq_get() must be called to complete the retrieve operation.
+ *
+ * @note If the cache represented by @a cache is modified between the time of
+ * the call to this function and the time of the final krb5_cc_end_seq_get(),
+ * these changes may not be reflected in the results of krb5_cc_next_cred()
+ * calls.
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache,
+                      krb5_cc_cursor *cursor);
+
+/**
+ * Retrieve the next entry from the credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [in]  cursor          Cursor
+ * @param [out] creds           Next credential cache entry
+ *
+ * This function fills in @a creds with the next entry in @a cache and advances
+ * @a cursor.
+ *
+ * Use krb5_free_cred_contents() to free @a creds when it is no longer needed.
+ *
+ * @sa krb5_cc_start_seq_get(), krb5_end_seq_get()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_next_cred(krb5_context context, krb5_ccache cache,
+                  krb5_cc_cursor *cursor, krb5_creds *creds);
+
+/**
+ * Finish a series of sequential processing credential cache entries.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ * @param [in] cursor           Cursor
+ *
+ * This function finishes processing credential cache entries and invalidates
+ * @a cursor.
+ *
+ * @sa krb5_cc_start_seq_get(), krb5_cc_next_cred()
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache,
+                    krb5_cc_cursor *cursor);
+
+/**
+ * Remove credentials from a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ * @param [in] flags            Bitwise-ORed search flags
+ * @param [in] creds            Credentials to be matched
+ *
+ * @warning This function is not implemented for some cache types.
+ *
+ * This function accepts the same flag values as krb5_cc_retrieve_cred().
+ *
+ * @retval KRB5_CC_NOSUPP Not implemented for this cache type
+ * @return No matches found; Data cannot be deleted; Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                    krb5_creds *creds);
+
+/**
+ * Set options flags on a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ * @param [in] flags            Flag bit mask
+ *
+ * This function resets @a cache flags to @a flags.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags);
+
+/**
+ * Retrieve flags from a credential cache structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [out] flags           Flag bit mask
+ *
+ * @warning For memory credential cache always returns a flag mask of 0.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags);
+
+/**
+ * Retrieve the type of a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ *
+ * @return The type of a credential cache as an alias that must not be modified
+ * or freed by the caller.
+ */
+const char * KRB5_CALLCONV
+krb5_cc_get_type(krb5_context context, krb5_ccache cache);
+
+/**
+ * Move a credential cache.
+ *
+ * @param [in] context          Library context
+ * @param [in] src              The credential cache to move the content from
+ * @param [in] dst              The credential cache to move the content to
+ *
+ * This function reinitializes @a dst and populates it with the credentials and
+ * default principal of @a src; then, if successful, destroys @a src.
+ *
+ * @retval
+ * 0 Success; @a src is closed.
+ * @return
+ * Kerberos error codes; @a src is still allocated.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst);
+
+/**
+ * Prepare to iterate over the collection of known credential caches.
+ *
+ * @param [in]  context         Library context
+ * @param [out] cursor          Cursor
+ *
+ * Get a new cache iteration @a cursor that will iterate over all known
+ * credential caches independent of type.
+ *
+ * Use krb5_cccol_cursor_free() to release @a cursor when it is no longer
+ * needed.
+ *
+ * @sa krb5_cccol_cursor_next()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor);
+
+/**
+ * Get the next credential cache in the collection.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cursor          Cursor
+ * @param [out] ccache          Credential cache handle
+ *
+ * @note When all caches are iterated over and the end of the list is reached,
+ * @a ccache is set to NULL.
+ *
+ * Use krb5_cc_close() to close @a ccache when it is no longer needed.
+ *
+ * @sa krb5_cccol_cursor_new(), krb5_cccol_cursor_free()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
+                       krb5_ccache *ccache);
+
+/**
+ * Free a credential cache collection cursor.
+ *
+ * @param [in] context          Library context
+ * @param [in] cursor           Cursor
+ *
+ * @sa krb5_cccol_cursor_new(), krb5_cccol_cursor_next()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor);
+
+/**
+ * Check if the credential cache collection contains any initialized caches.
+ *
+ * @param [in]  context         Library context
+ *
+ * @version New in 1.11
+ *
+ * @retval 0 At least one initialized cache is present in the collection
+ * @retval KRB5_CC_NOTFOUND The collection contains no caches
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_have_content(krb5_context context);
+
+/**
+ * Create a new credential cache of the specified type with a unique name.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  type            Credential cache type name
+ * @param [in]  hint            Unused
+ * @param [out] id              Credential cache handle
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_new_unique(krb5_context context, const char *type, const char *hint,
+                   krb5_ccache *id);
+
+/*
+ * end "ccache.h"
+ */
+
+/*
+ * begin "rcache.h"
+ */
+
+struct krb5_rc_st;
+typedef struct krb5_rc_st *krb5_rcache;
+
+/*
+ * end "rcache.h"
+ */
+
+/*
+ * begin "keytab.h"
+ */
+
+
+/* XXX */
+#define MAX_KEYTAB_NAME_LEN 1100 /**< Long enough for MAXPATHLEN + some extra */
+
+typedef krb5_pointer krb5_kt_cursor;
+
+/** A key table entry. */
+typedef struct krb5_keytab_entry_st {
+    krb5_magic magic;
+    krb5_principal principal;   /**< Principal of this key */
+    krb5_timestamp timestamp;   /**< Time entry written to keytable */
+    krb5_kvno vno;              /**< Key version number */
+    krb5_keyblock key;          /**< The secret key */
+} krb5_keytab_entry;
+
+struct _krb5_kt;
+typedef struct _krb5_kt *krb5_keytab;
+
+/**
+ * Return the type of a key table.
+ *
+ * @param [in] context          Library context
+ * @param [in] keytab           Key table handle
+ *
+ * @return The type of a key table as an alias that must not be modified or
+ * freed by the caller.
+ */
+const char * KRB5_CALLCONV
+krb5_kt_get_type(krb5_context context, krb5_keytab keytab);
+
+/**
+ * Get a key table name.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ * @param [out] name            Key table name
+ * @param [in]  namelen         Maximum length to fill in name
+ *
+ * Fill @a name with the name of @a keytab including the type and delimiter.
+ *
+ * @sa MAX_KEYTAB_NAME_LEN
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ * KRB5_KT_NAME_TOOLONG  Key table name does not fit in @a namelen bytes
+ *
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
+                 unsigned int namelen);
+
+/**
+ * Close a key table handle.
+ *
+ * @param [in] context          Library context
+ * @param [in] keytab           Key table handle
+ *
+ * @retval 0
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_close(krb5_context context, krb5_keytab keytab);
+
+/**
+ * Get an entry from a key table.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ * @param [in]  principal       Principal name
+ * @param [in]  vno             Key version number (0 for highest available)
+ * @param [in]  enctype         Encryption type (0 zero for any enctype)
+ * @param [out] entry           Returned entry from key table
+ *
+ * Retrieve an entry from a key table which matches the @a keytab, @a
+ * principal, @a vno, and @a enctype.  If @a vno is zero, retrieve the
+ * highest-numbered kvno matching the other fields.  If @a enctype is 0, match
+ * any enctype.
+ *
+ * Use krb5_free_keytab_entry_contents() to free @a entry when it is no longer
+ * needed.
+ *
+ * @note If @a vno is zero, the function retrieves the highest-numbered-kvno
+ * entry that matches the specified principal.
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ * Kerberos error codes on failure
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+                  krb5_const_principal principal, krb5_kvno vno,
+                  krb5_enctype enctype, krb5_keytab_entry *entry);
+
+/**
+ * Start a sequential retrieval of key table entries.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ * @param [out] cursor          Cursor
+ *
+ * Prepare to read sequentially every key in the specified key table.  Use
+ * krb5_kt_end_seq_get() to release the cursor when it is no longer needed.
+ *
+ * @sa krb5_kt_next_entry(), krb5_kt_end_seq_get()
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
+                      krb5_kt_cursor *cursor);
+
+/**
+ * Retrieve the next entry from the key table.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ * @param [out] entry           Returned key table entry
+ * @param [in]  cursor          Key table cursor
+ *
+ * Return the next sequential entry in @a keytab and advance @a cursor.
+ * Callers must release the returned entry with krb5_kt_free_entry().
+ *
+ * @sa krb5_kt_start_seq_get(), krb5_kt_end_seq_get()
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ * KRB5_KT_END - if the last entry was reached
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
+                   krb5_keytab_entry *entry, krb5_kt_cursor *cursor);
+
+/**
+ * Release a keytab cursor.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ * @param [out] cursor          Cursor
+ *
+ * This function should be called to release the cursor created by
+ * krb5_kt_start_seq_get().
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
+                    krb5_kt_cursor *cursor);
+
+/**
+ * Check if a keytab exists and contains entries.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  keytab          Key table handle
+ *
+ * @version New in 1.11
+ *
+ * @retval 0 Keytab exists and contains entries
+ * @retval KRB5_KT_NOTFOUND Keytab does not contain entries
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_have_content(krb5_context context, krb5_keytab keytab);
+
+/*
+ * end "keytab.h"
+ */
+
+/*
+ * begin "func-proto.h"
+ */
+
+#define KRB5_INIT_CONTEXT_SECURE 0x1 /**< Use secure context configuration */
+#define KRB5_INIT_CONTEXT_KDC    0x2 /**< Use KDC configuration if available */
+
+/**
+ * Create a krb5 library context.
+ *
+ * @param [out] context         Library context
+ *
+ * The @a context must be released by calling krb5_free_context() when
+ * it is no longer needed.
+ *
+ * @warning Any program or module that needs the Kerberos code to not trust the
+ * environment must use krb5_init_secure_context(), or clean out the
+ * environment.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_context(krb5_context *context);
+
+/**
+ * Create a krb5 library context using only configuration files.
+ *
+ * @param [out] context         Library context
+ *
+ * Create a context structure, using only system configuration files.  All
+ * information passed through the environment variables is ignored.
+ *
+ * The @a context must be released by calling krb5_free_context() when
+ * it is no longer needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_secure_context(krb5_context *context);
+
+/**
+ * Create a krb5 library context using a specified profile.
+ *
+ * @param [in]  profile         Profile object (NULL to create default profile)
+ * @param [in]  flags           Context initialization flags
+ * @param [out] context         Library context
+ *
+ * Create a context structure, optionally using a specified profile and
+ * initialization flags.  If @a profile is NULL, the default profile will be
+ * created from config files.  If @a profile is non-null, a copy of it will be
+ * made for the new context; the caller should still clean up its copy.  Valid
+ * flag values are:
+ *
+ * @li #KRB5_INIT_CONTEXT_SECURE Ignore environment variables
+ * @li #KRB5_INIT_CONTEXT_KDC    Use KDC configuration if creating profile
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_context_profile(struct _profile_t *profile, krb5_flags flags,
+                          krb5_context *context);
+
+/**
+ * Free a krb5 library context.
+ *
+ * @param [in] context          Library context
+ *
+ * This function frees a @a context that was created by krb5_init_context()
+ * or krb5_init_secure_context().
+ */
+void KRB5_CALLCONV
+krb5_free_context(krb5_context context);
+
+/**
+ * Copy a krb5_context structure.
+ *
+ * @param [in]  ctx             Library context
+ * @param [out] nctx_out        New context structure
+ *
+ * The newly created context must be released by calling krb5_free_context()
+ * when it is no longer needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_context(krb5_context ctx, krb5_context *nctx_out);
+
+/**
+ * Set default TGS encryption types in a krb5_context structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] etypes           Encryption type(s) to set
+ *
+ * This function sets the default enctype list for TGS requests
+ * made using @a context to @a etypes.
+ *
+ * @note This overrides the default list (from config file or built-in).
+ *
+ * @retval
+ *  0    Success
+ * @retval
+ *  KRB5_PROG_ETYPE_NOSUPP Program lacks support for encryption type
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype *etypes);
+
+/**
+ * Return a list of encryption types permitted for session keys.
+ *
+ * @param [in]  context         Library context
+ * @param [out] ktypes          Zero-terminated list of encryption types
+ *
+ * This function returns the list of encryption types permitted for session
+ * keys within @a context, as determined by configuration or by a previous call
+ * to krb5_set_default_tgs_enctypes().
+ *
+ * Use krb5_free_enctypes() to free @a ktypes when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes);
+
+/**
+ * Test whether the Kerberos library was built with multithread support.
+ *
+ * @retval
+ * TRUE if the library is threadsafe; FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_is_thread_safe(void);
+
+/* libkrb.spec */
+
+/**
+ * Decrypt a ticket using the specified key table.
+ *
+ * @param [in] context          Library context
+ * @param [in] kt               Key table
+ * @param [in] ticket           Ticket to be decrypted
+ *
+ * This function takes a @a ticket as input and decrypts it using
+ * key data from @a kt.  The result is placed into @a ticket->enc_part2.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_server_decrypt_ticket_keytab(krb5_context context, const krb5_keytab kt,
+                                  krb5_ticket *ticket);
+
+/**
+ * Free an array of credential structures.
+ *
+ * @param [in] context          Library context
+ * @param [in] tgts             Null-terminated array of credentials to free
+ *
+ * @note The last entry in the array @a tgts must be a NULL pointer.
+ */
+void KRB5_CALLCONV
+krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts);
+
+#define KRB5_GC_USER_USER    1  /**< Want user-user ticket */
+#define KRB5_GC_CACHED       2  /**< Want cached ticket only */
+#define KRB5_GC_CANONICALIZE 4  /**< Set canonicalize KDC option */
+#define KRB5_GC_NO_STORE     8  /**< Do not store in credential cache */
+#define KRB5_GC_FORWARDABLE             16  /**< Acquire forwardable tickets */
+#define KRB5_GC_NO_TRANSIT_CHECK        32  /**< Disable transited check */
+#define KRB5_GC_CONSTRAINED_DELEGATION  64  /**< Constrained delegation */
+
+/**
+ * Get an additional ticket.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  options         Options
+ * @param [in]  ccache          Credential cache handle
+ * @param [in]  in_creds        Input credentials
+ * @param [out] out_creds       Output updated credentials
+ *
+ * Use @a ccache or a TGS exchange to get a service ticket matching @a
+ * in_creds.
+ *
+ * Valid values for @a options are:
+ * @li #KRB5_GC_CACHED     Search only credential cache for the ticket
+ * @li #KRB5_GC_USER_USER  Return a user to user authentication ticket
+ *
+ * @a in_creds must be non-null.  @a in_creds->client and @a in_creds->server
+ * must be filled in to specify the client and the server respectively.  If any
+ * authorization data needs to be requested for the service ticket (such as
+ * restrictions on how the ticket can be used), specify it in @a
+ * in_creds->authdata; otherwise set @a in_creds->authdata to NULL.  The
+ * session key type is specified in @a in_creds->keyblock.enctype, if it is
+ * nonzero.
+ *
+ * The expiration date is specified in @a in_creds->times.endtime.
+ * The KDC may return tickets with an earlier expiration date.
+ * If @a in_creds->times.endtime is set to 0, the latest possible
+ * expiration date will be requested.
+ *
+ * Any returned ticket and intermediate ticket-granting tickets are stored
+ * in @a ccache.
+ *
+ * Use krb5_free_creds() to free @a out_creds when it is no longer needed.
+ *
+ * @retval
+ *  0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials(krb5_context context, krb5_flags options,
+                     krb5_ccache ccache, krb5_creds *in_creds,
+                     krb5_creds **out_creds);
+
+/**
+ * Serialize a @c krb5_creds object.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  in_creds        The credentials object to serialize
+ * @param [out] data_out        The serialized credentials
+ *
+ * Serialize @a creds in the format used by the FILE ccache format (vesion 4)
+ * and KCM ccache protocol.
+ *
+ * Use krb5_free_data() to free @a data_out when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_marshal_credentials(krb5_context context, krb5_creds *in_creds,
+                         krb5_data **data_out);
+
+/**
+ * Deserialize a @c krb5_creds object.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  data            The serialized credentials
+ * @param [out] creds_out       The resulting creds object
+ *
+ * Deserialize @a data to credentials in the format used by the FILE ccache
+ * format (vesion 4) and KCM ccache protocol.
+ *
+ * Use krb5_free_creds() to free @a creds_out when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_unmarshal_credentials(krb5_context context, const krb5_data *data,
+                           krb5_creds **creds_out);
+
+/** @deprecated Replaced by krb5_get_validated_creds. */
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_validate(krb5_context context, krb5_flags options,
+                              krb5_ccache ccache, krb5_creds *in_creds,
+                              krb5_creds **out_creds);
+
+/** @deprecated Replaced by krb5_get_renewed_creds. */
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_renew(krb5_context context, krb5_flags options,
+                           krb5_ccache ccache, krb5_creds *in_creds,
+                           krb5_creds **out_creds);
+
+/**
+ * Create a @c KRB_AP_REQ message.
+ *
+ * @param [in]     context        Library context
+ * @param [in,out] auth_context   Pre-existing or newly created auth context
+ * @param [in]     ap_req_options Options (see AP_OPTS macros)
+ * @param [in]     service        Service name, or NULL to use @c "host"
+ * @param [in]     hostname       Host name, or NULL to use local hostname
+ * @param [in]     in_data        Application data to be checksummed in the
+ *                                authenticator, or NULL
+ * @param [in]     ccache         Credential cache used to obtain credentials
+ *                                for the desired service.
+ * @param [out]    outbuf         @c AP-REQ message
+ *
+ * This function is similar to krb5_mk_req_extended() except that it uses a
+ * given @a hostname, @a service, and @a ccache to construct a service
+ * principal name and obtain credentials.
+ *
+ * Use krb5_free_data_contents() to free @a outbuf when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
+            krb5_flags ap_req_options, const char *service,
+            const char *hostname, krb5_data *in_data, krb5_ccache ccache,
+            krb5_data *outbuf);
+
+/**
+ * Create a @c KRB_AP_REQ message using supplied credentials.
+ *
+ * @param [in]     context        Library context
+ * @param [in,out] auth_context   Pre-existing or newly created auth context
+ * @param [in]     ap_req_options Options (see AP_OPTS macros)
+ * @param [in]     in_data        Application data to be checksummed in the
+ *                                authenticator, or NULL
+ * @param [in]     in_creds       Credentials for the service with valid ticket
+ *                                and key
+ * @param [out]    outbuf         @c AP-REQ message
+ *
+ * Valid @a ap_req_options are:
+ * @li #AP_OPTS_USE_SESSION_KEY - Use the session key when creating the
+ *                                request used for user to user
+ *                                authentication.
+ * @li #AP_OPTS_MUTUAL_REQUIRED - Request a mutual authentication packet from
+ *                                the receiver.
+ * @li #AP_OPTS_USE_SUBKEY      - Generate a subsession key from the current
+ *                                session key obtained from the credentials.
+ *
+ * This function creates a KRB_AP_REQ message using supplied credentials @a
+ * in_creds.  @a auth_context may point to an existing auth context or to NULL,
+ * in which case a new one will be created.  If @a in_data is non-null, a
+ * checksum of it will be included in the authenticator contained in the
+ * KRB_AP_REQ message.  Use krb5_free_data_contents() to free @a outbuf when it
+ * is no longer needed.
+ *
+ * On successful return, the authenticator is stored in @a auth_context with
+ * the @a client and @a checksum fields nulled out.  (This is to prevent
+ * pointer-sharing problems; the caller should not need these fields anyway,
+ * since the caller supplied them.)
+ *
+ * @sa krb5_mk_req()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
+                     krb5_flags ap_req_options, krb5_data *in_data,
+                     krb5_creds *in_creds, krb5_data *outbuf);
+
+/**
+ * Format and encrypt a @c KRB_AP_REP message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] outbuf          @c AP-REP message
+ *
+ * This function fills in @a outbuf with an AP-REP message using information
+ * from @a auth_context.
+ *
+ * If the flags in @a auth_context indicate that a sequence number should be
+ * used (either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or
+ * #KRB5_AUTH_CONTEXT_RET_SEQUENCE) and the local sequence number in @a
+ * auth_context is 0, a new number will be generated with
+ * krb5_generate_seq_number().
+ *
+ * Use krb5_free_data_contents() to free @a outbuf when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf);
+
+/**
+ * Format and encrypt a @c KRB_AP_REP message for DCE RPC.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] outbuf          @c AP-REP message
+ *
+ * Use krb5_free_data_contents() to free @a outbuf when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_rep_dce(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf);
+
+/**
+ * Parse and decrypt a @c KRB_AP_REP message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  inbuf           AP-REP message
+ * @param [out] repl            Decrypted reply message
+ *
+ * This function parses, decrypts and verifies a message from @a inbuf and
+ * fills in @a repl with a pointer to allocated memory containing the fields
+ * from the encrypted response.
+ *
+ * Use krb5_free_ap_rep_enc_part() to free @a repl when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_rep(krb5_context context, krb5_auth_context auth_context,
+            const krb5_data *inbuf, krb5_ap_rep_enc_part **repl);
+
+/**
+ * Parse and decrypt a @c KRB_AP_REP message for DCE RPC.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  inbuf           AP-REP message
+ * @param [out] nonce           Sequence number from the decrypted reply
+ *
+ * This function parses, decrypts and verifies a message from @a inbuf and
+ * fills in @a nonce with a decrypted reply sequence number.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context,
+                const krb5_data *inbuf, krb5_ui_4 *nonce);
+
+/**
+ * Format and encode a @c KRB_ERROR message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  dec_err         Error structure to be encoded
+ * @param [out] enc_err         Encoded error structure
+ *
+ * This function creates a @c KRB_ERROR message in @a enc_err.  Use
+ * krb5_free_data_contents() to free @a enc_err when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_error(krb5_context context, const krb5_error *dec_err,
+              krb5_data *enc_err);
+
+/**
+ * Decode a @c KRB-ERROR message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enc_errbuf      Encoded error message
+ * @param [out] dec_error       Decoded error message
+ *
+ * This function processes @c KRB-ERROR message @a enc_errbuf and returns
+ * an allocated structure @a dec_error containing the error message.
+ * Use krb5_free_error() to free @a dec_error when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_error(krb5_context context, const krb5_data *enc_errbuf,
+              krb5_error **dec_error);
+
+/**
+ * Process @c KRB-SAFE message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  inbuf           @c KRB-SAFE message to be parsed
+ * @param [out] userdata_out    Data parsed from @c KRB-SAFE message
+ * @param [out] rdata_out       Replay data. Specify NULL if not needed
+ *
+ * This function parses a @c KRB-SAFE message, verifies its integrity, and
+ * stores its data into @a userdata_out.
+ *
+ * @note The @a rdata_out argument is required if the
+ * #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
+ * in @a auth_context.
+ *
+ * If @a auth_context has a remote address set, the address will be used to
+ * verify the sender address in the KRB-SAFE message.  If @a auth_context has a
+ * local address set, it will be used to verify the receiver address in the
+ * KRB-SAFE message if the message contains one.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in @a auth_context, the
+ * sequence number of the KRB-SAFE message is checked against the remote
+ * sequence number field of @a auth_context.  Otherwise, the sequence number is
+ * not used.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, then the
+ * timestamp in the message is verified to be within the permitted clock skew
+ * of the current time, and the message is checked against an in-memory replay
+ * cache to detect reflections or replays.
+ *
+ * Use krb5_free_data_contents() to free @a userdata_out when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
+             const krb5_data *inbuf, krb5_data *userdata_out,
+             krb5_replay_data *rdata_out);
+
+/**
+ * Process a @c KRB-PRIV message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication structure
+ * @param [in]  inbuf           @c KRB-PRIV message to be parsed
+ * @param [out] userdata_out    Data parsed from @c KRB-PRIV message
+ * @param [out] rdata_out       Replay data. Specify NULL if not needed
+ *
+ * This function parses a @c KRB-PRIV message, verifies its integrity, and
+ * stores its unencrypted data into @a userdata_out.
+ *
+ * @note The @a rdata_out argument is required if the
+ * #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
+ * in @a auth_context.
+ *
+ * If @a auth_context has a remote address set, the address will be used to
+ * verify the sender address in the KRB-PRIV message.  If @a auth_context has a
+ * local address set, it will be used to verify the receiver address in the
+ * KRB-PRIV message if the message contains one.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in @a auth_context, the
+ * sequence number of the KRB-PRIV message is checked against the remote
+ * sequence number field of @a auth_context.  Otherwise, the sequence number is
+ * not used.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, then the
+ * timestamp in the message is verified to be within the permitted clock skew
+ * of the current time, and the message is checked against an in-memory replay
+ * cache to detect reflections or replays.
+ *
+ * Use krb5_free_data_contents() to free @a userdata_out when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
+             const krb5_data *inbuf, krb5_data *userdata_out,
+             krb5_replay_data *rdata_out);
+
+/**
+ * Convert a string principal name to a krb5_principal structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  name            String representation of a principal name
+ * @param [out] principal_out   New principal
+ *
+ * Convert a string representation of a principal name to a krb5_principal
+ * structure.
+ *
+ * A string representation of a Kerberos name consists of one or more principal
+ * name components, separated by slashes, optionally followed by the \@
+ * character and a realm name.  If the realm name is not specified, the local
+ * realm is used.
+ *
+ * To use the slash and \@ symbols as part of a component (quoted) instead of
+ * using them as a component separator or as a realm prefix), put a backslash
+ * (\) character in front of the symbol.  Similarly, newline, tab, backspace,
+ * and NULL characters can be included in a component by using @c n, @c t, @c b
+ * or @c 0, respectively.
+ *
+ * @note The realm in a Kerberos @a name cannot contain slash, colon,
+ * or NULL characters.
+ *
+ * Beginning with release 1.20, the name type of the principal will be inferred
+ * as @c KRB5_NT_SRV_INST or @c KRB5_NT_WELLKNOWN based on the principal name.
+ * The type will be @c KRB5_NT_PRINCIPAL if a type cannot be inferred.
+ *
+ * Use krb5_free_principal() to free @a principal_out when it is no longer
+ * needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_parse_name(krb5_context context, const char *name,
+                krb5_principal *principal_out);
+
+#define KRB5_PRINCIPAL_PARSE_NO_REALM      0x1 /**< Error if realm is present */
+#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 /**< Error if realm is not present */
+#define KRB5_PRINCIPAL_PARSE_ENTERPRISE    0x4 /**< Create single-component
+                                                  enterprise principle */
+#define KRB5_PRINCIPAL_PARSE_IGNORE_REALM  0x8 /**< Ignore realm if present */
+#define KRB5_PRINCIPAL_PARSE_NO_DEF_REALM  0x10 /**< Don't add default realm */
+
+/**
+ * Convert a string principal name to a krb5_principal with flags.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  name            String representation of a principal name
+ * @param [in]  flags           Flag
+ * @param [out] principal_out   New principal
+ *
+ * Similar to krb5_parse_name(), this function converts a single-string
+ * representation of a principal name to a krb5_principal structure.
+ *
+ * The following flags are valid:
+ * @li #KRB5_PRINCIPAL_PARSE_NO_REALM - no realm must be present in @a name
+ * @li #KRB5_PRINCIPAL_PARSE_REQUIRE_REALM - realm must be present in @a name
+ * @li #KRB5_PRINCIPAL_PARSE_ENTERPRISE - create single-component enterprise
+ *                                        principal
+ * @li #KRB5_PRINCIPAL_PARSE_IGNORE_REALM - ignore realm if present in @a name
+ *
+ * If @c KRB5_PRINCIPAL_PARSE_NO_REALM or @c KRB5_PRINCIPAL_PARSE_IGNORE_REALM
+ * is specified in @a flags, the realm of the new principal will be empty.
+ * Otherwise, the default realm for @a context will be used if @a name does not
+ * specify a realm.
+ *
+ * Use krb5_free_principal() to free @a principal_out when it is no longer
+ * needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_parse_name_flags(krb5_context context, const char *name,
+                      int flags, krb5_principal *principal_out);
+
+/**
+ * Convert a krb5_principal structure to a string representation.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  principal       Principal
+ * @param [out] name            String representation of principal name
+ *
+ * The resulting string representation uses the format and quoting conventions
+ * described for krb5_parse_name().
+ *
+ * Use krb5_free_unparsed_name() to free @a name when it is no longer needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name(krb5_context context, krb5_const_principal principal,
+                  char **name);
+
+/**
+ * Convert krb5_principal structure to string and length.
+ *
+ * @param [in]     context      Library context
+ * @param [in]     principal    Principal
+ * @param [in,out] name         String representation of principal name
+ * @param [in,out] size         Size of unparsed name
+ *
+ * This function is similar to krb5_unparse_name(), but allows the use of an
+ * existing buffer for the result.  If size is not NULL, then @a name must
+ * point to either NULL or an existing buffer of at least the size pointed to
+ * by @a size.  The buffer will be allocated or resized if necessary, with the
+ * new pointer stored into @a name.  Whether or not the buffer is resized, the
+ * necessary space for the result, including null terminator, will be stored
+ * into @a size.
+ *
+ * If size is NULL, this function behaves exactly as krb5_unparse_name().
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes. On failure @a name is set to NULL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal,
+                      char **name, unsigned int *size);
+
+#define KRB5_PRINCIPAL_UNPARSE_SHORT  0x1 /**< Omit realm if it is the local realm */
+#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 /**< Omit realm always */
+#define KRB5_PRINCIPAL_UNPARSE_DISPLAY  0x4 /**< Don't escape special characters */
+
+/**
+ * Convert krb5_principal structure to a string with flags.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  principal       Principal
+ * @param [in]  flags           Flags
+ * @param [out] name            String representation of principal name
+ *
+ * Similar to krb5_unparse_name(), this function converts a krb5_principal
+ * structure to a string representation.
+ *
+ * The following flags are valid:
+ * @li #KRB5_PRINCIPAL_UNPARSE_SHORT - omit realm if it is the local realm
+ * @li #KRB5_PRINCIPAL_UNPARSE_NO_REALM - omit realm
+ * @li #KRB5_PRINCIPAL_UNPARSE_DISPLAY - do not quote special characters
+ *
+ * Use krb5_free_unparsed_name() to free @a name when it is no longer needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes. On failure @a name is set to NULL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
+                        int flags, char **name);
+
+/**
+ * Convert krb5_principal structure to string format with flags.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  principal       Principal
+ * @param [in]  flags           Flags
+ * @param [out] name            Single string format of principal name
+ * @param [out] size            Size of unparsed name buffer
+ *
+ * @sa krb5_unparse_name() krb5_unparse_name_flags() krb5_unparse_name_ext()
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes. On failure @a name is set to NULL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal,
+                            int flags, char **name, unsigned int *size);
+
+/**
+ * Set the realm field of a principal
+ *
+ * @param [in] context          Library context
+ * @param [in] principal        Principal name
+ * @param [in] realm            Realm name
+ *
+ * Set the realm name part of @a principal to @a realm, overwriting the
+ * previous realm.
+ *
+ * @retval
+ * 0   Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_principal_realm(krb5_context context, krb5_principal principal,
+                         const char *realm);
+
+/**
+ * Search a list of addresses for a specified address.
+ *
+ * @param [in] context          Library context
+ * @param [in] addr             Address to search for
+ * @param [in] addrlist         Address list to be searched (or NULL)
+ *
+ * @note If @a addrlist contains only a NetBIOS addresses, it will be treated
+ *       as a null list.
+ *
+ * @return
+ * TRUE if @a addr is listed in @a addrlist, or @c addrlist is NULL; FALSE
+ * otherwise
+ */
+krb5_boolean KRB5_CALLCONV_WRONG
+krb5_address_search(krb5_context context, const krb5_address *addr,
+                    krb5_address *const *addrlist);
+
+/**
+ * Compare two Kerberos addresses.
+ *
+ * @param [in] context          Library context
+ * @param [in] addr1            First address to be compared
+ * @param [in] addr2            Second address to be compared
+ *
+ * @return
+ * TRUE if the addresses are the same, FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_address_compare(krb5_context context, const krb5_address *addr1,
+                     const krb5_address *addr2);
+
+/**
+ * Return an ordering of the specified addresses.
+ *
+ * @param [in] context          Library context
+ * @param [in] addr1            First address
+ * @param [in] addr2            Second address
+ *
+ * @retval 0 if The two addresses are the same
+ * @retval < 0 First address is less than second
+ * @retval > 0 First address is greater than second
+ */
+int KRB5_CALLCONV
+krb5_address_order(krb5_context context, const krb5_address *addr1,
+                   const krb5_address *addr2);
+
+/**
+ * Compare the realms of two principals.
+ *
+ * @param [in] context          Library context
+ * @param [in] princ1           First principal
+ * @param [in] princ2           Second principal
+ *
+ * @retval
+ * TRUE if the realm names are the same; FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_realm_compare(krb5_context context, krb5_const_principal princ1,
+                   krb5_const_principal princ2);
+
+/**
+ * Compare two principals.
+ *
+ * @param [in] context          Library context
+ * @param [in] princ1           First principal
+ * @param [in] princ2           Second principal
+ *
+ * @retval
+ * TRUE if the principals are the same; FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare(krb5_context context,
+                       krb5_const_principal princ1,
+                       krb5_const_principal princ2);
+
+/**
+ * Compare two principals ignoring realm components.
+ *
+ * @param [in] context          Library context
+ * @param [in] princ1           First principal
+ * @param [in] princ2           Second principal
+ *
+ * Similar to krb5_principal_compare(), but do not compare the realm
+ * components of the principals.
+ *
+ * @retval
+ * TRUE if the principals are the same; FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare_any_realm(krb5_context context,
+                                 krb5_const_principal princ1,
+                                 krb5_const_principal princ2);
+
+#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM  1 /**< ignore realm component */
+#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE    2 /**< UPNs as real principals */
+#define KRB5_PRINCIPAL_COMPARE_CASEFOLD      4 /**< case-insensitive */
+#define KRB5_PRINCIPAL_COMPARE_UTF8          8 /**< treat principals as UTF-8 */
+
+/**
+ * Compare two principals with additional flags.
+ *
+ * @param [in] context           Library context
+ * @param [in] princ1            First principal
+ * @param [in] princ2            Second principal
+ * @param [in] flags             Flags
+ *
+ * Valid flags are:
+ * @li #KRB5_PRINCIPAL_COMPARE_IGNORE_REALM - ignore realm component
+ * @li #KRB5_PRINCIPAL_COMPARE_ENTERPRISE - UPNs as real principals
+ * @li #KRB5_PRINCIPAL_COMPARE_CASEFOLD case-insensitive
+ * @li #KRB5_PRINCIPAL_COMPARE_UTF8 - treat principals as UTF-8
+ *
+ * @sa krb5_principal_compare()
+ *
+ * @retval
+ * TRUE if the principal names are the same; FALSE otherwise
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare_flags(krb5_context context,
+                             krb5_const_principal princ1,
+                             krb5_const_principal princ2,
+                             int flags);
+
+/**
+ * Initialize an empty @c krb5_keyblock.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enctype         Encryption type
+ * @param [in]  length          Length of keyblock (or 0)
+ * @param [out] out             New keyblock structure
+ *
+ * Initialize a new keyblock and allocate storage for the contents of the key.
+ * It is legal to pass in a length of 0, in which case contents are left
+ * unallocated.  Use krb5_free_keyblock() to free @a out when it is no longer
+ * needed.
+ *
+ * @note If @a length is set to 0, contents are left unallocated.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_keyblock(krb5_context context, krb5_enctype enctype,
+                   size_t length, krb5_keyblock **out);
+
+/**
+ * Copy a keyblock.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  from            Keyblock to be copied
+ * @param [out] to              Copy of keyblock @a from
+ *
+ * This function creates a new keyblock with the same contents as @a from.  Use
+ * krb5_free_keyblock() to free @a to when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_keyblock(krb5_context context, const krb5_keyblock *from,
+                   krb5_keyblock **to);
+
+/**
+ * Copy the contents of a keyblock.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  from            Key to be copied
+ * @param [out] to              Output key
+ *
+ * This function copies the contents of @a from to @a to.  Use
+ * krb5_free_keyblock_contents() to free @a to when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from,
+                            krb5_keyblock *to);
+
+/**
+ * Copy a krb5_creds structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  incred          Credentials structure to be copied
+ * @param [out] outcred         Copy of @a incred
+ *
+ * This function creates a new credential with the contents of @a incred.  Use
+ * krb5_free_creds() to free @a outcred when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **outcred);
+
+/**
+ * Copy a krb5_data object.
+ *
+ * @param [in]  context           Library context
+ * @param [in]  indata            Data object to be copied
+ * @param [out] outdata           Copy of @a indata
+ *
+ * This function creates a new krb5_data object with the contents of @a indata.
+ * Use krb5_free_data() to free @a outdata when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdata);
+
+/**
+ * Copy a principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  inprinc         Principal to be copied
+ * @param [out] outprinc        Copy of @a inprinc
+ *
+ * This function creates a new principal structure with the contents of @a
+ * inprinc.  Use krb5_free_principal() to free @a outprinc when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_principal(krb5_context context, krb5_const_principal inprinc,
+                    krb5_principal *outprinc);
+
+/**
+ * Copy an array of addresses.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  inaddr          Array of addresses to be copied
+ * @param [out] outaddr         Copy of array of addresses
+ *
+ * This function creates a new address array containing a copy of @a inaddr.
+ * Use krb5_free_addresses() to free @a outaddr when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr,
+                    krb5_address ***outaddr);
+
+/**
+ * Copy a krb5_ticket structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  from            Ticket to be copied
+ * @param [out] pto             Copy of ticket
+ *
+ * This function creates a new krb5_ticket structure containing the contents of
+ * @a from.  Use krb5_free_ticket() to free @a pto when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **pto);
+
+/**
+ * Copy an authorization data list.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  in_authdat      List of @a krb5_authdata structures
+ * @param [out] out             New array of @a krb5_authdata structures
+ *
+ * This function creates a new authorization data list containing a copy of @a
+ * in_authdat, which must be null-terminated.  Use krb5_free_authdata() to free
+ * @a out when it is no longer needed.
+ *
+ * @note The last array entry in @a in_authdat must be a NULL pointer.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authdata(krb5_context context,
+                   krb5_authdata *const *in_authdat, krb5_authdata ***out);
+
+/**
+ * Find authorization data elements.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ticket_authdata Authorization data list from ticket
+ * @param [in]  ap_req_authdata Authorization data list from AP request
+ * @param [in]  ad_type         Authorization data type to find
+ * @param [out] results         List of matching entries
+ *
+ * This function searches @a ticket_authdata and @a ap_req_authdata for
+ * elements of type @a ad_type.  Either input list may be NULL, in which case
+ * it will not be searched; otherwise, the input lists must be terminated by
+ * NULL entries.  This function will search inside AD-IF-RELEVANT containers if
+ * found in either list.  Use krb5_free_authdata() to free @a results when it
+ * is no longer needed.
+ *
+ * @version New in 1.10
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata,
+                   krb5_authdata *const *ap_req_authdata,
+                   krb5_authdatatype ad_type, krb5_authdata ***results);
+
+/**
+ * Merge two authorization data lists into a new list.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  inauthdat1      First list of @a krb5_authdata structures
+ * @param [in]  inauthdat2      Second list of @a krb5_authdata structures
+ * @param [out] outauthdat      Merged list of @a krb5_authdata structures
+ *
+ * Merge two authdata arrays, such as the array from a ticket
+ * and authenticator.
+ * Use krb5_free_authdata() to free @a outauthdat when it is no longer needed.
+ *
+ * @note The last array entry in @a inauthdat1 and @a inauthdat2
+ * must be a NULL pointer.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_merge_authdata(krb5_context context,
+                    krb5_authdata *const *inauthdat1,
+                    krb5_authdata * const *inauthdat2,
+                    krb5_authdata ***outauthdat);
+
+/**
+ * Copy a krb5_authenticator structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  authfrom        krb5_authenticator structure to be copied
+ * @param [out] authto          Copy of krb5_authenticator structure
+ *
+ * This function creates a new krb5_authenticator structure with the content of
+ * @a authfrom.  Use krb5_free_authenticator() to free @a authto when it is no
+ * longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom,
+                        krb5_authenticator **authto);
+
+/**
+ * Copy a krb5_checksum structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ckfrom          Checksum to be copied
+ * @param [out] ckto            Copy of krb5_checksum structure
+ *
+ * This function creates a new krb5_checksum structure with the contents of @a
+ * ckfrom.  Use krb5_free_checksum() to free @a ckto when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_checksum(krb5_context context, const krb5_checksum *ckfrom,
+                   krb5_checksum **ckto);
+
+/**
+ * Generate a replay cache object for server use and open it.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  piece           Unused (replay cache identifier)
+ * @param [out] rcptr           Handle to an open rcache
+ *
+ * This function creates a handle to the default replay cache.  Use
+ * krb5_rc_close() to close @a rcptr when it is no longer needed.
+ *
+ * @version Prior to release 1.18, this function creates a handle to a
+ * different replay cache for each unique value of @a piece.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
+                       krb5_rcache *rcptr);
+
+/**
+ * Build a principal name using length-counted strings.
+ *
+ * @param [in]  context  Library context
+ * @param [out] princ    Principal name
+ * @param [in]  rlen     Realm name length
+ * @param [in]  realm    Realm name
+ * @param [in]  ...      List of unsigned int/char * components, followed by 0
+ *
+ * This function creates a principal from a length-counted string and a
+ * variable-length list of length-counted components.  The list of components
+ * ends with the first 0 length argument (so it is not possible to specify an
+ * empty component with this function).  Call krb5_free_principal() to free
+ * allocated memory for principal when it is no longer needed.
+ *
+ * Beginning with release 1.20, the name type of the principal will be inferred
+ * as @c KRB5_NT_SRV_INST or @c KRB5_NT_WELLKNOWN based on the principal name.
+ * The type will be @c KRB5_NT_PRINCIPAL if a type cannot be inferred.
+ *
+ * @code
+ * Example of how to build principal WELLKNOWN/ANONYMOUS@R
+ *     krb5_build_principal_ext(context, &principal, strlen("R"), "R",
+ *         (unsigned int)strlen(KRB5_WELLKNOWN_NAMESTR),
+ *         KRB5_WELLKNOWN_NAMESTR,
+ *         (unsigned int)strlen(KRB5_ANONYMOUS_PRINCSTR),
+ *         KRB5_ANONYMOUS_PRINCSTR, 0);
+ * @endcode
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV_C
+krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
+                         unsigned int rlen, const char * realm, ...);
+
+/**
+ * Build a principal name using null-terminated strings.
+ *
+ * @param [in]  context         Library context
+ * @param [out] princ           Principal name
+ * @param [in]  rlen            Realm name length
+ * @param [in]  realm           Realm name
+ * @param [in]  ...             List of char * components, ending with NULL
+ *
+ * Call krb5_free_principal() to free @a princ when it is no longer needed.
+ *
+ * Beginning with release 1.20, the name type of the principal will be inferred
+ * as @c KRB5_NT_SRV_INST or @c KRB5_NT_WELLKNOWN based on the principal name.
+ * The type will be @c KRB5_NT_PRINCIPAL if a type cannot be inferred.
+ *
+ * @note krb5_build_principal() and krb5_build_principal_alloc_va() perform the
+ * same task.  krb5_build_principal() takes variadic arguments.
+ * krb5_build_principal_alloc_va() takes a pre-computed @a varargs pointer.
+ *
+ * @code
+ * Example of how to build principal H/S@R
+ *     krb5_build_principal(context, &principal,
+ *                          strlen("R"), "R", "H", "S", (char*)NULL);
+ * @endcode
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV_C
+krb5_build_principal(krb5_context context,
+                     krb5_principal * princ,
+                     unsigned int rlen,
+                     const char * realm, ...)
+#if __GNUC__ >= 4
+    __attribute__ ((sentinel))
+#endif
+    ;
+#if KRB5_DEPRECATED
+/** @deprecated Replaced by krb5_build_principal_alloc_va(). */
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_build_principal_va(krb5_context context,
+                        krb5_principal princ,
+                        unsigned int rlen,
+                        const char *realm,
+                        va_list ap);
+#endif
+
+/**
+ * Build a principal name, using a precomputed variable argument list
+ *
+ * @param [in]  context         Library context
+ * @param [out] princ           Principal structure
+ * @param [in]  rlen            Realm name length
+ * @param [in]  realm           Realm name
+ * @param [in]  ap              List of char * components, ending with NULL
+ *
+ * Similar to krb5_build_principal(), this function builds a principal name,
+ * but its name components are specified as a va_list.
+ *
+ * Use krb5_free_principal() to deallocate @a princ when it is no longer
+ * needed.
+ *
+ * @code
+ * Function usage example:
+ *   va_list ap;
+ *   va_start(ap, realm);
+ *   krb5_build_principal_alloc_va(context, princ, rlen, realm, ap);
+ *   va_end(ap);
+ * @endcode
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_build_principal_alloc_va(krb5_context context,
+                              krb5_principal *princ,
+                              unsigned int rlen,
+                              const char *realm,
+                              va_list ap);
+
+/**
+ * Convert a Kerberos V4 principal to a Kerberos V5 principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  name            V4 name
+ * @param [in]  instance        V4 instance
+ * @param [in]  realm           Realm
+ * @param [out] princ           V5 principal
+ *
+ * This function builds a @a princ from V4 specification based on given input
+ * @a name.instance\@realm.
+ *
+ * Use krb5_free_principal() to free @a princ when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_425_conv_principal(krb5_context context, const char *name,
+                        const char *instance, const char *realm,
+                        krb5_principal *princ);
+
+/**
+ * Convert a Kerberos V5 principal to a Kerberos V4 principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  princ           V5 Principal
+ * @param [out] name            V4 principal's name to be filled in
+ * @param [out] inst            V4 principal's instance name to be filled in
+ * @param [out] realm           Principal's realm name to be filled in
+ *
+ * This function separates a V5 principal @a princ into @a name, @a instance,
+ * and @a realm.
+ *
+ * @retval
+ *  0  Success
+ * @retval
+ *  KRB5_INVALID_PRINCIPAL   Invalid principal name
+ * @retval
+ *  KRB5_CONFIG_CANTOPEN     Can't open or find Kerberos configuration file
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
+                        char *name, char *inst, char *realm);
+/**
+ *@deprecated
+ */
+struct credentials;
+
+/**
+ * Convert a Kerberos V5 credentials to a Kerberos V4 credentials
+ *
+ * @note Not implemented
+ *
+ * @retval KRB524_KRB4_DISABLED (always)
+ */
+int KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+                       struct credentials *v4creds);
+
+#if KRB5_DEPRECATED
+#define krb524_convert_creds_kdc krb5_524_convert_creds
+#define krb524_init_ets(x) (0)
+#endif
+
+/* libkt.spec */
+
+/**
+ * Get a handle for a key table.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  name            Name of the key table
+ * @param [out] ktid            Key table handle
+ *
+ * Resolve the key table name @a name and set @a ktid to a handle identifying
+ * the key table.  Use krb5_kt_close() to free @a ktid when it is no longer
+ * needed.
+ *
+ * @a name must be of the form @c type:residual, where @a type must be a type
+ * known to the library and @a residual portion should be specific to the
+ * particular keytab type.  If no @a type is given, the default is @c FILE.
+ *
+ * If @a name is of type @c FILE, the keytab file is not opened by this call.
+ *
+ * @code
+ *  Example: krb5_kt_resolve(context, "FILE:/tmp/filename", &ktid);
+ * @endcode
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_resolve(krb5_context context, const char *name, krb5_keytab *ktid);
+
+/**
+ * Duplicate keytab handle.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  in              Key table handle to be duplicated
+ * @param [out] out             Key table handle
+ *
+ * Create a new handle referring to the same key table as @a in.  The new
+ * handle and @a in can be closed independently.
+ *
+ * @version New in 1.12
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_dup(krb5_context context, krb5_keytab in, krb5_keytab *out);
+
+/**
+ * Get the default key table name.
+ *
+ * @param [in]     context      Library context
+ * @param [out]    name         Default key table name
+ * @param [in]     name_size    Space available in @a name
+ *
+ * Fill @a name with the name of the default key table for @a context.
+ *
+ * @sa MAX_KEYTAB_NAME_LEN
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ * KRB5_CONFIG_NOTENUFSPACE Buffer is too short
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_default_name(krb5_context context, char *name, int name_size);
+
+/**
+ * Resolve the default key table.
+ *
+ * @param [in]  context         Library context
+ * @param [out] id              Key table handle
+ *
+ * Set @a id to a handle to the default key table.  The key table is not
+ * opened.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_default(krb5_context context, krb5_keytab *id);
+
+/**
+ * Resolve the default client key table.
+ *
+ * @param [in]     context      Library context
+ * @param [out]    keytab_out   Key table handle
+ *
+ * Fill @a keytab_out with a handle to the default client key table.
+ *
+ * @version New in 1.11
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_client_default(krb5_context context, krb5_keytab *keytab_out);
+
+/**
+ * Free the contents of a key table entry.
+ *
+ * @param [in] context          Library context
+ * @param [in] entry            Key table entry whose contents are to be freed
+ *
+ * @note The pointer is not freed.
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry *entry);
+
+/** @deprecated Use krb5_free_keytab_entry_contents instead. */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *entry);
+
+
+/* remove and add are functions, so that they can return NOWRITE
+   if not a writable keytab */
+
+/**
+ * Remove an entry from a key table.
+ *
+ * @param [in] context          Library context
+ * @param [in] id               Key table handle
+ * @param [in] entry            Entry to remove from key table
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ *  KRB5_KT_NOWRITE     Key table is not writable
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry);
+
+/**
+ * Add a new entry to a key table.
+ *
+ * @param [in] context          Library context
+ * @param [in] id               Key table handle
+ * @param [in] entry            Entry to be added
+ *
+ * @retval
+ * 0  Success
+ * @retval
+ *  ENOMEM    Insufficient memory
+ * @retval
+ *  KRB5_KT_NOWRITE  Key table is not writeable
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry);
+
+/**
+ * Convert a principal name into the default salt for that principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  pr              Principal name
+ * @param [out] ret             Default salt for @a pr to be filled in
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV_WRONG
+krb5_principal2salt(krb5_context context,
+                    krb5_const_principal pr, krb5_data *ret);
+/* librc.spec--see rcache.h */
+
+/* libcc.spec */
+
+/**
+ * Resolve a credential cache name.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  name            Credential cache name to be resolved
+ * @param [out] cache           Credential cache handle
+ *
+ * Fills in @a cache with a @a cache handle that corresponds to the name in @a
+ * name.  @a name should be of the form @c type:residual, and @a type must be a
+ * type known to the library.  If the @a name does not contain a colon,
+ * interpret it as a file name.
+ *
+ * @code
+ * Example: krb5_cc_resolve(context, "MEMORY:C_", &cache);
+ * @endcode
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_resolve(krb5_context context, const char *name, krb5_ccache *cache);
+
+/**
+ * Duplicate ccache handle.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  in              Credential cache handle to be duplicated
+ * @param [out] out             Credential cache handle
+ *
+ * Create a new handle referring to the same cache as @a in.
+ * The new handle and @a in can be closed independently.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_dup(krb5_context context, krb5_ccache in, krb5_ccache *out);
+
+/**
+ * Return the name of the default credential cache.
+ *
+ * @param [in] context          Library context
+ *
+ * Return a pointer to the default credential cache name for @a context, as
+ * determined by a prior call to krb5_cc_set_default_name(), by the KRB5CCNAME
+ * environment variable, by the default_ccache_name profile variable, or by the
+ * operating system or build-time default value.  The returned value must not
+ * be modified or freed by the caller.  The returned value becomes invalid when
+ * @a context is destroyed krb5_free_context() or if a subsequent call to
+ * krb5_cc_set_default_name() is made on @a context.
+ *
+ * The default credential cache name is cached in @a context between calls to
+ * this function, so if the value of KRB5CCNAME changes in the process
+ * environment after the first call to this function on, that change will not
+ * be reflected in later calls with the same context.  The caller can invoke
+ * krb5_cc_set_default_name() with a NULL value of @a name to clear the cached
+ * value and force the default name to be recomputed.
+ *
+ * @return
+ * Name of default credential cache for the current user.
+ */
+const char *KRB5_CALLCONV
+krb5_cc_default_name(krb5_context context);
+
+/**
+ * Set the default credential cache name.
+ *
+ * @param [in] context          Library context
+ * @param [in] name             Default credential cache name or NULL
+ *
+ * Set the default credential cache name to @a name for future operations using
+ * @a context.  If @a name is NULL, clear any previous application-set default
+ * name and forget any cached value of the default name for @a context.
+ *
+ * Calls to this function invalidate the result of any previous calls to
+ * krb5_cc_default_name() using @a context.
+ *
+ * @retval
+ *  0  Success
+ * @retval
+ *  KV5M_CONTEXT          Bad magic number for @c _krb5_context structure
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_default_name(krb5_context context, const char *name);
+
+/**
+ * Resolve the default credential cache name.
+ *
+ * @param [in]  context         Library context
+ * @param [out] ccache          Pointer to credential cache name
+ *
+ * Create a handle to the default credential cache as given by
+ * krb5_cc_default_name().
+ *
+ * @retval
+ * 0  Success
+ * @retval
+ * KV5M_CONTEXT            Bad magic number for @c _krb5_context structure
+ * @retval
+ * KRB5_FCC_INTERNAL       The name of the default credential cache cannot be
+ *                         obtained
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_default(krb5_context context, krb5_ccache *ccache);
+
+/**
+ * Copy a credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  incc            Credential cache to be copied
+ * @param [out] outcc           Copy of credential cache to be filled in
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc);
+
+/**
+ * Get a configuration value from a credential cache.
+ *
+ * @param [in]     context      Library context
+ * @param [in]     id           Credential cache handle
+ * @param [in]     principal    Configuration for this principal;
+ *                              if NULL, global for the whole cache
+ * @param [in]     key          Name of config variable
+ * @param [out]    data         Data to be fetched
+ *
+ * Use krb5_free_data_contents() to free @a data when it is no longer needed.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_config(krb5_context context, krb5_ccache id,
+                   krb5_const_principal principal,
+                   const char *key, krb5_data *data);
+
+/**
+ * Store a configuration value in a credential cache.
+ *
+ * @param [in]     context      Library context
+ * @param [in]     id           Credential cache handle
+ * @param [in]     principal    Configuration for a specific principal;
+ *                              if NULL, global for the whole cache
+ * @param [in]     key          Name of config variable
+ * @param [in]     data         Data to store, or NULL to remove
+ *
+ * @note Existing configuration under the same key is over-written.
+ *
+ * @warning Before version 1.10 @a data was assumed to be always non-null.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_config(krb5_context context, krb5_ccache id,
+                   krb5_const_principal principal,
+                   const char *key, krb5_data *data);
+
+/**
+ * Test whether a principal is a configuration principal.
+ *
+ * @param [in] context          Library context
+ * @param [in] principal        Principal to check
+ *
+ * @return
+ * @c TRUE if the principal is a configuration principal (generated part of
+ * krb5_cc_set_config()); @c FALSE otherwise.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_is_config_principal(krb5_context context, krb5_const_principal principal);
+
+/**
+ * Make a credential cache the primary cache for its collection.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ *
+ * If the type of @a cache supports it, set @a cache to be the primary
+ * credential cache for the collection it belongs to.
+ *
+ * @retval
+ * 0  Success, or the type of @a cache doesn't support switching
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_switch(krb5_context context, krb5_ccache cache);
+
+/**
+ * Determine whether a credential cache type supports switching.
+ *
+ * @param [in] context          Library context
+ * @param [in] type             Credential cache type
+ *
+ * @version New in 1.10
+ *
+ * @retval TRUE if @a type supports switching
+ * @retval FALSE if it does not or is not a valid credential cache type.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_cc_support_switch(krb5_context context, const char *type);
+
+/**
+ * Find a credential cache with a specified client principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  client          Client principal
+ * @param [out] cache_out       Credential cache handle
+ *
+ * Find a cache within the collection whose default principal is @a client.
+ * Use @a krb5_cc_close to close @a ccache when it is no longer needed.
+ *
+ * @retval 0 Success
+ * @retval KRB5_CC_NOTFOUND
+ *
+ * @sa krb5_cccol_cursor_new
+ *
+ * @version New in 1.10
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_cache_match(krb5_context context, krb5_principal client,
+                    krb5_ccache *cache_out);
+
+/**
+ * Select a credential cache to use with a server principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  server          Server principal
+ * @param [out] cache_out       Credential cache handle
+ * @param [out] princ_out       Client principal
+ *
+ * Select a cache within the collection containing credentials most appropriate
+ * for use with @a server, according to configured rules and heuristics.
+ *
+ * Use krb5_cc_close() to release @a cache_out when it is no longer needed.
+ * Use krb5_free_principal() to release @a princ_out when it is no longer
+ * needed.  Note that @a princ_out is set in some error conditions.
+ *
+ * @return
+ * If an appropriate cache is found, 0 is returned, @a cache_out is set to the
+ * selected cache, and @a princ_out is set to the default principal of that
+ * cache.
+ *
+ * If the appropriate client principal can be authoritatively determined but
+ * the cache collection contains no credentials for that principal, then
+ * KRB5_CC_NOTFOUND is returned, @a cache_out is set to NULL, and @a princ_out
+ * is set to the appropriate client principal.
+ *
+ * If no configured mechanism can determine the appropriate cache or principal,
+ * KRB5_CC_NOTFOUND is returned and @a cache_out and @a princ_out are set to
+ * NULL.
+ *
+ * Any other error code indicates a fatal error in the processing of a cache
+ * selection mechanism.
+ *
+ * @version New in 1.10
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_select(krb5_context context, krb5_principal server,
+               krb5_ccache *cache_out, krb5_principal *princ_out);
+
+/* krb5_free.c */
+/**
+ * Free the storage assigned to a principal.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Principal to be freed
+ */
+void KRB5_CALLCONV
+krb5_free_principal(krb5_context context, krb5_principal val);
+
+/**
+ * Free a krb5_authenticator structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Authenticator structure to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_authenticator(krb5_context context, krb5_authenticator *val);
+
+/**
+ * Free the data stored in array of addresses.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Array of addresses to be freed
+ *
+ * This function frees the contents of @a val and the array itself.
+ *
+ * @note The last entry in the array must be a NULL pointer.
+ */
+void KRB5_CALLCONV
+krb5_free_addresses(krb5_context context, krb5_address **val);
+
+/**
+ * Free the storage assigned to array of authentication data.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Array of authentication data to be freed
+ *
+ * This function frees the contents of @a val and the array itself.
+ *
+ * @note The last entry in the array must be a NULL pointer.
+ */
+void KRB5_CALLCONV
+krb5_free_authdata(krb5_context context, krb5_authdata **val);
+
+/**
+ * Free a ticket.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Ticket to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_ticket(krb5_context context, krb5_ticket *val);
+
+/**
+ * Free an error allocated by krb5_read_error() or krb5_sendauth().
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Error data structure to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_error(krb5_context context, krb5_error *val);
+
+/**
+ * Free a krb5_creds structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Credential structure to be freed.
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_creds(krb5_context context, krb5_creds *val);
+
+/**
+ * Free the contents of a krb5_creds structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Credential structure to free contents of
+ *
+ * This function frees the contents of @a val, but not the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_cred_contents(krb5_context context, krb5_creds *val);
+
+/**
+ * Free a krb5_checksum structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Checksum structure to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_checksum(krb5_context context, krb5_checksum *val);
+
+/**
+ * Free the contents of a krb5_checksum structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Checksum structure to free contents of
+ *
+ * This function frees the contents of @a val, but not the structure itself.
+ * It sets the checksum's data pointer to null and (beginning in release 1.19)
+ * sets its length to zero.
+ */
+void KRB5_CALLCONV
+krb5_free_checksum_contents(krb5_context context, krb5_checksum *val);
+
+/**
+ * Free a krb5_keyblock structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Keyblock to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_keyblock(krb5_context context, krb5_keyblock *val);
+
+/**
+ * Free the contents of a krb5_keyblock structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] key              Keyblock to be freed
+ *
+ * This function frees the contents of @a key, but not the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *key);
+
+/**
+ * Free a krb5_ap_rep_enc_part structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              AP-REP enc part to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val);
+
+/**
+ * Free a krb5_data structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Data structure to be freed
+ *
+ * This function frees the contents of @a val and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_free_data(krb5_context context, krb5_data *val);
+
+/* Free a krb5_octet_data structure (should be unused). */
+void KRB5_CALLCONV
+krb5_free_octet_data(krb5_context context, krb5_octet_data *val);
+
+/**
+ * Free the contents of a krb5_data structure and zero the data field.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Data structure to free contents of
+ *
+ * This function frees the contents of @a val, but not the structure itself.
+ * It sets the structure's data pointer to null and (beginning in release 1.19)
+ * sets its length to zero.
+ */
+void KRB5_CALLCONV
+krb5_free_data_contents(krb5_context context, krb5_data *val);
+
+/**
+ * Free a string representation of a principal.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Name string to be freed
+ */
+void KRB5_CALLCONV
+krb5_free_unparsed_name(krb5_context context, char *val);
+
+/**
+ * Free a string allocated by a krb5 function.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              String to be freed
+ *
+ * @version New in 1.10
+ */
+void KRB5_CALLCONV
+krb5_free_string(krb5_context context, char *val);
+
+/**
+ * Free an array of encryption types.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Array of enctypes to be freed
+ *
+ * @version New in 1.12
+ */
+void KRB5_CALLCONV
+krb5_free_enctypes(krb5_context context, krb5_enctype *val);
+
+/**
+ * Free an array of checksum types.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              Array of checksum types to be freed
+ */
+void KRB5_CALLCONV
+krb5_free_cksumtypes(krb5_context context, krb5_cksumtype *val);
+
+/* From krb5/os, but needed by the outside world */
+/**
+ * Retrieve the system time of day, in sec and ms, since the epoch.
+ *
+ * @param [in]  context         Library context
+ * @param [out] seconds         System timeofday, seconds portion
+ * @param [out] microseconds    System timeofday, microseconds portion
+ *
+ * This function retrieves the system time of day with the context
+ * specific time offset adjustment.
+ *
+ * @sa krb5_crypto_us_timeofday()
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_us_timeofday(krb5_context context,
+                  krb5_timestamp *seconds, krb5_int32 *microseconds);
+
+/**
+ * Retrieve the current time with context specific time offset adjustment.
+ *
+ * @param [in]  context         Library context
+ * @param [out] timeret         Timestamp to fill in
+ *
+ * This function retrieves the system time of day with the context specific
+ * time offset adjustment.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_timeofday(krb5_context context, krb5_timestamp *timeret);
+
+/**
+ * Check if a timestamp is within the allowed clock skew of the current time.
+ *
+ * @param [in]     context      Library context
+ * @param [in]     date         Timestamp to check
+ *
+ * This function checks if @a date is close enough to the current time
+ * according to the configured allowable clock skew.
+ *
+ * @version New in 1.10
+ *
+ * @retval 0 Success
+ * @retval KRB5KRB_AP_ERR_SKEW @a date is not within allowable clock skew
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_check_clockskew(krb5_context context, krb5_timestamp date);
+
+/**
+ * Return all interface addresses for this host.
+ *
+ * @param [in]  context         Library context
+ * @param [out] addr            Array of krb5_address pointers, ending with
+ *                              NULL
+ *
+ * Use krb5_free_addresses() to free @a addr when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_os_localaddr(krb5_context context, krb5_address ***addr);
+
+/**
+ * Retrieve the default realm.
+ *
+ * @param [in]  context         Library context
+ * @param [out] lrealm          Default realm name
+ *
+ * Retrieves the default realm to be used if no user-specified realm is
+ * available.
+ *
+ * Use krb5_free_default_realm() to free @a lrealm when it is no longer needed.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_default_realm(krb5_context context, char **lrealm);
+
+/**
+ * Override the default realm for the specified context.
+ *
+ * @param [in]     context      Library context
+ * @param [in]     lrealm       Realm name for the default realm
+ *
+ * If @a lrealm is NULL, clear the default realm setting.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_realm(krb5_context context, const char *lrealm);
+
+/**
+ * Free a default realm string returned by krb5_get_default_realm().
+ *
+ * @param [in] context          Library context
+ * @param [in] lrealm           Realm to be freed
+ */
+void KRB5_CALLCONV
+krb5_free_default_realm(krb5_context context, char *lrealm);
+
+/**
+ * Canonicalize a hostname, possibly using name service.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  host            Input hostname
+ * @param [out] canonhost_out   Canonicalized hostname
+ *
+ * This function canonicalizes orig_hostname, possibly using name service
+ * lookups if configuration permits.  Use krb5_free_string() to free @a
+ * canonhost_out when it is no longer needed.
+ *
+ * @version New in 1.15
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_expand_hostname(krb5_context context, const char *host,
+                     char **canonhost_out);
+
+/**
+ * Generate a full principal name from a service name.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  hostname        Host name, or NULL to use local host
+ * @param [in]  sname           Service name, or NULL to use @c "host"
+ * @param [in]  type            Principal type
+ * @param [out] ret_princ       Generated principal
+ *
+ * This function converts a @a hostname and @a sname into @a krb5_principal
+ * structure @a ret_princ.  The returned principal will be of the form @a
+ * sname\/hostname\@REALM where REALM is determined by krb5_get_host_realm().
+ * In some cases this may be the referral (empty) realm.
+ *
+ * The @a type can be one of the following:
+ *
+ * @li #KRB5_NT_SRV_HST canonicalizes the host name before looking up the
+ * realm and generating the principal.
+ *
+ * @li #KRB5_NT_UNKNOWN accepts the hostname as given, and does not
+ * canonicalize it.
+ *
+ * Use krb5_free_principal to free @a ret_princ when it is no longer needed.
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname,
+                        krb5_int32 type, krb5_principal *ret_princ);
+
+/**
+ * Test whether a principal matches a matching principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  matching        Matching principal
+ * @param [in]  princ           Principal to test
+ *
+ * @note A matching principal is a host-based principal with an empty realm
+ * and/or second data component (hostname).  Profile configuration may cause
+ * the hostname to be ignored even if it is present.  A principal matches a
+ * matching principal if the former has the same non-empty (and non-ignored)
+ * components of the latter.
+ *
+ * If @a matching is NULL, return TRUE.  If @a matching is not a matching
+ * principal, return the value of krb5_principal_compare(context, matching,
+ * princ).
+ *
+ * @return
+ * TRUE if @a princ matches @a matching, FALSE otherwise.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_sname_match(krb5_context context, krb5_const_principal matching,
+                 krb5_const_principal princ);
+
+/**
+ * Change a password for an existing Kerberos account.
+ *
+ * @param [in]  context             Library context
+ * @param [in]  creds               Credentials for kadmin/changepw service
+ * @param [in]  newpw               New password
+ * @param [out] result_code         Numeric error code from server
+ * @param [out] result_code_string  String equivalent to @a result_code
+ * @param [out] result_string       Change password response from the KDC
+ *
+ * Change the password for the existing principal identified by @a creds.
+ *
+ * The possible values of the output @a result_code are:
+ *
+ * @li #KRB5_KPASSWD_SUCCESS   (0) - success
+ * @li #KRB5_KPASSWD_MALFORMED (1) - Malformed request error
+ * @li #KRB5_KPASSWD_HARDERROR (2) - Server error
+ * @li #KRB5_KPASSWD_AUTHERROR (3) - Authentication error
+ * @li #KRB5_KPASSWD_SOFTERROR (4) - Password change rejected
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_change_password(krb5_context context, krb5_creds *creds,
+                     const char *newpw, int *result_code,
+                     krb5_data *result_code_string, krb5_data *result_string);
+
+/**
+ * Set a password for a principal using specified credentials.
+ *
+ * @param [in]  context              Library context
+ * @param [in]  creds                Credentials for kadmin/changepw service
+ * @param [in]  newpw                New password
+ * @param [in]  change_password_for  Change the password for this principal
+ * @param [out] result_code          Numeric error code from server
+ * @param [out] result_code_string   String equivalent to @a result_code
+ * @param [out] result_string        Data returned from the remote system
+ *
+ * This function uses the credentials @a creds to set the password @a newpw for
+ * the principal @a change_password_for.  It implements the set password
+ * operation of RFC 3244, for interoperability with Microsoft Windows
+ * implementations.
+ *
+ * @note If @a change_password_for is NULL, the change is performed on the
+ * current principal. If @a change_password_for is non-null, the change is
+ * performed on the principal name passed in @a change_password_for.
+ *
+ * The error code and strings are returned in @a result_code,
+ * @a result_code_string and @a result_string.
+ *
+ * @sa krb5_set_password_using_ccache()
+ *
+ * @retval
+ * 0  Success and result_code is set to #KRB5_KPASSWD_SUCCESS.
+ * @return
+ * Kerberos error codes.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_password(krb5_context context, krb5_creds *creds, const char *newpw,
+                  krb5_principal change_password_for, int *result_code,
+                  krb5_data *result_code_string, krb5_data *result_string);
+
+/**
+ * Set a password for a principal using cached credentials.
+ *
+ * @param [in]  context              Library context
+ * @param [in]  ccache               Credential cache
+ * @param [in]  newpw                New password
+ * @param [in]  change_password_for  Change the password for this principal
+ * @param [out] result_code          Numeric error code from server
+ * @param [out] result_code_string   String equivalent to @a result_code
+ * @param [out] result_string        Data returned from the remote system
+ *
+ * This function uses the cached credentials from @a ccache to set the password
+ * @a newpw for the principal @a change_password_for.  It implements RFC 3244
+ * set password operation (interoperable with MS Windows implementations) using
+ * the credential cache.
+ *
+ * The error code and strings are returned in @a result_code,
+ * @a result_code_string and @a result_string.
+ *
+ * @note If @a change_password_for is set to NULL, the change is performed on
+ * the default principal in @a ccache. If @a change_password_for is non null,
+ * the change is performed on the specified principal.
+ *
+ * @sa krb5_set_password()
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache,
+                               const char *newpw,
+                               krb5_principal change_password_for,
+                               int *result_code, krb5_data *result_code_string,
+                               krb5_data *result_string);
+
+/**
+ * Get a result message for changing or setting a password.
+ *
+ * @param [in]  context            Library context
+ * @param [in]  server_string      Data returned from the remote system
+ * @param [out] message_out        A message displayable to the user
+ *
+ * This function processes the @a server_string returned in the @a
+ * result_string parameter of krb5_change_password(), krb5_set_password(), and
+ * related functions, and returns a displayable string.  If @a server_string
+ * contains Active Directory structured policy information, it will be
+ * converted into human-readable text.
+ *
+ * Use krb5_free_string() to free @a message_out when it is no longer needed.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ *
+ * @version New in 1.11
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_chpw_message(krb5_context context, const krb5_data *server_string,
+                  char **message_out);
+
+/**
+ * Retrieve configuration profile from the context.
+ *
+ * @param [in]  context         Library context
+ * @param [out] profile         Pointer to data read from a configuration file
+ *
+ * This function creates a new @a profile object that reflects profile
+ * in the supplied @a context.
+ *
+ * The @a profile object may be freed with profile_release() function.
+ * See profile.h and profile API for more details.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_profile(krb5_context context, struct _profile_t ** profile);
+
+#if KRB5_DEPRECATED
+/** @deprecated Replaced by krb5_get_init_creds_password().*/
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
+                              krb5_address *const *addrs, krb5_enctype *ktypes,
+                              krb5_preauthtype *pre_auth_types,
+                              const char *password, krb5_ccache ccache,
+                              krb5_creds *creds, krb5_kdc_rep **ret_as_reply);
+
+/** @deprecated Replaced by krb5_get_init_creds(). */
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
+                          krb5_address *const *addrs, krb5_enctype *ktypes,
+                          krb5_preauthtype *pre_auth_types,
+                          const krb5_keyblock *key, krb5_ccache ccache,
+                          krb5_creds *creds, krb5_kdc_rep **ret_as_reply);
+
+/** @deprecated Replaced by krb5_get_init_creds_keytab(). */
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
+                            krb5_address *const *addrs, krb5_enctype *ktypes,
+                            krb5_preauthtype *pre_auth_types,
+                            krb5_keytab arg_keytab, krb5_ccache ccache,
+                            krb5_creds *creds, krb5_kdc_rep **ret_as_reply);
+
+#endif /* KRB5_DEPRECATED */
+
+/**
+ * Parse and decrypt a @c KRB_AP_REQ message.
+ *
+ * @param [in]     context        Library context
+ * @param [in,out] auth_context   Pre-existing or newly created auth context
+ * @param [in]     inbuf          AP-REQ message to be parsed
+ * @param [in]     server         Matching principal for server, or NULL to
+ *                                allow any principal in keytab
+ * @param [in]     keytab         Key table, or NULL to use the default
+ * @param [out]    ap_req_options If non-null, the AP-REQ flags on output
+ * @param [out]    ticket         If non-null, ticket from the AP-REQ message
+ *
+ * This function parses, decrypts and verifies a AP-REQ message from @a inbuf
+ * and stores the authenticator in @a auth_context.
+ *
+ * If a keyblock was specified in @a auth_context using
+ * krb5_auth_con_setuseruserkey(), that key is used to decrypt the ticket in
+ * AP-REQ message and @a keytab is ignored.  In this case, @a server should be
+ * specified as a complete principal name to allow for proper transited-path
+ * checking and replay cache selection.
+ *
+ * Otherwise, the decryption key is obtained from @a keytab, or from the
+ * default keytab if it is NULL.  In this case, @a server may be a complete
+ * principal name, a matching principal (see krb5_sname_match()), or NULL to
+ * match any principal name.  The keys tried against the encrypted part of the
+ * ticket are determined as follows:
+ *
+ * - If @a server is a complete principal name, then its entry in @a keytab is
+ *   tried.
+ * - Otherwise, if @a keytab is iterable, then all entries in @a keytab which
+ *   match @a server are tried.
+ * - Otherwise, the server principal in the ticket must match @a server, and
+ *   its entry in @a keytab is tried.
+ *
+ * The client specified in the decrypted authenticator must match the client
+ * specified in the decrypted ticket.
+ *
+ * If the @a remote_addr field of @a auth_context is set, the request must come
+ * from that address.
+ *
+ * If a replay cache handle is provided in the @a auth_context, the
+ * authenticator and ticket are verified against it.  If no conflict is found,
+ * the new authenticator is then stored in the replay cache of @a auth_context.
+ *
+ * Various other checks are performed on the decoded data, including
+ * cross-realm policy, clockskew, and ticket validation times.
+ *
+ * On success the authenticator, subkey, and remote sequence number of the
+ * request are stored in @a auth_context. If the #AP_OPTS_MUTUAL_REQUIRED
+ * bit is set, the local sequence number is XORed with the remote sequence
+ * number in the request.
+ *
+ * Use krb5_free_ticket() to free @a ticket when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
+            const krb5_data *inbuf, krb5_const_principal server,
+            krb5_keytab keytab, krb5_flags *ap_req_options,
+            krb5_ticket **ticket);
+
+/**
+ * Retrieve a service key from a key table.
+ *
+ * @param [in]  context     Library context
+ * @param [in]  keyprocarg  Name of a key table (NULL to use default name)
+ * @param [in]  principal   Service principal
+ * @param [in]  vno         Key version number (0 for highest available)
+ * @param [in]  enctype     Encryption type (0 for any type)
+ * @param [out] key         Service key from key table
+ *
+ * Open and search the specified key table for the entry identified by @a
+ * principal, @a enctype, and @a vno. If no key is found, return an error code.
+ *
+ * The default key table is used, unless @a keyprocarg is non-null.
+ * @a keyprocarg designates a specific key table.
+ *
+ * Use krb5_free_keyblock() to free @a key when it is no longer needed.
+ *
+ * @retval
+ * 0 Success
+ * @return Kerberos error code if not found or @a keyprocarg is invalid.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg,
+                         krb5_principal principal, krb5_kvno vno,
+                         krb5_enctype enctype, krb5_keyblock **key);
+
+/**
+ * Format a @c KRB-SAFE message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  userdata        User data in the message
+ * @param [out] der_out         Formatted @c KRB-SAFE buffer
+ * @param [out] rdata_out       Replay data. Specify NULL if not needed
+ *
+ * This function creates an integrity protected @c KRB-SAFE message
+ * using data supplied by the application.
+ *
+ * Fields in @a auth_context specify the checksum type, the keyblock that
+ * can be used to seed the checksum, full addresses (host and port) for
+ * the sender and receiver, and KRB5_AUTH_CONTEXT flags.
+ *
+ * The local address in @a auth_context must be set, and is used to form the
+ * sender address used in the KRB-SAFE message.  The remote address is
+ * optional; if specified, it will be used to form the receiver address used in
+ * the message.
+ *
+ * @note The @a rdata_out argument is required if the
+ * #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
+ * in @a auth_context.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, a
+ * timestamp is included in the KRB-SAFE message, and an entry for the message
+ * is entered in an in-memory replay cache to detect if the message is
+ * reflected by an attacker.  If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no
+ * replay cache is used.  If #KRB5_AUTH_CONTEXT_RET_TIME is set in @a
+ * auth_context, a timestamp is included in the KRB-SAFE message and is stored
+ * in @a rdata_out.
+ *
+ * If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
+ * is set, the @a auth_context local sequence number is included in the
+ * KRB-SAFE message and then incremented.  If #KRB5_AUTH_CONTEXT_RET_SEQUENCE
+ * is set, the sequence number used is stored in @a rdata_out.
+ *
+ * Use krb5_free_data_contents() to free @a der_out when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
+             const krb5_data *userdata, krb5_data *der_out,
+             krb5_replay_data *rdata_out);
+
+/**
+ * Format a @c KRB-PRIV message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  userdata        User data for @c KRB-PRIV message
+ * @param [out] der_out         Formatted @c KRB-PRIV message
+ * @param [out] rdata_out       Replay data (NULL if not needed)
+ *
+ * This function is similar to krb5_mk_safe(), but the message is encrypted and
+ * integrity-protected, not just integrity-protected.
+ *
+ * The local address in @a auth_context must be set, and is used to form the
+ * sender address used in the KRB-PRIV message.  The remote address is
+ * optional; if specified, it will be used to form the receiver address used in
+ * the message.
+ *
+ * @note The @a rdata_out argument is required if the
+ * #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
+ * in @a auth_context.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, a
+ * timestamp is included in the KRB-PRIV message, and an entry for the message
+ * is entered in an in-memory replay cache to detect if the message is
+ * reflected by an attacker.  If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no
+ * replay cache is used.  If #KRB5_AUTH_CONTEXT_RET_TIME is set in @a
+ * auth_context, a timestamp is included in the KRB-PRIV message and is stored
+ * in @a rdata_out.
+ *
+ * If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
+ * is set, the @a auth_context local sequence number is included in the
+ * KRB-PRIV message and then incremented.  If #KRB5_AUTH_CONTEXT_RET_SEQUENCE
+ * is set, the sequence number used is stored in @a rdata_out.
+ *
+ * Use krb5_free_data_contents() to free @a der_out when it is no longer
+ * needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
+             const krb5_data *userdata, krb5_data *der_out,
+             krb5_replay_data *rdata_out);
+
+/**
+ * Client function for @c sendauth protocol.
+ *
+ * @param [in]     context        Library context
+ * @param [in,out] auth_context   Pre-existing or newly created auth context
+ * @param [in]     fd             File descriptor that describes network socket
+ * @param [in]     appl_version   Application protocol version to be matched
+ *                                with the receiver's application version
+ * @param [in]     client         Client principal
+ * @param [in]     server         Server principal
+ * @param [in]     ap_req_options Options (see AP_OPTS macros)
+ * @param [in]     in_data        Data to be sent to the server
+ * @param [in]     in_creds       Input credentials, or NULL to use @a ccache
+ * @param [in]     ccache         Credential cache
+ * @param [out]    error          If non-null, contains KRB_ERROR message
+ *                                returned from server
+ * @param [out]    rep_result     If non-null and @a ap_req_options is
+ *                                #AP_OPTS_MUTUAL_REQUIRED, contains the result
+ *                                of mutual authentication exchange
+ * @param [out]    out_creds      If non-null, the retrieved credentials
+ *
+ * This function performs the client side of a sendauth/recvauth exchange by
+ * sending and receiving messages over @a fd.
+ *
+ * Credentials may be specified in three ways:
+ *
+ * @li If @a in_creds is NULL, credentials are obtained with
+ * krb5_get_credentials() using the principals @a client and @a server.  @a
+ * server must be non-null; @a client may NULL to use the default principal of
+ * @a ccache.
+ *
+ * @li If @a in_creds is non-null, but does not contain a ticket, credentials
+ * for the exchange are obtained with krb5_get_credentials() using @a in_creds.
+ * In this case, the values of @a client and @a server are unused.
+ *
+ * @li If @a in_creds is a complete credentials structure, it used directly.
+ * In this case, the values of @a client, @a server, and @a ccache are unused.
+ *
+ * If the server is using a different application protocol than that specified
+ * in @a appl_version, an error will be returned.
+ *
+ * Use krb5_free_creds() to free @a out_creds, krb5_free_ap_rep_enc_part() to
+ * free @a rep_result, and krb5_free_error() to free @a error when they are no
+ * longer needed.
+ *
+ * @sa krb5_recvauth()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_sendauth(krb5_context context, krb5_auth_context *auth_context,
+              krb5_pointer fd, char *appl_version, krb5_principal client,
+              krb5_principal server, krb5_flags ap_req_options,
+              krb5_data *in_data, krb5_creds *in_creds, krb5_ccache ccache,
+              krb5_error **error, krb5_ap_rep_enc_part **rep_result,
+              krb5_creds **out_creds);
+
+/**
+ * Server function for @a sendauth protocol.
+ *
+ * @param [in]     context      Library context
+ * @param [in,out] auth_context Pre-existing or newly created auth context
+ * @param [in]     fd           File descriptor
+ * @param [in]     appl_version Application protocol version to be matched
+ *                              against the client's application version
+ * @param [in]     server       Server principal (NULL for any in @a keytab)
+ * @param [in]     flags        Additional specifications
+ * @param [in]     keytab       Key table containing service keys
+ * @param [out]    ticket       Ticket (NULL if not needed)
+ *
+ * This function performs the server side of a sendauth/recvauth exchange by
+ * sending and receiving messages over @a fd.
+ *
+ * Use krb5_free_ticket() to free @a ticket when it is no longer needed.
+ *
+ * @sa krb5_sendauth()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_recvauth(krb5_context context, krb5_auth_context *auth_context,
+              krb5_pointer fd, char *appl_version, krb5_principal server,
+              krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket);
+
+/**
+ * Server function for @a sendauth protocol with version parameter.
+ *
+ * @param [in]     context      Library context
+ * @param [in,out] auth_context Pre-existing or newly created auth context
+ * @param [in]     fd           File descriptor
+ * @param [in]     server       Server principal (NULL for any in @a keytab)
+ * @param [in]     flags        Additional specifications
+ * @param [in]     keytab       Decryption key
+ * @param [out]    ticket       Ticket (NULL if not needed)
+ * @param [out]    version      sendauth protocol version (NULL if not needed)
+ *
+ * This function is similar to krb5_recvauth() with the additional output
+ * information place into @a version.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_recvauth_version(krb5_context context,
+                      krb5_auth_context *auth_context,
+                      krb5_pointer fd,
+                      krb5_principal server,
+                      krb5_int32 flags,
+                      krb5_keytab keytab,
+                      krb5_ticket **ticket,
+                      krb5_data *version);
+
+/**
+ * Format a @c KRB-CRED message for an array of credentials.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  creds           Null-terminated array of credentials
+ * @param [out] der_out         Encoded credentials
+ * @param [out] rdata_out       Replay cache information (NULL if not needed)
+ *
+ * This function takes an array of credentials @a creds and formats
+ * a @c KRB-CRED message @a der_out to pass to krb5_rd_cred().
+ *
+ * The local and remote addresses in @a auth_context are optional; if either is
+ * specified, they are used to form the sender and receiver addresses in the
+ * KRB-CRED message.
+ *
+ * @note The @a rdata_out argument is required if the
+ * #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
+ * in @a auth_context.
+ *
+ * If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in @a auth_context, an entry
+ * for the message is entered in an in-memory replay cache to detect if the
+ * message is reflected by an attacker.  If #KRB5_AUTH_CONTEXT_DO_TIME is not
+ * set, no replay cache is used.  If #KRB5_AUTH_CONTEXT_RET_TIME is set in @a
+ * auth_context, the timestamp used for the KRB-CRED message is stored in @a
+ * rdata_out.
+ *
+ * If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE
+ * is set, the @a auth_context local sequence number is included in the
+ * KRB-CRED message and then incremented.  If #KRB5_AUTH_CONTEXT_RET_SEQUENCE
+ * is set, the sequence number used is stored in @a rdata_out.
+ *
+ * Use krb5_free_data_contents() to free @a der_out when it is no longer
+ * needed.
+ *
+ * The message will be encrypted using the send subkey of @a auth_context if it
+ * is present, or the session key otherwise.  If neither key is present, the
+ * credentials will not be encrypted, and the message should only be sent over
+ * a secure channel.  No replay cache entry is used in this case.
+ *
+ * @retval
+ *  0 Success
+ * @retval
+ *  ENOMEM Insufficient memory
+ * @retval
+ *   KRB5_RC_REQUIRED Message replay detection requires @a rcache parameter
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
+              krb5_creds **creds, krb5_data **der_out,
+              krb5_replay_data *rdata_out);
+
+/**
+ * Format a @c KRB-CRED message for a single set of credentials.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  creds           Pointer to credentials
+ * @param [out] der_out         Encoded credentials
+ * @param [out] rdata_out       Replay cache data (NULL if not needed)
+ *
+ * This is a convenience function that calls krb5_mk_ncred() with a single set
+ * of credentials.
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ *  ENOMEM Insufficient memory
+ * @retval
+ *  KRB5_RC_REQUIRED   Message replay detection requires @a rcache parameter
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context,
+              krb5_creds *creds, krb5_data **der_out,
+              krb5_replay_data *rdata_out);
+
+/**
+ * Read and validate a @c KRB-CRED message.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [in]  creddata        @c KRB-CRED message
+ * @param [out] creds_out       Null-terminated array of forwarded credentials
+ * @param [out] rdata_out       Replay data (NULL if not needed)
+ *
+ * @note The @a rdata_out argument is required if the
+ * #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set
+ * in @a auth_context.`
+ *
+ * @a creddata will be decrypted using the receiving subkey if it is present in
+ * @a auth_context, or the session key if the receiving subkey is not present
+ * or fails to decrypt the message.
+ *
+ * Use krb5_free_tgt_creds() to free @a creds_out when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
+             krb5_data *creddata, krb5_creds ***creds_out,
+             krb5_replay_data *rdata_out);
+
+/**
+ * Get a forwarded TGT and format a @c KRB-CRED message.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] rhost            Remote host
+ * @param [in] client           Client principal of TGT
+ * @param [in] server           Principal of server to receive TGT
+ * @param [in] cc               Credential cache handle (NULL to use default)
+ * @param [in] forwardable      Whether TGT should be forwardable
+ * @param [out] outbuf          KRB-CRED message
+ *
+ * Get a TGT for use at the remote host @a rhost and format it into a KRB-CRED
+ * message.  If @a rhost is NULL and @a server is of type #KRB5_NT_SRV_HST,
+ * the second component of @a server will be used.
+ *
+ * @retval
+ *  0 Success
+ * @retval
+ *   ENOMEM Insufficient memory
+ * @retval
+ *   KRB5_PRINC_NOMATCH Requested principal and ticket do not match
+ * @retval
+ *   KRB5_NO_TKT_SUPPLIED Request did not supply a ticket
+ * @retval
+ *   KRB5_CC_BADNAME Credential cache name or principal name malformed
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context,
+                   const char *rhost, krb5_principal client,
+                   krb5_principal server, krb5_ccache cc, int forwardable,
+                   krb5_data *outbuf);
+
+/**
+ * Create and initialize an authentication context.
+ *
+ * @param [in]  context         Library context
+ * @param [out] auth_context    Authentication context
+ *
+ * This function creates an authentication context to hold configuration and
+ * state relevant to krb5 functions for authenticating principals and
+ * protecting messages once authentication has occurred.
+ *
+ * By default, flags for the context are set to enable the use of the replay
+ * cache (#KRB5_AUTH_CONTEXT_DO_TIME), but not sequence numbers.  Use
+ * krb5_auth_con_setflags() to change the flags.
+ *
+ * The allocated @a auth_context must be freed with krb5_auth_con_free() when
+ * it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context);
+
+/**
+ * Free a krb5_auth_context structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context to be freed
+ *
+ * This function frees an auth context allocated by krb5_auth_con_init().
+ *
+ * @retval 0  (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context);
+
+/**
+ * Set a flags field in a krb5_auth_context structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] flags            Flags bit mask
+ *
+ * Valid values for @a flags are:
+ * @li #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps
+ * @li #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps
+ * @li #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers
+ * @li #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 flags);
+
+/**
+ * Retrieve flags from a krb5_auth_context structure.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] flags           Flags bit mask
+ *
+ * Valid values for @a flags are:
+ * @li #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps
+ * @li #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps
+ * @li #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers
+ * @li #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context,
+                       krb5_int32 *flags);
+
+/**
+ * Set a checksum callback in an auth context.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] func             Checksum callback
+ * @param [in] data             Callback argument
+ *
+ * Set a callback to obtain checksum data in krb5_mk_req().  The callback will
+ * be invoked after the subkey and local sequence number are stored in @a
+ * auth_context.
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_checksum_func( krb5_context context,
+                                 krb5_auth_context  auth_context,
+                                 krb5_mk_req_checksum_func func,
+                                 void *data);
+
+/**
+ * Get the checksum callback from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] func            Checksum callback
+ * @param [out] data            Callback argument
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_get_checksum_func( krb5_context context,
+                                 krb5_auth_context auth_context,
+                                 krb5_mk_req_checksum_func *func,
+                                 void **data);
+
+/**
+ * Set the local and remote addresses in an auth context.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] local_addr       Local address
+ * @param [in] remote_addr      Remote address
+ *
+ * This function releases the storage assigned to the contents of the local and
+ * remote addresses of @a auth_context and then sets them to @a local_addr and
+ * @a remote_addr respectively.
+ *
+ * @sa krb5_auth_con_genaddrs()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV_WRONG
+krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context,
+                       krb5_address *local_addr, krb5_address *remote_addr);
+
+/**
+ * Retrieve address fields from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] local_addr      Local address (NULL if not needed)
+ * @param [out] remote_addr     Remote address (NULL if not needed)
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context,
+                       krb5_address **local_addr, krb5_address **remote_addr);
+
+/**
+ * Set local and remote port fields in an auth context.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] local_port       Local port
+ * @param [in] remote_port      Remote port
+ *
+ * This function releases the storage assigned to the contents of the local and
+ * remote ports of @a auth_context and then sets them to @a local_port and @a
+ * remote_port respectively.
+ *
+ * @sa krb5_auth_con_genaddrs()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context,
+                       krb5_address *local_port, krb5_address *remote_port);
+
+/**
+ * Set the session key in an auth context.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] keyblock         User key
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context,
+                             krb5_keyblock *keyblock);
+
+/**
+ * Retrieve the session key from an auth context as a keyblock.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] keyblock        Session key
+ *
+ * This function creates a keyblock containing the session key from @a
+ * auth_context.  Use krb5_free_keyblock() to free @a keyblock when it is no
+ * longer needed
+ *
+ * @retval 0 Success. Otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context,
+                     krb5_keyblock **keyblock);
+
+/**
+ * Retrieve the session key from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] key             Session key
+ *
+ * This function sets @a key to the session key from @a auth_context.  Use
+ * krb5_k_free_key() to release @a key when it is no longer needed.
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey_k(krb5_context context, krb5_auth_context auth_context,
+                       krb5_key *key);
+
+/**
+ * Retrieve the send subkey from an auth context as a keyblock.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  ac              Authentication context
+ * @param [out] keyblock        Send subkey
+ *
+ * This function creates a keyblock containing the send subkey from @a
+ * auth_context.  Use krb5_free_keyblock() to free @a keyblock when it is no
+ * longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock);
+
+/**
+ * Retrieve the send subkey from an auth context.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  ac              Authentication context
+ * @param [out] key             Send subkey
+ *
+ * This function sets @a key to the send subkey from @a auth_context.  Use
+ * krb5_k_free_key() to release @a key when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key *key);
+
+/**
+ * Retrieve the receiving subkey from an auth context as a keyblock.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  ac              Authentication context
+ * @param [out] keyblock        Receiving subkey
+ *
+ * This function creates a keyblock containing the receiving subkey from @a
+ * auth_context.  Use krb5_free_keyblock() to free @a keyblock when it is no
+ * longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock);
+
+/**
+ * Retrieve the receiving subkey from an auth context as a keyblock.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  ac              Authentication context
+ * @param [out] key             Receiving subkey
+ *
+ * This function sets @a key to the receiving subkey from @a auth_context.  Use
+ * krb5_k_free_key() to release @a key when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key *key);
+
+/**
+ * Set the send subkey in an auth context with a keyblock.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] ac               Authentication context
+ * @param [in] keyblock         Send subkey
+ *
+ * This function sets the send subkey in @a ac to a copy of @a keyblock.
+ *
+ * @retval 0 Success. Otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac,
+                            krb5_keyblock *keyblock);
+
+/**
+ * Set the send subkey in an auth context.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  ac              Authentication context
+ * @param [out] key             Send subkey
+ *
+ * This function sets the send subkey in @a ac to @a key, incrementing its
+ * reference count.
+ *
+ * @version New in 1.9
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key);
+
+/**
+ * Set the receiving subkey in an auth context with a keyblock.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] ac               Authentication context
+ * @param [in] keyblock         Receiving subkey
+ *
+ * This function sets the receiving subkey in @a ac to a copy of @a keyblock.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac,
+                            krb5_keyblock *keyblock);
+
+/**
+ * Set the receiving subkey in an auth context.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] ac               Authentication context
+ * @param [in] key              Receiving subkey
+ *
+ * This function sets the receiving subkey in @a ac to @a key, incrementing its
+ * reference count.
+ *
+ * @version New in 1.9
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key key);
+
+#if KRB5_DEPRECATED
+/** @deprecated Replaced by krb5_auth_con_getsendsubkey(). */
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context,
+                             krb5_keyblock **keyblock);
+
+/** @deprecated Replaced by krb5_auth_con_getrecvsubkey(). */
+KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context,
+                              krb5_keyblock **keyblock);
+#endif
+
+/**
+ * Retrieve the local sequence number from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] seqnumber       Local sequence number
+ *
+ * Retrieve the local sequence number from @a auth_context and return it in @a
+ * seqnumber.  The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in @a
+ * auth_context for this function to be useful.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context,
+                                krb5_int32 *seqnumber);
+
+/**
+ * Retrieve the remote sequence number from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] seqnumber       Remote sequence number
+ *
+ * Retrieve the remote sequence number from @a auth_context and return it in @a
+ * seqnumber.  The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in @a
+ * auth_context for this function to be useful.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context,
+                                 krb5_int32 *seqnumber);
+
+/**
+ * Cause an auth context to use cipher state.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ *
+ * Prepare @a auth_context to use cipher state when krb5_mk_priv() or
+ * krb5_rd_priv() encrypt or decrypt data.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context);
+
+/**
+ * Set the replay cache in an auth context.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] rcache           Replay cache haddle
+ *
+ * This function sets the replay cache in @a auth_context to @a rcache.  @a
+ * rcache will be closed when @a auth_context is freed, so the caller should
+ * relinquish that responsibility.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context,
+                        krb5_rcache rcache);
+
+/**
+ * Retrieve the replay cache from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] rcache          Replay cache handle
+ *
+ * This function fetches the replay cache from @a auth_context.  The caller
+ * should not close @a rcache.
+ *
+ * @retval 0 (always)
+ */
+krb5_error_code KRB5_CALLCONV_WRONG
+krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context,
+                        krb5_rcache *rcache);
+
+/**
+ * Retrieve the authenticator from an auth context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  auth_context    Authentication context
+ * @param [out] authenticator   Authenticator
+ *
+ * Use krb5_free_authenticator() to free @a authenticator when it is no longer
+ * needed.
+ *
+ * @retval 0 Success. Otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context,
+                               krb5_authenticator **authenticator);
+
+/**
+ * Set checksum type in an an auth context.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] cksumtype        Checksum type
+ *
+ * This function sets the checksum type in @a auth_context to be used by
+ * krb5_mk_req() for the authenticator checksum.
+ *
+ * @retval 0 Success. Otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_req_cksumtype(krb5_context context, krb5_auth_context auth_context,
+                                krb5_cksumtype cksumtype);
+
+#define KRB5_REALM_BRANCH_CHAR '.'
+
+/*
+ * end "func-proto.h"
+ */
+
+/*
+ * begin stuff from libos.h
+ */
+
+/**
+ * @brief Read a password from keyboard input.
+ *
+ * @param [in]     context      Library context
+ * @param [in]     prompt       First user prompt when reading password
+ * @param [in]     prompt2      Second user prompt (NULL to prompt only once)
+ * @param [out]    return_pwd   Returned password
+ * @param [in,out] size_return  On input, maximum size of password; on output,
+ *                              size of password read
+ *
+ * This function reads a password from keyboard input and stores it in @a
+ * return_pwd.  @a size_return should be set by the caller to the amount of
+ * storage space available in @a return_pwd; on successful return, it will be
+ * set to the length of the password read.
+ *
+ * @a prompt is printed to the terminal, followed by ": ", and then a password
+ * is read from the keyboard.
+ *
+ * If @a prompt2 is NULL, the password is read only once.  Otherwise, @a
+ * prompt2 is printed to the terminal and a second password is read.  If the
+ * two passwords entered are not identical, KRB5_LIBOS_BADPWDMATCH is returned.
+ *
+ * Echoing is turned off when the password is read.
+ *
+ * @retval
+ *  0   Success
+ * @return
+ * Error in reading or verifying the password
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_read_password(krb5_context context,
+                   const char *prompt, const char *prompt2,
+                   char *return_pwd, unsigned int *size_return);
+
+/**
+ * Convert a principal name to a local name.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  aname           Principal name
+ * @param [in]  lnsize_in       Space available in @a lname
+ * @param [out] lname           Local name buffer to be filled in
+ *
+ * If @a aname does not correspond to any local account, KRB5_LNAME_NOTRANS is
+ * returned.  If @a lnsize_in is too small for the local name,
+ * KRB5_CONFIG_NOTENUFSPACE is returned.
+ *
+ * Local names, rather than principal names, can be used by programs that
+ * translate to an environment-specific name (for example, a user account
+ * name).
+ *
+ * @retval
+ * 0  Success
+ * @retval
+ *  System errors
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_aname_to_localname(krb5_context context, krb5_const_principal aname,
+                        int lnsize_in, char *lname);
+
+/**
+ * Get the Kerberos realm names for a host.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  host            Host name (or NULL)
+ * @param [out] realmsp         Null-terminated list of realm names
+ *
+ * Fill in @a realmsp with a pointer to a null-terminated list of realm names.
+ * If there are no known realms for the host, a list containing the referral
+ * (empty) realm is returned.
+ *
+ * If @a host is NULL, the local host's realms are determined.
+ *
+ * Use krb5_free_host_realm() to release @a realmsp when it is no longer
+ * needed.
+ *
+ * @retval
+ *  0   Success
+ * @retval
+ *  ENOMEM  Insufficient memory
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp);
+
+/**
+ *
+ * @param [in] context           Library context
+ * @param [in] hdata             Host name (or NULL)
+ * @param [out] realmsp          Null-terminated list of realm names
+ *
+ * Fill in @a realmsp with a pointer to a null-terminated list of realm names
+ * obtained through heuristics or insecure resolution methods which have lower
+ * priority than KDC referrals.
+ *
+ * If @a host is NULL, the local host's realms are determined.
+ *
+ * Use krb5_free_host_realm() to release @a realmsp when it is no longer
+ * needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_fallback_host_realm(krb5_context context,
+                             krb5_data *hdata, char ***realmsp);
+
+/**
+ * Free the memory allocated by krb5_get_host_realm().
+ *
+ * @param [in] context          Library context
+ * @param [in] realmlist        List of realm names to be released
+ *
+ * @retval
+ * 0  Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_free_host_realm(krb5_context context, char *const *realmlist);
+
+/**
+ * Determine if a principal is authorized to log in as a local user.
+ *
+ * @param [in] context          Library context
+ * @param [in] principal        Principal name
+ * @param [in] luser            Local username
+ *
+ * Determine whether @a principal is authorized to log in as a local user @a
+ * luser.
+ *
+ * @retval
+ * TRUE Principal is authorized to log in as user; FALSE otherwise.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser);
+
+/**
+ * Generate auth context addresses from a connected socket.
+ *
+ * @param [in] context          Library context
+ * @param [in] auth_context     Authentication context
+ * @param [in] infd             Connected socket descriptor
+ * @param [in] flags            Flags
+ *
+ * This function sets the local and/or remote addresses in @a auth_context
+ * based on the local and remote endpoints of the socket @a infd.  The
+ * following flags determine the operations performed:
+ *
+ * @li #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR   Generate local address.
+ * @li #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR  Generate remote address.
+ * @li #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR  Generate local address and port.
+ * @li #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR Generate remote address and port.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context,
+                       int infd, int flags);
+
+/**
+ * Set time offset field in a krb5_context structure.
+ *
+ * @param [in] context          Library context
+ * @param [in] seconds          Real time, seconds portion
+ * @param [in] microseconds     Real time, microseconds portion
+ *
+ * This function sets the time offset in @a context to the difference between
+ * the system time and the real time as determined by @a seconds and @a
+ * microseconds.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_real_time(krb5_context context, krb5_timestamp seconds,
+                   krb5_int32 microseconds);
+
+/**
+ * Return the time offsets from the os context.
+ *
+ * @param [in]  context         Library context
+ * @param [out] seconds         Time offset, seconds portion
+ * @param [out] microseconds    Time offset, microseconds portion
+ *
+ * This function returns the time offsets in @a context.
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32 *microseconds);
+
+/* str_conv.c */
+/**
+ * Convert a string to an encryption type.
+ *
+ * @param [in]  string          String to convert to an encryption type
+ * @param [out] enctypep        Encryption type
+ *
+ * @retval 0  Success; otherwise - EINVAL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_enctype(char *string, krb5_enctype *enctypep);
+
+/**
+ * Convert a string to a salt type.
+ *
+ * @param [in]  string          String to convert to an encryption type
+ * @param [out] salttypep       Salt type to be filled in
+ *
+ * @retval 0  Success; otherwise - EINVAL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_salttype(char *string, krb5_int32 *salttypep);
+
+/**
+ * Convert a string to a checksum type.
+ *
+ * @param [in]  string          String to be converted
+ * @param [out] cksumtypep      Checksum type to be filled in
+ *
+ * @retval 0  Success; otherwise - EINVAL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep);
+
+/**
+ * Convert a string to a timestamp.
+ *
+ * @param [in]  string          String to be converted
+ * @param [out] timestampp      Pointer to timestamp
+ *
+ * @retval 0  Success; otherwise - EINVAL
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_timestamp(char *string, krb5_timestamp *timestampp);
+
+/**
+ * Convert a string to a delta time value.
+ *
+ * @param [in]  string          String to be converted
+ * @param [out] deltatp         Delta time to be filled in
+ *
+ * @retval 0  Success; otherwise - KRB5_DELTAT_BADFORMAT
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_deltat(char *string, krb5_deltat *deltatp);
+
+/**
+ * Convert an encryption type to a string.
+ *
+ * @param [in]  enctype         Encryption type
+ * @param [out] buffer          Buffer to hold encryption type string
+ * @param [in]  buflen          Storage available in @a buffer
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen);
+
+/**
+ * Convert an encryption type to a name or alias.
+ *
+ * @param [in]  enctype         Encryption type
+ * @param [in]  shortest        Flag
+ * @param [out] buffer          Buffer to hold encryption type string
+ * @param [in]  buflen          Storage available in @a buffer
+ *
+ * If @a shortest is FALSE, this function returns the enctype's canonical name
+ * (like "aes128-cts-hmac-sha1-96").  If @a shortest is TRUE, it return the
+ * enctype's shortest alias (like "aes128-cts").
+ *
+ * @version New in 1.9
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest,
+                     char *buffer, size_t buflen);
+
+/**
+ * Convert a salt type to a string.
+ *
+ * @param [in]  salttype        Salttype to convert
+ * @param [out] buffer          Buffer to receive the converted string
+ * @param [in]  buflen          Storage available in @a buffer
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen);
+
+/**
+ * Convert a checksum type to a string.
+ *
+ * @param [in]  cksumtype       Checksum type
+ * @param [out] buffer          Buffer to hold converted checksum type
+ * @param [in]  buflen          Storage available in @a buffer
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen);
+
+/**
+ * Convert a timestamp to a string.
+ *
+ * @param [in]  timestamp       Timestamp to convert
+ * @param [out] buffer          Buffer to hold converted timestamp
+ * @param [in]  buflen          Storage available in @a buffer
+ *
+ * The string is returned in the locale's appropriate date and time
+ * representation.
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen);
+
+/**
+ * Convert a timestamp to a string, with optional output padding
+ *
+ * @param [in]  timestamp       Timestamp to convert
+ * @param [out] buffer          Buffer to hold the converted timestamp
+ * @param [in]  buflen          Length of buffer
+ * @param [in]  pad             Optional value to pad @a buffer if converted
+ *                              timestamp does not fill it
+ *
+ * If @a pad is not NULL, @a buffer is padded out to @a buflen - 1 characters
+ * with the value of *@a pad.
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer,
+                           size_t buflen, char *pad);
+
+/**
+ * Convert a relative time value to a string.
+ *
+ * @param [in]  deltat          Relative time value to convert
+ * @param [out] buffer          Buffer to hold time string
+ * @param [in]  buflen          Storage available in @a buffer
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen);
+
+/* The name of the Kerberos ticket granting service... and its size */
+#define KRB5_TGS_NAME           "krbtgt"
+#define KRB5_TGS_NAME_SIZE      6
+
+/* flags for recvauth */
+#define KRB5_RECVAUTH_SKIP_VERSION      0x0001
+#define KRB5_RECVAUTH_BADAUTHVERS       0x0002
+/* initial ticket api functions */
+
+/** Text for prompt used in prompter callback function. */
+typedef struct _krb5_prompt {
+    char *prompt;      /**< The prompt to show to the user */
+    int hidden;        /**< Boolean; informative prompt or hidden (e.g. PIN) */
+    krb5_data *reply;  /**< Must be allocated before call to  prompt routine */
+} krb5_prompt;
+
+/** Pointer to a prompter callback function. */
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, void *data,
+                                   const char *name, const char *banner,
+                                   int num_prompts, krb5_prompt prompts[]);
+
+/**
+ * Prompt user for password.
+ *
+ * @param [in] context          Library context
+ * @param      data             Unused (callback argument)
+ * @param [in] name             Name to output during prompt
+ * @param [in] banner           Banner to output during prompt
+ * @param [in] num_prompts      Number of prompts in @a prompts
+ * @param [in] prompts          Array of prompts and replies
+ *
+ * This function is intended to be used as a prompter callback for
+ * krb5_get_init_creds_password() or krb5_init_creds_init().
+ *
+ * Writes @a name and @a banner to stdout, each followed by a newline, then
+ * writes each prompt field in the @a prompts array, followed by ": ", and sets
+ * the reply field of the entry to a line of input read from stdin.  If the
+ * hidden flag is set for a prompt, then terminal echoing is turned off when
+ * input is read.
+ *
+ * @retval
+ *  0   Success
+ * @return
+ * Kerberos error codes
+ *
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix(krb5_context context, void *data, const char *name,
+                    const char *banner, int num_prompts,
+                    krb5_prompt prompts[]);
+
+/**
+ * Long-term password responder question
+ *
+ * This question is asked when the long-term password is needed. It has no
+ * challenge and the response is simply the password string.
+ *
+ * @version New in 1.11
+ */
+#define KRB5_RESPONDER_QUESTION_PASSWORD "password"
+
+/**
+ * OTP responder question
+ *
+ * The OTP responder question is asked when the KDC indicates that an OTP
+ * value is required in order to complete the authentication.  The JSON format
+ * of the challenge is:
+ *
+ *     {
+ *       "service": <string (optional)>,
+ *       "tokenInfo": [
+ *         {
+ *           "flags":     <number>,
+ *           "vendor":    <string (optional)>,
+ *           "challenge": <string (optional)>,
+ *           "length":    <number (optional)>,
+ *           "format":    <number (optional)>,
+ *           "tokenID":   <string (optional)>,
+ *           "algID":     <string (optional)>,
+ *         },
+ *         ...
+ *       ]
+ *     }
+ *
+ * The answer to the question MUST be JSON formatted:
+ *
+ *     {
+ *       "tokeninfo": <number>,
+ *       "value":     <string (optional)>,
+ *       "pin":       <string (optional)>,
+ *     }
+ *
+ * For more detail, please see RFC 6560.
+ *
+ * @version New in 1.11
+ */
+#define KRB5_RESPONDER_QUESTION_OTP "otp"
+
+/**
+ * These format constants identify the format of the token value.
+ */
+#define KRB5_RESPONDER_OTP_FORMAT_DECIMAL 0
+#define KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL 1
+#define KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC 2
+
+/**
+ * This flag indicates that the token value MUST be collected.
+ */
+#define KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN 0x0001
+
+/**
+ * This flag indicates that the PIN value MUST be collected.
+ */
+#define KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN   0x0002
+
+/**
+ * This flag indicates that the token is now in re-synchronization mode with
+ * the server.  The user is expected to reply with the next code displayed on
+ * the token.
+ */
+#define KRB5_RESPONDER_OTP_FLAGS_NEXTOTP       0x0004
+
+/**
+ * This flag indicates that the PIN MUST be returned as a separate item. This
+ * flag only takes effect if KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN is set. If
+ * this flag is not set, the responder may either concatenate PIN + token value
+ * and store it as "value" in the answer or it may return them separately. If
+ * they are returned separately, they will be concatenated internally.
+ */
+#define KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN  0x0008
+
+/**
+ * PKINIT responder question
+ *
+ * The PKINIT responder question is asked when the client needs a password
+ * that's being used to protect key information, and is formatted as a JSON
+ * object.  A specific identity's flags value, if not zero, is the bitwise-OR
+ * of one or more of the KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_* flags defined
+ * below, and possibly other flags to be added later.  Any resemblance to
+ * similarly-named CKF_* values in the PKCS#11 API should not be depended on.
+ *
+ *     {
+ *         identity <string> : flags <number>,
+ *         ...
+ *     }
+ *
+ * The answer to the question MUST be JSON formatted:
+ *
+ *     {
+ *         identity <string> : password <string>,
+ *         ...
+ *     }
+ *
+ * @version New in 1.12
+ */
+#define KRB5_RESPONDER_QUESTION_PKINIT "pkinit"
+
+/**
+ * This flag indicates that an incorrect PIN was supplied at least once since
+ * the last time the correct PIN was supplied.
+ */
+#define KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW       (1 << 0)
+
+/**
+ * This flag indicates that supplying an incorrect PIN will cause the token to
+ * lock itself.
+ */
+#define KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY       (1 << 1)
+
+/**
+ * This flag indicates that the user PIN is locked, and you can't log in to the
+ * token with it.
+ */
+#define KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED          (1 << 2)
+
+/**
+ * A container for a set of preauthentication questions and answers
+ *
+ * A responder context is supplied by the krb5 authentication system to a
+ * krb5_responder_fn callback.  It contains a list of questions and can receive
+ * answers.  Questions contained in a responder context can be listed using
+ * krb5_responder_list_questions(), retrieved using
+ * krb5_responder_get_challenge(), or answered using
+ * krb5_responder_set_answer().  The form of a question's challenge and answer
+ * depend on the question name.
+ *
+ * @version New in 1.11
+ */
+typedef struct krb5_responder_context_st *krb5_responder_context;
+
+/**
+ * List the question names contained in the responder context.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ *
+ * Return a pointer to a null-terminated list of question names which are
+ * present in @a rctx.  The pointer is an alias, valid only as long as the
+ * lifetime of @a rctx, and should not be modified or freed by the caller.  A
+ * question's challenge can be retrieved using krb5_responder_get_challenge()
+ * and answered using krb5_responder_set_answer().
+ *
+ * @version New in 1.11
+ */
+const char * const * KRB5_CALLCONV
+krb5_responder_list_questions(krb5_context ctx, krb5_responder_context rctx);
+
+/**
+ * Retrieve the challenge data for a given question in the responder context.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ * @param [in] question         Question name
+ *
+ * Return a pointer to a C string containing the challenge for @a question
+ * within @a rctx, or NULL if the question is not present in @a rctx.  The
+ * structure of the question depends on the question name, but will always be
+ * printable UTF-8 text.  The returned pointer is an alias, valid only as long
+ * as the lifetime of @a rctx, and should not be modified or freed by the
+ * caller.
+ *
+ * @version New in 1.11
+ */
+const char * KRB5_CALLCONV
+krb5_responder_get_challenge(krb5_context ctx, krb5_responder_context rctx,
+                             const char *question);
+
+/**
+ * Answer a named question in the responder context.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ * @param [in] question         Question name
+ * @param [in] answer           The string to set (MUST be printable UTF-8)
+ *
+ * This function supplies an answer to @a question within @a rctx.  The
+ * appropriate form of the answer depends on the question name.
+ *
+ * @retval EINVAL @a question is not present within @a rctx
+ *
+ * @version New in 1.11
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_responder_set_answer(krb5_context ctx, krb5_responder_context rctx,
+                          const char *question, const char *answer);
+
+/**
+ * Responder function for an initial credential exchange.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] data             Callback data
+ * @param [in] rctx             Responder context
+ *
+ * A responder function is like a prompter function, but is used for handling
+ * questions and answers as potentially complex data types.  Client
+ * preauthentication modules will insert a set of named "questions" into
+ * the responder context.  Each question may optionally contain a challenge.
+ * This challenge is printable UTF-8, but may be an encoded value.  The
+ * precise encoding and contents of the challenge are specific to the question
+ * asked.  When the responder is called, it should answer all the questions it
+ * understands.  Like the challenge, the answer MUST be printable UTF-8, but
+ * may contain structured/encoded data formatted to the expected answer format
+ * of the question.
+ *
+ * If a required question is unanswered, the prompter may be called.
+ */
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5_responder_fn)(krb5_context ctx, void *data,
+                                   krb5_responder_context rctx);
+
+typedef struct _krb5_responder_otp_tokeninfo {
+    krb5_flags flags;
+    krb5_int32 format; /* -1 when not specified. */
+    krb5_int32 length; /* -1 when not specified. */
+    char *vendor;
+    char *challenge;
+    char *token_id;
+    char *alg_id;
+} krb5_responder_otp_tokeninfo;
+
+typedef struct _krb5_responder_otp_challenge {
+    char *service;
+    krb5_responder_otp_tokeninfo **tokeninfo;
+} krb5_responder_otp_challenge;
+
+/**
+ * Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct.
+ *
+ * A convenience function which parses the KRB5_RESPONDER_QUESTION_OTP
+ * question challenge data, making it available in native C.  The main feature
+ * of this function is the ability to interact with OTP tokens without parsing
+ * the JSON.
+ *
+ * The returned value must be passed to krb5_responder_otp_challenge_free() to
+ * be freed.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  rctx            Responder context
+ * @param [out] chl             Challenge structure
+ *
+ * @version New in 1.11
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_responder_otp_get_challenge(krb5_context ctx,
+                                 krb5_responder_context rctx,
+                                 krb5_responder_otp_challenge **chl);
+
+/**
+ * Answer the KRB5_RESPONDER_QUESTION_OTP question.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ * @param [in] ti               The index of the tokeninfo selected
+ * @param [in] value            The value to set, or NULL for none
+ * @param [in] pin              The pin to set, or NULL for none
+ *
+ * @version New in 1.11
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_responder_otp_set_answer(krb5_context ctx, krb5_responder_context rctx,
+                              size_t ti, const char *value, const char *pin);
+
+/**
+ * Free the value returned by krb5_responder_otp_get_challenge().
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ * @param [in] chl              The challenge to free
+ *
+ * @version New in 1.11
+ */
+void KRB5_CALLCONV
+krb5_responder_otp_challenge_free(krb5_context ctx,
+                                  krb5_responder_context rctx,
+                                  krb5_responder_otp_challenge *chl);
+
+typedef struct _krb5_responder_pkinit_identity {
+    char *identity;
+    krb5_int32 token_flags;     /* 0 when not specified or not applicable. */
+} krb5_responder_pkinit_identity;
+
+typedef struct _krb5_responder_pkinit_challenge {
+    krb5_responder_pkinit_identity **identities;
+} krb5_responder_pkinit_challenge;
+
+/**
+ * Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct.
+ *
+ * A convenience function which parses the KRB5_RESPONDER_QUESTION_PKINIT
+ * question challenge data, making it available in native C.  The main feature
+ * of this function is the ability to read the challenge without parsing
+ * the JSON.
+ *
+ * The returned value must be passed to krb5_responder_pkinit_challenge_free()
+ * to be freed.
+ *
+ * @param [in]  ctx             Library context
+ * @param [in]  rctx            Responder context
+ * @param [out] chl_out         Challenge structure
+ *
+ * @version New in 1.12
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_responder_pkinit_get_challenge(krb5_context ctx,
+                                    krb5_responder_context rctx,
+                                    krb5_responder_pkinit_challenge **chl_out);
+
+/**
+ * Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ * @param [in] identity         The identity for which a PIN is being supplied
+ * @param [in] pin              The provided PIN, or NULL for none
+ *
+ * @version New in 1.12
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_responder_pkinit_set_answer(krb5_context ctx, krb5_responder_context rctx,
+                                 const char *identity, const char *pin);
+
+/**
+ * Free the value returned by krb5_responder_pkinit_get_challenge().
+ *
+ * @param [in] ctx              Library context
+ * @param [in] rctx             Responder context
+ * @param [in] chl              The challenge to free
+ *
+ * @version New in 1.12
+ */
+void KRB5_CALLCONV
+krb5_responder_pkinit_challenge_free(krb5_context ctx,
+                                     krb5_responder_context rctx,
+                                     krb5_responder_pkinit_challenge *chl);
+
+/** Store options for @c _krb5_get_init_creds */
+typedef struct _krb5_get_init_creds_opt {
+    krb5_flags flags;
+    krb5_deltat tkt_life;
+    krb5_deltat renew_life;
+    int forwardable;
+    int proxiable;
+    krb5_enctype *etype_list;
+    int etype_list_length;
+    krb5_address **address_list;
+    krb5_preauthtype *preauth_list;
+    int preauth_list_length;
+    krb5_data *salt;
+} krb5_get_init_creds_opt;
+
+#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE        0x0001
+#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE      0x0002
+#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE     0x0004
+#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE       0x0008
+#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST      0x0010
+#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST    0x0020
+#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST    0x0040
+#define KRB5_GET_INIT_CREDS_OPT_SALT            0x0080
+#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT   0x0100
+#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE    0x0200
+#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS       0x0400
+
+
+/**
+ * Allocate a new initial credential options structure.
+ *
+ * @param [in]  context         Library context
+ * @param [out] opt             New options structure
+ *
+ * This function is the preferred way to create an options structure for
+ * getting initial credentials, and is required to make use of certain options.
+ * Use krb5_get_init_creds_opt_free() to free @a opt when it is no longer
+ * needed.
+ *
+ * @retval 0 - Success; Kerberos errors otherwise.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_alloc(krb5_context context,
+                              krb5_get_init_creds_opt **opt);
+
+/**
+ * Free initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options structure to free
+ *
+ * @sa krb5_get_init_creds_opt_alloc()
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_free(krb5_context context,
+                             krb5_get_init_creds_opt *opt);
+
+/** @deprecated Use krb5_get_init_creds_opt_alloc() instead. */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt);
+
+/**
+ * Set the ticket lifetime in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] tkt_life         Ticket lifetime
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
+                                     krb5_deltat tkt_life);
+
+/**
+ * Set the ticket renewal lifetime in initial credential options.
+ *
+ * @param [in] opt              Pointer to @a options field
+ * @param [in] renew_life       Ticket renewal lifetime
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
+                                       krb5_deltat renew_life);
+
+/**
+ * Set or unset the forwardable flag in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] forwardable      Whether credentials should be forwardable
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
+                                        int forwardable);
+
+/**
+ * Set or unset the proxiable flag in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] proxiable        Whether credentials should be proxiable
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
+                                      int proxiable);
+
+/**
+ * Set or unset the canonicalize flag in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] canonicalize     Whether to canonicalize client principal
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt,
+                                         int canonicalize);
+
+/**
+ * Set or unset the anonymous flag in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] anonymous        Whether to make an anonymous request
+ *
+ * This function may be used to request anonymous credentials from the KDC by
+ * setting @a anonymous to non-zero.  Note that anonymous credentials are only
+ * a request; clients must verify that credentials are anonymous if that is a
+ * requirement.
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
+                                      int anonymous);
+
+/**
+ * Set allowable encryption types in initial credential options.
+ *
+ * @param [in] opt               Options structure
+ * @param [in] etype_list        Array of encryption types
+ * @param [in] etype_list_length Length of @a etype_list
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt,
+                                       krb5_enctype *etype_list,
+                                       int etype_list_length);
+
+/**
+ * Set address restrictions in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] addresses        Null-terminated array of addresses
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
+                                         krb5_address **addresses);
+
+/**
+ * Set preauthentication types in initial credential options.
+ *
+ * @param [in] opt                 Options structure
+ * @param [in] preauth_list        Array of preauthentication types
+ * @param [in] preauth_list_length Length of @a preauth_list
+ *
+ * This function can be used to perform optimistic preauthentication when
+ * getting initial credentials, in combination with
+ * krb5_get_init_creds_opt_set_salt() and krb5_get_init_creds_opt_set_pa().
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+                                         krb5_preauthtype *preauth_list,
+                                         int preauth_list_length);
+
+/**
+ * Set salt for optimistic preauthentication in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] salt             Salt data
+ *
+ * When getting initial credentials with a password, a salt string it used to
+ * convert the password to a key.  Normally this salt is obtained from the
+ * first KDC reply, but when performing optimistic preauthentication, the
+ * client may need to supply the salt string with this function.
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
+                                 krb5_data *salt);
+
+/**
+ * Set or unset change-password-prompt flag in initial credential options.
+ *
+ * @param [in] opt              Options structure
+ * @param [in] prompt           Whether to prompt to change password
+ *
+ * This flag is on by default.  It controls whether
+ * krb5_get_init_creds_password() will react to an expired-password error by
+ * prompting for a new password and attempting to change the old one.
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt,
+                                                   int prompt);
+
+/** Generic preauth option attribute/value pairs */
+typedef struct _krb5_gic_opt_pa_data {
+    char *attr;
+    char *value;
+} krb5_gic_opt_pa_data;
+
+/**
+ * Supply options for preauthentication in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options structure
+ * @param [in] attr             Preauthentication option name
+ * @param [in] value            Preauthentication option value
+ *
+ * This function allows the caller to supply options for preauthentication.
+ * The values of @a attr and @a value are supplied to each preauthentication
+ * module available within @a context.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_pa(krb5_context context,
+                               krb5_get_init_creds_opt *opt, const char *attr,
+                               const char *value);
+
+/**
+ * Set location of FAST armor ccache in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options
+ * @param [in] fast_ccache_name Credential cache name
+ *
+ * Sets the location of a credential cache containing an armor ticket to
+ * protect an initial credential exchange using the FAST protocol extension.
+ *
+ * In version 1.7, setting an armor ccache requires that FAST be used for the
+ * exchange.  In version 1.8 or later, setting the armor ccache causes FAST to
+ * be used if the KDC supports it; krb5_get_init_creds_opt_set_fast_flags()
+ * must be used to require that FAST be used.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context,
+                                             krb5_get_init_creds_opt *opt,
+                                             const char *fast_ccache_name);
+
+/**
+ * Set FAST armor cache in initial credential options.
+ *
+ * @param [in] context           Library context
+ * @param [in] opt               Options
+ * @param [in] ccache            Credential cache handle
+ *
+ * This function is similar to krb5_get_init_creds_opt_set_fast_ccache_name(),
+ * but uses a credential cache handle instead of a name.
+ *
+ * @version New in 1.9
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_ccache(krb5_context context,
+                                        krb5_get_init_creds_opt *opt,
+                                        krb5_ccache ccache);
+
+/**
+ * Set an input credential cache in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options
+ * @param [in] ccache           Credential cache handle
+ *
+ * If an input credential cache is set, then the krb5_get_init_creds family of
+ * APIs will read settings from it.  Setting an input ccache is desirable when
+ * the application wishes to perform authentication in the same way (using the
+ * same preauthentication mechanisms, and making the same non-security-
+ * sensitive choices) as the previous authentication attempt, which stored
+ * information in the passed-in ccache.
+ *
+ * @version New in 1.11
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_in_ccache(krb5_context context,
+                                      krb5_get_init_creds_opt *opt,
+                                      krb5_ccache ccache);
+
+/**
+ * Set an output credential cache in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options
+ * @param [in] ccache           Credential cache handle
+ *
+ * If an output credential cache is set, then the krb5_get_init_creds family of
+ * APIs will write credentials to it.  Setting an output ccache is desirable
+ * both because it simplifies calling code and because it permits the
+ * krb5_get_init_creds APIs to write out configuration information about the
+ * realm to the ccache.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_out_ccache(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_ccache ccache);
+
+/**
+ * @brief Ask the KDC to include or not include a PAC in the ticket
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options structure
+ * @param [in] req_pac          Whether to request a PAC or not
+ *
+ * If this option is set, the AS request will include a PAC-REQUEST pa-data
+ * item explicitly asking the KDC to either include or not include a privilege
+ * attribute certificate in the ticket authorization data.  By default, no
+ * request is made; typically the KDC will default to including a PAC if it
+ * supports them.
+ *
+ * @version New in 1.15
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_pac_request(krb5_context context,
+                                        krb5_get_init_creds_opt *opt,
+                                        krb5_boolean req_pac);
+
+/**
+ * Set FAST flags in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options
+ * @param [in] flags            FAST flags
+ *
+ * The following flag values are valid:
+ * @li #KRB5_FAST_REQUIRED - Require FAST to be used
+ *
+ * @retval
+ * 0 - Success; Kerberos errors otherwise.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags flags);
+
+/**
+ * Retrieve FAST flags from initial credential options.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  opt             Options
+ * @param [out] out_flags       FAST flags
+ *
+ * @retval
+ * 0 - Success; Kerberos errors otherwise.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags *out_flags);
+
+/* Fast flags*/
+#define KRB5_FAST_REQUIRED 0x0001 /**< Require KDC to support FAST*/
+
+typedef void
+(KRB5_CALLCONV *krb5_expire_callback_func)(krb5_context context, void *data,
+                                           krb5_timestamp password_expiration,
+                                           krb5_timestamp account_expiration,
+                                           krb5_boolean is_last_req);
+
+/**
+ * Set an expiration callback in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options structure
+ * @param [in] cb               Callback function
+ * @param [in] data             Callback argument
+ *
+ * Set a callback to receive password and account expiration times.
+ *
+ * @a cb will be invoked if and only if credentials are successfully acquired.
+ * The callback will receive the @a context from the calling function and the
+ * @a data argument supplied with this API.  The remaining arguments should be
+ * interpreted as follows:
+ *
+ * If @a is_last_req is true, then the KDC reply contained last-req entries
+ * which unambiguously indicated the password expiration, account expiration,
+ * or both.  (If either value was not present, the corresponding argument will
+ * be 0.)  Furthermore, a non-zero @a password_expiration should be taken as a
+ * suggestion from the KDC that a warning be displayed.
+ *
+ * If @a is_last_req is false, then @a account_expiration will be 0 and @a
+ * password_expiration will contain the expiration time of either the password
+ * or account, or 0 if no expiration time was indicated in the KDC reply.  The
+ * callback should independently decide whether to display a password
+ * expiration warning.
+ *
+ * Note that @a cb may be invoked even if credentials are being acquired for
+ * the kadmin/changepw service in order to change the password.  It is the
+ * caller's responsibility to avoid displaying a password expiry warning in
+ * this case.
+ *
+ * @warning Setting an expire callback with this API will cause
+ * krb5_get_init_creds_password() not to send password expiry warnings to the
+ * prompter, as it ordinarily may.
+ *
+ * @version New in 1.9
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_expire_callback(krb5_context context,
+                                            krb5_get_init_creds_opt *opt,
+                                            krb5_expire_callback_func cb,
+                                            void *data);
+
+/**
+ * Set the responder function in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options structure
+ * @param [in] responder        Responder function
+ * @param [in] data             Responder data argument
+ *
+ * @version New in 1.11
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_responder(krb5_context context,
+                                      krb5_get_init_creds_opt *opt,
+                                      krb5_responder_fn responder, void *data);
+
+/**
+ * Get initial credentials using a password.
+ *
+ * @param [in]  context         Library context
+ * @param [out] creds           New credentials
+ * @param [in]  client          Client principal
+ * @param [in]  password        Password (or NULL)
+ * @param [in]  prompter        Prompter function
+ * @param [in]  data            Prompter callback data
+ * @param [in]  start_time      Time when ticket becomes valid (0 for now)
+ * @param [in]  in_tkt_service  Service name of initial credentials (or NULL)
+ * @param [in]  k5_gic_options  Initial credential options
+ *
+ * This function requests KDC for an initial credentials for @a client using @a
+ * password.  If @a password is NULL, a password will be prompted for using @a
+ * prompter if necessary.  If @a in_tkt_service is specified, it is parsed as a
+ * principal name (with the realm ignored) and used as the service principal
+ * for the request; otherwise the ticket-granting service is used.
+ *
+ * @sa krb5_verify_init_creds()
+ *
+ * @retval
+ *  0    Success
+ * @retval
+ *  EINVAL Invalid argument
+ * @retval
+ *  KRB5_KDC_UNREACH Cannot contact any KDC for requested realm
+ * @retval
+ *  KRB5_PREAUTH_FAILED Generic Pre-athentication failure
+ * @retval
+ *  KRB5_LIBOS_PWDINTR Password read interrupted
+ * @retval
+ *  KRB5_REALM_CANT_RESOLVE Cannot resolve network address for KDC in requested realm
+ * @retval
+ *  KRB5KDC_ERR_KEY_EXP Password has expired
+ * @retval
+ *  KRB5_LIBOS_BADPWDMATCH Password mismatch
+ * @retval
+ *  KRB5_CHPW_PWDNULL New password cannot be zero length
+ * @retval
+ *  KRB5_CHPW_FAIL Password change failed
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_password(krb5_context context, krb5_creds *creds,
+                             krb5_principal client, const char *password,
+                             krb5_prompter_fct prompter, void *data,
+                             krb5_deltat start_time,
+                             const char *in_tkt_service,
+                             krb5_get_init_creds_opt *k5_gic_options);
+
+/**
+ * Retrieve enctype, salt and s2kparams from KDC
+ *
+ * @param [in]  context         Library context
+ * @param [in]  principal       Principal whose information is requested
+ * @param [in]  opt             Initial credential options
+ * @param [out] enctype_out     The enctype chosen by KDC
+ * @param [out] salt_out        Salt returned from KDC
+ * @param [out] s2kparams_out   String-to-key parameters returned from KDC
+ *
+ * Send an initial ticket request for @a principal and extract the encryption
+ * type, salt type, and string-to-key parameters from the KDC response.  If the
+ * KDC provides no etype-info, set @a enctype_out to @c ENCTYPE_NULL and set @a
+ * salt_out and @a s2kparams_out to empty.  If the KDC etype-info provides no
+ * salt, compute the default salt and place it in @a salt_out.  If the KDC
+ * etype-info provides no string-to-key parameters, set @a s2kparams_out to
+ * empty.
+ *
+ * @a opt may be used to specify options which affect the initial request, such
+ * as request encryption types or a FAST armor cache (see
+ * krb5_get_init_creds_opt_set_etype_list() and
+ * krb5_get_init_creds_opt_set_fast_ccache_name()).
+ *
+ * Use krb5_free_data_contents() to free @a salt_out and @a s2kparams_out when
+ * they are no longer needed.
+ *
+ * @version New in 1.17
+ *
+ * @retval 0 Success
+ * @return A Kerberos error code
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_etype_info(krb5_context context, krb5_principal principal,
+                    krb5_get_init_creds_opt *opt, krb5_enctype *enctype_out,
+                    krb5_data *salt_out, krb5_data *s2kparams_out);
+
+struct _krb5_init_creds_context;
+typedef struct _krb5_init_creds_context *krb5_init_creds_context;
+
+#define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x1  /**< More responses needed */
+
+/**
+ * Free an initial credentials context.
+ *
+ * @param [in] context          Library context
+ * @param [in] ctx              Initial credentials context
+ *
+ * @a context must be the same as the one passed to krb5_init_creds_init() for
+ * this initial credentials context.
+ */
+void KRB5_CALLCONV
+krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx);
+
+/**
+ * Acquire credentials using an initial credentials context.
+ *
+ * @param [in] context          Library context
+ * @param [in] ctx              Initial credentials context
+ *
+ * This function synchronously obtains credentials using a context created by
+ * krb5_init_creds_init().  On successful return, the credentials can be
+ * retrieved with krb5_init_creds_get_creds().
+ *
+ * @a context must be the same as the one passed to krb5_init_creds_init() for
+ * this initial credentials context.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx);
+
+/**
+ * Retrieve acquired credentials from an initial credentials context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ctx             Initial credentials context
+ * @param [out] creds           Acquired credentials
+ *
+ * This function copies the acquired initial credentials from @a ctx into @a
+ * creds, after the successful completion of krb5_init_creds_get() or
+ * krb5_init_creds_step().  Use krb5_free_cred_contents() to free @a creds when
+ * it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx,
+                          krb5_creds *creds);
+
+/**
+ * Get the last error from KDC from an initial credentials context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ctx             Initial credentials context
+ * @param [out] error           Error from KDC, or NULL if none was received
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx,
+                          krb5_error **error);
+
+/**
+ * Create a context for acquiring initial credentials.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  client          Client principal to get initial creds for
+ * @param [in]  prompter        Prompter callback
+ * @param [in]  data            Prompter callback argument
+ * @param [in]  start_time      Time when credentials become valid (0 for now)
+ * @param [in]  options         Options structure (NULL for default)
+ * @param [out] ctx             New initial credentials context
+ *
+ * This function creates a new context for acquiring initial credentials.  Use
+ * krb5_init_creds_free() to free @a ctx when it is no longer needed.
+ *
+ * Any subsequent calls to krb5_init_creds_step(), krb5_init_creds_get(), or
+ * krb5_init_creds_free() for this initial credentials context must use the
+ * same @a context argument as the one passed to this function.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_init(krb5_context context, krb5_principal client,
+                     krb5_prompter_fct prompter, void *data,
+                     krb5_deltat start_time, krb5_get_init_creds_opt *options,
+                     krb5_init_creds_context *ctx);
+
+/**
+ * Specify a keytab to use for acquiring initial credentials.
+ *
+ * @param [in] context          Library context
+ * @param [in] ctx              Initial credentials context
+ * @param [in] keytab           Key table handle
+ *
+ * This function supplies a keytab containing the client key for an initial
+ * credentials request.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx,
+                           krb5_keytab keytab);
+
+/**
+ * Get the next KDC request for acquiring initial credentials.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ctx             Initial credentials context
+ * @param [in]  in              KDC response (empty on the first call)
+ * @param [out] out             Next KDC request
+ * @param [out] realm           Realm for next KDC request
+ * @param [out] flags           Output flags
+ *
+ * This function constructs the next KDC request in an initial credential
+ * exchange, allowing the caller to control the transport of KDC requests and
+ * replies.  On the first call, @a in should be set to an empty buffer; on
+ * subsequent calls, it should be set to the KDC's reply to the previous
+ * request.
+ *
+ * If more requests are needed, @a flags will be set to
+ * #KRB5_INIT_CREDS_STEP_FLAG_CONTINUE and the next request will be placed in
+ * @a out.  If no more requests are needed, @a flags will not contain
+ * #KRB5_INIT_CREDS_STEP_FLAG_CONTINUE and @a out will be empty.
+ *
+ * If this function returns @c KRB5KRB_ERR_RESPONSE_TOO_BIG, the caller should
+ * transmit the next request using TCP rather than UDP.  If this function
+ * returns any other error, the initial credential exchange has failed.
+ *
+ * @a context must be the same as the one passed to krb5_init_creds_init() for
+ * this initial credentials context.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx,
+                     krb5_data *in, krb5_data *out, krb5_data *realm,
+                     unsigned int *flags);
+
+/**
+ * Set a password for acquiring initial credentials.
+ *
+ * @param [in] context          Library context
+ * @param [in] ctx              Initial credentials context
+ * @param [in] password         Password
+ *
+ * This function supplies a password to be used to construct the client key for
+ * an initial credentials request.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx,
+                             const char *password);
+
+/**
+ * Specify a service principal for acquiring initial credentials.
+ *
+ * @param [in] context          Library context
+ * @param [in] ctx              Initial credentials context
+ * @param [in] service          Service principal string
+ *
+ * This function supplies a service principal string to acquire initial
+ * credentials for instead of the default krbtgt service.  @a service is parsed
+ * as a principal name; any realm part is ignored.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx,
+                            const char *service);
+
+/**
+ * Retrieve ticket times from an initial credentials context.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ctx             Initial credentials context
+ * @param [out] times           Ticket times for acquired credentials
+ *
+ * The initial credentials context must have completed obtaining credentials
+ * via either krb5_init_creds_get() or krb5_init_creds_step().
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_times(krb5_context context, krb5_init_creds_context ctx,
+                          krb5_ticket_times *times);
+
+struct _krb5_tkt_creds_context;
+typedef struct _krb5_tkt_creds_context *krb5_tkt_creds_context;
+
+/**
+ * Create a context to get credentials from a KDC's Ticket Granting Service.
+ *
+ * @param[in]  context          Library context
+ * @param[in]  ccache           Credential cache handle
+ * @param[in]  creds            Input credentials
+ * @param[in]  options          Options (see KRB5_GC macros)
+ * @param[out] ctx              New TGS request context
+ *
+ * This function prepares to obtain credentials matching @a creds, either by
+ * retrieving them from @a ccache or by making requests to ticket-granting
+ * services beginning with a ticket-granting ticket for the client principal's
+ * realm.
+ *
+ * The resulting TGS acquisition context can be used asynchronously with
+ * krb5_tkt_creds_step() or synchronously with krb5_tkt_creds_get().  See also
+ * krb5_get_credentials() for synchronous use.
+ *
+ * Use krb5_tkt_creds_free() to free @a ctx when it is no longer needed.
+ *
+ * @version New in 1.9
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache,
+                    krb5_creds *creds, krb5_flags options,
+                    krb5_tkt_creds_context *ctx);
+
+/**
+ * Synchronously obtain credentials using a TGS request context.
+ *
+ * @param[in] context           Library context
+ * @param[in] ctx               TGS request context
+ *
+ * This function synchronously obtains credentials using a context created by
+ * krb5_tkt_creds_init().  On successful return, the credentials can be
+ * retrieved with krb5_tkt_creds_get_creds().
+ *
+ * @version New in 1.9
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx);
+
+/**
+ * Retrieve acquired credentials from a TGS request context.
+ *
+ * @param[in]  context          Library context
+ * @param[in]  ctx              TGS request context
+ * @param[out] creds            Acquired credentials
+ *
+ * This function copies the acquired initial credentials from @a ctx into @a
+ * creds, after the successful completion of krb5_tkt_creds_get() or
+ * krb5_tkt_creds_step().  Use krb5_free_cred_contents() to free @a creds when
+ * it is no longer needed.
+ *
+ * @version New in 1.9
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx,
+                         krb5_creds *creds);
+
+/**
+ * Free a TGS request context.
+ *
+ * @param[in]  context  Library context
+ * @param[in]  ctx      TGS request context
+ *
+ * @version New in 1.9
+ */
+void KRB5_CALLCONV
+krb5_tkt_creds_free(krb5_context context, krb5_tkt_creds_context ctx);
+
+#define KRB5_TKT_CREDS_STEP_FLAG_CONTINUE 0x1  /**< More responses needed */
+
+/**
+ * Get the next KDC request in a TGS exchange.
+ *
+ * @param[in]  context          Library context
+ * @param[in]  ctx              TGS request context
+ * @param[in]  in               KDC response (empty on the first call)
+ * @param[out] out              Next KDC request
+ * @param[out] realm            Realm for next KDC request
+ * @param[out] flags            Output flags
+ *
+ * This function constructs the next KDC request for a TGS exchange, allowing
+ * the caller to control the transport of KDC requests and replies.  On the
+ * first call, @a in should be set to an empty buffer; on subsequent calls, it
+ * should be set to the KDC's reply to the previous request.
+ *
+ * If more requests are needed, @a flags will be set to
+ * #KRB5_TKT_CREDS_STEP_FLAG_CONTINUE and the next request will be placed in @a
+ * out.  If no more requests are needed, @a flags will not contain
+ * #KRB5_TKT_CREDS_STEP_FLAG_CONTINUE and @a out will be empty.
+ *
+ * If this function returns @c KRB5KRB_ERR_RESPONSE_TOO_BIG, the caller should
+ * transmit the next request using TCP rather than UDP.  If this function
+ * returns any other error, the TGS exchange has failed.
+ *
+ * @version New in 1.9
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_step(krb5_context context, krb5_tkt_creds_context ctx,
+                    krb5_data *in, krb5_data *out, krb5_data *realm,
+                    unsigned int *flags);
+
+/**
+ * Retrieve ticket times from a TGS request context.
+ *
+ * @param[in]  context          Library context
+ * @param[in]  ctx              TGS request context
+ * @param[out] times            Ticket times for acquired credentials
+ *
+ * The TGS request context must have completed obtaining credentials via either
+ * krb5_tkt_creds_get() or krb5_tkt_creds_step().
+ *
+ * @version New in 1.9
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_get_times(krb5_context context, krb5_tkt_creds_context ctx,
+                         krb5_ticket_times *times);
+
+/**
+ * Get initial credentials using a key table.
+ *
+ * @param [in]  context         Library context
+ * @param [out] creds           New credentials
+ * @param [in]  client          Client principal
+ * @param [in]  arg_keytab      Key table handle
+ * @param [in]  start_time      Time when ticket becomes valid (0 for now)
+ * @param [in]  in_tkt_service  Service name of initial credentials (or NULL)
+ * @param [in]  k5_gic_options  Initial credential options
+ *
+ * This function requests KDC for an initial credentials for @a client using a
+ * client key stored in @a arg_keytab.  If @a in_tkt_service is specified, it
+ * is parsed as a principal name (with the realm ignored) and used as the
+ * service principal for the request; otherwise the ticket-granting service is
+ * used.
+ *
+ * @sa krb5_verify_init_creds()
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds,
+                           krb5_principal client, krb5_keytab arg_keytab,
+                           krb5_deltat start_time, const char *in_tkt_service,
+                           krb5_get_init_creds_opt *k5_gic_options);
+
+typedef struct _krb5_verify_init_creds_opt {
+    krb5_flags flags;
+    int ap_req_nofail; /**< boolean */
+} krb5_verify_init_creds_opt;
+
+#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL        0x0001
+
+/**
+ * Initialize a credential verification options structure.
+ *
+ * @param [in] k5_vic_options   Verification options structure
+ */
+void KRB5_CALLCONV
+krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *k5_vic_options);
+
+/**
+ * Set whether credential verification is required.
+ *
+ * @param [in] k5_vic_options   Verification options structure
+ * @param [in] ap_req_nofail    Whether to require successful verification
+ *
+ * This function determines how krb5_verify_init_creds() behaves if no keytab
+ * information is available.  If @a ap_req_nofail is @c FALSE, verification
+ * will be skipped in this case and krb5_verify_init_creds() will return
+ * successfully.  If @a ap_req_nofail is @c TRUE, krb5_verify_init_creds() will
+ * not return successfully unless verification can be performed.
+ *
+ * If this function is not used, the behavior of krb5_verify_init_creds() is
+ * determined through configuration.
+ */
+void KRB5_CALLCONV
+krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt * k5_vic_options,
+                                             int ap_req_nofail);
+
+/**
+ * Verify initial credentials against a keytab.
+ *
+ * @param [in] context          Library context
+ * @param [in] creds            Initial credentials to be verified
+ * @param [in] server           Server principal (or NULL)
+ * @param [in] keytab           Key table (NULL to use default keytab)
+ * @param [in] ccache           Credential cache for fetched creds (or NULL)
+ * @param [in] options          Verification options (NULL for default options)
+ *
+ * This function attempts to verify that @a creds were obtained from a KDC with
+ * knowledge of a key in @a keytab, or the default keytab if @a keytab is NULL.
+ * If @a server is provided, the highest-kvno key entry for that principal name
+ * is used to verify the credentials; otherwise, all unique "host" service
+ * principals in the keytab are tried.
+ *
+ * If the specified keytab does not exist, or is empty, or cannot be read, or
+ * does not contain an entry for @a server, then credential verification may be
+ * skipped unless configuration demands that it succeed.  The caller can
+ * control this behavior by providing a verification options structure; see
+ * krb5_verify_init_creds_opt_init() and
+ * krb5_verify_init_creds_opt_set_ap_req_nofail().
+ *
+ * If @a ccache is NULL, any additional credentials fetched during the
+ * verification process will be destroyed.  If @a ccache points to NULL, a
+ * memory ccache will be created for the additional credentials and returned in
+ * @a ccache.  If @a ccache points to a valid credential cache handle, the
+ * additional credentials will be stored in that cache.
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_verify_init_creds(krb5_context context, krb5_creds *creds,
+                       krb5_principal server, krb5_keytab keytab,
+                       krb5_ccache *ccache,
+                       krb5_verify_init_creds_opt *options);
+
+/**
+ * Get validated credentials from the KDC.
+ *
+ * @param [in]  context         Library context
+ * @param [out] creds           Validated credentials
+ * @param [in]  client          Client principal name
+ * @param [in]  ccache          Credential cache
+ * @param [in]  in_tkt_service  Server principal string (or NULL)
+ *
+ * This function gets a validated credential using a postdated credential from
+ * @a ccache.  If @a in_tkt_service is specified, it is parsed (with the realm
+ * part ignored) and used as the server principal of the credential;
+ * otherwise, the ticket-granting service is used.
+ *
+ * If successful, the validated credential is placed in @a creds.
+ *
+ * @sa krb5_get_renewed_creds()
+ *
+ * @retval
+ * 0 Success
+ * @retval
+ * KRB5_NO_2ND_TKT Request missing second ticket
+ * @retval
+ * KRB5_NO_TKT_SUPPLIED Request did not supply a ticket
+ * @retval
+ * KRB5_PRINC_NOMATCH Requested principal and ticket do not match
+ * @retval
+ * KRB5_KDCREP_MODIFIED KDC reply did not match expectations
+ * @retval
+ * KRB5_KDCREP_SKEW Clock skew too great in KDC reply
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_validated_creds(krb5_context context, krb5_creds *creds,
+                         krb5_principal client, krb5_ccache ccache,
+                         const char *in_tkt_service);
+
+/**
+ * Get renewed credential from KDC using an existing credential.
+ *
+ * @param [in]  context         Library context
+ * @param [out] creds           Renewed credentials
+ * @param [in]  client          Client principal name
+ * @param [in]  ccache          Credential cache
+ * @param [in]  in_tkt_service  Server principal string (or NULL)
+ *
+ * This function gets a renewed credential using an existing one from @a
+ * ccache.  If @a in_tkt_service is specified, it is parsed (with the realm
+ * part ignored) and used as the server principal of the credential; otherwise,
+ * the ticket-granting service is used.
+ *
+ * If successful, the renewed credential is placed in @a creds.
+ *
+ * @retval
+ * 0 Success
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_renewed_creds(krb5_context context, krb5_creds *creds,
+                       krb5_principal client, krb5_ccache ccache,
+                       const char *in_tkt_service);
+
+/**
+ * Decode an ASN.1-formatted ticket.
+ *
+ * @param [in]  code            ASN.1-formatted ticket
+ * @param [out] rep             Decoded ticket information
+ *
+ * @retval 0  Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_decode_ticket(const krb5_data *code, krb5_ticket **rep);
+
+/**
+ * Retrieve a string value from the appdefaults section of krb5.conf.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  appname         Application name
+ * @param [in]  realm           Realm name
+ * @param [in]  option          Option to be checked
+ * @param [in]  default_value   Default value to return if no match is found
+ * @param [out] ret_value       String value of @a option
+ *
+ * This function gets the application defaults for @a option based on the given
+ * @a appname and/or @a realm.
+ *
+ * @sa krb5_appdefault_boolean()
+ */
+void KRB5_CALLCONV
+krb5_appdefault_string(krb5_context context, const char *appname,
+                       const krb5_data *realm, const char *option,
+                       const char *default_value, char ** ret_value);
+
+/**
+ * Retrieve a boolean value from the appdefaults section of krb5.conf.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  appname         Application name
+ * @param [in]  realm           Realm name
+ * @param [in]  option          Option to be checked
+ * @param [in]  default_value   Default value to return if no match is found
+ * @param [out] ret_value       Boolean value of @a option
+ *
+ * This function gets the application defaults for @a option based on the given
+ * @a appname and/or @a realm.
+ *
+ * @sa krb5_appdefault_string()
+ */
+void KRB5_CALLCONV
+krb5_appdefault_boolean(krb5_context context, const char *appname,
+                        const krb5_data *realm, const char *option,
+                        int default_value, int *ret_value);
+
+/*
+ * Prompter enhancements
+ */
+/** Prompt for password */
+#define KRB5_PROMPT_TYPE_PASSWORD            0x1
+/** Prompt for new password (during password change) */
+#define KRB5_PROMPT_TYPE_NEW_PASSWORD        0x2
+/** Prompt for new password again */
+#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN  0x3
+/** Prompt for preauthentication data (such as an OTP value) */
+#define KRB5_PROMPT_TYPE_PREAUTH             0x4
+
+typedef krb5_int32 krb5_prompt_type;
+
+/**
+ * Get prompt types array from a context.
+ *
+ * @param [in] context          Library context
+ *
+ * @return
+ * Pointer to an array of prompt types corresponding to the prompter's @a
+ * prompts arguments.  Each type has one of the following values:
+ *  @li #KRB5_PROMPT_TYPE_PASSWORD
+ *  @li #KRB5_PROMPT_TYPE_NEW_PASSWORD
+ *  @li #KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN
+ *  @li #KRB5_PROMPT_TYPE_PREAUTH
+ */
+krb5_prompt_type* KRB5_CALLCONV
+krb5_get_prompt_types(krb5_context context);
+
+/* Error reporting */
+/**
+ * Set an extended error message for an error code.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] code             Error code
+ * @param [in] fmt              Error string for the error code
+ * @param [in] ...              printf(3) style parameters
+ */
+void KRB5_CALLCONV_C
+krb5_set_error_message(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+
+/**
+ * Set an extended error message for an error code using a va_list.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] code             Error code
+ * @param [in] fmt              Error string for the error code
+ * @param [in] args             List of vprintf(3) style arguments
+ */
+void KRB5_CALLCONV
+krb5_vset_error_message(krb5_context  ctx, krb5_error_code code,
+                        const char *fmt, va_list args)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 0)))
+#endif
+    ;
+
+/**
+ * Add a prefix to the message for an error code.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] code             Error code
+ * @param [in] fmt              Format string for error message prefix
+ * @param [in] ...              printf(3) style parameters
+ *
+ * Format a message and prepend it to the current message for @a code.  The
+ * prefix will be separated from the old message with a colon and space.
+ */
+void KRB5_CALLCONV_C
+krb5_prepend_error_message(krb5_context ctx, krb5_error_code code,
+                           const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+
+/**
+ * Add a prefix to the message for an error code using a va_list.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] code             Error code
+ * @param [in] fmt              Format string for error message prefix
+ * @param [in] args             List of vprintf(3) style arguments
+ *
+ * This function is similar to krb5_prepend_error_message(), but uses a
+ * va_list instead of variadic arguments.
+ */
+void KRB5_CALLCONV
+krb5_vprepend_error_message(krb5_context  ctx, krb5_error_code code,
+                        const char *fmt, va_list args)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 0)))
+#endif
+    ;
+
+/**
+ * Add a prefix to a different error code's message.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] old_code         Previous error code
+ * @param [in] code             Error code
+ * @param [in] fmt              Format string for error message prefix
+ * @param [in] ...              printf(3) style parameters
+ *
+ * Format a message and prepend it to the message for @a old_code.  The prefix
+ * will be separated from the old message with a colon and space.  Set the
+ * resulting message as the extended error message for @a code.
+ */
+void KRB5_CALLCONV_C
+krb5_wrap_error_message(krb5_context ctx, krb5_error_code old_code,
+                        krb5_error_code code, const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 4, 5)))
+#endif
+    ;
+
+/**
+ * Add a prefix to a different error code's message using a va_list.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] old_code         Previous error code
+ * @param [in] code             Error code
+ * @param [in] fmt              Format string for error message prefix
+ * @param [in] args             List of vprintf(3) style arguments
+ *
+ * This function is similar to krb5_wrap_error_message(), but uses a
+ * va_list instead of variadic arguments.
+ */
+void KRB5_CALLCONV
+krb5_vwrap_error_message(krb5_context ctx, krb5_error_code old_code,
+                         krb5_error_code code, const char *fmt, va_list args)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 4, 0)))
+#endif
+    ;
+
+/**
+ * Copy the most recent extended error message from one context to another.
+ *
+ * @param [in] dest_ctx         Library context to copy message to
+ * @param [in] src_ctx          Library context with current message
+ */
+void KRB5_CALLCONV
+krb5_copy_error_message(krb5_context dest_ctx, krb5_context src_ctx);
+
+/**
+ * Get the (possibly extended) error message for a code.
+ *
+ * @param [in] ctx              Library context
+ * @param [in] code             Error code
+ *
+ * The behavior of krb5_get_error_message() is only defined the first time it
+ * is called after a failed call to a krb5 function using the same context, and
+ * only when the error code passed in is the same as that returned by the krb5
+ * function.
+ *
+ * This function never returns NULL, so its result may be used unconditionally
+ * as a C string.
+ *
+ * The string returned by this function must be freed using
+ * krb5_free_error_message()
+ *
+ * @note Future versions may return the same string for the second
+ * and following calls.
+ */
+const char * KRB5_CALLCONV
+krb5_get_error_message(krb5_context ctx, krb5_error_code code);
+
+/**
+ * Free an error message generated by krb5_get_error_message().
+ *
+ * @param [in] ctx              Library context
+ * @param [in] msg              Pointer to error message
+ */
+void KRB5_CALLCONV
+krb5_free_error_message(krb5_context ctx, const char *msg);
+
+/**
+ * Clear the extended error message in a context.
+ *
+ * @param [in] ctx              Library context
+ *
+ * This function unsets the extended error message in a context, to ensure that
+ * it is not mistakenly applied to another occurrence of the same error code.
+ */
+void KRB5_CALLCONV
+krb5_clear_error_message(krb5_context ctx);
+
+/**
+ * Unwrap authorization data.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  type            Container type (see KRB5_AUTHDATA macros)
+ * @param [in]  container       Authorization data to be decoded
+ * @param [out] authdata        List of decoded authorization data
+ *
+ * @sa krb5_encode_authdata_container()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_decode_authdata_container(krb5_context context,
+                               krb5_authdatatype type,
+                               const krb5_authdata *container,
+                               krb5_authdata ***authdata);
+/**
+ * Wrap authorization data in a container.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  type            Container type (see KRB5_AUTHDATA macros)
+ * @param [in]  authdata        List of authorization data to be encoded
+ * @param [out] container       List of encoded authorization data
+ *
+ * The result is returned in @a container as a single-element list.
+ *
+ * @sa krb5_decode_authdata_container()
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_encode_authdata_container(krb5_context context,
+                               krb5_authdatatype type,
+                               krb5_authdata * const*authdata,
+                               krb5_authdata ***container);
+
+/*
+ * AD-KDCIssued
+ */
+/**
+ * Encode and sign AD-KDCIssued authorization data.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  key             Session key
+ * @param [in]  issuer          The name of the issuing principal
+ * @param [in]  authdata        List of authorization data to be signed
+ * @param [out] ad_kdcissued    List containing AD-KDCIssued authdata
+ *
+ * This function wraps a list of authorization data entries @a authdata in an
+ * AD-KDCIssued container (see RFC 4120 section 5.2.6.2) signed with @a key.
+ * The result is returned in @a ad_kdcissued as a single-element list.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_make_authdata_kdc_issued(krb5_context context,
+                              const krb5_keyblock *key,
+                              krb5_const_principal issuer,
+                              krb5_authdata *const *authdata,
+                              krb5_authdata ***ad_kdcissued);
+
+/**
+ * Unwrap and verify AD-KDCIssued authorization data.
+ *
+ * @param [in] context          Library context
+ * @param [in] key              Session key
+ * @param [in] ad_kdcissued     AD-KDCIssued authorization data to be unwrapped
+ * @param [out] issuer          Name of issuing principal (or NULL)
+ * @param [out] authdata        Unwrapped list of authorization data
+ *
+ * This function unwraps an AD-KDCIssued authdatum (see RFC 4120 section
+ * 5.2.6.2) and verifies its signature against @a key.  The issuer field of the
+ * authdatum element is returned in @a issuer, and the unwrapped list of
+ * authdata is returned in @a authdata.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_verify_authdata_kdc_issued(krb5_context context,
+                                const krb5_keyblock *key,
+                                const krb5_authdata *ad_kdcissued,
+                                krb5_principal *issuer,
+                                krb5_authdata ***authdata);
+
+/*
+ * Windows PAC
+ */
+
+/* Microsoft defined types of data */
+#define KRB5_PAC_LOGON_INFO        1  /**< Logon information */
+#define KRB5_PAC_CREDENTIALS_INFO  2  /**< Credentials information */
+#define KRB5_PAC_SERVER_CHECKSUM   6  /**< Server checksum */
+#define KRB5_PAC_PRIVSVR_CHECKSUM  7  /**< KDC checksum */
+#define KRB5_PAC_CLIENT_INFO       10 /**< Client name and ticket info */
+#define KRB5_PAC_DELEGATION_INFO   11 /**< Constrained delegation info */
+#define KRB5_PAC_UPN_DNS_INFO      12 /**< User principal name and DNS info */
+#define KRB5_PAC_CLIENT_CLAIMS     13 /**< Client claims information */
+#define KRB5_PAC_DEVICE_INFO       14 /**< Device information */
+#define KRB5_PAC_DEVICE_CLAIMS     15 /**< Device claims information */
+#define KRB5_PAC_TICKET_CHECKSUM   16 /**< Ticket checksum */
+#define KRB5_PAC_ATTRIBUTES_INFO   17 /**< PAC attributes */
+#define KRB5_PAC_REQUESTOR         18 /**< PAC requestor SID */
+#define KRB5_PAC_FULL_CHECKSUM     19 /**< KDC full checksum */
+
+struct krb5_pac_data;
+/** PAC data structure to convey authorization information */
+typedef struct krb5_pac_data *krb5_pac;
+
+/**
+ * Add a buffer to a PAC handle.
+ *
+ * @param [in] context          Library context
+ * @param [in] pac              PAC handle
+ * @param [in] type             Buffer type
+ * @param [in] data             contents
+ *
+ * This function adds a buffer of type @a type and contents @a data to @a pac
+ * if there isn't already a buffer of this type present.
+ *
+ * The valid values of @a type is one of the following:
+ * @li #KRB5_PAC_LOGON_INFO         -  Logon information
+ * @li #KRB5_PAC_CREDENTIALS_INFO   -  Credentials information
+ * @li #KRB5_PAC_SERVER_CHECKSUM    -  Server checksum
+ * @li #KRB5_PAC_PRIVSVR_CHECKSUM   -  KDC checksum
+ * @li #KRB5_PAC_CLIENT_INFO        -  Client name and ticket information
+ * @li #KRB5_PAC_DELEGATION_INFO    -  Constrained delegation information
+ * @li #KRB5_PAC_UPN_DNS_INFO       -  User principal name and DNS information
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_add_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type,
+                    const krb5_data *data);
+
+/**
+ * Free a PAC handle.
+ *
+ * @param [in] context         Library context
+ * @param [in] pac             PAC to be freed
+ *
+ * This function frees the contents of @a pac and the structure itself.
+ */
+void KRB5_CALLCONV
+krb5_pac_free(krb5_context context, krb5_pac pac);
+
+/**
+ * Retrieve a buffer value from a PAC.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  pac             PAC handle
+ * @param [in]  type            Type of buffer to retrieve
+ * @param [out] data            Buffer value
+ *
+ * Use krb5_free_data_contents() to free @a data when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type,
+                    krb5_data *data);
+
+/**
+ * Return an array of buffer types in a PAC handle.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  pac             PAC handle
+ * @param [out] len             Number of entries in @a types
+ * @param [out] types           Array of buffer types
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len,
+                   krb5_ui_4 **types);
+
+/**
+ * Create an empty Privilege Attribute Certificate (PAC) handle.
+ *
+ * @param [in]  context         Library context
+ * @param [out] pac             New PAC handle
+ *
+ * Use krb5_pac_free() to free @a pac when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_init(krb5_context context, krb5_pac *pac);
+
+/**
+ * Unparse an encoded PAC into a new handle.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ptr             PAC buffer
+ * @param [in]  len             Length of @a ptr
+ * @param [out] pac             PAC handle
+ *
+ * Use krb5_pac_free() to free @a pac when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
+               krb5_pac *pac);
+
+/**
+ * Verify a PAC.
+ *
+ * @param [in] context          Library context
+ * @param [in] pac              PAC handle
+ * @param [in] authtime         Expected timestamp
+ * @param [in] principal        Expected principal name (or NULL)
+ * @param [in] server           Key to validate server checksum (or NULL)
+ * @param [in] privsvr          Key to validate KDC checksum (or NULL)
+ *
+ * This function validates @a pac against the supplied @a server, @a privsvr,
+ * @a principal and @a authtime.  If @a principal is NULL, the principal and
+ * authtime are not verified.  If @a server or @a privsvr is NULL, the
+ * corresponding checksum is not verified.
+ *
+ * If successful, @a pac is marked as verified.
+ *
+ * @note A checksum mismatch can occur if the PAC was copied from a cross-realm
+ * TGT by an ignorant KDC; also macOS Server Open Directory (as of 10.6)
+ * generates PACs with no server checksum at all.  One should consider not
+ * failing the whole authentication because of this reason, but, instead,
+ * treating the ticket as if it did not contain a PAC or marking the PAC
+ * information as non-verified.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_verify(krb5_context context, const krb5_pac pac,
+                krb5_timestamp authtime, krb5_const_principal principal,
+                const krb5_keyblock *server, const krb5_keyblock *privsvr);
+
+/**
+ * Verify a PAC, possibly from a specified realm.
+ *
+ * @param [in] context          Library context
+ * @param [in] pac              PAC handle
+ * @param [in] authtime         Expected timestamp
+ * @param [in] principal        Expected principal name (or NULL)
+ * @param [in] server           Key to validate server checksum (or NULL)
+ * @param [in] privsvr          Key to validate KDC checksum (or NULL)
+ * @param [in] with_realm       If true, expect the realm of @a principal
+ *
+ * This function is similar to krb5_pac_verify(), but adds a parameter
+ * @a with_realm.  If @a with_realm is true, the PAC_CLIENT_INFO field is
+ * expected to include the realm of @a principal as well as the name.  This
+ * flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs.
+ *
+ * @version New in 1.17
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_verify_ext(krb5_context context, const krb5_pac pac,
+                    krb5_timestamp authtime, krb5_const_principal principal,
+                    const krb5_keyblock *server, const krb5_keyblock *privsvr,
+                    krb5_boolean with_realm);
+
+/**
+ * Verify a PAC, possibly including ticket signature
+ *
+ * @param [in] context          Library context
+ * @param [in] enc_tkt          Ticket enc-part, possibly containing a PAC
+ * @param [in] server_princ     Canonicalized name of ticket server
+ * @param [in] server           Key to validate server checksum (or NULL)
+ * @param [in] privsvr          Key to validate KDC checksum (or NULL)
+ * @param [out] pac_out         Verified PAC (NULL if no PAC included)
+ *
+ * If a PAC is present in @a enc_tkt, verify its signatures.  If @a privsvr is
+ * not NULL and @a server_princ is not a krbtgt or kadmin/changepw service,
+ * require a ticket signature over @a enc_tkt in addition to the KDC signature.
+ * Place the verified PAC in @a pac_out.  If an invalid PAC signature is found,
+ * return an error matching the Windows KDC protocol code for that condition as
+ * closely as possible.
+ *
+ * If no PAC is present in @a enc_tkt, set @a pac_out to NULL and return
+ * successfully.
+ *
+ * @note This function does not validate the PAC_CLIENT_INFO buffer.  If a
+ * specific value is expected, the caller can make a separate call to
+ * krb5_pac_verify_ext() with a principal but no keys.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ *
+ * @version New in 1.20
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
+                       krb5_const_principal server_princ,
+                       const krb5_keyblock *server,
+                       const krb5_keyblock *privsvr, krb5_pac *pac_out);
+
+/** @deprecated Use krb5_kdc_sign_ticket() instead. */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+              krb5_const_principal principal, const krb5_keyblock *server_key,
+              const krb5_keyblock *privsvr_key, krb5_data *data);
+
+/** @deprecated Use krb5_kdc_sign_ticket() instead. */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign_ext(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+                  krb5_const_principal principal,
+                  const krb5_keyblock *server_key,
+                  const krb5_keyblock *privsvr_key, krb5_boolean with_realm,
+                  krb5_data *data);
+
+/**
+ * Sign a PAC, possibly including a ticket signature
+ *
+ * @param [in]  context         Library context
+ * @param [in]  enc_tkt         The ticket for the signature
+ * @param [in]  pac             PAC handle
+ * @param [in]  server_princ    Canonical ticket server name
+ * @param [in]  client_princ    PAC_CLIENT_INFO principal (or NULL)
+ * @param [in]  server          Key for server checksum
+ * @param [in]  privsvr         Key for KDC and ticket checksum
+ * @param [in]  with_realm      If true, include the realm of @a principal
+ *
+ * Sign @a pac using the keys @a server and @a privsvr.  Include a ticket
+ * signature over @a enc_tkt if @a server_princ is not a TGS or kadmin/changepw
+ * principal name.  Add the signed PAC's encoding to the authorization data of
+ * @a enc_tkt in the first slot, wrapped in an AD-IF-RELEVANT container.  If @a
+ * client_princ is non-null, add a PAC_CLIENT_INFO buffer, including the realm
+ * if @a with_realm is true.
+ *
+ * @retval 0 on success, otherwise - Kerberos error codes
+ *
+ * @version New in 1.20
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kdc_sign_ticket(krb5_context context, krb5_enc_tkt_part *enc_tkt,
+                     const krb5_pac pac, krb5_const_principal server_princ,
+                     krb5_const_principal client_princ,
+                     const krb5_keyblock *server, const krb5_keyblock *privsvr,
+                     krb5_boolean with_realm);
+
+/**
+ * Read client information from a PAC.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  pac             PAC handle
+ * @param [out] authtime_out    Authentication timestamp (NULL if not needed)
+ * @param [out] princname_out   Client account name
+ *
+ * Read the PAC_CLIENT_INFO buffer in @a pac.  Place the client account name as
+ * a string in @a princname_out.  If @a authtime_out is not NULL, place the
+ * initial authentication timestamp in @a authtime_out.
+ *
+ * @retval 0 on success, ENOENT if no PAC_CLIENT_INFO buffer is present in @a
+ * pac, ERANGE if the buffer contains invalid lengths.
+ *
+ * @version New in 1.18
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_client_info(krb5_context context, const krb5_pac pac,
+                         krb5_timestamp *authtime_out, char **princname_out);
+
+/**
+ * Allow the application to override the profile's allow_weak_crypto setting.
+ *
+ * @param [in] context          Library context
+ * @param [in] enable           Boolean flag
+ *
+ * This function allows an application to override the allow_weak_crypto
+ * setting.  It is primarily for use by aklog.
+ *
+ * @retval 0  (always)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable);
+
+/**
+ * A wrapper for passing information to a @c krb5_trace_callback.
+ *
+ * Currently, it only contains the formatted message as determined
+ * the the format string and arguments of the tracing macro, but it
+ * may be extended to contain more fields in the future.
+ */
+typedef struct _krb5_trace_info {
+    const char *message;
+} krb5_trace_info;
+
+typedef void
+(KRB5_CALLCONV *krb5_trace_callback)(krb5_context context,
+                                     const krb5_trace_info *info,
+                                     void *cb_data);
+
+/**
+ * Specify a callback function for trace events.
+ *
+ * @param [in] context          Library context
+ * @param [in] fn               Callback function
+ * @param [in] cb_data          Callback data
+ *
+ * Specify a callback for trace events occurring in krb5 operations performed
+ * within @a context.  @a fn will be invoked with @a context as the first
+ * argument, @a cb_data as the last argument, and a pointer to a
+ * krb5_trace_info as the second argument.  If the trace callback is reset via
+ * this function or @a context is destroyed, @a fn will be invoked with a NULL
+ * second argument so it can clean up @a cb_data.  Supply a NULL value for @a
+ * fn to disable trace callbacks within @a context.
+ *
+ * @note This function overrides the information passed through the
+ * @a KRB5_TRACE environment variable.
+ *
+ * @version New in 1.9
+ *
+ * @return Returns KRB5_TRACE_NOSUPP if tracing is not supported in the library
+ * (unless @a fn is NULL).
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_trace_callback(krb5_context context, krb5_trace_callback fn,
+                        void *cb_data);
+
+/**
+ * Specify a file name for directing trace events.
+ *
+ * @param [in] context          Library context
+ * @param [in] filename         File name
+ *
+ * Open @a filename for appending (creating it, if necessary) and set up a
+ * callback to write trace events to it.
+ *
+ * @note This function overrides the information passed through the
+ * @a KRB5_TRACE environment variable.
+ *
+ * @version New in 1.9
+ *
+ * @retval KRB5_TRACE_NOSUPP Tracing is not supported in the library.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_trace_filename(krb5_context context, const char *filename);
+
+
+/**
+ * Hook function for inspecting or modifying messages sent to KDCs.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  data            Callback data
+ * @param [in]  realm           The realm the message will be sent to
+ * @param [in]  message         The original message to be sent to the KDC
+ * @param [out] new_message_out Optional replacement message to be sent
+ * @param [out] new_reply_out   Optional synthetic reply
+ *
+ * If the hook function returns an error code, the KDC communication will be
+ * aborted and the error code will be returned to the library operation which
+ * initiated the communication.
+ *
+ * If the hook function sets @a new_reply_out, @a message will not be sent to
+ * the KDC, and the given reply will used instead.
+ *
+ * If the hook function sets @a new_message_out, the given message will be sent
+ * to the KDC in place of @a message.
+ *
+ * If the hook function returns successfully without setting either output,
+ * @a message will be sent to the KDC normally.
+ *
+ * The hook function should use krb5_copy_data() to construct the value for
+ * @a new_message_out or @a reply_out, to ensure that it can be freed correctly
+ * by the library.
+ *
+ * @version New in 1.15
+ *
+ * @retval 0 Success
+ * @return A Kerberos error code
+ */
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5_pre_send_fn)(krb5_context context, void *data,
+                                  const krb5_data *realm,
+                                  const krb5_data *message,
+                                  krb5_data **new_message_out,
+                                  krb5_data **new_reply_out);
+
+/**
+ * Hook function for inspecting or overriding KDC replies.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  data            Callback data
+ * @param [in]  code            Status of KDC communication
+ * @param [in]  realm           The realm the reply was received from
+ * @param [in]  message         The message sent to the realm's KDC
+ * @param [in]  reply           The reply received from the KDC
+ * @param [out] new_reply_out   Optional replacement reply
+ *
+ * If @a code is zero, @a reply contains the reply received from the KDC.  The
+ * hook function may return an error code to simulate an error, may synthesize
+ * a different reply by setting @a new_reply_out, or may simply return
+ * successfully to do nothing.
+ *
+ * If @a code is non-zero, KDC communication failed and @a reply should be
+ * ignored.  The hook function may return @a code or a different error code, or
+ * may synthesize a reply by setting @a new_reply_out and return successfully.
+ *
+ * The hook function should use krb5_copy_data() to construct the value for
+ * @a new_reply_out, to ensure that it can be freed correctly by the library.
+ *
+ * @version New in 1.15
+ *
+ * @retval 0 Success
+ * @return A Kerberos error code
+ */
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5_post_recv_fn)(krb5_context context, void *data,
+                                   krb5_error_code code,
+                                   const krb5_data *realm,
+                                   const krb5_data *message,
+                                   const krb5_data *reply,
+                                   krb5_data **new_reply_out);
+
+/**
+ * Set a KDC pre-send hook function.
+ *
+ * @param [in] context          Library context
+ * @param [in] send_hook        Hook function (or NULL to disable the hook)
+ * @param [in] data             Callback data to be passed to @a send_hook
+ *
+ * @a send_hook will be called before messages are sent to KDCs by library
+ * functions such as krb5_get_credentials().  The hook function may inspect,
+ * override, or synthesize its own reply to the message.
+ *
+ * @version New in 1.15
+ */
+void KRB5_CALLCONV
+krb5_set_kdc_send_hook(krb5_context context, krb5_pre_send_fn send_hook,
+                       void *data);
+
+/**
+ * Set a KDC post-receive hook function.
+ *
+ * @param [in] context          The library context.
+ * @param [in] recv_hook        Hook function (or NULL to disable the hook)
+ * @param [in] data             Callback data to be passed to @a recv_hook
+ *
+ * @a recv_hook will be called after a reply is received from a KDC during a
+ * call to a library function such as krb5_get_credentials().  The hook
+ * function may inspect or override the reply.  This hook will not be executed
+ * if the pre-send hook returns a synthetic reply.
+ *
+ * @version New in 1.15
+ */
+void KRB5_CALLCONV
+krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook,
+                       void *data);
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(pop)
+#endif
+
+KRB5INT_END_DECLS
+
+/* Don't use this!  We're going to phase it out.  It's just here to keep
+   applications from breaking right away.  */
+#define krb5_const const
+
+#undef KRB5_ATTR_DEPRECATED
+
+#endif /* KRB5_GENERAL__ */
diff --git a/krb5-1.21.3/src/include/krb5/localauth_plugin.h b/krb5-1.21.3/src/include/krb5/localauth_plugin.h
new file mode 100644
index 00000000..df7574ee
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/localauth_plugin.h
@@ -0,0 +1,138 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Declarations for localauth plugin module implementors.
+ *
+ * The localauth pluggable interface currently has only one supported major
+ * version, which is 1.  Major version 1 has a current minor version number of
+ * 1.
+ *
+ * Localauth plugin modules should define a function named
+ * localauth_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   localauth_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                            krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to krb5_localauth_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_LOCALAUTH_PLUGIN_H
+#define KRB5_LOCALAUTH_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+
+/* An abstract type for localauth module data. */
+typedef struct krb5_localauth_moddata_st *krb5_localauth_moddata;
+
+/*** Method type declarations ***/
+
+/* Optional: Initialize module data. */
+typedef krb5_error_code
+(*krb5_localauth_init_fn)(krb5_context context,
+                          krb5_localauth_moddata *data);
+
+/* Optional: Release resources used by module data. */
+typedef void
+(*krb5_localauth_fini_fn)(krb5_context context, krb5_localauth_moddata data);
+
+/*
+ * Optional: Determine whether aname is authorized to log in as the local
+ * account lname.  Return 0 if aname is authorized, EPERM if aname is
+ * authoritatively not authorized, KRB5_PLUGIN_NO_HANDLE if the module cannot
+ * determine whether aname is authorized, and any other error code for a
+ * serious failure to process the request.  aname will be considered authorized
+ * if at least one module returns 0 and all other modules return
+ * KRB5_PLUGIN_NO_HANDLE.
+ */
+typedef krb5_error_code
+(*krb5_localauth_userok_fn)(krb5_context context, krb5_localauth_moddata data,
+                            krb5_const_principal aname, const char *lname);
+
+/*
+ * Optional (mandatory if an2ln_types is set): Determine the local account name
+ * corresponding to aname.  Return 0 and set *lname_out if a mapping can be
+ * determined; the contents of *lname_out will later be released with a call to
+ * the module's free_string method.  Return KRB5_LNAME_NOTRANS if no mapping
+ * can be determined.  Return any other error code for a serious failure to
+ * process the request; this will halt the krb5_aname_to_localname operation.
+ *
+ * If the module's an2ln_types field is set, this method will only be invoked
+ * when a profile "auth_to_local" value references one of the module's types.
+ * type and residual will be set to the type and residual of the auth_to_local
+ * value.
+ *
+ * If the module's an2ln_types field is not set but the an2ln method is
+ * implemented, this method will be invoked independently of the profile's
+ * auth_to_local settings, with type and residual set to NULL.  If multiple
+ * modules are registered with an2ln methods but no an2ln_types field, the
+ * order of invocation is not defined, but all such modules will be consulted
+ * before the built-in mechanisms are tried.
+ */
+typedef krb5_error_code
+(*krb5_localauth_an2ln_fn)(krb5_context context, krb5_localauth_moddata data,
+                           const char *type, const char *residual,
+                           krb5_const_principal aname, char **lname_out);
+
+/*
+ * Optional (mandatory if an2ln is implemented): Release the memory returned by
+ * an invocation of an2ln.
+ */
+typedef void
+(*krb5_localauth_free_string_fn)(krb5_context context,
+                                 krb5_localauth_moddata data, char *str);
+
+/* localauth vtable for major version 1. */
+typedef struct krb5_localauth_vtable_st {
+    const char *name;           /* Mandatory: name of module. */
+    const char **an2ln_types;   /* Optional: uppercase auth_to_local types */
+    krb5_localauth_init_fn init;
+    krb5_localauth_fini_fn fini;
+    krb5_localauth_userok_fn userok;
+    krb5_localauth_an2ln_fn an2ln;
+    krb5_localauth_free_string_fn free_string;
+    /* Minor version 1 ends here. */
+} *krb5_localauth_vtable;
+
+#endif /* KRB5_LOCALAUTH_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/locate_plugin.h b/krb5-1.21.3/src/include/krb5/locate_plugin.h
new file mode 100644
index 00000000..7a872a15
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/locate_plugin.h
@@ -0,0 +1,62 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Service location plugin definitions for Kerberos 5.
+ */
+
+#ifndef KRB5_LOCATE_PLUGIN_H_INCLUDED
+#define KRB5_LOCATE_PLUGIN_H_INCLUDED
+#include <krb5/krb5.h>
+
+enum locate_service_type {
+    locate_service_kdc = 1,
+    locate_service_primary_kdc,
+    locate_service_kadmin,
+    locate_service_krb524,
+    locate_service_kpasswd
+};
+#define locate_service_master_kdc locate_service_primary_kdc
+
+typedef struct krb5plugin_service_locate_ftable {
+    int minor_version;          /* currently 0 */
+    /* Per-context setup and teardown.  Returned void* blob is
+       private to the plugin.  */
+    krb5_error_code (*init)(krb5_context, void **);
+    void (*fini)(void *);
+    /* Callback function returns non-zero if the plugin function
+       should quit and return; this may be because of an error, or may
+       indicate we've already contacted the service, whatever.  The
+       lookup function should only return an error if it detects a
+       problem, not if the callback function tells it to quit.  */
+    krb5_error_code (*lookup)(void *,
+                              enum locate_service_type svc, const char *realm,
+                              int socktype, int family,
+                              int (*cbfunc)(void *,int,struct sockaddr *),
+                              void *cbdata);
+} krb5plugin_service_locate_ftable;
+/* extern krb5plugin_service_locate_ftable service_locator; */
+#endif
diff --git a/krb5-1.21.3/src/include/krb5/plugin.h b/krb5-1.21.3/src/include/krb5/plugin.h
new file mode 100644
index 00000000..c575efa0
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/plugin.h
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Generic declarations for dynamic modules implementing krb5 plugin
+ * modules. */
+
+#ifndef KRB5_PLUGIN_H
+#define KRB5_PLUGIN_H
+
+/* krb5_plugin_vtable is an abstract type.  Module initvt functions will cast
+ * it to the appropriate interface-specific vtable type. */
+typedef struct krb5_plugin_vtable_st *krb5_plugin_vtable;
+
+/*
+ * krb5_plugin_initvt_fn is the type of all module initvt functions.  Based on
+ * the maj_ver argument, the initvt function should cast vtable to the
+ * appropriate type and then fill it in.  If a vtable has been expanded,
+ * min_ver indicates which version of the vtable is being filled in.
+ */
+typedef krb5_error_code
+(*krb5_plugin_initvt_fn)(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable);
+
+#endif /* KRB5_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/preauth_plugin.h b/krb5-1.21.3/src/include/krb5/preauth_plugin.h
new file mode 100644
index 00000000..cd684463
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/preauth_plugin.h
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This header includes the clpreauth and kdcpreauth interface declarations,
+ * for backward compatibility and convenience. */
+
+#ifndef KRB5_PREAUTH_PLUGIN_H
+#define KRB5_PREAUTH_PLUGIN_H
+
+#include <krb5/clpreauth_plugin.h>
+#include <krb5/kdcpreauth_plugin.h>
+
+#endif /* KRB5_PREAUTH_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/krb5/pwqual_plugin.h b/krb5-1.21.3/src/include/krb5/pwqual_plugin.h
new file mode 100644
index 00000000..00e7df97
--- /dev/null
+++ b/krb5-1.21.3/src/include/krb5/pwqual_plugin.h
@@ -0,0 +1,109 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Declarations for password quality plugin module implementors.
+ *
+ * The password quality pluggable interface currently has only one supported
+ * major version, which is 1.  Major version 1 has a current minor version
+ * number of 1.
+ *
+ * Password quality plugin modules should define a function named
+ * pwqual_<modulename>_initvt, matching the signature:
+ *
+ *   krb5_error_code
+ *   pwqual_modname_initvt(krb5_context context, int maj_ver, int min_ver,
+ *                         krb5_plugin_vtable vtable);
+ *
+ * The initvt function should:
+ *
+ * - Check that the supplied maj_ver number is supported by the module, or
+ *   return KRB5_PLUGIN_VER_NOTSUPP if it is not.
+ *
+ * - Cast the vtable pointer as appropriate for maj_ver:
+ *     maj_ver == 1: Cast to krb5_pwqual_vtable
+ *
+ * - Initialize the methods of the vtable, stopping as appropriate for the
+ *   supplied min_ver.  Optional methods may be left uninitialized.
+ *
+ * Memory for the vtable is allocated by the caller, not by the module.
+ */
+
+#ifndef KRB5_PWQUAL_PLUGIN_H
+#define KRB5_PWQUAL_PLUGIN_H
+
+#include <krb5/krb5.h>
+#include <krb5/plugin.h>
+#include <kadm5/admin.h>
+
+/* An abstract type for password quality module data. */
+typedef struct krb5_pwqual_moddata_st *krb5_pwqual_moddata;
+
+/*** Method type declarations ***/
+
+/* Optional: Initialize module data.  dictfile is the realm's configured
+ * dictionary filename. */
+typedef krb5_error_code
+(*krb5_pwqual_open_fn)(krb5_context context, const char *dict_file,
+                       krb5_pwqual_moddata *data);
+
+/*
+ * Mandatory: Check a password for the principal princ, which has an associated
+ * password policy named policy_name (or no associated policy if policy_name is
+ * NULL).  The parameter languages, if not NULL, contains a null-terminated
+ * list of client-specified language tags as defined in RFC 5646.  The method
+ * should return one of the following errors if the password fails quality
+ * standards:
+ *
+ * - KADM5_PASS_Q_TOOSHORT: password should be longer
+ * - KADM5_PASS_Q_CLASS:    password must have more character classes
+ * - KADM5_PASS_Q_DICT:     password contains dictionary words
+ * - KADM5_PASS_Q_GENERIC:  unspecified quality failure
+ *
+ * The module should also set an extended error message with
+ * krb5_set_error_message().  The message may be localized according to one of
+ * the language tags in languages.
+ */
+typedef krb5_error_code
+(*krb5_pwqual_check_fn)(krb5_context context, krb5_pwqual_moddata data,
+                        const char *password, const char *policy_name,
+                        krb5_principal princ, const char **languages);
+
+/* Optional: Release resources used by module data. */
+typedef void
+(*krb5_pwqual_close_fn)(krb5_context context, krb5_pwqual_moddata data);
+
+/*** vtable declarations **/
+
+/* Password quality plugin vtable for major version 1. */
+typedef struct krb5_pwqual_vtable_st {
+    const char *name;           /* Mandatory: name of module. */
+    krb5_pwqual_open_fn open;
+    krb5_pwqual_check_fn check;
+    krb5_pwqual_close_fn close;
+    /* Minor version 1 ends here. */
+} *krb5_pwqual_vtable;
+
+#endif /* KRB5_PWQUAL_PLUGIN_H */
diff --git a/krb5-1.21.3/src/include/net-server.h b/krb5-1.21.3/src/include/net-server.h
new file mode 100644
index 00000000..a30749d8
--- /dev/null
+++ b/krb5-1.21.3/src/include/net-server.h
@@ -0,0 +1,102 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/net-server.h */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Declarations for "API" of network listener/dispatcher in libapputils. */
+
+#ifndef NET_SERVER_H
+#define NET_SERVER_H
+
+#include <verto.h>
+
+/* The delimiter characters supported by the addresses string. */
+#define ADDRESSES_DELIM ",; "
+
+typedef struct _krb5_fulladdr {
+    krb5_address *      address;
+    krb5_ui_4           port;
+} krb5_fulladdr;
+
+/* exported from network.c */
+void init_addr(krb5_fulladdr *, struct sockaddr *);
+
+/* exported from net-server.c */
+verto_ctx *loop_init(verto_ev_type types);
+
+/*
+ * Add listener addresses to the loop configuration.
+ *
+ * Arguments:
+ *
+ * - default_port
+ *      The port for the sockets if not specified in addresses.
+ * - addresses
+ *      The optional addresses for the listener sockets.  Pass NULL for the
+ *      wildcard address.  Addresses may be delimited by the characters in
+ *      ADDRESSES_DELIM.  Addresses are parsed with k5_parse_host_string().
+ * - prognum, versnum, dispatchfn
+ *      For RPC listener sockets, the svc_register() arguments to use when new
+ *      TCP connections are created.
+ */
+krb5_error_code loop_add_udp_address(int default_port, const char *addresses);
+krb5_error_code loop_add_tcp_address(int default_port, const char *addresses);
+krb5_error_code loop_add_rpc_service(int default_port, const char *addresses,
+                                     u_long prognum, u_long versnum,
+                                     void (*dispatchfn)());
+
+krb5_error_code loop_setup_network(verto_ctx *ctx, void *handle,
+                                   const char *progname,
+                                   int tcp_listen_backlog);
+krb5_error_code loop_setup_signals(verto_ctx *ctx, void *handle,
+                                   void (*reset)());
+void loop_free(verto_ctx *ctx);
+
+/* to be supplied by the server application */
+
+/*
+ * Two routines for processing an incoming message and getting a
+ * result to send back.
+ *
+ * The first, dispatch(), is for normal processing of a request.  The
+ * second, make_toolong_error(), is obviously for generating an error
+ * to send back when the incoming message is bigger than
+ * the main loop can accept.
+ */
+typedef void (*loop_respond_fn)(void *arg, krb5_error_code code,
+                                krb5_data *response);
+void dispatch(void *handle, const krb5_fulladdr *local_addr,
+              const krb5_fulladdr *remote_addr, krb5_data *request,
+              int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg);
+krb5_error_code make_toolong_error (void *handle, krb5_data **);
+
+/*
+ * Contexts are needed in lots of places.  Opaque application-provided
+ * handles are passed around in lots of place, but contexts are not.
+ * For now, we'll require that the application provide us an easy way
+ * to get at a context; eventually it should probably be explicitly.
+ */
+krb5_context get_context(void *handle);
+
+#endif /* NET_SERVER_H */
diff --git a/krb5-1.21.3/src/include/osconf.hin b/krb5-1.21.3/src/include/osconf.hin
new file mode 100644
index 00000000..c24717be
--- /dev/null
+++ b/krb5-1.21.3/src/include/osconf.hin
@@ -0,0 +1,141 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Site- and OS- dependent configuration */
+
+#ifndef KRB5_OSCONF__
+#define KRB5_OSCONF__
+
+#if !defined(_WIN32)
+/* Don't try to pull in autoconf.h for Windows, since it's not used */
+#ifndef KRB5_AUTOCONF__
+#define KRB5_AUTOCONF__
+#include "autoconf.h"
+#endif
+#endif
+
+#if defined(__MACH__) && defined(__APPLE__)
+# include <TargetConditionals.h>
+#endif
+
+#if defined(_WIN32)
+#define DEFAULT_PROFILE_FILENAME "krb5.ini"
+#else /* !_WINDOWS */
+#if TARGET_OS_MAC
+#define DEFAULT_SECURE_PROFILE_PATH "/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf@SYSCONFCONF"
+#define DEFAULT_PROFILE_PATH        ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH)
+#define KRB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
+#define KDB5_PLUGIN_BUNDLE_DIR       "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR  "/System/Library/KerberosPlugins/KerberosAuthDataPlugins"
+#else
+#define DEFAULT_SECURE_PROFILE_PATH     "/etc/krb5.conf@SYSCONFCONF"
+#define DEFAULT_PROFILE_PATH        DEFAULT_SECURE_PROFILE_PATH
+#endif
+#endif /* _WINDOWS  */
+
+#ifdef _WIN32
+#define DEFAULT_PLUGIN_BASE_DIR "%{LIBDIR}\\plugins"
+#else
+#define DEFAULT_PLUGIN_BASE_DIR "@LIBDIR/krb5/plugins"
+#endif
+
+#if defined(_WIN64)
+#define PLUGIN_EXT              "64.dll"
+#elif defined(_WIN32)
+#define PLUGIN_EXT              "32.dll"
+#else
+#define PLUGIN_EXT              "@DYNOBJEXT"
+#endif
+
+#define KDC_DIR                 "@LOCALSTATEDIR/krb5kdc"
+#define KDC_RUN_DIR             "@RUNSTATEDIR/krb5kdc"
+#define DEFAULT_KDB_FILE        KDC_DIR "/principal"
+#define DEFAULT_KEYFILE_STUB    KDC_DIR "/.k5."
+#define KRB5_DEFAULT_ADMIN_ACL  KDC_DIR "/krb5_adm.acl"
+/* Used by old admin server */
+#define DEFAULT_ADMIN_ACL       KDC_DIR "/kadm_old.acl"
+
+/* Location of KDC profile */
+#define DEFAULT_KDC_PROFILE     KDC_DIR "/kdc.conf"
+#define KDC_PROFILE_ENV         "KRB5_KDC_PROFILE"
+
+#if TARGET_OS_MAC
+#define DEFAULT_KDB_LIB_PATH    { KDB5_PLUGIN_BUNDLE_DIR, "@MODULEDIR/kdb", NULL }
+#else
+#define DEFAULT_KDB_LIB_PATH    { "@MODULEDIR/kdb", NULL }
+#endif
+
+#define DEFAULT_KDC_ENCTYPE     ENCTYPE_AES256_CTS_HMAC_SHA1_96
+#define KDCRCACHE               "dfl:krb5kdc_rcache"
+
+#define KDC_PORTNAME            "kerberos" /* for /etc/services or equiv. */
+
+#define KRB5_DEFAULT_PORT       88
+
+#define DEFAULT_KPASSWD_PORT    464
+
+#define DEFAULT_KDC_UDP_PORTLIST "88"
+#define DEFAULT_KDC_TCP_PORTLIST "88"
+#define DEFAULT_TCP_LISTEN_BACKLOG 5
+
+/*
+ * Defaults for the KADM5 admin system.
+ */
+#define DEFAULT_KADM5_KEYTAB    KDC_DIR "/kadm5.keytab"
+#define DEFAULT_KADM5_ACL_FILE  KDC_DIR "/kadm5.acl"
+#define DEFAULT_KADM5_PORT      749 /* assigned by IANA */
+
+#define KRB5_DEFAULT_SUPPORTED_ENCTYPES                 \
+    "aes256-cts-hmac-sha1-96:normal "                   \
+    "aes128-cts-hmac-sha1-96:normal"
+
+#define MAX_DGRAM_SIZE  65536
+
+#define RCTMPDIR        "@KRB5RCTMPDIR" /* directory to store replay caches */
+
+#define KRB5_PATH_TTY   "/dev/tty"
+#define KRB5_PATH_LOGIN "@SBINDIR/login.krb5"
+#define KRB5_PATH_RLOGIN "@BINDIR/rlogin"
+
+#define KRB5_ENV_CCNAME "KRB5CCNAME"
+
+/*
+ * krb5 replica support follows
+ */
+
+#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans"
+#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master"
+#define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
+#define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop"
+#define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE
+#define KPROPD_ACL_FILE KDC_DIR "/kpropd.acl"
+
+/*
+ * GSS mechglue
+ */
+#define MECH_CONF "@SYSCONFDIR/gss/mech"
+#define MECH_LIB_PREFIX "@GSSMODULEDIR/"
+
+#endif /* KRB5_OSCONF__ */
diff --git a/krb5-1.21.3/src/include/port-sockets.h b/krb5-1.21.3/src/include/port-sockets.h
new file mode 100644
index 00000000..57e5d1dd
--- /dev/null
+++ b/krb5-1.21.3/src/include/port-sockets.h
@@ -0,0 +1,297 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef _PORT_SOCKET_H
+#define _PORT_SOCKET_H
+#if defined(_WIN32)
+
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <errno.h>
+
+/* Some of our own infrastructure where the Winsock stuff was too hairy
+ * to dump into a clean Unix program */
+
+typedef WSABUF sg_buf;
+
+#define SG_ADVANCE(SG, N)                       \
+    ((SG)->len < (N)                            \
+     ? (abort(), 0)                             \
+     : ((SG)->buf += (N), (SG)->len -= (N), 0))
+
+#define SG_LEN(SG)              ((SG)->len + 0)
+#define SG_BUF(SG)              ((SG)->buf + 0)
+#define SG_SET(SG, B, N)        ((SG)->buf = (char *)(B),(SG)->len = (N))
+
+#define SOCKET_INITIALIZE()     0
+#define SOCKET_CLEANUP()
+#define SOCKET_ERRNO            (TranslatedWSAGetLastError())
+#define SOCKET_SET_ERRNO(x)     (TranslatedWSASetLastError(x))
+#define SOCKET_NFDS(f)          (0)     /* select()'s first arg is ignored */
+#define SOCKET_READ(fd, b, l)   (recv(fd, b, l, 0))
+#define SOCKET_WRITE(fd, b, l)  (send(fd, b, l, 0))
+#define SOCKET_CONNECT          connect /* XXX */
+#define SOCKET_GETSOCKNAME      getsockname /* XXX */
+#define SOCKET_CLOSE            close /* XXX */
+#define SOCKET_EINTR            WSAEINTR
+
+/*
+ * Return -1 for error or number of bytes written.  TMP is a temporary
+ * variable; must be declared by the caller, and must be used by this macro (to
+ * avoid compiler warnings).
+ */
+/* WSASend returns 0 or SOCKET_ERROR.  */
+#define SOCKET_WRITEV_TEMP DWORD
+#define SOCKET_WRITEV(FD, SG, LEN, TMP)                 \
+    (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ?      \
+     (ssize_t)-1 : (ssize_t)(TMP))
+
+#define SHUTDOWN_READ   SD_RECEIVE
+#define SHUTDOWN_WRITE  SD_SEND
+#define SHUTDOWN_BOTH   SD_BOTH
+
+/*
+ * Define any missing POSIX socket errors.  This is for compatibility with
+ * older versions of MSVC (pre-2010).
+ */
+#ifndef EINPROGRESS
+#define EINPROGRESS WSAEINPROGRESS
+#endif
+#ifndef EWOULDBLOCK
+#define EWOULDBLOCK WSAEWOULDBLOCK
+#endif
+#ifndef ECONNRESET
+#define ECONNRESET  WSAECONNRESET
+#endif
+#ifndef ECONNABORTED
+#define ECONNABORTED WSAECONNABORTED
+#endif
+#ifndef ECONNREFUSED
+#define ECONNREFUSED WSAECONNREFUSED
+#endif
+#ifndef EHOSTUNREACH
+#define EHOSTUNREACH WSAEHOSTUNREACH
+#endif
+#ifndef ETIMEDOUT
+#define ETIMEDOUT WSAETIMEDOUT
+#endif
+
+/* Translate posix_error to its Winsock counterpart and set the last Winsock
+ * error to the result. */
+static __inline void TranslatedWSASetLastError(int posix_error)
+{
+    int wsa_error;
+    switch (posix_error) {
+    case 0:
+        wsa_error = 0; break;
+    case EINPROGRESS:
+        wsa_error = WSAEINPROGRESS; break;
+    case EWOULDBLOCK:
+        wsa_error = WSAEWOULDBLOCK; break;
+    case ECONNRESET:
+        wsa_error = WSAECONNRESET; break;
+    case ECONNABORTED:
+        wsa_error = WSAECONNABORTED; break;
+    case ECONNREFUSED:
+        wsa_error = WSAECONNREFUSED; break;
+    case EHOSTUNREACH:
+        wsa_error = WSAEHOSTUNREACH; break;
+    case ETIMEDOUT:
+        wsa_error = WSAETIMEDOUT; break;
+    case EAFNOSUPPORT:
+        wsa_error = WSAEAFNOSUPPORT; break;
+    case EINVAL:
+        wsa_error = WSAEINVAL; break;
+    default:
+        /* Ideally, we would log via k5-trace here, but we have no context. */
+        wsa_error = WSAEINVAL; break;
+    }
+    WSASetLastError(wsa_error);
+}
+
+/*
+ * Translate Winsock errors to their POSIX counterparts.  This is necessary for
+ * MSVC 2010+, where both Winsock and POSIX errors are defined.
+ */
+static __inline int TranslatedWSAGetLastError()
+{
+    int err = WSAGetLastError();
+    switch (err) {
+    case 0:
+        break;
+    case WSAEINPROGRESS:
+        err = EINPROGRESS; break;
+    case WSAEWOULDBLOCK:
+        err = EWOULDBLOCK; break;
+    case WSAECONNRESET:
+        err = ECONNRESET; break;
+    case WSAECONNABORTED:
+        err = ECONNABORTED; break;
+    case WSAECONNREFUSED:
+        err = ECONNREFUSED; break;
+    case WSAEHOSTUNREACH:
+        err = EHOSTUNREACH; break;
+    case WSAETIMEDOUT:
+        err = ETIMEDOUT; break;
+    case WSAEAFNOSUPPORT:
+        err = EAFNOSUPPORT; break;
+    case WSAEINVAL:
+        err = EINVAL; break;
+    default:
+        /* Ideally, we would log via k5-trace here, but we have no context. */
+        err = EINVAL; break;
+    }
+    return err;
+}
+
+#elif defined(__palmos__)
+
+/* If this source file requires it, define struct sockaddr_in (and possibly
+ * other things related to network I/O). */
+
+#include "autoconf.h"
+#include <netdb.h>
+typedef int socklen_t;
+
+#else /* UNIX variants */
+
+#include "autoconf.h"
+
+#include <sys/types.h>
+#include <netinet/in.h>         /* For struct sockaddr_in and in_addr */
+#include <arpa/inet.h>          /* For inet_ntoa */
+#include <netdb.h>
+#include <string.h>             /* For memset */
+
+#ifndef HAVE_NETDB_H_H_ERRNO
+extern int h_errno;             /* In case it's missing, e.g., HP-UX 10.20. */
+#endif
+
+#include <sys/param.h>          /* For MAXHOSTNAMELEN */
+#include <sys/socket.h>         /* For SOCK_*, AF_*, etc */
+#include <sys/time.h>           /* For struct timeval */
+#include <net/if.h>             /* For struct ifconf, for localaddr.c */
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>            /* For struct iovec, for sg_buf */
+#endif
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>          /* For FIONBIO on Solaris.  */
+#endif
+
+/*
+ * Either size_t or int or unsigned int is probably right.  Under
+ * SunOS 4, it looks like int is desired, according to the accept man
+ * page.
+ */
+#ifndef HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+struct krb5int_sockaddr_storage {
+    struct sockaddr_in s;
+    /* Plenty of slop just in case we get an ipv6 address anyways.  */
+    long extra[16];
+};
+#define sockaddr_storage krb5int_sockaddr_storage
+#endif
+
+/* Unix equivalents of Winsock calls */
+#define SOCKET          int
+#define INVALID_SOCKET  ((SOCKET)~0)
+#define closesocket     close
+#define ioctlsocket     ioctl
+#define SOCKET_ERROR    (-1)
+
+typedef struct iovec sg_buf;
+
+#define SG_ADVANCE(SG, N)                               \
+    ((SG)->iov_len < (N)                                \
+     ? (abort(), 0)                                     \
+     : ((SG)->iov_base = (char *) (SG)->iov_base + (N), \
+        (SG)->iov_len -= (N), 0))
+
+#define SG_LEN(SG)              ((SG)->iov_len + 0)
+#define SG_BUF(SG)              ((char*)(SG)->iov_base + 0)
+#define SG_SET(SG, B, L)        ((SG)->iov_base = (char*)(B), (SG)->iov_len = (L))
+
+#define SOCKET_INITIALIZE()     (0)     /* No error (or anything else) */
+#define SOCKET_CLEANUP()        /* nothing */
+#define SOCKET_ERRNO            errno
+#define SOCKET_SET_ERRNO(x)     (errno = (x))
+#define SOCKET_NFDS(f)          ((f)+1) /* select() arg for a single fd */
+#define SOCKET_READ             read
+#define SOCKET_WRITE            write
+static inline int
+socket_connect(int fd, const struct sockaddr *addr, socklen_t addrlen)
+{
+    int st;
+#ifdef SO_NOSIGPIPE
+    int set = 1;
+#endif
+
+    st = connect(fd, addr, addrlen);
+    if (st == -1)
+        return st;
+
+#ifdef SO_NOSIGPIPE
+    st = setsockopt(fd, SOL_SOCKET, SO_NOSIGPIPE, &set, sizeof(set));
+    if (st != 0)
+        st = -1;
+#endif
+
+    return st;
+}
+#define SOCKET_CONNECT          socket_connect
+#define SOCKET_GETSOCKNAME      getsockname
+#define SOCKET_CLOSE            close
+#define SOCKET_EINTR            EINTR
+#define SOCKET_WRITEV_TEMP int
+static inline ssize_t
+socket_sendmsg(SOCKET fd, sg_buf *iov, int iovcnt)
+{
+    struct msghdr msg;
+    int flags = 0;
+
+#ifdef MSG_NOSIGNAL
+    flags |= MSG_NOSIGNAL;
+#endif
+
+    memset(&msg, 0, sizeof(msg));
+    msg.msg_iov = iov;
+    msg.msg_iovlen = iovcnt;
+
+    return sendmsg(fd, &msg, flags);
+}
+/* Use TMP to avoid compiler warnings and keep things consistent with
+ * Windows version. */
+#define SOCKET_WRITEV(FD, SG, LEN, TMP)                 \
+    ((TMP) = socket_sendmsg((FD), (SG), (LEN)), (TMP))
+
+#define SHUTDOWN_READ   0
+#define SHUTDOWN_WRITE  1
+#define SHUTDOWN_BOTH   2
+
+#ifndef HAVE_INET_NTOP
+#define inet_ntop(AF,SRC,DST,CNT)                                       \
+    ((AF) == AF_INET                                                    \
+     ? ((CNT) < 16                                                      \
+        ? (SOCKET_SET_ERRNO(ENOSPC), (const char *)NULL)                \
+        : (sprintf((DST), "%d.%d.%d.%d",                                \
+                   ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \
+                   ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \
+                   ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \
+                   ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \
+           (DST)))                                                      \
+     : (SOCKET_SET_ERRNO(EAFNOSUPPORT), (const char *)NULL))
+#define HAVE_INET_NTOP
+#endif
+
+#endif /* _WIN32 */
+
+#if !defined(_WIN32)
+/* UNIX or ...?  */
+# ifdef S_SPLINT_S
+extern int socket (int, int, int) /*@*/;
+# endif
+#endif
+
+#endif /*_PORT_SOCKET_H*/
diff --git a/krb5-1.21.3/src/include/socket-utils.h b/krb5-1.21.3/src/include/socket-utils.h
new file mode 100644
index 00000000..e1f33aa3
--- /dev/null
+++ b/krb5-1.21.3/src/include/socket-utils.h
@@ -0,0 +1,146 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2001,2005 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+#ifndef SOCKET_UTILS_H
+#define SOCKET_UTILS_H
+
+/* Some useful stuff cross-platform for manipulating socket addresses.
+   We assume at least ipv4 sockaddr_in support.  The sockaddr_storage
+   stuff comes from the ipv6 socket api enhancements; socklen_t is
+   provided on some systems; the rest is just convenience for internal
+   use in the krb5 tree.
+
+   Do NOT install this file.  */
+
+/* for HAVE_SOCKLEN_T etc */
+#include "autoconf.h"
+/* for sockaddr_storage */
+#include "port-sockets.h"
+/* for "inline" if needed */
+#include "k5-platform.h"
+
+/*
+ * There's a lot of confusion between pointers to different sockaddr
+ * types, and pointers with different degrees of indirection, as in
+ * the locate_kdc type functions.  Use these function to ensure we
+ * don't do something silly like cast a "sockaddr **" to a
+ * "sockaddr_in *".
+ *
+ * The casts to (void *) are to get GCC to shut up about alignment
+ * increasing.
+ */
+static inline struct sockaddr_in *sa2sin (struct sockaddr *sa)
+{
+    return (struct sockaddr_in *) (void *) sa;
+}
+static inline struct sockaddr_in6 *sa2sin6 (struct sockaddr *sa)
+{
+    return (struct sockaddr_in6 *) (void *) sa;
+}
+static inline struct sockaddr *ss2sa (struct sockaddr_storage *ss)
+{
+    return (struct sockaddr *) ss;
+}
+static inline struct sockaddr_in *ss2sin (struct sockaddr_storage *ss)
+{
+    return (struct sockaddr_in *) ss;
+}
+static inline struct sockaddr_in6 *ss2sin6 (struct sockaddr_storage *ss)
+{
+    return (struct sockaddr_in6 *) ss;
+}
+
+/* Set the IPv4 or IPv6 port on sa to port.  Do nothing if sa is not an
+ * Internet socket. */
+static inline void
+sa_setport(struct sockaddr *sa, uint16_t port)
+{
+    if (sa->sa_family == AF_INET)
+        sa2sin(sa)->sin_port = htons(port);
+    else if (sa->sa_family == AF_INET6)
+        sa2sin6(sa)->sin6_port = htons(port);
+}
+
+/* Get the Internet port number of sa, or 0 if it is not an Internet socket. */
+static inline uint16_t
+sa_getport(struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET)
+        return ntohs(sa2sin(sa)->sin_port);
+    else if (sa->sa_family == AF_INET6)
+        return ntohs(sa2sin6(sa)->sin6_port);
+    else
+        return 0;
+}
+
+/* Return true if sa is an IPv4 or IPv6 socket address. */
+static inline int
+sa_is_inet(struct sockaddr *sa)
+{
+    return sa->sa_family == AF_INET || sa->sa_family == AF_INET6;
+}
+
+/* Return true if sa is an IPv4 or IPv6 wildcard address. */
+static inline int
+sa_is_wildcard(struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET6)
+        return IN6_IS_ADDR_UNSPECIFIED(&sa2sin6(sa)->sin6_addr);
+    else if (sa->sa_family == AF_INET)
+        return sa2sin(sa)->sin_addr.s_addr == INADDR_ANY;
+    return 0;
+}
+
+/* Return the length of an IPv4 or IPv6 socket structure; abort if it is
+ * neither. */
+static inline socklen_t
+sa_socklen(struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET6)
+        return sizeof(struct sockaddr_in6);
+    else if (sa->sa_family == AF_INET)
+        return sizeof(struct sockaddr_in);
+    else
+        abort();
+}
+
+#endif /* SOCKET_UTILS_H */
diff --git a/krb5-1.21.3/src/include/win-mac.h b/krb5-1.21.3/src/include/win-mac.h
new file mode 100644
index 00000000..0fd3a29e
--- /dev/null
+++ b/krb5-1.21.3/src/include/win-mac.h
@@ -0,0 +1,239 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * This file is now only used on Windows
+ */
+
+/*
+ * type functions split out of here to make things look nicer in the
+ * various include files which need these definitions, as well as in
+ * the util/ directories.
+ */
+
+#ifndef _KRB5_WIN_MAC_H
+#define _KRB5_WIN_MAC_H
+
+#ifdef _WIN32
+#define ID_READ_PWD_DIALOG  10000
+#define ID_READ_PWD_PROMPT  10001
+#define ID_READ_PWD_PROMPT2 10002
+#define ID_READ_PWD_PWD     10003
+
+#ifdef RES_ONLY
+
+#define APSTUDIO_HIDDEN_SYMBOLS
+#include <windows.h>
+
+#else /* ! RES_ONLY */
+#include <stdlib.h>
+#ifdef DEBUG
+#include <crtdbg.h>
+#endif
+
+/* To ensure backward compatibility of the ABI use 32-bit time_t on
+ * 32-bit Windows.
+ */
+#ifdef _KRB5_INT_H
+#ifdef KRB5_GENERAL__
+#error krb5.h included before k5-int.h
+#endif /* KRB5_GENERAL__ */
+#if _INTEGRAL_MAX_BITS >= 64 && _MSC_VER >= 1400 && !defined(_WIN64) && !defined(_USE_32BIT_TIME_T)
+#if defined(_TIME_T_DEFINED) || defined(_INC_IO) || defined(_INC_TIME) || defined(_INC_WCHAR)
+#error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform.
+#endif /* _TIME_T_DEFINED */
+#define _USE_32BIT_TIME_T
+#endif
+#endif
+
+#define SIZEOF_INT      4
+#define SIZEOF_SHORT    2
+#define SIZEOF_LONG     4
+
+#include <windows.h>
+#include <limits.h>
+
+#ifndef SIZE_MAX    /* in case Microsoft defines max size of size_t */
+#ifdef  MAX_SIZE    /* Microsoft defines MAX_SIZE as max size of size_t */
+#define SIZE_MAX MAX_SIZE
+#else
+#define SIZE_MAX UINT_MAX
+#endif
+#endif
+
+#ifndef KRB5_CALLCONV
+#  define KRB5_CALLCONV __stdcall
+#  define KRB5_CALLCONV_C __cdecl
+
+/*
+ * Use this to mark an incorrect calling convention that has been
+ * "immortalized" because it was incorrectly exported in a previous
+ * release.
+ */
+
+#  define KRB5_CALLCONV_WRONG KRB5_CALLCONV_C
+
+#endif /* !KRB5_CALLCONV */
+
+#ifndef KRB5_SYSTYPES__
+#define KRB5_SYSTYPES__
+#include <sys/types.h>
+typedef unsigned long    u_long;      /* Not part of sys/types.h on the pc */
+typedef unsigned int     u_int;
+typedef unsigned short   u_short;
+typedef unsigned char    u_char;
+typedef unsigned short   uint16_t;
+typedef short            int16_t;
+typedef unsigned int     uint32_t;
+typedef int              int32_t;
+#if _INTEGRAL_MAX_BITS >= 64
+typedef unsigned __int64 uint64_t;
+typedef __int64          int64_t;
+#endif
+#ifndef SSIZE_T_DEFINED
+#ifdef ssize_t
+#undef ssize_t
+#endif
+#ifdef _WIN64
+typedef __int64          ssize_t;
+#else
+typedef _W64 int         ssize_t;
+#endif
+#define SSIZE_T_DEFINED
+#endif
+#endif /* KRB5_SYSTYPES__ */
+
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN  512
+#endif
+
+#ifndef MAXPATHLEN
+#define MAXPATHLEN      256            /* Also for Windows temp files */
+#endif
+
+#ifdef KRB5_PRIVATE
+#define HAVE_NETINET_IN_H
+#define MSDOS_FILESYSTEM
+#define HAVE_STRING_H
+#define HAVE_SRAND
+#define HAVE_ERRNO
+#define HAVE_STRDUP
+#define HAVE_GETADDRINFO
+#define HAVE_GETNAMEINFO
+#define NO_USERID
+#define NO_PASSWORD
+#define HAVE_STRERROR
+#define SYS_ERRLIST_DECLARED
+#if _MSC_VER >= 1900
+#define HAVE_VSNPRINTF
+#endif
+/* Visual Studio 2012 errors out when we macroize keywords in C++ mode */
+#ifndef __cplusplus
+#define inline __inline
+#endif
+#define NEED_INSIXADDR_ANY
+#define ENABLE_THREADS
+#endif
+
+#define WM_KERBEROS5_CHANGED "Kerberos5 Changed"
+#ifdef KRB4
+#define WM_KERBEROS_CHANGED "Kerberos Changed"
+#endif
+
+/* Kerberos Windows initialization file */
+#define KERBEROS_INI    "kerberos.ini"
+#ifdef CYGNUS
+#define KERBEROS_HLP    "kerbnet.hlp"
+#else
+#define KERBEROS_HLP    "krb5clnt.hlp"
+#endif
+#define INI_DEFAULTS    "Defaults"
+#define   INI_USER        "User"          /* Default user */
+#define   INI_INSTANCE    "Instance"      /* Default instance */
+#define   INI_REALM       "Realm"         /* Default realm */
+#define   INI_POSITION    "Position"
+#define   INI_OPTIONS     "Options"
+#define   INI_DURATION    "Duration"   /* Ticket duration in minutes */
+#define INI_EXPIRATION  "Expiration" /* Action on expiration (alert or beep) */
+#define   INI_ALERT       "Alert"
+#define   INI_BEEP        "Beep"
+#define   INI_FILES       "Files"
+#ifdef KRB4
+#define   INI_KRB_CONF    "krb.conf"     /* Location of krb.conf file */
+#define   DEF_KRB_CONF    "krb.conf"      /* Default name for krb.conf file */
+#else
+#define INI_KRB5_CONF   "krb5.ini"      /* From k5-config.h */
+#define INI_KRB_CONF    INI_KRB5_CONF   /* Location of krb.conf file */
+#define DEF_KRB_CONF    INI_KRB5_CONF   /* Default name for krb.conf file */
+#define INI_TICKETOPTS  "TicketOptions" /* Ticket options */
+#define   INI_FORWARDABLE  "Forwardable" /* get forwardable tickets */
+#define INI_KRB_CCACHE  "krb5cc"        /* From k5-config.h */
+#endif
+#define INI_KRB_REALMS  "krb.realms"    /* Location of krb.realms file */
+#define DEF_KRB_REALMS  "krb.realms"    /* Default name for krb.realms file */
+#define INI_RECENT_LOGINS "Recent Logins"
+#define INI_LOGIN       "Login"
+
+#ifdef KRB5_PRIVATE
+#define HAS_VOID_TYPE
+#define HAVE_STDARG_H
+#define HAVE_SYS_TYPES_H
+#define HAVE_STDLIB_H
+#endif
+
+/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o
+ * routines directly. Rather, they only export the _<function> version.
+ * The following defines works around this problem.
+ */
+#include <sys\types.h>
+#include <sys\stat.h>
+#include <fcntl.h>
+#include <io.h>
+#include <process.h>
+#include <wincrypt.h>
+
+#ifdef NEED_SYSERROR
+/* Only needed by util/et/error_message.c but let's keep the source clean */
+#define sys_nerr        _sys_nerr
+#define sys_errlist     _sys_errlist
+#endif
+
+/*
+ * Functions with slightly different names on the PC
+ */
+#ifndef strcasecmp
+#define strcasecmp   _stricmp
+#endif
+#ifndef strncasecmp
+#define strncasecmp  _strnicmp
+#endif
+
+/* VS2005 has deprecated strdup */
+#ifndef strdup
+#define strdup _strdup
+#endif
+
+/* Windows has its own name for reentrant strtok. */
+#define strtok_r strtok_s
+
+HINSTANCE get_lib_instance(void);
+
+#define GETSOCKNAME_ARG3_TYPE   size_t
+#define GETPEERNAME_ARG3_TYPE   GETSOCKNAME_ARG3_TYPE
+
+#endif /* !RES_ONLY */
+
+#endif /* _WIN32 */
+
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
+
+#define DEFKTNAME "FILE:%{WINDOWS}\\krb5kt"
+#define DEFCKTNAME "FILE:%{WINDOWS}\\krb5clientkt"
+
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#endif
+
+#ifndef KRB5_CALLCONV_C
+#define KRB5_CALLCONV_C
+#endif
+
+#endif /* _KRB5_WIN_MAC_H */
diff --git a/krb5-1.21.3/src/kadmin/Makefile.in b/krb5-1.21.3/src/kadmin/Makefile.in
new file mode 100644
index 00000000..87cfa43f
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/Makefile.in
@@ -0,0 +1,6 @@
+mydir=kadmin
+BUILDTOP=$(REL)..
+SUBDIRS = cli dbutil ktutil server
+
+all:
+
diff --git a/krb5-1.21.3/src/kadmin/cli/Makefile.in b/krb5-1.21.3/src/kadmin/cli/Makefile.in
new file mode 100644
index 00000000..adfea6e2
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/Makefile.in
@@ -0,0 +1,39 @@
+mydir=kadmin$(S)cli
+BUILDTOP=$(REL)..$(S)..
+KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
+
+PROG = kadmin
+COMMON_OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o
+KADMIN_OBJS = $(COMMON_OBJS) keytab.o
+LOCAL_OBJS = $(COMMON_OBJS) keytab_local.o
+
+SRCS = kadmin.c kadmin_ct.c ss_wrapper.c getdate.c keytab.c keytab_local.c
+
+LOCALINCLUDES=-I$(srcdir)
+
+all: $(PROG).local $(PROG)
+
+$(PROG).local: $(LOCAL_OBJS) $(SS_DEPLIB) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $(PROG).local $(LOCAL_OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
+
+$(PROG): $(KADMIN_OBJS) $(SS_DEPLIB) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $(PROG) $(KADMIN_OBJS) $(SS_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
+
+kadmin_ct.o: kadmin_ct.c
+
+install:
+	$(INSTALL_PROGRAM) $(PROG).local ${DESTDIR}$(ADMIN_BINDIR)/$(PROG).local
+	$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(CLIENT_BINDIR)/$(PROG)
+	$(INSTALL_SCRIPT) $(srcdir)/k5srvutil.sh ${DESTDIR}$(CLIENT_BINDIR)/k5srvutil
+
+generate-files-mac: kadmin_ct.c getdate.c
+
+clean:
+	$(RM) $(PROG).local $(PROG) $(COMMON_OBJS) $(KADMIN_OBJS) $(LOCAL_OBJS)
+clean-unix::
+	$(RM) datetest getdate.c kadmin_ct.c
+
+# for testing getdate.y
+# CC_LINK is not meant for compilation and this use may break in the future.
+datetest: getdate.c
+	$(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c
diff --git a/krb5-1.21.3/src/kadmin/cli/deps b/krb5-1.21.3/src/kadmin/cli/deps
new file mode 100644
index 00000000..a5873fc7
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/deps
@@ -0,0 +1,70 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kadmin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kadmin.c kadmin.h
+$(OUTPRE)kadmin_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \
+  kadmin_ct.c
+$(OUTPRE)ss_wrapper.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  kadmin.h ss_wrapper.c
+$(OUTPRE)getdate.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  getdate.c
+$(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kadmin.h keytab.c
+$(OUTPRE)keytab_local.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kadmin.h keytab.c keytab_local.c
diff --git a/krb5-1.21.3/src/kadmin/cli/getdate.y b/krb5-1.21.3/src/kadmin/cli/getdate.y
new file mode 100644
index 00000000..d14cf963
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/getdate.y
@@ -0,0 +1,1047 @@
+%{
+/*
+**  Originally written by Steven M. Bellovin <smb@research.att.com> while
+**  at the University of North Carolina at Chapel Hill.  Later tweaked by
+**  a couple of people on Usenet.  Completely overhauled by Rich $alz
+**  <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
+**  send any email to Rich.
+**
+**  This grammar has four shift/reduce conflicts.
+**
+**  This code is in the public domain and has no copyright.
+*/
+/* SUPPRESS 287 on yaccpar_sccsid *//* Unusd static variable */
+/* SUPPRESS 288 on yyerrlab *//* Label unused */
+
+#include "autoconf.h"
+#include <string.h>
+
+/* Since the code of getdate.y is not included in the Emacs executable
+   itself, there is no need to #define static in this file.  Even if
+   the code were included in the Emacs executable, it probably
+   wouldn't do any harm to #undef it here; this will only cause
+   problems if we try to write to a static variable, which I don't
+   think this code needs to do.  */
+#ifdef emacs
+#undef static
+#endif
+
+/* The following block of alloca-related preprocessor directives is here
+   solely to allow compilation by non GNU-C compilers of the C parser
+   produced from this file by old versions of bison.  Newer versions of
+   bison include a block similar to this one in bison.simple.  */
+
+#ifdef __GNUC__
+#undef alloca
+#define alloca __builtin_alloca
+#else
+#ifdef HAVE_ALLOCA_H
+#include <alloca.h>
+#else
+#ifdef _AIX /* for Bison */
+ #pragma alloca
+#else
+void *alloca ();
+#endif
+#endif
+#endif
+
+#include <stdio.h>
+#include <ctype.h>
+
+#if defined(HAVE_STDLIB_H)
+#include <stdlib.h>
+#endif
+
+/* The code at the top of get_date which figures out the offset of the
+   current time zone checks various CPP symbols to see if special
+   tricks are need, but defaults to using the gettimeofday system call.
+   Include <sys/time.h> if that will be used.  */
+
+#if	defined(vms)
+
+#include <types.h>
+#include <time.h>
+
+#else
+
+#include <sys/types.h>
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#include <time.h>
+
+#ifdef timezone
+#undef timezone /* needed for sgi */
+#endif
+
+/*
+** We use the obsolete `struct my_timeb' as part of our interface!
+** Since the system doesn't have it, we define it here;
+** our callers must do likewise.
+*/
+struct my_timeb {
+    time_t		time;		/* Seconds since the epoch	*/
+    unsigned short	millitm;	/* Field not used		*/
+    short		timezone;	/* Minutes west of GMT		*/
+    short		dstflag;	/* Field not used		*/
+};
+#endif	/* defined(vms) */
+
+#if defined (STDC_HEADERS) || defined (USG)
+#include <string.h>
+#endif
+
+/* Some old versions of bison generate parsers that use bcopy.
+   That loses on systems that don't provide the function, so we have
+   to redefine it here.  */
+#ifndef bcopy
+#define bcopy(from, to, len) memcpy ((to), (from), (len))
+#endif
+
+extern struct tm	*gmtime();
+extern struct tm	*localtime();
+
+#define yyparse getdate_yyparse
+#define yylex getdate_yylex
+#define yyerror getdate_yyerror
+
+static int getdate_yylex (void);
+static int getdate_yyerror (char *);
+
+
+#define EPOCH		1970
+#define EPOCH_END	2106 /* assumes unsigned 32-bit range */
+#define HOUR(x)		((time_t)(x) * 60)
+#define SECSPERDAY	(24L * 60L * 60L)
+
+
+/*
+**  An entry in the lexical lookup table.
+*/
+typedef struct _TABLE {
+    char	*name;
+    int		type;
+    time_t	value;
+} TABLE;
+
+
+/*
+**  Daylight-savings mode:  on, off, or not yet known.
+*/
+typedef enum _DSTMODE {
+    DSTon, DSToff, DSTmaybe
+} DSTMODE;
+
+/*
+**  Meridian:  am, pm, or 24-hour style.
+*/
+typedef enum _MERIDIAN {
+    MERam, MERpm, MER24
+} MERIDIAN;
+
+
+/*
+**  Global variables.  We could get rid of most of these by using a good
+**  union as the yacc stack.  (This routine was originally written before
+**  yacc had the %union construct.)  Maybe someday; right now we only use
+**  the %union very rarely.
+*/
+static char	*yyInput;
+static DSTMODE	yyDSTmode;
+static time_t	yyDayOrdinal;
+static time_t	yyDayNumber;
+static int	yyHaveDate;
+static int	yyHaveDay;
+static int	yyHaveRel;
+static int	yyHaveTime;
+static int	yyHaveZone;
+static time_t	yyTimezone;
+static time_t	yyDay;
+static time_t	yyHour;
+static time_t	yyMinutes;
+static time_t	yyMonth;
+static time_t	yySeconds;
+static time_t	yyYear;
+static MERIDIAN	yyMeridian;
+static time_t	yyRelMonth;
+static time_t	yyRelSeconds;
+
+%}
+
+/* This would mute the shift/reduce warnings as per header comment; however,
+ * it relies on bison extensions. */
+/* %expect 4 */
+
+%union {
+    time_t		Number;
+    enum _MERIDIAN	Meridian;
+}
+
+%token			tAGO tID tDST tNEVER
+%token	<Number>	tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
+%token	<Number>	tSEC_UNIT tSNUMBER tUNUMBER tZONE
+%token	<Meridian>	tMERIDIAN
+%type	<Meridian>	o_merid
+
+%%
+
+spec	: /* NULL */
+	| spec item
+        | tNEVER {
+	    yyYear = 1970;
+	    yyMonth = 1;
+	    yyDay = 1;
+	    yyHour = yyMinutes = yySeconds = 0;
+	    yyDSTmode = DSToff;
+	    yyTimezone = 0; /* gmt */
+	    yyHaveDate++;
+        }
+	;
+
+item	: time {
+	    yyHaveTime++;
+	}
+	| zone {
+	    yyHaveZone++;
+	}
+	| date {
+	    yyHaveDate++;
+	}
+	| day {
+	    yyHaveDay++;
+	}
+	| rel {
+	    yyHaveRel++;
+	}
+	;
+
+time	: tUNUMBER tMERIDIAN {
+	    yyHour = $1;
+	    yyMinutes = 0;
+	    yySeconds = 0;
+	    yyMeridian = $2;
+	}
+	| tUNUMBER ':' tUNUMBER o_merid {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yySeconds = 0;
+	    yyMeridian = $4;
+	}
+	| tUNUMBER ':' tUNUMBER tSNUMBER {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yyMeridian = MER24;
+	    yyDSTmode = DSToff;
+	    yyTimezone = - ($4 % 100 + ($4 / 100) * 60);
+	}
+	| tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yySeconds = $5;
+	    yyMeridian = $6;
+	}
+	| tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yySeconds = $5;
+	    yyMeridian = MER24;
+	    yyDSTmode = DSToff;
+	    yyTimezone = - ($6 % 100 + ($6 / 100) * 60);
+	}
+	;
+
+zone	: tZONE {
+	    yyTimezone = $1;
+	    yyDSTmode = DSToff;
+	}
+	| tDAYZONE {
+	    yyTimezone = $1;
+	    yyDSTmode = DSTon;
+	}
+	|
+	  tZONE tDST {
+	    yyTimezone = $1;
+	    yyDSTmode = DSTon;
+	}
+	;
+
+day	: tDAY {
+	    yyDayOrdinal = 1;
+	    yyDayNumber = $1;
+	}
+	| tDAY ',' {
+	    yyDayOrdinal = 1;
+	    yyDayNumber = $1;
+	}
+	| tUNUMBER tDAY {
+	    yyDayOrdinal = $1;
+	    yyDayNumber = $2;
+	}
+	;
+
+date	: tUNUMBER '/' tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $3;
+	}
+	| tUNUMBER '/' tUNUMBER '/' tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $3;
+	    yyYear = $5;
+	}
+	| tUNUMBER tSNUMBER tSNUMBER {
+	    /* ISO 8601 format.  yyyy-mm-dd.  */
+	    yyYear = $1;
+	    yyMonth = -$2;
+	    yyDay = -$3;
+	}
+	| tUNUMBER tMONTH tSNUMBER {
+	    /* e.g. 17-JUN-1992.  */
+	    yyDay = $1;
+	    yyMonth = $2;
+	    yyYear = -$3;
+	}
+	| tMONTH tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $2;
+	}
+	| tMONTH tUNUMBER ',' tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $2;
+	    yyYear = $4;
+	}
+	| tUNUMBER tMONTH {
+	    yyMonth = $2;
+	    yyDay = $1;
+	}
+	| tUNUMBER tMONTH tUNUMBER {
+	    yyMonth = $2;
+	    yyDay = $1;
+	    yyYear = $3;
+	}
+	;
+
+rel	: relunit tAGO {
+	    yyRelSeconds = -yyRelSeconds;
+	    yyRelMonth = -yyRelMonth;
+	}
+	| relunit
+	;
+
+relunit	: tUNUMBER tMINUTE_UNIT {
+	    yyRelSeconds += $1 * $2 * 60L;
+	}
+	| tSNUMBER tMINUTE_UNIT {
+	    yyRelSeconds += $1 * $2 * 60L;
+	}
+	| tMINUTE_UNIT {
+	    yyRelSeconds += $1 * 60L;
+	}
+	| tSNUMBER tSEC_UNIT {
+	    yyRelSeconds += $1;
+	}
+	| tUNUMBER tSEC_UNIT {
+	    yyRelSeconds += $1;
+	}
+	| tSEC_UNIT {
+	    yyRelSeconds++;
+	}
+	| tSNUMBER tMONTH_UNIT {
+	    yyRelMonth += $1 * $2;
+	}
+	| tUNUMBER tMONTH_UNIT {
+	    yyRelMonth += $1 * $2;
+	}
+	| tMONTH_UNIT {
+	    yyRelMonth += $1;
+	}
+	;
+
+o_merid	: /* NULL */ {
+	    $$ = MER24;
+	}
+	| tMERIDIAN {
+	    $$ = $1;
+	}
+	;
+
+%%
+
+/* Month and day table. */
+static TABLE const MonthDayTable[] = {
+    { "january",	tMONTH,  1 },
+    { "february",	tMONTH,  2 },
+    { "march",		tMONTH,  3 },
+    { "april",		tMONTH,  4 },
+    { "may",		tMONTH,  5 },
+    { "june",		tMONTH,  6 },
+    { "july",		tMONTH,  7 },
+    { "august",		tMONTH,  8 },
+    { "september",	tMONTH,  9 },
+    { "sept",		tMONTH,  9 },
+    { "october",	tMONTH, 10 },
+    { "november",	tMONTH, 11 },
+    { "december",	tMONTH, 12 },
+    { "sunday",		tDAY, 0 },
+    { "monday",		tDAY, 1 },
+    { "tuesday",	tDAY, 2 },
+    { "tues",		tDAY, 2 },
+    { "wednesday",	tDAY, 3 },
+    { "wednes",		tDAY, 3 },
+    { "thursday",	tDAY, 4 },
+    { "thur",		tDAY, 4 },
+    { "thurs",		tDAY, 4 },
+    { "friday",		tDAY, 5 },
+    { "saturday",	tDAY, 6 },
+    { NULL }
+};
+
+/* Time units table. */
+static TABLE const UnitsTable[] = {
+    { "year",		tMONTH_UNIT,	12 },
+    { "month",		tMONTH_UNIT,	1 },
+    { "fortnight",	tMINUTE_UNIT,	14 * 24 * 60 },
+    { "week",		tMINUTE_UNIT,	7 * 24 * 60 },
+    { "day",		tMINUTE_UNIT,	1 * 24 * 60 },
+    { "hour",		tMINUTE_UNIT,	60 },
+    { "minute",		tMINUTE_UNIT,	1 },
+    { "min",		tMINUTE_UNIT,	1 },
+    { "second",		tSEC_UNIT,	1 },
+    { "sec",		tSEC_UNIT,	1 },
+    { NULL }
+};
+
+/* Assorted relative-time words. */
+static TABLE const OtherTable[] = {
+    { "tomorrow",	tMINUTE_UNIT,	1 * 24 * 60 },
+    { "yesterday",	tMINUTE_UNIT,	-1 * 24 * 60 },
+    { "today",		tMINUTE_UNIT,	0 },
+    { "now",		tMINUTE_UNIT,	0 },
+    { "last",		tUNUMBER,	-1 },
+    { "this",		tMINUTE_UNIT,	0 },
+    { "next",		tUNUMBER,	2 },
+    { "first",		tUNUMBER,	1 },
+/*  { "second",		tUNUMBER,	2 }, */
+    { "third",		tUNUMBER,	3 },
+    { "fourth",		tUNUMBER,	4 },
+    { "fifth",		tUNUMBER,	5 },
+    { "sixth",		tUNUMBER,	6 },
+    { "seventh",	tUNUMBER,	7 },
+    { "eighth",		tUNUMBER,	8 },
+    { "ninth",		tUNUMBER,	9 },
+    { "tenth",		tUNUMBER,	10 },
+    { "eleventh",	tUNUMBER,	11 },
+    { "twelfth",	tUNUMBER,	12 },
+    { "ago",		tAGO,		1 },
+    { "never",		tNEVER,		0 },
+    { NULL }
+};
+
+/* The timezone table. */
+/* Some of these are commented out because a time_t can't store a float. */
+static TABLE const TimezoneTable[] = {
+    { "gmt",	tZONE,     HOUR( 0) },	/* Greenwich Mean */
+    { "ut",	tZONE,     HOUR( 0) },	/* Universal (Coordinated) */
+    { "utc",	tZONE,     HOUR( 0) },
+    { "wet",	tZONE,     HOUR( 0) },	/* Western European */
+    { "bst",	tDAYZONE,  HOUR( 0) },	/* British Summer */
+    { "wat",	tZONE,     HOUR( 1) },	/* West Africa */
+    { "at",	tZONE,     HOUR( 2) },	/* Azores */
+#if	0
+    /* For completeness.  BST is also British Summer, and GST is
+     * also Guam Standard. */
+    { "bst",	tZONE,     HOUR( 3) },	/* Brazil Standard */
+    { "gst",	tZONE,     HOUR( 3) },	/* Greenland Standard */
+#endif
+#if 0
+    { "nft",	tZONE,     HOUR(3.5) },	/* Newfoundland */
+    { "nst",	tZONE,     HOUR(3.5) },	/* Newfoundland Standard */
+    { "ndt",	tDAYZONE,  HOUR(3.5) },	/* Newfoundland Daylight */
+#endif
+    { "ast",	tZONE,     HOUR( 4) },	/* Atlantic Standard */
+    { "adt",	tDAYZONE,  HOUR( 4) },	/* Atlantic Daylight */
+    { "est",	tZONE,     HOUR( 5) },	/* Eastern Standard */
+    { "edt",	tDAYZONE,  HOUR( 5) },	/* Eastern Daylight */
+    { "cst",	tZONE,     HOUR( 6) },	/* Central Standard */
+    { "cdt",	tDAYZONE,  HOUR( 6) },	/* Central Daylight */
+    { "mst",	tZONE,     HOUR( 7) },	/* Mountain Standard */
+    { "mdt",	tDAYZONE,  HOUR( 7) },	/* Mountain Daylight */
+    { "pst",	tZONE,     HOUR( 8) },	/* Pacific Standard */
+    { "pdt",	tDAYZONE,  HOUR( 8) },	/* Pacific Daylight */
+    { "yst",	tZONE,     HOUR( 9) },	/* Yukon Standard */
+    { "ydt",	tDAYZONE,  HOUR( 9) },	/* Yukon Daylight */
+    { "hst",	tZONE,     HOUR(10) },	/* Hawaii Standard */
+    { "hdt",	tDAYZONE,  HOUR(10) },	/* Hawaii Daylight */
+    { "cat",	tZONE,     HOUR(10) },	/* Central Alaska */
+    { "ahst",	tZONE,     HOUR(10) },	/* Alaska-Hawaii Standard */
+    { "nt",	tZONE,     HOUR(11) },	/* Nome */
+    { "idlw",	tZONE,     HOUR(12) },	/* International Date Line West */
+    { "cet",	tZONE,     -HOUR(1) },	/* Central European */
+    { "met",	tZONE,     -HOUR(1) },	/* Middle European */
+    { "mewt",	tZONE,     -HOUR(1) },	/* Middle European Winter */
+    { "mest",	tDAYZONE,  -HOUR(1) },	/* Middle European Summer */
+    { "swt",	tZONE,     -HOUR(1) },	/* Swedish Winter */
+    { "sst",	tDAYZONE,  -HOUR(1) },	/* Swedish Summer */
+    { "fwt",	tZONE,     -HOUR(1) },	/* French Winter */
+    { "fst",	tDAYZONE,  -HOUR(1) },	/* French Summer */
+    { "eet",	tZONE,     -HOUR(2) },	/* Eastern Europe, USSR Zone 1 */
+    { "bt",	tZONE,     -HOUR(3) },	/* Baghdad, USSR Zone 2 */
+#if 0
+    { "it",	tZONE,     -HOUR(3.5) },/* Iran */
+#endif
+    { "zp4",	tZONE,     -HOUR(4) },	/* USSR Zone 3 */
+    { "zp5",	tZONE,     -HOUR(5) },	/* USSR Zone 4 */
+#if 0
+    { "ist",	tZONE,     -HOUR(5.5) },/* Indian Standard */
+#endif
+    { "zp6",	tZONE,     -HOUR(6) },	/* USSR Zone 5 */
+#if	0
+    /* For completeness.  NST is also Newfoundland Stanard, and SST is
+     * also Swedish Summer. */
+    { "nst",	tZONE,     -HOUR(6.5) },/* North Sumatra */
+    { "sst",	tZONE,     -HOUR(7) },	/* South Sumatra, USSR Zone 6 */
+#endif	/* 0 */
+    { "wast",	tZONE,     -HOUR(7) },	/* West Australian Standard */
+    { "wadt",	tDAYZONE,  -HOUR(7) },	/* West Australian Daylight */
+#if 0
+    { "jt",	tZONE,     -HOUR(7.5) },/* Java (3pm in Cronusland!) */
+#endif
+    { "cct",	tZONE,     -HOUR(8) },	/* China Coast, USSR Zone 7 */
+    { "jst",	tZONE,     -HOUR(9) },	/* Japan Standard, USSR Zone 8 */
+    { "kst",	tZONE,     -HOUR(9) },	/* Korean Standard */
+#if 0
+    { "cast",	tZONE,     -HOUR(9.5) },/* Central Australian Standard */
+    { "cadt",	tDAYZONE,  -HOUR(9.5) },/* Central Australian Daylight */
+#endif
+    { "east",	tZONE,     -HOUR(10) },	/* Eastern Australian Standard */
+    { "eadt",	tDAYZONE,  -HOUR(10) },	/* Eastern Australian Daylight */
+    { "gst",	tZONE,     -HOUR(10) },	/* Guam Standard, USSR Zone 9 */
+    { "kdt",	tZONE,     -HOUR(10) },	/* Korean Daylight */
+    { "nzt",	tZONE,     -HOUR(12) },	/* New Zealand */
+    { "nzst",	tZONE,     -HOUR(12) },	/* New Zealand Standard */
+    { "nzdt",	tDAYZONE,  -HOUR(12) },	/* New Zealand Daylight */
+    { "idle",	tZONE,     -HOUR(12) },	/* International Date Line East */
+    {  NULL  }
+};
+
+/* ARGSUSED */
+static int
+yyerror(char *s)
+{
+  return 0;
+}
+
+
+static time_t
+ToSeconds(time_t Hours, time_t Minutes, time_t Seconds, MERIDIAN Meridian)
+{
+    if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
+	return -1;
+    switch (Meridian) {
+    case MER24:
+	if (Hours < 0 || Hours > 23)
+	    return -1;
+	return (Hours * 60L + Minutes) * 60L + Seconds;
+    case MERam:
+	if (Hours < 1 || Hours > 12)
+	    return -1;
+	return (Hours * 60L + Minutes) * 60L + Seconds;
+    case MERpm:
+	if (Hours < 1 || Hours > 12)
+	    return -1;
+	return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
+    default:
+	abort ();
+    }
+    /* NOTREACHED */
+}
+
+/*
+ * From hh:mm:ss [am|pm] mm/dd/yy [tz], compute and return the number
+ * of seconds since 00:00:00 1/1/70 GMT.
+ */
+static time_t
+Convert(time_t Month, time_t Day, time_t Year, time_t Hours, time_t Minutes,
+	time_t Seconds, MERIDIAN Meridian, DSTMODE DSTmode)
+{
+    static int DaysInMonth[12] = {
+	31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+    };
+    time_t	tod;
+    time_t	Julian;
+    int		i;
+    struct tm	*tm;
+
+    if (Year < 0)
+	Year = -Year;
+    if (Year < 1900)
+	Year += 1900;
+    DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
+		    ? 29 : 28;
+    if (Year < EPOCH
+	|| Year > EPOCH_END
+	|| Month < 1 || Month > 12
+	/* Lint fluff:  "conversion from long may lose accuracy" */
+	|| Day < 1 || Day > DaysInMonth[(int)--Month])
+	 return -1;
+
+    for (Julian = Day - 1, i = 0; i < Month; i++)
+	Julian += DaysInMonth[i];
+    for (i = EPOCH; i < Year; i++)
+	 Julian += 365 + ((i % 4 == 0) && ((Year % 100 != 0) ||
+					   (Year % 400 == 0)));
+    Julian *= SECSPERDAY;
+    Julian += yyTimezone * 60L;
+    if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
+	return -1;
+    Julian += tod;
+    if (DSTmode == DSTon)
+	Julian -= 60 * 60;
+    else if (DSTmode == DSTmaybe) {
+	tm = localtime(&Julian);
+	if (tm == NULL)
+	    return -1;
+	else if (tm->tm_isdst)
+	    Julian -= 60 * 60;
+    }
+    return Julian;
+}
+
+
+static time_t
+DSTcorrect(time_t Start, time_t Future, int *error)
+{
+    time_t	StartDay;
+    time_t	FutureDay;
+    struct tm	*tm;
+
+    tm = localtime(&Start);
+    if (tm == NULL) {
+	*error = 1;
+	return -1;
+    }
+    StartDay = (tm->tm_hour + 1) % 24;
+    tm = localtime(&Future);
+    if (tm == NULL) {
+	*error = 1;
+	return -1;
+    }
+    FutureDay = (tm->tm_hour + 1) % 24;
+    *error = 0;
+    return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
+}
+
+
+static time_t
+RelativeDate(time_t Start, time_t DayOrdinal, time_t DayNumber, int *error)
+{
+    struct tm	*tm;
+    time_t	now;
+
+    now = Start;
+    tm = localtime(&now);
+    if (tm == NULL) {
+	*error = 1;
+	return -1;
+    }
+    now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
+    now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
+    return DSTcorrect(Start, now, error);
+}
+
+
+static time_t
+RelativeMonth(time_t Start, time_t RelMonth)
+{
+    struct tm	*tm;
+    time_t	Month;
+    time_t	Year;
+    time_t	ret;
+    int		error;
+
+    if (RelMonth == 0)
+	return 0;
+    tm = localtime(&Start);
+    if (tm == NULL)
+	return -1;
+    Month = 12 * tm->tm_year + tm->tm_mon + RelMonth;
+    Year = Month / 12;
+    Month = Month % 12 + 1;
+    ret = Convert(Month, (time_t)tm->tm_mday, Year,
+		  (time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+		  MER24, DSTmaybe);
+    if (ret == -1)
+      return ret;
+    ret = DSTcorrect(Start, ret, &error);
+    if (error)
+	return -1;
+    return ret;
+}
+
+
+static int
+LookupWord(char *buff)
+{
+    char	*p;
+    char	*q;
+    const TABLE	*tp;
+    int			i;
+    int			abbrev;
+
+    /* Make it lowercase. */
+    for (p = buff; *p; p++)
+	if (isupper((int) *p))
+	    *p = tolower((int) *p);
+
+    if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) {
+	yylval.Meridian = MERam;
+	return tMERIDIAN;
+    }
+    if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) {
+	yylval.Meridian = MERpm;
+	return tMERIDIAN;
+    }
+
+    /* See if we have an abbreviation for a month. */
+    if (strlen(buff) == 3)
+	abbrev = 1;
+    else if (strlen(buff) == 4 && buff[3] == '.') {
+	abbrev = 1;
+	buff[3] = '\0';
+    }
+    else
+	abbrev = 0;
+
+    for (tp = MonthDayTable; tp->name; tp++) {
+	if (abbrev) {
+	    if (strncmp(buff, tp->name, 3) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+	}
+	else if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+    }
+
+    for (tp = TimezoneTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    if (strcmp(buff, "dst") == 0) 
+	return tDST;
+
+    for (tp = UnitsTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    /* Strip off any plural and try the units table again. */
+    i = strlen(buff) - 1;
+    if (buff[i] == 's') {
+	buff[i] = '\0';
+	for (tp = UnitsTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+	buff[i] = 's';		/* Put back for "this" in OtherTable. */
+    }
+
+    for (tp = OtherTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    /* Drop out any periods and try the timezone table again. */
+    for (i = 0, p = q = buff; *q; q++)
+	if (*q != '.')
+	    *p++ = *q;
+	else
+	    i++;
+    *p = '\0';
+    if (i)
+	for (tp = TimezoneTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+
+    return tID;
+}
+
+
+static int
+yylex()
+{
+    char		c;
+    char		*p;
+    char		buff[20];
+    int			Count;
+    int			sign;
+
+    for ( ; ; ) {
+	while (isspace((int) *yyInput))
+	    yyInput++;
+
+	c = *yyInput;
+	if (isdigit((int) c) || c == '-' || c == '+') {
+	    if (c == '-' || c == '+') {
+		sign = c == '-' ? -1 : 1;
+		if (!isdigit((int) (*++yyInput)))
+		    /* skip the '-' sign */
+		    continue;
+	    }
+	    else
+		sign = 0;
+	    for (yylval.Number = 0; isdigit((int) (c = *yyInput++)); )
+		yylval.Number = 10 * yylval.Number + c - '0';
+	    yyInput--;
+	    if (sign < 0)
+		yylval.Number = -yylval.Number;
+	    return sign ? tSNUMBER : tUNUMBER;
+	}
+	if (isalpha((int) c)) {
+	    for (p = buff; isalpha((int) (c = *yyInput++)) || c == '.'; )
+		if (p < &buff[sizeof buff - 1])
+		    *p++ = c;
+	    *p = '\0';
+	    yyInput--;
+	    return LookupWord(buff);
+	}
+	if (c != '(')
+	    return *yyInput++;
+	Count = 0;
+	do {
+	    c = *yyInput++;
+	    if (c == '\0')
+		return c;
+	    if (c == '(')
+		Count++;
+	    else if (c == ')')
+		Count--;
+	} while (Count > 0);
+    }
+}
+
+
+#define TM_YEAR_ORIGIN 1900
+
+/* Yield A - B, measured in seconds.  */
+static time_t
+difftm(struct tm *a, struct tm *b)
+{
+  int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
+  int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
+  return
+    (
+     (
+      (
+       /* difference in day of year */
+       a->tm_yday - b->tm_yday
+       /* + intervening leap days */
+       +  ((ay >> 2) - (by >> 2))
+       -  (ay/100 - by/100)
+       +  ((ay/100 >> 2) - (by/100 >> 2))
+       /* + difference in years * 365 */
+       +  (time_t)(ay-by) * 365
+       )*24 + (a->tm_hour - b->tm_hour)
+      )*60 + (a->tm_min - b->tm_min)
+     )*60 + (a->tm_sec - b->tm_sec);
+}
+
+/* For get_date extern declaration compatibility check... yuck.  */
+#include <krb5.h>
+int yyparse(void);
+
+time_t get_date_rel(char *, time_t);
+time_t get_date(char *);
+
+time_t
+get_date_rel(char *p, time_t nowtime)
+{
+    struct my_timeb	*now = NULL;
+    struct tm		*tm, gmt;
+    struct my_timeb	ftz;
+    time_t		Start;
+    time_t		tod;
+    time_t		delta;
+    int			error;
+
+    yyInput = p;
+    if (now == NULL) {
+        now = &ftz;
+
+	ftz.time = nowtime;
+
+	if (! (tm = gmtime (&ftz.time)))
+	    return -1;
+	gmt = *tm;	/* Make a copy, in case localtime modifies *tm.  */
+	tm = localtime(&ftz.time);
+	if (tm == NULL)
+	    return -1;
+	ftz.timezone = difftm (&gmt, tm) / 60;
+    }
+
+    tm = localtime(&now->time);
+    if (tm == NULL)
+	return -1;
+    yyYear = tm->tm_year;
+    yyMonth = tm->tm_mon + 1;
+    yyDay = tm->tm_mday;
+    yyTimezone = now->timezone;
+    yyDSTmode = DSTmaybe;
+    yyHour = 0;
+    yyMinutes = 0;
+    yySeconds = 0;
+    yyMeridian = MER24;
+    yyRelSeconds = 0;
+    yyRelMonth = 0;
+    yyHaveDate = 0;
+    yyHaveDay = 0;
+    yyHaveRel = 0;
+    yyHaveTime = 0;
+    yyHaveZone = 0;
+
+    /*
+     * When yyparse returns, zero or more of yyHave{Time,Zone,Date,Day,Rel} 
+     * will have been incremented.  The value is number of items of
+     * that type that were found; for all but Rel, more than one is
+     * illegal.
+     *
+     * For each yyHave indicator, the following values are set:
+     *
+     * yyHaveTime:
+     *	yyHour, yyMinutes, yySeconds: hh:mm:ss specified, initialized
+     *				      to zeros above
+     *	yyMeridian: MERam, MERpm, or MER24
+     *	yyTimeZone: time zone specified in minutes
+     *  yyDSTmode: DSToff if yyTimeZone is set, otherwise unchanged
+     *		   (initialized above to DSTmaybe)
+     *
+     * yyHaveZone:
+     *  yyTimezone: as above
+     *  yyDSTmode: DSToff if a non-DST zone is specified, otherwise DSTon
+     *	XXX don't understand interaction with yyHaveTime zone info
+     *
+     * yyHaveDay:
+     *	yyDayNumber: 0-6 for Sunday-Saturday
+     *  yyDayOrdinal: val specified with day ("second monday",
+     *		      Ordinal=2), otherwise 1
+     *
+     * yyHaveDate:
+     *	yyMonth, yyDay, yyYear: mm/dd/yy specified, initialized to
+     *				today above
+     *
+     * yyHaveRel:
+     *	yyRelSeconds: seconds specified with MINUTE_UNITs ("3 hours") or
+     *		      SEC_UNITs ("30 seconds")
+     *  yyRelMonth: months specified with MONTH_UNITs ("3 months", "1
+     *		     year")
+     *
+     * The code following yyparse turns these values into a single
+     * date stamp.
+     */
+    if (yyparse()
+     || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1)
+	return -1;
+
+    /*
+     * If an absolute time specified, set Start to the equivalent Unix
+     * timestamp.  Otherwise, set Start to now, and if we do not have
+     * a relatime time (ie: only yyHaveZone), decrement Start to the
+     * beginning of today.
+     *
+     * By having yyHaveDay in the "absolute" list, "next Monday" means
+     * midnight next Monday.  Otherwise, "next Monday" would mean the
+     * time right now, next Monday.  It's not clear to me why the
+     * current behavior is preferred.
+     */
+    if (yyHaveDate || yyHaveTime || yyHaveDay) {
+	Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds,
+			yyMeridian, yyDSTmode);
+	if (Start < 0)
+	    return -1;
+    }
+    else {
+	Start = now->time;
+	if (!yyHaveRel)
+	    Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec;
+    }
+
+    /*
+     * Add in the relative time specified.  RelativeMonth adds in the
+     * months, accounting for the fact that the actual length of "3
+     * months" depends on where you start counting.
+     *
+     * XXX By having this separate from the previous block, we are
+     * allowing dates like "10:00am 3 months", which means 3 months
+     * from 10:00am today, or even "1/1/99 two days" which means two
+     * days after 1/1/99.
+     *
+     * XXX Shouldn't this only be done if yyHaveRel, just for
+     * thoroughness?
+     */
+    Start += yyRelSeconds;
+    delta = RelativeMonth(Start, yyRelMonth);
+    if (delta == (time_t) -1)
+      return -1;
+    Start += delta;
+
+    /*
+     * Now, if you specified a day of week and counter, add it in.  By
+     * disallowing Date but allowing Time, you can say "5pm next
+     * monday".
+     *
+     * XXX The yyHaveDay && !yyHaveDate restriction should be enforced
+     * above and be able to cause failure.
+     */
+    if (yyHaveDay && !yyHaveDate) {
+	tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber, &error);
+	if (error != 0)
+	    return -1;
+	Start += tod;
+    }
+
+    /* Have to do *something* with a legitimate -1 so it's distinguishable
+     * from the error return value.  (Alternately could set errno on error.) */
+    return Start == -1 ? 0 : Start;
+}
+
+
+time_t
+get_date(char *p)
+{
+    return get_date_rel(p, time(NULL));
+}
+
+
+#if	defined(TEST)
+
+/* ARGSUSED */
+main(int ac, char *av[])
+{
+    char	buff[128];
+    time_t	d;
+
+    (void)printf("Enter date, or blank line to exit.\n\t> ");
+    (void)fflush(stdout);
+    while (gets(buff) && buff[0]) {
+	d = get_date(buff);
+	if (d == -1)
+	    (void)printf("Bad format - couldn't convert.\n");
+	else
+	    (void)printf("%s", ctime(&d));
+	(void)printf("\t> ");
+	(void)fflush(stdout);
+    }
+    exit(0);
+    /* NOTREACHED */
+}
+#endif	/* defined(TEST) */
diff --git a/krb5-1.21.3/src/kadmin/cli/k5srvutil.sh b/krb5-1.21.3/src/kadmin/cli/k5srvutil.sh
new file mode 100755
index 00000000..050fa877
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/k5srvutil.sh
@@ -0,0 +1,123 @@
+#!/bin/sh
+
+# list_princs keytab
+# returns a list of principals in the keytab
+# sorted and uniquified
+list_princs() {
+    klist -k $keytab | awk '(NR > 3) {print $2}' | sort | uniq
+}
+
+set_command() {
+    if [ x$command != x ] ; then
+	cmd_error Only one command can be specified
+	usage
+	exit 1
+    fi
+    command=$1
+}
+
+#interactive_prompt prompt princ
+# If in interactive mode  return  true if the principal  should be acted on
+# otherwise return true all the time
+interactive_prompt() {
+    if [ $interactive = 0 ] ; then
+	return 0
+    fi
+    printf "%s for %s? [yn]" "$1" "$2"
+    read ans
+    case $ans in
+    n*|N*)
+	return 1
+	;;
+    esac
+    return 0
+    }
+    
+cmd_error() {
+    echo $@ 2>&1
+    }
+
+usage() {
+    echo "Usage: $0 [-i] [-f file] [-e keysalts] list|change|delete|delold"
+}
+
+
+
+change_key() {
+    princs=`list_princs `
+    for princ in $princs; do
+	if interactive_prompt "Change key " $princ; then
+	    kadmin -k -t $keytab -p $princ -q \
+		"ktadd -k $keytab $keysalts $princ"
+	fi
+    done
+    }
+
+delete_old_keys() {
+    princs=`list_princs `
+    for princ in $princs; do
+	if interactive_prompt "Delete old keys " $princ; then
+	    kadmin -k -t $keytab -p $princ -q "ktrem -k $keytab $princ old"
+	fi
+    done
+    }
+
+delete_keys() {
+    interactive=1
+    princs=`list_princs `
+    for princ in $princs; do
+	if interactive_prompt "Delete all keys " $princ; then
+	    kadmin -p $princ -k -t $keytab -q "ktrem -k $keytab $princ all"
+	fi
+    done
+    }
+
+
+keytab=/etc/krb5.keytab
+interactive=0
+keysalts=""
+
+while [ $# -gt 0 ] ; do
+    opt=$1
+    shift
+        case $opt in
+	"-f")
+	keytab=$1
+	shift
+	;;
+	"-i")
+	interactive=1
+	;;
+	"-e")
+	keysalts="$keysalts -e \"$1\""
+	shift
+	;;
+	change|delold|delete|list)
+	set_command $opt
+	;;
+	*)
+	cmd_error Illegal option: $opt
+	usage
+	exit 1
+	;;
+	esac
+done
+	
+
+case $command in
+    change)
+    change_key
+    ;;
+    delold)
+    delete_old_keys
+    ;;
+    delete)
+    delete_keys
+    ;;
+    list)
+    klist -k $keytab
+    ;;
+    *)
+        usage
+	;;
+    esac
diff --git a/krb5-1.21.3/src/kadmin/cli/kadmin.c b/krb5-1.21.3/src/kadmin/cli/kadmin.c
new file mode 100644
index 00000000..f3ea6fae
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/kadmin.c
@@ -0,0 +1,1999 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* Base functions for a kadmin command line interface using the OVSecure
+ * library */
+
+/* for "_" macro */
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <math.h>
+#include <unistd.h>
+#include <pwd.h>
+/* #include <sys/timeb.h> */
+#include <time.h>
+#include "kadmin.h"
+
+static krb5_boolean script_mode = FALSE;
+int exit_status = 0;
+char *def_realm = NULL;
+char *whoami = NULL;
+
+void *handle = NULL;
+krb5_context context;
+char *ccache_name = NULL;
+
+int locked = 0;
+
+static void
+info(const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 1, 2)))
+#endif
+    ;
+
+static void
+error(const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 1, 2)))
+#endif
+    ;
+
+/* Like printf, but suppressed if script_mode is set. */
+static void
+info(const char *fmt, ...)
+{
+    va_list ap;
+
+    if (script_mode)
+        return;
+    va_start(ap, fmt);
+    vprintf(fmt, ap);
+    va_end(ap);
+}
+
+/* Like fprintf to stderr; also set exit_status if script_mode is set. */
+static void
+error(const char *fmt, ...)
+{
+    va_list ap;
+
+    if (script_mode)
+        exit_status = 1;
+    va_start(ap, fmt);
+    vfprintf(stderr, fmt, ap);
+    va_end(ap);
+}
+
+static void
+usage()
+{
+    error(_("Usage: %s [-r realm] [-p principal] [-q query] "
+            "[clnt|local args]\n"
+            "              [command args...]\n"
+            "\tclnt args: [-s admin_server[:port]] "
+            "[[-c ccache]|[-k [-t keytab]]]|[-n] [-O | -N]\n"
+            "\tlocal args: [-x db_args]* [-d dbname] "
+            "[-e \"enc:salt ...\"] [-m] [-w password] "
+            "where,\n\t[-x db_args]* - any number of database specific "
+            "arguments.\n"
+            "\t\t\tLook at each database documentation for supported "
+            "arguments\n"), whoami);
+    exit(1);
+}
+
+static char *
+strdur(time_t duration)
+{
+    static char out[50];
+    int neg, days, hours, minutes, seconds;
+
+    if (duration < 0) {
+        duration *= -1;
+        neg = 1;
+    } else
+        neg = 0;
+    days = duration / (24 * 3600);
+    duration %= 24 * 3600;
+    hours = duration / 3600;
+    duration %= 3600;
+    minutes = duration / 60;
+    duration %= 60;
+    seconds = duration;
+    snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
+             days, days == 1 ? "day" : "days",
+             hours, minutes, seconds);
+    return out;
+}
+
+static const char *
+strdate(krb5_timestamp when)
+{
+    struct tm *tm;
+    static char out[40];
+    time_t lcltim = ts2tt(when);
+
+    tm = localtime(&lcltim);
+    if (tm == NULL ||
+        strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm) == 0)
+        strlcpy(out, "(error)", sizeof(out));
+    return out;
+}
+
+/* Parse a date string using getdate.y.  On failure, output an error message
+ * and return (time_t)-1. */
+static time_t
+parse_date(char *str, time_t now)
+{
+    time_t date;
+
+    date = get_date_rel(str, now);
+    if (date == (time_t)-1)
+        error(_("Invalid date specification \"%s\".\n"), str);
+    return date;
+}
+
+/*
+ * Parse a time interval.  Use krb5_string_to_deltat() if it works; otherwise
+ * use getdate.y and subtract now, with sanity checks.  On failure, output an
+ * error message and return (time_t)-1.
+ */
+static time_t
+parse_interval(char *str, time_t now)
+{
+    time_t date;
+    krb5_deltat delta;
+
+    if (krb5_string_to_deltat(str, &delta) == 0)
+        return delta;
+
+    date = parse_date(str, now);
+    if (date == (time_t)-1)
+        return date;
+
+    /* Interpret an absolute time of 0 (e.g. "never") as an interval of 0. */
+    if (date == 0)
+        return 0;
+
+    /* Don't return a negative interval if the date is in the past. */
+    if (date < now) {
+        error(_("Interval specification \"%s\" is in the past.\n"), str);
+        return (time_t)-1;
+    }
+
+    return date - now;
+}
+
+/* this is a wrapper to go around krb5_parse_principal so we can set
+   the default realm up properly */
+static krb5_error_code
+kadmin_parse_name(char *name, krb5_principal *principal)
+{
+    char *cp, *fullname;
+    krb5_error_code retval;
+    int result;
+
+    /* assumes def_realm is initialized! */
+    cp = strchr(name, '@');
+    while (cp) {
+        if (cp - name && *(cp - 1) != '\\')
+            break;
+        else
+            cp = strchr(cp + 1, '@');
+    }
+    if (cp == NULL)
+        result = asprintf(&fullname, "%s@%s", name, def_realm);
+    else
+        result = asprintf(&fullname, "%s", name);
+    if (result < 0)
+        return ENOMEM;
+    retval = krb5_parse_name(context, fullname, principal);
+    free(fullname);
+    return retval;
+}
+
+static void
+extended_com_err_fn(const char *myprog, errcode_t code,
+                    const char *fmt, va_list args)
+{
+    const char *emsg;
+
+    if (code) {
+        emsg = krb5_get_error_message(context, code);
+        error("%s: %s ", myprog, emsg);
+        krb5_free_error_message(context, emsg);
+    } else {
+        error("%s: ", myprog);
+    }
+    vfprintf(stderr, fmt, args);
+    error("\n");
+}
+
+/* Create a principal using the oldest appropriate kadm5 API. */
+static krb5_error_code
+create_princ(kadm5_principal_ent_rec *princ, long mask, int n_ks,
+             krb5_key_salt_tuple *ks, char *pass)
+{
+    if (ks)
+        return kadm5_create_principal_3(handle, princ, mask, n_ks, ks, pass);
+    else
+        return kadm5_create_principal(handle, princ, mask, pass);
+}
+
+/* Randomize a principal's password using the appropriate kadm5 API. */
+krb5_error_code
+randkey_princ(void *lhandle, krb5_principal princ, krb5_boolean keepold,
+              int n_ks, krb5_key_salt_tuple *ks, krb5_keyblock **key,
+              int *n_keys)
+{
+    krb5_error_code ret;
+
+    /* Try the newer API first, because the Solaris kadmind only creates DES
+     * keys when the old API is used. */
+    ret = kadm5_randkey_principal_3(lhandle, princ, keepold, n_ks, ks, key,
+                                    n_keys);
+
+    /* Fall back to the old version if we get an error and aren't using any new
+     * parameters. */
+    if (ret == KADM5_RPC_ERROR && !keepold && ks == NULL)
+        ret = kadm5_randkey_principal(lhandle, princ, key, n_keys);
+
+    return ret;
+}
+
+static krb5_boolean
+policy_exists(const char *name)
+{
+    kadm5_policy_ent_rec pol;
+
+    if (kadm5_get_policy(handle, (char *)name, &pol) != 0)
+        return FALSE;
+    kadm5_free_policy_ent(handle, &pol);
+    return TRUE;
+}
+
+void
+kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out)
+{
+    extern char *optarg;
+    char *princstr = NULL, *keytab_name = NULL, *query = NULL;
+    char *password = NULL;
+    char *luser, *canon, *cp;
+    int optchar, freeprinc = 0, use_keytab = 0, use_anonymous = 0;
+    struct passwd *pw;
+    kadm5_ret_t retval;
+    krb5_ccache cc;
+    krb5_principal princ;
+    kadm5_config_params params;
+    char **db_args = NULL;
+    int db_args_size = 0;
+    char *db_name = NULL;
+    char *svcname, *realm;
+
+    memset(&params, 0, sizeof(params));
+
+    set_com_err_hook(extended_com_err_fn);
+
+    retval = kadm5_init_krb5_context(&context);
+    if (retval) {
+        com_err(whoami, retval, _("while initializing krb5 library"));
+        exit(1);
+    }
+
+    while ((optchar = getopt(argc, argv,
+                             "+x:r:p:knq:w:d:s:mc:t:e:ON")) != EOF) {
+        switch (optchar) {
+        case 'x':
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                error(_("%s: Cannot initialize. Not enough memory\n"), whoami);
+                exit(1);
+            }
+            db_args[db_args_size - 1] = optarg;
+            db_args[db_args_size] = NULL;
+            break;
+
+        case 'r':
+            def_realm = optarg;
+            break;
+        case 'p':
+            princstr = optarg;
+            break;
+        case 'c':
+            ccache_name = optarg;
+            break;
+        case 'k':
+            use_keytab++;
+            break;
+        case 'n':
+            use_anonymous++;
+            break;
+        case 't':
+            keytab_name = optarg;
+            break;
+        case 'w':
+            password = optarg;
+            break;
+        case 'q':
+            query = optarg;
+            break;
+        case 'd':
+            /* db_name has to be passed as part of the db_args. */
+            free(db_name);
+            asprintf(&db_name, "dbname=%s", optarg);
+
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                error(_("%s: Cannot initialize. Not enough memory\n"), whoami);
+                exit(1);
+            }
+            db_args[db_args_size - 1] = db_name;
+            db_args[db_args_size] = NULL;
+            break;
+        case 's':
+            params.admin_server = optarg;
+            params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+            break;
+        case 'm':
+            params.mkey_from_kbd = 1;
+            params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+            break;
+        case 'e':
+            retval = krb5_string_to_keysalts(optarg, NULL, NULL, 0,
+                                             &params.keysalts,
+                                             &params.num_keysalts);
+            if (retval) {
+                com_err(whoami, retval, _("while parsing keysalts %s"),
+                        optarg);
+                exit(1);
+            }
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+            break;
+        case 'O':
+            params.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
+            break;
+        case 'N':
+            params.mask |= KADM5_CONFIG_AUTH_NOFALLBACK;
+            break;
+        default:
+            usage();
+        }
+    }
+    if ((ccache_name && use_keytab) ||
+        (keytab_name && !use_keytab) ||
+        (ccache_name && use_anonymous) ||
+        (use_anonymous && use_keytab))
+        usage();
+
+    if (query != NULL && argv[optind] != NULL) {
+        error(_("%s: -q is exclusive with command-line query"), whoami);
+        usage();
+    }
+
+    if (argv[optind] != NULL)
+        script_mode = TRUE;
+
+    if (def_realm == NULL && krb5_get_default_realm(context, &def_realm)) {
+        error(_("%s: unable to get default realm\n"), whoami);
+        exit(1);
+    }
+
+    params.mask |= KADM5_CONFIG_REALM;
+    params.realm = def_realm;
+
+    if (params.mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)
+        svcname = KADM5_ADMIN_SERVICE;
+    else
+        svcname = NULL;
+
+    /*
+     * Set cc to an open credentials cache, either specified by the -c
+     * argument or the default.
+     */
+    if (ccache_name == NULL) {
+        retval = krb5_cc_default(context, &cc);
+        if (retval) {
+            com_err(whoami, retval,
+                    _("while opening default credentials cache"));
+            exit(1);
+        }
+    } else {
+        retval = krb5_cc_resolve(context, ccache_name, &cc);
+        if (retval) {
+            com_err(whoami, retval, _("while opening credentials cache %s"),
+                    ccache_name);
+            exit(1);
+        }
+    }
+
+    /*
+     * If no principal name is specified: If authenticating anonymously, use
+     * the anonymous principal for the local realm, else if a ccache was
+     * specified and its primary principal name can be read, it is used, else
+     * if a keytab was specified, the principal name is host/hostname,
+     * otherwise append "/admin" to the primary name of the default ccache,
+     * $USER, or pw_name.
+     *
+     * Gee, 100+ lines to figure out the client principal name.  This
+     * should be compressed...
+     */
+
+    if (princstr == NULL) {
+        if (use_anonymous) {
+            if (asprintf(&princstr, "%s/%s@%s", KRB5_WELLKNOWN_NAMESTR,
+                         KRB5_ANONYMOUS_PRINCSTR, def_realm) < 0) {
+                error(_("%s: out of memory\n"), whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else if (ccache_name != NULL &&
+            !krb5_cc_get_principal(context, cc, &princ)) {
+            retval = krb5_unparse_name(context, princ, &princstr);
+            if (retval) {
+                com_err(whoami, retval,
+                        _("while canonicalizing principal name"));
+                exit(1);
+            }
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if (use_keytab != 0) {
+            retval = krb5_sname_to_principal(context, NULL, "host",
+                                             KRB5_NT_SRV_HST, &princ);
+            if (retval) {
+                com_err(whoami, retval, _("creating host service principal"));
+                exit(1);
+            }
+            retval = krb5_unparse_name(context, princ, &princstr);
+            if (retval) {
+                com_err(whoami, retval,
+                        _("while canonicalizing principal name"));
+                exit(1);
+            }
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if (!krb5_cc_get_principal(context, cc, &princ)) {
+            if (krb5_unparse_name(context, princ, &canon)) {
+                error(_("%s: unable to canonicalize principal\n"), whoami);
+                exit(1);
+            }
+            /* Strip out realm of principal if it's there. */
+            realm = strchr(canon, '@');
+            while (realm) {
+                if (realm > canon && *(realm - 1) != '\\')
+                    break;
+                realm = strchr(realm + 1, '@');
+            }
+            if (realm)
+                *realm++ = '\0';
+            cp = strchr(canon, '/');
+            while (cp) {
+                if (cp > canon && *(cp - 1) != '\\')
+                    break;
+                cp = strchr(cp + 1, '/');
+            }
+            if (cp != NULL)
+                *cp = '\0';
+            if (asprintf(&princstr, "%s/admin%s%s", canon,
+                         (realm) ? "@" : "",
+                         (realm) ? realm : "") < 0) {
+                error(_("%s: out of memory\n"), whoami);
+                exit(1);
+            }
+            free(canon);
+            krb5_free_principal(context, princ);
+            freeprinc++;
+        } else if ((luser = getenv("USER"))) {
+            if (asprintf(&princstr, "%s/admin@%s", luser, def_realm) < 0) {
+                error(_("%s: out of memory\n"), whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else if ((pw = getpwuid(getuid()))) {
+            if (asprintf(&princstr, "%s/admin@%s", pw->pw_name,
+                         def_realm) < 0) {
+                error(_("%s: out of memory\n"), whoami);
+                exit(1);
+            }
+            freeprinc++;
+        } else {
+            error(_("%s: unable to figure out a principal name\n"), whoami);
+            exit(1);
+        }
+    }
+
+    retval = krb5_klog_init(context, "admin_server", whoami, 0);
+    if (retval) {
+        com_err(whoami, retval, _("while setting up logging"));
+        exit(1);
+    }
+
+    /*
+     * Initialize the kadm5 connection.  If we were given a ccache,
+     * use it.  Otherwise, use/prompt for the password.
+     */
+    if (ccache_name) {
+        info(_("Authenticating as principal %s with existing "
+               "credentials.\n"), princstr);
+        retval = kadm5_init_with_creds(context, princstr, cc, svcname, &params,
+                                       KADM5_STRUCT_VERSION,
+                                       KADM5_API_VERSION_4, db_args, &handle);
+    } else if (use_anonymous) {
+        info(_("Authenticating as principal %s with password; "
+               "anonymous requested.\n"), princstr);
+        retval = kadm5_init_anonymous(context, princstr, svcname, &params,
+                                      KADM5_STRUCT_VERSION,
+                                      KADM5_API_VERSION_4, db_args, &handle);
+    } else if (use_keytab) {
+        if (keytab_name != NULL) {
+            info(_("Authenticating as principal %s with keytab %s.\n"),
+                 princstr, keytab_name);
+        } else {
+            info(_("Authenticating as principal %s with default keytab.\n"),
+                 princstr);
+        }
+        retval = kadm5_init_with_skey(context, princstr, keytab_name, svcname,
+                                      &params, KADM5_STRUCT_VERSION,
+                                      KADM5_API_VERSION_4, db_args, &handle);
+    } else {
+        info(_("Authenticating as principal %s with password.\n"),
+             princstr);
+        retval = kadm5_init_with_password(context, princstr, password, svcname,
+                                          &params, KADM5_STRUCT_VERSION,
+                                          KADM5_API_VERSION_4, db_args,
+                                          &handle);
+    }
+    if (retval) {
+        com_err(whoami, retval, _("while initializing %s interface"), whoami);
+        if (retval == KADM5_BAD_CLIENT_PARAMS ||
+            retval == KADM5_BAD_SERVER_PARAMS)
+            usage();
+        exit(1);
+    }
+    if (freeprinc)
+        free(princstr);
+
+    free(params.keysalts);
+    free(db_name);
+    free(db_args);
+
+    retval = krb5_cc_close(context, cc);
+    if (retval) {
+        com_err(whoami, retval, _("while closing ccache %s"), ccache_name);
+        exit(1);
+    }
+
+    retval = kadm5_init_iprop(handle, 0);
+    if (retval) {
+        com_err(whoami, retval, _("while mapping update log"));
+        exit(1);
+    }
+
+    *request_out = query;
+    *args_out = argv + optind;
+}
+
+int
+quit()
+{
+    kadm5_ret_t retval;
+
+    if (locked) {
+        retval = kadm5_unlock(handle);
+        if (retval) {
+            com_err("quit", retval, _("while unlocking locked database"));
+            return 1;
+        }
+        locked = 0;
+    }
+
+    kadm5_destroy(handle);
+    if (ccache_name != NULL && !script_mode) {
+        fprintf(stderr, "\n\a\a\a%s",
+                _("Administration credentials NOT DESTROYED.\n"));
+    }
+
+    /* insert more random cleanup here */
+    krb5_klog_close(context);
+    krb5_free_context(context);
+    return 0;
+}
+
+void
+kadmin_lock(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+
+    if (locked)
+        return;
+    retval = kadm5_lock(handle);
+    if (retval) {
+        com_err("lock", retval, "");
+        return;
+    }
+    locked = 1;
+}
+
+void
+kadmin_unlock(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+
+    if (!locked)
+        return;
+    retval = kadm5_unlock(handle);
+    if (retval) {
+        com_err("unlock", retval, "");
+        return;
+    }
+    locked = 0;
+}
+
+void
+kadmin_delprinc(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    krb5_principal princ = NULL;
+    char *canon = NULL;
+    char reply[5];
+
+    if (! (argc == 2 ||
+           (argc == 3 && !strcmp("-force", argv[1])))) {
+        error(_("usage: delete_principal [-force] principal\n"));
+        return;
+    }
+    retval = kadmin_parse_name(argv[argc - 1], &princ);
+    if (retval) {
+        com_err("delete_principal", retval, _("while parsing principal name"));
+        return;
+    }
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("delete_principal", retval,
+                _("while canonicalizing principal"));
+        goto cleanup;
+    }
+    if (argc == 2 && !script_mode) {
+        printf(_("Are you sure you want to delete the principal \"%s\"? "
+                 "(yes/no): "), canon);
+        fgets(reply, sizeof (reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, _("Principal \"%s\" not deleted\n"), canon);
+            goto cleanup;
+        }
+    }
+    retval = kadm5_delete_principal(handle, princ);
+    if (retval) {
+        com_err("delete_principal", retval,
+                _("while deleting principal \"%s\""), canon);
+        goto cleanup;
+    }
+    info(_("Principal \"%s\" deleted.\n"), canon);
+    info(_("Make sure that you have removed this principal from all ACLs "
+           "before reusing.\n"));
+
+cleanup:
+    krb5_free_principal(context, princ);
+    free(canon);
+}
+
+void
+kadmin_renameprinc(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    krb5_principal oprinc = NULL, nprinc = NULL;
+    char *ocanon = NULL, *ncanon = NULL;
+    char reply[5];
+
+    if (!(argc == 3 || (argc == 4 && !strcmp("-force", argv[1])))) {
+        error(_("usage: rename_principal [-force] old_principal "
+                "new_principal\n"));
+        return;
+    }
+    retval = kadmin_parse_name(argv[argc - 2], &oprinc);
+    if (retval) {
+        com_err("rename_principal", retval,
+                _("while parsing old principal name"));
+        goto cleanup;
+    }
+    retval = kadmin_parse_name(argv[argc - 1], &nprinc);
+    if (retval) {
+        com_err("rename_principal", retval,
+                _("while parsing new principal name"));
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, oprinc, &ocanon);
+    if (retval) {
+        com_err("rename_principal", retval,
+                _("while canonicalizing old principal"));
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, nprinc, &ncanon);
+    if (retval) {
+        com_err("rename_principal", retval,
+                _("while canonicalizing new principal"));
+        goto cleanup;
+    }
+    if (argc == 3 && !script_mode) {
+        printf(_("Are you sure you want to rename the principal \"%s\" "
+                 "to \"%s\"? (yes/no): "), ocanon, ncanon);
+        fgets(reply, sizeof(reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, _("Principal \"%s\" not renamed\n"), ocanon);
+            goto cleanup;
+        }
+    }
+    retval = kadm5_rename_principal(handle, oprinc, nprinc);
+    if (retval) {
+        com_err("rename_principal", retval,
+                _("while renaming principal \"%s\" to \"%s\""),
+                ocanon, ncanon);
+        goto cleanup;
+    }
+    info(_("Principal \"%s\" renamed to \"%s\".\n"), ocanon, ncanon);
+    info(_("Make sure that you have removed the old principal from all ACLs "
+           "before reusing.\n"));
+
+cleanup:
+    krb5_free_principal(context, nprinc);
+    krb5_free_principal(context, oprinc);
+    free(ncanon);
+    free(ocanon);
+}
+
+static void
+cpw_usage(const char *str)
+{
+    if (str)
+        error("%s\n", str);
+    error(_("usage: change_password [-randkey] [-keepold] "
+            "[-e keysaltlist] [-pw password] principal\n"));
+}
+
+void
+kadmin_cpw(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    static char newpw[1024];
+    static char prompt1[1024], prompt2[1024];
+    char *canon = NULL, *pwarg = NULL;
+    int n_ks_tuple = 0, randkey = 0;
+    krb5_boolean keepold = FALSE;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+    krb5_principal princ = NULL;
+    char **db_args = NULL;
+    int db_args_size = 0;
+
+    if (argc < 1) {
+        cpw_usage(NULL);
+        return;
+    }
+    for (argv++, argc--; argc > 0 && **argv == '-'; argc--, argv++) {
+        if (!strcmp("-x", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage(_("change_password: missing db argument"));
+                goto cleanup;
+            }
+            db_args_size++;
+            db_args = realloc(db_args, sizeof(char*) * (db_args_size + 1));
+            if (db_args == NULL) {
+                error(_("change_password: Not enough memory\n"));
+                exit(1);
+            }
+            db_args[db_args_size - 1] = *++argv;
+            db_args[db_args_size] = NULL;
+        } else if (!strcmp("-pw", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage(_("change_password: missing password arg"));
+                goto cleanup;
+            }
+            pwarg = *++argv;
+        } else if (!strcmp("-randkey", *argv)) {
+            randkey++;
+        } else if (!strcmp("-keepold", *argv)) {
+            keepold = TRUE;
+        } else if (!strcmp("-e", *argv)) {
+            argc--;
+            if (argc < 1) {
+                cpw_usage(_("change_password: missing keysaltlist arg"));
+                goto cleanup;
+            }
+            retval = krb5_string_to_keysalts(*++argv, NULL, NULL, 0,
+                                             &ks_tuple, &n_ks_tuple);
+            if (retval) {
+                com_err("change_password", retval,
+                        _("while parsing keysalts %s"), *argv);
+                goto cleanup;
+            }
+        } else {
+            com_err("change_password", 0, _("unrecognized option %s"), *argv);
+            cpw_usage(NULL);
+            goto cleanup;
+        }
+    }
+    if (argc != 1) {
+        if (argc < 1)
+            com_err("change_password", 0, _("missing principal name"));
+        else
+            com_err("change_password", 0, _("too many arguments"));
+        cpw_usage(NULL);
+        goto cleanup;
+    }
+    retval = kadmin_parse_name(*argv, &princ);
+    if (retval) {
+        com_err("change_password", retval, _("while parsing principal name"));
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("change_password", retval,
+                _("while canonicalizing principal"));
+        goto cleanup;
+    }
+    if (pwarg != NULL) {
+        if (keepold || ks_tuple != NULL) {
+            retval = kadm5_chpass_principal_3(handle, princ, keepold,
+                                              n_ks_tuple, ks_tuple, pwarg);
+        } else {
+            retval = kadm5_chpass_principal(handle, princ, pwarg);
+        }
+        if (retval) {
+            com_err("change_password", retval,
+                    _("while changing password for \"%s\"."), canon);
+            goto cleanup;
+        }
+        info(_("Password for \"%s\" changed.\n"), canon);
+    } else if (randkey) {
+        retval = randkey_princ(handle, princ, keepold, n_ks_tuple, ks_tuple,
+                               NULL, NULL);
+        if (retval) {
+            com_err("change_password", retval,
+                    _("while randomizing key for \"%s\"."), canon);
+            goto cleanup;
+        }
+        info(_("Key for \"%s\" randomized.\n"), canon);
+    } else {
+        unsigned int i = sizeof (newpw) - 1;
+
+        snprintf(prompt1, sizeof(prompt1),
+                 _("Enter password for principal \"%s\""), canon);
+        snprintf(prompt2, sizeof(prompt2),
+                 _("Re-enter password for principal \"%s\""), canon);
+        retval = krb5_read_password(context, prompt1, prompt2,
+                                    newpw, &i);
+        if (retval) {
+            com_err("change_password", retval,
+                    _("while reading password for \"%s\"."), canon);
+            goto cleanup;
+        }
+        if (keepold || ks_tuple != NULL) {
+            retval = kadm5_chpass_principal_3(handle, princ, keepold,
+                                              n_ks_tuple, ks_tuple,
+                                              newpw);
+        } else {
+            retval = kadm5_chpass_principal(handle, princ, newpw);
+        }
+        memset(newpw, 0, sizeof (newpw));
+        if (retval) {
+            com_err("change_password", retval,
+                    _("while changing password for \"%s\"."), canon);
+            goto cleanup;
+        }
+        info(_("Password for \"%s\" changed.\n"), canon);
+    }
+cleanup:
+    free(canon);
+    free(db_args);
+    krb5_free_principal(context, princ);
+    free(ks_tuple);
+}
+
+static void
+kadmin_free_tl_data(krb5_int16 *n_tl_datap, krb5_tl_data **tl_datap)
+{
+    krb5_tl_data *tl_data = *tl_datap, *next;
+    int n_tl_data = *n_tl_datap;
+    int i;
+
+    *n_tl_datap = 0;
+    *tl_datap = NULL;
+
+    for (i = 0; tl_data && (i < n_tl_data); i++) {
+        next = tl_data->tl_data_next;
+        free(tl_data->tl_data_contents);
+        free(tl_data);
+        tl_data = next;
+    }
+}
+
+/* Construct a tl_data element and add it to the tail of *tl_datap. */
+static void
+add_tl_data(krb5_int16 *n_tl_datap, krb5_tl_data **tl_datap,
+            krb5_int16 tl_type, krb5_ui_2 len, krb5_octet *contents)
+{
+    krb5_tl_data *tl_data;
+    krb5_octet *copy;
+
+    copy = malloc(len);
+    tl_data = calloc(1, sizeof(*tl_data));
+    if (copy == NULL || tl_data == NULL) {
+        error(_("Not enough memory\n"));
+        exit(1);
+    }
+    memcpy(copy, contents, len);
+
+    tl_data->tl_data_type = tl_type;
+    tl_data->tl_data_length = len;
+    tl_data->tl_data_contents = copy;
+    tl_data->tl_data_next = NULL;
+
+    for (; *tl_datap != NULL; tl_datap = &(*tl_datap)->tl_data_next);
+    *tl_datap = tl_data;
+    (*n_tl_datap)++;
+}
+
+static void
+unlock_princ(kadm5_principal_ent_t princ, long *mask, const char *caller)
+{
+    krb5_error_code retval;
+    krb5_timestamp now;
+    krb5_octet timebuf[4];
+
+    /* Zero out the failed auth count. */
+    princ->fail_auth_count = 0;
+    *mask |= KADM5_FAIL_AUTH_COUNT;
+
+    /* Record the timestamp of this unlock operation so that replica KDCs will
+     * see it, since fail_auth_count is unreplicated. */
+    retval = krb5_timeofday(context, &now);
+    if (retval) {
+        com_err(caller, retval, _("while getting time"));
+        exit(1);
+    }
+    store_32_le((krb5_int32)now, timebuf);
+    add_tl_data(&princ->n_tl_data, &princ->tl_data,
+                KRB5_TL_LAST_ADMIN_UNLOCK, 4, timebuf);
+    *mask |= KADM5_TL_DATA;
+}
+
+/*
+ * Parse addprinc or modprinc arguments.  Some output fields may be
+ * filled in on error.
+ */
+static int
+kadmin_parse_princ_args(int argc, char *argv[], kadm5_principal_ent_t oprinc,
+                        long *mask, char **pass, krb5_boolean *randkey,
+                        krb5_boolean *nokey, krb5_key_salt_tuple **ks_tuple,
+                        int *n_ks_tuple, char *caller)
+{
+    int i;
+    time_t now, date, interval;
+    krb5_error_code retval;
+
+    *mask = 0;
+    *pass = NULL;
+    *n_ks_tuple = 0;
+    *ks_tuple = NULL;
+    time(&now);
+    *randkey = FALSE;
+    *nokey = FALSE;
+    for (i = 1; i < argc - 1; i++) {
+        if (!strcmp("-x",argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+
+            add_tl_data(&oprinc->n_tl_data, &oprinc->tl_data,
+                        KRB5_TL_DB_ARGS, strlen(argv[i]) + 1,
+                        (krb5_octet *)argv[i]);
+            *mask |= KADM5_TL_DATA;
+            continue;
+        }
+        if (!strcmp("-expire", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            date = parse_date(argv[i], now);
+            if (date == (time_t)-1)
+                return -1;
+            oprinc->princ_expire_time = date;
+            *mask |= KADM5_PRINC_EXPIRE_TIME;
+            continue;
+        }
+        if (!strcmp("-pwexpire", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            date = parse_date(argv[i], now);
+            if (date == (time_t)-1)
+                return -1;
+            oprinc->pw_expiration = date;
+            *mask |= KADM5_PW_EXPIRATION;
+            continue;
+        }
+        if (!strcmp("-maxlife", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            interval = parse_interval(argv[i], now);
+            if (interval == (time_t)-1)
+                return -1;
+            oprinc->max_life = interval;
+            *mask |= KADM5_MAX_LIFE;
+            continue;
+        }
+        if (!strcmp("-maxrenewlife", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            interval = parse_interval(argv[i], now);
+            if (interval == (time_t)-1)
+                return -1;
+            oprinc->max_renewable_life = interval;
+            *mask |= KADM5_MAX_RLIFE;
+            continue;
+        }
+        if (!strcmp("-kvno", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            oprinc->kvno = atoi(argv[i]);
+            *mask |= KADM5_KVNO;
+            continue;
+        }
+        if (!strcmp("-policy", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            oprinc->policy = argv[i];
+            *mask |= KADM5_POLICY;
+            continue;
+        }
+        if (!strcmp("-clearpolicy", argv[i])) {
+            oprinc->policy = NULL;
+            *mask |= KADM5_POLICY_CLR;
+            continue;
+        }
+        if (!strcmp("-pw", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            *pass = argv[i];
+            continue;
+        }
+        if (!strcmp("-randkey", argv[i])) {
+            *randkey = TRUE;
+            continue;
+        }
+        if (!strcmp("-nokey", argv[i])) {
+            *nokey = TRUE;
+            continue;
+        }
+        if (!strcmp("-unlock", argv[i])) {
+            unlock_princ(oprinc, mask, caller);
+            continue;
+        }
+        if (!strcmp("-e", argv[i])) {
+            if (++i > argc - 2)
+                return -1;
+            retval = krb5_string_to_keysalts(argv[i], NULL, NULL, 0,
+                                             ks_tuple, n_ks_tuple);
+            if (retval) {
+                com_err(caller, retval, _("while parsing keysalts %s"),
+                        argv[i]);
+                return -1;
+            }
+            continue;
+        }
+        retval = krb5_flagspec_to_mask(argv[i], &oprinc->attributes,
+                                       &oprinc->attributes);
+        if (retval)
+            return -1;
+        else
+            *mask |= KADM5_ATTRIBUTES;
+    }
+    if (i != argc - 1)
+        return -1;
+    retval = kadmin_parse_name(argv[i], &oprinc->principal);
+    if (retval) {
+        com_err(caller, retval, _("while parsing principal"));
+        return -1;
+    }
+    return 0;
+}
+
+static void
+kadmin_addprinc_usage()
+{
+    error(_("usage: add_principal [options] principal\n"));
+    error(_("\toptions are:\n"));
+    error(_("\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] "
+            "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
+            "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+            "\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+            "\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"));
+    error(_("\tattributes are:\n"));
+    error(_("\t\tallow_postdated allow_forwardable allow_tgs_req "
+            "allow_renewable\n"
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+            "\t\trequires_hwauth needchange allow_svr "
+            "password_changing_service\n"
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+            "\t\tlockdown_keys\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database "
+            "specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported "
+            "arguments\n"));
+}
+
+static void
+kadmin_modprinc_usage()
+{
+    error(_("usage: modify_principal [options] principal\n"));
+    error(_("\toptions are:\n"));
+    error(_("\t\t[-x db_princ_args]* [-expire expdate] "
+            "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
+            "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+            "\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n"));
+    error(_("\tattributes are:\n"));
+    error(_("\t\tallow_postdated allow_forwardable allow_tgs_req "
+            "allow_renewable\n"
+            "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+            "\t\trequires_hwauth needchange allow_svr "
+            "password_changing_service\n"
+            "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+            "\t\tlockdown_keys\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database "
+            "specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported "
+            "arguments\n"));
+}
+
+/* Create a dummy password for old-style (pre-1.8) randkey creation. */
+static void
+prepare_dummy_password(char *buf, size_t sz)
+{
+    size_t i;
+
+    /* Must try to pass any password policy in place, and be valid UTF-8. */
+    strlcpy(buf, "6F a[", sz);
+    for (i = strlen(buf); i < sz - 1; i++)
+        buf[i] = 'a' + (i % 26);
+    buf[sz - 1] = '\0';
+}
+
+void
+kadmin_addprinc(int argc, char *argv[])
+{
+    kadm5_principal_ent_rec princ;
+    long mask;
+    krb5_boolean randkey = FALSE, nokey = FALSE, old_style_randkey = FALSE;
+    int n_ks_tuple;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+    char *pass, *canon = NULL;
+    krb5_error_code retval;
+    char newpw[1024], dummybuf[256];
+    static char prompt1[1024], prompt2[1024];
+
+    /* Zero all fields in request structure */
+    memset(&princ, 0, sizeof(princ));
+
+    princ.attributes = 0;
+    if (kadmin_parse_princ_args(argc, argv, &princ, &mask, &pass, &randkey,
+                                &nokey, &ks_tuple, &n_ks_tuple,
+                                "add_principal")) {
+        kadmin_addprinc_usage();
+        goto cleanup;
+    }
+
+    retval = krb5_unparse_name(context, princ.principal, &canon);
+    if (retval) {
+        com_err("add_principal", retval, _("while canonicalizing principal"));
+        goto cleanup;
+    }
+
+    if (mask & KADM5_POLICY) {
+        /* Warn if the specified policy does not exist. */
+        if (!script_mode && !policy_exists(princ.policy)) {
+            fprintf(stderr, _("WARNING: policy \"%s\" does not exist\n"),
+                    princ.policy);
+        }
+    } else if (!(mask & KADM5_POLICY_CLR)) {
+        /* If the policy "default" exists, assign it. */
+        if (policy_exists("default")) {
+            if (!script_mode) {
+                fprintf(stderr, _("No policy specified for %s; "
+                                  "assigning \"default\"\n"), canon);
+            }
+            princ.policy = "default";
+            mask |= KADM5_POLICY;
+        } else if (!script_mode) {
+            fprintf(stderr, _("No policy specified for %s; "
+                              "defaulting to no policy\n"), canon);
+        }
+    }
+    /* Don't send KADM5_POLICY_CLR to the server. */
+    mask &= ~KADM5_POLICY_CLR;
+
+    if (nokey) {
+        pass = NULL;
+        mask |= KADM5_KEY_DATA;
+    } else if (randkey) {
+        pass = NULL;
+    } else if (pass == NULL) {
+        unsigned int sz = sizeof(newpw) - 1;
+
+        snprintf(prompt1, sizeof(prompt1),
+                 _("Enter password for principal \"%s\""), canon);
+        snprintf(prompt2, sizeof(prompt2),
+                 _("Re-enter password for principal \"%s\""), canon);
+        retval = krb5_read_password(context, prompt1, prompt2, newpw, &sz);
+        if (retval) {
+            com_err("add_principal", retval,
+                    _("while reading password for \"%s\"."), canon);
+            goto cleanup;
+        }
+        pass = newpw;
+    }
+    mask |= KADM5_PRINCIPAL;
+    retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
+    if (retval == EINVAL && randkey) {
+        /*
+         * The server doesn't support randkey creation.  Create the principal
+         * with a dummy password and disallow tickets.
+         */
+        prepare_dummy_password(dummybuf, sizeof(dummybuf));
+        princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+        mask |= KADM5_ATTRIBUTES;
+        pass = dummybuf;
+        retval = create_princ(&princ, mask, n_ks_tuple, ks_tuple, pass);
+        old_style_randkey = 1;
+    }
+    if (retval == KADM5_BAD_MASK && nokey) {
+        error(_("Admin server does not support -nokey while creating "
+                "\"%s\"\n"), canon);
+        goto cleanup;
+    }
+    if (retval) {
+        com_err("add_principal", retval, "while creating \"%s\".", canon);
+        goto cleanup;
+    }
+    if (old_style_randkey) {
+        /* Randomize the password and re-enable tickets. */
+        retval = randkey_princ(handle, princ.principal, FALSE, n_ks_tuple,
+                               ks_tuple, NULL, NULL);
+        if (retval) {
+            com_err("add_principal", retval,
+                    _("while randomizing key for \"%s\"."), canon);
+            goto cleanup;
+        }
+        princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
+        mask = KADM5_ATTRIBUTES;
+        retval = kadm5_modify_principal(handle, &princ, mask);
+        if (retval) {
+            com_err("add_principal", retval,
+                    _("while clearing DISALLOW_ALL_TIX for \"%s\"."), canon);
+            goto cleanup;
+        }
+    }
+    info("Principal \"%s\" created.\n", canon);
+
+cleanup:
+    krb5_free_principal(context, princ.principal);
+    free(ks_tuple);
+    free(canon);
+    kadmin_free_tl_data(&princ.n_tl_data, &princ.tl_data);
+}
+
+void
+kadmin_modprinc(int argc, char *argv[])
+{
+    kadm5_principal_ent_rec princ, oldprinc;
+    krb5_principal kprinc = NULL;
+    long mask;
+    krb5_error_code retval;
+    char *pass, *canon = NULL;
+    krb5_boolean randkey = FALSE, nokey = FALSE;
+    int n_ks_tuple = 0;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+
+    if (argc < 2) {
+        kadmin_modprinc_usage();
+        return;
+    }
+
+    memset(&oldprinc, 0, sizeof(oldprinc));
+    memset(&princ, 0, sizeof(princ));
+
+    retval = kadmin_parse_name(argv[argc - 1], &kprinc);
+    if (retval) {
+        com_err("modify_principal", retval, _("while parsing principal"));
+        return;
+    }
+    retval = krb5_unparse_name(context, kprinc, &canon);
+    if (retval) {
+        com_err("modify_principal", retval,
+                _("while canonicalizing principal"));
+        goto cleanup;
+    }
+    retval = kadm5_get_principal(handle, kprinc, &oldprinc,
+                                 KADM5_PRINCIPAL_NORMAL_MASK);
+    if (retval) {
+        com_err("modify_principal", retval, _("while getting \"%s\"."), canon);
+        goto cleanup;
+    }
+    princ.attributes = oldprinc.attributes;
+    kadm5_free_principal_ent(handle, &oldprinc);
+    retval = kadmin_parse_princ_args(argc, argv,
+                                     &princ, &mask,
+                                     &pass, &randkey, &nokey,
+                                     &ks_tuple, &n_ks_tuple,
+                                     "modify_principal");
+    if (retval || ks_tuple != NULL || randkey || nokey || pass) {
+        kadmin_modprinc_usage();
+        goto cleanup;
+    }
+    if (mask & KADM5_POLICY) {
+        /* Warn if the specified policy does not exist. */
+        if (!script_mode && !policy_exists(princ.policy)) {
+            fprintf(stderr, _("WARNING: policy \"%s\" does not exist\n"),
+                    princ.policy);
+        }
+    }
+    if (mask) {
+        /* Skip this if all we're doing is setting certhash. */
+        retval = kadm5_modify_principal(handle, &princ, mask);
+    }
+    if (retval) {
+        com_err("modify_principal", retval, _("while modifying \"%s\"."),
+                canon);
+        goto cleanup;
+    }
+    info(_("Principal \"%s\" modified.\n"), canon);
+cleanup:
+    krb5_free_principal(context, kprinc);
+    krb5_free_principal(context, princ.principal);
+    kadmin_free_tl_data(&princ.n_tl_data, &princ.tl_data);
+    free(canon);
+    free(ks_tuple);
+}
+
+void
+kadmin_getprinc(int argc, char *argv[])
+{
+    kadm5_principal_ent_rec dprinc;
+    krb5_principal princ = NULL;
+    krb5_error_code retval;
+    const char *polname, *noexist;
+    char *canon = NULL, *princstr = NULL, *modprincstr = NULL;
+    char **sp = NULL, **attrstrs = NULL;
+    int i;
+
+    if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) {
+        error(_("usage: get_principal [-terse] principal\n"));
+        return;
+    }
+
+    memset(&dprinc, 0, sizeof(dprinc));
+
+    retval = kadmin_parse_name(argv[argc - 1], &princ);
+    if (retval) {
+        com_err("get_principal", retval, _("while parsing principal"));
+        return;
+    }
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("get_principal", retval, _("while canonicalizing principal"));
+        goto cleanup;
+    }
+    retval = kadm5_get_principal(handle, princ, &dprinc,
+                                 KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA);
+    if (retval) {
+        com_err("get_principal", retval, _("while retrieving \"%s\"."), canon);
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, dprinc.principal, &princstr);
+    if (retval) {
+        com_err("get_principal", retval, _("while unparsing principal"));
+        goto cleanup;
+    }
+    retval = krb5_unparse_name(context, dprinc.mod_name, &modprincstr);
+    if (retval) {
+        com_err("get_principal", retval, _("while unparsing principal"));
+        goto cleanup;
+    }
+    if (argc == 2) {
+        printf(_("Principal: %s\n"), princstr);
+        printf(_("Expiration date: %s\n"), dprinc.princ_expire_time ?
+               strdate(dprinc.princ_expire_time) : _("[never]"));
+        printf(_("Last password change: %s\n"), dprinc.last_pwd_change ?
+               strdate(dprinc.last_pwd_change) : _("[never]"));
+        printf(_("Password expiration date: %s\n"),
+               dprinc.pw_expiration ?
+               strdate(dprinc.pw_expiration) : _("[never]"));
+        printf(_("Maximum ticket life: %s\n"), strdur(dprinc.max_life));
+        printf(_("Maximum renewable life: %s\n"),
+               strdur(dprinc.max_renewable_life));
+        printf(_("Last modified: %s (%s)\n"), strdate(dprinc.mod_date),
+               modprincstr);
+        printf(_("Last successful authentication: %s\n"),
+               dprinc.last_success ? strdate(dprinc.last_success) :
+               _("[never]"));
+        printf("Last failed authentication: %s\n",
+               dprinc.last_failed ? strdate(dprinc.last_failed) :
+               "[never]");
+        printf(_("Failed password attempts: %d\n"),
+               dprinc.fail_auth_count);
+        printf(_("Number of keys: %d\n"), dprinc.n_key_data);
+        for (i = 0; i < dprinc.n_key_data; i++) {
+            krb5_key_data *key_data = &dprinc.key_data[i];
+            char enctype[BUFSIZ], salttype[BUFSIZ];
+            char *deprecated = "";
+
+            if (krb5_enctype_to_name(key_data->key_data_type[0], FALSE,
+                                     enctype, sizeof(enctype)))
+                snprintf(enctype, sizeof(enctype), _("<Encryption type 0x%x>"),
+                         key_data->key_data_type[0]);
+            if (!krb5_c_valid_enctype(key_data->key_data_type[0]))
+                deprecated = "UNSUPPORTED:";
+            else if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
+                deprecated = "DEPRECATED:";
+            printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated,
+                   enctype);
+            if (key_data->key_data_ver > 1 &&
+                key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_NORMAL) {
+                if (krb5_salttype_to_string(key_data->key_data_type[1],
+                                            salttype, sizeof(salttype)))
+                    snprintf(salttype, sizeof(salttype), _("<Salt type 0x%x>"),
+                             key_data->key_data_type[1]);
+                printf(":%s", salttype);
+            }
+            printf("\n");
+        }
+        printf(_("MKey: vno %d\n"), dprinc.mkvno);
+
+        printf(_("Attributes:"));
+        retval = krb5_flags_to_strings(dprinc.attributes, &attrstrs);
+        if (retval) {
+            com_err("get_principal", retval, _("while printing flags"));
+            return;
+        }
+        for (sp = attrstrs; sp != NULL && *sp != NULL; sp++) {
+            printf(" %s", *sp);
+            free(*sp);
+        }
+        free(attrstrs);
+        printf("\n");
+        polname = (dprinc.policy != NULL) ? dprinc.policy : _("[none]");
+        noexist = (dprinc.policy != NULL && !policy_exists(dprinc.policy)) ?
+            _(" [does not exist]") : "";
+        printf(_("Policy: %s%s\n"), polname, noexist);
+    } else {
+        printf("\"%s\"\t%d\t%d\t%d\t%d\t\"%s\"\t%d\t%d\t%d\t%d\t\"%s\""
+               "\t%d\t%d\t%d\t%d\t%d",
+               princstr, dprinc.princ_expire_time, dprinc.last_pwd_change,
+               dprinc.pw_expiration, dprinc.max_life, modprincstr,
+               dprinc.mod_date, dprinc.attributes, dprinc.kvno,
+               dprinc.mkvno, dprinc.policy ? dprinc.policy : "[none]",
+               dprinc.max_renewable_life, dprinc.last_success,
+               dprinc.last_failed, dprinc.fail_auth_count,
+               dprinc.n_key_data);
+        for (i = 0; i < dprinc.n_key_data; i++)
+            printf("\t%d\t%d\t%d\t%d",
+                   dprinc.key_data[i].key_data_ver,
+                   dprinc.key_data[i].key_data_kvno,
+                   dprinc.key_data[i].key_data_type[0],
+                   dprinc.key_data[i].key_data_type[1]);
+        printf("\n");
+    }
+cleanup:
+    krb5_free_principal(context, princ);
+    kadm5_free_principal_ent(handle, &dprinc);
+    free(canon);
+    free(princstr);
+    free(modprincstr);
+}
+
+void
+kadmin_getprincs(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    char *expr, **names;
+    int i, count;
+
+    expr = NULL;
+    if (!(argc == 1 || (argc == 2 && (expr = argv[1])))) {
+        error(_("usage: get_principals [expression]\n"));
+        return;
+    }
+    retval = kadm5_get_principals(handle, expr, &names, &count);
+    if (retval) {
+        com_err("get_principals", retval, _("while retrieving list."));
+        return;
+    }
+    for (i = 0; i < count; i++)
+        printf("%s\n", names[i]);
+    kadm5_free_name_list(handle, names, count);
+}
+
+static int
+kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy,
+                         long *mask, char *caller)
+{
+    krb5_error_code retval;
+    int i;
+    time_t now, interval;
+
+    time(&now);
+    *mask = 0;
+    for (i = 1; i < argc - 1; i++) {
+        if (!strcmp(argv[i], "-maxlife")) {
+            if (++i > argc -2)
+                return -1;
+            interval = parse_interval(argv[i], now);
+            if (interval == (time_t)-1)
+                return -1;
+            policy->pw_max_life = interval;
+            *mask |= KADM5_PW_MAX_LIFE;
+            continue;
+        } else if (!strcmp(argv[i], "-minlife")) {
+            if (++i > argc - 2)
+                return -1;
+            interval = parse_interval(argv[i], now);
+            if (interval == (time_t)-1)
+                return -1;
+            policy->pw_min_life = interval;
+            *mask |= KADM5_PW_MIN_LIFE;
+            continue;
+        } else if (!strcmp(argv[i], "-minlength")) {
+            if (++i > argc - 2)
+                return -1;
+            policy->pw_min_length = atoi(argv[i]);
+            *mask |= KADM5_PW_MIN_LENGTH;
+            continue;
+        } else if (!strcmp(argv[i], "-minclasses")) {
+            if (++i > argc - 2)
+                return -1;
+            policy->pw_min_classes = atoi(argv[i]);
+            *mask |= KADM5_PW_MIN_CLASSES;
+            continue;
+        } else if (!strcmp(argv[i], "-history")) {
+            if (++i > argc - 2)
+                return -1;
+            policy->pw_history_num = atoi(argv[i]);
+            *mask |= KADM5_PW_HISTORY_NUM;
+            continue;
+        } else if (strlen(argv[i]) == 11 &&
+                   !strcmp(argv[i], "-maxfailure")) {
+            if (++i > argc - 2)
+                return -1;
+            policy->pw_max_fail = atoi(argv[i]);
+            *mask |= KADM5_PW_MAX_FAILURE;
+            continue;
+        } else if (strlen(argv[i]) == 21 &&
+                   !strcmp(argv[i], "-failurecountinterval")) {
+            if (++i > argc - 2)
+                return -1;
+            interval = parse_interval(argv[i], now);
+            if (interval == (time_t)-1)
+                return -1;
+            policy->pw_failcnt_interval = interval;
+            *mask |= KADM5_PW_FAILURE_COUNT_INTERVAL;
+            continue;
+        } else if (strlen(argv[i]) == 16 &&
+                   !strcmp(argv[i], "-lockoutduration")) {
+            if (++i > argc - 2)
+                return -1;
+            interval = parse_interval(argv[i], now);
+            if (interval == (time_t)-1)
+                return -1;
+            policy->pw_lockout_duration = interval;
+            *mask |= KADM5_PW_LOCKOUT_DURATION;
+            continue;
+        } else if (!strcmp(argv[i], "-allowedkeysalts")) {
+            krb5_key_salt_tuple *ks_tuple = NULL;
+            int n_ks_tuple = 0;
+
+            if (++i > argc - 2)
+                return -1;
+            if (strcmp(argv[i], "-")) {
+                retval = krb5_string_to_keysalts(argv[i], ",", NULL, 0,
+                                                 &ks_tuple, &n_ks_tuple);
+                if (retval) {
+                    com_err(caller, retval, _("while parsing keysalts %s"),
+                            argv[i]);
+                    return -1;
+                }
+                free(ks_tuple);
+                policy->allowed_keysalts = argv[i];
+            }
+            *mask |= KADM5_POLICY_ALLOWED_KEYSALTS;
+            continue;
+        } else
+            return -1;
+    }
+    if (i != argc -1) {
+        error(_("%s: parser lost count!\n"), caller);
+        return -1;
+    } else
+        return 0;
+}
+
+static void
+kadmin_addmodpol_usage(char *func)
+{
+    error(_("usage; %s [options] policy\n"), func);
+    error(_("\toptions are:\n"));
+    error(_("\t\t[-maxlife time] [-minlife time] [-minlength length]\n"
+            "\t\t[-minclasses number] [-history number]\n"
+            "\t\t[-maxfailure number] [-failurecountinterval time]\n"
+            "\t\t[-allowedkeysalts keysalts]\n"));
+    error(_("\t\t[-lockoutduration time]\n"));
+}
+
+void
+kadmin_addpol(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    long mask;
+    kadm5_policy_ent_rec policy;
+
+    memset(&policy, 0, sizeof(policy));
+    if (kadmin_parse_policy_args(argc, argv, &policy, &mask, "add_policy")) {
+        kadmin_addmodpol_usage("add_policy");
+        return;
+    }
+    policy.policy = argv[argc - 1];
+    mask |= KADM5_POLICY;
+    retval = kadm5_create_policy(handle, &policy, mask);
+    if (retval) {
+        com_err("add_policy", retval, _("while creating policy \"%s\"."),
+                policy.policy);
+    }
+}
+
+void
+kadmin_modpol(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    long mask;
+    kadm5_policy_ent_rec policy;
+
+    memset(&policy, 0, sizeof(policy));
+    if (kadmin_parse_policy_args(argc, argv, &policy, &mask,
+                                 "modify_policy")) {
+        kadmin_addmodpol_usage("modify_policy");
+        return;
+    }
+    policy.policy = argv[argc - 1];
+    retval = kadm5_modify_policy(handle, &policy, mask);
+    if (retval) {
+        com_err("modify_policy", retval, _("while modifying policy \"%s\"."),
+                policy.policy);
+    }
+}
+
+void
+kadmin_delpol(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    char reply[5];
+
+    if (!(argc == 2 || (argc == 3 && !strcmp("-force", argv[1])))) {
+        error(_("usage: delete_policy [-force] policy\n"));
+        return;
+    }
+    if (argc == 2 && !script_mode) {
+        printf(_("Are you sure you want to delete the policy \"%s\"? "
+                 "(yes/no): "), argv[1]);
+        fgets(reply, sizeof(reply), stdin);
+        if (strcmp("yes\n", reply)) {
+            fprintf(stderr, _("Policy \"%s\" not deleted.\n"), argv[1]);
+            return;
+        }
+    }
+    retval = kadm5_delete_policy(handle, argv[argc - 1]);
+    if (retval) {
+        com_err("delete_policy:", retval, _("while deleting policy \"%s\""),
+                argv[argc - 1]);
+    }
+}
+
+void
+kadmin_getpol(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    kadm5_policy_ent_rec policy;
+
+    if (!(argc == 2 || (argc == 3 && !strcmp("-terse", argv[1])))) {
+        error(_("usage: get_policy [-terse] policy\n"));
+        return;
+    }
+    retval = kadm5_get_policy(handle, argv[argc - 1], &policy);
+    if (retval) {
+        com_err("get_policy", retval, _("while retrieving policy \"%s\"."),
+                argv[argc - 1]);
+        return;
+    }
+    if (argc == 2) {
+        printf(_("Policy: %s\n"), policy.policy);
+        printf(_("Maximum password life: %s\n"), strdur(policy.pw_max_life));
+        printf(_("Minimum password life: %s\n"), strdur(policy.pw_min_life));
+        printf(_("Minimum password length: %ld\n"), policy.pw_min_length);
+        printf(_("Minimum number of password character classes: %ld\n"),
+               policy.pw_min_classes);
+        printf(_("Number of old keys kept: %ld\n"), policy.pw_history_num);
+        printf(_("Maximum password failures before lockout: %lu\n"),
+               (unsigned long)policy.pw_max_fail);
+        printf(_("Password failure count reset interval: %s\n"),
+               strdur(policy.pw_failcnt_interval));
+        printf(_("Password lockout duration: %s\n"),
+               strdur(policy.pw_lockout_duration));
+        if (policy.allowed_keysalts != NULL)
+            printf(_("Allowed key/salt types: %s\n"), policy.allowed_keysalts);
+    } else {
+        /* Output 0 where we used to output policy_refcnt. */
+        printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t0\t%lu\t%ld\t%ld\t%s\n",
+               policy.policy, policy.pw_max_life, policy.pw_min_life,
+               policy.pw_min_length, policy.pw_min_classes,
+               policy.pw_history_num, (unsigned long)policy.pw_max_fail,
+               (long)policy.pw_failcnt_interval,
+               (long)policy.pw_lockout_duration,
+               (policy.allowed_keysalts == NULL) ? "-" :
+               policy.allowed_keysalts);
+    }
+    kadm5_free_policy_ent(handle, &policy);
+}
+
+void
+kadmin_getpols(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    char *expr, **names;
+    int i, count;
+
+    expr = NULL;
+    if (!(argc == 1 || (argc == 2 && (expr = argv[1])))) {
+        error(_("usage: get_policies [expression]\n"));
+        return;
+    }
+    retval = kadm5_get_policies(handle, expr, &names, &count);
+    if (retval) {
+        com_err("get_policies", retval, _("while retrieving list."));
+        return;
+    }
+    for (i = 0; i < count; i++)
+        printf("%s\n", names[i]);
+    kadm5_free_name_list(handle, names, count);
+}
+
+void
+kadmin_getprivs(int argc, char *argv[])
+{
+    static char *privs[] = {"INQUIRE", "ADD", "MODIFY", "DELETE"};
+    krb5_error_code retval;
+    size_t i;
+    long plist;
+
+    if (argc != 1) {
+        error(_("usage: get_privs\n"));
+        return;
+    }
+    retval = kadm5_get_privs(handle, &plist);
+    if (retval) {
+        com_err("get_privs", retval, _("while retrieving privileges"));
+        return;
+    }
+    printf(_("current privileges:"));
+    for (i = 0; i < sizeof (privs) / sizeof (char *); i++) {
+        if (plist & 1 << i)
+            printf(" %s", privs[i]);
+    }
+    printf("\n");
+}
+
+void
+kadmin_purgekeys(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    int keepkvno = -1;
+    char *pname = NULL, *canon = NULL;
+    krb5_principal princ;
+
+    if (argc == 4 && strcmp(argv[1], "-keepkvno") == 0) {
+        keepkvno = atoi(argv[2]);
+        pname = argv[3];
+    } else if (argc == 3 && strcmp(argv[1], "-all") == 0) {
+        keepkvno = KRB5_INT32_MAX;
+        pname = argv[2];
+    } else if (argc == 2) {
+        pname = argv[1];
+    }
+    if (pname == NULL) {
+        error(_("usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] "
+                "principal\n"));
+        return;
+    }
+
+    retval = kadmin_parse_name(pname, &princ);
+    if (retval) {
+        com_err("purgekeys", retval, _("while parsing principal"));
+        return;
+    }
+
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("purgekeys", retval, _("while canonicalizing principal"));
+        goto cleanup;
+    }
+
+    retval = kadm5_purgekeys(handle, princ, keepkvno);
+    if (retval) {
+        com_err("purgekeys", retval,
+                _("while purging keys for principal \"%s\""), canon);
+        goto cleanup;
+    }
+
+    if (keepkvno == KRB5_INT32_MAX)
+        info(_("All keys for principal \"%s\" removed.\n"), canon);
+    else
+        info(_("Old keys for principal \"%s\" purged.\n"), canon);
+cleanup:
+    krb5_free_principal(context, princ);
+    free(canon);
+    return;
+}
+
+void
+kadmin_getstrings(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    char *pname, *canon = NULL;
+    krb5_principal princ = NULL;
+    krb5_string_attr *strings = NULL;
+    int count, i;
+
+    if (argc != 2) {
+        error(_("usage: get_strings principal\n"));
+        return;
+    }
+    pname = argv[1];
+
+    retval = kadmin_parse_name(pname, &princ);
+    if (retval) {
+        com_err("get_strings", retval, _("while parsing principal"));
+        return;
+    }
+
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("get_strings", retval, _("while canonicalizing principal"));
+        goto cleanup;
+    }
+
+    retval = kadm5_get_strings(handle, princ, &strings, &count);
+    if (retval) {
+        com_err("get_strings", retval,
+                _("while getting attributes for principal \"%s\""), canon);
+        goto cleanup;
+    }
+
+    if (count == 0)
+        printf(_("(No string attributes.)\n"));
+    for (i = 0; i < count; i++)
+        printf("%s: %s\n", strings[i].key, strings[i].value);
+    kadm5_free_strings(handle, strings, count);
+
+cleanup:
+    krb5_free_principal(context, princ);
+    free(canon);
+    return;
+}
+
+void
+kadmin_setstring(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    char *pname, *canon = NULL, *key, *value;
+    krb5_principal princ = NULL;
+
+    if (argc != 4) {
+        error(_("usage: set_string principal key value\n"));
+        return;
+    }
+    pname = argv[1];
+    key = argv[2];
+    value = argv[3];
+
+    retval = kadmin_parse_name(pname, &princ);
+    if (retval) {
+        com_err("set_string", retval, _("while parsing principal"));
+        return;
+    }
+
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("set_string", retval, _("while canonicalizing principal"));
+        goto cleanup;
+    }
+
+    retval = kadm5_set_string(handle, princ, key, value);
+    if (retval) {
+        com_err("set_string", retval,
+                _("while setting attribute on principal \"%s\""), canon);
+        goto cleanup;
+    }
+
+    info(_("Attribute set for principal \"%s\".\n"), canon);
+cleanup:
+    krb5_free_principal(context, princ);
+    free(canon);
+    return;
+}
+
+void
+kadmin_delstring(int argc, char *argv[])
+{
+    kadm5_ret_t retval;
+    char *pname, *canon = NULL, *key;
+    krb5_principal princ = NULL;
+
+    if (argc != 3) {
+        error(_("usage: del_string principal key\n"));
+        return;
+    }
+    pname = argv[1];
+    key = argv[2];
+
+    retval = kadmin_parse_name(pname, &princ);
+    if (retval) {
+        com_err("delstring", retval, _("while parsing principal"));
+        return;
+    }
+
+    retval = krb5_unparse_name(context, princ, &canon);
+    if (retval) {
+        com_err("del_string", retval, _("while canonicalizing principal"));
+        goto cleanup;
+    }
+
+    retval = kadm5_set_string(handle, princ, key, NULL);
+    if (retval) {
+        com_err("del_string", retval,
+                _("while deleting attribute from principal \"%s\""), canon);
+        goto cleanup;
+    }
+
+    info(_("Attribute removed from principal \"%s\".\n"), canon);
+cleanup:
+    krb5_free_principal(context, princ);
+    free(canon);
+    return;
+}
diff --git a/krb5-1.21.3/src/kadmin/cli/kadmin.h b/krb5-1.21.3/src/kadmin/cli/kadmin.h
new file mode 100644
index 00000000..4ab1e9d5
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/kadmin.h
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/cli/kadmin.h */
+/*
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Prototypes for kadmin functions called from SS library.
+ */
+
+#ifndef __KADMIN_H__
+#define __KADMIN_H__
+
+/* It would be nice if ss produced a header file we could reference */
+extern void kadmin_startup(int argc, char *argv[], char **request_out,
+                           char ***args_out);
+extern int quit (void);
+extern void kadmin_lock(int argc, char *argv[]);
+extern void kadmin_unlock(int argc, char *argv[]);
+extern void kadmin_delprinc(int argc, char *argv[]);
+extern void kadmin_renameprinc(int argc, char *argv[]);
+extern void kadmin_cpw(int argc, char *argv[]);
+extern void kadmin_addprinc(int argc, char *argv[]);
+extern void kadmin_modprinc(int argc, char *argv[]);
+extern void kadmin_getprinc(int argc, char *argv[]);
+extern void kadmin_getprincs(int argc, char *argv[]);
+extern void kadmin_addpol(int argc, char *argv[]);
+extern void kadmin_modpol(int argc, char *argv[]);
+extern void kadmin_delpol(int argc, char *argv[]);
+extern void kadmin_getpol(int argc, char *argv[]);
+extern void kadmin_getpols(int argc, char *argv[]);
+extern void kadmin_getprivs(int argc, char *argv[]);
+extern void kadmin_keytab_add(int argc, char *argv[]);
+extern void kadmin_keytab_remove(int argc, char *argv[]);
+extern void kadmin_purgekeys(int argc, char *argv[]);
+extern void kadmin_getstrings(int argc, char *argv[]);
+extern void kadmin_setstring(int argc, char *argv[]);
+extern void kadmin_delstring(int argc, char *argv[]);
+
+#include <kdb.h>
+
+krb5_error_code
+randkey_princ(void *lhandle, krb5_principal princ, krb5_boolean keepold,
+              int n_ks, krb5_key_salt_tuple *ks, krb5_keyblock **key,
+              int *n_keys);
+
+#include "autoconf.h"
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#include <time.h>
+
+extern time_t get_date_rel(char *, time_t);
+
+/* Yucky global variables */
+extern krb5_context context;
+extern char *whoami;
+extern void *handle;
+
+#endif /* __KADMIN_H__ */
diff --git a/krb5-1.21.3/src/kadmin/cli/kadmin_ct.ct b/krb5-1.21.3/src/kadmin/cli/kadmin_ct.ct
new file mode 100644
index 00000000..705e4184
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/kadmin_ct.ct
@@ -0,0 +1,100 @@
+# Copyright 1994 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+# 
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+# 
+# Command table for kadmin CLI for OVSecure
+#
+
+command_table kadmin_cmds;
+
+request kadmin_addprinc, "Add principal",
+	add_principal, addprinc, ank;
+
+request kadmin_delprinc, "Delete principal",
+	delete_principal, delprinc;
+
+request kadmin_modprinc, "Modify principal",
+	modify_principal, modprinc;
+
+request kadmin_renameprinc, "Rename principal",
+	rename_principal, renprinc;
+
+request kadmin_cpw, "Change password",
+	change_password, cpw;
+
+request kadmin_getprinc, "Get principal",
+	get_principal, getprinc;
+
+request kadmin_getprincs, "List principals",
+	list_principals, listprincs, get_principals, getprincs;
+
+request kadmin_addpol, "Add policy",
+	add_policy, addpol;
+
+request kadmin_modpol, "Modify policy",
+	modify_policy, modpol;
+
+request kadmin_delpol, "Delete policy",
+	delete_policy, delpol;
+
+request kadmin_getpol, "Get policy",
+	get_policy, getpol;
+
+request kadmin_getpols, "List policies",
+	list_policies, listpols, get_policies, getpols;
+
+request kadmin_getprivs, "Get privileges",
+	get_privs, getprivs;
+
+request kadmin_keytab_add, "Add entry(s) to a keytab",
+	ktadd, xst;
+
+request kadmin_keytab_remove, "Remove entry(s) from a keytab",
+	ktremove, ktrem;
+
+request kadmin_lock, "Lock database exclusively (use with extreme caution!)",
+	lock;
+
+request kadmin_unlock, "Release exclusive database lock",
+	unlock;
+
+request kadmin_purgekeys, "Purge previously retained old keys from a principal",
+	purgekeys;
+
+request kadmin_getstrings, "Show string attributes on a principal",
+	get_strings, getstrs;
+
+request kadmin_setstring, "Set a string attribute on a principal",
+	set_string, setstr;
+
+request kadmin_delstring, "Delete a string attribute on a principal",
+	del_string, delstr;
+
+# list_requests is generic -- unrelated to Kerberos
+request	ss_list_requests, "List available requests.",
+	list_requests, lr, "?";
+
+request	ss_quit, "Exit program.",
+	quit, exit, q;
+
+end;
+
diff --git a/krb5-1.21.3/src/kadmin/cli/keytab.c b/krb5-1.21.3/src/kadmin/cli/keytab.c
new file mode 100644
index 00000000..b0c8378b
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/keytab.c
@@ -0,0 +1,505 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ * $Source$
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include "kadmin.h"
+
+static void add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+                          krb5_boolean keepold,
+                          int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                          char *princ_str);
+static void remove_principal(char *keytab_str, krb5_keytab keytab,
+                             char *princ_str, char *kvno_str);
+static char *etype_string(krb5_enctype enctype);
+
+static int quiet;
+
+static int norandkey;
+
+static void
+add_usage()
+{
+    fprintf(stderr, _("Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] "
+                      "[-norandkey] [principal | -glob princ-exp] [...]\n"));
+}
+
+static void
+rem_usage()
+{
+    fprintf(stderr, _("Usage: ktremove [-k[eytab] keytab] [-q] principal "
+                      "[kvno|\"all\"|\"old\"]\n"));
+}
+
+static int
+process_keytab(krb5_context my_context, char **keytab_str,
+               krb5_keytab *keytab)
+{
+    int code;
+    char *name = *keytab_str;
+
+    if (name == NULL) {
+        name = malloc(BUFSIZ);
+        if (!name) {
+            com_err(whoami, ENOMEM, _("while creating keytab name"));
+            return 1;
+        }
+        code = krb5_kt_default(my_context, keytab);
+        if (code != 0) {
+            com_err(whoami, code, _("while opening default keytab"));
+            free(name);
+            return 1;
+        }
+        code = krb5_kt_get_name(my_context, *keytab, name, BUFSIZ);
+        if (code != 0) {
+            com_err(whoami, code, _("while getting keytab name"));
+            free(name);
+            return 1;
+        }
+    } else {
+        if (strchr(name, ':') != NULL)
+            name = strdup(name);
+        else if (asprintf(&name, "WRFILE:%s", name) < 0)
+            name = NULL;
+        if (name == NULL) {
+            com_err(whoami, ENOMEM, _("while creating keytab name"));
+            return 1;
+        }
+
+        code = krb5_kt_resolve(my_context, name, keytab);
+        if (code != 0) {
+            com_err(whoami, code, _("while resolving keytab %s"), name);
+            free(name);
+            return 1;
+        }
+    }
+
+    *keytab_str = name;
+    return 0;
+}
+
+void
+kadmin_keytab_add(int argc, char **argv)
+{
+    krb5_keytab keytab = 0;
+    char *keytab_str = NULL, **princs;
+    int code, num, i;
+    krb5_error_code retval;
+    int n_ks_tuple = 0;
+    krb5_boolean keepold = FALSE;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+
+    argc--; argv++;
+    quiet = 0;
+    norandkey = 0;
+    while (argc) {
+        if (strncmp(*argv, "-k", 2) == 0) {
+            argc--; argv++;
+            if (!argc || keytab_str) {
+                add_usage();
+                return;
+            }
+            keytab_str = *argv;
+        } else if (strcmp(*argv, "-q") == 0) {
+            quiet++;
+        } else if (strcmp(*argv, "-norandkey") == 0) {
+            norandkey++;
+        } else if (strcmp(*argv, "-e") == 0) {
+            argc--;
+            if (argc < 1) {
+                add_usage();
+                return;
+            }
+            retval = krb5_string_to_keysalts(*++argv, NULL, NULL, 0,
+                                             &ks_tuple, &n_ks_tuple);
+            if (retval) {
+                com_err("ktadd", retval, _("while parsing keysalts %s"),
+                        *argv);
+
+                return;
+            }
+        } else
+            break;
+        argc--; argv++;
+    }
+
+    if (argc == 0) {
+        add_usage();
+        return;
+    }
+
+    if (norandkey && ks_tuple) {
+        fprintf(stderr,
+                _("cannot specify keysaltlist when not changing key\n"));
+        return;
+    }
+
+    if (process_keytab(context, &keytab_str, &keytab))
+        return;
+
+    while (*argv) {
+        if (strcmp(*argv, "-glob") == 0) {
+            if (*++argv == NULL) {
+                add_usage();
+                break;
+            }
+
+            code = kadm5_get_principals(handle, *argv, &princs, &num);
+            if (code) {
+                com_err(whoami, code, _("while expanding expression \"%s\"."),
+                        *argv);
+                argv++;
+                continue;
+            }
+
+            for (i = 0; i < num; i++)
+                add_principal(handle, keytab_str, keytab, keepold,
+                              n_ks_tuple, ks_tuple, princs[i]);
+            kadm5_free_name_list(handle, princs, num);
+        } else {
+            add_principal(handle, keytab_str, keytab, keepold,
+                          n_ks_tuple, ks_tuple, *argv);
+            argv++;
+        }
+    }
+
+    code = krb5_kt_close(context, keytab);
+    if (code != 0)
+        com_err(whoami, code, _("while closing keytab"));
+
+    free(keytab_str);
+}
+
+void
+kadmin_keytab_remove(int argc, char **argv)
+{
+    krb5_keytab keytab = 0;
+    char *keytab_str = NULL;
+    int code;
+
+    argc--; argv++;
+    quiet = 0;
+    while (argc) {
+        if (strncmp(*argv, "-k", 2) == 0) {
+            argc--; argv++;
+            if (!argc || keytab_str) {
+                rem_usage();
+                return;
+            }
+            keytab_str = *argv;
+        } else if (strcmp(*argv, "-q") == 0) {
+            quiet++;
+        } else
+            break;
+        argc--; argv++;
+    }
+
+    if (argc != 1 && argc != 2) {
+        rem_usage();
+        return;
+    }
+    if (process_keytab(context, &keytab_str, &keytab))
+        return;
+
+    remove_principal(keytab_str, keytab, argv[0], argv[1]);
+
+    code = krb5_kt_close(context, keytab);
+    if (code != 0)
+        com_err(whoami, code, _("while closing keytab"));
+
+    free(keytab_str);
+}
+
+/* Generate new random keys for princ, and convert them into a kadm5_key_data
+ * array (with no salt information). */
+static krb5_error_code
+fetch_new_keys(void *lhandle, krb5_principal princ, krb5_boolean keepold,
+               int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+               kadm5_key_data **key_data_out, int *nkeys_out)
+{
+    krb5_error_code code;
+    kadm5_key_data *key_data;
+    kadm5_principal_ent_rec princ_rec;
+    krb5_keyblock *keys = NULL;
+    int i, nkeys = 0;
+
+    *key_data_out = NULL;
+    *nkeys_out = 0;
+    memset(&princ_rec, 0, sizeof(princ_rec));
+
+    /* Generate new random keys. */
+    code = randkey_princ(lhandle, princ, keepold, n_ks_tuple, ks_tuple,
+                         &keys, &nkeys);
+    if (code)
+        goto cleanup;
+
+    /* Get the principal entry to find the kvno of the new keys.  (This is not
+     * atomic, but randkey doesn't report the new kvno.) */
+    code = kadm5_get_principal(lhandle, princ, &princ_rec,
+                               KADM5_PRINCIPAL_NORMAL_MASK);
+    if (code)
+        goto cleanup;
+
+    key_data = k5calloc(nkeys, sizeof(*key_data), &code);
+    if (key_data == NULL)
+        goto cleanup;
+
+    /* Transfer the keyblocks and free the container array. */
+    for (i = 0; i < nkeys; i++) {
+        key_data[i].key = keys[i];
+        key_data[i].kvno = princ_rec.kvno;
+    }
+    *key_data_out = key_data;
+    *nkeys_out = nkeys;
+    free(keys);
+    keys = NULL;
+    nkeys = 0;
+
+cleanup:
+    for (i = 0; i < nkeys; i++)
+        krb5_free_keyblock_contents(context, &keys[i]);
+    free(keys);
+    kadm5_free_principal_ent(lhandle, &princ_rec);
+    return code;
+}
+
+static void
+add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
+              krb5_boolean keepold, int n_ks_tuple,
+              krb5_key_salt_tuple *ks_tuple, char *princ_str)
+{
+    krb5_principal princ = NULL;
+    krb5_keytab_entry new_entry;
+    kadm5_key_data *key_data;
+    int code, nkeys, i;
+
+    princ = NULL;
+    key_data = NULL;
+    nkeys = 0;
+
+    code = krb5_parse_name(context, princ_str, &princ);
+    if (code != 0) {
+        com_err(whoami, code, _("while parsing -add principal name %s"),
+                princ_str);
+        goto cleanup;
+    }
+
+    if (norandkey) {
+        code = kadm5_get_principal_keys(handle, princ, 0, &key_data, &nkeys);
+    } else {
+        code = fetch_new_keys(handle, princ, keepold, n_ks_tuple, ks_tuple,
+                              &key_data, &nkeys);
+    }
+
+    if (code != 0) {
+        if (code == KADM5_UNK_PRINC) {
+            fprintf(stderr, _("%s: Principal %s does not exist.\n"),
+                    whoami, princ_str);
+        } else
+            com_err(whoami, code, _("while changing %s's key"), princ_str);
+        goto cleanup;
+    }
+
+    for (i = 0; i < nkeys; i++) {
+        memset(&new_entry, 0, sizeof(new_entry));
+        new_entry.principal = princ;
+        new_entry.key = key_data[i].key;
+        new_entry.vno = key_data[i].kvno;
+
+        code = krb5_kt_add_entry(context, keytab, &new_entry);
+        if (code != 0) {
+            com_err(whoami, code, _("while adding key to keytab"));
+            goto cleanup;
+        }
+
+        if (!quiet) {
+            printf(_("Entry for principal %s with kvno %d, "
+                     "encryption type %s added to keytab %s.\n"),
+                   princ_str, key_data[i].kvno,
+                   etype_string(key_data[i].key.enctype), keytab_str);
+        }
+    }
+
+cleanup:
+    kadm5_free_kadm5_key_data(context, nkeys, key_data);
+    krb5_free_principal(context, princ);
+}
+
+static void
+remove_principal(char *keytab_str, krb5_keytab keytab,
+                 char *princ_str, char *kvno_str)
+{
+    krb5_principal princ = NULL;
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    enum { UNDEF, SPEC, HIGH, ALL, OLD } mode;
+    int code, did_something;
+    krb5_kvno kvno;
+
+    code = krb5_parse_name(context, princ_str, &princ);
+    if (code != 0) {
+        com_err(whoami, code, _("while parsing principal name %s"), princ_str);
+        goto cleanup;
+    }
+
+    mode = UNDEF;
+    if (kvno_str == NULL) {
+        mode = HIGH;
+        kvno = 0;
+    } else if (strcmp(kvno_str, "all") == 0) {
+        mode = ALL;
+        kvno = 0;
+    } else if (strcmp(kvno_str, "old") == 0) {
+        mode = OLD;
+        kvno = 0;
+    } else {
+        mode = SPEC;
+        kvno = atoi(kvno_str);
+    }
+
+    /* kvno is set to specified value for SPEC, 0 otherwise */
+    code = krb5_kt_get_entry(context, keytab, princ, kvno, 0, &entry);
+    if (code != 0) {
+        if (code == ENOENT) {
+            fprintf(stderr, _("%s: Keytab %s does not exist.\n"),
+                    whoami, keytab_str);
+        } else if (code == KRB5_KT_NOTFOUND) {
+            if (mode != SPEC) {
+                fprintf(stderr, _("%s: No entry for principal %s exists in "
+                                  "keytab %s\n"),
+                        whoami, princ_str, keytab_str);
+            } else {
+                fprintf(stderr, _("%s: No entry for principal %s with kvno %d "
+                                  "exists in keytab %s\n"),
+                        whoami, princ_str, kvno, keytab_str);
+            }
+        } else {
+            com_err(whoami, code,
+                    _("while retrieving highest kvno from keytab"));
+        }
+        goto cleanup;
+    }
+
+    /* set kvno to spec'ed value for SPEC, highest kvno otherwise */
+    if (mode != SPEC)
+        kvno = entry.vno;
+    krb5_kt_free_entry(context, &entry);
+
+    code = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (code != 0) {
+        com_err(whoami, code, _("while starting keytab scan"));
+        goto cleanup;
+    }
+
+    did_something = 0;
+    while ((code = krb5_kt_next_entry(context, keytab, &entry,
+                                      &cursor)) == 0) {
+        if (krb5_principal_compare(context, princ, entry.principal) &&
+            ((mode == ALL) ||
+             (mode == SPEC && entry.vno == kvno) ||
+             (mode == OLD && entry.vno != kvno) ||
+             (mode == HIGH && entry.vno == kvno))) {
+
+            /*
+             * Ack!  What a kludge... the scanning functions lock
+             * the keytab so entries cannot be removed while they
+             * are operating.
+             */
+            code = krb5_kt_end_seq_get(context, keytab, &cursor);
+            if (code != 0) {
+                com_err(whoami, code,
+                        _("while temporarily ending keytab scan"));
+                goto cleanup;
+            }
+            code = krb5_kt_remove_entry(context, keytab, &entry);
+            if (code != 0) {
+                com_err(whoami, code, _("while deleting entry from keytab"));
+                goto cleanup;
+            }
+            code = krb5_kt_start_seq_get(context, keytab, &cursor);
+            if (code != 0) {
+                com_err(whoami, code, _("while restarting keytab scan"));
+                goto cleanup;
+            }
+
+            did_something++;
+            if (!quiet) {
+                printf(_("Entry for principal %s with kvno %d removed from "
+                         "keytab %s.\n"), princ_str, entry.vno, keytab_str);
+            }
+        }
+        krb5_kt_free_entry(context, &entry);
+    }
+    if (code && code != KRB5_KT_END) {
+        com_err(whoami, code, _("while scanning keytab"));
+        goto cleanup;
+    }
+    code = krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (code) {
+        com_err(whoami, code, _("while ending keytab scan"));
+        goto cleanup;
+    }
+
+    /*
+     * If !did_someting then mode must be OLD or we would have
+     * already returned with an error.  But check it anyway just to
+     * prevent unexpected error messages...
+     */
+    if (!did_something && mode == OLD) {
+        fprintf(stderr, _("%s: There is only one entry for principal %s in "
+                          "keytab %s\n"), whoami, princ_str, keytab_str);
+    }
+
+cleanup:
+    krb5_free_principal(context, princ);
+}
+
+/*
+ * etype_string(enctype): return a string representation of the
+ * encryption type.  XXX copied from klist.c; this should be a
+ * library function, or perhaps just #defines
+ */
+static char *
+etype_string(krb5_enctype enctype)
+{
+    static char buf[100];
+    krb5_error_code ret;
+
+    ret = krb5_enctype_to_name(enctype, FALSE, buf, sizeof(buf));
+    if (ret)
+        snprintf(buf, sizeof(buf), "etype %d", enctype);
+
+    return buf;
+}
diff --git a/krb5-1.21.3/src/kadmin/cli/keytab_local.c b/krb5-1.21.3/src/kadmin/cli/keytab_local.c
new file mode 100644
index 00000000..bb9cd88d
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/keytab_local.c
@@ -0,0 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * A wrapper around keytab.c used by kadmin.local to expose the -norandkey
+ * flag.  This avoids building two object files from the same source file,
+ * which is otherwise tricky with compilers that don't support -c and -o
+ * at the same time.
+ */
+
+#define KADMIN_LOCAL
+#include "keytab.c"
diff --git a/krb5-1.21.3/src/kadmin/cli/ss_wrapper.c b/krb5-1.21.3/src/kadmin/cli/ss_wrapper.c
new file mode 100644
index 00000000..7ae9f1a2
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/cli/ss_wrapper.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-platform.h>
+#include <krb5.h>
+#include <locale.h>
+#include <ss/ss.h>
+#include "kadmin.h"
+
+#ifdef NEED_SS_EXECUTE_COMMAND_PROTO
+int ss_execute_command(int, char **);
+#endif
+
+extern ss_request_table kadmin_cmds;
+extern int exit_status;
+extern char *whoami;
+
+int
+main(int argc, char *argv[])
+{
+    char *request, **args;
+    krb5_error_code retval;
+    int sci_idx, code = 0;
+
+    setlocale(LC_ALL, "");
+    whoami = ((whoami = strrchr(argv[0], '/')) ? whoami+1 : argv[0]);
+
+    kadmin_startup(argc, argv, &request, &args);
+    sci_idx = ss_create_invocation(whoami, "5.0", NULL, &kadmin_cmds, &retval);
+    if (retval) {
+        ss_perror(sci_idx, retval, _("creating invocation"));
+        exit(1);
+    }
+
+    if (*args != NULL) {
+        /* Execute post-option arguments as a single script-mode command. */
+        code = ss_execute_command(sci_idx, args);
+        if (code) {
+            ss_perror(sci_idx, code, *args);
+            exit_status = 1;
+        }
+    } else if (request != NULL) {
+        /* Execute the -q option as a single interactive command. */
+        code = ss_execute_line(sci_idx, request);
+        if (code != 0) {
+            ss_perror(sci_idx, code, request);
+            exit_status = 1;
+        }
+    } else {
+        /* Prompt for commands. */
+        (void)ss_listen(sci_idx);
+    }
+
+    return quit() ? 1 : exit_status;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/Makefile.in b/krb5-1.21.3/src/kadmin/dbutil/Makefile.in
new file mode 100644
index 00000000..1fa25d2a
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/Makefile.in
@@ -0,0 +1,43 @@
+mydir=kadmin$(S)dbutil
+BUILDTOP=$(REL)..$(S)..
+LOCALINCLUDES = -I.
+KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
+
+PROG = kdb5_util
+
+SRCS = kdb5_util.c kdb5_create.c kadm5_create.c kdb5_destroy.c \
+	   kdb5_stash.c import_err.c strtok.c dump.c ovload.c kdb5_mkey.c \
+	   tabdump.c tdumputil.c
+EXTRADEPSRCS = t_tdumputil.c
+
+OBJS = kdb5_util.o kdb5_create.o kadm5_create.o kdb5_destroy.o \
+	   kdb5_stash.o import_err.o strtok.o dump.o ovload.o kdb5_mkey.o \
+	   tabdump.o tdumputil.o
+
+GETDATE = ../cli/getdate.o
+
+all: $(PROG)
+
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(GETDATE)
+	$(CC_LINK) -o $(PROG) $(OBJS) $(GETDATE) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
+
+import_err.c import_err.h: $(srcdir)/import_err.et
+
+$(OBJS): import_err.h
+
+install:
+	$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
+
+clean:
+	$(RM) $(PROG) $(OBJS) import_err.c import_err.h
+	$(RM) t_tdumputil.o t_tdumputil
+
+T_TDUMPUTIL_OBJS = t_tdumputil.o tdumputil.o
+
+t_tdumputil: $(T_TDUMPUTIL_OBJS) $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o $@ $(T_TDUMPUTIL_OBJS) $(SUPPORT_LIB)
+
+depend: import_err.h
+
+check-pytests: t_tdumputil
+	$(RUNPYTEST) $(srcdir)/t_tdumputil.py $(PYTESTFLAGS)
diff --git a/krb5-1.21.3/src/kadmin/dbutil/deps b/krb5-1.21.3/src/kadmin/dbutil/deps
new file mode 100644
index 00000000..8b0965aa
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/deps
@@ -0,0 +1,206 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdb5_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_util.c kdb5_util.h
+$(OUTPRE)kdb5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_create.c \
+  kdb5_util.h
+$(OUTPRE)kadm5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kadm5_create.c kdb5_util.h
+$(OUTPRE)kdb5_destroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_destroy.c \
+  kdb5_util.h
+$(OUTPRE)kdb5_stash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_stash.c kdb5_util.h
+$(OUTPRE)import_err.$(OBJEXT): $(COM_ERR_DEPS) import_err.c
+$(OUTPRE)strtok.$(OBJEXT): nstrtok.h strtok.c
+$(OUTPRE)dump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dump.c kdb5_util.h
+$(OUTPRE)ovload.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h import_err.h kdb5_util.h \
+  nstrtok.h ovload.c
+$(OUTPRE)kdb5_mkey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_mkey.c kdb5_util.h
+$(OUTPRE)tabdump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb5_util.h tabdump.c tdumputil.h
+$(OUTPRE)tdumputil.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h tdumputil.c tdumputil.h
+$(OUTPRE)t_tdumputil.$(OBJEXT): t_tdumputil.c tdumputil.h
diff --git a/krb5-1.21.3/src/kadmin/dbutil/dump.c b/krb5-1.21.3/src/kadmin/dbutil/dump.c
new file mode 100644
index 00000000..a89b5144
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/dump.c
@@ -0,0 +1,1650 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/dbutil/dump.c - Dump a KDC database */
+/*
+ * Copyright 1990,1991,2001,2006,2008,2009,2013 by the Massachusetts Institute
+ * of Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+#include <kadm5/server_internal.h>
+#include <kdb.h>
+#include <com_err.h>
+#include "kdb5_util.h"
+#if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP)
+#include <regex.h>
+#endif  /* HAVE_REGEX_H */
+
+/* Needed for master key conversion. */
+static krb5_boolean mkey_convert;
+krb5_keyblock new_master_keyblock;
+krb5_kvno new_mkvno;
+
+#define K5Q1(x) #x
+#define K5Q(x) K5Q1(x)
+#define K5CONST_WIDTH_SCANF_STR(x) "%" K5Q(x) "s"
+
+/* Use compile(3) if no regcomp present. */
+#if !defined(HAVE_REGCOMP) && defined(HAVE_REGEXP_H)
+#define INIT char *sp = instring;
+#define GETC() (*sp++)
+#define PEEKC() (*sp)
+#define UNGETC(c) (--sp)
+#define RETURN(c) return(c)
+#define ERROR(c)
+#define RE_BUF_SIZE 1024
+#include <regexp.h>
+#endif /* !HAVE_REGCOMP && HAVE_REGEXP_H */
+
+typedef krb5_error_code (*dump_func)(krb5_context context,
+                                     krb5_db_entry *entry, const char *name,
+                                     FILE *fp, krb5_boolean verbose,
+                                     krb5_boolean omit_nra);
+typedef int (*load_func)(krb5_context context, const char *dumpfile, FILE *fp,
+                         krb5_boolean verbose, int *linenop);
+
+typedef struct _dump_version {
+    char *name;
+    char *header;
+    int updateonly;
+    int iprop;
+    int ipropx;
+    dump_func dump_princ;
+    osa_adb_iter_policy_func dump_policy;
+    load_func load_record;
+} dump_version;
+
+struct dump_args {
+    FILE *ofile;
+    krb5_context context;
+    char **names;
+    int nnames;
+    krb5_boolean verbose;
+    krb5_boolean omit_nra;      /* omit non-replicated attributes */
+    dump_version *dump;
+};
+
+/* External data */
+extern krb5_db_entry *master_entry;
+
+/*
+ * Re-encrypt the key_data with the new master key...
+ */
+krb5_error_code
+master_key_convert(krb5_context context, krb5_db_entry *db_entry)
+{
+    krb5_error_code retval;
+    krb5_keyblock v5plainkey, *key_ptr, *tmp_mkey;
+    krb5_keysalt keysalt;
+    krb5_key_data new_key_data, *key_data;
+    krb5_boolean is_mkey;
+    krb5_kvno kvno;
+    int i, j;
+
+    is_mkey = krb5_principal_compare(context, master_princ, db_entry->princ);
+
+    if (is_mkey) {
+        return add_new_mkey(context, db_entry, &new_master_keyblock,
+                            new_mkvno);
+    }
+
+    for (i = 0; i < db_entry->n_key_data; i++) {
+        key_data = &db_entry->key_data[i];
+        retval = krb5_dbe_find_mkey(context, db_entry, &tmp_mkey);
+        if (retval)
+            return retval;
+        retval = krb5_dbe_decrypt_key_data(context, tmp_mkey, key_data,
+                                           &v5plainkey, &keysalt);
+        if (retval)
+            return retval;
+
+        memset(&new_key_data, 0, sizeof(new_key_data));
+
+        key_ptr = &v5plainkey;
+        kvno = key_data->key_data_kvno;
+
+        retval = krb5_dbe_encrypt_key_data(context, &new_master_keyblock,
+                                           key_ptr, &keysalt, kvno,
+                                           &new_key_data);
+        if (retval)
+            return retval;
+        krb5_free_keyblock_contents(context, &v5plainkey);
+        for (j = 0; j < key_data->key_data_ver; j++) {
+            if (key_data->key_data_length[j])
+                free(key_data->key_data_contents[j]);
+        }
+        *key_data = new_key_data;
+    }
+    assert(new_mkvno > 0);
+    return krb5_dbe_update_mkvno(context, db_entry, new_mkvno);
+}
+
+/* Create temp file for new dump to be named ofile. */
+static FILE *
+create_ofile(char *ofile, char **tmpname)
+{
+    int fd = -1;
+    FILE *f;
+
+    *tmpname = NULL;
+    if (asprintf(tmpname, "%s-XXXXXX", ofile) < 0)
+        goto error;
+
+    fd = mkstemp(*tmpname);
+    if (fd == -1)
+        goto error;
+
+    f = fdopen(fd, "w+");
+    if (f != NULL)
+        return f;
+
+error:
+    com_err(progname, errno, _("while allocating temporary filename dump"));
+    if (fd >= 0)
+        unlink(*tmpname);
+    exit(1);
+}
+
+/* Rename new dump file into place. */
+static void
+finish_ofile(char *ofile, char **tmpname)
+{
+    if (rename(*tmpname, ofile) == -1) {
+        com_err(progname, errno, _("while renaming dump file into place"));
+        exit(1);
+    }
+    free(*tmpname);
+    *tmpname = NULL;
+}
+
+/* Create the .dump_ok file. */
+static krb5_boolean
+prep_ok_file(krb5_context context, char *file_name, int *fd_out)
+{
+    static char ok[] = ".dump_ok";
+    krb5_error_code retval;
+    char *file_ok = NULL;
+    int fd = -1;
+    krb5_boolean success = FALSE;
+
+    *fd_out = -1;
+
+    if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) {
+        com_err(progname, ENOMEM, _("while allocating dump_ok filename"));
+        goto cleanup;
+    }
+
+    fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+    if (fd == -1) {
+        com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
+        goto cleanup;
+    }
+    retval = krb5_lock_file(context, fd, KRB5_LOCKMODE_EXCLUSIVE);
+    if (retval) {
+        com_err(progname, retval, _("while locking 'ok' file, '%s'"), file_ok);
+        goto cleanup;
+    }
+
+    *fd_out = fd;
+    fd = -1;
+    success = TRUE;
+
+cleanup:
+    free(file_ok);
+    if (fd != -1)
+        close(fd);
+    if (!success)
+        exit_status++;
+    return success;
+}
+
+/*
+ * Update the "ok" file.
+ */
+static void
+update_ok_file(krb5_context context, int fd)
+{
+    write(fd, "", 1);
+    krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK);
+    close(fd);
+}
+
+/* Return true if a principal name matches a regular expression or string. */
+static int
+name_matches(char *name, struct dump_args *args)
+{
+#if HAVE_REGCOMP
+    regex_t reg;
+    regmatch_t rmatch;
+    int st;
+    char errmsg[BUFSIZ];
+#elif   HAVE_REGEXP_H
+    char regexp_buffer[RE_BUF_SIZE];
+#elif   HAVE_RE_COMP
+    extern char *re_comp();
+    char *re_result;
+#endif  /* HAVE_RE_COMP */
+    int i, match;
+
+    /* Check each regular expression in args. */
+    match = args->nnames ? 0 : 1;
+    for (i = 0; i < args->nnames && !match; i++) {
+#if HAVE_REGCOMP
+        /* Compile the regular expression. */
+        st = regcomp(&reg, args->names[i], REG_EXTENDED);
+        if (st) {
+            regerror(st, &reg, errmsg, sizeof(errmsg));
+            fprintf(stderr, _("%s: regular expression error: %s\n"), progname,
+                    errmsg);
+            break;
+        }
+        /* See if we have a match. */
+        st = regexec(&reg, name, 1, &rmatch, 0);
+        if (st == 0) {
+            /* See if it matches the whole name. */
+            if (rmatch.rm_so == 0 && (size_t)rmatch.rm_eo == strlen(name))
+                match = 1;
+        } else if (st != REG_NOMATCH) {
+            regerror(st, &reg, errmsg, sizeof(errmsg));
+            fprintf(stderr, _("%s: regular expression match error: %s\n"),
+                    progname, errmsg);
+            break;
+        }
+        regfree(&reg);
+#elif HAVE_REGEXP_H
+        /* Compile the regular expression. */
+        compile(args->names[i], regexp_buffer, &regexp_buffer[RE_BUF_SIZE],
+                '\0');
+        if (step(name, regexp_buffer)) {
+            if (loc1 == name && loc2 == &name[strlen(name)])
+                match = 1;
+        }
+#elif HAVE_RE_COMP
+        /* Compile the regular expression. */
+        re_result = re_comp(args->names[i]);
+        if (re_result) {
+            fprintf(stderr, _("%s: regular expression error: %s\n"), progname,
+                    re_result);
+            break;
+        }
+        if (re_exec(name))
+            match = 1;
+#else /* HAVE_RE_COMP */
+        /* If no regular expression support, then just compare the strings. */
+        if (!strcmp(args->names[i], name))
+            match = 1;
+#endif /* HAVE_REGCOMP */
+    }
+    return match;
+}
+
+/* Output "-1" if len is 0; otherwise output len bytes of data in hex. */
+static void
+dump_octets_or_minus1(FILE *fp, unsigned char *data, size_t len)
+{
+    if (len > 0) {
+        for (; len > 0; len--)
+            fprintf(fp, "%02x", *data++);
+    } else {
+        fprintf(fp, "-1");
+    }
+}
+
+/*
+ * Dump TL data; common to principals and policies.
+ *
+ * If filter_kadm then the KRB5_TL_KADM_DATA (where a principal's policy
+ * name is stored) is filtered out.  This is for dump formats that don't
+ * support policies.
+ */
+static void
+dump_tl_data(FILE *ofile, krb5_tl_data *tlp, krb5_boolean filter_kadm)
+{
+    for (; tlp != NULL; tlp = tlp->tl_data_next) {
+        if (tlp->tl_data_type == KRB5_TL_KADM_DATA && filter_kadm)
+            continue;
+        fprintf(ofile, "\t%d\t%d\t", (int)tlp->tl_data_type,
+                (int)tlp->tl_data_length);
+        dump_octets_or_minus1(ofile, tlp->tl_data_contents,
+                              tlp->tl_data_length);
+    }
+}
+
+/* Dump a principal entry in krb5 beta 7 format.  Omit kadmin tl-data if kadm
+ * is false. */
+static krb5_error_code
+k5beta7_common(krb5_context context, krb5_db_entry *entry,
+               const char *name, FILE *fp, krb5_boolean verbose,
+               krb5_boolean omit_nra, krb5_boolean kadm)
+{
+    krb5_tl_data *tlp;
+    krb5_key_data *kdata;
+    int counter, skip, i;
+
+    /*
+     * The dump format is as follows:
+     *      len strlen(name) n_tl_data n_key_data e_length
+     *      name
+     *      attributes max_life max_renewable_life expiration
+     *      pw_expiration last_success last_failed fail_auth_count
+     *      n_tl_data*[type length <contents>]
+     *      n_key_data*[ver kvno ver*(type length <contents>)]
+     *      <e_data>
+     * Fields which are not encapsulated by angle-brackets are to appear
+     * verbatim.  A bracketed field's absence is indicated by a -1 in its
+     * place.
+     */
+
+    /* Make sure that the tagged list is reasonably correct. */
+    counter = skip = 0;
+    for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
+        /* Don't dump tl data types we know aren't understood by earlier
+         * versions. */
+        if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm)
+            skip++;
+        else
+            counter++;
+    }
+
+    if (counter + skip != entry->n_tl_data) {
+        fprintf(stderr, _("%s: tagged data list inconsistency for %s "
+                          "(counted %d, stored %d)\n"), progname, name,
+                counter + skip, (int)entry->n_tl_data);
+        return EINVAL;
+    }
+
+    /* Write out header. */
+    fprintf(fp, "princ\t%d\t%lu\t%d\t%d\t%d\t%s\t", (int)entry->len,
+            (unsigned long)strlen(name), counter, (int)entry->n_key_data,
+            (int)entry->e_length, name);
+    fprintf(fp, "%d\t%d\t%d\t%u\t%u\t%u\t%u\t%d", entry->attributes,
+            entry->max_life, entry->max_renewable_life,
+            (unsigned int)entry->expiration,
+            (unsigned int)entry->pw_expiration,
+            (unsigned int)(omit_nra ? 0 : entry->last_success),
+            (unsigned int)(omit_nra ? 0 : entry->last_failed),
+            omit_nra ? 0 : entry->fail_auth_count);
+
+    /* Write out tagged data. */
+    dump_tl_data(fp, entry->tl_data, !kadm);
+    fprintf(fp, "\t");
+
+    /* Write out key data. */
+    for (counter = 0; counter < entry->n_key_data; counter++) {
+        kdata = &entry->key_data[counter];
+        fprintf(fp, "%d\t%d\t", (int)kdata->key_data_ver,
+                (int)kdata->key_data_kvno);
+        for (i = 0; i < kdata->key_data_ver; i++) {
+            fprintf(fp, "%d\t%d\t", kdata->key_data_type[i],
+                    kdata->key_data_length[i]);
+            dump_octets_or_minus1(fp, kdata->key_data_contents[i],
+                                  kdata->key_data_length[i]);
+            fprintf(fp, "\t");
+        }
+    }
+
+    /* Write out extra data. */
+    dump_octets_or_minus1(fp, entry->e_data, entry->e_length);
+
+    /* Write trailer. */
+    fprintf(fp, ";\n");
+
+    if (verbose)
+        fprintf(stderr, "%s\n", name);
+
+    return 0;
+}
+
+/* Output a dump record in krb5b7 format. */
+static krb5_error_code
+dump_k5beta7_princ(krb5_context context, krb5_db_entry *entry,
+                   const char *name, FILE *fp, krb5_boolean verbose,
+                   krb5_boolean omit_nra)
+{
+    return k5beta7_common(context, entry, name, fp, verbose, omit_nra, FALSE);
+}
+
+static krb5_error_code
+dump_k5beta7_princ_withpolicy(krb5_context context, krb5_db_entry *entry,
+                              const char *name, FILE *fp, krb5_boolean verbose,
+                              krb5_boolean omit_nra)
+{
+    return k5beta7_common(context, entry, name, fp, verbose, omit_nra, TRUE);
+}
+
+static void
+dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
+{
+    struct dump_args *arg = data;
+
+    fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name,
+            entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
+            entry->pw_min_classes, entry->pw_history_num, 0);
+}
+
+static void
+dump_r1_8_policy(void *data, osa_policy_ent_t entry)
+{
+    struct dump_args *arg = data;
+
+    fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n",
+            entry->name, entry->pw_min_life, entry->pw_max_life,
+            entry->pw_min_length, entry->pw_min_classes, entry->pw_history_num,
+            0, entry->pw_max_fail, entry->pw_failcnt_interval,
+            entry->pw_lockout_duration);
+}
+
+static void
+dump_r1_11_policy(void *data, osa_policy_ent_t entry)
+{
+    struct dump_args *arg = data;
+
+    fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t"
+            "%d\t%d\t%d\t%s\t%d", entry->name, entry->pw_min_life,
+            entry->pw_max_life, entry->pw_min_length, entry->pw_min_classes,
+            entry->pw_history_num, 0, entry->pw_max_fail,
+            entry->pw_failcnt_interval, entry->pw_lockout_duration,
+            entry->attributes, entry->max_life, entry->max_renewable_life,
+            entry->allowed_keysalts ? entry->allowed_keysalts : "-",
+            entry->n_tl_data);
+
+    dump_tl_data(arg->ofile, entry->tl_data, FALSE);
+    fprintf(arg->ofile, "\n");
+}
+
+static krb5_error_code
+dump_iterator(void *ptr, krb5_db_entry *entry)
+{
+    krb5_error_code ret;
+    struct dump_args *args = ptr;
+    char *name;
+
+    ret = krb5_unparse_name(args->context, entry->princ, &name);
+    if (ret) {
+        com_err(progname, ret, _("while unparsing principal name"));
+        return ret;
+    }
+
+    /* Re-encode the keys in the new master key, if necessary. */
+    if (mkey_convert) {
+        ret = master_key_convert(args->context, entry);
+        if (ret) {
+            com_err(progname, ret, _("while converting %s to new master key"),
+                    name);
+            goto cleanup;
+        }
+    }
+
+    /* Don't dump this entry if we have match strings and it doesn't match. */
+    if (args->nnames > 0 && !name_matches(name, args))
+        goto cleanup;
+
+    ret = args->dump->dump_princ(args->context, entry, name, args->ofile,
+                                 args->verbose, args->omit_nra);
+
+cleanup:
+    free(name);
+    return ret;
+}
+
+static inline void
+load_err(const char *fname, int lineno, const char *msg)
+{
+    fprintf(stderr, _("%s(%d): %s\n"), fname, lineno, msg);
+}
+
+/* Read a string of bytes.  Increment *lp for each newline.  Return 0 on
+ * success, 1 on failure. */
+static int
+read_string(FILE *f, char *buf, int len, int *lp)
+{
+    int c, i;
+
+    for (i = 0; i < len; i++) {
+        c = fgetc(f);
+        if (c < 0)
+            return 1;
+        if (c == '\n')
+            (*lp)++;
+        buf[i] = c;
+    }
+    buf[len] = '\0';
+    return 0;
+}
+
+/* Read a string of two-character representations of bytes. */
+static int
+read_octet_string(FILE *f, unsigned char *buf, int len)
+{
+    int c, i;
+
+    for (i = 0; i < len; i++) {
+        if (fscanf(f, "%02x", &c) != 1)
+            return 1;
+        buf[i] = c;
+    }
+    return 0;
+}
+
+/* Read the end of a dumpfile record. */
+static void
+read_record_end(FILE *f, const char *fn, int lineno)
+{
+    int ch;
+
+    if ((ch = fgetc(f)) != ';' || (ch = fgetc(f)) != '\n') {
+        fprintf(stderr, _("%s(%d): ignoring trash at end of line: "), fn,
+                lineno);
+        while (ch != '\n') {
+            putc(ch, stderr);
+            ch = fgetc(f);
+        }
+        putc(ch, stderr);
+    }
+}
+
+/* Allocate and form a TL data list of a desired size. */
+static int
+alloc_tl_data(krb5_int16 n_tl_data, krb5_tl_data **tldp)
+{
+    krb5_tl_data **tlp = tldp;
+    int i;
+
+    for (i = 0; i < n_tl_data; i++) {
+        *tlp = calloc(1, sizeof(krb5_tl_data));
+        if (*tlp == NULL)
+            return ENOMEM; /* caller cleans up */
+        tlp = &((*tlp)->tl_data_next);
+    }
+
+    return 0;
+}
+
+/* If len is zero, read the string "-1" from fp.  Otherwise allocate space and
+ * read len octets.  Return 0 on success, 1 on failure. */
+static int
+read_octets_or_minus1(FILE *fp, size_t len, unsigned char **out)
+{
+    int ival;
+    unsigned char *buf;
+
+    *out = NULL;
+    if (len == 0)
+        return fscanf(fp, "%d", &ival) != 1 || ival != -1;
+    buf = malloc(len);
+    if (buf == NULL)
+        return 1;
+    if (read_octet_string(fp, buf, len)) {
+        free(buf);
+        return 1;
+    }
+    *out = buf;
+    return 0;
+}
+
+/* Read TL data for a principal or policy.  Print an error and return -1 on
+ * failure. */
+static int
+process_tl_data(const char *fname, FILE *filep, int lineno,
+                krb5_tl_data *tl_data)
+{
+    krb5_tl_data *tl;
+    int nread, i1;
+    unsigned int u1;
+
+    for (tl = tl_data; tl; tl = tl->tl_data_next) {
+        nread = fscanf(filep, "%d\t%u\t", &i1, &u1);
+        if (nread != 2) {
+            load_err(fname, lineno,
+                     _("cannot read tagged data type and length"));
+            return EINVAL;
+        }
+        if (i1 < INT16_MIN || i1 > INT16_MAX || u1 > UINT16_MAX) {
+            load_err(fname, lineno, _("data type or length overflowed"));
+            return EINVAL;
+        }
+        tl->tl_data_type = i1;
+        tl->tl_data_length = u1;
+        if (read_octets_or_minus1(filep, tl->tl_data_length,
+                                  &tl->tl_data_contents)) {
+            load_err(fname, lineno, _("cannot read tagged data contents"));
+            return EINVAL;
+        }
+    }
+
+    return 0;
+}
+
+/* Read a beta 7 entry and add it to the database.  Return -1 for end of file,
+ * 0 for success and 1 for failure. */
+static int
+process_k5beta7_princ(krb5_context context, const char *fname, FILE *filep,
+                      krb5_boolean verbose, int *linenop)
+{
+    int retval, nread, i, j;
+    krb5_db_entry *dbentry;
+    int t1, t2, t3, t4;
+    unsigned int u1, u2, u3, u4, u5;
+    char *name = NULL;
+    krb5_key_data *kp = NULL, *kd;
+    krb5_tl_data *tl;
+    krb5_error_code ret;
+
+    dbentry = calloc(1, sizeof(*dbentry));
+    if (dbentry == NULL)
+        return 1;
+    (*linenop)++;
+    nread = fscanf(filep, "%u\t%u\t%u\t%u\t%u\t", &u1, &u2, &u3, &u4, &u5);
+    if (nread == EOF) {
+        retval = -1;
+        goto cleanup;
+    }
+    if (nread != 5) {
+        load_err(fname, *linenop, _("cannot match size tokens"));
+        goto fail;
+    }
+
+    /* Get memory for flattened principal name */
+    if (u2 > UINT_MAX / 2) {
+        load_err(fname, *linenop, _("cannot allocate principal (too large)"));
+        goto fail;
+    }
+    name = malloc(u2 + 1);
+    if (name == NULL)
+        goto fail;
+
+    /* Get memory for and form tagged data linked list */
+    if (u3 > UINT16_MAX) {
+        load_err(fname, *linenop, _("cannot allocate tl_data (too large)"));
+        goto fail;
+    }
+    if (alloc_tl_data(u3, &dbentry->tl_data))
+        goto fail;
+    dbentry->n_tl_data = u3;
+
+    /* Get memory for key list */
+    if (u4 > INT16_MAX) {
+        load_err(fname, *linenop, _("invalid key_data size"));
+        goto fail;
+    }
+    if (u4 && (kp = calloc(u4, sizeof(krb5_key_data))) == NULL)
+        goto fail;
+
+    dbentry->len = u1;
+    dbentry->n_key_data = u4;
+    dbentry->e_length = u5;
+
+    if (kp != NULL) {
+        dbentry->key_data = kp;
+        kp = NULL;
+    }
+
+    /* Read in and parse the principal name */
+    if (read_string(filep, name, u2, linenop)) {
+        load_err(fname, *linenop, _("cannot read name string"));
+        goto fail;
+    }
+    ret = krb5_parse_name(context, name, &dbentry->princ);
+    if (ret) {
+        com_err(progname, ret, _("while parsing name %s"), name);
+        goto fail;
+    }
+
+    /* Get the fixed principal attributes */
+    nread = fscanf(filep, "%d\t%d\t%d\t%u\t%u\t%d\t%d\t%d\t",
+                   &t1, &t2, &t3, &u1, &u2, &u3, &u4, &u5);
+    if (nread != 8) {
+        load_err(fname, *linenop, _("cannot read principal attributes"));
+        goto fail;
+    }
+    dbentry->attributes = t1;
+    dbentry->max_life = t2;
+    dbentry->max_renewable_life = t3;
+    dbentry->expiration = u1;
+    dbentry->pw_expiration = u2;
+    dbentry->last_success = u3;
+    dbentry->last_failed = u4;
+    dbentry->fail_auth_count = u5;
+    dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+        KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
+        KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | KADM5_LAST_SUCCESS |
+        KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
+
+    /* Read tagged data. */
+    if (dbentry->n_tl_data) {
+        if (process_tl_data(fname, filep, *linenop, dbentry->tl_data))
+            goto fail;
+        for (tl = dbentry->tl_data; tl; tl = tl->tl_data_next) {
+            /* test to set mask fields */
+            if (tl->tl_data_type == KRB5_TL_KADM_DATA) {
+                XDR xdrs;
+                osa_princ_ent_rec osa_princ_ent;
+
+                /*
+                 * Assuming aux_attributes will always be
+                 * there
+                 */
+                dbentry->mask |= KADM5_AUX_ATTRIBUTES;
+
+                /* test for an actual policy reference */
+                memset(&osa_princ_ent, 0, sizeof(osa_princ_ent));
+                xdrmem_create(&xdrs, (char *)tl->tl_data_contents,
+                              tl->tl_data_length, XDR_DECODE);
+                if (xdr_osa_princ_ent_rec(&xdrs, &osa_princ_ent)) {
+                    if ((osa_princ_ent.aux_attributes & KADM5_POLICY) &&
+                        osa_princ_ent.policy != NULL)
+                        dbentry->mask |= KADM5_POLICY;
+                    kdb_free_entry(NULL, NULL, &osa_princ_ent);
+                }
+                xdr_destroy(&xdrs);
+            }
+        }
+        dbentry->mask |= KADM5_TL_DATA;
+    }
+
+    /* Get the key data. */
+    for (i = 0; i < dbentry->n_key_data; i++) {
+        kd = &dbentry->key_data[i];
+        nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
+        if (nread != 2) {
+            load_err(fname, *linenop, _("cannot read key size and version"));
+            goto fail;
+        }
+        if (t1 > KRB5_KDB_V1_KEY_DATA_ARRAY) {
+            load_err(fname, *linenop, _("unsupported key_data_ver version"));
+            goto fail;
+        }
+        if (t2 < 0 || t2 > UINT16_MAX) {
+            load_err(fname, *linenop, _("invalid kvno"));
+            goto fail;
+        }
+
+        kd->key_data_ver = t1;
+        kd->key_data_kvno = t2;
+
+        for (j = 0; j < t1; j++) {
+            nread = fscanf(filep, "%d\t%d\t", &t3, &t4);
+            if (nread != 2 || t4 < 0 || t4 > UINT16_MAX) {
+                load_err(fname, *linenop,
+                         _("cannot read key type and length"));
+                goto fail;
+            }
+            kd->key_data_type[j] = t3;
+            kd->key_data_length[j] = t4;
+            if (read_octets_or_minus1(filep, t4, &kd->key_data_contents[j])) {
+                load_err(fname, *linenop, _("cannot read key data"));
+                goto fail;
+            }
+        }
+    }
+    if (dbentry->n_key_data)
+        dbentry->mask |= KADM5_KEY_DATA;
+
+    /* Get the extra data */
+    if (read_octets_or_minus1(filep, dbentry->e_length, &dbentry->e_data)) {
+        load_err(fname, *linenop, _("cannot read extra data"));
+        goto fail;
+    }
+
+    /* Finally, find the end of the record. */
+    read_record_end(filep, fname, *linenop);
+
+    ret = krb5_db_put_principal(context, dbentry);
+    if (ret) {
+        com_err(progname, ret, _("while storing %s"), name);
+        goto fail;
+    }
+
+    if (verbose)
+        fprintf(stderr, "%s\n", name);
+    retval = 0;
+
+cleanup:
+    free(kp);
+    free(name);
+    krb5_db_free_principal(context, dbentry);
+    return retval;
+
+fail:
+    retval = 1;
+    goto cleanup;
+}
+
+static int
+process_k5beta7_policy(krb5_context context, const char *fname, FILE *filep,
+                       krb5_boolean verbose, int *linenop)
+{
+    osa_policy_ent_rec rec;
+    char namebuf[1024];
+    unsigned int refcnt;
+    int nread, ret;
+
+    memset(&rec, 0, sizeof(rec));
+
+    (*linenop)++;
+    rec.name = namebuf;
+
+    nread = fscanf(filep, "%1023s\t%u\t%u\t%u\t%u\t%u\t%u", rec.name,
+                   &rec.pw_min_life, &rec.pw_max_life, &rec.pw_min_length,
+                   &rec.pw_min_classes, &rec.pw_history_num, &refcnt);
+    if (nread == EOF)
+        return -1;
+    if (nread != 7) {
+        fprintf(stderr, _("cannot parse policy (%d read)\n"), nread);
+        return 1;
+    }
+
+    ret = krb5_db_create_policy(context, &rec);
+    if (ret)
+        ret = krb5_db_put_policy(context, &rec);
+    if (ret) {
+        com_err(progname, ret, _("while creating policy"));
+        return 1;
+    }
+    if (verbose)
+        fprintf(stderr, _("created policy %s\n"), rec.name);
+
+    return 0;
+}
+
+static int
+process_r1_8_policy(krb5_context context, const char *fname, FILE *filep,
+                    krb5_boolean verbose, int *linenop)
+{
+    osa_policy_ent_rec rec;
+    char namebuf[1024];
+    unsigned int refcnt;
+    int nread, ret;
+
+    memset(&rec, 0, sizeof(rec));
+
+    (*linenop)++;
+    rec.name = namebuf;
+
+    nread = fscanf(filep, "%1023s\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u",
+                   rec.name, &rec.pw_min_life, &rec.pw_max_life,
+                   &rec.pw_min_length, &rec.pw_min_classes,
+                   &rec.pw_history_num, &refcnt, &rec.pw_max_fail,
+                   &rec.pw_failcnt_interval, &rec.pw_lockout_duration);
+    if (nread == EOF)
+        return -1;
+    if (nread != 10) {
+        fprintf(stderr, _("cannot parse policy (%d read)\n"), nread);
+        return 1;
+    }
+
+    ret = krb5_db_create_policy(context, &rec);
+    if (ret)
+        ret = krb5_db_put_policy(context, &rec);
+    if (ret) {
+        com_err(progname, ret, _("while creating policy"));
+        return 1;
+    }
+    if (verbose)
+        fprintf(stderr, "created policy %s\n", rec.name);
+
+    return 0;
+}
+
+static int
+process_r1_11_policy(krb5_context context, const char *fname, FILE *filep,
+                     krb5_boolean verbose, int *linenop)
+{
+    osa_policy_ent_rec rec;
+    krb5_tl_data *tl, *tl_next;
+    char namebuf[1024];
+    char keysaltbuf[KRB5_KDB_MAX_ALLOWED_KS_LEN + 1];
+    unsigned int refcnt;
+    int nread, c, ret = 0;
+
+    memset(&rec, 0, sizeof(rec));
+
+    (*linenop)++;
+    rec.name = namebuf;
+
+    /*
+     * Due to a historical error, iprop dumps use the same version before and
+     * after the 1.11 policy extensions.  So we need to accept both 1.8-format
+     * and 1.11-format policy entries.  Begin by reading the 1.8 fields.
+     */
+    nread = fscanf(filep, "%1023s\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u",
+                   rec.name, &rec.pw_min_life, &rec.pw_max_life,
+                   &rec.pw_min_length, &rec.pw_min_classes,
+                   &rec.pw_history_num, &refcnt, &rec.pw_max_fail,
+                   &rec.pw_failcnt_interval, &rec.pw_lockout_duration);
+    if (nread == EOF)
+        return -1;
+    if (nread != 10) {
+        fprintf(stderr, _("cannot parse policy (%d read)\n"), nread);
+        return 1;
+    }
+
+    /* The next character should be a newline (1.8) or a tab (1.11). */
+    c = getc(filep);
+    if (c == EOF)
+        return -1;
+    if (c != '\n') {
+        /* Read the additional 1.11-format fields. */
+        rec.allowed_keysalts = keysaltbuf;
+        nread = fscanf(filep, "%u\t%u\t%u\t"
+                       K5CONST_WIDTH_SCANF_STR(KRB5_KDB_MAX_ALLOWED_KS_LEN)
+                       "\t%hd", &rec.attributes, &rec.max_life,
+                       &rec.max_renewable_life, rec.allowed_keysalts,
+                       &rec.n_tl_data);
+        if (nread == EOF)
+            return -1;
+        if (nread != 5) {
+            fprintf(stderr, _("cannot parse policy (%d read)\n"), nread);
+            return 1;
+        }
+
+        if (rec.allowed_keysalts && !strcmp(rec.allowed_keysalts, "-"))
+            rec.allowed_keysalts = NULL;
+
+        /* Get TL data */
+        ret = alloc_tl_data(rec.n_tl_data, &rec.tl_data);
+        if (ret)
+            goto cleanup;
+
+        ret = process_tl_data(fname, filep, *linenop, rec.tl_data);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = krb5_db_create_policy(context, &rec);
+    if (ret)
+        ret = krb5_db_put_policy(context, &rec);
+    if (ret) {
+        com_err(progname, ret, _("while creating policy"));
+        goto cleanup;
+    }
+    if (verbose)
+        fprintf(stderr, "created policy %s\n", rec.name);
+
+cleanup:
+    for (tl = rec.tl_data; tl; tl = tl_next) {
+        tl_next = tl->tl_data_next;
+        free(tl->tl_data_contents);
+        free(tl);
+    }
+    return ret ? 1 : 0;
+}
+
+/* Read a record which is tagged with "princ" or "policy", calling princfn
+ * or policyfn as appropriate. */
+static int
+process_tagged(krb5_context context, const char *fname, FILE *filep,
+               krb5_boolean verbose, int *linenop, load_func princfn,
+               load_func policyfn)
+{
+    int nread;
+    char rectype[100];
+
+    nread = fscanf(filep, "%99s\t", rectype);
+    if (nread == EOF)
+        return -1;
+    if (nread != 1)
+        return 1;
+    if (strcmp(rectype, "princ") == 0)
+        return (*princfn)(context, fname, filep, verbose, linenop);
+    if (strcmp(rectype, "policy") == 0)
+        return (*policyfn)(context, fname, filep, verbose, linenop);
+    if (strcmp(rectype, "End") == 0)  /* Only expected for OV format */
+        return -1;
+
+    fprintf(stderr, _("unknown record type \"%s\"\n"), rectype);
+    return 1;
+}
+
+static int
+process_k5beta7_record(krb5_context context, const char *fname, FILE *filep,
+                       krb5_boolean verbose, int *linenop)
+{
+    return process_tagged(context, fname, filep, verbose, linenop,
+                          process_k5beta7_princ, process_k5beta7_policy);
+}
+
+static int
+process_r1_8_record(krb5_context context, const char *fname, FILE *filep,
+                    krb5_boolean verbose, int *linenop)
+{
+    return process_tagged(context, fname, filep, verbose, linenop,
+                          process_k5beta7_princ, process_r1_8_policy);
+}
+
+static int
+process_r1_11_record(krb5_context context, const char *fname, FILE *filep,
+                     krb5_boolean verbose, int *linenop)
+{
+    return process_tagged(context, fname, filep, verbose, linenop,
+                          process_k5beta7_princ, process_r1_11_policy);
+}
+
+dump_version beta7_version = {
+    "Kerberos version 5",
+    "kdb5_util load_dump version 4\n",
+    0,
+    0,
+    0,
+    dump_k5beta7_princ,
+    dump_k5beta7_policy,
+    process_k5beta7_record,
+};
+dump_version r1_3_version = {
+    "Kerberos version 5 release 1.3",
+    "kdb5_util load_dump version 5\n",
+    0,
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_k5beta7_policy,
+    process_k5beta7_record,
+};
+dump_version r1_8_version = {
+    "Kerberos version 5 release 1.8",
+    "kdb5_util load_dump version 6\n",
+    0,
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_r1_8_policy,
+    process_r1_8_record,
+};
+dump_version r1_11_version = {
+    "Kerberos version 5 release 1.11",
+    "kdb5_util load_dump version 7\n",
+    0,
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_r1_11_policy,
+    process_r1_11_record,
+};
+dump_version iprop_version = {
+    "Kerberos iprop version",
+    "iprop",
+    0,
+    1,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_k5beta7_policy,
+    process_k5beta7_record,
+};
+dump_version ipropx_1_version = {
+    "Kerberos iprop extensible version",
+    "ipropx",
+    0,
+    1,
+    1,
+    dump_k5beta7_princ_withpolicy,
+    dump_r1_11_policy,
+    process_r1_11_record,
+};
+
+/* Read the dump header.  Return 1 on success, 0 if the file is not a
+ * recognized iprop dump format. */
+static int
+parse_iprop_header(char *buf, dump_version **dv, kdb_last_t *last)
+{
+    char head[128];
+    int nread;
+    uint32_t u[4];
+    uint32_t *up = &u[0];
+
+    nread = sscanf(buf, "%127s %u %u %u %u", head, &u[0], &u[1], &u[2], &u[3]);
+    if (nread < 1)
+        return 0;
+
+    if (!strcmp(head, ipropx_1_version.header)) {
+        if (nread != 5)
+            return 0;
+        if (u[0] == IPROPX_VERSION_0) {
+            *dv = &iprop_version;
+        } else if (u[0] == IPROPX_VERSION_1) {
+            *dv = &ipropx_1_version;
+        } else {
+            fprintf(stderr, _("%s: Unknown iprop dump version %d\n"), progname,
+                    u[0]);
+            return 0;
+        }
+        up = &u[1];
+    } else if (!strcmp(head, iprop_version.header)) {
+        if (nread != 4)
+            return 0;
+        *dv = &iprop_version;
+    } else {
+        fprintf(stderr, "Invalid iprop header\n");
+        return 0;
+    }
+
+    last->last_sno = *up++;
+    last->last_time.seconds = *up++;
+    last->last_time.useconds = *up++;
+    return 1;
+}
+
+/* Return true if the serial number and timestamp in an existing dump file is
+ * in the ulog. */
+static krb5_boolean
+current_dump_sno_in_ulog(krb5_context context, const char *ifile)
+{
+    update_status_t status;
+    dump_version *junk;
+    kdb_last_t last;
+    char buf[BUFSIZ], *r;
+    FILE *f;
+
+    f = fopen(ifile, "r");
+    if (f == NULL)
+        return 0;              /* aliasing other errors to ENOENT here is OK */
+
+    r = fgets(buf, sizeof(buf), f);
+    fclose(f);
+    if (r == NULL)
+        return errno ? -1 : 0;
+
+    if (!parse_iprop_header(buf, &junk, &last))
+        return 0;
+
+    status = ulog_get_sno_status(context, &last);
+    return status == UPDATE_OK || status == UPDATE_NIL;
+}
+
+void
+dump_db(int argc, char **argv)
+{
+    FILE *f;
+    struct dump_args args;
+    char *ofile = NULL, *tmpofile = NULL, *new_mkey_file = NULL;
+    krb5_error_code ret, retval;
+    dump_version *dump;
+    int aindex, ok_fd = -1;
+    bool_t dump_sno = FALSE;
+    kdb_log_context *log_ctx;
+    unsigned int ipropx_version = IPROPX_VERSION_0;
+    krb5_kvno kt_kvno;
+    krb5_boolean conditional = FALSE;
+    kdb_last_t last;
+    krb5_flags iterflags = 0;
+
+    /* Parse the arguments. */
+    dump = &r1_11_version;
+    args.verbose = FALSE;
+    args.omit_nra = FALSE;
+    mkey_convert = FALSE;
+    log_ctx = util_context->kdblog_context;
+
+    /*
+     * Parse the qualifiers.
+     */
+    for (aindex = 1; aindex < argc; aindex++) {
+        if (!strcmp(argv[aindex], "-b7")) {
+            dump = &beta7_version;
+        } else if (!strcmp(argv[aindex], "-ov")) {
+            fprintf(stderr, _("OV dump format not supported\n"));
+            goto error;
+        } else if (!strcmp(argv[aindex], "-r13")) {
+            dump = &r1_3_version;
+        } else if (!strcmp(argv[aindex], "-r18")) {
+            dump = &r1_8_version;
+        } else if (!strncmp(argv[aindex], "-i", 2)) {
+            /* Intentionally undocumented - only used by kadmin. */
+            if (log_ctx && log_ctx->iproprole) {
+                /* ipropx_version is the maximum version acceptable. */
+                ipropx_version = atoi(argv[aindex] + 2);
+                dump = ipropx_version ? &ipropx_1_version : &iprop_version;
+                /*
+                 * dump_sno is used to indicate if the serial number should be
+                 * populated in the output file to be used later by iprop for
+                 * updating the replica's update log when loading.
+                 */
+                dump_sno = TRUE;
+                /* FLAG_OMIT_NRA is set to indicate that non-replicated
+                 * attributes should be omitted. */
+                args.omit_nra = TRUE;
+            } else {
+                fprintf(stderr, _("Iprop not enabled\n"));
+                goto error;
+            }
+        } else if (!strcmp(argv[aindex], "-c")) {
+            conditional = 1;
+        } else if (!strcmp(argv[aindex], "-verbose")) {
+            args.verbose = TRUE;
+        } else if (!strcmp(argv[aindex], "-mkey_convert")) {
+            mkey_convert = 1;
+        } else if (!strcmp(argv[aindex], "-new_mkey_file")) {
+            new_mkey_file = argv[++aindex];
+            mkey_convert = 1;
+        } else if (!strcmp(argv[aindex], "-rev")) {
+            iterflags |= KRB5_DB_ITER_REV;
+        } else if (!strcmp(argv[aindex], "-recurse")) {
+            iterflags |= KRB5_DB_ITER_RECURSE;
+        } else {
+            break;
+        }
+    }
+
+    args.names = NULL;
+    args.nnames = 0;
+    if (aindex < argc) {
+        ofile = argv[aindex];
+        aindex++;
+        if (aindex < argc) {
+            args.names = &argv[aindex];
+            args.nnames = argc - aindex;
+        }
+    }
+
+    /* If a conditional ipropx dump we check if the existing dump is
+     * good enough. */
+    if (ofile != NULL && conditional) {
+        if (!dump->iprop) {
+            com_err(progname, 0,
+                    _("Conditional dump is an undocumented option for "
+                      "use only for iprop dumps"));
+            goto error;
+        }
+        if (current_dump_sno_in_ulog(util_context, ofile))
+            return;
+    }
+
+    /*
+     * Make sure the database is open.  The policy database only has
+     * to be opened if we try a dump that uses it.
+     */
+    if (!dbactive) {
+        com_err(progname, 0, _("Database not currently opened!"));
+        goto error;
+    }
+
+    /*
+     * If we're doing a master key conversion, set up for it.
+     */
+    if (mkey_convert) {
+        if (!valid_master_key) {
+            /* TRUE here means read the keyboard, but only once */
+            retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                        master_keyblock.enctype, TRUE, FALSE,
+                                        NULL, NULL, NULL, &master_keyblock);
+            if (retval) {
+                com_err(progname, retval, _("while reading master key"));
+                exit(1);
+            }
+            retval = krb5_db_fetch_mkey_list(util_context, master_princ,
+                                             &master_keyblock);
+            if (retval) {
+                com_err(progname, retval, _("while verifying master key"));
+                exit(1);
+            }
+        }
+        new_master_keyblock.enctype = global_params.enctype;
+        if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
+            new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+
+        if (new_mkey_file) {
+            if (global_params.mask & KADM5_CONFIG_KVNO)
+                kt_kvno = global_params.kvno;
+            else
+                kt_kvno = IGNORE_VNO;
+
+            retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                        new_master_keyblock.enctype, FALSE,
+                                        FALSE, new_mkey_file, &kt_kvno, NULL,
+                                        &new_master_keyblock);
+            if (retval) {
+                com_err(progname, retval, _("while reading new master key"));
+                exit(1);
+            }
+        } else {
+            printf(_("Please enter new master key....\n"));
+            retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                        new_master_keyblock.enctype, TRUE,
+                                        TRUE, NULL, NULL, NULL,
+                                        &new_master_keyblock);
+            if (retval) {
+                com_err(progname, retval, _("while reading new master key"));
+                exit(1);
+            }
+        }
+        /* Get new master key vno that will be used to protect princs. */
+        new_mkvno = get_next_kvno(util_context, master_entry);
+    }
+
+    ret = 0;
+
+    if (ofile != NULL && strcmp(ofile, "-")) {
+        /* Discourage accidental dumping to filenames beginning with '-'. */
+        if (ofile[0] == '-')
+            usage();
+        if (!prep_ok_file(util_context, ofile, &ok_fd))
+            return;             /* prep_ok_file() bumps exit_status */
+        f = create_ofile(ofile, &tmpofile);
+        if (f == NULL) {
+            com_err(progname, errno, _("while opening %s for writing"), ofile);
+            goto error;
+        }
+    } else {
+        f = stdout;
+    }
+
+    args.ofile = f;
+    args.context = util_context;
+    args.dump = dump;
+    fprintf(args.ofile, "%s", dump->header);
+
+    if (dump_sno) {
+        ret = ulog_get_last(util_context, &last);
+        if (ret) {
+            com_err(progname, ret, _("while reading update log header"));
+            goto error;
+        }
+        if (ipropx_version)
+            fprintf(f, " %u", IPROPX_VERSION);
+        fprintf(f, " %u", last.last_sno);
+        fprintf(f, " %u", last.last_time.seconds);
+        fprintf(f, " %u", last.last_time.useconds);
+    }
+
+    if (dump->header[strlen(dump->header)-1] != '\n')
+        fputc('\n', args.ofile);
+
+    ret = krb5_db_iterate(util_context, NULL, dump_iterator, &args, iterflags);
+    if (ret) {
+        com_err(progname, ret, _("performing %s dump"), dump->name);
+        goto error;
+    }
+
+    /* Don't dump policies if specific principal entries were requested. */
+    if (dump->dump_policy != NULL && args.nnames == 0) {
+        ret = krb5_db_iter_policy(util_context, "*", dump->dump_policy, &args);
+        if (ret) {
+            com_err(progname, ret, _("performing %s dump"), dump->name);
+            goto error;
+        }
+    }
+
+    if (f != stdout) {
+        fclose(f);
+        finish_ofile(ofile, &tmpofile);
+        update_ok_file(util_context, ok_fd);
+    }
+    return;
+
+error:
+    if (tmpofile != NULL)
+        unlink(tmpofile);
+    free(tmpofile);
+    exit_status++;
+}
+
+/* Restore the database from any version dump file. */
+static int
+restore_dump(krb5_context context, char *dumpfile, FILE *f,
+             krb5_boolean verbose, dump_version *dump)
+{
+    int err = 0;
+    int lineno = 1;
+
+    /* Process the records. */
+    while (!(err = dump->load_record(context, dumpfile, f, verbose, &lineno)));
+    if (err != -1) {
+        fprintf(stderr, _("%s: error processing line %d of %s\n"), progname,
+                lineno, dumpfile);
+        return err;
+    }
+    return 0;
+}
+
+void
+load_db(int argc, char **argv)
+{
+    krb5_error_code ret;
+    FILE *f = NULL;
+    char *dumpfile = NULL, *dbname, buf[BUFSIZ];
+    dump_version *load = NULL;
+    int aindex;
+    kdb_log_context *log_ctx;
+    kdb_last_t last;
+    krb5_boolean db_locked = FALSE, temp_db_created = FALSE;
+    krb5_boolean verbose = FALSE, update = FALSE, iprop_load = FALSE;
+
+    /* Parse the arguments. */
+    dbname = global_params.dbname;
+    exit_status = 0;
+    log_ctx = util_context->kdblog_context;
+
+    for (aindex = 1; aindex < argc; aindex++) {
+        if (!strcmp(argv[aindex], "-b7")){
+            load = &beta7_version;
+        } else if (!strcmp(argv[aindex], "-ov")) {
+            fprintf(stderr, _("OV dump format not supported\n"));
+            goto error;
+        } else if (!strcmp(argv[aindex], "-r13")) {
+            load = &r1_3_version;
+        } else if (!strcmp(argv[aindex], "-r18")){
+            load = &r1_8_version;
+        } else if (!strcmp(argv[aindex], "-i")) {
+            /* Intentionally undocumented - only used by kadmin. */
+            if (log_ctx && log_ctx->iproprole) {
+                load = &iprop_version;
+                iprop_load = TRUE;
+            } else {
+                fprintf(stderr, _("Iprop not enabled\n"));
+                goto error;
+            }
+        } else if (!strcmp(argv[aindex], "-verbose")) {
+            verbose = TRUE;
+        } else if (!strcmp(argv[aindex], "-update")){
+            update = TRUE;
+        } else if (!strcmp(argv[aindex], "-hash")) {
+            if (!add_db_arg("hash=true")) {
+                com_err(progname, ENOMEM, _("while parsing options"));
+                goto error;
+            }
+        } else {
+            break;
+        }
+    }
+    if (argc - aindex != 1)
+        usage();
+    dumpfile = argv[aindex];
+
+    /* Open the dumpfile. */
+    if (dumpfile != NULL) {
+        f = fopen(dumpfile, "r");
+        if (f == NULL) {
+            com_err(progname, errno, _("while opening %s"), dumpfile);
+            goto error;
+        }
+    } else {
+        f = stdin;
+        dumpfile = _("standard input");
+    }
+
+    /* Auto-detect dump version if we weren't told, or verify if we were. */
+    if (fgets(buf, sizeof(buf), f) == NULL) {
+        fprintf(stderr, _("%s: can't read dump header in %s\n"), progname,
+                dumpfile);
+        goto error;
+    }
+    if (load) {
+        /* Only check what we know; some headers only contain a prefix.
+         * NB: this should work for ipropx even though load is iprop */
+        if (strncmp(buf, load->header, strlen(load->header)) != 0) {
+            fprintf(stderr, _("%s: dump header bad in %s\n"), progname,
+                    dumpfile);
+            goto error;
+        }
+    } else {
+        if (strcmp(buf, beta7_version.header) == 0) {
+            load = &beta7_version;
+        } else if (strcmp(buf, r1_3_version.header) == 0) {
+            load = &r1_3_version;
+        } else if (strcmp(buf, r1_8_version.header) == 0) {
+            load = &r1_8_version;
+        } else if (strcmp(buf, r1_11_version.header) == 0) {
+            load = &r1_11_version;
+        } else {
+            fprintf(stderr, _("%s: dump header bad in %s\n"), progname,
+                    dumpfile);
+            goto error;
+        }
+    }
+
+    if (global_params.iprop_enabled &&
+        ulog_map(util_context, global_params.iprop_logfile,
+                 global_params.iprop_ulogsize)) {
+        fprintf(stderr, _("Could not open iprop ulog\n"));
+        goto error;
+    }
+
+    if (load->updateonly && !update) {
+        fprintf(stderr, _("%s: dump version %s can only be loaded with the "
+                          "-update flag\n"), progname, load->name);
+        goto error;
+    }
+
+    /* If we are not in update mode, we create an alternate database and then
+     * promote it to be the live db. */
+    if (!update) {
+        if (!add_db_arg("temporary")) {
+            com_err(progname, ENOMEM, _("computing parameters for database"));
+            goto error;
+        }
+
+        if (iprop_load && !add_db_arg("merge_nra")) {
+            com_err(progname, ENOMEM, _("computing parameters for database"));
+            goto error;
+        }
+
+        ret = krb5_db_create(util_context, db5util_db_args);
+        if (ret) {
+            com_err(progname, ret, _("while creating database"));
+            goto error;
+        }
+        temp_db_created = TRUE;
+    } else {
+        /* Initialize the database. */
+        ret = krb5_db_open(util_context, db5util_db_args,
+                           KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
+        if (ret) {
+            com_err(progname, ret, _("while opening database"));
+            goto error;
+        }
+
+        /* Make sure the db is left unusable if the update fails, if the db
+         * supports locking. */
+        ret = krb5_db_lock(util_context, KRB5_DB_LOCKMODE_PERMANENT);
+        if (ret == 0) {
+            db_locked = TRUE;
+        } else if (ret != KRB5_PLUGIN_OP_NOTSUPP) {
+            com_err(progname, ret, _("while permanently locking database"));
+            goto error;
+        }
+    }
+
+    if (log_ctx != NULL && log_ctx->iproprole && !update) {
+        /* Don't record updates we are making to the temporary DB.  We will
+         * reinitialize or update the ulog header after promoting it. */
+        log_ctx->iproprole = IPROP_REPLICA;
+        if (iprop_load) {
+            /* Parse the iprop header information. */
+            if (!parse_iprop_header(buf, &load, &last))
+                goto error;
+        }
+    }
+
+    if (restore_dump(util_context, dumpfile ? dumpfile : _("standard input"),
+                     f, verbose, load)) {
+        fprintf(stderr, _("%s: %s restore failed\n"), progname, load->name);
+        goto error;
+    }
+
+    if (db_locked && (ret = krb5_db_unlock(util_context))) {
+        com_err(progname, ret, _("while unlocking database"));
+        goto error;
+    }
+
+    if (!update) {
+        /* Initialize the ulog header before promoting so we can't leave behind
+         * the pre-load ulog state if we are killed just after promoting. */
+        if (log_ctx != NULL && log_ctx->iproprole) {
+            ret = ulog_init_header(util_context);
+            if (ret) {
+                com_err(progname, ret, _("while reinitializing update log"));
+                goto error;
+            }
+        }
+
+        ret = krb5_db_promote(util_context, db5util_db_args);
+        /* Ignore a not supported error since there is nothing to do about it
+         * anyway. */
+        if (ret != 0 && ret != KRB5_PLUGIN_OP_NOTSUPP) {
+            com_err(progname, ret,
+                    _("while making newly loaded database live"));
+            goto error;
+        }
+
+        if (log_ctx != NULL && log_ctx->iproprole) {
+            /* Reinitialize the ulog header since we replaced the DB, and
+             * record the iprop state if we received it. */
+            ret = ulog_init_header(util_context);
+            if (ret) {
+                com_err(progname, ret, _("while reinitializing update log"));
+                goto error;
+            }
+            if (iprop_load) {
+                ret = ulog_set_last(util_context, &last);
+                if (ret) {
+                    com_err(progname, ret,
+                            _("while writing update log header"));
+                    goto error;
+                }
+            }
+        }
+    }
+
+cleanup:
+    /* If we created a temporary DB but didn't succeed, destroy it. */
+    if (exit_status && temp_db_created) {
+        ret = krb5_db_destroy(util_context, db5util_db_args);
+        /* Ignore a not supported error since there is nothing to do about
+         * it anyway. */
+        if (ret != 0 && ret != KRB5_PLUGIN_OP_NOTSUPP) {
+            com_err(progname, ret, _("while deleting bad database %s"),
+                    dbname);
+        }
+    }
+
+    if (f != NULL && f != stdin)
+        fclose(f);
+
+    return;
+
+error:
+    exit_status++;
+    goto cleanup;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/import_err.et b/krb5-1.21.3/src/kadmin/dbutil/import_err.et
new file mode 100644
index 00000000..48bb8fb9
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/import_err.et
@@ -0,0 +1,22 @@
+error_table imp
+error_code IMPORT_BAD_FILE,	    "Input not recognized as database dump"
+error_code IMPORT_BAD_TOKEN,	    "Bad token in dump file."
+error_code IMPORT_BAD_VERSION,	    "Bad version in dump file"
+error_code IMPORT_BAD_RECORD,	    "Defective record encountered: "
+error_code IMPORT_BAD_FOOTER,	    "Truncated input file detected."
+error_code IMPORT_FAILED,	    "Import of dump failed"
+error_code IMPORT_MISMATCH_COUNT,   "Number of records imported does not match count"
+error_code IMPORT_UNK_OPTION,	    "Unknown command line option.\nUsage: ovsec_adm_import [filename]"
+error_code IMPORT_WARN_DB,	    "Warning -- continuing to import will overwrite existing databases!"
+error_code IMPORT_RENAME_FAILED,    "Database rename Failed!!"
+error_code IMPORT_EXTRA_DATA,	    "Extra data after footer is ignored."
+error_code IMPORT_CONFIRM,	    "Proceed <y|n>?"
+error_code IMPORT_OPEN_DUMP,	    "while opening input file"
+error_code IMPORT_IMPORT,	    "while importing databases"
+error_code IMPORT_TTY,		    "cannot open /dev/tty!!"
+error_code IMPORT_RENAME_OPEN,	    "while opening databases"
+error_code IMPORT_RENAME_LOCK,	    "while acquiring permanent lock"
+error_code IMPORT_RENAME_UNLOCK,    "while releasing permanent lock"
+error_code IMPORT_RENAME_CLOSE,	    "while closing databases"
+error_code IMPORT_GET_PARAMS,	    "while retrieving configuration parameters"
+end
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kadm5_create.c b/krb5-1.21.3/src/kadmin/dbutil/kadm5_create.c
new file mode 100644
index 00000000..db12cac3
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kadm5_create.c
@@ -0,0 +1,225 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Source$
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <k5-int.h>
+#include <ctype.h>
+#include <kdb.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+
+#include "fake-addrinfo.h"
+
+
+#include <krb5.h>
+#include <kdb.h>
+#include "kdb5_util.h"
+
+static int add_admin_princ(void *handle, krb5_context context,
+                           char *name, char *realm, int attrs, int lifetime);
+static int add_admin_princs(void *handle, krb5_context context, char *realm);
+
+#define ERR 1
+#define OK 0
+
+#define ADMIN_LIFETIME 60*60*3 /* 3 hours */
+#define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
+
+/*
+ * Function: kadm5_create
+ *
+ * Purpose: create admin principals in KDC database
+ *
+ * Arguments:   params  (r) configuration parameters to use
+ *
+ * Effects:  Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE
+ * principals in the KDC database and sets their attributes
+ * appropriately.
+ */
+int kadm5_create(kadm5_config_params *params)
+{
+    int retval;
+    kadm5_config_params lparams;
+
+    /*
+     * The lock file has to exist before calling kadm5_init, but
+     * params->admin_lockfile may not be set yet...
+     */
+    retval = kadm5_get_config_params(util_context, 1, params, &lparams);
+    if (retval) {
+        com_err(progname, retval, _("while looking up the Kerberos "
+                                    "configuration"));
+        return 1;
+    }
+
+    retval = kadm5_create_magic_princs(&lparams, util_context);
+
+    kadm5_free_config_params(util_context, &lparams);
+
+    return retval;
+}
+
+int kadm5_create_magic_princs(kadm5_config_params *params,
+                              krb5_context context)
+{
+    int retval;
+    void *handle;
+
+    retval = krb5_klog_init(context, "admin_server", progname, 0);
+    if (retval)
+        return retval;
+    if ((retval = kadm5_init(context, progname, NULL, NULL, params,
+                             KADM5_STRUCT_VERSION,
+                             KADM5_API_VERSION_4,
+                             db5util_db_args,
+                             &handle))) {
+        com_err(progname, retval, _("while initializing the Kerberos admin "
+                                    "interface"));
+        return retval;
+    }
+
+    retval = add_admin_princs(handle, context, params->realm);
+
+    kadm5_destroy(handle);
+
+    krb5_klog_close(context);
+
+    return retval;
+}
+
+/*
+ * Function: add_admin_princs
+ *
+ * Purpose: create admin principals
+ *
+ * Arguments:
+ *
+ *      rseed           (input) random seed
+ *      realm           (input) realm, or NULL for default realm
+ *      <return value>  (output) status, 0 for success, 1 for serious error
+ *
+ * Requires:
+ *
+ * Effects:
+ *
+ * add_admin_princs creates KADM5_ADMIN_SERVICE,
+ * KADM5_CHANGEPW_SERVICE.  If any of these exist a message is
+ * printed.  If any of these existing principal do not have the proper
+ * attributes, a warning message is printed.
+ */
+static int add_admin_princs(void *handle, krb5_context context, char *realm)
+{
+    krb5_error_code ret = 0;
+
+    if ((ret = add_admin_princ(handle, context,
+                               KADM5_ADMIN_SERVICE, realm,
+                               KRB5_KDB_DISALLOW_TGT_BASED |
+                               KRB5_KDB_LOCKDOWN_KEYS,
+                               ADMIN_LIFETIME)))
+        return ret;
+
+    return add_admin_princ(handle, context, KADM5_CHANGEPW_SERVICE, realm,
+                           KRB5_KDB_DISALLOW_TGT_BASED |
+                           KRB5_KDB_PWCHANGE_SERVICE | KRB5_KDB_LOCKDOWN_KEYS,
+                           CHANGEPW_LIFETIME);
+}
+
+/*
+ * Function: add_admin_princ
+ *
+ * Arguments:
+ *
+ *      creator         (r) principal to use as "mod_by"
+ *      rseed           (r) seed for random key generator
+ *      name            (r) principal name
+ *      realm           (r) realm name for principal
+ *      attrs           (r) principal's attributes
+ *      lifetime        (r) principal's max life, or 0
+ *      not_unique      (r) error message for multiple entries, never used
+ *      exists          (r) warning message for principal exists
+ *      wrong_attrs     (r) warning message for wrong attributes
+ *
+ * Returns:
+ *
+ *      OK on success
+ *      ERR on serious errors
+ *
+ * Effects:
+ *
+ * If the principal is not unique, not_unique is printed (but this
+ * never happens).  If the principal exists, then exists is printed
+ * and if the principals attributes != attrs, wrong_attrs is printed.
+ * Otherwise, the principal is created with mod_by creator and
+ * attributes attrs and max life of lifetime (if not zero).
+ */
+
+int add_admin_princ(void *handle, krb5_context context,
+                    char *name, char *realm, int attrs, int lifetime)
+{
+    char *fullname = NULL;
+    krb5_error_code ret;
+    kadm5_principal_ent_rec ent;
+    long flags;
+    int fret;
+
+    memset(&ent, 0, sizeof(ent));
+
+    if (asprintf(&fullname, "%s@%s", name, realm) < 0) {
+        com_err(progname, ENOMEM, _("while appending realm to principal"));
+        fret = ERR;
+        goto cleanup;
+    }
+    ret = krb5_parse_name(context, fullname, &ent.principal);
+    if (ret) {
+        com_err(progname, ret, _("while parsing admin principal name"));
+        fret = ERR;
+        goto cleanup;
+    }
+    ent.max_life = lifetime;
+    ent.attributes = attrs;
+
+    flags = KADM5_PRINCIPAL | KADM5_ATTRIBUTES;
+    if (lifetime)
+        flags |= KADM5_MAX_LIFE;
+    ret = kadm5_create_principal(handle, &ent, flags, NULL);
+    if (ret && ret != KADM5_DUP) {
+        com_err(progname, ret, _("while creating principal %s"), fullname);
+        fret = ERR;
+        goto cleanup;
+    }
+
+    fret = OK;
+cleanup:
+    krb5_free_principal(context, ent.principal);
+    free(fullname);
+    return fret;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c b/krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c
new file mode 100644
index 00000000..038a0b21
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c
@@ -0,0 +1,478 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/dbutil/kdb5_create.c - Create a KDC database */
+/*
+ * Copyright 1990,1991,2001, 2002, 2008 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include <k5-int.h>
+#include <kdb.h>
+#include <kadm5/server_internal.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include "kdb5_util.h"
+
+enum ap_op {
+    NULL_KEY,                           /* setup null keys */
+    MASTER_KEY,                         /* use master key as new key */
+    TGT_KEY                             /* special handling for tgt key */
+};
+
+struct realm_info {
+    krb5_deltat max_life;
+    krb5_deltat max_rlife;
+    krb5_timestamp expiration;
+    krb5_flags flags;
+    krb5_keyblock *key;
+    krb5_int32 nkslist;
+    krb5_key_salt_tuple *kslist;
+} rblock;
+
+struct iterate_args {
+    krb5_context        ctx;
+    struct realm_info   *rblock;
+    krb5_db_entry       *dbentp;
+};
+
+static krb5_error_code add_principal
+(krb5_context,
+ krb5_principal,
+ enum ap_op,
+ struct realm_info *);
+
+/*
+ * Steps in creating a database:
+ *
+ * 1) use the db calls to open/create a new database
+ *
+ * 2) get a realm name for the new db
+ *
+ * 3) get a master password for the new db; convert to an encryption key.
+ *
+ * 4) create various required entries in the database
+ *
+ * 5) close & exit
+ */
+
+extern krb5_keyblock master_keyblock;
+extern krb5_principal master_princ;
+extern char *mkey_fullname;
+krb5_data master_salt;
+
+krb5_data tgt_princ_entries[] = {
+    {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
+    {0, 0, 0} };
+
+krb5_data db_creator_entries[] = {
+    {0, sizeof("db_creation")-1, "db_creation"} };
+
+/* XXX knows about contents of krb5_principal, and that tgt names
+   are of form TGT/REALM@REALM */
+krb5_principal_data tgt_princ = {
+    0,                                      /* magic number */
+    {0, 0, 0},                              /* krb5_data realm */
+    tgt_princ_entries,                      /* krb5_data *data */
+    2,                                      /* int length */
+    KRB5_NT_SRV_INST                        /* int type */
+};
+
+krb5_principal_data db_create_princ = {
+    0,                                      /* magic number */
+    {0, 0, 0},                              /* krb5_data realm */
+    db_creator_entries,                     /* krb5_data *data */
+    1,                                      /* int length */
+    KRB5_NT_SRV_INST                        /* int type */
+};
+
+extern char *mkey_password;
+
+extern char *progname;
+extern int exit_status;
+extern kadm5_config_params global_params;
+extern krb5_context util_context;
+
+void kdb5_create(argc, argv)
+    int argc;
+    char *argv[];
+{
+    int optchar;
+
+    krb5_error_code retval;
+    char *pw_str = 0;
+    unsigned int pw_size = 0;
+    int do_stash = 0;
+    krb5_data pwd, seed;
+    kdb_log_context *log_ctx;
+    krb5_kvno mkey_kvno;
+
+    while ((optchar = getopt(argc, argv, "sW")) != -1) {
+        switch(optchar) {
+        case 's':
+            do_stash++;
+            break;
+        case 'W':
+            /* Ignore (deprecated weak random option). */
+            break;
+        case '?':
+        default:
+            usage();
+            return;
+        }
+    }
+
+    rblock.max_life = global_params.max_life;
+    rblock.max_rlife = global_params.max_rlife;
+    rblock.expiration = global_params.expiration;
+    rblock.flags = global_params.flags;
+    rblock.nkslist = global_params.num_keysalts;
+    rblock.kslist = global_params.keysalts;
+
+    log_ctx = util_context->kdblog_context;
+
+    /* assemble & parse the master key name */
+
+    if ((retval = krb5_db_setup_mkey_name(util_context,
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          &mkey_fullname, &master_princ))) {
+        com_err(progname, retval, _("while setting up master key name"));
+        exit_status++; return;
+    }
+
+    krb5_princ_set_realm_data(util_context, &db_create_princ, global_params.realm);
+    krb5_princ_set_realm_length(util_context, &db_create_princ, strlen(global_params.realm));
+    krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
+    krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
+    krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
+    krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
+
+    printf(_("Initializing database '%s' for realm '%s',\n"
+             "master key name '%s'\n"),
+           global_params.dbname, global_params.realm, mkey_fullname);
+
+    if (!mkey_password) {
+        printf(_("You will be prompted for the database Master Password.\n"));
+        printf(_("It is important that you NOT FORGET this password.\n"));
+        fflush(stdout);
+
+        pw_size = 1024;
+        pw_str = malloc(pw_size);
+        if (pw_str == NULL) {
+            com_err(progname, ENOMEM, _("while creating new master key"));
+            exit_status++; return;
+        }
+
+        retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
+                                    pw_str, &pw_size);
+        if (retval) {
+            com_err(progname, retval,
+                    _("while reading master key from keyboard"));
+            exit_status++; return;
+        }
+        mkey_password = pw_str;
+    }
+
+    pwd.data = mkey_password;
+    pwd.length = strlen(mkey_password);
+    retval = krb5_principal2salt(util_context, master_princ, &master_salt);
+    if (retval) {
+        com_err(progname, retval, _("while calculating master key salt"));
+        exit_status++; return;
+    }
+
+    retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
+                                  &pwd, &master_salt, &master_keyblock);
+    if (retval) {
+        com_err(progname, retval,
+                _("while transforming master key from password"));
+        exit_status++; return;
+    }
+
+    rblock.key = &master_keyblock;
+
+    seed = make_data(master_keyblock.contents, master_keyblock.length);
+
+    if ((retval = krb5_c_random_seed(util_context, &seed))) {
+        com_err(progname, retval,
+                _("while initializing random key generator"));
+        exit_status++; return;
+    }
+    if ((retval = krb5_db_create(util_context,
+                                 db5util_db_args))) {
+        com_err(progname, retval, _("while creating database '%s'"),
+                global_params.dbname);
+        exit_status++; return;
+    }
+/*     if ((retval = krb5_db_fini(util_context))) { */
+/*         com_err(progname, retval, "while closing current database"); */
+/*         exit_status++; return; */
+/*     } */
+/*     if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */
+/*      com_err(progname, retval, "while initializing the database '%s'", */
+/*              global_params.dbname); */
+/*      exit_status++; return; */
+/*     } */
+
+    if (log_ctx && log_ctx->iproprole) {
+        retval = ulog_map(util_context, global_params.iprop_logfile,
+                          global_params.iprop_ulogsize);
+        if (retval) {
+            com_err(argv[0], retval, _("while creating update log"));
+            exit_status++;
+            return;
+        }
+
+        /*
+         * We're reinitializing the update log in case one already
+         * existed, but this should never happen.
+         */
+        retval = ulog_init_header(util_context);
+        if (retval) {
+            com_err(argv[0], retval, _("while initializing update log"));
+            exit_status++;
+            return;
+        }
+
+        /*
+         * Since we're creating a new db we shouldn't worry about
+         * adding the initial principals since any replica might as
+         * well do full resyncs from this newly created db.
+         */
+        log_ctx->iproprole = IPROP_NULL;
+    }
+
+    if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
+        (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+        com_err(progname, retval, _("while adding entries to the database"));
+        exit_status++; return;
+    }
+
+
+
+    /*
+     * Always stash the master key so kadm5_create does not prompt for
+     * it; delete the file below if it was not requested.  DO NOT EXIT
+     * BEFORE DELETING THE KEYFILE if do_stash is not set.
+     */
+
+    /*
+     * Determine the kvno to use, it must be that used to create the master key
+     * princ.
+     */
+    if (global_params.mask & KADM5_CONFIG_KVNO)
+        mkey_kvno = global_params.kvno; /* user specified */
+    else
+        mkey_kvno = 1;  /* Default */
+
+    retval = krb5_db_store_master_key(util_context,
+                                      global_params.stash_file,
+                                      master_princ,
+                                      mkey_kvno,
+                                      &master_keyblock,
+                                      mkey_password);
+    if (retval) {
+        com_err(progname, retval, _("while storing key"));
+        printf(_("Warning: couldn't stash master key.\n"));
+    }
+    /* clean up */
+    zapfree(pw_str, pw_size);
+    free(master_salt.data);
+
+    if (kadm5_create(&global_params)) {
+        if (!do_stash) unlink(global_params.stash_file);
+        exit_status++;
+        return;
+    }
+    if (!do_stash) unlink(global_params.stash_file);
+
+    return;
+}
+
+static krb5_error_code
+tgt_keysalt_iterate(ksent, ptr)
+    krb5_key_salt_tuple *ksent;
+    krb5_pointer        ptr;
+{
+    krb5_context        context;
+    krb5_error_code     kret;
+    struct iterate_args *iargs;
+    krb5_keyblock       key;
+    krb5_int32          ind;
+    krb5_data   pwd;
+
+    iargs = (struct iterate_args *) ptr;
+    kret = 0;
+
+    context = iargs->ctx;
+
+    /*
+     * Convert the master key password into a key for this particular
+     * encryption system.
+     */
+    pwd.data = mkey_password;
+    pwd.length = strlen(mkey_password);
+    kret = krb5_c_random_seed(context, &pwd);
+    if (kret)
+        return kret;
+
+    if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {
+        ind = iargs->dbentp->n_key_data-1;
+        if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
+                                            &key))) {
+            kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key,
+                                             &key, NULL, 1,
+                                             &iargs->dbentp->key_data[ind]);
+            krb5_free_keyblock_contents(context, &key);
+        }
+    }
+
+    return(kret);
+}
+
+static krb5_error_code
+add_principal(context, princ, op, pblock)
+    krb5_context context;
+    krb5_principal princ;
+    enum ap_op op;
+    struct realm_info *pblock;
+{
+    krb5_error_code       retval;
+    krb5_db_entry         *entry = NULL;
+    krb5_kvno             mkey_kvno;
+    krb5_timestamp        now;
+    struct iterate_args   iargs;
+    krb5_actkvno_node     actkvno;
+
+    entry = calloc(1, sizeof(*entry));
+    if (entry == NULL)
+        return ENOMEM;
+
+    entry->len = KRB5_KDB_V1_BASE_LENGTH;
+    entry->attributes = pblock->flags;
+    entry->max_life = pblock->max_life;
+    entry->max_renewable_life = pblock->max_rlife;
+    entry->expiration = pblock->expiration;
+
+    if ((retval = krb5_copy_principal(context, princ, &entry->princ)))
+        goto cleanup;
+
+    if ((retval = krb5_timeofday(context, &now)))
+        goto cleanup;
+
+    if ((retval = krb5_dbe_update_mod_princ_data(context, entry,
+                                                 now, &db_create_princ)))
+        goto cleanup;
+
+    switch (op) {
+    case MASTER_KEY:
+        if ((entry->key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
+            == NULL)
+            goto cleanup;
+        memset(entry->key_data, 0, sizeof(krb5_key_data));
+        entry->n_key_data = 1;
+
+        if (global_params.mask & KADM5_CONFIG_KVNO)
+            mkey_kvno = global_params.kvno; /* user specified */
+        else
+            mkey_kvno = 1;  /* Default */
+        entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+        if ((retval = krb5_dbe_encrypt_key_data(context, pblock->key,
+                                                &master_keyblock, NULL,
+                                                mkey_kvno, entry->key_data)))
+            goto cleanup;
+        /*
+         * There should always be at least one "active" mkey so creating the
+         * KRB5_TL_ACTKVNO entry now so the initial mkey is active.
+         */
+        actkvno.next = NULL;
+        actkvno.act_kvno = mkey_kvno;
+        /* earliest possible time in case system clock is set back */
+        actkvno.act_time = 0;
+        if ((retval = krb5_dbe_update_actkvno(context, entry, &actkvno)))
+            goto cleanup;
+
+        /* so getprinc shows the right kvno */
+        if ((retval = krb5_dbe_update_mkvno(context, entry, mkey_kvno)))
+            goto cleanup;
+
+        break;
+    case TGT_KEY:
+        iargs.ctx = context;
+        iargs.rblock = pblock;
+        iargs.dbentp = entry;
+        /*
+         * Iterate through the key/salt list, ignoring salt types.
+         */
+        if ((retval = krb5_keysalt_iterate(pblock->kslist,
+                                           pblock->nkslist,
+                                           1,
+                                           tgt_keysalt_iterate,
+                                           (krb5_pointer) &iargs)))
+            goto cleanup;
+        break;
+    case NULL_KEY:
+        retval = EOPNOTSUPP;
+        goto cleanup;
+    default:
+        break;
+    }
+
+    entry->mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+                   KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA |
+                   KADM5_PRINC_EXPIRE_TIME);
+    entry->attributes |= KRB5_KDB_LOCKDOWN_KEYS;
+
+    retval = krb5_db_put_principal(context, entry);
+
+cleanup:
+    krb5_db_free_principal(context, entry);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kdb5_destroy.c b/krb5-1.21.3/src/kadmin/dbutil/kdb5_destroy.c
new file mode 100644
index 00000000..fffce742
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kdb5_destroy.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/dbutil/kdb5_destroy.c - Destroy a KDC database */
+/*
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include "com_err.h"
+#include <kadm5/admin.h>
+#include <kdb.h>
+#include "kdb5_util.h"
+
+extern int exit_status;
+extern krb5_boolean dbactive;
+extern kadm5_config_params global_params;
+
+char *yes = "yes\n";                    /* \n to compare against result of
+                                           fgets */
+
+void
+kdb5_destroy(argc, argv)
+    int argc;
+    char *argv[];
+{
+    extern int optind;
+    int optchar;
+    char *dbname;
+    char buf[5];
+    krb5_error_code retval1;
+    int force = 0;
+
+    dbname = global_params.dbname;
+
+    optind = 1;
+    while ((optchar = getopt(argc, argv, "f")) != -1) {
+        switch(optchar) {
+        case 'f':
+            force++;
+            break;
+        case '?':
+        default:
+            usage();
+            return;
+            /*NOTREACHED*/
+        }
+    }
+    if (!force) {
+        printf(_("Deleting KDC database stored in '%s', are you sure?\n"),
+               dbname);
+        printf(_("(type 'yes' to confirm)? "));
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++; return;
+        }
+        if (strcmp(buf, yes)) {
+            exit_status++; return;
+        }
+        printf(_("OK, deleting database '%s'...\n"), dbname);
+    }
+
+    retval1 = krb5_db_destroy(util_context, db5util_db_args);
+    if (retval1) {
+        com_err(progname, retval1, _("deleting database '%s'"), dbname);
+        exit_status++; return;
+    }
+
+    if (global_params.iprop_enabled) {
+        (void) unlink(global_params.iprop_logfile);
+    }
+
+    dbactive = FALSE;
+    printf(_("** Database '%s' destroyed.\n"), dbname);
+    return;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c b/krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c
new file mode 100644
index 00000000..aceb0a9b
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c
@@ -0,0 +1,1334 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include <k5-int.h>
+#include <kdb.h>
+#include <kadm5/server_internal.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include "kdb5_util.h"
+#include <time.h>
+
+#if defined(HAVE_COMPILE) && defined(HAVE_STEP)
+#define SOLARIS_REGEXPS
+#elif defined(HAVE_REGCOMP) && defined(HAVE_REGEXEC)
+#define POSIX_REGEXPS
+#elif defined(HAVE_RE_COMP) && defined(HAVE_RE_EXEC)
+#define BSD_REGEXPS
+#else
+#error I cannot find any regexp functions
+#endif
+#ifdef SOLARIS_REGEXPS
+#include        <regexpr.h>
+#endif
+#ifdef POSIX_REGEXPS
+#include        <regex.h>
+#endif
+
+extern krb5_keyblock master_keyblock; /* current mkey */
+extern krb5_kvno   master_kvno;
+extern krb5_principal master_princ;
+extern krb5_data master_salt;
+extern char *mkey_fullname;
+extern char *mkey_password;
+extern char *progname;
+extern int exit_status;
+extern kadm5_config_params global_params;
+extern krb5_context util_context;
+extern time_t get_date(char *);
+
+static const char *
+strdate(krb5_timestamp when)
+{
+    struct tm *tm;
+    static char out[40];
+    time_t lcltim = ts2tt(when);
+
+    tm = localtime(&lcltim);
+    if (tm == NULL ||
+        strftime(out, sizeof(out), "%a %b %d %H:%M:%S %Z %Y", tm) == 0)
+        strlcpy(out, "(error)", sizeof(out));
+    return out;
+}
+
+krb5_kvno
+get_next_kvno(krb5_context context, krb5_db_entry *entry)
+{
+    krb5_kvno new_kvno;
+
+    new_kvno = krb5_db_get_key_data_kvno(context, entry->n_key_data,
+                                         entry->key_data);
+    new_kvno++;
+    /* deal with wrapping */
+    if (new_kvno == 0)
+        new_kvno = 1; /* knvo must not be 0 as this is special value (IGNORE_VNO) */
+
+    return (new_kvno);
+}
+
+krb5_error_code
+add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
+             krb5_keyblock *new_mkey, krb5_kvno use_mkvno)
+{
+    krb5_error_code retval = 0;
+    int old_key_data_count, i;
+    krb5_kvno new_mkey_kvno;
+    krb5_key_data tmp_key_data;
+    krb5_mkey_aux_node  *mkey_aux_data_head = NULL, **mkey_aux_data;
+    krb5_keylist_node  *keylist_node;
+    krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(context);
+
+    /* do this before modifying master_entry key_data */
+    new_mkey_kvno = get_next_kvno(context, master_entry);
+    /* verify the requested mkvno if not 0 is the one that would be used here. */
+    if (use_mkvno != 0 && new_mkey_kvno != use_mkvno)
+        return (KRB5_KDB_KVNONOMATCH);
+
+    old_key_data_count = master_entry->n_key_data;
+
+    /* alloc enough space to hold new and existing key_data */
+    /*
+     * The encrypted key is malloc'ed by krb5_dbe_encrypt_key_data and
+     * krb5_key_data key_data_contents is a pointer to this key.  Using some
+     * logic from master_key_convert().
+     */
+    for (i = 0; i < master_entry->n_key_data; i++)
+        krb5_free_key_data_contents(context, &master_entry->key_data[i]);
+    free(master_entry->key_data);
+    master_entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) *
+                                                      (old_key_data_count + 1));
+    if (master_entry->key_data == NULL)
+        return (ENOMEM);
+
+    memset(master_entry->key_data, 0,
+           sizeof(krb5_key_data) * (old_key_data_count + 1));
+    master_entry->n_key_data = old_key_data_count + 1;
+
+    /* Note, mkey does not have salt */
+    /* add new mkey encrypted with itself to mkey princ entry */
+    if ((retval = krb5_dbe_encrypt_key_data(context, new_mkey, new_mkey, NULL,
+                                            (int) new_mkey_kvno,
+                                            &master_entry->key_data[0]))) {
+        return (retval);
+    }
+    /* the mvkno should be that of the newest mkey */
+    if ((retval = krb5_dbe_update_mkvno(context, master_entry, new_mkey_kvno))) {
+        krb5_free_key_data_contents(context, &master_entry->key_data[0]);
+        return (retval);
+    }
+    /*
+     * Need to decrypt old keys with the current mkey which is in the global
+     * master_keyblock and encrypt those keys with the latest mkey.  And while
+     * the old keys are being decrypted, use those to create the
+     * KRB5_TL_MKEY_AUX entries which store the latest mkey encrypted by one of
+     * the older mkeys.
+     *
+     * The new mkey is followed by existing keys.
+     *
+     * First, set up for creating a krb5_mkey_aux_node list which will be used
+     * to update the mkey aux data for the mkey princ entry.
+     */
+    mkey_aux_data_head = (krb5_mkey_aux_node *) malloc(sizeof(krb5_mkey_aux_node));
+    if (mkey_aux_data_head == NULL) {
+        retval = ENOMEM;
+        goto clean_n_exit;
+    }
+    memset(mkey_aux_data_head, 0, sizeof(krb5_mkey_aux_node));
+    mkey_aux_data = &mkey_aux_data_head;
+
+    for (keylist_node = master_keylist, i = 1; keylist_node != NULL;
+         keylist_node = keylist_node->next, i++) {
+
+        /*
+         * Create a list of krb5_mkey_aux_node nodes.  One node contains the new
+         * mkey encrypted by an old mkey and the old mkey's kvno (one node per
+         * old mkey).
+         */
+        if (*mkey_aux_data == NULL) {
+            /* *mkey_aux_data points to next field of previous node */
+            *mkey_aux_data = (krb5_mkey_aux_node *) malloc(sizeof(krb5_mkey_aux_node));
+            if (*mkey_aux_data == NULL) {
+                retval = ENOMEM;
+                goto clean_n_exit;
+            }
+            memset(*mkey_aux_data, 0, sizeof(krb5_mkey_aux_node));
+        }
+
+        memset(&tmp_key_data, 0, sizeof(tmp_key_data));
+        /* encrypt the new mkey with the older mkey */
+        retval = krb5_dbe_encrypt_key_data(context, &keylist_node->keyblock,
+                                           new_mkey, NULL, (int) new_mkey_kvno,
+                                           &tmp_key_data);
+        if (retval)
+            goto clean_n_exit;
+
+        (*mkey_aux_data)->latest_mkey = tmp_key_data;
+        (*mkey_aux_data)->mkey_kvno = keylist_node->kvno;
+        mkey_aux_data = &((*mkey_aux_data)->next);
+
+        /*
+         * Store old key in master_entry keydata past the new mkey
+         */
+        retval = krb5_dbe_encrypt_key_data(context, new_mkey,
+                                           &keylist_node->keyblock,
+                                           NULL, (int) keylist_node->kvno,
+                                           &master_entry->key_data[i]);
+        if (retval)
+            goto clean_n_exit;
+    }
+    assert(i == old_key_data_count + 1);
+
+    if ((retval = krb5_dbe_update_mkey_aux(context, master_entry,
+                                           mkey_aux_data_head))) {
+        goto clean_n_exit;
+    }
+    master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
+
+clean_n_exit:
+    krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_head);
+    return (retval);
+}
+
+void
+kdb5_add_mkey(int argc, char *argv[])
+{
+    int optchar;
+    krb5_error_code retval;
+    char *pw_str = 0;
+    unsigned int pw_size = 0;
+    int do_stash = 0;
+    krb5_data pwd;
+    krb5_kvno new_mkey_kvno;
+    krb5_keyblock new_mkeyblock;
+    krb5_enctype new_master_enctype = ENCTYPE_UNKNOWN;
+    char *new_mkey_password;
+    krb5_db_entry *master_entry = NULL;
+    krb5_timestamp now;
+
+    /*
+     * The command table entry for this command causes open_db_and_mkey() to be
+     * called first to open the KDB and get the current mkey.
+     */
+
+    memset(&new_mkeyblock, 0, sizeof(new_mkeyblock));
+    master_salt.data = NULL;
+
+    while ((optchar = getopt(argc, argv, "e:s")) != -1) {
+        switch(optchar) {
+        case 'e':
+            if (krb5_string_to_enctype(optarg, &new_master_enctype)) {
+                com_err(progname, EINVAL, _("%s is an invalid enctype"),
+                        optarg);
+                exit_status++;
+                return;
+            }
+            break;
+        case 's':
+            do_stash++;
+            break;
+        case '?':
+        default:
+            usage();
+            return;
+        }
+    }
+
+    if (new_master_enctype == ENCTYPE_UNKNOWN)
+        new_master_enctype = global_params.enctype;
+
+    retval = krb5_db_get_principal(util_context, master_princ, 0,
+                                   &master_entry);
+    if (retval != 0) {
+        com_err(progname, retval, _("while getting master key principal %s"),
+                mkey_fullname);
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    printf(_("Creating new master key for master key principal '%s'\n"),
+           mkey_fullname);
+
+    printf(_("You will be prompted for a new database Master Password.\n"));
+    printf(_("It is important that you NOT FORGET this password.\n"));
+    fflush(stdout);
+
+    pw_size = 1024;
+    pw_str = malloc(pw_size);
+    if (pw_str == NULL) {
+        com_err(progname, ENOMEM, _("while creating new master key"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
+                                pw_str, &pw_size);
+    if (retval) {
+        com_err(progname, retval,
+                _("while reading new master key from keyboard"));
+        exit_status++;
+        goto cleanup_return;
+    }
+    new_mkey_password = pw_str;
+
+    pwd.data = new_mkey_password;
+    pwd.length = strlen(new_mkey_password);
+    retval = krb5_principal2salt(util_context, master_princ, &master_salt);
+    if (retval) {
+        com_err(progname, retval, _("while calculating master key salt"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    retval = krb5_c_string_to_key(util_context, new_master_enctype,
+                                  &pwd, &master_salt, &new_mkeyblock);
+    if (retval) {
+        com_err(progname, retval,
+                _("while transforming master key from password"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    new_mkey_kvno = get_next_kvno(util_context, master_entry);
+    retval = add_new_mkey(util_context, master_entry, &new_mkeyblock,
+                          new_mkey_kvno);
+    if (retval) {
+        com_err(progname, retval,
+                _("adding new master key to master principal"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_timeofday(util_context, &now))) {
+        com_err(progname, retval, _("while getting current time"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry,
+                                                 now, master_princ))) {
+        com_err(progname, retval, _("while updating the master key principal "
+                                    "modification time"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_db_put_principal(util_context, master_entry))) {
+        com_err(progname, retval, _("while adding master key entry to the "
+                                    "database"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if (do_stash) {
+        retval = krb5_db_store_master_key(util_context,
+                                          global_params.stash_file,
+                                          master_princ,
+                                          new_mkey_kvno,
+                                          &new_mkeyblock,
+                                          mkey_password);
+        if (retval) {
+            com_err(progname, retval, _("while storing key"));
+            printf(_("Warning: couldn't stash master key.\n"));
+        }
+    }
+
+cleanup_return:
+    /* clean up */
+    krb5_db_free_principal(util_context, master_entry);
+    zap((char *)new_mkeyblock.contents, new_mkeyblock.length);
+    free(new_mkeyblock.contents);
+    if (pw_str) {
+        zap(pw_str, pw_size);
+        free(pw_str);
+    }
+    free(master_salt.data);
+    return;
+}
+
+void
+kdb5_use_mkey(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    krb5_kvno  use_kvno;
+    krb5_timestamp now, start_time;
+    krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL,
+        *prev_actkvno, *cur_actkvno;
+    krb5_db_entry *master_entry = NULL;
+    krb5_keylist_node *keylist_node;
+    krb5_boolean inserted = FALSE;
+    krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
+
+    if (argc < 2 || argc > 3) {
+        /* usage calls exit */
+        usage();
+    }
+
+    use_kvno = atoi(argv[1]);
+    if (use_kvno == 0) {
+        com_err(progname, EINVAL, _("0 is an invalid KVNO value"));
+        exit_status++;
+        return;
+    } else {
+        /* verify use_kvno is valid */
+        for (keylist_node = master_keylist; keylist_node != NULL;
+             keylist_node = keylist_node->next) {
+            if (use_kvno == keylist_node->kvno)
+                break;
+        }
+        if (!keylist_node) {
+            com_err(progname, EINVAL, _("%d is an invalid KVNO value"),
+                    use_kvno);
+            exit_status++;
+            return;
+        }
+    }
+
+    if ((retval = krb5_timeofday(util_context, &now))) {
+        com_err(progname, retval, _("while getting current time"));
+        exit_status++;
+        return;
+    }
+
+    if (argc == 3) {
+        time_t t = get_date(argv[2]);
+        if (t == -1) {
+            com_err(progname, 0, _("could not parse date-time string '%s'"),
+                    argv[2]);
+            exit_status++;
+            return;
+        } else
+            start_time = (krb5_timestamp) t;
+    } else {
+        start_time = now;
+    }
+
+    /*
+     * Need to:
+     *
+     * 1. get mkey princ
+     * 2. get krb5_actkvno_node list
+     * 3. add use_kvno to actkvno list (sorted in right spot)
+     * 4. update mkey princ's tl data
+     * 5. put mkey princ.
+     */
+
+    retval = krb5_db_get_principal(util_context, master_princ, 0,
+                                   &master_entry);
+    if (retval != 0) {
+        com_err(progname, retval, _("while getting master key principal %s"),
+                mkey_fullname);
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
+    if (retval != 0) {
+        com_err(progname, retval,
+                _("while looking up active version of master key"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    /*
+     * If an entry already exists with the same kvno either delete it or if it's
+     * the only entry, just set its active time.
+     */
+    for (prev_actkvno = NULL, cur_actkvno = actkvno_list;
+         cur_actkvno != NULL;
+         prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) {
+
+        if (cur_actkvno->act_kvno == use_kvno) {
+            /* delete it */
+            if (prev_actkvno) {
+                prev_actkvno->next = cur_actkvno->next;
+                cur_actkvno->next = NULL;
+                krb5_dbe_free_actkvno_list(util_context, cur_actkvno);
+            } else {
+                if (cur_actkvno->next) {
+                    /* delete it from front of list */
+                    actkvno_list = cur_actkvno->next;
+                    cur_actkvno->next = NULL;
+                    krb5_dbe_free_actkvno_list(util_context, cur_actkvno);
+                } else {
+                    /* There's only one entry, go ahead and change the time */
+                    cur_actkvno->act_time = start_time;
+                    inserted = TRUE;
+                }
+            }
+            break;
+        }
+    }
+
+    if (!inserted) {
+        /* alloc enough space to hold new and existing key_data */
+        new_actkvno = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node));
+        if (new_actkvno == NULL) {
+            com_err(progname, ENOMEM, _("while adding new master key"));
+            exit_status++;
+            goto cleanup_return;
+        }
+        memset(new_actkvno, 0, sizeof(krb5_actkvno_node));
+        new_actkvno->act_kvno = use_kvno;
+        new_actkvno->act_time = start_time;
+
+        /* insert new act kvno node */
+
+        if (actkvno_list == NULL) {
+            /* new actkvno is the list */
+            actkvno_list = new_actkvno;
+        } else {
+            for (prev_actkvno = NULL, cur_actkvno = actkvno_list;
+                 cur_actkvno != NULL;
+                 prev_actkvno = cur_actkvno, cur_actkvno = cur_actkvno->next) {
+
+                if (ts_after(cur_actkvno->act_time, new_actkvno->act_time)) {
+                    if (prev_actkvno) {
+                        prev_actkvno->next = new_actkvno;
+                        new_actkvno->next = cur_actkvno;
+                    } else {
+                        new_actkvno->next = actkvno_list;
+                        actkvno_list = new_actkvno;
+                    }
+                    break;
+                } else if (cur_actkvno->next == NULL) {
+                    /* end of line, just add new node to end of list */
+                    cur_actkvno->next = new_actkvno;
+                    break;
+                }
+            }
+        }
+    }
+
+    if (ts_after(actkvno_list->act_time, now)) {
+        com_err(progname, EINVAL,
+                _("there must be one master key currently active"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_dbe_update_actkvno(util_context, master_entry,
+                                          actkvno_list))) {
+        com_err(progname, retval,
+                _("while updating actkvno data for master principal entry"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry,
+                                                 now, master_princ))) {
+        com_err(progname, retval, _("while updating the master key principal "
+                                    "modification time"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_db_put_principal(util_context, master_entry))) {
+        com_err(progname, retval,
+                _("while adding master key entry to the database"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+cleanup_return:
+    /* clean up */
+    krb5_db_free_principal(util_context, master_entry);
+    krb5_dbe_free_actkvno_list(util_context, actkvno_list);
+    return;
+}
+
+void
+kdb5_list_mkeys(int argc, char *argv[])
+{
+    krb5_error_code retval;
+    char *output_str = NULL, enctype[BUFSIZ];
+    krb5_kvno  act_kvno;
+    krb5_timestamp act_time;
+    krb5_actkvno_node *actkvno_list = NULL, *cur_actkvno;
+    krb5_db_entry *master_entry = NULL;
+    krb5_keylist_node  *cur_kb_node;
+    krb5_keyblock *act_mkey;
+    krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
+
+    if (master_keylist == NULL) {
+        com_err(progname, 0, _("master keylist not initialized"));
+        exit_status++;
+        return;
+    }
+
+    retval = krb5_db_get_principal(util_context, master_princ, 0,
+                                   &master_entry);
+    if (retval != 0) {
+        com_err(progname, retval, _("while getting master key principal %s"),
+                mkey_fullname);
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
+    if (retval != 0) {
+        com_err(progname, retval, _("while looking up active kvno list"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    retval = krb5_dbe_find_act_mkey(util_context, actkvno_list, &act_kvno,
+                                    &act_mkey);
+    if (retval != 0) {
+        com_err(progname, retval, _("while looking up active master key"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    printf("Master keys for Principal: %s\n", mkey_fullname);
+
+    for (cur_kb_node = master_keylist; cur_kb_node != NULL;
+         cur_kb_node = cur_kb_node->next) {
+
+        if ((retval = krb5_enctype_to_name(cur_kb_node->keyblock.enctype,
+                                           FALSE, enctype, sizeof(enctype)))) {
+            com_err(progname, retval, _("while getting enctype description"));
+            exit_status++;
+            goto cleanup_return;
+        }
+
+        act_time = -1; /* assume actkvno entry not found */
+        for (cur_actkvno = actkvno_list; cur_actkvno != NULL;
+             cur_actkvno = cur_actkvno->next) {
+            if (cur_actkvno->act_kvno == cur_kb_node->kvno) {
+                act_time = cur_actkvno->act_time;
+                break;
+            }
+        }
+
+        if (cur_kb_node->kvno == act_kvno) {
+            /* * indicates kvno is currently active */
+            retval = asprintf(&output_str,
+                              _("KVNO: %d, Enctype: %s, Active on: %s *\n"),
+                              cur_kb_node->kvno, enctype, strdate(act_time));
+        } else {
+            if (act_time != -1) {
+                retval = asprintf(&output_str,
+                                  _("KVNO: %d, Enctype: %s, Active on: %s\n"),
+                                  cur_kb_node->kvno, enctype, strdate(act_time));
+            } else {
+                retval = asprintf(&output_str,
+                                  _("KVNO: %d, Enctype: %s, No activate time "
+                                    "set\n"), cur_kb_node->kvno, enctype);
+            }
+        }
+        if (retval == -1) {
+            com_err(progname, ENOMEM, _("asprintf could not allocate enough "
+                                        "memory to hold output"));
+            exit_status++;
+            goto cleanup_return;
+        }
+        printf("%s", output_str);
+        free(output_str);
+        output_str = NULL;
+    }
+
+cleanup_return:
+    /* clean up */
+    krb5_db_free_principal(util_context, master_entry);
+    free(output_str);
+    krb5_dbe_free_actkvno_list(util_context, actkvno_list);
+    return;
+}
+
+struct update_enc_mkvno {
+    unsigned int re_match_count;
+    unsigned int already_current;
+    unsigned int updated;
+    unsigned int dry_run : 1;
+    unsigned int verbose : 1;
+#ifdef SOLARIS_REGEXPS
+    char *expbuf;
+#endif
+#ifdef POSIX_REGEXPS
+    regex_t preg;
+#endif
+#if !defined(SOLARIS_REGEXPS) && !defined(POSIX_REGEXPS)
+    unsigned char placeholder;
+#endif
+};
+
+/* XXX Duplicated in libkadm5srv! */
+/*
+ * Function: glob_to_regexp
+ *
+ * Arguments:
+ *
+ *      glob    (r) the shell-style glob (?*[]) to convert
+ *      realm   (r) the default realm to append, or NULL
+ *      regexp  (w) the ed-style regexp created from glob
+ *
+ * Effects:
+ *
+ * regexp is filled in with allocated memory contained a regular
+ * expression to be used with re_comp/compile that matches what the
+ * shell-style glob would match.  If glob does not contain an "@"
+ * character and realm is not NULL, "@*" is appended to the regexp.
+ *
+ * Conversion algorithm:
+ *
+ *      quoted characters are copied quoted
+ *      ? is converted to .
+ *      * is converted to .*
+ *      active characters are quoted: ^, $, .
+ *      [ and ] are active but supported and have the same meaning, so
+ *              they are copied
+ *      other characters are copied
+ *      regexp is anchored with ^ and $
+ */
+static int glob_to_regexp(char *glob, char *realm, char **regexp)
+{
+    int append_realm;
+    char *p;
+
+    /* validate the glob */
+    if (glob[strlen(glob)-1] == '\\')
+        return EINVAL;
+
+    /* A character of glob can turn into two in regexp, plus ^ and $ */
+    /* and trailing null.  If glob has no @, also allocate space for */
+    /* the realm. */
+    append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
+    p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
+    if (p == NULL)
+        return ENOMEM;
+    *regexp = p;
+
+    *p++ = '^';
+    while (*glob) {
+        switch (*glob) {
+        case '?':
+            *p++ = '.';
+            break;
+        case '*':
+            *p++ = '.';
+            *p++ = '*';
+            break;
+        case '.':
+        case '^':
+        case '$':
+            *p++ = '\\';
+            *p++ = *glob;
+            break;
+        case '\\':
+            *p++ = '\\';
+            *p++ = *++glob;
+            break;
+        default:
+            *p++ = *glob;
+            break;
+        }
+        glob++;
+    }
+
+    if (append_realm) {
+        *p++ = '@';
+        *p++ = '.';
+        *p++ = '*';
+    }
+
+    *p++ = '$';
+    *p++ = '\0';
+    return 0;
+}
+
+static int
+update_princ_encryption_1(void *cb, krb5_db_entry *ent)
+{
+    struct update_enc_mkvno *p = cb;
+    char *pname = 0;
+    krb5_error_code retval;
+    int match;
+    krb5_timestamp now;
+    int result;
+    krb5_kvno old_mkvno;
+
+    retval = krb5_unparse_name(util_context, ent->princ, &pname);
+    if (retval) {
+        com_err(progname, retval,
+                _("getting string representation of principal name"));
+        goto fail;
+    }
+
+    if (krb5_principal_compare(util_context, ent->princ, master_princ)) {
+        goto skip;
+    }
+
+#ifdef SOLARIS_REGEXPS
+    match = (step(pname, p->expbuf) != 0);
+#endif
+#ifdef POSIX_REGEXPS
+    match = (regexec(&p->preg, pname, 0, NULL, 0) == 0);
+#endif
+#ifdef BSD_REGEXPS
+    match = (re_exec(pname) != 0);
+#endif
+    if (!match) {
+        goto skip;
+    }
+    p->re_match_count++;
+    retval = krb5_dbe_get_mkvno(util_context, ent, &old_mkvno);
+    if (retval) {
+        com_err(progname, retval,
+                _("determining master key used for principal '%s'"), pname);
+        goto fail;
+    }
+    /* Line up "skip" and "update" messages for viewing.  */
+    if (old_mkvno == new_mkvno) {
+        if (p->dry_run && p->verbose)
+            printf(_("would skip:   %s\n"), pname);
+        else if (p->verbose)
+            printf(_("skipping: %s\n"), pname);
+        p->already_current++;
+        goto skip;
+    }
+    if (p->dry_run) {
+        if (p->verbose)
+            printf(_("would update: %s\n"), pname);
+        p->updated++;
+        goto skip;
+    } else if (p->verbose)
+        printf(_("updating: %s\n"), pname);
+    retval = master_key_convert (util_context, ent);
+    if (retval) {
+        com_err(progname, retval,
+                _("error re-encrypting key for principal '%s'"), pname);
+        goto fail;
+    }
+    if ((retval = krb5_timeofday(util_context, &now))) {
+        com_err(progname, retval, _("while getting current time"));
+        goto fail;
+    }
+
+    if ((retval = krb5_dbe_update_mod_princ_data(util_context, ent,
+                                                 now, master_princ))) {
+        com_err(progname, retval,
+                _("while updating principal '%s' modification time"), pname);
+        goto fail;
+    }
+
+    ent->mask |= KADM5_KEY_DATA;
+
+    if ((retval = krb5_db_put_principal(util_context, ent))) {
+        com_err(progname, retval, _("while updating principal '%s' key data "
+                                    "in the database"), pname);
+        goto fail;
+    }
+    p->updated++;
+skip:
+    result = 0;
+    goto egress;
+fail:
+    exit_status++;
+    result = 1;
+egress:
+    if (pname)
+        krb5_free_unparsed_name(util_context, pname);
+    return result;
+}
+
+extern int are_you_sure (const char *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 1, 2)))
+#endif
+    ;
+
+int
+are_you_sure (const char *format, ...)
+{
+    va_list va;
+    char ansbuf[100];
+
+    va_start(va, format);
+    vprintf(format, va);
+    va_end(va);
+    printf(_("\n(type 'yes' to confirm)? "));
+    fflush(stdout);
+    if (fgets(ansbuf, sizeof(ansbuf), stdin) == NULL)
+        return 0;
+    if (strcmp(ansbuf, "yes\n"))
+        return 0;
+    return 1;
+}
+
+void
+kdb5_update_princ_encryption(int argc, char *argv[])
+{
+    struct update_enc_mkvno data = { 0 };
+    char *name_pattern = NULL;
+    int force = 0;
+    int optchar;
+    krb5_error_code retval;
+    krb5_actkvno_node *actkvno_list = 0;
+    krb5_db_entry *master_entry = NULL;
+#ifdef BSD_REGEXPS
+    char *msg;
+#endif
+    char *regexp = NULL;
+    krb5_keyblock *act_mkey;
+    krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(util_context);
+    krb5_flags iterflags = 0;
+
+    while ((optchar = getopt(argc, argv, "fnv")) != -1) {
+        switch (optchar) {
+        case 'f':
+            force = 1;
+            break;
+        case 'n':
+            data.dry_run = 1;
+            break;
+        case 'v':
+            data.verbose = 1;
+            break;
+        case '?':
+        case ':':
+        default:
+            usage();
+        }
+    }
+    if (argv[optind] != NULL) {
+        name_pattern = argv[optind];
+        if (argv[optind+1] != NULL)
+            usage();
+    }
+
+    if (master_keylist == NULL) {
+        com_err(progname, 0, _("master keylist not initialized"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    /* The glob_to_regexp code only cares if the "realm" parameter is
+       NULL or not; the string data is irrelevant.  */
+    if (name_pattern == NULL)
+        name_pattern = "*";
+    if (glob_to_regexp(name_pattern, "hi", &regexp) != 0) {
+        com_err(progname, ENOMEM,
+                _("converting glob pattern '%s' to regular expression"),
+                name_pattern);
+        exit_status++;
+        goto cleanup;
+    }
+
+    if (
+#ifdef SOLARIS_REGEXPS
+        ((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
+#endif
+#ifdef POSIX_REGEXPS
+        ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0)
+#endif
+#ifdef BSD_REGEXPS
+        ((msg = (char *) re_comp(regexp)) != NULL)
+#endif
+    ) {
+        /* XXX syslog msg or regerr(regerrno) */
+        com_err(progname, 0, _("error compiling converted regexp '%s'"),
+                regexp);
+        exit_status++;
+        goto cleanup;
+    }
+
+    retval = krb5_db_get_principal(util_context, master_princ, 0,
+                                   &master_entry);
+    if (retval != 0) {
+        com_err(progname, retval, _("while getting master key principal %s"),
+                mkey_fullname);
+        exit_status++;
+        goto cleanup;
+    }
+
+    retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
+    if (retval != 0) {
+        com_err(progname, retval, _("while looking up active kvno list"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    retval = krb5_dbe_find_act_mkey(util_context, actkvno_list, &new_mkvno,
+                                    &act_mkey);
+    if (retval) {
+        com_err(progname, retval, _("while looking up active master key"));
+        exit_status++;
+        goto cleanup;
+    }
+    new_master_keyblock = *act_mkey;
+
+    if (!force &&
+        !data.dry_run &&
+        !are_you_sure(_("Re-encrypt all keys not using master key vno %u?"),
+                      new_mkvno)) {
+        printf(_("OK, doing nothing.\n"));
+        exit_status++;
+        goto cleanup;
+    }
+    if (data.verbose) {
+        if (data.dry_run) {
+            printf(_("Principals whose keys WOULD BE re-encrypted to master "
+                     "key vno %u:\n"), new_mkvno);
+        } else {
+            printf(_("Principals whose keys are being re-encrypted to master "
+                     "key vno %u if necessary:\n"), new_mkvno);
+        }
+    }
+
+    if (!data.dry_run) {
+        /* Grab a write lock so we don't have to upgrade to a write lock and
+         * reopen the DB while iterating. */
+        iterflags = KRB5_DB_ITER_WRITE;
+    }
+
+    retval = krb5_db_iterate(util_context, name_pattern,
+                             update_princ_encryption_1, &data, iterflags);
+    /* If exit_status is set, then update_princ_encryption_1 already
+       printed a message.  */
+    if (retval != 0 && exit_status == 0) {
+        com_err(progname, retval, _("trying to process principal database"));
+        exit_status++;
+    }
+    if (data.dry_run) {
+        printf(_("%u principals processed: %u would be updated, %u already "
+                 "current\n"),
+               data.re_match_count, data.updated, data.already_current);
+    } else {
+        printf(_("%u principals processed: %u updated, %u already current\n"),
+               data.re_match_count, data.updated, data.already_current);
+    }
+
+cleanup:
+    krb5_db_free_principal(util_context, master_entry);
+    free(regexp);
+#ifdef POSIX_REGEXPS
+    regfree(&data.preg);
+#endif
+    memset(&new_master_keyblock, 0, sizeof(new_master_keyblock));
+    krb5_dbe_free_actkvno_list(util_context, actkvno_list);
+}
+
+struct kvnos_in_use {
+    krb5_kvno               kvno;
+    unsigned int            use_count;
+};
+
+struct purge_args {
+    krb5_context         kcontext;
+    struct kvnos_in_use  *kvnos;
+    unsigned int         num_kvnos;
+};
+
+static krb5_error_code
+find_mkvnos_in_use(krb5_pointer   ptr,
+                   krb5_db_entry *entry)
+{
+    krb5_error_code retval;
+    struct purge_args * args;
+    unsigned int i;
+    krb5_kvno mkvno;
+
+    args = (struct purge_args *) ptr;
+
+    retval = krb5_dbe_get_mkvno(args->kcontext, entry, &mkvno);
+    if (retval)
+        return (retval);
+
+    for (i = 0; i < args->num_kvnos; i++) {
+        if (args->kvnos[i].kvno == mkvno) {
+            /* XXX do I need to worry about use_count wrapping? */
+            args->kvnos[i].use_count++;
+            break;
+        }
+    }
+    return 0;
+}
+
+void
+kdb5_purge_mkeys(int argc, char *argv[])
+{
+    int optchar;
+    krb5_error_code retval;
+    krb5_timestamp now;
+    krb5_db_entry *master_entry = NULL;
+    krb5_boolean force = FALSE, dry_run = FALSE, verbose = FALSE;
+    struct purge_args args;
+    char buf[5];
+    unsigned int i, j, k, num_kvnos_inuse, num_kvnos_purged;
+    unsigned int old_key_data_count;
+    krb5_actkvno_node *actkvno_list = NULL, *actkvno_entry, *prev_actkvno_entry;
+    krb5_mkey_aux_node *mkey_aux_list = NULL, *mkey_aux_entry, *prev_mkey_aux_entry;
+    krb5_key_data *old_key_data;
+
+    /*
+     * Verify that the master key list has been initialized before doing
+     * anything else.
+     */
+    if (krb5_db_mkey_list_alias(util_context) == NULL) {
+        com_err(progname, KRB5_KDB_DBNOTINITED,
+                _("master keylist not initialized"));
+        exit_status++;
+        return;
+    }
+
+    memset(&args, 0, sizeof(args));
+
+    optind = 1;
+    while ((optchar = getopt(argc, argv, "fnv")) != -1) {
+        switch(optchar) {
+        case 'f':
+            force = TRUE;
+            break;
+        case 'n':
+            dry_run = TRUE; /* mkey princ will not be modified */
+            force = TRUE; /* implied */
+            break;
+        case 'v':
+            verbose = TRUE;
+            break;
+        case '?':
+        default:
+            usage();
+            return;
+        }
+    }
+
+    retval = krb5_db_get_principal(util_context, master_princ, 0,
+                                   &master_entry);
+    if (retval != 0) {
+        com_err(progname, retval, _("while getting master key principal %s"),
+                mkey_fullname);
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if (!force) {
+        printf(_("Will purge all unused master keys stored in the '%s' "
+                 "principal, are you sure?\n"), mkey_fullname);
+        printf(_("(type 'yes' to confirm)? "));
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++;
+            goto cleanup_return;
+        }
+        if (strcmp(buf, "yes\n")) {
+            exit_status++;
+            goto cleanup_return;
+        }
+        printf(_("OK, purging unused master keys from '%s'...\n"),
+               mkey_fullname);
+    }
+
+    /* save the old keydata */
+    old_key_data_count = master_entry->n_key_data;
+    if (old_key_data_count == 1) {
+        if (verbose)
+            printf(_("There is only one master key which can not be "
+                     "purged.\n"));
+        goto cleanup_return;
+    }
+    old_key_data = master_entry->key_data;
+
+    args.kvnos = (struct kvnos_in_use *) malloc(sizeof(struct kvnos_in_use) * old_key_data_count);
+    if (args.kvnos == NULL) {
+        retval = ENOMEM;
+        com_err(progname, ENOMEM, _("while allocating args.kvnos"));
+        exit_status++;
+        goto cleanup_return;
+    }
+    memset(args.kvnos, 0, sizeof(struct kvnos_in_use) * old_key_data_count);
+    args.num_kvnos = old_key_data_count;
+    args.kcontext = util_context;
+
+    /* populate the kvnos array with all the current mkvnos */
+    for (i = 0; i < old_key_data_count; i++)
+        args.kvnos[i].kvno =  master_entry->key_data[i].key_data_kvno;
+
+    if ((retval = krb5_db_iterate(util_context,
+                                  NULL,
+                                  find_mkvnos_in_use,
+                                  (krb5_pointer) &args, 0))) {
+        com_err(progname, retval, _("while finding master keys in use"));
+        exit_status++;
+        goto cleanup_return;
+    }
+    /*
+     * args.kvnos has been marked with the mkvno's that are currently protecting
+     * princ entries
+     */
+    if (dry_run) {
+        printf(_("Would purge the following master key(s) from %s:\n"),
+               mkey_fullname);
+    } else {
+        printf(_("Purging the following master key(s) from %s:\n"),
+               mkey_fullname);
+    }
+
+    /* find # of keys still in use or print out verbose info */
+    for (i = num_kvnos_inuse = num_kvnos_purged = 0; i < args.num_kvnos; i++) {
+        if (args.kvnos[i].use_count > 0) {
+            num_kvnos_inuse++;
+        } else {
+            /* this key would be deleted */
+            if (args.kvnos[i].kvno == master_kvno) {
+                com_err(progname, KRB5_KDB_STORED_MKEY_NOTCURRENT,
+                        _("master key stash file needs updating, command "
+                          "aborting"));
+                exit_status++;
+                goto cleanup_return;
+            }
+            num_kvnos_purged++;
+            printf(_("KVNO: %d\n"), args.kvnos[i].kvno);
+        }
+    }
+    /* didn't find any keys to purge */
+    if (num_kvnos_inuse == args.num_kvnos) {
+        printf(_("All keys in use, nothing purged.\n"));
+        goto cleanup_return;
+    }
+    if (dry_run) {
+        /* bail before doing anything else */
+        printf(_("%d key(s) would be purged.\n"), num_kvnos_purged);
+        goto cleanup_return;
+    }
+
+    retval = krb5_dbe_lookup_actkvno(util_context, master_entry, &actkvno_list);
+    if (retval != 0) {
+        com_err(progname, retval, _("while looking up active kvno list"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    retval = krb5_dbe_lookup_mkey_aux(util_context, master_entry, &mkey_aux_list);
+    if (retval != 0) {
+        com_err(progname, retval, _("while looking up mkey aux data list"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    master_entry->key_data = (krb5_key_data *) malloc(sizeof(krb5_key_data) * num_kvnos_inuse);
+    if (master_entry->key_data == NULL) {
+        retval = ENOMEM;
+        com_err(progname, ENOMEM, _("while allocating key_data"));
+        exit_status++;
+        goto cleanup_return;
+    }
+    memset(master_entry->key_data, 0, sizeof(krb5_key_data) * num_kvnos_inuse);
+    master_entry->n_key_data = num_kvnos_inuse; /* there's only 1 mkey per kvno */
+
+    /*
+     * Assuming that the latest mkey will not be purged because it will always
+     * be "in use" so this code will not bother with encrypting keys again.
+     */
+    for (i = k = 0; i < old_key_data_count; i++) {
+        for (j = 0; j < args.num_kvnos; j++) {
+            if (args.kvnos[j].kvno == (krb5_kvno) old_key_data[i].key_data_kvno) {
+                if (args.kvnos[j].use_count != 0) {
+                    master_entry->key_data[k++] = old_key_data[i];
+                    memset(&old_key_data[i], 0, sizeof(old_key_data[i]));
+                    break;
+                } else {
+                    /* remove unused mkey */
+                    /* adjust the actkno data */
+                    for (prev_actkvno_entry = actkvno_entry = actkvno_list;
+                         actkvno_entry != NULL;
+                         actkvno_entry = actkvno_entry->next) {
+
+                        if (actkvno_entry->act_kvno == args.kvnos[j].kvno) {
+                            if (actkvno_entry == actkvno_list) {
+                                /* remove from head */
+                                actkvno_list = actkvno_entry->next;
+                            } else if (actkvno_entry->next == NULL) {
+                                /* remove from tail */
+                                prev_actkvno_entry->next = NULL;
+                            } else {
+                                /* remove in between */
+                                prev_actkvno_entry->next = actkvno_entry->next;
+                            }
+                            actkvno_entry->next = NULL;
+                            krb5_dbe_free_actkvno_list(util_context, actkvno_entry);
+                            break; /* deleted entry, no need to loop further */
+                        } else {
+                            prev_actkvno_entry = actkvno_entry;
+                        }
+                    }
+                    /* adjust the mkey aux data */
+                    for (prev_mkey_aux_entry = mkey_aux_entry = mkey_aux_list;
+                         mkey_aux_entry != NULL;
+                         mkey_aux_entry = mkey_aux_entry->next) {
+
+                        if (mkey_aux_entry->mkey_kvno == args.kvnos[j].kvno) {
+                            if (mkey_aux_entry == mkey_aux_list) {
+                                mkey_aux_list = mkey_aux_entry->next;
+                            } else if (mkey_aux_entry->next == NULL) {
+                                prev_mkey_aux_entry->next = NULL;
+                            } else {
+                                prev_mkey_aux_entry->next = mkey_aux_entry->next;
+                            }
+                            mkey_aux_entry->next = NULL;
+                            krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_entry);
+                            break; /* deleted entry, no need to loop further */
+                        } else {
+                            prev_mkey_aux_entry = mkey_aux_entry;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    assert(k == num_kvnos_inuse);
+
+    /* Free any key data entries we did not consume in the loop above. */
+    for (i = 0; i < old_key_data_count; i++)
+        krb5_dbe_free_key_data_contents(util_context, &old_key_data[i]);
+    free(old_key_data);
+
+    if ((retval = krb5_dbe_update_actkvno(util_context, master_entry,
+                                          actkvno_list))) {
+        com_err(progname, retval,
+                _("while updating actkvno data for master principal entry"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_dbe_update_mkey_aux(util_context, master_entry,
+                                           mkey_aux_list))) {
+        com_err(progname, retval,
+                _("while updating mkey_aux data for master principal entry"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_timeofday(util_context, &now))) {
+        com_err(progname, retval, _("while getting current time"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    if ((retval = krb5_dbe_update_mod_princ_data(util_context, master_entry,
+                                                 now, master_princ))) {
+        com_err(progname, retval, _("while updating the master key principal "
+                                    "modification time"));
+        exit_status++;
+        goto cleanup_return;
+    }
+
+    master_entry->mask |= KADM5_KEY_DATA | KADM5_TL_DATA;
+
+    if ((retval = krb5_db_put_principal(util_context, master_entry))) {
+        com_err(progname, retval,
+                _("while adding master key entry to the database"));
+        exit_status++;
+        goto cleanup_return;
+    }
+    printf(_("%d key(s) purged.\n"), num_kvnos_purged);
+
+cleanup_return:
+    krb5_db_free_principal(util_context, master_entry);
+    free(args.kvnos);
+    krb5_dbe_free_actkvno_list(util_context, actkvno_list);
+    krb5_dbe_free_mkey_aux_list(util_context, mkey_aux_list);
+    return;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kdb5_stash.c b/krb5-1.21.3/src/kadmin/dbutil/kdb5_stash.c
new file mode 100644
index 00000000..e05944f2
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kdb5_stash.c
@@ -0,0 +1,139 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/dbutil/kdb5_stash.c - Store the master database key in a file */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include <kadm5/admin.h>
+#include <stdio.h>
+#include "kdb5_util.h"
+
+extern krb5_keyblock master_keyblock;
+extern krb5_principal master_princ;
+extern kadm5_config_params global_params;
+
+extern int exit_status;
+extern int close_policy_db;
+
+void
+kdb5_stash(argc, argv)
+    int argc;
+    char *argv[];
+{
+    extern char *optarg;
+    extern int optind;
+    int optchar;
+    krb5_error_code retval;
+    char *keyfile = 0;
+    krb5_kvno mkey_kvno;
+
+    keyfile = global_params.stash_file;
+
+    optind = 1;
+    while ((optchar = getopt(argc, argv, "f:")) != -1) {
+        switch(optchar) {
+        case 'f':
+            keyfile = optarg;
+            break;
+        case '?':
+        default:
+            usage();
+            return;
+        }
+    }
+
+    if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
+        char tmp[32];
+        if (krb5_enctype_to_name(master_keyblock.enctype, FALSE,
+                                 tmp, sizeof(tmp)))
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                    _("while setting up enctype %d"), master_keyblock.enctype);
+        else
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, "%s", tmp);
+        exit_status++; return;
+    }
+
+    if (global_params.mask & KADM5_CONFIG_KVNO)
+        mkey_kvno = global_params.kvno; /* user specified */
+    else
+        mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */
+
+    if (!valid_master_key) {
+        /* TRUE here means read the keyboard, but only once */
+        retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                    master_keyblock.enctype,
+                                    TRUE, FALSE, (char *) NULL,
+                                    &mkey_kvno,
+                                    NULL, &master_keyblock);
+        if (retval) {
+            com_err(progname, retval, _("while reading master key"));
+            exit_status++; return;
+        }
+
+        retval = krb5_db_fetch_mkey_list(util_context, master_princ,
+                                         &master_keyblock);
+        if (retval) {
+            com_err(progname, retval, _("while getting master key list"));
+            exit_status++; return;
+        }
+    } else {
+        printf(_("Using existing stashed keys to update stash file.\n"));
+    }
+
+    retval = krb5_db_store_master_key_list(util_context, keyfile, master_princ,
+                                           NULL);
+    if (retval) {
+        com_err(progname, retval, _("while storing key"));
+        exit_status++; return;
+    }
+
+    exit_status = 0;
+    return;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kdb5_util.c b/krb5-1.21.3/src/kadmin/dbutil/kdb5_util.c
new file mode 100644
index 00000000..19a59250
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kdb5_util.c
@@ -0,0 +1,611 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/dbutil/kdb5_util.c - Administer a KDC database */
+/*
+ * (C) Copyright 1990,1991, 1996, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+#include <locale.h>
+#include <adm_proto.h>
+#include <time.h>
+#include "kdb5_util.h"
+
+/*
+ * XXX Ick, ick, ick.  These global variables shouldn't be global....
+ */
+char *mkey_password = 0;
+
+/*
+ * I can't figure out any way for this not to be global, given how ss
+ * works.
+ */
+
+int exit_status = 0;
+krb5_context util_context;
+kadm5_config_params global_params;
+
+void usage()
+{
+    fprintf(stderr,
+            _("Usage: kdb5_util [-r realm] [-d dbname] "
+              "[-k mkeytype] [-kv mkeyVNO]\n"
+              "\t        [-M mkeyname] [-m] [-sf stashfilename] "
+              "[-P password]\n"
+              "\t        [-x db_args]* cmd [cmd_options]\n"
+              "\tcreate  [-s]\n"
+              "\tdestroy [-f]\n"
+              "\tstash   [-f keyfile]\n"
+              "\tdump    [-b7|-r13|-r18] [-verbose]\n"
+              "\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
+              "\t        [-rev] [-recurse] [filename [princs...]]\n"
+              "\tload    [-b7|-r13|-r18] [-hash] [-verbose] [-update] "
+              "filename\n"
+              "\tark     [-e etype_list] principal\n"
+              "\tadd_mkey [-e etype] [-s]\n"
+              "\tuse_mkey kvno [time]\n"
+              "\tlist_mkeys\n"));
+    /* avoid a string length compiler warning */
+    fprintf(stderr,
+            _("\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
+              "\tpurge_mkeys [-f] [-n] [-v]\n"
+              "\ttabdump [-H] [-c] [-e] [-n] [-o outfile] dumptype\n"
+              "\nwhere,\n\t[-x db_args]* - any number of database specific "
+              "arguments.\n"
+              "\t\t\tLook at each database documentation for supported "
+              "arguments\n"));
+    exit(1);
+}
+
+krb5_keyblock master_keyblock;
+krb5_kvno   master_kvno; /* fetched */
+extern krb5_principal master_princ;
+char *mkey_fullname;
+krb5_db_entry *master_entry = NULL;
+int     valid_master_key = 0;
+
+char *progname;
+krb5_boolean manual_mkey = FALSE;
+krb5_boolean dbactive = FALSE;
+
+static int open_db_and_mkey(void);
+
+static void add_random_key(int, char **);
+
+typedef void (*cmd_func)(int, char **);
+
+struct _cmd_table {
+    char *name;
+    cmd_func func;
+    int opendb;
+} cmd_table[] = {
+    {"create", kdb5_create, 0},
+    {"destroy", kdb5_destroy, 1}, /* 1 opens the kdb */
+    {"stash", kdb5_stash, 1},
+    {"dump", dump_db, 1},
+    {"load", load_db, 0},
+    {"ark", add_random_key, 1},
+    {"add_mkey", kdb5_add_mkey, 1},
+    {"use_mkey", kdb5_use_mkey, 1},
+    {"list_mkeys", kdb5_list_mkeys, 1},
+    {"update_princ_encryption", kdb5_update_princ_encryption, 1},
+    {"purge_mkeys", kdb5_purge_mkeys, 1},
+    {"tabdump", tabdump, 1},
+    {NULL, NULL, 0},
+};
+
+static struct _cmd_table *cmd_lookup(name)
+    char *name;
+{
+    struct _cmd_table *cmd = cmd_table;
+    while (cmd->name) {
+        if (strcmp(cmd->name, name) == 0)
+            return cmd;
+        else
+            cmd++;
+    }
+
+    return NULL;
+}
+
+#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL))
+
+char **db5util_db_args = NULL;
+int    db5util_db_args_size = 0;
+
+static void extended_com_err_fn (const char *myprog, errcode_t code,
+                                 const char *fmt, va_list args)
+{
+    const char *emsg;
+    if (code) {
+        emsg = krb5_get_error_message (util_context, code);
+        fprintf (stderr, "%s: %s ", myprog, emsg);
+        krb5_free_error_message (util_context, emsg);
+    } else {
+        fprintf (stderr, "%s: ", myprog);
+    }
+    vfprintf (stderr, fmt, args);
+    fprintf (stderr, "\n");
+}
+
+int add_db_arg(char *arg)
+{
+    char **temp;
+    db5util_db_args_size++;
+    temp = realloc(db5util_db_args,
+                   sizeof(char *) * (db5util_db_args_size + 1));
+    if (temp == NULL)
+        return 0;
+    db5util_db_args = temp;
+    db5util_db_args[db5util_db_args_size-1] = arg;
+    db5util_db_args[db5util_db_args_size]   = NULL;
+    return 1;
+}
+
+int main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    struct _cmd_table *cmd = NULL;
+    char *koptarg, **cmd_argv;
+    char *db_name_tmp = NULL;
+    int cmd_argc;
+    krb5_error_code retval;
+
+    setlocale(LC_ALL, "");
+    set_com_err_hook(extended_com_err_fn);
+
+    /*
+     * Ensure that "progname" is set before calling com_err.
+     */
+    progname = (strrchr(argv[0], '/') ?
+                strrchr(argv[0], '/') + 1 : argv[0]);
+
+    retval = kadm5_init_krb5_context(&util_context);
+    if (retval) {
+        com_err (progname, retval, _("while initializing Kerberos code"));
+        exit(1);
+    }
+
+    cmd_argv = (char **) malloc(sizeof(char *)*argc);
+    if (cmd_argv == NULL) {
+        com_err(progname, ENOMEM, _("while creating sub-command arguments"));
+        exit(1);
+    }
+    memset(cmd_argv, 0, sizeof(char *)*argc);
+    cmd_argc = 0;
+
+    argv++; argc--;
+    while (*argv) {
+        if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+            mkey_password = koptarg;
+            manual_mkey = TRUE;
+        } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
+            global_params.dbname = koptarg;
+            global_params.mask |= KADM5_CONFIG_DBNAME;
+
+            if (asprintf(&db_name_tmp, "dbname=%s", global_params.dbname) < 0)
+            {
+                com_err(progname, ENOMEM,
+                        _("while parsing command arguments"));
+                exit(1);
+            }
+
+            if (!add_db_arg(db_name_tmp)) {
+                com_err(progname, ENOMEM,
+                        _("while parsing command arguments\n"));
+                exit(1);
+            }
+
+        } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) {
+            if (!add_db_arg(koptarg)) {
+                com_err(progname, ENOMEM,
+                        _("while parsing command arguments\n"));
+                exit(1);
+            }
+
+        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+            global_params.realm = koptarg;
+            global_params.mask |= KADM5_CONFIG_REALM;
+            /* not sure this is really necessary */
+            if ((retval = krb5_set_default_realm(util_context,
+                                                 global_params.realm))) {
+                com_err(progname, retval,
+                        _("while setting default realm name"));
+                exit(1);
+            }
+        } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+            if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
+                com_err(progname, EINVAL, _(": %s is an invalid enctype"),
+                        koptarg);
+                exit(1);
+            } else
+                global_params.mask |= KADM5_CONFIG_ENCTYPE;
+        } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
+            global_params.kvno = (krb5_kvno) atoi(koptarg);
+            if (global_params.kvno == IGNORE_VNO) {
+                com_err(progname, EINVAL, _(": %s is an invalid mkeyVNO"),
+                        koptarg);
+                exit(1);
+            } else
+                global_params.mask |= KADM5_CONFIG_KVNO;
+        } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+            global_params.mkey_name = koptarg;
+            global_params.mask |= KADM5_CONFIG_MKEY_NAME;
+        } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+            global_params.stash_file = koptarg;
+            global_params.mask |= KADM5_CONFIG_STASH_FILE;
+        } else if (strcmp(*argv, "-m") == 0) {
+            manual_mkey = TRUE;
+            global_params.mkey_from_kbd = 1;
+            global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else {
+            cmd_argv[cmd_argc++] = *argv;
+        }
+        argv++; argc--;
+    }
+
+    if (cmd_argv[0] == NULL)
+        usage();
+    cmd = cmd_lookup(cmd_argv[0]);
+    if (cmd == NULL)
+        usage();
+
+    if( !util_context->default_realm )
+    {
+        char *temp = NULL;
+        retval = krb5_get_default_realm(util_context, &temp);
+        if( retval )
+        {
+            com_err(progname, retval, _("while getting default realm"));
+            exit(1);
+        }
+        krb5_free_default_realm(util_context, temp);
+    }
+
+    retval = kadm5_get_config_params(util_context, 1,
+                                     &global_params, &global_params);
+    if (retval) {
+        com_err(progname, retval,
+                _("while retrieving configuration parameters"));
+        exit(1);
+    }
+
+    /*
+     * Dump creates files which should not be world-readable.  It is
+     * easiest to do a single umask call here.
+     */
+    (void) umask(077);
+
+    master_keyblock.enctype = global_params.enctype;
+    if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) &&
+        (!krb5_c_valid_enctype(master_keyblock.enctype))) {
+        com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                "while setting up enctype %d", master_keyblock.enctype);
+    }
+
+    if (cmd->opendb && open_db_and_mkey())
+        return exit_status;
+
+    if (global_params.iprop_enabled == TRUE)
+        ulog_set_role(util_context, IPROP_PRIMARY);
+    else
+        ulog_set_role(util_context, IPROP_NULL);
+
+    (*cmd->func)(cmd_argc, cmd_argv);
+
+    if( db_name_tmp )
+        free( db_name_tmp );
+
+    if( db5util_db_args )
+        free(db5util_db_args);
+
+    quit();
+    kadm5_free_config_params(util_context, &global_params);
+    krb5_free_context(util_context);
+    free(cmd_argv);
+    return exit_status;
+}
+
+/*
+ * open_db_and_mkey: Opens the KDC and policy database, and sets the
+ * global master_* variables.  Sets dbactive to TRUE if the databases
+ * are opened, and valid_master_key to 1 if the global master
+ * variables are set properly.  Returns 0 on success, and 1 on
+ * failure, but it is not considered a failure if the master key
+ * cannot be fetched (the master key stash file may not exist when the
+ * program is run).
+ */
+static int open_db_and_mkey()
+{
+    krb5_error_code retval;
+    krb5_data scratch, pwd, seed;
+
+    dbactive = FALSE;
+    valid_master_key = 0;
+
+    if ((retval = krb5_db_open(util_context, db5util_db_args,
+                               KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
+        com_err(progname, retval, _("while initializing database"));
+        exit_status++;
+        return(1);
+    }
+
+    /* assemble & parse the master key name */
+
+    if ((retval = krb5_db_setup_mkey_name(util_context,
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          &mkey_fullname, &master_princ))) {
+        com_err(progname, retval, _("while setting up master key name"));
+        exit_status++;
+        return(1);
+    }
+    if ((retval = krb5_db_get_principal(util_context, master_princ, 0,
+                                        &master_entry))) {
+        com_err(progname, retval, _("while retrieving master entry"));
+        exit_status++;
+        (void) krb5_db_fini(util_context);
+        return(1);
+    }
+
+    if (global_params.mask & KADM5_CONFIG_KVNO)
+        master_kvno = global_params.kvno; /* user specified */
+    else
+        master_kvno = IGNORE_VNO;
+
+    /* the databases are now open, and the master principal exists */
+    dbactive = TRUE;
+
+    if (mkey_password) {
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(util_context, master_princ, &scratch);
+        if (retval) {
+            com_err(progname, retval, _("while calculated master key salt"));
+            exit_status++;
+            return(1);
+        }
+
+        /* If no encryption type is set, use the default */
+        if (master_keyblock.enctype == ENCTYPE_UNKNOWN)
+            master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+        if (!krb5_c_valid_enctype(master_keyblock.enctype))
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                    "while setting up enctype %d",
+                    master_keyblock.enctype);
+
+        retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
+                                      &pwd, &scratch, &master_keyblock);
+        if (retval) {
+            com_err(progname, retval,
+                    _("while transforming master key from password"));
+            exit_status++;
+            return(1);
+        }
+        free(scratch.data);
+        mkey_password = 0;
+
+    } else {
+        if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                         master_keyblock.enctype,
+                                         manual_mkey, FALSE,
+                                         global_params.stash_file,
+                                         &master_kvno,
+                                         0, &master_keyblock))) {
+            com_err(progname, retval, _("while reading master key"));
+            com_err(progname, 0, _("Warning: proceeding without master key"));
+            exit_status++;
+            return(0);
+        }
+    }
+
+    if ((retval = krb5_db_fetch_mkey_list(util_context, master_princ,
+                                          &master_keyblock))) {
+        com_err(progname, retval, "while getting master key list");
+        com_err(progname, 0, "Warning: proceeding without master key list");
+        exit_status++;
+        return(0);
+    }
+
+    seed.length = master_keyblock.length;
+    seed.data = (char *) master_keyblock.contents;
+
+    if ((retval = krb5_c_random_seed(util_context, &seed))) {
+        com_err(progname, retval, _("while seeding random number generator"));
+        exit_status++;
+        memset(master_keyblock.contents, 0, master_keyblock.length);
+        krb5_free_keyblock_contents(util_context, &master_keyblock);
+        return(1);
+    }
+
+    if (global_params.iprop_enabled) {
+        if (ulog_map(util_context, global_params.iprop_logfile,
+                     global_params.iprop_ulogsize)) {
+            fprintf(stderr, _("%s: Could not map log\n"), progname);
+            exit_status++;
+            return(1);
+        }
+    }
+
+    valid_master_key = 1;
+    dbactive = TRUE;
+    return 0;
+}
+
+#ifdef HAVE_GETCWD
+#undef getwd
+#endif
+
+int
+quit()
+{
+    krb5_error_code retval;
+    static krb5_boolean finished = 0;
+
+    if (finished)
+        return 0;
+    ulog_fini(util_context);
+    retval = krb5_db_fini(util_context);
+    zapfree(master_keyblock.contents, master_keyblock.length);
+    krb5_free_principal(util_context, master_princ);
+    finished = TRUE;
+    if (retval && retval != KRB5_KDB_DBNOTINITED) {
+        com_err(progname, retval, _("while closing database"));
+        exit_status++;
+        return 1;
+    }
+    return 0;
+}
+
+static void
+add_random_key(argc, argv)
+    int argc;
+    char **argv;
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    krb5_db_entry *dbent;
+    krb5_timestamp now;
+
+    krb5_key_salt_tuple *keysalts = NULL;
+    krb5_int32 num_keysalts = 0;
+
+    int free_keysalts;
+    char *me = progname;
+    char *ks_str = NULL;
+    char *pr_str;
+    krb5_keyblock *tmp_mkey;
+
+    if (argc < 2)
+        usage();
+    for (argv++, argc--; *argv; argv++, argc--) {
+        if (!strcmp(*argv, "-e")) {
+            argv++; argc--;
+            ks_str = *argv;
+            continue;
+        } else
+            break;
+    }
+    if (argc < 1)
+        usage();
+    pr_str = *argv;
+    ret = krb5_parse_name(util_context, pr_str, &princ);
+    if (ret) {
+        com_err(me, ret, _("while parsing principal name %s"), pr_str);
+        exit_status++;
+        return;
+    }
+    ret = krb5_db_get_principal(util_context, princ, 0, &dbent);
+    if (ret) {
+        com_err(me, ret, _("while fetching principal %s"), pr_str);
+        exit_status++;
+        return;
+    }
+    ret = krb5_string_to_keysalts(ks_str,
+                                  NULL, NULL, 0,
+                                  &keysalts,
+                                  &num_keysalts);
+    if (ret) {
+        com_err(me, ret, _("while parsing keysalts %s"), ks_str);
+        exit_status++;
+        return;
+    }
+    if (!num_keysalts || keysalts == NULL) {
+        num_keysalts = global_params.num_keysalts;
+        keysalts = global_params.keysalts;
+        free_keysalts = 0;
+    } else
+        free_keysalts = 1;
+
+    /* Find the mkey used to protect the existing keys */
+    ret = krb5_dbe_find_mkey(util_context, dbent, &tmp_mkey);
+    if (ret) {
+        com_err(me, ret, _("while finding mkey"));
+        krb5_db_free_principal(util_context, dbent);
+        exit_status++;
+        return;
+    }
+
+    ret = krb5_dbe_ark(util_context, tmp_mkey, keysalts, num_keysalts, dbent);
+    if (free_keysalts)
+        free(keysalts);
+    if (ret) {
+        com_err(me, ret, "while randomizing principal %s", pr_str);
+        krb5_db_free_principal(util_context, dbent);
+        exit_status++;
+        return;
+    }
+    dbent->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+    ret = krb5_timeofday(util_context, &now);
+    if (ret) {
+        com_err(me, ret, _("while getting time"));
+        krb5_db_free_principal(util_context, dbent);
+        exit_status++;
+        return;
+    }
+    ret = krb5_dbe_update_last_pwd_change(util_context, dbent, now);
+    if (ret) {
+        com_err(me, ret, _("while setting changetime"));
+        krb5_db_free_principal(util_context, dbent);
+        exit_status++;
+        return;
+    }
+    ret = krb5_db_put_principal(util_context, dbent);
+    krb5_db_free_principal(util_context, dbent);
+    if (ret) {
+        com_err(me, ret, _("while saving principal %s"), pr_str);
+        exit_status++;
+        return;
+    }
+    printf(_("%s changed\n"), pr_str);
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/kdb5_util.h b/krb5-1.21.3/src/kadmin/dbutil/kdb5_util.h
new file mode 100644
index 00000000..69e186d4
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/kdb5_util.h
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/dbutil/kdb5_util.h */
+/*
+ * Copyright 1992, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <kdb_log.h>
+
+#define REALM_SEP       '@'
+#define REALM_SEP_STR   "@"
+
+extern char *progname;
+#ifndef V4_DECLARES_STATIC
+extern krb5_keyblock master_keyblock;
+extern krb5_principal master_princ;
+#endif
+extern krb5_boolean dbactive;
+extern int exit_status;
+extern krb5_context util_context;
+extern kadm5_config_params global_params;
+extern int valid_master_key;
+extern krb5_db_entry master_db;
+extern char **db5util_db_args;
+extern int    db5util_db_args_size;
+extern krb5_kvno new_mkvno;
+extern krb5_keyblock new_master_keyblock;
+extern int add_db_arg(char *arg);
+
+extern void usage(void);
+
+extern void add_key
+(char const *, char const *,
+ krb5_const_principal, const krb5_keyblock *,
+ krb5_kvno, krb5_keysalt *);
+extern int set_dbname_help
+(char *, char *);
+
+extern char *kdb5_util_Init (int, char **);
+
+extern int quit (void);
+
+extern int check_for_match
+(char *, int, krb5_db_entry *, int, int);
+
+extern void parse_token
+(char *, int *, int *, char *);
+
+extern int create_db_entry (krb5_principal, krb5_db_entry *);
+
+extern int kadm5_create_magic_princs (kadm5_config_params *params,
+                                      krb5_context context);
+
+extern int process_ov_principal (krb5_context kcontext, const char *fname,
+                                 FILE *filep, krb5_boolean verbose,
+                                 int *linenop);
+
+extern void load_db (int argc, char **argv);
+extern void dump_db (int argc, char **argv);
+extern void kdb5_create (int argc, char **argv);
+extern void kdb5_destroy (int argc, char **argv);
+extern void kdb5_stash (int argc, char **argv);
+extern void kdb5_add_mkey (int argc, char **argv);
+extern void kdb5_use_mkey (int argc, char **argv);
+extern void kdb5_list_mkeys (int argc, char **argv);
+extern void kdb5_update_princ_encryption (int argc, char **argv);
+extern void tabdump (int argc, char **argv);
+
+extern krb5_error_code master_key_convert(krb5_context context,
+                                          krb5_db_entry *db_entry);
+extern void kdb5_purge_mkeys (int argc, char **argv);
+
+extern int kadm5_create (kadm5_config_params *params);
+
+extern krb5_error_code add_new_mkey(krb5_context, krb5_db_entry *,
+                                    krb5_keyblock *, krb5_kvno);
+
+extern krb5_kvno get_next_kvno(krb5_context, krb5_db_entry *);
+
+void usage (void);
diff --git a/krb5-1.21.3/src/kadmin/dbutil/nstrtok.h b/krb5-1.21.3/src/kadmin/dbutil/nstrtok.h
new file mode 100644
index 00000000..3ee8f634
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/nstrtok.h
@@ -0,0 +1,3 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* Prototype for nstrtok */
+char *nstrtok(char *, const char *delim);
diff --git a/krb5-1.21.3/src/kadmin/dbutil/ovload.c b/krb5-1.21.3/src/kadmin/dbutil/ovload.c
new file mode 100644
index 00000000..15a5ab30
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/ovload.c
@@ -0,0 +1,205 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include    <k5-int.h>
+#include    <unistd.h>
+
+#include <kadm5/admin.h>
+#include <kadm5/server_internal.h>
+#include    <kdb.h>
+#include    "import_err.h"
+#include    "kdb5_util.h"
+#include    "nstrtok.h"
+
+#define LINESIZE        32768 /* XXX */
+
+static int parse_pw_hist_ent(current, hist)
+    char *current;
+    osa_pw_hist_ent *hist;
+{
+    int tmp, i, j, ret;
+    char *cp;
+
+    ret = 0;
+    hist->n_key_data = 1;
+
+    hist->key_data = (krb5_key_data *) malloc(hist->n_key_data *
+                                              sizeof(krb5_key_data));
+    if (hist->key_data == NULL)
+        return ENOMEM;
+    memset(hist->key_data, 0, sizeof(krb5_key_data)*hist->n_key_data);
+
+    for (i = 0; i < hist->n_key_data; i++) {
+        krb5_key_data *key_data = &hist->key_data[i];
+
+        key_data->key_data_ver = 1;
+
+        if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+            com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+            ret = IMPORT_FAILED;
+            goto done;
+        }
+        key_data->key_data_type[0] = atoi(cp);
+
+        if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+            com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+            ret =  IMPORT_FAILED;
+            goto done;
+        }
+        key_data->key_data_length[0] = atoi(cp);
+
+        if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+            com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+            ret = IMPORT_FAILED;
+            goto done;
+        }
+        if(!(key_data->key_data_contents[0] =
+             (krb5_octet *) malloc(key_data->key_data_length[0]+1))) {
+            ret = ENOMEM;
+            goto done;
+        }
+        for(j = 0; j < key_data->key_data_length[0]; j++) {
+            if(sscanf(cp, "%02x", &tmp) != 1) {
+                com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+                ret = IMPORT_FAILED;
+                goto done;
+            }
+            key_data->key_data_contents[0][j] = tmp;
+            cp = strchr(cp, ' ') + 1;
+        }
+    }
+
+done:
+    return ret;
+}
+
+/*
+ * Function: parse_principal
+ *
+ * Purpose: parse principal line in db dump file
+ *
+ * Arguments:
+ *      <return value>  0 on success, error code on failure
+ *
+ * Requires:
+ *      principal database to be opened.
+ *      nstrtok(3) to have a valid buffer in memory.
+ *
+ * Effects:
+ *      [effects]
+ *
+ * Modifies:
+ *      [modifies]
+ *
+ */
+int process_ov_principal(kcontext, fname, filep, verbose, linenop)
+    krb5_context        kcontext;
+    const char          *fname;
+    FILE                *filep;
+    krb5_boolean        verbose;
+    int                 *linenop;
+{
+    XDR                     xdrs;
+    osa_princ_ent_t         rec;
+    krb5_error_code         ret;
+    krb5_tl_data            tl_data;
+    krb5_principal          princ;
+    krb5_db_entry           *kdb = NULL;
+    char                    *current = 0;
+    char                    *cp;
+    unsigned int            x;
+    char                    line[LINESIZE];
+
+    if (fgets(line, LINESIZE, filep) == (char *) NULL) {
+        return IMPORT_BAD_FILE;
+    }
+    if((cp = nstrtok(line, "\t")) == NULL)
+        return IMPORT_BAD_FILE;
+    if((rec = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
+        return ENOMEM;
+    memset(rec, 0, sizeof(osa_princ_ent_rec));
+    if((ret = krb5_parse_name(kcontext, cp, &princ)))
+        goto done;
+    krb5_unparse_name(kcontext, princ, &current);
+    if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret =  IMPORT_FAILED;
+        goto done;
+    } else {
+        if(strcmp(cp, "")) {
+            if((rec->policy = strdup(cp)) == NULL)  {
+                ret = ENOMEM;
+                goto done;
+            }
+        } else rec->policy = NULL;
+    }
+    if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
+    }
+    rec->aux_attributes = strtol(cp, (char  **)NULL, 16);
+    if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
+    }
+    rec->old_key_len = atoi(cp);
+    if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
+    }
+    rec->old_key_next = atoi(cp);
+    if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
+    }
+    rec->admin_history_kvno = atoi(cp);
+    if (! rec->old_key_len) {
+        rec->old_keys = NULL;
+    } else {
+        if(!(rec->old_keys = (osa_pw_hist_ent *)
+             malloc(sizeof(osa_pw_hist_ent) * rec->old_key_len))) {
+            ret = ENOMEM;
+            goto done;
+        }
+        memset(rec->old_keys,0,
+               sizeof(osa_pw_hist_ent) * rec->old_key_len);
+        for(x = 0; x < rec->old_key_len; x++)
+            parse_pw_hist_ent(current, &rec->old_keys[x]);
+    }
+
+    xdralloc_create(&xdrs, XDR_ENCODE);
+    if (! xdr_osa_princ_ent_rec(&xdrs, rec)) {
+        xdr_destroy(&xdrs);
+        ret = KADM5_XDR_FAILURE;
+        goto done;
+    }
+
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+    tl_data.tl_data_length = xdr_getpos(&xdrs);
+    tl_data.tl_data_contents = (krb5_octet *) xdralloc_getdata(&xdrs);
+
+    ret = krb5_db_get_principal(kcontext, princ, 0, &kdb);
+    if (ret)
+        goto done;
+
+    ret = krb5_dbe_update_tl_data(kcontext, kdb, &tl_data);
+    if (ret)
+        goto done;
+
+    ret = krb5_db_put_principal(kcontext, kdb);
+    if (ret)
+        goto done;
+
+    xdr_destroy(&xdrs);
+
+    (*linenop)++;
+
+done:
+    free(current);
+    krb5_free_principal(kcontext, princ);
+    osa_free_princ_ent(rec);
+    krb5_db_free_principal(kcontext, kdb);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/strtok.c b/krb5-1.21.3/src/kadmin/dbutil/strtok.c
new file mode 100644
index 00000000..dee466ae
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/strtok.c
@@ -0,0 +1,105 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+/*
+ * Copyright (c) 1988 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that: (1) source distributions retain this entire copyright
+ * notice and comment, and (2) distributions including binaries display
+ * the following acknowledgement:  ``This product includes software
+ * developed by the University of California, Berkeley and its contributors''
+ * in the documentation or other materials provided with the distribution
+ * and in all advertising materials mentioning features or use of this
+ * software. Neither the name of the University nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "nstrtok.h"
+
+/*
+ * Function: nstrtok
+ *
+ * Purpose: the same as strtok ... just different. does not deal with
+ *          multiple tokens in row.
+ *
+ * Arguments:
+ *      s           (input) string to scan
+ *      delim       (input) list of delimiters
+ *      <return value> string or null on error.
+ *
+ * Requires:
+ *      nuttin
+ *
+ * Effects:
+ *      sets last to string
+ *
+ * Modifies:
+ *      last
+ *
+ */
+
+char *
+nstrtok(s, delim)
+    char *s;
+    const char *delim;
+{
+    const char *spanp;
+    int c, sc;
+    char *tok;
+    static char *last;
+
+
+    if (s == NULL && (s = last) == NULL)
+        return (NULL);
+
+    /*
+     * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
+     */
+#ifdef OLD
+cont:
+    c = *s++;
+    for (spanp = delim; (sc = *spanp++) != 0;) {
+        if (c == sc)
+            goto cont;
+    }
+
+    if (c == 0) {           /* no non-delimiter characters */
+        last = NULL;
+        return (NULL);
+    }
+    tok = s - 1;
+#else
+    tok = s;
+#endif
+
+    /*
+     * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
+     * Note that delim must have one NUL; we stop if we see that, too.
+     */
+    for (;;) {
+        c = *s++;
+        spanp = delim;
+        do {
+            if ((sc = *spanp++) == c) {
+                if (c == 0)
+                    s = NULL;
+                else
+                    s[-1] = 0;
+                last = s;
+                return (tok);
+            }
+        } while (sc != 0);
+    }
+    /* NOTREACHED */
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/t_tdumputil.c b/krb5-1.21.3/src/kadmin/dbutil/t_tdumputil.c
new file mode 100644
index 00000000..a9ed0e54
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/t_tdumputil.c
@@ -0,0 +1,115 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/t_tdumputil.c - test tdumputil.c functions */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "tdumputil.h"
+
+static char *argv0;
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+            "usage: %s: [-T rectype] [-c] nfields {fieldnames} {fields}\n",
+            argv0);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    int ch, csv = 0, i, nf;
+    char **a, *rectype = NULL;
+    struct rechandle *h;
+
+    argv0 = argv[0];
+    while ((ch = getopt(argc, argv, "T:c")) != -1) {
+        switch (ch) {
+        case 'T':
+            rectype = optarg;
+            break;
+        case 'c':
+            csv = 1;
+            break;
+        default:
+            usage();
+            break;
+        }
+    }
+    argc -= optind;
+    argv += optind;
+
+    if (csv)
+        h = rechandle_csv(stdout, rectype);
+    else
+        h = rechandle_tabsep(stdout, rectype);
+    if (h == NULL)
+        exit(1);
+
+    if (*argv == NULL)
+        usage();
+    nf = atoi(*argv);
+    argc--;
+    argv++;
+    a = calloc(nf + 1, sizeof(*a));
+    if (a == NULL)
+        exit(1);
+
+    for (i = 0; argv[i] != NULL && i < nf; i++)
+        a[i] = argv[i];
+    if (i != nf)
+        usage();
+    argv += nf;
+    a[nf] = NULL;
+
+    if (rectype == NULL && writeheader(h, a) < 0)
+        exit(1);
+    free(a);
+
+    while (*argv != NULL) {
+        if (startrec(h) < 0)
+            exit(1);
+        for (i = 0; argv[i] != NULL && i < nf; i++) {
+            if (writefield(h, "%s", argv[i]) < 0)
+                exit(1);
+        }
+        if (i != nf)
+            usage();
+        argv += nf;
+        if (endrec(h) < 0)
+            exit(1);
+    }
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/t_tdumputil.py b/krb5-1.21.3/src/kadmin/dbutil/t_tdumputil.py
new file mode 100755
index 00000000..47b2aa7a
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/t_tdumputil.py
@@ -0,0 +1,30 @@
+from k5test import *
+from subprocess import *
+
+realm = K5Realm(create_kdb=False)
+
+def compare(s, expected, msg):
+    if s == expected:
+        return
+    print('expected:', repr(expected))
+    print('got:', repr(s))
+    fail(msg)
+
+out = realm.run(['./t_tdumputil', '2', 'field1', 'field2',
+                 'value1', 'value2'])
+expected = 'field1\tfield2\nvalue1\tvalue2\n'
+compare(out, expected, 'tab-separated values')
+
+out = realm.run(['./t_tdumputil', '-c', '2', 'field1', 'field2',
+                 'space value', 'comma,value',
+                 'quote"value', 'quotes""value'])
+expected = 'field1,field2\nspace value,"comma,value"\n' \
+    '"quote""value","quotes""""value"\n'
+compare(out, expected, 'comma-separated values')
+
+out = realm.run(['./t_tdumputil', '-T', 'rectype', '2', 'field1', 'field2',
+                 'value1', 'value2'])
+expected = 'rectype\tvalue1\tvalue2\n'
+compare(out, expected, 'rectype prefixed')
+
+success('tabdump utilities')
diff --git a/krb5-1.21.3/src/kadmin/dbutil/tabdump.c b/krb5-1.21.3/src/kadmin/dbutil/tabdump.c
new file mode 100644
index 00000000..da55c2d7
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/tabdump.c
@@ -0,0 +1,658 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/tabdump.c - reporting-friendly tabular KDB dumps */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "k5-platform.h"        /* for asprintf */
+#include "k5-hex.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <kadm5/admin.h>
+#include <kadm5/server_internal.h>
+
+#include "adm_proto.h"
+#include "kdb5_util.h"
+#include "tdumputil.h"
+
+struct tdopts {
+    int csv;                    /* 1 for CSV, 0 for tab-separated */
+    int emptyhex_empty;         /* print empty hex strings as "" not "-1" */
+    int numeric;                /* numeric instead of symbolic output */
+    int omitheader;             /* omit field headers */
+    int writerectype;           /* write record type prefix */
+    char *fname;                /* output file name */
+};
+
+struct rec_args;
+
+typedef int (tdump_princ_fn)(struct rec_args *, const char *, krb5_db_entry *);
+typedef int (tdump_policy_fn)(struct rec_args *, const char *,
+                              kadm5_policy_ent_t);
+
+/* Descriptor for a tabdump record type */
+struct tdtype {
+    const char *rectype;
+    char * const *fieldnames;
+    tdump_princ_fn *princ_fn;
+    tdump_policy_fn *policy_fn;
+};
+
+static tdump_princ_fn keydata;
+static tdump_princ_fn keyinfo;
+static tdump_princ_fn princ_flags;
+static tdump_princ_fn princ_lockout;
+static tdump_princ_fn princ_meta;
+static tdump_princ_fn princ_stringattrs;
+static tdump_princ_fn princ_tktpolicy;
+
+static char * const keydata_fields[] = {
+    "name", "keyindex", "kvno", "enctype", "key", "salttype", "salt", NULL
+};
+static char * const keyinfo_fields[] = {
+    "name", "keyindex", "kvno", "enctype", "salttype", "salt", NULL
+};
+static char * const princ_flags_fields[] = {
+    "name", "flag", "value", NULL
+};
+static char * const princ_lockout_fields[] = {
+    "name", "last_success", "last_failed", "fail_count", NULL
+};
+static char * const princ_meta_fields[] = {
+    "name", "modby", "modtime", "lastpwd", "policy", "mkvno", "hist_kvno", NULL
+};
+static char * const princ_stringattrs_fields[] = {
+    "name", "key", "value", NULL
+};
+static char * const princ_tktpolicy_fields[] = {
+    "name", "expiration", "pw_expiration", "max_life", "max_renew_life", NULL
+};
+
+/* Lookup table for tabdump record types */
+static struct tdtype tdtypes[] = {
+    {"keydata", keydata_fields, keydata, NULL},
+    {"keyinfo", keyinfo_fields, keyinfo, NULL},
+    {"princ_flags", princ_flags_fields, princ_flags, NULL},
+    {"princ_lockout", princ_lockout_fields, princ_lockout, NULL},
+    {"princ_meta", princ_meta_fields, princ_meta, NULL},
+    {"princ_stringattrs", princ_stringattrs_fields, princ_stringattrs, NULL},
+    {"princ_tktpolicy", princ_tktpolicy_fields, princ_tktpolicy, NULL},
+};
+#define NTDTYPES (sizeof(tdtypes)/sizeof(tdtypes[0]))
+
+/* State to pass to KDB iterator */
+struct rec_args {
+    FILE *f;
+    struct tdtype *tdtype;
+    struct rechandle *rh;
+    struct tdopts *opts;
+};
+
+/* Decode the KADM_DATA from a DB entry.*/
+static int
+get_adb(krb5_db_entry *dbe, osa_princ_ent_rec *adb)
+{
+    XDR xdrs;
+    int success;
+    krb5_tl_data tl_data;
+    krb5_error_code ret;
+
+    memset(adb, 0, sizeof(*adb));
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+    ret = krb5_dbe_lookup_tl_data(util_context, dbe, &tl_data);
+    if (ret != 0 || tl_data.tl_data_length == 0)
+        return 0;
+    xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents,
+                  tl_data.tl_data_length, XDR_DECODE);
+    success = xdr_osa_princ_ent_rec(&xdrs, adb);
+    xdr_destroy(&xdrs);
+    return success;
+}
+
+/* Write a date field as an ISO 8601 UTC date/time representation. */
+static int
+write_date_iso(struct rec_args *args, krb5_timestamp when)
+{
+    char buf[64];
+    time_t t;
+    struct tm *tm = NULL;
+    struct rechandle *h = args->rh;
+
+    t = ts2tt(when);
+    tm = gmtime(&t);
+    if (tm == NULL) {
+        errno = EINVAL;
+        return -1;
+    }
+    if (strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%SZ", tm) == 0) {
+        errno = EINVAL;
+        return -1;
+    }
+    if (writefield(h, "%s", buf) < 0)
+        return -1;
+    return 0;
+}
+
+/* Write a date field, optionally as a decimal POSIX timestamp. */
+static int
+write_date(struct rec_args *args, krb5_timestamp when)
+{
+    struct tdopts *opts = args->opts;
+    struct rechandle *h = args->rh;
+
+    if (opts->numeric)
+        return writefield(h, "%d", when);
+
+    return write_date_iso(args, when);
+}
+
+/* Write an enctype field, optionally as decimal. */
+static krb5_error_code
+write_enctype(struct rec_args *args, krb5_int16 etype)
+{
+    char buf[256];
+    krb5_error_code ret;
+    struct rechandle *h = args->rh;
+    struct tdopts *opts = args->opts;
+
+    if (!opts->numeric) {
+        ret = krb5_enctype_to_name(etype, 0, buf, sizeof(buf));
+        if (ret == 0) {
+            if (writefield(h, "%s", buf) < 0)
+                return errno;
+            return ret;
+        }
+    }
+    /* decimal if requested, or if conversion failed */
+    if (writefield(h, "%d", etype) < 0)
+        return errno;
+    return 0;
+}
+
+/* Write a salttype field, optionally as decimal. */
+static krb5_error_code
+write_salttype(struct rec_args *args, krb5_int16 salttype)
+{
+    char buf[256];
+    krb5_error_code ret;
+    struct rechandle *h = args->rh;
+    struct tdopts *opts = args->opts;
+
+    if (!opts->numeric) {
+        ret = krb5_salttype_to_string(salttype, buf, sizeof(buf));
+        if (ret == 0) {
+            if (writefield(h, "%s", buf) < 0)
+                return errno;
+            return ret;
+        }
+    }
+    /* decimal if requested, or if conversion failed */
+    if (writefield(h, "%d", salttype) < 0)
+        return errno;
+    return 0;
+}
+
+/*
+ * Write a field of bytes from krb5_data as a hexadecimal string.  Write empty
+ * strings as "-1" unless requested.
+ */
+static int
+write_data(struct rec_args *args, krb5_data *data)
+{
+    int ret;
+    char *hex;
+    struct rechandle *h = args->rh;
+    struct tdopts *opts = args->opts;
+
+    if (data->length == 0 && !opts->emptyhex_empty) {
+        if (writefield(h, "-1") < 0)
+            return -1;
+        return 0;
+    }
+
+    ret = k5_hex_encode(data->data, data->length, FALSE, &hex);
+    if (ret) {
+        errno = ret;
+        return -1;
+    }
+
+    ret = writefield(h, "%s", hex);
+    free(hex);
+    return ret;
+}
+
+/* Write a single record of a keydata/keyinfo key set. */
+static krb5_error_code
+keyinfo_rec(struct rec_args *args, const char *name, int i, krb5_key_data *kd,
+            int dumpkeys)
+{
+    int ret;
+    krb5_data data;
+    struct rechandle *h = args->rh;
+
+    if (startrec(h) < 0)
+        return errno;
+    if (writefield(h, "%s", name) < 0)
+        return errno;
+    if (writefield(h, "%d", i) < 0)
+        return errno;
+    if (writefield(h, "%d", kd->key_data_kvno) < 0)
+        return errno;
+    if (write_enctype(args, kd->key_data_type[0]) < 0)
+        return errno;
+    if (dumpkeys) {
+        data.length = kd->key_data_length[0];
+        data.data = (void *)kd->key_data_contents[0];
+        if (write_data(args, &data) < 0)
+            return errno;
+    }
+    ret = write_salttype(args, kd->key_data_type[1]);
+    if (ret)
+        return ret;
+    data.length = kd->key_data_length[1];
+    data.data = (void *)kd->key_data_contents[1];
+    if (write_data(args, &data) < 0)
+        return errno;
+    if (endrec(h) < 0)
+        return errno;
+    return 0;
+}
+
+/* Write out a principal's key set, optionally including actual key data. */
+static krb5_error_code
+keyinfo_common(struct rec_args *args, const char *name, krb5_db_entry *entry,
+               int dumpkeys)
+{
+    krb5_error_code ret;
+    krb5_key_data kd;
+    int i;
+
+    for (i = 0; i < entry->n_key_data; i++) {
+        kd = entry->key_data[i];
+        /* missing salt data -> normal salt */
+        if (kd.key_data_ver == 1) {
+            kd.key_data_ver = 2;
+            kd.key_data_type[1] = KRB5_KDB_SALTTYPE_NORMAL;
+            kd.key_data_length[1] = 0;
+            kd.key_data_contents[1] = NULL;
+        }
+        ret = keyinfo_rec(args, name, i, &kd, dumpkeys);
+        if (ret)
+            return ret;
+    }
+    return 0;
+}
+
+/* Write a principal's key data. */
+static krb5_error_code
+keydata(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    return keyinfo_common(args, name, dbe, 1);
+}
+
+/* Write a principal's key info (suppressing actual key data). */
+static krb5_error_code
+keyinfo(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    return keyinfo_common(args, name, dbe, 0);
+}
+
+/* Write a record corresponding to a single principal flag setting. */
+static krb5_error_code
+princflag_rec(struct rechandle *h, const char *name, const char *flagname,
+              int set)
+{
+    if (startrec(h) < 0)
+        return errno;
+    if (writefield(h, "%s", name) < 0)
+        return errno;
+    if (writefield(h, "%s", flagname) < 0)
+        return errno;
+    if (writefield(h, "%d", set) < 0)
+        return errno;
+    if (endrec(h) < 0)
+        return errno;
+    return 0;
+}
+
+/* Write a principal's flag settings. */
+static krb5_error_code
+princ_flags(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    int i;
+    char *s = NULL;
+    krb5_flags flags = dbe->attributes;
+    krb5_error_code ret;
+    struct tdopts *opts = args->opts;
+    struct rechandle *h = args->rh;
+
+    for (i = 0; i < 32; i++) {
+        if (opts->numeric) {
+            if (asprintf(&s, "0x%08lx", 1UL << i) == -1)
+                return ENOMEM;
+        } else {
+            ret = krb5_flagnum_to_string(i, &s);
+            if (ret)
+                return ret;
+            /* Don't print unknown flags if they're not set and numeric output
+             * isn't requested. */
+            if (!(flags & (1UL << i)) && strncmp(s, "0x", 2) == 0) {
+                free(s);
+                continue;
+            }
+        }
+        ret = princflag_rec(h, name, s, ((flags & (1UL << i)) != 0));
+        free(s);
+        if (ret)
+            return ret;
+    }
+    return 0;
+}
+
+/* Write a principal's lockout data. */
+static krb5_error_code
+princ_lockout(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    struct rechandle *h = args->rh;
+
+    if (startrec(h) < 0)
+        return errno;
+    if (writefield(h, "%s", name) < 0)
+        return errno;
+    if (write_date(args, dbe->last_success) < 0)
+        return errno;
+    if (write_date(args, dbe->last_failed) < 0)
+        return errno;
+    if (writefield(h, "%d", dbe->fail_auth_count) < 0)
+        return errno;
+    if (endrec(h) < 0)
+        return errno;
+    return 0;
+}
+
+/* Write a principal's metadata. */
+static krb5_error_code
+princ_meta(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    int got_adb = 0;
+    char *modby;
+    krb5_kvno mkvno;
+    const char *policy;
+    krb5_principal mod_princ = NULL;
+    krb5_timestamp mod_time, last_pwd;
+    krb5_error_code ret;
+    osa_princ_ent_rec adb;
+    struct rechandle *h = args->rh;
+
+    memset(&adb, 0, sizeof(adb));
+    if (startrec(h) < 0)
+        return errno;
+    if (writefield(h, "%s", name) < 0)
+        return errno;
+
+    ret = krb5_dbe_lookup_last_pwd_change(util_context, dbe, &last_pwd);
+    if (ret)
+        return ret;
+    ret = krb5_dbe_get_mkvno(util_context, dbe, &mkvno);
+    if (ret)
+        return ret;
+
+    ret = krb5_dbe_lookup_mod_princ_data(util_context, dbe, &mod_time,
+                                         &mod_princ);
+    if (ret)
+        return ret;
+    ret = krb5_unparse_name(util_context, mod_princ, &modby);
+    krb5_free_principal(util_context, mod_princ);
+    if (ret)
+        return ret;
+    ret = writefield(h, "%s", modby);
+    krb5_free_unparsed_name(util_context, modby);
+    if (ret < 0)
+        return errno;
+
+    if (write_date(args, mod_time) < 0)
+        return errno;
+    if (write_date(args, last_pwd) < 0)
+        return errno;
+
+    got_adb = get_adb(dbe, &adb);
+    if (got_adb && adb.policy != NULL)
+        policy = adb.policy;
+    else
+        policy = "";
+    ret = writefield(h, "%s", policy);
+    if (ret < 0) {
+        ret = errno;
+        goto cleanup;
+    }
+    if (writefield(h, "%d", mkvno) < 0) {
+        ret = errno;
+        goto cleanup;
+    }
+    if (writefield(h, "%d", adb.admin_history_kvno) < 0) {
+        ret = errno;
+        goto cleanup;
+    }
+    if (endrec(h) < 0)
+        ret = errno;
+    else
+        ret = 0;
+
+cleanup:
+    kdb_free_entry(NULL, NULL, &adb);
+    return ret;
+}
+
+/* Write a principal's string attributes. */
+static krb5_error_code
+princ_stringattrs(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    int i, nattrs;
+    krb5_error_code ret;
+    krb5_string_attr *attrs;
+    struct rechandle *h = args->rh;
+
+    ret = krb5_dbe_get_strings(util_context, dbe, &attrs, &nattrs);
+    if (ret)
+        return ret;
+    for (i = 0; i < nattrs; i++) {
+        if (startrec(h) < 0) {
+            ret = errno;
+            goto cleanup;
+        }
+        if (writefield(h, "%s", name) < 0) {
+            ret = errno;
+            goto cleanup;
+        }
+        if (writefield(h, "%s", attrs[i].key) < 0) {
+            ret = errno;
+            goto cleanup;
+        }
+        if (writefield(h, "%s", attrs[i].value) < 0) {
+            ret = errno;
+            goto cleanup;
+        }
+        if (endrec(h) < 0) {
+            ret = errno;
+            goto cleanup;
+        }
+    }
+cleanup:
+    krb5_dbe_free_strings(util_context, attrs, nattrs);
+    return ret;
+}
+
+/* Write a principal's ticket policy. */
+static krb5_error_code
+princ_tktpolicy(struct rec_args *args, const char *name, krb5_db_entry *dbe)
+{
+    struct rechandle *h = args->rh;
+
+    if (startrec(h) < 0)
+        return errno;
+    if (writefield(h, "%s", name) < 0)
+        return errno;
+    if (write_date(args, dbe->expiration) < 0)
+        return errno;
+    if (write_date(args, dbe->pw_expiration) < 0)
+        return errno;
+    if (writefield(h, "%d", dbe->max_life) < 0)
+        return errno;
+    if (writefield(h, "%d", dbe->max_renewable_life) < 0)
+        return errno;
+    if (endrec(h) < 0)
+        return errno;
+    return 0;
+}
+
+/* Iterator function for krb5_db_iterate() */
+static krb5_error_code
+tditer(void *ptr, krb5_db_entry *entry)
+{
+    krb5_error_code ret;
+    struct rec_args *args = ptr;
+    char *name;
+
+    ret = krb5_unparse_name(util_context, entry->princ, &name);
+    if (ret) {
+        com_err(progname, ret, _("while unparsing principal name"));
+        return ret;
+    }
+    ret = args->tdtype->princ_fn(args, name, entry);
+    krb5_free_unparsed_name(util_context, name);
+    if (ret)
+        return ret;
+    return 0;
+}
+
+/* Set up state structure for the iterator. */
+static krb5_error_code
+setup_args(struct rec_args *args, struct tdtype *tdtype,
+             struct tdopts *opts)
+{
+    FILE *f = NULL;
+    const char *rectype = NULL;
+    struct rechandle *rh;
+
+    args->tdtype = tdtype;
+    args->opts = opts;
+    if (opts->fname != NULL && strcmp(opts->fname, "-") != 0) {
+        f = fopen(opts->fname, "w");
+        if (f == NULL) {
+            com_err(progname, errno, _("opening %s for writing"),
+                    opts->fname);
+            return errno;
+        }
+        args->f = f;
+    } else {
+        f = stdout;
+        args->f = NULL;
+    }
+    if (opts->writerectype)
+        rectype = tdtype->rectype;
+    if (opts->csv)
+        rh = rechandle_csv(f, rectype);
+    else
+        rh = rechandle_tabsep(f, rectype);
+    if (rh == NULL)
+        return ENOMEM;
+    args->rh = rh;
+    if (!opts->omitheader && writeheader(rh, tdtype->fieldnames) < 0)
+        return errno;
+    return 0;
+}
+
+/* Clean up the state structure. */
+static void
+cleanup_args(struct rec_args *args)
+{
+    rechandle_free(args->rh);
+    if (args->f != NULL)
+        fclose(args->f);
+}
+
+void
+tabdump(int argc, char **argv)
+{
+    int ch;
+    size_t i;
+    const char *rectype;
+    struct rec_args args;
+    struct tdopts opts;
+    krb5_error_code ret;
+
+    memset(&opts, 0, sizeof(opts));
+    memset(&args, 0, sizeof(args));
+    optind = 1;
+    while ((ch = getopt(argc, argv, "Hceno:")) != -1) {
+        switch (ch) {
+        case 'H':
+            opts.omitheader = 1;
+            break;
+        case 'c':
+            opts.csv = 1;
+            break;
+        case 'e':
+            opts.emptyhex_empty = 1;
+            break;
+        case 'n':
+            opts.numeric = 1;
+            break;
+        case 'o':
+            opts.fname = optarg;
+            break;
+        case '?':
+        default:
+            usage();
+            break;
+        }
+    }
+    if (argc - optind < 1)
+        usage();
+    rectype = argv[optind];
+    for (i = 0; i < NTDTYPES; i++) {
+        if (strcmp(rectype, tdtypes[i].rectype) == 0) {
+            setup_args(&args, &tdtypes[i], &opts);
+            break;
+        }
+    }
+    if (i >= NTDTYPES)
+        usage();
+    ret = krb5_db_iterate(util_context, NULL, tditer, &args, 0);
+    cleanup_args(&args);
+    if (ret) {
+        com_err(progname, ret, _("performing tabular dump"));
+        exit_status++;
+    }
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/tdumputil.c b/krb5-1.21.3/src/kadmin/dbutil/tdumputil.c
new file mode 100644
index 00000000..076cfa97
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/tdumputil.c
@@ -0,0 +1,266 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/tdumputil.c - utilities for tab-separated, etc. files */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-platform.h"        /* for vasprintf */
+#include <assert.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "tdumputil.h"
+
+/*
+ * Structure describing flavor of a tabular output format.
+ *
+ * fieldsep is the field separator
+ *
+ * recordsep is the record/line separator
+ *
+ * quotechar begins and ends a quoted field.  If an instance of quotechar
+ * occurs within a quoted field value, it is doubled.
+ *
+ * Values are only quoted if they contain fieldsep, recordsep, or quotechar.
+ */
+struct flavor {
+    int fieldsep;               /* field separator */
+    int recordsep;              /* record separator */
+    int quotechar;              /* quote character */
+};
+
+struct rechandle {
+    FILE *fh;
+    const char *rectype;
+    int do_sep;
+    struct flavor flavor;
+};
+
+static const struct flavor tabsep = {
+    '\t',                       /* fieldsep */
+    '\n',                       /* recordsep */
+    '\0'                        /* quotechar */
+};
+
+static const struct flavor csv = {
+    ',',                        /* fieldsep */
+    '\n',                       /* recordsep */
+    '"'                         /* quotechar */
+};
+
+/*
+ * Double any quote characters present in a quoted field.
+ */
+static char *
+qquote(struct flavor *fl, const char *s)
+{
+    const char *sp;
+    struct k5buf buf;
+
+    k5_buf_init_dynamic(&buf);
+    for (sp = s; *sp != '\0'; sp++) {
+        k5_buf_add_len(&buf, sp, 1);
+        if (*sp == fl->quotechar)
+            k5_buf_add_len(&buf, sp, 1);
+    }
+    return k5_buf_cstring(&buf);
+}
+
+/*
+ * Write an optionally quoted field.
+ */
+static int
+writequoted(struct rechandle *h, const char *fmt, va_list ap)
+{
+    int doquote = 0, ret;
+    char *s = NULL, *qs = NULL;
+    struct flavor fl = h->flavor;
+
+    assert(fl.quotechar != '\0');
+    ret = vasprintf(&s, fmt, ap);
+    if (ret < 0)
+        return ret;
+    if (strchr(s, fl.fieldsep) != NULL)
+        doquote = 1;
+    if (strchr(s, fl.recordsep) != NULL)
+        doquote = 1;
+    if (strchr(s, fl.quotechar) != NULL)
+        doquote = 1;
+
+    if (doquote) {
+        qs = qquote(&fl, s);
+        if (qs == NULL) {
+            ret = -1;
+            goto cleanup;
+        }
+        ret = fprintf(h->fh, "%c%s%c", fl.quotechar, qs, fl.quotechar);
+    } else {
+        ret = fprintf(h->fh, "%s", s);
+    }
+cleanup:
+    free(s);
+    free(qs);
+    return ret;
+}
+
+/*
+ * Return a rechandle with the requested file handle and rectype.
+ *
+ * rectype must be a valid pointer for the entire lifetime of the rechandle (or
+ * null)
+ */
+static struct rechandle *
+rechandle_common(FILE *fh, const char *rectype)
+{
+    struct rechandle *h = calloc(1, sizeof(*h));
+
+    if (h == NULL)
+        return NULL;
+    h->fh = fh;
+    h->rectype = rectype;
+    h->do_sep = 0;
+    return h;
+}
+
+/*
+ * Return a rechandle for tab-separated output.
+ */
+struct rechandle *
+rechandle_tabsep(FILE *fh, const char *rectype)
+{
+    struct rechandle *h = rechandle_common(fh, rectype);
+
+    if (h == NULL)
+        return NULL;
+    h->flavor = tabsep;
+    return h;
+}
+
+/*
+ * Return a rechandle for CSV output.
+ */
+struct rechandle *
+rechandle_csv(FILE *fh, const char *rectype)
+{
+    struct rechandle *h = rechandle_common(fh, rectype);
+
+    if (h == NULL)
+        return NULL;
+    h->flavor = csv;
+    return h;
+}
+
+/*
+ * Free a rechandle.
+ */
+void
+rechandle_free(struct rechandle *h)
+{
+    free(h);
+}
+
+/*
+ * Start a record.  This includes writing a record type prefix (rectype) if
+ * specified.
+ */
+int
+startrec(struct rechandle *h)
+{
+    if (h->rectype == NULL) {
+        h->do_sep = 0;
+        return 0;
+    }
+    h->do_sep = 1;
+    return fputs(h->rectype, h->fh);
+}
+
+/*
+ * Write a single field of a record.  This includes writing a separator
+ * character, if appropriate.
+ */
+int
+writefield(struct rechandle *h, const char *fmt, ...)
+{
+    int ret = 0;
+    va_list ap;
+    struct flavor fl = h->flavor;
+
+    if (h->do_sep) {
+        ret = fputc(fl.fieldsep, h->fh);
+        if (ret < 0)
+            return ret;
+    }
+    h->do_sep = 1;
+    va_start(ap, fmt);
+    if (fl.quotechar == '\0')
+        ret = vfprintf(h->fh, fmt, ap);
+    else
+        ret = writequoted(h, fmt, ap);
+    va_end(ap);
+    return ret;
+}
+
+/*
+ * Finish a record (line).
+ */
+int
+endrec(struct rechandle *h)
+{
+    int ret = 0;
+    struct flavor fl = h->flavor;
+
+    ret = fputc(fl.recordsep, h->fh);
+    h->do_sep = 0;
+    return ret;
+}
+
+/*
+ * Write a header line if h->rectype is null.  (If rectype is set, it will be
+ * prefixed to output lines, most likely in a mixed record type output file, so
+ * it doesn't make sense to output a header line in that case.)
+ */
+int
+writeheader(struct rechandle *h, char * const *a)
+{
+    int ret = 0;
+    char * const *p;
+
+    if (h->rectype != NULL)
+        return 0;
+    for (p = a; *p != NULL; p++) {
+        ret = writefield(h, "%s", *p);
+        if (ret < 0)
+            return ret;
+    }
+    ret = endrec(h);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/kadmin/dbutil/tdumputil.h b/krb5-1.21.3/src/kadmin/dbutil/tdumputil.h
new file mode 100644
index 00000000..b7437310
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/dbutil/tdumputil.h
@@ -0,0 +1,51 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/tdumputil.h - utilities for tab-separated, etc. files */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TDUMPUTIL_H
+#define TDUMPUTIL_H
+
+struct rechandle;
+
+struct rechandle *rechandle_csv(FILE *, const char *);
+struct rechandle *rechandle_tabsep(FILE *, const char *);
+void rechandle_free(struct rechandle *);
+
+int startrec(struct rechandle *);
+int writefield(struct rechandle *, const char *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 3)))
+#endif
+    ;
+int endrec(struct rechandle *);
+int writeheader(struct rechandle *, char * const *);
+
+#endif /* TDUMPUTIL_H */
diff --git a/krb5-1.21.3/src/kadmin/deps b/krb5-1.21.3/src/kadmin/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/kadmin/kdbkeys/Makefile.in b/krb5-1.21.3/src/kadmin/kdbkeys/Makefile.in
new file mode 100644
index 00000000..996febd8
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/kdbkeys/Makefile.in
@@ -0,0 +1,16 @@
+mydir=.
+BUILDTOP=$(REL)..$(S)..
+
+PROG = kdbkeys
+OBJS = kdbkeys.o
+
+all: $(PROG)
+
+$(PROG): $(OBJS)
+	$(CC) $(LDFLAGS) -o $(PROG) $(OBJS) $(LIBS)
+
+install:
+	$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
+
+clean:
+	$(RM) $(PROG) $(OBJS)
diff --git a/krb5-1.21.3/src/kadmin/kdbkeys/do-test.pl b/krb5-1.21.3/src/kadmin/kdbkeys/do-test.pl
new file mode 100755
index 00000000..7acb425f
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/kdbkeys/do-test.pl
@@ -0,0 +1,56 @@
+#!/afs/athena/contrib/perl/p
+
+#
+# $Id$
+#
+
+$debug = $ARGV[1] || $ENV{'VERBOSE_TEST'};
+
+die "Need a number.\n" if !$ARGV[0];
+
+die "Neither \$TOP nor \$TESTDIR is set.\n" 
+    if (! ($ENV{'TOP'} || $ENV{'TESTDIR'}));
+
+$TESTDIR = ($ENV{'TESTDIR'} || "$ENV{'TOP'}/testing");
+$INITDB = ($ENV{'INITDB'} || "$TESTDIR/scripts/init_db");
+
+for ($i=0; $i<$ARGV[0]; $i++) {
+    print "Trial $i\n" if $debug;
+
+    system("$INITDB > /dev/null 2>&1") &&
+	die "Error in init_db\n";
+
+    open(KEYS,"../dbutil/kdb5_util -R dump_db|") ||
+	die "Couldn't run kdb5_util: $!\n";
+    chop($header = <KEYS>);
+    if ($header ne "kdb5_util load_dump version 4") {
+	die "Cannot operate on dump version \"$header\"; version 4 required.";
+    }
+    while(<KEYS>) {
+	next if ((!/^princ.*kadmin\//) && (!/^princ.*krbtgt/));
+
+	print if $debug > 1;
+
+	split;
+
+	$princ = $_[6];
+	$nkeys = $_[4];
+	$ntls = $_[3];
+	print "$princ: nkeys $nkeys, ntls $ntls\n" if $debug;
+	for ($j = 15 + $ntls*3; $nkeys > 0; $nkeys--) {
+	    $ver = $_[$j++];
+	    $kvno = $_[$j++];
+	    $keytype = $_[$j++];
+	    $keylen = $_[$j++];
+	    $keydata = $_[$j++];
+	    $j += 3 if ($ver > 1);
+
+	    print "$princ, ver $ver, kvno $kvno, type $keytype, len $keylen, "
+		. "data $keydata\n" if $debug;
+	    
+	    die "Duplicated key $princ = $keydata\n" if
+		$keys{$keydata}++;
+	}
+    }
+    close(KEYS);
+}
diff --git a/krb5-1.21.3/src/kadmin/ktutil/Makefile.in b/krb5-1.21.3/src/kadmin/ktutil/Makefile.in
new file mode 100644
index 00000000..f8f9b411
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/ktutil/Makefile.in
@@ -0,0 +1,30 @@
+mydir=kadmin$(S)ktutil
+BUILDTOP=$(REL)..$(S)..
+
+OBJS= 	ktutil.o \
+	ktutil_ct.o \
+	ktutil_funcs.o
+
+SRCS= 	$(srcdir)/ktutil.c \
+	ktutil_ct.c \
+	$(srcdir)/ktutil_funcs.c
+
+all: ktutil
+
+ktutil: ktutil.o $(OBJS) $(SS_DEPLIB) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o ktutil $(OBJS) $(SS_LIB) $(KRB5_BASE_LIBS)
+
+install:
+	$(INSTALL_PROGRAM) ktutil ${DESTDIR}$(CLIENT_BINDIR)/ktutil
+
+generate-files-mac: ktutil_ct.c
+
+# needed until we run makedepend
+ktutil_ct.c: ktutil_ct.ct
+
+ktutil_ct.o: ktutil_ct.c
+
+clean:
+	$(RM) ktutil_ct.c ktutil
+
+depend: ktutil_ct.c
diff --git a/krb5-1.21.3/src/kadmin/ktutil/deps b/krb5-1.21.3/src/kadmin/ktutil/deps
new file mode 100644
index 00000000..5863e63c
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/ktutil/deps
@@ -0,0 +1,27 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)ktutil.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktutil.c ktutil.h
+$(OUTPRE)ktutil_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \
+  ktutil_ct.c
+$(OUTPRE)ktutil_funcs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ktutil.h ktutil_funcs.c
diff --git a/krb5-1.21.3/src/kadmin/ktutil/ktutil.c b/krb5-1.21.3/src/kadmin/ktutil/ktutil.c
new file mode 100644
index 00000000..92d7023a
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/ktutil/ktutil.c
@@ -0,0 +1,280 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/ktutil/ktutil.c - SS user interface for ktutil */
+/*
+ * Copyright 1995, 1996, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "ktutil.h"
+#include <com_err.h>
+#include <locale.h>
+#include "adm_proto.h"
+#include <ss/ss.h>
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+extern ss_request_table ktutil_cmds;
+krb5_context kcontext;
+krb5_kt_list ktlist = NULL;
+
+int main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+    int sci_idx;
+
+    setlocale(LC_ALL, "");
+    retval = krb5_init_context(&kcontext);
+    if (retval) {
+        com_err(argv[0], retval, _("while initializing krb5"));
+        exit(1);
+    }
+    sci_idx = ss_create_invocation("ktutil", "5.0", (char *)NULL,
+                                   &ktutil_cmds, &retval);
+    if (retval) {
+        ss_perror(sci_idx, retval, _("creating invocation"));
+        exit(1);
+    }
+    retval = ss_listen(sci_idx);
+    ktutil_free_kt_list(kcontext, ktlist);
+    exit(0);
+}
+
+void ktutil_clear_list(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+
+    if (argc != 1) {
+        fprintf(stderr, _("%s: invalid arguments\n"), argv[0]);
+        return;
+    }
+    retval = ktutil_free_kt_list(kcontext, ktlist);
+    if (retval)
+        com_err(argv[0], retval, _("while freeing ktlist"));
+    ktlist = NULL;
+}
+
+void ktutil_read_v5(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+
+    if (argc != 2) {
+        fprintf(stderr, _("%s: must specify keytab to read\n"), argv[0]);
+        return;
+    }
+    retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
+    if (retval)
+        com_err(argv[0], retval, _("while reading keytab \"%s\""), argv[1]);
+}
+
+void ktutil_read_v4(argc, argv)
+    int argc;
+    char *argv[];
+{
+    fprintf(stderr, _("%s: reading srvtabs is no longer supported\n"),
+            argv[0]);
+}
+
+void ktutil_write_v5(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+
+    if (argc != 2) {
+        fprintf(stderr, _("%s: must specify keytab to write\n"), argv[0]);
+        return;
+    }
+    retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
+    if (retval)
+        com_err(argv[0], retval, _("while writing keytab \"%s\""), argv[1]);
+}
+
+void ktutil_write_v4(argc, argv)
+    int argc;
+    char *argv[];
+{
+    fprintf(stderr, _("%s: writing srvtabs is no longer supported\n"),
+            argv[0]);
+}
+
+void ktutil_add_entry(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+    char *princ = NULL;
+    char *enctype = NULL;
+    krb5_kvno kvno = 0;
+    int use_pass = 0, use_key = 0, use_kvno = 0, fetch = 0, i;
+    char *salt = NULL;
+
+    for (i = 1; i < argc; i++) {
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
+            princ = argv[++i];
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
+            kvno = (krb5_kvno) atoi(argv[++i]);
+            use_kvno++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
+            enctype = argv[++i];
+            continue;
+        }
+        if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
+            use_pass++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
+            use_key++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-s", 2)) {
+            salt = argv[++i];
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-f", 2))
+            fetch++;
+    }
+
+    if (princ == NULL || use_pass + use_key != 1 || !use_kvno ||
+        (fetch && salt != NULL)) {
+        fprintf(stderr, _("usage: %s (-key | -password) -p principal "
+                          "-k kvno [-e enctype] [-f|-s salt]\n"), argv[0]);
+        return;
+    }
+    if (!fetch && enctype == NULL) {
+        fprintf(stderr, _("enctype must be specified if not using -f\n"));
+        return;
+    }
+
+    retval = ktutil_add(kcontext, &ktlist, princ, fetch, kvno, enctype,
+                        use_pass, salt);
+    if (retval)
+        com_err(argv[0], retval, _("while adding new entry"));
+}
+
+void ktutil_delete_entry(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+
+    if (argc != 2) {
+        fprintf(stderr, _("%s: must specify entry to delete\n"), argv[0]);
+        return;
+    }
+    retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
+    if (retval)
+        com_err(argv[0], retval, _("while deleting entry %d"), atoi(argv[1]));
+}
+
+void ktutil_list(argc, argv)
+    int argc;
+    char *argv[];
+{
+    krb5_error_code retval;
+    krb5_kt_list lp;
+    int show_time = 0, show_keys = 0, show_enctype = 0;
+    int i;
+    unsigned int j;
+    char *pname;
+
+    for (i = 1; i < argc; i++) {
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
+            show_time++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
+            show_keys++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
+            show_enctype++;
+            continue;
+        }
+
+        fprintf(stderr, _("%s: usage: %s [-t] [-k] [-e]\n"), argv[0], argv[0]);
+        return;
+    }
+    /* XXX Translating would disturb table alignment; skip for now. */
+    if (show_time) {
+        printf("slot KVNO Timestamp         Principal\n");
+        printf("---- ---- ----------------- ---------------------------------------------------\n");
+    } else {
+        printf("slot KVNO Principal\n");
+        printf("---- ---- ---------------------------------------------------------------------\n");
+    }
+    for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
+        retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
+        if (retval) {
+            com_err(argv[0], retval, "while unparsing principal name");
+            return;
+        }
+        printf("%4d %4d ", i, lp->entry->vno);
+        if (show_time) {
+            char fmtbuf[18];
+            char fill;
+            time_t tstamp;
+
+            tstamp = lp->entry->timestamp;
+            lp->entry->timestamp = tstamp;
+            fill = ' ';
+            if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
+                                            timestamp,
+                                            fmtbuf,
+                                            sizeof(fmtbuf),
+                                            &fill))
+                printf("%s ", fmtbuf);
+        }
+        printf("%40s", pname);
+        if (show_enctype) {
+            static char buf[256];
+            if ((retval = krb5_enctype_to_name(lp->entry->key.enctype, FALSE,
+                                               buf, sizeof(buf)))) {
+                com_err(argv[0], retval,
+                        _("While converting enctype to string"));
+                return;
+            }
+            printf(" (%s) ", buf);
+        }
+
+        if (show_keys) {
+            printf(" (0x");
+            for (j = 0; j < lp->entry->key.length; j++)
+                printf("%02x", lp->entry->key.contents[j]);
+            printf(")");
+        }
+        printf("\n");
+        free(pname);
+    }
+}
diff --git a/krb5-1.21.3/src/kadmin/ktutil/ktutil.h b/krb5-1.21.3/src/kadmin/ktutil/ktutil.h
new file mode 100644
index 00000000..acaf0239
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/ktutil/ktutil.h
@@ -0,0 +1,67 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/ktutil/ktutil.h */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+typedef struct _krb5_kt_list {
+    struct _krb5_kt_list *next;
+    krb5_keytab_entry *entry;
+} *krb5_kt_list;
+
+krb5_error_code ktutil_free_kt_list (krb5_context, krb5_kt_list);
+
+krb5_error_code ktutil_delete (krb5_context, krb5_kt_list *, int);
+
+krb5_error_code ktutil_add (krb5_context,
+                            krb5_kt_list *,
+                            char *,
+                            int,
+                            krb5_kvno,
+                            char *,
+                            int,
+                            char *);
+
+krb5_error_code ktutil_read_keytab (krb5_context,
+                                    char *,
+                                    krb5_kt_list *);
+
+krb5_error_code ktutil_write_keytab (krb5_context,
+                                     krb5_kt_list,
+                                     char *);
+
+void ktutil_add_entry (int, char *[]);
+
+void ktutil_clear_list (int, char *[]);
+
+void ktutil_read_v5 (int, char *[]);
+
+void ktutil_read_v4 (int, char *[]);
+
+void ktutil_write_v5 (int, char *[]);
+
+void ktutil_write_v4 (int, char *[]);
+
+void ktutil_delete_entry (int, char *[]);
+
+void ktutil_list (int, char *[]);
diff --git a/krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.ct b/krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.ct
new file mode 100644
index 00000000..2061ef9d
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.ct
@@ -0,0 +1,59 @@
+# Copyright 1995 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+# 
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+# 
+# Command table for ktutil
+#
+
+command_table ktutil_cmds;
+
+request ktutil_clear_list, "Clear the current keylist.",
+	clear_list, clear;
+
+request ktutil_read_v5, "Read a krb5 keytab into the current keylist.",
+	read_kt, rkt;
+
+request ktutil_read_v4, "Deprecated and removed.",
+	read_st, rst;
+
+request ktutil_write_v5, "Write the current keylist to a krb5 keytab.",
+	write_kt, wkt;
+
+request ktutil_write_v4, "Deprecated and removed.",
+	write_st, wst;
+
+request ktutil_add_entry, "Add an entry to the current keylist.",
+	add_entry, addent;
+
+request ktutil_delete_entry, "Delete an entry from the current keylist.",
+	delete_entry, delent;
+
+request ktutil_list, "List the current keylist.",
+	list, l;
+
+request ss_list_requests, "List available requests.",
+	list_requests, lr, "?";
+
+request ss_quit, "Exit program.",
+	quit, exit, q;
+
+end;
diff --git a/krb5-1.21.3/src/kadmin/ktutil/ktutil_funcs.c b/krb5-1.21.3/src/kadmin/ktutil/ktutil_funcs.c
new file mode 100644
index 00000000..56bed1bb
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/ktutil/ktutil_funcs.c
@@ -0,0 +1,371 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/ktutil/ktutil_funcs.c */
+/*
+ *(C) Copyright 1995, 1996 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Utility functions for ktutil.
+ */
+
+#include "k5-int.h"
+#include "k5-hex.h"
+#include "ktutil.h"
+#include <string.h>
+#include <ctype.h>
+
+/*
+ * Free a kt_list
+ */
+krb5_error_code ktutil_free_kt_list(context, list)
+    krb5_context context;
+    krb5_kt_list list;
+{
+    krb5_kt_list lp, prev;
+    krb5_error_code retval = 0;
+
+    for (lp = list; lp;) {
+        retval = krb5_kt_free_entry(context, lp->entry);
+        free(lp->entry);
+        if (retval)
+            break;
+        prev = lp;
+        lp = lp->next;
+        free(prev);
+    }
+    return retval;
+}
+
+/*
+ * Delete a numbered entry in a kt_list.  Takes a pointer to a kt_list
+ * in case head gets deleted.
+ */
+krb5_error_code ktutil_delete(context, list, idx)
+    krb5_context context;
+    krb5_kt_list *list;
+    int idx;
+{
+    krb5_kt_list lp, prev;
+    int i;
+
+    for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) {
+        if (i == idx) {
+            if (i == 1)
+                *list = lp->next;
+            else
+                prev->next = lp->next;
+            lp->next = NULL;
+            return ktutil_free_kt_list(context, lp);
+        }
+    }
+    return EINVAL;
+}
+
+/*
+ * Determine the enctype, salt, and s2kparams for princ based on the presence
+ * of the -f flag (fetch), the optionally specified salt string, and the
+ * optionally specified enctype.  If the fetch flag is used, salt_str must not
+ * be given; if the fetch flag is not used, the enctype must be given.
+ */
+static krb5_error_code
+get_etype_info(krb5_context context, krb5_principal princ, int fetch,
+               char *salt_str, krb5_enctype *enctype_inout,
+               krb5_data *salt_out, krb5_data *s2kparams_out)
+{
+    krb5_error_code retval;
+    krb5_enctype enctype;
+    krb5_get_init_creds_opt *opt = NULL;
+    krb5_data salt;
+
+    *salt_out = empty_data();
+    *s2kparams_out = empty_data();
+
+    if (!fetch) {
+        /* Use the specified enctype and either the specified or default salt.
+         * Do not produce s2kparams. */
+        assert(*enctype_inout != ENCTYPE_NULL);
+        if (salt_str != NULL) {
+            salt = string2data(salt_str);
+            return krb5int_copy_data_contents(context, &salt, salt_out);
+        } else {
+            return krb5_principal2salt(context, princ, salt_out);
+        }
+    }
+
+    /* Get etype-info from the KDC. */
+    assert(salt_str == NULL);
+    if (*enctype_inout != ENCTYPE_NULL) {
+        retval = krb5_get_init_creds_opt_alloc(context, &opt);
+        if (retval)
+            return retval;
+        krb5_get_init_creds_opt_set_etype_list(opt, enctype_inout, 1);
+    }
+    retval = krb5_get_etype_info(context, princ, opt, &enctype, salt_out,
+                                 s2kparams_out);
+    krb5_get_init_creds_opt_free(context, opt);
+    if (retval)
+        return retval;
+    if (enctype == ENCTYPE_NULL)
+        return KRB5KDC_ERR_ETYPE_NOSUPP;
+
+    *enctype_inout = enctype;
+    return 0;
+}
+
+/*
+ * Create a new keytab entry and add it to the keytab list.
+ * Based on the value of use_pass, either prompt the user for a
+ * password or key.  If the keytab list is NULL, allocate a new
+ * one first.
+ */
+krb5_error_code ktutil_add(context, list, princ_str, fetch, kvno,
+                           enctype_str, use_pass, salt_str)
+    krb5_context context;
+    krb5_kt_list *list;
+    char *princ_str;
+    int fetch;
+    krb5_kvno kvno;
+    char *enctype_str;
+    int use_pass;
+    char *salt_str;
+{
+    krb5_keytab_entry *entry = NULL;
+    krb5_kt_list lp, *last;
+    krb5_principal princ;
+    krb5_enctype enctype = ENCTYPE_NULL;
+    krb5_timestamp now;
+    krb5_error_code retval;
+    krb5_data password = empty_data(), salt = empty_data();
+    krb5_data params = empty_data(), *s2kparams;
+    krb5_keyblock key;
+    char buf[BUFSIZ];
+    char promptstr[1024];
+    char *princ_full = NULL;
+    uint8_t *keybytes;
+    size_t keylen;
+    unsigned int pwsize = BUFSIZ;
+
+    retval = krb5_parse_name(context, princ_str, &princ);
+    if (retval)
+        goto cleanup;
+    /* now unparse in order to get the default realm appended
+       to princ_str, if no realm was specified */
+    retval = krb5_unparse_name(context, princ, &princ_full);
+    if (retval)
+        goto cleanup;
+    if (enctype_str != NULL) {
+        retval = krb5_string_to_enctype(enctype_str, &enctype);
+        if (retval) {
+            retval = KRB5_BAD_ENCTYPE;
+            goto cleanup;
+        }
+    }
+    retval = krb5_timeofday(context, &now);
+    if (retval)
+        goto cleanup;
+
+    entry = k5alloc(sizeof(*entry), &retval);
+    if (entry == NULL)
+        goto cleanup;
+
+    if (use_pass) {
+        retval = alloc_data(&password, pwsize);
+        if (retval)
+            goto cleanup;
+
+        snprintf(promptstr, sizeof(promptstr), _("Password for %.1000s"),
+                 princ_full);
+        retval = krb5_read_password(context, promptstr, NULL, password.data,
+                                    &password.length);
+        if (retval)
+            goto cleanup;
+
+        retval = get_etype_info(context, princ, fetch, salt_str,
+                                &enctype, &salt, &params);
+        if (retval)
+            goto cleanup;
+        s2kparams = (params.length > 0) ? &params : NULL;
+        retval = krb5_c_string_to_key_with_params(context, enctype, &password,
+                                                  &salt, s2kparams, &key);
+        if (retval)
+            goto cleanup;
+        entry->key = key;
+    } else {
+        printf(_("Key for %s (hex): "), princ_full);
+        fgets(buf, BUFSIZ, stdin);
+        /*
+         * We need to get rid of the trailing '\n' from fgets.
+         * If we have an even number of hex digits (as we should),
+         * write a '\0' over the '\n'.  If for some reason we have
+         * an odd number of hex digits, force an even number of hex
+         * digits by writing a '0' into the last position (the string
+         * will still be null-terminated).
+         */
+        buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
+        if (strlen(buf) == 0) {
+            fprintf(stderr, _("addent: Error reading key.\n"));
+            retval = 0;
+            goto cleanup;
+        }
+
+        retval = k5_hex_decode(buf, &keybytes, &keylen);
+        if (retval) {
+            if (retval == EINVAL) {
+                fprintf(stderr, _("addent: Illegal character in key.\n"));
+                retval = 0;
+            }
+            goto cleanup;
+        }
+
+        entry->key.enctype = enctype;
+        entry->key.contents = keybytes;
+        entry->key.length = keylen;
+    }
+    entry->principal = princ;
+    entry->vno = kvno;
+    entry->timestamp = now;
+
+    /* Add entry to the end of the list (or create a new list if empty). */
+    lp = k5alloc(sizeof(*lp), &retval);
+    if (lp == NULL)
+        goto cleanup;
+    lp->next = NULL;
+    lp->entry = entry;
+    entry = NULL;
+    for (last = list; *last != NULL; last = &(*last)->next);
+    *last = lp;
+
+cleanup:
+    krb5_free_keytab_entry_contents(context, entry);
+    free(entry);
+    zapfree(password.data, password.length);
+    krb5_free_data_contents(context, &salt);
+    krb5_free_data_contents(context, &params);
+    krb5_free_unparsed_name(context, princ_full);
+    return retval;
+}
+
+/*
+ * Read in a keytab and append it to list.  If list starts as NULL,
+ * allocate a new one if necessary.
+ */
+krb5_error_code ktutil_read_keytab(context, name, list)
+    krb5_context context;
+    char *name;
+    krb5_kt_list *list;
+{
+    krb5_kt_list lp = NULL, tail = NULL, back = NULL;
+    krb5_keytab kt;
+    krb5_keytab_entry *entry;
+    krb5_kt_cursor cursor;
+    krb5_error_code retval = 0;
+
+    if (*list) {
+        /* point lp at the tail of the list */
+        for (lp = *list; lp->next; lp = lp->next);
+        back = lp;
+    }
+    retval = krb5_kt_resolve(context, name, &kt);
+    if (retval)
+        return retval;
+    retval = krb5_kt_start_seq_get(context, kt, &cursor);
+    if (retval)
+        goto close_kt;
+    for (;;) {
+        entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
+        if (!entry) {
+            retval = ENOMEM;
+            break;
+        }
+        memset(entry, 0, sizeof (*entry));
+        retval = krb5_kt_next_entry(context, kt, entry, &cursor);
+        if (retval)
+            break;
+
+        if (!lp) {              /* if list is empty, start one */
+            lp = (krb5_kt_list)malloc(sizeof (*lp));
+            if (!lp) {
+                retval = ENOMEM;
+                break;
+            }
+        } else {
+            lp->next = (krb5_kt_list)malloc(sizeof (*lp));
+            if (!lp->next) {
+                retval = ENOMEM;
+                break;
+            }
+            lp = lp->next;
+        }
+        if (!tail)
+            tail = lp;
+        lp->next = NULL;
+        lp->entry = entry;
+    }
+    if (entry)
+        free(entry);
+    if (retval) {
+        if (retval == KRB5_KT_END)
+            retval = 0;
+        else {
+            ktutil_free_kt_list(context, tail);
+            tail = NULL;
+            if (back)
+                back->next = NULL;
+        }
+    }
+    if (!*list)
+        *list = tail;
+    krb5_kt_end_seq_get(context, kt, &cursor);
+close_kt:
+    krb5_kt_close(context, kt);
+    return retval;
+}
+
+/*
+ * Takes a kt_list and writes it to the named keytab.
+ */
+krb5_error_code ktutil_write_keytab(context, list, name)
+    krb5_context context;
+    krb5_kt_list list;
+    char *name;
+{
+    krb5_kt_list lp;
+    krb5_keytab kt;
+    char ktname[MAXPATHLEN+sizeof("WRFILE:")+1];
+    krb5_error_code retval = 0;
+    int result;
+
+    result = snprintf(ktname, sizeof(ktname), "WRFILE:%s", name);
+    if (SNPRINTF_OVERFLOW(result, sizeof(ktname)))
+        return ENAMETOOLONG;
+    retval = krb5_kt_resolve(context, ktname, &kt);
+    if (retval)
+        return retval;
+    for (lp = list; lp; lp = lp->next) {
+        retval = krb5_kt_add_entry(context, kt, lp->entry);
+        if (retval)
+            break;
+    }
+    krb5_kt_close(context, kt);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/kadmin/scripts/inst-hdrs.sh b/krb5-1.21.3/src/kadmin/scripts/inst-hdrs.sh
new file mode 100755
index 00000000..242be89e
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/scripts/inst-hdrs.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+dir=$1; shift
+while [ $# -gt 0 ]; do
+	file=$1
+	cmp -s $file $dir/$file
+	if [ $? != 0 ]; then
+		echo "+ rm $dir/$file"
+		rm -f $dir/$file
+		echo "+ cp $file $dir/$file"
+		cp $file $dir/$file
+	fi
+	shift
+done
diff --git a/krb5-1.21.3/src/kadmin/server/Makefile.in b/krb5-1.21.3/src/kadmin/server/Makefile.in
new file mode 100644
index 00000000..1e262f68
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/Makefile.in
@@ -0,0 +1,24 @@
+mydir=kadmin$(S)server
+BUILDTOP=$(REL)..$(S)..
+KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
+
+LOCALINCLUDES = -I$(top_srcdir)/lib/gssapi/generic \
+	-I$(top_srcdir)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic \
+	-I$(BUILDTOP)/lib/gssapi/krb5
+
+PROG = kadmind
+OBJS = auth.o auth_acl.o auth_self.o kadm_rpc_svc.o server_stubs.o \
+	ovsec_kadmd.o schpw.o misc.o ipropd_svc.o
+SRCS = auth.o auth_acl.c auth_self.c kadm_rpc_svc.c server_stubs.c \
+	ovsec_kadmd.c schpw.c misc.c ipropd_svc.c
+
+all: $(PROG)
+
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) $(VERTO_DEPLIB)
+	$(CC_LINK) -o $(PROG) $(OBJS) $(APPUTILS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(VERTO_LIBS)
+
+install:
+	$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG)
+
+clean:
+	$(RM) $(PROG) $(OBJS)
diff --git a/krb5-1.21.3/src/kadmin/server/auth.c b/krb5-1.21.3/src/kadmin/server/auth.c
new file mode 100644
index 00000000..081b20a8
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/auth.c
@@ -0,0 +1,314 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/server/auth.c - kadm5_auth pluggable interface consumer */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include <krb5/kadm5_auth_plugin.h>
+#include "auth.h"
+
+typedef struct {
+    struct kadm5_auth_vtable_st vt;
+    kadm5_auth_moddata data;
+} *auth_handle;
+
+static auth_handle *handles;
+
+void
+auth_fini(krb5_context context)
+{
+    auth_handle *hp, h;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.fini != NULL)
+            h->vt.fini(context, h->data);
+        free(h);
+    }
+    free(handles);
+    handles = NULL;
+}
+
+krb5_error_code
+auth_init(krb5_context context, const char *acl_file)
+{
+    krb5_error_code ret;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    size_t count;
+    auth_handle h = NULL;
+    const int intf = PLUGIN_INTERFACE_KADM5_AUTH;
+
+    ret = k5_plugin_register(context, intf, "acl", kadm5_auth_acl_initvt);
+    if (ret)
+        goto cleanup;
+    ret = k5_plugin_register(context, intf, "self", kadm5_auth_self_initvt);
+    if (ret)
+        goto cleanup;
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_KADM5_AUTH, &modules);
+    if (ret)
+        goto cleanup;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    handles = k5calloc(count + 1, sizeof(*handles), &ret);
+    if (handles == NULL)
+        goto cleanup;
+
+    /* For each module, allocate a handle, initialize its vtable, and
+     * initialize its module data. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        h = k5alloc(sizeof(*h), &ret);
+        if (h == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&h->vt);
+        if (ret) {              /* Failed vtable init is non-fatal. */
+            TRACE_KADM5_AUTH_VTINIT_FAIL(context, ret);
+            free(h);
+            h = NULL;
+            continue;
+        }
+        h->data = NULL;
+        if (h->vt.init != NULL) {
+            ret = h->vt.init(context, acl_file, &h->data);
+            if (ret == KRB5_PLUGIN_NO_HANDLE) {
+                TRACE_KADM5_AUTH_INIT_SKIP(context, h->vt.name);
+                free(h);
+                h = NULL;
+                continue;
+            }
+            if (ret) {
+                TRACE_KADM5_AUTH_INIT_FAIL(context, h->vt.name, ret);
+                goto cleanup;
+            }
+        }
+        handles[count++] = h;
+        handles[count] = NULL;
+        h = NULL;
+    }
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        auth_fini(context);
+    free(h);
+    k5_plugin_free_modules(context, modules);
+    return ret;
+}
+
+/* Invoke the appropriate method from h->vt for opcode, passing client and the
+ * correct subset of p1, p2, s1, s2, polent, and mask for the method. */
+static krb5_error_code
+call_module(krb5_context context, auth_handle h, int opcode,
+            krb5_const_principal client, krb5_const_principal p1,
+            krb5_const_principal p2, const char *s1, const char *s2,
+            const kadm5_policy_ent_rec *polent, long mask)
+{
+    /* addprinc and modprinc are handled through auth_restrict(). */
+    assert(opcode != OP_ADDPRINC && opcode != OP_MODPRINC);
+
+    if (opcode == OP_SETSTR && h->vt.setstr != NULL)
+        return h->vt.setstr(context, h->data, client, p1, s1, s2);
+    else if (opcode == OP_CPW && h->vt.cpw != NULL)
+        return h->vt.cpw(context, h->data, client, p1);
+    else if (opcode == OP_CHRAND && h->vt.chrand != NULL)
+        return h->vt.chrand(context, h->data, client, p1);
+    else if (opcode == OP_SETKEY && h->vt.setkey != NULL)
+        return h->vt.setkey(context, h->data, client, p1);
+    else if (opcode == OP_PURGEKEYS && h->vt.purgekeys != NULL)
+        return h->vt.purgekeys(context, h->data, client, p1);
+    else if (opcode == OP_DELPRINC && h->vt.delprinc != NULL)
+        return h->vt.delprinc(context, h->data, client, p1);
+    else if (opcode == OP_RENPRINC && h->vt.renprinc != NULL)
+        return h->vt.renprinc(context, h->data, client, p1, p2);
+    else if (opcode == OP_GETPRINC && h->vt.getprinc != NULL)
+        return h->vt.getprinc(context, h->data, client, p1);
+    else if (opcode == OP_GETSTRS && h->vt.getstrs != NULL)
+        return h->vt.getstrs(context, h->data, client, p1);
+    else if (opcode == OP_EXTRACT && h->vt.extract != NULL)
+        return h->vt.extract(context, h->data, client, p1);
+    else if (opcode == OP_LISTPRINCS && h->vt.listprincs != NULL)
+        return h->vt.listprincs(context, h->data, client);
+    else if (opcode == OP_ADDPOL && h->vt.addpol != NULL)
+        return h->vt.addpol(context, h->data, client, s1, polent, mask);
+    else if (opcode == OP_MODPOL && h->vt.modpol != NULL)
+        return h->vt.modpol(context, h->data, client, s1, polent, mask);
+    else if (opcode == OP_DELPOL && h->vt.delpol != NULL)
+        return h->vt.delpol(context, h->data, client, s1);
+    else if (opcode == OP_GETPOL && h->vt.getpol != NULL)
+        return h->vt.getpol(context, h->data, client, s1, s2);
+    else if (opcode == OP_LISTPOLS && h->vt.listpols != NULL)
+        return h->vt.listpols(context, h->data, client);
+    else if (opcode == OP_IPROP && h->vt.iprop != NULL)
+        return h->vt.iprop(context, h->data, client);
+
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+krb5_boolean
+auth(krb5_context context, int opcode, krb5_const_principal client,
+     krb5_const_principal p1, krb5_const_principal p2, const char *s1,
+     const char *s2, const kadm5_policy_ent_rec *polent, long mask)
+{
+    krb5_error_code ret;
+    krb5_boolean authorized = FALSE;
+    auth_handle *hp, h;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+
+        ret = call_module(context, h, opcode, client, p1, p2, s1, s2,
+                          polent, mask);
+        if (!ret)
+            authorized = TRUE;
+        else if (ret != KRB5_PLUGIN_NO_HANDLE)
+            return FALSE;
+    }
+
+    return authorized;
+}
+
+/* Impose restrictions, modifying *ent and *mask. */
+static krb5_error_code
+impose_restrictions(krb5_context context,
+                    const struct kadm5_auth_restrictions *rs,
+                    kadm5_principal_ent_t ent, long *mask)
+{
+    krb5_error_code ret;
+    krb5_timestamp now;
+
+    if (rs == NULL)
+        return 0;
+    if (rs->mask & (KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION)) {
+        ret = krb5_timeofday(context, &now);
+        if (ret)
+            return ret;
+    }
+
+    if (rs->mask & KADM5_ATTRIBUTES) {
+        ent->attributes |= rs->require_attrs;
+        ent->attributes &= rs->forbid_attrs;
+        *mask |= KADM5_ATTRIBUTES;
+    }
+    if (rs->mask & KADM5_POLICY_CLR) {
+        *mask &= ~KADM5_POLICY;
+        *mask |= KADM5_POLICY_CLR;
+    } else if (rs->mask & KADM5_POLICY) {
+        if (ent->policy != NULL && strcmp(ent->policy, rs->policy) != 0) {
+            free(ent->policy);
+            ent->policy = NULL;
+        }
+        if (ent->policy == NULL) {
+            ent->policy = strdup(rs->policy);
+            if (ent->policy == NULL)
+                return ENOMEM;
+        }
+        *mask |= KADM5_POLICY;
+    }
+    if (rs->mask & KADM5_PRINC_EXPIRE_TIME) {
+        if (!(*mask & KADM5_PRINC_EXPIRE_TIME) ||
+            ts_after(ent->princ_expire_time, ts_incr(now, rs->princ_lifetime)))
+            ent->princ_expire_time = now + rs->princ_lifetime;
+        *mask |= KADM5_PRINC_EXPIRE_TIME;
+    }
+    if (rs->mask & KADM5_PW_EXPIRATION) {
+        if (!(*mask & KADM5_PW_EXPIRATION) ||
+            ts_after(ent->pw_expiration, ts_incr(now, rs->pw_lifetime)))
+            ent->pw_expiration = now + rs->pw_lifetime;
+        *mask |= KADM5_PW_EXPIRATION;
+    }
+    if (rs->mask & KADM5_MAX_LIFE) {
+        if (!(*mask & KADM5_MAX_LIFE) || ent->max_life > rs->max_life)
+            ent->max_life = rs->max_life;
+        *mask |= KADM5_MAX_LIFE;
+    }
+    if (rs->mask & KADM5_MAX_RLIFE) {
+        if (!(*mask & KADM5_MAX_RLIFE) ||
+            ent->max_renewable_life > rs->max_renewable_life)
+            ent->max_renewable_life = rs->max_renewable_life;
+        *mask |= KADM5_MAX_RLIFE;
+    }
+    return 0;
+}
+
+krb5_boolean
+auth_restrict(krb5_context context, int opcode, krb5_const_principal client,
+              kadm5_principal_ent_t ent, long *mask)
+{
+    auth_handle *hp, h;
+    krb5_boolean authorized = FALSE;
+    krb5_error_code ret, rs_ret;
+    krb5_const_principal target = ent->principal;
+    struct kadm5_auth_restrictions *rs;
+
+    assert(opcode == OP_ADDPRINC || opcode == OP_MODPRINC);
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+
+        ret = KRB5_PLUGIN_NO_HANDLE;
+        rs = NULL;
+        if (opcode == OP_ADDPRINC && h->vt.addprinc != NULL) {
+            ret = h->vt.addprinc(context, h->data, client, target, ent, *mask,
+                                 &rs);
+        } else if (opcode == OP_MODPRINC && h->vt.modprinc != NULL) {
+            ret = h->vt.modprinc(context, h->data, client, target, ent, *mask,
+                                 &rs);
+        }
+        if (rs != NULL) {
+            rs_ret = impose_restrictions(context, rs, ent, mask);
+            if (h->vt.free_restrictions != NULL)
+                h->vt.free_restrictions(context, h->data, rs);
+            if (rs_ret)
+                return FALSE;
+        }
+        if (!ret)
+            authorized = TRUE;
+        else if (ret != KRB5_PLUGIN_NO_HANDLE)
+            return FALSE;
+    }
+
+    return authorized;
+}
+
+void
+auth_end(krb5_context context)
+{
+    auth_handle *hp, h;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.end != NULL)
+            h->vt.end(context, h->data);
+    }
+}
diff --git a/krb5-1.21.3/src/kadmin/server/auth.h b/krb5-1.21.3/src/kadmin/server/auth.h
new file mode 100644
index 00000000..4d265add
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/auth.h
@@ -0,0 +1,85 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/server/auth.h - kadmin authorization declarations */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef AUTH_H
+#define AUTH_H
+
+#define OP_ADDPRINC     1
+#define OP_MODPRINC     2
+#define OP_SETSTR       3
+#define OP_CPW          4
+#define OP_CHRAND       5
+#define OP_SETKEY       6
+#define OP_PURGEKEYS    7
+#define OP_DELPRINC     8
+#define OP_RENPRINC     9
+#define OP_GETPRINC    10
+#define OP_GETSTRS     11
+#define OP_EXTRACT     12
+#define OP_LISTPRINCS  13
+#define OP_ADDPOL      14
+#define OP_MODPOL      15
+#define OP_DELPOL      16
+#define OP_GETPOL      17
+#define OP_LISTPOLS    18
+#define OP_IPROP       19
+
+/* Initialize all authorization modules. */
+krb5_error_code auth_init(krb5_context context, const char *acl_file);
+
+/* Release authorization module state. */
+void auth_fini(krb5_context context);
+
+/* Authorize the operation given by opcode, using the appropriate subset of p1,
+ * p2, s1, s2, polent, and mask. */
+krb5_boolean auth(krb5_context context, int opcode,
+                  krb5_const_principal client, krb5_const_principal p1,
+                  krb5_const_principal p2, const char *s1, const char *s2,
+                  const kadm5_policy_ent_rec *polent, long mask);
+
+/* Authorize an add-principal or modify-principal operation, and apply
+ * restrictions to ent and mask if any modules supply them. */
+krb5_boolean auth_restrict(krb5_context context, int opcode,
+                           krb5_const_principal client,
+                           kadm5_principal_ent_t ent, long *mask);
+
+/* Notify modules that the most recent authorized operation has ended. */
+void auth_end(krb5_context context);
+
+/* initvt declarations for built-in modules */
+
+krb5_error_code kadm5_auth_acl_initvt(krb5_context context, int maj_ver,
+                                      int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code kadm5_auth_self_initvt(krb5_context context, int maj_ver,
+                                       int min_ver, krb5_plugin_vtable vtable);
+
+#endif /* AUTH_H */
diff --git a/krb5-1.21.3/src/kadmin/server/auth_acl.c b/krb5-1.21.3/src/kadmin/server/auth_acl.c
new file mode 100644
index 00000000..ce9ace36
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/auth_acl.c
@@ -0,0 +1,755 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/server/auth_acl.c - ACL kadm5_auth module */
+/*
+ * Copyright 1995-2004, 2007, 2008, 2017 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <syslog.h>
+#include <kadm5/admin.h>
+#include <krb5/kadm5_auth_plugin.h>
+#include "adm_proto.h"
+#include <ctype.h>
+#include "auth.h"
+
+/*
+ * Access control bits.
+ */
+#define ACL_ADD                 1
+#define ACL_DELETE              2
+#define ACL_MODIFY              4
+#define ACL_CHANGEPW            8
+/* #define ACL_CHANGE_OWN_PW    16 */
+#define ACL_INQUIRE             32
+#define ACL_EXTRACT             64
+#define ACL_LIST                128
+#define ACL_SETKEY              256
+#define ACL_IPROP               512
+
+#define ACL_ALL_MASK            (ACL_ADD        |       \
+                                 ACL_DELETE     |       \
+                                 ACL_MODIFY     |       \
+                                 ACL_CHANGEPW   |       \
+                                 ACL_INQUIRE    |       \
+                                 ACL_LIST       |       \
+                                 ACL_IPROP      |       \
+                                 ACL_SETKEY)
+
+struct acl_op_table {
+    char op;
+    uint32_t mask;
+};
+
+struct acl_entry {
+    struct acl_entry *next;
+    krb5_principal client;
+    uint32_t op_allowed;
+    krb5_principal target;
+    struct kadm5_auth_restrictions *rs;
+};
+
+static const struct acl_op_table acl_op_table[] = {
+    { 'a', ACL_ADD },
+    { 'd', ACL_DELETE },
+    { 'm', ACL_MODIFY },
+    { 'c', ACL_CHANGEPW },
+    { 'i', ACL_INQUIRE },
+    { 'l', ACL_LIST },
+    { 'p', ACL_IPROP },
+    { 's', ACL_SETKEY },
+    { 'x', ACL_ALL_MASK },
+    { '*', ACL_ALL_MASK },
+    { 'e', ACL_EXTRACT },
+    { '\0', 0 }
+};
+
+struct wildstate {
+    int nwild;
+    const krb5_data *backref[9];
+};
+
+struct acl_state {
+    struct acl_entry *list;
+};
+
+/*
+ * Get a line from the ACL file.  Lines ending with \ are continued on the next
+ * line.  The caller should set *lineno to 1 and *incr to 0 before the first
+ * call.  On successful return, *lineno will be the line number of the line
+ * read.  Return a pointer to the line on success, or NULL on end of file or
+ * read failure.
+ */
+static char *
+get_line(FILE *fp, const char *fname, int *lineno, int *incr)
+{
+    const int chunksize = 128;
+    struct k5buf buf;
+    size_t old_len;
+    char *p;
+
+    /* Increment *lineno by the number of newlines from the last line. */
+    *lineno += *incr;
+    *incr = 0;
+
+    k5_buf_init_dynamic(&buf);
+    for (;;) {
+        /* Read at least part of a line into the buffer. */
+        old_len = buf.len;
+        p = k5_buf_get_space(&buf, chunksize);
+        if (p == NULL)
+            return NULL;
+
+        if (fgets(p, chunksize, fp) == NULL) {
+            /* We reached the end.  Return a final unterminated line, if there
+             * is one and it's not a comment. */
+            k5_buf_truncate(&buf, old_len);
+            if (buf.len > 0 && *(char *)buf.data != '#')
+                return buf.data;
+            k5_buf_free(&buf);
+            return NULL;
+        }
+
+        /* Set the buffer length based on the actual amount read. */
+        k5_buf_truncate(&buf, old_len + strlen(p));
+
+        p = buf.data;
+        if (buf.len > 0 && p[buf.len - 1] == '\n') {
+            /* We have a complete raw line in the buffer. */
+            (*incr)++;
+            k5_buf_truncate(&buf, buf.len - 1);
+            if (buf.len > 0 && p[buf.len - 1] == '\\') {
+                /* This line has a continuation marker; keep reading. */
+                k5_buf_truncate(&buf, buf.len - 1);
+            } else if (buf.len == 0 || *p == '#') {
+                /* This line is empty or a comment.  Start over. */
+                *lineno += *incr;
+                *incr = 0;
+                k5_buf_truncate(&buf, 0);
+            } else {
+                return k5_buf_cstring(&buf);
+            }
+        }
+    }
+}
+
+/*
+ * Parse a restrictions field.  Return NULL on failure.
+ *
+ * Allowed restrictions are:
+ *      [+-]flagname            (recognized by krb5_flagspec_to_mask)
+ *                              flag is forced to indicated value
+ *      -clearpolicy            policy is forced clear
+ *      -policy pol             policy is forced to be "pol"
+ *      -{expire,pwexpire,maxlife,maxrenewlife} deltat
+ *                              associated value will be forced to
+ *                              MIN(deltat, requested value)
+ */
+static struct kadm5_auth_restrictions *
+parse_restrictions(const char *str, const char *fname)
+{
+    char *copy = NULL, *token, *arg, *save;
+    const char *delims = "\t\n\f\v\r ,";
+    krb5_deltat delta;
+    struct kadm5_auth_restrictions *rs;
+
+    copy = strdup(str);
+    if (copy == NULL)
+        return NULL;
+
+    rs = calloc(1, sizeof(*rs));
+    if (rs == NULL) {
+        free(copy);
+        return NULL;
+    }
+
+    rs->forbid_attrs = ~(krb5_flags)0;
+    for (token = strtok_r(copy, delims, &save); token != NULL;
+         token = strtok_r(NULL, delims, &save)) {
+
+        if (krb5_flagspec_to_mask(token, &rs->require_attrs,
+                                  &rs->forbid_attrs) == 0) {
+            rs->mask |= KADM5_ATTRIBUTES;
+            continue;
+        }
+
+        if (strcmp(token, "-clearpolicy") == 0) {
+            rs->mask |= KADM5_POLICY_CLR;
+            continue;
+        }
+
+        /* Everything else needs an argument. */
+        arg = strtok_r(NULL, delims, &save);
+        if (arg == NULL)
+            goto error;
+
+        if (strcmp(token, "-policy") == 0) {
+            if (rs->policy != NULL)
+                goto error;
+            rs->policy = strdup(arg);
+            if (rs->policy == NULL)
+                goto error;
+            rs->mask |= KADM5_POLICY;
+            continue;
+        }
+
+        /* All other arguments must be a deltat. */
+        if (krb5_string_to_deltat(arg, &delta) != 0)
+            goto error;
+
+        if (strcmp(token, "-expire") == 0) {
+            rs->princ_lifetime = delta;
+            rs->mask |= KADM5_PRINC_EXPIRE_TIME;
+        } else if (strcmp(token, "-pwexpire") == 0) {
+            rs->pw_lifetime = delta;
+            rs->mask |= KADM5_PW_EXPIRATION;
+        } else if (strcmp(token, "-maxlife") == 0) {
+            rs->max_life = delta;
+            rs->mask |= KADM5_MAX_LIFE;
+        } else if (strcmp(token, "-maxrenewlife") == 0) {
+            rs->max_renewable_life = delta;
+            rs->mask |= KADM5_MAX_RLIFE;
+        } else {
+            goto error;
+        }
+    }
+
+    free(copy);
+    return rs;
+
+error:
+    krb5_klog_syslog(LOG_ERR, _("%s: invalid restrictions: %s"), fname, str);
+    free(copy);
+    free(rs->policy);
+    free(rs);
+    return NULL;
+}
+
+static void
+free_acl_entry(struct acl_entry *entry)
+{
+    krb5_free_principal(NULL, entry->client);
+    krb5_free_principal(NULL, entry->target);
+    if (entry->rs != NULL) {
+        free(entry->rs->policy);
+        free(entry->rs);
+    }
+    free(entry);
+}
+
+/* Parse the four fields of an ACL entry and return a structure representing
+ * it.  Log a message and return NULL on error. */
+static struct acl_entry *
+parse_entry(krb5_context context, const char *client, const char *ops,
+            const char *target, const char *rs, const char *line,
+            const char *fname)
+{
+    struct acl_entry *entry;
+    const char *op;
+    char rop;
+    int t;
+
+    entry = calloc(1, sizeof(*entry));
+    if (entry == NULL)
+        return NULL;
+
+    for (op = ops; *op; op++) {
+        rop = isupper((unsigned char)*op) ? tolower((unsigned char)*op) : *op;
+        for (t = 0; acl_op_table[t].op; t++) {
+            if (rop == acl_op_table[t].op) {
+                if (rop == *op)
+                    entry->op_allowed |= acl_op_table[t].mask;
+                else
+                    entry->op_allowed &= ~acl_op_table[t].mask;
+                break;
+            }
+        }
+        if (!acl_op_table[t].op) {
+            krb5_klog_syslog(LOG_ERR,
+                             _("Unrecognized ACL operation '%c' in %s"),
+                             *op, line);
+            goto error;
+        }
+    }
+
+    if (strcmp(client, "*") != 0) {
+        if (krb5_parse_name(context, client, &entry->client) != 0) {
+            krb5_klog_syslog(LOG_ERR, _("Cannot parse client principal '%s'"),
+                             client);
+            goto error;
+        }
+    }
+
+    if (target != NULL && strcmp(target, "*") != 0) {
+        if (krb5_parse_name(context, target, &entry->target) != 0) {
+            krb5_klog_syslog(LOG_ERR, _("Cannot parse target principal '%s'"),
+                             target);
+            goto error;
+        }
+    }
+
+    if (rs != NULL) {
+        entry->rs = parse_restrictions(rs, fname);
+        if (entry->rs == NULL)
+            goto error;
+    }
+
+    return entry;
+
+error:
+    free_acl_entry(entry);
+    return NULL;
+}
+
+/* Parse the contents of an ACL line. */
+static struct acl_entry *
+parse_line(krb5_context context, const char *line, const char *fname)
+{
+    struct acl_entry *entry = NULL;
+    char *copy;
+    char *client, *client_end, *ops, *ops_end, *target, *target_end, *rs, *end;
+    const char *ws = "\t\n\f\v\r ,";
+
+    /*
+     * Format:
+     *  entry ::= [<whitespace>] <principal> <whitespace> <opstring>
+     *            [<whitespace> <target> [<whitespace> <restrictions>
+     *                                    [<whitespace>]]]
+     */
+
+    /* Make a copy and remove any trailing whitespace. */
+    copy = strdup(line);
+    if (copy == NULL)
+        return NULL;
+    end = copy + strlen(copy);
+    while (end > copy && isspace(end[-1]))
+        *--end = '\0';
+
+    /* Find the beginning and end of each field.  The end of restrictions is
+     * the end of copy. */
+    client = copy + strspn(copy, ws);
+    client_end = client + strcspn(client, ws);
+    ops = client_end + strspn(client_end, ws);
+    ops_end = ops + strcspn(ops, ws);
+    target = ops_end + strspn(ops_end, ws);
+    target_end = target + strcspn(target, ws);
+    rs = target_end + strspn(target_end, ws);
+
+    /* Terminate the first three fields. */
+    *client_end = *ops_end = *target_end = '\0';
+
+    /* The last two fields are optional; represent them as NULL if not present.
+     * The first two fields are required. */
+    if (*target == '\0')
+        target = NULL;
+    if (*rs == '\0')
+        rs = NULL;
+    if (*client != '\0' && *ops != '\0')
+        entry = parse_entry(context, client, ops, target, rs, line, fname);
+    free(copy);
+    return entry;
+}
+
+/* Free all ACL entries. */
+static void
+free_acl_entries(struct acl_state *state)
+{
+    struct acl_entry *entry, *next;
+
+    for (entry = state->list; entry != NULL; entry = next) {
+        next = entry->next;
+        free_acl_entry(entry);
+    }
+    state->list = NULL;
+}
+
+/* Open and parse the ACL file. */
+static krb5_error_code
+load_acl_file(krb5_context context, const char *fname, struct acl_state *state)
+{
+    krb5_error_code ret;
+    FILE *fp;
+    char *line;
+    struct acl_entry **entry_slot;
+    int lineno, incr;
+
+    state->list = NULL;
+
+    /* Open the ACL file for reading. */
+    fp = fopen(fname, "r");
+    if (fp == NULL) {
+        krb5_klog_syslog(LOG_ERR, _("%s while opening ACL file %s"),
+                         error_message(errno), fname);
+        ret = errno;
+        k5_setmsg(context, errno, _("Cannot open %s: %s"), fname,
+                  error_message(ret));
+        return ret;
+    }
+
+    set_cloexec_file(fp);
+    lineno = 1;
+    incr = 0;
+    entry_slot = &state->list;
+
+    /* Get a non-comment line. */
+    while ((line = get_line(fp, fname, &lineno, &incr)) != NULL) {
+        /* Parse it.  Fail out on syntax error. */
+        *entry_slot = parse_line(context, line, fname);
+        if (*entry_slot == NULL) {
+            krb5_klog_syslog(LOG_ERR,
+                             _("%s: syntax error at line %d <%.10s...>"),
+                             fname, lineno, line);
+            k5_setmsg(context, EINVAL,
+                      _("%s: syntax error at line %d <%.10s...>"),
+                      fname, lineno, line);
+            free_acl_entries(state);
+            free(line);
+            fclose(fp);
+            return EINVAL;
+        }
+        entry_slot = &(*entry_slot)->next;
+        free(line);
+    }
+
+    fclose(fp);
+    return 0;
+}
+
+/*
+ * See if two data entries match.  If e1 is a wildcard (matching a whole
+ * component only) and targetflag is false, save an alias to e2 into
+ * ws->backref.  If e1 is a back-reference and targetflag is true, compare the
+ * appropriate entry in ws->backref to e2.  If ws is NULL, do not store or
+ * match back-references.
+ */
+static krb5_boolean
+match_data(const krb5_data *e1, const krb5_data *e2, krb5_boolean targetflag,
+           struct wildstate *ws)
+{
+    int n;
+
+    if (data_eq_string(*e1, "*")) {
+        if (ws != NULL && !targetflag) {
+            if (ws->nwild < 9)
+                ws->backref[ws->nwild++] = e2;
+        }
+        return TRUE;
+    }
+
+    if (ws != NULL && targetflag && e1->length == 2 && e1->data[0] == '*' &&
+        e1->data[1] >= '1' && e1->data[1] <= '9') {
+        n = e1->data[1] - '1';
+        if (n >= ws->nwild)
+            return FALSE;
+        return data_eq(*e2, *ws->backref[n]);
+    } else {
+        return data_eq(*e2, *e1);
+    }
+}
+
+/* Return true if p1 matches p2.  p1 may contain wildcards if targetflag is
+ * false, or backreferences if it is true. */
+static krb5_boolean
+match_princ(krb5_const_principal p1, krb5_const_principal p2,
+            krb5_boolean targetflag, struct wildstate *ws)
+{
+    int i;
+
+    /* The principals must be of the same length. */
+    if (p1->length != p2->length)
+        return FALSE;
+
+    /* The realm must match, and does not interact with wildcard state. */
+    if (!match_data(&p1->realm, &p2->realm, targetflag, NULL))
+        return FALSE;
+
+    /* All components of the principals must match. */
+    for (i = 0; i < p1->length; i++) {
+        if (!match_data(&p1->data[i], &p2->data[i], targetflag, ws))
+            return FALSE;
+    }
+
+    return TRUE;
+}
+
+/* Find an ACL entry matching principal and target_principal.  Return NULL if
+ * none is found. */
+static struct acl_entry *
+find_entry(struct acl_state *state, krb5_const_principal client,
+           krb5_const_principal target)
+{
+    struct acl_entry *entry;
+    struct wildstate ws;
+
+    for (entry = state->list; entry != NULL; entry = entry->next) {
+        memset(&ws, 0, sizeof(ws));
+        if (entry->client != NULL) {
+            if (!match_princ(entry->client, client, FALSE, &ws))
+                continue;
+        }
+
+        if (entry->target != NULL) {
+            if (target == NULL)
+                continue;
+            if (!match_princ(entry->target, target, TRUE, &ws))
+                continue;
+        }
+
+        return entry;
+    }
+
+    return NULL;
+}
+
+/* Return true if op is permitted for this principal.  Set *rs_out (if not
+ * NULL) according to any restrictions in the ACL entry. */
+static krb5_error_code
+acl_check(kadm5_auth_moddata data, uint32_t op, krb5_const_principal client,
+          krb5_const_principal target, struct kadm5_auth_restrictions **rs_out)
+{
+    struct acl_entry *entry;
+
+    if (rs_out != NULL)
+        *rs_out = NULL;
+
+    entry = find_entry((struct acl_state *)data, client, target);
+    if (entry == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    if (!(entry->op_allowed & op))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    if (rs_out != NULL && entry->rs != NULL && entry->rs->mask)
+        *rs_out = entry->rs;
+
+    return 0;
+}
+
+static krb5_error_code
+acl_init(krb5_context context, const char *acl_file,
+         kadm5_auth_moddata *data_out)
+{
+    krb5_error_code ret;
+    struct acl_state *state;
+
+    *data_out = NULL;
+    if (acl_file == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    state = malloc(sizeof(*state));
+    state->list = NULL;
+    ret = load_acl_file(context, acl_file, state);
+    if (ret) {
+        free(state);
+        return ret;
+    }
+    *data_out = (kadm5_auth_moddata)state;
+    return 0;
+}
+
+static void
+acl_fini(krb5_context context, kadm5_auth_moddata data)
+{
+    if (data == NULL)
+        return;
+    free_acl_entries((struct acl_state *)data);
+    free(data);
+}
+
+static krb5_error_code
+acl_addprinc(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client, krb5_const_principal target,
+             const struct _kadm5_principal_ent_t *ent, long mask,
+             struct kadm5_auth_restrictions **rs_out)
+{
+    return acl_check(data, ACL_ADD, client, target, rs_out);
+}
+
+static krb5_error_code
+acl_modprinc(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client, krb5_const_principal target,
+             const struct _kadm5_principal_ent_t *ent, long mask,
+             struct kadm5_auth_restrictions **rs_out)
+{
+    return acl_check(data, ACL_MODIFY, client, target, rs_out);
+}
+
+static krb5_error_code
+acl_setstr(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, krb5_const_principal target,
+           const char *key, const char *value)
+{
+    return acl_check(data, ACL_MODIFY, client, target, NULL);
+}
+
+static krb5_error_code
+acl_cpw(krb5_context context, kadm5_auth_moddata data,
+        krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_CHANGEPW, client, target, NULL);
+}
+
+static krb5_error_code
+acl_chrand(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_CHANGEPW, client, target, NULL);
+}
+
+static krb5_error_code
+acl_setkey(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_SETKEY, client, target, NULL);
+}
+
+static krb5_error_code
+acl_purgekeys(krb5_context context, kadm5_auth_moddata data,
+              krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_MODIFY, client, target, NULL);
+}
+
+static krb5_error_code
+acl_delprinc(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_DELETE, client, target, NULL);
+}
+
+static krb5_error_code
+acl_renprinc(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client, krb5_const_principal src,
+             krb5_const_principal dest)
+{
+    struct kadm5_auth_restrictions *rs;
+
+    if (acl_check(data, ACL_DELETE, client, src, NULL) == 0 &&
+        acl_check(data, ACL_ADD, client, dest, &rs) == 0 && rs == NULL)
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+static krb5_error_code
+acl_getprinc(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_INQUIRE, client, target, NULL);
+}
+
+static krb5_error_code
+acl_getstrs(krb5_context context, kadm5_auth_moddata data,
+            krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_INQUIRE, client, target, NULL);
+}
+
+static krb5_error_code
+acl_extract(krb5_context context, kadm5_auth_moddata data,
+            krb5_const_principal client, krb5_const_principal target)
+{
+    return acl_check(data, ACL_EXTRACT, client, target, NULL);
+}
+
+static krb5_error_code
+acl_listprincs(krb5_context context, kadm5_auth_moddata data,
+               krb5_const_principal client)
+{
+    return acl_check(data, ACL_LIST, client, NULL, NULL);
+}
+
+static krb5_error_code
+acl_addpol(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, const char *policy,
+           const struct _kadm5_policy_ent_t *ent, long mask)
+{
+    return acl_check(data, ACL_ADD, client, NULL, NULL);
+}
+
+static krb5_error_code
+acl_modpol(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, const char *policy,
+           const struct _kadm5_policy_ent_t *ent, long mask)
+{
+    return acl_check(data, ACL_MODIFY, client, NULL, NULL);
+}
+
+static krb5_error_code
+acl_delpol(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, const char *policy)
+{
+    return acl_check(data, ACL_DELETE, client, NULL, NULL);
+}
+
+static krb5_error_code
+acl_getpol(krb5_context context, kadm5_auth_moddata data,
+           krb5_const_principal client, const char *policy,
+           const char *client_policy)
+{
+    return acl_check(data, ACL_INQUIRE, client, NULL, NULL);
+}
+
+static krb5_error_code
+acl_listpols(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client)
+{
+    return acl_check(data, ACL_LIST, client, NULL, NULL);
+}
+
+static krb5_error_code
+acl_iprop(krb5_context context, kadm5_auth_moddata data,
+          krb5_const_principal client)
+{
+    return acl_check(data, ACL_IPROP, client, NULL, NULL);
+}
+
+krb5_error_code
+kadm5_auth_acl_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    kadm5_auth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (kadm5_auth_vtable)vtable;
+    vt->name = "acl";
+    vt->init = acl_init;
+    vt->fini = acl_fini;
+    vt->addprinc = acl_addprinc;
+    vt->modprinc = acl_modprinc;
+    vt->setstr = acl_setstr;
+    vt->cpw = acl_cpw;
+    vt->chrand = acl_chrand;
+    vt->setkey = acl_setkey;
+    vt->purgekeys = acl_purgekeys;
+    vt->delprinc = acl_delprinc;
+    vt->renprinc = acl_renprinc;
+    vt->getprinc = acl_getprinc;
+    vt->getstrs = acl_getstrs;
+    vt->extract = acl_extract;
+    vt->listprincs = acl_listprincs;
+    vt->addpol = acl_addpol;
+    vt->modpol = acl_modpol;
+    vt->delpol = acl_delpol;
+    vt->getpol = acl_getpol;
+    vt->listpols = acl_listpols;
+    vt->iprop = acl_iprop;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kadmin/server/auth_self.c b/krb5-1.21.3/src/kadmin/server/auth_self.c
new file mode 100644
index 00000000..253d4bc5
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/auth_self.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kadmin/server/auth_self.c - self-service kadm5_auth module */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include <krb5/kadm5_auth_plugin.h>
+#include "auth.h"
+
+/* Authorize a principal to operate on itself.  Applies to cpw, chrand,
+ * purgekeys, getprinc, and getstrs. */
+static krb5_error_code
+self_compare(krb5_context context, kadm5_auth_moddata data,
+             krb5_const_principal client, krb5_const_principal target)
+{
+    if (krb5_principal_compare(context, client, target))
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* Authorize a principal to get the policy record for its own policy. */
+static krb5_error_code
+self_getpol(krb5_context context, kadm5_auth_moddata data,
+            krb5_const_principal client, const char *policy,
+            const char *client_policy)
+{
+    if (client_policy != NULL && strcmp(policy, client_policy) == 0)
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+krb5_error_code
+kadm5_auth_self_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    kadm5_auth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (kadm5_auth_vtable)vtable;
+    vt->name = "self";
+    vt->cpw = self_compare;
+    vt->chrand = self_compare;
+    vt->purgekeys = self_compare;
+    vt->getprinc = self_compare;
+    vt->getstrs = self_compare;
+    vt->getpol = self_getpol;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kadmin/server/deps b/krb5-1.21.3/src/kadmin/server/deps
new file mode 100644
index 00000000..69f19366
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/deps
@@ -0,0 +1,176 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)auth_acl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kadm5_auth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth.h auth_acl.c
+$(OUTPRE)auth_self.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kadm5_auth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth.h auth_self.c
+$(OUTPRE)kadm_rpc_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kadm_rpc_svc.c \
+  misc.h
+$(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth.h misc.h \
+  server_stubs.c
+$(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
+  $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(COM_ERR_DEPS) \
+  $(VERTO_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_kt.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/gssapi/generic/gssapiP_generic.h \
+  $(top_srcdir)/lib/gssapi/generic/gssapi_ext.h $(top_srcdir)/lib/gssapi/generic/gssapi_generic.h \
+  $(top_srcdir)/lib/gssapi/krb5/gssapiP_krb5.h $(top_srcdir)/lib/gssapi/krb5/gssapi_krb5.h \
+  auth.h misc.h ovsec_kadmd.c
+$(OUTPRE)schpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  misc.h schpw.c
+$(OUTPRE)misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth.h misc.c \
+  misc.h
+$(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/lib/gssapi/krb5/gssapi_krb5.h auth.h \
+  ipropd_svc.c misc.h
diff --git a/krb5-1.21.3/src/kadmin/server/ipropd_svc.c b/krb5-1.21.3/src/kadmin/server/ipropd_svc.c
new file mode 100644
index 00000000..56e9b90b
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/ipropd_svc.c
@@ -0,0 +1,619 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* #pragma ident	"@(#)ipropd_svc.c	1.2	04/02/20 SMI" */
+
+
+#include "k5-platform.h"
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/resource.h> /* rlimit */
+#include <syslog.h>
+
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include <kadm5/server_internal.h>
+#include <adm_proto.h>
+#include <string.h>
+#include <gssapi_krb5.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <kdb_log.h>
+#include "auth.h"
+#include "misc.h"
+#include "osconf.h"
+
+extern gss_name_t rqst2name(struct svc_req *rqstp);
+
+extern void *global_server_handle;
+extern int nofork;
+extern short l_port;
+extern char *kdb5_util;
+extern char *kprop;
+extern char *dump_file;
+extern char *kprop_port;
+
+static char *reply_ok_str	= "UPDATE_OK";
+static char *reply_err_str	= "UPDATE_ERROR";
+static char *reply_fr_str	= "UPDATE_FULL_RESYNC_NEEDED";
+static char *reply_busy_str	= "UPDATE_BUSY";
+static char *reply_nil_str	= "UPDATE_NIL";
+static char *reply_perm_str	= "UPDATE_PERM_DENIED";
+static char *reply_unknown_str	= "<UNKNOWN_CODE>";
+
+#define	LOG_UNAUTH  _("Unauthorized request: %s, client=%s, service=%s, addr=%s")
+#define	LOG_DONE    _("Request: %s, %s, %s, client=%s, service=%s, addr=%s")
+
+#ifdef	DPRINT
+#undef	DPRINT
+#endif
+#ifdef DEBUG
+#define	DPRINT(...)				\
+    do {					\
+	if (nofork) {				\
+	    fprintf(stderr, __VA_ARGS__);	\
+	    fflush(stderr);			\
+	}					\
+    } while (0)
+#else
+#define	DPRINT(...)
+#endif
+
+static void
+debprret(char *w, update_status_t ret, kdb_sno_t sno)
+{
+    switch (ret) {
+    case UPDATE_OK:
+	printf("%s: end (OK, sno=%u)\n",
+	       w, sno);
+	break;
+    case UPDATE_ERROR:
+	printf("%s: end (ERROR)\n", w);
+	break;
+    case UPDATE_FULL_RESYNC_NEEDED:
+	printf("%s: end (FR NEEDED)\n", w);
+	break;
+    case UPDATE_BUSY:
+	printf("%s: end (BUSY)\n", w);
+	break;
+    case UPDATE_NIL:
+	printf("%s: end (NIL)\n", w);
+	break;
+    case UPDATE_PERM_DENIED:
+	printf("%s: end (PERM)\n", w);
+	break;
+    default:
+	printf("%s: end (UNKNOWN return code (%d))\n", w, ret);
+    }
+}
+
+static char *
+replystr(update_status_t ret)
+{
+    switch (ret) {
+    case UPDATE_OK:
+	return (reply_ok_str);
+    case UPDATE_ERROR:
+	return (reply_err_str);
+    case UPDATE_FULL_RESYNC_NEEDED:
+	return (reply_fr_str);
+    case UPDATE_BUSY:
+	return (reply_busy_str);
+    case UPDATE_NIL:
+	return (reply_nil_str);
+    case UPDATE_PERM_DENIED:
+	return (reply_perm_str);
+    default:
+	return (reply_unknown_str);
+    }
+}
+
+/* Returns null on allocation failure.
+   Regardless of success or failure, frees the input buffer.  */
+static char *
+buf_to_string(gss_buffer_desc *b)
+{
+    OM_uint32 min_stat;
+    char *s = malloc(b->length+1);
+
+    if (s) {
+	memcpy(s, b->value, b->length);
+	s[b->length] = 0;
+    }
+    (void) gss_release_buffer(&min_stat, b);
+    return s;
+}
+
+static krb5_boolean
+iprop_acl_check(krb5_context context, const char *client_name)
+{
+    krb5_principal client_princ;
+    krb5_boolean result;
+
+    if (krb5_parse_name(context, client_name, &client_princ) != 0)
+	return FALSE;
+    result = auth(context, OP_IPROP, client_princ,
+		  NULL, NULL, NULL, NULL, NULL, 0);
+    krb5_free_principal(context, client_princ);
+    return result;
+}
+
+kdb_incr_result_t *
+iprop_get_updates_1_svc(kdb_last_t *arg, struct svc_req *rqstp)
+{
+    static kdb_incr_result_t ret;
+    char *whoami = "iprop_get_updates_1";
+    int kret;
+    kadm5_server_handle_t handle = global_server_handle;
+    char *client_name = 0, *service_name = 0;
+    char obuf[256] = {0};
+
+    /* default return code */
+    ret.ret = UPDATE_ERROR;
+
+    DPRINT("%s: start, last_sno=%lu\n", whoami,
+	    (unsigned long)arg->last_sno);
+
+    if (!handle) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("%s: server handle is NULL"),
+			 whoami);
+	goto out;
+    }
+
+    {
+	gss_buffer_desc client_desc, service_desc;
+
+	if (setup_gss_names(rqstp, &client_desc, &service_desc) < 0) {
+	    krb5_klog_syslog(LOG_ERR,
+			     _("%s: setup_gss_names failed"),
+			     whoami);
+	    goto out;
+	}
+	client_name = buf_to_string(&client_desc);
+	service_name = buf_to_string(&service_desc);
+	if (client_name == NULL || service_name == NULL) {
+	    krb5_klog_syslog(LOG_ERR,
+			     _("%s: out of memory recording principal names"),
+			     whoami);
+	    goto out;
+	}
+    }
+
+    DPRINT("%s: clprinc=`%s'\n\tsvcprinc=`%s'\n", whoami, client_name,
+	   service_name);
+
+    if (!iprop_acl_check(handle->context, client_name)) {
+	ret.ret = UPDATE_PERM_DENIED;
+
+	DPRINT("%s: PERMISSION DENIED: clprinc=`%s'\n\tsvcprinc=`%s'\n",
+		whoami, client_name, service_name);
+
+	krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
+			 client_name, service_name,
+			 client_addr(rqstp->rq_xprt));
+	goto out;
+    }
+
+    kret = ulog_get_entries(handle->context, arg, &ret);
+
+    if (ret.ret == UPDATE_OK) {
+	(void) snprintf(obuf, sizeof (obuf),
+			_("%s; Incoming SerialNo=%lu; Outgoing SerialNo=%lu"),
+			replystr(ret.ret),
+			(unsigned long)arg->last_sno,
+			(unsigned long)ret.lastentry.last_sno);
+    } else {
+	(void) snprintf(obuf, sizeof (obuf),
+			_("%s; Incoming SerialNo=%lu; Outgoing SerialNo=N/A"),
+			replystr(ret.ret),
+			(unsigned long)arg->last_sno);
+    }
+
+    DPRINT("%s: request %s %s\n\tclprinc=`%s'\n\tsvcprinc=`%s'\n",
+	   whoami, obuf,
+	   ((kret == 0) ? "success" : error_message(kret)),
+	   client_name, service_name);
+
+    krb5_klog_syslog(LOG_NOTICE,
+		     _("Request: %s, %s, %s, client=%s, service=%s, addr=%s"),
+		     whoami,
+		     obuf,
+		     ((kret == 0) ? "success" : error_message(kret)),
+		     client_name, service_name,
+		     client_addr(rqstp->rq_xprt));
+
+out:
+    if (nofork)
+	debprret(whoami, ret.ret, ret.lastentry.last_sno);
+    free(client_name);
+    free(service_name);
+    return (&ret);
+}
+
+
+/*
+ * Given a client princ (foo/fqdn@R), copy (in arg cl) the fqdn substring.
+ * Return arg cl str ptr on success, else NULL.
+ */
+static char *
+getclhoststr(const char *clprinc, char *cl, size_t len)
+{
+    const char *s, *e;
+
+    if ((s = strchr(clprinc, '/')) == NULL || (e = strchr(++s, '@')) == NULL ||
+	(size_t)(e - s) >= len)
+	return NULL;
+    memcpy(cl, s, e - s);
+    cl[e - s] = '\0';
+    return (cl);
+}
+
+static kdb_fullresync_result_t *
+ipropx_resync(uint32_t vers, struct svc_req *rqstp)
+{
+    static kdb_fullresync_result_t ret;
+    char *ubuf = 0;
+    char clhost[NI_MAXHOST] = {0};
+    int pret, fret;
+    FILE *p;
+    kadm5_server_handle_t handle = global_server_handle;
+    char *client_name = NULL, *service_name = NULL;
+    char *whoami = "iprop_full_resync_1";
+
+    /*
+     * vers contains the highest version number the client is
+     * willing to accept. A client can always accept a lower
+     * version: the version number is indicated in the dump
+     * header.
+     */
+
+    /* default return code */
+    ret.ret = UPDATE_ERROR;
+
+    if (!handle) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("%s: server handle is NULL"),
+			 whoami);
+	goto out;
+    }
+
+    DPRINT("%s: start\n", whoami);
+
+    {
+	gss_buffer_desc client_desc, service_desc;
+
+	if (setup_gss_names(rqstp, &client_desc, &service_desc) < 0) {
+	    DPRINT("%s: setup_gss_names failed\n", whoami);
+	    krb5_klog_syslog(LOG_ERR,
+			     _("%s: setup_gss_names failed"),
+			     whoami);
+	    goto out;
+	}
+	client_name = buf_to_string(&client_desc);
+	service_name = buf_to_string(&service_desc);
+	if (client_name == NULL || service_name == NULL) {
+	    DPRINT("%s: out of memory\n", whoami);
+	    krb5_klog_syslog(LOG_ERR,
+			     _("%s: out of memory recording principal names"),
+			     whoami);
+	    goto out;
+	}
+    }
+
+    DPRINT("%s: clprinc=`%s'\n\tsvcprinc=`%s'\n",
+	    whoami, client_name, service_name);
+
+    if (!iprop_acl_check(handle->context, client_name)) {
+	ret.ret = UPDATE_PERM_DENIED;
+
+	DPRINT("%s: Permission denied\n", whoami);
+	krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
+			 client_name, service_name,
+			 client_addr(rqstp->rq_xprt));
+	goto out;
+    }
+
+    if (!getclhoststr(client_name, clhost, sizeof (clhost))) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("%s: getclhoststr failed"),
+			 whoami);
+	goto out;
+    }
+
+    /*
+     * Note the -i; modified version of kdb5_util dump format
+     * to include sno (serial number). This argument is now
+     * versioned (-i0 for legacy dump format, -i1 for ipropx
+     * version 1 format, etc).
+     *
+     * The -c option ("conditional") causes the dump to dump only if no
+     * dump already exists or that dump is not in ipropx format, or the
+     * sno and timestamp in the header of that dump are outside the
+     * ulog.  This allows us to share a single global dump with all
+     * replicas, since it's OK to share an older dump, as long as its
+     * sno and timestamp are in the ulog (then the replicas can get the
+     * subsequent updates very iprop).
+     */
+    if (asprintf(&ubuf, "%s -r %s dump -i%d -c %s", kdb5_util,
+		 handle->params.realm, vers, dump_file) < 0) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("%s: cannot construct kdb5 util dump string too long; out of memory"),
+			 whoami);
+	goto out;
+    }
+
+    /*
+     * Fork to dump the db and xfer it to the replica.
+     * (the fork allows parent to return quickly and the child
+     * acts like a callback to the replica).
+     */
+    fret = fork();
+    DPRINT("%s: fork=%d (%d)\n", whoami, fret, getpid());
+
+    switch (fret) {
+    case -1: /* error */
+	if (nofork) {
+	    perror(whoami);
+	}
+	DPRINT("%s: fork failed\n", whoami);
+	krb5_klog_syslog(LOG_ERR,
+			 _("%s: fork failed: %s"),
+			 whoami,
+			 error_message(errno));
+	goto out;
+
+    case 0: /* child */
+	DPRINT("%s: run `%s' ...\n", whoami, ubuf);
+	(void) signal(SIGCHLD, SIG_DFL);
+	/* run kdb5_util(1M) dump for IProp */
+	p = popen(ubuf, "w");
+	if (p == NULL) {
+	    krb5_klog_syslog(LOG_ERR,
+			     _("%s: popen failed: %s"),
+			     whoami, error_message(errno));
+	    _exit(1);
+	}
+	pret = pclose(p);
+	DPRINT("%s: pclose=%d\n", whoami, pret);
+	if (pret != 0) {
+	    /* XXX popen/pclose may not set errno
+	       properly, and the error could be from the
+	       subprocess anyways.  */
+	    if (nofork) {
+		perror(whoami);
+	    }
+	    krb5_klog_syslog(LOG_ERR,
+			     _("%s: pclose(popen) failed: %s"),
+			     whoami,
+			     error_message(errno));
+	    _exit(1);
+	}
+
+	if (kprop_port != NULL) {
+	    DPRINT("%s: exec `kprop -r %s -f %s -P %s %s' ...\n",
+		   whoami, handle->params.realm, dump_file, kprop_port,
+		   clhost);
+	    pret = execl(kprop, "kprop", "-r", handle->params.realm, "-f",
+			 dump_file, "-P", kprop_port, clhost, NULL);
+	} else {
+	    DPRINT("%s: exec `kprop -r %s -f %s %s' ...\n",
+		   whoami, handle->params.realm, dump_file, clhost);
+	    pret = execl(kprop, "kprop", "-r", handle->params.realm, "-f",
+			 dump_file, clhost, NULL);
+	}
+	perror(whoami);
+	krb5_klog_syslog(LOG_ERR,
+			 _("%s: exec failed: %s"),
+			 whoami,
+			 error_message(errno));
+	_exit(1);
+
+    default: /* parent */
+	ret.ret = UPDATE_OK;
+	/* not used by replica (sno is retrieved from kdb5_util dump) */
+	ret.lastentry.last_sno = 0;
+	ret.lastentry.last_time.seconds = 0;
+	ret.lastentry.last_time.useconds = 0;
+
+	DPRINT("%s: spawned resync process %d, client=%s, "
+		"service=%s, addr=%s\n", whoami, fret, client_name,
+		service_name, client_addr(rqstp->rq_xprt));
+	krb5_klog_syslog(LOG_NOTICE,
+			 _("Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"),
+			 whoami, fret,
+			 client_name, service_name,
+			 client_addr(rqstp->rq_xprt));
+
+	goto out;
+    }
+
+out:
+    if (nofork)
+	debprret(whoami, ret.ret, 0);
+    free(client_name);
+    free(service_name);
+    free(ubuf);
+    return (&ret);
+}
+
+kdb_fullresync_result_t *
+iprop_full_resync_1_svc(/* LINTED */ void *argp, struct svc_req *rqstp)
+{
+    return ipropx_resync(IPROPX_VERSION_0, rqstp);
+}
+
+kdb_fullresync_result_t *
+iprop_full_resync_ext_1_svc(uint32_t *argp, struct svc_req *rqstp)
+{
+    return ipropx_resync(*argp, rqstp);
+}
+
+static int
+check_iprop_rpcsec_auth(struct svc_req *rqstp)
+{
+    /* XXX Since the client can authenticate against any principal in
+       the database, we need to do a sanity check.  Only checking for
+       "kiprop" now, but that means theoretically the client could be
+       authenticating to kiprop on some other machine.  */
+    /* Code taken from kadm_rpc_svc.c, tweaked.  */
+
+     gss_ctx_id_t ctx;
+     krb5_context kctx;
+     OM_uint32 maj_stat, min_stat;
+     gss_name_t name;
+     krb5_principal princ;
+     int ret, success;
+     krb5_data *c1, *realm;
+     gss_buffer_desc gss_str;
+     kadm5_server_handle_t handle;
+     size_t slen;
+     char *sdots;
+
+     success = 0;
+     handle = (kadm5_server_handle_t)global_server_handle;
+
+     if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS)
+	  return 0;
+
+     ctx = rqstp->rq_svccred;
+
+     maj_stat = gss_inquire_context(&min_stat, ctx, NULL, &name,
+				    NULL, NULL, NULL, NULL, NULL);
+     if (maj_stat != GSS_S_COMPLETE) {
+	  krb5_klog_syslog(LOG_ERR,
+			   _("check_rpcsec_auth: failed inquire_context, "
+			     "stat=%u"), maj_stat);
+	  log_badauth(maj_stat, min_stat, rqstp->rq_xprt, NULL);
+	  goto fail_name;
+     }
+
+     kctx = handle->context;
+     ret = gss_to_krb5_name_1(rqstp, kctx, name, &princ, &gss_str);
+     if (ret == 0)
+	  goto fail_name;
+
+     slen = gss_str.length;
+     trunc_name(&slen, &sdots);
+     /*
+      * Since we accept with GSS_C_NO_NAME, the client can authenticate
+      * against the entire kdb.  Therefore, ensure that the service
+      * name is something reasonable.
+      */
+     if (krb5_princ_size(kctx, princ) != 2)
+	  goto fail_princ;
+
+     c1 = krb5_princ_component(kctx, princ, 0);
+     realm = krb5_princ_realm(kctx, princ);
+     if (strncmp(handle->params.realm, realm->data, realm->length) == 0
+	 && strncmp("kiprop", c1->data, c1->length) == 0) {
+	 success = 1;
+     }
+
+fail_princ:
+     if (!success) {
+	  krb5_klog_syslog(LOG_ERR, _("bad service principal %.*s%s"),
+			   (int) slen, (char *) gss_str.value, sdots);
+     }
+     gss_release_buffer(&min_stat, &gss_str);
+     krb5_free_principal(kctx, princ);
+fail_name:
+     gss_release_name(&min_stat, &name);
+     return success;
+}
+
+void
+krb5_iprop_prog_1(struct svc_req *rqstp,
+		  SVCXPRT *transp)
+{
+    union {
+	kdb_last_t iprop_get_updates_1_arg;
+    } argument;
+    void *result;
+    bool_t (*_xdr_argument)(), (*_xdr_result)();
+    void *(*local)(/* union XXX *, struct svc_req * */);
+    char *whoami = "krb5_iprop_prog_1";
+
+    if (!check_iprop_rpcsec_auth(rqstp)) {
+	krb5_klog_syslog(LOG_ERR, _("authentication attempt failed: %s, RPC "
+				    "authentication flavor %d"),
+			 client_addr(rqstp->rq_xprt),
+			 rqstp->rq_cred.oa_flavor);
+	svcerr_weakauth(transp);
+	return;
+    }
+
+    switch (rqstp->rq_proc) {
+    case NULLPROC:
+	(void) svc_sendreply(transp, xdr_void,
+			     (char *)NULL);
+	return;
+
+    case IPROP_GET_UPDATES:
+	_xdr_argument = xdr_kdb_last_t;
+	_xdr_result = xdr_kdb_incr_result_t;
+	local = (void *(*)()) iprop_get_updates_1_svc;
+	break;
+
+    case IPROP_FULL_RESYNC:
+	_xdr_argument = xdr_void;
+	_xdr_result = xdr_kdb_fullresync_result_t;
+	local = (void *(*)()) iprop_full_resync_1_svc;
+	break;
+
+    case IPROP_FULL_RESYNC_EXT:
+	_xdr_argument = xdr_u_int32;
+	_xdr_result = xdr_kdb_fullresync_result_t;
+	local = (void *(*)()) iprop_full_resync_ext_1_svc;
+	break;
+
+    default:
+	krb5_klog_syslog(LOG_ERR,
+			 _("RPC unknown request: %d (%s)"),
+			 rqstp->rq_proc, whoami);
+	svcerr_noproc(transp);
+	return;
+    }
+    (void) memset(&argument, 0, sizeof (argument));
+    if (!svc_getargs(transp, _xdr_argument, (caddr_t)&argument)) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("RPC svc_getargs failed (%s)"),
+			 whoami);
+	svcerr_decode(transp);
+	return;
+    }
+    result = (*local)(&argument, rqstp);
+
+    if (_xdr_result && result != NULL &&
+	!svc_sendreply(transp, _xdr_result, result)) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("RPC svc_sendreply failed (%s)"),
+			 whoami);
+	svcerr_systemerr(transp);
+    }
+    if (!svc_freeargs(transp, _xdr_argument, (caddr_t)&argument)) {
+	krb5_klog_syslog(LOG_ERR,
+			 _("RPC svc_freeargs failed (%s)"),
+			 whoami);
+
+	exit(1);
+    }
+
+    if (rqstp->rq_proc == IPROP_GET_UPDATES) {
+	/* LINTED */
+	kdb_incr_result_t *r = (kdb_incr_result_t *)result;
+
+	if (r->ret == UPDATE_OK) {
+	    ulog_free_entries(r->updates.kdb_ulog_t_val,
+			      r->updates.kdb_ulog_t_len);
+	    r->updates.kdb_ulog_t_val = NULL;
+	    r->updates.kdb_ulog_t_len = 0;
+	}
+    }
+
+}
diff --git a/krb5-1.21.3/src/kadmin/server/kadm_rpc_svc.c b/krb5-1.21.3/src/kadmin/server/kadm_rpc_svc.c
new file mode 100644
index 00000000..8371fa76
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/kadm_rpc_svc.c
@@ -0,0 +1,363 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ */
+
+#include <k5-int.h>
+#include <gssrpc/rpc.h>
+#include <gssapi/gssapi_krb5.h> /* for gss_nt_krb5_name */
+#include <syslog.h>
+#include <kadm5/kadm_rpc.h>
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include "misc.h"
+#include "kadm5/server_internal.h"
+
+extern void *global_server_handle;
+
+static int check_rpcsec_auth(struct svc_req *);
+
+/*
+ * Function: kadm_1
+ *
+ * Purpose: RPC processing procedure.
+ *	    originally generated from rpcgen
+ *
+ * Arguments:
+ *	rqstp		    (input) rpc request structure
+ *	transp		    (input) rpc transport structure
+ *	(input/output)
+ *	<return value>
+ *
+ * Requires:
+ * Effects:
+ * Modifies:
+ */
+
+void kadm_1(rqstp, transp)
+   struct svc_req *rqstp;
+   SVCXPRT *transp;
+{
+     union {
+	  cprinc_arg create_principal_2_arg;
+	  dprinc_arg delete_principal_2_arg;
+	  mprinc_arg modify_principal_2_arg;
+	  rprinc_arg rename_principal_2_arg;
+	  gprinc_arg get_principal_2_arg;
+	  chpass_arg chpass_principal_2_arg;
+	  chrand_arg chrand_principal_2_arg;
+	  cpol_arg create_policy_2_arg;
+	  dpol_arg delete_policy_2_arg;
+	  mpol_arg modify_policy_2_arg;
+	  gpol_arg get_policy_2_arg;
+	  setkey_arg setkey_principal_2_arg;
+	  cprinc3_arg create_principal3_2_arg;
+	  chpass3_arg chpass_principal3_2_arg;
+	  chrand3_arg chrand_principal3_2_arg;
+	  setkey3_arg setkey_principal3_2_arg;
+	  setkey4_arg setkey_principal4_2_arg;
+	  getpkeys_arg get_principal_keys_2_arg;
+     } argument;
+     union {
+	  generic_ret gen_ret;
+	  gprinc_ret get_principal_2_ret;
+	  chrand_ret chrand_principal_2_ret;
+	  gpol_ret get_policy_2_ret;
+	  getprivs_ret get_privs_2_ret;
+	  gprincs_ret get_princs_2_ret;
+	  gpols_ret get_pols_2_ret;
+	  chrand_ret chrand_principal3_2_ret;
+	  gstrings_ret get_string_2_ret;
+	  getpkeys_ret get_principal_keys_ret;
+     } result;
+     bool_t retval;
+     bool_t (*xdr_argument)(), (*xdr_result)();
+     bool_t (*local)();
+
+     if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI &&
+	 !check_rpcsec_auth(rqstp)) {
+	  krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, "
+			   "RPC authentication flavor %d",
+			   client_addr(rqstp->rq_xprt),
+			   rqstp->rq_cred.oa_flavor);
+	  svcerr_weakauth(transp);
+	  return;
+     }
+
+     switch (rqstp->rq_proc) {
+     case NULLPROC:
+	  (void) svc_sendreply(transp, xdr_void, (char *)NULL);
+	  return;
+
+     case CREATE_PRINCIPAL:
+	  xdr_argument = xdr_cprinc_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) create_principal_2_svc;
+	  break;
+
+     case DELETE_PRINCIPAL:
+	  xdr_argument = xdr_dprinc_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) delete_principal_2_svc;
+	  break;
+
+     case MODIFY_PRINCIPAL:
+	  xdr_argument = xdr_mprinc_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) modify_principal_2_svc;
+	  break;
+
+     case RENAME_PRINCIPAL:
+	  xdr_argument = xdr_rprinc_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) rename_principal_2_svc;
+	  break;
+
+     case GET_PRINCIPAL:
+	  xdr_argument = xdr_gprinc_arg;
+	  xdr_result = xdr_gprinc_ret;
+	  local = (bool_t (*)()) get_principal_2_svc;
+	  break;
+
+     case GET_PRINCS:
+	  xdr_argument = xdr_gprincs_arg;
+	  xdr_result = xdr_gprincs_ret;
+	  local = (bool_t (*)()) get_princs_2_svc;
+	  break;
+
+     case CHPASS_PRINCIPAL:
+	  xdr_argument = xdr_chpass_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) chpass_principal_2_svc;
+	  break;
+
+     case SETKEY_PRINCIPAL:
+	  xdr_argument = xdr_setkey_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) setkey_principal_2_svc;
+	  break;
+
+     case CHRAND_PRINCIPAL:
+	  xdr_argument = xdr_chrand_arg;
+	  xdr_result = xdr_chrand_ret;
+	  local = (bool_t (*)()) chrand_principal_2_svc;
+	  break;
+
+     case CREATE_POLICY:
+	  xdr_argument = xdr_cpol_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) create_policy_2_svc;
+	  break;
+
+     case DELETE_POLICY:
+	  xdr_argument = xdr_dpol_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) delete_policy_2_svc;
+	  break;
+
+     case MODIFY_POLICY:
+	  xdr_argument = xdr_mpol_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) modify_policy_2_svc;
+	  break;
+
+     case GET_POLICY:
+	  xdr_argument = xdr_gpol_arg;
+	  xdr_result = xdr_gpol_ret;
+	  local = (bool_t (*)()) get_policy_2_svc;
+	  break;
+
+     case GET_POLS:
+	  xdr_argument = xdr_gpols_arg;
+	  xdr_result = xdr_gpols_ret;
+	  local = (bool_t (*)()) get_pols_2_svc;
+	  break;
+
+     case GET_PRIVS:
+	  xdr_argument = xdr_u_int32;
+	  xdr_result = xdr_getprivs_ret;
+	  local = (bool_t (*)()) get_privs_2_svc;
+	  break;
+
+     case INIT:
+	  xdr_argument = xdr_u_int32;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) init_2_svc;
+	  break;
+
+     case CREATE_PRINCIPAL3:
+	  xdr_argument = xdr_cprinc3_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) create_principal3_2_svc;
+	  break;
+
+     case CHPASS_PRINCIPAL3:
+	  xdr_argument = xdr_chpass3_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) chpass_principal3_2_svc;
+	  break;
+
+     case CHRAND_PRINCIPAL3:
+	  xdr_argument = xdr_chrand3_arg;
+	  xdr_result = xdr_chrand_ret;
+	  local = (bool_t (*)()) chrand_principal3_2_svc;
+	  break;
+
+     case SETKEY_PRINCIPAL3:
+	  xdr_argument = xdr_setkey3_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) setkey_principal3_2_svc;
+	  break;
+
+     case PURGEKEYS:
+	  xdr_argument = xdr_purgekeys_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) purgekeys_2_svc;
+	  break;
+
+     case GET_STRINGS:
+	  xdr_argument = xdr_gstrings_arg;
+	  xdr_result = xdr_gstrings_ret;
+	  local = (bool_t (*)()) get_strings_2_svc;
+	  break;
+
+     case SET_STRING:
+	  xdr_argument = xdr_sstring_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) set_string_2_svc;
+	  break;
+
+     case SETKEY_PRINCIPAL4:
+	  xdr_argument = xdr_setkey4_arg;
+	  xdr_result = xdr_generic_ret;
+	  local = (bool_t (*)()) setkey_principal4_2_svc;
+	  break;
+
+     case EXTRACT_KEYS:
+	  xdr_argument = xdr_getpkeys_arg;
+	  xdr_result = xdr_getpkeys_ret;
+	  local = (bool_t (*)()) get_principal_keys_2_svc;
+	  break;
+
+     default:
+	  krb5_klog_syslog(LOG_ERR, "Invalid KADM5 procedure number: %s, %d",
+			   client_addr(rqstp->rq_xprt), rqstp->rq_proc);
+	  svcerr_noproc(transp);
+	  return;
+     }
+     memset(&argument, 0, sizeof(argument));
+     if (!svc_getargs(transp, xdr_argument, &argument)) {
+	  svcerr_decode(transp);
+	  return;
+     }
+     memset(&result, 0, sizeof(result));
+     retval = (*local)(&argument, &result, rqstp);
+     if (retval && !svc_sendreply(transp, xdr_result, (void *)&result)) {
+	  krb5_klog_syslog(LOG_ERR, "WARNING! Unable to send function results, "
+		 "continuing.");
+	  svcerr_systemerr(transp);
+     }
+     if (!svc_freeargs(transp, xdr_argument, &argument)) {
+	  krb5_klog_syslog(LOG_ERR, "WARNING! Unable to free arguments, "
+		 "continuing.");
+     }
+     if (!svc_freeargs(transp, xdr_result, &result)) {
+	  krb5_klog_syslog(LOG_ERR, "WARNING! Unable to free results, "
+		 "continuing.");
+     }
+     return;
+}
+
+static int
+check_rpcsec_auth(struct svc_req *rqstp)
+{
+     gss_ctx_id_t ctx;
+     krb5_context kctx;
+     OM_uint32 maj_stat, min_stat;
+     gss_name_t name;
+     krb5_principal princ;
+     int ret, success;
+     krb5_data *c1, *c2, *realm;
+     gss_buffer_desc gss_str;
+     kadm5_server_handle_t handle;
+     size_t slen;
+     char *sdots;
+
+     success = 0;
+     handle = (kadm5_server_handle_t)global_server_handle;
+
+     if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS)
+	  return 0;
+
+     ctx = rqstp->rq_svccred;
+
+     maj_stat = gss_inquire_context(&min_stat, ctx, NULL, &name,
+				    NULL, NULL, NULL, NULL, NULL);
+     if (maj_stat != GSS_S_COMPLETE) {
+	  krb5_klog_syslog(LOG_ERR, _("check_rpcsec_auth: failed "
+				      "inquire_context, stat=%u"), maj_stat);
+	  log_badauth(maj_stat, min_stat, rqstp->rq_xprt, NULL);
+	  goto fail_name;
+     }
+
+     kctx = handle->context;
+     ret = gss_to_krb5_name_1(rqstp, kctx, name, &princ, &gss_str);
+     if (ret == 0)
+	  goto fail_name;
+
+     slen = gss_str.length;
+     trunc_name(&slen, &sdots);
+     /*
+      * Since we accept with GSS_C_NO_NAME, the client can authenticate
+      * against the entire kdb.  Therefore, ensure that the service
+      * name is something reasonable.
+      */
+     if (krb5_princ_size(kctx, princ) != 2)
+	  goto fail_princ;
+
+     c1 = krb5_princ_component(kctx, princ, 0);
+     c2 = krb5_princ_component(kctx, princ, 1);
+     realm = krb5_princ_realm(kctx, princ);
+     success = data_eq_string(*realm, handle->params.realm) &&
+	     data_eq_string(*c1, "kadmin") && !data_eq_string(*c2, "history");
+
+fail_princ:
+     if (!success) {
+	 krb5_klog_syslog(LOG_ERR, _("bad service principal %.*s%s"),
+			  (int) slen, (char *) gss_str.value, sdots);
+     }
+     gss_release_buffer(&min_stat, &gss_str);
+     krb5_free_principal(kctx, princ);
+fail_name:
+     gss_release_name(&min_stat, &name);
+     return success;
+}
+
+int
+gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name,
+		   krb5_principal *princ, gss_buffer_t gss_str)
+{
+     OM_uint32 status, minor_stat;
+     gss_OID gss_type;
+     char *str;
+     int success;
+
+     status = gss_display_name(&minor_stat, gss_name, gss_str, &gss_type);
+     if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name)) {
+	  krb5_klog_syslog(LOG_ERR, _("gss_to_krb5_name: failed display_name "
+				      "status %d"), status);
+	  log_badauth(status, minor_stat, rqstp->rq_xprt, NULL);
+	  return 0;
+     }
+     str = malloc(gss_str->length +1);
+     if (str == NULL)
+	  return 0;
+     *str = '\0';
+
+     strncat(str, gss_str->value, gss_str->length);
+     success = (krb5_parse_name(ctx, str, princ) == 0);
+     free(str);
+     return success;
+}
diff --git a/krb5-1.21.3/src/kadmin/server/misc.c b/krb5-1.21.3/src/kadmin/server/misc.c
new file mode 100644
index 00000000..2d596e27
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/misc.c
@@ -0,0 +1,175 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+#include    <k5-int.h>
+#include    <kdb.h>
+#include    <kadm5/server_internal.h>
+#include    "misc.h"
+#include    "auth.h"
+#include    "net-server.h"
+kadm5_ret_t
+schpw_util_wrapper(void *server_handle,
+                   krb5_principal client,
+                   krb5_principal target,
+                   krb5_boolean initial_flag,
+                   char *new_pw, char **ret_pw,
+                   char *msg_ret, unsigned int msg_len)
+{
+    kadm5_ret_t                 ret;
+    kadm5_server_handle_t       handle = server_handle;
+
+    /*
+     * If no target is explicitly provided, then the target principal
+     * is the client principal.
+     */
+    if (target == NULL)
+        target = client;
+
+    /* If the client is changing its own password, require it to use an initial
+     * ticket, and enforce the policy min_life. */
+    if (krb5_principal_compare(handle->context, client, target)) {
+        if (!initial_flag) {
+            strlcpy(msg_ret, "Ticket must be derived from a password",
+                    msg_len);
+            return KADM5_AUTH_INITIAL;
+        }
+
+        ret = check_min_life(server_handle, target, msg_ret, msg_len);
+        if (ret != 0)
+            return ret;
+    }
+
+    if (auth(handle->context, OP_CPW, client, target,
+             NULL, NULL, NULL, NULL, 0)) {
+        ret = kadm5_chpass_principal_util(server_handle,
+                                          target,
+                                          new_pw, ret_pw,
+                                          msg_ret, msg_len);
+    } else {
+        ret = KADM5_AUTH_CHANGEPW;
+        strlcpy(msg_ret, "Unauthorized request", msg_len);
+    }
+
+    return ret;
+}
+
+kadm5_ret_t
+check_min_life(void *server_handle, krb5_principal principal,
+               char *msg_ret, unsigned int msg_len)
+{
+    krb5_timestamp              now;
+    kadm5_ret_t                 ret;
+    kadm5_policy_ent_rec        pol;
+    kadm5_principal_ent_rec     princ;
+    kadm5_server_handle_t       handle = server_handle;
+
+    if (msg_ret != NULL)
+        *msg_ret = '\0';
+
+    ret = krb5_timeofday(handle->context, &now);
+    if (ret)
+        return ret;
+
+    ret = kadm5_get_principal(handle->lhandle, principal,
+                              &princ, KADM5_PRINCIPAL_NORMAL_MASK);
+    if(ret)
+        return ret;
+    if(princ.aux_attributes & KADM5_POLICY) {
+        /* Look up the policy.  If it doesn't exist, treat this principal as if
+         * it had no policy. */
+        if((ret=kadm5_get_policy(handle->lhandle,
+                                 princ.policy, &pol)) != KADM5_OK) {
+            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+            return (ret == KADM5_UNK_POLICY) ? 0 : ret;
+        }
+        if(ts_delta(now, princ.last_pwd_change) < pol.pw_min_life &&
+           !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+            if (msg_ret != NULL) {
+                time_t until;
+                char *time_string, *ptr;
+                const char *errstr;
+
+                until = princ.last_pwd_change + pol.pw_min_life;
+
+                time_string = ctime(&until);
+                if (time_string == NULL)
+                    time_string = "(error)";
+                errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
+
+                if (strlen(errstr) + strlen(time_string) < msg_len) {
+                    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+                        *ptr = '\0';
+                    snprintf(msg_ret, msg_len, errstr, time_string);
+                }
+            }
+
+            (void) kadm5_free_policy_ent(handle->lhandle, &pol);
+            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+            return KADM5_PASS_TOOSOON;
+        }
+
+        ret = kadm5_free_policy_ent(handle->lhandle, &pol);
+        if (ret) {
+            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+            return ret;
+        }
+    }
+
+    return kadm5_free_principal_ent(handle->lhandle, &princ);
+}
+
+#define MAXPRINCLEN 125
+
+void
+trunc_name(size_t *len, char **dots)
+{
+    *dots = *len > MAXPRINCLEN ? "..." : "";
+    *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len;
+}
+
+krb5_error_code
+make_toolong_error (void *handle, krb5_data **out)
+{
+    krb5_error errpkt;
+    krb5_error_code retval;
+    krb5_data *scratch;
+    kadm5_server_handle_t server_handle = *(void **)handle;
+
+    retval = krb5_us_timeofday(server_handle->context, &errpkt.stime, &errpkt.susec);
+    if (retval)
+        return retval;
+    errpkt.error = KRB_ERR_FIELD_TOOLONG;
+    retval = krb5_build_principal(server_handle->context, &errpkt.server,
+                                  strlen(server_handle->params.realm),
+                                  server_handle->params.realm,
+                                  "kadmin", "changepw", NULL);
+    if (retval)
+        return retval;
+    errpkt.client = NULL;
+    errpkt.cusec = 0;
+    errpkt.ctime = 0;
+    errpkt.text.length = 0;
+    errpkt.text.data = 0;
+    errpkt.e_data.length = 0;
+    errpkt.e_data.data = 0;
+    scratch = malloc(sizeof(*scratch));
+    if (scratch == NULL)
+        return ENOMEM;
+    retval = krb5_mk_error(server_handle->context, &errpkt, scratch);
+    if (retval) {
+        free(scratch);
+        return retval;
+    }
+
+    *out = scratch;
+    return 0;
+}
+
+krb5_context get_context(void *handle)
+{
+    kadm5_server_handle_t server_handle = *(void **)handle;
+    return server_handle->context;
+}
diff --git a/krb5-1.21.3/src/kadmin/server/misc.h b/krb5-1.21.3/src/kadmin/server/misc.h
new file mode 100644
index 00000000..3a112a0b
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/misc.h
@@ -0,0 +1,54 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+#ifndef _MISC_H
+#define _MISC_H 1
+
+#include "net-server.h"         /* for krb5_fulladdr */
+
+int
+setup_gss_names(struct svc_req *, gss_buffer_desc *,
+                gss_buffer_desc *);
+
+kadm5_ret_t
+schpw_util_wrapper(void *server_handle, krb5_principal client,
+                   krb5_principal target, krb5_boolean initial_flag,
+                   char *new_pw, char **ret_pw,
+                   char *msg_ret, unsigned int msg_len);
+
+kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
+                           char *msg_ret, unsigned int msg_len);
+
+void kadm_1(struct svc_req *, SVCXPRT *);
+void krb5_iprop_prog_1(struct svc_req *, SVCXPRT *);
+
+void trunc_name(size_t *len, char **dots);
+
+int
+gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name,
+                   krb5_principal *princ, gss_buffer_t gss_str);
+
+
+void reset_db(void);
+
+void log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data);
+
+const char *client_addr(SVCXPRT *xprt);
+
+/* network.c */
+#include "net-server.h"
+
+
+void
+krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp);
+
+kadm5_ret_t
+kiprop_get_adm_host_srv_name(krb5_context,
+                             const char *,
+                             char **);
+
+
+#endif /* _MISC_H */
diff --git a/krb5-1.21.3/src/kadmin/server/ovsec_kadmd.c b/krb5-1.21.3/src/kadmin/server/ovsec_kadmd.c
new file mode 100644
index 00000000..b29a0f5b
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/ovsec_kadmd.c
@@ -0,0 +1,562 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <k5-platform.h>
+#include <errno.h>
+#include <locale.h>
+#include <stdio.h>
+#include <signal.h>
+#include <syslog.h>
+#include <sys/types.h>
+#ifdef _AIX
+#include <sys/select.h>
+#endif
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <gssrpc/rpc.h>
+#include <gssapi/gssapi.h>
+#include "gssapiP_krb5.h" /* for kg_get_context */
+#include <gssrpc/auth_gssapi.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include <adm_proto.h>
+#include "kdb_kt.h"  /* for krb5_ktkdb_set_context */
+#include <string.h>
+#include <kdb_log.h>
+
+#include "misc.h"
+#include "auth.h"
+
+#if defined(NEED_DAEMON_PROTO)
+int daemon(int, int);
+#endif
+
+#define TIMEOUT 15
+
+gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
+void *global_server_handle;
+int nofork = 0;
+char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
+char *kprop = KPROPD_DEFAULT_KPROP;
+char *dump_file = KPROP_DEFAULT_FILE;
+char *kprop_port = NULL;
+
+static krb5_context context;
+static char *progname;
+
+static void
+usage()
+{
+    fprintf(stderr, _("Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] "
+                      "[-port port-number]\n"
+                      "\t\t[-proponly] [-p path-to-kdb5_util] [-F dump-file]\n"
+                      "\t\t[-K path-to-kprop] [-k kprop-port] [-P pid_file]\n"
+                      "\nwhere,\n\t[-x db_args]* - any number of database "
+                      "specific arguments.\n"
+                      "\t\t\tLook at each database documentation for "
+                      "supported arguments\n"));
+    exit(1);
+}
+
+/*
+ * Output a message to stderr and the admin server log, and exit with status 1.
+ * msg should not be punctuated.  If code is given, msg should indicate what
+ * operation was taking place in the present progressive.  Otherwise msg should
+ * be capitalized and should indicate what went wrong.
+ */
+static void
+fail_to_start(krb5_error_code code, const char *msg)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(context, code);
+        fprintf(stderr, _("%s: %s while %s, aborting\n"), progname, errmsg,
+                msg);
+        krb5_klog_syslog(LOG_ERR, _("%s while %s, aborting\n"), errmsg, msg);
+    } else {
+        fprintf(stderr, _("%s: %s, aborting\n"), progname, msg);
+        krb5_klog_syslog(LOG_ERR, _("%s, aborting"), msg);
+    }
+    exit(1);
+}
+
+static int
+write_pid_file(const char *pid_file)
+{
+    FILE *file;
+    unsigned long pid;
+    int st1, st2;
+
+    file = fopen(pid_file, "w");
+    if (file == NULL)
+        return errno;
+    pid = (unsigned long)getpid();
+    st1 = (fprintf(file, "%ld\n", pid) < 0) ? errno : 0;
+    st2 = (fclose(file) == EOF) ? errno : 0;
+    return st1 ? st1 : st2;
+}
+
+/* Set up the main loop.  If proponly is set, don't set up ports for kpasswd or
+ * kadmin.  May set *ctx_out even on error. */
+static krb5_error_code
+setup_loop(kadm5_config_params *params, int proponly, verto_ctx **ctx_out)
+{
+    krb5_error_code ret;
+    verto_ctx *ctx;
+
+    *ctx_out = ctx = loop_init(VERTO_EV_TYPE_SIGNAL);
+    if (ctx == NULL)
+        return ENOMEM;
+    ret = loop_setup_signals(ctx, &global_server_handle, NULL);
+    if (ret)
+        return ret;
+    if (!proponly) {
+        ret = loop_add_udp_address(params->kpasswd_port,
+                                   params->kpasswd_listen);
+        if (ret)
+            return ret;
+        ret = loop_add_tcp_address(params->kpasswd_port,
+                                   params->kpasswd_listen);
+        if (ret)
+            return ret;
+        ret = loop_add_rpc_service(params->kadmind_port,
+                                   params->kadmind_listen,
+                                   KADM, KADMVERS, kadm_1);
+        if (ret)
+            return ret;
+    }
+#ifndef DISABLE_IPROP
+    if (params->iprop_enabled) {
+        ret = loop_add_rpc_service(params->iprop_port, params->iprop_listen,
+                                   KRB5_IPROP_PROG, KRB5_IPROP_VERS,
+                                   krb5_iprop_prog_1);
+        if (ret)
+            return ret;
+    }
+#endif
+    return loop_setup_network(ctx, &global_server_handle, progname,
+                              DEFAULT_TCP_LISTEN_BACKLOG);
+}
+
+/* Point GSSAPI at the KDB keytab so we don't need an actual file keytab. */
+static krb5_error_code
+setup_kdb_keytab()
+{
+    krb5_error_code ret;
+
+    ret = krb5_ktkdb_set_context(context);
+    if (ret)
+        return ret;
+    ret = krb5_db_register_keytab(context);
+    if (ret)
+        return ret;
+    return krb5_gss_register_acceptor_identity("KDB:");
+}
+
+
+/* Return "name@realm". */
+static char *
+build_princ_name(char *name, char *realm)
+{
+    char *fullname;
+
+    if (asprintf(&fullname, "%s@%s", name, realm) < 0)
+        return NULL;
+    return fullname;
+}
+
+/* Callback from GSSRPC for garbled/forged/replayed/etc messages. */
+static void
+log_badverf(gss_name_t client_name, gss_name_t server_name,
+            struct svc_req *rqst, struct rpc_msg *msg, char *data)
+{
+    static const struct {
+        rpcproc_t proc;
+        const char *proc_name;
+    } proc_names[] = {
+        {1, "CREATE_PRINCIPAL"},
+        {2, "DELETE_PRINCIPAL"},
+        {3, "MODIFY_PRINCIPAL"},
+        {4, "RENAME_PRINCIPAL"},
+        {5, "GET_PRINCIPAL"},
+        {6, "CHPASS_PRINCIPAL"},
+        {7, "CHRAND_PRINCIPAL"},
+        {8, "CREATE_POLICY"},
+        {9, "DELETE_POLICY"},
+        {10, "MODIFY_POLICY"},
+        {11, "GET_POLICY"},
+        {12, "GET_PRIVS"},
+        {13, "INIT"},
+        {14, "GET_PRINCS"},
+        {15, "GET_POLS"},
+        {16, "SETKEY_PRINCIPAL"},
+        /* 17 was "SETV4KEY_PRINCIPAL" */
+        {18, "CREATE_PRINCIPAL3"},
+        {19, "CHPASS_PRINCIPAL3"},
+        {20, "CHRAND_PRINCIPAL3"},
+        {21, "SETKEY_PRINCIPAL3"},
+        {22, "PURGEKEYS"},
+        {23, "GET_STRINGS"},
+        {24, "SET_STRING"}
+    };
+    OM_uint32 minor;
+    gss_buffer_desc client, server;
+    gss_OID gss_type;
+    const char *a;
+    rpcproc_t proc;
+    unsigned int i;
+    const char *procname;
+    size_t clen, slen;
+    char *cdots, *sdots;
+
+    client.length = 0;
+    client.value = NULL;
+    server.length = 0;
+    server.value = NULL;
+
+    (void)gss_display_name(&minor, client_name, &client, &gss_type);
+    (void)gss_display_name(&minor, server_name, &server, &gss_type);
+    if (client.value == NULL) {
+        client.value = "(null)";
+        clen = sizeof("(null)") - 1;
+    } else {
+        clen = client.length;
+    }
+    trunc_name(&clen, &cdots);
+    if (server.value == NULL) {
+        server.value = "(null)";
+        slen = sizeof("(null)") - 1;
+    } else {
+        slen = server.length;
+    }
+    trunc_name(&slen, &sdots);
+    a = client_addr(rqst->rq_xprt);
+
+    proc = msg->rm_call.cb_proc;
+    procname = NULL;
+    for (i = 0; i < sizeof(proc_names) / sizeof(*proc_names); i++) {
+        if (proc_names[i].proc == proc) {
+            procname = proc_names[i].proc_name;
+            break;
+        }
+    }
+    if (procname != NULL) {
+        krb5_klog_syslog(LOG_NOTICE,
+                         _("WARNING! Forged/garbled request: %s, claimed "
+                           "client = %.*s%s, server = %.*s%s, addr = %s"),
+                         procname, (int)clen, (char *)client.value, cdots,
+                         (int)slen, (char *)server.value, sdots, a);
+    } else {
+        krb5_klog_syslog(LOG_NOTICE,
+                         _("WARNING! Forged/garbled request: %d, claimed "
+                           "client = %.*s%s, server = %.*s%s, addr = %s"),
+                         proc, (int)clen, (char *)client.value, cdots,
+                         (int)slen, (char *)server.value, sdots, a);
+    }
+
+    (void)gss_release_buffer(&minor, &client);
+    (void)gss_release_buffer(&minor, &server);
+}
+
+/* Callback from GSSRPC for miscellaneous errors */
+static void
+log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, char *error, char *data)
+{
+    krb5_klog_syslog(LOG_NOTICE, _("Miscellaneous RPC error: %s, %s"),
+                     client_addr(rqst->rq_xprt), error);
+}
+
+static void
+log_badauth_display_status_1(char *m, OM_uint32 code, int type)
+{
+    OM_uint32 gssstat, minor_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        gssstat = gss_display_status(&minor_stat, code, type, GSS_C_NULL_OID,
+                                     &msg_ctx, &msg);
+        if (gssstat != GSS_S_COMPLETE) {
+            krb5_klog_syslog(LOG_ERR, _("%s Cannot decode status %d"), m,
+                             (int)code);
+            return;
+        }
+
+        krb5_klog_syslog(LOG_NOTICE, "%s %.*s", m, (int)msg.length,
+                         (char *)msg.value);
+        (void)gss_release_buffer(&minor_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
+}
+
+/* Callback from GSSRPC for authentication failures */
+void
+log_badauth(OM_uint32 major, OM_uint32 minor, SVCXPRT *xprt, char *data)
+{
+    krb5_klog_syslog(LOG_NOTICE, _("Authentication attempt failed: %s, "
+                                   "GSS-API error strings are:"),
+                     client_addr(xprt));
+    log_badauth_display_status_1("   ", major, GSS_C_GSS_CODE);
+    log_badauth_display_status_1("   ", minor, GSS_C_MECH_CODE);
+    krb5_klog_syslog(LOG_NOTICE, _("   GSS-API error strings complete."));
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor_status;
+    gss_buffer_desc in_buf;
+    gss_OID nt_krb5_name_oid = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
+    auth_gssapi_name names[4];
+    kadm5_config_params params;
+    verto_ctx *vctx;
+    const char *pid_file = NULL;
+    char **db_args = NULL, **tmpargs;
+    const char *acl_file;
+    int ret, i, db_args_size = 0, proponly = 0;
+
+    setlocale(LC_ALL, "");
+    setvbuf(stderr, NULL, _IONBF, 0);
+
+    names[0].name = names[1].name = names[2].name = names[3].name = NULL;
+    names[0].type = names[1].type = names[2].type = names[3].type =
+        nt_krb5_name_oid;
+
+    progname = (strrchr(argv[0], '/') != NULL) ? strrchr(argv[0], '/') + 1 :
+        argv[0];
+
+    memset(&params, 0, sizeof(params));
+
+    argc--, argv++;
+    while (argc) {
+        if (strcmp(*argv, "-x") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            db_args_size++;
+            tmpargs = realloc(db_args, sizeof(char *) * (db_args_size + 1));
+            if (tmpargs == NULL) {
+                fprintf(stderr, _("%s: cannot initialize. Not enough "
+                                  "memory\n"), progname);
+                exit(1);
+            }
+            db_args = tmpargs;
+            db_args[db_args_size - 1] = *argv;
+            db_args[db_args_size] = NULL;
+        } else if (strcmp(*argv, "-r") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            params.realm = *argv;
+            params.mask |= KADM5_CONFIG_REALM;
+            argc--, argv++;
+            continue;
+        } else if (strcmp(*argv, "-m") == 0) {
+            params.mkey_from_kbd = 1;
+            params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else if (strcmp(*argv, "-nofork") == 0) {
+            nofork = 1;
+#ifndef DISABLE_IPROP
+        } else if (strcmp(*argv, "-proponly") == 0) {
+            proponly = 1;
+#endif
+        } else if (strcmp(*argv, "-port") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            params.kadmind_port = atoi(*argv);
+            params.mask |= KADM5_CONFIG_KADMIND_PORT;
+        } else if (strcmp(*argv, "-P") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            pid_file = *argv;
+        } else if (strcmp(*argv, "-W") == 0) {
+            /* Ignore (deprecated weak random option). */
+        } else if (strcmp(*argv, "-p") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            kdb5_util = *argv;
+        } else if (strcmp(*argv, "-F") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            dump_file = *argv;
+        } else if (strcmp(*argv, "-K") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            kprop = *argv;
+        } else if (strcmp(*argv, "-k") == 0) {
+            argc--, argv++;
+            if (!argc)
+                usage();
+            kprop_port = *argv;
+        } else {
+            break;
+        }
+        argc--, argv++;
+    }
+
+    if (argc != 0)
+        usage();
+
+    ret = kadm5_init_krb5_context(&context);
+    if (ret) {
+        fprintf(stderr, _("%s: %s while initializing context, aborting\n"),
+                progname, error_message(ret));
+        exit(1);
+    }
+
+    krb5_klog_init(context, "admin_server", progname, 1);
+
+    ret = kadm5_init(context, "kadmind", NULL, NULL, &params,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, db_args,
+                     &global_server_handle);
+    if (ret)
+        fail_to_start(ret, _("initializing"));
+
+    ret = kadm5_get_config_params(context, 1, &params, &params);
+    if (ret)
+        fail_to_start(ret, _("getting config parameters"));
+    if (!(params.mask & KADM5_CONFIG_REALM))
+        fail_to_start(0, _("Missing required realm configuration"));
+    if (!(params.mask & KADM5_CONFIG_ACL_FILE))
+        fail_to_start(0, _("Missing required ACL file configuration"));
+    if (proponly && !params.iprop_enabled) {
+        fail_to_start(0, _("-proponly can only be used when "
+                           "iprop_enable is true"));
+    }
+
+    ret = setup_loop(&params, proponly, &vctx);
+    if (ret)
+        fail_to_start(ret, _("initializing network"));
+
+    names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
+    names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
+    if (names[0].name == NULL || names[1].name == NULL)
+        fail_to_start(0, _("Cannot build GSSAPI auth names"));
+
+    ret = setup_kdb_keytab();
+    if (ret)
+        fail_to_start(0, _("Cannot set up KDB keytab"));
+
+    if (svcauth_gssapi_set_names(names, 2) == FALSE)
+        fail_to_start(0, _("Cannot set GSSAPI authentication names"));
+
+    /* if set_names succeeded, this will too */
+    in_buf.value = names[1].name;
+    in_buf.length = strlen(names[1].name) + 1;
+    (void)gss_import_name(&minor_status, &in_buf, nt_krb5_name_oid,
+                          &gss_changepw_name);
+
+    svcauth_gssapi_set_log_badauth2_func(log_badauth, NULL);
+    svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
+    svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
+
+    svcauth_gss_set_log_badauth2_func(log_badauth, NULL);
+    svcauth_gss_set_log_badverf_func(log_badverf, NULL);
+    svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
+
+    if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE)
+        fail_to_start(0, _("Cannot initialize GSSAPI service name"));
+
+    acl_file = (*params.acl_file != '\0') ? params.acl_file : NULL;
+    ret = auth_init(context, acl_file);
+    if (ret)
+        fail_to_start(ret, _("initializing ACL file"));
+
+    /* Since some KDB modules are not fork-safe, we must reinitialize the
+     * server handle after daemonizing. */
+    kadm5_destroy(global_server_handle);
+    global_server_handle = NULL;
+
+    if (!nofork && daemon(0, 0) != 0)
+        fail_to_start(errno, _("spawning daemon process"));
+    if (pid_file != NULL) {
+        ret = write_pid_file(pid_file);
+        if (ret)
+            fail_to_start(ret, _("creating PID file"));
+    }
+
+    ret = kadm5_init(context, "kadmind", NULL, NULL, &params,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, db_args,
+                     &global_server_handle);
+    if (ret)
+        fail_to_start(ret, _("initializing"));
+
+    if (params.iprop_enabled == TRUE) {
+        ulog_set_role(context, IPROP_PRIMARY);
+
+        ret = ulog_map(context, params.iprop_logfile, params.iprop_ulogsize);
+        if (ret)
+            fail_to_start(ret, _("mapping update log"));
+
+        if (nofork) {
+            fprintf(stderr,
+                    _("%s: create IPROP svc (PROG=%d, VERS=%d)\n"),
+                    progname, KRB5_IPROP_PROG, KRB5_IPROP_VERS);
+        }
+    }
+
+    if (kprop_port == NULL)
+        kprop_port = getenv("KPROP_PORT");
+
+    krb5_klog_syslog(LOG_INFO, _("starting"));
+    if (nofork)
+        fprintf(stderr, _("%s: starting...\n"), progname);
+
+    verto_run(vctx);
+    krb5_klog_syslog(LOG_INFO, _("finished, exiting"));
+
+    /* Clean up memory, etc */
+    svcauth_gssapi_unset_names();
+    kadm5_destroy(global_server_handle);
+    loop_free(vctx);
+    auth_fini(context);
+    (void)gss_release_name(&minor_status, &gss_changepw_name);
+    (void)gss_release_name(&minor_status, &gss_oldchangepw_name);
+    for (i = 0; i < 4; i++)
+        free(names[i].name);
+
+    krb5_klog_close(context);
+    krb5_free_context(context);
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/kadmin/server/schpw.c b/krb5-1.21.3/src/kadmin/server/schpw.c
new file mode 100644
index 00000000..00465657
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/schpw.c
@@ -0,0 +1,469 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include <syslog.h>
+#include <adm_proto.h>  /* krb5_klog_syslog */
+#include <stdio.h>
+#include <errno.h>
+
+#include "kadm5/server_internal.h" /* XXX for kadm5_server_handle_t */
+
+#include "misc.h"
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+#define RFC3244_VERSION 0xff80
+
+static krb5_error_code
+process_chpw_request(krb5_context context, void *server_handle, char *realm,
+                     krb5_keytab keytab, const krb5_fulladdr *local_addr,
+                     const krb5_fulladdr *remote_addr, krb5_data *req,
+                     krb5_data *rep)
+{
+    krb5_error_code ret;
+    char *ptr;
+    unsigned int plen, vno;
+    krb5_data ap_req, ap_rep = empty_data();
+    krb5_data cipher = empty_data(), clear = empty_data();
+    krb5_auth_context auth_context = NULL;
+    krb5_principal changepw = NULL;
+    krb5_principal client, target = NULL;
+    krb5_ticket *ticket = NULL;
+    krb5_replay_data replay;
+    krb5_error krberror;
+    int numresult;
+    char strresult[1024];
+    char *clientstr = NULL, *targetstr = NULL;
+    const char *errmsg = NULL;
+    size_t clen;
+    char *cdots;
+    struct sockaddr_storage ss;
+    socklen_t salen;
+    char addrbuf[100];
+    krb5_address *addr = remote_addr->address;
+
+    *rep = empty_data();
+
+    if (req->length < 4) {
+        /* either this, or the server is printing bad messages,
+           or the caller passed in garbage */
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        numresult = KRB5_KPASSWD_MALFORMED;
+        strlcpy(strresult, "Request was truncated", sizeof(strresult));
+        goto bailout;
+    }
+
+    ptr = req->data;
+
+    /* verify length */
+
+    plen = (*ptr++ & 0xff);
+    plen = (plen<<8) | (*ptr++ & 0xff);
+
+    if (plen != req->length) {
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        numresult = KRB5_KPASSWD_MALFORMED;
+        strlcpy(strresult, "Request length was inconsistent",
+                sizeof(strresult));
+        goto bailout;
+    }
+
+    /* verify version number */
+
+    vno = (*ptr++ & 0xff) ;
+    vno = (vno<<8) | (*ptr++ & 0xff);
+
+    if (vno != 1 && vno != RFC3244_VERSION) {
+        ret = KRB5KDC_ERR_BAD_PVNO;
+        numresult = KRB5_KPASSWD_BAD_VERSION;
+        snprintf(strresult, sizeof(strresult),
+                 "Request contained unknown protocol version number %d", vno);
+        goto bailout;
+    }
+
+    /* read, check ap-req length */
+
+    ap_req.length = (*ptr++ & 0xff);
+    ap_req.length = (ap_req.length<<8) | (*ptr++ & 0xff);
+
+    if (ptr + ap_req.length >= req->data + req->length) {
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        numresult = KRB5_KPASSWD_MALFORMED;
+        strlcpy(strresult, "Request was truncated in AP-REQ",
+                sizeof(strresult));
+        goto bailout;
+    }
+
+    /* verify ap_req */
+
+    ap_req.data = ptr;
+    ptr += ap_req.length;
+
+    ret = krb5_auth_con_init(context, &auth_context);
+    if (ret) {
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed initializing auth context",
+                sizeof(strresult));
+        goto chpwfail;
+    }
+
+    ret = krb5_auth_con_setflags(context, auth_context,
+                                 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    if (ret) {
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed initializing auth context",
+                sizeof(strresult));
+        goto chpwfail;
+    }
+
+    ret = krb5_build_principal(context, &changepw, strlen(realm), realm,
+                               "kadmin", "changepw", NULL);
+    if (ret) {
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed building kadmin/changepw principal",
+                sizeof(strresult));
+        goto chpwfail;
+    }
+
+    ret = krb5_rd_req(context, &auth_context, &ap_req, changepw, keytab,
+                      NULL, &ticket);
+
+    if (ret) {
+        numresult = KRB5_KPASSWD_AUTHERROR;
+        strlcpy(strresult, "Failed reading application request",
+                sizeof(strresult));
+        goto chpwfail;
+    }
+
+    /* construct the ap-rep */
+
+    ret = krb5_mk_rep(context, auth_context, &ap_rep);
+    if (ret) {
+        numresult = KRB5_KPASSWD_AUTHERROR;
+        strlcpy(strresult, "Failed replying to application request",
+                sizeof(strresult));
+        goto chpwfail;
+    }
+
+    /* decrypt the ChangePasswdData */
+
+    cipher.length = (req->data + req->length) - ptr;
+    cipher.data = ptr;
+
+    /*
+     * Don't set a remote address in auth_context before calling krb5_rd_priv,
+     * so that we can work against clients behind a NAT.  Reflection attacks
+     * aren't a concern since we use sequence numbers and since our requests
+     * don't look anything like our responses.  Also don't set a local address,
+     * since we don't know what interface the request was received on.
+     */
+
+    ret = krb5_rd_priv(context, auth_context, &cipher, &clear, &replay);
+    if (ret) {
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed decrypting request", sizeof(strresult));
+        goto chpwfail;
+    }
+
+    client = ticket->enc_part2->client;
+
+    /* decode ChangePasswdData for setpw requests */
+    if (vno == RFC3244_VERSION) {
+        krb5_data *clear_data;
+
+        ret = decode_krb5_setpw_req(&clear, &clear_data, &target);
+        if (ret != 0) {
+            numresult = KRB5_KPASSWD_MALFORMED;
+            strlcpy(strresult, "Failed decoding ChangePasswdData",
+                    sizeof(strresult));
+            goto chpwfail;
+        }
+
+        zapfree(clear.data, clear.length);
+
+        clear = *clear_data;
+        free(clear_data);
+
+        if (target != NULL) {
+            ret = krb5_unparse_name(context, target, &targetstr);
+            if (ret != 0) {
+                numresult = KRB5_KPASSWD_HARDERROR;
+                strlcpy(strresult, "Failed unparsing target name for log",
+                        sizeof(strresult));
+                goto chpwfail;
+            }
+        }
+    }
+
+    ret = krb5_unparse_name(context, client, &clientstr);
+    if (ret) {
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed unparsing client name for log",
+                sizeof(strresult));
+        goto chpwfail;
+    }
+
+    /* change the password */
+
+    ptr = k5memdup0(clear.data, clear.length, &ret);
+    ret = schpw_util_wrapper(server_handle, client, target,
+                             (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
+                             ptr, NULL, strresult, sizeof(strresult));
+    if (ret)
+        errmsg = krb5_get_error_message(context, ret);
+
+    /* zap the password */
+    zapfree(clear.data, clear.length);
+    zapfree(ptr, clear.length);
+    clear = empty_data();
+
+    clen = strlen(clientstr);
+    trunc_name(&clen, &cdots);
+
+    switch (addr->addrtype) {
+    case ADDRTYPE_INET: {
+        struct sockaddr_in *sin = ss2sin(&ss);
+
+        sin->sin_family = AF_INET;
+        memcpy(&sin->sin_addr, addr->contents, addr->length);
+        sin->sin_port = htons(remote_addr->port);
+        salen = sizeof(*sin);
+        break;
+    }
+    case ADDRTYPE_INET6: {
+        struct sockaddr_in6 *sin6 = ss2sin6(&ss);
+
+        sin6->sin6_family = AF_INET6;
+        memcpy(&sin6->sin6_addr, addr->contents, addr->length);
+        sin6->sin6_port = htons(remote_addr->port);
+        salen = sizeof(*sin6);
+        break;
+    }
+    default: {
+        struct sockaddr *sa = ss2sa(&ss);
+
+        sa->sa_family = AF_UNSPEC;
+        salen = sizeof(*sa);
+        break;
+    }
+    }
+
+    if (getnameinfo(ss2sa(&ss), salen,
+                    addrbuf, sizeof(addrbuf), NULL, 0,
+                    NI_NUMERICHOST | NI_NUMERICSERV) != 0)
+        strlcpy(addrbuf, "<unprintable>", sizeof(addrbuf));
+
+    if (vno == RFC3244_VERSION) {
+        size_t tlen;
+        char *tdots;
+        const char *targetp;
+
+        if (target == NULL) {
+            tlen = clen;
+            tdots = cdots;
+            targetp = targetstr;
+        } else {
+            tlen = strlen(targetstr);
+            trunc_name(&tlen, &tdots);
+            targetp = clientstr;
+        }
+
+        krb5_klog_syslog(LOG_NOTICE, _("setpw request from %s by %.*s%s for "
+                                       "%.*s%s: %s"), addrbuf, (int) clen,
+                         clientstr, cdots, (int) tlen, targetp, tdots,
+                         errmsg ? errmsg : "success");
+    } else {
+        krb5_klog_syslog(LOG_NOTICE, _("chpw request from %s for %.*s%s: %s"),
+                         addrbuf, (int) clen, clientstr, cdots,
+                         errmsg ? errmsg : "success");
+    }
+    switch (ret) {
+    case KADM5_AUTH_CHANGEPW:
+        numresult = KRB5_KPASSWD_ACCESSDENIED;
+        break;
+    case KADM5_AUTH_INITIAL:
+        numresult = KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
+        break;
+    case KADM5_PASS_Q_TOOSHORT:
+    case KADM5_PASS_REUSE:
+    case KADM5_PASS_Q_CLASS:
+    case KADM5_PASS_Q_DICT:
+    case KADM5_PASS_Q_GENERIC:
+    case KADM5_PASS_TOOSOON:
+        numresult = KRB5_KPASSWD_SOFTERROR;
+        break;
+    case 0:
+        numresult = KRB5_KPASSWD_SUCCESS;
+        strlcpy(strresult, "", sizeof(strresult));
+        break;
+    default:
+        numresult = KRB5_KPASSWD_HARDERROR;
+        break;
+    }
+
+chpwfail:
+
+    ret = alloc_data(&clear, 2 + strlen(strresult));
+    if (ret)
+        goto bailout;
+
+    ptr = clear.data;
+
+    *ptr++ = (numresult>>8) & 0xff;
+    *ptr++ = numresult & 0xff;
+
+    memcpy(ptr, strresult, strlen(strresult));
+
+    cipher = empty_data();
+
+    if (ap_rep.length) {
+        ret = krb5_auth_con_setaddrs(context, auth_context,
+                                     local_addr->address, NULL);
+        if (ret) {
+            numresult = KRB5_KPASSWD_HARDERROR;
+            strlcpy(strresult,
+                    "Failed storing client and server internet addresses",
+                    sizeof(strresult));
+        } else {
+            ret = krb5_mk_priv(context, auth_context, &clear, &cipher,
+                               &replay);
+            if (ret) {
+                numresult = KRB5_KPASSWD_HARDERROR;
+                strlcpy(strresult, "Failed encrypting reply",
+                        sizeof(strresult));
+            }
+        }
+    }
+
+    /* if no KRB-PRIV was constructed, then we need a KRB-ERROR.
+       if this fails, just bail.  there's nothing else we can do. */
+
+    if (cipher.length == 0) {
+        /* clear out ap_rep now, so that it won't be inserted in the
+           reply */
+
+        if (ap_rep.length) {
+            free(ap_rep.data);
+            ap_rep = empty_data();
+        }
+
+        krberror.ctime = 0;
+        krberror.cusec = 0;
+        krberror.susec = 0;
+        ret = krb5_timeofday(context, &krberror.stime);
+        if (ret)
+            goto bailout;
+
+        /* this is really icky.  but it's what all the other callers
+           to mk_error do. */
+        krberror.error = ret;
+        krberror.error -= ERROR_TABLE_BASE_krb5;
+        if (krberror.error > KRB_ERR_MAX)
+            krberror.error = KRB_ERR_GENERIC;
+
+        krberror.client = NULL;
+
+        ret = krb5_build_principal(context, &krberror.server,
+                                   strlen(realm), realm,
+                                   "kadmin", "changepw", NULL);
+        if (ret)
+            goto bailout;
+        krberror.text.length = 0;
+        krberror.e_data = clear;
+
+        ret = krb5_mk_error(context, &krberror, &cipher);
+
+        krb5_free_principal(context, krberror.server);
+
+        if (ret)
+            goto bailout;
+    }
+
+    /* construct the reply */
+
+    ret = alloc_data(rep, 6 + ap_rep.length + cipher.length);
+    if (ret)
+        goto bailout;
+    ptr = rep->data;
+
+    /* length */
+
+    *ptr++ = (rep->length>>8) & 0xff;
+    *ptr++ = rep->length & 0xff;
+
+    /* version == 0x0001 big-endian */
+
+    *ptr++ = 0;
+    *ptr++ = 1;
+
+    /* ap_rep length, big-endian */
+
+    *ptr++ = (ap_rep.length>>8) & 0xff;
+    *ptr++ = ap_rep.length & 0xff;
+
+    /* ap-rep data */
+
+    if (ap_rep.length) {
+        memcpy(ptr, ap_rep.data, ap_rep.length);
+        ptr += ap_rep.length;
+    }
+
+    /* krb-priv or krb-error */
+
+    memcpy(ptr, cipher.data, cipher.length);
+
+bailout:
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_principal(context, changepw);
+    krb5_free_ticket(context, ticket);
+    free(ap_rep.data);
+    free(clear.data);
+    free(cipher.data);
+    krb5_free_principal(context, target);
+    krb5_free_unparsed_name(context, targetstr);
+    krb5_free_unparsed_name(context, clientstr);
+    krb5_free_error_message(context, errmsg);
+    return ret;
+}
+
+/* Dispatch routine for set/change password */
+void
+dispatch(void *handle, const krb5_fulladdr *local_addr,
+         const krb5_fulladdr *remote_addr, krb5_data *request, int is_tcp,
+         verto_ctx *vctx, loop_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    krb5_keytab kt = NULL;
+    kadm5_server_handle_t server_handle = *(void **)handle;
+    krb5_data *response = NULL;
+    const char *emsg;
+
+    ret = krb5_kt_resolve(server_handle->context, "KDB:", &kt);
+    if (ret != 0) {
+        emsg = krb5_get_error_message(server_handle->context, ret);
+        krb5_klog_syslog(LOG_ERR, _("chpw: Couldn't open admin keytab %s"),
+                         emsg);
+        krb5_free_error_message(server_handle->context, emsg);
+        goto egress;
+    }
+
+    response = k5alloc(sizeof(krb5_data), &ret);
+    if (response == NULL)
+        goto egress;
+
+    ret = process_chpw_request(server_handle->context,
+                               server_handle,
+                               server_handle->params.realm,
+                               kt,
+                               local_addr,
+                               remote_addr,
+                               request,
+                               response);
+egress:
+    if (ret)
+        krb5_free_data(server_handle->context, response);
+    krb5_kt_close(server_handle->context, kt);
+    (*respond)(arg, ret, ret == 0 ? response : NULL);
+}
diff --git a/krb5-1.21.3/src/kadmin/server/server_stubs.c b/krb5-1.21.3/src/kadmin/server/server_stubs.c
new file mode 100644
index 00000000..ef7e809b
--- /dev/null
+++ b/krb5-1.21.3/src/kadmin/server/server_stubs.c
@@ -0,0 +1,1649 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+#include <k5-int.h>
+#include <socket-utils.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h> /* for gss_nt_krb5_name */
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include <kadm5/server_internal.h>
+#include <syslog.h>
+#include <adm_proto.h>  /* krb5_klog_syslog */
+#include "misc.h"
+#include "auth.h"
+
+extern gss_name_t                       gss_changepw_name;
+extern gss_name_t                       gss_oldchangepw_name;
+extern void *                           global_server_handle;
+
+#define CHANGEPW_SERVICE(rqstp)                                         \
+    (cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), gss_changepw_name) | \
+     (gss_oldchangepw_name &&                                           \
+      cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred),             \
+                          gss_oldchangepw_name)))
+
+
+static int gss_to_krb5_name(kadm5_server_handle_t handle,
+                            gss_name_t gss_name, krb5_principal *princ);
+
+static int gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str);
+
+static gss_name_t acceptor_name(gss_ctx_id_t context);
+
+gss_name_t rqst2name(struct svc_req *rqstp);
+
+static int cmp_gss_names(gss_name_t n1, gss_name_t n2)
+{
+    OM_uint32 emin;
+    int equal;
+
+    if (GSS_ERROR(gss_compare_name(&emin, n1, n2, &equal)))
+        return(0);
+
+    return(equal);
+}
+
+/* Does a comparison of the names and then releases the first entity */
+/* For use above in CHANGEPW_SERVICE */
+static int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2)
+{
+    OM_uint32 min_stat;
+    int ret;
+
+    ret = cmp_gss_names(n1, n2);
+    if (n1) (void) gss_release_name(&min_stat, &n1);
+    return ret;
+}
+
+/*
+ * Function check_handle
+ *
+ * Purpose: Check a server handle and return a com_err code if it is
+ * invalid or 0 if it is valid.
+ *
+ * Arguments:
+ *
+ *      handle          The server handle.
+ */
+
+static int check_handle(void *handle)
+{
+    CHECK_HANDLE(handle);
+    return 0;
+}
+
+/*
+ * Function: new_server_handle
+ *
+ * Purpose: Constructs a server handle suitable for passing into the
+ * server library API functions, by folding the client's API version
+ * and calling principal into the server handle returned by
+ * kadm5_init.
+ *
+ * Arguments:
+ *      api_version     (input) The API version specified by the client
+ *      rqstp           (input) The RPC request
+ *      handle          (output) The returned handle
+ *      <return value>  (output) An error code, or 0 if no error occurred
+ *
+ * Effects:
+ *      Returns a pointer to allocated storage containing the server
+ *      handle.  If an error occurs, then no allocated storage is
+ *      returned, and the return value of the function will be a
+ *      non-zero com_err code.
+ *
+ *      The allocated storage for the handle should be freed with
+ *      free_server_handle (see below) when it is no longer needed.
+ */
+
+static kadm5_ret_t new_server_handle(krb5_ui_4 api_version,
+                                     struct svc_req *rqstp,
+                                     kadm5_server_handle_t
+                                     *out_handle)
+{
+    kadm5_server_handle_t handle;
+
+    *out_handle = NULL;
+
+    if (! (handle = (kadm5_server_handle_t)
+           malloc(sizeof(*handle))))
+        return ENOMEM;
+
+    *handle = *(kadm5_server_handle_t)global_server_handle;
+    handle->api_version = api_version;
+
+    if (! gss_to_krb5_name(handle, rqst2name(rqstp),
+                           &handle->current_caller)) {
+        free(handle);
+        return KADM5_FAILURE;
+    }
+
+    *out_handle = handle;
+    return 0;
+}
+
+/*
+ * Function: free_server_handle
+ *
+ * Purpose: Free handle memory allocated by new_server_handle
+ *
+ * Arguments:
+ *      handle          (input/output) The handle to free
+ */
+static void free_server_handle(kadm5_server_handle_t handle)
+{
+    if (!handle)
+        return;
+    krb5_free_principal(handle->context, handle->current_caller);
+    free(handle);
+}
+
+/* Result is stored in a static buffer and is invalidated by the next call. */
+const char *
+client_addr(SVCXPRT *xprt)
+{
+    static char abuf[128];
+    struct sockaddr_storage ss;
+    socklen_t len = sizeof(ss);
+    const char *p = NULL;
+
+    if (getpeername(xprt->xp_sock, ss2sa(&ss), &len) != 0)
+        return "(unknown)";
+    if (ss2sa(&ss)->sa_family == AF_INET)
+        p = inet_ntop(AF_INET, &ss2sin(&ss)->sin_addr, abuf, sizeof(abuf));
+    else if (ss2sa(&ss)->sa_family == AF_INET6)
+        p = inet_ntop(AF_INET6, &ss2sin6(&ss)->sin6_addr, abuf, sizeof(abuf));
+    return (p == NULL) ? "(unknown)" : p;
+}
+
+/*
+ * Function: setup_gss_names
+ *
+ * Purpose: Create printable representations of the client and server
+ * names.
+ *
+ * Arguments:
+ *      rqstp           (r) the RPC request
+ *      client_name     (w) the gss_buffer_t for the client name
+ *      server_name     (w) the gss_buffer_t for the server name
+ *
+ * Effects:
+ *
+ * Unparses the client and server names into client_name and
+ * server_name, both of which must be freed by the caller.  Returns 0
+ * on success and -1 on failure.
+ */
+int setup_gss_names(struct svc_req *rqstp,
+                    gss_buffer_desc *client_name,
+                    gss_buffer_desc *server_name)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t server_gss_name;
+
+    if (gss_name_to_string(rqst2name(rqstp), client_name) != 0)
+        return -1;
+    maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL,
+                                   &server_gss_name, NULL, NULL, NULL,
+                                   NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE) {
+        gss_release_buffer(&min_stat, client_name);
+        gss_release_name(&min_stat, &server_gss_name);
+        return -1;
+    }
+    if (gss_name_to_string(server_gss_name, server_name) != 0) {
+        gss_release_buffer(&min_stat, client_name);
+        gss_release_name(&min_stat, &server_gss_name);
+        return -1;
+    }
+    gss_release_name(&min_stat, &server_gss_name);
+    return 0;
+}
+
+static gss_name_t acceptor_name(gss_ctx_id_t context)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t name;
+
+    maj_stat = gss_inquire_context(&min_stat, context, NULL, &name,
+                                   NULL, NULL, NULL, NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE)
+        return NULL;
+    return name;
+}
+
+static int gss_to_krb5_name(kadm5_server_handle_t handle,
+                            gss_name_t gss_name, krb5_principal *princ)
+{
+    krb5_error_code ret;
+    OM_uint32 minor_stat;
+    gss_buffer_desc gss_str;
+    int success;
+    char *s;
+
+    if (gss_name_to_string(gss_name, &gss_str) != 0)
+        return 0;
+    s = k5memdup0(gss_str.value, gss_str.length, &ret);
+    if (s == NULL) {
+        gss_release_buffer(&minor_stat, &gss_str);
+        return 0;
+    }
+    success = (krb5_parse_name(handle->context, s, princ) == 0);
+    free(s);
+    gss_release_buffer(&minor_stat, &gss_str);
+    return success;
+}
+
+static int
+gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str)
+{
+    OM_uint32 status, minor_stat;
+    gss_OID gss_type;
+    const char pref[] = KRB5_WELLKNOWN_NAMESTR "/" KRB5_ANONYMOUS_PRINCSTR "@";
+    const size_t preflen = sizeof(pref) - 1;
+
+    status = gss_display_name(&minor_stat, gss_name, str, &gss_type);
+    if (status != GSS_S_COMPLETE)
+        return 1;
+    if (gss_oid_equal(gss_type, GSS_C_NT_ANONYMOUS)) {
+        /* Guard against non-krb5 mechs with different anonymous displays. */
+        if (str->length < preflen || memcmp(str->value, pref, preflen) != 0)
+            return 1;
+    } else if (!gss_oid_equal(gss_type, GSS_KRB5_NT_PRINCIPAL_NAME)) {
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * Perform common initialization for server stub functions.  A subset of the
+ * output arguments may be set on failure; the caller is responsible for
+ * initializing outputs and calling stub_cleanup() on success or failure.
+ * princ and princ_str_out may be NULL to omit unparsing a principal name.
+ */
+static kadm5_ret_t
+stub_setup(krb5_ui_4 api_version, struct svc_req *rqstp, krb5_principal princ,
+           kadm5_server_handle_t *handle_out, krb5_ui_4 *api_version_out,
+           gss_buffer_t client_name_out, gss_buffer_t service_name_out,
+           char **princ_str_out)
+{
+    kadm5_ret_t ret;
+
+    ret = new_server_handle(api_version, rqstp, handle_out);
+    if (ret)
+        return ret;
+
+    ret = check_handle(*handle_out);
+    if (ret)
+        return ret;
+
+    *api_version_out = (*handle_out)->api_version;
+
+    if (setup_gss_names(rqstp, client_name_out, service_name_out) < 0)
+        return KADM5_FAILURE;
+
+    if (princ_str_out != NULL) {
+        if (princ == NULL)
+            return KADM5_BAD_PRINCIPAL;
+        if (krb5_unparse_name((*handle_out)->context, princ, princ_str_out))
+            return KADM5_BAD_PRINCIPAL;
+    }
+
+    return KADM5_OK;
+}
+
+/* Perform common cleanup for server stub functions. */
+static void
+stub_cleanup(kadm5_server_handle_t handle, char *princ_str,
+             gss_buffer_t client_name, gss_buffer_t service_name)
+{
+    OM_uint32 minor_stat;
+
+    auth_end(handle->context);
+    free_server_handle(handle);
+    free(princ_str);
+    gss_release_buffer(&minor_stat, client_name);
+    gss_release_buffer(&minor_stat, service_name);
+}
+
+static krb5_boolean
+stub_auth(kadm5_server_handle_t handle, int opcode, krb5_const_principal p1,
+          krb5_const_principal p2, const char *s1, const char *s2)
+{
+    return auth(handle->context, opcode, handle->current_caller, p1, p2,
+                s1, s2, NULL, 0);
+}
+
+static krb5_boolean
+stub_auth_pol(kadm5_server_handle_t handle, int opcode, const char *policy,
+              const kadm5_policy_ent_rec *polent, long mask)
+{
+    return auth(handle->context, opcode, handle->current_caller, NULL, NULL,
+                policy, NULL, polent, mask);
+}
+
+static krb5_boolean
+stub_auth_restrict(kadm5_server_handle_t handle, int opcode,
+                   kadm5_principal_ent_t ent, long *mask)
+{
+    return auth_restrict(handle->context, opcode, handle->current_caller,
+                         ent, mask);
+}
+
+/* Return true if the client authenticated to kadmin/changepw and princ is not
+ * the client principal. */
+static krb5_boolean
+changepw_not_self(kadm5_server_handle_t handle, struct svc_req *rqstp,
+                  krb5_const_principal princ)
+{
+    return CHANGEPW_SERVICE(rqstp) &&
+        !krb5_principal_compare(handle->context, handle->current_caller,
+                                princ);
+}
+
+static krb5_boolean
+ticket_is_initial(struct svc_req *rqstp)
+{
+    OM_uint32 status, minor_stat;
+    krb5_flags flags;
+
+    status = gss_krb5_get_tkt_flags(&minor_stat, rqstp->rq_svccred, &flags);
+    if (status != GSS_S_COMPLETE)
+        return 0;
+    return (flags & TKT_FLG_INITIAL) != 0;
+}
+
+/* If a key change request is for the client's own principal, verify that the
+ * client used an initial ticket and enforce the policy min_life. */
+static kadm5_ret_t
+check_self_keychange(kadm5_server_handle_t handle, struct svc_req *rqstp,
+                     krb5_principal princ)
+{
+    if (!krb5_principal_compare(handle->context, handle->current_caller,
+                                princ))
+        return 0;
+
+    if (!ticket_is_initial(rqstp))
+        return KADM5_AUTH_INITIAL;
+
+    return check_min_life(handle, princ, NULL, 0);
+}
+
+static int
+log_unauth(
+    char *op,
+    char *target,
+    gss_buffer_t client,
+    gss_buffer_t server,
+    struct svc_req *rqstp)
+{
+    size_t tlen, clen, slen;
+    char *tdots, *cdots, *sdots;
+
+    tlen = strlen(target);
+    trunc_name(&tlen, &tdots);
+    clen = client->length;
+    trunc_name(&clen, &cdots);
+    slen = server->length;
+    trunc_name(&slen, &sdots);
+
+    /* okay to cast lengths to int because trunc_name limits max value */
+    return krb5_klog_syslog(LOG_NOTICE,
+                            _("Unauthorized request: %s, %.*s%s, "
+                              "client=%.*s%s, service=%.*s%s, addr=%s"),
+                            op, (int)tlen, target, tdots,
+                            (int)clen, (char *)client->value, cdots,
+                            (int)slen, (char *)server->value, sdots,
+                            client_addr(rqstp->rq_xprt));
+}
+
+static int
+log_done(
+    char *op,
+    char *target,
+    const char *errmsg,
+    gss_buffer_t client,
+    gss_buffer_t server,
+    struct svc_req *rqstp)
+{
+    size_t tlen, clen, slen;
+    char *tdots, *cdots, *sdots;
+
+    if (errmsg == NULL)
+        errmsg = _("success");
+    tlen = strlen(target);
+    trunc_name(&tlen, &tdots);
+    clen = client->length;
+    trunc_name(&clen, &cdots);
+    slen = server->length;
+    trunc_name(&slen, &sdots);
+
+    /* okay to cast lengths to int because trunc_name limits max value */
+    return krb5_klog_syslog(LOG_NOTICE,
+                            _("Request: %s, %.*s%s, %s, "
+                              "client=%.*s%s, service=%.*s%s, addr=%s"),
+                            op, (int)tlen, target, tdots, errmsg,
+                            (int)clen, (char *)client->value, cdots,
+                            (int)slen, (char *)server->value, sdots,
+                            client_addr(rqstp->rq_xprt));
+}
+
+bool_t
+create_principal_2_svc(cprinc_arg *arg, generic_ret *ret,
+                       struct svc_req *rqstp)
+{
+    char                        *prime_arg = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->rec.principal,
+                           &handle, &ret->api_version, &client_name,
+                           &service_name, &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth_restrict(handle, OP_ADDPRINC, &arg->rec, &arg->mask)) {
+        ret->code = KADM5_AUTH_ADD;
+        log_unauth("kadm5_create_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_create_principal(handle, &arg->rec, arg->mask,
+                                           arg->passwd);
+
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_create_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+create_principal3_2_svc(cprinc3_arg *arg, generic_ret *ret,
+                        struct svc_req *rqstp)
+{
+    char                        *prime_arg = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->rec.principal,
+                           &handle, &ret->api_version, &client_name,
+                           &service_name, &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth_restrict(handle, OP_ADDPRINC, &arg->rec, &arg->mask)) {
+        ret->code = KADM5_AUTH_ADD;
+        log_unauth("kadm5_create_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_create_principal_3(handle, &arg->rec, arg->mask,
+                                             arg->n_ks_tuple, arg->ks_tuple,
+                                             arg->passwd);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_create_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+/* Return KADM5_PROTECT_KEYS if KRB5_KDB_LOCKDOWN_KEYS is set for princ. */
+static kadm5_ret_t
+check_lockdown_keys(kadm5_server_handle_t handle, krb5_principal princ)
+{
+    kadm5_principal_ent_rec rec;
+    kadm5_ret_t ret;
+
+    ret = kadm5_get_principal(handle, princ, &rec, KADM5_ATTRIBUTES);
+    if (ret)
+        return ret;
+    ret = (rec.attributes & KRB5_KDB_LOCKDOWN_KEYS) ? KADM5_PROTECT_KEYS : 0;
+    kadm5_free_principal_ent(handle, &rec);
+    return ret;
+}
+
+bool_t
+delete_principal_2_svc(dprinc_arg *arg, generic_ret *ret,
+                       struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_DELPRINC, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_DELETE;
+        log_unauth("kadm5_delete_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = check_lockdown_keys(handle, arg->princ);
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_delete_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_DELETE;
+        }
+    }
+
+    if (ret->code == KADM5_OK)
+        ret->code = kadm5_delete_principal(handle, arg->princ);
+    if (ret->code != KADM5_AUTH_DELETE) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_delete_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+modify_principal_2_svc(mprinc_arg *arg, generic_ret *ret,
+                       struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->rec.principal,
+                           &handle, &ret->api_version, &client_name,
+                           &service_name, &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth_restrict(handle, OP_MODPRINC, &arg->rec, &arg->mask)) {
+        ret->code = KADM5_AUTH_MODIFY;
+        log_unauth("kadm5_modify_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else if ((arg->mask & KADM5_ATTRIBUTES) &&
+               (!(arg->rec.attributes & KRB5_KDB_LOCKDOWN_KEYS))) {
+        ret->code = check_lockdown_keys(handle, arg->rec.principal);
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_modify_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_MODIFY;
+        }
+    }
+
+    if (ret->code == KADM5_OK) {
+        ret->code = kadm5_modify_principal(handle, &arg->rec, arg->mask);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_modify_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+rename_principal_2_svc(rprinc_arg *arg, generic_ret *ret,
+                       struct svc_req *rqstp)
+{
+    char                        *prime_arg1 = NULL, *prime_arg2 = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
+    size_t                      tlen1, tlen2, clen, slen;
+    char                        *tdots1, *tdots2, *cdots, *sdots;
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) ||
+        krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) {
+        ret->code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
+    }
+    tlen1 = strlen(prime_arg1);
+    trunc_name(&tlen1, &tdots1);
+    tlen2 = strlen(prime_arg2);
+    trunc_name(&tlen2, &tdots2);
+    clen = client_name.length;
+    trunc_name(&clen, &cdots);
+    slen = service_name.length;
+    trunc_name(&slen, &sdots);
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_RENPRINC, arg->src, arg->dest, NULL, NULL)) {
+        ret->code = KADM5_AUTH_INSUFFICIENT;
+        log_unauth("kadm5_rename_principal", prime_arg1, &client_name,
+                   &service_name, rqstp);
+    } else {
+        ret->code = check_lockdown_keys(handle, arg->src);
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_rename_principal", prime_arg1, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_DELETE;
+        }
+    }
+    if (ret->code != KADM5_OK) {
+        /* okay to cast lengths to int because trunc_name limits max value */
+        krb5_klog_syslog(LOG_NOTICE,
+                         _("Unauthorized request: kadm5_rename_principal, "
+                           "%.*s%s to %.*s%s, "
+                           "client=%.*s%s, service=%.*s%s, addr=%s"),
+                         (int)tlen1, prime_arg1, tdots1,
+                         (int)tlen2, prime_arg2, tdots2,
+                         (int)clen, (char *)client_name.value, cdots,
+                         (int)slen, (char *)service_name.value, sdots,
+                         client_addr(rqstp->rq_xprt));
+    } else {
+        ret->code = kadm5_rename_principal(handle, arg->src, arg->dest);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        /* okay to cast lengths to int because trunc_name limits max value */
+        krb5_klog_syslog(LOG_NOTICE,
+                         _("Request: kadm5_rename_principal, "
+                           "%.*s%s to %.*s%s, %s, "
+                           "client=%.*s%s, service=%.*s%s, addr=%s"),
+                         (int)tlen1, prime_arg1, tdots1,
+                         (int)tlen2, prime_arg2, tdots2,
+                         errmsg ? errmsg : _("success"),
+                         (int)clen, (char *)client_name.value, cdots,
+                         (int)slen, (char *)service_name.value, sdots,
+                         client_addr(rqstp->rq_xprt));
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+
+    }
+exit_func:
+    free(prime_arg1);
+    free(prime_arg2);
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+get_principal_2_svc(gprinc_arg *arg, gprinc_ret *ret, struct svc_req *rqstp)
+{
+    char                            *funcname, *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    funcname = "kadm5_get_principal";
+
+    if (changepw_not_self(handle, rqstp, arg->princ) ||
+        !stub_auth(handle, OP_GETPRINC, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_GET;
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_get_principal(handle, arg->princ, &ret->rec,
+                                        arg->mask);
+
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done(funcname, prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+get_princs_2_svc(gprincs_arg *arg, gprincs_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    prime_arg = arg->exp;
+    if (prime_arg == NULL)
+        prime_arg = "*";
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_LISTPRINCS, NULL, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_LIST;
+        log_unauth("kadm5_get_principals", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_get_principals(handle, arg->exp, &ret->princs,
+                                         &ret->count);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_get_principals", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+
+    }
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+chpass_principal_2_svc(chpass_arg *arg, generic_ret *ret,
+                       struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    ret->code = check_lockdown_keys(handle, arg->princ);
+    if (ret->code != KADM5_OK) {
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_chpass_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_CHANGEPW;
+        }
+    } else if (changepw_not_self(handle, rqstp, arg->princ) ||
+               !stub_auth(handle, OP_CPW, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_CHANGEPW;
+        log_unauth("kadm5_chpass_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = check_self_keychange(handle, rqstp, arg->princ);
+        if (!ret->code)
+            ret->code = kadm5_chpass_principal(handle, arg->princ, arg->pass);
+    }
+
+    if (ret->code != KADM5_AUTH_CHANGEPW) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_chpass_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+chpass_principal3_2_svc(chpass3_arg *arg, generic_ret *ret,
+                        struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    ret->code = check_lockdown_keys(handle, arg->princ);
+    if (ret->code != KADM5_OK) {
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_chpass_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_CHANGEPW;
+        }
+    } else if (changepw_not_self(handle, rqstp, arg->princ) ||
+               !stub_auth(handle, OP_CPW, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_CHANGEPW;
+        log_unauth("kadm5_chpass_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else  {
+        ret->code = check_self_keychange(handle, rqstp, arg->princ);
+        if (!ret->code) {
+            ret->code = kadm5_chpass_principal_3(handle, arg->princ,
+                                                 arg->keepold, arg->n_ks_tuple,
+                                                 arg->ks_tuple, arg->pass);
+        }
+    }
+
+    if (ret->code != KADM5_AUTH_CHANGEPW) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_chpass_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+setkey_principal_2_svc(setkey_arg *arg, generic_ret *ret,
+                       struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    ret->code = check_lockdown_keys(handle, arg->princ);
+    if (ret->code != KADM5_OK) {
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_setkey_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_SETKEY;
+        }
+    } else if (!(CHANGEPW_SERVICE(rqstp)) &&
+               stub_auth(handle, OP_SETKEY, arg->princ, NULL, NULL, NULL)) {
+        ret->code = kadm5_setkey_principal(handle, arg->princ, arg->keyblocks,
+                                           arg->n_keys);
+    } else {
+        log_unauth("kadm5_setkey_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret->code = KADM5_AUTH_SETKEY;
+    }
+
+    if (ret->code != KADM5_AUTH_SETKEY) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_setkey_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+setkey_principal3_2_svc(setkey3_arg *arg, generic_ret *ret,
+                        struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    ret->code = check_lockdown_keys(handle, arg->princ);
+    if (ret->code != KADM5_OK) {
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_setkey_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_SETKEY;
+        }
+    } else if (!(CHANGEPW_SERVICE(rqstp)) &&
+               stub_auth(handle, OP_SETKEY, arg->princ, NULL, NULL, NULL)) {
+        ret->code = kadm5_setkey_principal_3(handle, arg->princ, arg->keepold,
+                                             arg->n_ks_tuple, arg->ks_tuple,
+                                             arg->keyblocks, arg->n_keys);
+    } else {
+        log_unauth("kadm5_setkey_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret->code = KADM5_AUTH_SETKEY;
+    }
+
+    if (ret->code != KADM5_AUTH_SETKEY) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_setkey_principal", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+setkey_principal4_2_svc(setkey4_arg *arg, generic_ret *ret,
+                        struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    ret->code = check_lockdown_keys(handle, arg->princ);
+    if (ret->code != KADM5_OK) {
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_setkey_principal", prime_arg, &client_name,
+                       &service_name, rqstp);
+            ret->code = KADM5_AUTH_SETKEY;
+        }
+    } else if (!(CHANGEPW_SERVICE(rqstp)) &&
+               stub_auth(handle, OP_SETKEY, arg->princ, NULL, NULL, NULL)) {
+        ret->code = kadm5_setkey_principal_4(handle, arg->princ, arg->keepold,
+                                             arg->key_data, arg->n_key_data);
+    } else {
+        log_unauth("kadm5_setkey_principal", prime_arg, &client_name,
+                   &service_name, rqstp);
+        ret->code = KADM5_AUTH_SETKEY;
+    }
+
+    if (ret->code != KADM5_AUTH_SETKEY) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_setkey_principal", prime_arg, errmsg, &client_name,
+                 &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+/* Empty out *keys / *nkeys if princ is protected with the lockdown
+ * attribute, or if we fail to check. */
+static kadm5_ret_t
+chrand_check_lockdown(kadm5_server_handle_t handle, krb5_principal princ,
+                      krb5_keyblock **keys, int *nkeys)
+{
+    kadm5_ret_t ret;
+    int i;
+
+    ret = check_lockdown_keys(handle, princ);
+    if (!ret)
+        return 0;
+
+    for (i = 0; i < *nkeys; i++)
+        krb5_free_keyblock_contents(handle->context, &((*keys)[i]));
+    free(*keys);
+    *keys = NULL;
+    *nkeys = 0;
+    return (ret == KADM5_PROTECT_KEYS) ? KADM5_OK : ret;
+}
+
+bool_t
+chrand_principal_2_svc(chrand_arg *arg, chrand_ret *ret, struct svc_req *rqstp)
+{
+    char                        *funcname, *prime_arg = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    krb5_keyblock               *k;
+    int                         nkeys;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    funcname = "kadm5_randkey_principal";
+
+    if (changepw_not_self(handle, rqstp, arg->princ) ||
+        !stub_auth(handle, OP_CHRAND, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_CHANGEPW;
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = check_self_keychange(handle, rqstp, arg->princ);
+        if (!ret->code) {
+            ret->code = kadm5_randkey_principal(handle, arg->princ,
+                                                &k, &nkeys);
+        }
+    }
+
+    if (ret->code == KADM5_OK) {
+        ret->code = chrand_check_lockdown(handle, arg->princ, &k, &nkeys);
+        if (ret->code == KADM5_PROTECT_KEYS)
+            ret->code = KADM5_OK;
+        ret->keys = k;
+        ret->n_keys = nkeys;
+    }
+
+    if (ret->code != KADM5_AUTH_CHANGEPW) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done(funcname, prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+chrand_principal3_2_svc(chrand3_arg *arg, chrand_ret *ret,
+                        struct svc_req *rqstp)
+{
+    char                        *funcname, *prime_arg = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    krb5_keyblock               *k;
+    int                         nkeys;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    funcname = "kadm5_randkey_principal";
+
+    if (changepw_not_self(handle, rqstp, arg->princ) ||
+        !stub_auth(handle, OP_CHRAND, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_CHANGEPW;
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = check_self_keychange(handle, rqstp, arg->princ);
+        if (!ret->code) {
+            ret->code = kadm5_randkey_principal_3(handle, arg->princ,
+                                                  arg->keepold,
+                                                  arg->n_ks_tuple,
+                                                  arg->ks_tuple, &k, &nkeys);
+        }
+    }
+
+    if (ret->code == KADM5_OK) {
+        ret->code = chrand_check_lockdown(handle, arg->princ, &k, &nkeys);
+        if (ret->code == KADM5_PROTECT_KEYS)
+            ret->code = KADM5_OK;
+        ret->keys = k;
+        ret->n_keys = nkeys;
+    }
+
+    if (ret->code != KADM5_AUTH_CHANGEPW) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done(funcname, prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+create_policy_2_svc(cpol_arg *arg, generic_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    prime_arg = arg->rec.policy;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth_pol(handle, OP_ADDPOL, arg->rec.policy,
+                       &arg->rec, arg->mask)) {
+        ret->code = KADM5_AUTH_ADD;
+        log_unauth("kadm5_create_policy", prime_arg,
+                   &client_name, &service_name, rqstp);
+
+    } else {
+        ret->code = kadm5_create_policy(handle, &arg->rec, arg->mask);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_create_policy",
+                 ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+delete_policy_2_svc(dpol_arg *arg, generic_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    prime_arg = arg->name;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_DELPOL, NULL, NULL, arg->name, NULL)) {
+        log_unauth("kadm5_delete_policy", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret->code = KADM5_AUTH_DELETE;
+    } else {
+        ret->code = kadm5_delete_policy(handle, arg->name);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_delete_policy",
+                 ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+modify_policy_2_svc(mpol_arg *arg, generic_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    prime_arg = arg->rec.policy;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth_pol(handle, OP_MODPOL, arg->rec.policy,
+                       &arg->rec, arg->mask)) {
+        log_unauth("kadm5_modify_policy", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret->code = KADM5_AUTH_MODIFY;
+    } else {
+        ret->code = kadm5_modify_policy(handle, &arg->rec, arg->mask);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_modify_policy",
+                 ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+get_policy_2_svc(gpol_arg *arg, gpol_ret *ret, struct svc_req *rqstp)
+{
+    char                        *funcname, *prime_arg = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_ret_t         ret2;
+    kadm5_principal_ent_rec     caller_ent;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL, *cpolicy = NULL;
+
+    memset(&caller_ent, 0, sizeof(caller_ent));
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    funcname = "kadm5_get_policy";
+
+    prime_arg = arg->name;
+
+    /* Look up the client principal's policy value. */
+    ret2 = kadm5_get_principal(handle->lhandle, handle->current_caller,
+                               &caller_ent, KADM5_PRINCIPAL_NORMAL_MASK);
+    if (ret2 == KADM5_OK && (caller_ent.aux_attributes & KADM5_POLICY))
+        cpolicy = caller_ent.policy;
+
+    ret->code = KADM5_AUTH_GET;
+    if ((CHANGEPW_SERVICE(rqstp) &&
+         (cpolicy == NULL || strcmp(cpolicy, arg->name) != 0)) ||
+        !stub_auth(handle, OP_GETPOL, NULL, NULL, arg->name, cpolicy)) {
+        ret->code = KADM5_AUTH_GET;
+        log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_get_policy(handle, arg->name, &ret->rec);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done(funcname,
+                 ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg,
+                 &client_name, &service_name, rqstp);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    (void)kadm5_free_principal_ent(handle->lhandle, &caller_ent);
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+get_pols_2_svc(gpols_arg *arg, gpols_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, NULL, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           NULL);
+    if (ret->code)
+        goto exit_func;
+
+    prime_arg = arg->exp;
+    if (prime_arg == NULL)
+        prime_arg = "*";
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_LISTPOLS, NULL, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_LIST;
+        log_unauth("kadm5_get_policies", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_get_policies(handle, arg->exp, &ret->pols,
+                                       &ret->count);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_get_policies", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+get_privs_2_svc(krb5_ui_4 *arg, getprivs_ret *ret, struct svc_req *rqstp)
+{
+    gss_buffer_desc                client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t          handle;
+    const char                     *errmsg = NULL;
+
+    ret->code = stub_setup(*arg, rqstp, NULL, &handle, &ret->api_version,
+                           &client_name, &service_name, NULL);
+    if (ret->code)
+        goto exit_func;
+
+    ret->code = kadm5_get_privs(handle, &ret->privs);
+    if (ret->code != 0)
+        errmsg = krb5_get_error_message(handle->context, ret->code);
+
+    log_done("kadm5_get_privs", client_name.value, errmsg,
+             &client_name, &service_name, rqstp);
+
+    if (errmsg != NULL)
+        krb5_free_error_message(handle->context, errmsg);
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+purgekeys_2_svc(purgekeys_arg *arg, generic_ret *ret, struct svc_req *rqstp)
+{
+    char                        *funcname, *prime_arg = NULL;
+    gss_buffer_desc             client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc             service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t       handle;
+
+    const char                  *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    funcname = "kadm5_purgekeys";
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_PURGEKEYS, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_MODIFY;
+        log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_purgekeys(handle, arg->princ, arg->keepkvno);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done(funcname, prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+get_strings_2_svc(gstrings_arg *arg, gstrings_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_GETSTRS, arg->princ, NULL, NULL, NULL)) {
+        ret->code = KADM5_AUTH_GET;
+        log_unauth("kadm5_get_strings", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_get_strings(handle, arg->princ, &ret->strings,
+                                      &ret->count);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_get_strings", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+set_string_2_svc(sstring_arg *arg, generic_ret *ret, struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (CHANGEPW_SERVICE(rqstp) ||
+        !stub_auth(handle, OP_SETSTR, arg->princ, NULL,
+                   arg->key, arg->value)) {
+        ret->code = KADM5_AUTH_MODIFY;
+        log_unauth("kadm5_mod_strings", prime_arg,
+                   &client_name, &service_name, rqstp);
+    } else {
+        ret->code = kadm5_set_string(handle, arg->princ, arg->key, arg->value);
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_mod_strings", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
+
+bool_t
+init_2_svc(krb5_ui_4 *arg, generic_ret *ret, struct svc_req *rqstp)
+{
+    gss_buffer_desc            client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc            service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t      handle;
+    const char                 *errmsg = NULL;
+    size_t clen, slen;
+    char *cdots, *sdots;
+
+    ret->code = stub_setup(*arg, rqstp, NULL, &handle, &ret->api_version,
+                           &client_name, &service_name, NULL);
+    if (ret->code)
+        goto exit_func;
+
+    if (ret->code != 0)
+        errmsg = krb5_get_error_message(handle->context, ret->code);
+
+    clen = client_name.length;
+    trunc_name(&clen, &cdots);
+    slen = service_name.length;
+    trunc_name(&slen, &sdots);
+    /* okay to cast lengths to int because trunc_name limits max value */
+    krb5_klog_syslog(LOG_NOTICE, _("Request: kadm5_init, %.*s%s, %s, "
+                                   "client=%.*s%s, service=%.*s%s, addr=%s, "
+                                   "vers=%d, flavor=%d"),
+                     (int)clen, (char *)client_name.value, cdots,
+                     errmsg ? errmsg : _("success"),
+                     (int)clen, (char *)client_name.value, cdots,
+                     (int)slen, (char *)service_name.value, sdots,
+                     client_addr(rqstp->rq_xprt),
+                     ret->api_version & ~(KADM5_API_VERSION_MASK),
+                     rqstp->rq_cred.oa_flavor);
+    if (errmsg != NULL)
+        krb5_free_error_message(handle->context, errmsg);
+
+exit_func:
+    stub_cleanup(handle, NULL, &client_name, &service_name);
+    return TRUE;
+}
+
+gss_name_t
+rqst2name(struct svc_req *rqstp)
+{
+
+    if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS)
+        return rqstp->rq_clntname;
+    else
+        return rqstp->rq_clntcred;
+}
+
+bool_t
+get_principal_keys_2_svc(getpkeys_arg *arg, getpkeys_ret *ret,
+                         struct svc_req *rqstp)
+{
+    char                            *prime_arg = NULL;
+    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
+
+    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
+                           &ret->api_version, &client_name, &service_name,
+                           &prime_arg);
+    if (ret->code)
+        goto exit_func;
+
+    if (!(CHANGEPW_SERVICE(rqstp)) &&
+        stub_auth(handle, OP_EXTRACT, arg->princ, NULL, NULL, NULL)) {
+        ret->code = kadm5_get_principal_keys(handle, arg->princ, arg->kvno,
+                                             &ret->key_data, &ret->n_key_data);
+    } else {
+        log_unauth("kadm5_get_principal_keys", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret->code = KADM5_AUTH_EXTRACT;
+    }
+
+    if (ret->code == KADM5_OK) {
+        ret->code = check_lockdown_keys(handle, arg->princ);
+        if (ret->code != KADM5_OK) {
+            kadm5_free_kadm5_key_data(handle->context, ret->n_key_data,
+                                      ret->key_data);
+            ret->key_data = NULL;
+            ret->n_key_data = 0;
+        }
+        if (ret->code == KADM5_PROTECT_KEYS) {
+            log_unauth("kadm5_get_principal_keys", prime_arg,
+                       &client_name, &service_name, rqstp);
+            ret->code = KADM5_AUTH_EXTRACT;
+        }
+    }
+
+    if (ret->code != KADM5_AUTH_EXTRACT) {
+        if (ret->code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret->code);
+
+        log_done("kadm5_get_principal_keys", prime_arg, errmsg,
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
+    }
+
+exit_func:
+    stub_cleanup(handle, prime_arg, &client_name, &service_name);
+    return TRUE;
+}
diff --git a/krb5-1.21.3/src/kdc/Makefile.in b/krb5-1.21.3/src/kdc/Makefile.in
new file mode 100644
index 00000000..ed85ca87
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/Makefile.in
@@ -0,0 +1,101 @@
+mydir=kdc
+BUILDTOP=$(REL)..
+DEFINES=-DLIBDIR=\"$(KRB5_LIBDIR)\"
+
+all: krb5kdc rtest
+
+# DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
+
+LOCALINCLUDES = -I.
+SRCS= \
+	kdc5_err.c \
+	$(srcdir)/authind.c \
+	$(srcdir)/cammac.c \
+	$(srcdir)/dispatch.c \
+	$(srcdir)/do_as_req.c \
+	$(srcdir)/do_tgs_req.c \
+	$(srcdir)/fast_util.c \
+	$(srcdir)/kdc_util.c \
+	$(srcdir)/kdc_preauth.c \
+	$(srcdir)/kdc_preauth_ec.c \
+	$(srcdir)/kdc_preauth_encts.c \
+	$(srcdir)/main.c \
+	$(srcdir)/ndr.c \
+	$(srcdir)/policy.c \
+	$(srcdir)/extern.c \
+	$(srcdir)/replay.c \
+	$(srcdir)/kdc_authdata.c \
+	$(srcdir)/kdc_audit.c \
+	$(srcdir)/kdc_transit.c \
+	$(srcdir)/tgs_policy.c \
+	$(srcdir)/kdc_log.c \
+	$(srcdir)/t_replay.c
+
+OBJS= \
+	kdc5_err.o \
+	authind.o \
+	cammac.o \
+	dispatch.o \
+	do_as_req.o \
+	do_tgs_req.o \
+	fast_util.o \
+	kdc_util.o \
+	kdc_preauth.o \
+	kdc_preauth_ec.o \
+	kdc_preauth_encts.o \
+	main.o \
+	ndr.o \
+	policy.o \
+	extern.o \
+	replay.o \
+	kdc_authdata.o \
+	kdc_audit.o \
+	kdc_transit.o \
+	tgs_policy.o \
+	kdc_log.o
+
+RT_OBJS= rtest.o \
+	kdc_transit.o
+
+depend: kdc5_err.c kdc5_err.h
+
+kdc5_err.c: kdc5_err.et
+
+kdc5_err.h: kdc5_err.et
+
+kdc5_err.o: kdc5_err.h
+
+krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) $(VERTO_DEPLIB)
+	$(CC_LINK) -o krb5kdc $(OBJS) $(APPUTILS_LIB) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(VERTO_LIBS)
+
+rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
+
+t_ndr: t_ndr.o ndr.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_ndr.o ndr.o $(KRB5_BASE_LIBS)
+
+check-unix: rtest runenv.sh t_ndr
+	$(RUN_TEST) $(srcdir)/rtscript > test.out
+	cmp test.out $(srcdir)/rtest.good
+	$(RM) test.out
+	$(RUN_TEST) ./t_ndr > /dev/null
+
+T_REPLAY_OBJS=t_replay.o
+
+t_replay: $(T_REPLAY_OBJS) replay.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_REPLAY_OBJS) $(CMOCKA_LIBS) $(KRB5_BASE_LIBS)
+
+check-cmocka: t_replay
+	$(RUN_TEST) ./t_replay > /dev/null
+
+check-pytests:
+	$(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_bigreply.py $(PYTESTFLAGS)
+
+install:
+	$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
+
+clean:
+	$(RM) kdc5_err.h kdc5_err.c krb5kdc rtest.o rtest t_replay.o t_replay
+	$(RM) t_ndr.o t_ndr
diff --git a/krb5-1.21.3/src/kdc/authind.c b/krb5-1.21.3/src/kdc/authind.c
new file mode 100644
index 00000000..9fef4951
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/authind.c
@@ -0,0 +1,123 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/authind.c - Functions for manipulating authentication indicator lists */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+
+/* Return true if ind matches an entry in indicators. */
+krb5_boolean
+authind_contains(krb5_data *const *indicators, const char *ind)
+{
+    for (; indicators != NULL && *indicators != NULL; indicators++) {
+        if (data_eq_string(**indicators, ind))
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Add ind to *indicators, reallocating as necessary. */
+krb5_error_code
+authind_add(krb5_context context, const char *ind, krb5_data ***indicators)
+{
+    size_t count;
+    krb5_data **list = *indicators, *dptr, d;
+
+    /* Count the number of existing indicators and check for duplicates. */
+    for (count = 0; list != NULL && list[count] != NULL; count++) {
+        if (data_eq_string(*list[count], ind))
+            return 0;
+    }
+
+    /* Allocate space for a new entry. */
+    list = realloc(list, (count + 2) * sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    *indicators = list;
+
+    /* Add a copy of ind (as a krb5_data object) to the list. */
+    d = string2data((char *)ind);
+    if (krb5_copy_data(context, &d, &dptr) != 0)
+        return ENOMEM;
+    list[count++] = dptr;
+    list[count] = NULL;
+    return 0;
+}
+
+/* Add all auth indicators from authdata to *indicators, reallocating as
+ * necessary.  (Currently does not compress duplicates.) */
+krb5_error_code
+authind_extract(krb5_context context, krb5_authdata **authdata,
+                krb5_data ***indicators)
+{
+    krb5_error_code ret;
+    size_t count, scount;
+    krb5_authdata **ind_authdata = NULL, **adp;
+    krb5_data der_indicators, **strings = NULL, **list = *indicators;
+
+    for (count = 0; list != NULL && list[count] != NULL; count++);
+
+    ret = krb5_find_authdata(context, authdata, NULL,
+                             KRB5_AUTHDATA_AUTH_INDICATOR, &ind_authdata);
+    if (ret)
+        goto cleanup;
+
+    for (adp = ind_authdata; adp != NULL && *adp != NULL; adp++) {
+        /* Decode this authdata element into an auth indicator list. */
+        der_indicators = make_data((*adp)->contents, (*adp)->length);
+        ret = decode_utf8_strings(&der_indicators, &strings);
+        if (ret == ENOMEM)
+            goto cleanup;
+        if (ret)
+            continue;
+
+        /* Count the entries in strings and allocate space in list. */
+        for (scount = 0; strings != NULL && strings[scount] != NULL; scount++);
+        list = realloc(list, (count + scount + 1) * sizeof(*list));
+        if (list == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        *indicators = list;
+
+        /* Steal the krb5_data pointers from strings and free the array. */
+        memcpy(list + count, strings, scount * sizeof(*strings));
+        count += scount;
+        list[count] = NULL;
+        free(strings);
+        strings = NULL;
+    }
+
+cleanup:
+    krb5_free_authdata(context, ind_authdata);
+    k5_free_data_ptr_list(strings);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/kdc/cammac.c b/krb5-1.21.3/src/kdc/cammac.c
new file mode 100644
index 00000000..df5fe966
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/cammac.c
@@ -0,0 +1,175 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/cammac.c - Functions for wrapping and unwrapping CAMMACs */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+
+/* Encode enc_tkt with contents as the authdata field, for use in KDC
+ * verifier checksums. */
+static krb5_error_code
+encode_kdcver_encpart(krb5_enc_tkt_part *enc_tkt, krb5_authdata **contents,
+                      krb5_data **der_out)
+{
+    krb5_enc_tkt_part ck_enctkt;
+
+    ck_enctkt = *enc_tkt;
+    ck_enctkt.authorization_data = contents;
+    return encode_krb5_enc_tkt_part(&ck_enctkt, der_out);
+}
+
+/*
+ * Create a CAMMAC for contents, using enc_tkt and tgt_key for the KDC
+ * verifier.  tgt_key must be the decrypted first key data entry in tgt.  Set
+ * *cammac_out to a single-element authdata list containing the CAMMAC inside
+ * an IF-RELEVANT container.
+ */
+krb5_error_code
+cammac_create(krb5_context context, krb5_enc_tkt_part *enc_tkt,
+              krb5_keyblock *server_key, krb5_db_entry *tgt,
+              krb5_keyblock *tgt_key, krb5_authdata **contents,
+              krb5_authdata ***cammac_out)
+{
+    krb5_error_code ret;
+    krb5_data *der_authdata = NULL, *der_enctkt = NULL, *der_cammac = NULL;
+    krb5_authdata ad, *list[2];
+    krb5_cammac cammac;
+    krb5_verifier_mac kdc_verifier, svc_verifier;
+    krb5_keyblock tgtkey;
+    krb5_checksum kdc_cksum, svc_cksum;
+
+    *cammac_out = NULL;
+    memset(&tgtkey, 0, sizeof(tgtkey));
+    memset(&kdc_cksum, 0, sizeof(kdc_cksum));
+    memset(&svc_cksum, 0, sizeof(svc_cksum));
+
+    /* Checksum the reply with contents as authdata for the KDC verifier. */
+    ret = encode_kdcver_encpart(enc_tkt, contents, &der_enctkt);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_make_checksum(context, 0, tgt_key, KRB5_KEYUSAGE_CAMMAC,
+                               der_enctkt, &kdc_cksum);
+    if (ret)
+        goto cleanup;
+    kdc_verifier.princ = NULL;
+    kdc_verifier.kvno = current_kvno(tgt);
+    kdc_verifier.enctype = ENCTYPE_NULL;
+    kdc_verifier.checksum = kdc_cksum;
+
+    /* Encode the authdata and checksum it for the service verifier. */
+    ret = encode_krb5_authdata(contents, &der_authdata);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_make_checksum(context, 0, server_key, KRB5_KEYUSAGE_CAMMAC,
+                               der_authdata, &svc_cksum);
+    if (ret)
+        goto cleanup;
+    svc_verifier.princ = NULL;
+    svc_verifier.kvno = 0;
+    svc_verifier.enctype = ENCTYPE_NULL;
+    svc_verifier.checksum = svc_cksum;
+
+    cammac.elements = contents;
+    cammac.kdc_verifier = &kdc_verifier;
+    cammac.svc_verifier = &svc_verifier;
+    cammac.other_verifiers = NULL;
+
+    ret = encode_krb5_cammac(&cammac, &der_cammac);
+    if (ret)
+        goto cleanup;
+
+    /* Wrap the encoded CAMMAC in an IF-RELEVANT container and return it as a
+     * single-element authdata list. */
+    ad.ad_type = KRB5_AUTHDATA_CAMMAC;
+    ad.length = der_cammac->length;
+    ad.contents = (uint8_t *)der_cammac->data;
+    list[0] = &ad;
+    list[1] = NULL;
+    ret = krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT,
+                                         list, cammac_out);
+
+cleanup:
+    krb5_free_data(context, der_enctkt);
+    krb5_free_data(context, der_authdata);
+    krb5_free_data(context, der_cammac);
+    krb5_free_keyblock_contents(context, &tgtkey);
+    krb5_free_checksum_contents(context, &kdc_cksum);
+    krb5_free_checksum_contents(context, &svc_cksum);
+    return ret;
+}
+
+/*
+ * Return true if cammac's KDC verifier is valid for enc_tkt, using tgt to
+ * retrieve the TGT key indicated by the verifier.  tgt_key must be the
+ * decrypted first key data entry in tgt.
+ */
+krb5_boolean
+cammac_check_kdcver(krb5_context context, krb5_cammac *cammac,
+                    krb5_enc_tkt_part *enc_tkt, krb5_db_entry *tgt,
+                    krb5_keyblock *tgt_key)
+{
+    krb5_verifier_mac *ver = cammac->kdc_verifier;
+    krb5_key_data *kd;
+    krb5_keyblock tgtkey, *key;
+    krb5_boolean valid = FALSE;
+    krb5_data *der_enctkt = NULL;
+
+    memset(&tgtkey, 0, sizeof(tgtkey));
+
+    if (ver == NULL)
+        goto cleanup;
+
+    /* Fetch the krbtgt key indicated by the KDC verifier.  Only allow the
+     * first krbtgt key of the specified kvno. */
+    if (ver->kvno == current_kvno(tgt)) {
+        key = tgt_key;
+    } else {
+        if (krb5_dbe_find_enctype(context, tgt, -1, -1, ver->kvno, &kd) != 0)
+            goto cleanup;
+        if (krb5_dbe_decrypt_key_data(context, NULL, kd, &tgtkey, NULL) != 0)
+            goto cleanup;
+        key = &tgtkey;
+    }
+    if (ver->enctype != ENCTYPE_NULL && tgtkey.enctype != ver->enctype)
+        goto cleanup;
+
+    /* Verify the checksum over the DER-encoded enc_tkt with the CAMMAC
+     * elements as authdata. */
+    if (encode_kdcver_encpart(enc_tkt, cammac->elements, &der_enctkt) != 0)
+        goto cleanup;
+    (void)krb5_c_verify_checksum(context, key, KRB5_KEYUSAGE_CAMMAC,
+                                 der_enctkt, &ver->checksum, &valid);
+
+cleanup:
+    krb5_free_keyblock_contents(context, &tgtkey);
+    krb5_free_data(context, der_enctkt);
+    return valid;
+}
diff --git a/krb5-1.21.3/src/kdc/deps b/krb5-1.21.3/src/kdc/deps
new file mode 100644
index 00000000..70d557f9
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/deps
@@ -0,0 +1,310 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdc5_err.$(OBJEXT): $(COM_ERR_DEPS) kdc5_err.c
+$(OUTPRE)authind.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h authind.c kdc_util.h \
+  realm_data.h reqstate.h
+$(OUTPRE)cammac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cammac.c kdc_util.h \
+  realm_data.h reqstate.h
+$(OUTPRE)dispatch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  dispatch.c extern.h kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)do_as_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/audit_plugin.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  do_as_req.c extern.h kdc_audit.h kdc_util.h policy.h \
+  realm_data.h reqstate.h
+$(OUTPRE)do_tgs_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/audit_plugin.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h do_tgs_req.c extern.h \
+  kdc_audit.h kdc_util.h policy.h realm_data.h reqstate.h
+$(OUTPRE)fast_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h fast_util.c \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)kdc_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_util.c \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)kdc_preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  extern.h kdc_preauth.c kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)kdc_preauth_ec.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_preauth_ec.c \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)kdc_preauth_encts.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_preauth_encts.c \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_kt.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/audit_plugin.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc5_err.h \
+  kdc_audit.h kdc_util.h main.c policy.h realm_data.h \
+  reqstate.h
+$(OUTPRE)ndr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_util.h ndr.c \
+  realm_data.h reqstate.h
+$(OUTPRE)policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpolicy_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \
+  policy.c policy.h realm_data.h reqstate.h
+$(OUTPRE)extern.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  extern.c extern.h realm_data.h
+$(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \
+  realm_data.h replay.c reqstate.h
+$(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcauthdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_authdata.c \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)kdc_audit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/audit_plugin.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_audit.c kdc_audit.h \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)kdc_transit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_transit.c \
+  kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)tgs_policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc_util.h realm_data.h \
+  reqstate.h tgs_policy.c
+$(OUTPRE)kdc_log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdc_log.c kdc_util.h realm_data.h reqstate.h
+$(OUTPRE)t_replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-cmocka.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  extern.h kdc_util.h realm_data.h replay.c reqstate.h \
+  t_replay.c
diff --git a/krb5-1.21.3/src/kdc/dispatch.c b/krb5-1.21.3/src/kdc/dispatch.c
new file mode 100644
index 00000000..28def3be
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/dispatch.c
@@ -0,0 +1,217 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/dispatch.c - Dispatch an incoming packet */
+/*
+ * Copyright 1990, 2009 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <syslog.h>
+#include "kdc_util.h"
+#include "extern.h"
+#include "adm_proto.h"
+#include "realm_data.h"
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+
+static krb5_error_code make_too_big_error(kdc_realm_t *realm, krb5_data **out);
+
+struct dispatch_state {
+    loop_respond_fn respond;
+    void *arg;
+    krb5_data *request;
+    int is_tcp;
+    kdc_realm_t *active_realm;
+    krb5_context kdc_err_context;
+};
+
+static void
+finish_dispatch(struct dispatch_state *state, krb5_error_code code,
+                krb5_data *response)
+{
+    loop_respond_fn oldrespond = state->respond;
+    void *oldarg = state->arg;
+
+    if (state->is_tcp == 0 && response &&
+        response->length > (unsigned int)max_dgram_reply_size) {
+        krb5_free_data(NULL, response);
+        response = NULL;
+        code = make_too_big_error(state->active_realm, &response);
+        if (code)
+            krb5_klog_syslog(LOG_ERR, "error constructing "
+                             "KRB_ERR_RESPONSE_TOO_BIG error: %s",
+                             error_message(code));
+    }
+
+    free(state);
+    (*oldrespond)(oldarg, code, response);
+}
+
+static void
+finish_dispatch_cache(void *arg, krb5_error_code code, krb5_data *response)
+{
+    struct dispatch_state *state = arg;
+    krb5_context kdc_err_context = state->kdc_err_context;
+
+#ifndef NOCACHE
+    /* Remove the null cache entry unless we actually want to discard this
+     * request. */
+    if (code != KRB5KDC_ERR_DISCARD)
+        kdc_remove_lookaside(kdc_err_context, state->request);
+
+    /* Put the response into the lookaside buffer (if we produced one). */
+    if (code == 0 && response != NULL)
+        kdc_insert_lookaside(kdc_err_context, state->request, response);
+#endif
+
+    finish_dispatch(state, code, response);
+}
+
+void
+dispatch(void *cb, const krb5_fulladdr *local_addr,
+         const krb5_fulladdr *remote_addr, krb5_data *pkt, int is_tcp,
+         verto_ctx *vctx, loop_respond_fn respond, void *arg)
+{
+    krb5_error_code retval;
+    krb5_kdc_req *req = NULL;
+    krb5_data *response = NULL;
+    struct dispatch_state *state;
+    struct server_handle *handle = cb;
+    krb5_context kdc_err_context = handle->kdc_err_context;
+
+    state = k5alloc(sizeof(*state), &retval);
+    if (state == NULL) {
+        (*respond)(arg, retval, NULL);
+        return;
+    }
+    state->respond = respond;
+    state->arg = arg;
+    state->request = pkt;
+    state->is_tcp = is_tcp;
+    state->kdc_err_context = kdc_err_context;
+
+    /* decode incoming packet, and dispatch */
+
+#ifndef NOCACHE
+    /* try the replay lookaside buffer */
+    if (kdc_check_lookaside(kdc_err_context, pkt, &response)) {
+        /* a hit! */
+        const char *name = 0;
+        char buf[46];
+
+        name = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype),
+                         remote_addr->address->contents, buf, sizeof(buf));
+        if (name == 0)
+            name = "[unknown address type]";
+        if (response)
+            krb5_klog_syslog(LOG_INFO,
+                             "DISPATCH: repeated (retransmitted?) request "
+                             "from %s, resending previous response", name);
+        else
+            krb5_klog_syslog(LOG_INFO,
+                             "DISPATCH: repeated (retransmitted?) request "
+                             "from %s during request processing, dropping "
+                             "repeated request", name);
+
+        finish_dispatch(state, response ? 0 : KRB5KDC_ERR_DISCARD, response);
+        return;
+    }
+
+    /* Insert a NULL entry into the lookaside to indicate that this request
+     * is currently being processed. */
+    kdc_insert_lookaside(kdc_err_context, pkt, NULL);
+#endif
+
+    /* try TGS_REQ first; they are more common! */
+
+    if (krb5_is_tgs_req(pkt))
+        retval = decode_krb5_tgs_req(pkt, &req);
+    else if (krb5_is_as_req(pkt))
+        retval = decode_krb5_as_req(pkt, &req);
+    else
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
+    if (retval)
+        goto done;
+
+    state->active_realm = setup_server_realm(handle, req->server);
+    if (state->active_realm == NULL) {
+        retval = KRB5KDC_ERR_WRONG_REALM;
+        goto done;
+    }
+
+    if (krb5_is_tgs_req(pkt)) {
+        /* process_tgs_req frees the request */
+        retval = process_tgs_req(req, pkt, remote_addr, state->active_realm,
+                                 &response);
+        req = NULL;
+    } else if (krb5_is_as_req(pkt)) {
+        /* process_as_req frees the request and calls finish_dispatch_cache. */
+        process_as_req(req, pkt, local_addr, remote_addr, state->active_realm,
+                       vctx, finish_dispatch_cache, state);
+        return;
+    }
+
+done:
+    krb5_free_kdc_req(kdc_err_context, req);
+    finish_dispatch_cache(state, retval, response);
+}
+
+static krb5_error_code
+make_too_big_error(kdc_realm_t *realm, krb5_data **out)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error errpkt;
+    krb5_error_code retval;
+    krb5_data *scratch;
+
+    *out = NULL;
+    memset(&errpkt, 0, sizeof(errpkt));
+
+    retval = krb5_us_timeofday(context, &errpkt.stime, &errpkt.susec);
+    if (retval)
+        return retval;
+    errpkt.error = KRB_ERR_RESPONSE_TOO_BIG;
+    errpkt.server = realm->realm_tgsprinc;
+    errpkt.client = NULL;
+    errpkt.text.length = 0;
+    errpkt.text.data = 0;
+    errpkt.e_data.length = 0;
+    errpkt.e_data.data = 0;
+    scratch = malloc(sizeof(*scratch));
+    if (scratch == NULL)
+        return ENOMEM;
+    retval = krb5_mk_error(context, &errpkt, scratch);
+    if (retval) {
+        free(scratch);
+        return retval;
+    }
+
+    *out = scratch;
+    return 0;
+}
+
+krb5_context get_context(void *handle)
+{
+    struct server_handle *sh = handle;
+
+    return sh->kdc_err_context;
+}
diff --git a/krb5-1.21.3/src/kdc/do_as_req.c b/krb5-1.21.3/src/kdc/do_as_req.c
new file mode 100644
index 00000000..6fb214b7
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/do_as_req.c
@@ -0,0 +1,849 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/do_as_req.c */
+/*
+ * Portions Copyright (C) 2007 Apple Inc.
+ * Copyright 1990, 1991, 2007, 2008, 2009, 2013, 2014 by the
+ * Massachusetts Institute of Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * KDC Routines to deal with AS_REQ's
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+
+#include <syslog.h>
+#ifdef HAVE_NETINET_IN_H
+#include <sys/types.h>
+#include <netinet/in.h>
+#ifndef hpux
+#include <arpa/inet.h>
+#endif  /* hpux */
+#endif /* HAVE_NETINET_IN_H */
+
+#include "kdc_util.h"
+#include "kdc_audit.h"
+#include "policy.h"
+#include <kadm5/admin.h>
+#include "adm_proto.h"
+#include "extern.h"
+
+static krb5_error_code
+prepare_error_as(struct kdc_request_state *, krb5_kdc_req *, krb5_db_entry *,
+                 krb5_keyblock *, krb5_error_code, krb5_pa_data **,
+                 krb5_boolean, krb5_principal, krb5_data **, const char *);
+
+/* Determine the key-expiration value according to RFC 4120 section 5.4.2. */
+static krb5_timestamp
+get_key_exp(krb5_db_entry *entry)
+{
+    if (entry->expiration == 0)
+        return entry->pw_expiration;
+    if (entry->pw_expiration == 0)
+        return entry->expiration;
+    return ts_min(entry->expiration, entry->pw_expiration);
+}
+
+/*
+ * Find the key in client for the most preferred enctype in req_enctypes.  Fill
+ * in *kb_out with the decrypted keyblock (which the caller must free) and set
+ * *kd_out to an alias to that key data entry.  Set *kd_out to NULL and leave
+ * *kb_out zeroed if no key is found for any of the requested enctypes.
+ * kb_out->enctype may differ from the enctype of *kd_out for DES enctypes; in
+ * this case, kb_out->enctype is the requested enctype used to match the key
+ * data entry.
+ */
+static krb5_error_code
+select_client_key(krb5_context context, krb5_db_entry *client,
+                  krb5_enctype *req_enctypes, int n_req_enctypes,
+                  krb5_keyblock *kb_out, krb5_key_data **kd_out)
+{
+    krb5_error_code ret;
+    krb5_key_data *kd;
+    krb5_enctype etype;
+    int i;
+
+    memset(kb_out, 0, sizeof(*kb_out));
+    *kd_out = NULL;
+
+    for (i = 0; i < n_req_enctypes; i++) {
+        etype = req_enctypes[i];
+        if (!krb5_c_valid_enctype(etype))
+            continue;
+        if (krb5_dbe_find_enctype(context, client, etype, -1, 0, &kd) == 0) {
+            /* Decrypt the client key data and set its enctype to the request
+             * enctype (which may differ from the key data enctype for DES). */
+            ret = krb5_dbe_decrypt_key_data(context, NULL, kd, kb_out, NULL);
+            if (ret)
+                return ret;
+            kb_out->enctype = etype;
+            *kd_out = kd;
+            return 0;
+        }
+    }
+    return 0;
+}
+
+static krb5_error_code
+lookup_client(krb5_context context, krb5_kdc_req *req, unsigned int flags,
+              krb5_db_entry **entry_out)
+{
+    krb5_pa_data *pa;
+    krb5_data cert;
+
+    *entry_out = NULL;
+    pa = krb5int_find_pa_data(context, req->padata, KRB5_PADATA_S4U_X509_USER);
+    if (pa != NULL && pa->length != 0 &&
+        req->client->type == KRB5_NT_X500_PRINCIPAL) {
+        cert = make_data(pa->contents, pa->length);
+        flags |= KRB5_KDB_FLAG_REFERRAL_OK;
+        return krb5_db_get_s4u_x509_principal(context, &cert, req->client,
+                                              flags, entry_out);
+    } else {
+        return krb5_db_get_principal(context, req->client, flags, entry_out);
+    }
+}
+
+struct as_req_state {
+    loop_respond_fn respond;
+    void *arg;
+
+    krb5_principal_data client_princ;
+    krb5_enc_tkt_part enc_tkt_reply;
+    krb5_enc_kdc_rep_part reply_encpart;
+    krb5_ticket ticket_reply;
+    krb5_keyblock local_tgt_key;
+    krb5_keyblock server_keyblock;
+    krb5_keyblock client_keyblock;
+    krb5_db_entry *client;
+    krb5_db_entry *server;
+    krb5_db_entry *local_tgt;
+    krb5_db_entry *local_tgt_storage;
+    krb5_key_data *client_key;
+    krb5_kdc_req *request;
+    struct krb5_kdcpreauth_rock_st rock;
+    const char *status;
+    krb5_pa_data **e_data;
+    krb5_boolean typed_e_data;
+    krb5_kdc_rep reply;
+    krb5_timestamp kdc_time;
+    krb5_keyblock session_key;
+    unsigned int c_flags;
+    krb5_data *req_pkt;
+    krb5_data *inner_body;
+    struct kdc_request_state *rstate;
+    char *sname, *cname;
+    void *pa_context;
+    const krb5_fulladdr *local_addr;
+    const krb5_fulladdr *remote_addr;
+    krb5_data **auth_indicators;
+
+    krb5_error_code preauth_err;
+
+    kdc_realm_t *active_realm;
+    krb5_audit_state *au_state;
+};
+
+static void
+finish_process_as_req(struct as_req_state *state, krb5_error_code errcode)
+{
+    kdc_realm_t *realm = state->active_realm;
+    krb5_context context = realm->realm_context;
+    krb5_keyblock *as_encrypting_key = NULL;
+    krb5_data *response = NULL;
+    const char *emsg = 0;
+    int did_log = 0;
+    loop_respond_fn oldrespond;
+    void *oldarg;
+    krb5_audit_state *au_state = state->au_state;
+    krb5_keyblock *replaced_reply_key = NULL;
+
+    assert(state);
+    oldrespond = state->respond;
+    oldarg = state->arg;
+
+    if (errcode)
+        goto egress;
+
+    au_state->stage = ENCR_REP;
+
+    state->ticket_reply.enc_part2 = &state->enc_tkt_reply;
+
+    errcode = check_kdcpolicy_as(context, state->request, state->client,
+                                 state->server, state->auth_indicators,
+                                 state->kdc_time, &state->enc_tkt_reply.times,
+                                 &state->status);
+    if (errcode)
+        goto egress;
+
+    errcode = get_first_current_key(context, state->server,
+                                    &state->server_keyblock);
+    if (errcode) {
+        state->status = "FINDING_SERVER_KEY";
+        goto egress;
+    }
+
+    /* Start assembling the response */
+    state->reply.msg_type = KRB5_AS_REP;
+    state->reply.client = state->enc_tkt_reply.client; /* post canonization */
+    state->reply.ticket = &state->ticket_reply;
+    state->reply_encpart.session = &state->session_key;
+    if ((errcode = fetch_last_req_info(state->client,
+                                       &state->reply_encpart.last_req)))
+        goto egress;
+    state->reply_encpart.nonce = state->request->nonce;
+    state->reply_encpart.key_exp = get_key_exp(state->client);
+    state->reply_encpart.flags = state->enc_tkt_reply.flags;
+    state->reply_encpart.server = state->ticket_reply.server;
+    state->reply_encpart.times = state->enc_tkt_reply.times;
+    state->reply_encpart.caddrs = state->enc_tkt_reply.caddrs;
+    state->reply_encpart.enc_padata = NULL;
+
+    /* Fetch the padata info to be returned (do this before
+     *  authdata to handle possible replacement of reply key
+     */
+    errcode = return_padata(context, &state->rock, state->req_pkt,
+                            state->request, &state->reply,
+                            &state->client_keyblock, &state->pa_context);
+    if (errcode) {
+        state->status = "KDC_RETURN_PADATA";
+        goto egress;
+    }
+
+    /* If we didn't find a client long-term key and no preauth mechanism
+     * replaced the reply key, error out now. */
+    if (state->client_keyblock.enctype == ENCTYPE_NULL) {
+        state->status = "CANT_FIND_CLIENT_KEY";
+        errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto egress;
+    }
+
+    if (state->rock.replaced_reply_key)
+        replaced_reply_key = &state->client_keyblock;
+
+    errcode = handle_authdata(realm, state->c_flags, state->client,
+                              state->server, NULL, state->local_tgt,
+                              &state->local_tgt_key, &state->client_keyblock,
+                              &state->server_keyblock, NULL,
+                              replaced_reply_key, state->req_pkt,
+                              state->request, NULL, NULL, NULL,
+                              &state->auth_indicators, &state->enc_tkt_reply);
+    if (errcode) {
+        krb5_klog_syslog(LOG_INFO, _("AS_REQ : handle_authdata (%d)"),
+                         errcode);
+        state->status = "HANDLE_AUTHDATA";
+        goto egress;
+    }
+
+    errcode = check_indicators(context, state->server, state->auth_indicators);
+    if (errcode) {
+        state->status = "HIGHER_AUTHENTICATION_REQUIRED";
+        goto egress;
+    }
+
+    errcode = krb5_encrypt_tkt_part(context, &state->server_keyblock,
+                                    &state->ticket_reply);
+    if (errcode)
+        goto egress;
+
+    errcode = kau_make_tkt_id(context, &state->ticket_reply,
+                              &au_state->tkt_out_id);
+    if (errcode)
+        goto egress;
+
+    state->ticket_reply.enc_part.kvno = current_kvno(state->server);
+    errcode = kdc_fast_response_handle_padata(state->rstate,
+                                              state->request,
+                                              &state->reply,
+                                              state->client_keyblock.enctype);
+    if (errcode)
+        goto egress;
+
+    /* now encode/encrypt the response */
+
+    state->reply.enc_part.enctype = state->client_keyblock.enctype;
+
+    errcode = kdc_fast_handle_reply_key(state->rstate, &state->client_keyblock,
+                                        &as_encrypting_key);
+    if (errcode)
+        goto egress;
+    errcode = return_enc_padata(context, state->req_pkt, state->request,
+                                as_encrypting_key, state->server,
+                                &state->reply_encpart, FALSE);
+    if (errcode) {
+        state->status = "KDC_RETURN_ENC_PADATA";
+        goto egress;
+    }
+
+    if (kdc_fast_hide_client(state->rstate))
+        state->reply.client = (krb5_principal)krb5_anonymous_principal();
+    errcode = krb5_encode_kdc_rep(context, KRB5_AS_REP, &state->reply_encpart,
+                                  0, as_encrypting_key, &state->reply,
+                                  &response);
+    if (state->client_key != NULL)
+        state->reply.enc_part.kvno = state->client_key->key_data_kvno;
+    if (errcode)
+        goto egress;
+
+    /* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
+       can use them in raw form if needed.  But, we don't... */
+    memset(state->reply.enc_part.ciphertext.data, 0,
+           state->reply.enc_part.ciphertext.length);
+    free(state->reply.enc_part.ciphertext.data);
+
+    log_as_req(context, state->local_addr, state->remote_addr,
+               state->request, &state->reply, state->client, state->cname,
+               state->server, state->sname, state->kdc_time, 0, 0, 0);
+    did_log = 1;
+
+egress:
+    if (errcode != 0 && state->status == NULL)
+        state->status = "UNKNOWN_REASON";
+
+    au_state->status = state->status;
+    au_state->reply = &state->reply;
+    kau_as_req(context, (errcode || state->preauth_err) ? FALSE : TRUE,
+               au_state);
+    kau_free_kdc_req(au_state);
+
+    free_padata_context(context, state->pa_context);
+    if (as_encrypting_key)
+        krb5_free_keyblock(context, as_encrypting_key);
+    if (errcode)
+        emsg = krb5_get_error_message(context, errcode);
+
+    if (state->status) {
+        log_as_req(context, state->local_addr, state->remote_addr,
+                   state->request, &state->reply, state->client,
+                   state->cname, state->server, state->sname, state->kdc_time,
+                   state->status, errcode, emsg);
+        did_log = 1;
+    }
+    if (errcode) {
+        if (state->status == 0) {
+            state->status = emsg;
+        }
+        if (errcode != KRB5KDC_ERR_DISCARD) {
+            errcode = prepare_error_as(state->rstate, state->request,
+                                       state->local_tgt, &state->local_tgt_key,
+                                       errcode, state->e_data,
+                                       state->typed_e_data,
+                                       ((state->client != NULL) ?
+                                        state->client->princ : NULL),
+                                       &response, state->status);
+            state->status = 0;
+        }
+    }
+
+    if (emsg)
+        krb5_free_error_message(context, emsg);
+    if (state->enc_tkt_reply.authorization_data != NULL)
+        krb5_free_authdata(context, state->enc_tkt_reply.authorization_data);
+    if (state->local_tgt_key.contents != NULL)
+        krb5_free_keyblock_contents(context, &state->local_tgt_key);
+    if (state->server_keyblock.contents != NULL)
+        krb5_free_keyblock_contents(context, &state->server_keyblock);
+    if (state->client_keyblock.contents != NULL)
+        krb5_free_keyblock_contents(context, &state->client_keyblock);
+    if (state->reply.padata != NULL)
+        krb5_free_pa_data(context, state->reply.padata);
+    if (state->reply_encpart.enc_padata)
+        krb5_free_pa_data(context, state->reply_encpart.enc_padata);
+
+    if (state->cname != NULL)
+        free(state->cname);
+    if (state->sname != NULL)
+        free(state->sname);
+    krb5_db_free_principal(context, state->client);
+    krb5_db_free_principal(context, state->server);
+    krb5_db_free_principal(context, state->local_tgt_storage);
+    if (state->session_key.contents != NULL)
+        krb5_free_keyblock_contents(context, &state->session_key);
+    if (state->ticket_reply.enc_part.ciphertext.data != NULL) {
+        memset(state->ticket_reply.enc_part.ciphertext.data , 0,
+               state->ticket_reply.enc_part.ciphertext.length);
+        free(state->ticket_reply.enc_part.ciphertext.data);
+    }
+
+    krb5_free_pa_data(context, state->e_data);
+    krb5_free_data(context, state->inner_body);
+    kdc_free_rstate(state->rstate);
+    krb5_free_kdc_req(context, state->request);
+    k5_free_data_ptr_list(state->auth_indicators);
+    assert(did_log != 0);
+
+    free(state);
+    (*oldrespond)(oldarg, errcode, response);
+}
+
+static void
+finish_missing_required_preauth(void *arg)
+{
+    struct as_req_state *state = (struct as_req_state *)arg;
+
+    finish_process_as_req(state, state->preauth_err);
+}
+
+static void
+finish_preauth(void *arg, krb5_error_code code)
+{
+    struct as_req_state *state = arg;
+    krb5_error_code real_code = code;
+
+    if (code) {
+        if (vague_errors)
+            code = KRB5KRB_ERR_GENERIC;
+        state->status = "PREAUTH_FAILED";
+        if (real_code == KRB5KDC_ERR_PREAUTH_FAILED) {
+            state->preauth_err = code;
+            get_preauth_hint_list(state->request, &state->rock, &state->e_data,
+                                  finish_missing_required_preauth, state);
+            return;
+        }
+    } else {
+        /*
+         * Final check before handing out ticket: If the client requires
+         * preauthentication, verify that the proper kind of
+         * preauthentication was carried out.
+         */
+        state->status = missing_required_preauth(state->client, state->server,
+                                                 &state->enc_tkt_reply);
+        if (state->status) {
+            state->preauth_err = KRB5KDC_ERR_PREAUTH_REQUIRED;
+            get_preauth_hint_list(state->request, &state->rock, &state->e_data,
+                                  finish_missing_required_preauth, state);
+            return;
+        }
+    }
+
+    finish_process_as_req(state, code);
+}
+
+/*ARGSUSED*/
+void
+process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+               const krb5_fulladdr *local_addr,
+               const krb5_fulladdr *remote_addr, kdc_realm_t *realm,
+               verto_ctx *vctx, loop_respond_fn respond, void *arg)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code errcode;
+    krb5_data encoded_req_body;
+    krb5_enctype useenctype;
+    struct as_req_state *state;
+    krb5_audit_state *au_state = NULL;
+
+    state = k5alloc(sizeof(*state), &errcode);
+    if (state == NULL) {
+        (*respond)(arg, errcode, NULL);
+        return;
+    }
+    state->respond = respond;
+    state->arg = arg;
+    state->request = request;
+    state->req_pkt = req_pkt;
+    state->local_addr = local_addr;
+    state->remote_addr = remote_addr;
+    state->active_realm = realm;
+
+    errcode = kdc_make_rstate(realm, &state->rstate);
+    if (errcode != 0) {
+        (*respond)(arg, errcode, NULL);
+        free(state);
+        return;
+    }
+
+    /* Initialize audit state. */
+    errcode = kau_init_kdc_req(context, state->request, remote_addr,
+                               &au_state);
+    if (errcode) {
+        (*respond)(arg, errcode, NULL);
+        kdc_free_rstate(state->rstate);
+        free(state);
+        return;
+    }
+    state->au_state = au_state;
+
+    if (state->request->msg_type != KRB5_AS_REQ) {
+        state->status = "VALIDATE_MESSAGE_TYPE";
+        errcode = KRB5_BADMSGTYPE;
+        goto errout;
+    }
+
+    /* Seed the audit trail with the request ID and basic information. */
+    kau_as_req(context, TRUE, au_state);
+
+    errcode = krb5_timeofday(context, &state->kdc_time);
+    if (errcode)
+        goto errout;
+
+    if (fetch_asn1_field((unsigned char *) req_pkt->data,
+                         1, 4, &encoded_req_body) != 0) {
+        errcode = ASN1_BAD_ID;
+        goto errout;
+    }
+    errcode = kdc_find_fast(&state->request, &encoded_req_body, NULL, NULL,
+                            state->rstate, &state->inner_body);
+    if (errcode) {
+        state->status = "FIND_FAST";
+        goto errout;
+    }
+    if (state->inner_body == NULL) {
+        /* Not a FAST request; copy the encoded request body. */
+        errcode = krb5_copy_data(context, &encoded_req_body,
+                                 &state->inner_body);
+        if (errcode)
+            goto errout;
+    }
+    au_state->request = state->request;
+    state->rock.request = state->request;
+    state->rock.inner_body = state->inner_body;
+    state->rock.rstate = state->rstate;
+    state->rock.vctx = vctx;
+    state->rock.auth_indicators = &state->auth_indicators;
+    state->rock.send_freshness_token = FALSE;
+    if (!state->request->client) {
+        state->status = "NULL_CLIENT";
+        errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        goto errout;
+    }
+    errcode = krb5_unparse_name(context, state->request->client,
+                                &state->cname);
+    if (errcode)
+        goto errout;
+    limit_string(state->cname);
+
+    if (!state->request->server) {
+        state->status = "NULL_SERVER";
+        errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto errout;
+    }
+    errcode = krb5_unparse_name(context, state->request->server,
+                                &state->sname);
+    if (errcode)
+        goto errout;
+    limit_string(state->sname);
+
+    setflag(state->c_flags, KRB5_KDB_FLAG_CLIENT);
+    if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE) ||
+        state->request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL)
+        setflag(state->c_flags, KRB5_KDB_FLAG_REFERRAL_OK);
+    errcode = lookup_client(context, state->request, state->c_flags,
+                            &state->client);
+    if (errcode == KRB5_KDB_CANTLOCK_DB)
+        errcode = KRB5KDC_ERR_SVC_UNAVAILABLE;
+    if (errcode == KRB5_KDB_NOENTRY) {
+        state->status = "CLIENT_NOT_FOUND";
+        if (vague_errors)
+            errcode = KRB5KRB_ERR_GENERIC;
+        else
+            errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        goto errout;
+    } else if (errcode) {
+        state->status = "LOOKING_UP_CLIENT";
+        goto errout;
+    }
+    state->rock.client = state->client;
+
+    au_state->stage = SRVC_PRINC;
+
+    errcode = krb5_db_get_principal(context, state->request->server, 0,
+                                    &state->server);
+    if (errcode == KRB5_KDB_CANTLOCK_DB)
+        errcode = KRB5KDC_ERR_SVC_UNAVAILABLE;
+    if (errcode == KRB5_KDB_NOENTRY) {
+        state->status = "SERVER_NOT_FOUND";
+        errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto errout;
+    } else if (errcode) {
+        state->status = "LOOKING_UP_SERVER";
+        goto errout;
+    }
+
+    /* If the KDB module returned a different realm for the client and server,
+     * we need to issue a client realm referral. */
+    if (!data_eq(state->server->princ->realm, state->client->princ->realm)) {
+        state->status = "REFERRAL";
+        au_state->cl_realm = &state->client->princ->realm;
+        errcode = KRB5KDC_ERR_WRONG_REALM;
+        goto errout;
+    }
+
+    errcode = get_local_tgt(context, &state->request->server->realm,
+                            state->server, &state->local_tgt,
+                            &state->local_tgt_storage, &state->local_tgt_key);
+    if (errcode) {
+        state->status = "GET_LOCAL_TGT";
+        goto errout;
+    }
+    state->rock.local_tgt = state->local_tgt;
+    state->rock.local_tgt_key = &state->local_tgt_key;
+
+    au_state->stage = VALIDATE_POL;
+
+    errcode = validate_as_request(realm, state->request, state->client,
+                                  state->server, state->kdc_time,
+                                  &state->status, &state->e_data);
+    if (errcode)
+        goto errout;
+
+    au_state->stage = ISSUE_TKT;
+
+    /*
+     * Select the keytype for the ticket session key.
+     */
+    useenctype = select_session_keytype(context, state->server,
+                                        state->request->nktypes,
+                                        state->request->ktype);
+    if (useenctype == 0) {
+        /* unsupported ktype */
+        state->status = "BAD_ENCRYPTION_TYPE";
+        errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto errout;
+    }
+
+    errcode = krb5_c_make_random_key(context, useenctype, &state->session_key);
+    if (errcode)
+        goto errout;
+
+    /*
+     * Canonicalization is only effective if we are issuing a TGT
+     * (the intention is to allow support for Windows "short" realm
+     * aliases, nothing more).
+     */
+    if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE) &&
+        krb5_is_tgs_principal(state->request->server) &&
+        krb5_is_tgs_principal(state->server->princ)) {
+        state->ticket_reply.server = state->server->princ;
+    } else {
+        state->ticket_reply.server = state->request->server;
+    }
+
+    /* Copy options that request the corresponding ticket flags. */
+    state->enc_tkt_reply.flags = get_ticket_flags(state->request->kdc_options,
+                                                  state->client, state->server,
+                                                  NULL);
+    state->enc_tkt_reply.times.authtime = state->kdc_time;
+
+    /*
+     * It should be noted that local policy may affect the
+     * processing of any of these flags.  For example, some
+     * realms may refuse to issue renewable tickets
+     */
+
+    state->enc_tkt_reply.session = &state->session_key;
+    if (isflagset(state->request->kdc_options, KDC_OPT_CANONICALIZE)) {
+        state->client_princ = *(state->client->princ);
+    } else {
+        state->client_princ = *(state->request->client);
+        /* The realm is always canonicalized */
+        state->client_princ.realm = state->client->princ->realm;
+    }
+    state->enc_tkt_reply.client = &state->client_princ;
+    state->enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
+    state->enc_tkt_reply.transited.tr_contents = empty_string;
+
+    if (isflagset(state->request->kdc_options, KDC_OPT_POSTDATED))
+        state->enc_tkt_reply.times.starttime = state->request->from;
+    else
+        state->enc_tkt_reply.times.starttime = state->kdc_time;
+
+    kdc_get_ticket_endtime(realm, state->enc_tkt_reply.times.starttime,
+                           kdc_infinity, state->request->till, state->client,
+                           state->server, &state->enc_tkt_reply.times.endtime);
+
+    kdc_get_ticket_renewtime(realm, state->request, NULL, state->client,
+                             state->server, &state->enc_tkt_reply.flags,
+                             &state->enc_tkt_reply.times);
+
+    /*
+     * starttime is optional, and treated as authtime if not present.
+     * so we can nuke it if it matches
+     */
+    if (state->enc_tkt_reply.times.starttime ==
+        state->enc_tkt_reply.times.authtime)
+        state->enc_tkt_reply.times.starttime = 0;
+
+    state->enc_tkt_reply.caddrs = state->request->addresses;
+    state->enc_tkt_reply.authorization_data = 0;
+
+    /* If anonymous requests are being used, adjust the realm of the client
+     * principal. */
+    if (isflagset(state->request->kdc_options, KDC_OPT_REQUEST_ANONYMOUS)) {
+        if (!krb5_principal_compare_any_realm(context, state->request->client,
+                                              krb5_anonymous_principal())) {
+            errcode = KRB5KDC_ERR_BADOPTION;
+            /* Anonymous requested but anonymous principal not used.*/
+            state->status = "VALIDATE_ANONYMOUS_PRINCIPAL";
+            goto errout;
+        }
+        krb5_free_principal(context, state->request->client);
+        state->request->client = NULL;
+        errcode = krb5_copy_principal(context, krb5_anonymous_principal(),
+                                      &state->request->client);
+        if (errcode)
+            goto errout;
+        state->enc_tkt_reply.client = state->request->client;
+        setflag(state->client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH);
+    }
+
+    errcode = select_client_key(context, state->client, state->request->ktype,
+                                state->request->nktypes,
+                                &state->client_keyblock, &state->client_key);
+    if (errcode) {
+        state->status = "DECRYPT_CLIENT_KEY";
+        goto errout;
+    }
+    if (state->client_key != NULL)
+        state->rock.client_key = state->client_key;
+    state->rock.client_keyblock = &state->client_keyblock;
+
+    errcode = kdc_fast_read_cookie(context, state->rstate, state->request,
+                                   state->local_tgt, &state->local_tgt_key);
+    if (errcode) {
+        state->status = "READ_COOKIE";
+        goto errout;
+    }
+
+    /*
+     * Check the preauthentication if it is there.
+     */
+    if (state->request->padata) {
+        check_padata(context, &state->rock, state->req_pkt, state->request,
+                     &state->enc_tkt_reply, &state->pa_context, &state->e_data,
+                     &state->typed_e_data, finish_preauth, state);
+    } else
+        finish_preauth(state, 0);
+    return;
+
+errout:
+    finish_process_as_req(state, errcode);
+}
+
+static krb5_error_code
+prepare_error_as(struct kdc_request_state *rstate, krb5_kdc_req *request,
+                 krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                 krb5_error_code code, krb5_pa_data **e_data_in,
+                 krb5_boolean typed_e_data, krb5_principal canon_client,
+                 krb5_data **response, const char *status)
+{
+    krb5_context context = rstate->realm_data->realm_context;
+    krb5_error errpkt;
+    krb5_error_code retval;
+    krb5_data *scratch = NULL, *e_data_asn1 = NULL, *fast_edata = NULL;
+    krb5_pa_data **e_data = NULL, *cookie = NULL;
+    size_t count;
+
+    errpkt.magic = KV5M_ERROR;
+
+    if (e_data_in != NULL) {
+        /* Add a PA-FX-COOKIE to e_data_in.  e_data is a shallow copy
+         * containing aliases. */
+        for (count = 0; e_data_in[count] != NULL; count++);
+        e_data = calloc(count + 2, sizeof(*e_data));
+        if (e_data == NULL)
+            return ENOMEM;
+        memcpy(e_data, e_data_in, count * sizeof(*e_data));
+        retval = kdc_fast_make_cookie(context, rstate, local_tgt,
+                                      local_tgt_key, request->client, &cookie);
+        e_data[count] = cookie;
+    }
+
+    errpkt.ctime = 0;
+    errpkt.cusec = 0;
+
+    retval = krb5_us_timeofday(context, &errpkt.stime, &errpkt.susec);
+    if (retval)
+        goto cleanup;
+    errpkt.error = errcode_to_protocol(code);
+    errpkt.server = request->server;
+    errpkt.client = (code == KRB5KDC_ERR_WRONG_REALM) ? canon_client :
+        request->client;
+    errpkt.text = string2data((char *)status);
+
+    if (e_data != NULL) {
+        if (typed_e_data)
+            retval = encode_krb5_typed_data(e_data, &e_data_asn1);
+        else
+            retval = encode_krb5_padata_sequence(e_data, &e_data_asn1);
+        if (retval)
+            goto cleanup;
+        errpkt.e_data = *e_data_asn1;
+    } else
+        errpkt.e_data = empty_data();
+
+    retval = kdc_fast_handle_error(context, rstate, request, e_data, &errpkt,
+                                   &fast_edata);
+    if (retval)
+        goto cleanup;
+    if (fast_edata != NULL)
+        errpkt.e_data = *fast_edata;
+
+    scratch = k5alloc(sizeof(*scratch), &retval);
+    if (scratch == NULL)
+        goto cleanup;
+    if (kdc_fast_hide_client(rstate) && errpkt.client != NULL)
+        errpkt.client = (krb5_principal)krb5_anonymous_principal();
+    retval = krb5_mk_error(context, &errpkt, scratch);
+    if (retval)
+        goto cleanup;
+
+    *response = scratch;
+    scratch = NULL;
+
+cleanup:
+    krb5_free_data(context, fast_edata);
+    krb5_free_data(context, e_data_asn1);
+    free(scratch);
+    free(e_data);
+    if (cookie != NULL)
+        free(cookie->contents);
+    free(cookie);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/kdc/do_tgs_req.c b/krb5-1.21.3/src/kdc/do_tgs_req.c
new file mode 100644
index 00000000..0acc4585
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/do_tgs_req.c
@@ -0,0 +1,1229 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/do_tgs_req.c - KDC Routines to deal with TGS_REQ's */
+/*
+ * Copyright 1990, 1991, 2001, 2007, 2008, 2009, 2013, 2014 by the
+ * Massachusetts Institute of Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+#include <syslog.h>
+#ifdef HAVE_NETINET_IN_H
+#include <sys/types.h>
+#include <netinet/in.h>
+#ifndef hpux
+#include <arpa/inet.h>
+#endif
+#endif
+
+#include "kdc_util.h"
+#include "kdc_audit.h"
+#include "policy.h"
+#include "extern.h"
+#include "adm_proto.h"
+#include <ctype.h>
+
+struct tgs_req_info {
+    /* The decoded request.  Ownership is transferred to this structure.  This
+     * will be replaced with the inner FAST body if present. */
+    krb5_kdc_req *req;
+
+    /*
+     * The decrypted authentication header ticket from the request's
+     * PA-TGS-REQ, the KDB entry for its server, its encryption key, the
+     * PA-TGS-REQ subkey if present, and the decoded and verified header ticket
+     * PAC if present.
+     */
+    krb5_ticket *header_tkt;
+    krb5_db_entry *header_server;
+    krb5_keyblock *header_key;
+    krb5_keyblock *subkey;
+    krb5_pac header_pac;
+
+    /*
+     * If a second ticket is present and this is a U2U or S4U2Proxy request,
+     * the decoded and verified PAC if present, the KDB entry for the second
+     * ticket server server, and the key used to decrypt the second ticket.
+     */
+    krb5_pac stkt_pac;
+    krb5_db_entry *stkt_server;
+    krb5_keyblock *stkt_server_key;
+    /* For cross-realm S4U2Proxy requests, the client principal retrieved from
+     * stkt_pac. */
+    krb5_principal stkt_pac_client;
+
+    /* Storage for the local TGT KDB entry for the service realm if that isn't
+     * the header server. */
+    krb5_db_entry *local_tgt_storage;
+    /* The decrypted first key of the local TGT entry. */
+    krb5_keyblock local_tgt_key;
+
+    /* The server KDB entry.  Normally the requested server, but for referral
+     * and alternate TGS replies this will be a cross-realm TGT entry. */
+    krb5_db_entry *server;
+
+    /*
+     * The subject client KDB entry for an S4U2Self request, or the header
+     * ticket client KDB entry for other requests.  NULL if
+     * NO_AUTH_DATA_REQUIRED is set on the server KDB entry and this isn't an
+     * S4U2Self request, or if the client is in another realm and the KDB
+     * cannot map its principal name.
+     */
+    krb5_db_entry *client;
+
+    /* The decoded S4U2Self padata from the request, if present. */
+    krb5_pa_s4u_x509_user *s4u2self;
+
+    /* Authentication indicators retrieved from the header ticket, for
+     * non-S4U2Self requests. */
+    krb5_data **auth_indicators;
+
+    /* Storage for a transited list with the header TGT realm added, if that
+     * realm is different from the client and server realm. */
+    krb5_data new_transited;
+
+    /* The KDB flags applicable to this request (a subset of {CROSS_REALM,
+     * ISSUING_REFERRAL, PROTOCOL_TRANSITION, CONSTRAINED_DELEGATION}). */
+    unsigned int flags;
+
+    /* Booleans for two of the above flags, for convenience. */
+    krb5_boolean is_referral;
+    krb5_boolean is_crossrealm;
+
+    /* The authtime of subject_tkt.  On early failures this may be 0. */
+    krb5_timestamp authtime;
+
+    /* The following fields are (or contain) alias pointers and should not be
+     * freed. */
+
+    /* The transited list implied by the request, aliasing new_transited or the
+     * header ticket transited field. */
+    krb5_transited transited;
+
+    /* Alias to the decrypted second ticket within req, if one applies to this
+     * request. */
+    const krb5_ticket *stkt;
+
+    /* Alias to stkt for S4U2Proxy requests, header_tkt otherwise. */
+    krb5_enc_tkt_part *subject_tkt;
+
+    /* Alias to local_tgt_storage or header_server. */
+    krb5_db_entry *local_tgt;
+
+    /* For either kind of S4U request, an alias to the requested client
+     * principal name. */
+    krb5_principal s4u_cprinc;
+
+    /* An alias to the client principal name we should issue the ticket for
+     * (either header_tkt->enc_part2->client or s4u_cprinc). */
+    krb5_principal tkt_client;
+
+    /* The client principal of the PA-TGS-REQ header ticket.  On early failures
+     * this may be NULL. */
+    krb5_principal cprinc;
+
+    /* The canonicalized request server principal or referral/alternate TGT.
+     * On early failures this may be the requested server instead. */
+    krb5_principal sprinc;
+
+};
+
+static krb5_error_code
+db_get_svc_princ(krb5_context, krb5_principal, krb5_flags,
+                 krb5_db_entry **, const char **);
+
+static krb5_error_code
+prepare_error_tgs(struct kdc_request_state *state, krb5_kdc_req *request,
+                  krb5_ticket *ticket, krb5_error_code code,
+                  krb5_principal canon_server, krb5_data **response,
+                  const char *status, krb5_pa_data **e_data)
+{
+    krb5_context context = state->realm_data->realm_context;
+    krb5_error errpkt;
+    krb5_error_code retval = 0;
+    krb5_data *scratch, *e_data_asn1 = NULL, *fast_edata = NULL;
+
+    errpkt.magic = KV5M_ERROR;
+    errpkt.ctime = 0;
+    errpkt.cusec = 0;
+
+    retval = krb5_us_timeofday(context, &errpkt.stime, &errpkt.susec);
+    if (retval)
+        return(retval);
+    errpkt.error = errcode_to_protocol(code);
+    errpkt.server = request->server;
+    if (ticket && ticket->enc_part2)
+        errpkt.client = ticket->enc_part2->client;
+    else
+        errpkt.client = NULL;
+    errpkt.text.length = strlen(status);
+    if (!(errpkt.text.data = strdup(status)))
+        return ENOMEM;
+
+    if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
+        free(errpkt.text.data);
+        return ENOMEM;
+    }
+
+    if (e_data != NULL) {
+        retval = encode_krb5_padata_sequence(e_data, &e_data_asn1);
+        if (retval) {
+            free(scratch);
+            free(errpkt.text.data);
+            return retval;
+        }
+        errpkt.e_data = *e_data_asn1;
+    } else
+        errpkt.e_data = empty_data();
+
+    retval = kdc_fast_handle_error(context, state, request, e_data,
+                                   &errpkt, &fast_edata);
+    if (retval) {
+        free(scratch);
+        free(errpkt.text.data);
+        krb5_free_data(context, e_data_asn1);
+        return retval;
+    }
+    if (fast_edata)
+        errpkt.e_data = *fast_edata;
+    if (kdc_fast_hide_client(state) && errpkt.client != NULL)
+        errpkt.client = (krb5_principal)krb5_anonymous_principal();
+    retval = krb5_mk_error(context, &errpkt, scratch);
+    free(errpkt.text.data);
+    krb5_free_data(context, e_data_asn1);
+    krb5_free_data(context, fast_edata);
+    if (retval)
+        free(scratch);
+    else
+        *response = scratch;
+
+    return retval;
+}
+
+/* KDC options that require a second ticket */
+#define STKT_OPTIONS (KDC_OPT_CNAME_IN_ADDL_TKT | KDC_OPT_ENC_TKT_IN_SKEY)
+/*
+ * If req is a second-ticket request and a second ticket is present, decrypt
+ * it.  Set *stkt_out to an alias to the ticket with populated enc_part2.  Set
+ * *server_out to the server DB entry and *key_out to the ticket decryption
+ * key.
+ */
+static krb5_error_code
+decrypt_2ndtkt(krb5_context context, krb5_kdc_req *req, krb5_flags flags,
+               krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+               const krb5_ticket **stkt_out, krb5_pac *pac_out,
+               krb5_db_entry **server_out, krb5_keyblock **key_out,
+               const char **status)
+{
+    krb5_error_code retval;
+    krb5_db_entry *server = NULL;
+    krb5_keyblock *key = NULL;
+    krb5_kvno kvno;
+    krb5_ticket *stkt;
+
+    *stkt_out = NULL;
+    *pac_out = NULL;
+    *server_out = NULL;
+    *key_out = NULL;
+
+    if (!(req->kdc_options & STKT_OPTIONS) || req->second_ticket == NULL ||
+        req->second_ticket[0] == NULL)
+        return 0;
+
+    stkt = req->second_ticket[0];
+    retval = kdc_get_server_key(context, stkt, flags, TRUE, &server, &key,
+                                &kvno);
+    if (retval != 0) {
+        *status = "2ND_TKT_SERVER";
+        goto cleanup;
+    }
+    retval = krb5_decrypt_tkt_part(context, key, stkt);
+    if (retval != 0) {
+        *status = "2ND_TKT_DECRYPT";
+        goto cleanup;
+    }
+    retval = get_verified_pac(context, stkt->enc_part2, server, key, local_tgt,
+                              local_tgt_key, pac_out);
+    if (retval != 0) {
+        *status = "2ND_TKT_PAC";
+        goto cleanup;
+    }
+    *stkt_out = stkt;
+    *server_out = server;
+    *key_out = key;
+    server = NULL;
+    key = NULL;
+
+cleanup:
+    krb5_db_free_principal(context, server);
+    krb5_free_keyblock(context, key);
+    return retval;
+}
+
+static krb5_error_code
+get_2ndtkt_enctype(krb5_kdc_req *req, krb5_enctype *useenctype,
+                   const char **status)
+{
+    krb5_enctype etype;
+    krb5_ticket *stkt = req->second_ticket[0];
+    int i;
+
+    etype = stkt->enc_part2->session->enctype;
+    if (!krb5_c_valid_enctype(etype)) {
+        *status = "BAD_ETYPE_IN_2ND_TKT";
+        return KRB5KDC_ERR_ETYPE_NOSUPP;
+    }
+    for (i = 0; i < req->nktypes; i++) {
+        if (req->ktype[i] == etype) {
+            *useenctype = etype;
+            break;
+        }
+    }
+    return 0;
+}
+
+static krb5_error_code
+gen_session_key(krb5_context context, krb5_kdc_req *req, krb5_db_entry *server,
+                krb5_keyblock *skey, const char **status)
+{
+    krb5_error_code retval;
+    krb5_enctype useenctype = 0;
+
+    /*
+     * Some special care needs to be taken in the user-to-user
+     * case, since we don't know what keytypes the application server
+     * which is doing user-to-user authentication can support.  We
+     * know that it at least must be able to support the encryption
+     * type of the session key in the TGT, since otherwise it won't be
+     * able to decrypt the U2U ticket!  So we use that in preference
+     * to anything else.
+     */
+    if (req->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
+        retval = get_2ndtkt_enctype(req, &useenctype, status);
+        if (retval != 0)
+            return retval;
+    }
+    if (useenctype == 0) {
+        useenctype = select_session_keytype(context, server,
+                                            req->nktypes, req->ktype);
+    }
+    if (useenctype == 0) {
+        /* unsupported ktype */
+        *status = "BAD_ENCRYPTION_TYPE";
+        return KRB5KDC_ERR_ETYPE_NOSUPP;
+    }
+
+    return krb5_c_make_random_key(context, useenctype, skey);
+}
+
+/*
+ * The request seems to be for a ticket-granting service somewhere else,
+ * but we don't have a ticket for the final TGS.  Try to give the requestor
+ * some intermediate realm.
+ */
+static krb5_error_code
+find_alternate_tgs(krb5_context context, krb5_principal princ,
+                   krb5_db_entry **server_ptr, const char **status)
+{
+    krb5_error_code retval;
+    krb5_principal *plist = NULL, *pl2;
+    krb5_data tmp;
+    krb5_db_entry *server = NULL;
+
+    *server_ptr = NULL;
+    assert(is_cross_tgs_principal(princ));
+    retval = krb5_walk_realm_tree(context, &princ->realm, &princ->data[1],
+                                  &plist, KRB5_REALM_BRANCH_CHAR);
+    if (retval)
+        goto cleanup;
+    /* move to the end */
+    for (pl2 = plist; *pl2; pl2++);
+
+    /* the first entry in this array is for krbtgt/local@local, so we
+       ignore it */
+    while (--pl2 > plist) {
+        tmp = *krb5_princ_realm(context, *pl2);
+        krb5_princ_set_realm(context, *pl2, &princ->realm);
+        retval = db_get_svc_princ(context, *pl2, 0, &server, status);
+        krb5_princ_set_realm(context, *pl2, &tmp);
+        if (retval == KRB5_KDB_NOENTRY)
+            continue;
+        else if (retval)
+            goto cleanup;
+
+        log_tgs_alt_tgt(context, server->princ);
+        *server_ptr = server;
+        server = NULL;
+        goto cleanup;
+    }
+cleanup:
+    if (retval == 0 && *server_ptr == NULL)
+        retval = KRB5_KDB_NOENTRY;
+    if (retval != 0)
+        *status = "UNKNOWN_SERVER";
+
+    krb5_free_realm_tree(context, plist);
+    krb5_db_free_principal(context, server);
+    return retval;
+}
+
+/* Return true if item is an element of the space/comma-separated list. */
+static krb5_boolean
+in_list(const char *list, const char *item)
+{
+    const char *p;
+    int len = strlen(item);
+
+    if (list == NULL)
+        return FALSE;
+    for (p = strstr(list, item); p != NULL; p = strstr(p + 1, item)) {
+        if ((p == list || isspace((unsigned char)p[-1]) || p[-1] == ',') &&
+            (p[len] == '\0' || isspace((unsigned char)p[len]) ||
+             p[len] == ','))
+                return TRUE;
+    }
+    return FALSE;
+}
+
+/*
+ * Check whether the request satisfies the conditions for generating a referral
+ * TGT.  The caller checks whether the hostname component looks like a FQDN.
+ */
+static krb5_boolean
+is_referral_req(kdc_realm_t *realm, krb5_kdc_req *request)
+{
+    krb5_boolean ret = FALSE;
+    char *stype = NULL;
+    char *hostbased = realm->realm_hostbased;
+    char *no_referral = realm->realm_no_referral;
+
+    if (!(request->kdc_options & KDC_OPT_CANONICALIZE))
+        return FALSE;
+
+    if (request->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY)
+        return FALSE;
+
+    if (request->server->length != 2)
+        return FALSE;
+
+    stype = data2string(&request->server->data[0]);
+    if (stype == NULL)
+        return FALSE;
+    switch (request->server->type) {
+    case KRB5_NT_UNKNOWN:
+        /* Allow referrals for NT-UNKNOWN principals, if configured. */
+        if (!in_list(hostbased, stype) && !in_list(hostbased, "*"))
+            goto cleanup;
+        /* FALLTHROUGH */
+    case KRB5_NT_SRV_HST:
+    case KRB5_NT_SRV_INST:
+        /* Deny referrals for specific service types, if configured. */
+        if (in_list(no_referral, stype) || in_list(no_referral, "*"))
+            goto cleanup;
+        ret = TRUE;
+        break;
+    default:
+        goto cleanup;
+    }
+cleanup:
+    free(stype);
+    return ret;
+}
+
+/*
+ * Find a remote realm TGS principal for an unknown host-based service
+ * principal.
+ */
+static krb5_int32
+find_referral_tgs(kdc_realm_t *realm, krb5_kdc_req *request,
+                  krb5_principal *krbtgt_princ)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code retval = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    char **realms = NULL, *hostname = NULL;
+    krb5_data srealm = request->server->realm;
+
+    if (!is_referral_req(realm, request))
+        goto cleanup;
+
+    hostname = data2string(&request->server->data[1]);
+    if (hostname == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    /* If the hostname doesn't contain a '.', it's not a FQDN. */
+    if (strchr(hostname, '.') == NULL)
+        goto cleanup;
+    retval = krb5_get_host_realm(context, hostname, &realms);
+    if (retval) {
+        /* no match found */
+        kdc_err(context, retval, "unable to find realm of host");
+        goto cleanup;
+    }
+    /* Don't return a referral to the empty realm or the service realm. */
+    if (realms == NULL || realms[0] == NULL || *realms[0] == '\0' ||
+        data_eq_string(srealm, realms[0])) {
+        retval = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto cleanup;
+    }
+    retval = krb5_build_principal(context, krbtgt_princ,
+                                  srealm.length, srealm.data,
+                                  "krbtgt", realms[0], (char *)0);
+cleanup:
+    krb5_free_host_realm(context, realms);
+    free(hostname);
+
+    return retval;
+}
+
+static krb5_error_code
+db_get_svc_princ(krb5_context ctx, krb5_principal princ,
+                 krb5_flags flags, krb5_db_entry **server,
+                 const char **status)
+{
+    krb5_error_code ret;
+
+    ret = krb5_db_get_principal(ctx, princ, flags, server);
+    if (ret == KRB5_KDB_CANTLOCK_DB)
+        ret = KRB5KDC_ERR_SVC_UNAVAILABLE;
+    if (ret != 0) {
+        *status = "LOOKING_UP_SERVER";
+    }
+    return ret;
+}
+
+static krb5_error_code
+search_sprinc(kdc_realm_t *realm, krb5_kdc_req *req,
+              krb5_flags flags, krb5_db_entry **server, const char **status)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+    krb5_principal princ = req->server;
+    krb5_principal reftgs = NULL;
+    krb5_boolean allow_referral;
+
+    /* Do not allow referrals for u2u or ticket modification requests, because
+     * the server is supposed to match an already-issued ticket. */
+    allow_referral = !(req->kdc_options & NO_REFERRAL_OPTION);
+    if (!allow_referral)
+        flags &= ~KRB5_KDB_FLAG_REFERRAL_OK;
+
+    ret = db_get_svc_princ(context, princ, flags, server, status);
+    if (ret == 0 || ret != KRB5_KDB_NOENTRY || !allow_referral)
+        goto cleanup;
+
+    if (!is_cross_tgs_principal(req->server)) {
+        ret = find_referral_tgs(realm, req, &reftgs);
+        if (ret != 0)
+            goto cleanup;
+        ret = db_get_svc_princ(context, reftgs, flags, server, status);
+        if (ret == 0 || ret != KRB5_KDB_NOENTRY)
+            goto cleanup;
+
+        princ = reftgs;
+    }
+    ret = find_alternate_tgs(context, princ, server, status);
+
+cleanup:
+    if (ret != 0 && ret != KRB5KDC_ERR_SVC_UNAVAILABLE) {
+        ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        if (*status == NULL)
+            *status = "LOOKING_UP_SERVER";
+    }
+    krb5_free_principal(context, reftgs);
+    return ret;
+}
+
+/*
+ * Transfer ownership of *reqptr to *t and fill *t with information about the
+ * request.  Decode the PA-TGS-REQ header ticket and the second ticket if
+ * applicable, and decode and verify their PACs if present.  Decode and verify
+ * the S4U2Self request pa-data if present.  Extract authentication indicators
+ * from the subject ticket.  Construct the transited list implied by the
+ * request.
+ */
+static krb5_error_code
+gather_tgs_req_info(kdc_realm_t *realm, krb5_kdc_req **reqptr, krb5_data *pkt,
+                    const krb5_fulladdr *from,
+                    struct kdc_request_state *fast_state,
+                    krb5_audit_state *au_state, struct tgs_req_info *t,
+                    const char **status)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+    krb5_pa_data *pa_tgs_req;
+    unsigned int s_flags;
+    krb5_enc_tkt_part *header_enc;
+    krb5_data d;
+
+    /* Transfer ownership of *reqptr to *t. */
+    t->req = *reqptr;
+    *reqptr = NULL;
+
+    if (t->req->msg_type != KRB5_TGS_REQ)
+        return KRB5_BADMSGTYPE;
+
+    /* Initially set t->sprinc to the outer request server, for logging of
+     * early failures. */
+    t->sprinc = t->req->server;
+
+    /* Read the PA-TGS-REQ authenticator and decrypt the header ticket. */
+    ret = kdc_process_tgs_req(realm, t->req, from, pkt, &t->header_tkt,
+                              &t->header_server, &t->header_key, &t->subkey,
+                              &pa_tgs_req);
+    if (t->header_tkt != NULL && t->header_tkt->enc_part2 != NULL)
+        t->cprinc = t->header_tkt->enc_part2->client;
+    if (ret) {
+        *status = "PROCESS_TGS";
+        return ret;
+    }
+    ret = kau_make_tkt_id(context, t->header_tkt, &au_state->tkt_in_id);
+    if (ret)
+        return ret;
+    header_enc = t->header_tkt->enc_part2;
+
+    /* If PA-FX-FAST-REQUEST padata is present, replace t->req with the inner
+     * request body. */
+    d = make_data(pa_tgs_req->contents, pa_tgs_req->length);
+    ret = kdc_find_fast(&t->req, &d, t->subkey, header_enc->session,
+                        fast_state, NULL);
+    if (ret) {
+        *status = "FIND_FAST";
+        return ret;
+    }
+    /* Reset t->sprinc for the inner body and check it. */
+    t->sprinc = t->req->server;
+    if (t->sprinc == NULL) {
+        *status = "NULL_SERVER";
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    }
+
+    /* The header ticket server is usually a TGT, but if it is not, fetch the
+     * local TGT for the realm.  Get the decrypted first local TGT key. */
+    ret = get_local_tgt(context, &t->sprinc->realm, t->header_server,
+                        &t->local_tgt, &t->local_tgt_storage,
+                        &t->local_tgt_key);
+    if (ret) {
+        *status = "GET_LOCAL_TGT";
+        return ret;
+    }
+
+    /* Decode and verify the header ticket PAC. */
+    ret = get_verified_pac(context, header_enc, t->header_server,
+                           t->header_key, t->local_tgt, &t->local_tgt_key,
+                           &t->header_pac);
+    if (ret) {
+        *status = "HEADER_PAC";
+        return ret;
+    }
+
+    au_state->request = t->req;
+    au_state->stage = SRVC_PRINC;
+
+    /* Look up the server principal entry, or a referral/alternate TGT.  Reset
+     * t->sprinc to the canonical server name (its final value). */
+    s_flags = (t->req->kdc_options & KDC_OPT_CANONICALIZE) ?
+        KRB5_KDB_FLAG_REFERRAL_OK : 0;
+    ret = search_sprinc(realm, t->req, s_flags, &t->server, status);
+    if (ret)
+        return ret;
+    t->sprinc = t->server->princ;
+
+    /* If we got a cross-realm TGS which is not the requested server, we are
+     * issuing a referral (or alternate TGT, which we treat similarly). */
+    if (is_cross_tgs_principal(t->server->princ) &&
+        !krb5_principal_compare(context, t->req->server, t->server->princ))
+        t->flags |= KRB5_KDB_FLAG_ISSUING_REFERRAL;
+
+    /* Mark the request as cross-realm if the header ticket server is not from
+     * this realm. */
+    if (!data_eq(t->header_server->princ->realm, t->sprinc->realm))
+        t->flags |= KRB5_KDB_FLAG_CROSS_REALM;
+
+    t->is_referral = (t->flags & KRB5_KDB_FLAG_ISSUING_REFERRAL);
+    t->is_crossrealm = (t->flags & KRB5_KDB_FLAG_CROSS_REALM);
+
+    /* If S4U2Self padata is present, read it to get the requested principal
+     * name.  Look up the requested client if it is in this realm. */
+    ret = kdc_process_s4u2self_req(context, t->req, t->server, t->subkey,
+                                   header_enc->session, &t->s4u2self,
+                                   &t->client, status);
+    if (t->s4u2self != NULL || ret) {
+        if (t->s4u2self != NULL)
+            au_state->s4u2self_user = t->s4u2self->user_id.user;
+        au_state->status = *status;
+        kau_s4u2self(context, !ret, au_state);
+        au_state->s4u2self_user = NULL;
+    }
+    if (ret)
+        return ret;
+    if (t->s4u2self != NULL) {
+        t->flags |= KRB5_KDB_FLAG_PROTOCOL_TRANSITION;
+        t->s4u_cprinc = t->s4u2self->user_id.user;
+
+        /*
+         * For consistency with Active Directory, don't allow authorization
+         * data to be disabled if S4U2Self is requested.  The requesting
+         * service likely needs a PAC for an S4U2Proxy operation, even if it
+         * doesn't need authorization data in tickets received from clients.
+         */
+        t->server->attributes &= ~KRB5_KDB_NO_AUTH_DATA_REQUIRED;
+    }
+
+    /* For U2U or S4U2Proxy requests, decrypt the second ticket and read its
+     * PAC. */
+    ret = decrypt_2ndtkt(context, t->req, t->flags, t->local_tgt,
+                         &t->local_tgt_key, &t->stkt, &t->stkt_pac,
+                         &t->stkt_server, &t->stkt_server_key, status);
+    if (ret)
+        return ret;
+
+    /* Determine the subject ticket and set the authtime for logging.  For
+     * S4U2Proxy requests determine the requested client principal. */
+    if (t->req->kdc_options & KDC_OPT_CNAME_IN_ADDL_TKT) {
+        t->flags |= KRB5_KDB_FLAG_CONSTRAINED_DELEGATION;
+        ret = kau_make_tkt_id(context, t->stkt, &au_state->evid_tkt_id);
+        if (ret)
+            return ret;
+        if (t->is_crossrealm) {
+            /* For cross-realm S4U2PROXY requests, the second ticket is a
+             * cross TGT with the requested client principal in its PAC. */
+            if (t->stkt_pac == NULL ||
+                get_pac_princ_with_realm(context, t->stkt_pac,
+                                         &t->stkt_pac_client, NULL) != 0) {
+                au_state->status = *status = "RBCD_PAC_PRINC";
+                au_state->violation = PROT_CONSTRAINT;
+                kau_s4u2proxy(context, FALSE, au_state);
+                return KRB5KDC_ERR_BADOPTION;
+            }
+            t->s4u_cprinc = t->stkt_pac_client;
+        } else {
+            /* Otherwise the requested client is the evidence ticket client. */
+            t->s4u_cprinc = t->stkt->enc_part2->client;
+        }
+        t->subject_tkt = t->stkt->enc_part2;
+    } else {
+        t->subject_tkt = header_enc;
+    }
+    t->authtime = t->subject_tkt->times.authtime;
+
+    /* For final S4U requests (either type) the issued ticket will be for the
+     * requested name; otherwise it will be for the header ticket client. */
+    t->tkt_client = ((t->flags & KRB5_KDB_FLAGS_S4U) && !t->is_referral) ?
+        t->s4u_cprinc : header_enc->client;
+
+    if (t->s4u2self == NULL) {
+        /* Extract auth indicators from the subject ticket.  Skip this for
+         * S4U2Self requests as the subject didn't authenticate. */
+        ret = get_auth_indicators(context, t->subject_tkt, t->local_tgt,
+                                  &t->local_tgt_key, &t->auth_indicators);
+        if (ret) {
+            *status = "GET_AUTH_INDICATORS";
+            return ret;
+        }
+
+        if (!(t->server->attributes & KRB5_KDB_NO_AUTH_DATA_REQUIRED)) {
+            /* Try to look up the subject principal so that KDB modules can add
+             * additional authdata.  Ask the KDB to map foreign principals. */
+            assert(t->client == NULL);
+            (void)krb5_db_get_principal(context, t->subject_tkt->client,
+                                        t->flags | KRB5_KDB_FLAG_CLIENT |
+                                        KRB5_KDB_FLAG_MAP_PRINCIPALS,
+                                        &t->client);
+        }
+    }
+
+    /*
+     * Compute the transited list implied by the request.  Use the existing
+     * transited list if the realm of the header ticket server is the same as
+     * the subject or server realm.
+     */
+    if (!t->is_crossrealm ||
+        data_eq(t->header_tkt->server->realm, t->tkt_client->realm)) {
+        t->transited = header_enc->transited;
+    } else {
+        if (header_enc->transited.tr_type != KRB5_DOMAIN_X500_COMPRESS) {
+            *status = "VALIDATE_TRANSIT_TYPE";
+            return KRB5KDC_ERR_TRTYPE_NOSUPP;
+        }
+        ret = add_to_transited(&header_enc->transited.tr_contents,
+                               &t->new_transited, t->header_tkt->server,
+                               t->tkt_client, t->req->server);
+        if (ret) {
+            *status = "ADD_TO_TRANSITED_LIST";
+            return ret;
+        }
+        t->transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
+        t->transited.tr_contents = t->new_transited;
+    }
+
+    return 0;
+}
+
+/* Fill in *times_out with the times of the ticket to be issued.  Set the
+ * TKT_FLG_RENEWABLE bit in *tktflags if the ticket will be renewable. */
+static void
+compute_ticket_times(kdc_realm_t *realm, struct tgs_req_info *t,
+                     krb5_timestamp kdc_time, krb5_flags *tktflags,
+                     krb5_ticket_times *times)
+{
+    krb5_timestamp hstarttime;
+    krb5_deltat hlife;
+    krb5_ticket_times *htimes = &t->header_tkt->enc_part2->times;
+
+    if (t->req->kdc_options & KDC_OPT_VALIDATE) {
+        /* Validation requests preserve the header ticket times. */
+        *times = *htimes;
+        return;
+    }
+
+    /* Preserve the authtime from the subject ticket. */
+    times->authtime = t->authtime;
+
+    times->starttime = (t->req->kdc_options & KDC_OPT_POSTDATED) ?
+        t->req->from : kdc_time;
+
+    if (t->req->kdc_options & KDC_OPT_RENEW) {
+        /* Give the new ticket the same lifetime as the header ticket, but no
+         * later than the renewable end time. */
+        hstarttime = htimes->starttime ? htimes->starttime : htimes->authtime;
+        hlife = ts_delta(htimes->endtime, hstarttime);
+        times->endtime = ts_min(htimes->renew_till,
+                                ts_incr(times->starttime, hlife));
+    } else {
+        kdc_get_ticket_endtime(realm, times->starttime, htimes->endtime,
+                               t->req->till, t->client, t->server,
+                               &times->endtime);
+    }
+
+    kdc_get_ticket_renewtime(realm, t->req, t->header_tkt->enc_part2,
+                             t->client, t->server, tktflags, times);
+
+    /* starttime is optional, and treated as authtime if not present.
+     * so we can omit it if it matches. */
+    if (times->starttime == times->authtime)
+        times->starttime = 0;
+}
+
+/* Check the request in *t against semantic protocol constraints and local
+ * policy.  Determine flags and times for the ticket to be issued. */
+static krb5_error_code
+check_tgs_req(kdc_realm_t *realm, struct tgs_req_info *t,
+              krb5_audit_state *au_state, krb5_flags *tktflags,
+              krb5_ticket_times *times, const char **status,
+              krb5_pa_data ***e_data)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+    krb5_timestamp kdc_time;
+
+    au_state->stage = VALIDATE_POL;
+
+    ret = krb5_timeofday(context, &kdc_time);
+    if (ret)
+        return ret;
+
+    ret = check_tgs_constraints(realm, t->req, t->server, t->header_tkt,
+                                t->header_pac, t->stkt, t->stkt_pac,
+                                t->stkt_server, kdc_time, t->s4u2self,
+                                t->client, t->is_crossrealm, t->is_referral,
+                                status, e_data);
+    if (ret) {
+        au_state->violation = PROT_CONSTRAINT;
+        return ret;
+    }
+
+    ret = check_tgs_policy(realm, t->req, t->server, t->header_tkt,
+                           t->header_pac, t->stkt, t->stkt_pac,
+                           t->stkt_pac_client, t->stkt_server, kdc_time,
+                           t->is_crossrealm, t->is_referral, status, e_data);
+    if (ret) {
+        au_state->violation = LOCAL_POLICY;
+        if (t->flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) {
+            au_state->status = *status;
+            kau_s4u2proxy(context, FALSE, au_state);
+        }
+        return ret;
+    }
+
+    /* Check auth indicators from the subject ticket, except for S4U2Self
+     * requests (where the client didn't authenticate). */
+    if (t->s4u2self == NULL) {
+        ret = check_indicators(context, t->server, t->auth_indicators);
+        if (ret) {
+            *status = "HIGHER_AUTHENTICATION_REQUIRED";
+            return ret;
+        }
+    }
+
+    *tktflags = get_ticket_flags(t->req->kdc_options, t->client, t->server,
+                                 t->header_tkt->enc_part2);
+    compute_ticket_times(realm, t, kdc_time, tktflags, times);
+
+    /* For S4U2Self requests, check if we need to suppress the forwardable
+     * ticket flag. */
+    if (t->s4u2self != NULL && !t->is_referral) {
+        ret = s4u2self_forwardable(context, t->server, tktflags);
+        if (ret)
+            return ret;
+    }
+
+    /* Consult kdcpolicy modules, giving them a chance to modify the times of
+     * the issued ticket. */
+    ret = check_kdcpolicy_tgs(context, t->req, t->server, t->header_tkt,
+                              t->auth_indicators, kdc_time, times, status);
+    if (ret)
+        return ret;
+
+    if (!(t->req->kdc_options & KDC_OPT_DISABLE_TRANSITED_CHECK)) {
+        /* Check the transited path for the issued ticket and set the
+         * transited-policy-checked flag if successful. */
+        ret = kdc_check_transited_list(context, &t->transited.tr_contents,
+                                       &t->subject_tkt->client->realm,
+                                       &t->req->server->realm);
+        if (ret) {
+            /* Log the transited-check failure and continue. */
+            log_tgs_badtrans(context, t->cprinc, t->sprinc,
+                             &t->transited.tr_contents, ret);
+        } else {
+            *tktflags |= TKT_FLG_TRANSIT_POLICY_CHECKED;
+        }
+    } else {
+        krb5_klog_syslog(LOG_INFO, _("not checking transit path"));
+    }
+
+    /* By default, reject the request if the transited path was not checked
+     * successfully. */
+    if (realm->realm_reject_bad_transit &&
+        !(*tktflags & TKT_FLG_TRANSIT_POLICY_CHECKED)) {
+        *status = "BAD_TRANSIT";
+        au_state->violation = LOCAL_POLICY;
+        return KRB5KDC_ERR_POLICY;
+    }
+
+    return 0;
+}
+
+/* Construct a response issuing a ticket for the request in *t, using tktflags
+ * and *times for the ticket flags and times. */
+static krb5_error_code
+tgs_issue_ticket(kdc_realm_t *realm, struct tgs_req_info *t,
+                 krb5_flags tktflags, krb5_ticket_times *times, krb5_data *pkt,
+                 const krb5_fulladdr *from,
+                 struct kdc_request_state *fast_state,
+                 krb5_audit_state *au_state, const char **status,
+                 krb5_data **response)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+    krb5_keyblock session_key = { 0 }, server_key = { 0 };
+    krb5_keyblock *ticket_encrypting_key, *subject_key;
+    krb5_keyblock *initial_reply_key, *fast_reply_key = NULL;
+    krb5_enc_tkt_part enc_tkt_reply = { 0 };
+    krb5_ticket ticket_reply = { 0 };
+    krb5_enc_kdc_rep_part reply_encpart = { 0 };
+    krb5_kdc_rep reply = { 0 };
+    krb5_pac subject_pac;
+    krb5_db_entry *subject_server;
+    krb5_enc_tkt_part *header_enc_tkt = t->header_tkt->enc_part2;
+    krb5_last_req_entry nolrentry = { KV5M_LAST_REQ_ENTRY, KRB5_LRQ_NONE, 0 };
+    krb5_last_req_entry *nolrarray[2] = { &nolrentry, NULL };
+
+    au_state->stage = ISSUE_TKT;
+
+    ret = gen_session_key(context, t->req, t->server, &session_key, status);
+    if (ret)
+        goto cleanup;
+
+    if (t->flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) {
+        subject_pac = t->stkt_pac;
+        subject_server = t->stkt_server;
+        subject_key = t->stkt_server_key;
+    } else {
+        subject_pac = t->header_pac;
+        subject_server = t->header_server;
+        subject_key = t->header_key;
+    }
+
+    initial_reply_key = (t->subkey != NULL) ? t->subkey :
+        t->header_tkt->enc_part2->session;
+
+    if (t->req->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
+        /* For user-to-user, encrypt the ticket with the second ticket's
+         * session key. */
+        ticket_encrypting_key = t->stkt->enc_part2->session;
+    } else {
+        /* Otherwise encrypt the ticket with the server entry's first long-term
+         * key. */
+        ret = get_first_current_key(context, t->server, &server_key);
+        if (ret) {
+            *status = "FINDING_SERVER_KEY";
+            goto cleanup;
+        }
+        ticket_encrypting_key = &server_key;
+    }
+
+    if (t->req->kdc_options & (KDC_OPT_VALIDATE | KDC_OPT_RENEW)) {
+        /* Copy the header ticket server and all enc-part fields except for
+         * authorization data. */
+        ticket_reply.server = t->header_tkt->server;
+        enc_tkt_reply = *t->header_tkt->enc_part2;
+        enc_tkt_reply.authorization_data = NULL;
+    } else {
+        if (t->req->kdc_options & (KDC_OPT_FORWARDED | KDC_OPT_PROXY)) {
+            /* Include the requested addresses in the ticket and reply. */
+            enc_tkt_reply.caddrs = t->req->addresses;
+            reply_encpart.caddrs = t->req->addresses;
+        } else {
+            /* Use the header ticket addresses and omit them from the reply. */
+            enc_tkt_reply.caddrs = header_enc_tkt->caddrs;
+            reply_encpart.caddrs = NULL;
+        }
+
+        ticket_reply.server = t->is_referral ? t->sprinc : t->req->server;
+    }
+
+    enc_tkt_reply.flags = tktflags;
+    enc_tkt_reply.times = *times;
+    enc_tkt_reply.client = t->tkt_client;
+    enc_tkt_reply.session = &session_key;
+    enc_tkt_reply.transited = t->transited;
+
+    ret = handle_authdata(realm, t->flags, t->client, t->server,
+                          subject_server, t->local_tgt, &t->local_tgt_key,
+                          initial_reply_key, ticket_encrypting_key,
+                          subject_key, NULL, pkt, t->req, t->s4u_cprinc,
+                          subject_pac, t->subject_tkt, &t->auth_indicators,
+                          &enc_tkt_reply);
+    if (ret) {
+        krb5_klog_syslog(LOG_INFO, _("TGS_REQ : handle_authdata (%d)"), ret);
+        *status = "HANDLE_AUTHDATA";
+        goto cleanup;
+    }
+
+    ticket_reply.enc_part2 = &enc_tkt_reply;
+
+    ret = krb5_encrypt_tkt_part(context, ticket_encrypting_key, &ticket_reply);
+    if (ret)
+        goto cleanup;
+
+    if (t->req->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
+        ticket_reply.enc_part.kvno = 0;
+        kau_u2u(context, TRUE, au_state);
+    } else {
+        ticket_reply.enc_part.kvno = current_kvno(t->server);
+    }
+
+    au_state->stage = ENCR_REP;
+
+    if (t->s4u2self != NULL &&
+        krb5int_find_pa_data(context, t->req->padata,
+                             KRB5_PADATA_S4U_X509_USER) != NULL) {
+        /* Add an S4U2Self response to the encrypted padata (skipped if the
+         * request only included PA-FOR-USER padata). */
+        ret = kdc_make_s4u2self_rep(context, t->subkey,
+                                    t->header_tkt->enc_part2->session,
+                                    t->s4u2self, &reply, &reply_encpart);
+        if (ret)
+            goto cleanup;
+    }
+
+    reply_encpart.session = &session_key;
+    reply_encpart.nonce = t->req->nonce;
+    reply_encpart.times = enc_tkt_reply.times;
+    reply_encpart.last_req = nolrarray;
+    reply_encpart.key_exp = 0;
+    reply_encpart.flags = enc_tkt_reply.flags;
+    reply_encpart.server = ticket_reply.server;
+
+    reply.msg_type = KRB5_TGS_REP;
+    reply.client = enc_tkt_reply.client;
+    reply.ticket = &ticket_reply;
+    reply.enc_part.kvno = 0;
+    reply.enc_part.enctype = initial_reply_key->enctype;
+    ret = kdc_fast_response_handle_padata(fast_state, t->req, &reply,
+                                          initial_reply_key->enctype);
+    if (ret)
+        goto cleanup;
+    ret = kdc_fast_handle_reply_key(fast_state, initial_reply_key,
+                                    &fast_reply_key);
+    if (ret)
+        goto cleanup;
+    ret = return_enc_padata(context, pkt, t->req, fast_reply_key, t->server,
+                            &reply_encpart,
+                            t->is_referral &&
+                            (t->req->kdc_options & KDC_OPT_CANONICALIZE));
+    if (ret) {
+        *status = "KDC_RETURN_ENC_PADATA";
+        goto cleanup;
+    }
+
+    ret = kau_make_tkt_id(context, &ticket_reply, &au_state->tkt_out_id);
+    if (ret)
+        goto cleanup;
+
+    if (kdc_fast_hide_client(fast_state))
+        reply.client = (krb5_principal)krb5_anonymous_principal();
+    ret = krb5_encode_kdc_rep(context, KRB5_TGS_REP, &reply_encpart,
+                              t->subkey != NULL, fast_reply_key, &reply,
+                              response);
+    if (ret)
+        goto cleanup;
+
+    log_tgs_req(context, from, t->req, &reply, t->cprinc, t->sprinc,
+                t->s4u_cprinc, t->authtime, t->flags, "ISSUE", 0, NULL);
+    au_state->status = "ISSUE";
+    au_state->reply = &reply;
+    if (t->flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)
+        kau_s4u2proxy(context, TRUE, au_state);
+    kau_tgs_req(context, TRUE, au_state);
+    au_state->reply = NULL;
+
+cleanup:
+    zapfree(ticket_reply.enc_part.ciphertext.data,
+            ticket_reply.enc_part.ciphertext.length);
+    zapfree(reply.enc_part.ciphertext.data, reply.enc_part.ciphertext.length);
+    krb5_free_pa_data(context, reply.padata);
+    krb5_free_pa_data(context, reply_encpart.enc_padata);
+    krb5_free_authdata(context, enc_tkt_reply.authorization_data);
+    krb5_free_keyblock_contents(context, &session_key);
+    krb5_free_keyblock_contents(context, &server_key);
+    krb5_free_keyblock(context, fast_reply_key);
+    return ret;
+}
+
+static void
+free_req_info(krb5_context context, struct tgs_req_info *t)
+{
+    krb5_free_kdc_req(context, t->req);
+    krb5_free_ticket(context, t->header_tkt);
+    krb5_db_free_principal(context, t->header_server);
+    krb5_free_keyblock(context, t->header_key);
+    krb5_free_keyblock(context, t->subkey);
+    krb5_pac_free(context, t->header_pac);
+    krb5_pac_free(context, t->stkt_pac);
+    krb5_db_free_principal(context, t->stkt_server);
+    krb5_free_keyblock(context, t->stkt_server_key);
+    krb5_db_free_principal(context, t->local_tgt_storage);
+    krb5_free_keyblock_contents(context, &t->local_tgt_key);
+    krb5_db_free_principal(context, t->server);
+    krb5_db_free_principal(context, t->client);
+    krb5_free_pa_s4u_x509_user(context, t->s4u2self);
+    krb5_free_principal(context, t->stkt_pac_client);
+    k5_free_data_ptr_list(t->auth_indicators);
+    krb5_free_data_contents(context, &t->new_transited);
+}
+
+krb5_error_code
+process_tgs_req(krb5_kdc_req *request, krb5_data *pkt,
+                const krb5_fulladdr *from, kdc_realm_t *realm,
+                krb5_data **response)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+    struct tgs_req_info t = { 0 };
+    struct kdc_request_state *fast_state = NULL;
+    krb5_audit_state *au_state = NULL;
+    krb5_pa_data **e_data = NULL;
+    krb5_flags tktflags;
+    krb5_ticket_times times = { 0 };
+    const char *emsg = NULL, *status = NULL;
+
+    ret = kdc_make_rstate(realm, &fast_state);
+    if (ret)
+        goto cleanup;
+    ret = kau_init_kdc_req(context, request, from, &au_state);
+    if (ret)
+        goto cleanup;
+    kau_tgs_req(context, TRUE, au_state);
+
+    ret = gather_tgs_req_info(realm, &request, pkt, from, fast_state, au_state,
+                              &t, &status);
+    if (ret)
+        goto cleanup;
+
+    ret = check_tgs_req(realm, &t, au_state, &tktflags, &times, &status,
+                        &e_data);
+    if (ret)
+        goto cleanup;
+
+    ret = tgs_issue_ticket(realm, &t, tktflags, &times, pkt, from, fast_state,
+                           au_state, &status, response);
+    if (ret)
+        goto cleanup;
+
+cleanup:
+    if (status == NULL)
+        status = "UNKNOWN_REASON";
+
+    if (ret) {
+        emsg = krb5_get_error_message(context, ret);
+        log_tgs_req(context, from, t.req, NULL, t.cprinc, t.sprinc,
+                    t.s4u_cprinc, t.authtime, t.flags, status, ret, emsg);
+        krb5_free_error_message(context, emsg);
+
+        if (au_state != NULL) {
+            au_state->status = status;
+            kau_tgs_req(context, FALSE, au_state);
+        }
+    }
+
+    if (ret && fast_state != NULL) {
+        ret = prepare_error_tgs(fast_state, t.req, t.header_tkt, ret,
+                                (t.server != NULL) ? t.server->princ : NULL,
+                                response, status, e_data);
+    }
+
+    krb5_free_kdc_req(context, request);
+    kdc_free_rstate(fast_state);
+    kau_free_kdc_req(au_state);
+    free_req_info(context, &t);
+    krb5_free_pa_data(context, e_data);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/kdc/extern.c b/krb5-1.21.3/src/kdc/extern.c
new file mode 100644
index 00000000..ff45bf3f
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/extern.c
@@ -0,0 +1,43 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/extern.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * allocations of extern stuff
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include "extern.h"
+#include "realm_data.h"
+
+/* real declarations of KDC's externs */
+kdc_realm_t     **kdc_realmlist = (kdc_realm_t **) NULL;
+int             kdc_numrealms = 0;
+krb5_data empty_string = {0, 0, ""};
+krb5_int32      max_dgram_reply_size = MAX_DGRAM_SIZE;
+
+/* With ts_after(), this is the largest timestamp value. */
+krb5_timestamp kdc_infinity = -1;
diff --git a/krb5-1.21.3/src/kdc/extern.h b/krb5-1.21.3/src/kdc/extern.h
new file mode 100644
index 00000000..78b9f301
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/extern.h
@@ -0,0 +1,36 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/extern.h */
+/*
+ * Copyright 1990,2001,2007,2009 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KRB5_KDC_EXTERN__
+#define __KRB5_KDC_EXTERN__
+
+/* various externs for KDC */
+extern krb5_data        empty_string;   /* an empty string */
+extern krb5_timestamp   kdc_infinity;   /* greater than all other timestamps */
+extern const int        kdc_modifies_kdb;
+extern krb5_int32       max_dgram_reply_size; /* maximum datagram size */
+
+extern const int        vague_errors;
+#endif /* __KRB5_KDC_EXTERN__ */
diff --git a/krb5-1.21.3/src/kdc/fast_util.c b/krb5-1.21.3/src/kdc/fast_util.c
new file mode 100644
index 00000000..7a6579f1
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/fast_util.c
@@ -0,0 +1,721 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/fast_util.c */
+/*
+ * Copyright (C) 2009, 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+
+#include "kdc_util.h"
+#include "extern.h"
+
+/* Let cookies be valid for ten minutes. */
+#define COOKIE_LIFETIME 600
+
+static krb5_error_code armor_ap_request
+(struct kdc_request_state *state, krb5_fast_armor *armor)
+{
+    krb5_error_code retval = 0;
+    krb5_auth_context authcontext = NULL;
+    krb5_ticket *ticket = NULL;
+    krb5_keyblock *subkey = NULL;
+    kdc_realm_t *realm = state->realm_data;
+    krb5_context context = realm->realm_context;
+
+    assert(armor->armor_type == KRB5_FAST_ARMOR_AP_REQUEST);
+    krb5_clear_error_message(context);
+    retval = krb5_auth_con_init(context, &authcontext);
+    /*disable replay cache*/
+    if (retval == 0)
+        retval = krb5_auth_con_setflags(context, authcontext, 0);
+    if (retval == 0)
+        retval = krb5_rd_req(context, &authcontext, &armor->armor_value,
+                             NULL /*server*/, realm->realm_keytab,
+                             NULL, &ticket);
+    if (retval != 0) {
+        const char * errmsg = krb5_get_error_message(context, retval);
+        k5_setmsg(context, retval, _("%s while handling ap-request armor"),
+                  errmsg);
+        krb5_free_error_message(context, errmsg);
+    }
+    if (retval == 0) {
+        if (!krb5_principal_compare_any_realm(context, realm->realm_tgsprinc,
+                                              ticket->server)) {
+            k5_setmsg(context, KRB5KDC_ERR_SERVER_NOMATCH,
+                      _("ap-request armor for something other than the local "
+                        "TGS"));
+            retval = KRB5KDC_ERR_SERVER_NOMATCH;
+        }
+    }
+    if (retval == 0) {
+        retval = krb5_auth_con_getrecvsubkey(context, authcontext, &subkey);
+        if (retval != 0 || subkey == NULL) {
+            k5_setmsg(context, KRB5KDC_ERR_POLICY,
+                      _("ap-request armor without subkey"));
+            retval = KRB5KDC_ERR_POLICY;
+        }
+    }
+    if (retval == 0)
+        retval = krb5_c_fx_cf2_simple(context,
+                                      subkey, "subkeyarmor",
+                                      ticket->enc_part2->session, "ticketarmor",
+                                      &state->armor_key);
+    if (ticket)
+        krb5_free_ticket(context, ticket);
+    if (subkey)
+        krb5_free_keyblock(context, subkey);
+    if (authcontext)
+        krb5_auth_con_free(context, authcontext);
+    return retval;
+}
+
+static krb5_error_code
+encrypt_fast_reply(struct kdc_request_state *state,
+                   const krb5_fast_response *response,
+                   krb5_data **fx_fast_reply)
+{
+    krb5_context context = state->realm_data->realm_context;
+    krb5_error_code retval = 0;
+    krb5_enc_data encrypted_reply;
+    krb5_data *encoded_response = NULL;
+
+    assert(state->armor_key);
+    retval = encode_krb5_fast_response(response, &encoded_response);
+    if (retval== 0)
+        retval = krb5_encrypt_helper(context, state->armor_key,
+                                     KRB5_KEYUSAGE_FAST_REP,
+                                     encoded_response, &encrypted_reply);
+    if (encoded_response)
+        krb5_free_data(context, encoded_response);
+    encoded_response = NULL;
+    if (retval == 0) {
+        retval = encode_krb5_pa_fx_fast_reply(&encrypted_reply,
+                                              fx_fast_reply);
+        krb5_free_data_contents(context, &encrypted_reply.ciphertext);
+    }
+    return retval;
+}
+
+
+/*
+ * This function will find the FAST padata and, if FAST is successfully
+ * processed, will free the outer request and update the pointer to point to
+ * the inner request.  checksummed_data points to the data that is in the
+ * armored_fast_request checksum; either the pa-tgs-req or the kdc-req-body.
+ */
+krb5_error_code
+kdc_find_fast(krb5_kdc_req **requestptr,
+              krb5_data *checksummed_data,
+              krb5_keyblock *tgs_subkey,
+              krb5_keyblock *tgs_session,
+              struct kdc_request_state *state,
+              krb5_data **inner_body_out)
+{
+    krb5_context context = state->realm_data->realm_context;
+    krb5_error_code retval = 0;
+    krb5_pa_data *fast_padata;
+    krb5_data scratch, plaintext, *inner_body = NULL;
+    krb5_fast_req * fast_req = NULL;
+    krb5_kdc_req *request = *requestptr;
+    krb5_fast_armored_req *fast_armored_req = NULL;
+    krb5_checksum *cksum;
+    krb5_boolean cksum_valid;
+    krb5_keyblock empty_keyblock;
+
+    if (inner_body_out != NULL)
+        *inner_body_out = NULL;
+    scratch.data = NULL;
+    krb5_clear_error_message(context);
+    memset(&empty_keyblock, 0, sizeof(krb5_keyblock));
+    fast_padata = krb5int_find_pa_data(context, request->padata,
+                                       KRB5_PADATA_FX_FAST);
+    if (fast_padata !=  NULL){
+        scratch.length = fast_padata->length;
+        scratch.data = (char *) fast_padata->contents;
+        retval = decode_krb5_pa_fx_fast_request(&scratch, &fast_armored_req);
+        if (retval == 0 &&fast_armored_req->armor) {
+            switch (fast_armored_req->armor->armor_type) {
+            case KRB5_FAST_ARMOR_AP_REQUEST:
+                if (tgs_subkey) {
+                    retval = KRB5KDC_ERR_PREAUTH_FAILED;
+                    k5_setmsg(context, retval,
+                              _("Ap-request armor not permitted with TGS"));
+                    break;
+                }
+                retval = armor_ap_request(state, fast_armored_req->armor);
+                break;
+            default:
+                k5_setmsg(context, KRB5KDC_ERR_PREAUTH_FAILED,
+                          _("Unknown FAST armor type %d"),
+                          fast_armored_req->armor->armor_type);
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            }
+        }
+        if (retval == 0 && !state->armor_key) {
+            if (tgs_subkey)
+                retval = krb5_c_fx_cf2_simple(context,
+                                              tgs_subkey, "subkeyarmor",
+                                              tgs_session, "ticketarmor",
+                                              &state->armor_key);
+            else {
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+                k5_setmsg(context, retval,
+                          _("No armor key but FAST armored request present"));
+            }
+        }
+        if (retval == 0) {
+            plaintext.length = fast_armored_req->enc_part.ciphertext.length;
+            plaintext.data = k5alloc(plaintext.length, &retval);
+        }
+        if (retval == 0) {
+            retval = krb5_c_decrypt(context, state->armor_key,
+                                    KRB5_KEYUSAGE_FAST_ENC, NULL,
+                                    &fast_armored_req->enc_part,
+                                    &plaintext);
+            if (retval == 0)
+                retval = decode_krb5_fast_req(&plaintext, &fast_req);
+            if (retval == 0 && inner_body_out != NULL) {
+                retval = fetch_asn1_field((unsigned char *)plaintext.data,
+                                          1, 2, &scratch);
+                if (retval == 0) {
+                    retval = krb5_copy_data(context, &scratch, &inner_body);
+                }
+            }
+            if (plaintext.data)
+                free(plaintext.data);
+        }
+        cksum = &fast_armored_req->req_checksum;
+        if (retval == 0)
+            retval = krb5_c_verify_checksum(context, state->armor_key,
+                                            KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
+                                            checksummed_data, cksum,
+                                            &cksum_valid);
+        if (retval == 0 && !cksum_valid) {
+            retval = KRB5KRB_AP_ERR_MODIFIED;
+            k5_setmsg(context, retval,
+                      _("FAST req_checksum invalid; request modified"));
+        }
+        if (retval == 0) {
+            if (!krb5_c_is_keyed_cksum(cksum->checksum_type)) {
+                retval = KRB5KDC_ERR_POLICY;
+                k5_setmsg(context, retval,
+                          _("Unkeyed checksum used in fast_req"));
+            }
+        }
+        if (retval == 0) {
+            if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) != 0)
+                retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION;
+        }
+        if (retval == 0) {
+            state->fast_options = fast_req->fast_options;
+            fast_req->req_body->msg_type = request->msg_type;
+            krb5_free_kdc_req(context, request);
+            *requestptr = fast_req->req_body;
+            fast_req->req_body = NULL;
+        }
+    }
+    if (retval == 0 && inner_body_out != NULL) {
+        *inner_body_out = inner_body;
+        inner_body = NULL;
+    }
+    krb5_free_data(context, inner_body);
+    if (fast_req)
+        krb5_free_fast_req(context, fast_req);
+    if (fast_armored_req)
+        krb5_free_fast_armored_req(context, fast_armored_req);
+    return retval;
+}
+
+
+krb5_error_code
+kdc_make_rstate(kdc_realm_t *active_realm, struct kdc_request_state **out)
+{
+    struct kdc_request_state *state = malloc( sizeof(struct kdc_request_state));
+    if (state == NULL)
+        return ENOMEM;
+    memset( state, 0, sizeof(struct kdc_request_state));
+    state->realm_data = active_realm;
+    *out = state;
+    return 0;
+}
+
+void
+kdc_free_rstate (struct kdc_request_state *s)
+{
+    if (s == NULL)
+        return;
+    if (s->armor_key)
+        krb5_free_keyblock(s->realm_data->realm_context, s->armor_key);
+    if (s->strengthen_key)
+        krb5_free_keyblock(s->realm_data->realm_context, s->strengthen_key);
+    k5_zapfree_pa_data(s->in_cookie_padata);
+    k5_zapfree_pa_data(s->out_cookie_padata);
+    free(s);
+}
+
+krb5_error_code
+kdc_fast_response_handle_padata(struct kdc_request_state *state,
+                                krb5_kdc_req *request,
+                                krb5_kdc_rep *rep, krb5_enctype enctype)
+{
+    krb5_context context = state->realm_data->realm_context;
+    krb5_error_code retval = 0;
+    krb5_fast_finished finish;
+    krb5_fast_response fast_response;
+    krb5_data *encoded_ticket = NULL;
+    krb5_data *encrypted_reply = NULL;
+    krb5_pa_data *pa = NULL, **pa_array = NULL;
+    krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5;
+    krb5_pa_data *empty_padata[] = {NULL};
+    krb5_keyblock *strengthen_key = NULL;
+
+    if (!state->armor_key)
+        return 0;
+    memset(&finish, 0, sizeof(finish));
+    retval = krb5_init_keyblock(context, enctype, 0, &strengthen_key);
+    if (retval == 0)
+        retval = krb5_c_make_random_key(context, enctype, strengthen_key);
+    if (retval == 0) {
+        state->strengthen_key = strengthen_key;
+        strengthen_key = NULL;
+    }
+
+    fast_response.padata = rep->padata;
+    if (fast_response.padata == NULL)
+        fast_response.padata = &empty_padata[0];
+    fast_response.strengthen_key = state->strengthen_key;
+    fast_response.nonce = request->nonce;
+    fast_response.finished = &finish;
+    finish.client = rep->client;
+    pa_array = calloc(3, sizeof(*pa_array));
+    if (pa_array == NULL)
+        retval = ENOMEM;
+    pa = calloc(1, sizeof(krb5_pa_data));
+    if (retval == 0 && pa == NULL)
+        retval = ENOMEM;
+    if (retval == 0)
+        retval = krb5_us_timeofday(context, &finish.timestamp, &finish.usec);
+    if (retval == 0)
+        retval = encode_krb5_ticket(rep->ticket, &encoded_ticket);
+    if (retval == 0)
+        retval = krb5int_c_mandatory_cksumtype(context,
+                                               state->armor_key->enctype,
+                                               &cksumtype);
+    if (retval == 0)
+        retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
+                                      KRB5_KEYUSAGE_FAST_FINISHED,
+                                      encoded_ticket, &finish.ticket_checksum);
+    if (retval == 0)
+        retval = encrypt_fast_reply(state, &fast_response, &encrypted_reply);
+    if (retval == 0) {
+        pa[0].pa_type = KRB5_PADATA_FX_FAST;
+        pa[0].length = encrypted_reply->length;
+        pa[0].contents = (unsigned char *)  encrypted_reply->data;
+        pa_array[0] = &pa[0];
+        krb5_free_pa_data(context, rep->padata);
+        rep->padata = pa_array;
+        pa_array = NULL;
+        free(encrypted_reply);
+        encrypted_reply = NULL;
+        pa = NULL;
+    }
+    if (pa)
+        free(pa);
+    if (pa_array)
+        free(pa_array);
+    if (encrypted_reply)
+        krb5_free_data(context, encrypted_reply);
+    if (encoded_ticket)
+        krb5_free_data(context, encoded_ticket);
+    if (strengthen_key != NULL)
+        krb5_free_keyblock(context, strengthen_key);
+    if (finish.ticket_checksum.contents)
+        krb5_free_checksum_contents(context, &finish.ticket_checksum);
+    return retval;
+}
+
+
+/*
+ * We assume the caller is responsible for passing us an in_padata
+ * sufficient to include in a FAST error.  In the FAST case we will
+ * set *fast_edata_out to the edata to be included in the error; in
+ * the non-FAST case we will set it to NULL.
+ */
+krb5_error_code
+kdc_fast_handle_error(krb5_context context,
+                      struct kdc_request_state *state,
+                      krb5_kdc_req *request,
+                      krb5_pa_data  **in_padata, krb5_error *err,
+                      krb5_data **fast_edata_out)
+{
+    krb5_error_code retval = 0;
+    krb5_fast_response resp;
+    krb5_error fx_error;
+    krb5_data *encoded_fx_error = NULL, *encrypted_reply = NULL;
+    krb5_pa_data pa[1];
+    krb5_pa_data *outer_pa[3];
+    krb5_pa_data **inner_pa = NULL;
+    size_t size = 0;
+
+    *fast_edata_out = NULL;
+    memset(outer_pa, 0, sizeof(outer_pa));
+    if (state->armor_key == NULL)
+        return 0;
+    fx_error = *err;
+    fx_error.e_data.data = NULL;
+    fx_error.e_data.length = 0;
+    for (size = 0; in_padata&&in_padata[size]; size++);
+    inner_pa = calloc(size + 2, sizeof(krb5_pa_data *));
+    if (inner_pa == NULL)
+        retval = ENOMEM;
+    if (retval == 0)
+        for (size=0; in_padata&&in_padata[size]; size++)
+            inner_pa[size] = in_padata[size];
+    if (retval == 0)
+        retval = encode_krb5_error(&fx_error, &encoded_fx_error);
+    if (retval == 0) {
+        pa[0].pa_type = KRB5_PADATA_FX_ERROR;
+        pa[0].length = encoded_fx_error->length;
+        pa[0].contents = (unsigned char *) encoded_fx_error->data;
+        inner_pa[size++] = &pa[0];
+    }
+    if (retval == 0) {
+        resp.padata = inner_pa;
+        resp.nonce = request->nonce;
+        resp.strengthen_key = NULL;
+        resp.finished = NULL;
+    }
+    if (retval == 0)
+        retval = encrypt_fast_reply(state, &resp, &encrypted_reply);
+    if (inner_pa)
+        free(inner_pa); /*contained storage from caller and our stack*/
+    if (retval == 0) {
+        pa[0].pa_type = KRB5_PADATA_FX_FAST;
+        pa[0].length = encrypted_reply->length;
+        pa[0].contents = (unsigned char *) encrypted_reply->data;
+        outer_pa[0] = &pa[0];
+    }
+    retval = encode_krb5_padata_sequence(outer_pa, fast_edata_out);
+    if (encrypted_reply)
+        krb5_free_data(context, encrypted_reply);
+    if (encoded_fx_error)
+        krb5_free_data(context, encoded_fx_error);
+    return retval;
+}
+
+krb5_error_code
+kdc_fast_handle_reply_key(struct kdc_request_state *state,
+                          krb5_keyblock *existing_key,
+                          krb5_keyblock **out_key)
+{
+    krb5_context context = state->realm_data->realm_context;
+    krb5_error_code retval = 0;
+
+    if (state->armor_key)
+        retval = krb5_c_fx_cf2_simple(context,
+                                      state->strengthen_key, "strengthenkey",
+                                      existing_key, "replykey", out_key);
+    else
+        retval = krb5_copy_keyblock(context, existing_key, out_key);
+    return retval;
+}
+
+krb5_boolean
+kdc_fast_hide_client(struct kdc_request_state *state)
+{
+    return (state->fast_options & KRB5_FAST_OPTION_HIDE_CLIENT_NAMES) != 0;
+}
+
+/* Create a pa-data entry with the specified type and contents. */
+static krb5_error_code
+make_padata(krb5_preauthtype pa_type, const void *contents, size_t len,
+            krb5_pa_data **out)
+{
+    if (k5_alloc_pa_data(pa_type, len, out) != 0)
+        return ENOMEM;
+    memcpy((*out)->contents, contents, len);
+    return 0;
+}
+
+/*
+ * Derive the secure cookie encryption key from tgt_key and client_princ.  The
+ * cookie key is derived with PRF+ using the concatenation of "COOKIE" and the
+ * unparsed client principal name as input.
+ */
+static krb5_error_code
+derive_cookie_key(krb5_context context, krb5_keyblock *tgt_key,
+                  krb5_const_principal client_princ, krb5_keyblock **key_out)
+{
+    krb5_error_code ret;
+    krb5_data d;
+    char *princstr = NULL, *derive_input = NULL;
+
+    *key_out = NULL;
+
+    /* Construct the input string and derive the cookie key. */
+    ret = krb5_unparse_name(context, client_princ, &princstr);
+    if (ret)
+        goto cleanup;
+    if (asprintf(&derive_input, "COOKIE%s", princstr) < 0) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    d = string2data(derive_input);
+    ret = krb5_c_derive_prfplus(context, tgt_key, &d, ENCTYPE_NULL, key_out);
+
+cleanup:
+    krb5_free_unparsed_name(context, princstr);
+    free(derive_input);
+    return ret;
+}
+
+/* Derive the cookie key for the specified kvno in tgt.  tgt_key must be the
+ * decrypted first key data entry in tgt. */
+static krb5_error_code
+get_cookie_key(krb5_context context, krb5_db_entry *tgt,
+               krb5_keyblock *tgt_key, krb5_kvno kvno,
+               krb5_const_principal client_princ, krb5_keyblock **key_out)
+{
+    krb5_error_code ret;
+    krb5_keyblock storage, *key;
+    krb5_key_data *kd;
+
+    *key_out = NULL;
+    memset(&storage, 0, sizeof(storage));
+
+    if (kvno == current_kvno(tgt)) {
+        /* Use the already-decrypted first key. */
+        key = tgt_key;
+    } else {
+        /* The cookie used an older TGT key; find and decrypt it. */
+        ret = krb5_dbe_find_enctype(context, tgt, -1, -1, kvno, &kd);
+        if (ret)
+            return ret;
+        ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &storage, NULL);
+        if (ret)
+            return ret;
+        key = &storage;
+    }
+
+    ret = derive_cookie_key(context, key, client_princ, key_out);
+    krb5_free_keyblock_contents(context, &storage);
+    return ret;
+}
+
+/* Return true if there is any overlap between padata types in cpadata
+ * (from the cookie) and rpadata (from the request). */
+static krb5_boolean
+is_relevant(krb5_pa_data *const *cpadata, krb5_pa_data *const *rpadata)
+{
+    krb5_pa_data *const *p;
+
+    for (p = cpadata; p != NULL && *p != NULL; p++) {
+        if (krb5int_find_pa_data(NULL, rpadata, (*p)->pa_type) != NULL)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/*
+ * Locate and decode the FAST cookie in req, storing its contents in state for
+ * later access by preauth modules.  If the cookie is expired, return
+ * KRB5KDC_ERR_PREAUTH_EXPIRED if its contents are relevant to req, and ignore
+ * it if they aren't.
+ */
+krb5_error_code
+kdc_fast_read_cookie(krb5_context context, struct kdc_request_state *state,
+                     krb5_kdc_req *req, krb5_db_entry *local_tgt,
+                     krb5_keyblock *local_tgt_key)
+{
+    krb5_error_code ret;
+    krb5_secure_cookie *cookie = NULL;
+    krb5_timestamp now;
+    krb5_keyblock *key = NULL;
+    krb5_enc_data enc;
+    krb5_pa_data *pa;
+    krb5_kvno kvno;
+    krb5_data plain = empty_data();
+
+    pa = krb5int_find_pa_data(context, req->padata, KRB5_PADATA_FX_COOKIE);
+    if (pa == NULL)
+        return 0;
+
+    /* If it's not an MIT version 1 cookie, ignore it.  It may be an empty
+     * "MIT" cookie or a cookie generated by a different KDC implementation. */
+    if (pa->length <= 8 || memcmp(pa->contents, "MIT1", 4) != 0)
+        return 0;
+
+    /* Extract the kvno and generate the corresponding cookie key. */
+    kvno = load_32_be(pa->contents + 4);
+    ret = get_cookie_key(context, local_tgt, local_tgt_key, kvno, req->client,
+                         &key);
+    if (ret)
+        goto cleanup;
+
+    /* Decrypt and decode the cookie. */
+    memset(&enc, 0, sizeof(enc));
+    enc.enctype = key->enctype;
+    enc.ciphertext = make_data(pa->contents + 8, pa->length - 8);
+    ret = alloc_data(&plain, pa->length - 8);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_decrypt(context, key, KRB5_KEYUSAGE_PA_FX_COOKIE, NULL, &enc,
+                         &plain);
+    if (ret)
+        goto cleanup;
+    ret = decode_krb5_secure_cookie(&plain, &cookie);
+    if (ret)
+        goto cleanup;
+
+    /* Check if the cookie is expired. */
+    ret = krb5_timeofday(context, &now);
+    if (ret)
+        goto cleanup;
+    if (ts2tt(now) > cookie->time + COOKIE_LIFETIME) {
+        /* Don't accept the cookie contents.  Only return an error if the
+         * cookie is relevant to the request. */
+        if (is_relevant(cookie->data, req->padata))
+            ret = KRB5KDC_ERR_PREAUTH_EXPIRED;
+        goto cleanup;
+    }
+
+    /* Steal the pa-data list pointer from the cookie and store it in state. */
+    state->in_cookie_padata = cookie->data;
+    cookie->data = NULL;
+
+cleanup:
+    zapfree(plain.data, plain.length);
+    krb5_free_keyblock(context, key);
+    k5_free_secure_cookie(context, cookie);
+    return 0;
+}
+
+/* If state contains a cookie value for pa_type, set *out to the corresponding
+ * data and return true.  Otherwise set *out to empty and return false. */
+krb5_boolean
+kdc_fast_search_cookie(struct kdc_request_state *state,
+                       krb5_preauthtype pa_type, krb5_data *out)
+{
+    krb5_pa_data *pa;
+
+    pa = krb5int_find_pa_data(NULL, state->in_cookie_padata, pa_type);
+    if (pa == NULL) {
+        *out = empty_data();
+        return FALSE;
+    } else {
+        *out = make_data(pa->contents, pa->length);
+        return TRUE;
+    }
+}
+
+/* Set a cookie value in state for data, to be included in the outgoing
+ * cookie.  Duplicate values are ignored. */
+krb5_error_code
+kdc_fast_set_cookie(struct kdc_request_state *state, krb5_preauthtype pa_type,
+                    const krb5_data *data)
+{
+    krb5_pa_data **list = state->out_cookie_padata;
+    size_t count;
+
+    for (count = 0; list != NULL && list[count] != NULL; count++) {
+        if (list[count]->pa_type == pa_type)
+            return 0;
+    }
+
+    list = realloc(list, (count + 2) * sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    state->out_cookie_padata = list;
+    list[count] = list[count + 1] = NULL;
+    return make_padata(pa_type, data->data, data->length, &list[count]);
+}
+
+/* Construct a cookie pa-data item using the cookie values from state, or a
+ * trivial "MIT" cookie if no values are set. */
+krb5_error_code
+kdc_fast_make_cookie(krb5_context context, struct kdc_request_state *state,
+                     krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                     krb5_const_principal client_princ,
+                     krb5_pa_data **cookie_out)
+{
+    krb5_error_code ret;
+    krb5_secure_cookie cookie;
+    krb5_pa_data **contents = state->out_cookie_padata, *pa;
+    krb5_keyblock *key = NULL;
+    krb5_timestamp now;
+    krb5_enc_data enc;
+    krb5_data *der_cookie = NULL;
+    size_t ctlen;
+
+    *cookie_out = NULL;
+    memset(&enc, 0, sizeof(enc));
+
+    /* Make a trivial cookie if there are no contents to marshal or we don't
+     * have a TGT entry to encrypt them. */
+    if (contents == NULL || *contents == NULL || local_tgt_key == NULL)
+        return make_padata(KRB5_PADATA_FX_COOKIE, "MIT", 3, cookie_out);
+
+    ret = derive_cookie_key(context, local_tgt_key, client_princ, &key);
+    if (ret)
+        goto cleanup;
+
+    /* Encode the cookie. */
+    ret = krb5_timeofday(context, &now);
+    if (ret)
+        goto cleanup;
+    cookie.time = ts2tt(now);
+    cookie.data = contents;
+    ret = encode_krb5_secure_cookie(&cookie, &der_cookie);
+    if (ret)
+        goto cleanup;
+
+    /* Encrypt the cookie in key. */
+    ret = krb5_c_encrypt_length(context, key->enctype, der_cookie->length,
+                                &ctlen);
+    if (ret)
+        goto cleanup;
+    ret = alloc_data(&enc.ciphertext, ctlen);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_encrypt(context, key, KRB5_KEYUSAGE_PA_FX_COOKIE, NULL,
+                         der_cookie, &enc);
+    if (ret)
+        goto cleanup;
+
+    /* Construct the cookie pa-data entry. */
+    ret = k5_alloc_pa_data(KRB5_PADATA_FX_COOKIE, 8 + enc.ciphertext.length,
+                           &pa);
+    memcpy(pa->contents, "MIT1", 4);
+    store_32_be(current_kvno(local_tgt), pa->contents + 4);
+    memcpy(pa->contents + 8, enc.ciphertext.data, enc.ciphertext.length);
+    *cookie_out = pa;
+
+cleanup:
+    krb5_free_keyblock(context, key);
+    if (der_cookie != NULL) {
+        zapfree(der_cookie->data, der_cookie->length);
+        free(der_cookie);
+    }
+    krb5_free_data_contents(context, &enc.ciphertext);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/kdc/kdc5_err.et b/krb5-1.21.3/src/kdc/kdc5_err.et
new file mode 100644
index 00000000..9d0ce877
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc5_err.et
@@ -0,0 +1,35 @@
+#
+# kdc/kdc5_err.et
+#
+# Copyright 1990 by the Massachusetts Institute of Technology.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+#
+# KDC internal error table.
+
+error_table	kdc5
+
+error_code KDC5_RCSID,		"$Id$"
+error_code KDC5_NOPORT,		"No server port found"
+error_code KDC5_NONET,		"Network not initialized"
+error_code KDC5_IO_RESPONSE,	"Short write while sending response"
+
+end
diff --git a/krb5-1.21.3/src/kdc/kdc_audit.c b/krb5-1.21.3/src/kdc/kdc_audit.c
new file mode 100644
index 00000000..2333171d
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_audit.c
@@ -0,0 +1,332 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc_audit.c - Interface for KDC audit plugins. */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "kdc_audit.h"
+/* for krb5_klog_syslog */
+#include <syslog.h>
+#include "adm_proto.h"
+
+struct audit_module_handle_st {
+    struct krb5_audit_vtable_st vt;
+    krb5_audit_moddata auctx;
+};
+typedef struct audit_module_handle_st *audit_module_handle;
+
+static audit_module_handle *handles = NULL;
+
+static void
+free_handles(audit_module_handle *list)
+{
+    audit_module_handle *hp, hdl;
+
+    if (list == NULL)
+        return;
+
+    for (hp = list; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.close != NULL)
+            hdl->vt.close(hdl->auctx);
+        free(hdl);
+    }
+    free(list);
+}
+
+/*
+ * Load all available audit plugin modules and prepare for logging. The list of
+ * modules is stored as an array in handles. Use unload_audit_modules() to free
+ * resources allocated by this function.
+ */
+krb5_error_code
+load_audit_modules(krb5_context context)
+{
+    krb5_error_code ret = 0;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    struct krb5_audit_vtable_st vtable;
+    audit_module_handle *list = NULL, hdl = NULL;
+    krb5_audit_moddata auctx;
+    int count = 0;
+
+    if (context == NULL || handles != NULL)
+        return EINVAL;
+
+    /* Get audit plugin vtable. */
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_AUDIT, &modules);
+    if (ret)
+        return ret;
+
+    /* Allocate handle, initialize vtable. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        hdl = k5alloc(sizeof(*hdl), &ret);
+        if (hdl == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&hdl->vt);
+        if (ret) {
+            free(hdl);
+            hdl = NULL;
+            continue;
+        }
+
+        vtable = hdl->vt;
+        if (vtable.open != NULL) {
+            ret = vtable.open(&auctx);
+            if (ret) {
+                krb5_klog_syslog(LOG_ERR,
+                                 _("audit plugin %s failed to open. error=%i"),
+                                 vtable.name, ret);
+                goto cleanup;
+            }
+            hdl->auctx = auctx;
+        }
+        list[count++] = hdl;
+        list[count] = NULL;
+        hdl = NULL;
+    }
+    list[count] = NULL;
+    handles = list;
+    list = NULL;
+    ret = 0;
+
+cleanup:
+    free(hdl);
+    k5_plugin_free_modules(context, modules);
+    free_handles(list);
+    return ret;
+}
+
+/* Free resources allocated by load_audit_modules() function. */
+void
+unload_audit_modules(krb5_context context)
+{
+    free_handles(handles);
+}
+
+/*
+ * Write the output ticket ID into newly-allocated buffer.
+ * Returns 0 on success.
+ */
+krb5_error_code
+kau_make_tkt_id(krb5_context context,
+                const krb5_ticket *ticket, char **out)
+{
+    krb5_error_code ret = 0;
+    char *hash = NULL, *ptr;
+    uint8_t hashbytes[K5_SHA256_HASHLEN];
+    unsigned int i;
+
+    *out = NULL;
+
+    if (ticket == NULL)
+        return EINVAL;
+
+    ret = k5_sha256(&ticket->enc_part.ciphertext, 1, hashbytes);
+    if (ret)
+        return ret;
+
+    hash = k5alloc(sizeof(hashbytes) * 2 + 1, &ret);
+    if (hash == NULL)
+        return ret;
+
+    for (i = 0, ptr = hash; i < sizeof(hashbytes); i++, ptr += 2)
+        snprintf(ptr, 3, "%02X", hashbytes[i]);
+    *ptr = '\0';
+    *out = hash;
+
+    return 0;
+}
+
+/*
+ * Create and initialize krb5_audit_state structure.
+ * Returns 0 on success.
+ */
+krb5_error_code
+kau_init_kdc_req(krb5_context context,
+                 krb5_kdc_req *request, const krb5_fulladdr *from,
+                 krb5_audit_state **state_out)
+{
+    krb5_error_code ret = 0;
+    krb5_audit_state *state = NULL;
+
+    state = k5calloc(1, sizeof(*state), &ret);
+    if (state == NULL)
+        return ret;
+
+    state->request = request;
+    state->cl_addr = from->address;
+    state->cl_port = from->port;
+    state->stage = AUTHN_REQ_CL;
+    ret = krb5int_random_string(context, state->req_id,
+                                sizeof(state->req_id));
+    if (ret) {
+        free(state);
+        return ret;
+    }
+    *state_out = state;
+
+    return 0;
+}
+
+/* Free resources allocated by kau_init_kdc_req() and kau_make_tkt_id()
+ * routines. */
+void
+kau_free_kdc_req(krb5_audit_state *state)
+{
+    if (state == NULL)
+        return;
+    free(state->tkt_in_id);
+    free(state->tkt_out_id);
+    free(state->evid_tkt_id);
+    free(state);
+}
+
+/* Call the KDC start/stop audit plugin entry points. */
+
+void
+kau_kdc_stop(krb5_context context, const krb5_boolean ev_success)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.kdc_stop != NULL)
+            hdl->vt.kdc_stop(hdl->auctx, ev_success);
+    }
+}
+
+void
+kau_kdc_start(krb5_context context, const krb5_boolean ev_success)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.kdc_start != NULL)
+            hdl->vt.kdc_start(hdl->auctx, ev_success);
+    }
+}
+
+/* Call the AS-REQ audit plugin entry point. */
+void
+kau_as_req(krb5_context context, const krb5_boolean ev_success,
+           krb5_audit_state *state)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.as_req != NULL)
+            hdl->vt.as_req(hdl->auctx, ev_success, state);
+    }
+}
+
+/* Call the TGS-REQ audit plugin entry point. */
+void
+kau_tgs_req(krb5_context context, const krb5_boolean ev_success,
+            krb5_audit_state *state)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.tgs_req != NULL)
+            hdl->vt.tgs_req(hdl->auctx, ev_success, state);
+    }
+}
+
+/* Call the S4U2Self audit plugin entry point. */
+void
+kau_s4u2self(krb5_context context, const krb5_boolean ev_success,
+             krb5_audit_state *state)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.tgs_s4u2self != NULL)
+            hdl->vt.tgs_s4u2self(hdl->auctx, ev_success, state);
+    }
+}
+
+/* Call the S4U2Proxy audit plugin entry point. */
+void
+kau_s4u2proxy(krb5_context context,const krb5_boolean ev_success,
+              krb5_audit_state *state)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.tgs_s4u2proxy != NULL)
+            hdl->vt.tgs_s4u2proxy(hdl->auctx, ev_success, state);
+    }
+}
+
+/* Call the U2U audit plugin entry point. */
+void
+kau_u2u(krb5_context context, const krb5_boolean ev_success,
+        krb5_audit_state *state)
+{
+    audit_module_handle *hp, hdl;
+
+    if (handles == NULL)
+        return;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        hdl = *hp;
+        if (hdl->vt.tgs_u2u != NULL)
+            hdl->vt.tgs_u2u(hdl->auctx, ev_success, state);
+    }
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_audit.h b/krb5-1.21.3/src/kdc/kdc_audit.h
new file mode 100644
index 00000000..c2f2e217
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_audit.h
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/kdc_audit.h - KDC-facing API for audit */
+/*
+ * Copyright 2013 by the Massachusetts Institute of Technology.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef KRB5_KDC_AUDIT__
+#define KRB5_KDC_AUDIT__
+
+#include <krb5/krb5.h>
+#include <net-server.h>
+#include <krb5/audit_plugin.h>
+
+krb5_error_code load_audit_modules(krb5_context context);
+void unload_audit_modules(krb5_context context);
+
+/* Utilities */
+
+krb5_error_code
+kau_make_tkt_id(krb5_context context,
+                const krb5_ticket *ticket, char **out);
+
+krb5_error_code
+kau_init_kdc_req(krb5_context context, krb5_kdc_req *request,
+                 const krb5_fulladdr *from, krb5_audit_state **au_state);
+
+void kau_free_kdc_req(krb5_audit_state *state);
+
+/* KDC-facing audit API */
+
+void
+kau_kdc_start(krb5_context context, const krb5_boolean ev_success);
+
+void
+kau_kdc_stop(krb5_context context, const krb5_boolean ev_success);
+
+void
+kau_as_req(krb5_context context, const krb5_boolean ev_success,
+          krb5_audit_state *state);
+
+void
+kau_tgs_req(krb5_context context, const krb5_boolean ev_success,
+           krb5_audit_state *state);
+
+void
+kau_s4u2self(krb5_context context, const krb5_boolean ev_success,
+             krb5_audit_state *state);
+
+void
+kau_s4u2proxy(krb5_context context, const krb5_boolean ev_success,
+              krb5_audit_state *state);
+
+void
+kau_u2u(krb5_context context, const krb5_boolean ev_success,
+        krb5_audit_state *state);
+
+#endif /* KRB5_KDC_AUDIT__ */
diff --git a/krb5-1.21.3/src/kdc/kdc_authdata.c b/krb5-1.21.3/src/kdc/kdc_authdata.c
new file mode 100644
index 00000000..398df219
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_authdata.c
@@ -0,0 +1,628 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_authdata.c - Authorization data routines for the KDC */
+/*
+ * Copyright (C) 2007 Apple Inc.  All Rights Reserved.
+ * Copyright (C) 2008, 2009 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "extern.h"
+#include <stdio.h>
+#include "adm_proto.h"
+
+#include <syslog.h>
+
+#include <assert.h>
+#include <krb5/kdcauthdata_plugin.h>
+
+typedef struct kdcauthdata_handle_st {
+    struct krb5_kdcauthdata_vtable_st vt;
+    krb5_kdcauthdata_moddata data;
+} kdcauthdata_handle;
+
+static kdcauthdata_handle *authdata_modules;
+static size_t n_authdata_modules;
+
+/* Load authdata plugin modules. */
+krb5_error_code
+load_authdata_plugins(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    kdcauthdata_handle *list, *h;
+    size_t count;
+
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_KDCAUTHDATA, &modules);
+    if (ret)
+        return ret;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = calloc(count + 1, sizeof(*list));
+    if (list == NULL) {
+        k5_plugin_free_modules(context, modules);
+        return ENOMEM;
+    }
+
+    /* Initialize each module's vtable and module data. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        h = &list[count];
+        memset(h, 0, sizeof(*h));
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&h->vt);
+        if (ret)                /* Version mismatch, keep going. */
+            continue;
+        if (h->vt.init != NULL) {
+            ret = h->vt.init(context, &h->data);
+            if (ret) {
+                kdc_err(context, ret, _("while loading authdata module %s"),
+                        h->vt.name);
+                continue;
+            }
+        }
+        count++;
+    }
+
+    authdata_modules = list;
+    n_authdata_modules = count;
+    k5_plugin_free_modules(context, modules);
+    return 0;
+}
+
+krb5_error_code
+unload_authdata_plugins(krb5_context context)
+{
+    kdcauthdata_handle *h;
+    size_t i;
+
+    for (i = 0; i < n_authdata_modules; i++) {
+        h = &authdata_modules[i];
+        if (h->vt.fini != NULL)
+            h->vt.fini(context, h->data);
+    }
+    free(authdata_modules);
+    authdata_modules = NULL;
+    return 0;
+}
+
+/* Return true if authdata should be filtered when copying from untrusted
+ * authdata.  If desired_type is non-zero, look only for that type. */
+static krb5_boolean
+is_kdc_issued_authdatum(krb5_authdata *authdata,
+                        krb5_authdatatype desired_type)
+{
+    krb5_boolean result = FALSE;
+    krb5_authdatatype ad_type;
+    unsigned int i, count = 0;
+    krb5_authdatatype *ad_types, *containee_types = NULL;
+
+    if (authdata->ad_type == KRB5_AUTHDATA_IF_RELEVANT) {
+        if (krb5int_get_authdata_containee_types(NULL, authdata, &count,
+                                                 &containee_types) != 0)
+            goto cleanup;
+        ad_types = containee_types;
+    } else {
+        ad_type = authdata->ad_type;
+        count = 1;
+        ad_types = &ad_type;
+    }
+
+    for (i = 0; i < count; i++) {
+        switch (ad_types[i]) {
+        case KRB5_AUTHDATA_SIGNTICKET:
+        case KRB5_AUTHDATA_KDC_ISSUED:
+        case KRB5_AUTHDATA_WIN2K_PAC:
+        case KRB5_AUTHDATA_CAMMAC:
+        case KRB5_AUTHDATA_AUTH_INDICATOR:
+            result = desired_type ? (desired_type == ad_types[i]) : TRUE;
+            break;
+        default:
+            result = FALSE;
+            break;
+        }
+        if (result)
+            break;
+    }
+
+cleanup:
+    free(containee_types);
+    return result;
+}
+
+/* Return true if authdata contains any mandatory-for-KDC elements. */
+static krb5_boolean
+has_mandatory_for_kdc_authdata(krb5_context context, krb5_authdata **authdata)
+{
+    int i;
+
+    if (authdata == NULL)
+        return FALSE;
+    for (i = 0; authdata[i] != NULL; i++) {
+        if (authdata[i]->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Add elements from *new_elements to *existing_list, reallocating as
+ * necessary.  On success, release *new_elements and set it to NULL. */
+static krb5_error_code
+merge_authdata(krb5_authdata ***existing_list, krb5_authdata ***new_elements)
+{
+    size_t count = 0, ncount = 0;
+    krb5_authdata **list = *existing_list, **nlist = *new_elements;
+
+    if (nlist == NULL)
+        return 0;
+
+    for (count = 0; list != NULL && list[count] != NULL; count++);
+    for (ncount = 0; nlist[ncount] != NULL; ncount++);
+
+    list = realloc(list, (count + ncount + 1) * sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+
+    memcpy(list + count, nlist, ncount * sizeof(*nlist));
+    list[count + ncount] = NULL;
+    free(nlist);
+
+    if (list[0] == NULL) {
+        free(list);
+        list = NULL;
+    }
+
+    *new_elements = NULL;
+    *existing_list = list;
+    return 0;
+}
+
+/* Add a copy of new_elements to *existing_list, omitting KDC-issued
+ * authdata. */
+static krb5_error_code
+add_filtered_authdata(krb5_authdata ***existing_list,
+                      krb5_authdata **new_elements)
+{
+    krb5_error_code ret;
+    krb5_authdata **copy;
+    size_t i, j;
+
+    if (new_elements == NULL)
+        return 0;
+
+    ret = krb5_copy_authdata(NULL, new_elements, &copy);
+    if (ret)
+        return ret;
+
+    /* Remove KDC-issued elements from copy. */
+    j = 0;
+    for (i = 0; copy[i] != NULL; i++) {
+        if (is_kdc_issued_authdatum(copy[i], 0)) {
+            free(copy[i]->contents);
+            free(copy[i]);
+        } else {
+            copy[j++] = copy[i];
+        }
+    }
+    copy[j] = NULL;
+
+    /* Destructively merge the filtered copy into existing_list. */
+    ret = merge_authdata(existing_list, &copy);
+    krb5_free_authdata(NULL, copy);
+    return ret;
+}
+
+/* Copy TGS-REQ authorization data into the ticket authdata. */
+static krb5_error_code
+copy_request_authdata(krb5_context context, krb5_keyblock *client_key,
+                      krb5_kdc_req *req, krb5_enc_tkt_part *enc_tkt_req,
+                      krb5_authdata ***tkt_authdata)
+{
+    krb5_error_code ret;
+    krb5_data plaintext;
+
+    assert(enc_tkt_req != NULL);
+
+    ret = alloc_data(&plaintext, req->authorization_data.ciphertext.length);
+    if (ret)
+        return ret;
+
+    /*
+     * RFC 4120 requires authdata in the TGS body to be encrypted in the subkey
+     * with usage 5 if a subkey is present, and in the TGS session key with key
+     * usage 4 if it is not.  Prior to krb5 1.7, we got this wrong, always
+     * decrypting the authorization data with the TGS session key and usage 4.
+     * For the sake of conservatism, try the decryption the old way (wrong if
+     * client_key is a subkey) first, and then try again the right way (in the
+     * case where client_key is a subkey) if the first way fails.
+     */
+    ret = krb5_c_decrypt(context, enc_tkt_req->session,
+                         KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, 0,
+                         &req->authorization_data, &plaintext);
+    if (ret) {
+        ret = krb5_c_decrypt(context, client_key,
+                             KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, 0,
+                             &req->authorization_data, &plaintext);
+    }
+    if (ret)
+        goto cleanup;
+
+    /* Decode the decrypted authdata and make it available to modules in the
+     * request. */
+    ret = decode_krb5_authdata(&plaintext, &req->unenc_authdata);
+    if (ret)
+        goto cleanup;
+
+    if (has_mandatory_for_kdc_authdata(context, req->unenc_authdata)) {
+        ret = KRB5KDC_ERR_POLICY;
+        goto cleanup;
+    }
+
+    ret = add_filtered_authdata(tkt_authdata, req->unenc_authdata);
+
+cleanup:
+    free(plaintext.data);
+    return ret;
+}
+
+/* Copy TGT authorization data into the ticket authdata. */
+static krb5_error_code
+copy_tgt_authdata(krb5_context context, krb5_kdc_req *request,
+                  krb5_authdata **tgt_authdata, krb5_authdata ***tkt_authdata)
+{
+    if (has_mandatory_for_kdc_authdata(context, tgt_authdata))
+        return KRB5KDC_ERR_POLICY;
+
+    return add_filtered_authdata(tkt_authdata, tgt_authdata);
+}
+
+/* Add authentication indicator authdata to enc_tkt_reply, wrapped in a CAMMAC
+ * and an IF-RELEVANT container. */
+static krb5_error_code
+add_auth_indicators(krb5_context context, krb5_data *const *auth_indicators,
+                    krb5_keyblock *server_key, krb5_db_entry *krbtgt,
+                    krb5_keyblock *krbtgt_key,
+                    krb5_enc_tkt_part *enc_tkt_reply)
+{
+    krb5_error_code ret;
+    krb5_data *der_indicators = NULL;
+    krb5_authdata ad, *list[2], **cammac = NULL;
+
+    if (auth_indicators == NULL || *auth_indicators == NULL)
+        return 0;
+
+    /* Format the authentication indicators into an authdata list. */
+    ret = encode_utf8_strings(auth_indicators, &der_indicators);
+    if (ret)
+        goto cleanup;
+    ad.ad_type = KRB5_AUTHDATA_AUTH_INDICATOR;
+    ad.length = der_indicators->length;
+    ad.contents = (uint8_t *)der_indicators->data;
+    list[0] = &ad;
+    list[1] = NULL;
+
+    /* Wrap the list in CAMMAC and IF-RELEVANT containers. */
+    ret = cammac_create(context, enc_tkt_reply, server_key, krbtgt, krbtgt_key,
+                        list, &cammac);
+    if (ret)
+        goto cleanup;
+
+    /* Add the wrapped authdata to the ticket, without copying or filtering. */
+    ret = merge_authdata(&enc_tkt_reply->authorization_data, &cammac);
+
+cleanup:
+    krb5_free_data(context, der_indicators);
+    krb5_free_authdata(context, cammac);
+    return ret;
+}
+
+/* Extract any properly verified authentication indicators from the authdata in
+ * enc_tkt. */
+krb5_error_code
+get_auth_indicators(krb5_context context, krb5_enc_tkt_part *enc_tkt,
+                    krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                    krb5_data ***indicators_out)
+{
+    krb5_error_code ret;
+    krb5_authdata **cammacs = NULL, **adp;
+    krb5_cammac *cammac = NULL;
+    krb5_data **indicators = NULL, der_cammac;
+
+    *indicators_out = NULL;
+
+    ret = krb5_find_authdata(context, enc_tkt->authorization_data, NULL,
+                             KRB5_AUTHDATA_CAMMAC, &cammacs);
+    if (ret)
+        goto cleanup;
+
+    for (adp = cammacs; adp != NULL && *adp != NULL; adp++) {
+        der_cammac = make_data((*adp)->contents, (*adp)->length);
+        ret = decode_krb5_cammac(&der_cammac, &cammac);
+        if (ret)
+            goto cleanup;
+        if (cammac_check_kdcver(context, cammac, enc_tkt, local_tgt,
+                                local_tgt_key)) {
+            ret = authind_extract(context, cammac->elements, &indicators);
+            if (ret)
+                goto cleanup;
+        }
+        k5_free_cammac(context, cammac);
+        cammac = NULL;
+    }
+
+    *indicators_out = indicators;
+    indicators = NULL;
+
+cleanup:
+    krb5_free_authdata(context, cammacs);
+    k5_free_cammac(context, cammac);
+    k5_free_data_ptr_list(indicators);
+    return ret;
+}
+
+static krb5_error_code
+update_delegation_info(krb5_context context, krb5_kdc_req *req,
+                       krb5_pac old_pac, krb5_pac new_pac)
+{
+    krb5_error_code ret;
+    krb5_data ndr_di_in = empty_data(), ndr_di_out = empty_data();
+    struct pac_s4u_delegation_info *di = NULL;
+    char *namestr = NULL;
+
+    ret = krb5_pac_get_buffer(context, old_pac, KRB5_PAC_DELEGATION_INFO,
+                              &ndr_di_in);
+    if (ret && ret != ENOENT)
+        goto cleanup;
+    if (ret) {
+        /* Create new delegation info. */
+        di = k5alloc(sizeof(*di), &ret);
+        if (di == NULL)
+            goto cleanup;
+        di->transited_services = k5calloc(1, sizeof(char *), &ret);
+        if (di->transited_services == NULL)
+            goto cleanup;
+    } else {
+        /* Decode and modify old delegation info. */
+        ret = ndr_dec_delegation_info(&ndr_di_in, &di);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Set proxy_target to the requested server, without realm. */
+    ret = krb5_unparse_name_flags(context, req->server,
+                                  KRB5_PRINCIPAL_UNPARSE_DISPLAY |
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &namestr);
+    if (ret)
+        goto cleanup;
+    free(di->proxy_target);
+    di->proxy_target = namestr;
+
+    /* Add a transited entry for the requesting service, with realm. */
+    assert(req->second_ticket != NULL && req->second_ticket[0] != NULL);
+    ret = krb5_unparse_name(context, req->second_ticket[0]->server, &namestr);
+    if (ret)
+        goto cleanup;
+    di->transited_services[di->transited_services_length++] = namestr;
+
+    ret = ndr_enc_delegation_info(di, &ndr_di_out);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_pac_add_buffer(context, new_pac, KRB5_PAC_DELEGATION_INFO,
+                              &ndr_di_out);
+
+cleanup:
+    krb5_free_data_contents(context, &ndr_di_in);
+    krb5_free_data_contents(context, &ndr_di_out);
+    ndr_free_delegation_info(di);
+    return ret;
+}
+
+static krb5_error_code
+copy_pac_buffer(krb5_context context, uint32_t buffer_type, krb5_pac old_pac,
+                krb5_pac new_pac)
+{
+    krb5_error_code ret;
+    krb5_data data;
+
+    ret = krb5_pac_get_buffer(context, old_pac, buffer_type, &data);
+    if (ret)
+        return ret;
+    ret = krb5_pac_add_buffer(context, new_pac, buffer_type, &data);
+    krb5_free_data_contents(context, &data);
+    return ret;
+}
+
+/*
+ * Possibly add a signed PAC to enc_tkt_reply.  Also possibly add auth
+ * indicators; these are handled here so that the KDB module's issue_pac()
+ * method can alter the auth indicator list.
+ */
+static krb5_error_code
+handle_pac(kdc_realm_t *realm, unsigned int flags, krb5_db_entry *client,
+           krb5_db_entry *server, krb5_db_entry *subject_server,
+           krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+           krb5_keyblock *server_key, krb5_keyblock *subject_key,
+           krb5_keyblock *replaced_reply_key, krb5_enc_tkt_part *subject_tkt,
+           krb5_pac subject_pac, krb5_kdc_req *req,
+           krb5_const_principal altcprinc, krb5_timestamp authtime,
+           krb5_enc_tkt_part *enc_tkt_reply, krb5_data ***auth_indicators)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+    krb5_pac new_pac = NULL;
+    krb5_const_principal pac_client = NULL;
+    krb5_boolean with_realm, is_as_req = (req->msg_type == KRB5_AS_REQ);
+    krb5_db_entry *signing_tgt;
+    krb5_keyblock *privsvr_key = NULL;
+
+    /* Don't add a PAC or auth indicators if the server disables authdata. */
+    if (server->attributes & KRB5_KDB_NO_AUTH_DATA_REQUIRED)
+        return 0;
+
+    /*
+     * Don't add a PAC if the realm disables them, or to an anonymous ticket,
+     * or for an AS-REQ if the client requested not to get one, or for a
+     * TGS-REQ if the subject ticket didn't contain one.
+     */
+    if (realm->realm_disable_pac ||
+        (enc_tkt_reply->flags & TKT_FLG_ANONYMOUS) ||
+        (is_as_req && !include_pac_p(context, req)) ||
+        (!is_as_req && subject_pac == NULL)) {
+        return add_auth_indicators(context, *auth_indicators, server_key,
+                                   local_tgt, local_tgt_key, enc_tkt_reply);
+    }
+
+    ret = krb5_pac_init(context, &new_pac);
+    if (ret)
+        goto cleanup;
+
+    if (subject_pac == NULL)
+        signing_tgt = NULL;
+    else if (krb5_is_tgs_principal(subject_server->princ))
+        signing_tgt = subject_server;
+    else
+        signing_tgt = local_tgt;
+
+    ret = krb5_db_issue_pac(context, flags, client, replaced_reply_key, server,
+                            signing_tgt, authtime, subject_pac, new_pac,
+                            auth_indicators);
+    if (ret) {
+        if (ret == KRB5_PLUGIN_OP_NOTSUPP)
+            ret = 0;
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = add_auth_indicators(context, *auth_indicators, server_key,
+                              local_tgt, local_tgt_key, enc_tkt_reply);
+
+    if ((flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) &&
+        !(flags & KRB5_KDB_FLAG_CROSS_REALM)) {
+        /* Add delegation info for the first S4U2Proxy request. */
+        ret = update_delegation_info(context, req, subject_pac, new_pac);
+        if (ret)
+            goto cleanup;
+    } else if (subject_pac != NULL) {
+        /* Copy delegation info if it was present in the subject PAC. */
+        ret = copy_pac_buffer(context, KRB5_PAC_DELEGATION_INFO, subject_pac,
+                              new_pac);
+        if (ret && ret != ENOENT)
+            goto cleanup;
+    }
+
+    if ((flags & KRB5_KDB_FLAGS_S4U) &&
+        (flags & KRB5_KDB_FLAG_ISSUING_REFERRAL)) {
+        /* When issuing a referral for either kind of S4U request, add client
+         * info for the subject with realm. */
+        pac_client = altcprinc;
+        with_realm = TRUE;
+    } else if (subject_pac == NULL || (flags & KRB5_KDB_FLAGS_S4U)) {
+        /* For a new PAC or when issuing a final ticket for either kind of S4U
+         * request, add client info for the ticket client without the realm. */
+        pac_client = enc_tkt_reply->client;
+        with_realm = FALSE;
+    } else {
+        /*
+         * For regular TGS and transitive RBCD requests, copy the client info
+         * from the incoming PAC, and don't add client info during signing.  We
+         * validated the incoming client info in validate_tgs_request().
+         */
+        ret = copy_pac_buffer(context, KRB5_PAC_CLIENT_INFO, subject_pac,
+                              new_pac);
+        if (ret)
+            goto cleanup;
+        pac_client = NULL;
+        with_realm = FALSE;
+    }
+
+    ret = pac_privsvr_key(context, server, local_tgt_key, &privsvr_key);
+    if (ret)
+        goto cleanup;
+    ret = krb5_kdc_sign_ticket(context, enc_tkt_reply, new_pac, server->princ,
+                               pac_client, server_key, privsvr_key,
+                               with_realm);
+    if (ret)
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    krb5_pac_free(context, new_pac);
+    krb5_free_keyblock(context, privsvr_key);
+    return ret;
+}
+
+krb5_error_code
+handle_authdata(kdc_realm_t *realm, unsigned int flags, krb5_db_entry *client,
+                krb5_db_entry *server, krb5_db_entry *subject_server,
+                krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                krb5_keyblock *client_key, krb5_keyblock *server_key,
+                krb5_keyblock *subject_key, krb5_keyblock *replaced_reply_key,
+                krb5_data *req_pkt, krb5_kdc_req *req,
+                krb5_const_principal altcprinc, krb5_pac subject_pac,
+                krb5_enc_tkt_part *enc_tkt_req, krb5_data ***auth_indicators,
+                krb5_enc_tkt_part *enc_tkt_reply)
+{
+    krb5_context context = realm->realm_context;
+    kdcauthdata_handle *h;
+    krb5_error_code ret = 0;
+    size_t i;
+
+    if (req->msg_type == KRB5_TGS_REQ &&
+        req->authorization_data.ciphertext.data != NULL) {
+        /* Copy TGS request authdata.  This must be done first so that modules
+         * have access to the unencrypted request authdata. */
+        ret = copy_request_authdata(context, client_key, req, enc_tkt_req,
+                                    &enc_tkt_reply->authorization_data);
+        if (ret)
+            return ret;
+    }
+
+    /* Invoke loaded module handlers. */
+    if (!isflagset(enc_tkt_reply->flags, TKT_FLG_ANONYMOUS)) {
+        for (i = 0; i < n_authdata_modules; i++) {
+            h = &authdata_modules[i];
+            ret = h->vt.handle(context, h->data, flags, client, server,
+                               subject_server, client_key, server_key,
+                               subject_key, req_pkt, req, altcprinc,
+                               enc_tkt_req, enc_tkt_reply);
+            if (ret)
+                kdc_err(context, ret, "from authdata module %s", h->vt.name);
+        }
+    }
+
+    if (req->msg_type == KRB5_TGS_REQ) {
+        /* Copy authdata from the TGT to the issued ticket. */
+        ret = copy_tgt_authdata(context, req, enc_tkt_req->authorization_data,
+                                &enc_tkt_reply->authorization_data);
+        if (ret)
+            return ret;
+    }
+
+    return handle_pac(realm, flags, client, server, subject_server, local_tgt,
+                      local_tgt_key, server_key, subject_key,
+                      replaced_reply_key, enc_tkt_req, subject_pac, req,
+                      altcprinc, enc_tkt_reply->times.authtime, enc_tkt_reply,
+                      auth_indicators);
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_log.c b/krb5-1.21.3/src/kdc/kdc_log.c
new file mode 100644
index 00000000..9a8894c9
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_log.c
@@ -0,0 +1,235 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_log.c - Logging functions for KDC requests */
+/*
+ * Copyright 2008,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include <syslog.h>
+#include "adm_proto.h"
+
+/*
+ * A note on KDC-status string format.
+ *
+ * - All letters in the status string should be capitalized;
+ * - the words in the status phrase are separated by underscores;
+ * - abbreviations should be avoided.  Some acceptable "standard" acronyms
+ *   are AS_REQ, TGS_REP etc.
+ * - since in almost all cases KDC status string is set on error, no need
+ *   to state this fact as part of the status string;
+ * - KDC status string should be an imperative phrase.
+ *
+ * Example: "MAKE_RANDOM_KEY"
+ */
+
+/* Main logging routines for ticket requests.
+
+   There are a few simple cases -- unparseable requests mainly --
+   where messages are logged otherwise, but once a ticket request can
+   be decoded in some basic way, these routines are used for logging
+   the details.  */
+
+/* "status" is null to indicate success.  */
+/* Someday, pass local address/port as well.  */
+/* Currently no info about name canonicalization is logged.  */
+void
+log_as_req(krb5_context context,
+           const krb5_fulladdr *local_addr,
+           const krb5_fulladdr *remote_addr,
+           krb5_kdc_req *request, krb5_kdc_rep *reply,
+           krb5_db_entry *client, const char *cname,
+           krb5_db_entry *server, const char *sname,
+           krb5_timestamp authtime,
+           const char *status, krb5_error_code errcode, const char *emsg)
+{
+    const char *fromstring = 0;
+    char fromstringbuf[70];
+    char *ktypestr = NULL;
+    const char *cname2 = cname ? cname : "<unknown client>";
+    const char *sname2 = sname ? sname : "<unknown server>";
+
+    fromstring = inet_ntop(ADDRTYPE2FAMILY(remote_addr->address->addrtype),
+                           remote_addr->address->contents,
+                           fromstringbuf, sizeof(fromstringbuf));
+    if (!fromstring)
+        fromstring = "<unknown>";
+
+    ktypestr = ktypes2str(request->ktype, request->nktypes);
+
+    if (status == NULL) {
+        /* success */
+        char *rep_etypestr = rep_etypes2str(reply);
+        krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: ISSUE: authtime %u, %s, "
+                                     "%s for %s"),
+                         ktypestr ? ktypestr : "", fromstring,
+                         (unsigned int)authtime,
+                         rep_etypestr ? rep_etypestr : "", cname2, sname2);
+        free(rep_etypestr);
+    } else {
+        /* fail */
+        krb5_klog_syslog(LOG_INFO, _("AS_REQ (%s) %s: %s: %s for %s%s%s"),
+                         ktypestr ? ktypestr : "", fromstring, status, cname2,
+                         sname2, emsg ? ", " : "", emsg ? emsg : "");
+    }
+    krb5_db_audit_as_req(context, request,
+                         local_addr->address, remote_addr->address,
+                         client, server, authtime, errcode);
+
+    free(ktypestr);
+}
+
+/*
+ * Unparse a principal for logging purposes and limit the string length.
+ * Ignore errors because the most likely errors are memory exhaustion, and many
+ * other things will fail in the logging functions in that case.
+ */
+static void
+unparse_and_limit(krb5_context ctx, krb5_principal princ, char **str)
+{
+    /* Ignore errors */
+    krb5_unparse_name(ctx, princ, str);
+    limit_string(*str);
+}
+
+/* Here "status" must be non-null.  Error code
+   KRB5KDC_ERR_SERVER_NOMATCH is handled specially.
+
+   Currently no info about name canonicalization is logged.  */
+void
+log_tgs_req(krb5_context ctx, const krb5_fulladdr *from,
+            krb5_kdc_req *request, krb5_kdc_rep *reply,
+            krb5_principal cprinc, krb5_principal sprinc,
+            krb5_principal altcprinc,
+            krb5_timestamp authtime,
+            unsigned int c_flags,
+            const char *status, krb5_error_code errcode, const char *emsg)
+{
+    char *ktypestr = NULL, *rep_etypestr = NULL;
+    const char *fromstring = 0;
+    char fromstringbuf[70];
+    char *cname = NULL, *sname = NULL, *altcname = NULL;
+    char *logcname = NULL, *logsname = NULL, *logaltcname = NULL;
+
+    fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
+                           from->address->contents,
+                           fromstringbuf, sizeof(fromstringbuf));
+    if (!fromstring)
+        fromstring = "<unknown>";
+
+    unparse_and_limit(ctx, cprinc, &cname);
+    logcname = (cname != NULL) ? cname : "<unknown client>";
+    unparse_and_limit(ctx, sprinc, &sname);
+    logsname = (sname != NULL) ? sname : "<unknown server>";
+    unparse_and_limit(ctx, altcprinc, &altcname);
+    logaltcname = (altcname != NULL) ? altcname : "<unknown>";
+
+    /* Differences: server-nomatch message logs 2nd ticket's client
+       name (useful), and doesn't log ktypestr (probably not
+       important).  */
+    if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) {
+        ktypestr = ktypes2str(request->ktype, request->nktypes);
+        if (reply != NULL)
+            rep_etypestr = rep_etypes2str(reply);
+        krb5_klog_syslog(LOG_INFO, _("TGS_REQ (%s) %s: %s: authtime %u, %s%s "
+                                     "%s for %s%s%s"),
+                         ktypestr ? ktypestr : "", fromstring, status,
+                         (unsigned int)authtime,
+                         rep_etypestr ? rep_etypestr : "",
+                         !errcode ? "," : "", logcname, logsname,
+                         errcode ? ", " : "", errcode ? emsg : "");
+        if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
+            krb5_klog_syslog(LOG_INFO,
+                             _("... PROTOCOL-TRANSITION s4u-client=%s"),
+                             logaltcname);
+        else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
+            krb5_klog_syslog(LOG_INFO,
+                             _("... CONSTRAINED-DELEGATION s4u-client=%s"),
+                             logaltcname);
+
+    } else
+        krb5_klog_syslog(LOG_INFO, _("TGS_REQ %s: %s: authtime %u, %s for %s, "
+                                     "2nd tkt client %s"),
+                         fromstring, status, (unsigned int)authtime,
+                         logcname, logsname, logaltcname);
+
+    free(rep_etypestr);
+    free(ktypestr);
+    krb5_free_unparsed_name(ctx, cname);
+    krb5_free_unparsed_name(ctx, sname);
+    krb5_free_unparsed_name(ctx, altcname);
+}
+
+void
+log_tgs_badtrans(krb5_context ctx, krb5_principal cprinc,
+                 krb5_principal sprinc, krb5_data *trcont,
+                 krb5_error_code errcode)
+{
+    unsigned int tlen;
+    char *tdots;
+    const char *emsg = NULL;
+    char *cname = NULL, *sname = NULL;
+    char *logcname = NULL, *logsname = NULL;
+
+    unparse_and_limit(ctx, cprinc, &cname);
+    logcname = (cname != NULL) ? cname : "<unknown client>";
+    unparse_and_limit(ctx, sprinc, &sname);
+    logsname = (sname != NULL) ? sname : "<unknown server>";
+
+    tlen = trcont->length;
+    tdots = tlen > 125 ? "..." : "";
+    tlen = tlen > 125 ? 125 : tlen;
+
+    if (errcode == KRB5KRB_AP_ERR_ILL_CR_TKT)
+        krb5_klog_syslog(LOG_INFO, _("bad realm transit path from '%s' "
+                                     "to '%s' via '%.*s%s'"),
+                         logcname, logsname, tlen,
+                         trcont->data, tdots);
+    else {
+        emsg = krb5_get_error_message(ctx, errcode);
+        krb5_klog_syslog(LOG_ERR, _("unexpected error checking transit "
+                                    "from '%s' to '%s' via '%.*s%s': %s"),
+                         logcname, logsname, tlen,
+                         trcont->data, tdots,
+                         emsg);
+        krb5_free_error_message(ctx, emsg);
+        emsg = NULL;
+    }
+    krb5_free_unparsed_name(ctx, cname);
+    krb5_free_unparsed_name(ctx, sname);
+}
+
+void
+log_tgs_alt_tgt(krb5_context context, krb5_principal p)
+{
+    char *sname;
+    if (krb5_unparse_name(context, p, &sname)) {
+        krb5_klog_syslog(LOG_INFO,
+                         _("TGS_REQ: issuing alternate <un-unparsable> TGT"));
+    } else {
+        limit_string(sname);
+        krb5_klog_syslog(LOG_INFO, _("TGS_REQ: issuing TGT %s"), sname);
+        free(sname);
+    }
+    /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_preauth.c b/krb5-1.21.3/src/kdc/kdc_preauth.c
new file mode 100644
index 00000000..3752be6a
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_preauth.c
@@ -0,0 +1,1663 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_preauth.c - Preauthentication routines for the KDC */
+/*
+ * Copyright 1995, 2003, 2007, 2009 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "extern.h"
+#include <stdio.h>
+#include "adm_proto.h"
+
+#include <syslog.h>
+
+#include <assert.h>
+#include <krb5/kdcpreauth_plugin.h>
+
+/* Let freshness tokens be valid for ten minutes. */
+#define FRESHNESS_LIFETIME 600
+
+typedef struct preauth_system_st {
+    const char *name;
+    int type;
+    int flags;
+    krb5_kdcpreauth_moddata moddata;
+    krb5_kdcpreauth_init_fn init;
+    krb5_kdcpreauth_fini_fn fini;
+    krb5_kdcpreauth_edata_fn get_edata;
+    krb5_kdcpreauth_verify_fn verify_padata;
+    krb5_kdcpreauth_return_fn return_padata;
+    krb5_kdcpreauth_free_modreq_fn free_modreq;
+    krb5_kdcpreauth_loop_fn loop;
+} preauth_system;
+
+static preauth_system *preauth_systems;
+static size_t n_preauth_systems;
+
+static krb5_error_code
+make_etype_info(krb5_context context, krb5_boolean etype_info2,
+                krb5_principal client, krb5_key_data *client_key,
+                krb5_enctype enctype, krb5_data **der_out);
+
+/* Get all available kdcpreauth vtables and a count of preauth types they
+ * support.  Return an empty list on failure. */
+static void
+get_plugin_vtables(krb5_context context,
+                   struct krb5_kdcpreauth_vtable_st **vtables_out,
+                   size_t *n_tables_out, size_t *n_systems_out)
+{
+    krb5_plugin_initvt_fn *plugins = NULL, *pl;
+    struct krb5_kdcpreauth_vtable_st *vtables;
+    size_t count, n_tables, n_systems, i;
+
+    *vtables_out = NULL;
+    *n_tables_out = *n_systems_out = 0;
+
+    /* Auto-register encrypted challenge and (if possible) pkinit. */
+    k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "pkinit",
+                           "preauth");
+    k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "otp",
+                           "preauth");
+    k5_plugin_register_dyn(context, PLUGIN_INTERFACE_KDCPREAUTH, "spake",
+                           "preauth");
+    k5_plugin_register(context, PLUGIN_INTERFACE_KDCPREAUTH,
+                       "encrypted_challenge",
+                       kdcpreauth_encrypted_challenge_initvt);
+    k5_plugin_register(context, PLUGIN_INTERFACE_KDCPREAUTH,
+                       "encrypted_timestamp",
+                       kdcpreauth_encrypted_timestamp_initvt);
+
+    if (k5_plugin_load_all(context, PLUGIN_INTERFACE_KDCPREAUTH, &plugins))
+        return;
+    for (count = 0; plugins[count]; count++);
+    vtables = calloc(count + 1, sizeof(*vtables));
+    if (vtables == NULL)
+        goto cleanup;
+    for (pl = plugins, n_tables = 0; *pl != NULL; pl++) {
+        if ((*pl)(context, 1, 2, (krb5_plugin_vtable)&vtables[n_tables]) == 0)
+            n_tables++;
+    }
+    for (i = 0, n_systems = 0; i < n_tables; i++) {
+        for (count = 0; vtables[i].pa_type_list[count] != 0; count++);
+        n_systems += count;
+    }
+    *vtables_out = vtables;
+    *n_tables_out = n_tables;
+    *n_systems_out = n_systems;
+
+cleanup:
+    k5_plugin_free_modules(context, plugins);
+}
+
+/* Make a list of realm names.  The caller should free the list container but
+ * not the list elements (which are aliases into kdc_realmlist). */
+static krb5_error_code
+get_realm_names(struct server_handle *handle, const char ***list_out)
+{
+    const char **list;
+    int i;
+
+    list = calloc(handle->kdc_numrealms + 1, sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    for (i = 0; i < handle->kdc_numrealms; i++)
+        list[i] = handle->kdc_realmlist[i]->realm_name;
+    list[i] = NULL;
+    *list_out = list;
+    return 0;
+}
+
+void
+load_preauth_plugins(struct server_handle *handle, krb5_context context,
+                     verto_ctx *ctx)
+{
+    krb5_error_code ret;
+    struct krb5_kdcpreauth_vtable_st *vtables = NULL, *vt;
+    size_t n_systems, n_tables, i, j;
+    krb5_kdcpreauth_moddata moddata;
+    const char **realm_names = NULL, *emsg;
+    preauth_system *sys;
+
+    /* Get all available kdcpreauth vtables. */
+    get_plugin_vtables(context, &vtables, &n_tables, &n_systems);
+
+    /* Allocate the list of static and plugin preauth systems. */
+    preauth_systems = calloc(n_systems + 1, sizeof(preauth_system));
+    if (preauth_systems == NULL)
+        goto cleanup;
+
+    if (get_realm_names(handle, &realm_names))
+        goto cleanup;
+
+    /* Add the dynamically-loaded mechanisms to the list. */
+    n_systems = 0;
+    for (i = 0; i < n_tables; i++) {
+        /* Try to initialize this module. */
+        vt = &vtables[i];
+        moddata = NULL;
+        if (vt->init) {
+            ret = vt->init(context, &moddata, realm_names);
+            if (ret) {
+                emsg = krb5_get_error_message(context, ret);
+                krb5_klog_syslog(LOG_ERR, _("preauth %s failed to "
+                                            "initialize: %s"), vt->name, emsg);
+                krb5_free_error_message(context, emsg);
+                continue;
+            }
+        }
+
+        if (vt->loop) {
+            ret = vt->loop(context, moddata, ctx);
+            if (ret) {
+                emsg = krb5_get_error_message(context, ret);
+                krb5_klog_syslog(LOG_ERR, _("preauth %s failed to setup "
+                                            "loop: %s"), vt->name, emsg);
+                krb5_free_error_message(context, emsg);
+                if (vt->fini)
+                    vt->fini(context, moddata);
+                continue;
+            }
+        }
+
+        /* Add this module to the systems list once for each pa type. */
+        for (j = 0; vt->pa_type_list[j] != 0; j++) {
+            sys = &preauth_systems[n_systems];
+            sys->name = vt->name;
+            sys->type = vt->pa_type_list[j];
+            sys->flags = (vt->flags) ? vt->flags(context, sys->type) : 0;
+            sys->moddata = moddata;
+            sys->init = vt->init;
+            /* Only call fini once for each plugin. */
+            sys->fini = (j == 0) ? vt->fini : NULL;
+            sys->get_edata = vt->edata;
+            sys->verify_padata = vt->verify;
+            sys->return_padata = vt->return_padata;
+            sys->free_modreq = vt->free_modreq;
+            sys->loop = vt->loop;
+            n_systems++;
+        }
+    }
+    n_preauth_systems = n_systems;
+    /* Add the end-of-list marker. */
+    preauth_systems[n_systems].name = "[end]";
+    preauth_systems[n_systems].type = -1;
+
+cleanup:
+    free(vtables);
+    free(realm_names);
+}
+
+void
+unload_preauth_plugins(krb5_context context)
+{
+    size_t i;
+
+    for (i = 0; i < n_preauth_systems; i++) {
+        if (preauth_systems[i].fini)
+            preauth_systems[i].fini(context, preauth_systems[i].moddata);
+    }
+    free(preauth_systems);
+    preauth_systems = NULL;
+    n_preauth_systems = 0;
+}
+
+/*
+ * The make_padata_context() function creates a space for storing any
+ * request-specific module data which will be needed by return_padata() later.
+ * Each preauth type gets a storage location of its own.
+ */
+struct request_pa_context {
+    int n_contexts;
+    struct {
+        preauth_system *pa_system;
+        krb5_kdcpreauth_modreq modreq;
+    } *contexts;
+};
+
+static krb5_error_code
+make_padata_context(krb5_context context, void **padata_context)
+{
+    int i;
+    struct request_pa_context *ret;
+
+    ret = malloc(sizeof(*ret));
+    if (ret == NULL) {
+        return ENOMEM;
+    }
+
+    ret->n_contexts = n_preauth_systems;
+    ret->contexts = malloc(sizeof(ret->contexts[0]) * ret->n_contexts);
+    if (ret->contexts == NULL) {
+        free(ret);
+        return ENOMEM;
+    }
+
+    memset(ret->contexts, 0, sizeof(ret->contexts[0]) * ret->n_contexts);
+
+    for (i = 0; i < ret->n_contexts; i++) {
+        ret->contexts[i].pa_system = &preauth_systems[i];
+        ret->contexts[i].modreq = NULL;
+    }
+
+    *padata_context = ret;
+
+    return 0;
+}
+
+/*
+ * The free_padata_context function frees any context information pointers
+ * which the check_padata() function created but which weren't already cleaned
+ * up by return_padata().
+ */
+void
+free_padata_context(krb5_context kcontext, void *padata_context)
+{
+    struct request_pa_context *context = padata_context;
+    preauth_system *sys;
+    int i;
+
+    if (context == NULL)
+        return;
+    for (i = 0; i < context->n_contexts; i++) {
+        sys = context->contexts[i].pa_system;
+        if (!sys->free_modreq || !context->contexts[i].modreq)
+            continue;
+        sys->free_modreq(kcontext, sys->moddata, context->contexts[i].modreq);
+        context->contexts[i].modreq = NULL;
+    }
+
+    free(context->contexts);
+    free(context);
+}
+
+static krb5_deltat
+max_time_skew(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return context->clockskew;
+}
+
+static krb5_error_code
+client_keys(krb5_context context, krb5_kdcpreauth_rock rock,
+            krb5_keyblock **keys_out)
+{
+    krb5_kdc_req *request = rock->request;
+    krb5_db_entry *client = rock->client;
+    krb5_keyblock *keys, key;
+    krb5_key_data *entry_key;
+    int i, k;
+
+    keys = calloc(request->nktypes + 1, sizeof(krb5_keyblock));
+    if (keys == NULL)
+        return ENOMEM;
+
+    k = 0;
+    for (i = 0; i < request->nktypes; i++) {
+        entry_key = NULL;
+        if (krb5_dbe_find_enctype(context, client, request->ktype[i],
+                                  -1, 0, &entry_key) != 0)
+            continue;
+        if (krb5_dbe_decrypt_key_data(context, NULL, entry_key,
+                                      &key, NULL) != 0)
+            continue;
+        keys[k++] = key;
+    }
+    if (k == 0) {
+        free(keys);
+        return ENOENT;
+    }
+    *keys_out = keys;
+    return 0;
+}
+
+static void free_keys(krb5_context context, krb5_kdcpreauth_rock rock,
+                      krb5_keyblock *keys)
+{
+    krb5_keyblock *k;
+
+    if (keys == NULL)
+        return;
+    for (k = keys; k->enctype != 0; k++)
+        krb5_free_keyblock_contents(context, k);
+    free(keys);
+}
+
+static krb5_data *
+request_body(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->inner_body;
+}
+
+static krb5_keyblock *
+fast_armor(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->rstate->armor_key;
+}
+
+static krb5_error_code
+get_string(krb5_context context, krb5_kdcpreauth_rock rock, const char *key,
+           char **value_out)
+{
+    return krb5_dbe_get_string(context, rock->client, key, value_out);
+}
+
+static void
+free_string(krb5_context context, krb5_kdcpreauth_rock rock, char *string)
+{
+    krb5_dbe_free_string(context, string);
+}
+
+static void *
+client_entry(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->client;
+}
+
+static verto_ctx *
+event_context(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->vctx;
+}
+
+static krb5_boolean
+have_client_keys(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    krb5_kdc_req *request = rock->request;
+    krb5_key_data *kd;
+    int i;
+
+    for (i = 0; i < request->nktypes; i++) {
+        if (krb5_dbe_find_enctype(context, rock->client, request->ktype[i],
+                                  -1, 0, &kd) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+static const krb5_keyblock *
+client_keyblock(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    if (rock->client_keyblock->enctype == ENCTYPE_NULL)
+        return NULL;
+    return rock->client_keyblock;
+}
+
+static krb5_error_code
+add_auth_indicator(krb5_context context, krb5_kdcpreauth_rock rock,
+                   const char *indicator)
+{
+    return authind_add(context, indicator, rock->auth_indicators);
+}
+
+static krb5_boolean
+get_cookie(krb5_context context, krb5_kdcpreauth_rock rock,
+           krb5_preauthtype pa_type, krb5_data *out)
+{
+    return kdc_fast_search_cookie(rock->rstate, pa_type, out);
+}
+
+static krb5_error_code
+set_cookie(krb5_context context, krb5_kdcpreauth_rock rock,
+           krb5_preauthtype pa_type, const krb5_data *data)
+{
+    return kdc_fast_set_cookie(rock->rstate, pa_type, data);
+}
+
+static krb5_boolean
+match_client(krb5_context context, krb5_kdcpreauth_rock rock,
+             krb5_principal princ)
+{
+    krb5_db_entry *ent;
+    krb5_boolean match = FALSE;
+    krb5_principal req_client = rock->request->client;
+    krb5_principal client = rock->client->princ;
+
+    /* Check for a direct match against the request principal or
+     * the post-canon client principal. */
+    if (krb5_principal_compare_flags(context, princ, req_client,
+                                     KRB5_PRINCIPAL_COMPARE_ENTERPRISE) ||
+        krb5_principal_compare(context, princ, client))
+        return TRUE;
+
+    if (krb5_db_get_principal(context, princ, KRB5_KDB_FLAG_CLIENT, &ent))
+        return FALSE;
+    match = krb5_principal_compare(context, ent->princ, client);
+    krb5_db_free_principal(context, ent);
+    return match;
+}
+
+static krb5_principal
+client_name(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->client->princ;
+}
+
+static void
+send_freshness_token(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    rock->send_freshness_token = TRUE;
+}
+
+static krb5_error_code
+check_freshness_token(krb5_context context, krb5_kdcpreauth_rock rock,
+                      const krb5_data *token)
+{
+    krb5_timestamp token_ts, now;
+    krb5_key_data *kd;
+    krb5_keyblock kb;
+    krb5_kvno token_kvno;
+    krb5_checksum cksum;
+    krb5_data d;
+    uint8_t *token_cksum;
+    size_t token_cksum_len;
+    krb5_boolean valid = FALSE;
+    char ckbuf[4];
+
+    memset(&kb, 0, sizeof(kb));
+
+    if (krb5_timeofday(context, &now) != 0)
+        goto cleanup;
+
+    if (token->length <= 8)
+        goto cleanup;
+    token_ts = load_32_be(token->data);
+    token_kvno = load_32_be(token->data + 4);
+    token_cksum = (uint8_t *)token->data + 8;
+    token_cksum_len = token->length - 8;
+
+    /* Check if the token timestamp is too old. */
+    if (ts_after(now, ts_incr(token_ts, FRESHNESS_LIFETIME)))
+        goto cleanup;
+
+    /* Fetch and decrypt the local krbtgt key of the token's kvno. */
+    if (krb5_dbe_find_enctype(context, rock->local_tgt, -1, -1, token_kvno,
+                              &kd) != 0)
+        goto cleanup;
+    if (krb5_dbe_decrypt_key_data(context, NULL, kd, &kb, NULL) != 0)
+        goto cleanup;
+
+    /* Verify the token checksum against the current KDC time.  The checksum
+     * must use the mandatory checksum type of the krbtgt key's enctype. */
+    store_32_be(token_ts, ckbuf);
+    d = make_data(ckbuf, sizeof(ckbuf));
+    cksum.magic = KV5M_CHECKSUM;
+    cksum.checksum_type = 0;
+    cksum.length = token_cksum_len;
+    cksum.contents = token_cksum;
+    (void)krb5_c_verify_checksum(context, &kb, KRB5_KEYUSAGE_PA_AS_FRESHNESS,
+                                 &d, &cksum, &valid);
+
+cleanup:
+    krb5_free_keyblock_contents(context, &kb);
+    return valid ? 0 : KRB5KDC_ERR_PREAUTH_EXPIRED;
+}
+
+static krb5_error_code
+replace_reply_key(krb5_context context, krb5_kdcpreauth_rock rock,
+                  const krb5_keyblock *key, krb5_boolean is_strengthen)
+{
+    krb5_keyblock copy;
+
+    if (krb5_copy_keyblock_contents(context, key, &copy) != 0)
+        return ENOMEM;
+    krb5_free_keyblock_contents(context, rock->client_keyblock);
+    *rock->client_keyblock = copy;
+    if (!is_strengthen)
+        rock->replaced_reply_key = TRUE;
+    return 0;
+}
+
+static struct krb5_kdcpreauth_callbacks_st callbacks = {
+    6,
+    max_time_skew,
+    client_keys,
+    free_keys,
+    request_body,
+    fast_armor,
+    get_string,
+    free_string,
+    client_entry,
+    event_context,
+    have_client_keys,
+    client_keyblock,
+    add_auth_indicator,
+    get_cookie,
+    set_cookie,
+    match_client,
+    client_name,
+    send_freshness_token,
+    check_freshness_token,
+    replace_reply_key
+};
+
+static krb5_error_code
+find_pa_system(int type, preauth_system **preauth)
+{
+    preauth_system *ap;
+
+    if (preauth_systems == NULL)
+        return KRB5_PREAUTH_BAD_TYPE;
+    ap = preauth_systems;
+    while ((ap->type != -1) && (ap->type != type))
+        ap++;
+    if (ap->type == -1)
+        return(KRB5_PREAUTH_BAD_TYPE);
+    *preauth = ap;
+    return 0;
+}
+
+/* Find a pointer to the request-specific module data for pa_sys. */
+static krb5_error_code
+find_modreq(preauth_system *pa_sys, struct request_pa_context *context,
+            krb5_kdcpreauth_modreq **modreq_out)
+{
+    int i;
+
+    *modreq_out = NULL;
+    if (context == NULL)
+        return KRB5KRB_ERR_GENERIC;
+
+    for (i = 0; i < context->n_contexts; i++) {
+        if (context->contexts[i].pa_system == pa_sys) {
+            *modreq_out = &context->contexts[i].modreq;
+            return 0;
+        }
+    }
+
+    return KRB5KRB_ERR_GENERIC;
+}
+
+/*
+ * Create a list of indices into the preauth_systems array, sorted by order of
+ * preference.
+ */
+static krb5_boolean
+pa_list_includes(krb5_pa_data **pa_data, krb5_preauthtype pa_type)
+{
+    while (*pa_data != NULL) {
+        if ((*pa_data)->pa_type == pa_type)
+            return TRUE;
+        pa_data++;
+    }
+    return FALSE;
+}
+static void
+sort_pa_order(krb5_context context, krb5_kdc_req *request, int *pa_order)
+{
+    size_t i, j, k, n_repliers, n_key_replacers;
+
+    /* First, set up the default order. */
+    i = 0;
+    for (j = 0; j < n_preauth_systems; j++) {
+        if (preauth_systems[j].return_padata != NULL)
+            pa_order[i++] = j;
+    }
+    n_repliers = i;
+    pa_order[n_repliers] = -1;
+
+    /* Reorder so that PA_REPLACES_KEY modules are listed first. */
+    for (i = 0; i < n_repliers; i++) {
+        /* If this module replaces the key, then it's okay to leave it where it
+         * is in the order. */
+        if (preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY)
+            continue;
+        /* If not, search for a module which does, and swap in the first one we
+         * find. */
+        for (j = i + 1; j < n_repliers; j++) {
+            if (preauth_systems[pa_order[j]].flags & PA_REPLACES_KEY) {
+                k = pa_order[j];
+                pa_order[j] = pa_order[i];
+                pa_order[i] = k;
+                break;
+            }
+        }
+        /* If we didn't find one, we have moved all of the key-replacing
+         * modules, and i is the count of those modules. */
+        if (j == n_repliers)
+            break;
+    }
+    n_key_replacers = i;
+
+    if (request->padata != NULL) {
+        /* Now reorder the subset of modules which replace the key,
+         * bubbling those which handle pa_data types provided by the
+         * client ahead of the others.
+         */
+        for (i = 0; i < n_key_replacers; i++) {
+            if (pa_list_includes(request->padata,
+                                 preauth_systems[pa_order[i]].type))
+                continue;
+            for (j = i + 1; j < n_key_replacers; j++) {
+                if (pa_list_includes(request->padata,
+                                     preauth_systems[pa_order[j]].type)) {
+                    k = pa_order[j];
+                    pa_order[j] = pa_order[i];
+                    pa_order[i] = k;
+                    break;
+                }
+            }
+        }
+    }
+#ifdef DEBUG
+    krb5_klog_syslog(LOG_DEBUG, "original preauth mechanism list:");
+    for (i = 0; i < n_preauth_systems; i++) {
+        if (preauth_systems[i].return_padata != NULL)
+            krb5_klog_syslog(LOG_DEBUG, "... %s(%d)", preauth_systems[i].name,
+                             preauth_systems[i].type);
+    }
+    krb5_klog_syslog(LOG_DEBUG, "sorted preauth mechanism list:");
+    for (i = 0; pa_order[i] != -1; i++) {
+        krb5_klog_syslog(LOG_DEBUG, "... %s(%d)",
+                         preauth_systems[pa_order[i]].name,
+                         preauth_systems[pa_order[i]].type);
+    }
+#endif
+}
+
+const char *missing_required_preauth(krb5_db_entry *client,
+                                     krb5_db_entry *server,
+                                     krb5_enc_tkt_part *enc_tkt_reply)
+{
+#ifdef DEBUG
+    krb5_klog_syslog (
+        LOG_DEBUG,
+        "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth",
+        isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ",
+        isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ",
+        isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ",
+        isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no ");
+#endif
+
+    if (isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) &&
+        !isflagset(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH))
+        return "NEEDED_PREAUTH";
+
+    if (isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) &&
+        !isflagset(enc_tkt_reply->flags, TKT_FLG_HW_AUTH))
+        return "NEEDED_HW_PREAUTH";
+
+    return 0;
+}
+
+/* Return true if request's enctypes indicate support for etype-info2. */
+static krb5_boolean
+requires_info2(const krb5_kdc_req *request)
+{
+    int i;
+
+    for (i = 0; i < request->nktypes; i++) {
+        if (enctype_requires_etype_info_2(request->ktype[i]))
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Add PA-ETYPE-INFO2 and possibly PA-ETYPE-INFO entries to pa_list as
+ * appropriate for the request and client principal. */
+static krb5_error_code
+add_etype_info(krb5_context context, krb5_kdcpreauth_rock rock,
+               krb5_pa_data ***pa_list)
+{
+    krb5_error_code ret;
+    krb5_data *der;
+
+    if (rock->client_key == NULL)
+        return 0;
+
+    if (!requires_info2(rock->request)) {
+        /* Include PA-ETYPE-INFO only for old clients. */
+        ret = make_etype_info(context, FALSE, rock->client->princ,
+                              rock->client_key, rock->client_keyblock->enctype,
+                              &der);
+        if (ret)
+            return ret;
+        ret = k5_add_pa_data_from_data(pa_list, KRB5_PADATA_ETYPE_INFO, der);
+        krb5_free_data(context, der);
+        if (ret)
+            return ret;
+    }
+
+    /* Always include PA-ETYPE-INFO2. */
+    ret = make_etype_info(context, TRUE, rock->client->princ, rock->client_key,
+                          rock->client_keyblock->enctype, &der);
+    if (ret)
+        return ret;
+    ret = k5_add_pa_data_from_data(pa_list, KRB5_PADATA_ETYPE_INFO2, der);
+    krb5_free_data(context, der);
+    return ret;
+}
+
+/* Add PW-SALT entries to pa_list as appropriate for the request and client
+ * principal. */
+static krb5_error_code
+add_pw_salt(krb5_context context, krb5_kdcpreauth_rock rock,
+            krb5_pa_data ***pa_list)
+{
+    krb5_error_code ret;
+    krb5_data *salt = NULL;
+    krb5_int16 salttype;
+
+    /* Only include this pa-data for old clients. */
+    if (rock->client_key == NULL || requires_info2(rock->request))
+        return 0;
+
+    ret = krb5_dbe_compute_salt(context, rock->client_key,
+                                rock->request->client, &salttype, &salt);
+    if (ret)
+        return 0;
+
+    ret = k5_add_pa_data_from_data(pa_list, KRB5_PADATA_PW_SALT, salt);
+    krb5_free_data(context, salt);
+    return ret;
+}
+
+static krb5_error_code
+add_freshness_token(krb5_context context, krb5_kdcpreauth_rock rock,
+                    krb5_pa_data ***pa_list)
+{
+    krb5_error_code ret;
+    krb5_timestamp now;
+    krb5_keyblock kb;
+    krb5_checksum cksum;
+    krb5_data d;
+    krb5_pa_data *pa = NULL;
+    char ckbuf[4];
+
+    memset(&cksum, 0, sizeof(cksum));
+    memset(&kb, 0, sizeof(kb));
+
+    if (!rock->send_freshness_token)
+        return 0;
+    if (krb5int_find_pa_data(context, rock->request->padata,
+                             KRB5_PADATA_AS_FRESHNESS) == NULL)
+        return 0;
+
+    /* Compute a checksum over the current KDC time. */
+    ret = krb5_timeofday(context, &now);
+    if (ret)
+        goto cleanup;
+    store_32_be(now, ckbuf);
+    d = make_data(ckbuf, sizeof(ckbuf));
+    ret = krb5_c_make_checksum(context, 0, rock->local_tgt_key,
+                               KRB5_KEYUSAGE_PA_AS_FRESHNESS, &d, &cksum);
+
+    /* Compose a freshness token from the time, krbtgt kvno, and checksum. */
+    ret = k5_alloc_pa_data(KRB5_PADATA_AS_FRESHNESS, 8 + cksum.length, &pa);
+    if (ret)
+        goto cleanup;
+    store_32_be(now, pa->contents);
+    store_32_be(current_kvno(rock->local_tgt), pa->contents + 4);
+    memcpy(pa->contents + 8, cksum.contents, cksum.length);
+
+    ret = k5_add_pa_data_element(pa_list, &pa);
+
+cleanup:
+    krb5_free_keyblock_contents(context, &kb);
+    krb5_free_checksum_contents(context, &cksum);
+    k5_free_pa_data_element(pa);
+    return ret;
+}
+
+struct hint_state {
+    kdc_hint_respond_fn respond;
+    void *arg;
+    krb5_context context;
+
+    krb5_kdcpreauth_rock rock;
+    krb5_kdc_req *request;
+    krb5_pa_data ***e_data_out;
+
+    int hw_only;
+    preauth_system *ap;
+    krb5_pa_data **pa_data;
+    krb5_preauthtype pa_type;
+};
+
+static void
+hint_list_finish(struct hint_state *state, krb5_error_code code)
+{
+    krb5_context context = state->context;
+    kdc_hint_respond_fn oldrespond = state->respond;
+    void *oldarg = state->arg;
+
+    /* Add a freshness token if a preauth module requested it and the client
+     * request indicates support for it. */
+    if (!code)
+        code = add_freshness_token(context, state->rock, &state->pa_data);
+
+    if (!code) {
+        if (state->pa_data == NULL) {
+            krb5_klog_syslog(LOG_INFO,
+                             _("%spreauth required but hint list is empty"),
+                             state->hw_only ? "hw" : "");
+        }
+
+        *state->e_data_out = state->pa_data;
+        state->pa_data = NULL;
+    }
+
+    krb5_free_pa_data(context, state->pa_data);
+    free(state);
+    (*oldrespond)(oldarg);
+}
+
+static void
+hint_list_next(struct hint_state *arg);
+
+static void
+finish_get_edata(void *arg, krb5_error_code code, krb5_pa_data *pa)
+{
+    krb5_error_code ret;
+    struct hint_state *state = arg;
+
+    if (code == 0) {
+        if (pa == NULL) {
+            ret = k5_alloc_pa_data(state->pa_type, 0, &pa);
+            if (ret)
+                goto error;
+        }
+        ret = k5_add_pa_data_element(&state->pa_data, &pa);
+        k5_free_pa_data_element(pa);
+        if (ret)
+            goto error;
+    }
+
+    state->ap++;
+    hint_list_next(state);
+    return;
+
+error:
+    hint_list_finish(state, ret);
+}
+
+static void
+hint_list_next(struct hint_state *state)
+{
+    krb5_context context = state->context;
+    preauth_system *ap = state->ap;
+
+    if (ap->type == -1) {
+        hint_list_finish(state, 0);
+        return;
+    }
+
+    if (state->hw_only && !(ap->flags & PA_HARDWARE))
+        goto next;
+    if (ap->flags & PA_PSEUDO)
+        goto next;
+
+    state->pa_type = ap->type;
+    if (ap->get_edata) {
+        ap->get_edata(context, state->request, &callbacks, state->rock,
+                      ap->moddata, ap->type, finish_get_edata, state);
+    } else
+        finish_get_edata(state, 0, NULL);
+    return;
+
+next:
+    state->ap++;
+    hint_list_next(state);
+}
+
+void
+get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
+                      krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
+                      void *arg)
+{
+    krb5_context context = rock->rstate->realm_data->realm_context;
+    struct hint_state *state;
+
+    *e_data_out = NULL;
+
+    /* Allocate our state. */
+    state = calloc(1, sizeof(*state));
+    if (state == NULL)
+        goto error;
+    state->hw_only = isflagset(rock->client->attributes,
+                               KRB5_KDB_REQUIRES_HW_AUTH);
+    state->respond = respond;
+    state->arg = arg;
+    state->request = request;
+    state->rock = rock;
+    state->context = context;
+    state->e_data_out = e_data_out;
+    state->pa_data = NULL;
+    state->ap = preauth_systems;
+
+    /* Add an empty PA-FX-FAST element to advertise FAST support. */
+    if (k5_add_empty_pa_data(&state->pa_data, KRB5_PADATA_FX_FAST) != 0)
+        goto error;
+
+    if (add_etype_info(context, rock, &state->pa_data) != 0)
+        goto error;
+
+    hint_list_next(state);
+    return;
+
+error:
+    if (state != NULL)
+        krb5_free_pa_data(context, state->pa_data);
+    free(state);
+    (*respond)(arg);
+}
+
+/*
+ * Add authorization data returned from preauth modules to the ticket
+ * It is assumed that ad is a "null-terminated" array of krb5_authdata ptrs
+ */
+static krb5_error_code
+add_authorization_data(krb5_enc_tkt_part *enc_tkt_part, krb5_authdata **ad)
+{
+    krb5_authdata **newad;
+    int oldones, newones;
+    int i;
+
+    if (enc_tkt_part == NULL || ad == NULL)
+        return EINVAL;
+
+    for (newones = 0; ad[newones] != NULL; newones++);
+    if (newones == 0)
+        return 0;   /* nothing to add */
+
+    if (enc_tkt_part->authorization_data == NULL)
+        oldones = 0;
+    else
+        for (oldones = 0;
+             enc_tkt_part->authorization_data[oldones] != NULL; oldones++);
+
+    newad = malloc((oldones + newones + 1) * sizeof(krb5_authdata *));
+    if (newad == NULL)
+        return ENOMEM;
+
+    /* Copy any existing pointers */
+    for (i = 0; i < oldones; i++)
+        newad[i] = enc_tkt_part->authorization_data[i];
+
+    /* Add the new ones */
+    for (i = 0; i < newones; i++)
+        newad[oldones+i] = ad[i];
+
+    /* Terminate the new list */
+    newad[oldones+i] = NULL;
+
+    /* Free any existing list */
+    if (enc_tkt_part->authorization_data != NULL)
+        free(enc_tkt_part->authorization_data);
+
+    /* Install our new list */
+    enc_tkt_part->authorization_data = newad;
+
+    return 0;
+}
+
+struct padata_state {
+    kdc_preauth_respond_fn respond;
+    void *arg;
+    kdc_realm_t *realm;
+
+    krb5_kdcpreauth_modreq *modreq_ptr;
+    krb5_pa_data **padata;
+    int pa_found;
+    krb5_context context;
+    krb5_kdcpreauth_rock rock;
+    krb5_data *req_pkt;
+    krb5_kdc_req *request;
+    krb5_enc_tkt_part *enc_tkt_reply;
+    void **padata_context;
+
+    preauth_system *pa_sys;
+    krb5_pa_data **pa_e_data;
+    krb5_boolean typed_e_data_flag;
+    int pa_ok;
+    krb5_error_code saved_code;
+
+    krb5_pa_data ***e_data_out;
+    krb5_boolean *typed_e_data_out;
+};
+
+/* Return code if it is 0 or one of the codes we pass through to the client.
+ * Otherwise return KRB5KDC_ERR_PREAUTH_FAILED. */
+static krb5_error_code
+filter_preauth_error(krb5_error_code code)
+{
+    /* The following switch statement allows us
+     * to return some preauth system errors back to the client.
+     */
+    switch(code) {
+    case 0:
+    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+    case KRB5KRB_AP_ERR_SKEW:
+    case KRB5KDC_ERR_PREAUTH_REQUIRED:
+    case KRB5KDC_ERR_ETYPE_NOSUPP:
+        /* rfc 4556 */
+    case KRB5KDC_ERR_CLIENT_NOT_TRUSTED:
+    case KRB5KDC_ERR_INVALID_SIG:
+    case KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED:
+    case KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE:
+    case KRB5KDC_ERR_INVALID_CERTIFICATE:
+    case KRB5KDC_ERR_REVOKED_CERTIFICATE:
+    case KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN:
+    case KRB5KDC_ERR_CLIENT_NAME_MISMATCH:
+    case KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE:
+    case KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED:
+    case KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED:
+    case KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED:
+    case KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED:
+        /* earlier drafts of what became rfc 4556 */
+    case KRB5KDC_ERR_CERTIFICATE_MISMATCH:
+    case KRB5KDC_ERR_KDC_NOT_TRUSTED:
+    case KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE:
+        /* This value is shared with
+         *     KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
+        /* case KRB5KDC_ERR_KEY_TOO_WEAK: */
+    case KRB5KDC_ERR_DISCARD:
+        /* pkinit alg-agility */
+    case KRB5KDC_ERR_NO_ACCEPTABLE_KDF:
+        /* rfc 6113 */
+    case KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED:
+        return code;
+    default:
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+}
+
+/*
+ * If the client performed optimistic pre-authentication for a multi-round-trip
+ * mechanism, it may need key information to complete the exchange, so send it
+ * a PA-ETYPE-INFO2 element in addition to the pa-data from the module.
+ */
+static krb5_error_code
+maybe_add_etype_info2(struct padata_state *state, krb5_error_code code)
+{
+    krb5_error_code ret;
+    krb5_context context = state->context;
+    krb5_kdcpreauth_rock rock = state->rock;
+    krb5_data *der;
+
+    /* Only add key information when requesting another preauth round trip. */
+    if (code != KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED)
+        return 0;
+
+    /* Don't try to add key information when there is no key. */
+    if (rock->client_key == NULL)
+        return 0;
+
+    /* If the client sent a cookie, it has already seen a KDC response with key
+     * information. */
+    if (krb5int_find_pa_data(context, state->request->padata,
+                             KRB5_PADATA_FX_COOKIE) != NULL)
+        return 0;
+
+    ret = make_etype_info(context, TRUE, rock->client->princ, rock->client_key,
+                          rock->client_keyblock->enctype, &der);
+    if (ret)
+        return ret;
+    ret = k5_add_pa_data_from_data(&state->pa_e_data, KRB5_PADATA_ETYPE_INFO2,
+                                   der);
+    krb5_free_data(context, der);
+    return ret;
+}
+
+/* Release state and respond to the AS-REQ processing code with the result of
+ * checking pre-authentication data. */
+static void
+finish_check_padata(struct padata_state *state, krb5_error_code code)
+{
+    kdc_preauth_respond_fn respond;
+    void *arg;
+
+    if (state->pa_ok || !state->pa_found) {
+        /* Return successfully.  If we didn't match a preauth system, we may
+         * return PREAUTH_REQUIRED later, but we didn't fail to verify. */
+        code = 0;
+        goto cleanup;
+    }
+
+    /* Add key information to the saved error pa-data if required. */
+    if (maybe_add_etype_info2(state, code) != 0) {
+        code = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    /* Return any saved error pa-data, stealing the pointer from state. */
+    *state->e_data_out = state->pa_e_data;
+    *state->typed_e_data_out = state->typed_e_data_flag;
+    state->pa_e_data = NULL;
+
+cleanup:
+    /* Discard saved error pa-data if we aren't returning it, free state, and
+     * respond to the AS-REQ processing code. */
+    respond = state->respond;
+    arg = state->arg;
+    krb5_free_pa_data(state->context, state->pa_e_data);
+    free(state);
+    (*respond)(arg, filter_preauth_error(code));
+}
+
+static void
+next_padata(struct padata_state *state);
+
+static void
+finish_verify_padata(void *arg, krb5_error_code code,
+                     krb5_kdcpreauth_modreq modreq, krb5_pa_data **e_data,
+                     krb5_authdata **authz_data)
+{
+    struct padata_state *state = arg;
+    const char *emsg;
+    krb5_boolean typed_e_data_flag;
+
+    assert(state);
+    *state->modreq_ptr = modreq;
+
+    if (code) {
+        emsg = krb5_get_error_message(state->context, code);
+        krb5_klog_syslog(LOG_INFO, "preauth (%s) verify failure: %s",
+                         state->pa_sys->name, emsg);
+        krb5_free_error_message(state->context, emsg);
+
+        /* Ignore authorization data returned from modules that fail */
+        if (authz_data != NULL) {
+            krb5_free_authdata(state->context, authz_data);
+            authz_data = NULL;
+        }
+
+        typed_e_data_flag = ((state->pa_sys->flags & PA_TYPED_E_DATA) != 0);
+
+        /*
+         * We'll return edata from either the first PA_REQUIRED module
+         * that fails, or the first non-PA_REQUIRED module that fails.
+         * Hang on to edata from the first non-PA_REQUIRED module.
+         * If we've already got one saved, simply discard this one.
+         */
+        if (state->pa_sys->flags & PA_REQUIRED) {
+            /* free up any previous edata we might have been saving */
+            if (state->pa_e_data != NULL)
+                krb5_free_pa_data(state->context, state->pa_e_data);
+            state->pa_e_data = e_data;
+            state->typed_e_data_flag = typed_e_data_flag;
+
+            /* Make sure we use the current retval */
+            state->pa_ok = 0;
+            finish_check_padata(state, code);
+            return;
+        } else if (state->pa_e_data == NULL) {
+            /* save the first error code and e-data */
+            state->pa_e_data = e_data;
+            state->typed_e_data_flag = typed_e_data_flag;
+            state->saved_code = code;
+        } else if (e_data != NULL) {
+            /* discard this extra e-data from non-PA_REQUIRED module */
+            krb5_free_pa_data(state->context, e_data);
+        }
+    } else {
+#ifdef DEBUG
+        krb5_klog_syslog (LOG_DEBUG, ".. .. ok");
+#endif
+
+        /* Ignore any edata returned on success */
+        if (e_data != NULL)
+            krb5_free_pa_data(state->context, e_data);
+
+        /* Add any authorization data to the ticket */
+        if (authz_data != NULL) {
+            add_authorization_data(state->enc_tkt_reply, authz_data);
+            free(authz_data);
+        }
+
+        state->pa_ok = 1;
+        if (state->pa_sys->flags & PA_SUFFICIENT) {
+            finish_check_padata(state, state->saved_code);
+            return;
+        }
+    }
+
+    next_padata(state);
+}
+
+static void
+next_padata(struct padata_state *state)
+{
+    assert(state);
+    if (!state->padata)
+        state->padata = state->request->padata;
+    else
+        state->padata++;
+
+    if (!*state->padata) {
+        finish_check_padata(state, state->saved_code);
+        return;
+    }
+
+#ifdef DEBUG
+    krb5_klog_syslog (LOG_DEBUG, ".. pa_type 0x%x", (*state->padata)->pa_type);
+#endif
+    if (find_pa_system((*state->padata)->pa_type, &state->pa_sys))
+        goto next;
+    if (find_modreq(state->pa_sys, *state->padata_context, &state->modreq_ptr))
+        goto next;
+#ifdef DEBUG
+    krb5_klog_syslog (LOG_DEBUG, ".. pa_type %s", state->pa_sys->name);
+#endif
+    if (state->pa_sys->verify_padata == 0)
+        goto next;
+
+    state->pa_found++;
+    state->pa_sys->verify_padata(state->context, state->req_pkt,
+                                 state->request, state->enc_tkt_reply,
+                                 *state->padata, &callbacks, state->rock,
+                                 state->pa_sys->moddata, finish_verify_padata,
+                                 state);
+    return;
+
+next:
+    next_padata(state);
+}
+
+/*
+ * This routine is called to verify the preauthentication information
+ * for a V5 request.
+ *
+ * Returns 0 if the pre-authentication is valid, non-zero to indicate
+ * an error code of some sort.
+ */
+
+void
+check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
+             krb5_data *req_pkt, krb5_kdc_req *request,
+             krb5_enc_tkt_part *enc_tkt_reply, void **padata_context,
+             krb5_pa_data ***e_data, krb5_boolean *typed_e_data,
+             kdc_preauth_respond_fn respond, void *arg)
+{
+    struct padata_state *state;
+
+    if (request->padata == 0) {
+        (*respond)(arg, 0);
+        return;
+    }
+
+    if (make_padata_context(context, padata_context) != 0) {
+        (*respond)(arg, KRB5KRB_ERR_GENERIC);
+        return;
+    }
+
+    state = calloc(1, sizeof(*state));
+    if (state == NULL) {
+        (*respond)(arg, ENOMEM);
+        return;
+    }
+    state->respond = respond;
+    state->arg = arg;
+    state->context = context;
+    state->rock = rock;
+    state->req_pkt = req_pkt;
+    state->request = request;
+    state->enc_tkt_reply = enc_tkt_reply;
+    state->padata_context = padata_context;
+    state->e_data_out = e_data;
+    state->typed_e_data_out = typed_e_data;
+    state->realm = rock->rstate->realm_data;
+
+#ifdef DEBUG
+    krb5_klog_syslog (LOG_DEBUG, "checking padata");
+#endif
+
+    next_padata(state);
+}
+
+/* Return true if k1 and k2 have the same type and contents. */
+static krb5_boolean
+keyblock_equal(const krb5_keyblock *k1, const krb5_keyblock *k2)
+{
+    if (k1->enctype != k2->enctype)
+        return FALSE;
+    if (k1->length != k2->length)
+        return FALSE;
+    return memcmp(k1->contents, k2->contents, k1->length) == 0;
+}
+
+/*
+ * return_padata creates any necessary preauthentication
+ * structures which should be returned by the KDC to the client
+ */
+krb5_error_code
+return_padata(krb5_context context, krb5_kdcpreauth_rock rock,
+              krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
+              krb5_keyblock *encrypting_key, void **padata_context)
+{
+    krb5_error_code             retval;
+    krb5_pa_data **             padata;
+    krb5_pa_data **             send_pa_list = NULL;
+    krb5_pa_data *              send_pa;
+    krb5_pa_data *              pa = 0;
+    krb5_pa_data null_item;
+    preauth_system *            ap;
+    int *                       pa_order = NULL;
+    int *                       pa_type;
+    int                         size = 0;
+    krb5_kdcpreauth_modreq      *modreq_ptr;
+    krb5_boolean                key_modified;
+    krb5_keyblock               original_key;
+
+    memset(&original_key, 0, sizeof(original_key));
+
+    if ((!*padata_context) &&
+        (make_padata_context(context, padata_context) != 0)) {
+        return KRB5KRB_ERR_GENERIC;
+    }
+
+    for (ap = preauth_systems; ap->type != -1; ap++) {
+        if (ap->return_padata)
+            size++;
+    }
+
+    pa_order = k5calloc(size + 1, sizeof(int), &retval);
+    if (pa_order == NULL)
+        goto cleanup;
+    sort_pa_order(context, request, pa_order);
+
+    retval = krb5_copy_keyblock_contents(context, encrypting_key,
+                                         &original_key);
+    if (retval)
+        goto cleanup;
+    key_modified = FALSE;
+    null_item.contents = NULL;
+    null_item.length = 0;
+
+    for (pa_type = pa_order; *pa_type != -1; pa_type++) {
+        ap = &preauth_systems[*pa_type];
+        if (key_modified && (ap->flags & PA_REPLACES_KEY))
+            continue;
+        if (ap->return_padata == 0)
+            continue;
+        if (find_modreq(ap, *padata_context, &modreq_ptr))
+            continue;
+        pa = &null_item;
+        null_item.pa_type = ap->type;
+        if (request->padata) {
+            for (padata = request->padata; *padata; padata++) {
+                if ((*padata)->pa_type == ap->type) {
+                    pa = *padata;
+                    break;
+                }
+            }
+        }
+        send_pa = NULL;
+        retval = ap->return_padata(context, pa, req_pkt, request, reply,
+                                   encrypting_key, &send_pa, &callbacks, rock,
+                                   ap->moddata, *modreq_ptr);
+        if (retval)
+            goto cleanup;
+
+        if (send_pa != NULL) {
+            retval = k5_add_pa_data_element(&send_pa_list, &send_pa);
+            k5_free_pa_data_element(send_pa);
+            if (retval)
+                goto cleanup;
+        }
+
+        if (!key_modified && !keyblock_equal(&original_key, encrypting_key))
+            key_modified = TRUE;
+    }
+
+    /*
+     * Add etype-info and pw-salt pa-data as needed.  If we replaced the reply
+     * key, we can't send consistent etype-info; the salt from the client key
+     * data doesn't correspond to the replaced reply key, and RFC 4120 section
+     * 5.2.7.5 forbids us from sending etype-info describing the initial reply
+     * key in an AS-REP if it doesn't have the same enctype as the replaced
+     * reply key.  For all current and foreseeable preauth mechs, we can assume
+     * the client received etype-info2 in an earlier step and already computed
+     * the initial reply key if it needed it.  The client can determine the
+     * enctype of the replaced reply key from the etype field of the enc-part
+     * field of the AS-REP.
+     */
+    if (!key_modified) {
+        retval = add_etype_info(context, rock, &send_pa_list);
+        if (retval)
+            goto cleanup;
+        retval = add_pw_salt(context, rock, &send_pa_list);
+        if (retval)
+            goto cleanup;
+    }
+
+    if (send_pa_list != NULL) {
+        reply->padata = send_pa_list;
+        send_pa_list = 0;
+    }
+
+cleanup:
+    krb5_free_keyblock_contents(context, &original_key);
+    free(pa_order);
+    krb5_free_pa_data(context, send_pa_list);
+
+    return (retval);
+}
+
+static krb5_error_code
+_make_etype_info_entry(krb5_context context,
+                       krb5_principal client_princ, krb5_key_data *client_key,
+                       krb5_enctype etype, krb5_etype_info_entry **entry_out,
+                       int etype_info2)
+{
+    krb5_error_code retval;
+    krb5_int16 salttype;
+    krb5_data *salt = NULL;
+    krb5_etype_info_entry *entry = NULL;
+
+    *entry_out = NULL;
+    entry = malloc(sizeof(*entry));
+    if (entry == NULL)
+        return ENOMEM;
+
+    entry->magic = KV5M_ETYPE_INFO_ENTRY;
+    entry->etype = etype;
+    entry->length = KRB5_ETYPE_NO_SALT;
+    entry->salt = NULL;
+    entry->s2kparams = empty_data();
+    retval = krb5_dbe_compute_salt(context, client_key, client_princ,
+                                   &salttype, &salt);
+    if (retval)
+        goto cleanup;
+
+    entry->length = salt->length;
+    entry->salt = (unsigned char *)salt->data;
+    salt->data = NULL;
+    *entry_out = entry;
+    entry = NULL;
+
+cleanup:
+    if (entry != NULL)
+        krb5_free_data_contents(context, &entry->s2kparams);
+    free(entry);
+    krb5_free_data(context, salt);
+    return retval;
+}
+
+/* Encode an etype-info or etype-info2 message for client_key with the given
+ * enctype, using client to compute the salt if necessary. */
+static krb5_error_code
+make_etype_info(krb5_context context, krb5_boolean etype_info2,
+                krb5_principal client, krb5_key_data *client_key,
+                krb5_enctype enctype, krb5_data **der_out)
+{
+    krb5_error_code retval;
+    krb5_etype_info_entry **entry = NULL;
+
+    *der_out = NULL;
+
+    entry = k5calloc(2, sizeof(*entry), &retval);
+    if (entry == NULL)
+        goto cleanup;
+    retval = _make_etype_info_entry(context, client, client_key, enctype,
+                                    &entry[0], etype_info2);
+    if (retval != 0)
+        goto cleanup;
+
+    if (etype_info2)
+        retval = encode_krb5_etype_info2(entry, der_out);
+    else
+        retval = encode_krb5_etype_info(entry, der_out);
+
+cleanup:
+    krb5_free_etype_info(context, entry);
+    return retval;
+}
+
+/*
+ * Returns TRUE if the PAC should be included
+ */
+krb5_boolean
+include_pac_p(krb5_context context, krb5_kdc_req *request)
+{
+    krb5_error_code             code;
+    krb5_pa_data                **padata;
+    krb5_boolean                retval = TRUE; /* default is to return PAC */
+    krb5_data                   data;
+    krb5_pa_pac_req             *req = NULL;
+
+    if (request->padata == NULL) {
+        return retval;
+    }
+
+    for (padata = request->padata; *padata != NULL; padata++) {
+        if ((*padata)->pa_type == KRB5_PADATA_PAC_REQUEST) {
+            data.data = (char *)(*padata)->contents;
+            data.length = (*padata)->length;
+
+            code = decode_krb5_pa_pac_req(&data, &req);
+            if (code == 0) {
+                retval = req->include_pac;
+                krb5_free_pa_pac_req(context, req);
+                req = NULL;
+            }
+            break;
+        }
+    }
+
+    return retval;
+}
+
+static krb5_error_code
+return_referral_enc_padata( krb5_context context,
+                            krb5_enc_kdc_rep_part *reply,
+                            krb5_db_entry *server)
+{
+    krb5_error_code             code;
+    krb5_tl_data                tl_data;
+    krb5_pa_data                *pa;
+
+    tl_data.tl_data_type = KRB5_TL_SVR_REFERRAL_DATA;
+    code = krb5_dbe_lookup_tl_data(context, server, &tl_data);
+    if (code || tl_data.tl_data_length == 0)
+        return 0;
+
+    code = k5_alloc_pa_data(KRB5_PADATA_SVR_REFERRAL_INFO,
+                            tl_data.tl_data_length, &pa);
+    if (code)
+        return code;
+    memcpy(pa->contents, tl_data.tl_data_contents, tl_data.tl_data_length);
+    code = k5_add_pa_data_element(&reply->enc_padata, &pa);
+    k5_free_pa_data_element(pa);
+    return code;
+}
+
+krb5_error_code
+return_enc_padata(krb5_context context, krb5_data *req_pkt,
+                  krb5_kdc_req *request, krb5_keyblock *reply_key,
+                  krb5_db_entry *server, krb5_enc_kdc_rep_part *reply_encpart,
+                  krb5_boolean is_referral)
+{
+    krb5_error_code code = 0;
+    /* This should be initialized and only used for Win2K compat and other
+     * specific standardized uses such as FAST negotiation. */
+    if (is_referral) {
+        code = return_referral_enc_padata(context, reply_encpart, server);
+        if (code)
+            return code;
+    }
+    code = kdc_handle_protected_negotiation(context, req_pkt, request, reply_key,
+                                            &reply_encpart->enc_padata);
+    if (code)
+        goto cleanup;
+
+    code = kdc_add_pa_pac_options(context, request,
+                                  &reply_encpart->enc_padata);
+    if (code)
+        goto cleanup;
+
+    /*Add potentially other enc_padata providers*/
+cleanup:
+    return code;
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_preauth_ec.c b/krb5-1.21.3/src/kdc/kdc_preauth_ec.c
new file mode 100644
index 00000000..18b18a73
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_preauth_ec.c
@@ -0,0 +1,225 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_preauth_ec.c - Encrypted challenge kdcpreauth module */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Implement Encrypted Challenge fast factor from
+ * draft-ietf-krb-wg-preauth-framework
+ */
+
+#include <k5-int.h>
+#include <krb5/kdcpreauth_plugin.h>
+#include "kdc_util.h"
+
+static void
+ec_edata(krb5_context context, krb5_kdc_req *request,
+         krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+         krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
+         krb5_kdcpreauth_edata_respond_fn respond, void *arg)
+{
+    krb5_keyblock *armor_key = cb->fast_armor(context, rock);
+
+    /* Encrypted challenge only works with FAST, and requires a client key. */
+    if (armor_key == NULL || !cb->have_client_keys(context, rock))
+        (*respond)(arg, ENOENT, NULL);
+    else
+        (*respond)(arg, 0, NULL);
+}
+
+static void
+ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+          krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
+          krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+          krb5_kdcpreauth_moddata moddata,
+          krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    krb5_enc_data *enc = NULL;
+    krb5_data der_enc_ts = empty_data(), der_enc_data;
+    krb5_keyblock *armor_key = cb->fast_armor(context, rock);
+    krb5_pa_enc_ts *ts = NULL;
+    krb5_keyblock *client_keys = NULL;
+    krb5_keyblock *challenge_key = NULL;
+    krb5_keyblock *kdc_challenge_key;
+    krb5_kdcpreauth_modreq modreq = NULL;
+    int i = 0;
+    char *ai = NULL, *realmstr = NULL;
+    krb5_data realm = request->server->realm;
+
+    if (armor_key == NULL) {
+        ret = ENOENT;
+        k5_setmsg(context, ret,
+                  _("Encrypted Challenge used outside of FAST tunnel"));
+        goto cleanup;
+    }
+
+    der_enc_data = make_data(data->contents, data->length);
+    ret = decode_krb5_enc_data(&der_enc_data, &enc);
+    if (ret)
+        goto cleanup;
+
+    ret = alloc_data(&der_enc_ts, enc->ciphertext.length);
+    if (ret)
+        goto cleanup;
+
+    /* Check for a configured auth indicator. */
+    realmstr = k5memdup0(realm.data, realm.length, &ret);
+    if (realmstr == NULL)
+        goto cleanup;
+    ret = profile_get_string(context->profile, KRB5_CONF_REALMS, realmstr,
+                             KRB5_CONF_ENCRYPTED_CHALLENGE_INDICATOR, NULL,
+                             &ai);
+    if (ret)
+        goto cleanup;
+
+    ret = cb->client_keys(context, rock, &client_keys);
+    if (ret)
+        goto cleanup;
+    for (i = 0; client_keys[i].enctype != ENCTYPE_NULL; i++) {
+        ret = krb5_c_fx_cf2_simple(context, armor_key, "clientchallengearmor",
+                                   &client_keys[i], "challengelongterm",
+                                   &challenge_key);
+        if (ret)
+            goto cleanup;
+        ret = krb5_c_decrypt(context, challenge_key,
+                             KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT, NULL, enc,
+                             &der_enc_ts);
+        krb5_free_keyblock(context, challenge_key);
+        if (!ret)
+            break;
+    }
+
+    if (client_keys[i].enctype == ENCTYPE_NULL) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        k5_setmsg(context, ret,
+                  _("Incorrect password in encrypted challenge"));
+        goto cleanup;
+    }
+
+    ret = decode_krb5_pa_enc_ts(&der_enc_ts, &ts);
+    if (ret)
+        goto cleanup;
+    ret = krb5_check_clockskew(context, ts->patimestamp);
+    if (ret)
+        goto cleanup;
+
+    enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+
+    /*
+     * If this fails, we won't generate a reply to the client.  That may cause
+     * the client to fail, but at this point the KDC has considered this a
+     * success, so the return value is ignored.
+     */
+    if (krb5_c_fx_cf2_simple(context, armor_key, "kdcchallengearmor",
+                             &client_keys[i], "challengelongterm",
+                             &kdc_challenge_key) == 0) {
+        modreq = (krb5_kdcpreauth_modreq)kdc_challenge_key;
+        if (ai != NULL)
+            cb->add_auth_indicator(context, rock, ai);
+    }
+
+cleanup:
+    cb->free_keys(context, rock, client_keys);
+    free(der_enc_ts.data);
+    krb5_free_enc_data(context, enc);
+    krb5_free_pa_enc_ts(context, ts);
+    free(realmstr);
+    free(ai);
+
+    (*respond)(arg, ret, modreq, NULL, NULL);
+}
+
+static krb5_error_code
+ec_return(krb5_context context, krb5_pa_data *padata, krb5_data *req_pkt,
+          krb5_kdc_req *request, krb5_kdc_rep *reply,
+          krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
+          krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+          krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq)
+{
+    krb5_error_code ret;
+    krb5_keyblock *challenge_key = (krb5_keyblock *)modreq;
+    krb5_pa_enc_ts ts;
+    krb5_data *der_enc_ts = NULL, *der_enc_data = NULL;
+    krb5_enc_data enc;
+    krb5_pa_data *pa = NULL;
+
+    enc.ciphertext.data = NULL;
+
+    if (challenge_key == NULL)
+        return 0;
+
+    ret = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
+    if (ret)
+        goto cleanup;
+    ret = encode_krb5_pa_enc_ts(&ts, &der_enc_ts);
+    if (ret)
+        goto cleanup;
+    ret = krb5_encrypt_helper(context, challenge_key,
+                              KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, der_enc_ts,
+                              &enc);
+    if (ret)
+        goto cleanup;
+    ret = encode_krb5_enc_data(&enc, &der_enc_data);
+    if (ret)
+        goto cleanup;
+
+    pa = k5alloc(sizeof(*pa), &ret);
+    if (pa == NULL)
+        goto cleanup;
+    pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
+    pa->length = der_enc_data->length;
+    /* Steal the data pointer from der_enc_data. */
+    pa->contents = (unsigned char *)der_enc_data->data;
+    der_enc_data->data = NULL;
+
+    *send_pa = pa;
+
+cleanup:
+    krb5_free_keyblock(context, challenge_key);
+    krb5_free_data(context, der_enc_data);
+    krb5_free_data(context, der_enc_ts);
+    krb5_free_data_contents(context, &enc.ciphertext);
+    return ret;
+}
+
+static krb5_preauthtype ec_types[] = {
+    KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
+
+krb5_error_code
+kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+                                      int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "encrypted_challenge";
+    vt->pa_type_list = ec_types;
+    vt->edata = ec_edata;
+    vt->verify = ec_verify;
+    vt->return_padata = ec_return;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_preauth_encts.c b/krb5-1.21.3/src/kdc/kdc_preauth_encts.c
new file mode 100644
index 00000000..25fc7845
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_preauth_encts.c
@@ -0,0 +1,138 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_preauth_encts.c - Encrypted timestamp kdcpreauth module */
+/*
+ * Copyright (C) 1995, 2003, 2007, 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+#include <krb5/kdcpreauth_plugin.h>
+#include "kdc_util.h"
+
+static void
+enc_ts_get(krb5_context context, krb5_kdc_req *request,
+           krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+           krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
+           krb5_kdcpreauth_edata_respond_fn respond, void *arg)
+{
+    krb5_keyblock *armor_key = cb->fast_armor(context, rock);
+
+    /* Encrypted timestamp must not be used with FAST, and requires a key. */
+    if (armor_key != NULL || !cb->have_client_keys(context, rock))
+        (*respond)(arg, ENOENT, NULL);
+    else
+        (*respond)(arg, 0, NULL);
+}
+
+static void
+enc_ts_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+              krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *pa,
+              krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+              krb5_kdcpreauth_moddata moddata,
+              krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_pa_enc_ts *            pa_enc = 0;
+    krb5_error_code             retval;
+    krb5_data                   scratch;
+    krb5_data                   enc_ts_data;
+    krb5_enc_data               *enc_data = 0;
+    krb5_keyblock               key;
+    krb5_key_data *             client_key;
+    krb5_int32                  start;
+
+    scratch.data = (char *)pa->contents;
+    scratch.length = pa->length;
+
+    enc_ts_data.data = 0;
+
+    if ((retval = decode_krb5_enc_data(&scratch, &enc_data)) != 0)
+        goto cleanup;
+
+    enc_ts_data.length = enc_data->ciphertext.length;
+    if ((enc_ts_data.data = (char *) malloc(enc_ts_data.length)) == NULL)
+        goto cleanup;
+
+    start = 0;
+    while (1) {
+        if ((retval = krb5_dbe_search_enctype(context, rock->client,
+                                              &start, enc_data->enctype,
+                                              -1, 0, &client_key)))
+            goto cleanup;
+
+        if ((retval = krb5_dbe_decrypt_key_data(context, NULL, client_key,
+                                                &key, NULL)))
+            goto cleanup;
+
+        key.enctype = enc_data->enctype;
+
+        retval = krb5_c_decrypt(context, &key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS,
+                                0, enc_data, &enc_ts_data);
+        krb5_free_keyblock_contents(context, &key);
+        if (retval == 0)
+            break;
+    }
+
+    if ((retval = decode_krb5_pa_enc_ts(&enc_ts_data, &pa_enc)) != 0)
+        goto cleanup;
+
+    retval = krb5_check_clockskew(context, pa_enc->patimestamp);
+    if (retval)
+        goto cleanup;
+
+    setflag(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH);
+
+    retval = 0;
+
+cleanup:
+    if (enc_data) {
+        krb5_free_data_contents(context, &enc_data->ciphertext);
+        free(enc_data);
+    }
+    krb5_free_data_contents(context, &enc_ts_data);
+    if (pa_enc)
+        free(pa_enc);
+    /* If we get NO_MATCHING_KEY, it probably means that the password was
+     * incorrect. */
+    if (retval == KRB5_KDB_NO_MATCHING_KEY)
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+
+    (*respond)(arg, retval, NULL, NULL, NULL);
+}
+
+static krb5_preauthtype enc_ts_types[] = {
+    KRB5_PADATA_ENC_TIMESTAMP, 0 };
+
+krb5_error_code
+kdcpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
+                                      int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "encrypted_timestamp";
+    vt->pa_type_list = enc_ts_types;
+    vt->edata = enc_ts_get;
+    vt->verify = enc_ts_verify;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_transit.c b/krb5-1.21.3/src/kdc/kdc_transit.c
new file mode 100644
index 00000000..61aef99e
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_transit.c
@@ -0,0 +1,414 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_transit.c */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+
+#define MAX_REALM_LN 500
+
+/*
+ * subrealm - determine if r2 is a subrealm of r1
+ *
+ *            SUBREALM takes two realms, r1 and r2, and
+ *            determines if r2 is a subrealm of r1.
+ *            r2 is a subrealm of r1 if (r1 is a prefix
+ *            of r2 AND r1 and r2 begin with a /) or if
+ *            (r1 is a suffix of r2 and neither r1 nor r2
+ *            begin with a /).
+ *
+ * RETURNS:   If r2 is a subrealm, and r1 is a prefix, the number
+ *            of characters in the suffix of r2 is returned as a
+ *            negative number.
+ *
+ *            If r2 is a subrealm, and r1 is a suffix, the number
+ *            of characters in the prefix of r2 is returned as a
+ *            positive number.
+ *
+ *            If r2 is not a subrealm, SUBREALM returns 0.
+ */
+static  int
+subrealm(char *r1, char *r2)
+{
+    size_t l1,l2;
+    l1 = strlen(r1);
+    l2 = strlen(r2);
+    if(l2 <= l1) return(0);
+    if((*r1 == '/') && (*r2 == '/') && (strncmp(r1,r2,l1) == 0)) return(l1-l2);
+    if((*r1 != '/') && (*r2 != '/') && (strncmp(r1,r2+l2-l1,l1) == 0))
+        return(l2-l1);
+    return(0);
+}
+
+/*
+ * add_to_transited  Adds the name of the realm which issued the
+ *                   ticket granting ticket on which the new ticket to
+ *                   be issued is based (note that this is the same as
+ *                   the realm of the server listed in the ticket
+ *                   granting ticket.
+ *
+ * ASSUMPTIONS:  This procedure assumes that the transited field from
+ *               the existing ticket granting ticket already appears
+ *               in compressed form.  It will add the new realm while
+ *               maintaining that form.   As long as each successive
+ *               realm is added using this (or a similar) routine, the
+ *               transited field will be in compressed form.  The
+ *               basis step is an empty transited field which is, by
+ *               its nature, in its most compressed form.
+ *
+ * ARGUMENTS: krb5_data *tgt_trans  Transited field from TGT
+ *            krb5_data *new_trans  The transited field for the new ticket
+ *            krb5_principal tgs    Name of ticket granting server
+ *                                  This includes the realm of the KDC
+ *                                  that issued the ticket granting
+ *                                  ticket.  This is the realm that is
+ *                                  to be added to the transited field.
+ *            krb5_principal client Name of the client
+ *            krb5_principal server The name of the requested server.
+ *                                  This may be the an intermediate
+ *                                  ticket granting server.
+ *
+ *            The last two argument are needed since they are
+ *            implicitly part of the transited field of the new ticket
+ *            even though they are not explicitly listed.
+ *
+ * RETURNS:   krb5_error_code - Success, or out of memory
+ *
+ * MODIFIES:  new_trans:  ->length will contain the length of the new
+ *                        transited field.
+ *
+ *                        If ->data was not null when this procedure
+ *                        is called, the memory referenced by ->data
+ *                        will be deallocated.
+ *
+ *                        Memory will be allocated for the new transited field
+ *                        ->data will be updated to point to the newly
+ *                        allocated memory.
+ *
+ * BUGS:  The space allocated for the new transited field is the
+ *        maximum that might be needed given the old transited field,
+ *        and the realm to be added.  This length is calculated
+ *        assuming that no compression of the new realm is possible.
+ *        This has no adverse consequences other than the allocation
+ *        of more space than required.
+ *
+ *        This procedure will not yet use the null subfield notation,
+ *        and it will get confused if it sees it.
+ *
+ *        This procedure does not check for quoted commas in realm
+ *        names.
+ */
+
+char *
+data2string (krb5_data *d)
+{
+    char *s;
+    s = malloc(d->length + 1);
+    if (s) {
+        if (d->length > 0)
+            memcpy(s, d->data, d->length);
+        s[d->length] = 0;
+    }
+    return s;
+}
+
+krb5_error_code
+add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans,
+                 krb5_principal tgs, krb5_principal client,
+                 krb5_principal server)
+{
+    krb5_error_code retval;
+    char        *realm;
+    char        *trans;
+    char        *otrans, *otrans_ptr;
+    size_t       bufsize;
+
+    /* The following are for stepping through the transited field     */
+
+    char        prev[MAX_REALM_LN];
+    char        next[MAX_REALM_LN];
+    char        current[MAX_REALM_LN];
+    char        exp[MAX_REALM_LN];      /* Expanded current realm name     */
+
+    int         i;
+    int         clst, nlst;    /* count of last character in current and next */
+    int         pl, pl1;       /* prefix length                               */
+    int         added;         /* TRUE = new realm has been added             */
+
+    realm = data2string(krb5_princ_realm(kdc_context, tgs));
+    if (realm == NULL)
+        return(ENOMEM);
+
+    otrans = data2string(tgt_trans);
+    if (otrans == NULL) {
+        free(realm);
+        return(ENOMEM);
+    }
+    /* Keep track of start so we can free */
+    otrans_ptr = otrans;
+
+    /* +1 for null,
+       +1 for extra comma which may be added between
+       +1 for potential space when leading slash in realm */
+    bufsize = strlen(realm) + strlen(otrans) + 3;
+    if (bufsize > MAX_REALM_LN)
+        bufsize = MAX_REALM_LN;
+    if (!(trans = (char *) malloc(bufsize))) {
+        retval = ENOMEM;
+        goto fail;
+    }
+
+    if (new_trans->data)  free(new_trans->data);
+    new_trans->data = trans;
+    new_trans->length = 0;
+
+    trans[0] = '\0';
+
+    /* For the purpose of appending, the realm preceding the first */
+    /* realm in the transited field is considered the null realm   */
+
+    prev[0] = '\0';
+
+    /* read field into current */
+    for (i = 0; *otrans != '\0';) {
+        if (*otrans == '\\') {
+            if (*(++otrans) == '\0')
+                break;
+            else
+                continue;
+        }
+        if (*otrans == ',') {
+            otrans++;
+            break;
+        }
+        current[i++] = *otrans++;
+        if (i >= MAX_REALM_LN) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+            goto fail;
+        }
+    }
+    current[i] = '\0';
+
+    added = (krb5_princ_realm(kdc_context, client)->length == strlen(realm) &&
+             !strncmp(krb5_princ_realm(kdc_context, client)->data, realm, strlen(realm))) ||
+        (krb5_princ_realm(kdc_context, server)->length == strlen(realm) &&
+         !strncmp(krb5_princ_realm(kdc_context, server)->data, realm, strlen(realm)));
+
+    while (current[0]) {
+
+        /* figure out expanded form of current name */
+
+        clst = strlen(current) - 1;
+        if (current[0] == ' ') {
+            strncpy(exp, current+1, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
+        }
+        else if ((current[0] == '/') && (prev[0] == '/')) {
+            strncpy(exp, prev, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
+            if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+            strncat(exp, current, sizeof(exp) - 1 - strlen(exp));
+        }
+        else if (current[clst] == '.') {
+            strncpy(exp, current, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
+            if (strlen(exp) + strlen(prev) + 1 >= MAX_REALM_LN) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+            strncat(exp, prev, sizeof(exp) - 1 - strlen(exp));
+        }
+        else {
+            strncpy(exp, current, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
+        }
+
+        /* read field into next */
+        for (i = 0; *otrans != '\0';) {
+            if (*otrans == '\\') {
+                if (*(++otrans) == '\0')
+                    break;
+                else
+                    continue;
+            }
+            if (*otrans == ',') {
+                otrans++;
+                break;
+            }
+            next[i++] = *otrans++;
+            if (i >= MAX_REALM_LN) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        next[i] = '\0';
+        nlst = i - 1;
+
+        if (!strcmp(exp, realm))  added = TRUE;
+
+        /* If we still have to insert the new realm */
+
+        if (!added) {
+
+            /* Is the next field compressed?  If not, and if the new */
+            /* realm is a subrealm of the current realm, compress    */
+            /* the new realm, and insert immediately following the   */
+            /* current one.  Note that we can not do this if the next*/
+            /* field is already compressed since it would mess up    */
+            /* what has already been done.  In most cases, this is   */
+            /* not a problem because the realm to be added will be a */
+            /* subrealm of the next field too, and we will catch     */
+            /* it in a future iteration.                             */
+
+            /* Note that the second test here is an unsigned comparison,
+               so the first half (or a cast) is also required.  */
+            assert(nlst < 0 || nlst < (int)sizeof(next));
+            if ((nlst < 0 || next[nlst] != '.') &&
+                (next[0] != '/') &&
+                (pl = subrealm(exp, realm))) {
+                added = TRUE;
+                current[sizeof(current) - 1] = '\0';
+                if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
+                    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                    goto fail;
+                }
+                strncat(current, ",", sizeof(current) - 1 - strlen(current));
+                if (pl > 0) {
+                    strncat(current, realm, (unsigned) pl);
+                }
+                else {
+                    strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
+                }
+            }
+
+            /* Whether or not the next field is compressed, if the    */
+            /* realm to be added is a superrealm of the current realm,*/
+            /* then the current realm can be compressed.  First the   */
+            /* realm to be added must be compressed relative to the   */
+            /* previous realm (if possible), and then the current     */
+            /* realm compressed relative to the new realm.  Note that */
+            /* if the realm to be added is also a superrealm of the   */
+            /* previous realm, it would have been added earlier, and  */
+            /* we would not reach this step this time around.         */
+
+            else if ((pl = subrealm(realm, exp))) {
+                added      = TRUE;
+                current[0] = '\0';
+                if ((pl1 = subrealm(prev,realm))) {
+                    if (strlen(current) + (pl1>0?pl1:-pl1) + 1 >= MAX_REALM_LN) {
+                        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                        goto fail;
+                    }
+                    if (pl1 > 0) {
+                        strncat(current, realm, (unsigned) pl1);
+                    }
+                    else {
+                        strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
+                    }
+                }
+                else { /* If not a subrealm */
+                    if ((realm[0] == '/') && prev[0]) {
+                        if (strlen(current) + 2 >= MAX_REALM_LN) {
+                            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                            goto fail;
+                        }
+                        strncat(current, " ", sizeof(current) - 1 - strlen(current));
+                        current[sizeof(current) - 1] = '\0';
+                    }
+                    if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
+                        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                        goto fail;
+                    }
+                    strncat(current, realm, sizeof(current) - 1 - strlen(current));
+                    current[sizeof(current) - 1] = '\0';
+                }
+                if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
+                    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                    goto fail;
+                }
+                strncat(current,",", sizeof(current) - 1 - strlen(current));
+                current[sizeof(current) - 1] = '\0';
+                if (pl > 0) {
+                    strncat(current, exp, (unsigned) pl);
+                }
+                else {
+                    strncat(current, exp+strlen(exp)+pl, (unsigned)(-pl));
+                }
+            }
+        }
+
+        if (new_trans->length != 0) {
+            if (strlcat(trans, ",", bufsize) >= bufsize) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        if (strlcat(trans, current, bufsize) >= bufsize) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+            goto fail;
+        }
+        new_trans->length = strlen(trans);
+
+        strncpy(prev, exp, sizeof(prev) - 1);
+        prev[sizeof(prev) - 1] = '\0';
+        strncpy(current, next, sizeof(current) - 1);
+        current[sizeof(current) - 1] = '\0';
+    }
+
+    if (!added) {
+        if (new_trans->length != 0) {
+            if (strlcat(trans, ",", bufsize) >= bufsize) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        if((realm[0] == '/') && trans[0]) {
+            if (strlcat(trans, " ", bufsize) >= bufsize) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        if (strlcat(trans, realm, bufsize) >= bufsize) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+            goto fail;
+        }
+        new_trans->length = strlen(trans);
+    }
+
+    retval = 0;
+fail:
+    free(realm);
+    free(otrans_ptr);
+    return (retval);
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_util.c b/krb5-1.21.3/src/kdc/kdc_util.c
new file mode 100644
index 00000000..e54cc751
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_util.c
@@ -0,0 +1,1916 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_util.c - Utility functions for the KDC implementation */
+/*
+ * Copyright 1990,1991,2007,2008,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "extern.h"
+#include <stdio.h>
+#include <ctype.h>
+#include <syslog.h>
+#include <kadm5/admin.h>
+#include "adm_proto.h"
+#include "net-server.h"
+#include <limits.h>
+
+#ifdef KRBCONF_VAGUE_ERRORS
+const int vague_errors = 1;
+#else
+const int vague_errors = 0;
+#endif
+
+static krb5_error_code kdc_rd_ap_req(kdc_realm_t *realm, krb5_ap_req *apreq,
+                                     krb5_auth_context auth_context,
+                                     krb5_db_entry **server,
+                                     krb5_keyblock **tgskey);
+static krb5_error_code find_server_key(krb5_context,
+                                       krb5_db_entry *, krb5_enctype,
+                                       krb5_kvno, krb5_keyblock **,
+                                       krb5_kvno *);
+
+/*
+ * Returns TRUE if the kerberos principal is the name of a Kerberos ticket
+ * service.
+ */
+krb5_boolean
+krb5_is_tgs_principal(krb5_const_principal principal)
+{
+    if (krb5_princ_size(kdc_context, principal) != 2)
+        return FALSE;
+    if (data_eq_string(*krb5_princ_component(kdc_context, principal, 0),
+                       KRB5_TGS_NAME))
+        return TRUE;
+    else
+        return FALSE;
+}
+
+/* Returns TRUE if principal is the name of a cross-realm TGS. */
+krb5_boolean
+is_cross_tgs_principal(krb5_const_principal principal)
+{
+    return krb5_is_tgs_principal(principal) &&
+        !data_eq(principal->data[1], principal->realm);
+}
+
+/* Return true if princ is the name of a local TGS for any realm. */
+krb5_boolean
+is_local_tgs_principal(krb5_const_principal principal)
+{
+    return krb5_is_tgs_principal(principal) &&
+        data_eq(principal->data[1], principal->realm);
+}
+
+/*
+ * given authentication data (provides seed for checksum), verify checksum
+ * for source data.
+ */
+static krb5_error_code
+comp_cksum(krb5_context kcontext, krb5_data *source, krb5_ticket *ticket,
+           krb5_checksum *his_cksum)
+{
+    krb5_error_code       retval;
+    krb5_boolean          valid;
+
+    if (!krb5_c_valid_cksumtype(his_cksum->checksum_type))
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+
+    /* must be collision proof */
+    if (!krb5_c_is_coll_proof_cksum(his_cksum->checksum_type))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+
+    /* verify checksum */
+    if ((retval = krb5_c_verify_checksum(kcontext, ticket->enc_part2->session,
+                                         KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                         source, his_cksum, &valid)))
+        return(retval);
+
+    if (!valid)
+        return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
+
+    return(0);
+}
+
+/* If a header ticket is decrypted, *ticket_out is filled in even on error. */
+krb5_error_code
+kdc_process_tgs_req(kdc_realm_t *realm, krb5_kdc_req *request,
+                    const krb5_fulladdr *from, krb5_data *pkt,
+                    krb5_ticket **ticket_out, krb5_db_entry **krbtgt_ptr,
+                    krb5_keyblock **tgskey, krb5_keyblock **subkey,
+                    krb5_pa_data **pa_tgs_req)
+{
+    krb5_context context = realm->realm_context;
+    krb5_pa_data        * tmppa;
+    krb5_ap_req         * apreq;
+    krb5_error_code       retval;
+    krb5_authdata **authdata = NULL;
+    krb5_data             scratch1;
+    krb5_data           * scratch = NULL;
+    krb5_auth_context     auth_context = NULL;
+    krb5_authenticator  * authenticator = NULL;
+    krb5_checksum       * his_cksum = NULL;
+    krb5_db_entry       * krbtgt = NULL;
+    krb5_ticket         * ticket;
+
+    *ticket_out = NULL;
+    *krbtgt_ptr = NULL;
+    *tgskey = NULL;
+
+    tmppa = krb5int_find_pa_data(context, request->padata, KRB5_PADATA_AP_REQ);
+    if (!tmppa)
+        return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+
+    scratch1.length = tmppa->length;
+    scratch1.data = (char *)tmppa->contents;
+    if ((retval = decode_krb5_ap_req(&scratch1, &apreq)))
+        return retval;
+    ticket = apreq->ticket;
+
+    if (isflagset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) ||
+        isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) {
+        krb5_klog_syslog(LOG_INFO, _("TGS_REQ: SESSION KEY or MUTUAL"));
+        retval = KRB5KDC_ERR_POLICY;
+        goto cleanup;
+    }
+
+    retval = krb5_auth_con_init(context, &auth_context);
+    if (retval)
+        goto cleanup;
+
+    /* Don't use a replay cache. */
+    retval = krb5_auth_con_setflags(context, auth_context, 0);
+    if (retval)
+        goto cleanup;
+
+    retval = krb5_auth_con_setaddrs(context, auth_context, NULL,
+                                    from->address);
+    if (retval)
+        goto cleanup_auth_context;
+
+    retval = kdc_rd_ap_req(realm, apreq, auth_context, &krbtgt, tgskey);
+    if (retval)
+        goto cleanup_auth_context;
+
+    retval = krb5_auth_con_getrecvsubkey(context, auth_context, subkey);
+    if (retval)
+        goto cleanup_auth_context;
+
+    retval = krb5_auth_con_getauthenticator(context, auth_context,
+                                            &authenticator);
+    if (retval)
+        goto cleanup_auth_context;
+
+    retval = krb5_find_authdata(context, ticket->enc_part2->authorization_data,
+                                authenticator->authorization_data,
+                                KRB5_AUTHDATA_FX_ARMOR, &authdata);
+    if (retval != 0)
+        goto cleanup_authenticator;
+    if (authdata&& authdata[0]) {
+        k5_setmsg(context, KRB5KDC_ERR_POLICY,
+                  "ticket valid only as FAST armor");
+        retval = KRB5KDC_ERR_POLICY;
+        krb5_free_authdata(context, authdata);
+        goto cleanup_authenticator;
+    }
+    krb5_free_authdata(context, authdata);
+
+
+    /* Check for a checksum */
+    if (!(his_cksum = authenticator->checksum)) {
+        retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        goto cleanup_authenticator;
+    }
+
+    /*
+     * Check application checksum vs. tgs request
+     *
+     * We try checksumming the req-body two different ways: first we
+     * try reaching into the raw asn.1 stream (if available), and
+     * checksum that directly; if that fails, then we try encoding
+     * using our local asn.1 library.
+     */
+    if (pkt && (fetch_asn1_field((unsigned char *) pkt->data,
+                                 1, 4, &scratch1) >= 0)) {
+        if (comp_cksum(context, &scratch1, ticket, his_cksum)) {
+            if (!(retval = encode_krb5_kdc_req_body(request, &scratch)))
+                retval = comp_cksum(context, scratch, ticket, his_cksum);
+            krb5_free_data(context, scratch);
+            if (retval)
+                goto cleanup_authenticator;
+        }
+    }
+
+    *pa_tgs_req = tmppa;
+    *krbtgt_ptr = krbtgt;
+    krbtgt = NULL;
+
+cleanup_authenticator:
+    krb5_free_authenticator(context, authenticator);
+
+cleanup_auth_context:
+    krb5_auth_con_free(context, auth_context);
+
+cleanup:
+    if (retval != 0) {
+        krb5_free_keyblock(context, *tgskey);
+        *tgskey = NULL;
+    }
+    if (apreq->ticket->enc_part2 != NULL) {
+        /* Steal the decrypted ticket pointer, even on error. */
+        *ticket_out = apreq->ticket;
+        apreq->ticket = NULL;
+    }
+    krb5_free_ap_req(context, apreq);
+    krb5_db_free_principal(context, krbtgt);
+    return retval;
+}
+
+/*
+ * This is a KDC wrapper around krb5_rd_req_decoded_anyflag().
+ *
+ * We can't depend on KDB-as-keytab for handling the AP-REQ here for
+ * optimization reasons: we want to minimize the number of KDB lookups.  We'll
+ * need the KDB entry for the TGS principal, and the TGS key used to decrypt
+ * the TGT, elsewhere in the TGS code.
+ *
+ * This function also implements key rollover support for kvno 0 cross-realm
+ * TGTs issued by AD.
+ */
+static
+krb5_error_code
+kdc_rd_ap_req(kdc_realm_t *realm, krb5_ap_req *apreq,
+              krb5_auth_context auth_context, krb5_db_entry **server,
+              krb5_keyblock **tgskey)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code     retval;
+    krb5_enctype        search_enctype = apreq->ticket->enc_part.enctype;
+    krb5_boolean        match_enctype = 1;
+    krb5_kvno           kvno;
+    size_t              tries = 3;
+
+    /*
+     * When we issue tickets we use the first key in the principals' highest
+     * kvno keyset.  For non-cross-realm krbtgt principals we want to only
+     * allow the use of the first key of the principal's keyset that matches
+     * the given kvno.
+     */
+    if (krb5_is_tgs_principal(apreq->ticket->server) &&
+        !is_cross_tgs_principal(apreq->ticket->server)) {
+        search_enctype = -1;
+        match_enctype = 0;
+    }
+
+    retval = kdc_get_server_key(context, apreq->ticket, 0, match_enctype,
+                                server, NULL, NULL);
+    if (retval)
+        return retval;
+
+    *tgskey = NULL;
+    kvno = apreq->ticket->enc_part.kvno;
+    do {
+        krb5_free_keyblock(context, *tgskey);
+        retval = find_server_key(context, *server, search_enctype, kvno,
+                                 tgskey, &kvno);
+        if (retval)
+            continue;
+
+        /* Make the TGS key available to krb5_rd_req_decoded_anyflag() */
+        retval = krb5_auth_con_setuseruserkey(context, auth_context, *tgskey);
+        if (retval)
+            return retval;
+
+        retval = krb5_rd_req_decoded_anyflag(context, &auth_context, apreq,
+                                             apreq->ticket->server,
+                                             realm->realm_keytab, NULL, NULL);
+
+        /* If the ticket was decrypted, don't try any more keys. */
+        if (apreq->ticket->enc_part2 != NULL)
+            break;
+
+    } while (retval && apreq->ticket->enc_part.kvno == 0 && kvno-- > 1 &&
+             --tries > 0);
+
+    return retval;
+}
+
+/*
+ * The KDC should take the keytab associated with the realm and pass
+ * that to the krb5_rd_req_decoded_anyflag(), but we still need to use
+ * the service (TGS, here) key elsewhere.  This approach is faster than
+ * the KDB keytab approach too.
+ *
+ * This is also used by do_tgs_req() for u2u auth.
+ */
+krb5_error_code
+kdc_get_server_key(krb5_context context,
+                   krb5_ticket *ticket, unsigned int flags,
+                   krb5_boolean match_enctype, krb5_db_entry **server_ptr,
+                   krb5_keyblock **key, krb5_kvno *kvno)
+{
+    krb5_error_code       retval;
+    krb5_db_entry       * server = NULL;
+    krb5_enctype          search_enctype = -1;
+    krb5_kvno             search_kvno = -1;
+
+    if (match_enctype)
+        search_enctype = ticket->enc_part.enctype;
+    if (ticket->enc_part.kvno)
+        search_kvno = ticket->enc_part.kvno;
+
+    *server_ptr = NULL;
+
+    retval = krb5_db_get_principal(context, ticket->server, flags,
+                                   &server);
+    if (retval == KRB5_KDB_NOENTRY) {
+        char *sname;
+        if (!krb5_unparse_name(context, ticket->server, &sname)) {
+            limit_string(sname);
+            krb5_klog_syslog(LOG_ERR,
+                             _("TGS_REQ: UNKNOWN SERVER: server='%s'"), sname);
+            free(sname);
+        }
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    } else if (retval)
+        return retval;
+    if (server->attributes & KRB5_KDB_DISALLOW_SVR ||
+        server->attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
+        retval = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto errout;
+    }
+
+    if (key) {
+        retval = find_server_key(context, server, search_enctype, search_kvno,
+                                 key, kvno);
+        if (retval)
+            goto errout;
+    }
+    *server_ptr = server;
+    server = NULL;
+    return 0;
+
+errout:
+    krb5_db_free_principal(context, server);
+    return retval;
+}
+
+/*
+ * A utility function to get the right key from a KDB entry.  Used in handling
+ * of kvno 0 TGTs, for example.
+ */
+static
+krb5_error_code
+find_server_key(krb5_context context,
+                krb5_db_entry *server, krb5_enctype enctype, krb5_kvno kvno,
+                krb5_keyblock **key_out, krb5_kvno *kvno_out)
+{
+    krb5_error_code       retval;
+    krb5_key_data       * server_key;
+    krb5_keyblock       * key;
+
+    *key_out = NULL;
+    retval = krb5_dbe_find_enctype(context, server, enctype, -1,
+                                   kvno ? (krb5_int32)kvno : -1, &server_key);
+    if (retval)
+        return retval;
+    if (!server_key)
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    if ((key = (krb5_keyblock *)malloc(sizeof *key)) == NULL)
+        return ENOMEM;
+    retval = krb5_dbe_decrypt_key_data(context, NULL, server_key,
+                                       key, NULL);
+    if (retval)
+        goto errout;
+    if (enctype != -1) {
+        krb5_boolean similar;
+        retval = krb5_c_enctype_compare(context, enctype, key->enctype,
+                                        &similar);
+        if (retval)
+            goto errout;
+        if (!similar) {
+            retval = KRB5_KDB_NO_PERMITTED_KEY;
+            goto errout;
+        }
+        key->enctype = enctype;
+    }
+    *key_out = key;
+    key = NULL;
+    if (kvno_out)
+        *kvno_out = server_key->key_data_kvno;
+errout:
+    krb5_free_keyblock(context, key);
+    return retval;
+}
+
+/* Find the first key data entry (of a valid enctype) of the highest kvno in
+ * entry, and decrypt it into *key_out. */
+krb5_error_code
+get_first_current_key(krb5_context context, krb5_db_entry *entry,
+                      krb5_keyblock *key_out)
+{
+    krb5_error_code ret;
+    krb5_key_data *kd;
+
+    memset(key_out, 0, sizeof(*key_out));
+    ret = krb5_dbe_find_enctype(context, entry, -1, -1, 0, &kd);
+    if (ret)
+        return ret;
+    return krb5_dbe_decrypt_key_data(context, NULL, kd, key_out, NULL);
+}
+
+/*
+ * If candidate is the local TGT for realm, set *alias_out to candidate and
+ * *storage_out to NULL.  Otherwise, load the local TGT into *storage_out and
+ * set *alias_out to *storage_out.  In either case, set *key_out to the
+ * decrypted first key of the local TGT.
+ *
+ * In the future we might generalize this to a small per-request principal
+ * cache.  For now, it saves a load operation in the common case where the AS
+ * server or TGS header ticket server is the local TGT.
+ */
+krb5_error_code
+get_local_tgt(krb5_context context, const krb5_data *realm,
+              krb5_db_entry *candidate, krb5_db_entry **alias_out,
+              krb5_db_entry **storage_out, krb5_keyblock *key_out)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    krb5_db_entry *storage = NULL, *tgt;
+
+    *alias_out = NULL;
+    *storage_out = NULL;
+    memset(key_out, 0, sizeof(*key_out));
+
+    ret = krb5_build_principal_ext(context, &princ, realm->length, realm->data,
+                                   KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                   realm->length, realm->data, 0);
+    if (ret)
+        goto cleanup;
+
+    if (!krb5_principal_compare(context, candidate->princ, princ)) {
+        ret = krb5_db_get_principal(context, princ, 0, &storage);
+        if (ret)
+            goto cleanup;
+        tgt = storage;
+    } else {
+        tgt = candidate;
+    }
+
+    ret = get_first_current_key(context, tgt, key_out);
+    if (ret)
+        goto cleanup;
+
+    *alias_out = tgt;
+    *storage_out = storage;
+    storage = NULL;
+
+cleanup:
+    krb5_db_free_principal(context, storage);
+    krb5_free_principal(context, princ);
+    return ret;
+}
+
+/* If server has a pac_privsvr_enctype attribute and it differs from tgt_key's
+ * enctype, derive a key of the specified enctype.  Otherwise copy tgt_key. */
+krb5_error_code
+pac_privsvr_key(krb5_context context, krb5_db_entry *server,
+                const krb5_keyblock *tgt_key, krb5_keyblock **key_out)
+{
+    krb5_error_code ret;
+    char *attrval = NULL;
+    krb5_enctype privsvr_enctype;
+    krb5_data prf_input = string2data("pac_privsvr");
+
+    ret = krb5_dbe_get_string(context, server, KRB5_KDB_SK_PAC_PRIVSVR_ENCTYPE,
+                              &attrval);
+    if (ret)
+        return ret;
+    if (attrval == NULL)
+        return krb5_copy_keyblock(context, tgt_key, key_out);
+
+    ret = krb5_string_to_enctype(attrval, &privsvr_enctype);
+    if (ret) {
+        k5_setmsg(context, ret, _("Invalid pac_privsvr_enctype value %s"),
+                  attrval);
+        goto cleanup;
+    }
+
+    if (tgt_key->enctype == privsvr_enctype) {
+        ret = krb5_copy_keyblock(context, tgt_key, key_out);
+    } else {
+        ret = krb5_c_derive_prfplus(context, tgt_key, &prf_input,
+                                    privsvr_enctype, key_out);
+    }
+
+cleanup:
+    krb5_dbe_free_string(context, attrval);
+    return ret;
+}
+
+/* Try verifying a ticket's PAC using a privsvr key either equal to or derived
+ * from tgt_key, respecting the server's pac_privsvr_enctype value if set. */
+static krb5_error_code
+try_verify_pac(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
+               krb5_db_entry *server, krb5_keyblock *server_key,
+               const krb5_keyblock *tgt_key, krb5_pac *pac_out)
+{
+    krb5_error_code ret;
+    krb5_keyblock *privsvr_key;
+
+    ret = pac_privsvr_key(context, server, tgt_key, &privsvr_key);
+    if (ret)
+        return ret;
+    ret = krb5_kdc_verify_ticket(context, enc_tkt, server->princ, server_key,
+                                 privsvr_key, pac_out);
+    krb5_free_keyblock(context, privsvr_key);
+    return ret;
+}
+
+/*
+ * If a PAC is present in enc_tkt, verify it and place it in *pac_out.  sprinc
+ * is the canonical name of the server principal entry used to decrypt enc_tkt.
+ * server_key is the ticket decryption key.  tgt is the local krbtgt entry for
+ * the ticket server realm, and tgt_key is its first key.
+ */
+krb5_error_code
+get_verified_pac(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
+                 krb5_db_entry *server, krb5_keyblock *server_key,
+                 krb5_db_entry *tgt, krb5_keyblock *tgt_key, krb5_pac *pac_out)
+{
+    krb5_error_code ret;
+    krb5_key_data *kd;
+    krb5_keyblock old_key;
+    krb5_kvno kvno;
+    int tries;
+
+    *pac_out = NULL;
+
+    /* For local or cross-realm TGTs we only check the server signature. */
+    if (krb5_is_tgs_principal(server->princ)) {
+        return krb5_kdc_verify_ticket(context, enc_tkt, server->princ,
+                                      server_key, NULL, pac_out);
+    }
+
+    ret = try_verify_pac(context, enc_tkt, server, server_key, tgt_key,
+                         pac_out);
+    if (ret != KRB5KRB_AP_ERR_MODIFIED && ret != KRB5_BAD_ENCTYPE)
+        return ret;
+
+    /* There is no kvno in PAC signatures, so try two previous versions. */
+    kvno = tgt->key_data[0].key_data_kvno - 1;
+    for (tries = 2; tries > 0 && kvno > 0; tries--, kvno--) {
+        ret = krb5_dbe_find_enctype(context, tgt, -1, -1, kvno, &kd);
+        if (ret)
+            return KRB5KRB_AP_ERR_MODIFIED;
+        ret = krb5_dbe_decrypt_key_data(context, NULL, kd, &old_key, NULL);
+        if (ret)
+            return ret;
+        ret = try_verify_pac(context, enc_tkt, server, server_key, &old_key,
+                             pac_out);
+        krb5_free_keyblock_contents(context, &old_key);
+        if (!ret)
+            return 0;
+    }
+
+    return KRB5KRB_AP_ERR_MODIFIED;
+}
+
+/*
+ * Fetch the client info from pac and parse it into a principal name, expecting
+ * a realm in the string.  Set *authtime_out to the client info authtime if it
+ * is not null.
+ */
+krb5_error_code
+get_pac_princ_with_realm(krb5_context context, krb5_pac pac,
+                         krb5_principal *princ_out,
+                         krb5_timestamp *authtime_out)
+{
+    krb5_error_code ret;
+    int n_atsigns, flags = KRB5_PRINCIPAL_PARSE_REQUIRE_REALM;
+    char *client_str = NULL;
+    const char *p;
+
+    *princ_out = NULL;
+
+    ret = krb5_pac_get_client_info(context, pac, authtime_out, &client_str);
+    if (ret)
+        return ret;
+
+    n_atsigns = 0;
+    for (p = client_str; *p != '\0'; p++) {
+        if (*p == '@')
+            n_atsigns++;
+    }
+
+    if (n_atsigns == 2) {
+        flags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
+    } else if (n_atsigns != 1) {
+        ret = KRB5_PARSE_MALFORMED;
+        goto cleanup;
+    }
+
+    ret = krb5_parse_name_flags(context, client_str, flags, princ_out);
+    if (ret)
+        return ret;
+
+    (*princ_out)->type = KRB5_NT_MS_PRINCIPAL;
+
+cleanup:
+    free(client_str);
+    return 0;
+}
+
+/* This probably wants to be updated if you support last_req stuff */
+
+static krb5_last_req_entry nolrentry = { KV5M_LAST_REQ_ENTRY, KRB5_LRQ_NONE, 0 };
+static krb5_last_req_entry *nolrarray[] = { &nolrentry, 0 };
+
+krb5_error_code
+fetch_last_req_info(krb5_db_entry *dbentry, krb5_last_req_entry ***lrentry)
+{
+    *lrentry = nolrarray;
+    return 0;
+}
+
+
+/* Convert an API error code to a protocol error code. */
+int
+errcode_to_protocol(krb5_error_code code)
+{
+    int protcode;
+
+    protcode = code - ERROR_TABLE_BASE_krb5;
+    return (protcode >= 0 && protcode <= 128) ? protcode : KRB_ERR_GENERIC;
+}
+
+/* Return -1 if the AS or TGS request is disallowed due to KDC policy on
+ * anonymous tickets. */
+int
+check_anon(kdc_realm_t *realm, krb5_principal client, krb5_principal server)
+{
+    /* If restrict_anon is set, reject requests from anonymous clients to
+     * server principals other than local TGTs. */
+    if (realm->realm_restrict_anon &&
+        krb5_principal_compare_any_realm(realm->realm_context, client,
+                                         krb5_anonymous_principal()) &&
+        !is_local_tgs_principal(server))
+        return -1;
+    return 0;
+}
+
+krb5_error_code
+validate_as_request(kdc_realm_t *realm, krb5_kdc_req *request,
+                    krb5_db_entry *client, krb5_db_entry *server,
+                    krb5_timestamp kdc_time, const char **status,
+                    krb5_pa_data ***e_data)
+{
+    krb5_context context = realm->realm_context;
+    krb5_error_code ret;
+
+    /*
+     * If an option is set that is only allowed in TGS requests, complain.
+     */
+    if (request->kdc_options & AS_INVALID_OPTIONS) {
+        *status = "INVALID AS OPTIONS";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+
+    /* The client must not be expired */
+    if (client->expiration && ts_after(kdc_time, client->expiration)) {
+        *status = "CLIENT EXPIRED";
+        if (vague_errors)
+            return KRB5KRB_ERR_GENERIC;
+        else
+            return KRB5KDC_ERR_NAME_EXP;
+    }
+
+    /* The client's password must not be expired, unless the server is
+       a KRB5_KDC_PWCHANGE_SERVICE. */
+    if (client->pw_expiration && ts_after(kdc_time, client->pw_expiration) &&
+        !isflagset(server->attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
+        *status = "CLIENT KEY EXPIRED";
+        if (vague_errors)
+            return KRB5KRB_ERR_GENERIC;
+        else
+            return KRB5KDC_ERR_KEY_EXP;
+    }
+
+    /* The server must not be expired */
+    if (server->expiration && ts_after(kdc_time, server->expiration)) {
+        *status = "SERVICE EXPIRED";
+        return KRB5KDC_ERR_SERVICE_EXP;
+    }
+
+    /*
+     * If the client requires password changing, then only allow the
+     * pwchange service.
+     */
+    if (isflagset(client->attributes, KRB5_KDB_REQUIRES_PWCHANGE) &&
+        !isflagset(server->attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
+        *status = "REQUIRED PWCHANGE";
+        return KRB5KDC_ERR_KEY_EXP;
+    }
+
+    /* Client and server must allow postdating tickets */
+    if ((isflagset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE) ||
+         isflagset(request->kdc_options, KDC_OPT_POSTDATED)) &&
+        (isflagset(client->attributes, KRB5_KDB_DISALLOW_POSTDATED) ||
+         isflagset(server->attributes, KRB5_KDB_DISALLOW_POSTDATED))) {
+        *status = "POSTDATE NOT ALLOWED";
+        return KRB5KDC_ERR_CANNOT_POSTDATE;
+    }
+
+    /* Check to see if client is locked out */
+    if (isflagset(client->attributes, KRB5_KDB_DISALLOW_ALL_TIX)) {
+        *status = "CLIENT LOCKED OUT";
+        return KRB5KDC_ERR_CLIENT_REVOKED;
+    }
+
+    /* Check to see if server is locked out */
+    if (isflagset(server->attributes, KRB5_KDB_DISALLOW_ALL_TIX)) {
+        *status = "SERVICE LOCKED OUT";
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    }
+
+    /* Check to see if server is allowed to be a service */
+    if (isflagset(server->attributes, KRB5_KDB_DISALLOW_SVR)) {
+        *status = "SERVICE NOT ALLOWED";
+        return KRB5KDC_ERR_MUST_USE_USER2USER;
+    }
+
+    if (check_anon(realm, client->princ, request->server) != 0) {
+        *status = "ANONYMOUS NOT ALLOWED";
+        return KRB5KDC_ERR_POLICY;
+    }
+
+    /* Perform KDB module policy checks. */
+    ret = krb5_db_check_policy_as(context, request, client, server, kdc_time,
+                                  status, e_data);
+    return (ret == KRB5_PLUGIN_OP_NOTSUPP) ? 0 : ret;
+}
+
+/*
+ * Compute ticket flags based on the request, the client and server DB entry
+ * (which may prohibit forwardable or proxiable tickets), and the header
+ * ticket.  client may be NULL for a TGS request (although it may be set, such
+ * as for an S4U2Self request).  header_enc may be NULL for an AS request.
+ */
+krb5_flags
+get_ticket_flags(krb5_flags reqflags, krb5_db_entry *client,
+                 krb5_db_entry *server, krb5_enc_tkt_part *header_enc)
+{
+    krb5_flags flags;
+
+    /* Validation and renewal TGS requests preserve the header ticket flags. */
+    if ((reqflags & (KDC_OPT_VALIDATE | KDC_OPT_RENEW)) && header_enc != NULL)
+        return header_enc->flags & ~TKT_FLG_INVALID;
+
+    /* Indicate support for encrypted padata (RFC 6806), and set flags based on
+     * request options and the header ticket. */
+    flags = OPTS2FLAGS(reqflags) | TKT_FLG_ENC_PA_REP;
+    if (reqflags & KDC_OPT_POSTDATED)
+        flags |= TKT_FLG_INVALID;
+    if (header_enc != NULL)
+        flags |= COPY_TKT_FLAGS(header_enc->flags);
+    if (header_enc == NULL)
+        flags |= TKT_FLG_INITIAL;
+
+    /* For TGS requests, indicate if the service is marked ok-as-delegate. */
+    if (header_enc != NULL && (server->attributes & KRB5_KDB_OK_AS_DELEGATE))
+        flags |= TKT_FLG_OK_AS_DELEGATE;
+
+    /* Unset PROXIABLE if it is disallowed. */
+    if (client != NULL && (client->attributes & KRB5_KDB_DISALLOW_PROXIABLE))
+        flags &= ~TKT_FLG_PROXIABLE;
+    if (server->attributes & KRB5_KDB_DISALLOW_PROXIABLE)
+        flags &= ~TKT_FLG_PROXIABLE;
+    if (header_enc != NULL && !(header_enc->flags & TKT_FLG_PROXIABLE))
+        flags &= ~TKT_FLG_PROXIABLE;
+
+    /* Unset FORWARDABLE if it is disallowed. */
+    if (client != NULL && (client->attributes & KRB5_KDB_DISALLOW_FORWARDABLE))
+        flags &= ~TKT_FLG_FORWARDABLE;
+    if (server->attributes & KRB5_KDB_DISALLOW_FORWARDABLE)
+        flags &= ~TKT_FLG_FORWARDABLE;
+    if (header_enc != NULL && !(header_enc->flags & TKT_FLG_FORWARDABLE))
+        flags &= ~TKT_FLG_FORWARDABLE;
+
+    /* We don't currently handle issuing anonymous tickets based on
+     * non-anonymous ones. */
+    if (header_enc != NULL && !(header_enc->flags & TKT_FLG_ANONYMOUS))
+        flags &= ~TKT_FLG_ANONYMOUS;
+
+    return flags;
+}
+
+/* Return KRB5KDC_ERR_POLICY if indicators does not contain the required auth
+ * indicators for server, ENOMEM on allocation error, 0 otherwise. */
+krb5_error_code
+check_indicators(krb5_context context, krb5_db_entry *server,
+                 krb5_data *const *indicators)
+{
+    krb5_error_code ret;
+    char *str = NULL, *copy = NULL, *save, *ind;
+
+    ret = krb5_dbe_get_string(context, server, KRB5_KDB_SK_REQUIRE_AUTH, &str);
+    if (ret || str == NULL)
+        goto cleanup;
+    copy = strdup(str);
+    if (copy == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    /* Look for any of the space-separated strings in indicators. */
+    ind = strtok_r(copy, " ", &save);
+    while (ind != NULL) {
+        if (authind_contains(indicators, ind))
+            goto cleanup;
+        ind = strtok_r(NULL, " ", &save);
+    }
+
+    ret = KRB5KDC_ERR_POLICY;
+    k5_setmsg(context, ret,
+              _("Required auth indicators not present in ticket: %s"), str);
+
+cleanup:
+    krb5_dbe_free_string(context, str);
+    free(copy);
+    return ret;
+}
+
+#define ASN1_ID_CLASS   (0xc0)
+#define ASN1_ID_TYPE    (0x20)
+#define ASN1_ID_TAG     (0x1f)
+#define ASN1_CLASS_UNIV (0)
+#define ASN1_CLASS_APP  (1)
+#define ASN1_CLASS_CTX  (2)
+#define ASN1_CLASS_PRIV (3)
+#define asn1_id_constructed(x)  (x & ASN1_ID_TYPE)
+#define asn1_id_primitive(x)    (!asn1_id_constructed(x))
+#define asn1_id_class(x)        ((x & ASN1_ID_CLASS) >> 6)
+#define asn1_id_tag(x)          (x & ASN1_ID_TAG)
+
+/*
+ * asn1length - return encoded length of value.
+ *
+ * passed a pointer into the asn.1 stream, which is updated
+ * to point right after the length bits.
+ *
+ * returns -1 on failure.
+ */
+static int
+asn1length(unsigned char **astream)
+{
+    int length;         /* resulting length */
+    int sublen;         /* sublengths */
+    int blen;           /* bytes of length */
+    unsigned char *p;   /* substring searching */
+
+    if (**astream & 0x80) {
+        blen = **astream & 0x7f;
+        if (blen > 3) {
+            return(-1);
+        }
+        for (++*astream, length = 0; blen; ++*astream, blen--) {
+            length = (length << 8) | **astream;
+        }
+        if (length == 0) {
+            /* indefinite length, figure out by hand */
+            p = *astream;
+            p++;
+            while (1) {
+                /* compute value length. */
+                if ((sublen = asn1length(&p)) < 0) {
+                    return(-1);
+                }
+                p += sublen;
+                /* check for termination */
+                if ((!*p++) && (!*p)) {
+                    p++;
+                    break;
+                }
+            }
+            length = p - *astream;
+        }
+    } else {
+        length = **astream;
+        ++*astream;
+    }
+    return(length);
+}
+
+/*
+ * fetch_asn1_field - return raw asn.1 stream of subfield.
+ *
+ * this routine is passed a context-dependent tag number and "level" and returns
+ * the size and length of the corresponding level subfield.
+ *
+ * levels and are numbered starting from 1.
+ *
+ * returns 0 on success, -1 otherwise.
+ */
+int
+fetch_asn1_field(unsigned char *astream, unsigned int level,
+                 unsigned int field, krb5_data *data)
+{
+    unsigned char *estream;     /* end of stream */
+    int classes;                /* # classes seen so far this level */
+    unsigned int levels = 0;            /* levels seen so far */
+    int lastlevel = 1000;       /* last level seen */
+    int length;                 /* various lengths */
+    int tag;                    /* tag number */
+    unsigned char savelen;      /* saved length of our field */
+
+    classes = -1;
+    /* we assume that the first identifier/length will tell us
+       how long the entire stream is. */
+    astream++;
+    estream = astream;
+    if ((length = asn1length(&astream)) < 0) {
+        return(-1);
+    }
+    estream += length;
+    /* search down the stream, checking identifiers.  we process identifiers
+       until we hit the "level" we want, and then process that level for our
+       subfield, always making sure we don't go off the end of the stream.  */
+    while (astream < estream) {
+        if (!asn1_id_constructed(*astream)) {
+            return(-1);
+        }
+        if (asn1_id_class(*astream) == ASN1_CLASS_CTX) {
+            if ((tag = (int)asn1_id_tag(*astream)) <= lastlevel) {
+                levels++;
+                classes = -1;
+            }
+            lastlevel = tag;
+            if (levels == level) {
+                /* in our context-dependent class, is this the one we're looking for ? */
+                if (tag == (int)field) {
+                    /* return length and data */
+                    astream++;
+                    savelen = *astream;
+                    if ((length = asn1length(&astream)) < 0) {
+                        return(-1);
+                    }
+                    data->length = length;
+                    /* if the field length is indefinite, we will have to subtract two
+                       (terminating octets) from the length returned since we don't want
+                       to pass any info from the "wrapper" back.  asn1length will always return
+                       the *total* length of the field, not just what's contained in it */
+                    if ((savelen & 0xff) == 0x80) {
+                        data->length -=2 ;
+                    }
+                    data->data = (char *)astream;
+                    return(0);
+                } else if (tag <= classes) {
+                    /* we've seen this class before, something must be wrong */
+                    return(-1);
+                } else {
+                    classes = tag;
+                }
+            }
+        }
+        /* if we're not on our level yet, process this value.  otherwise skip over it */
+        astream++;
+        if ((length = asn1length(&astream)) < 0) {
+            return(-1);
+        }
+        if (levels == level) {
+            astream += length;
+        }
+    }
+    return(-1);
+}
+
+/* Return true if we believe server can support enctype as a session key. */
+static krb5_boolean
+dbentry_supports_enctype(krb5_context context, krb5_db_entry *server,
+                         krb5_enctype enctype)
+{
+    krb5_error_code     retval;
+    krb5_key_data       *datap;
+    char                *etypes_str = NULL;
+    krb5_enctype        default_enctypes[1] = { 0 };
+    krb5_enctype        *etypes = NULL;
+    krb5_boolean        in_list;
+
+    /* Look up the supported session key enctypes list in the KDB. */
+    retval = krb5_dbe_get_string(context, server, KRB5_KDB_SK_SESSION_ENCTYPES,
+                                 &etypes_str);
+    if (retval == 0 && etypes_str != NULL && *etypes_str != '\0') {
+        /* Pass a fake profile key for tracing of unrecognized tokens. */
+        retval = krb5int_parse_enctype_list(context, "KDB-session_etypes",
+                                            etypes_str, default_enctypes,
+                                            &etypes);
+        if (retval == 0 && etypes != NULL && etypes[0]) {
+            in_list = k5_etypes_contains(etypes, enctype);
+            free(etypes_str);
+            free(etypes);
+            return in_list;
+        }
+        /* Fall through on error or empty list */
+    }
+    free(etypes_str);
+    free(etypes);
+
+    /* Assume every server without a session_enctypes attribute supports
+     * aes256-cts-hmac-sha1-96. */
+    if (enctype == ENCTYPE_AES256_CTS_HMAC_SHA1_96)
+        return TRUE;
+    /* Assume the server supports any enctype it has a long-term key for. */
+    return !krb5_dbe_find_enctype(context, server, enctype, -1, 0, &datap);
+}
+
+/*
+ * This function returns the keytype which should be selected for the
+ * session key.  It is based on the ordered list which the user
+ * requested, and what the KDC and the application server can support.
+ */
+krb5_enctype
+select_session_keytype(krb5_context context, krb5_db_entry *server,
+                       int nktypes, krb5_enctype *ktype)
+{
+    int         i;
+
+    for (i = 0; i < nktypes; i++) {
+        if (!krb5_c_valid_enctype(ktype[i]))
+            continue;
+
+        if (!krb5_is_permitted_enctype(context, ktype[i]))
+            continue;
+
+        /*
+         * Prevent these deprecated enctypes from being used as session keys
+         * unless they are explicitly allowed.  In the future they will be more
+         * comprehensively disabled and eventually removed.
+         */
+        if (ktype[i] == ENCTYPE_DES3_CBC_SHA1 && !context->allow_des3)
+            continue;
+        if (ktype[i] == ENCTYPE_ARCFOUR_HMAC && !context->allow_rc4)
+            continue;
+
+        if (dbentry_supports_enctype(context, server, ktype[i]))
+            return ktype[i];
+    }
+
+    return 0;
+}
+
+/*
+ * Limit strings to a "reasonable" length to prevent crowding out of
+ * other useful information in the log entry
+ */
+#define NAME_LENGTH_LIMIT 128
+
+void limit_string(char *name)
+{
+    int     i;
+
+    if (!name)
+        return;
+
+    if (strlen(name) < NAME_LENGTH_LIMIT)
+        return;
+
+    i = NAME_LENGTH_LIMIT-4;
+    name[i++] = '.';
+    name[i++] = '.';
+    name[i++] = '.';
+    name[i] = '\0';
+    return;
+}
+
+/* Wrapper of krb5_enctype_to_name() to include the PKINIT types. */
+static krb5_error_code
+enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
+{
+    const char *name, *prefix = "";
+    size_t len;
+
+    if (buflen == 0)
+        return EINVAL;
+    *buf = '\0'; /* ensure these are always valid C-strings */
+
+    if (!krb5_c_valid_enctype(ktype))
+        prefix = "UNSUPPORTED:";
+    else if (krb5int_c_deprecated_enctype(ktype))
+        prefix = "DEPRECATED:";
+    len = strlcpy(buf, prefix, buflen);
+    if (len >= buflen)
+        return ENOMEM;
+    buflen -= len;
+    buf += len;
+
+    /* rfc4556 recommends that clients wishing to indicate support for these
+     * pkinit algorithms include them in the etype field of the AS-REQ. */
+    if (ktype == ENCTYPE_DSA_SHA1_CMS)
+        name = "id-dsa-with-sha1-CmsOID";
+    else if (ktype == ENCTYPE_MD5_RSA_CMS)
+        name = "md5WithRSAEncryption-CmsOID";
+    else if (ktype == ENCTYPE_SHA1_RSA_CMS)
+        name = "sha-1WithRSAEncryption-CmsOID";
+    else if (ktype == ENCTYPE_RC2_CBC_ENV)
+        name = "rc2-cbc-EnvOID";
+    else if (ktype == ENCTYPE_RSA_ENV)
+        name = "rsaEncryption-EnvOID";
+    else if (ktype == ENCTYPE_RSA_ES_OAEP_ENV)
+        name = "id-RSAES-OAEP-EnvOID";
+    else if (ktype == ENCTYPE_DES3_CBC_ENV)
+        name = "des-ede3-cbc-EnvOID";
+    else
+        return krb5_enctype_to_name(ktype, FALSE, buf, buflen);
+
+    if (strlcpy(buf, name, buflen) >= buflen)
+        return ENOMEM;
+    return 0;
+}
+
+char *
+ktypes2str(krb5_enctype *ktype, int nktypes)
+{
+    struct k5buf buf;
+    int i;
+    char name[64];
+
+    if (nktypes < 0)
+        return NULL;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_fmt(&buf, "%d etypes {", nktypes);
+    for (i = 0; i < nktypes; i++) {
+        enctype_name(ktype[i], name, sizeof(name));
+        k5_buf_add_fmt(&buf, "%s%s(%ld)", i ? ", " : "", name, (long)ktype[i]);
+    }
+    k5_buf_add(&buf, "}");
+    return k5_buf_cstring(&buf);
+}
+
+char *
+rep_etypes2str(krb5_kdc_rep *rep)
+{
+    struct k5buf buf;
+    char name[64];
+    krb5_enctype etype;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add(&buf, "etypes {rep=");
+    enctype_name(rep->enc_part.enctype, name, sizeof(name));
+    k5_buf_add_fmt(&buf, "%s(%ld)", name, (long)rep->enc_part.enctype);
+
+    if (rep->ticket != NULL) {
+        etype = rep->ticket->enc_part.enctype;
+        enctype_name(etype, name, sizeof(name));
+        k5_buf_add_fmt(&buf, ", tkt=%s(%ld)", name, (long)etype);
+    }
+
+    if (rep->ticket != NULL && rep->ticket->enc_part2 != NULL &&
+        rep->ticket->enc_part2->session != NULL) {
+        etype = rep->ticket->enc_part2->session->enctype;
+        enctype_name(etype, name, sizeof(name));
+        k5_buf_add_fmt(&buf, ", ses=%s(%ld)", name, (long)etype);
+    }
+
+    k5_buf_add(&buf, "}");
+    return k5_buf_cstring(&buf);
+}
+
+static krb5_error_code
+verify_for_user_checksum(krb5_context context,
+                         krb5_keyblock *key,
+                         krb5_pa_for_user *req)
+{
+    krb5_error_code             code;
+    int                         i;
+    krb5_int32                  name_type;
+    char                        *p;
+    krb5_data                   data;
+    krb5_boolean                valid = FALSE;
+
+    if (!krb5_c_is_keyed_cksum(req->cksum.checksum_type)) {
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+    }
+
+    /*
+     * Checksum is over name type and string components of
+     * client principal name and auth_package.
+     */
+    data.length = 4;
+    for (i = 0; i < krb5_princ_size(context, req->user); i++) {
+        data.length += krb5_princ_component(context, req->user, i)->length;
+    }
+    data.length += krb5_princ_realm(context, req->user)->length;
+    data.length += req->auth_package.length;
+
+    p = data.data = malloc(data.length);
+    if (data.data == NULL) {
+        return ENOMEM;
+    }
+
+    name_type = krb5_princ_type(context, req->user);
+    p[0] = (name_type >> 0 ) & 0xFF;
+    p[1] = (name_type >> 8 ) & 0xFF;
+    p[2] = (name_type >> 16) & 0xFF;
+    p[3] = (name_type >> 24) & 0xFF;
+    p += 4;
+
+    for (i = 0; i < krb5_princ_size(context, req->user); i++) {
+        if (krb5_princ_component(context, req->user, i)->length > 0) {
+            memcpy(p, krb5_princ_component(context, req->user, i)->data,
+                   krb5_princ_component(context, req->user, i)->length);
+        }
+        p += krb5_princ_component(context, req->user, i)->length;
+    }
+
+    if (krb5_princ_realm(context, req->user)->length > 0) {
+        memcpy(p, krb5_princ_realm(context, req->user)->data,
+               krb5_princ_realm(context, req->user)->length);
+    }
+    p += krb5_princ_realm(context, req->user)->length;
+
+    if (req->auth_package.length > 0)
+        memcpy(p, req->auth_package.data, req->auth_package.length);
+    p += req->auth_package.length;
+
+    code = krb5_c_verify_checksum(context,
+                                  key,
+                                  KRB5_KEYUSAGE_APP_DATA_CKSUM,
+                                  &data,
+                                  &req->cksum,
+                                  &valid);
+
+    if (code == 0 && valid == FALSE)
+        code = KRB5KRB_AP_ERR_MODIFIED;
+
+    free(data.data);
+
+    return code;
+}
+
+/*
+ * Legacy protocol transition (Windows 2003 and above)
+ */
+static krb5_error_code
+kdc_process_for_user(krb5_context context, krb5_pa_data *pa_data,
+                     krb5_keyblock *tgs_session,
+                     krb5_pa_s4u_x509_user **s4u_x509_user,
+                     const char **status)
+{
+    krb5_error_code             code;
+    krb5_pa_for_user            *for_user;
+    krb5_data                   req_data;
+
+    req_data.length = pa_data->length;
+    req_data.data = (char *)pa_data->contents;
+
+    code = decode_krb5_pa_for_user(&req_data, &for_user);
+    if (code) {
+        *status = "DECODE_PA_FOR_USER";
+        return code;
+    }
+
+    code = verify_for_user_checksum(context, tgs_session, for_user);
+    if (code) {
+        *status = "INVALID_S4U2SELF_CHECKSUM";
+        krb5_free_pa_for_user(context, for_user);
+        return code;
+    }
+
+    *s4u_x509_user = calloc(1, sizeof(krb5_pa_s4u_x509_user));
+    if (*s4u_x509_user == NULL) {
+        krb5_free_pa_for_user(context, for_user);
+        return ENOMEM;
+    }
+
+    (*s4u_x509_user)->user_id.user = for_user->user;
+    for_user->user = NULL;
+    krb5_free_pa_for_user(context, for_user);
+
+    return 0;
+}
+
+static krb5_error_code
+verify_s4u_x509_user_checksum(krb5_context context,
+                              krb5_keyblock *key,
+                              krb5_data *req_data,
+                              krb5_int32 kdc_req_nonce,
+                              krb5_pa_s4u_x509_user *req)
+{
+    krb5_error_code             code;
+    krb5_data                   scratch;
+    krb5_boolean                valid = FALSE;
+
+    if (enctype_requires_etype_info_2(key->enctype) &&
+        !krb5_c_is_keyed_cksum(req->cksum.checksum_type))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+
+    if (req->user_id.nonce != kdc_req_nonce)
+        return KRB5KRB_AP_ERR_MODIFIED;
+
+    /*
+     * Verify checksum over the encoded userid. If that fails,
+     * re-encode, and verify that. This is similar to the
+     * behaviour in kdc_process_tgs_req().
+     */
+    if (fetch_asn1_field((unsigned char *)req_data->data, 1, 0, &scratch) < 0)
+        return ASN1_PARSE_ERROR;
+
+    code = krb5_c_verify_checksum(context,
+                                  key,
+                                  KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST,
+                                  &scratch,
+                                  &req->cksum,
+                                  &valid);
+    if (code != 0)
+        return code;
+
+    if (valid == FALSE) {
+        krb5_data *data;
+
+        code = encode_krb5_s4u_userid(&req->user_id, &data);
+        if (code != 0)
+            return code;
+
+        code = krb5_c_verify_checksum(context,
+                                      key,
+                                      KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST,
+                                      data,
+                                      &req->cksum,
+                                      &valid);
+
+        krb5_free_data(context, data);
+
+        if (code != 0)
+            return code;
+    }
+
+    return valid ? 0 : KRB5KRB_AP_ERR_MODIFIED;
+}
+
+/*
+ * New protocol transition request (Windows 2008 and above)
+ */
+static krb5_error_code
+kdc_process_s4u_x509_user(krb5_context context,
+                          krb5_kdc_req *request,
+                          krb5_pa_data *pa_data,
+                          krb5_keyblock *tgs_subkey,
+                          krb5_keyblock *tgs_session,
+                          krb5_pa_s4u_x509_user **s4u_x509_user,
+                          const char **status)
+{
+    krb5_error_code             code;
+    krb5_data                   req_data;
+
+    req_data.length = pa_data->length;
+    req_data.data = (char *)pa_data->contents;
+
+    code = decode_krb5_pa_s4u_x509_user(&req_data, s4u_x509_user);
+    if (code) {
+        *status = "DECODE_PA_S4U_X509_USER";
+        return code;
+    }
+
+    code = verify_s4u_x509_user_checksum(context,
+                                         tgs_subkey ? tgs_subkey :
+                                         tgs_session,
+                                         &req_data,
+                                         request->nonce, *s4u_x509_user);
+
+    if (code) {
+        *status = "INVALID_S4U2SELF_CHECKSUM";
+        krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
+        *s4u_x509_user = NULL;
+        return code;
+    }
+
+    if (krb5_princ_size(context, (*s4u_x509_user)->user_id.user) == 0 &&
+        (*s4u_x509_user)->user_id.subject_cert.length == 0) {
+        *status = "INVALID_S4U2SELF_REQUEST";
+        krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
+        *s4u_x509_user = NULL;
+        return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+kdc_make_s4u2self_rep(krb5_context context,
+                      krb5_keyblock *tgs_subkey,
+                      krb5_keyblock *tgs_session,
+                      krb5_pa_s4u_x509_user *req_s4u_user,
+                      krb5_kdc_rep *reply,
+                      krb5_enc_kdc_rep_part *reply_encpart)
+{
+    krb5_error_code             code;
+    krb5_data                   *der_user_id = NULL, *der_s4u_x509_user = NULL;
+    krb5_pa_s4u_x509_user       rep_s4u_user;
+    krb5_pa_data                *pa = NULL;
+    krb5_enctype                enctype;
+    krb5_keyusage               usage;
+
+    memset(&rep_s4u_user, 0, sizeof(rep_s4u_user));
+
+    rep_s4u_user.user_id.nonce   = req_s4u_user->user_id.nonce;
+    rep_s4u_user.user_id.user    = req_s4u_user->user_id.user;
+    rep_s4u_user.user_id.options =
+        req_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE;
+
+    code = encode_krb5_s4u_userid(&rep_s4u_user.user_id, &der_user_id);
+    if (code != 0)
+        goto cleanup;
+
+    if (req_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE)
+        usage = KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY;
+    else
+        usage = KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST;
+
+    code = krb5_c_make_checksum(context, req_s4u_user->cksum.checksum_type,
+                                tgs_subkey != NULL ? tgs_subkey : tgs_session,
+                                usage, der_user_id, &rep_s4u_user.cksum);
+    if (code != 0)
+        goto cleanup;
+
+    code = encode_krb5_pa_s4u_x509_user(&rep_s4u_user, &der_s4u_x509_user);
+    if (code != 0)
+        goto cleanup;
+
+    code = k5_add_pa_data_from_data(&reply->padata, KRB5_PADATA_S4U_X509_USER,
+                                    der_s4u_x509_user);
+    if (code != 0)
+        goto cleanup;
+
+    if (tgs_subkey != NULL)
+        enctype = tgs_subkey->enctype;
+    else
+        enctype = tgs_session->enctype;
+
+    /*
+     * Owing to a bug in Windows, unkeyed checksums were used for older
+     * enctypes, including rc4-hmac. A forthcoming workaround for this
+     * includes the checksum bytes in the encrypted padata.
+     */
+    if (enctype_requires_etype_info_2(enctype) == FALSE) {
+        code = k5_alloc_pa_data(KRB5_PADATA_S4U_X509_USER,
+                                req_s4u_user->cksum.length +
+                                rep_s4u_user.cksum.length, &pa);
+        if (code != 0)
+            goto cleanup;
+        memcpy(pa->contents,
+               req_s4u_user->cksum.contents, req_s4u_user->cksum.length);
+        memcpy(&pa->contents[req_s4u_user->cksum.length],
+               rep_s4u_user.cksum.contents, rep_s4u_user.cksum.length);
+
+        code = k5_add_pa_data_element(&reply_encpart->enc_padata, &pa);
+        if (code != 0)
+            goto cleanup;
+    }
+
+cleanup:
+    if (rep_s4u_user.cksum.contents != NULL)
+        krb5_free_checksum_contents(context, &rep_s4u_user.cksum);
+    krb5_free_data(context, der_user_id);
+    krb5_free_data(context, der_s4u_x509_user);
+    k5_free_pa_data_element(pa);
+    return code;
+}
+
+/* Return true if princ canonicalizes to the same principal as entry's. */
+krb5_boolean
+is_client_db_alias(krb5_context context, const krb5_db_entry *entry,
+                   krb5_const_principal princ)
+{
+    krb5_error_code ret;
+    krb5_db_entry *self;
+    krb5_boolean is_self = FALSE;
+
+    ret = krb5_db_get_principal(context, princ, KRB5_KDB_FLAG_CLIENT, &self);
+    if (!ret) {
+        is_self = krb5_principal_compare(context, entry->princ, self->princ);
+        krb5_db_free_principal(context, self);
+    }
+
+    return is_self;
+}
+
+/*
+ * If S4U2Self padata is present in request, verify the checksum and set
+ * *s4u_x509_user to the S4U2Self request.  If the requested client realm is
+ * local, look up the client and set *princ_ptr to its DB entry.
+ */
+krb5_error_code
+kdc_process_s4u2self_req(krb5_context context, krb5_kdc_req *request,
+                         const krb5_db_entry *server,
+                         krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session,
+                         krb5_pa_s4u_x509_user **s4u_x509_user,
+                         krb5_db_entry **princ_ptr, const char **status)
+{
+    krb5_error_code             code;
+    krb5_pa_data                *pa_data;
+    krb5_db_entry               *princ;
+    krb5_s4u_userid             *id;
+
+    *princ_ptr = NULL;
+
+    pa_data = krb5int_find_pa_data(context, request->padata,
+                                   KRB5_PADATA_S4U_X509_USER);
+    if (pa_data != NULL) {
+        code = kdc_process_s4u_x509_user(context, request, pa_data, tgs_subkey,
+                                         tgs_session, s4u_x509_user, status);
+        if (code != 0)
+            return code;
+    } else {
+        pa_data = krb5int_find_pa_data(context, request->padata,
+                                       KRB5_PADATA_FOR_USER);
+        if (pa_data != NULL) {
+            code = kdc_process_for_user(context, pa_data, tgs_session,
+                                        s4u_x509_user, status);
+            if (code != 0)
+                return code;
+        } else
+            return 0;
+    }
+    id = &(*s4u_x509_user)->user_id;
+
+    if (data_eq(server->princ->realm, id->user->realm)) {
+        if (id->subject_cert.length != 0) {
+            code = krb5_db_get_s4u_x509_principal(context,
+                                                  &id->subject_cert, id->user,
+                                                  KRB5_KDB_FLAG_CLIENT,
+                                                  &princ);
+            if (code == 0 && id->user->length == 0) {
+                krb5_free_principal(context, id->user);
+                code = krb5_copy_principal(context, princ->princ, &id->user);
+            }
+        } else {
+            code = krb5_db_get_principal(context, id->user,
+                                         KRB5_KDB_FLAG_CLIENT, &princ);
+        }
+        if (code == KRB5_KDB_NOENTRY) {
+            *status = "UNKNOWN_S4U2SELF_PRINCIPAL";
+            return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        } else if (code) {
+            *status = "LOOKING_UP_S4U2SELF_PRINCIPAL";
+            return code; /* caller can free for_user */
+        }
+
+        /* Ignore password expiration and needchange attributes (as Windows
+         * does), since S4U2Self is not password authentication. */
+        princ->pw_expiration = 0;
+        clear(princ->attributes, KRB5_KDB_REQUIRES_PWCHANGE);
+
+        *princ_ptr = princ;
+    }
+
+    return 0;
+}
+
+/* Clear the forwardable flag in tkt if server cannot obtain forwardable
+ * S4U2Self tickets according to [MS-SFU] 3.2.5.1.2. */
+krb5_error_code
+s4u2self_forwardable(krb5_context context, krb5_db_entry *server,
+                     krb5_flags *tktflags)
+{
+    krb5_error_code ret;
+
+    /* Allow the forwardable flag if server has ok-to-auth-as-delegate set. */
+    if (server->attributes & KRB5_KDB_OK_TO_AUTH_AS_DELEGATE)
+        return 0;
+
+    /* Deny the forwardable flag if server has any authorized delegation
+     * targets for traditional S4U2Proxy. */
+    ret = krb5_db_check_allowed_to_delegate(context, NULL, server, NULL);
+    if (!ret)
+        *tktflags &= ~TKT_FLG_FORWARDABLE;
+
+    if (ret == KRB5KDC_ERR_BADOPTION || ret == KRB5_PLUGIN_OP_NOTSUPP)
+        return 0;
+    return ret;
+}
+
+krb5_error_code
+kdc_check_transited_list(krb5_context context, const krb5_data *trans,
+                         const krb5_data *realm1, const krb5_data *realm2)
+{
+    krb5_error_code             code;
+
+    /* Check against the KDB module.  Treat this answer as authoritative if the
+     * method is supported and doesn't explicitly pass control. */
+    code = krb5_db_check_transited_realms(context, trans, realm1, realm2);
+    if (code != KRB5_PLUGIN_OP_NOTSUPP && code != KRB5_PLUGIN_NO_HANDLE)
+        return code;
+
+    /* Check using krb5.conf [capaths] or hierarchical relationships. */
+    return krb5_check_transited_list(context, trans, realm1, realm2);
+}
+
+krb5_boolean
+enctype_requires_etype_info_2(krb5_enctype enctype)
+{
+    switch(enctype) {
+    case ENCTYPE_DES3_CBC_SHA1:
+    case ENCTYPE_DES3_CBC_RAW:
+    case ENCTYPE_ARCFOUR_HMAC:
+    case ENCTYPE_ARCFOUR_HMAC_EXP :
+        return 0;
+    default:
+        return krb5_c_valid_enctype(enctype);
+    }
+}
+
+void
+kdc_get_ticket_endtime(kdc_realm_t *realm, krb5_timestamp starttime,
+                       krb5_timestamp endtime, krb5_timestamp till,
+                       krb5_db_entry *client, krb5_db_entry *server,
+                       krb5_timestamp *out_endtime)
+{
+    krb5_timestamp until;
+    krb5_deltat life;
+
+    if (till == 0)
+        till = kdc_infinity;
+
+    until = ts_min(till, endtime);
+
+    /* Determine the requested lifetime, capped at the maximum valid time
+     * interval. */
+    life = ts_delta(until, starttime);
+    if (ts_after(until, starttime) && life < 0)
+        life = INT32_MAX;
+
+    if (client != NULL && client->max_life != 0)
+        life = min(life, client->max_life);
+    if (server->max_life != 0)
+        life = min(life, server->max_life);
+    if (realm->realm_maxlife != 0)
+        life = min(life, realm->realm_maxlife);
+
+    *out_endtime = ts_incr(starttime, life);
+}
+
+/*
+ * Set times->renew_till to the requested renewable lifetime as modified by
+ * policy.  Set the TKT_FLG_RENEWABLE bit in *tktflags if we set a nonzero
+ * renew_till.  *times must be filled in except for renew_till.  client and tgt
+ * may be NULL.
+ */
+void
+kdc_get_ticket_renewtime(kdc_realm_t *realm, krb5_kdc_req *request,
+                         krb5_enc_tkt_part *tgt, krb5_db_entry *client,
+                         krb5_db_entry *server, krb5_flags *tktflags,
+                         krb5_ticket_times *times)
+{
+    krb5_timestamp rtime, max_rlife;
+
+    *tktflags &= ~TKT_FLG_RENEWABLE;
+    times->renew_till = 0;
+
+    /* Don't issue renewable tickets if the client or server don't allow it,
+     * or if this is a TGS request and the TGT isn't renewable. */
+    if (server->attributes & KRB5_KDB_DISALLOW_RENEWABLE)
+        return;
+    if (client != NULL && (client->attributes & KRB5_KDB_DISALLOW_RENEWABLE))
+        return;
+    if (tgt != NULL && !(tgt->flags & TKT_FLG_RENEWABLE))
+        return;
+
+    /* Determine the requested renewable time. */
+    if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE))
+        rtime = request->rtime ? request->rtime : kdc_infinity;
+    else if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE_OK) &&
+             ts_after(request->till, times->endtime))
+        rtime = request->till;
+    else
+        return;
+
+    /* Truncate it to the allowable renewable time. */
+    if (tgt != NULL)
+        rtime = ts_min(rtime, tgt->times.renew_till);
+    max_rlife = min(server->max_renewable_life, realm->realm_maxrlife);
+    if (client != NULL)
+        max_rlife = min(max_rlife, client->max_renewable_life);
+    rtime = ts_min(rtime, ts_incr(times->starttime, max_rlife));
+
+    /* If the client only specified renewable-ok, don't issue a renewable
+     * ticket unless the truncated renew time exceeds the ticket end time. */
+    if (!isflagset(request->kdc_options, KDC_OPT_RENEWABLE) &&
+        !ts_after(rtime, times->endtime))
+        return;
+
+    *tktflags |= TKT_FLG_RENEWABLE;
+    times->renew_till = rtime;
+}
+
+/**
+ * Handle protected negotiation of FAST using enc_padata
+ * - If ENCPADATA_REQ_ENC_PA_REP is present, then:
+ * - Return ENCPADATA_REQ_ENC_PA_REP with checksum of AS-REQ from client
+ * - Include PADATA_FX_FAST in the enc_padata to indicate FAST
+ * @pre @c out_enc_padata has space for at least two more padata
+ * @param index in/out index into @c out_enc_padata for next item
+ */
+krb5_error_code
+kdc_handle_protected_negotiation(krb5_context context,
+                                 krb5_data *req_pkt, krb5_kdc_req *request,
+                                 const krb5_keyblock *reply_key,
+                                 krb5_pa_data ***out_enc_padata)
+{
+    krb5_error_code retval = 0;
+    krb5_checksum checksum;
+    krb5_data *der_cksum = NULL;
+    krb5_pa_data *pa_in;
+
+    memset(&checksum, 0, sizeof(checksum));
+
+    pa_in = krb5int_find_pa_data(context, request->padata,
+                                 KRB5_ENCPADATA_REQ_ENC_PA_REP);
+    if (pa_in == NULL)
+        return 0;
+
+    /* Compute and encode a checksum over the AS-REQ. */
+    retval = krb5_c_make_checksum(context, 0, reply_key, KRB5_KEYUSAGE_AS_REQ,
+                                  req_pkt, &checksum);
+    if (retval != 0)
+        goto cleanup;
+    retval = encode_krb5_checksum(&checksum, &der_cksum);
+    if (retval != 0)
+        goto cleanup;
+
+    retval = k5_add_pa_data_from_data(out_enc_padata,
+                                      KRB5_ENCPADATA_REQ_ENC_PA_REP,
+                                      der_cksum);
+    if (retval)
+        goto cleanup;
+
+    /* Add a zero-length PA-FX-FAST element to the list. */
+    retval = k5_add_empty_pa_data(out_enc_padata, KRB5_PADATA_FX_FAST);
+
+cleanup:
+    krb5_free_checksum_contents(context, &checksum);
+    krb5_free_data(context, der_cksum);
+    return retval;
+}
+
+krb5_error_code
+kdc_get_pa_pac_options(krb5_context context, krb5_pa_data **in_padata,
+                       krb5_pa_pac_options **pac_options_out)
+{
+    krb5_pa_data *pa;
+    krb5_data der_pac_options;
+
+    *pac_options_out = NULL;
+
+    pa = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_PAC_OPTIONS);
+    if (pa == NULL)
+        return 0;
+
+    der_pac_options = make_data(pa->contents, pa->length);
+    return decode_krb5_pa_pac_options(&der_pac_options, pac_options_out);
+}
+
+krb5_error_code
+kdc_add_pa_pac_options(krb5_context context, krb5_kdc_req *request,
+                       krb5_pa_data ***out_enc_padata)
+{
+    krb5_error_code ret;
+    krb5_pa_pac_options *pac_options = NULL;
+    krb5_data *der_pac_options;
+
+    ret = kdc_get_pa_pac_options(context, request->padata, &pac_options);
+    if (ret || pac_options == NULL)
+        return ret;
+
+    /* Only return supported PAC options (currently only resource-based
+     * constrained delegation support). */
+    pac_options->options &= KRB5_PA_PAC_OPTIONS_RBCD;
+    if (pac_options->options == 0) {
+        free(pac_options);
+        return 0;
+    }
+
+    ret = encode_krb5_pa_pac_options(pac_options, &der_pac_options);
+    free(pac_options);
+    if (ret)
+        return ret;
+
+    ret = k5_add_pa_data_from_data(out_enc_padata, KRB5_PADATA_PAC_OPTIONS,
+                                   der_pac_options);
+    krb5_free_data(context, der_pac_options);
+    return ret;
+}
+
+krb5_error_code
+kdc_get_pa_pac_rbcd(krb5_context context, krb5_pa_data **in_padata,
+                    krb5_boolean *supported)
+{
+    krb5_error_code retval;
+    krb5_pa_pac_options *pac_options = NULL;
+
+    *supported = FALSE;
+
+    retval = kdc_get_pa_pac_options(context, in_padata, &pac_options);
+    if (retval || !pac_options)
+        return retval;
+
+    if (pac_options->options & KRB5_PA_PAC_OPTIONS_RBCD)
+        *supported = TRUE;
+
+    free(pac_options);
+    return 0;
+}
+
+/*
+ * Although the KDC doesn't call this function directly,
+ * process_tcp_connection_read() in net-server.c does call it.
+ */
+krb5_error_code
+make_toolong_error (void *handle, krb5_data **out)
+{
+    krb5_error errpkt;
+    krb5_error_code retval;
+    krb5_data *scratch;
+    struct server_handle *h = handle;
+
+    retval = krb5_us_timeofday(h->kdc_err_context,
+                               &errpkt.stime, &errpkt.susec);
+    if (retval)
+        return retval;
+    errpkt.error = KRB_ERR_FIELD_TOOLONG;
+    errpkt.server = h->kdc_realmlist[0]->realm_tgsprinc;
+    errpkt.client = NULL;
+    errpkt.cusec = 0;
+    errpkt.ctime = 0;
+    errpkt.text.length = 0;
+    errpkt.text.data = 0;
+    errpkt.e_data.length = 0;
+    errpkt.e_data.data = 0;
+    scratch = malloc(sizeof(*scratch));
+    if (scratch == NULL)
+        return ENOMEM;
+    retval = krb5_mk_error(h->kdc_err_context, &errpkt, scratch);
+    if (retval) {
+        free(scratch);
+        return retval;
+    }
+
+    *out = scratch;
+    return 0;
+}
+
+void reset_for_hangup(void *ctx)
+{
+    int k;
+    struct server_handle *h = ctx;
+
+    for (k = 0; k < h->kdc_numrealms; k++)
+        krb5_db_refresh_config(h->kdc_realmlist[k]->realm_context);
+}
diff --git a/krb5-1.21.3/src/kdc/kdc_util.h b/krb5-1.21.3/src/kdc/kdc_util.h
new file mode 100644
index 00000000..58b2f74d
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/kdc_util.h
@@ -0,0 +1,562 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/kdc_util.h */
+/*
+ * Portions Copyright (C) 2007 Apple Inc.
+ * Copyright 1990, 2007, 2014 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Declarations for policy.c
+ */
+
+#ifndef __KRB5_KDC_UTIL__
+#define __KRB5_KDC_UTIL__
+
+#include <krb5/kdcpreauth_plugin.h>
+#include "kdb.h"
+#include "net-server.h"
+#include "realm_data.h"
+#include "reqstate.h"
+
+krb5_boolean krb5_is_tgs_principal (krb5_const_principal);
+krb5_boolean is_cross_tgs_principal(krb5_const_principal);
+krb5_boolean is_local_tgs_principal(krb5_const_principal);
+krb5_error_code
+add_to_transited (krb5_data *,
+                  krb5_data *,
+                  krb5_principal,
+                  krb5_principal,
+                  krb5_principal);
+krb5_error_code
+compress_transited (krb5_data *,
+                    krb5_principal,
+                    krb5_data *);
+krb5_error_code
+fetch_last_req_info (krb5_db_entry *, krb5_last_req_entry ***);
+
+krb5_error_code
+kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int);
+krb5_error_code
+kdc_process_tgs_req (kdc_realm_t *, krb5_kdc_req *,
+                     const krb5_fulladdr *,
+                     krb5_data *,
+                     krb5_ticket **,
+                     krb5_db_entry **krbtgt_ptr,
+                     krb5_keyblock **, krb5_keyblock **,
+                     krb5_pa_data **pa_tgs_req);
+
+krb5_error_code
+kdc_get_server_key (krb5_context, krb5_ticket *, unsigned int,
+                    krb5_boolean match_enctype,
+                    krb5_db_entry **, krb5_keyblock **, krb5_kvno *);
+
+krb5_error_code
+get_first_current_key(krb5_context context, krb5_db_entry *entry,
+                      krb5_keyblock *key_out);
+
+krb5_error_code
+get_local_tgt(krb5_context context, const krb5_data *realm,
+              krb5_db_entry *candidate, krb5_db_entry **alias_out,
+              krb5_db_entry **storage_out, krb5_keyblock *kb_out);
+
+krb5_error_code
+validate_as_request (kdc_realm_t *, krb5_kdc_req *, krb5_db_entry *,
+                     krb5_db_entry *, krb5_timestamp,
+                     const char **, krb5_pa_data ***);
+
+krb5_error_code
+check_tgs_constraints(kdc_realm_t *realm, krb5_kdc_req *request,
+                      krb5_db_entry *server, krb5_ticket *ticket, krb5_pac pac,
+                      const krb5_ticket *stkt, krb5_pac stkt_pac,
+                      krb5_db_entry *stkt_server, krb5_timestamp kdc_time,
+                      krb5_pa_s4u_x509_user *s4u_x509_user,
+                      krb5_db_entry *s4u2self_client,
+                      krb5_boolean is_crossrealm, krb5_boolean is_referral,
+                      const char **status, krb5_pa_data ***e_data);
+
+krb5_error_code
+check_tgs_policy(kdc_realm_t *realm, krb5_kdc_req *request,
+                 krb5_db_entry *server, krb5_ticket *ticket,
+                 krb5_pac pac, const krb5_ticket *stkt, krb5_pac stkt_pac,
+                 krb5_principal stkt_pac_client, krb5_db_entry *stkt_server,
+                 krb5_timestamp kdc_time, krb5_boolean is_crossrealm,
+                 krb5_boolean is_referral, const char **status,
+                 krb5_pa_data ***e_data);
+
+krb5_flags
+get_ticket_flags(krb5_flags reqflags, krb5_db_entry *client,
+                 krb5_db_entry *server, krb5_enc_tkt_part *header_enc);
+
+krb5_error_code
+check_indicators(krb5_context context, krb5_db_entry *server,
+                 krb5_data *const *indicators);
+
+int
+fetch_asn1_field (unsigned char *, unsigned int, unsigned int, krb5_data *);
+
+krb5_enctype
+select_session_keytype (krb5_context context, krb5_db_entry *server,
+                        int nktypes, krb5_enctype *ktypes);
+
+void limit_string (char *name);
+
+char *ktypes2str(krb5_enctype *ktype, int nktypes);
+
+char *rep_etypes2str(krb5_kdc_rep *rep);
+
+/* authind.c */
+krb5_boolean
+authind_contains(krb5_data *const *indicators, const char *ind);
+
+krb5_error_code
+authind_add(krb5_context context, const char *ind, krb5_data ***indicators);
+
+krb5_error_code
+authind_extract(krb5_context context, krb5_authdata **authdata,
+                krb5_data ***indicators);
+
+/* cammac.c */
+krb5_error_code
+cammac_create(krb5_context context, krb5_enc_tkt_part *enc_tkt_reply,
+              krb5_keyblock *server_key, krb5_db_entry *tgt,
+              krb5_keyblock *tgt_key, krb5_authdata **contents,
+              krb5_authdata ***cammac_out);
+
+krb5_boolean
+cammac_check_kdcver(krb5_context context, krb5_cammac *cammac,
+                    krb5_enc_tkt_part *enc_tkt, krb5_db_entry *tgt,
+                    krb5_keyblock *tgt_key);
+
+/* do_as_req.c */
+void
+process_as_req (krb5_kdc_req *, krb5_data *,
+                const krb5_fulladdr *, const krb5_fulladdr *, kdc_realm_t *,
+                verto_ctx *, loop_respond_fn, void *);
+
+/* do_tgs_req.c */
+krb5_error_code
+process_tgs_req (krb5_kdc_req *, krb5_data *, const krb5_fulladdr *,
+                 kdc_realm_t *, krb5_data ** );
+/* dispatch.c */
+void
+dispatch (void *,
+          const krb5_fulladdr *,
+          const krb5_fulladdr *,
+          krb5_data *,
+          int,
+          verto_ctx *,
+          loop_respond_fn,
+          void *);
+
+void
+kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+
+/* kdc_preauth.c */
+krb5_boolean
+enctype_requires_etype_info_2(krb5_enctype enctype);
+
+const char *
+missing_required_preauth (krb5_db_entry *client,
+                          krb5_db_entry *server,
+                          krb5_enc_tkt_part *enc_tkt_reply);
+typedef void (*kdc_hint_respond_fn)(void *arg);
+void
+get_preauth_hint_list(krb5_kdc_req *request,
+                      krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
+                      kdc_hint_respond_fn respond, void *arg);
+void
+load_preauth_plugins(struct server_handle * handle, krb5_context context,
+                     verto_ctx *ctx);
+void
+unload_preauth_plugins(krb5_context context);
+
+typedef void (*kdc_preauth_respond_fn)(void *arg, krb5_error_code code);
+
+void
+check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
+             krb5_data *req_pkt, krb5_kdc_req *request,
+             krb5_enc_tkt_part *enc_tkt_reply, void **padata_context,
+             krb5_pa_data ***e_data, krb5_boolean *typed_e_data,
+             kdc_preauth_respond_fn respond, void *state);
+
+krb5_error_code
+return_padata(krb5_context context, krb5_kdcpreauth_rock rock,
+              krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
+              krb5_keyblock *encrypting_key, void **padata_context);
+
+void
+free_padata_context(krb5_context context, void *padata_context);
+
+/* kdc_preauth_ec.c */
+krb5_error_code
+kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+                                      int min_ver, krb5_plugin_vtable vtable);
+
+/* kdc_preauth_enctsc.c */
+krb5_error_code
+kdcpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
+                                      int min_ver, krb5_plugin_vtable vtable);
+
+/* kdc_authdata.c */
+krb5_error_code
+load_authdata_plugins(krb5_context context);
+krb5_error_code
+unload_authdata_plugins(krb5_context context);
+
+krb5_error_code
+get_auth_indicators(krb5_context context, krb5_enc_tkt_part *enc_tkt,
+                    krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                    krb5_data ***indicators_out);
+
+krb5_error_code
+handle_authdata(kdc_realm_t *realm, unsigned int flags, krb5_db_entry *client,
+                krb5_db_entry *server, krb5_db_entry *subject_server,
+                krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                krb5_keyblock *client_key, krb5_keyblock *server_key,
+                krb5_keyblock *header_key, krb5_keyblock *replaced_reply_key,
+                krb5_data *req_pkt, krb5_kdc_req *request,
+                krb5_const_principal altcprinc, krb5_pac subject_pac,
+                krb5_enc_tkt_part *enc_tkt_request,
+                krb5_data ***auth_indicators,
+                krb5_enc_tkt_part *enc_tkt_reply);
+
+/* replay.c */
+krb5_error_code kdc_init_lookaside(krb5_context context);
+krb5_boolean kdc_check_lookaside (krb5_context, krb5_data *, krb5_data **);
+void kdc_insert_lookaside (krb5_context, krb5_data *, krb5_data *);
+void kdc_remove_lookaside (krb5_context kcontext, krb5_data *);
+void kdc_free_lookaside(krb5_context);
+
+/* kdc_util.c */
+void reset_for_hangup(void *);
+
+krb5_error_code
+pac_privsvr_key(krb5_context context, krb5_db_entry *server,
+                const krb5_keyblock *tgt_key, krb5_keyblock **key_out);
+
+krb5_error_code
+get_verified_pac(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
+                 krb5_db_entry *server, krb5_keyblock *server_key,
+                 krb5_db_entry *tgt, krb5_keyblock *tgt_key,
+                 krb5_pac *pac_out);
+
+krb5_error_code
+get_pac_princ_with_realm(krb5_context context, krb5_pac pac,
+                         krb5_principal *princ_out,
+                         krb5_timestamp *authtime_out);
+
+krb5_boolean
+include_pac_p(krb5_context context, krb5_kdc_req *request);
+
+krb5_error_code
+return_enc_padata(krb5_context context,
+                  krb5_data *req_pkt, krb5_kdc_req *request,
+                  krb5_keyblock *reply_key,
+                  krb5_db_entry *server,
+                  krb5_enc_kdc_rep_part *reply_encpart,
+                  krb5_boolean is_referral);
+
+krb5_error_code
+kdc_process_s4u2self_req(krb5_context context, krb5_kdc_req *request,
+                         const krb5_db_entry *server,
+                         krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session,
+                         krb5_pa_s4u_x509_user **s4u2self_req,
+                         krb5_db_entry **princ_ptr, const char **status);
+
+krb5_error_code
+s4u2self_forwardable(krb5_context context, krb5_db_entry *server,
+                     krb5_flags *tktflags);
+
+krb5_error_code
+kdc_make_s4u2self_rep (krb5_context context,
+                       krb5_keyblock *tgs_subkey,
+                       krb5_keyblock *tgs_session,
+                       krb5_pa_s4u_x509_user *req_s4u_user,
+                       krb5_kdc_rep *reply,
+                       krb5_enc_kdc_rep_part *reply_encpart);
+
+krb5_error_code
+kdc_check_transited_list(krb5_context context, const krb5_data *trans,
+                         const krb5_data *realm1, const krb5_data *realm2);
+
+void
+kdc_get_ticket_endtime(kdc_realm_t *realm, krb5_timestamp now,
+                       krb5_timestamp endtime, krb5_timestamp till,
+                       krb5_db_entry *client, krb5_db_entry *server,
+                       krb5_timestamp *out_endtime);
+
+void
+kdc_get_ticket_renewtime(kdc_realm_t *realm, krb5_kdc_req *request,
+                         krb5_enc_tkt_part *tgt, krb5_db_entry *client,
+                         krb5_db_entry *server, krb5_flags *tktflags,
+                         krb5_ticket_times *times);
+
+void
+log_as_req(krb5_context context,
+           const krb5_fulladdr *local_addr,
+           const krb5_fulladdr *remote_addr,
+           krb5_kdc_req *request, krb5_kdc_rep *reply,
+           krb5_db_entry *client, const char *cname,
+           krb5_db_entry *server, const char *sname,
+           krb5_timestamp authtime,
+           const char *status, krb5_error_code errcode, const char *emsg);
+void
+log_tgs_req(krb5_context ctx, const krb5_fulladdr *from,
+            krb5_kdc_req *request, krb5_kdc_rep *reply,
+            krb5_principal cprinc, krb5_principal sprinc,
+            krb5_principal altcprinc,
+            krb5_timestamp authtime,
+            unsigned int c_flags,
+            const char *status, krb5_error_code errcode, const char *emsg);
+void
+log_tgs_badtrans(krb5_context ctx, krb5_principal cprinc,
+                 krb5_principal sprinc, krb5_data *trcont,
+                 krb5_error_code errcode);
+
+void
+log_tgs_alt_tgt(krb5_context context, krb5_principal p);
+
+krb5_boolean
+is_client_db_alias(krb5_context context, const krb5_db_entry *entry,
+                   krb5_const_principal princ);
+
+/* FAST*/
+enum krb5_fast_kdc_flags {
+    KRB5_FAST_REPLY_KEY_USED = 0x1,
+    KRB5_FAST_REPLY_KEY_REPLACED = 0x02
+};
+
+/*
+ * If *requestptr contains FX_FAST padata, compute the armor key, verify the
+ * checksum over checksummed_data, decode the FAST request, and substitute
+ * *requestptr with the inner request.  Set the armor_key, cookie, and
+ * fast_options fields in state.  state->cookie will be set for a non-FAST
+ * request if it contains FX_COOKIE padata.  If inner_body_out is non-NULL, set
+ * *inner_body_out to a copy of the encoded inner body, or to NULL if the
+ * request is not a FAST request.
+ */
+krb5_error_code
+kdc_find_fast (krb5_kdc_req **requestptr,  krb5_data *checksummed_data,
+               krb5_keyblock *tgs_subkey, krb5_keyblock *tgs_session,
+               struct kdc_request_state *state, krb5_data **inner_body_out);
+
+krb5_error_code
+kdc_fast_response_handle_padata (struct kdc_request_state *state,
+                                 krb5_kdc_req *request,
+                                 krb5_kdc_rep *rep,
+                                 krb5_enctype enctype);
+krb5_error_code
+kdc_fast_handle_error (krb5_context context,
+                       struct kdc_request_state *state,
+                       krb5_kdc_req *request,
+                       krb5_pa_data  **in_padata, krb5_error *err,
+                       krb5_data **fast_edata_out);
+
+krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state,
+                                          krb5_keyblock *existing_key,
+                                          krb5_keyblock **out_key);
+
+
+krb5_boolean
+kdc_fast_hide_client(struct kdc_request_state *state);
+
+krb5_error_code
+kdc_handle_protected_negotiation( krb5_context context,
+                                  krb5_data *req_pkt, krb5_kdc_req *request,
+                                  const krb5_keyblock *reply_key,
+                                  krb5_pa_data ***out_enc_padata);
+
+krb5_error_code
+kdc_fast_read_cookie(krb5_context context, struct kdc_request_state *state,
+                     krb5_kdc_req *req, krb5_db_entry *local_tgt,
+                     krb5_keyblock *local_tgt_key);
+
+krb5_boolean kdc_fast_search_cookie(struct kdc_request_state *state,
+                                    krb5_preauthtype pa_type, krb5_data *out);
+
+krb5_error_code kdc_fast_set_cookie(struct kdc_request_state *state,
+                                    krb5_preauthtype pa_type,
+                                    const krb5_data *data);
+
+krb5_error_code
+kdc_fast_make_cookie(krb5_context context, struct kdc_request_state *state,
+                     krb5_db_entry *local_tgt, krb5_keyblock *local_tgt_key,
+                     krb5_const_principal client_princ,
+                     krb5_pa_data **cookie_out);
+
+krb5_error_code
+kdc_add_pa_pac_options(krb5_context context, krb5_kdc_req *request,
+                       krb5_pa_data ***out_enc_padata);
+
+krb5_error_code
+kdc_get_pa_pac_options(krb5_context context, krb5_pa_data **in_padata,
+                       krb5_pa_pac_options **pac_options_out);
+
+krb5_error_code
+kdc_get_pa_pac_rbcd(krb5_context context, krb5_pa_data **in_padata,
+                    krb5_boolean *supported);
+
+/* Information handle for kdcpreauth callbacks.  All pointers are aliases. */
+struct krb5_kdcpreauth_rock_st {
+    krb5_kdc_req *request;
+    krb5_data *inner_body;
+    krb5_db_entry *client;
+    krb5_db_entry *local_tgt;
+    krb5_keyblock *local_tgt_key;
+    krb5_key_data *client_key;
+    krb5_keyblock *client_keyblock;
+    struct kdc_request_state *rstate;
+    verto_ctx *vctx;
+    krb5_data ***auth_indicators;
+    krb5_boolean send_freshness_token;
+    krb5_boolean replaced_reply_key;
+};
+
+#define isflagset(flagfield, flag) (flagfield & (flag))
+#define setflag(flagfield, flag) (flagfield |= (flag))
+#define clear(flagfield, flag) (flagfield &= ~(flag))
+
+#ifndef min
+#define min(a, b)       ((a) < (b) ? (a) : (b))
+#define max(a, b)       ((a) > (b) ? (a) : (b))
+#endif
+
+#define ts_min(a, b) (ts_after(a, b) ? (b) : (a))
+
+#define ADDRTYPE2FAMILY(X)                                              \
+    ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
+
+/* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK
+ * RFC 4556: KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED */
+#define KRB5KDC_ERR_KEY_TOO_WEAK KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED
+/* TGS-REQ options where the service can be a non-TGS principal  */
+
+#define NON_TGT_OPTION (KDC_OPT_FORWARDED | KDC_OPT_PROXY | KDC_OPT_RENEW | \
+                        KDC_OPT_VALIDATE)
+
+/* TGS-REQ options which are not compatible with referrals */
+#define NO_REFERRAL_OPTION (NON_TGT_OPTION | KDC_OPT_ENC_TKT_IN_SKEY)
+
+/* Options incompatible with AS and S4U2Self requests */
+#define AS_INVALID_OPTIONS (NO_REFERRAL_OPTION | KDC_OPT_CNAME_IN_ADDL_TKT)
+
+/*
+ * Mask of KDC options that request the corresponding ticket flag with
+ * the same number.  Some of these are invalid for AS-REQs, but
+ * validate_as_request() takes care of that.  KDC_OPT_RENEWABLE isn't
+ * here because it needs special handling in
+ * kdc_get_ticket_renewtime().
+ *
+ * According to RFC 4120 section 3.1.3 the following AS-REQ options
+ * request their corresponding ticket flags if local policy allows:
+ *
+ * KDC_OPT_FORWARDABLE  KDC_OPT_ALLOW_POSTDATE
+ * KDC_OPT_POSTDATED    KDC_OPT_PROXIABLE
+ * KDC_OPT_RENEWABLE
+ *
+ * RFC 1510 section A.6 shows pseudocode indicating that the following
+ * TGS-REQ options request their corresponding ticket flags if local
+ * policy allows:
+ *
+ * KDC_OPT_FORWARDABLE  KDC_OPT_FORWARDED
+ * KDC_OPT_PROXIABLE    KDC_OPT_PROXY
+ * KDC_OPT_POSTDATED    KDC_OPT_RENEWABLE
+ *
+ * The above list omits KDC_OPT_ALLOW_POSTDATE, but RFC 4120 section
+ * 5.4.1 says the TGS also handles it.
+ *
+ * RFC 6112 makes KDC_OPT_REQUEST_ANONYMOUS the same bit number as
+ * TKT_FLG_ANONYMOUS.
+ */
+#define OPTS_COMMON_FLAGS_MASK                                  \
+    (KDC_OPT_FORWARDABLE        | KDC_OPT_FORWARDED     |       \
+     KDC_OPT_PROXIABLE          | KDC_OPT_PROXY         |       \
+     KDC_OPT_ALLOW_POSTDATE     | KDC_OPT_POSTDATED     |       \
+     KDC_OPT_REQUEST_ANONYMOUS)
+
+/* Copy KDC options that request the corresponding ticket flags. */
+#define OPTS2FLAGS(x) (x & OPTS_COMMON_FLAGS_MASK)
+
+/*
+ * Mask of ticket flags for the TGS to propagate from a ticket to a
+ * derivative ticket.
+ *
+ * RFC 4120 section 2.1 says the following flags are carried forward
+ * from an initial ticket to derivative tickets:
+ *
+ * TKT_FLG_PRE_AUTH
+ * TKT_FLG_HW_AUTH
+ *
+ * RFC 4120 section 2.6 says TKT_FLG_FORWARDED is carried forward to
+ * derivative tickets.  Proxy tickets are basically identical to
+ * forwarded tickets except that a TGT may never be proxied, therefore
+ * tickets derived from proxy tickets should have TKT_FLAG_PROXY set.
+ * RFC 4120 and RFC 1510 apparently have an accidental omission in not
+ * requiring that tickets derived from a proxy ticket have
+ * TKT_FLG_PROXY set.  Previous code also omitted this behavior.
+ *
+ * RFC 6112 section 4.2 implies that TKT_FLG_ANONYMOUS must be
+ * propagated from an anonymous ticket to derivative tickets.
+ */
+#define TGS_COPIED_FLAGS_MASK                           \
+    (TKT_FLG_FORWARDED  | TKT_FLG_PROXY         |       \
+     TKT_FLG_PRE_AUTH   | TKT_FLG_HW_AUTH       |       \
+     TKT_FLG_ANONYMOUS)
+
+/* Copy appropriate header ticket flags to new ticket. */
+#define COPY_TKT_FLAGS(x) (x & TGS_COPIED_FLAGS_MASK)
+
+int check_anon(kdc_realm_t *realm, krb5_principal client,
+               krb5_principal server);
+int errcode_to_protocol(krb5_error_code code);
+
+char *data2string(krb5_data *d);
+
+/* Return the current key version of entry, or 0 if it has no keys. */
+static inline krb5_kvno
+current_kvno(krb5_db_entry *entry)
+{
+    return (entry->n_key_data == 0) ? 0 : entry->key_data[0].key_data_kvno;
+}
+
+/* MS-PAC section 2.9 */
+struct pac_s4u_delegation_info {
+    char *proxy_target;
+    uint32_t transited_services_length;
+    char **transited_services;
+};
+
+/* Leaves room for one additional service. */
+krb5_error_code
+ndr_dec_delegation_info(krb5_data *data,
+                        struct pac_s4u_delegation_info **res);
+
+krb5_error_code
+ndr_enc_delegation_info(struct pac_s4u_delegation_info *in,
+                        krb5_data *out);
+
+void ndr_free_delegation_info(struct pac_s4u_delegation_info *in);
+
+#endif /* __KRB5_KDC_UTIL__ */
diff --git a/krb5-1.21.3/src/kdc/main.c b/krb5-1.21.3/src/kdc/main.c
new file mode 100644
index 00000000..bfdfef5c
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/main.c
@@ -0,0 +1,1056 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/main.c - Main procedure body for the KDC server process */
+/*
+ * Copyright 1990,2001,2008,2009,2016 by the Massachusetts Institute of
+ * Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include <kadm5/admin.h>
+#include "adm_proto.h"
+#include "kdc_util.h"
+#include "kdc_audit.h"
+#include "extern.h"
+#include "policy.h"
+#include "kdc5_err.h"
+#include "kdb_kt.h"
+#include "net-server.h"
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <locale.h>
+#include <syslog.h>
+#include <signal.h>
+#include <netdb.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <sys/wait.h>
+
+#if defined(NEED_DAEMON_PROTO)
+extern int daemon(int, int);
+#endif
+
+static void usage (char *);
+
+static void initialize_realms(krb5_context kcontext, int argc, char **argv,
+                              int *tcp_listen_backlog_out);
+
+static void finish_realms (void);
+
+static int nofork = 0;
+static int workers = 0;
+static int time_offset = 0;
+static const char *pid_file = NULL;
+static volatile int signal_received = 0;
+static volatile int sighup_received = 0;
+
+#define KRB5_KDC_MAX_REALMS     32
+
+static const char *kdc_progname;
+
+/*
+ * Static server_handle for this file.  Other code will get access to
+ * it through the application handle that net-server.c uses.
+ */
+static struct server_handle shandle;
+
+/*
+ * We use krb5_klog_init to set up a com_err callback to log error
+ * messages.  The callback also pulls the error message out of the
+ * context we pass to krb5_klog_init; however, we use realm-specific
+ * contexts for most of our krb5 library calls, so the error message
+ * isn't present in the global context.  This wrapper ensures that the
+ * error message state from the call context is copied into the
+ * context known by krb5_klog.  call_context can be NULL if the error
+ * code did not come from a krb5 library function.
+ */
+void
+kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...)
+{
+    va_list ap;
+
+    if (call_context)
+        krb5_copy_error_message(shandle.kdc_err_context, call_context);
+    va_start(ap, fmt);
+    com_err_va(kdc_progname, code, fmt, ap);
+    va_end(ap);
+}
+
+/*
+ * Find the realm entry for a given realm.
+ */
+kdc_realm_t *
+find_realm_data(struct server_handle *handle, char *rname, krb5_ui_4 rsize)
+{
+    int i;
+    kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;
+    int kdc_numrealms = handle->kdc_numrealms;
+
+    for (i=0; i<kdc_numrealms; i++) {
+        if ((rsize == strlen(kdc_realmlist[i]->realm_name)) &&
+            !strncmp(rname, kdc_realmlist[i]->realm_name, rsize))
+            return(kdc_realmlist[i]);
+    }
+    return((kdc_realm_t *) NULL);
+}
+
+kdc_realm_t *
+setup_server_realm(struct server_handle *handle, krb5_principal sprinc)
+{
+    kdc_realm_t         *newrealm;
+    kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;
+    int kdc_numrealms = handle->kdc_numrealms;
+
+    if (sprinc == NULL)
+        return NULL;
+
+    if (kdc_numrealms > 1) {
+        newrealm = find_realm_data(handle, sprinc->realm.data,
+                                   sprinc->realm.length);
+    } else {
+        newrealm = kdc_realmlist[0];
+    }
+    if (newrealm != NULL) {
+        krb5_klog_set_context(newrealm->realm_context);
+        shandle.kdc_err_context = newrealm->realm_context;
+    }
+    return newrealm;
+}
+
+static void
+finish_realm(kdc_realm_t *rdp)
+{
+    if (rdp->realm_name)
+        free(rdp->realm_name);
+    if (rdp->realm_mpname)
+        free(rdp->realm_mpname);
+    if (rdp->realm_stash)
+        free(rdp->realm_stash);
+    if (rdp->realm_listen)
+        free(rdp->realm_listen);
+    if (rdp->realm_tcp_listen)
+        free(rdp->realm_tcp_listen);
+    if (rdp->realm_keytab)
+        krb5_kt_close(rdp->realm_context, rdp->realm_keytab);
+    if (rdp->realm_hostbased)
+        free(rdp->realm_hostbased);
+    if (rdp->realm_no_referral)
+        free(rdp->realm_no_referral);
+    if (rdp->realm_context) {
+        if (rdp->realm_mprinc)
+            krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
+        zapfree(rdp->realm_mkey.contents, rdp->realm_mkey.length);
+        krb5_db_fini(rdp->realm_context);
+        if (rdp->realm_tgsprinc)
+            krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
+        krb5_free_context(rdp->realm_context);
+    }
+    zapfree(rdp, sizeof(*rdp));
+}
+
+/* Set *val_out to an allocated string containing val1 and/or val2, separated
+ * by a space if both are set, or NULL if neither is set. */
+static krb5_error_code
+combine(const char *val1, const char *val2, char **val_out)
+{
+    if (val1 == NULL && val2 == NULL) {
+        *val_out = NULL;
+    } else if (val1 != NULL && val2 != NULL) {
+        if (asprintf(val_out, "%s %s", val1, val2) < 0) {
+            *val_out = NULL;
+            return ENOMEM;
+        }
+    } else {
+        *val_out = strdup((val1 != NULL) ? val1 : val2);
+        if (*val_out == NULL)
+            return ENOMEM;
+    }
+    return 0;
+}
+
+/*
+ * Initialize a realm control structure from the alternate profile or from
+ * the specified defaults.
+ *
+ * After we're complete here, the essence of the realm is embodied in the
+ * realm data and we should be all set to begin operation for that realm.
+ */
+static  krb5_error_code
+init_realm(kdc_realm_t * rdp, krb5_pointer aprof, char *realm,
+           char *def_mpname, krb5_enctype def_enctype, char *def_udp_listen,
+           char *def_tcp_listen, krb5_boolean def_manual,
+           krb5_boolean def_restrict_anon, char **db_args, char *no_referral,
+           char *hostbased)
+{
+    krb5_error_code     kret;
+    krb5_boolean        manual;
+    int                 kdb_open_flags;
+    char                *svalue = NULL;
+    const char          *hierarchy[4];
+    krb5_kvno       mkvno = IGNORE_VNO;
+    char ename[32];
+
+    memset(rdp, 0, sizeof(kdc_realm_t));
+    if (!realm) {
+        kret = EINVAL;
+        goto whoops;
+    }
+
+    if (def_enctype != ENCTYPE_UNKNOWN &&
+        krb5int_c_deprecated_enctype(def_enctype)) {
+        if (krb5_enctype_to_name(def_enctype, FALSE, ename, sizeof(ename)))
+            ename[0] = '\0';
+        fprintf(stderr,
+                _("Requested master password enctype %s in %s is "
+                  "DEPRECATED!\n"),
+                ename, realm);
+    }
+
+    hierarchy[0] = KRB5_CONF_REALMS;
+    hierarchy[1] = realm;
+    hierarchy[3] = NULL;
+
+    rdp->realm_name = strdup(realm);
+    if (rdp->realm_name == NULL) {
+        kret = ENOMEM;
+        goto whoops;
+    }
+    kret = krb5int_init_context_kdc(&rdp->realm_context);
+    if (kret) {
+        kdc_err(NULL, kret, _("while getting context for realm %s"), realm);
+        goto whoops;
+    }
+    if (time_offset != 0)
+        (void)krb5_set_time_offsets(rdp->realm_context, time_offset, 0);
+
+    /* Handle master key name */
+    hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_mpname)) {
+        rdp->realm_mpname = (def_mpname) ? strdup(def_mpname) :
+            strdup(KRB5_KDB_M_NAME);
+    }
+    if (!rdp->realm_mpname) {
+        kret = ENOMEM;
+        goto whoops;
+    }
+
+    /* Handle KDC addresses/ports */
+    hierarchy[2] = KRB5_CONF_KDC_LISTEN;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_listen)) {
+        /* Try the old kdc_ports configuration option. */
+        hierarchy[2] = KRB5_CONF_KDC_PORTS;
+        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_listen))
+            rdp->realm_listen = strdup(def_udp_listen);
+    }
+    if (!rdp->realm_listen) {
+        kret = ENOMEM;
+        goto whoops;
+    }
+    hierarchy[2] = KRB5_CONF_KDC_TCP_LISTEN;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE,
+                              &rdp->realm_tcp_listen)) {
+        /* Try the old kdc_tcp_ports configuration option. */
+        hierarchy[2] = KRB5_CONF_KDC_TCP_PORTS;
+        if (krb5_aprof_get_string(aprof, hierarchy, TRUE,
+                                  &rdp->realm_tcp_listen))
+            rdp->realm_tcp_listen = strdup(def_tcp_listen);
+    }
+    if (!rdp->realm_tcp_listen) {
+        kret = ENOMEM;
+        goto whoops;
+    }
+    /* Handle stash file */
+    hierarchy[2] = KRB5_CONF_KEY_STASH_FILE;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &rdp->realm_stash))
+        manual = def_manual;
+    else
+        manual = FALSE;
+
+    hierarchy[2] = KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT;
+    if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
+                               &rdp->realm_restrict_anon))
+        rdp->realm_restrict_anon = def_restrict_anon;
+
+    /* Handle master key type */
+    hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &svalue) ||
+        krb5_string_to_enctype(svalue, &rdp->realm_mkey.enctype))
+        rdp->realm_mkey.enctype = manual ? def_enctype : ENCTYPE_UNKNOWN;
+    free(svalue);
+    svalue = NULL;
+
+    /* Handle reject-bad-transit flag */
+    hierarchy[2] = KRB5_CONF_REJECT_BAD_TRANSIT;
+    if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
+                                &rdp->realm_reject_bad_transit))
+        rdp->realm_reject_bad_transit = TRUE;
+
+    /* Handle ticket maximum life */
+    hierarchy[2] = KRB5_CONF_MAX_LIFE;
+    if (krb5_aprof_get_deltat(aprof, hierarchy, TRUE, &rdp->realm_maxlife))
+        rdp->realm_maxlife = KRB5_KDB_MAX_LIFE;
+
+    /* Handle ticket renewable maximum life */
+    hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE;
+    if (krb5_aprof_get_deltat(aprof, hierarchy, TRUE, &rdp->realm_maxrlife))
+        rdp->realm_maxrlife = KRB5_KDB_MAX_RLIFE;
+
+    /* Handle KDC referrals */
+    hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL;
+    (void)krb5_aprof_get_string_all(aprof, hierarchy, &svalue);
+    kret = combine(no_referral, svalue, &rdp->realm_no_referral);
+    if (kret)
+        goto whoops;
+    free(svalue);
+    svalue = NULL;
+
+    hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES;
+    (void)krb5_aprof_get_string_all(aprof, hierarchy, &svalue);
+    kret = combine(hostbased, svalue, &rdp->realm_hostbased);
+    if (kret)
+        goto whoops;
+    free(svalue);
+    svalue = NULL;
+
+    hierarchy[2] = KRB5_CONF_DISABLE_PAC;
+    if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE,
+                               &rdp->realm_disable_pac))
+        rdp->realm_disable_pac = FALSE;
+
+    /*
+     * We've got our parameters, now go and setup our realm context.
+     */
+
+    /* Set the default realm of this context */
+    if ((kret = krb5_set_default_realm(rdp->realm_context, realm))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while setting default realm to %s"), realm);
+        goto whoops;
+    }
+
+    /* first open the database  before doing anything */
+    kdb_open_flags = KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC;
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, kdb_open_flags))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while initializing database for realm %s"), realm);
+        goto whoops;
+    }
+
+    /* Assemble and parse the master key name */
+    if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname,
+                                        rdp->realm_name, (char **) NULL,
+                                        &rdp->realm_mprinc))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while setting up master key name %s for realm %s"),
+                rdp->realm_mpname, realm);
+        goto whoops;
+    }
+
+    /*
+     * Get the master key (note, may not be the most current mkey).
+     */
+    if ((kret = krb5_db_fetch_mkey(rdp->realm_context, rdp->realm_mprinc,
+                                   rdp->realm_mkey.enctype, manual,
+                                   FALSE, rdp->realm_stash,
+                                   &mkvno, NULL, &rdp->realm_mkey))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while fetching master key %s for realm %s"),
+                rdp->realm_mpname, realm);
+        goto whoops;
+    }
+
+    if (krb5int_c_deprecated_enctype(rdp->realm_mkey.enctype)) {
+        if (krb5_enctype_to_name(rdp->realm_mkey.enctype, FALSE, ename,
+                                 sizeof(ename)))
+            ename[0] = '\0';
+        fprintf(stderr, _("Stash file %s uses DEPRECATED enctype %s!\n"),
+                rdp->realm_stash, ename);
+    }
+
+    if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc,
+                                        &rdp->realm_mkey))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while fetching master keys list for realm %s"), realm);
+        goto whoops;
+    }
+
+
+    /* Set up the keytab */
+    if ((kret = krb5_ktkdb_resolve(rdp->realm_context, NULL,
+                                   &rdp->realm_keytab))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while resolving kdb keytab for realm %s"), realm);
+        goto whoops;
+    }
+
+    /* Preformat the TGS name */
+    if ((kret = krb5_build_principal(rdp->realm_context, &rdp->realm_tgsprinc,
+                                     strlen(realm), realm, KRB5_TGS_NAME,
+                                     realm, (char *) NULL))) {
+        kdc_err(rdp->realm_context, kret,
+                _("while building TGS name for realm %s"), realm);
+        goto whoops;
+    }
+
+whoops:
+    /*
+     * If we choked, then clean up any dirt we may have dropped on the floor.
+     */
+    if (kret) {
+
+        finish_realm(rdp);
+    }
+    return(kret);
+}
+
+static void
+on_monitor_signal(int signo)
+{
+    signal_received = signo;
+}
+
+static void
+on_monitor_sighup(int signo)
+{
+    sighup_received = 1;
+}
+
+/*
+ * Kill the worker subprocesses given by pids[0..bound-1], skipping any which
+ * are set to -1, and wait for them to exit (so that we know the ports are no
+ * longer in use).
+ */
+static void
+terminate_workers(pid_t *pids, int bound)
+{
+    int i, status, num_active = 0;
+    pid_t pid;
+
+    /* Kill the active worker pids. */
+    for (i = 0; i < bound; i++) {
+        if (pids[i] == -1)
+            continue;
+        kill(pids[i], SIGTERM);
+        num_active++;
+    }
+
+    /* Wait for them to exit. */
+    while (num_active > 0) {
+        pid = wait(&status);
+        if (pid >= 0)
+            num_active--;
+    }
+}
+
+/*
+ * Create num worker processes and return successfully in each child.  The
+ * parent process will act as a supervisor and will only return from this
+ * function in error cases.
+ */
+static krb5_error_code
+create_workers(verto_ctx *ctx, int num)
+{
+    krb5_error_code retval;
+    int i, status;
+    pid_t pid, *pids;
+#ifdef POSIX_SIGNALS
+    struct sigaction s_action;
+#endif /* POSIX_SIGNALS */
+
+    /*
+     * Setup our signal handlers which will forward to the children.
+     * These handlers will be overridden in the child processes.
+     */
+#ifdef POSIX_SIGNALS
+    (void) sigemptyset(&s_action.sa_mask);
+    s_action.sa_flags = 0;
+    s_action.sa_handler = on_monitor_signal;
+    (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
+    (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
+    (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL);
+    s_action.sa_handler = on_monitor_sighup;
+    (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
+#else  /* POSIX_SIGNALS */
+    signal(SIGINT, on_monitor_signal);
+    signal(SIGTERM, on_monitor_signal);
+    signal(SIGQUIT, on_monitor_signal);
+    signal(SIGHUP, on_monitor_sighup);
+#endif /* POSIX_SIGNALS */
+
+    /* Create child worker processes; return in each child. */
+    krb5_klog_syslog(LOG_INFO, _("creating %d worker processes"), num);
+    pids = calloc(num, sizeof(pid_t));
+    if (pids == NULL)
+        return ENOMEM;
+    for (i = 0; i < num; i++) {
+        pid = fork();
+        if (pid == 0) {
+            free(pids);
+            if (!verto_reinitialize(ctx)) {
+                krb5_klog_syslog(LOG_ERR,
+                                 _("Unable to reinitialize main loop"));
+                return ENOMEM;
+            }
+            retval = loop_setup_signals(ctx, &shandle, reset_for_hangup);
+            if (retval) {
+                krb5_klog_syslog(LOG_ERR, _("Unable to initialize signal "
+                                            "handlers in pid %d"), pid);
+                return retval;
+            }
+
+            /* Avoid race condition */
+            if (signal_received)
+                exit(0);
+
+            /* Return control to main() in the new worker process. */
+            return 0;
+        }
+        if (pid == -1) {
+            /* Couldn't fork enough times. */
+            status = errno;
+            terminate_workers(pids, i);
+            free(pids);
+            return status;
+        }
+        pids[i] = pid;
+    }
+
+    /* We're going to use our own main loop here. */
+    loop_free(ctx);
+
+    /* Supervise the worker processes. */
+    while (!signal_received) {
+        /* Wait until a worker process exits or we get a signal. */
+        pid = wait(&status);
+        if (pid >= 0) {
+            krb5_klog_syslog(LOG_ERR, _("worker %ld exited with status %d"),
+                             (long) pid, status);
+
+            /* Remove the pid from the table. */
+            for (i = 0; i < num; i++) {
+                if (pids[i] == pid)
+                    pids[i] = -1;
+            }
+
+            /* When one worker process exits, terminate them all, so that KDC
+             * crashes behave similarly with or without worker processes. */
+            break;
+        }
+
+        /* Propagate HUP signal to worker processes if we received one. */
+        if (sighup_received) {
+            sighup_received = 0;
+            for (i = 0; i < num; i++) {
+                if (pids[i] != -1)
+                    kill(pids[i], SIGHUP);
+            }
+        }
+    }
+    if (signal_received)
+        krb5_klog_syslog(LOG_INFO, _("signal %d received in supervisor"),
+                         signal_received);
+
+    terminate_workers(pids, num);
+    free(pids);
+    exit(0);
+}
+
+static void
+usage(char *name)
+{
+    fprintf(stderr,
+            _("usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n"
+              "\t\t[-T time_offset] [-m] [-k masterenctype]\n"
+              "\t\t[-M masterkeyname] [-p port] [-P pid_file]\n"
+              "\t\t[-n] [-w numworkers] [/]\n\n"
+              "where,\n"
+              "\t[-x db_args]* - Any number of database specific arguments.\n"
+              "\t\t\tLook at each database module documentation for "
+              "\t\t\tsupported arguments\n"),
+            name);
+    exit(1);
+}
+
+
+static void
+initialize_realms(krb5_context kcontext, int argc, char **argv,
+                  int *tcp_listen_backlog_out)
+{
+    int                 c;
+    char                *db_name = (char *) NULL;
+    char                *lrealm = (char *) NULL;
+    char                *mkey_name = (char *) NULL;
+    krb5_error_code     retval;
+    krb5_enctype        menctype = ENCTYPE_UNKNOWN;
+    kdc_realm_t         *rdatap = NULL;
+    krb5_boolean        manual = FALSE;
+    krb5_boolean        def_restrict_anon;
+    char                *def_udp_listen = NULL;
+    char                *def_tcp_listen = NULL;
+    krb5_pointer        aprof = kcontext->profile;
+    const char          *hierarchy[3];
+    char                *no_referral = NULL;
+    char                *hostbased = NULL;
+    int                  db_args_size = 0;
+    char                **db_args = NULL;
+
+    extern char *optarg;
+
+    hierarchy[0] = KRB5_CONF_KDCDEFAULTS;
+    hierarchy[1] = KRB5_CONF_KDC_LISTEN;
+    hierarchy[2] = NULL;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &def_udp_listen)) {
+        hierarchy[1] = KRB5_CONF_KDC_PORTS;
+        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &def_udp_listen))
+            def_udp_listen = NULL;
+    }
+    hierarchy[1] = KRB5_CONF_KDC_TCP_LISTEN;
+    if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &def_tcp_listen)) {
+        hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS;
+        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &def_tcp_listen))
+            def_tcp_listen = NULL;
+    }
+    hierarchy[1] = KRB5_CONF_KDC_MAX_DGRAM_REPLY_SIZE;
+    if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size))
+        max_dgram_reply_size = MAX_DGRAM_SIZE;
+    if (tcp_listen_backlog_out != NULL) {
+        hierarchy[1] = KRB5_CONF_KDC_TCP_LISTEN_BACKLOG;
+        if (krb5_aprof_get_int32(aprof, hierarchy, TRUE,
+                                 tcp_listen_backlog_out))
+            *tcp_listen_backlog_out = DEFAULT_TCP_LISTEN_BACKLOG;
+    }
+    hierarchy[1] = KRB5_CONF_RESTRICT_ANONYMOUS_TO_TGT;
+    if (krb5_aprof_get_boolean(aprof, hierarchy, TRUE, &def_restrict_anon))
+        def_restrict_anon = FALSE;
+    hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL;
+    if (krb5_aprof_get_string_all(aprof, hierarchy, &no_referral))
+        no_referral = 0;
+    hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES;
+    if (krb5_aprof_get_string_all(aprof, hierarchy, &hostbased))
+        hostbased = 0;
+
+    if (def_udp_listen == NULL) {
+        def_udp_listen = strdup(DEFAULT_KDC_UDP_PORTLIST);
+        if (def_udp_listen == NULL) {
+            fprintf(stderr, _(" KDC cannot initialize. Not enough memory\n"));
+            exit(1);
+        }
+    }
+    if (def_tcp_listen == NULL) {
+        def_tcp_listen = strdup(DEFAULT_KDC_TCP_PORTLIST);
+        if (def_tcp_listen == NULL) {
+            fprintf(stderr, _(" KDC cannot initialize. Not enough memory\n"));
+            exit(1);
+        }
+    }
+
+    /*
+     * Loop through the option list.  Each time we encounter a realm name, use
+     * the previously scanned options to fill in for defaults.  We do this
+     * twice if worker processes are used, so we must initialize optind.
+     */
+    optind = 1;
+    while ((c = getopt(argc, argv, "x:r:d:mM:k:R:P:p:nw:4:T:X3")) != -1) {
+        switch(c) {
+        case 'x':
+            db_args_size++;
+            {
+                char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+                if( temp == NULL )
+                {
+                    fprintf(stderr, _("%s: KDC cannot initialize. Not enough "
+                                      "memory\n"), argv[0]);
+                    exit(1);
+                }
+
+                db_args = temp;
+            }
+            db_args[db_args_size-1] = optarg;
+            db_args[db_args_size]   = NULL;
+            break;
+
+        case 'r':                       /* realm name for db */
+            if (!find_realm_data(&shandle, optarg, (krb5_ui_4) strlen(optarg))) {
+                if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
+                    retval = init_realm(rdatap, aprof, optarg, mkey_name,
+                                        menctype, def_udp_listen,
+                                        def_tcp_listen, manual,
+                                        def_restrict_anon, db_args,
+                                        no_referral, hostbased);
+                    if (retval) {
+                        fprintf(stderr, _("%s: cannot initialize realm %s - "
+                                          "see log file for details\n"),
+                                argv[0], optarg);
+                        exit(1);
+                    }
+                    shandle.kdc_realmlist[shandle.kdc_numrealms] = rdatap;
+                    shandle.kdc_numrealms++;
+                    free(db_args), db_args=NULL, db_args_size = 0;
+                }
+                else
+                {
+                    fprintf(stderr, _("%s: cannot initialize realm %s. Not "
+                                      "enough memory\n"), argv[0], optarg);
+                    exit(1);
+                }
+            }
+            break;
+        case 'd':                       /* pathname for db */
+            /* now db_name is not a separate argument.
+             * It has to be passed as part of the db_args
+             */
+            if( db_name == NULL ) {
+                if (asprintf(&db_name, "dbname=%s", optarg) < 0) {
+                    fprintf(stderr, _("%s: KDC cannot initialize. Not enough "
+                                      "memory\n"), argv[0]);
+                    exit(1);
+                }
+            }
+
+            db_args_size++;
+            {
+                char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+                if( temp == NULL )
+                {
+                    fprintf(stderr, _("%s: KDC cannot initialize. Not enough "
+                                      "memory\n"), argv[0]);
+                    exit(1);
+                }
+
+                db_args = temp;
+            }
+            db_args[db_args_size-1] = db_name;
+            db_args[db_args_size]   = NULL;
+            break;
+        case 'm':                       /* manual type-in of master key */
+            manual = TRUE;
+            if (menctype == ENCTYPE_UNKNOWN)
+                menctype = DEFAULT_KDC_ENCTYPE;
+            break;
+        case 'M':                       /* master key name in DB */
+            mkey_name = optarg;
+            break;
+        case 'n':
+            nofork++;                   /* don't detach from terminal */
+            break;
+        case 'w':                       /* create multiple worker processes */
+            workers = atoi(optarg);
+            if (workers <= 0)
+                usage(argv[0]);
+            break;
+        case 'k':                       /* enctype for master key */
+            if (krb5_string_to_enctype(optarg, &menctype))
+                com_err(argv[0], 0, _("invalid enctype %s"), optarg);
+            break;
+        case 'R':
+            /* Replay cache name; defunct since we don't use a replay cache. */
+            break;
+        case 'P':
+            pid_file = optarg;
+            break;
+        case 'p':
+            free(def_udp_listen);
+            free(def_tcp_listen);
+            def_udp_listen = strdup(optarg);
+            def_tcp_listen = strdup(optarg);
+            if (def_udp_listen == NULL || def_tcp_listen == NULL) {
+                fprintf(stderr, _(" KDC cannot initialize. Not enough "
+                                  "memory\n"));
+                exit(1);
+            }
+            break;
+        case 'T':
+            time_offset = atoi(optarg);
+            break;
+        case '4':
+            break;
+        case 'X':
+            break;
+        case '?':
+        default:
+            usage(argv[0]);
+        }
+    }
+
+    /*
+     * Check to see if we processed any realms.
+     */
+    if (shandle.kdc_numrealms == 0) {
+        /* no realm specified, use default realm */
+        if ((retval = krb5_get_default_realm(kcontext, &lrealm))) {
+            com_err(argv[0], retval,
+                    _("while attempting to retrieve default realm"));
+            fprintf (stderr,
+                     _("%s: %s, attempting to retrieve default realm\n"),
+                     argv[0], krb5_get_error_message(kcontext, retval));
+            exit(1);
+        }
+        if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
+            retval = init_realm(rdatap, aprof, lrealm, mkey_name, menctype,
+                                def_udp_listen, def_tcp_listen, manual,
+                                def_restrict_anon, db_args, no_referral,
+                                hostbased);
+            if (retval) {
+                fprintf(stderr, _("%s: cannot initialize realm %s - see log "
+                                  "file for details\n"), argv[0], lrealm);
+                exit(1);
+            }
+            shandle.kdc_realmlist[0] = rdatap;
+            shandle.kdc_numrealms++;
+        }
+        krb5_free_default_realm(kcontext, lrealm);
+    }
+
+    if (def_udp_listen)
+        free(def_udp_listen);
+    if (def_tcp_listen)
+        free(def_tcp_listen);
+    if (db_args)
+        free(db_args);
+    if (db_name)
+        free(db_name);
+    if (hostbased)
+        free(hostbased);
+    if (no_referral)
+        free(no_referral);
+
+    return;
+}
+
+static krb5_error_code
+write_pid_file(const char *path)
+{
+    FILE *file;
+    unsigned long pid;
+
+    file = fopen(path, "w");
+    if (file == NULL)
+        return errno;
+    pid = (unsigned long) getpid();
+    if (fprintf(file, "%ld\n", pid) < 0 || fclose(file) == EOF)
+        return errno;
+    return 0;
+}
+
+static void
+finish_realms()
+{
+    int i;
+
+    for (i = 0; i < shandle.kdc_numrealms; i++) {
+        finish_realm(shandle.kdc_realmlist[i]);
+        shandle.kdc_realmlist[i] = 0;
+    }
+    shandle.kdc_numrealms = 0;
+}
+
+/*
+  outline:
+
+  process args & setup
+
+  initialize database access (fetch master key, open DB)
+
+  initialize network
+
+  loop:
+  listen for packet
+
+  determine packet type, dispatch to handling routine
+  (AS or TGS (or V4?))
+
+  reflect response
+
+  exit on signal
+
+  clean up secrets, close db
+
+  shut down network
+
+  exit
+*/
+
+int main(int argc, char **argv)
+{
+    krb5_error_code     retval;
+    krb5_context        kcontext;
+    kdc_realm_t *realm;
+    verto_ctx *ctx;
+    int tcp_listen_backlog;
+    int errout = 0;
+    int i;
+
+    setlocale(LC_ALL, "");
+    if (strrchr(argv[0], '/'))
+        argv[0] = strrchr(argv[0], '/')+1;
+
+    shandle.kdc_realmlist = malloc(sizeof(kdc_realm_t *) *
+                                   KRB5_KDC_MAX_REALMS);
+    if (shandle.kdc_realmlist == NULL) {
+        fprintf(stderr, _("%s: cannot get memory for realm list\n"), argv[0]);
+        exit(1);
+    }
+    memset(shandle.kdc_realmlist, 0,
+           (size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS));
+
+    /*
+     * A note about Kerberos contexts: This context, "kcontext", is used
+     * for the KDC operations, i.e. setup, network connection and error
+     * reporting.  The per-realm operations use the "realm_context"
+     * associated with each realm.
+     */
+    retval = krb5int_init_context_kdc(&kcontext);
+    if (retval) {
+        com_err(argv[0], retval, _("while initializing krb5"));
+        exit(1);
+    }
+    krb5_klog_init(kcontext, "kdc", argv[0], 1);
+    shandle.kdc_err_context = kcontext;
+    kdc_progname = argv[0];
+    /* N.B.: After this point, com_err sends output to the KDC log
+       file, and not to stderr.  We use the kdc_err wrapper around
+       com_err to ensure that the error state exists in the context
+       known to the krb5_klog callback. */
+
+    initialize_kdc5_error_table();
+
+    /*
+     * Scan through the argument list
+     */
+    initialize_realms(kcontext, argc, argv, &tcp_listen_backlog);
+
+#ifndef NOCACHE
+    retval = kdc_init_lookaside(kcontext);
+    if (retval) {
+        kdc_err(kcontext, retval, _("while initializing lookaside cache"));
+        finish_realms();
+        return 1;
+    }
+#endif
+
+    ctx = loop_init(VERTO_EV_TYPE_NONE);
+    if (!ctx) {
+        kdc_err(kcontext, ENOMEM, _("while creating main loop"));
+        finish_realms();
+        return 1;
+    }
+
+    load_preauth_plugins(&shandle, kcontext, ctx);
+    load_authdata_plugins(kcontext);
+    retval = load_kdcpolicy_plugins(kcontext);
+    if (retval) {
+        kdc_err(kcontext, retval, _("while loading KDC policy plugin"));
+        finish_realms();
+        return 1;
+    }
+
+    /* Add each realm's listener addresses to the loop. */
+    for (i = 0; i < shandle.kdc_numrealms; i++) {
+        realm = shandle.kdc_realmlist[i];
+        if (*realm->realm_listen != '\0') {
+            retval = loop_add_udp_address(KRB5_DEFAULT_PORT,
+                                          realm->realm_listen);
+            if (retval)
+                goto net_init_error;
+        }
+        if (*realm->realm_tcp_listen != '\0') {
+            retval = loop_add_tcp_address(KRB5_DEFAULT_PORT,
+                                          realm->realm_tcp_listen);
+            if (retval)
+                goto net_init_error;
+        }
+    }
+
+    if (workers == 0) {
+        retval = loop_setup_signals(ctx, &shandle, reset_for_hangup);
+        if (retval) {
+            kdc_err(kcontext, retval, _("while initializing signal handlers"));
+            finish_realms();
+            return 1;
+        }
+    }
+    if ((retval = loop_setup_network(ctx, &shandle, kdc_progname,
+                                     tcp_listen_backlog))) {
+    net_init_error:
+        kdc_err(kcontext, retval, _("while initializing network"));
+        finish_realms();
+        return 1;
+    }
+
+    /* Clean up realms for now and reinitialize them after daemonizing, since
+     * some KDB modules are not fork-safe. */
+    finish_realms();
+
+    if (!nofork && daemon(0, 0)) {
+        kdc_err(kcontext, errno, _("while detaching from tty"));
+        return 1;
+    }
+    if (pid_file != NULL) {
+        retval = write_pid_file(pid_file);
+        if (retval) {
+            kdc_err(kcontext, retval, _("while creating PID file"));
+            finish_realms();
+            return 1;
+        }
+    }
+    if (workers > 0) {
+        retval = create_workers(ctx, workers);
+        if (retval) {
+            kdc_err(kcontext, errno, _("creating worker processes"));
+            return 1;
+        }
+    }
+
+    initialize_realms(kcontext, argc, argv, NULL);
+
+    /* Initialize audit system and audit KDC startup. */
+    retval = load_audit_modules(kcontext);
+    if (retval) {
+        kdc_err(kcontext, retval, _("while loading audit plugin module(s)"));
+        finish_realms();
+        return 1;
+    }
+    krb5_klog_syslog(LOG_INFO, _("commencing operation"));
+    if (nofork)
+        fprintf(stderr, _("%s: starting...\n"), kdc_progname);
+    kau_kdc_start(kcontext, TRUE);
+
+    verto_run(ctx);
+    kau_kdc_stop(kcontext, TRUE);
+    krb5_klog_syslog(LOG_INFO, _("shutting down"));
+    unload_preauth_plugins(kcontext);
+    unload_authdata_plugins(kcontext);
+    unload_kdcpolicy_plugins(kcontext);
+    unload_audit_modules(kcontext);
+    krb5_klog_close(kcontext);
+    finish_realms();
+    if (shandle.kdc_realmlist)
+        free(shandle.kdc_realmlist);
+#ifndef NOCACHE
+    kdc_free_lookaside(kcontext);
+#endif
+    loop_free(ctx);
+    krb5_free_context(kcontext);
+    return errout;
+}
diff --git a/krb5-1.21.3/src/kdc/ndr.c b/krb5-1.21.3/src/kdc/ndr.c
new file mode 100644
index 00000000..d438408e
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/ndr.c
@@ -0,0 +1,331 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/ndr.c - NDR encoding and decoding functions */
+/*
+ * Copyright (C) 2021 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-input.h"
+#include "k5-buf.h"
+#include "k5-utf8.h"
+#include "kdc_util.h"
+
+struct encoded_wchars {
+    uint16_t bytes_len;
+    uint16_t num_wchars;
+    uint8_t *encoded;
+};
+
+/*
+ * MS-DTYP 2.3.10:
+ *
+ * typedef struct _RPC_UNICODE_STRING {
+ *     unsigned short Length;
+ *     unsigned short MaximumLength;
+ *     [size_is(MaximumLength/2), length_is(Length/2)] WCHAR* Buffer;
+ * } RPC_UNICODE_STRING, *PRPC_UNICODE_STRING;
+ *
+ * Note that Buffer is not a String - there's no termination.
+ *
+ * We don't actually decode Length and MaximumLength here - this is a
+ * conformant-varying array, which means that (per DCE-1.1-RPC 14.3.7.2) where
+ * those actually appear in the serialized data is variable depending on
+ * whether the string is at top level of the struct or not.  (This also
+ * affects where the pointer identifier appears.)
+ *
+ * See MS-RPCE 4.7 for what an RPC_UNICODE_STRING looks like when not at
+ * top-level.
+ */
+static krb5_error_code
+dec_wchar_pointer(struct k5input *in, char **out)
+{
+    const uint8_t *bytes;
+    uint32_t actual_count;
+
+    /* Maximum count. */
+    (void)k5_input_get_uint32_le(in);
+    /* Offset - all zeroes, "should" not be checked. */
+    (void)k5_input_get_uint32_le(in);
+
+    actual_count = k5_input_get_uint32_le(in);
+    if (actual_count > UINT32_MAX / 2)
+        return ERANGE;
+
+    bytes = k5_input_get_bytes(in, actual_count * 2);
+    if (bytes == NULL || k5_utf16le_to_utf8(bytes, actual_count * 2, out) != 0)
+        return EINVAL;
+
+    /* Always align on 4. */
+    if (actual_count % 2 == 1)
+        (void)k5_input_get_uint16_le(in);
+
+    return 0;
+}
+
+static krb5_error_code
+enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out)
+{
+    krb5_error_code ret;
+    struct k5buf b;
+    size_t utf16len, num_wchars;
+    uint8_t *utf16;
+
+    ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len);
+    if (ret)
+        return ret;
+
+    num_wchars = utf16len / 2;
+
+    k5_buf_init_dynamic(&b);
+    k5_buf_add_uint32_le(&b, num_wchars + 1);
+    k5_buf_add_uint32_le(&b, 0);
+    k5_buf_add_uint32_le(&b, num_wchars);
+    k5_buf_add_len(&b, utf16, utf16len);
+
+    free(utf16);
+
+    if (num_wchars % 2 == 1)
+        k5_buf_add_uint16_le(&b, 0);
+
+    ret = k5_buf_status(&b);
+    if (ret)
+        return ret;
+
+    encoded_out->bytes_len = b.len;
+    encoded_out->num_wchars = num_wchars;
+    encoded_out->encoded = b.data;
+    return 0;
+}
+
+/*
+ * Decode a delegation info structure, leaving room to add an additional
+ * service.
+ *
+ * MS-PAC 2.9:
+ *
+ * typedef struct _S4U_DELEGATION_INFO {
+ *     RPC_UNICODE_STRING S4U2proxyTarget;
+ *     ULONG TransitedListSize;
+ *     [size_is(TransitedListSize)] PRPC_UNICODE_STRING S4UTransitedServices;
+ * } S4U_DELEGATION_INFO, *PS4U_DELEGATION_INFO;
+ */
+krb5_error_code
+ndr_dec_delegation_info(krb5_data *data, struct pac_s4u_delegation_info **out)
+{
+    krb5_error_code ret;
+    struct pac_s4u_delegation_info *di = NULL;
+    struct k5input in;
+    uint32_t i, object_buffer_length, nservices;
+    uint8_t version, endianness, common_header_length;
+
+    *out = NULL;
+
+    di = k5alloc(sizeof(*di), &ret);
+    if (di == NULL)
+        return ret;
+
+    k5_input_init(&in, data->data, data->length);
+
+    /* Common Type Header - MS-RPCE 2.2.6.1 */
+    version = k5_input_get_byte(&in);
+    endianness = k5_input_get_byte(&in);
+    common_header_length = k5_input_get_uint16_le(&in);
+    (void)k5_input_get_uint32_le(&in); /* Filler - 0xcccccccc. */
+    if (version != 1 || endianness != 0x10 || common_header_length != 8) {
+        ret = EINVAL;
+        goto error;
+    }
+
+    /* Private Header for Constructed Type - MS-RPCE 2.2.6.2 */
+    object_buffer_length = k5_input_get_uint32_le(&in);
+    if (data->length < 16 || object_buffer_length != data->length - 16) {
+        ret = EINVAL;
+        goto error;
+    }
+
+    (void)k5_input_get_uint32_le(&in); /* Filler - 0. */
+
+    /* This code doesn't handle re-used pointers, which could come into play in
+     * the unlikely case of a delegation loop. */
+
+    /* Pointer.  Microsoft always starts at 00 00 02 00 */
+    (void)k5_input_get_uint32_le(&in);
+    /* Length of proxy target - 2 */
+    (void)k5_input_get_uint16_le(&in);
+    /* Length of proxy target */
+    (void)k5_input_get_uint16_le(&in);
+    /* Another pointer - 04 00 02 00.  Microsoft increments by 4 (le). */
+    (void)k5_input_get_uint32_le(&in);
+
+    /* Transited services length - header version. */
+    (void)k5_input_get_uint32_le(&in);
+
+    /* More pointer: 08 00 02 00 */
+    (void)k5_input_get_uint32_le(&in);
+
+    ret = dec_wchar_pointer(&in, &di->proxy_target);
+    if (ret)
+        goto error;
+    nservices = k5_input_get_uint32_le(&in);
+
+    /* Here, we have encoded 2 bytes of length, 2 bytes of (length + 2), and 4
+     * bytes of pointer, for each element (deferred pointers). */
+    if (nservices > data->length / 8) {
+        ret = ERANGE;
+        goto error;
+    }
+    (void)k5_input_get_bytes(&in, 8 * nservices);
+
+    /* Since we're likely to add another entry, leave a blank at the end. */
+    di->transited_services = k5calloc(nservices + 1, sizeof(char *), &ret);
+    if (di->transited_services == NULL)
+        goto error;
+
+    for (i = 0; i < nservices; i++) {
+        ret = dec_wchar_pointer(&in, &di->transited_services[i]);
+        if (ret)
+            goto error;
+        di->transited_services_length++;
+    }
+
+    ret = in.status;
+    if (ret)
+        goto error;
+
+    *out = di;
+    return 0;
+
+error:
+    ndr_free_delegation_info(di);
+    return ret;
+}
+
+/* Empirically, Microsoft starts pointers at 00 00 02 00, and if treated little
+ * endian, they increase by 4. */
+static inline void
+write_ptr(struct k5buf *buf, uint32_t *pointer)
+{
+    if (*pointer == 0)
+        *pointer = 0x00020000;
+    k5_buf_add_uint32_le(buf, *pointer);
+    *pointer += 4;
+}
+
+krb5_error_code
+ndr_enc_delegation_info(struct pac_s4u_delegation_info *in, krb5_data *out)
+{
+    krb5_error_code ret;
+    size_t i;
+    struct k5buf b;
+    struct encoded_wchars pt_encoded = { 0 }, *tss_encoded = NULL;
+    uint32_t pointer = 0;
+
+    /* Encode ahead of time since we need the lengths. */
+    ret = enc_wchar_pointer(in->proxy_target, &pt_encoded);
+    if (ret)
+        goto cleanup;
+
+    tss_encoded = k5calloc(in->transited_services_length, sizeof(*tss_encoded),
+                           &ret);
+    if (tss_encoded == NULL)
+        goto cleanup;
+
+    k5_buf_init_dynamic(&b);
+
+    /* Common Type Header - MS-RPCE 2.2.6.1 */
+    k5_buf_add_len(&b, "\x01\x10\x08\x00", 4);
+    k5_buf_add_uint32_le(&b, 0xcccccccc);
+
+    /* Private Header for Constructed Type - MS-RPCE 2.2.6.2 */
+    k5_buf_add_uint32_le(&b, 0); /* Skip over where payload length goes. */
+    k5_buf_add_uint32_le(&b, 0); /* Filler - all zeroes. */
+
+    write_ptr(&b, &pointer);
+    k5_buf_add_uint16_le(&b, 2 * pt_encoded.num_wchars);
+    k5_buf_add_uint16_le(&b, 2 * (pt_encoded.num_wchars + 1));
+    write_ptr(&b, &pointer);
+
+    k5_buf_add_uint32_le(&b, in->transited_services_length);
+    write_ptr(&b, &pointer);
+
+    k5_buf_add_len(&b, pt_encoded.encoded, pt_encoded.bytes_len);
+
+    k5_buf_add_uint32_le(&b, in->transited_services_length);
+
+    /* Deferred pointers. */
+    for (i = 0; i < in->transited_services_length; i++) {
+        ret = enc_wchar_pointer(in->transited_services[i], &tss_encoded[i]);
+        if (ret)
+            goto cleanup;
+
+        k5_buf_add_uint16_le(&b, 2 * tss_encoded[i].num_wchars);
+        k5_buf_add_uint16_le(&b, 2 * (tss_encoded[i].num_wchars + 1));
+        write_ptr(&b, &pointer);
+    }
+
+    for (i = 0; i < in->transited_services_length; i++)
+        k5_buf_add_len(&b, tss_encoded[i].encoded, tss_encoded[i].bytes_len);
+
+    /* Now, pad to 8 bytes.  RPC_UNICODE_STRING is aligned on 4 bytes. */
+    if (b.len % 8 != 0)
+        k5_buf_add_uint32_le(&b, 0);
+
+    /* Record the payload length where we skipped over it previously. */
+    if (b.data != NULL)
+        store_32_le(b.len - 0x10, ((uint8_t *)b.data) + 8);
+
+    ret = k5_buf_status(&b);
+    if (ret)
+        goto cleanup;
+
+    *out = make_data(b.data, b.len);
+    b.data = NULL;
+
+cleanup:
+    free(b.data);
+    free(pt_encoded.encoded);
+    for (i = 0; tss_encoded != NULL && i < in->transited_services_length; i++)
+        free(tss_encoded[i].encoded);
+    free(tss_encoded);
+    return ret;
+}
+
+void
+ndr_free_delegation_info(struct pac_s4u_delegation_info *di)
+{
+    uint32_t i;
+
+    if (di == NULL)
+        return;
+    free(di->proxy_target);
+    for (i = 0; i < di->transited_services_length; i++)
+        free(di->transited_services[i]);
+    free(di->transited_services);
+    free(di);
+}
diff --git a/krb5-1.21.3/src/kdc/policy.c b/krb5-1.21.3/src/kdc/policy.c
new file mode 100644
index 00000000..a3ff556c
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/policy.c
@@ -0,0 +1,246 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/policy.c - Policy decision routines for KDC */
+/*
+ * Copyright (C) 2017 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "extern.h"
+#include "policy.h"
+#include "adm_proto.h"
+#include <krb5/kdcpolicy_plugin.h>
+#include <syslog.h>
+
+typedef struct kdcpolicy_handle_st {
+    struct krb5_kdcpolicy_vtable_st vt;
+    krb5_kdcpolicy_moddata moddata;
+} *kdcpolicy_handle;
+
+static kdcpolicy_handle *handles;
+
+static void
+free_indicators(char **ais)
+{
+    size_t i;
+
+    if (ais == NULL)
+        return;
+    for (i = 0; ais[i] != NULL; i++)
+        free(ais[i]);
+    free(ais);
+}
+
+/* Convert inds to a null-terminated list of C strings. */
+static krb5_error_code
+authind_strings(krb5_data *const *inds, char ***strs_out)
+{
+    krb5_error_code ret;
+    char **list = NULL;
+    size_t i, count;
+
+    *strs_out = NULL;
+
+    for (count = 0; inds != NULL && inds[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto error;
+
+    for (i = 0; i < count; i++) {
+        list[i] = k5memdup0(inds[i]->data, inds[i]->length, &ret);
+        if (list[i] == NULL)
+            goto error;
+    }
+
+    *strs_out = list;
+    return 0;
+
+error:
+    free_indicators(list);
+    return ret;
+}
+
+/* Constrain times->endtime to life and times->renew_till to rlife, relative to
+ * now. */
+static void
+update_ticket_times(krb5_ticket_times *times, krb5_timestamp now,
+                    krb5_deltat life, krb5_deltat rlife)
+{
+    if (life)
+        times->endtime = ts_min(ts_incr(now, life), times->endtime);
+    if (rlife)
+        times->renew_till = ts_min(ts_incr(now, rlife), times->renew_till);
+}
+
+/* Check an AS request against kdcpolicy modules, updating times with any
+ * module endtime constraints.  Set an appropriate status string on error. */
+krb5_error_code
+check_kdcpolicy_as(krb5_context context, const krb5_kdc_req *request,
+                   const krb5_db_entry *client, const krb5_db_entry *server,
+                   krb5_data *const *auth_indicators, krb5_timestamp kdc_time,
+                   krb5_ticket_times *times, const char **status)
+{
+    krb5_deltat life = 0, rlife = 0;
+    krb5_error_code ret;
+    kdcpolicy_handle *hp, h;
+    char **ais = NULL;
+
+    *status = NULL;
+
+    ret = authind_strings(auth_indicators, &ais);
+    if (ret)
+        goto done;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.check_as == NULL)
+            continue;
+
+        ret = h->vt.check_as(context, h->moddata, request, client, server,
+                             (const char **)ais, status, &life, &rlife);
+        if (ret)
+            goto done;
+
+        update_ticket_times(times, kdc_time, life, rlife);
+    }
+
+done:
+    free_indicators(ais);
+    return ret;
+}
+
+/*
+ * Check the TGS request against the local TGS policy.  Accepts an
+ * authentication indicator for the module policy decisions.  Returns 0 and a
+ * NULL status string on success.
+ */
+krb5_error_code
+check_kdcpolicy_tgs(krb5_context context, const krb5_kdc_req *request,
+                    const krb5_db_entry *server, const krb5_ticket *ticket,
+                    krb5_data *const *auth_indicators, krb5_timestamp kdc_time,
+                    krb5_ticket_times *times, const char **status)
+{
+    krb5_deltat life = 0, rlife = 0;
+    krb5_error_code ret;
+    kdcpolicy_handle *hp, h;
+    char **ais = NULL;
+
+    *status = NULL;
+
+    ret = authind_strings(auth_indicators, &ais);
+    if (ret)
+        goto done;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.check_tgs == NULL)
+            continue;
+
+        ret = h->vt.check_tgs(context, h->moddata, request, server, ticket,
+                              (const char **)ais, status, &life, &rlife);
+        if (ret)
+            goto done;
+
+        update_ticket_times(times, kdc_time, life, rlife);
+    }
+
+done:
+    free_indicators(ais);
+    return ret;
+}
+
+void
+unload_kdcpolicy_plugins(krb5_context context)
+{
+    kdcpolicy_handle *hp, h;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.fini != NULL)
+            h->vt.fini(context, h->moddata);
+        free(h);
+    }
+    free(handles);
+    handles = NULL;
+}
+
+krb5_error_code
+load_kdcpolicy_plugins(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    kdcpolicy_handle h;
+    size_t count;
+
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_KDCPOLICY, &modules);
+    if (ret)
+        goto cleanup;
+
+    for (count = 0; modules[count] != NULL; count++);
+    handles = k5calloc(count + 1, sizeof(*handles), &ret);
+    if (handles == NULL)
+        goto cleanup;
+
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        h = k5calloc(1, sizeof(*h), &ret);
+        if (h == NULL)
+            goto cleanup;
+
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&h->vt);
+        if (ret) {              /* Version mismatch. */
+            TRACE_KDCPOLICY_VTINIT_FAIL(context, ret);
+            free(h);
+            continue;
+        }
+        if (h->vt.init != NULL) {
+            ret = h->vt.init(context, &h->moddata);
+            if (ret == KRB5_PLUGIN_NO_HANDLE) {
+                TRACE_KDCPOLICY_INIT_SKIP(context, h->vt.name);
+                free(h);
+                continue;
+            }
+            if (ret) {
+                kdc_err(context, ret, _("while loading policy module %s"),
+                        h->vt.name);
+                free(h);
+                goto cleanup;
+            }
+        }
+        handles[count++] = h;
+    }
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        unload_kdcpolicy_plugins(context);
+    k5_plugin_free_modules(context, modules);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/kdc/policy.h b/krb5-1.21.3/src/kdc/policy.h
new file mode 100644
index 00000000..2a57b0a0
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/policy.h
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/policy.h - Declarations for policy.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KRB5_KDC_POLICY__
+#define __KRB5_KDC_POLICY__
+
+krb5_error_code
+load_kdcpolicy_plugins(krb5_context context);
+
+void
+unload_kdcpolicy_plugins(krb5_context context);
+
+krb5_error_code
+check_kdcpolicy_as(krb5_context context, const krb5_kdc_req *request,
+                   const krb5_db_entry *client, const krb5_db_entry *server,
+                   krb5_data *const *auth_indicators, krb5_timestamp kdc_time,
+                   krb5_ticket_times *times, const char **status);
+
+krb5_error_code
+check_kdcpolicy_tgs(krb5_context context, const krb5_kdc_req *request,
+                    const krb5_db_entry *server, const krb5_ticket *ticket,
+                    krb5_data *const *auth_indicators, krb5_timestamp kdc_time,
+                    krb5_ticket_times *times, const char **status);
+
+#endif /* __KRB5_KDC_POLICY__ */
diff --git a/krb5-1.21.3/src/kdc/realm_data.h b/krb5-1.21.3/src/kdc/realm_data.h
new file mode 100644
index 00000000..68eed771
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/realm_data.h
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/realm_data.h */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef REALM_DATA_H
+#define REALM_DATA_H
+
+typedef struct __kdc_realm_data {
+    /*
+     * General Kerberos per-realm data.
+     */
+    char *              realm_name;     /* Realm name                       */
+/* XXX the real context should go away once the db_context is done.
+ * The db_context is then associated with the realm keytab using
+ * krb5_ktkdb_resolv(). There should be nothing in the context which
+ * cannot span multiple realms -- proven */
+    krb5_context        realm_context;  /* Context to be used for realm     */
+    krb5_keytab         realm_keytab;   /* keytab to be used for this realm */
+    char *              realm_hostbased; /* referral services for NT-UNKNOWN */
+    char *              realm_no_referral; /* non-referral services         */
+    /*
+     * Database per-realm data.
+     */
+    char *              realm_stash;    /* Stash file name for realm        */
+    char *              realm_mpname;   /* Master principal name for realm  */
+    krb5_principal      realm_mprinc;   /* Master principal for realm       */
+    /*
+     * Note realm_mkey is mkey read from stash or keyboard and may not be the
+     * latest.
+     */
+    krb5_keyblock       realm_mkey;     /* Master key for this realm        */
+    /*
+     * TGS per-realm data.
+     */
+    krb5_principal      realm_tgsprinc; /* TGS principal for this realm     */
+    /*
+     * Other per-realm data.
+     */
+    char                *realm_listen;  /* Per-realm KDC UDP listen */
+    char                *realm_tcp_listen; /* Per-realm KDC TCP listen */
+    /*
+     * Per-realm parameters.
+     */
+    krb5_deltat         realm_maxlife;  /* Maximum ticket life for realm    */
+    krb5_deltat         realm_maxrlife; /* Maximum renewable life for realm */
+    krb5_boolean        realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
+    krb5_boolean        realm_restrict_anon;  /* Anon to local TGT only */
+    krb5_boolean        realm_disable_pac; /* Prevent issuance of PACs. */
+} kdc_realm_t;
+
+struct server_handle {
+    kdc_realm_t **kdc_realmlist;
+    int kdc_numrealms;
+    krb5_context kdc_err_context;
+};
+
+kdc_realm_t *find_realm_data(struct server_handle *, char *, krb5_ui_4);
+kdc_realm_t *setup_server_realm(struct server_handle *, krb5_principal);
+
+#endif  /* REALM_DATA_H */
diff --git a/krb5-1.21.3/src/kdc/replay.c b/krb5-1.21.3/src/kdc/replay.c
new file mode 100644
index 00000000..5125bc63
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/replay.c
@@ -0,0 +1,231 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/replay.c - Replay lookaside cache for the KDC, to avoid extra work */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-queue.h"
+#include "k5-hashtab.h"
+#include "kdc_util.h"
+#include "extern.h"
+
+#ifndef NOCACHE
+
+struct entry {
+    K5_TAILQ_ENTRY(entry) links;
+    int num_hits;
+    krb5_timestamp timein;
+    krb5_data req_packet;
+    krb5_data reply_packet;
+};
+
+#ifndef LOOKASIDE_MAX_SIZE
+#define LOOKASIDE_MAX_SIZE (10 * 1024 * 1024)
+#endif
+
+K5_LIST_HEAD(entry_list, entry);
+K5_TAILQ_HEAD(entry_queue, entry);
+
+static struct k5_hashtab *hash_table;
+static struct entry_queue expiration_queue;
+
+static int hits = 0;
+static int calls = 0;
+static int max_hits_per_entry = 0;
+static int num_entries = 0;
+static size_t total_size = 0;
+
+#define STALE_TIME      (2*60)            /* two minutes */
+#define STALE(ptr, now) (ts_after(now, ts_incr((ptr)->timein, STALE_TIME)))
+
+/* Return the rough memory footprint of an entry containing req and rep. */
+static size_t
+entry_size(const krb5_data *req, const krb5_data *rep)
+{
+    return sizeof(struct entry) + req->length +
+        ((rep == NULL) ? 0 : rep->length);
+}
+
+/* Insert an entry into the cache. */
+static struct entry *
+insert_entry(krb5_context context, krb5_data *req, krb5_data *rep,
+             krb5_timestamp time)
+{
+    krb5_error_code ret;
+    struct entry *entry;
+    size_t esize = entry_size(req, rep);
+
+    entry = calloc(1, sizeof(*entry));
+    if (entry == NULL)
+        goto error;
+    entry->timein = time;
+
+    ret = krb5int_copy_data_contents(context, req, &entry->req_packet);
+    if (ret)
+        goto error;
+
+    if (rep != NULL) {
+        ret = krb5int_copy_data_contents(context, rep, &entry->reply_packet);
+        if (ret)
+            goto error;
+    }
+
+    ret = k5_hashtab_add(hash_table, entry->req_packet.data,
+                         entry->req_packet.length, entry);
+    if (ret)
+        goto error;
+    K5_TAILQ_INSERT_TAIL(&expiration_queue, entry, links);
+    num_entries++;
+    total_size += esize;
+
+    return entry;
+
+error:
+    if (entry != NULL) {
+        krb5_free_data_contents(context, &entry->req_packet);
+        krb5_free_data_contents(context, &entry->reply_packet);
+        free(entry);
+    }
+    return NULL;
+}
+
+
+/* Remove entry from its hash bucket and the expiration queue, and free it. */
+static void
+discard_entry(krb5_context context, struct entry *entry)
+{
+    total_size -= entry_size(&entry->req_packet, &entry->reply_packet);
+    num_entries--;
+    k5_hashtab_remove(hash_table, entry->req_packet.data,
+                      entry->req_packet.length);
+    K5_TAILQ_REMOVE(&expiration_queue, entry, links);
+    krb5_free_data_contents(context, &entry->req_packet);
+    krb5_free_data_contents(context, &entry->reply_packet);
+    free(entry);
+}
+
+/* Initialize the lookaside cache structures and randomize the hash seed. */
+krb5_error_code
+kdc_init_lookaside(krb5_context context)
+{
+    krb5_error_code ret;
+    uint8_t seed[K5_HASH_SEED_LEN];
+    krb5_data d = make_data(seed, sizeof(seed));
+
+    ret = krb5_c_random_make_octets(context, &d);
+    if (ret)
+        return ret;
+    ret = k5_hashtab_create(seed, 8192, &hash_table);
+    if (ret)
+        return ret;
+    K5_TAILQ_INIT(&expiration_queue);
+    return 0;
+}
+
+/* Remove the lookaside cache entry for a packet. */
+void
+kdc_remove_lookaside(krb5_context kcontext, krb5_data *req_packet)
+{
+    struct entry *e;
+
+    e = k5_hashtab_get(hash_table, req_packet->data, req_packet->length);
+    if (e != NULL)
+        discard_entry(kcontext, e);
+}
+
+/*
+ * Return true and fill in reply_packet_out if req_packet is in the lookaside
+ * cache; otherwise return false.
+ *
+ * If the request was inserted with a NULL reply_packet to indicate that a
+ * request is still being processed, then return TRUE with reply_packet_out set
+ * to NULL.
+ */
+krb5_boolean
+kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet,
+                    krb5_data **reply_packet_out)
+{
+    struct entry *e;
+
+    *reply_packet_out = NULL;
+    calls++;
+
+    e = k5_hashtab_get(hash_table, req_packet->data, req_packet->length);
+    if (e == NULL)
+        return FALSE;
+
+    e->num_hits++;
+    hits++;
+
+    /* Leave *reply_packet_out as NULL for an in-progress entry. */
+    if (e->reply_packet.length == 0)
+        return TRUE;
+
+    return (krb5_copy_data(kcontext, &e->reply_packet,
+                           reply_packet_out) == 0);
+}
+
+/*
+ * Insert a request and reply into the lookaside cache.  Assumes it's not
+ * already there, and can fail silently on memory exhaustion.  Also discard old
+ * entries in the cache.
+ *
+ * The reply_packet may be NULL to indicate a request that is still processing.
+ */
+void
+kdc_insert_lookaside(krb5_context kcontext, krb5_data *req_packet,
+                     krb5_data *reply_packet)
+{
+    struct entry *e, *next;
+    krb5_timestamp timenow;
+    size_t esize = entry_size(req_packet, reply_packet);
+
+    if (krb5_timeofday(kcontext, &timenow))
+        return;
+
+    /* Purge stale entries and limit the total size of the entries. */
+    K5_TAILQ_FOREACH_SAFE(e, &expiration_queue, links, next) {
+        if (!STALE(e, timenow) && total_size + esize <= LOOKASIDE_MAX_SIZE)
+            break;
+        max_hits_per_entry = max(max_hits_per_entry, e->num_hits);
+        discard_entry(kcontext, e);
+    }
+
+    insert_entry(kcontext, req_packet, reply_packet, timenow);
+    return;
+}
+
+/* Free all entries in the lookaside cache. */
+void
+kdc_free_lookaside(krb5_context kcontext)
+{
+    struct entry *e, *next;
+
+    K5_TAILQ_FOREACH_SAFE(e, &expiration_queue, links, next) {
+        discard_entry(kcontext, e);
+    }
+    k5_hashtab_free(hash_table);
+}
+
+#endif /* NOCACHE */
diff --git a/krb5-1.21.3/src/kdc/reqstate.h b/krb5-1.21.3/src/kdc/reqstate.h
new file mode 100644
index 00000000..38c399dd
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/reqstate.h
@@ -0,0 +1,54 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/reqstate.h */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef REQSTATE_H
+#define REQSTATE_H
+
+#include "realm_data.h"
+
+/* Request state */
+
+struct kdc_request_state {
+    krb5_keyblock *armor_key;
+    krb5_keyblock *strengthen_key;
+    krb5_pa_data **in_cookie_padata;
+    krb5_pa_data **out_cookie_padata;
+    krb5_int32 fast_options;
+    krb5_int32 fast_internal_flags;
+    kdc_realm_t *realm_data;
+};
+
+krb5_error_code kdc_make_rstate(kdc_realm_t *active_realm,
+                                struct kdc_request_state **out);
+void kdc_free_rstate(struct kdc_request_state *s);
+
+#endif  /* REQSTATE_H */
diff --git a/krb5-1.21.3/src/kdc/rtest.c b/krb5-1.21.3/src/kdc/rtest.c
new file mode 100644
index 00000000..68522841
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/rtest.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/rtest.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include "kdc_util.h"
+#include "extern.h"
+
+void krb5_klog_syslog(void);
+
+static krb5_principal
+make_princ(krb5_context ctx, const char *str, const char *prog)
+{
+    krb5_principal ret;
+    char *dat;
+
+    if(!(ret = (krb5_principal) malloc(sizeof(krb5_principal_data)))) {
+        com_err(prog, ENOMEM, "while allocating principal data");
+        exit(3);
+    }
+    memset(ret, 0, sizeof(krb5_principal_data));
+
+    /* We do not include the null... */
+    if(!(dat = (char *) malloc(strlen(str)))) {
+        com_err(prog, ENOMEM, "while allocating principal realm data");
+        exit(3);
+    }
+    memcpy(dat, str, strlen(str));
+    krb5_princ_set_realm_data(ctx, ret, dat);
+    krb5_princ_set_realm_length(ctx, ret, strlen(str));
+
+    return ret;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_data otrans;
+    krb5_data ntrans;
+    krb5_principal tgs, cl, sv;
+    krb5_error_code kret;
+    krb5_context ctx;
+
+    if (argc < 4) {
+        fprintf(stderr, "not enough args\n");
+        exit(1);
+    }
+
+
+    /* Get a context */
+    kret = krb5int_init_context_kdc(&ctx);
+    if (kret) {
+        com_err(argv[0], kret, "while getting krb5 context");
+        exit(2);
+    }
+
+    ntrans.length = 0;
+    ntrans.data = 0;
+
+    otrans.length = strlen(argv[1]);
+    if (otrans.length)
+        otrans.data = (char *) malloc(otrans.length);
+    else
+        otrans.data = 0;
+    memcpy(otrans.data,argv[1], otrans.length);
+
+    tgs = make_princ(ctx, argv[2], argv[0]);
+    cl  = make_princ(ctx, argv[3], argv[0]);
+    sv  = make_princ(ctx, argv[4], argv[0]);
+
+    add_to_transited(&otrans,&ntrans,tgs,cl,sv);
+
+    printf("%s\n",ntrans.data);
+
+    /* Free up all memory so we can profile for leaks */
+    if (otrans.data)
+        free(otrans.data);
+    free(ntrans.data);
+
+    krb5_free_principal(ctx, tgs);
+    krb5_free_principal(ctx, cl);
+    krb5_free_principal(ctx, sv);
+    krb5_free_context(ctx);
+
+    exit(0);
+}
+
+void krb5_klog_syslog(void) {}
+kdc_realm_t *
+find_realm_data(struct server_handle *handle,
+                char *rname, krb5_ui_4 rsize)
+{
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kdc/rtest.good b/krb5-1.21.3/src/kdc/rtest.good
new file mode 100644
index 00000000..4eecf6e3
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/rtest.good
@@ -0,0 +1,26 @@
+ATHENA.MIT.EDU
+MIT.EDU,ATHENA.
+EDU,MIT.,ATHENA.
+EDU,MIT.,ATHENA.,WASHINGTON.EDU
+EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.
+EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W.
+EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W.,SUB3W.CS.WASHINGTON.EDU
+EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W.
+EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W.
+EDU,ATHENA.MIT.,SUB2M.,WASHINGTON.EDU,CS.
+/EDU/MIT/ATHENA
+/EDU/MIT,/ATHENA
+/EDU/MIT,/ATHENA
+/EDU,/MIT,/ATHENA
+/EDU,/MIT,/ATHENA, /EDU/WASHINGTON
+/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS
+/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W
+/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W, /EDU/WASHINGTON/CS/SUB3W
+/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W
+/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W
+/EDU,/MIT/ATHENA,/SUB2M, /EDU/WASHINGTON,/CS
+EDU,MIT.,ATHENA.,ATEST., /COM,/HP,/APOLLO
+EDU,MIT.,ATHENA., /COM,/HP,/APOLLO,/HTEST
+/COM,/HP,/APOLLO,EDU,MIT.,ATHENA.,ATEST.
+/COM,/HP,/APOLLO,ATHENA.MIT.EDU
+EDU,MIT.,ATHENA., /COM/HP/APOLLO/HTEST
diff --git a/krb5-1.21.3/src/kdc/rtscript b/krb5-1.21.3/src/kdc/rtscript
new file mode 100755
index 00000000..53da7da8
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/rtscript
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+#
+#  Copyright 1991 by the Massachusetts Institute of Technology.
+#  All Rights Reserved.
+# 
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+# 
+# should print out contents of rtest.good
+#
+. ./runenv.sh
+./rtest "" ATHENA.MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest ATHENA.MIT.EDU MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "MIT.EDU,ATHENA." EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,MIT.,ATHENA." WASHINGTON.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,MIT.,ATHENA.,WASHINGTON.EDU" CS.WASHINGTON.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS." SUB2W.CS.WASHINGTON.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W." SUB3W.CS.WASHINGTON.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W." SUB1W.CS.WASHINGTON.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.,SUB2W." SUB1M.ATHENA.MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "EDU,SUB2M.ATHENA.MIT.,WASHINGTON.EDU,CS." ATHENA.MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU
+./rtest "" /EDU/MIT/ATHENA /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest /EDU/MIT/ATHENA /EDU/MIT /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest " /EDU/MIT/ATHENA" /EDU/MIT /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU/MIT,/ATHENA" /EDU /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT,/ATHENA" /EDU/WASHINGTON /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT,/ATHENA, /EDU/WASHINGTON" /EDU/WASHINGTON/CS /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS" /EDU/WASHINGTON/CS/SUB2W /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W" /EDU/WASHINGTON/CS/SUB3W /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W" /EDU/WASHINGTON/CS/SUB1W /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT,/ATHENA, /EDU/WASHINGTON,/CS,/SUB2W" /EDU/MIT/ATHENA/SUB1M /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/EDU,/MIT/ATHENA/SUB2M, /EDU/WASHINGTON,/CS" /EDU/MIT/ATHENA /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "EDU,MIT.,ATHENA., /COM,/HP,/APOLLO" ATEST.ATHENA.MIT.EDU /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "EDU,MIT.,ATHENA., /COM,/HP,/APOLLO" /COM/HP/APOLLO/HTEST /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/COM,/HP,/APOLLO,EDU,MIT.,ATHENA." ATEST.ATHENA.MIT.EDU /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "/COM,/HP,/APOLLO" ATHENA.MIT.EDU /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
+./rtest "EDU,MIT.,ATHENA." /COM/HP/APOLLO/HTEST /EDU/WASHINGTON/CS/SUB1W /EDU/MIT/ATHENA/SUB1M
diff --git a/krb5-1.21.3/src/kdc/t_bigreply.py b/krb5-1.21.3/src/kdc/t_bigreply.py
new file mode 100644
index 00000000..ea101ff7
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/t_bigreply.py
@@ -0,0 +1,32 @@
+from k5test import *
+import struct
+
+# Set the maximum UDP reply size very low, so that all replies go
+# through the RESPONSE_TOO_BIG path.
+kdc_conf = {'kdcdefaults': {'kdc_max_dgram_reply_size': '10'}}
+realm = K5Realm(kdc_conf=kdc_conf, get_creds=False)
+
+msgs = ('Sending initial UDP request',
+        'Received answer',
+        'Request or response is too big for UDP; retrying with TCP',
+        ' to KRBTEST.COM (tcp only)',
+        'Initiating TCP connection',
+        'Sending TCP request',
+        'Terminating TCP connection')
+realm.kinit(realm.user_princ, password('user'), expected_trace=msgs)
+realm.run([kvno, realm.host_princ], expected_trace=msgs)
+
+# Pretend to send an absurdly long request over TCP, and verify that
+# we get back a reply of plausible length to be an encoded
+# KRB_ERR_RESPONSE_TOO_BIG error.
+s = socket.create_connection((hostname, realm.portbase))
+s.sendall(b'\xFF\xFF\xFF\xFF')
+lenbytes = s.recv(4)
+assert(len(lenbytes) == 4)
+resplen, = struct.unpack('>L', lenbytes)
+if resplen < 10:
+    fail('KDC response too short (KRB_ERR_RESPONSE_TOO_BIG error expected)')
+resp = s.recv(resplen)
+assert(len(resp) == resplen)
+
+success('Large KDC replies')
diff --git a/krb5-1.21.3/src/kdc/t_emptytgt.py b/krb5-1.21.3/src/kdc/t_emptytgt.py
new file mode 100755
index 00000000..c601c010
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/t_emptytgt.py
@@ -0,0 +1,6 @@
+from k5test import *
+
+realm = K5Realm(create_host=False)
+realm.run([kvno, 'krbtgt/'], expected_code=1,
+          expected_msg='not found in Kerberos database')
+success('Empty tgt lookup.')
diff --git a/krb5-1.21.3/src/kdc/t_ndr.c b/krb5-1.21.3/src/kdc/t_ndr.c
new file mode 100644
index 00000000..a3ac661b
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/t_ndr.c
@@ -0,0 +1,188 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/t_ndr.c - tests for ndr.c */
+/*
+ * Copyright (C) 2021 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Unit tests for the NDR marshalling/unmarshalling in ndr.c
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+
+/*
+ * Three S4U_DELEGATION_INFO buffers decoded from communication with AD 2019:
+ *
+ * - svc1/adserver.ad.test@AD.TEST to svc2/adserver.ad.test@AD.TEST
+ * - svc1/adserver.ad.test@AD.TEST to longsvc/adserver.ad.test@AD.TEST
+ * - svc1/adserver.ad.test@AD.TEST to svc2/adserver.ad.test@AD.TEST then
+ *                                 to longsvc/adserver.ad.test@AD.TEST
+ */
+static uint8_t s4u_di_short[] = {
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xa0, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x2a, 0x00, 0x2c, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+    0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00,
+    0x73, 0x00, 0x76, 0x00, 0x63, 0x00, 0x32, 0x00, 0x2f, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x2e, 0x00, 0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00,
+    0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x3a, 0x00, 0x3c, 0x00, 0x0c, 0x00, 0x02, 0x00, 0x1e, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x31, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00,
+    0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+    0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+    0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00, 0x2e, 0x00, 0x54, 0x00,
+    0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00,
+};
+
+static uint8_t s4u_di_long[] = {
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xa8, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0x00, 0x32, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+    0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+    0x6c, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x3c, 0x00, 0x0c, 0x00, 0x02, 0x00,
+    0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00,
+    0x73, 0x00, 0x76, 0x00, 0x63, 0x00, 0x31, 0x00, 0x2f, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x73, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x2e, 0x00, 0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00,
+    0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00,
+    0x2e, 0x00, 0x54, 0x00, 0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00,
+};
+
+static uint8_t s4u_di_double[] = {
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xf8, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0x00, 0x32, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00,
+    0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+    0x6c, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00, 0x65, 0x00,
+    0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00, 0x61, 0x00,
+    0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00,
+    0x02, 0x00, 0x00, 0x00, 0x3a, 0x00, 0x3c, 0x00, 0x0c, 0x00, 0x02, 0x00,
+    0x3a, 0x00, 0x3c, 0x00, 0x10, 0x00, 0x02, 0x00, 0x1e, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x31, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00,
+    0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+    0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+    0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00, 0x2e, 0x00, 0x54, 0x00,
+    0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x1d, 0x00, 0x00, 0x00, 0x73, 0x00, 0x76, 0x00,
+    0x63, 0x00, 0x32, 0x00, 0x2f, 0x00, 0x61, 0x00, 0x64, 0x00, 0x73, 0x00,
+    0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x2e, 0x00,
+    0x61, 0x00, 0x64, 0x00, 0x2e, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
+    0x74, 0x00, 0x40, 0x00, 0x41, 0x00, 0x44, 0x00, 0x2e, 0x00, 0x54, 0x00,
+    0x45, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+static uint8_t fuzz1[] = {
+    0x01, 0x10, 0x08, 0x20, 0x20, 0x20, 0x20, 0x20, 0x24, 0x00, 0x00, 0x00,
+    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xff, 0xff, 0xff,
+    0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x00, 0x00,
+    0x20, 0x20, 0x20, 0x20
+};
+
+static uint8_t fuzz2[] = {
+    0x01, 0x10, 0x08, 0x00, 0x00, 0xff, 0xff, 0xff, 0x24, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x1e, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x16, 0x00, 0x00,
+    0x1e, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x1e
+};
+
+static void
+test_dec_enc(uint8_t *blob, size_t len, char *name, int fail)
+{
+    krb5_data data_in, data_out;
+    struct pac_s4u_delegation_info *di = NULL;
+    krb5_error_code ret;
+    int eq;
+    size_t i;
+
+    printf("Checking blob %s...\n", name);
+
+    data_in = make_data(blob, len);
+    ret = ndr_dec_delegation_info(&data_in, &di);
+    if (fail) {
+        if (!ret) {
+            printf("%s: unexpected decode success\n", name);
+            exit(1);
+        }
+        printf("%s: failed as expected\n", name);
+        return;
+    } else if (ret) {
+        printf("%s: bad decode (%d): %s\n", name, ret, strerror(ret));
+        exit(1);
+    }
+
+    printf("%s, %d\n", di->proxy_target, di->transited_services_length);
+    for (i = 0; i < di->transited_services_length; i++)
+        printf("    %s\n", di->transited_services[i]);
+
+    ret = ndr_enc_delegation_info(di, &data_out);
+    ndr_free_delegation_info(di);
+    if (ret) {
+        printf("%s: bad encode (%d): %s\n", name, ret, strerror(ret));
+        exit(1);
+    }
+
+    eq = data_eq(data_in, data_out);
+    krb5_free_data_contents(NULL, &data_out);
+    if (!eq) {
+        printf("%s: re-encoding did not produce the same result\n", name);
+        exit(1);
+    }
+
+    printf("%s matched\n\n", name);
+}
+
+#define RUN_TEST(blob) test_dec_enc(blob, sizeof(blob), #blob, 0)
+#define RUN_TEST_FAIL(blob) test_dec_enc(blob, sizeof(blob), #blob, 1)
+
+int
+main()
+{
+    printf("Running NDR tests...\n");
+
+    RUN_TEST(s4u_di_short);
+    RUN_TEST(s4u_di_long);
+    RUN_TEST(s4u_di_double);
+    RUN_TEST_FAIL(fuzz1);
+    RUN_TEST_FAIL(fuzz2);
+
+    printf("Passed NDR tests\n");
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kdc/t_replay.c b/krb5-1.21.3/src/kdc/t_replay.c
new file mode 100644
index 00000000..57aad886
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/t_replay.c
@@ -0,0 +1,619 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/t_replay.c - tests for replay.c */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Unit tests for the lookaside cache in replay.c
+ */
+
+#ifndef NOCACHE
+
+#include "k5-cmocka.h"
+
+/* For wrapping functions */
+#include "k5-int.h"
+#include "krb5.h"
+
+/*
+ * Wrapper functions
+ */
+
+static krb5_error_code
+__wrap_krb5_timeofday(krb5_context context, krb5_timestamp *timeret)
+{
+    *timeret = (krb5_timestamp)mock();
+    return (krb5_error_code)mock();
+}
+
+#define krb5_timeofday __wrap_krb5_timeofday
+
+#include "replay.c"
+
+#undef krb5_timeofday
+
+#define SEED 0x6F03A219
+#define replay_unit_test(fn)                                            \
+    cmocka_unit_test_setup_teardown(fn, setup_lookaside, destroy_lookaside)
+
+/*
+ * Helper functions
+ */
+
+static void
+time_return(krb5_timestamp time, krb5_error_code err)
+{
+    will_return(__wrap_krb5_timeofday, time);
+    will_return(__wrap_krb5_timeofday, err);
+}
+
+/*
+ * setup/teardown functions
+ */
+
+static int
+global_setup(void **state)
+{
+    krb5_error_code ret;
+    krb5_context context = NULL;
+
+    ret = krb5_init_context(&context);
+    if (ret)
+        return ret;
+
+    *state = context;
+    return 0;
+}
+
+static int
+global_teardown(void **state)
+{
+    krb5_free_context(*state);
+    return 0;
+}
+
+static int
+setup_lookaside(void **state)
+{
+    krb5_error_code ret;
+    krb5_context context = *state;
+
+    ret = kdc_init_lookaside(context);
+    if (ret)
+        return ret;
+
+    /* Ensure some vars are all set to initial values */
+    hits = 0;
+    calls = 0;
+    max_hits_per_entry = 0;
+    num_entries = 0;
+    total_size = 0;
+
+    return 0;
+}
+
+static int
+destroy_lookaside(void **state)
+{
+    kdc_free_lookaside(*state);
+    return 0;
+}
+
+/*
+ * entry_size tests
+ */
+
+static void
+test_entry_size_no_response(void **state)
+{
+    size_t result;
+    const krb5_data req = string2data("I'm a test request");
+
+    result = entry_size(&req, NULL);
+    assert_int_equal(result, sizeof(struct entry) + 18);
+}
+
+static void
+test_entry_size_w_response(void **state)
+{
+    size_t result;
+    const krb5_data req = string2data("I'm a test request");
+    const krb5_data rep = string2data("I'm a test response");
+
+    result = entry_size(&req, &rep);
+    assert_int_equal(result, sizeof(struct entry) + 18 + 19);
+}
+
+/*
+ * insert_entry tests
+ */
+
+static void
+test_insert_entry(void **state)
+{
+    struct entry *e;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+    krb5_data rep = string2data("I'm a test response");
+
+    e = insert_entry(context, &req, &rep, 15);
+
+    assert_ptr_equal(k5_hashtab_get(hash_table, req.data, req.length), e);
+    assert_ptr_equal(K5_TAILQ_FIRST(&expiration_queue), e);
+    assert_true(data_eq(e->req_packet, req));
+    assert_true(data_eq(e->reply_packet, rep));
+    assert_int_equal(e->timein, 15);
+}
+
+static void
+test_insert_entry_no_response(void **state)
+{
+    struct entry *e;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+
+    e = insert_entry(context, &req, NULL, 10);
+
+    assert_ptr_equal(k5_hashtab_get(hash_table, req.data, req.length), e);
+    assert_ptr_equal(K5_TAILQ_FIRST(&expiration_queue), e);
+    assert_true(data_eq(e->req_packet, req));
+    assert_int_equal(e->reply_packet.length, 0);
+    assert_int_equal(e->timein, 10);
+}
+
+static void
+test_insert_entry_multiple(void **state)
+{
+    struct entry *e1, *e2;
+    krb5_context context = *state;
+    krb5_data req1 = string2data("I'm a test request");
+    krb5_data rep1 = string2data("I'm a test response");
+    krb5_data req2 = string2data("I'm a different test request");
+
+    e1 = insert_entry(context, &req1, &rep1, 20);
+
+    assert_ptr_equal(k5_hashtab_get(hash_table, req1.data, req1.length), e1);
+    assert_ptr_equal(K5_TAILQ_FIRST(&expiration_queue), e1);
+    assert_true(data_eq(e1->req_packet, req1));
+    assert_true(data_eq(e1->reply_packet, rep1));
+    assert_int_equal(e1->timein, 20);
+
+    e2 = insert_entry(context, &req2, NULL, 30);
+
+    assert_ptr_equal(k5_hashtab_get(hash_table, req2.data, req2.length), e2);
+    assert_ptr_equal(K5_TAILQ_LAST(&expiration_queue,entry_queue), e2);
+    assert_true(data_eq(e2->req_packet, req2));
+    assert_int_equal(e2->reply_packet.length, 0);
+    assert_int_equal(e2->timein, 30);
+}
+
+/*
+ * discard_entry tests
+ */
+
+static void
+test_discard_entry(void **state)
+{
+    struct entry *e;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+    krb5_data rep = string2data("I'm a test response");
+
+    e = insert_entry(context, &req, &rep, 0);
+    discard_entry(context, e);
+
+    assert_null(k5_hashtab_get(hash_table, req.data, req.length));
+    assert_int_equal(num_entries, 0);
+    assert_int_equal(total_size, 0);
+}
+
+static void
+test_discard_entry_no_response(void **state)
+{
+    struct entry *e;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+
+    e = insert_entry(context, &req, NULL, 0);
+    discard_entry(context, e);
+
+    assert_null(k5_hashtab_get(hash_table, req.data, req.length));
+    assert_int_equal(num_entries, 0);
+    assert_int_equal(total_size, 0);
+}
+
+/*
+ * kdc_remove_lookaside tests
+ */
+
+static void
+test_kdc_remove_lookaside(void **state)
+{
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+    krb5_data rep = string2data("I'm a test response");
+
+    insert_entry(context, &req, &rep, 0);
+    kdc_remove_lookaside(context, &req);
+
+    assert_null(k5_hashtab_get(hash_table, req.data, req.length));
+    assert_int_equal(num_entries, 0);
+    assert_int_equal(total_size, 0);
+}
+
+static void
+test_kdc_remove_lookaside_empty_cache(void **state)
+{
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+
+    assert_int_equal(num_entries, 0);
+    kdc_remove_lookaside(context, &req);
+
+    assert_int_equal(num_entries, 0);
+    assert_int_equal(total_size, 0);
+}
+
+static void
+test_kdc_remove_lookaside_unknown(void **state)
+{
+    struct entry *e;
+    krb5_context context = *state;
+    krb5_data req1 = string2data("I'm a test request");
+    krb5_data rep1 = string2data("I'm a test response");
+    krb5_data req2 = string2data("I'm a different test request");
+
+    e = insert_entry(context, &req1, &rep1, 0);
+    kdc_remove_lookaside(context, &req2);
+
+    assert_ptr_equal(k5_hashtab_get(hash_table, req1.data, req1.length), e);
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, entry_size(&req1, &rep1));
+}
+
+static void
+test_kdc_remove_lookaside_multiple(void **state)
+{
+    struct entry *e1;
+    krb5_context context = *state;
+    krb5_data req1 = string2data("I'm a test request");
+    krb5_data rep1 = string2data("I'm a test response");
+    krb5_data req2 = string2data("I'm a different test request");
+
+    e1 = insert_entry(context, &req1, &rep1, 0);
+    insert_entry(context, &req2, NULL, 0);
+
+    kdc_remove_lookaside(context, &req2);
+
+    assert_null(k5_hashtab_get(hash_table, req2.data, req2.length));
+    assert_ptr_equal(k5_hashtab_get(hash_table, req1.data, req1.length), e1);
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, entry_size(&req1, &rep1));
+
+    kdc_remove_lookaside(context, &req1);
+
+    assert_null(k5_hashtab_get(hash_table, req1.data, req1.length));
+    assert_int_equal(num_entries, 0);
+    assert_int_equal(total_size, 0);
+}
+
+/*
+ * kdc_check_lookaside tests
+ */
+
+static void
+test_kdc_check_lookaside_hit(void **state)
+{
+    struct entry *e;
+    krb5_boolean result;
+    krb5_data *result_data;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+    krb5_data rep = string2data("I'm a test response");
+
+    e = insert_entry(context, &req, &rep, 0);
+
+    result = kdc_check_lookaside(context, &req, &result_data);
+
+    assert_true(result);
+    assert_true(data_eq(rep, *result_data));
+    assert_int_equal(hits, 1);
+    assert_int_equal(e->num_hits, 1);
+
+    krb5_free_data(context, result_data);
+}
+
+static void
+test_kdc_check_lookaside_no_hit(void **state)
+{
+    krb5_boolean result;
+    krb5_data *result_data;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+
+    result = kdc_check_lookaside(context, &req, &result_data);
+
+    assert_false(result);
+    assert_null(result_data);
+    assert_int_equal(hits, 0);
+}
+
+static void
+test_kdc_check_lookaside_empty(void **state)
+{
+    krb5_boolean result;
+    krb5_data *result_data;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+
+    /* Set result_data so we can verify that it is reset to NULL. */
+    result_data = &req;
+    result = kdc_check_lookaside(context, &req, &result_data);
+
+    assert_false(result);
+    assert_null(result_data);
+    assert_int_equal(hits, 0);
+}
+
+static void
+test_kdc_check_lookaside_no_response(void **state)
+{
+    struct entry *e;
+    krb5_boolean result;
+    krb5_data *result_data;
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+
+    e = insert_entry(context, &req, NULL, 0);
+
+    /* Set result_data so we can verify that it is reset to NULL. */
+    result_data = &req;
+    result = kdc_check_lookaside(context, &req, &result_data);
+
+    assert_true(result);
+    assert_null(result_data);
+    assert_int_equal(hits, 1);
+    assert_int_equal(e->num_hits, 1);
+}
+
+static void
+test_kdc_check_lookaside_hit_multiple(void **state)
+{
+    struct entry *e1, *e2;
+    krb5_boolean result;
+    krb5_data *result_data;
+    krb5_context context = *state;
+    krb5_data req1 = string2data("I'm a test request");
+    krb5_data rep1 = string2data("I'm a test response");
+    krb5_data req2 = string2data("I'm a different test request");
+
+    e1 = insert_entry(context, &req1, &rep1, 0);
+    e2 = insert_entry(context, &req2, NULL, 0);
+
+    result = kdc_check_lookaside(context, &req1, &result_data);
+
+    assert_true(result);
+    assert_true(data_eq(rep1, *result_data));
+    assert_int_equal(hits, 1);
+    assert_int_equal(e1->num_hits, 1);
+    assert_int_equal(e2->num_hits, 0);
+
+    krb5_free_data(context, result_data);
+
+    /* Set result_data so we can verify that it is reset to NULL. */
+    result_data = &req1;
+    result = kdc_check_lookaside(context, &req2, &result_data);
+
+    assert_true(result);
+    assert_null(result_data);
+    assert_int_equal(hits, 2);
+    assert_int_equal(e1->num_hits, 1);
+    assert_int_equal(e2->num_hits, 1);
+}
+
+/*
+ * kdc_insert_lookaside tests
+ */
+
+static void
+test_kdc_insert_lookaside_single(void **state)
+{
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+    krb5_data rep = string2data("I'm a test response");
+    struct entry *hash_ent, *exp_ent;
+
+    time_return(0, 0);
+    kdc_insert_lookaside(context, &req, &rep);
+
+    hash_ent = k5_hashtab_get(hash_table, req.data, req.length);
+    assert_non_null(hash_ent);
+    assert_true(data_eq(hash_ent->req_packet, req));
+    assert_true(data_eq(hash_ent->reply_packet, rep));
+    exp_ent = K5_TAILQ_FIRST(&expiration_queue);
+    assert_true(data_eq(exp_ent->req_packet, req));
+    assert_true(data_eq(exp_ent->reply_packet, rep));
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, entry_size(&req, &rep));
+}
+
+static void
+test_kdc_insert_lookaside_no_reply(void **state)
+{
+    krb5_context context = *state;
+    krb5_data req = string2data("I'm a test request");
+    struct entry *hash_ent, *exp_ent;
+
+    time_return(0, 0);
+    kdc_insert_lookaside(context, &req, NULL);
+
+    hash_ent = k5_hashtab_get(hash_table, req.data, req.length);
+    assert_non_null(hash_ent);
+    assert_true(data_eq(hash_ent->req_packet, req));
+    assert_int_equal(hash_ent->reply_packet.length, 0);
+    exp_ent = K5_TAILQ_FIRST(&expiration_queue);
+    assert_true(data_eq(exp_ent->req_packet, req));
+    assert_int_equal(exp_ent->reply_packet.length, 0);
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, entry_size(&req, NULL));
+}
+
+static void
+test_kdc_insert_lookaside_multiple(void **state)
+{
+    krb5_context context = *state;
+    krb5_data req1 = string2data("I'm a test request");
+    krb5_data rep1 = string2data("I'm a test response");
+    size_t e1_size = entry_size(&req1, &rep1);
+    krb5_data req2 = string2data("I'm a different test request");
+    size_t e2_size = entry_size(&req2, NULL);
+    struct entry *hash1_ent, *hash2_ent, *exp_first, *exp_last;
+
+    time_return(0, 0);
+    kdc_insert_lookaside(context, &req1, &rep1);
+
+    hash1_ent = k5_hashtab_get(hash_table, req1.data, req1.length);
+    assert_non_null(hash1_ent);
+    assert_true(data_eq(hash1_ent->req_packet, req1));
+    assert_true(data_eq(hash1_ent->reply_packet, rep1));
+    exp_first = K5_TAILQ_FIRST(&expiration_queue);
+    assert_true(data_eq(exp_first->req_packet, req1));
+    assert_true(data_eq(exp_first->reply_packet, rep1));
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, e1_size);
+
+    time_return(0, 0);
+    kdc_insert_lookaside(context, &req2, NULL);
+
+    hash2_ent = k5_hashtab_get(hash_table, req2.data, req2.length);
+    assert_non_null(hash2_ent);
+    assert_true(data_eq(hash2_ent->req_packet, req2));
+    assert_int_equal(hash2_ent->reply_packet.length, 0);
+    exp_last = K5_TAILQ_LAST(&expiration_queue, entry_queue);
+    assert_true(data_eq(exp_last->req_packet, req2));
+    assert_int_equal(exp_last->reply_packet.length, 0);
+    assert_int_equal(num_entries, 2);
+    assert_int_equal(total_size, e1_size + e2_size);
+}
+
+static void
+test_kdc_insert_lookaside_cache_expire(void **state)
+{
+    struct entry *e;
+    krb5_context context = *state;
+    krb5_data req1 = string2data("I'm a test request");
+    krb5_data rep1 = string2data("I'm a test response");
+    size_t e1_size = entry_size(&req1, &rep1);
+    krb5_data req2 = string2data("I'm a different test request");
+    size_t e2_size = entry_size(&req2, NULL);
+    struct entry *hash1_ent, *hash2_ent, *exp_ent;
+
+    time_return(0, 0);
+    kdc_insert_lookaside(context, &req1, &rep1);
+
+    hash1_ent = k5_hashtab_get(hash_table, req1.data, req1.length);
+    assert_non_null(hash1_ent);
+    assert_true(data_eq(hash1_ent->req_packet, req1));
+    assert_true(data_eq(hash1_ent->reply_packet, rep1));
+    exp_ent = K5_TAILQ_FIRST(&expiration_queue);
+    assert_true(data_eq(exp_ent->req_packet, req1));
+    assert_true(data_eq(exp_ent->reply_packet, rep1));
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, e1_size);
+
+    /* Increase hits on entry */
+    e = k5_hashtab_get(hash_table, req1.data, req1.length);
+    assert_non_null(e);
+    e->num_hits = 5;
+
+    time_return(STALE_TIME + 1, 0);
+    kdc_insert_lookaside(context, &req2, NULL);
+
+    assert_null(k5_hashtab_get(hash_table, req1.data, req1.length));
+    assert_int_equal(max_hits_per_entry, 5);
+
+    hash2_ent = k5_hashtab_get(hash_table, req2.data, req2.length);
+    assert_non_null(hash2_ent);
+    assert_true(data_eq(hash2_ent->req_packet, req2));
+    assert_int_equal(hash2_ent-> reply_packet.length, 0);
+    exp_ent = K5_TAILQ_FIRST(&expiration_queue);
+    assert_true(data_eq(exp_ent->req_packet, req2));
+    assert_int_equal(exp_ent->reply_packet.length, 0);
+    assert_int_equal(num_entries, 1);
+    assert_int_equal(total_size, e2_size);
+}
+
+int main()
+{
+    int ret;
+
+    const struct CMUnitTest replay_tests[] = {
+        /* entry_size tests */
+        replay_unit_test(test_entry_size_no_response),
+        replay_unit_test(test_entry_size_w_response),
+        /* insert_entry tests */
+        replay_unit_test(test_insert_entry),
+        replay_unit_test(test_insert_entry_no_response),
+        replay_unit_test(test_insert_entry_multiple),
+        /* discard_entry tests */
+        replay_unit_test(test_discard_entry),
+        replay_unit_test(test_discard_entry_no_response),
+        /* kdc_remove_lookaside tests */
+        replay_unit_test(test_kdc_remove_lookaside),
+        replay_unit_test(test_kdc_remove_lookaside_empty_cache),
+        replay_unit_test(test_kdc_remove_lookaside_unknown),
+        replay_unit_test(test_kdc_remove_lookaside_multiple),
+        /* kdc_check_lookaside tests */
+        replay_unit_test(test_kdc_check_lookaside_hit),
+        replay_unit_test(test_kdc_check_lookaside_no_hit),
+        replay_unit_test(test_kdc_check_lookaside_empty),
+        replay_unit_test(test_kdc_check_lookaside_no_response),
+        replay_unit_test(test_kdc_check_lookaside_hit_multiple),
+        /* kdc_insert_lookaside tests */
+        replay_unit_test(test_kdc_insert_lookaside_single),
+        replay_unit_test(test_kdc_insert_lookaside_no_reply),
+        replay_unit_test(test_kdc_insert_lookaside_multiple),
+        replay_unit_test(test_kdc_insert_lookaside_cache_expire)
+    };
+
+    ret = cmocka_run_group_tests_name("replay_lookaside", replay_tests,
+                                      global_setup, global_teardown);
+
+    return ret;
+}
+
+#else /* NOCACHE */
+
+int main()
+{
+    return 0;
+}
+
+#endif /* NOCACHE */
diff --git a/krb5-1.21.3/src/kdc/t_workers.py b/krb5-1.21.3/src/kdc/t_workers.py
new file mode 100755
index 00000000..8de3f34d
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/t_workers.py
@@ -0,0 +1,7 @@
+from k5test import *
+
+realm = K5Realm(start_kdc=False, create_host=False)
+realm.start_kdc(['-w', '3'])
+realm.kinit(realm.user_princ, password('user'))
+realm.klist(realm.user_princ)
+success('KDC worker processes')
diff --git a/krb5-1.21.3/src/kdc/tgs_policy.c b/krb5-1.21.3/src/kdc/tgs_policy.c
new file mode 100644
index 00000000..33a8242c
--- /dev/null
+++ b/krb5-1.21.3/src/kdc/tgs_policy.c
@@ -0,0 +1,771 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kdc/tgs_policy.c */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+
+/*
+ * Routines that validate a TGS request; checks a lot of things.  :-)
+ *
+ * Returns a Kerberos protocol error number, which is _not_ the same
+ * as a com_err error number!
+ */
+
+struct tgsflagrule {
+    krb5_flags reqflags;        /* Flag(s) in TGS-REQ */
+    krb5_flags checkflag;       /* Flags to check against */
+    char *status;               /* Status string */
+    int err;                    /* Protocol error code */
+};
+
+/* Service principal TGS policy checking functions */
+typedef int (check_tgs_svc_pol_fn)(krb5_kdc_req *, krb5_db_entry *,
+                                   krb5_ticket *, krb5_timestamp,
+                                   const char **);
+
+static check_tgs_svc_pol_fn check_tgs_svc_deny_opts;
+static check_tgs_svc_pol_fn check_tgs_svc_deny_all;
+static check_tgs_svc_pol_fn check_tgs_svc_reqd_flags;
+static check_tgs_svc_pol_fn check_tgs_svc_time;
+
+static check_tgs_svc_pol_fn * const svc_pol_fns[] = {
+    check_tgs_svc_deny_opts, check_tgs_svc_deny_all, check_tgs_svc_reqd_flags,
+    check_tgs_svc_time
+};
+
+static const struct tgsflagrule tgsflagrules[] = {
+    { KDC_OPT_FORWARDED, TKT_FLG_FORWARDABLE,
+      "TGT NOT FORWARDABLE", KRB5KDC_ERR_BADOPTION },
+    { KDC_OPT_PROXY, TKT_FLG_PROXIABLE,
+      "TGT NOT PROXIABLE", KRB5KDC_ERR_BADOPTION },
+    { (KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED), TKT_FLG_MAY_POSTDATE,
+      "TGT NOT POSTDATABLE", KRB5KDC_ERR_BADOPTION },
+    { KDC_OPT_VALIDATE, TKT_FLG_INVALID,
+      "VALIDATE VALID TICKET", KRB5KDC_ERR_BADOPTION },
+    { KDC_OPT_RENEW, TKT_FLG_RENEWABLE,
+      "TICKET NOT RENEWABLE", KRB5KDC_ERR_BADOPTION }
+};
+
+/*
+ * Some TGS-REQ options require that the ticket have corresponding flags set.
+ */
+static krb5_error_code
+check_tgs_opts(krb5_kdc_req *req, krb5_ticket *tkt, const char **status)
+{
+    size_t i;
+    size_t nrules = sizeof(tgsflagrules) / sizeof(tgsflagrules[0]);
+    const struct tgsflagrule *r;
+
+    for (i = 0; i < nrules; i++) {
+        r = &tgsflagrules[i];
+        if (r->reqflags & req->kdc_options) {
+            if (!(r->checkflag & tkt->enc_part2->flags)) {
+                *status = r->status;
+                return r->err;
+            }
+        }
+    }
+
+    if (isflagset(tkt->enc_part2->flags, TKT_FLG_INVALID) &&
+        !isflagset(req->kdc_options, KDC_OPT_VALIDATE)) {
+        *status = "TICKET NOT VALID";
+        return KRB5KRB_AP_ERR_TKT_NYV;
+    }
+
+    return 0;
+}
+
+static const struct tgsflagrule svcdenyrules[] = {
+    { KDC_OPT_RENEWABLE, KRB5_KDB_DISALLOW_RENEWABLE,
+      "NON-RENEWABLE TICKET", KRB5KDC_ERR_POLICY },
+    { KDC_OPT_ALLOW_POSTDATE, KRB5_KDB_DISALLOW_POSTDATED,
+      "NON-POSTDATABLE TICKET", KRB5KDC_ERR_CANNOT_POSTDATE },
+    { KDC_OPT_ENC_TKT_IN_SKEY, KRB5_KDB_DISALLOW_DUP_SKEY,
+      "DUP_SKEY DISALLOWED", KRB5KDC_ERR_POLICY }
+};
+
+/*
+ * A service principal can forbid some TGS-REQ options.
+ */
+static krb5_error_code
+check_tgs_svc_deny_opts(krb5_kdc_req *req, krb5_db_entry *server,
+                        krb5_ticket *tkt, krb5_timestamp kdc_time,
+                        const char **status)
+{
+    size_t i;
+    size_t nrules = sizeof(svcdenyrules) / sizeof(svcdenyrules[0]);
+    const struct tgsflagrule *r;
+
+    for (i = 0; i < nrules; i++) {
+        r = &svcdenyrules[i];
+        if (!(r->reqflags & req->kdc_options))
+            continue;
+        if (r->checkflag & server->attributes) {
+            *status = r->status;
+            return r->err;
+        }
+    }
+    return 0;
+}
+
+/*
+ * A service principal can deny all TGS-REQs for it.
+ */
+static krb5_error_code
+check_tgs_svc_deny_all(krb5_kdc_req *req, krb5_db_entry *server,
+                       krb5_ticket *tkt, krb5_timestamp kdc_time,
+                       const char **status)
+{
+    if (server->attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
+        *status = "SERVER LOCKED OUT";
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    }
+    if ((server->attributes & KRB5_KDB_DISALLOW_SVR) &&
+        !(req->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY)) {
+        *status = "SERVER NOT ALLOWED";
+        return KRB5KDC_ERR_MUST_USE_USER2USER;
+    }
+    if (server->attributes & KRB5_KDB_DISALLOW_TGT_BASED) {
+        if (krb5_is_tgs_principal(tkt->server)) {
+            *status = "TGT BASED NOT ALLOWED";
+            return KRB5KDC_ERR_POLICY;
+        }
+    }
+    return 0;
+}
+
+/*
+ * A service principal can require certain TGT flags.
+ */
+static krb5_error_code
+check_tgs_svc_reqd_flags(krb5_kdc_req *req, krb5_db_entry *server,
+                         krb5_ticket *tkt,
+                         krb5_timestamp kdc_time, const char **status)
+{
+    if (server->attributes & KRB5_KDB_REQUIRES_HW_AUTH) {
+        if (!(tkt->enc_part2->flags & TKT_FLG_HW_AUTH)) {
+            *status = "NO HW PREAUTH";
+            return KRB5KRB_ERR_GENERIC;
+        }
+    }
+    if (server->attributes & KRB5_KDB_REQUIRES_PRE_AUTH) {
+        if (!(tkt->enc_part2->flags & TKT_FLG_PRE_AUTH)) {
+            *status = "NO PREAUTH";
+            return KRB5KRB_ERR_GENERIC;
+        }
+    }
+    return 0;
+}
+
+static krb5_error_code
+check_tgs_svc_time(krb5_kdc_req *req, krb5_db_entry *server, krb5_ticket *tkt,
+                   krb5_timestamp kdc_time, const char **status)
+{
+    if (server->expiration && ts_after(kdc_time, server->expiration)) {
+        *status = "SERVICE EXPIRED";
+        return KRB5KDC_ERR_SERVICE_EXP;
+    }
+    return 0;
+}
+
+static krb5_error_code
+check_tgs_svc_policy(krb5_kdc_req *req, krb5_db_entry *server,
+                     krb5_ticket *tkt, krb5_timestamp kdc_time,
+                     const char **status)
+{
+    int errcode;
+    size_t i;
+    size_t nfns = sizeof(svc_pol_fns) / sizeof(svc_pol_fns[0]);
+
+    for (i = 0; i < nfns; i++) {
+        errcode = svc_pol_fns[i](req, server, tkt, kdc_time, status);
+        if (errcode != 0)
+            return errcode;
+    }
+    return 0;
+}
+
+/*
+ * Check header ticket timestamps against the current time.
+ */
+static krb5_error_code
+check_tgs_times(krb5_kdc_req *req, krb5_ticket_times *times,
+                krb5_timestamp kdc_time, const char **status)
+{
+    krb5_timestamp starttime;
+
+    /* For validating a postdated ticket, check the start time vs. the
+       KDC time. */
+    if (req->kdc_options & KDC_OPT_VALIDATE) {
+        starttime = times->starttime ? times->starttime : times->authtime;
+        if (ts_after(starttime, kdc_time)) {
+            *status = "NOT_YET_VALID";
+            return KRB5KRB_AP_ERR_TKT_NYV;
+        }
+    }
+    /*
+     * Check the renew_till time.  The endtime was already
+     * been checked in the initial authentication check.
+     */
+    if ((req->kdc_options & KDC_OPT_RENEW) &&
+        ts_after(kdc_time, times->renew_till)) {
+        *status = "TKT_EXPIRED";
+        return KRB5KRB_AP_ERR_TKT_EXPIRED;
+    }
+    return 0;
+}
+
+/* Check for local user tickets issued by foreign realms.  This check is
+ * skipped for S4U2Self requests. */
+static krb5_error_code
+check_tgs_lineage(krb5_db_entry *server, krb5_ticket *tkt,
+                  krb5_boolean is_crossrealm, const char **status)
+{
+    if (is_crossrealm && data_eq(tkt->enc_part2->client->realm,
+                                 server->princ->realm)) {
+        *status = "INVALID LINEAGE";
+        return KRB5KDC_ERR_POLICY;
+    }
+    return 0;
+}
+
+static krb5_error_code
+check_tgs_s4u2self(kdc_realm_t *realm, krb5_kdc_req *req,
+                   krb5_db_entry *server, krb5_ticket *tkt, krb5_pac pac,
+                   krb5_timestamp kdc_time,
+                   krb5_pa_s4u_x509_user *s4u_x509_user, krb5_db_entry *client,
+                   krb5_boolean is_crossrealm, krb5_boolean is_referral,
+                   const char **status, krb5_pa_data ***e_data)
+{
+    krb5_context context = realm->realm_context;
+    krb5_db_entry empty_server = { 0 };
+
+    /* If the server is local, check that the request is for self. */
+    if (!is_referral &&
+        !is_client_db_alias(context, server, tkt->enc_part2->client)) {
+        *status = "INVALID_S4U2SELF_REQUEST_SERVER_MISMATCH";
+        return KRB5KRB_AP_ERR_BADMATCH;
+    }
+
+    /* S4U2Self requests must use options valid for AS requests. */
+    if (req->kdc_options & AS_INVALID_OPTIONS) {
+        *status = "INVALID S4U2SELF OPTIONS";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+
+    /*
+     * Valid S4U2Self requests can occur in the following combinations:
+     *
+     * (1) local TGT, local user, local server
+     * (2) cross TGT, local user, issuing referral
+     * (3) cross TGT, non-local user, issuing referral
+     * (4) cross TGT, non-local user, local server
+     *
+     * The first case is for a single-realm S4U2Self scenario; the second,
+     * third, and fourth cases are for the initial, intermediate (if any), and
+     * final cross-realm requests in a multi-realm scenario.
+     */
+
+    if (!is_crossrealm && is_referral) {
+        /* This could happen if the requesting server no longer exists, and we
+         * found a referral instead.  Treat this as a server lookup failure. */
+        *status = "LOOKING_UP_SERVER";
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    }
+    if (client != NULL && is_crossrealm && !is_referral) {
+        /* A local server should not need a cross-realm TGT to impersonate
+         * a local principal. */
+        *status = "NOT_CROSS_REALM_REQUEST";
+        return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; /* match Windows error */
+    }
+    if (client == NULL && !is_crossrealm) {
+        /*
+         * The server is asking to impersonate a principal from another realm,
+         * using a local TGT.  It should instead ask that principal's realm and
+         * follow referrals back to us.
+         */
+        *status = "S4U2SELF_CLIENT_NOT_OURS";
+        return KRB5KDC_ERR_POLICY; /* match Windows error */
+    }
+    if (client == NULL && s4u_x509_user->user_id.user->length == 0) {
+        /*
+         * Only a KDC in the client realm can handle a certificate-only
+         * S4U2Self request.  Other KDCs require a principal name and ignore
+         * the subject-certificate field.
+         */
+        *status = "INVALID_XREALM_S4U2SELF_REQUEST";
+        return KRB5KDC_ERR_POLICY; /* match Windows error */
+    }
+
+    /* The header ticket PAC must be present. */
+    if (pac == NULL) {
+        *status = "S4U2SELF_NO_PAC";
+        return KRB5KDC_ERR_TGT_REVOKED;
+    }
+
+    if (client != NULL) {
+        /* The header ticket PAC must be for the impersonator. */
+        if (krb5_pac_verify(context, pac, tkt->enc_part2->times.authtime,
+                            tkt->enc_part2->client, NULL, NULL) != 0) {
+            *status = "S4U2SELF_LOCAL_PAC_CLIENT";
+            return KRB5KDC_ERR_BADOPTION;
+        }
+
+        /* Validate the client policy.  Use an empty server principal to bypass
+         * server policy checks. */
+        return validate_as_request(realm, req, client, &empty_server, kdc_time,
+                                   status, e_data);
+    } else {
+        /* The header ticket PAC must be for the subject, with realm. */
+        if (krb5_pac_verify_ext(context, pac, tkt->enc_part2->times.authtime,
+                                s4u_x509_user->user_id.user, NULL, NULL,
+                                TRUE) != 0) {
+            *status = "S4U2SELF_FOREIGN_PAC_CLIENT";
+            return KRB5KDC_ERR_BADOPTION;
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * Validate pac as an S4U2Proxy subject PAC contained within a cross-realm TGT.
+ * If target_server is non-null, verify that it matches the PAC proxy target.
+ * Return 0 on success, non-zero on failure.
+ */
+static int
+verify_deleg_pac(krb5_context context, krb5_pac pac,
+                 krb5_enc_tkt_part *enc_tkt,
+                 krb5_const_principal target_server)
+{
+    krb5_timestamp pac_authtime;
+    krb5_data deleg_buf = empty_data();
+    krb5_principal princ = NULL;
+    struct pac_s4u_delegation_info *di = NULL;
+    char *client_str = NULL, *target_str = NULL;
+    const char *last_transited;
+    int result = -1;
+
+    /* Make sure the PAC client string can be parsed as a principal with
+     * realm. */
+    if (get_pac_princ_with_realm(context, pac, &princ, &pac_authtime) != 0)
+        goto cleanup;
+    if (pac_authtime != enc_tkt->times.authtime)
+        goto cleanup;
+
+    if (krb5_pac_get_buffer(context, pac, KRB5_PAC_DELEGATION_INFO,
+                            &deleg_buf) != 0)
+        goto cleanup;
+
+    if (ndr_dec_delegation_info(&deleg_buf, &di) != 0)
+        goto cleanup;
+
+    if (target_server != NULL) {
+        if (krb5_unparse_name_flags(context, target_server,
+                                    KRB5_PRINCIPAL_UNPARSE_DISPLAY |
+                                    KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                    &target_str) != 0)
+            goto cleanup;
+        if (strcmp(target_str, di->proxy_target) != 0)
+            goto cleanup;
+    }
+
+    /* Check that the most recently added PAC transited service matches the
+     * requesting impersonator. */
+    if (di->transited_services_length == 0)
+        goto cleanup;
+    if (krb5_unparse_name(context, enc_tkt->client, &client_str) != 0)
+        goto cleanup;
+    last_transited = di->transited_services[di->transited_services_length - 1];
+    if (strcmp(last_transited, client_str) != 0)
+        goto cleanup;
+
+    result = 0;
+
+cleanup:
+    free(target_str);
+    free(client_str);
+    ndr_free_delegation_info(di);
+    krb5_free_principal(context, princ);
+    krb5_free_data_contents(context, &deleg_buf);
+    return result;
+}
+
+static krb5_error_code
+check_tgs_s4u2proxy(krb5_context context, krb5_kdc_req *req,
+                    krb5_db_entry *server, krb5_ticket *tkt, krb5_pac pac,
+                    const krb5_ticket *stkt, krb5_pac stkt_pac,
+                    krb5_db_entry *stkt_server, krb5_boolean is_crossrealm,
+                    krb5_boolean is_referral, const char **status)
+{
+    /* A forwardable second ticket must be present in the request. */
+    if (stkt == NULL) {
+        *status = "NO_2ND_TKT";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+    if (!(stkt->enc_part2->flags & TKT_FLG_FORWARDABLE)) {
+        *status = "EVIDENCE_TKT_NOT_FORWARDABLE";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+
+    /* Constrained delegation is mutually exclusive with renew/forward/etc.
+     * (and therefore requires the header ticket to be a TGT). */
+    if (req->kdc_options & (NON_TGT_OPTION | KDC_OPT_ENC_TKT_IN_SKEY)) {
+        *status = "INVALID_S4U2PROXY_OPTIONS";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+
+    /* Can't get a TGT (otherwise it would be unconstrained delegation). */
+    if (krb5_is_tgs_principal(req->server)) {
+        *status = "NOT_ALLOWED_TO_DELEGATE";
+        return KRB5KDC_ERR_POLICY;
+    }
+
+    /* The header ticket PAC must be present and for the impersonator. */
+    if (pac == NULL) {
+        *status = "S4U2PROXY_NO_HEADER_PAC";
+        return KRB5KDC_ERR_TGT_REVOKED;
+    }
+    if (krb5_pac_verify(context, pac, tkt->enc_part2->times.authtime,
+                        tkt->enc_part2->client, NULL, NULL) != 0) {
+        *status = "S4U2PROXY_HEADER_PAC";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+
+    /*
+     * An S4U2Proxy request must be an initial request to the impersonator's
+     * realm (possibly for a target resource in the same realm), or a final
+     * cross-realm RBCD request to the resource realm.  Intermediate
+     * referral-chasing requests do not use the CNAME-IN-ADDL-TKT flag.
+     */
+
+    if (stkt_pac == NULL) {
+        *status = "S4U2PROXY_NO_STKT_PAC";
+        return KRB5KRB_AP_ERR_MODIFIED;
+    }
+    if (!is_crossrealm) {
+        /* For an initial or same-realm request, the second ticket server and
+         * header ticket client must be the same principal. */
+        if (!is_client_db_alias(context, stkt_server,
+                                tkt->enc_part2->client)) {
+            *status = "EVIDENCE_TICKET_MISMATCH";
+            return KRB5KDC_ERR_SERVER_NOMATCH;
+        }
+
+        /* The second ticket client and PAC client are the subject, and must
+         * match. */
+        if (krb5_pac_verify(context, stkt_pac, stkt->enc_part2->times.authtime,
+                            stkt->enc_part2->client, NULL, NULL) != 0) {
+            *status = "S4U2PROXY_LOCAL_STKT_PAC";
+            return KRB5KDC_ERR_BADOPTION;
+        }
+
+    } else {
+
+        /*
+         * For a cross-realm request, the second ticket must be a referral TGT
+         * to our realm with the impersonator as client.  The target server
+         * must also be local, so we must not be issuing a referral.
+         */
+        if (is_referral || !is_cross_tgs_principal(stkt_server->princ) ||
+            !data_eq(stkt_server->princ->data[1], server->princ->realm) ||
+            !krb5_principal_compare(context, stkt->enc_part2->client,
+                                    tkt->enc_part2->client)) {
+            *status = "XREALM_EVIDENCE_TICKET_MISMATCH";
+            return KRB5KDC_ERR_BADOPTION;
+        }
+
+        /* The second ticket PAC must be present and for the impersonated
+         * client, with delegation info. */
+        if (stkt_pac == NULL ||
+            verify_deleg_pac(context, stkt_pac, stkt->enc_part2,
+                             req->server) != 0) {
+            *status = "S4U2PROXY_CROSS_STKT_PAC";
+            return KRB5KDC_ERR_BADOPTION;
+        }
+    }
+
+    return 0;
+}
+
+/* Check the KDB policy for a final RBCD request. */
+static krb5_error_code
+check_s4u2proxy_policy(krb5_context context, krb5_kdc_req *req,
+                       krb5_principal desired_client,
+                       krb5_principal impersonator_name,
+                       krb5_db_entry *impersonator, krb5_pac impersonator_pac,
+                       krb5_principal resource_name, krb5_db_entry *resource,
+                       krb5_boolean is_crossrealm, krb5_boolean is_referral,
+                       const char **status)
+{
+    krb5_error_code ret;
+    krb5_boolean support_rbcd, policy_denial = FALSE;
+
+    /* Check if the client supports resource-based constrained delegation. */
+    ret = kdc_get_pa_pac_rbcd(context, req->padata, &support_rbcd);
+    if (ret)
+        return ret;
+
+    if (is_referral) {
+        if (!support_rbcd) {
+            /* The client must support RBCD for a referral to be useful. */
+            *status = "UNSUPPORTED_S4U2PROXY_REQUEST";
+            return KRB5KDC_ERR_BADOPTION;
+        }
+        /* Policy will be checked in the resource realm. */
+        return 0;
+    }
+
+    /* Try resource-based authorization if the client supports RBCD. */
+    if (support_rbcd) {
+        ret = krb5_db_allowed_to_delegate_from(context, desired_client,
+                                               impersonator_name,
+                                               impersonator_pac, resource);
+        if (ret == KRB5KDC_ERR_BADOPTION)
+            policy_denial = TRUE;
+        else if (ret != KRB5_PLUGIN_OP_NOTSUPP)
+            return ret;
+    }
+
+    /* Try traditional authorization if the requestor is in this realm. */
+    if (!is_crossrealm) {
+        ret = krb5_db_check_allowed_to_delegate(context, desired_client,
+                                                impersonator, resource_name);
+        if (ret == KRB5KDC_ERR_BADOPTION)
+            policy_denial = TRUE;
+        else if (ret != KRB5_PLUGIN_OP_NOTSUPP)
+            return ret;
+    }
+
+    *status = policy_denial ? "NOT_ALLOWED_TO_DELEGATE" :
+        "UNSUPPORTED_S4U2PROXY_REQUEST";
+    return KRB5KDC_ERR_BADOPTION;
+}
+
+static krb5_error_code
+check_tgs_u2u(krb5_context context, krb5_kdc_req *req, const krb5_ticket *stkt,
+              krb5_db_entry *server, const char **status)
+{
+    /* A second ticket must be present in the request. */
+    if (stkt == NULL) {
+        *status = "NO_2ND_TKT";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+
+    /* The second ticket must be a TGT to the server realm. */
+    if (!is_local_tgs_principal(stkt->server) ||
+        !data_eq(stkt->server->data[1], server->princ->realm)) {
+        *status = "2ND_TKT_NOT_TGS";
+        return KRB5KDC_ERR_POLICY;
+    }
+
+    /* The second ticket client must match the requested server. */
+    if (!is_client_db_alias(context, server, stkt->enc_part2->client)) {
+        *status = "2ND_TKT_MISMATCH";
+        return KRB5KDC_ERR_SERVER_NOMATCH;
+    }
+
+    return 0;
+}
+
+/* Validate the PAC of a non-S4U TGS request, if one is present. */
+static krb5_error_code
+check_normal_tgs_pac(krb5_context context, krb5_enc_tkt_part *enc_tkt,
+                     krb5_pac pac, krb5_db_entry *server,
+                     krb5_boolean is_crossrealm, const char **status)
+{
+    /* We don't require a PAC for regular TGS requests. */
+    if (pac == NULL)
+        return 0;
+
+    /* For most requests the header ticket PAC will be for the ticket
+     * client. */
+    if (krb5_pac_verify(context, pac, enc_tkt->times.authtime, enc_tkt->client,
+                        NULL, NULL) == 0)
+        return 0;
+
+    /* For intermediate RBCD requests the header ticket PAC will be for the
+     * impersonated client. */
+    if (is_crossrealm && is_cross_tgs_principal(server->princ) &&
+        verify_deleg_pac(context, pac, enc_tkt, NULL) == 0)
+        return 0;
+
+    *status = "HEADER_PAC";
+    return KRB5KDC_ERR_BADOPTION;
+}
+
+/*
+ * Some TGS-REQ options allow for a non-TGS principal in the ticket.  Do some
+ * checks that are peculiar to these cases.  (e.g., ticket service principal
+ * matches requested service principal)
+ */
+static krb5_error_code
+check_tgs_nontgt(krb5_context context, krb5_kdc_req *req, krb5_ticket *tkt,
+                 const char **status)
+{
+    if (!krb5_principal_compare(context, tkt->server, req->server)) {
+        *status = "SERVER DIDN'T MATCH TICKET FOR RENEW/FORWARD/ETC";
+        return KRB5KDC_ERR_SERVER_NOMATCH;
+    }
+    /* Cannot proxy ticket granting tickets. */
+    if ((req->kdc_options & KDC_OPT_PROXY) &&
+        krb5_is_tgs_principal(req->server)) {
+        *status = "CAN'T PROXY TGT";
+        return KRB5KDC_ERR_BADOPTION;
+    }
+    return 0;
+}
+
+/*
+ * Do some checks for a normal TGS-REQ (where the ticket service must be a TGS
+ * principal).
+ */
+static krb5_error_code
+check_tgs_tgt(krb5_kdc_req *req, krb5_ticket *tkt, const char **status)
+{
+    /* Make sure it's a TGS principal. */
+    if (!krb5_is_tgs_principal(tkt->server)) {
+        *status = "BAD TGS SERVER NAME";
+        return KRB5KRB_AP_ERR_NOT_US;
+    }
+    /* TGS principal second component must match service realm. */
+    if (!data_eq(tkt->server->data[1], req->server->realm)) {
+        *status = "BAD TGS SERVER INSTANCE";
+        return KRB5KRB_AP_ERR_NOT_US;
+    }
+    return 0;
+}
+
+krb5_error_code
+check_tgs_constraints(kdc_realm_t *realm, krb5_kdc_req *request,
+                      krb5_db_entry *server, krb5_ticket *ticket, krb5_pac pac,
+                      const krb5_ticket *stkt, krb5_pac stkt_pac,
+                      krb5_db_entry *stkt_server, krb5_timestamp kdc_time,
+                      krb5_pa_s4u_x509_user *s4u_x509_user,
+                      krb5_db_entry *s4u2self_client,
+                      krb5_boolean is_crossrealm, krb5_boolean is_referral,
+                      const char **status, krb5_pa_data ***e_data)
+{
+    krb5_context context = realm->realm_context;
+    int errcode;
+
+    /* Depends only on request and ticket. */
+    errcode = check_tgs_opts(request, ticket, status);
+    if (errcode != 0)
+        return errcode;
+
+    /* Depends only on request, ticket times, and current time. */
+    errcode = check_tgs_times(request, &ticket->enc_part2->times, kdc_time,
+                              status);
+    if (errcode != 0)
+        return errcode;
+
+    if (request->kdc_options & NON_TGT_OPTION)
+        errcode = check_tgs_nontgt(context, request, ticket, status);
+    else
+        errcode = check_tgs_tgt(request, ticket, status);
+    if (errcode != 0)
+        return errcode;
+
+    if (s4u_x509_user != NULL) {
+        errcode = check_tgs_s4u2self(realm, request, server, ticket, pac,
+                                     kdc_time, s4u_x509_user, s4u2self_client,
+                                     is_crossrealm, is_referral, status,
+                                     e_data);
+    } else {
+        errcode = check_tgs_lineage(server, ticket, is_crossrealm, status);
+    }
+    if (errcode != 0)
+        return errcode;
+
+    if (request->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
+        errcode = check_tgs_u2u(context, request, stkt, server, status);
+        if (errcode != 0)
+            return errcode;
+    }
+
+    if (request->kdc_options & KDC_OPT_CNAME_IN_ADDL_TKT) {
+        errcode = check_tgs_s4u2proxy(context, request, server, ticket, pac,
+                                      stkt, stkt_pac, stkt_server,
+                                      is_crossrealm, is_referral, status);
+        if (errcode != 0)
+            return errcode;
+    } else if (s4u_x509_user == NULL) {
+        errcode = check_normal_tgs_pac(context, ticket->enc_part2, pac, server,
+                                       is_crossrealm, status);
+        if (errcode != 0)
+            return errcode;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+check_tgs_policy(kdc_realm_t *realm, krb5_kdc_req *request,
+                 krb5_db_entry *server, krb5_ticket *ticket,
+                 krb5_pac pac, const krb5_ticket *stkt, krb5_pac stkt_pac,
+                 krb5_principal stkt_pac_client, krb5_db_entry *stkt_server,
+                 krb5_timestamp kdc_time, krb5_boolean is_crossrealm,
+                 krb5_boolean is_referral, const char **status,
+                 krb5_pa_data ***e_data)
+{
+    krb5_context context = realm->realm_context;
+    int errcode;
+    krb5_error_code ret;
+    krb5_principal desired_client;
+
+    errcode = check_tgs_svc_policy(request, server, ticket, kdc_time, status);
+    if (errcode != 0)
+        return errcode;
+
+    if (request->kdc_options & KDC_OPT_CNAME_IN_ADDL_TKT) {
+        desired_client = (stkt_pac_client != NULL) ? stkt_pac_client :
+            stkt->enc_part2->client;
+        errcode = check_s4u2proxy_policy(context, request, desired_client,
+                                         ticket->enc_part2->client,
+                                         stkt_server, pac, request->server,
+                                         server, is_crossrealm, is_referral,
+                                         status);
+        if (errcode != 0)
+            return errcode;
+    }
+
+    if (check_anon(realm, ticket->enc_part2->client, request->server) != 0) {
+        *status = "ANONYMOUS NOT ALLOWED";
+        return KRB5KDC_ERR_POLICY;
+    }
+
+    /* Perform KDB module policy checks. */
+    ret = krb5_db_check_policy_tgs(context, request, server, ticket, status,
+                                   e_data);
+    return (ret == KRB5_PLUGIN_OP_NOTSUPP) ? 0 : ret;
+}
diff --git a/krb5-1.21.3/src/kprop/Makefile.in b/krb5-1.21.3/src/kprop/Makefile.in
new file mode 100644
index 00000000..412d72a1
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/Makefile.in
@@ -0,0 +1,35 @@
+mydir=kprop
+BUILDTOP=$(REL)..
+
+all:	kprop kpropd kproplog
+
+CLIENTSRCS= $(srcdir)/kprop.c $(srcdir)/kprop_util.c
+CLIENTOBJS= kprop.o kprop_util.o
+
+SERVERSRCS= $(srcdir)/kpropd.c $(srcdir)/kpropd_rpc.c $(srcdir)/kprop_util.c
+SERVEROBJS= kpropd.o kpropd_rpc.o kprop_util.o
+
+LOGSRCS= $(srcdir)/kproplog.c
+LOGOBJS= kproplog.o
+
+SRCS= $(CLIENTSRCS) $(SERVERSRCS) $(LOGSRCS)
+
+
+kprop: $(CLIENTOBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o kprop $(CLIENTOBJS) $(KRB5_BASE_LIBS) @LIBUTIL@
+
+kpropd: $(SERVEROBJS) $(KDB5_DEPLIB) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB)
+	$(CC_LINK) -o kpropd $(SERVEROBJS) $(KDB5_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) @LIBUTIL@
+
+kproplog: $(LOGOBJS)
+	$(CC_LINK) -o kproplog $(LOGOBJS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+
+install:
+	for f in kprop kpropd kproplog; do \
+	  $(INSTALL_PROGRAM) $$f \
+		$(DESTDIR)$(SERVER_BINDIR)/`echo $$f|sed '$(transform)'`; \
+	done
+
+clean:
+	$(RM) $(CLIENTOBJS) $(SERVEROBJS) $(LOGOBJS)
+	$(RM) kprop kpropd kproplog
diff --git a/krb5-1.21.3/src/kprop/deps b/krb5-1.21.3/src/kprop/deps
new file mode 100644
index 00000000..cb19b0a6
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/deps
@@ -0,0 +1,74 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kprop.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kprop.c kprop.h
+$(OUTPRE)kprop_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kprop.h kprop_util.c
+$(OUTPRE)kpropd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kprop.h kpropd.c
+$(OUTPRE)kpropd_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  kpropd_rpc.c
+$(OUTPRE)kproplog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kproplog.c
diff --git a/krb5-1.21.3/src/kprop/kprop.c b/krb5-1.21.3/src/kprop/kprop.c
new file mode 100644
index 00000000..8f9fd699
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/kprop.c
@@ -0,0 +1,594 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kprop/kprop.c */
+/*
+ * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <inttypes.h>
+#include <locale.h>
+#include <sys/file.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <sys/param.h>
+#include <netdb.h>
+#include <fcntl.h>
+
+#include "com_err.h"
+#include "fake-addrinfo.h"
+#include "kprop.h"
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE unsigned int
+#endif
+
+static char *kprop_version = KPROP_PROT_VERSION;
+
+static char *progname = NULL;
+static int debug = 0;
+static char *keytab_path = NULL;
+static char *replica_host;
+static char *realm = NULL;
+static char *def_realm = NULL;
+static char *file = KPROP_DEFAULT_FILE;
+
+/* The Kerberos principal we'll be sending as, initialized in get_tickets. */
+static krb5_principal my_principal;
+
+static krb5_creds creds;
+static krb5_address *sender_addr;
+static const char *port = KPROP_SERVICE;
+static char *dbpathname;
+
+static void parse_args(krb5_context context, int argc, char **argv);
+static void get_tickets(krb5_context context);
+static void usage(void);
+static void open_connection(krb5_context context, char *host, int *fd_out);
+static void kerberos_authenticate(krb5_context context,
+                                  krb5_auth_context *auth_context, int fd,
+                                  krb5_principal me, krb5_creds **new_creds);
+static int open_database(krb5_context context, char *data_fn, off_t *size);
+static void close_database(krb5_context context, int fd);
+static void xmit_database(krb5_context context,
+                          krb5_auth_context auth_context, krb5_creds *my_creds,
+                          int fd, int database_fd, off_t in_database_size);
+static void send_error(krb5_context context, krb5_creds *my_creds, int fd,
+                       char *err_text, krb5_error_code err_code);
+static void update_last_prop_file(char *hostname, char *file_name);
+
+static void usage()
+{
+    fprintf(stderr, _("\nUsage: %s [-r realm] [-f file] [-d] [-P port] "
+                      "[-s keytab] replica_host\n\n"), progname);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    int fd, database_fd;
+    off_t database_size;
+    krb5_error_code retval;
+    krb5_context context;
+    krb5_creds *my_creds;
+    krb5_auth_context auth_context;
+
+    setlocale(LC_ALL, "");
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, _("while initializing krb5"));
+        exit(1);
+    }
+    parse_args(context, argc, argv);
+    get_tickets(context);
+
+    database_fd = open_database(context, file, &database_size);
+    open_connection(context, replica_host, &fd);
+    kerberos_authenticate(context, &auth_context, fd, my_principal, &my_creds);
+    xmit_database(context, auth_context, my_creds, fd, database_fd,
+                  database_size);
+    update_last_prop_file(replica_host, file);
+    printf(_("Database propagation to %s: SUCCEEDED\n"), replica_host);
+    krb5_free_cred_contents(context, my_creds);
+    close_database(context, database_fd);
+    krb5_free_default_realm(context, def_realm);
+    exit(0);
+}
+
+static void
+parse_args(krb5_context context, int argc, char **argv)
+{
+    int c;
+    krb5_error_code ret;
+
+    progname = argv[0];
+    while ((c = getopt(argc, argv, "r:f:dP:s:")) != -1) {
+        switch (c) {
+        case 'r':
+            realm = optarg;
+            break;
+        case 'f':
+            file = optarg;
+            break;
+        case 'd':
+            debug++;
+            break;
+        case 'P':
+            port = optarg;
+            break;
+        case 's':
+            keytab_path = optarg;
+            break;
+        default:
+            usage();
+        }
+    }
+    if (argc - optind != 1)
+        usage();
+    replica_host = argv[optind];
+
+    if (realm == NULL) {
+        ret = krb5_get_default_realm(context, &def_realm);
+        if (ret) {
+            com_err(progname, errno, _("while getting default realm"));
+            exit(1);
+        }
+        realm = def_realm;
+    }
+}
+
+static void
+get_tickets(krb5_context context)
+{
+    char *server;
+    krb5_error_code retval;
+    krb5_keytab keytab = NULL;
+    krb5_principal server_princ = NULL;
+
+    /* Figure out what tickets we'll be using to send. */
+    retval = sn2princ_realm(context, NULL, KPROP_SERVICE_NAME, realm,
+                            &my_principal);
+    if (retval) {
+        com_err(progname, errno, _("while setting client principal name"));
+        exit(1);
+    }
+
+    /* Construct the principal name for the replica host. */
+    memset(&creds, 0, sizeof(creds));
+    retval = sn2princ_realm(context, replica_host, KPROP_SERVICE_NAME, realm,
+                            &server_princ);
+    if (retval) {
+        com_err(progname, errno, _("while setting server principal name"));
+        exit(1);
+    }
+    retval = krb5_unparse_name_flags(context, server_princ,
+                                     KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
+    if (retval) {
+        com_err(progname, retval, _("while unparsing server name"));
+        exit(1);
+    }
+
+    if (keytab_path != NULL) {
+        retval = krb5_kt_resolve(context, keytab_path, &keytab);
+        if (retval) {
+            com_err(progname, retval, _("while resolving keytab"));
+            exit(1);
+        }
+    }
+
+    retval = krb5_get_init_creds_keytab(context, &creds, my_principal, keytab,
+                                        0, server, NULL);
+    if (retval) {
+        com_err(progname, retval, _("while getting initial credentials\n"));
+        exit(1);
+    }
+
+    if (keytab != NULL)
+        krb5_kt_close(context, keytab);
+    krb5_free_unparsed_name(context, server);
+    krb5_free_principal(context, server_princ);
+}
+
+static void
+open_connection(krb5_context context, char *host, int *fd_out)
+{
+    krb5_error_code retval;
+    GETSOCKNAME_ARG3_TYPE socket_length;
+    struct addrinfo hints, *res, *answers;
+    struct sockaddr *sa;
+    struct sockaddr_storage my_sin;
+    int s, error;
+
+    *fd_out = -1;
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = PF_UNSPEC;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_flags = AI_ADDRCONFIG;
+    error = getaddrinfo(host, port, &hints, &answers);
+    if (error != 0) {
+        com_err(progname, 0, "%s: %s", host, gai_strerror(error));
+        exit(1);
+    }
+
+    s = -1;
+    retval = EINVAL;
+    for (res = answers; res != NULL; res = res->ai_next) {
+        s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (s < 0) {
+            com_err(progname, errno, _("while creating socket"));
+            exit(1);
+        }
+
+        if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
+            retval = errno;
+            close(s);
+            s = -1;
+            continue;
+        }
+
+        /* We successfully connect()ed */
+        *fd_out = s;
+
+        break;
+    }
+
+    freeaddrinfo(answers);
+
+    if (s == -1) {
+        com_err(progname, retval, _("while connecting to server"));
+        exit(1);
+    }
+
+    /* Set sender_addr. */
+    socket_length = sizeof(my_sin);
+    if (getsockname(s, (struct sockaddr *)&my_sin, &socket_length) < 0) {
+        com_err(progname, errno, _("while getting local socket address"));
+        exit(1);
+    }
+    sa = (struct sockaddr *)&my_sin;
+    if (sockaddr2krbaddr(context, sa->sa_family, sa, &sender_addr) != 0) {
+        com_err(progname, errno, _("while converting local address"));
+        exit(1);
+    }
+}
+
+static void
+kerberos_authenticate(krb5_context context, krb5_auth_context *auth_context,
+                      int fd, krb5_principal me, krb5_creds **new_creds)
+{
+    krb5_error_code retval;
+    krb5_error *error = NULL;
+    krb5_ap_rep_enc_part *rep_result;
+
+    retval = krb5_auth_con_init(context, auth_context);
+    if (retval)
+        exit(1);
+
+    krb5_auth_con_setflags(context, *auth_context,
+                           KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+    retval = krb5_auth_con_setaddrs(context, *auth_context, sender_addr, NULL);
+    if (retval) {
+        com_err(progname, retval, _("in krb5_auth_con_setaddrs"));
+        exit(1);
+    }
+
+    retval = krb5_sendauth(context, auth_context, &fd, kprop_version,
+                           me, creds.server, AP_OPTS_MUTUAL_REQUIRED, NULL,
+                           &creds, NULL, &error, &rep_result, new_creds);
+    if (retval) {
+        com_err(progname, retval, _("while authenticating to server"));
+        if (error != NULL) {
+            if (error->error == KRB_ERR_GENERIC) {
+                if (error->text.data) {
+                    fprintf(stderr, _("Generic remote error: %s\n"),
+                            error->text.data);
+                }
+            } else if (error->error) {
+                com_err(progname,
+                        (krb5_error_code)error->error + ERROR_TABLE_BASE_krb5,
+                        _("signalled from server"));
+                if (error->text.data) {
+                    fprintf(stderr, _("Error text from server: %s\n"),
+                            error->text.data);
+                }
+            }
+            krb5_free_error(context, error);
+        }
+        exit(1);
+    }
+    krb5_free_ap_rep_enc_part(context, rep_result);
+}
+
+/*
+ * Open the Kerberos database dump file.  Takes care of locking it
+ * and making sure that the .ok file is more recent that the database
+ * dump file itself.
+ *
+ * Returns the file descriptor of the database dump file.  Also fills
+ * in the size of the database file.
+ */
+static int
+open_database(krb5_context context, char *data_fn, off_t *size)
+{
+    struct stat stbuf, stbuf_ok;
+    char *data_ok_fn;
+    int fd, err;
+
+    dbpathname = strdup(data_fn);
+    if (dbpathname == NULL) {
+        com_err(progname, ENOMEM, _("allocating database file name '%s'"),
+                data_fn);
+        exit(1);
+    }
+    fd = open(dbpathname, O_RDONLY);
+    if (fd < 0) {
+        com_err(progname, errno, _("while trying to open %s"), dbpathname);
+        exit(1);
+    }
+
+    err = krb5_lock_file(context, fd,
+                         KRB5_LOCKMODE_SHARED | KRB5_LOCKMODE_DONTBLOCK);
+    if (err == EAGAIN || err == EWOULDBLOCK || errno == EACCES) {
+        com_err(progname, 0, _("database locked"));
+        exit(1);
+    } else if (err) {
+        com_err(progname, err, _("while trying to lock '%s'"), dbpathname);
+        exit(1);
+    }
+    if (fstat(fd, &stbuf)) {
+        com_err(progname, errno, _("while trying to stat %s"), data_fn);
+        exit(1);
+    }
+    if (asprintf(&data_ok_fn, "%s.dump_ok", data_fn) < 0) {
+        com_err(progname, ENOMEM, _("while trying to malloc data_ok_fn"));
+        exit(1);
+    }
+    if (stat(data_ok_fn, &stbuf_ok)) {
+        com_err(progname, errno, _("while trying to stat %s"), data_ok_fn);
+        free(data_ok_fn);
+        exit(1);
+    }
+    if (stbuf.st_mtime > stbuf_ok.st_mtime) {
+        com_err(progname, 0, _("'%s' more recent than '%s'."), data_fn,
+                data_ok_fn);
+        exit(1);
+    }
+    free(data_ok_fn);
+    *size = stbuf.st_size;
+    return fd;
+}
+
+static void
+close_database(krb5_context context, int fd)
+{
+    int err;
+
+    err = krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK);
+    if (err)
+        com_err(progname, err, _("while unlocking database '%s'"), dbpathname);
+    free(dbpathname);
+    close(fd);
+}
+
+/*
+ * Now we send over the database.  We use the following protocol:
+ * Send over a KRB_SAFE message with the size.  Then we send over the
+ * database in blocks of KPROP_BLKSIZE, encrypted using KRB_PRIV.
+ * Then we expect to see a KRB_SAFE message with the size sent back.
+ *
+ * At any point in the protocol, we may send a KRB_ERROR message; this
+ * will abort the entire operation.
+ */
+static void
+xmit_database(krb5_context context, krb5_auth_context auth_context,
+              krb5_creds *my_creds, int fd, int database_fd,
+              off_t in_database_size)
+{
+    krb5_int32 n;
+    krb5_data inbuf, outbuf;
+    char buf[KPROP_BUFSIZ], dbsize_buf[KPROP_DBSIZE_MAX_BUFSIZ];
+    krb5_error_code retval;
+    krb5_error *error;
+    uint64_t database_size = in_database_size, send_size, sent_size;
+
+    /* Send over the size. */
+    inbuf = make_data(dbsize_buf, sizeof(dbsize_buf));
+    encode_database_size(database_size, &inbuf);
+    /* KPROP_CKSUMTYPE */
+    retval = krb5_mk_safe(context, auth_context, &inbuf, &outbuf, NULL);
+    if (retval) {
+        com_err(progname, retval, _("while encoding database size"));
+        send_error(context, my_creds, fd, _("while encoding database size"),
+                   retval);
+        exit(1);
+    }
+
+    retval = krb5_write_message(context, &fd, &outbuf);
+    if (retval) {
+        krb5_free_data_contents(context, &outbuf);
+        com_err(progname, retval, _("while sending database size"));
+        exit(1);
+    }
+    krb5_free_data_contents(context, &outbuf);
+
+    /* Initialize the initial vector. */
+    retval = krb5_auth_con_initivector(context, auth_context);
+    if (retval) {
+        send_error(context, my_creds, fd,
+                   "failed while initializing i_vector", retval);
+        com_err(progname, retval, _("while allocating i_vector"));
+        exit(1);
+    }
+
+    /* Send over the file, block by block. */
+    inbuf.data = buf;
+    sent_size = 0;
+    while ((n = read(database_fd, buf, sizeof(buf)))) {
+        inbuf.length = n;
+        retval = krb5_mk_priv(context, auth_context, &inbuf, &outbuf, NULL);
+        if (retval) {
+            snprintf(buf, sizeof(buf),
+                     "while encoding database block starting at %"PRIu64,
+                     sent_size);
+            com_err(progname, retval, "%s", buf);
+            send_error(context, my_creds, fd, buf, retval);
+            exit(1);
+        }
+
+        retval = krb5_write_message(context, &fd, &outbuf);
+        if (retval) {
+            krb5_free_data_contents(context, &outbuf);
+            com_err(progname, retval,
+                    _("while sending database block starting at %"PRIu64),
+                    sent_size);
+            exit(1);
+        }
+        krb5_free_data_contents(context, &outbuf);
+        sent_size += n;
+        if (debug)
+            printf("%"PRIu64" bytes sent.\n", sent_size);
+    }
+    if (sent_size != database_size) {
+        com_err(progname, 0, _("Premature EOF found for database file!"));
+        send_error(context, my_creds, fd,
+                   "Premature EOF found for database file!",
+                   KRB5KRB_ERR_GENERIC);
+        exit(1);
+    }
+
+    /*
+     * OK, we've sent the database; now let's wait for a success
+     * indication from the remote end.
+     */
+    retval = krb5_read_message(context, &fd, &inbuf);
+    if (retval) {
+        com_err(progname, retval, _("while reading response from server"));
+        exit(1);
+    }
+    /*
+     * If we got an error response back from the server, display
+     * the error message
+     */
+    if (krb5_is_krb_error(&inbuf)) {
+        retval = krb5_rd_error(context, &inbuf, &error);
+        if (retval) {
+            com_err(progname, retval,
+                    _("while decoding error response from server"));
+            exit(1);
+        }
+        if (error->error == KRB_ERR_GENERIC) {
+            if (error->text.data) {
+                fprintf(stderr, _("Generic remote error: %s\n"),
+                        error->text.data);
+            }
+        } else if (error->error) {
+            com_err(progname,
+                    (krb5_error_code)error->error + ERROR_TABLE_BASE_krb5,
+                    _("signalled from server"));
+            if (error->text.data) {
+                fprintf(stderr, _("Error text from server: %s\n"),
+                        error->text.data);
+            }
+        }
+        krb5_free_error(context, error);
+        exit(1);
+    }
+
+    retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
+    if (retval) {
+        com_err(progname, retval,
+                "while decoding final size packet from server");
+        exit(1);
+    }
+
+    retval = decode_database_size(&outbuf, &send_size);
+    if (retval) {
+        com_err(progname, retval, _("malformed sent database size message"));
+        exit(1);
+    }
+    if (send_size != database_size) {
+        com_err(progname, 0, _("Kpropd sent database size %"PRIu64
+                               ", expecting %"PRIu64),
+                send_size, database_size);
+        exit(1);
+    }
+    free(inbuf.data);
+    free(outbuf.data);
+}
+
+static void
+send_error(krb5_context context, krb5_creds *my_creds, int fd, char *err_text,
+           krb5_error_code err_code)
+{
+    krb5_error error;
+    const char *text;
+    krb5_data outbuf;
+
+    memset(&error, 0, sizeof(error));
+    krb5_us_timeofday(context, &error.ctime, &error.cusec);
+    error.server = my_creds->server;
+    error.client = my_principal;
+    error.error = err_code - ERROR_TABLE_BASE_krb5;
+    if (error.error > 127)
+        error.error = KRB_ERR_GENERIC;
+    text = (err_text != NULL) ? err_text : error_message(err_code);
+    error.text.length = strlen(text) + 1;
+    error.text.data = strdup(text);
+    if (error.text.data) {
+        if (!krb5_mk_error(context, &error, &outbuf)) {
+            (void)krb5_write_message(context, &fd, &outbuf);
+            krb5_free_data_contents(context, &outbuf);
+        }
+        free(error.text.data);
+    }
+}
+
+static void
+update_last_prop_file(char *hostname, char *file_name)
+{
+    char *file_last_prop;
+    int fd;
+    static char last_prop[] = ".last_prop";
+
+    if (asprintf(&file_last_prop, "%s.%s%s", file_name, hostname,
+                 last_prop) < 0) {
+        com_err(progname, ENOMEM,
+                _("while allocating filename for update_last_prop_file"));
+        return;
+    }
+    fd = THREEPARAMOPEN(file_last_prop, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+    if (fd < 0) {
+        com_err(progname, errno, _("while creating 'last_prop' file, '%s'"),
+                file_last_prop);
+        free(file_last_prop);
+        return;
+    }
+    write(fd, "", 1);
+    free(file_last_prop);
+    close(fd);
+}
diff --git a/krb5-1.21.3/src/kprop/kprop.h b/krb5-1.21.3/src/kprop/kprop.h
new file mode 100644
index 00000000..3a319b53
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/kprop.h
@@ -0,0 +1,55 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kprop/kprop.h */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#define KPROP_SERVICE_NAME "host"
+#define TGT_SERVICE_NAME "krbtgt"
+#define KPROP_SERVICE "krb5_prop"
+#define KPROP_PORT 754
+
+#define KPROP_PROT_VERSION "kprop5_01"
+
+#define KPROP_BUFSIZ 32768
+#define KPROP_DBSIZE_MAX_BUFSIZ 12  /* max length of an encoded DB size */
+
+/* pathnames are in osconf.h, included via k5-int.h */
+
+int sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
+                     krb5_address **dest);
+
+krb5_error_code
+sn2princ_realm(krb5_context context, const char *hostname, const char *sname,
+               const char *realm, krb5_principal *princ_out);
+
+/*
+ * Encode size in four bytes (for backward compatibility) if it fits; otherwise
+ * use the larger encoding.  buf must be allocated with at least
+ * KPROP_DBSIZE_MAX_BUFSIZ bytes.
+ */
+void encode_database_size(uint64_t size, krb5_data *buf);
+
+/* Decode a database size.  Return KRB5KRB_ERR_GENERIC if buf has an invalid
+ * length or did not encode a 32-bit size compactly. */
+krb5_error_code decode_database_size(const krb5_data *buf, uint64_t *size_out);
diff --git a/krb5-1.21.3/src/kprop/kprop_util.c b/krb5-1.21.3/src/kprop/kprop_util.c
new file mode 100644
index 00000000..c0aa2c89
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/kprop_util.c
@@ -0,0 +1,136 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kprop/kprop_util.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* sockaddr2krbaddr() utility function used by kprop and kpropd */
+
+#include "k5-int.h"
+#include "kprop.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+/*
+ * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address.
+ * There is similar code elsewhere in the tree, so this should possibly become
+ * a libkrb5 API in the future.
+ */
+krb5_error_code
+sockaddr2krbaddr(krb5_context context, int family, struct sockaddr *sa,
+                 krb5_address **dest)
+{
+    krb5_address addr;
+
+    addr.magic = KV5M_ADDRESS;
+    if (family == AF_INET) {
+        struct sockaddr_in *sa4 = sa2sin(sa);
+        addr.addrtype = ADDRTYPE_INET;
+        addr.length = sizeof(sa4->sin_addr);
+        addr.contents = (krb5_octet *) &sa4->sin_addr;
+    } else if (family == AF_INET6) {
+        struct sockaddr_in6 *sa6 = sa2sin6(sa);
+        if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
+            addr.addrtype = ADDRTYPE_INET;
+            addr.contents = (krb5_octet *) &sa6->sin6_addr + 12;
+            addr.length = 4;
+        } else {
+            addr.addrtype = ADDRTYPE_INET6;
+            addr.length = sizeof(sa6->sin6_addr);
+            addr.contents = (krb5_octet *) &sa6->sin6_addr;
+        }
+    } else
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    return krb5_copy_addr(context, &addr, dest);
+}
+
+/* Construct a host-based principal, similar to krb5_sname_to_principal() but
+ * with a specified realm. */
+krb5_error_code
+sn2princ_realm(krb5_context context, const char *hostname, const char *sname,
+               const char *realm, krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+
+    *princ_out = NULL;
+    assert(sname != NULL && realm != NULL);
+
+    ret = krb5_sname_to_principal(context, hostname, sname, KRB5_NT_SRV_HST,
+                                  &princ);
+    if (ret)
+        return ret;
+
+    ret = krb5_set_principal_realm(context, princ, realm);
+    if (ret) {
+        krb5_free_principal(context, princ);
+        return ret;
+    }
+
+    *princ_out = princ;
+    return 0;
+}
+
+void
+encode_database_size(uint64_t size, krb5_data *buf)
+{
+    assert(buf->length >= 12);
+    if (size > 0 && size <= UINT32_MAX) {
+        /* Encode in 32 bits for backward compatibility. */
+        store_32_be(size, buf->data);
+        buf->length = 4;
+    } else {
+        /* Set the first 32 bits to 0 and encode in the following 64 bits. */
+        store_32_be(0, buf->data);
+        store_64_be(size, buf->data + 4);
+        buf->length = 12;
+    }
+}
+
+krb5_error_code
+decode_database_size(const krb5_data *buf, uint64_t *size_out)
+{
+    uint64_t size;
+
+    if (buf->length == 12) {
+        /* A 12-byte buffer must have the first four bytes zeroed. */
+        if (load_32_be(buf->data) != 0)
+            return KRB5KRB_ERR_GENERIC;
+
+        /* The size is stored in the next 64 bits.  Values from 1..2^32-1 must
+         * be encoded in four bytes. */
+        size = load_64_be(buf->data + 4);
+        if (size > 0 && size <= UINT32_MAX)
+            return KRB5KRB_ERR_GENERIC;
+    } else if (buf->length == 4) {
+        size = load_32_be(buf->data);
+    } else {
+        /* Invalid buffer size. */
+        return KRB5KRB_ERR_GENERIC;
+    }
+
+    *size_out = size;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kprop/kpropd.c b/krb5-1.21.3/src/kprop/kpropd.c
new file mode 100644
index 00000000..aa3c81ea
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/kpropd.c
@@ -0,0 +1,1620 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* kprop/kpropd.c */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/*
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "fake-addrinfo.h"
+
+#include <inttypes.h>
+#include <locale.h>
+#include <ctype.h>
+#include <sys/file.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/param.h>
+#include <netdb.h>
+#include <syslog.h>
+
+#include "kprop.h"
+#include <iprop_hdr.h>
+#include "iprop.h"
+#include <kadm5/admin.h>
+#include <kdb_log.h>
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE unsigned int
+#endif
+#ifndef GETPEERNAME_ARG3_TYPE
+#define GETPEERNAME_ARG3_TYPE unsigned int
+#endif
+
+#if defined(NEED_DAEMON_PROTO)
+extern int daemon(int, int);
+#endif
+
+#define SYSLOG_CLASS LOG_DAEMON
+
+int runonce = 0;
+
+/*
+ * This struct simulates the use of _kadm5_server_handle_t
+ *
+ * This is a COPY of kadm5_server_handle_t from
+ * lib/kadm5/clnt/client_internal.h!
+ */
+typedef struct _kadm5_iprop_handle_t {
+    krb5_ui_4 magic_number;
+    krb5_ui_4 struct_version;
+    krb5_ui_4 api_version;
+    char *cache_name;
+    int destroy_cache;
+    CLIENT *clnt;
+    krb5_context context;
+    kadm5_config_params params;
+    struct _kadm5_iprop_handle_t *lhandle;
+} *kadm5_iprop_handle_t;
+
+static char *kprop_version = KPROP_PROT_VERSION;
+
+static kadm5_config_params params;
+
+static char *progname;
+static int debug = 0;
+static int nodaemon = 0;
+static char *keytab_path = NULL;
+static int standalone = 0;
+static const char *pid_file = NULL;
+
+static pid_t fullprop_child = (pid_t)-1;
+
+static krb5_principal server;   /* This is our server principal name */
+static krb5_principal client;   /* This is who we're talking to */
+static krb5_context kpropd_context;
+static krb5_auth_context auth_context;
+static char *realm = NULL;      /* Our realm */
+static char *def_realm = NULL;  /* Ref pointer for default realm */
+static char *file = KPROPD_DEFAULT_FILE;
+static char *temp_file_name;
+static char *kdb5_util = KPROPD_DEFAULT_KDB5_UTIL;
+static char *kerb_database = NULL;
+static char *acl_file_name = KPROPD_ACL_FILE;
+
+static krb5_address *receiver_addr;
+static const char *port = KPROP_SERVICE;
+
+static char **db_args = NULL;
+static int db_args_size = 0;
+
+static void parse_args(int argc, char **argv);
+static void do_standalone(void);
+static void doit(int fd);
+static krb5_error_code do_iprop(void);
+static void kerberos_authenticate(krb5_context context, int fd,
+                                  krb5_principal *clientp, krb5_enctype *etype,
+                                  struct sockaddr_storage *my_sin);
+static krb5_boolean authorized_principal(krb5_context context,
+                                         krb5_principal p,
+                                         krb5_enctype auth_etype);
+static void recv_database(krb5_context context, int fd, int database_fd,
+                          krb5_data *confmsg);
+static void load_database(krb5_context context, char *kdb_util,
+                          char *database_file_name);
+static void send_error(krb5_context context, int fd, krb5_error_code err_code,
+                       char *err_text);
+static void recv_error(krb5_context context, krb5_data *inbuf);
+static unsigned int backoff_from_primary(int *cnt);
+static kadm5_ret_t kadm5_get_kiprop_host_srv_name(krb5_context context,
+                                                  const char *realm_name,
+                                                  char **host_service_name);
+
+static void
+usage()
+{
+    fprintf(stderr,
+            _("\nUsage: %s [-r realm] [-s keytab] [-d] [-D] [-S]\n"
+              "\t[-f replica_file] [-F kerberos_db_file ]\n"
+              "\t[-p kdb5_util_pathname] [-x db_args]* [-P port]\n"
+              "\t[-a acl_file] [-A admin_server] [--pid-file=pid_file]\n"),
+            progname);
+    exit(1);
+}
+
+static krb5_error_code
+write_pid_file(const char *path)
+{
+    FILE *fp;
+    unsigned long pid;
+
+    fp = fopen(path, "w");
+    if (fp == NULL)
+        return errno;
+    pid = (unsigned long)getpid();
+    if (fprintf(fp, "%ld\n", pid) < 0 || fclose(fp) == EOF)
+        return errno;
+    return 0;
+}
+
+typedef void (*sig_handler_fn)(int sig);
+
+static void
+signal_wrapper(int sig, sig_handler_fn handler)
+{
+#ifdef POSIX_SIGNALS
+    struct sigaction s_action;
+
+    memset(&s_action, 0, sizeof(s_action));
+    sigemptyset(&s_action.sa_mask);
+    s_action.sa_handler = handler;
+    sigaction(sig, &s_action, NULL);
+#else
+    signal(sig, handler);
+#endif
+}
+
+static void
+alarm_handler(int sig)
+{
+    static char *timeout_msg = "Full propagation timed out\n";
+
+    write(STDERR_FILENO, timeout_msg, strlen(timeout_msg));
+    exit(1);
+}
+
+static void
+usr1_handler(int sig)
+{
+    /* Nothing to do, just let the signal interrupt sleep(). */
+}
+
+static void
+kill_do_standalone(int sig)
+{
+    if (fullprop_child > 0) {
+        if (debug) {
+            fprintf(stderr, _("Killing fullprop child (%d)\n"),
+                    (int)fullprop_child);
+        }
+        kill(fullprop_child, sig);
+    }
+    /* Make sure our exit status code reflects our having been signaled */
+    signal_wrapper(sig, SIG_DFL);
+    kill(getpid(), sig);
+}
+
+static void
+atexit_kill_do_standalone(void)
+{
+    if (fullprop_child > 0)
+        kill(fullprop_child, SIGHUP);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code retval;
+    kdb_log_context *log_ctx;
+    int devnull, sock;
+    struct stat st;
+
+    setlocale(LC_ALL, "");
+    parse_args(argc, argv);
+
+    if (fstat(0, &st) == -1) {
+        com_err(progname, errno, _("while checking if stdin is a socket"));
+        exit(1);
+    }
+    /*
+     * Detect whether we're running from inetd; if not then we're in
+     * standalone mode.
+     */
+    standalone = !S_ISSOCK(st.st_mode);
+
+    log_ctx = kpropd_context->kdblog_context;
+
+    signal_wrapper(SIGPIPE, SIG_IGN);
+
+    if (standalone) {
+        /* "ready" is a sentinel for the test framework. */
+        if (!debug && !nodaemon) {
+            daemon(0, 0);
+        } else {
+            printf(_("ready\n"));
+            fflush(stdout);
+        }
+        if (pid_file != NULL) {
+            retval = write_pid_file(pid_file);
+            if (retval) {
+                syslog(LOG_ERR, _("Could not write pid file %s: %s"),
+                       pid_file, strerror(errno));
+                exit(1);
+            }
+        }
+    } else {
+        /*
+         * We're an inetd nowait service.  Let's not risk anything
+         * read/write from/to the inetd socket unintentionally.
+         */
+        devnull = open("/dev/null", O_RDWR);
+        if (devnull == -1) {
+            syslog(LOG_ERR, _("Could not open /dev/null: %s"),
+                   strerror(errno));
+            exit(1);
+        }
+
+        sock = dup(0);
+        if (sock == -1) {
+            syslog(LOG_ERR, _("Could not dup the inetd socket: %s"),
+                   strerror(errno));
+            exit(1);
+        }
+
+        dup2(devnull, STDIN_FILENO);
+        dup2(devnull, STDOUT_FILENO);
+        dup2(devnull, STDERR_FILENO);
+        close(devnull);
+        doit(sock);
+        exit(0);
+    }
+
+    if (log_ctx == NULL || log_ctx->iproprole != IPROP_REPLICA) {
+        do_standalone();
+        /* do_standalone() should never return */
+        assert(0);
+    }
+
+    /*
+     * This is the iprop case.  We'll fork a child to run do_standalone().  The
+     * parent will run do_iprop().  We try to kill the child if we get killed.
+     * Catch SIGUSR1, which can be used to interrupt the sleep timer and force
+     * an iprop request.
+     */
+    signal_wrapper(SIGHUP, kill_do_standalone);
+    signal_wrapper(SIGINT, kill_do_standalone);
+    signal_wrapper(SIGQUIT, kill_do_standalone);
+    signal_wrapper(SIGTERM, kill_do_standalone);
+    signal_wrapper(SIGSEGV, kill_do_standalone);
+    signal_wrapper(SIGUSR1, usr1_handler);
+    atexit(atexit_kill_do_standalone);
+    fullprop_child = fork();
+    switch (fullprop_child) {
+    case -1:
+        com_err(progname, errno, _("do_iprop failed.\n"));
+        break;
+    case 0:
+        do_standalone();
+        /* do_standalone() should never return */
+        /* NOTREACHED */
+        break;
+    default:
+        retval = do_iprop();
+        /* do_iprop() can return due to failures and runonce. */
+        kill(fullprop_child, SIGHUP);
+        wait(NULL);
+        if (retval)
+            com_err(progname, retval, _("do_iprop failed.\n"));
+        else
+            exit(0);
+    }
+
+    exit(1);
+}
+
+/* Use getaddrinfo to determine a wildcard listener address, preferring
+ * IPv6 if available. */
+static int
+get_wildcard_addr(struct addrinfo **res)
+{
+    struct addrinfo hints;
+    int error;
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+    hints.ai_family = AF_INET6;
+    error = getaddrinfo(NULL, port, &hints, res);
+    if (error == 0)
+        return 0;
+    hints.ai_family = AF_INET;
+    return getaddrinfo(NULL, port, &hints, res);
+}
+
+static void
+do_standalone()
+{
+    struct sockaddr_in frominet;
+    struct addrinfo *res;
+    GETPEERNAME_ARG3_TYPE fromlen;
+    int finet, s, ret, error, val, status;
+    pid_t child_pid;
+    pid_t wait_pid;
+
+    error = get_wildcard_addr(&res);
+    if (error != 0) {
+        fprintf(stderr, _("getaddrinfo: %s\n"), gai_strerror(error));
+        exit(1);
+    }
+
+    finet = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+    if (finet < 0) {
+        com_err(progname, errno, _("while obtaining socket"));
+        exit(1);
+    }
+
+    val = 1;
+    if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) < 0)
+        com_err(progname, errno, _("while setting SO_REUSEADDR option"));
+
+#if defined(IPV6_V6ONLY)
+    /* Make sure dual-stack support is enabled on IPv6 listener sockets if
+     * possible. */
+    val = 0;
+    if (res->ai_family == AF_INET6 &&
+        setsockopt(finet, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof(val)) < 0)
+        com_err(progname, errno, _("while unsetting IPV6_V6ONLY option"));
+#endif
+
+    ret = bind(finet, res->ai_addr, res->ai_addrlen);
+    if (ret < 0) {
+        com_err(progname, errno, _("while binding listener socket"));
+        exit(1);
+    }
+    if (listen(finet, 5) < 0) {
+        com_err(progname, errno, "in listen call");
+        exit(1);
+    }
+    for (;;) {
+        memset(&frominet, 0, sizeof(frominet));
+        fromlen = sizeof(frominet);
+        if (debug)
+            fprintf(stderr, _("waiting for a kprop connection\n"));
+        s = accept(finet, (struct sockaddr *) &frominet, &fromlen);
+
+        if (s < 0) {
+            int e = errno;
+            if (e != EINTR) {
+                com_err(progname, e, _("while accepting connection"));
+            }
+        }
+        child_pid = fork();
+        switch (child_pid) {
+        case -1:
+            com_err(progname, errno, _("while forking"));
+            exit(1);
+        case 0:
+            close(finet);
+
+            doit(s);
+            close(s);
+            _exit(0);
+        default:
+            do {
+                wait_pid = waitpid(child_pid, &status, 0);
+            } while (wait_pid == -1 && errno == EINTR);
+            if (wait_pid == -1) {
+                /* Something bad happened; panic. */
+                if (debug) {
+                    fprintf(stderr, _("waitpid() failed to wait for doit() "
+                                      "(%d %s)\n"), errno, strerror(errno));
+                }
+                com_err(progname, errno,
+                        _("while waiting to receive database"));
+                exit(1);
+            }
+            if (debug) {
+                fprintf(stderr, _("Database load process for full propagation "
+                                  "completed.\n"));
+            }
+
+            close(s);
+
+            /* If we are the fullprop child in iprop mode, notify the parent
+             * process that it should poll for incremental updates. */
+            if (fullprop_child == 0)
+                kill(getppid(), SIGUSR1);
+            else if (runonce)
+                exit(0);
+        }
+    }
+    exit(0);
+}
+
+static void
+doit(int fd)
+{
+    struct sockaddr_storage from;
+    int on = 1;
+    GETPEERNAME_ARG3_TYPE fromlen;
+    krb5_error_code retval;
+    krb5_data confmsg;
+    int lock_fd;
+    mode_t omask;
+    krb5_enctype etype;
+    int database_fd;
+    char host[INET6_ADDRSTRLEN + 1];
+
+    signal_wrapper(SIGALRM, alarm_handler);
+    alarm(params.iprop_resync_timeout);
+    fromlen = sizeof(from);
+    if (getpeername(fd, (struct sockaddr *)&from, &fromlen) < 0) {
+#ifdef ENOTSOCK
+        if (errno == ENOTSOCK && fd == 0 && !standalone) {
+            fprintf(stderr,
+                    _("%s: Standard input does not appear to be a network "
+                      "socket.\n"
+                      "\t(Not run from inetd, and missing the -S option?)\n"),
+                    progname);
+            exit(1);
+        }
+#endif
+        fprintf(stderr, "%s: ", progname);
+        perror("getpeername");
+        exit(1);
+    }
+    if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) {
+        com_err(progname, errno,
+                _("while attempting setsockopt (SO_KEEPALIVE)"));
+    }
+
+    if (getnameinfo((const struct sockaddr *) &from, fromlen,
+                    host, sizeof(host), NULL, 0, 0) == 0) {
+        syslog(LOG_INFO, _("Connection from %s"), host);
+        if (debug)
+            fprintf(stderr, "Connection from %s\n", host);
+    }
+
+    /*
+     * Now do the authentication
+     */
+    kerberos_authenticate(kpropd_context, fd, &client, &etype, &from);
+
+    if (!authorized_principal(kpropd_context, client, etype)) {
+        char *name;
+
+        retval = krb5_unparse_name(kpropd_context, client, &name);
+        if (retval) {
+            com_err(progname, retval, "While unparsing client name");
+            exit(1);
+        }
+        if (debug) {
+            fprintf(stderr,
+                    _("Rejected connection from unauthorized principal %s\n"),
+                    name);
+        }
+        syslog(LOG_WARNING,
+               _("Rejected connection from unauthorized principal %s"),
+               name);
+        free(name);
+        exit(1);
+    }
+    omask = umask(077);
+    lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600);
+    (void)umask(omask);
+    retval = krb5_lock_file(kpropd_context, lock_fd,
+                            KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK);
+    if (retval) {
+        com_err(progname, retval, _("while trying to lock '%s'"),
+                temp_file_name);
+        exit(1);
+    }
+    database_fd = open(temp_file_name, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+    if (database_fd < 0) {
+        com_err(progname, errno, _("while opening database file, '%s'"),
+                temp_file_name);
+        exit(1);
+    }
+    recv_database(kpropd_context, fd, database_fd, &confmsg);
+    if (rename(temp_file_name, file)) {
+        com_err(progname, errno, _("while renaming %s to %s"),
+                temp_file_name, file);
+        exit(1);
+    }
+    retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_SHARED);
+    if (retval) {
+        com_err(progname, retval, _("while downgrading lock on '%s'"),
+                temp_file_name);
+        exit(1);
+    }
+    load_database(kpropd_context, kdb5_util, file);
+    retval = krb5_lock_file(kpropd_context, lock_fd, KRB5_LOCKMODE_UNLOCK);
+    if (retval) {
+        com_err(progname, retval, _("while unlocking '%s'"), temp_file_name);
+        exit(1);
+    }
+    close(lock_fd);
+
+    /*
+     * Send the acknowledgement message generated in
+     * recv_database, then close the socket.
+     */
+    retval = krb5_write_message(kpropd_context, &fd, &confmsg);
+    if (retval) {
+        krb5_free_data_contents(kpropd_context, &confmsg);
+        com_err(progname, retval, _("while sending # of received bytes"));
+        exit(1);
+    }
+    krb5_free_data_contents(kpropd_context, &confmsg);
+    if (close(fd) < 0) {
+        com_err(progname, errno,
+                _("while trying to close database file"));
+        exit(1);
+    }
+
+    exit(0);
+}
+
+/* Default timeout can be changed using clnt_control() */
+static struct timeval full_resync_timeout = { 25, 0 };
+
+static kdb_fullresync_result_t *
+full_resync(CLIENT *clnt)
+{
+    static kdb_fullresync_result_t clnt_res;
+    uint32_t vers = IPROPX_VERSION_1; /* max version we support */
+    enum clnt_stat status;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+
+    status = clnt_call(clnt, IPROP_FULL_RESYNC_EXT, (xdrproc_t)xdr_u_int32,
+                       &vers, (xdrproc_t)xdr_kdb_fullresync_result_t,
+                       &clnt_res, full_resync_timeout);
+    if (status == RPC_PROCUNAVAIL) {
+        status = clnt_call(clnt, IPROP_FULL_RESYNC, (xdrproc_t)xdr_void,
+                           &vers, (xdrproc_t)xdr_kdb_fullresync_result_t,
+                           &clnt_res, full_resync_timeout);
+    }
+
+    return (status == RPC_SUCCESS) ? &clnt_res : NULL;
+}
+
+/*
+ * Beg for incrementals from the KDC.
+ *
+ * Returns 0 on success IFF runonce is true.
+ * Returns non-zero on failure due to errors.
+ */
+krb5_error_code
+do_iprop()
+{
+    kadm5_ret_t retval;
+    krb5_principal iprop_svc_principal = NULL;
+    void *server_handle = NULL;
+    char *iprop_svc_princstr = NULL, *primary_svc_princstr = NULL;
+    unsigned int pollin, backoff_time;
+    int backoff_cnt = 0, reinit_cnt = 0;
+    struct timeval iprop_start, iprop_end;
+    unsigned long usec;
+    time_t frrequested = 0, now;
+    kdb_incr_result_t *incr_ret;
+    kdb_last_t mylast;
+    kdb_fullresync_result_t *full_ret;
+    kadm5_iprop_handle_t handle;
+
+    if (debug)
+        fprintf(stderr, _("Incremental propagation enabled\n"));
+
+    pollin = params.iprop_poll_time;
+    if (pollin == 0)
+        pollin = 10;
+
+    retval = kadm5_get_kiprop_host_srv_name(kpropd_context, realm,
+                                            &primary_svc_princstr);
+    if (retval) {
+        com_err(progname, retval, _("%s: unable to get kiprop host based "
+                                    "service name for realm %s\n"),
+                progname, realm);
+        goto done;
+    }
+
+    retval = sn2princ_realm(kpropd_context, NULL, KIPROP_SVC_NAME, realm,
+                            &iprop_svc_principal);
+    if (retval) {
+        com_err(progname, retval,
+                _("while trying to construct host service principal"));
+        goto done;
+    }
+
+    retval = krb5_unparse_name(kpropd_context, iprop_svc_principal,
+                               &iprop_svc_princstr);
+    if (retval) {
+        com_err(progname, retval,
+                _("while canonicalizing principal name"));
+        goto done;
+    }
+
+reinit:
+    /*
+     * Authentication, initialize rpcsec_gss handle etc.
+     */
+    if (debug) {
+        fprintf(stderr, _("Initializing kadm5 as client %s\n"),
+                iprop_svc_princstr);
+    }
+    retval = kadm5_init_with_skey(kpropd_context, iprop_svc_princstr,
+                                  keytab_path,
+                                  primary_svc_princstr,
+                                  &params,
+                                  KADM5_STRUCT_VERSION,
+                                  KADM5_API_VERSION_4,
+                                  db_args,
+                                  &server_handle);
+
+    if (retval) {
+        if (debug)
+            fprintf(stderr, _("kadm5 initialization failed!\n"));
+        if (retval == KADM5_RPC_ERROR) {
+            reinit_cnt++;
+            if (server_handle)
+                kadm5_destroy(server_handle);
+            server_handle = NULL;
+            handle = NULL;
+
+            com_err(progname, retval, _(
+                        "while attempting to connect"
+                        " to primary KDC ... retrying"));
+            backoff_time = backoff_from_primary(&reinit_cnt);
+            if (debug) {
+                fprintf(stderr, _("Sleeping %d seconds to re-initialize "
+                                  "kadm5 (RPC ERROR)\n"), backoff_time);
+            }
+            sleep(backoff_time);
+            goto reinit;
+        } else {
+            if (retval == KADM5_BAD_CLIENT_PARAMS ||
+                retval == KADM5_BAD_SERVER_PARAMS) {
+                com_err(progname, retval,
+                        _("while initializing %s interface"),
+                        progname);
+
+                usage();
+            }
+            reinit_cnt++;
+            com_err(progname, retval,
+                    _("while initializing %s interface, retrying"),
+                    progname);
+            backoff_time = backoff_from_primary(&reinit_cnt);
+            if (debug) {
+                fprintf(stderr, _("Sleeping %d seconds to re-initialize "
+                                  "kadm5 (krb5kdc not running?)\n"),
+                        backoff_time);
+            }
+            sleep(backoff_time);
+            goto reinit;
+        }
+    }
+
+    if (debug)
+        fprintf(stderr, _("kadm5 initialization succeeded\n"));
+
+    /*
+     * Reset re-initialization count to zero now.
+     */
+    reinit_cnt = backoff_time = 0;
+
+    /*
+     * Reset the handle to the correct type for the RPC call
+     */
+    handle = server_handle;
+
+    for (;;) {
+        incr_ret = NULL;
+        full_ret = NULL;
+
+        /*
+         * Get the most recent ulog entry sno + ts, which
+         * we package in the request to the primary KDC
+         */
+        retval = ulog_get_last(kpropd_context, &mylast);
+        if (retval) {
+            com_err(progname, retval, _("reading update log header"));
+            goto done;
+        }
+
+        /*
+         * Loop continuously on an iprop_get_updates_1(),
+         * so that we can keep probing the primary for updates
+         * or (if needed) do a full resync of the krb5 db.
+         */
+
+        if (debug) {
+            fprintf(stderr, _("Calling iprop_get_updates_1 "
+                              "(sno=%u sec=%u usec=%u)\n"),
+                    (unsigned int)mylast.last_sno,
+                    (unsigned int)mylast.last_time.seconds,
+                    (unsigned int)mylast.last_time.useconds);
+        }
+        gettimeofday(&iprop_start, NULL);
+        incr_ret = iprop_get_updates_1(&mylast, handle->clnt);
+        if (incr_ret == (kdb_incr_result_t *)NULL) {
+            clnt_perror(handle->clnt,
+                        _("iprop_get_updates call failed"));
+            if (server_handle)
+                kadm5_destroy(server_handle);
+            server_handle = NULL;
+            handle = (kadm5_iprop_handle_t)NULL;
+            if (debug) {
+                fprintf(stderr, _("Reinitializing iprop because get updates "
+                                  "failed\n"));
+            }
+            goto reinit;
+        }
+
+        switch (incr_ret->ret) {
+
+        case UPDATE_FULL_RESYNC_NEEDED:
+            /*
+             * If we're already asked for a full resync and we still
+             * need one and the last one hasn't timed out then just keep
+             * asking for updates as eventually the resync will finish
+             * (or, if it times out we'll just try again).  Note that
+             * doit() also applies a timeout to the full resync, thus
+             * it's OK for us to do the same here.
+             */
+            now = time(NULL);
+            if (frrequested &&
+                (now - frrequested) < params.iprop_resync_timeout) {
+                if (debug)
+                    fprintf(stderr, _("Still waiting for full resync\n"));
+                break;
+            } else {
+                frrequested = now;
+                if (debug)
+                    fprintf(stderr, _("Full resync needed\n"));
+                syslog(LOG_INFO, _("kpropd: Full resync needed."));
+
+                full_ret = full_resync(handle->clnt);
+                if (full_ret == NULL) {
+                    clnt_perror(handle->clnt,
+                                _("iprop_full_resync call failed"));
+                    kadm5_destroy(server_handle);
+                    server_handle = NULL;
+                    handle = NULL;
+                    goto reinit;
+                }
+            }
+
+            switch (full_ret->ret) {
+            case UPDATE_OK:
+                if (debug)
+                    fprintf(stderr, _("Full resync request granted\n"));
+                syslog(LOG_INFO, _("Full resync request granted."));
+                backoff_cnt = 0;
+                break;
+
+            case UPDATE_BUSY:
+                /*
+                 * Exponential backoff
+                 */
+                if (debug)
+                    fprintf(stderr, _("Exponential backoff\n"));
+                backoff_cnt++;
+                break;
+
+            case UPDATE_PERM_DENIED:
+                if (debug)
+                    fprintf(stderr, _("Full resync permission denied\n"));
+                syslog(LOG_ERR, _("Full resync, permission denied."));
+                goto error;
+
+            case UPDATE_ERROR:
+                if (debug)
+                    fprintf(stderr, _("Full resync error from primary\n"));
+                syslog(LOG_ERR, _(" Full resync, "
+                       "error returned from primary KDC."));
+                goto error;
+
+            default:
+                backoff_cnt = 0;
+                if (debug) {
+                    fprintf(stderr,
+                            _("Full resync invalid result from primary\n"));
+                }
+                syslog(LOG_ERR, _("Full resync, "
+                                  "invalid return from primary KDC."));
+                break;
+            }
+            break;
+
+        case UPDATE_OK:
+            backoff_cnt = 0;
+            frrequested = 0;
+
+            /*
+             * ulog_replay() will convert the ulog updates to db
+             * entries using the kdb conv api and will commit
+             * the entries to the replica kdc database
+             */
+            if (debug) {
+                fprintf(stderr, _("Got incremental updates "
+                                  "(sno=%u sec=%u usec=%u)\n"),
+                        (unsigned int)incr_ret->lastentry.last_sno,
+                        (unsigned int)incr_ret->lastentry.last_time.seconds,
+                        (unsigned int)incr_ret->lastentry.last_time.useconds);
+            }
+            retval = ulog_replay(kpropd_context, incr_ret, db_args);
+
+            if (retval) {
+                const char *msg =
+                    krb5_get_error_message(kpropd_context, retval);
+                if (debug) {
+                    fprintf(stderr, _("ulog_replay failed (%s), updates not "
+                                      "registered\n"), msg);
+                }
+                syslog(LOG_ERR, _("ulog_replay failed (%s), updates "
+                       "not registered."), msg);
+                krb5_free_error_message(kpropd_context, msg);
+                break;
+            }
+
+            gettimeofday(&iprop_end, NULL);
+            usec = (iprop_end.tv_sec - iprop_start.tv_sec) * 1000000 +
+                iprop_end.tv_usec - iprop_start.tv_usec;
+            syslog(LOG_INFO, _("Incremental updates: %d updates / %lu us"),
+                   incr_ret->updates.kdb_ulog_t_len, usec);
+            if (debug) {
+                fprintf(stderr, _("Incremental updates: %d updates / "
+                                  "%lu us\n"),
+                        incr_ret->updates.kdb_ulog_t_len, usec);
+            }
+            break;
+
+        case UPDATE_PERM_DENIED:
+            if (debug)
+                fprintf(stderr, _("get_updates permission denied\n"));
+            syslog(LOG_ERR, _("get_updates, permission denied."));
+            goto error;
+
+        case UPDATE_ERROR:
+            if (debug)
+                fprintf(stderr, _("get_updates error from primary\n"));
+            syslog(LOG_ERR,
+                   _("get_updates, error returned from primary KDC."));
+            goto error;
+
+        case UPDATE_BUSY:
+            /*
+             * Exponential backoff
+             */
+            if (debug)
+                fprintf(stderr, _("get_updates primary busy; backoff\n"));
+            backoff_cnt++;
+            break;
+
+        case UPDATE_NIL:
+            /*
+             * Primary-replica are in sync
+             */
+            if (debug)
+                fprintf(stderr, _("KDC is synchronized with primary.\n"));
+            backoff_cnt = 0;
+            frrequested = 0;
+            break;
+
+        default:
+            backoff_cnt = 0;
+            if (debug) {
+                fprintf(stderr,
+                        _("get_updates invalid result from primary\n"));
+            }
+            syslog(LOG_ERR,
+                   _("get_updates, invalid return from primary KDC."));
+            break;
+        }
+
+        if (runonce == 1 && incr_ret->ret != UPDATE_FULL_RESYNC_NEEDED)
+            goto done;
+
+        /*
+         * Sleep for the specified poll interval (Default is 2 mts),
+         * or do a binary exponential backoff if we get an
+         * UPDATE_BUSY signal
+         */
+        if (backoff_cnt > 0) {
+            backoff_time = backoff_from_primary(&backoff_cnt);
+            if (debug) {
+                fprintf(stderr, _("Busy signal received "
+                                  "from primary, backoff for %d secs\n"),
+                        backoff_time);
+            }
+            sleep(backoff_time);
+        } else {
+            if (debug) {
+                fprintf(stderr, _("Waiting for %d seconds before checking "
+                                  "for updates again\n"), pollin);
+            }
+            sleep(pollin);
+        }
+
+    }
+
+
+error:
+    if (debug)
+        fprintf(stderr, _("ERROR returned by primary, bailing\n"));
+    syslog(LOG_ERR, _("ERROR returned by primary KDC, bailing.\n"));
+done:
+    free(iprop_svc_princstr);
+    free(primary_svc_princstr);
+    krb5_free_principal(kpropd_context, iprop_svc_principal);
+    krb5_free_default_realm(kpropd_context, def_realm);
+    kadm5_destroy(server_handle);
+    krb5_db_fini(kpropd_context);
+    ulog_fini(kpropd_context);
+    krb5_free_context(kpropd_context);
+
+    return (runonce == 1) ? 0 : 1;
+}
+
+
+/* Do exponential backoff, since primary KDC is BUSY or down. */
+static unsigned int
+backoff_from_primary(int *cnt)
+{
+    unsigned int btime;
+
+    btime = (unsigned int)(2<<(*cnt));
+    if (btime > MAX_BACKOFF) {
+        btime = MAX_BACKOFF;
+        (*cnt)--;
+    }
+
+    return btime;
+}
+
+static void
+kpropd_com_err_proc(const char *whoami, long code, const char *fmt,
+                    va_list args)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 0)))
+#endif
+    ;
+
+static void
+kpropd_com_err_proc(const char *whoami, long code, const char *fmt,
+                    va_list args)
+{
+    char error_buf[8096];
+
+    error_buf[0] = '\0';
+    if (fmt)
+        vsnprintf(error_buf, sizeof(error_buf), fmt, args);
+    syslog(LOG_ERR, "%s%s%s%s%s", whoami ? whoami : "", whoami ? ": " : "",
+           code ? error_message(code) : "", code ? " " : "", error_buf);
+}
+
+static void
+parse_args(int argc, char **argv)
+{
+    char **newargs;
+    int c;
+    krb5_error_code retval;
+    enum { PID_FILE = 256 };
+    struct option long_options[] = {
+        { "pid-file", 1, NULL, PID_FILE },
+        { NULL, 0, NULL, 0 },
+    };
+
+    memset(&params, 0, sizeof(params));
+
+    /* Since we may modify the KDB with ulog_replay(), we must read the KDC
+     * profile. */
+    retval = krb5int_init_context_kdc(&kpropd_context);
+    if (retval) {
+        com_err(argv[0], retval, _("while initializing krb5"));
+        exit(1);
+    }
+
+    progname = argv[0];
+    while ((c = getopt_long(argc, argv, "A:f:F:p:P:r:s:DdSa:tx:",
+                            long_options, NULL)) != -1) {
+        switch (c) {
+        case 'A':
+            params.mask |= KADM5_CONFIG_ADMIN_SERVER;
+            params.admin_server = optarg;
+            break;
+        case 'f':
+            file = optarg;
+            break;
+        case 'F':
+            kerb_database = optarg;
+            break;
+        case 'p':
+            kdb5_util = optarg;
+            break;
+        case 'P':
+            port = optarg;
+            break;
+        case 'r':
+            realm = optarg;
+            break;
+        case 's':
+            keytab_path = optarg;
+            break;
+        case 'D':
+            nodaemon++;
+            break;
+        case 'd':
+            debug++;
+            break;
+        case 'S':
+            /* Standalone mode is now auto-detected; see main(). */
+            break;
+        case 'a':
+            acl_file_name = optarg;
+            break;
+        case 't':
+            /* Undocumented option - for testing only.  Run the kpropd
+             * server exactly once. */
+            runonce = 1;
+            break;
+        case 'x':
+            newargs = realloc(db_args, (db_args_size + 2) * sizeof(*db_args));
+            if (newargs == NULL) {
+                com_err(argv[0], errno, _("copying db args"));
+                exit(1);
+            }
+            db_args = newargs;
+            db_args[db_args_size] = optarg;
+            db_args[db_args_size + 1] = NULL;
+            db_args_size++;
+            break;
+        case PID_FILE:
+            pid_file = optarg;
+            break;
+        default:
+            usage();
+        }
+    }
+    if (optind != argc)
+        usage();
+
+    openlog("kpropd", LOG_PID | LOG_ODELAY, SYSLOG_CLASS);
+    if (!debug)
+        set_com_err_hook(kpropd_com_err_proc);
+
+    if (realm == NULL) {
+        retval = krb5_get_default_realm(kpropd_context, &def_realm);
+        if (retval) {
+            com_err(progname, retval, _("Unable to get default realm"));
+            exit(1);
+        }
+        realm = def_realm;
+    } else {
+        retval = krb5_set_default_realm(kpropd_context, realm);
+        if (retval) {
+            com_err(progname, retval, _("Unable to set default realm"));
+            exit(1);
+        }
+    }
+
+    /* Construct service name from local hostname. */
+    retval = sn2princ_realm(kpropd_context, NULL, KPROP_SERVICE_NAME, realm,
+                            &server);
+    if (retval) {
+        com_err(progname, retval,
+                _("while trying to construct my service name"));
+        exit(1);
+    }
+
+    /* Construct the name of the temporary file. */
+    if (asprintf(&temp_file_name, "%s.temp", file) < 0) {
+        com_err(progname, ENOMEM,
+                _("while allocating filename for temp file"));
+        exit(1);
+    }
+
+    params.realm = realm;
+    params.mask |= KADM5_CONFIG_REALM;
+    retval = kadm5_get_config_params(kpropd_context, 1, &params, &params);
+    if (retval) {
+        com_err(progname, retval, _("while initializing"));
+        exit(1);
+    }
+    if (params.iprop_enabled == TRUE) {
+        ulog_set_role(kpropd_context, IPROP_REPLICA);
+
+        if (ulog_map(kpropd_context, params.iprop_logfile,
+                     params.iprop_ulogsize)) {
+            com_err(progname, errno, _("Unable to map log!\n"));
+            exit(1);
+        }
+    }
+}
+
+/*
+ * Figure out who's calling on the other end of the connection....
+ */
+static void
+kerberos_authenticate(krb5_context context, int fd, krb5_principal *clientp,
+                      krb5_enctype *etype, struct sockaddr_storage *my_sin)
+{
+    krb5_error_code retval;
+    krb5_ticket *ticket;
+    struct sockaddr_storage r_sin;
+    GETSOCKNAME_ARG3_TYPE sin_length;
+    krb5_keytab keytab = NULL;
+    char *name, etypebuf[100];
+
+    sin_length = sizeof(r_sin);
+    if (getsockname(fd, (struct sockaddr *)&r_sin, &sin_length)) {
+        com_err(progname, errno, _("while getting local socket address"));
+        exit(1);
+    }
+
+    sockaddr2krbaddr(context, r_sin.ss_family, (struct sockaddr *)&r_sin,
+                     &receiver_addr);
+
+    if (debug) {
+        retval = krb5_unparse_name(context, server, &name);
+        if (retval) {
+            com_err(progname, retval, _("while unparsing client name"));
+            exit(1);
+        }
+        fprintf(stderr, "krb5_recvauth(%d, %s, %s, ...)\n", fd, kprop_version,
+                name);
+        free(name);
+    }
+
+    retval = krb5_auth_con_init(context, &auth_context);
+    if (retval) {
+        syslog(LOG_ERR, _("Error in krb5_auth_con_ini: %s"),
+               error_message(retval));
+        exit(1);
+    }
+
+    retval = krb5_auth_con_setflags(context, auth_context,
+                                    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    if (retval) {
+        syslog(LOG_ERR, _("Error in krb5_auth_con_setflags: %s"),
+               error_message(retval));
+        exit(1);
+    }
+
+    /*
+     * Do not set a remote address, to allow replication over a NAT that
+     * changes the client address.  A reflection attack against kpropd is
+     * impossible because kpropd only sends one message at the end.
+     */
+    retval = krb5_auth_con_setaddrs(context, auth_context, receiver_addr,
+                                    NULL);
+    if (retval) {
+        syslog(LOG_ERR, _("Error in krb5_auth_con_setaddrs: %s"),
+               error_message(retval));
+        exit(1);
+    }
+
+    if (keytab_path != NULL) {
+        retval = krb5_kt_resolve(context, keytab_path, &keytab);
+        if (retval) {
+            syslog(LOG_ERR, _("Error in krb5_kt_resolve: %s"),
+                   error_message(retval));
+            exit(1);
+        }
+    }
+
+    retval = krb5_recvauth(context, &auth_context, &fd, kprop_version, server,
+                           0, keytab, &ticket);
+    if (retval) {
+        syslog(LOG_ERR, _("Error in krb5_recvauth: %s"),
+               error_message(retval));
+        exit(1);
+    }
+
+    retval = krb5_copy_principal(context, ticket->enc_part2->client, clientp);
+    if (retval) {
+        syslog(LOG_ERR, _("Error in krb5_copy_prinicpal: %s"),
+               error_message(retval));
+        exit(1);
+    }
+
+    *etype = ticket->enc_part.enctype;
+
+    if (debug) {
+        retval = krb5_unparse_name(context, *clientp, &name);
+        if (retval) {
+            com_err(progname, retval, _("while unparsing client name"));
+            exit(1);
+        }
+
+        retval = krb5_enctype_to_name(*etype, FALSE, etypebuf,
+                                      sizeof(etypebuf));
+        if (retval) {
+            com_err(progname, retval, _("while unparsing ticket etype"));
+            exit(1);
+        }
+
+        fprintf(stderr, _("authenticated client: %s (etype == %s)\n"),
+                name, etypebuf);
+        free(name);
+    }
+
+    krb5_free_ticket(context, ticket);
+}
+
+static krb5_boolean
+authorized_principal(krb5_context context, krb5_principal p,
+                     krb5_enctype auth_etype)
+{
+    char *name, *ptr, buf[1024];
+    krb5_error_code retval;
+    FILE *acl_file;
+    int end;
+    krb5_enctype acl_etype;
+
+    retval = krb5_unparse_name(context, p, &name);
+    if (retval)
+        return FALSE;
+
+    acl_file = fopen(acl_file_name, "r");
+    if (acl_file == NULL)
+        return FALSE;
+
+    while (!feof(acl_file)) {
+        if (!fgets(buf, sizeof(buf), acl_file))
+            break;
+        end = strlen(buf) - 1;
+        if (buf[end] == '\n')
+            buf[end] = '\0';
+        if (!strncmp(name, buf, strlen(name))) {
+            ptr = buf + strlen(name);
+
+            /* If the next character is not whitespace or null, then the match
+             * is only partial.  Continue on to new lines. */
+            if (*ptr != '\0' && !isspace((int)*ptr))
+                continue;
+
+            /* Otherwise, skip trailing whitespace. */
+            for (; *ptr != '\0' && isspace((int)*ptr); ptr++) ;
+
+            /*
+             * Now, look for an etype string.  If there isn't one, return true.
+             * If there is an invalid string, continue.  If there is a valid
+             * string, return true only if it matches the etype passed in,
+             * otherwise continue.
+             */
+            if (*ptr != '\0' &&
+                ((retval = krb5_string_to_enctype(ptr, &acl_etype)) ||
+                 (acl_etype != auth_etype)))
+                continue;
+
+            free(name);
+            fclose(acl_file);
+            return TRUE;
+        }
+    }
+    free(name);
+    fclose(acl_file);
+    return FALSE;
+}
+
+static void
+recv_database(krb5_context context, int fd, int database_fd,
+              krb5_data *confmsg)
+{
+    uint64_t database_size, received_size;
+    int n;
+    char buf[1024];
+    char dbsize_buf[KPROP_DBSIZE_MAX_BUFSIZ];
+    krb5_data inbuf, outbuf;
+    krb5_error_code retval;
+
+    /* Receive and decode size from client. */
+    retval = krb5_read_message(context, &fd, &inbuf);
+    if (retval) {
+        send_error(context, fd, retval, "while reading database size");
+        com_err(progname, retval,
+                _("while reading size of database from client"));
+        exit(1);
+    }
+    if (krb5_is_krb_error(&inbuf))
+        recv_error(context, &inbuf);
+    retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
+    if (retval) {
+        send_error(context, fd, retval, "while decoding database size");
+        krb5_free_data_contents(context, &inbuf);
+        com_err(progname, retval,
+                _("while decoding database size from client"));
+        exit(1);
+    }
+
+    retval = decode_database_size(&outbuf, &database_size);
+    if (retval) {
+        send_error(context, fd, retval, "malformed database size message");
+        com_err(progname, retval,
+                _("malformed database size message from client"));
+        exit(1);
+    }
+
+    krb5_free_data_contents(context, &inbuf);
+    krb5_free_data_contents(context, &outbuf);
+
+    /* Initialize the initial vector. */
+    retval = krb5_auth_con_initivector(context, auth_context);
+    if (retval) {
+        send_error(context, fd, retval,
+                   "failed while initializing i_vector");
+        com_err(progname, retval, _("while initializing i_vector"));
+        exit(1);
+    }
+
+    if (debug)
+        fprintf(stderr, _("Full propagation transfer started.\n"));
+
+    /* Now start receiving the database from the net. */
+    received_size = 0;
+    while (received_size < database_size) {
+        retval = krb5_read_message(context, &fd, &inbuf);
+        if (retval) {
+            snprintf(buf, sizeof(buf),
+                     "while reading database block starting at offset %"PRIu64,
+                     received_size);
+            com_err(progname, retval, "%s", buf);
+            send_error(context, fd, retval, buf);
+            exit(1);
+        }
+        if (krb5_is_krb_error(&inbuf))
+            recv_error(context, &inbuf);
+        retval = krb5_rd_priv(context, auth_context, &inbuf, &outbuf, NULL);
+        if (retval) {
+            snprintf(buf, sizeof(buf),
+                     "while decoding database block starting at offset %"
+                     PRIu64, received_size);
+            com_err(progname, retval, "%s", buf);
+            send_error(context, fd, retval, buf);
+            krb5_free_data_contents(context, &inbuf);
+            exit(1);
+        }
+        n = write(database_fd, outbuf.data, outbuf.length);
+        krb5_free_data_contents(context, &inbuf);
+        if (n < 0) {
+            snprintf(buf, sizeof(buf),
+                     "while writing database block starting at offset %"PRIu64,
+                     received_size);
+            send_error(context, fd, errno, buf);
+        } else if ((unsigned int)n != outbuf.length) {
+            snprintf(buf, sizeof(buf),
+                     "incomplete write while writing database block starting "
+                     "at \noffset %"PRIu64" (%d written, %d expected)",
+                     received_size, n, outbuf.length);
+            send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
+        }
+        received_size += outbuf.length;
+        krb5_free_data_contents(context, &outbuf);
+    }
+
+    /* OK, we've seen the entire file.  Did we get too many bytes? */
+    if (received_size > database_size) {
+        snprintf(buf, sizeof(buf),
+                 "Received %"PRIu64" bytes, expected %"PRIu64
+                 " bytes for database file",
+                 received_size, database_size);
+        send_error(context, fd, KRB5KRB_ERR_GENERIC, buf);
+    }
+
+    if (debug)
+        fprintf(stderr, _("Full propagation transfer finished.\n"));
+
+    /* Create message acknowledging number of bytes received, but
+     * don't send it until kdb5_util returns successfully. */
+    inbuf = make_data(dbsize_buf, sizeof(dbsize_buf));
+    encode_database_size(database_size, &inbuf);
+    retval = krb5_mk_safe(context,auth_context,&inbuf,confmsg,NULL);
+    if (retval) {
+        com_err(progname, retval, "while encoding # of received bytes");
+        send_error(context, fd, retval, "while encoding # of received bytes");
+        exit(1);
+    }
+}
+
+
+static void
+send_error(krb5_context context, int fd, krb5_error_code err_code,
+           char *err_text)
+{
+    krb5_error error;
+    const char *text;
+    krb5_data outbuf;
+    char buf[1024];
+
+    memset(&error, 0, sizeof(error));
+    krb5_us_timeofday(context, &error.stime, &error.susec);
+    error.server = server;
+    error.client = client;
+
+    text = (err_text != NULL) ? err_text : error_message(err_code);
+
+    error.error = err_code - ERROR_TABLE_BASE_krb5;
+    if (error.error > 127) {
+        error.error = KRB_ERR_GENERIC;
+        if (err_text) {
+            snprintf(buf, sizeof(buf), "%s %s", error_message(err_code),
+                     err_text);
+            text = buf;
+        }
+    }
+    error.text.length = strlen(text) + 1;
+    error.text.data = strdup(text);
+    if (error.text.data) {
+        if (!krb5_mk_error(context, &error, &outbuf)) {
+            (void)krb5_write_message(context, &fd, &outbuf);
+            krb5_free_data_contents(context, &outbuf);
+        }
+        free(error.text.data);
+    }
+}
+
+void
+recv_error(krb5_context context, krb5_data *inbuf)
+{
+    krb5_error *error;
+    krb5_error_code retval;
+
+    retval = krb5_rd_error(context, inbuf, &error);
+    if (retval) {
+        com_err(progname, retval,
+                _("while decoding error packet from client"));
+        exit(1);
+    }
+    if (error->error == KRB_ERR_GENERIC) {
+        if (error->text.data)
+            fprintf(stderr, _("Generic remote error: %s\n"), error->text.data);
+    } else if (error->error) {
+        com_err(progname,
+                (krb5_error_code)error->error + ERROR_TABLE_BASE_krb5,
+                _("signaled from server"));
+        if (error->text.data) {
+            fprintf(stderr, _("Error text from client: %s\n"),
+                    error->text.data);
+        }
+    }
+    krb5_free_error(context, error);
+    exit(1);
+}
+
+static void
+load_database(krb5_context context, char *kdb_util, char *database_file_name)
+{
+    static char *edit_av[10];
+    int error_ret, child_pid, count;
+
+    /* <sys/param.h> has been included, so BSD will be defined on
+     * BSD systems. */
+#if BSD > 0 && BSD <= 43
+#ifndef WEXITSTATUS
+#define WEXITSTATUS(w) (w).w_retcode
+#endif
+    union wait waitb;
+#else
+    int waitb;
+#endif
+    kdb_log_context *log_ctx;
+
+    if (debug)
+        fprintf(stderr, "calling kdb5_util to load database\n");
+
+    log_ctx = context->kdblog_context;
+
+    edit_av[0] = kdb_util;
+    count = 1;
+    if (realm) {
+        edit_av[count++] = "-r";
+        edit_av[count++] = realm;
+    }
+    edit_av[count++] = "load";
+    if (kerb_database) {
+        edit_av[count++] = "-d";
+        edit_av[count++] = kerb_database;
+    }
+    if (log_ctx && log_ctx->iproprole == IPROP_REPLICA)
+        edit_av[count++] = "-i";
+    edit_av[count++] = database_file_name;
+    edit_av[count++] = NULL;
+
+    switch (child_pid = fork()) {
+    case -1:
+        com_err(progname, errno, _("while trying to fork %s"), kdb_util);
+        exit(1);
+    case 0:
+        execv(kdb_util, edit_av);
+        com_err(progname, errno, _("while trying to exec %s"), kdb_util);
+        _exit(1);
+        /*NOTREACHED*/
+    default:
+        if (debug)
+            fprintf(stderr, "Load PID is %d\n", child_pid);
+        if (wait(&waitb) < 0) {
+            com_err(progname, errno, _("while waiting for %s"), kdb_util);
+            exit(1);
+        }
+    }
+
+    if (!WIFEXITED(waitb)) {
+        com_err(progname, 0, _("%s load terminated"), kdb_util);
+        exit(1);
+    }
+
+    error_ret = WEXITSTATUS(waitb);
+    if (error_ret) {
+        com_err(progname, 0, _("%s returned a bad exit status (%d)"),
+                kdb_util, error_ret);
+        exit(1);
+    }
+    return;
+}
+
+/*
+ * Get the host base service name for the kiprop principal. Returns
+ * KADM5_OK on success. Caller must free the storage allocated
+ * for host_service_name.
+ */
+static kadm5_ret_t
+kadm5_get_kiprop_host_srv_name(krb5_context context, const char *realm_name,
+                               char **host_service_name)
+{
+    char *name, *host;
+
+    host = params.admin_server; /* XXX */
+    if (asprintf(&name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host) < 0) {
+        free(host);
+        return ENOMEM;
+    }
+    *host_service_name = name;
+
+    return KADM5_OK;
+}
diff --git a/krb5-1.21.3/src/kprop/kpropd_rpc.c b/krb5-1.21.3/src/kprop/kpropd_rpc.c
new file mode 100644
index 00000000..4877e37e
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/kpropd_rpc.c
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
+ * Please do not edit this file.
+ * It was generated using rpcgen.
+ */
+
+#include <memory.h> /* for memset */
+#include "iprop.h"
+
+/* Default timeout can be changed using clnt_control() */
+static struct timeval TIMEOUT = { 25, 0 };
+
+void *
+iprop_null_1(void *argp, CLIENT *clnt)
+{
+	static char clnt_res;
+
+	memset(&clnt_res, 0, sizeof(clnt_res));
+	if (clnt_call (clnt, IPROP_NULL,
+		(xdrproc_t) xdr_void, (caddr_t) argp,
+		(xdrproc_t) xdr_void, (caddr_t) &clnt_res,
+		TIMEOUT) != RPC_SUCCESS) {
+		return (NULL);
+	}
+	return ((void *)&clnt_res);
+}
+
+kdb_incr_result_t *
+iprop_get_updates_1(kdb_last_t *argp, CLIENT *clnt)
+{
+	static kdb_incr_result_t clnt_res;
+
+	memset(&clnt_res, 0, sizeof(clnt_res));
+	if (clnt_call (clnt, IPROP_GET_UPDATES,
+		(xdrproc_t) xdr_kdb_last_t, (caddr_t) argp,
+		(xdrproc_t) xdr_kdb_incr_result_t, (caddr_t) &clnt_res,
+		TIMEOUT) != RPC_SUCCESS) {
+		return (NULL);
+	}
+	return (&clnt_res);
+}
+
+kdb_fullresync_result_t *
+iprop_full_resync_1(void *argp, CLIENT *clnt)
+{
+	static kdb_fullresync_result_t clnt_res;
+
+	memset(&clnt_res, 0, sizeof(clnt_res));
+	if (clnt_call (clnt, IPROP_FULL_RESYNC,
+		(xdrproc_t) xdr_void, (caddr_t) argp,
+		(xdrproc_t) xdr_kdb_fullresync_result_t, (caddr_t) &clnt_res,
+		TIMEOUT) != RPC_SUCCESS) {
+		return (NULL);
+	}
+	return (&clnt_res);
+}
diff --git a/krb5-1.21.3/src/kprop/kproplog.c b/krb5-1.21.3/src/kprop/kproplog.c
new file mode 100644
index 00000000..06af2a1d
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/kproplog.c
@@ -0,0 +1,561 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
+ * This module will parse the update logs on the primary or replica servers.
+ */
+
+#include "k5-int.h"
+#include "k5-hex.h"
+#include <locale.h>
+#include <sys/types.h>
+#include <sys/mman.h>
+#include <time.h>
+#include <limits.h>
+#include <locale.h>
+#include <syslog.h>
+#include <kdb_log.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+
+static char *progname;
+
+static void
+usage()
+{
+    fprintf(stderr, _("\nUsage: %s [-h] [-v] [-v] [-e num]\n\t%s -R\n\n"),
+            progname, progname);
+    exit(1);
+}
+
+/*
+ * Print the attribute flags of principal in human readable form.
+ */
+static void
+print_flags(unsigned int flags)
+{
+    char **attrstrs, **sp;
+
+    if (krb5_flags_to_strings(flags, &attrstrs) != 0) {
+        printf("\t\t\t(error)\n");
+        return;
+    }
+    for (sp = attrstrs; sp != NULL && *sp != NULL; sp++) {
+        printf("\t\t\t%s\n", *sp);
+        free(*sp);
+    }
+    free(attrstrs);
+}
+
+/* ctime() for uint32_t* */
+static const char *
+ctime_uint32(uint32_t *time32)
+{
+    time_t tmp;
+    const char *r;
+
+    tmp = *time32;
+    r = ctime(&tmp);
+    return (r == NULL) ? "(error)" : r;
+}
+
+/* Display time information. */
+static void
+print_time(uint32_t *timep)
+{
+    if (*timep == 0L)
+        printf("\t\t\tNone\n");
+    else
+        printf("\t\t\t%s", ctime_uint32(timep));
+}
+
+static void
+print_deltat(uint32_t *deltat)
+{
+    krb5_error_code ret;
+    static char buf[30];
+
+    ret = krb5_deltat_to_string(*deltat, buf, sizeof(buf));
+    if (ret)
+        printf("\t\t\t(error)\n");
+    else
+        printf("\t\t\t%s\n", buf);
+}
+
+/* Display string in hex primitive. */
+static void
+print_hex(const char *tag, utf8str_t *str)
+{
+    unsigned int len;
+    char *hex;
+
+    len = str->utf8str_t_len;
+
+    if (k5_hex_encode(str->utf8str_t_val, len, FALSE, &hex) != 0)
+        abort();
+    printf("\t\t\t%s(%d): 0x%s\n", tag, len, hex);
+    free(hex);
+}
+
+/* Display string primitive. */
+static void
+print_str(const char *tag, utf8str_t *str)
+{
+    krb5_error_code ret;
+    char *s;
+
+    s = k5memdup0(str->utf8str_t_val, str->utf8str_t_len, &ret);
+    if (s == NULL) {
+        fprintf(stderr, _("\nCouldn't allocate memory"));
+        exit(1);
+    }
+    printf("\t\t\t%s(%d): %s\n", tag, str->utf8str_t_len, s);
+    free(s);
+}
+
+/* Display data components. */
+static void
+print_data(const char *tag, kdbe_data_t *data)
+{
+    printf("\t\t\tmagic: 0x%x\n", data->k_magic);
+    print_str(tag, &data->k_data);
+}
+
+/* Display the principal components. */
+static void
+print_princ(kdbe_princ_t *princ)
+{
+    int i, len;
+    kdbe_data_t *data;
+
+    print_str("realm", &princ->k_realm);
+
+    len = princ->k_components.k_components_len;
+    data = princ->k_components.k_components_val;
+    for (i = 0; i < len; i++, data++)
+        print_data("princ", data);
+}
+
+/* Display individual key. */
+static void
+print_key(kdbe_key_t *k)
+{
+    unsigned int i;
+    utf8str_t *str;
+
+    printf("\t\t\tver: %d\n", k->k_ver);
+    printf("\t\t\tkvno: %d\n", k->k_kvno);
+
+    for (i = 0; i < k->k_enctype.k_enctype_len; i++)
+        printf("\t\t\tenc type: 0x%x\n", k->k_enctype.k_enctype_val[i]);
+
+    str = k->k_contents.k_contents_val;
+    for (i = 0; i < k->k_contents.k_contents_len; i++, str++)
+        print_hex("key", str);
+}
+
+/* Display all key data. */
+static void
+print_keydata(kdbe_key_t *keys, unsigned int len)
+{
+    unsigned int i;
+
+    for (i = 0; i < len; i++, keys++)
+        print_key(keys);
+}
+
+/* Display TL item. */
+static void
+print_tl(kdbe_tl_t *tl)
+{
+    int i, len;
+
+    printf("\t\t\ttype: 0x%x\n", tl->tl_type);
+
+    len = tl->tl_data.tl_data_len;
+
+    printf("\t\t\tvalue(%d): 0x", len);
+    for (i = 0; i < len; i++)
+        printf("%02x", (krb5_octet)tl->tl_data.tl_data_val[i]);
+    printf("\n");
+}
+
+/* Display TL data items. */
+static void
+print_tldata(kdbe_tl_t *tldata, int len)
+{
+    int i;
+
+    printf("\t\t\titems: %d\n", len);
+    for (i = 0; i < len; i++, tldata++)
+        print_tl(tldata);
+}
+
+/*
+ * Print the individual types if verbose mode was specified.
+ * If verbose-verbose then print types along with respective values.
+ */
+static void
+print_attr(kdbe_val_t *val, int vverbose)
+{
+    switch (val->av_type) {
+    case AT_ATTRFLAGS:
+        printf(_("\t\tAttribute flags\n"));
+        if (vverbose)
+            print_flags(val->kdbe_val_t_u.av_attrflags);
+        break;
+    case AT_MAX_LIFE:
+        printf(_("\t\tMaximum ticket life\n"));
+        if (vverbose)
+            print_deltat(&val->kdbe_val_t_u.av_max_life);
+        break;
+    case AT_MAX_RENEW_LIFE:
+        printf(_("\t\tMaximum renewable life\n"));
+        if (vverbose)
+            print_deltat(&val->kdbe_val_t_u.av_max_renew_life);
+        break;
+    case AT_EXP:
+        printf(_("\t\tPrincipal expiration\n"));
+        if (vverbose)
+            print_time(&val->kdbe_val_t_u.av_exp);
+        break;
+    case AT_PW_EXP:
+        printf(_("\t\tPassword expiration\n"));
+        if (vverbose)
+            print_time(&val->kdbe_val_t_u.av_pw_exp);
+        break;
+    case AT_LAST_SUCCESS:
+        printf(_("\t\tLast successful auth\n"));
+        if (vverbose)
+            print_time(&val->kdbe_val_t_u.av_last_success);
+        break;
+    case AT_LAST_FAILED:
+        printf(_("\t\tLast failed auth\n"));
+        if (vverbose)
+            print_time(&val->kdbe_val_t_u.av_last_failed);
+        break;
+    case AT_FAIL_AUTH_COUNT:
+        printf(_("\t\tFailed passwd attempt\n"));
+        if (vverbose)
+            printf("\t\t\t%d\n", val->kdbe_val_t_u.av_fail_auth_count);
+        break;
+    case AT_PRINC:
+        printf(_("\t\tPrincipal\n"));
+        if (vverbose)
+            print_princ(&val->kdbe_val_t_u.av_princ);
+        break;
+    case AT_KEYDATA:
+        printf(_("\t\tKey data\n"));
+        if (vverbose) {
+            print_keydata(val->kdbe_val_t_u.av_keydata.av_keydata_val,
+                          val->kdbe_val_t_u.av_keydata.av_keydata_len);
+        }
+        break;
+    case AT_TL_DATA:
+        printf(_("\t\tTL data\n"));
+        if (vverbose) {
+            print_tldata(val->kdbe_val_t_u.av_tldata.av_tldata_val,
+                         val->kdbe_val_t_u.av_tldata.av_tldata_len);
+        }
+        break;
+    case AT_LEN:
+        printf(_("\t\tLength\n"));
+        if (vverbose)
+            printf("\t\t\t%d\n", val->kdbe_val_t_u.av_len);
+        break;
+    case AT_PW_LAST_CHANGE:
+        printf(_("\t\tPassword last changed\n"));
+        if (vverbose)
+            print_time(&val->kdbe_val_t_u.av_pw_last_change);
+        break;
+    case AT_MOD_PRINC:
+        printf(_("\t\tModifying principal\n"));
+        if (vverbose)
+            print_princ(&val->kdbe_val_t_u.av_mod_princ);
+        break;
+    case AT_MOD_TIME:
+        printf(_("\t\tModification time\n"));
+        if (vverbose)
+            print_time(&val->kdbe_val_t_u.av_mod_time);
+        break;
+    case AT_MOD_WHERE:
+        printf(_("\t\tModified where\n"));
+        if (vverbose)
+            print_str("where", &val->kdbe_val_t_u.av_mod_where);
+        break;
+    case AT_PW_POLICY:
+        printf(_("\t\tPassword policy\n"));
+        if (vverbose)
+            print_str("policy", &val->kdbe_val_t_u.av_pw_policy);
+        break;
+    case AT_PW_POLICY_SWITCH:
+        printf(_("\t\tPassword policy switch\n"));
+        if (vverbose)
+            printf("\t\t\t%d\n", val->kdbe_val_t_u.av_pw_policy_switch);
+        break;
+    case AT_PW_HIST_KVNO:
+        printf(_("\t\tPassword history KVNO\n"));
+        if (vverbose)
+            printf("\t\t\t%d\n", val->kdbe_val_t_u.av_pw_hist_kvno);
+        break;
+    case AT_PW_HIST:
+        printf(_("\t\tPassword history\n"));
+        if (vverbose)
+            printf("\t\t\tPW history elided\n");
+        break;
+    } /* switch */
+
+}
+/*
+ * Print the update entry information
+ */
+static void
+print_update(kdb_hlog_t *ulog, uint32_t entry, uint32_t ulogentries,
+             unsigned int verbose)
+{
+    XDR xdrs;
+    uint32_t start_sno, i, j, indx;
+    char *dbprinc;
+    kdb_ent_header_t *indx_log;
+    kdb_incr_update_t upd;
+
+    if (entry && (entry < ulog->kdb_num))
+        start_sno = ulog->kdb_last_sno - entry;
+    else
+        start_sno = ulog->kdb_first_sno - 1;
+
+    for (i = start_sno; i < ulog->kdb_last_sno; i++) {
+        indx = i % ulogentries;
+
+        indx_log = INDEX(ulog, indx);
+
+        /*
+         * Check for corrupt update entry
+         */
+        if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) {
+            fprintf(stderr, _("Corrupt update entry\n\n"));
+            exit(1);
+        }
+
+        printf("---\n");
+        printf(_("Update Entry\n"));
+
+        printf(_("\tUpdate serial # : %u\n"), indx_log->kdb_entry_sno);
+
+        /* The initial entry after a reset is a dummy entry; skip it. */
+        if (indx_log->kdb_entry_size == 0) {
+            printf(_("\tDummy entry\n"));
+            continue;
+        }
+
+        memset(&upd, 0, sizeof(kdb_incr_update_t));
+        xdrmem_create(&xdrs, (char *)indx_log->entry_data,
+                      indx_log->kdb_entry_size, XDR_DECODE);
+        if (!xdr_kdb_incr_update_t(&xdrs, &upd)) {
+            printf(_("Entry data decode failure\n\n"));
+            exit(1);
+        }
+
+        printf(_("\tUpdate operation : "));
+        if (upd.kdb_deleted)
+            printf(_("Delete\n"));
+        else
+            printf(_("Add\n"));
+
+        dbprinc = malloc(upd.kdb_princ_name.utf8str_t_len + 1);
+        if (dbprinc == NULL) {
+            printf(_("Could not allocate principal name\n\n"));
+            exit(1);
+        }
+        strncpy(dbprinc, upd.kdb_princ_name.utf8str_t_val,
+                upd.kdb_princ_name.utf8str_t_len);
+        dbprinc[upd.kdb_princ_name.utf8str_t_len] = 0;
+        printf(_("\tUpdate principal : %s\n"), dbprinc);
+
+        printf(_("\tUpdate size : %u\n"), indx_log->kdb_entry_size);
+        printf(_("\tUpdate committed : %s\n"),
+               indx_log->kdb_commit ? "True" : "False");
+
+        if (indx_log->kdb_time.seconds == 0L) {
+            printf(_("\tUpdate time stamp : None\n"));
+        } else{
+            printf(_("\tUpdate time stamp : %s"),
+                   ctime_uint32(&indx_log->kdb_time.seconds));
+        }
+
+        printf(_("\tAttributes changed : %d\n"), upd.kdb_update.kdbe_t_len);
+
+        if (verbose) {
+            for (j = 0; j < upd.kdb_update.kdbe_t_len; j++)
+                print_attr(&upd.kdb_update.kdbe_t_val[j], verbose > 1 ? 1 : 0);
+        }
+
+        xdr_free(xdr_kdb_incr_update_t, (char *)&upd);
+        free(dbprinc);
+    }
+}
+
+/* Return a read-only mmap of the ulog, or NULL on failure. */
+static kdb_hlog_t *
+map_ulog(const char *filename, int *fd_out)
+{
+    int fd;
+    struct stat st;
+    kdb_hlog_t *ulog = MAP_FAILED;
+
+    *fd_out = -1;
+
+    fd = open(filename, O_RDONLY);
+    if (fd == -1)
+        return NULL;
+    if (fstat(fd, &st) < 0) {
+        close(fd);
+        return NULL;
+    }
+    ulog = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+    if (ulog == MAP_FAILED) {
+        close(fd);
+        return NULL;
+    }
+    *fd_out = fd;
+    return ulog;
+}
+
+int
+main(int argc, char **argv)
+{
+    int c, ulog_fd = -1;
+    unsigned int verbose = 0;
+    bool_t headeronly = FALSE, reset = FALSE;
+    uint32_t entry = 0;
+    krb5_context context;
+    kadm5_config_params params;
+    kdb_hlog_t *ulog = NULL;
+
+    setlocale(LC_ALL, "");
+
+    progname = argv[0];
+
+    while ((c = getopt(argc, argv, "Rvhe:")) != -1) {
+        switch (c) {
+        case 'h':
+            headeronly = TRUE;
+            break;
+        case 'e':
+            entry = atoi(optarg);
+            break;
+        case 'R':
+            reset = TRUE;
+            break;
+        case 'v':
+            verbose++;
+            break;
+        default:
+            usage();
+        }
+    }
+
+    if (kadm5_init_krb5_context(&context)) {
+        fprintf(stderr, _("Unable to initialize Kerberos\n\n"));
+        exit(1);
+    }
+
+    memset(&params, 0, sizeof(params));
+
+    if (kadm5_get_config_params(context, 1, &params, &params)) {
+        fprintf(stderr, _("Couldn't read database_name\n\n"));
+        exit(1);
+    }
+
+    printf(_("\nKerberos update log (%s)\n"), params.iprop_logfile);
+
+    if (reset) {
+        if (ulog_map(context, params.iprop_logfile, params.iprop_ulogsize)) {
+            fprintf(stderr, _("Unable to map log file %s\n\n"),
+                    params.iprop_logfile);
+            exit(1);
+        }
+        if (ulog_init_header(context) != 0) {
+            fprintf(stderr, _("Couldn't reinitialize ulog file %s\n\n"),
+                    params.iprop_logfile);
+            exit(1);
+        }
+        printf(_("Reinitialized the ulog.\n"));
+        ulog_fini(context);
+        goto done;
+    }
+
+    ulog = map_ulog(params.iprop_logfile, &ulog_fd);
+    if (ulog == NULL) {
+        fprintf(stderr, _("Unable to map log file %s\n\n"),
+                params.iprop_logfile);
+        exit(1);
+    }
+
+    if (ulog->kdb_hmagic != KDB_ULOG_HDR_MAGIC) {
+        fprintf(stderr, _("Corrupt header log, exiting\n\n"));
+        exit(1);
+    }
+
+    printf(_("Update log dump :\n"));
+    printf(_("\tLog version # : %u\n"), ulog->db_version_num);
+    printf(_("\tLog state : "));
+    switch (ulog->kdb_state) {
+    case KDB_STABLE:
+        printf(_("Stable\n"));
+        break;
+    case KDB_UNSTABLE:
+        printf(_("Unstable\n"));
+        break;
+    case KDB_CORRUPT:
+        printf(_("Corrupt\n"));
+        break;
+    default:
+        printf(_("Unknown state: %d\n"), ulog->kdb_state);
+        break;
+    }
+    printf(_("\tEntry block size : %u\n"), ulog->kdb_block);
+    printf(_("\tNumber of entries : %u\n"), ulog->kdb_num);
+
+    if (ulog->kdb_last_sno == 0) {
+        printf(_("\tLast serial # : None\n"));
+    } else {
+        if (ulog->kdb_first_sno == 0) {
+            printf(_("\tFirst serial # : None\n"));
+        } else {
+            printf(_("\tFirst serial # : "));
+            printf("%u\n", ulog->kdb_first_sno);
+        }
+
+        printf(_("\tLast serial # : "));
+        printf("%u\n", ulog->kdb_last_sno);
+    }
+
+    if (ulog->kdb_last_time.seconds == 0L) {
+        printf(_("\tLast time stamp : None\n"));
+    } else {
+        if (ulog->kdb_first_time.seconds == 0L) {
+            printf(_("\tFirst time stamp : None\n"));
+        } else {
+            printf(_("\tFirst time stamp : %s"),
+                   ctime_uint32(&ulog->kdb_first_time.seconds));
+        }
+
+        printf(_("\tLast time stamp : %s\n"),
+               ctime_uint32(&ulog->kdb_last_time.seconds));
+    }
+
+    if (!headeronly && ulog->kdb_num)
+        print_update(ulog, entry, params.iprop_ulogsize, verbose);
+
+    printf("\n");
+
+done:
+    close(ulog_fd);
+    kadm5_free_config_params(context, &params);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/kprop/replica_update b/krb5-1.21.3/src/kprop/replica_update
new file mode 100644
index 00000000..a8b49446
--- /dev/null
+++ b/krb5-1.21.3/src/kprop/replica_update
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# Propagate if database (principal.db) has been modified since last dump
+# (dumpfile.dump_ok) or if database has been dumped since last successful
+# propagation (dumpfile.<replica machine>.last_prop)
+
+KDB_DIR=/usr/local/var/krb5kdc
+
+KDB_FILE=$KDB_DIR/principal.db
+DUMPFILE=$KDB_DIR/replica_datatrans
+KDB5_UTIL=/usr/local/sbin/kdb5_util
+KPROP=/usr/local/sbin/kprop
+
+REPLICA=$1
+if [ -z "${REPLICA}" ]
+then
+  echo "Usage $0 replica_server"
+fi
+
+if [ "`ls -t $DUMPFILE.dump_ok $KDB_FILE | sed -n 1p`"  = "$KDB_FILE" -o \
+     "`ls -t $DUMPFILE.${REPLICA}.last_prop $DUMPFILE.dump_ok | \
+		sed -n 1p`"  = "$DUMPFILE.dump_ok" ]
+then
+
+	date
+	$KDB5_UTIL dump $DUMPFILE > /dev/null
+
+	$KPROP -d -f $DUMPFILE ${REPLICA}
+	rm $DUMPFILE
+fi
diff --git a/krb5-1.21.3/src/lib/Makefile.in b/krb5-1.21.3/src/lib/Makefile.in
new file mode 100644
index 00000000..3b812ed8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/Makefile.in
@@ -0,0 +1,145 @@
+mydir=lib
+SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils krad
+WINSUBDIRS=crypto krb5 gssapi
+BUILDTOP=$(REL)..
+
+all-unix:
+
+CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libkadm.a \
+	libcom_err.a libpty.a ibss.a libgssapi.a libapputils.a libkrb5.so \
+	libcrypto.so
+
+clean-unix::
+
+clean-windows::
+
+# Windows stuff to make krb5 and gssapi DLLs.
+
+##MIT##!if !defined(VS_INC)
+##MIT##!message Must define VS_INC to point to version server include dir!
+##MIT##!error
+##MIT##!endif
+##MIT##!if !defined(VS_LIB)
+##MIT##!message Must define VS_LIB to point to version server library!
+##MIT##!error
+##MIT##!endif
+##MIT##MITLIBS=$(VS_LIB)
+##MIT##MITFLAGS=-I$(VS_INC) /DVERSERV=1
+
+
+
+##WIN32##SLIBS = $(BUILDTOP)\util\support\$(OUTPRE)k5sprt$(BITS).lib
+##WIN32##CLIBS = $(BUILDTOP)\util\et\$(OUTPRE)comerr.lib
+##WIN32##PLIBS = $(BUILDTOP)\util\profile\$(OUTPRE)profile.lib
+##WIN32##KLIBS = krb5\$(OUTPRE)krb5.lib crypto\$(OUTPRE)crypto.lib \
+##WIN32##	$(BUILDTOP)\util\profile\$(OUTPRE)profile.lib
+##WIN32##GLIBS = gssapi\$(OUTPRE)gssapi.lib
+
+
+##WIN32##SDEF = k5sprt32.def
+##WIN32##CDEF = comerr32.def
+##WIN32##PDEF = xpprof32.def
+##WIN32##KDEF = krb5_32.def
+##WIN32##GDEF = gssapi32.def
+
+
+
+##WIN32##KRB5RC = krb5.rc
+##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
+
+##WIN32##!if defined(VISUALSTUDIOVERSION)
+##WIN32##!if $(VISUALSTUDIOVERSION:.=) >= 140
+##WIN32##!ifdef NODEBUG
+##WIN32##WINCRTEXTRA = ucrt.lib vcruntime.lib
+##WIN32##!else
+##WIN32##WINCRTEXTRA = ucrtd.lib vcruntimed.lib
+##WIN32##!endif
+##WIN32##!endif
+##WIN32##!endif
+##WIN32##WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \
+##WIN32##	version.lib secur32.lib advapi32.lib gdi32.lib delayimp.lib \
+##WIN32##	$(WINCRTEXTRA)
+##WIN32##WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000 /DELAYLOAD:secur32.dll \
+##WIN32##	/DELAYLOAD:advapi32.dll /DELAY:UNLOAD /DELAY:NOBIND
+
+##WIN32##S_GLUE=$(OUTPRE)support_glue.obj
+##WIN32##K5_GLUE=$(OUTPRE)k5_glue.obj
+##WIN32##GSS_GLUE=$(OUTPRE)gss_glue.obj
+##WIN32##COMERR_GLUE=$(OUTPRE)comerr_glue.obj
+##WIN32##PROF_GLUE=$(OUTPRE)prof_glue.obj
+
+##WIN32##SGLUE=$(S_GLUE)
+##WIN32##CGLUE=$(COMERR_GLUE)
+##WIN32##PGLUE=$(PROF_GLUE)
+##WIN32##KGLUE=$(K5_GLUE)
+##WIN32##GGLUE=$(GSS_GLUE)
+
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+##WIN32##SRES=$(SLIB:.lib=.res)
+##WIN32##CRES=$(CLIB:.lib=.res)
+##WIN32##PRES=$(PLIB:.lib=.res)
+##WIN32##KRES=$(KLIB:.lib=.res)
+##WIN32##GRES=$(GLIB:.lib=.res)
+
+##WIN32##$(SRES): $(VERSIONRC)
+##WIN32##	$(RC) $(RCFLAGS) -DSUPPORT_LIB -fo $@ -r $**
+##WIN32##$(CRES): $(VERSIONRC)
+##WIN32##	$(RC) $(RCFLAGS) -DCE_LIB -fo $@ -r $**
+##WIN32##$(PRES): $(VERSIONRC)
+##WIN32##	$(RC) $(RCFLAGS) -DPROF_LIB -fo $@ -r $**
+##WIN32##$(KRES): $(KRB5RC)
+##WIN32##	$(RC) $(RCFLAGS) -DKRB5_LIB -fo $@ -r $**
+##WIN32##$(GRES): $(VERSIONRC)
+##WIN32##	$(RC) $(RCFLAGS) -DGSSAPI_LIB -fo $@ -r $**
+##WIN32##$(KRB5RC): $(VERSIONRC)
+
+##WIN32##$(SLIB): $(SDEF) $(SLIBS) $(SGLUE) $(SRES)
+##WIN32##	link $(WINDLLFLAGS) -def:$(SDEF) -out:$*.dll \
+##WIN32##	  $(SLIBS) $(SGLUE) $(SRES) $(WINLIBS)
+##WIN32##	$(_VC_MANIFEST_EMBED_DLL)
+##WIN32##$(SDEF): ..\util\support\libkrb5support.exports
+##WIN32##	echo EXPORTS > $(SDEF).new
+##WIN32##	type ..\util\support\libkrb5support.exports >> $(SDEF).new
+##WIN32##	-$(RM) $(SDEF)
+##WIN32##	ren $(SDEF).new $(SDEF)
+
+##WIN32##$(CLIB): $(CDEF) $(CLIBS) $(CGLUE) $(CRES) $(SLIB)
+##WIN32##	link $(WINDLLFLAGS) -def:$(CDEF) -out:$*.dll \
+##WIN32##	  $(CLIBS) $(CGLUE) $(CRES) $(SLIB) $(WINLIBS)
+##WIN32##	$(_VC_MANIFEST_EMBED_DLL)
+
+##WIN32##$(PLIB): $(PDEF) $(PLIBS) $(PGLUE) $(PRES) $(CLIB) $(SLIB)
+##WIN32##	link $(WINDLLFLAGS) -def:$(PDEF) -out:$*.dll \
+##WIN32##	  $(PLIBS) $(PGLUE) $(PRES) $(CLIB) $(SLIB) $(WINLIBS)
+##WIN32##	$(_VC_MANIFEST_EMBED_DLL)
+
+##WIN32##$(KLIB): $(KDEF) $(KLIBS) $(KGLUE) $(KRES) $(CLIB) $(SLIB) $(MITLIBS)
+##WIN32##	link $(WINDLLFLAGS) -def:$(KDEF) -out:$*.dll \
+##WIN32##	  $(KLIBS) $(KGLUE) $(KRES) $(CLIB) $(SLIB) $(MITLIBS) $(DNSLIBS) $(WINLIBS)
+##WIN32##	$(_VC_MANIFEST_EMBED_DLL)
+
+##WIN32##$(GLIB): $(GDEF) $(GLIBS) $(GGLUE) $(GRES) $(KLIB) $(CLIB) $(SLIB)
+##WIN32##	link $(WINDLLFLAGS) -def:$(GDEF) -out:$*.dll \
+##WIN32##	  $(GLIBS) $(GGLUE) $(GRES) $(KLIB) $(CLIB) $(SLIB) $(WINLIBS)
+##WIN32##		$(_VC_MANIFEST_EMBED_DLL)
+
+##WIN32##$(K5_GLUE): win_glue.c
+##WIN32##	$(CC) $(ALL_CFLAGS) $(MITFLAGS) /c /DKRB5=1 /Fo$@ $**
+##WIN32##$(GSS_GLUE): win_glue.c
+##WIN32##	$(CC) $(ALL_CFLAGS) /c /DGSSAPI=1 /Fo$@ $**
+##WIN32##$(COMERR_GLUE): win_glue.c
+##WIN32##	$(CC) $(ALL_CFLAGS) /c /DCOMERR=1 /Fo$@ $**
+##WIN32##$(PROF_GLUE): win_glue.c
+##WIN32##	$(CC) $(ALL_CFLAGS) /c /DPROFILELIB=1 /Fo$@ $**
+##WIN32##$(S_GLUE): win_glue.c
+##WIN32##	$(CC) $(ALL_CFLAGS) /c /DSUPPORTLIB=1 /Fo$@ $**
+
+##WIN32### Build Convenience
+##WIN32##comerr.lib: $(CLIB)
+##WIN32##krb5.lib:   $(KLIB)
+##WIN32##gssapi.lib: $(GLIB)
+##WIN32##profile.lib: $(PLIB)
+
+##WIN32##all-windows: all-recurse lib-windows
+##WIN32##lib-windows: krb5.lib gssapi.lib profile.lib
diff --git a/krb5-1.21.3/src/lib/apputils/Makefile.in b/krb5-1.21.3/src/lib/apputils/Makefile.in
new file mode 100644
index 00000000..93e3d87e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/apputils/Makefile.in
@@ -0,0 +1,33 @@
+prefix=@prefix@
+bindir=@bindir@
+datadir=@datadir@
+mydatadir=$(datadir)/apputils
+mydir=lib$(S)apputils
+BUILDTOP=$(REL)..$(S)..
+RELDIR=../lib/apputils
+SED = sed
+
+##DOS##BUILDTOP = ..\..
+##DOS##LIBNAME=$(OUTPRE)apputils.lib
+##DOS##XTRA=
+##DOS##OBJFILE=$(OUTPRE)apputils.lst
+
+STLIBOBJS=net-server.o udppktinfo.o @LIBOBJS@
+LIBBASE=apputils
+
+all-unix: all-liblinks
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+install-unix: install-libs
+
+LINTFLAGS=-uhvb 
+LINTFILES= daemon.c
+LIBOBJS=$(OUTPRE)daemon.$(OBJEXT)
+
+SRCS=	$(srcdir)/daemon.c \
+	$(srcdir)/net-server.c \
+	$(srcdir)/udppktinfo.c
+
+@libpriv_frag@
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/apputils/daemon.c b/krb5-1.21.3/src/lib/apputils/daemon.c
new file mode 100644
index 00000000..a3d7cd73
--- /dev/null
+++ b/krb5-1.21.3/src/lib/apputils/daemon.c
@@ -0,0 +1,96 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/file.h>
+#include <unistd.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
+#endif
+
+int
+daemon(nochdir, noclose)
+	int nochdir, noclose;
+{
+	int cpid;
+
+	if ((cpid = fork()) == -1)
+		return (-1);
+	if (cpid)
+		exit(0);
+#ifdef HAVE_SETSID
+	(void) setsid();
+#else
+#ifndef TIOCNOTTY
+	setpgrp();
+#else
+	{
+		int n;
+
+		/*
+		 * The open below may hang on pseudo ttys if the person
+		 * who starts named logs out before this point.  Thus,
+		 * the need for the timer.
+		 */
+		alarm(120);
+		n = open("/dev/tty", O_RDWR);
+		alarm(0);
+		if (n > 0) {
+			(void) ioctl(n, TIOCNOTTY, (char *)NULL);
+			(void) close(n);
+		}
+	}
+#endif
+#endif
+	if (!nochdir)
+		(void) chdir("/");
+	if (!noclose) {
+		int devnull = open(_PATH_DEVNULL, O_RDWR, 0);
+
+		if (devnull != -1) {
+			(void) dup2(devnull, 0);
+			(void) dup2(devnull, 1);
+			(void) dup2(devnull, 2);
+			if (devnull > 2)
+				(void) close(devnull);
+		}
+	}
+	return (0);
+}
diff --git a/krb5-1.21.3/src/lib/apputils/deps b/krb5-1.21.3/src/lib/apputils/deps
new file mode 100644
index 00000000..9605f5c9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/apputils/deps
@@ -0,0 +1,43 @@
+#
+# Generated makefile dependencies follow.
+#
+daemon.so daemon.po $(OUTPRE)daemon.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h daemon.c
+net-server.so net-server.po $(OUTPRE)net-server.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/foreachaddr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h net-server.c udppktinfo.h
+udppktinfo.so udppktinfo.po $(OUTPRE)udppktinfo.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  udppktinfo.c udppktinfo.h
diff --git a/krb5-1.21.3/src/lib/apputils/net-server.c b/krb5-1.21.3/src/lib/apputils/net-server.c
new file mode 100644
index 00000000..1bdc7932
--- /dev/null
+++ b/krb5-1.21.3/src/lib/apputils/net-server.c
@@ -0,0 +1,1522 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/apputils/net-server.c - Network code for krb5 servers (kdc, kadmind) */
+/*
+ * Copyright 1990,2000,2007,2008,2009,2010,2016 by the Massachusetts Institute
+ * of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "adm_proto.h"
+#include <sys/ioctl.h>
+#include <syslog.h>
+
+#include <stddef.h>
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+#include <gssrpc/rpc.h>
+
+#ifdef HAVE_NETINET_IN_H
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_SOCKIO_H
+/* for SIOCGIFCONF, etc. */
+#include <sys/sockio.h>
+#endif
+#include <sys/time.h>
+#if HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#include <arpa/inet.h>
+
+#ifndef ARPHRD_ETHER /* OpenBSD breaks on multiple inclusions */
+#include <net/if.h>
+#endif
+
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>          /* FIONBIO */
+#endif
+
+#include "fake-addrinfo.h"
+#include "net-server.h"
+#include <signal.h>
+#include <netdb.h>
+
+#include "udppktinfo.h"
+
+/* XXX */
+#define KDC5_NONET                               (-1779992062L)
+
+static int tcp_or_rpc_data_counter;
+static int max_tcp_or_rpc_data_connections = 45;
+
+static int
+setreuseaddr(int sock, int value)
+{
+    int st;
+
+    st = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &value, sizeof(value));
+    if (st)
+        return st;
+#ifdef SO_REUSEPORT
+    st = setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &value, sizeof(value));
+    if (st)
+        return st;
+#endif
+    return 0;
+}
+
+#if defined(IPV6_V6ONLY)
+static int
+setv6only(int sock, int value)
+{
+    return setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &value, sizeof(value));
+}
+#endif
+
+static const char *
+paddr(struct sockaddr *sa)
+{
+    static char buf[100];
+    char portbuf[10];
+    if (getnameinfo(sa, sa_socklen(sa),
+                    buf, sizeof(buf), portbuf, sizeof(portbuf),
+                    NI_NUMERICHOST|NI_NUMERICSERV))
+        strlcpy(buf, "<unprintable>", sizeof(buf));
+    else {
+        unsigned int len = sizeof(buf) - strlen(buf);
+        char *p = buf + strlen(buf);
+        if (len > 2+strlen(portbuf)) {
+            *p++ = '.';
+            len--;
+            strncpy(p, portbuf, len);
+        }
+    }
+    return buf;
+}
+
+/* KDC data.  */
+
+enum conn_type {
+    CONN_UDP, CONN_TCP_LISTENER, CONN_TCP, CONN_RPC_LISTENER, CONN_RPC
+};
+
+enum bind_type {
+    UDP, TCP, RPC
+};
+
+static const char *const bind_type_names[] = {
+    [UDP] = "UDP",
+    [TCP] = "TCP",
+    [RPC] = "RPC",
+};
+
+/* Per-connection info.  */
+struct connection {
+    void *handle;
+    const char *prog;
+    enum conn_type type;
+
+    /* Connection fields (TCP or RPC) */
+    struct sockaddr_storage addr_s;
+    socklen_t addrlen;
+    char addrbuf[56];
+    krb5_address remote_addr_buf;
+    krb5_fulladdr remote_addr;
+
+    /* Incoming data (TCP) */
+    size_t bufsiz;
+    size_t offset;
+    char *buffer;
+    size_t msglen;
+
+    /* Outgoing data (TCP) */
+    krb5_data *response;
+    unsigned char lenbuf[4];
+    sg_buf sgbuf[2];
+    sg_buf *sgp;
+    int sgnum;
+
+    /* Crude denial-of-service avoidance support (TCP or RPC) */
+    time_t start_time;
+
+    /* RPC-specific fields */
+    SVCXPRT *transp;
+    int rpc_force_close;
+};
+
+#define SET(TYPE) struct { TYPE *data; size_t n, max; }
+
+/* Start at the top and work down -- this should allow for deletions
+   without disrupting the iteration, since we delete by overwriting
+   the element to be removed with the last element.  */
+#define FOREACH_ELT(set,idx,vvar)                                       \
+    for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--)
+
+#define GROW_SET(set, incr, tmpptr)                                     \
+    ((set.max + incr < set.max                                          \
+      || ((set.max + incr) * sizeof(set.data[0]) / sizeof(set.data[0])  \
+          != set.max + incr))                                           \
+     ? 0                         /* overflow */                         \
+     : ((tmpptr = realloc(set.data,                                     \
+                          (set.max + incr) * sizeof(set.data[0])))      \
+        ? (set.data = tmpptr, set.max += incr, 1)                       \
+        : 0))
+
+/* 1 = success, 0 = failure */
+#define ADD(set, val, tmpptr)                           \
+    ((set.n < set.max || GROW_SET(set, 10, tmpptr))     \
+     ? (set.data[set.n++] = val, 1)                     \
+     : 0)
+
+#define DEL(set, idx)                           \
+    (set.data[idx] = set.data[--set.n], 0)
+
+#define FREE_SET_DATA(set)                                      \
+    (free(set.data), set.data = 0, set.max = 0, set.n = 0)
+
+/*
+ * N.B.: The Emacs cc-mode indentation code seems to get confused if
+ * the macro argument here is one word only.  So use "unsigned short"
+ * instead of the "u_short" we were using before.
+ */
+struct rpc_svc_data {
+    u_long prognum;
+    u_long versnum;
+    void (*dispatch)();
+};
+
+struct bind_address {
+    char *address;
+    u_short port;
+    enum bind_type type;
+    struct rpc_svc_data rpc_svc_data;
+};
+
+static SET(verto_ev *) events;
+static SET(struct bind_address) bind_addresses;
+
+verto_ctx *
+loop_init(verto_ev_type types)
+{
+    types |= VERTO_EV_TYPE_IO;
+    types |= VERTO_EV_TYPE_SIGNAL;
+    types |= VERTO_EV_TYPE_TIMEOUT;
+    return verto_default(NULL, types);
+}
+
+static void
+do_break(verto_ctx *ctx, verto_ev *ev)
+{
+    krb5_klog_syslog(LOG_DEBUG, _("Got signal to request exit"));
+    verto_break(ctx);
+}
+
+struct sighup_context {
+    void *handle;
+    void (*reset)(void *);
+};
+
+static void
+do_reset(verto_ctx *ctx, verto_ev *ev)
+{
+    struct sighup_context *sc = (struct sighup_context*) verto_get_private(ev);
+
+    krb5_klog_syslog(LOG_DEBUG, _("Got signal to reset"));
+    krb5_klog_reopen(get_context(sc->handle));
+    if (sc->reset)
+        sc->reset(sc->handle);
+}
+
+static void
+free_sighup_context(verto_ctx *ctx, verto_ev *ev)
+{
+    free(verto_get_private(ev));
+}
+
+krb5_error_code
+loop_setup_signals(verto_ctx *ctx, void *handle, void (*reset)())
+{
+    struct sighup_context *sc;
+    verto_ev *ev;
+
+    if (!verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_break, SIGINT)  ||
+        !verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_break, SIGTERM) ||
+        !verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_break, SIGQUIT) ||
+        !verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, VERTO_SIG_IGN, SIGPIPE))
+        return ENOMEM;
+
+    ev = verto_add_signal(ctx, VERTO_EV_FLAG_PERSIST, do_reset, SIGHUP);
+    if (!ev)
+        return ENOMEM;
+
+    sc = malloc(sizeof(*sc));
+    if (!sc)
+        return ENOMEM;
+
+    sc->handle = handle;
+    sc->reset = reset;
+    verto_set_private(ev, sc, free_sighup_context);
+    return 0;
+}
+
+/*
+ * Add a bind address to the loop.
+ *
+ * Arguments:
+ * - address
+ *      A string for the address (or hostname).  Pass NULL to use the wildcard
+ *      address.  The address is parsed with k5_parse_host_string().
+ * - port
+ *      What port the socket should be set to.
+ * - type
+ *      bind_type for the socket.
+ * - rpc_data
+ *      For RPC addresses, the svc_register() arguments to use when TCP
+ *      connections are created.  Ignored for other types.
+ */
+static krb5_error_code
+loop_add_address(const char *address, int port, enum bind_type type,
+                 struct rpc_svc_data *rpc_data)
+{
+    struct bind_address addr, val;
+    int i;
+    void *tmp;
+    char *addr_copy = NULL;
+
+    assert(!(type == RPC && rpc_data == NULL));
+
+    /* Make sure a valid port number was passed. */
+    if (port < 0 || port > 65535) {
+        krb5_klog_syslog(LOG_ERR, _("Invalid port %d"), port);
+        return EINVAL;
+    }
+
+    /* Check for conflicting addresses. */
+    FOREACH_ELT(bind_addresses, i, val) {
+        if (type != val.type || port != val.port)
+            continue;
+
+        /* If a wildcard address is being added, make sure to remove any direct
+         * addresses. */
+        if (address == NULL && val.address != NULL) {
+            krb5_klog_syslog(LOG_DEBUG,
+                             _("Removing address %s since wildcard address"
+                               " is being added"),
+                             val.address);
+            free(val.address);
+            DEL(bind_addresses, i);
+        } else if (val.address == NULL || !strcmp(address, val.address)) {
+            krb5_klog_syslog(LOG_DEBUG,
+                             _("Address already added to server"));
+            return 0;
+        }
+    }
+
+    /* Copy the address if it is specified. */
+    if (address != NULL) {
+        addr_copy = strdup(address);
+        if (addr_copy == NULL)
+            return ENOMEM;
+    }
+
+    /* Add the new address to bind_addresses. */
+    memset(&addr, 0, sizeof(addr));
+    addr.address = addr_copy;
+    addr.port = port;
+    addr.type = type;
+    if (rpc_data != NULL)
+        addr.rpc_svc_data = *rpc_data;
+    if (!ADD(bind_addresses, addr, tmp)) {
+        free(addr_copy);
+        return ENOMEM;
+    }
+
+    return 0;
+}
+
+/*
+ * Add bind addresses to the loop.
+ *
+ * Arguments:
+ *
+ * - addresses
+ *      A string for the addresses.  Pass NULL to use the wildcard address.
+ *      Supported delimiters can be found in ADDRESSES_DELIM.  Addresses are
+ *      parsed with k5_parse_host_name().
+ * - default_port
+ *      What port the socket should be set to if not specified in addresses.
+ * - type
+ *      bind_type for the socket.
+ * - rpc_data
+ *      For RPC addresses, the svc_register() arguments to use when TCP
+ *      connections are created.  Ignored for other types.
+ */
+static krb5_error_code
+loop_add_addresses(const char *addresses, int default_port,
+                   enum bind_type type, struct rpc_svc_data *rpc_data)
+{
+    krb5_error_code ret = 0;
+    char *addresses_copy = NULL, *host = NULL, *saveptr, *addr;
+    int port;
+
+    /* If no addresses are set, add a wildcard address. */
+    if (addresses == NULL)
+        return loop_add_address(NULL, default_port, type, rpc_data);
+
+    /* Copy the addresses string before using strtok(). */
+    addresses_copy = strdup(addresses);
+    if (addresses_copy == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    /* Start tokenizing the addresses string.  If we get NULL the string
+     * contained no addresses, so add a wildcard address. */
+    addr = strtok_r(addresses_copy, ADDRESSES_DELIM, &saveptr);
+    if (addr == NULL) {
+        ret = loop_add_address(NULL, default_port, type, rpc_data);
+        goto cleanup;
+    }
+
+    /* Loop through each address and add it to the loop. */
+    for (; addr != NULL; addr = strtok_r(NULL, ADDRESSES_DELIM, &saveptr)) {
+        /* Parse the host string. */
+        ret = k5_parse_host_string(addr, default_port, &host, &port);
+        if (ret)
+            goto cleanup;
+
+        ret = loop_add_address(host, port, type, rpc_data);
+        if (ret)
+            goto cleanup;
+
+        free(host);
+        host = NULL;
+    }
+
+cleanup:
+    free(addresses_copy);
+    free(host);
+    return ret;
+}
+
+krb5_error_code
+loop_add_udp_address(int default_port, const char *addresses)
+{
+    return loop_add_addresses(addresses, default_port, UDP, NULL);
+}
+
+krb5_error_code
+loop_add_tcp_address(int default_port, const char *addresses)
+{
+    return loop_add_addresses(addresses, default_port, TCP, NULL);
+}
+
+krb5_error_code
+loop_add_rpc_service(int default_port, const char *addresses, u_long prognum,
+                     u_long versnum, void (*dispatchfn)())
+{
+    struct rpc_svc_data svc;
+
+    svc.prognum = prognum;
+    svc.versnum = versnum;
+    svc.dispatch = dispatchfn;
+    return loop_add_addresses(addresses, default_port, RPC, &svc);
+}
+
+#define USE_AF AF_INET
+#define USE_TYPE SOCK_DGRAM
+#define USE_PROTO 0
+#define SOCKET_ERRNO errno
+#include "foreachaddr.h"
+
+static void
+free_connection(struct connection *conn)
+{
+    if (!conn)
+        return;
+    if (conn->response)
+        krb5_free_data(get_context(conn->handle), conn->response);
+    if (conn->buffer)
+        free(conn->buffer);
+    if (conn->type == CONN_RPC_LISTENER && conn->transp != NULL)
+        svc_destroy(conn->transp);
+    free(conn);
+}
+
+static void
+remove_event_from_set(verto_ev *ev)
+{
+    verto_ev *tmp;
+    int i;
+
+    /* Remove the event from the events. */
+    FOREACH_ELT(events, i, tmp)
+        if (tmp == ev) {
+            DEL(events, i);
+            break;
+        }
+}
+
+static void
+free_socket(verto_ctx *ctx, verto_ev *ev)
+{
+    struct connection *conn = NULL;
+    fd_set fds;
+    int fd;
+
+    remove_event_from_set(ev);
+
+    fd = verto_get_fd(ev);
+    conn = verto_get_private(ev);
+
+    /* Close the file descriptor. */
+    krb5_klog_syslog(LOG_INFO, _("closing down fd %d"), fd);
+    if (fd >= 0 && (!conn || conn->type != CONN_RPC || conn->rpc_force_close))
+        close(fd);
+
+    /* Free the connection struct. */
+    if (conn) {
+        switch (conn->type) {
+        case CONN_RPC:
+            if (conn->rpc_force_close) {
+                FD_ZERO(&fds);
+                FD_SET(fd, &fds);
+                svc_getreqset(&fds);
+                if (FD_ISSET(fd, &svc_fdset)) {
+                    krb5_klog_syslog(LOG_ERR,
+                                     _("descriptor %d closed but still "
+                                       "in svc_fdset"),
+                                     fd);
+                }
+            }
+            /* Fall through. */
+        case CONN_TCP:
+            tcp_or_rpc_data_counter--;
+            break;
+        default:
+            break;
+        }
+
+        free_connection(conn);
+    }
+}
+
+static verto_ev *
+make_event(verto_ctx *ctx, verto_ev_flag flags, verto_callback callback,
+           int sock, struct connection *conn)
+{
+    verto_ev *ev;
+    void *tmp;
+
+    ev = verto_add_io(ctx, flags, callback, sock);
+    if (!ev) {
+        com_err(conn->prog, ENOMEM, _("cannot create io event"));
+        return NULL;
+    }
+
+    if (!ADD(events, ev, tmp)) {
+        com_err(conn->prog, ENOMEM, _("cannot save event"));
+        verto_del(ev);
+        return NULL;
+    }
+
+    verto_set_private(ev, conn, free_socket);
+    return ev;
+}
+
+static krb5_error_code
+add_fd(int sock, enum conn_type conntype, verto_ev_flag flags, void *handle,
+       const char *prog, verto_ctx *ctx, verto_callback callback,
+       verto_ev **ev_out)
+{
+    struct connection *newconn;
+
+    *ev_out = NULL;
+
+#ifndef _WIN32
+    if (sock >= FD_SETSIZE) {
+        com_err(prog, 0, _("file descriptor number %d too high"), sock);
+        return EMFILE;
+    }
+#endif
+    newconn = malloc(sizeof(*newconn));
+    if (newconn == NULL) {
+        com_err(prog, ENOMEM,
+                _("cannot allocate storage for connection info"));
+        return ENOMEM;
+    }
+    memset(newconn, 0, sizeof(*newconn));
+    newconn->handle = handle;
+    newconn->prog = prog;
+    newconn->type = conntype;
+
+    *ev_out = make_event(ctx, flags, callback, sock, newconn);
+    return 0;
+}
+
+static void process_packet(verto_ctx *ctx, verto_ev *ev);
+static void accept_tcp_connection(verto_ctx *ctx, verto_ev *ev);
+static void process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev);
+static void process_tcp_connection_write(verto_ctx *ctx, verto_ev *ev);
+static void accept_rpc_connection(verto_ctx *ctx, verto_ev *ev);
+static void process_rpc_connection(verto_ctx *ctx, verto_ev *ev);
+
+/*
+ * Create a socket and bind it to addr.  Ensure the socket will work with
+ * select().  Set the socket cloexec, reuseaddr, and if applicable v6-only.
+ * Does not call listen().  On failure, log an error and return an error code.
+ */
+static krb5_error_code
+create_server_socket(struct sockaddr *addr, int type, const char *prog,
+                     int *fd_out)
+{
+    int sock, e;
+
+    *fd_out = -1;
+
+    sock = socket(addr->sa_family, type, 0);
+    if (sock == -1) {
+        e = errno;
+        com_err(prog, e, _("Cannot create TCP server socket on %s"),
+                paddr(addr));
+        return e;
+    }
+    set_cloexec_fd(sock);
+
+#ifndef _WIN32                  /* Windows FD_SETSIZE is a count. */
+    if (sock >= FD_SETSIZE) {
+        close(sock);
+        com_err(prog, 0, _("TCP socket fd number %d (for %s) too high"),
+                sock, paddr(addr));
+        return EMFILE;
+    }
+#endif
+
+    if (setreuseaddr(sock, 1) < 0)
+        com_err(prog, errno, _("Cannot enable SO_REUSEADDR on fd %d"), sock);
+
+    if (addr->sa_family == AF_INET6) {
+#ifdef IPV6_V6ONLY
+        if (setv6only(sock, 1)) {
+            com_err(prog, errno, _("setsockopt(%d,IPV6_V6ONLY,1) failed"),
+                    sock);
+        } else {
+            com_err(prog, 0, _("setsockopt(%d,IPV6_V6ONLY,1) worked"), sock);
+        }
+#else
+        krb5_klog_syslog(LOG_INFO, _("no IPV6_V6ONLY socket option support"));
+#endif /* IPV6_V6ONLY */
+    }
+
+    if (bind(sock, addr, sa_socklen(addr)) == -1) {
+        e = errno;
+        com_err(prog, e, _("Cannot bind server socket on %s"), paddr(addr));
+        close(sock);
+        return e;
+    }
+
+    *fd_out = sock;
+    return 0;
+}
+
+static const int one = 1;
+
+static int
+setnbio(int sock)
+{
+    return ioctlsocket(sock, FIONBIO, (const void *)&one);
+}
+
+static int
+setkeepalive(int sock)
+{
+    return setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one));
+}
+
+static int
+setnolinger(int s)
+{
+    static const struct linger ling = { 0, 0 };
+    return setsockopt(s, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling));
+}
+
+/* An enum map to socket families for each bind_type. */
+static const int bind_socktypes[] =
+{
+    [UDP] = SOCK_DGRAM,
+    [TCP] = SOCK_STREAM,
+    [RPC] = SOCK_STREAM
+};
+
+/* An enum map containing conn_type (for struct connection) for each
+ * bind_type.  */
+static const enum conn_type bind_conn_types[] =
+{
+    [UDP] = CONN_UDP,
+    [TCP] = CONN_TCP_LISTENER,
+    [RPC] = CONN_RPC_LISTENER
+};
+
+/*
+ * Set up a listening socket.
+ *
+ * Arguments:
+ *
+ * - ba
+ *      The bind address and port for the socket.
+ * - ai
+ *      The addrinfo struct to use for creating the socket.
+ * - ctype
+ *      The conn_type of this socket.
+ */
+static krb5_error_code
+setup_socket(struct bind_address *ba, struct sockaddr *sock_address,
+             void *handle, const char *prog, verto_ctx *ctx,
+             int tcp_listen_backlog, verto_callback vcb, enum conn_type ctype)
+{
+    krb5_error_code ret;
+    struct connection *conn;
+    verto_ev_flag flags;
+    verto_ev *ev = NULL;
+    int sock = -1;
+
+    krb5_klog_syslog(LOG_DEBUG, _("Setting up %s socket for address %s"),
+                     bind_type_names[ba->type], paddr(sock_address));
+
+    /* Create the socket. */
+    ret = create_server_socket(sock_address, bind_socktypes[ba->type], prog,
+                               &sock);
+    if (ret)
+        goto cleanup;
+
+    /* Listen for backlogged connections on TCP sockets.  (For RPC sockets this
+     * will be done by svc_register().) */
+    if (ba->type == TCP && listen(sock, tcp_listen_backlog) != 0) {
+        ret = errno;
+        com_err(prog, errno, _("Cannot listen on %s server socket on %s"),
+                bind_type_names[ba->type], paddr(sock_address));
+        goto cleanup;
+    }
+
+    /* Set non-blocking I/O for UDP and TCP listener sockets. */
+    if (ba->type != RPC && setnbio(sock) != 0) {
+        ret = errno;
+        com_err(prog, errno,
+                _("cannot set listening %s socket on %s non-blocking"),
+                bind_type_names[ba->type], paddr(sock_address));
+        goto cleanup;
+    }
+
+    /* Turn off the linger option for TCP sockets. */
+    if (ba->type == TCP && setnolinger(sock) != 0) {
+        ret = errno;
+        com_err(prog, errno, _("cannot set SO_LINGER on %s socket on %s"),
+                bind_type_names[ba->type], paddr(sock_address));
+        goto cleanup;
+    }
+
+    /* Try to turn on pktinfo for UDP wildcard sockets. */
+    if (ba->type == UDP && sa_is_wildcard(sock_address)) {
+        krb5_klog_syslog(LOG_DEBUG, _("Setting pktinfo on socket %s"),
+                         paddr(sock_address));
+        ret = set_pktinfo(sock, sock_address->sa_family);
+        if (ret) {
+            com_err(prog, ret,
+                    _("Cannot request packet info for UDP socket address "
+                      "%s port %d"), paddr(sock_address), ba->port);
+            krb5_klog_syslog(LOG_INFO, _("System does not support pktinfo yet "
+                                         "binding to a wildcard address.  "
+                                         "Packets are not guaranteed to "
+                                         "return on the received address."));
+        }
+    }
+
+    /* Add the socket to the event loop. */
+    flags = VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_PERSIST |
+        VERTO_EV_FLAG_REINITIABLE;
+    ret = add_fd(sock, ctype, flags, handle, prog, ctx, vcb, &ev);
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, _("Error attempting to add verto event"));
+        goto cleanup;
+    }
+
+    if (ba->type == RPC) {
+        conn = verto_get_private(ev);
+        conn->transp = svctcp_create(sock, 0, 0);
+        if (conn->transp == NULL) {
+            ret = errno;
+            krb5_klog_syslog(LOG_ERR, _("Cannot create RPC service: %s"),
+                             strerror(ret));
+            goto cleanup;
+        }
+
+        ret = svc_register(conn->transp, ba->rpc_svc_data.prognum,
+                           ba->rpc_svc_data.versnum, ba->rpc_svc_data.dispatch,
+                           0);
+        if (!ret) {
+            ret = errno;
+            krb5_klog_syslog(LOG_ERR, _("Cannot register RPC service: %s"),
+                             strerror(ret));
+            goto cleanup;
+        }
+    }
+
+    ev = NULL;
+    sock = -1;
+    ret = 0;
+
+cleanup:
+    if (sock >= 0)
+        close(sock);
+    if (ev != NULL)
+        verto_del(ev);
+    return ret;
+}
+
+/*
+ * Setup all the socket addresses that the net-server should listen to.
+ *
+ * This function uses getaddrinfo to figure out all the addresses. This will
+ * automatically figure out which socket families that should be used on the
+ * host making it useful even for wildcard addresses.
+ */
+static krb5_error_code
+setup_addresses(verto_ctx *ctx, void *handle, const char *prog,
+                int tcp_listen_backlog)
+{
+    /* An bind_type enum map for the verto callback functions. */
+    static verto_callback *const verto_callbacks[] = {
+        [UDP] = &process_packet,
+        [TCP] = &accept_tcp_connection,
+        [RPC] = &accept_rpc_connection
+    };
+    krb5_error_code ret = 0;
+    size_t i;
+    int err, bound_any;
+    struct bind_address addr;
+    struct addrinfo hints, *ai_list = NULL, *ai = NULL;
+    verto_callback vcb;
+
+    /* Check to make sure addresses were added to the server. */
+    if (bind_addresses.n == 0) {
+        krb5_klog_syslog(LOG_ERR, _("No addresses added to the net server"));
+        return EINVAL;
+    }
+
+    /* Ask for all address families, listener addresses, and no port name
+     * resolution. */
+    memset(&hints, 0, sizeof(struct addrinfo));
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_flags = AI_PASSIVE;
+#ifdef AI_NUMERICSERV
+    hints.ai_flags |= AI_NUMERICSERV;
+#endif
+
+    /* Add all the requested addresses. */
+    for (i = 0; i < bind_addresses.n; i++) {
+        addr = bind_addresses.data[i];
+        hints.ai_socktype = bind_socktypes[addr.type];
+
+        /* Call getaddrinfo, using a dummy port value. */
+        err = getaddrinfo(addr.address, "0", &hints, &ai_list);
+        if (err) {
+            krb5_klog_syslog(LOG_ERR,
+                             _("Failed getting address info (for %s): %s"),
+                             (addr.address == NULL) ? "<wildcard>" :
+                             addr.address, gai_strerror(err));
+            ret = EIO;
+            goto cleanup;
+        }
+
+        /*
+         * Loop through all the sockets that getaddrinfo could find to match
+         * the requested address.  For wildcard listeners, this should usually
+         * have two results, one for each of IPv4 and IPv6, or one or the
+         * other, depending on the system.  On IPv4-only systems, getaddrinfo()
+         * may return both IPv4 and IPv6 addresses, but creating an IPv6 socket
+         * may give an EAFNOSUPPORT error, so tolerate that error as long as we
+         * can bind at least one socket.
+         */
+        bound_any = 0;
+        for (ai = ai_list; ai != NULL; ai = ai->ai_next) {
+            /* Make sure getaddrinfo returned a socket with the same type that
+             * was requested. */
+            assert(hints.ai_socktype == ai->ai_socktype);
+
+            /* Set the real port number. */
+            sa_setport(ai->ai_addr, addr.port);
+
+            ret = setup_socket(&addr, ai->ai_addr, handle, prog, ctx,
+                               tcp_listen_backlog, verto_callbacks[addr.type],
+                               bind_conn_types[addr.type]);
+            if (ret) {
+                krb5_klog_syslog(LOG_ERR,
+                                 _("Failed setting up a %s socket (for %s)"),
+                                 bind_type_names[addr.type],
+                                 paddr(ai->ai_addr));
+                if (ret != EAFNOSUPPORT)
+                    goto cleanup;
+            } else {
+                bound_any = 1;
+            }
+        }
+        if (!bound_any)
+            goto cleanup;
+        ret = 0;
+
+        if (ai_list != NULL)
+            freeaddrinfo(ai_list);
+        ai_list = NULL;
+    }
+
+cleanup:
+    if (ai_list != NULL)
+        freeaddrinfo(ai_list);
+    return ret;
+}
+
+krb5_error_code
+loop_setup_network(verto_ctx *ctx, void *handle, const char *prog,
+                   int tcp_listen_backlog)
+{
+    krb5_error_code ret;
+    verto_ev *ev;
+    int i;
+
+    /* Check to make sure that at least one address was added to the loop. */
+    if (bind_addresses.n == 0)
+        return EINVAL;
+
+    /* Close any open connections. */
+    FOREACH_ELT(events, i, ev)
+        verto_del(ev);
+    events.n = 0;
+
+    krb5_klog_syslog(LOG_INFO, _("setting up network..."));
+    ret = setup_addresses(ctx, handle, prog, tcp_listen_backlog);
+    if (ret) {
+        com_err(prog, ret, _("Error setting up network"));
+        exit(1);
+    }
+    krb5_klog_syslog (LOG_INFO, _("set up %d sockets"), (int) events.n);
+    if (events.n == 0) {
+        /* If no sockets were set up, we can't continue. */
+        com_err(prog, 0, _("no sockets set up?"));
+        exit (1);
+    }
+
+    return 0;
+}
+
+void
+init_addr(krb5_fulladdr *faddr, struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET:
+        faddr->address->addrtype = ADDRTYPE_INET;
+        faddr->address->length = 4;
+        faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr;
+        faddr->port = ntohs(sa2sin(sa)->sin_port);
+        break;
+    case AF_INET6:
+        if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) {
+            faddr->address->addrtype = ADDRTYPE_INET;
+            faddr->address->length = 4;
+            faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr;
+        } else {
+            faddr->address->addrtype = ADDRTYPE_INET6;
+            faddr->address->length = 16;
+            faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr;
+        }
+        faddr->port = ntohs(sa2sin6(sa)->sin6_port);
+        break;
+    default:
+        faddr->address->addrtype = -1;
+        faddr->address->length = 0;
+        faddr->address->contents = 0;
+        faddr->port = 0;
+        break;
+    }
+}
+
+struct udp_dispatch_state {
+    void *handle;
+    const char *prog;
+    int port_fd;
+    krb5_address remote_addr_buf;
+    krb5_fulladdr remote_addr;
+    krb5_address local_addr_buf;
+    krb5_fulladdr local_addr;
+    socklen_t saddr_len;
+    socklen_t daddr_len;
+    struct sockaddr_storage saddr;
+    struct sockaddr_storage daddr;
+    aux_addressing_info auxaddr;
+    krb5_data request;
+    char pktbuf[MAX_DGRAM_SIZE];
+};
+
+static void
+process_packet_response(void *arg, krb5_error_code code, krb5_data *response)
+{
+    struct udp_dispatch_state *state = arg;
+    int cc;
+
+    if (code)
+        com_err(state->prog ? state->prog : NULL, code,
+                _("while dispatching (udp)"));
+    if (code || response == NULL)
+        goto out;
+
+    cc = send_to_from(state->port_fd, response->data,
+                      (socklen_t) response->length, 0,
+                      (struct sockaddr *)&state->saddr, state->saddr_len,
+                      (struct sockaddr *)&state->daddr, state->daddr_len,
+                      &state->auxaddr);
+    if (cc == -1) {
+        /* Note that the local address (daddr*) has no port number
+         * info associated with it. */
+        char saddrbuf[NI_MAXHOST], sportbuf[NI_MAXSERV];
+        char daddrbuf[NI_MAXHOST];
+        int e = errno;
+
+        if (getnameinfo((struct sockaddr *)&state->daddr, state->daddr_len,
+                        daddrbuf, sizeof(daddrbuf), 0, 0,
+                        NI_NUMERICHOST) != 0) {
+            strlcpy(daddrbuf, "?", sizeof(daddrbuf));
+        }
+
+        if (getnameinfo((struct sockaddr *)&state->saddr, state->saddr_len,
+                        saddrbuf, sizeof(saddrbuf), sportbuf, sizeof(sportbuf),
+                        NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+            strlcpy(saddrbuf, "?", sizeof(saddrbuf));
+            strlcpy(sportbuf, "?", sizeof(sportbuf));
+        }
+
+        com_err(state->prog, e, _("while sending reply to %s/%s from %s"),
+                saddrbuf, sportbuf, daddrbuf);
+        goto out;
+    }
+    if ((size_t)cc != response->length) {
+        com_err(state->prog, 0, _("short reply write %d vs %d\n"),
+                response->length, cc);
+    }
+
+out:
+    krb5_free_data(get_context(state->handle), response);
+    free(state);
+}
+
+static void
+process_packet(verto_ctx *ctx, verto_ev *ev)
+{
+    int cc;
+    struct connection *conn;
+    struct udp_dispatch_state *state;
+
+    conn = verto_get_private(ev);
+
+    state = malloc(sizeof(*state));
+    if (!state) {
+        com_err(conn->prog, ENOMEM, _("while dispatching (udp)"));
+        return;
+    }
+
+    state->handle = conn->handle;
+    state->prog = conn->prog;
+    state->port_fd = verto_get_fd(ev);
+    assert(state->port_fd >= 0);
+
+    state->saddr_len = sizeof(state->saddr);
+    state->daddr_len = sizeof(state->daddr);
+    memset(&state->auxaddr, 0, sizeof(state->auxaddr));
+    cc = recv_from_to(state->port_fd, state->pktbuf, sizeof(state->pktbuf), 0,
+                      (struct sockaddr *)&state->saddr, &state->saddr_len,
+                      (struct sockaddr *)&state->daddr, &state->daddr_len,
+                      &state->auxaddr);
+    if (cc == -1) {
+        if (errno != EINTR && errno != EAGAIN
+            /*
+             * This is how Linux indicates that a previous transmission was
+             * refused, e.g., if the client timed out before getting the
+             * response packet.
+             */
+            && errno != ECONNREFUSED
+        )
+            com_err(conn->prog, errno, _("while receiving from network"));
+        free(state);
+        return;
+    }
+    if (!cc) { /* zero-length packet? */
+        free(state);
+        return;
+    }
+
+    if (state->daddr_len == 0 && conn->type == CONN_UDP) {
+        /*
+         * An address couldn't be obtained, so the PKTINFO option probably
+         * isn't available.  If the socket is bound to a specific address, then
+         * try to get the address here.
+         */
+        state->daddr_len = sizeof(state->daddr);
+        if (getsockname(state->port_fd, (struct sockaddr *)&state->daddr,
+                        &state->daddr_len) != 0)
+            state->daddr_len = 0;
+        /* On failure, keep going anyways. */
+    }
+
+    state->request.length = cc;
+    state->request.data = state->pktbuf;
+
+    state->remote_addr.address = &state->remote_addr_buf;
+    init_addr(&state->remote_addr, ss2sa(&state->saddr));
+
+    state->local_addr.address = &state->local_addr_buf;
+    init_addr(&state->local_addr, ss2sa(&state->daddr));
+
+    /* This address is in net order. */
+    dispatch(state->handle, &state->local_addr, &state->remote_addr,
+             &state->request, 0, ctx, process_packet_response, state);
+}
+
+static int
+kill_lru_tcp_or_rpc_connection(void *handle, verto_ev *newev)
+{
+    struct connection *c = NULL, *oldest_c = NULL;
+    verto_ev *ev, *oldest_ev = NULL;
+    int i, fd = -1;
+
+    krb5_klog_syslog(LOG_INFO, _("too many connections"));
+
+    FOREACH_ELT (events, i, ev) {
+        if (ev == newev)
+            continue;
+
+        c = verto_get_private(ev);
+        if (!c)
+            continue;
+        if (c->type != CONN_TCP && c->type != CONN_RPC)
+            continue;
+        if (oldest_c == NULL
+            || oldest_c->start_time > c->start_time) {
+            oldest_ev = ev;
+            oldest_c = c;
+        }
+    }
+    if (oldest_c != NULL) {
+        krb5_klog_syslog(LOG_INFO, _("dropping %s fd %d from %s"),
+                         c->type == CONN_RPC ? "rpc" : "tcp",
+                         verto_get_fd(oldest_ev), oldest_c->addrbuf);
+        if (oldest_c->type == CONN_RPC)
+            oldest_c->rpc_force_close = 1;
+        verto_del(oldest_ev);
+    }
+    return fd;
+}
+
+static void
+accept_tcp_connection(verto_ctx *ctx, verto_ev *ev)
+{
+    int s;
+    struct sockaddr_storage addr_s;
+    struct sockaddr *addr = (struct sockaddr *)&addr_s;
+    socklen_t addrlen = sizeof(addr_s);
+    struct connection *newconn, *conn;
+    char tmpbuf[10];
+    verto_ev_flag flags;
+    verto_ev *newev;
+
+    conn = verto_get_private(ev);
+    s = accept(verto_get_fd(ev), addr, &addrlen);
+    if (s < 0)
+        return;
+    set_cloexec_fd(s);
+#ifndef _WIN32
+    if (s >= FD_SETSIZE) {
+        close(s);
+        return;
+    }
+#endif
+    setnbio(s), setnolinger(s), setkeepalive(s);
+
+    flags = VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_PERSIST;
+    if (add_fd(s, CONN_TCP, flags, conn->handle, conn->prog, ctx,
+               process_tcp_connection_read, &newev) != 0) {
+        close(s);
+        return;
+    }
+    newconn = verto_get_private(newev);
+
+    if (getnameinfo((struct sockaddr *)&addr_s, addrlen,
+                    newconn->addrbuf, sizeof(newconn->addrbuf),
+                    tmpbuf, sizeof(tmpbuf),
+                    NI_NUMERICHOST | NI_NUMERICSERV))
+        strlcpy(newconn->addrbuf, "???", sizeof(newconn->addrbuf));
+    else {
+        char *p, *end;
+        p = newconn->addrbuf;
+        end = p + sizeof(newconn->addrbuf);
+        p += strlen(p);
+        if ((size_t)(end - p) > 2 + strlen(tmpbuf)) {
+            *p++ = '.';
+            strlcpy(p, tmpbuf, end - p);
+        }
+    }
+
+    newconn->addr_s = addr_s;
+    newconn->addrlen = addrlen;
+    newconn->bufsiz = 1024 * 1024;
+    newconn->buffer = malloc(newconn->bufsiz);
+    newconn->start_time = time(0);
+
+    if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
+        kill_lru_tcp_or_rpc_connection(conn->handle, newev);
+
+    if (newconn->buffer == 0) {
+        com_err(conn->prog, errno,
+                _("allocating buffer for new TCP session from %s"),
+                newconn->addrbuf);
+        verto_del(newev);
+        return;
+    }
+    newconn->offset = 0;
+    newconn->remote_addr.address = &newconn->remote_addr_buf;
+    init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s));
+    SG_SET(&newconn->sgbuf[0], newconn->lenbuf, 4);
+    SG_SET(&newconn->sgbuf[1], 0, 0);
+}
+
+struct tcp_dispatch_state {
+    struct sockaddr_storage local_saddr;
+    krb5_address local_addr_buf;
+    krb5_fulladdr local_addr;
+    struct connection *conn;
+    krb5_data request;
+    verto_ctx *ctx;
+    int sock;
+};
+
+static void
+process_tcp_response(void *arg, krb5_error_code code, krb5_data *response)
+{
+    struct tcp_dispatch_state *state = arg;
+    verto_ev *ev;
+
+    assert(state);
+    state->conn->response = response;
+
+    if (code)
+        com_err(state->conn->prog, code, _("while dispatching (tcp)"));
+    if (code || !response)
+        goto kill_tcp_connection;
+
+    /* Queue outgoing response. */
+    store_32_be(response->length, state->conn->lenbuf);
+    SG_SET(&state->conn->sgbuf[1], response->data, response->length);
+    state->conn->sgp = state->conn->sgbuf;
+    state->conn->sgnum = 2;
+
+    ev = make_event(state->ctx, VERTO_EV_FLAG_IO_WRITE | VERTO_EV_FLAG_PERSIST,
+                    process_tcp_connection_write, state->sock, state->conn);
+    if (ev) {
+        free(state);
+        return;
+    }
+
+kill_tcp_connection:
+    tcp_or_rpc_data_counter--;
+    free_connection(state->conn);
+    close(state->sock);
+    free(state);
+}
+
+/* Creates the tcp_dispatch_state and deletes the verto event. */
+static struct tcp_dispatch_state *
+prepare_for_dispatch(verto_ctx *ctx, verto_ev *ev)
+{
+    struct tcp_dispatch_state *state;
+
+    state = malloc(sizeof(*state));
+    if (!state) {
+        krb5_klog_syslog(LOG_ERR, _("error allocating tcp dispatch private!"));
+        return NULL;
+    }
+    state->conn = verto_get_private(ev);
+    state->sock = verto_get_fd(ev);
+    state->ctx = ctx;
+    verto_set_private(ev, NULL, NULL); /* Don't close the fd or free conn! */
+    remove_event_from_set(ev); /* Remove it from the set. */
+    verto_del(ev);
+    return state;
+}
+
+static void
+process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
+{
+    struct tcp_dispatch_state *state = NULL;
+    struct connection *conn = NULL;
+    ssize_t nread;
+    size_t len;
+
+    conn = verto_get_private(ev);
+
+    /*
+     * Read message length and data into one big buffer, already allocated
+     * at connect time.  If we have a complete message, we stop reading, so
+     * we should only be here if there is no data in the buffer, or only an
+     * incomplete message.
+     */
+    if (conn->offset < 4) {
+        krb5_data *response = NULL;
+
+        /* msglen has not been computed.  XXX Doing at least two reads
+         * here, letting the kernel worry about buffering. */
+        len = 4 - conn->offset;
+        nread = SOCKET_READ(verto_get_fd(ev),
+                            conn->buffer + conn->offset, len);
+        if (nread < 0) /* error */
+            goto kill_tcp_connection;
+        if (nread == 0) /* eof */
+            goto kill_tcp_connection;
+        conn->offset += nread;
+        if (conn->offset == 4) {
+            unsigned char *p = (unsigned char *)conn->buffer;
+            conn->msglen = load_32_be(p);
+            if (conn->msglen > conn->bufsiz - 4) {
+                krb5_error_code err;
+                /* Message too big. */
+                krb5_klog_syslog(LOG_ERR, _("TCP client %s wants %lu bytes, "
+                                            "cap is %lu"), conn->addrbuf,
+                                 (unsigned long) conn->msglen,
+                                 (unsigned long) conn->bufsiz - 4);
+                /* XXX Should return an error.  */
+                err = make_toolong_error (conn->handle,
+                                          &response);
+                if (err) {
+                    krb5_klog_syslog(LOG_ERR, _("error constructing "
+                                                "KRB_ERR_FIELD_TOOLONG error! %s"),
+                                     error_message(err));
+                    goto kill_tcp_connection;
+                }
+
+                state = prepare_for_dispatch(ctx, ev);
+                if (!state) {
+                    krb5_free_data(get_context(conn->handle), response);
+                    goto kill_tcp_connection;
+                }
+                process_tcp_response(state, 0, response);
+            }
+        }
+    } else {
+        /* msglen known. */
+        socklen_t local_saddrlen = sizeof(struct sockaddr_storage);
+
+        len = conn->msglen - (conn->offset - 4);
+        nread = SOCKET_READ(verto_get_fd(ev),
+                            conn->buffer + conn->offset, len);
+        if (nread < 0) /* error */
+            goto kill_tcp_connection;
+        if (nread == 0) /* eof */
+            goto kill_tcp_connection;
+        conn->offset += nread;
+        if (conn->offset < conn->msglen + 4)
+            return;
+
+        /* Have a complete message, and exactly one message. */
+        state = prepare_for_dispatch(ctx, ev);
+        if (!state)
+            goto kill_tcp_connection;
+
+        state->request.length = conn->msglen;
+        state->request.data = conn->buffer + 4;
+
+        if (getsockname(verto_get_fd(ev), ss2sa(&state->local_saddr),
+                        &local_saddrlen) < 0) {
+            krb5_klog_syslog(LOG_ERR, _("getsockname failed: %s"),
+                             error_message(errno));
+            goto kill_tcp_connection;
+        }
+        state->local_addr.address = &state->local_addr_buf;
+        init_addr(&state->local_addr, ss2sa(&state->local_saddr));
+        dispatch(state->conn->handle, &state->local_addr, &conn->remote_addr,
+                 &state->request, 1, ctx, process_tcp_response, state);
+    }
+
+    return;
+
+kill_tcp_connection:
+    verto_del(ev);
+}
+
+static void
+process_tcp_connection_write(verto_ctx *ctx, verto_ev *ev)
+{
+    struct connection *conn;
+    SOCKET_WRITEV_TEMP tmp;
+    ssize_t nwrote;
+    int sock;
+
+    conn = verto_get_private(ev);
+    sock = verto_get_fd(ev);
+
+    nwrote = SOCKET_WRITEV(sock, conn->sgp,
+                           conn->sgnum, tmp);
+    if (nwrote > 0) { /* non-error and non-eof */
+        while (nwrote) {
+            sg_buf *sgp = conn->sgp;
+            if ((size_t)nwrote < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, (size_t)nwrote);
+                nwrote = 0;
+            } else {
+                nwrote -= SG_LEN(sgp);
+                conn->sgp++;
+                conn->sgnum--;
+                if (conn->sgnum == 0 && nwrote != 0)
+                    abort();
+            }
+        }
+
+        /* If we still have more data to send, just return so that
+         * the main loop can call this function again when the socket
+         * is ready for more writing. */
+        if (conn->sgnum > 0)
+            return;
+    }
+
+    /* Finished sending.  We should go back to reading, though if we
+     * sent a FIELD_TOOLONG error in reply to a length with the high
+     * bit set, RFC 4120 says we have to close the TCP stream. */
+    verto_del(ev);
+}
+
+void
+loop_free(verto_ctx *ctx)
+{
+    int i;
+    struct bind_address val;
+
+    verto_free(ctx);
+
+    /* Free each addresses added to the loop. */
+    FOREACH_ELT(bind_addresses, i, val)
+        free(val.address);
+    FREE_SET_DATA(bind_addresses);
+    FREE_SET_DATA(events);
+}
+
+static int
+have_event_for_fd(int fd)
+{
+    verto_ev *ev;
+    int i;
+
+    FOREACH_ELT(events, i, ev) {
+        if (verto_get_fd(ev) == fd)
+            return 1;
+    }
+
+    return 0;
+}
+
+static void
+accept_rpc_connection(verto_ctx *ctx, verto_ev *ev)
+{
+    verto_ev_flag flags;
+    struct connection *conn;
+    fd_set fds;
+    int s;
+
+    conn = verto_get_private(ev);
+
+    /* Service the woken RPC listener descriptor. */
+    FD_ZERO(&fds);
+    FD_SET(verto_get_fd(ev), &fds);
+    svc_getreqset(&fds);
+
+    /* Scan svc_fdset for any new connections. */
+    for (s = 0; s < FD_SETSIZE; s++) {
+        struct sockaddr_storage addr_s;
+        struct sockaddr *addr = (struct sockaddr *) &addr_s;
+        socklen_t addrlen = sizeof(addr_s);
+        struct connection *newconn;
+        char tmpbuf[10];
+        verto_ev *newev;
+
+        /* If we already have this fd, continue. */
+        if (!FD_ISSET(s, &svc_fdset) || have_event_for_fd(s))
+            continue;
+
+        flags = VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_PERSIST;
+        if (add_fd(s, CONN_RPC, flags, conn->handle, conn->prog, ctx,
+                   process_rpc_connection, &newev) != 0)
+            continue;
+        newconn = verto_get_private(newev);
+
+        set_cloexec_fd(s);
+
+        if (getpeername(s, addr, &addrlen) ||
+            getnameinfo(addr, addrlen,
+                        newconn->addrbuf,
+                        sizeof(newconn->addrbuf),
+                        tmpbuf, sizeof(tmpbuf),
+                        NI_NUMERICHOST | NI_NUMERICSERV)) {
+            strlcpy(newconn->addrbuf, "???",
+                    sizeof(newconn->addrbuf));
+        } else {
+            char *p, *end;
+            p = newconn->addrbuf;
+            end = p + sizeof(newconn->addrbuf);
+            p += strlen(p);
+            if ((size_t)(end - p) > 2 + strlen(tmpbuf)) {
+                *p++ = '.';
+                strlcpy(p, tmpbuf, end - p);
+            }
+        }
+
+        newconn->addr_s = addr_s;
+        newconn->addrlen = addrlen;
+        newconn->start_time = time(0);
+
+        if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
+            kill_lru_tcp_or_rpc_connection(newconn->handle, newev);
+
+        newconn->remote_addr.address = &newconn->remote_addr_buf;
+        init_addr(&newconn->remote_addr, ss2sa(&newconn->addr_s));
+    }
+}
+
+static void
+process_rpc_connection(verto_ctx *ctx, verto_ev *ev)
+{
+    fd_set fds;
+
+    FD_ZERO(&fds);
+    FD_SET(verto_get_fd(ev), &fds);
+    svc_getreqset(&fds);
+
+    if (!FD_ISSET(verto_get_fd(ev), &svc_fdset))
+        verto_del(ev);
+}
+
+#endif /* INET */
diff --git a/krb5-1.21.3/src/lib/apputils/udppktinfo.c b/krb5-1.21.3/src/lib/apputils/udppktinfo.c
new file mode 100644
index 00000000..c6e86f69
--- /dev/null
+++ b/krb5-1.21.3/src/lib/apputils/udppktinfo.c
@@ -0,0 +1,526 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2016 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* macOS requires this define for IPV6_PKTINFO. */
+#define __APPLE_USE_RFC_3542
+
+#include "udppktinfo.h"
+
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+#if defined(IP_PKTINFO) && defined(HAVE_STRUCT_IN_PKTINFO)
+#define HAVE_IP_PKTINFO
+#endif
+
+#if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
+#define HAVE_IPV6_PKTINFO
+#endif
+
+#if defined(HAVE_IP_PKTINFO) || defined(IP_SENDSRCADDR) ||      \
+    defined(HAVE_IPV6_PKTINFO)
+#define HAVE_PKTINFO_SUPPORT
+#endif
+
+/* Use RFC 3542 API below, but fall back from IPV6_RECVPKTINFO to IPV6_PKTINFO
+ * for RFC 2292 implementations. */
+#if !defined(IPV6_RECVPKTINFO) && defined(IPV6_PKTINFO)
+#define IPV6_RECVPKTINFO IPV6_PKTINFO
+#endif
+
+/* Parallel, though not standardized. */
+#if !defined(IP_RECVPKTINFO) && defined(IP_PKTINFO)
+#define IP_RECVPKTINFO IP_PKTINFO
+#endif /* IP_RECVPKTINFO */
+
+#if defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) &&      \
+    defined(HAVE_PKTINFO_SUPPORT)
+union pktinfo {
+#ifdef HAVE_STRUCT_IN6_PKTINFO
+    struct in6_pktinfo pi6;
+#endif
+#ifdef HAVE_STRUCT_IN_PKTINFO
+    struct in_pktinfo pi4;
+#endif
+#ifdef IP_RECVDSTADDR
+    struct in_addr iaddr;
+#endif
+    char c;
+};
+#endif /* HAVE_IPV6_PKTINFO && HAVE_STRUCT_CMSGHDR && HAVE_PKTINFO_SUPPORT */
+
+#ifdef HAVE_IP_PKTINFO
+
+#define set_ipv4_pktinfo set_ipv4_recvpktinfo
+static inline krb5_error_code
+set_ipv4_recvpktinfo(int sock)
+{
+    int sockopt = 1;
+    return setsockopt(sock, IPPROTO_IP, IP_RECVPKTINFO, &sockopt,
+                      sizeof(sockopt));
+}
+
+#elif defined(IP_RECVDSTADDR) /* HAVE_IP_PKTINFO */
+
+#define set_ipv4_pktinfo set_ipv4_recvdstaddr
+static inline krb5_error_code
+set_ipv4_recvdstaddr(int sock)
+{
+    int sockopt = 1;
+    return setsockopt(sock, IPPROTO_IP, IP_RECVDSTADDR, &sockopt,
+                      sizeof(sockopt));
+}
+
+#else /* HAVE_IP_PKTINFO || IP_RECVDSTADDR */
+#define set_ipv4_pktinfo(s) EINVAL
+#endif /* HAVE_IP_PKTINFO || IP_RECVDSTADDR */
+
+#ifdef HAVE_IPV6_PKTINFO
+
+#define set_ipv6_pktinfo set_ipv6_recvpktinfo
+static inline krb5_error_code
+set_ipv6_recvpktinfo(int sock)
+{
+    int sockopt = 1;
+    return setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &sockopt,
+                      sizeof(sockopt));
+}
+
+#else /* HAVE_IPV6_PKTINFO */
+#define set_ipv6_pktinfo(s) EINVAL
+#endif /* HAVE_IPV6_PKTINFO */
+
+/*
+ * Set pktinfo option on a socket. Takes a socket and the socket address family
+ * as arguments.
+ *
+ * Returns 0 on success, EINVAL if pktinfo is not supported for the address
+ * family.
+ */
+krb5_error_code
+set_pktinfo(int sock, int family)
+{
+    switch (family) {
+    case AF_INET:
+        return set_ipv4_pktinfo(sock);
+    case AF_INET6:
+        return set_ipv6_pktinfo(sock);
+    default:
+        return EINVAL;
+    }
+}
+
+#if defined(HAVE_PKTINFO_SUPPORT) && defined(CMSG_SPACE)
+
+/*
+ * Check if a socket is bound to a wildcard address.
+ * Returns 1 if it is, 0 if it's bound to a specific address, or -1 on error
+ * with errno set to the error.
+ */
+static int
+is_socket_bound_to_wildcard(int sock)
+{
+    struct sockaddr_storage bound_addr;
+    socklen_t bound_addr_len = sizeof(bound_addr);
+    struct sockaddr *sa = ss2sa(&bound_addr);
+
+    if (getsockname(sock, sa, &bound_addr_len) < 0)
+        return -1;
+
+    if (!sa_is_inet(sa)) {
+        errno = EINVAL;
+        return -1;
+    }
+
+    return sa_is_wildcard(sa);
+}
+
+#ifdef HAVE_IP_PKTINFO
+
+static inline struct in_pktinfo *
+cmsg2pktinfo(struct cmsghdr *cmsgptr)
+{
+    return (struct in_pktinfo *)(void *)CMSG_DATA(cmsgptr);
+}
+
+#define check_cmsg_v4_pktinfo check_cmsg_ip_pktinfo
+static int
+check_cmsg_ip_pktinfo(struct cmsghdr *cmsgptr, struct sockaddr *to,
+                      socklen_t *tolen, aux_addressing_info *auxaddr)
+{
+    struct in_pktinfo *pktinfo;
+
+    if (cmsgptr->cmsg_level == IPPROTO_IP &&
+        cmsgptr->cmsg_type == IP_PKTINFO &&
+        *tolen >= sizeof(struct sockaddr_in)) {
+
+        memset(to, 0, sizeof(struct sockaddr_in));
+        pktinfo = cmsg2pktinfo(cmsgptr);
+        sa2sin(to)->sin_addr = pktinfo->ipi_addr;
+        sa2sin(to)->sin_family = AF_INET;
+        *tolen = sizeof(struct sockaddr_in);
+        return 1;
+    }
+    return 0;
+}
+
+#elif defined(IP_RECVDSTADDR) /* HAVE_IP_PKTINFO */
+
+static inline struct in_addr *
+cmsg2sin(struct cmsghdr *cmsgptr)
+{
+    return (struct in_addr *)(void *)CMSG_DATA(cmsgptr);
+}
+
+#define check_cmsg_v4_pktinfo check_cmsg_ip_recvdstaddr
+static int
+check_cmsg_ip_recvdstaddr(struct cmsghdr *cmsgptr, struct sockaddr *to,
+                          socklen_t *tolen, aux_addressing_info * auxaddr)
+{
+    if (cmsgptr->cmsg_level == IPPROTO_IP &&
+        cmsgptr->cmsg_type == IP_RECVDSTADDR &&
+        *tolen >= sizeof(struct sockaddr_in)) {
+        struct in_addr *sin_addr;
+
+        memset(to, 0, sizeof(struct sockaddr_in));
+        sin_addr = cmsg2sin(cmsgptr);
+        sa2sin(to)->sin_addr = *sin_addr;
+        sa2sin(to)->sin_family = AF_INET;
+        *tolen = sizeof(struct sockaddr_in);
+        return 1;
+    }
+    return 0;
+}
+
+#else /* HAVE_IP_PKTINFO || IP_RECVDSTADDR */
+#define check_cmsg_v4_pktinfo(c, t, l, a) 0
+#endif /* HAVE_IP_PKTINFO || IP_RECVDSTADDR */
+
+#ifdef HAVE_IPV6_PKTINFO
+
+static inline struct in6_pktinfo *
+cmsg2pktinfo6(struct cmsghdr *cmsgptr)
+{
+    return (struct in6_pktinfo *)(void *)CMSG_DATA(cmsgptr);
+}
+
+#define check_cmsg_v6_pktinfo check_cmsg_ipv6_pktinfo
+static int
+check_cmsg_ipv6_pktinfo(struct cmsghdr *cmsgptr, struct sockaddr *to,
+                        socklen_t *tolen, aux_addressing_info *auxaddr)
+{
+    struct in6_pktinfo *pktinfo;
+
+    if (cmsgptr->cmsg_level == IPPROTO_IPV6 &&
+        cmsgptr->cmsg_type == IPV6_PKTINFO &&
+        *tolen >= sizeof(struct sockaddr_in6)) {
+
+        memset(to, 0, sizeof(struct sockaddr_in6));
+        pktinfo = cmsg2pktinfo6(cmsgptr);
+        sa2sin6(to)->sin6_addr = pktinfo->ipi6_addr;
+        sa2sin6(to)->sin6_family = AF_INET6;
+        *tolen = sizeof(struct sockaddr_in6);
+        auxaddr->ipv6_ifindex = pktinfo->ipi6_ifindex;
+        return 1;
+    }
+    return 0;
+}
+#else /* HAVE_IPV6_PKTINFO */
+#define check_cmsg_v6_pktinfo(c, t, l, a) 0
+#endif /* HAVE_IPV6_PKTINFO */
+
+static int
+check_cmsg_pktinfo(struct cmsghdr *cmsgptr, struct sockaddr *to,
+                   socklen_t *tolen, aux_addressing_info *auxaddr)
+{
+    return check_cmsg_v4_pktinfo(cmsgptr, to, tolen, auxaddr) ||
+           check_cmsg_v6_pktinfo(cmsgptr, to, tolen, auxaddr);
+}
+
+/*
+ * Receive a message from a socket.
+ *
+ * Arguments:
+ *  sock
+ *  buf     - The buffer to store the message in.
+ *  len     - buf length
+ *  flags
+ *  from    - Set to the address that sent the message
+ *  fromlen
+ *  to      - Set to the address that the message was sent to if possible.
+ *            May not be set in certain cases such as if pktinfo support is
+ *            missing. May be NULL.
+ *  tolen
+ *  auxaddr - Miscellaneous address information.
+ *
+ * Returns 0 on success, otherwise an error code.
+ */
+krb5_error_code
+recv_from_to(int sock, void *buf, size_t len, int flags,
+             struct sockaddr *from, socklen_t * fromlen,
+             struct sockaddr *to, socklen_t * tolen,
+             aux_addressing_info *auxaddr)
+
+{
+    int r;
+    struct iovec iov;
+    char cmsg[CMSG_SPACE(sizeof(union pktinfo))];
+    struct cmsghdr *cmsgptr;
+    struct msghdr msg;
+
+    /* Don't use pktinfo if the socket isn't bound to a wildcard address. */
+    r = is_socket_bound_to_wildcard(sock);
+    if (r < 0)
+        return errno;
+
+    if (!to || !tolen || !r)
+        return recvfrom(sock, buf, len, flags, from, fromlen);
+
+    /* Clobber with something recognizable in case we can't extract the address
+     * but try to use it anyways. */
+    memset(to, 0x40, *tolen);
+
+    iov.iov_base = buf;
+    iov.iov_len = len;
+    memset(&msg, 0, sizeof(msg));
+    msg.msg_name = from;
+    msg.msg_namelen = *fromlen;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = cmsg;
+    msg.msg_controllen = sizeof(cmsg);
+
+    r = recvmsg(sock, &msg, flags);
+    if (r < 0)
+        return r;
+    *fromlen = msg.msg_namelen;
+
+    /*
+     * On Darwin (and presumably all *BSD with KAME stacks), CMSG_FIRSTHDR
+     * doesn't check for a non-zero controllen.  RFC 3542 recommends making
+     * this check, even though the (new) spec for CMSG_FIRSTHDR says it's
+     * supposed to do the check.
+     */
+    if (msg.msg_controllen) {
+        cmsgptr = CMSG_FIRSTHDR(&msg);
+        while (cmsgptr) {
+            if (check_cmsg_pktinfo(cmsgptr, to, tolen, auxaddr))
+                return r;
+            cmsgptr = CMSG_NXTHDR(&msg, cmsgptr);
+        }
+    }
+    /* No info about destination addr was available.  */
+    *tolen = 0;
+    return r;
+}
+
+#ifdef HAVE_IP_PKTINFO
+
+#define set_msg_from_ipv4 set_msg_from_ip_pktinfo
+static krb5_error_code
+set_msg_from_ip_pktinfo(struct msghdr *msg, struct cmsghdr *cmsgptr,
+                        struct sockaddr *from, socklen_t fromlen,
+                        aux_addressing_info *auxaddr)
+{
+    struct in_pktinfo *p = cmsg2pktinfo(cmsgptr);
+    const struct sockaddr_in *from4 = sa2sin(from);
+
+    if (fromlen != sizeof(struct sockaddr_in))
+        return EINVAL;
+    cmsgptr->cmsg_level = IPPROTO_IP;
+    cmsgptr->cmsg_type = IP_PKTINFO;
+    cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+    p->ipi_spec_dst = from4->sin_addr;
+
+    msg->msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
+    return 0;
+}
+
+#elif defined(IP_SENDSRCADDR) /* HAVE_IP_PKTINFO */
+
+#define set_msg_from_ipv4 set_msg_from_ip_sendsrcaddr
+static krb5_error_code
+set_msg_from_ip_sendsrcaddr(struct msghdr *msg, struct cmsghdr *cmsgptr,
+                            struct sockaddr *from, socklen_t fromlen,
+                            aux_addressing_info *auxaddr)
+{
+    struct in_addr *sin_addr = cmsg2sin(cmsgptr);
+    const struct sockaddr_in *from4 = sa2sin(from);
+    if (fromlen != sizeof(struct sockaddr_in))
+        return EINVAL;
+    cmsgptr->cmsg_level = IPPROTO_IP;
+    cmsgptr->cmsg_type = IP_SENDSRCADDR;
+    cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_addr));
+    msg->msg_controllen = CMSG_SPACE(sizeof(struct in_addr));
+    *sin_addr = from4->sin_addr;
+    return 0;
+}
+
+#else /* HAVE_IP_PKTINFO || IP_SENDSRCADDR */
+#define set_msg_from_ipv4(m, c, f, l, a) EINVAL
+#endif /* HAVE_IP_PKTINFO || IP_SENDSRCADDR */
+
+#ifdef HAVE_IPV6_PKTINFO
+
+#define set_msg_from_ipv6 set_msg_from_ipv6_pktinfo
+static krb5_error_code
+set_msg_from_ipv6_pktinfo(struct msghdr *msg, struct cmsghdr *cmsgptr,
+                          struct sockaddr *from, socklen_t fromlen,
+                          aux_addressing_info *auxaddr)
+{
+    struct in6_pktinfo *p = cmsg2pktinfo6(cmsgptr);
+    const struct sockaddr_in6 *from6 = sa2sin6(from);
+
+    if (fromlen != sizeof(struct sockaddr_in6))
+        return EINVAL;
+    cmsgptr->cmsg_level = IPPROTO_IPV6;
+    cmsgptr->cmsg_type = IPV6_PKTINFO;
+    cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+
+    p->ipi6_addr = from6->sin6_addr;
+    /*
+     * Because of the possibility of asymmetric routing, we
+     * normally don't want to specify an interface.  However,
+     * macOS doesn't like sending from a link-local address
+     * (which can come up in testing at least, if you wind up
+     * with a "foo.local" name) unless we do specify the
+     * interface.
+     */
+    if (IN6_IS_ADDR_LINKLOCAL(&from6->sin6_addr))
+        p->ipi6_ifindex = auxaddr->ipv6_ifindex;
+    /* otherwise, already zero */
+
+    msg->msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
+    return 0;
+}
+
+#else /* HAVE_IPV6_PKTINFO */
+#define set_msg_from_ipv6(m, c, f, l, a) EINVAL
+#endif /* HAVE_IPV6_PKTINFO */
+
+static krb5_error_code
+set_msg_from(int family, struct msghdr *msg, struct cmsghdr *cmsgptr,
+             struct sockaddr *from, socklen_t fromlen,
+             aux_addressing_info *auxaddr)
+{
+    switch (family) {
+    case AF_INET:
+        return set_msg_from_ipv4(msg, cmsgptr, from, fromlen, auxaddr);
+    case AF_INET6:
+        return set_msg_from_ipv6(msg, cmsgptr, from, fromlen, auxaddr);
+    }
+
+    return EINVAL;
+}
+
+/*
+ * Send a message to an address.
+ *
+ * Arguments:
+ *  sock
+ *  buf     - The message to send.
+ *  len     - buf length
+ *  flags
+ *  to      - The address to send the message to.
+ *  tolen
+ *  from    - The address to attempt to send the message from. May be NULL.
+ *  fromlen
+ *  auxaddr - Miscellaneous address information.
+ *
+ * Returns 0 on success, otherwise an error code.
+ */
+krb5_error_code
+send_to_from(int sock, void *buf, size_t len, int flags,
+             const struct sockaddr *to, socklen_t tolen, struct sockaddr *from,
+             socklen_t fromlen, aux_addressing_info *auxaddr)
+{
+    int r;
+    struct iovec iov;
+    struct msghdr msg;
+    struct cmsghdr *cmsgptr;
+    char cbuf[CMSG_SPACE(sizeof(union pktinfo))];
+
+    /* Don't use pktinfo if the socket isn't bound to a wildcard address. */
+    r = is_socket_bound_to_wildcard(sock);
+    if (r < 0)
+        return errno;
+
+    if (from == NULL || fromlen == 0 || from->sa_family != to->sa_family || !r)
+        goto use_sendto;
+
+    iov.iov_base = buf;
+    iov.iov_len = len;
+    /* Truncation?  */
+    if (iov.iov_len != len)
+        return EINVAL;
+    memset(cbuf, 0, sizeof(cbuf));
+    memset(&msg, 0, sizeof(msg));
+    msg.msg_name = (void *)to;
+    msg.msg_namelen = tolen;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = cbuf;
+    /* CMSG_FIRSTHDR needs a non-zero controllen, or it'll return NULL on
+     * Linux. */
+    msg.msg_controllen = sizeof(cbuf);
+    cmsgptr = CMSG_FIRSTHDR(&msg);
+    msg.msg_controllen = 0;
+
+    if (set_msg_from(from->sa_family, &msg, cmsgptr, from, fromlen, auxaddr))
+        goto use_sendto;
+    return sendmsg(sock, &msg, flags);
+
+use_sendto:
+    return sendto(sock, buf, len, flags, to, tolen);
+}
+
+#else /* HAVE_PKTINFO_SUPPORT && CMSG_SPACE */
+
+krb5_error_code
+recv_from_to(int sock, void *buf, size_t len, int flags,
+             struct sockaddr *from, socklen_t *fromlen,
+             struct sockaddr *to, socklen_t *tolen,
+             aux_addressing_info *auxaddr)
+{
+    if (to && tolen) {
+        /* Clobber with something recognizable in case we try to use the
+         * address. */
+        memset(to, 0x40, *tolen);
+        *tolen = 0;
+    }
+
+    return recvfrom(sock, buf, len, flags, from, fromlen);
+}
+
+krb5_error_code
+send_to_from(int sock, void *buf, size_t len, int flags,
+             const struct sockaddr *to, socklen_t tolen,
+             struct sockaddr *from, socklen_t fromlen,
+             aux_addressing_info *auxaddr)
+{
+    return sendto(sock, buf, len, flags, to, tolen);
+}
+
+#endif /* HAVE_PKTINFO_SUPPORT && CMSG_SPACE */
diff --git a/krb5-1.21.3/src/lib/apputils/udppktinfo.h b/krb5-1.21.3/src/lib/apputils/udppktinfo.h
new file mode 100644
index 00000000..ff5759ab
--- /dev/null
+++ b/krb5-1.21.3/src/lib/apputils/udppktinfo.h
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2016 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef UDPPKTINFO_H
+#define UDPPKTINFO_H
+
+#include "k5-int.h"
+
+/*
+ * This holds whatever additional information might be needed to
+ * properly send back to the client from the correct local address.
+ *
+ * In this case, we only need one datum so far: On macOS, the
+ * kernel doesn't seem to like sending from link-local addresses
+ * unless we specify the correct interface.
+ */
+typedef union aux_addressing_info
+{
+    int ipv6_ifindex;
+} aux_addressing_info;
+
+krb5_error_code
+set_pktinfo(int sock, int family);
+
+krb5_error_code
+recv_from_to(int sock, void *buf, size_t len, int flags,
+             struct sockaddr *from, socklen_t *fromlen,
+             struct sockaddr *to, socklen_t *tolen,
+             aux_addressing_info *auxaddr);
+
+krb5_error_code
+send_to_from(int sock, void *buf, size_t len, int flags,
+             const struct sockaddr *to, socklen_t tolen, struct sockaddr *from,
+             socklen_t fromlen, aux_addressing_info *auxaddr);
+
+#endif /* UDPPKTINFO_H */
diff --git a/krb5-1.21.3/src/lib/comerr32.def b/krb5-1.21.3/src/lib/comerr32.def
new file mode 100644
index 00000000..55c024d1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/comerr32.def
@@ -0,0 +1,12 @@
+;LIBRARY		COMERR32
+DESCRIPTION	'DLL for ComErr'
+HEAPSIZE	8192
+
+EXPORTS
+	com_err			@2
+	com_err_va		@3
+	error_message		@4
+	add_error_table	   	@1
+	remove_error_table	@5
+	set_com_err_hook	@6
+	reset_com_err_hook	@7
diff --git a/krb5-1.21.3/src/lib/crypto/ISSUES b/krb5-1.21.3/src/lib/crypto/ISSUES
new file mode 100644
index 00000000..b821a00c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/ISSUES
@@ -0,0 +1,14 @@
+Issues to be addressed for src/lib/crypto: -*- text -*-
+
+
+Many files here and in subdirectories pollute the namespace.
+However, some applications wanting to directly use some of those
+routines will expect those names to be available.
+
+Workaround: Shared library export lists?  Define and export internal
+names, and provide wrapper library code or weak functions under the
+polluting names?
+
+
+Some routines assume "int" is big enough to describe all buffers that
+may be supplied.
diff --git a/krb5-1.21.3/src/lib/crypto/Makefile.in b/krb5-1.21.3/src/lib/crypto/Makefile.in
new file mode 100644
index 00000000..10e8c74c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/Makefile.in
@@ -0,0 +1,48 @@
+mydir=lib$(S)crypto
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS= krb builtin openssl crypto_tests
+WINSUBDIRS= krb builtin crypto_tests
+LOCALINCLUDES=$(CRYPTO_IMPL_CFLAGS)
+
+LIBBASE=k5crypto
+LIBMAJOR=3
+LIBMINOR=1
+RELDIR=crypto
+
+STOBJLISTS=krb/OBJS.ST						\
+	builtin/OBJS.ST builtin/des/OBJS.ST			\
+	builtin/aes/OBJS.ST builtin/camellia/OBJS.ST		\
+	builtin/md4/OBJS.ST builtin/md5/OBJS.ST			\
+	builtin/sha1/OBJS.ST builtin/sha2/OBJS.ST		\
+	builtin/enc_provider/OBJS.ST builtin/hash_provider/OBJS.ST \
+	openssl/OBJS.ST openssl/des/OBJS.ST			\
+	openssl/enc_provider/OBJS.ST openssl/hash_provider/OBJS.ST
+
+SUBDIROBJLISTS=$(STOBJLISTS)
+
+# No dependencies.  Record places to find this shared object if the target
+# link editor and loader support it.
+DEPLIBS=
+SHLIB_EXPLIBS= $(SUPPORT_LIB) $(CRYPTO_IMPL_LIBS) $(LIBS)
+SHLIB_EXPDEPLIBS= $(SUPPORT_DEPLIB)
+SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@
+
+##DOS##LIBNAME=$(OUTPRE)crypto.lib
+##DOS##OBJFILEDEP=$(OUTPRE)krb.lst $(OUTPRE)aes.lst $(OUTPRE)enc_provider.lst $(OUTPRE)des.lst $(OUTPRE)md5.lst $(OUTPRE)camellia.lst $(OUTPRE)md4.lst $(OUTPRE)hash_provider.lst $(OUTPRE)sha2.lst $(OUTPRE)sha1.lst $(OUTPRE)builtin.lst
+##DOS##OBJFILELIST=@$(OUTPRE)krb.lst @$(OUTPRE)aes.lst @$(OUTPRE)enc_provider.lst @$(OUTPRE)des.lst @$(OUTPRE)md5.lst @$(OUTPRE)camellia.lst @$(OUTPRE)md4.lst @$(OUTPRE)hash_provider.lst @$(OUTPRE)sha2.lst @$(OUTPRE)sha1.lst @$(OUTPRE)builtin.lst
+
+all-unix: all-liblinks
+install-unix: install-libs
+
+
+# all-unix:
+# install-unix:
+
+libcrypto.lib:
+	libdir crypto.lib
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/Makefile.in
new file mode 100644
index 00000000..243bb17b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/Makefile.in
@@ -0,0 +1,48 @@
+mydir=lib$(S)crypto$(S)builtin
+BUILDTOP=$(REL)..$(S)..$(S)..
+SUBDIRS=camellia des aes md4 md5 sha1 sha2 enc_provider hash_provider
+LOCALINCLUDES=-I$(srcdir)/../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR = builtin
+##DOS##OBJFILE = ..\$(OUTPRE)builtin.lst
+
+STLIBOBJS=\
+	cmac.o	\
+	hmac.o	\
+	kdf.o \
+	pbkdf2.o
+
+OBJS=\
+	$(OUTPRE)cmac.$(OBJEXT)	\
+	$(OUTPRE)hmac.$(OBJEXT)	\
+	$(OUTPRE)kdf.$(OBJEXT) \
+	$(OUTPRE)pbkdf2.$(OBJEXT)
+
+SRCS=\
+	$(srcdir)/cmac.c	\
+	$(srcdir)/hmac.c	\
+	$(srcdir)/kdf.c		\
+	$(srcdir)/pbkdf2.c	
+
+SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
+		md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST 	\
+		enc_provider/OBJS.ST 		\
+		hash_provider/OBJS.ST 		\
+		aes/OBJS.ST			\
+		camellia/OBJS.ST 
+
+STOBJLISTS= $(SUBDIROBJLISTS) OBJS.ST
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/aes/Makefile.in
new file mode 100644
index 00000000..971f05c8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/Makefile.in
@@ -0,0 +1,66 @@
+mydir=lib$(S)crypto$(S)builtin$(S)aes
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLGAS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\aes
+##DOS##OBJFILE = ..\..\$(OUTPRE)aes.lst
+
+YASM=@YASM@
+AESNI_OBJ=@AESNI_OBJ@
+AESNI_FLAGS=@AESNI_FLAGS@
+
+STLIBOBJS=\
+	aescrypt.o	\
+	aestab.o	\
+	aeskey.o	\
+	@AESNI_OBJ@
+
+OBJS=\
+	$(OUTPRE)aescrypt.$(OBJEXT)	\
+	$(OUTPRE)aestab.$(OBJEXT)	\
+	$(OUTPRE)aeskey.$(OBJEXT)
+
+SRCS=\
+	$(srcdir)/aescrypt.c	\
+	$(srcdir)/aestab.c	\
+	$(srcdir)/aeskey.c	\
+
+GEN_OBJS=\
+	$(OUTPRE)aescrypt.$(OBJEXT)	\
+	$(OUTPRE)aestab.$(OBJEXT)	\
+	$(OUTPRE)aeskey.$(OBJEXT)
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs # aes-gen
+
+iaesx64@SHOBJEXT@ iaesx64@STOBJEXT@: $(srcdir)/iaesx64.s
+	$(YASM) $(AESNI_FLAGS) -o $@ $(srcdir)/iaesx64.s
+
+iaesx86@SHOBJEXT@ iaesx86@STOBJEXT@: $(srcdir)/iaesx86.s
+	$(YASM) $(AESNI_FLAGS) -o $@ $(srcdir)/iaesx86.s
+
+includes: depend
+
+depend: $(SRCS)
+
+aes-gen: aes-gen.o $(GEN_OBJS)
+	$(CC_LINK) -o aes-gen aes-gen.o $(GEN_OBJS)
+
+run-aes-gen: aes-gen
+	./aes-gen > kresults.out
+	cmp kresults.out $(srcdir)/kresults.expected
+
+check-unix: check-@CRYPTO_BUILTIN_TESTS@
+check-no:
+check-yes: run-aes-gen
+
+
+clean-unix:: clean-libobjs
+
+clean:
+	-$(RM) aes-gen aes-gen.o kresults.out
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aes-gen.c b/krb5-1.21.3/src/lib/crypto/builtin/aes/aes-gen.c
new file mode 100644
index 00000000..b528d379
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aes-gen.c
@@ -0,0 +1,352 @@
+/*
+ * To be compiled against the AES code from:
+ * https://github.com/BrianGladman/AES
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "aes.h"
+
+#define B 16U
+uint8_t key[16] = { 0x46, 0x64, 0x31, 0x29, 0x64, 0x86, 0xED, 0x9C,
+		    0xD7, 0x1F, 0xC2, 0x07, 0x25, 0x48, 0x20, 0xA2 };
+size_t test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, };
+#define NTESTS (sizeof(test_case_len) / sizeof(*test_case_len))
+uint8_t test_case[NTESTS][4 * B] = {
+    { 0xC4, 0xA8, 0x5A, 0xEB, 0x0B, 0x20, 0x41, 0x49,
+      0x4F, 0x8B, 0xF1, 0xF8, 0xCD, 0x30, 0xF1, 0x13,
+      0x94 },
+    { 0x22, 0x3C, 0xF8, 0xA8, 0x29, 0x95, 0x80, 0x49,
+      0x57, 0x87, 0x6E, 0x9F, 0xA7, 0x11, 0x63, 0x50,
+      0x6B, 0x4E, 0x5B, 0x8C, 0x8F, 0xA4, 0xDB, 0x1B,
+      0x95, 0xD3, 0xE8, 0xC5, 0xC5, 0xFB, 0x5A },
+    { 0xE7, 0x37, 0x52, 0x90, 0x60, 0xE7, 0x10, 0xA9,
+      0x3E, 0x97, 0x18, 0xDD, 0x3E, 0x29, 0x41, 0x8E,
+      0x94, 0x8F, 0xE9, 0x20, 0x1F, 0x8D, 0xFB, 0x3A,
+      0x22, 0xCF, 0x22, 0xE8, 0x94, 0x1D, 0x42, 0x7B },
+    { 0x54, 0x94, 0x0B, 0xB4, 0x7C, 0x1B, 0x5E, 0xBA,
+      0xB2, 0x76, 0x98, 0xF1, 0x9F, 0xD9, 0x7F, 0x33,
+      0x68, 0x69, 0x54, 0x87, 0xF6, 0x4F, 0xC1, 0x19,
+      0x1E, 0xE3, 0x01, 0xB2, 0x00, 0x43, 0x2E, 0x54,
+      0xD7 },
+    { 0x39, 0x09, 0x53, 0x55, 0x67, 0x0E, 0x07, 0xDD,
+      0xA6, 0xF8, 0x7C, 0x7F, 0x78, 0xAF, 0xE7, 0xE1,
+      0x03, 0x6F, 0xD7, 0x53, 0x30, 0xF0, 0x71, 0x14,
+      0xF1, 0x24, 0x14, 0x34, 0x52, 0x69, 0x0C, 0x8B,
+      0x72, 0x5F, 0xE0, 0xD9, 0x6D, 0xE8, 0xB6, 0x13,
+      0xE0, 0x32, 0x92, 0x58, 0xE1, 0x7A, 0x39 },
+    { 0xE5, 0xE9, 0x11, 0x38, 0x19, 0x01, 0xA9, 0x2D,
+      0xF3, 0xCD, 0x42, 0x27, 0x1F, 0xAB, 0x33, 0xAB,
+      0x1D, 0x93, 0x8B, 0xF6, 0x00, 0x73, 0xAC, 0x14,
+      0x54, 0xDE, 0xA6, 0xAC, 0xBF, 0x20, 0xE6, 0xA4,
+      0x09, 0xF7, 0xDC, 0x23, 0xF8, 0x86, 0x50, 0xEB,
+      0x53, 0x92, 0x13, 0x73, 0x3D, 0x46, 0x1E, 0x5A },
+    { 0xD9, 0xA9, 0x50, 0xDA, 0x1D, 0xFC, 0xEE, 0x71,
+      0xDA, 0x94, 0x1D, 0x9A, 0xB5, 0x03, 0x3E, 0xBE,
+      0xFA, 0x1B, 0xE1, 0xF3, 0xA1, 0x32, 0xDE, 0xF4,
+      0xC4, 0xF1, 0x67, 0x02, 0x38, 0x85, 0x5C, 0x11,
+      0x2F, 0xAD, 0xEB, 0x4C, 0xA9, 0xD9, 0xBD, 0x84,
+      0x6E, 0xDA, 0x1E, 0x23, 0xDE, 0x5C, 0xE1, 0xD8,
+      0x77, 0xC3, 0xCB, 0x18, 0xF5, 0xAA, 0x0D, 0xB9,
+      0x9B, 0x74, 0xBB, 0xD3, 0xFA, 0x18, 0xE5, 0x29 }
+};
+aes_encrypt_ctx ctx;
+aes_decrypt_ctx dctx;
+
+static void init ()
+{
+    AES_RETURN r;
+
+    r = aes_encrypt_key128(key, &ctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    r = aes_decrypt_key128(key, &dctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+}
+
+static void hexdump(const unsigned char *ptr, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len; i++)
+	printf ("%s%02X", (i % 16 == 0) ? "\n    " : " ", ptr[i]);
+}
+
+static void fips_test ()
+{
+    static const unsigned char fipskey[16] = {
+	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+    };
+    static const unsigned char input[16] = {
+	0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+	0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+    };
+    static const unsigned char expected[16] = {
+	0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
+	0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
+    };
+    unsigned char output[16];
+    unsigned char tmp[16];
+    aes_crypt_ctx fipsctx;
+    int r;
+
+    printf ("FIPS test:\nkey:");
+    hexdump (fipskey, 16);
+    printf ("\ninput:");
+    hexdump (input, 16);
+    r = aes_encrypt_key128(fipskey, &fipsctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    r = aes_encrypt(input, output, &fipsctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    printf ("\noutput:");
+    hexdump (output, 16);
+    printf ("\n");
+    if (memcmp(expected, output, 16))
+	fprintf(stderr, "wrong results!!!\n"), exit (1);
+    r = aes_decrypt_key128(fipskey, &fipsctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    r = aes_decrypt(output, tmp, &fipsctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    if (memcmp(input, tmp, 16))
+	fprintf(stderr, "decryption failed!!\n"), exit(1);
+    printf ("ok.\n\n");
+}
+
+static void
+xor (unsigned char *out, const unsigned char *a, const unsigned char *b)
+{
+    unsigned int i;
+    for (i = 0; i < B; i++)
+	out[i] = a[i] ^ b[i];
+}
+
+static void
+ecb_enc (unsigned char *out, unsigned char *in, unsigned int len)
+{
+    unsigned int i, r;
+    for (i = 0; i < len; i += 16) {
+	r = aes_encrypt(in + i, out + i, &ctx);
+	if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    }
+    if (i != len) abort ();
+}
+
+static void
+ecb_dec (unsigned char *out, unsigned char *in, unsigned int len)
+{
+    unsigned int i, r;
+    for (i = 0; i < len; i += 16) {
+	r = aes_decrypt(in + i, out + i, &dctx);
+	if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    }
+    if (i != len) abort ();
+}
+
+#define D(X) (printf("%s %d: %s=",__FUNCTION__,__LINE__, #X),hexdump(X,B),printf("\n"))
+
+#undef D
+#define D(X)
+
+static void
+cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    unsigned int i, r;
+    unsigned char tmp[B];
+    D(iv);
+    memcpy (tmp, iv, B);
+    for (i = 0; i < len; i += B) {
+	D(in+i);
+	xor (tmp, tmp, in + i);
+	D(tmp);
+	r = aes_encrypt(tmp, out + i, &ctx);
+	if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+	memcpy (tmp, out + i, B);
+	D(out+i);
+    }
+    if (i != len) abort ();
+}
+
+static void
+cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    unsigned int i, r;
+    unsigned char tmp[B];
+    memcpy (tmp, iv, B);
+    for (i = 0; i < len; i += B) {
+	r = aes_decrypt(in + i, tmp, &dctx);
+	if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+	xor (tmp, tmp, iv);
+	iv = in + i;
+	memcpy (out + i, tmp, B);
+    }
+    if (i != len) abort ();
+}
+
+static void
+cts_enc (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    int r;
+    unsigned int len2;
+    unsigned char pn1[B], pn[B], cn[B], cn1[B];
+
+    if (len < B + 1) abort ();
+    len2 = (len - B - 1) & ~(B-1);
+    cbc_enc (out, in, iv, len2);
+    out += len2;
+    in += len2;
+    len -= len2;
+    if (len2)
+	iv = out - B;
+    if (len <= B || len > 2 * B)
+	abort ();
+    printf ("(did CBC mode for %d)\n", len2);
+
+    D(in);
+    xor (pn1, in, iv);
+    D(pn1);
+    r = aes_encrypt(pn1, cn, &ctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    D(cn);
+    memset (pn, 0, sizeof(pn));
+    memcpy (pn, in+B, len-B);
+    D(pn);
+    xor (pn, pn, cn);
+    D(pn);
+    r = aes_encrypt(pn, cn1, &ctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    D(cn1);
+    memcpy(out, cn1, B);
+    memcpy(out+B, cn, len-B);
+}
+
+static void
+cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    int r;
+    unsigned int len2;
+    unsigned char pn1[B], pn[B], cn[B], cn1[B];
+
+    if (len < B + 1) abort ();
+    len2 = (len - B - 1) & ~(B-1);
+    cbc_dec (out, in, iv, len2);
+    out += len2;
+    in += len2;
+    len -= len2;
+    if (len2)
+	iv = in - B;
+    if (len <= B || len > 2 * B)
+	abort ();
+
+    memcpy (cn1, in, B);
+    r = aes_decrypt(cn1, pn, &dctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    memset (cn, 0, sizeof(cn));
+    memcpy (cn, in+B, len-B);
+    xor (pn, pn, cn);
+    memcpy (cn+len-B, pn+len-B, 2*B-len);
+    r = aes_decrypt(cn, pn1, &dctx);
+    if (r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    xor (pn1, pn1, iv);
+    memcpy(out, pn1, B);
+    memcpy(out+B, pn, len-B);
+}
+
+static void ecb_test ()
+{
+    unsigned int testno;
+    uint8_t output[4 * B], tmp[4 * B];
+
+    printf ("ECB tests:\n");
+    printf ("key:");
+    hexdump (key, sizeof(key));
+    for (testno = 0; testno < NTESTS; testno++) {
+	unsigned len = (test_case_len[testno] + 15) & ~15;
+	printf ("\ntest %d - %d bytes\n", testno, len);
+	printf ("input:");
+	hexdump (test_case[testno], len);
+	printf ("\n");
+	ecb_enc (output, test_case[testno], len);
+	printf ("output:");
+	hexdump (output, len);
+	printf ("\n");
+	ecb_dec (tmp, output, len);
+	if (memcmp (tmp, test_case[testno], len)) {
+	    printf ("ecb decrypt failed!!");
+	    hexdump (tmp, len);
+	    printf ("\n");
+	    exit (1);
+	}
+    }
+    printf ("\n");
+}
+
+unsigned char ivec[16] = { 0 };
+
+static void cbc_test ()
+{
+    unsigned int testno;
+    uint8_t output[4 * B], tmp[4 * B];
+
+    printf ("CBC tests:\n");
+    printf ("initial vector:");
+    hexdump (ivec, sizeof(ivec));
+    for (testno = 0; testno < NTESTS; testno++) {
+	unsigned len = (test_case_len[testno] + 15) & ~15;
+	printf ("\ntest %d - %d bytes\n", testno, len);
+	printf ("input:");
+	hexdump (test_case[testno], len);
+	printf ("\n");
+	cbc_enc (output, test_case[testno], ivec, len);
+	printf ("output:");
+	hexdump (output, len);
+	printf ("\n");
+	cbc_dec (tmp, output, ivec, len);
+	if (memcmp (tmp, test_case[testno], len)) {
+	    printf("cbc decrypt failed!!");
+	    hexdump (tmp, len);
+	    printf ("\n");
+	    exit(1);
+	}
+    }
+    printf ("\n");
+}
+
+static void cts_test ()
+{
+    unsigned int testno;
+    uint8_t output[4 * B], tmp[4 * B];
+
+    printf ("CTS tests:\n");
+    printf ("initial vector:");
+    hexdump (ivec, sizeof(ivec));
+    for (testno = 0; testno < NTESTS; testno++) {
+	unsigned int len = test_case_len[testno];
+	printf ("\ntest %d - %d bytes\n", testno, len);
+	printf ("input:");
+	hexdump (test_case[testno], len);
+	printf ("\n");
+	cts_enc (output, test_case[testno], ivec, len);
+	printf ("output:");
+	hexdump (output, len);
+	printf ("\n");
+	cts_dec (tmp, output, ivec, len);
+	if (memcmp (tmp, test_case[testno], len))
+	    fprintf (stderr, "cts decrypt failed!!\n"), exit(1);
+    }
+    printf ("\n");
+}
+
+int main ()
+{
+    init ();
+    fips_test ();
+
+    ecb_test();
+    cbc_test();
+    cts_test();
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aes.h b/krb5-1.21.3/src/lib/crypto/builtin/aes/aes.h
new file mode 100644
index 00000000..9b5215eb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aes.h
@@ -0,0 +1,289 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 02/09/2018
+
+ This file contains the definitions required to use AES in C. See aesopt.h
+ for optimisation details.
+*/
+
+#ifndef _AES_H
+#define _AES_H
+
+/* For MIT krb5, give the linker-visible symbols a prefix. */
+#define aes_decrypt        k5_aes_decrypt
+#define aes_decrypt_key    k5_aes_decrypt_key
+#define aes_decrypt_key128 k5_aes_decrypt_key128
+#define aes_decrypt_key256 k5_aes_decrypt_key256
+#define aes_encrypt        k5_aes_encrypt
+#define aes_encrypt_key    k5_aes_encrypt_key
+#define aes_encrypt_key128 k5_aes_encrypt_key128
+#define aes_encrypt_key256 k5_aes_encrypt_key256
+#define aes_init           k5_aes_init
+
+#include <stdlib.h>
+
+/*  This include is used to find 8 & 32 bit unsigned integer types   */
+#include "brg_types.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#define AES_128     /* if a fast 128 bit key scheduler is needed     */
+#undef AES_192     /* if a fast 192 bit key scheduler is needed     */
+#define AES_256     /* if a fast 256 bit key scheduler is needed     */
+#define AES_VAR     /* if variable key size scheduler is needed      */
+#if 1
+#  define AES_MODES /* if support is needed for modes in the C code  */
+#endif              /* (these will use AES_NI if it is present)      */
+#if 0               /* add this to make direct calls to the AES_NI   */
+#                   /* implemented CBC and CTR modes available       */
+#   define ADD_AESNI_MODE_CALLS
+#endif
+
+/* The following must also be set in assembler files if being used   */
+
+#define AES_ENCRYPT /* if support for encryption is needed           */
+#define AES_DECRYPT /* if support for decryption is needed           */
+
+#define AES_BLOCK_SIZE_P2  4  /* AES block size as a power of 2      */
+#define AES_BLOCK_SIZE    (1 << AES_BLOCK_SIZE_P2) /* AES block size */
+#define N_COLS             4  /* the number of columns in the state  */
+
+/* The key schedule length is 11, 13 or 15 16-byte blocks for 128,   */
+/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes   */
+/* or 44, 52 or 60 32-bit words.                                     */
+
+#if defined( AES_VAR ) || defined( AES_256 )
+#define KS_LENGTH       60
+#elif defined( AES_192 )
+#define KS_LENGTH       52
+#else
+#define KS_LENGTH       44
+#endif
+
+#define AES_RETURN INT_RETURN
+
+/* the character array 'inf' in the following structures is used     */
+/* to hold AES context information. This AES code uses cx->inf.b[0]  */
+/* to hold the number of rounds multiplied by 16. The other three    */
+/* elements can be used by code that implements additional modes     */
+
+typedef union
+{   uint32_t l;
+    uint8_t b[4];
+} aes_inf;
+
+/* Macros for detecting whether a given context was initialized for  */
+/* use with encryption or decryption code. These should only be used */
+/* by e.g. language bindings which lose type information when the    */
+/* context pointer is passed to the calling language's runtime.      */
+#define IS_ENCRYPTION_CTX(cx) (((cx)->inf.b[2] & (uint8_t)0x01) == 1)
+#define IS_DECRYPTION_CTX(cx) (((cx)->inf.b[2] & (uint8_t)0x01) == 0)
+
+#ifdef _MSC_VER
+#  pragma warning( disable : 4324 )
+#endif
+
+#if defined(_MSC_VER) && defined(_WIN64)
+#define ALIGNED_(x) __declspec(align(x))
+#elif defined(__GNUC__) && defined(__x86_64__)
+#define ALIGNED_(x) __attribute__ ((aligned(x)))
+#else
+#define ALIGNED_(x)
+#endif
+
+typedef struct ALIGNED_(16)
+{   uint32_t ks[KS_LENGTH];
+    aes_inf inf;
+} aes_crypt_ctx;
+
+typedef aes_crypt_ctx aes_encrypt_ctx;
+typedef aes_crypt_ctx aes_decrypt_ctx;
+
+#ifdef _MSC_VER
+#  pragma warning( default : 4324 )
+#endif
+
+/* This routine must be called before first use if non-static       */
+/* tables are being used                                            */
+
+AES_RETURN aes_init(void);
+
+/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */
+/* those in the range 128 <= key_len <= 256 are given in bits       */
+
+#if defined( AES_ENCRYPT )
+
+#if defined( AES_128 ) || defined( AES_VAR)
+AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
+#endif
+
+#if defined( AES_192 ) || defined( AES_VAR)
+AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
+#endif
+
+#if defined( AES_256 ) || defined( AES_VAR)
+AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
+#endif
+
+#if defined( AES_VAR )
+AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);
+#endif
+
+AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]);
+
+#endif
+
+#if defined( AES_DECRYPT )
+
+#if defined( AES_128 ) || defined( AES_VAR)
+AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined( AES_192 ) || defined( AES_VAR)
+AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined( AES_256 ) || defined( AES_VAR)
+AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
+#endif
+
+#if defined( AES_VAR )
+AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);
+#endif
+
+AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]);
+
+#endif
+
+#if defined( AES_MODES )
+
+/* Multiple calls to the following subroutines for multiple block   */
+/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */
+/* long messages incrementally provided that the context AND the iv */
+/* are preserved between all such calls.  For the ECB and CBC modes */
+/* each individual call within a series of incremental calls must   */
+/* process only full blocks (i.e. len must be a multiple of 16) but */
+/* the CFB, OFB and CTR mode calls can handle multiple incremental  */
+/* calls of any length.  Each mode is reset when a new AES key is   */
+/* set but ECB needs no reset and CBC can be reset without setting  */
+/* a new key by setting a new IV value.  To reset CFB, OFB and CTR  */
+/* without setting the key, aes_mode_reset() must be called and the */
+/* IV must be set.  NOTE: All these calls update the IV on exit so  */
+/* this has to be reset if a new operation with the same IV as the  */
+/* previous one is required (or decryption follows encryption with  */
+/* the same IV array).                                              */
+
+AES_RETURN aes_test_alignment_detection(unsigned int n);
+
+AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, const aes_encrypt_ctx cx[1]);
+
+AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, const aes_decrypt_ctx cx[1]);
+
+AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
+
+AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
+
+AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]);
+
+AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
+
+AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
+
+#define aes_ofb_encrypt aes_ofb_crypt
+#define aes_ofb_decrypt aes_ofb_crypt
+
+AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
+
+typedef void cbuf_inc(unsigned char *cbuf);
+
+#define aes_ctr_encrypt aes_ctr_crypt
+#define aes_ctr_decrypt aes_ctr_crypt
+
+AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
+            int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
+
+#endif
+
+#if 0 && defined( ADD_AESNI_MODE_CALLS )
+#  define USE_AES_CONTEXT
+#endif
+
+#ifdef ADD_AESNI_MODE_CALLS
+#  ifdef USE_AES_CONTEXT
+
+AES_RETURN aes_CBC_encrypt(const unsigned char *in,
+    unsigned char *out,
+    unsigned char ivec[16],
+    unsigned long length,
+    const aes_encrypt_ctx cx[1]);
+
+AES_RETURN aes_CBC_decrypt(const unsigned char *in,
+    unsigned char *out,
+    unsigned char ivec[16],
+    unsigned long length,
+    const aes_decrypt_ctx cx[1]);
+
+AES_RETURN AES_CTR_encrypt(const unsigned char *in,
+    unsigned char *out,
+    const unsigned char ivec[8],
+    const unsigned char nonce[4],
+    unsigned long length,
+    const aes_encrypt_ctx cx[1]);
+
+#  else
+
+void aes_CBC_encrypt(const unsigned char *in,
+    unsigned char *out,
+    unsigned char ivec[16],
+    unsigned long length,
+    unsigned char *key,
+    int number_of_rounds);
+
+void aes_CBC_decrypt(const unsigned char *in,
+    unsigned char *out,
+    unsigned char ivec[16],
+    unsigned long length,
+    unsigned char *key,
+    int number_of_rounds);
+
+void aes_CTR_encrypt(const unsigned char *in,
+    unsigned char *out,
+    const unsigned char ivec[8],
+    const unsigned char nonce[4],
+    unsigned long length,
+    const unsigned char *key,
+    int number_of_rounds);
+
+#  endif
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aes.txt b/krb5-1.21.3/src/lib/crypto/builtin/aes/aes.txt
new file mode 100644
index 00000000..25710f29
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aes.txt
@@ -0,0 +1,622 @@
+
+An AES (Rijndael) Implementation in C/C++ (as specified in FIPS-197)
+====================================================================
+
+Change (26/09/2018)
+===================
+
+1. Changes to test programs to allow them to be built on Linux/GCC
+   (with thanks to Michael Mohr).
+
+2. Rationalisation of the defines DLL_IMPORT, DYNAMIC_DLL and USE_DLL
+   in the test code - now DLL_IMPORT and DLL_DYNAMIC_LOAD
+
+3. Update the test_avs test to allow the testing of static, DLL and
+   dynamically loaded DLL libraries.
+
+Change (21/05/2018)
+===================
+
+1. Properly dectect presence of AESNI when using GCC (my thanks to 
+   Peter Gutmann for this fix)
+
+Changes (6/12/2016)
+====================
+
+1. Changed function definition of has_aes_ni() to has_aes_ni(void), 
+   suggested by Peter Gutmann
+   
+2. Changed the default location for the vsyasm assembler to:
+   C:\Program Files\yasm
+
+Changes (27/09/2015)
+====================
+
+1. Added automatic dynamic table initialisation (my thanks to
+   Henrik S. Gaßmann who proposed this addition).
+
+Changes (09/09/2014)
+====================
+
+1. Added the ability to use Intel's hardware support for AES
+   with GCC on Windows and Linux
+
+Changes (01/09/2014)
+====================
+
+1. Clarify some user choices in the file aes_amd64.asm
+
+2. Change the detection of the x86 and x86_64 processors
+   in aesopt.h to allow assembler code use with GCC
+    
+Changes (14/11/2013)
+====================
+
+1. Added the ability to use Intel's hardware support for AES
+   on Windows using Microsoft Visual Studio.
+
+2. Added the include 'stdint.h' and used the uint<xx>_t instead
+   of the old uint_<xx>t (e.g. uint_32t is now uint32_t).
+
+3. Added a missing .text directive in aes_x86_v2.asm that caused
+   runtime errors in one build configuration.
+
+Changes (16/04/2007)
+====================
+
+These changes remove errors in the VC++ build files and add some 
+improvements in file naming consitency and portability. There are
+no changes to overcome reported bugs in the code.
+
+1. gen_tabs() has been renamed to aes_init() to better decribe its
+   function to those not familiar with AES internals.
+
+2. via_ace.h has been renamed to aes_via_ace.h.
+
+3. Minor changes have been made to aestab.h and aestab.c to enable
+   all the code to be compiled in either C or C++.
+   
+4. The code for detecting memory alignment in aesmdoes.c has been
+   simplified and a new routine has been added:
+   
+       aes_test_alignment_detection()
+   
+   to check that the aligment test is likely to be correct.
+
+5. The addition of support for Structured Exception Handling (SEH) 
+   to YASM (well done Peter and Michael!) has allowed the AMD64 
+   x64 assembler code to be changed to comply with SEH requriements.
+       
+6. Corrections to build files (for win32 debug build).
+
+Overview
+========
+
+This code implements AES for both 32 and 64 bit systems with optional
+assembler support for x86 and AMD64/EM64T (but optimised for AMD64).
+
+The basic AES source code files are as follows:
+
+aes.h           the header file needed to use AES in C
+aescpp.h        the header file required with to use AES in C++
+aesopt.h        the header file for setting options (and some common code)
+aestab.h        the header file for the AES table declaration
+aescrypt.c      the main C source code file for encryption and decryption
+aeskey.c        the main C source code file for the key schedule
+aestab.c        the main file for the AES tables
+brg_types.h     a header defining some standard types and DLL defines
+brg_endian.h    a header containing code to detect or define endianness
+aes_x86_v1.asm  x86 assembler (YASM) alternative to aescrypt.c using
+                large tables
+aes_x86_v2.asm  x86 assembler (YASM) alternative to aescrypt.c using
+                compressed tables
+aes_amd64.asm   AMD64 assembler (YASM) alternative to aescrypt.c using
+                compressed tables
+
+In addition AES modes are implemented in the files:
+
+aes_modes.c     AES modes with optional support for VIA ACE detection and use
+aes_via_ace.h   the header file for VIA ACE support
+
+and Intel hardware support for AES (AES_NI) is implemented in the files
+
+aes_ni.h        defines for AES_NI implementation
+aes_ni.c        the AES_NI implementation
+
+Other associated files for testing and support are:
+
+aesaux.h        header for auxilliary routines for testsing
+aesaux.c        auxilliary routines for testsingt
+aestst.h        header file for setting the testing environment
+rdtsc.h         a header file that provides access to the Time Stamp Counter
+aestst.c        a simple test program for quick tests of the AES code
+aesgav.c        a program to generate and verify the test vector files
+aesrav.c        a program to verify output against the test vector files
+aestmr.c        a program to time the code on x86 systems
+modetest.c      a program to test the AES modes support
+vbxam.doc       a demonstration of AES DLL use from Visual Basic in Microsoft Word
+vb.txt          Visual Basic code from the above example (win32 only)
+aesxam.c        an example of AES use
+tablegen.c      a program to generate a simplified 'aestab.c' file for
+                use with compilers that find aestab.c too complex
+yasm.rules      the YASM build rules file for Microsoft Visual Studio 2005
+via_ace.txt     describes support for the VIA ACE cryptography engine
+aes.txt         this file
+
+Building The AES Libraries
+--------------------------
+
+A. Versions
+-----------
+
+The code can be used to build static and dynamic libraries, each in five
+versions:
+
+ Key scheduling code in C, encrypt/decrypt in:
+
+    C           C source code                        (win32 and x64)
+    ASM_X86_V1C large table x86 assembler code       (win32)
+    ASM_X86_V2C compressed table x86 assembler code  (win32)
+    ASM_AMD64   compressed table x64 assembler code  (x64)
+ 
+ Key scheduling and encrypt/decrypt code in assembler:
+ 
+    ASM_X86_V2  compressed table x86 assembler       (win32)
+
+The C version can be compiled for Win32 or x64 whereas the x86 and x64 
+assembler versions are for Win32 and x64 respectively. 
+
+If Intel's hardware support for AES (AES_NI) is available, it can be used
+with either the C or the ASM_AMD64 version. If ASM_AMD64 is to be used, it
+is important that the define USE_INTEL_AES_IF_PRESENT in asm_amd64.asm is
+set to the same value as it has in aesopt.h
+
+B. YASM
+-------
+
+If you wish to use the x86 assembler files you will also need the YASM open
+source x86 assembler (r1331 or later) for Windows which can be obtained from:
+
+    http://www.tortall.net/projects/yasm/
+
+This assembler (vsyasm.exe) should be placed in the directory:
+
+    C:\Program Files\yasm
+
+C. Configuration
+----------------
+
+The following configurations are available as projects for Visual Studio
+but the following descriptions should allow them to be built in other x86
+environments
+
+    lib_generic_c       Win32 and x64
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+		                (+ aes_ni.h for AES_NI)
+        C source:       aescrypt.c, aeskey.c, aestab.c, aes_modes.c
+		                (+ aes_ni.c for AES_NI)
+        defines
+
+    dll_generic_c       Win32 and x64
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+		                (+ aes_ni.h for AES_NI)
+        C source:       aescrypt.c, aeskey.c, aestab.c, aes_modes.c
+		                (+ aes_ni.c for AES_NI)
+        defines         DLL_EXPORT
+
+    lib_asm_x86_v1c     Win32
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+        C source:       aeskey.c, aestab.c, aes_modes.c
+        x86 assembler:  aes_x86_v1.asm
+        defines         ASM_X86_V1C (set for C and assembler files)
+    
+	dll_asm_x86_v1c     Win32
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+        C source:       aeskey.c, aestab.c, aes_modes.c
+        x86 assembler:  aes_x86_v1.asm
+        defines         DLL_EXPORT, ASM_X86_V1C (set for C and assembler files)
+
+    lib_asm_x86_v2c     Win32
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+        C source:       aeskey.c, aestab.c, aes_modes.c
+        x86 assembler:  aes_x86_v2.asm
+        defines         ASM_X86_V2C (set for C and assembler files)
+    
+	dll_asm_x86_v2c     Win32
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+        C source:       aeskey.c, aestab.c, aes_modes.c
+        x86 assembler:  aes_x86_v1.asm
+        defines         DLL_EXPORT, ASM_X86_V2C (set for C and assembler files)
+
+    lib_asm_x86_v2      Win32
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+        C source:       aes_modes.c
+        x86 assembler:  aes_x86_v1.asm
+        defines         ASM_X86_V2 (set for C and assembler files)
+    
+	dll_asm_x86_v2      Win32
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+        C source:       aes_modes.c
+        x86 assembler:  aes_x86_v1.asm
+        defines         DLL_EXPORT, ASM_AMD64_C (set for C and assembler files)
+
+    lib_asm_amd64_c     x64
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+		                (+ aes_ni.h for AES_NI)
+        C source:       aes_modes.c (+ aes_ni.c for AES_NI)
+        x86 assembler:  aes_amd64.asm
+        defines         ASM_AMD64_C (set for C and assembler files)
+    
+	dll_asm_amd64_c     x64
+        headers:        aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+		                (+ aes_ni.h for AES_NI)
+        C source:       aes_modes.c (+ aes_ni.c for AES_NI)
+        x86 assembler:  aes_amd64.asm
+        defines         DLL_EXPORT, ASM_AMD64_C (set for C and assembler files)
+
+Notes:
+
+ASM_X86_V1C is defined if using the version 1 assembler code (aescrypt1.asm).
+            The defines in the assember file must match those in aes.h and
+            aesopt.h).  Also remember to include/exclude the right assembler
+            and C files in the build to avoid undefined or multiply defined
+            symbols - include aes_x86_v1.asm and exclude aescrypt.c
+
+ASM_X86_V2  is defined if using the version 2 assembler code (aes_x86_v2.asm).
+            This version provides a full, self contained assembler version
+            and does not use any C source code files except for the mutiple
+            block encryption modes that are provided by aes_modes.c. The define
+            ASM_X86_V2 must be set on the YASM command line (or in aes_x86_v2.asm)
+            to use this version and all C files except aec_modes.c and, for the
+            DLL build, aestab.c must be excluded from the build.
+
+ASM_X86_V2C is defined when using the version 2 assembler code (aes_x86_v2.asm)
+            with faster key scheduling provided by the in C code (the options in
+            the assember file must match those in aes.h and aesopt.h).  In this
+            case aeskey.c and aestab.c are needed with aes_x86_v2.asm and the
+            define ASM_X86_V2C must be set for both the C files and for
+            aes_x86_v2.asm in the build commands(or in aesopt.h and aes_x86_v2.asm).
+            Include aes_x86_v2.asm, aeskey.c and aestab.c, exclude aescrypt.c for
+            this option.
+
+ASM_AMD64_C is defined when using the AMD64 assembly code because the C key
+            scheduling is used in this case.
+
+DLL_EXPORT  must be defined to generate the DLL version of the code and
+            to run tests on it
+
+DLL_IMPORT  must be defined to use the DLL version of the code in an
+            application program
+
+Directories the paths for the various directories for test vector input and
+            output have to be set in aestst.h
+
+VIA ACE     see the via_ace.txt for this item
+
+Static      The static libraries are named:
+Libraries
+                aes_lib_generic_c.lib
+                aes_lib_asm_x86_v1c.lib
+                aes_lib_asm_x86_v2.lib
+                aes_lib_asm_x86_v2c.lib
+                aes_lib_asm_amd64_c.lib
+
+            and placed in one of the the directories:
+
+                lib\win32\release\
+                lib\win32\debug\
+                lib\x64\release\
+                lib\x64\debug\
+
+            in the aes root directory depending on the platform(win32 or
+            x64) and the build (release or debug). After any of these is
+            built it is then copied into the aes\lib directory, which is
+			the library location that is subsequently used for testing. 
+			Hence testing is always for the last static library built.
+
+Dynamic     These libraries are named:
+Libraries
+                aes_lib_generic_c.dll
+                aes_lib_asm_x86_v1c.dll
+                aes_lib_asm_x86_v2.dll
+                aes_lib_asm_x86_v2c.dll
+                aes_lib_asm_amd64_c.dll
+
+            and placed in one of the the directories:
+
+                dll\win32\release\
+                dll\win32\debug\
+                dll\x64\release\
+                dll\x64\debug\
+
+            in the aes root directory depending on the platform(win32 or
+            x64) and the build (release or debug).  Each DLL library:
+
+                aes_<ext>.dll
+
+            has three associated files:
+
+                aes_dll_<ext>.lib   the library file for implicit linking
+                aes_dll_<ext>.exp   the exports file
+                aes_dll_<ext>.pdb   the symbol file
+
+            After any DLL is built it and its three related files are then
+            copied to the aes\dll directory, which is the library location
+			used in subsequent testing.  Hence testing is always for the 
+			last DLL built.
+			
+D. Testing
+----------
+
+These tests require that the test vector files are placed in the 'testvals' 
+subdirectory.  If the AES Algorithm Validation Suite tests are used then
+the *.fax files need to be put in the 'testvals\fax' subdirectory.  This is
+covered in more detail below.
+
+The projects test_lib and time_lib are used to test and time the last static
+library built. They use the files:
+
+    test_lib:       Win32 (x64 for the C and AMD64 versions)
+        headers:    aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h
+        C source:   aesaux.c, aesrav.c
+        defines:
+
+    time_lib:       Win32 (x64 for the C and AMD64 versions)
+        headers:    aes.h, aescpp.h, brg_types.h, aesaux.h, aestst.h and rdtsc.h
+        C source:   aesaux.c, aestmr.c
+        defines:
+
+The projects test_dll and time_dll are used to test and time the last DLL
+built.  These use the files:
+
+    test_dll:       Win32 (x64 for the C and AMD64 versions)
+        headers:    aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h
+        C source:   aesaux.c, aesrav.c
+        defines:    DLL_IMPORT
+
+    time_dll:       Win32 (x64 for the C and AMD64 versions)
+        headers:    aes.h, aescpp.h, brg_types.h, aesaux.h aestst.h and rdtsc.h
+        C source:   aesaux.c, aestmr.c
+        defines:    DLL_IMPORT
+
+and default to linkingto with the AES DLL using dynamic (run-time) linking.  Implicit
+linking can be used by adding the lib file associated with the AES DLL (in the aes\dll
+sub-directory) to the build (under project Properties|Linker in Visual Studio) and 
+removing the DLL_DYNAMIC_LOAD define (under project Properties|C/C++|Preprocessor).
+
+0  Link is linked into this project and the symbol
+DLL_DYNAMIC_LOAD is left undefined, then implicit linking will be used
+
+The above tests take command line arguments that determine which test are run
+as follows:
+
+    test_lib /t:[knec] /k:[468]
+    test_dll /t:[knec] /k:[468]
+
+where the symbols in square brackets can be used in any combination (without
+the brackets) and have the following meanings:
+
+        /t:[knec]   selects which tests are used
+        /k:[468]    selects the key lengths used
+        /c          compares output with reference (see later)
+
+        k: generate ECB Known Answer Test files
+        n: generate ECB Known Answer Test files (new)
+        e: generate ECB Monte Carlo Test files
+        c: generate CBC Monte Carlo Test files
+
+and the characters giving the lengths are digits representing the key lengths
+in 32-bit units (4, 6, 8 for lengths of 128, 192 or 256 bits respectively).
+
+The project test_modes tests the AES modes.  It uses the files:
+
+    test_modes:     Win32 or x64
+        headers:    aes.h, aescpp.h, brg_types.h, aesaux,h and aestst.h
+        C source:   aesaux.c, modetest.c
+        defines:    none for static library test, DLL_IMPORT for DLL test
+
+which again links to the last library built.
+
+E. Other Applications
+---------------------
+
+These are:
+
+    gen_tests       builds the test_vector files. The commad line is
+                        gen_tests /t:knec /k:468 /c
+                    as described earlier
+                    
+    test_aes_avs    run the AES Algorithm Validation Suite tests for
+                    ECB, CBC, CFB and OFB modes
+
+    gen_tables      builds a simple version of aes_tab.c (in aestab2.c)
+                    for compilers that cannot handle the normal version
+    aes_example     provides an example of AES use
+
+These applications are linked to the last static library built or, if
+DLL_IMPORT is defined during compilation, to the last DLL built.
+
+F. Use of the VIA ACE Cryptography Engine (x86 only)
+----------------------------------------------------
+
+The use of the code with the VIA ACE cryptography engine in described in the
+file via_ace.txt. In outline aes_modes.c is used and USE_VIA_ACE_IF_PRESENT
+is defined either in section 2 of aesopt.h or as a compilation option in Visual
+Studio. If in addition ASSUME_VIA_ACE_PRESENT is also defined then all normal
+AES code will be removed if not needed to support VIA ACE use.  If VIA ACE
+support is needed and AES assembler is being used only the ASM_X86_V1C and
+ASM_X86_V2C versions should be used since ASM_X86_V2 and ASM_AMD64 do not
+support the VIA ACE engine.
+
+G. The AES Test Vector Files
+----------------------------
+
+These files fall in the following groups (where <nn> is a two digit
+number):
+
+1. ecbvk<nn>.txt  ECB vectors with variable key
+2. ecbvt<nn>.txt  ECB vectors with variable text
+3. ecbnk<nn>.txt  new ECB vectors with variable key
+4. ecbnt<nn>.txt  new ECB vectors with variable text
+5. ecbme<nn>.txt  ECB monte carlo encryption test vectors
+6. ecbmd<nn>.txt  ECB monte carlo decryption test vectors
+7. cbcme<nn>.txt  CBC monte carlo encryption test vectors
+8. cbcmd<nn>.txt  CBC monte carlo decryption test vectors
+
+The first digit of the numeric suffix on the filename gives the block size
+in 32 bit units and the second numeric digit gives the key size. For example,
+the file ecbvk44.txt provides the test vectors for ECB encryption with a 128
+bit block size and a 128 bit key size. The test routines expect to find these
+files in the 'testvals' subdirectory within the aes root directory. The
+'outvals' subdirectory is used for outputs that are compared with the files
+in 'testvals'. Note that the monte carlo test vectors are the result of
+applying AES iteratively 10000 times, not just once.
+
+The AES Algorithm Validation Suite tests can be run for ECB, CBC, CFB and 
+OFB modes (CFB1 and CFB8 are not implemented).  The test routine uses the 
+*.fax test files, which should be placed in the 'testvals\fax' subdirectory.
+
+H. The Basic AES Calling Interface
+----------------------------------
+
+The basic AES code keeps its state in a context, there being different 
+contexts for encryption and decryption:
+
+    aes_encrypt_ctx
+    aes_decrypt_ctx
+    
+The AES code is initialised with the call
+
+    aes_init(void)
+    
+although this is only essential if the option to generate the AES tables at 
+run-time has been set in the options (i.e.fixed tables are not being used).
+    
+The AES encryption key is set by one of the calls:
+ 
+    aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
+    aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
+    aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
+
+or by:
+
+    aes_encrypt_key(const unsigned char *key, int key_len, 
+                                                aes_encrypt_ctx cx[1])
+
+where the key length is set by 'key_len', which can be the length in bits 
+or bytes.  
+
+Similarly, the AES decryption key is set by one of:
+
+    aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
+    aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
+    aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
+
+or by:
+
+    aes_decrypt_key(const unsigned char *key, int key_len, 
+                                                aes_decrypt_ctx cx[1])
+ 
+Encryption and decryption for a single 16 byte block is then achieved using:
+
+    aes_encrypt(const unsigned char *in, unsigned char *out, 
+                                            const aes_encrypt_ctx cx[1])
+    aes_decrypt(const unsigned char *in, unsigned char *out, 
+                                            const aes_decrypt_ctx cx[1])
+                                            
+The above subroutines return a value of EXIT_SUCCESS or EXIT_FAILURE 
+depending on whether the operation succeeded or failed.
+ 
+I. The Calling Interface for the AES Modes
+------------------------------------------
+
+The subroutines for the AES modes, ECB, CBC, CFB, OFB and CTR, each process
+blocks of variable length and can also be called several times to complete 
+single mode operations incrementally on long messages (or those messages,
+not all of which are available at the same time).  The calls:
+
+    aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, const aes_encrypt_ctx cx[1])
+
+    aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, const aes_decrypt_ctx cx[1])
+
+for ECB operations and those for CBC:
+
+    aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, const aes_encrypt_ctx cx[1])
+
+    aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, const aes_decrypt_ctx cx[1])
+ 
+can only process blocks whose lengths are multiples of 16 bytes but the calls 
+for CFB, OFB and CTR mode operations:
+
+    aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1])
+
+    aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1])
+
+    aes_ofb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1])
+
+    aes_ofb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+                    int len, unsigned char *iv, aes_encrypt_ctx cx[1])
+
+    aes_ctr_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+            int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1])
+
+    aes_ctr_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+            int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1])
+
+can process blocks of any length.  Note also that CFB, OFB and CTR mode calls only
+use AES encryption contexts even during decryption operations.
+
+The calls CTR mode operations use a buffer (cbuf) which holds the counter value
+together with a function parameter:
+
+    void cbuf_inc(unsigned char *cbuf);
+
+that is ued to update the counter value after each 16 byte AES operation. The 
+counter buffer is updated appropriately to allow for incremental operations.
+
+Please note the following IMPORTANT points about the AES mode subroutines:
+
+    1. All modes are reset when a new AES key is set.
+    
+    2. Incremental calls to the different modes cannot 
+       be mixed. If a change of mode is needed a new 
+       key must be set or a reset must be issued (see 
+       below).
+       
+    3. For modes with IVs, the IV value is an input AND
+       an output since it is updated after each call to 
+       the value needed for any subsequent incremental
+       call(s). If the mode is reset, the IV hence has
+       to be set (or reset) as well.
+       
+    4. ECB operations must be multiples of 16 bytes
+       but do not need to be reset for new operations.
+       
+    5. CBC operations must also be multiples of 16 
+       bytes and are reset for a new operation by 
+       setting the IV.
+       
+    6. CFB, OFB and CTR mode must be reset by setting 
+       a new IV value AND by calling:
+       
+           aes_mode_reset(aes_encrypt_ctx cx[1])
+           
+       For CTR mode the cbuf value also has to be reset.
+       
+    7. CFB, OFB and CTR modes only use AES encryption 
+       operations and contexts and do not need AES
+       decryption operations.
+       
+    8. AES keys remain valid across resets and changes
+       of mode (but encryption and decryption keys must 
+       both be set if they are needed).  
+       
+   Brian Gladman  26/09/2018
+ 
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aescrypt.c b/krb5-1.21.3/src/lib/crypto/builtin/aes/aescrypt.c
new file mode 100644
index 00000000..90a2946e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aescrypt.c
@@ -0,0 +1,306 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 20/12/2007
+*/
+
+#include "aesopt.h"
+#include "aestab.h"
+
+#include "crypto_int.h"
+#ifdef K5_BUILTIN_AES
+
+#if defined( USE_INTEL_AES_IF_PRESENT )
+#  include "aes_ni.h"
+#else
+/* map names here to provide the external API ('name' -> 'aes_name') */
+#  define aes_xi(x) aes_ ## x
+#endif
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
+#define so(y,x,c)   word_out(y, c, s(x,c))
+
+#if defined(ARRAYS)
+#define locals(y,x)     x[4],y[4]
+#else
+#define locals(y,x)     x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
+#endif
+
+#define l_copy(y, x)    s(y,0) = s(x,0); s(y,1) = s(x,1); \
+                        s(y,2) = s(x,2); s(y,3) = s(x,3);
+#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
+#define state_out(y,x)  so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
+#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
+
+#if ( FUNCS_IN_C & ENCRYPTION_IN_C )
+
+/* Visual C++ .Net v7.1 provides the fastest encryption code when using
+   Pentium optimisation with small code but this is poor for decryption
+   so we need to control this with the following VC++ pragmas
+*/
+
+#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
+#pragma optimize( "s", on )
+#endif
+
+/* Given the column (c) of the output state variable, the following
+   macros give the input state variables which are needed in its
+   computation for each row (r) of the state. All the alternative
+   macros give the same end values but expand into different ways
+   of calculating these values.  In particular the complex macro
+   used for dynamically variable block sizes is designed to expand
+   to a compile time constant whenever possible but will expand to
+   conditional clauses on some branches (I am grateful to Frank
+   Yellin for this construction)
+*/
+
+#define fwd_var(x,r,c)\
+ ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
+ : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
+ : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
+ :          ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
+
+#if defined(FT4_SET)
+#undef  dec_fmvars
+#define fwd_rnd(y,x,k,c)    (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
+#elif defined(FT1_SET)
+#undef  dec_fmvars
+#define fwd_rnd(y,x,k,c)    (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
+#else
+#define fwd_rnd(y,x,k,c)    (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
+#endif
+
+#if defined(FL4_SET)
+#define fwd_lrnd(y,x,k,c)   (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
+#elif defined(FL1_SET)
+#define fwd_lrnd(y,x,k,c)   (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
+#else
+#define fwd_lrnd(y,x,k,c)   (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
+#endif
+
+AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
+{   uint32_t         locals(b0, b1);
+    const uint32_t   *kp;
+#if defined( dec_fmvars )
+    dec_fmvars; /* declare variables for fwd_mcol() if needed */
+#endif
+
+	if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
+		return EXIT_FAILURE;
+
+	kp = cx->ks;
+    state_in(b0, in, kp);
+
+#if (ENC_UNROLL == FULL)
+
+    switch(cx->inf.b[0])
+    {
+    case 14 * AES_BLOCK_SIZE:
+        round(fwd_rnd,  b1, b0, kp + 1 * N_COLS);
+        round(fwd_rnd,  b0, b1, kp + 2 * N_COLS);
+        kp += 2 * N_COLS;
+    case 12 * AES_BLOCK_SIZE:
+        round(fwd_rnd,  b1, b0, kp + 1 * N_COLS);
+        round(fwd_rnd,  b0, b1, kp + 2 * N_COLS);
+        kp += 2 * N_COLS;
+    case 10 * AES_BLOCK_SIZE:
+        round(fwd_rnd,  b1, b0, kp + 1 * N_COLS);
+        round(fwd_rnd,  b0, b1, kp + 2 * N_COLS);
+        round(fwd_rnd,  b1, b0, kp + 3 * N_COLS);
+        round(fwd_rnd,  b0, b1, kp + 4 * N_COLS);
+        round(fwd_rnd,  b1, b0, kp + 5 * N_COLS);
+        round(fwd_rnd,  b0, b1, kp + 6 * N_COLS);
+        round(fwd_rnd,  b1, b0, kp + 7 * N_COLS);
+        round(fwd_rnd,  b0, b1, kp + 8 * N_COLS);
+        round(fwd_rnd,  b1, b0, kp + 9 * N_COLS);
+        round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
+    }
+
+#else
+
+#if (ENC_UNROLL == PARTIAL)
+    {   uint32_t    rnd;
+        for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1ul; ++rnd)
+        {
+            kp += N_COLS;
+            round(fwd_rnd, b1, b0, kp);
+            kp += N_COLS;
+            round(fwd_rnd, b0, b1, kp);
+        }
+        kp += N_COLS;
+        round(fwd_rnd,  b1, b0, kp);
+#else
+    {   uint32_t    rnd;
+        for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1ul; ++rnd)
+        {
+            kp += N_COLS;
+            round(fwd_rnd, b1, b0, kp);
+            l_copy(b0, b1);
+        }
+#endif
+        kp += N_COLS;
+        round(fwd_lrnd, b0, b1, kp);
+    }
+#endif
+
+    state_out(out, b0);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#if ( FUNCS_IN_C & DECRYPTION_IN_C)
+
+/* Visual C++ .Net v7.1 provides the fastest encryption code when using
+   Pentium optimisation with small code but this is poor for decryption
+   so we need to control this with the following VC++ pragmas
+*/
+
+#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
+#pragma optimize( "t", on )
+#endif
+
+/* Given the column (c) of the output state variable, the following
+   macros give the input state variables which are needed in its
+   computation for each row (r) of the state. All the alternative
+   macros give the same end values but expand into different ways
+   of calculating these values.  In particular the complex macro
+   used for dynamically variable block sizes is designed to expand
+   to a compile time constant whenever possible but will expand to
+   conditional clauses on some branches (I am grateful to Frank
+   Yellin for this construction)
+*/
+
+#define inv_var(x,r,c)\
+ ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
+ : r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
+ : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
+ :          ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
+
+#if defined(IT4_SET)
+#undef  dec_imvars
+#define inv_rnd(y,x,k,c)    (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
+#elif defined(IT1_SET)
+#undef  dec_imvars
+#define inv_rnd(y,x,k,c)    (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
+#else
+#define inv_rnd(y,x,k,c)    (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
+#endif
+
+#if defined(IL4_SET)
+#define inv_lrnd(y,x,k,c)   (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
+#elif defined(IL1_SET)
+#define inv_lrnd(y,x,k,c)   (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
+#else
+#define inv_lrnd(y,x,k,c)   (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
+#endif
+
+/* This code can work with the decryption key schedule in the   */
+/* order that is used for encryption (where the 1st decryption  */
+/* round key is at the high end ot the schedule) or with a key  */
+/* schedule that has been reversed to put the 1st decryption    */
+/* round key at the low end of the schedule in memory (when     */
+/* AES_REV_DKS is defined)                                      */
+
+#ifdef AES_REV_DKS
+#define key_ofs     0
+#define rnd_key(n)  (kp + n * N_COLS)
+#else
+#define key_ofs     1
+#define rnd_key(n)  (kp - n * N_COLS)
+#endif
+
+AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
+{   uint32_t        locals(b0, b1);
+#if defined( dec_imvars )
+    dec_imvars; /* declare variables for inv_mcol() if needed */
+#endif
+    const uint32_t *kp;
+
+	if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
+		return EXIT_FAILURE;
+
+    kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
+    state_in(b0, in, kp);
+
+#if (DEC_UNROLL == FULL)
+
+    kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
+    switch(cx->inf.b[0])
+    {
+    case 14 * AES_BLOCK_SIZE:
+        round(inv_rnd,  b1, b0, rnd_key(-13));
+        round(inv_rnd,  b0, b1, rnd_key(-12));
+    case 12 * AES_BLOCK_SIZE:
+        round(inv_rnd,  b1, b0, rnd_key(-11));
+        round(inv_rnd,  b0, b1, rnd_key(-10));
+    case 10 * AES_BLOCK_SIZE:
+        round(inv_rnd,  b1, b0, rnd_key(-9));
+        round(inv_rnd,  b0, b1, rnd_key(-8));
+        round(inv_rnd,  b1, b0, rnd_key(-7));
+        round(inv_rnd,  b0, b1, rnd_key(-6));
+        round(inv_rnd,  b1, b0, rnd_key(-5));
+        round(inv_rnd,  b0, b1, rnd_key(-4));
+        round(inv_rnd,  b1, b0, rnd_key(-3));
+        round(inv_rnd,  b0, b1, rnd_key(-2));
+        round(inv_rnd,  b1, b0, rnd_key(-1));
+        round(inv_lrnd, b0, b1, rnd_key( 0));
+    }
+
+#else
+
+#if (DEC_UNROLL == PARTIAL)
+    {   uint32_t    rnd;
+        for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1ul; ++rnd)
+        {
+            kp = rnd_key(1);
+            round(inv_rnd, b1, b0, kp);
+            kp = rnd_key(1);
+            round(inv_rnd, b0, b1, kp);
+        }
+        kp = rnd_key(1);
+        round(inv_rnd, b1, b0, kp);
+#else
+    {   uint32_t    rnd;
+        for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1ul; ++rnd)
+        {
+            kp = rnd_key(1);
+            round(inv_rnd, b1, b0, kp);
+            l_copy(b0, b1);
+        }
+#endif
+        kp = rnd_key(1);
+        round(inv_lrnd, b0, b1, kp);
+        }
+#endif
+
+    state_out(out, b0);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* K5_BUILTIN_AES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aeskey.c b/krb5-1.21.3/src/lib/crypto/builtin/aes/aeskey.c
new file mode 100644
index 00000000..c5906f00
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aeskey.c
@@ -0,0 +1,578 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 20/12/2007
+*/
+
+#include "aesopt.h"
+#include "aestab.h"
+
+#include "crypto_int.h"
+#ifdef K5_BUILTIN_AES
+
+#if defined( USE_INTEL_AES_IF_PRESENT )
+#  include "aes_ni.h"
+#else
+/* map names here to provide the external API ('name' -> 'aes_name') */
+#  define aes_xi(x) aes_ ## x
+#endif
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+#  include "aes_via_ace.h"
+#endif
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* Use the low bit in the context's inf.b[2] as a flag to
+   indicate whether a context was initialized for encryption
+   or decryption.
+*/
+#define MARK_AS_ENCRYPTION_CTX(cx) (cx)->inf.b[2] |= (uint8_t)0x01
+#define MARK_AS_DECRYPTION_CTX(cx) (cx)->inf.b[2] &= (uint8_t)0xfe
+
+/* Initialise the key schedule from the user supplied key. The key
+   length can be specified in bytes, with legal values of 16, 24
+   and 32, or in bits, with legal values of 128, 192 and 256. These
+   values correspond with Nk values of 4, 6 and 8 respectively.
+
+   The following macros implement a single cycle in the key
+   schedule generation process. The number of cycles needed
+   for each cx->n_col and nk value is:
+
+    nk =             4  5  6  7  8
+    ------------------------------
+    cx->n_col = 4   10  9  8  7  7
+    cx->n_col = 5   14 11 10  9  9
+    cx->n_col = 6   19 15 12 11 11
+    cx->n_col = 7   21 19 16 13 14
+    cx->n_col = 8   29 23 19 17 14
+*/
+
+#if defined( REDUCE_CODE_SIZE )
+#  define ls_box ls_sub
+   uint32_t ls_sub(const uint32_t t, const uint32_t n);
+#  define inv_mcol im_sub
+   uint32_t im_sub(const uint32_t x);
+#  ifdef ENC_KS_UNROLL
+#    undef ENC_KS_UNROLL
+#  endif
+#  ifdef DEC_KS_UNROLL
+#    undef DEC_KS_UNROLL
+#  endif
+#endif
+
+#if (FUNCS_IN_C & ENC_KEYING_IN_C)
+
+#if defined(AES_128) || defined( AES_VAR )
+
+#define ke4(k,i) \
+{   k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
+    k[4*(i)+5] = ss[1] ^= ss[0]; \
+    k[4*(i)+6] = ss[2] ^= ss[1]; \
+    k[4*(i)+7] = ss[3] ^= ss[2]; \
+}
+
+AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1])
+{   uint32_t    ss[4];
+
+    cx->ks[0] = ss[0] = word_in(key, 0);
+    cx->ks[1] = ss[1] = word_in(key, 1);
+    cx->ks[2] = ss[2] = word_in(key, 2);
+    cx->ks[3] = ss[3] = word_in(key, 3);
+
+#ifdef ENC_KS_UNROLL
+    ke4(cx->ks, 0);  ke4(cx->ks, 1);
+    ke4(cx->ks, 2);  ke4(cx->ks, 3);
+    ke4(cx->ks, 4);  ke4(cx->ks, 5);
+    ke4(cx->ks, 6);  ke4(cx->ks, 7);
+    ke4(cx->ks, 8);
+#else
+    {   uint32_t i;
+        for(i = 0; i < 9; ++i)
+            ke4(cx->ks, i);
+    }
+#endif
+    ke4(cx->ks, 9);
+    cx->inf.l = 0;
+    cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+    if(VIA_ACE_AVAILABLE)
+        cx->inf.b[1] = 0xff;
+#endif
+    MARK_AS_ENCRYPTION_CTX(cx);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#if defined(AES_192) || defined( AES_VAR )
+
+#define kef6(k,i) \
+{   k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
+    k[6*(i)+ 7] = ss[1] ^= ss[0]; \
+    k[6*(i)+ 8] = ss[2] ^= ss[1]; \
+    k[6*(i)+ 9] = ss[3] ^= ss[2]; \
+}
+
+#define ke6(k,i) \
+{   kef6(k,i); \
+    k[6*(i)+10] = ss[4] ^= ss[3]; \
+    k[6*(i)+11] = ss[5] ^= ss[4]; \
+}
+
+AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1])
+{   uint32_t    ss[6];
+
+	cx->ks[0] = ss[0] = word_in(key, 0);
+    cx->ks[1] = ss[1] = word_in(key, 1);
+    cx->ks[2] = ss[2] = word_in(key, 2);
+    cx->ks[3] = ss[3] = word_in(key, 3);
+    cx->ks[4] = ss[4] = word_in(key, 4);
+    cx->ks[5] = ss[5] = word_in(key, 5);
+
+#ifdef ENC_KS_UNROLL
+    ke6(cx->ks, 0);  ke6(cx->ks, 1);
+    ke6(cx->ks, 2);  ke6(cx->ks, 3);
+    ke6(cx->ks, 4);  ke6(cx->ks, 5);
+    ke6(cx->ks, 6);
+#else
+    {   uint32_t i;
+        for(i = 0; i < 7; ++i)
+            ke6(cx->ks, i);
+    }
+#endif
+    kef6(cx->ks, 7);
+    cx->inf.l = 0;
+    cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+    if(VIA_ACE_AVAILABLE)
+        cx->inf.b[1] = 0xff;
+#endif
+    MARK_AS_ENCRYPTION_CTX(cx);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#if defined(AES_256) || defined( AES_VAR )
+
+#define kef8(k,i) \
+{   k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
+    k[8*(i)+ 9] = ss[1] ^= ss[0]; \
+    k[8*(i)+10] = ss[2] ^= ss[1]; \
+    k[8*(i)+11] = ss[3] ^= ss[2]; \
+}
+
+#define ke8(k,i) \
+{   kef8(k,i); \
+    k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
+    k[8*(i)+13] = ss[5] ^= ss[4]; \
+    k[8*(i)+14] = ss[6] ^= ss[5]; \
+    k[8*(i)+15] = ss[7] ^= ss[6]; \
+}
+
+AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1])
+{   uint32_t    ss[8];
+
+    cx->ks[0] = ss[0] = word_in(key, 0);
+    cx->ks[1] = ss[1] = word_in(key, 1);
+    cx->ks[2] = ss[2] = word_in(key, 2);
+    cx->ks[3] = ss[3] = word_in(key, 3);
+    cx->ks[4] = ss[4] = word_in(key, 4);
+    cx->ks[5] = ss[5] = word_in(key, 5);
+    cx->ks[6] = ss[6] = word_in(key, 6);
+    cx->ks[7] = ss[7] = word_in(key, 7);
+
+#ifdef ENC_KS_UNROLL
+    ke8(cx->ks, 0); ke8(cx->ks, 1);
+    ke8(cx->ks, 2); ke8(cx->ks, 3);
+    ke8(cx->ks, 4); ke8(cx->ks, 5);
+#else
+    {   uint32_t i;
+        for(i = 0; i < 6; ++i)
+            ke8(cx->ks,  i);
+    }
+#endif
+    kef8(cx->ks, 6);
+    cx->inf.l = 0;
+    cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+    if(VIA_ACE_AVAILABLE)
+        cx->inf.b[1] = 0xff;
+#endif
+    MARK_AS_ENCRYPTION_CTX(cx);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#endif
+
+#if (FUNCS_IN_C & DEC_KEYING_IN_C)
+
+/* this is used to store the decryption round keys  */
+/* in forward or reverse order                      */
+
+#ifdef AES_REV_DKS
+#define v(n,i)  ((n) - (i) + 2 * ((i) & 3))
+#else
+#define v(n,i)  (i)
+#endif
+
+#if DEC_ROUND == NO_TABLES
+#define ff(x)   (x)
+#else
+#define ff(x)   inv_mcol(x)
+#if defined( dec_imvars )
+#define d_vars  dec_imvars
+#endif
+#endif
+
+#if defined(AES_128) || defined( AES_VAR )
+
+#define k4e(k,i) \
+{   k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
+    k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
+    k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
+    k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
+}
+
+#if 1
+
+#define kdf4(k,i) \
+{   ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
+    ss[1] = ss[1] ^ ss[3]; \
+    ss[2] = ss[2] ^ ss[3]; \
+    ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
+    ss[i % 4] ^= ss[4]; \
+    ss[4] ^= k[v(40,(4*(i)))];   k[v(40,(4*(i))+4)] = ff(ss[4]); \
+    ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
+    ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
+    ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
+}
+
+#define kd4(k,i) \
+{   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
+    ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
+    k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
+    k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
+    k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
+    k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
+}
+
+#define kdl4(k,i) \
+{   ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
+    k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
+    k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
+    k[v(40,(4*(i))+6)] = ss[0]; \
+    k[v(40,(4*(i))+7)] = ss[1]; \
+}
+
+#else
+
+#define kdf4(k,i) \
+{   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
+    ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
+    ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
+    ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
+}
+
+#define kd4(k,i) \
+{   ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
+    ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
+    ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
+    ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
+    ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
+}
+
+#define kdl4(k,i) \
+{   ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
+    ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
+    ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
+    ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
+}
+
+#endif
+
+AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1])
+{   uint32_t    ss[5];
+#if defined( d_vars )
+        d_vars;
+#endif
+
+	cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
+    cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
+    cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
+    cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
+
+#ifdef DEC_KS_UNROLL
+     kdf4(cx->ks, 0); kd4(cx->ks, 1);
+     kd4(cx->ks, 2);  kd4(cx->ks, 3);
+     kd4(cx->ks, 4);  kd4(cx->ks, 5);
+     kd4(cx->ks, 6);  kd4(cx->ks, 7);
+     kd4(cx->ks, 8);  kdl4(cx->ks, 9);
+#else
+    {   uint32_t i;
+        for(i = 0; i < 10; ++i)
+            k4e(cx->ks, i);
+#if !(DEC_ROUND == NO_TABLES)
+        for(i = N_COLS; i < 10 * N_COLS; ++i)
+            cx->ks[i] = inv_mcol(cx->ks[i]);
+#endif
+    }
+#endif
+    cx->inf.l = 0;
+    cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+    if(VIA_ACE_AVAILABLE)
+        cx->inf.b[1] = 0xff;
+#endif
+    MARK_AS_DECRYPTION_CTX(cx);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#if defined(AES_192) || defined( AES_VAR )
+
+#define k6ef(k,i) \
+{   k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
+    k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
+    k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
+    k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
+}
+
+#define k6e(k,i) \
+{   k6ef(k,i); \
+    k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
+    k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
+}
+
+#define kdf6(k,i) \
+{   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
+    ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
+    ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
+    ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
+    ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
+    ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
+}
+
+#define kd6(k,i) \
+{   ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
+    ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
+    ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
+    ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
+    ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
+    ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
+    ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
+}
+
+#define kdl6(k,i) \
+{   ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
+    ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
+    ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
+    ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
+}
+
+AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1])
+{   uint32_t    ss[7];
+#if defined( d_vars )
+        d_vars;
+#endif
+
+    cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
+    cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
+    cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
+    cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
+
+#ifdef DEC_KS_UNROLL
+    ss[4] = word_in(key, 4);
+    ss[5] = word_in(key, 5);
+    cx->ks[v(48, (4))] = ff(ss[4]);
+    cx->ks[v(48, (5))] = ff(ss[5]);
+    kdf6(cx->ks, 0); kd6(cx->ks, 1);
+    kd6(cx->ks, 2);  kd6(cx->ks, 3);
+    kd6(cx->ks, 4);  kd6(cx->ks, 5);
+    kd6(cx->ks, 6);  kdl6(cx->ks, 7);
+#else
+    cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
+    cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
+    {   uint32_t i;
+
+        for(i = 0; i < 7; ++i)
+            k6e(cx->ks, i);
+        k6ef(cx->ks, 7);
+#if !(DEC_ROUND == NO_TABLES)
+        for(i = N_COLS; i < 12 * N_COLS; ++i)
+            cx->ks[i] = inv_mcol(cx->ks[i]);
+#endif
+    }
+#endif
+    cx->inf.l = 0;
+    cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+    if(VIA_ACE_AVAILABLE)
+        cx->inf.b[1] = 0xff;
+#endif
+    MARK_AS_DECRYPTION_CTX(cx);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#if defined(AES_256) || defined( AES_VAR )
+
+#define k8ef(k,i) \
+{   k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
+    k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
+    k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
+    k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
+}
+
+#define k8e(k,i) \
+{   k8ef(k,i); \
+    k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
+    k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
+    k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
+    k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
+}
+
+#define kdf8(k,i) \
+{   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
+    ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
+    ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
+    ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
+    ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
+    ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
+    ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
+    ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
+}
+
+#define kd8(k,i) \
+{   ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
+    ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
+    ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
+    ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
+    ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
+    ss[8] = ls_box(ss[3],0); \
+    ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
+    ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
+    ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
+    ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
+}
+
+#define kdl8(k,i) \
+{   ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
+    ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
+    ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
+    ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
+}
+
+AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1])
+{   uint32_t    ss[9];
+#if defined( d_vars )
+        d_vars;
+#endif
+
+    cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
+    cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
+    cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
+    cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
+
+#ifdef DEC_KS_UNROLL
+    ss[4] = word_in(key, 4);
+    ss[5] = word_in(key, 5);
+    ss[6] = word_in(key, 6);
+    ss[7] = word_in(key, 7);
+    cx->ks[v(56,(4))] = ff(ss[4]);
+    cx->ks[v(56,(5))] = ff(ss[5]);
+    cx->ks[v(56,(6))] = ff(ss[6]);
+    cx->ks[v(56,(7))] = ff(ss[7]);
+    kdf8(cx->ks, 0); kd8(cx->ks, 1);
+    kd8(cx->ks, 2);  kd8(cx->ks, 3);
+    kd8(cx->ks, 4);  kd8(cx->ks, 5);
+    kdl8(cx->ks, 6);
+#else
+    cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
+    cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
+    cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
+    cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
+    {   uint32_t i;
+
+        for(i = 0; i < 6; ++i)
+            k8e(cx->ks,  i);
+        k8ef(cx->ks,  6);
+#if !(DEC_ROUND == NO_TABLES)
+        for(i = N_COLS; i < 14 * N_COLS; ++i)
+            cx->ks[i] = inv_mcol(cx->ks[i]);
+#endif
+    }
+#endif
+    cx->inf.l = 0;
+    cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
+
+#ifdef USE_VIA_ACE_IF_PRESENT
+    if(VIA_ACE_AVAILABLE)
+        cx->inf.b[1] = 0xff;
+#endif
+    MARK_AS_DECRYPTION_CTX(cx);
+    return EXIT_SUCCESS;
+}
+
+#endif
+
+#endif
+
+#if defined( AES_VAR )
+
+AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
+{
+	switch(key_len)
+	{
+	case 16: case 128: return aes_encrypt_key128(key, cx);
+	case 24: case 192: return aes_encrypt_key192(key, cx);
+	case 32: case 256: return aes_encrypt_key256(key, cx);
+	default: return EXIT_FAILURE;
+	}
+}
+
+AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
+{
+	switch(key_len)
+	{
+	case 16: case 128: return aes_decrypt_key128(key, cx);
+	case 24: case 192: return aes_decrypt_key192(key, cx);
+	case 32: case 256: return aes_decrypt_key256(key, cx);
+	default: return EXIT_FAILURE;
+	}
+}
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* K5_BUILTIN_AES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aesopt.h b/krb5-1.21.3/src/lib/crypto/builtin/aes/aesopt.h
new file mode 100644
index 00000000..5d24c8a8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aesopt.h
@@ -0,0 +1,786 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 20/12/2007
+
+ This file contains the compilation options for AES (Rijndael) and code
+ that is common across encryption, key scheduling and table generation.
+
+ OPERATION
+
+ These source code files implement the AES algorithm Rijndael designed by
+ Joan Daemen and Vincent Rijmen. This version is designed for the standard
+ block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
+ and 32 bytes).
+
+ This version is designed for flexibility and speed using operations on
+ 32-bit words rather than operations on bytes.  It can be compiled with
+ either big or little endian internal byte order but is faster when the
+ native byte order for the processor is used.
+
+ THE CIPHER INTERFACE
+
+ The cipher interface is implemented as an array of bytes in which lower
+ AES bit sequence indexes map to higher numeric significance within bytes.
+
+  uint8_t                 (an unsigned  8-bit type)
+  uint32_t                (an unsigned 32-bit type)
+  struct aes_encrypt_ctx  (structure for the cipher encryption context)
+  struct aes_decrypt_ctx  (structure for the cipher decryption context)
+  AES_RETURN                the function return type
+
+  C subroutine calls:
+
+  AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
+  AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
+  AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
+  AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out,
+                                                  const aes_encrypt_ctx cx[1]);
+
+  AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
+  AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
+  AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
+  AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out,
+                                                  const aes_decrypt_ctx cx[1]);
+
+ IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
+ you call aes_init() before AES is used so that the tables are initialised.
+
+ C++ aes class subroutines:
+
+     Class AESencrypt  for encryption
+
+      Constructors:
+          AESencrypt(void)
+          AESencrypt(const unsigned char *key) - 128 bit key
+      Members:
+          AES_RETURN key128(const unsigned char *key)
+          AES_RETURN key192(const unsigned char *key)
+          AES_RETURN key256(const unsigned char *key)
+          AES_RETURN encrypt(const unsigned char *in, unsigned char *out) const
+
+      Class AESdecrypt  for encryption
+      Constructors:
+          AESdecrypt(void)
+          AESdecrypt(const unsigned char *key) - 128 bit key
+      Members:
+          AES_RETURN key128(const unsigned char *key)
+          AES_RETURN key192(const unsigned char *key)
+          AES_RETURN key256(const unsigned char *key)
+          AES_RETURN decrypt(const unsigned char *in, unsigned char *out) const
+*/
+
+#if !defined( _AESOPT_H )
+#define _AESOPT_H
+
+#if defined( __cplusplus )
+#include "aescpp.h"
+#else
+#include "aes.h"
+#endif
+
+/*  PLATFORM SPECIFIC INCLUDES */
+
+#include "brg_endian.h"
+
+/*  CONFIGURATION - THE USE OF DEFINES
+
+    Later in this section there are a number of defines that control the
+    operation of the code.  In each section, the purpose of each define is
+    explained so that the relevant form can be included or excluded by
+    setting either 1's or 0's respectively on the branches of the related
+    #if clauses.  The following local defines should not be changed.
+*/
+
+#define ENCRYPTION_IN_C     1
+#define DECRYPTION_IN_C     2
+#define ENC_KEYING_IN_C     4
+#define DEC_KEYING_IN_C     8
+
+#define NO_TABLES           0
+#define ONE_TABLE           1
+#define FOUR_TABLES         4
+#define NONE                0
+#define PARTIAL             1
+#define FULL                2
+
+/*  --- START OF USER CONFIGURED OPTIONS --- */
+
+/*  1. BYTE ORDER WITHIN 32 BIT WORDS
+
+    The fundamental data processing units in Rijndael are 8-bit bytes. The
+    input, output and key input are all enumerated arrays of bytes in which
+    bytes are numbered starting at zero and increasing to one less than the
+    number of bytes in the array in question. This enumeration is only used
+    for naming bytes and does not imply any adjacency or order relationship
+    from one byte to another. When these inputs and outputs are considered
+    as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
+    byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
+    In this implementation bits are numbered from 0 to 7 starting at the
+    numerically least significant end of each byte (bit n represents 2^n).
+
+    However, Rijndael can be implemented more efficiently using 32-bit
+    words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
+    into word[n]. While in principle these bytes can be assembled into words
+    in any positions, this implementation only supports the two formats in
+    which bytes in adjacent positions within words also have adjacent byte
+    numbers. This order is called big-endian if the lowest numbered bytes
+    in words have the highest numeric significance and little-endian if the
+    opposite applies.
+
+    This code can work in either order irrespective of the order used by the
+    machine on which it runs. Normally the internal byte order will be set
+    to the order of the processor on which the code is to be run but this
+    define can be used to reverse this in special situations
+
+    WARNING: Assembler code versions rely on PLATFORM_BYTE_ORDER being set.
+    This define will hence be redefined later (in section 4) if necessary
+*/
+
+#if 1
+#  define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
+#elif 0
+#  define ALGORITHM_BYTE_ORDER IS_LITTLE_ENDIAN
+#elif 0
+#  define ALGORITHM_BYTE_ORDER IS_BIG_ENDIAN
+#else
+#  error The algorithm byte order is not defined
+#endif
+
+/*  2. Intel AES AND VIA ACE SUPPORT */
+
+#if defined( __GNUC__ ) && defined( __i386__ ) && !defined(__BEOS__)  \
+ || defined( _WIN32 ) && defined( _M_IX86 ) && !(defined( _WIN64 ) \
+ || defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
+#  define VIA_ACE_POSSIBLE
+#endif
+
+/* AESNI is supported by all Windows x64 compilers, but for Linux/GCC
+   we have to test for SSE 2, SSE 3, and AES to before enabling it; */
+#if !defined( INTEL_AES_POSSIBLE )
+#  if defined( _WIN64 ) && defined( _MSC_VER ) \
+   || defined( __GNUC__ ) && defined( __x86_64__ ) && \
+	  defined( __SSE2__ ) && defined( __SSE3__ ) && \
+	  defined( __AES__ )
+#    define INTEL_AES_POSSIBLE
+#  endif
+#endif
+
+/*  Define this option if support for the Intel AESNI is required
+    If USE_INTEL_AES_IF_PRESENT is defined then AESNI will be used
+    if it is detected (both present and enabled).
+
+	AESNI uses a decryption key schedule with the first decryption
+	round key at the high end of the key schedule with the following
+	round keys at lower positions in memory.  So AES_REV_DKS must NOT
+	be defined when AESNI will be used.  Although it is unlikely that
+	assembler code will be used with an AESNI build, if it is then
+	AES_REV_DKS must NOT be defined when the assembler files are
+	built (the definition of USE_INTEL_AES_IF_PRESENT in the assembler
+	code files must match that here if they are used). 
+*/
+
+#if defined( INTEL_AES_POSSIBLE )
+#  if 0 && !defined( USE_INTEL_AES_IF_PRESENT )
+#    define USE_INTEL_AES_IF_PRESENT
+#  endif
+#elif defined( USE_INTEL_AES_IF_PRESENT )
+#  error: AES_NI is not available on this platform
+#endif
+
+/*  Define this option if support for the VIA ACE is required. This uses
+    inline assembler instructions and is only implemented for the Microsoft,
+    Intel and GCC compilers.  If VIA ACE is known to be present, then defining
+    ASSUME_VIA_ACE_PRESENT will remove the ordinary encryption/decryption
+    code.  If USE_VIA_ACE_IF_PRESENT is defined then VIA ACE will be used if
+    it is detected (both present and enabled) but the normal AES code will
+    also be present.
+
+    When VIA ACE is to be used, all AES encryption contexts MUST be 16 byte
+    aligned; other input/output buffers do not need to be 16 byte aligned
+    but there are very large performance gains if this can be arranged.
+    VIA ACE also requires the decryption key schedule to be in reverse
+    order (which later checks below ensure).
+
+	AES_REV_DKS must be set for assembler code used with a VIA ACE build
+*/
+
+#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT )
+#  define USE_VIA_ACE_IF_PRESENT
+#endif
+
+#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( ASSUME_VIA_ACE_PRESENT )
+#  define ASSUME_VIA_ACE_PRESENT
+#  endif
+
+/*  3. ASSEMBLER SUPPORT
+
+    This define (which can be on the command line) enables the use of the
+    assembler code routines for encryption, decryption and key scheduling
+    as follows:
+
+    ASM_X86_V1C uses the assembler (aes_x86_v1.asm) with large tables for
+                encryption and decryption and but with key scheduling in C
+    ASM_X86_V2  uses assembler (aes_x86_v2.asm) with compressed tables for
+                encryption, decryption and key scheduling
+    ASM_X86_V2C uses assembler (aes_x86_v2.asm) with compressed tables for
+                encryption and decryption and but with key scheduling in C
+    ASM_AMD64_C uses assembler (aes_amd64.asm) with compressed tables for
+                encryption and decryption and but with key scheduling in C
+
+    Change one 'if 0' below to 'if 1' to select the version or define
+    as a compilation option.
+*/
+
+#if 0 && !defined( ASM_X86_V1C )
+#  define ASM_X86_V1C
+#elif 0 && !defined( ASM_X86_V2  )
+#  define ASM_X86_V2
+#elif 0 && !defined( ASM_X86_V2C )
+#  define ASM_X86_V2C
+#elif 0 && !defined( ASM_AMD64_C )
+#  define ASM_AMD64_C
+#endif
+
+#if defined( __i386 ) || defined( _M_IX86 )
+#  define A32_
+#elif defined( __x86_64__ ) || defined( _M_X64 )
+#  define A64_
+#endif
+
+#if (defined ( ASM_X86_V1C ) || defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )) \
+       && !defined( A32_ )  || defined( ASM_AMD64_C ) && !defined( A64_ )
+#  error Assembler code is only available for x86 and AMD64 systems
+#endif
+
+/*  4. FAST INPUT/OUTPUT OPERATIONS.
+
+    On some machines it is possible to improve speed by transferring the
+    bytes in the input and output arrays to and from the internal 32-bit
+    variables by addressing these arrays as if they are arrays of 32-bit
+    words.  On some machines this will always be possible but there may
+    be a large performance penalty if the byte arrays are not aligned on
+    the normal word boundaries. On other machines this technique will
+    lead to memory access errors when such 32-bit word accesses are not
+    properly aligned. The option SAFE_IO avoids such problems but will
+    often be slower on those machines that support misaligned access
+    (especially so if care is taken to align the input  and output byte
+    arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
+    assumed that access to byte arrays as if they are arrays of 32-bit
+    words will not cause problems when such accesses are misaligned.
+*/
+#if 1 && !defined( _MSC_VER )
+#  define SAFE_IO
+#endif
+
+/*  5. LOOP UNROLLING
+
+    The code for encryption and decryption cycles through a number of rounds
+    that can be implemented either in a loop or by expanding the code into a
+    long sequence of instructions, the latter producing a larger program but
+    one that will often be much faster. The latter is called loop unrolling.
+    There are also potential speed advantages in expanding two iterations in
+    a loop with half the number of iterations, which is called partial loop
+    unrolling.  The following options allow partial or full loop unrolling
+    to be set independently for encryption and decryption
+*/
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)
+#  define ENC_UNROLL  FULL
+#elif 0
+#  define ENC_UNROLL  PARTIAL
+#else
+#  define ENC_UNROLL  NONE
+#endif
+
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)
+#  define DEC_UNROLL  FULL
+#elif 0
+#  define DEC_UNROLL  PARTIAL
+#else
+#  define DEC_UNROLL  NONE
+#endif
+
+#if 1
+#  define ENC_KS_UNROLL
+#endif
+
+#if 1
+#  define DEC_KS_UNROLL
+#endif
+
+/*  6. FAST FINITE FIELD OPERATIONS
+
+    If this section is included, tables are used to provide faster finite
+    field arithmetic (this has no effect if STATIC_TABLES is defined).
+*/
+#if 1
+#  define FF_TABLES
+#endif
+
+/*  7. INTERNAL STATE VARIABLE FORMAT
+
+    The internal state of Rijndael is stored in a number of local 32-bit
+    word variables which can be defined either as an array or as individual
+    names variables. Include this section if you want to store these local
+    variables in arrays. Otherwise individual local variables will be used.
+*/
+#if 1
+#  define ARRAYS
+#endif
+
+/*  8. FIXED OR DYNAMIC TABLES
+
+    When this section is included the tables used by the code are compiled
+    statically into the binary file.  Otherwise the subroutine aes_init()
+    must be called to compute them before the code is first used.
+*/
+#if 1 && !(defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
+#  define STATIC_TABLES
+#endif
+
+/*  9. MASKING OR CASTING FROM LONGER VALUES TO BYTES
+
+    In some systems it is better to mask longer values to extract bytes
+    rather than using a cast. This option allows this choice.
+*/
+#if 0
+#  define to_byte(x)  ((uint8_t)(x))
+#else
+#  define to_byte(x)  ((x) & 0xff)
+#endif
+
+/*  10. TABLE ALIGNMENT
+
+    On some systems speed will be improved by aligning the AES large lookup
+    tables on particular boundaries. This define should be set to a power of
+    two giving the desired alignment. It can be left undefined if alignment
+    is not needed.  This option is specific to the Microsoft VC++ compiler -
+    it seems to sometimes cause trouble for the VC++ version 6 compiler.
+*/
+
+#if 1 && defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
+#  define TABLE_ALIGN 32
+#endif
+
+/*  11.  REDUCE CODE AND TABLE SIZE
+
+    This replaces some expanded macros with function calls if AES_ASM_V2 or
+    AES_ASM_V2C are defined
+*/
+
+#if 1 && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C ))
+#  define REDUCE_CODE_SIZE
+#endif
+
+/*  12. TABLE OPTIONS
+
+    This cipher proceeds by repeating in a number of cycles known as 'rounds'
+    which are implemented by a round function which can optionally be speeded
+    up using tables.  The basic tables are each 256 32-bit words, with either
+    one or four tables being required for each round function depending on
+    how much speed is required. The encryption and decryption round functions
+    are different and the last encryption and decryption round functions are
+    different again making four different round functions in all.
+
+    This means that:
+      1. Normal encryption and decryption rounds can each use either 0, 1
+         or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
+      2. The last encryption and decryption rounds can also use either 0, 1
+         or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
+
+    Include or exclude the appropriate definitions below to set the number
+    of tables used by this implementation.
+*/
+
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)   /* set tables for the normal encryption round */
+#  define ENC_ROUND   FOUR_TABLES
+#elif 0
+#  define ENC_ROUND   ONE_TABLE
+#else
+#  define ENC_ROUND   NO_TABLES
+#endif
+
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)   /* set tables for the last encryption round */
+#  define LAST_ENC_ROUND  FOUR_TABLES
+#elif 0
+#  define LAST_ENC_ROUND  ONE_TABLE
+#else
+#  define LAST_ENC_ROUND  NO_TABLES
+#endif
+
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)   /* set tables for the normal decryption round */
+#  define DEC_ROUND   FOUR_TABLES
+#elif 0
+#  define DEC_ROUND   ONE_TABLE
+#else
+#  define DEC_ROUND   NO_TABLES
+#endif
+
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)   /* set tables for the last decryption round */
+#  define LAST_DEC_ROUND  FOUR_TABLES
+#elif 0
+#  define LAST_DEC_ROUND  ONE_TABLE
+#else
+#  define LAST_DEC_ROUND  NO_TABLES
+#endif
+
+/*  The decryption key schedule can be speeded up with tables in the same
+    way that the round functions can.  Include or exclude the following
+    defines to set this requirement.
+*/
+#if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)
+#  define KEY_SCHED   FOUR_TABLES
+#elif 0
+#  define KEY_SCHED   ONE_TABLE
+#else
+#  define KEY_SCHED   NO_TABLES
+#endif
+
+/*  ---- END OF USER CONFIGURED OPTIONS ---- */
+
+/* VIA ACE support is only available for VC++ and GCC */
+
+#if !defined( _MSC_VER ) && !defined( __GNUC__ )
+#  if defined( ASSUME_VIA_ACE_PRESENT )
+#    undef ASSUME_VIA_ACE_PRESENT
+#  endif
+#  if defined( USE_VIA_ACE_IF_PRESENT )
+#    undef USE_VIA_ACE_IF_PRESENT
+#  endif
+#endif
+
+#if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT )
+#  define USE_VIA_ACE_IF_PRESENT
+#endif
+
+/* define to reverse decryption key schedule    */
+#if 1 || defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
+#  define AES_REV_DKS
+#endif
+
+/* Intel AESNI uses a decryption key schedule in the encryption order */
+#if defined( USE_INTEL_AES_IF_PRESENT ) && defined ( AES_REV_DKS )
+#  undef AES_REV_DKS
+#endif
+
+/* Assembler support requires the use of platform byte order */
+
+#if ( defined( ASM_X86_V1C ) || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) ) \
+    && (ALGORITHM_BYTE_ORDER != PLATFORM_BYTE_ORDER)
+#  undef  ALGORITHM_BYTE_ORDER
+#  define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
+#endif
+
+/* In this implementation the columns of the state array are each held in
+   32-bit words. The state array can be held in various ways: in an array
+   of words, in a number of individual word variables or in a number of
+   processor registers. The following define maps a variable name x and
+   a column number c to the way the state array variable is to be held.
+   The first define below maps the state into an array x[c] whereas the
+   second form maps the state into a number of individual variables x0,
+   x1, etc.  Another form could map individual state columns to machine
+   register names.
+*/
+
+#if defined( ARRAYS )
+#  define s(x,c) x[c]
+#else
+#  define s(x,c) x##c
+#endif
+
+/*  This implementation provides subroutines for encryption, decryption
+    and for setting the three key lengths (separately) for encryption
+    and decryption. Since not all functions are needed, masks are set
+    up here to determine which will be implemented in C
+*/
+
+#if !defined( AES_ENCRYPT )
+#  define EFUNCS_IN_C   0
+#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \
+    || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
+#  define EFUNCS_IN_C   ENC_KEYING_IN_C
+#elif !defined( ASM_X86_V2 )
+#  define EFUNCS_IN_C   ( ENCRYPTION_IN_C | ENC_KEYING_IN_C )
+#else
+#  define EFUNCS_IN_C   0
+#endif
+
+#if !defined( AES_DECRYPT )
+#  define DFUNCS_IN_C   0
+#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \
+    || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
+#  define DFUNCS_IN_C   DEC_KEYING_IN_C
+#elif !defined( ASM_X86_V2 )
+#  define DFUNCS_IN_C   ( DECRYPTION_IN_C | DEC_KEYING_IN_C )
+#else
+#  define DFUNCS_IN_C   0
+#endif
+
+#define FUNCS_IN_C  ( EFUNCS_IN_C | DFUNCS_IN_C )
+
+/* END OF CONFIGURATION OPTIONS */
+
+#define RC_LENGTH   (5 * (AES_BLOCK_SIZE / 4 - 2))
+
+/* Disable or report errors on some combinations of options */
+
+#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
+#  undef  LAST_ENC_ROUND
+#  define LAST_ENC_ROUND  NO_TABLES
+#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
+#  undef  LAST_ENC_ROUND
+#  define LAST_ENC_ROUND  ONE_TABLE
+#endif
+
+#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
+#  undef  ENC_UNROLL
+#  define ENC_UNROLL  NONE
+#endif
+
+#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
+#  undef  LAST_DEC_ROUND
+#  define LAST_DEC_ROUND  NO_TABLES
+#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
+#  undef  LAST_DEC_ROUND
+#  define LAST_DEC_ROUND  ONE_TABLE
+#endif
+
+#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
+#  undef  DEC_UNROLL
+#  define DEC_UNROLL  NONE
+#endif
+
+#if defined( bswap32 )
+#  define aes_sw32    bswap32
+#elif defined( bswap_32 )
+#  define aes_sw32    bswap_32
+#else
+#  define brot(x,n)   (((uint32_t)(x) <<  n) | ((uint32_t)(x) >> (32 - n)))
+#  define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00))
+#endif
+
+/*  upr(x,n):  rotates bytes within words by n positions, moving bytes to
+               higher index positions with wrap around into low positions
+    ups(x,n):  moves bytes by n positions to higher index positions in
+               words but without wrap around
+    bval(x,n): extracts a byte from a word
+
+    WARNING:   The definitions given here are intended only for use with
+               unsigned variables and with shift counts that are compile
+               time constants
+*/
+
+#if ( ALGORITHM_BYTE_ORDER == IS_LITTLE_ENDIAN )
+#  define upr(x,n)      (((uint32_t)(x) << (8 * (n))) | ((uint32_t)(x) >> (32 - 8 * (n))))
+#  define ups(x,n)      ((uint32_t) (x) << (8 * (n)))
+#  define bval(x,n)     to_byte((x) >> (8 * (n)))
+#  define bytes2word(b0, b1, b2, b3)  \
+        (((uint32_t)(b3) << 24) | ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0))
+#endif
+
+#if ( ALGORITHM_BYTE_ORDER == IS_BIG_ENDIAN )
+#  define upr(x,n)      (((uint32_t)(x) >> (8 * (n))) | ((uint32_t)(x) << (32 - 8 * (n))))
+#  define ups(x,n)      ((uint32_t) (x) >> (8 * (n)))
+#  define bval(x,n)     to_byte((x) >> (24 - 8 * (n)))
+#  define bytes2word(b0, b1, b2, b3)  \
+        (((uint32_t)(b0) << 24) | ((uint32_t)(b1) << 16) | ((uint32_t)(b2) << 8) | (b3))
+#endif
+
+#if defined( SAFE_IO )
+#  define word_in(x,c)    bytes2word(((const uint8_t*)(x)+4*c)[0], ((const uint8_t*)(x)+4*c)[1], \
+                                   ((const uint8_t*)(x)+4*c)[2], ((const uint8_t*)(x)+4*c)[3])
+#  define word_out(x,c,v) { ((uint8_t*)(x)+4*c)[0] = bval(v,0); ((uint8_t*)(x)+4*c)[1] = bval(v,1); \
+                          ((uint8_t*)(x)+4*c)[2] = bval(v,2); ((uint8_t*)(x)+4*c)[3] = bval(v,3); }
+#elif ( ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER )
+#  define word_in(x,c)    (*((uint32_t*)(x)+(c)))
+#  define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = (v))
+#else
+#  define word_in(x,c)    aes_sw32(*((uint32_t*)(x)+(c)))
+#  define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = aes_sw32(v))
+#endif
+
+/* the finite field modular polynomial and elements */
+
+#define WPOLY   0x011b
+#define BPOLY     0x1b
+
+/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
+
+#define gf_c1  0x80808080
+#define gf_c2  0x7f7f7f7f
+#define gf_mulx(x)  ((((x) & gf_c2) << 1) ^ ((((x) & gf_c1) >> 7) * BPOLY))
+
+/* The following defines provide alternative definitions of gf_mulx that might
+   give improved performance if a fast 32-bit multiply is not available. Note
+   that a temporary variable u needs to be defined where gf_mulx is used.
+
+#define gf_mulx(x) (u = (x) & gf_c1, u |= (u >> 1), ((x) & gf_c2) << 1) ^ ((u >> 3) | (u >> 6))
+#define gf_c4  (0x01010101 * BPOLY)
+#define gf_mulx(x) (u = (x) & gf_c1, ((x) & gf_c2) << 1) ^ ((u - (u >> 7)) & gf_c4)
+*/
+
+/* Work out which tables are needed for the different options   */
+
+#if defined( ASM_X86_V1C )
+#  if defined( ENC_ROUND )
+#    undef  ENC_ROUND
+#  endif
+#  define ENC_ROUND   FOUR_TABLES
+#  if defined( LAST_ENC_ROUND )
+#    undef  LAST_ENC_ROUND
+#  endif
+#  define LAST_ENC_ROUND  FOUR_TABLES
+#  if defined( DEC_ROUND )
+#    undef  DEC_ROUND
+#  endif
+#  define DEC_ROUND   FOUR_TABLES
+#  if defined( LAST_DEC_ROUND )
+#    undef  LAST_DEC_ROUND
+#  endif
+#  define LAST_DEC_ROUND  FOUR_TABLES
+#  if defined( KEY_SCHED )
+#    undef  KEY_SCHED
+#    define KEY_SCHED   FOUR_TABLES
+#  endif
+#endif
+
+#if ( FUNCS_IN_C & ENCRYPTION_IN_C ) || defined( ASM_X86_V1C )
+#  if ENC_ROUND == ONE_TABLE
+#    define FT1_SET
+#  elif ENC_ROUND == FOUR_TABLES
+#    define FT4_SET
+#  else
+#    define SBX_SET
+#  endif
+#  if LAST_ENC_ROUND == ONE_TABLE
+#    define FL1_SET
+#  elif LAST_ENC_ROUND == FOUR_TABLES
+#    define FL4_SET
+#  elif !defined( SBX_SET )
+#    define SBX_SET
+#  endif
+#endif
+
+#if ( FUNCS_IN_C & DECRYPTION_IN_C ) || defined( ASM_X86_V1C )
+#  if DEC_ROUND == ONE_TABLE
+#    define IT1_SET
+#  elif DEC_ROUND == FOUR_TABLES
+#    define IT4_SET
+#  else
+#    define ISB_SET
+#  endif
+#  if LAST_DEC_ROUND == ONE_TABLE
+#    define IL1_SET
+#  elif LAST_DEC_ROUND == FOUR_TABLES
+#    define IL4_SET
+#  elif !defined(ISB_SET)
+#    define ISB_SET
+#  endif
+#endif
+
+#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
+#  if ((FUNCS_IN_C & ENC_KEYING_IN_C) || (FUNCS_IN_C & DEC_KEYING_IN_C))
+#    if KEY_SCHED == ONE_TABLE
+#      if !defined( FL1_SET )  && !defined( FL4_SET )
+#        define LS1_SET
+#      endif
+#    elif KEY_SCHED == FOUR_TABLES
+#      if !defined( FL4_SET )
+#        define LS4_SET
+#      endif
+#    elif !defined( SBX_SET )
+#      define SBX_SET
+#    endif
+#  endif
+#  if (FUNCS_IN_C & DEC_KEYING_IN_C)
+#    if KEY_SCHED == ONE_TABLE
+#      define IM1_SET
+#    elif KEY_SCHED == FOUR_TABLES
+#      define IM4_SET
+#    elif !defined( SBX_SET )
+#      define SBX_SET
+#    endif
+#  endif
+#endif
+
+/* generic definitions of Rijndael macros that use tables    */
+
+#define no_table(x,box,vf,rf,c) bytes2word( \
+    box[bval(vf(x,0,c),rf(0,c))], \
+    box[bval(vf(x,1,c),rf(1,c))], \
+    box[bval(vf(x,2,c),rf(2,c))], \
+    box[bval(vf(x,3,c),rf(3,c))])
+
+#define one_table(x,op,tab,vf,rf,c) \
+ (     tab[bval(vf(x,0,c),rf(0,c))] \
+  ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
+  ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
+  ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
+
+#define four_tables(x,tab,vf,rf,c) \
+ (  tab[0][bval(vf(x,0,c),rf(0,c))] \
+  ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
+  ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
+  ^ tab[3][bval(vf(x,3,c),rf(3,c))])
+
+#define vf1(x,r,c)  (x)
+#define rf1(r,c)    (r)
+#define rf2(r,c)    ((8+r-c)&3)
+
+/* perform forward and inverse column mix operation on four bytes in long word x in */
+/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros.  */
+
+#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
+
+#if defined( FM4_SET )      /* not currently used */
+#  define fwd_mcol(x)       four_tables(x,t_use(f,m),vf1,rf1,0)
+#elif defined( FM1_SET )    /* not currently used */
+#  define fwd_mcol(x)       one_table(x,upr,t_use(f,m),vf1,rf1,0)
+#else
+#  define dec_fmvars        uint32_t g2
+#  define fwd_mcol(x)       (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
+#endif
+
+#if defined( IM4_SET )
+#  define inv_mcol(x)       four_tables(x,t_use(i,m),vf1,rf1,0)
+#elif defined( IM1_SET )
+#  define inv_mcol(x)       one_table(x,upr,t_use(i,m),vf1,rf1,0)
+#else
+#  define dec_imvars        uint32_t g2, g4, g9
+#  define inv_mcol(x)       (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
+                            (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
+#endif
+
+#if defined( FL4_SET )
+#  define ls_box(x,c)       four_tables(x,t_use(f,l),vf1,rf2,c)
+#elif defined( LS4_SET )
+#  define ls_box(x,c)       four_tables(x,t_use(l,s),vf1,rf2,c)
+#elif defined( FL1_SET )
+#  define ls_box(x,c)       one_table(x,upr,t_use(f,l),vf1,rf2,c)
+#elif defined( LS1_SET )
+#  define ls_box(x,c)       one_table(x,upr,t_use(l,s),vf1,rf2,c)
+#else
+#  define ls_box(x,c)       no_table(x,t_use(s,box),vf1,rf2,c)
+#endif
+
+#endif
+
+#if defined( ASM_X86_V1C ) && defined( AES_DECRYPT ) && !defined( ISB_SET )
+#  define ISB_SET
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aestab.c b/krb5-1.21.3/src/lib/crypto/builtin/aes/aestab.c
new file mode 100644
index 00000000..740815f1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aestab.c
@@ -0,0 +1,429 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 20/12/2007
+*/
+
+#define DO_TABLES
+
+#include "aes.h"
+#include "aesopt.h"
+
+#include "crypto_int.h"
+#ifdef K5_BUILTIN_AES
+
+#if defined(STATIC_TABLES)
+
+#define sb_data(w) {\
+    w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
+    w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
+    w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
+    w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
+    w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
+    w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
+    w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
+    w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
+    w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
+    w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
+    w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
+    w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
+    w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
+    w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
+    w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
+    w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
+    w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
+    w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
+    w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
+    w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
+    w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
+    w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
+    w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
+    w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
+    w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
+    w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
+    w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
+    w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
+    w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
+    w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
+    w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
+    w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
+
+#define isb_data(w) {\
+    w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
+    w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
+    w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
+    w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
+    w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
+    w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
+    w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
+    w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
+    w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
+    w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
+    w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
+    w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
+    w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
+    w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
+    w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
+    w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
+    w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
+    w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
+    w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
+    w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
+    w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
+    w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
+    w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
+    w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
+    w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
+    w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
+    w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
+    w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
+    w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
+    w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
+    w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
+    w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
+
+#define mm_data(w) {\
+    w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
+    w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
+    w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
+    w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
+    w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
+    w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
+    w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
+    w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
+    w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
+    w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
+    w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
+    w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
+    w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
+    w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
+    w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
+    w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
+    w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
+    w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
+    w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
+    w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
+    w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
+    w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
+    w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
+    w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
+    w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
+    w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
+    w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
+    w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
+    w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
+    w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
+    w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
+    w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
+
+#define rc_data(w) {\
+    w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
+    w(0x1b), w(0x36) }
+
+#define h0(x)   (x)
+
+#define w0(p)   bytes2word(p, 0, 0, 0)
+#define w1(p)   bytes2word(0, p, 0, 0)
+#define w2(p)   bytes2word(0, 0, p, 0)
+#define w3(p)   bytes2word(0, 0, 0, p)
+
+#define u0(p)   bytes2word(f2(p), p, p, f3(p))
+#define u1(p)   bytes2word(f3(p), f2(p), p, p)
+#define u2(p)   bytes2word(p, f3(p), f2(p), p)
+#define u3(p)   bytes2word(p, p, f3(p), f2(p))
+
+#define v0(p)   bytes2word(fe(p), f9(p), fd(p), fb(p))
+#define v1(p)   bytes2word(fb(p), fe(p), f9(p), fd(p))
+#define v2(p)   bytes2word(fd(p), fb(p), fe(p), f9(p))
+#define v3(p)   bytes2word(f9(p), fd(p), fb(p), fe(p))
+
+#endif
+
+#if defined(STATIC_TABLES) || !defined(FF_TABLES)
+
+#define f2(x)   ((x<<1) ^ (((x>>7) & 1) * WPOLY))
+#define f4(x)   ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
+#define f8(x)   ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
+                        ^ (((x>>5) & 4) * WPOLY))
+#define f3(x)   (f2(x) ^ x)
+#define f9(x)   (f8(x) ^ x)
+#define fb(x)   (f8(x) ^ f2(x) ^ x)
+#define fd(x)   (f8(x) ^ f4(x) ^ x)
+#define fe(x)   (f8(x) ^ f4(x) ^ f2(x))
+
+#else
+
+#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
+#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
+#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
+#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
+#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
+#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
+
+#endif
+
+#include "aestab.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#if defined(STATIC_TABLES)
+
+/* implemented in case of wrong call for fixed tables */
+
+AES_RETURN aes_init(void)
+{
+    return EXIT_SUCCESS;
+}
+
+#else   /*  Generate the tables for the dynamic table option */
+
+#if defined(FF_TABLES)
+
+#define gf_inv(x)   ((x) ? pow[ 255 - log[x]] : 0)
+
+#else
+
+/*  It will generally be sensible to use tables to compute finite
+    field multiplies and inverses but where memory is scarse this
+    code might sometimes be better. But it only has effect during
+    initialisation so its pretty unimportant in overall terms.
+*/
+
+/*  return 2 ^ (n - 1) where n is the bit number of the highest bit
+    set in x with x in the range 1 < x < 0x00000200.   This form is
+    used so that locals within fi can be bytes rather than words
+*/
+
+static uint8_t hibit(const uint32_t x)
+{   uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
+
+    r |= (r >> 2);
+    r |= (r >> 4);
+    return (r + 1) >> 1;
+}
+
+/* return the inverse of the finite field element x */
+
+static uint8_t gf_inv(const uint8_t x)
+{   uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
+
+    if(x < 2)
+        return x;
+
+    for( ; ; )
+    {
+        if(n1)
+            while(n2 >= n1)             /* divide polynomial p2 by p1    */
+            {
+                n2 /= n1;               /* shift smaller polynomial left */
+                p2 ^= (p1 * n2) & 0xff; /* and remove from larger one    */
+                v2 ^= v1 * n2;          /* shift accumulated value and   */
+                n2 = hibit(p2);         /* add into result               */
+            }
+        else
+            return v1;
+
+        if(n2)                          /* repeat with values swapped    */
+            while(n1 >= n2)
+            {
+                n1 /= n2;
+                p1 ^= p2 * n1;
+                v1 ^= v2 * n1;
+                n1 = hibit(p1);
+            }
+        else
+            return v2;
+    }
+}
+
+#endif
+
+/* The forward and inverse affine transformations used in the S-box */
+uint8_t fwd_affine(const uint8_t x)
+{   uint32_t w = x;
+    w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
+    return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
+}
+
+uint8_t inv_affine(const uint8_t x)
+{   uint32_t w = x;
+    w = (w << 1) ^ (w << 3) ^ (w << 6);
+    return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
+}
+
+static int init = 0;
+
+AES_RETURN aes_init(void)
+{   uint32_t  i, w;
+
+#if defined(FF_TABLES)
+
+    uint8_t  pow[512], log[256];
+
+    if(init)
+        return EXIT_SUCCESS;
+    /*  log and power tables for GF(2^8) finite field with
+        WPOLY as modular polynomial - the simplest primitive
+        root is 0x03, used here to generate the tables
+    */
+
+    i = 0; w = 1;
+    do
+    {
+        pow[i] = (uint8_t)w;
+        pow[i + 255] = (uint8_t)w;
+        log[w] = (uint8_t)i++;
+        w ^=  (w << 1) ^ (w & 0x80 ? WPOLY : 0);
+    }
+    while (w != 1);
+
+#else
+    if(init)
+        return EXIT_SUCCESS;
+#endif
+
+    for(i = 0, w = 1; i < RC_LENGTH; ++i)
+    {
+        t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
+        w = f2(w);
+    }
+
+    for(i = 0; i < 256; ++i)
+    {   uint8_t    b;
+
+        b = fwd_affine(gf_inv((uint8_t)i));
+        w = bytes2word(f2(b), b, b, f3(b));
+
+#if defined( SBX_SET )
+        t_set(s,box)[i] = b;
+#endif
+
+#if defined( FT1_SET )                 /* tables for a normal encryption round */
+        t_set(f,n)[i] = w;
+#endif
+#if defined( FT4_SET )
+        t_set(f,n)[0][i] = w;
+        t_set(f,n)[1][i] = upr(w,1);
+        t_set(f,n)[2][i] = upr(w,2);
+        t_set(f,n)[3][i] = upr(w,3);
+#endif
+        w = bytes2word(b, 0, 0, 0);
+
+#if defined( FL1_SET )            /* tables for last encryption round (may also   */
+        t_set(f,l)[i] = w;        /* be used in the key schedule)                 */
+#endif
+#if defined( FL4_SET )
+        t_set(f,l)[0][i] = w;
+        t_set(f,l)[1][i] = upr(w,1);
+        t_set(f,l)[2][i] = upr(w,2);
+        t_set(f,l)[3][i] = upr(w,3);
+#endif
+
+#if defined( LS1_SET )			/* table for key schedule if t_set(f,l) above is*/
+        t_set(l,s)[i] = w;      /* not of the required form                     */
+#endif
+#if defined( LS4_SET )
+        t_set(l,s)[0][i] = w;
+        t_set(l,s)[1][i] = upr(w,1);
+        t_set(l,s)[2][i] = upr(w,2);
+        t_set(l,s)[3][i] = upr(w,3);
+#endif
+
+        b = gf_inv(inv_affine((uint8_t)i));
+        w = bytes2word(fe(b), f9(b), fd(b), fb(b));
+
+#if defined( IM1_SET )			/* tables for the inverse mix column operation  */
+        t_set(i,m)[b] = w;
+#endif
+#if defined( IM4_SET )
+        t_set(i,m)[0][b] = w;
+        t_set(i,m)[1][b] = upr(w,1);
+        t_set(i,m)[2][b] = upr(w,2);
+        t_set(i,m)[3][b] = upr(w,3);
+#endif
+
+#if defined( ISB_SET )
+        t_set(i,box)[i] = b;
+#endif
+#if defined( IT1_SET )			/* tables for a normal decryption round */
+        t_set(i,n)[i] = w;
+#endif
+#if defined( IT4_SET )
+        t_set(i,n)[0][i] = w;
+        t_set(i,n)[1][i] = upr(w,1);
+        t_set(i,n)[2][i] = upr(w,2);
+        t_set(i,n)[3][i] = upr(w,3);
+#endif
+        w = bytes2word(b, 0, 0, 0);
+#if defined( IL1_SET )			/* tables for last decryption round */
+        t_set(i,l)[i] = w;
+#endif
+#if defined( IL4_SET )
+        t_set(i,l)[0][i] = w;
+        t_set(i,l)[1][i] = upr(w,1);
+        t_set(i,l)[2][i] = upr(w,2);
+        t_set(i,l)[3][i] = upr(w,3);
+#endif
+    }
+    init = 1;
+    return EXIT_SUCCESS;
+}
+
+/* 
+   Automatic code initialisation (suggested by by Henrik S. Gaßmann)
+   based on code provided by Joe Lowe and placed in the public domain at:
+   http://stackoverflow.com/questions/1113409/attribute-constructor-equivalent-in-vc
+*/
+
+#ifdef _MSC_VER
+
+#pragma section(".CRT$XCU", read)
+
+__declspec(allocate(".CRT$XCU")) void (__cdecl *aes_startup)(void) = aes_init;
+
+#elif defined(__GNUC__)
+
+static void aes_startup(void) __attribute__((constructor));
+
+static void aes_startup(void)
+{
+    aes_init();
+}
+
+#else
+
+#pragma message( "dynamic tables must be initialised manually on your system" )
+
+#endif
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#else /* K5_BUILTIN_AES */
+
+/* Include aestab.h for proper dependency generation, but without defining the
+ * table objects. */
+#undef DO_TABLES
+#include "aestab.h"
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/aestab.h b/krb5-1.21.3/src/lib/crypto/builtin/aes/aestab.h
new file mode 100644
index 00000000..8fe32d18
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/aestab.h
@@ -0,0 +1,173 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 20/12/2007
+
+ This file contains the code for declaring the tables needed to implement
+ AES. The file aesopt.h is assumed to be included before this header file.
+ If there are no global variables, the definitions here can be used to put
+ the AES tables in a structure so that a pointer can then be added to the
+ AES context to pass them to the AES routines that need them.   If this
+ facility is used, the calling program has to ensure that this pointer is
+ managed appropriately.  In particular, the value of the t_dec(in,it) item
+ in the table structure must be set to zero in order to ensure that the
+ tables are initialised. In practice the three code sequences in aeskey.c
+ that control the calls to aes_init() and the aes_init() routine itself will
+ have to be changed for a specific implementation. If global variables are
+ available it will generally be preferable to use them with the precomputed
+ STATIC_TABLES option that uses static global tables.
+
+ The following defines can be used to control the way the tables
+ are defined, initialised and used in embedded environments that
+ require special features for these purposes
+
+    the 't_dec' construction is used to declare fixed table arrays
+    the 't_set' construction is used to set fixed table values
+    the 't_use' construction is used to access fixed table values
+
+    256 byte tables:
+
+        t_xxx(s,box)    => forward S box
+        t_xxx(i,box)    => inverse S box
+
+    256 32-bit word OR 4 x 256 32-bit word tables:
+
+        t_xxx(f,n)      => forward normal round
+        t_xxx(f,l)      => forward last round
+        t_xxx(i,n)      => inverse normal round
+        t_xxx(i,l)      => inverse last round
+        t_xxx(l,s)      => key schedule table
+        t_xxx(i,m)      => key schedule table
+
+    Other variables and tables:
+
+        t_xxx(r,c)      => the rcon table
+*/
+
+#if !defined( _AESTAB_H )
+#define _AESTAB_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#define t_dec(m,n) t_##m##n
+#define t_set(m,n) t_##m##n
+#define t_use(m,n) t_##m##n
+
+#if defined(STATIC_TABLES)
+#  if !defined( __GNUC__ ) && (defined( __MSDOS__ ) || defined( __WIN16__ ))
+/*   make tables far data to avoid using too much DGROUP space (PG) */
+#    define CONST const far
+#  else
+#    define CONST const
+#  endif
+#else
+#  define CONST
+#endif
+
+#if defined(DO_TABLES)
+#  define EXTERN
+#else
+#  define EXTERN extern
+#endif
+
+#if defined(_MSC_VER) && defined(TABLE_ALIGN)
+#define ALIGN __declspec(align(TABLE_ALIGN))
+#else
+#define ALIGN
+#endif
+
+#if defined( __WATCOMC__ ) && ( __WATCOMC__ >= 1100 )
+#  define XP_DIR __cdecl
+#else
+#  define XP_DIR
+#endif
+
+#if defined(DO_TABLES) && defined(STATIC_TABLES)
+#define d_1(t,n,b,e)       EXTERN ALIGN CONST XP_DIR t n[256]    =   b(e)
+#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
+EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
+#else
+#define d_1(t,n,b,e)       EXTERN ALIGN CONST XP_DIR t n[256]
+#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
+EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH];
+#endif
+
+#if defined( SBX_SET )
+    d_1(uint8_t, t_dec(s,box), sb_data, h0);
+#endif
+#if defined( ISB_SET )
+    d_1(uint8_t, t_dec(i,box), isb_data, h0);
+#endif
+
+#if defined( FT1_SET )
+    d_1(uint32_t, t_dec(f,n), sb_data, u0);
+#endif
+#if defined( FT4_SET )
+    d_4(uint32_t, t_dec(f,n), sb_data, u0, u1, u2, u3);
+#endif
+
+#if defined( FL1_SET )
+    d_1(uint32_t, t_dec(f,l), sb_data, w0);
+#endif
+#if defined( FL4_SET )
+    d_4(uint32_t, t_dec(f,l), sb_data, w0, w1, w2, w3);
+#endif
+
+#if defined( IT1_SET )
+    d_1(uint32_t, t_dec(i,n), isb_data, v0);
+#endif
+#if defined( IT4_SET )
+    d_4(uint32_t, t_dec(i,n), isb_data, v0, v1, v2, v3);
+#endif
+
+#if defined( IL1_SET )
+    d_1(uint32_t, t_dec(i,l), isb_data, w0);
+#endif
+#if defined( IL4_SET )
+    d_4(uint32_t, t_dec(i,l), isb_data, w0, w1, w2, w3);
+#endif
+
+#if defined( LS1_SET )
+#if defined( FL1_SET )
+#undef  LS1_SET
+#else
+    d_1(uint32_t, t_dec(l,s), sb_data, w0);
+#endif
+#endif
+
+#if defined( LS4_SET )
+#if defined( FL4_SET )
+#undef  LS4_SET
+#else
+    d_4(uint32_t, t_dec(l,s), sb_data, w0, w1, w2, w3);
+#endif
+#endif
+
+#if defined( IM1_SET )
+    d_1(uint32_t, t_dec(i,m), mm_data, v0);
+#endif
+#if defined( IM4_SET )
+    d_4(uint32_t, t_dec(i,m), mm_data, v0, v1, v2, v3);
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/brg_endian.h b/krb5-1.21.3/src/lib/crypto/builtin/aes/brg_endian.h
new file mode 100644
index 00000000..c0e32b7c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/brg_endian.h
@@ -0,0 +1,144 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 10/09/2018
+*/
+
+#ifndef _BRG_ENDIAN_H
+#define _BRG_ENDIAN_H
+
+#define IS_BIG_ENDIAN      4321 /* byte 0 is most significant (mc68k) */
+#define IS_LITTLE_ENDIAN   1234 /* byte 0 is least significant (i386) */
+
+/* This is needed when using clang with MSVC to avoid including */
+/* endian.h and byteswap.h which are not present on Windows     */
+#if defined( _MSC_VER ) && defined( __clang__ )
+#  undef __GNUC__
+#endif
+
+/* Include files where endian defines and byteswap functions may reside */
+#if defined( __sun )
+#  include <sys/isa_defs.h>
+#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
+#  include <sys/endian.h>
+#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
+      defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
+#  include <machine/endian.h>
+#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
+#  if !defined( __MINGW32__ ) && !defined( _AIX )
+#    include <endian.h>
+#    if !defined( __BEOS__ )
+#      include <byteswap.h>
+#    endif
+#  endif
+#endif
+
+/* Now attempt to set the define for platform byte order using any  */
+/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, ...    */
+/* which seem to encompass most endian symbol definitions           */
+
+#if defined( __ORDER_BIG_ENDIAN__ ) && defined( __ORDER_LITTLE_ENDIAN__ )
+#  if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#  elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#  endif
+#elif defined( __ORDER_BIG_ENDIAN__ )
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#elif defined( __ORDER_LITTLE_ENDIAN__ )
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#endif
+
+#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN )
+#  if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN
+#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#  elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN
+#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#  endif
+#elif defined( BIG_ENDIAN )
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#elif defined( LITTLE_ENDIAN )
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#endif
+
+#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN )
+#  if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN
+#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#  elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN
+#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#  endif
+#elif defined( _BIG_ENDIAN )
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#elif defined( _LITTLE_ENDIAN )
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#endif
+
+#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN )
+#  if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN
+#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#  elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN
+#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#  endif
+#elif defined( __BIG_ENDIAN )
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#elif defined( __LITTLE_ENDIAN )
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#endif
+
+#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ )
+#  if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__
+#    define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#  elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__
+#    define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#  endif
+#elif defined( __BIG_ENDIAN__ )
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#elif defined( __LITTLE_ENDIAN__ )
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#endif
+
+/*  if the platform byte order could not be determined, then try to */
+/*  set this define using common machine defines                    */
+#if !defined(PLATFORM_BYTE_ORDER)
+
+#if   defined( __alpha__ ) || defined( __alpha ) || defined( i386 )       || \
+      defined( __i386__ )  || defined( _M_I86 )  || defined( _M_IX86 )    || \
+      defined( __OS2__ )   || defined( sun386 )  || defined( __TURBOC__ ) || \
+      defined( vax )       || defined( vms )     || defined( VMS )        || \
+      defined( __VMS )     || defined( _M_X64 )
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+
+#elif defined( AMIGA )   || defined( applec )    || defined( __AS400__ )  || \
+      defined( _CRAY )   || defined( __hppa )    || defined( __hp9000 )   || \
+      defined( ibm370 )  || defined( mc68000 )   || defined( m68k )       || \
+      defined( __MRC__ ) || defined( __MVS__ )   || defined( __MWERKS__ ) || \
+      defined( sparc )   || defined( __sparc)    || defined( SYMANTEC_C ) || \
+      defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM )   || \
+      defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+
+#elif 0     /* **** EDIT HERE IF NECESSARY **** */
+#  define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
+#elif 0     /* **** EDIT HERE IF NECESSARY **** */
+#  define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
+#else
+#  error Please edit lines 126 or 128 in brg_endian.h to set the platform byte order
+#endif
+
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/brg_types.h b/krb5-1.21.3/src/lib/crypto/builtin/aes/brg_types.h
new file mode 100644
index 00000000..ce3a1e7b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/brg_types.h
@@ -0,0 +1,217 @@
+/*
+---------------------------------------------------------------------------
+Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+
+The redistribution and use of this software (with or without changes)
+is allowed without the payment of fees or royalties provided that:
+
+  source code distributions include the above copyright notice, this
+  list of conditions and the following disclaimer;
+
+  binary distributions include the above copyright notice, this list
+  of conditions and the following disclaimer in their documentation.
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its operation, including, but not limited to, correctness
+and fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 30/09/2017
+*/
+
+#ifndef _BRG_TYPES_H
+#define _BRG_TYPES_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <limits.h>
+#include <stdint.h>
+
+#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
+#  include <stddef.h>
+#  define ptrint_t intptr_t
+#elif defined( __ECOS__ )
+#  define intptr_t unsigned int
+#  define ptrint_t intptr_t
+#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 ) && !(defined( __HAIKU__ ) || defined( __VxWorks__ ))
+#  define ptrint_t intptr_t
+#else
+#  define ptrint_t int
+#endif
+
+/* define unsigned 8-bit type if not available in stdint.h */
+#if !defined(UINT8_MAX)
+  typedef unsigned char uint8_t;
+#endif
+
+/* define unsigned 16-bit type if not available in stdint.h */
+#if !defined(UINT16_MAX)
+  typedef unsigned short uint16_t;
+#endif
+
+/* define unsigned 32-bit type if not available in stdint.h and define the
+   macro li_32(h) which converts a sequence of eight hexadecimal characters
+   into a 32 bit constant 
+*/
+#if defined(UINT_MAX) && UINT_MAX == 4294967295u
+#  define li_32(h) 0x##h##u
+#  if !defined(UINT32_MAX)
+     typedef unsigned int uint32_t;
+#  endif
+#elif defined(ULONG_MAX) && ULONG_MAX == 4294967295u
+#  define li_32(h) 0x##h##ul
+#  if !defined(UINT32_MAX)
+     typedef unsigned long uint32_t;
+#  endif
+#elif defined( _CRAY )
+#  error This code needs 32-bit data types, which Cray machines do not provide
+#else
+#  error Please define uint32_t as a 32-bit unsigned integer type in brg_types.h
+#endif
+
+/* define unsigned 64-bit type if not available in stdint.h and define the
+   macro li_64(h) which converts a sequence of eight hexadecimal characters
+   into a 64 bit constant 
+*/
+#if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
+#  define li_64(h) 0x##h##ui64
+#  if !defined(UINT64_MAX)
+     typedef unsigned __int64 uint64_t;  
+#  endif
+#elif defined( _MSC_VER ) && ( _MSC_VER < 1300 )    /* 1300 == VC++ 7.0 */
+#  define li_64(h) 0x##h##ui64
+#  if !defined(UINT64_MAX)
+     typedef unsigned __int64 uint64_t;
+#  endif
+#elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful
+#  define li_64(h) 0x##h##ull
+#  if !defined(UINT64_MAX)
+     typedef unsigned long long uint64_t;
+#  endif
+#elif defined( __MVS__ )
+#  define li_64(h) 0x##h##ull
+#  if !defined(UINT64_MAX)
+     typedef unsigned long long uint64_t;
+#  endif
+#elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
+#  if UINT_MAX == 18446744073709551615u
+#    define li_64(h) 0x##h##u
+#    if !defined(UINT64_MAX)
+       typedef unsigned int uint64_t;
+#    endif
+#  endif
+#elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
+#  if ULONG_MAX == 18446744073709551615ul
+#    define li_64(h) 0x##h##ul
+#    if !defined(UINT64_MAX) && !defined(_UINT64_T)
+       typedef unsigned long uint64_t;
+#    endif
+#  endif
+#elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
+#  if ULLONG_MAX == 18446744073709551615ull
+#    define li_64(h) 0x##h##ull
+#    if !defined(UINT64_MAX) && !defined( __HAIKU__ )
+       typedef unsigned long long uint64_t;
+#    endif
+#  endif
+#elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
+#  if ULONG_LONG_MAX == 18446744073709551615ull
+#    define li_64(h) 0x##h##ull
+#    if !defined(UINT64_MAX)
+       typedef unsigned long long uint64_t;
+#    endif
+#  endif
+#endif
+
+#if !defined( li_64 )
+#  if defined( NEED_UINT_64T )
+#    error Please define uint64_t as an unsigned 64 bit type in brg_types.h
+#  endif
+#endif
+
+#ifndef RETURN_VALUES
+#  define RETURN_VALUES
+#  if defined( DLL_EXPORT )
+#    if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
+#      define VOID_RETURN    __declspec( dllexport ) void __stdcall
+#      define INT_RETURN     __declspec( dllexport ) int  __stdcall
+#    elif defined( __GNUC__ )
+#      define VOID_RETURN    __declspec( __dllexport__ ) void
+#      define INT_RETURN     __declspec( __dllexport__ ) int
+#    else
+#      error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
+#    endif
+#  elif defined( DLL_IMPORT )
+#    if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
+#      define VOID_RETURN    __declspec( dllimport ) void __stdcall
+#      define INT_RETURN     __declspec( dllimport ) int  __stdcall
+#    elif defined( __GNUC__ )
+#      define VOID_RETURN    __declspec( __dllimport__ ) void
+#      define INT_RETURN     __declspec( __dllimport__ ) int
+#    else
+#      error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
+#    endif
+#  elif defined( __WATCOMC__ )
+#    define VOID_RETURN  void __cdecl
+#    define INT_RETURN   int  __cdecl
+#  else
+#    define VOID_RETURN  void
+#    define INT_RETURN   int
+#  endif
+#endif
+
+/*	These defines are used to detect and set the memory alignment of pointers.
+    Note that offsets are in bytes.
+
+    ALIGN_OFFSET(x,n)			return the positive or zero offset of 
+                                the memory addressed by the pointer 'x' 
+                                from an address that is aligned on an 
+                                'n' byte boundary ('n' is a power of 2)
+
+    ALIGN_FLOOR(x,n)			return a pointer that points to memory
+                                that is aligned on an 'n' byte boundary 
+                                and is not higher than the memory address
+                                pointed to by 'x' ('n' is a power of 2)
+
+    ALIGN_CEIL(x,n)				return a pointer that points to memory
+                                that is aligned on an 'n' byte boundary 
+                                and is not lower than the memory address
+                                pointed to by 'x' ('n' is a power of 2)
+*/
+
+#define ALIGN_OFFSET(x,n)	(((ptrint_t)(x)) & ((n) - 1))
+#define ALIGN_FLOOR(x,n)	((uint8_t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1)))
+#define ALIGN_CEIL(x,n)		((uint8_t*)(x) + (-((ptrint_t)(x)) & ((n) - 1)))
+
+/*  These defines are used to declare buffers in a way that allows
+    faster operations on longer variables to be used.  In all these
+    defines 'size' must be a power of 2 and >= 8. NOTE that the 
+    buffer size is in bytes but the type length is in bits
+
+    UNIT_TYPEDEF(x,size)        declares a variable 'x' of length 
+                                'size' bits
+
+    BUFR_TYPEDEF(x,size,bsize)  declares a buffer 'x' of length 'bsize' 
+                                bytes defined as an array of variables
+                                each of 'size' bits (bsize must be a 
+                                multiple of size / 8)
+
+    UNIT_CAST(x,size)           casts a variable to a type of 
+                                length 'size' bits
+
+    UPTR_CAST(x,size)           casts a pointer to a pointer to a 
+                                variable of length 'size' bits
+*/
+
+#define UI_TYPE(size)               uint##size##_t
+#define UNIT_TYPEDEF(x,size)        typedef UI_TYPE(size) x
+#define BUFR_TYPEDEF(x,size,bsize)  typedef UI_TYPE(size) x[bsize / (size >> 3)]
+#define UNIT_CAST(x,size)           ((UI_TYPE(size) )(x))  
+#define UPTR_CAST(x,size)           ((UI_TYPE(size)*)(x))
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/deps b/krb5-1.21.3/src/lib/crypto/builtin/aes/deps
new file mode 100644
index 00000000..8574622a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/deps
@@ -0,0 +1,37 @@
+#
+# Generated makefile dependencies follow.
+#
+aescrypt.so aescrypt.po $(OUTPRE)aescrypt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h aes.h aescrypt.c \
+  aesopt.h aestab.h brg_endian.h brg_types.h
+aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aes.h aesopt.h aestab.c aestab.h brg_endian.h brg_types.h
+aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aes.h aeskey.c aesopt.h aestab.h brg_endian.h brg_types.h
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/iaesx64.s b/krb5-1.21.3/src/lib/crypto/builtin/aes/iaesx64.s
new file mode 100644
index 00000000..bc7210ab
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/iaesx64.s
@@ -0,0 +1,799 @@
+[bits 64]
+[CPU intelnop]
+
+; Copyright (c) 2010, Intel Corporation
+; All rights reserved.
+;
+; Redistribution and use in source and binary forms, with or without
+; modification, are permitted provided that the following conditions are met:
+;
+;     * Redistributions of source code must retain the above copyright notice,
+;       this list of conditions and the following disclaimer.
+;     * Redistributions in binary form must reproduce the above copyright notice,
+;       this list of conditions and the following disclaimer in the documentation
+;       and/or other materials provided with the distribution.
+;     * Neither the name of Intel Corporation nor the names of its contributors
+;       may be used to endorse or promote products derived from this software
+;       without specific prior written permission.
+;
+; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+; ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+; WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+; IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+; INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+; BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+; DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+; OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+%define iEncExpandKey128 k5_iEncExpandKey128
+%define iEncExpandKey256 k5_iEncExpandKey256
+%define iDecExpandKey128 k5_iDecExpandKey128
+%define iDecExpandKey256 k5_iDecExpandKey256
+%define iEnc128_CBC      k5_iEnc128_CBC
+%define iEnc256_CBC      k5_iEnc256_CBC
+%define iDec128_CBC      k5_iDec128_CBC
+%define iDec256_CBC      k5_iDec256_CBC
+
+%macro linux_setup 0
+%ifdef __linux__
+	mov rcx, rdi
+	mov rdx, rsi
+%endif
+%endmacro
+
+%macro inversekey 1
+	movdqu  xmm1,%1
+	aesimc	xmm0,xmm1
+	movdqu	%1,xmm0
+%endmacro
+
+%macro aesdeclast1 1
+	aesdeclast	xmm0,%1
+%endmacro
+
+%macro aesenclast1 1
+	aesenclast	xmm0,%1
+%endmacro
+
+%macro aesdec1 1
+	aesdec	xmm0,%1
+%endmacro
+
+%macro aesenc1 1
+	aesenc	xmm0,%1
+%endmacro
+
+
+%macro aesdeclast1_u 1
+	movdqu xmm4,%1
+	aesdeclast	xmm0,xmm4
+%endmacro
+
+%macro aesenclast1_u 1
+	movdqu xmm4,%1
+	aesenclast	xmm0,xmm4
+%endmacro
+
+%macro aesdec1_u 1
+	movdqu xmm4,%1
+	aesdec	xmm0,xmm4
+%endmacro
+
+%macro aesenc1_u 1
+	movdqu xmm4,%1
+	aesenc	xmm0,xmm4
+%endmacro
+
+%macro aesdec4 1
+	movdqa	xmm4,%1
+
+	aesdec	xmm0,xmm4
+	aesdec	xmm1,xmm4
+	aesdec	xmm2,xmm4
+	aesdec	xmm3,xmm4
+
+%endmacro
+
+%macro aesdeclast4 1
+	movdqa	xmm4,%1
+
+	aesdeclast	xmm0,xmm4
+	aesdeclast	xmm1,xmm4
+	aesdeclast	xmm2,xmm4
+	aesdeclast	xmm3,xmm4
+
+%endmacro
+
+
+%macro aesenc4 1
+	movdqa	xmm4,%1
+
+	aesenc	xmm0,xmm4
+	aesenc	xmm1,xmm4
+	aesenc	xmm2,xmm4
+	aesenc	xmm3,xmm4
+
+%endmacro
+
+%macro aesenclast4 1
+	movdqa	xmm4,%1
+
+	aesenclast	xmm0,xmm4
+	aesenclast	xmm1,xmm4
+	aesenclast	xmm2,xmm4
+	aesenclast	xmm3,xmm4
+
+%endmacro
+
+
+%macro xor_with_input4 1
+	movdqu xmm4,[%1]
+	pxor xmm0,xmm4
+	movdqu xmm4,[%1+16]
+	pxor xmm1,xmm4
+	movdqu xmm4,[%1+32]
+	pxor xmm2,xmm4
+	movdqu xmm4,[%1+48]
+	pxor xmm3,xmm4
+%endmacro
+
+
+
+%macro load_and_xor4 2
+	movdqa	xmm4,%2
+	movdqu	xmm0,[%1 + 0*16]
+	pxor	xmm0,xmm4
+	movdqu	xmm1,[%1 + 1*16]
+	pxor	xmm1,xmm4
+	movdqu	xmm2,[%1 + 2*16]
+	pxor	xmm2,xmm4
+	movdqu	xmm3,[%1 + 3*16]
+	pxor	xmm3,xmm4
+%endmacro
+
+%macro store4 1
+	movdqu [%1 + 0*16],xmm0
+	movdqu [%1 + 1*16],xmm1
+	movdqu [%1 + 2*16],xmm2
+	movdqu [%1 + 3*16],xmm3
+%endmacro
+
+%macro copy_round_keys 3
+	movdqu xmm4,[%2 + ((%3)*16)]
+	movdqa [%1 + ((%3)*16)],xmm4
+%endmacro
+
+
+%macro key_expansion_1_192 1
+		;; Assumes the xmm3 includes all zeros at this point.
+        pshufd xmm2, xmm2, 11111111b
+        shufps xmm3, xmm1, 00010000b
+        pxor xmm1, xmm3
+        shufps xmm3, xmm1, 10001100b
+        pxor xmm1, xmm3
+		pxor xmm1, xmm2
+		movdqu [rdx+%1], xmm1
+%endmacro
+
+; Calculate w10 and w11 using calculated w9 and known w4-w5
+%macro key_expansion_2_192 1
+		movdqa xmm5, xmm4
+		pslldq xmm5, 4
+		shufps xmm6, xmm1, 11110000b
+		pxor xmm6, xmm5
+		pxor xmm4, xmm6
+		pshufd xmm7, xmm4, 00001110b
+		movdqu [rdx+%1], xmm7
+%endmacro
+
+
+section .rodata
+align 16
+shuffle_mask:
+DD 0FFFFFFFFh
+DD 03020100h
+DD 07060504h
+DD 0B0A0908h
+
+
+
+section .text
+
+align 16
+key_expansion256:
+
+    pshufd xmm2, xmm2, 011111111b
+
+    movdqa xmm4, xmm1
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pxor xmm1, xmm2
+
+    movdqu [rdx], xmm1
+    add rdx, 0x10
+
+    aeskeygenassist xmm4, xmm1, 0
+    pshufd xmm2, xmm4, 010101010b
+
+    movdqa xmm4, xmm3
+    pshufb xmm4, xmm5
+    pxor xmm3, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm3, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm3, xmm4
+    pxor xmm3, xmm2
+
+    movdqu [rdx], xmm3
+    add rdx, 0x10
+
+    ret
+
+
+
+align 16
+key_expansion128:
+    pshufd xmm2, xmm2, 0xFF;
+    movdqa xmm3, xmm1
+    pshufb xmm3, xmm5
+    pxor xmm1, xmm3
+    pshufb xmm3, xmm5
+    pxor xmm1, xmm3
+    pshufb xmm3, xmm5
+    pxor xmm1, xmm3
+    pxor xmm1, xmm2
+
+    ; storing the result in the key schedule array
+    movdqu [rdx], xmm1
+    add rdx, 0x10
+    ret
+
+
+
+
+
+
+align 16
+global iEncExpandKey128
+iEncExpandKey128:
+
+		linux_setup
+
+        movdqu xmm1, [rcx]    ; loading the key
+
+        movdqu [rdx], xmm1
+
+        movdqa xmm5, [shuffle_mask wrt rip]
+
+        add rdx,16
+
+        aeskeygenassist xmm2, xmm1, 0x1     ; Generating round key 1
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x2     ; Generating round key 2
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x4     ; Generating round key 3
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x8     ; Generating round key 4
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x10    ; Generating round key 5
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x20    ; Generating round key 6
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x40    ; Generating round key 7
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x80    ; Generating round key 8
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x1b    ; Generating round key 9
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x36    ; Generating round key 10
+        call key_expansion128
+
+		ret
+
+
+
+align 16
+global iDecExpandKey128
+iDecExpandKey128:
+
+	linux_setup
+	push rcx
+	push rdx
+	sub rsp,16+8
+
+	call iEncExpandKey128
+
+	add rsp,16+8
+	pop rdx
+	pop rcx
+
+	inversekey [rdx + 1*16]
+	inversekey [rdx + 2*16]
+	inversekey [rdx + 3*16]
+	inversekey [rdx + 4*16]
+	inversekey [rdx + 5*16]
+	inversekey [rdx + 6*16]
+	inversekey [rdx + 7*16]
+	inversekey [rdx + 8*16]
+	inversekey [rdx + 9*16]
+
+	ret
+
+
+
+align 16
+global iDecExpandKey256
+iDecExpandKey256:
+
+	linux_setup
+	push rcx
+	push rdx
+	sub rsp,16+8
+
+	call iEncExpandKey256
+
+	add rsp,16+8
+	pop rdx
+	pop rcx
+
+	inversekey [rdx + 1*16]
+	inversekey [rdx + 2*16]
+	inversekey [rdx + 3*16]
+	inversekey [rdx + 4*16]
+	inversekey [rdx + 5*16]
+	inversekey [rdx + 6*16]
+	inversekey [rdx + 7*16]
+	inversekey [rdx + 8*16]
+	inversekey [rdx + 9*16]
+	inversekey [rdx + 10*16]
+	inversekey [rdx + 11*16]
+	inversekey [rdx + 12*16]
+	inversekey [rdx + 13*16]
+
+	ret
+
+
+
+
+align 16
+global iEncExpandKey256
+iEncExpandKey256:
+
+	linux_setup
+
+    movdqu xmm1, [rcx]    ; loading the key
+    movdqu xmm3, [rcx+16]
+    movdqu [rdx], xmm1  ; Storing key in memory where all key schedule will be stored
+    movdqu [rdx+16], xmm3
+
+    add rdx,32
+
+    movdqa xmm5, [shuffle_mask wrt rip]  ; this mask is used by key_expansion
+
+    aeskeygenassist xmm2, xmm3, 0x1     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x2     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x4     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x8     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x10    ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x20    ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x40    ;
+;    call key_expansion256
+
+    pshufd xmm2, xmm2, 011111111b
+
+    movdqa xmm4, xmm1
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pxor xmm1, xmm2
+
+    movdqu [rdx], xmm1
+
+
+	ret
+
+
+
+align 16
+global iDec128_CBC
+iDec128_CBC:
+
+	linux_setup
+	sub rsp,16*16+8
+
+	mov r9,rcx
+	mov rax,[rcx+24]
+	movdqu	xmm5,[rax]
+
+	mov eax,[rcx+32] ; numblocks
+	mov rdx,[rcx]
+	mov r8,[rcx+8]
+	mov rcx,[rcx+16]
+
+
+	sub r8,rdx
+
+
+	test eax,eax
+	jz end_dec128_CBC
+
+	cmp eax,4
+	jl	lp128decsingle_CBC
+
+	test	rcx,0xf
+	jz		lp128decfour_CBC
+
+	copy_round_keys rsp,rcx,0
+	copy_round_keys rsp,rcx,1
+	copy_round_keys rsp,rcx,2
+	copy_round_keys rsp,rcx,3
+	copy_round_keys rsp,rcx,4
+	copy_round_keys rsp,rcx,5
+	copy_round_keys rsp,rcx,6
+	copy_round_keys rsp,rcx,7
+	copy_round_keys rsp,rcx,8
+	copy_round_keys rsp,rcx,9
+	copy_round_keys rsp,rcx,10
+	mov rcx,rsp
+
+
+align 16
+lp128decfour_CBC:
+
+	test eax,eax
+	jz end_dec128_CBC
+
+	cmp eax,4
+	jl	lp128decsingle_CBC
+
+	load_and_xor4 rdx, [rcx+10*16]
+	add rdx,16*4
+	aesdec4 [rcx+9*16]
+	aesdec4 [rcx+8*16]
+	aesdec4 [rcx+7*16]
+	aesdec4 [rcx+6*16]
+	aesdec4 [rcx+5*16]
+	aesdec4 [rcx+4*16]
+	aesdec4 [rcx+3*16]
+	aesdec4 [rcx+2*16]
+	aesdec4 [rcx+1*16]
+	aesdeclast4 [rcx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqu	xmm4,[rdx - 16*4 + 0*16]
+	pxor	xmm1,xmm4
+	movdqu	xmm4,[rdx - 16*4 + 1*16]
+	pxor	xmm2,xmm4
+	movdqu	xmm4,[rdx - 16*4 + 2*16]
+	pxor	xmm3,xmm4
+	movdqu	xmm5,[rdx - 16*4 + 3*16]
+
+	sub eax,4
+	store4 r8+rdx-(16*4)
+	jmp lp128decfour_CBC
+
+
+	align 16
+lp128decsingle_CBC:
+
+	movdqu xmm0, [rdx]
+	movdqa	xmm1,xmm0
+	movdqu xmm4,[rcx+10*16]
+	pxor xmm0, xmm4
+	aesdec1_u [rcx+9*16]
+	aesdec1_u [rcx+8*16]
+	aesdec1_u [rcx+7*16]
+	aesdec1_u [rcx+6*16]
+	aesdec1_u [rcx+5*16]
+	aesdec1_u [rcx+4*16]
+	aesdec1_u [rcx+3*16]
+	aesdec1_u [rcx+2*16]
+	aesdec1_u [rcx+1*16]
+	aesdeclast1_u [rcx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqa	xmm5,xmm1
+	add rdx, 16
+	movdqu  [r8 + rdx - 16], xmm0
+	dec eax
+	jnz lp128decsingle_CBC
+
+end_dec128_CBC:
+
+	mov	   r9,[r9+24]
+	movdqu [r9],xmm5
+	add rsp,16*16+8
+	ret
+
+
+
+align 16
+global iDec256_CBC
+iDec256_CBC:
+
+	linux_setup
+	sub rsp,16*16+8
+
+	mov r9,rcx
+	mov rax,[rcx+24]
+	movdqu	xmm5,[rax]
+
+	mov eax,[rcx+32] ; numblocks
+	mov rdx,[rcx]
+	mov r8,[rcx+8]
+	mov rcx,[rcx+16]
+
+
+	sub r8,rdx
+
+	test eax,eax
+	jz end_dec256_CBC
+
+	cmp eax,4
+	jl	lp256decsingle_CBC
+
+	test	rcx,0xf
+	jz		lp256decfour_CBC
+
+	copy_round_keys rsp,rcx,0
+	copy_round_keys rsp,rcx,1
+	copy_round_keys rsp,rcx,2
+	copy_round_keys rsp,rcx,3
+	copy_round_keys rsp,rcx,4
+	copy_round_keys rsp,rcx,5
+	copy_round_keys rsp,rcx,6
+	copy_round_keys rsp,rcx,7
+	copy_round_keys rsp,rcx,8
+	copy_round_keys rsp,rcx,9
+	copy_round_keys rsp,rcx,10
+	copy_round_keys rsp,rcx,11
+	copy_round_keys rsp,rcx,12
+	copy_round_keys rsp,rcx,13
+	copy_round_keys rsp,rcx,14
+	mov rcx,rsp
+
+align 16
+lp256decfour_CBC:
+
+	test eax,eax
+	jz end_dec256_CBC
+
+	cmp eax,4
+	jl	lp256decsingle_CBC
+
+	load_and_xor4 rdx, [rcx+14*16]
+	add rdx,16*4
+	aesdec4 [rcx+13*16]
+	aesdec4 [rcx+12*16]
+	aesdec4 [rcx+11*16]
+	aesdec4 [rcx+10*16]
+	aesdec4 [rcx+9*16]
+	aesdec4 [rcx+8*16]
+	aesdec4 [rcx+7*16]
+	aesdec4 [rcx+6*16]
+	aesdec4 [rcx+5*16]
+	aesdec4 [rcx+4*16]
+	aesdec4 [rcx+3*16]
+	aesdec4 [rcx+2*16]
+	aesdec4 [rcx+1*16]
+	aesdeclast4 [rcx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqu	xmm4,[rdx - 16*4 + 0*16]
+	pxor	xmm1,xmm4
+	movdqu	xmm4,[rdx - 16*4 + 1*16]
+	pxor	xmm2,xmm4
+	movdqu	xmm4,[rdx - 16*4 + 2*16]
+	pxor	xmm3,xmm4
+	movdqu	xmm5,[rdx - 16*4 + 3*16]
+
+	sub eax,4
+	store4 r8+rdx-(16*4)
+	jmp lp256decfour_CBC
+
+
+	align 16
+lp256decsingle_CBC:
+
+	movdqu xmm0, [rdx]
+	movdqu xmm4,[rcx+14*16]
+	movdqa	xmm1,xmm0
+	pxor xmm0, xmm4
+	aesdec1_u [rcx+13*16]
+	aesdec1_u [rcx+12*16]
+	aesdec1_u [rcx+11*16]
+	aesdec1_u [rcx+10*16]
+	aesdec1_u [rcx+9*16]
+	aesdec1_u [rcx+8*16]
+	aesdec1_u [rcx+7*16]
+	aesdec1_u [rcx+6*16]
+	aesdec1_u [rcx+5*16]
+	aesdec1_u [rcx+4*16]
+	aesdec1_u [rcx+3*16]
+	aesdec1_u [rcx+2*16]
+	aesdec1_u [rcx+1*16]
+	aesdeclast1_u [rcx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqa	xmm5,xmm1
+	add rdx, 16
+	movdqu  [r8 + rdx - 16], xmm0
+	dec eax
+	jnz lp256decsingle_CBC
+
+end_dec256_CBC:
+
+	mov	   r9,[r9+24]
+	movdqu [r9],xmm5
+	add rsp,16*16+8
+	ret
+
+
+
+align 16
+global iEnc128_CBC
+iEnc128_CBC:
+
+	linux_setup
+	sub rsp,16*16+8
+
+	mov r9,rcx
+	mov rax,[rcx+24]
+	movdqu xmm1,[rax]
+
+	mov eax,[rcx+32] ; numblocks
+	mov rdx,[rcx]
+	mov r8,[rcx+8]
+	mov rcx,[rcx+16]
+
+	sub r8,rdx
+
+
+	test	rcx,0xf
+	jz		lp128encsingle_CBC
+
+	copy_round_keys rsp,rcx,0
+	copy_round_keys rsp,rcx,1
+	copy_round_keys rsp,rcx,2
+	copy_round_keys rsp,rcx,3
+	copy_round_keys rsp,rcx,4
+	copy_round_keys rsp,rcx,5
+	copy_round_keys rsp,rcx,6
+	copy_round_keys rsp,rcx,7
+	copy_round_keys rsp,rcx,8
+	copy_round_keys rsp,rcx,9
+	copy_round_keys rsp,rcx,10
+	mov rcx,rsp
+
+
+	align 16
+
+lp128encsingle_CBC:
+
+	movdqu xmm0, [rdx]
+	movdqu xmm4,[rcx+0*16]
+	add rdx, 16
+	pxor xmm0, xmm1
+	pxor xmm0, xmm4
+	aesenc1 [rcx+1*16]
+	aesenc1 [rcx+2*16]
+	aesenc1 [rcx+3*16]
+	aesenc1 [rcx+4*16]
+	aesenc1 [rcx+5*16]
+	aesenc1 [rcx+6*16]
+	aesenc1 [rcx+7*16]
+	aesenc1 [rcx+8*16]
+	aesenc1 [rcx+9*16]
+	aesenclast1 [rcx+10*16]
+	movdqa xmm1,xmm0
+
+		; Store output encrypted data into CIPHERTEXT array
+	movdqu  [r8+rdx-16], xmm0
+	dec eax
+	jnz lp128encsingle_CBC
+
+	mov	   r9,[r9+24]
+	movdqu [r9],xmm1
+	add rsp,16*16+8
+	ret
+
+
+
+align 16
+global iEnc256_CBC
+iEnc256_CBC:
+
+	linux_setup
+	sub rsp,16*16+8
+
+	mov r9,rcx
+	mov rax,[rcx+24]
+	movdqu xmm1,[rax]
+
+	mov eax,[rcx+32] ; numblocks
+	mov rdx,[rcx]
+	mov r8,[rcx+8]
+	mov rcx,[rcx+16]
+
+	sub r8,rdx
+
+	test	rcx,0xf
+	jz		lp256encsingle_CBC
+
+	copy_round_keys rsp,rcx,0
+	copy_round_keys rsp,rcx,1
+	copy_round_keys rsp,rcx,2
+	copy_round_keys rsp,rcx,3
+	copy_round_keys rsp,rcx,4
+	copy_round_keys rsp,rcx,5
+	copy_round_keys rsp,rcx,6
+	copy_round_keys rsp,rcx,7
+	copy_round_keys rsp,rcx,8
+	copy_round_keys rsp,rcx,9
+	copy_round_keys rsp,rcx,10
+	copy_round_keys rsp,rcx,11
+	copy_round_keys rsp,rcx,12
+	copy_round_keys rsp,rcx,13
+	copy_round_keys rsp,rcx,14
+	mov rcx,rsp
+
+	align 16
+
+lp256encsingle_CBC:
+
+	movdqu xmm0, [rdx]
+	movdqu xmm4, [rcx+0*16]
+	add rdx, 16
+	pxor xmm0, xmm1
+	pxor xmm0, xmm4
+	aesenc1 [rcx+1*16]
+	aesenc1 [rcx+2*16]
+	aesenc1 [rcx+3*16]
+	aesenc1 [rcx+4*16]
+	aesenc1 [rcx+5*16]
+	aesenc1 [rcx+6*16]
+	aesenc1 [rcx+7*16]
+	aesenc1 [rcx+8*16]
+	aesenc1 [rcx+9*16]
+	aesenc1 [rcx+10*16]
+	aesenc1 [rcx+11*16]
+	aesenc1 [rcx+12*16]
+	aesenc1 [rcx+13*16]
+	aesenclast1 [rcx+14*16]
+	movdqa xmm1,xmm0
+
+		; Store output encrypted data into CIPHERTEXT array
+	movdqu  [r8+rdx-16], xmm0
+	dec eax
+	jnz lp256encsingle_CBC
+
+	mov	   r9,[r9+24]
+	movdqu [r9],xmm1
+	add rsp,16*16+8
+	ret
+
+; Mark this file as not needing an executable stack.
+%ifidn __OUTPUT_FORMAT__,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf32
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf64
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/iaesx86.s b/krb5-1.21.3/src/lib/crypto/builtin/aes/iaesx86.s
new file mode 100644
index 00000000..945942c0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/iaesx86.s
@@ -0,0 +1,842 @@
+[bits 32]
+[CPU intelnop]
+
+; Copyright (c) 2010, Intel Corporation
+; All rights reserved.
+;
+; Redistribution and use in source and binary forms, with or without
+; modification, are permitted provided that the following conditions are met:
+;
+;     * Redistributions of source code must retain the above copyright notice,
+;       this list of conditions and the following disclaimer.
+;     * Redistributions in binary form must reproduce the above copyright notice,
+;       this list of conditions and the following disclaimer in the documentation
+;       and/or other materials provided with the distribution.
+;     * Neither the name of Intel Corporation nor the names of its contributors
+;       may be used to endorse or promote products derived from this software
+;       without specific prior written permission.
+;
+; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+; ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+; WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+; IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+; INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+; BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+; DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+; OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+; ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+%define _iEncExpandKey128 k5_iEncExpandKey128
+%define _iEncExpandKey256 k5_iEncExpandKey256
+%define _iDecExpandKey128 k5_iDecExpandKey128
+%define _iDecExpandKey256 k5_iDecExpandKey256
+%define _iEnc128_CBC      k5_iEnc128_CBC
+%define _iEnc256_CBC      k5_iEnc256_CBC
+%define _iDec128_CBC      k5_iDec128_CBC
+%define _iDec256_CBC      k5_iDec256_CBC
+
+%macro inversekey 1
+	movdqu  xmm1,%1
+	aesimc	xmm0,xmm1
+	movdqu	%1,xmm0
+%endmacro
+
+
+%macro aesdec4 1
+	movdqa	xmm4,%1
+
+	aesdec	xmm0,xmm4
+	aesdec	xmm1,xmm4
+	aesdec	xmm2,xmm4
+	aesdec	xmm3,xmm4
+
+%endmacro
+
+
+%macro aesdeclast4 1
+	movdqa	xmm4,%1
+
+	aesdeclast	xmm0,xmm4
+	aesdeclast	xmm1,xmm4
+	aesdeclast	xmm2,xmm4
+	aesdeclast	xmm3,xmm4
+
+%endmacro
+
+
+%macro aesenc4 1
+	movdqa	xmm4,%1
+
+	aesenc	xmm0,xmm4
+	aesenc	xmm1,xmm4
+	aesenc	xmm2,xmm4
+	aesenc	xmm3,xmm4
+
+%endmacro
+
+%macro aesenclast4 1
+	movdqa	xmm4,%1
+
+	aesenclast	xmm0,xmm4
+	aesenclast	xmm1,xmm4
+	aesenclast	xmm2,xmm4
+	aesenclast	xmm3,xmm4
+
+%endmacro
+
+
+%macro aesdeclast1 1
+	aesdeclast	xmm0,%1
+%endmacro
+
+%macro aesenclast1 1
+	aesenclast	xmm0,%1
+%endmacro
+
+%macro aesdec1 1
+	aesdec	xmm0,%1
+%endmacro
+
+;abab
+%macro aesenc1 1
+	aesenc	xmm0,%1
+%endmacro
+
+
+%macro aesdeclast1_u 1
+	movdqu xmm4,%1
+	aesdeclast	xmm0,xmm4
+%endmacro
+
+%macro aesenclast1_u 1
+	movdqu xmm4,%1
+	aesenclast	xmm0,xmm4
+%endmacro
+
+%macro aesdec1_u 1
+	movdqu xmm4,%1
+	aesdec	xmm0,xmm4
+%endmacro
+
+%macro aesenc1_u 1
+	movdqu xmm4,%1
+	aesenc	xmm0,xmm4
+%endmacro
+
+
+%macro load_and_xor4 2
+	movdqa	xmm4,%2
+	movdqu	xmm0,[%1 + 0*16]
+	pxor	xmm0,xmm4
+	movdqu	xmm1,[%1 + 1*16]
+	pxor	xmm1,xmm4
+	movdqu	xmm2,[%1 + 2*16]
+	pxor	xmm2,xmm4
+	movdqu	xmm3,[%1 + 3*16]
+	pxor	xmm3,xmm4
+%endmacro
+
+
+%macro xor_with_input4 1
+	movdqu xmm4,[%1]
+	pxor xmm0,xmm4
+	movdqu xmm4,[%1+16]
+	pxor xmm1,xmm4
+	movdqu xmm4,[%1+32]
+	pxor xmm2,xmm4
+	movdqu xmm4,[%1+48]
+	pxor xmm3,xmm4
+%endmacro
+
+%macro store4 1
+	movdqu [%1 + 0*16],xmm0
+	movdqu [%1 + 1*16],xmm1
+	movdqu [%1 + 2*16],xmm2
+	movdqu [%1 + 3*16],xmm3
+%endmacro
+
+
+%macro copy_round_keys 3
+	movdqu xmm4,[%2 + ((%3)*16)]
+	movdqa [%1 + ((%3)*16)],xmm4
+%endmacro
+
+;abab
+%macro copy_round_keyx 3
+	movdqu xmm4,[%2 + ((%3)*16)]
+	movdqa %1,xmm4
+%endmacro
+
+
+
+%macro key_expansion_1_192 1
+		;; Assumes the xmm3 includes all zeros at this point.
+        pshufd xmm2, xmm2, 11111111b
+        shufps xmm3, xmm1, 00010000b
+        pxor xmm1, xmm3
+        shufps xmm3, xmm1, 10001100b
+        pxor xmm1, xmm3
+		pxor xmm1, xmm2
+		movdqu [edx+%1], xmm1
+%endmacro
+
+; Calculate w10 and w11 using calculated w9 and known w4-w5
+%macro key_expansion_2_192 1
+		movdqa xmm5, xmm4
+		pslldq xmm5, 4
+		shufps xmm6, xmm1, 11110000b
+		pxor xmm6, xmm5
+		pxor xmm4, xmm6
+		pshufd xmm7, xmm4, 00001110b
+		movdqu [edx+%1], xmm7
+%endmacro
+
+
+
+
+
+section .rodata
+align 16
+shuffle_mask:
+DD 0FFFFFFFFh
+DD 03020100h
+DD 07060504h
+DD 0B0A0908h
+
+
+section .text
+
+
+
+align 16
+key_expansion256:
+
+    pshufd xmm2, xmm2, 011111111b
+
+    movdqu xmm4, xmm1
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pxor xmm1, xmm2
+
+    movdqu [edx], xmm1
+    add edx, 0x10
+
+    aeskeygenassist xmm4, xmm1, 0
+    pshufd xmm2, xmm4, 010101010b
+
+    movdqu xmm4, xmm3
+    pshufb xmm4, xmm5
+    pxor xmm3, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm3, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm3, xmm4
+    pxor xmm3, xmm2
+
+    movdqu [edx], xmm3
+    add edx, 0x10
+
+    ret
+
+
+
+align 16
+key_expansion128:
+    pshufd xmm2, xmm2, 0xFF;
+    movdqu xmm3, xmm1
+    pshufb xmm3, xmm5
+    pxor xmm1, xmm3
+    pshufb xmm3, xmm5
+    pxor xmm1, xmm3
+    pshufb xmm3, xmm5
+    pxor xmm1, xmm3
+    pxor xmm1, xmm2
+
+    ; storing the result in the key schedule array
+    movdqu [edx], xmm1
+    add edx, 0x10
+    ret
+
+
+
+align 16
+global _iEncExpandKey128
+_iEncExpandKey128:
+
+	mov ecx,[esp-4+8]		;input
+	mov edx,[esp-4+12]		;ctx
+
+        movdqu xmm1, [ecx]    ; loading the key
+
+        movdqu [edx], xmm1
+
+        call .next
+.next:
+        pop ecx
+        movdqa xmm5, [ecx-.next+shuffle_mask]
+
+        add edx,16
+
+        aeskeygenassist xmm2, xmm1, 0x1     ; Generating round key 1
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x2     ; Generating round key 2
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x4     ; Generating round key 3
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x8     ; Generating round key 4
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x10    ; Generating round key 5
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x20    ; Generating round key 6
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x40    ; Generating round key 7
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x80    ; Generating round key 8
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x1b    ; Generating round key 9
+        call key_expansion128
+        aeskeygenassist xmm2, xmm1, 0x36    ; Generating round key 10
+        call key_expansion128
+
+	ret
+
+
+
+align 16
+global _iDecExpandKey128
+_iDecExpandKey128:
+	push DWORD [esp+8]
+	push DWORD [esp+8]
+
+	call _iEncExpandKey128
+	add esp,8
+
+	mov edx,[esp-4+12]		;ctx
+
+	inversekey	[edx + 1*16]
+	inversekey	[edx + 2*16]
+	inversekey	[edx + 3*16]
+	inversekey	[edx + 4*16]
+	inversekey	[edx + 5*16]
+	inversekey	[edx + 6*16]
+	inversekey	[edx + 7*16]
+	inversekey	[edx + 8*16]
+	inversekey	[edx + 9*16]
+
+	ret
+
+
+
+align 16
+global _iDecExpandKey256
+_iDecExpandKey256:
+	push DWORD [esp+8]
+	push DWORD [esp+8]
+
+	call _iEncExpandKey256
+	add esp, 8
+
+	mov edx, [esp-4+12]		;expanded key
+
+	inversekey	[edx + 1*16]
+	inversekey	[edx + 2*16]
+	inversekey	[edx + 3*16]
+	inversekey	[edx + 4*16]
+	inversekey	[edx + 5*16]
+	inversekey	[edx + 6*16]
+	inversekey	[edx + 7*16]
+	inversekey	[edx + 8*16]
+	inversekey	[edx + 9*16]
+	inversekey	[edx + 10*16]
+	inversekey	[edx + 11*16]
+	inversekey	[edx + 12*16]
+	inversekey	[edx + 13*16]
+
+	ret
+
+
+
+
+align 16
+global _iEncExpandKey256
+_iEncExpandKey256:
+	mov ecx, [esp-4+8]		;input
+	mov edx, [esp-4+12]		;expanded key
+
+
+    movdqu xmm1, [ecx]    ; loading the key
+    movdqu xmm3, [ecx+16]
+    movdqu [edx], xmm1  ; Storing key in memory where all key schedule will be stored
+    movdqu [edx+16], xmm3
+
+    add edx,32
+
+    call .next
+.next:
+    pop ecx
+    movdqa xmm5, [ecx-.next+shuffle_mask]  ; this mask is used by key_expansion
+
+    aeskeygenassist xmm2, xmm3, 0x1     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x2     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x4     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x8     ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x10    ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x20    ;
+    call key_expansion256
+    aeskeygenassist xmm2, xmm3, 0x40    ;
+;    call key_expansion256
+
+    pshufd xmm2, xmm2, 011111111b
+
+    movdqu xmm4, xmm1
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pshufb xmm4, xmm5
+    pxor xmm1, xmm4
+    pxor xmm1, xmm2
+
+    movdqu [edx], xmm1
+
+
+	ret
+
+
+
+align 16
+global _iDec128_CBC
+_iDec128_CBC:
+	mov ecx,[esp-4+8]
+
+	push esi
+	push edi
+	push ebp
+	mov ebp,esp
+	sub esp,16*16
+	and esp,0xfffffff0
+
+	mov eax,[ecx+12]
+	movdqu xmm5,[eax]	;iv
+
+	mov eax,[ecx+16] ; numblocks
+	mov esi,[ecx]
+	mov edi,[ecx+4]
+	mov ecx,[ecx+8]
+
+	sub edi,esi
+
+	test eax,eax
+	jz end_dec128_CBC
+
+	cmp eax,4
+	jl	lp128decsingle_CBC
+
+	test	ecx,0xf
+	jz		lp128decfour_CBC
+
+	copy_round_keys esp,ecx,0
+	copy_round_keys esp,ecx,1
+	copy_round_keys esp,ecx,2
+	copy_round_keys esp,ecx,3
+	copy_round_keys esp,ecx,4
+	copy_round_keys esp,ecx,5
+	copy_round_keys esp,ecx,6
+	copy_round_keys esp,ecx,7
+	copy_round_keys esp,ecx,8
+	copy_round_keys esp,ecx,9
+	copy_round_keys esp,ecx,10
+	mov ecx,esp
+
+
+align 16
+lp128decfour_CBC:
+
+	test eax,eax
+	jz end_dec128_CBC
+
+	cmp eax,4
+	jl	lp128decsingle_CBC
+
+	load_and_xor4 esi, [ecx+10*16]
+	add esi,16*4
+	aesdec4 [ecx+9*16]
+	aesdec4 [ecx+8*16]
+	aesdec4 [ecx+7*16]
+	aesdec4 [ecx+6*16]
+	aesdec4 [ecx+5*16]
+	aesdec4 [ecx+4*16]
+	aesdec4 [ecx+3*16]
+	aesdec4 [ecx+2*16]
+	aesdec4 [ecx+1*16]
+	aesdeclast4 [ecx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqu	xmm4,[esi- 16*4 + 0*16]
+	pxor	xmm1,xmm4
+	movdqu	xmm4,[esi- 16*4 + 1*16]
+	pxor	xmm2,xmm4
+	movdqu	xmm4,[esi- 16*4 + 2*16]
+	pxor	xmm3,xmm4
+	movdqu	xmm5,[esi- 16*4 + 3*16]
+
+	sub eax,4
+	store4 esi+edi-(16*4)
+	jmp lp128decfour_CBC
+
+
+	align 16
+lp128decsingle_CBC:
+
+	movdqu xmm0, [esi]
+	movdqa xmm1,xmm0
+	movdqu xmm4,[ecx+10*16]
+	pxor xmm0, xmm4
+	aesdec1_u  [ecx+9*16]
+	aesdec1_u  [ecx+8*16]
+	aesdec1_u  [ecx+7*16]
+	aesdec1_u  [ecx+6*16]
+	aesdec1_u  [ecx+5*16]
+	aesdec1_u  [ecx+4*16]
+	aesdec1_u  [ecx+3*16]
+	aesdec1_u  [ecx+2*16]
+	aesdec1_u  [ecx+1*16]
+	aesdeclast1_u [ecx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqa	xmm5,xmm1
+
+	add esi, 16
+	movdqu  [edi+esi - 16], xmm0
+	dec eax
+	jnz lp128decsingle_CBC
+
+end_dec128_CBC:
+
+	mov esp,ebp
+	pop ebp
+	pop edi
+	pop esi
+
+	mov ecx,[esp-4+8]   ; first arg
+	mov ecx,[ecx+12]
+	movdqu	[ecx],xmm5 ; store last iv for chaining
+
+	ret
+
+
+
+align 16
+global _iDec256_CBC
+_iDec256_CBC:
+	mov ecx,[esp-4+8]
+
+	push esi
+	push edi
+	push ebp
+	mov ebp,esp
+
+	sub esp,16*16
+	and esp,0xfffffff0
+
+	mov eax,[ecx+12]
+	movdqu xmm5,[eax]	;iv
+
+	mov eax,[ecx+16] ; numblocks
+	mov esi,[ecx]
+	mov edi,[ecx+4]
+	mov ecx,[ecx+8]
+
+	sub edi,esi
+
+	test eax,eax
+	jz end_dec256_CBC
+
+	cmp eax,4
+	jl	lp256decsingle_CBC
+
+	test	ecx,0xf
+	jz	lp256decfour_CBC
+
+	copy_round_keys esp,ecx,0
+	copy_round_keys esp,ecx,1
+	copy_round_keys esp,ecx,2
+	copy_round_keys esp,ecx,3
+	copy_round_keys esp,ecx,4
+	copy_round_keys esp,ecx,5
+	copy_round_keys esp,ecx,6
+	copy_round_keys esp,ecx,7
+	copy_round_keys esp,ecx,8
+	copy_round_keys esp,ecx,9
+	copy_round_keys esp,ecx,10
+	copy_round_keys esp,ecx,11
+	copy_round_keys esp,ecx,12
+	copy_round_keys esp,ecx,13
+	copy_round_keys esp,ecx,14
+	mov ecx,esp
+
+align 16
+lp256decfour_CBC:
+
+	test eax,eax
+	jz end_dec256_CBC
+
+	cmp eax,4
+	jl	lp256decsingle_CBC
+
+	load_and_xor4 esi, [ecx+14*16]
+	add esi,16*4
+	aesdec4 [ecx+13*16]
+	aesdec4 [ecx+12*16]
+	aesdec4 [ecx+11*16]
+	aesdec4 [ecx+10*16]
+	aesdec4 [ecx+9*16]
+	aesdec4 [ecx+8*16]
+	aesdec4 [ecx+7*16]
+	aesdec4 [ecx+6*16]
+	aesdec4 [ecx+5*16]
+	aesdec4 [ecx+4*16]
+	aesdec4 [ecx+3*16]
+	aesdec4 [ecx+2*16]
+	aesdec4 [ecx+1*16]
+	aesdeclast4 [ecx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqu	xmm4,[esi- 16*4 + 0*16]
+	pxor	xmm1,xmm4
+	movdqu	xmm4,[esi- 16*4 + 1*16]
+	pxor	xmm2,xmm4
+	movdqu	xmm4,[esi- 16*4 + 2*16]
+	pxor	xmm3,xmm4
+	movdqu	xmm5,[esi- 16*4 + 3*16]
+
+	sub eax,4
+	store4 esi+edi-(16*4)
+	jmp lp256decfour_CBC
+
+
+	align 16
+lp256decsingle_CBC:
+
+	movdqu xmm0, [esi]
+	movdqa xmm1,xmm0
+	movdqu xmm4, [ecx+14*16]
+	pxor xmm0, xmm4
+	aesdec1_u  [ecx+13*16]
+	aesdec1_u  [ecx+12*16]
+	aesdec1_u  [ecx+11*16]
+	aesdec1_u  [ecx+10*16]
+	aesdec1_u  [ecx+9*16]
+	aesdec1_u  [ecx+8*16]
+	aesdec1_u  [ecx+7*16]
+	aesdec1_u  [ecx+6*16]
+	aesdec1_u  [ecx+5*16]
+	aesdec1_u  [ecx+4*16]
+	aesdec1_u  [ecx+3*16]
+	aesdec1_u  [ecx+2*16]
+	aesdec1_u  [ecx+1*16]
+	aesdeclast1_u  [ecx+0*16]
+
+	pxor	xmm0,xmm5
+	movdqa	xmm5,xmm1
+
+	add esi, 16
+	movdqu  [edi+esi - 16], xmm0
+	dec eax
+	jnz lp256decsingle_CBC
+
+end_dec256_CBC:
+
+
+	mov esp,ebp
+	pop ebp
+	pop edi
+	pop esi
+
+	mov ecx,[esp-4+8]  ; first arg
+	mov ecx,[ecx+12]
+	movdqu	[ecx],xmm5 ; store last iv for chaining
+
+	ret
+
+
+
+align 16
+global _iEnc128_CBC
+_iEnc128_CBC:
+	mov ecx,[esp-4+8]
+
+	push esi
+	push edi
+	push ebp
+	mov ebp,esp
+
+	sub esp,16*16
+	and esp,0xfffffff0
+
+	mov	eax,[ecx+12]
+	movdqu xmm1,[eax]	;iv
+
+	mov eax,[ecx+16] ; numblocks
+	mov esi,[ecx]
+	mov edi,[ecx+4]
+	mov ecx,[ecx+8]
+	sub edi,esi
+
+	test	ecx,0xf
+	jz		lp128encsingle_CBC
+
+	copy_round_keys esp,ecx,0
+	copy_round_keys esp,ecx,1
+	copy_round_keys esp,ecx,2
+	copy_round_keys esp,ecx,3
+	copy_round_keys esp,ecx,4
+	copy_round_keys esp,ecx,5
+	copy_round_keys esp,ecx,6
+	copy_round_keys esp,ecx,7
+	copy_round_keys esp,ecx,8
+	copy_round_keys esp,ecx,9
+	copy_round_keys esp,ecx,10
+	mov ecx,esp
+
+	align 16
+
+lp128encsingle_CBC:
+
+	movdqu xmm0, [esi]
+	add esi, 16
+	pxor xmm0, xmm1
+	movdqu xmm4,[ecx+0*16]
+	pxor xmm0, xmm4
+	aesenc1  [ecx+1*16]
+	aesenc1  [ecx+2*16]
+	aesenc1  [ecx+3*16]
+	aesenc1  [ecx+4*16]
+	aesenc1  [ecx+5*16]
+	aesenc1  [ecx+6*16]
+	aesenc1  [ecx+7*16]
+	aesenc1  [ecx+8*16]
+	aesenc1  [ecx+9*16]
+	aesenclast1  [ecx+10*16]
+		; Store output encrypted data into CIPHERTEXT array
+	movdqu  [esi+edi-16], xmm0
+	movdqa xmm1,xmm0
+	dec eax
+	jnz lp128encsingle_CBC
+
+
+	mov esp,ebp
+	pop ebp
+	pop edi
+	pop esi
+	mov ecx,[esp-4+8]  ; first arg
+	mov ecx,[ecx+12]
+	movdqu	[ecx],xmm1 ; store last iv for chaining
+
+	ret
+
+
+
+align 16
+global _iEnc256_CBC
+_iEnc256_CBC:
+	mov ecx,[esp-4+8]  ; first arg
+
+	push esi
+	push edi
+	push ebp
+	mov ebp,esp
+
+	sub esp,16*16
+	and esp,0xfffffff0
+
+	mov	eax,[ecx+12]
+	movdqu xmm1,[eax]	;iv
+
+	mov eax,[ecx+16] ; numblocks
+	mov esi,[ecx]
+	mov edi,[ecx+4]
+	mov ecx,[ecx+8]
+	sub edi,esi
+
+	test	ecx,0xf
+	jz		lp256encsingle_CBC
+
+	copy_round_keys esp,ecx,0
+	copy_round_keys esp,ecx,1
+	copy_round_keys esp,ecx,2
+	copy_round_keys esp,ecx,3
+	copy_round_keys esp,ecx,4
+	copy_round_keys esp,ecx,5
+	copy_round_keys esp,ecx,6
+	copy_round_keys esp,ecx,7
+	copy_round_keys esp,ecx,8
+	copy_round_keys esp,ecx,9
+	copy_round_keys esp,ecx,10
+	copy_round_keys esp,ecx,11
+	copy_round_keys esp,ecx,12
+	copy_round_keys esp,ecx,13
+	copy_round_keys esp,ecx,14
+	mov ecx,esp
+
+	align 16
+
+lp256encsingle_CBC:
+
+;abab
+	movdqu xmm0, [esi]
+	add esi, 16
+	pxor xmm0, xmm1
+	movdqu xmm4,[ecx+0*16]
+	pxor xmm0, xmm4
+	aesenc1 [ecx+1*16]
+	aesenc1 [ecx+2*16]
+	aesenc1 [ecx+3*16]
+	aesenc1 [ecx+4*16]
+	aesenc1 [ecx+5*16]
+	aesenc1 [ecx+6*16]
+	aesenc1 [ecx+7*16]
+	aesenc1 [ecx+8*16]
+	aesenc1 [ecx+9*16]
+	aesenc1 [ecx+10*16]
+	aesenc1 [ecx+11*16]
+	aesenc1 [ecx+12*16]
+	aesenc1 [ecx+13*16]
+	aesenclast1 [ecx+14*16]
+		; Store output encrypted data into CIPHERTEXT array
+	movdqu  [esi+edi-16], xmm0
+	movdqa xmm1,xmm0
+	dec eax
+	jnz lp256encsingle_CBC
+
+
+	mov esp,ebp
+	pop ebp
+	pop edi
+	pop esi
+	mov ecx,[esp-4+8]
+	mov ecx,[ecx+12]
+	movdqu	[ecx],xmm1 ; store last iv for chaining
+
+	ret
+
+; Mark this file as not needing an executable stack.
+%ifidn __OUTPUT_FORMAT__,elf
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf32
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
+%ifidn __OUTPUT_FORMAT__,elf64
+section .note.GNU-stack noalloc noexec nowrite progbits
+%endif
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/aes/kresults.expected b/krb5-1.21.3/src/lib/crypto/builtin/aes/kresults.expected
new file mode 100644
index 00000000..443d5c4d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/aes/kresults.expected
@@ -0,0 +1,223 @@
+FIPS test:
+key:
+    00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+input:
+    00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF
+output:
+    69 C4 E0 D8 6A 7B 04 30 D8 CD B7 80 70 B4 C5 5A
+ok.
+
+ECB tests:
+key:
+    46 64 31 29 64 86 ED 9C D7 1F C2 07 25 48 20 A2
+test 0 - 32 bytes
+input:
+    C4 A8 5A EB 0B 20 41 49 4F 8B F1 F8 CD 30 F1 13
+    94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+output:
+    1B 39 DA 37 40 D3 DF FE AC 89 D6 BB 4C 29 F1 0A
+    E1 43 64 CB 16 D3 FF CF E8 FA 6A 2C EC A2 69 34
+
+test 1 - 32 bytes
+input:
+    22 3C F8 A8 29 95 80 49 57 87 6E 9F A7 11 63 50
+    6B 4E 5B 8C 8F A4 DB 1B 95 D3 E8 C5 C5 FB 5A 00
+output:
+    F3 B2 BB 53 D6 F4 A3 AE 9E EB B1 3D B2 F7 E9 90
+    83 FE B6 7B 73 4F CE DB 8E 97 D4 06 96 11 B7 23
+
+test 2 - 32 bytes
+input:
+    E7 37 52 90 60 E7 10 A9 3E 97 18 DD 3E 29 41 8E
+    94 8F E9 20 1F 8D FB 3A 22 CF 22 E8 94 1D 42 7B
+output:
+    25 4F 90 96 01 9B 09 27 5E FF 95 69 E0 70 DC 50
+    A3 D1 6F E1 EF 7B 6D 2F 4F 93 48 90 02 0D F1 8A
+
+test 3 - 48 bytes
+input:
+    54 94 0B B4 7C 1B 5E BA B2 76 98 F1 9F D9 7F 33
+    68 69 54 87 F6 4F C1 19 1E E3 01 B2 00 43 2E 54
+    D7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+output:
+    D3 7F 6D 39 57 32 A6 C5 A4 49 F4 4B C6 EE 0A E0
+    86 D8 A3 C0 E5 6D BB 39 5F C0 CC 0A DA 8F 87 C6
+    14 C1 8E 34 7A A8 2F BB EA 53 F0 7A 64 53 5B 28
+
+test 4 - 48 bytes
+input:
+    39 09 53 55 67 0E 07 DD A6 F8 7C 7F 78 AF E7 E1
+    03 6F D7 53 30 F0 71 14 F1 24 14 34 52 69 0C 8B
+    72 5F E0 D9 6D E8 B6 13 E0 32 92 58 E1 7A 39 00
+output:
+    AD 96 1C 40 05 54 CB 0E 37 32 AE 2C 64 DB EF 8E
+    B5 76 2B EE F3 A1 04 A1 E0 3F FE CA 17 7B 4C 91
+    53 2F B3 16 33 48 27 D6 49 62 E8 77 10 DC 46 E6
+
+test 5 - 48 bytes
+input:
+    E5 E9 11 38 19 01 A9 2D F3 CD 42 27 1F AB 33 AB
+    1D 93 8B F6 00 73 AC 14 54 DE A6 AC BF 20 E6 A4
+    09 F7 DC 23 F8 86 50 EB 53 92 13 73 3D 46 1E 5A
+output:
+    1A 03 F3 10 7A F0 62 07 D1 22 60 2B 9E 07 D0 8D
+    FE 7A E7 E7 DF 7F 12 C6 5E 29 F9 A2 55 C0 93 F1
+    FF AC 97 44 E1 C0 C7 39 F8 7A 4B F8 ED 01 58 6B
+
+test 6 - 64 bytes
+input:
+    D9 A9 50 DA 1D FC EE 71 DA 94 1D 9A B5 03 3E BE
+    FA 1B E1 F3 A1 32 DE F4 C4 F1 67 02 38 85 5C 11
+    2F AD EB 4C A9 D9 BD 84 6E DA 1E 23 DE 5C E1 D8
+    77 C3 CB 18 F5 AA 0D B9 9B 74 BB D3 FA 18 E5 29
+output:
+    D0 18 22 59 85 05 AB 87 0D 9D D0 99 7B 15 CC 43
+    4D C5 13 1B B5 3E 8F 4E B4 75 FC A5 E5 47 94 7F
+    14 68 15 F7 6D F1 9E 12 B8 81 39 06 3C 3D F5 44
+    83 BE 19 E3 3E 68 15 A0 50 93 03 73 0C 99 52 C3
+
+CBC tests:
+initial vector:
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+test 0 - 32 bytes
+input:
+    C4 A8 5A EB 0B 20 41 49 4F 8B F1 F8 CD 30 F1 13
+    94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+output:
+    1B 39 DA 37 40 D3 DF FE AC 89 D6 BB 4C 29 F1 0A
+    D4 3C 74 F5 5B 8B 3E CF 67 F8 F7 00 03 27 8A 91
+
+test 1 - 32 bytes
+input:
+    22 3C F8 A8 29 95 80 49 57 87 6E 9F A7 11 63 50
+    6B 4E 5B 8C 8F A4 DB 1B 95 D3 E8 C5 C5 FB 5A 00
+output:
+    F3 B2 BB 53 D6 F4 A3 AE 9E EB B1 3D B2 F7 E9 90
+    54 03 C8 DF 5F 11 82 94 93 4E B3 4B F9 B5 39 D1
+
+test 2 - 32 bytes
+input:
+    E7 37 52 90 60 E7 10 A9 3E 97 18 DD 3E 29 41 8E
+    94 8F E9 20 1F 8D FB 3A 22 CF 22 E8 94 1D 42 7B
+output:
+    25 4F 90 96 01 9B 09 27 5E FF 95 69 E0 70 DC 50
+    D7 7C 5F B0 DA F7 80 2E 3F 3A 2E B7 5D F0 B3 23
+
+test 3 - 48 bytes
+input:
+    54 94 0B B4 7C 1B 5E BA B2 76 98 F1 9F D9 7F 33
+    68 69 54 87 F6 4F C1 19 1E E3 01 B2 00 43 2E 54
+    D7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+output:
+    D3 7F 6D 39 57 32 A6 C5 A4 49 F4 4B C6 EE 0A E0
+    88 D0 90 16 44 A7 38 01 63 5D BE 56 9E C3 78 7A
+    51 6F 31 69 BF 9C 75 AD A1 C6 66 A6 1B A2 38 0D
+
+test 4 - 48 bytes
+input:
+    39 09 53 55 67 0E 07 DD A6 F8 7C 7F 78 AF E7 E1
+    03 6F D7 53 30 F0 71 14 F1 24 14 34 52 69 0C 8B
+    72 5F E0 D9 6D E8 B6 13 E0 32 92 58 E1 7A 39 00
+output:
+    AD 96 1C 40 05 54 CB 0E 37 32 AE 2C 64 DB EF 8E
+    F0 68 8B 66 32 FE 41 EF 11 51 1B 6E F0 C0 17 96
+    A1 BD F6 34 5D F3 BC 03 86 72 D0 C3 13 FE C3 95
+
+test 5 - 48 bytes
+input:
+    E5 E9 11 38 19 01 A9 2D F3 CD 42 27 1F AB 33 AB
+    1D 93 8B F6 00 73 AC 14 54 DE A6 AC BF 20 E6 A4
+    09 F7 DC 23 F8 86 50 EB 53 92 13 73 3D 46 1E 5A
+output:
+    1A 03 F3 10 7A F0 62 07 D1 22 60 2B 9E 07 D0 8D
+    22 F4 2B 92 92 D4 D5 E7 EA 90 72 9F 03 31 10 1F
+    65 DE 01 93 8B 51 17 F8 32 6F 4B 05 AF 02 E2 3D
+
+test 6 - 64 bytes
+input:
+    D9 A9 50 DA 1D FC EE 71 DA 94 1D 9A B5 03 3E BE
+    FA 1B E1 F3 A1 32 DE F4 C4 F1 67 02 38 85 5C 11
+    2F AD EB 4C A9 D9 BD 84 6E DA 1E 23 DE 5C E1 D8
+    77 C3 CB 18 F5 AA 0D B9 9B 74 BB D3 FA 18 E5 29
+output:
+    D0 18 22 59 85 05 AB 87 0D 9D D0 99 7B 15 CC 43
+    F7 43 1B BF 3C 7D A0 21 1E 3D 3F 6A 4D 8A CE 08
+    37 9D EB CD 52 52 3B C5 76 02 7D 35 19 76 05 7D
+    76 22 5A 42 DF 73 CB 5D CE 88 C3 4C CE 92 00 E6
+
+CTS tests:
+initial vector:
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+test 0 - 17 bytes
+input:
+    C4 A8 5A EB 0B 20 41 49 4F 8B F1 F8 CD 30 F1 13
+    94
+(did CBC mode for 0)
+output:
+    D4 3C 74 F5 5B 8B 3E CF 67 F8 F7 00 03 27 8A 91
+    1B
+
+test 1 - 31 bytes
+input:
+    22 3C F8 A8 29 95 80 49 57 87 6E 9F A7 11 63 50
+    6B 4E 5B 8C 8F A4 DB 1B 95 D3 E8 C5 C5 FB 5A
+(did CBC mode for 0)
+output:
+    54 03 C8 DF 5F 11 82 94 93 4E B3 4B F9 B5 39 D1
+    F3 B2 BB 53 D6 F4 A3 AE 9E EB B1 3D B2 F7 E9
+
+test 2 - 32 bytes
+input:
+    E7 37 52 90 60 E7 10 A9 3E 97 18 DD 3E 29 41 8E
+    94 8F E9 20 1F 8D FB 3A 22 CF 22 E8 94 1D 42 7B
+(did CBC mode for 0)
+output:
+    D7 7C 5F B0 DA F7 80 2E 3F 3A 2E B7 5D F0 B3 23
+    25 4F 90 96 01 9B 09 27 5E FF 95 69 E0 70 DC 50
+
+test 3 - 33 bytes
+input:
+    54 94 0B B4 7C 1B 5E BA B2 76 98 F1 9F D9 7F 33
+    68 69 54 87 F6 4F C1 19 1E E3 01 B2 00 43 2E 54
+    D7
+(did CBC mode for 16)
+output:
+    D3 7F 6D 39 57 32 A6 C5 A4 49 F4 4B C6 EE 0A E0
+    51 6F 31 69 BF 9C 75 AD A1 C6 66 A6 1B A2 38 0D
+    88
+
+test 4 - 47 bytes
+input:
+    39 09 53 55 67 0E 07 DD A6 F8 7C 7F 78 AF E7 E1
+    03 6F D7 53 30 F0 71 14 F1 24 14 34 52 69 0C 8B
+    72 5F E0 D9 6D E8 B6 13 E0 32 92 58 E1 7A 39
+(did CBC mode for 16)
+output:
+    AD 96 1C 40 05 54 CB 0E 37 32 AE 2C 64 DB EF 8E
+    A1 BD F6 34 5D F3 BC 03 86 72 D0 C3 13 FE C3 95
+    F0 68 8B 66 32 FE 41 EF 11 51 1B 6E F0 C0 17
+
+test 5 - 48 bytes
+input:
+    E5 E9 11 38 19 01 A9 2D F3 CD 42 27 1F AB 33 AB
+    1D 93 8B F6 00 73 AC 14 54 DE A6 AC BF 20 E6 A4
+    09 F7 DC 23 F8 86 50 EB 53 92 13 73 3D 46 1E 5A
+(did CBC mode for 16)
+output:
+    1A 03 F3 10 7A F0 62 07 D1 22 60 2B 9E 07 D0 8D
+    65 DE 01 93 8B 51 17 F8 32 6F 4B 05 AF 02 E2 3D
+    22 F4 2B 92 92 D4 D5 E7 EA 90 72 9F 03 31 10 1F
+
+test 6 - 64 bytes
+input:
+    D9 A9 50 DA 1D FC EE 71 DA 94 1D 9A B5 03 3E BE
+    FA 1B E1 F3 A1 32 DE F4 C4 F1 67 02 38 85 5C 11
+    2F AD EB 4C A9 D9 BD 84 6E DA 1E 23 DE 5C E1 D8
+    77 C3 CB 18 F5 AA 0D B9 9B 74 BB D3 FA 18 E5 29
+(did CBC mode for 32)
+output:
+    D0 18 22 59 85 05 AB 87 0D 9D D0 99 7B 15 CC 43
+    F7 43 1B BF 3C 7D A0 21 1E 3D 3F 6A 4D 8A CE 08
+    76 22 5A 42 DF 73 CB 5D CE 88 C3 4C CE 92 00 E6
+    37 9D EB CD 52 52 3B C5 76 02 7D 35 19 76 05 7D
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/camellia/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/camellia/Makefile.in
new file mode 100644
index 00000000..88619694
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/camellia/Makefile.in
@@ -0,0 +1,43 @@
+thisconfigdir=../../../..
+myfulldir=lib/crypto/builtin/camellia
+mydir=lib$(S)crypto$(S)builtin$(S)camellia
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES=-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLGAS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\camellia
+##DOS##OBJFILE = ..\..\$(OUTPRE)camellia.lst
+
+STLIBOBJS= camellia.o
+
+OBJS= $(OUTPRE)camellia.$(OBJEXT)
+
+SRCS= $(srcdir)/camellia.c
+
+GEN_OBJS= $(OUTPRE)camellia.$(OBJEXT)
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs # camellia-gen
+
+includes: depend
+
+depend: $(SRCS)
+
+camellia-gen: camellia-gen.o $(GEN_OBJS)
+	$(CC_LINK) -o camellia-gen camellia-gen.o $(GEN_OBJS)
+
+run-camellia-gen: camellia-gen
+	./camellia-gen > kresults.out
+
+check-unix: check-@CRYPTO_BUILTIN_TESTS@
+check-no:
+check-yes: run-camellia-gen
+
+
+clean-unix:: clean-libobjs
+
+clean:
+	-$(RM) camellia-gen camellia-gen.o kresults.out
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia-gen.c b/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia-gen.c
new file mode 100644
index 00000000..23b69c17
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia-gen.c
@@ -0,0 +1,333 @@
+/*
+ * Copyright (c) 2009
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "camellia.h"
+
+#define B 16U
+unsigned char key[16];
+unsigned char test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, };
+#define NTESTS (sizeof(test_case_len))
+struct {
+    unsigned char ivec[16];
+    unsigned char input[4*16];
+    unsigned char output[4*16];
+} test_case[NTESTS];
+camellia_ctx ctx, dctx;
+
+static void init ()
+{
+    size_t i, j;
+    cam_rval r;
+
+    srand(42);
+    for (i = 0; i < 16; i++)
+	key[i] = 0xff & rand();
+    memset(test_case, 0, sizeof(test_case));
+    for (i = 0; i < NTESTS; i++)
+	for (j = 0; j < test_case_len[i]; j++) {
+	    test_case[i].input[j] = 0xff & rand();
+	}
+
+    r = camellia_enc_key (key, sizeof(key), &ctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    r = camellia_dec_key (key, sizeof(key), &dctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+}
+
+static void hexdump(const unsigned char *ptr, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len; i++)
+	printf ("%s%02X", (i % 16 == 0) ? "\n    " : " ", ptr[i]);
+}
+
+static void fips_test ()
+{
+    static const unsigned char fipskey[16] = {
+	0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+	0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+    };
+    static const unsigned char input[16] = {
+	0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+	0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+    };
+    static const unsigned char expected[16] = {
+	0x67,0x67,0x31,0x38,0x54,0x96,0x69,0x73,
+	0x08,0x57,0x06,0x56,0x48,0xea,0xbe,0x43
+    };
+    unsigned char output[16];
+    unsigned char tmp[16];
+    camellia_ctx fipsctx;
+    int r;
+
+    printf ("FIPS test:\nkey:");
+    hexdump (fipskey, 16);
+    printf ("\ninput:");
+    hexdump (input, 16);
+    r = camellia_enc_key (fipskey, sizeof(fipskey), &fipsctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    r = camellia_enc_blk (input, output, &fipsctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    printf ("\noutput:");
+    hexdump (output, 16);
+    printf ("\n");
+    if (memcmp(expected, output, 16))
+	fprintf(stderr, "wrong results!!!\n"), exit (1);
+    r = camellia_dec_key (fipskey, sizeof(fipskey), &fipsctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    r = camellia_dec_blk (output, tmp, &fipsctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    if (memcmp(input, tmp, 16))
+	fprintf(stderr, "decryption failed!!\n"), exit(1);
+    printf ("ok.\n\n");
+}
+
+static void
+xor (unsigned char *out, const unsigned char *a, const unsigned char *b)
+{
+    size_t i;
+    for (i = 0; i < B; i++)
+	out[i] = a[i] ^ b[i];
+}
+
+static void
+ecb_enc (unsigned char *out, unsigned char *in, unsigned int len)
+{
+    size_t i;
+    cam_rval r;
+    for (i = 0; i < len; i += 16) {
+	r = camellia_enc_blk (in + i, out + i, &ctx);
+	if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    }
+    if (i != len) abort ();
+}
+
+static void
+ecb_dec (unsigned char *out, unsigned char *in, unsigned int len)
+{
+    size_t i;
+    cam_rval r;
+    for (i = 0; i < len; i += 16) {
+	r = camellia_dec_blk (in + i, out + i, &dctx);
+	if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    }
+    if (i != len) abort ();
+}
+
+#define D(X) (printf("%s %d: %s=",__FUNCTION__,__LINE__, #X),hexdump(X,B),printf("\n"))
+
+#undef D
+#define D(X)
+
+static void
+cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    size_t i;
+    cam_rval r;
+    unsigned char tmp[B];
+    D(iv);
+    memcpy (tmp, iv, B);
+    for (i = 0; i < len; i += B) {
+	D(in+i);
+	xor (tmp, tmp, in + i);
+	D(tmp);
+	r = camellia_enc_blk (tmp, out + i, &ctx);
+	if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+	memcpy (tmp, out + i, B);
+	D(out+i);
+    }
+    if (i != len) abort ();
+}
+
+static void
+cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    size_t i;
+    cam_rval r;
+    unsigned char tmp[B];
+    memcpy (tmp, iv, B);
+    for (i = 0; i < len; i += B) {
+	r = camellia_dec_blk (in + i, tmp, &dctx);
+	if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+	xor (tmp, tmp, iv);
+	iv = in + i;
+	memcpy (out + i, tmp, B);
+    }
+    if (i != len) abort ();
+}
+
+static void
+cts_enc (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    int r;
+    unsigned int len2;
+    unsigned char pn1[B], pn[B], cn[B], cn1[B];
+
+    if (len < B + 1) abort ();
+    len2 = (len - B - 1) & ~(B-1);
+    cbc_enc (out, in, iv, len2);
+    out += len2;
+    in += len2;
+    len -= len2;
+    if (len2)
+	iv = out - B;
+    if (len <= B || len > 2 * B)
+	abort ();
+    printf ("(did CBC mode for %d)\n", len2);
+
+    D(in);
+    xor (pn1, in, iv);
+    D(pn1);
+    r = camellia_enc_blk (pn1, cn, &ctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    D(cn);
+    memset (pn, 0, sizeof(pn));
+    memcpy (pn, in+B, len-B);
+    D(pn);
+    xor (pn, pn, cn);
+    D(pn);
+    r = camellia_enc_blk (pn, cn1, &ctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    D(cn1);
+    memcpy(out, cn1, B);
+    memcpy(out+B, cn, len-B);
+}
+
+static void
+cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
+	 unsigned int len)
+{
+    int r;
+    unsigned int len2;
+    unsigned char pn1[B], pn[B], cn[B], cn1[B];
+
+    if (len < B + 1) abort ();
+    len2 = (len - B - 1) & ~(B-1);
+    cbc_dec (out, in, iv, len2);
+    out += len2;
+    in += len2;
+    len -= len2;
+    if (len2)
+	iv = in - B;
+    if (len <= B || len > 2 * B)
+	abort ();
+
+    memcpy (cn1, in, B);
+    r = camellia_dec_blk (cn1, pn, &dctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    memset (cn, 0, sizeof(cn));
+    memcpy (cn, in+B, len-B);
+    xor (pn, pn, cn);
+    memcpy (cn+len-B, pn+len-B, 2*B-len);
+    r = camellia_dec_blk (cn, pn1, &dctx);
+    if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
+    xor (pn1, pn1, iv);
+    memcpy(out, pn1, B);
+    memcpy(out+B, pn, len-B);
+}
+
+static void ecb_test ()
+{
+    size_t testno;
+    unsigned char tmp[4*B];
+
+    printf ("ECB tests:\n");
+    printf ("key:");
+    hexdump (key, sizeof(key));
+    for (testno = 0; testno < NTESTS; testno++) {
+	unsigned len = (test_case_len[testno] + 15) & ~15;
+	printf ("\ntest %d - %d bytes\n", (int)testno, len);
+	printf ("input:");
+	hexdump (test_case[testno].input, len);
+	printf ("\n");
+	ecb_enc (test_case[testno].output, test_case[testno].input, len);
+	printf ("output:");
+	hexdump (test_case[testno].output, len);
+	printf ("\n");
+	ecb_dec (tmp, test_case[testno].output, len);
+	if (memcmp (tmp, test_case[testno].input, len)) {
+	    printf ("ecb decrypt failed!!");
+	    hexdump (tmp, len);
+	    printf ("\n");
+	    exit (1);
+	}
+    }
+    printf ("\n");
+}
+
+unsigned char ivec[16] = { 0 };
+
+static void cbc_test ()
+{
+    size_t testno;
+    unsigned char tmp[4*B];
+
+    printf ("CBC tests:\n");
+    printf ("initial vector:");
+    hexdump (ivec, sizeof(ivec));
+    for (testno = 0; testno < NTESTS; testno++) {
+	unsigned len = (test_case_len[testno] + 15) & ~15;
+	printf ("\ntest %d - %d bytes\n", (int)testno, len);
+	printf ("input:");
+	hexdump (test_case[testno].input, len);
+	printf ("\n");
+	cbc_enc (test_case[testno].output, test_case[testno].input, ivec, len);
+	printf ("output:");
+	hexdump (test_case[testno].output, len);
+	printf ("\n");
+	cbc_dec (tmp, test_case[testno].output, ivec, len);
+	if (memcmp (tmp, test_case[testno].input, len)) {
+	    printf("cbc decrypt failed!!");
+	    hexdump (tmp, len);
+	    printf ("\n");
+	    exit(1);
+	}
+    }
+    printf ("\n");
+}
+
+static void cts_test ()
+{
+    size_t testno;
+    unsigned char tmp[4*B];
+
+    printf ("CTS tests:\n");
+    printf ("initial vector:");
+    hexdump (ivec, sizeof(ivec));
+    for (testno = 0; testno < NTESTS; testno++) {
+	unsigned int len = test_case_len[testno];
+	printf ("\ntest %d - %d bytes\n", (int)testno, len);
+	printf ("input:");
+	hexdump (test_case[testno].input, len);
+	printf ("\n");
+	cts_enc (test_case[testno].output, test_case[testno].input, ivec, len);
+	printf ("output:");
+	hexdump (test_case[testno].output, len);
+	printf ("\n");
+	cts_dec (tmp, test_case[testno].output, ivec, len);
+	if (memcmp (tmp, test_case[testno].input, len))
+	    fprintf (stderr, "cts decrypt failed!!\n"), exit(1);
+    }
+    printf ("\n");
+}
+
+int main ()
+{
+    init ();
+    fips_test ();
+
+    ecb_test();
+    cbc_test();
+    cts_test();
+
+    return 0;
+}
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia.c b/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia.c
new file mode 100644
index 00000000..f462ceac
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia.c
@@ -0,0 +1,1544 @@
+/* lib/crypto/builtin/camellia/camellia.c - Camellia version 1.2.0 */
+/*
+ * Copyright (c) 2006,2007,2009
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Algorithm Specification 
+ *  https://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "camellia.h"
+
+#include "crypto_int.h"
+#ifdef K5_BUILTIN_CAMELLIA
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ *  macros
+ */
+
+
+#if defined(_MSC_VER)
+
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
+
+#else /* not MS-VC */
+
+# define GETU32(pt)				\
+    (((u32)(pt)[0] << 24)			\
+     ^ ((u32)(pt)[1] << 16)			\
+     ^ ((u32)(pt)[2] <<  8)			\
+     ^ ((u32)(pt)[3]))
+
+# define PUTU32(ct, st)  {			\
+	(ct)[0] = (u8)((st) >> 24);		\
+	(ct)[1] = (u8)((st) >> 16);		\
+	(ct)[2] = (u8)((st) >>  8);		\
+	(ct)[3] = (u8)(st); }
+
+#endif
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)	\
+    do {						\
+	w0 = ll;					\
+	ll = (ll << bits) + (lr >> (32 - bits));	\
+	lr = (lr << bits) + (rl >> (32 - bits));	\
+	rl = (rl << bits) + (rr >> (32 - bits));	\
+	rr = (rr << bits) + (w0 >> (32 - bits));	\
+    } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits)	\
+    do {						\
+	w0 = ll;					\
+	w1 = lr;					\
+	ll = (lr << (bits - 32)) + (rl >> (64 - bits));	\
+	lr = (rl << (bits - 32)) + (rr >> (64 - bits));	\
+	rl = (rr << (bits - 32)) + (w0 >> (64 - bits));	\
+	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits));	\
+    } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)	\
+    do {							\
+	il = xl ^ kl;						\
+	ir = xr ^ kr;						\
+	t0 = il >> 16;						\
+	t1 = ir >> 16;						\
+	yl = CAMELLIA_SP1110(ir & 0xff)				\
+	    ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)			\
+	    ^ CAMELLIA_SP3033(t1 & 0xff)			\
+	    ^ CAMELLIA_SP4404((ir >> 8) & 0xff);		\
+	yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)			\
+	    ^ CAMELLIA_SP0222(t0 & 0xff)			\
+	    ^ CAMELLIA_SP3033((il >> 8) & 0xff)			\
+	    ^ CAMELLIA_SP4404(il & 0xff);			\
+	yl ^= yr;						\
+	yr = CAMELLIA_RR8(yr);					\
+	yr ^= yl;						\
+    } while(0)
+
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+    do {								\
+	t0 = kll;							\
+	t0 &= ll;							\
+	lr ^= CAMELLIA_RL1(t0);						\
+	t1 = klr;							\
+	t1 |= lr;							\
+	ll ^= t1;							\
+									\
+	t2 = krr;							\
+	t2 |= rr;							\
+	rl ^= t2;							\
+	t3 = krl;							\
+	t3 &= rl;							\
+	rr ^= CAMELLIA_RL1(t3);						\
+    } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)	\
+    do {								\
+	ir = CAMELLIA_SP1110(xr & 0xff)					\
+	    ^ CAMELLIA_SP0222((xr >> 24) & 0xff)			\
+	    ^ CAMELLIA_SP3033((xr >> 16) & 0xff)			\
+	    ^ CAMELLIA_SP4404((xr >> 8) & 0xff);			\
+	il = CAMELLIA_SP1110((xl >> 24) & 0xff)				\
+	    ^ CAMELLIA_SP0222((xl >> 16) & 0xff)			\
+	    ^ CAMELLIA_SP3033((xl >> 8) & 0xff)				\
+	    ^ CAMELLIA_SP4404(xl & 0xff);				\
+	il ^= kl;							\
+	ir ^= kr;							\
+	ir ^= il;							\
+	il = CAMELLIA_RR8(il);						\
+	il ^= ir;							\
+	yl ^= ir;							\
+	yr ^= il;							\
+    } while(0)
+
+
+static const u32 camellia_sp1110[256] = {
+    0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+    0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+    0xe4e4e400,0x85858500,0x57575700,0x35353500,
+    0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+    0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+    0x45454500,0x19191900,0xa5a5a500,0x21212100,
+    0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+    0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+    0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+    0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+    0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+    0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+    0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+    0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+    0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+    0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+    0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+    0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+    0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+    0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+    0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+    0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+    0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+    0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+    0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+    0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+    0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+    0x53535300,0x18181800,0xf2f2f200,0x22222200,
+    0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+    0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+    0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+    0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+    0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+    0xa1a1a100,0x89898900,0x62626200,0x97979700,
+    0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+    0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+    0x10101000,0xc4c4c400,0x00000000,0x48484800,
+    0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+    0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+    0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+    0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+    0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+    0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+    0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+    0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+    0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+    0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+    0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+    0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+    0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+    0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+    0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+    0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+    0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+    0xd4d4d400,0x25252500,0xababab00,0x42424200,
+    0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+    0x72727200,0x07070700,0xb9b9b900,0x55555500,
+    0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+    0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+    0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+    0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+    0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+    0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+    0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+};
+
+static const u32 camellia_sp0222[256] = {
+    0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+    0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+    0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+    0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+    0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+    0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+    0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+    0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+    0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+    0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+    0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+    0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+    0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+    0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+    0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+    0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+    0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+    0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+    0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+    0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+    0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+    0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+    0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+    0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+    0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+    0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+    0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+    0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+    0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+    0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+    0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+    0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+    0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+    0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+    0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+    0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+    0x00202020,0x00898989,0x00000000,0x00909090,
+    0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+    0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+    0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+    0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+    0x009b9b9b,0x00949494,0x00212121,0x00666666,
+    0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+    0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+    0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+    0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+    0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+    0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+    0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+    0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+    0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+    0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+    0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+    0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+    0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+    0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+    0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+    0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+    0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+    0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+    0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+    0x00777777,0x00939393,0x00868686,0x00838383,
+    0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+    0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+};
+
+static const u32 camellia_sp3033[256] = {
+    0x38003838,0x41004141,0x16001616,0x76007676,
+    0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+    0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+    0x75007575,0x06000606,0x57005757,0xa000a0a0,
+    0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+    0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+    0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+    0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+    0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+    0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+    0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+    0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+    0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+    0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+    0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+    0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+    0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+    0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+    0x3a003a3a,0x09000909,0x95009595,0x10001010,
+    0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+    0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+    0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+    0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+    0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+    0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+    0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+    0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+    0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+    0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+    0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+    0x12001212,0x04000404,0x74007474,0x54005454,
+    0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+    0x55005555,0x68006868,0x50005050,0xbe00bebe,
+    0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+    0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+    0x70007070,0xff00ffff,0x32003232,0x69006969,
+    0x08000808,0x62006262,0x00000000,0x24002424,
+    0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+    0x45004545,0x81008181,0x73007373,0x6d006d6d,
+    0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+    0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+    0xe600e6e6,0x25002525,0x48004848,0x99009999,
+    0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+    0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+    0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+    0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+    0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+    0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+    0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+    0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+    0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+    0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+    0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+    0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+    0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+    0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+    0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+    0x7c007c7c,0x77007777,0x56005656,0x05000505,
+    0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+    0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+    0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+    0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+    0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+    0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+};
+
+static const u32 camellia_sp4404[256] = {
+    0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+    0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+    0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+    0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+    0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+    0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+    0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+    0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+    0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+    0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+    0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+    0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+    0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+    0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+    0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+    0x24240024,0xe8e800e8,0x60600060,0x69690069,
+    0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+    0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+    0x10100010,0x00000000,0xa3a300a3,0x75750075,
+    0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+    0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+    0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+    0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+    0x81810081,0x6f6f006f,0x13130013,0x63630063,
+    0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+    0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+    0x78780078,0x06060006,0xe7e700e7,0x71710071,
+    0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+    0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+    0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+    0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+    0x15150015,0xadad00ad,0x77770077,0x80800080,
+    0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+    0x85850085,0x35350035,0x0c0c000c,0x41410041,
+    0xefef00ef,0x93930093,0x19190019,0x21210021,
+    0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+    0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+    0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+    0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+    0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+    0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+    0x12120012,0x20200020,0xb1b100b1,0x99990099,
+    0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+    0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+    0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+    0x0f0f000f,0x16160016,0x18180018,0x22220022,
+    0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+    0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+    0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+    0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+    0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+    0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+    0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+    0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+    0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+    0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+    0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+    0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+    0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+    0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+    0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+    0x49490049,0x68680068,0x38380038,0xa4a400a4,
+    0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+    0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+};
+
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void
+camellia_setup128(const unsigned char *key, u32 *subkey)
+{
+    u32 kll, klr, krl, krr;
+    u32 il, ir, t0, t1, w0, w1;
+    u32 kw4l, kw4r, dw, tl, tr;
+    u32 subL[26];
+    u32 subR[26];
+
+    /**
+     *  k == kll || klr || krl || krr (|| is concatination)
+     */
+    kll = GETU32(key     );
+    klr = GETU32(key +  4);
+    krl = GETU32(key +  8);
+    krr = GETU32(key + 12);
+    /**
+     * generate KL dependent subkeys
+     */
+    subl(0) = kll; subr(0) = klr;
+    subl(1) = krl; subr(1) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(4) = kll; subr(4) = klr;
+    subl(5) = krl; subr(5) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(10) = kll; subr(10) = klr;
+    subl(11) = krl; subr(11) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(13) = krl; subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(16) = kll; subr(16) = klr;
+    subl(17) = krl; subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(18) = kll; subr(18) = klr;
+    subl(19) = krl; subr(19) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll; subr(22) = klr;
+    subl(23) = krl; subr(23) = krr;
+
+    /* generate KA */
+    kll = subl(0); klr = subr(0);
+    krl = subl(1); krr = subr(1);
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+	       w0, w1, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+	       kll, klr, il, ir, t0, t1);
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+	       krl, krr, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+	       w0, w1, il, ir, t0, t1);
+    kll ^= w0; klr ^= w1;
+
+    /* generate KA dependent subkeys */
+    subl(2) = kll; subr(2) = klr;
+    subl(3) = krl; subr(3) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll; subr(6) = klr;
+    subl(7) = krl; subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(8) = kll; subr(8) = klr;
+    subl(9) = krl; subr(9) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(12) = kll; subr(12) = klr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(14) = kll; subr(14) = klr;
+    subl(15) = krl; subr(15) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(20) = kll; subr(20) = klr;
+    subl(21) = krl; subr(21) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(24) = kll; subr(24) = klr;
+    subl(25) = krl; subr(25) = krr;
+
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1); subr(3) ^= subr(1);
+    subl(5) ^= subl(1); subr(5) ^= subr(1);
+    subl(7) ^= subl(1); subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1); subr(11) ^= subr(1);
+    subl(13) ^= subl(1); subr(13) ^= subr(1);
+    subl(15) ^= subl(1); subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1); subr(19) ^= subr(1);
+    subl(21) ^= subl(1); subr(21) ^= subr(1);
+    subl(23) ^= subl(1); subr(23) ^= subr(1);
+    subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(25); kw4r = subr(25);
+    subl(22) ^= kw4l; subr(22) ^= kw4r;
+    subl(20) ^= kw4l; subr(20) ^= kw4r;
+    subl(18) ^= kw4l; subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l; subr(14) ^= kw4r;
+    subl(12) ^= kw4l; subr(12) ^= kw4r;
+    subl(10) ^= kw4l; subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l; subr(6) ^= kw4r;
+    subl(4) ^= kw4l; subr(4) ^= kw4r;
+    subl(2) ^= kw4l; subr(2) ^= kw4r;
+    subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+    CamelliaSubkeyL(2) = subl(3);
+    CamelliaSubkeyR(2) = subr(3);
+    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(7) = subl(6) ^ tl;
+    CamelliaSubkeyR(7) = subr(6) ^ tr;
+    CamelliaSubkeyL(8) = subl(8);
+    CamelliaSubkeyR(8) = subr(8);
+    CamelliaSubkeyL(9) = subl(9);
+    CamelliaSubkeyR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(10) = tl ^ subl(11);
+    CamelliaSubkeyR(10) = tr ^ subr(11);
+    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16),	tr = subr(18) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(15) = subl(14) ^ tl;
+    CamelliaSubkeyR(15) = subr(14) ^ tr;
+    CamelliaSubkeyL(16) = subl(16);
+    CamelliaSubkeyR(16) = subr(16);
+    CamelliaSubkeyL(17) = subl(17);
+    CamelliaSubkeyR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17),	tr = subr(15) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(18) = tl ^ subl(19);
+    CamelliaSubkeyR(18) = tr ^ subr(19);
+    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+    CamelliaSubkeyL(23) = subl(22);
+    CamelliaSubkeyR(23) = subr(22);
+    CamelliaSubkeyL(24) = subl(24) ^ subl(23);
+    CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+    /* apply the inverse of the last half of P-function */
+    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+
+    return;
+}
+
+void
+camellia_setup256(const unsigned char *key, u32 *subkey)
+{
+    u32 kll,klr,krl,krr;           /* left half of key */
+    u32 krll,krlr,krrl,krrr;       /* right half of key */
+    u32 il, ir, t0, t1, w0, w1;    /* temporary variables */
+    u32 kw4l, kw4r, dw, tl, tr;
+    u32 subL[34];
+    u32 subR[34];
+
+    /**
+     *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+     *  (|| is concatination)
+     */
+
+    kll  = GETU32(key     );
+    klr  = GETU32(key +  4);
+    krl  = GETU32(key +  8);
+    krr  = GETU32(key + 12);
+    krll = GETU32(key + 16);
+    krlr = GETU32(key + 20);
+    krrl = GETU32(key + 24);
+    krrr = GETU32(key + 28);
+
+    /* generate KL dependent subkeys */
+    subl(0) = kll; subr(0) = klr;
+    subl(1) = krl; subr(1) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+    subl(12) = kll; subr(12) = klr;
+    subl(13) = krl; subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(16) = kll; subr(16) = klr;
+    subl(17) = krl; subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll; subr(22) = klr;
+    subl(23) = krl; subr(23) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(30) = kll; subr(30) = klr;
+    subl(31) = krl; subr(31) = krr;
+
+    /* generate KR dependent subkeys */
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(4) = krll; subr(4) = krlr;
+    subl(5) = krrl; subr(5) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(8) = krll; subr(8) = krlr;
+    subl(9) = krrl; subr(9) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(18) = krll; subr(18) = krlr;
+    subl(19) = krrl; subr(19) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+    subl(26) = krll; subr(26) = krlr;
+    subl(27) = krrl; subr(27) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+    /* generate KA */
+    kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+    krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+	       w0, w1, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+	       kll, klr, il, ir, t0, t1);
+    kll ^= krll; klr ^= krlr;
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+	       krl, krr, il, ir, t0, t1);
+    krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+	       w0, w1, il, ir, t0, t1);
+    kll ^= w0; klr ^= w1;
+
+    /* generate KB */
+    krll ^= kll; krlr ^= klr;
+    krrl ^= krl; krrr ^= krr;
+    CAMELLIA_F(krll, krlr,
+	       CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+	       w0, w1, il, ir, t0, t1);
+    krrl ^= w0; krrr ^= w1;
+    CAMELLIA_F(krrl, krrr,
+	       CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+	       w0, w1, il, ir, t0, t1);
+    krll ^= w0; krlr ^= w1;
+
+    /* generate KA dependent subkeys */
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll; subr(6) = klr;
+    subl(7) = krl; subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(14) = kll; subr(14) = klr;
+    subl(15) = krl; subr(15) = krr;
+    subl(24) = klr; subr(24) = krl;
+    subl(25) = krr; subr(25) = kll;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+    subl(28) = kll; subr(28) = klr;
+    subl(29) = krl; subr(29) = krr;
+
+    /* generate KB dependent subkeys */
+    subl(2) = krll; subr(2) = krlr;
+    subl(3) = krrl; subr(3) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(10) = krll; subr(10) = krlr;
+    subl(11) = krrl; subr(11) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(20) = krll; subr(20) = krlr;
+    subl(21) = krrl; subr(21) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+    subl(32) = krll; subr(32) = krlr;
+    subl(33) = krrl; subr(33) = krrr;
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1); subr(3) ^= subr(1);
+    subl(5) ^= subl(1); subr(5) ^= subr(1);
+    subl(7) ^= subl(1); subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1); subr(11) ^= subr(1);
+    subl(13) ^= subl(1); subr(13) ^= subr(1);
+    subl(15) ^= subl(1); subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1); subr(19) ^= subr(1);
+    subl(21) ^= subl(1); subr(21) ^= subr(1);
+    subl(23) ^= subl(1); subr(23) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(25);
+    dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(27) ^= subl(1); subr(27) ^= subr(1);
+    subl(29) ^= subl(1); subr(29) ^= subr(1);
+    subl(31) ^= subl(1); subr(31) ^= subr(1);
+    subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(33); kw4r = subr(33);
+    subl(30) ^= kw4l; subr(30) ^= kw4r;
+    subl(28) ^= kw4l; subr(28) ^= kw4r;
+    subl(26) ^= kw4l; subr(26) ^= kw4r;
+    kw4l ^= kw4r & ~subr(24);
+    dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
+    subl(22) ^= kw4l; subr(22) ^= kw4r;
+    subl(20) ^= kw4l; subr(20) ^= kw4r;
+    subl(18) ^= kw4l; subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l; subr(14) ^= kw4r;
+    subl(12) ^= kw4l; subr(12) ^= kw4r;
+    subl(10) ^= kw4l; subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l; subr(6) ^= kw4r;
+    subl(4) ^= kw4l; subr(4) ^= kw4r;
+    subl(2) ^= kw4l; subr(2) ^= kw4r;
+    subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+    CamelliaSubkeyL(2) = subl(3);
+    CamelliaSubkeyR(2) = subr(3);
+    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(7) = subl(6) ^ tl;
+    CamelliaSubkeyR(7) = subr(6) ^ tr;
+    CamelliaSubkeyL(8) = subl(8);
+    CamelliaSubkeyR(8) = subr(8);
+    CamelliaSubkeyL(9) = subl(9);
+    CamelliaSubkeyR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(10) = tl ^ subl(11);
+    CamelliaSubkeyR(10) = tr ^ subr(11);
+    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(15) = subl(14) ^ tl;
+    CamelliaSubkeyR(15) = subr(14) ^ tr;
+    CamelliaSubkeyL(16) = subl(16);
+    CamelliaSubkeyR(16) = subr(16);
+    CamelliaSubkeyL(17) = subl(17);
+    CamelliaSubkeyR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(18) = tl ^ subl(19);
+    CamelliaSubkeyR(18) = tr ^ subr(19);
+    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+    tl = subl(26) ^ (subr(26) & ~subr(24));
+    dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(23) = subl(22) ^ tl;
+    CamelliaSubkeyR(23) = subr(22) ^ tr;
+    CamelliaSubkeyL(24) = subl(24);
+    CamelliaSubkeyR(24) = subr(24);
+    CamelliaSubkeyL(25) = subl(25);
+    CamelliaSubkeyR(25) = subr(25);
+    tl = subl(23) ^ (subr(23) &  ~subr(25));
+    dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(26) = tl ^ subl(27);
+    CamelliaSubkeyR(26) = tr ^ subr(27);
+    CamelliaSubkeyL(27) = subl(26) ^ subl(28);
+    CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+    CamelliaSubkeyL(28) = subl(27) ^ subl(29);
+    CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+    CamelliaSubkeyL(29) = subl(28) ^ subl(30);
+    CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+    CamelliaSubkeyL(30) = subl(29) ^ subl(31);
+    CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+    CamelliaSubkeyL(31) = subl(30);
+    CamelliaSubkeyR(31) = subr(30);
+    CamelliaSubkeyL(32) = subl(32) ^ subl(31);
+    CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+    /* apply the inverse of the last half of P-function */
+    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+    dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
+    dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
+    dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
+    dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
+    dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
+    dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
+    
+    return;
+}
+
+void
+camellia_setup192(const unsigned char *key, u32 *subkey)
+{
+    unsigned char kk[32];
+    u32 krll, krlr, krrl,krrr;
+
+    memcpy(kk, key, 24);
+    memcpy((unsigned char *)&krll, key+16,4);
+    memcpy((unsigned char *)&krlr, key+20,4);
+    krrl = ~krll;
+    krrr = ~krlr;
+    memcpy(kk+24, (unsigned char *)&krrl, 4);
+    memcpy(kk+28, (unsigned char *)&krrr, 4);
+    camellia_setup256(kk, subkey);
+    return;
+}
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ *
+ * "io" must be 4byte aligned and big-endian data.
+ */
+void
+camellia_encrypt128(const u32 *subkey, u32 *io)
+{
+    u32 il, ir, t0, t1;
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(0);
+    io[1] ^= CamelliaSubkeyR(0);
+    /* main iteration */
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(24);
+    io[3] ^= CamelliaSubkeyR(24);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+	
+    return;
+}
+
+void
+camellia_decrypt128(const u32 *subkey, u32 *io)
+{
+    u32 il,ir,t0,t1;               /* temporary valiables */
+    
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(24);
+    io[1] ^= CamelliaSubkeyR(24);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(0);
+    io[3] ^= CamelliaSubkeyR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    return;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void
+camellia_encrypt256(const u32 *subkey, u32 *io)
+{
+    u32 il,ir,t0,t1;           /* temporary valiables */
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(0);
+    io[1] ^= CamelliaSubkeyR(0);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+		 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(32);
+    io[3] ^= CamelliaSubkeyR(32);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    return;
+}
+
+void
+camellia_decrypt256(const u32 *subkey, u32 *io)
+{
+    u32 il,ir,t0,t1;           /* temporary valiables */
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(32);
+    io[1] ^= CamelliaSubkeyR(32);
+	
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+		 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(0);
+    io[3] ^= CamelliaSubkeyR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    return;
+}
+
+/***
+ *
+ * API for compatibility
+ */
+
+void
+Camellia_Ekeygen(const int keyBitLength, 
+		 const unsigned char *rawKey, 
+		 KEY_TABLE_TYPE keyTable)
+{
+    switch(keyBitLength) {
+    case 128:
+	camellia_setup128(rawKey, keyTable);
+	break;
+    case 192:
+	camellia_setup192(rawKey, keyTable);
+	break;
+    case 256:
+	camellia_setup256(rawKey, keyTable);
+	break;
+    default:
+	break;
+    }
+}
+
+
+void
+Camellia_EncryptBlock(const int keyBitLength, 
+		      const unsigned char *plaintext, 
+		      const KEY_TABLE_TYPE keyTable, 
+		      unsigned char *ciphertext)
+{
+    u32 tmp[4];
+
+    tmp[0] = GETU32(plaintext);
+    tmp[1] = GETU32(plaintext + 4);
+    tmp[2] = GETU32(plaintext + 8);
+    tmp[3] = GETU32(plaintext + 12);
+
+    switch (keyBitLength) {
+    case 128:
+	camellia_encrypt128(keyTable, tmp);
+	break;
+    case 192:
+	/* fall through */
+    case 256:
+	camellia_encrypt256(keyTable, tmp);
+	break;
+    default:
+	break;
+    }
+
+    PUTU32(ciphertext, tmp[0]);
+    PUTU32(ciphertext + 4, tmp[1]);
+    PUTU32(ciphertext + 8, tmp[2]);
+    PUTU32(ciphertext + 12, tmp[3]);
+}
+
+void
+Camellia_DecryptBlock(const int keyBitLength, 
+		      const unsigned char *ciphertext, 
+		      const KEY_TABLE_TYPE keyTable, 
+		      unsigned char *plaintext)
+{
+    u32 tmp[4];
+
+    tmp[0] = GETU32(ciphertext);
+    tmp[1] = GETU32(ciphertext + 4);
+    tmp[2] = GETU32(ciphertext + 8);
+    tmp[3] = GETU32(ciphertext + 12);
+
+    switch (keyBitLength) {
+    case 128:
+	camellia_decrypt128(keyTable, tmp);
+	break;
+    case 192:
+	/* fall through */
+    case 256:
+	camellia_decrypt256(keyTable, tmp);
+	break;
+    default:
+	break;
+    }
+    PUTU32(plaintext, tmp[0]);
+    PUTU32(plaintext + 4, tmp[1]);
+    PUTU32(plaintext + 8, tmp[2]);
+    PUTU32(plaintext + 12, tmp[3]);
+}
+
+cam_rval
+camellia_blk_len(unsigned int blen, camellia_ctx cx[1]){
+    if(blen != 16) return camellia_bad;
+    return camellia_good;
+}
+
+cam_rval
+camellia_enc_key(const unsigned char in_key[], unsigned int klen,
+		 camellia_ctx cx[1]){
+    switch(klen){
+    case 16:
+	camellia_setup128(in_key, cx->k_sch);
+	cx->keybitlen = 128;
+	break;
+    case 24:
+	camellia_setup192(in_key, cx->k_sch);
+	cx->keybitlen = 192;
+	break;
+    case 32:
+	camellia_setup256(in_key, cx->k_sch);
+	cx->keybitlen = 256;
+	break;
+    default:
+	return camellia_bad;
+    }
+    return camellia_good;
+}
+
+cam_rval
+camellia_enc_blk(const unsigned char in_blk[],  unsigned char out_blk[],
+		 const camellia_ctx cx[1]){
+    Camellia_EncryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk);
+    return camellia_good;
+}
+
+cam_rval
+camellia_dec_key(const unsigned char in_key[],  unsigned int klen,
+		 camellia_ctx cx[1]){
+    switch(klen){
+    case 16:
+	camellia_setup128(in_key, cx->k_sch);
+	cx->keybitlen = 128;
+	break;
+    case 24:
+	camellia_setup192(in_key, cx->k_sch);
+	cx->keybitlen = 192;
+	break;
+    case 32:
+	camellia_setup256(in_key, cx->k_sch);
+	cx->keybitlen = 256;
+	break;
+    default:
+	return camellia_bad;
+    }
+    return camellia_good;
+}
+
+cam_rval
+camellia_dec_blk(const unsigned char in_blk[],  unsigned char out_blk[],
+		 const camellia_ctx cx[1]){
+    Camellia_DecryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk);
+    return camellia_good;
+}
+
+#endif /* K5_BUILTIN_CAMELLIA */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia.h b/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia.h
new file mode 100644
index 00000000..571ba68a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/camellia/camellia.h
@@ -0,0 +1,125 @@
+/* lib/crypto/builtin/camellia/camellia.h - Camellia version 1.2.0 */
+/*
+ * Copyright (c) 2006,2007,2009
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer as
+ *   the first lines of this file unmodified.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+#ifndef BLOCK_SIZE
+#define BLOCK_SIZE CAMELLIA_BLOCK_SIZE
+#endif
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+/* u32 must be 32bit word */
+typedef uint32_t u32;
+typedef uint8_t u8;
+
+/* For the Kerberos 5 tree, hide the Camellia symbol names. */
+#define camellia_setup128      k5_camellia_setup128
+#define camellia_setup192      k5_camellia_setup192
+#define camellia_setup256      k5_camellia_setup256
+#define camellia_encrypt128    k5_camellia_encrypt128
+#define camellia_decrypt128    k5_camellia_decrypt128
+#define camellia_encrypt256    k5_camellia_encrypt256
+#define camellia_decrypt256    k5_camellia_decrypt256
+#define Camellia_Ekeygen       k5_Camellia_Ekeygen
+#define Camellia_EncryptBlock  k5_Camellia_EncryptBlock
+#define Camellia_DecryptBlock  k5_Camellia_DecryptBlock
+
+void camellia_setup128(const unsigned char *key, u32 *subkey);
+void camellia_setup192(const unsigned char *key, u32 *subkey);
+void camellia_setup256(const unsigned char *key, u32 *subkey);
+void camellia_encrypt128(const u32 *subkey, u32 *io);
+void camellia_decrypt128(const u32 *subkey, u32 *io);
+void camellia_encrypt256(const u32 *subkey, u32 *io);
+void camellia_decrypt256(const u32 *subkey, u32 *io);
+
+void Camellia_Ekeygen(const int keyBitLength,
+		      const unsigned char *rawKey, 
+		      KEY_TABLE_TYPE keyTable);
+
+void Camellia_EncryptBlock(const int keyBitLength,
+			   const unsigned char *plaintext, 
+			   const KEY_TABLE_TYPE keyTable, 
+			   unsigned char *cipherText);
+
+void Camellia_DecryptBlock(const int keyBitLength, 
+			   const unsigned char *cipherText, 
+			   const KEY_TABLE_TYPE keyTable, 
+			   unsigned char *plaintext);
+
+
+typedef uint16_t    cam_fret;   /* type for function return value       */
+#define camellia_good 1
+#define camellia_bad 1
+#ifndef CAMELLIA_DLL                 /* implement normal or DLL functions    */
+#define cam_rval    cam_fret
+#else
+#define cam_rval    cam_fret __declspec(dllexport) _stdcall
+#endif
+
+typedef struct                      /* the Camellia context for encryption */
+{
+    uint32_t k_sch[CAMELLIA_TABLE_WORD_LEN]; /* the encryption key schedule */
+    int keybitlen;			/* bitlength of key */
+} camellia_ctx;
+
+
+/* for Kerberos 5 tree -- hide names!  */
+#define camellia_blk_len	krb5int_camellia_blk_len
+#define camellia_enc_key	krb5int_camellia_enc_key
+#define camellia_enc_blk	krb5int_camellia_enc_blk
+#define camellia_dec_key	krb5int_camellia_dec_key
+#define camellia_dec_blk	krb5int_camellia_dec_blk
+
+cam_rval camellia_blk_len(unsigned int blen, camellia_ctx cx[1]);
+cam_rval camellia_enc_key(const unsigned char in_key[], unsigned int klen,
+			  camellia_ctx cx[1]);
+cam_rval camellia_enc_blk(const unsigned char in_blk[],
+			  unsigned char out_blk[],
+			  const camellia_ctx cx[1]);
+cam_rval camellia_dec_key(const unsigned char in_key[], unsigned int klen,
+			  camellia_ctx cx[1]);
+cam_rval camellia_dec_blk(const unsigned char in_blk[],
+			  unsigned char out_blk[],
+			  const camellia_ctx cx[1]);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_CAMELLIA_H */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/camellia/deps b/krb5-1.21.3/src/lib/crypto/builtin/camellia/deps
new file mode 100644
index 00000000..c7e8ae12
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/camellia/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+camellia.so camellia.po $(OUTPRE)camellia.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h camellia.c camellia.h
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/cmac.c b/krb5-1.21.3/src/lib/crypto/builtin/cmac.c
new file mode 100644
index 00000000..d719aa25
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/cmac.c
@@ -0,0 +1,204 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/cmac.c */
+/*
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_BUILTIN_CMAC
+
+#define BLOCK_SIZE 16
+
+static unsigned char const_Rb[BLOCK_SIZE] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
+};
+
+static void
+xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
+{
+    int z;
+
+    for (z = 0; z < BLOCK_SIZE / 4; z++) {
+        unsigned char *aptr = &a[z * 4];
+        unsigned char *bptr = &b[z * 4];
+        unsigned char *outptr = &out[z * 4];
+
+        store_32_n(load_32_n(aptr) ^ load_32_n(bptr), outptr);
+    }
+}
+
+static void
+leftshift_onebit(unsigned char *input, unsigned char *output)
+{
+    int i;
+    unsigned char overflow = 0;
+
+    for (i = BLOCK_SIZE - 1; i >= 0; i--) {
+        output[i] = input[i] << 1;
+        output[i] |= overflow;
+        overflow = (input[i] & 0x80) ? 1 : 0;
+    }
+}
+
+/* Generate subkeys K1 and K2 as described in RFC 4493 figure 2.2. */
+static krb5_error_code
+generate_subkey(const struct krb5_enc_provider *enc,
+                krb5_key key,
+                unsigned char *K1,
+                unsigned char *K2)
+{
+    unsigned char L[BLOCK_SIZE];
+    unsigned char tmp[BLOCK_SIZE];
+    krb5_data d;
+    krb5_error_code ret;
+
+    /* L := encrypt(K, const_Zero) */
+    memset(L, 0, sizeof(L));
+    d = make_data(L, BLOCK_SIZE);
+    ret = encrypt_block(enc, key, &d);
+    if (ret != 0)
+        return ret;
+
+    /* K1 := (MSB(L) == 0) ? L << 1 : (L << 1) XOR const_Rb */
+    if ((L[0] & 0x80) == 0) {
+        leftshift_onebit(L, K1);
+    } else {
+        leftshift_onebit(L, tmp);
+        xor_128(tmp, const_Rb, K1);
+    }
+
+    /* K2 := (MSB(K1) == 0) ? K1 << 1 : (K1 << 1) XOR const_Rb */
+    if ((K1[0] & 0x80) == 0) {
+        leftshift_onebit(K1, K2);
+    } else {
+        leftshift_onebit(K1, tmp);
+        xor_128(tmp, const_Rb, K2);
+    }
+
+    return 0;
+}
+
+/* Pad out lastb with a 1 bit followed by 0 bits, placing the result in pad. */
+static void
+padding(unsigned char *lastb, unsigned char *pad, int length)
+{
+    int j;
+
+    /* original last block */
+    for (j = 0; j < BLOCK_SIZE; j++) {
+        if (j < length) {
+            pad[j] = lastb[j];
+        } else if (j == length) {
+            pad[j] = 0x80;
+        } else {
+            pad[j] = 0x00;
+        }
+    }
+}
+
+/*
+ * Implementation of CMAC algorithm. When used with AES, this function
+ * is compatible with RFC 4493 figure 2.3.
+ */
+krb5_error_code
+krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
+{
+    unsigned char Y[BLOCK_SIZE], M_last[BLOCK_SIZE], padded[BLOCK_SIZE];
+    unsigned char K1[BLOCK_SIZE], K2[BLOCK_SIZE];
+    unsigned char input[BLOCK_SIZE];
+    unsigned int n, i, flag;
+    krb5_error_code ret;
+    struct iov_cursor cursor;
+    size_t length;
+    krb5_crypto_iov iov[1];
+    krb5_data d;
+
+    assert(enc->cbc_mac != NULL);
+
+    if (enc->block_size != BLOCK_SIZE)
+        return KRB5_BAD_MSIZE;
+
+    length = iov_total_length(data, num_data, TRUE);
+
+    /* Step 1. */
+    ret = generate_subkey(enc, key, K1, K2);
+    if (ret != 0)
+        return ret;
+
+    /* Step 2. */
+    n = (length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+    /* Step 3. */
+    if (n == 0) {
+        n = 1;
+        flag = 0;
+    } else {
+        flag = ((length % BLOCK_SIZE) == 0);
+    }
+
+    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[0].data = make_data(input, BLOCK_SIZE);
+
+    /* Step 5 (we'll do step 4 in a bit). */
+    memset(Y, 0, BLOCK_SIZE);
+    d = make_data(Y, BLOCK_SIZE);
+
+    /* Step 6 (all but last block). */
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, TRUE);
+    for (i = 0; i < n - 1; i++) {
+        k5_iov_cursor_get(&cursor, input);
+
+        ret = enc->cbc_mac(key, iov, 1, &d, &d);
+        if (ret != 0)
+            return ret;
+    }
+
+    /* Step 4. */
+    k5_iov_cursor_get(&cursor, input);
+    if (flag) {
+        /* last block is complete block */
+        xor_128(input, K1, M_last);
+    } else {
+        padding(input, padded, length % BLOCK_SIZE);
+        xor_128(padded, K2, M_last);
+    }
+
+    /* Step 6 (last block). */
+    iov[0].data = make_data(M_last, BLOCK_SIZE);
+    ret = enc->cbc_mac(key, iov, 1, &d, &d);
+    if (ret != 0)
+        return ret;
+
+    assert(output->length >= d.length);
+
+    output->length = d.length;
+    memcpy(output->data, d.data, d.length);
+
+    return 0;
+}
+
+#endif /* K5_BUILTIN_CMAC */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/deps b/krb5-1.21.3/src/lib/crypto/builtin/deps
new file mode 100644
index 00000000..b6b53380
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/deps
@@ -0,0 +1,47 @@
+#
+# Generated makefile dependencies follow.
+#
+cmac.so cmac.po $(OUTPRE)cmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cmac.c
+hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hmac.c
+kdf.so kdf.po $(OUTPRE)kdf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdf.c
+pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pbkdf2.c
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/ISSUES b/krb5-1.21.3/src/lib/crypto/builtin/des/ISSUES
new file mode 100644
index 00000000..15789110
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/ISSUES
@@ -0,0 +1,13 @@
+Issues to be addressed for src/lib/crypto/des: -*- text -*-
+
+
+"const" could be used in more places
+
+
+Array types are used in calling interfaces.  Under ANSI C, a value of
+type "arraytype *" cannot be assigned to a variable of type "const
+arraytype *", so we get compilation warnings.
+
+Possible fix: Rewrite internal interfaces to not use arrays this way.
+Provide external routines compatible with old API, but not using
+const?
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/des/Makefile.in
new file mode 100644
index 00000000..397ac87e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/Makefile.in
@@ -0,0 +1,82 @@
+mydir=lib$(S)crypto$(S)builtin$(S)des
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES=-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\des
+##DOS##OBJFILE = ..\..\$(OUTPRE)des.lst
+
+STLIBOBJS=\
+	d3_aead.o	\
+	d3_kysched.o	\
+	des_keys.o	\
+	f_aead.o 	\
+	f_cksum.o	\
+	f_parity.o 	\
+	f_sched.o 	\
+	f_tables.o	\
+	key_sched.o	\
+	weak_key.o
+
+OBJS=	$(OUTPRE)d3_aead.$(OBJEXT)	\
+	$(OUTPRE)d3_kysched.$(OBJEXT)	\
+	$(OUTPRE)des_keys.$(OBJEXT)	\
+	$(OUTPRE)f_aead.$(OBJEXT) 	\
+	$(OUTPRE)f_cksum.$(OBJEXT)	\
+	$(OUTPRE)f_parity.$(OBJEXT) 	\
+	$(OUTPRE)f_sched.$(OBJEXT) 	\
+	$(OUTPRE)f_tables.$(OBJEXT)	\
+	$(OUTPRE)key_sched.$(OBJEXT)	\
+	$(OUTPRE)weak_key.$(OBJEXT)
+
+SRCS=	$(srcdir)/d3_aead.c	\
+	$(srcdir)/d3_kysched.c	\
+	$(srcdir)/des_keys.c	\
+	$(srcdir)/f_aead.c	\
+	$(srcdir)/f_cksum.c	\
+	$(srcdir)/f_parity.c	\
+	$(srcdir)/f_sched.c	\
+	$(srcdir)/f_tables.c	\
+	$(srcdir)/key_sched.c	\
+	$(srcdir)/weak_key.c
+
+EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+TOBJS = $(OUTPRE)key_sched.$(OBJEXT) $(OUTPRE)f_sched.$(OBJEXT) \
+	$(OUTPRE)f_cbc.$(OBJEXT) $(OUTPRE)f_tables.$(OBJEXT) \
+	$(OUTPRE)f_cksum.$(OBJEXT)
+
+verify$(EXEEXT): t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \
+	$(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o $@ t_verify.$(OBJEXT) $(TOBJS) f_parity.$(OBJEXT) \
+		$(COM_ERR_LIB) $(SUPPORT_LIB)
+
+destest$(EXEEXT): destest.$(OBJEXT) $(TOBJS) $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o $@ destest.$(OBJEXT) $(TOBJS) $(SUPPORT_LIB)
+
+all-unix: all-libobjs
+
+check-unix: check-unix-@CRYPTO_BUILTIN_TESTS@
+check-unix-no:
+check-unix-yes: verify destest
+	$(RUN_TEST) ./verify -z
+	$(RUN_TEST) ./verify -m
+	$(RUN_TEST) ./verify
+	$(RUN_TEST) ./destest < $(srcdir)/keytest.data
+
+includes: depend
+
+depend: $(SRCS)
+
+check-windows:
+
+clean:
+	$(RM) destest.$(OBJEXT) destest$(EXEEXT) verify$(EXEEXT) \
+	t_verify.$(OBJEXT) $(TOBJS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/d3_aead.c b/krb5-1.21.3/src/lib/crypto/builtin/des/d3_aead.c
new file mode 100644
index 00000000..fb83f73b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/d3_aead.c
@@ -0,0 +1,137 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
+ * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission.  Richard P. Basch,
+ * Lehman Brothers and M.I.T. make no representations about the suitability
+ * of this software for any purpose.  It is provided "as is" without
+ * express or implied warranty.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+#include "f_tables.h"
+
+#ifdef K5_BUILTIN_DES
+
+void
+krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp1, *kp2, *kp3;
+    const unsigned char *ip;
+    struct iov_cursor cursor;
+    unsigned char block[MIT_DES_BLOCK_LENGTH];
+
+    /* Get key pointers here.  These won't need to be reinitialized. */
+    kp1 = (const unsigned DES_INT32 *)ks1;
+    kp2 = (const unsigned DES_INT32 *)ks2;
+    kp3 = (const unsigned DES_INT32 *)ks3;
+
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    left = load_32_be(ip);
+    right = load_32_be(ip + 4);
+
+    k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE);
+    while (k5_iov_cursor_get(&cursor, block)) {
+        /* xor this block with the previous ciphertext. */
+        left ^= load_32_be(block);
+        right ^= load_32_be(block + 4);
+
+        /* Encrypt what we have and store it back into block. */
+        DES_DO_ENCRYPT(left, right, kp1);
+        DES_DO_DECRYPT(left, right, kp2);
+        DES_DO_ENCRYPT(left, right, kp3);
+        store_32_be(left, block);
+        store_32_be(right, block + 4);
+
+        k5_iov_cursor_put(&cursor, block);
+    }
+
+    if (ivec != NULL) {
+        store_32_be(left, ivec);
+        store_32_be(right, ivec + 4);
+    }
+}
+
+void
+krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp1, *kp2, *kp3;
+    const unsigned char *ip;
+    unsigned DES_INT32 ocipherl, ocipherr;
+    unsigned DES_INT32 cipherl, cipherr;
+    struct iov_cursor cursor;
+    unsigned char block[MIT_DES_BLOCK_LENGTH];
+
+    /* Get key pointers here.  These won't need to be reinitialized. */
+    kp1 = (const unsigned DES_INT32 *)ks1;
+    kp2 = (const unsigned DES_INT32 *)ks2;
+    kp3 = (const unsigned DES_INT32 *)ks3;
+
+    /*
+     * Decrypting is harder than encrypting because of
+     * the necessity of remembering a lot more things.
+     * Should think about this a little more...
+     */
+
+    /* Prime the old cipher with ivec.*/
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    ocipherl = load_32_be(ip);
+    ocipherr = load_32_be(ip + 4);
+
+    k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE);
+    while (k5_iov_cursor_get(&cursor, block)) {
+        /* Split this block into left and right. */
+        cipherl = left = load_32_be(block);
+        cipherr = right = load_32_be(block + 4);
+
+        /* Decrypt and xor with the old cipher to get plain text. */
+        DES_DO_DECRYPT(left, right, kp3);
+        DES_DO_ENCRYPT(left, right, kp2);
+        DES_DO_DECRYPT(left, right, kp1);
+        left ^= ocipherl;
+        right ^= ocipherr;
+
+        /* Store the encrypted halves back into block. */
+        store_32_be(left, block);
+        store_32_be(right, block + 4);
+
+        /* Save current cipher block halves. */
+        ocipherl = cipherl;
+        ocipherr = cipherr;
+
+        k5_iov_cursor_put(&cursor, block);
+    }
+
+    if (ivec != NULL) {
+        store_32_be(ocipherl, ivec);
+        store_32_be(ocipherr, ivec + 4);
+    }
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/d3_kysched.c b/krb5-1.21.3/src/lib/crypto/builtin/des/d3_kysched.c
new file mode 100644
index 00000000..55fb9449
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/d3_kysched.c
@@ -0,0 +1,55 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
+ * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission.  Richard P. Basch,
+ * Lehman Brothers and M.I.T. make no representations about the suitability
+ * of this software for any purpose.  It is provided "as is" without
+ * express or implied warranty.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES
+
+int
+mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule)
+{
+    mit_des_make_key_sched(k[0],schedule[0]);
+    mit_des_make_key_sched(k[1],schedule[1]);
+    mit_des_make_key_sched(k[2],schedule[2]);
+
+    if (!mit_des_check_key_parity(k[0]))        /* bad parity --> return -1 */
+        return(-1);
+    if (mit_des_is_weak_key(k[0]))
+        return(-2);
+
+    if (!mit_des_check_key_parity(k[1]))
+        return(-1);
+    if (mit_des_is_weak_key(k[1]))
+        return(-2);
+
+    if (!mit_des_check_key_parity(k[2]))
+        return(-1);
+    if (mit_des_is_weak_key(k[2]))
+        return(-2);
+
+    /* if key was good, return 0 */
+    return 0;
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/deps b/krb5-1.21.3/src/lib/crypto/builtin/des/deps
new file mode 100644
index 00000000..1c1239d6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/deps
@@ -0,0 +1,146 @@
+#
+# Generated makefile dependencies follow.
+#
+d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  d3_aead.c des_int.h f_tables.h
+d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h d3_kysched.c des_int.h
+des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h des_keys.c
+f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h f_aead.c f_tables.h
+f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h f_cksum.c f_tables.h
+f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h f_parity.c
+f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h f_sched.c
+f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h f_tables.c \
+  f_tables.h
+key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h key_sched.c
+weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h weak_key.c
+destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h destest.c
+f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h f_cbc.c \
+  f_tables.h
+t_verify.so t_verify.po $(OUTPRE)t_verify.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h t_verify.c
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/des_int.h b/krb5-1.21.3/src/lib/crypto/builtin/des/des_int.h
new file mode 100644
index 00000000..f8dc6b29
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/des_int.h
@@ -0,0 +1,285 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/des_int.h */
+/*
+ * Copyright 1987, 1988, 1990, 2002 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* Private include file for the Data Encryption Standard library. */
+
+/* only do the whole thing once  */
+#ifndef DES_INTERNAL_DEFS
+#define DES_INTERNAL_DEFS
+
+#include "k5-int.h"
+/*
+ * Begin "mit-des.h"
+ */
+#ifndef KRB5_MIT_DES__
+#define KRB5_MIT_DES__
+
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+#if TARGET_RT_MAC_CFM
+#error "Use KfM 4.0 SDK headers for CFM compilation."
+#endif
+#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS)
+#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5
+#endif
+#endif /* defined(__MACH__) && defined(__APPLE__) */
+
+/* Macro to add deprecated attribute to DES types and functions */
+/* Currently only defined on macOS 10.5 and later.              */
+#ifndef KRB5INT_DES_DEPRECATED
+#define KRB5INT_DES_DEPRECATED
+#endif
+
+#include <limits.h>
+
+#if UINT_MAX >= 0xFFFFFFFFUL
+#define DES_INT32 int
+#define DES_UINT32 unsigned int
+#else
+#define DES_INT32 long
+#define DES_UINT32 unsigned long
+#endif
+
+typedef unsigned char des_cblock[8]     /* crypto-block size */
+KRB5INT_DES_DEPRECATED;
+
+/*
+ * Key schedule.
+ *
+ * This used to be
+ *
+ * typedef struct des_ks_struct {
+ *     union { DES_INT32 pad; des_cblock _;} __;
+ * } des_key_schedule[16];
+ *
+ * but it would cause trouble if DES_INT32 were ever more than 4
+ * bytes.  The reason is that all the encryption functions cast it to
+ * (DES_INT32 *), and treat it as if it were DES_INT32[32].  If
+ * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the
+ * caller-allocated des_key_schedule will be overflowed by the key
+ * scheduling functions.  We can't assume that every platform will
+ * have an exact 32-bit int, and nothing should be looking inside a
+ * des_key_schedule anyway.
+ */
+typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16]
+KRB5INT_DES_DEPRECATED;
+
+typedef des_cblock mit_des_cblock;
+typedef des_key_schedule mit_des_key_schedule;
+
+/* Triple-DES structures */
+typedef mit_des_cblock          mit_des3_cblock[3];
+typedef mit_des_key_schedule    mit_des3_key_schedule[3];
+
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
+
+typedef struct mit_des_ran_key_seed {
+    krb5_encrypt_block eblock;
+    krb5_data sequence;
+} mit_des_random_state;
+
+/* the first byte of the key is already in the keyblock */
+
+#define MIT_DES_BLOCK_LENGTH            (8*sizeof(krb5_octet))
+/* This used to be 8*sizeof(krb5_octet) */
+#define MIT_DES_KEYSIZE                 8
+
+#define MIT_DES_CBC_CKSUM_LENGTH        (4*sizeof(krb5_octet))
+
+#endif /* KRB5_MIT_DES__ */
+/*
+ * End "mit-des.h"
+ */
+
+/* afsstring2key.c */
+krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock,
+                                      const krb5_data *data,
+                                      const krb5_data *salt);
+char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf);
+
+/* f_cksum.c */
+unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *,
+                                unsigned long, const mit_des_key_schedule,
+                                const krb5_octet *);
+
+/* f_cbc.c (used by test programs) */
+int
+mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                    unsigned long length, const mit_des_key_schedule schedule,
+                    const mit_des_cblock ivec, int enc);
+
+#define mit_des_zeroblock krb5int_c_mit_des_zeroblock
+extern const mit_des_cblock mit_des_zeroblock;
+
+/* fin_rndkey.c */
+krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *,
+                                          krb5_pointer *);
+
+/* finish_key.c */
+krb5_error_code mit_des_finish_key(krb5_encrypt_block *);
+
+/* init_rkey.c */
+krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *,
+                                        const krb5_keyblock *,
+                                        krb5_pointer *);
+
+/* key_parity.c */
+void mit_des_fixup_key_parity(mit_des_cblock);
+int mit_des_check_key_parity(mit_des_cblock);
+
+/* key_sched.c */
+int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule);
+
+/* process_ky.c */
+krb5_error_code mit_des_process_key(krb5_encrypt_block *,
+                                    const krb5_keyblock *);
+
+/* random_key.c */
+krb5_error_code mit_des_random_key(const krb5_encrypt_block *,
+                                   krb5_pointer, krb5_keyblock **);
+
+/* string2key.c */
+krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *,
+                                      krb5_keyblock *, const krb5_data *,
+                                      const krb5_data *);
+krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *,
+                                          const krb5_data *);
+
+/* weak_key.c */
+int mit_des_is_weak_key(mit_des_cblock);
+
+/* cmb_keys.c */
+krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *,
+                                        const krb5_keyblock *,
+                                        krb5_keyblock **);
+
+/* f_pcbc.c */
+int mit_des_pcbc_encrypt();
+
+/* f_sched.c */
+int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule);
+
+
+/* misc.c */
+extern void swap_bits(char *);
+extern unsigned long long_swap_bits(unsigned long);
+extern unsigned long swap_six_bits_to_ansi(unsigned long);
+extern unsigned long swap_four_bits_to_ansi(unsigned long);
+extern unsigned long swap_bit_pos_1(unsigned long);
+extern unsigned long swap_bit_pos_0(unsigned long);
+extern unsigned long swap_bit_pos_0_to_ansi(unsigned long);
+extern unsigned long rev_swap_bit_pos_0(unsigned long);
+extern unsigned long swap_byte_bits(unsigned long);
+extern unsigned long swap_long_bytes_bit_number(unsigned long);
+#ifdef FILE
+/* XXX depends on FILE being a #define! */
+extern void test_set(FILE *, const char *, int, const char *, int);
+#endif
+
+void
+krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec);
+
+void
+krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec);
+
+void
+krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec);
+
+void
+krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec);
+
+void
+krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
+                    const mit_des_key_schedule schedule, mit_des_cblock ivec,
+                    mit_des_cblock out);
+
+/* d3_procky.c */
+krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock,
+                                     const krb5_keyblock *keyblock);
+
+/* d3_kysched.c */
+int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule);
+
+/* d3_str2ky.c */
+krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock,
+                                       krb5_keyblock *keyblock,
+                                       const krb5_data *data,
+                                       const krb5_data *salt);
+
+/* u_nfold.c */
+krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len,
+                               krb5_octet *output, const size_t out_len);
+
+/* u_rn_key.c */
+int mit_des_is_weak_keyblock(krb5_keyblock *keyblock);
+
+void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock);
+
+krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed,
+                                                  krb5_pointer random_state);
+
+krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence,
+                                                   krb5_pointer random_state);
+#endif  /*DES_INTERNAL_DEFS*/
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/des_keys.c b/krb5-1.21.3/src/lib/crypto/builtin/des/des_keys.c
new file mode 100644
index 00000000..027b09d7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/des_keys.c
@@ -0,0 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/des_keys.c - Key functions used by Kerberos code */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES_KEY_PARITY
+
+void
+k5_des_fixup_key_parity(unsigned char *keybits)
+{
+    mit_des_fixup_key_parity(keybits);
+}
+
+#endif /* K5_BUILTIN_DES_KEY_PARITY */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/destest.c b/krb5-1.21.3/src/lib/crypto/builtin/des/destest.c
new file mode 100644
index 00000000..52114304
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/destest.c
@@ -0,0 +1,240 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/destest.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* Test a DES implementation against known inputs & outputs. */
+
+#include "des_int.h"
+#include <ctype.h>
+#include <stdio.h>
+
+void convert (char *, unsigned char []);
+
+void des_cblock_print_file (mit_des_cblock, FILE *);
+
+krb5_octet zeroblock[8] = {0,0,0,0,0,0,0,0};
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    char block1[17], block2[17], block3[17];
+    /* Force tests of unaligned accesses.  */
+    union { unsigned char c[8*4+3]; long l; } u;
+    unsigned char *ioblocks = u.c;
+    unsigned char *input = ioblocks+1;
+    unsigned char *output = ioblocks+10;
+    unsigned char *output2 = ioblocks+19;
+    unsigned char *key = ioblocks+27;
+    mit_des_key_schedule sched;
+    int num = 0;
+    int retval;
+
+    int error = 0;
+
+    while (scanf("%16s %16s %16s", block1, block2, block3) == 3) {
+        convert(block1, key);
+        convert(block2, input);
+        convert(block3, output);
+
+        retval = mit_des_key_sched(key, sched);
+        if (retval) {
+            fprintf(stderr, "des test: can't process key: %d\n", retval);
+            fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3);
+            exit(1);
+        }
+        mit_des_cbc_encrypt((const mit_des_cblock *) input,
+                            (mit_des_cblock *) output2, 8,
+                            sched, zeroblock, 1);
+
+        if (memcmp((char *)output2, (char *)output, 8)) {
+            fprintf(stderr,
+                    "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n",
+                    block1, block2, block3,
+                    output2[0],output2[1],output2[2],output2[3],
+                    output2[4],output2[5],output2[6],output2[7]);
+            error++;
+        }
+
+        /*
+         * Now try decrypting....
+         */
+        mit_des_cbc_encrypt((const mit_des_cblock *) output,
+                            (mit_des_cblock *) output2, 8,
+                            sched, zeroblock, 0);
+
+        if (memcmp((char *)output2, (char *)input, 8)) {
+            fprintf(stderr,
+                    "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n",
+                    block1, block2, block3,
+                    output2[0],output2[1],output2[2],output2[3],
+                    output2[4],output2[5],output2[6],output2[7]);
+            error++;
+        }
+
+        num++;
+    }
+
+    if (error)
+        printf("destest: failed to pass the test\n");
+    else
+        printf("destest: %d tests passed successfully\n", num);
+
+    exit( (error > 256 && error % 256) ? 1 : error);
+}
+
+int value[128] = {
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    0, 1, 2, 3, 4, 5, 6, 7,
+    8, 9, -1, -1, -1, -1, -1, -1,
+    -1, 10, 11, 12, 13, 14, 15, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+};
+
+void
+convert(text, cblock)
+    char *text;
+    unsigned char cblock[];
+{
+    int i;
+    for (i = 0; i < 8; i++) {
+        if (!isascii((unsigned char)text[i * 2]))
+            abort ();
+        if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) {
+            printf("Bad value byte %d in %s\n", i, text);
+            exit(1);
+        }
+        cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]];
+    }
+    return;
+}
+
+/*
+ * Fake out the DES library, for the purposes of testing.
+ */
+
+int
+mit_des_is_weak_key(key)
+    mit_des_cblock key;
+{
+    return 0;                           /* fake it out for testing */
+}
+
+void
+des_cblock_print_file(x, fp)
+    mit_des_cblock x;
+    FILE *fp;
+{
+    unsigned char *y = (unsigned char *) x;
+    int i = 0;
+    fprintf(fp," 0x { ");
+
+    while (i++ < 8) {
+        fprintf(fp,"%x",*y++);
+        if (i < 8)
+            fprintf(fp,", ");
+    }
+    fprintf(fp," }");
+}
+
+
+#define smask(step) ((1<<step)-1)
+#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step)))
+#define parity_char(x) pstep(pstep(pstep((x),4),2),1)
+
+/*
+ * des_check_key_parity: returns true iff key has the correct des parity.
+ *                       See des_fix_key_parity for the definition of
+ *                       correct des parity.
+ */
+int
+mit_des_check_key_parity(key)
+    mit_des_cblock key;
+{
+    unsigned int i;
+
+    for (i=0; i<sizeof(mit_des_cblock); i++) {
+        if ((key[i] & 1) == parity_char(0xfe&key[i])) {
+            printf("warning: bad parity key:");
+            des_cblock_print_file(key, stdout);
+            putchar('\n');
+
+            return 1;
+        }
+    }
+
+    return(1);
+}
+
+void
+mit_des_fixup_key_parity(key)
+    mit_des_cblock key;
+{
+    unsigned int i;
+    for (i=0; i<sizeof(mit_des_cblock); i++)
+    {
+        key[i] &= 0xfe;
+        key[i] |= 1^parity_char(key[i]);
+    }
+
+    return;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/doc/libdes.doc b/krb5-1.21.3/src/lib/crypto/builtin/des/doc/libdes.doc
new file mode 100644
index 00000000..6e9431ed
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/doc/libdes.doc
@@ -0,0 +1,208 @@
+
+	How to use the Kerberos encryption library.
+
+			Revised		10/15/85	spm
+
+1)	The following include file is needed:
+	
+	/projects/auth/include/des.h	(VAX)
+	---------------					(PC8086)
+
+2)	The encryption library that should be linked to is:
+	
+	/projects/auth/lib/libdes.a		(VAX)
+|	/projects/auth/ibm/lib/libdes.a	(PC8086 cross-compilation environment)
+
+3)	For each key that may be simultaneously active,
+	allocate (either compile or malloc) a "Key_schedule" struct, 
+	defined in "des.h"
+
+4)	Create key schedules, as needed, prior to using the encryption
+	routines, via "des_set_key()".
+
+5)  Setup the input and output areas.  Make sure to note the restrictions
+	on lengths being multiples of eight bytes.
+
+6)	Invoke the encryption/decryption routines, "ecb_encrypt()"
+	 or "cbc_encrypt()"
+
+7)	To generate a cryptographic checksum, use "cbc_cksum()"
+/*	----------------------------------------------------------------	*/
+	
+	Routine Interfaces--
+
+/*	-----------------------------------------------------------------	*/
+
+int
+	des_set_key(k,schedule)
+		C_Block			*k;
+		Key_schedule	schedule;
+
+	Calculates a key schedule from (all) eight bytes of the input key, and
+	puts it into the indicated "Key_schedule" struct;
+
+	Make sure to pass valid eight bytes, no padding or other processing
+	it done.
+
+	The key schedule is then used in subsequent encryption/decryption
+	operations.  Many key schedules may be created and cached for later
+	use.
+
+	The user is responsible to clear keys and schedules no longer needed
+	to prevent their disclosure.
+
+|	Checks the parity of the key provided, to make sure it is odd per
+|	FIPS spec.  Returns 0 value for key ok, 1 for key_parity error.
+
+/*	----------------------------------------------------------------	*/
+	
+int
+	ecb_encrypt(input,output,schedule,encrypt)
+		C_Block			*input;		/* ptr to eight byte input value */
+		C_Block			*output;	/* ptr to eight byte output value */
+		int				encrypt;	/* 0 ==> decrypt, else encrypt */
+		Key_schedule	schedule;	/* addr of key schedule */
+
+This is the low level routine that encrypts or decrypts a single 8-byte
+block in electronic code book mode.  Always transforms the input
+data into the output data.
+
+If encrypt is non-zero, the input (cleartext) is encrypted into the
+output (ciphertext) using the specified key_schedule, pre-set via "des_set_key".
+
+If encrypt is zero, the input (now ciphertext) is decrypted into
+the output (now cleartext).
+
+Input and output may be the same space.
+
+Does not return any meaningful value.  Void is not used for compatibility
+with other compilers.
+
+/*	--------------------------------------------------------------	*/
+
+int	
+	cbc_encrypt(input,output,length,schedule,ivec,encrypt)
+
+		C_Block			*input;		/* ptr to input data */
+		C_Block			*output;	/* ptr to output data */
+		int				length;		/* desired length, in bytes */
+		Key_schedule	schedule;		/* addr of precomputed schedule */
+		C_Block			*ivec;		/* pointer to 8 byte initialization
+									 * vector
+									 */
+		int				encrypt		/* 0 ==> decrypt; else encrypt*/
+
+
+	If encrypt is non-zero, the routine cipher-block-chain encrypts
+	the INPUT (cleartext) into the OUTPUT (ciphertext) using the provided
+	key schedule and initialization vector.  If the length is not an integral
+	multiple of eight bytes, the last block is copied to a temp and zero 
+	filled (highest addresses).  The output is ALWAYS an integral multiple
+	of eight bytes.
+
+	If encrypt is zero, the routine cipher-block chain decrypts the INPUT
+	(ciphertext) into the OUTPUT (cleartext) using the provided key schedule
+	and	initialization vector.	Decryption ALWAYS operates on integral
+	multiples of 8 bytes, so will round the length provided up to the
+	appropriate	multiple. Consequently,	it will always produce the rounded-up
+	number of bytes of output cleartext. The application must determine if
+	the output cleartext was zero-padded due to cleartext lengths not integral
+	multiples of 8.
+
+	No errors or meaningful value are returned.  Void is not used for
+	compatibility with other compilers.
+
+
+/* cbc checksum (MAC) only routine  ---------------------------------------- */
+int	
+	cbc_cksum(input,output,length,schedule,ivec)
+
+	C_Block		 	*input;		/* >= length bytes of inputtext	 */
+	C_Block		 	*output;	/* >= length bytes of outputtext */
+	int				length;		/* in bytes						*/
+	Key_schedule	schedule;	/* precomputed key schedule	   */
+	C_Block			*ivec;		/* 8 bytes of ivec			   */
+
+
+	Produces a cryptographic checksum, 8 bytes, by cipher-block-chain
+	encrypting the input, discarding the ciphertext output, and only retaining
+	the last ciphertext 8-byte block.  Uses the provided key schedule and ivec.
+	The input is effectively zero-padded to an integral multiple of
+	eight bytes, though the original input is not modified.
+
+	No meaningful value is returned.  Void is not used for compatibility
+	with other compilers.
+
+
+/*	random_key ----------------------------------------*/
+int
+	random_key(key)
+
+	C_Block	*key;
+
+	The start for the random number generated is set from the current time
+	in microseconds, then the random number generator is invoked
+	to create an eight byte output key (not a schedule).  The key
+	generated is set to odd parity per FIPS spec.
+
+	The caller must	supply space for the output key, pointed to 
+	by "*key", then after getting a new key, call the des_set_key() 
+	routine when needed.
+
+	No meaningful value is returned.  Void is not used for compatibility
+	with other compilers.
+
+
+/* string_to_key --------------------------------------------*/
+
+int
+	string_to_key(str,key)
+	char		*str;
+	C_Block	*key;
+
+	This routines converts an arbitrary length, null terminated string
+	to an 8 byte DES key, with each byte parity set to odd, per FIPS spec.
+
+	The algorithm is as follows:
+
+|	Take the first 8 bytes and remove the parity (leaving 56 bits).
+|	Do the same for the second 8 bytes, and the third, etc.  Do this for
+|	as many sets of 8 bytes as necessary, filling in the remainder of the
+|	last set with nulls.  Fold the second set back on the first (i.e. bit
+|	0 over bit 55, and bit 55 over bit 0).  Fold the third over the second
+|	(bit 0 of the third set is now over bit 0 of the first set).  Repeat
+|	until you have done this to all sets.  Xor the folded sets.  Break the
+|	result into 8 7 bit bytes, and generate odd parity for each byte.  You
+|	now have 64 bits.  Note that DES takes a 64 bit key, and uses only the
+|	non parity bits.
+
+
+/* read_password -------------------------------------------*/
+
+read_password(k,prompt,verify)
+	C_Block	*k;
+	char *prompt;
+	int	verify;
+
+This routine issues the supplied prompt, turns off echo, if possible, and
+reads an input string.  If verify is non-zero, it does it again, for use
+in applications such as changing a password. If verify is non-zero, both
+versions are compared, and the input is requested repeatedly until they
+match.  Then, the input string is mapped into a valid DES key, internally
+using the string_to_key routine.  The newly created key is copied to the
+area pointed to by parameter "k".  
+
+No meaningful value is returned.  If an error occurs trying to manipulate
+the terminal echo, the routine forces the process to exit.
+
+/* get_line ------------------------*/
+long get_line(p,max)
+	char	*p;
+	long	max;
+
+Reads input characters from standard input until either a newline appears or
+else the max length is reached.  The characters read are stuffed into
+the string pointed to, which will always be null terminated.  The newline
+is not inserted in the string.  The max parameter includes the byte needed
+for the null terminator, so allocate and pass one more than the maximum
+string length desired.
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_aead.c b/krb5-1.21.3/src/lib/crypto/builtin/des/f_aead.c
new file mode 100644
index 00000000..f8877358
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_aead.c
@@ -0,0 +1,177 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
+ * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission.  Richard P. Basch,
+ * Lehman Brothers and M.I.T. make no representations about the suitability
+ * of this software for any purpose.  It is provided "as is" without
+ * express or implied warranty.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+#include "f_tables.h"
+
+#ifdef K5_BUILTIN_DES
+
+const mit_des_cblock mit_des_zeroblock /* = all zero */;
+
+void
+krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    struct iov_cursor cursor;
+    unsigned char block[MIT_DES_BLOCK_LENGTH];
+
+    /* Get key pointer here.  This won't need to be reinitialized. */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    left = load_32_be(ip);
+    right = load_32_be(ip + 4);
+
+    k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE);
+    while (k5_iov_cursor_get(&cursor, block)) {
+        /* Decompose this block and xor it with the previous ciphertext. */
+        left ^= load_32_be(block);
+        right ^= load_32_be(block + 4);
+
+        /* Encrypt what we have and put back into block. */
+        DES_DO_ENCRYPT(left, right, kp);
+        store_32_be(left, block);
+        store_32_be(right, block + 4);
+
+        k5_iov_cursor_put(&cursor, block);
+    }
+
+    if (ivec != NULL) {
+        store_32_be(left, ivec);
+        store_32_be(right, ivec + 4);
+    }
+}
+
+void
+krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned DES_INT32 ocipherl, ocipherr;
+    unsigned DES_INT32 cipherl, cipherr;
+    struct iov_cursor cursor;
+    unsigned char block[MIT_DES_BLOCK_LENGTH];
+
+    /* Get key pointer here.  This won't need to be reinitialized. */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /*
+     * Decrypting is harder than encrypting because of
+     * the necessity of remembering a lot more things.
+     * Should think about this a little more...
+     */
+
+    /* Prime the old cipher with ivec. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    ocipherl = load_32_be(ip);
+    ocipherr = load_32_be(ip + 4);
+
+    k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, FALSE);
+    while (k5_iov_cursor_get(&cursor, block)) {
+        /* Split this block into left and right. */
+        cipherl = left = load_32_be(block);
+        cipherr = right = load_32_be(block + 4);
+
+        /* Decrypt and xor with the old cipher to get plain text. */
+        DES_DO_DECRYPT(left, right, kp);
+        left ^= ocipherl;
+        right ^= ocipherr;
+
+        /* Store the encrypted halves back into block. */
+        store_32_be(left, block);
+        store_32_be(right, block + 4);
+
+        /* Save current cipher block halves. */
+        ocipherl = cipherl;
+        ocipherr = cipherr;
+
+        k5_iov_cursor_put(&cursor, block);
+    }
+
+    if (ivec != NULL) {
+        store_32_be(ocipherl, ivec);
+        store_32_be(ocipherr, ivec + 4);
+    }
+}
+
+void
+krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
+                    const mit_des_key_schedule schedule, mit_des_cblock ivec,
+                    mit_des_cblock out)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    struct iov_cursor cursor;
+    unsigned char block[MIT_DES_BLOCK_LENGTH];
+
+    /* Get key pointer here.  This won't need to be reinitialized. */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    left = load_32_be(ip);
+    right = load_32_be(ip + 4);
+
+    k5_iov_cursor_init(&cursor, data, num_data, MIT_DES_BLOCK_LENGTH, TRUE);
+    while (k5_iov_cursor_get(&cursor, block)) {
+        /* Decompose this block and xor it with the previous ciphertext. */
+        left ^= load_32_be(block);
+        right ^= load_32_be(block + 4);
+
+        /* Encrypt what we have. */
+        DES_DO_ENCRYPT(left, right, kp);
+    }
+
+    /* Output the final ciphertext block. */
+    store_32_be(left, out);
+    store_32_be(right, out + 4);
+}
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left,
+                               unsigned DES_INT32 *right,
+                               const unsigned DES_INT32 *kp)
+{
+    DES_DO_ENCRYPT_1 (*left, *right, kp);
+}
+
+void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left,
+                               unsigned DES_INT32 *right,
+                               const unsigned DES_INT32 *kp)
+{
+    DES_DO_DECRYPT_1 (*left, *right, kp);
+}
+#endif
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_cbc.c b/krb5-1.21.3/src/lib/crypto/builtin/des/f_cbc.c
new file mode 100644
index 00000000..84d5382f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_cbc.c
@@ -0,0 +1,256 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/f_cbc.c */
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * CBC functions; used only by the test programs at this time.  (krb5 uses the
+ * functions in f_aead.c instead.)
+ */
+
+/*
+ * des_cbc_encrypt.c - an implementation of the DES cipher function in cbc mode
+ */
+#include "des_int.h"
+#include "f_tables.h"
+
+/*
+ * des_cbc_encrypt - {en,de}crypt a stream in CBC mode
+ */
+
+/*
+ * This routine performs DES cipher-block-chaining operation, either
+ * encrypting from cleartext to ciphertext, if encrypt != 0 or
+ * decrypting from ciphertext to cleartext, if encrypt == 0.
+ *
+ * The key schedule is passed as an arg, as well as the cleartext or
+ * ciphertext.  The cleartext and ciphertext should be in host order.
+ *
+ * NOTE-- the output is ALWAYS an multiple of 8 bytes long.  If not
+ * enough space was provided, your program will get trashed.
+ *
+ * For encryption, the cleartext string is null padded, at the end, to
+ * an integral multiple of eight bytes.
+ *
+ * For decryption, the ciphertext will be used in integral multiples
+ * of 8 bytes, but only the first "length" bytes returned into the
+ * cleartext.
+ */
+
+const mit_des_cblock mit_des_zeroblock /* = all zero */;
+
+static void
+des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                unsigned long length, const mit_des_key_schedule schedule,
+                const mit_des_cblock ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+
+    /*
+     * Get key pointer here.  This won't need to be reinitialized
+     */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /*
+     * Initialize left and right with the contents of the initial
+     * vector.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
+
+    /*
+     * Suitably initialized, now work the length down 8 bytes
+     * at a time.
+     */
+    ip = *in;
+    op = *out;
+    while (length > 0) {
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (length >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            length -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) length;
+            switch(length) {
+            case 7:
+                right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:
+                right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:
+                right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:
+                left  ^=  *(--ip) & FF_UINT32;
+            case 3:
+                left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:
+                left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:
+                left  ^= (*(--ip) & FF_UINT32) << 24;
+                break;
+            }
+            length = 0;
+        }
+
+        /*
+         * Encrypt what we have
+         */
+        DES_DO_ENCRYPT(left, right, kp);
+
+        /*
+         * Copy the results out
+         */
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
+    }
+}
+
+static void
+des_cbc_decrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                unsigned long length, const mit_des_key_schedule schedule,
+                const mit_des_cblock ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+    unsigned DES_INT32 ocipherl, ocipherr;
+    unsigned DES_INT32 cipherl, cipherr;
+
+    /*
+     * Get key pointer here.  This won't need to be reinitialized
+     */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /*
+     * Decrypting is harder than encrypting because of
+     * the necessity of remembering a lot more things.
+     * Should think about this a little more...
+     */
+
+    if (length <= 0)
+        return;
+
+    /*
+     * Prime the old cipher with ivec.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(ocipherl, ip);
+    GET_HALF_BLOCK(ocipherr, ip);
+
+    /*
+     * Now do this in earnest until we run out of length.
+     */
+    ip = *in;
+    op = *out;
+    for (;;) {              /* check done inside loop */
+        /*
+         * Read a block from the input into left and
+         * right.  Save this cipher block for later.
+         */
+        GET_HALF_BLOCK(left, ip);
+        GET_HALF_BLOCK(right, ip);
+        cipherl = left;
+        cipherr = right;
+
+        /*
+         * Decrypt this.
+         */
+        DES_DO_DECRYPT(left, right, kp);
+
+        /*
+         * Xor with the old cipher to get plain
+         * text.  Output 8 or less bytes of this.
+         */
+        left ^= ocipherl;
+        right ^= ocipherr;
+        if (length > 8) {
+            length -= 8;
+            PUT_HALF_BLOCK(left, op);
+            PUT_HALF_BLOCK(right, op);
+            /*
+             * Save current cipher block here
+             */
+            ocipherl = cipherl;
+            ocipherr = cipherr;
+        } else {
+            /*
+             * Trouble here.  Start at end of output,
+             * work backwards.
+             */
+            op += (int) length;
+            switch(length) {
+            case 8:
+                *(--op) = (unsigned char) (right & 0xff);
+            case 7:
+                *(--op) = (unsigned char) ((right >> 8) & 0xff);
+            case 6:
+                *(--op) = (unsigned char) ((right >> 16) & 0xff);
+            case 5:
+                *(--op) = (unsigned char) ((right >> 24) & 0xff);
+            case 4:
+                *(--op) = (unsigned char) (left & 0xff);
+            case 3:
+                *(--op) = (unsigned char) ((left >> 8) & 0xff);
+            case 2:
+                *(--op) = (unsigned char) ((left >> 16) & 0xff);
+            case 1:
+                *(--op) = (unsigned char) ((left >> 24) & 0xff);
+                break;
+            }
+            break;          /* we're done */
+        }
+    }
+}
+
+int
+mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                    unsigned long length, const mit_des_key_schedule schedule,
+                    const mit_des_cblock ivec, int enc)
+{
+    /*
+     * Deal with encryption and decryption separately.
+     */
+    if (enc)
+        des_cbc_encrypt(in, out, length, schedule, ivec);
+    else
+        des_cbc_decrypt(in, out, length, schedule, ivec);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_cksum.c b/krb5-1.21.3/src/lib/crypto/builtin/des/f_cksum.c
new file mode 100644
index 00000000..615a947f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_cksum.c
@@ -0,0 +1,141 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/f_cksum.c */
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* DES implementation donated by Dennis Ferguson */
+
+/*
+ * des_cbc_cksum.c - compute an 8 byte checksum using DES in CBC mode
+ */
+#include "crypto_int.h"
+#include "des_int.h"
+#include "f_tables.h"
+
+#ifdef K5_BUILTIN_DES
+
+/*
+ * This routine performs DES cipher-block-chaining checksum operation,
+ * a.k.a.  Message Authentication Code.  It ALWAYS encrypts from input
+ * to a single 64 bit output MAC checksum.
+ *
+ * The key schedule is passed as an arg, as well as the cleartext or
+ * ciphertext. The cleartext and ciphertext should be in host order.
+ *
+ * NOTE-- the output is ALWAYS 8 bytes long.  If not enough space was
+ * provided, your program will get trashed.
+ *
+ * The input is null padded, at the end (highest addr), to an integral
+ * multiple of eight bytes.
+ */
+
+unsigned long
+mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
+                  unsigned long length, const mit_des_key_schedule schedule,
+                  const krb5_octet *ivec)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+    DES_INT32 len;
+
+    /*
+     * Initialize left and right with the contents of the initial
+     * vector.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
+
+    /*
+     * Suitably initialized, now work the length down 8 bytes
+     * at a time.
+     */
+    ip = in;
+    len = length;
+    while (len > 0) {
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (len >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            len -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) len;
+            switch(len) {
+            case 7:
+                right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:
+                right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:
+                right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:
+                left  ^=  *(--ip) & FF_UINT32;
+            case 3:
+                left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:
+                left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:
+                left  ^= (*(--ip) & FF_UINT32) << 24;
+                break;
+            }
+            len = 0;
+        }
+
+        /*
+         * Encrypt what we have
+         */
+        kp = (const unsigned DES_INT32 *)schedule;
+        DES_DO_ENCRYPT(left, right, kp);
+    }
+
+    /*
+     * Done.  Left and right have the checksum.  Put it into
+     * the output.
+     */
+    op = out;
+    PUT_HALF_BLOCK(left, op);
+    PUT_HALF_BLOCK(right, op);
+
+    /*
+     * Return right.  I'll bet the MIT code returns this
+     * inconsistantly (with the low order byte of the checksum
+     * not always in the low order byte of the DES_INT32).  We won't.
+     */
+    return right & 0xFFFFFFFFUL;
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_parity.c b/krb5-1.21.3/src/lib/crypto/builtin/des/f_parity.c
new file mode 100644
index 00000000..a658878f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_parity.c
@@ -0,0 +1,64 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * These routines check and fix parity of encryption keys for the DES
+ * algorithm.
+ *
+ * They are a replacement for routines in key_parity.c, that don't require
+ * the table building that they do.
+ *
+ * Mark Eichin -- Cygnus Support
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES_KEY_PARITY
+
+/*
+ * des_fixup_key_parity: Forces odd parity per byte; parity is bits
+ *                       8,16,...64 in des order, implies 0, 8, 16, ...
+ *                       vax order.
+ */
+#define smask(step) ((1<<step)-1)
+#define pstep(x,step) (((x)&smask(step))^(((x)>>step)&smask(step)))
+#define parity_char(x) pstep(pstep(pstep((x),4),2),1)
+
+void
+mit_des_fixup_key_parity(mit_des_cblock key)
+{
+    unsigned int i;
+    for (i=0; i<sizeof(mit_des_cblock); i++)
+    {
+        key[i] &= 0xfe;
+        key[i] |= 1^parity_char(key[i]);
+    }
+
+    return;
+}
+
+#endif /* K5_BUILTIN_DES_KEY_PARITY */
+
+#ifdef K5_BUILTIN_DES
+
+/*
+ * des_check_key_parity: returns true iff key has the correct des parity.
+ *                       See des_fix_key_parity for the definition of
+ *                       correct des parity.
+ */
+int
+mit_des_check_key_parity(mit_des_cblock key)
+{
+    unsigned int i;
+
+    for (i=0; i<sizeof(mit_des_cblock); i++)
+    {
+        if((key[i] & 1) == parity_char(0xfe&key[i]))
+        {
+            return 0;
+        }
+    }
+
+    return(1);
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_sched.c b/krb5-1.21.3/src/lib/crypto/builtin/des/f_sched.c
new file mode 100644
index 00000000..bbc88a1c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_sched.c
@@ -0,0 +1,363 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/f_sched.c */
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* DES implementation donated by Dennis Ferguson */
+
+/*
+ * des_make_sched.c - permute a DES key, returning the resulting key schedule
+ */
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES
+
+/*
+ * Permuted choice 1 tables.  These are used to extract bits
+ * from the left and right parts of the key to form Ci and Di.
+ * The code that uses these tables knows which bits from which
+ * part of each key are used to form Ci and Di.
+ */
+static const unsigned DES_INT32 PC1_CL[8] = {
+    0x00000000, 0x00000010, 0x00001000, 0x00001010,
+    0x00100000, 0x00100010, 0x00101000, 0x00101010
+};
+
+static const unsigned DES_INT32 PC1_DL[16] = {
+    0x00000000, 0x00100000, 0x00001000, 0x00101000,
+    0x00000010, 0x00100010, 0x00001010, 0x00101010,
+    0x00000001, 0x00100001, 0x00001001, 0x00101001,
+    0x00000011, 0x00100011, 0x00001011, 0x00101011
+};
+
+static const unsigned DES_INT32 PC1_CR[16] = {
+    0x00000000, 0x00000001, 0x00000100, 0x00000101,
+    0x00010000, 0x00010001, 0x00010100, 0x00010101,
+    0x01000000, 0x01000001, 0x01000100, 0x01000101,
+    0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static const unsigned DES_INT32 PC1_DR[8] = {
+    0x00000000, 0x01000000, 0x00010000, 0x01010000,
+    0x00000100, 0x01000100, 0x00010100, 0x01010100
+};
+
+
+/*
+ * At the start of some iterations of the key schedule we do
+ * a circular left shift by one place, while for others we do a shift by
+ * two places.  This has bits set for the iterations where we do 2 bit
+ * shifts, starting at the low order bit.
+ */
+#define TWO_BIT_SHIFTS  0x7efc
+
+/*
+ * Permuted choice 2 tables.  The first actually produces the low order
+ * 24 bits of the subkey Ki from the 28 bit value of Ci.  The second produces
+ * the high order 24 bits from Di.  The tables are indexed by six bit
+ * segments of Ci and Di respectively.  The code is handcrafted to compute
+ * the appropriate 6 bit chunks.
+ *
+ * Note that for ease of computation, the 24 bit values are produced with
+ * six bits going into each byte.  Note also that the table has been byte
+ * rearranged to produce keys which match the order we will apply them
+ * in in the des code.
+ */
+static const unsigned DES_INT32 PC2_C[4][64] = {
+    {
+        0x00000000, 0x00000004, 0x00010000, 0x00010004,
+        0x00000400, 0x00000404, 0x00010400, 0x00010404,
+        0x00000020, 0x00000024, 0x00010020, 0x00010024,
+        0x00000420, 0x00000424, 0x00010420, 0x00010424,
+        0x01000000, 0x01000004, 0x01010000, 0x01010004,
+        0x01000400, 0x01000404, 0x01010400, 0x01010404,
+        0x01000020, 0x01000024, 0x01010020, 0x01010024,
+        0x01000420, 0x01000424, 0x01010420, 0x01010424,
+        0x00020000, 0x00020004, 0x00030000, 0x00030004,
+        0x00020400, 0x00020404, 0x00030400, 0x00030404,
+        0x00020020, 0x00020024, 0x00030020, 0x00030024,
+        0x00020420, 0x00020424, 0x00030420, 0x00030424,
+        0x01020000, 0x01020004, 0x01030000, 0x01030004,
+        0x01020400, 0x01020404, 0x01030400, 0x01030404,
+        0x01020020, 0x01020024, 0x01030020, 0x01030024,
+        0x01020420, 0x01020424, 0x01030420, 0x01030424,
+    },
+    {
+        0x00000000, 0x02000000, 0x00000800, 0x02000800,
+        0x00080000, 0x02080000, 0x00080800, 0x02080800,
+        0x00000001, 0x02000001, 0x00000801, 0x02000801,
+        0x00080001, 0x02080001, 0x00080801, 0x02080801,
+        0x00000100, 0x02000100, 0x00000900, 0x02000900,
+        0x00080100, 0x02080100, 0x00080900, 0x02080900,
+        0x00000101, 0x02000101, 0x00000901, 0x02000901,
+        0x00080101, 0x02080101, 0x00080901, 0x02080901,
+        0x10000000, 0x12000000, 0x10000800, 0x12000800,
+        0x10080000, 0x12080000, 0x10080800, 0x12080800,
+        0x10000001, 0x12000001, 0x10000801, 0x12000801,
+        0x10080001, 0x12080001, 0x10080801, 0x12080801,
+        0x10000100, 0x12000100, 0x10000900, 0x12000900,
+        0x10080100, 0x12080100, 0x10080900, 0x12080900,
+        0x10000101, 0x12000101, 0x10000901, 0x12000901,
+        0x10080101, 0x12080101, 0x10080901, 0x12080901,
+    },
+    {
+        0x00000000, 0x00040000, 0x00002000, 0x00042000,
+        0x00100000, 0x00140000, 0x00102000, 0x00142000,
+        0x20000000, 0x20040000, 0x20002000, 0x20042000,
+        0x20100000, 0x20140000, 0x20102000, 0x20142000,
+        0x00000008, 0x00040008, 0x00002008, 0x00042008,
+        0x00100008, 0x00140008, 0x00102008, 0x00142008,
+        0x20000008, 0x20040008, 0x20002008, 0x20042008,
+        0x20100008, 0x20140008, 0x20102008, 0x20142008,
+        0x00200000, 0x00240000, 0x00202000, 0x00242000,
+        0x00300000, 0x00340000, 0x00302000, 0x00342000,
+        0x20200000, 0x20240000, 0x20202000, 0x20242000,
+        0x20300000, 0x20340000, 0x20302000, 0x20342000,
+        0x00200008, 0x00240008, 0x00202008, 0x00242008,
+        0x00300008, 0x00340008, 0x00302008, 0x00342008,
+        0x20200008, 0x20240008, 0x20202008, 0x20242008,
+        0x20300008, 0x20340008, 0x20302008, 0x20342008,
+    },
+    {
+        0x00000000, 0x00000010, 0x08000000, 0x08000010,
+        0x00000200, 0x00000210, 0x08000200, 0x08000210,
+        0x00000002, 0x00000012, 0x08000002, 0x08000012,
+        0x00000202, 0x00000212, 0x08000202, 0x08000212,
+        0x04000000, 0x04000010, 0x0c000000, 0x0c000010,
+        0x04000200, 0x04000210, 0x0c000200, 0x0c000210,
+        0x04000002, 0x04000012, 0x0c000002, 0x0c000012,
+        0x04000202, 0x04000212, 0x0c000202, 0x0c000212,
+        0x00001000, 0x00001010, 0x08001000, 0x08001010,
+        0x00001200, 0x00001210, 0x08001200, 0x08001210,
+        0x00001002, 0x00001012, 0x08001002, 0x08001012,
+        0x00001202, 0x00001212, 0x08001202, 0x08001212,
+        0x04001000, 0x04001010, 0x0c001000, 0x0c001010,
+        0x04001200, 0x04001210, 0x0c001200, 0x0c001210,
+        0x04001002, 0x04001012, 0x0c001002, 0x0c001012,
+        0x04001202, 0x04001212, 0x0c001202, 0x0c001212
+    },
+};
+
+static const unsigned DES_INT32 PC2_D[4][64] = {
+    {
+        0x00000000, 0x02000000, 0x00020000, 0x02020000,
+        0x00000100, 0x02000100, 0x00020100, 0x02020100,
+        0x00000008, 0x02000008, 0x00020008, 0x02020008,
+        0x00000108, 0x02000108, 0x00020108, 0x02020108,
+        0x00200000, 0x02200000, 0x00220000, 0x02220000,
+        0x00200100, 0x02200100, 0x00220100, 0x02220100,
+        0x00200008, 0x02200008, 0x00220008, 0x02220008,
+        0x00200108, 0x02200108, 0x00220108, 0x02220108,
+        0x00000200, 0x02000200, 0x00020200, 0x02020200,
+        0x00000300, 0x02000300, 0x00020300, 0x02020300,
+        0x00000208, 0x02000208, 0x00020208, 0x02020208,
+        0x00000308, 0x02000308, 0x00020308, 0x02020308,
+        0x00200200, 0x02200200, 0x00220200, 0x02220200,
+        0x00200300, 0x02200300, 0x00220300, 0x02220300,
+        0x00200208, 0x02200208, 0x00220208, 0x02220208,
+        0x00200308, 0x02200308, 0x00220308, 0x02220308,
+    },
+    {
+        0x00000000, 0x00001000, 0x00000020, 0x00001020,
+        0x00100000, 0x00101000, 0x00100020, 0x00101020,
+        0x08000000, 0x08001000, 0x08000020, 0x08001020,
+        0x08100000, 0x08101000, 0x08100020, 0x08101020,
+        0x00000004, 0x00001004, 0x00000024, 0x00001024,
+        0x00100004, 0x00101004, 0x00100024, 0x00101024,
+        0x08000004, 0x08001004, 0x08000024, 0x08001024,
+        0x08100004, 0x08101004, 0x08100024, 0x08101024,
+        0x00000400, 0x00001400, 0x00000420, 0x00001420,
+        0x00100400, 0x00101400, 0x00100420, 0x00101420,
+        0x08000400, 0x08001400, 0x08000420, 0x08001420,
+        0x08100400, 0x08101400, 0x08100420, 0x08101420,
+        0x00000404, 0x00001404, 0x00000424, 0x00001424,
+        0x00100404, 0x00101404, 0x00100424, 0x00101424,
+        0x08000404, 0x08001404, 0x08000424, 0x08001424,
+        0x08100404, 0x08101404, 0x08100424, 0x08101424,
+    },
+    {
+        0x00000000, 0x10000000, 0x00010000, 0x10010000,
+        0x00000002, 0x10000002, 0x00010002, 0x10010002,
+        0x00002000, 0x10002000, 0x00012000, 0x10012000,
+        0x00002002, 0x10002002, 0x00012002, 0x10012002,
+        0x00040000, 0x10040000, 0x00050000, 0x10050000,
+        0x00040002, 0x10040002, 0x00050002, 0x10050002,
+        0x00042000, 0x10042000, 0x00052000, 0x10052000,
+        0x00042002, 0x10042002, 0x00052002, 0x10052002,
+        0x20000000, 0x30000000, 0x20010000, 0x30010000,
+        0x20000002, 0x30000002, 0x20010002, 0x30010002,
+        0x20002000, 0x30002000, 0x20012000, 0x30012000,
+        0x20002002, 0x30002002, 0x20012002, 0x30012002,
+        0x20040000, 0x30040000, 0x20050000, 0x30050000,
+        0x20040002, 0x30040002, 0x20050002, 0x30050002,
+        0x20042000, 0x30042000, 0x20052000, 0x30052000,
+        0x20042002, 0x30042002, 0x20052002, 0x30052002,
+    },
+    {
+        0x00000000, 0x04000000, 0x00000001, 0x04000001,
+        0x01000000, 0x05000000, 0x01000001, 0x05000001,
+        0x00000010, 0x04000010, 0x00000011, 0x04000011,
+        0x01000010, 0x05000010, 0x01000011, 0x05000011,
+        0x00080000, 0x04080000, 0x00080001, 0x04080001,
+        0x01080000, 0x05080000, 0x01080001, 0x05080001,
+        0x00080010, 0x04080010, 0x00080011, 0x04080011,
+        0x01080010, 0x05080010, 0x01080011, 0x05080011,
+        0x00000800, 0x04000800, 0x00000801, 0x04000801,
+        0x01000800, 0x05000800, 0x01000801, 0x05000801,
+        0x00000810, 0x04000810, 0x00000811, 0x04000811,
+        0x01000810, 0x05000810, 0x01000811, 0x05000811,
+        0x00080800, 0x04080800, 0x00080801, 0x04080801,
+        0x01080800, 0x05080800, 0x01080801, 0x05080801,
+        0x00080810, 0x04080810, 0x00080811, 0x04080811,
+        0x01080810, 0x05080810, 0x01080811, 0x05080811
+    },
+};
+
+
+
+/*
+ * Permute the key to give us our key schedule.
+ */
+int
+mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule)
+{
+    unsigned DES_INT32 c, d;
+
+    {
+        /*
+         * Need a pointer for the keys and a temporary DES_INT32
+         */
+        const unsigned char *k;
+        unsigned DES_INT32 tmp;
+
+        /*
+         * Fetch the key into something we can work with
+         */
+        k = key;
+
+        /*
+         * The first permutted choice gives us the 28 bits for C0 and
+         * 28 for D0.  C0 gets 12 bits from the left key and 16 from
+         * the right, while D0 gets 16 from the left and 12 from the
+         * right.  The code knows which bits go where.
+         */
+        tmp = load_32_be(k), k += 4;
+
+        c =  PC1_CL[(tmp >> 29) & 0x7]
+            | (PC1_CL[(tmp >> 21) & 0x7] << 1)
+            | (PC1_CL[(tmp >> 13) & 0x7] << 2)
+            | (PC1_CL[(tmp >>  5) & 0x7] << 3);
+        d =  PC1_DL[(tmp >> 25) & 0xf]
+            | (PC1_DL[(tmp >> 17) & 0xf] << 1)
+            | (PC1_DL[(tmp >>  9) & 0xf] << 2)
+            | (PC1_DL[(tmp >>  1) & 0xf] << 3);
+
+        tmp = load_32_be(k), k += 4;
+
+        c |= PC1_CR[(tmp >> 28) & 0xf]
+            | (PC1_CR[(tmp >> 20) & 0xf] << 1)
+            | (PC1_CR[(tmp >> 12) & 0xf] << 2)
+            | (PC1_CR[(tmp >>  4) & 0xf] << 3);
+        d |= PC1_DR[(tmp >> 25) & 0x7]
+            | (PC1_DR[(tmp >> 17) & 0x7] << 1)
+            | (PC1_DR[(tmp >>  9) & 0x7] << 2)
+            | (PC1_DR[(tmp >>  1) & 0x7] << 3);
+    }
+
+    {
+        /*
+         * Need several temporaries in here
+         */
+        unsigned DES_INT32 ltmp, rtmp;
+        unsigned DES_INT32 *k;
+        int two_bit_shifts;
+        int i;
+        /*
+         * Now iterate to compute the key schedule.  Note that we
+         * record the entire set of subkeys in 6 bit chunks since
+         * they are used that way.  At 6 bits/char, we need
+         * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes.
+         * The schedule must be this big.
+         */
+        k = (unsigned DES_INT32 *)schedule;
+        two_bit_shifts = TWO_BIT_SHIFTS;
+        for (i = 16; i > 0; i--) {
+            /*
+             * Do the rotation.  One bit and two bit rotations
+             * are done separately.  Note C and D are 28 bits.
+             */
+            if (two_bit_shifts & 0x1) {
+                c = ((c << 2) & 0xffffffc) | (c >> 26);
+                d = ((d << 2) & 0xffffffc) | (d >> 26);
+            } else {
+                c = ((c << 1) & 0xffffffe) | (c >> 27);
+                d = ((d << 1) & 0xffffffe) | (d >> 27);
+            }
+            two_bit_shifts >>= 1;
+
+            /*
+             * Apply permutted choice 2 to C to get the first
+             * 24 bits worth of keys.  Note that bits 9, 18, 22
+             * and 25 (using DES numbering) in C are unused.  The
+             * shift-mask stuff is done to delete these bits from
+             * the indices, since this cuts the table size in half.
+             *
+             * The table is torqued, by the way.  If the standard
+             * byte order for this (high to low order) is 1234,
+             * the table actually gives us 4132.
+             */
+            ltmp = PC2_C[0][((c >> 22) & 0x3f)]
+                | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
+                | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
+                | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
+            /*
+             * Apply permutted choice 2 to D to get the other half.
+             * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
+             * actually turns out to be cheaper here.
+             *
+             * This table is similarly torqued.  If the standard
+             * byte order is 5678, the table has the bytes permuted
+             * to give us 7685.
+             */
+            rtmp = PC2_D[0][((d >> 22) & 0x3f)]
+                | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
+                | PC2_D[2][((d >>  7) & 0x3f)]
+                | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
+
+            /*
+             * Make up two words of the key schedule, with a
+             * byte order which is convenient for the DES
+             * inner loop.  The high order (first) word will
+             * hold bytes 7135 (high to low order) while the
+             * second holds bytes 4682.
+             */
+            *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff);
+            *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00);
+        }
+    }
+    return (0);
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_tables.c b/krb5-1.21.3/src/lib/crypto/builtin/des/f_tables.c
new file mode 100644
index 00000000..e50ab1fc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_tables.c
@@ -0,0 +1,375 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/f_tables.c */
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* DES implementation donated by Dennis Ferguson */
+
+/*
+ * des_tables.c - precomputed tables used for the DES cipher function
+ */
+
+/*
+ * Include the header file so something will complain if the
+ * declarations get out of sync
+ */
+#include "crypto_int.h"
+#include "des_int.h"
+#include "f_tables.h"
+
+#ifdef K5_BUILTIN_DES
+
+/*
+ * These tables may be declared const if you want.  Many compilers
+ * don't support this, though.
+ */
+
+/*
+ * The DES algorithm which uses these is intended to be fairly speedy
+ * at the expense of some memory.  All the standard hacks are used.
+ * The S boxes and the P permutation are precomputed into one table.
+ * The E box never actually appears explicitly since it is easy to apply
+ * this algorithmically as needed.  The initial permutation and final
+ * (inverse initial) permutation are computed from tables designed to
+ * permute one byte at a time.  This should run pretty fast on machines
+ * with 32 bit words and bit field/multiple bit shift instructions which
+ * are fast.
+ */
+
+/*
+ * The initial permutation array.  This is used to compute both the
+ * left and the right halves of the initial permutation using bytes
+ * from words made from the following operations:
+ *
+ * ((left & 0x55555555) << 1) | (right & 0x55555555)  for left half
+ * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1)  for right half
+ *
+ * The scheme is that we index into the table using each byte.  The
+ * result from the high order byte is or'd with the result from the
+ * next byte shifted left once is or'd with the result from the next
+ * byte shifted left twice if or'd with the result from the low order
+ * byte shifted left by three.  Clear?
+ */
+
+const unsigned DES_INT32 des_IP_table[256] = {
+    0x00000000, 0x00000010, 0x00000001, 0x00000011,
+    0x00001000, 0x00001010, 0x00001001, 0x00001011,
+    0x00000100, 0x00000110, 0x00000101, 0x00000111,
+    0x00001100, 0x00001110, 0x00001101, 0x00001111,
+    0x00100000, 0x00100010, 0x00100001, 0x00100011,
+    0x00101000, 0x00101010, 0x00101001, 0x00101011,
+    0x00100100, 0x00100110, 0x00100101, 0x00100111,
+    0x00101100, 0x00101110, 0x00101101, 0x00101111,
+    0x00010000, 0x00010010, 0x00010001, 0x00010011,
+    0x00011000, 0x00011010, 0x00011001, 0x00011011,
+    0x00010100, 0x00010110, 0x00010101, 0x00010111,
+    0x00011100, 0x00011110, 0x00011101, 0x00011111,
+    0x00110000, 0x00110010, 0x00110001, 0x00110011,
+    0x00111000, 0x00111010, 0x00111001, 0x00111011,
+    0x00110100, 0x00110110, 0x00110101, 0x00110111,
+    0x00111100, 0x00111110, 0x00111101, 0x00111111,
+    0x10000000, 0x10000010, 0x10000001, 0x10000011,
+    0x10001000, 0x10001010, 0x10001001, 0x10001011,
+    0x10000100, 0x10000110, 0x10000101, 0x10000111,
+    0x10001100, 0x10001110, 0x10001101, 0x10001111,
+    0x10100000, 0x10100010, 0x10100001, 0x10100011,
+    0x10101000, 0x10101010, 0x10101001, 0x10101011,
+    0x10100100, 0x10100110, 0x10100101, 0x10100111,
+    0x10101100, 0x10101110, 0x10101101, 0x10101111,
+    0x10010000, 0x10010010, 0x10010001, 0x10010011,
+    0x10011000, 0x10011010, 0x10011001, 0x10011011,
+    0x10010100, 0x10010110, 0x10010101, 0x10010111,
+    0x10011100, 0x10011110, 0x10011101, 0x10011111,
+    0x10110000, 0x10110010, 0x10110001, 0x10110011,
+    0x10111000, 0x10111010, 0x10111001, 0x10111011,
+    0x10110100, 0x10110110, 0x10110101, 0x10110111,
+    0x10111100, 0x10111110, 0x10111101, 0x10111111,
+    0x01000000, 0x01000010, 0x01000001, 0x01000011,
+    0x01001000, 0x01001010, 0x01001001, 0x01001011,
+    0x01000100, 0x01000110, 0x01000101, 0x01000111,
+    0x01001100, 0x01001110, 0x01001101, 0x01001111,
+    0x01100000, 0x01100010, 0x01100001, 0x01100011,
+    0x01101000, 0x01101010, 0x01101001, 0x01101011,
+    0x01100100, 0x01100110, 0x01100101, 0x01100111,
+    0x01101100, 0x01101110, 0x01101101, 0x01101111,
+    0x01010000, 0x01010010, 0x01010001, 0x01010011,
+    0x01011000, 0x01011010, 0x01011001, 0x01011011,
+    0x01010100, 0x01010110, 0x01010101, 0x01010111,
+    0x01011100, 0x01011110, 0x01011101, 0x01011111,
+    0x01110000, 0x01110010, 0x01110001, 0x01110011,
+    0x01111000, 0x01111010, 0x01111001, 0x01111011,
+    0x01110100, 0x01110110, 0x01110101, 0x01110111,
+    0x01111100, 0x01111110, 0x01111101, 0x01111111,
+    0x11000000, 0x11000010, 0x11000001, 0x11000011,
+    0x11001000, 0x11001010, 0x11001001, 0x11001011,
+    0x11000100, 0x11000110, 0x11000101, 0x11000111,
+    0x11001100, 0x11001110, 0x11001101, 0x11001111,
+    0x11100000, 0x11100010, 0x11100001, 0x11100011,
+    0x11101000, 0x11101010, 0x11101001, 0x11101011,
+    0x11100100, 0x11100110, 0x11100101, 0x11100111,
+    0x11101100, 0x11101110, 0x11101101, 0x11101111,
+    0x11010000, 0x11010010, 0x11010001, 0x11010011,
+    0x11011000, 0x11011010, 0x11011001, 0x11011011,
+    0x11010100, 0x11010110, 0x11010101, 0x11010111,
+    0x11011100, 0x11011110, 0x11011101, 0x11011111,
+    0x11110000, 0x11110010, 0x11110001, 0x11110011,
+    0x11111000, 0x11111010, 0x11111001, 0x11111011,
+    0x11110100, 0x11110110, 0x11110101, 0x11110111,
+    0x11111100, 0x11111110, 0x11111101, 0x11111111
+};
+
+/*
+ * The final permutation array.  Like the IP array, used
+ * to compute both the left and right results from the bytes
+ * of words computed from:
+ *
+ * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f)  for left result
+ * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4)  for right result
+ *
+ * The result from the high order byte is shifted left 6 bits and
+ * or'd with the result from the next byte shifted left 4 bits, which
+ * is or'd with the result from the next byte shifted left 2 bits,
+ * which is or'd with the result from the low byte.
+ */
+const unsigned DES_INT32 des_FP_table[256] = {
+    0x00000000, 0x02000000, 0x00020000, 0x02020000,
+    0x00000200, 0x02000200, 0x00020200, 0x02020200,
+    0x00000002, 0x02000002, 0x00020002, 0x02020002,
+    0x00000202, 0x02000202, 0x00020202, 0x02020202,
+    0x01000000, 0x03000000, 0x01020000, 0x03020000,
+    0x01000200, 0x03000200, 0x01020200, 0x03020200,
+    0x01000002, 0x03000002, 0x01020002, 0x03020002,
+    0x01000202, 0x03000202, 0x01020202, 0x03020202,
+    0x00010000, 0x02010000, 0x00030000, 0x02030000,
+    0x00010200, 0x02010200, 0x00030200, 0x02030200,
+    0x00010002, 0x02010002, 0x00030002, 0x02030002,
+    0x00010202, 0x02010202, 0x00030202, 0x02030202,
+    0x01010000, 0x03010000, 0x01030000, 0x03030000,
+    0x01010200, 0x03010200, 0x01030200, 0x03030200,
+    0x01010002, 0x03010002, 0x01030002, 0x03030002,
+    0x01010202, 0x03010202, 0x01030202, 0x03030202,
+    0x00000100, 0x02000100, 0x00020100, 0x02020100,
+    0x00000300, 0x02000300, 0x00020300, 0x02020300,
+    0x00000102, 0x02000102, 0x00020102, 0x02020102,
+    0x00000302, 0x02000302, 0x00020302, 0x02020302,
+    0x01000100, 0x03000100, 0x01020100, 0x03020100,
+    0x01000300, 0x03000300, 0x01020300, 0x03020300,
+    0x01000102, 0x03000102, 0x01020102, 0x03020102,
+    0x01000302, 0x03000302, 0x01020302, 0x03020302,
+    0x00010100, 0x02010100, 0x00030100, 0x02030100,
+    0x00010300, 0x02010300, 0x00030300, 0x02030300,
+    0x00010102, 0x02010102, 0x00030102, 0x02030102,
+    0x00010302, 0x02010302, 0x00030302, 0x02030302,
+    0x01010100, 0x03010100, 0x01030100, 0x03030100,
+    0x01010300, 0x03010300, 0x01030300, 0x03030300,
+    0x01010102, 0x03010102, 0x01030102, 0x03030102,
+    0x01010302, 0x03010302, 0x01030302, 0x03030302,
+    0x00000001, 0x02000001, 0x00020001, 0x02020001,
+    0x00000201, 0x02000201, 0x00020201, 0x02020201,
+    0x00000003, 0x02000003, 0x00020003, 0x02020003,
+    0x00000203, 0x02000203, 0x00020203, 0x02020203,
+    0x01000001, 0x03000001, 0x01020001, 0x03020001,
+    0x01000201, 0x03000201, 0x01020201, 0x03020201,
+    0x01000003, 0x03000003, 0x01020003, 0x03020003,
+    0x01000203, 0x03000203, 0x01020203, 0x03020203,
+    0x00010001, 0x02010001, 0x00030001, 0x02030001,
+    0x00010201, 0x02010201, 0x00030201, 0x02030201,
+    0x00010003, 0x02010003, 0x00030003, 0x02030003,
+    0x00010203, 0x02010203, 0x00030203, 0x02030203,
+    0x01010001, 0x03010001, 0x01030001, 0x03030001,
+    0x01010201, 0x03010201, 0x01030201, 0x03030201,
+    0x01010003, 0x03010003, 0x01030003, 0x03030003,
+    0x01010203, 0x03010203, 0x01030203, 0x03030203,
+    0x00000101, 0x02000101, 0x00020101, 0x02020101,
+    0x00000301, 0x02000301, 0x00020301, 0x02020301,
+    0x00000103, 0x02000103, 0x00020103, 0x02020103,
+    0x00000303, 0x02000303, 0x00020303, 0x02020303,
+    0x01000101, 0x03000101, 0x01020101, 0x03020101,
+    0x01000301, 0x03000301, 0x01020301, 0x03020301,
+    0x01000103, 0x03000103, 0x01020103, 0x03020103,
+    0x01000303, 0x03000303, 0x01020303, 0x03020303,
+    0x00010101, 0x02010101, 0x00030101, 0x02030101,
+    0x00010301, 0x02010301, 0x00030301, 0x02030301,
+    0x00010103, 0x02010103, 0x00030103, 0x02030103,
+    0x00010303, 0x02010303, 0x00030303, 0x02030303,
+    0x01010101, 0x03010101, 0x01030101, 0x03030101,
+    0x01010301, 0x03010301, 0x01030301, 0x03030301,
+    0x01010103, 0x03010103, 0x01030103, 0x03030103,
+    0x01010303, 0x03010303, 0x01030303, 0x03030303
+};
+
+
+/*
+ * The SP table is actually the S boxes and the P permutation
+ * table combined.  This table is actually reordered from the
+ * spec, to match the order of key application we follow.
+ */
+const unsigned DES_INT32 des_SP_table[8][64] = {
+    {
+        0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */
+        0x00000400, 0x02000401, 0x00100401, 0x02100400,
+        0x02100401, 0x00100000, 0x00000000, 0x02000001,
+        0x00000001, 0x02000000, 0x02100001, 0x00000401,
+        0x02000400, 0x00100401, 0x00100001, 0x02000400,
+        0x02000001, 0x02100000, 0x02100400, 0x00100001,
+        0x02100000, 0x00000400, 0x00000401, 0x02100401,
+        0x00100400, 0x00000001, 0x02000000, 0x00100400,
+        0x02000000, 0x00100400, 0x00100000, 0x02000401,
+        0x02000401, 0x02100001, 0x02100001, 0x00000001,
+        0x00100001, 0x02000000, 0x02000400, 0x00100000,
+        0x02100400, 0x00000401, 0x00100401, 0x02100400,
+        0x00000401, 0x02000001, 0x02100401, 0x02100000,
+        0x00100400, 0x00000000, 0x00000001, 0x02100401,
+        0x00000000, 0x00100401, 0x02100000, 0x00000400,
+        0x02000001, 0x02000400, 0x00000400, 0x00100001,
+    },
+    {
+        0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */
+        0x00808002, 0x00008202, 0x00000002, 0x00008000,
+        0x00000200, 0x00808200, 0x00808202, 0x00000200,
+        0x00800202, 0x00808002, 0x00800000, 0x00000002,
+        0x00000202, 0x00800200, 0x00800200, 0x00008200,
+        0x00008200, 0x00808000, 0x00808000, 0x00800202,
+        0x00008002, 0x00800002, 0x00800002, 0x00008002,
+        0x00000000, 0x00000202, 0x00008202, 0x00800000,
+        0x00008000, 0x00808202, 0x00000002, 0x00808000,
+        0x00808200, 0x00800000, 0x00800000, 0x00000200,
+        0x00808002, 0x00008000, 0x00008200, 0x00800002,
+        0x00000200, 0x00000002, 0x00800202, 0x00008202,
+        0x00808202, 0x00008002, 0x00808000, 0x00800202,
+        0x00800002, 0x00000202, 0x00008202, 0x00808200,
+        0x00000202, 0x00800200, 0x00800200, 0x00000000,
+        0x00008002, 0x00008200, 0x00000000, 0x00808002,
+    },
+    {
+        0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */
+        0x04000100, 0x00000000, 0x00010104, 0x04000100,
+        0x00010004, 0x04000004, 0x04000004, 0x00010000,
+        0x04010104, 0x00010004, 0x04010000, 0x00000104,
+        0x04000000, 0x00000004, 0x04010100, 0x00000100,
+        0x00010100, 0x04010000, 0x04010004, 0x00010104,
+        0x04000104, 0x00010100, 0x00010000, 0x04000104,
+        0x00000004, 0x04010104, 0x00000100, 0x04000000,
+        0x04010100, 0x04000000, 0x00010004, 0x00000104,
+        0x00010000, 0x04010100, 0x04000100, 0x00000000,
+        0x00000100, 0x00010004, 0x04010104, 0x04000100,
+        0x04000004, 0x00000100, 0x00000000, 0x04010004,
+        0x04000104, 0x00010000, 0x04000000, 0x04010104,
+        0x00000004, 0x00010104, 0x00010100, 0x04000004,
+        0x04010000, 0x04000104, 0x00000104, 0x04010000,
+        0x00010104, 0x00000004, 0x04010004, 0x00010100,
+    },
+    {
+        0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */
+        0x00040000, 0x00000080, 0x20000000, 0x01040000,
+        0x20040080, 0x00040000, 0x01000080, 0x20040080,
+        0x21000080, 0x21040000, 0x00040080, 0x20000000,
+        0x01000000, 0x20040000, 0x20040000, 0x00000000,
+        0x20000080, 0x21040080, 0x21040080, 0x01000080,
+        0x21040000, 0x20000080, 0x00000000, 0x21000000,
+        0x01040080, 0x01000000, 0x21000000, 0x00040080,
+        0x00040000, 0x21000080, 0x00000080, 0x01000000,
+        0x20000000, 0x01040000, 0x21000080, 0x20040080,
+        0x01000080, 0x20000000, 0x21040000, 0x01040080,
+        0x20040080, 0x00000080, 0x01000000, 0x21040000,
+        0x21040080, 0x00040080, 0x21000000, 0x21040080,
+        0x01040000, 0x00000000, 0x20040000, 0x21000000,
+        0x00040080, 0x01000080, 0x20000080, 0x00040000,
+        0x00000000, 0x20040000, 0x01040080, 0x20000080,
+    },
+    {
+        0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */
+        0x00401040, 0x80400040, 0x80400000, 0x80001000,
+        0x00000000, 0x00401000, 0x00401000, 0x80401040,
+        0x80000040, 0x00000000, 0x00400040, 0x80400000,
+        0x80000000, 0x00001000, 0x00400000, 0x80401000,
+        0x00000040, 0x00400000, 0x80001000, 0x00001040,
+        0x80400040, 0x80000000, 0x00001040, 0x00400040,
+        0x00001000, 0x00401040, 0x80401040, 0x80000040,
+        0x00400040, 0x80400000, 0x00401000, 0x80401040,
+        0x80000040, 0x00000000, 0x00000000, 0x00401000,
+        0x00001040, 0x00400040, 0x80400040, 0x80000000,
+        0x80401000, 0x80001040, 0x80001040, 0x00000040,
+        0x80401040, 0x80000040, 0x80000000, 0x00001000,
+        0x80400000, 0x80001000, 0x00401040, 0x80400040,
+        0x80001000, 0x00001040, 0x00400000, 0x80401000,
+        0x00000040, 0x00400000, 0x00001000, 0x00401040,
+    },
+    {
+        0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */
+        0x10200000, 0x00000008, 0x10202008, 0x00200000,
+        0x10002000, 0x00202008, 0x00200000, 0x10000008,
+        0x00200008, 0x10002000, 0x10000000, 0x00002008,
+        0x00000000, 0x00200008, 0x10002008, 0x00002000,
+        0x00202000, 0x10002008, 0x00000008, 0x10200008,
+        0x10200008, 0x00000000, 0x00202008, 0x10202000,
+        0x00002008, 0x00202000, 0x10202000, 0x10000000,
+        0x10002000, 0x00000008, 0x10200008, 0x00202000,
+        0x10202008, 0x00200000, 0x00002008, 0x10000008,
+        0x00200000, 0x10002000, 0x10000000, 0x00002008,
+        0x10000008, 0x10202008, 0x00202000, 0x10200000,
+        0x00202008, 0x10202000, 0x00000000, 0x10200008,
+        0x00000008, 0x00002000, 0x10200000, 0x00202008,
+        0x00002000, 0x00200008, 0x10002008, 0x00000000,
+        0x10202000, 0x10000000, 0x00200008, 0x10002008,
+    },
+    {
+        0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */
+        0x08000000, 0x08000820, 0x00000020, 0x08000000,
+        0x00020020, 0x08020000, 0x08020820, 0x00020800,
+        0x08020800, 0x00020820, 0x00000800, 0x00000020,
+        0x08020000, 0x08000020, 0x08000800, 0x00000820,
+        0x00020800, 0x00020020, 0x08020020, 0x08020800,
+        0x00000820, 0x00000000, 0x00000000, 0x08020020,
+        0x08000020, 0x08000800, 0x00020820, 0x00020000,
+        0x00020820, 0x00020000, 0x08020800, 0x00000800,
+        0x00000020, 0x08020020, 0x00000800, 0x00020820,
+        0x08000800, 0x00000020, 0x08000020, 0x08020000,
+        0x08020020, 0x08000000, 0x00020000, 0x08000820,
+        0x00000000, 0x08020820, 0x00020020, 0x08000020,
+        0x08020000, 0x08000800, 0x08000820, 0x00000000,
+        0x08020820, 0x00020800, 0x00020800, 0x00000820,
+        0x00000820, 0x00020020, 0x08000000, 0x08020800,
+    },
+    {
+        0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */
+        0x00080000, 0x00000010, 0x40080010, 0x40004010,
+        0x40000010, 0x40084010, 0x40084000, 0x40000000,
+        0x40004000, 0x00080000, 0x00000010, 0x40080010,
+        0x00084000, 0x00080010, 0x40004010, 0x00000000,
+        0x40000000, 0x00004000, 0x00084010, 0x40080000,
+        0x00080010, 0x40000010, 0x00000000, 0x00084000,
+        0x00004010, 0x40084000, 0x40080000, 0x00004010,
+        0x00000000, 0x00084010, 0x40080010, 0x00080000,
+        0x40004010, 0x40080000, 0x40084000, 0x00004000,
+        0x40080000, 0x40004000, 0x00000010, 0x40084010,
+        0x00084010, 0x00000010, 0x00004000, 0x40000000,
+        0x00004010, 0x40084000, 0x00080000, 0x40000010,
+        0x00080010, 0x40004010, 0x40000010, 0x00080010,
+        0x00084000, 0x00000000, 0x40004000, 0x00004010,
+        0x40000000, 0x40080010, 0x40084010, 0x00084000
+    },
+};
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/f_tables.h b/krb5-1.21.3/src/lib/crypto/builtin/des/f_tables.h
new file mode 100644
index 00000000..fc91b566
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/f_tables.h
@@ -0,0 +1,285 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/f_tables.h */
+/*
+ * Copyright (C) 1990 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * DES implementation donated by Dennis Ferguson
+ */
+
+/*
+ * des_tables.h - declarations to import the DES tables, used internally
+ *                by some of the library routines.
+ */
+#ifndef __DES_TABLES_H__
+#define __DES_TABLES_H__        /* nothing */
+
+#include "k5-platform.h"
+/*
+ * These may be declared const if you wish.  Be sure to change the
+ * declarations in des_tables.c as well.
+ */
+extern const unsigned DES_INT32 des_IP_table[256];
+extern const unsigned DES_INT32 des_FP_table[256];
+extern const unsigned DES_INT32 des_SP_table[8][64];
+
+/*
+ * Use standard shortforms to reference these to save typing
+ */
+#define IP      des_IP_table
+#define FP      des_FP_table
+#define SP      des_SP_table
+
+#ifdef DEBUG
+#define DEB(foofraw)    printf foofraw
+#else
+#define DEB(foofraw)    /* nothing */
+#endif
+
+/*
+ * Code to do a DES round using the tables.  Note that the E expansion
+ * is easy to compute algorithmically, especially if done out-of-order.
+ * Take a look at its form and compare it to everything involving temp
+ * below.  Since SP[0-7] don't have any bits in common set it is okay
+ * to do the successive xor's.
+ *
+ * Note too that the SP table has been reordered to match the order of
+ * the keys (if the original order of SP was 12345678, the reordered
+ * table is 71354682).  This is unnecessary, but was done since some
+ * compilers seem to like you going through the matrix from beginning
+ * to end.
+ *
+ * There is a difference in the best way to do this depending on whether
+ * one is encrypting or decrypting.  If encrypting we move forward through
+ * the keys and hence should move forward through the table.  If decrypting
+ * we go back.  Part of the need for this comes from trying to emulate
+ * existing software which generates a single key schedule and uses it
+ * both for encrypting and decrypting.  Generating separate encryption
+ * and decryption key schedules would allow one to use the same code
+ * for both.
+ *
+ * left, right and temp should be unsigned DES_INT32 values.  left and right
+ * should be the high and low order parts of the cipher block at the
+ * current stage of processing (this makes sense if you read the spec).
+ * kp should be an unsigned DES_INT32 pointer which points at the current
+ * set of subkeys in the key schedule.  It is advanced to the next set
+ * (i.e. by 8 bytes) when this is done.
+ *
+ * This occurs in the innermost loop of the DES function.  The four
+ * variables should really be in registers.
+ *
+ * When using this, the inner loop of the DES function might look like:
+ *
+ *      for (i = 0; i < 8; i++) {
+ *              DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp);
+ *              DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp);
+ *      }
+ *
+ * Note the trick above.  You are supposed to do 16 rounds, swapping
+ * left and right at the end of each round.  By doing two rounds at
+ * a time and swapping left and right in the code we can avoid the
+ * swaps altogether.
+ */
+#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp) do {        \
+        (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \
+        (left) ^= SP[0][((temp) >> 24) & 0x3f]                  \
+            | SP[1][((temp) >> 16) & 0x3f]                      \
+            | SP[2][((temp) >>  8) & 0x3f]                      \
+            | SP[3][((temp)      ) & 0x3f];                     \
+        (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++;  \
+        (left) ^= SP[4][((temp) >> 24) & 0x3f]                  \
+            | SP[5][((temp) >> 16) & 0x3f]                      \
+            | SP[6][((temp) >>  8) & 0x3f]                      \
+            | SP[7][((temp)      ) & 0x3f];                     \
+    } while(0);
+
+#define DES_SP_DECRYPT_ROUND(left, right, temp, kp) do {                \
+        (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp));        \
+        (left) ^= SP[7][((temp)      ) & 0x3f]                          \
+            | SP[6][((temp) >>  8) & 0x3f]                              \
+            | SP[5][((temp) >> 16) & 0x3f]                              \
+            | SP[4][((temp) >> 24) & 0x3f];                             \
+        (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp));       \
+        (left) ^= SP[3][((temp)      ) & 0x3f]                          \
+            | SP[2][((temp) >>  8) & 0x3f]                              \
+            | SP[1][((temp) >> 16) & 0x3f]                              \
+            | SP[0][((temp) >> 24) & 0x3f];                             \
+    } while (0);
+
+/*
+ * Macros to help deal with the initial permutation table.  Note
+ * the IP table only deals with 32 bits at a time, allowing us to
+ * collect the bits we need to deal with each half into an unsigned
+ * DES_INT32.  By carefully selecting how the bits are ordered we also
+ * take advantages of symmetries in the table so that we can use a
+ * single table to compute the permutation of all bytes.  This sounds
+ * complicated, but if you go through the process of designing the
+ * table you'll find the symmetries fall right out.
+ *
+ * The follow macros compute the set of bits used to index the
+ * table for produce the left and right permuted result.
+ *
+ * The inserted cast to unsigned DES_INT32 circumvents a bug in
+ * the Macintosh MPW 3.2 C compiler which loses the unsignedness and
+ * propagates the high-order bit in the shift.
+ */
+#define DES_IP_LEFT_BITS(left, right)                           \
+    ((((left) & 0x55555555) << 1) | ((right) & 0x55555555))
+#define DES_IP_RIGHT_BITS(left, right)                          \
+    (((left) & 0xaaaaaaaa) |                                    \
+     ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1))
+
+/*
+ * The following macro does an in-place initial permutation given
+ * the current left and right parts of the block and a single
+ * temporary.  Use this more as a guide for rolling your own, though.
+ * The best way to do the IP depends on the form of the data you
+ * are dealing with.  If you use this, though, try to make left,
+ * right and temp unsigned DES_INT32s.
+ */
+#define DES_INITIAL_PERM(left, right, temp) do {        \
+        (temp) = DES_IP_RIGHT_BITS((left), (right));    \
+        (right) = DES_IP_LEFT_BITS((left), (right));    \
+        (left) = IP[((right) >> 24) & 0xff]             \
+            | (IP[((right) >> 16) & 0xff] << 1)         \
+            | (IP[((right) >>  8) & 0xff] << 2)         \
+            | (IP[(right) & 0xff] << 3);                \
+        (right) = IP[((temp) >> 24) & 0xff]             \
+            | (IP[((temp) >> 16) & 0xff] << 1)          \
+            | (IP[((temp) >>  8) & 0xff] << 2)          \
+            | (IP[(temp) & 0xff] << 3);                 \
+    } while(0);
+
+/*
+ * Now the final permutation stuff.  The same comments apply to
+ * this as to the initial permutation, except that we use different
+ * bits and shifts.
+ *
+ * The inserted cast to unsigned DES_INT32 circumvents a bug in
+ * the Macintosh MPW 3.2 C compiler which loses the unsignedness and
+ * propagates the high-order bit in the shift.
+ */
+#define DES_FP_LEFT_BITS(left, right)                           \
+    ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f))
+#define DES_FP_RIGHT_BITS(left, right)                          \
+    (((left) & 0xf0f0f0f0) |                                    \
+     ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4))
+
+
+/*
+ * Here is a sample final permutation.  Note that there is a trick
+ * here.  DES requires swapping the left and right parts after the
+ * last cipher round but before the final permutation.  We do this
+ * swapping internally, which is why left and right are confused
+ * at the beginning.
+ */
+#define DES_FINAL_PERM(left, right, temp) do {          \
+        (temp) = DES_FP_RIGHT_BITS((right), (left));    \
+        (right) = DES_FP_LEFT_BITS((right), (left));    \
+        (left) = (FP[((right) >> 24) & 0xff] << 6)      \
+            | (FP[((right) >> 16) & 0xff] << 4)         \
+            | (FP[((right) >>  8) & 0xff] << 2)         \
+            |  FP[(right) & 0xff];                      \
+        (right) = (FP[((temp) >> 24) & 0xff] << 6)      \
+            | (FP[((temp) >> 16) & 0xff] << 4)          \
+            | (FP[((temp) >>  8) & 0xff] << 2)          \
+            |  FP[temp & 0xff];                         \
+    } while(0);
+
+
+/*
+ * Finally, as a sample of how all this might be held together, the
+ * following two macros do in-place encryptions and decryptions.  left
+ * and right are two unsigned DES_INT32 variables which at the beginning
+ * are expected to hold the clear (encrypted) block in host byte order
+ * (left the high order four bytes, right the low order).  At the end
+ * they will contain the encrypted (clear) block.  temp is an unsigned DES_INT32
+ * used as a temporary.  kp is an unsigned DES_INT32 pointer pointing at
+ * the start of the key schedule.  All these should be in registers.
+ *
+ * You can probably do better than these by rewriting for particular
+ * situations.  These aren't bad, though.
+ *
+ * The DEB macros enable debugging when this code breaks (typically
+ * when a buggy compiler breaks it), by printing the intermediate values
+ * at each stage of the encryption, so that by comparing the output to
+ * a known good machine, the location of the first error can be found.
+ */
+#define DES_DO_ENCRYPT_1(left, right, kp)                               \
+    do {                                                                \
+        int i;                                                          \
+        unsigned DES_INT32 temp1;                                       \
+        DEB (("do_encrypt %8lX %8lX \n", left, right));                 \
+        DES_INITIAL_PERM((left), (right), (temp1));                     \
+        DEB (("  after IP %8lX %8lX\n", left, right));                  \
+        for (i = 0; i < 8; i++) {                                       \
+            DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp));       \
+            DEB (("  round %2d %8lX %8lX \n", i*2, left, right));       \
+            DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp));       \
+            DEB (("  round %2d %8lX %8lX \n", 1+i*2, left, right));     \
+        }                                                               \
+        DES_FINAL_PERM((left), (right), (temp1));                       \
+        (kp) -= (2 * 16);                                               \
+        DEB (("  after FP %8lX %8lX \n", left, right));                 \
+    } while (0)
+
+#define DES_DO_DECRYPT_1(left, right, kp)                               \
+    do {                                                                \
+        int i;                                                          \
+        unsigned DES_INT32 temp2;                                       \
+        DES_INITIAL_PERM((left), (right), (temp2));                     \
+        (kp) += (2 * 16);                                               \
+        for (i = 0; i < 8; i++) {                                       \
+            DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp));       \
+            DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp));       \
+        }                                                               \
+        DES_FINAL_PERM((left), (right), (temp2));                       \
+    } while (0)
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l,
+                                     unsigned DES_INT32 *r,
+                                     const unsigned DES_INT32 *k);
+extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l,
+                                     unsigned DES_INT32 *r,
+                                     const unsigned DES_INT32 *k);
+#define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K))
+#define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K))
+#else
+#define DES_DO_ENCRYPT DES_DO_ENCRYPT_1
+#define DES_DO_DECRYPT DES_DO_DECRYPT_1
+#endif
+
+/*
+ * These are handy dandy utility thingies for straightening out bytes.
+ * Included here because they're used a couple of places.
+ */
+#define GET_HALF_BLOCK(lr, ip)  ((lr) = load_32_be(ip), (ip) += 4)
+#define PUT_HALF_BLOCK(lr, op)  (store_32_be(lr, op), (op) += 4)
+
+/* Shorthand that we'll need in several places, for creating values that
+   really can hold 32 bits regardless of the prevailing int size.  */
+#define FF_UINT32       ((unsigned DES_INT32) 0xFF)
+
+#endif  /* __DES_TABLES_H__ */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/key_sched.c b/krb5-1.21.3/src/lib/crypto/builtin/des/key_sched.c
new file mode 100644
index 00000000..d6dedd93
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/key_sched.c
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/key_sched.c */
+/*
+ * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute
+ * of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This routine computes the DES key schedule given a key.  The
+ * permutations and shifts have been done at compile time, resulting
+ * in a direct one-step mapping from the input key to the key
+ * schedule.
+ *
+ * Also checks parity and weak keys.
+ *
+ * Watch out for the subscripts -- most effectively start at 1 instead
+ * of at zero.  Maybe some bugs in that area.
+ *
+ * In case the user wants to cache the computed key schedule, it is
+ * passed as an arg.  Also implies that caller has explicit control
+ * over zeroing both the key schedule and the key.
+ *
+ * Originally written 6/85 by Steve Miller, MIT Project Athena.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES
+
+int
+mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule)
+{
+    mit_des_make_key_sched(k,schedule);
+
+    if (!mit_des_check_key_parity(k))   /* bad parity --> return -1 */
+        return(-1);
+
+    if (mit_des_is_weak_key(k))
+        return(-2);
+
+    /* if key was good, return 0 */
+    return 0;
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/keytest.data b/krb5-1.21.3/src/lib/crypto/builtin/des/keytest.data
new file mode 100644
index 00000000..7ff34eed
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/keytest.data
@@ -0,0 +1,171 @@
+0101010101010101 95F8A5E5DD31D900 8000000000000000
+0101010101010101 DD7F121CA5015619 4000000000000000
+0101010101010101 2E8653104F3834EA 2000000000000000
+0101010101010101 4BD388FF6CD81D4F 1000000000000000
+0101010101010101 20B9E767B2FB1456 0800000000000000
+0101010101010101 55579380D77138EF 0400000000000000
+0101010101010101 6CC5DEFAAF04512F 0200000000000000
+0101010101010101 0D9F279BA5D87260 0100000000000000
+0101010101010101 D9031B0271BD5A0A 0080000000000000
+0101010101010101 424250B37C3DD951 0040000000000000
+0101010101010101 B8061B7ECD9A21E5 0020000000000000
+0101010101010101 F15D0F286B65BD28 0010000000000000
+0101010101010101 ADD0CC8D6E5DEBA1 0008000000000000
+0101010101010101 E6D5F82752AD63D1 0004000000000000
+0101010101010101 ECBFE3BD3F591A5E 0002000000000000
+0101010101010101 F356834379D165CD 0001000000000000
+0101010101010101 2B9F982F20037FA9 0000800000000000
+0101010101010101 889DE068A16F0BE6 0000400000000000
+0101010101010101 E19E275D846A1298 0000200000000000
+0101010101010101 329A8ED523D71AEC 0000100000000000
+0101010101010101 E7FCE22557D23C97 0000080000000000
+0101010101010101 12A9F5817FF2D65D 0000040000000000
+0101010101010101 A484C3AD38DC9C19 0000020000000000
+0101010101010101 FBE00A8A1EF8AD72 0000010000000000
+0101010101010101 750D079407521363 0000008000000000
+0101010101010101 64FEED9C724C2FAF 0000004000000000
+0101010101010101 F02B263B328E2B60 0000002000000000
+0101010101010101 9D64555A9A10B852 0000001000000000
+0101010101010101 D106FF0BED5255D7 0000000800000000
+0101010101010101 E1652C6B138C64A5 0000000400000000
+0101010101010101 E428581186EC8F46 0000000200000000
+0101010101010101 AEB5F5EDE22D1A36 0000000100000000
+0101010101010101 E943D7568AEC0C5C 0000000080000000
+0101010101010101 DF98C8276F54B04B 0000000040000000
+0101010101010101 B160E4680F6C696F 0000000020000000
+0101010101010101 FA0752B07D9C4AB8 0000000010000000
+0101010101010101 CA3A2B036DBC8502 0000000008000000
+0101010101010101 5E0905517BB59BCF 0000000004000000
+0101010101010101 814EEB3B91D90726 0000000002000000
+0101010101010101 4D49DB1532919C9F 0000000001000000
+0101010101010101 25EB5FC3F8CF0621 0000000000800000
+0101010101010101 AB6A20C0620D1C6F 0000000000400000
+0101010101010101 79E90DBC98F92CCA 0000000000200000
+0101010101010101 866ECEDD8072BB0E 0000000000100000
+0101010101010101 8B54536F2F3E64A8 0000000000080000
+0101010101010101 EA51D3975595B86B 0000000000040000
+0101010101010101 CAFFC6AC4542DE31 0000000000020000
+0101010101010101 8DD45A2DDF90796C 0000000000010000
+0101010101010101 1029D55E880EC2D0 0000000000008000
+0101010101010101 5D86CB23639DBEA9 0000000000004000
+0101010101010101 1D1CA853AE7C0C5F 0000000000002000
+0101010101010101 CE332329248F3228 0000000000001000
+0101010101010101 8405D1ABE24FB942 0000000000000800
+0101010101010101 E643D78090CA4207 0000000000000400
+0101010101010101 48221B9937748A23 0000000000000200
+0101010101010101 DD7C0BBD61FAFD54 0000000000000100
+0101010101010101 2FBC291A570DB5C4 0000000000000080
+0101010101010101 E07C30D7E4E26E12 0000000000000040
+0101010101010101 0953E2258E8E90A1 0000000000000020
+0101010101010101 5B711BC4CEEBF2EE 0000000000000010
+0101010101010101 CC083F1E6D9E85F6 0000000000000008
+0101010101010101 D2FD8867D50D2DFE 0000000000000004
+0101010101010101 06E7EA22CE92708F 0000000000000002
+0101010101010101 166B40B44ABA4BD6 0000000000000001
+8001010101010101 0000000000000000 95A8D72813DAA94D
+4001010101010101 0000000000000000 0EEC1487DD8C26D5
+2001010101010101 0000000000000000 7AD16FFB79C45926
+1001010101010101 0000000000000000 D3746294CA6A6CF3
+0801010101010101 0000000000000000 809F5F873C1FD761
+0401010101010101 0000000000000000 C02FAFFEC989D1FC
+0201010101010101 0000000000000000 4615AA1D33E72F10
+0180010101010101 0000000000000000 2055123350C00858
+0140010101010101 0000000000000000 DF3B99D6577397C8
+0120010101010101 0000000000000000 31FE17369B5288C9
+0110010101010101 0000000000000000 DFDD3CC64DAE1642
+0108010101010101 0000000000000000 178C83CE2B399D94
+0104010101010101 0000000000000000 50F636324A9B7F80
+0102010101010101 0000000000000000 A8468EE3BC18F06D
+0101800101010101 0000000000000000 A2DC9E92FD3CDE92
+0101400101010101 0000000000000000 CAC09F797D031287
+0101200101010101 0000000000000000 90BA680B22AEB525
+0101100101010101 0000000000000000 CE7A24F350E280B6
+0101080101010101 0000000000000000 882BFF0AA01A0B87
+0101040101010101 0000000000000000 25610288924511C2
+0101020101010101 0000000000000000 C71516C29C75D170
+0101018001010101 0000000000000000 5199C29A52C9F059
+0101014001010101 0000000000000000 C22F0A294A71F29F
+0101012001010101 0000000000000000 EE371483714C02EA
+0101011001010101 0000000000000000 A81FBD448F9E522F
+0101010801010101 0000000000000000 4F644C92E192DFED
+0101010401010101 0000000000000000 1AFA9A66A6DF92AE
+0101010201010101 0000000000000000 B3C1CC715CB879D8
+0101010180010101 0000000000000000 19D032E64AB0BD8B
+0101010140010101 0000000000000000 3CFAA7A7DC8720DC
+0101010120010101 0000000000000000 B7265F7F447AC6F3
+0101010110010101 0000000000000000 9DB73B3C0D163F54
+0101010108010101 0000000000000000 8181B65BABF4A975
+0101010104010101 0000000000000000 93C9B64042EAA240
+0101010102010101 0000000000000000 5570530829705592
+0101010101800101 0000000000000000 8638809E878787A0
+0101010101400101 0000000000000000 41B9A79AF79AC208
+0101010101200101 0000000000000000 7A9BE42F2009A892
+0101010101100101 0000000000000000 29038D56BA6D2745
+0101010101080101 0000000000000000 5495C6ABF1E5DF51
+0101010101040101 0000000000000000 AE13DBD561488933
+0101010101020101 0000000000000000 024D1FFA8904E389
+0101010101018001 0000000000000000 D1399712F99BF02E
+0101010101014001 0000000000000000 14C1D7C1CFFEC79E
+0101010101012001 0000000000000000 1DE5279DAE3BED6F
+0101010101011001 0000000000000000 E941A33F85501303
+0101010101010801 0000000000000000 DA99DBBC9A03F379
+0101010101010401 0000000000000000 B7FC92F91D8E92E9
+0101010101010201 0000000000000000 AE8E5CAA3CA04E85
+0101010101010180 0000000000000000 9CC62DF43B6EED74
+0101010101010140 0000000000000000 D863DBB5C59A91A0
+0101010101010120 0000000000000000 A1AB2190545B91D7
+0101010101010110 0000000000000000 0875041E64C570F7
+0101010101010108 0000000000000000 5A594528BEBEF1CC
+0101010101010104 0000000000000000 FCDB3291DE21F0C0
+0101010101010102 0000000000000000 869EFD7F9F265A09
+1046913489980131 0000000000000000 88D55E54F54C97B4
+1007103489988020 0000000000000000 0C0CC00C83EA48FD
+10071034C8980120 0000000000000000 83BC8EF3A6570183
+1046103489988020 0000000000000000 DF725DCAD94EA2E9
+1086911519190101 0000000000000000 E652B53B550BE8B0
+1086911519580101 0000000000000000 AF527120C485CBB0
+5107B01519580101 0000000000000000 0F04CE393DB926D5
+1007B01519190101 0000000000000000 C9F00FFC74079067
+3107915498080101 0000000000000000 7CFD82A593252B4E
+3107919498080101 0000000000000000 CB49A2F9E91363E3
+10079115B9080140 0000000000000000 00B588BE70D23F56
+3107911598080140 0000000000000000 406A9A6AB43399AE
+1007D01589980101 0000000000000000 6CB773611DCA9ADA
+9107911589980101 0000000000000000 67FD21C17DBB5D70
+9107D01589190101 0000000000000000 9592CB4110430787
+1007D01598980120 0000000000000000 A6B7FF68A318DDD3
+1007940498190101 0000000000000000 4D102196C914CA16
+0107910491190401 0000000000000000 2DFA9F4573594965
+0107910491190101 0000000000000000 B46604816C0E0774
+0107940491190401 0000000000000000 6E7E6221A4F34E87
+19079210981A0101 0000000000000000 AA85E74643233199
+1007911998190801 0000000000000000 2E5A19DB4D1962D6
+10079119981A0801 0000000000000000 23A866A809D30894
+1007921098190101 0000000000000000 D812D961F017D320
+100791159819010B 0000000000000000 055605816E58608F
+1004801598190101 0000000000000000 ABD88E8B1B7716F1
+1004801598190102 0000000000000000 537AC95BE69DA1E1
+1004801598190108 0000000000000000 AED0F6AE3C25CDD8
+1002911598100104 0000000000000000 B3E35A5EE53E7B8D
+1002911598190104 0000000000000000 61C79C71921A2EF8
+1002911598100201 0000000000000000 E2F5728F0995013C
+1002911698100101 0000000000000000 1AEAC39A61F0A464
+7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B
+0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271
+07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A
+3849674C2602319E 51454B582DDF440A 7178876E01F19B2A
+04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095
+0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B
+0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09
+43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A
+07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F
+04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088
+37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77
+1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A
+584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56
+025816164629B007 480D39006EE762F2 A1F9915541020B56
+49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556
+4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC
+49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A
+018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41
+1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/t_verify.c b/krb5-1.21.3/src/lib/crypto/builtin/des/t_verify.c
new file mode 100644
index 00000000..4a19933c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/t_verify.c
@@ -0,0 +1,395 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/t_verify.c */
+/*
+ * Copyright 1988, 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/*
+ *
+ * Program to test the correctness of the DES library
+ * implementation.
+ *
+ * exit returns  0 ==> success
+ *              -1 ==> error
+ */
+
+#include "k5-int.h"
+#include "des_int.h"
+#include <stdio.h>
+#include "com_err.h"
+
+static void do_encrypt(unsigned char *, unsigned char *);
+static void do_decrypt(unsigned char *, unsigned char *);
+
+char *progname;
+int nflag = 2;
+int vflag;
+int mflag;
+int zflag;
+int pid;
+int mit_des_debug;
+
+unsigned char cipher_text[64];
+unsigned char clear_text[64] = "Now is the time for all " ;
+unsigned char clear_text2[64] = "7654321 Now is the time for ";
+unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0};
+unsigned char output[64];
+unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0};
+unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */
+unsigned char *input;
+
+/* 0x0123456789abcdef */
+unsigned char default_key[8] = {
+    0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
+};
+unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
+unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 };
+mit_des_cblock s_key;
+unsigned char default_ivec[8] = {
+    0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
+};
+unsigned char *ivec;
+unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */
+
+unsigned char cipher1[8] = {
+    0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67
+};
+unsigned char cipher2[8] = {
+    0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15
+};
+unsigned char cipher3[64] = {
+    0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c,
+    0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f,
+    0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6
+};
+unsigned char checksum[8] = {
+    0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33
+};
+
+unsigned char zresult[8] = {
+    0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7
+};
+
+unsigned char mresult[8] = {
+    0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96
+};
+
+
+/*
+ * Can also add :
+ * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
+ */
+
+mit_des_key_schedule sched;
+
+int
+main(argc,argv)
+    int argc;
+    char *argv[];
+{
+    /* Local Declarations */
+    size_t  in_length;
+    int  retval;
+    int i, j;
+
+#ifdef WINDOWS
+    /* Set screen window buffer to infinite size -- MS default is tiny.  */
+    _wsetscreenbuf (fileno (stdout), _WINBUFINF);
+#endif
+    progname=argv[0];           /* salt away invoking program */
+
+    while (--argc > 0 && (*++argv)[0] == '-')
+        for (i=1; argv[0][i] != '\0'; i++) {
+            switch (argv[0][i]) {
+
+                /* debug flag */
+            case 'd':
+                mit_des_debug=3;
+                continue;
+
+            case 'z':
+                zflag = 1;
+                continue;
+
+            case 'm':
+                mflag = 1;
+                continue;
+
+            default:
+                printf("%s: illegal flag \"%c\" ",
+                       progname,argv[0][i]);
+                exit(1);
+            }
+        };
+
+    if (argc) {
+        fprintf(stderr, "Usage: %s [-dmz]\n", progname);
+        exit(1);
+    }
+
+    /* do some initialisation */
+
+    /* use known input and key */
+
+    /* ECB zero text zero key */
+    if (zflag) {
+        input = zero_text;
+        mit_des_key_sched(zero_key, sched);
+        printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++)
+            printf("%02x ",cipher_text[j]);
+        printf("\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
+            printf("verify: error in zero key test\n");
+            exit(-1);
+        }
+
+        exit(0);
+    }
+
+    if (mflag) {
+        input = msb_text;
+        mit_des_key_sched(key3, sched);
+        printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
+        printf("key = 0x80 01 01 01 01 01 01 01\n");
+        printf("        cipher = 0xa380e02a6be54696\n");
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++) {
+            printf("%02x ",cipher_text[j]);
+        }
+        printf("\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
+            printf("verify: error in msb test\n");
+            exit(-1);
+        }
+        exit(0);
+    }
+
+    /* ECB mode Davies and Price */
+    {
+        input = zero_text;
+        mit_des_key_sched(key2, sched);
+        printf("Examples per FIPS publication 81, keys ivs and cipher\n");
+        printf("in hex.  These are the correct answers, see below for\n");
+        printf("the actual answers.\n\n");
+        printf("Examples per Davies and Price.\n\n");
+        printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
+        printf("\tclear = 0\n");
+        printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
+        printf("ACTUAL ECB\n");
+        printf("\tclear \"%s\"\n", input);
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++)
+            printf("%02x ",cipher_text[j]);
+        printf("\n\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
+            printf("verify: error in ECB encryption\n");
+            exit(-1);
+        }
+        else
+            printf("verify: ECB encryption is correct\n\n");
+    }
+
+    /* ECB mode */
+    {
+        mit_des_key_sched(default_key, sched);
+        input = clear_text;
+        ivec = default_ivec;
+        printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
+        printf("\tclear = \"Now is the time for all \"\n");
+        printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
+        printf("ACTUAL ECB\n\tclear \"%s\"",input);
+        do_encrypt(input,cipher_text);
+        printf("\n\tcipher      = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++) {
+            printf("%02x ",cipher_text[j]);
+        }
+        printf("\n\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
+            printf("verify: error in ECB encryption\n");
+            exit(-1);
+        }
+        else
+            printf("verify: ECB encryption is correct\n\n");
+    }
+
+    /* CBC mode */
+    printf("EXAMPLE CBC\tkey = 0123456789abcdef");
+    printf("\tiv = 1234567890abcdef\n");
+    printf("\tclear = \"Now is the time for all \"\n");
+    printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n");
+    printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n");
+    printf("\t\t\t68 37 88 49 9a 7c 05 f6\n");
+
+    printf("ACTUAL CBC\n\tclear \"%s\"\n",input);
+    in_length =  strlen((char *)input);
+    if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input,
+                                      (mit_des_cblock *) cipher_text,
+                                      (size_t) in_length,
+                                      sched,
+                                      ivec,
+                                      MIT_DES_ENCRYPT))) {
+        com_err("des verify", retval, "can't encrypt");
+        exit(-1);
+    }
+    printf("\tciphertext = (low to high bytes)\n");
+    for (i = 0; i <= 2; i++) {
+        printf("\t\t");
+        for (j = 0; j <= 7; j++) {
+            printf("%02x ",cipher_text[i*8+j]);
+        }
+        printf("\n");
+    }
+    if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text,
+                                      (mit_des_cblock *) clear_text,
+                                      (size_t) in_length,
+                                      sched,
+                                      ivec,
+                                      MIT_DES_DECRYPT))) {
+        com_err("des verify", retval, "can't decrypt");
+        exit(-1);
+    }
+    printf("\tdecrypted clear_text = \"%s\"\n",clear_text);
+
+    if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) {
+        printf("verify: error in CBC encryption\n");
+        exit(-1);
+    }
+    else
+        printf("verify: CBC encryption is correct\n\n");
+
+    printf("EXAMPLE CBC checksum");
+    printf("\tkey =  0123456789abcdef\tiv =  1234567890abcdef\n");
+    printf("\tclear =\t\t\"7654321 Now is the time for \"\n");
+    printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, ");
+    printf("or some part thereof\n");
+    input = clear_text2;
+    mit_des_cbc_cksum(input,cipher_text, strlen((char *)input),
+                      sched,ivec);
+    printf("ACTUAL CBC checksum\n");
+    printf("\t\tencrypted cksum = (low to high bytes)\n\t\t");
+    for (j = 0; j<=7; j++)
+        printf("%02x ",cipher_text[j]);
+    printf("\n\n");
+    if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) {
+        printf("verify: error in CBC checksum\n");
+        exit(-1);
+    }
+    else
+        printf("verify: CBC checksum is correct\n\n");
+
+    exit(0);
+}
+
+static void
+do_encrypt(in,out)
+    unsigned char *in;
+    unsigned char *out;
+{
+    int i, j;
+    for (i =1; i<=nflag; i++) {
+        mit_des_cbc_encrypt((const mit_des_cblock *)in,
+                            (mit_des_cblock *)out,
+                            8,
+                            sched,
+                            zero_text,
+                            MIT_DES_ENCRYPT);
+        if (mit_des_debug) {
+            printf("\nclear %s\n",in);
+            for (j = 0; j<=7; j++)
+                printf("%02X ",in[j] & 0xff);
+            printf("\tcipher ");
+            for (j = 0; j<=7; j++)
+                printf("%02X ",out[j] & 0xff);
+        }
+    }
+}
+
+static void
+do_decrypt(in,out)
+    unsigned char *out;
+    unsigned char *in;
+    /* try to invert it */
+{
+    int i, j;
+    for (i =1; i<=nflag; i++) {
+        mit_des_cbc_encrypt((const mit_des_cblock *)out,
+                            (mit_des_cblock *)in,
+                            8,
+                            sched,
+                            zero_text,
+                            MIT_DES_DECRYPT);
+        if (mit_des_debug) {
+            printf("clear %s\n",in);
+            for (j = 0; j<=7; j++)
+                printf("%02X ",in[j] & 0xff);
+            printf("\tcipher ");
+            for (j = 0; j<=7; j++)
+                printf("%02X ",out[j] & 0xff);
+        }
+    }
+}
+
+/*
+ * Fake out the DES library, for the purposes of testing.
+ */
+
+int
+mit_des_is_weak_key(key)
+    mit_des_cblock key;
+{
+    return 0;                           /* fake it out for testing */
+}
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/des/weak_key.c b/krb5-1.21.3/src/lib/crypto/builtin/des/weak_key.c
new file mode 100644
index 00000000..f8304a36
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/des/weak_key.c
@@ -0,0 +1,90 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/des/weak_key.c */
+/*
+ * Copyright 1989,1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Under U.S. law, this software may not be exported outside the US
+ * without license from the U.S. Commerce department.
+ *
+ * These routines form the library interface to the DES facilities.
+ *
+ * Originally written 8/85 by Steve Miller, MIT Project Athena.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES
+
+/*
+ * The following are the weak DES keys:
+ */
+static const mit_des_cblock weak[16] = {
+    /* weak keys */
+    {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+    {0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe,0xfe},
+    {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
+    {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
+
+    /* semi-weak */
+    {0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe},
+    {0xfe,0x01,0xfe,0x01,0xfe,0x01,0xfe,0x01},
+
+    {0x1f,0xe0,0x1f,0xe0,0x0e,0xf1,0x0e,0xf1},
+    {0xe0,0x1f,0xe0,0x1f,0xf1,0x0e,0xf1,0x0e},
+
+    {0x01,0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1},
+    {0xe0,0x01,0xe0,0x01,0xf1,0x01,0xf1,0x01},
+
+    {0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e,0xfe},
+    {0xfe,0x1f,0xfe,0x1f,0xfe,0x0e,0xfe,0x0e},
+
+    {0x01,0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e},
+    {0x1f,0x01,0x1f,0x01,0x0e,0x01,0x0e,0x01},
+
+    {0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1,0xfe},
+    {0xfe,0xe0,0xfe,0xe0,0xfe,0xf1,0xfe,0xf1}
+};
+
+/*
+ * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key.
+ *
+ * Requires: key has correct odd parity.
+ */
+int
+mit_des_is_weak_key(mit_des_cblock key)
+{
+    unsigned int i;
+    const mit_des_cblock *weak_p = weak;
+
+    for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
+        if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+            return 1;
+    }
+
+    return 0;
+}
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/Makefile.in
new file mode 100644
index 00000000..6ad7cbd4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/Makefile.in
@@ -0,0 +1,39 @@
+mydir=lib$(S)crypto$(S)builtin$(S)enc_provider
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../aes -I$(srcdir)/../camellia \
+		-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\enc_provider
+##DOS##OBJFILE = ..\..\$(OUTPRE)enc_provider.lst
+
+STLIBOBJS= \
+	des3.o 	\
+	rc4.o 	\
+	aes.o   \
+	camellia.o
+
+OBJS= \
+	$(OUTPRE)des3.$(OBJEXT) 	\
+	$(OUTPRE)aes.$(OBJEXT) 	\
+	$(OUTPRE)camellia.$(OBJEXT)	\
+	$(OUTPRE)rc4.$(OBJEXT)
+
+SRCS= \
+	$(srcdir)/des3.c 	\
+	$(srcdir)/aes.c 	\
+	$(srcdir)/camellia.c	\
+	$(srcdir)/rc4.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/aes.c b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/aes.c
new file mode 100644
index 00000000..7fa94497
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/aes.c
@@ -0,0 +1,412 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/enc_provider/aes.c */
+/*
+ * Copyright (C) 2003, 2007, 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+#include "aes.h"
+
+#ifdef K5_BUILTIN_AES
+
+/*
+ * Private per-key data to cache after first generation.  We don't
+ * want to mess with the imported AES implementation too much, so
+ * we'll just use two copies of its context, one for encryption and
+ * one for decryption, and use the #rounds field as a flag for whether
+ * we've initialized each half.
+ */
+struct aes_key_info_cache {
+    aes_encrypt_ctx enc_ctx;
+    aes_decrypt_ctx dec_ctx;
+    krb5_boolean aesni;
+};
+#define CACHE(X) ((struct aes_key_info_cache *)((X)->cache))
+
+#ifdef AESNI
+
+/* Use AES-NI instructions (via assembly functions) when possible. */
+
+#include <cpuid.h>
+
+struct aes_data
+{
+    unsigned char *in_block;
+    unsigned char *out_block;
+    uint32_t *expanded_key;
+    unsigned char *iv;
+    size_t num_blocks;
+};
+
+void k5_iEncExpandKey128(unsigned char *key, uint32_t *expanded_key);
+void k5_iEncExpandKey256(unsigned char *key, uint32_t *expanded_key);
+void k5_iDecExpandKey256(unsigned char *key, uint32_t *expanded_key);
+void k5_iDecExpandKey128(unsigned char *key, uint32_t *expanded_key);
+
+void k5_iEnc128_CBC(struct aes_data *data);
+void k5_iDec128_CBC(struct aes_data *data);
+void k5_iEnc256_CBC(struct aes_data *data);
+void k5_iDec256_CBC(struct aes_data *data);
+
+static krb5_boolean
+aesni_supported_by_cpu()
+{
+    unsigned int a, b, c, d;
+
+    return __get_cpuid(1, &a, &b, &c, &d) && (c & (1 << 25));
+}
+
+static inline krb5_boolean
+aesni_supported(krb5_key key)
+{
+    return CACHE(key)->aesni;
+}
+
+static void
+aesni_expand_enc_key(krb5_key key)
+{
+    struct aes_key_info_cache *cache = CACHE(key);
+
+    if (key->keyblock.length == 16)
+        k5_iEncExpandKey128(key->keyblock.contents, cache->enc_ctx.ks);
+    else
+        k5_iEncExpandKey256(key->keyblock.contents, cache->enc_ctx.ks);
+    cache->enc_ctx.inf.l = 1;
+}
+
+static void
+aesni_expand_dec_key(krb5_key key)
+{
+    struct aes_key_info_cache *cache = CACHE(key);
+
+    if (key->keyblock.length == 16)
+        k5_iDecExpandKey128(key->keyblock.contents, cache->dec_ctx.ks);
+    else
+        k5_iDecExpandKey256(key->keyblock.contents, cache->dec_ctx.ks);
+    cache->dec_ctx.inf.l = 1;
+}
+
+static inline void
+aesni_enc(krb5_key key, unsigned char *data, size_t nblocks, unsigned char *iv)
+{
+    struct aes_key_info_cache *cache = CACHE(key);
+    struct aes_data d;
+
+    d.in_block = data;
+    d.out_block = data;
+    d.expanded_key = cache->enc_ctx.ks;
+    d.iv = iv;
+    d.num_blocks = nblocks;
+    if (key->keyblock.length == 16)
+        k5_iEnc128_CBC(&d);
+    else
+        k5_iEnc256_CBC(&d);
+}
+
+static inline void
+aesni_dec(krb5_key key, unsigned char *data, size_t nblocks, unsigned char *iv)
+{
+    struct aes_key_info_cache *cache = CACHE(key);
+    struct aes_data d;
+
+    d.in_block = data;
+    d.out_block = data;
+    d.expanded_key = cache->dec_ctx.ks;
+    d.iv = iv;
+    d.num_blocks = nblocks;
+    if (key->keyblock.length == 16)
+        k5_iDec128_CBC(&d);
+    else
+        k5_iDec256_CBC(&d);
+}
+
+#else /* not AESNI */
+
+#define aesni_supported_by_cpu() FALSE
+#define aesni_supported(key) FALSE
+#define aesni_expand_enc_key(key)
+#define aesni_expand_dec_key(key)
+#define aesni_enc(key, data, nblocks, iv)
+#define aesni_dec(key, data, nblocks, iv)
+
+#endif
+
+/* out = out ^ in */
+static inline void
+xorblock(const unsigned char *in, unsigned char *out)
+{
+    size_t q;
+
+    for (q = 0; q < AES_BLOCK_SIZE; q += 4)
+        store_32_n(load_32_n(out + q) ^ load_32_n(in + q), out + q);
+}
+
+static inline krb5_error_code
+init_key_cache(krb5_key key)
+{
+    if (key->cache != NULL)
+        return 0;
+    key->cache = malloc(sizeof(struct aes_key_info_cache));
+    if (key->cache == NULL)
+        return ENOMEM;
+    CACHE(key)->enc_ctx.inf.l = CACHE(key)->dec_ctx.inf.l = 0;
+    CACHE(key)->aesni = aesni_supported_by_cpu();
+    return 0;
+}
+
+static inline void
+expand_enc_key(krb5_key key)
+{
+    if (CACHE(key)->enc_ctx.inf.l != 0)
+        return;
+    if (aesni_supported(key))
+        aesni_expand_enc_key(key);
+    else if (aes_encrypt_key(key->keyblock.contents, key->keyblock.length,
+                             &CACHE(key)->enc_ctx) != EXIT_SUCCESS)
+        abort();
+}
+
+static inline void
+expand_dec_key(krb5_key key)
+{
+    if (CACHE(key)->dec_ctx.inf.l != 0)
+        return;
+    if (aesni_supported(key))
+        aesni_expand_dec_key(key);
+    else if (aes_decrypt_key(key->keyblock.contents, key->keyblock.length,
+                             &CACHE(key)->dec_ctx) != EXIT_SUCCESS)
+        abort();
+}
+
+/* CBC encrypt nblocks blocks of data in place, using and updating iv. */
+static inline void
+cbc_enc(krb5_key key, unsigned char *data, size_t nblocks, unsigned char *iv)
+{
+    if (aesni_supported(key)) {
+        aesni_enc(key, data, nblocks, iv);
+        return;
+    }
+    for (; nblocks > 0; nblocks--, data += AES_BLOCK_SIZE) {
+        xorblock(iv, data);
+        if (aes_encrypt(data, data, &CACHE(key)->enc_ctx) != EXIT_SUCCESS)
+            abort();
+        memcpy(iv, data, AES_BLOCK_SIZE);
+    }
+}
+
+/* CBC decrypt nblocks blocks of data in place, using and updating iv. */
+static inline void
+cbc_dec(krb5_key key, unsigned char *data, size_t nblocks, unsigned char *iv)
+{
+    unsigned char last_cipherblock[AES_BLOCK_SIZE];
+
+    if (aesni_supported(key)) {
+        aesni_dec(key, data, nblocks, iv);
+        return;
+    }
+    assert(nblocks > 0);
+    data += (nblocks - 1) * AES_BLOCK_SIZE;
+    memcpy(last_cipherblock, data, AES_BLOCK_SIZE);
+    for (; nblocks > 0; nblocks--, data -= AES_BLOCK_SIZE) {
+        if (aes_decrypt(data, data, &CACHE(key)->dec_ctx) != EXIT_SUCCESS)
+            abort();
+        xorblock(nblocks == 1 ? iv : data - AES_BLOCK_SIZE, data);
+    }
+    memcpy(iv, last_cipherblock, AES_BLOCK_SIZE);
+}
+
+krb5_error_code
+krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data)
+{
+    unsigned char iv[AES_BLOCK_SIZE], block[AES_BLOCK_SIZE];
+    unsigned char blockN2[AES_BLOCK_SIZE], blockN1[AES_BLOCK_SIZE];
+    size_t input_length, nblocks, ncontig;
+    struct iov_cursor cursor;
+
+    if (init_key_cache(key))
+        return ENOMEM;
+    expand_enc_key(key);
+
+    k5_iov_cursor_init(&cursor, data, num_data, AES_BLOCK_SIZE, FALSE);
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE;
+    if (nblocks == 1) {
+        k5_iov_cursor_get(&cursor, block);
+        memset(iv, 0, AES_BLOCK_SIZE);
+        cbc_enc(key, block, 1, iv);
+        k5_iov_cursor_put(&cursor, block);
+        return 0;
+    }
+
+    if (ivec != NULL)
+        memcpy(iv, ivec->data, AES_BLOCK_SIZE);
+    else
+        memset(iv, 0, AES_BLOCK_SIZE);
+
+    while (nblocks > 2) {
+        ncontig = iov_cursor_contig_blocks(&cursor);
+        if (ncontig > 0) {
+            /* Encrypt a series of contiguous blocks in place if we can, but
+             * don't touch the last two blocks. */
+            ncontig = (ncontig > nblocks - 2) ? nblocks - 2 : ncontig;
+            cbc_enc(key, iov_cursor_ptr(&cursor), ncontig, iv);
+            iov_cursor_advance(&cursor, ncontig);
+            nblocks -= ncontig;
+        } else {
+            k5_iov_cursor_get(&cursor, block);
+            cbc_enc(key, block, 1, iv);
+            k5_iov_cursor_put(&cursor, block);
+            nblocks--;
+        }
+    }
+
+    /* Encrypt the last two blocks and put them back in reverse order, possibly
+     * truncating the encrypted second-to-last block. */
+    k5_iov_cursor_get(&cursor, blockN2);
+    k5_iov_cursor_get(&cursor, blockN1);
+    cbc_enc(key, blockN2, 1, iv);
+    cbc_enc(key, blockN1, 1, iv);
+    k5_iov_cursor_put(&cursor, blockN1);
+    k5_iov_cursor_put(&cursor, blockN2);
+
+    if (ivec != NULL)
+        memcpy(ivec->data, iv, AES_BLOCK_SIZE);
+
+    return 0;
+}
+
+krb5_error_code
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data)
+{
+    unsigned char iv[AES_BLOCK_SIZE], dummy_iv[AES_BLOCK_SIZE];
+    unsigned char block[AES_BLOCK_SIZE];
+    unsigned char blockN2[AES_BLOCK_SIZE], blockN1[AES_BLOCK_SIZE];
+    size_t input_length, last_len, nblocks, ncontig;
+    struct iov_cursor cursor;
+
+    if (init_key_cache(key))
+        return ENOMEM;
+    expand_dec_key(key);
+
+    k5_iov_cursor_init(&cursor, data, num_data, AES_BLOCK_SIZE, FALSE);
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE;
+    last_len = input_length - (nblocks - 1) * AES_BLOCK_SIZE;
+    if (nblocks == 1) {
+        k5_iov_cursor_get(&cursor, block);
+        memset(iv, 0, AES_BLOCK_SIZE);
+        cbc_dec(key, block, 1, iv);
+        k5_iov_cursor_put(&cursor, block);
+        return 0;
+    }
+
+    if (ivec != NULL)
+        memcpy(iv, ivec->data, AES_BLOCK_SIZE);
+    else
+        memset(iv, 0, AES_BLOCK_SIZE);
+
+    while (nblocks > 2) {
+        ncontig = iov_cursor_contig_blocks(&cursor);
+        if (ncontig > 0) {
+            /* Decrypt a series of contiguous blocks in place if we can, but
+             * don't touch the last two blocks. */
+            ncontig = (ncontig > nblocks - 2) ? nblocks - 2 : ncontig;
+            cbc_dec(key, iov_cursor_ptr(&cursor), ncontig, iv);
+            iov_cursor_advance(&cursor, ncontig);
+            nblocks -= ncontig;
+        } else {
+            k5_iov_cursor_get(&cursor, block);
+            cbc_dec(key, block, 1, iv);
+            k5_iov_cursor_put(&cursor, block);
+            nblocks--;
+        }
+    }
+
+    /* Get the last two ciphertext blocks.  Save the first as the new iv. */
+    k5_iov_cursor_get(&cursor, blockN2);
+    k5_iov_cursor_get(&cursor, blockN1);
+    if (ivec != NULL)
+        memcpy(ivec->data, blockN2, AES_BLOCK_SIZE);
+
+    /* Decrypt the second-to-last ciphertext block, using the final ciphertext
+     * block as the CBC IV.  This produces the final plaintext block. */
+    memcpy(dummy_iv, blockN1, sizeof(dummy_iv));
+    cbc_dec(key, blockN2, 1, dummy_iv);
+
+    /* Use the final bits of the decrypted plaintext to pad the last ciphertext
+     * block, and decrypt it to produce the second-to-last plaintext block. */
+    memcpy(blockN1 + last_len, blockN2 + last_len, AES_BLOCK_SIZE - last_len);
+    cbc_dec(key, blockN1, 1, iv);
+
+    /* Put the last two plaintext blocks back into the iovec. */
+    k5_iov_cursor_put(&cursor, blockN1);
+    k5_iov_cursor_put(&cursor, blockN2);
+
+    return 0;
+}
+
+static krb5_error_code
+aes_init_state(const krb5_keyblock *key, krb5_keyusage usage,
+               krb5_data *state)
+{
+    state->length = 16;
+    state->data = malloc(16);
+    if (state->data == NULL)
+        return ENOMEM;
+    memset(state->data, 0, state->length);
+    return 0;
+}
+
+static void
+aes_key_cleanup(krb5_key key)
+{
+    zapfree(key->cache, sizeof(struct aes_key_info_cache));
+}
+
+const struct krb5_enc_provider krb5int_enc_aes128 = {
+    16,
+    16, 16,
+    krb5int_aes_encrypt,
+    krb5int_aes_decrypt,
+    NULL,
+    aes_init_state,
+    krb5int_default_free_state,
+    aes_key_cleanup
+};
+
+const struct krb5_enc_provider krb5int_enc_aes256 = {
+    16,
+    32, 32,
+    krb5int_aes_encrypt,
+    krb5int_aes_decrypt,
+    NULL,
+    aes_init_state,
+    krb5int_default_free_state,
+    aes_key_cleanup
+};
+
+#endif /* K5_BUILTIN_AES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/camellia.c b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/camellia.c
new file mode 100644
index 00000000..801fda00
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/camellia.c
@@ -0,0 +1,319 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/enc_provider/camellia.c - Camellia enc provider */
+/*
+ * Copyright (C) 2009, 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+#include "camellia.h"
+
+#ifdef K5_BUILTIN_CAMELLIA
+
+/*
+ * Private per-key data to cache after first generation.  We don't want to mess
+ * with the imported Camellia implementation too much, so we'll just use two
+ * copies of its context, one for encryption and one for decryption, and use
+ * the keybitlen field as a flag for whether we've initialized each half.
+ */
+struct camellia_key_info_cache {
+    camellia_ctx enc_ctx, dec_ctx;
+};
+#define CACHE(X) ((struct camellia_key_info_cache *)((X)->cache))
+
+/* out = out ^ in */
+static inline void
+xorblock(const unsigned char *in, unsigned char *out)
+{
+    size_t q;
+
+    for (q = 0; q < BLOCK_SIZE; q += 4)
+        store_32_n(load_32_n(out + q) ^ load_32_n(in + q), out + q);
+}
+
+static inline krb5_error_code
+init_key_cache(krb5_key key)
+{
+    if (key->cache != NULL)
+        return 0;
+    key->cache = malloc(sizeof(struct camellia_key_info_cache));
+    if (key->cache == NULL)
+        return ENOMEM;
+    CACHE(key)->enc_ctx.keybitlen = CACHE(key)->dec_ctx.keybitlen = 0;
+    return 0;
+}
+
+static inline void
+expand_enc_key(krb5_key key)
+{
+    if (CACHE(key)->enc_ctx.keybitlen)
+        return;
+    if (camellia_enc_key(key->keyblock.contents, key->keyblock.length,
+                         &CACHE(key)->enc_ctx) != camellia_good)
+        abort();
+}
+
+static inline void
+expand_dec_key(krb5_key key)
+{
+    if (CACHE(key)->dec_ctx.keybitlen)
+        return;
+    if (camellia_dec_key(key->keyblock.contents, key->keyblock.length,
+                         &CACHE(key)->dec_ctx) != camellia_good)
+        abort();
+}
+
+/* CBC encrypt nblocks blocks of data in place, using and updating iv. */
+static inline void
+cbc_enc(krb5_key key, unsigned char *data, size_t nblocks, unsigned char *iv)
+{
+    for (; nblocks > 0; nblocks--, data += BLOCK_SIZE) {
+        xorblock(iv, data);
+        if (camellia_enc_blk(data, data, &CACHE(key)->enc_ctx) !=
+            camellia_good)
+            abort();
+        memcpy(iv, data, BLOCK_SIZE);
+    }
+}
+
+/* CBC decrypt nblocks blocks of data in place, using and updating iv. */
+static inline void
+cbc_dec(krb5_key key, unsigned char *data, size_t nblocks, unsigned char *iv)
+{
+    unsigned char last_cipherblock[BLOCK_SIZE];
+
+    assert(nblocks > 0);
+    data += (nblocks - 1) * BLOCK_SIZE;
+    memcpy(last_cipherblock, data, BLOCK_SIZE);
+    for (; nblocks > 0; nblocks--, data -= BLOCK_SIZE) {
+        if (camellia_dec_blk(data, data, &CACHE(key)->dec_ctx) !=
+            camellia_good)
+            abort();
+        xorblock(nblocks == 1 ? iv : data - BLOCK_SIZE, data);
+    }
+    memcpy(iv, last_cipherblock, BLOCK_SIZE);
+}
+
+krb5_error_code
+krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
+                         krb5_crypto_iov *data, size_t num_data)
+{
+    unsigned char iv[BLOCK_SIZE], block[BLOCK_SIZE];
+    unsigned char blockN2[BLOCK_SIZE], blockN1[BLOCK_SIZE];
+    size_t input_length, nblocks, ncontig;
+    struct iov_cursor cursor;
+
+    if (init_key_cache(key))
+        return ENOMEM;
+    expand_enc_key(key);
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        k5_iov_cursor_get(&cursor, block);
+        memset(iv, 0, BLOCK_SIZE);
+        cbc_enc(key, block, 1, iv);
+        k5_iov_cursor_put(&cursor, block);
+        return 0;
+    }
+
+    if (ivec != NULL)
+        memcpy(iv, ivec->data, BLOCK_SIZE);
+    else
+        memset(iv, 0, BLOCK_SIZE);
+
+    while (nblocks > 2) {
+        ncontig = iov_cursor_contig_blocks(&cursor);
+        if (ncontig > 0) {
+            /* Encrypt a series of contiguous blocks in place if we can, but
+             * don't touch the last two blocks. */
+            ncontig = (ncontig > nblocks - 2) ? nblocks - 2 : ncontig;
+            cbc_enc(key, iov_cursor_ptr(&cursor), ncontig, iv);
+            iov_cursor_advance(&cursor, ncontig);
+            nblocks -= ncontig;
+        } else {
+            k5_iov_cursor_get(&cursor, block);
+            cbc_enc(key, block, 1, iv);
+            k5_iov_cursor_put(&cursor, block);
+            nblocks--;
+        }
+    }
+
+    /* Encrypt the last two blocks and put them back in reverse order, possibly
+     * truncating the encrypted second-to-last block. */
+    k5_iov_cursor_get(&cursor, blockN2);
+    k5_iov_cursor_get(&cursor, blockN1);
+    cbc_enc(key, blockN2, 1, iv);
+    cbc_enc(key, blockN1, 1, iv);
+    k5_iov_cursor_put(&cursor, blockN1);
+    k5_iov_cursor_put(&cursor, blockN2);
+
+    if (ivec != NULL)
+        memcpy(ivec->data, iv, BLOCK_SIZE);
+
+    return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
+                         krb5_crypto_iov *data, size_t num_data)
+{
+    unsigned char iv[BLOCK_SIZE], dummy_iv[BLOCK_SIZE], block[BLOCK_SIZE];
+    unsigned char blockN2[BLOCK_SIZE], blockN1[BLOCK_SIZE];
+    size_t input_length, last_len, nblocks, ncontig;
+    struct iov_cursor cursor;
+
+    if (init_key_cache(key))
+        return ENOMEM;
+    expand_dec_key(key);
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    last_len = input_length - (nblocks - 1) * BLOCK_SIZE;
+    if (nblocks == 1) {
+        k5_iov_cursor_get(&cursor, block);
+        memset(iv, 0, BLOCK_SIZE);
+        cbc_dec(key, block, 1, iv);
+        k5_iov_cursor_put(&cursor, block);
+        return 0;
+    }
+
+    if (ivec != NULL)
+        memcpy(iv, ivec->data, BLOCK_SIZE);
+    else
+        memset(iv, 0, BLOCK_SIZE);
+
+    while (nblocks > 2) {
+        ncontig = iov_cursor_contig_blocks(&cursor);
+        if (ncontig > 0) {
+            /* Encrypt a series of contiguous blocks in place if we can, but
+             * don't touch the last two blocks. */
+            ncontig = (ncontig > nblocks - 2) ? nblocks - 2 : ncontig;
+            cbc_dec(key, iov_cursor_ptr(&cursor), ncontig, iv);
+            iov_cursor_advance(&cursor, ncontig);
+            nblocks -= ncontig;
+        } else {
+            k5_iov_cursor_get(&cursor, block);
+            cbc_dec(key, block, 1, iv);
+            k5_iov_cursor_put(&cursor, block);
+            nblocks--;
+        }
+    }
+
+    /* Get the last two ciphertext blocks.  Save the first as the new iv. */
+    k5_iov_cursor_get(&cursor, blockN2);
+    k5_iov_cursor_get(&cursor, blockN1);
+    if (ivec != NULL)
+        memcpy(ivec->data, blockN2, BLOCK_SIZE);
+
+    /* Decrypt the second-to-last ciphertext block, using the final ciphertext
+     * block as the CBC IV.  This produces the final plaintext block. */
+    memcpy(dummy_iv, blockN1, sizeof(dummy_iv));
+    cbc_dec(key, blockN2, 1, dummy_iv);
+
+    /* Use the final bits of the decrypted plaintext to pad the last ciphertext
+     * block, and decrypt it to produce the second-to-last plaintext block. */
+    memcpy(blockN1 + last_len, blockN2 + last_len, BLOCK_SIZE - last_len);
+    cbc_dec(key, blockN1, 1, iv);
+
+    /* Put the last two plaintext blocks back into the iovec. */
+    k5_iov_cursor_put(&cursor, blockN1);
+    k5_iov_cursor_put(&cursor, blockN2);
+
+    return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+                         size_t num_data, const krb5_data *ivec,
+                         krb5_data *output)
+{
+    unsigned char iv[BLOCK_SIZE], block[BLOCK_SIZE];
+    struct iov_cursor cursor;
+
+    if (output->length < BLOCK_SIZE)
+        return KRB5_BAD_MSIZE;
+
+    if (init_key_cache(key))
+        return ENOMEM;
+    expand_enc_key(key);
+
+    if (ivec != NULL)
+        memcpy(iv, ivec->data, BLOCK_SIZE);
+    else
+        memset(iv, 0, BLOCK_SIZE);
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+    while (k5_iov_cursor_get(&cursor, block))
+        cbc_enc(key, block, 1, iv);
+
+    output->length = BLOCK_SIZE;
+    memcpy(output->data, iv, BLOCK_SIZE);
+
+    return 0;
+}
+
+static krb5_error_code
+camellia_init_state(const krb5_keyblock *key, krb5_keyusage usage,
+                    krb5_data *state)
+{
+    state->length = 16;
+    state->data = malloc(16);
+    if (state->data == NULL)
+        return ENOMEM;
+    memset(state->data, 0, state->length);
+    return 0;
+}
+
+static void
+camellia_key_cleanup(krb5_key key)
+{
+    zapfree(key->cache, sizeof(struct camellia_key_info_cache));
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
+    16,
+    16, 16,
+    krb5int_camellia_encrypt,
+    krb5int_camellia_decrypt,
+    krb5int_camellia_cbc_mac,
+    camellia_init_state,
+    krb5int_default_free_state,
+    camellia_key_cleanup
+};
+
+const struct krb5_enc_provider krb5int_enc_camellia256 = {
+    16,
+    32, 32,
+    krb5int_camellia_encrypt,
+    krb5int_camellia_decrypt,
+    krb5int_camellia_cbc_mac,
+    camellia_init_state,
+    krb5int_default_free_state,
+    camellia_key_cleanup
+};
+
+#endif /* K5_BUILTIN_CAMELLIA */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/deps b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/deps
new file mode 100644
index 00000000..a3414a38
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/deps
@@ -0,0 +1,49 @@
+#
+# Generated makefile dependencies follow.
+#
+des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(srcdir)/../des/des_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des3.c
+aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(srcdir)/../aes/aes.h $(srcdir)/../aes/brg_types.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aes.c
+camellia.so camellia.po $(OUTPRE)camellia.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../camellia/camellia.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  camellia.c
+rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  rc4.c
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/des3.c b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/des3.c
new file mode 100644
index 00000000..c2634d5e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/des3.c
@@ -0,0 +1,109 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+#include "des_int.h"
+
+#ifdef K5_BUILTIN_DES
+
+static krb5_error_code
+validate_and_schedule(krb5_key key, const krb5_data *ivec,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      mit_des3_key_schedule *schedule)
+{
+    if (key->keyblock.length != 24)
+        return(KRB5_BAD_KEYSIZE);
+    if (iov_total_length(data, num_data, FALSE) % 8 != 0)
+        return(KRB5_BAD_MSIZE);
+    if (ivec && (ivec->length != 8))
+        return(KRB5_BAD_MSIZE);
+
+    switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents,
+                               *schedule)) {
+    case -1:
+        return(KRB5DES_BAD_KEYPAR);
+    case -2:
+        return(KRB5DES_WEAK_KEY);
+    }
+    return 0;
+}
+
+static krb5_error_code
+k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
+{
+    mit_des3_key_schedule schedule;
+    krb5_error_code err;
+
+    err = validate_and_schedule(key, ivec, data, num_data, &schedule);
+    if (err)
+        return err;
+
+    /* this has a return value, but the code always returns zero */
+    krb5int_des3_cbc_encrypt(data, num_data,
+                             schedule[0], schedule[1], schedule[2],
+                             ivec != NULL ? (unsigned char *) ivec->data :
+                             NULL);
+
+    zap(schedule, sizeof(schedule));
+
+    return(0);
+}
+
+static krb5_error_code
+k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
+{
+    mit_des3_key_schedule schedule;
+    krb5_error_code err;
+
+    err = validate_and_schedule(key, ivec, data, num_data, &schedule);
+    if (err)
+        return err;
+
+    /* this has a return value, but the code always returns zero */
+    krb5int_des3_cbc_decrypt(data, num_data,
+                             schedule[0], schedule[1], schedule[2],
+                             ivec != NULL ? (unsigned char *) ivec->data :
+                             NULL);
+
+    zap(schedule, sizeof(schedule));
+
+    return 0;
+}
+
+const struct krb5_enc_provider krb5int_enc_des3 = {
+    8,
+    21, 24,
+    k5_des3_encrypt,
+    k5_des3_decrypt,
+    NULL,
+    krb5int_des_init_state,
+    krb5int_default_free_state
+};
+
+#endif /* K5_BUILTIN_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/rc4.c b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/rc4.c
new file mode 100644
index 00000000..31291c2a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/enc_provider/rc4.c
@@ -0,0 +1,194 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/enc_provider/rc4.c */
+/*
+ * Copyright (c) 2000 by Computer Science Laboratory,
+ *                       Rensselaer Polytechnic Institute
+ *
+ * #include STD_DISCLAIMER
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_BUILTIN_RC4
+
+typedef struct
+{
+    unsigned int x;
+    unsigned int y;
+    unsigned char state[256];
+} ArcfourContext;
+
+typedef struct {
+    int initialized;
+    ArcfourContext ctx;
+} ArcFourCipherState;
+
+/* gets the next byte from the PRNG */
+#if ((__GNUC__ >= 2) )
+static __inline__ unsigned int k5_arcfour_byte(ArcfourContext *);
+#else
+static unsigned int k5_arcfour_byte(ArcfourContext *);
+#endif /* gcc inlines*/
+
+/* Initializes the context and sets the key. */
+static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
+                                       unsigned int keylen);
+
+/* Encrypts/decrypts data. */
+static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
+                             const unsigned char *src, unsigned int len);
+
+static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
+{
+    unsigned int x;
+    unsigned int y;
+    unsigned int sx, sy;
+    unsigned char *state;
+
+    state = ctx->state;
+    x = (ctx->x + 1) & 0xff;
+    sx = state[x];
+    y = (sx + ctx->y) & 0xff;
+    sy = state[y];
+    ctx->x = x;
+    ctx->y = y;
+    state[y] = sx;
+    state[x] = sy;
+    return state[(sx + sy) & 0xff];
+}
+
+static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
+                             const unsigned char *src, unsigned int len)
+{
+    unsigned int i;
+    for (i = 0; i < len; i++)
+        dest[i] = src[i] ^ k5_arcfour_byte(ctx);
+}
+
+
+static krb5_error_code
+k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
+                unsigned int key_len)
+{
+    unsigned int t, u;
+    unsigned int keyindex;
+    unsigned int stateindex;
+    unsigned char* state;
+    unsigned int counter;
+
+    if (key_len != 16)
+        return KRB5_BAD_MSIZE;     /*this is probably not the correct error code
+                                     to return */
+    state = &ctx->state[0];
+    ctx->x = 0;
+    ctx->y = 0;
+    for (counter = 0; counter < 256; counter++)
+        state[counter] = counter;
+    keyindex = 0;
+    stateindex = 0;
+    for (counter = 0; counter < 256; counter++)
+    {
+        t = state[counter];
+        stateindex = (stateindex + key[keyindex] + t) & 0xff;
+        u = state[stateindex];
+        state[stateindex] = t;
+        state[counter] = u;
+        if (++keyindex >= key_len)
+            keyindex = 0;
+    }
+    return 0;
+}
+
+
+static krb5_error_code
+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+                   size_t num_data)
+{
+    ArcfourContext *arcfour_ctx = NULL;
+    ArcFourCipherState *cipher_state = NULL;
+    krb5_error_code ret;
+    size_t i;
+
+    if (key->keyblock.length != 16)
+        return KRB5_BAD_KEYSIZE;
+    if (state != NULL && (state->length != sizeof(ArcFourCipherState)))
+        return KRB5_BAD_MSIZE;
+
+    if (state != NULL) {
+        cipher_state = (ArcFourCipherState *)(void *)state->data;
+        arcfour_ctx = &cipher_state->ctx;
+        if (cipher_state->initialized == 0) {
+            ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                                  key->keyblock.length);
+            if (ret != 0)
+                return ret;
+
+            cipher_state->initialized = 1;
+        }
+    } else {
+        arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext));
+        if (arcfour_ctx == NULL)
+            return ENOMEM;
+
+        ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                              key->keyblock.length);
+        if (ret != 0) {
+            free(arcfour_ctx);
+            return ret;
+        }
+    }
+
+    for (i = 0; i < num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
+
+        if (ENCRYPT_IOV(iov))
+            k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data,
+                             (const unsigned char *)iov->data.data, iov->data.length);
+    }
+
+    if (state == NULL)
+        zapfree(arcfour_ctx, sizeof(ArcfourContext));
+
+    return 0;
+}
+
+static krb5_error_code
+k5_arcfour_init_state (const krb5_keyblock *key,
+                       krb5_keyusage keyusage, krb5_data *new_state)
+{
+    /* Note that we can't actually set up the state here  because the key
+     * will change  between now and when encrypt is called
+     * because  it is data dependent.  Yeah, this has strange
+     * properties. --SDH
+     */
+    new_state->length = sizeof (ArcFourCipherState);
+    new_state->data = malloc (new_state->length);
+    if (new_state->data) {
+        memset (new_state->data, 0 , new_state->length);
+        /* That will set initialized to zero*/
+    }else {
+        return (ENOMEM);
+    }
+    return 0;
+}
+
+/* Since the arcfour cipher is identical going forwards and backwards,
+   we just call "docrypt" directly
+*/
+const struct krb5_enc_provider krb5int_enc_arcfour = {
+    /* This seems to work... although I am not sure what the
+       implications are in other places in the kerberos library */
+    1,
+    /* Keysize is arbitrary in arcfour, but the constraints of the
+       system, and to attempt to work with the MSFT system forces us
+       to 16byte/128bit.  Since there is no parity in the key, the
+       byte and length are the same.  */
+    16, 16,
+    k5_arcfour_docrypt,
+    k5_arcfour_docrypt,
+    NULL,
+    k5_arcfour_init_state, /*xxx not implemented yet*/
+    krb5int_default_free_state
+};
+
+#endif /* K5_BUILTIN_RC4 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/Makefile.in
new file mode 100644
index 00000000..3fbe525e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/Makefile.in
@@ -0,0 +1,38 @@
+mydir=lib$(S)crypto$(S)builtin$(S)hash_provider
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb -I$(srcdir)/../md4 \
+	-I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../sha2 \
+	$(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\hash_provider
+##DOS##OBJFILE = ..\..\$(OUTPRE)hash_provider.lst
+
+STLIBOBJS= \
+	hash_md4.o 	\
+	hash_md5.o 	\
+	hash_sha1.o	\
+	hash_sha2.o
+
+OBJS=   $(OUTPRE)hash_md4.$(OBJEXT) 	\
+	$(OUTPRE)hash_md5.$(OBJEXT) 	\
+	$(OUTPRE)hash_sha1.$(OBJEXT)	\
+	$(OUTPRE)hash_sha2.$(OBJEXT)
+
+SRCS=	$(srcdir)/hash_md4.c 	\
+	$(srcdir)/hash_md5.c 	\
+	$(srcdir)/hash_sha1.c	\
+	$(srcdir)/hash_sha2.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/deps b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/deps
new file mode 100644
index 00000000..bfd14f74
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/deps
@@ -0,0 +1,51 @@
+#
+# Generated makefile dependencies follow.
+#
+hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../md4/rsa-md4.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_md4.c
+hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../md5/rsa-md5.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_md5.c
+hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../sha1/shs.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_sha1.c
+hash_sha2.so hash_sha2.po $(OUTPRE)hash_sha2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(srcdir)/../sha2/sha2.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_sha2.c
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_md4.c b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_md4.c
new file mode 100644
index 00000000..f7055f85
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_md4.c
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+#include "rsa-md4.h"
+
+#ifdef K5_BUILTIN_MD4
+
+static krb5_error_code
+k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    krb5_MD4_CTX ctx;
+    unsigned int i;
+
+    if (output->length != RSA_MD4_CKSUM_LENGTH)
+        return(KRB5_CRYPTO_INTERNAL);
+
+    krb5int_MD4Init(&ctx);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            krb5int_MD4Update(&ctx, (unsigned char *) iov->data.data,
+                              iov->data.length);
+        }
+    }
+    krb5int_MD4Final(&ctx);
+
+    memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
+
+    return(0);
+}
+
+const struct krb5_hash_provider krb5int_hash_md4 = {
+    "MD4",
+    RSA_MD4_CKSUM_LENGTH,
+    64,
+    k5_md4_hash
+};
+
+#endif /* K5_BUILTIN_MD4 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_md5.c b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_md5.c
new file mode 100644
index 00000000..2f01498a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_md5.c
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+#include "rsa-md5.h"
+
+#ifdef K5_BUILTIN_MD5
+
+static krb5_error_code
+k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    krb5_MD5_CTX ctx;
+    unsigned int i;
+
+    if (output->length != RSA_MD5_CKSUM_LENGTH)
+        return KRB5_CRYPTO_INTERNAL;
+
+    krb5int_MD5Init(&ctx);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            krb5int_MD5Update(&ctx, (unsigned char *) iov->data.data,
+                              iov->data.length);
+        }
+    }
+    krb5int_MD5Final(&ctx);
+
+    memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
+
+    return 0;
+}
+
+const struct krb5_hash_provider krb5int_hash_md5 = {
+    "MD5",
+    RSA_MD5_CKSUM_LENGTH,
+    64,
+    k5_md5_hash
+};
+
+#endif /* K5_BUILTIN_MD5 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_sha1.c b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_sha1.c
new file mode 100644
index 00000000..4e6e1533
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_sha1.c
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+#include "shs.h"
+
+#ifdef K5_BUILTIN_SHA1
+
+static krb5_error_code
+k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    SHS_INFO ctx;
+    unsigned int i;
+
+    if (output->length != SHS_DIGESTSIZE)
+        return KRB5_CRYPTO_INTERNAL;
+
+    shsInit(&ctx);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            shsUpdate(&ctx, (unsigned char *) iov->data.data,
+                      iov->data.length);
+        }
+    }
+    shsFinal(&ctx);
+
+    for (i = 0; i < sizeof(ctx.digest) / sizeof(ctx.digest[0]); i++)
+        store_32_be(ctx.digest[i], &output->data[i*4]);
+
+    return 0;
+}
+
+const struct krb5_hash_provider krb5int_hash_sha1 = {
+    "SHA1",
+    SHS_DIGESTSIZE,
+    SHS_DATASIZE,
+    k5_sha1_hash
+};
+
+#endif /* K5_BUILTIN_SHA1 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_sha2.c b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_sha2.c
new file mode 100644
index 00000000..fd7b56bb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hash_provider/hash_sha2.c
@@ -0,0 +1,92 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/hash_provider/sha2.c - SHA-2 hash providers */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+#include "sha2.h"
+
+#ifdef K5_BUILTIN_SHA2
+
+static krb5_error_code
+k5_sha256_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    SHA256_CTX ctx;
+    size_t i;
+    const krb5_crypto_iov *iov;
+
+    if (output->length != SHA256_DIGEST_LENGTH)
+        return KRB5_CRYPTO_INTERNAL;
+
+    k5_sha256_init(&ctx);
+    for (i = 0; i < num_data; i++) {
+        iov = &data[i];
+        if (SIGN_IOV(iov))
+            k5_sha256_update(&ctx, iov->data.data, iov->data.length);
+    }
+    k5_sha256_final(output->data, &ctx);
+    return 0;
+}
+
+static krb5_error_code
+k5_sha384_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    SHA384_CTX ctx;
+    size_t i;
+    const krb5_crypto_iov *iov;
+
+    if (output->length != SHA384_DIGEST_LENGTH)
+        return KRB5_CRYPTO_INTERNAL;
+
+    k5_sha384_init(&ctx);
+    for (i = 0; i < num_data; i++) {
+        iov = &data[i];
+        if (SIGN_IOV(iov))
+            k5_sha384_update(&ctx, iov->data.data, iov->data.length);
+    }
+    k5_sha384_final(output->data, &ctx);
+    return 0;
+}
+
+const struct krb5_hash_provider krb5int_hash_sha256 = {
+    "SHA-256",
+    SHA256_DIGEST_LENGTH,
+    SHA256_BLOCK_SIZE,
+    k5_sha256_hash
+};
+
+const struct krb5_hash_provider krb5int_hash_sha384 = {
+    "SHA-384",
+    SHA384_DIGEST_LENGTH,
+    SHA384_BLOCK_SIZE,
+    k5_sha384_hash
+};
+
+#endif /* K5_BUILTIN_SHA2 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/hmac.c b/krb5-1.21.3/src/lib/crypto/builtin/hmac.c
new file mode 100644
index 00000000..866758eb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/hmac.c
@@ -0,0 +1,124 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_BUILTIN_HMAC
+
+/*
+ * Because our built-in HMAC implementation doesn't need to invoke any
+ * encryption or keyed hash functions, it is simplest to define it in terms of
+ * keyblocks, and then supply a simple wrapper for the "normal" krb5_key-using
+ * interfaces.  The keyblock interfaces are useful for code which creates
+ * intermediate keyblocks.
+ */
+
+/*
+ * The HMAC transform looks like:
+ *
+ * H(K XOR opad, H(K XOR ipad, text))
+ *
+ * where H is a cryptographic hash
+ * K is an n byte key
+ * ipad is the byte 0x36 repeated blocksize times
+ * opad is the byte 0x5c repeated blocksize times
+ * and text is the data being protected
+ */
+
+krb5_error_code
+krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
+{
+    unsigned char *xorkey = NULL, *ihash = NULL;
+    unsigned int i;
+    krb5_crypto_iov *ihash_iov = NULL, ohash_iov[2];
+    krb5_data hashout;
+    krb5_error_code ret;
+
+    if (keyblock->length > hash->blocksize)
+        return KRB5_CRYPTO_INTERNAL;
+    if (output->length < hash->hashsize)
+        return KRB5_BAD_MSIZE;
+
+    /* Allocate space for the xor key, hash input vector, and inner hash */
+    xorkey = k5alloc(hash->blocksize, &ret);
+    if (xorkey == NULL)
+        goto cleanup;
+    ihash = k5alloc(hash->hashsize, &ret);
+    if (ihash == NULL)
+        goto cleanup;
+    ihash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
+    if (ihash_iov == NULL)
+        goto cleanup;
+
+    /* Create the inner padded key. */
+    memset(xorkey, 0x36, hash->blocksize);
+    for (i = 0; i < keyblock->length; i++)
+        xorkey[i] ^= keyblock->contents[i];
+
+    /* Compute the inner hash over the inner key and input data. */
+    ihash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    ihash_iov[0].data = make_data(xorkey, hash->blocksize);
+    memcpy(ihash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
+    hashout = make_data(ihash, hash->hashsize);
+    ret = hash->hash(ihash_iov, num_data + 1, &hashout);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Create the outer padded key. */
+    memset(xorkey, 0x5c, hash->blocksize);
+    for (i = 0; i < keyblock->length; i++)
+        xorkey[i] ^= keyblock->contents[i];
+
+    /* Compute the outer hash over the outer key and inner hash value. */
+    ohash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    ohash_iov[0].data = make_data(xorkey, hash->blocksize);
+    ohash_iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    ohash_iov[1].data = make_data(ihash, hash->hashsize);
+    output->length = hash->hashsize;
+    ret = hash->hash(ohash_iov, 2, output);
+    if (ret != 0)
+        memset(output->data, 0, output->length);
+
+cleanup:
+    zapfree(xorkey, hash->blocksize);
+    zapfree(ihash, hash->hashsize);
+    free(ihash_iov);
+    return ret;
+}
+
+krb5_error_code
+krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
+             const krb5_crypto_iov *data, size_t num_data,
+             krb5_data *output)
+{
+    return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output);
+}
+
+#endif /* K5_BUILTIN_HMAC */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/kdf.c b/krb5-1.21.3/src/lib/crypto/builtin/kdf.c
new file mode 100644
index 00000000..8a6658bf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/kdf.c
@@ -0,0 +1,190 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_BUILTIN_KDF
+
+krb5_error_code
+k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash,
+                          krb5_key key, const krb5_data *label,
+                          const krb5_data *context, krb5_data *rnd_out)
+{
+    krb5_crypto_iov iov[5];
+    krb5_error_code ret;
+    krb5_data prf;
+    unsigned char ibuf[4], lbuf[4];
+
+    if (hash == NULL || rnd_out->length > hash->hashsize)
+        return KRB5_CRYPTO_INTERNAL;
+
+    /* Allocate encryption data buffer. */
+    ret = alloc_data(&prf, hash->hashsize);
+    if (ret)
+        return ret;
+
+    /* [i]2: four-byte big-endian binary string giving the block counter (1) */
+    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[0].data = make_data(ibuf, sizeof(ibuf));
+    store_32_be(1, ibuf);
+    /* Label */
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = *label;
+    /* 0x00: separator byte */
+    iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[2].data = make_data("", 1);
+    /* Context */
+    iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[3].data = *context;
+    /* [L]2: four-byte big-endian binary string giving the output length */
+    iov[4].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[4].data = make_data(lbuf, sizeof(lbuf));
+    store_32_be(rnd_out->length * 8, lbuf);
+
+    ret = krb5int_hmac(hash, key, iov, 5, &prf);
+    if (!ret)
+        memcpy(rnd_out->data, prf.data, rnd_out->length);
+    zapfree(prf.data, prf.length);
+    return ret;
+}
+
+krb5_error_code
+k5_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, krb5_key key,
+                           const krb5_data *label, krb5_data *rnd_out)
+{
+    size_t blocksize, keybytes, n;
+    krb5_crypto_iov iov[6];
+    krb5_error_code ret;
+    krb5_data prf;
+    unsigned int i;
+    unsigned char ibuf[4], Lbuf[4];
+
+    blocksize = enc->block_size;
+    keybytes = enc->keybytes;
+
+    if (key->keyblock.length != enc->keylength || rnd_out->length != keybytes)
+        return KRB5_CRYPTO_INTERNAL;
+
+    /* Allocate encryption data buffer. */
+    ret = alloc_data(&prf, blocksize);
+    if (ret)
+        return ret;
+
+    /* K(i-1): the previous block of PRF output, initially all-zeros. */
+    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[0].data = prf;
+    /* [i]2: four-byte big-endian binary string giving the block counter */
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = make_data(ibuf, sizeof(ibuf));
+    /* Label: the fixed derived-key input */
+    iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[2].data = *label;
+    /* 0x00: separator byte */
+    iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[3].data = make_data("", 1);
+    /* Context: (unused) */
+    iov[4].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[4].data = empty_data();
+    /* [L]2: four-byte big-endian binary string giving the output length */
+    iov[5].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[5].data = make_data(Lbuf, sizeof(Lbuf));
+    store_32_be(rnd_out->length * 8, Lbuf);
+
+    for (i = 1, n = 0; n < keybytes; i++) {
+        /* Update the block counter. */
+        store_32_be(i, ibuf);
+
+        /* Compute a CMAC checksum, storing the result into K(i-1). */
+        ret = krb5int_cmac_checksum(enc, key, iov, 6, &prf);
+        if (ret)
+            goto cleanup;
+
+        /* Copy the result into the appropriate part of the output buffer. */
+        if (keybytes - n <= blocksize) {
+            memcpy(rnd_out->data + n, prf.data, keybytes - n);
+            break;
+        }
+        memcpy(rnd_out->data + n, prf.data, blocksize);
+        n += blocksize;
+    }
+
+cleanup:
+    zapfree(prf.data, blocksize);
+    return ret;
+}
+
+krb5_error_code
+k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, krb5_key key,
+                         const krb5_data *constant, krb5_data *rnd_out)
+{
+    size_t blocksize, keybytes, n;
+    krb5_error_code ret;
+    krb5_data block = empty_data();
+
+    blocksize = enc->block_size;
+    keybytes = enc->keybytes;
+
+    if (blocksize == 1)
+        return KRB5_BAD_ENCTYPE;
+    if (key->keyblock.length != enc->keylength || rnd_out->length != keybytes)
+        return KRB5_CRYPTO_INTERNAL;
+
+    /* Allocate encryption data buffer. */
+    ret = alloc_data(&block, blocksize);
+    if (ret)
+        return ret;
+
+    /* Initialize the input block. */
+    if (constant->length == blocksize) {
+        memcpy(block.data, constant->data, blocksize);
+    } else {
+        krb5int_nfold(constant->length * 8, (uint8_t *)constant->data,
+                      blocksize * 8, (uint8_t *)block.data);
+    }
+
+    /* Loop encrypting the blocks until enough key bytes are generated. */
+    n = 0;
+    while (n < keybytes) {
+        ret = encrypt_block(enc, key, &block);
+        if (ret)
+            goto cleanup;
+
+        if ((keybytes - n) <= blocksize) {
+            memcpy(rnd_out->data + n, block.data, (keybytes - n));
+            break;
+        }
+
+        memcpy(rnd_out->data + n, block.data, blocksize);
+        n += blocksize;
+    }
+
+cleanup:
+    zapfree(block.data, blocksize);
+    return ret;
+}
+
+#endif /* K5_BUILTIN_KDF */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md4/ISSUES b/krb5-1.21.3/src/lib/crypto/builtin/md4/ISSUES
new file mode 100644
index 00000000..c343d290
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md4/ISSUES
@@ -0,0 +1,4 @@
+Issues to be addressed for src/lib/crypto/md4: -*- text -*-
+
+
+Assumes int is >= 32 bits.
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md4/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/md4/Makefile.in
new file mode 100644
index 00000000..0e49400e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md4/Makefile.in
@@ -0,0 +1,33 @@
+mydir=lib$(S)crypto$(S)builtin$(S)md4
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES=-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\md4
+##DOS##OBJFILE = ..\..\$(OUTPRE)md4.lst
+
+STLIBOBJS= md4.o
+
+OBJS= $(OUTPRE)md4.$(OBJEXT) 
+
+SRCS= $(srcdir)/md4.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+
+check-unix:
+
+check-windows:
+
+clean:
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md4/deps b/krb5-1.21.3/src/lib/crypto/builtin/md4/deps
new file mode 100644
index 00000000..27994226
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md4/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  md4.c rsa-md4.h
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md4/md4.c b/krb5-1.21.3/src/lib/crypto/builtin/md4/md4.c
new file mode 100644
index 00000000..28955ad3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md4/md4.c
@@ -0,0 +1,247 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/md4/md4.c */
+
+/*
+ * Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
+ *
+ * License to copy and use this software is granted provided that
+ * it is identified as the "RSA Data Security, Inc. MD4 Message
+ * Digest Algorithm" in all material mentioning or referencing this
+ * software or this function.
+ *
+ * License is also granted to make and use derivative works
+ * provided that such works are identified as "derived from the RSA
+ * Data Security, Inc. MD4 Message Digest Algorithm" in all
+ * material mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning
+ * either the merchantability of this software or the suitability
+ * of this software for any particular purpose.  It is provided "as
+ * is" without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+/*
+**********************************************************************
+** md4.c                                                            **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version                  **
+**********************************************************************
+*/
+
+#include "crypto_int.h"
+#include "rsa-md4.h"
+
+#ifdef K5_BUILTIN_MD4
+
+/* forward declaration */
+static void Transform (krb5_ui_4 *, krb5_ui_4 *);
+
+static const unsigned char PADDING[64] = {
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* F, G and H are basic MD4 functions: selection, majority, parity */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+/* ROTATE_LEFT rotates x left n bits */
+#define ROTATE_LEFT(x, n) ((((x) << (n)) & 0xffffffff) | ((x) >> (32-(n))))
+
+/* FF, GG and HH are MD4 transformations for rounds 1, 2 and 3 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s)                    \
+    {(a) += F ((b), (c), (d)) + (x);            \
+        (a) &= 0xffffffff;                      \
+        (a) = ROTATE_LEFT ((a), (s));}
+#define GG(a, b, c, d, x, s)                            \
+    {(a) += G ((b), (c), (d)) + (x) + 013240474631UL;   \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));}
+#define HH(a, b, c, d, x, s)                            \
+    {(a) += H ((b), (c), (d)) + (x) + 015666365641UL;   \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));}
+
+void
+krb5int_MD4Init (krb5_MD4_CTX *mdContext)
+{
+    mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+    /* Load magic initialization constants.
+     */
+    mdContext->buf[0] = 0x67452301UL;
+    mdContext->buf[1] = 0xefcdab89UL;
+    mdContext->buf[2] = 0x98badcfeUL;
+    mdContext->buf[3] = 0x10325476UL;
+}
+
+void
+krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+{
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* update number of bits */
+    if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+        mdContext->i[1]++;
+    mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+    mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+    while (inLen--) {
+        /* add new character to buffer, increment mdi */
+        mdContext->in[mdi++] = *inBuf++;
+
+        /* transform if necessary */
+        if (mdi == 0x40) {
+            for (i = 0, ii = 0; i < 16; i++, ii += 4) {
+                in[i] = load_32_le(mdContext->in+ii);
+            }
+            Transform (mdContext->buf, in);
+            mdi = 0;
+        }
+    }
+}
+
+void
+krb5int_MD4Final (krb5_MD4_CTX *mdContext)
+{
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+    unsigned int padLen;
+
+    /* save number of bits */
+    in[14] = mdContext->i[0];
+    in[15] = mdContext->i[1];
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* pad out to 56 mod 64 */
+    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+    krb5int_MD4Update (mdContext, PADDING, padLen);
+
+    /* append length in bits and transform */
+    for (i = 0, ii = 0; i < 14; i++, ii += 4)
+        in[i] = load_32_le(mdContext->in+ii);
+    Transform (mdContext->buf, in);
+
+
+    /* store buffer in digest */
+    for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+        store_32_le(mdContext->buf[i], mdContext->digest+ii);
+    }
+}
+
+/* Basic MD4 step. Transform buf based on in.
+ */
+static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
+{
+    krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+    int i;
+#define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round1consts[] = { 3, 7, 11, 19, };
+        FF (a, b, c, d, in[i], round1consts[i%4]); ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round2indices[] = {
+            0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15
+        };
+        static const unsigned char round2consts[] = { 3, 5, 9, 13 };
+        GG (a, b, c, d, in[round2indices[i]], round2consts[i%4]); ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round3indices[] = {
+            0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
+        };
+        static const unsigned char round3consts[] = { 3, 9, 11, 15 };
+        HH (a, b, c, d, in[round3indices[i]], round3consts[i%4]); ROTATE;
+    }
+#else
+    /* Round 1 */
+    FF (a, b, c, d, in[ 0],  3);
+    FF (d, a, b, c, in[ 1],  7);
+    FF (c, d, a, b, in[ 2], 11);
+    FF (b, c, d, a, in[ 3], 19);
+    FF (a, b, c, d, in[ 4],  3);
+    FF (d, a, b, c, in[ 5],  7);
+    FF (c, d, a, b, in[ 6], 11);
+    FF (b, c, d, a, in[ 7], 19);
+    FF (a, b, c, d, in[ 8],  3);
+    FF (d, a, b, c, in[ 9],  7);
+    FF (c, d, a, b, in[10], 11);
+    FF (b, c, d, a, in[11], 19);
+    FF (a, b, c, d, in[12],  3);
+    FF (d, a, b, c, in[13],  7);
+    FF (c, d, a, b, in[14], 11);
+    FF (b, c, d, a, in[15], 19);
+
+    /* Round 2 */
+    GG (a, b, c, d, in[ 0],  3);
+    GG (d, a, b, c, in[ 4],  5);
+    GG (c, d, a, b, in[ 8],  9);
+    GG (b, c, d, a, in[12], 13);
+    GG (a, b, c, d, in[ 1],  3);
+    GG (d, a, b, c, in[ 5],  5);
+    GG (c, d, a, b, in[ 9],  9);
+    GG (b, c, d, a, in[13], 13);
+    GG (a, b, c, d, in[ 2],  3);
+    GG (d, a, b, c, in[ 6],  5);
+    GG (c, d, a, b, in[10],  9);
+    GG (b, c, d, a, in[14], 13);
+    GG (a, b, c, d, in[ 3],  3);
+    GG (d, a, b, c, in[ 7],  5);
+    GG (c, d, a, b, in[11],  9);
+    GG (b, c, d, a, in[15], 13);
+
+    /* Round 3 */
+    HH (a, b, c, d, in[ 0],  3);
+    HH (d, a, b, c, in[ 8],  9);
+    HH (c, d, a, b, in[ 4], 11);
+    HH (b, c, d, a, in[12], 15);
+    HH (a, b, c, d, in[ 2],  3);
+    HH (d, a, b, c, in[10],  9);
+    HH (c, d, a, b, in[ 6], 11);
+    HH (b, c, d, a, in[14], 15);
+    HH (a, b, c, d, in[ 1],  3);
+    HH (d, a, b, c, in[ 9],  9);
+    HH (c, d, a, b, in[ 5], 11);
+    HH (b, c, d, a, in[13], 15);
+    HH (a, b, c, d, in[ 3],  3);
+    HH (d, a, b, c, in[11],  9);
+    HH (c, d, a, b, in[ 7], 11);
+    HH (b, c, d, a, in[15], 15);
+#endif
+
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
+}
+
+/*
+**********************************************************************
+** End of md4.c                                                     **
+******************************* (cut) ********************************
+*/
+
+#endif /* K5_BUILTIN_MD4 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md4/rsa-md4.h b/krb5-1.21.3/src/lib/crypto/builtin/md4/rsa-md4.h
new file mode 100644
index 00000000..c404e151
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md4/rsa-md4.h
@@ -0,0 +1,90 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/md4/rsa-md4.h */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
+ *
+ * License to copy and use this software is granted provided that
+ * it is identified as the "RSA Data Security, Inc. MD4 Message
+ * Digest Algorithm" in all material mentioning or referencing this
+ * software or this function.
+ *
+ * License is also granted to make and use derivative works
+ * provided that such works are identified as "derived from the RSA
+ * Data Security, Inc. MD4 Message Digest Algorithm" in all
+ * material mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning
+ * either the merchantability of this software or the suitability
+ * of this software for any particular purpose.  It is provided "as
+ * is" without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+/* RSA MD4 header file, with Kerberos/STDC additions. */
+
+#ifndef __KRB5_RSA_MD4_H__
+#define __KRB5_RSA_MD4_H__
+
+#ifdef unicos61
+#include <sys/types.h>
+#endif /* unicos61 */
+
+/* 16 u_char's in the digest */
+#define RSA_MD4_CKSUM_LENGTH    16
+/* des blocksize is 8, so this works nicely... */
+#define OLD_RSA_MD4_DES_CKSUM_LENGTH    16
+#define NEW_RSA_MD4_DES_CKSUM_LENGTH    24
+#define RSA_MD4_DES_CONFOUND_LENGTH     8
+
+/*
+**********************************************************************
+** md4.h -- Header file for implementation of MD4                   **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
+**********************************************************************
+*/
+
+/* Data structure for MD4 (Message Digest) computation */
+typedef struct {
+    krb5_ui_4 i[2];                       /* number of _bits_ handled mod 2^64 */
+    krb5_ui_4 buf[4];                     /* scratch buffer */
+    unsigned char in[64];                 /* input buffer */
+    unsigned char digest[16];             /* actual digest after MD4Final call */
+} krb5_MD4_CTX;
+
+extern void krb5int_MD4Init(krb5_MD4_CTX *);
+extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned int);
+extern void krb5int_MD4Final(krb5_MD4_CTX *);
+
+/*
+**********************************************************************
+** End of md4.h                                                     **
+******************************* (cut) ********************************
+*/
+#endif /* __KRB5_RSA_MD4_H__ */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md5/ISSUES b/krb5-1.21.3/src/lib/crypto/builtin/md5/ISSUES
new file mode 100644
index 00000000..631238ad
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md5/ISSUES
@@ -0,0 +1,4 @@
+Issues to be addressed for src/lib/crypto/md5: -*- text -*-
+
+
+Assumes int is >= 32 bits.
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md5/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/md5/Makefile.in
new file mode 100644
index 00000000..1b28d218
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md5/Makefile.in
@@ -0,0 +1,32 @@
+mydir=lib$(S)crypto$(S)builtin$(S)md5
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES=-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\md5
+##DOS##OBJFILE = ..\..\$(OUTPRE)md5.lst
+
+STLIBOBJS= md5.o
+
+OBJS= $(OUTPRE)md5.$(OBJEXT) 
+
+SRCS= $(srcdir)/md5.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+check-unix:
+
+check-windows:
+
+clean:
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md5/deps b/krb5-1.21.3/src/lib/crypto/builtin/md5/deps
new file mode 100644
index 00000000..f727204d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md5/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  md5.c rsa-md5.h
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md5/md5.c b/krb5-1.21.3/src/lib/crypto/builtin/md5/md5.c
new file mode 100644
index 00000000..d5e018c7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md5/md5.c
@@ -0,0 +1,346 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
+ *
+ * License to copy and use this software is granted provided that
+ * it is identified as the "RSA Data Security, Inc. MD5 Message-
+ * Digest Algorithm" in all material mentioning or referencing this
+ * software or this function.
+ *
+ * License is also granted to make and use derivative works
+ * provided that such works are identified as "derived from the RSA
+ * Data Security, Inc. MD5 Message-Digest Algorithm" in all
+ * material mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning
+ * either the merchantability of this software or the suitability
+ * of this software for any particular purpose.  It is provided "as
+ * is" without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+/*
+***********************************************************************
+** md5.c -- the source code for MD5 routines                         **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
+***********************************************************************
+*/
+
+/*
+ * Modified by John Carr, MIT, to use Kerberos 5 typedefs.
+ */
+
+#include "crypto_int.h"
+#include "rsa-md5.h"
+
+#ifdef K5_BUILTIN_MD5
+
+/*
+***********************************************************************
+**  Message-digest routines:                                         **
+**  To form the message digest for a message M                       **
+**    (1) Initialize a context buffer mdContext using krb5int_MD5Init   **
+**    (2) Call krb5int_MD5Update on mdContext and M                     **
+**    (3) Call krb5int_MD5Final on mdContext                            **
+**  The message digest is now in mdContext->digest[0...15]           **
+***********************************************************************
+*/
+
+/* forward declaration */
+static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in);
+
+static const unsigned char PADDING[64] = {
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* F, G, H and I are basic MD5 functions */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits */
+#define ROTATE_LEFT(x, n) ((((x) << (n)) & 0xffffffff) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s, ac)                        \
+    {(a) += F ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define GG(a, b, c, d, x, s, ac)                        \
+    {(a) += G ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define HH(a, b, c, d, x, s, ac)                        \
+    {(a) += H ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define II(a, b, c, d, x, s, ac)                        \
+    {(a) += I ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+
+/* The routine krb5int_MD5Init initializes the message-digest context
+   mdContext. All fields are set to zero.
+*/
+void
+krb5int_MD5Init (krb5_MD5_CTX *mdContext)
+{
+    mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+    /* Load magic initialization constants.
+     */
+    mdContext->buf[0] = 0x67452301UL;
+    mdContext->buf[1] = 0xefcdab89UL;
+    mdContext->buf[2] = 0x98badcfeUL;
+    mdContext->buf[3] = 0x10325476UL;
+}
+
+/* The routine krb5int_MD5Update updates the message-digest context to
+   account for the presence of each of the characters inBuf[0..inLen-1]
+   in the message whose digest is being computed.
+*/
+void
+krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
+{
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* update number of bits */
+    if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+        mdContext->i[1]++;
+    mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+    mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+    while (inLen--) {
+        /* add new character to buffer, increment mdi */
+        mdContext->in[mdi++] = *inBuf++;
+
+        /* transform if necessary */
+        if (mdi == 0x40) {
+            for (i = 0, ii = 0; i < 16; i++, ii += 4)
+                in[i] = load_32_le(mdContext->in+ii);
+            Transform (mdContext->buf, in);
+            mdi = 0;
+        }
+    }
+}
+
+/* The routine krb5int_MD5Final terminates the message-digest computation and
+   ends with the desired message digest in mdContext->digest[0...15].
+*/
+void
+krb5int_MD5Final (krb5_MD5_CTX *mdContext)
+{
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+    unsigned int padLen;
+
+    /* save number of bits */
+    in[14] = mdContext->i[0];
+    in[15] = mdContext->i[1];
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* pad out to 56 mod 64 */
+    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+    krb5int_MD5Update (mdContext, PADDING, padLen);
+
+    /* append length in bits and transform */
+    for (i = 0, ii = 0; i < 14; i++, ii += 4)
+        in[i] = load_32_le(mdContext->in+ii);
+    Transform (mdContext->buf, in);
+
+    /* store buffer in digest */
+    for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+        store_32_le(mdContext->buf[i], mdContext->digest+ii);
+    }
+}
+
+/* Basic MD5 step. Transforms buf based on in.
+ */
+static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
+{
+    krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+
+    int i;
+#define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
+    for (i = 0; i < 16; i++) {
+        const unsigned char round1s[] = { 7, 12, 17, 22 };
+        const krb5_ui_4 round1consts[] = {
+            3614090360UL,   3905402710UL,    606105819UL,   3250441966UL,
+            4118548399UL,   1200080426UL,   2821735955UL,   4249261313UL,
+            1770035416UL,   2336552879UL,   4294925233UL,   2304563134UL,
+            1804603682UL,   4254626195UL,   2792965006UL,   1236535329UL,
+        };
+        FF (a, b, c, d, in[i], round1s[i%4], round1consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        const unsigned char round2s[] = { 5, 9, 14, 20 };
+        const krb5_ui_4 round2consts[] = {
+            4129170786UL,   3225465664UL,    643717713UL,   3921069994UL,
+            3593408605UL,     38016083UL,   3634488961UL,   3889429448UL,
+            568446438UL,   3275163606UL,   4107603335UL,   1163531501UL,
+            2850285829UL,   4243563512UL,   1735328473UL,   2368359562UL,
+        };
+        int r2index = (1 + i * 5) % 16;
+        GG (a, b, c, d, in[r2index], round2s[i%4], round2consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round3s[] = { 4, 11, 16, 23 };
+        static const krb5_ui_4 round3consts[] = {
+            4294588738UL,   2272392833UL,   1839030562UL,   4259657740UL,
+            2763975236UL,   1272893353UL,   4139469664UL,   3200236656UL,
+            681279174UL,   3936430074UL,   3572445317UL,     76029189UL,
+            3654602809UL,   3873151461UL,    530742520UL,   3299628645UL,
+        };
+        int r3index = (5 + i * 3) % 16;
+        HH (a, b, c, d, in[r3index], round3s[i%4], round3consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round4s[] = { 6, 10, 15, 21 };
+        static const krb5_ui_4 round4consts[] = {
+            4096336452UL,   1126891415UL,   2878612391UL,   4237533241UL,
+            1700485571UL,   2399980690UL,   4293915773UL,   2240044497UL,
+            1873313359UL,   4264355552UL,   2734768916UL,   1309151649UL,
+            4149444226UL,   3174756917UL,    718787259UL,   3951481745UL,
+        };
+        int r4index = (7 * i) % 16;
+        II (a, b, c, d, in[r4index], round4s[i%4], round4consts[i]);
+        ROTATE;
+    }
+
+#else
+
+    /* Round 1 */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+    FF ( a, b, c, d, in[ 0], S11, 3614090360UL); /* 1 */
+    FF ( d, a, b, c, in[ 1], S12, 3905402710UL); /* 2 */
+    FF ( c, d, a, b, in[ 2], S13,  606105819UL); /* 3 */
+    FF ( b, c, d, a, in[ 3], S14, 3250441966UL); /* 4 */
+    FF ( a, b, c, d, in[ 4], S11, 4118548399UL); /* 5 */
+    FF ( d, a, b, c, in[ 5], S12, 1200080426UL); /* 6 */
+    FF ( c, d, a, b, in[ 6], S13, 2821735955UL); /* 7 */
+    FF ( b, c, d, a, in[ 7], S14, 4249261313UL); /* 8 */
+    FF ( a, b, c, d, in[ 8], S11, 1770035416UL); /* 9 */
+    FF ( d, a, b, c, in[ 9], S12, 2336552879UL); /* 10 */
+    FF ( c, d, a, b, in[10], S13, 4294925233UL); /* 11 */
+    FF ( b, c, d, a, in[11], S14, 2304563134UL); /* 12 */
+    FF ( a, b, c, d, in[12], S11, 1804603682UL); /* 13 */
+    FF ( d, a, b, c, in[13], S12, 4254626195UL); /* 14 */
+    FF ( c, d, a, b, in[14], S13, 2792965006UL); /* 15 */
+    FF ( b, c, d, a, in[15], S14, 1236535329UL); /* 16 */
+
+    /* Round 2 */
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+    GG ( a, b, c, d, in[ 1], S21, 4129170786UL); /* 17 */
+    GG ( d, a, b, c, in[ 6], S22, 3225465664UL); /* 18 */
+    GG ( c, d, a, b, in[11], S23,  643717713UL); /* 19 */
+    GG ( b, c, d, a, in[ 0], S24, 3921069994UL); /* 20 */
+    GG ( a, b, c, d, in[ 5], S21, 3593408605UL); /* 21 */
+    GG ( d, a, b, c, in[10], S22,   38016083UL); /* 22 */
+    GG ( c, d, a, b, in[15], S23, 3634488961UL); /* 23 */
+    GG ( b, c, d, a, in[ 4], S24, 3889429448UL); /* 24 */
+    GG ( a, b, c, d, in[ 9], S21,  568446438UL); /* 25 */
+    GG ( d, a, b, c, in[14], S22, 3275163606UL); /* 26 */
+    GG ( c, d, a, b, in[ 3], S23, 4107603335UL); /* 27 */
+    GG ( b, c, d, a, in[ 8], S24, 1163531501UL); /* 28 */
+    GG ( a, b, c, d, in[13], S21, 2850285829UL); /* 29 */
+    GG ( d, a, b, c, in[ 2], S22, 4243563512UL); /* 30 */
+    GG ( c, d, a, b, in[ 7], S23, 1735328473UL); /* 31 */
+    GG ( b, c, d, a, in[12], S24, 2368359562UL); /* 32 */
+
+    /* Round 3 */
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+    HH ( a, b, c, d, in[ 5], S31, 4294588738UL); /* 33 */
+    HH ( d, a, b, c, in[ 8], S32, 2272392833UL); /* 34 */
+    HH ( c, d, a, b, in[11], S33, 1839030562UL); /* 35 */
+    HH ( b, c, d, a, in[14], S34, 4259657740UL); /* 36 */
+    HH ( a, b, c, d, in[ 1], S31, 2763975236UL); /* 37 */
+    HH ( d, a, b, c, in[ 4], S32, 1272893353UL); /* 38 */
+    HH ( c, d, a, b, in[ 7], S33, 4139469664UL); /* 39 */
+    HH ( b, c, d, a, in[10], S34, 3200236656UL); /* 40 */
+    HH ( a, b, c, d, in[13], S31,  681279174UL); /* 41 */
+    HH ( d, a, b, c, in[ 0], S32, 3936430074UL); /* 42 */
+    HH ( c, d, a, b, in[ 3], S33, 3572445317UL); /* 43 */
+    HH ( b, c, d, a, in[ 6], S34,   76029189UL); /* 44 */
+    HH ( a, b, c, d, in[ 9], S31, 3654602809UL); /* 45 */
+    HH ( d, a, b, c, in[12], S32, 3873151461UL); /* 46 */
+    HH ( c, d, a, b, in[15], S33,  530742520UL); /* 47 */
+    HH ( b, c, d, a, in[ 2], S34, 3299628645UL); /* 48 */
+
+    /* Round 4 */
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+    II ( a, b, c, d, in[ 0], S41, 4096336452UL); /* 49 */
+    II ( d, a, b, c, in[ 7], S42, 1126891415UL); /* 50 */
+    II ( c, d, a, b, in[14], S43, 2878612391UL); /* 51 */
+    II ( b, c, d, a, in[ 5], S44, 4237533241UL); /* 52 */
+    II ( a, b, c, d, in[12], S41, 1700485571UL); /* 53 */
+    II ( d, a, b, c, in[ 3], S42, 2399980690UL); /* 54 */
+    II ( c, d, a, b, in[10], S43, 4293915773UL); /* 55 */
+    II ( b, c, d, a, in[ 1], S44, 2240044497UL); /* 56 */
+    II ( a, b, c, d, in[ 8], S41, 1873313359UL); /* 57 */
+    II ( d, a, b, c, in[15], S42, 4264355552UL); /* 58 */
+    II ( c, d, a, b, in[ 6], S43, 2734768916UL); /* 59 */
+    II ( b, c, d, a, in[13], S44, 1309151649UL); /* 60 */
+    II ( a, b, c, d, in[ 4], S41, 4149444226UL); /* 61 */
+    II ( d, a, b, c, in[11], S42, 3174756917UL); /* 62 */
+    II ( c, d, a, b, in[ 2], S43,  718787259UL); /* 63 */
+    II ( b, c, d, a, in[ 9], S44, 3951481745UL); /* 64 */
+
+#endif /* small? */
+
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
+}
+
+#endif /* K5_BUILTIN_MD5 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/md5/rsa-md5.h b/krb5-1.21.3/src/lib/crypto/builtin/md5/rsa-md5.h
new file mode 100644
index 00000000..cbdf67cf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/md5/rsa-md5.h
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.
+ *
+ * License to copy and use this software is granted provided that
+ * it is identified as the "RSA Data Security, Inc. MD5 Message-
+ * Digest Algorithm" in all material mentioning or referencing this
+ * software or this function.
+ *
+ * License is also granted to make and use derivative works
+ * provided that such works are identified as "derived from the RSA
+ * Data Security, Inc. MD5 Message-Digest Algorithm" in all
+ * material mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning
+ * either the merchantability of this software or the suitability
+ * of this software for any particular purpose.  It is provided "as
+ * is" without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+/*
+***********************************************************************
+** md5.h -- header file for implementation of MD5                    **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+** Revised (for MD5): RLR 4/27/91                                    **
+**   -- G modified to have y&~z instead of y&z                       **
+**   -- FF, GG, HH modified to add in last register done             **
+**   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+**   -- distinct additive constant for each step                     **
+**   -- round 4 added, working mod 7                                 **
+***********************************************************************
+*/
+
+#ifndef KRB5_RSA_MD5__
+#define KRB5_RSA_MD5__
+
+/* Data structure for MD5 (Message-Digest) computation */
+typedef struct {
+    krb5_ui_4 i[2];                       /* number of _bits_ handled mod 2^64 */
+    krb5_ui_4 buf[4];                     /* scratch buffer */
+    unsigned char in[64];                 /* input buffer */
+    unsigned char digest[16];             /* actual digest after MD5Final call */
+} krb5_MD5_CTX;
+
+extern void krb5int_MD5Init(krb5_MD5_CTX *);
+extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
+extern void krb5int_MD5Final(krb5_MD5_CTX *);
+
+#define RSA_MD5_CKSUM_LENGTH            16
+#define OLD_RSA_MD5_DES_CKSUM_LENGTH    16
+#define NEW_RSA_MD5_DES_CKSUM_LENGTH    24
+#define RSA_MD5_DES_CONFOUND_LENGTH     8
+
+#endif /* KRB5_RSA_MD5__ */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/pbkdf2.c b/krb5-1.21.3/src/lib/crypto/builtin/pbkdf2.c
new file mode 100644
index 00000000..d7a03a32
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/pbkdf2.c
@@ -0,0 +1,221 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/pbkdf2.c - Implementation of PBKDF2 from RFC 2898 */
+/*
+ * Copyright 2002, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <ctype.h>
+#include "crypto_int.h"
+
+#ifdef K5_BUILTIN_PBKDF2
+
+/*
+ * RFC 2898 specifies PBKDF2 in terms of an underlying pseudo-random
+ * function with two arguments (password and salt||blockindex).  Right
+ * now we only use PBKDF2 with the hmac-sha1 PRF, also specified in
+ * RFC 2898, which invokes HMAC with the password as the key and the
+ * second argument as the text.  (HMAC accepts any key size up to the
+ * block size; the password is pre-hashed with unkeyed SHA1 if it is
+ * longer than the block size.)
+ *
+ * For efficiency, it is better to generate the key from the password
+ * once at the beginning, so we specify prf_fn in terms of a
+ * krb5_key first argument.  That might not be convenient for a PRF
+ * which uses the password in some other way, so this might need to be
+ * adjusted in the future.
+ */
+
+typedef krb5_error_code (*prf_fn)(krb5_key pass, krb5_data *salt,
+                                  krb5_data *out);
+
+static int debug_hmac = 0;
+
+static void printd (const char *descr, krb5_data *d) {
+    unsigned int i, j;
+    const int r = 16;
+
+    printf("%s:", descr);
+
+    for (i = 0; i < d->length; i += r) {
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
+    }
+    printf("\n");
+}
+
+/*
+ * Implements the hmac-sha1 PRF.  pass has been pre-hashed (if
+ * necessary) and converted to a key already; salt has had the block
+ * index appended to the original salt.
+ *
+ * NetBSD 8 declares an hmac() function in stdlib.h, so avoid that name.
+ */
+static krb5_error_code
+k5_hmac(const struct krb5_hash_provider *hash, krb5_keyblock *pass,
+        krb5_data *salt, krb5_data *out)
+{
+    krb5_error_code err;
+    krb5_crypto_iov iov;
+
+    if (debug_hmac)
+        printd(" hmac input", salt);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *salt;
+    err = krb5int_hmac_keyblock(hash, pass, &iov, 1, out);
+    if (err == 0 && debug_hmac)
+        printd(" hmac output", out);
+    return err;
+}
+
+static krb5_error_code
+F(char *output, char *u_tmp1, char *u_tmp2,
+  const struct krb5_hash_provider *hash, size_t hlen, krb5_keyblock *pass,
+  const krb5_data *salt, unsigned long count, int i)
+{
+    unsigned char ibytes[4];
+    unsigned int j, k;
+    krb5_data sdata;
+    krb5_data out;
+    krb5_error_code err;
+
+    /* Compute U_1.  */
+    store_32_be(i, ibytes);
+
+    memcpy(u_tmp2, salt->data, salt->length);
+    memcpy(u_tmp2 + salt->length, ibytes, 4);
+    sdata = make_data(u_tmp2, salt->length + 4);
+
+    out = make_data(u_tmp1, hlen);
+
+    err = k5_hmac(hash, pass, &sdata, &out);
+    if (err)
+        return err;
+
+    memcpy(output, u_tmp1, hlen);
+
+    /* Compute U_2, .. U_c.  */
+    sdata.length = hlen;
+    for (j = 2; j <= count; j++) {
+        memcpy(u_tmp2, u_tmp1, hlen);
+        err = k5_hmac(hash, pass, &sdata, &out);
+        if (err)
+            return err;
+
+        /* And xor them together.  */
+        for (k = 0; k < hlen; k++)
+            output[k] ^= u_tmp1[k];
+    }
+    return 0;
+}
+
+static krb5_error_code
+pbkdf2(const struct krb5_hash_provider *hash, krb5_keyblock *pass,
+       const krb5_data *salt, unsigned long count, const krb5_data *output)
+{
+    size_t hlen = hash->hashsize;
+    int l, i;
+    char *utmp1, *utmp2;
+    char utmp3[128];             /* XXX length shouldn't be hardcoded! */
+
+    if (output->length == 0 || hlen == 0)
+        abort();
+    /* Step 1 & 2.  */
+    if (output->length / hlen > 0xffffffff)
+        abort();
+    /* Step 2.  */
+    l = (output->length + hlen - 1) / hlen;
+
+    utmp1 = /*output + dklen; */ malloc(hlen);
+    if (utmp1 == NULL)
+        return ENOMEM;
+    utmp2 = /*utmp1 + hlen; */ malloc(salt->length + 4 + hlen);
+    if (utmp2 == NULL) {
+        free(utmp1);
+        return ENOMEM;
+    }
+
+    /* Step 3.  */
+    for (i = 1; i <= l; i++) {
+        krb5_error_code err;
+        char *out;
+
+        if (i == l)
+            out = utmp3;
+        else
+            out = output->data + (i-1) * hlen;
+        err = F(out, utmp1, utmp2, hash, hlen, pass, salt, count, i);
+        if (err) {
+            free(utmp1);
+            free(utmp2);
+            return err;
+        }
+        if (i == l)
+            memcpy(output->data + (i-1) * hlen, utmp3,
+                   output->length - (i-1) * hlen);
+
+    }
+    free(utmp1);
+    free(utmp2);
+    return 0;
+}
+
+krb5_error_code
+krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                    const krb5_data *out, unsigned long count,
+                    const krb5_data *pass, const krb5_data *salt)
+{
+    krb5_keyblock keyblock;
+    char tmp[128];
+    krb5_data d;
+    krb5_crypto_iov iov;
+    krb5_error_code err;
+
+    assert(hash->hashsize <= sizeof(tmp));
+    if (pass->length > hash->blocksize) {
+        d = make_data(tmp, hash->hashsize);
+        iov.flags = KRB5_CRYPTO_TYPE_DATA;
+        iov.data = *pass;
+        err = hash->hash(&iov, 1, &d);
+        if (err)
+            return err;
+        keyblock.length = d.length;
+        keyblock.contents = (krb5_octet *) d.data;
+    } else {
+        keyblock.length = pass->length;
+        keyblock.contents = (krb5_octet *) pass->data;
+    }
+    keyblock.enctype = ENCTYPE_NULL;
+
+    err = pbkdf2(hash, &keyblock, salt, count, out);
+    return err;
+}
+
+#endif /* K5_BUILTIN_PBKDF2 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/ISSUES b/krb5-1.21.3/src/lib/crypto/builtin/sha1/ISSUES
new file mode 100644
index 00000000..c63faf6e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/ISSUES
@@ -0,0 +1,8 @@
+Issues to be addressed for src/lib/crypto/sha1: -*- text -*-
+
+
+Assumes int (look for "count") is >= 32 bits.
+
+Changing the types of internal variables is easy, but shsUpdate takes
+an int parameter; changing that could change the ABI on some
+platforms.
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/sha1/Makefile.in
new file mode 100644
index 00000000..e9da10c6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/Makefile.in
@@ -0,0 +1,47 @@
+mydir=lib$(S)crypto$(S)builtin$(S)sha1
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES=-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\sha1
+##DOS##OBJFILE = ..\..\$(OUTPRE)sha1.lst
+
+STLIBOBJS= shs.o
+
+OBJS= $(OUTPRE)shs.$(OBJEXT) 
+
+SRCS= $(srcdir)/shs.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+t_shs: t_shs.o shs.o $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o t_shs t_shs.o shs.o $(SUPPORT_LIB)
+
+$(OUTPRE)t_shs.exe: $(OUTPRE)t_shs.obj $(OUTPRE)shs.obj
+	link -out:$@ $**
+
+t_shs3: t_shs3.o shs.o $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o t_shs3 t_shs3.o shs.o $(SUPPORT_LIB)
+
+check-unix: check-unix-@CRYPTO_BUILTIN_TESTS@
+check-unix-no:
+check-unix-yes: t_shs t_shs3
+	$(RUN_TEST) $(C)t_shs -x
+	$(RUN_TEST) $(C)t_shs3
+
+check-windows: $(OUTPRE)t_shs.exe $(OUTPRE)t_shs3.exe
+	$(OUTPRE)$(C)t_shs.exe -x
+	$(OUTPRE)$(C)t_shs3.exe
+
+clean:
+	$(RM) t_shs$(EXEEXT) t_shs.$(OBJEXT) t_shs3$(EXEEXT) t_shs3.$(OBJEXT)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/deps b/krb5-1.21.3/src/lib/crypto/builtin/sha1/deps
new file mode 100644
index 00000000..245a4bf2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  shs.c shs.h
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/shs.c b/krb5-1.21.3/src/lib/crypto/builtin/sha1/shs.c
new file mode 100644
index 00000000..f43bd614
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/shs.c
@@ -0,0 +1,386 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "shs.h"
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <string.h>
+
+#ifdef K5_BUILTIN_SHA1
+
+/* The SHS f()-functions.  The f1 and f3 functions can be optimized to
+   save one boolean operation each - thanks to Rich Schroeppel,
+   rcs@cs.arizona.edu for discovering this */
+
+#define f1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )           /* Rounds  0-19 */
+#define f2(x,y,z)   ( x ^ y ^ z )                       /* Rounds 20-39 */
+#define f3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )   /* Rounds 40-59 */
+#define f4(x,y,z)   ( x ^ y ^ z )                       /* Rounds 60-79 */
+
+/* The SHS Mysterious Constants */
+
+#define K1  0x5A827999L                                 /* Rounds  0-19 */
+#define K2  0x6ED9EBA1L                                 /* Rounds 20-39 */
+#define K3  0x8F1BBCDCL                                 /* Rounds 40-59 */
+#define K4  0xCA62C1D6L                                 /* Rounds 60-79 */
+
+/* SHS initial values */
+
+#define h0init  0x67452301L
+#define h1init  0xEFCDAB89L
+#define h2init  0x98BADCFEL
+#define h3init  0x10325476L
+#define h4init  0xC3D2E1F0L
+
+/* Note that it may be necessary to add parentheses to these macros if they
+   are to be called with expressions as arguments */
+
+/* 32-bit rotate left - kludged with shifts */
+
+#define ROTL(n,X)  ((((X) << (n)) & 0xffffffff) | ((X) >> (32 - n)))
+
+/* The initial expanding function.  The hash function is defined over an
+   80-word expanded input array W, where the first 16 are copies of the input
+   data, and the remaining 64 are defined by
+
+   W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
+
+   This implementation generates these values on the fly in a circular
+   buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
+   optimization.
+
+   The updated SHS changes the expanding function by adding a rotate of 1
+   bit.  Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
+   for this information */
+
+#ifdef NEW_SHS
+#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
+                                               W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )))
+#else
+#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^       \
+                      W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )
+#endif /* NEW_SHS */
+
+/* The prototype SHS sub-round.  The fundamental sub-round is:
+
+   a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
+   b' = a;
+   c' = ROTL( 30, b );
+   d' = c;
+   e' = d;
+
+   but this is implemented by unrolling the loop 5 times and renaming the
+   variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
+   This code is then replicated 20 times for each of the 4 functions, using
+   the next 20 values from the W[] array each time */
+
+#define subRound(a, b, c, d, e, f, k, data)             \
+    ( e += ROTL( 5, a ) + f( b, c, d ) + k + data,      \
+      e &= 0xffffffff, b = ROTL( 30, b ) )
+
+/* Initialize the SHS values */
+
+void shsInit(SHS_INFO *shsInfo)
+{
+    /* Set the h-vars to their initial values */
+    shsInfo->digest[ 0 ] = h0init;
+    shsInfo->digest[ 1 ] = h1init;
+    shsInfo->digest[ 2 ] = h2init;
+    shsInfo->digest[ 3 ] = h3init;
+    shsInfo->digest[ 4 ] = h4init;
+
+    /* Initialise bit count */
+    shsInfo->countLo = shsInfo->countHi = 0;
+}
+
+/* Perform the SHS transformation.  Note that this code, like MD5, seems to
+   break some optimizing compilers due to the complexity of the expressions
+   and the size of the basic block.  It may be necessary to split it into
+   sections, e.g. based on the four subrounds
+
+   Note that this corrupts the shsInfo->data area */
+
+static void SHSTransform (SHS_LONG *digest, const SHS_LONG *data);
+
+static
+void SHSTransform(SHS_LONG *digest, const SHS_LONG *data)
+{
+    SHS_LONG A, B, C, D, E;     /* Local vars */
+    SHS_LONG eData[ 16 ];       /* Expanded data */
+
+    /* Set up first buffer and local data buffer */
+    A = digest[ 0 ];
+    B = digest[ 1 ];
+    C = digest[ 2 ];
+    D = digest[ 3 ];
+    E = digest[ 4 ];
+    memcpy(eData, data, sizeof (eData));
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+
+    {
+        int i;
+        SHS_LONG temp;
+        for (i = 0; i < 20; i++) {
+            SHS_LONG x = (i < 16) ? eData[i] : expand(eData, i);
+            subRound(A, B, C, D, E, f1, K1, x);
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 20; i < 40; i++) {
+            subRound(A, B, C, D, E, f2, K2, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 40; i < 60; i++) {
+            subRound(A, B, C, D, E, f3, K3, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 60; i < 80; i++) {
+            subRound(A, B, C, D, E, f4, K4, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+    }
+
+#else
+
+    /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
+    subRound( A, B, C, D, E, f1, K1, eData[  0 ] );
+    subRound( E, A, B, C, D, f1, K1, eData[  1 ] );
+    subRound( D, E, A, B, C, f1, K1, eData[  2 ] );
+    subRound( C, D, E, A, B, f1, K1, eData[  3 ] );
+    subRound( B, C, D, E, A, f1, K1, eData[  4 ] );
+    subRound( A, B, C, D, E, f1, K1, eData[  5 ] );
+    subRound( E, A, B, C, D, f1, K1, eData[  6 ] );
+    subRound( D, E, A, B, C, f1, K1, eData[  7 ] );
+    subRound( C, D, E, A, B, f1, K1, eData[  8 ] );
+    subRound( B, C, D, E, A, f1, K1, eData[  9 ] );
+    subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
+    subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
+    subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
+    subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
+    subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
+    subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
+    subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
+    subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
+    subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
+    subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
+
+    subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
+    subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
+    subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
+    subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
+    subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
+    subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
+    subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
+    subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
+    subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
+    subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
+    subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
+    subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
+    subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
+    subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
+    subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
+    subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
+    subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
+    subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
+    subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
+    subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
+
+    subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
+    subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
+    subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
+    subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
+    subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
+    subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
+    subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
+    subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
+    subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
+    subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
+    subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
+    subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
+    subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
+    subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
+    subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
+    subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
+    subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
+    subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
+    subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
+    subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
+
+    subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
+    subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
+    subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
+    subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
+    subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
+    subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
+    subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
+    subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
+    subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
+    subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
+    subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
+    subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
+    subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
+    subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
+    subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
+    subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
+    subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
+    subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
+    subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
+    subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
+
+#endif
+
+    /* Build message digest */
+    digest[ 0 ] += A;
+    digest[ 0 ] &= 0xffffffff;
+    digest[ 1 ] += B;
+    digest[ 1 ] &= 0xffffffff;
+    digest[ 2 ] += C;
+    digest[ 2 ] &= 0xffffffff;
+    digest[ 3 ] += D;
+    digest[ 3 ] &= 0xffffffff;
+    digest[ 4 ] += E;
+    digest[ 4 ] &= 0xffffffff;
+}
+
+/* Update SHS for a block of data */
+
+void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
+{
+    SHS_LONG tmp;
+    unsigned int dataCount;
+    int canfill;
+    SHS_LONG *lp;
+
+    /* Update bitcount */
+    tmp = shsInfo->countLo;
+    shsInfo->countLo = tmp + (((SHS_LONG) count) << 3 );
+    if ((shsInfo->countLo &= 0xffffffff) < tmp)
+        shsInfo->countHi++;     /* Carry from low to high */
+    shsInfo->countHi += count >> 29;
+
+    /* Get count of bytes already in data */
+    dataCount = (tmp >> 3) & 0x3F;
+
+    /* Handle any leading odd-sized chunks */
+    if (dataCount) {
+        lp = shsInfo->data + dataCount / 4;
+        dataCount = SHS_DATASIZE - dataCount;
+        canfill = (count >= dataCount);
+
+        if (dataCount % 4) {
+            /* Fill out a full 32 bit word first if needed -- this
+               is not very efficient (computed shift amount),
+               but it shouldn't happen often. */
+            while (dataCount % 4 && count > 0) {
+                *lp |= (SHS_LONG) *buffer++ << ((--dataCount % 4) * 8);
+                count--;
+            }
+            lp++;
+        }
+        while (lp < shsInfo->data + 16) {
+            if (count < 4) {
+                *lp = 0;
+                switch (count % 4) {
+                case 3:
+                    *lp |= (SHS_LONG) buffer[2] << 8;
+                case 2:
+                    *lp |= (SHS_LONG) buffer[1] << 16;
+                case 1:
+                    *lp |= (SHS_LONG) buffer[0] << 24;
+                }
+                count = 0;
+                break;          /* out of while loop */
+            }
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+            count -= 4;
+        }
+        if (canfill) {
+            SHSTransform(shsInfo->digest, shsInfo->data);
+        }
+    }
+
+    /* Process data in SHS_DATASIZE chunks */
+    while (count >= SHS_DATASIZE) {
+        lp = shsInfo->data;
+        while (lp < shsInfo->data + 16) {
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+        }
+        SHSTransform(shsInfo->digest, shsInfo->data);
+        count -= SHS_DATASIZE;
+    }
+
+    if (count > 0) {
+        lp = shsInfo->data;
+        while (count > 4) {
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+            count -= 4;
+        }
+        *lp = 0;
+        switch (count % 4) {
+        case 0:
+            *lp |= ((SHS_LONG) buffer[3]);
+        case 3:
+            *lp |= ((SHS_LONG) buffer[2]) << 8;
+        case 2:
+            *lp |= ((SHS_LONG) buffer[1]) << 16;
+        case 1:
+            *lp |= ((SHS_LONG) buffer[0]) << 24;
+        }
+    }
+}
+
+/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
+   1 0* (64-bit count of bits processed, MSB-first) */
+
+void shsFinal(SHS_INFO *shsInfo)
+{
+    int count;
+    SHS_LONG *lp;
+
+    /* Compute number of bytes mod 64 */
+    count = (int) shsInfo->countLo;
+    count = (count >> 3) & 0x3F;
+
+    /* Set the first char of padding to 0x80.  This is safe since there is
+       always at least one byte free */
+    lp = shsInfo->data + count / 4;
+    switch (count % 4) {
+    case 3:
+        *lp++ |= (SHS_LONG) 0x80;
+        break;
+    case 2:
+        *lp++ |= (SHS_LONG) 0x80 << 8;
+        break;
+    case 1:
+        *lp++ |= (SHS_LONG) 0x80 << 16;
+        break;
+    case 0:
+        *lp++ = (SHS_LONG) 0x80 << 24;
+    }
+
+    /* at this point, lp can point *past* shsInfo->data.  If it points
+       there, just Transform and reset.  If it points to the last
+       element, set that to zero.  This pads out to 64 bytes if not
+       enough room for length words */
+
+    if (lp == shsInfo->data + 15)
+        *lp++ = 0;
+
+    if (lp == shsInfo->data + 16) {
+        SHSTransform(shsInfo->digest, shsInfo->data);
+        lp = shsInfo->data;
+    }
+
+    /* Pad out to 56 bytes */
+    while (lp < shsInfo->data + 14)
+        *lp++ = 0;
+
+    /* Append length in bits and transform */
+    *lp++ = shsInfo->countHi;
+    *lp++ = shsInfo->countLo;
+    SHSTransform(shsInfo->digest, shsInfo->data);
+}
+
+#endif /* K5_BUILTIN_SHA1 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/shs.h b/krb5-1.21.3/src/lib/crypto/builtin/sha1/shs.h
new file mode 100644
index 00000000..4f578eda
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/shs.h
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef _SHS_DEFINED
+
+#include "crypto_int.h"
+
+#define _SHS_DEFINED
+
+/* Some useful types */
+
+typedef krb5_octet      SHS_BYTE;
+typedef krb5_ui_4       SHS_LONG;
+
+/* Define the following to use the updated SHS implementation */
+#define NEW_SHS         /**/
+
+/* The SHS block size and message digest sizes, in bytes */
+
+#define SHS_DATASIZE    64
+#define SHS_DIGESTSIZE  20
+
+/* The structure for storing SHS info */
+
+typedef struct {
+    SHS_LONG digest[ 5 ];            /* Message digest */
+    SHS_LONG countLo, countHi;       /* 64-bit bit count */
+    SHS_LONG data[ 16 ];             /* SHS data buffer */
+} SHS_INFO;
+
+/* Message digest functions (shs.c) */
+void shsInit(SHS_INFO *shsInfo);
+void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count);
+void shsFinal(SHS_INFO *shsInfo);
+
+
+/* Keyed Message digest functions (hmac_sha.c) */
+krb5_error_code hmac_sha(krb5_octet *text,
+                         int text_len,
+                         krb5_octet *key,
+                         int key_len,
+                         krb5_octet *digest);
+
+
+#define NIST_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+
+#endif /* _SHS_DEFINED */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/t_shs.c b/krb5-1.21.3/src/lib/crypto/builtin/sha1/t_shs.c
new file mode 100644
index 00000000..c1d18f55
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/t_shs.c
@@ -0,0 +1,121 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/****************************************************************************
+ *                                                                           *
+ *                               SHS Test Code                               *
+ *                                                                           *
+ ****************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "shs.h"
+
+/* Test the SHS implementation */
+
+#ifdef NEW_SHS
+
+static SHS_LONG shsTestResults[][ 5 ] = {
+    { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, },
+    { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, },
+    { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, }
+};
+
+#else
+
+static SHS_LONG shsTestResults[][ 5 ] = {
+    { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L },
+    { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L },
+    { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L }
+};
+#endif /* NEW_SHS */
+
+static int compareSHSresults(shsInfo, shsTestLevel)
+    SHS_INFO *shsInfo;
+    int shsTestLevel;
+{
+    int i, fail = 0;
+
+    /* Compare the returned digest and required values */
+    for( i = 0; i < 5; i++ )
+        if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] )
+            fail = 1;
+    if (fail) {
+        printf("\nExpected: ");
+        for (i = 0; i < 5; i++) {
+            printf("%8.8lx ", (unsigned long) shsTestResults[shsTestLevel][i]);
+        }
+        printf("\nGot:      ");
+        for (i = 0; i < 5; i++) {
+            printf("%8.8lx ", (unsigned long) shsInfo->digest[i]);
+        }
+        printf("\n");
+        return( -1 );
+    }
+    return( 0 );
+}
+
+int
+main()
+{
+    SHS_INFO shsInfo;
+    unsigned int i;
+
+    /* Make sure we've got the endianness set right.  If the machine is
+       big-endian (up to 64 bits) the following value will be signed,
+       otherwise it will be unsigned.  Unfortunately we can't test for odd
+       things like middle-endianness without knowing the size of the data
+       types */
+
+    /* Test SHS against values given in SHS standards document */
+    printf( "Running SHS test 1 ... " );
+    shsInit( &shsInfo );
+    shsUpdate( &shsInfo, ( SHS_BYTE * ) "abc", 3 );
+    shsFinal( &shsInfo );
+    if( compareSHSresults( &shsInfo, 0 ) == -1 )
+    {
+        putchar( '\n' );
+        puts( "SHS test 1 failed" );
+        exit( -1 );
+    }
+#ifdef NEW_SHS
+    puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" );
+#else
+    puts( "passed, result= 0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880" );
+#endif /* NEW_SHS */
+
+    printf( "Running SHS test 2 ... " );
+    shsInit( &shsInfo );
+    shsUpdate( &shsInfo, ( SHS_BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 );
+    shsFinal( &shsInfo );
+    if( compareSHSresults( &shsInfo, 1 ) == -1 )
+    {
+        putchar( '\n' );
+        puts( "SHS test 2 failed" );
+        exit( -1 );
+    }
+#ifdef NEW_SHS
+    puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" );
+#else
+    puts( "passed, result= D2516EE1ACFA5BAF33DFC1C471E438449EF134C8" );
+#endif /* NEW_SHS */
+
+    printf( "Running SHS test 3 ... " );
+    shsInit( &shsInfo );
+    for( i = 0; i < 15625; i++ )
+        shsUpdate( &shsInfo, ( SHS_BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 );
+    shsFinal( &shsInfo );
+    if( compareSHSresults( &shsInfo, 2 ) == -1 )
+    {
+        putchar( '\n' );
+        puts( "SHS test 3 failed" );
+        exit( -1 );
+    }
+#ifdef NEW_SHS
+    puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" );
+#else
+    puts( "passed, result= 3232AFFA48628A26653B5AAA44541FD90D690603" );
+#endif /* NEW_SHS */
+
+    puts( "\nAll SHS tests passed" );
+    exit( 0 );
+}
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha1/t_shs3.c b/krb5-1.21.3/src/lib/crypto/builtin/sha1/t_shs3.c
new file mode 100644
index 00000000..7aa0bbde
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha1/t_shs3.c
@@ -0,0 +1,594 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* test shs code */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "shs.h"
+
+static void process(void);
+static void test1(void);
+static void test2(void);
+static void test3(void);
+static void test4(void);
+static void test5(void);
+static void test6(void);
+static void test7(void);
+
+/* When run on a little-endian CPU we need to perform byte reversal on an
+   array of longwords.  It is possible to make the code endianness-
+   independent by fiddling around with data at the byte level, but this
+   makes for very slow code, so we rely on the user to sort out endianness
+   at compile time */
+
+static void longReverse( SHS_LONG *buffer, int byteCount )
+{
+    SHS_LONG value;
+    static int init = 0;
+    char *cp;
+
+    switch (init) {
+    case 0:
+        init=1;
+        cp = (char *) &init;
+        if (*cp == 1) {
+            init=2;
+            break;
+        }
+        init=1;
+        /* fall through - MSB */
+    case 1:
+        return;
+    }
+
+    byteCount /= sizeof( SHS_LONG );
+    while( byteCount-- ) {
+        value = *buffer;
+        value = ( ( value & 0xFF00FF00L ) >> 8  ) |
+            ( ( value & 0x00FF00FFL ) << 8 );
+        *buffer++ = ( value << 16 ) | ( value >> 16 );
+    }
+}
+
+int rc;
+int mode;
+int Dflag;
+
+int
+main(argc,argv)
+    int argc;
+    char **argv;
+{
+    char *argp;
+
+    while (--argc > 0) if (*(argp = *++argv)=='-')
+                           while (*++argp) switch(*argp)
+                                           {
+                                           case '1':
+                                           case '2':
+                                           case '3':
+                                           case '4':
+                                           case '5':
+                                           case '6':
+                                           case '7':
+                                               if (mode) goto Usage;
+                                               mode = *argp;
+                                               break;
+                                           case 'D':
+                                               if (argc <= 1) goto Usage;
+                                               --argc;
+                                               Dflag = atoi(*++argv);
+                                               break;
+                                           case '-':
+                                               break;
+                                           default:
+                                               fprintf (stderr,"Bad switch char <%c>\n", *argp);
+                                           Usage:
+                                               fprintf(stderr, "Usage: t_shs [-1234567] [-D #]\n");
+                                               exit(1);
+                                           }
+        else goto Usage;
+
+    process();
+    exit(rc);
+}
+
+static void process(void)
+{
+    switch(mode)
+    {
+    case '1':
+        test1();
+        break;
+    case '2':
+        test2();
+        break;
+    case '3':
+        test3();
+        break;
+    case '4':
+        test4();
+        break;
+    case '5':
+        test5();
+        break;
+    case '6':
+        test6();
+        break;
+    case '7':
+        test7();
+        break;
+    default:
+        test1();
+        test2();
+        test3();
+        test4();
+        test5();
+        test6();
+        test7();
+    }
+}
+
+#ifndef shsDigest
+static unsigned char *
+shsDigest(si)
+    SHS_INFO *si;
+{
+    longReverse(si->digest, SHS_DIGESTSIZE);
+    return (unsigned char*) si->digest;
+}
+#endif
+
+unsigned char results1[SHS_DIGESTSIZE] = {
+    0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+    0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d};
+
+static void test1(void)
+{
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 1 ...\n");
+    shsInit(si);
+    shsUpdate(si, (SHS_BYTE *) "abc", 3);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results1, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 1 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results1[i]);
+    }
+    printf("\n");
+}
+
+unsigned char results2[SHS_DIGESTSIZE] = {
+    0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+    0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1};
+
+static void test2(void)
+{
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 2 ...\n");
+    shsInit(si);
+    shsUpdate(si,
+              (SHS_BYTE *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+              56);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results2, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 2 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results2[i]);
+    }
+    printf("\n");
+}
+
+unsigned char results3[SHS_DIGESTSIZE] = {
+    0x34,0xaa,0x97,0x3c,0xd4,0xc4,0xda,0xa4,0xf6,0x1e,
+    0xeb,0x2b,0xdb,0xad,0x27,0x31,0x65,0x34,0x01,0x6f};
+
+static void test3(void)
+{
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 3 ...\n");
+    shsInit(si);
+    for (i = 0; i < 15625; ++i)
+        shsUpdate(si,
+                  (SHS_BYTE *) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+                  64);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results3, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 3 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results3[i]);
+    }
+    printf("\n");
+}
+
+unsigned char randdata[] = {
+    0xfe,0x28,0x79,0x25,0xf5,0x03,0xf9,0x1c,0xcd,0x70,0x7b,0xb0,0x42,0x02,0xb8,0x2f,
+    0xf3,0x63,0xa2,0x79,0x8e,0x9b,0x33,0xd7,0x2b,0xc4,0xb4,0xd2,0xcb,0x61,0xec,0xbb,
+    0x94,0xe1,0x8f,0x53,0x80,0x55,0xd9,0x90,0xb2,0x03,0x58,0xfa,0xa6,0xe5,0x18,0x57,
+    0x68,0x04,0x24,0x98,0x41,0x7e,0x84,0xeb,0xc1,0x39,0xbc,0x1d,0xf7,0x4e,0x92,0x72,
+    0x1a,0x5b,0xb6,0x99,0x43,0xa5,0x0a,0x45,0x73,0x55,0xfd,0x57,0x83,0x45,0x36,0x5c,
+    0xfd,0x39,0x08,0x6e,0xe2,0x01,0x9a,0x8c,0x4e,0x39,0xd2,0x0d,0x5f,0x0e,0x35,0x15,
+    0xb9,0xac,0x5f,0xa1,0x8a,0xe6,0xdd,0x6e,0x68,0x9d,0xf6,0x29,0x95,0xf6,0x7d,0x7b,
+    0xd9,0x5e,0xf4,0x67,0x25,0xbd,0xee,0xed,0x53,0x60,0xb0,0x47,0xdf,0xef,0xf4,0x41,
+    0xbd,0x45,0xcf,0x5c,0x93,0x41,0x87,0x97,0x82,0x39,0x20,0x66,0xb4,0xda,0xcb,0x66,
+    0x93,0x02,0x2e,0x7f,0x94,0x4c,0xc7,0x3b,0x2c,0xcf,0xf6,0x99,0x6f,0x13,0xf1,0xc5,
+    0x28,0x2b,0xa6,0x6c,0x39,0x26,0x7f,0x76,0x24,0x4a,0x6e,0x01,0x40,0x63,0xf8,0x00,
+    0x06,0x23,0x5a,0xaa,0xa6,0x2f,0xd1,0x37,0xc7,0xcc,0x76,0xe9,0x54,0x1e,0x57,0x73,
+    0xf5,0x33,0xaa,0x96,0xbe,0x35,0xcd,0x1d,0xd5,0x7d,0xac,0x50,0xd5,0xf8,0x47,0x2d,
+    0xd6,0x93,0x5f,0x6e,0x38,0xd3,0xac,0xd0,0x7e,0xad,0x9e,0xf8,0x87,0x95,0x63,0x15,
+    0x65,0xa3,0xd4,0xb3,0x9a,0x6c,0xac,0xcd,0x2a,0x54,0x83,0x13,0xc4,0xb4,0x94,0xfa,
+    0x76,0x87,0xc5,0x8b,0x4a,0x10,0x92,0x05,0xd1,0x0e,0x97,0xfd,0xc8,0xfb,0xc5,0xdc,
+    0x21,0x4c,0xc8,0x77,0x5c,0xed,0x32,0x22,0x77,0xc1,0x38,0x30,0xd7,0x8e,0x2a,0x70,
+    0x72,0x67,0x13,0xe4,0xb7,0x18,0xd4,0x76,0xdd,0x32,0x12,0xf4,0x5d,0xc9,0xec,0xc1,
+    0x2c,0x8a,0xfe,0x08,0x6c,0xea,0xf6,0xab,0x5a,0x0e,0x8e,0x81,0x1d,0xc8,0x5a,0x4b,
+    0xed,0xb9,0x7f,0x4b,0x67,0xe3,0x65,0x46,0xc9,0xf2,0xab,0x37,0x0a,0x98,0x67,0x5b,
+    0xb1,0x3b,0x02,0x91,0x38,0x71,0xea,0x62,0x88,0xae,0xb6,0xdb,0xfc,0x55,0x79,0x33,
+    0x69,0x95,0x51,0xb6,0xe1,0x3b,0xab,0x22,0x68,0x54,0xf9,0x89,0x9c,0x94,0xe0,0xe3,
+    0xd3,0x48,0x5c,0xe9,0x78,0x5b,0xb3,0x4b,0xba,0xd8,0x48,0xd8,0xaf,0x91,0x4e,0x23,
+    0x38,0x23,0x23,0x6c,0xdf,0x2e,0xf0,0xff,0xac,0x1d,0x2d,0x27,0x10,0x45,0xa3,0x2d,
+    0x8b,0x00,0xcd,0xe2,0xfc,0xb7,0xdb,0x52,0x13,0xb7,0x66,0x79,0xd9,0xd8,0x29,0x0e,
+    0x32,0xbd,0x52,0x6b,0x75,0x71,0x08,0x83,0x1b,0x67,0x28,0x93,0x97,0x97,0x32,0xff,
+    0x8b,0xd3,0x98,0xa3,0xce,0x2b,0x88,0x37,0x1c,0xcc,0xa0,0xd1,0x19,0x9b,0xe6,0x11,
+    0xfc,0xc0,0x3c,0x4e,0xe1,0x35,0x49,0x29,0x19,0xcf,0x1d,0xe1,0x60,0x74,0xc0,0xe9,
+    0xf7,0xb4,0x99,0xa0,0x23,0x50,0x51,0x78,0xcf,0xc0,0xe5,0xc2,0x1c,0x16,0xd2,0x24,
+    0x5a,0x63,0x54,0x83,0xaa,0x74,0x3d,0x41,0x0d,0x52,0xee,0xfe,0x0f,0x4d,0x13,0xe1,
+    0x27,0x00,0xc4,0xf3,0x2b,0x55,0xe0,0x9c,0x81,0xe0,0xfc,0xc2,0x13,0xd4,0x39,0x09
+};
+
+unsigned char results4[SHS_DIGESTSIZE] = {
+    0x13,0x62,0xfc,0x87,0x68,0x33,0xd5,0x1d,0x2f,0x0c,
+    0x73,0xe3,0xfb,0x87,0x6a,0x6b,0xc3,0x25,0x54,0xfc};
+
+static void test4(void)
+{
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 4 ...\n");
+    shsInit(si);
+    shsUpdate(si, randdata, 19);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results4, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 4 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results4[i]);
+    }
+    printf("\n");
+}
+
+unsigned char results5[SHS_DIGESTSIZE] = {
+    0x19,0x4d,0xf6,0xeb,0x8e,0x02,0x6d,0x37,0x58,0x64,
+    0xe5,0x95,0x19,0x2a,0xdd,0x1c,0xc4,0x3c,0x24,0x86};
+
+static void test5(void)
+{
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 5 ...\n");
+    shsInit(si);
+    shsUpdate(si, randdata, 19);
+    shsUpdate(si, randdata+32, 15);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results5, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 5 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results5[i]);
+    }
+    printf("\n");
+}
+
+unsigned char results6[SHS_DIGESTSIZE] = {
+    0x4e,0x16,0x57,0x9d,0x4b,0x48,0xa9,0x1c,0x88,0x72,
+    0x83,0xdb,0x88,0xd1,0xea,0x3a,0x45,0xdf,0xa1,0x10};
+
+static void test6(void)
+{
+    struct {
+        unsigned long pad1;
+        SHS_INFO si1;
+        unsigned long pad2;
+        SHS_INFO si2;
+        unsigned long pad3;
+    } sdata;
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    unsigned int i, j;
+
+    printf("Running SHS test 6 ...\n");
+    sdata.pad1 = 0x12345678;
+    sdata.pad2 = 0x87654321;
+    sdata.pad3 = 0x78563412;
+    shsInit((&sdata.si2));
+    if (sdata.pad2 != 0x87654321) {
+        printf ("Overrun #20 %#lx\n",
+                sdata.pad2);
+        sdata.pad2 = 0x87654321;
+    }
+    if (sdata.pad3 != 0x78563412) {
+        printf ("Overrun #21 %#lx\n",
+                sdata.pad3);
+        sdata.pad3 = 0x78563412;
+    }
+    for (i = 0; i < 400; ++i)
+    {
+        shsInit(&sdata.si1);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #22 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #23 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        shsUpdate(&sdata.si1, (randdata+sizeof(randdata))-i, i);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #24 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #25 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        shsFinal(&sdata.si1);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #26 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #27 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
+        if (Dflag & 1)
+        {
+            printf ("%d: ", i);
+            for (j = 0; j < SHS_DIGESTSIZE; ++j)
+                printf("%02x",digest[j]);
+            printf("\n");
+        }
+        shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #28 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        if (sdata.pad3 != 0x78563412) {
+            printf ("Overrun #29 %#lx at %d\n",
+                    sdata.pad3, i);
+            sdata.pad3 = 0x78563412;
+        }
+        if (Dflag & 2)
+            printf ("%d: %08lx%08lx%08lx%08lx%08lx\n",
+                    i,
+                    (unsigned long) sdata.si2.digest[0],
+                    (unsigned long) sdata.si2.digest[1],
+                    (unsigned long) sdata.si2.digest[2],
+                    (unsigned long) sdata.si2.digest[3],
+                    (unsigned long) sdata.si2.digest[4]);
+    }
+    shsFinal((&sdata.si2));
+    if (sdata.pad2 != 0x87654321) {
+        printf ("Overrun #30 %#lx\n",
+                sdata.pad2);
+        sdata.pad2 = 0x87654321;
+    }
+    if (sdata.pad3 != 0x78563412) {
+        printf ("Overrun #31 %#lx\n",
+                sdata.pad3);
+        sdata.pad3 = 0x78563412;
+    }
+    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results6, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 6 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results6[i]);
+    }
+    printf("\n");
+}
+
+unsigned char results7[SHS_DIGESTSIZE] = {
+    0x89,0x41,0x65,0xce,0x76,0xc1,0xd1,0xd1,0xc3,0x6f,
+    0xab,0x92,0x79,0x30,0x01,0x71,0x63,0x1f,0x74,0xfe};
+
+unsigned int jfsize[] = {0,1,31,32,
+                         33,55,56,63,
+                         64,65,71,72,
+                         73,95,96,97,
+                         119,120,123,127};
+unsigned int kfsize[] = {0,1,31,32,33,55,56,63};
+
+static void test7(void)
+{
+    struct {
+        unsigned long pad1;
+        SHS_INFO si1;
+        unsigned long pad2;
+        SHS_INFO si2;
+        unsigned long pad3;
+    } sdata;
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    unsigned int i, j, k, l;
+
+    printf("Running SHS test 7 ...\n");
+    sdata.pad1 = 0x12345678;
+    sdata.pad2 = 0x87654321;
+    sdata.pad3 = 0x78563412;
+    shsInit((&sdata.si2));
+    for (i = 1; i <= 128; ++i)
+        for (j = 0; j < 20; ++j)
+            for (k = 0; k < 8; ++k)
+            {
+                shsInit(&sdata.si1);
+                shsUpdate(&sdata.si1, (randdata+80+j), i);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #1 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #2 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                shsUpdate(&sdata.si1, randdata+i, jfsize[j]);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #3 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #4 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                if (k) shsUpdate(&sdata.si1, randdata+(i^j), kfsize[k]);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #5 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #6 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                shsFinal(&sdata.si1);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #7 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #8 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
+                if (Dflag & 1)
+                {
+                    printf ("%d,%d,%d: ", i, j, k);
+                    for (l = 0; l < SHS_DIGESTSIZE; ++l)
+                        printf("%02x",digest[l]);
+                    printf("\n");
+                }
+                shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #9 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                if (sdata.pad3 != 0x78563412) {
+                    printf ("Overrun #10 %#lx at %d,%d,%d\n",
+                            sdata.pad3, i,j,k);
+                    sdata.pad3 = 0x78563412;
+                }
+                if (Dflag & 2)
+                    printf ("%d,%d,%d: %08lx%08lx%08lx%08lx%08lx\n",
+                            i,j,k,
+                            (unsigned long) sdata.si2.digest[0],
+                            (unsigned long) sdata.si2.digest[1],
+                            (unsigned long) sdata.si2.digest[2],
+                            (unsigned long) sdata.si2.digest[3],
+                            (unsigned long) sdata.si2.digest[4]);
+            }
+    shsFinal((&sdata.si2));
+    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results7, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 7 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results7[i]);
+    }
+    printf("\n");
+}
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha2/Makefile.in b/krb5-1.21.3/src/lib/crypto/builtin/sha2/Makefile.in
new file mode 100644
index 00000000..9cf58ce0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha2/Makefile.in
@@ -0,0 +1,26 @@
+mydir=lib$(S)crypto$(S)builtin$(S)sha2
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES=-I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = builtin\sha2
+##DOS##OBJFILE = ..\..\$(OUTPRE)sha2.lst
+
+STLIBOBJS= sha256.o sha512.o
+
+OBJS= $(OUTPRE)sha256.$(OBJEXT) $(OUTPRE)sha512.$(OBJEXT)
+
+SRCS= $(srcdir)/sha256.c $(srcdir)/sha512.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha2/deps b/krb5-1.21.3/src/lib/crypto/builtin/sha2/deps
new file mode 100644
index 00000000..cfaa1aa6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha2/deps
@@ -0,0 +1,25 @@
+#
+# Generated makefile dependencies follow.
+#
+sha256.so sha256.po $(OUTPRE)sha256.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  sha2.h sha256.c
+sha512.so sha512.po $(OUTPRE)sha512.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  sha2.h sha512.c
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha2.h b/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha2.h
new file mode 100644
index 00000000..3aebd3e1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha2.h
@@ -0,0 +1,78 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/sha2/sha2.h - SHA-256 declarations */
+/*
+ * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef SHA2_H
+#define SHA2_H 1
+
+#include "crypto_int.h"
+
+#define SHA256_DIGEST_LENGTH 32
+#define SHA384_DIGEST_LENGTH 48
+#define SHA512_DIGEST_LENGTH 64
+
+#define SHA256_BLOCK_SIZE 64
+#define SHA384_BLOCK_SIZE 128
+#define SHA512_BLOCK_SIZE 128
+
+struct sha256state {
+  unsigned int sz[2];
+  uint32_t counter[8];
+  unsigned char save[64];
+};
+
+struct sha512state {
+  uint64_t sz[2];
+  uint64_t counter[8];
+  unsigned char save[128];
+};
+
+/* SHA-384 and SHA-512 use the same state object. */
+typedef struct sha256state SHA256_CTX;
+typedef struct sha512state SHA384_CTX;
+typedef struct sha512state SHA512_CTX;
+
+void k5_sha256_init(SHA256_CTX *);
+void k5_sha256_update(SHA256_CTX *, const void *, size_t);
+void k5_sha256_final(void *, SHA256_CTX *);
+
+void k5_sha384_init(SHA384_CTX *);
+void k5_sha384_update(SHA384_CTX *, const void *, size_t);
+void k5_sha384_final(void *, SHA384_CTX *);
+
+void k5_sha512_init(SHA512_CTX *);
+void k5_sha512_update(SHA512_CTX *, const void *, size_t);
+void k5_sha512_final(void *, SHA512_CTX *);
+
+#endif /* SHA2_H */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha256.c b/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha256.c
new file mode 100644
index 00000000..cd80bcb6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha256.c
@@ -0,0 +1,273 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/builtin/sha2/sha256.c - SHA-256 implementation */
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "sha2.h"
+
+#ifdef K5_BUILTIN_SHA2
+
+#ifdef K5_BE
+#define WORDS_BIGENDIAN
+#endif
+
+#ifndef min
+#define min(a,b) (((a)>(b))?(b):(a))
+#endif
+
+/* Vector Crays doesn't have a good 32-bit type, or more precisely,
+ * int32_t as defined by <bind/bitypes.h> isn't 32 bits, and we don't
+ * want to depend in being able to redefine this type.  To cope with
+ * this we have to clamp the result in some places to [0,2^32); no
+ * need to do this on other machines.  Did I say this was a mess?
+ */
+
+#ifdef _CRAY
+#define CRAYFIX(X) ((X) & 0xffffffff)
+#else
+#define CRAYFIX(X) (X)
+#endif
+
+static inline uint32_t
+cshift (uint32_t x, unsigned int n)
+{
+    x = CRAYFIX(x);
+    return CRAYFIX((x << n) | (x >> (32 - n)));
+}
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#define ROTR(x,n)   (((x)>>(n)) | ((x) << (32 - (n))))
+
+#define Sigma0(x)	(ROTR(x,2)  ^ ROTR(x,13) ^ ROTR(x,22))
+#define Sigma1(x)	(ROTR(x,6)  ^ ROTR(x,11) ^ ROTR(x,25))
+#define sigma0(x)	(ROTR(x,7)  ^ ROTR(x,18) ^ ((x)>>3))
+#define sigma1(x)	(ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10))
+
+#define A m->counter[0]
+#define B m->counter[1]
+#define C m->counter[2]
+#define D m->counter[3]
+#define E m->counter[4]
+#define F m->counter[5]
+#define G m->counter[6]
+#define H m->counter[7]
+
+static const uint32_t constant_256[64] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+void
+k5_sha256_init(SHA256_CTX *m)
+{
+    m->sz[0] = 0;
+    m->sz[1] = 0;
+    A = 0x6a09e667;
+    B = 0xbb67ae85;
+    C = 0x3c6ef372;
+    D = 0xa54ff53a;
+    E = 0x510e527f;
+    F = 0x9b05688c;
+    G = 0x1f83d9ab;
+    H = 0x5be0cd19;
+}
+
+static void
+calc(SHA256_CTX *m, uint32_t *in)
+{
+    uint32_t AA, BB, CC, DD, EE, FF, GG, HH;
+    uint32_t data[64];
+    int i;
+
+    AA = A;
+    BB = B;
+    CC = C;
+    DD = D;
+    EE = E;
+    FF = F;
+    GG = G;
+    HH = H;
+
+    for (i = 0; i < 16; ++i)
+	data[i] = in[i];
+    for (i = 16; i < 64; ++i)
+	data[i] = sigma1(data[i-2]) + data[i-7] +
+	    sigma0(data[i-15]) + data[i - 16];
+
+    for (i = 0; i < 64; i++) {
+	uint32_t T1, T2;
+
+	T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
+	T2 = Sigma0(AA) + Maj(AA,BB,CC);
+			
+	HH = GG;
+	GG = FF;
+	FF = EE;
+	EE = DD + T1;
+	DD = CC;
+	CC = BB;
+	BB = AA;
+	AA = T1 + T2;
+    }
+
+    A += AA;
+    B += BB;
+    C += CC;
+    D += DD;
+    E += EE;
+    F += FF;
+    G += GG;
+    H += HH;
+}
+
+/*
+ * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
+ */
+
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+static inline uint32_t
+swap_uint32_t(uint32_t t)
+{
+#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n)))
+    uint32_t temp1, temp2;
+
+    temp1   = cshift(t, 16);
+    temp2   = temp1 >> 8;
+    temp1  &= 0x00ff00ff;
+    temp2  &= 0x00ff00ff;
+    temp1 <<= 8;
+    return temp1 | temp2;
+}
+#endif
+
+struct x32 {
+    unsigned int a:32;
+    unsigned int b:32;
+};
+
+void
+k5_sha256_update(SHA256_CTX *m, const void *v, size_t len)
+{
+    const unsigned char *p = v;
+    size_t old_sz = m->sz[0];
+    size_t offset;
+
+    m->sz[0] += len * 8;
+    if (m->sz[0] < old_sz)
+	++m->sz[1];
+    offset = (old_sz / 8) % 64;
+    while(len > 0){
+	size_t l = min(len, 64 - offset);
+	memcpy(m->save + offset, p, l);
+	offset += l;
+	p += l;
+	len -= l;
+	if(offset == 64){
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+	    int i;
+	    uint32_t current[16];
+	    struct x32 *u = (struct x32*)(void*)m->save;
+	    for(i = 0; i < 8; i++){
+		current[2*i+0] = swap_uint32_t(u[i].a);
+		current[2*i+1] = swap_uint32_t(u[i].b);
+	    }
+	    calc(m, current);
+#else
+	    calc(m, (uint32_t*)(void*)m->save);
+#endif
+	    offset = 0;
+	}
+    }
+}
+
+void
+k5_sha256_final(void *res, SHA256_CTX *m)
+{
+    unsigned char zeros[72];
+    unsigned offset = (m->sz[0] / 8) % 64;
+    unsigned int dstart = (120 - offset - 1) % 64 + 1;
+
+    *zeros = 0x80;
+    memset (zeros + 1, 0, sizeof(zeros) - 1);
+    zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
+    zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
+    zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
+    zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
+    zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
+    zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
+    zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
+    zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
+    k5_sha256_update(m, zeros, dstart + 8);
+    {
+	int i;
+	unsigned char *r = (unsigned char*)res;
+
+	for (i = 0; i < 8; ++i) {
+	    r[4*i+3] = m->counter[i] & 0xFF;
+	    r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
+	    r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
+	    r[4*i]   = (m->counter[i] >> 24) & 0xFF;
+	}
+    }
+}
+
+krb5_error_code
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
+{
+    SHA256_CTX ctx;
+    size_t i;
+
+    k5_sha256_init(&ctx);
+    for (i = 0; i < n; i++)
+        k5_sha256_update(&ctx, in[i].data, in[i].length);
+    k5_sha256_final(out, &ctx);
+    return 0;
+}
+
+#endif /* K5_BUILTIN_SHA2 */
diff --git a/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha512.c b/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha512.c
new file mode 100644
index 00000000..6f23968f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/builtin/sha2/sha512.c
@@ -0,0 +1,308 @@
+/*
+ * Copyright (c) 2006, 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "sha2.h"
+
+#ifdef K5_BUILTIN_SHA2
+
+#ifdef K5_BE
+#define WORDS_BIGENDIAN
+#endif
+
+#ifndef min
+#define min(a,b) (((a)>(b))?(b):(a))
+#endif
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#define ROTR(x,n)   (((x)>>(n)) | ((x) << (64 - (n))))
+
+#define Sigma0(x)	(ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x)	(ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x)	(ROTR(x,1)  ^ ROTR(x,8)  ^ ((x)>>7))
+#define sigma1(x)	(ROTR(x,19) ^ ROTR(x,61) ^ ((x)>>6))
+
+#define A m->counter[0]
+#define B m->counter[1]
+#define C m->counter[2]
+#define D m->counter[3]
+#define E m->counter[4]
+#define F m->counter[5]
+#define G m->counter[6]
+#define H m->counter[7]
+
+static const uint64_t constant_512[80] = {
+    0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
+    0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+    0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+    0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+    0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+    0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+    0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
+    0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+    0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+    0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+    0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
+    0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+    0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
+    0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+    0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+    0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+    0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
+    0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+    0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
+    0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+    0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+    0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+    0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
+    0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+    0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+    0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+    0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+    0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+    0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
+    0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+    0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
+    0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+    0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+    0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+    0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+    0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+    0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
+    0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+    0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+    0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+static inline uint64_t
+cshift64 (uint64_t x, unsigned int n)
+{
+  return ((uint64_t)x << (uint64_t)n) | ((uint64_t)x >> ((uint64_t)64 - (uint64_t)n));
+}
+
+void
+k5_sha512_init (SHA512_CTX *m)
+{
+    m->sz[0] = 0;
+    m->sz[1] = 0;
+    A = 0x6a09e667f3bcc908ULL;
+    B = 0xbb67ae8584caa73bULL;
+    C = 0x3c6ef372fe94f82bULL;
+    D = 0xa54ff53a5f1d36f1ULL;
+    E = 0x510e527fade682d1ULL;
+    F = 0x9b05688c2b3e6c1fULL;
+    G = 0x1f83d9abfb41bd6bULL;
+    H = 0x5be0cd19137e2179ULL;
+}
+
+static void
+calc (SHA512_CTX *m, uint64_t *in)
+{
+    uint64_t AA, BB, CC, DD, EE, FF, GG, HH;
+    uint64_t data[80];
+    int i;
+
+    AA = A;
+    BB = B;
+    CC = C;
+    DD = D;
+    EE = E;
+    FF = F;
+    GG = G;
+    HH = H;
+
+    for (i = 0; i < 16; ++i)
+	data[i] = in[i];
+    for (i = 16; i < 80; ++i)
+	data[i] = sigma1(data[i-2]) + data[i-7] +
+	    sigma0(data[i-15]) + data[i - 16];
+
+    for (i = 0; i < 80; i++) {
+	uint64_t T1, T2;
+
+	T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_512[i] + data[i];
+	T2 = Sigma0(AA) + Maj(AA,BB,CC);
+
+	HH = GG;
+	GG = FF;
+	FF = EE;
+	EE = DD + T1;
+	DD = CC;
+	CC = BB;
+	BB = AA;
+	AA = T1 + T2;
+    }
+
+    A += AA;
+    B += BB;
+    C += CC;
+    D += DD;
+    E += EE;
+    F += FF;
+    G += GG;
+    H += HH;
+}
+
+/*
+ * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
+ */
+
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+static inline uint64_t
+swap_uint64_t (uint64_t t)
+{
+    uint64_t temp;
+
+    temp   = cshift64(t, 32);
+    temp = ((temp & 0xff00ff00ff00ff00ULL) >> 8) |
+           ((temp & 0x00ff00ff00ff00ffULL) << 8);
+    return ((temp & 0xffff0000ffff0000ULL) >> 16) |
+           ((temp & 0x0000ffff0000ffffULL) << 16);
+}
+
+struct x64{
+    uint64_t a;
+    uint64_t b;
+};
+#endif
+
+void
+k5_sha512_update (SHA512_CTX *m, const void *v, size_t len)
+{
+    const unsigned char *p = v;
+    size_t old_sz = m->sz[0];
+    size_t offset;
+
+    m->sz[0] += len * 8;
+    if (m->sz[0] < old_sz)
+	++m->sz[1];
+    offset = (old_sz / 8) % 128;
+    while(len > 0){
+	size_t l = min(len, 128 - offset);
+	memcpy(m->save + offset, p, l);
+	offset += l;
+	p += l;
+	len -= l;
+	if(offset == 128){
+#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
+	    int i;
+	    uint64_t current[16];
+	    struct x64 *us = (struct x64*)(void*)m->save;
+	    for(i = 0; i < 8; i++){
+		current[2*i+0] = swap_uint64_t(us[i].a);
+		current[2*i+1] = swap_uint64_t(us[i].b);
+	    }
+	    calc(m, current);
+#else
+	    calc(m, (uint64_t*)(void*)m->save);
+#endif
+	    offset = 0;
+	}
+    }
+}
+
+void
+k5_sha512_final (void *res, SHA512_CTX *m)
+{
+    unsigned char zeros[128 + 16];
+    unsigned offset = (m->sz[0] / 8) % 128;
+    unsigned int dstart = (240 - offset - 1) % 128 + 1;
+
+    *zeros = 0x80;
+    memset (zeros + 1, 0, sizeof(zeros) - 1);
+    zeros[dstart+15] = (m->sz[0] >> 0) & 0xff;
+    zeros[dstart+14] = (m->sz[0] >> 8) & 0xff;
+    zeros[dstart+13] = (m->sz[0] >> 16) & 0xff;
+    zeros[dstart+12] = (m->sz[0] >> 24) & 0xff;
+    zeros[dstart+11] = (m->sz[0] >> 32) & 0xff;
+    zeros[dstart+10] = (m->sz[0] >> 40) & 0xff;
+    zeros[dstart+9]  = (m->sz[0] >> 48) & 0xff;
+    zeros[dstart+8]  = (m->sz[0] >> 56) & 0xff;
+
+    zeros[dstart+7] = (m->sz[1] >> 0) & 0xff;
+    zeros[dstart+6] = (m->sz[1] >> 8) & 0xff;
+    zeros[dstart+5] = (m->sz[1] >> 16) & 0xff;
+    zeros[dstart+4] = (m->sz[1] >> 24) & 0xff;
+    zeros[dstart+3] = (m->sz[1] >> 32) & 0xff;
+    zeros[dstart+2] = (m->sz[1] >> 40) & 0xff;
+    zeros[dstart+1] = (m->sz[1] >> 48) & 0xff;
+    zeros[dstart+0] = (m->sz[1] >> 56) & 0xff;
+    k5_sha512_update (m, zeros, dstart + 16);
+    {
+	int i;
+	unsigned char *r = (unsigned char*)res;
+
+	for (i = 0; i < 8; ++i) {
+	    r[8*i+7] = m->counter[i] & 0xFF;
+	    r[8*i+6] = (m->counter[i] >> 8) & 0xFF;
+	    r[8*i+5] = (m->counter[i] >> 16) & 0xFF;
+	    r[8*i+4] = (m->counter[i] >> 24) & 0xFF;
+	    r[8*i+3] = (m->counter[i] >> 32) & 0XFF;
+	    r[8*i+2] = (m->counter[i] >> 40) & 0xFF;
+	    r[8*i+1] = (m->counter[i] >> 48) & 0xFF;
+	    r[8*i]   = (m->counter[i] >> 56) & 0xFF;
+	}
+    }
+}
+
+void
+k5_sha384_init (SHA384_CTX *m)
+{
+    m->sz[0] = 0;
+    m->sz[1] = 0;
+    A = 0xcbbb9d5dc1059ed8ULL;
+    B = 0x629a292a367cd507ULL;
+    C = 0x9159015a3070dd17ULL;
+    D = 0x152fecd8f70e5939ULL;
+    E = 0x67332667ffc00b31ULL;
+    F = 0x8eb44a8768581511ULL;
+    G = 0xdb0c2e0d64f98fa7ULL;
+    H = 0x47b5481dbefa4fa4ULL;
+}
+
+void
+k5_sha384_update (SHA384_CTX *m, const void *v, size_t len)
+{
+    k5_sha512_update(m, v, len);
+}
+
+void
+k5_sha384_final (void *res, SHA384_CTX *m)
+{
+    unsigned char data[SHA512_DIGEST_LENGTH];
+    k5_sha512_final(data, m);
+    memcpy(res, data, SHA384_DIGEST_LENGTH);
+}
+
+#endif /* K5_BUILTIN_SHA2 */
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/Makefile.in b/krb5-1.21.3/src/lib/crypto/crypto_tests/Makefile.in
new file mode 100644
index 00000000..1a3fe596
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/Makefile.in
@@ -0,0 +1,147 @@
+mydir=lib$(S)crypto$(S)crypto_tests
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../krb
+
+EXTRADEPSRCS=\
+	$(srcdir)/t_nfold.c	\
+	$(srcdir)/t_encrypt.c	\
+	$(srcdir)/t_decrypt.c	\
+	$(srcdir)/t_prf.c 	\
+	$(srcdir)/t_cmac.c	\
+	$(srcdir)/t_hmac.c	\
+	$(srcdir)/t_pkcs5.c	\
+	$(srcdir)/t_cts.c	\
+	$(srcdir)/vectors.c	\
+	$(srcdir)/aes-test.c	\
+	$(srcdir)/camellia-test.c	\
+	$(srcdir)/t_cf2.c	\
+	$(srcdir)/t_cksums.c	\
+	$(srcdir)/t_mddriver.c	\
+	$(srcdir)/t_kperf.c	\
+	$(srcdir)/t_sha2.c	\
+	$(srcdir)/t_short.c	\
+	$(srcdir)/t_str2key.c	\
+	$(srcdir)/t_derive.c	\
+	$(srcdir)/t_fork.c
+
+##DOS##BUILDTOP = ..\..\..
+
+check-unix: t_nfold t_encrypt t_decrypt t_prf t_cmac t_hmac \
+		t_cksums \
+		aes-test  \
+		camellia-test  \
+		t_mddriver4 t_mddriver \
+		t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2
+	$(RUN_TEST) ./t_nfold
+	$(RUN_TEST) ./t_encrypt
+	$(RUN_TEST) ./t_decrypt
+	$(RUN_TEST) ./t_cmac
+	$(RUN_TEST) ./t_hmac
+	$(RUN_TEST) ./t_prf
+	$(RUN_TEST) ./t_cksums
+	$(RUN_TEST) ./t_cts
+	$(RUN_TEST) ./aes-test -k > vk.txt
+	cmp vk.txt $(srcdir)/expect-vk.txt
+	$(RUN_TEST) ./aes-test > vt.txt
+	cmp vt.txt $(srcdir)/expect-vt.txt
+	$(RUN_TEST) ./camellia-test > camellia-vt.txt
+	cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
+	$(RUN_TEST) $(C)t_mddriver4 -x
+	$(RUN_TEST) $(C)t_mddriver -x
+	$(RUN_TEST) ./t_sha2
+	$(RUN_TEST) ./t_short
+	$(RUN_TEST) ./t_str2key
+	$(RUN_TEST) ./t_derive
+	$(RUN_TEST) ./t_fork
+	$(RUN_TEST) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
+	diff t_cf2.output $(srcdir)/t_cf2.expected
+#	$(RUN_TEST) ./t_pkcs5
+
+t_nfold$(EXEEXT): t_nfold.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_nfold.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_encrypt.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_decrypt$(EXEEXT): t_decrypt.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_decrypt.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_prf$(EXEEXT): t_prf.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_prf.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_cmac$(EXEEXT): t_cmac.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_cmac.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_hmac$(EXEEXT): t_hmac.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_hmac.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+#t_pkcs5$(EXEEXT): t_pkcs5.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+#	$(CC_LINK) -o $@ t_pkcs5.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+vectors$(EXEEXT): vectors.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ vectors.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_cts$(EXEEXT): t_cts.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_cts.$(OBJEXT) \
+		$(KRB5_BASE_LIBS)
+
+t_sha2$(EXEEXT): t_sha2.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_sha2.$(OBJEXT) \
+		$(KRB5_BASE_LIBS)
+
+t_short$(EXEEXT): t_short.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_short.$(OBJEXT) \
+		$(KRB5_BASE_LIBS)
+
+t_cksums: t_cksums.o $(CRYTPO_DEPLIB)
+	$(CC_LINK) -o t_cksums t_cksums.o -lkrb5 $(KRB5_BASE_LIBS)
+
+aes-test: aes-test.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o aes-test aes-test.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+camellia-test: camellia-test.$(OBJEXT) $(CRYPTO_DEPLIB)
+	$(CC_LINK) -o camellia-test camellia-test.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_mddriver4.o: $(srcdir)/t_mddriver.c
+	$(CC) -DMD=4 $(ALL_CFLAGS) -o t_mddriver4.o -c $(srcdir)/t_mddriver.c
+
+t_mddriver4: t_mddriver4.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -DMD4  -o t_mddriver4 t_mddriver4.o $(KRB5_BASE_LIBS)
+
+t_mddriver: t_mddriver.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_mddriver t_mddriver.o $(KRB5_BASE_LIBS)
+
+t_kperf: t_kperf.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_kperf t_kperf.o $(KRB5_BASE_LIBS)
+
+t_str2key$(EXEEXT): t_str2key.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_str2key.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_derive$(EXEEXT): t_derive.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_derive.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_fork$(EXEEXT): t_fork.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_fork.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_cf2.$(OBJEXT) $(KRB5_BASE_LIBS)
+
+clean:
+	$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o \
+		t_decrypt.o t_decrypt t_cmac.o t_cmac \
+		t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
+		aes-test.o aes-test vt.txt vk.txt kresults.out \
+		t_cts.o t_cts \
+		t_mddriver4.o t_mddriver4 t_mddriver.o t_mddriver \
+		t_cksums t_cksums.o \
+		t_kperf.o t_kperf t_sha2.o t_sha2 t_short t_short.o t_str2key \
+		t_str2key.o t_derive t_derive.o t_fork t_fork.o \
+		t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT) \
+		camellia-test camellia-test.o camellia-vt.txt \
+		t_cf2 t_cf2.o t_cf2.output
+
+	-$(RM) t_prf.output
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/Poly.pm b/krb5-1.21.3/src/lib/crypto/crypto_tests/Poly.pm
new file mode 100644
index 00000000..cad0f77b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/Poly.pm
@@ -0,0 +1,182 @@
+# Copyright 2002 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+package Poly;
+
+# Poly: implements some basic operations on polynomials in the field
+# of integers (mod 2).
+#
+# The rep is an array of coefficients, highest order term first.
+#
+# This is rather slow at the moment.
+
+use overload
+    '+' => \&add,
+    '-' => \&add,
+    '*' => \&mul,
+    '%' => sub {$_[2] ? mod($_[1], $_[0]) : mod($_[0], $_[1])},
+    '/' => sub { $_[2] ? scalar(div($_[1], $_[0]))
+		     : scalar(div($_[0], $_[1])) },
+    '<=>' => sub {$_[2] ? pcmp($_[1], $_[0]) : pcmp($_[0], $_[1])},
+    '""' => \&str
+;
+
+use Carp;
+
+# doesn't do much beyond normalize and bless
+sub new {
+    my $this = shift;
+    my $class = ref($this) || $this;
+    my(@x) = @_;
+    return bless [norm(@x)], $class;
+}
+
+# stringified P(x)
+sub pretty {
+    my(@x) = @{+shift};
+    my $n = @x;
+    local $_;
+    return "0" if !@x;
+    return join " + ", map {$n--; $_ ? ("x^$n") : ()} @x;
+}
+
+sub print {
+    my $self = shift;
+    print $self->pretty, "\n";
+}
+
+# This assumes normalization.
+sub order {
+    my $self = shift;
+    return $#{$self};
+}
+
+sub str {
+    return overload::StrVal($_[0]);
+}
+
+# strip leading zero coefficients
+sub norm {
+    my(@x) = @_;
+    shift @x while @x && !$x[0];
+    return @x;
+}
+
+# multiply $self by the single term of power $n
+sub multerm {
+    my($self, $n) = @_;
+    return $self->new(@$self, (0) x $n);
+}
+
+# This is really an order comparison; different polys of same order
+# compare equal.  It also assumes prior normalization.
+sub pcmp {
+    my @x = @{+shift};
+    my @y = @{+shift};
+    return @x <=> @y;
+}
+
+# convenience constructor; takes list of non-zero terms
+sub powers2poly
+{
+    my $self = shift;
+    my $poly = $self->new;
+    my $n;
+    foreach $n (@_) {
+	$poly += $one->multerm($n);
+    }
+    return $poly;
+}
+
+sub add {
+    my $self = shift;
+    my @x = @$self;
+    my @y = @{+shift};
+    my @r;
+    unshift @r, (pop @x || 0) ^ (pop @y || 0)
+	while @x || @y;
+    return $self->new(@r);
+}
+
+sub mul {
+    my($self) = shift;
+    my @y = @{+shift};
+    my $r = $self->new;
+    my $power = 0;
+    while (@y) {
+	$r += $self->multerm($power) if pop @y;
+	$power++;
+    }
+    return $r;
+}
+
+sub oldmod {
+    my($self, $div) = @_;
+    my @num = @$self;
+    my @div = @$div;
+    my $r = $self->new(splice @num, 0, @div);
+    do {
+	push @$r, shift @num while @num && $r < $div;
+	$r += $div if $r >= $div;
+    } while @num;
+    return $r;
+}
+
+sub div {
+    my($self, $div) = @_;
+    my $q = $self->new;
+    my $r = $self->new(@$self);
+    my $one = $self->new(1);
+    my ($tp, $power);
+    croak "divide by zero" if !@$div;
+    while ($div <= $r) {
+	$power = 0;
+	$power++ while ($tp = $div->multerm($power)) < $r;
+	$q += $one->multerm($power);
+	$r -= $tp;
+    }
+    return wantarray ? ($q, $r) : $q;
+}
+
+sub mod {
+    (&div)[1];
+}
+
+# bits and octets both big-endian
+sub hex {
+    my @x = @{+shift};
+    my $minwidth = shift || 32;
+    unshift @x, 0 while @x % 8 || @x < $minwidth;
+    return unpack "H*", pack "B*", join "", @x;
+}
+
+# bit-reversal of above
+sub revhex {
+    my @x = @{+shift};
+    my $minwidth = shift || 32;
+    unshift @x, 0 while @x % 8 || @x < $minwidth;
+    return unpack "H*", pack "B*", join "", reverse @x;
+}
+
+$one = Poly->new(1);
+
+1;
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/aes-test.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/aes-test.c
new file mode 100644
index 00000000..a7382a48
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/aes-test.c
@@ -0,0 +1,144 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/aes-test.c */
+/*
+ * Copyright (C) 2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Subset of NIST tests for AES; specifically, the variable-key and
+ * variable-text tests for 128- and 256-bit keys.
+ */
+
+#include <stdio.h>
+#include "crypto_int.h"
+
+static char key[32];
+static char plain[16], cipher[16], zero[16];
+
+static krb5_keyblock enc_key;
+static krb5_data ivec;
+static void init()
+{
+    enc_key.contents = (krb5_octet *)key;
+    enc_key.length = 16;
+    ivec.data = zero;
+    ivec.length = 16;
+}
+static void enc()
+{
+    krb5_key k;
+    krb5_crypto_iov iov;
+
+    memcpy(cipher, plain, 16);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(cipher, 16);
+    krb5_k_create_key(NULL, &enc_key, &k);
+    krb5int_aes_encrypt(k, &ivec, &iov, 1);
+    krb5_k_free_key(NULL, k);
+}
+
+static void hexdump(const char *label, const char *cp, int len)
+{
+    printf("%s=", label);
+    while (len--) printf("%02X", 0xff & *cp++);
+    printf("\n");
+}
+
+static void set_bit(char *ptr, int bitnum)
+{
+    int bytenum;
+    bytenum = bitnum / 8;
+    bitnum %= 8;
+    /* First bit is the high bit! */
+    ptr[bytenum] = 1 << (7 - bitnum);
+}
+
+/* Variable-Key tests */
+static void vk_test_1(int len, krb5_enctype etype)
+{
+    int i;
+
+    enc_key.length = len;
+    enc_key.enctype = etype;
+    printf("\nKEYSIZE=%d\n\n", len * 8);
+    memset(plain, 0, sizeof(plain));
+    hexdump("PT", plain, 16);
+    for (i = 0; i < len * 8; i++) {
+        memset(key, 0, len);
+        set_bit(key, i);
+        printf("\nI=%d\n", i+1);
+        hexdump("KEY", key, len);
+        enc();
+        hexdump("CT", cipher, 16);
+    }
+    printf("\n==========\n");
+}
+static void vk_test()
+{
+    vk_test_1(16, ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+    vk_test_1(32, ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+}
+
+/* Variable-Text tests */
+static void vt_test_1(int len, krb5_enctype etype)
+{
+    int i;
+
+    enc_key.length = len;
+    enc_key.enctype = etype;
+    printf("\nKEYSIZE=%d\n\n", len * 8);
+    memset(key, 0, len);
+    hexdump("KEY", key, len);
+    for (i = 0; i < 16 * 8; i++) {
+        memset(plain, 0, sizeof(plain));
+        set_bit(plain, i);
+        printf("\nI=%d\n", i+1);
+        hexdump("PT", plain, 16);
+        enc();
+        hexdump("CT", cipher, 16);
+    }
+    printf("\n==========\n");
+}
+static void vt_test()
+{
+    vt_test_1(16, ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+    vt_test_1(32, ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+}
+
+
+int main (int argc, char *argv[])
+{
+    if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
+        fprintf(stderr,
+                "usage:\t%s -k\tfor variable-key tests\n"
+                "   or:\t%s   \tfor variable-plaintext tests\n",
+                argv[0], argv[0]);
+        return 1;
+    }
+    init();
+    if (argc == 2)
+        vk_test();
+    else
+        vt_test();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/camellia-expect-vt.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/camellia-expect-vt.txt
new file mode 100644
index 00000000..e6ebe8a8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/camellia-expect-vt.txt
@@ -0,0 +1,1036 @@
+
+KEYSIZE=128
+
+KEY=00000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=07923A39EB0A817D1C4D87BDB82D1F1C
+
+I=2
+PT=40000000000000000000000000000000
+CT=48CD6419809672D2349260D89A08D3D3
+
+I=3
+PT=20000000000000000000000000000000
+CT=D07493CCB2E95CE0B4945A05ACC97D82
+
+I=4
+PT=10000000000000000000000000000000
+CT=5DBE1EAC9F7080A88DBED7F6DA101448
+
+I=5
+PT=08000000000000000000000000000000
+CT=F01EE477D199DF2701027034B229622F
+
+I=6
+PT=04000000000000000000000000000000
+CT=C841587ABD9A912E563774CB569D051E
+
+I=7
+PT=02000000000000000000000000000000
+CT=1D9BC0C04546F0915C8CCD11391A455C
+
+I=8
+PT=01000000000000000000000000000000
+CT=05E6EBB4BA167F5C479CEFF3152F943B
+
+I=9
+PT=00800000000000000000000000000000
+CT=93211E0F788845B9FC0E4551FFE92AC9
+
+I=10
+PT=00400000000000000000000000000000
+CT=B6D35701CD8FADDE383BBE8E6B70BAF7
+
+I=11
+PT=00200000000000000000000000000000
+CT=8358F9F4EBCFEE348CB30551ACB151A0
+
+I=12
+PT=00100000000000000000000000000000
+CT=D57516EB5AD93C523E40521BF447AFCE
+
+I=13
+PT=00080000000000000000000000000000
+CT=66B2534C279C439133F52E5AD8B439A9
+
+I=14
+PT=00040000000000000000000000000000
+CT=A71C69184A9F63C2992A5F18F77C1FE9
+
+I=15
+PT=00020000000000000000000000000000
+CT=1ADCBE49AEACB9ECEBBD492B10E82C7B
+
+I=16
+PT=00010000000000000000000000000000
+CT=27E3BCFB227C5561DB6CF7FC30387036
+
+I=17
+PT=00008000000000000000000000000000
+CT=F4AE20365CC9D06B0CAE6B695ED2CEC1
+
+I=18
+PT=00004000000000000000000000000000
+CT=3DD682F0B641ED32AD3D43EA2A0456E4
+
+I=19
+PT=00002000000000000000000000000000
+CT=6E5D14A95ECC290B509EA6B673652E3A
+
+I=20
+PT=00001000000000000000000000000000
+CT=F1CDF0F8D7B3FFD95422D7CC0CF40B7B
+
+I=21
+PT=00000800000000000000000000000000
+CT=A9253D459A34C385A1F1B2CFFA3935C5
+
+I=22
+PT=00000400000000000000000000000000
+CT=291024D99FF09A47A1DEE45BA700AE52
+
+I=23
+PT=00000200000000000000000000000000
+CT=49241D9459B277187BB10081C60361C0
+
+I=24
+PT=00000100000000000000000000000000
+CT=AD9BA365CC4DD5553D2D9FE303841D88
+
+I=25
+PT=00000080000000000000000000000000
+CT=C2ECA616664A249DC622CC11196B4AE1
+
+I=26
+PT=00000040000000000000000000000000
+CT=6E1A2D4794BB0DC08777A0BC7523E70E
+
+I=27
+PT=00000020000000000000000000000000
+CT=6DB1F0CF59656BDD235E82B8CEF0BE8E
+
+I=28
+PT=00000010000000000000000000000000
+CT=52F239C5EAF401EBDC54D2F011FF4B6A
+
+I=29
+PT=00000008000000000000000000000000
+CT=6B58A08F648414B67FD6847D2AA51CBF
+
+I=30
+PT=00000004000000000000000000000000
+CT=2959DD5367885A75EB48053CF3251A36
+
+I=31
+PT=00000002000000000000000000000000
+CT=630B292E3B88EF641CDFD531E206605E
+
+I=32
+PT=00000001000000000000000000000000
+CT=4BBB88EF82B70593FCC56AFD91540FDB
+
+I=33
+PT=00000000800000000000000000000000
+CT=0A13055B118A45C606999257BD191426
+
+I=34
+PT=00000000400000000000000000000000
+CT=5CF8E5C9F15D7E4F865020224853EB77
+
+I=35
+PT=00000000200000000000000000000000
+CT=3898805042C7A4315C5EE51AF2DE47E2
+
+I=36
+PT=00000000100000000000000000000000
+CT=8D3F96372E87CBB0B375425B3A10B9E7
+
+I=37
+PT=00000000080000000000000000000000
+CT=4D9510A378BD784A70A66BCC75B7D3C8
+
+I=38
+PT=00000000040000000000000000000000
+CT=70DB1902D37CFBDFB98F7C516F79D416
+
+I=39
+PT=00000000020000000000000000000000
+CT=383C6C2AABEF7FDE25CD470BF774A331
+
+I=40
+PT=00000000010000000000000000000000
+CT=47CBCB5288349B1A15DC9F81FBEE6B8F
+
+I=41
+PT=00000000008000000000000000000000
+CT=21DA34D4468EEB13AED95DAE0FF48310
+
+I=42
+PT=00000000004000000000000000000000
+CT=021C9A8E6BD36FBD036411E5D852A80F
+
+I=43
+PT=00000000002000000000000000000000
+CT=6A459E2F839AF60ACDE83774D0BB5574
+
+I=44
+PT=00000000001000000000000000000000
+CT=C19255121F1B933CAE09E58AEC0E9977
+
+I=45
+PT=00000000000800000000000000000000
+CT=7BA949E27B2BE148A6B801F9305F43D5
+
+I=46
+PT=00000000000400000000000000000000
+CT=E8CEB1026BCF7BCEA32E8A380EA76DB7
+
+I=47
+PT=00000000000200000000000000000000
+CT=63F97747ED56A8F521B20CC65F6F9465
+
+I=48
+PT=00000000000100000000000000000000
+CT=2091CFDC629819106188424AC694F75B
+
+I=49
+PT=00000000000080000000000000000000
+CT=A91BDF8E8B88407942423CCE000527C4
+
+I=50
+PT=00000000000040000000000000000000
+CT=73F9B44B9635A3FD683DBF8D49E9825B
+
+I=51
+PT=00000000000020000000000000000000
+CT=9DC64B2133FAD5069FD9A7CC2FFFD1CC
+
+I=52
+PT=00000000000010000000000000000000
+CT=28240F81FEC36B71E13F1FEA7A7641E3
+
+I=53
+PT=00000000000008000000000000000000
+CT=20DD39FEE96CD2EFF972872A692B28FD
+
+I=54
+PT=00000000000004000000000000000000
+CT=47A9E40483EC1925B635E47E964E8E93
+
+I=55
+PT=00000000000002000000000000000000
+CT=9C0EBD822C49FB3D853DF5B315A87BA0
+
+I=56
+PT=00000000000001000000000000000000
+CT=C18D813FDB45A594C6DC24E5A1F6CE32
+
+I=57
+PT=00000000000000800000000000000000
+CT=7E5467FF245ECF80CB55C2D8E91F0711
+
+I=58
+PT=00000000000000400000000000000000
+CT=394D4365B77954FDEA4145FCF7A7A041
+
+I=59
+PT=00000000000000200000000000000000
+CT=B1D8311A492ED11F11E57B29221610C4
+
+I=60
+PT=00000000000000100000000000000000
+CT=E5FBB947A63AEA90163AF04AD6951EF8
+
+I=61
+PT=00000000000000080000000000000000
+CT=CA0627DDF580F0E7D59562825C9D0492
+
+I=62
+PT=00000000000000040000000000000000
+CT=EF98FFD1AED295AAE1860F0274C8F555
+
+I=63
+PT=00000000000000020000000000000000
+CT=8C698E5CFFF08FACE10C2DC5FF1E2A81
+
+I=64
+PT=00000000000000010000000000000000
+CT=35A7767E02032C35B5CE1A6F49C57C28
+
+I=65
+PT=00000000000000008000000000000000
+CT=AB36F8734E76EBA306CF00D6763D90B0
+
+I=66
+PT=00000000000000004000000000000000
+CT=E854EB66D4EC66889B5E6CD4F44A5806
+
+I=67
+PT=00000000000000002000000000000000
+CT=15B66DF1455ACD640B8716BCF5DB2D69
+
+I=68
+PT=00000000000000001000000000000000
+CT=4C57AB5333E5C2D4B7E30A007E449F48
+
+I=69
+PT=00000000000000000800000000000000
+CT=BA3E7FF28EB38EA09D8DB1440A9A3552
+
+I=70
+PT=00000000000000000400000000000000
+CT=64E60227AFD80C40C70186CC94804C1A
+
+I=71
+PT=00000000000000000200000000000000
+CT=CEB4423C20B4C91C2551F6FC227C9514
+
+I=72
+PT=00000000000000000100000000000000
+CT=F736894B843EF32DA28576DE500D448C
+
+I=73
+PT=00000000000000000080000000000000
+CT=58FDA98B678D15053D4B6C060368108C
+
+I=74
+PT=00000000000000000040000000000000
+CT=E28CAE384E578F47657755EBCD97996C
+
+I=75
+PT=00000000000000000020000000000000
+CT=0A64617BD4B5B166668240D105B7B6A2
+
+I=76
+PT=00000000000000000010000000000000
+CT=4BD090C7E3D365B5EA80F19B4798881E
+
+I=77
+PT=00000000000000000008000000000000
+CT=BC7B6CB9BFF4F72973BB2CD20A512C06
+
+I=78
+PT=00000000000000000004000000000000
+CT=4C7ADDC5C867594E9EE75F0AA6AB9C23
+
+I=79
+PT=00000000000000000002000000000000
+CT=1FBD05C71A36691AC6566A5298101D53
+
+I=80
+PT=00000000000000000001000000000000
+CT=42D7D6B1F499D412F8793972BD968DA2
+
+I=81
+PT=00000000000000000000800000000000
+CT=260EC86E2786FC68824576B934F32814
+
+I=82
+PT=00000000000000000000400000000000
+CT=576C26DFD7046F9357F34BEA7DFB26A0
+
+I=83
+PT=00000000000000000000200000000000
+CT=6D55E54BFB6F927174A02294C95E0F8F
+
+I=84
+PT=00000000000000000000100000000000
+CT=1A6CE91DD458229C7675A34950D10E23
+
+I=85
+PT=00000000000000000000080000000000
+CT=DAD0D5E7E000652825AA34D228EA8D8F
+
+I=86
+PT=00000000000000000000040000000000
+CT=E68013F48D75EAD2BBC0B0BDA5E690BF
+
+I=87
+PT=00000000000000000000020000000000
+CT=A07D92312FBAE37BFE8A834210AE4F9C
+
+I=88
+PT=00000000000000000000010000000000
+CT=6EEE5F8544CD7D456366EB448813989A
+
+I=89
+PT=00000000000000000000008000000000
+CT=F8E5C7FF4B79D7ABE8BFA2DD148820A8
+
+I=90
+PT=00000000000000000000004000000000
+CT=C6349D75C7472BBD66F95B3A07C79C91
+
+I=91
+PT=00000000000000000000002000000000
+CT=B85713C12D8658951CD1AD21C74D2CD2
+
+I=92
+PT=00000000000000000000001000000000
+CT=907AA00B9F7D47A97623FB55BA911F29
+
+I=93
+PT=00000000000000000000000800000000
+CT=DC3CD0ED23D11776FAB43A2A6A8F3557
+
+I=94
+PT=00000000000000000000000400000000
+CT=4BFE58A8FD69179C14765B09AB70B705
+
+I=95
+PT=00000000000000000000000200000000
+CT=A23996E0EA67EC280356E5F77130A551
+
+I=96
+PT=00000000000000000000000100000000
+CT=CDEADE859B3AACD273CCA85A3E2E45F2
+
+I=97
+PT=00000000000000000000000080000000
+CT=E0FC78489857D84DA03F40CE97147174
+
+I=98
+PT=00000000000000000000000040000000
+CT=7615EA6351F6BB12855E8579C6995D8E
+
+I=99
+PT=00000000000000000000000020000000
+CT=13E184344FE28C2E70ED0E4D0A8037F9
+
+I=100
+PT=00000000000000000000000010000000
+CT=A5FE395F568482B87BC3EB208C81C942
+
+I=101
+PT=00000000000000000000000008000000
+CT=B3103E11AF06C85565823F8CAA3159F6
+
+I=102
+PT=00000000000000000000000004000000
+CT=7EBC2234D271B89C519C396985300030
+
+I=103
+PT=00000000000000000000000002000000
+CT=0661D338F2E0C939BA1687820A768467
+
+I=104
+PT=00000000000000000000000001000000
+CT=EC2B42667C0195A90715499617884DA5
+
+I=105
+PT=00000000000000000000000000800000
+CT=AE077BA19D24E7188DDD3682FF196892
+
+I=106
+PT=00000000000000000000000000400000
+CT=98823C24B9C65A66073C7952DC2B4B5E
+
+I=107
+PT=00000000000000000000000000200000
+CT=6AB58432CBB3C2F503DA2D16796CC297
+
+I=108
+PT=00000000000000000000000000100000
+CT=EEB5EBB3A53E4196C2F22BC1A4DDF5E8
+
+I=109
+PT=00000000000000000000000000080000
+CT=33DC40AC5FDC126D38878416AF6C0FA6
+
+I=110
+PT=00000000000000000000000000040000
+CT=38EDDC08E18B4AD982CEA921D2765A9A
+
+I=111
+PT=00000000000000000000000000020000
+CT=7D6BEA038E9347C642E18631660A9558
+
+I=112
+PT=00000000000000000000000000010000
+CT=FDA57921A473B5EE3700AD5ADF035019
+
+I=113
+PT=00000000000000000000000000008000
+CT=699B4812E200337E9C1D2C397F0DFE4E
+
+I=114
+PT=00000000000000000000000000004000
+CT=7A1EADF68B0807145D6C414852DECFC8
+
+I=115
+PT=00000000000000000000000000002000
+CT=1645FFAA8AD76689C01DA8C40882781F
+
+I=116
+PT=00000000000000000000000000001000
+CT=BA0C053BE702FA62FC66D8FEB12FC97E
+
+I=117
+PT=00000000000000000000000000000800
+CT=841FD8AF69CF2C31F7D4D7B6959662B5
+
+I=118
+PT=00000000000000000000000000000400
+CT=F675D59BDB33231861268F539829DA0B
+
+I=119
+PT=00000000000000000000000000000200
+CT=A4967F45ABB4E8C7DC5E3806680F35E0
+
+I=120
+PT=00000000000000000000000000000100
+CT=4D7E08081CC82F92ABA7C58C99F8343F
+
+I=121
+PT=00000000000000000000000000000080
+CT=9AEFDB287C119B82353612B60ECCBFD8
+
+I=122
+PT=00000000000000000000000000000040
+CT=979BB6A1553A17592A86E78DF144A699
+
+I=123
+PT=00000000000000000000000000000020
+CT=A6FA8CAB06FD2E5BF3A858983C01757A
+
+I=124
+PT=00000000000000000000000000000010
+CT=BE8511254C31E25420B91D6FEF1710ED
+
+I=125
+PT=00000000000000000000000000000008
+CT=F589A908D18A21894971C0433581E1A5
+
+I=126
+PT=00000000000000000000000000000004
+CT=4237585130E7C9F715235EB1D8C94DE7
+
+I=127
+PT=00000000000000000000000000000002
+CT=DEFE3E0B5C54C94B4F2A0F5A46F6210D
+
+I=128
+PT=00000000000000000000000000000001
+CT=F5574ACC3148DFCB9015200631024DF9
+
+==========
+
+KEYSIZE=256
+
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=B0C6B88AEA518AB09E847248E91B1B9D
+
+I=2
+PT=40000000000000000000000000000000
+CT=B8D7684E35FA1DB15BDCEE7A48659858
+
+I=3
+PT=20000000000000000000000000000000
+CT=F0CAD59AF92FBB79F36951E697492750
+
+I=4
+PT=10000000000000000000000000000000
+CT=117100F6635389560DC4A2DA24EBA70F
+
+I=5
+PT=08000000000000000000000000000000
+CT=DBDD62355553019ED84C35886421E532
+
+I=6
+PT=04000000000000000000000000000000
+CT=9CB8D04FA506F19848F7B9110518BFC8
+
+I=7
+PT=02000000000000000000000000000000
+CT=E4308E253BC3444D293500701BA82C6A
+
+I=8
+PT=01000000000000000000000000000000
+CT=EA2FAE53F7F30C0170A20E95A068503E
+
+I=9
+PT=00800000000000000000000000000000
+CT=14B14839EA221880B2C64D1FE000B93D
+
+I=10
+PT=00400000000000000000000000000000
+CT=A5CFC075B342D5101AACC334E73058BB
+
+I=11
+PT=00200000000000000000000000000000
+CT=477EA56B2EBAD0F8AC5E1936866560FF
+
+I=12
+PT=00100000000000000000000000000000
+CT=107E8598418404196EC59F63E45B7F6D
+
+I=13
+PT=00080000000000000000000000000000
+CT=FF6A891E7C1C074A68FEC291928FDD8D
+
+I=14
+PT=00040000000000000000000000000000
+CT=F64C250A13F45D377ADB7545B2B157A9
+
+I=15
+PT=00020000000000000000000000000000
+CT=FAD0F252086F11C830C65B63197CBC38
+
+I=16
+PT=00010000000000000000000000000000
+CT=9DCB89B209441F02AD0D25C6AB826629
+
+I=17
+PT=00008000000000000000000000000000
+CT=E62E4ED4E4F34EDC563710D960E09D4C
+
+I=18
+PT=00004000000000000000000000000000
+CT=98A1B926BA06895C3F2E84CCBACBC356
+
+I=19
+PT=00002000000000000000000000000000
+CT=29BE0BE4DB7F4D196718AEA38F3B0BFD
+
+I=20
+PT=00001000000000000000000000000000
+CT=F670C4EBECBA0B43E71F6D752BFD4854
+
+I=21
+PT=00000800000000000000000000000000
+CT=7D7666B4484CDB7E3605468E093A787C
+
+I=22
+PT=00000400000000000000000000000000
+CT=562D06B181C091DA6C43642AE99460C6
+
+I=23
+PT=00000200000000000000000000000000
+CT=AB0EFB5975E6186B7D76BC9672453488
+
+I=24
+PT=00000100000000000000000000000000
+CT=10C0756538E7BFF88D19AE2B1F7B859A
+
+I=25
+PT=00000080000000000000000000000000
+CT=AF7FCD5248F8C72F1695AA05DD1CADE0
+
+I=26
+PT=00000040000000000000000000000000
+CT=9841E555655609A75D7BE20B8A90EF1E
+
+I=27
+PT=00000020000000000000000000000000
+CT=27F9546E6A1B7464780000561783569C
+
+I=28
+PT=00000010000000000000000000000000
+CT=8671D935D7A8354EECB7288803D42D7A
+
+I=29
+PT=00000008000000000000000000000000
+CT=0DA44F508DEBC6F044394624FCEB8EBE
+
+I=30
+PT=00000004000000000000000000000000
+CT=AB137369BE6D93FBB18006BDB236EC09
+
+I=31
+PT=00000002000000000000000000000000
+CT=EB90C4E597A7E1779FFA260886E26F75
+
+I=32
+PT=00000001000000000000000000000000
+CT=618CF3588D5C128EAF252616230E08F7
+
+I=33
+PT=00000000800000000000000000000000
+CT=98DC4DB49D197AB9152D12B9DE2D73CA
+
+I=34
+PT=00000000400000000000000000000000
+CT=5BDDE24B15702A35E1F140C57D206443
+
+I=35
+PT=00000000200000000000000000000000
+CT=CF755809882BED8BA2F9F1A4ED296A2B
+
+I=36
+PT=00000000100000000000000000000000
+CT=F1A8DBB999538AE89D16F92A7F4D1DF1
+
+I=37
+PT=00000000080000000000000000000000
+CT=775222FDDAAECB81CF675C4E0B98179E
+
+I=38
+PT=00000000040000000000000000000000
+CT=12A648CADCD153C760A965826683119A
+
+I=39
+PT=00000000020000000000000000000000
+CT=0503FB10AB241E7CF45D8CDEEE474335
+
+I=40
+PT=00000000010000000000000000000000
+CT=3D299C0070CBBD831B802690B8E7CA24
+
+I=41
+PT=00000000008000000000000000000000
+CT=33105BD4D11D66753DC34D128BEFE3F4
+
+I=42
+PT=00000000004000000000000000000000
+CT=5EFCE2B4B987C0F77D27B44836881682
+
+I=43
+PT=00000000002000000000000000000000
+CT=7835449454128035D7F0EA99E327577B
+
+I=44
+PT=00000000001000000000000000000000
+CT=27BEDDA0601BE35122FB1D272D73AB3E
+
+I=45
+PT=00000000000800000000000000000000
+CT=54C3F99FF48E318CC515EDE75800C4B3
+
+I=46
+PT=00000000000400000000000000000000
+CT=C627C329F8E48299F6FDB23B9DBEA0BB
+
+I=47
+PT=00000000000200000000000000000000
+CT=1B6578F9E23BD8C1845A02431C5F9AA3
+
+I=48
+PT=00000000000100000000000000000000
+CT=6DB2FB8C0B9344D0547C0FF1292020C6
+
+I=49
+PT=00000000000080000000000000000000
+CT=4FAD9B2C37C131493FBEF53581FA4F83
+
+I=50
+PT=00000000000040000000000000000000
+CT=47502A01E93D2C87BD5584F6AFD3D99D
+
+I=51
+PT=00000000000020000000000000000000
+CT=056E1C6F651BFE50271B3B7A18E76D84
+
+I=52
+PT=00000000000010000000000000000000
+CT=5632BAF6627B3D96AD4E06FA6A561F55
+
+I=53
+PT=00000000000008000000000000000000
+CT=E29807CAACDFA2D41A7D9E91FA7FD8EB
+
+I=54
+PT=00000000000004000000000000000000
+CT=81DD44BB5D1822DEE605F9E6FF01D7B3
+
+I=55
+PT=00000000000002000000000000000000
+CT=5C3649925E47D7FF96482A8FBD9666FD
+
+I=56
+PT=00000000000001000000000000000000
+CT=695415A836E66E737887845EC08A1ADB
+
+I=57
+PT=00000000000000800000000000000000
+CT=F5416BCE292D9E2CEA5D1CC70BBAEED1
+
+I=58
+PT=00000000000000400000000000000000
+CT=7AEC4F1388FC29C47F7FED74ADDE8485
+
+I=59
+PT=00000000000000200000000000000000
+CT=82A9F1A6CE08BC4876E649D8A8EA7EB6
+
+I=60
+PT=00000000000000100000000000000000
+CT=B6296C88ADF1A792908B065EEB04BFC2
+
+I=61
+PT=00000000000000080000000000000000
+CT=E766A39AECCA40BDBFBE6FF3FA292913
+
+I=62
+PT=00000000000000040000000000000000
+CT=C6D081454EA00D83C23B5A62C84359E1
+
+I=63
+PT=00000000000000020000000000000000
+CT=85D259A79CCA80484504D1603F7A8F53
+
+I=64
+PT=00000000000000010000000000000000
+CT=D8291FA1C6DC250078824B2D0A20883F
+
+I=65
+PT=00000000000000008000000000000000
+CT=95387CB74C48FFBD1F8D64A6CC45E074
+
+I=66
+PT=00000000000000004000000000000000
+CT=A17F975F538F56CDF629B516011DE837
+
+I=67
+PT=00000000000000002000000000000000
+CT=B50B615A1654C6E1CB6AB33716C097FE
+
+I=68
+PT=00000000000000001000000000000000
+CT=7BBB2CBB874DF6C8B821DA7FB0F9011B
+
+I=69
+PT=00000000000000000800000000000000
+CT=E9EFE074D096A275E47CD2E6206DF6A1
+
+I=70
+PT=00000000000000000400000000000000
+CT=88F2F8D5A836406AE8BBB98C65BBDA55
+
+I=71
+PT=00000000000000000200000000000000
+CT=F64620D8D87585A3EF038B9AD58F5EA0
+
+I=72
+PT=00000000000000000100000000000000
+CT=694438EC141C8ED5F2F898B4554A298F
+
+I=73
+PT=00000000000000000080000000000000
+CT=3E6226EC7726A1EE5F5FA9B18CCE8C44
+
+I=74
+PT=00000000000000000040000000000000
+CT=8AB6949E79911647800B9E87362AB97A
+
+I=75
+PT=00000000000000000020000000000000
+CT=093C5CF24EDAF7F9F1C8A80DE4FF50A9
+
+I=76
+PT=00000000000000000010000000000000
+CT=28A36E50061F19E240351ED0E378CBF4
+
+I=77
+PT=00000000000000000008000000000000
+CT=B93BB36CB88BF26EA79198652AA51D3C
+
+I=78
+PT=00000000000000000004000000000000
+CT=DE4948083D044FAC9BCA6DA8CD67B8A6
+
+I=79
+PT=00000000000000000002000000000000
+CT=6E778B5BDA6CA118117E47470D080D3C
+
+I=80
+PT=00000000000000000001000000000000
+CT=0A9107324DA32B4281D032A3487EF875
+
+I=81
+PT=00000000000000000000800000000000
+CT=18ED5635312D71ABD123CCE779D4D68A
+
+I=82
+PT=00000000000000000000400000000000
+CT=2E3C63F95C4BC1F944BAB06DEDC9AA8E
+
+I=83
+PT=00000000000000000000200000000000
+CT=ACCC869EF07004C8C3C709083BE7BA2F
+
+I=84
+PT=00000000000000000000100000000000
+CT=DF60B34FB1A59147CC1FB049C1578206
+
+I=85
+PT=00000000000000000000080000000000
+CT=4228DC636C08E41021054AA0E1E2227A
+
+I=86
+PT=00000000000000000000040000000000
+CT=7CE27F66EFD735FFD6B3E1738C50495B
+
+I=87
+PT=00000000000000000000020000000000
+CT=F8E74B33A9CDE351DA0BBC06D69093D7
+
+I=88
+PT=00000000000000000000010000000000
+CT=AE0D22A5B37B8DC5D81CC641EED334D0
+
+I=89
+PT=00000000000000000000008000000000
+CT=C181C6CA5E163743458B9167A0B6A16A
+
+I=90
+PT=00000000000000000000004000000000
+CT=5171F4F6095E4B276CFBA1F07223FBE6
+
+I=91
+PT=00000000000000000000002000000000
+CT=2732F4D3A8C9D1D8D493840D6E0B864F
+
+I=92
+PT=00000000000000000000001000000000
+CT=3EF04E0059A061D973532CA5C1DFBE7B
+
+I=93
+PT=00000000000000000000000800000000
+CT=6D9A8F23579E4978EBAA87B5ADEB77E5
+
+I=94
+PT=00000000000000000000000400000000
+CT=BBD08873CC44BA4253C0C41FEEB7F124
+
+I=95
+PT=00000000000000000000000200000000
+CT=72E4B2437CBD283F3809CE686F6A591E
+
+I=96
+PT=00000000000000000000000100000000
+CT=6E5580514B92512B1BF4B1B987B9AA1B
+
+I=97
+PT=00000000000000000000000080000000
+CT=5EF5D0C5BCBDCB604D3A083B68CE0FA3
+
+I=98
+PT=00000000000000000000000040000000
+CT=9D991FDD723AD2182777A15CA0E0F665
+
+I=99
+PT=00000000000000000000000020000000
+CT=24440626EFC8F86BEA7DE78085AB8A22
+
+I=100
+PT=00000000000000000000000010000000
+CT=17C3630D62D13C1E826C0FCCBD74A864
+
+I=101
+PT=00000000000000000000000008000000
+CT=4CF5AB86A56AB134A7FE46CCE3F9FCE9
+
+I=102
+PT=00000000000000000000000004000000
+CT=3E6B9C0388F6D9B8F458F30221907607
+
+I=103
+PT=00000000000000000000000002000000
+CT=AD9C926B8A5CD98EEE88200617E59958
+
+I=104
+PT=00000000000000000000000001000000
+CT=AFF8AED5E075E02AF720CA4BF0028B3B
+
+I=105
+PT=00000000000000000000000000800000
+CT=D90EAFF909202BB209BB3BB8C7F9A954
+
+I=106
+PT=00000000000000000000000000400000
+CT=2C709B00E6A22F00F64A7D8EE341853F
+
+I=107
+PT=00000000000000000000000000200000
+CT=CCEC598F0D9F0BF201B2F487136D54A4
+
+I=108
+PT=00000000000000000000000000100000
+CT=73B2883A0A166AAE1BF14E60A5195FA3
+
+I=109
+PT=00000000000000000000000000080000
+CT=E676867BD9AD5EF915143388496779D7
+
+I=110
+PT=00000000000000000000000000040000
+CT=CDCB73D1BFCFD4BE7F1DAA9B1C6A4055
+
+I=111
+PT=00000000000000000000000000020000
+CT=02A3A5C89DAA24CD2C517F7A73286A89
+
+I=112
+PT=00000000000000000000000000010000
+CT=C0FA2AC9E92EE58C2DD12D6D43AB7035
+
+I=113
+PT=00000000000000000000000000008000
+CT=EDC2CB1F7291353BDBF2385519E6AE16
+
+I=114
+PT=00000000000000000000000000004000
+CT=B4B62D16D197A98CD3B978812B9D9884
+
+I=115
+PT=00000000000000000000000000002000
+CT=5CDFC95A529A905101CEA26BC1B891ED
+
+I=116
+PT=00000000000000000000000000001000
+CT=CC7150CD3650B98363296C7C4ED368D1
+
+I=117
+PT=00000000000000000000000000000800
+CT=CC57706B0C6526B8E25A5DBD32EACBDB
+
+I=118
+PT=00000000000000000000000000000400
+CT=30D30456AD98B182D64C649648F6AEC9
+
+I=119
+PT=00000000000000000000000000000200
+CT=D7E9DA7F631938EB649A08AF82FBD75F
+
+I=120
+PT=00000000000000000000000000000100
+CT=B8DA2AF6600B07895B5D0FFAF4991469
+
+I=121
+PT=00000000000000000000000000000080
+CT=0F6F64F930BA6C178943322B98114599
+
+I=122
+PT=00000000000000000000000000000040
+CT=8B1F247802E47C91BEE2AA34ECFD7A01
+
+I=123
+PT=00000000000000000000000000000020
+CT=7A6985778D3A66E97F23E01F0D0E45E7
+
+I=124
+PT=00000000000000000000000000000010
+CT=BA664AC39855518DFDEE10D1B3111FAE
+
+I=125
+PT=00000000000000000000000000000008
+CT=7C92854D801A1648F65CA81813DDBF83
+
+I=126
+PT=00000000000000000000000000000004
+CT=6A3F25AAB7E92D9CF378E5D9C040F26B
+
+I=127
+PT=00000000000000000000000000000002
+CT=3D4B2CDE666761BA5DFB305178E667FB
+
+I=128
+PT=00000000000000000000000000000001
+CT=9CDB269B5D293BC5DB9C55B057D9B591
+
+==========
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/camellia-test.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/camellia-test.c
new file mode 100644
index 00000000..23d14667
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/camellia-test.c
@@ -0,0 +1,141 @@
+/* lib/crypto/crypto_tests/camellia-test.c */
+/*
+ * Copyright (c) 2009
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * Subset of NIST tests for AES as applied to Camellia; specifically, the
+ * variable-key and variable-text tests for 128- and 256-bit keys.
+ */
+
+#include <stdio.h>
+#include "crypto_int.h"
+
+static char key[32];
+static char plain[16], cipher[16], zero[16];
+
+static krb5_keyblock enc_key;
+static krb5_data ivec;
+static void init()
+{
+    enc_key.contents = (unsigned char *)key;
+    enc_key.length = 16;
+    ivec.data = zero;
+    ivec.length = 16;
+}
+static void enc()
+{
+    krb5_key k;
+    krb5_crypto_iov iov;
+
+    memcpy(cipher, plain, 16);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(cipher, 16);
+    krb5_k_create_key(NULL, &enc_key, &k);
+    krb5int_camellia_encrypt(k, &ivec, &iov, 1);
+    krb5_k_free_key(NULL, k);
+}
+
+static void hexdump(const char *label, const char *cp, int len)
+{
+    printf("%s=", label);
+    while (len--) printf("%02X", 0xff & *cp++);
+    printf("\n");
+}
+
+static void set_bit(char *ptr, int bitnum)
+{
+    int bytenum;
+    bytenum = bitnum / 8;
+    bitnum %= 8;
+    /* First bit is the high bit! */
+    ptr[bytenum] = 1 << (7 - bitnum);
+}
+
+/* Variable-Key tests */
+static void vk_test_1(int len)
+{
+    int i;
+
+    enc_key.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC;
+    enc_key.length = len;
+    printf("\nKEYSIZE=%d\n\n", len * 8);
+    memset(plain, 0, sizeof(plain));
+    hexdump("PT", plain, 16);
+    for (i = 0; i < len * 8; i++) {
+	memset(key, 0, len);
+	set_bit(key, i);
+	printf("\nI=%d\n", i+1);
+	hexdump("KEY", key, len);
+	enc();
+	hexdump("CT", cipher, 16);
+    }
+    printf("\n==========\n");
+}
+static void vk_test()
+{
+    vk_test_1(16);
+    vk_test_1(32);
+}
+
+/* Variable-Text tests */
+static void vt_test_1(int len, krb5_enctype etype)
+{
+    int i;
+
+    enc_key.enctype = etype;
+    enc_key.length = len;
+    printf("\nKEYSIZE=%d\n\n", len * 8);
+    memset(key, 0, len);
+    hexdump("KEY", key, len);
+    for (i = 0; i < 16 * 8; i++) {
+	memset(plain, 0, sizeof(plain));
+	set_bit(plain, i);
+	printf("\nI=%d\n", i+1);
+	hexdump("PT", plain, 16);
+	enc();
+	hexdump("CT", cipher, 16);
+    }
+    printf("\n==========\n");
+}
+static void vt_test()
+{
+    vt_test_1(16, ENCTYPE_CAMELLIA128_CTS_CMAC);
+    vt_test_1(32, ENCTYPE_CAMELLIA256_CTS_CMAC);
+}
+
+int main (int argc, char *argv[])
+{
+    if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
+	fprintf(stderr,
+		"usage:\t%s -k\tfor variable-key tests\n"
+		"   or:\t%s   \tfor variable-plaintext tests\n",
+		argv[0], argv[0]);
+	return 1;
+    }
+    init();
+    if (argc == 2)
+	vk_test();
+    else
+	vt_test();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/deps b/krb5-1.21.3/src/lib/crypto/crypto_tests/deps
new file mode 100644
index 00000000..598b6e5e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/deps
@@ -0,0 +1,206 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)t_nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_nfold.c
+$(OUTPRE)t_encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_encrypt.c
+$(OUTPRE)t_decrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_decrypt.c
+$(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_prf.c
+$(OUTPRE)t_cmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_cmac.c
+$(OUTPRE)t_hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_hmac.c
+$(OUTPRE)t_pkcs5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_pkcs5.c
+$(OUTPRE)t_cts.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_cts.c
+$(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  vectors.c
+$(OUTPRE)aes-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aes-test.c
+$(OUTPRE)camellia-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  camellia-test.c
+$(OUTPRE)t_cf2.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h t_cf2.c
+$(OUTPRE)t_cksums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_cksums.c
+$(OUTPRE)t_mddriver.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_mddriver.c
+$(OUTPRE)t_kperf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_kperf.c
+$(OUTPRE)t_sha2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_sha2.c
+$(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_short.c
+$(OUTPRE)t_str2key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_str2key.c
+$(OUTPRE)t_derive.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_derive.c
+$(OUTPRE)t_fork.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_fork.c
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/expect-vk.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/expect-vk.txt
new file mode 100644
index 00000000..bbd2c587
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/expect-vk.txt
@@ -0,0 +1,1548 @@
+
+KEYSIZE=128
+
+PT=00000000000000000000000000000000
+
+I=1
+KEY=80000000000000000000000000000000
+CT=0EDD33D3C621E546455BD8BA1418BEC8
+
+I=2
+KEY=40000000000000000000000000000000
+CT=C0CC0C5DA5BD63ACD44A80774FAD5222
+
+I=3
+KEY=20000000000000000000000000000000
+CT=2F0B4B71BC77851B9CA56D42EB8FF080
+
+I=4
+KEY=10000000000000000000000000000000
+CT=6B1E2FFFE8A114009D8FE22F6DB5F876
+
+I=5
+KEY=08000000000000000000000000000000
+CT=9AA042C315F94CBB97B62202F83358F5
+
+I=6
+KEY=04000000000000000000000000000000
+CT=DBE01DE67E346A800C4C4B4880311DE4
+
+I=7
+KEY=02000000000000000000000000000000
+CT=C117D2238D53836ACD92DDCDB85D6A21
+
+I=8
+KEY=01000000000000000000000000000000
+CT=DC0ED85DF9611ABB7249CDD168C5467E
+
+I=9
+KEY=00800000000000000000000000000000
+CT=807D678FFF1F56FA92DE3381904842F2
+
+I=10
+KEY=00400000000000000000000000000000
+CT=0E53B3FCAD8E4B130EF73AEB957FB402
+
+I=11
+KEY=00200000000000000000000000000000
+CT=969FFD3B7C35439417E7BDE923035D65
+
+I=12
+KEY=00100000000000000000000000000000
+CT=A99B512C19CA56070491166A1503BF15
+
+I=13
+KEY=00080000000000000000000000000000
+CT=6E9985252126EE344D26AE369D2327E3
+
+I=14
+KEY=00040000000000000000000000000000
+CT=B85F4809F904C275491FCDCD1610387E
+
+I=15
+KEY=00020000000000000000000000000000
+CT=ED365B8D7D20C1F5D53FB94DD211DF7B
+
+I=16
+KEY=00010000000000000000000000000000
+CT=B3A575E86A8DB4A7135D604C43304896
+
+I=17
+KEY=00008000000000000000000000000000
+CT=89704BCB8E69F846259EB0ACCBC7F8A2
+
+I=18
+KEY=00004000000000000000000000000000
+CT=C56EE7C92197861F10D7A92B90882055
+
+I=19
+KEY=00002000000000000000000000000000
+CT=92F296F6846E0EAF9422A5A24A08B069
+
+I=20
+KEY=00001000000000000000000000000000
+CT=E67E32BB8F11DEB8699318BEE9E91A60
+
+I=21
+KEY=00000800000000000000000000000000
+CT=B08EEF85EAF626DD91B65C4C3A97D92B
+
+I=22
+KEY=00000400000000000000000000000000
+CT=661083A6ADDCE79BB4E0859AB5538013
+
+I=23
+KEY=00000200000000000000000000000000
+CT=55DFE2941E0EB10AFC0B333BD34DE1FE
+
+I=24
+KEY=00000100000000000000000000000000
+CT=6BFE5945E715C9662609770F8846087A
+
+I=25
+KEY=00000080000000000000000000000000
+CT=79848E9C30C2F8CDA8B325F7FED2B139
+
+I=26
+KEY=00000040000000000000000000000000
+CT=7A713A53B99FEF34AC04DEEF80965BD0
+
+I=27
+KEY=00000020000000000000000000000000
+CT=18144A2B46620D32C3C32CE52D49257F
+
+I=28
+KEY=00000010000000000000000000000000
+CT=872E827C70887C80749F7B8BB1847C7E
+
+I=29
+KEY=00000008000000000000000000000000
+CT=6B86C6A4FE6A60C59B1A3102F8DE49F3
+
+I=30
+KEY=00000004000000000000000000000000
+CT=9848BB3DFDF6F532F094679A4C231A20
+
+I=31
+KEY=00000002000000000000000000000000
+CT=925AD528E852E329B2091CD3F1C2BCEE
+
+I=32
+KEY=00000001000000000000000000000000
+CT=80DF436544B0DD596722E46792A40CD8
+
+I=33
+KEY=00000000800000000000000000000000
+CT=525DAF18F93E83E1E74BBBDDE4263BBA
+
+I=34
+KEY=00000000400000000000000000000000
+CT=F65C9D2EE485D24701FFA3313B9D5BE6
+
+I=35
+KEY=00000000200000000000000000000000
+CT=E4FC8D8BCA06425BDF94AFA40FCC14BA
+
+I=36
+KEY=00000000100000000000000000000000
+CT=A53F0A5CA1E4E6440BB975FF320DE6F8
+
+I=37
+KEY=00000000080000000000000000000000
+CT=D55313B9394080462E87E02899B553F0
+
+I=38
+KEY=00000000040000000000000000000000
+CT=34A71D761F71BCD344384C7F97D27906
+
+I=39
+KEY=00000000020000000000000000000000
+CT=233F3D819599612EBC89580245C996A8
+
+I=40
+KEY=00000000010000000000000000000000
+CT=B4F1374E5268DBCB676E447529E53F89
+
+I=41
+KEY=00000000008000000000000000000000
+CT=0816BD27861D2BA891D1044E39951E96
+
+I=42
+KEY=00000000004000000000000000000000
+CT=F3BE9EA3F10C73CA64FDE5DB13A951D1
+
+I=43
+KEY=00000000002000000000000000000000
+CT=2448086A8106FBD03048DDF857D3F1C8
+
+I=44
+KEY=00000000001000000000000000000000
+CT=670756E65BEC8B68F03D77CDCDCE7B91
+
+I=45
+KEY=00000000000800000000000000000000
+CT=EF968CF0D36FD6C6EFFD225F6FB44CA9
+
+I=46
+KEY=00000000000400000000000000000000
+CT=2E8767157922E3826DDCEC1B0CC1E105
+
+I=47
+KEY=00000000000200000000000000000000
+CT=78CE7EEC670E45A967BAB17E26A1AD36
+
+I=48
+KEY=00000000000100000000000000000000
+CT=3C5CEE825655F098F6E81A2F417DA3FB
+
+I=49
+KEY=00000000000080000000000000000000
+CT=67BFDB431DCE1292200BC6F5207ADB12
+
+I=50
+KEY=00000000000040000000000000000000
+CT=7540FD38E447C0779228548747843A6F
+
+I=51
+KEY=00000000000020000000000000000000
+CT=B85E513301F8A936EA9EC8A21A85B5E6
+
+I=52
+KEY=00000000000010000000000000000000
+CT=04C67DBF16C11427D507A455DE2C9BC5
+
+I=53
+KEY=00000000000008000000000000000000
+CT=03F75EB8959E55079CFFB4FF149A37B6
+
+I=54
+KEY=00000000000004000000000000000000
+CT=74550287F666C63BB9BC7838433434B0
+
+I=55
+KEY=00000000000002000000000000000000
+CT=7D537200195EBC3AEFD1EAAB1C385221
+
+I=56
+KEY=00000000000001000000000000000000
+CT=CE24E4D40C68A82B535CBD3C8E21652A
+
+I=57
+KEY=00000000000000800000000000000000
+CT=AB20072405AA8FC40265C6F1F3DC8BC0
+
+I=58
+KEY=00000000000000400000000000000000
+CT=6CFD2CF688F566B093F67B9B3839E80A
+
+I=59
+KEY=00000000000000200000000000000000
+CT=BD95977E6B7239D407A012C5544BF584
+
+I=60
+KEY=00000000000000100000000000000000
+CT=DF9C0130AC77E7C72C997F587B46DBE0
+
+I=61
+KEY=00000000000000080000000000000000
+CT=E7F1B82CADC53A648798945B34EFEFF2
+
+I=62
+KEY=00000000000000040000000000000000
+CT=932C6DBF69255CF13EDCDB72233ACEA3
+
+I=63
+KEY=00000000000000020000000000000000
+CT=5C76002BC7206560EFE550C80B8F12CC
+
+I=64
+KEY=00000000000000010000000000000000
+CT=F6B7BDD1CAEEBAB574683893C4475484
+
+I=65
+KEY=00000000000000008000000000000000
+CT=A920E37CC6DC6B31DA8C0169569F5034
+
+I=66
+KEY=00000000000000004000000000000000
+CT=919380ECD9C778BC513148B0C28D65FD
+
+I=67
+KEY=00000000000000002000000000000000
+CT=EE67308DD3F2D9E6C2170755E5784BE1
+
+I=68
+KEY=00000000000000001000000000000000
+CT=3CC73E53B85609023A05E149B223AE09
+
+I=69
+KEY=00000000000000000800000000000000
+CT=983E8AF7CF05EBB28D71EB841C9406E6
+
+I=70
+KEY=00000000000000000400000000000000
+CT=0F3099B2D31FA5299EE5BF43193287FC
+
+I=71
+KEY=00000000000000000200000000000000
+CT=B763D84F38C27FE6931DCEB6715D4DB6
+
+I=72
+KEY=00000000000000000100000000000000
+CT=5AE3C9B0E3CC29C0C61565CD01F8A248
+
+I=73
+KEY=00000000000000000080000000000000
+CT=F58083572CD90981958565D48D2DEE25
+
+I=74
+KEY=00000000000000000040000000000000
+CT=7E6255EEF8F70C0EF10337AAB1CCCEF8
+
+I=75
+KEY=00000000000000000020000000000000
+CT=AAD4BAC34DB22821841CE2F631961902
+
+I=76
+KEY=00000000000000000010000000000000
+CT=D7431C0409BB1441BA9C6858DC7D4E81
+
+I=77
+KEY=00000000000000000008000000000000
+CT=EF9298C65E339F6E801A59C626456993
+
+I=78
+KEY=00000000000000000004000000000000
+CT=53FE29F68FF541ABC3F0EF3350B72F7E
+
+I=79
+KEY=00000000000000000002000000000000
+CT=F6BBA5C10DB02529E2C2DA3FB582CC14
+
+I=80
+KEY=00000000000000000001000000000000
+CT=E4239AA37FC531A386DAD1126FC0E9CD
+
+I=81
+KEY=00000000000000000000800000000000
+CT=8F7758F857D15BBE7BFD0E416404C365
+
+I=82
+KEY=00000000000000000000400000000000
+CT=D273EB57C687BCD1B4EA7218A509E7B8
+
+I=83
+KEY=00000000000000000000200000000000
+CT=65D64F8D76E8B3423FA25C4EB58A210A
+
+I=84
+KEY=00000000000000000000100000000000
+CT=623D802B4EC450D66A16625702FCDBE0
+
+I=85
+KEY=00000000000000000000080000000000
+CT=7496460CB28E5791BAEAF9B68FB00022
+
+I=86
+KEY=00000000000000000000040000000000
+CT=34EA600F18BB0694B41681A49D510C1D
+
+I=87
+KEY=00000000000000000000020000000000
+CT=5F8FF0D47D5766D29B5D6E8F46423BD8
+
+I=88
+KEY=00000000000000000000010000000000
+CT=225F9286C5928BF09F84D3F93F541959
+
+I=89
+KEY=00000000000000000000008000000000
+CT=B21E90D25DF383416A5F072CEBEB1FFB
+
+I=90
+KEY=00000000000000000000004000000000
+CT=4AEFCDA089318125453EB9E8EB5E492E
+
+I=91
+KEY=00000000000000000000002000000000
+CT=4D3E75C6CD40EC4869BC85158591ADB8
+
+I=92
+KEY=00000000000000000000001000000000
+CT=63A8B904405436A1B99D7751866771B7
+
+I=93
+KEY=00000000000000000000000800000000
+CT=64F0DAAE47529199792EAE172BA53293
+
+I=94
+KEY=00000000000000000000000400000000
+CT=C3EEF84BEA18225D515A8C852A9047EE
+
+I=95
+KEY=00000000000000000000000200000000
+CT=A44AC422B47D47B81AF73B3E9AC9596E
+
+I=96
+KEY=00000000000000000000000100000000
+CT=D16E04A8FBC435094F8D53ADF25F5084
+
+I=97
+KEY=00000000000000000000000080000000
+CT=EF13DC34BAB03E124EEAD8B6BF44B532
+
+I=98
+KEY=00000000000000000000000040000000
+CT=D94799075C24DCC067AF0D392049250D
+
+I=99
+KEY=00000000000000000000000020000000
+CT=14F431771EDDCE4764C21A2254B5E3C8
+
+I=100
+KEY=00000000000000000000000010000000
+CT=7039329F36F2ED682B02991F28D64679
+
+I=101
+KEY=00000000000000000000000008000000
+CT=124EE24EDE5551639DB8B8B941F6141D
+
+I=102
+KEY=00000000000000000000000004000000
+CT=C2852879A34D5184E478EC918B993FEE
+
+I=103
+KEY=00000000000000000000000002000000
+CT=86A806A3525B93E432053C9AB5ABBEDF
+
+I=104
+KEY=00000000000000000000000001000000
+CT=C1609BF5A4F07E37C17A36366EC23ECC
+
+I=105
+KEY=00000000000000000000000000800000
+CT=7E81E7CB92159A51FFCEA331B1E8EA53
+
+I=106
+KEY=00000000000000000000000000400000
+CT=37A7BE002856C5A59A6E03EAFCE7729A
+
+I=107
+KEY=00000000000000000000000000200000
+CT=BDF98A5A4F91E890C9A1D1E5FAAB138F
+
+I=108
+KEY=00000000000000000000000000100000
+CT=4E96ACB66E051F2BC739CC3D3E34A26B
+
+I=109
+KEY=00000000000000000000000000080000
+CT=EE996CDD120EB86E21ECFA49E8E1FCF1
+
+I=110
+KEY=00000000000000000000000000040000
+CT=61B9E6B579DBF6070C351A1440DD85FF
+
+I=111
+KEY=00000000000000000000000000020000
+CT=AC369E484316440B40DFC83AA96E28E7
+
+I=112
+KEY=00000000000000000000000000010000
+CT=0A2D16DE985C76D45C579C1159413BBE
+
+I=113
+KEY=00000000000000000000000000008000
+CT=DA3FDC38DA1D374FA4802CDA1A1C6B0F
+
+I=114
+KEY=00000000000000000000000000004000
+CT=B842523D4C41C2211AFE43A5800ADCE3
+
+I=115
+KEY=00000000000000000000000000002000
+CT=9E2CDA90D8E992DBA6C73D8229567192
+
+I=116
+KEY=00000000000000000000000000001000
+CT=D49583B781D9E20F5BE101415957FC49
+
+I=117
+KEY=00000000000000000000000000000800
+CT=EF09DA5C12B376E458B9B8670032498E
+
+I=118
+KEY=00000000000000000000000000000400
+CT=A96BE0463DA774461A5E1D5A9DD1AC10
+
+I=119
+KEY=00000000000000000000000000000200
+CT=32CEE3341060790D2D4B1362EF397090
+
+I=120
+KEY=00000000000000000000000000000100
+CT=21CEA416A3D3359D2C4D58FB6A035F06
+
+I=121
+KEY=00000000000000000000000000000080
+CT=172AEAB3D507678ECAF455C12587ADB7
+
+I=122
+KEY=00000000000000000000000000000040
+CT=B6F897941EF8EBFF9FE80A567EF38478
+
+I=123
+KEY=00000000000000000000000000000020
+CT=A9723259D94A7DC662FB0C782CA3F1DD
+
+I=124
+KEY=00000000000000000000000000000010
+CT=2F91C984B9A4839F30001B9F430493B4
+
+I=125
+KEY=00000000000000000000000000000008
+CT=0472406345A610B048CB99EE0EF3FA0F
+
+I=126
+KEY=00000000000000000000000000000004
+CT=F5F39086646F8C05ED16EFA4B617957C
+
+I=127
+KEY=00000000000000000000000000000002
+CT=26D50F485A30408D5AF47A5736292450
+
+I=128
+KEY=00000000000000000000000000000001
+CT=0545AAD56DA2A97C3663D1432A3D1C84
+
+==========
+
+KEYSIZE=256
+
+PT=00000000000000000000000000000000
+
+I=1
+KEY=8000000000000000000000000000000000000000000000000000000000000000
+CT=E35A6DCB19B201A01EBCFA8AA22B5759
+
+I=2
+KEY=4000000000000000000000000000000000000000000000000000000000000000
+CT=5075C2405B76F22F553488CAE47CE90B
+
+I=3
+KEY=2000000000000000000000000000000000000000000000000000000000000000
+CT=49DF95D844A0145A7DE01C91793302D3
+
+I=4
+KEY=1000000000000000000000000000000000000000000000000000000000000000
+CT=E7396D778E940B8418A86120E5F421FE
+
+I=5
+KEY=0800000000000000000000000000000000000000000000000000000000000000
+CT=05F535C36FCEDE4657BE37F4087DB1EF
+
+I=6
+KEY=0400000000000000000000000000000000000000000000000000000000000000
+CT=D0C1DDDD10DA777C68AB36AF51F2C204
+
+I=7
+KEY=0200000000000000000000000000000000000000000000000000000000000000
+CT=1C55FB811B5C6464C4E5DE1535A75514
+
+I=8
+KEY=0100000000000000000000000000000000000000000000000000000000000000
+CT=52917F3AE957D5230D3A2AF57C7B5A71
+
+I=9
+KEY=0080000000000000000000000000000000000000000000000000000000000000
+CT=C6E3D5501752DD5E9AEF086D6B45D705
+
+I=10
+KEY=0040000000000000000000000000000000000000000000000000000000000000
+CT=A24A9C7AF1D9B1E17E1C9A3E711B3FA7
+
+I=11
+KEY=0020000000000000000000000000000000000000000000000000000000000000
+CT=B881ECA724A6D43DBC6B96F6F59A0D20
+
+I=12
+KEY=0010000000000000000000000000000000000000000000000000000000000000
+CT=EC524D9A24DFFF2A9639879B83B8E137
+
+I=13
+KEY=0008000000000000000000000000000000000000000000000000000000000000
+CT=34C4F345F5466215A037F443635D6F75
+
+I=14
+KEY=0004000000000000000000000000000000000000000000000000000000000000
+CT=5BA5055BEDB8895F672E29F2EB5A355D
+
+I=15
+KEY=0002000000000000000000000000000000000000000000000000000000000000
+CT=B3F692AA3A435259EBBEF9B51AD1E08D
+
+I=16
+KEY=0001000000000000000000000000000000000000000000000000000000000000
+CT=414FEB4376F2C64A5D2FBB2ED531BA7D
+
+I=17
+KEY=0000800000000000000000000000000000000000000000000000000000000000
+CT=A20D519E3BCA3303F07E81719F61605E
+
+I=18
+KEY=0000400000000000000000000000000000000000000000000000000000000000
+CT=A08D10E520AF811F45BD60A2DC0DC4B1
+
+I=19
+KEY=0000200000000000000000000000000000000000000000000000000000000000
+CT=B06893A8C563C430E6F3858826EFBBE4
+
+I=20
+KEY=0000100000000000000000000000000000000000000000000000000000000000
+CT=0FFEE26AE2D3929C6BD9C6BEDFF84409
+
+I=21
+KEY=0000080000000000000000000000000000000000000000000000000000000000
+CT=4D0F5E906ED77801FC0EF53EDC5F9E2B
+
+I=22
+KEY=0000040000000000000000000000000000000000000000000000000000000000
+CT=8B6EC00119AD8B026DCE56EA7DEFE930
+
+I=23
+KEY=0000020000000000000000000000000000000000000000000000000000000000
+CT=69026591D43363EE9D83B5007F0B484E
+
+I=24
+KEY=0000010000000000000000000000000000000000000000000000000000000000
+CT=27135D86950C6A2F86872706279A4761
+
+I=25
+KEY=0000008000000000000000000000000000000000000000000000000000000000
+CT=35E6DB8723F281DA410C3AC8535ED77C
+
+I=26
+KEY=0000004000000000000000000000000000000000000000000000000000000000
+CT=57427CF214B8C28E4BBF487CCB8D0E09
+
+I=27
+KEY=0000002000000000000000000000000000000000000000000000000000000000
+CT=6DF01BF56E5131AC87F96E99CAB86367
+
+I=28
+KEY=0000001000000000000000000000000000000000000000000000000000000000
+CT=3856C5B55790B768BBF7D43031579BCF
+
+I=29
+KEY=0000000800000000000000000000000000000000000000000000000000000000
+CT=1E6ED8FB7C15BC4D2F63BA7037ED44D0
+
+I=30
+KEY=0000000400000000000000000000000000000000000000000000000000000000
+CT=E1B2ED6CD8D93D455534E401156D4BCF
+
+I=31
+KEY=0000000200000000000000000000000000000000000000000000000000000000
+CT=EFBCCA5BDFDAD10E875F02336212CE36
+
+I=32
+KEY=0000000100000000000000000000000000000000000000000000000000000000
+CT=0B777F02FD18DCE2646DCFE868DFAFAD
+
+I=33
+KEY=0000000080000000000000000000000000000000000000000000000000000000
+CT=C8A104B5693D1B14F5BF1F10100BF508
+
+I=34
+KEY=0000000040000000000000000000000000000000000000000000000000000000
+CT=4CCE6615244AFCB38408FECE219962EA
+
+I=35
+KEY=0000000020000000000000000000000000000000000000000000000000000000
+CT=F99E7845D3A255B394C9C050CBA258B1
+
+I=36
+KEY=0000000010000000000000000000000000000000000000000000000000000000
+CT=B4AFBB787F9BCFB7B55FDF447F611295
+
+I=37
+KEY=0000000008000000000000000000000000000000000000000000000000000000
+CT=AE1C426A697FAF2808B7EF6ADDB5C020
+
+I=38
+KEY=0000000004000000000000000000000000000000000000000000000000000000
+CT=7572F92811A85B9BDD38DEAD9945BCAE
+
+I=39
+KEY=0000000002000000000000000000000000000000000000000000000000000000
+CT=71BC7AA46E43FB95A181527D9F6A360F
+
+I=40
+KEY=0000000001000000000000000000000000000000000000000000000000000000
+CT=5542EF2923066F1EC8F546DD0D8E7CA8
+
+I=41
+KEY=0000000000800000000000000000000000000000000000000000000000000000
+CT=6B92317C7D623790B748FDD7EFC42422
+
+I=42
+KEY=0000000000400000000000000000000000000000000000000000000000000000
+CT=0FE7C097E899C71EF045360F8D6C25CF
+
+I=43
+KEY=0000000000200000000000000000000000000000000000000000000000000000
+CT=4ECE7EE107D0264D04693151C25B9DF6
+
+I=44
+KEY=0000000000100000000000000000000000000000000000000000000000000000
+CT=FD6AE687CBFCA9E301045888D3BB9605
+
+I=45
+KEY=0000000000080000000000000000000000000000000000000000000000000000
+CT=476B579C8556C7254424902CC1D6D36E
+
+I=46
+KEY=0000000000040000000000000000000000000000000000000000000000000000
+CT=4133CBCDFDD6B8860A1FC18665D6D71B
+
+I=47
+KEY=0000000000020000000000000000000000000000000000000000000000000000
+CT=3B36EC2664798C108B816812C65DFDC7
+
+I=48
+KEY=0000000000010000000000000000000000000000000000000000000000000000
+CT=364E20A234FEA385D48DC5A09C9E70CF
+
+I=49
+KEY=0000000000008000000000000000000000000000000000000000000000000000
+CT=4A4BA25969DE3F5EE5642C71AAD0EFD1
+
+I=50
+KEY=0000000000004000000000000000000000000000000000000000000000000000
+CT=E42CBAAE43297F67A76C1C501BB79E36
+
+I=51
+KEY=0000000000002000000000000000000000000000000000000000000000000000
+CT=23CEDEDA4C15B4C037E8C61492217937
+
+I=52
+KEY=0000000000001000000000000000000000000000000000000000000000000000
+CT=A1719147A1F4A1A1180BD16E8593DCDE
+
+I=53
+KEY=0000000000000800000000000000000000000000000000000000000000000000
+CT=AB82337E9FB0EC60D1F25A1D0014192C
+
+I=54
+KEY=0000000000000400000000000000000000000000000000000000000000000000
+CT=74BF2D8FC5A8388DF1A3A4D7D33FC164
+
+I=55
+KEY=0000000000000200000000000000000000000000000000000000000000000000
+CT=D5B493317E6FBC6FFFD664B3C491368A
+
+I=56
+KEY=0000000000000100000000000000000000000000000000000000000000000000
+CT=BA767381586DA56A2A8D503D5F7ADA0B
+
+I=57
+KEY=0000000000000080000000000000000000000000000000000000000000000000
+CT=E8E6BC57DFE9CCADB0DECABF4E5CF91F
+
+I=58
+KEY=0000000000000040000000000000000000000000000000000000000000000000
+CT=3C8E5A5CDC9CEED90815D1F84BB2998C
+
+I=59
+KEY=0000000000000020000000000000000000000000000000000000000000000000
+CT=283843020BA38F056001B2FD585F7CC9
+
+I=60
+KEY=0000000000000010000000000000000000000000000000000000000000000000
+CT=D8ADC7426F623ECE8741A70621D28870
+
+I=61
+KEY=0000000000000008000000000000000000000000000000000000000000000000
+CT=D7C5C215592D06F00E6A80DA69A28EA9
+
+I=62
+KEY=0000000000000004000000000000000000000000000000000000000000000000
+CT=52CF6FA433C3C870CAC70190358F7F16
+
+I=63
+KEY=0000000000000002000000000000000000000000000000000000000000000000
+CT=F63D442A584DA71786ADEC9F3346DF75
+
+I=64
+KEY=0000000000000001000000000000000000000000000000000000000000000000
+CT=549078F4B0CA7079B45F9A5ADAFAFD99
+
+I=65
+KEY=0000000000000000800000000000000000000000000000000000000000000000
+CT=F2A5986EE4E9984BE2BAFB79EA8152FA
+
+I=66
+KEY=0000000000000000400000000000000000000000000000000000000000000000
+CT=8A74535017B4DB2776668A1FAE64384C
+
+I=67
+KEY=0000000000000000200000000000000000000000000000000000000000000000
+CT=E613342F57A97FD95DC088711A5D0ECD
+
+I=68
+KEY=0000000000000000100000000000000000000000000000000000000000000000
+CT=3FFAEBF6B22CF1DC82AE17CD48175B01
+
+I=69
+KEY=0000000000000000080000000000000000000000000000000000000000000000
+CT=BAFD52EFA15C248CCBF9757735E6B1CE
+
+I=70
+KEY=0000000000000000040000000000000000000000000000000000000000000000
+CT=7AF94BC018D9DDD4539D2DD1C6F4000F
+
+I=71
+KEY=0000000000000000020000000000000000000000000000000000000000000000
+CT=FE177AD61CA0FDB281086FBA8FE76803
+
+I=72
+KEY=0000000000000000010000000000000000000000000000000000000000000000
+CT=74DBEA15E2E9285BAD163D7D534251B6
+
+I=73
+KEY=0000000000000000008000000000000000000000000000000000000000000000
+CT=23DD21331B3A92F200FE56FF050FFE74
+
+I=74
+KEY=0000000000000000004000000000000000000000000000000000000000000000
+CT=A69C5AA34AB20A858CAFA766EACED6D8
+
+I=75
+KEY=0000000000000000002000000000000000000000000000000000000000000000
+CT=3F72BB4DF2A4F941A4A09CB78F04B97A
+
+I=76
+KEY=0000000000000000001000000000000000000000000000000000000000000000
+CT=72CC43577E1FD5FD14622D24D97FCDCC
+
+I=77
+KEY=0000000000000000000800000000000000000000000000000000000000000000
+CT=D83AF8EBE93E0B6B99CAFADE224937D1
+
+I=78
+KEY=0000000000000000000400000000000000000000000000000000000000000000
+CT=44042329128D56CAA8D084C8BD769D1E
+
+I=79
+KEY=0000000000000000000200000000000000000000000000000000000000000000
+CT=14102D72290DE4F2C430ADD1ED64BA1D
+
+I=80
+KEY=0000000000000000000100000000000000000000000000000000000000000000
+CT=449124097B1ECD0AE7065206DF06F03C
+
+I=81
+KEY=0000000000000000000080000000000000000000000000000000000000000000
+CT=D060A99F8CC153A42E11E5F97BD7584A
+
+I=82
+KEY=0000000000000000000040000000000000000000000000000000000000000000
+CT=65605B3EA9261488D53E48602ADEA299
+
+I=83
+KEY=0000000000000000000020000000000000000000000000000000000000000000
+CT=C5E5CAD7A208DE8EA6BE049EFE5C7346
+
+I=84
+KEY=0000000000000000000010000000000000000000000000000000000000000000
+CT=4C280C46D2181646048DD5BC0C0831A5
+
+I=85
+KEY=0000000000000000000008000000000000000000000000000000000000000000
+CT=5DD65CF37F2A0929559AABAFDA08E730
+
+I=86
+KEY=0000000000000000000004000000000000000000000000000000000000000000
+CT=31F2335CAAF264172F69A693225E6D22
+
+I=87
+KEY=0000000000000000000002000000000000000000000000000000000000000000
+CT=3E28B35F99A72662590DA96426DD377F
+
+I=88
+KEY=0000000000000000000001000000000000000000000000000000000000000000
+CT=570F40F5D7B20441486578ED344343BE
+
+I=89
+KEY=0000000000000000000000800000000000000000000000000000000000000000
+CT=C54308AD1C9E3B19F8B7417873045A8C
+
+I=90
+KEY=0000000000000000000000400000000000000000000000000000000000000000
+CT=CBF335E39CE13ADE2B696179E8FD0CE1
+
+I=91
+KEY=0000000000000000000000200000000000000000000000000000000000000000
+CT=9C2FBF422355D8293083D51F4A3C18A9
+
+I=92
+KEY=0000000000000000000000100000000000000000000000000000000000000000
+CT=5ED8B5A31ECEFAB16C9AA6986DA67BCE
+
+I=93
+KEY=0000000000000000000000080000000000000000000000000000000000000000
+CT=627815DCFC814ABC75900041B1DD7B59
+
+I=94
+KEY=0000000000000000000000040000000000000000000000000000000000000000
+CT=9EF3E82A50A59F166260494F7A7F2CC3
+
+I=95
+KEY=0000000000000000000000020000000000000000000000000000000000000000
+CT=878CD0D8D920888B5935D6C351128737
+
+I=96
+KEY=0000000000000000000000010000000000000000000000000000000000000000
+CT=E44429474D6FC3084EB2A6B8B46AF754
+
+I=97
+KEY=0000000000000000000000008000000000000000000000000000000000000000
+CT=EBAACF9641D54E1FB18D0A2BE4F19BE5
+
+I=98
+KEY=0000000000000000000000004000000000000000000000000000000000000000
+CT=13B3BF497CEE780E123C7E193DEA3A01
+
+I=99
+KEY=0000000000000000000000002000000000000000000000000000000000000000
+CT=6E8F381DE00A41161F0DF03B4155BFD4
+
+I=100
+KEY=0000000000000000000000001000000000000000000000000000000000000000
+CT=35E4F29BBA2BAE01144910783C3FEF49
+
+I=101
+KEY=0000000000000000000000000800000000000000000000000000000000000000
+CT=55B17BD66788CEAC366398A31F289FFB
+
+I=102
+KEY=0000000000000000000000000400000000000000000000000000000000000000
+CT=11341F56C0D6D1008D28741DAA7679CE
+
+I=103
+KEY=0000000000000000000000000200000000000000000000000000000000000000
+CT=4DF7253DF421D83358BDBE924745D98C
+
+I=104
+KEY=0000000000000000000000000100000000000000000000000000000000000000
+CT=BAE2EE651116D93EDC8E83B5F3347BE1
+
+I=105
+KEY=0000000000000000000000000080000000000000000000000000000000000000
+CT=F9721ABD06709157183AF3965A659D9D
+
+I=106
+KEY=0000000000000000000000000040000000000000000000000000000000000000
+CT=19A1C252A613FE2860A4AE6D75CE6FA3
+
+I=107
+KEY=0000000000000000000000000020000000000000000000000000000000000000
+CT=B5DDB2F5D9752C949FBDE3FFF5556C6E
+
+I=108
+KEY=0000000000000000000000000010000000000000000000000000000000000000
+CT=81B044FCFFC78ECCFCD171AAD0405C66
+
+I=109
+KEY=0000000000000000000000000008000000000000000000000000000000000000
+CT=C640566D3C06020EB2C42F1D62E56A9B
+
+I=110
+KEY=0000000000000000000000000004000000000000000000000000000000000000
+CT=EA6C4BCF425291679FDFFD26A424FBCC
+
+I=111
+KEY=0000000000000000000000000002000000000000000000000000000000000000
+CT=57F6901465D9440D9F15EE2CBA5A4090
+
+I=112
+KEY=0000000000000000000000000001000000000000000000000000000000000000
+CT=FBCFA74CADC7406260F63D96C8AAB6B1
+
+I=113
+KEY=0000000000000000000000000000800000000000000000000000000000000000
+CT=DFF4F096CEA211D4BBDACA033D0EC7D1
+
+I=114
+KEY=0000000000000000000000000000400000000000000000000000000000000000
+CT=1EE5190D551F0F42F675227A381296A9
+
+I=115
+KEY=0000000000000000000000000000200000000000000000000000000000000000
+CT=F98E1905012E580F097623C10B93054F
+
+I=116
+KEY=0000000000000000000000000000100000000000000000000000000000000000
+CT=E7D43743D21DD3C9F168C86856558B9A
+
+I=117
+KEY=0000000000000000000000000000080000000000000000000000000000000000
+CT=632A9DDA730DAB67593C5D08D8AC1059
+
+I=118
+KEY=0000000000000000000000000000040000000000000000000000000000000000
+CT=E084317000715B9057BC9DE9F3AB6124
+
+I=119
+KEY=0000000000000000000000000000020000000000000000000000000000000000
+CT=61F9EF33A0BB4E666C2ED99101919FAB
+
+I=120
+KEY=0000000000000000000000000000010000000000000000000000000000000000
+CT=6DC1D68A11834657D46703C22578D59A
+
+I=121
+KEY=0000000000000000000000000000008000000000000000000000000000000000
+CT=53AC1548863D3D16F1D4DC7242E05F2C
+
+I=122
+KEY=0000000000000000000000000000004000000000000000000000000000000000
+CT=E82CD587A408306AD78CEAE0916B9F8C
+
+I=123
+KEY=0000000000000000000000000000002000000000000000000000000000000000
+CT=0FD2D40EA6AD17A3A767F0A8600D6295
+
+I=124
+KEY=0000000000000000000000000000001000000000000000000000000000000000
+CT=AD84CC8255ADB39DFCA23F92761AE7E9
+
+I=125
+KEY=0000000000000000000000000000000800000000000000000000000000000000
+CT=F4F20CF7D51BEE7DA024A2B11A7ECA0B
+
+I=126
+KEY=0000000000000000000000000000000400000000000000000000000000000000
+CT=5057691B85D9CE93A193214DB0A016B6
+
+I=127
+KEY=0000000000000000000000000000000200000000000000000000000000000000
+CT=0F58C960876390BDEF4BB6BE95CAA1EE
+
+I=128
+KEY=0000000000000000000000000000000100000000000000000000000000000000
+CT=9A3E66EEBC21BC0BD9430B341EF465FA
+
+I=129
+KEY=0000000000000000000000000000000080000000000000000000000000000000
+CT=20415035F34B8BCBCB28ABF07F78F0D4
+
+I=130
+KEY=0000000000000000000000000000000040000000000000000000000000000000
+CT=AC89FC7BA10479EBF10DE65BCEF89B3C
+
+I=131
+KEY=0000000000000000000000000000000020000000000000000000000000000000
+CT=068FA75A30BE443171AF3F6FEB1A20D2
+
+I=132
+KEY=0000000000000000000000000000000010000000000000000000000000000000
+CT=50E02F213246C525A8C27700CA34B502
+
+I=133
+KEY=0000000000000000000000000000000008000000000000000000000000000000
+CT=227DA47D5A0906DB3AB042BB0A695FB6
+
+I=134
+KEY=0000000000000000000000000000000004000000000000000000000000000000
+CT=8663AC30ED12514F1DE46777F4514BFC
+
+I=135
+KEY=0000000000000000000000000000000002000000000000000000000000000000
+CT=A987D4BC12E1DE9F4B6DF43567C34A8B
+
+I=136
+KEY=0000000000000000000000000000000001000000000000000000000000000000
+CT=6D5A0370F599ACA605F63B04E5143D0C
+
+I=137
+KEY=0000000000000000000000000000000000800000000000000000000000000000
+CT=9809266E378B07B7AFDB3BAA97B7E442
+
+I=138
+KEY=0000000000000000000000000000000000400000000000000000000000000000
+CT=8F753252B30CCCACE12D9A301F4D5090
+
+I=139
+KEY=0000000000000000000000000000000000200000000000000000000000000000
+CT=032465F6C0CE34D41962F561692A1AFF
+
+I=140
+KEY=0000000000000000000000000000000000100000000000000000000000000000
+CT=C50E9AD5BEB8F3B00821DD47FF8AC093
+
+I=141
+KEY=0000000000000000000000000000000000080000000000000000000000000000
+CT=9C6FEA3D46268D54A6829B2AD25BB276
+
+I=142
+KEY=0000000000000000000000000000000000040000000000000000000000000000
+CT=0FD8575E87706F561343D7B3A41E044A
+
+I=143
+KEY=0000000000000000000000000000000000020000000000000000000000000000
+CT=BEE9BEB3739540D88CBCE77925F0A114
+
+I=144
+KEY=0000000000000000000000000000000000010000000000000000000000000000
+CT=D24EAEE7FFFBAC3D6F26C2DCE0DCDE28
+
+I=145
+KEY=0000000000000000000000000000000000008000000000000000000000000000
+CT=47771A90398FF0F7FA821C2F8F5E1398
+
+I=146
+KEY=0000000000000000000000000000000000004000000000000000000000000000
+CT=4639741B6F84B135AD118C8249B64ED0
+
+I=147
+KEY=0000000000000000000000000000000000002000000000000000000000000000
+CT=8EE5505EC85567697A3306F250A27720
+
+I=148
+KEY=0000000000000000000000000000000000001000000000000000000000000000
+CT=7C8A19AC1AEFBC5E0119D91A5F05D4C2
+
+I=149
+KEY=0000000000000000000000000000000000000800000000000000000000000000
+CT=5141B9B672E54773B672E3A6C424887B
+
+I=150
+KEY=0000000000000000000000000000000000000400000000000000000000000000
+CT=B5A2D3CD206653C6402F34FB0AE3613D
+
+I=151
+KEY=0000000000000000000000000000000000000200000000000000000000000000
+CT=0F5BD9408738231D114B0A82753279A3
+
+I=152
+KEY=0000000000000000000000000000000000000100000000000000000000000000
+CT=FEF033FF4268EA487FC74C5E43A45338
+
+I=153
+KEY=0000000000000000000000000000000000000080000000000000000000000000
+CT=A3EDC09DCD529B113910D904AD855581
+
+I=154
+KEY=0000000000000000000000000000000000000040000000000000000000000000
+CT=AB8FBB6F27A0AC7C55B59FDD36B72F1C
+
+I=155
+KEY=0000000000000000000000000000000000000020000000000000000000000000
+CT=EEA44D5ED4D769CC930CD83D8999EC46
+
+I=156
+KEY=0000000000000000000000000000000000000010000000000000000000000000
+CT=6972276803AE9AA7C6F431AB10979C34
+
+I=157
+KEY=0000000000000000000000000000000000000008000000000000000000000000
+CT=86DEAA9F39244101818178474D7DBDE9
+
+I=158
+KEY=0000000000000000000000000000000000000004000000000000000000000000
+CT=88C6B466EA361D662D8D08CBF181F4FE
+
+I=159
+KEY=0000000000000000000000000000000000000002000000000000000000000000
+CT=91AB2C6B7C63FF59F7CBEEBF91B20B95
+
+I=160
+KEY=0000000000000000000000000000000000000001000000000000000000000000
+CT=2DFE6C146AD5B3D8C3C1718F13B48E01
+
+I=161
+KEY=0000000000000000000000000000000000000000800000000000000000000000
+CT=C7CFF1623451711391A302EEC3584AAA
+
+I=162
+KEY=0000000000000000000000000000000000000000400000000000000000000000
+CT=089FE845CC05011686C66019D18BE050
+
+I=163
+KEY=0000000000000000000000000000000000000000200000000000000000000000
+CT=08C8410B9B427211A67124B0DCCEAD48
+
+I=164
+KEY=0000000000000000000000000000000000000000100000000000000000000000
+CT=8D91592F5566085254784606334D7629
+
+I=165
+KEY=0000000000000000000000000000000000000000080000000000000000000000
+CT=3298FEAAF2E1201D6299FF8846639C97
+
+I=166
+KEY=0000000000000000000000000000000000000000040000000000000000000000
+CT=C497CB9F0BDFE0EFC8C2F3F90760AA72
+
+I=167
+KEY=0000000000000000000000000000000000000000020000000000000000000000
+CT=2788AFD046E0309CBE4424690DA2AB89
+
+I=168
+KEY=0000000000000000000000000000000000000000010000000000000000000000
+CT=E9891707F25EF29FEE372890D4258982
+
+I=169
+KEY=0000000000000000000000000000000000000000008000000000000000000000
+CT=DB041D94A23D45D4D4DCED5A030CAF61
+
+I=170
+KEY=0000000000000000000000000000000000000000004000000000000000000000
+CT=FFAFDBF0ECB18DF9EA02C27077448E6D
+
+I=171
+KEY=0000000000000000000000000000000000000000002000000000000000000000
+CT=2DAAA42A7D0A1D3B0E4761D99CF2150A
+
+I=172
+KEY=0000000000000000000000000000000000000000001000000000000000000000
+CT=3B7A54CB7CF30ABE263DD6ED5BFE8D63
+
+I=173
+KEY=0000000000000000000000000000000000000000000800000000000000000000
+CT=EEFA090174C590C448A55D43648F534A
+
+I=174
+KEY=0000000000000000000000000000000000000000000400000000000000000000
+CT=9E15798731ED42F43EA2740A691DA872
+
+I=175
+KEY=0000000000000000000000000000000000000000000200000000000000000000
+CT=31FBD661540A5DEAAD1017CFD3909EC8
+
+I=176
+KEY=0000000000000000000000000000000000000000000100000000000000000000
+CT=CDA9AE05F224140E28CB951721B44D6A
+
+I=177
+KEY=0000000000000000000000000000000000000000000080000000000000000000
+CT=0C5BC512C60A1EAC3434EFB1A8FBB182
+
+I=178
+KEY=0000000000000000000000000000000000000000000040000000000000000000
+CT=AA863610DEEEEB62D045E87EA30B59B5
+
+I=179
+KEY=0000000000000000000000000000000000000000000020000000000000000000
+CT=6AC2448DE568D279C7EEBE1DF403920C
+
+I=180
+KEY=0000000000000000000000000000000000000000000010000000000000000000
+CT=E2011E3D292B26888AE801215FD0CB40
+
+I=181
+KEY=0000000000000000000000000000000000000000000008000000000000000000
+CT=E06F3E15EE3A61672D1C99BADE5B9DBE
+
+I=182
+KEY=0000000000000000000000000000000000000000000004000000000000000000
+CT=BB7027F0548CF6712CEB4C7A4B28E178
+
+I=183
+KEY=0000000000000000000000000000000000000000000002000000000000000000
+CT=061EC21FB70FADBDF87C3BD2AE23825B
+
+I=184
+KEY=0000000000000000000000000000000000000000000001000000000000000000
+CT=4C21F26FE94ABBAC381352375314C3EB
+
+I=185
+KEY=0000000000000000000000000000000000000000000000800000000000000000
+CT=F7CEE6DD99909C2B569EEDA61ED8942E
+
+I=186
+KEY=0000000000000000000000000000000000000000000000400000000000000000
+CT=CE98C4A876C65E4CCB261EBB1D9DF7F5
+
+I=187
+KEY=0000000000000000000000000000000000000000000000200000000000000000
+CT=A5491881CF833C3604ABC08044F402AC
+
+I=188
+KEY=0000000000000000000000000000000000000000000000100000000000000000
+CT=A1BA16E64CCCB3087D57A768507B0BFC
+
+I=189
+KEY=0000000000000000000000000000000000000000000000080000000000000000
+CT=D55951E202D2949EBD3BE43120C738BF
+
+I=190
+KEY=0000000000000000000000000000000000000000000000040000000000000000
+CT=EBB8E43069E69F450EFEC65DCD52B7FD
+
+I=191
+KEY=0000000000000000000000000000000000000000000000020000000000000000
+CT=2B292135663B4AA5ABFE9423D57E7EE9
+
+I=192
+KEY=0000000000000000000000000000000000000000000000010000000000000000
+CT=E91BF974B3BE3AD966249D8655292A85
+
+I=193
+KEY=0000000000000000000000000000000000000000000000008000000000000000
+CT=384365998EAA9562236CC58F6ADF9610
+
+I=194
+KEY=0000000000000000000000000000000000000000000000004000000000000000
+CT=C2E997012AA3D4D8D359C9A947CBE69F
+
+I=195
+KEY=0000000000000000000000000000000000000000000000002000000000000000
+CT=F49421204148BA213BE87E2D5C22B0BF
+
+I=196
+KEY=0000000000000000000000000000000000000000000000001000000000000000
+CT=82ED0ED9953AA92E4DF30929CA65C00F
+
+I=197
+KEY=0000000000000000000000000000000000000000000000000800000000000000
+CT=291EB1D11653C8479437C74A977F5106
+
+I=198
+KEY=0000000000000000000000000000000000000000000000000400000000000000
+CT=BCB997B1939B8983ABD550D6025683E3
+
+I=199
+KEY=0000000000000000000000000000000000000000000000000200000000000000
+CT=1FBA2592C6F489775CAADA71F9B983E9
+
+I=200
+KEY=0000000000000000000000000000000000000000000000000100000000000000
+CT=969F66F217AF1A3DB9E41C1B29039824
+
+I=201
+KEY=0000000000000000000000000000000000000000000000000080000000000000
+CT=A54BB7D6B17E423AC0A7744C19073CB8
+
+I=202
+KEY=0000000000000000000000000000000000000000000000000040000000000000
+CT=B0AC6E6578D1021F47DCF9748A32EAD5
+
+I=203
+KEY=0000000000000000000000000000000000000000000000000020000000000000
+CT=B87B361C3B7B194C77A4358D4669153E
+
+I=204
+KEY=0000000000000000000000000000000000000000000000000010000000000000
+CT=46A133847F96EAA8282A799DC8899D58
+
+I=205
+KEY=0000000000000000000000000000000000000000000000000008000000000000
+CT=2265EC3A9F2D5C9547A091CC8CFB18EA
+
+I=206
+KEY=0000000000000000000000000000000000000000000000000004000000000000
+CT=54CBF3A6FC4FE56D426117AA1FFD1DDE
+
+I=207
+KEY=0000000000000000000000000000000000000000000000000002000000000000
+CT=5312877CCEAB6CFB0905394A370A8003
+
+I=208
+KEY=0000000000000000000000000000000000000000000000000001000000000000
+CT=7190BD6EC613FE38B84ECFE28F702FE4
+
+I=209
+KEY=0000000000000000000000000000000000000000000000000000800000000000
+CT=D1FA5B9CA89A43B04C05F0EF29EF68CD
+
+I=210
+KEY=0000000000000000000000000000000000000000000000000000400000000000
+CT=808285751548ED934FD1056D2D9AE8BA
+
+I=211
+KEY=0000000000000000000000000000000000000000000000000000200000000000
+CT=2758DEF3E7B95A9AE89777BE64D5A6CF
+
+I=212
+KEY=0000000000000000000000000000000000000000000000000000100000000000
+CT=07D81F87DB3E0ACC82B01E08FB22F3C1
+
+I=213
+KEY=0000000000000000000000000000000000000000000000000000080000000000
+CT=8DA250E5553D650711A75EE1CB4FD1C7
+
+I=214
+KEY=0000000000000000000000000000000000000000000000000000040000000000
+CT=A93D946BD0E87F32719DF5F158CEE669
+
+I=215
+KEY=0000000000000000000000000000000000000000000000000000020000000000
+CT=03945236EC2A4D4EAF30B8ABEB54330D
+
+I=216
+KEY=0000000000000000000000000000000000000000000000000000010000000000
+CT=11CC35301F24B79DDE31AEA2D1354F88
+
+I=217
+KEY=0000000000000000000000000000000000000000000000000000008000000000
+CT=E73715B3E8D9A290F44AE6FFBF247E5D
+
+I=218
+KEY=0000000000000000000000000000000000000000000000000000004000000000
+CT=7345E07732B71CB158BBF64CCA5C5B96
+
+I=219
+KEY=0000000000000000000000000000000000000000000000000000002000000000
+CT=6E128F296D24705A1924FD9B70C4ED04
+
+I=220
+KEY=0000000000000000000000000000000000000000000000000000001000000000
+CT=95A789776F036783FBD330947083F54F
+
+I=221
+KEY=0000000000000000000000000000000000000000000000000000000800000000
+CT=360DEC2533EA4AA2E3E54FD3DE2906EB
+
+I=222
+KEY=0000000000000000000000000000000000000000000000000000000400000000
+CT=E68EFD7FECF4D601EA22727BD764965B
+
+I=223
+KEY=0000000000000000000000000000000000000000000000000000000200000000
+CT=9065C64A8BFF44AC33EDBB611CF83D7B
+
+I=224
+KEY=0000000000000000000000000000000000000000000000000000000100000000
+CT=8F33C8DF2A7A51CE8090E8F123BC3723
+
+I=225
+KEY=0000000000000000000000000000000000000000000000000000000080000000
+CT=807F391FFBA8291BA625623210F99018
+
+I=226
+KEY=0000000000000000000000000000000000000000000000000000000040000000
+CT=5E8B3F3A701522CE5CAA761C929D6292
+
+I=227
+KEY=0000000000000000000000000000000000000000000000000000000020000000
+CT=3BA404DC38735A78289E3809E8364835
+
+I=228
+KEY=0000000000000000000000000000000000000000000000000000000010000000
+CT=D23BEDBAD229F8305DC425B6B759DCC9
+
+I=229
+KEY=0000000000000000000000000000000000000000000000000000000008000000
+CT=44880F21CF5913040AE376AEE2A10AD8
+
+I=230
+KEY=0000000000000000000000000000000000000000000000000000000004000000
+CT=9BC98E29D057C0E828C3B5CCE69256C1
+
+I=231
+KEY=0000000000000000000000000000000000000000000000000000000002000000
+CT=B293CC7A975DA141A68279368057CC41
+
+I=232
+KEY=0000000000000000000000000000000000000000000000000000000001000000
+CT=8D60FB87ACD91385B313BE5F1D7BD30F
+
+I=233
+KEY=0000000000000000000000000000000000000000000000000000000000800000
+CT=2C8E56132D70291B303C48FDF75543CD
+
+I=234
+KEY=0000000000000000000000000000000000000000000000000000000000400000
+CT=D1F80035B826791F6CE4E59B7DB1BB0D
+
+I=235
+KEY=0000000000000000000000000000000000000000000000000000000000200000
+CT=42CE6224FC36469339A133DD08173BD4
+
+I=236
+KEY=0000000000000000000000000000000000000000000000000000000000100000
+CT=61817155EA41BCBA2AF7F06AE7CBF585
+
+I=237
+KEY=0000000000000000000000000000000000000000000000000000000000080000
+CT=D1923A9866068D2EF5FB77D57C3315B6
+
+I=238
+KEY=0000000000000000000000000000000000000000000000000000000000040000
+CT=B37CBDB5D719F49691CA968EF2E84140
+
+I=239
+KEY=0000000000000000000000000000000000000000000000000000000000020000
+CT=EC974E653A055D7F8F22171030F68E1D
+
+I=240
+KEY=0000000000000000000000000000000000000000000000000000000000010000
+CT=DDE5D3B9AAD9C32213BB3675A822499C
+
+I=241
+KEY=0000000000000000000000000000000000000000000000000000000000008000
+CT=D3B6E9216EA1AE57EB1C628A3C38AB78
+
+I=242
+KEY=0000000000000000000000000000000000000000000000000000000000004000
+CT=82C99ECC69472B7E96324B042AE8B87A
+
+I=243
+KEY=0000000000000000000000000000000000000000000000000000000000002000
+CT=97144DC5338C43600F84439C0AA0D147
+
+I=244
+KEY=0000000000000000000000000000000000000000000000000000000000001000
+CT=400AC4A0BBADA1DB2121EB144C7E5209
+
+I=245
+KEY=0000000000000000000000000000000000000000000000000000000000000800
+CT=EFD9D550EB419ED278F4885A490AB54C
+
+I=246
+KEY=0000000000000000000000000000000000000000000000000000000000000400
+CT=2AB7816E149B7C0404C88A8857793670
+
+I=247
+KEY=0000000000000000000000000000000000000000000000000000000000000200
+CT=5B591DFF9E8DEE15BAD24C025DBCA481
+
+I=248
+KEY=0000000000000000000000000000000000000000000000000000000000000100
+CT=0C06633E30721C3749F49AD8CBF2B754
+
+I=249
+KEY=0000000000000000000000000000000000000000000000000000000000000080
+CT=96D6D31A41B5123B2035FD91A921D4CA
+
+I=250
+KEY=0000000000000000000000000000000000000000000000000000000000000040
+CT=E7F6C34D86668BC2805CA7793C5E86AD
+
+I=251
+KEY=0000000000000000000000000000000000000000000000000000000000000020
+CT=F46DFF5FF500D6879C4D3E45CF0CF0F3
+
+I=252
+KEY=0000000000000000000000000000000000000000000000000000000000000010
+CT=60D842D9C61DA7495C116197B7CECBBE
+
+I=253
+KEY=0000000000000000000000000000000000000000000000000000000000000008
+CT=D45B24EDB673353EBDF248B8FA06B67A
+
+I=254
+KEY=0000000000000000000000000000000000000000000000000000000000000004
+CT=119EAEBCC165D0BD02C0D35DC82EF992
+
+I=255
+KEY=0000000000000000000000000000000000000000000000000000000000000002
+CT=E673143680414ADA301D0ED34626B9FE
+
+I=256
+KEY=0000000000000000000000000000000000000000000000000000000000000001
+CT=6B6CFE160A6263631B292F879EEFF926
+
+==========
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/expect-vt.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/expect-vt.txt
new file mode 100644
index 00000000..02b238c0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/expect-vt.txt
@@ -0,0 +1,1036 @@
+
+KEYSIZE=128
+
+KEY=00000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=3AD78E726C1EC02B7EBFE92B23D9EC34
+
+I=2
+PT=40000000000000000000000000000000
+CT=45BC707D29E8204D88DFBA2F0B0CAD9B
+
+I=3
+PT=20000000000000000000000000000000
+CT=161556838018F52805CDBD6202002E3F
+
+I=4
+PT=10000000000000000000000000000000
+CT=F5569B3AB6A6D11EFDE1BF0A64C6854A
+
+I=5
+PT=08000000000000000000000000000000
+CT=64E82B50E501FBD7DD4116921159B83E
+
+I=6
+PT=04000000000000000000000000000000
+CT=BAAC12FB613A7DE11450375C74034041
+
+I=7
+PT=02000000000000000000000000000000
+CT=BCF176A7EAAD8085EBACEA362462A281
+
+I=8
+PT=01000000000000000000000000000000
+CT=47711816E91D6FF059BBBF2BF58E0FD3
+
+I=9
+PT=00800000000000000000000000000000
+CT=B970DFBE40698AF1638FE38BD3DF3B2F
+
+I=10
+PT=00400000000000000000000000000000
+CT=F95B59A44F391E14CF20B74BDC32FCFF
+
+I=11
+PT=00200000000000000000000000000000
+CT=720F74AE04A2A435B9A7256E49378F5B
+
+I=12
+PT=00100000000000000000000000000000
+CT=2A0445F61D36BFA7E277070730CF76DA
+
+I=13
+PT=00080000000000000000000000000000
+CT=8D0536B997AEFEC1D94011BAB6699A03
+
+I=14
+PT=00040000000000000000000000000000
+CT=674F002E19F6ED47EFF319E51FAD4498
+
+I=15
+PT=00020000000000000000000000000000
+CT=292C02C5CB9163C80AC0F6CF1DD8E92D
+
+I=16
+PT=00010000000000000000000000000000
+CT=FA321CF18EF5FE727DD82A5C1E945141
+
+I=17
+PT=00008000000000000000000000000000
+CT=A5A7AFE1034C39CCCEBE3C584BC0BE05
+
+I=18
+PT=00004000000000000000000000000000
+CT=4FF5A52E697E77D081205DBDB21CEA39
+
+I=19
+PT=00002000000000000000000000000000
+CT=209E88DC94C9003000CE0769AF7B7166
+
+I=20
+PT=00001000000000000000000000000000
+CT=5DEE41AF864CB4B650E5F51551824D38
+
+I=21
+PT=00000800000000000000000000000000
+CT=A79A63FA7E4503AE6D6E09F5F9053030
+
+I=22
+PT=00000400000000000000000000000000
+CT=A48316749FAE7FAC7002031A6AFD8BA7
+
+I=23
+PT=00000200000000000000000000000000
+CT=D6EEE8A7357A0E1D64262CA9C337AC42
+
+I=24
+PT=00000100000000000000000000000000
+CT=B013CA8A62A858053E9FB667ED39829E
+
+I=25
+PT=00000080000000000000000000000000
+CT=DF6EA9E4538A45A52D5C1A43C88F4B55
+
+I=26
+PT=00000040000000000000000000000000
+CT=7D03BA451371591D3FD5547D9165C73B
+
+I=27
+PT=00000020000000000000000000000000
+CT=0E0426281A6277E186499D365D5F49FF
+
+I=28
+PT=00000010000000000000000000000000
+CT=DBC02169DD2059E6CC4C57C1FEDF5AB4
+
+I=29
+PT=00000008000000000000000000000000
+CT=826590E05D167DA6F00DCC75E22788EB
+
+I=30
+PT=00000004000000000000000000000000
+CT=34A73F21A04421D9786335FAAB49423A
+
+I=31
+PT=00000002000000000000000000000000
+CT=ED347D0E0128EE1A7392A1D36AB78AA9
+
+I=32
+PT=00000001000000000000000000000000
+CT=EE944B2FE6E9FC888042608DA9615F75
+
+I=33
+PT=00000000800000000000000000000000
+CT=9E7C85A909EF7218BA7947CFB4718F46
+
+I=34
+PT=00000000400000000000000000000000
+CT=811AE07A0B2B1F816587FA73699AE77D
+
+I=35
+PT=00000000200000000000000000000000
+CT=68466FBF43C2FE13D4B18F7EC5EA745F
+
+I=36
+PT=00000000100000000000000000000000
+CT=D20B015C7191B219780956E6101F9354
+
+I=37
+PT=00000000080000000000000000000000
+CT=5939D5C1BBF54EE1B3E326D757BDDE25
+
+I=38
+PT=00000000040000000000000000000000
+CT=B1FDAFE9A0240E8FFEA19CE94B5105D3
+
+I=39
+PT=00000000020000000000000000000000
+CT=D62962ECE02CDD68C06BDFEFB2F9495B
+
+I=40
+PT=00000000010000000000000000000000
+CT=B3BB2DE6F3C26587BA8BAC4F7AD9499A
+
+I=41
+PT=00000000008000000000000000000000
+CT=E0B1072D6D9FF703D6FBEF77852B0A6B
+
+I=42
+PT=00000000004000000000000000000000
+CT=D8DD51C907F478DE0228E83E61FD1758
+
+I=43
+PT=00000000002000000000000000000000
+CT=A42DFFE6E7C1671C06A25236FDD10017
+
+I=44
+PT=00000000001000000000000000000000
+CT=25ACF141550BFAB9EF451B6C6A5B2163
+
+I=45
+PT=00000000000800000000000000000000
+CT=4DA7FCA3949B16E821DBC84F19581018
+
+I=46
+PT=00000000000400000000000000000000
+CT=7D49B6347CBCC8919C7FA96A37A7A215
+
+I=47
+PT=00000000000200000000000000000000
+CT=900024B29A08C6721B95BA3B753DDB4D
+
+I=48
+PT=00000000000100000000000000000000
+CT=6D2182FB283B6934D90BA7848CAB5E66
+
+I=49
+PT=00000000000080000000000000000000
+CT=F73EF01B448D23A4D90DE8B2F9666E7A
+
+I=50
+PT=00000000000040000000000000000000
+CT=4AD9CDA2418643E9A3D926AF5E6B0412
+
+I=51
+PT=00000000000020000000000000000000
+CT=7CAEC8E7E5953997D545B033201C8C5B
+
+I=52
+PT=00000000000010000000000000000000
+CT=3C43CA1F6B6864503E27B48D88230CF5
+
+I=53
+PT=00000000000008000000000000000000
+CT=44F779B93108FE9FEEC880D79BA74488
+
+I=54
+PT=00000000000004000000000000000000
+CT=9E50E8D9CFD3A682A78E527C9072A1CF
+
+I=55
+PT=00000000000002000000000000000000
+CT=68D000CBC838BBE3C505D6F814C01F28
+
+I=56
+PT=00000000000001000000000000000000
+CT=2CB2A9FEC1ACD1D9B0FA05205E304F57
+
+I=57
+PT=00000000000000800000000000000000
+CT=01EB2806606E46444520A5CC6180CD4B
+
+I=58
+PT=00000000000000400000000000000000
+CT=DAA9B25168CC702326F217F1A0C0B162
+
+I=59
+PT=00000000000000200000000000000000
+CT=3E07E648975D9578D03555B1755807ED
+
+I=60
+PT=00000000000000100000000000000000
+CT=0B45F52E802C8B8DE09579425B80B711
+
+I=61
+PT=00000000000000080000000000000000
+CT=659595DA0B68F6DF0DD6CA77202986E1
+
+I=62
+PT=00000000000000040000000000000000
+CT=05FF42873893536E58C8FA98A45C73C4
+
+I=63
+PT=00000000000000020000000000000000
+CT=B5B03421DE8BBFFC4EADEC767339A9BD
+
+I=64
+PT=00000000000000010000000000000000
+CT=788BCD111ECF73D4E78D2E21BEF55460
+
+I=65
+PT=00000000000000008000000000000000
+CT=909CD9EC6790359F982DC6F2393D5315
+
+I=66
+PT=00000000000000004000000000000000
+CT=332950F361535FF24EFAC8C76293F12C
+
+I=67
+PT=00000000000000002000000000000000
+CT=A68CCD4E330FFDA9D576DA436DB53D75
+
+I=68
+PT=00000000000000001000000000000000
+CT=27C8A1CCFDB0B015D1ED5B3E77143791
+
+I=69
+PT=00000000000000000800000000000000
+CT=D76A4B95887A77DF610DD3E1D3B20325
+
+I=70
+PT=00000000000000000400000000000000
+CT=C068AB0DE71C66DAE83C361EF4B2D989
+
+I=71
+PT=00000000000000000200000000000000
+CT=C2120BCD49EDA9A288B3B4BE79AC8158
+
+I=72
+PT=00000000000000000100000000000000
+CT=0C546F62BF2773CD0F564FCECA7BA688
+
+I=73
+PT=00000000000000000080000000000000
+CT=18F3462BEDE4920213CCB66DAB1640AA
+
+I=74
+PT=00000000000000000040000000000000
+CT=FE42F245EDD0E24B216AEBD8B392D690
+
+I=75
+PT=00000000000000000020000000000000
+CT=3D3EEBC8D3D1558A194C2D00C337FF2B
+
+I=76
+PT=00000000000000000010000000000000
+CT=29AAEDF043E785DB42836F79BE6CBA28
+
+I=77
+PT=00000000000000000008000000000000
+CT=215F90C6744E2944358E78619159A611
+
+I=78
+PT=00000000000000000004000000000000
+CT=8606B1AA9E1D548E5442B06551E2C6DC
+
+I=79
+PT=00000000000000000002000000000000
+CT=987BB4B8740EC0EDE7FEA97DF033B5B1
+
+I=80
+PT=00000000000000000001000000000000
+CT=C0A3500DA5B0AE07D2F450930BEEDF1B
+
+I=81
+PT=00000000000000000000800000000000
+CT=525FDF8312FE8F32C781481A8DAAAE37
+
+I=82
+PT=00000000000000000000400000000000
+CT=BFD2C56AE5FB9C9DE33A6944572A6487
+
+I=83
+PT=00000000000000000000200000000000
+CT=7975A57A425CDF5AA1FA929101F650B0
+
+I=84
+PT=00000000000000000000100000000000
+CT=BF174BC49609A8709B2CD8366DAA79FE
+
+I=85
+PT=00000000000000000000080000000000
+CT=06C50C43222F56C874B1704E9F44BF7D
+
+I=86
+PT=00000000000000000000040000000000
+CT=0CEC48CD34043EA29CA3B8ED5278721E
+
+I=87
+PT=00000000000000000000020000000000
+CT=9548EA34A1560197B304D0ACB8A1698D
+
+I=88
+PT=00000000000000000000010000000000
+CT=22F9E9B1BD73B6B5B7D3062C986272F3
+
+I=89
+PT=00000000000000000000008000000000
+CT=FEE8E934BD0873295059002230E298D4
+
+I=90
+PT=00000000000000000000004000000000
+CT=1B08E2E3EB820D139CB4ABBDBE81D00D
+
+I=91
+PT=00000000000000000000002000000000
+CT=0021177681E4D90CEAF69DCED0145125
+
+I=92
+PT=00000000000000000000001000000000
+CT=4A8E314452CA8A8A3619FC54BC423643
+
+I=93
+PT=00000000000000000000000800000000
+CT=65047474F7222C94C6965425FF1BFD0A
+
+I=94
+PT=00000000000000000000000400000000
+CT=E123F551A9C4A8489622B16F961A9AA4
+
+I=95
+PT=00000000000000000000000200000000
+CT=EF05530948B80915028BB2B6FE429380
+
+I=96
+PT=00000000000000000000000100000000
+CT=72535B7FE0F0F777CEDCD55CD77E2DDF
+
+I=97
+PT=00000000000000000000000080000000
+CT=3423D8EFC31FA2F4C365C77D8F3B5C63
+
+I=98
+PT=00000000000000000000000040000000
+CT=DE0E51C264663F3C5DBC59580A98D8E4
+
+I=99
+PT=00000000000000000000000020000000
+CT=B2D9391166680947AB09264156719679
+
+I=100
+PT=00000000000000000000000010000000
+CT=10DB79F23B06D263835C424AF749ADB7
+
+I=101
+PT=00000000000000000000000008000000
+CT=DDF72D27E6B01EC107EA3E005B59563B
+
+I=102
+PT=00000000000000000000000004000000
+CT=8266B57485A5954A4236751DE07F6694
+
+I=103
+PT=00000000000000000000000002000000
+CT=669A501E1F1ADE6E5523DE01D6DBC987
+
+I=104
+PT=00000000000000000000000001000000
+CT=C20C48F2989725D461D1DB589DC0896E
+
+I=105
+PT=00000000000000000000000000800000
+CT=DE35158E7810ED1191825D2AA98FA97D
+
+I=106
+PT=00000000000000000000000000400000
+CT=4FE294F2C0F34D0671B693A237EBDDC8
+
+I=107
+PT=00000000000000000000000000200000
+CT=087AE74B10CCBFDF6739FEB9559C01A4
+
+I=108
+PT=00000000000000000000000000100000
+CT=5DC278970B7DEF77A5536C77AB59C207
+
+I=109
+PT=00000000000000000000000000080000
+CT=7607F078C77085184EAA9B060C1FBFFF
+
+I=110
+PT=00000000000000000000000000040000
+CT=9DB841531BCBE7998DAD19993FB3CC00
+
+I=111
+PT=00000000000000000000000000020000
+CT=D6A089B654854A94560BAE13298835B8
+
+I=112
+PT=00000000000000000000000000010000
+CT=E1E223C4CF90CC5D195B370D65114622
+
+I=113
+PT=00000000000000000000000000008000
+CT=1CBED73C50D053BDAD372CEEE54836A1
+
+I=114
+PT=00000000000000000000000000004000
+CT=D309E69376D257ADF2BFDA152B26555F
+
+I=115
+PT=00000000000000000000000000002000
+CT=740F7649117F0DEE6EAA7789A9994C36
+
+I=116
+PT=00000000000000000000000000001000
+CT=76AE64417C297184D668C5FD908B3CE5
+
+I=117
+PT=00000000000000000000000000000800
+CT=6095FEA4AA8035591F1787A819C48787
+
+I=118
+PT=00000000000000000000000000000400
+CT=D1FF4E7ACD1C79967FEBAB0F7465D450
+
+I=119
+PT=00000000000000000000000000000200
+CT=5F5AD3C42B9489557BB63BF49ECF5F8A
+
+I=120
+PT=00000000000000000000000000000100
+CT=FB56CC09B680B1D07C5A52149E29F07C
+
+I=121
+PT=00000000000000000000000000000080
+CT=FF49B8DF4A97CBE03833E66197620DAD
+
+I=122
+PT=00000000000000000000000000000040
+CT=5E070ADE533D2E090ED0F5BE13BC0983
+
+I=123
+PT=00000000000000000000000000000020
+CT=3AB4FB1D2B7BA376590A2C241D1F508D
+
+I=124
+PT=00000000000000000000000000000010
+CT=58B2431BC0BEDE02550F40238969EC78
+
+I=125
+PT=00000000000000000000000000000008
+CT=0253786E126504F0DAB90C48A30321DE
+
+I=126
+PT=00000000000000000000000000000004
+CT=200211214E7394DA2089B6ACD093ABE0
+
+I=127
+PT=00000000000000000000000000000002
+CT=0388DACE60B6A392F328C2B971B2FE78
+
+I=128
+PT=00000000000000000000000000000001
+CT=58E2FCCEFA7E3061367F1D57A4E7455A
+
+==========
+
+KEYSIZE=256
+
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=DDC6BF790C15760D8D9AEB6F9A75FD4E
+
+I=2
+PT=40000000000000000000000000000000
+CT=C7098C217C334D0C9BDF37EA13B0822C
+
+I=3
+PT=20000000000000000000000000000000
+CT=60F0FB0D4C56A8D4EEFEC5264204042D
+
+I=4
+PT=10000000000000000000000000000000
+CT=73376FBBF654D0686E0E84001477106B
+
+I=5
+PT=08000000000000000000000000000000
+CT=2F443B52BA5F0C6EA0602C7C4FD259B6
+
+I=6
+PT=04000000000000000000000000000000
+CT=75D11B0E3A68C4223D88DBF017977DD7
+
+I=7
+PT=02000000000000000000000000000000
+CT=779B38D15BFFB63D8D609D551A5CC98E
+
+I=8
+PT=01000000000000000000000000000000
+CT=5275F3D86B4FB8684593133EBFA53CD3
+
+I=9
+PT=00800000000000000000000000000000
+CT=1CEF2074B336CEC62F12DEA2F6AB1481
+
+I=10
+PT=00400000000000000000000000000000
+CT=1AEF5ABBAD9D7160874578DCD8BAE172
+
+I=11
+PT=00200000000000000000000000000000
+CT=46C525DB17E72F26BF03216846B6F609
+
+I=12
+PT=00100000000000000000000000000000
+CT=E24411F941BBE08788781E3EC52CBAA4
+
+I=13
+PT=00080000000000000000000000000000
+CT=83A3DEDD1DD27018F6A6477E40527581
+
+I=14
+PT=00040000000000000000000000000000
+CT=B68F8A2CDBAB0C923C67FC8F0F1087DE
+
+I=15
+PT=00020000000000000000000000000000
+CT=649944A70C32BF87A7409E7AE128FDE8
+
+I=16
+PT=00010000000000000000000000000000
+CT=2846526D67387539C89314DE9E0C2D02
+
+I=17
+PT=00008000000000000000000000000000
+CT=A9A0B8402E53C70DD1688054BA58DDFD
+
+I=18
+PT=00004000000000000000000000000000
+CT=4A72E6E1B79C83AC4BE3EBA5699EED48
+
+I=19
+PT=00002000000000000000000000000000
+CT=B0E36B867BA4FF2B77D0614B0E364E4C
+
+I=20
+PT=00001000000000000000000000000000
+CT=49B57DE141F6418E3090F24DDD4014B6
+
+I=21
+PT=00000800000000000000000000000000
+CT=A6C0D5B9797258E1987AC5F6CD20146D
+
+I=22
+PT=00000400000000000000000000000000
+CT=426CF4BDCAA369175965D26E7C71EEA2
+
+I=23
+PT=00000200000000000000000000000000
+CT=E27F484CE54BC99BC1A52BDA3B518A26
+
+I=24
+PT=00000100000000000000000000000000
+CT=D16D186284C7E6EE64B8104E0EF20BA5
+
+I=25
+PT=00000080000000000000000000000000
+CT=6431F8538AD54E1E044A9F71F8EF556B
+
+I=26
+PT=00000040000000000000000000000000
+CT=ECD57CEB451D27EB96C55B2042257E8E
+
+I=27
+PT=00000020000000000000000000000000
+CT=4F0F188DC911B1954AFBC734C9F68872
+
+I=28
+PT=00000010000000000000000000000000
+CT=B54DEF0337626B65614E81EDFDE620F3
+
+I=29
+PT=00000008000000000000000000000000
+CT=6655D8074CAE0B90B0D3A3FE72D4D9DB
+
+I=30
+PT=00000004000000000000000000000000
+CT=C6B74B6B9EB4FC0C9A237DB1B616D09A
+
+I=31
+PT=00000002000000000000000000000000
+CT=D7B5D076EA56EC2B20791D7AD51CCF8F
+
+I=32
+PT=00000001000000000000000000000000
+CT=FE160C224BF003CE3BDDC90CB52ED22C
+
+I=33
+PT=00000000800000000000000000000000
+CT=5E00DA9BA94B5EC0D258D8A8002E0F6A
+
+I=34
+PT=00000000400000000000000000000000
+CT=09AC6DCFF4DACFF1651E2BA212A292A3
+
+I=35
+PT=00000000200000000000000000000000
+CT=B283617E318D99AF83A05D9810BA89F7
+
+I=36
+PT=00000000100000000000000000000000
+CT=0B5F70CCB40B0EF2538AE9B4A9770B35
+
+I=37
+PT=00000000080000000000000000000000
+CT=43282BF180248FB517839B37F4DDAAE4
+
+I=38
+PT=00000000040000000000000000000000
+CT=DDBD534C8B2E6D30A268F88C55AD765B
+
+I=39
+PT=00000000020000000000000000000000
+CT=A41A164E50EC2D9F175E752B755E0B5C
+
+I=40
+PT=00000000010000000000000000000000
+CT=37BFF99FF2F7AA97779E4ADF6F13FB10
+
+I=41
+PT=00000000008000000000000000000000
+CT=9BA4F7BD298152903A683C4CEC669216
+
+I=42
+PT=00000000004000000000000000000000
+CT=5FB750C7CE10DE7B4504248914D0DA06
+
+I=43
+PT=00000000002000000000000000000000
+CT=3E748BFA108E086F51D56EC74A9E0FB9
+
+I=44
+PT=00000000001000000000000000000000
+CT=31D4E56B99F5B73C1B8437DF332AFB98
+
+I=45
+PT=00000000000800000000000000000000
+CT=9DC6717B84FC55D266E7B1D9B5C52A5F
+
+I=46
+PT=00000000000400000000000000000000
+CT=8EF8BA007F23C0A50FC120E07041BCCD
+
+I=47
+PT=00000000000200000000000000000000
+CT=C58F38E1839FC1918A12B8C9E88C66B6
+
+I=48
+PT=00000000000100000000000000000000
+CT=B695D72A3FCF508C4050E12E40061C2D
+
+I=49
+PT=00000000000080000000000000000000
+CT=5D2736AD478A50583BC8C11BEFF16D7A
+
+I=50
+PT=00000000000040000000000000000000
+CT=DF0EACA8F17847AD41F9578F14C7B56B
+
+I=51
+PT=00000000000020000000000000000000
+CT=E5AA14AD48AD0A3C47CC35D5F8020E51
+
+I=52
+PT=00000000000010000000000000000000
+CT=11BE6C8F58EBD8CEF1A53F591A68E8CE
+
+I=53
+PT=00000000000008000000000000000000
+CT=ECFE7BAFCBF42C1FEE015488770B3053
+
+I=54
+PT=00000000000004000000000000000000
+CT=E552649F8D8EC4A1E1CD6DF50B6E6777
+
+I=55
+PT=00000000000002000000000000000000
+CT=521C0629DE93B9119CDB1DDC5809DDEA
+
+I=56
+PT=00000000000001000000000000000000
+CT=CB38A62A0BAB1784156BA038CBA99BF6
+
+I=57
+PT=00000000000000800000000000000000
+CT=76CCEE8AAACD394DE1EEF3DDA10CB54B
+
+I=58
+PT=00000000000000400000000000000000
+CT=6AFF910FA1D5673140E2DB59B8416049
+
+I=59
+PT=00000000000000200000000000000000
+CT=064A12C0EF73FB386801BF4F35F3120D
+
+I=60
+PT=00000000000000100000000000000000
+CT=2240E374929D5B1BB8FF0FFDDDF640EC
+
+I=61
+PT=00000000000000080000000000000000
+CT=D4BA15C904C7692185DE85C02052E180
+
+I=62
+PT=00000000000000040000000000000000
+CT=1714A315AB0166728A44CD91D4AE9018
+
+I=63
+PT=00000000000000020000000000000000
+CT=6C970BDD9F0E222722EA31A1D12DD0AD
+
+I=64
+PT=00000000000000010000000000000000
+CT=F5956EDF02BD36A401BBB6CE77C3D3FB
+
+I=65
+PT=00000000000000008000000000000000
+CT=0CA11F122CCD7C259DC597EED3DF9BC4
+
+I=66
+PT=00000000000000004000000000000000
+CT=50109AB4912AD2560B206F331B62EB6C
+
+I=67
+PT=00000000000000002000000000000000
+CT=DBE7C91A4175614889A2D4BEFD64845E
+
+I=68
+PT=00000000000000001000000000000000
+CT=0D3322853A571A6B46B79C0228E0DD25
+
+I=69
+PT=00000000000000000800000000000000
+CT=96E4EE0BB9A11C6FB8522F285BADDEB6
+
+I=70
+PT=00000000000000000400000000000000
+CT=96705C52D2CFCE82E630C93477C79C49
+
+I=71
+PT=00000000000000000200000000000000
+CT=C50130AED6A126149D71F3888C83C232
+
+I=72
+PT=00000000000000000100000000000000
+CT=4816EFE3DEB380566EBA0C17BF582090
+
+I=73
+PT=00000000000000000080000000000000
+CT=0390857B4C8C98E4CF7A2B6F3394C507
+
+I=74
+PT=00000000000000000040000000000000
+CT=422E73A02025EBE8B8B5D6E0FA24FCB2
+
+I=75
+PT=00000000000000000020000000000000
+CT=3271AA7F4BF1D7C38050A43076D4FF76
+
+I=76
+PT=00000000000000000010000000000000
+CT=D2074946F0D37B8975607BFC2E70234C
+
+I=77
+PT=00000000000000000008000000000000
+CT=1A509194C1270AB92E5A42D3A9F8D98B
+
+I=78
+PT=00000000000000000004000000000000
+CT=512438946360CCC4A5C6D73F6EED7130
+
+I=79
+PT=00000000000000000002000000000000
+CT=98CFCDEC46EBEA1A286B3004F2746A0D
+
+I=80
+PT=00000000000000000001000000000000
+CT=A1CF369949677A3AF3D58E3EABF2741B
+
+I=81
+PT=00000000000000000000800000000000
+CT=D84C2E1A0E4A52166FA8FF6889D1E5E2
+
+I=82
+PT=00000000000000000000400000000000
+CT=4AD91CCEEF60119B5078FD162D2735DE
+
+I=83
+PT=00000000000000000000200000000000
+CT=2860793D818E97AAFF1D339D7702438D
+
+I=84
+PT=00000000000000000000100000000000
+CT=6F9068BE73364AE250D89D78A6C9CE6F
+
+I=85
+PT=00000000000000000000080000000000
+CT=024FC3FEF4883FEB1A8DD005305FECCE
+
+I=86
+PT=00000000000000000000040000000000
+CT=08A61FE0816D75EA15EB3C9FB9CCDED6
+
+I=87
+PT=00000000000000000000020000000000
+CT=449C86DFA13F260175CE39797686FFA4
+
+I=88
+PT=00000000000000000000010000000000
+CT=4FFFFC29A59858E1133F2BFB1A8A4817
+
+I=89
+PT=00000000000000000000008000000000
+CT=19425D1F6480B25096561295697DC2B7
+
+I=90
+PT=00000000000000000000004000000000
+CT=31974727ECDD2C77C3A428FC3A8CB3FC
+
+I=91
+PT=00000000000000000000002000000000
+CT=A57CD704B3C95E744D08DF443458F2F5
+
+I=92
+PT=00000000000000000000001000000000
+CT=486D8C193DB1ED73ACB17990442FC40B
+
+I=93
+PT=00000000000000000000000800000000
+CT=5E4DBF4E83AB3BC055B9FCC7A6B3A763
+
+I=94
+PT=00000000000000000000000400000000
+CT=ACF2E0A693FBBCBA4D41B861E0D89E37
+
+I=95
+PT=00000000000000000000000200000000
+CT=32A7CB2AE066A51D2B78FC4B4CFCB608
+
+I=96
+PT=00000000000000000000000100000000
+CT=677D494DBB73CAF55C1990158DA12F14
+
+I=97
+PT=00000000000000000000000080000000
+CT=082A0D2367512ADF0D75A151BFBE0A17
+
+I=98
+PT=00000000000000000000000040000000
+CT=5E5BB7337923C482CE8CBA249E6A8C7D
+
+I=99
+PT=00000000000000000000000020000000
+CT=D3001BA7C7026EE3E5003179530AFCFC
+
+I=100
+PT=00000000000000000000000010000000
+CT=46EC44F8931E629FE8FD8961312EDDE1
+
+I=101
+PT=00000000000000000000000008000000
+CT=C5F8ECD79C7B30E81D17E32079969310
+
+I=102
+PT=00000000000000000000000004000000
+CT=5B8AD6919E24CAEBCC55401AEE0C9802
+
+I=103
+PT=00000000000000000000000002000000
+CT=C2302B7E701B5CC7F8B29E3516DBBFA6
+
+I=104
+PT=00000000000000000000000001000000
+CT=A1D04D6A76F9F7A94D49FAA64A87F244
+
+I=105
+PT=00000000000000000000000000800000
+CT=7FB6F92D35B5CB6C631600EDB9E860BA
+
+I=106
+PT=00000000000000000000000000400000
+CT=B2EF7078BCFACE07AEEC3F9B48830EB3
+
+I=107
+PT=00000000000000000000000000200000
+CT=F475A7493D24C7036E53390374C378B3
+
+I=108
+PT=00000000000000000000000000100000
+CT=B36802AC987377A37BD8EADC97C57D60
+
+I=109
+PT=00000000000000000000000000080000
+CT=ADDCD3D19689C4DDC738CE5F69DC9505
+
+I=110
+PT=00000000000000000000000000040000
+CT=0DAF8CA22884915403C0F0BB1F4BD74F
+
+I=111
+PT=00000000000000000000000000020000
+CT=4AF36BAE2660503B3248E4685059FD05
+
+I=112
+PT=00000000000000000000000000010000
+CT=7D5631814DD8E917D97A0D514C743971
+
+I=113
+PT=00000000000000000000000000008000
+CT=BC3352500FC0CBB9DB5B5F6B491C1BE8
+
+I=114
+PT=00000000000000000000000000004000
+CT=6A4A30BA87E87AF65C90AEB7AFEDC76B
+
+I=115
+PT=00000000000000000000000000002000
+CT=77E6125897668AC8E73E8C79A6FF8336
+
+I=116
+PT=00000000000000000000000000001000
+CT=3FA9D39104EBB323C7AAAA248960DD1E
+
+I=117
+PT=00000000000000000000000000000800
+CT=FAD75AD76AB10ADC49036B250E229D39
+
+I=118
+PT=00000000000000000000000000000400
+CT=2FACAA5FE35B228A16AC74088D702EC4
+
+I=119
+PT=00000000000000000000000000000200
+CT=88B6CBCFDFEF8AD91720A1BB69A1F33E
+
+I=120
+PT=00000000000000000000000000000100
+CT=C7E9D250998632D444356242EF04058D
+
+I=121
+PT=00000000000000000000000000000080
+CT=B14DAD8D3D9153F46C0D3A1AD63C7A05
+
+I=122
+PT=00000000000000000000000000000040
+CT=60ABA678A506608D0845966D29B5F790
+
+I=123
+PT=00000000000000000000000000000020
+CT=482DC43F2388EF25D24144E144BD834E
+
+I=124
+PT=00000000000000000000000000000010
+CT=1490A05A7CEE43BDE98B56E309DC0126
+
+I=125
+PT=00000000000000000000000000000008
+CT=ABFA77CD6E85DA245FB0BDC5E52CFC29
+
+I=126
+PT=00000000000000000000000000000004
+CT=DD4AB1284D4AE17B41E85924470C36F7
+
+I=127
+PT=00000000000000000000000000000002
+CT=CEA7403D4D606B6E074EC5D3BAF39D18
+
+I=128
+PT=00000000000000000000000000000001
+CT=530F8AFBC74536B9A963B4F1C4CB738B
+
+==========
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.c
new file mode 100644
index 00000000..67c9dcde
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.c
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_cf2.c */
+/*
+ * Copyright (C) 2004, 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This file contains tests for the KRB-FX-CF2 code in Kerberos, based on the
+ * PRF regression tests.  It reads an input file, and writes an output file.
+ * It is assumed that the output file will be diffed against expected output to
+ * see whether regression tests pass.  The input file is a very primitive
+ * format.
+ *
+ * Line 1: enctype
+ * Line 2: key to pass to string2key; also used as salt
+ * Line 3: second key to pass to string2key
+ * Line 4: pepper1
+ * Line 5: pepper2
+ *
+ * scanf is used to read the file, so interior spaces are not permitted.  The
+ * program outputs the hex bytes of the key.
+ */
+#include <krb5.h>
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+int main () {
+    krb5_error_code ret;
+    char pepper1[1025], pepper2[1025];
+    krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL;
+    krb5_data s2k;
+    unsigned int i;
+    while (1) {
+        krb5_enctype enctype;
+        char s[1025];
+
+        if (scanf( "%d", &enctype) == EOF)
+            break;
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        ret = krb5_init_keyblock(0, enctype, 0, &k1);
+        assert(!ret);
+        s2k.data = &s[0];
+        s2k.length = strlen(s);
+        ret = krb5_c_string_to_key (0, enctype, &s2k, &s2k, k1);
+        assert(!ret);
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        ret = krb5_init_keyblock(0, enctype, 0, &k2);
+        assert(!ret);
+        s2k.data = &s[0];
+        s2k.length = strlen(s);
+        ret = krb5_c_string_to_key (0, enctype, &s2k, &s2k, k2);
+        assert(!ret);
+        if (scanf("%1024s %1024s", pepper1, pepper2) == EOF)
+            break;
+        ret = krb5_c_fx_cf2_simple(0, k1, pepper1, k2, pepper2, &out);
+        assert(!ret);
+        i = out->length;
+        for (; i > 0; i--) {
+            printf ("%02x",
+                    (unsigned int) ((unsigned char) out->contents[out->length-i]));
+        }
+        printf ("\n");
+
+        krb5_free_keyblock(0,out);
+        out = NULL;
+
+        krb5_free_keyblock(0, k1);
+        k1 = NULL;
+        krb5_free_keyblock(0, k2);
+        k2 =  NULL;
+    }
+
+    return (0);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.comments b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.comments
new file mode 100644
index 00000000..0643b650
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.comments
@@ -0,0 +1,6 @@
+The first test  mirrors the first two tests in t_prf.in.
+
+The second test mirrors the following four tests in t_prf.in.
+
+The third and fourth tests are simple tests of the DES and 3DES PRF.
+The fifth test is the same simple test for RC4.
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.expected b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.expected
new file mode 100644
index 00000000..f8251a16
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.expected
@@ -0,0 +1,6 @@
+97df97e4b798b29eb31ed7280287a92a
+4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b
+e58f9eb643862c13ad38e529313462a7f73e62834fe54a01
+24d7f6b6bae4e5c00d2082c5ebab3672
+edd02a39d2dbde31611c16e610be062c
+67f6ea530aea85a37dcbb23349ea52dcc61ca8493ff557252327fd8304341584
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.in b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.in
new file mode 100644
index 00000000..73e2f8fb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cf2.in
@@ -0,0 +1,30 @@
+17
+key1
+key2
+a
+b
+18
+key1
+key2
+a
+b
+16
+key1
+key2
+a
+b
+23
+key1
+key2
+a
+b
+19
+key1
+key2
+a
+b
+20
+key1
+key2
+a
+b
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cksums.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cksums.c
new file mode 100644
index 00000000..557340ec
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cksums.c
@@ -0,0 +1,260 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_cksums.c - Test known checksum results */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This harness tests checksum results against known values.  With the -v flag,
+ * results for all tests are displayed.  This harness only works for
+ * deterministic checksums.
+ */
+
+#include "k5-int.h"
+
+struct test {
+    krb5_data plaintext;
+    krb5_cksumtype sumtype;
+    krb5_enctype enctype;
+    krb5_keyusage usage;
+    krb5_data keybits;
+    krb5_data cksum;
+} test_cases[] = {
+    {
+        { KV5M_DATA, 3, "one" },
+        CKSUMTYPE_RSA_MD4, 0, 0, { KV5M_DATA, 0, "" },
+        { KV5M_DATA, 16,
+          "\x30\x5D\xCC\x2C\x0F\xDD\x53\x39\x96\x95\x52\xC7\xB8\x99\x63\x48" }
+    },
+    {
+        { KV5M_DATA, 19, "two three four five" },
+        CKSUMTYPE_RSA_MD5, 0, 0, { KV5M_DATA, 0, "" },
+        { KV5M_DATA, 16,
+          "\xBA\xB5\x32\x15\x51\xE1\x08\x44\x90\x86\x96\x35\xB3\xC2\x68\x15" }
+    },
+    {
+        { KV5M_DATA, 0, "" },
+        CKSUMTYPE_SHA1, 0, 0, { KV5M_DATA, 0, "" },
+        { KV5M_DATA, 20,
+          "\xDA\x39\xA3\xEE\x5E\x6B\x4B\x0D\x32\x55\xBF\xEF\x95\x60\x18\x90"
+          "\xAF\xD8\x07\x09" }
+    },
+    {
+        { KV5M_DATA, 9, "six seven" },
+        CKSUMTYPE_HMAC_SHA1_DES3, ENCTYPE_DES3_CBC_SHA1, 2,
+        { KV5M_DATA, 24,
+          "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23"
+          "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" },
+        { KV5M_DATA, 20,
+          "\x0E\xEF\xC9\xC3\xE0\x49\xAA\xBC\x1B\xA5\xC4\x01\x67\x7D\x9A\xB6"
+          "\x99\x08\x2B\xB4" }
+    },
+    {
+        { KV5M_DATA, 37, "eight nine ten eleven twelve thirteen" },
+        CKSUMTYPE_HMAC_SHA1_96_AES128, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 3,
+        { KV5M_DATA, 16,
+          "\x90\x62\x43\x0C\x8C\xDA\x33\x88\x92\x2E\x6D\x6A\x50\x9F\x5B\x7A" },
+        { KV5M_DATA, 12,
+          "\x01\xA4\xB0\x88\xD4\x56\x28\xF6\x94\x66\x14\xE3" }
+    },
+    {
+        { KV5M_DATA, 8, "fourteen" },
+        CKSUMTYPE_HMAC_SHA1_96_AES256, ENCTYPE_AES256_CTS_HMAC_SHA1_96, 4,
+        { KV5M_DATA, 32,
+          "\xB1\xAE\x4C\xD8\x46\x2A\xFF\x16\x77\x05\x3C\xC9\x27\x9A\xAC\x30"
+          "\xB7\x96\xFB\x81\xCE\x21\x47\x4D\xD3\xDD\xBC\xFE\xA4\xEC\x76\xD7" },
+        { KV5M_DATA, 12,
+          "\xE0\x87\x39\xE3\x27\x9E\x29\x03\xEC\x8E\x38\x36" }
+    },
+    {
+        { KV5M_DATA, 15, "fifteen sixteen" },
+        CKSUMTYPE_MD5_HMAC_ARCFOUR, ENCTYPE_ARCFOUR_HMAC, 5,
+        { KV5M_DATA, 16,
+          "\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" },
+        { KV5M_DATA, 16,
+          "\x9F\x41\xDF\x30\x49\x07\xDE\x73\x54\x47\x00\x1F\xD2\xA1\x97\xB9" }
+    },
+    {
+        { KV5M_DATA, 34, "seventeen eighteen nineteen twenty" },
+        CKSUMTYPE_HMAC_MD5_ARCFOUR, ENCTYPE_ARCFOUR_HMAC, 6,
+        { KV5M_DATA, 16,
+          "\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" },
+        { KV5M_DATA, 16,
+          "\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" }
+    },
+    {
+        { KV5M_DATA, 11, "abcdefghijk" },
+        CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7,
+        { KV5M_DATA, 16,
+          "\x1D\xC4\x6A\x8D\x76\x3F\x4F\x93\x74\x2B\xCB\xA3\x38\x75\x76\xC3" },
+        { KV5M_DATA, 16,
+          "\x11\x78\xE6\xC5\xC4\x7A\x8C\x1A\xE0\xC4\xB9\xC7\xD4\xEB\x7B\x6B" }
+    },
+    {
+        { KV5M_DATA, 26, "ABCDEFGHIJKLMNOPQRSTUVWXYZ" },
+        CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 8,
+        { KV5M_DATA, 16,
+          "\x50\x27\xBC\x23\x1D\x0F\x3A\x9D\x23\x33\x3F\x1C\xA6\xFD\xBE\x7C" },
+        { KV5M_DATA, 16,
+          "\xD1\xB3\x4F\x70\x04\xA7\x31\xF2\x3A\x0C\x00\xBF\x6C\x3F\x75\x3A" }
+    },
+    {
+        { KV5M_DATA, 9, "123456789" },
+        CKSUMTYPE_CMAC_CAMELLIA256, ENCTYPE_CAMELLIA256_CTS_CMAC, 9,
+        { KV5M_DATA, 32,
+          "\xB6\x1C\x86\xCC\x4E\x5D\x27\x57\x54\x5A\xD4\x23\x39\x9F\xB7\x03"
+          "\x1E\xCA\xB9\x13\xCB\xB9\x00\xBD\x7A\x3C\x6D\xD8\xBF\x92\x01\x5B" },
+        { KV5M_DATA, 16,
+          "\x87\xA1\x2C\xFD\x2B\x96\x21\x48\x10\xF0\x1C\x82\x6E\x77\x44\xB1" }
+    },
+    {
+        { KV5M_DATA, 30, "!@#$%^&*()!@#$%^&*()!@#$%^&*()" },
+        CKSUMTYPE_CMAC_CAMELLIA256, ENCTYPE_CAMELLIA256_CTS_CMAC, 10,
+        { KV5M_DATA, 32,
+          "\x32\x16\x4C\x5B\x43\x4D\x1D\x15\x38\xE4\xCF\xD9\xBE\x80\x40\xFE"
+          "\x8C\x4A\xC7\xAC\xC4\xB9\x3D\x33\x14\xD2\x13\x36\x68\x14\x7A\x05" },
+        { KV5M_DATA, 16,
+          "\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" }
+    },
+    {
+        { KV5M_DATA, 21,
+          "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+          "\x10\x11\x12\x13\x14" },
+        CKSUMTYPE_HMAC_SHA256_128_AES128, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        2,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 16,
+          "\xD7\x83\x67\x18\x66\x43\xD6\x7B\x41\x1C\xBA\x91\x39\xFC\x1D\xEE" }
+    },
+    {
+        { KV5M_DATA, 21,
+          "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+          "\x10\x11\x12\x13\x14" },
+        CKSUMTYPE_HMAC_SHA384_192_AES256, ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        2,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 24,
+          "\x45\xEE\x79\x15\x67\xEE\xFC\xA3\x7F\x4A\xC1\xE0\x22\x2D\xE8\x0D"
+          "\x43\xC3\xBF\xA0\x66\x99\x67\x2A" }
+    },
+};
+
+static void
+printhex(const char *head, void *data, size_t len)
+{
+    size_t i;
+
+    printf("%s", head);
+    for (i = 0; i < len; i++) {
+        printf("%02X", ((unsigned char*)data)[i]);
+        if (i % 16 == 15 && i + 1 < len)
+            printf("\n%*s", (int)strlen(head), "");
+        else if (i + 1 < len)
+            printf(" ");
+    }
+    printf("\n");
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context = NULL;
+    size_t i;
+    struct test *test;
+    krb5_keyblock kb, *kbp;
+    krb5_checksum cksum;
+    krb5_cksumtype mtype;
+    krb5_boolean valid, verbose = FALSE;
+    int status = 0;
+
+    if (argc >= 2 && strcmp(argv[1], "-v") == 0)
+        verbose = TRUE;
+    for (i = 0; i < sizeof(test_cases) / sizeof(*test_cases); i++) {
+        test = &test_cases[i];
+        if (test->enctype != 0) {
+            kb.magic = KV5M_KEYBLOCK;
+            kb.enctype = test->enctype;
+            kb.length = test->keybits.length;
+            kb.contents = (unsigned char *)test->keybits.data;
+            kbp = &kb;
+        } else
+            kbp = NULL;
+        ret = krb5_c_make_checksum(context, test->sumtype, kbp, test->usage,
+                                   &test->plaintext, &cksum);
+        assert(!ret);
+        if (verbose) {
+            char buf[64];
+            krb5_cksumtype_to_string(test->sumtype, buf, sizeof(buf));
+            printf("\nTest %d:\n", (int)i);
+            printf("Plaintext: %.*s\n", (int)test->plaintext.length,
+                   test->plaintext.data);
+            printf("Checksum type: %s\n", buf);
+            if (test->enctype != 0) {
+                krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf));
+                printf("Enctype: %s\n", buf);
+                printhex("Key: ", test->keybits.data, test->keybits.length);
+                printf("Key usage: %d\n", (int)test->usage);
+            }
+            printhex("Checksum: ", cksum.contents, cksum.length);
+        }
+        if (test->cksum.length != cksum.length ||
+            memcmp(test->cksum.data, cksum.contents, cksum.length) != 0) {
+            printf("derive test %d failed\n", (int)i);
+            status = 1;
+            if (!verbose)
+                break;
+        }
+
+        /* Test that the checksum verifies successfully. */
+        ret = krb5_c_verify_checksum(context, kbp, test->usage,
+                                     &test->plaintext, &cksum, &valid);
+        assert(!ret);
+        if (!valid) {
+            printf("test %d verify failed\n", (int)i);
+            status = 1;
+            if (!verbose)
+                break;
+        }
+
+        if (kbp != NULL) {
+            ret = krb5int_c_mandatory_cksumtype(context, kbp->enctype, &mtype);
+            assert(!ret);
+            if (test->sumtype == mtype) {
+                /* Test that a checksum type of 0 uses the mandatory checksum
+                 * type for the key. */
+                cksum.checksum_type = 0;
+                ret = krb5_c_verify_checksum(context, kbp, test->usage,
+                                             &test->plaintext, &cksum, &valid);
+                assert(!ret && valid);
+            }
+        }
+
+        krb5_free_checksum_contents(context, &cksum);
+        assert(cksum.length == 0);
+    }
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cmac.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cmac.c
new file mode 100644
index 00000000..565c35da
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cmac.c
@@ -0,0 +1,147 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_cmac.c */
+/*
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test vectors for CMAC.  Inputs are taken from RFC 4493 section 4.  Outputs
+ * are changed for the use of Camellia-128 in place of AES-128.
+ *
+ * Ideally we would double-check subkey values, but we have no easy way to see
+ * them.
+ *
+ * Ideally we would test AES-CMAC against the expected results in RFC 4493,
+ * instead of Camellia-CMAC against results we generated ourselves.  This has
+ * been done manually, but is not convenient to do automatically since the
+ * AES-128 enc provider has no cbc_mac method and therefore cannot be used with
+ * krb5int_cmac_checksum.
+ */
+
+#include "crypto_int.h"
+
+/* All examples use the following Camellia-128 key. */
+static unsigned char keybytes[] = {
+    0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+    0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+};
+
+/* Example inputs are this message truncated to 0, 16, 40, and 64 bytes. */
+unsigned char input[] = {
+    0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+    0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+    0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+    0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+    0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+    0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+    0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+    0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+};
+
+/* Expected result of CMAC on empty input. */
+static unsigned char cmac1[] = {
+    0xba, 0x92, 0x57, 0x82, 0xaa, 0xa1, 0xf5, 0xd9,
+    0xa0, 0x0f, 0x89, 0x64, 0x80, 0x94, 0xfc, 0x71
+};
+
+/* Expected result of CMAC on first 16 bytes of input. */
+static unsigned char cmac2[] = {
+    0x6d, 0x96, 0x28, 0x54, 0xa3, 0xb9, 0xfd, 0xa5,
+    0x6d, 0x7d, 0x45, 0xa9, 0x5e, 0xe1, 0x79, 0x93
+};
+
+/* Expected result of CMAC on first 40 bytes of input. */
+static unsigned char cmac3[] = {
+    0x5c, 0x18, 0xd1, 0x19, 0xcc, 0xd6, 0x76, 0x61,
+    0x44, 0xac, 0x18, 0x66, 0x13, 0x1d, 0x9f, 0x22
+};
+
+/* Expected result of CMAC on all 64 bytes of input. */
+static unsigned char cmac4[] = {
+    0xc2, 0x69, 0x9a, 0x6e, 0xba, 0x55, 0xce, 0x9d,
+    0x93, 0x9a, 0x8a, 0x4e, 0x19, 0x46, 0x6e, 0xe9
+};
+
+static void
+check_result(const char *name, const unsigned char *result,
+             const unsigned char *expected)
+{
+    int i;
+
+    for (i = 0; i < 16; i++) {
+        if (result[i] != expected[i]) {
+            fprintf(stderr, "CMAC test vector failure: %s\n", name);
+            exit(1);
+        }
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context = NULL;
+    krb5_keyblock keyblock;
+    krb5_key key;
+    const struct krb5_enc_provider *enc = &krb5int_enc_camellia128;
+    krb5_crypto_iov iov;
+    unsigned char resultbuf[16];
+    krb5_data result = make_data(resultbuf, 16);
+
+    /* Create the example key. */
+    keyblock.magic = KV5M_KEYBLOCK;
+    keyblock.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC;
+    keyblock.length = 16;
+    keyblock.contents = keybytes;
+    ret = krb5_k_create_key(context, &keyblock, &key);
+    assert(!ret);
+
+    /* Example 1. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(input, 0);
+    ret = krb5int_cmac_checksum(enc, key, &iov, 1, &result);
+    assert(!ret);
+    check_result("example 1", resultbuf, cmac1);
+
+    /* Example 2. */
+    iov.data.length = 16;
+    ret = krb5int_cmac_checksum(enc, key, &iov, 1, &result);
+    assert(!ret);
+    check_result("example 2", resultbuf, cmac2);
+
+    /* Example 3. */
+    iov.data.length = 40;
+    ret = krb5int_cmac_checksum(enc, key, &iov, 1, &result);
+    assert(!ret);
+    check_result("example 3", resultbuf, cmac3);
+
+    /* Example 4. */
+    iov.data.length = 64;
+    ret = krb5int_cmac_checksum(enc, key, &iov, 1, &result);
+    assert(!ret);
+    check_result("example 4", resultbuf, cmac4);
+
+    printf("All CMAC tests passed.\n");
+    krb5_k_free_key(context, key);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cts.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cts.c
new file mode 100644
index 00000000..fe505169
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_cts.c
@@ -0,0 +1,151 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_cts.c */
+/*
+ * Copyright 2001, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Test vectors for crypto code, matching data submitted for inclusion
+ * with RFC1510bis.
+ *
+ * N.B.: Doesn't compile -- this file uses some routines internal to our
+ * crypto library which are declared "static" and thus aren't accessible
+ * without modifying the other sources.
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include "crypto_int.h"
+
+#define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0]))
+
+const char *whoami;
+
+#define JURISIC "Juri\305\241i\304\207" /* hi Miro */
+#define ESZETT "\303\237"
+#define GCLEF  "\360\235\204\236" /* outside BMP, woo hoo!  */
+
+static void printd (const char *descr, krb5_data *d) {
+    unsigned int i, j;
+    const int r = 16;
+
+    printf("%s:", descr);
+
+    for (i = 0; i < d->length; i += r) {
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+#ifdef SHOW_TEXT
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
+#endif
+    }
+    printf("\n");
+}
+static void printk(const char *descr, krb5_keyblock *k) {
+    krb5_data d;
+    d.data = (char *) k->contents;
+    d.length = k->length;
+    printd(descr, &d);
+}
+
+static void test_cts()
+{
+    static const char input[4*16] =
+        "I would like the General Gau's Chicken, please, and wonton soup.";
+    static const unsigned char aeskey[16] = "chicken teriyaki";
+    static const int lengths[] = { 17, 31, 32, 47, 48, 64 };
+
+    unsigned int i;
+    char outbuf[64], encivbuf[16], decivbuf[16];
+    krb5_crypto_iov iov;
+    krb5_data in, enciv, deciv;
+    krb5_keyblock keyblock;
+    krb5_key key;
+    krb5_error_code err;
+
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data.data = outbuf;
+    in.data = (char *)input;
+    enciv.length = deciv.length = 16;
+    enciv.data = encivbuf;
+    deciv.data = decivbuf;
+    keyblock.contents = (krb5_octet *)aeskey;
+    keyblock.length = 16;
+    keyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+
+    err = krb5_k_create_key(NULL, &keyblock, &key);
+    if (err) {
+        printf("error %ld from krb5_k_create_key\n", (long)err);
+        exit(1);
+    }
+
+    memset(enciv.data, 0, 16);
+    printk("AES 128-bit key", &keyblock);
+    for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) {
+        memset(enciv.data, 0, 16);
+        memset(deciv.data, 0, 16);
+
+        printf("\n");
+        iov.data.length = in.length = lengths[i];
+        memcpy(outbuf, input, lengths[i]);
+        printd("IV", &enciv);
+        err = krb5int_aes_encrypt(key, &enciv, &iov, 1);
+        if (err) {
+            printf("error %ld from krb5int_aes_encrypt\n", (long)err);
+            exit(1);
+        }
+        printd("Input", &in);
+        printd("Output", &iov.data);
+        printd("Next IV", &enciv);
+        err = krb5int_aes_decrypt(key, &deciv, &iov, 1);
+        if (err) {
+            printf("error %ld from krb5int_aes_decrypt\n", (long)err);
+            exit(1);
+        }
+        if (memcmp(outbuf, input, lengths[i]) != 0) {
+            printd("Decryption result DOESN'T MATCH", &iov.data);
+            exit(1);
+        }
+        if (memcmp(enciv.data, deciv.data, 16)) {
+            printd("Decryption IV result DOESN'T MATCH", &deciv);
+            exit(1);
+        }
+    }
+    krb5_k_free_key(NULL, key);
+}
+
+int main (int argc, char **argv)
+{
+    whoami = argv[0];
+    test_cts();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_decrypt.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_decrypt.c
new file mode 100644
index 00000000..a40a8550
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_decrypt.c
@@ -0,0 +1,623 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_decrypt.c - Test decrypting known ciphertexts */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This harness decrypts known ciphertexts to detect changes in encryption code
+ * which are self-compatible but not compatible across versions.  With the -g
+ * flag, the program generates a set of test cases.
+ */
+
+#include "k5-int.h"
+
+struct test {
+    krb5_enctype enctype;
+    krb5_data plaintext;
+    krb5_keyusage usage;
+    krb5_data keybits;
+    krb5_data ciphertext;
+} test_cases[] = {
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 24,
+          "\x7A\x25\xDF\x89\x92\x29\x6D\xCE\xDA\x0E\x13\x5B\xC4\x04\x6E\x23"
+          "\x75\xB3\xC1\x4C\x98\xFB\xC1\x62" },
+        { KV5M_DATA, 28,
+          "\x54\x8A\xF4\xD5\x04\xF7\xD7\x23\x30\x3F\x12\x17\x5F\xE8\x38\x6B"
+          "\x7B\x53\x35\xA9\x67\xBA\xD6\x1F\x3B\xF0\xB1\x43" }
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 24,
+          "\xBC\x07\x83\x89\x15\x13\xD5\xCE\x57\xBC\x13\x8F\xD3\xC1\x1A\xE6"
+          "\x40\x45\x23\x85\x32\x29\x62\xB6" },
+        { KV5M_DATA, 36,
+          "\x9C\x3C\x1D\xBA\x47\x47\xD8\x5A\xF2\x91\x6E\x47\x45\xF2\xDC\xE3"
+          "\x80\x46\x79\x6E\x51\x04\xBC\xCD\xFB\x66\x9A\x91\xD4\x4B\xC3\x56"
+          "\x66\x09\x45\xC7" }
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 24,
+          "\x2F\xD0\xF7\x25\xCE\x04\x10\x0D\x2F\xC8\xA1\x80\x98\x83\x1F\x85"
+          "\x0B\x45\xD9\xEF\x85\x0B\xD9\x20" },
+        { KV5M_DATA, 44,
+          "\xCF\x91\x44\xEB\xC8\x69\x79\x81\x07\x5A\x8B\xAD\x8D\x74\xE5\xD7"
+          "\xD5\x91\xEB\x7D\x97\x70\xC7\xAD\xA2\x5E\xE8\xC5\xB3\xD6\x94\x44"
+          "\xDF\xEC\x79\xA5\xB7\xA0\x14\x82\xD9\xAF\x74\xE6" }
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 24,
+          "\x0D\xD5\x20\x94\xE0\xF4\x1C\xEC\xCB\x5B\xE5\x10\xA7\x64\xB3\x51"
+          "\x76\xE3\x98\x13\x32\xF1\xE5\x98" },
+        { KV5M_DATA, 44,
+          "\x83\x9A\x17\x08\x1E\xCB\xAF\xBC\xDC\x91\xB8\x8C\x69\x55\xDD\x3C"
+          "\x45\x14\x02\x3C\xF1\x77\xB7\x7B\xF0\xD0\x17\x7A\x16\xF7\x05\xE8"
+          "\x49\xCB\x77\x81\xD7\x6A\x31\x6B\x19\x3F\x8D\x30" }
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 24,
+          "\xF1\x16\x86\xCB\xBC\x9E\x23\xEA\x54\xFE\xCD\x2A\x3D\xCD\xFB\x20"
+          "\xB6\xFE\x98\xBF\x26\x45\xC4\xC4" },
+        { KV5M_DATA, 60,
+          "\x89\x43\x3E\x83\xFD\x0E\xA3\x66\x6C\xFF\xCD\x18\xD8\xDE\xEB\xC5"
+          "\x3B\x9A\x34\xED\xBE\xB1\x59\xD9\xF6\x67\xC6\xC2\xB9\xA9\x64\x40"
+          "\x1D\x55\xE7\xE9\xC6\x8D\x64\x8D\x65\xC3\xAA\x84\xFF\xA3\x79\x0C"
+          "\x14\xA8\x64\xDA\x80\x73\xA9\xA9\x5C\x4B\xA2\xBC" }
+    },
+
+    {
+        ENCTYPE_ARCFOUR_HMAC,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 16,
+          "\xF8\x1F\xEC\x39\x25\x5F\x57\x84\xE8\x50\xC4\x37\x7C\x88\xBD\x85" },
+        { KV5M_DATA, 24,
+          "\x02\xC1\xEB\x15\x58\x61\x44\x12\x2E\xC7\x17\x76\x3D\xD3\x48\xBF"
+          "\x00\x43\x4D\xDC\x65\x85\x95\x4C" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 16,
+          "\x67\xD1\x30\x0D\x28\x12\x23\x86\x7F\x96\x47\xFF\x48\x72\x12\x73" },
+        { KV5M_DATA, 25,
+          "\x61\x56\xE0\xCC\x04\xE0\xA0\x87\x4F\x9F\xDA\x00\x8F\x49\x8A\x7A"
+          "\xDB\xBC\x80\xB7\x0B\x14\xDD\xDB\xC0" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 16,
+          "\x3E\x40\xAB\x60\x93\x69\x52\x81\xB3\xAC\x1A\x93\x04\x22\x4D\x98" },
+        { KV5M_DATA, 33,
+          "\x0F\x9A\xD1\x21\xD9\x9D\x4A\x09\x44\x8E\x4F\x1F\x71\x8C\x4F\x5C"
+          "\xBE\x60\x96\x26\x2C\x66\xF2\x9D\xF2\x32\xA8\x7C\x9F\x98\x75\x5D"
+          "\x55" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 16,
+          "\x4B\xA2\xFB\xF0\x37\x9F\xAE\xD8\x7A\x25\x4D\x3B\x35\x3D\x5A\x7E" },
+        { KV5M_DATA, 37,
+          "\x61\x2C\x57\x56\x8B\x17\xA7\x03\x52\xBA\xE8\xCF\x26\xFB\x94\x59"
+          "\xA6\xF3\x35\x3C\xD3\x5F\xD4\x39\xDB\x31\x07\xCB\xEC\x76\x5D\x32"
+          "\x6D\xFC\x04\xC1\xDD" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 16,
+          "\x68\xF2\x63\xDB\x3F\xCE\x15\xD0\x31\xC9\xEA\xB0\x2D\x67\x10\x7A" },
+        { KV5M_DATA, 54,
+          "\x95\xF9\x04\x7C\x3A\xD7\x58\x91\xC2\xE9\xB0\x4B\x16\x56\x6D\xC8"
+          "\xB6\xEB\x9C\xE4\x23\x1A\xFB\x25\x42\xEF\x87\xA7\xB5\xA0\xF2\x60"
+          "\xA9\x9F\x04\x60\x50\x8D\xE0\xCE\xCC\x63\x2D\x07\xC3\x54\x12\x4E"
+          "\x46\xC5\xD2\x23\x4E\xB8" }
+    },
+
+    {
+        ENCTYPE_ARCFOUR_HMAC_EXP,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 16,
+          "\xF7\xD3\xA1\x55\xAF\x5E\x23\x8A\x0B\x7A\x87\x1A\x96\xBA\x2A\xB2" },
+        { KV5M_DATA, 24,
+          "\x28\x27\xF0\xE9\x0F\x62\xE7\x46\x0C\x4E\x2F\xB3\x9F\x96\x57\xBA"
+          "\x8B\xFA\xA9\x91\xD7\xFD\xAD\xFF" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC_EXP,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 16,
+          "\xDE\xEA\xA0\x60\x7D\xB7\x99\xE2\xFD\xD6\xDB\x29\x86\xBB\x8D\x65" },
+        { KV5M_DATA, 25,
+          "\x3D\xDA\x39\x2E\x2E\x27\x5A\x4D\x75\x18\x3F\xA6\x32\x8A\x0A\x4E"
+          "\x6B\x75\x2D\xF6\xCD\x2A\x25\xFA\x4E" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC_EXP,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 16,
+          "\x33\xAD\x7F\xC2\x67\x86\x15\x56\x9B\x2B\x09\x83\x6E\x0A\x3A\xB6" },
+        { KV5M_DATA, 33,
+          "\x09\xD1\x36\xAC\x48\x5D\x92\x64\x4E\xC6\x70\x1D\x6A\x0D\x03\xE8"
+          "\x98\x2D\x7A\x3C\xA7\xEF\xD0\xF8\xF4\xF8\x36\x60\xEF\x42\x77\xBB"
+          "\x81" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC_EXP,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 16,
+          "\x39\xF2\x5C\xD4\xF0\xD4\x1B\x2B\x2D\x9D\x30\x0F\xCB\x29\x81\xCB" },
+        { KV5M_DATA, 37,
+          "\x91\x23\x88\xD7\xC0\x76\x12\x81\x9E\x3B\x64\x0F\xF5\xCE\xCD\xAF"
+          "\x72\xE5\xA5\x9D\xF1\x0F\x10\x91\xA6\xBE\xC3\x9C\xAA\xD7\x48\xAF"
+          "\x9B\xD2\xD8\xD5\x46" }
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC_EXP,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 16,
+          "\x9F\x72\x55\x42\xD9\xF7\x2A\xA1\xF3\x86\xCB\xE7\x89\x69\x84\xFC" },
+        { KV5M_DATA, 54,
+          "\x78\xB3\x5A\x08\xB0\x8B\xE2\x65\xAE\xB4\x14\x5F\x07\x65\x13\xB6"
+          "\xB5\x6E\xFE\xD3\xF7\x52\x65\x74\xAF\x74\xF7\xD2\xF9\xBA\xE9\x6E"
+          "\xAB\xB7\x6F\x2D\x87\x38\x6D\x2E\x93\xE3\xA7\x7B\x99\x91\x9F\x1D"
+          "\x97\x64\x90\xE2\xBD\x45" }
+    },
+
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 16,
+          "\x5A\x5C\x0F\x0B\xA5\x4F\x38\x28\xB2\x19\x5E\x66\xCA\x24\xA2\x89" },
+        { KV5M_DATA, 28,
+          "\x49\xFF\x8E\x11\xC1\x73\xD9\x58\x3A\x32\x54\xFB\xE7\xB1\xF1\xDF"
+          "\x36\xC5\x38\xE8\x41\x67\x84\xA1\x67\x2E\x66\x76" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 16,
+          "\x98\x45\x0E\x3F\x3B\xAA\x13\xF5\xC9\x9B\xEB\x93\x69\x81\xB0\x6F" },
+        { KV5M_DATA, 29,
+          "\xF8\x67\x42\xF5\x37\xB3\x5D\xC2\x17\x4A\x4D\xBA\xA9\x20\xFA\xF9"
+          "\x04\x20\x90\xB0\x65\xE1\xEB\xB1\xCA\xD9\xA6\x53\x94" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 16,
+          "\x90\x62\x43\x0C\x8C\xDA\x33\x88\x92\x2E\x6D\x6A\x50\x9F\x5B\x7A" },
+        { KV5M_DATA, 37,
+          "\x68\xFB\x96\x79\x60\x1F\x45\xC7\x88\x57\xB2\xBF\x82\x0F\xD6\xE5"
+          "\x3E\xCA\x8D\x42\xFD\x4B\x1D\x70\x24\xA0\x92\x05\xAB\xB7\xCD\x2E"
+          "\xC2\x6C\x35\x5D\x2F" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 16,
+          "\x03\x3E\xE6\x50\x2C\x54\xFD\x23\xE2\x77\x91\xE9\x87\x98\x38\x27" },
+        { KV5M_DATA, 41,
+          "\xEC\x36\x6D\x03\x27\xA9\x33\xBF\x49\x33\x0E\x65\x0E\x49\xBC\x6B"
+          "\x97\x46\x37\xFE\x80\xBF\x53\x2F\xE5\x17\x95\xB4\x80\x97\x18\xE6"
+          "\x19\x47\x24\xDB\x94\x8D\x1F\xD6\x37" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 16,
+          "\xDC\xEE\xB7\x0B\x3D\xE7\x65\x62\xE6\x89\x22\x6C\x76\x42\x91\x48" },
+        { KV5M_DATA, 58,
+          "\xC9\x60\x81\x03\x2D\x5D\x8E\xEB\x7E\x32\xB4\x08\x9F\x78\x9D\x0F"
+          "\xAA\x48\x1D\xEA\x74\xC0\xF9\x7C\xBF\x31\x46\xDD\xFC\xF8\xE8\x00"
+          "\x15\x6E\xCB\x53\x2F\xC2\x03\xE3\x0F\xF6\x00\xB6\x3B\x35\x09\x39"
+          "\xFE\xCE\x51\x0F\x02\xD7\xFF\x1E\x7B\xAC" }
+    },
+
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 32,
+          "\x17\xF2\x75\xF2\x95\x4F\x2E\xD1\xF9\x0C\x37\x7B\xA7\xF4\xD6\xA3"
+          "\x69\xAA\x01\x36\xE0\xBF\x0C\x92\x7A\xD6\x13\x3C\x69\x37\x59\xA9" },
+        { KV5M_DATA, 28,
+          "\xE5\x09\x4C\x55\xEE\x7B\x38\x26\x2E\x2B\x04\x42\x80\xB0\x69\x37"
+          "\x9A\x95\xBF\x95\xBD\x83\x76\xFB\x32\x81\xB4\x35" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 32,
+          "\xB9\x47\x7E\x1F\xF0\x32\x9C\x00\x50\xE2\x0C\xE6\xC7\x2D\x2D\xFF"
+          "\x27\xE8\xFE\x54\x1A\xB0\x95\x44\x29\xA9\xCB\x5B\x4F\x7B\x1E\x2A" },
+        { KV5M_DATA, 29,
+          "\x40\x61\x50\xB9\x7A\xEB\x76\xD4\x3B\x36\xB6\x2C\xC1\xEC\xDF\xBE"
+          "\x6F\x40\xE9\x57\x55\xE0\xBE\xB5\xC2\x78\x25\xF3\xA4" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 32,
+          "\xB1\xAE\x4C\xD8\x46\x2A\xFF\x16\x77\x05\x3C\xC9\x27\x9A\xAC\x30"
+          "\xB7\x96\xFB\x81\xCE\x21\x47\x4D\xD3\xDD\xBC\xFE\xA4\xEC\x76\xD7" },
+        { KV5M_DATA, 37,
+          "\x09\x95\x7A\xA2\x5F\xCA\xF8\x8F\x7B\x39\xE4\x40\x6E\x63\x30\x12"
+          "\xD5\xFE\xA2\x18\x53\xF6\x47\x8D\xA7\x06\x5C\xAE\xF4\x1F\xD4\x54"
+          "\xA4\x08\x24\xEE\xC5" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 32,
+          "\xE5\xA7\x2B\xE9\xB7\x92\x6C\x12\x25\xBA\xFE\xF9\xC1\x87\x2E\x7B"
+          "\xA4\xCD\xB2\xB1\x78\x93\xD8\x4A\xBD\x90\xAC\xDD\x87\x64\xD9\x66" },
+        { KV5M_DATA, 41,
+          "\xD8\xF1\xAA\xFE\xEC\x84\x58\x7C\xC3\xE7\x00\xA7\x74\xE5\x66\x51"
+          "\xA6\xD6\x93\xE1\x74\xEC\x44\x73\xB5\xE6\xD9\x6F\x80\x29\x7A\x65"
+          "\x3F\xB8\x18\xAD\x89\x3E\x71\x9F\x96" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 32,
+          "\xF1\xC7\x95\xE9\x24\x8A\x09\x33\x8D\x82\xC3\xF8\xD5\xB5\x67\x04"
+          "\x0B\x01\x10\x73\x68\x45\x04\x13\x47\x23\x5B\x14\x04\x23\x13\x98" },
+        { KV5M_DATA, 58,
+          "\xD1\x13\x7A\x4D\x63\x4C\xFE\xCE\x92\x4D\xBC\x3B\xF6\x79\x06\x48"
+          "\xBD\x5C\xFF\x7D\xE0\xE7\xB9\x94\x60\x21\x1D\x0D\xAE\xF3\xD7\x9A"
+          "\x29\x5C\x68\x88\x58\xF3\xB3\x4B\x9C\xBD\x6E\xEB\xAE\x81\xDA\xF6"
+          "\xB7\x34\xD4\xD4\x98\xB6\x71\x4F\x1C\x1D" }
+    },
+
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 16,
+          "\x1D\xC4\x6A\x8D\x76\x3F\x4F\x93\x74\x2B\xCB\xA3\x38\x75\x76\xC3" },
+        { KV5M_DATA, 32,
+          "\xC4\x66\xF1\x87\x10\x69\x92\x1E\xDB\x7C\x6F\xDE\x24\x4A\x52\xDB"
+          "\x0B\xA1\x0E\xDC\x19\x7B\xDB\x80\x06\x65\x8C\xA3\xCC\xCE\x6E\xB8" }
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 16,
+          "\x50\x27\xBC\x23\x1D\x0F\x3A\x9D\x23\x33\x3F\x1C\xA6\xFD\xBE\x7C" },
+        { KV5M_DATA, 33,
+          "\x84\x2D\x21\xFD\x95\x03\x11\xC0\xDD\x46\x4A\x3F\x4B\xE8\xD6\xDA"
+          "\x88\xA5\x6D\x55\x9C\x9B\x47\xD3\xF9\xA8\x50\x67\xAF\x66\x15\x59"
+          "\xB8" }
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 16,
+          "\xA1\xBB\x61\xE8\x05\xF9\xBA\x6D\xDE\x8F\xDB\xDD\xC0\x5C\xDE\xA0" },
+        { KV5M_DATA, 41,
+          "\x61\x9F\xF0\x72\xE3\x62\x86\xFF\x0A\x28\xDE\xB3\xA3\x52\xEC\x0D"
+          "\x0E\xDF\x5C\x51\x60\xD6\x63\xC9\x01\x75\x8C\xCF\x9D\x1E\xD3\x3D"
+          "\x71\xDB\x8F\x23\xAA\xBF\x83\x48\xA0" }
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 16,
+          "\x2C\xA2\x7A\x5F\xAF\x55\x32\x24\x45\x06\x43\x4E\x1C\xEF\x66\x76" },
+        { KV5M_DATA, 45,
+          "\xB8\xEC\xA3\x16\x7A\xE6\x31\x55\x12\xE5\x9F\x98\xA7\xC5\x00\x20"
+          "\x5E\x5F\x63\xFF\x3B\xB3\x89\xAF\x1C\x41\xA2\x1D\x64\x0D\x86\x15"
+          "\xC9\xED\x3F\xBE\xB0\x5A\xB6\xAC\xB6\x76\x89\xB5\xEA" }
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 16,
+          "\x78\x24\xF8\xC1\x6F\x83\xFF\x35\x4C\x6B\xF7\x51\x5B\x97\x3F\x43" },
+        { KV5M_DATA, 62,
+          "\xA2\x6A\x39\x05\xA4\xFF\xD5\x81\x6B\x7B\x1E\x27\x38\x0D\x08\x09"
+          "\x0C\x8E\xC1\xF3\x04\x49\x6E\x1A\xBD\xCD\x2B\xDC\xD1\xDF\xFC\x66"
+          "\x09\x89\xE1\x17\xA7\x13\xDD\xBB\x57\xA4\x14\x6C\x15\x87\xCB\xA4"
+          "\x35\x66\x65\x59\x1D\x22\x40\x28\x2F\x58\x42\xB1\x05\xA5" }
+    },
+
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 0, "", }, 0,
+        { KV5M_DATA, 32,
+          "\xB6\x1C\x86\xCC\x4E\x5D\x27\x57\x54\x5A\xD4\x23\x39\x9F\xB7\x03"
+          "\x1E\xCA\xB9\x13\xCB\xB9\x00\xBD\x7A\x3C\x6D\xD8\xBF\x92\x01\x5B" },
+        { KV5M_DATA, 32,
+          "\x03\x88\x6D\x03\x31\x0B\x47\xA6\xD8\xF0\x6D\x7B\x94\xD1\xDD\x83"
+          "\x7E\xCC\xE3\x15\xEF\x65\x2A\xFF\x62\x08\x59\xD9\x4A\x25\x92\x66" }
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 1, "1", }, 1,
+        { KV5M_DATA, 32,
+          "\x1B\x97\xFE\x0A\x19\x0E\x20\x21\xEB\x30\x75\x3E\x1B\x6E\x1E\x77"
+          "\xB0\x75\x4B\x1D\x68\x46\x10\x35\x58\x64\x10\x49\x63\x46\x38\x33" },
+        { KV5M_DATA, 33,
+          "\x2C\x9C\x15\x70\x13\x3C\x99\xBF\x6A\x34\xBC\x1B\x02\x12\x00\x2F"
+          "\xD1\x94\x33\x87\x49\xDB\x41\x35\x49\x7A\x34\x7C\xFC\xD9\xD1\x8A"
+          "\x12" }
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 9, "9 bytesss", }, 2,
+        { KV5M_DATA, 32,
+          "\x32\x16\x4C\x5B\x43\x4D\x1D\x15\x38\xE4\xCF\xD9\xBE\x80\x40\xFE"
+          "\x8C\x4A\xC7\xAC\xC4\xB9\x3D\x33\x14\xD2\x13\x36\x68\x14\x7A\x05" },
+        { KV5M_DATA, 41,
+          "\x9C\x6D\xE7\x5F\x81\x2D\xE7\xED\x0D\x28\xB2\x96\x35\x57\xA1\x15"
+          "\x64\x09\x98\x27\x5B\x0A\xF5\x15\x27\x09\x91\x3F\xF5\x2A\x2A\x9C"
+          "\x8E\x63\xB8\x72\xF9\x2E\x64\xC8\x39" }
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 13, "13 bytes byte", }, 3,
+        { KV5M_DATA, 32,
+          "\xB0\x38\xB1\x32\xCD\x8E\x06\x61\x22\x67\xFA\xB7\x17\x00\x66\xD8"
+          "\x8A\xEC\xCB\xA0\xB7\x44\xBF\xC6\x0D\xC8\x9B\xCA\x18\x2D\x07\x15" },
+        { KV5M_DATA, 45,
+          "\xEE\xEC\x85\xA9\x81\x3C\xDC\x53\x67\x72\xAB\x9B\x42\xDE\xFC\x57"
+          "\x06\xF7\x26\xE9\x75\xDD\xE0\x5A\x87\xEB\x54\x06\xEA\x32\x4C\xA1"
+          "\x85\xC9\x98\x6B\x42\xAA\xBE\x79\x4B\x84\x82\x1B\xEE" }
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 30, "30 bytes bytes bytes bytes byt", }, 4,
+        { KV5M_DATA, 32,
+          "\xCC\xFC\xD3\x49\xBF\x4C\x66\x77\xE8\x6E\x4B\x02\xB8\xEA\xB9\x24"
+          "\xA5\x46\xAC\x73\x1C\xF9\xBF\x69\x89\xB9\x96\xE7\xD6\xBF\xBB\xA7" },
+        { KV5M_DATA, 62,
+          "\x0E\x44\x68\x09\x85\x85\x5F\x2D\x1F\x18\x12\x52\x9C\xA8\x3B\xFD"
+          "\x8E\x34\x9D\xE6\xFD\x9A\xDA\x0B\xAA\xA0\x48\xD6\x8E\x26\x5F\xEB"
+          "\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84"
+          "\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" }
+    },
+
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 0, "", }, 2,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 32,
+          "\xEF\x85\xFB\x89\x0B\xB8\x47\x2F\x4D\xAB\x20\x39\x4D\xCA\x78\x1D"
+          "\xAD\x87\x7E\xDA\x39\xD5\x0C\x87\x0C\x0D\x5A\x0A\x8E\x48\xC7\x18" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 6, "\x00\x01\x02\x03\x04\x05", }, 2,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 38,
+          "\x84\xD7\xF3\x07\x54\xED\x98\x7B\xAB\x0B\xF3\x50\x6B\xEB\x09\xCF"
+          "\xB5\x54\x02\xCE\xF7\xE6\x87\x7C\xE9\x9E\x24\x7E\x52\xD1\x6E\xD4"
+          "\x42\x1D\xFD\xF8\x97\x6C" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 16,
+          "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" },
+        2,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 48,
+          "\x35\x17\xD6\x40\xF5\x0D\xDC\x8A\xD3\x62\x87\x22\xB3\x56\x9D\x2A"
+          "\xE0\x74\x93\xFA\x82\x63\x25\x40\x80\xEA\x65\xC1\x00\x8E\x8F\xC2"
+          "\x95\xFB\x48\x52\xE7\xD8\x3E\x1E\x7C\x48\xC3\x7E\xEB\xE6\xB0\xD3" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 21,
+          "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+          "\x10\x11\x12\x13\x14" },
+        2,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 53,
+          "\x72\x0F\x73\xB1\x8D\x98\x59\xCD\x6C\xCB\x43\x46\x11\x5C\xD3\x36"
+          "\xC7\x0F\x58\xED\xC0\xC4\x43\x7C\x55\x73\x54\x4C\x31\xC8\x13\xBC"
+          "\xE1\xE6\xD0\x72\xC1\x86\xB3\x9A\x41\x3C\x2F\x92\xCA\x9B\x83\x34"
+          "\xA2\x87\xFF\xCB\xFC" }
+    },
+
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 0, "", }, 2,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 40,
+          "\x41\xF5\x3F\xA5\xBF\xE7\x02\x6D\x91\xFA\xF9\xBE\x95\x91\x95\xA0"
+          "\x58\x70\x72\x73\xA9\x6A\x40\xF0\xA0\x19\x60\x62\x1A\xC6\x12\x74"
+          "\x8B\x9B\xBF\xBE\x7E\xB4\xCE\x3C" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 6, "\x00\x01\x02\x03\x04\x05", }, 2,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 46,
+          "\x4E\xD7\xB3\x7C\x2B\xCA\xC8\xF7\x4F\x23\xC1\xCF\x07\xE6\x2B\xC7"
+          "\xB7\x5F\xB3\xF6\x37\xB9\xF5\x59\xC7\xF6\x64\xF6\x9E\xAB\x7B\x60"
+          "\x92\x23\x75\x26\xEA\x0D\x1F\x61\xCB\x20\xD6\x9D\x10\xF2" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 16,
+          "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" },
+        2,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 56,
+          "\xBC\x47\xFF\xEC\x79\x98\xEB\x91\xE8\x11\x5C\xF8\xD1\x9D\xAC\x4B"
+          "\xBB\xE2\xE1\x63\xE8\x7D\xD3\x7F\x49\xBE\xCA\x92\x02\x77\x64\xF6"
+          "\x8C\xF5\x1F\x14\xD7\x98\xC2\x27\x3F\x35\xDF\x57\x4D\x1F\x93\x2E"
+          "\x40\xC4\xFF\x25\x5B\x36\xA2\x66" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 21,
+          "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+          "\x10\x11\x12\x13\x14" },
+        2,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 61,
+          "\x40\x01\x3E\x2D\xF5\x8E\x87\x51\x95\x7D\x28\x78\xBC\xD2\xD6\xFE"
+          "\x10\x1C\xCF\xD5\x56\xCB\x1E\xAE\x79\xDB\x3C\x3E\xE8\x64\x29\xF2"
+          "\xB2\xA6\x02\xAC\x86\xFE\xF6\xEC\xB6\x47\xD6\x29\x5F\xAE\x07\x7A"
+          "\x1F\xEB\x51\x75\x08\xD2\xC1\x6B\x41\x92\xE0\x1F\x62" }
+    },
+};
+
+static void
+printhex(const char *head, void *data, size_t len)
+{
+    size_t i;
+
+    printf("%s", head);
+    for (i = 0; i < len; i++) {
+        printf("%02X", ((unsigned char*)data)[i]);
+        if (i % 16 == 15 && i + 1 < len)
+            printf("\n%*s", (int)strlen(head), "");
+        else if (i + 1 < len)
+            printf(" ");
+    }
+    printf("\n");
+}
+
+static krb5_enctype
+enctypes[] = {
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_ARCFOUR_HMAC_EXP,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ENCTYPE_CAMELLIA128_CTS_CMAC,
+    ENCTYPE_CAMELLIA256_CTS_CMAC,
+    ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+    ENCTYPE_AES256_CTS_HMAC_SHA384_192
+};
+
+static char *plaintexts[] = {
+    "",
+    "1",
+    "9 bytesss",
+    "13 bytes byte",
+    "30 bytes bytes bytes bytes byt"
+};
+
+static int
+generate(krb5_context context)
+{
+    krb5_error_code ret;
+    size_t i, j;
+    krb5_keyblock kb;
+    krb5_data plain, seed = string2data("seed");
+    krb5_enc_data enc;
+    size_t enclen;
+    char buf[64];
+
+    ret = krb5_c_random_seed(context, &seed);
+    assert(!ret);
+    for (i = 0; i < sizeof(enctypes) / sizeof(*enctypes); i++) {
+        for (j = 0; j < sizeof(plaintexts) / sizeof(*plaintexts); j++) {
+            ret = krb5_c_make_random_key(context, enctypes[i], &kb);
+            assert(!ret);
+            plain = string2data(plaintexts[j]);
+            ret = krb5_c_encrypt_length(context, enctypes[i], plain.length,
+                                        &enclen);
+            assert(!ret);
+            ret = alloc_data(&enc.ciphertext, enclen);
+            assert(!ret);
+            ret = krb5_c_encrypt(context, &kb, j, NULL, &plain, &enc);
+            assert(!ret);
+            krb5_enctype_to_name(enctypes[i], FALSE, buf, sizeof(buf));
+            printf("\nEnctype: %s\n", buf);
+            printf("Plaintext: %s\n", plaintexts[j]);
+            printhex("Key: ", kb.contents, kb.length);
+            printhex("Ciphertext: ", enc.ciphertext.data,
+                     enc.ciphertext.length);
+            free(enc.ciphertext.data);
+        }
+    }
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context = NULL;
+    krb5_data plain;
+    size_t i;
+    struct test *test;
+    krb5_keyblock kb;
+    krb5_enc_data enc;
+
+    if (argc >= 2 && strcmp(argv[1], "-g") == 0)
+        return generate(context);
+
+    for (i = 0; i < sizeof(test_cases) / sizeof(*test_cases); i++) {
+        test = &test_cases[i];
+        kb.magic = KV5M_KEYBLOCK;
+        kb.enctype = test->enctype;
+        kb.length = test->keybits.length;
+        kb.contents = (unsigned char *)test->keybits.data;
+        ret = alloc_data(&plain, test->ciphertext.length);
+        assert(!ret);
+        enc.magic = KV5M_ENC_DATA;
+        enc.enctype = test->enctype;
+        enc.kvno = 0;
+        enc.ciphertext = test->ciphertext;
+        if (krb5_c_decrypt(context, &kb, test->usage, NULL, &enc,
+                           &plain) != 0) {
+            printf("decrypt test %d failed to decrypt\n", (int)i);
+            return 1;
+        }
+        assert(plain.length >= test->plaintext.length);
+        if (memcmp(plain.data, test->plaintext.data,
+                   test->plaintext.length) != 0) {
+            printf("decrypt test %d produced wrong result\n", (int)i);
+            return 1;
+        }
+        free(plain.data);
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_derive.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_derive.c
new file mode 100644
index 00000000..afbf7477
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_derive.c
@@ -0,0 +1,375 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_derive.c - Test harness for key derivation */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This harness detects changes in key derivation results using known values.
+ * With the -v flag, results for all tests are displayed.
+ */
+
+#include "crypto_int.h"
+
+struct test {
+    krb5_enctype enctype;
+    krb5_data inkey;
+    krb5_data constant;
+    enum deriv_alg alg;
+    krb5_data expected_key;
+} test_cases[] = {
+    /* Kc, Ke, Kei for a DES3 key */
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 24,
+          "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE"
+          "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 24,
+          "\xF7\x8C\x49\x6D\x16\xE6\xC2\xDA\xE0\xE0\xB6\xC2\x40\x57\xA8\x4C"
+          "\x04\x26\xAE\xEF\x26\xFD\x6D\xCE" }
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 24,
+          "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE"
+          "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 24,
+          "\x5B\x57\x23\xD0\xB6\x34\xCB\x68\x4C\x3E\xBA\x52\x64\xE9\xA7\x0D"
+          "\x52\xE6\x83\x23\x1A\xD3\xC4\xCE" }
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        { KV5M_DATA, 24,
+          "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C\x31\x3E\x3B\xFE"
+          "\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 24,
+          "\xA7\x7C\x94\x98\x0E\x9B\x73\x45\xA8\x15\x25\xC4\x23\xA7\x37\xCE"
+          "\x67\xF4\xCD\x91\xB6\xB3\xDA\x45" }
+    },
+
+    /* Kc, Ke, Ki for an AES-128 key */
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 16,
+          "\x42\x26\x3C\x6E\x89\xF4\xFC\x28\xB8\xDF\x68\xEE\x09\x79\x9F\x15" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 16,
+          "\x34\x28\x0A\x38\x2B\xC9\x27\x69\xB2\xDA\x2F\x9E\xF0\x66\x85\x4B" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 16,
+          "\x42\x26\x3C\x6E\x89\xF4\xFC\x28\xB8\xDF\x68\xEE\x09\x79\x9F\x15" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 16,
+          "\x5B\x14\xFC\x4E\x25\x0E\x14\xDD\xF9\xDC\xCF\x1A\xF6\x67\x4F\x53" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 16,
+          "\x42\x26\x3C\x6E\x89\xF4\xFC\x28\xB8\xDF\x68\xEE\x09\x79\x9F\x15" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 16,
+          "\x4E\xD3\x10\x63\x62\x16\x84\xF0\x9A\xE8\xD8\x99\x91\xAF\x3E\x8F" }
+    },
+
+    /* Kc, Ke, Ki for an AES-256 key */
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\xFE\x69\x7B\x52\xBC\x0D\x3C\xE1\x44\x32\xBA\x03\x6A\x92\xE6\x5B"
+          "\xBB\x52\x28\x09\x90\xA2\xFA\x27\x88\x39\x98\xD7\x2A\xF3\x01\x61" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 32,
+          "\xBF\xAB\x38\x8B\xDC\xB2\x38\xE9\xF9\xC9\x8D\x6A\x87\x83\x04\xF0"
+          "\x4D\x30\xC8\x25\x56\x37\x5A\xC5\x07\xA7\xA8\x52\x79\x0F\x46\x74" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\xFE\x69\x7B\x52\xBC\x0D\x3C\xE1\x44\x32\xBA\x03\x6A\x92\xE6\x5B"
+          "\xBB\x52\x28\x09\x90\xA2\xFA\x27\x88\x39\x98\xD7\x2A\xF3\x01\x61" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 32,
+          "\xC7\xCF\xD9\xCD\x75\xFE\x79\x3A\x58\x6A\x54\x2D\x87\xE0\xD1\x39"
+          "\x6F\x11\x34\xA1\x04\xBB\x1A\x91\x90\xB8\xC9\x0A\xDA\x3D\xDF\x37" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\xFE\x69\x7B\x52\xBC\x0D\x3C\xE1\x44\x32\xBA\x03\x6A\x92\xE6\x5B"
+          "\xBB\x52\x28\x09\x90\xA2\xFA\x27\x88\x39\x98\xD7\x2A\xF3\x01\x61" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_RFC3961,
+        { KV5M_DATA, 32,
+          "\x97\x15\x1B\x4C\x76\x94\x50\x63\xE2\xEB\x05\x29\xDC\x06\x7D\x97"
+          "\xD7\xBB\xA9\x07\x76\xD8\x12\x6D\x91\xF3\x4F\x31\x01\xAE\xA8\xBA" }
+    },
+
+    /* Kc, Ke, Ki for a Camellia-128 key */
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 16,
+          "\x57\xD0\x29\x72\x98\xFF\xD9\xD3\x5D\xE5\xA4\x7F\xB4\xBD\xE2\x4B" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_SP800_108_CMAC,
+        { KV5M_DATA, 16,
+          "\xD1\x55\x77\x5A\x20\x9D\x05\xF0\x2B\x38\xD4\x2A\x38\x9E\x5A\x56" }
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 16,
+          "\x57\xD0\x29\x72\x98\xFF\xD9\xD3\x5D\xE5\xA4\x7F\xB4\xBD\xE2\x4B" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_SP800_108_CMAC,
+        { KV5M_DATA, 16,
+          "\x64\xDF\x83\xF8\x5A\x53\x2F\x17\x57\x7D\x8C\x37\x03\x57\x96\xAB" }
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        { KV5M_DATA, 16,
+          "\x57\xD0\x29\x72\x98\xFF\xD9\xD3\x5D\xE5\xA4\x7F\xB4\xBD\xE2\x4B" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_SP800_108_CMAC,
+        { KV5M_DATA, 16,
+          "\x3E\x4F\xBD\xF3\x0F\xB8\x25\x9C\x42\x5C\xB6\xC9\x6F\x1F\x46\x35" }
+    },
+
+    /* Kc, Ke, Ki for a Camellia-256 key */
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 32,
+          "\xB9\xD6\x82\x8B\x20\x56\xB7\xBE\x65\x6D\x88\xA1\x23\xB1\xFA\xC6"
+          "\x82\x14\xAC\x2B\x72\x7E\xCF\x5F\x69\xAF\xE0\xC4\xDF\x2A\x6D\x2C" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_SP800_108_CMAC,
+        { KV5M_DATA, 32,
+          "\xE4\x67\xF9\xA9\x55\x2B\xC7\xD3\x15\x5A\x62\x20\xAF\x9C\x19\x22"
+          "\x0E\xEE\xD4\xFF\x78\xB0\xD1\xE6\xA1\x54\x49\x91\x46\x1A\x9E\x50" }
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 32,
+          "\xB9\xD6\x82\x8B\x20\x56\xB7\xBE\x65\x6D\x88\xA1\x23\xB1\xFA\xC6"
+          "\x82\x14\xAC\x2B\x72\x7E\xCF\x5F\x69\xAF\xE0\xC4\xDF\x2A\x6D\x2C" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_SP800_108_CMAC,
+        { KV5M_DATA, 32,
+          "\x41\x2A\xEF\xC3\x62\xA7\x28\x5F\xC3\x96\x6C\x6A\x51\x81\xE7\x60"
+          "\x5A\xE6\x75\x23\x5B\x6D\x54\x9F\xBF\xC9\xAB\x66\x30\xA4\xC6\x04" }
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        { KV5M_DATA, 32,
+          "\xB9\xD6\x82\x8B\x20\x56\xB7\xBE\x65\x6D\x88\xA1\x23\xB1\xFA\xC6"
+          "\x82\x14\xAC\x2B\x72\x7E\xCF\x5F\x69\xAF\xE0\xC4\xDF\x2A\x6D\x2C" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_SP800_108_CMAC,
+        { KV5M_DATA, 32,
+          "\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB"
+          "\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" }
+    },
+
+    /* Kc, Ke, Ki for an aes128-sha2 key. */
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_SP800_108_HMAC,
+        { KV5M_DATA, 16,
+          "\xB3\x1A\x01\x8A\x48\xF5\x47\x76\xF4\x03\xE9\xA3\x96\x32\x5D\xC3" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_SP800_108_HMAC,
+        { KV5M_DATA, 16,
+          "\x9B\x19\x7D\xD1\xE8\xC5\x60\x9D\x6E\x67\xC3\xE3\x7C\x62\xC7\x2E" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_SP800_108_HMAC,
+        { KV5M_DATA, 16,
+          "\x9F\xDA\x0E\x56\xAB\x2D\x85\xE1\x56\x9A\x68\x86\x96\xC2\x6A\x6C" }
+    },
+
+    /* Kc, Ke, Ki for an aes256-sha2 key. */
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 5, "\0\0\0\2\x99" },
+        DERIVE_SP800_108_HMAC,
+        { KV5M_DATA, 24,
+          "\xEF\x57\x18\xBE\x86\xCC\x84\x96\x3D\x8B\xBB\x50\x31\xE9\xF5\xC4"
+          "\xBA\x41\xF2\x8F\xAF\x69\xE7\x3D" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 5, "\0\0\0\2\xAA" },
+        DERIVE_SP800_108_HMAC,
+        { KV5M_DATA, 32,
+          "\x56\xAB\x22\xBE\xE6\x3D\x82\xD7\xBC\x52\x27\xF6\x77\x3F\x8E\xA7"
+          "\xA5\xEB\x1C\x82\x51\x60\xC3\x83\x12\x98\x0C\x44\x2E\x5C\x7E\x49" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 5, "\0\0\0\2\x55" },
+        DERIVE_SP800_108_HMAC,
+        { KV5M_DATA, 24,
+          "\x69\xB1\x65\x14\xE3\xCD\x8E\x56\xB8\x20\x10\xD5\xC7\x30\x12\xB6"
+          "\x22\xC4\xD0\x0F\xFC\x23\xED\x1F" }
+    },
+};
+
+static void
+printhex(const char *head, void *data, size_t len)
+{
+    size_t i;
+
+    printf("%s", head);
+    for (i = 0; i < len; i++) {
+        printf("%02X", ((unsigned char*)data)[i]);
+        if (i % 16 == 15 && i + 1 < len)
+            printf("\n%*s", (int)strlen(head), "");
+        else if (i + 1 < len)
+            printf(" ");
+    }
+    printf("\n");
+}
+
+static const struct krb5_enc_provider *
+get_enc_provider(krb5_enctype enctype)
+{
+    switch (enctype) {
+    case ENCTYPE_DES3_CBC_SHA1:              return &krb5int_enc_des3;
+    case ENCTYPE_AES128_CTS_HMAC_SHA1_96:    return &krb5int_enc_aes128;
+    case ENCTYPE_AES256_CTS_HMAC_SHA1_96:    return &krb5int_enc_aes256;
+    case ENCTYPE_CAMELLIA128_CTS_CMAC:       return &krb5int_enc_camellia128;
+    case ENCTYPE_CAMELLIA256_CTS_CMAC:       return &krb5int_enc_camellia256;
+    case ENCTYPE_AES128_CTS_HMAC_SHA256_128: return &krb5int_enc_aes128;
+    case ENCTYPE_AES256_CTS_HMAC_SHA384_192: return &krb5int_enc_aes256;
+    }
+    abort();
+}
+
+static const struct krb5_hash_provider *
+get_hash_provider(krb5_enctype enctype)
+{
+    switch (enctype) {
+    case ENCTYPE_AES128_CTS_HMAC_SHA256_128: return &krb5int_hash_sha256;
+    case ENCTYPE_AES256_CTS_HMAC_SHA384_192: return &krb5int_hash_sha384;
+    }
+    return NULL;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context = NULL;
+    size_t i;
+    struct test *test;
+    krb5_keyblock kb;
+    krb5_key inkey = NULL, key = NULL;
+    krb5_data rnd = empty_data(), outcmp;
+    const struct krb5_enc_provider *enc;
+    const struct krb5_hash_provider *hash;
+    krb5_boolean verbose = FALSE;
+    int status = 0;
+
+    if (argc >= 2 && strcmp(argv[1], "-v") == 0)
+        verbose = TRUE;
+    for (i = 0; i < sizeof(test_cases) / sizeof(*test_cases); i++) {
+        test = &test_cases[i];
+        kb.magic = KV5M_KEYBLOCK;
+        kb.enctype = test->enctype;
+        kb.length = test->inkey.length;
+        kb.contents = (unsigned char *)test->inkey.data;
+        ret = krb5_k_create_key(context, &kb, &inkey);
+        assert(!ret);
+        enc = get_enc_provider(test->enctype);
+        hash = get_hash_provider(test->enctype);
+        if (test->expected_key.length == enc->keylength) {
+            ret = krb5int_derive_key(enc, hash, inkey, &key, &test->constant,
+                                     test->alg);
+            assert(!ret);
+            outcmp = make_data(key->keyblock.contents, key->keyblock.length);
+        } else {
+            ret = alloc_data(&rnd, test->expected_key.length);
+            assert(!ret);
+            ret = krb5int_derive_random(enc, hash, inkey, &rnd,
+                                        &test->constant, test->alg);
+            assert(!ret);
+            outcmp = rnd;
+        }
+        if (verbose) {
+            char buf[64];
+            krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf));
+            printf("\nTest %d:\n", (int)i);
+            printf("Enctype: %s\n", buf);
+            printhex("Input key: ", inkey->keyblock.contents,
+                     inkey->keyblock.length);
+            printhex("Constant: ", test->constant.data, test->constant.length);
+            printhex("Output: ", outcmp.data, outcmp.length);
+        }
+        assert(outcmp.length == test->expected_key.length);
+        if (memcmp(outcmp.data, test->expected_key.data, outcmp.length) != 0) {
+            printf("derive test %d failed\n", (int)i);
+            status = 1;
+            if (!verbose)
+                break;
+        }
+
+        krb5_k_free_key(context, inkey);
+        krb5_k_free_key(context, key);
+        zapfree(rnd.data, rnd.length);
+        inkey = key = NULL;
+        rnd = empty_data();
+    }
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_encrypt.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_encrypt.c
new file mode 100644
index 00000000..bd9b9469
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -0,0 +1,289 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_encrypt.c */
+/*
+ * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * <<< Description >>>
+ */
+/*
+ * Some black-box tests of crypto systems.  Make sure that we can decrypt things we encrypt, etc.
+ */
+
+#include "crypto_int.h"
+#include <stdio.h>
+
+/* What enctypes should we test?*/
+krb5_enctype interesting_enctypes[] = {
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_ARCFOUR_HMAC_EXP,
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ENCTYPE_CAMELLIA128_CTS_CMAC,
+    ENCTYPE_CAMELLIA256_CTS_CMAC,
+    ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+    ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+    0
+};
+
+static void
+test(const char *msg, krb5_error_code retval)
+{
+    printf("%s: . . . ", msg);
+    if (retval) {
+        printf("Failed: %s\n", error_message(retval));
+        abort();
+    } else
+        printf("OK\n");
+}
+
+static int compare_results(krb5_data *d1, krb5_data *d2)
+{
+    if (d1->length != d2->length) {
+        /* Decryption can leave a little trailing cruft.
+           For the current cryptosystems, this can be up to 7 bytes.  */
+        if (d1->length + 8 <= d2->length)
+            return EINVAL;
+        if (d1->length > d2->length)
+            return EINVAL;
+    }
+    if (memcmp(d1->data, d2->data, d1->length)) {
+        return EINVAL;
+    }
+    return 0;
+}
+
+static void
+display(const char *msg, const krb5_data *d)
+{
+    unsigned int i;
+
+    printf("%s:", msg);
+    for (i = 0; i < d->length; i++)
+        printf(" %02X", (unsigned char) d->data[i]);
+    printf("\n");
+}
+
+int
+main ()
+{
+    krb5_context context = 0;
+    krb5_data  in, in2, out, out2, check, check2, state, signdata;
+    krb5_crypto_iov iov[5];
+    int i, j, pos;
+    unsigned int dummy;
+    size_t len;
+    krb5_enc_data enc_out, enc_out2;
+    krb5_keyblock *keyblock;
+    krb5_key key;
+
+    memset(iov, 0, sizeof(iov));
+
+    in.data = "This is a test.\n";
+    in.length = strlen (in.data);
+    in2.data = "This is another test.\n";
+    in2.length = strlen (in2.data);
+
+    test ("Seeding random number generator",
+          krb5_c_random_seed (context, &in));
+
+    /* Set up output buffers. */
+    out.data = malloc(2048);
+    out2.data = malloc(2048);
+    check.data = malloc(2048);
+    check2.data = malloc(2048);
+    if (out.data == NULL || out2.data == NULL
+        || check.data == NULL || check2.data == NULL)
+        abort();
+    out.magic = KV5M_DATA;
+    out.length = 2048;
+    out2.magic = KV5M_DATA;
+    out2.length = 2048;
+    check.length = 2048;
+    check2.length = 2048;
+
+    for (i = 0; interesting_enctypes[i]; i++) {
+        krb5_enctype enctype = interesting_enctypes [i];
+
+        printf ("Testing enctype %d\n", enctype);
+        test ("Initializing a keyblock",
+              krb5_init_keyblock (context, enctype, 0, &keyblock));
+        test ("Generating random keyblock",
+              krb5_c_make_random_key (context, enctype, keyblock));
+        test ("Creating opaque key from keyblock",
+              krb5_k_create_key (context, keyblock, &key));
+
+        enc_out.ciphertext = out;
+        enc_out2.ciphertext = out2;
+        /* We use an intermediate `len' because size_t may be different size
+           than `int' */
+        krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
+        enc_out.ciphertext.length = len;
+
+        /* Encrypt, decrypt, and see if we got the plaintext back again. */
+        test ("Encrypting (c)",
+              krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
+        display ("Enc output", &enc_out.ciphertext);
+        test ("Decrypting",
+              krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
+        test ("Comparing", compare_results (&in, &check));
+
+        /* Try again with the opaque-key-using variants. */
+        memset(out.data, 0, out.length);
+        test ("Encrypting (k)",
+              krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+        display ("Enc output", &enc_out.ciphertext);
+        test ("Decrypting",
+              krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
+        test ("Comparing", compare_results (&in, &check));
+
+        /* Check if this enctype supports IOV encryption. */
+        if ( krb5_c_crypto_length(context, keyblock->enctype,
+                                  KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
+            /* Set up iovecs for stream decryption. */
+            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+            iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
+            iov[0].data.data = out2.data;
+            iov[0].data.length = enc_out.ciphertext.length;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+
+            /* Decrypt the encrypted data from above and check it. */
+            test("IOV stream decrypting (c)",
+                 krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
+
+            /* Try again with the opaque-key-using variant. */
+            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+            test("IOV stream decrypting (k)",
+                 krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
+
+            /* Set up iovecs for AEAD encryption. */
+            signdata.magic = KV5M_DATA;
+            signdata.data = (char *) "This should be signed";
+            signdata.length = strlen(signdata.data);
+            iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+            iov[1].data = in; /*We'll need to copy memory before encrypt*/
+            iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+            iov[2].data = signdata;
+            iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
+            iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
+
+            /* "Allocate" data for the iovec buffers from the "out" buffer. */
+            test("Setting up iov lengths",
+                 krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
+            for (j=0,pos=0; j <= 4; j++ ){
+                if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
+                    continue;
+                iov[j].data.data = &out.data[pos];
+                pos += iov[j].data.length;
+            }
+            assert (iov[1].data.length == in.length);
+            memcpy(iov[1].data.data, in.data, in.length);
+
+            /* Encrypt and decrypt in place, and check the result. */
+            test("iov encrypting (c)",
+                 krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
+            assert(iov[1].data.length == in.length);
+            display("Header", &iov[0].data);
+            display("Data", &iov[1].data);
+            display("Padding", &iov[3].data);
+            display("Trailer", &iov[4].data);
+            test("iov decrypting",
+                 krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
+
+            /* Try again with opaque-key-using variants. */
+            test("iov encrypting (k)",
+                 krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
+            assert(iov[1].data.length == in.length);
+            display("Header", &iov[0].data);
+            display("Data", &iov[1].data);
+            display("Padding", &iov[3].data);
+            display("Trailer", &iov[4].data);
+            test("iov decrypting",
+                 krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
+        }
+
+        enc_out.ciphertext.length = out.length;
+        check.length = 2048;
+
+        test ("init_state",
+              krb5_c_init_state (context, keyblock, 7, &state));
+        test ("Encrypting with state",
+              krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
+        display ("Enc output", &enc_out.ciphertext);
+        test ("Encrypting again with state",
+              krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
+        display ("Enc output", &enc_out2.ciphertext);
+        test ("free_state",
+              krb5_c_free_state (context, keyblock, &state));
+        test ("init_state",
+              krb5_c_init_state (context, keyblock, 7, &state));
+        test ("Decrypting with state",
+              krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
+        test ("Decrypting again with state",
+              krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
+        test ("free_state",
+              krb5_c_free_state (context, keyblock, &state));
+        test ("Comparing",
+              compare_results (&in, &check));
+        test ("Comparing",
+              compare_results (&in2, &check2));
+
+        krb5_free_keyblock (context, keyblock);
+        krb5_k_free_key (context, key);
+    }
+
+    /* Test the RC4 decrypt fallback from key usage 9 to 8. */
+    test ("Initializing an RC4 keyblock",
+          krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
+    test ("Generating random RC4 key",
+          krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
+    enc_out.ciphertext = out;
+    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
+    enc_out.ciphertext.length = len;
+    check.length = 2048;
+    test ("Encrypting with RC4 key usage 8",
+          krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
+    display ("Enc output", &enc_out.ciphertext);
+    test ("Decrypting with RC4 key usage 9",
+          krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
+
+    krb5_free_keyblock (context, keyblock);
+    free(out.data);
+    free(out2.data);
+    free(check.data);
+    free(check2.data);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_fork.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_fork.c
new file mode 100644
index 00000000..428fc8a6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_fork.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_fork.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test basic libk5crypto behavior across forks.  This is primarily interesting
+ * for back ends with PKCS11-based constraints.
+ */
+
+#include "k5-int.h"
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+static krb5_context ctx = NULL;
+
+static void
+t(krb5_error_code code)
+{
+    if (code != 0) {
+        fprintf(stderr, "Failure: %s\n", krb5_get_error_message(ctx, code));
+        exit(1);
+    }
+}
+
+static void
+prepare_enc_data(krb5_key key, size_t in_len, krb5_enc_data *enc_data)
+{
+    size_t out_len;
+
+    t(krb5_c_encrypt_length(ctx, key->keyblock.enctype, in_len, &out_len));
+    t(alloc_data(&enc_data->ciphertext, out_len));
+}
+
+int
+main()
+{
+    krb5_keyblock kb_aes, kb_rc4;
+    krb5_key key_aes, key_rc4;
+    krb5_data state_rc4, plain = string2data("plain"), decrypted;
+    krb5_enc_data out_aes, out_rc4;
+    pid_t pid, wpid;
+    int status;
+
+    /* Seed the PRNG instead of creating a context, so we don't need
+     * krb5.conf. */
+    t(krb5_c_random_seed(ctx, &plain));
+
+    /* Create AES and RC4 ciphertexts with random keys.  Use cipher state for
+     * RC4. */
+    t(krb5_c_make_random_key(ctx, ENCTYPE_AES256_CTS_HMAC_SHA1_96, &kb_aes));
+    t(krb5_c_make_random_key(ctx, ENCTYPE_ARCFOUR_HMAC, &kb_rc4));
+    t(krb5_k_create_key(ctx, &kb_aes, &key_aes));
+    t(krb5_k_create_key(ctx, &kb_rc4, &key_rc4));
+    prepare_enc_data(key_aes, plain.length, &out_aes);
+    prepare_enc_data(key_aes, plain.length, &out_rc4);
+    t(krb5_c_init_state(ctx, &kb_rc4, 0, &state_rc4));
+    t(krb5_k_encrypt(ctx, key_aes, 0, NULL, &plain, &out_aes));
+    t(krb5_k_encrypt(ctx, key_rc4, 0, &state_rc4, &plain, &out_rc4));
+
+    /* Fork; continue in both parent and child. */
+    pid = fork();
+    assert(pid >= 0);
+
+    /* Decrypt the AES message with both key and keyblock. */
+    t(alloc_data(&decrypted, plain.length));
+    t(krb5_k_decrypt(ctx, key_aes, 0, NULL, &out_aes, &decrypted));
+    assert(data_eq(plain, decrypted));
+    t(krb5_c_decrypt(ctx, &kb_aes, 0, NULL, &out_aes, &decrypted));
+    assert(data_eq(plain, decrypted));
+
+    /* Encrypt another RC4 message. */
+    t(krb5_k_encrypt(ctx, key_rc4, 0, &state_rc4, &plain, &out_rc4));
+    t(krb5_c_free_state(ctx, &kb_rc4, &state_rc4));
+
+    krb5_free_keyblock_contents(ctx, &kb_aes);
+    krb5_free_keyblock_contents(ctx, &kb_rc4);
+    krb5_k_free_key(ctx, key_aes);
+    krb5_k_free_key(ctx, key_rc4);
+    krb5_free_data_contents(ctx, &out_aes.ciphertext);
+    krb5_free_data_contents(ctx, &out_rc4.ciphertext);
+    krb5_free_data_contents(ctx, &decrypted);
+
+    /* If we're the parent, make sure the child succeeded. */
+    if (pid != 0) {
+        wpid = wait(&status);
+        assert(wpid == pid);
+        if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+            fprintf(stderr, "Child failed with status %d\n", status);
+            return 1;
+        }
+    }
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_hmac.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_hmac.c
new file mode 100644
index 00000000..da359cb4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_hmac.c
@@ -0,0 +1,263 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_hmac.c */
+/*
+ * Copyright 2001,2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test vectors for HMAC-MD5 and HMAC-SHA1 (placeholder only).
+ * Tests taken from RFC 2202.
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <k5-hex.h>
+#include "crypto_int.h"
+
+#define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0]))
+
+const char *whoami;
+
+static void keyToData (krb5_keyblock *k, krb5_data *d) {
+    d->length = k->length;
+    d->data = (char *) k->contents;
+}
+
+static void printd (const char *descr, krb5_data *d) {
+    unsigned int i, j;
+    const int r = 16;
+
+    printf("%s (%d bytes):", descr, d->length);
+
+    for (i = 0; i < d->length; i += r) {
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
+    }
+    printf("\n");
+}
+static void printk(const char *descr, krb5_keyblock *k) {
+    krb5_data d;
+    keyToData(k,&d);
+    printd(descr, &d);
+}
+
+
+
+struct hmac_test {
+    int key_len;
+    unsigned char key[180];
+    int data_len;
+    unsigned char data[80];
+    const char *hexdigest;
+};
+
+static krb5_error_code hmac1(const struct krb5_hash_provider *h,
+                             krb5_keyblock *key,
+                             krb5_data *in, krb5_data *out)
+{
+    char tmp[40];
+    size_t blocksize, hashsize;
+    krb5_error_code err;
+    krb5_key k;
+    krb5_crypto_iov iov;
+    krb5_data d;
+
+    printk(" test key", key);
+    blocksize = h->blocksize;
+    hashsize = h->hashsize;
+    if (hashsize > sizeof(tmp))
+        abort();
+    if (key->length > blocksize) {
+        iov.flags = KRB5_CRYPTO_TYPE_DATA;
+        iov.data = make_data(key->contents, key->length);
+        d = make_data(tmp, hashsize);
+        err = h->hash(&iov, 1, &d);
+        if (err) {
+            com_err(whoami, err, "hashing key before calling hmac");
+            exit(1);
+        }
+        key->length = d.length;
+        key->contents = (krb5_octet *) d.data;
+        printk(" pre-hashed key", key);
+    }
+    printd(" hmac input", in);
+    krb5_k_create_key(NULL, key, &k);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    err = krb5int_hmac(h, k, &iov, 1, out);
+    krb5_k_free_key(NULL, k);
+    if (err == 0)
+        printd(" hmac output", out);
+    return err;
+}
+
+static void test_hmac()
+{
+    krb5_keyblock key;
+    krb5_data in, out;
+    char outbuf[20], *hexdigest;
+    krb5_error_code err;
+    unsigned int i;
+    int lose = 0;
+
+    /* RFC 2202 test vector.  */
+    static const struct hmac_test md5tests[] = {
+        {
+            16, {
+                0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+                0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+            },
+            8, "Hi There",
+            "9294727a3638bb1c13f48ef8158bfc9d"
+        },
+
+        {
+            4, "Jefe",
+            28, "what do ya want for nothing?",
+            "750c783e6ab0b503eaa86e310a5db738"
+        },
+
+        {
+            16, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+            },
+            50, {
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            },
+            "56be34521d144c88dbb8c733f0e8b3f6"
+        },
+
+        {
+            25, {
+                0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                0x15, 0x16, 0x17, 0x18, 0x19
+            },
+            50, {
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+            },
+            "697eaf0aca3a3aea3a75164746ffaa79"
+        },
+
+        {
+            16, {
+                0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+                0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
+            },
+            20, "Test With Truncation",
+            "56461ef2342edc00f9bab995690efd4c"
+        },
+
+        {
+            80, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            },
+            54, "Test Using Larger Than Block-Size Key - Hash Key First",
+            "6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
+        },
+
+        {
+            80, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            },
+            73,
+            "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
+            "6f630fad67cda0ee1fb1f562db3aa53e"
+        },
+    };
+
+    for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) {
+        key.contents = (krb5_octet *)md5tests[i].key;
+        key.length = md5tests[i].key_len;
+        in = make_data((char *)md5tests[i].data, md5tests[i].data_len);
+
+        out.data = outbuf;
+        out.length = 20;
+        printf("\nTest #%d:\n", i+1);
+        err = hmac1(&krb5int_hash_md5, &key, &in, &out);
+        if (err) {
+            com_err(whoami, err, "computing hmac");
+            exit(1);
+        }
+
+        if (k5_hex_encode(out.data, out.length, FALSE, &hexdigest) != 0)
+            abort();
+        if (strcmp(hexdigest, md5tests[i].hexdigest)) {
+            printf("*** CHECK FAILED!\n"
+                   "\tReturned: 0x%s.\n"
+                   "\tExpected: 0x%s.\n", hexdigest, md5tests[i].hexdigest);
+            lose++;
+        } else
+            printf("Matches expected result.\n");
+        free(hexdigest);
+    }
+
+    /* Do again with SHA-1 tests....  */
+
+    if (lose) {
+        printf("%d failures; exiting.\n", lose);
+        exit(1);
+    }
+}
+
+
+int main (int argc, char **argv)
+{
+    whoami = argv[0];
+    test_hmac();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_kperf.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_kperf.c
new file mode 100644
index 00000000..dc73e179
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_kperf.c
@@ -0,0 +1,123 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_kperf.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This file contains a harness to measure the performance improvement
+ * of using the the krb5_k functions (which cache derived keys) over
+ * the equivalent krb5_c functions which do not.  Sample usages:
+ *
+ *     ./t_kperf ce aes128-cts 10 100000
+ *     ./t_kperf kv aes256-cts 1024 10000
+ *
+ * The first usage encrypts ('e') a hundred thousand ten-byte blobs
+ * with aes128-cts, using the non-caching APIs ('c').  The second
+ * usage verifies ('v') ten thousand checksums over 1K blobs with the
+ * first available keyed checksum type for aes256-cts, using the
+ * caching APIs ('k').  Run commands under "time" to measure how much
+ * time is used by the operations.
+ */
+
+#include "k5-int.h"
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_keyblock kblock;
+    krb5_key key;
+    krb5_enctype enctype;
+    krb5_cksumtype cktype;
+    int blocksize, num_blocks, intf, op, i;
+    size_t outlen, cklen;
+    krb5_data block;
+    krb5_enc_data outblock;
+    krb5_checksum sum;
+    krb5_boolean val;
+
+    if (argc != 5) {
+        fprintf(stderr, "Usage: t_kperf {c|k}{e|d|m|v} type size nblocks\n");
+        exit(1);
+    }
+    intf = argv[1][0];
+    assert(intf == 'c' || intf =='k');
+    op = argv[1][1];
+    ret = krb5_string_to_enctype(argv[2], &enctype);
+    assert(!ret);
+    blocksize = atoi(argv[3]);
+    num_blocks = atoi(argv[4]);
+
+    block.data = "notrandom";
+    block.length = 9;
+    krb5_c_random_seed(NULL, &block);
+
+    krb5_c_make_random_key(NULL, enctype, &kblock);
+    krb5_k_create_key(NULL, &kblock, &key);
+
+    block.length = blocksize;
+    block.data = calloc(1, blocksize);
+
+    krb5_c_encrypt_length(NULL, enctype, blocksize, &outlen);
+    outblock.enctype = enctype;
+    outblock.ciphertext.length = outlen;
+    outblock.ciphertext.data = calloc(1, outlen);
+
+    krb5int_c_mandatory_cksumtype(NULL, enctype, &cktype);
+    krb5_c_checksum_length(NULL, cktype, &cklen);
+    sum.checksum_type = cktype;
+    sum.length = cklen;
+    sum.contents = calloc(1, cklen);
+
+    /*
+     * Decrypting typically involves copying the output after checking the
+     * hash, so we need to create a valid ciphertext to correctly measure its
+     * performance.
+     */
+    if (op == 'd')
+        krb5_c_encrypt(NULL, &kblock, 0, NULL, &block, &outblock);
+
+    for (i = 0; i < num_blocks; i++) {
+        if (intf == 'c') {
+            if (op == 'e')
+                krb5_c_encrypt(NULL, &kblock, 0, NULL, &block, &outblock);
+            else if (op == 'd')
+                krb5_c_decrypt(NULL, &kblock, 0, NULL, &outblock, &block);
+            else if (op == 'm')
+                krb5_c_make_checksum(NULL, cktype, &kblock, 0, &block, &sum);
+            else if (op == 'v')
+                krb5_c_verify_checksum(NULL, &kblock, 0, &block, &sum, &val);
+        } else {
+            if (op == 'e')
+                krb5_k_encrypt(NULL, key, 0, NULL, &block, &outblock);
+            else if (op == 'd')
+                krb5_k_decrypt(NULL, key, 0, NULL, &outblock, &block);
+            else if (op == 'm')
+                krb5_k_make_checksum(NULL, cktype, key, 0, &block, &sum);
+            else if (op == 'v')
+                krb5_k_verify_checksum(NULL, key, 0, &block, &sum, &val);
+        }
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_mdcksum.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_mdcksum.c
new file mode 100644
index 00000000..b34f9a86
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_mdcksum.c
@@ -0,0 +1,203 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_mdcksum.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Test checksum and checksum compatibility for rsa-md[4,5]-des. */
+
+#ifndef MD
+#define MD      5
+#endif  /* MD */
+
+#include "k5-int.h"
+#if     MD == 4
+#include "rsa-md4.h"
+#endif  /* MD == 4 */
+#if     MD == 5
+#include "rsa-md5.h"
+#endif  /* MD == 5 */
+#include "des_int.h"
+
+#define MD5_K5BETA_COMPAT
+#define MD4_K5BETA_COMPAT
+
+#if     MD == 4
+#define CONFOUNDER_LENGTH       RSA_MD4_DES_CONFOUND_LENGTH
+#define NEW_CHECKSUM_LENGTH     NEW_RSA_MD4_DES_CKSUM_LENGTH
+#define OLD_CHECKSUM_LENGTH     OLD_RSA_MD4_DES_CKSUM_LENGTH
+#define CHECKSUM_TYPE           CKSUMTYPE_RSA_MD4_DES
+#ifdef  MD4_K5BETA_COMPAT
+#define K5BETA_COMPAT   1
+#else   /* MD4_K5BETA_COMPAT */
+#undef  K5BETA_COMPAT
+#endif  /* MD4_K5BETA_COMPAT */
+#define CKSUM_FUNCTION          krb5_md4_crypto_sum_func
+#define COMPAT_FUNCTION         krb5_md4_crypto_compat_sum_func
+#define VERIFY_FUNCTION         krb5_md4_crypto_verify_func
+#endif  /* MD == 4 */
+
+#if     MD == 5
+#define CONFOUNDER_LENGTH       RSA_MD5_DES_CONFOUND_LENGTH
+#define NEW_CHECKSUM_LENGTH     NEW_RSA_MD5_DES_CKSUM_LENGTH
+#define OLD_CHECKSUM_LENGTH     OLD_RSA_MD5_DES_CKSUM_LENGTH
+#define CHECKSUM_TYPE           CKSUMTYPE_RSA_MD5_DES
+#ifdef  MD5_K5BETA_COMPAT
+#define K5BETA_COMPAT   1
+#else   /* MD5_K5BETA_COMPAT */
+#undef  K5BETA_COMPAT
+#endif  /* MD5_K5BETA_COMPAT */
+#define CKSUM_FUNCTION          krb5_md5_crypto_sum_func
+#define COMPAT_FUNCTION         krb5_md5_crypto_compat_sum_func
+#define VERIFY_FUNCTION         krb5_md5_crypto_verify_func
+#endif  /* MD == 5 */
+
+static void
+print_checksum(text, number, message, checksum)
+    char       *text;
+    int        number;
+    char       *message;
+    krb5_checksum      *checksum;
+{
+    int i;
+
+    printf("%s MD%d checksum(\"%s\") = ", text, number, message);
+    for (i=0; i<checksum->length; i++)
+        printf("%02x", checksum->contents[i]);
+    printf("\n");
+}
+
+/*
+ * Test the checksum verification of Old Style (tm) and correct RSA-MD[4,5]-DES
+ * checksums.
+ */
+int
+main(argc, argv)
+    int argc;
+    char **argv;
+{
+    int                   msgindex;
+    krb5_context          kcontext;
+    krb5_encrypt_block    encblock;
+    krb5_keyblock         keyblock;
+    krb5_error_code       kret;
+    krb5_checksum         oldstyle_checksum;
+    krb5_checksum         newstyle_checksum;
+    krb5_data             pwdata;
+    char                  *pwd;
+
+    pwd = "test password";
+    pwdata.length = strlen(pwd);
+    pwdata.data = pwd;
+    krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
+    if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
+        printf("mit_des_string_to_key choked with %d\n", kret);
+        return(kret);
+    }
+    if ((kret = mit_des_process_key(&encblock, &keyblock))) {
+        printf("mit_des_process_key choked with %d\n", kret);
+        return(kret);
+    }
+
+    oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
+    if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
+        printf("cannot get memory for old style checksum\n");
+        return(ENOMEM);
+    }
+    newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
+    if (!(newstyle_checksum.contents = (krb5_octet *)
+          malloc(NEW_CHECKSUM_LENGTH))) {
+        printf("cannot get memory for new style checksum\n");
+        return(ENOMEM);
+    }
+    for (msgindex = 1; msgindex < argc; msgindex++) {
+        if ((kret = CKSUM_FUNCTION(argv[msgindex],
+                                   strlen(argv[msgindex]),
+                                   (krb5_pointer) keyblock.contents,
+                                   keyblock.length,
+                                   &newstyle_checksum))) {
+            printf("krb5_calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
+#ifdef  K5BETA_COMPAT
+        if ((kret = COMPAT_FUNCTION(argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length,
+                                    &oldstyle_checksum))) {
+            printf("old style calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
+#endif  /* K5BETA_COMPAT */
+        if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
+                                    argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length))) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
+#ifdef  K5BETA_COMPAT
+        if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
+                                    argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length))) {
+            printf("verify on old checksum choked with %d\n", kret);
+            break;
+        }
+        printf("Compatible checksum verify succeeded for \"%s\"\n",
+               argv[msgindex]);
+#endif  /* K5BETA_COMPAT */
+        newstyle_checksum.contents[0]++;
+        if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
+                                     argv[msgindex],
+                                     strlen(argv[msgindex]),
+                                     (krb5_pointer) keyblock.contents,
+                                     keyblock.length))) {
+            printf("verify on new checksum should have choked\n");
+            break;
+        }
+        printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+#ifdef  K5BETA_COMPAT
+        oldstyle_checksum.contents[0]++;
+        if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
+                                     argv[msgindex],
+                                     strlen(argv[msgindex]),
+                                     (krb5_pointer) keyblock.contents,
+                                     keyblock.length))) {
+            printf("verify on old checksum should have choked\n");
+            break;
+        }
+        printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
+               argv[msgindex]);
+#endif  /* K5BETA_COMPAT */
+        kret = 0;
+    }
+    if (!kret)
+        printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_mddriver.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_mddriver.c
new file mode 100644
index 00000000..ad65d031
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_mddriver.c
@@ -0,0 +1,256 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_mddriver.c - test driver for MD2, MD4 and MD5 */
+/*
+ * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+ * rights reserved.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+/* The following makes MD default to MD5 if it has not already been
+   defined with C compiler flags.
+*/
+#ifndef MD
+#define MD 5
+#endif
+
+#include "crypto_int.h"
+
+/* Length of test block, number of test blocks.
+ */
+#define TEST_BLOCK_LEN 1000
+#define TEST_BLOCK_COUNT 1000
+
+static void MDHash (char *, size_t, size_t, unsigned char *);
+static void MDString (char *);
+static void MDTimeTrial (void);
+static void MDTestSuite (void);
+static void MDPrint (unsigned char [16]);
+
+struct md_test_entry {
+    char *string;
+    unsigned char digest[16];
+};
+
+#if MD == 4
+#define MDProvider krb5int_hash_md4
+
+#define HAVE_TEST_SUITE
+/* Test suite from RFC 1320 */
+
+struct md_test_entry md_test_suite[] = {
+    { "",
+      {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+       0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }},
+    { "a",
+      {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
+       0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }},
+    { "abc",
+      {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
+       0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }},
+    { "message digest",
+      {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
+       0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }},
+    { "abcdefghijklmnopqrstuvwxyz",
+      {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
+       0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 }},
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+      {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
+       0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 }},
+    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+      {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
+       0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 }},
+    {0, {0}}
+};
+
+#endif
+
+#if MD == 5
+#define MDProvider krb5int_hash_md5
+
+#define HAVE_TEST_SUITE
+/* Test suite from RFC 1321 */
+
+struct md_test_entry md_test_suite[] = {
+    { "",
+      {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+       0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e }},
+    { "a",
+      {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
+       0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 }},
+    { "abc",
+      {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
+       0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 }},
+    { "message digest",
+      {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
+       0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 }},
+    { "abcdefghijklmnopqrstuvwxyz",
+      {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
+       0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }},
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+      {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
+       0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }},
+    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+      {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
+       0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }},
+    { 0, {0} }
+};
+
+#endif
+
+/* Main driver.
+
+   Arguments (may be any combination):
+   -sstring - digests string
+   -t       - runs time trial
+   -x       - runs test script
+*/
+int main (argc, argv)
+    int argc;
+    char *argv[];
+{
+    int i;
+
+    for (i = 1; i < argc; i++) {
+        if (argv[i][0] == '-' && argv[i][1] == 's')
+            MDString (argv[i] + 2);
+        else if (strcmp (argv[i], "-t") == 0)
+            MDTimeTrial ();
+        else if (strcmp (argv[i], "-x") == 0)
+            MDTestSuite ();
+    }
+    return (0);
+}
+
+static void MDHash (bytes, len, count, out)
+    char *bytes;
+    size_t len, count;
+    unsigned char *out;
+{
+    krb5_crypto_iov *iov;
+    krb5_data outdata = make_data (out, MDProvider.hashsize);
+    size_t i;
+
+    iov = malloc (count * sizeof(*iov));
+    if (iov == NULL)
+        abort ();
+    for (i = 0; i < count; i++) {
+        iov[i].flags = KRB5_CRYPTO_TYPE_DATA;
+        iov[i].data = make_data (bytes, len);
+    }
+    MDProvider.hash(iov, count, &outdata);
+    free(iov);
+}
+
+/* Digests a string and prints the result.
+ */
+static void MDString (string)
+    char *string;
+{
+    unsigned char digest[16];
+
+    MDHash (string, strlen(string), 1, digest);
+    printf ("MD%d (\"%s\") = ", MD, string);
+    MDPrint (digest);
+    printf ("\n");
+}
+
+/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
+   blocks.
+*/
+static void MDTimeTrial ()
+{
+    time_t endTime, startTime;
+    unsigned char block[TEST_BLOCK_LEN], digest[16];
+    unsigned int i;
+
+    printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
+           TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
+
+    /* Initialize block */
+    for (i = 0; i < TEST_BLOCK_LEN; i++)
+        block[i] = (unsigned char)(i & 0xff);
+
+    /* Start timer */
+    time (&startTime);
+
+    /* Digest blocks */
+    MDHash ((char *)block, TEST_BLOCK_LEN, TEST_BLOCK_COUNT, digest);
+
+    /* Stop timer */
+    time (&endTime);
+
+    printf (" done\n");
+    printf ("Digest = ");
+    MDPrint (digest);
+    printf ("\nTime = %ld seconds\n", (long)(endTime-startTime));
+    printf
+        ("Speed = %ld bytes/second\n",
+         (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime));
+}
+
+/* Digests a reference suite of strings and prints the results.
+ */
+static void MDTestSuite ()
+{
+#ifdef HAVE_TEST_SUITE
+    struct md_test_entry *entry;
+    int num_tests = 0, num_failed = 0;
+    unsigned char digest[16];
+
+    printf ("MD%d test suite:\n\n", MD);
+    for (entry = md_test_suite; entry->string; entry++) {
+        unsigned int len = strlen (entry->string);
+
+        MDHash (entry->string, len, 1, digest);
+
+        printf ("MD%d (\"%s\") = ", MD, entry->string);
+        MDPrint (digest);
+        printf ("\n");
+        if (memcmp(digest, entry->digest, 16) != 0) {
+            printf("\tIncorrect MD%d digest!  Should have been:\n\t\t ", MD);
+            MDPrint(entry->digest);
+            printf("\n");
+            num_failed++;
+        }
+        num_tests++;
+    }
+    if (num_failed) {
+        printf("%d out of %d tests failed for MD%d!!!\n", num_failed,
+               num_tests, MD);
+        exit(1);
+    } else {
+        printf ("%d tests passed successfully for MD%d.\n", num_tests, MD);
+        exit(0);
+    }
+#else
+
+    printf ("MD%d test suite:\n", MD);
+    MDString ("");
+    MDString ("a");
+    MDString ("abc");
+    MDString ("message digest");
+    MDString ("abcdefghijklmnopqrstuvwxyz");
+    MDString
+        ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
+    MDString
+        ("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
+#endif
+}
+
+/* Prints a message digest in hexadecimal.
+ */
+static void MDPrint (digest)
+    unsigned char digest[16];
+{
+    unsigned int i;
+
+    for (i = 0; i < 16; i++)
+        printf ("%02x", digest[i]);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_nfold.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_nfold.c
new file mode 100644
index 00000000..b94353c2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_nfold.c
@@ -0,0 +1,160 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_nfold.c - Test nfold implementation correctness */
+/*
+ * Copyright 1988, 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "crypto_int.h"
+
+#define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0]))
+
+static void printhex (size_t len, const unsigned char *p)
+{
+    while (len--)
+        printf ("%02x", 0xff & *p++);
+}
+
+static void printstringhex (const unsigned char *p) {
+    printhex (strlen ((const char *) p), p);
+}
+
+static void rfc_tests ()
+{
+    unsigned i;
+    struct {
+        char *input;
+        unsigned int n;
+        unsigned char exp[192/8];
+    } tests[] = {
+        { "012345", 64,
+          { 0xbe,0x07,0x26,0x31,0x27,0x6b,0x19,0x55, }
+        },
+        { "password", 56,
+          { 0x78,0xa0,0x7b,0x6c,0xaf,0x85,0xfa, }
+        },
+        { "Rough Consensus, and Running Code", 64,
+          { 0xbb,0x6e,0xd3,0x08,0x70,0xb7,0xf0,0xe0, }
+        },
+        { "password", 168,
+          { 0x59,0xe4,0xa8,0xca,0x7c,0x03,0x85,0xc3,
+            0xc3,0x7b,0x3f,0x6d,0x20,0x00,0x24,0x7c,
+            0xb6,0xe6,0xbd,0x5b,0x3e, }
+        },
+        { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192,
+          { 0xdb,0x3b,0x0d,0x8f,0x0b,0x06,0x1e,0x60,
+            0x32,0x82,0xb3,0x08,0xa5,0x08,0x41,0x22,
+            0x9a,0xd7,0x98,0xfa,0xb9,0x54,0x0c,0x1b, }
+        },
+    };
+    unsigned char outbuf[192/8];
+
+    printf ("RFC tests:\n");
+    for (i = 0; i < ASIZE (tests); i++) {
+        unsigned char *p = (unsigned char *) tests[i].input;
+        assert (tests[i].n / 8 <= sizeof (outbuf));
+        krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
+        printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
+        printf ("%d-fold(", tests[i].n);
+        printstringhex (p);
+        printf (") =\n\t");
+        printhex (tests[i].n / 8, outbuf);
+        printf ("\n\n");
+        if (memcmp (outbuf, tests[i].exp, tests[i].n/8) != 0) {
+            printf ("wrong value! expected:\n\t");
+            printhex (tests[i].n / 8, tests[i].exp);
+            exit (1);
+        }
+    }
+}
+
+static void fold_kerberos(unsigned int nbytes)
+{
+    unsigned char cipher_text[300];
+    unsigned int j;
+
+    if (nbytes > 300)
+        abort();
+
+    printf("%d-fold(\"kerberos\") =\n\t", nbytes*8);
+    krb5int_nfold(64, (unsigned char *) "kerberos", 8*nbytes, cipher_text);
+    for (j=0; j<nbytes; j++)
+        printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+    printf("\n");
+}
+
+unsigned char *nfold_in[] = {
+    (unsigned char *) "basch",
+    (unsigned char *) "eichin",
+    (unsigned char *) "sommerfeld",
+    (unsigned char *) "MASSACHVSETTS INSTITVTE OF TECHNOLOGY" };
+
+unsigned char nfold_192[4][24] = {
+    { 0x1a, 0xab, 0x6b, 0x42, 0x96, 0x4b, 0x98, 0xb2, 0x1f, 0x8c, 0xde, 0x2d,
+      0x24, 0x48, 0xba, 0x34, 0x55, 0xd7, 0x86, 0x2c, 0x97, 0x31, 0x64, 0x3f },
+    { 0x65, 0x69, 0x63, 0x68, 0x69, 0x6e, 0x4b, 0x73, 0x2b, 0x4b, 0x1b, 0x43,
+      0xda, 0x1a, 0x5b, 0x99, 0x5a, 0x58, 0xd2, 0xc6, 0xd0, 0xd2, 0xdc, 0xca },
+    { 0x2f, 0x7a, 0x98, 0x55, 0x7c, 0x6e, 0xe4, 0xab, 0xad, 0xf4, 0xe7, 0x11,
+      0x92, 0xdd, 0x44, 0x2b, 0xd4, 0xff, 0x53, 0x25, 0xa5, 0xde, 0xf7, 0x5c },
+    { 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, 0x08,
+      0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b }
+};
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    unsigned char cipher_text[64];
+    unsigned int i, j;
+
+    printf("N-fold\n");
+    for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
+        printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
+               nfold_in[i]);
+        printf("\t192-Fold:\t");
+        krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
+                      cipher_text);
+        for (j=0; j<24; j++)
+            printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+        printf("\n");
+        if (memcmp(cipher_text, nfold_192[i], 24)) {
+            printf("verify: error in n-fold\n");
+            exit(-1);
+        };
+    }
+    rfc_tests ();
+
+    printf("verify: N-fold is correct\n\n");
+
+    fold_kerberos(8);
+    fold_kerberos(16);
+    fold_kerberos(21);
+    fold_kerberos(32);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_pkcs5.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_pkcs5.c
new file mode 100644
index 00000000..8e87a802
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_pkcs5.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_pkcs5.c */
+/*
+ * Copyright 2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Test vectors for PBKDF2 (from PKCS #5v2), based on RFC 3211. */
+
+#include "k5-int.h"
+
+static void printhex (size_t len, const char *p)
+{
+    while (len--)
+        printf (" %02X", 0xff & *p++);
+}
+
+static void printdata (krb5_data *d) {
+    printhex (d->length, d->data);
+}
+
+static void test_pbkdf2_rfc3211()
+{
+    char x[100];
+    krb5_error_code err;
+    krb5_data d, pass, salt;
+    int i;
+
+    /* RFC 3211 test cases.  */
+    static const struct {
+        const char *pass;
+        const char *salt;
+        unsigned int count;
+        size_t len;
+        const unsigned char expected[24];
+    } t[] = {
+        { "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 5, 8,
+          { 0xD1, 0xDA, 0xA7, 0x86, 0x15, 0xF2, 0x87, 0xE6 } },
+        { "All n-entities must communicate with other "
+          "n-entities via n-1 entiteeheehees",
+          "\x12\x34\x56\x78\x78\x56\x34\x12", 500, 24,
+          { 0x6A, 0x89, 0x70, 0xBF, 0x68, 0xC9, 0x2C, 0xAE,
+            0xA8, 0x4A, 0x8D, 0xF2, 0x85, 0x10, 0x85, 0x86,
+            0x07, 0x12, 0x63, 0x80, 0xCC, 0x47, 0xAB, 0x2D } },
+    };
+
+    d.data = x;
+    printf("RFC 3211 test of PBKDF#2\n");
+
+    for (i = 0; i < sizeof(t)/sizeof(t[0]); i++) {
+
+        printf("pkbdf2(iter_count=%d, dklen=%d (%d bytes), salt=12 34 56 78 78 56 34 12,\n"
+               "       pass=%s):\n  ->",
+               t[i].count, t[i].len * 8, t[i].len, t[i].pass);
+
+        d.length = t[i].len;
+        pass.data = t[i].pass;
+        pass.length = strlen(pass.data);
+        salt.data = t[i].salt;
+        salt.length = strlen(salt.data);
+        err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt);
+        if (err) {
+            printf("error in computing pbkdf2: %s\n", error_message(err));
+            exit(1);
+        }
+        printdata(&d);
+        if (!memcmp(x, t[i].expected, t[i].len))
+            printf("\nTest passed.\n\n");
+        else {
+            printf("\n*** CHECK FAILED!\n");
+            exit(1);
+        }
+    }
+}
+
+int main ()
+{
+    test_pbkdf2_rfc3211();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prf.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prf.c
new file mode 100644
index 00000000..d9877bd1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prf.c
@@ -0,0 +1,149 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_prf.c - PRF test cases */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+struct test {
+    krb5_enctype enctype;
+    krb5_data keybits;
+    krb5_data prf_input;
+    krb5_data expected;
+} tests[] = {
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 16,
+          "\xAE\x27\x2E\x7C\xDE\xC8\x6A\xC5\x13\x8C\xDB\x19\x6D\x8E\x29\x7D" },
+        { KV5M_DATA, 2, "\x01\x61" },
+        { KV5M_DATA, 16,
+          "\x77\xB3\x9A\x37\xA8\x68\x92\x0F\x2A\x51\xF9\xDD\x15\x0C\x57\x17" }
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 16,
+          "\x67\xAB\x1C\xFE\xF3\x5E\x4C\x27\xFF\xDE\xAC\x60\x38\x5A\x3E\x9C" },
+        { KV5M_DATA, 2, "\x01\x62" },
+        { KV5M_DATA, 16,
+          "\xE0\x6C\x0D\xD3\x1F\xF0\x20\x91\x99\x4F\x2E\xF5\x17\x8B\xFE\x3D" }
+    },
+
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\xC0\x1F\x15\x72\x11\xF7\xB7\x7E\xAA\xF4\x57\xC3\xE1\x56\x69\x01"
+          "\x27\xEE\x12\x7D\x81\x0B\xA6\x39\x2E\x97\xBA\xA2\x43\xEB\x06\x16" },
+        { KV5M_DATA, 2, "\x01\x61" },
+        { KV5M_DATA, 16,
+          "\xB2\x62\x8C\x78\x8E\x2E\x9C\x4A\x9B\xB4\x64\x46\x78\xC2\x9F\x2F" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\xC0\x1F\x15\x72\x11\xF7\xB7\x7E\xAA\xF4\x57\xC3\xE1\x56\x69\x01"
+          "\x27\xEE\x12\x7D\x81\x0B\xA6\x39\x2E\x97\xBA\xA2\x43\xEB\x06\x16" },
+        { KV5M_DATA, 2, "\x02\x61" },
+        { KV5M_DATA, 16,
+          "\xB4\x06\x37\x33\x50\xCE\xE8\xA6\x12\x6F\x4A\x9B\x65\xA0\xCD\x21" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\x9D\x52\x0D\x2D\x98\x0A\xA7\xCB\x6B\x69\x36\x82\xB6\x2D\xA2\x58"
+          "\xB3\x33\x86\x79\x51\x64\x2C\xE6\x47\xAE\x62\xB1\xE5\xE0\xB5\xE9" },
+        { KV5M_DATA, 2, "\x01\x62" },
+        { KV5M_DATA, 16,
+          "\xFF\x0E\x28\x9E\xA7\x56\xC0\x55\x9A\x0E\x91\x18\x56\x96\x1A\x49" }
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        { KV5M_DATA, 32,
+          "\x9D\x52\x0D\x2D\x98\x0A\xA7\xCB\x6B\x69\x36\x82\xB6\x2D\xA2\x58"
+          "\xB3\x33\x86\x79\x51\x64\x2C\xE6\x47\xAE\x62\xB1\xE5\xE0\xB5\xE9" },
+        { KV5M_DATA, 2, "\x02\x62" },
+        { KV5M_DATA, 16,
+          "\x0D\x67\x4D\xD0\xF9\xA6\x80\x65\x25\xA4\xD9\x2E\x82\x8B\xD1\x5A" }
+    },
+
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        { KV5M_DATA, 16,
+          "\x37\x05\xD9\x60\x80\xC1\x77\x28\xA0\xE8\x00\xEA\xB6\xE0\xD2\x3C" },
+        { KV5M_DATA, 4, "test" },
+        { KV5M_DATA, 32,
+          "\x9D\x18\x86\x16\xF6\x38\x52\xFE\x86\x91\x5B\xB8\x40\xB4\xA8\x86"
+          "\xFF\x3E\x6B\xB0\xF8\x19\xB4\x9B\x89\x33\x93\xD3\x93\x85\x42\x95" }
+    },
+
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        { KV5M_DATA, 32,
+          "\x6D\x40\x4D\x37\xFA\xF7\x9F\x9D\xF0\xD3\x35\x68\xD3\x20\x66\x98"
+          "\x00\xEB\x48\x36\x47\x2E\xA8\xA0\x26\xD1\x6B\x71\x82\x46\x0C\x52" },
+        { KV5M_DATA, 4, "test" },
+        { KV5M_DATA, 48,
+          "\x98\x01\xF6\x9A\x36\x8C\x2B\xF6\x75\xE5\x95\x21\xE1\x77\xD9\xA0"
+          "\x7F\x67\xEF\xE1\xCF\xDE\x8D\x3C\x8D\x6F\x6A\x02\x56\xE3\xB1\x7D"
+          "\xB3\xC1\xB6\x2A\xD1\xB8\x55\x33\x60\xD1\x73\x67\xEB\x15\x14\xD2" }
+    },
+};
+
+int
+main()
+{
+    krb5_error_code ret;
+    krb5_data output;
+    krb5_keyblock kb;
+    size_t i, prfsz;
+    const struct test *test;
+
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        test = &tests[i];
+        kb.magic = KV5M_KEYBLOCK;
+        kb.enctype = test->enctype;
+        kb.length = test->keybits.length;
+        kb.contents = (uint8_t *)test->keybits.data;
+
+        ret = krb5_c_prf_length(NULL, test->enctype, &prfsz);
+        assert(!ret);
+        ret = alloc_data(&output, prfsz);
+        assert(!ret);
+        ret = krb5_c_prf(NULL, &kb, &tests[i].prf_input, &output);
+        assert(!ret);
+
+        if (!data_eq(output, tests[i].expected)) {
+            printf("Test %d failed\n", (int)i);
+            exit(1);
+        }
+        free(output.data);
+    }
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.comments b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.comments
new file mode 100644
index 00000000..1666b706
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.comments
@@ -0,0 +1,14 @@
+Things this test tries to do:
+*adding data
+* getting random data
+* adding more data but not enough for reseed
+*getting more random data
+*adding enough to trigger a reseed
+*getting more random data
+* getting random data without a reseed inbetween
+* getting enough data to trigger a gate
+
+
+If you adjust the blocksize or the seeding parameters then this test
+should be adjusted.
+
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.expected b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.expected
new file mode 100644
index 00000000..f7f16505
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.expected
@@ -0,0 +1,4 @@
+d2f8fbd707a8ece5cb11a02f
+eb4cb6e06236ea1c0529f7acbfca8d78cb85bb1d
+a244005ae870604342b0386025874ec4306c1dd483c118621b
+63e6408afdf9fd225839a7afcc6da6ae494fb4f82bd21ea06bb17ca0848bdae8cea671f545aac52699951caba960c536024b4102f47d61d61fd7b17582a4cf50ba7d215062558f71483249e079689893f3bf25def7f45f9e852281269904d401d6719e3115f6410088c6c5171e878494362684d2116633bb9ea8d9ed5faec73cb076c44d5d639bc2c8ae3de54f0e1e092d5ea439e607e9cd73053bbdf40723f5b48f298fdeeef845e22e06f2f6362fc67fba366e638a7988999d456dcc3d53b23388d685620a7c446d28cd94b13049761b64779db5412e78ac4bab2aacf103fd1b9ceb7213d43710d6a46fd4223fa20e0a68d3e16a82cbadea650ba815dc9ee99b4eb8e2acdac866a05d90ab9de3246db0560fb4b36633bb642c3ea9bf358937dda743f9cef1148791c2cac58995b8eb8fdb1c0cce1686e04ebef5ae7aae36691faafbe8920d3c013f125b687eb019faefa70fc750c52e2e2e33f426824bf1da31268a9bb8d9501f2290375755f8bf77b46639346b4011b78ce9d81105c7791ec5991a2f1eab037488b604df1a21c5c4e36a7c76dca5884d36e30fe8d30d0e7d93fab72062219390655eace2b434b0e2cd21ec9c5a8aa13e783afadcdf386fc43b960c518acb38d7e3da2f67695c1c1c25c4f251b40f4c2e42e89f6f642c32e66159f6ce24aa910fb5d95e3a899a4de5efcf570996e1a662d14362b65d00524df79cd56be93bd572526e4dfd1cf9f7586bc021105cf5456b28c1f45a6d354d000a113e15f64aa0b5253830c07afc8fa47b58dbba8bbae1645b2093035f2387036229dec6f7141b444b8bb7d0382a742bd5c746ba2d7af3af1cadb2dd90bda87d5daed2d2eebd243c7b2d06955d0cc7fe1061d4cfa3b061aaeb97084d9f9a7ec9dbe9e642f4f090d57b5ea1bd8b393f00896d3dc7089e1fc4c2fed7336c2a8c6d119a682c6cc4ae1ccedd30292f2c5570bf4d6287ce8e20b8b34e7fc38e87273f588cd33b8c913defaee5f6bf8fdeda72531c845a6f97a84d5e9b9a6497d4c48614dee7693df35faedc008fded852be8d4bffd475476336e54ed48a827b99d3f0e39019a40d43aef5ae522ec6e280f6a8e7d2713f3c3188bed2476a84af5a5afefa0fa178ed07de0e073693e8790f8bbd0cf9183e48f140b556e723565c382cf7a4c186748189a14e603e4ac70e2b80c266334231207721d16d834a973b48cfec584620624686603cfd66d55dbf8dd8eccd99d85f041c624ec3a7bec314af95d2313afd43cc5cc19249cf85b7ab0b5a4530b597341e7477b249fef1a07eb0d8fa790e9bce752e8b2f7086e98ab44751e0a1b37f29682ce67c0de7a2fd036f26ed719fc343bbf49432aec651d884c99c24d5943c747f7ec3b48d4c2236a8cb6151794daeda073774cc88ff121fdd423b81ef2f34c8f281ca2e5366faee87ff7a623484f2937cc0680ed76ead32b43cb6c67a21f8089b435f38a404d267397c6435cfac16591a3573d9e92f8c4a8028719c22662b903ddb16e08ea7bb2d6b8938c06bdddb4d174c7f2c5d812ed3a34ba8859a1ae841b3b9d5522372018c9aa55b048df826f05a087f185808cb66899f320783a1c4aa2dcd5f2665405ba7e5726e122b67559a39da30956e49fe7711d1b2506e159c5ea42ce0a1ad497220ee3b3e5ebcb73db975bd08e8be56e5f4533b8295b10d4b0fef466de6540f8fe10530c9716d83a12f5ffbba5b4dbc50ed89388d04e7a15d3d9d251041ed5303efa2525bc62a5aeb821f7838676811784584534be8a7fc667f09c3fe1bbf7d0aad29324f562086ecb8326829413867
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.seed b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.seed
new file mode 100644
index 00000000..79f4f645
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_prng.seed
@@ -0,0 +1,25 @@
+2
+20
+ c9 72 2b e4 90 e1 fa 4b da d4 2f 43 0d dd d9 91
+ 39 d0 23 c4
+0
+1
+24
+ 87 1c 4f d4 4a 8b b8 cf 54 4e eb 9b 1f bb 7a 8e
+ 9a 7d 8d 62
+ ca 41 18 00
+12
+0
+0
+20
+1
+24
+ 28 d4 bd d4 81 85 ca 70 d5 f0 e4 a4 f3 45 80 01
+ 6a 34 79 69 0e e0 cd 21
+25
+2
+40
+ de 7c f0 c5 6a 37 0b 34 f4 0c 3a 19 31 eb 66 f1
+ ae 5f c6 a3 64 3f 2e a9 76 e1 87 93 df b6 94 86
+ bd 96 57 3f 31 e6 88 8c
+1290
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_sha2.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_sha2.c
new file mode 100644
index 00000000..e6fa5849
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_sha2.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "crypto_int.h"
+
+#define ONE_MILLION_A "one million a's"
+
+struct test {
+    char *str;
+    unsigned char hash[64];
+};
+
+struct test sha256_tests[] = {
+    { "abc",
+      { 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+        0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+        0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+        0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad }},
+    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+      { 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+        0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+        0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+        0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 }},
+    { ONE_MILLION_A,
+      { 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+        0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+        0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+        0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 }},
+    { NULL }
+};
+
+struct test sha384_tests[] = {
+    { "abc",
+      { 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+	0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+	0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+	0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+	0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+	0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 }},
+    { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
+      "ijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+      { 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+	0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+	0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+	0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+	0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+	0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 }},
+    { ONE_MILLION_A,
+      { 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+	0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+	0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+	0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+	0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+	0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }},
+    { NULL }
+};
+
+static int
+hash_test(const struct krb5_hash_provider *hash, struct test *tests)
+{
+    struct test *t;
+    krb5_crypto_iov iov, *iovs;
+    krb5_data hval;
+    size_t i;
+
+    if (alloc_data(&hval, hash->hashsize))
+	abort();
+    for (t = tests; t->str; ++t) {
+	if (strcmp(t->str, ONE_MILLION_A) == 0) {
+	    /* Hash a million 'a's using a thousand iovs. */
+	    iovs = calloc(1000, sizeof(*iovs));
+	    assert(iovs != NULL);
+	    for (i = 0; i < 1000; i++) {
+		iovs[i].flags = KRB5_CRYPTO_TYPE_DATA;
+		if (alloc_data(&iovs[i].data, 1000) != 0)
+		    abort();
+		memset(iovs[i].data.data, 'a', 1000);
+	    }
+	    if (hash->hash(iovs, 1000, &hval) != 0)
+		abort();
+	    if (memcmp(hval.data, t->hash, hval.length) != 0)
+		abort();
+	    for (i = 0; i < 1000; i++)
+		free(iovs[i].data.data);
+	    free(iovs);
+	} else {
+	    /* Hash the input in the test. */
+	    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+	    iov.data = string2data(t->str);
+	    if (hash->hash(&iov, 1, &hval) != 0)
+		abort();
+	    if (memcmp(hval.data, t->hash, hval.length) != 0)
+		abort();
+
+	    if (hash == &krb5int_hash_sha256) {
+		/* Try again using k5_sha256(). */
+		if (k5_sha256(&iov.data, 1, (uint8_t *)hval.data) != 0)
+		    abort();
+		if (memcmp(hval.data, t->hash, hval.length) != 0)
+		    abort();
+	    }
+	}
+    }
+    free(hval.data);
+    return 0;
+}
+
+int
+main()
+{
+    hash_test(&krb5int_hash_sha256, sha256_tests);
+    hash_test(&krb5int_hash_sha384, sha384_tests);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_short.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_short.c
new file mode 100644
index 00000000..d4c2b97d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_short.c
@@ -0,0 +1,130 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_short.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Tests the outcome of decrypting overly short tokens.  This program can be
+ * run under a tool like valgrind to detect bad memory accesses; when run
+ * normally by the test suite, it verifies that each operation returns
+ * KRB5_BAD_MSIZE.
+ */
+
+#include "k5-int.h"
+
+krb5_enctype interesting_enctypes[] = {
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_ARCFOUR_HMAC_EXP,
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ENCTYPE_CAMELLIA128_CTS_CMAC,
+    ENCTYPE_CAMELLIA256_CTS_CMAC,
+    ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+    ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+    0
+};
+
+/* Abort if an operation unexpectedly fails. */
+static void
+x(krb5_error_code code)
+{
+    if (code != 0)
+        abort();
+}
+
+/* Abort if a decrypt operation doesn't have the expected result. */
+static void
+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
+{
+    if (len < min_len) {
+        /* Undersized tokens should always result in BAD_MSIZE. */
+        if (code != KRB5_BAD_MSIZE)
+            abort();
+    } else {
+        /* Min-size tokens should succeed or fail the integrity check. */
+        if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+            abort();
+    }
+}
+
+static void
+test_enctype(krb5_enctype enctype)
+{
+    krb5_error_code ret;
+    krb5_keyblock keyblock;
+    krb5_enc_data input;
+    krb5_data output;
+    krb5_crypto_iov iov[2];
+    unsigned int dummy;
+    size_t min_len, len;
+
+    printf("Testing enctype %d\n", (int) enctype);
+    x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
+    x(krb5_c_make_random_key(NULL, enctype, &keyblock));
+    input.enctype = enctype;
+
+    /* Try each length up to the minimum length. */
+    for (len = 0; len <= min_len; len++) {
+        input.ciphertext.data = calloc(len, 1);
+        input.ciphertext.length = len;
+        output.data = calloc(len, 1);
+        output.length = len;
+
+        /* Attempt a normal decryption. */
+        ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
+        check_decrypt_result(ret, len, min_len);
+
+        if (krb5_c_crypto_length(NULL, enctype, KRB5_CRYPTO_TYPE_HEADER,
+                                 &dummy) == 0) {
+            /* Attempt an IOV stream decryption. */
+            iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
+            iov[0].data = input.ciphertext;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+            iov[1].data.data = NULL;
+            iov[1].data.length = 0;
+            ret = krb5_c_decrypt_iov(NULL, &keyblock, 0, NULL, iov, 2);
+            check_decrypt_result(ret, len, min_len);
+        }
+
+        free(input.ciphertext.data);
+        free(output.data);
+    }
+    krb5int_c_free_keyblock_contents (NULL, &keyblock);
+
+}
+
+int
+main(int argc, char **argv)
+{
+    int i;
+    krb5_data notrandom;
+
+    notrandom.data = "notrandom";
+    notrandom.length = 9;
+    krb5_c_random_seed(NULL, &notrandom);
+    for (i = 0; interesting_enctypes[i]; i++)
+        test_enctype(interesting_enctypes[i]);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/t_str2key.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_str2key.c
new file mode 100644
index 00000000..cdb1acc6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/t_str2key.c
@@ -0,0 +1,514 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/t_str2key.c - String-to-key test vectors */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+struct test {
+    krb5_enctype enctype;
+    char *string;
+    krb5_data salt;
+    krb5_data params;
+    krb5_data expected_key;
+    krb5_error_code expected_err;
+    krb5_boolean allow_weak;
+} test_cases[] = {
+    /* Test vectors from RFC 3961 appendix A.4. */
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 0, NULL },
+        { KV5M_DATA, 24, "\x85\x0B\xB5\x13\x58\x54\x8C\xD0\x5E\x86\x76\x8C"
+          "\x31\x3E\x3B\xFE\xF7\x51\x19\x37\xDC\xF7\x2C\x3E" },
+        0,
+        FALSE
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        "potatoe",
+        { KV5M_DATA, 19, "WHITEHOUSE.GOVdanny" },
+        { KV5M_DATA, 0, NULL },
+        { KV5M_DATA, 24, "\xDF\xCD\x23\x3D\xD0\xA4\x32\x04\xEA\x6D\xC4\x37"
+          "\xFB\x15\xE0\x61\xB0\x29\x79\xC1\xF7\x4F\x37\x7A" },
+        0,
+        FALSE
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        "penny",
+        { KV5M_DATA, 19, "EXAMPLE.COMbuckaroo" },
+        { KV5M_DATA, 0, NULL },
+        { KV5M_DATA, 24, "\x6D\x2F\xCD\xF2\xD6\xFB\xBC\x3D\xDC\xAD\xB5\xDA"
+          "\x57\x10\xA2\x34\x89\xB0\xD3\xB6\x9D\x5D\x9D\x4A" },
+        0,
+        FALSE
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        "\xC3\x9F",
+        { KV5M_DATA, 23, "ATHENA.MIT.EDUJuri\xC5\xA1\x69\xC4\x87" },
+        { KV5M_DATA, 0, NULL },
+        { KV5M_DATA, 24, "\x16\xD5\xA4\x0E\x1C\xE3\xBA\xCB\x61\xB9\xDC\xE0"
+          "\x04\x70\x32\x4C\x83\x19\x73\xA7\xB9\x52\xFE\xB0" },
+        0,
+        FALSE
+    },
+    {
+        ENCTYPE_DES3_CBC_SHA1,
+        "\xF0\x9D\x84\x9E",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 0, NULL },
+        { KV5M_DATA, 24, "\x85\x76\x37\x26\x58\x5D\xBC\x1C\xCE\x6E\xC4\x3E"
+          "\x1F\x75\x1F\x07\xF1\xC4\xCB\xB0\x98\xF4\x0B\x19" },
+        0,
+        FALSE
+    },
+
+    /* Test vectors from RFC 3962 appendix B. */
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\1" },
+        { KV5M_DATA, 16,
+          "\x42\x26\x3C\x6E\x89\xF4\xFC\x28\xB8\xDF\x68\xEE\x09\x79\x9F\x15" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\1" },
+        { KV5M_DATA, 32,
+          "\xFE\x69\x7B\x52\xBC\x0D\x3C\xE1\x44\x32\xBA\x03\x6A\x92\xE6\x5B"
+          "\xBB\x52\x28\x09\x90\xA2\xFA\x27\x88\x39\x98\xD7\x2A\xF3\x01\x61" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\2" },
+        { KV5M_DATA, 16,
+          "\xC6\x51\xBF\x29\xE2\x30\x0A\xC2\x7F\xA4\x69\xD6\x93\xBD\xDA\x13" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\2" },
+        { KV5M_DATA, 32,
+          "\xA2\xE1\x6D\x16\xB3\x60\x69\xC1\x35\xD5\xE9\xD2\xE2\x5F\x89\x61"
+          "\x02\x68\x56\x18\xB9\x59\x14\xB4\x67\xC6\x76\x22\x22\x58\x24\xFF" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 16,
+          "\x4C\x01\xCD\x46\xD6\x32\xD0\x1E\x6D\xBE\x23\x0A\x01\xED\x64\x2A" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 32,
+          "\x55\xA6\xAC\x74\x0A\xD1\x7B\x48\x46\x94\x10\x51\xE1\xE8\xB0\xA7"
+          "\x54\x8D\x93\xB0\xAB\x30\xA8\xBC\x3F\xF1\x62\x80\x38\x2B\x8C\x2A" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { KV5M_DATA, 4, "\0\0\0\5" },
+        { KV5M_DATA, 16,
+          "\xE9\xB2\x3D\x52\x27\x37\x47\xDD\x5C\x35\xCB\x55\xBE\x61\x9D\x8E" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "password",
+        { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { KV5M_DATA, 4, "\0\0\0\5" },
+        { KV5M_DATA, 32,
+          "\x97\xA4\xE7\x86\xBE\x20\xD8\x1A\x38\x2D\x5E\xBC\x96\xD5\x90\x9C"
+          "\xAB\xCD\xAD\xC8\x7C\xA4\x8F\x57\x45\x04\x15\x9F\x16\xC3\x6E\x31" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 29, "pass phrase equals block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 16,
+          "\x59\xD1\xBB\x78\x9A\x82\x8B\x1A\xA5\x4E\xF9\xC2\x88\x3F\x69\xED" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 29, "pass phrase equals block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 32,
+          "\x89\xAD\xEE\x36\x08\xDB\x8B\xC7\x1F\x1B\xFB\xFE\x45\x94\x86\xB0"
+          "\x56\x18\xB7\x0C\xBA\xE2\x20\x92\x53\x4E\x56\xC5\x53\xBA\x4B\x34" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 30, "pass phrase exceeds block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 16,
+          "\xCB\x80\x05\xDC\x5F\x90\x17\x9A\x7F\x02\x10\x4C\x00\x18\x75\x1D" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 30, "pass phrase exceeds block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 32,
+          "\xD7\x8C\x5C\x9C\xB8\x72\xA8\xC9\xDA\xD4\x69\x7F\x0B\xB5\xB2\xD2"
+          "\x14\x96\xC8\x2B\xEB\x2C\xAE\xDA\x21\x12\xFC\xEE\xA0\x57\x40\x1B" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        "\xF0\x9D\x84\x9E",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
+        { KV5M_DATA, 16,
+          "\xF1\x49\xC1\xF2\xE1\x54\xA7\x34\x52\xD4\x3E\x7F\xE6\x2A\x56\xE5" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "\xF0\x9D\x84\x9E",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
+        { KV5M_DATA, 32,
+          "\x4B\x6D\x98\x39\xF8\x44\x06\xDF\x1F\x09\xCC\x16\x6D\xB4\xB8\x3C"
+          "\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" },
+        0,
+        TRUE
+    },
+    /* Check for KRB5_ERR_BAD_S2K_PARAMS return when weak iteration counts are
+     * forbidden. */
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        "\xF0\x9D\x84\x9E",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
+        { KV5M_DATA, 32,
+          "\x4B\x6D\x98\x39\xF8\x44\x06\xDF\x1F\x09\xCC\x16\x6D\xB4\xB8\x3C"
+          "\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" },
+        KRB5_ERR_BAD_S2K_PARAMS,
+        FALSE
+    },
+
+    /* The same inputs applied to Camellia enctypes. */
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\1" },
+        { KV5M_DATA, 16,
+          "\x57\xD0\x29\x72\x98\xFF\xD9\xD3\x5D\xE5\xA4\x7F\xB4\xBD\xE2\x4B" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\1" },
+        { KV5M_DATA, 32,
+          "\xB9\xD6\x82\x8B\x20\x56\xB7\xBE\x65\x6D\x88\xA1\x23\xB1\xFA\xC6"
+          "\x82\x14\xAC\x2B\x72\x7E\xCF\x5F\x69\xAF\xE0\xC4\xDF\x2A\x6D\x2C" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\2" },
+        { KV5M_DATA, 16,
+          "\x73\xF1\xB5\x3A\xA0\xF3\x10\xF9\x3B\x1D\xE8\xCC\xAA\x0C\xB1\x52" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\0\2" },
+        { KV5M_DATA, 32,
+          "\x83\xFC\x58\x66\xE5\xF8\xF4\xC6\xF3\x86\x63\xC6\x5C\x87\x54\x9F"
+          "\x34\x2B\xC4\x7E\xD3\x94\xDC\x9D\x3C\xD4\xD1\x63\xAD\xE3\x75\xE3" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 16,
+          "\x8E\x57\x11\x45\x45\x28\x55\x57\x5F\xD9\x16\xE7\xB0\x44\x87\xAA" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 21, "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 32,
+          "\x77\xF4\x21\xA6\xF2\x5E\x13\x83\x95\xE8\x37\xE5\xD8\x5D\x38\x5B"
+          "\x4C\x1B\xFD\x77\x2E\x11\x2C\xD9\x20\x8C\xE7\x2A\x53\x0B\x15\xE6" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { KV5M_DATA, 4, "\0\0\0\5" },
+        { KV5M_DATA, 16,
+          "\x00\x49\x8F\xD9\x16\xBF\xC1\xC2\xB1\x03\x1C\x17\x08\x01\xB3\x81" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "password",
+        { KV5M_DATA, 8, "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { KV5M_DATA, 4, "\0\0\0\5" },
+        { KV5M_DATA, 32,
+          "\x11\x08\x3A\x00\xBD\xFE\x6A\x41\xB2\xF1\x97\x16\xD6\x20\x2F\x0A"
+          "\xFA\x94\x28\x9A\xFE\x8B\x27\xA0\x49\xBD\x28\xB1\xD7\x6C\x38\x9A" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 29, "pass phrase equals block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 16,
+          "\x8B\xF6\xC3\xEF\x70\x9B\x98\x1D\xBB\x58\x5D\x08\x68\x43\xBE\x05" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 29, "pass phrase equals block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 32,
+          "\x11\x9F\xE2\xA1\xCB\x0B\x1B\xE0\x10\xB9\x06\x7A\x73\xDB\x63\xED"
+          "\x46\x65\xB4\xE5\x3A\x98\xD1\x78\x03\x5D\xCF\xE8\x43\xA6\xB9\xB0" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 30, "pass phrase exceeds block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 16,
+          "\x57\x52\xAC\x8D\x6A\xD1\xCC\xFE\x84\x30\xB3\x12\x87\x1C\x2F\x74" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+        { KV5M_DATA, 30, "pass phrase exceeds block size" },
+        { KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
+        { KV5M_DATA, 32,
+          "\x61\x4D\x5D\xFC\x0B\xA6\xD3\x90\xB4\x12\xB8\x9A\xE4\xD5\xB0\x88"
+          "\xB6\x12\xB3\x16\x51\x09\x94\x67\x9D\xDB\x43\x83\xC7\x12\x6D\xDF" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA128_CTS_CMAC,
+        "\xf0\x9d\x84\x9e",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
+        { KV5M_DATA, 16,
+          "\xCC\x75\xC7\xFD\x26\x0F\x1C\x16\x58\x01\x1F\xCC\x0D\x56\x06\x16" },
+        0,
+        TRUE
+    },
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "\xf0\x9d\x84\x9e",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
+        { KV5M_DATA, 32,
+          "\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E"
+          "\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" },
+        0,
+        TRUE
+    },
+    /* Check for KRB5_ERR_BAD_S2K_PARAMS return when weak iteration counts are
+     * forbidden. */
+    {
+        ENCTYPE_CAMELLIA256_CTS_CMAC,
+        "\xf0\x9d\x84\x9e",
+        { KV5M_DATA, 18, "EXAMPLE.COMpianist" },
+        { KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
+        { KV5M_DATA, 32,
+          "\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E"
+          "\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" },
+        KRB5_ERR_BAD_S2K_PARAMS,
+        FALSE
+    },
+
+    {
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        "password",
+        { KV5M_DATA, 37,
+          "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
+          "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\x00\x00\x80\x00" },
+        { KV5M_DATA, 16,
+          "\x08\x9B\xCA\x48\xB1\x05\xEA\x6E\xA7\x7C\xA5\xD2\xF3\x9D\xC5\xE7" },
+        0,
+        FALSE
+    },
+    {
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        "password",
+        { KV5M_DATA, 37,
+          "\x10\xDF\x9D\xD7\x83\xE5\xBC\x8A\xCE\xA1\x73\x0E\x74\x35\x5F\x61"
+          "ATHENA.MIT.EDUraeburn" },
+        { KV5M_DATA, 4, "\x00\x00\x80\x00" },
+        { KV5M_DATA, 32,
+          "\x45\xBD\x80\x6D\xBF\x6A\x83\x3A\x9C\xFF\xC1\xC9\x45\x89\xA2\x22"
+          "\x36\x7A\x79\xBC\x21\xC4\x13\x71\x89\x06\xE9\xF5\x78\xA7\x84\x67" },
+        0,
+        FALSE
+    },
+};
+
+static void
+printhex(const char *head, void *data, size_t len)
+{
+    size_t i;
+
+    printf("%s", head);
+    for (i = 0; i < len; i++) {
+        printf("%02X", ((unsigned char*)data)[i]);
+        if (i % 16 == 15 && i + 1 < len)
+            printf("\n%*s", (int)strlen(head), "");
+        else if (i + 1 < len)
+            printf(" ");
+    }
+    printf("\n");
+}
+
+extern int k5_allow_weak_pbkdf2iter;
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context = NULL;
+    krb5_data string;
+    krb5_error_code ret;
+    krb5_keyblock *keyblock;
+    size_t i;
+    struct test *test;
+    krb5_boolean verbose = FALSE;
+    int status = 0;
+
+    if (argc >= 2 && strcmp(argv[1], "-v") == 0)
+        verbose = TRUE;
+    for (i = 0; i < sizeof(test_cases) / sizeof(*test_cases); i++) {
+        test = &test_cases[i];
+        string = string2data(test->string);
+        ret = krb5_init_keyblock(context, test->enctype, 0, &keyblock);
+        assert(!ret);
+        k5_allow_weak_pbkdf2iter = test->allow_weak;
+        ret = krb5_c_string_to_key_with_params(context, test->enctype,
+                                               &string, &test->salt,
+                                               &test->params, keyblock);
+        if (ret != test->expected_err) {
+            com_err(argv[0], ret, "in krb5_c_string_to_key_with_params");
+            exit(1);
+        }
+        if (verbose) {
+            char buf[64];
+            krb5_enctype_to_name(test->enctype, FALSE, buf, sizeof(buf));
+            printf("\nTest %d:\n", (int)i);
+            printf("Enctype: %s\n", buf);
+            printf("String: %s\n", test->string);
+            printhex("Salt: ", test->salt.data, test->salt.length);
+            printhex("Params: ", test->params.data, test->params.length);
+            if (test->expected_err == 0)
+                printhex("Key: ", keyblock->contents, keyblock->length);
+            else
+                printf("Expected error: %d\n", (int)test->expected_err);
+        }
+        if (test->expected_err != 0) {
+            krb5_free_keyblock(context, keyblock);
+            continue;
+        }
+        assert(keyblock->length == test->expected_key.length);
+        if (memcmp(keyblock->contents, test->expected_key.data,
+                   keyblock->length) != 0) {
+            printf("str2key test %d failed\n", (int)i);
+            status = 1;
+            if (!verbose)
+                break;
+        }
+        krb5_free_keyblock(context, keyblock);
+    }
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/Readme.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/Readme.txt
new file mode 100644
index 00000000..69dbb5b9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/Readme.txt
@@ -0,0 +1,22 @@
+README
+
+Algorithm:	Rijndael
+Submitter:	Joan Daemen and Vincent Rijmen
+
+Test values: Known Answer Tests and Monte Carlo Tests
+-----------------------------------------------------------
+
+This directory contains the following files:
+
+Readme.txt: 	This file.
+
+cbc_d_m.txt:	Test values for the CBC decryption MCT.
+cbc_e_m.txt:	Test values for the CBC encryption MCT.
+ecb_d_m.txt:	Test values for the ECB decryption MCT.
+ecb_e_m.txt:	Test values for the ECB encryption MCT.
+ecb_vk.txt: 	Test values for the Variable Key KAT.
+ecb_vt.txt:	      Test values for the Variable Text KAT.
+ecb_iv.txt:	      Test values for the Intermediate Values KAT.
+ecb_iv.readme:	Detailed information about the Intermediate Values KAT.
+ecb_tbl.txt:	Test values for the Table KAT.
+
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/cbc_d_m.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/cbc_d_m.txt
new file mode 100644
index 00000000..e216f3b8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/cbc_d_m.txt
@@ -0,0 +1,7224 @@
+
+=========================
+
+FILENAME:  "cbc_d_m.txt"
+
+Cipher Block Chaining (CBC) Mode - DECRYPTION
+Monte Carlo Test
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+==========
+
+KEYSIZE=128
+
+I=0
+KEY=00000000000000000000000000000000
+IV=00000000000000000000000000000000
+CT=00000000000000000000000000000000
+PT=FACA37E0B0C85373DF706E73F7C9AF86
+
+I=1
+KEY=FACA37E0B0C85373DF706E73F7C9AF86
+IV=52D0C29FF8793A519BD6A8289FC80E6A
+CT=FACA37E0B0C85373DF706E73F7C9AF86
+PT=F5372F9735C5685F1DA362AF6ECB2940
+
+I=2
+KEY=0FFD1877850D3B2CC2D30CDC990286C6
+IV=DD74BB1AC6F0F866C7992C61F59D5594
+CT=F5372F9735C5685F1DA362AF6ECB2940
+PT=5496A4C29C7670F61B5D5DF6181F5947
+
+I=3
+KEY=5B6BBCB5197B4BDAD98E512A811DDF81
+IV=3795C88134F7C011433397D1443FEB3A
+CT=5496A4C29C7670F61B5D5DF6181F5947
+PT=940CC5A2AF4F1F8D1862B47BCF63E4CA
+
+I=4
+KEY=CF677917B6345457C1ECE5514E7E3B4B
+IV=0FC1413900225B47AF9E139E1650EA23
+CT=940CC5A2AF4F1F8D1862B47BCF63E4CA
+PT=08832415D97820DE305A58A9AD111A9E
+
+I=5
+KEY=C7E45D026F4C7489F1B6BDF8E36F21D5
+IV=3032F64674FA243D61DF8C16313D81F3
+CT=08832415D97820DE305A58A9AD111A9E
+PT=BD4089775FD1BDB0A6C4F36D1DDAA93E
+
+I=6
+KEY=7AA4D475309DC93957724E95FEB588EB
+IV=47D7F440B43888F173AE5A492F1A99F8
+CT=BD4089775FD1BDB0A6C4F36D1DDAA93E
+PT=AB9955F74612859267D61FEA85A75ADC
+
+I=7
+KEY=D13D8182768F4CAB30A4517F7B12D237
+IV=6D9E57242195D27771D1C7A748378AB0
+CT=AB9955F74612859267D61FEA85A75ADC
+PT=168F213FB678D8A46D0E55EFD1C49BB3
+
+I=8
+KEY=C7B2A0BDC0F7940F5DAA0490AAD64984
+IV=1B98968FB5ABD95930525C1257DEB364
+CT=168F213FB678D8A46D0E55EFD1C49BB3
+PT=3C4CEECFF9560501C5D8C901D87C8E7B
+
+I=9
+KEY=FBFE4E7239A1910E9872CD9172AAC7FF
+IV=35EB7B6D3F63AAE927C5346C9C2CB91D
+CT=3C4CEECFF9560501C5D8C901D87C8E7B
+PT=9D206BE0CC60296BF3A486A8C69778EF
+
+I=10
+KEY=66DE2592F5C1B8656BD64B39B43DBF10
+IV=226646B36D8E9B9279F94378CCBF8FBA
+CT=9D206BE0CC60296BF3A486A8C69778EF
+PT=9DA7B8094BD0F0BEA26848C84B8E083C
+
+I=11
+KEY=FB799D9BBE1148DBC9BE03F1FFB3B72C
+IV=3E3A2B0E1C70A19BCD7222708AA94F26
+CT=9DA7B8094BD0F0BEA26848C84B8E083C
+PT=6A93B2F318C14C2D3E58455B86A4F5D7
+
+I=12
+KEY=91EA2F68A6D004F6F7E646AA791742FB
+IV=1F256942B3CD691858A20664BB24545E
+CT=6A93B2F318C14C2D3E58455B86A4F5D7
+PT=4A19AC6C6FEB654D3675A2BE32E5A820
+
+I=13
+KEY=DBF38304C93B61BBC193E4144BF2EADB
+IV=631F2EDE05C1C950BCE67DF53BA53ED6
+CT=4A19AC6C6FEB654D3675A2BE32E5A820
+PT=799EAB8E9C864A13490FD6B089F764C5
+
+I=14
+KEY=A26D288A55BD2BA8889C32A4C2058E1E
+IV=F6AD064E0DBF4AF4AA5165E1FE0E86FA
+CT=799EAB8E9C864A13490FD6B089F764C5
+PT=2FA3F38CA1216C6D911C1779F333413E
+
+I=15
+KEY=8DCEDB06F49C47C5198025DD3136CF20
+IV=DA039AC5F4EDCD84472B23CFA1252EC3
+CT=2FA3F38CA1216C6D911C1779F333413E
+PT=2FC703AD6A7DAF8B0BDDD8586C1D67D0
+
+I=16
+KEY=A209D8AB9EE1E84E125DFD855D2BA8F0
+IV=341B5FDA8AB434461A7B7A87EF0C530C
+CT=2FC703AD6A7DAF8B0BDDD8586C1D67D0
+PT=54723CABFBE32DEEDFEBF4292A5710FA
+
+I=17
+KEY=F67BE4006502C5A0CDB609AC777CB80A
+IV=2C42AD577B0BE057555C3FCB6FC0089E
+CT=54723CABFBE32DEEDFEBF4292A5710FA
+PT=6B1E2A8C1A9CBB95D1B34AAFE15A78D3
+
+I=18
+KEY=9D65CE8C7F9E7E351C0543039626C0D9
+IV=E5E06583A834BF16118ED5FA401A2D6F
+CT=6B1E2A8C1A9CBB95D1B34AAFE15A78D3
+PT=F4E57BFAB65375B3AD49CD78814F0C16
+
+I=19
+KEY=6980B576C9CD0B86B14C8E7B1769CCCF
+IV=71E59389FF6F992225B32960593F9362
+CT=F4E57BFAB65375B3AD49CD78814F0C16
+PT=90A31B5934FCF6822526C973114BD953
+
+I=20
+KEY=F923AE2FFD31FD04946A47080622159C
+IV=2A4B31492B9BAEC402C255978BB96D40
+CT=90A31B5934FCF6822526C973114BD953
+PT=61F88BA8D438A0FD23F0101465C7FD4E
+
+I=21
+KEY=98DB258729095DF9B79A571C63E5E8D2
+IV=607640CEA12DCF7F188B2B65C7F4153D
+CT=61F88BA8D438A0FD23F0101465C7FD4E
+PT=F62D206DF53F41CA898F3A8EB6A843FF
+
+I=22
+KEY=6EF605EADC361C333E156D92D54DAB2D
+IV=D69C32E12303361B465BE9A484BCA723
+CT=F62D206DF53F41CA898F3A8EB6A843FF
+PT=364BC3F9FDA5FB1AEEA7691550A58320
+
+I=23
+KEY=58BDC6132193E729D0B2048785E8280D
+IV=C207B8347B8DB8BC6845827BB6986B0E
+CT=364BC3F9FDA5FB1AEEA7691550A58320
+PT=DAA6386A073CD1653E9A9DB0A97970BA
+
+I=24
+KEY=821BFE7926AF364CEE2899372C9158B7
+IV=6C5D2B186393280253D6922A8421C3A9
+CT=DAA6386A073CD1653E9A9DB0A97970BA
+PT=AAF74F0E0A0141A811853AE8B120BC00
+
+I=25
+KEY=28ECB1772CAE77E4FFADA3DF9DB1E4B7
+IV=3CB62EF0E649027DDDB76206D0F4D355
+CT=AAF74F0E0A0141A811853AE8B120BC00
+PT=22A0F9611447C1A85F397DD79E3206F9
+
+I=26
+KEY=0A4C481638E9B64CA094DE080383E24E
+IV=C4320FA90686AE0F9E979CBF1391F6D6
+CT=22A0F9611447C1A85F397DD79E3206F9
+PT=1871ABDEAA7E057E76D41ED9191FAC39
+
+I=27
+KEY=123DE3C89297B332D640C0D11A9C4E77
+IV=FBFD18AADF7C5E8E96EB976A535BF312
+CT=1871ABDEAA7E057E76D41ED9191FAC39
+PT=BF52994F41B1DEF78C6A057642C52D89
+
+I=28
+KEY=AD6F7A87D3266DC55A2AC5A7585963FE
+IV=C195141578ADF4C92113C8A9A63FF072
+CT=BF52994F41B1DEF78C6A057642C52D89
+PT=3EAFB00E3B4A0E6DF74743A7EDAD0FE4
+
+I=29
+KEY=93C0CA89E86C63A8AD6D8600B5F46C1A
+IV=D1C4E98C4A9AC79B7CCBC052ACF78913
+CT=3EAFB00E3B4A0E6DF74743A7EDAD0FE4
+PT=4393544AB2387A93496D683C2B8970C7
+
+I=30
+KEY=D0539EC35A54193BE400EE3C9E7D1CDD
+IV=80517C6341DAF4DCBCCAE452F3040147
+CT=4393544AB2387A93496D683C2B8970C7
+PT=51DAC594293708A918E9EFC04F7F2F1C
+
+I=31
+KEY=81895B5773631192FCE901FCD10233C1
+IV=69DE50406B4E3E8A94C1367E1E3D5464
+CT=51DAC594293708A918E9EFC04F7F2F1C
+PT=035B64F06C8166000C82BF15CC88446D
+
+I=32
+KEY=82D23FA71FE27792F06BBEE91D8A77AC
+IV=8EA2E38145BBD79881B7EB31B8818A21
+CT=035B64F06C8166000C82BF15CC88446D
+PT=F3EFFA770A21741551F309E1967CC2E4
+
+I=33
+KEY=713DC5D015C30387A198B7088BF6B548
+IV=0DCAA309668E11509828152553FF2306
+CT=F3EFFA770A21741551F309E1967CC2E4
+PT=62BA0548E7AD136BEB4E38AECD7942D9
+
+I=34
+KEY=1387C098F26E10EC4AD68FA6468FF791
+IV=D031FCA5F3C88926CC3BDDC448537B69
+CT=62BA0548E7AD136BEB4E38AECD7942D9
+PT=38E3D4C7AF0C3E494F1D580AC5430634
+
+I=35
+KEY=2B64145F5D622EA505CBD7AC83CCF1A5
+IV=6FFA5A45EDA60294B0224EEB8C36C455
+CT=38E3D4C7AF0C3E494F1D580AC5430634
+PT=2231EB6A6588CBCB56B930B7F1CF9E04
+
+I=36
+KEY=0955FF3538EAE56E5372E71B72036FA1
+IV=B5375674631ECC3334A318993CB81F9A
+CT=2231EB6A6588CBCB56B930B7F1CF9E04
+PT=59692274C130D6820287EA10F7E64602
+
+I=37
+KEY=503CDD41F9DA33EC51F50D0B85E529A3
+IV=A93D6E028B5C2BD17A29C6CA1617A0A2
+CT=59692274C130D6820287EA10F7E64602
+PT=5975A95327DE7749EA8DEDC580E5E8C7
+
+I=38
+KEY=09497412DE0444A5BB78E0CE0500C164
+IV=26E00CB161145FCD00C39BC4FB1E5CBB
+CT=5975A95327DE7749EA8DEDC580E5E8C7
+PT=D1F7E36BC8FF4439820CB617E745A9CC
+
+I=39
+KEY=D8BE977916FB009C397456D9E24568A8
+IV=72E78D9E15C8FBA864C6C40CEBB190B8
+CT=D1F7E36BC8FF4439820CB617E745A9CC
+PT=76FB4F20C902E9AA89854440631092B5
+
+I=40
+KEY=AE45D859DFF9E936B0F112998155FA1D
+IV=4B6C585FEF52490EA62BAAD08FAA3DCF
+CT=76FB4F20C902E9AA89854440631092B5
+PT=6D7D4487DCD624B2FC5002DFE7D2D347
+
+I=41
+KEY=C3389CDE032FCD844CA110466687295A
+IV=E94FD23A598DDE077CD1DAEE97FDADD9
+CT=6D7D4487DCD624B2FC5002DFE7D2D347
+PT=7297F8F85B21E1A5CB902DCC5F6738F9
+
+I=42
+KEY=B1AF6426580E2C2187313D8A39E011A3
+IV=86E495D31EEFCBC30064414FBD78FAE5
+CT=7297F8F85B21E1A5CB902DCC5F6738F9
+PT=4A6978AACC6968931FB1B83D53D31FEF
+
+I=43
+KEY=FBC61C8C946744B2988085B76A330E4C
+IV=6BA7664AB5ED4F7956D6C3FAA7C42961
+CT=4A6978AACC6968931FB1B83D53D31FEF
+PT=6B63FAAF9DB43A2B6025F29B1D6A331C
+
+I=44
+KEY=90A5E62309D37E99F8A5772C77593D50
+IV=37D17D1702EA34A3C75376AA0F9D24AD
+CT=6B63FAAF9DB43A2B6025F29B1D6A331C
+PT=8317A07BEE0BF16B88D7D197884AC6CF
+
+I=45
+KEY=13B24658E7D88FF27072A6BBFF13FB9F
+IV=29B89B238062495C260AF44C63AA809F
+CT=8317A07BEE0BF16B88D7D197884AC6CF
+PT=0443BFEBCA7C85CBD0CB66AB9D75425D
+
+I=46
+KEY=17F1F9B32DA40A39A0B9C0106266B9C2
+IV=08CF82854AE07429C4A866AA727CEA2E
+CT=0443BFEBCA7C85CBD0CB66AB9D75425D
+PT=6B1EB033CB844F9BDD96BA2C67D139C7
+
+I=47
+KEY=7CEF4980E62045A27D2F7A3C05B78005
+IV=05579F3E0017EBF6083756DC0A50A2E9
+CT=6B1EB033CB844F9BDD96BA2C67D139C7
+PT=E7904CBFB41EBE4178B4D633AFC9B311
+
+I=48
+KEY=9B7F053F523EFBE3059BAC0FAA7E3314
+IV=E6B2CB0CE57E02A230DCD16C08614823
+CT=E7904CBFB41EBE4178B4D633AFC9B311
+PT=96EAAA148F05FAD1F0FC06E135EC5DF8
+
+I=49
+KEY=0D95AF2BDD3B0132F567AAEE9F926EEC
+IV=4268294B10AD58BE9E570A9485963682
+CT=96EAAA148F05FAD1F0FC06E135EC5DF8
+PT=9F2F712F62DE747EE479A0A74384B196
+
+I=50
+KEY=92BADE04BFE5754C111E0A49DC16DF7A
+IV=A5C558F5D4658089CD9FB295EDAE64DB
+CT=9F2F712F62DE747EE479A0A74384B196
+PT=9CF7F00094C4E2D96D752C2312FC135E
+
+I=51
+KEY=0E4D2E042B2197957C6B266ACEEACC24
+IV=1CE301F294BDF4C906E5F0A6FA7C22BB
+CT=9CF7F00094C4E2D96D752C2312FC135E
+PT=ABA58D548DB6E9BE977FDDC85E16C2DE
+
+I=52
+KEY=A5E8A350A6977E2BEB14FBA290FC0EFA
+IV=66C1FF1E4B52A3542B48306EC33F171D
+CT=ABA58D548DB6E9BE977FDDC85E16C2DE
+PT=802948E1A5177FBE97ABA26B996FDF1B
+
+I=53
+KEY=25C1EBB1038001957CBF59C90993D1E1
+IV=197A546DEB2E19E17507276B9ED95135
+CT=802948E1A5177FBE97ABA26B996FDF1B
+PT=67D931C0946ECDF2F8E41000726D1A56
+
+I=54
+KEY=4218DA7197EECC67845B49C97BFECBB7
+IV=D11DA3CE92ADA0686F7BF12A4796D9F7
+CT=67D931C0946ECDF2F8E41000726D1A56
+PT=386C68821385E8CFCDD5678FE2AA89F8
+
+I=55
+KEY=7A74B2F3846B24A8498E2E469954424F
+IV=4DDE413EBC3F30E2F3A9F48DA1258DAF
+CT=386C68821385E8CFCDD5678FE2AA89F8
+PT=1638C741EFE3B1CC45C7754783350825
+
+I=56
+KEY=6C4C75B26B8895640C495B011A614A6A
+IV=5B4F013B085E3A04A16A409E8C3BB270
+CT=1638C741EFE3B1CC45C7754783350825
+PT=91AB00C3828D3DF72BEC487EF4652567
+
+I=57
+KEY=FDE77571E905A89327A5137FEE046F0D
+IV=98074F522144682FF1498C61581F8B0E
+CT=91AB00C3828D3DF72BEC487EF4652567
+PT=BC5BA874D2F3039837528993FB275EBA
+
+I=58
+KEY=41BCDD053BF6AB0B10F79AEC152331B7
+IV=B65C1A6F80CA024B92176D57061ECDFE
+CT=BC5BA874D2F3039837528993FB275EBA
+PT=B7DE1BEE1867F4DC3F974E0D8B416DB0
+
+I=59
+KEY=F662C6EB23915FD72F60D4E19E625C07
+IV=7268C08FA807D83C9830F54A59F32662
+CT=B7DE1BEE1867F4DC3F974E0D8B416DB0
+PT=19769B9EB30B8DE5FD640ACE78F01F0A
+
+I=60
+KEY=EF145D75909AD232D204DE2FE692430D
+IV=B260792BAB22BAAB6CCF3AE1DD3A0F85
+CT=19769B9EB30B8DE5FD640ACE78F01F0A
+PT=2079F2C0A0DE164CD41FCE29D8CE3178
+
+I=61
+KEY=CF6DAFB53044C47E061B10063E5C7275
+IV=6ABCE7B41E112B91B8E6BC0DBE37600C
+CT=2079F2C0A0DE164CD41FCE29D8CE3178
+PT=0D3A678FAB06E743A9134C103B39B61D
+
+I=62
+KEY=C257C83A9B42233DAF085C160565C468
+IV=CEB1E776DBEF46BF8B949C0AF0EBEAD2
+CT=0D3A678FAB06E743A9134C103B39B61D
+PT=80339ADB34BCDE3384D66170373AEEAC
+
+I=63
+KEY=426452E1AFFEFD0E2BDE3D66325F2AC4
+IV=EAAC373FCA05E610C1C5D4437AFD5631
+CT=80339ADB34BCDE3384D66170373AEEAC
+PT=38D52D75E5783A08FBFE622633D6CF47
+
+I=64
+KEY=7AB17F944A86C706D0205F400189E583
+IV=2A25ED6933CAAA95569ADA1AC7480942
+CT=38D52D75E5783A08FBFE622633D6CF47
+PT=3204F1EACBB520A69F0939F45BC82041
+
+I=65
+KEY=48B58E7E8133E7A04F2966B45A41C5C2
+IV=9C6819799DAF61111ACC3C0ECEB0F8BF
+CT=3204F1EACBB520A69F0939F45BC82041
+PT=16BD33EE541798BEE114E9D7F9141A9C
+
+I=66
+KEY=5E08BD90D5247F1EAE3D8F63A355DF5E
+IV=C181F4DF1EE0E13BF76044A3DA5E3BC4
+CT=16BD33EE541798BEE114E9D7F9141A9C
+PT=A0A68CF016C6AD8DAC4D5634EAADEBE5
+
+I=67
+KEY=FEAE3160C3E2D2930270D95749F834BB
+IV=2A4EE2CD011AF421616789DB790354FD
+CT=A0A68CF016C6AD8DAC4D5634EAADEBE5
+PT=FCE7D92FD0B3A1C7920558F653E1019B
+
+I=68
+KEY=0249E84F13517354907581A11A193520
+IV=A7F7E2B701F34F308C0F28514DFAA15F
+CT=FCE7D92FD0B3A1C7920558F653E1019B
+PT=F16A084B2DE16D5E3E5405665DE3C623
+
+I=69
+KEY=F323E0043EB01E0AAE2184C747FAF303
+IV=6D319828AAA75DFE99BEEDD21B983C7D
+CT=F16A084B2DE16D5E3E5405665DE3C623
+PT=CE20AE629887DF02064F2D9DB092E1DB
+
+I=70
+KEY=3D034E66A637C108A86EA95AF76812D8
+IV=9484E76149F41901AF8AFD3152C56506
+CT=CE20AE629887DF02064F2D9DB092E1DB
+PT=B457A655282213C1B7C5C2A206C7FCB9
+
+I=71
+KEY=8954E8338E15D2C91FAB6BF8F1AFEE61
+IV=329E089DC915BD71B1F8D0713BFC4F97
+CT=B457A655282213C1B7C5C2A206C7FCB9
+PT=A89B8F7541FFF719A3C7DE1577CE1C3F
+
+I=72
+KEY=21CF6746CFEA25D0BC6CB5ED8661F25E
+IV=FA381CAC5777234E6DF8A28A4E6671D8
+CT=A89B8F7541FFF719A3C7DE1577CE1C3F
+PT=C4E73D25647350527C1F93F6C1D90296
+
+I=73
+KEY=E5285A63AB997582C073261B47B8F0C8
+IV=082ACF3D2661514F0E00BDABC9015946
+CT=C4E73D25647350527C1F93F6C1D90296
+PT=34BF6DECECFE1C9AE3AA34B6DB3741EF
+
+I=74
+KEY=D197378F4767691823D912AD9C8FB127
+IV=3E56B658F899B6DBBA4EAF6E629F3555
+CT=34BF6DECECFE1C9AE3AA34B6DB3741EF
+PT=FD86C78538176DC5D48BE2EC6B89D581
+
+I=75
+KEY=2C11F00A7F7004DDF752F041F70664A6
+IV=765B823193F2738E6CACBB0154C941B1
+CT=FD86C78538176DC5D48BE2EC6B89D581
+PT=524E035AB9DEB29E467B9586A90F3A42
+
+I=76
+KEY=7E5FF350C6AEB643B12965C75E095EE4
+IV=DE2B3EC0A3FF29EC67BBE1B124E9451A
+CT=524E035AB9DEB29E467B9586A90F3A42
+PT=83DE1E768EED94BA09E623845A057834
+
+I=77
+KEY=FD81ED26484322F9B8CF4643040C26D0
+IV=A5CF4D996D8460E71DDA938461BB884B
+CT=83DE1E768EED94BA09E623845A057834
+PT=D8381D17B9BCF942F408DBB2B7B2D6B7
+
+I=78
+KEY=25B9F031F1FFDBBB4CC79DF1B3BEF067
+IV=899696B8EDC4E8B60489742A2559C909
+CT=D8381D17B9BCF942F408DBB2B7B2D6B7
+PT=BF1D8175015D0A0341427DE1F7DDE379
+
+I=79
+KEY=9AA47144F0A2D1B80D85E0104463131E
+IV=AD76D13B2F2A3F938F5C810A38A83D09
+CT=BF1D8175015D0A0341427DE1F7DDE379
+PT=58114DEFF8CFF10F06B390EB01B13394
+
+I=80
+KEY=C2B53CAB086D20B70B3670FB45D2208A
+IV=9EC540C144AB57D4E5A9185F55E71E50
+CT=58114DEFF8CFF10F06B390EB01B13394
+PT=53E72B9603CE221F0160791DF51F6B3E
+
+I=81
+KEY=9152173D0BA302A80A5609E6B0CD4BB4
+IV=B780257238CA60FD998819B2D04CEB92
+CT=53E72B9603CE221F0160791DF51F6B3E
+PT=AF0238554AAFFB0FB5DFAC35E3CE8F4C
+
+I=82
+KEY=3E502F68410CF9A7BF89A5D35303C4F8
+IV=3509BC884089ADEB90137A39AEA75CFC
+CT=AF0238554AAFFB0FB5DFAC35E3CE8F4C
+PT=20844D3F4F637B974D38B7E5F1C84205
+
+I=83
+KEY=1ED462570E6F8230F2B11236A2CB86FD
+IV=52BAB07EB72804630E4BD769F0172FDA
+CT=20844D3F4F637B974D38B7E5F1C84205
+PT=68404E006D2F16572EDFAE636A62C537
+
+I=84
+KEY=76942C5763409467DC6EBC55C8A943CA
+IV=E4B417D85F36F3A25CF04AB05157F247
+CT=68404E006D2F16572EDFAE636A62C537
+PT=13C8DF4117D4EA3645F1825700F8FFA5
+
+I=85
+KEY=655CF31674947E51999F3E02C851BC6F
+IV=3FE0683442B6B5DF515209DE16F8FD4B
+CT=13C8DF4117D4EA3645F1825700F8FFA5
+PT=42307D929439F2723202A5206D640431
+
+I=86
+KEY=276C8E84E0AD8C23AB9D9B22A535B85E
+IV=33FAD11D9D4057E7ED989F1520450C32
+CT=42307D929439F2723202A5206D640431
+PT=5ED8AF875ACF37BE8FAAC16D4AB8072B
+
+I=87
+KEY=79B42103BA62BB9D24375A4FEF8DBF75
+IV=807852E5AD0EB5E0C3A2AAF18DFB14F9
+CT=5ED8AF875ACF37BE8FAAC16D4AB8072B
+PT=79C950A45ECDC8B676A5CFF324A81DA8
+
+I=88
+KEY=007D71A7E4AF732B529295BCCB25A2DD
+IV=516BC35B52C26C99E21C0147CB7DD99E
+CT=79C950A45ECDC8B676A5CFF324A81DA8
+PT=595C3DDCFBD90661A3A70B94C470A26B
+
+I=89
+KEY=59214C7B1F76754AF1359E280F5500B6
+IV=FDABDD4BD60725F5E640629416F417D3
+CT=595C3DDCFBD90661A3A70B94C470A26B
+PT=7957CF3989083D25B54C6890EC58DB0C
+
+I=90
+KEY=20768342967E486F4479F6B8E30DDBBA
+IV=CADFADF417898DE3786D5DF869396611
+CT=7957CF3989083D25B54C6890EC58DB0C
+PT=6C1E8DF34FC80DD2ECA00A1EDC5FC239
+
+I=91
+KEY=4C680EB1D9B645BDA8D9FCA63F521983
+IV=A7DF9FA44AA2B49B9E26C6148CCAF36F
+CT=6C1E8DF34FC80DD2ECA00A1EDC5FC239
+PT=72B5A426C9DC3B336756FB10B00626CE
+
+I=92
+KEY=3EDDAA97106A7E8ECF8F07B68F543F4D
+IV=50FF574915D407A97A74CC399DE2D901
+CT=72B5A426C9DC3B336756FB10B00626CE
+PT=194826159D7FAB9166D64F1DD6F627B0
+
+I=93
+KEY=27958C828D15D51FA95948AB59A218FD
+IV=A1E3BC848C019B6FC3F7072F9A866C52
+CT=194826159D7FAB9166D64F1DD6F627B0
+PT=0186B2316FC29104D3549C49F92AE414
+
+I=94
+KEY=26133EB3E2D7441B7A0DD4E2A088FCE9
+IV=4DBA42F1031AE32016524C7F86781528
+CT=0186B2316FC29104D3549C49F92AE414
+PT=373384DB7383D3A4914C0141BB104B81
+
+I=95
+KEY=1120BA68915497BFEB41D5A31B98B768
+IV=FFCB87107AC596D71BA807902D524247
+CT=373384DB7383D3A4914C0141BB104B81
+PT=25465CE5FA2AD65D75586064A18516A8
+
+I=96
+KEY=3466E68D6B7E41E29E19B5C7BA1DA1C0
+IV=55879596C3F0A295FA00CFEF1B056248
+CT=25465CE5FA2AD65D75586064A18516A8
+PT=2311A52CEC4A16B5F4FCA613BC0BDB83
+
+I=97
+KEY=177743A1873457576AE513D406167A43
+IV=B1A7DABF3D2384BF8754B829659B3989
+CT=2311A52CEC4A16B5F4FCA613BC0BDB83
+PT=357F4BF62308CD5C48F34E9E644DD515
+
+I=98
+KEY=22080857A43C9A0B22165D4A625BAF56
+IV=72BF477FE8CF428CFA856323E18B3135
+CT=357F4BF62308CD5C48F34E9E644DD515
+PT=17758539D1896B92BFB811D30C9BA134
+
+I=99
+KEY=357D8D6E75B5F1999DAE4C996EC00E62
+IV=4CBA048DFA50910EC94FE5D6AA5DD502
+CT=17758539D1896B92BFB811D30C9BA134
+PT=372B6DCEE44D18D3791C4E8FB0A91971
+
+I=100
+KEY=0256E0A091F8E94AE4B20216DE691713
+IV=86F4F670CA3B191B860D6C8A9A35A872
+CT=372B6DCEE44D18D3791C4E8FB0A91971
+PT=66D3FABC4885C1F4897D9160C152D570
+
+I=101
+KEY=64851A1CD97D28BE6DCF93761F3BC263
+IV=08490B2E8588FE564F0112D76D6108E9
+CT=66D3FABC4885C1F4897D9160C152D570
+PT=926278E71894F32B5E2A5A1F5FA695E7
+
+I=102
+KEY=F6E762FBC1E9DB9533E5C969409D5784
+IV=D3A2E4AFFDD8A7CC1498EF0E812087B7
+CT=926278E71894F32B5E2A5A1F5FA695E7
+PT=A455F5D65D91563D9C15E6B745F29531
+
+I=103
+KEY=52B2972D9C788DA8AFF02FDE056FC2B5
+IV=6CB8822EA67C247A6A0CBAD830B3562C
+CT=A455F5D65D91563D9C15E6B745F29531
+PT=4544371A5E3A8E7AD9885AECD3868AF3
+
+I=104
+KEY=17F6A037C24203D276787532D6E94846
+IV=93E3CAD8BE023F6451ADAA525988A974
+CT=4544371A5E3A8E7AD9885AECD3868AF3
+PT=8473F4F1D77AC1F46706EBD108CB48A5
+
+I=105
+KEY=938554C61538C226117E9EE3DE2200E3
+IV=A7E7B354606EF4C1D00BF4F128CCE966
+CT=8473F4F1D77AC1F46706EBD108CB48A5
+PT=787ADE453DCE2FA7F6F24CD33C9A5CDC
+
+I=106
+KEY=EBFF8A8328F6ED81E78CD230E2B85C3F
+IV=97A2CF706C1871B502D15B028C5F0D80
+CT=787ADE453DCE2FA7F6F24CD33C9A5CDC
+PT=E6A7E5B65DC124FBE1C1FFFE18A34D8A
+
+I=107
+KEY=0D586F357537C97A064D2DCEFA1B11B5
+IV=9BBDCAF2A3CC7FC5BF6285631A4636FD
+CT=E6A7E5B65DC124FBE1C1FFFE18A34D8A
+PT=6A391E9F475546720836312BBEB0B3A9
+
+I=108
+KEY=676171AA32628F080E7B1CE544ABA21C
+IV=603EEDE91F925A2228537E8BDD26C96B
+CT=6A391E9F475546720836312BBEB0B3A9
+PT=D75086BA446563AAB1873FDEBE611D67
+
+I=109
+KEY=B031F7107607ECA2BFFC233BFACABF7B
+IV=546B8CA37AACE2BC2C85014F2ACD6315
+CT=D75086BA446563AAB1873FDEBE611D67
+PT=63A4D826625CBD9F10083E62330BCFBC
+
+I=110
+KEY=D3952F36145B513DAFF41D59C9C170C7
+IV=BC2E6E9DD10152C8281B798F711A9334
+CT=63A4D826625CBD9F10083E62330BCFBC
+PT=41275EFDFC86B5BDCCCDCA2BBFA5B90D
+
+I=111
+KEY=92B271CBE8DDE4806339D7727664C9CA
+IV=D940A8D1B3448AA9148C7F6DFC266B00
+CT=41275EFDFC86B5BDCCCDCA2BBFA5B90D
+PT=56AC1BCB285044710D26EFC42A0ABA56
+
+I=112
+KEY=C41E6A00C08DA0F16E1F38B65C6E739C
+IV=214238FF5F4D01F3A6694EC80E15BCF7
+CT=56AC1BCB285044710D26EFC42A0ABA56
+PT=5AF2877973AB9787E42202AC0C6E7538
+
+I=113
+KEY=9EECED79B32637768A3D3A1A500006A4
+IV=561B4934904E327F3B3639CED6C7A995
+CT=5AF2877973AB9787E42202AC0C6E7538
+PT=787F52F6D9CD9085D782B95FD68F70F8
+
+I=114
+KEY=E693BF8F6AEBA7F35DBF8345868F765C
+IV=06B93FB1A99BD387A091509B8C6D3482
+CT=787F52F6D9CD9085D782B95FD68F70F8
+PT=E7B1DB917C92E488C6B02AC4C42AFD79
+
+I=115
+KEY=0122641E1679437B9B0FA98142A58B25
+IV=1D57A61FED51218BD8C1357CE58F21EB
+CT=E7B1DB917C92E488C6B02AC4C42AFD79
+PT=2FBAB770D511EACA849F654DE429DE84
+
+I=116
+KEY=2E98D36EC368A9B11F90CCCCA68C55A1
+IV=CB311C43EC32D59941CEF81BB9CF4E57
+CT=2FBAB770D511EACA849F654DE429DE84
+PT=A8FE17AEA961C2A450DD5EAABAA19613
+
+I=117
+KEY=8666C4C06A096B154F4D92661C2DC3B2
+IV=B9D7B74D62DD89A01EE3093A5C2A0470
+CT=A8FE17AEA961C2A450DD5EAABAA19613
+PT=D9E598A4DBAF82BDF9474BE13B997FF5
+
+I=118
+KEY=5F835C64B1A6E9A8B60AD98727B4BC47
+IV=6398D8A38C38A9B54DCF18C0D76758BA
+CT=D9E598A4DBAF82BDF9474BE13B997FF5
+PT=291DB2BC325CD7A94032E7C1208921A5
+
+I=119
+KEY=769EEED883FA3E01F6383E46073D9DE2
+IV=4774C7E1BB97117BCA26A897B9302EFA
+CT=291DB2BC325CD7A94032E7C1208921A5
+PT=DFC55866F85055F06E752E04AAC4C36A
+
+I=120
+KEY=A95BB6BE7BAA6BF1984D1042ADF95E88
+IV=BDA0616700CD2817FE4425F6F541E8C1
+CT=DFC55866F85055F06E752E04AAC4C36A
+PT=7CACB3A88E7114F7737B05D0FB3AF7F3
+
+I=121
+KEY=D5F70516F5DB7F06EB36159256C3A97B
+IV=1EF4836BD363B89EE73911B14EBE9262
+CT=7CACB3A88E7114F7737B05D0FB3AF7F3
+PT=3282F1F6B3C04E325FB13E85D18CDBBC
+
+I=122
+KEY=E775F4E0461B3134B4872B17874F72C7
+IV=E35D47CEDBD30701A64FE504C6BC4199
+CT=3282F1F6B3C04E325FB13E85D18CDBBC
+PT=BFB9748A3C825CDA3EA5D001F6AD305F
+
+I=123
+KEY=58CC806A7A996DEE8A22FB1671E24298
+IV=7A3676377E0B4F815B4B8C9A98DCAB4D
+CT=BFB9748A3C825CDA3EA5D001F6AD305F
+PT=B33787380A4C3BD5B32EC335916F9229
+
+I=124
+KEY=EBFB075270D5563B390C3823E08DD0B1
+IV=B3E40B27DBF6D985D4F57BD4D2899DC8
+CT=B33787380A4C3BD5B32EC335916F9229
+PT=BCD5E40A3B4885ACA82BEC952BA8A973
+
+I=125
+KEY=572EE3584B9DD3979127D4B6CB2579C2
+IV=897608FE3238F80CD24192CC64F4F695
+CT=BCD5E40A3B4885ACA82BEC952BA8A973
+PT=793E22E0B01FFE63E89C84A0D0FE1216
+
+I=126
+KEY=2E10C1B8FB822DF479BB50161BDB6BD4
+IV=D84401CF83566FEA8FB859C446C22632
+CT=793E22E0B01FFE63E89C84A0D0FE1216
+PT=96858A96FEB19712B10A44FBF8E633D9
+
+I=127
+KEY=B8954B2E0533BAE6C8B114EDE33D580D
+IV=7210E127BFB706EF9CD24139C0927E01
+CT=96858A96FEB19712B10A44FBF8E633D9
+PT=28A34CC75A215117331D6B88387E16F8
+
+I=128
+KEY=903607E95F12EBF1FBAC7F65DB434EF5
+IV=744B8DD281919F79FC529DA15AA0F18F
+CT=28A34CC75A215117331D6B88387E16F8
+PT=43FE41DC9FFB88F93ADC43D41BA3E4B2
+
+I=129
+KEY=D3C84635C0E96308C1703CB1C0E0AA47
+IV=5C7379A90F1E47F88C7424E8CD31E55D
+CT=43FE41DC9FFB88F93ADC43D41BA3E4B2
+PT=66D6D0E84CEB8672D38DDE557CCCFFF6
+
+I=130
+KEY=B51E96DD8C02E57A12FDE2E4BC2C55B1
+IV=529B92CD068415627C4BE49874347F98
+CT=66D6D0E84CEB8672D38DDE557CCCFFF6
+PT=F817D013CB041CA41B6D611ED261FAE9
+
+I=131
+KEY=4D0946CE4706F9DE099083FA6E4DAF58
+IV=9B4452DD48C3EECEFDB6A6CFAE670117
+CT=F817D013CB041CA41B6D611ED261FAE9
+PT=56420C70CC459A131CD531EDC39ED6E9
+
+I=132
+KEY=1B4B4ABE8B4363CD1545B217ADD379B1
+IV=264ABBC30CC98DA3C06B935B1364A317
+CT=56420C70CC459A131CD531EDC39ED6E9
+PT=650DA8C4CB11E4ABFE8841D20443BB04
+
+I=133
+KEY=7E46E27A40528766EBCDF3C5A990C2B5
+IV=DBABF7B18568FED50C69DA0C9AA5395D
+CT=650DA8C4CB11E4ABFE8841D20443BB04
+PT=94E6CE02AE253F3BE4A59775CAB7B11B
+
+I=134
+KEY=EAA02C78EE77B85D0F6864B0632773AE
+IV=F0D2E456CE063CB68988C1C397038480
+CT=94E6CE02AE253F3BE4A59775CAB7B11B
+PT=124F09DAC6A45E6077DCECE971B24ED1
+
+I=135
+KEY=F8EF25A228D3E63D78B4885912953D7F
+IV=C19A6D2D35E606E552580B002023C966
+CT=124F09DAC6A45E6077DCECE971B24ED1
+PT=AAD649FD1168DFCB431A7216571ED4C1
+
+I=136
+KEY=52396C5F39BB39F63BAEFA4F458BE9BE
+IV=DF1A307B1D25BC2751ECDC791EC51B16
+CT=AAD649FD1168DFCB431A7216571ED4C1
+PT=992749C940CBBB0944F5248E8D65268C
+
+I=137
+KEY=CB1E2596797082FF7F5BDEC1C8EECF32
+IV=D8B0466FC4344C6BF4E57584E5F48A36
+CT=992749C940CBBB0944F5248E8D65268C
+PT=FF16B9246C325A3B96250875A9D5C4BE
+
+I=138
+KEY=34089CB21542D8C4E97ED6B4613B0B8C
+IV=B8C3E4ECF57631CE1EEA74AD99545BA2
+CT=FF16B9246C325A3B96250875A9D5C4BE
+PT=72EDB906165FE6A19E02435AC6457C9A
+
+I=139
+KEY=46E525B4031D3E65777C95EEA77E7716
+IV=9C4F78D05257C64D752C576B5BB16245
+CT=72EDB906165FE6A19E02435AC6457C9A
+PT=0C2F00362B8733D343DCAF884A6BFD46
+
+I=140
+KEY=4ACA2582289A0DB634A03A66ED158A50
+IV=C51122198D2FD566ACA1BD07C28BCC7A
+CT=0C2F00362B8733D343DCAF884A6BFD46
+PT=C7F5C00F42695CF7870240DA73D487F7
+
+I=141
+KEY=8D3FE58D6AF35141B3A27ABC9EC10DA7
+IV=14769B7962371925822C42F0411BDC65
+CT=C7F5C00F42695CF7870240DA73D487F7
+PT=F4BC8A4310A4CD2F396F43B81BD060EB
+
+I=142
+KEY=79836FCE7A579C6E8ACD390485116D4C
+IV=CDA4414DF23427B937D586C1A8164479
+CT=F4BC8A4310A4CD2F396F43B81BD060EB
+PT=1B996A525174C35466103BCBD53ECB9C
+
+I=143
+KEY=621A059C2B235F3AECDD02CF502FA6D0
+IV=1DA9E7C02BE868E118E4B9BF5928BFCF
+CT=1B996A525174C35466103BCBD53ECB9C
+PT=2B4EC5CB9DE50257B5901C6D49B5EB54
+
+I=144
+KEY=4954C057B6C65D6D594D1EA2199A4D84
+IV=55433149AA93215BF53CB8FE66CD683A
+CT=2B4EC5CB9DE50257B5901C6D49B5EB54
+PT=5A5B9ACA3BDA951DC4C4DFB7DD15AD18
+
+I=145
+KEY=130F5A9D8D1CC8709D89C115C48FE09C
+IV=695C69EA8C4257D2758364AFF6387DA0
+CT=5A5B9ACA3BDA951DC4C4DFB7DD15AD18
+PT=5BB08593BA52E94F07CB14FF564AF299
+
+I=146
+KEY=48BFDF0E374E213F9A42D5EA92C51205
+IV=665463164601CD0045C684729CDD5E7D
+CT=5BB08593BA52E94F07CB14FF564AF299
+PT=DB1840467889551150026A90E3FC272F
+
+I=147
+KEY=93A79F484FC7742ECA40BF7A7139352A
+IV=355C4B87A682712460C80ABA630F7BE8
+CT=DB1840467889551150026A90E3FC272F
+PT=9F7BD8EF96A1ECC75B4E3031E65FE8FC
+
+I=148
+KEY=0CDC47A7D96698E9910E8F4B9766DDD6
+IV=FBF20FEC0A9E9B530DD3745955A1960C
+CT=9F7BD8EF96A1ECC75B4E3031E65FE8FC
+PT=DCF003E1DDD4B52F5B680568B42EEECF
+
+I=149
+KEY=D02C444604B22DC6CA668A2323483319
+IV=04EADC638E309466B9500B1C3A308856
+CT=DCF003E1DDD4B52F5B680568B42EEECF
+PT=DDD2F2AEFEF4A4641747699170DF0129
+
+I=150
+KEY=0DFEB6E8FA4689A2DD21E3B253973230
+IV=FB521123E5BB45F1AC7083C382B95E10
+CT=DDD2F2AEFEF4A4641747699170DF0129
+PT=7D6C54E4369E965513DE1E95E8A37433
+
+I=151
+KEY=7092E20CCCD81FF7CEFFFD27BB344603
+IV=0E71300101915AEE97563493B4B2EFB9
+CT=7D6C54E4369E965513DE1E95E8A37433
+PT=B7F5C4275EF7D3A23E8E9A4BC2BCA700
+
+I=152
+KEY=C767262B922FCC55F071676C7988E103
+IV=8BBC970D4E24F6F1A92859BBAE70B757
+CT=B7F5C4275EF7D3A23E8E9A4BC2BCA700
+PT=679FA9A8AB3EE2F0663D4DC95FEC3847
+
+I=153
+KEY=A0F88F8339112EA5964C2AA52664D944
+IV=B8D28B6903859465F996A0DF491DDAAA
+CT=679FA9A8AB3EE2F0663D4DC95FEC3847
+PT=914DCEAC5B00940A415C2144DAA1EF03
+
+I=154
+KEY=31B5412F6211BAAFD7100BE1FCC53647
+IV=06E1FF99E63E0EDDA1D95682B541D026
+CT=914DCEAC5B00940A415C2144DAA1EF03
+PT=A718031A531395DA071B828A10A2B9DC
+
+I=155
+KEY=96AD423531022F75D00B896BEC678F9B
+IV=F18546028693CC0A72E218460AC932E9
+CT=A718031A531395DA071B828A10A2B9DC
+PT=19D996B9FF549029D800CF977C0E0A88
+
+I=156
+KEY=8F74D48CCE56BF5C080B46FC90698513
+IV=7E98DAFA8DE35537A0B0AA8FA32E01DF
+CT=19D996B9FF549029D800CF977C0E0A88
+PT=6A7D514FBE9963987E0EE5DD22FDC8BD
+
+I=157
+KEY=E50985C370CFDCC47605A321B2944DAE
+IV=071F44277D12AD6E653FB747C11BEFB7
+CT=6A7D514FBE9963987E0EE5DD22FDC8BD
+PT=AB07C464DF72DF58411A7CBF906F43A6
+
+I=158
+KEY=4E0E41A7AFBD039C371FDF9E22FB0E08
+IV=BDA8979A0DE78999AE0659D2744BC21B
+CT=AB07C464DF72DF58411A7CBF906F43A6
+PT=A8ABC34FF51FD998427A7837BB0F22BB
+
+I=159
+KEY=E6A582E85AA2DA047565A7A999F42CB3
+IV=3CA763C4375A6C70F072B52C42A02560
+CT=A8ABC34FF51FD998427A7837BB0F22BB
+PT=9E82A41AB2A2748695663075C5BF1C09
+
+I=160
+KEY=782726F2E800AE82E00397DC5C4B30BA
+IV=B1DD4DC8715CA0B8BA3426395B61ABA4
+CT=9E82A41AB2A2748695663075C5BF1C09
+PT=3C891AEFC6645F3C23A2E3A2E1A522EF
+
+I=161
+KEY=44AE3C1D2E64F1BEC3A1747EBDEE1255
+IV=932F28E3FC0F85A0E703AD6079A68CC0
+CT=3C891AEFC6645F3C23A2E3A2E1A522EF
+PT=D4FDD9C3D36E80E0AFA95ABEC2E62FB9
+
+I=162
+KEY=9053E5DEFD0A715E6C082EC07F083DEC
+IV=1AD1530DE6274BBA3A097004D85DF8FA
+CT=D4FDD9C3D36E80E0AFA95ABEC2E62FB9
+PT=9FACBB106FBF34D9B25A83AD4F45AA38
+
+I=163
+KEY=0FFF5ECE92B54587DE52AD6D304D97D4
+IV=8412EAA361AB8193AD529FA36944FE3D
+CT=9FACBB106FBF34D9B25A83AD4F45AA38
+PT=E95628B6A14326AC153B228C0DD25063
+
+I=164
+KEY=E6A9767833F6632BCB698FE13D9FC7B7
+IV=9F1D906FD25CCCA7565D82CDA44B4A57
+CT=E95628B6A14326AC153B228C0DD25063
+PT=7B1ECD07E452D593D00E326F8FD9F2B5
+
+I=165
+KEY=9DB7BB7FD7A4B6B81B67BD8EB2463502
+IV=9C91B12734A86451492400EE5759C190
+CT=7B1ECD07E452D593D00E326F8FD9F2B5
+PT=A99874C1ECA463D335B37179348AEF4F
+
+I=166
+KEY=342FCFBE3B00D56B2ED4CCF786CCDA4D
+IV=9060C6E8E2B51E5F1000860ECB5A608C
+CT=A99874C1ECA463D335B37179348AEF4F
+PT=F9296E658C3048C58FE6404AB6E0186C
+
+I=167
+KEY=CD06A1DBB7309DAEA1328CBD302CC221
+IV=ADCB427405EDF8078622AFC6C731D3EF
+CT=F9296E658C3048C58FE6404AB6E0186C
+PT=8D3A4ABFB8F57AEBB1284B78BFDD240D
+
+I=168
+KEY=403CEB640FC5E745101AC7C58FF1E62C
+IV=4CED30477756892A49FE6358700F5DE7
+CT=8D3A4ABFB8F57AEBB1284B78BFDD240D
+PT=7C71310D5241B8B461847FA7E2B4D506
+
+I=169
+KEY=3C4DDA695D845FF1719EB8626D45332A
+IV=52A3B8E21588368AA3AD2131B283B34C
+CT=7C71310D5241B8B461847FA7E2B4D506
+PT=380A1E2925FC8061FBC69B08B4C7C6C8
+
+I=170
+KEY=0447C4407878DF908A58236AD982F5E2
+IV=B7AD265DF50ABD77C1D1D02BAF06CEBD
+CT=380A1E2925FC8061FBC69B08B4C7C6C8
+PT=6931E262570F27732A75629A384492CA
+
+I=171
+KEY=6D7626222F77F8E3A02D41F0E1C66728
+IV=DD7D3CA7F6CE54775836734B10685A99
+CT=6931E262570F27732A75629A384492CA
+PT=336D0AB3F9A793469C544E98CFDC8AD6
+
+I=172
+KEY=5E1B2C91D6D06BA53C790F682E1AEDFE
+IV=54087C05437049FBAFC9BF6C56AD16CC
+CT=336D0AB3F9A793469C544E98CFDC8AD6
+PT=0098A640F1D04E5557F748B80215082A
+
+I=173
+KEY=5E838AD1270025F06B8E47D02C0FE5D4
+IV=DD13A93C7FAEF14820D6A168AF9969DB
+CT=0098A640F1D04E5557F748B80215082A
+PT=48660EDDC3ACAC1A814AE088650DE007
+
+I=174
+KEY=16E5840CE4AC89EAEAC4A758490205D3
+IV=589C43A680F7AE6E15DE25FD50F18BED
+CT=48660EDDC3ACAC1A814AE088650DE007
+PT=047740C48160A14563C0049316C7B78E
+
+I=175
+KEY=1292C4C865CC28AF8904A3CB5FC5B25D
+IV=22DB095AF8268D37AC536FDA3A81B7C2
+CT=047740C48160A14563C0049316C7B78E
+PT=D9679ABB1AED1524E8DA2ECA89172853
+
+I=176
+KEY=CBF55E737F213D8B61DE8D01D6D29A0E
+IV=77FDCCC9BAB3B7E81D7B9D14540ED3A7
+CT=D9679ABB1AED1524E8DA2ECA89172853
+PT=C774AD9EF683A59747AB41DA044471C4
+
+I=177
+KEY=0C81F3ED89A2981C2675CCDBD296EBCA
+IV=2E266970512C0F6D404367978C70B5C6
+CT=C774AD9EF683A59747AB41DA044471C4
+PT=927C98AFDE6F108268A306A1A818EE89
+
+I=178
+KEY=9EFD6B4257CD889E4ED6CA7A7A8E0543
+IV=E2B0A0F146E931136932D8188B7DC980
+CT=927C98AFDE6F108268A306A1A818EE89
+PT=D3C11AF1EF255D65EAAEE5B5C5BF3CD9
+
+I=179
+KEY=4D3C71B3B8E8D5FBA4782FCFBF31399A
+IV=ABA118A590A8A69D41D20ED13F7DA4C9
+CT=D3C11AF1EF255D65EAAEE5B5C5BF3CD9
+PT=760B1C47EB476A246CE41163B7425C7B
+
+I=180
+KEY=3B376DF453AFBFDFC89C3EAC087365E1
+IV=8A395FFEE93FF820FBC086932216324F
+CT=760B1C47EB476A246CE41163B7425C7B
+PT=4EEAE25D1654A461D6A56896EDFFEAB7
+
+I=181
+KEY=75DD8FA945FB1BBE1E39563AE58C8F56
+IV=82D68DE458D38127E2A17DA736BC1651
+CT=4EEAE25D1654A461D6A56896EDFFEAB7
+PT=BD7ABD27F3515B9FD337ADADBA5E9EC9
+
+I=182
+KEY=C8A7328EB6AA4021CD0EFB975FD2119F
+IV=95757C38F4CB26C29DF174FD8B1F35E8
+CT=BD7ABD27F3515B9FD337ADADBA5E9EC9
+PT=E32EF56DE91CC21C158822BDB841A02C
+
+I=183
+KEY=2B89C7E35FB6823DD886D92AE793B1B3
+IV=AFFB434005E300E99E815A8E5B46E159
+CT=E32EF56DE91CC21C158822BDB841A02C
+PT=578B7692D68BD4D65A159C9CCDC81F64
+
+I=184
+KEY=7C02B171893D56EB829345B62A5BAED7
+IV=15E783551969F275EF25A429F68BA0DB
+CT=578B7692D68BD4D65A159C9CCDC81F64
+PT=0F70D77F31DE8F0010628377C8E4A1C3
+
+I=185
+KEY=7372660EB8E3D9EB92F1C6C1E2BF0F14
+IV=078B6E3FC7C79D52A5C49847A7C5D0BB
+CT=0F70D77F31DE8F0010628377C8E4A1C3
+PT=A4F29F6A50A4A15789D4647774C96997
+
+I=186
+KEY=D780F964E84778BC1B25A2B696766683
+IV=C9B2C903F131856C0D8218146479513A
+CT=A4F29F6A50A4A15789D4647774C96997
+PT=7AD4F764911F8F1E8C9356F00B1468EE
+
+I=187
+KEY=AD540E007958F7A297B6F4469D620E6D
+IV=780DAD9DBA12DDC713ECF44057B8B56E
+CT=7AD4F764911F8F1E8C9356F00B1468EE
+PT=A00EAFD28A95C7F39137773F28F9A0D3
+
+I=188
+KEY=0D5AA1D2F3CD305106818379B59BAEBE
+IV=6643BF26488FB21BCDAA7D4FABAA5BC3
+CT=A00EAFD28A95C7F39137773F28F9A0D3
+PT=FC884EEEB73B2F66C97D742A441B0463
+
+I=189
+KEY=F1D2EF3C44F61F37CFFCF753F180AADD
+IV=7B707442550BF1FA4C1B74F0DC3237FC
+CT=FC884EEEB73B2F66C97D742A441B0463
+PT=9C260AA82C6902B068495B4844507F7D
+
+I=190
+KEY=6DF4E594689F1D87A7B5AC1BB5D0D5A0
+IV=8329E8DE2980225DA61158BF467B1D79
+CT=9C260AA82C6902B068495B4844507F7D
+PT=1C12FEAA35AD2DD21DE6411C3A3BB6D5
+
+I=191
+KEY=71E61B3E5D323055BA53ED078FEB6375
+IV=EFD514D7CF3FAC49DBB5BB3505B9B18F
+CT=1C12FEAA35AD2DD21DE6411C3A3BB6D5
+PT=15F26D34E8E1037A5A2393CEA5DB396B
+
+I=192
+KEY=6414760AB5D3332FE0707EC92A305A1E
+IV=9EFC37C295552B965B29A23AC2788D8B
+CT=15F26D34E8E1037A5A2393CEA5DB396B
+PT=76F0C79955566A0A091AA46E0C59455E
+
+I=193
+KEY=12E4B193E0855925E96ADAA726691F40
+IV=5BA54E33128A7526A9130E632BE00D65
+CT=76F0C79955566A0A091AA46E0C59455E
+PT=1EA06231EBEEB995E2F94B88A4004333
+
+I=194
+KEY=0C44D3A20B6BE0B00B93912F82695C73
+IV=9B1C6FA42510E530D2282BF8C5516DCE
+CT=1EA06231EBEEB995E2F94B88A4004333
+PT=16C36348884B32AC1CB1DE2D3C158981
+
+I=195
+KEY=1A87B0EA8320D21C17224F02BE7CD5F2
+IV=F755F641EED4C828DCBECC327D93F4AF
+CT=16C36348884B32AC1CB1DE2D3C158981
+PT=6581A3FB5F61C6C1904F35E787BF552D
+
+I=196
+KEY=7F061311DC4114DD876D7AE539C380DF
+IV=5D799F356C1672707716C47DA4384C01
+CT=6581A3FB5F61C6C1904F35E787BF552D
+PT=0BA11F8EE845E03641928825B3344994
+
+I=197
+KEY=74A70C9F3404F4EBC6FFF2C08AF7C94B
+IV=89A5592031795CEAECF1C1F274813818
+CT=0BA11F8EE845E03641928825B3344994
+PT=1CF907A6C8A33C7806819EB97B854588
+
+I=198
+KEY=685E0B39FCA7C893C07E6C79F1728CC3
+IV=BBE87558AF456066B9CE3EBB8729D554
+CT=1CF907A6C8A33C7806819EB97B854588
+PT=722BB2E53CE7846F40B5EA18AF1430B0
+
+I=199
+KEY=1A75B9DCC0404CFC80CB86615E66BC73
+IV=2CC42E6DA36883482ACB5D9D92823186
+CT=722BB2E53CE7846F40B5EA18AF1430B0
+PT=E667D6A95E9C56BB56E4436CC1B69874
+
+I=200
+KEY=FC126F759EDC1A47D62FC50D9FD02407
+IV=F18DD0388BF5692B7394BAFDC4854308
+CT=E667D6A95E9C56BB56E4436CC1B69874
+PT=3C9A76798C468470EEBC5F7B915879A3
+
+I=201
+KEY=C088190C129A9E3738939A760E885DA4
+IV=8262D8603FE0F4AE8BF5795690992F1C
+CT=3C9A76798C468470EEBC5F7B915879A3
+PT=3CAFB994BDEF76370D8A5129B63BECDB
+
+I=202
+KEY=FC27A098AF75E8003519CB5FB8B3B17F
+IV=AB090F7A86CFD9A7C1BD8869BBB4D27B
+CT=3CAFB994BDEF76370D8A5129B63BECDB
+PT=50D037733D2C3242024BD322ADDF01CB
+
+I=203
+KEY=ACF797EB9259DA423752187D156CB0B4
+IV=3581D6724722C3892C712B2AA1066824
+CT=50D037733D2C3242024BD322ADDF01CB
+PT=0D7CB755305EF09692FCED530CCC1336
+
+I=204
+KEY=A18B20BEA2072AD4A5AEF52E19A0A382
+IV=9D0DAD6448895ECBE05F8DC73E014E3C
+CT=0D7CB755305EF09692FCED530CCC1336
+PT=D66389E01F44C60B26BCF3F9B39DAB55
+
+I=205
+KEY=77E8A95EBD43ECDF831206D7AA3D08D7
+IV=7BDC3CD62CD79C7E6CB8FAE104175DE4
+CT=D66389E01F44C60B26BCF3F9B39DAB55
+PT=CC9F59409D636BE5C555AC2841650CD7
+
+I=206
+KEY=BB77F01E2020873A4647AAFFEB580400
+IV=A4FBE42983B236097E40C1E244B14748
+CT=CC9F59409D636BE5C555AC2841650CD7
+PT=34804672FCEF79481269B1D254DDCAF9
+
+I=207
+KEY=8FF7B66CDCCFFE72542E1B2DBF85CEF9
+IV=700B37E771E88E5DCD9C81D6FD16B995
+CT=34804672FCEF79481269B1D254DDCAF9
+PT=62FC00FDF1F6BF44FFBEB5BED5589A64
+
+I=208
+KEY=ED0BB6912D394136AB90AE936ADD549D
+IV=F3A9954079382ACD97C3EC198522AE69
+CT=62FC00FDF1F6BF44FFBEB5BED5589A64
+PT=F7901904A02544E064400A2625121C4C
+
+I=209
+KEY=1A9BAF958D1C05D6CFD0A4B54FCF48D1
+IV=3799F5DEF76C56F8B0A69889B85760AA
+CT=F7901904A02544E064400A2625121C4C
+PT=A915D55AE8E14497F2693A55F83041F5
+
+I=210
+KEY=B38E7ACF65FD41413DB99EE0B7FF0924
+IV=5421F3F4CDD3C6F9BF38184BC61904AA
+CT=A915D55AE8E14497F2693A55F83041F5
+PT=66EA0D0968631F3BDA46921078E495C1
+
+I=211
+KEY=D56477C60D9E5E7AE7FF0CF0CF1B9CE5
+IV=3B87243EE38BD474E4CBF34A7C592CFC
+CT=66EA0D0968631F3BDA46921078E495C1
+PT=283826367D00718849A6539EE8CAD8BF
+
+I=212
+KEY=FD5C51F0709E2FF2AE595F6E27D1445A
+IV=0FB53077D2BC27C544CD400A28212291
+CT=283826367D00718849A6539EE8CAD8BF
+PT=B15EA2718FB406D457C8B96530EDC014
+
+I=213
+KEY=4C02F381FF2A2926F991E60B173C844E
+IV=8BFE654E422E9BCCE7F1357053E1130C
+CT=B15EA2718FB406D457C8B96530EDC014
+PT=44238CE0F1765C7983BF408D5ECFA2BA
+
+I=214
+KEY=08217F610E5C755F7A2EA68649F326F4
+IV=86841D597FA91F54CBAD3C57FC1FC492
+CT=44238CE0F1765C7983BF408D5ECFA2BA
+PT=BB6408099CA64F1216D204865449E967
+
+I=215
+KEY=B345776892FA3A4D6CFCA2001DBACF93
+IV=849198CEA19F4AD76013D172867A0D20
+CT=BB6408099CA64F1216D204865449E967
+PT=B7E109C6813E686ADA396DDB277AD960
+
+I=216
+KEY=04A47EAE13C45227B6C5CFDB3AC016F3
+IV=9C5E0182124701DA958CF68E1B9F8CC1
+CT=B7E109C6813E686ADA396DDB277AD960
+PT=65C77CB822CA10AE1F95B91F0A3F6436
+
+I=217
+KEY=61630216310E4289A95076C430FF72C5
+IV=2BB9026F793A64A325E02B922E3A51DD
+CT=65C77CB822CA10AE1F95B91F0A3F6436
+PT=48E9DB9FC3F883AD28A0299561444197
+
+I=218
+KEY=298AD989F2F6C12481F05F5151BB3352
+IV=6BE0B03639C858D8F2CAE00EFE8FECCA
+CT=48E9DB9FC3F883AD28A0299561444197
+PT=02B277AB327BCB5C91831BD376DC5211
+
+I=219
+KEY=2B38AE22C08D0A781073448227676143
+IV=ADC033E3EEC3705031D2FB24205823A2
+CT=02B277AB327BCB5C91831BD376DC5211
+PT=FE288D6703CF6AB1635483305A82F192
+
+I=220
+KEY=D5102345C34260C97327C7B27DE590D1
+IV=F637C38CB5DF86458225143E157B9415
+CT=FE288D6703CF6AB1635483305A82F192
+PT=B07BF02F795D13D972D5D6E556E8BA37
+
+I=221
+KEY=656BD36ABA1F731001F211572B0D2AE6
+IV=824B7BBB3A339BF045C3CFEA9FD842B9
+CT=B07BF02F795D13D972D5D6E556E8BA37
+PT=D4661C2E102C6644724DA54BE291215D
+
+I=222
+KEY=B10DCF44AA33155473BFB41CC99C0BBB
+IV=21FA242B2B9FFF0C7DC6B712A38A333B
+CT=D4661C2E102C6644724DA54BE291215D
+PT=F7EDEE448559A6ACD68815B6EEAF6E38
+
+I=223
+KEY=46E021002F6AB3F8A537A1AA27336583
+IV=390906ECE51C92800D620E1CD1FD3574
+CT=F7EDEE448559A6ACD68815B6EEAF6E38
+PT=07257C91424F65E6752470A6960DF6D9
+
+I=224
+KEY=41C55D916D25D61ED013D10CB13E935A
+IV=918A010EC2B106DE32A220315999DF7D
+CT=07257C91424F65E6752470A6960DF6D9
+PT=CCB4F3FCFFDEE9E93DD3AB4CC2DB870E
+
+I=225
+KEY=8D71AE6D92FB3FF7EDC07A4073E51454
+IV=7CF6B4948C4E04ED235F2CC96B0A6B49
+CT=CCB4F3FCFFDEE9E93DD3AB4CC2DB870E
+PT=C455220E8C8847FF2592074A53104105
+
+I=226
+KEY=49248C631E737808C8527D0A20F55551
+IV=4839E74C868786D0A109603CF98F1100
+CT=C455220E8C8847FF2592074A53104105
+PT=B4D0F5B4C15D7AD556ED4964A94C898F
+
+I=227
+KEY=FDF479D7DF2E02DD9EBF346E89B9DCDE
+IV=5C6D9649E47FAA8A2DCAFB317B6BC0EA
+CT=B4D0F5B4C15D7AD556ED4964A94C898F
+PT=B515D2904555793DDC142618DCFF8464
+
+I=228
+KEY=48E1AB479A7B7BE042AB1276554658BA
+IV=E3573B4137C13BBA6CDD10D71042B8F6
+CT=B515D2904555793DDC142618DCFF8464
+PT=2C272D6589E2E6EE09067882795E9FB9
+
+I=229
+KEY=64C6862213999D0E4BAD6AF42C18C703
+IV=08E335104FC5D18E2C11EF34B805F060
+CT=2C272D6589E2E6EE09067882795E9FB9
+PT=B38E39322245C4A2E170EBF36D764AD5
+
+I=230
+KEY=D748BF1031DC59ACAADD8107416E8DD6
+IV=E134D0DEA38A23983766DA18DADA70E0
+CT=B38E39322245C4A2E170EBF36D764AD5
+PT=E7556255602B48D7CAC710A004FFFD2E
+
+I=231
+KEY=301DDD4551F7117B601A91A7459170F8
+IV=301C2808833418F45D5F97FB09A99504
+CT=E7556255602B48D7CAC710A004FFFD2E
+PT=D4356D51B1C486AAC8BCF2F65312758C
+
+I=232
+KEY=E428B014E03397D1A8A6635116830574
+IV=264D556FA9A9D73510F562BBF983A4F7
+CT=D4356D51B1C486AAC8BCF2F65312758C
+PT=B4D003D6C542B576A3EAEC8F1B017F5B
+
+I=233
+KEY=50F8B3C2257122A70B4C8FDE0D827A2F
+IV=8821647AD3E9E529909E60D0F75DA400
+CT=B4D003D6C542B576A3EAEC8F1B017F5B
+PT=10056819F314FF21114BE6209AB5508C
+
+I=234
+KEY=40FDDBDBD665DD861A0769FE97372AA3
+IV=CBD574F4DB1EFEE4E2EC9485D1192E04
+CT=10056819F314FF21114BE6209AB5508C
+PT=6E7AA061FE85B6F8972CB0E793BE0CB0
+
+I=235
+KEY=2E877BBA28E06B7E8D2BD91904892613
+IV=4F98EE1501681EC0E7834FE941DF6C6B
+CT=6E7AA061FE85B6F8972CB0E793BE0CB0
+PT=45E0C0014219D77686E82E74E60608CA
+
+I=236
+KEY=6B67BBBB6AF9BC080BC3F76DE28F2ED9
+IV=1D34CAB2FF836A7E6568823784519170
+CT=45E0C0014219D77686E82E74E60608CA
+PT=ACF686F9D6723EAFDBFE512AB3A8C6B1
+
+I=237
+KEY=C7913D42BC8B82A7D03DA6475127E868
+IV=BEA74B4435F9F79D39B8CCE1F090D4B8
+CT=ACF686F9D6723EAFDBFE512AB3A8C6B1
+PT=F11FE34D158D40DEA10033BCE0253F30
+
+I=238
+KEY=368EDE0FA906C279713D95FBB102D758
+IV=DF30EE5D8CA298BE630DDE4B6D8AD7AA
+CT=F11FE34D158D40DEA10033BCE0253F30
+PT=4E970ACAB8B19C942C85FAA7825C5E67
+
+I=239
+KEY=7819D4C511B75EED5DB86F5C335E893F
+IV=DC3CCC928C02710EE91391032A3B557D
+CT=4E970ACAB8B19C942C85FAA7825C5E67
+PT=0FF6C292507CF135036E04A391210466
+
+I=240
+KEY=77EF165741CBAFD85ED66BFFA27F8D59
+IV=7CC57A486E05E36F852278450C03D39F
+CT=0FF6C292507CF135036E04A391210466
+PT=BBEF94C8179E7A124492A252507D58E7
+
+I=241
+KEY=CC00829F5655D5CA1A44C9ADF202D5BE
+IV=BBB92F65197F8D6B388191E78E90A858
+CT=BBEF94C8179E7A124492A252507D58E7
+PT=BAF11150DD418ED7C28072A718815954
+
+I=242
+KEY=76F193CF8B145B1DD8C4BB0AEA838CEA
+IV=99DA5A29F934BE23EB74B6DE4E8CC740
+CT=BAF11150DD418ED7C28072A718815954
+PT=A935099B91A35655C850939D2FED1569
+
+I=243
+KEY=DFC49A541AB70D4810942897C56E9983
+IV=92401B7E92A49FA5A6905E51E49D51C2
+CT=A935099B91A35655C850939D2FED1569
+PT=F60E1B5D10CDA17FC762798B86B8708D
+
+I=244
+KEY=29CA81090A7AAC37D7F6511C43D6E90E
+IV=C2A57521674EB0FB3E46DE2CC1DCF419
+CT=F60E1B5D10CDA17FC762798B86B8708D
+PT=0B976079B61F46E7F3CCCD17E23D872F
+
+I=245
+KEY=225DE170BC65EAD0243A9C0BA1EB6E21
+IV=66970AE807FED1E3581496C9FBE5FF50
+CT=0B976079B61F46E7F3CCCD17E23D872F
+PT=FB44F0094A5FC03BD0A27391E58D0AA3
+
+I=246
+KEY=D9191179F63A2AEBF498EF9A44666482
+IV=ED7B2ED1AFF7DB9B514D6E4DFAEA484B
+CT=FB44F0094A5FC03BD0A27391E58D0AA3
+PT=41A534A69AD25FEB39BB9F754F15D8FE
+
+I=247
+KEY=98BC25DF6CE87500CD2370EF0B73BC7C
+IV=B7E8C7F08BCE1CF1CC2568E18C18C92B
+CT=41A534A69AD25FEB39BB9F754F15D8FE
+PT=022B28D4F7355E14F99F654B6C35BC16
+
+I=248
+KEY=9A970D0B9BDD2B1434BC15A46746006A
+IV=F2EF32464FC7E5F3D397C259CB963B7F
+CT=022B28D4F7355E14F99F654B6C35BC16
+PT=28F18EA03ADEB36C40FD8FBC590EC6C8
+
+I=249
+KEY=B26683ABA103987874419A183E48C6A2
+IV=687E822CCFC5800E88E59ED7DEC1409D
+CT=28F18EA03ADEB36C40FD8FBC590EC6C8
+PT=661F9AEA300100333D64FCDD1212C663
+
+I=250
+KEY=D47919419102984B492566C52C5A00C1
+IV=3922BB08EE1B4CC75881D1D6F66B8EE0
+CT=661F9AEA300100333D64FCDD1212C663
+PT=11C4D360F585EDF544D5479AE1ABDBE6
+
+I=251
+KEY=C5BDCA21648775BE0DF0215FCDF1DB27
+IV=9B7C0D7D0EA8CAD77B331F2E0CA1E639
+CT=11C4D360F585EDF544D5479AE1ABDBE6
+PT=2E4695733B01CC78993E6EB464784223
+
+I=252
+KEY=EBFB5F525F86B9C694CE4FEBA9899904
+IV=A2BF273F12FE1F4B2F56A86CAFD9C5BF
+CT=2E4695733B01CC78993E6EB464784223
+PT=1CC514E9F4B13FFEF3B076DAC8C62877
+
+I=253
+KEY=F73E4BBBAB378638677E3931614FB173
+IV=1D4960EBE667AC5DE5ED767183838846
+CT=1CC514E9F4B13FFEF3B076DAC8C62877
+PT=3B1A7D179DDED66A37F3053B8B231EEA
+
+I=254
+KEY=CC2436AC36E95052508D3C0AEA6CAF99
+IV=974643FDFDB695A44B7EF8676A2B87DD
+CT=3B1A7D179DDED66A37F3053B8B231EEA
+PT=620A4E7A25E8D05779C0FB8CEBA55A74
+
+I=255
+KEY=AE2E78D613018005294DC78601C9F5ED
+IV=C9A1D92DB7D553DCAEB3BB81B489257A
+CT=620A4E7A25E8D05779C0FB8CEBA55A74
+PT=93508503278ECECE65D67B5F50962C4E
+
+I=256
+KEY=3D7EFDD5348F4ECB4C9BBCD9515FD9A3
+IV=108E736F1DCD178A8648F6AA6D527732
+CT=93508503278ECECE65D67B5F50962C4E
+PT=EA9E953D8B62FFAFF9FAFB97F614D65C
+
+I=257
+KEY=D7E068E8BFEDB164B561474EA74B0FFF
+IV=B893A94302C0DAFB19D7B6656085DCA9
+CT=EA9E953D8B62FFAFF9FAFB97F614D65C
+PT=1452ED26E774029EF30D272F8548C2F8
+
+I=258
+KEY=C3B285CE5899B3FA466C60612203CD07
+IV=668FF6719E5A29A99876227EEDE5818F
+CT=1452ED26E774029EF30D272F8548C2F8
+PT=4083167E5ED1A1A449C1825B84F321E1
+
+I=259
+KEY=833193B00648125E0FADE23AA6F0ECE6
+IV=9F6375A022543AB8303368A235813F02
+CT=4083167E5ED1A1A449C1825B84F321E1
+PT=9206639D076685FD2078F9B984B7A03F
+
+I=260
+KEY=1137F02D012E97A32FD51B8322474CD9
+IV=1B95128E90B110AED9D543D2A996271F
+CT=9206639D076685FD2078F9B984B7A03F
+PT=AAA3F2BD0126DFD5007DD2835CCB0109
+
+I=261
+KEY=BB940290000848762FA8C9007E8C4DD0
+IV=BB2E26A9CDEF9D1B2940EFFBA1971A5D
+CT=AAA3F2BD0126DFD5007DD2835CCB0109
+PT=B58BB3761519C1726D75AE96313FB7DE
+
+I=262
+KEY=0E1FB1E61511890442DD67964FB3FA0E
+IV=68D3EC37EE43E3F24072F69F2DFA768D
+CT=B58BB3761519C1726D75AE96313FB7DE
+PT=4558CD47C012B7293396D7EDFE3CEA85
+
+I=263
+KEY=4B477CA1D5033E2D714BB07BB18F108B
+IV=F7E107DBF4DDBF7974B699536A4E2803
+CT=4558CD47C012B7293396D7EDFE3CEA85
+PT=6F43B6B28AEF5DD1B66279ACAAB9A589
+
+I=264
+KEY=2404CA135FEC63FCC729C9D71B36B502
+IV=B3E6DA8DE5DDF7ED6F832D1306A1C04A
+CT=6F43B6B28AEF5DD1B66279ACAAB9A589
+PT=1BA743E148BC164C4C8324D665B5A3BD
+
+I=265
+KEY=3FA389F2175075B08BAAED017E8316BF
+IV=8BBBB56B39893C8F286561EF6E47E66A
+CT=1BA743E148BC164C4C8324D665B5A3BD
+PT=49A40365092DD1360D916AAEAFD03FC1
+
+I=266
+KEY=76078A971E7DA486863B87AFD153297E
+IV=48BA08703A306F772E78F660173A26B3
+CT=49A40365092DD1360D916AAEAFD03FC1
+PT=DF7DEB5968D683AAA274B0D5D3F9AA03
+
+I=267
+KEY=A97A61CE76AB272C244F377A02AA837D
+IV=0C7832F9CDF65DADA7FA809B8DE709C3
+CT=DF7DEB5968D683AAA274B0D5D3F9AA03
+PT=69689E97E9B166DA53E25BDFBCAF4A97
+
+I=268
+KEY=C012FF599F1A41F677AD6CA5BE05C9EA
+IV=05BC03F59CD8C5FAE4A7240E6168CF41
+CT=69689E97E9B166DA53E25BDFBCAF4A97
+PT=5F87DC71EF2918F75A94E43007FF50E6
+
+I=269
+KEY=9F952328703359012D398895B9FA990C
+IV=4233E654802B55155E158B650B64718E
+CT=5F87DC71EF2918F75A94E43007FF50E6
+PT=4F170790775A6A147E99D251C401969A
+
+I=270
+KEY=D08224B80769331553A05AC47DFB0F96
+IV=4AEAE53003D5085F5963CC36C4589941
+CT=4F170790775A6A147E99D251C401969A
+PT=E566D46360EF38E5CFF0C2E7E7E0D679
+
+I=271
+KEY=35E4F0DB67860BF09C5098239A1BD9EF
+IV=F6CBFF51F6E59B7AAA9EB1261707429A
+CT=E566D46360EF38E5CFF0C2E7E7E0D679
+PT=F7189C4B9E1048ED66D9B7CCD089C5F9
+
+I=272
+KEY=C2FC6C90F996431DFA892FEF4A921C16
+IV=0A05A4BFBBCC8B3E218C123A95FFF475
+CT=F7189C4B9E1048ED66D9B7CCD089C5F9
+PT=68FB0909789DBFA672BEEF5DF0017B63
+
+I=273
+KEY=AA076599810BFCBB8837C0B2BA936775
+IV=DF1A3AF147E72C2CEAE5D8713D52F572
+CT=68FB0909789DBFA672BEEF5DF0017B63
+PT=AF2784590089186BED3A48ADC1B68562
+
+I=274
+KEY=0520E1C08182E4D0650D881F7B25E217
+IV=BFDC5ECF596F5F3CFFEAAF4B961209FA
+CT=AF2784590089186BED3A48ADC1B68562
+PT=E8C29D3C129AB8FA797EFDCE4CE4D4F2
+
+I=275
+KEY=EDE27CFC93185C2A1C7375D137C136E5
+IV=49195E71516D5117C26814F98FD94C31
+CT=E8C29D3C129AB8FA797EFDCE4CE4D4F2
+PT=6ACF2AE12C38DB520F49E6C90D4B8F03
+
+I=276
+KEY=872D561DBF208778133A93183A8AB9E6
+IV=E4FA7788D6E7AFBD08884BFCFA74D30C
+CT=6ACF2AE12C38DB520F49E6C90D4B8F03
+PT=78FEA3B57D6176C44CE753FB01416CA6
+
+I=277
+KEY=FFD3F5A8C241F1BC5FDDC0E33BCBD540
+IV=08E333F43615229D95E7C425A04EA2B7
+CT=78FEA3B57D6176C44CE753FB01416CA6
+PT=5030D7131ABBD7AC323BA31B602B776E
+
+I=278
+KEY=AFE322BBD8FA26106DE663F85BE0A22E
+IV=64BDE35106D9A66A4216EA20F6C52D06
+CT=5030D7131ABBD7AC323BA31B602B776E
+PT=14B32E8BD3BD9D82613E32536E6A9F91
+
+I=279
+KEY=BB500C300B47BB920CD851AB358A3DBF
+IV=8FB9E6BDCD50610E97CF731216CFE698
+CT=14B32E8BD3BD9D82613E32536E6A9F91
+PT=1F22542AFCE63AA92CCDAF45F8DAEEF0
+
+I=280
+KEY=A472581AF7A1813B2015FEEECD50D34F
+IV=E18B3C5EDA8CDA9E94A376CEEF687D9F
+CT=1F22542AFCE63AA92CCDAF45F8DAEEF0
+PT=FC986510E3ED40994D1C33201D0EDB27
+
+I=281
+KEY=58EA3D0A144CC1A26D09CDCED05E0868
+IV=D1828C9DDB263064AD259A2360B3DFBA
+CT=FC986510E3ED40994D1C33201D0EDB27
+PT=06C1CE557C9AC5D40560CF2D40DCC47C
+
+I=282
+KEY=5E2BF35F68D60476686902E39082CC14
+IV=3454FD0698CC8CD949970509C23E50F6
+CT=06C1CE557C9AC5D40560CF2D40DCC47C
+PT=4287FA420FD9AFCAB7E290273BDF4054
+
+I=283
+KEY=1CAC091D670FABBCDF8B92C4AB5D8C40
+IV=C2F0C044A975ADBD20DE56858A074886
+CT=4287FA420FD9AFCAB7E290273BDF4054
+PT=447AFDD3ACF0DEEB0385799789FBAFF0
+
+I=284
+KEY=58D6F4CECBFF7557DC0EEB5322A623B0
+IV=299C337821B0779A7ADC3A04316A6373
+CT=447AFDD3ACF0DEEB0385799789FBAFF0
+PT=BA0BBC980827E87EEA51E66C92C96B31
+
+I=285
+KEY=E2DD4856C3D89D29365F0D3FB06F4881
+IV=2368291AD179C3C143E636898EB3E104
+CT=BA0BBC980827E87EEA51E66C92C96B31
+PT=77A6131415B251049423FFFB1F3A8A3A
+
+I=286
+KEY=957B5B42D66ACC2DA27CF2C4AF55C2BB
+IV=14300EA81B57E102AEDD97CCD466E18A
+CT=77A6131415B251049423FFFB1F3A8A3A
+PT=A7AEC0CC599D56347A72D934DDAC7899
+
+I=287
+KEY=32D59B8E8FF79A19D80E2BF072F9BA22
+IV=FD62415C90DACCD22EC364877DB0CB24
+CT=A7AEC0CC599D56347A72D934DDAC7899
+PT=1B1100FCB9F85D8CCFDEC5865083B44D
+
+I=288
+KEY=29C49B72360FC79517D0EE76227A0E6F
+IV=6CB24892D26E43E63819C372D5EB4F6D
+CT=1B1100FCB9F85D8CCFDEC5865083B44D
+PT=33E9BBD018604F301C2543878FCCCA5C
+
+I=289
+KEY=1A2D20A22E6F88A50BF5ADF1ADB6C433
+IV=50D84A03998B897D1AE217FEA9A955C4
+CT=33E9BBD018604F301C2543878FCCCA5C
+PT=07163D652DB035C091830042D6047DF3
+
+I=290
+KEY=1D3B1DC703DFBD659A76ADB37BB2B9C0
+IV=092DF26C855F07690836203E3E1790D0
+CT=07163D652DB035C091830042D6047DF3
+PT=AD6647AF8EFCD4F3B2ECDB4D6FFFC1EB
+
+I=291
+KEY=B05D5A688D236996289A76FE144D782B
+IV=68634C941957E3F58F71BE37D7C5C78B
+CT=AD6647AF8EFCD4F3B2ECDB4D6FFFC1EB
+PT=D2B51122154D10F67D2C07BD75D5E8E2
+
+I=292
+KEY=62E84B4A986E796055B67143619890C9
+IV=3C85044F6438FAA021BB7985A63A959D
+CT=D2B51122154D10F67D2C07BD75D5E8E2
+PT=4131E9296FECD2DF35EDFBF0CBD0E54B
+
+I=293
+KEY=23D9A263F782ABBF605B8AB3AA487582
+IV=46D47F3F12B6ADD5580CE8CE7C7359CD
+CT=4131E9296FECD2DF35EDFBF0CBD0E54B
+PT=5AEA3E73A6EC0D9D683A3526AC1C0E58
+
+I=294
+KEY=79339C10516EA6220861BF9506547BDA
+IV=D3C58B190FDA0838C770C2185C553D97
+CT=5AEA3E73A6EC0D9D683A3526AC1C0E58
+PT=A21B17CB4588C30CAD6DF25A5E83E273
+
+I=295
+KEY=DB288BDB14E6652EA50C4DCF58D799A9
+IV=870E7F0E3109712E84C58BEC0E7032F6
+CT=A21B17CB4588C30CAD6DF25A5E83E273
+PT=0021FF3BB8336E607B8DE10117005230
+
+I=296
+KEY=DB0974E0ACD50B4EDE81ACCE4FD7CB99
+IV=2FC82B298A60FC40DA3EFD4E800DB063
+CT=0021FF3BB8336E607B8DE10117005230
+PT=2EFA32680ECD84891B447393F7C1AC88
+
+I=297
+KEY=F5F34688A2188FC7C5C5DF5DB8166711
+IV=E1B86C9FC466B72BE40F65973FC41FC4
+CT=2EFA32680ECD84891B447393F7C1AC88
+PT=722117C1EE83FBA840EFEE86A930579F
+
+I=298
+KEY=87D251494C9B746F852A31DB1126308E
+IV=48E347A705B6E322153BFE567931346F
+CT=722117C1EE83FBA840EFEE86A930579F
+PT=A684344231EC4C03726A0DC20EADA36D
+
+I=299
+KEY=2156650B7D77386CF7403C191F8B93E3
+IV=4CD618E5F959FC4C66602263F6C5C652
+CT=A684344231EC4C03726A0DC20EADA36D
+PT=F40BFBEAC1C1BD1621FBAE1B605BD092
+
+I=300
+KEY=D55D9EE1BCB6857AD6BB92027FD04371
+IV=5A41E8952E6B1C551C4691DE9C0A4B6D
+CT=F40BFBEAC1C1BD1621FBAE1B605BD092
+PT=6ECDBFB3947C7E81C7BD4BE93B603728
+
+I=301
+KEY=BB90215228CAFBFB1106D9EB44B07459
+IV=52E2726B0855F993E1075077B3AB1E77
+CT=6ECDBFB3947C7E81C7BD4BE93B603728
+PT=71E051375A3B974FE523DA47862E24AE
+
+I=302
+KEY=CA70706572F16CB4F42503ACC29E50F7
+IV=76B6637161FBE4760FCE90E9868B441A
+CT=71E051375A3B974FE523DA47862E24AE
+PT=CC6CFBCF9A62A3AE55F6B040673B25B3
+
+I=303
+KEY=061C8BAAE893CF1AA1D3B3ECA5A57544
+IV=5563B0C2350A4ED76EE0C322480884FB
+CT=CC6CFBCF9A62A3AE55F6B040673B25B3
+PT=DA71B26C4EE3FB1FD413FD0757B379E6
+
+I=304
+KEY=DC6D39C6A670340575C04EEBF2160CA2
+IV=45C1C5DAF8DE9170C01E554DD36C564E
+CT=DA71B26C4EE3FB1FD413FD0757B379E6
+PT=BCD4BC394FFB46207EF0A8EC9883BD55
+
+I=305
+KEY=60B985FFE98B72250B30E6076A95B1F7
+IV=38E5B69E6D82A760BFD65CBAACC56F8A
+CT=BCD4BC394FFB46207EF0A8EC9883BD55
+PT=FD997E7A7B77E5DF637182399779AF75
+
+I=306
+KEY=9D20FB8592FC97FA6841643EFDEC1E82
+IV=8EB39B261910419E43B178DCD6803572
+CT=FD997E7A7B77E5DF637182399779AF75
+PT=71749C51136457B604CD8B4C193928A8
+
+I=307
+KEY=EC5467D48198C04C6C8CEF72E4D5362A
+IV=6DFA447305215066A0B5671E5AB80951
+CT=71749C51136457B604CD8B4C193928A8
+PT=DF48D76E54B4264304B0EC036DFDADDE
+
+I=308
+KEY=331CB0BAD52CE60F683C037189289BF4
+IV=8C2B316ECA96DB57322853E07BE47AB3
+CT=DF48D76E54B4264304B0EC036DFDADDE
+PT=5E2BD374B9856C573A4DEBF1B8F453EC
+
+I=309
+KEY=6D3763CE6CA98A585271E88031DCC818
+IV=E541AC59CFDBEA97D1AE5221F849838E
+CT=5E2BD374B9856C573A4DEBF1B8F453EC
+PT=D7F97B76A8D3076D343A22459EC4765D
+
+I=310
+KEY=BACE18B8C47A8D35664BCAC5AF18BE45
+IV=B359889A22B9502571E4817C47BC5348
+CT=D7F97B76A8D3076D343A22459EC4765D
+PT=E24F05EEE812BD3389AC0AAC4172F5C6
+
+I=311
+KEY=58811D562C683006EFE7C069EE6A4B83
+IV=33F8D881A783051987103096B6C734C3
+CT=E24F05EEE812BD3389AC0AAC4172F5C6
+PT=A2AB44CC9C41A8748201DA6F9429AB39
+
+I=312
+KEY=FA2A599AB02998726DE61A067A43E0BA
+IV=2028704442AE252BCF1D081C5EE2D80B
+CT=A2AB44CC9C41A8748201DA6F9429AB39
+PT=E8FA100D1D28186196BAF990A80109AA
+
+I=313
+KEY=12D04997AD018013FB5CE396D242E910
+IV=6384E3612062BC6850C94C3B14934A6F
+CT=E8FA100D1D28186196BAF990A80109AA
+PT=683AEF47A8990E2F8AAD8813789069B1
+
+I=314
+KEY=7AEAA6D005988E3C71F16B85AAD280A1
+IV=12F78728F3B0EFAC7D304257E47ED5C8
+CT=683AEF47A8990E2F8AAD8813789069B1
+PT=F3121C95A5BACDEAEFA87C4EE40B6C6D
+
+I=315
+KEY=89F8BA45A02243D69E5917CB4ED9ECCC
+IV=FE654BC69677E13383C4206BFB7896A6
+CT=F3121C95A5BACDEAEFA87C4EE40B6C6D
+PT=AE9701378E128847A2669B516795D586
+
+I=316
+KEY=276FBB722E30CB913C3F8C9A294C394A
+IV=E79D5C468BCBA36A79B74F32F28FA635
+CT=AE9701378E128847A2669B516795D586
+PT=D97D988A40C5B323794F160FE8639262
+
+I=317
+KEY=FE1223F86EF578B245709A95C12FAB28
+IV=4F3055450C627AD4712E042666AC0812
+CT=D97D988A40C5B323794F160FE8639262
+PT=32381BA55D5C0C91D683D57593772496
+
+I=318
+KEY=CC2A385D33A9742393F34FE052588FBE
+IV=172165B468B83B62B41A2B4310461193
+CT=32381BA55D5C0C91D683D57593772496
+PT=4D555F31A60F1007B96FBB458B06A619
+
+I=319
+KEY=817F676C95A664242A9CF4A5D95E29A7
+IV=5D5EEBEA67DCD5F7851619F1BAA6414E
+CT=4D555F31A60F1007B96FBB458B06A619
+PT=23D1AC0F18C20FCE7E5CC4619F8376D5
+
+I=320
+KEY=A2AECB638D646BEA54C030C446DD5F72
+IV=54154B82B5820D5892DABD15B403345D
+CT=23D1AC0F18C20FCE7E5CC4619F8376D5
+PT=2E55905A38F818CC04D8A792D2007332
+
+I=321
+KEY=8CFB5B39B59C73265018975694DD2C40
+IV=AC47D7619A587DC8213B749918FCFEA8
+CT=2E55905A38F818CC04D8A792D2007332
+PT=010F3396885F8F6BF15170B8E6D221BD
+
+I=322
+KEY=8DF468AF3DC3FC4DA149E7EE720F0DFD
+IV=6CE249D2E89C61ACD029AA3C122427D1
+CT=010F3396885F8F6BF15170B8E6D221BD
+PT=4DB3972D9851B8A4B3150A43210D36F0
+
+I=323
+KEY=C047FF82A59244E9125CEDAD53023B0D
+IV=07A578889914E113C1C4DE01DC4B1DE4
+CT=4DB3972D9851B8A4B3150A43210D36F0
+PT=84F64CFFD705E82704FF3DA4FC074B34
+
+I=324
+KEY=44B1B37D7297ACCE16A3D009AF057039
+IV=CE73ADCD7BCF1807C084276EDD765256
+CT=84F64CFFD705E82704FF3DA4FC074B34
+PT=5964DF8E8D656846EE574635787F7B18
+
+I=325
+KEY=1DD56CF3FFF2C488F8F4963CD77A0B21
+IV=679903574013011E62CC5798B9633607
+CT=5964DF8E8D656846EE574635787F7B18
+PT=E28E7E3AA93802BEEFE258F38F5D2E5C
+
+I=326
+KEY=FF5B12C956CAC6361716CECF5827257D
+IV=678D8583A022C60BCE2C227627A548B2
+CT=E28E7E3AA93802BEEFE258F38F5D2E5C
+PT=D297684A7C50765C413BFA37B5E1E256
+
+I=327
+KEY=2DCC7A832A9AB06A562D34F8EDC6C72B
+IV=4EF9AACC21733B65B4DD0B1F105D4037
+CT=D297684A7C50765C413BFA37B5E1E256
+PT=9EF5F9A2B14B090A201DE74E4CF714C8
+
+I=328
+KEY=B33983219BD1B9607630D3B6A131D3E3
+IV=5CC41FCC9EC19619BA06D10BBC6E1F5F
+CT=9EF5F9A2B14B090A201DE74E4CF714C8
+PT=81EF000CF6CA737E0F449927E66F6392
+
+I=329
+KEY=32D6832D6D1BCA1E79744A91475EB071
+IV=6DE60CE2986CF80C5D588FA1F9A8C3A0
+CT=81EF000CF6CA737E0F449927E66F6392
+PT=3BE177EE9F8F7BE3BCE0FAA70C0A5025
+
+I=330
+KEY=0937F4C3F294B1FDC594B0364B54E054
+IV=BE2F86A52BEED4497790D6134CF0D64E
+CT=3BE177EE9F8F7BE3BCE0FAA70C0A5025
+PT=DD313134DB126529F349808B3E766795
+
+I=331
+KEY=D406C5F72986D4D436DD30BD752287C1
+IV=A89E52478FDEF91AF151097CED84579C
+CT=DD313134DB126529F349808B3E766795
+PT=330203EA36484C8E091F00CD2255E599
+
+I=332
+KEY=E704C61D1FCE985A3FC2307057776258
+IV=1AEF7BA63A3E3B6D2EB8EB1980D3E581
+CT=330203EA36484C8E091F00CD2255E599
+PT=E28A47CDB7DB0351006C1D9FB227FCEF
+
+I=333
+KEY=058E81D0A8159B0B3FAE2DEFE5509EB7
+IV=F67C7FCF8C5AA1574A165D8CBE694BF4
+CT=E28A47CDB7DB0351006C1D9FB227FCEF
+PT=ACF869797690853BE142BB7BAC735FC8
+
+I=334
+KEY=A976E8A9DE851E30DEEC96944923C17F
+IV=636F181C4735E700897928BFC60A43EB
+CT=ACF869797690853BE142BB7BAC735FC8
+PT=60FF9BF36809DAEB94F823FC6458B26A
+
+I=335
+KEY=C989735AB68CC4DB4A14B5682D7B7315
+IV=0829C0EE6B170C490C7A73401761CEAA
+CT=60FF9BF36809DAEB94F823FC6458B26A
+PT=17630CBEAB904F7996301515F24A1F27
+
+I=336
+KEY=DEEA7FE41D1C8BA2DC24A07DDF316C32
+IV=A4E0624D86F1098D2DD4D0408897ACED
+CT=17630CBEAB904F7996301515F24A1F27
+PT=A1E35C3E2FA1B1DB11DB96E7DD58AB37
+
+I=337
+KEY=7F0923DA32BD3A79CDFF369A0269C705
+IV=D3639A296FF168ED773785CFCACD1015
+CT=A1E35C3E2FA1B1DB11DB96E7DD58AB37
+PT=14F5408460708A69A22A2023B01969CE
+
+I=338
+KEY=6BFC635E52CDB0106FD516B9B270AECB
+IV=37CD0428A0C08CC6AABAAA05D8830557
+CT=14F5408460708A69A22A2023B01969CE
+PT=516991CA6530D20AB121394F51288880
+
+I=339
+KEY=3A95F29437FD621ADEF42FF6E358264B
+IV=FB52F5A95F2E3665D44F0AEACB88B108
+CT=516991CA6530D20AB121394F51288880
+PT=FB0C32B66729736F8E5EC8C92D80FDC5
+
+I=340
+KEY=C199C02250D4117550AAE73FCED8DB8E
+IV=403B43C740215D94E8FBAE22846D3B0A
+CT=FB0C32B66729736F8E5EC8C92D80FDC5
+PT=C243054D022E7E9EFC21F965C71D63EB
+
+I=341
+KEY=03DAC56F52FA6FEBAC8B1E5A09C5B865
+IV=663796B211E7F6E05B4A107B16A904B0
+CT=C243054D022E7E9EFC21F965C71D63EB
+PT=6CA56F6792355B2A7A60A4467A85F71E
+
+I=342
+KEY=6F7FAA08C0CF34C1D6EBBA1C73404F7B
+IV=A23B73DF1477EC98202135164C6EF1AB
+CT=6CA56F6792355B2A7A60A4467A85F71E
+PT=BC590C8B427B013F873B2F5F8D66D5D1
+
+I=343
+KEY=D326A68382B435FE51D09543FE269AAA
+IV=E84DF462C62D594AAD94C33C446E18FC
+CT=BC590C8B427B013F873B2F5F8D66D5D1
+PT=D37CAA9BEA300FF6219349DBA25DA0A6
+
+I=344
+KEY=005A0C1868843A087043DC985C7B3A0C
+IV=9AAD322884EBE93D0FA084E144600174
+CT=D37CAA9BEA300FF6219349DBA25DA0A6
+PT=AE50C328AFFC39A103C767C1FD337449
+
+I=345
+KEY=AE0ACF30C77803A97384BB59A1484E45
+IV=9CEE91362FB0D50ABCEB58EF49EC3614
+CT=AE50C328AFFC39A103C767C1FD337449
+PT=882939453C6E156CD023B468EDD16C95
+
+I=346
+KEY=2623F675FB1616C5A3A70F314C9922D0
+IV=5626126CC424BF26D92C822442E4221E
+CT=882939453C6E156CD023B468EDD16C95
+PT=B9A97FE0DEF66604F6CE928AAB532EC2
+
+I=347
+KEY=9F8A899525E070C155699DBBE7CA0C12
+IV=E5BB374C14E36FD0C2D5F9191C967EC7
+CT=B9A97FE0DEF66604F6CE928AAB532EC2
+PT=6ED0FF2FE8DA900A33AE20F7C1C2E457
+
+I=348
+KEY=F15A76BACD3AE0CB66C7BD4C2608E845
+IV=4493B9F0FF63D392273302B6932C8F77
+CT=6ED0FF2FE8DA900A33AE20F7C1C2E457
+PT=B7583A56BED55067A520B4F5E5C1528F
+
+I=349
+KEY=46024CEC73EFB0ACC3E709B9C3C9BACA
+IV=12E2BFD3EAB69E5132E3CDF8BAFBD45E
+CT=B7583A56BED55067A520B4F5E5C1528F
+PT=28874485575E292B0C83E1B568019BF0
+
+I=350
+KEY=6E85086924B19987CF64E80CABC8213A
+IV=3CEFDC726C919CA265CD6C28A05DE542
+CT=28874485575E292B0C83E1B568019BF0
+PT=A35D16BBB96BF3F9E06D96EDA9BB44BB
+
+I=351
+KEY=CDD81ED29DDA6A7E2F097EE102736581
+IV=4AE79901700F018D1E5D95A9FAD762F2
+CT=A35D16BBB96BF3F9E06D96EDA9BB44BB
+PT=367E6880D369D482E7E64CFCD1BCC870
+
+I=352
+KEY=FBA676524EB3BEFCC8EF321DD3CFADF1
+IV=52EEDB058A8E1FE7C651D484F86F941F
+CT=367E6880D369D482E7E64CFCD1BCC870
+PT=32B33E97C94953392A738A964DB121FC
+
+I=353
+KEY=C91548C587FAEDC5E29CB88B9E7E8C0D
+IV=B3704291187E9D55901DD237EC1E2F24
+CT=32B33E97C94953392A738A964DB121FC
+PT=965A9A0C0287AB8535436E95CC9BFB99
+
+I=354
+KEY=5F4FD2C9857D4640D7DFD61E52E57794
+IV=B3878FC256FA4F9ED0BA05FF51C0CE2A
+CT=965A9A0C0287AB8535436E95CC9BFB99
+PT=367A5C93099ACF72353DAC320A3B766E
+
+I=355
+KEY=69358E5A8CE78932E2E27A2C58DE01FA
+IV=774EA78AECAF5A1D7CC1785DE91CAB01
+CT=367A5C93099ACF72353DAC320A3B766E
+PT=116EDEB1D0E6F8D1BB58AF648429B792
+
+I=356
+KEY=785B50EB5C0171E359BAD548DCF7B668
+IV=FB1EC4218C5F733A54DEA7F753F45D68
+CT=116EDEB1D0E6F8D1BB58AF648429B792
+PT=EF3C679822E3A906F380CD07EBE65F09
+
+I=357
+KEY=976737737EE2D8E5AA3A184F3711E961
+IV=8BBE09AFE41C5A78EBA0524212AC570F
+CT=EF3C679822E3A906F380CD07EBE65F09
+PT=291B066A30A3B11681D414A4BB5311D5
+
+I=358
+KEY=BE7C31194E4169F32BEE0CEB8C42F8B4
+IV=4E8F651C06778A964AA7D43999E41FD6
+CT=291B066A30A3B11681D414A4BB5311D5
+PT=764F8FD22FE0BD98852F259EA6DC6F7C
+
+I=359
+KEY=C833BECB61A1D46BAEC129752A9E97C8
+IV=E90A35007EE7F001D1F5982BF2477C82
+CT=764F8FD22FE0BD98852F259EA6DC6F7C
+PT=66016373A6B1A3797A1B2D2B19B73126
+
+I=360
+KEY=AE32DDB8C7107712D4DA045E3329A6EE
+IV=46FF289808B1AF6B290CB5AF05747085
+CT=66016373A6B1A3797A1B2D2B19B73126
+PT=3367064ECF5CA978001887DBDE40DE5A
+
+I=361
+KEY=9D55DBF6084CDE6AD4C28385ED6978B4
+IV=9BAC8819E1CA613CFAA730FBC2034168
+CT=3367064ECF5CA978001887DBDE40DE5A
+PT=5C4F01D47C9DA94DE95FC26763CC1146
+
+I=362
+KEY=C11ADA2274D177273D9D41E28EA569F2
+IV=A5CE34A846E1D0A737963C49FAD6378E
+CT=5C4F01D47C9DA94DE95FC26763CC1146
+PT=D41D854E42863F161E76A2397020C321
+
+I=363
+KEY=15075F6C3657483123EBE3DBFE85AAD3
+IV=2CC823722DD3E8F15035875ED43513E2
+CT=D41D854E42863F161E76A2397020C321
+PT=1C542DC0B54A053471AF583C909AB3C4
+
+I=364
+KEY=095372AC831D4D055244BBE76E1F1917
+IV=9799D03B6AD46BECD981279B35DF707C
+CT=1C542DC0B54A053471AF583C909AB3C4
+PT=958D0254D7AFE1E678A9844DF4F4D18D
+
+I=365
+KEY=9CDE70F854B2ACE32AED3FAA9AEBC89A
+IV=E0E401C7BA5E319F0D60AB765CBEE176
+CT=958D0254D7AFE1E678A9844DF4F4D18D
+PT=C54888169B30587E732BD7213EE5B1A3
+
+I=366
+KEY=5996F8EECF82F49D59C6E88BA40E7939
+IV=711DA6521732E6868111DCC1C835F9DF
+CT=C54888169B30587E732BD7213EE5B1A3
+PT=446F234FCADA809A8B2E167A86C9EB36
+
+I=367
+KEY=1DF9DBA105587407D2E8FEF122C7920F
+IV=B7008BC907C546A56743C292185C2B02
+CT=446F234FCADA809A8B2E167A86C9EB36
+PT=6AD93BC7E18B48810664CD1C528BA6C4
+
+I=368
+KEY=7720E066E4D33C86D48C33ED704C34CB
+IV=4D7DD98183E56F71D72DB76187FC5F95
+CT=6AD93BC7E18B48810664CD1C528BA6C4
+PT=0D75BD2B8683FB819EB7F71E2E0836A7
+
+I=369
+KEY=7A555D4D6250C7074A3BC4F35E44026C
+IV=F4DCFB73BBE7EB5348D56F81BCBC0971
+CT=0D75BD2B8683FB819EB7F71E2E0836A7
+PT=8CBE14862E93FE011A4F45518C7258FA
+
+I=370
+KEY=F6EB49CB4CC33906507481A2D2365A96
+IV=5432FBF1480AA398F09CA5AF375FA394
+CT=8CBE14862E93FE011A4F45518C7258FA
+PT=4026D669905762F0790B6497646A2D4D
+
+I=371
+KEY=B6CD9FA2DC945BF6297FE535B65C77DB
+IV=CA462DC9F029A8311CA45A4116DADC1D
+CT=4026D669905762F0790B6497646A2D4D
+PT=A8CD2E187CF274756E5736D420853435
+
+I=372
+KEY=1E00B1BAA0662F834728D3E196D943EE
+IV=4FC9E7688352F4700C5F380BFD1F4FB2
+CT=A8CD2E187CF274756E5736D420853435
+PT=A99410B60322340E279C87D3D26793AA
+
+I=373
+KEY=B794A10CA3441B8D60B4543244BED044
+IV=4D90B1A30EB7E957FAE3DC8C132F4F42
+CT=A99410B60322340E279C87D3D26793AA
+PT=D136F990196C667EC35E3A0492C39968
+
+I=374
+KEY=66A2589CBA287DF3A3EA6E36D67D492C
+IV=6FAD87F358F0C702C5E9E599093219ED
+CT=D136F990196C667EC35E3A0492C39968
+PT=8CE49C1BAACAB69432DDA2FF4250C7B2
+
+I=375
+KEY=EA46C48710E2CB679137CCC9942D8E9E
+IV=2B6FF495B7E482360E31949C7C9B2E2B
+CT=8CE49C1BAACAB69432DDA2FF4250C7B2
+PT=7942B80F57EA24FA200451B37899F9E2
+
+I=376
+KEY=93047C884708EF9DB1339D7AECB4777C
+IV=21FDC4C9B03A1A9A3F87FF9AAC80FAAE
+CT=7942B80F57EA24FA200451B37899F9E2
+PT=DE156D56E199FDBB2600DBF9FC254003
+
+I=377
+KEY=4D1111DEA6911226973346831091377F
+IV=387612E399C62916B394A9FC6BC0F059
+CT=DE156D56E199FDBB2600DBF9FC254003
+PT=C302C494D910640271695324E64B0992
+
+I=378
+KEY=8E13D54A7F817624E65A15A7F6DA3EED
+IV=34BCABDE4646BCC05CAF7E61CBF1F8D2
+CT=C302C494D910640271695324E64B0992
+PT=110CE84E5B81867CE4FCCD1BBB5FD792
+
+I=379
+KEY=9F1F3D042400F05802A6D8BC4D85E97F
+IV=C7898DA9ABF2A3D364C228A83525B04F
+CT=110CE84E5B81867CE4FCCD1BBB5FD792
+PT=7B94C0E4849AD65291F0F7BD464C544C
+
+I=380
+KEY=E48BFDE0A09A260A93562F010BC9BD33
+IV=00E079EEBC47AF3ED3796DBF4A2B55FC
+CT=7B94C0E4849AD65291F0F7BD464C544C
+PT=D6518596BB53E44452393BD4440D805C
+
+I=381
+KEY=32DA78761BC9C24EC16F14D54FC43D6F
+IV=03E168F8AF2303593E0F936648D253DC
+CT=D6518596BB53E44452393BD4440D805C
+PT=0C4B51FB33380BB215F29F3FCE7CA0DA
+
+I=382
+KEY=3E91298D28F1C9FCD49D8BEA81B89DB5
+IV=15E1ECD59BC092C974FA4738C66D9604
+CT=0C4B51FB33380BB215F29F3FCE7CA0DA
+PT=3FC98D86A558B711807930AAA391C9BF
+
+I=383
+KEY=0158A40B8DA97EED54E4BB402229540A
+IV=303BD4A407015A9E899816E0FABF288D
+CT=3FC98D86A558B711807930AAA391C9BF
+PT=85D77D90C312FE938F6C1983014BD572
+
+I=384
+KEY=848FD99B4EBB807EDB88A2C323628178
+IV=E018FA96FD433CFD162E8E67D4F37015
+CT=85D77D90C312FE938F6C1983014BD572
+PT=4F49C1740EA88B5767CE36C95158DD63
+
+I=385
+KEY=CBC618EF40130B29BC46940A723A5C1B
+IV=84013D3E2AA0C77650644CD6862096A7
+CT=4F49C1740EA88B5767CE36C95158DD63
+PT=E6F1409ABA890AC3A50FC4AAD82E1872
+
+I=386
+KEY=2D375875FA9A01EA194950A0AA144469
+IV=8BFD137593BFF254414349F1147B9BFF
+CT=E6F1409ABA890AC3A50FC4AAD82E1872
+PT=66F6E29696CFDC72EE905636614D2A72
+
+I=387
+KEY=4BC1BAE36C55DD98F7D90696CB596E1B
+IV=8EC295602FB66C4A2DCA65F66B07E010
+CT=66F6E29696CFDC72EE905636614D2A72
+PT=553B45792AE0625B357C4B68A4BB767F
+
+I=388
+KEY=1EFAFF9A46B5BFC3C2A54DFE6FE21864
+IV=5999E221475D06295451E52FF88F9F97
+CT=553B45792AE0625B357C4B68A4BB767F
+PT=FAB6F53166BFDB89DF68D46D423C243E
+
+I=389
+KEY=E44C0AAB200A644A1DCD99932DDE3C5A
+IV=49D1944CBD7BE00C671B8E996F9A3EB9
+CT=FAB6F53166BFDB89DF68D46D423C243E
+PT=308DDB3FE0415C46AE450C78FC5F2558
+
+I=390
+KEY=D4C1D194C04B380CB38895EBD1811902
+IV=9785FEE180794318514967B4199CFB93
+CT=308DDB3FE0415C46AE450C78FC5F2558
+PT=6659969D1BD493A3851E75981BACCCB0
+
+I=391
+KEY=B2984709DB9FABAF3696E073CA2DD5B2
+IV=4FD1DAE14DB75AC0E6C94388805AC3B5
+CT=6659969D1BD493A3851E75981BACCCB0
+PT=B56B950D84DCA131FD8A5E2601037B36
+
+I=392
+KEY=07F3D2045F430A9ECB1CBE55CB2EAE84
+IV=3ED415E7DDDADD2DC7F0376E6CA42EFE
+CT=B56B950D84DCA131FD8A5E2601037B36
+PT=8648F40FA13018563E6F1A799D9FCD91
+
+I=393
+KEY=81BB260BFE7312C8F573A42C56B16315
+IV=FEAF76717C0905A601509BD68C6D08E5
+CT=8648F40FA13018563E6F1A799D9FCD91
+PT=66DE6D7A74B36C7EE2737DA526F5C8CD
+
+I=394
+KEY=E7654B718AC07EB61700D9897044ABD8
+IV=2B808C340320DD64AB9278A9D9A3E247
+CT=66DE6D7A74B36C7EE2737DA526F5C8CD
+PT=9BB0D29CDA21452F60B5897186F3FAFB
+
+I=395
+KEY=7CD599ED50E13B9977B550F8F6B75123
+IV=D2EB48117E2E9FB2058800DE1A442799
+CT=9BB0D29CDA21452F60B5897186F3FAFB
+PT=489CDC3A2C1AE7510E03AE36D5EAB0E5
+
+I=396
+KEY=344945D77CFBDCC879B6FECE235DE1C6
+IV=427765E0671AA6D32634447687E9B209
+CT=489CDC3A2C1AE7510E03AE36D5EAB0E5
+PT=1D65D0E1235AE47DBCC2C65B59892C4C
+
+I=397
+KEY=292C95365FA138B5C57438957AD4CD8A
+IV=D75E9F074D965FE902287B3BB1483315
+CT=1D65D0E1235AE47DBCC2C65B59892C4C
+PT=E75B7AE5A8C3B93F15D0E3EBD04E1B4B
+
+I=398
+KEY=CE77EFD3F762818AD0A4DB7EAA9AD6C1
+IV=5455FD9A01E04E48CA777CF8185697ED
+CT=E75B7AE5A8C3B93F15D0E3EBD04E1B4B
+PT=11F4A35F6C225A9DF1CA6BAF92E11B07
+
+I=399
+KEY=DF834C8C9B40DB17216EB0D1387BCDC6
+IV=3C608F664492626B2208DC92E819411A
+CT=11F4A35F6C225A9DF1CA6BAF92E11B07
+PT=9B8FB71E035CEFF9CBFA1346E5ACEFE0
+
+==========
+
+KEYSIZE=192
+
+I=0
+KEY=000000000000000000000000000000000000000000000000
+IV=00000000000000000000000000000000
+CT=00000000000000000000000000000000
+PT=5DF678DD17BA4E75B61768C6ADEF7C7B
+
+I=1
+KEY=8AB601AF30C47B225DF678DD17BA4E75B61768C6ADEF7C7B
+IV=3B243F1A9BA094EE8AB601AF30C47B22
+CT=5DF678DD17BA4E75B61768C6ADEF7C7B
+PT=F9604074F8FA45AC71959888DD056F9F
+
+I=2
+KEY=D443B8E25A882D05A49638A9EF400BD9C782F04E70EA13E4
+IV=467E32A79443B0735EF5B94D6A4C5627
+CT=F9604074F8FA45AC71959888DD056F9F
+PT=98A957EA6DBE623B7E08F919812A3898
+
+I=3
+KEY=5742DCD38C8FD46D3C3F6F4382FE69E2B98A0957F1C02B7C
+IV=B9E1062EEDD9A1ED83016431D607F968
+CT=98A957EA6DBE623B7E08F919812A3898
+PT=AD6D29D6482764BB4BC27A87AE5CD877
+
+I=4
+KEY=B33625F7872DE4A191524695CAD90D59F24873D05F9CF30B
+IV=BD1AAC94D2D39445E474F9240BA230CC
+CT=AD6D29D6482764BB4BC27A87AE5CD877
+PT=DA5EB591FDC48F0D9E4EBD373E5717A3
+
+I=5
+KEY=35DA9F0A5DB187964B0CF304371D82546C06CEE761CBE4A8
+IV=4782561ED717916986ECBAFDDA9C6337
+CT=DA5EB591FDC48F0D9E4EBD373E5717A3
+PT=3F6E771434E26D4FA5A57CEF9DEE05D6
+
+I=6
+KEY=A8182E4F8FD8C7987462841003FFEF1BC9A3B208FC25E17E
+IV=093273C6E96EA5399DC2B145D269400E
+CT=3F6E771434E26D4FA5A57CEF9DEE05D6
+PT=F8FBFC8CBDD4AA8E8DA58DEA7F2F344C
+
+I=7
+KEY=71A581F408C35DA48C99789CBE2B459544063FE2830AD532
+IV=3900E8650CA62A25D9BDAFBB871B9A3C
+CT=F8FBFC8CBDD4AA8E8DA58DEA7F2F344C
+PT=B969AA871D3B35C260D8B36C7E9E8913
+
+I=8
+KEY=BCD0E4B5F0B7FB5035F0D21BA310705724DE8C8EFD945C21
+IV=0E2BCF13C2A18FF5CD756541F874A6F4
+CT=B969AA871D3B35C260D8B36C7E9E8913
+PT=6205EECCDD965D45339A2DFE85F52AD7
+
+I=9
+KEY=A2796321044D9F5557F53CD77E862D121744A170786176F6
+IV=8B935AB4C17D24D21EA98794F4FA6405
+CT=6205EECCDD965D45339A2DFE85F52AD7
+PT=6BC27204DA1B9BC27E463D0E71557D99
+
+I=10
+KEY=AD4506295D5309603C374ED3A49DB6D069029C7E09340B6F
+IV=A9AF68AB4EFDB7770F3C6508591E9635
+CT=6BC27204DA1B9BC27E463D0E71557D99
+PT=DB1576A8F1BD88F73E6938E72F9C6DCD
+
+I=11
+KEY=61ECB6C8660E5E20E722387B55203E27576BA49926A866A2
+IV=DF83746D72419F65CCA9B0E13B5D5740
+CT=DB1576A8F1BD88F73E6938E72F9C6DCD
+PT=150D14977B15FD304890D7B9C4F8536E
+
+I=12
+KEY=03679C91B6C57828F22F2CEC2E35C3171FFB7320E25035CC
+IV=59D101131EA2FD7F628B2A59D0CB2608
+CT=150D14977B15FD304890D7B9C4F8536E
+PT=7AE22B73B412A81D0BCF422C68DA37F8
+
+I=13
+KEY=9A087B9DBC37B12988CD079F9A276B0A1434310C8A8A0234
+IV=F26F03A3C84A49F0996FE70C0AF2C901
+CT=7AE22B73B412A81D0BCF422C68DA37F8
+PT=2D1584CE9B85E7264228A8AFF8FAFF01
+
+I=14
+KEY=07489932E5335B38A5D8835101A28C2C561C99A37270FD35
+IV=E76AB1C798119F5D9D40E2AF5904EA11
+CT=2D1584CE9B85E7264228A8AFF8FAFF01
+PT=C1067030225453E808F1FF324C44BE7F
+
+I=15
+KEY=DC3726E33013BC9964DEF36123F6DFC45EED66913E34434A
+IV=55010D6199E792E3DB7FBFD1D520E7A1
+CT=C1067030225453E808F1FF324C44BE7F
+PT=3AD7DBD96BB69D63BE39B9A16574AC74
+
+I=16
+KEY=EDD4EC10B074A36C5E0928B8484042A7E0D4DF305B40EF3E
+IV=18C6FE6D0A2FDD7E31E3CAF380671FF5
+CT=3AD7DBD96BB69D63BE39B9A16574AC74
+PT=3D5D82A4C06B9DDCCC8A6B8BF228482F
+
+I=17
+KEY=23824573BD3CE30D6354AA1C882BDF7B2C5EB4BBA968A711
+IV=E1DEAECBCFC06BCCCE56A9630D484061
+CT=3D5D82A4C06B9DDCCC8A6B8BF228482F
+PT=C0E5F9618F2FAB97EA82F8164DC89860
+
+I=18
+KEY=AAA43BC528933502A3B1537D070474ECC6DC4CADE4A03F71
+IV=2CE22FDF7E87B7CC89267EB695AFD60F
+CT=C0E5F9618F2FAB97EA82F8164DC89860
+PT=6942155FC9EF8F7CFE37CD6FED03CECF
+
+I=19
+KEY=A2686C442D636D31CAF34622CEEBFB9038EB81C209A3F1BE
+IV=B7772CF7B44B856308CC578105F05833
+CT=6942155FC9EF8F7CFE37CD6FED03CECF
+PT=6BA4C261F5173862A6789FB026099571
+
+I=20
+KEY=29F645A446D84EACA15784433BFCC3F29E931E722FAA64CF
+IV=15CA23A60D99FFF68B9E29E06BBB239D
+CT=6BA4C261F5173862A6789FB026099571
+PT=AA9E8C6497CAC6B0C8CC92F8DFE7B455
+
+I=21
+KEY=5E9165527010387F0BC90827AC360542565F8C8AF04DD09A
+IV=53193227307BBE49776720F636C876D3
+CT=AA9E8C6497CAC6B0C8CC92F8DFE7B455
+PT=7DA426C712E7F2F35087D6AA31CF56AB
+
+I=22
+KEY=92DC0EEE09F5169E766D2EE0BED1F7B106D85A20C1828631
+IV=85A3D20949963F95CC4D6BBC79E52EE1
+CT=7DA426C712E7F2F35087D6AA31CF56AB
+PT=09B9FF5E5833B6CE0010C3D0C4A84C19
+
+I=23
+KEY=C45B938E7C18B4107FD4D1BEE6E2417F06C899F0052ACA28
+IV=292A007187D730B956879D6075EDA28E
+CT=09B9FF5E5833B6CE0010C3D0C4A84C19
+PT=178F7AC0FF63C33683A001F5C4171316
+
+I=24
+KEY=03D99546E931B761685BAB7E1981824985689805C13DD93E
+IV=A8D8CD3B96215FCDC78206C895290371
+CT=178F7AC0FF63C33683A001F5C4171316
+PT=C39B82763CF6901170902BE6DC1B9305
+
+I=25
+KEY=B52384CAC0B230F5ABC0290825771258F5F8B3E31D264A3B
+IV=451968C3AA8D0319B6FA118C29838794
+CT=C39B82763CF6901170902BE6DC1B9305
+PT=85D827F61EC17FD00B10356292C863E2
+
+I=26
+KEY=DCF617A990AC4CBB2E180EFE3BB66D88FEE886818FEE29D9
+IV=575103DAEFD233E269D59363501E7C4E
+CT=85D827F61EC17FD00B10356292C863E2
+PT=535BAC956D5CAB917E1A1BC28E82F28F
+
+I=27
+KEY=14D0FCAFFD961CFD7D43A26B56EAC61980F29D43016CDB56
+IV=7DE780ACCF9F1896C826EB066D3A5046
+CT=535BAC956D5CAB917E1A1BC28E82F28F
+PT=7E73E89F187EA6D5F5A3044A19C85941
+
+I=28
+KEY=AF5BFBC086F1392203304AF44E9460CC7551990918A48217
+IV=633F0251217DECEDBB8B076F7B6725DF
+CT=7E73E89F187EA6D5F5A3044A19C85941
+PT=B0976DFD4F0620203AC4ED89D395BAFF
+
+I=29
+KEY=79FFB93DCF243047B3A72709019240EC4F957480CB3138E8
+IV=C1AAE3E35613DAADD6A442FD49D50965
+CT=B0976DFD4F0620203AC4ED89D395BAFF
+PT=5ECB838EC7F9F2E7ADBD719599F829B9
+
+I=30
+KEY=681F54ADA7685555ED6CA487C66BB20BE228051552C91151
+IV=4F00D9CD31BE1CC611E0ED90684C6512
+CT=5ECB838EC7F9F2E7ADBD719599F829B9
+PT=8DDA96BD88D3D756306D249ABF99F5F9
+
+I=31
+KEY=8663BEBF11817A3060B6323A4EB8655DD245218FED50E4A8
+IV=7CC24DC4B003DE90EE7CEA12B6E92F65
+CT=8DDA96BD88D3D756306D249ABF99F5F9
+PT=479E96E558540B71508FEF3173A6FC68
+
+I=32
+KEY=831519BE48B0021A2728A4DF16EC6E2C82CACEBE9EF618C0
+IV=59FFA792DC8618070576A7015931782A
+CT=479E96E558540B71508FEF3173A6FC68
+PT=080EA053745BEEBDBC5F7D964EEBD2F7
+
+I=33
+KEY=AFC20AF72699543A2F26048C62B780913E95B328D01DCA37
+IV=4E5BDD875324CAC02CD713496E295620
+CT=080EA053745BEEBDBC5F7D964EEBD2F7
+PT=B5A58D345C0260A9E274E2E593B76C44
+
+I=34
+KEY=46AEAF002B9A297E9A8389B83EB5E038DCE151CD43AAA673
+IV=C67419FDA89E68B1E96CA5F70D037D44
+CT=B5A58D345C0260A9E274E2E593B76C44
+PT=5200F2D475CA388841CB0DD02C7EB7F6
+
+I=35
+KEY=1598E4DD7DA3D7B0C8837B6C4B7FD8B09D2A5C1D6FD41185
+IV=9F5C74A1FE2DFF2153364BDD5639FECE
+CT=5200F2D475CA388841CB0DD02C7EB7F6
+PT=B2639C2D26BF2CAF2371CA3A4F3D3476
+
+I=36
+KEY=FE63AA4A158B41AE7AE0E7416DC0F41FBE5B962720E925F3
+IV=2DC59704D531C890EBFB4E976828961E
+CT=B2639C2D26BF2CAF2371CA3A4F3D3476
+PT=C758ADC41E334CCBF34C40E2AEAA3852
+
+I=37
+KEY=86B214FA7F89CE06BDB84A8573F3B8D44D17D6C58E431DA1
+IV=D0982ADEECE45CCC78D1BEB06A028FA8
+CT=C758ADC41E334CCBF34C40E2AEAA3852
+PT=F8E0AA1E780F18A50371CBCB1B63E83F
+
+I=38
+KEY=C0C34A59DC653DCE4558E09B0BFCA0714E661D0E9520F59E
+IV=A252B0F29766A24B46715EA3A3ECF3C8
+CT=F8E0AA1E780F18A50371CBCB1B63E83F
+PT=554B524391A7A1679210CFC0152A65CE
+
+I=39
+KEY=3CF3D7DDFFF704231013B2D89A5B0116DC76D2CE800A9050
+IV=42EE716B821C18FCFC309D84239239ED
+CT=554B524391A7A1679210CFC0152A65CE
+PT=3273E6C51751407B7E4ECDED7970746D
+
+I=40
+KEY=7FCC684C43B958F02260541D8D0A416DA2381F23F97AE43D
+IV=A4FCB2B8AB7158B9433FBF91BC4E5CD3
+CT=3273E6C51751407B7E4ECDED7970746D
+PT=D90B75848AC14ACA3CAD9AF2A15F315F
+
+I=41
+KEY=240724B451241314FB6B219907CB0BA79E9585D15825D562
+IV=5C4FA1918B04D5F85BCB4CF8129D4BE4
+CT=D90B75848AC14ACA3CAD9AF2A15F315F
+PT=753C59B87C45B21D527527C6C2DDEB0D
+
+I=42
+KEY=F0BEECC2DB5D16F98E5778217B8EB9BACCE0A2179AF83E6F
+IV=4E41A4AB69AEE73FD4B9C8768A7905ED
+CT=753C59B87C45B21D527527C6C2DDEB0D
+PT=156E851810ADB0BF2D28B6150D32CAC7
+
+I=43
+KEY=C2FB954C95633B5B9B39FD396B230905E1C8140297CAF4A8
+IV=983906FA7F156CF33245798E4E3E2DA2
+CT=156E851810ADB0BF2D28B6150D32CAC7
+PT=26E671DACE32070A601796207BD045B5
+
+I=44
+KEY=BF0BD4C6DDBE22DABDDF8CE3A5110E0F81DF8222EC1AB11D
+IV=B3188D29356783AF7DF0418A48DD1981
+CT=26E671DACE32070A601796207BD045B5
+PT=ADAD9072859250A8590F6F54C24E5A77
+
+I=45
+KEY=2E4F07AD61768CC010721C9120835EA7D8D0ED762E54EB6A
+IV=639F27016A9D99B99144D36BBCC8AE1A
+CT=ADAD9072859250A8590F6F54C24E5A77
+PT=AC8AD3933D51D5D71CA90FB73A53F6AD
+
+I=46
+KEY=9963998A6F982462BCF8CF021DD28B70C479E2C114071DC7
+IV=B2A3ACB0CE942F13B72C9E270EEEA8A2
+CT=AC8AD3933D51D5D71CA90FB73A53F6AD
+PT=7319F2825648168F07D525618DA9979A
+
+I=47
+KEY=417FD42690AAE310CFE13D804B9A9DFFC3ACC7A099AE8A5D
+IV=EBB0EF7CE1ACF152D81C4DACFF32C772
+CT=7319F2825648168F07D525618DA9979A
+PT=4FC19392439D6CBE6699419355E0590B
+
+I=48
+KEY=30CD3A2A0910C7268020AE120807F141A5358633CC4ED356
+IV=4DCACE79E4C3ADFE71B2EE0C99BA2436
+CT=4FC19392439D6CBE6699419355E0590B
+PT=047FF92A523900A3C46D906163927DDD
+
+I=49
+KEY=F13EE3ACC9C19E4C845F57385A3EF1E261581652AFDCAE8B
+IV=E260680204844E6FC1F3D986C0D1596A
+CT=047FF92A523900A3C46D906163927DDD
+PT=2DAE78D178D069918CCC11D675E09655
+
+I=50
+KEY=91556C720DC982D5A9F12FE922EE9873ED940784DA3C38DE
+IV=A4E4973E74B61315606B8FDEC4081C99
+CT=2DAE78D178D069918CCC11D675E09655
+PT=6315A6A029ED7FC5AB3CD38D8DAE561A
+
+I=51
+KEY=9120A23E63AF3BC2CAE489490B03E7B646A8D40957926EC4
+IV=C02DA24531C794BD0075CE4C6E66B917
+CT=6315A6A029ED7FC5AB3CD38D8DAE561A
+PT=65A796C69B769E59D34AD19803F117C6
+
+I=52
+KEY=5C6847E25C66145DAF431F8F907579EF95E2059154637902
+IV=0D72A6B0F3959C89CD48E5DC3FC92F9F
+CT=65A796C69B769E59D34AD19803F117C6
+PT=70770D19D03DF488FB627F460A225F39
+
+I=53
+KEY=F5ECA4C905FF0EC2DF34129640488D676E807AD75E41263B
+IV=2F60424B5062D978A984E32B59991A9F
+CT=70770D19D03DF488FB627F460A225F39
+PT=C8A66A2CD18286D2148230BAB7D81E11
+
+I=54
+KEY=FF86E251C5EC6129179278BA91CA0BB57A024A6DE999382A
+IV=CC7330AE077936B10A6A4698C0136FEB
+CT=C8A66A2CD18286D2148230BAB7D81E11
+PT=FC0B47BA3E51927A632F457A919818DC
+
+I=55
+KEY=5C0A7344D6FD6983EB993F00AF9B99CF192D0F17780120F6
+IV=CA119AEE5576E06EA38C9115131108AA
+CT=FC0B47BA3E51927A632F457A919818DC
+PT=AEEDB360C58C4CDC7ACE87AA1A4B785B
+
+I=56
+KEY=426948BD499E8A9845748C606A17D51363E388BD624A58AD
+IV=920C491DE39D52501E633BF99F63E31B
+CT=AEEDB360C58C4CDC7ACE87AA1A4B785B
+PT=737ECC4294FF69495DC37DC795EC13CE
+
+I=57
+KEY=F8AD0E545AA212E6360A4022FEE8BC5A3E20F57AF7A64B63
+IV=B975B70450A41A2DBAC446E9133C987E
+CT=737ECC4294FF69495DC37DC795EC13CE
+PT=3E7CDC26CCC69E02D08248224A22961E
+
+I=58
+KEY=C2834233A26DCD8A08769C04322E2258EEA2BD58BD84DD7D
+IV=A88326DC57AB80FC3A2E4C67F8CFDF6C
+CT=3E7CDC26CCC69E02D08248224A22961E
+PT=88177B6502254344A364023BCAD29E79
+
+I=59
+KEY=962D892D6CDED6798061E761300B611C4DC6BF6377564304
+IV=D95CFF470B1796D754AECB1ECEB31BF3
+CT=88177B6502254344A364023BCAD29E79
+PT=A10FA825EB6DA0E242D9A381F607472D
+
+I=60
+KEY=3ADA98C76065214A216E4F44DB66C1FE0F1F1CE281510429
+IV=FBD25798351AF35DACF711EA0CBBF733
+CT=A10FA825EB6DA0E242D9A381F607472D
+PT=6B5EE3A222DF46560A12E91C006D303F
+
+I=61
+KEY=C6AB975CF71B6DDF4A30ACE6F9B987A8050DF5FE813C3416
+IV=6CDB3875008754DAFC710F9B977E4C95
+CT=6B5EE3A222DF46560A12E91C006D303F
+PT=A0047B92A93ACF32138A818B6E32B3EE
+
+I=62
+KEY=FFD0E16A5C955EBAEA34D7745083489A16877475EF0E87F8
+IV=F7061CA37B11E445397B7636AB8E3365
+CT=A0047B92A93ACF32138A818B6E32B3EE
+PT=1707FC063700E98FF5FDA98A07A8A1C7
+
+I=63
+KEY=AA71EC7061FA246CFD332B726783A115E37ADDFFE8A6263F
+IV=1853E27FC0689E6755A10D1A3D6F7AD6
+CT=1707FC063700E98FF5FDA98A07A8A1C7
+PT=06320FA4C0E2F42B364B991243FA053D
+
+I=64
+KEY=D8685685696CBF5CFB0124D6A761553ED53144EDAB5C2302
+IV=E19A3BEC7EBCA3C87219BAF508969B30
+CT=06320FA4C0E2F42B364B991243FA053D
+PT=BB70503E9715D653710C0630211755A7
+
+I=65
+KEY=28C2AFFA406EF763407174E83074836DA43D42DD8A4B76A5
+IV=5F3BCA36562AFA82F0AAF97F2902483F
+CT=BB70503E9715D653710C0630211755A7
+PT=D632FEF42560770DF318C570AFC85285
+
+I=66
+KEY=260B8E0723E9AF3D96438A1C1514F460572587AD25832420
+IV=328A42D3898A81C20EC921FD6387585E
+CT=D632FEF42560770DF318C570AFC85285
+PT=B1C847FFF455D002E55FCFAF4A4F69A4
+
+I=67
+KEY=F39D3CD6A68DC6BC278BCDE3E1412462B27A48026FCC4D84
+IV=C89E7B4C1BAED0FAD596B2D185646981
+CT=B1C847FFF455D002E55FCFAF4A4F69A4
+PT=9C484252E1FE52CD2DFCCAA3E0118F07
+
+I=68
+KEY=61A9714C87B94F27BBC38FB100BF76AF9F8682A18FDDC283
+IV=56B7D716EC6F9A6D92344D9A2134899B
+CT=9C484252E1FE52CD2DFCCAA3E0118F07
+PT=85A142323B9877E86F3A5874EA613E87
+
+I=69
+KEY=B504BE17C673E81F3E62CD833B270147F0BCDAD565BCFC04
+IV=BEF2C82884510475D4ADCF5B41CAA738
+CT=85A142323B9877E86F3A5874EA613E87
+PT=53D0EF74268F55C1B6CA84415E5A2F6F
+
+I=70
+KEY=1A63CC27BE45C5106DB222F71DA8548646765E943BE6D36B
+IV=CC958CC3874510F0AF67723078362D0F
+CT=53D0EF74268F55C1B6CA84415E5A2F6F
+PT=7B7DB0F3EFAD244FFCC6991452001DF6
+
+I=71
+KEY=4B17520C49F46EAF16CF9204F20570C9BAB0C78069E6CE9D
+IV=48D7C0690532AFCC51749E2BF7B1ABBF
+CT=7B7DB0F3EFAD244FFCC6991452001DF6
+PT=DD0661DCA2BE8C20E95B3A84CCACDB10
+
+I=72
+KEY=1ADE412393310021CBC9F3D850BBFCE953EBFD04A54A158D
+IV=4B96B2D0CCADFF7D51C9132FDAC56E8E
+CT=DD0661DCA2BE8C20E95B3A84CCACDB10
+PT=E505435777F3781121A4A374684E3268
+
+I=73
+KEY=493467065AE405B82ECCB08F274884F8724F5E70CD0427E5
+IV=1E8116EB95B94AFC53EA2625C9D50599
+CT=E505435777F3781121A4A374684E3268
+PT=EF4B4E997DA0DCCBDBB36C020D03E8B5
+
+I=74
+KEY=4C94816DF6EBDEF5C187FE165AE85833A9FC3272C007CF50
+IV=29094410F6017E5805A0E66BAC0FDB4D
+CT=EF4B4E997DA0DCCBDBB36C020D03E8B5
+PT=FA9BAB377C654ED894024BEBDCED2FA0
+
+I=75
+KEY=697A0BC179C07A633B1C5521268D16EB3DFE79991CEAE0F0
+IV=83DD12597A405FB725EE8AAC8F2BA496
+CT=FA9BAB377C654ED894024BEBDCED2FA0
+PT=DD1FDA63382552D007F6F8E995820640
+
+I=76
+KEY=D40786ED2A6C15E8E6038F421EA8443B3A0881708968E6B0
+IV=2F3AE5594D9CCEDCBD7D8D2C53AC6F8B
+CT=DD1FDA63382552D007F6F8E995820640
+PT=C5FF0EB50BA651F436D0566385860ADA
+
+I=77
+KEY=9D47680C0159F69A23FC81F7150E15CF0CD8D7130CEEEC6A
+IV=1BCFAD6802C41B9A4940EEE12B35E372
+CT=C5FF0EB50BA651F436D0566385860ADA
+PT=67AE61A77D77CBFD48C080B21313BBAB
+
+I=78
+KEY=86E61E031542D2DB4452E0506879DE32441857A11FFD57C1
+IV=3DF4DA1F65C739511BA1760F141B2441
+CT=67AE61A77D77CBFD48C080B21313BBAB
+PT=68C8512217CB9C3BBF28011FA5BED044
+
+I=79
+KEY=4F93757DE614CB1D2C9AB1727FB24209FB3056BEBA438785
+IV=B2C15424EF4E4637C9756B7EF35619C6
+CT=68C8512217CB9C3BBF28011FA5BED044
+PT=233898C850826172965695499748A1B0
+
+I=80
+KEY=C56E54BBB54B22CC0FA229BA2F30237B6D66C3F72D0B2635
+IV=DC2FF5992D9383EF8AFD21C6535FE9D1
+CT=233898C850826172965695499748A1B0
+PT=70069F5E963A820D640B40697BD24716
+
+I=81
+KEY=A1EF05CB5AAE7A977FA4B6E4B90AA176096D839E56D96123
+IV=EE8CB982124A394C64815170EFE5585B
+CT=70069F5E963A820D640B40697BD24716
+PT=B136CA2EF42A9CFF53410554B28A8F65
+
+I=82
+KEY=ACEC084A8CED2F4FCE927CCA4D203D895A2C86CAE453EE46
+IV=515D8B6C167EC8570D030D81D64355D8
+CT=B136CA2EF42A9CFF53410554B28A8F65
+PT=123600CD1B5A664430413021DDC8CBBE
+
+I=83
+KEY=8325A9391B4E106ADCA47C07567A5BCD6A6DB6EB399B25F8
+IV=5A55A24EC8154E532FC9A17397A33F25
+CT=123600CD1B5A664430413021DDC8CBBE
+PT=8ECCA03E10D415557C4E7D92DDBFD791
+
+I=84
+KEY=DB877966BE0E84575268DC3946AE4E981623CB79E424F269
+IV=659705F3774E141758A2D05FA540943D
+CT=8ECCA03E10D415557C4E7D92DDBFD791
+PT=CB70B675AC6BF92237F1C479516E7E6A
+
+I=85
+KEY=59027658DEC2B5DE99186A4CEAC5B7BA21D20F00B54A8C03
+IV=C9B803CE2D57D26F82850F3E60CC3189
+CT=CB70B675AC6BF92237F1C479516E7E6A
+PT=5D99D06E9BEB82AB1CE22201E8467DBC
+
+I=86
+KEY=652E430F984201E0C481BA22712E35113D302D015D0CF1BF
+IV=1838FACBEAC13CF73C2C35574680B43E
+CT=5D99D06E9BEB82AB1CE22201E8467DBC
+PT=11D7AED0B552D62677DEB874BF7CF8ED
+
+I=87
+KEY=8377A2C11B73082DD55614F2C47CE3374AEE9575E2700952
+IV=068170C7E11427DFE659E1CE833109CD
+CT=11D7AED0B552D62677DEB874BF7CF8ED
+PT=74B108D32ABE8401D22F2C3FB008F670
+
+I=88
+KEY=7B89A5C45B0A22BBA1E71C21EEC2673698C1B94A5278FF22
+IV=5283DAD6FA2B605DF8FE070540792A96
+CT=74B108D32ABE8401D22F2C3FB008F670
+PT=7883BD8C4DA81C21C4A5847AD801B7AE
+
+I=89
+KEY=101261A4D23FDA13D964A1ADA36A7B175C643D308A79488C
+IV=E2ED92DE4829CB526B9BC4608935F8A8
+CT=7883BD8C4DA81C21C4A5847AD801B7AE
+PT=C865B27C21F6F6E681759C318607D2B9
+
+I=90
+KEY=E6A6A13B7A64EB51110113D1829C8DF1DD11A1010C7E9A35
+IV=AB325AD4F1FF1C52F6B4C09FA85B3142
+CT=C865B27C21F6F6E681759C318607D2B9
+PT=E31D7AC0E8ADB302BC6C23A0B1D693ED
+
+I=91
+KEY=64D366C4F61E139BF21C69116A313EF3617D82A1BDA809D8
+IV=A5201D1770A12A898275C7FF8C7AF8CA
+CT=E31D7AC0E8ADB302BC6C23A0B1D693ED
+PT=CAE6A97EE64228EEEF02E135944C5C62
+
+I=92
+KEY=B006CEF05093DE2238FAC06F8C73161D8E7F639429E455BA
+IV=62BD7E3EA22E26BAD4D5A834A68DCDB9
+CT=CAE6A97EE64228EEEF02E135944C5C62
+PT=B7AEF117099F799BB0752C7260A2DFB5
+
+I=93
+KEY=160AFF18C06B6C4A8F54317885EC6F863E0A4FE649468A0F
+IV=AEBB967838133F64A60C31E890F8B268
+CT=B7AEF117099F799BB0752C7260A2DFB5
+PT=81CCC6EDAD41D9C7986D4E175C71551D
+
+I=94
+KEY=21112CBE896259CE0E98F79528ADB641A66701F11537DF12
+IV=B695BBE7FA331039371BD3A649093584
+CT=81CCC6EDAD41D9C7986D4E175C71551D
+PT=9039E01C6485040A2EDAF4C27FE93870
+
+I=95
+KEY=60272333C1B4CCC39EA117894C28B24B88BDF5336ADEE762
+IV=4EE830907337D60241360F8D48D6950D
+CT=9039E01C6485040A2EDAF4C27FE93870
+PT=44D359DBE4BE436D5133CD81B72DB5C7
+
+I=96
+KEY=25C676A781511A98DA724E52A896F126D98E38B2DDF352A5
+IV=38491C9FD517260445E1559440E5D65B
+CT=44D359DBE4BE436D5133CD81B72DB5C7
+PT=7B47F95ED30563BE218E40DB4EAAE836
+
+I=97
+KEY=59A7B7512B5DC429A135B70C7B939298F80078699359BA93
+IV=1FD8B8BA8B0492E67C61C1F6AA0CDEB1
+CT=7B47F95ED30563BE218E40DB4EAAE836
+PT=C417F6A6824B165D4C26D631F77E45AC
+
+I=98
+KEY=82E6CF234BC0AA10652241AAF9D884C5B426AE586427FF3F
+IV=5FB017B65FE4AF34DB417872609D6E39
+CT=C417F6A6824B165D4C26D631F77E45AC
+PT=41EC9A06B318A4D06636ED5403F46CB7
+
+I=99
+KEY=82D69A1D747CF6E024CEDBAC4AC02015D210430C67D39388
+IV=1CC1F56321366F420030553E3FBC5CF0
+CT=41EC9A06B318A4D06636ED5403F46CB7
+PT=38E467F81D919F0A1704E9F5CDF4D5FC
+
+I=100
+KEY=29EFCA26B9C67E141C2ABC545751BF1FC514AAF9AA274674
+IV=A83BDBF4326AE806AB39503BCDBA88F4
+CT=38E467F81D919F0A1704E9F5CDF4D5FC
+PT=A08359A20D6F405018F8180A3E8D0FD1
+
+I=101
+KEY=AB20AC8C3C5DA5BEBCA9E5F65A3EFF4FDDECB2F394AA49A5
+IV=A14B10E1A998B04E82CF66AA859BDBAA
+CT=A08359A20D6F405018F8180A3E8D0FD1
+PT=A16C303138057144A3ECA63E7398DC93
+
+I=102
+KEY=86C5E861B9CEAF041DC5D5C7623B8E0B7E0014CDE7329536
+IV=181D943EA950561D2DE544ED85930ABA
+CT=A16C303138057144A3ECA63E7398DC93
+PT=EA1A2E30D890D01979D2BCE1EBE6C922
+
+I=103
+KEY=90321C401E4B6B30F7DFFBF7BAAB5E1207D2A82C0CD45C14
+IV=12BDB944D898BC5A16F7F421A785C434
+CT=EA1A2E30D890D01979D2BCE1EBE6C922
+PT=C0D620FCF33031DAD617ADBE8F6D13AC
+
+I=104
+KEY=84964C3B41FE8E4F3709DB0B499B6FC8D1C5059283B94FB8
+IV=0615AD27B29C55F814A4507B5FB5E57F
+CT=C0D620FCF33031DAD617ADBE8F6D13AC
+PT=EC4B9AEDBE44C4B74B693D08AA1D175A
+
+I=105
+KEY=6C6361F2C87BC168DB4241E6F7DFAB7F9AAC389A29A458E2
+IV=E79F33FFCD79681CE8F52DC989854F27
+CT=EC4B9AEDBE44C4B74B693D08AA1D175A
+PT=F34D426225ADEC3BD2580BF21EF24B3E
+
+I=106
+KEY=FDA3FB79F1A16865280F0384D272474448F43368375613DC
+IV=1DFE18B10032D35F91C09A8B39DAA90D
+CT=F34D426225ADEC3BD2580BF21EF24B3E
+PT=E14841B0D0CC1E698DE8053B9F1621E1
+
+I=107
+KEY=562D3BF792909255C947423402BE592DC51C3653A840323D
+IV=247A46C43AE54F1FAB8EC08E6331FA30
+CT=E14841B0D0CC1E698DE8053B9F1621E1
+PT=D21381B5032426EC3582BBD23739E04E
+
+I=108
+KEY=9D375E6E32C30A801B54C381019A7FC1F09E8D819F79D273
+IV=E05018C26DC38BBDCB1A6599A05398D5
+CT=D21381B5032426EC3582BBD23739E04E
+PT=82034FF505FE67B94373770348A934E5
+
+I=109
+KEY=7D1A900B515478DB99578C7404641878B3EDFA82D7D0E696
+IV=498AEA38AB55250CE02DCE656397725B
+CT=82034FF505FE67B94373770348A934E5
+PT=018B5B1787138D222F6B39C1291ECD2C
+
+I=110
+KEY=E74B55A39F67C54298DCD7638377955A9C86C343FECE2BBA
+IV=DD89DF396236F9A59A51C5A8CE33BD99
+CT=018B5B1787138D222F6B39C1291ECD2C
+PT=CABCB7EA14E821726602272A46CEB825
+
+I=111
+KEY=D3FFFE0F27D9200352606089979FB428FA84E469B800939F
+IV=A707D154BAC28BDC34B4ABACB8BEE541
+CT=CABCB7EA14E821726602272A46CEB825
+PT=0840D09DF2B14ED4B340D32101D68A54
+
+I=112
+KEY=485EC313821A37095A20B014652EFAFC49C43748B9D619CB
+IV=ADEF6A8A49BF208B9BA13D1CA5C3170A
+CT=0840D09DF2B14ED4B340D32101D68A54
+PT=5EB0166FB04AF38F9EA60929FD641844
+
+I=113
+KEY=E841074638A154D90490A67BD5640973D7623E6144B2018F
+IV=B1956D86A4F79E40A01FC455BABB63D0
+CT=5EB0166FB04AF38F9EA60929FD641844
+PT=2ECBDAFBD0336A436D89FC12944750EC
+
+I=114
+KEY=17E86798DB7A64E42A5B7C8005576330BAEBC273D0F55163
+IV=0AFFE19CA1425218FFA960DEE3DB303D
+CT=2ECBDAFBD0336A436D89FC12944750EC
+PT=A326D8C07EF7A21302A3C6A9C67C371A
+
+I=115
+KEY=D1A6F2AB7C130A60897DA4407BA0C123B84804DA16896679
+IV=6F630069CD0333BDC64E9533A7696E84
+CT=A326D8C07EF7A21302A3C6A9C67C371A
+PT=6D06DDFB9B12A71298E32318F582EF72
+
+I=116
+KEY=C7D58104581CB5C5E47B79BBE0B2663120AB27C2E30B890B
+IV=80E47BA8410247C5167373AF240FBFA5
+CT=6D06DDFB9B12A71298E32318F582EF72
+PT=E1391A50F140E255A9B2E628F25B9B1D
+
+I=117
+KEY=00D8EEC433F7D68E054263EB11F284648919C1EA11501216
+IV=96F652822C5D4496C70D6FC06BEB634B
+CT=E1391A50F140E255A9B2E628F25B9B1D
+PT=1418A2DC8D6DBA4942932D6944011D8A
+
+I=118
+KEY=71D444358CCCF986115AC1379C9F3E2DCB8AEC8355510F9C
+IV=410374DE0D8A79FA710CAAF1BF3B2F08
+CT=1418A2DC8D6DBA4942932D6944011D8A
+PT=A70A2C48CF5786868844274B8C493C56
+
+I=119
+KEY=B9FD9626EC74A129B650ED7F53C8B8AB43CECBC8D91833CA
+IV=8362FAE290801C25C829D21360B858AF
+CT=A70A2C48CF5786868844274B8C493C56
+PT=3484BA42558B199E8477B8F8280CDE91
+
+I=120
+KEY=94CAEE912A7B443582D4573D0643A135C7B97330F114ED5B
+IV=F6ABE3F0A7FFC9E02D3778B7C60FE51C
+CT=3484BA42558B199E8477B8F8280CDE91
+PT=5D79433F85C7D4C258487080E340F049
+
+I=121
+KEY=1D2F762CF08FAE0ADFAD1402838475F79FF103B012541D12
+IV=A0C57652FBF9107C89E598BDDAF4EA3F
+CT=5D79433F85C7D4C258487080E340F049
+PT=C51891EA2E68BC60E84912A91F470201
+
+I=122
+KEY=9E691D03A3AEB6491AB585E8ADECC99777B811190D131F13
+IV=8426C338234DB9E183466B2F53211843
+CT=C51891EA2E68BC60E84912A91F470201
+PT=F946FD67DD7F92A7A6B93B4F71F70243
+
+I=123
+KEY=61EA6FD274C07ADDE3F3788F70935B30D1012A567CE41D50
+IV=2C2AF70B07E9E6F9FF8372D1D76ECC94
+CT=F946FD67DD7F92A7A6B93B4F71F70243
+PT=B4CB0EFF14F8CDC693CC8E7DCEE8E0B0
+
+I=124
+KEY=84F27E5BF8B55DA657387670646B96F642CDA42BB20CFDE0
+IV=693782638B439464E51811898C75277B
+CT=B4CB0EFF14F8CDC693CC8E7DCEE8E0B0
+PT=EF6DDB56AAE9CFFE128FB3776DD94D20
+
+I=125
+KEY=5B1111EADAECDD73B855AD26CE8259085042175CDFD5B0C0
+IV=A14AAEF7A1BF063BDFE36FB1225980D5
+CT=EF6DDB56AAE9CFFE128FB3776DD94D20
+PT=4ACC6AF28293A647093AE788BA778835
+
+I=126
+KEY=A924DC707FB16DF1F299C7D44C11FF4F5978F0D465A238F5
+IV=3F7E73BFA24B0C02F235CD9AA55DB082
+CT=4ACC6AF28293A647093AE788BA778835
+PT=5A7989DC61AD6B66B3E83A29168BEDB9
+
+I=127
+KEY=164FBEF9EBAEEF03A8E04E082DBC9429EA90CAFD7329D54C
+IV=2FB4F1A000B78156BF6B6289941F82F2
+CT=5A7989DC61AD6B66B3E83A29168BEDB9
+PT=246A94AB8488B39C52DE68E8CA5AE0D2
+
+I=128
+KEY=B1F4A368B64A78EC8C8ADAA3A93427B5B84EA215B973359E
+IV=5D178EC8305B804FA7BB1D915DE497EF
+CT=246A94AB8488B39C52DE68E8CA5AE0D2
+PT=F7C758F8DC8FC0891907EBBF299F70B8
+
+I=129
+KEY=9161A39C256814AA7B4D825B75BBE73CA14949AA90EC4526
+IV=C87E61A9434EB29F209500F493226C46
+CT=F7C758F8DC8FC0891907EBBF299F70B8
+PT=E2D82C5506BEFA7D7BF032E4C72141CF
+
+I=130
+KEY=0BFDA1B2CF4B15199995AE0E73051D41DAB97B4E57CD04E9
+IV=5D00992780D9832B9A9C022EEA2301B3
+CT=E2D82C5506BEFA7D7BF032E4C72141CF
+PT=F3A0DF1793FC88117E87478FD9E5A1A8
+
+I=131
+KEY=F8F5F6016FECDCAF6A357119E0F99550A43E3CC18E28A541
+IV=2800EECA83EB078CF30857B3A0A7C9B6
+CT=F3A0DF1793FC88117E87478FD9E5A1A8
+PT=BEB572C53E9985218ED9012BAB4A9F5B
+
+I=132
+KEY=84F3E0D153E140D6D48003DCDE6010712AE73DEA25623A1A
+IV=E2BEAF80F4A1DDA27C0616D03C0D9C79
+CT=BEB572C53E9985218ED9012BAB4A9F5B
+PT=7F4B21C4B7466149CB890B77AC538752
+
+I=133
+KEY=B69E5A72FE9B1B85ABCB221869267138E16E369D8931BD48
+IV=FE0A667B9B2BDD29326DBAA3AD7A5B53
+CT=7F4B21C4B7466149CB890B77AC538752
+PT=4B239C8F83F0A10DC6A3497CC3CF9C8E
+
+I=134
+KEY=0BCF87D2538E0EADE0E8BE97EAD6D03527CD7FE14AFE21C6
+IV=878250C5EA7834CFBD51DDA0AD151528
+CT=4B239C8F83F0A10DC6A3497CC3CF9C8E
+PT=89F2B4B8C5AB2988CDEA61F4D4A1BCD4
+
+I=135
+KEY=97A4FDCD2E0C993E691A0A2F2F7DF9BDEA271E159E5F9D12
+IV=95E34D44C3E2FE319C6B7A1F7D829793
+CT=89F2B4B8C5AB2988CDEA61F4D4A1BCD4
+PT=C622E28004842564F193C0E58AB40FCB
+
+I=136
+KEY=38F0A45980CEF0B9AF38E8AF2BF9DCD91BB4DEF014EB92D9
+IV=1BC195727D154539AF545994AEC26987
+CT=C622E28004842564F193C0E58AB40FCB
+PT=DF360FBC1607BCC1E6EE9088AEE62EC7
+
+I=137
+KEY=6638E0333D7A6765700EE7133DFE6018FD5A4E78BA0DBC1E
+IV=F0AB65A69AA4486A5EC8446ABDB497DC
+CT=DF360FBC1607BCC1E6EE9088AEE62EC7
+PT=9A8E5BFE223FA9D747164FC1C98B9CDC
+
+I=138
+KEY=5103611D32D7A1EFEA80BCED1FC1C9CFBA4C01B9738620C2
+IV=A6617B5DA41B2A32373B812E0FADC68A
+CT=9A8E5BFE223FA9D747164FC1C98B9CDC
+PT=F0143DD4EC3A85F9FA4D5579BD7268A1
+
+I=139
+KEY=64FD310AF27CF98C1A948139F3FB4C36400154C0CEF44863
+IV=EBCB744B477F25E635FE5017C0AB5863
+CT=F0143DD4EC3A85F9FA4D5579BD7268A1
+PT=C5C1FED629BF81EE343E4DAEE6BC4D44
+
+I=140
+KEY=9390B012FA7D48D9DF557FEFDA44CDD8743F196E28480527
+IV=7AF352D33C08F3FEF76D81180801B155
+CT=C5C1FED629BF81EE343E4DAEE6BC4D44
+PT=26C4460F0B79E16263C38C240C276E5C
+
+I=141
+KEY=F578E5DF6818CB58F99139E0D13D2CBA17FC954A246F6B7B
+IV=05DA148A4EB4D12966E855CD92658381
+CT=26C4460F0B79E16263C38C240C276E5C
+PT=E0E249ADB3A39EE2BB48959426874123
+
+I=142
+KEY=F23F67282BAFE10E1973704D629EB258ACB400DE02E82A58
+IV=7748B1652DE54EF9074782F743B72A56
+CT=E0E249ADB3A39EE2BB48959426874123
+PT=C2299AAE24C941DC44E5D492BC492FED
+
+I=143
+KEY=5CAC16BD99EC5067DB5AEAE34657F384E851D44CBEA105B5
+IV=4F599B9C20378305AE937195B243B169
+CT=C2299AAE24C941DC44E5D492BC492FED
+PT=780DA1D6FD961DA4756375A15B8BA620
+
+I=144
+KEY=9FF7C1766F7F6F9FA3574B35BBC1EE209D32A1EDE52AA395
+IV=044A8C7FFE220414C35BD7CBF6933FF8
+CT=780DA1D6FD961DA4756375A15B8BA620
+PT=E63FE8BE6566E9ECCCDBEC442BCCCBD5
+
+I=145
+KEY=3EA408C4CD15E6F24568A38BDEA707CC51E94DA9CEE66840
+IV=05DE81CD5892F1FEA153C9B2A26A896D
+CT=E63FE8BE6566E9ECCCDBEC442BCCCBD5
+PT=19F5E5DDDF0F6FABA9B16B732C6058B8
+
+I=146
+KEY=29FF0DD567A810385C9D465601A86867F85826DAE28630F8
+IV=0A2A8BF3BE53E2B5175B0511AABDF6CA
+CT=19F5E5DDDF0F6FABA9B16B732C6058B8
+PT=41FCD9F8972431F43669863F37B4A18C
+
+I=147
+KEY=842E4C2F46849E731D619FAE968C5993CE31A0E5D5329174
+IV=1EABD419CA4C0D0BADD141FA212C8E4B
+CT=41FCD9F8972431F43669863F37B4A18C
+PT=9857CFE1CFE1046F88DF3EB8ECC92E40
+
+I=148
+KEY=8EE3344CCB9DE2038536504F596D5DFC46EE9E5D39FBBF34
+IV=FA266CF1AF82A2250ACD78638D197C70
+CT=9857CFE1CFE1046F88DF3EB8ECC92E40
+PT=DE4C55865FB82BDA1FC0D024791C1B22
+
+I=149
+KEY=DEEEC86215A6098D5B7A05C906D57626592E4E7940E7A416
+IV=F9B4CFCA36A1B0AB500DFC2EDE3BEB8E
+CT=DE4C55865FB82BDA1FC0D024791C1B22
+PT=077F866BF30097D12650855C71B7DB9C
+
+I=150
+KEY=50872D11A2E463D65C0583A2F5D5E1F77F7ECB2531507F8A
+IV=53D4E4CE2C06FCC38E69E573B7426A5B
+CT=077F866BF30097D12650855C71B7DB9C
+PT=670BBCB81CDE03B883D9B784124F5851
+
+I=151
+KEY=7DE3AF7C8550901C3B0E3F1AE90BE24FFCA77CA1231F27DB
+IV=C26330B1219C4B4A2D64826D27B4F3CA
+CT=670BBCB81CDE03B883D9B784124F5851
+PT=D6141C300F5E5119E1B5F4BBF415A6DD
+
+I=152
+KEY=BB126D64220A8DB9ED1A232AE655B3561D12881AD70A8106
+IV=74D773D0F053239CC6F1C218A75A1DA5
+CT=D6141C300F5E5119E1B5F4BBF415A6DD
+PT=8F742130206F1047FE9CAAE4F2C31B19
+
+I=153
+KEY=9845C3A02214A55D626E021AC63AA311E38E22FE25C99A1F
+IV=7EC0B4E8BD4BD3EB2357AEC4001E28E4
+CT=8F742130206F1047FE9CAAE4F2C31B19
+PT=47D0D28AF3164CC77FBAB5C015CAC1C9
+
+I=154
+KEY=BBC47FAB874E0ED425BED090352CEFD69C34973E30035BD6
+IV=833EC00D894BD8502381BC0BA55AAB89
+CT=47D0D28AF3164CC77FBAB5C015CAC1C9
+PT=3202B04CFC260747BF839FF754A01E26
+
+I=155
+KEY=BCC028DA5F286DE017BC60DCC90AE89123B708C964A345F0
+IV=8BCC8079D2175F4407045771D8666334
+CT=3202B04CFC260747BF839FF754A01E26
+PT=75E9FBADAD8885FB2398427EE94C5899
+
+I=156
+KEY=352B0CD3E3BA0EB462559B7164826D6A002F4AB78DEF1D69
+IV=0B159F18C1F33EA389EB2409BC926354
+CT=75E9FBADAD8885FB2398427EE94C5899
+PT=90DA906982058C84D2E75B5DAE0EA756
+
+I=157
+KEY=6F32D4393B37EA77F28F0B18E687E1EED2C811EA23E1BA3F
+IV=2F5C35DA76038E4F5A19D8EAD88DE4C3
+CT=90DA906982058C84D2E75B5DAE0EA756
+PT=705C22072FDFB807A49BAE0FD4D254AF
+
+I=158
+KEY=5740616769DDF57482D3291FC95859E97653BFE5F733EE90
+IV=B276B0CE56828D683872B55E52EA1F03
+CT=705C22072FDFB807A49BAE0FD4D254AF
+PT=A966EE217CF2BDBC17A0BB55AE769FEB
+
+I=159
+KEY=C9E379BDBC05CC402BB5C73EB5AAE45561F304B05945717B
+IV=E1F41EF2147CB5CE9EA318DAD5D83934
+CT=A966EE217CF2BDBC17A0BB55AE769FEB
+PT=239D761F1F0437935464C4959546B6BB
+
+I=160
+KEY=7B2C4F503FCC91AE0828B121AAAED3C63597C025CC03C7C0
+IV=6F90097C7822030DB2CF36ED83C95DEE
+CT=239D761F1F0437935464C4959546B6BB
+PT=499477B6476BA58CAEF81290ABDD46C4
+
+I=161
+KEY=42BC1C4F29D1801D41BCC697EDC5764A9B6FD2B567DE8104
+IV=1571EE53AE1ACAEF3990531F161D11B3
+CT=499477B6476BA58CAEF81290ABDD46C4
+PT=ACC1FB947EB4C7F115871859CD254D96
+
+I=162
+KEY=9BE24C041BF4DEECED7D3D039371B1BB8EE8CAECAAFBCC92
+IV=E24F4DBEF2122A73D95E504B32255EF1
+CT=ACC1FB947EB4C7F115871859CD254D96
+PT=85DC9D7ADF342B0733CF9812CFD58F0A
+
+I=163
+KEY=83BEBEB5727649F268A1A0794C459ABCBD2752FE652E4398
+IV=AF0690E77B1F140B185CF2B16982971E
+CT=85DC9D7ADF342B0733CF9812CFD58F0A
+PT=7ED8B4DCBD1D13BEA5C819E99ECF75AA
+
+I=164
+KEY=7020802D561D88AD167914A5F158890218EF4B17FBE13632
+IV=F0AC93D8DDD31D5BF39E3E98246BC15F
+CT=7ED8B4DCBD1D13BEA5C819E99ECF75AA
+PT=C81F0464C2DE212229370C7A4ED2E890
+
+I=165
+KEY=39F8EA2D638410ABDE6610C13386A82031D8476DB533DEA2
+IV=FD6338FAE6F6B00B49D86A0035999806
+CT=C81F0464C2DE212229370C7A4ED2E890
+PT=23A0FA99C632BCC62A035A09514C3EBA
+
+I=166
+KEY=52FA33F30EFD8D0FFDC6EA58F5B414E61BDB1D64E47FE018
+IV=04C6E0136D8E04C16B02D9DE6D799DA4
+CT=23A0FA99C632BCC62A035A09514C3EBA
+PT=9F7F1081AE4B6AD51D395D764D2D5B68
+
+I=167
+KEY=95C21BD9257B233A62B9FAD95BFF7E3306E24012A952BB70
+IV=72410E03AAE65889C738282A2B86AE35
+CT=9F7F1081AE4B6AD51D395D764D2D5B68
+PT=5F088092968BF4AF04BF862A6721DF2B
+
+I=168
+KEY=058F749326AE1DD53DB17A4BCD748A9C025DC638CE73645B
+IV=D678325E266D12D7904D6F4A03D53EEF
+CT=5F088092968BF4AF04BF862A6721DF2B
+PT=15670F60D1D70E129418AC14A425DD70
+
+I=169
+KEY=23D2D59C5EF4AF3D28D6752B1CA3848E96456A2C6A56B92B
+IV=BB7B672A91E9A61A265DA10F785AB2E8
+CT=15670F60D1D70E129418AC14A425DD70
+PT=3273AC9D250F729AE790A941739C79BF
+
+I=170
+KEY=E11B1F94517914C81AA5D9B639ACF61471D5C36D19CAC094
+IV=AB84F623EFA11728C2C9CA080F8DBBF5
+CT=3273AC9D250F729AE790A941739C79BF
+PT=9B135880CB56A8E6CF3A364CC6E02175
+
+I=171
+KEY=66F867085DBE626581B68136F2FA5EF2BEEFF521DF2AE1E1
+IV=01ED899C8DC9C09E87E3789C0CC776AD
+CT=9B135880CB56A8E6CF3A364CC6E02175
+PT=681D6FC5447CCFE1152156CFF6172B6A
+
+I=172
+KEY=98505FCD27DAB39EE9ABEEF3B6869113ABCEA3EE293DCA8B
+IV=A58C8285C31035B1FEA838C57A64D1FB
+CT=681D6FC5447CCFE1152156CFF6172B6A
+PT=6E30DF3FBD67A5FD491E315EF3A268A0
+
+I=173
+KEY=9F904A41C19B57A9879B31CC0BE134EEE2D092B0DA9FA22B
+IV=6F46DCB3A84FD96907C0158CE641E437
+CT=6E30DF3FBD67A5FD491E315EF3A268A0
+PT=5B4980E24D8F9CABE017991326FBBE95
+
+I=174
+KEY=A330D5A6779731D6DCD2B12E466EA84502C70BA3FC641CBE
+IV=C5BDAB77E0CA95463CA09FE7B60C667F
+CT=5B4980E24D8F9CABE017991326FBBE95
+PT=7324530BF94BD80D286C9BE2FE4113D3
+
+I=175
+KEY=20F008DE76D7968AAFF6E225BF2570482AAB904102250F6D
+IV=32F5EC4AEBB997C583C0DD780140A75C
+CT=7324530BF94BD80D286C9BE2FE4113D3
+PT=B163425AB21DF6AFBD2C7000E777E902
+
+I=176
+KEY=0F48153B232E71F41E95A07F0D3886E79787E041E552E66F
+IV=3D1854E0C481B28E2FB81DE555F9E77E
+CT=B163425AB21DF6AFBD2C7000E777E902
+PT=EB1A6C86C3811E3081325F35BA7F2DCA
+
+I=177
+KEY=96EE2134FD40CA34F58FCCF9CEB998D716B5BF745F2DCBA5
+IV=8629366A8B8E266499A6340FDE6EBBC0
+CT=EB1A6C86C3811E3081325F35BA7F2DCA
+PT=E9675AF0035C3F8E9D5E58D0652BF5C7
+
+I=178
+KEY=BF754C828BFE309B1CE89609CDE5A7598BEBE7A43A063E62
+IV=566D5FCEC3FF7D43299B6DB676BEFAAF
+CT=E9675AF0035C3F8E9D5E58D0652BF5C7
+PT=24B4DA85EEFAA123948C6B5E0E07EB08
+
+I=179
+KEY=F0223B4AF5C885B4385C4C8C231F067A1F678CFA3401D56A
+IV=67B98EC651B057104F5777C87E36B52F
+CT=24B4DA85EEFAA123948C6B5E0E07EB08
+PT=753CFEBBB9E623453B8BB2976B8D7BD4
+
+I=180
+KEY=04665169E091DEF74D60B2379AF9253F24EC3E6D5F8CAEBE
+IV=BC3806A9E56A1DACF4446A2315595B43
+CT=753CFEBBB9E623453B8BB2976B8D7BD4
+PT=6949284723B4F795D530B366FAE70876
+
+I=181
+KEY=9CABB1CFD4E46F8324299A70B94DD2AAF1DC8D0BA56BA6C8
+IV=8C864563BB8D45A098CDE0A63475B174
+CT=6949284723B4F795D530B366FAE70876
+PT=D43FED9A25C62349787F0336BFFBBFEB
+
+I=182
+KEY=4407065E88AE79D9F01677EA9C8BF1E389A38E3D1A901923
+IV=539CC5888B34198FD8ACB7915C4A165A
+CT=D43FED9A25C62349787F0336BFFBBFEB
+PT=030733E175916579F582A778B261DA1C
+
+I=183
+KEY=84D1EE80E8FA54DEF311440BE91A949A7C212945A8F1C33F
+IV=78306F4F56DEF759C0D6E8DE60542D07
+CT=030733E175916579F582A778B261DA1C
+PT=F7B1ABE4B4AE3CB726F9A88B06D4552A
+
+I=184
+KEY=E885BEA6176A75D804A0EFEF5DB4A82D5AD881CEAE259615
+IV=3AC80B78F744208A6C545026FF902106
+CT=F7B1ABE4B4AE3CB726F9A88B06D4552A
+PT=DA984A2C346A4B758E066EB509079168
+
+I=185
+KEY=2E0317B2DB3F9893DE38A5C369DEE358D4DEEF7BA722077D
+IV=FC74E03B1068A6FEC686A914CC55ED4B
+CT=DA984A2C346A4B758E066EB509079168
+PT=21F473636EF27B91F29BB1CE67908763
+
+I=186
+KEY=850E1B37E1F7DD89FFCCD6A0072C98C926455EB5C0B2801E
+IV=7DFD76EE7EF97796AB0D0C853AC8451A
+CT=21F473636EF27B91F29BB1CE67908763
+PT=9EEF6E211CC8EDBD3C4FBE3E14B13C70
+
+I=187
+KEY=655D365D66CAA5C36123B8811BE475741A0AE08BD403BC6E
+IV=33318C04CC0B3CBDE0532D6A873D784A
+CT=9EEF6E211CC8EDBD3C4FBE3E14B13C70
+PT=8AB49333CA7B2E58E7B24536BB34DEE7
+
+I=188
+KEY=BE3C315647F981DCEB972BB2D19F5B2CFDB8A5BD6F376289
+IV=79D06A0D66B5C2B1DB61070B2133241F
+CT=8AB49333CA7B2E58E7B24536BB34DEE7
+PT=323D1E775FD729005DA7A2853A855ED4
+
+I=189
+KEY=3126E544A65724C4D9AA35C58E48722CA01F073855B23C5D
+IV=CC5C9D95685AF1228F1AD412E1AEA518
+CT=323D1E775FD729005DA7A2853A855ED4
+PT=E283016FEDADEBA2BEC7ADB5A8DEA8B9
+
+I=190
+KEY=BCF052AFAFA4852D3B2934AA63E5998E1ED8AA8DFD6C94E4
+IV=2753144E0A26D9FE8DD6B7EB09F3A1E9
+CT=E283016FEDADEBA2BEC7ADB5A8DEA8B9
+PT=9A9BB977D53BBD47550DC60A49AFA0FA
+
+I=191
+KEY=ECB724A85CBC7B58A1B28DDDB6DE24C94BD56C87B4C3341E
+IV=27F910046A94AA3B50477607F318FE75
+CT=9A9BB977D53BBD47550DC60A49AFA0FA
+PT=AF4C7AC3B02C1B077E8F97B59AE52A21
+
+I=192
+KEY=BCA9E9794F9004AB0EFEF71E06F23FCE355AFB322E261E3F
+IV=8AF06705FE272571501ECDD1132C7FF3
+CT=AF4C7AC3B02C1B077E8F97B59AE52A21
+PT=A97DEE2A64DFA7C198B6A4F21E80F7DF
+
+I=193
+KEY=10DCC14B9A309E25A7831934622D980FADEC5FC030A6E9E0
+IV=B04E1C6FC657B8AEAC752832D5A09A8E
+CT=A97DEE2A64DFA7C198B6A4F21E80F7DF
+PT=34E8228A24C7A16F9ED3F4B9A94AA70D
+
+I=194
+KEY=9CB6EE6AAEFAFBED936B3BBE46EA3960333FAB7999EC4EED
+IV=6A966EBB8F80A1608C6A2F2134CA65C8
+CT=34E8228A24C7A16F9ED3F4B9A94AA70D
+PT=99E6CA896906CBAA9B8D01155D1DB162
+
+I=195
+KEY=461916712E8BD6F10A8DF1372FECF2CAA8B2AA6CC4F1FF8F
+IV=EAF849974783FAA7DAAFF81B80712D1C
+CT=99E6CA896906CBAA9B8D01155D1DB162
+PT=6009B53EB4690C1F1F10639F1FD7640A
+
+I=196
+KEY=5B9B91A966F9CE146A8444099B85FED5B7A2C9F3DB269B85
+IV=3FB045D182F781EB1D8287D8487218E5
+CT=6009B53EB4690C1F1F10639F1FD7640A
+PT=88ED4BC34A27F4C4B480B99857EBF541
+
+I=197
+KEY=404F7D8B0E966F02E2690FCAD1A20A110322706B8CCD6EC4
+IV=49C0F4571BAEBE4C1BD4EC22686FA116
+CT=88ED4BC34A27F4C4B480B99857EBF541
+PT=B88F0E3E01FEDF97766AC6B762D2EBC3
+
+I=198
+KEY=CB2EA99F330A3A865AE601F4D05CD5867548B6DCEE1F8507
+IV=2518DA0D88C02EC38B61D4143D9C5584
+CT=B88F0E3E01FEDF97766AC6B762D2EBC3
+PT=C1C167FF37E89937DCB8D79C9BC9EC74
+
+I=199
+KEY=913C795CF72CD1219B27660BE7B44CB1A9F0614075D66973
+IV=37769A59390261FB5A12D0C3C426EBA7
+CT=C1C167FF37E89937DCB8D79C9BC9EC74
+PT=64D912270A1E60192CDAAD8168219E56
+
+I=200
+KEY=05F19DF919E44144FFFE742CEDAA2CA8852ACCC11DF7F725
+IV=63E9D4D1BDD7FEAD94CDE4A5EEC89065
+CT=64D912270A1E60192CDAAD8168219E56
+PT=C9AD2DBB1C686A67A3E21A5659576A2B
+
+I=201
+KEY=099D0DCE5E4E194236535997F1C246CF26C8D69744A09D0E
+IV=A01E3F917EF4652F0C6C903747AA5806
+CT=C9AD2DBB1C686A67A3E21A5659576A2B
+PT=244C740B4B136C6C480D0147163868D1
+
+I=202
+KEY=EA1F242E9C75C712121F2D9CBAD12AA36EC5D7D05298F5DF
+IV=C9D2288C473BCB3EE38229E0C23BDE50
+CT=244C740B4B136C6C480D0147163868D1
+PT=A6B125A9C570CC3ECBB5D302ADB96E34
+
+I=203
+KEY=CD5D7C91FBDC81A1B4AE08357FA1E69DA57004D2FF219BEB
+IV=871F525F8ED73B7F274258BF67A946B3
+CT=A6B125A9C570CC3ECBB5D302ADB96E34
+PT=0F9862A4A21E1FB365135C07577FB3EE
+
+I=204
+KEY=F7D9B8C22BDC8005BB366A91DDBFF92EC06358D5A85E2805
+IV=01BB0A9A8737C19D3A84C453D00001A4
+CT=0F9862A4A21E1FB365135C07577FB3EE
+PT=D833DB436E1751B882D03FADF683690B
+
+I=205
+KEY=83F81E3CED72F22F6305B1D2B3A8A89642B367785EDD410E
+IV=80E0E7001CCA60CA7421A6FEC6AE722A
+CT=D833DB436E1751B882D03FADF683690B
+PT=0AE2C64D2C577C420F26F2F48AA58D62
+
+I=206
+KEY=63310E5F2F8F0E0769E7779F9FFFD4D44D95958CD478CC6C
+IV=57E54995CDC9417DE0C91063C2FDFC28
+CT=0AE2C64D2C577C420F26F2F48AA58D62
+PT=B0E2976AA3891A2C71AFEB063E3C4383
+
+I=207
+KEY=F3AE2989B3980DC9D905E0F53C76CEF83C3A7E8AEA448FEF
+IV=999DD6C2B1C528E2909F27D69C1703CE
+CT=B0E2976AA3891A2C71AFEB063E3C4383
+PT=16F8A305177ECDBA15403FE5D8EEF60D
+
+I=208
+KEY=52CF17D8DEA4CE5ACFFD43F02B080342297A416F32AA79E2
+IV=C9F5BC961057F845A1613E516D3CC393
+CT=16F8A305177ECDBA15403FE5D8EEF60D
+PT=A607A3EE165E82711B30B44CF4E0C4CF
+
+I=209
+KEY=E22ADE79E75FE58E69FAE01E3D568133324AF523C64ABD2D
+IV=E153F25DD207351AB0E5C9A139FB2BD4
+CT=A607A3EE165E82711B30B44CF4E0C4CF
+PT=5191CDD0D077AD6BE956AF8E8E39FECA
+
+I=210
+KEY=38C58EA4EA1E8D4C386B2DCEED212C58DB1C5AAD487343E7
+IV=F55357187F06B142DAEF50DD0D4168C2
+CT=5191CDD0D077AD6BE956AF8E8E39FECA
+PT=F63A42508522E5F09C31F160298E8E6F
+
+I=211
+KEY=8C29CD4F1330EF25CE516F9E6803C9A8472DABCD61FDCD88
+IV=2CBD520E6F6F89C7B4EC43EBF92E6269
+CT=F63A42508522E5F09C31F160298E8E6F
+PT=E58ED2EA8671DC5D527CDE01C6D9655D
+
+I=212
+KEY=3650C9671F38CD752BDFBD74EE7215F5155175CCA724A8D5
+IV=73CA969AECA5574BBA7904280C082250
+CT=E58ED2EA8671DC5D527CDE01C6D9655D
+PT=5FFCACC68357B6709F5B10D48C65EA40
+
+I=213
+KEY=6F68A078A75FF5A1742311B26D25A3858A0A65182B414295
+IV=DEA2D7D8F9FE3E7D5938691FB86738D4
+CT=5FFCACC68357B6709F5B10D48C65EA40
+PT=10BBA695F25C1F9412DB80F59F937F84
+
+I=214
+KEY=9E08E5F9EEC5A7606498B7279F79BC1198D1E5EDB4D23D11
+IV=20E4DE61513233E5F1604581499A52C1
+CT=10BBA695F25C1F9412DB80F59F937F84
+PT=36CAF539734BCAF8250595E5E5DB3E94
+
+I=215
+KEY=F72A5636B3A2D23B5252421EEC3276E9BDD4700851090385
+IV=9DEBE05128A2A1A06922B3CF5D67755B
+CT=36CAF539734BCAF8250595E5E5DB3E94
+PT=C64074C9A34850C6FD1B12CD8AE9EF30
+
+I=216
+KEY=D74FABF587AB10AA941236D74F7A262F40CF62C5DBE0ECB5
+IV=DEF3A637247B78C02065FDC33409C291
+CT=C64074C9A34850C6FD1B12CD8AE9EF30
+PT=DF663CE4199BC64ACB9B6F99D69EC679
+
+I=217
+KEY=8D12BAEA80612A284B740A3356E1E0658B540D5C0D7E2ACC
+IV=7D9C0365E66F1A355A5D111F07CA3A82
+CT=DF663CE4199BC64ACB9B6F99D69EC679
+PT=CD1BCBDCE7F8C008177E25B83604EE83
+
+I=218
+KEY=57B4196767474175866FC1EFB119206D9C2A28E43B7AC44F
+IV=41846FA05FC28ABCDAA6A38DE7266B5D
+CT=CD1BCBDCE7F8C008177E25B83604EE83
+PT=CD7E96FE44368C4AD22E9D4F6BE3C2C2
+
+I=219
+KEY=CBA15BF34D728F0E4B115711F52FAC274E04B5AB5099068D
+IV=873A6522E20108C09C1542942A35CE7B
+CT=CD7E96FE44368C4AD22E9D4F6BE3C2C2
+PT=BCC88D6EAF2E41D9AA6E7C91DADCF92E
+
+I=220
+KEY=D3071140E7C7E244F7D9DA7F5A01EDFEE46AC93A8A45FFA3
+IV=A50F782EA949C2A718A64AB3AAB56D4A
+CT=BCC88D6EAF2E41D9AA6E7C91DADCF92E
+PT=1FFD3EC8E0D0AD8F3D23961703C0C445
+
+I=221
+KEY=3F44AB6E12394D24E824E4B7BAD14071D9495F2D89853BE6
+IV=501500DC8A97D00BEC43BA2EF5FEAF60
+CT=1FFD3EC8E0D0AD8F3D23961703C0C445
+PT=1D3D85A9A4BF101E12CC79640D716AC6
+
+I=222
+KEY=D6B97A7D0CEBEA71F519611E1E6E506FCB85264984F45120
+IV=84933D2D2F1F6C13E9FDD1131ED2A755
+CT=1D3D85A9A4BF101E12CC79640D716AC6
+PT=A2228D0483F9CF74CAA301FD30D7DB68
+
+I=223
+KEY=E86CCBF22BAF7B31573BEC1A9D979F1B012627B4B4238A48
+IV=4AE5BFEB7168981E3ED5B18F27449140
+CT=A2228D0483F9CF74CAA301FD30D7DB68
+PT=D43E1D2C7447B7C08BCA25F8371AEECF
+
+I=224
+KEY=0279786975DB97998305F136E9D028DB8AEC024C83396487
+IV=2FC19D77503C0296EA15B39B5E74ECA8
+CT=D43E1D2C7447B7C08BCA25F8371AEECF
+PT=4F97B6C0B7D10763CD5CE3A45855FEC0
+
+I=225
+KEY=7F842708B71AD43BCC9247F65E012FB847B0E1E8DB6C9A47
+IV=BAC3ED277430C4537DFD5F61C2C143A2
+CT=4F97B6C0B7D10763CD5CE3A45855FEC0
+PT=067B1521895AE654CA0C20492A9714B8
+
+I=226
+KEY=2FA21F709793A1C7CAE952D7D75BC9EC8DBCC1A1F1FB8EFF
+IV=66014BDC0AD70ABB50263878208975FC
+CT=067B1521895AE654CA0C20492A9714B8
+PT=E07E7A1D3F39E45E3A755A82EE3C2EBC
+
+I=227
+KEY=671468BAD93EDBD32A9728CAE8622DB2B7C99B231FC7A043
+IV=47BFF88E3EC2E8DC48B677CA4EAD7A14
+CT=E07E7A1D3F39E45E3A755A82EE3C2EBC
+PT=0933D51670E8918147A56816B838BC74
+
+I=228
+KEY=9749A2F6B448445023A4FDDC988ABC33F06CF335A7FF1C37
+IV=58F8C33F4725EED2F05DCA4C6D769F83
+CT=0933D51670E8918147A56816B838BC74
+PT=E90570CDFC2CDCC99826780CA7CD7A1C
+
+I=229
+KEY=C43D753C2489B403CAA18D1164A660FA684A8B390032662B
+IV=C4027E5BF29E96A65374D7CA90C1F053
+CT=E90570CDFC2CDCC99826780CA7CD7A1C
+PT=65B6C303491459554CDDA630AAB36C12
+
+I=230
+KEY=32F2C804DF89C908AF174E122DB239AF24972D09AA810A39
+IV=51DE94724DCE9B10F6CFBD38FB007D0B
+CT=65B6C303491459554CDDA630AAB36C12
+PT=A0B1694685785EFBDD6DB8E4FC312BC4
+
+I=231
+KEY=9431549183D690920FA62754A8CA6754F9FA95ED56B021FD
+IV=5CBDC9F06F45D2F5A6C39C955C5F599A
+CT=A0B1694685785EFBDD6DB8E4FC312BC4
+PT=C271A8F639D1A293F4B8899428F618C2
+
+I=232
+KEY=0AA1211F2A2134DACDD78FA2911BC5C70D421C797E46393F
+IV=E52D7ACAF5DFAF799E90758EA9F7A448
+CT=C271A8F639D1A293F4B8899428F618C2
+PT=AB7968C2A1859D5AEBFAEB201910B672
+
+I=233
+KEY=88BFBDDC6D21FC0E66AEE760309E589DE6B8F75967568F4D
+IV=15AF9C49191BF995821E9CC34700C8D4
+CT=AB7968C2A1859D5AEBFAEB201910B672
+PT=59D394BB9C41BE21C050A9DF2DD94C2B
+
+I=234
+KEY=05AB922FA8B6F5FF3F7D73DBACDFE6BC26E85E864A8FC366
+IV=0FB568270892E7A98D142FF3C59709F1
+CT=59D394BB9C41BE21C050A9DF2DD94C2B
+PT=43F89BAE0DCCB0EAF30411E6239A753C
+
+I=235
+KEY=7A7ED7932DED53767C85E875A1135656D5EC4F606915B65A
+IV=48F1E1DAEE9C16CD7FD545BC855BA689
+CT=43F89BAE0DCCB0EAF30411E6239A753C
+PT=8196A2F49E2508443F86B294D71A5D5E
+
+I=236
+KEY=8955F595C21BF3AAFD134A813F365E12EA6AFDF4BE0FEB04
+IV=B3DEB1ED557CB477F32B2206EFF6A0DC
+CT=8196A2F49E2508443F86B294D71A5D5E
+PT=5ED45F8741E7FC5C77CAACA9D3DFA26D
+
+I=237
+KEY=09205C9C2A528A5BA3C715067ED1A24E9DA0515D6DD04969
+IV=3742941BC0992AAC8075A909E84979F1
+CT=5ED45F8741E7FC5C77CAACA9D3DFA26D
+PT=F60C9F9616A03B40655CB733EE1C3B68
+
+I=238
+KEY=46DAA0A9A034745355CB8A906871990EF8FCE66E83CC7201
+IV=A3E1EA7D9E5BA6CE4FFAFC358A66FE08
+CT=F60C9F9616A03B40655CB733EE1C3B68
+PT=E73F7E14A3A245B1E594F659D996ED06
+
+I=239
+KEY=DA145A69C9D459E1B2F4F484CBD3DCBF1D6810375A5A9F07
+IV=F5D4EB0EAB3486D29CCEFAC069E02DB2
+CT=E73F7E14A3A245B1E594F659D996ED06
+PT=52651C2039168170765B235D85BF6CEC
+
+I=240
+KEY=61CD045E05969B9FE091E8A4F2C55DCF6B33336ADFE5F3EB
+IV=F7162437A85A186ABBD95E37CC42C27E
+CT=52651C2039168170765B235D85BF6CEC
+PT=665C920C4BB95B5C716D60AE9C30DB1B
+
+I=241
+KEY=BDF9F289D095660D86CD7AA8B97C06931A5E53C443D528F0
+IV=ADD7416105DB0CF0DC34F6D7D503FD92
+CT=665C920C4BB95B5C716D60AE9C30DB1B
+PT=F6E1D36CF7D41F70885587A85B897EA2
+
+I=242
+KEY=4CBAF7692571D8C5702CA9C44EA819E3920BD46C185C5652
+IV=9FBF3815905FCD9FF14305E0F5E4BEC8
+CT=F6E1D36CF7D41F70885587A85B897EA2
+PT=137DB7F20F98671E37F55E401D0482E2
+
+I=243
+KEY=CEBF572BB09CC72963511E3641307EFDA5FE8A2C0558D4B0
+IV=0C3951BDCA9582CA8205A04295ED1FEC
+CT=137DB7F20F98671E37F55E401D0482E2
+PT=72125C79A48573158496EFCC5CA552D4
+
+I=244
+KEY=0D8978CF8179CBBF1143424FE5B50DE8216865E059FD8664
+IV=898422AB0DB951B1C3362FE431E50C96
+CT=72125C79A48573158496EFCC5CA552D4
+PT=6B12016832DE435A963FFFA857824CF7
+
+I=245
+KEY=180D2DA794FEAF777A514327D76B4EB2B7579A480E7FCA93
+IV=0B47A508EAD8008015845568158764C8
+CT=6B12016832DE435A963FFFA857824CF7
+PT=18693A241FB5687CF3A793B9B7EE4B15
+
+I=246
+KEY=3D6C36453DCA611462387903C8DE26CE44F009F1B9918186
+IV=857CC19C3E72C1AD25611BE2A934CE63
+CT=18693A241FB5687CF3A793B9B7EE4B15
+PT=4E04BD363AFC26BDDD3D98892A7C705A
+
+I=247
+KEY=8B626E8D8E075BCE2C3CC435F222007399CD917893EDF1DC
+IV=6E4FCD034F6E2AF5B60E58C8B3CD3ADA
+CT=4E04BD363AFC26BDDD3D98892A7C705A
+PT=06FB2C371C3F54518AA0A2766CE1CCF3
+
+I=248
+KEY=A5ECEB5BAE22C2E72AC7E802EE1D5422136D330EFF0C3D2F
+IV=4A23E1EFBB43855E2E8E85D620259929
+CT=06FB2C371C3F54518AA0A2766CE1CCF3
+PT=D7DE2C298EB1EF273A6386986BDEC555
+
+I=249
+KEY=B25537EEFD5BDA7AFD19C42B60ACBB05290EB59694D2F87A
+IV=9034BBDBF74A369E17B9DCB55379189D
+CT=D7DE2C298EB1EF273A6386986BDEC555
+PT=0F4A1CEA83DA845DEC063ADFF173F424
+
+I=250
+KEY=39FEF1C45697DABCF253D8C1E3763F58C5088F4965A10C5E
+IV=2B5EF64E50A2CF5F8BABC62AABCC00C6
+CT=0F4A1CEA83DA845DEC063ADFF173F424
+PT=CE27F8AF55009D3658D166B960CA12D6
+
+I=251
+KEY=5657BBA1106032F13C74206EB676A26E9DD9E9F0056B1E88
+IV=CE96953F749BBFD66FA94A6546F7E84D
+CT=CE27F8AF55009D3658D166B960CA12D6
+PT=BF1458E052637EFC0EEF352621606029
+
+I=252
+KEY=A1BC53DEFD62921A8360788EE415DC929336DCD6240B7EA1
+IV=B944FC42142E4940F7EBE87FED02A0EB
+CT=BF1458E052637EFC0EEF352621606029
+PT=E4D96706DB5B0DA8FA429BB65BFBE4D8
+
+I=253
+KEY=DAC8C0328BA4104167B91F883F4ED13A697447607FF09A79
+IV=A8D8E3A3BB687ECC7B7493EC76C6825B
+CT=E4D96706DB5B0DA8FA429BB65BFBE4D8
+PT=1B11FF1367FE94F7759D1BEC40B8FDCC
+
+I=254
+KEY=03AE3AA5E62CA4927CA8E09B58B045CD1CE95C8C3F4867B5
+IV=35D7DB1466E14E3ED966FA976D88B4D3
+CT=1B11FF1367FE94F7759D1BEC40B8FDCC
+PT=0989D688C947C616AC13B63892E35E74
+
+I=255
+KEY=EAD5A60BB601C1147521361391F783DBB0FAEAB4ADAB39C1
+IV=59BA56CC11EFA9A2E97B9CAE502D6586
+CT=0989D688C947C616AC13B63892E35E74
+PT=978C150575871FB2C8847AA0CB092108
+
+I=256
+KEY=C608EE8A971A0383E2AD2316E4709C69787E901466A218C9
+IV=253A79448D79B0B72CDD4881211BC297
+CT=978C150575871FB2C8847AA0CB092108
+PT=D08629CCCF6B869B10768DE9E2984B2E
+
+I=257
+KEY=D8EB4FC4230D3E39322B0ADA2B1B1AF268081DFD843A53E7
+IV=E9A7FDB26A37B6601EE3A14EB4173DBA
+CT=D08629CCCF6B869B10768DE9E2984B2E
+PT=E320AECF3803401AB95E09EB50A6EDA5
+
+I=258
+KEY=E3F18E12233B5A30D10BA41513185AE8D1561416D49CBE42
+IV=4C6B62E3E6658BE73B1AC1D600366409
+CT=E320AECF3803401AB95E09EB50A6EDA5
+PT=D29E97683C9989C75D5D73EAADC23EE2
+
+I=259
+KEY=7D9DEAA58D97A2FC0395337D2F81D32F8C0B67FC795E80A0
+IV=414A2961119CE4D79E6C64B7AEACF8CC
+CT=D29E97683C9989C75D5D73EAADC23EE2
+PT=8D859D878DF32FDD26AF4984D48A1BD2
+
+I=260
+KEY=E4A19E3554E8D73B8E10AEFAA272FCF2AAA42E78ADD49B72
+IV=9DF8066FCF854065993C7490D97F75C7
+CT=8D859D878DF32FDD26AF4984D48A1BD2
+PT=7B524B71439722F0555D4681F7EEAAC9
+
+I=261
+KEY=0C93CDDA4435E903F542E58BE1E5DE02FFF968F95A3A31BB
+IV=9529BF1B1ACEEDA5E83253EF10DD3E38
+CT=7B524B71439722F0555D4681F7EEAAC9
+PT=8C8ECC9829F06F73497EA90D48CD7FC5
+
+I=262
+KEY=637747C6EF7B72B579CC2913C815B171B687C1F412F74E7E
+IV=ADC9666D259469516FE48A1CAB4E9BB6
+CT=8C8ECC9829F06F73497EA90D48CD7FC5
+PT=6E416C2563212821F0D8E7D75297B11F
+
+I=263
+KEY=7E4BB22E1A7C4E25178D4536AB349950465F26234060FF61
+IV=C3BE9A54FDDA99731D3CF5E8F5073C90
+CT=6E416C2563212821F0D8E7D75297B11F
+PT=EFC73DFA5FB87EA16284E25D22360C2F
+
+I=264
+KEY=62B7D329DC5EA208F84A78CCF48CE7F124DBC47E6256F34E
+IV=E2145312DF24CBDB1CFC6107C622EC2D
+CT=EFC73DFA5FB87EA16284E25D22360C2F
+PT=1191FC5E2EFA9F19004C7D00E1F4D8B1
+
+I=265
+KEY=039B0E1DE399831EE9DB8492DA7678E82497B97E83A22BFF
+IV=0931D0D100EEB87D612CDD343FC72116
+CT=1191FC5E2EFA9F19004C7D00E1F4D8B1
+PT=717B1B902086B97296B7E97BC01C259E
+
+I=266
+KEY=CB02B3C8CA4A0C9498A09F02FAF0C19AB220500543BE0E61
+IV=65D0C1DFC85C7FB9C899BDD529D38F8A
+CT=717B1B902086B97296B7E97BC01C259E
+PT=569097DA8C43871CC5A55AC150ABCD31
+
+I=267
+KEY=5FFAEE959D35C247CE3008D876B3468677850AC41315C350
+IV=7A4A448600ACA08994F85D5D577FCED3
+CT=569097DA8C43871CC5A55AC150ABCD31
+PT=4046F3DF53DFC1B56400501F08200FE0
+
+I=268
+KEY=0CA33FAAA4B25FEB8E76FB07256C873313855ADB1B35CCB0
+IV=C83E2121AA25A5295359D13F39879DAC
+CT=4046F3DF53DFC1B56400501F08200FE0
+PT=87C5362AAF3F31B05C92189E38FD9C66
+
+I=269
+KEY=5B782B675EE9A8A509B3CD2D8A53B6834F17424523C850D6
+IV=567E0CD5EAFC699457DB14CDFA5BF74E
+CT=87C5362AAF3F31B05C92189E38FD9C66
+PT=03A5CD79734810F4D9559FDC97A4B1A1
+
+I=270
+KEY=B069B5DCAADA727F0A160054F91BA6779642DD99B46CE177
+IV=5397ED8A6DF7641EEB119EBBF433DADA
+CT=03A5CD79734810F4D9559FDC97A4B1A1
+PT=1B1ECDDFD726C66594DF7B050F6758FF
+
+I=271
+KEY=52477DE5EFBAE2621108CD8B2E3D6012029DA69CBB0BB988
+IV=52151355DA4369C8E22EC8394560901D
+CT=1B1ECDDFD726C66594DF7B050F6758FF
+PT=26E9A7A560DD36D9767A51DA06301BBD
+
+I=272
+KEY=6E59FF11BED37F8837E16A2E4EE056CB74E7F746BD3BA235
+IV=FB1A5F8FA1C3D1F43C1E82F451699DEA
+CT=26E9A7A560DD36D9767A51DA06301BBD
+PT=C2FAB5CDDB329F2EA1E1459251A3CB1B
+
+I=273
+KEY=504DE2EC58CE17BBF51BDFE395D2C9E5D506B2D4EC98692E
+IV=6BCD90C4D648AB783E141DFDE61D6833
+CT=C2FAB5CDDB329F2EA1E1459251A3CB1B
+PT=4293D0A26E81DBE9FED6113B1954D59F
+
+I=274
+KEY=CC6C6C4150E763AAB7880F41FB53120C2BD0A3EFF5CCBCB1
+IV=0F61DAA62B7E95A79C218EAD08297411
+CT=4293D0A26E81DBE9FED6113B1954D59F
+PT=5DC81F054088DB9B3D1F8AD4BACC2039
+
+I=275
+KEY=BD3B4967A596578FEA401044BBDBC99716CF293B4F009C88
+IV=0C6435697122955071572526F5713425
+CT=5DC81F054088DB9B3D1F8AD4BACC2039
+PT=B6FB950586C671E968FFC709B79E8AF8
+
+I=276
+KEY=9A08B753E07CD6535CBB85413D1DB87E7E30EE32F89E1670
+IV=377A670B7487B3EB2733FE3445EA81DC
+CT=B6FB950586C671E968FFC709B79E8AF8
+PT=ED69B1E52F5F095EFF0AC73A76039B65
+
+I=277
+KEY=E5FAA83242346B4EB1D234A41242B120813A29088E9D8D15
+IV=DBEEED8784AD80B57FF21F61A248BD1D
+CT=ED69B1E52F5F095EFF0AC73A76039B65
+PT=FBC0C9A6FBC2CCD02BF5A009B43FE903
+
+I=278
+KEY=44770F6B1653E2754A12FD02E9807DF0AACF89013AA26416
+IV=7D9B061A6209E0FAA18DA7595467893B
+CT=FBC0C9A6FBC2CCD02BF5A009B43FE903
+PT=ADBE2B6C2C979C90E019991C5E81F69E
+
+I=279
+KEY=89A3B49BBE885D34E7ACD66EC517E1604AD6101D64239288
+IV=5495C29E4DDA4E26CDD4BBF0A8DBBF41
+CT=ADBE2B6C2C979C90E019991C5E81F69E
+PT=E382D6611C0B2591BE9B7B6BC66D479D
+
+I=280
+KEY=457D838277C2797B042E000FD91CC4F1F44D6B76A24ED515
+IV=0303BB8A65CCE419CCDE3719C94A244F
+CT=E382D6611C0B2591BE9B7B6BC66D479D
+PT=7A39D5BFC7ADB6B7539A1AA45A31A7E5
+
+I=281
+KEY=814AD70FBAF9D8AA7E17D5B01EB17246A7D771D2F87F72F0
+IV=550BD125E57ADE94C437548DCD3BA1D1
+CT=7A39D5BFC7ADB6B7539A1AA45A31A7E5
+PT=3CB8FF426FF48FA93EFAEDC559833C86
+
+I=282
+KEY=89599F584B46337342AF2AF27145FDEF992D9C17A1FC4E76
+IV=45800DE7659A8FD008134857F1BFEBD9
+CT=3CB8FF426FF48FA93EFAEDC559833C86
+PT=2F5C7660310DE65B1C5254E2176A15CA
+
+I=283
+KEY=8EF84BDE14C7412B6DF35C9240481BB4857FC8F5B6965BBC
+IV=5142FFEADEC300C107A1D4865F817258
+CT=2F5C7660310DE65B1C5254E2176A15CA
+PT=7A3056742CF8CFDE9CBEAE32607E8DE3
+
+I=284
+KEY=F076085EE3EA165617C30AE66CB0D46A19C166C7D6E8D65F
+IV=02FBB83EDCB092957E8E4380F72D577D
+CT=7A3056742CF8CFDE9CBEAE32607E8DE3
+PT=B2B7B7551B2A1D59601003C6EDD70A78
+
+I=285
+KEY=7D74D286D9CEC1C3A574BDB3779AC93379D165013B3FDC27
+IV=890E42EAA4C59B078D02DAD83A24D795
+CT=B2B7B7551B2A1D59601003C6EDD70A78
+PT=8B617CCD9B1289F485167DC13126795C
+
+I=286
+KEY=8BA3AA3C04001B9D2E15C17EEC8840C7FCC718C00A19A57B
+IV=F96182D81751ECCAF6D778BADDCEDA5E
+CT=8B617CCD9B1289F485167DC13126795C
+PT=D4800EE4A5E29A18C655AD5CE23063F9
+
+I=287
+KEY=E51B3BF1DF7B0D54FA95CF9A496ADADF3A92B59CE829C682
+IV=46297563D303DF226EB891CDDB7B16C9
+CT=D4800EE4A5E29A18C655AD5CE23063F9
+PT=4A6008072DCEB7602BF120F0984FF1D6
+
+I=288
+KEY=82091A039C558D36B0F5C79D64A46DBF1163956C70663754
+IV=28E82D15BAC860EA671221F2432E8062
+CT=4A6008072DCEB7602BF120F0984FF1D6
+PT=B05CD61BC646851726441B147FBB1AD3
+
+I=289
+KEY=C503B4B113DE349700A91186A2E2E8A837278E780FDD2D87
+IV=342F9FDEEEBE130A470AAEB28F8BB9A1
+CT=B05CD61BC646851726441B147FBB1AD3
+PT=33E1834199EE6CD5C6F950D4823B2337
+
+I=290
+KEY=4B06065B748AFB69334892C73B0C847DF1DEDEAC8DE60EB0
+IV=02928C43C0FF24968E05B2EA6754CFFE
+CT=33E1834199EE6CD5C6F950D4823B2337
+PT=BA0BD1FFA54258361D3A8BD9F3C689E4
+
+I=291
+KEY=AD0B10216B5D496B894343389E4EDC4BECE455757E208754
+IV=50DC56062E88C9CAE60D167A1FD7B202
+CT=BA0BD1FFA54258361D3A8BD9F3C689E4
+PT=4911046D8F1D2BCF54F22B5A83AF5AE1
+
+I=292
+KEY=AF6CC229A2618121C05247551153F784B8167E2FFD8FDDB5
+IV=A7CC6A2B280A9DE80267D208C93CC84A
+CT=4911046D8F1D2BCF54F22B5A83AF5AE1
+PT=254CA1983D7B794911B455E857CE902B
+
+I=293
+KEY=66413E8C7D11836FE51EE6CD2C288ECDA9A22BC7AA414D9E
+IV=D01066ADC643A032C92DFCA5DF70024E
+CT=254CA1983D7B794911B455E857CE902B
+PT=B0A100E60D0404D123D10AE78E9CFFCB
+
+I=294
+KEY=D13AF271F9C3337455BFE62B212C8A1C8A73212024DDB255
+IV=20D00A218F07ECEDB77BCCFD84D2B01B
+CT=B0A100E60D0404D123D10AE78E9CFFCB
+PT=D4CD0CC7D2EBAB050108E94365D34FAA
+
+I=295
+KEY=8B3C7094C3AD8B018172EAECF3C721198B7BC863410EFDFF
+IV=EC5F46869A00FFC25A0682E53A6EB875
+CT=D4CD0CC7D2EBAB050108E94365D34FAA
+PT=DF913CC34675469401CCA41DB50BFBA4
+
+I=296
+KEY=7DCF9D4559C3EA3A5EE3D62FB5B2678D8AB76C7EF405065B
+IV=8718728B7105A417F6F3EDD19A6E613B
+CT=DF913CC34675469401CCA41DB50BFBA4
+PT=5B09F0AF91EA41851A232543E97A6ED4
+
+I=297
+KEY=C3E6C2A9975117B605EA2680245826089094493D1D7F688F
+IV=21D001128A401EBFBE295FECCE92FD8C
+CT=5B09F0AF91EA41851A232543E97A6ED4
+PT=8544DFD1E46D14FF1B0E9CF43A7E9EB6
+
+I=298
+KEY=54C6D7971066FDD380AEF951C03532F78B9AD5C92701F639
+IV=F861E1C66C3F21779720153E8737EA65
+CT=8544DFD1E46D14FF1B0E9CF43A7E9EB6
+PT=586696A67E355CCDC41AD16D87786773
+
+I=299
+KEY=B47A128050D1FC84D8C86FF7BE006E3A4F8004A4A079914A
+IV=55A87D49D3640887E0BCC51740B70157
+CT=586696A67E355CCDC41AD16D87786773
+PT=6C7FF8D2F033B33C729C556E0731ACFF
+
+I=300
+KEY=C66EA18D75351D93B4B797254E33DD063D1C51CAA7483DB5
+IV=7224A11A5D122A607214B30D25E4E117
+CT=6C7FF8D2F033B33C729C556E0731ACFF
+PT=BC031D9B497C64B15EE143CF4D2130B1
+
+I=301
+KEY=00432A82295B2C6708B48ABE074FB9B763FD1205EA690D04
+IV=61D8239BE618CC39C62D8B0F5C6E31F4
+CT=BC031D9B497C64B15EE143CF4D2130B1
+PT=325D14CCDE09311A8069C5522FD050FD
+
+I=302
+KEY=E03B01935511FA7E3AE99E72D94688ADE394D757C5B95DF9
+IV=339B83266B282A96E0782B117C4AD619
+CT=325D14CCDE09311A8069C5522FD050FD
+PT=FA25D0913004A26A3232F743ACC7677E
+
+I=303
+KEY=47F79639F27D47E9C0CC4EE3E9422AC7D1A62014697E3A87
+IV=C5F60E2EC86A0971A7CC97AAA76CBD97
+CT=FA25D0913004A26A3232F743ACC7677E
+PT=61AA67B567F1CE94326B4711F8115727
+
+I=304
+KEY=EE86C028A3B01E7EA16629568EB3E453E3CD6705916F6DA0
+IV=4037462A5B08A27FA971561151CD5997
+CT=61AA67B567F1CE94326B4711F8115727
+PT=35D0FD8AFF6CBDF34065CED4796D9D27
+
+I=305
+KEY=EE88DBE9CCC930CB94B6D4DC71DF59A0A3A8A9D1E802F087
+IV=20CB619D26A05953000E1BC16F792EB5
+CT=35D0FD8AFF6CBDF34065CED4796D9D27
+PT=DD69B839EAE7D0DF79F5D06140D54325
+
+I=306
+KEY=C77ADB703861D01649DF6CE59B38897FDA5D79B0A8D7B3A2
+IV=16CFCF6A4F3272EA29F20099F4A8E0DD
+CT=DD69B839EAE7D0DF79F5D06140D54325
+PT=CA93E79E612893AA0D979ABDF5CA788A
+
+I=307
+KEY=3F486F048B5D9716834C8B7BFA101AD5D7CAE30D5D1DCB28
+IV=58332C3A8F187A96F832B474B33C4700
+CT=CA93E79E612893AA0D979ABDF5CA788A
+PT=39974A1C62DF12F62EC9F75704B0EFA8
+
+I=308
+KEY=B9022C8EA2C6FEF4BADBC16798CF0823F903145A59AD2480
+IV=3C09D97EFC480CD6864A438A299B69E2
+CT=39974A1C62DF12F62EC9F75704B0EFA8
+PT=B840EFC34BCD941BF551E437D633BB3A
+
+I=309
+KEY=D22317E3BB60B9FA029B2EA4D3029C380C52F06D8F9E9FBA
+IV=C755A4CF1FAD90046B213B6D19A6470E
+CT=B840EFC34BCD941BF551E437D633BB3A
+PT=979F6217FD73CAB73A1DE1FACF68542C
+
+I=310
+KEY=E196EBBFCDA64F7095044CB32E71568F364F119740F6CB96
+IV=D342A7B4EF6CB49F33B5FC5C76C6F68A
+CT=979F6217FD73CAB73A1DE1FACF68542C
+PT=A290A25CFBCB1BEE137AFB860BB2CF29
+
+I=311
+KEY=B756B878A99088B83794EEEFD5BA4D612535EA114B4404BF
+IV=D92C9835E799541056C053C76436C7C8
+CT=A290A25CFBCB1BEE137AFB860BB2CF29
+PT=7E99249836CA5167C88BD3431C78C2E0
+
+I=312
+KEY=2515F524203B507E490DCA77E3701C06EDBE3952573CC65F
+IV=FD7219F6C131C4BD92434D5C89ABD8C6
+CT=7E99249836CA5167C88BD3431C78C2E0
+PT=5B7DAB9C2148A2B7ACCE4723D1D63B3F
+
+I=313
+KEY=28A33899811FE9B7127061EBC238BEB141707E7186EAFD60
+IV=F6B29A78141D8F8A0DB6CDBDA124B9C9
+CT=5B7DAB9C2148A2B7ACCE4723D1D63B3F
+PT=12BAE3836257C52B88ECEEAAE8DE3B80
+
+I=314
+KEY=85C6089FEF19163500CA8268A06F7B9AC99C90DB6E34C6E0
+IV=AE11E9BE14B4ECB1AD6530066E06FF82
+CT=12BAE3836257C52B88ECEEAAE8DE3B80
+PT=71C5D9F8747D428DE30736C4DD33E3E5
+
+I=315
+KEY=86665ED5DA56FE90710F5B90D41239172A9BA61FB3072505
+IV=2CBAA91201D1980B03A0564A354FE8A5
+CT=71C5D9F8747D428DE30736C4DD33E3E5
+PT=D824A3FB80554CCD519D730D25EED2AF
+
+I=316
+KEY=F6D0840D75423D5CA92BF86B544775DA7B06D51296E9F7AA
+IV=66AA086063C3768C70B6DAD8AF14C3CC
+CT=D824A3FB80554CCD519D730D25EED2AF
+PT=C974BCBE88ACA9D29312192BE52885BD
+
+I=317
+KEY=56F2FDAAB52A8691605F44D5DCEBDC08E814CC3973C17217
+IV=14D16CCEDE70F435A02279A7C068BBCD
+CT=C974BCBE88ACA9D29312192BE52885BD
+PT=23B74C4B5E661FA157F571F4C13AA3AE
+
+I=318
+KEY=676109782F02525643E8089E828DC3A9BFE1BDCDB2FBD1B9
+IV=46BB517768227D1D3193F4D29A28D4C7
+CT=23B74C4B5E661FA157F571F4C13AA3AE
+PT=BDF2A1A79D553C85F5867B2BD5259A82
+
+I=319
+KEY=D21B20B085B317EDFE1AA9391FD8FF2C4A67C6E667DE4B3B
+IV=054B26F10A7F2D69B57A29C8AAB145BB
+CT=BDF2A1A79D553C85F5867B2BD5259A82
+PT=1E02970BE31FEE63C9BCCC79FB41F670
+
+I=320
+KEY=3CF3F93D44647FB7E0183E32FCC7114F83DB0A9F9C9FBD4B
+IV=C44342FC579F9083EEE8D98DC1D7685A
+CT=1E02970BE31FEE63C9BCCC79FB41F670
+PT=70F71372F64174D7C8757F043812439F
+
+I=321
+KEY=2C83CB76D99E054E90EF2D400A8665984BAE759BA48DFED4
+IV=884B46D9FBE7D99C1070324B9DFA7AF9
+CT=70F71372F64174D7C8757F043812439F
+PT=46B20E91579B5CC0ADE9327478DF25FA
+
+I=322
+KEY=0ADEA18FAA36E94BD65D23D15D1D3958E64747EFDC52DB2E
+IV=F256BC3206E11E9C265D6AF973A8EC05
+CT=46B20E91579B5CC0ADE9327478DF25FA
+PT=51FE245369F67740615E159E28C2D56C
+
+I=323
+KEY=E0C00F8BFD4ADCD087A3078234EB4E1887195271F4900E42
+IV=836F6756B9EC572DEA1EAE04577C359B
+CT=51FE245369F67740615E159E28C2D56C
+PT=58A1B407358C1F9783A05C0A43D5B4FB
+
+I=324
+KEY=EEA0B17E70A6FC53DF02B3850167518F04B90E7BB745BAB9
+IV=0E584BF6D72F08310E60BEF58DEC2083
+CT=58A1B407358C1F9783A05C0A43D5B4FB
+PT=6212DD8752996CC4D747790D5F2BC7E7
+
+I=325
+KEY=B6E49EEA07D03112BD106E0253FE3D4BD3FE7776E86E7D5E
+IV=2BA760FB0CC14D1858442F947776CD41
+CT=6212DD8752996CC4D747790D5F2BC7E7
+PT=DB16C25BDE0B95F4EC7B34FA2096E6A6
+
+I=326
+KEY=F64DCEBA5E71D73E6606AC598DF5A8BF3F85438CC8F89BF8
+IV=674AA4866EE9988E40A9505059A1E62C
+CT=DB16C25BDE0B95F4EC7B34FA2096E6A6
+PT=BB98BBB3289F3B5A96C5D3DA92F8CD0F
+
+I=327
+KEY=23CBCCA3D63DABB8DD9E17EAA56A93E5A94090565A0056F7
+IV=E3D676539CBD9676D5860219884C7C86
+CT=BB98BBB3289F3B5A96C5D3DA92F8CD0F
+PT=324C1661B1E289EA3DAC27AF14E026C5
+
+I=328
+KEY=D6F7C4A098C4E809EFD2018B14881A0F94ECB7F94EE07032
+IV=E7FB3F340E160FB5F53C08034EF943B1
+CT=324C1661B1E289EA3DAC27AF14E026C5
+PT=6EDA104789445C38F66EC2562F95FBDB
+
+I=329
+KEY=4B795FAB98879223810811CC9DCC4637628275AF61758BE9
+IV=C5E830814D72E9449D8E9B0B00437A2A
+CT=6EDA104789445C38F66EC2562F95FBDB
+PT=C834C54858181891C7D654A7502C0B60
+
+I=330
+KEY=AA317465E376BAF2493CD484C5D45EA6A554210831598089
+IV=2388FCCDB47CB5DBE1482BCE7BF128D1
+CT=C834C54858181891C7D654A7502C0B60
+PT=9C5F5599557D176050BBAC4258B87F66
+
+I=331
+KEY=B601C39C0E5F02DED563811D90A949C6F5EF8D4A69E1FFEF
+IV=10C2528D377387311C30B7F9ED29B82C
+CT=9C5F5599557D176050BBAC4258B87F66
+PT=ED5F51A6AFA843D467E21F6C68992273
+
+I=332
+KEY=44A1FE3F8349D500383CD0BB3F010A12920D92260178DD9C
+IV=9E73D9FB1D2471E8F2A03DA38D16D7DE
+CT=ED5F51A6AFA843D467E21F6C68992273
+PT=D7A5F18382F892264008F75707254D95
+
+I=333
+KEY=568F031D75B9B48FEF992138BDF99834D2056571065D9009
+IV=DEC9B60FA5A91887122EFD22F6F0618F
+CT=D7A5F18382F892264008F75707254D95
+PT=D13A34D9F57884ECEE2FA1A412584BE4
+
+I=334
+KEY=72CFCCE9FE5EB48A3EA315E148811CD83C2AC4D51405DBED
+IV=75C70261D0C49D692440CFF48BE70005
+CT=D13A34D9F57884ECEE2FA1A412584BE4
+PT=064D550098F0813D145A2AA296064CCF
+
+I=335
+KEY=58448186BD1ED1FC38EE40E1D0719DE52870EE7782039722
+IV=754A1B79A75BD3B32A8B4D6F43406576
+CT=064D550098F0813D145A2AA296064CCF
+PT=D7CD7D2B23E42F7A9808D48C28982743
+
+I=336
+KEY=6FF7BCC770079D57EF233DCAF395B29FB0783AFBAA9BB061
+IV=25EE1F4D8F257C6437B33D41CD194CAB
+CT=D7CD7D2B23E42F7A9808D48C28982743
+PT=6F55D4C7A13F08A1D936C5F0177040CA
+
+I=337
+KEY=7ECBB104AA3505E58076E90D52AABA3E694EFF0BBDEBF0AB
+IV=E21F1527B69B89C8113C0DC3DA3298B2
+CT=6F55D4C7A13F08A1D936C5F0177040CA
+PT=7F061908571CDDBC1F8F82A31A3AF1F9
+
+I=338
+KEY=135D99B5F2482FFAFF70F00505B6678276C17DA8A7D10152
+IV=5DA54CDB26A0DC2D6D9628B1587D2A1F
+CT=7F061908571CDDBC1F8F82A31A3AF1F9
+PT=30AB085953DE3E8027DE0C8A185A7D02
+
+I=339
+KEY=3C76458A987B66F0CFDBF85C56685902511F7122BF8B7C50
+IV=E0614E072D2563DD2F2BDC3F6A33490A
+CT=30AB085953DE3E8027DE0C8A185A7D02
+PT=92C915E98AEBF6265C43A66AC5B40787
+
+I=340
+KEY=EBD41B4484EA67A05D12EDB5DC83AF240D5CD7487A3F7BD7
+IV=6EA27DF02FA0A9A9D7A25ECE1C910150
+CT=92C915E98AEBF6265C43A66AC5B40787
+PT=E9AC0996F97FFBA0F7C860A089CDF99F
+
+I=341
+KEY=85B6BBBC8E2243D3B4BEE42325FC5484FA94B7E8F3F28248
+IV=46D915F802932C936E62A0F80AC82473
+CT=E9AC0996F97FFBA0F7C860A089CDF99F
+PT=BA1D082EDB28E255CB37AFEDB497D43A
+
+I=342
+KEY=BDA8736E56DDB34F0EA3EC0DFED4B6D131A3180547655672
+IV=0A7B9BCBE89E4CDE381EC8D2D8FFF09C
+CT=BA1D082EDB28E255CB37AFEDB497D43A
+PT=63298FE15A14C4A4E582C57772A0581E
+
+I=343
+KEY=9B5DC0C3B097B7CE6D8A63ECA4C07275D421DD7235C50E6C
+IV=81F4666446CB470526F5B3ADE64A0481
+CT=63298FE15A14C4A4E582C57772A0581E
+PT=AE79390C6789DFCF7110BA93281E9895
+
+I=344
+KEY=E64DDC6A55048E35C3F35AE0C349ADBAA53167E11DDB96F9
+IV=DB4439803A1ACA807D101CA9E59339FB
+CT=AE79390C6789DFCF7110BA93281E9895
+PT=2C9DF2ED511595756E5CF6D33442D3A3
+
+I=345
+KEY=9C75AC9CBA0918CDEF6EA80D925C38CFCB6D91322999455A
+IV=B73DBACA0C10AD0A7A3870F6EF0D96F8
+CT=2C9DF2ED511595756E5CF6D33442D3A3
+PT=90FDAEAEDC379128B73515CB2AAC9B7A
+
+I=346
+KEY=A045744F6BB9205F7F9306A34E6BA9E77C5884F90335DE20
+IV=356BBCDD4EBDA8F93C30D8D3D1B03892
+CT=90FDAEAEDC379128B73515CB2AAC9B7A
+PT=E66EA385E1F20791090CA24ADB250AFC
+
+I=347
+KEY=48E94FAC40CFC94B99FDA526AF99AE76755426B3D810D4DC
+IV=ABAF17EBE3658829E8AC3BE32B76E914
+CT=E66EA385E1F20791090CA24ADB250AFC
+PT=A17C6802F4322D97C6966B523B54CF88
+
+I=348
+KEY=3FC9CD7847FF49D73881CD245BAB83E1B3C24DE1E3441B54
+IV=7D25F4EE8B874E2D772082D40730809C
+CT=A17C6802F4322D97C6966B523B54CF88
+PT=CBEC825D143BF30C58B608B58ABFB618
+
+I=349
+KEY=D4464B5CD3CFAD06F36D4F794F9070EDEB74455469FBAD4C
+IV=93D0E88641960F8EEB8F86249430E4D1
+CT=CBEC825D143BF30C58B608B58ABFB618
+PT=D7A8E224DAA4DB7629790D3D4D5A8560
+
+I=350
+KEY=73DD2DA38114D0BD24C5AD5D9534AB9BC20D486924A1282C
+IV=3E6B8F8084BAA391A79B66FF52DB7DBB
+CT=D7A8E224DAA4DB7629790D3D4D5A8560
+PT=EB7EAD5CF27BA091DEF8D7839EFD7C90
+
+I=351
+KEY=CDA609EB23BB90EBCFBB0001674F0B0A1CF59FEABA5C54BC
+IV=8EEE61573B01F1E4BE7B2448A2AF4056
+CT=EB7EAD5CF27BA091DEF8D7839EFD7C90
+PT=2EFA41B666ECBBB1D699C1FB8CA9E175
+
+I=352
+KEY=768FCC098B8F48FFE14141B701A3B0BBCA6C5E1136F5B5C9
+IV=60BC671273707E17BB29C5E2A834D814
+CT=2EFA41B666ECBBB1D699C1FB8CA9E175
+PT=44D7245914CF3BF73831D4225BD32FDD
+
+I=353
+KEY=91F2FFA6BB520FD1A59665EE156C8B4CF25D8A336D269A14
+IV=21187FBCFC5E01BEE77D33AF30DD472E
+CT=44D7245914CF3BF73831D4225BD32FDD
+PT=E9FA049C77C326A4F03D2C9E740DE4A1
+
+I=354
+KEY=2FC9C39B5DBC560E4C6C617262AFADE80260A6AD192B7EB5
+IV=72912E59A0095846BE3B3C3DE6EE59DF
+CT=E9FA049C77C326A4F03D2C9E740DE4A1
+PT=9A62281465C72FDAA73E00E343A99BC3
+
+I=355
+KEY=F401ED3768BC72D4D60E496607688232A55EA64E5A82E576
+IV=88022668FE843060DBC82EAC350024DA
+CT=9A62281465C72FDAA73E00E343A99BC3
+PT=FAD9ADA4B98A4141A2857F93F6F71DEB
+
+I=356
+KEY=1AD741BDF8A18D8E2CD7E4C2BEE2C37307DBD9DDAC75F89D
+IV=F98FECC470C84631EED6AC8A901DFF5A
+CT=FAD9ADA4B98A4141A2857F93F6F71DEB
+PT=630453171FEE434834490229830E1C1A
+
+I=357
+KEY=24F7B99681335EAD4FD3B7D5A10C803B3392DBF42F7BE487
+IV=5D69B4D81847DABD3E20F82B7992D323
+CT=630453171FEE434834490229830E1C1A
+PT=DE613189001598BA6AE67F259F9FD349
+
+I=358
+KEY=60E401E96083FF2291B2865CA11918815974A4D1B0E437CE
+IV=AADE84AD4127FCDA4413B87FE1B0A18F
+CT=DE613189001598BA6AE67F259F9FD349
+PT=CA18925634072DEC80F2F724A0F24235
+
+I=359
+KEY=66831E7F4FC51DB95BAA140A951E356DD98653F5101675FB
+IV=1C1E2F698C5DD62006671F962F46E29B
+CT=CA18925634072DEC80F2F724A0F24235
+PT=B289F06551C56B77F5CDF7B321E0E8E3
+
+I=360
+KEY=48FB1A5B41F634D5E923E46FC4DB5E1A2C4BA44631F69D18
+IV=6A872620ED13A14B2E7804240E33296C
+CT=B289F06551C56B77F5CDF7B321E0E8E3
+PT=13B1F93DD388A192D6FB836C90E0E022
+
+I=361
+KEY=F13FA6E33170F596FA921D521753FF88FAB0272AA1167D3A
+IV=40BF714207DA180BB9C4BCB87086C143
+CT=13B1F93DD388A192D6FB836C90E0E022
+PT=298B7B19A27EA1BE9574588A5885F64B
+
+I=362
+KEY=CE171639A4DDA77DD319664BB52D5E366FC47FA0F9938B71
+IV=8FB32729166E154F3F28B0DA95AD52EB
+CT=298B7B19A27EA1BE9574588A5885F64B
+PT=11FA000C73485654A8918360DF3C1F5E
+
+I=363
+KEY=9322B0E9AE4D6B20C2E36647C6650862C755FCC026AF942F
+IV=809DE75B169C56BE5D35A6D00A90CC5D
+CT=11FA000C73485654A8918360DF3C1F5E
+PT=05533E642958E2F6F29BB1848BE225CB
+
+I=364
+KEY=21B86D89874D627FC7B05823EF3DEA9435CE4D44AD4DB1E4
+IV=81CF24C876471695B29ADD602900095F
+CT=05533E642958E2F6F29BB1848BE225CB
+PT=613DB485B9565B4889887282A3C8CFB5
+
+I=365
+KEY=6E5AD95BDDA04D12A68DECA6566BB1DCBC463FC60E857E51
+IV=7E3AC16D28733BD84FE2B4D25AED2F6D
+CT=613DB485B9565B4889887282A3C8CFB5
+PT=0CDDDA3B3375430B601BA1CCBD567284
+
+I=366
+KEY=807937B80E55E814AA50369D651EF2D7DC5D9E0AB3D30CD5
+IV=C49324EE3A928684EE23EEE3D3F5A506
+CT=0CDDDA3B3375430B601BA1CCBD567284
+PT=C47A6E22A123AB6397F9C2AFFA6D45AB
+
+I=367
+KEY=20B3595EFE3D3DA76E2A58BFC43D59B44BA45CA549BE497E
+IV=B188E4D3A2AC3F42A0CA6EE6F068D5B3
+CT=C47A6E22A123AB6397F9C2AFFA6D45AB
+PT=71592AFCA1FEEE8AB6D6CEF22C14A21D
+
+I=368
+KEY=A97EAD081EDF66D11F73724365C3B73EFD72925765AAEB63
+IV=0DFF90FA3722469289CDF456E0E25B76
+CT=71592AFCA1FEEE8AB6D6CEF22C14A21D
+PT=F4E0C4BCF8B386CF1BD457BD1FB65646
+
+I=369
+KEY=DA90448D67D59E3CEB93B6FF9D7031F1E6A6C5EA7A1CBD25
+IV=154DB6488872217073EEE985790AF8ED
+CT=F4E0C4BCF8B386CF1BD457BD1FB65646
+PT=9ED1119909322C280FE92B7840792605
+
+I=370
+KEY=CF62D3016C8507F17542A76694421DD9E94FEE923A659B20
+IV=ED45F0A7D33FC08515F2978C0B5099CD
+CT=9ED1119909322C280FE92B7840792605
+PT=F812615F1BE701E74FCEEFC288303C7C
+
+I=371
+KEY=C2681849C663E45A8D50C6398FA51C3EA6810150B255A75C
+IV=19E09027253115100D0ACB48AAE6E3AB
+CT=F812615F1BE701E74FCEEFC288303C7C
+PT=25897C51C5FEDBFDC630BF8E9F3B2875
+
+I=372
+KEY=F47C452077541CEEA8D9BA684A5BC7C360B1BEDE2D6E8F29
+IV=2C2EE28C518163DF36145D69B137F8B4
+CT=25897C51C5FEDBFDC630BF8E9F3B2875
+PT=9929E5E9F0CA00D0E02022E2FCFAFC3F
+
+I=373
+KEY=F7BF8679C8D86E2C31F05F81BA91C71380919C3CD1947316
+IV=FCF0C5D85049463103C3C359BF8C72C2
+CT=9929E5E9F0CA00D0E02022E2FCFAFC3F
+PT=3B603A3FDAA669E7C965708C9789E329
+
+I=374
+KEY=9312EDA0B14017910A9065BE6037AEF449F4ECB0461D903F
+IV=364CDACF5762B18864AD6BD9799879BD
+CT=3B603A3FDAA669E7C965708C9789E329
+PT=AC33F7B1A778C36617668C98E20B318A
+
+I=375
+KEY=D5BC989407D78D82A6A3920FC74F6D925E926028A416A1B5
+IV=5FB00506C71711D046AE7534B6979A13
+CT=AC33F7B1A778C36617668C98E20B318A
+PT=B408AF5509EF45E0AEDF12570FAE3651
+
+I=376
+KEY=6BBB14591C12578112AB3D5ACEA02872F04D727FABB897E4
+IV=D41F58F192CF60D6BE078CCD1BC5DA03
+CT=B408AF5509EF45E0AEDF12570FAE3651
+PT=39EB055E027AC0DEA5992B7BA3753AB5
+
+I=377
+KEY=3F71566EA7D07EBF2B403804CCDAE8AC55D4590408CDAD51
+IV=7E495DEC2224696554CA4237BBC2293E
+CT=39EB055E027AC0DEA5992B7BA3753AB5
+PT=832B01D2AD4F0EE077244CF9B6ABE31C
+
+I=378
+KEY=0BDC563CE47527D1A86B39D66195E64C22F015FDBE664E4D
+IV=4FE13E98163C3F7734AD005243A5596E
+CT=832B01D2AD4F0EE077244CF9B6ABE31C
+PT=926EB7E17FA4262D1D390D83CDAC6FB2
+
+I=379
+KEY=07D4D606747858B63A058E371E31C0613FC9187E73CA21FF
+IV=12D459160DCFFEFE0C08803A900D7F67
+CT=926EB7E17FA4262D1D390D83CDAC6FB2
+PT=DBFBC3313F86C26BA54B9F69BA93C665
+
+I=380
+KEY=84BE014D4BFA8ACCE1FE4D0621B7020A9A828717C959E79A
+IV=179322B7D19F3A38836AD74B3F82D27A
+CT=DBFBC3313F86C26BA54B9F69BA93C665
+PT=39B00A1A655B298F56271B2BDBA6B16B
+
+I=381
+KEY=A921F537F5F324CAD84E471C44EC2B85CCA59C3C12FF56F1
+IV=D4B03D3AB6FF79D22D9FF47ABE09AE06
+CT=39B00A1A655B298F56271B2BDBA6B16B
+PT=7C5DABBF7C7951808DCD35DB2617B763
+
+I=382
+KEY=3BB6AACEEEC21A9FA413ECA338957A054168A9E734E8E192
+IV=5C92A3C4C3C8567792975FF91B313E55
+CT=7C5DABBF7C7951808DCD35DB2617B763
+PT=BD88FB3B815415503D4F9264AFEA7887
+
+I=383
+KEY=008F402C3524BCA8199B1798B9C16F557C273B839B029915
+IV=08360D06E31B3AA43B39EAE2DBE6A637
+CT=BD88FB3B815415503D4F9264AFEA7887
+PT=B2813AFBC477618F4C6A436C97AA26F2
+
+I=384
+KEY=8AB9F9FC4EE8B2D4AB1A2D637DB60EDA304D78EF0CA8BFE7
+IV=DCF7EF19F68916268A36B9D07BCC0E7C
+CT=B2813AFBC477618F4C6A436C97AA26F2
+PT=1E96D52E46B1D73EB00778B203946F28
+
+I=385
+KEY=CA9D4CE917399619B58CF84D3B07D9E4804A005D0F3CD0CF
+IV=63A112DB63DDECB54024B51559D124CD
+CT=1E96D52E46B1D73EB00778B203946F28
+PT=C03D770FE4B1733C5E59DD68F0060D5A
+
+I=386
+KEY=1D8268F833FC772575B18F42DFB6AAD8DE13DD35FF3ADD95
+IV=8B7AC769F85BA650D71F241124C5E13C
+CT=C03D770FE4B1733C5E59DD68F0060D5A
+PT=6495A8A3667DEDE2CAB58BA3B2F7034E
+
+I=387
+KEY=CCCEE884786AF28A112427E1B9CB473A14A656964DCDDEDB
+IV=280C5BD88E3B88ACD14C807C4B9685AF
+CT=6495A8A3667DEDE2CAB58BA3B2F7034E
+PT=4CC3C2AC85EBD619E708988C9FEC60C6
+
+I=388
+KEY=8B85284B2B06874D5DE7E54D3C209123F3AECE1AD221BE1D
+IV=62E112946391FEFB474BC0CF536C75C7
+CT=4CC3C2AC85EBD619E708988C9FEC60C6
+PT=1522371FD5D53919F52CD97258CEBDA7
+
+I=389
+KEY=B2EBBE81CF234A7E48C5D252E9F5A83A068217688AEF03BA
+IV=8A936BAE971C0C9F396E96CAE425CD33
+CT=1522371FD5D53919F52CD97258CEBDA7
+PT=4AA882DCB39AA79E8439E9ECE9F4F3BD
+
+I=390
+KEY=043B9FDDEC299802026D508E5A6F0FA482BBFE84631BF007
+IV=6FA7FCDBA3B1BCA5B6D0215C230AD27C
+CT=4AA882DCB39AA79E8439E9ECE9F4F3BD
+PT=28C1E45D8D01AD148FA7D7C4F41ACE04
+
+I=391
+KEY=1074F9BD3FFD4EAF2AACB4D3D76EA2B00D1C294097013E03
+IV=1210BAF1D69B23FE144F6660D3D4D6AD
+CT=28C1E45D8D01AD148FA7D7C4F41ACE04
+PT=3ABE04FC59C3BDF9D7721902DEFCB439
+
+I=392
+KEY=D97F3440E3684D291012B02F8EAD1F49DA6E304249FD8A3A
+IV=C271800852E147D5C90BCDFDDC950386
+CT=3ABE04FC59C3BDF9D7721902DEFCB439
+PT=3A563A6A047E16123B289B047BB54C4E
+
+I=393
+KEY=49A10E68A38B02F42A448A458AD3095BE146AB463248C674
+IV=9DB6856C7E01CF3690DE3A2840E34FDD
+CT=3A563A6A047E16123B289B047BB54C4E
+PT=F8CB54B8D16274E9A20C0F026866E52F
+
+I=394
+KEY=9DD96DCFD4A1B11FD28FDEFD5BB17DB2434AA4445A2E235B
+IV=233C069312D97A03D47863A7772AB3EB
+CT=F8CB54B8D16274E9A20C0F026866E52F
+PT=0302D25C39BF21F67F1AF2E1951D40F9
+
+I=395
+KEY=746E55928D7E549DD18D0CA1620E5C443C5056A5CF3363A2
+IV=B6086C5FEEE9A078E9B7385D59DFE582
+CT=0302D25C39BF21F67F1AF2E1951D40F9
+PT=721192A3A5140DD63D93E0D6ACC4A4B8
+
+I=396
+KEY=7E6FC505EAAB07E4A39C9E02C71A519201C3B67363F7C71A
+IV=9828A03F0ADCE33E0A01909767D55379
+CT=721192A3A5140DD63D93E0D6ACC4A4B8
+PT=1C0F7440EF41FF18E263392741AD9D8B
+
+I=397
+KEY=D13AD442CAE026C3BF93EA42285BAE8AE3A08F54225A5A91
+IV=4FC707A846B4469AAF551147204B2127
+CT=1C0F7440EF41FF18E263392741AD9D8B
+PT=442F978615AC3983AA5ABEA81AD1ACA6
+
+I=398
+KEY=043A4EFFCD44EEB1FBBC7DC43DF7970949FA31FC388BF637
+IV=05D58B4A88A961AFD5009ABD07A4C872
+CT=442F978615AC3983AA5ABEA81AD1ACA6
+PT=E75C29413A33AA1210F36AADEC02FCEE
+
+I=399
+KEY=81492E2C6296C9341CE0548507C43D1B59095B51D4890AD9
+IV=D89794EAA1791507857360D3AFD22785
+CT=E75C29413A33AA1210F36AADEC02FCEE
+PT=6342BFDDD2F6610350458B6695463484
+
+==========
+
+KEYSIZE=256
+
+I=0
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+IV=00000000000000000000000000000000
+CT=00000000000000000000000000000000
+PT=4804E1818FE6297519A3E88C57310413
+
+I=1
+KEY=098E3797788EA3BCD5477BF1660373944804E1818FE6297519A3E88C57310413
+IV=098E3797788EA3BCD5477BF166037394
+CT=4804E1818FE6297519A3E88C57310413
+PT=D36C27EBB8FA0BC9FA368DF850FD45FB
+
+I=2
+KEY=D949E143F98BDE24BD40A256F9E369339B68C66A371C22BCE395657407CC41E8
+IV=D0C7D6D481057D986807D9A79FE01AA7
+CT=D36C27EBB8FA0BC9FA368DF850FD45FB
+PT=EBCB4DC84155682856D94B442BC597EE
+
+I=3
+KEY=296352DA0158E197EBC80771EC1ECC7D70A38BA276494A94B54C2E302C09D606
+IV=F02AB399F8D33FB35688A52715FDA54E
+CT=EBCB4DC84155682856D94B442BC597EE
+PT=23AA6A6B4BE8C04E19707CA330804C4E
+
+I=4
+KEY=5D3E9E2EA4DEDDB65A58DADB5B9679BC5309E1C93DA18ADAAC3C52931C899A48
+IV=745DCCF4A5863C21B190DDAAB788B5C1
+CT=23AA6A6B4BE8C04E19707CA330804C4E
+PT=9B1AA0F33416484BA68740E821F95CD3
+
+I=5
+KEY=E35024184CCA14687DB19E13093D2A31C813413A09B7C2910ABB127B3D70C69B
+IV=BE6EBA36E814C9DE27E944C852AB538D
+CT=9B1AA0F33416484BA68740E821F95CD3
+PT=8A8C6ADF453CB7A2FC4F3690FF7C6F23
+
+I=6
+KEY=FDC6EB83FF93BA06DE2D09CB33F05406429F2BE54C8B7533F6F424EBC20CA9B8
+IV=1E96CF9BB359AE6EA39C97D83ACD7E37
+CT=8A8C6ADF453CB7A2FC4F3690FF7C6F23
+PT=B104182A3D85B857FB342BD06063E989
+
+I=7
+KEY=7177668BAC9407FB2835524D58F1311EF39B33CF710ECD640DC00F3BA26F4031
+IV=8CB18D085307BDFDF6185B866B016518
+CT=B104182A3D85B857FB342BD06063E989
+PT=68AD7EB507FAEE8FF54E5B7EB4314208
+
+I=8
+KEY=790AE8470B39A60E9F32F4025B2251849B364D7A76F423EBF88E5445165E0239
+IV=087D8ECCA7ADA1F5B707A64F03D3609A
+CT=68AD7EB507FAEE8FF54E5B7EB4314208
+PT=99736D55B2730FDBC4FCD9128A3E6F06
+
+I=9
+KEY=4EAF05AC15913059B6B0E43EFA7ADC1C0245202FC4872C303C728D579C606D3F
+IV=37A5EDEB1EA896572982103CA1588D98
+CT=99736D55B2730FDBC4FCD9128A3E6F06
+PT=DF326CEE98EE253C855D171D93AA9455
+
+I=10
+KEY=55EE1CCDBA5A04040F4212DFBF6ABC89DD774CC15C69090CB92F9A4A0FCAF96A
+IV=1B411961AFCB345DB9F2F6E145106095
+CT=DF326CEE98EE253C855D171D93AA9455
+PT=B4E41BD5257CD7AF0A6F020BEE5F4067
+
+I=11
+KEY=6190A91725B7D4E8DD42F3F3B4E42E14699357147915DEA3B3409841E195B90D
+IV=347EB5DA9FEDD0ECD200E12C0B8E929D
+CT=B4E41BD5257CD7AF0A6F020BEE5F4067
+PT=3608F41CA4C677E74F48B113D9B336B0
+
+I=12
+KEY=0A93E973CCBAC75C9C0AA05502A43E945F9BA308DDD3A944FC08295238268FBD
+IV=6B034064E90D13B4414853A6B6401080
+CT=3608F41CA4C677E74F48B113D9B336B0
+PT=FB54DBB9C0C7176C4C9E1E4E6688B570
+
+I=13
+KEY=584CCAEDD52F491A935D892AD132F75AA4CF78B11D14BE28B096371C5EAE3ACD
+IV=52DF239E19958E460F57297FD396C9CE
+CT=FB54DBB9C0C7176C4C9E1E4E6688B570
+PT=F40A6A6AE95E9D163D88AAE9A2D359BC
+
+I=14
+KEY=0DD784E96CAB96D702DD3972E95317FD50C512DBF44A233E8D1E9DF5FC7D6371
+IV=559B4E04B984DFCD9180B0583861E0A7
+CT=F40A6A6AE95E9D163D88AAE9A2D359BC
+PT=0FE04B8BB249E49E24FEB6FFE106121C
+
+I=15
+KEY=2BC3A4EBD80215F0130EC1F76821BC515F2559504603C7A0A9E02B0A1D7B716D
+IV=26142002B4A9832711D3F8858172ABAC
+CT=0FE04B8BB249E49E24FEB6FFE106121C
+PT=EBA4EF8D541919A0D0947359344D61C9
+
+I=16
+KEY=0B5856BE9A78457868F7CF9C9C58EF7AB481B6DD121ADE0079745853293610A4
+IV=209BF255427A50887BF90E6BF479532B
+CT=EBA4EF8D541919A0D0947359344D61C9
+PT=06484C36A29BD3CA7CBAB7FBEA47313B
+
+I=17
+KEY=C004F13C83AA1FD5C2A592D27B47C437B2C9FAEBB0810DCA05CEEFA8C371219F
+IV=CB5CA78219D25AADAA525D4EE71F2B4D
+CT=06484C36A29BD3CA7CBAB7FBEA47313B
+PT=376157B7DB3B027980C5EF0E88B3F9EF
+
+I=18
+KEY=AD89203CAD17908C4F44F3FD2D61505385A8AD5C6BBA0FB3850B00A64BC2D870
+IV=6D8DD1002EBD8F598DE1612F56269464
+CT=376157B7DB3B027980C5EF0E88B3F9EF
+PT=756783C2F0EE73BBD81B908F660AA6F7
+
+I=19
+KEY=FBE990A6247EABC0CD5090DF0C566E01F0CF2E9E9B547C085D1090292DC87E87
+IV=5660B09A89693B4C8214632221373E52
+CT=756783C2F0EE73BBD81B908F660AA6F7
+PT=6CC64B773ECDFA9749DB33197F7EA0AB
+
+I=20
+KEY=FEC46AD20DA3E667B26D79B11A82A40F9C0965E9A599869F14CBA33052B6DE2C
+IV=052DFA7429DD4DA77F3DE96E16D4CA0E
+CT=6CC64B773ECDFA9749DB33197F7EA0AB
+PT=9230E4DCA927E2F8E617A2EBC4F11477
+
+I=21
+KEY=F4396B035E4E1BD914877124D1CD4B370E3981350CBE6467F2DC01DB9647CA5B
+IV=0AFD01D153EDFDBEA6EA0895CB4FEF38
+CT=9230E4DCA927E2F8E617A2EBC4F11477
+PT=6ACD9F3939A86EE4236A3C060D2F5C3C
+
+I=22
+KEY=49C90E620094D6A85E75BD886FAFE79264F41E0C35160A83D1B63DDD9B689667
+IV=BDF065615EDACD714AF2CCACBE62ACA5
+CT=6ACD9F3939A86EE4236A3C060D2F5C3C
+PT=E5F4F050827F69B60B417063AC1060E4
+
+I=23
+KEY=1AED4D36938AB2D5D884EF2F106D2CEF8100EE5CB7696335DAF74DBE3778F683
+IV=53244354931E647D86F152A77FC2CB7D
+CT=E5F4F050827F69B60B417063AC1060E4
+PT=5CE4B0B3C32700B6B887E05A88EE0239
+
+I=24
+KEY=EF14B937F6E0F19AC8ADBD208DD60EE5DDE45EEF744E63836270ADE4BF96F4BA
+IV=F5F9F401656A434F1029520F9DBB220A
+CT=5CE4B0B3C32700B6B887E05A88EE0239
+PT=4794284E2BB56A47332E84AD7A2006A2
+
+I=25
+KEY=182581A233332DDCD43C25AF9AA3AD7F9A7076A15FFB09C4515E2949C5B6F218
+IV=F7313895C5D3DC461C91988F1775A39A
+CT=4794284E2BB56A47332E84AD7A2006A2
+PT=C8AE2CAA7C257508C3AB75BE28D2602F
+
+I=26
+KEY=ABE7FE236E28332AE7A74A9EA03B97A952DE5A0B23DE7CCC92F55CF7ED649237
+IV=B3C27F815D1B1EF6339B6F313A983AD6
+CT=C8AE2CAA7C257508C3AB75BE28D2602F
+PT=A9FD4B9D4833B647FF60F8013C3B5B9D
+
+I=27
+KEY=08248BDC5F9186DCD65DA6344A10C57EFB2311966BEDCA8B6D95A4F6D15FC9AA
+IV=A3C375FF31B9B5F631FAECAAEA2B52D7
+CT=A9FD4B9D4833B647FF60F8013C3B5B9D
+PT=C871D7B4C0167DCFDD79AF1DEAC49D4F
+
+I=28
+KEY=BF29FB1B11AA7DB8742FF06458C384853352C622ABFBB744B0EC0BEB3B9B54E5
+IV=B70D70C74E3BFB64A272565012D341FB
+CT=C871D7B4C0167DCFDD79AF1DEAC49D4F
+PT=E2DE7BAC726C404FC7BA5099E39409CA
+
+I=29
+KEY=1810253DDF0CC5ECE2381FB4C2BEEDCCD18CBD8ED997F70B77565B72D80F5D2F
+IV=A739DE26CEA6B8549617EFD09A7D6949
+CT=E2DE7BAC726C404FC7BA5099E39409CA
+PT=D4A8257110EF7FFE2A1F026B28D7483A
+
+I=30
+KEY=F343D1EC9AEB200B65DB4AA369F6A47E052498FFC97888F55D495919F0D81515
+IV=EB53F4D145E7E5E787E35517AB4849B2
+CT=D4A8257110EF7FFE2A1F026B28D7483A
+PT=9EA25895CFEAEAD224095C4687726D06
+
+I=31
+KEY=86A93B0F219E1FFEBC0E4BA0334046AA9B86C06A069262277940055F77AA7813
+IV=75EAEAE3BB753FF5D9D501035AB6E2D4
+CT=9EA25895CFEAEAD224095C4687726D06
+PT=5C5DD66E7AD197DA86844D53C8ACEA0E
+
+I=32
+KEY=2278C61356CB0A951DAE3B6DC76868C9C7DB16047C43F5FDFFC4480CBF06921D
+IV=A4D1FD1C7755156BA1A070CDF4282E63
+CT=5C5DD66E7AD197DA86844D53C8ACEA0E
+PT=011959D35C8FE620E1C49D1804912F26
+
+I=33
+KEY=E1972A31ACF850A22CBC592AF6CAF6F0C6C24FD720CC13DD1E00D514BB97BD3B
+IV=C3EFEC22FA335A373112624731A29E39
+CT=011959D35C8FE620E1C49D1804912F26
+PT=895DDA7BB43DC3060B41DA70CAE4D2ED
+
+I=34
+KEY=BB4A76B5E8FD3820CC5D4A44F527E6704F9F95AC94F1D0DB15410F6471736FD6
+IV=5ADD5C8444056882E0E1136E03ED1080
+CT=895DDA7BB43DC3060B41DA70CAE4D2ED
+PT=94E8BBC942B4127A0A8EBEC59319CF57
+
+I=35
+KEY=4D98C60F0FA316B2DA3D11CFB3B9FE0CDB772E65D645C2A11FCFB1A1E26AA081
+IV=F6D2B0BAE75E2E9216605B8B469E187C
+CT=94E8BBC942B4127A0A8EBEC59319CF57
+PT=274FE85E229321D4A6B2E9D4F0D3830F
+
+I=36
+KEY=A9FC5AC4A7B3550BC34E4BA94C0D328BFC38C63BF4D6E375B97D587512B9238E
+IV=E4649CCBA81043B919735A66FFB4CC87
+CT=274FE85E229321D4A6B2E9D4F0D3830F
+PT=256AC08E72D79B0CB7457B26769AC226
+
+I=37
+KEY=1C44DEF03398188AC1B2EF6A6E91A33FD95206B5860178790E3823536423E1A8
+IV=B5B88434942B4D8102FCA4C3229C91B4
+CT=256AC08E72D79B0CB7457B26769AC226
+PT=366D17A14CA0FC192DBB731C1C305874
+
+I=38
+KEY=3D80B92C01F9721032366B20D97DC097EF3F1114CAA184602383504F7813B9DC
+IV=21C467DC32616A9AF384844AB7EC63A8
+CT=366D17A14CA0FC192DBB731C1C305874
+PT=000B4A6054663874ECAE310144BA9377
+
+I=39
+KEY=48DD38DC16A4CE76338C95A866C1C795EF345B749EC7BC14CF2D614E3CA92AAB
+IV=755D81F0175DBC6601BAFE88BFBC0702
+CT=000B4A6054663874ECAE310144BA9377
+PT=32B32D65566626D794FB296CA816B0A8
+
+I=40
+KEY=C62EFA02F23FE796799BF9151FBFD8D7DD877611C8A19AC35BD6482294BF9A03
+IV=8EF3C2DEE49B29E04A176CBD797E1F42
+CT=32B32D65566626D794FB296CA816B0A8
+PT=D743A090101B1BAF5B83E8C06517E193
+
+I=41
+KEY=91400A96EEADA906ABD4C3F6863CE4750AC4D681D8BA816C0055A0E2F1A87B90
+IV=576EF0941C924E90D24F3AE399833CA2
+CT=D743A090101B1BAF5B83E8C06517E193
+PT=2DE61760BEE8F811B3FEB44D2C566DB0
+
+I=42
+KEY=9983EAD4BF987E39644D7D0963F93DB62722C1E16652797DB3AB14AFDDFE1620
+IV=08C3E0425135D73FCF99BEFFE5C5D9C3
+CT=2DE61760BEE8F811B3FEB44D2C566DB0
+PT=E97598EFFED4128DCCCDD7A04D8405E1
+
+I=43
+KEY=B72929D2D02A00D36E7C3BD11CDB9FA4CE57590E98866BF07F66C30F907A13C1
+IV=2EAAC3066FB27EEA0A3146D87F22A212
+CT=E97598EFFED4128DCCCDD7A04D8405E1
+PT=5983276B92B95898302385F5156B6201
+
+I=44
+KEY=CC9928E45F7885515986E0D431F3288E97D47E650A3F33684F4546FA851171C0
+IV=7BB001368F52858237FADB052D28B72A
+CT=5983276B92B95898302385F5156B6201
+PT=ABDEFF06E04995FD2C5472D05056A0A3
+
+I=45
+KEY=59A2D8FCED30176B73FF5642BCE4A9163C0A8163EA76A6956311342AD547D163
+IV=953BF018B248923A2A79B6968D178198
+CT=ABDEFF06E04995FD2C5472D05056A0A3
+PT=E4210D117B05F3EADC8AF75D1A80B823
+
+I=46
+KEY=FFCCE373B679DE040165054D9EECA460D82B8C729173557FBF9BC377CFC76940
+IV=A66E3B8F5B49C96F729A530F22080D76
+CT=E4210D117B05F3EADC8AF75D1A80B823
+PT=4786111E1B0F2CA78E43CC0D154BC1EA
+
+I=47
+KEY=36E29D3C942DBC6A12B53088632260649FAD9D6C8A7C79D831D80F7ADA8CA8AA
+IV=C92E7E4F2254626E13D035C5FDCEC404
+CT=4786111E1B0F2CA78E43CC0D154BC1EA
+PT=122DC3B40007BA36BC7E7EE808911DAE
+
+I=48
+KEY=3692660415E53226D2758E60FD6E3F5F8D805ED88A7BC3EE8DA67192D21DB504
+IV=0070FB3881C88E4CC0C0BEE89E4C5F3B
+CT=122DC3B40007BA36BC7E7EE808911DAE
+PT=5E443EC882C1B938C2A4C412D3A92FDF
+
+I=49
+KEY=E3C167B38A29EDFBDC37A50F434C7056D3C4601008BA7AD64F02B58001B49ADB
+IV=D55301B79FCCDFDD0E422B6FBE224F09
+CT=5E443EC882C1B938C2A4C412D3A92FDF
+PT=14A8F43BA8829B134D6BD110E6D43F92
+
+I=50
+KEY=8AD38A575E425D347C5B5BFB08A5173CC76C942BA038E1C502696490E760A549
+IV=6912EDE4D46BB0CFA06CFEF44BE9676A
+CT=14A8F43BA8829B134D6BD110E6D43F92
+PT=025982911796C2FE34C89157BF2959BD
+
+I=51
+KEY=AE4ABA37DD2C3C5109B13C3DD9FCB67EC53516BAB7AE233B36A1F5C75849FCF4
+IV=24993060836E616575EA67C6D159A142
+CT=025982911796C2FE34C89157BF2959BD
+PT=BC658642A8EEBEC6DBE2A76BCD70799B
+
+I=52
+KEY=31AC934C58BF87AD1EE4357BBE315175795090F81F409DFDED4352AC9539856F
+IV=9FE6297B8593BBFC1755094667CDE70B
+CT=BC658642A8EEBEC6DBE2A76BCD70799B
+PT=132CE1CC36EFE58A4A53534B962D2D70
+
+I=53
+KEY=79F7C18CA600203D404363908749B22F6A7C713429AF7877A71001E70314A81F
+IV=485B52C0FEBFA7905EA756EB3978E35A
+CT=132CE1CC36EFE58A4A53534B962D2D70
+PT=8D2BA39F08ED00BEB51543C0FCCFA57C
+
+I=54
+KEY=162A4089A1E46EAB5C9592BF1F98BCC2E757D2AB214278C912054227FFDB0D63
+IV=6FDD810507E44E961CD6F12F98D10EED
+CT=8D2BA39F08ED00BEB51543C0FCCFA57C
+PT=2E8D05A8A3066094025FE07F3A53A94E
+
+I=55
+KEY=DB5F33F93F2B795EDA54095937B79E4CC9DAD7038244185D105AA258C588A42D
+IV=CD7573709ECF17F586C19BE6282F228E
+CT=2E8D05A8A3066094025FE07F3A53A94E
+PT=D39EC2261C53AD45F91627E1B1F62D22
+
+I=56
+KEY=CCA770427DF8CF5350864D4E86E6D8891A4415259E17B518E94C85B9747E890F
+IV=17F843BB42D3B60D8AD24417B15146C5
+CT=D39EC2261C53AD45F91627E1B1F62D22
+PT=F517DC01890C3D300520B6CE343B7F94
+
+I=57
+KEY=25F53E7CC6590220E9426296568DE496EF53C924171B8828EC6C33774045F69B
+IV=E9524E3EBBA1CD73B9C42FD8D06B3C1F
+CT=F517DC01890C3D300520B6CE343B7F94
+PT=ECBCCBB21AC2D07E3ECACD26D42E4444
+
+I=58
+KEY=6D4A92C82C6C3D44CED65D76BB33B23E03EF02960DD95856D2A6FE51946BB2DF
+IV=48BFACB4EA353F6427943FE0EDBE56A8
+CT=ECBCCBB21AC2D07E3ECACD26D42E4444
+PT=6FF7C241A5FF025FAA8C4DAF5E0950AE
+
+I=59
+KEY=A3D0AB0A0F8EDF232D111458D3B8B1C66C18C0D7A8265A09782AB3FECA62E271
+IV=CE9A39C223E2E267E3C7492E688B03F8
+CT=6FF7C241A5FF025FAA8C4DAF5E0950AE
+PT=3B7E4B74F021F9E995627DE42B03D7D8
+
+I=60
+KEY=A8E2D59CF188CDA75C80FA49889F7EE357668BA35807A3E0ED48CE1AE16135A9
+IV=0B327E96FE0612847191EE115B27CF25
+CT=3B7E4B74F021F9E995627DE42B03D7D8
+PT=6759C15ED1049A51953E814C2445F3C6
+
+I=61
+KEY=092010B28BD3C8E59D09CE85169190BB303F4AFD890339B178764F56C524C66F
+IV=A1C2C52E7A5B0542C18934CC9E0EEE58
+CT=6759C15ED1049A51953E814C2445F3C6
+PT=05F681CB7984491E2CE5B1025F860BEB
+
+I=62
+KEY=538E3068E1059FE89C27D5F19405274835C9CB36F08770AF5493FE549AA2CD84
+IV=5AAE20DA6AD6570D012E1B748294B7F3
+CT=05F681CB7984491E2CE5B1025F860BEB
+PT=E046F5B143CEEAC44EF520F2C3BFA96E
+
+I=63
+KEY=78B5D2551099875910844A17ABBACD64D58F3E87B3499A6B1A66DEA6591D64EA
+IV=2B3BE23DF19C18B18CA39FE63FBFEA2C
+CT=E046F5B143CEEAC44EF520F2C3BFA96E
+PT=0F508DD1BCC6C520A81AE7EC75361179
+
+I=64
+KEY=8D6E7E66F496C358A369EF7C49D117A3DADFB3560F8F5F4BB27C394A2C2B7593
+IV=F5DBAC33E40F4401B3EDA56BE26BDAC7
+CT=0F508DD1BCC6C520A81AE7EC75361179
+PT=BAE114FFF19FD11336D454BF0FF6954D
+
+I=65
+KEY=781164DD6F90037E9896672FD24F1AF6603EA7A9FE108E5884A86DF523DDE0DE
+IV=F57F1ABB9B06C0263BFF88539B9E0D55
+CT=BAE114FFF19FD11336D454BF0FF6954D
+PT=FE73CE62C227459729E8FDC9116EC6BB
+
+I=66
+KEY=9268D6C0E8DE5AFBCCE137EADE6293E49E4D69CB3C37CBCFAD40903C32B32665
+IV=EA79B21D874E5985547750C50C2D8912
+CT=FE73CE62C227459729E8FDC9116EC6BB
+PT=B13971219C12C12A8308213759196B0D
+
+I=67
+KEY=701EB5AEF8262D8634B53AF1768ED68E2F7418EAA0250AE52E48B10B6BAA4D68
+IV=E276636E10F8777DF8540D1BA8EC456A
+CT=B13971219C12C12A8308213759196B0D
+PT=4F5A36173C16ED45F5D36B9D1AED84FF
+
+I=68
+KEY=40D027792516E1FE962F63B9C939677C602E2EFD9C33E7A0DB9BDA967147C997
+IV=30CE92D7DD30CC78A29A5948BFB7B1F2
+CT=4F5A36173C16ED45F5D36B9D1AED84FF
+PT=9FB89D6FEFE606058FE40B5492643596
+
+I=69
+KEY=CAAFC0DD2E4FC86AC19B40BC34F14630FF96B39273D5E1A5547FD1C2E323FC01
+IV=8A7FE7A40B59299457B42305FDC8214C
+CT=9FB89D6FEFE606058FE40B5492643596
+PT=F6D0717F197CBAE383B55117FCBE07AC
+
+I=70
+KEY=CE03D67B6DAB9CFAA0C20129475620230946C2ED6AA95B46D7CA80D51F9DFBAD
+IV=04AC16A643E454906159419573A76613
+CT=F6D0717F197CBAE383B55117FCBE07AC
+PT=7747114FF82F8C7568BE51912CFDB51A
+
+I=71
+KEY=DDCEDD32E5F0D26F7707DAE453288B537E01D3A29286D733BF74D14433604EB7
+IV=13CD0B49885B4E95D7C5DBCD147EAB70
+CT=7747114FF82F8C7568BE51912CFDB51A
+PT=E75313A8DFA7EB0AD1664B14D2DBE284
+
+I=72
+KEY=6B032958C3379BD4BEC22CD4271EB4589952C00A4D213C396E129A50E1BBAC33
+IV=B6CDF46A26C749BBC9C5F63074363F0B
+CT=E75313A8DFA7EB0AD1664B14D2DBE284
+PT=42FEDBDC4F0BD11DA42163D76E952DC7
+
+I=73
+KEY=1710F6CF86EDB5F1364F19CA676ED69BDBAC1BD6022AED24CA33F9878F2E81F4
+IV=7C13DF9745DA2E25888D351E407062C3
+CT=42FEDBDC4F0BD11DA42163D76E952DC7
+PT=6E0166BA404B3AEFACCA8E972F087EA5
+
+I=74
+KEY=9D9711F138D0C2D1003E2C99BB0F0447B5AD7D6C4261D7CB66F97710A026FF51
+IV=8A87E73EBE3D772036713553DC61D2DC
+CT=6E0166BA404B3AEFACCA8E972F087EA5
+PT=644A1DCFCA2EC01C3E8911768837D99E
+
+I=75
+KEY=1BD7E446FADA5507ECE26BBB635045E7D1E760A3884F17D758706666281126CF
+IV=8640F5B7C20A97D6ECDC4722D85F41A0
+CT=644A1DCFCA2EC01C3E8911768837D99E
+PT=4E69AE75BD37DB8024DBD1A11D6D414E
+
+I=76
+KEY=3454FD4B259FB4C086288ADAFF6464CD9F8ECED63578CC577CABB7C7357C6781
+IV=2F83190DDF45E1C76ACAE1619C34212A
+CT=4E69AE75BD37DB8024DBD1A11D6D414E
+PT=F63964784AD35374EAFC933AC11A48B6
+
+I=77
+KEY=97EFD593918FB16F2D6889C118C5ED4469B7AAAE7FAB9F23965724FDF4662F37
+IV=A3BB28D8B41005AFAB40031BE7A18989
+CT=F63964784AD35374EAFC933AC11A48B6
+PT=51CBF7F67A22DA909567D67F1919ECEF
+
+I=78
+KEY=481E90BC31903905C08D0E5AEF79A514387C5D58058945B30330F282ED7FC3D8
+IV=DFF1452FA01F886AEDE5879BF7BC4850
+CT=51CBF7F67A22DA909567D67F1919ECEF
+PT=9AE181DE8DB65E7E242926091A17D0B1
+
+I=79
+KEY=35A4F86146CED63BDCB485B0AE4C205AA29DDC86883F1BCD2719D48BF7681369
+IV=7DBA68DD775EEF3E1C398BEA4135854E
+CT=9AE181DE8DB65E7E242926091A17D0B1
+PT=47E15B5AC96A7FDB805F3B8862D9055F
+
+I=80
+KEY=5ECF20C5884FDF95C2B7C17D40CD6923E57C87DC41556416A746EF0395B11636
+IV=6B6BD8A4CE8109AE1E0344CDEE814979
+CT=47E15B5AC96A7FDB805F3B8862D9055F
+PT=1806C474A1ECE5D8183E725804FB92C3
+
+I=81
+KEY=AC473047ADF97E75C100CBBD73FA0892FD7A43A8E0B981CEBF789D5B914A84F5
+IV=F288108225B6A1E003B70AC0333761B1
+CT=1806C474A1ECE5D8183E725804FB92C3
+PT=0A0615424DAD4EFC25EC43B13C672727
+
+I=82
+KEY=6620AE39484EDD0EC21A3E3F659537DDF77C56EAAD14CF329A94DEEAAD2DA3D2
+IV=CA679E7EE5B7A37B031AF582166F3F4F
+CT=0A0615424DAD4EFC25EC43B13C672727
+PT=551639A520D0D043CAD42CB02900D5EF
+
+I=83
+KEY=04D696BB056CC59492B376CB3A0286EAA26A6F4F8DC41F715040F25A842D763D
+IV=62F638824D22189A50A948F45F97B137
+CT=551639A520D0D043CAD42CB02900D5EF
+PT=DF906B0E72FEACC9B45381B992E23A5A
+
+I=84
+KEY=0AED1F2A6660BDBA660E00137E38C1C97DFA0441FF3AB3B8E41373E316CF4C67
+IV=0E3B8991630C782EF4BD76D8443A4723
+CT=DF906B0E72FEACC9B45381B992E23A5A
+PT=D477C6287D05C0F83B27B1FD91F5F908
+
+I=85
+KEY=E0A51B848A913A860FD2C39941C8C3A1A98DC269823F7340DF34C21E873AB56F
+IV=EA4804AEECF1873C69DCC38A3FF00268
+CT=D477C6287D05C0F83B27B1FD91F5F908
+PT=6AB7E109C085B0BA7C8A8B76482F9C80
+
+I=86
+KEY=A8B0500EC0292EF668A03E8293E235BAC33A236042BAC3FAA3BE4968CF1529EF
+IV=48154B8A4AB814706772FD1BD22AF61B
+CT=6AB7E109C085B0BA7C8A8B76482F9C80
+PT=71A31000A5763A0C79B6353E39FFBE84
+
+I=87
+KEY=34C53C34901B693F4611F20F1DD5125EB2993360E7CCF9F6DA087C56F6EA976B
+IV=9C756C3A503247C92EB1CC8D8E3727E4
+CT=71A31000A5763A0C79B6353E39FFBE84
+PT=B5B377EBEBC0B32A5A0C7E2A2504C32A
+
+I=88
+KEY=A13850B9164EF60EB77E06819605AC01072A448B0C0C4ADC8004027CD3EE5441
+IV=95FD6C8D86559F31F16FF48E8BD0BE5F
+CT=B5B377EBEBC0B32A5A0C7E2A2504C32A
+PT=B74459D1E7C5CF9106C362572FE9C917
+
+I=89
+KEY=37261F6D588FF9028A23319CE02DDA71B06E1D5AEBC9854D86C7602BFC079D56
+IV=961E4FD44EC10F0C3D5D371D76287670
+CT=B74459D1E7C5CF9106C362572FE9C917
+PT=5777A0854A6E00DB0B6B199BDD35447A
+
+I=90
+KEY=085A7B276E58B9175204A87D74B9E78AE719BDDFA1A785968DAC79B02132D92C
+IV=3F7C644A36D74015D82799E194943DFB
+CT=5777A0854A6E00DB0B6B199BDD35447A
+PT=01CC73B6EE44403DFED2C91D6F0DC441
+
+I=91
+KEY=61DC99DD0C1470F511D79DCC2541002AE6D5CE694FE3C5AB737EB0AD4E3F1D6D
+IV=6986E2FA624CC9E243D335B151F8E7A0
+CT=01CC73B6EE44403DFED2C91D6F0DC441
+PT=8993161CF3E75DE836BB2C1955581DB6
+
+I=92
+KEY=AEB68207F1E4395794BA7E28CE9BF7996F46D875BC04984345C59CB41B6700DB
+IV=CF6A1BDAFDF049A2856DE3E4EBDAF7B3
+CT=8993161CF3E75DE836BB2C1955581DB6
+PT=2A4D6929ED3A66E71EFC40F1840CD649
+
+I=93
+KEY=DBF8A8AED7B6D7BCFD1B5BEEC3F01AC0450BB15C513EFEA45B39DC459F6BD692
+IV=754E2AA92652EEEB69A125C60D6BED59
+CT=2A4D6929ED3A66E71EFC40F1840CD649
+PT=596CE09B1176A9FB5A9973086A0E4C12
+
+I=94
+KEY=1A61C7F2FB652E256190C0896F800CD61C6751C74048575F01A0AF4DF5659A80
+IV=C1996F5C2CD3F9999C8B9B67AC701616
+CT=596CE09B1176A9FB5A9973086A0E4C12
+PT=B57AC41360C13F6831689C311BD0ED2C
+
+I=95
+KEY=FC3828E6A9487698231D11C10C353F2DA91D95D42089683730C8337CEEB577AC
+IV=E659EF14522D58BD428DD14863B533FB
+CT=B57AC41360C13F6831689C311BD0ED2C
+PT=F58AA69EEBF25943C728FA26524DE154
+
+I=96
+KEY=9D16CAD42D19D1A3B9CB12566745B2765C97334ACB7B3174F7E0C95ABCF896F8
+IV=612EE2328451A73B9AD603976B708D5B
+CT=F58AA69EEBF25943C728FA26524DE154
+PT=4A678FED6C5E5898A47F2DFE9DF71DF2
+
+I=97
+KEY=D9A8554717435E69EFD4A617CA70B0D216F0BCA7A72569EC539FE4A4210F8B0A
+IV=44BE9F933A5A8FCA561FB441AD3502A4
+CT=4A678FED6C5E5898A47F2DFE9DF71DF2
+PT=38011537A04E6C4A81510899741F2FFC
+
+I=98
+KEY=AA9D9A7B4E187F8D78AAEE11967A20A42EF1A990076B05A6D2CEEC3D5510A4F6
+IV=7335CF3C595B21E4977E48065C0A9076
+CT=38011537A04E6C4A81510899741F2FFC
+PT=6472060F536BC5F83A3C247F63C3580E
+
+I=99
+KEY=90A5D8CD93F0AE068E8DC72CA5DD6E184A83AF9F5400C05EE8F2C84236D3FCF8
+IV=3A3842B6DDE8D18BF627293D33A74EBC
+CT=6472060F536BC5F83A3C247F63C3580E
+PT=08B99B59D0584DAC0412796871FE3F27
+
+I=100
+KEY=489520777A18D5BF65B85AAEA29DB3D8423A34C684588DF2ECE0B12A472DC3DF
+IV=D830F8BAE9E87BB9EB359D820740DDC0
+CT=08B99B59D0584DAC0412796871FE3F27
+PT=E8B8579DF9E918B3D24C18E17068AD66
+
+I=101
+KEY=69542EE000ACEEFB5E0EB471F3CD0927AA82635B7DB195413EACA9CB37456EB9
+IV=21C10E977AB43B443BB6EEDF5150BAFF
+CT=E8B8579DF9E918B3D24C18E17068AD66
+PT=9B6C3234993F6900B3E572B5A43CA644
+
+I=102
+KEY=E88C863186548F35DF6EFB48743B7C1831EE516FE48EFC418D49DB7E9379C8FD
+IV=81D8A8D186F861CE81604F3987F6753F
+CT=9B6C3234993F6900B3E572B5A43CA644
+PT=E0A2962A02698489813292D33D02D0AB
+
+I=103
+KEY=C9DD7904D060B79B83F97A1FC93E50DED14CC745E6E778C80C7B49ADAE7B1856
+IV=2151FF35563438AE5C978157BD052CC6
+CT=E0A2962A02698489813292D33D02D0AB
+PT=10C80B22D8EC54B855E103D6B76C03BC
+
+I=104
+KEY=D208B7A87003A507561FA5C7422A85C5C184CC673E0B2C70599A4A7B19171BEA
+IV=1BD5CEACA063129CD5E6DFD88B14D51B
+CT=10C80B22D8EC54B855E103D6B76C03BC
+PT=CE88B76CC2223EB68BA9B5852C1921DB
+
+I=105
+KEY=27B0E1BF8EA57E8AD51BC3FA278369780F0C7B0BFC2912C6D233FFFE350E3A31
+IV=F5B85617FEA6DB8D8304663D65A9ECBD
+CT=CE88B76CC2223EB68BA9B5852C1921DB
+PT=00401EEE034A193C86A23152AF4B767E
+
+I=106
+KEY=45E37A710D9E754EE90B7C1DBB894DC20F4C65E5FF630BFA5491CEAC9A454C4F
+IV=62539BCE833B0BC43C10BFE79C0A24BA
+CT=00401EEE034A193C86A23152AF4B767E
+PT=CEF1DC8A618BF71C68720E6EEDE31EEF
+
+I=107
+KEY=B432E78F49D50B045C8B598EEA3D4142C1BDB96F9EE8FCE63CE3C0C277A652A0
+IV=F1D19DFE444B7E4AB580259351B40C80
+CT=CEF1DC8A618BF71C68720E6EEDE31EEF
+PT=EF8FB3790627F31E5CBF21B31FF942DE
+
+I=108
+KEY=F5CE9C0AF13DA60D32912620673AEE572E320A1698CF0FF8605CE171685F107E
+IV=41FC7B85B8E8AD096E1A7FAE8D07AF15
+CT=EF8FB3790627F31E5CBF21B31FF942DE
+PT=2EF1C697D948D712AA177855B0D56650
+
+I=109
+KEY=DA14D71084F47D87385EF58128C7517F00C3CC814187D8EACA4B9924D88A762E
+IV=2FDA4B1A75C9DB8A0ACFD3A14FFDBF28
+CT=2EF1C697D948D712AA177855B0D56650
+PT=0A20E82375680D134FE05AC74E3A0217
+
+I=110
+KEY=B68F8C980984E2508E9706117256A4A70AE324A234EFD5F985ABC3E396B07439
+IV=6C9B5B888D709FD7B6C9F3905A91F5D8
+CT=0A20E82375680D134FE05AC74E3A0217
+PT=46AF886AB871A3DABDEB32F1738E180B
+
+I=111
+KEY=078A8955ECB2F6ACB249E2DB36B660794C4CACC88C9E76233840F112E53E6C32
+IV=B10505CDE53614FC3CDEE4CA44E0C4DE
+CT=46AF886AB871A3DABDEB32F1738E180B
+PT=79949181E3D20A3042C1E7BDAE73330B
+
+I=112
+KEY=7CB2A8360EE65417A979D9B5D4A32D2935D83D496F4C7C137A8116AF4B4D5F39
+IV=7B382163E254A2BB1B303B6EE2154D50
+CT=79949181E3D20A3042C1E7BDAE73330B
+PT=12C5E55F6EA47BC44392AE9FB888C1FB
+
+I=113
+KEY=E5835F97C4FF1B007D695DD0E72324A9271DD81601E807D73913B830F3C59EC2
+IV=9931F7A1CA194F17D410846533800980
+CT=12C5E55F6EA47BC44392AE9FB888C1FB
+PT=FCA15AB64A01FA6E89FE41F72A67D9E8
+
+I=114
+KEY=50932FF04CCCE411AA0541726C1C4CD7DBBC82A04BE9FDB9B0EDF9C7D9A2472A
+IV=B51070678833FF11D76C1CA28B3F687E
+CT=FCA15AB64A01FA6E89FE41F72A67D9E8
+PT=7B75EC39F707C3C90691BE561AD5CAC6
+
+I=115
+KEY=ECAEC5FD6AF5F7DF2587C1A40CB046ADA0C96E99BCEE3E70B67C4791C3778DEC
+IV=BC3DEA0D263913CE8F8280D660AC0A7A
+CT=7B75EC39F707C3C90691BE561AD5CAC6
+PT=1D3D15FFA0B69EFA8E146301411DFA49
+
+I=116
+KEY=82F88C3850CC3D111C2125F34840A9A2BDF47B661C58A08A38682490826A77A5
+IV=6E5649C53A39CACE39A6E45744F0EF0F
+CT=1D3D15FFA0B69EFA8E146301411DFA49
+PT=34AFB3D6F0BD9ACB6954BB96B1067F9E
+
+I=117
+KEY=702FEC9E7F0D2369FF35D4B7A1269AD3895BC8B0ECE53A41513C9F06336C083B
+IV=F2D760A62FC11E78E314F144E9663371
+CT=34AFB3D6F0BD9ACB6954BB96B1067F9E
+PT=899E4C8192661CCA7C73CDFBC3DCA2F3
+
+I=118
+KEY=A1DF98E4585C1A4C15C42AD0782C925000C584317E83268B2D4F52FDF0B0AAC8
+IV=D1F0747A27513925EAF1FE67D90A0883
+CT=899E4C8192661CCA7C73CDFBC3DCA2F3
+PT=3097C0413291E217FB0E3A8A2D908C12
+
+I=119
+KEY=9F9082177BF33D8AF6131018E1EFD49F305244704C12C49CD6416877DD2026DA
+IV=3E4F1AF323AF27C6E3D73AC899C346CF
+CT=3097C0413291E217FB0E3A8A2D908C12
+PT=6C71968295905F881F95DC8BA481CA72
+
+I=120
+KEY=B7E5B267EDBFFD4DB4526BA2A1978C105C23D2F2D9829B14C9D4B4FC79A1ECA8
+IV=28753070964CC0C742417BBA4078588F
+CT=6C71968295905F881F95DC8BA481CA72
+PT=96D0AB98DBD0CB94A68FC41BEF0B418D
+
+I=121
+KEY=127FAA6C94663FA9008A1FB7A419C036CAF3796A025250806F5B70E796AAAD25
+IV=A59A180B79D9C2E4B4D87415058E4C26
+CT=96D0AB98DBD0CB94A68FC41BEF0B418D
+PT=9E3E4428A911FB328A9F89D7D5E527DB
+
+I=122
+KEY=1B9493F07E7E5F07473E6997AE15CCDC54CD3D42AB43ABB2E5C4F930434F8AFE
+IV=09EB399CEA1860AE47B476200A0C0CEA
+CT=9E3E4428A911FB328A9F89D7D5E527DB
+PT=0DB5EF3481A9945BAF2E499B5CDE8DDC
+
+I=123
+KEY=7B2B8201EEF1601C44006A6D7E06EE355978D2762AEA3FE94AEAB0AB1F910722
+IV=60BF11F1908F3F1B033E03FAD01322E9
+CT=0DB5EF3481A9945BAF2E499B5CDE8DDC
+PT=C0569DD7DCAE99859D3987B04FFD8CF0
+
+I=124
+KEY=B2D7FEE25A564FA00CEDC8E05BAC7F7D992E4FA1F644A66CD7D3371B506C8BD2
+IV=C9FC7CE3B4A72FBC48EDA28D25AA9148
+CT=C0569DD7DCAE99859D3987B04FFD8CF0
+PT=D8AF74B5BB8E632299D32E8DD4DDA012
+
+I=125
+KEY=5A06C176A290538BC549CAA8041539A941813B144DCAC54E4E00199684B12BC0
+IV=E8D13F94F8C61C2BC9A402485FB946D4
+CT=D8AF74B5BB8E632299D32E8DD4DDA012
+PT=0821FB911EDE8CDCD97DDAEDCCDB7B1C
+
+I=126
+KEY=1318D23A3A966D16FDEEE300571F3A8549A0C08553144992977DC37B486A50DC
+IV=491E134C98063E9D38A729A8530A032C
+CT=0821FB911EDE8CDCD97DDAEDCCDB7B1C
+PT=BCB2831AF3721C020FC1D683C19AEBEA
+
+I=127
+KEY=D6D24AA79B3CA4434CCE2B1470B4FE18F512439FA066559098BC15F889F0BB36
+IV=C5CA989DA1AAC955B120C81427ABC49D
+CT=BCB2831AF3721C020FC1D683C19AEBEA
+PT=BE869BB3C18EB622CCAC81B6F5B62CC4
+
+I=128
+KEY=5F62348BCD9ADB23A19E683400D968404B94D82C61E8E3B25410944E7C4697F2
+IV=89B07E2C56A67F60ED504320706D9658
+CT=BE869BB3C18EB622CCAC81B6F5B62CC4
+PT=C8D3EDD549FEA614B4F2348F82DE5531
+
+I=129
+KEY=A64795E417B7C9344185F6B0C66C096B834735F9281645A6E0E2A0C1FE98C2C3
+IV=F925A16FDA2D1217E01B9E84C6B5612B
+CT=C8D3EDD549FEA614B4F2348F82DE5531
+PT=4049BDBD9C302D8F2E06F10D34317784
+
+I=130
+KEY=CD1F9AB35436014B0CF7ECE9FF98C2BDC30E8844B4266829CEE451CCCAA9B547
+IV=6B580F574381C87F4D721A5939F4CBD6
+CT=4049BDBD9C302D8F2E06F10D34317784
+PT=E1338EA5C5462E8C458E5546FA60324D
+
+I=131
+KEY=78F7558C14BB5100CE93CD49C22BE2D9223D06E1716046A58B6A048A30C9870A
+IV=B5E8CF3F408D504BC26421A03DB32064
+CT=E1338EA5C5462E8C458E5546FA60324D
+PT=055984AA929F4D45F5812DC719D4EF24
+
+I=132
+KEY=2DBC5092C4C7AB427576EBA2855E00562764824BE3FF0BE07EEB294D291D682E
+IV=554B051ED07CFA42BBE526EB4775E28F
+CT=055984AA929F4D45F5812DC719D4EF24
+PT=ABC519C4290C69D98BF7AC2A56767202
+
+I=133
+KEY=68FA1D8FE36FC5B48A7486FBB34A7B598CA19B8FCAF36239F51C85677F6B1A2C
+IV=45464D1D27A86EF6FF026D5936147B0F
+CT=ABC519C4290C69D98BF7AC2A56767202
+PT=C825E44799B1739A1F4CB406BBEABEDD
+
+I=134
+KEY=A2302849850FD33D4048B898DB6C7B0244847FC8534211A3EA503161C481A4F1
+IV=CACA35C666601689CA3C3E636826005B
+CT=C825E44799B1739A1F4CB406BBEABEDD
+PT=D24EE8D56CE09AFE1061B4016ADD61F7
+
+I=135
+KEY=9B2E669EA4BB938072E6E97B0ACF834E96CA971D3FA28B5DFA318560AE5CC506
+IV=391E4ED721B440BD32AE51E3D1A3F84C
+CT=D24EE8D56CE09AFE1061B4016ADD61F7
+PT=50FECB118EABF93BB97102E9212C883D
+
+I=136
+KEY=A07C5EBAC9D0F862AD525C76460B4BA9C6345C0CB1097266434087898F704D3B
+IV=3B5238246D6B6BE2DFB4B50D4CC4C8E7
+CT=50FECB118EABF93BB97102E9212C883D
+PT=C370C26BD3805211A4679399DFA4DDCB
+
+I=137
+KEY=414C776222058D6285574741B2B4D11D05449E6762892077E727141050D490F0
+IV=E13029D8EBD5750028051B37F4BF9AB4
+CT=C370C26BD3805211A4679399DFA4DDCB
+PT=79715A04DF9216268C77A152CA96C2F6
+
+I=138
+KEY=5E54A416470FE8BA263C0FC88FD884297C35C463BD1B36516B50B5429A425206
+IV=1F18D374650A65D8A36B48893D6C5534
+CT=79715A04DF9216268C77A152CA96C2F6
+PT=06DF18B5FAF35F03FE22E39CAE430655
+
+I=139
+KEY=98C55CFFB53FA72345EF936283F64BB17AEADCD647E86952957256DE34015453
+IV=C691F8E9F2304F9963D39CAA0C2ECF98
+CT=06DF18B5FAF35F03FE22E39CAE430655
+PT=1AED42EB32C4BAEAF9946818AA00C324
+
+I=140
+KEY=B8332B1EE5D6A4E1BBFA20AEAE22330560079E3D752CD3B86CE63EC69E019777
+IV=20F677E150E903C2FE15B3CC2DD478B4
+CT=1AED42EB32C4BAEAF9946818AA00C324
+PT=D276B6A6D480165A944572EF76D4B3E8
+
+I=141
+KEY=6E50753A2A0814A778FA2BC773C6A7A2B271289BA1ACC5E2F8A34C29E8D5249F
+IV=D6635E24CFDEB046C3000B69DDE494A7
+CT=D276B6A6D480165A944572EF76D4B3E8
+PT=BA46F59DFADC6CA2CBB7D80E33D7B24B
+
+I=142
+KEY=D8E1763EAD728AB8AA2284964BE586880837DD065B70A94033149427DB0296D4
+IV=B6B10304877A9E1FD2D8AF513823212A
+CT=BA46F59DFADC6CA2CBB7D80E33D7B24B
+PT=FC9B9F7B5120E1D8B2DD58D211EFF053
+
+I=143
+KEY=458CB146C73342F9D5EE4364C400E8E5F4AC427D0A50489881C9CCF5CAED6687
+IV=9D6DC7786A41C8417FCCC7F28FE56E6D
+CT=FC9B9F7B5120E1D8B2DD58D211EFF053
+PT=6AD8BCAEFF6F0BF9F360FF601C9B7A43
+
+I=144
+KEY=F1FBE00DA1F634ACACB6E2F4F15C11179E74FED3F53F436172A93395D6761CC4
+IV=B477514B66C576557958A190355CF9F2
+CT=6AD8BCAEFF6F0BF9F360FF601C9B7A43
+PT=BB6E45D060E186323AC2B50CFB988856
+
+I=145
+KEY=3FBC35054FFF43657936BB676A5C5D1F251ABB0395DEC553486B86992DEE9492
+IV=CE47D508EE0977C9D58059939B004C08
+CT=BB6E45D060E186323AC2B50CFB988856
+PT=31B6157397933EE35DEE5B40FE7237BB
+
+I=146
+KEY=D49B4E96F8FC2D91FBED3985C53BEB8314ACAE70024DFBB01585DDD9D39CA329
+IV=EB277B93B7036EF482DB82E2AF67B69C
+CT=31B6157397933EE35DEE5B40FE7237BB
+PT=EFEB82ED91C5C60FB8F910542804B57B
+
+I=147
+KEY=8D4ABC926827F066B4391FF4B3D6EC99FB472C9D93883DBFAD7CCD8DFB981652
+IV=59D1F20490DBDDF74FD4267176ED071A
+CT=EFEB82ED91C5C60FB8F910542804B57B
+PT=E30D071737AB9991F000302502BE84A6
+
+I=148
+KEY=086A14365F781B2FAF533B1534F458D2184A2B8AA423A42E5D7CFDA8F92692F4
+IV=8520A8A4375FEB491B6A24E18722B44B
+CT=E30D071737AB9991F000302502BE84A6
+PT=856AF9DF9A9FE5038B75C98E0E1C720F
+
+I=149
+KEY=A64DE8CF2DF04ADB60E88C769F7025BC9D20D2553EBC412DD6093426F73AE0FB
+IV=AE27FCF9728851F4CFBBB763AB847D6E
+CT=856AF9DF9A9FE5038B75C98E0E1C720F
+PT=D84910F298F91E081480A912B1AF32D6
+
+I=150
+KEY=C52575277A0BD189E2F746FC51CA77844569C2A7A6455F25C2899D344695D22D
+IV=63689DE857FB9B52821FCA8ACEBA5238
+CT=D84910F298F91E081480A912B1AF32D6
+PT=57E4A4A2D639D414ED7F82583B4FFA52
+
+I=151
+KEY=CB9A5219490F7EE31B030ECE521C589B128D6605707C8B312FF61F6C7DDA287F
+IV=0EBF273E3304AF6AF9F4483203D62F1F
+CT=57E4A4A2D639D414ED7F82583B4FFA52
+PT=1CECC8218392F2047C0B70BEBFCC5846
+
+I=152
+KEY=AA6412AAC8FC309E6BCDFFD1DA01B6470E61AE24F3EE793553FD6FD2C2167039
+IV=61FE40B381F34E7D70CEF11F881DEEDC
+CT=1CECC8218392F2047C0B70BEBFCC5846
+PT=EC2B86A04DB2B4F41830E5EA035531E3
+
+I=153
+KEY=EFF5BC892E47F4C7EA859969255AC665E24A2884BE5CCDC14BCD8A38C14341DA
+IV=4591AE23E6BBC459814866B8FF5B7022
+CT=EC2B86A04DB2B4F41830E5EA035531E3
+PT=8A1A8EE6E08F61E99FC37AC177881C8A
+
+I=154
+KEY=D62E9405D7402765E30FDAD7A29B2E716850A6625ED3AC28D40EF0F9B6CB5D50
+IV=39DB288CF907D3A2098A43BE87C1E814
+CT=8A1A8EE6E08F61E99FC37AC177881C8A
+PT=F21583AC8C5F03C19A1A9B856C97D6E0
+
+I=155
+KEY=D49F229B7DB6973EDE6BD14AB20234379A4525CED28CAFE94E146B7CDA5C8BB0
+IV=02B1B69EAAF6B05B3D640B9D10991A46
+CT=F21583AC8C5F03C19A1A9B856C97D6E0
+PT=323191D5997CF0424B7F5501CBD55B17
+
+I=156
+KEY=08B1021CD316864EF5B370CBF891FD27A874B41B4BF05FAB056B3E7D1189D0A7
+IV=DC2E2087AEA011702BD8A1814A93C910
+CT=323191D5997CF0424B7F5501CBD55B17
+PT=B2BBCC6E54CB33319536A81174B0D73B
+
+I=157
+KEY=786AE1D89ECC32C8883D984E7DC5FD0A1ACF78751F3B6C9A905D966C6539079C
+IV=70DBE3C44DDAB4867D8EE8858554002D
+CT=B2BBCC6E54CB33319536A81174B0D73B
+PT=6E4ADDA6895734D891F328C6D0C71467
+
+I=158
+KEY=E6C7441B75AF8701E29376287A126CB07485A5D3966C584201AEBEAAB5FE13FB
+IV=9EADA5C3EB63B5C96AAEEE6607D791BA
+CT=6E4ADDA6895734D891F328C6D0C71467
+PT=8BED3D2AAB5271F90EE5335520E87AA2
+
+I=159
+KEY=22D515400072783951742ACDF2FA6DC8FF6898F93D3E29BB0F4B8DFF95166959
+IV=C412515B75DDFF38B3E75CE588E80178
+CT=8BED3D2AAB5271F90EE5335520E87AA2
+PT=D3059CA1B293AA1F52D459643C5FAB5C
+
+I=160
+KEY=D6E6A383AF38A1CD2889A5F79A23CE512C6D04588FAD83A45D9FD49BA949C205
+IV=F433B6C3AF4AD9F479FD8F3A68D9A399
+CT=D3059CA1B293AA1F52D459643C5FAB5C
+PT=C20D8580ACA043B0ED2F409EEA42C0F0
+
+I=161
+KEY=AA95A47ADECB61AAD1A05DA0CE6B17BDEE6081D8230DC014B0B09405430B02F5
+IV=7C7307F971F3C067F929F8575448D9EC
+CT=C20D8580ACA043B0ED2F409EEA42C0F0
+PT=61C0D0081F176C53DE83B70608201EE6
+
+I=162
+KEY=168A56A528A70354AD74C59A8AF33A508FA051D03C1AAC476E3323034B2B1C13
+IV=BC1FF2DFF66C62FE7CD4983A44982DED
+CT=61C0D0081F176C53DE83B70608201EE6
+PT=C016536FEFC08B69867AB2946FFBE011
+
+I=163
+KEY=92157F38953622D8C0E191DAC4179A6A4FB602BFD3DA272EE849919724D0FC02
+IV=849F299DBD91218C6D9554404EE4A03A
+CT=C016536FEFC08B69867AB2946FFBE011
+PT=6923FF03C812710270438F67EF2F42D1
+
+I=164
+KEY=CCB6779947D31DF17182FB54555B49422695FDBC1BC8562C980A1EF0CBFFBED3
+IV=5EA308A1D2E53F29B1636A8E914CD328
+CT=6923FF03C812710270438F67EF2F42D1
+PT=0D1674014AD9DC2150E073E2FCF006A8
+
+I=165
+KEY=22AA52C07B42CFEB5E75687D395D86092B8389BD51118A0DC8EA6D12370FB87B
+IV=EE1C25593C91D21A2FF793296C06CF4B
+CT=0D1674014AD9DC2150E073E2FCF006A8
+PT=6399A65CC66E9318F2CEE1103B8FFB90
+
+I=166
+KEY=527EF084271AC57F5D33F2E7C7BE1FF1481A2FE1977F19153A248C020C8043EB
+IV=70D4A2445C580A9403469A9AFEE399F8
+CT=6399A65CC66E9318F2CEE1103B8FFB90
+PT=511CBDD6CFA31788A43C765301D6BAAB
+
+I=167
+KEY=D826E762C9EA31B6F4415B3AE5ED888B1906923758DC0E9D9E18FA510D56F940
+IV=8A5817E6EEF0F4C9A972A9DD2253977A
+CT=511CBDD6CFA31788A43C765301D6BAAB
+PT=B04E78AB18AE3F5B825087D9D5794BD7
+
+I=168
+KEY=B4C2DEE60A738C428B187EC3A3A4A982A948EA9C407231C61C487D88D82FB297
+IV=6CE43984C399BDF47F5925F946492109
+CT=B04E78AB18AE3F5B825087D9D5794BD7
+PT=6B013F9A972D82BD5A87DA6C1DD5FD0F
+
+I=169
+KEY=C4A41F8C4B26391F6C0D629C6B052BD8C249D506D75FB37B46CFA7E4C5FA4F98
+IV=7066C16A4155B55DE7151C5FC8A1825A
+CT=6B013F9A972D82BD5A87DA6C1DD5FD0F
+PT=9005F8243C6486F63590E7508503719C
+
+I=170
+KEY=91A18F2681FCACE1C80DC772BD0F2628524C2D22EB3B358D735F40B440F93E04
+IV=550590AACADA95FEA400A5EED60A0DF0
+CT=9005F8243C6486F63590E7508503719C
+PT=39DEEEC3D3AEEBBF4B573462B375B5E4
+
+I=171
+KEY=E8FF0EE1269AFDCA213F69757C84704D6B92C3E13895DE32380874D6F38C8BE0
+IV=795E81C7A766512BE932AE07C18B5665
+CT=39DEEEC3D3AEEBBF4B573462B375B5E4
+PT=1910F8E7C3D863784058CB35D674AEEB
+
+I=172
+KEY=F00751EFCCECA0ECA3C252F396B4078E72823B06FB4DBD4A7850BFE325F8250B
+IV=18F85F0EEA765D2682FD3B86EA3077C3
+CT=1910F8E7C3D863784058CB35D674AEEB
+PT=4A71250E55629D3C5CC62B18B4B67653
+
+I=173
+KEY=383A1B81E82B8174A9B9F0AF9EA498A338F31E08AE2F2076249694FB914E5358
+IV=C83D4A6E24C721980A7BA25C08109F2D
+CT=4A71250E55629D3C5CC62B18B4B67653
+PT=19CBB63FBB92C7A10B676DBB5EB29060
+
+I=174
+KEY=A6695341053BD5B1E15A6CD73DEF84E12138A83715BDE7D72FF1F940CFFCC338
+IV=9E5348C0ED1054C548E39C78A34B1C42
+CT=19CBB63FBB92C7A10B676DBB5EB29060
+PT=18BA0A45E67D2CFEC691203FC2509837
+
+I=175
+KEY=71B4C384EF619E5D6CADBFC7D53564913982A272F3C0CB29E960D97F0DAC5B0F
+IV=D7DD90C5EA5A4BEC8DF7D310E8DAE070
+CT=18BA0A45E67D2CFEC691203FC2509837
+PT=7699C8550933C30D630AC16D8DA6F13D
+
+I=176
+KEY=7D0527970FD45C35817091A317A2EAB04F1B6A27FAF308248A6A1812800AAA32
+IV=0CB1E413E0B5C268EDDD2E64C2978E21
+CT=7699C8550933C30D630AC16D8DA6F13D
+PT=78FE8EEC14618ED34F63E8671434ADA7
+
+I=177
+KEY=204ECE43E91409C515077FACC37C4DF837E5E4CBEE9286F7C509F075943E0795
+IV=5D4BE9D4E6C055F09477EE0FD4DEA748
+CT=78FE8EEC14618ED34F63E8671434ADA7
+PT=0907F75149A74B49F302D2C08CF18AF5
+
+I=178
+KEY=8E80DC69B6CC0F0D7F1F0BE6E9F178AD3EE2139AA735CDBE360B22B518CF8D60
+IV=AECE122A5FD806C86A18744A2A8D3555
+CT=0907F75149A74B49F302D2C08CF18AF5
+PT=FE24023BCABCD83E6212FA53E7320D92
+
+I=179
+KEY=5152CCE87D9CCC930D7B376C4F1B334BC0C611A16D8915805419D8E6FFFD80F2
+IV=DFD21081CB50C39E72643C8AA6EA4BE6
+CT=FE24023BCABCD83E6212FA53E7320D92
+PT=9526CDED534CB3366306F8C731F87CD6
+
+I=180
+KEY=00C9D78F67F1B63181ADE21A02675C6755E0DC4C3EC5A6B6371F2021CE05FC24
+IV=519B1B671A6D7AA28CD6D5764D7C6F2C
+CT=9526CDED534CB3366306F8C731F87CD6
+PT=801F005EA2E9287FFD8D9B01BE8E2205
+
+I=181
+KEY=442603CF6A012BDB23086BD7EFD7396ED5FFDC129C2C8EC9CA92BB20708BDE21
+IV=44EFD4400DF09DEAA2A589CDEDB06509
+CT=801F005EA2E9287FFD8D9B01BE8E2205
+PT=7558994ACE0299E34EB586B832C98560
+
+I=182
+KEY=B153C7C49983077FB0C79C30266A487AA0A74558522E172A84273D9842425B41
+IV=F575C40BF3822CA493CFF7E7C9BD7114
+CT=7558994ACE0299E34EB586B832C98560
+PT=324273A52FFBFBCAC5401CFCD3075C98
+
+I=183
+KEY=0E038D82F7FAD738824EF9FEB6F6627692E536FD7DD5ECE041672164914507D9
+IV=BF504A466E79D047328965CE909C2A0C
+CT=324273A52FFBFBCAC5401CFCD3075C98
+PT=509E651E053E85340A5B545AA0E40A71
+
+I=184
+KEY=B2237D5D0E16B5F9A8FD7274F4CA1206C27B53E378EB69D44B3C753E31A10DA8
+IV=BC20F0DFF9EC62C12AB38B8A423C7070
+CT=509E651E053E85340A5B545AA0E40A71
+PT=1716AB4DCAB205D62EF356E4C565BA70
+
+I=185
+KEY=CBE25CF8F3CAB9849F44F330AD8B17E1D56DF8AEB2596C0265CF23DAF4C4B7D8
+IV=79C121A5FDDC0C7D37B98144594105E7
+CT=1716AB4DCAB205D62EF356E4C565BA70
+PT=093CA7764E7F6828EF210E89D3D01C73
+
+I=186
+KEY=2BF3C06B0CAE728C8A6134634D5DEAF1DC515FD8FC26042A8AEE2D532714ABAB
+IV=E0119C93FF64CB081525C753E0D6FD10
+CT=093CA7764E7F6828EF210E89D3D01C73
+PT=86F8B39DB10EB8B3CFED4C98BBBFFAE1
+
+I=187
+KEY=A2C742CFF575CA98D3261BE7DA99E3935AA9EC454D28BC99450361CB9CAB514A
+IV=893482A4F9DBB81459472F8497C40962
+CT=86F8B39DB10EB8B3CFED4C98BBBFFAE1
+PT=8BF9C14617B3CE1511ABBD484439D041
+
+I=188
+KEY=F8AB8BAD8F2C5A54ED4C80AD094A36D4D1502D035A9B728C54A8DC83D892810B
+IV=5A6CC9627A5990CC3E6A9B4AD3D3D547
+CT=8BF9C14617B3CE1511ABBD484439D041
+PT=C41B937B1D5E10D982C7850685997862
+
+I=189
+KEY=4DBA6859C8D681253E8F6278BE76D87D154BBE7847C56255D66F59855D0BF969
+IV=B511E3F447FADB71D3C3E2D5B73CEEA9
+CT=C41B937B1D5E10D982C7850685997862
+PT=467114F3F33C8BA65AA76C297E9DA11C
+
+I=190
+KEY=2738E652A9F41B48B443B487B2AF6D7C533AAA8BB4F9E9F38CC835AC23965875
+IV=6A828E0B61229A6D8ACCD6FF0CD9B501
+CT=467114F3F33C8BA65AA76C297E9DA11C
+PT=CB9D772C72BC5BB3E18087CABADDE5B2
+
+I=191
+KEY=A1C138E8AFAA19465AE9BD1968C19E8798A7DDA7C645B2406D48B266994BBDC7
+IV=86F9DEBA065E020EEEAA099EDA6EF3FB
+CT=CB9D772C72BC5BB3E18087CABADDE5B2
+PT=678837A26F65190F44107C19A01F97E6
+
+I=192
+KEY=CD73AF62C6130630324F71F35042BC9AFF2FEA05A920AB4F2958CE7F39542A21
+IV=6CB2978A69B91F7668A6CCEA3883221D
+CT=678837A26F65190F44107C19A01F97E6
+PT=E395804E9F2D61447B5207AA438F7D98
+
+I=193
+KEY=F076EAF59DAC3F3975E9CBED6697A21B1CBA6A4B360DCA0B520AC9D57ADB57B9
+IV=3D0545975BBF390947A6BA1E36D51E81
+CT=E395804E9F2D61447B5207AA438F7D98
+PT=CA6E3E780C170E950306FEE08CAB46D9
+
+I=194
+KEY=87DD7A9906E626E1AC55611A52EBC196D6D454333A1AC49E510C3735F6701160
+IV=77AB906C9B4A19D8D9BCAAF7347C638D
+CT=CA6E3E780C170E950306FEE08CAB46D9
+PT=419B7C538E827E431B2C2BA5AEB95373
+
+I=195
+KEY=C8D569C710030750FDA3A48E748BED26974F2860B498BADD4A201C9058C94213
+IV=4F08135E16E521B151F6C59426602CB0
+CT=419B7C538E827E431B2C2BA5AEB95373
+PT=1D6607B51B0DA629C62D00CB20870FEA
+
+I=196
+KEY=A3A22E3CED89316BC747E3326CB53C448A292FD5AF951CF48C0D1C5B784E4DF9
+IV=6B7747FBFD8A363B3AE447BC183ED162
+CT=1D6607B51B0DA629C62D00CB20870FEA
+PT=58169D0006C9031C7CCE502F086B0CD6
+
+I=197
+KEY=DDB2F456CFE201D5E1DD9EFC6593813FD23FB2D5A95C1FE8F0C34C747025412F
+IV=7E10DA6A226B30BE269A7DCE0926BD7B
+CT=58169D0006C9031C7CCE502F086B0CD6
+PT=8001E1BDAE24A2A9ABE102C2BEB4AD70
+
+I=198
+KEY=A990048427C8E19BABE1D0BB5D6A83CA523E53680778BD415B224EB6CE91EC5F
+IV=7422F0D2E82AE04E4A3C4E4738F902F5
+CT=8001E1BDAE24A2A9ABE102C2BEB4AD70
+PT=EA143E99846F5DF1C1A2AD0565D3AE45
+
+I=199
+KEY=5074E20E5B70B571A7155A3AAFE3AF2AB82A6DF18317E0B09A80E3B3AB42421A
+IV=F9E4E68A7CB854EA0CF48A81F2892CE0
+CT=EA143E99846F5DF1C1A2AD0565D3AE45
+PT=C1EBFE1B00D813BB5AC9E4B007977B19
+
+I=200
+KEY=50315F6BF520F26A044751215225348179C193EA83CFF30BC0490703ACD53903
+IV=0045BD65AE50471BA3520B1BFDC69BAB
+CT=C1EBFE1B00D813BB5AC9E4B007977B19
+PT=3476AA08CB11F13D8DD858CF10472D03
+
+I=201
+KEY=03D2536F9830D74A9B2AEDD1508CE4764DB739E248DE02364D915FCCBC921400
+IV=53E30C046D1025209F6DBCF002A9D0F7
+CT=3476AA08CB11F13D8DD858CF10472D03
+PT=C79BED3BB201F29B65CDF5709654317C
+
+I=202
+KEY=4AC2173AD99E09ECCB4A647AF96C26F98A2CD4D9FADFF0AD285CAABC2AC6257C
+IV=4910445541AEDEA6506089ABA9E0C28F
+CT=C79BED3BB201F29B65CDF5709654317C
+PT=E5E144D56A2FF95D644D51E73AEAE922
+
+I=203
+KEY=9F46778CA9C15CB9978C0DF359056F3D6FCD900C90F009F04C11FB5B102CCC5E
+IV=D58460B6705F55555CC66989A06949C4
+CT=E5E144D56A2FF95D644D51E73AEAE922
+PT=38582F30FDE74A162CCD85955C2E48FC
+
+I=204
+KEY=63038F8EA2934D0C65F181BE92B9664A5795BF3C6D1743E660DC7ECE4C0284A2
+IV=FC45F8020B5211B5F27D8C4DCBBC0977
+CT=38582F30FDE74A162CCD85955C2E48FC
+PT=266E808D7E9206C9294F0349D1CEF1DA
+
+I=205
+KEY=D43CC15DCAB5047B8C67D61F1735C6A471FB3FB11385452F49937D879DCC7578
+IV=B73F4ED368264977E99657A1858CA0EE
+CT=266E808D7E9206C9294F0349D1CEF1DA
+PT=8E3D1F7DC678C32352782D52E4CD44D5
+
+I=206
+KEY=9979232A388E0E6C766279CFE7E047B4FFC620CCD5FD860C1BEB50D5790131AD
+IV=4D45E277F23B0A17FA05AFD0F0D58110
+CT=8E3D1F7DC678C32352782D52E4CD44D5
+PT=DDC8075418E2A649D4E78144528682F9
+
+I=207
+KEY=43479EA72BF3B417CF224B15749043C5220E2798CD1F2045CF0CD1912B87B354
+IV=DA3EBD8D137DBA7BB94032DA93700471
+CT=DDC8075418E2A649D4E78144528682F9
+PT=4096B4F51C77C8A00A5308D8C3175B6A
+
+I=208
+KEY=7AE39630885C3ACDCF915625141DF45A6298936DD168E8E5C55FD949E890E83E
+IV=39A40897A3AF8EDA00B31D30608DB79F
+CT=4096B4F51C77C8A00A5308D8C3175B6A
+PT=60D0385ECE913BEC6760BAA0BCCDE853
+
+I=209
+KEY=82496ADB8A91DAE80C249D2BD8F00C990248AB331FF9D309A23F63E9545D006D
+IV=F8AAFCEB02CDE025C3B5CB0ECCEDF8C3
+CT=60D0385ECE913BEC6760BAA0BCCDE853
+PT=79A86909141C27366744FC614808705B
+
+I=210
+KEY=EF7FEE5E3FDAC015E8016A7A9D3EB8677BE0C23A0BE5F43FC57B9F881C557036
+IV=6D368485B54B1AFDE425F75145CEB4FE
+CT=79A86909141C27366744FC614808705B
+PT=9817CE82A9D821189878991B32360409
+
+I=211
+KEY=A400D423453A59F64968E8B80140AAF6E3F70CB8A23DD5275D0306932E63743F
+IV=4B7F3A7D7AE099E3A16982C29C7E1291
+CT=9817CE82A9D821189878991B32360409
+PT=C3259E5D4A3E82FDC862E862E4449DA2
+
+I=212
+KEY=B9280C8996C8BEC6888CB4D9D1E76B0620D292E5E80357DA9561EEF1CA27E99D
+IV=1D28D8AAD3F2E730C1E45C61D0A7C1F0
+CT=C3259E5D4A3E82FDC862E862E4449DA2
+PT=F035078B9A3E45B4ED561F001DB21E47
+
+I=213
+KEY=9686D9BB259CD14FA7D58C9789932385D0E7956E723D126E7837F1F1D795F7DA
+IV=2FAED532B3546F892F59384E58744883
+CT=F035078B9A3E45B4ED561F001DB21E47
+PT=596B9F7F2122A11C599626B16B6AC340
+
+I=214
+KEY=736E847DDC4C794A3AA2E22C1AF85EF1898C0A11531FB37221A1D740BCFF349A
+IV=E5E85DC6F9D0A8059D776EBB936B7D74
+CT=596B9F7F2122A11C599626B16B6AC340
+PT=800FCC5CE3B08CFFDD70FB5270DED220
+
+I=215
+KEY=728D3E35CD653621D41E591530770B370983C64DB0AF3F8DFCD12C12CC21E6BA
+IV=01E3BA4811294F6BEEBCBB392A8F55C6
+CT=800FCC5CE3B08CFFDD70FB5270DED220
+PT=5515A58EB0013D2EE561BD2826761209
+
+I=216
+KEY=929F6FD8250BAD33FAE4ED108843A2645C9663C300AE02A319B0913AEA57F4B3
+IV=E01251EDE86E9B122EFAB405B834A953
+CT=5515A58EB0013D2EE561BD2826761209
+PT=8B7B3AB73287CEAAA0098D41F0B3A28B
+
+I=217
+KEY=3F54C218B02F6097C3F31A05F5CCB8C4D7ED59743229CC09B9B91C7B1AE45638
+IV=ADCBADC09524CDA43917F7157D8F1AA0
+CT=8B7B3AB73287CEAAA0098D41F0B3A28B
+PT=90CDCF132600F622D1339197B441A4C0
+
+I=218
+KEY=2F60AEE4E6A6F7109193112BC756D7F24720966714293A2B688A8DECAEA5F2F8
+IV=10346CFC5689978752600B2E329A6F36
+CT=90CDCF132600F622D1339197B441A4C0
+PT=EA089BEC0DEE1305828522B8AD4F5A99
+
+I=219
+KEY=33623A9F86F3AF456D92076B132E46A3AD280D8B19C7292EEA0FAF5403EAA861
+IV=1C02947B60555855FC011640D4789151
+CT=EA089BEC0DEE1305828522B8AD4F5A99
+PT=339C14562AE38F84BE0FB1569C234287
+
+I=220
+KEY=6291ED0B63ED8C18A713DDCBFCA054E19EB419DD3324A6AA54001E029FC9EAE6
+IV=51F3D794E51E235DCA81DAA0EF8E1242
+CT=339C14562AE38F84BE0FB1569C234287
+PT=31050E95B1F08B9139EF7F8D42110978
+
+I=221
+KEY=7BEF1BE3E67AA478C5D9F50350D221CCAFB1174882D42D3B6DEF618FDDD8E39E
+IV=197EF6E88597286062CA28C8AC72752D
+CT=31050E95B1F08B9139EF7F8D42110978
+PT=18DE66E3B58C9ABAB99987826AF0D0AF
+
+I=222
+KEY=3DEB69283844069B400C2E7127B8CD2EB76F71AB3758B781D476E60DB7283331
+IV=460472CBDE3EA2E385D5DB72776AECE2
+CT=18DE66E3B58C9ABAB99987826AF0D0AF
+PT=B75D11E28C94DB969FE009B984DA956B
+
+I=223
+KEY=754C5BEC642540EC8BAD0778773CA8E700326049BBCC6C174B96EFB433F2A65A
+IV=48A732C45C614677CBA12909508465C9
+CT=B75D11E28C94DB969FE009B984DA956B
+PT=7CEEE835FC734108785B367A28C62058
+
+I=224
+KEY=01B0A659138DEE7CF1EFA11DD0A209247CDC887C47BF2D1F33CDD9CE1B348602
+IV=74FCFDB577A8AE907A42A665A79EA1C3
+CT=7CEEE835FC734108785B367A28C62058
+PT=F1E848F6C257D6D56B4FBCA36900614C
+
+I=225
+KEY=F9531CEDC3C5C76A90195BF1E5FB5ED98D34C08A85E8FBCA5882656D7234E74E
+IV=F8E3BAB4D048291661F6FAEC355957FD
+CT=F1E848F6C257D6D56B4FBCA36900614C
+PT=7B06A193C8B84977E56B382D424D2A78
+
+I=226
+KEY=D409DB9768430BCA0E2B68BA1CFE93A5F63261194D50B2BDBDE95D403079CD36
+IV=2D5AC77AAB86CCA09E32334BF905CD7C
+CT=7B06A193C8B84977E56B382D424D2A78
+PT=413356E3367ACBDD88ADA6DF5E09FFC6
+
+I=227
+KEY=8425B50A014625BA114ABAC1585C3F68B70137FA7B2A79603544FB9F6E7032F0
+IV=502C6E9D69052E701F61D27B44A2ACCD
+CT=413356E3367ACBDD88ADA6DF5E09FFC6
+PT=13B524E8AEBFE32CC9559B500D9E9A82
+
+I=228
+KEY=3ED2EEDFF8C12697C9CEB18B8DC86798A4B41312D5959A4CFC1160CF63EEA872
+IV=BAF75BD5F987032DD8840B4AD59458F0
+CT=13B524E8AEBFE32CC9559B500D9E9A82
+PT=91775D8DF510277669BC11697965AE99
+
+I=229
+KEY=B3C35FF0F6B2DDCF5522A35E75040BB135C34E9F2085BD3A95AD71A61A8B06EB
+IV=8D11B12F0E73FB589CEC12D5F8CC6C29
+CT=91775D8DF510277669BC11697965AE99
+PT=0AA5B5A593FED4CE1FD66736774649D2
+
+I=230
+KEY=5581EEED032A31D6F8077BEED79ABB1E3F66FB3AB37B69F48A7B16906DCD4F39
+IV=E642B11DF598EC19AD25D8B0A29EB0AF
+CT=0AA5B5A593FED4CE1FD66736774649D2
+PT=3DB595E23D32347092E5D94A8376DB5D
+
+I=231
+KEY=2337ABB014AD70D3E290033BD6FC75D702D36ED88E495D84189ECFDAEEBB9464
+IV=76B6455D178741051A9778D50166CEC9
+CT=3DB595E23D32347092E5D94A8376DB5D
+PT=2AF2DEC9D2D4F0BA81D1FC88E421C034
+
+I=232
+KEY=7C8A43D8CA68E782BBD49C18477683052821B0115C9DAD3E994F33520A9A5450
+IV=5FBDE868DEC5975159449F23918AF6D2
+CT=2AF2DEC9D2D4F0BA81D1FC88E421C034
+PT=8AF90FCCBEDCDF709AEE93FEF45C03EC
+
+I=233
+KEY=37FDC789E91F58F691931C86C4505926A2D8BFDDE241724E03A1A0ACFEC657BC
+IV=4B7784512377BF742A47809E8326DA23
+CT=8AF90FCCBEDCDF709AEE93FEF45C03EC
+PT=8E98DF785A601DF26465D9A0D163D650
+
+I=234
+KEY=57C30D92BD234BE693F15534768970FC2C4060A5B8216FBC67C4790C2FA581EC
+IV=603ECA1B543C1310026249B2B2D929DA
+CT=8E98DF785A601DF26465D9A0D163D650
+PT=21D3EAC95A088A548E5C0E56001BD103
+
+I=235
+KEY=1F9A07E73DB0530F84B6DB88C5EA0AFD0D938A6CE229E5E8E998775A2FBE50EF
+IV=48590A75809318E917478EBCB3637A01
+CT=21D3EAC95A088A548E5C0E56001BD103
+PT=48A8853D9E4E4A6351E5F5734911D569
+
+I=236
+KEY=219E87740C05905A3DAC677C78C5E6D4453B0F517C67AF8BB87D822966AF8586
+IV=3E04809331B5C355B91ABCF4BD2FEC29
+CT=48A8853D9E4E4A6351E5F5734911D569
+PT=C75ECB64A655DC6803FC976A1CAE78A9
+
+I=237
+KEY=D445B2CF4C6B8AF073FCDFF8907C4B278265C435DA3273E3BB8115437A01FD2F
+IV=F5DB35BB406E1AAA4E50B884E8B9ADF3
+CT=C75ECB64A655DC6803FC976A1CAE78A9
+PT=F063E6C6A62D07B1CA90594CB9041DE4
+
+I=238
+KEY=3DECAA3153A9658A2CAA5578AF2C55CD720622F37C1F745271114C0FC305E0CB
+IV=E9A918FE1FC2EF7A5F568A803F501EEA
+CT=F063E6C6A62D07B1CA90594CB9041DE4
+PT=45F375DDBA20D20CB6C5EAB28AA85D06
+
+I=239
+KEY=31766034845DF8A1AEDFC70CE3CD5B1D37F5572EC63FA65EC7D4A6BD49ADBDCD
+IV=0C9ACA05D7F49D2B827592744CE10ED0
+CT=45F375DDBA20D20CB6C5EAB28AA85D06
+PT=5D117AAC285D5A6948390FDAFBDACAD5
+
+I=240
+KEY=BF17727E1D5DCA94C9CCA8E11DFBF22A6AE42D82EE62FC378FEDA967B2777718
+IV=8E61124A9900323567136FEDFE36A937
+CT=5D117AAC285D5A6948390FDAFBDACAD5
+PT=C8B61B172D930641A88E9E13236E11F9
+
+I=241
+KEY=B82DB30F4271245293FC4CB6A0C10D4FA2523695C3F1FA7627633774911966E1
+IV=073AC1715F2CEEC65A30E457BD3AFF65
+CT=C8B61B172D930641A88E9E13236E11F9
+PT=FE05708E08F8568BB55175CEEF9E0433
+
+I=242
+KEY=28AE9BD5E181AC41CF2F9B4710DD160C5C57461BCB09ACFD923242BA7E8762D2
+IV=908328DAA3F088135CD3D7F1B01C1B43
+CT=FE05708E08F8568BB55175CEEF9E0433
+PT=D7DB71EAC2EF31AE105227E34134AD3C
+
+I=243
+KEY=437D385B59B4AB247A5BCFC0C0F8596F8B8C37F109E69D53826065593FB3CFEE
+IV=6BD3A38EB8350765B5745487D0254F63
+CT=D7DB71EAC2EF31AE105227E34134AD3C
+PT=ECD51D08C870983992708FC1FDFA9D15
+
+I=244
+KEY=4EF45D9C1FCA58D42D9E7E2E9C7D0B8F67592AF9C196056A1010EA98C24952FB
+IV=0D8965C7467EF3F057C5B1EE5C8552E0
+CT=ECD51D08C870983992708FC1FDFA9D15
+PT=F436BA32E9D089248AC47E40AA6B4BAC
+
+I=245
+KEY=D3F16D0CF75471A24F273B3E8EF0A3A0936F90CB28468C4E9AD494D868221957
+IV=9D053090E89E297662B94510128DA82F
+CT=F436BA32E9D089248AC47E40AA6B4BAC
+PT=F43E89C3DBD391B5778B30A36A9E42F3
+
+I=246
+KEY=953E7AB7369425A4F396D764F3EA047F67511908F3951DFBED5FA47B02BC5BA4
+IV=46CF17BBC1C05406BCB1EC5A7D1AA7DF
+CT=F43E89C3DBD391B5778B30A36A9E42F3
+PT=B12ABB428A29703B929EFDB0031694D1
+
+I=247
+KEY=C8DDFEFD3C72822B72C78757EE8EF856D67BA24A79BC6DC07FC159CB01AACF75
+IV=5DE3844A0AE6A78F815150331D64FC29
+CT=B12ABB428A29703B929EFDB0031694D1
+PT=79F19D2BD0A025D2D9822A28F5304446
+
+I=248
+KEY=870A25E9511D3F1BCFA941DA41FD00C0AF8A3F61A91C4812A64373E3F49A8B33
+IV=4FD7DB146D6FBD30BD6EC68DAF73F896
+CT=79F19D2BD0A025D2D9822A28F5304446
+PT=C52D5EF8D7A1353F5C1FF7BA33F9ED97
+
+I=249
+KEY=178B86564949AE1A0CE50E61F4D3F8776AA761997EBD7D2DFA5C8459C76366A4
+IV=9081A3BF18549101C34C4FBBB52EF8B7
+CT=C52D5EF8D7A1353F5C1FF7BA33F9ED97
+PT=82FAB7DF4BE409880B8F66210DE8D2E5
+
+I=250
+KEY=C3F845809E635052F94076E1F3026779E85DD646355974A5F1D3E278CA8BB441
+IV=D473C3D6D72AFE48F5A5788007D19F0E
+CT=82FAB7DF4BE409880B8F66210DE8D2E5
+PT=52C05722F125348666DFCF0F2D052530
+
+I=251
+KEY=34AE823E21F4C45784F2E125CF5039FCBA9D8164C47C4023970C2D77E78E9171
+IV=F756C7BEBF9794057DB297C43C525E85
+CT=52C05722F125348666DFCF0F2D052530
+PT=DE7FAAF4A10D4D5404847FA080C1DC1C
+
+I=252
+KEY=9D1EEFC6B62427F5A2CBB2047AB0E41B64E22B9065710D77938852D7674F4D6D
+IV=A9B06DF897D0E3A226395321B5E0DDE7
+CT=DE7FAAF4A10D4D5404847FA080C1DC1C
+PT=49327927599012EE87FF64F45AC9A9AE
+
+I=253
+KEY=2C7B21A79BE0B5B0E4DCC427DE8D91572DD052B73CE11F99147736233D86E4C3
+IV=B165CE612DC4924546177623A43D754C
+CT=49327927599012EE87FF64F45AC9A9AE
+PT=6E11B9F592DD99CD94F8999D9476F4CF
+
+I=254
+KEY=F4A72FB6D161B9E15A41576C5A7CBF3F43C1EB42AE3C8654808FAFBEA9F0100C
+IV=D8DC0E114A810C51BE9D934B84F12E68
+CT=6E11B9F592DD99CD94F8999D9476F4CF
+PT=108AC1FE3E008D1C3058917157003E2C
+
+I=255
+KEY=2E5FE97C58B060C9BACA9E9CC14CFC89534B2ABC903C0B48B0D73ECFFEF02E20
+IV=DAF8C6CA89D1D928E08BC9F09B3043B6
+CT=108AC1FE3E008D1C3058917157003E2C
+PT=B315EF45A3BD77688AD0976EF5DCA26B
+
+I=256
+KEY=9D763A80B96B112E1DAEA50A98C0B6F7E05EC5F933817C203A07A9A10B2C8C4B
+IV=B329D3FCE1DB71E7A7643B96598C4A7E
+CT=B315EF45A3BD77688AD0976EF5DCA26B
+PT=7BF8DABED803049DF8D1F34ED00536F7
+
+I=257
+KEY=DF5F07523E7E305B48AAD9C205AE826C9BA61F47EB8278BDC2D65AEFDB29BABC
+IV=42293DD28715217555047CC89D6E349B
+CT=7BF8DABED803049DF8D1F34ED00536F7
+PT=E55FE84DF3137D16E74DC01A1BFDA4A7
+
+I=258
+KEY=80CF537EC8836ADD0FB72F35B2EF703D7EF9F70A189105AB259B9AF5C0D41E1B
+IV=5F90542CF6FD5A86471DF6F7B741F251
+CT=E55FE84DF3137D16E74DC01A1BFDA4A7
+PT=6019F9DA2DFDCDCB14C2C6CE5B34432D
+
+I=259
+KEY=4469D3622A022CFB7614C9C9EB36E6031EE00ED0356CC86031595C3B9BE05D36
+IV=C4A6801CE281462679A3E6FC59D9963E
+CT=6019F9DA2DFDCDCB14C2C6CE5B34432D
+PT=6D2788861A8F9526D1EC8A6A8AFBA629
+
+I=260
+KEY=DED804546FA6B0BCD8C9FD9119616F9873C786562FE35D46E0B5D651111BFB1F
+IV=9AB1D73645A49C47AEDD3458F257899B
+CT=6D2788861A8F9526D1EC8A6A8AFBA629
+PT=81D5CDEA70E433A2A341FFB13ECCEC54
+
+I=261
+KEY=24FD3D900606EEF8F31156D30EA094ADF2124BBC5F076EE443F429E02FD7174B
+IV=FA2539C469A05E442BD8AB4217C1FB35
+CT=81D5CDEA70E433A2A341FFB13ECCEC54
+PT=F74B4869E92F918A95B508E382A83FA6
+
+I=262
+KEY=C24CA269EAADDFBA060AAF15C2265DE6055903D5B628FF6ED6412103AD7F28ED
+IV=E6B19FF9ECAB3142F51BF9C6CC86C94B
+CT=F74B4869E92F918A95B508E382A83FA6
+PT=EF3293511A17D0E089A8F88E396B4F31
+
+I=263
+KEY=789C94E8D2B6D6FD022ED678F42E796CEA6B9084AC3F2F8E5FE9D98D941467DC
+IV=BAD03681381B09470424796D3608248A
+CT=EF3293511A17D0E089A8F88E396B4F31
+PT=0D70FCE243309D716D8FA672A11EBCB8
+
+I=264
+KEY=B8DFB47D720C26AE22AD6C87785CCB97E71B6C66EF0FB2FF32667FFF350ADB64
+IV=C0432095A0BAF0532083BAFF8C72B2FB
+CT=0D70FCE243309D716D8FA672A11EBCB8
+PT=831365AB30D062F2B1C051A9EA03AEEB
+
+I=265
+KEY=938BCEFF0FD9AEC61CF2B0509A645A19640809CDDFDFD00D83A62E56DF09758F
+IV=2B547A827DD588683E5FDCD7E238918E
+CT=831365AB30D062F2B1C051A9EA03AEEB
+PT=EFE7E9DC254FF4AA70ABF327566A5448
+
+I=266
+KEY=BBF0C86D05BF543EC3B9A9240833187F8BEFE011FA9024A7F30DDD71896321C7
+IV=287B06920A66FAF8DF4B197492574266
+CT=EFE7E9DC254FF4AA70ABF327566A5448
+PT=2D41BEE483BD2BAD16026AD7AA5ABA07
+
+I=267
+KEY=B744A9326EC1D56CBFF51D969D075C7DA6AE5EF5792D0F0AE50FB7A623399BC0
+IV=0CB4615F6B7E81527C4CB4B295344402
+CT=2D41BEE483BD2BAD16026AD7AA5ABA07
+PT=079460C9B745A53999932C5ECFE6A37B
+
+I=268
+KEY=AE49C59DD393E9EC9030AEDAD7FC61FEA13A3E3CCE68AA337C9C9BF8ECDF38BB
+IV=190D6CAFBD523C802FC5B34C4AFB3D83
+CT=079460C9B745A53999932C5ECFE6A37B
+PT=CE7C5851D0437368FEDC7E39270A7430
+
+I=269
+KEY=8176855633B6FB2445BDDC2FD8D299576F46666D1E2BD95B8240E5C1CBD54C8B
+IV=2F3F40CBE02512C8D58D72F50F2EF8A9
+CT=CE7C5851D0437368FEDC7E39270A7430
+PT=A0C3F2D688E4370AD2F08C09B28DBCC1
+
+I=270
+KEY=050E71C47B278C5825DE84513A732D11CF8594BB96CFEE5150B069C87958F04A
+IV=8478F4924891777C6063587EE2A1B446
+CT=A0C3F2D688E4370AD2F08C09B28DBCC1
+PT=BE472E609ABB030B96739A959EDBDD21
+
+I=271
+KEY=502E4BDCF449E96CB16D5B6C097D20CC71C2BADB0C74ED5AC6C3F35DE7832D6B
+IV=55203A188F6E653494B3DF3D330E0DDD
+CT=BE472E609ABB030B96739A959EDBDD21
+PT=FE4227D6AC71519FA0F2078433DF69CA
+
+I=272
+KEY=C3DDDE6B2E80381010569BC093561F628F809D0DA005BCC56631F4D9D45C44A1
+IV=93F395B7DAC9D17CA13BC0AC9A2B3FAE
+CT=FE4227D6AC71519FA0F2078433DF69CA
+PT=3F8439C7648C5C2B5877643C536E14F9
+
+I=273
+KEY=1CC65CB104317D620D729EDEB4C4B512B004A4CAC489E0EE3E4690E587325058
+IV=DF1B82DA2AB145721D24051E2792AA70
+CT=3F8439C7648C5C2B5877643C536E14F9
+PT=E189B969BF38C8A2F38BF3F12267B5B4
+
+I=274
+KEY=D121C8556039F07E231F9E88DE60572B518D1DA37BB1284CCDCD6314A555E5EC
+IV=CDE794E464088D1C2E6D00566AA4E239
+CT=E189B969BF38C8A2F38BF3F12267B5B4
+PT=EF15CCEC56DCD62681FC7564A1095ECD
+
+I=275
+KEY=C87070F4AA767BE043B29FE3AF258C91BE98D14F2D6DFE6A4C311670045CBB21
+IV=1951B8A1CA4F8B9E60AD016B7145DBBA
+CT=EF15CCEC56DCD62681FC7564A1095ECD
+PT=BD38CD579A7124DD0814DB21FC0E7D96
+
+I=276
+KEY=08167C643CA7CAD8729B17EB91918AC103A01C18B71CDAB74425CD51F852C6B7
+IV=C0660C9096D1B138312988083EB40650
+CT=BD38CD579A7124DD0814DB21FC0E7D96
+PT=565F580B61E456544D8D553948AD95FD
+
+I=277
+KEY=55BB77ED49C419EEA418365F2750857355FF4413D6F88CE309A89868B0FF534A
+IV=5DAD0B897563D336D68321B4B6C10FB2
+CT=565F580B61E456544D8D553948AD95FD
+PT=1AA68EAC78C2B5BFF996F0B58C56432F
+
+I=278
+KEY=8FEC3C85819F24EE1DA186AB212A19D44F59CABFAE3A395CF03E68DD3CA91065
+IV=DA574B68C85B3D00B9B9B0F4067A9CA7
+CT=1AA68EAC78C2B5BFF996F0B58C56432F
+PT=65660FBF6C166604D9E717671488D734
+
+I=279
+KEY=D1D19B25C23EA5923D45493905B867D12A3FC500C22C5F5829D97FBA2821C751
+IV=5E3DA7A043A1817C20E4CF9224927E05
+CT=65660FBF6C166604D9E717671488D734
+PT=477CBD97B467AA1AAB738E294092FAA3
+
+I=280
+KEY=E1972BE045093EC4475DCE6351CDEDCB6D437897764BF54282AAF19368B33DF2
+IV=3046B0C587379B567A18875A54758A1A
+CT=477CBD97B467AA1AAB738E294092FAA3
+PT=C0ED90D90AE11390A275BD03BE00E1D5
+
+I=281
+KEY=6F622A270D77AE65084E2070343E8C7FADAEE84E7CAAE6D220DF4C90D6B3DC27
+IV=8EF501C7487E90A14F13EE1365F361B4
+CT=C0ED90D90AE11390A275BD03BE00E1D5
+PT=296FED9B8CF7C532721A2188DDB1A441
+
+I=282
+KEY=FF7209EA94C0401544991FDB57F77F2084C105D5F05D23E052C56D180B027866
+IV=901023CD99B7EE704CD73FAB63C9F35F
+CT=296FED9B8CF7C532721A2188DDB1A441
+PT=4AE1C2EB8D1CEB5804FA992708150590
+
+I=283
+KEY=73C6F94AD63DE39C289AE20179FDDDD7CE20C73E7D41C8B8563FF43F03177DF6
+IV=8CB4F0A042FDA3896C03FDDA2E0AA2F7
+CT=4AE1C2EB8D1CEB5804FA992708150590
+PT=A4EAC8940C12F9CEAC78DFDC99DF68B4
+
+I=284
+KEY=A7369886016682F6075678509FFB86ED6ACA0FAA71533176FA472BE39AC81542
+IV=D4F061CCD75B616A2FCC9A51E6065B3A
+CT=A4EAC8940C12F9CEAC78DFDC99DF68B4
+PT=70B05A9959E7C4E4545BB3AECCD8B33D
+
+I=285
+KEY=F01B9FF32CE9CA699F69ADBBC209BBD21A7A553328B4F592AE1C984D5610A67F
+IV=572D07752D8F489F983FD5EB5DF23D3F
+CT=70B05A9959E7C4E4545BB3AECCD8B33D
+PT=F4978960F1382713A5A7183B9694DE85
+
+I=286
+KEY=FF05A97961A5CA725CD2E1B2A9D58304EEEDDC53D98CD2810BBB8076C08478FA
+IV=0F1E368A4D4C001BC3BB4C096BDC38D6
+CT=F4978960F1382713A5A7183B9694DE85
+PT=EDCC3B8D26928086F1C6727833405424
+
+I=287
+KEY=AA4DB35CCBD936D13D1B7DB64638B99A0321E7DEFF1E5207FA7DF20EF3C42CDE
+IV=55481A25AA7CFCA361C99C04EFED3A9E
+CT=EDCC3B8D26928086F1C6727833405424
+PT=12A36AC1DA72345291CF206FA04F102F
+
+I=288
+KEY=611E32BF030B7B377AEC338C7FA6D88311828D1F256C66556BB2D261538B3CF1
+IV=CB5381E3C8D24DE647F74E3A399E6119
+CT=12A36AC1DA72345291CF206FA04F102F
+PT=8DA0003E090444453B932F0CDBBFA54E
+
+I=289
+KEY=43E230241EF150AC761C1307C43C3E209C228D212C6822105021FD6D883499BF
+IV=22FC029B1DFA2B9B0CF0208BBB9AE6A3
+CT=8DA0003E090444453B932F0CDBBFA54E
+PT=A3D9F2112895CEA937A2B18ABB589CC0
+
+I=290
+KEY=1FE38E9028DAC8A1E65A04C78BD0E7523FFB7F3004FDECB967834CE7336C057F
+IV=5C01BEB4362B980D904617C04FECD972
+CT=A3D9F2112895CEA937A2B18ABB589CC0
+PT=191EE02B9FED198599B5BC2F36271ABB
+
+I=291
+KEY=5FFD20799D7A7E7A328BD57B13F6E52F26E59F1B9B10F53CFE36F0C8054B1FC4
+IV=401EAEE9B5A0B6DBD4D1D1BC9826027D
+CT=191EE02B9FED198599B5BC2F36271ABB
+PT=EFC32006AE746D1E3F65E6C7ADF32804
+
+I=292
+KEY=EFEFD2A0F1917EB5BFD2337260E11023C926BF1D35649822C153160FA8B837C0
+IV=B012F2D96CEB00CF8D59E6097317F50C
+CT=EFC32006AE746D1E3F65E6C7ADF32804
+PT=F9C49B0BFFA354EEBBE3DE29BF9D2623
+
+I=293
+KEY=7676D792019D370A67526977EC5FDB5B30E22416CAC7CCCC7AB0C826172511E3
+IV=99990532F00C49BFD8805A058CBECB78
+CT=F9C49B0BFFA354EEBBE3DE29BF9D2623
+PT=EAEAE4BFF789E64D80D88CE5BC0E15CC
+
+I=294
+KEY=69202B4EB33EB35987DD82026714F603DA08C0A93D4E2A81FA6844C3AB2B042F
+IV=1F56FCDCB2A38453E08FEB758B4B2D58
+CT=EAEAE4BFF789E64D80D88CE5BC0E15CC
+PT=96C362F59FD2457A5ED68A116B4AA682
+
+I=295
+KEY=DE8B4CC7995B3E061E126157B0C2AF984CCBA25CA29C6FFBA4BECED2C061A2AD
+IV=B7AB67892A658D5F99CFE355D7D6599B
+CT=96C362F59FD2457A5ED68A116B4AA682
+PT=5498BE46DCE840F7B593BE2BC0D252CB
+
+I=296
+KEY=1BFE119E1B63BA06E9A590709A2985D218531C1A7E742F0C112D70F900B3F066
+IV=C5755D5982388400F7B7F1272AEB2A4A
+CT=5498BE46DCE840F7B593BE2BC0D252CB
+PT=697482966F491ACB46E7171A4813D916
+
+I=297
+KEY=9E6361F9775A88FAAD09711E9691798C71279E8C113D35C757CA67E348A02970
+IV=859D70676C3932FC44ACE16E0CB8FC5E
+CT=697482966F491ACB46E7171A4813D916
+PT=A799874DC7721D96DEEFAB5FE1A01A8E
+
+I=298
+KEY=7D1EF621D3ADC4BD4EC1861167FA5B0CD6BE19C1D64F28518925CCBCA90033FE
+IV=E37D97D8A4F74C47E3C8F70FF16B2280
+CT=A799874DC7721D96DEEFAB5FE1A01A8E
+PT=2D19344625CF5E6DE07EE960F4AEC5CF
+
+I=299
+KEY=7DFD0BE692B47C022DC789EF5291D2F5FBA72D87F380763C695B25DC5DAEF631
+IV=00E3FDC74119B8BF63060FFE356B89F9
+CT=2D19344625CF5E6DE07EE960F4AEC5CF
+PT=F80C5143F173AE672DA4DDC8272C13EF
+
+I=300
+KEY=A78C66D30475B93F0A87E6E4A8BFA3AE03AB7CC402F3D85B44FFF8147A82E5DE
+IV=DA716D3596C1C53D27406F0BFA2E715B
+CT=F80C5143F173AE672DA4DDC8272C13EF
+PT=76BDB7A63614A41C9D52718B3514E03C
+
+I=301
+KEY=9542E4B9D92DAF7B463C83DA257422B37516CB6234E77C47D9AD899F4F9605E2
+IV=32CE826ADD5816444CBB653E8DCB811D
+CT=76BDB7A63614A41C9D52718B3514E03C
+PT=93F65B7B961EE6B623A026576FF8890B
+
+I=302
+KEY=6932CD66A25D1DE274C7D5DF540917BFE6E09019A2F99AF1FA0DAFC8206E8CE9
+IV=FC7029DF7B70B29932FB5605717D350C
+CT=93F65B7B961EE6B623A026576FF8890B
+PT=FA5BEB508ABCBCB1B1D56C0E207A032D
+
+I=303
+KEY=595CCC3640445FF5BBF303FF7845AB821CBB7B49284526404BD8C3C600148FC4
+IV=306E0150E2194217CF34D6202C4CBC3D
+CT=FA5BEB508ABCBCB1B1D56C0E207A032D
+PT=BFAEA3EB7C617567EB302D571DBF2811
+
+I=304
+KEY=BF5382311BF88FC9E32D5BADC832BE48A315D8A254245327A0E8EE911DABA7D5
+IV=E60F4E075BBCD03C58DE5852B07715CA
+CT=BFAEA3EB7C617567EB302D571DBF2811
+PT=4B0E63933414184D43B0AA714AA31E02
+
+I=305
+KEY=B50A2FF8FAC6820638CCBA3A0CA6519CE81BBB3160304B6AE35844E05708B9D7
+IV=0A59ADC9E13E0DCFDBE1E197C494EFD4
+CT=4B0E63933414184D43B0AA714AA31E02
+PT=0073CA04B300003AF3C1035C664E0646
+
+I=306
+KEY=1A32AA7CA8B5D83C47F56C5D24EDBD38E8687135D3304B50109947BC3146BF91
+IV=AF38858452735A3A7F39D667284BECA4
+CT=0073CA04B300003AF3C1035C664E0646
+PT=75CFE6D4A4F05D8EBB5C614AC7FB48C8
+
+I=307
+KEY=C321C5381F5A334C8B82DD2F0E4C73AE9DA797E177C016DEABC526F6F6BDF759
+IV=D9136F44B7EFEB70CC77B1722AA1CE96
+CT=75CFE6D4A4F05D8EBB5C614AC7FB48C8
+PT=B0D8DB37DF5C3A87B9E5D562283E8FEE
+
+I=308
+KEY=40879EA19753F0F22B1C1BF438A446532D7F4CD6A89C2C591220F394DE8378B7
+IV=83A65B998809C3BEA09EC6DB36E835FD
+CT=B0D8DB37DF5C3A87B9E5D562283E8FEE
+PT=9C885637CC7666C04B424DD6EF1F3EDB
+
+I=309
+KEY=B6824C9F800B1E7825135F250DB99FC8B1F71AE164EA4A995962BE42319C466C
+IV=F605D23E1758EE8A0E0F44D1351DD99B
+CT=9C885637CC7666C04B424DD6EF1F3EDB
+PT=3E7F4437656E63E0ADC6C764B20FE92D
+
+I=310
+KEY=7FA3CDE5856B1F0D9AE33E9E6ED1532E8F885ED601842979F4A479268393AF41
+IV=C921817A05600175BFF061BB6368CCE6
+CT=3E7F4437656E63E0ADC6C764B20FE92D
+PT=B19CCFDAADEC54C8DD5F4FD53D3C5824
+
+I=311
+KEY=3E3ABA34DB005D9FF2CEF1321BCD018E3E14910CAC687DB129FB36F3BEAFF765
+IV=419977D15E6B4292682DCFAC751C52A0
+CT=B19CCFDAADEC54C8DD5F4FD53D3C5824
+PT=84F7D061322A4042913C0BD14F5F1391
+
+I=312
+KEY=FB474D499955CB1F37FBA309DD55E09DBAE3416D9E423DF3B8C73D22F1F0E4F4
+IV=C57DF77D42559680C535523BC698E113
+CT=84F7D061322A4042913C0BD14F5F1391
+PT=CBCD716DA9C53D7AFFFE65B780926660
+
+I=313
+KEY=7C1D07031362A7439F9DD5272DAD1D9B712E3000378700894739589571628294
+IV=875A4A4A8A376C5CA866762EF0F8FD06
+CT=CBCD716DA9C53D7AFFFE65B780926660
+PT=F605D205704496C5BFCEE88130920CDE
+
+I=314
+KEY=7E9E72A6032523643F0965E8BFCB0793872BE20547C3964CF8F7B01441F08E4A
+IV=028375A510478427A094B0CF92661A08
+CT=F605D205704496C5BFCEE88130920CDE
+PT=CFA8B47DEB5770925EA29484D82CDBB4
+
+I=315
+KEY=518CA0A8C81E9DDCE1060410C69F0ACE48835678AC94E6DEA655249099DC55FE
+IV=2F12D20ECB3BBEB8DE0F61F879540D5D
+CT=CFA8B47DEB5770925EA29484D82CDBB4
+PT=1065AD49D2DD48EB9540F23A69469B92
+
+I=316
+KEY=45E6A5A17D8D1AEA04CD8E184D0A1BF758E6FB317E49AE353315D6AAF09ACE6C
+IV=146A0509B5938736E5CB8A088B951139
+CT=1065AD49D2DD48EB9540F23A69469B92
+PT=DB12EE00C65069CFEA509BA5BD5BB6BC
+
+I=317
+KEY=FC8F8F7F8A440A6CEB920D4311851B3A83F41531B819C7FAD9454D0F4DC178D0
+IV=B9692ADEF7C91086EF5F835B5C8F00CD
+CT=DB12EE00C65069CFEA509BA5BD5BB6BC
+PT=B66316FB3CCC9B262A34C205AE43F42B
+
+I=318
+KEY=42D666DF2C1575E3B346FCBCD208AD9F359703CA84D55CDCF3718F0AE3828CFB
+IV=BE59E9A0A6517F8F58D4F1FFC38DB6A5
+CT=B66316FB3CCC9B262A34C205AE43F42B
+PT=4C851D9BDC164194A6D1FDE274C06D1B
+
+I=319
+KEY=786B9456901DFA9FF85C686DEEDCA02079121E5158C31D4855A072E89742E1E0
+IV=3ABDF289BC088F7C4B1A94D13CD40DBF
+CT=4C851D9BDC164194A6D1FDE274C06D1B
+PT=5507F1EB271BDBC0A6DD8BBAEC843A05
+
+I=320
+KEY=C79B5CD424E592D392FECD3233CEA70B2C15EFBA7FD8C688F37DF9527BC6DBE5
+IV=BFF0C882B4F8684C6AA2A55FDD12072B
+CT=5507F1EB271BDBC0A6DD8BBAEC843A05
+PT=BB10EF7C98DE0255C836D5319B94B166
+
+I=321
+KEY=10ABC5B835E6E6BD02E90B63D22EF9E7970500C6E706C4DD3B4B2C63E0526A83
+IV=D730996C1103746E9017C651E1E05EEC
+CT=BB10EF7C98DE0255C836D5319B94B166
+PT=E8B797AFDC378DB47F172260963A6E2C
+
+I=322
+KEY=75E05AAAB4E6981A20E4177D214B81EA7FB297693B314969445C0E03766804AF
+IV=654B9F1281007EA7220D1C1EF365780D
+CT=E8B797AFDC378DB47F172260963A6E2C
+PT=58ED1CC5A208A0E7340167E79F5DA7C2
+
+I=323
+KEY=A69FECC296D12216128BD1D2C48B373D275F8BAC9939E98E705D69E4E935A36D
+IV=D37FB6682237BA0C326FC6AFE5C0B6D7
+CT=58ED1CC5A208A0E7340167E79F5DA7C2
+PT=FEDA5FB215819B441BE18B0AED27A1FD
+
+I=324
+KEY=7EED1776E603DD6C20F08B4C6B121525D985D41E8CB872CA6BBCE2EE04120290
+IV=D872FBB470D2FF7A327B5A9EAF992218
+CT=FEDA5FB215819B441BE18B0AED27A1FD
+PT=7CD64E29A704F13688DB206F7F337685
+
+I=325
+KEY=D4479A0AF29AF7145EC3FB89FEF8BBA7A5539A372BBC83FCE367C2817B217415
+IV=AAAA8D7C14992A787E3370C595EAAE82
+CT=7CD64E29A704F13688DB206F7F337685
+PT=25D6728244F28F79D1BC707BE94ECA13
+
+I=326
+KEY=7FB45D09003B25EFEB5F68CCB7E09C008085E8B56F4E0C8532DBB2FA926FBE06
+IV=ABF3C703F2A1D2FBB59C9345491827A7
+CT=25D6728244F28F79D1BC707BE94ECA13
+PT=47AF03717893A10D7F40D5A3D9B82534
+
+I=327
+KEY=35EE9428D4EC49EC103EDF32F4FBEE16C72AEBC417DDAD884D9B67594BD79B32
+IV=4A5AC921D4D76C03FB61B7FE431B7216
+CT=47AF03717893A10D7F40D5A3D9B82534
+PT=B6C25C0E4CA560707588321AAF41119C
+
+I=328
+KEY=B12C0149A6EDD2DC3742D10822FEDDF771E8B7CA5B78CDF838135543E4968AAE
+IV=84C2956172019B30277C0E3AD60533E1
+CT=B6C25C0E4CA560707588321AAF41119C
+PT=09137DF5460434E863647B4B50E17A60
+
+I=329
+KEY=CFEC596CE216B14A955E7CBC095C198678FBCA3F1D7CF9105B772E08B477F0CE
+IV=7EC0582544FB6396A21CADB42BA2C471
+CT=09137DF5460434E863647B4B50E17A60
+PT=17A26688B271E9765F41C71CD8CF0C25
+
+I=330
+KEY=35903FF91CC199C048C6C031AA2F4FC96F59ACB7AF0D10660436E9146CB8FCEB
+IV=FA7C6695FED7288ADD98BC8DA373564F
+CT=17A26688B271E9765F41C71CD8CF0C25
+PT=62E3C4D53DECB83FCD5F57D1971D58FB
+
+I=331
+KEY=F262476804B79C1F85FEB875CCD5FC3E0DBA686292E1A859C969BEC5FBA5A410
+IV=C7F27891187605DFCD38784466FAB3F7
+CT=62E3C4D53DECB83FCD5F57D1971D58FB
+PT=3495C5855D819B6FF779FC7AC59BEB53
+
+I=332
+KEY=DC61E5CFC9BAE6B23B894486AD478ADD392FADE7CF6033363E1042BF3E3E4F43
+IV=2E03A2A7CD0D7AADBE77FCF3619276E3
+CT=3495C5855D819B6FF779FC7AC59BEB53
+PT=7440ABE9E1374208CFBCCC18ADC6089F
+
+I=333
+KEY=C9D2E747A1A6D594CCAE434B7605C8FB4D6F060E2E57713EF1AC8EA793F847DC
+IV=15B30288681C3326F72707CDDB424226
+CT=7440ABE9E1374208CFBCCC18ADC6089F
+PT=B6802F0F62A28AF7326CDB2144E8DE87
+
+I=334
+KEY=99FEF610CFFFACBE8C6AD0A2B0C8F8A7FBEF29014CF5FBC9C3C05586D710995B
+IV=502C11576E59792A40C493E9C6CD305C
+CT=B6802F0F62A28AF7326CDB2144E8DE87
+PT=B84D7D91E60C131F6F042D403D85C47B
+
+I=335
+KEY=91EB2713A930B6A53993029D5A056B4143A25490AAF9E8D6ACC478C6EA955D20
+IV=0815D10366CF1A1BB5F9D23FEACD93E6
+CT=B84D7D91E60C131F6F042D403D85C47B
+PT=4DDF64827A16F90B5E6B306E8F227DB7
+
+I=336
+KEY=C15019D3523304CC9231B33C53C7FE1E0E7D3012D0EF11DDF2AF48A865B72097
+IV=50BB3EC0FB03B269ABA2B1A109C2955F
+CT=4DDF64827A16F90B5E6B306E8F227DB7
+PT=FDF6E5B6486E11839EB3A7F5C3898F54
+
+I=337
+KEY=E24B749901384F48B2E740C51175E311F38BD5A49881005E6C1CEF5DA63EAFC3
+IV=231B6D4A530B4B8420D6F3F942B21D0F
+CT=FDF6E5B6486E11839EB3A7F5C3898F54
+PT=841EF37B4AF82CC5EB00E11775079D81
+
+I=338
+KEY=44B7FFFA042DCA1BF276D4911D4B0BE2779526DFD2792C9B871C0E4AD3393242
+IV=A6FC8B6305158553409194540C3EE8F3
+CT=841EF37B4AF82CC5EB00E11775079D81
+PT=1725AF7F70B65FBB060D29B3BCDF0A31
+
+I=339
+KEY=B724B2CD569E436B20594E10576934BF60B089A0A2CF7320811127F96FE63873
+IV=F3934D3752B38970D22F9A814A223F5D
+CT=1725AF7F70B65FBB060D29B3BCDF0A31
+PT=2CCC6D09954E5FE6C6A87E18950EED02
+
+I=340
+KEY=E9EB02E31CABD14DFF231F1F649294044C7CE4A937812CC647B959E1FAE8D571
+IV=5ECFB02E4A359226DF7A510F33FBA0BB
+CT=2CCC6D09954E5FE6C6A87E18950EED02
+PT=C82C82AF68EACE2AF22C3266F898F573
+
+I=341
+KEY=90C8F71B05BE122AFE5D58A7A1AAB666845066065F6BE2ECB5956B8702702002
+IV=7923F5F81915C367017E47B8C5382262
+CT=C82C82AF68EACE2AF22C3266F898F573
+PT=377F6966928959F2D68F3A2BD0EA3735
+
+I=342
+KEY=1BE70B607CF9A9E35DF916C4CC103FEBB32F0F60CDE2BB1E631A51ACD29A1737
+IV=8B2FFC7B7947BBC9A3A44E636DBA898D
+CT=377F6966928959F2D68F3A2BD0EA3735
+PT=3A8CCF4943B9866A9ABBEC0BA46F25DB
+
+I=343
+KEY=631B2C30FEA26433F0CBCD01B1CE974089A3C0298E5B3D74F9A1BDA776F532EC
+IV=78FC2750825BCDD0AD32DBC57DDEA8AB
+CT=3A8CCF4943B9866A9ABBEC0BA46F25DB
+PT=3B767EAB7F0C2D24BBE5565E93DC3E24
+
+I=344
+KEY=8785E70A8CD45A8FE1E4382DC62D563DB2D5BE82F15710504244EBF9E5290CC8
+IV=E49ECB3A72763EBC112FF52C77E3C17D
+CT=3B767EAB7F0C2D24BBE5565E93DC3E24
+PT=619610C6A4A8E9B196E65D2E5D463968
+
+I=345
+KEY=B49BAD1E8EB8B9CF7F32048A81E5BCD3D343AE4455FFF9E1D4A2B6D7B86F35A0
+IV=331E4A14026CE3409ED63CA747C8EAEE
+CT=619610C6A4A8E9B196E65D2E5D463968
+PT=F12AF66580B33C3113C45CF5EFD52F4F
+
+I=346
+KEY=3C92453C6342B6CDC18BFE05241EB5D922695821D54CC5D0C766EA2257BA1AEF
+IV=8809E822EDFA0F02BEB9FA8FA5FB090A
+CT=F12AF66580B33C3113C45CF5EFD52F4F
+PT=A427E0B2CD34285167999A9F18295D26
+
+I=347
+KEY=24A1F21CA68CF23F1674BF5328219987864EB8931878ED81A0FF70BD4F9347C9
+IV=1833B720C5CE44F2D7FF41560C3F2C5E
+CT=A427E0B2CD34285167999A9F18295D26
+PT=85F5855ACB2741070E1C89F904CBDBEA
+
+I=348
+KEY=B5479F4D4A0DBBFFBF86C576009F241403BB3DC9D35FAC86AEE3F9444B589C23
+IV=91E66D51EC8149C0A9F27A2528BEBD93
+CT=85F5855ACB2741070E1C89F904CBDBEA
+PT=295D7A02348A185F5C54113C734E9003
+
+I=349
+KEY=AA9CE82B0B649063C874699C71E8A94E2AE647CBE7D5B4D9F2B7E87838160C20
+IV=1FDB776641692B9C77F2ACEA71778D5A
+CT=295D7A02348A185F5C54113C734E9003
+PT=E466F369B840296AAB1A24ED32A19F51
+
+I=350
+KEY=A2BA72E2906E04C42C0047EF222FFFE6CE80B4A25F959DB359ADCC950AB79371
+IV=08269AC99B0A94A7E4742E7353C756A8
+CT=E466F369B840296AAB1A24ED32A19F51
+PT=099CEB8099DD025E4A57015168F75388
+
+I=351
+KEY=EA9B425CCD937976EB04693F16C4DAC4C71C5F22C6489FED13FACDC46240C0F9
+IV=482130BE5DFD7DB2C7042ED034EB2522
+CT=099CEB8099DD025E4A57015168F75388
+PT=E40CD2C0A7E7CB35C64AEB396338A801
+
+I=352
+KEY=D31BCE56BA19A7CB6057C5F2CCB3786223108DE261AF54D8D5B026FD017868F8
+IV=39808C0A778ADEBD8B53ACCDDA77A2A6
+CT=E40CD2C0A7E7CB35C64AEB396338A801
+PT=12E94732A52D15C624A8E554AB54C9A4
+
+I=353
+KEY=F0CD039C509E0EFF71B18AE3FEEB186D31F9CAD0C482411EF118C3A9AA2CA15C
+IV=23D6CDCAEA87A93411E64F113258600F
+CT=12E94732A52D15C624A8E554AB54C9A4
+PT=241C32C2C0C5C6CBE4BB354C054C68D7
+
+I=354
+KEY=0579BEABF73DD177C1F1F0827DA20BA115E5F812044787D515A3F6E5AF60C98B
+IV=F5B4BD37A7A3DF88B0407A61834913CC
+CT=241C32C2C0C5C6CBE4BB354C054C68D7
+PT=E4EA5643CF19EF64820A1B591DE1C378
+
+I=355
+KEY=99C7C61F7153FFA0F07380D052431667F10FAE51CB5E68B197A9EDBCB2810AF3
+IV=9CBE78B4866E2ED7318270522FE11DC6
+CT=E4EA5643CF19EF64820A1B591DE1C378
+PT=BC86D5465171B667CE837F874D933FF4
+
+I=356
+KEY=C2A65A0A2E71F6E7E2BD9FBB5049F7914D897B179A2FDED6592A923BFF123507
+IV=5B619C155F22094712CE1F6B020AE1F6
+CT=BC86D5465171B667CE837F874D933FF4
+PT=EEB9DC4EBD27720AD3527A1323D85413
+
+I=357
+KEY=B635E7EFD987991CD29414B3EBAB2EA4A330A7592708ACDC8A78E828DCCA6114
+IV=7493BDE5F7F66FFB30298B08BBE2D935
+CT=EEB9DC4EBD27720AD3527A1323D85413
+PT=78591E006B877AC6880834E3F98FD6B0
+
+I=358
+KEY=F5849125E52B6DF3CD8144DDB64178DDDB69B9594C8FD61A0270DCCB2545B7A4
+IV=43B176CA3CACF4EF1F15506E5DEA5679
+CT=78591E006B877AC6880834E3F98FD6B0
+PT=8F9A67CF96F4608D56923CB267855F3F
+
+I=359
+KEY=41885734A072249ADE0091A0AD87F47854F3DE96DA7BB69754E2E07942C0E89B
+IV=B40CC611455949691381D57D1BC68CA5
+CT=8F9A67CF96F4608D56923CB267855F3F
+PT=1B0B8D9118CBECBA2D5AD17A261F9D56
+
+I=360
+KEY=FF1A5B86E3545D9CB01A1222EC99A81C4FF85307C2B05A2D79B8310364DF75CD
+IV=BE920CB2432679066E1A8382411E5C64
+CT=1B0B8D9118CBECBA2D5AD17A261F9D56
+PT=6225E63F0C1A5DE00FD63032908A51F3
+
+I=361
+KEY=836FB4DC9C17E5AD70404B41CC4A043E2DDDB538CEAA07CD766E0131F455243E
+IV=7C75EF5A7F43B831C05A596320D3AC22
+CT=6225E63F0C1A5DE00FD63032908A51F3
+PT=7C66E540C016FB81A345E10331FCAFF3
+
+I=362
+KEY=63CA7D0E2675E43626B5311A7BA7131B51BB50780EBCFC4CD52BE032C5A98BCD
+IV=E0A5C9D2BA62019B56F57A5BB7ED1725
+CT=7C66E540C016FB81A345E10331FCAFF3
+PT=2F010053D3C59BB8ACB5B13B197A4204
+
+I=363
+KEY=6B5C4A2DD70FFF3023B2A775BECF05607EBA502BDD7967F4799E5109DCD3C9C9
+IV=08963723F17A1B060507966FC568167B
+CT=2F010053D3C59BB8ACB5B13B197A4204
+PT=8918E06B8619B43E859171A345E246AE
+
+I=364
+KEY=575661F811B8D8B50980A55848A48949F7A2B0405B60D3CAFC0F20AA99318F67
+IV=3C0A2BD5C6B727852A32022DF66B8C29
+CT=8918E06B8619B43E859171A345E246AE
+PT=60FF920A8495AD880459737525C109D6
+
+I=365
+KEY=5FACBE49DE8F64786918067E7E361681975D224ADFF57E42F85653DFBCF086B1
+IV=08FADFB1CF37BCCD6098A32636929FC8
+CT=60FF920A8495AD880459737525C109D6
+PT=03F09A2C18DB8BAE5CCC93B9165A1D16
+
+I=366
+KEY=9BFDA5803AC1C3004F0B138885DE59FE94ADB866C72EF5ECA49AC066AAAA9BA7
+IV=C4511BC9E44EA778261315F6FBE84F7F
+CT=03F09A2C18DB8BAE5CCC93B9165A1D16
+PT=52CB3AF36047F4D14C2EAEE3C3F8AF2A
+
+I=367
+KEY=614239035D7EF489DE2F88FDB6188EC3C6668295A769013DE8B46E856952348D
+IV=FABF9C8367BF378991249B7533C6D73D
+CT=52CB3AF36047F4D14C2EAEE3C3F8AF2A
+PT=249794B3822BB06708B5D5777D297C40
+
+I=368
+KEY=20BEFE90BA9C7EE9CFB1E569FE354258E2F116262542B15AE001BBF2147B48CD
+IV=41FCC793E7E28A60119E6D94482DCC9B
+CT=249794B3822BB06708B5D5777D297C40
+PT=1836AE59EAE452DAC108618DECD666BD
+
+I=369
+KEY=E11E8BF6DE253E4FBADEDFD44B34BE15FAC7B87FCFA6E3802109DA7FF8AD2E70
+IV=C1A0756664B940A6756F3ABDB501FC4D
+CT=1836AE59EAE452DAC108618DECD666BD
+PT=20EE84DEB0E7B0C83D74CE251AA1615C
+
+I=370
+KEY=D519038D457B4BCD9DD50C8F64FE2F2ADA293CA17F4153481C7D145AE20C4F2C
+IV=3407887B9B5E7582270BD35B2FCA913F
+CT=20EE84DEB0E7B0C83D74CE251AA1615C
+PT=6FA7D3584A2E4B803AC1AC07B09931A2
+
+I=371
+KEY=82F1611CFB9E7AF9F9274C6BF1B96BEBB58EEFF9356F18C826BCB85D52957E8E
+IV=57E86291BEE5313464F240E4954744C1
+CT=6FA7D3584A2E4B803AC1AC07B09931A2
+PT=A7B8F8AC07BAB843F4E7942A6E4A85D5
+
+I=372
+KEY=DFF5A6DE8ADE9AB78CF1E637F44FD3351236175532D5A08BD25B2C773CDFFB5B
+IV=5D04C7C27140E04E75D6AA5C05F6B8DE
+CT=A7B8F8AC07BAB843F4E7942A6E4A85D5
+PT=7F3C3702404E6E013474A0AA0EF85527
+
+I=373
+KEY=9C6A11136F64F462E7C5CB30049CDA056D0A2057729BCE8AE62F8CDD3227AE7C
+IV=439FB7CDE5BA6ED56B342D07F0D30930
+CT=7F3C3702404E6E013474A0AA0EF85527
+PT=7C0C44DC96872DEE0BAC71DDBDCC84E3
+
+I=374
+KEY=2C95624ADD9B1E09F13AE579333B22BB1106648BE41CE364ED83FD008FEB2A9F
+IV=B0FF7359B2FFEA6B16FF2E4937A7F8BE
+CT=7C0C44DC96872DEE0BAC71DDBDCC84E3
+PT=B9E4597C562E9B5C0E6815E64F767CE9
+
+I=375
+KEY=CBB3F14A21E49825990B89E7D07BC386A8E23DF7B2327838E3EBE8E6C09D5676
+IV=E7269300FC7F862C68316C9EE340E13D
+CT=B9E4597C562E9B5C0E6815E64F767CE9
+PT=4B37A1FD978F50BE9EA482CFBEACFA08
+
+I=376
+KEY=65B742FFD29D9B07F3956625AED7382EE3D59C0A25BD28867D4F6A297E31AC7E
+IV=AE04B3B5F37903226A9EEFC27EACFBA8
+CT=4B37A1FD978F50BE9EA482CFBEACFA08
+PT=D3406B71FFC847C364199666A808C43A
+
+I=377
+KEY=6C6A4DE74AF6C443B4F6A1C7DAB4A28E3095F77BDA756F451956FC4FD6396844
+IV=09DD0F18986B5F444763C7E274639AA0
+CT=D3406B71FFC847C364199666A808C43A
+PT=94744ECE39108CB8084DF8A17C49CDCC
+
+I=378
+KEY=AD09E82AFAA9F5168CD9B83F44C096A0A4E1B9B5E365E3FD111B04EEAA70A588
+IV=C163A5CDB05F3155382F19F89E74342E
+CT=94744ECE39108CB8084DF8A17C49CDCC
+PT=45EF43A20D7F174DA1463DDA678BBFFB
+
+I=379
+KEY=DC29CBF4E8B92311A9AA788C437A8EDDE10EFA17EE1AF4B0B05D3934CDFB1A73
+IV=712023DE1210D6072573C0B307BA187D
+CT=45EF43A20D7F174DA1463DDA678BBFFB
+PT=4480FB073AA197507E376C56B824C753
+
+I=380
+KEY=93308B36D3A2E1A952B96FE4687B2DF9A58E0110D4BB63E0CE6A556275DFDD20
+IV=4F1940C23B1BC2B8FB1317682B01A324
+CT=4480FB073AA197507E376C56B824C753
+PT=C8BBB77D206EF37C7C40DB175D105271
+
+I=381
+KEY=9682C995955D18471758C504201E93AC6D35B66DF4D5909CB22A8E7528CF8F51
+IV=05B242A346FFF9EE45E1AAE04865BE55
+CT=C8BBB77D206EF37C7C40DB175D105271
+PT=50C0B9001C716D53470FC9B011191402
+
+I=382
+KEY=60854B33BE79B0E631B1AF9046C46D153DF50F6DE8A4FDCFF52547C539D69B53
+IV=F60782A62B24A8A126E96A9466DAFEB9
+CT=50C0B9001C716D53470FC9B011191402
+PT=8DB5367A34C5E5B93486AB07CA8BB02E
+
+I=383
+KEY=7EE74E63D01F31D44B3860471B0BE50FB0403917DC611876C1A3ECC2F35D2B7D
+IV=1E6205506E6681327A89CFD75DCF881A
+CT=8DB5367A34C5E5B93486AB07CA8BB02E
+PT=4F9B922C88C1750829D9088F16EDB529
+
+I=384
+KEY=A65EE6CE576182F487D2C21C4F8539F3FFDBAB3B54A06D7EE87AE44DE5B09E54
+IV=D8B9A8AD877EB320CCEAA25B548EDCFC
+CT=4F9B922C88C1750829D9088F16EDB529
+PT=05A705F6B55D3ACF3E95E8264FEFFDCC
+
+I=385
+KEY=64F9A7DF5DA898C968746F96692F1892FA7CAECDE1FD57B1D6EF0C6BAA5F6398
+IV=C2A741110AC91A3DEFA6AD8A26AA2161
+CT=05A705F6B55D3ACF3E95E8264FEFFDCC
+PT=D1FB7C1A698990AC81068D08BE1CE91F
+
+I=386
+KEY=019663655974433AD5731BC4388A067D2B87D2D78874C71D57E9816314438A87
+IV=656FC4BA04DCDBF3BD07745251A51EEF
+CT=D1FB7C1A698990AC81068D08BE1CE91F
+PT=A1CD24AAFCEE3A60A025B983D10D8E54
+
+I=387
+KEY=16EF87A84F0627345CED6385A62374778A4AF67D749AFD7DF7CC38E0C54E04D3
+IV=1779E4CD1672640E899E78419EA9720A
+CT=A1CD24AAFCEE3A60A025B983D10D8E54
+PT=B9064D063D2C8D8D935B53CBEF3224E2
+
+I=388
+KEY=80931C61E23BA976FFC9288F74AD876D334CBB7B49B670F064976B2B2A7C2031
+IV=967C9BC9AD3D8E42A3244B0AD28EF31A
+CT=B9064D063D2C8D8D935B53CBEF3224E2
+PT=8AD3B2222D84A4B25DC1311378027207
+
+I=389
+KEY=227ACE0315678DEE433049D8CDFEE2D8B99F09596432D44239565A38527E5236
+IV=A2E9D262F75C2498BCF96157B95365B5
+CT=8AD3B2222D84A4B25DC1311378027207
+PT=3A7FC9D43F1F997FAF4931101C5B5FD4
+
+I=390
+KEY=11799A22D50C53A89EDF396B7C7565AD83E0C08D5B2D4D3D961F6B284E250DE2
+IV=33035421C06BDE46DDEF70B3B18B8775
+CT=3A7FC9D43F1F997FAF4931101C5B5FD4
+PT=930860056FE2FDDC10059D09385C0415
+
+I=391
+KEY=58DE85D9975D5F8A16C47C834568EF1D10E8A08834CFB0E1861AF621767909F7
+IV=49A71FFB42510C22881B45E8391D8AB0
+CT=930860056FE2FDDC10059D09385C0415
+PT=F41CCB823840FF7D16C6990A14E591D9
+
+I=392
+KEY=3C8567CD05AF33761FE05FBDC2596EBFE4F46B0A0C8F4F9C90DC6F2B629C982E
+IV=645BE21492F26CFC0924233E873181A2
+CT=F41CCB823840FF7D16C6990A14E591D9
+PT=82899B698456363C175791B845D5736F
+
+I=393
+KEY=F50F05CBDDFEBE7A656EE5C08CC24FF5667DF06388D979A0878BFE932749EB41
+IV=C98A6206D8518D0C7A8EBA7D4E9B214A
+CT=82899B698456363C175791B845D5736F
+PT=CF85BFDA1DFF5ADFFAF1B3E000B407F3
+
+I=394
+KEY=B44AA91A374D1C5A7BD00557CBD24962A9F84FB99526237F7D7A4D7327FDECB2
+IV=4145ACD1EAB3A2201EBEE09747100697
+CT=CF85BFDA1DFF5ADFFAF1B3E000B407F3
+PT=34EEA75CC20C6EDEE9A5379C3B5CF01A
+
+I=395
+KEY=4C401127C0AFABBEA4C93FD80BA009CC9D16E8E5572A4DA194DF7AEF1CA11CA8
+IV=F80AB83DF7E2B7E4DF193A8FC07240AE
+CT=34EEA75CC20C6EDEE9A5379C3B5CF01A
+PT=27C6392ABE790B448CC9216B3FCF5454
+
+I=396
+KEY=44D59CB8EBCC91362462D1D8FE193270BAD0D1CFE95346E518165B84236E48FC
+IV=08958D9F2B633A8880ABEE00F5B93BBC
+CT=27C6392ABE790B448CC9216B3FCF5454
+PT=2C39AC10C7D51B61D8F437D9BAA24A55
+
+I=397
+KEY=E42795DA2BF8FA7A3B0E83923A5E243196E97DDF2E865D84C0E26C5D99CC02A9
+IV=A0F20962C0346B4C1F6C524AC4471641
+CT=2C39AC10C7D51B61D8F437D9BAA24A55
+PT=F828BC735827C106E61F8FFFE9453A77
+
+I=398
+KEY=7F05DC0CD80178018D3A90E4A0CE63156EC1C1AC76A19C8226FDE3A2708938DE
+IV=9B2249D6F3F9827BB63413769A904724
+CT=F828BC735827C106E61F8FFFE9453A77
+PT=DF8129A79852FEE2A8015A2379A7215B
+
+I=399
+KEY=935560C6072D897477D71AC4C12188D0B140E80BEEF362608EFCB981092E1985
+IV=EC50BCCADF2CF175FAED8A2061EFEBC5
+CT=DF8129A79852FEE2A8015A2379A7215B
+PT=CD6429CF3F81F8B4F82BC627A8283096
+
+===========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/cbc_e_m.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/cbc_e_m.txt
new file mode 100644
index 00000000..cd344785
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/cbc_e_m.txt
@@ -0,0 +1,7224 @@
+
+=========================
+
+FILENAME:  "cbc_e_m.txt"
+
+Cipher Block Chaining (CBC) Mode - ENCRYPTION
+Monte Carlo Test
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+==========
+
+KEYSIZE=128
+
+I=0
+KEY=00000000000000000000000000000000
+IV=00000000000000000000000000000000
+PT=00000000000000000000000000000000
+CT=8A05FC5E095AF4848A08D328D3688E3D
+
+I=1
+KEY=8A05FC5E095AF4848A08D328D3688E3D
+IV=8A05FC5E095AF4848A08D328D3688E3D
+PT=204F17E2444381F6114FF53934C0BCD3
+CT=192D9B3AA10BB2F7846CCBA0085C657A
+
+I=2
+KEY=93286764A85146730E641888DB34EB47
+IV=192D9B3AA10BB2F7846CCBA0085C657A
+PT=983BF6F5A6DFBCDAA19370666E83A99A
+CT=40D8DAF6D1FDA0A073B3BD18B7695D2E
+
+I=3
+KEY=D3F0BD9279ACE6D37DD7A5906C5DB669
+IV=40D8DAF6D1FDA0A073B3BD18B7695D2E
+PT=C48CD503A21C8AD0B2483EF15F79571D
+CT=3EDBE80D69A1D2248CA55FC17C4EF3C5
+
+I=4
+KEY=ED2B559F100D34F7F172FA51101345AC
+IV=3EDBE80D69A1D2248CA55FC17C4EF3C5
+PT=6A49A07B90CE830C20BC239646D936C0
+CT=D87891CF573C99EAE4349A70CA099415
+
+I=5
+KEY=3553C4504731AD1D15466021DA1AD1B9
+IV=D87891CF573C99EAE4349A70CA099415
+PT=0ACB9A969946F523317BB932CE1561A4
+CT=24E8F1013F479BBE655DF088C9316BC7
+
+I=6
+KEY=11BB3551787636A3701B90A9132BBA7E
+IV=24E8F1013F479BBE655DF088C9316BC7
+PT=3DFC8683C1D626A26E2513EB747E8B0F
+CT=2C92E80D8D1F70B411C28BD9FDABF21D
+
+I=7
+KEY=3D29DD5CF569461761D91B70EE804863
+IV=2C92E80D8D1F70B411C28BD9FDABF21D
+PT=FAE2D6A36DBD17199F257643C89EB608
+CT=A61810A2798A70A9D2B37E88DEF9AE0F
+
+I=8
+KEY=9B31CDFE8CE336BEB36A65F83079E66C
+IV=A61810A2798A70A9D2B37E88DEF9AE0F
+PT=CB97F090318A6B10F5044EB8333ECDD6
+CT=0034FA480DE6F65D98D30B026118718F
+
+I=9
+KEY=9B0537B68105C0E32BB96EFA516197E3
+IV=0034FA480DE6F65D98D30B026118718F
+PT=1B8030AC682BA677A7A3ACDC7FB33BB6
+CT=BEA24548CBC4A6630C9F1251F2C3DC51
+
+I=10
+KEY=25A772FE4AC1668027267CABA3A24BB2
+IV=BEA24548CBC4A6630C9F1251F2C3DC51
+PT=D0524282C9AC395508CB2991822E8F42
+CT=4F278DD0B06CBFBAA928635E7CA81B68
+
+I=11
+KEY=6A80FF2EFAADD93A8E0E1FF5DF0A50DA
+IV=4F278DD0B06CBFBAA928635E7CA81B68
+PT=49EA900E2F61DF8CDEA7D479F59C4C30
+CT=EDFF930BB183F8DAC2FC0BD01AD65882
+
+I=12
+KEY=877F6C254B2E21E04CF21425C5DC0858
+IV=EDFF930BB183F8DAC2FC0BD01AD65882
+PT=A1BBEB4E44EF725497B8C589192CC900
+CT=A6FE530E9509D48BAF30F601D04DB19D
+
+I=13
+KEY=21813F2BDE27F56BE3C2E2241591B9C5
+IV=A6FE530E9509D48BAF30F601D04DB19D
+PT=4AD71402771A83F41F7E3AC004150CB7
+CT=FF1148A2E07401F7291B418D62618B65
+
+I=14
+KEY=DE9077893E53F49CCAD9A3A977F032A0
+IV=FF1148A2E07401F7291B418D62618B65
+PT=AC47A1FD3490D6E809D40D4BEB8FF639
+CT=4420D4686F7A4D77A72810E89A5E0DF1
+
+I=15
+KEY=9AB0A3E15129B9EB6DF1B341EDAE3F51
+IV=4420D4686F7A4D77A72810E89A5E0DF1
+PT=F22E1865DD87A88238173FC693C382E7
+CT=A4C7DE5DF9E2B6A20A1E22F8D7496ACD
+
+I=16
+KEY=3E777DBCA8CB0F4967EF91B93AE7559C
+IV=A4C7DE5DF9E2B6A20A1E22F8D7496ACD
+PT=929EFB34B1C552221B648A3D2C678EC9
+CT=D93DBCCA25FA4D9D8C37B3F107FCFA3C
+
+I=17
+KEY=E74AC1768D3142D4EBD822483D1BAFA0
+IV=D93DBCCA25FA4D9D8C37B3F107FCFA3C
+PT=771C61ABB1E9BAB6F678336C8193307E
+CT=75F491C2EA85184ACA3C96B769FA9698
+
+I=18
+KEY=92BE50B467B45A9E21E4B4FF54E13938
+IV=75F491C2EA85184ACA3C96B769FA9698
+PT=55E42F98CCED821FE211D29674E77F48
+CT=A9C7536B77265ECBF7AC5ECD1EF5DDE2
+
+I=19
+KEY=3B7903DF10920455D648EA324A14E4DA
+IV=A9C7536B77265ECBF7AC5ECD1EF5DDE2
+PT=56BC0FA54F6F1E04A9A8893D3964EA68
+CT=3C749BF7EFA55CE924D1B33291C2B586
+
+I=20
+KEY=070D9828FF3758BCF2995900DBD6515C
+IV=3C749BF7EFA55CE924D1B33291C2B586
+PT=45D9BBBB1F3BB33EE182F09C90B1661C
+CT=C4708DBAEBD202CDD2054DDCB1AF7BAB
+
+I=21
+KEY=C37D159214E55A71209C14DC6A792AF7
+IV=C4708DBAEBD202CDD2054DDCB1AF7BAB
+PT=37765B154264AD781BBE5F5717DE7038
+CT=87457FD2EE747645576A27F46B00EC30
+
+I=22
+KEY=44386A40FA912C3477F633280179C6C7
+IV=87457FD2EE747645576A27F46B00EC30
+PT=A7150BBC7BE3837E145AB83E554B49DE
+CT=E25743DAD8E627803DA6C5E587C82384
+
+I=23
+KEY=A66F299A22770BB44A50F6CD86B1E543
+IV=E25743DAD8E627803DA6C5E587C82384
+PT=173343A8488146FC9E4B59C2DF42BAF3
+CT=0D0A78CD5E3EB40F92FB55351122E92B
+
+I=24
+KEY=AB6551577C49BFBBD8ABA3F897930C68
+IV=0D0A78CD5E3EB40F92FB55351122E92B
+PT=3B68CFE78B5DEA8F5165A2034D8C2823
+CT=1921B523A2F9B5F53C740D451C9FCE0C
+
+I=25
+KEY=B244E474DEB00A4EE4DFAEBD8B0CC264
+IV=1921B523A2F9B5F53C740D451C9FCE0C
+PT=FDDD484B52C7F3A32F4514BEF5A646E3
+CT=6EAC2BB6EDF35C1267FF4F10700F3CD7
+
+I=26
+KEY=DCE8CFC23343565C8320E1ADFB03FEB3
+IV=6EAC2BB6EDF35C1267FF4F10700F3CD7
+PT=CDAD592E5467AD1FA1B71D8AC050FCE0
+CT=D9624E40A8C9A2C58ABEDBAEB865DC1F
+
+I=27
+KEY=058A81829B8AF499099E3A03436622AC
+IV=D9624E40A8C9A2C58ABEDBAEB865DC1F
+PT=F9E90A4D7A9EF66818004CBC47C8C6EA
+CT=DE15C7322B32738BB493E7FA27AFE6E2
+
+I=28
+KEY=DB9F46B0B0B88712BD0DDDF964C9C44E
+IV=DE15C7322B32738BB493E7FA27AFE6E2
+PT=FE3CC4AE4A13AC8946407CEEE220290B
+CT=5822C79D627AD8A0C4975873D62C5E11
+
+I=29
+KEY=83BD812DD2C25FB2799A858AB2E59A5F
+IV=5822C79D627AD8A0C4975873D62C5E11
+PT=A5106EBD8888CC3A6884AC8E8EA9C97A
+CT=F5AD0473A4228662D9F76E7A5ED4DBDD
+
+I=30
+KEY=7610855E76E0D9D0A06DEBF0EC314182
+IV=F5AD0473A4228662D9F76E7A5ED4DBDD
+PT=4F30B073FB95CD0F0317E749F20E7A7D
+CT=4B39DA1FA331CFEB1D6713054C6E9474
+
+I=31
+KEY=3D295F41D5D1163BBD0AF8F5A05FD5F6
+IV=4B39DA1FA331CFEB1D6713054C6E9474
+PT=4850735E17F01A3B131E1B78B3A6EB96
+CT=32D1BE8640859CFAB16D64CE8795729B
+
+I=32
+KEY=0FF8E1C795548AC10C679C3B27CAA76D
+IV=32D1BE8640859CFAB16D64CE8795729B
+PT=A8C4B9E0069935CB046ACBB49C0B1205
+CT=47DC1150929AA9610938CB0CFE92995E
+
+I=33
+KEY=4824F09707CE23A0055F5737D9583E33
+IV=47DC1150929AA9610938CB0CFE92995E
+PT=13F5DA56D399A7DAA004D0BE76845E68
+CT=BCA6BD8971837B8A81B923E5B2ED0D83
+
+I=34
+KEY=F4824D1E764D582A84E674D26BB533B0
+IV=BCA6BD8971837B8A81B923E5B2ED0D83
+PT=8397C79E02FDFE6B7D47FA0181EA453A
+CT=23D991B7DA5E96966830E7B40B5A2D8A
+
+I=35
+KEY=D75BDCA9AC13CEBCECD6936660EF1E3A
+IV=23D991B7DA5E96966830E7B40B5A2D8A
+PT=18987E5504E23C0F862BCA8DFFC2B07F
+CT=17AA31C49F584DEF77C8E7891B11652B
+
+I=36
+KEY=C0F1ED6D334B83539B1E74EF7BFE7B11
+IV=17AA31C49F584DEF77C8E7891B11652B
+PT=A34D44CC1C6E171D7D48447F87E2F2C1
+CT=DD1F90F66D4062E6823F0F229562D110
+
+I=37
+KEY=1DEE7D9B5E0BE1B519217BCDEE9CAA01
+IV=DD1F90F66D4062E6823F0F229562D110
+PT=C9793582E22B8840BBAA3D7669208CCC
+CT=8F5B876777F7CA903B1D6346AA8BDAE7
+
+I=38
+KEY=92B5FAFC29FC2B25223C188B441770E6
+IV=8F5B876777F7CA903B1D6346AA8BDAE7
+PT=730EACFEE3817A94B88117ABB3F9CDE4
+CT=388780BA989C0A8BB5BD9E4086D91EF7
+
+I=39
+KEY=AA327A46B16021AE978186CBC2CE6E11
+IV=388780BA989C0A8BB5BD9E4086D91EF7
+PT=F004D3A14C6C94FA2D39BE0C71119658
+CT=7F4C33E4F5C055C05DB4B7691061B307
+
+I=40
+KEY=D57E49A244A0746ECA3531A2D2AFDD16
+IV=7F4C33E4F5C055C05DB4B7691061B307
+PT=575F86A5D1637CB86449F8BC0F1573D3
+CT=F6FE1919F174065AB31AC43E0D733A81
+
+I=41
+KEY=238050BBB5D47234792FF59CDFDCE797
+IV=F6FE1919F174065AB31AC43E0D733A81
+PT=14F8E2DB61B05E094CA4C0E9DA7800EE
+CT=4CB876F2DC169F955E639C6C916340A6
+
+I=42
+KEY=6F38264969C2EDA1274C69F04EBFA731
+IV=4CB876F2DC169F955E639C6C916340A6
+PT=F88BA2E4AA4ABDD381778DFD1DA1856F
+CT=AEEB80B469D89E45BC3426B6CCC50440
+
+I=43
+KEY=C1D3A6FD001A73E49B784F46827AA371
+IV=AEEB80B469D89E45BC3426B6CCC50440
+PT=195F74019B65C0F7D724491BDE8C8B88
+CT=2FD7CCDBDB2B2037C104F0A707A11EDA
+
+I=44
+KEY=EE046A26DB3153D35A7CBFE185DBBDAB
+IV=2FD7CCDBDB2B2037C104F0A707A11EDA
+PT=FF51887AB5FEC9C97CB61BB2DE9CDBC6
+CT=8DF7BB99B781C63F4F8B2A7D5DFF2960
+
+I=45
+KEY=63F3D1BF6CB095EC15F7959CD82494CB
+IV=8DF7BB99B781C63F4F8B2A7D5DFF2960
+PT=A35AAB0055E99FA980D59B242B8C6257
+CT=7D96ECC20571E9E85C16E3BDADA374CA
+
+I=46
+KEY=1E653D7D69C17C0449E176217587E001
+IV=7D96ECC20571E9E85C16E3BDADA374CA
+PT=02CC392194874CD531025588C96E2D22
+CT=AA1DC2E69CE582DFA9A1B435854FCBB1
+
+I=47
+KEY=B478FF9BF524FEDBE040C214F0C82BB0
+IV=AA1DC2E69CE582DFA9A1B435854FCBB1
+PT=94CC5DB118EF53C904B0EEC23AC650FD
+CT=DA0CA33BCCE4ABA1936833127D1F5E25
+
+I=48
+KEY=6E745CA039C0557A7328F1068DD77595
+IV=DA0CA33BCCE4ABA1936833127D1F5E25
+PT=52F009E929526E923BE4F43B66876725
+CT=B5E80FF4DADD69BB7493B9F72A752811
+
+I=49
+KEY=DB9C5354E31D3CC107BB48F1A7A25D84
+IV=B5E80FF4DADD69BB7493B9F72A752811
+PT=6B88B42E99E5B4F838064A711B71DE1F
+CT=5CDDCE45516C6D1654647A1A541AC435
+
+I=50
+KEY=87419D11B27151D753DF32EBF3B899B1
+IV=5CDDCE45516C6D1654647A1A541AC435
+PT=9E25CBDD8E2D7D68FF72932E35879175
+CT=3C7E88A9A6462D08ADA5910A3FCE611A
+
+I=51
+KEY=BB3F15B814377CDFFE7AA3E1CC76F8AB
+IV=3C7E88A9A6462D08ADA5910A3FCE611A
+PT=72A4EF1D82A3AC5C1DFDF8C4DCFB9F6E
+CT=E428200E1C3BE9A5141F73590B7473B8
+
+I=52
+KEY=5F1735B6080C957AEA65D0B8C7028B13
+IV=E428200E1C3BE9A5141F73590B7473B8
+PT=7CD8053F2FD743A44CC39F75C1E81075
+CT=AB3B8A79653E884053AFC8C14504AF77
+
+I=53
+KEY=F42CBFCF6D321D3AB9CA187982062464
+IV=AB3B8A79653E884053AFC8C14504AF77
+PT=0731077A8B6854CB90AFFAE3A3B199C4
+CT=53B7DFD6D12DDE7966C62FCC1946A4AC
+
+I=54
+KEY=A79B6019BC1FC343DF0C37B59B4080C8
+IV=53B7DFD6D12DDE7966C62FCC1946A4AC
+PT=E4E26CA1DA697F30E0542763313A79B7
+CT=6DEC201BBB90B66A3B2DFF4FA1DDF7C4
+
+I=55
+KEY=CA774002078F7529E421C8FA3A9D770C
+IV=6DEC201BBB90B66A3B2DFF4FA1DDF7C4
+PT=C2CF11681C4767A78B2F95AFB50CF155
+CT=F535B7CD4135A39E0E344BD2CFA14B83
+
+I=56
+KEY=3F42F7CF46BAD6B7EA158328F53C3C8F
+IV=F535B7CD4135A39E0E344BD2CFA14B83
+PT=606618948C1ED454B9B0F92435381D2D
+CT=209AC483682C48AA197BB64417127656
+
+I=57
+KEY=1FD8334C2E969E1DF36E356CE22E4AD9
+IV=209AC483682C48AA197BB64417127656
+PT=8F8A70AADF2F8BFB5E137F86AC83D32F
+CT=76F5F43A888D7F22D698A73810ED5B15
+
+I=58
+KEY=692DC776A61BE13F25F69254F2C311CC
+IV=76F5F43A888D7F22D698A73810ED5B15
+PT=E9E8AEBF16A5F4E1C26B4A385163E844
+CT=625C62F33C9548F2651FB0A08BF45286
+
+I=59
+KEY=0B71A5859A8EA9CD40E922F47937434A
+IV=625C62F33C9548F2651FB0A08BF45286
+PT=C69CFD36C50EBA06E3B3C4AB7C9B694E
+CT=3931CE6DF783063F26920D4048B00C82
+
+I=60
+KEY=32406BE86D0DAFF2667B2FB431874FC8
+IV=3931CE6DF783063F26920D4048B00C82
+PT=5DFE322DD692BA8DD9CD328A5AF9A3B7
+CT=A3CA3ECE725C84281144052A80EA5176
+
+I=61
+KEY=918A55261F512BDA773F2A9EB16D1EBE
+IV=A3CA3ECE725C84281144052A80EA5176
+PT=4BBD16BF74226F816767A7207C672C9A
+CT=94552690A231354F8F9BEF295E55F142
+
+I=62
+KEY=05DF73B6BD601E95F8A4C5B7EF38EFFC
+IV=94552690A231354F8F9BEF295E55F142
+PT=7055D0C535B2B0501FF6AAEE46E03818
+CT=771908987F00C2D822897E7EEA148F29
+
+I=63
+KEY=72C67B2EC260DC4DDA2DBBC9052C60D5
+IV=771908987F00C2D822897E7EEA148F29
+PT=7336B9D4977BDDA811C0C5EBEA539574
+CT=7AA84598115B181863081AFCC239EDD2
+
+I=64
+KEY=086E3EB6D33BC455B925A135C7158D07
+IV=7AA84598115B181863081AFCC239EDD2
+PT=5296C8546532BAEACBEC9F29916FB6B2
+CT=3D95967035AF639B2D2814DEB9B7F86A
+
+I=65
+KEY=35FBA8C6E694A7CE940DB5EB7EA2756D
+IV=3D95967035AF639B2D2814DEB9B7F86A
+PT=430880F5576C7783BC1336F900DDD037
+CT=4D70AAD2FC9EF403B463A72DB4CFE640
+
+I=66
+KEY=788B02141A0A53CD206E12C6CA6D932D
+IV=4D70AAD2FC9EF403B463A72DB4CFE640
+PT=E489B93778DE0C42FEFB6122ECA46BDC
+CT=165DDB405546934E81CB6B0B89B4A40E
+
+I=67
+KEY=6ED6D9544F4CC083A1A579CD43D93723
+IV=165DDB405546934E81CB6B0B89B4A40E
+PT=8E5481ACD58BFC5D141C1F71CDE91E37
+CT=693775A3661CE9D0E4CB4888431C64A5
+
+I=68
+KEY=07E1ACF729502953456E314500C55386
+IV=693775A3661CE9D0E4CB4888431C64A5
+PT=4AAA5E507EFB9FAD15E5F4C77F46AF89
+CT=C42391D50B1210C67B6AD642745A4DAC
+
+I=69
+KEY=C3C23D22224239953E04E707749F1E2A
+IV=C42391D50B1210C67B6AD642745A4DAC
+PT=4E0748F8716801B099494037485B8BA4
+CT=A4CB7F010AC42B4C3C14F02353F3644A
+
+I=70
+KEY=67094223288612D902101724276C7A60
+IV=A4CB7F010AC42B4C3C14F02353F3644A
+PT=0B7B41D57885DB37A2FC355C8D03FF3C
+CT=1BB0CBD24537B36EB555BE8C0FEC3A1F
+
+I=71
+KEY=7CB989F16DB1A1B7B745A9A82880407F
+IV=1BB0CBD24537B36EB555BE8C0FEC3A1F
+PT=4696F9A564354194142AB7B8630B4279
+CT=18B10BAE39D4FA58F586A067A8E38BC5
+
+I=72
+KEY=6408825F54655BEF42C309CF8063CBBA
+IV=18B10BAE39D4FA58F586A067A8E38BC5
+PT=0B59EBABAB994F2DDB3DE383454BECE8
+CT=C09C6670B93ECD303BA53DE58DD81A64
+
+I=73
+KEY=A494E42FED5B96DF7966342A0DBBD1DE
+IV=C09C6670B93ECD303BA53DE58DD81A64
+PT=2F897F3385E71133CEC8367411E830A3
+CT=45EA7CB9119DF7367294F9FE36D4A09F
+
+I=74
+KEY=E17E9896FCC661E90BF2CDD43B6F7141
+IV=45EA7CB9119DF7367294F9FE36D4A09F
+PT=8CDE9D975B51A098F4CAC93DC58C002F
+CT=02DDD735439A8AE03E976E629A6C992C
+
+I=75
+KEY=E3A34FA3BF5CEB093565A3B6A103E86D
+IV=02DDD735439A8AE03E976E629A6C992C
+PT=1E20571F82C2C6884A6F90A23FD3A925
+CT=B040686B866AE80A88B899031F2F0EE4
+
+I=76
+KEY=53E327C839360303BDDD3AB5BE2CE689
+IV=B040686B866AE80A88B899031F2F0EE4
+PT=0851624711970ADE2F456D5DAFB17E05
+CT=201756BC061706513264A3C489D95A0C
+
+I=77
+KEY=73F471743F2105528FB9997137F5BC85
+IV=201756BC061706513264A3C489D95A0C
+PT=E8B1410DE742136E71F54D31FEAA72EB
+CT=2EF27C31AA488648FCE0F1804D658092
+
+I=78
+KEY=5D060D459569831A735968F17A903C17
+IV=2EF27C31AA488648FCE0F1804D658092
+PT=97E0CA84C9B22C8942C7FC5088EAED04
+CT=7545F1D9C8F5F8B441EDCDAF00462344
+
+I=79
+KEY=2843FC9C5D9C7BAE32B4A55E7AD61F53
+IV=7545F1D9C8F5F8B441EDCDAF00462344
+PT=7B5572C09E998656B55C53748CF77C21
+CT=347875EFD6BD978CD1B2EA949F7E2358
+
+I=80
+KEY=1C3B89738B21EC22E3064FCAE5A83C0B
+IV=347875EFD6BD978CD1B2EA949F7E2358
+PT=A30001AA29D70B0A141B8FC8B9B2E210
+CT=9C956408BA335CCC9F02F31CC45FD5E6
+
+I=81
+KEY=80AEED7B3112B0EE7C04BCD621F7E9ED
+IV=9C956408BA335CCC9F02F31CC45FD5E6
+PT=839783D75859393B215010F63159FA45
+CT=B70E700F4A7ED08618754960B83BD0F2
+
+I=82
+KEY=37A09D747B6C60686471F5B699CC391F
+IV=B70E700F4A7ED08618754960B83BD0F2
+PT=1E3C630BC8C34BF8822686043D14E4D6
+CT=4721B6796F82D47D6EEB9CB11A19605E
+
+I=83
+KEY=70812B0D14EEB4150A9A690783D55941
+IV=4721B6796F82D47D6EEB9CB11A19605E
+PT=CEE1B977E8B75623CC4E2C4F4765FE2A
+CT=3382E1B076680BBBE7C451582016DD11
+
+I=84
+KEY=4303CABD6286BFAEED5E385FA3C38450
+IV=3382E1B076680BBBE7C451582016DD11
+PT=02365457AB60C892A0C34A7067AB7608
+CT=AB581732E06B90AA0C835C1C7B6D18B5
+
+I=85
+KEY=E85BDD8F82ED2F04E1DD6443D8AE9CE5
+IV=AB581732E06B90AA0C835C1C7B6D18B5
+PT=222B7ED84C648C12FFDD6E8E13EEC651
+CT=3E2E592CEEAD3B5E16860E80E406E882
+
+I=86
+KEY=D67584A36C40145AF75B6AC33CA87467
+IV=3E2E592CEEAD3B5E16860E80E406E882
+PT=7D24BD646EEBA44ED27B11DA42D72FF8
+CT=9163F6DBE0D8BB79A154D92E37A07E1C
+
+I=87
+KEY=471672788C98AF23560FB3ED0B080A7B
+IV=9163F6DBE0D8BB79A154D92E37A07E1C
+PT=42B571FFB3275F5A8E26616A3F0E3403
+CT=E1340E61513FE8146F29E111392E2C3A
+
+I=88
+KEY=A6227C19DDA74737392652FC32262641
+IV=E1340E61513FE8146F29E111392E2C3A
+PT=6EFD16D48E03B6E1CD74777ABC891DA8
+CT=3D703B4FD8A8A7F015D0FD47DE0C5A28
+
+I=89
+KEY=9B524756050FE0C72CF6AFBBEC2A7C69
+IV=3D703B4FD8A8A7F015D0FD47DE0C5A28
+PT=7956129687AC95397E14821A17F267DE
+CT=C5C6D2BAABDBE0B82CDFFFE7A92C8344
+
+I=90
+KEY=5E9495ECAED4007F0029505C4506FF2D
+IV=C5C6D2BAABDBE0B82CDFFFE7A92C8344
+PT=AC661770332FE0A45B80791C3A5D1241
+CT=6F7BDE1BD17C5B10064B52EB54EE90B0
+
+I=91
+KEY=31EF4BF77FA85B6F066202B711E86F9D
+IV=6F7BDE1BD17C5B10064B52EB54EE90B0
+PT=1DE0702C81667A979E5E3542DA95C5AD
+CT=DC7E35D5B02AFF4B92C190265E01C0F8
+
+I=92
+KEY=ED917E22CF82A42494A392914FE9AF65
+IV=DC7E35D5B02AFF4B92C190265E01C0F8
+PT=A491CB4321C757FD353B560C0B3EA4D0
+CT=D753F5A6C5D7E17F4024FD8675B23E7F
+
+I=93
+KEY=3AC28B840A55455BD4876F173A5B911A
+IV=D753F5A6C5D7E17F4024FD8675B23E7F
+PT=418FA3B3E9B4E463D04AC3A3361DCA57
+CT=B635529E8080B33E9AD6D79B8203112D
+
+I=94
+KEY=8CF7D91A8AD5F6654E51B88CB8588037
+IV=B635529E8080B33E9AD6D79B8203112D
+PT=C87E4ED505989807D1DBDA4769804EA3
+CT=43E763CD1B9EE4BC474B79C1E0DA2564
+
+I=95
+KEY=CF10BAD7914B12D9091AC14D5882A553
+IV=43E763CD1B9EE4BC474B79C1E0DA2564
+PT=042F084454D0EE01AB00D3921E1BCA06
+CT=C799956FF8A7A05B71123EBC4AA09C0C
+
+I=96
+KEY=08892FB869ECB2827808FFF11222395F
+IV=C799956FF8A7A05B71123EBC4AA09C0C
+PT=9A8E40400C51A438DCE498AD3455DE51
+CT=76679B0E26B1B6CA2A8D90944777C57F
+
+I=97
+KEY=7EEEB4B64F5D044852856F655555FC20
+IV=76679B0E26B1B6CA2A8D90944777C57F
+PT=227E122D3AF18A3CAA973B33B3356CE7
+CT=B2F52396F02D2DFFE36C5F9238AC1EBE
+
+I=98
+KEY=CC1B9720BF7029B7B1E930F76DF9E29E
+IV=B2F52396F02D2DFFE36C5F9238AC1EBE
+PT=0D9CDD97E2FE0E78CF16B1596DC20ABA
+CT=7C8EDD3A079835954238E0FE4872AAE1
+
+I=99
+KEY=B0954A1AB8E81C22F3D1D009258B487F
+IV=7C8EDD3A079835954238E0FE4872AAE1
+PT=925A7ECD233B3B3CCDE2221A03C5F720
+CT=D7C9FD3EF010C8577087591149D5640F
+
+I=100
+KEY=675CB72448F8D475835689186C5E2C70
+IV=D7C9FD3EF010C8577087591149D5640F
+PT=59FEFBE5179F0E7E48F3D97CDA314FF5
+CT=2608CCE6BA917551DEF84FA7BCA9B23C
+
+I=101
+KEY=41547BC2F269A1245DAEC6BFD0F79E4C
+IV=2608CCE6BA917551DEF84FA7BCA9B23C
+PT=7F24A1BA8762294194F76322A6B28A16
+CT=EFF1513B52D5D74D2202898AC99552C4
+
+I=102
+KEY=AEA52AF9A0BC76697FAC4F351962CC88
+IV=EFF1513B52D5D74D2202898AC99552C4
+PT=79B43F27F3E144C4EFBF383698A1EC90
+CT=B4B3B020D44D059666E86D22072916B5
+
+I=103
+KEY=1A169AD974F173FF194422171E4BDA3D
+IV=B4B3B020D44D059666E86D22072916B5
+PT=8BF20B60B4774354857BA2979CD396F9
+CT=6F1A3D43CC2171A808AE8D38396DE1D1
+
+I=104
+KEY=750CA79AB8D0025711EAAF2F27263BEC
+IV=6F1A3D43CC2171A808AE8D38396DE1D1
+PT=74955DDACFB8A5467D069F1EF341248B
+CT=47C23A68DA351C22EBF86FDBD8F723B4
+
+I=105
+KEY=32CE9DF262E51E75FA12C0F4FFD11858
+IV=47C23A68DA351C22EBF86FDBD8F723B4
+PT=25D7A186ED990020E10A23C5CFB1CEF9
+CT=D5F2E2C2CED730479D87E0AF0FEF8A73
+
+I=106
+KEY=E73C7F30AC322E326795205BF03E922B
+IV=D5F2E2C2CED730479D87E0AF0FEF8A73
+PT=13480F2EDCCB62B8F9A7DF98238571FC
+CT=F29A46A7F1B1D1D4F5FE30E569D7A801
+
+I=107
+KEY=15A639975D83FFE6926B10BE99E93A2A
+IV=F29A46A7F1B1D1D4F5FE30E569D7A801
+PT=75E138123B5A98596303ACF9DAEEA714
+CT=9F6E9A13913DF78AC67BD20303AF49B5
+
+I=108
+KEY=8AC8A384CCBE086C5410C2BD9A46739F
+IV=9F6E9A13913DF78AC67BD20303AF49B5
+PT=DBD0AE00FD06761626366EB251412A32
+CT=46AC9F42239B22A163CE0FDEAA103D44
+
+I=109
+KEY=CC643CC6EF252ACD37DECD6330564EDB
+IV=46AC9F42239B22A163CE0FDEAA103D44
+PT=B8768A8AF461C9547D1F982FE90E96B6
+CT=95D7C8F969B0EEB03FEC257043597315
+
+I=110
+KEY=59B3F43F8695C47D0832E813730F3DCE
+IV=95D7C8F969B0EEB03FEC257043597315
+PT=3D20CC8AD484048251C7A81C7E3CA59C
+CT=6B74AF42435BC640A826EC443207574E
+
+I=111
+KEY=32C75B7DC5CE023DA014045741086A80
+IV=6B74AF42435BC640A826EC443207574E
+PT=BF719F78B23BAFD4A50634BCD9361095
+CT=31E3919F36D79FBF61884227110C10FF
+
+I=112
+KEY=0324CAE2F3199D82C19C467050047A7F
+IV=31E3919F36D79FBF61884227110C10FF
+PT=E1D32740BB8B6D67AD3038887899F090
+CT=A1CD90683CE041D6CA20780176FDD5F4
+
+I=113
+KEY=A2E95A8ACFF9DC540BBC3E7126F9AF8B
+IV=A1CD90683CE041D6CA20780176FDD5F4
+PT=3069EA97F092ACDCF41649377B8FCBC8
+CT=7220F866A10DC711DC1D277B4C8F204D
+
+I=114
+KEY=D0C9A2EC6EF41B45D7A1190A6A768FC6
+IV=7220F866A10DC711DC1D277B4C8F204D
+PT=B0563A5E0EE1E2B96F3F7D04EE39EA7C
+CT=CF81CA348B98C532B172F032AE0A6FED
+
+I=115
+KEY=1F4868D8E56CDE7766D3E938C47CE02B
+IV=CF81CA348B98C532B172F032AE0A6FED
+PT=B1B78BD75C30DD4E1E198ACB98B498A6
+CT=99C990D64D27D47ED0C1E7F186AC6674
+
+I=116
+KEY=8681F80EA84B0A09B6120EC942D0865F
+IV=99C990D64D27D47ED0C1E7F186AC6674
+PT=D413E3CC66E9938E4E0CFC1975E38C8C
+CT=30C7DAD86FEF77C43A44A3EF8B116354
+
+I=117
+KEY=B64622D6C7A47DCD8C56AD26C9C1E50B
+IV=30C7DAD86FEF77C43A44A3EF8B116354
+PT=CD85D9334481AE85B8816233CA4AF7DB
+CT=9E717B45239DD908138837154B803654
+
+I=118
+KEY=28375993E439A4C59FDE9A338241D35F
+IV=9E717B45239DD908138837154B803654
+PT=925BA3760D655D5B788802DDE25732BB
+CT=4A6E32C01709EBCCC9BCA43FD5DFDFB3
+
+I=119
+KEY=62596B53F3304F0956623E0C579E0CEC
+IV=4A6E32C01709EBCCC9BCA43FD5DFDFB3
+PT=0AA6264BFCC7BD07FA8F94E1EF739633
+CT=7263392DC9DA868BC0317A6D4AD52553
+
+I=120
+KEY=103A527E3AEAC982965344611D4B29BF
+IV=7263392DC9DA868BC0317A6D4AD52553
+PT=FB385BD8ECE7C4DFE2351D851141888D
+CT=AA49B1DDA3AF4D05D861667E88AD61AB
+
+I=121
+KEY=BA73E3A3994584874E32221F95E64814
+IV=AA49B1DDA3AF4D05D861667E88AD61AB
+PT=510E13E20BB06EAD335F10F2C69831D3
+CT=3AC256A92F69AF35DB05DDCA61CF1EE4
+
+I=122
+KEY=80B1B50AB62C2BB29537FFD5F42956F0
+IV=3AC256A92F69AF35DB05DDCA61CF1EE4
+PT=0A07CAA0EC6CB726F1A38847253BECB6
+CT=037497736381429A5E5A139C44A6C64A
+
+I=123
+KEY=83C52279D5AD6928CB6DEC49B08F90BA
+IV=037497736381429A5E5A139C44A6C64A
+PT=864FEF67C8902757E2CFB28DA2EF3C8D
+CT=5393D7F9F37A5B9F1F82C1BE20435149
+
+I=124
+KEY=D056F58026D732B7D4EF2DF790CCC1F3
+IV=5393D7F9F37A5B9F1F82C1BE20435149
+PT=ED2D2A671677067B30540D4C9D86905F
+CT=2969AC5FB94EC76209C6DF58F6B8AA01
+
+I=125
+KEY=F93F59DF9F99F5D5DD29F2AF66746BF2
+IV=2969AC5FB94EC76209C6DF58F6B8AA01
+PT=67ED14454DAD764C1772BCB1E0527954
+CT=150F94E1940F9D2ACC735F79B0912A06
+
+I=126
+KEY=EC30CD3E0B9668FF115AADD6D6E541F4
+IV=150F94E1940F9D2ACC735F79B0912A06
+PT=517A4852F68370EDD879E32F52FD4D2B
+CT=6EFD8E4E4C096A2033B3DA8A1F0066AF
+
+I=127
+KEY=82CD4370479F02DF22E9775CC9E5275B
+IV=6EFD8E4E4C096A2033B3DA8A1F0066AF
+PT=DBF4CAD912437115658E5BA5E1724739
+CT=899D9126CD85D2D4053AD9EE7156041B
+
+I=128
+KEY=0B50D2568A1AD00B27D3AEB2B8B32340
+IV=899D9126CD85D2D4053AD9EE7156041B
+PT=69B302F96AFCF802AC639EBABC52ECFB
+CT=819E4B8319807088FF306E125E52DAD3
+
+I=129
+KEY=8ACE99D5939AA083D8E3C0A0E6E1F993
+IV=819E4B8319807088FF306E125E52DAD3
+PT=F5CA57371833F0AF98F0EC02DFE518ED
+CT=4DFA3739235D14660DF7D5FDE36F6567
+
+I=130
+KEY=C734AEECB0C7B4E5D514155D058E9CF4
+IV=4DFA3739235D14660DF7D5FDE36F6567
+PT=29BBD9264B9792BED8A8EFA43F943A7D
+CT=4EA36ECCBCCD9FAFD8FB588BD53826A7
+
+I=131
+KEY=8997C0200C0A2B4A0DEF4DD6D0B6BA53
+IV=4EA36ECCBCCD9FAFD8FB588BD53826A7
+PT=149120CFC3D7C671F287AA77A4A3EF97
+CT=0282357C78C8944A5520AF80506DE30D
+
+I=132
+KEY=8B15F55C74C2BF0058CFE25680DB595E
+IV=0282357C78C8944A5520AF80506DE30D
+PT=02C2E0CCB12F5216213D493325F38FC3
+CT=C827C36F654137A2BB127D1782285B10
+
+I=133
+KEY=43323633118388A2E3DD9F4102F3024E
+IV=C827C36F654137A2BB127D1782285B10
+PT=FA1693AD90401791FF9093A562EC66EB
+CT=3723A94BC91032BF8DB599ABEFB784D1
+
+I=134
+KEY=74119F78D893BA1D6E6806EAED44869F
+IV=3723A94BC91032BF8DB599ABEFB784D1
+PT=5410CBE33ABB58AB0B0E86F5817E6F2C
+CT=26A520B5B475632EE8806648BFC028AF
+
+I=135
+KEY=52B4BFCD6CE6D93386E860A25284AE30
+IV=26A520B5B475632EE8806648BFC028AF
+PT=B01A11D200C24F4333029DE3BFF49601
+CT=36D5E00E0A53D7CE1498215AFA686905
+
+I=136
+KEY=64615FC366B50EFD927041F8A8ECC735
+IV=36D5E00E0A53D7CE1498215AFA686905
+PT=252E4460E9A391D54CE9E516663E59AE
+CT=829F0B7B17ED5F2FB7A014A6CD9D8052
+
+I=137
+KEY=E6FE54B8715851D225D0555E65714767
+IV=829F0B7B17ED5F2FB7A014A6CD9D8052
+PT=BCC51A6493F6847BEA8219329F67308D
+CT=BAB1D358D08DA13BEC485051F2EBFE2E
+
+I=138
+KEY=5C4F87E0A1D5F0E9C998050F979AB949
+IV=BAB1D358D08DA13BEC485051F2EBFE2E
+PT=D89236011B3C2338E95322D4716AEE59
+CT=29BA99F8CF8B48134B1330E75BD7254E
+
+I=139
+KEY=75F51E186E5EB8FA828B35E8CC4D9C07
+IV=29BA99F8CF8B48134B1330E75BD7254E
+PT=21D0EB5857C93A0D4D75253E1020C00E
+CT=9D557274FE14AA69673441117A2D7DA2
+
+I=140
+KEY=E8A06C6C904A1293E5BF74F9B660E1A5
+IV=9D557274FE14AA69673441117A2D7DA2
+PT=3C3BB454584C4C7570089B6E631BA035
+CT=543EF50A024E77ACE685BD0BBB47232D
+
+I=141
+KEY=BC9E99669204653F033AC9F20D27C288
+IV=543EF50A024E77ACE685BD0BBB47232D
+PT=8ED890BC903AEAC7C3C685980EDB3370
+CT=884BD68868D89DE9DEDB2D95A8B992FB
+
+I=142
+KEY=34D54FEEFADCF8D6DDE1E467A59E5073
+IV=884BD68868D89DE9DEDB2D95A8B992FB
+PT=684DEBD6DEDE24BD0F4F8AFA47F08AEF
+CT=DB00984CAEB14CF5A1FDE8E8E9C03830
+
+I=143
+KEY=EFD5D7A2546DB4237C1C0C8F4C5E6843
+IV=DB00984CAEB14CF5A1FDE8E8E9C03830
+PT=C42B245443F2695F306455199C7C76FE
+CT=0CA808425E8EBDDD5519130F4900329F
+
+I=144
+KEY=E37DDFE00AE309FE29051F80055E5ADC
+IV=0CA808425E8EBDDD5519130F4900329F
+PT=1655F89334CCB6ED8E140088997BD2D1
+CT=0DAE2F85CD81874DCD7368277D0C386D
+
+I=145
+KEY=EED3F065C7628EB3E47677A7785262B1
+IV=0DAE2F85CD81874DCD7368277D0C386D
+PT=2B7A2DF6E0CAC83837AFDC8B2134E6A6
+CT=E3BF66A6784432E6CE61B769C3CFDB35
+
+I=146
+KEY=0D6C96C3BF26BC552A17C0CEBB9DB984
+IV=E3BF66A6784432E6CE61B769C3CFDB35
+PT=8FED19E77B9690EC8F70272364B4EB74
+CT=473925552401311F24EE4F40B5A3ECB5
+
+I=147
+KEY=4A55B3969B278D4A0EF98F8E0E3E5531
+IV=473925552401311F24EE4F40B5A3ECB5
+PT=032D9AF654037E2586B12CF031E4AB4C
+CT=E9E1E4ACF3F4E25CB8093F6B27665DFF
+
+I=148
+KEY=A3B4573A68D36F16B6F0B0E5295808CE
+IV=E9E1E4ACF3F4E25CB8093F6B27665DFF
+PT=E6EF26B3721F6C772D231584DD480441
+CT=2D9F85D63FED609876DF97F0E6B85564
+
+I=149
+KEY=8E2BD2EC573E0F8EC02F2715CFE05DAA
+IV=2D9F85D63FED609876DF97F0E6B85564
+PT=E641EBC4A734C71669D948F1BEEE675A
+CT=3A61F4BED09FD7A7AED71E9FD53D2EE3
+
+I=150
+KEY=B44A265287A1D8296EF8398A1ADD7349
+IV=3A61F4BED09FD7A7AED71E9FD53D2EE3
+PT=36DB43747CD9215857886A0DE2008509
+CT=6BE2AD95F4A642F3FD73D9543B53D479
+
+I=151
+KEY=DFA88BC773079ADA938BE0DE218EA730
+IV=6BE2AD95F4A642F3FD73D9543B53D479
+PT=58A73313B31B8C1EB3C144C9363EE94B
+CT=BF198D336DF857BFBA069634C25CF45B
+
+I=152
+KEY=60B106F41EFFCD65298D76EAE3D2536B
+IV=BF198D336DF857BFBA069634C25CF45B
+PT=E0974E1BBEFE21422ECED27858535F87
+CT=7945132F6F7EED6B61E1CF9C47E2AB2A
+
+I=153
+KEY=19F415DB7181200E486CB976A430F841
+IV=7945132F6F7EED6B61E1CF9C47E2AB2A
+PT=6F36B63A1A8B426282CA4E61B7E37B3A
+CT=AF441F330C8C199E9776D92A92B02216
+
+I=154
+KEY=B6B00AE87D0D3990DF1A605C3680DA57
+IV=AF441F330C8C199E9776D92A92B02216
+PT=99AD2B814D3A4C0E1C27D4251C55C74A
+CT=F34463A538E46E87B0F24EAA36B674A7
+
+I=155
+KEY=45F4694D45E957176FE82EF60036AEF0
+IV=F34463A538E46E87B0F24EAA36B674A7
+PT=6D05C19E42D0561C198A10FA55F4C870
+CT=5D54D3C72D55015D0149FA1591208824
+
+I=156
+KEY=18A0BA8A68BC564A6EA1D4E3911626D4
+IV=5D54D3C72D55015D0149FA1591208824
+PT=7AA7A04DE8CD21F59BA5369CA175CEC3
+CT=D2EBE35C33210B39CD4F443BB577DBD8
+
+I=157
+KEY=CA4B59D65B9D5D73A3EE90D82461FD0C
+IV=D2EBE35C33210B39CD4F443BB577DBD8
+PT=2DA2A48FE13FA4DD5271A02FB7F98AEC
+CT=2F4AD89C0D915DF978160E9E882AD28E
+
+I=158
+KEY=E501814A560C008ADBF89E46AC4B2F82
+IV=2F4AD89C0D915DF978160E9E882AD28E
+PT=82EB831B9FF9DA7D06553A456133766B
+CT=09A04C7CBED3D60ADB6CFDD012DEED17
+
+I=159
+KEY=ECA1CD36E8DFD68000946396BE95C295
+IV=09A04C7CBED3D60ADB6CFDD012DEED17
+PT=8D4FD1CE8CB9745E9E65182D94F8307A
+CT=193C6FAB40C87C7029983EDD52628400
+
+I=160
+KEY=F59DA29DA817AAF0290C5D4BECF74695
+IV=193C6FAB40C87C7029983EDD52628400
+PT=F06A061082E499E65A5DED0D22323F57
+CT=7166BD655D8128E7B09D37B38478B480
+
+I=161
+KEY=84FB1FF8F596821799916AF8688FF215
+IV=7166BD655D8128E7B09D37B38478B480
+PT=DCEC808551EA98534E1A9EDF457125DA
+CT=5DFAAFB695D34A7AF2D39CD2D01FD4BD
+
+I=162
+KEY=D901B04E6045C86D6B42F62AB89026A8
+IV=5DFAAFB695D34A7AF2D39CD2D01FD4BD
+PT=FAE59C96604D062F49C8C93FA7E4D5FC
+CT=85F63AFC88A1CED4E73B849C295692F2
+
+I=163
+KEY=5CF78AB2E8E406B98C7972B691C6B45A
+IV=85F63AFC88A1CED4E73B849C295692F2
+PT=7FE1EA6A7A525A7E0222D6269F7D6A40
+CT=DC60A8554BF9E783D0E92283EC0D00AF
+
+I=164
+KEY=809722E7A31DE13A5C9050357DCBB4F5
+IV=DC60A8554BF9E783D0E92283EC0D00AF
+PT=89C93828CE30D4CD7025D9F2CF864371
+CT=EF10720E8F10FBABC96BB5F4E5287D12
+
+I=165
+KEY=6F8750E92C0D1A9195FBE5C198E3C9E7
+IV=EF10720E8F10FBABC96BB5F4E5287D12
+PT=A8DEA35D4A712ACE8F38A2CA2CB6BCFB
+CT=EED271733DC7B81AD09C86C8F8D69255
+
+I=166
+KEY=8155219A11CAA28B4567630960355BB2
+IV=EED271733DC7B81AD09C86C8F8D69255
+PT=6720AD239EFECF5785B238D4DA39DD6A
+CT=DC47B1FAC154CB0C39ADF4C92F8C2902
+
+I=167
+KEY=5D129060D09E69877CCA97C04FB972B0
+IV=DC47B1FAC154CB0C39ADF4C92F8C2902
+PT=D41DEA3BC44CC552B5ACCFEEFAF225F5
+CT=AD4828834513730BF275C854D35BF09E
+
+I=168
+KEY=F05AB8E3958D1A8C8EBF5F949CE2822E
+IV=AD4828834513730BF275C854D35BF09E
+PT=5059DA9258A7DE12865E1E2173399BC9
+CT=82CA6B085A452CFDFFBDE5C7B738CDAB
+
+I=169
+KEY=7290D3EBCFC836717102BA532BDA4F85
+IV=82CA6B085A452CFDFFBDE5C7B738CDAB
+PT=9625B8A444C3E4D3554A8C6E33E1B810
+CT=4F44C38189E1011970690D0ED4BCB9C7
+
+I=170
+KEY=3DD4106A46293768016BB75DFF66F642
+IV=4F44C38189E1011970690D0ED4BCB9C7
+PT=373FBCA7529A9FA9AF77295FC55B0BEE
+CT=27BE0578B0F898C04133AA4D3C1A5A7C
+
+I=171
+KEY=1A6A1512F6D1AFA840581D10C37CAC3E
+IV=27BE0578B0F898C04133AA4D3C1A5A7C
+PT=37FC0A286DFFD5A76643D1D45C858F64
+CT=B9C70B34F78F3DA7796C32D0918474A5
+
+I=172
+KEY=A3AD1E26015E920F39342FC052F8D89B
+IV=B9C70B34F78F3DA7796C32D0918474A5
+PT=E1EAC69AA2A8F05B8747E2624D00F4BB
+CT=846985C471F10676E63BCD09C32506F3
+
+I=173
+KEY=27C49BE270AF9479DF0FE2C991DDDE68
+IV=846985C471F10676E63BCD09C32506F3
+PT=6EB0046D9C6854C63447296F4F6D3D21
+CT=F754559746C52113C29AF782E96B6105
+
+I=174
+KEY=D090CE75366AB56A1D95154B78B6BF6D
+IV=F754559746C52113C29AF782E96B6105
+PT=F65269422328F40D8A53F4F14DB88583
+CT=AE6B4EABF8DC479A1E3F8C3F30A4A797
+
+I=175
+KEY=7EFB80DECEB6F2F003AA9974481218FA
+IV=AE6B4EABF8DC479A1E3F8C3F30A4A797
+PT=765B38DC041DEC130A3A294D9F89A16D
+CT=87645926B9D85AC4AB023D2104CC3FA2
+
+I=176
+KEY=F99FD9F8776EA834A8A8A4554CDE2758
+IV=87645926B9D85AC4AB023D2104CC3FA2
+PT=8070950120E0FBE07C70B171364AD173
+CT=0125D51139CE00DB848B8A9AD3FEB90B
+
+I=177
+KEY=F8BA0CE94EA0A8EF2C232ECF9F209E53
+IV=0125D51139CE00DB848B8A9AD3FEB90B
+PT=1EF45DD2CD61667469569CFAD445341C
+CT=E1651756A2C0D132C671D74748244E49
+
+I=178
+KEY=19DF1BBFEC6079DDEA52F988D704D01A
+IV=E1651756A2C0D132C671D74748244E49
+PT=26BEF7E8A3D0AC50DC64B8215CCBC44F
+CT=94049FBD554A6CFFE7927D6EC07D6242
+
+I=179
+KEY=8DDB8402B92A15220DC084E61779B258
+IV=94049FBD554A6CFFE7927D6EC07D6242
+PT=803F34FA967583623D0CA4D76FC56787
+CT=974BBE04952D8F0DD70F4353FEB092EB
+
+I=180
+KEY=1A903A062C079A2FDACFC7B5E9C920B3
+IV=974BBE04952D8F0DD70F4353FEB092EB
+PT=023E5D307CE85244144D59A53DB504E7
+CT=2615B9F94F9024EA616648FF15E3B65F
+
+I=181
+KEY=3C8583FF6397BEC5BBA98F4AFC2A96EC
+IV=2615B9F94F9024EA616648FF15E3B65F
+PT=1A84130B09CE3E7AB1F400B9FE295BEB
+CT=39A2A3B6EFB5EBE805CBAD5817EAEEDA
+
+I=182
+KEY=052720498C22552DBE622212EBC07836
+IV=39A2A3B6EFB5EBE805CBAD5817EAEEDA
+PT=B83609055302D99DE46B7153AE3DFCE2
+CT=93F72B839E2AD731B5E894B56ADADCF4
+
+I=183
+KEY=96D00BCA1208821C0B8AB6A7811AA4C2
+IV=93F72B839E2AD731B5E894B56ADADCF4
+PT=85E69EBDE13C05526EA8AE1D24B487F3
+CT=D0ADA333801DFDBFC2420B73CD2B92A5
+
+I=184
+KEY=467DA8F992157FA3C9C8BDD44C313667
+IV=D0ADA333801DFDBFC2420B73CD2B92A5
+PT=F24782E953B9B1BBF3B925659C99415B
+CT=F59A3D0B65E8F16DC73CCD6C27E8C705
+
+I=185
+KEY=B3E795F2F7FD8ECE0EF470B86BD9F162
+IV=F59A3D0B65E8F16DC73CCD6C27E8C705
+PT=73BE517552E054D78583BEA03B84A245
+CT=7904DBE3A103D936EB4B960C180B0651
+
+I=186
+KEY=CAE34E1156FE57F8E5BFE6B473D2F733
+IV=7904DBE3A103D936EB4B960C180B0651
+PT=91998E9582D8357DD5D8B95A9D85912F
+CT=C2DE0D0145A45DEABD6DE1FD62161EB1
+
+I=187
+KEY=083D4310135A0A1258D2074911C4E982
+IV=C2DE0D0145A45DEABD6DE1FD62161EB1
+PT=2A5D4EC49712B9CF1E2D9C6C5EFACC2A
+CT=974264BDC574C738243DDC008EC4C15A
+
+I=188
+KEY=9F7F27ADD62ECD2A7CEFDB499F0028D8
+IV=974264BDC574C738243DDC008EC4C15A
+PT=F74520C3745B9B9F9D19642AA57451FB
+CT=F4EE51C2ECC32F4806F9C8588880525B
+
+I=189
+KEY=6B91766F3AEDE2627A16131117807A83
+IV=F4EE51C2ECC32F4806F9C8588880525B
+PT=4A7D6FC6712F451F58DF0AC2D517189E
+CT=F4978F5F53AA4C336BEE0C62F432B44F
+
+I=190
+KEY=9F06F9306947AE5111F81F73E3B2CECC
+IV=F4978F5F53AA4C336BEE0C62F432B44F
+PT=00DAD17491C973991FEC296972B691BC
+CT=09DAA53C2E394BF83113BE48E5D0CCA2
+
+I=191
+KEY=96DC5C0C477EE5A920EBA13B0662026E
+IV=09DAA53C2E394BF83113BE48E5D0CCA2
+PT=C00943704C1336F01A1D23FD98BE7E8B
+CT=D0DE529664BF241DBED3168DA5BC1B28
+
+I=192
+KEY=46020E9A23C1C1B49E38B7B6A3DE1946
+IV=D0DE529664BF241DBED3168DA5BC1B28
+PT=A07FAD9770CC32C5680F33A2D67044A4
+CT=F6A44922B3744BE96C46742A79A49CBB
+
+I=193
+KEY=B0A647B890B58A5DF27EC39CDA7A85FD
+IV=F6A44922B3744BE96C46742A79A49CBB
+PT=D5450C670BE84169AD1E62C5ECB8365F
+CT=47D229908D4C1EA34E429C34B7D635F5
+
+I=194
+KEY=F7746E281DF994FEBC3C5FA86DACB008
+IV=47D229908D4C1EA34E429C34B7D635F5
+PT=9E90D30BE92104667A16522237D645A6
+CT=6463AC2096842A0958ACF45370C0626F
+
+I=195
+KEY=9317C2088B7DBEF7E490ABFB1D6CD267
+IV=6463AC2096842A0958ACF45370C0626F
+PT=74382A7BF713DE8E8D17AE389E03C3AC
+CT=ECDCEF7613C362D288AC23D38722DC4C
+
+I=196
+KEY=7FCB2D7E98BEDC256C3C88289A4E0E2B
+IV=ECDCEF7613C362D288AC23D38722DC4C
+PT=DB2EC6F41A72F426D9F5DBC65CEC1C5C
+CT=DFE2DA423ACE2DFB053265E9E9B214E2
+
+I=197
+KEY=A029F73CA270F1DE690EEDC173FC1AC9
+IV=DFE2DA423ACE2DFB053265E9E9B214E2
+PT=35998CB9958DC9DE0550FC3EA722D571
+CT=5EBCA79BF99165D9FFE355D9B24ECB5D
+
+I=198
+KEY=FE9550A75BE1940796EDB818C1B2D194
+IV=5EBCA79BF99165D9FFE355D9B24ECB5D
+PT=9BDA7BC96736FE2140911C98E8E02E1C
+CT=782D3EFD5F599E8D3C85D06128677EC2
+
+I=199
+KEY=86B86E5A04B80A8AAA686879E9D5AF56
+IV=782D3EFD5F599E8D3C85D06128677EC2
+PT=8014C1F398E4DCC7F4E5E09E5FAFB080
+CT=E01AE2D961F31BBAE3DA7429627572AB
+
+I=200
+KEY=66A28C83654B113049B21C508BA0DDFD
+IV=E01AE2D961F31BBAE3DA7429627572AB
+PT=97D66D66D1731EEFF14519620616A10B
+CT=BC41ED9D568D6ED36212C92DEEB40A0E
+
+I=201
+KEY=DAE3611E33C67FE32BA0D57D6514D7F3
+IV=BC41ED9D568D6ED36212C92DEEB40A0E
+PT=F7646B60C237ED24F467141980EB4F00
+CT=CB8DF2D164E5B4AB3193D02E71959F63
+
+I=202
+KEY=116E93CF5723CB481A33055314814890
+IV=CB8DF2D164E5B4AB3193D02E71959F63
+PT=4A3A241B26AC7A1C88AA2FB750DF6E5A
+CT=E396FB47A686ABAA350B84C250E5EAE9
+
+I=203
+KEY=F2F86888F1A560E22F3881914464A279
+IV=E396FB47A686ABAA350B84C250E5EAE9
+PT=A71348309D176A072167C4B1B8A295C0
+CT=29AF21F96564EB591E9A60B1BE88DEC7
+
+I=204
+KEY=DB57497194C18BBB31A2E120FAEC7CBE
+IV=29AF21F96564EB591E9A60B1BE88DEC7
+PT=BC528364EF78D6432177FE0CF1CDECD1
+CT=34CD9D96D4455AE0C15B6B970F1EC905
+
+I=205
+KEY=EF9AD4E74084D15BF0F98AB7F5F2B5BB
+IV=34CD9D96D4455AE0C15B6B970F1EC905
+PT=18972F6992299533EE23AA5824C25892
+CT=2E05E3E2079A055310FD9318590A6F41
+
+I=206
+KEY=C19F3705471ED408E00419AFACF8DAFA
+IV=2E05E3E2079A055310FD9318590A6F41
+PT=5441FF0D0A4062D5D0DF29BF2FDA85B4
+CT=47D4EAECE59C733EEFCB7B9D5BE95A98
+
+I=207
+KEY=864BDDE9A282A7360FCF6232F7118062
+IV=47D4EAECE59C733EEFCB7B9D5BE95A98
+PT=ED3E19B5AB5389AA3A58D97F6604F4C0
+CT=00525B7D5BFC0651AEF6770F6281E6DC
+
+I=208
+KEY=86198694F97EA167A139153D959066BE
+IV=00525B7D5BFC0651AEF6770F6281E6DC
+PT=8BD4869C88A9BD3DCFE89B98B93F6EB3
+CT=AFB2215E6DC04E9467F44227FD4BDB98
+
+I=209
+KEY=29ABA7CA94BEEFF3C6CD571A68DBBD26
+IV=AFB2215E6DC04E9467F44227FD4BDB98
+PT=6E7269FC27BDCC42D64CEF41A612F771
+CT=7B769B90279C95E31D8B3D792FA27FA8
+
+I=210
+KEY=52DD3C5AB3227A10DB466A634779C28E
+IV=7B769B90279C95E31D8B3D792FA27FA8
+PT=E00316E79DC10D179002B1BACC146027
+CT=E3870CDE5CF99B7C4C489AF81153002F
+
+I=211
+KEY=B15A3084EFDBE16C970EF09B562AC2A1
+IV=E3870CDE5CF99B7C4C489AF81153002F
+PT=FB2FC78A79C33225E6EAAA06B76FA793
+CT=4DFC91F8971635348EF35141E8C291F7
+
+I=212
+KEY=FCA6A17C78CDD45819FDA1DABEE85356
+IV=4DFC91F8971635348EF35141E8C291F7
+PT=69C8EE14F21832BB077F1A5414851FFE
+CT=DA51BE36F96AA8C80DED9DB2A701D72F
+
+I=213
+KEY=26F71F4A81A77C9014103C6819E98479
+IV=DA51BE36F96AA8C80DED9DB2A701D72F
+PT=766EC1664D2194E0F89B69861A4A8501
+CT=2ACA6359CD935CA2294F9FB5A50F4993
+
+I=214
+KEY=0C3D7C134C3420323D5FA3DDBCE6CDEA
+IV=2ACA6359CD935CA2294F9FB5A50F4993
+PT=1D95E551169BD538836CC349BC6B1772
+CT=315518F0AC6C1DC9939CB802336DA968
+
+I=215
+KEY=3D6864E3E0583DFBAEC31BDF8F8B6482
+IV=315518F0AC6C1DC9939CB802336DA968
+PT=4F6BFE727AECDAB5A32DF8CFFC43D6A9
+CT=34C3ECD89376B4D771CA0669C2C3E26C
+
+I=216
+KEY=09AB883B732E892CDF091DB64D4886EE
+IV=34C3ECD89376B4D771CA0669C2C3E26C
+PT=AA8B1DA2E015D482EE08FA2B4A2B77B6
+CT=A3F4DD9DDC375C90579C274527612C6E
+
+I=217
+KEY=AA5F55A6AF19D5BC88953AF36A29AA80
+IV=A3F4DD9DDC375C90579C274527612C6E
+PT=2EE6982D9E0AA5FCB61F3E66E52A0D6D
+CT=C45C9E4DE76782E2599BD73B132BFE90
+
+I=218
+KEY=6E03CBEB487E575ED10EEDC879025410
+IV=C45C9E4DE76782E2599BD73B132BFE90
+PT=6E58E5B1EDF1BFABAD643D8223F0FA81
+CT=32221DA62DA2B441B5E66A197A5C69F1
+
+I=219
+KEY=5C21D64D65DCE31F64E887D1035E3DE1
+IV=32221DA62DA2B441B5E66A197A5C69F1
+PT=D5A81DF4B6BE17A531478961D78CAB46
+CT=E1FEB5C31B1671F15DC1F7713E5DD7FE
+
+I=220
+KEY=BDDF638E7ECA92EE392970A03D03EA1F
+IV=E1FEB5C31B1671F15DC1F7713E5DD7FE
+PT=D360948141A1D3ECFF5E8D6BDC022685
+CT=FF07F02135FB458D63EE68C4B1463A99
+
+I=221
+KEY=42D893AF4B31D7635AC718648C45D086
+IV=FF07F02135FB458D63EE68C4B1463A99
+PT=E3C1E44333C9307E90EE2FBA6A7708A5
+CT=1AE4E8466B84B59EECF5E6BEB6140DF2
+
+I=222
+KEY=583C7BE920B562FDB632FEDA3A51DD74
+IV=1AE4E8466B84B59EECF5E6BEB6140DF2
+PT=653AA343CE35F72E2ADB5FFCD2DFCBA8
+CT=3CB44BC123DDCD55B812D265CC5E974E
+
+I=223
+KEY=648830280368AFA80E202CBFF60F4A3A
+IV=3CB44BC123DDCD55B812D265CC5E974E
+PT=E96A66BFE5F0E8083A01664A47226672
+CT=BB6C54E118FA895F2AC4CC036166E390
+
+I=224
+KEY=DFE464C91B9226F724E4E0BC9769A9AA
+IV=BB6C54E118FA895F2AC4CC036166E390
+PT=A5B240D8E5731E1BFA7C4FDFB4EED81F
+CT=DA20870677A6214F26FDACBA81B41882
+
+I=225
+KEY=05C4E3CF6C3407B802194C0616DDB128
+IV=DA20870677A6214F26FDACBA81B41882
+PT=92FF6EAB4A6D1AD3941E6A91D8C9105B
+CT=F079AA86FC9FD361DBA0C21CCD4B0F6C
+
+I=226
+KEY=F5BD494990ABD4D9D9B98E1ADB96BE44
+IV=F079AA86FC9FD361DBA0C21CCD4B0F6C
+PT=DFF005175EF746B83CB00AC13337E248
+CT=B6021E0AA1A921C7BCC3FDAB1C3EA44A
+
+I=227
+KEY=43BF57433102F51E657A73B1C7A81A0E
+IV=B6021E0AA1A921C7BCC3FDAB1C3EA44A
+PT=DDDC1AA804AD13813C6AEA540557C097
+CT=41F0E4AB03801DCE585727B7C41F48BD
+
+I=228
+KEY=024FB3E83282E8D03D2D540603B752B3
+IV=41F0E4AB03801DCE585727B7C41F48BD
+PT=4C6421E5A487C9C452958CAB38AC7098
+CT=6EFDD855BAF2D13437C01097ABB633DE
+
+I=229
+KEY=6CB26BBD887039E40AED4491A801616D
+IV=6EFDD855BAF2D13437C01097ABB633DE
+PT=2A11519D5463F2B96A5E0FCE6E4710D7
+CT=5E8243E5C54A109CCC0BF622A299EF68
+
+I=230
+KEY=323028584D3A2978C6E6B2B30A988E05
+IV=5E8243E5C54A109CCC0BF622A299EF68
+PT=252145DACAD23E8B85AB7637B22C42F2
+CT=2C9A476418F01C589ADC0CA10BF4A183
+
+I=231
+KEY=1EAA6F3C55CA35205C3ABE12016C2F86
+IV=2C9A476418F01C589ADC0CA10BF4A183
+PT=A22C36DC7D00645FEFE8683EA4231787
+CT=DA3A4AC19EF6A0F950E26B00834AFE41
+
+I=232
+KEY=C49025FDCB3C95D90CD8D5128226D1C7
+IV=DA3A4AC19EF6A0F950E26B00834AFE41
+PT=B0DC92D3B4878156B768923286F0433F
+CT=10BBC2A8C8F650FD8EED7CC9F5EAD05D
+
+I=233
+KEY=D42BE75503CAC5248235A9DB77CC019A
+IV=10BBC2A8C8F650FD8EED7CC9F5EAD05D
+PT=83A9338157091D4AECAF60E887AE09F7
+CT=757993A70F78B25F02FA0355E04DE27B
+
+I=234
+KEY=A15274F20CB2777B80CFAA8E9781E3E1
+IV=757993A70F78B25F02FA0355E04DE27B
+PT=9D818ACA2C753E7314F51699D3062031
+CT=E2E74C76C09516135876D54AFC940D80
+
+I=235
+KEY=43B53884CC276168D8B97FC46B15EE61
+IV=E2E74C76C09516135876D54AFC940D80
+PT=BDD36F881F8D1FC56780E291D1359EE1
+CT=22F76A2DB98544549DEA21FFCDC2B943
+
+I=236
+KEY=614252A975A2253C45535E3BA6D75722
+IV=22F76A2DB98544549DEA21FFCDC2B943
+PT=4C9C16802A4BB1202D4FAC9E76C57A43
+CT=166B0FF778D72B6102D6ADF990A70A23
+
+I=237
+KEY=77295D5E0D750E5D4785F3C236705D01
+IV=166B0FF778D72B6102D6ADF990A70A23
+PT=0045ECDDAA51EE6FDB226E2D9471F46C
+CT=D7724DC8A1413BC1B9D6F305794426F0
+
+I=238
+KEY=A05B1096AC34359CFE5300C74F347BF1
+IV=D7724DC8A1413BC1B9D6F305794426F0
+PT=25C55C60290DF3D0DC3274CD2AE0ED21
+CT=41F0196DFE0B1F664A107D12A6FF3D79
+
+I=239
+KEY=E1AB09FB523F2AFAB4437DD5E9CB4688
+IV=41F0196DFE0B1F664A107D12A6FF3D79
+PT=9A44454F7A335C89BEFF1D94D3FDB320
+CT=3F37D7ADFB9933FFBAC1F7D07F31046E
+
+I=240
+KEY=DE9CDE56A9A619050E828A0596FA42E6
+IV=3F37D7ADFB9933FFBAC1F7D07F31046E
+PT=03D7F09054233696BEF84AB8D5B77091
+CT=02D226A748153C27A723F02461FFF913
+
+I=241
+KEY=DC4EF8F1E1B32522A9A17A21F705BBF5
+IV=02D226A748153C27A723F02461FFF913
+PT=D5C82A6F048A2AA0E5CF4F1EDADD68B3
+CT=4BD7486C212E7F78228478BBF0A7AD3D
+
+I=242
+KEY=9799B09DC09D5A5A8B25029A07A216C8
+IV=4BD7486C212E7F78228478BBF0A7AD3D
+PT=936431AD9F800606240C33EAF661D3DA
+CT=3EFE00CA0A96AF4425E683512DAC0164
+
+I=243
+KEY=A967B057CA0BF51EAEC381CB2A0E17AC
+IV=3EFE00CA0A96AF4425E683512DAC0164
+PT=280DC27864BED0D548B5B4F9A7FA38DE
+CT=7023640C8D6B02F6C4C7E007C169C592
+
+I=244
+KEY=D944D45B4760F7E86A0461CCEB67D23E
+IV=7023640C8D6B02F6C4C7E007C169C592
+PT=CD0F58962915E5A514E5D6DA8BB868E8
+CT=D08419A75363E9622FAA09DB589915F1
+
+I=245
+KEY=09C0CDFC14031E8A45AE6817B3FEC7CF
+IV=D08419A75363E9622FAA09DB589915F1
+PT=09A6099FDDDBBC15EE79224B01C49DF0
+CT=6CDD2B0279D9DB3C71329C1BB2C24C2F
+
+I=246
+KEY=651DE6FE6DDAC5B6349CF40C013C8BE0
+IV=6CDD2B0279D9DB3C71329C1BB2C24C2F
+PT=B24B11FD8A6FC6B2703FFBEBC85B6C44
+CT=CCB0F6F32BDE2339A1842A7EDC8C99C7
+
+I=247
+KEY=A9AD100D4604E68F9518DE72DDB01227
+IV=CCB0F6F32BDE2339A1842A7EDC8C99C7
+PT=2E471506C55D1762CDB9EAEF29E23C01
+CT=DAD62227A5F328CC33F054EEB346E3D3
+
+I=248
+KEY=737B322AE3F7CE43A6E88A9C6EF6F1F4
+IV=DAD62227A5F328CC33F054EEB346E3D3
+PT=5598344020E32F9B2C509D06F4E7804A
+CT=18DE226F7CAA4EF2712A223C4709C9E2
+
+I=249
+KEY=6BA510459F5D80B1D7C2A8A029FF3816
+IV=18DE226F7CAA4EF2712A223C4709C9E2
+PT=549A87BE74B62BAC3F0FDC2A878F5669
+CT=DB082C8D70948B6BF08D4848E4DB0231
+
+I=250
+KEY=B0AD3CC8EFC90BDA274FE0E8CD243A27
+IV=DB082C8D70948B6BF08D4848E4DB0231
+PT=08946428BF90FBF0951A35D6FB72A48A
+CT=29CBD3E3F2074514E63A7B2A651AB031
+
+I=251
+KEY=9966EF2B1DCE4ECEC1759BC2A83E8A16
+IV=29CBD3E3F2074514E63A7B2A651AB031
+PT=7EBEC38F7787EE1BDD6A648334FA3076
+CT=0037935821278E879BCBB2FBE4ECC23E
+
+I=252
+KEY=99517C733CE9C0495ABE29394CD24828
+IV=0037935821278E879BCBB2FBE4ECC23E
+PT=01D77828928164A830C249D96AC6F8B4
+CT=47501831F9DF42C234E9FE9169075888
+
+I=253
+KEY=DE016442C536828B6E57D7A825D510A0
+IV=47501831F9DF42C234E9FE9169075888
+PT=608349FF8FFC31B072CFA7DF649E15B8
+CT=BC10B1D412BC05404B2E38A1D75DA421
+
+I=254
+KEY=6211D596D78A87CB2579EF09F288B481
+IV=BC10B1D412BC05404B2E38A1D75DA421
+PT=B16325BD78FC0451216FF476D4CAE293
+CT=6ABD8010E9CBAE61E05A9E30C622B501
+
+I=255
+KEY=08AC55863E4129AAC523713934AA0180
+IV=6ABD8010E9CBAE61E05A9E30C622B501
+PT=E613C244F74C61B078C9E59E06E7AD85
+CT=E896B8BD539C30D9A58E5EF6629B279C
+
+I=256
+KEY=E03AED3B6DDD197360AD2FCF5631261C
+IV=E896B8BD539C30D9A58E5EF6629B279C
+PT=6CFF7A909AAB2C0DC61FB8F11B45E661
+CT=30D15AAA05F56FA2D21E9974FB3FF5DA
+
+I=257
+KEY=D0EBB791682876D1B2B3B6BBAD0ED3C6
+IV=30D15AAA05F56FA2D21E9974FB3FF5DA
+PT=6BFAC8E8FB9C3D5AF813B4DF90AD863B
+CT=43B99F3DA3C1BCCE9038118E2968EFA1
+
+I=258
+KEY=935228ACCBE9CA1F228BA73584663C67
+IV=43B99F3DA3C1BCCE9038118E2968EFA1
+PT=064D09E9F5104602E191DC39F18E6A1A
+CT=EBC5796519BE4E05262A10D56FA0F72D
+
+I=259
+KEY=789751C9D257841A04A1B7E0EBC6CB4A
+IV=EBC5796519BE4E05262A10D56FA0F72D
+PT=C2B528D69ED3028A359D4472D98807A7
+CT=5F2B51DD025E775A63DFE5B9FBF54986
+
+I=260
+KEY=27BC0014D009F340677E5259103382CC
+IV=5F2B51DD025E775A63DFE5B9FBF54986
+PT=D5CF62940967AF7225F79E87136751F5
+CT=F56D88E433CEA445C6E4D6298DFB6C27
+
+I=261
+KEY=D2D188F0E3C75705A19A84709DC8EEEB
+IV=F56D88E433CEA445C6E4D6298DFB6C27
+PT=3BE3171202E762846D2CA00FB2CB141A
+CT=4C168A0129F2D48E249777A366D1AEF1
+
+I=262
+KEY=9EC702F1CA35838B850DF3D3FB19401A
+IV=4C168A0129F2D48E249777A366D1AEF1
+PT=5B82A34141C236FAED7E1A78D3C426C4
+CT=E11FEBEF79E425480442D45A8C105B44
+
+I=263
+KEY=7FD8E91EB3D1A6C3814F278977091B5E
+IV=E11FEBEF79E425480442D45A8C105B44
+PT=86CFADD3F1B368B3A6E57148CA343D38
+CT=5F5F3548BDBB2A5337FBF07DF76526DD
+
+I=264
+KEY=2087DC560E6A8C90B6B4D7F4806C3D83
+IV=5F5F3548BDBB2A5337FBF07DF76526DD
+PT=A4474ACA97100C7A357A66119D678798
+CT=013ADA262021F88617773CF478067EC8
+
+I=265
+KEY=21BD06702E4B7416A1C3EB00F86A434B
+IV=013ADA262021F88617773CF478067EC8
+PT=6D66801C39DB803B5DA5A80E30DB0D89
+CT=F46BE70F65FC5641318292AE0C79E5C5
+
+I=266
+KEY=D5D6E17F4BB72257904179AEF413A68E
+IV=F46BE70F65FC5641318292AE0C79E5C5
+PT=C9499B32D8F47313EB351139DB81AB25
+CT=8573A25F86C7784BF7A0153DF812805C
+
+I=267
+KEY=50A54320CD705A1C67E16C930C0126D2
+IV=8573A25F86C7784BF7A0153DF812805C
+PT=4B09D37A4A57B320C34B1D70F74EB36A
+CT=036913128A2B71CE3D05D52D61E48E86
+
+I=268
+KEY=53CC5032475B2BD25AE4B9BE6DE5A854
+IV=036913128A2B71CE3D05D52D61E48E86
+PT=EA3A92794B204C0345765CEE2A04AF27
+CT=5A53E929182859CC28D4EB1CB9579B71
+
+I=269
+KEY=099FB91B5F73721E723052A2D4B23325
+IV=5A53E929182859CC28D4EB1CB9579B71
+PT=2714E38858426C5631BB2BB4FA289985
+CT=DF4BD734DEC60475D47FE40502439AAE
+
+I=270
+KEY=D6D46E2F81B5766BA64FB6A7D6F1A98B
+IV=DF4BD734DEC60475D47FE40502439AAE
+PT=69AC3FD2273926E2DAD3F5BED9F21491
+CT=EBCCD0B121C4009EA7F038F30F5B6B05
+
+I=271
+KEY=3D18BE9EA07176F501BF8E54D9AAC28E
+IV=EBCCD0B121C4009EA7F038F30F5B6B05
+PT=07520CD471E27BAC35387DB47E706784
+CT=299FE603BBA51BD1582CBD42BC9568EA
+
+I=272
+KEY=1487589D1BD46D2459933316653FAA64
+IV=299FE603BBA51BD1582CBD42BC9568EA
+PT=39598B70B8EB190049823472E3596E42
+CT=68DD98FE52B454F85D6F6A6C742223FA
+
+I=273
+KEY=7C5AC063496039DC04FC597A111D899E
+IV=68DD98FE52B454F85D6F6A6C742223FA
+PT=C7E13ABBBA75F527AB1320DD930B24F1
+CT=906B569E44263A4E6F41A52802D3FC59
+
+I=274
+KEY=EC3196FD0D4603926BBDFC5213CE75C7
+IV=906B569E44263A4E6F41A52802D3FC59
+PT=9F5D8E50F06895D5D7E6D1DAA247D45F
+CT=E5ECBDCC55A9D952BE0F93DFA0FE2C31
+
+I=275
+KEY=09DD2B3158EFDAC0D5B26F8DB33059F6
+IV=E5ECBDCC55A9D952BE0F93DFA0FE2C31
+PT=EC3F35C1E6371F106443BD1446D58A0A
+CT=4837A3D703E80BFE50D742E378956F3A
+
+I=276
+KEY=41EA88E65B07D13E85652D6ECBA536CC
+IV=4837A3D703E80BFE50D742E378956F3A
+PT=7998C3B7B5C94540DFC5BF777D700D48
+CT=DF1564E5E47503A779020D27394571E9
+
+I=277
+KEY=9EFFEC03BF72D299FC672049F2E04725
+IV=DF1564E5E47503A779020D27394571E9
+PT=63BEA75A2440C5D123F335F72137B0B6
+CT=5147239C3F6E4A158989BE96C0275D41
+
+I=278
+KEY=CFB8CF9F801C988C75EE9EDF32C71A64
+IV=5147239C3F6E4A158989BE96C0275D41
+PT=09C656A0DFCF893DDBE5E2B3D88E5F1F
+CT=7E4DEE30DED62EE15CD957530B62559D
+
+I=279
+KEY=B1F521AF5ECAB66D2937C98C39A54FF9
+IV=7E4DEE30DED62EE15CD957530B62559D
+PT=71DC22F489DD422CDE09F01DAA427567
+CT=6F62D6359F07F6BDBB4C02BBE50B273C
+
+I=280
+KEY=DE97F79AC1CD40D0927BCB37DCAE68C5
+IV=6F62D6359F07F6BDBB4C02BBE50B273C
+PT=C2A9BC94CAE48DBEB37B4B506AD4336A
+CT=902D9E9F82DE4E66E42B4FEA79AF4077
+
+I=281
+KEY=4EBA690543130EB6765084DDA50128B2
+IV=902D9E9F82DE4E66E42B4FEA79AF4077
+PT=69EE7E15EEC2EA953A32E1714961BA9E
+CT=72CB5DE8AF6CDC60A00A15CEAF249DBD
+
+I=282
+KEY=3C7134EDEC7FD2D6D65A91130A25B50F
+IV=72CB5DE8AF6CDC60A00A15CEAF249DBD
+PT=4C0A3B88FDFAEFEC38858A927C38AE6A
+CT=68C2BFA5DE837B927BD75C6DE6008595
+
+I=283
+KEY=54B38B4832FCA944AD8DCD7EEC25309A
+IV=68C2BFA5DE837B927BD75C6DE6008595
+PT=CE75CCA2D7B0199EB1DA7E33A0E50AB7
+CT=4FFCCBB31FB1FCC0FCB38F0B557BE67A
+
+I=284
+KEY=1B4F40FB2D4D5584513E4275B95ED6E0
+IV=4FFCCBB31FB1FCC0FCB38F0B557BE67A
+PT=E0ECA2ABC1F389B149E746CFB039539E
+CT=249FB11DF8C0ED1F346F6D69B8FD0470
+
+I=285
+KEY=3FD0F1E6D58DB89B65512F1C01A3D290
+IV=249FB11DF8C0ED1F346F6D69B8FD0470
+PT=BFA871CA5EC16C0B353679782BE04394
+CT=8127E6D8EEC1111518065EDC34CD4B4C
+
+I=286
+KEY=BEF7173E3B4CA98E7D5771C0356E99DC
+IV=8127E6D8EEC1111518065EDC34CD4B4C
+PT=1EF816C565B2F56E772C96AD5C92842D
+CT=C8DC75AE1E2DBD005D94E69D6776C498
+
+I=287
+KEY=762B62902561148E20C3975D52185D44
+IV=C8DC75AE1E2DBD005D94E69D6776C498
+PT=9F2B9873F88EBF21A3BB3DCD853C812E
+CT=861D4FF061E85D44173252244F143692
+
+I=288
+KEY=F0362D60448949CA37F1C5791D0C6BD6
+IV=861D4FF061E85D44173252244F143692
+PT=6CDEA8A806516A1A0E1CBB5AA123862A
+CT=16DA4EE5C5044F66EFCC313754FBCD9E
+
+I=289
+KEY=E6EC6385818D06ACD83DF44E49F7A648
+IV=16DA4EE5C5044F66EFCC313754FBCD9E
+PT=5B637BB469073B5E54EC006F47C4D546
+CT=C2C50037BBBEC252B7D5CF10C38BD665
+
+I=290
+KEY=242963B23A33C4FE6FE83B5E8A7C702D
+IV=C2C50037BBBEC252B7D5CF10C38BD665
+PT=38DADBF2BA4A80A6A190D9E2AA245167
+CT=721222A5A67E96246DA1B9C59B67DDD5
+
+I=291
+KEY=563B41179C4D52DA0249829B111BADF8
+IV=721222A5A67E96246DA1B9C59B67DDD5
+PT=CB52378F6E4E7FCB1891D3BB4D086B9F
+CT=D28B8F54E8BDA9A20965984D5DA27FC9
+
+I=292
+KEY=84B0CE4374F0FB780B2C1AD64CB9D231
+IV=D28B8F54E8BDA9A20965984D5DA27FC9
+PT=E66015A1B848EF190F981DEFEDB98C93
+CT=012C5D9B847C9583B0BE03999D24E277
+
+I=293
+KEY=859C93D8F08C6EFBBB92194FD19D3046
+IV=012C5D9B847C9583B0BE03999D24E277
+PT=F5B2BAD53323A52A2B99CC12782CD6F9
+CT=D1EFB7E7A34F75887038FC4827E894C1
+
+I=294
+KEY=5473243F53C31B73CBAAE507F675A487
+IV=D1EFB7E7A34F75887038FC4827E894C1
+PT=11C0C41C3F547B5D7FC94115327AB3D5
+CT=2CF97D8995AA8FDC4C05205D3D8B757F
+
+I=295
+KEY=788A59B6C66994AF87AFC55ACBFED1F8
+IV=2CF97D8995AA8FDC4C05205D3D8B757F
+PT=3F911029D8B69CA1A323A277090B9C07
+CT=44BB04C6253F3ADD454264EA97490475
+
+I=296
+KEY=3C315D70E356AE72C2EDA1B05CB7D58D
+IV=44BB04C6253F3ADD454264EA97490475
+PT=9D7724EFD1AE76904458EF1360953AA4
+CT=5D6F876E4FDD6921B243EB1F6EF50F82
+
+I=297
+KEY=615EDA1EAC8BC75370AE4AAF3242DA0F
+IV=5D6F876E4FDD6921B243EB1F6EF50F82
+PT=44A26554FE355D95706431B344701B03
+CT=5F3226B39DF230163D2C474F04BAD36E
+
+I=298
+KEY=3E6CFCAD3179F7454D820DE036F80961
+IV=5F3226B39DF230163D2C474F04BAD36E
+PT=5D8B62C8CD3B04451A599989F3165530
+CT=A247CF8E1D8F480DA4155DA846A2B64E
+
+I=299
+KEY=9C2B33232CF6BF48E9975048705ABF2F
+IV=A247CF8E1D8F480DA4155DA846A2B64E
+PT=610D3798E62E9338D5987BAC82D48CD7
+CT=2A92B5AAEA43CFBAA62842DEE7F43A19
+
+I=300
+KEY=B6B98689C6B570F24FBF129697AE8536
+IV=2A92B5AAEA43CFBAA62842DEE7F43A19
+PT=F77943AA429BCCC5253156474E719389
+CT=7D475AFF824080E9C95D4E49D4F5090D
+
+I=301
+KEY=CBFEDC7644F5F01B86E25CDF435B8C3B
+IV=7D475AFF824080E9C95D4E49D4F5090D
+PT=5E6269D157164B2C544D3052E9DB8553
+CT=AD4628B05F5A765E557015B4A41505EA
+
+I=302
+KEY=66B8F4C61BAF8645D392496BE74E89D1
+IV=AD4628B05F5A765E557015B4A41505EA
+PT=77126BD6C08A094981FEC9E2DE91B2BF
+CT=59C24F269E3884A4F8E3F9FB05BF448F
+
+I=303
+KEY=3F7ABBE0859702E12B71B090E2F1CD5E
+IV=59C24F269E3884A4F8E3F9FB05BF448F
+PT=7775F90D2189E91B75AB8AD93C0D44F2
+CT=B72873115D4761B8BAEB5B5892B79DF8
+
+I=304
+KEY=8852C8F1D8D06359919AEBC8704650A6
+IV=B72873115D4761B8BAEB5B5892B79DF8
+PT=03D9C45A2A152ADAA53E1D42AB33555B
+CT=FE0C3F22E6B467DC1C628C928D03DB5B
+
+I=305
+KEY=765EF7D33E6404858DF8675AFD458BFD
+IV=FE0C3F22E6B467DC1C628C928D03DB5B
+PT=279791AC4189634A6066BCDCAA2EF9B4
+CT=7F3ABBA943C8E3EF19C3BA2C98C9685F
+
+I=306
+KEY=09644C7A7DACE76A943BDD76658CE3A2
+IV=7F3ABBA943C8E3EF19C3BA2C98C9685F
+PT=E46E5FB6019BA52524A383A18A89583A
+CT=C96D250343B134241221490AB39931DB
+
+I=307
+KEY=C00969793E1DD34E861A947CD615D279
+IV=C96D250343B134241221490AB39931DB
+PT=A3A544B8982C2F9EA0CD0ABC4D6392E2
+CT=951D54AABDF6F5B70E700C4896EB2685
+
+I=308
+KEY=55143DD383EB26F9886A983440FEF4FC
+IV=951D54AABDF6F5B70E700C4896EB2685
+PT=43FEB2051478A02BA1F054C9E82F0209
+CT=1F90165BE29C6C86D09AD07B1C006CA6
+
+I=309
+KEY=4A842B8861774A7F58F0484F5CFE985A
+IV=1F90165BE29C6C86D09AD07B1C006CA6
+PT=558AD95B25BAB5205FB7E529C96E5B59
+CT=40C0A0427C12AB1F72A7ADF96F82D437
+
+I=310
+KEY=0A448BCA1D65E1602A57E5B6337C4C6D
+IV=40C0A0427C12AB1F72A7ADF96F82D437
+PT=BABA13A1244DEFF5E4A2AB8183775773
+CT=FB08FDF3BF4394BA1A92C45B7F5F3060
+
+I=311
+KEY=F14C7639A22675DA30C521ED4C237C0D
+IV=FB08FDF3BF4394BA1A92C45B7F5F3060
+PT=46E036ECCDBE88931E552E45CBBC2BDC
+CT=311AE8C2B7CB633178874BDEEEE0602F
+
+I=312
+KEY=C0569EFB15ED16EB48426A33A2C31C22
+IV=311AE8C2B7CB633178874BDEEEE0602F
+PT=4D5C919959478AD0D9862BA509233102
+CT=1DC85D9A8877C79698C7D1C1610CBAE9
+
+I=313
+KEY=DD9EC3619D9AD17DD085BBF2C3CFA6CB
+IV=1DC85D9A8877C79698C7D1C1610CBAE9
+PT=D423E31E9FD6E4F4373FA7AD31CC6011
+CT=FC55E7BEA15BD539EDACB202F0218D4A
+
+I=314
+KEY=21CB24DF3CC104443D2909F033EE2B81
+IV=FC55E7BEA15BD539EDACB202F0218D4A
+PT=52C2C696A4343C0F280A3BC8F6AA19EA
+CT=FFD9FECD3A4EC194568A96C5A899E8D2
+
+I=315
+KEY=DE12DA12068FC5D06BA39F359B77C353
+IV=FFD9FECD3A4EC194568A96C5A899E8D2
+PT=3B2266FAB514211E8E33AFA566898083
+CT=DC1A545F354365A0002180BACCE0AD25
+
+I=316
+KEY=02088E4D33CCA0706B821F8F57976E76
+IV=DC1A545F354365A0002180BACCE0AD25
+PT=DC20E6BD8B8AC822CF2B505E580E6A80
+CT=51CF4C11F15B8B565B875F769C2FD37F
+
+I=317
+KEY=53C7C25CC2972B26300540F9CBB8BD09
+IV=51CF4C11F15B8B565B875F769C2FD37F
+PT=67B4C3E2AFC3402901549265186303FB
+CT=A118B7E5B10DAB4DDB449877AB1E6897
+
+I=318
+KEY=F2DF75B9739A806BEB41D88E60A6D59E
+IV=A118B7E5B10DAB4DDB449877AB1E6897
+PT=971952EE322CD68462B4CE8B772BBA48
+CT=A2988AAC94D8A7EFB32B34CC07911F3E
+
+I=319
+KEY=5047FF15E7422784586AEC426737CAA0
+IV=A2988AAC94D8A7EFB32B34CC07911F3E
+PT=64C2665506EDDED98EC55D2CCED7762C
+CT=86AEB7B90565D05293A8D9146880C307
+
+I=320
+KEY=D6E948ACE227F7D6CBC235560FB709A7
+IV=86AEB7B90565D05293A8D9146880C307
+PT=A5E7E411209DD2A34AA8CDA3153A69E4
+CT=27746442FAC1DF26B11A55251AAFD865
+
+I=321
+KEY=F19D2CEE18E628F07AD860731518D1C2
+IV=27746442FAC1DF26B11A55251AAFD865
+PT=83A41EF5F664A909BC47939D7858C221
+CT=619A164C3F2119FFCA3832A5EA958E01
+
+I=322
+KEY=90073AA227C7310FB0E052D6FF8D5FC3
+IV=619A164C3F2119FFCA3832A5EA958E01
+PT=1F5A31EBB2C515728DB07EE3160D03CD
+CT=DEE1692D386EF5A8861BE5D8A4630906
+
+I=323
+KEY=4EE6538F1FA9C4A736FBB70E5BEE56C5
+IV=DEE1692D386EF5A8861BE5D8A4630906
+PT=297B343F5EE6221FB6CC40E0C836B387
+CT=B2BA45B0A776A950C32DD5F302201FC3
+
+I=324
+KEY=FC5C163FB8DF6DF7F5D662FD59CE4906
+IV=B2BA45B0A776A950C32DD5F302201FC3
+PT=CC3601DC94B13116DF3012860A522D2D
+CT=6D141746B23B4E1EF20DFE6C14D6ECE4
+
+I=325
+KEY=914801790AE423E907DB9C914D18A5E2
+IV=6D141746B23B4E1EF20DFE6C14D6ECE4
+PT=FE07DA9A6E8B712B1FDFC3C1CC87146D
+CT=0D80E8F5557A88A271133F8929125C72
+
+I=326
+KEY=9CC8E98C5F9EAB4B76C8A318640AF990
+IV=0D80E8F5557A88A271133F8929125C72
+PT=EBDC0192755A685D6275532E93D33890
+CT=B88A629A8E22A78BAF98C9E623F48134
+
+I=327
+KEY=24428B16D1BC0CC0D9506AFE47FE78A4
+IV=B88A629A8E22A78BAF98C9E623F48134
+PT=78AD3067BE2E9536ADB58DA49D7CA6DA
+CT=0A9C2D318240F4FA4FF91CC5D23A371F
+
+I=328
+KEY=2EDEA62753FCF83A96A9763B95C44FBB
+IV=0A9C2D318240F4FA4FF91CC5D23A371F
+PT=04C72A08CCC36B4211AFE98637C4CEFF
+CT=A42618A89B9E618DDD7A983081E086B9
+
+I=329
+KEY=8AF8BE8FC86299B74BD3EE0B1424C902
+IV=A42618A89B9E618DDD7A983081E086B9
+PT=22D4A346027B8E5FEE1C0C0C45CA7DCB
+CT=7CC4479AE05A295723F27545E1A46B7B
+
+I=330
+KEY=F63CF9152838B0E068219B4EF580A279
+IV=7CC4479AE05A295723F27545E1A46B7B
+PT=05090A5C8F3CD0E7F7EA11B33CDF3C1D
+CT=815BCEB2A29EA2A491C8E39B117790EC
+
+I=331
+KEY=776737A78AA61244F9E978D5E4F73295
+IV=815BCEB2A29EA2A491C8E39B117790EC
+PT=7B40F8A4AC0E4C6BD73A59FFC91CA77D
+CT=E4ED412F3ECDD4B7409BEEAEDC2C755F
+
+I=332
+KEY=938A7688B46BC6F3B972967B38DB47CA
+IV=E4ED412F3ECDD4B7409BEEAEDC2C755F
+PT=047E2E4681A97ED20308F1FE4B132F7B
+CT=10153209AED4115329587180D65A0B97
+
+I=333
+KEY=839F44811ABFD7A0902AE7FBEE814C5D
+IV=10153209AED4115329587180D65A0B97
+PT=32671E6C0D28744AB457587BBB6DD21E
+CT=847F781EDF77A870C4EA99CCC1721917
+
+I=334
+KEY=07E03C9FC5C87FD054C07E372FF3554A
+IV=847F781EDF77A870C4EA99CCC1721917
+PT=EC3159B002B95054F00D57049D91E32B
+CT=05CC06529764F6747FCB2B62569C428C
+
+I=335
+KEY=022C3ACD52AC89A42B0B5555796F17C6
+IV=05CC06529764F6747FCB2B62569C428C
+PT=9A930743113957D10EC643D8D8034C73
+CT=D1C7957073C2A44D9483DD11F3FA2B1E
+
+I=336
+KEY=D3EBAFBD216E2DE9BF8888448A953CD8
+IV=D1C7957073C2A44D9483DD11F3FA2B1E
+PT=2E061A5B483D0D834D3019954E54CF80
+CT=0AC3300C59DB7A76A1E16DC5BF167B70
+
+I=337
+KEY=D9289FB178B5579F1E69E581358347A8
+IV=0AC3300C59DB7A76A1E16DC5BF167B70
+PT=2A6E00DF7820913341D26EF611A7BEC1
+CT=5A5A1BE396D3C56DB0690B92A925D8D8
+
+I=338
+KEY=83728452EE6692F2AE00EE139CA69F70
+IV=5A5A1BE396D3C56DB0690B92A925D8D8
+PT=E871C79BA6132F15C80A85F4BC732E77
+CT=829ABA07496E1269437680257308029D
+
+I=339
+KEY=01E83E55A708809BED766E36EFAE9DED
+IV=829ABA07496E1269437680257308029D
+PT=5955643AB76251E6AF97BC2490D09A72
+CT=3FEDBF80B703D067126EF55B02A41175
+
+I=340
+KEY=3E0581D5100B50FCFF189B6DED0A8C98
+IV=3FEDBF80B703D067126EF55B02A41175
+PT=32BCF86ECA6CCE8F9C1C87AD9FDF8238
+CT=B59D6C5FCA91EDBFE75E795638CAD286
+
+I=341
+KEY=8B98ED8ADA9ABD431846E23BD5C05E1E
+IV=B59D6C5FCA91EDBFE75E795638CAD286
+PT=01A08051FC1D98C1BDAE4CA1D41D91E6
+CT=21CB8EF8BBE6C371A26BFF92701C3D1A
+
+I=342
+KEY=AA536372617C7E32BA2D1DA9A5DC6304
+IV=21CB8EF8BBE6C371A26BFF92701C3D1A
+PT=5F5D891DF8D595D3FEDAEF0174B0A1D1
+CT=23D0FB6489113D3D4AA6470210698391
+
+I=343
+KEY=89839816E86D430FF08B5AABB5B5E095
+IV=23D0FB6489113D3D4AA6470210698391
+PT=54FEAB37EFCD36D28E943DD85E803812
+CT=45F0556ED9A8ED0E1C8B0A0BA648E069
+
+I=344
+KEY=CC73CD7831C5AE01EC0050A013FD00FC
+IV=45F0556ED9A8ED0E1C8B0A0BA648E069
+PT=7AF4BC398ACAD37F526BDE12F3ED59ED
+CT=C41E115EE06FFE5DED10480A1BE5B720
+
+I=345
+KEY=086DDC26D1AA505C011018AA0818B7DC
+IV=C41E115EE06FFE5DED10480A1BE5B720
+PT=CF15E4B6DDF60A4EE0CB6CBFA8AD499B
+CT=1098A41E2C97C9D70626E4D1841F5CC1
+
+I=346
+KEY=18F57838FD3D998B0736FC7B8C07EB1D
+IV=1098A41E2C97C9D70626E4D1841F5CC1
+PT=BAD4050A0013AB8BC556F367AB634D94
+CT=D9B58211EB935246A5E04FCD3BE10B54
+
+I=347
+KEY=C140FA2916AECBCDA2D6B3B6B7E6E049
+IV=D9B58211EB935246A5E04FCD3BE10B54
+PT=CEFF0AF7EF4EA7EF3B0E8BF7FB756E77
+CT=50FAE8C770EF7F9D5FE93B090B9D5C66
+
+I=348
+KEY=91BA12EE6641B450FD3F88BFBC7BBC2F
+IV=50FAE8C770EF7F9D5FE93B090B9D5C66
+PT=3B8C412B4156B413AD06CB181B4C5EAA
+CT=E47249D4B5F24FF415B0E669EBF471B1
+
+I=349
+KEY=75C85B3AD3B3FBA4E88F6ED6578FCD9E
+IV=E47249D4B5F24FF415B0E669EBF471B1
+PT=56C612C5C594CAFB7B1CE8131E786DF0
+CT=6AF057199C217EECB886D940F61B91C5
+
+I=350
+KEY=1F380C234F9285485009B796A1945C5B
+IV=6AF057199C217EECB886D940F61B91C5
+PT=5629EF768743AB63D5B79B511C0A6BEF
+CT=A5A76C330984D34310D021A6C2BDE9BC
+
+I=351
+KEY=BA9F60104616560B40D996306329B5E7
+IV=A5A76C330984D34310D021A6C2BDE9BC
+PT=ED8DF427A02692C09D7AAEF2EDAA1249
+CT=8AAEFBA5DE0AAA41D947E3238B279913
+
+I=352
+KEY=30319BB5981CFC4A999E7513E80E2CF4
+IV=8AAEFBA5DE0AAA41D947E3238B279913
+PT=949339605F30310FC557F2CA4815B034
+CT=9408BCB67EA573E7B5359B67918C16B9
+
+I=353
+KEY=A4392703E6B98FAD2CABEE7479823A4D
+IV=9408BCB67EA573E7B5359B67918C16B9
+PT=03607642CBBCCA2134837AC4BB452682
+CT=90660AF3DD0EAC1B61BB60EB49408586
+
+I=354
+KEY=345F2DF03BB723B64D108E9F30C2BFCB
+IV=90660AF3DD0EAC1B61BB60EB49408586
+PT=DE00E32930E14BD4297F9D789D0C25A1
+CT=1C48AC020174C0D87443229C113E2838
+
+I=355
+KEY=281781F23AC3E36E3953AC0321FC97F3
+IV=1C48AC020174C0D87443229C113E2838
+PT=9CA7A04855F8404176D7D30B594B65AC
+CT=7ACCB3FD4F9C7A5BFB83A969EB6D211A
+
+I=356
+KEY=52DB320F755F9935C2D0056ACA91B6E9
+IV=7ACCB3FD4F9C7A5BFB83A969EB6D211A
+PT=DC0B392E998A347ECB789A51A09F1B1D
+CT=22BED79EF2CAFF83BE8CEE5D7001DE21
+
+I=357
+KEY=7065E591879566B67C5CEB37BA9068C8
+IV=22BED79EF2CAFF83BE8CEE5D7001DE21
+PT=07210334590A9314031D98F7DFBB84B9
+CT=44B16879886BC331407D1E7C7F247A04
+
+I=358
+KEY=34D48DE80FFEA5873C21F54BC5B412CC
+IV=44B16879886BC331407D1E7C7F247A04
+PT=27DDF18405E56989E59ED442C8825DD6
+CT=2787AD57159450916A45C72D0E074D53
+
+I=359
+KEY=135320BF1A6AF51656643266CBB35F9F
+IV=2787AD57159450916A45C72D0E074D53
+PT=4F43202A454BB0F3A9440DA558BEE228
+CT=3C1B83C66CEEEB27644BC66ACC3117E8
+
+I=360
+KEY=2F48A37976841E31322FF40C07824877
+IV=3C1B83C66CEEEB27644BC66ACC3117E8
+PT=28ED6A88BDE4ADEFDA5C0F629109A7A3
+CT=B6009481F8C5D3EE37C645CF238238A1
+
+I=361
+KEY=994837F88E41CDDF05E9B1C3240070D6
+IV=B6009481F8C5D3EE37C645CF238238A1
+PT=48DC5A3700CD4A7A9B066DC0E2667544
+CT=C1A20854601D7A81CAC51E9237BDC030
+
+I=362
+KEY=58EA3FACEE5CB75ECF2CAF5113BDB0E6
+IV=C1A20854601D7A81CAC51E9237BDC030
+PT=1F84C71120B50FDF715B60DB69DECBE0
+CT=663EDB4EFD3F6AC2259A43C926ACE66D
+
+I=363
+KEY=3ED4E4E21363DD9CEAB6EC983511568B
+IV=663EDB4EFD3F6AC2259A43C926ACE66D
+PT=D6F9C59367A57E1DBDC2F4627524BC9A
+CT=CA84A10F987212D75B744A7966ABBABA
+
+I=364
+KEY=F45045ED8B11CF4BB1C2A6E153BAEC31
+IV=CA84A10F987212D75B744A7966ABBABA
+PT=1D8BC84060844CE5C40C716F2190C2BB
+CT=ABAEEB339C4D150E894392444E021710
+
+I=365
+KEY=5FFEAEDE175CDA45388134A51DB8FB21
+IV=ABAEEB339C4D150E894392444E021710
+PT=1300843AABCFB110198F0F0102C0A4D5
+CT=DBA9A1F8EE9AB8300D0273F71EAC5D1C
+
+I=366
+KEY=84570F26F9C66275358347520314A63D
+IV=DBA9A1F8EE9AB8300D0273F71EAC5D1C
+PT=1EA11B05D7DA9D770BA9AB619267B7A3
+CT=4921F1CB4A9AA6594C205D8FF0B2DEC9
+
+I=367
+KEY=CD76FEEDB35CC42C79A31ADDF3A678F4
+IV=4921F1CB4A9AA6594C205D8FF0B2DEC9
+PT=9ABA414156563E88A8CCDB3BD226F66C
+CT=4CF623AC6E145E2D61CAD28BFBF1F1E5
+
+I=368
+KEY=8180DD41DD489A011869C85608578911
+IV=4CF623AC6E145E2D61CAD28BFBF1F1E5
+PT=FEF20625FA0C788DB8A20298F6933F6F
+CT=67C491A5CA1A065980BDECE44B7979F1
+
+I=369
+KEY=E6444CE417529C5898D424B2432EF0E0
+IV=67C491A5CA1A065980BDECE44B7979F1
+PT=79C4A475D0E064D72D48AF6357A0E6A0
+CT=529766CDD1223ED05C055108F91E6526
+
+I=370
+KEY=B4D32A29C670A288C4D175BABA3095C6
+IV=529766CDD1223ED05C055108F91E6526
+PT=0758AA9195AE8684B9FEEBEF8E1226AE
+CT=2AEC009219ECD0499DD729352C220E7D
+
+I=371
+KEY=9E3F2ABBDF9C72C159065C8F96129BBB
+IV=2AEC009219ECD0499DD729352C220E7D
+PT=886713433798AB16E87A8AD3A8CD0C87
+CT=0DE2A7554E343B6FFC6D1ECF4A8AF0DD
+
+I=372
+KEY=93DD8DEE91A849AEA56B4240DC986B66
+IV=0DE2A7554E343B6FFC6D1ECF4A8AF0DD
+PT=984E8BA3DFFB4E9A1244D65BEA7DC594
+CT=8111340B4AF2CD82FF15447143069276
+
+I=373
+KEY=12CCB9E5DB5A842C5A7E06319F9EF910
+IV=8111340B4AF2CD82FF15447143069276
+PT=A4F6C8ACF4F1050D11E42FEF1B6C8B68
+CT=BB4693FA1399583EACB21D2675E6D156
+
+I=374
+KEY=A98A2A1FC8C3DC12F6CC1B17EA782846
+IV=BB4693FA1399583EACB21D2675E6D156
+PT=C5DBE1A937D6EA2FDD9A1A2FD25217B9
+CT=BC01B078339637D796F822B7E58D968D
+
+I=375
+KEY=158B9A67FB55EBC5603439A00FF5BECB
+IV=BC01B078339637D796F822B7E58D968D
+PT=DBD0494B0FE3149F8BCB8A70D344E811
+CT=600C1EFBDCA314A6F9714DEE413B9BD2
+
+I=376
+KEY=7587849C27F6FF639945744E4ECE2519
+IV=600C1EFBDCA314A6F9714DEE413B9BD2
+PT=FCA88DCB484317D7F886E7437BC9E669
+CT=2E3788A647105DD0A286E2EFFD469C99
+
+I=377
+KEY=5BB00C3A60E6A2B33BC396A1B388B980
+IV=2E3788A647105DD0A286E2EFFD469C99
+PT=65AF28E41B3DA5ACE3B2CC9A25EAD28C
+CT=5411E48B57058A52C8560423BCFFBCD2
+
+I=378
+KEY=0FA1E8B137E328E1F39592820F770552
+IV=5411E48B57058A52C8560423BCFFBCD2
+PT=6DD82A9F1CF0A5134A76899B04BE37D5
+CT=C3F69C8ED682BF252D5119D1695126E1
+
+I=379
+KEY=CC57743FE16197C4DEC48B53662623B3
+IV=C3F69C8ED682BF252D5119D1695126E1
+PT=DE729AB3803144FD958D8597396BC8ED
+CT=0941B78975FD2945B4AA81E8C58E3CB2
+
+I=380
+KEY=C516C3B6949CBE816A6E0ABBA3A81F01
+IV=0941B78975FD2945B4AA81E8C58E3CB2
+PT=D8404E7A17254EB40683A8919A9563B4
+CT=BF647E0346C013E138A2F0B06E7BB142
+
+I=381
+KEY=7A72BDB5D25CAD6052CCFA0BCDD3AE43
+IV=BF647E0346C013E138A2F0B06E7BB142
+PT=214089EC2996CE9FA2BBFEFBCAC03509
+CT=AFDA67B9451FF758CC87BBD93C7D4BE4
+
+I=382
+KEY=D5A8DA0C97435A389E4B41D2F1AEE5A7
+IV=AFDA67B9451FF758CC87BBD93C7D4BE4
+PT=9406E9D4FB4592A609BBDB23CE5F9D7F
+CT=B18202E4CA510695540371A8B6523616
+
+I=383
+KEY=642AD8E85D125CADCA48307A47FCD3B1
+IV=B18202E4CA510695540371A8B6523616
+PT=FEE45BE0503B4093747AFCEA9881D30D
+CT=64E149A4A1840F93D675B041ED81D45A
+
+I=384
+KEY=00CB914CFC96533E1C3D803BAA7D07EB
+IV=64E149A4A1840F93D675B041ED81D45A
+PT=880368D5609350167C7826DA30DCFF59
+CT=65A363E9837DFBBDA2688E6F4FBE6C35
+
+I=385
+KEY=6568F2A57FEBA883BE550E54E5C36BDE
+IV=65A363E9837DFBBDA2688E6F4FBE6C35
+PT=29C5940D09A8723B441FC469C909813A
+CT=2A47FDF5BF600891DF4D9E8AA34748BA
+
+I=386
+KEY=4F2F0F50C08BA012611890DE46842364
+IV=2A47FDF5BF600891DF4D9E8AA34748BA
+PT=20AF0FF7BAC0F468C12BD2816A8B1620
+CT=68A637E4B94EC150C84A6EBB005BB79B
+
+I=387
+KEY=278938B479C56142A952FE6546DF94FF
+IV=68A637E4B94EC150C84A6EBB005BB79B
+PT=42906D013A3F0A426B01B489ECA6CAD7
+CT=A090CA02FCD40F01CA0D1A699E30C164
+
+I=388
+KEY=8719F2B685116E43635FE40CD8EF559B
+IV=A090CA02FCD40F01CA0D1A699E30C164
+PT=05A02D4D7D90BCA74ECE791CD865CB88
+CT=F70109F0EBBA56959B3013565E2BDFFC
+
+I=389
+KEY=7018FB466EAB38D6F86FF75A86C48A67
+IV=F70109F0EBBA56959B3013565E2BDFFC
+PT=C373AB7B8F770212F9D5CEF40099086C
+CT=67221CC1F104809B8A5D35431963812D
+
+I=390
+KEY=173AE7879FAFB84D7232C2199FA70B4A
+IV=67221CC1F104809B8A5D35431963812D
+PT=8C59B2A7FD50EC66ABACC0531BE33237
+CT=E06166175F68155DB86E268F3C5524AE
+
+I=391
+KEY=F75B8190C0C7AD10CA5CE496A3F22FE4
+IV=E06166175F68155DB86E268F3C5524AE
+PT=D39790AED2970355A6337AAD2CA4D501
+CT=85E89883242A3B68F4AAF922646EB385
+
+I=392
+KEY=72B31913E4ED96783EF61DB4C79C9C61
+IV=85E89883242A3B68F4AAF922646EB385
+PT=87D4160C7C97476D0884A22B5983AA65
+CT=038C79FDFAA0B4F4AD9DC336F46CACDF
+
+I=393
+KEY=713F60EE1E4D228C936BDE8233F030BE
+IV=038C79FDFAA0B4F4AD9DC336F46CACDF
+PT=3B59088B5ADC77E4B3FC31897C6389B5
+CT=F6C92ECB3332E5E93C9DE29F27F94BB3
+
+I=394
+KEY=87F64E252D7FC765AFF63C1D14097B0D
+IV=F6C92ECB3332E5E93C9DE29F27F94BB3
+PT=68BA9BEBB40B3E35D2E577A2831CF9DB
+CT=7B72342488233DAD5ACF0A8D54EA9E8B
+
+I=395
+KEY=FC847A01A55CFAC8F539369040E3E586
+IV=7B72342488233DAD5ACF0A8D54EA9E8B
+PT=7816251219B8C7F009ADD7A1898D02CF
+CT=45CBA66AD6045917C3E8257D3ECBECDB
+
+I=396
+KEY=B94FDC6B7358A3DF36D113ED7E28095D
+IV=45CBA66AD6045917C3E8257D3ECBECDB
+PT=F542FEAB12E2EA9AE761E58108784E37
+CT=82E289465F5838036B9880C33AEBCB83
+
+I=397
+KEY=3BAD552D2C009BDC5D49932E44C3C2DE
+IV=82E289465F5838036B9880C33AEBCB83
+PT=3B8208791DAE56383CC2BCB44097C9D3
+CT=F02F2B89DE46D01F46AD95C82AF0C20E
+
+I=398
+KEY=CB827EA4F2464BC31BE406E66E3300D0
+IV=F02F2B89DE46D01F46AD95C82AF0C20E
+PT=3F2C0F7A0AEAB04F318C661ABCFED153
+CT=8D4FAF6332578524301ACA22AD86965B
+
+I=399
+KEY=46CDD1C7C011CEE72BFECCC4C3B5968B
+IV=8D4FAF6332578524301ACA22AD86965B
+PT=A27200B51D69AAC22F1C567F8BCEABFA
+CT=2F844CBF78EBA70DA7A49601388F1AB6
+
+==========
+
+KEYSIZE=192
+
+I=0
+KEY=000000000000000000000000000000000000000000000000
+IV=00000000000000000000000000000000
+PT=00000000000000000000000000000000
+CT=7BD966D53AD8C1BB85D2ADFAE87BB104
+
+I=1
+KEY=506339DAE3B35BEB7BD966D53AD8C1BB85D2ADFAE87BB104
+IV=7BD966D53AD8C1BB85D2ADFAE87BB104
+PT=0555C410F44C7AA4506339DAE3B35BEB
+CT=869C061BE9CFEAB5D285B0724A9A8970
+
+I=2
+KEY=74D3414C2374367BFD4560CED3172B0E57571D88A2E13874
+IV=869C061BE9CFEAB5D285B0724A9A8970
+PT=C6FB25A188CF7F3F24B07896C0C76D90
+CT=9E58A52B3840DBE16E8063A18220FEE4
+
+I=3
+KEY=DDE2DF4EEC312FA3631DC5E5EB57F0EF39D77E2920C1C690
+IV=9E58A52B3840DBE16E8063A18220FEE4
+PT=84E3D4168A8469A6A9319E02CF4519D8
+CT=730A256C202B9D57F3C0D73AD4B6CBED
+
+I=4
+KEY=9D973AECAF19E9951017E089CB7C6DB8CA17A913F4770D7D
+IV=730A256C202B9D57F3C0D73AD4B6CBED
+PT=E000CE26CD3185B44075E5A24328C636
+CT=E79EF11C5C1FD1AB75280BCFFCFE89D4
+
+I=5
+KEY=7A52007B2C40C9F4F78911959763BC13BF3FA2DC088984A9
+IV=E79EF11C5C1FD1AB75280BCFFCFE89D4
+PT=19D79403BB238816E7C53A9783592061
+CT=65744444724F1052D0B8674EDC8083B5
+
+I=6
+KEY=40D50426A8D09F3292FD55D1E52CAC416F87C592D409071C
+IV=65744444724F1052D0B8674EDC8083B5
+PT=FDFA33685E2B5BBC3A87045D849056C6
+CT=23C6377D3D076491AD93E2B6112289C7
+
+I=7
+KEY=6FD062412FE1AE4EB13B62ACD82BC8D0C2142724C52B8EDB
+IV=23C6377D3D076491AD93E2B6112289C7
+PT=5056DDDEF15831502F0566678731317C
+CT=F13A83088536BF30E5E9018BE57D7D89
+
+I=8
+KEY=EB4DB5F469D0EE9B4001E1A45D1D77E027FD26AF2056F352
+IV=F13A83088536BF30E5E9018BE57D7D89
+PT=0EE535A4A524668F849DD7B5463140D5
+CT=3F496CB19B21C37159528BF345473E6D
+
+I=9
+KEY=AA6E5744B909D9A87F488D15C63CB4917EAFAD5C6511CD3F
+IV=3F496CB19B21C37159528BF345473E6D
+PT=3A11F90EB51C81ED4123E2B0D0D93733
+CT=CF79C1EDEE17A68DC7E673006AEC90D9
+
+I=10
+KEY=64AB0C0C9471B77FB0314CF8282B121CB949DE5C0FFD5DE6
+IV=CF79C1EDEE17A68DC7E673006AEC90D9
+PT=85187E7F91280A5BCEC55B482D786ED7
+CT=92D1757BEBCE6E0406407819AF82353F
+
+I=11
+KEY=9E5720C1DC2E285C22E03983C3E57C18BF09A645A07F68D9
+IV=92D1757BEBCE6E0406407819AF82353F
+PT=45147511BC08EC76FAFC2CCD485F9F23
+CT=8C0228F57523D746E67D27A8E6C426D9
+
+I=12
+KEY=EBBB8245582E4367AEE21176B6C6AB5E597481ED46BB4E00
+IV=8C0228F57523D746E67D27A8E6C426D9
+PT=73B9EEAC644CBB8875ECA28484006B3B
+CT=D0025BF1FC35DD9BDA20F42DF775AF71
+
+I=13
+KEY=5F938EE9CC63C9E87EE04A874AF376C5835475C0B1CEE171
+IV=D0025BF1FC35DD9BDA20F42DF775AF71
+PT=DE2507F01BC8B212B4280CAC944D8A8F
+CT=3FDDD3E04B2CBE79BB07D82182CD3787
+
+I=14
+KEY=B94E2EC5F6E86EDC413D996701DFC8BC3853ADE13303D6F6
+IV=3FDDD3E04B2CBE79BB07D82182CD3787
+PT=90CE32BCC16C20F7E6DDA02C3A8BA734
+CT=F7B491E4C40B60BE8ACF16D68E3ED60F
+
+I=15
+KEY=DE41ABD8C44F5DF6B6890883C5D4A802B29CBB37BD3D00F9
+IV=F7B491E4C40B60BE8ACF16D68E3ED60F
+PT=B7ACCA62BB9974BC670F851D32A7332A
+CT=7ED4055D367CB31A4CF1CC17132E00B5
+
+I=16
+KEY=E2A57C71F23BC4DEC85D0DDEF3A81B18FE6D7720AE13004C
+IV=7ED4055D367CB31A4CF1CC17132E00B5
+PT=1CA59C2384797B803CE4D7A936749928
+CT=8D50A87F14D466323929BB52FA60FA42
+
+I=17
+KEY=2FA1A78B8BCC301C450DA5A1E77C7D2AC744CC725473FA0E
+IV=8D50A87F14D466323929BB52FA60FA42
+PT=0A623319F2A051ACCD04DBFA79F7F4C2
+CT=7C02D378606FC33DFCEF8AA2A000383E
+
+I=18
+KEY=A949CE493892DF58390F76D98713BE173BAB46D0F473C230
+IV=7C02D378606FC33DFCEF8AA2A000383E
+PT=EE8F5FF6A7FF813386E869C2B35EEF44
+CT=CAE55B9CCBB5A68EBF0D2AB55E079FD4
+
+I=19
+KEY=E159445FE4201A6CF3EA2D454CA6189984A66C65AA745DE4
+IV=CAE55B9CCBB5A68EBF0D2AB55E079FD4
+PT=9699456986535C4648108A16DCB2C534
+CT=9056685FBFECC7A6143DB5AC314DAC88
+
+I=20
+KEY=EE4F7BF96BF1163E63BC451AF34ADF3F909BD9C99B39F16C
+IV=9056685FBFECC7A6143DB5AC314DAC88
+PT=16D6C34C3B57AC0A0F163FA68FD10C52
+CT=4D6A5542F0680CE37E88119141F321F5
+
+I=21
+KEY=27F8CEE0120E8A0F2ED610580322D3DCEE13C858DACAD099
+IV=4D6A5542F0680CE37E88119141F321F5
+PT=337839926E36EC77C9B7B51979FF9C31
+CT=78E16D6027F0D190E78825C2F52E5364
+
+I=22
+KEY=0AF4D3D8EB9FF18A56377D3824D2024C099BED9A2FE483FD
+IV=78E16D6027F0D190E78825C2F52E5364
+PT=8F96B66F934467C72D0C1D38F9917B85
+CT=82A81B33F80A105DD7D9CC6DDFECDB96
+
+I=23
+KEY=AD2AFC821170D967D49F660BDCD81211DE4221F7F008586B
+IV=82A81B33F80A105DD7D9CC6DDFECDB96
+PT=E2CB8E6E329C6660A7DE2F5AFAEF28ED
+CT=0BCD68A063BA3540B3E04C885DF45BD0
+
+I=24
+KEY=5B50EE72BD6CE837DF520EABBF6227516DA26D7FADFC03BB
+IV=0BCD68A063BA3540B3E04C885DF45BD0
+PT=31A14C64CD8BCC8FF67A12F0AC1C3150
+CT=DB27EA5834BF572EA50E03E0773C1010
+
+I=25
+KEY=BF4D8A58F54D47620475E4F38BDD707FC8AC6E9FDAC013AB
+IV=DB27EA5834BF572EA50E03E0773C1010
+PT=26755B5C0BE60998E41D642A4821AF55
+CT=655A896243B5E86B2F74299A317A2E4C
+
+I=26
+KEY=8DC190D88B17EAB9612F6D91C8689814E7D84705EBBA3DE7
+IV=655A896243B5E86B2F74299A317A2E4C
+PT=C6920ADCED82F661328C1A807E5AADDB
+CT=9F45472FDBB732C745AD228810392EA2
+
+I=27
+KEY=B44071C6F14CDA97FE6A2ABE13DFAAD3A275658DFB831345
+IV=9F45472FDBB732C745AD228810392EA2
+PT=2178DFA9784E563E3981E11E7A5B302E
+CT=9F985FBF08235845E396BFCE54BCE7C8
+
+I=28
+KEY=A3C12E42B53D829E61F275011BFCF29641E3DA43AF3FF48D
+IV=9F985FBF08235845E396BFCE54BCE7C8
+PT=44977E2274DA25AE17815F8444715809
+CT=033EAF4FAC934D123012279B1663C80B
+
+I=29
+KEY=8FD2B79E25E39C4A62CCDA4EB76FBF8471F1FDD8B95C3C86
+IV=033EAF4FAC934D123012279B1663C80B
+PT=425088D4626CD7972C1399DC90DE1ED4
+CT=A962CB4707B0048BB81F4225EFC85E48
+
+I=30
+KEY=3D68793EF46B8125CBAE1109B0DFBB0FC9EEBFFD569462CE
+IV=A962CB4707B0048BB81F4225EFC85E48
+PT=EF21ED587C272175B2BACEA0D1881D6F
+CT=6F3A0D63A22C003F7F65B09098F667DB
+
+I=31
+KEY=6A4FB651BE9D0BAFA4941C6A12F3BB30B68B0F6DCE620515
+IV=6F3A0D63A22C003F7F65B09098F667DB
+PT=16054E60B460B2D15727CF6F4AF68A8A
+CT=8BB46230FF03665765F2E5AAEA14104F
+
+I=32
+KEY=3F5991D63C15A1822F207E5AEDF0DD67D379EAC72476155A
+IV=8BB46230FF03665765F2E5AAEA14104F
+PT=82D0B12FEA88917F551627878288AA2D
+CT=8E1A664131FAB09E786E111C3C20A7BB
+
+I=33
+KEY=456F69D38929ED82A13A181BDC0A6DF9AB17FBDB1856B2E1
+IV=8E1A664131FAB09E786E111C3C20A7BB
+PT=1384D3B7CAEB528A7A36F805B53C4C00
+CT=92D99BF1D71026D2BF78E32421E34E52
+
+I=34
+KEY=658891F63379484C33E383EA0B1A4B2B146F18FF39B5FCB3
+IV=92D99BF1D71026D2BF78E32421E34E52
+PT=9F60C3117269E88920E7F825BA50A5CE
+CT=7DB6782C68EC5FC75A2A75E4EA7B4071
+
+I=35
+KEY=9193E2EACE8423F64E55FBC663F614EC4E456D1BD3CEBCC2
+IV=7DB6782C68EC5FC75A2A75E4EA7B4071
+PT=232ECA0370EBD920F41B731CFDFD6BBA
+CT=D76A1E73E977533E6D7C74277DAFEB48
+
+I=36
+KEY=F4C34FE273D0FCB5993FE5B58A8147D22339193CAE61578A
+IV=D76A1E73E977533E6D7C74277DAFEB48
+PT=5BCD8C6C4D14321F6550AD08BD54DF43
+CT=4A69E9081DDD43A6061700C7DA8F5E73
+
+I=37
+KEY=DC82C155896C5D5CD3560CBD975C0474252E19FB74EE09F9
+IV=4A69E9081DDD43A6061700C7DA8F5E73
+PT=C914BB961EA890D828418EB7FABCA1E9
+CT=91EE5BE28C27F055258BC3E1F37E2DEC
+
+I=38
+KEY=08F1655EA3656F1C42B8575F1B7BF42100A5DA1A87902415
+IV=91EE5BE28C27F055258BC3E1F37E2DEC
+PT=11804F73D788115CD473A40B2A093240
+CT=86B9BE5AFD2A8A49E2651C314CAE0918
+
+I=39
+KEY=59D7EFD92140A147C401E905E6517E68E2C0C62BCB3E2D0D
+IV=86B9BE5AFD2A8A49E2651C314CAE0918
+PT=6E2A1E436926174E51268A878225CE5B
+CT=C642F5ED78DB76738A89296B1C4A0932
+
+I=40
+KEY=F6E75E7867D0FB4A02431CE89E8A081B6849EF40D774243F
+IV=C642F5ED78DB76738A89296B1C4A0932
+PT=15896B8B864CF068AF30B1A146905A0D
+CT=24288AE027547E499EBADE9260C8F037
+
+I=41
+KEY=9A048C2BC98E15B2266B9608B9DE7652F6F331D2B7BCD408
+IV=24288AE027547E499EBADE9260C8F037
+PT=FF9A330C205DC3006CE3D253AE5EEEF8
+CT=BD9B3D670D24EDDA1EAD1DB06C8A83C7
+
+I=42
+KEY=97E8C017644E9FED9BF0AB6FB4FA9B88E85E2C62DB3657CF
+IV=BD9B3D670D24EDDA1EAD1DB06C8A83C7
+PT=C9A3916C34A7CCD90DEC4C3CADC08A5F
+CT=1FCCBC65C44E4680E1593EE0EEFEA9A9
+
+I=43
+KEY=3A2862113BD3312D843C170A70B4DD080907128235C8FE66
+IV=1FCCBC65C44E4680E1593EE0EEFEA9A9
+PT=EAF9C4A80EE93585ADC0A2065F9DAEC0
+CT=2C0004064936696B10D039D9795BABC7
+
+I=44
+KEY=33FAE356C0C96F17A83C130C3982B46319D72B5B4C9355A1
+IV=2C0004064936696B10D039D9795BABC7
+PT=4181525880CA468909D28147FB1A5E3A
+CT=79F193EB9A9A48464FF007D73E9B4106
+
+I=45
+KEY=2136A7940C9B9FAFD1CD80E7A318FC2556272C8C720814A7
+IV=79F193EB9A9A48464FF007D73E9B4106
+PT=2899D75DFB84950E12CC44C2CC52F0B8
+CT=DA12307CE9A6BA0FCE5A76AE1747E619
+
+I=46
+KEY=0C839679750274320BDFB09B4ABE462A987D5A22654FF2BE
+IV=DA12307CE9A6BA0FCE5A76AE1747E619
+PT=2C71B8623CA5BF292DB531ED7999EB9D
+CT=A59997FA19B58BC71CB05E7140386C94
+
+I=47
+KEY=4D3CDB92797645C1AE462761530BCDED84CD045325779E2A
+IV=A59997FA19B58BC71CB05E7140386C94
+PT=63F4FC202A1B921241BF4DEB0C7431F3
+CT=49E65D7422398035DD1E4EBAD37C699D
+
+I=48
+KEY=38082D7CC27EBABBE7A07A1571324DD859D34AE9F60BF7B7
+IV=49E65D7422398035DD1E4EBAD37C699D
+PT=7F0E2FD5D4B5A0CB7534F6EEBB08FF7A
+CT=64DF24483FC73174FB6482A6E2B895E0
+
+I=49
+KEY=1557398CFBFF31F8837F5E5D4EF57CACA2B7C84F14B36257
+IV=64DF24483FC73174FB6482A6E2B895E0
+PT=0F525FCF2A1E3D612D5F14F039818B43
+CT=028880CC8AA1B92CB807F1102663E658
+
+I=50
+KEY=229C31F1D34A529581F7DE91C454C5801AB0395F32D0840F
+IV=028880CC8AA1B92CB807F1102663E658
+PT=219604B99FF2BE7B37CB087D28B5636D
+CT=FAC8B66D1BA7849392CC235D0276110E
+
+I=51
+KEY=C75DE76D40D536277B3F68FCDFF34113887C1A0230A69501
+IV=FAC8B66D1BA7849392CC235D0276110E
+PT=3319C80C038E565FE5C1D69C939F64B2
+CT=79770F286419EEFD855868EC4ADF3775
+
+I=52
+KEY=5F0B08B451490B27024867D4BBEAAFEE0D2472EE7A79A274
+IV=79770F286419EEFD855868EC4ADF3775
+PT=E173A8580816CAFA9856EFD9119C3D00
+CT=FC0AA487B09DF657DB58DBF83E13E137
+
+I=53
+KEY=E86E8BFBF1D65541FE42C3530B7759B9D67CA916446A4343
+IV=FC0AA487B09DF657DB58DBF83E13E137
+PT=01274C45F202C22CB765834FA09F5E66
+CT=9691EA44FC67CA29E50E7FF7DBC4D0CA
+
+I=54
+KEY=7849550CA6CCD87268D32917F71093903372D6E19FAE9389
+IV=9691EA44FC67CA29E50E7FF7DBC4D0CA
+PT=026BD493499B7BA99027DEF7571A8D33
+CT=5206F7CF45A59FD6444CCBB6B034CF45
+
+I=55
+KEY=52D81D6104DBF6DF3AD5DED8B2B50C46773E1D572F9A5CCC
+IV=5206F7CF45A59FD6444CCBB6B034CF45
+PT=33CA15B3D921E7752A91486DA2172EAD
+CT=F4A41D18E3EF9DE46917BADB1B5EC613
+
+I=56
+KEY=36FB680165ABD632CE71C3C0515A91A21E29A78C34C49ADF
+IV=F4A41D18E3EF9DE46917BADB1B5EC613
+PT=65F3084285AA869464237560617020ED
+CT=6C4154D3245D2546979118A36120A911
+
+I=57
+KEY=6E7548B98AA0640AA23097137507B4E489B8BF2F55E433CE
+IV=6C4154D3245D2546979118A36120A911
+PT=6CF540F502D90886588E20B8EF0BB238
+CT=2A52376A7E494ADEDD53A416F73FE9C0
+
+I=58
+KEY=A0D840A0E3CC1EA58862A0790B4EFE3A54EB1B39A2DBDA0E
+IV=2A52376A7E494ADEDD53A416F73FE9C0
+PT=708AE2375F305572CEAD0819696C7AAF
+CT=7A0EF052184147EA279839380B3DBB32
+
+I=59
+KEY=153CF68E4A1C1FCEF26C502B130FB9D073732201A9E6613C
+IV=7A0EF052184147EA279839380B3DBB32
+PT=A8267215107D3DD0B5E4B62EA9D0016B
+CT=F193B80D57571F94A4F5373149163AA1
+
+I=60
+KEY=E0B0657A66C37D8703FFE8264458A644D7861530E0F05B9D
+IV=F193B80D57571F94A4F5373149163AA1
+PT=EE4B04302CB02990F58C93F42CDF6249
+CT=A28E99815C930AC05ADA4524A7E5968C
+
+I=61
+KEY=94760F8A93926E4DA17171A718CBAC848D5C50144715CD11
+IV=A28E99815C930AC05ADA4524A7E5968C
+PT=34D122B717CBA59174C66AF0F55113CA
+CT=6F9342E7915613450E823EC9A781DAA3
+
+I=62
+KEY=0B352460A1579376CEE23340899DBFC183DE6EDDE09417B2
+IV=6F9342E7915613450E823EC9A781DAA3
+PT=D8689ED21F3EA8E29F432BEA32C5FD3B
+CT=584BB944532A830F7F8DCDBE42E7DBFC
+
+I=63
+KEY=999A5CEB73DFCC1796A98A04DAB73CCEFC53A363A273CC4E
+IV=584BB944532A830F7F8DCDBE42E7DBFC
+PT=4E87F73D46D0C0AF92AF788BD2885F61
+CT=4AC372A4D3273C71F69D50168A9235A1
+
+I=64
+KEY=42C59FFD5AA69C11DC6AF8A0099000BF0ACEF37528E1F9EF
+IV=4AC372A4D3273C71F69D50168A9235A1
+PT=324DC9C2D34E95F9DB5FC31629795006
+CT=60E53CC2D5E4900D48A0C5F7EE3BC810
+
+I=65
+KEY=843EBDEF0CEEBA5BBC8FC462DC7490B2426E3682C6DA31FF
+IV=60E53CC2D5E4900D48A0C5F7EE3BC810
+PT=8B94F018A7115B3AC6FB22125648264A
+CT=4BD7DF7DFD03A24809B751F59FACF417
+
+I=66
+KEY=98E40853FA954FF5F7581B1F217732FA4BD967775976C5E8
+IV=4BD7DF7DFD03A24809B751F59FACF417
+PT=109C734AC21ED2631CDAB5BCF67BF5AE
+CT=B7A3CF7E58A413C5065E9CFD23C750F9
+
+I=67
+KEY=5419462C5329544A40FBD46179D3213F4D87FB8A7AB19511
+IV=B7A3CF7E58A413C5065E9CFD23C750F9
+PT=8CA507ACCDB3A793CCFD4E7FA9BC1BBF
+CT=6285C3D0FD2645192C5DD046D73414CE
+
+I=68
+KEY=B58628819840885D227E17B184F5642661DA2BCCAD8581DF
+IV=6285C3D0FD2645192C5DD046D73414CE
+PT=7DE48BAD03BB9F53E19F6EADCB69DC17
+CT=583FBCEB09646CEC19D00620E5455FD5
+
+I=69
+KEY=73F7F00EF22ED1B07A41AB5A8D9108CA780A2DEC48C0DE0A
+IV=583FBCEB09646CEC19D00620E5455FD5
+PT=126D3F2A0BC1B168C671D88F6A6E59ED
+CT=886A5273055AF7AE37EFB726DC90FD9E
+
+I=70
+KEY=69735F80F0B876DAF22BF92988CBFF644FE59ACA94502394
+IV=886A5273055AF7AE37EFB726DC90FD9E
+PT=0B4D3F58D83D866A1A84AF8E0296A76A
+CT=FD068F02BB6C2611EF78CD963EF2F78F
+
+I=71
+KEY=92E5FF32D46494880F2D762B33A7D975A09D575CAAA2D41B
+IV=FD068F02BB6C2611EF78CD963EF2F78F
+PT=705667CBCC87BF3DFB96A0B224DCE252
+CT=34713FD3FA07F0B3F94EC0FB17BB465F
+
+I=72
+KEY=A0DF9DCB873A1ADC3B5C49F8C9A029C659D397A7BD199244
+IV=34713FD3FA07F0B3F94EC0FB17BB465F
+PT=4BF66F55275D6CB3323A62F9535E8E54
+CT=82C8A179661207B7FE178A266C607074
+
+I=73
+KEY=2D1604ADAA49C3FBB994E881AFB22E71A7C41D81D179E230
+IV=82C8A179661207B7FE178A266C607074
+PT=167203BBB933707A8DC999662D73D927
+CT=DCDBCC8D11C632CB220C6E95B399A1CC
+
+I=74
+KEY=7D2C4B0C0D0B001A654F240CBE741CBA85C8731462E043FC
+IV=DCDBCC8D11C632CB220C6E95B399A1CC
+PT=668F998350BDA831503A4FA1A742C3E1
+CT=8827EBFCB24470266D5C0BA05D5974A4
+
+I=75
+KEY=BE3A4CF21186C2C7ED68CFF00C306C9CE89478B43FB93758
+IV=8827EBFCB24470266D5C0BA05D5974A4
+PT=B8D1D48F3C41094EC31607FE1C8DC2DD
+CT=61E59DECE1AEFFDEB9B216828953D70F
+
+I=76
+KEY=D0CE372842DC32508C8D521CED9E934251266E36B6EAE057
+IV=61E59DECE1AEFFDEB9B216828953D70F
+PT=49A4495257D08AA56EF47BDA535AF097
+CT=ECD04FFB385CCC1D13C312A5C31810DE
+
+I=77
+KEY=E7274C14C4163169605D1DE7D5C25F5F42E57C9375F2F089
+IV=ECD04FFB385CCC1D13C312A5C31810DE
+PT=3EED6F60FD9050A737E97B3C86CA0339
+CT=D9C90455AFBF5465F89752FB6F60BDFF
+
+I=78
+KEY=71E35A00CAFB898BB99419B27A7D0B3ABA722E681A924D76
+IV=D9C90455AFBF5465F89752FB6F60BDFF
+PT=5CE6E7F07945191396C416140EEDB8E2
+CT=F6E795B326CFD6CCC0E230E4FE770878
+
+I=79
+KEY=79DFA388989B29204F738C015CB2DDF67A901E8CE4E5450E
+IV=F6E795B326CFD6CCC0E230E4FE770878
+PT=314A5784B7909F89083CF9885260A0AB
+CT=6B3A00F05F79F25E4E9EDA81034A9B7B
+
+I=80
+KEY=75F6D5983AE6D7AC24498CF103CB2FA8340EC40DE7AFDE75
+IV=6B3A00F05F79F25E4E9EDA81034A9B7B
+PT=DEC42B1A6184FDF80C297610A27DFE8C
+CT=6A19BEA8826427E309BD55BCBBE246B4
+
+I=81
+KEY=E47EEE65549BF1634E50325981AF084B3DB391B15C4D98C1
+IV=6A19BEA8826427E309BD55BCBBE246B4
+PT=63C46CFF49FF13B291883BFD6E7D26CF
+CT=738C0B0E580C0B1ED488DDE8502CB754
+
+I=82
+KEY=E6DBE45547556F403DDC3957D9A30355E93B4C590C612F95
+IV=738C0B0E580C0B1ED488DDE8502CB754
+PT=E951F5C902BD351502A50A3013CE9E23
+CT=389E33F3DAB3FAB7B2ACB853C0150B8D
+
+I=83
+KEY=EBA5A1BDF9FC558905420AA40310F9E25B97F40ACC742418
+IV=389E33F3DAB3FAB7B2ACB853C0150B8D
+PT=54EFC45B4036B60D0D7E45E8BEA93AC9
+CT=EACAE8A4B5CCBDB28ED2162670DBD4B1
+
+I=84
+KEY=B570945030615F75EF88E200B6DC4450D545E22CBCAFF0A9
+IV=EACAE8A4B5CCBDB28ED2162670DBD4B1
+PT=7F3BA6FE23AE45665ED535EDC99D0AFC
+CT=535FEA61623ECD22FA1A95BF95320252
+
+I=85
+KEY=F332D3DE8556F82EBCD70861D4E289722F5F7793299DF2FB
+IV=535FEA61623ECD22FA1A95BF95320252
+PT=8FEB6943B22437D34642478EB537A75B
+CT=CD23D928E1D3221E4D3C51670C071276
+
+I=86
+KEY=1402D325D7EBA90871F4D1493531AB6C626326F4259AE08D
+IV=CD23D928E1D3221E4D3C51670C071276
+PT=8B01EE4509B58B49E73000FB52BD5126
+CT=56DC7F1BE2CC26A369B3BCA71BF8FAB8
+
+I=87
+KEY=389C95DC5BF411B62728AE52D7FD8DCF0BD09A533E621A35
+IV=56DC7F1BE2CC26A369B3BCA71BF8FAB8
+PT=9BFE561402B07B4C2C9E46F98C1FB8BE
+CT=A059CFB443009F0ACD8E5051BD16C837
+
+I=88
+KEY=89180FBFF0A12019877161E694FD12C5C65ECA028374D202
+IV=A059CFB443009F0ACD8E5051BD16C837
+PT=C8D55810C7A22E30B1849A63AB5531AF
+CT=62CEB7D9A6D23B40CFD75990D1040BA4
+
+I=89
+KEY=08BE01CF1E620DBEE5BFD63F322F2985098993925270D9A6
+IV=62CEB7D9A6D23B40CFD75990D1040BA4
+PT=F888764A970B03BC81A60E70EEC32DA7
+CT=F6D89003ABBF003AF013EB221AF17F99
+
+I=90
+KEY=5EB9AC53FC544ADE1367463C999029BFF99A78B04881A63F
+IV=F6D89003ABBF003AF013EB221AF17F99
+PT=26A25CFC1E699D8B5607AD9CE2364760
+CT=74C9E920DC16396E89774B82E7803EF5
+
+I=91
+KEY=D8FAD6E8CDC96CEF67AEAF1C458610D170ED3332AF0198CA
+IV=74C9E920DC16396E89774B82E7803EF5
+PT=76AFDD045A30FAA486437ABB319D2631
+CT=A5B997689B88AAC0611C2963C8C1B7CE
+
+I=92
+KEY=7E774E64A5F209B2C2173874DE0EBA1111F11A5167C02F04
+IV=A5B997689B88AAC0611C2963C8C1B7CE
+PT=ABF525144D3415DEA68D988C683B655D
+CT=7A2F39D97547C3CD336577E41C0483ED
+
+I=93
+KEY=0406C21AE6E015E0B83801ADAB4979DC22946DB57BC4ACE9
+IV=7A2F39D97547C3CD336577E41C0483ED
+PT=E0C2466426630D1B7A718C7E43121C52
+CT=67899F7D0890E90383C05A7984604241
+
+I=94
+KEY=D9249A4AFDF40BEADFB19ED0A3D990DFA15437CCFFA4EEA8
+IV=67899F7D0890E90383C05A7984604241
+PT=07E55341FCD016D7DD2258501B141E0A
+CT=7B1CBCD270B09E9A1D15714D8366D174
+
+I=95
+KEY=B2242464CD4D2448A4AD2202D3690E45BC4146817CC23FDC
+IV=7B1CBCD270B09E9A1D15714D8366D174
+PT=25C6E62F44ABFF406B00BE2E30B92FA2
+CT=C86E27E5CA4461CE656D893A16477966
+
+I=96
+KEY=602CDF824C043C836CC305E7192D6F8BD92CCFBB6A8546BA
+IV=C86E27E5CA4461CE656D893A16477966
+PT=3F9D262E375F057BD208FBE6814918CB
+CT=8129054CF746CB79112942AE35142E4D
+
+I=97
+KEY=73F82C9EE4B4D0E8EDEA00ABEE6BA4F2C8058D155F9168F7
+IV=8129054CF746CB79112942AE35142E4D
+PT=7BC798EAC4C17B2D13D4F31CA8B0EC6B
+CT=36F21910B1677AF19586E55E360FB8DD
+
+I=98
+KEY=E5FC538A60CC29A3DB1819BB5F0CDE035D83684B699ED02A
+IV=36F21910B1677AF19586E55E360FB8DD
+PT=D3E39037253E5BAA96047F148478F94B
+CT=BA7CE80E0853D264368EE61D8E71EEBE
+
+I=99
+KEY=D9381EF81441B6C16164F1B5575F0C676B0D8E56E7EF3E94
+IV=BA7CE80E0853D264368EE61D8E71EEBE
+PT=DE4FFDFADB81FABB3CC44D72748D9F62
+CT=971AD82D1F46F1087B37103B4BE5DD8C
+
+I=100
+KEY=A0BF8B4740D929C9F67E29984819FD6F103A9E6DAC0AE318
+IV=971AD82D1F46F1087B37103B4BE5DD8C
+PT=FE6355B5D860522B798795BF54989F08
+CT=D17268155EE586F352BB031929441700
+
+I=101
+KEY=477A0AB591FFEC5C270C418D16FC7B9C42819D74854EF418
+IV=D17268155EE586F352BB031929441700
+PT=166A50EEE05F4A39E7C581F2D126C595
+CT=2CD84FB5B587BE8B04638A9EDBA17AE2
+
+I=102
+KEY=50005B4C4B11BFB20BD40E38A37BC51746E217EA5EEF8EFA
+IV=2CD84FB5B587BE8B04638A9EDBA17AE2
+PT=1296DC2C1741EB2A177A51F9DAEE53EE
+CT=8C2A5A31951FB2D9E8D35CD3C007B8B3
+
+I=103
+KEY=E1E88DDBA5D849DF87FE5409366477CEAE314B399EE83649
+IV=8C2A5A31951FB2D9E8D35CD3C007B8B3
+PT=57C5E1A070E3C2AEB1E8D697EEC9F66D
+CT=AA9E935BA264C9FD0C07072AF8499CD7
+
+I=104
+KEY=D465F0FB195068CF2D60C7529400BE33A2364C1366A1AA9E
+IV=AA9E935BA264C9FD0C07072AF8499CD7
+PT=77D0522670E00BD7358D7D20BC882110
+CT=A22DF6CE12C75FB99F5159A1E3E4249F
+
+I=105
+KEY=4DEB1B5E6398E4AD8F4D319C86C7E18A3D6715B285458E01
+IV=A22DF6CE12C75FB99F5159A1E3E4249F
+PT=D6F96D22896A2574998EEBA57AC88C62
+CT=B356102A9158C569469E61093146B9F0
+
+I=106
+KEY=D73E5CA946860BDD3C1B21B6179F24E37BF974BBB40337F1
+IV=B356102A9158C569469E61093146B9F0
+PT=2E72F61FC21F57A09AD547F7251EEF70
+CT=AB2BABFB88D3C3ACE4CBA81E0E250AD3
+
+I=107
+KEY=6B592CE635873DE197308A4D9F4CE74F9F32DCA5BA263D22
+IV=AB2BABFB88D3C3ACE4CBA81E0E250AD3
+PT=39B02C01155705C9BC67704F7301363C
+CT=8A4AC90E9095479F3C02DE7B08C01F1C
+
+I=108
+KEY=1026EE98CAC684081D7A43430FD9A0D0A33002DEB2E6223E
+IV=8A4AC90E9095479F3C02DE7B08C01F1C
+PT=14F49DBECEE88DBB7B7FC27EFF41B9E9
+CT=62E4E3C43938D014D90C4A1D8CD09639
+
+I=109
+KEY=20972278E7C0FFC17F9EA08736E170C47A3C48C33E36B407
+IV=62E4E3C43938D014D90C4A1D8CD09639
+PT=56EFB0EA336A674930B1CCE02D067BC9
+CT=5E8EB865BFC1999D57A67280E37CA129
+
+I=110
+KEY=2BEE1A1965A7F17C211018E28920E9592D9A3A43DD4A152E
+IV=5E8EB865BFC1999D57A67280E37CA129
+PT=9CF6F073F2F0C7CB0B79386182670EBD
+CT=D3B98A4562FAB47ED3D09C55E75EE51B
+
+I=111
+KEY=EB85E491647FD6ACF2A992A7EBDA5D27FE4AA6163A14F035
+IV=D3B98A4562FAB47ED3D09C55E75EE51B
+PT=61964EF472752F21C06BFE8801D827D0
+CT=CF3D65AEEDD747416AF436A3B909828F
+
+I=112
+KEY=E94E6286941EC36D3D94F709060D1A6694BE90B5831D72BA
+IV=CF3D65AEEDD747416AF436A3B909828F
+PT=6C0B536EA1099A4202CB8617F06115C1
+CT=5DB0625B34C01C47490B5200E8A205FC
+
+I=113
+KEY=F5D756E568CA6BA06024955232CD0621DDB5C2B56BBF7746
+IV=5DB0625B34C01C47490B5200E8A205FC
+PT=08D5CD9945D190AB1C993463FCD4A8CD
+CT=771B5C66F79E262FAAC6F92F128669CB
+
+I=114
+KEY=462C74E6E222DE77173FC934C553200E77733B9A79391E8D
+IV=771B5C66F79E262FAAC6F92F128669CB
+PT=5628EC55D7AB7634B3FB22038AE8B5D7
+CT=31C436E7CA7343A93AA0B74A38CCDAC0
+
+I=115
+KEY=5062F2489F4C68FE26FBFFD30F2063A74DD38CD041F5C44D
+IV=31C436E7CA7343A93AA0B74A38CCDAC0
+PT=F279C45DBD75C458164E86AE7D6EB689
+CT=845320B41FD6F1D4DBB36D19D8A4A268
+
+I=116
+KEY=5A27EC509FED17B6A2A8DF6710F692739660E1C999516625
+IV=845320B41FD6F1D4DBB36D19D8A4A268
+PT=7C0CB5E4FFE703260A451E1800A17F48
+CT=D8F9FB52BE1B342D6FBBB8A7FCDEFD89
+
+I=117
+KEY=E925EC8E99BF11E97A512435AEEDA65EF9DB596E658F9BAC
+IV=D8F9FB52BE1B342D6FBBB8A7FCDEFD89
+PT=187F3648643AF8E6B30200DE0652065F
+CT=240647A32D765031C79D8893CC19EBA9
+
+I=118
+KEY=5574034BCE64FADD5E576396839BF66F3E46D1FDA9967005
+IV=240647A32D765031C79D8893CC19EBA9
+PT=AF808097E0C68C8FBC51EFC557DBEB34
+CT=2A3805A7D773F9C00635779752C9CCE7
+
+I=119
+KEY=D842A9983BBDAA5E746F663154E80FAF3873A66AFB5FBCE2
+IV=2A3805A7D773F9C00635779752C9CCE7
+PT=D44486CCC61C68588D36AAD3F5D95083
+CT=2219F0C7A805BEC4A4931F84CBFFC598
+
+I=120
+KEY=CD622302BD70E2CD567696F6FCEDB16B9CE0B9EE30A0797A
+IV=2219F0C7A805BEC4A4931F84CBFFC598
+PT=67DA1BC4F2BC2F3315208A9A86CD4893
+CT=8B1F4353CF6969888BBD6654AB65C2A8
+
+I=121
+KEY=80A1D0CA7667F291DD69D5A53384D8E3175DDFBA9BC5BBD2
+IV=8B1F4353CF6969888BBD6654AB65C2A8
+PT=D114FDA8E61BEAC44DC3F3C8CB17105C
+CT=B6F0C0F016A1FA033C37D1128D9B2EF3
+
+I=122
+KEY=2C9B755C3B8B44416B991555252522E02B6A0EA8165E9521
+IV=B6F0C0F016A1FA033C37D1128D9B2EF3
+PT=738DBCE3EE7E70EAAC3AA5964DECB6D0
+CT=14FB0A67CB0729CA25152581D8C3FEEF
+
+I=123
+KEY=5D05BDFBF482E4D37F621F32EE220B2A0E7F2B29CE9D6BCE
+IV=14FB0A67CB0729CA25152581D8C3FEEF
+PT=D3186497981F294B719EC8A7CF09A092
+CT=14C988C52C7ED50EBD10219F1F58C213
+
+I=124
+KEY=9E044D195FA8557C6BAB97F7C25CDE24B36F0AB6D1C5A9DD
+IV=14C988C52C7ED50EBD10219F1F58C213
+PT=C062585284FDE540C301F0E2AB2AB1AF
+CT=1FE7E153E69F95F102624ACEB9067FA1
+
+I=125
+KEY=2B116B6F1FD581C6744C76A424C34BD5B10D407868C3D67C
+IV=1FE7E153E69F95F102624ACEB9067FA1
+PT=F18294D40CAA674DB5152676407DD4BA
+CT=AB43B2C61C9F23B96EFE293C6730A98F
+
+I=126
+KEY=EAF1AFBDD2CEDB9ADF0FC462385C686CDFF369440FF37FF3
+IV=AB43B2C61C9F23B96EFE293C6730A98F
+PT=7D465730C5422413C1E0C4D2CD1B5A5C
+CT=B1413F447CA81C678287EE2366544547
+
+I=127
+KEY=4FA6C7DA7A84D4CB6E4EFB2644F4740B5D74876769A73AB4
+IV=B1413F447CA81C678287EE2366544547
+PT=C7BFA1BFA26828F7A5576867A84A0F51
+CT=7AE90F988557F3A41BBDB4B69C5FF56A
+
+I=128
+KEY=C9B0E3C7CEF4003014A7F4BEC1A387AF46C933D1F5F8CFDE
+IV=7AE90F988557F3A41BBDB4B69C5FF56A
+PT=5173C32806105AD18616241DB470D4FB
+CT=F2EF675645D284F042FAEBE87AE3ECAE
+
+I=129
+KEY=DB855274F6CC030BE64893E88471035F0433D8398F1B2370
+IV=F2EF675645D284F042FAEBE87AE3ECAE
+PT=6DF6B7F917B2F8431235B1B33838033B
+CT=30D4F068BC2FDEC79CF81A4FA641A495
+
+I=130
+KEY=F37DBF11472A4F87D69C6380385EDD9898CBC276295A87E5
+IV=30D4F068BC2FDEC79CF81A4FA641A495
+PT=F4C98D268B7D175728F8ED65B1E64C8C
+CT=0CEB234560B935E5B08C7EA2AA4A962D
+
+I=131
+KEY=1A2F5A0827B2F861DA7740C558E7E87D2847BCD4831011C8
+IV=0CEB234560B935E5B08C7EA2AA4A962D
+PT=9873E312B815DC81E952E5196098B7E6
+CT=7BED84EFC02836F6D165AD27DEEF2B21
+
+I=132
+KEY=9C815F2A4EC42D02A19AC42A98CFDE8BF92211F35DFF3AE9
+IV=7BED84EFC02836F6D165AD27DEEF2B21
+PT=D8765DE55131DC4186AE05226976D563
+CT=C36FEDCB97DA734243A20C49D5942DD1
+
+I=133
+KEY=9A12CC40F3C185AA62F529E10F15ADC9BA801DBA886B1738
+IV=C36FEDCB97DA734243A20C49D5942DD1
+PT=18B252CEB124BD110693936ABD05A8A8
+CT=94C9A6BDB97522FACEE2E869C3C48FB0
+
+I=134
+KEY=F08C23DDC110ED40F63C8F5CB6608F337462F5D34BAF9888
+IV=94C9A6BDB97522FACEE2E869C3C48FB0
+PT=154FF810E3F0CE586A9EEF9D32D168EA
+CT=AFC8D15F80F19F942FCA22DA0DF79937
+
+I=135
+KEY=B1224FF7293C5DC559F45E03369110A75BA8D709465801BF
+IV=AFC8D15F80F19F942FCA22DA0DF79937
+PT=259A6B069CA3273C41AE6C2AE82CB085
+CT=5AADC1716B2ED4FC7CA9825A32EA2FB1
+
+I=136
+KEY=D29A829813CC5B4103599F725DBFC45B2701555374B22E0E
+IV=5AADC1716B2ED4FC7CA9825A32EA2FB1
+PT=CB78C574D9B1B9EF63B8CD6F3AF00684
+CT=EACB8D3001640F340DFB459CD8D162BD
+
+I=137
+KEY=1049116DD39F7B30E99212425CDBCB6F2AFA10CFAC634CB3
+IV=EACB8D3001640F340DFB459CD8D162BD
+PT=DF461D135DE19FA2C2D393F5C0532071
+CT=9115EB33739C04AAE22765621A8852C5
+
+I=138
+KEY=A129CBBF89658D977887F9712F47CFC5C8DD75ADB6EB1E76
+IV=9115EB33739C04AAE22765621A8852C5
+PT=E32AF908A190B95FB160DAD25AFAF6A7
+CT=B171D8AC24C6873B54F42D5DAC51ED34
+
+I=139
+KEY=EE7226D88DFA48DFC9F621DD0B8148FE9C2958F01ABAF342
+IV=B171D8AC24C6873B54F42D5DAC51ED34
+PT=0A669BB00E2123B54F5BED67049FC548
+CT=CFFC81B70593A36D022248D1CBE7FC58
+
+I=140
+KEY=C907918503B2C1C0060AA06A0E12EB939E0B1021D15D0F1A
+IV=CFFC81B70593A36D022248D1CBE7FC58
+PT=E9B1E6FA006D4CEE2775B75D8E48891F
+CT=0B3B02FC8A8D677B8077D7FDF9EB0396
+
+I=141
+KEY=E468A0560DB602C10D31A296849F8CE81E7CC7DC28B60C8C
+IV=0B3B02FC8A8D677B8077D7FDF9EB0396
+PT=AA3626C69662AE442D6F31D30E04C301
+CT=2C78C31D4B2EBAEF54CB6D04C4375196
+
+I=142
+KEY=EB8BCD80D3E35CCB2149618BCFB136074AB7AAD8EC815D1A
+IV=2C78C31D4B2EBAEF54CB6D04C4375196
+PT=5017BD9EB52514180FE36DD6DE555E0A
+CT=67D2DD54A0881186DFA6A608C036CE61
+
+I=143
+KEY=7065D92686BA37E9469BBCDF6F39278195110CD02CB7937B
+IV=67D2DD54A0881186DFA6A608C036CE61
+PT=6CBC1C2DAA3A7F7B9BEE14A655596B22
+CT=62163C88A40E7CFF7522A3DC32F30BCF
+
+I=144
+KEY=E0B4AE9D6C9A5A92248D8057CB375B7EE033AF0C1E4498B4
+IV=62163C88A40E7CFF7522A3DC32F30BCF
+PT=0F6C44EE5E2587A790D177BBEA206D7B
+CT=B84A631DE451F109C48785DE3D4099C2
+
+I=145
+KEY=DDCDB4F73AA0C8789CC7E34A2F66AA7724B42AD223040176
+IV=B84A631DE451F109C48785DE3D4099C2
+PT=EE1EA5C5340C2F263D791A6A563A92EA
+CT=D438E983DB81DA9341CE1AC45F4E7E52
+
+I=146
+KEY=813604E941CBDF6448FF0AC9F4E770E4657A30167C4A7F24
+IV=D438E983DB81DA9341CE1AC45F4E7E52
+PT=08E1F94874432DBD5CFBB01E7B6B171C
+CT=0E1C069CB75D4EDF4243D1E6D7175425
+
+I=147
+KEY=D64EB9DE5A3B546B46E30C5543BA3E3B2739E1F0AB5D2B01
+IV=0E1C069CB75D4EDF4243D1E6D7175425
+PT=CFCDC1C0EFE678FB5778BD371BF08B0F
+CT=CBC0ED542E26A1943926EF7897A79E97
+
+I=148
+KEY=D1659785D1D551948D23E1016D9C9FAF1E1F0E883CFAB596
+IV=CBC0ED542E26A1943926EF7897A79E97
+PT=1FEA178A348CAE8B072B2E5B8BEE05FF
+CT=C743A7B60EB7C24867DA82AFF15ED18A
+
+I=149
+KEY=05786C3E1FBE51864A6046B7632B5DE779C58C27CDA4641C
+IV=C743A7B60EB7C24867DA82AFF15ED18A
+PT=3A4EF6696CD26875D41DFBBBCE6B0012
+CT=EA23014227CF7B563AEFF86DB947FAC4
+
+I=150
+KEY=CE1E5D5BF32BF0CAA04347F544E426B1432A744A74E39ED8
+IV=EA23014227CF7B563AEFF86DB947FAC4
+PT=DFDF9B4032986E90CB663165EC95A14C
+CT=EAF762B60A106C03B76742E69CEE385A
+
+I=151
+KEY=F8EAC01B3F7E925A4AB425434EF44AB2F44D36ACE80DA682
+IV=EAF762B60A106C03B76742E69CEE385A
+PT=2BDC6EAB1D86311D36F49D40CC556290
+CT=E6CC0491C3509240ED848AE304CC3385
+
+I=152
+KEY=BF5AE8B244244B4BAC7821D28DA4D8F219C9BC4FECC19507
+IV=E6CC0491C3509240ED848AE304CC3385
+PT=81D4E28E02717AB347B028A97B5AD911
+CT=11EE9D22AC798AB5FEF6C6188845F425
+
+I=153
+KEY=5C6538235111334FBD96BCF021DD5247E73F7A5764846122
+IV=11EE9D22AC798AB5FEF6C6188845F425
+PT=DDE402413BB09DFBE33FD09115357804
+CT=3F054911089500FD2CD0645DBFE2A8D3
+
+I=154
+KEY=FAC914FA6B6CA1AB8293F5E1294852BACBEF1E0ADB66C9F1
+IV=3F054911089500FD2CD0645DBFE2A8D3
+PT=345343E023AC39FFA6AC2CD93A7D92E4
+CT=7538E78DE8FC09D203010C61422E6B5A
+
+I=155
+KEY=1E62F54271EA4374F7AB126CC1B45B68C8EE126B9948A2AB
+IV=7538E78DE8FC09D203010C61422E6B5A
+PT=0EC4357C476EB76AE4ABE1B81A86E2DF
+CT=3A4D0093A2B7FF807BAA6A815538507E
+
+I=156
+KEY=5AD3B884BE5653BBCDE612FF6303A4E8B34478EACC70F2D5
+IV=3A4D0093A2B7FF807BAA6A815538507E
+PT=F59FD86893B7DF7244B14DC6CFBC10CF
+CT=2C2FD7DF94FDDC2CA1C05EF5878583FF
+
+I=157
+KEY=B9039E1678902ECCE1C9C520F7FE78C41284261F4BF5712A
+IV=2C2FD7DF94FDDC2CA1C05EF5878583FF
+PT=4600E6CCD65B575AE3D02692C6C67D77
+CT=59C9FA2E4A2227C3E5B831899A3CCBFD
+
+I=158
+KEY=394A8245256D72B8B8003F0EBDDC5F07F73C1796D1C9BAD7
+IV=59C9FA2E4A2227C3E5B831899A3CCBFD
+PT=3030D8E24F7BEA0580491C535DFD5C74
+CT=DEAFC4A07A3FB5D5AA09FF6A2515AB4A
+
+I=159
+KEY=2496931DFCFF2E7166AFFBAEC7E3EAD25D35E8FCF4DC119D
+IV=DEAFC4A07A3FB5D5AA09FF6A2515AB4A
+PT=63CD1CC241B267791DDC1158D9925CC9
+CT=B1B0AED275FCE241B5726E943B37C130
+
+I=160
+KEY=53CBA419E5CED1C8D71F557CB21F0893E8478668CFEBD0AD
+IV=B1B0AED275FCE241B5726E943B37C130
+PT=85F4E06A05C8704A775D37041931FFB9
+CT=B0DFD3EF3AF538791E69AF59CAA7B8CC
+
+I=161
+KEY=DFB0E5440EB582F667C0869388EA30EAF62E2931054C6861
+IV=B0DFD3EF3AF538791E69AF59CAA7B8CC
+PT=B7BDA6C504797C8B8C7B415DEB7B533E
+CT=220F810B0D5A9ED8794932D0BF6150D6
+
+I=162
+KEY=B26A70894070BC9B45CF079885B0AE328F671BE1BA2D38B7
+IV=220F810B0D5A9ED8794932D0BF6150D6
+PT=0113567BFAC19EB86DDA95CD4EC53E6D
+CT=56C77682CA1A041B312061F3FB9A1A59
+
+I=163
+KEY=36EDA74B7133D5871308711A4FAAAA29BE477A1241B722EE
+IV=56C77682CA1A041B312061F3FB9A1A59
+PT=4D39AD87258968FA8487D7C23143691C
+CT=4F18208E63B2D84CC7A0707617DD7B63
+
+I=164
+KEY=F7589312CE997AFE5C1051942C18726579E70A64566A598D
+IV=4F18208E63B2D84CC7A0707617DD7B63
+PT=1B82F5C849E0F965C1B53459BFAAAF79
+CT=85CE0310DEFB36474B38C4347D7EEE8B
+
+I=165
+KEY=F770FC7B1E183E31D9DE5284F2E3442232DFCE502B14B706
+IV=85CE0310DEFB36474B38C4347D7EEE8B
+PT=7B56EBC47E780FB000286F69D08144CF
+CT=CB5AE674DB1426618F577BBD63309EA4
+
+I=166
+KEY=79AD3040CCC9FD521284B4F029F76243BD88B5ED482429A2
+IV=CB5AE674DB1426618F577BBD63309EA4
+PT=47A5B213BC3DF61B8EDDCC3BD2D1C363
+CT=1E26AB2D8B156913995FCAC1ABD99D68
+
+I=167
+KEY=10BB9597F823B61F0CA21FDDA2E20B5024D77F2CE3FDB4CA
+IV=1E26AB2D8B156913995FCAC1ABD99D68
+PT=D31FC11C9FD6E7F86916A5D734EA4B4D
+CT=84E0E24F155E5EFCA9AE9C5F2F26BD25
+
+I=168
+KEY=E1264A2AD33800FF8842FD92B7BC55AC8D79E373CCDB09EF
+IV=84E0E24F155E5EFCA9AE9C5F2F26BD25
+PT=F77FE11AE4BEB403F19DDFBD2B1BB6E0
+CT=B41973B0D807A43A822EB57555B818D4
+
+I=169
+KEY=A19ABDD25ED272693C5B8E226FBBF1960F5756069963113B
+IV=B41973B0D807A43A822EB57555B818D4
+PT=FECAAA8EA9C1883640BCF7F88DEA7296
+CT=949634E68FB9086AE623EAF5E867D4A5
+
+I=170
+KEY=DD904ECCC94F64D0A8CDBAC4E002F9FCE974BCF37104C59E
+IV=949634E68FB9086AE623EAF5E867D4A5
+PT=E8A413C2ADB97D387C0AF31E979D16B9
+CT=96BE2B618F8A961E5DC892F429A8B6FC
+
+I=171
+KEY=1B83C20396D7D0D33E7391A56F886FE2B4BC2E0758AC7362
+IV=96BE2B618F8A961E5DC892F429A8B6FC
+PT=1408434BF0C3432BC6138CCF5F98B403
+CT=C0A9596F56E48F459D2C405F47DCA44C
+
+I=172
+KEY=B04C71DBEA60DB15FEDAC8CA396CE0A729906E581F70D72E
+IV=C0A9596F56E48F459D2C405F47DCA44C
+PT=5E7F070C7EE8A852ABCFB3D87CB70BC6
+CT=A4739C93911C72C959E89544500843BD
+
+I=173
+KEY=9BFC8026BC1D965B5AA95459A870926E7078FB1C4F789493
+IV=A4739C93911C72C959E89544500843BD
+PT=718C23D1F537A6E72BB0F1FD567D4D4E
+CT=4D581200B1E446CC3AD306138BF2898B
+
+I=174
+KEY=FEA9DF8F4FECB3ED17F146591994D4A24AABFD0FC48A1D18
+IV=4D581200B1E446CC3AD306138BF2898B
+PT=E4DD231D871795E065555FA9F3F125B6
+CT=E53EFC19D8048073167B1473C5EBA6D9
+
+I=175
+KEY=62DF036D6F96D937F2CFBA40C19054D15CD0E97C0161BBC1
+IV=E53EFC19D8048073167B1473C5EBA6D9
+PT=9AB809114F10C3FD9C76DCE2207A6ADA
+CT=BDB0C3D9732DE5813C4C72CF01FF5194
+
+I=176
+KEY=CFEF04F0343587004F7F7999B2BDB150609C9BB3009EEA55
+IV=BDB0C3D9732DE5813C4C72CF01FF5194
+PT=B4CFE094F8B4EEE5AD30079D5BA35E37
+CT=D00B5B980D8B10DF3D7D4C0BE5975C1C
+
+I=177
+KEY=CBF2C475C11FA6B89F742201BF36A18F5DE1D7B8E509B649
+IV=D00B5B980D8B10DF3D7D4C0BE5975C1C
+PT=34B39728291953DC041DC085F52A21B8
+CT=ADF5CDFDCC23AD8AD111454B2DB69013
+
+I=178
+KEY=C96820A08056F7C23281EFFC73150C058CF092F3C8BF265A
+IV=ADF5CDFDCC23AD8AD111454B2DB69013
+PT=4C8152CCAA0A23AC029AE4D54149517A
+CT=F070979F68BAEBBD6CE8CE8A549C0E12
+
+I=179
+KEY=61A6BBDB58B4C9D4C2F178631BAFE7B8E0185C799C232848
+IV=F070979F68BAEBBD6CE8CE8A549C0E12
+PT=0B6AF20EF8550A1BA8CE9B7BD8E23E16
+CT=8A75D276384A4F468B459466A304D418
+
+I=180
+KEY=D3EC560DE8B1BBEE4884AA1523E5A8FE6B5DC81F3F27FC50
+IV=8A75D276384A4F468B459466A304D418
+PT=259A18BABFD09145B24AEDD6B005723A
+CT=B7C04F66EB771CBD97F948098E23C655
+
+I=181
+KEY=16FE806749FDDF8CFF44E573C892B443FCA48016B1043A05
+IV=B7C04F66EB771CBD97F948098E23C655
+PT=E00B5E4B3D9E64D0C512D66AA14C6462
+CT=29FB08289BD19BCC0FEB0F433D5CACEE
+
+I=182
+KEY=9CC345922C8912D5D6BFED5B53432F8FF34F8F558C5896EB
+IV=29FB08289BD19BCC0FEB0F433D5CACEE
+PT=07BAA266554EAE0C8A3DC5F56574CD59
+CT=495C245E2F3CC52499B9C1AD7C4484BA
+
+I=183
+KEY=7DDDCF7DE759FDEC9FE3C9057C7FEAAB6AF64EF8F01C1251
+IV=495C245E2F3CC52499B9C1AD7C4484BA
+PT=2E5360D5563EB7D4E11E8AEFCBD0EF39
+CT=68267051421D3AFA19A2E43D501B940B
+
+I=184
+KEY=4BA2EAD4106DD4B7F7C5B9543E62D0517354AAC5A007865A
+IV=68267051421D3AFA19A2E43D501B940B
+PT=050EBC6942F92D95367F25A9F734295B
+CT=1781558A2A8B7C29AC82D6610B67E3CF
+
+I=185
+KEY=CFCCD4ECD20E051CE044ECDE14E9AC78DFD67CA4AB606595
+IV=1781558A2A8B7C29AC82D6610B67E3CF
+PT=1AC90B21EB197E26846E3E38C263D1AB
+CT=BF5FE87A2E882A64493850EC3A0E93A5
+
+I=186
+KEY=C9EA5F992C77DD9C5F1B04A43A61861C96EE2C48916EF630
+IV=BF5FE87A2E882A64493850EC3A0E93A5
+PT=58F997704D085DC506268B75FE79D880
+CT=8F43A961964E3452094E8E71295177CD
+
+I=187
+KEY=1136648F9E0A53C3D058ADC5AC2FB24E9FA0A239B83F81FD
+IV=8F43A961964E3452094E8E71295177CD
+PT=086041AB29E423EFD8DC3B16B27D8E5F
+CT=BF69230BAB6200B7828DC04A13B88E83
+
+I=188
+KEY=47040E2D6DFBE3006F318ECE074DB2F91D2D6273AB870F7E
+IV=BF69230BAB6200B7828DC04A13B88E83
+PT=57865A8650D3202056326AA2F3F1B0C3
+CT=A012FAEE65E2C4F0AC22CB63AB75E35D
+
+I=189
+KEY=868F8310E79C0473CF23742062AF7609B10FA91000F2EC23
+IV=A012FAEE65E2C4F0AC22CB63AB75E35D
+PT=F3ABB47DAE94B82EC18B8D3D8A67E773
+CT=F35BBD3C516F86384DA3BB6B5CCC8B37
+
+I=190
+KEY=5C71ADCE480714DA3C78C91C33C0F031FCAC127B5C3E6714
+IV=F35BBD3C516F86384DA3BB6B5CCC8B37
+PT=CDB3E57FA6DDFF9FDAFE2EDEAF9B10A9
+CT=627A15E65B37C2B9575E8A781271AE64
+
+I=191
+KEY=B603092BC5FD004F5E02DCFA68F73288ABF298034E4FC970
+IV=627A15E65B37C2B9575E8A781271AE64
+PT=7E04F9A0F723DF00EA72A4E58DFA1495
+CT=15427D27E783A5476345C83F3E8A3319
+
+I=192
+KEY=4DB5A9F825C5E8C24B40A1DD8F7497CFC8B7503C70C5FA69
+IV=15427D27E783A5476345C83F3E8A3319
+PT=842B94BE25E8747BFBB6A0D3E038E88D
+CT=35812AFD1A90B0B7D52B45EAD9CAF083
+
+I=193
+KEY=D4F2CCC0734F9ACD7EC18B2095E427781D9C15D6A90F0AEA
+IV=35812AFD1A90B0B7D52B45EAD9CAF083
+PT=3FAB7D4C741B8CD499476538568A720F
+CT=C1A59CD3D9E6650F0D16947D26BFC20D
+
+I=194
+KEY=CB28A8313E133469BF6417F34C024277108A81AB8FB0C8E7
+IV=C1A59CD3D9E6650F0D16947D26BFC20D
+PT=37AC888DCE5CDFD31FDA64F14D5CAEA4
+CT=CB0313E9A046711866CA65702A45CDB6
+
+I=195
+KEY=C5BFEB8246ABAF467467041AEC44336F7640E4DBA5F50551
+IV=CB0313E9A046711866CA65702A45CDB6
+PT=326C9E3EB49138ED0E9743B378B89B2F
+CT=ACE8FC6C6ABBC8124FE35C7976585DF6
+
+I=196
+KEY=110891F8FDF0F254D88FF87686FFFB7D39A3B8A2D3AD58A7
+IV=ACE8FC6C6ABBC8124FE35C7976585DF6
+PT=964239EB84C57F61D4B77A7ABB5B5D12
+CT=0762EF13B80A8B77D04AF797B67D5AA6
+
+I=197
+KEY=EFF558976586AC91DFED17653EF5700AE9E94F3565D00201
+IV=0762EF13B80A8B77D04AF797B67D5AA6
+PT=5ECA17ADFE3C2C21FEFDC96F98765EC5
+CT=B60CC9CD9DE93E2A6FB0B59369B1628E
+
+I=198
+KEY=4494A36EABE3555E69E1DEA8A31C4E208659FAA60C61608F
+IV=B60CC9CD9DE93E2A6FB0B59369B1628E
+PT=7A659E803888296BAB61FBF9CE65F9CF
+CT=73258A43C7DA66FFE4DC9384FC7A60C1
+
+I=199
+KEY=1780249B48B8F7561AC454EB64C628DF62856922F01B004E
+IV=73258A43C7DA66FFE4DC9384FC7A60C1
+PT=8D9C3DCF612320B4531487F5E35BA208
+CT=F0F5D51C06F2D900CC4BE8D3512CA4B6
+
+I=200
+KEY=9FF03D1E23BD9959EA3181F76234F1DFAECE81F1A137A4F8
+IV=F0F5D51C06F2D900CC4BE8D3512CA4B6
+PT=F002AEC878B80A0B887019856B056E0F
+CT=E1321C52A51D9345296A0EF2A9DC9CC5
+
+I=201
+KEY=6042967162EDA50B0B039DA5C729629A87A48F0308EB383D
+IV=E1321C52A51D9345296A0EF2A9DC9CC5
+PT=C5EA4A519D9BAF8FFFB2AB6F41503C52
+CT=ED79D8FC9C60B583E29D0A65A6A5F321
+
+I=202
+KEY=250C416206B9D0A9E67A45595B49D71965398566AE4ECB1C
+IV=ED79D8FC9C60B583E29D0A65A6A5F321
+PT=34D771B44B3943DE454ED713645475A2
+CT=7A08F9096109535C262407EB323EF7BC
+
+I=203
+KEY=6357BC1B7B12F1C09C72BC503A408445431D828D9C703CA0
+IV=7A08F9096109535C262407EB323EF7BC
+PT=60A1EEAE2B16841A465BFD797DAB2169
+CT=24C7F1A39F8B2F03C256F5C59B69C31A
+
+I=204
+KEY=18BF29D147A9675BB8B54DF3A5CBAB46814B77480719FFBA
+IV=24C7F1A39F8B2F03C256F5C59B69C31A
+PT=BFD7B314F959298B7BE895CA3CBB969B
+CT=7DDA5DF3CC7C69AA490FB597888396B2
+
+I=205
+KEY=E8B13C48FBABCD19C56F100069B7C2ECC844C2DF8F9A6908
+IV=7DDA5DF3CC7C69AA490FB597888396B2
+PT=23F8A60BD2354901F00E1599BC02AA42
+CT=04CEB4BE252293A822C77B9C4C27822B
+
+I=206
+KEY=BF275C4D9FC54BC0C1A1A4BE4C955144EA83B943C3BDEB23
+IV=04CEB4BE252293A822C77B9C4C27822B
+PT=2182C0577EAA3C2A57966005646E86D9
+CT=0F24034642E351984620BB2647F5D649
+
+I=207
+KEY=40B459144A6415C2CE85A7F80E7600DCACA3026584483D6A
+IV=0F24034642E351984620BB2647F5D649
+PT=F59318D1D3D9A9E0FF930559D5A15E02
+CT=DB98808C46668D79AB059C5554CEEB1A
+
+I=208
+KEY=D5A01AB42D709E6A151D277448108DA507A69E30D086D670
+IV=DB98808C46668D79AB059C5554CEEB1A
+PT=49CF142E621D1A8D951443A067148BA8
+CT=15C32FE5E9BCA5F8D09EA2E4D145FE3D
+
+I=209
+KEY=8191AB3C11B4B72700DE0891A1AC285DD7383CD401C3284D
+IV=15C32FE5E9BCA5F8D09EA2E4D145FE3D
+PT=5C1E9B721987B8BF5431B1883CC4294D
+CT=AA7CA217D0514CA4F20C50293121E8D8
+
+I=210
+KEY=69D24875B8A5B5D1AAA2AA8671FD64F925346CFD30E2C095
+IV=AA7CA217D0514CA4F20C50293121E8D8
+PT=8239553D8FB88E17E843E349A91102F6
+CT=C4068B901CB07904F843BF6F3CDC4FF8
+
+I=211
+KEY=12BAE3B5B2C03E746EA421166D4D1DFDDD77D3920C3E8F6D
+IV=C4068B901CB07904F843BF6F3CDC4FF8
+PT=80D797C671D3BFF67B68ABC00A658BA5
+CT=9F835417C4D622DB52651897DC23E1C3
+
+I=212
+KEY=1A0CFD7FA1284652F1277501A99B3F268F12CB05D01D6EAE
+IV=9F835417C4D622DB52651897DC23E1C3
+PT=C36513D78FBBFDCC08B61ECA13E87826
+CT=0156C998E85BE92F0EF998442204EB19
+
+I=213
+KEY=7829D1FE113103B0F071BC9941C0D60981EB5341F21985B7
+IV=0156C998E85BE92F0EF998442204EB19
+PT=000894F1AF39A67562252C81B01945E2
+CT=6A554057C0A3EB723B693258BC5E899D
+
+I=214
+KEY=D719D37FC9087D2F9A24FCCE81633D7BBA8261194E470C2A
+IV=6A554057C0A3EB723B693258BC5E899D
+PT=B92413276BF142D0AF300281D8397E9F
+CT=395F80E405813D97576954A23C77C2CA
+
+I=215
+KEY=39E173517A321A5AA37B7C2A84E200ECEDEB35BB7230CEE0
+IV=395F80E405813D97576954A23C77C2CA
+PT=AA95F2BD255DBE23EEF8A02EB33A6775
+CT=1B1BC5D3DABD536E91177EF1BF2B7E39
+
+I=216
+KEY=EE1FB67D907C597BB860B9F95E5F53827CFC4B4ACD1BB0D9
+IV=1B1BC5D3DABD536E91177EF1BF2B7E39
+PT=985E81E0BF5FF6EFD7FEC52CEA4E4321
+CT=20F42326749CC7CCD54188DEA46F4EC1
+
+I=217
+KEY=41D333EC5E537B8098949ADF2AC3944EA9BDC3946974FE18
+IV=20F42326749CC7CCD54188DEA46F4EC1
+PT=901FD7D22F220608AFCC8591CE2F22FB
+CT=AFFC6F2668097B58A0CFF619A3FDD1CB
+
+I=218
+KEY=F6E392EF75572C6A3768F5F942CAEF160972358DCA892FD3
+IV=AFFC6F2668097B58A0CFF619A3FDD1CB
+PT=45AEB51360C50AB1B730A1032B0457EA
+CT=1B75CF440CE8521069599B7889F21C1D
+
+I=219
+KEY=47C82CF46472D3732C1D3ABD4E22BD06602BAEF5437B33CE
+IV=1B75CF440CE8521069599B7889F21C1D
+PT=7E931056CC33D22CB12BBE1B1125FF19
+CT=F6079ADBAA8D28F371F0156B170FB7BD
+
+I=220
+KEY=DDA62A9922B04902DA1AA066E4AF95F511DBBB9E54748473
+IV=F6079ADBAA8D28F371F0156B170FB7BD
+PT=2BE3DA337C9187109A6E066D46C29A71
+CT=7D2FC16B26971DDC20C6F7510C47B352
+
+I=221
+KEY=570C8CA5236A2E65A735610DC2388829311D4CCF58333721
+IV=7D2FC16B26971DDC20C6F7510C47B352
+PT=43596064590570F88AAAA63C01DA6767
+CT=5FBA845FB25FE6AE015E4E8A228ED645
+
+I=222
+KEY=6CEA158ED663A4B7F88FE55270676E87304302457ABDE164
+IV=5FBA845FB25FE6AE015E4E8A228ED645
+PT=1E265F0AA9A20C603BE6992BF5098AD2
+CT=A729E250D736A43966DD0D9C461ECEC0
+
+I=223
+KEY=AACCE3387C0DF35D5FA60702A751CABE569E0FD93CA32FA4
+IV=A729E250D736A43966DD0D9C461ECEC0
+PT=B08AAE113CCE6226C626F6B6AA6E57EA
+CT=A8192E964A74A6ABDB463ECFA483A1E3
+
+I=224
+KEY=207F19ABDA13F728F7BF2994ED256C158DD8311698208E47
+IV=A8192E964A74A6ABDB463ECFA483A1E3
+PT=858CF92E6B1793448AB3FA93A61E0475
+CT=060C7CCCD58E6348518161C7878AA71B
+
+I=225
+KEY=AB05AD81CF07091AF1B3555838AB0F5DDC5950D11FAA295C
+IV=060C7CCCD58E6348518161C7878AA71B
+PT=424D175035503C728B7AB42A1514FE32
+CT=8ECAA12830B0C5B4C6950E69AFD31B66
+
+I=226
+KEY=3A8E1CC01464AF9B7F79F470081BCAE91ACC5EB8B079323A
+IV=8ECAA12830B0C5B4C6950E69AFD31B66
+PT=6E5A94391F1FE5A9918BB141DB63A681
+CT=65C3A891192324A7FA3C882B2C09CB8D
+
+I=227
+KEY=8004AB13CF38B3ED1ABA5CE11138EE4EE0F0D6939C70F9B7
+IV=65C3A891192324A7FA3C882B2C09CB8D
+PT=584E219335CA4642BA8AB7D3DB5C1C76
+CT=F29F8735A403414621F2100AF38A500C
+
+I=228
+KEY=D37BB962CFC53E77E825DBD4B53BAF08C102C6996FFAA9BB
+IV=F29F8735A403414621F2100AF38A500C
+PT=CCB996C23C627D4D537F127100FD8D9A
+CT=9C6A7655E25E9231E46C0D3B57C7FCAB
+
+I=229
+KEY=C23B3C983C79179A744FAD8157653D39256ECBA2383D5510
+IV=9C6A7655E25E9231E46C0D3B57C7FCAB
+PT=5D727E12D3932F56114085FAF3BC29ED
+CT=6C5AA7364755AF599AB6F86EC8B24C52
+
+I=230
+KEY=4462CD1DD817170C18150AB710309260BFD833CCF08F1942
+IV=6C5AA7364755AF599AB6F86EC8B24C52
+PT=D7A99C8F3BC37AD08659F185E46E0096
+CT=821D7EAC8FD041C0C8CF1011661FBB9E
+
+I=231
+KEY=1BA52BEF2B010D169A08741B9FE0D3A0771723DD9690A2DC
+IV=821D7EAC8FD041C0C8CF1011661FBB9E
+PT=704F3525510FCC745FC7E6F2F3161A1A
+CT=44591D71D64FC38010E402874853E9BC
+
+I=232
+KEY=C6A6818229CC65E6DE51696A49AF102067F3215ADEC34B60
+IV=44591D71D64FC38010E402874853E9BC
+PT=5D5769AE155C9F43DD03AA6D02CD68F0
+CT=E5647FF6C843543E484FC13B58A345B9
+
+I=233
+KEY=41F27DD5905B299C3B35169C81EC441E2FBCE06186600ED9
+IV=E5647FF6C843543E484FC13B58A345B9
+PT=ADF29030DFDFCCEE8754FC57B9974C7A
+CT=E6EA42E2F046D3ED75081A50770563D1
+
+I=234
+KEY=3A8018855EDC80D2DDDF547E71AA97F35AB4FA31F1656D08
+IV=E6EA42E2F046D3ED75081A50770563D1
+PT=096F74717D5583477B726550CE87A94E
+CT=D75682FE37396887659E87895F1C6441
+
+I=235
+KEY=6C94C2634142DA310A89D6804693FF743F2A7DB8AE790949
+IV=D75682FE37396887659E87895F1C6441
+PT=F1B527DD4935FBDE5614DAE61F9E5AE3
+CT=15755CFE84E113AA751E4D5BB098ABC7
+
+I=236
+KEY=4BA407D7C6426C641FFC8A7EC272ECDE4A3430E31EE1A28E
+IV=15755CFE84E113AA751E4D5BB098ABC7
+PT=7C4433DCC314DBD72730C5B48700B655
+CT=B048F209CE1B1FAEC33392D2D8F326A1
+
+I=237
+KEY=A56FD7BCEEA55474AFB478770C69F3708907A231C612842F
+IV=B048F209CE1B1FAEC33392D2D8F326A1
+PT=D40C7CD8D80C8C6CEECBD06B28E73810
+CT=8E1F4830F94004C286C39D0EC014A963
+
+I=238
+KEY=0730B7B664CFD1E321AB3047F529F7B20FC43F3F06062D4C
+IV=8E1F4830F94004C286C39D0EC014A963
+PT=B16772FE8C8A573FA25F600A8A6A8597
+CT=3FB92771D2BE2D33C40AB0409998B229
+
+I=239
+KEY=0A08E43B13C57EB41E1217362797DA81CBCE8F7F9F9E9F65
+IV=3FB92771D2BE2D33C40AB0409998B229
+PT=D4883476825EA2D30D38538D770AAF57
+CT=190106DE79836016C57A16BBBA6893D2
+
+I=240
+KEY=195B7E1B67872B0D071311E85E14BA970EB499C425F60CB7
+IV=190106DE79836016C57A16BBBA6893D2
+PT=3B8F4F140FDFFB6B13539A20744255B9
+CT=C06398537B4F534203D57184543E6516
+
+I=241
+KEY=BE0C4A8A9B581D16C77089BB255BE9D50D61E84071C869A1
+IV=C06398537B4F534203D57184543E6516
+PT=E50D127AE258061DA7573491FCDF361B
+CT=FF615CCC9F2D3DBB3074C835ECE4224E
+
+I=242
+KEY=662A224DAB1233C83811D577BA76D46E3D1520759D2C4BEF
+IV=FF615CCC9F2D3DBB3074C835ECE4224E
+PT=347C976D20470968D82668C7304A2EDE
+CT=B5FB1BCCBC838B87FDB10FEFE6CDC45B
+
+I=243
+KEY=F4F3B47D9CC8BA798DEACEBB06F55FE9C0A42F9A7BE18FB4
+IV=B5FB1BCCBC838B87FDB10FEFE6CDC45B
+PT=BC276D1002C5DD8292D9963037DA89B1
+CT=151F88A44A76568FAC756011B827778D
+
+I=244
+KEY=7EA3C03193B737DE98F5461F4C8309666CD14F8BC3C6F839
+IV=151F88A44A76568FAC756011B827778D
+PT=BCD9054596EE644E8A50744C0F7F8DA7
+CT=C1B0B6FDD717881442496794A2C890F2
+
+I=245
+KEY=C4D94D5C4169EE4B5945F0E29B9481722E98281F610E68CB
+IV=C1B0B6FDD717881442496794A2C890F2
+PT=3D7F68D3014F3BEDBA7A8D6DD2DED995
+CT=181100A04881DCF9813E4A22C6C1BB3B
+
+I=246
+KEY=A9A9483D9FC46DD34154F042D3155D8BAFA6623DA7CFD3F0
+IV=181100A04881DCF9813E4A22C6C1BB3B
+PT=0FE2E2A97DFFB4966D700561DEAD8398
+CT=AA4BEC4007C38C7B86B6F9EED33E5EB1
+
+I=247
+KEY=5F08A3C09F4AE90BEB1F1C02D4D6D1F029109BD374F18D41
+IV=AA4BEC4007C38C7B86B6F9EED33E5EB1
+PT=C2392264CE43C57AF6A1EBFD008E84D8
+CT=A0756CCDA72462CD89DF9990C0FE6676
+
+I=248
+KEY=6A1A4F2D25DFC9F94B6A70CF73F2B33DA0CF0243B40FEB37
+IV=A0756CCDA72462CD89DF9990C0FE6676
+PT=A6650A3432CCA74A3512ECEDBA9520F2
+CT=F5044AECC6F35C99FCDBA26DD15E1474
+
+I=249
+KEY=B475174A46D0CDC2BE6E3A23B501EFA45C14A02E6551FF43
+IV=F5044AECC6F35C99FCDBA26DD15E1474
+PT=07967DE17DEB720CDE6F5867630F043B
+CT=60645B559E7321D7FA8A3F925CFC0FA4
+
+I=250
+KEY=8DBB9D8A4A2E7E61DE0A61762B72CE73A69E9FBC39ADF0E7
+IV=60645B559E7321D7FA8A3F925CFC0FA4
+PT=D8D3FD2077545DD039CE8AC00CFEB3A3
+CT=C4C6FD53A2572D643AA631FB85B84D0B
+
+I=251
+KEY=97D34E4B3B9E081A1ACC9C258925E3179C38AE47BC15BDEC
+IV=C4C6FD53A2572D643AA631FB85B84D0B
+PT=F31D8F3C8AC67E081A68D3C171B0767B
+CT=E1A0E460E2D1483FE954F26F45CCE7A0
+
+I=252
+KEY=5372C72A4ABF72D9FB6C78456BF4AB28756C5C28F9D95A4C
+IV=E1A0E460E2D1483FE954F26F45CCE7A0
+PT=422C5429CE7BD811C4A1896171217AC3
+CT=2695923CFB2141F05A0F144FF021BD36
+
+I=253
+KEY=A8CA6DB8A8758322DDF9EA7990D5EAD82F63486709F8E77A
+IV=2695923CFB2141F05A0F144FF021BD36
+PT=780771C65FCB907BFBB8AA92E2CAF1FB
+CT=A9820B527F71E95CC1F53033149FB26F
+
+I=254
+KEY=62ABF1F4178F3C73747BE12BEFA40384EE9678541D675515
+IV=A9820B527F71E95CC1F53033149FB26F
+PT=CCC14BD8DF1CA8A4CA619C4CBFFABF51
+CT=2BAD4E8CD7D6420D36DC2F8E77DCA072
+
+I=255
+KEY=C79B767D31D9F0FC5FD6AFA738724189D84A57DA6ABBF567
+IV=2BAD4E8CD7D6420D36DC2F8E77DCA072
+PT=1EFF63C71B10DCC7A53087892656CC8F
+CT=C21303AAB04E2CAF1893396DD405B265
+
+I=256
+KEY=1F3C7FF71340DEEC9DC5AC0D883C6D26C0D96EB7BEBE4702
+IV=C21303AAB04E2CAF1893396DD405B265
+PT=209270B7768E5553D8A7098A22992E10
+CT=B220025B5307C9D5D1EEB4B427E7263F
+
+I=257
+KEY=867CB381E6D532B32FE5AE56DB3BA4F31137DA039959613D
+IV=B220025B5307C9D5D1EEB4B427E7263F
+PT=8546A6C9B4CEF0229940CC76F595EC5F
+CT=B925C660EBE409050DA369E58C601F4D
+
+I=258
+KEY=33B33F93622E509296C0683630DFADF61C94B3E615397E70
+IV=B925C660EBE409050DA369E58C601F4D
+PT=1F4930242C2951C4B5CF8C1284FB6221
+CT=67DA7B4BEAB2152D21C54F389F9282D4
+
+I=259
+KEY=E8EC3394AF44DD34F11A137DDA6DB8DB3D51FCDE8AABFCA4
+IV=67DA7B4BEAB2152D21C54F389F9282D4
+PT=41611AE93BE61306DB5F0C07CD6A8DA6
+CT=4C116D3ED0B021129CCD1764D132A72D
+
+I=260
+KEY=92F61F4CB5794268BD0B7E430ADD99C9A19CEBBA5B995B89
+IV=4C116D3ED0B021129CCD1764D132A72D
+PT=E7B1E63FBD5B4CA77A1A2CD81A3D9F5C
+CT=FE1C3096C14AF2A4DC840207BFFFC0AF
+
+I=261
+KEY=08DC826B4DDBAC4D43174ED5CB976B6D7D18E9BDE4669B26
+IV=FE1C3096C14AF2A4DC840207BFFFC0AF
+PT=9A0D034B1931FD599A2A9D27F8A2EE25
+CT=ED500812A10CC6C4EED0836871F85AA9
+
+I=262
+KEY=486EBC43A876FF2AAE4746C76A9BADA993C86AD5959EC18F
+IV=ED500812A10CC6C4EED0836871F85AA9
+PT=8237641B58069AFD40B23E28E5AD5367
+CT=0AD90C1C13E7C1318057A417C0B9B97C
+
+I=263
+KEY=F340D2CAC4645595A49E4ADB797C6C98139FCEC2552778F3
+IV=0AD90C1C13E7C1318057A417C0B9B97C
+PT=905119E1F11E4B04BB2E6E896C12AABF
+CT=B260FFA5806A4A6D8845FA6146A565ED
+
+I=264
+KEY=DF326741BD1EE2FF16FEB57EF91626F59BDA34A313821D1E
+IV=B260FFA5806A4A6D8845FA6146A565ED
+PT=4F639233904531162C72B58B797AB76A
+CT=2D27A1A3968E30EBCA463C8709D0FD83
+
+I=265
+KEY=D4C684692E05983C3BD914DD6F98161E519C08241A52E09D
+IV=2D27A1A3968E30EBCA463C8709D0FD83
+PT=428B700FB3CD18790BF4E328931B7AC3
+CT=D350CCF3B440006C9F18E99DD5B69920
+
+I=266
+KEY=9DD5275FFDCD5D2DE889D82EDBD81672CE84E1B9CFE479BD
+IV=D350CCF3B440006C9F18E99DD5B69920
+PT=97F4A6256A9E22FB4913A336D3C8C511
+CT=F5A0571EB7E4719B862EBC47141EA319
+
+I=267
+KEY=0A3B329A4973D7A21D298F306C3C67E948AA5DFEDBFADAA4
+IV=F5A0571EB7E4719B862EBC47141EA319
+PT=E355F7EBA4DAC16B97EE15C5B4BE8A8F
+CT=4F18730073D3E78CAD356441F1317B2D
+
+I=268
+KEY=3BB3A19EF4EB8A755231FC301FEF8065E59F39BF2ACBA189
+IV=4F18730073D3E78CAD356441F1317B2D
+PT=A20B3B6C41E88E9D31889304BD985DD7
+CT=AEAECB17B9009AAF1E4E9CC02653194B
+
+I=269
+KEY=4B9DDD2F821CE4D1FC9F3727A6EF1ACAFBD1A57F0C98B8C2
+IV=AEAECB17B9009AAF1E4E9CC02653194B
+PT=5D2E4A96F9BB4AD4702E7CB176F76EA4
+CT=26851709960A42D5711EBDC7D40535FC
+
+I=270
+KEY=D7273499C5BA2842DA1A202E30E5581F8ACF18B8D89D8D3E
+IV=26851709960A42D5711EBDC7D40535FC
+PT=202534EA0A1952A19CBAE9B647A6CC93
+CT=FF8BFFB98EDA7E54664AE879551B5497
+
+I=271
+KEY=7870FF6B66070AB02591DF97BE3F264BEC85F0C18D86D9A9
+IV=FF8BFFB98EDA7E54664AE879551B5497
+PT=365CFE282B9508CFAF57CBF2A3BD22F2
+CT=D0809C84A97221E6F8DCB483B38EC7E1
+
+I=272
+KEY=F4E6DFDF4A081200F5114313174D07AD145944423E081E48
+IV=D0809C84A97221E6F8DCB483B38EC7E1
+PT=915323F59134AB838C9620B42C0F18B0
+CT=DC8A24B8DECF81E0412DBF10127119EC
+
+I=273
+KEY=336A7C81A4BE3FE9299B67ABC982864D5574FB522C7907A4
+IV=DC8A24B8DECF81E0412DBF10127119EC
+PT=0FC4387E49F666B8C78CA35EEEB62DE9
+CT=84E370DF6CA478BA85FC0874393CE442
+
+I=274
+KEY=F8ADC39E17CDDEB0AD781774A526FEF7D088F3261545E3E6
+IV=84E370DF6CA478BA85FC0874393CE442
+PT=34BFEFD3E43D8EE0CBC7BF1FB373E159
+CT=2C109A8363D1D0FB69CA77ABFA922F05
+
+I=275
+KEY=2B26D271208BD64F81688DF7C6F72E0CB942848DEFD7CCE3
+IV=2C109A8363D1D0FB69CA77ABFA922F05
+PT=D28D86D5199E7E30D38B11EF374608FF
+CT=F1749EFE66D339BC99AE4D9F63C90490
+
+I=276
+KEY=ACB8D3E6F5A45F0C701C1309A02417B020ECC9128C1EC873
+IV=F1749EFE66D339BC99AE4D9F63C90490
+PT=2ADAFA1911C5E9BD879E0197D52F8943
+CT=3B2A7C4278E1F071BFA29A6B0BFF4A15
+
+I=277
+KEY=CCEE75264DD770C44B366F4BD8C5E7C19F4E537987E18266
+IV=3B2A7C4278E1F071BFA29A6B0BFF4A15
+PT=84E244B62DF08DC76056A6C0B8732FC8
+CT=A35F83A5EE0B1C3B9DAD76DEAED96D72
+
+I=278
+KEY=F8F9239CDB5CC963E869ECEE36CEFBFA02E325A72938EF14
+IV=A35F83A5EE0B1C3B9DAD76DEAED96D72
+PT=F0B652F296CF162B341756BA968BB9A7
+CT=D5867FFE2FB75E309D3345611B25E3B0
+
+I=279
+KEY=509A10ABA5EAF2963DEF93101979A5CA9FD060C6321D0CA4
+IV=D5867FFE2FB75E309D3345611B25E3B0
+PT=C47D42AE34131463A86333377EB63BF5
+CT=6E136F01638AFBE3554218431DF44E7E
+
+I=280
+KEY=9B52C39C38F16CCE53FCFC117AF35E29CA9278852FE942DA
+IV=6E136F01638AFBE3554218431DF44E7E
+PT=78E05783EAEBE1BDCBC8D3379D1B9E58
+CT=FB6ACD3D0CF805374AD07EF5C038EBF6
+
+I=281
+KEY=2044F086923D5E43A896312C760B5B1E80420670EFD1A92C
+IV=FB6ACD3D0CF805374AD07EF5C038EBF6
+PT=02415B8E4D915492BB16331AAACC328D
+CT=0086C26DA11540FF5F485D7B238FD98C
+
+I=282
+KEY=12CE4C4109606CD7A810F341D71E1BE1DF0A5B0BCC5E70A0
+IV=0086C26DA11540FF5F485D7B238FD98C
+PT=0A2988237132B0B3328ABCC79B5D3294
+CT=F2E94C71A2AE0FCB096D8259B931CF8D
+
+I=283
+KEY=21BBCDA7FBC5229C5AF9BF3075B0142AD667D952756FBF2D
+IV=F2E94C71A2AE0FCB096D8259B931CF8D
+PT=4234B6C7F1CE98A3337581E6F2A54E4B
+CT=3B52E7834263C6790763706943741FD8
+
+I=284
+KEY=BB451732881A996161AB58B337D3D253D104A93B361BA0F5
+IV=3B52E7834263C6790763706943741FD8
+PT=F8509FB57E14501F9AFEDA9573DFBBFD
+CT=93FCA9F122CB707213D0CD72D8E6BF74
+
+I=285
+KEY=857D076E9A127A84F257F1421518A221C2D46449EEFD1F81
+IV=93FCA9F122CB707213D0CD72D8E6BF74
+PT=AA4D07DFAD030BE03E38105C1208E3E5
+CT=50717568D21862AECFAA898337405C96
+
+I=286
+KEY=1BCFD020D63709E0A226842AC700C08F0D7EEDCAD9BD4317
+IV=50717568D21862AECFAA898337405C96
+PT=7B488D7BBB2D538E9EB2D74E4C257364
+CT=0338D74260CB6CBB1B220DE7E4CC0BCF
+
+I=287
+KEY=CCDDF5D0BBCE202DA11E5368A7CBAC34165CE02D3D7148D8
+IV=0338D74260CB6CBB1B220DE7E4CC0BCF
+PT=16E01F8B3E94AC26D71225F06DF929CD
+CT=698AD17BB2F5F06C0465BEE34A7DCEDD
+
+I=288
+KEY=B7F556BC9BB4DC49C8948213153E5C5812395ECE770C8605
+IV=698AD17BB2F5F06C0465BEE34A7DCEDD
+PT=3ED0C80AFDEFE8BF7B28A36C207AFC64
+CT=E20129557F795C2B1CC32A5494824A4B
+
+I=289
+KEY=4B00D75969C3549C2A95AB466A4700730EFA749AE38ECC4E
+IV=E20129557F795C2B1CC32A5494824A4B
+PT=20BE0CD6C2244384FCF581E5F27788D5
+CT=C2F9DD55E91F4796636FEC9745410087
+
+I=290
+KEY=5EDCC5155BA684A4E86C7613835847E56D95980DA6CFCCC9
+IV=C2F9DD55E91F4796636FEC9745410087
+PT=B2DF53DF1139FB9915DC124C3265D038
+CT=015D51CD3568EB4EC210B58FFA89A409
+
+I=291
+KEY=21BA26AC6880AACDE93127DEB630ACABAF852D825C4668C0
+IV=015D51CD3568EB4EC210B58FFA89A409
+PT=401094B8B47CBDC87F66E3B933262E69
+CT=2987D39C19E6997957BDD0CAF010F778
+
+I=292
+KEY=BBA7ABC0A20CCBDEC0B6F442AFD635D2F838FD48AC569FB8
+IV=2987D39C19E6997957BDD0CAF010F778
+PT=EFC30498827AAD9A9A1D8D6CCA8C6113
+CT=E01AA987C9520EF8EBF53E97371D056B
+
+I=293
+KEY=5322D81BAA29410320AC5DC566843B2A13CDC3DF9B4B9AD3
+IV=E01AA987C9520EF8EBF53E97371D056B
+PT=685D6F660D40105CE88573DB08258ADD
+CT=D1265ABFCFA75FC65E94983BFF75CD48
+
+I=294
+KEY=19DF73EBF1CEF669F18A077AA92364EC4D595BE4643E579B
+IV=D1265ABFCFA75FC65E94983BFF75CD48
+PT=DD6E090E9981E5F24AFDABF05BE7B76A
+CT=605FDD1CA95B8FE1A5E26DBA10241914
+
+I=295
+KEY=F7D1D0CA3DAA851891D5DA660078EB0DE8BB365E741A4E8F
+IV=605FDD1CA95B8FE1A5E26DBA10241914
+PT=9F8442EE8B5A325FEE0EA321CC647371
+CT=76D67121FDEAEB6B81DBB29565F71E8E
+
+I=296
+KEY=FFFF200EA04824E9E703AB47FD920066696084CB11ED5001
+IV=76D67121FDEAEB6B81DBB29565F71E8E
+PT=5AF386509F0C8BAA082EF0C49DE2A1F1
+CT=7E1D833DC8D73228B7DFDE918E31E5E7
+
+I=297
+KEY=2A7D40B689490FC7991E287A3545324EDEBF5A5A9FDCB5E6
+IV=7E1D833DC8D73228B7DFDE918E31E5E7
+PT=02AB05F508ACDD21D58260B829012B2E
+CT=D6CA06D415EA5D750B5D06C252645A43
+
+I=298
+KEY=134154161A39E2CF4FD42EAE20AF6F3BD5E25C98CDB8EFA5
+IV=D6CA06D415EA5D750B5D06C252645A43
+PT=E63873AE14DD3BA8393C14A09370ED08
+CT=BFEA32E77BC1607921C54027C01C3EDF
+
+I=299
+KEY=AD8AF90935A6B455F03E1C495B6E0F42F4271CBF0DA4D17A
+IV=BFEA32E77BC1607921C54027C01C3EDF
+PT=BAD47B1FBF949870BECBAD1F2F9F569A
+CT=A86FFC9A91C79AFE47899B3934F3E05E
+
+I=300
+KEY=D88A2E828514CEC25851E0D3CAA995BCB3AE878639573124
+IV=A86FFC9A91C79AFE47899B3934F3E05E
+PT=2A2115074A9767747500D78BB0B27A97
+CT=507ED155CC3ED3B1922BBC166812A7FE
+
+I=301
+KEY=2CDDF1A577A3C86C082F31860697460D21853B90514596DA
+IV=507ED155CC3ED3B1922BBC166812A7FE
+PT=308D27178ABA22BCF457DF27F2B706AE
+CT=87F4EEA7CD2438F3EDCB650824A2D638
+
+I=302
+KEY=2B9D006908018D648FDBDF21CBB37EFECC4E5E9875E740E2
+IV=87F4EEA7CD2438F3EDCB650824A2D638
+PT=28F6C452D061E3DB0740F1CC7FA24508
+CT=DBA57DDA73A4E987EA32EF113877E908
+
+I=303
+KEY=FC69838410D06425547EA2FBB8179779267CB1894D90A9EA
+IV=DBA57DDA73A4E987EA32EF113877E908
+PT=91CFB50FFBE97D8AD7F483ED18D1E941
+CT=1720ED3E3B685A19CDA66BD09BD4DA5F
+
+I=304
+KEY=541AAB6191E2C51F435E4FC5837FCD60EBDADA59D64473B5
+IV=1720ED3E3B685A19CDA66BD09BD4DA5F
+PT=78FF980C48FAEBA0A87328E58132A13A
+CT=ED2E260103CAA77598FD195D02B484C8
+
+I=305
+KEY=761B0A3F50E2ACC1AE7069C480B56A157327C304D4F0F77D
+IV=ED2E260103CAA77598FD195D02B484C8
+PT=8C01554039D8F8EE2201A15EC10069DE
+CT=A9F0E16716B3AC14E06F18F5AEECB541
+
+I=306
+KEY=70056CD35CF430D5078088A39606C6019348DBF17A1C423C
+IV=A9F0E16716B3AC14E06F18F5AEECB541
+PT=C139651464D1614B061E66EC0C169C14
+CT=A41DDF008E0D52B627982D4196C3069E
+
+I=307
+KEY=EE1932746487B7BEA39D57A3180B94B7B4D0F6B0ECDF44A2
+IV=A41DDF008E0D52B627982D4196C3069E
+PT=C617572884721A3D9E1C5EA73873876B
+CT=44E5304E35A21660C450FAF84D87B13B
+
+I=308
+KEY=13D43E4526F8243FE77867ED2DA982D770800C48A158F599
+IV=44E5304E35A21660C450FAF84D87B13B
+PT=9C72E08DD264D6B7FDCD0C31427F9381
+CT=173B2C7A54A1A3CF3D39DCB68DA1C539
+
+I=309
+KEY=7CB72DE2CAED4080F0434B97790821184DB9D0FE2CF930A0
+IV=173B2C7A54A1A3CF3D39DCB68DA1C539
+PT=4DF3764F679E29446F6313A7EC1564BF
+CT=F1A167A3EB8F3FAB9F9B1570475ED15A
+
+I=310
+KEY=A7E6340A1278A3E801E22C3492871EB3D222C58E6BA7E1FA
+IV=F1A167A3EB8F3FAB9F9B1570475ED15A
+PT=2ED419EA11AAF8F3DB5119E8D895E368
+CT=2C5C5B10E285FE6C7E4750D2F9C1BD23
+
+I=311
+KEY=4B535B4D088F09192DBE77247002E0DFAC65955C92665CD9
+IV=2C5C5B10E285FE6C7E4750D2F9C1BD23
+PT=A3E9EA99771D0C02ECB56F471AF7AAF1
+CT=A12B4A15DBFAE2E7D4A7A792CD3C121A
+
+I=312
+KEY=2F0E7BAD76DC0A718C953D31ABF8023878C232CE5F5A4EC3
+IV=A12B4A15DBFAE2E7D4A7A792CD3C121A
+PT=1CC105D2604628B7645D20E07E530368
+CT=65CE700B785D901C5E5E08F7E74BB296
+
+I=313
+KEY=6111C386DE35C954E95B4D3AD3A59224269C3A39B811FC55
+IV=65CE700B785D901C5E5E08F7E74BB296
+PT=F902717AF7F0794E4E1FB82BA8E9C325
+CT=E7F3BD1056C504285FFC7F65B395DCAE
+
+I=314
+KEY=3B8F85E6FD28C4610EA8F02A8560960C7960455C0B8420FB
+IV=E7F3BD1056C504285FFC7F65B395DCAE
+PT=20A5529420D6D4C35A9E4660231D0D35
+CT=6CC36458ADECCA8B7198FD272A8C76C8
+
+I=315
+KEY=D404C97E089F240B626B9472288C5C8708F8B87B21085633
+IV=6CC36458ADECCA8B7198FD272A8C76C8
+PT=1094639F6723C9B0EF8B4C98F5B7E06A
+CT=D01C3C1E036D804563F04926ED203146
+
+I=316
+KEY=4779B44770085E18B277A86C2BE1DCC26B08F15DCC286775
+IV=D01C3C1E036D804563F04926ED203146
+PT=A482437681DFE307937D7D3978977A13
+CT=319D579DE9E55C8A3B2097EE8C93375F
+
+I=317
+KEY=22362304D7417BB483EAFFF1C2048048502866B340BB502A
+IV=319D579DE9E55C8A3B2097EE8C93375F
+PT=7AF0C8274B5C243B654F9743A74925AC
+CT=5F722165B8B422E088814B77A6B4D8E4
+
+I=318
+KEY=06FDA49350C16FEADC98DE947AB0A2A8D8A92DC4E60F88CE
+IV=5F722165B8B422E088814B77A6B4D8E4
+PT=A37964FA3E8145EF24CB87978780145E
+CT=C0417773DFD3FC83C2CE12D388F5DD8F
+
+I=319
+KEY=366245F8CBC490611CD9A9E7A5635E2B1A673F176EFA5541
+IV=C0417773DFD3FC83C2CE12D388F5DD8F
+PT=5D7E1E14F7BD7DB6309FE16B9B05FF8B
+CT=2EAE64B58C18AC7ADD2EE62896AB708D
+
+I=320
+KEY=A1BB8A9F9BE8F1383277CD52297BF251C749D93FF85125CC
+IV=2EAE64B58C18AC7ADD2EE62896AB708D
+PT=3ADC6991BF15554F97D9CF67502C6159
+CT=069FC966F8A985AD41617CB0148D2B96
+
+I=321
+KEY=7AB228E4114C14AB34E80434D1D277FC8628A58FECDC0E5A
+IV=069FC966F8A985AD41617CB0148D2B96
+PT=4405B80CCE92FD71DB09A27B8AA4E593
+CT=13459A0239A33BC41424A5D03C6B2864
+
+I=322
+KEY=78D1BC27E5CBBB1D27AD9E36E8714C38920C005FD0B7263E
+IV=13459A0239A33BC41424A5D03C6B2864
+PT=B9BAA861988616CD026394C3F487AFB6
+CT=08DA968A2BAEB9B763EB42BF555A2BFA
+
+I=323
+KEY=F53B033A22EA1D7B2F7708BCC3DFF58FF1E742E085ED0DC4
+IV=08DA968A2BAEB9B763EB42BF555A2BFA
+PT=30654265AD0FB24E8DEABF1DC721A666
+CT=E8412BDC1E75AC8E2C28552E2195795E
+
+I=324
+KEY=4928B51AF5C2408CC7362360DDAA5901DDCF17CEA478749A
+IV=E8412BDC1E75AC8E2C28552E2195795E
+PT=EEB05E487EEB907FBC13B620D7285DF7
+CT=E01839F95680D27E048383236D59EE85
+
+I=325
+KEY=C4DB91EAFC4C26D7272E1A998B2A8B7FD94C94EDC9219A1F
+IV=E01839F95680D27E048383236D59EE85
+PT=BA0160229D7471FE8DF324F0098E665B
+CT=D41902E6BE946CEB1612CFEE2F33F7CD
+
+I=326
+KEY=B550731E659834A1F337187F35BEE794CF5E5B03E6126DD2
+IV=D41902E6BE946CEB1612CFEE2F33F7CD
+PT=7DC970AFAF99BA6C718BE2F499D41276
+CT=326C3523173D62E9E145592E7A774311
+
+I=327
+KEY=5F87F6C2402B2352C15B2D5C2283857D2E1B022D9C652EC3
+IV=326C3523173D62E9E145592E7A774311
+PT=24ED6DAE1B24CC2BEAD785DC25B317F3
+CT=DDAE8AFF94604FFA82AE4FFB06953C01
+
+I=328
+KEY=3636C04061996CD01CF5A7A3B6E3CA87ACB54DD69AF012C2
+IV=DDAE8AFF94604FFA82AE4FFB06953C01
+PT=98E262805B8D9FD169B1368221B24F82
+CT=0D75DCFA4941BCE658DB2C71CB270BE7
+
+I=329
+KEY=64B9A0DE7DDA73C011807B59FFA27661F46E61A751D71925
+IV=0D75DCFA4941BCE658DB2C71CB270BE7
+PT=2BC34C226D41D8CE528F609E1C431F10
+CT=D70ED1DCDB9420E4B4A0D2A7C5148DE3
+
+I=330
+KEY=F64196479D35F74BC68EAA852436568540CEB30094C394C6
+IV=D70ED1DCDB9420E4B4A0D2A7C5148DE3
+PT=1015CB1E4569986C92F83699E0EF848B
+CT=524314DCCF2ADE5F8C3D241824C2BA73
+
+I=331
+KEY=686AB32115A2884C94CDBE59EB1C88DACCF39718B0012EB5
+IV=524314DCCF2ADE5F8C3D241824C2BA73
+PT=FB8B49053F724B7D9E2B256688977F07
+CT=7C579324F7251EDF95BDE2320104ACA6
+
+I=332
+KEY=34DD68E6F442F6D9E89A2D7D1C399605594E752AB1058213
+IV=7C579324F7251EDF95BDE2320104ACA6
+PT=A3B71504A8DAA3515CB7DBC7E1E07E95
+CT=921A66278A6D1E61D4B509F199F8FE55
+
+I=333
+KEY=19C9F40A858DD9EA7A804B5A965488648DFB7CDB28FD7C46
+IV=921A66278A6D1E61D4B509F199F8FE55
+PT=B0B651905E1B38FB2D149CEC71CF2F33
+CT=F2C37CF94514C902A0E438159C2C9F5F
+
+I=334
+KEY=B68812FC7D4E40D6884337A3D34041662D1F44CEB4D1E319
+IV=F2C37CF94514C902A0E438159C2C9F5F
+PT=7DE03F498839F8DAAF41E6F6F8C3993C
+CT=4596A25A85D06BCC74F686F8F1E8C203
+
+I=335
+KEY=2836F982CA563379CDD595F956902AAA59E9C2364539211A
+IV=4596A25A85D06BCC74F686F8F1E8C203
+PT=D5425E42151014ED9EBEEB7EB71873AF
+CT=0BA46EFA61FB07430C51D7CE267E1F47
+
+I=336
+KEY=BC8C7F9051C98892C671FB03376B2DE955B815F863473E5D
+IV=0BA46EFA61FB07430C51D7CE267E1F47
+PT=5D060EEC179C1B9E94BA86129B9FBBEB
+CT=49F7D7D7BAB7795A4E74A854C8C1AC53
+
+I=337
+KEY=E661F49B22BC92358F862CD48DDC54B31BCCBDACAB86920E
+IV=49F7D7D7BAB7795A4E74A854C8C1AC53
+PT=C598926A437A27A45AED8B0B73751AA7
+CT=0EB97E32AEC4CE3959197C5B72C1ABC5
+
+I=338
+KEY=E625AB8664BCF057813F52E623189A8A42D5C1F7D94739CB
+IV=0EB97E32AEC4CE3959197C5B72C1ABC5
+PT=B7272C4D712F9CF500445F1D46006262
+CT=DA9F53564E69AED610BCCAD13C00A241
+
+I=339
+KEY=75FC1D46AFD886915BA001B06D71345C52690B26E5479B8A
+IV=DA9F53564E69AED610BCCAD13C00A241
+PT=FE7513CF9353BBF093D9B6C0CB6476C6
+CT=7F61B6F9B7C14EB6179F2DA597EC1183
+
+I=340
+KEY=F92D3201DA84422024C1B749DAB07AEA45F6268372AB8A09
+IV=7F61B6F9B7C14EB6179F2DA597EC1183
+PT=4E4D3DF58D7D9C338CD12F47755CC4B1
+CT=F9216373C300AA9BE96BD8C98F9716B7
+
+I=341
+KEY=680384A1E522C848DDE0D43A19B0D071AC9DFE4AFD3C9CBE
+IV=F9216373C300AA9BE96BD8C98F9716B7
+PT=1A7B30192D54142E912EB6A03FA68A68
+CT=8512BA1B57BC04EF3C021DB1EC3CA9C6
+
+I=342
+KEY=DE3B85BD09EC93B858F26E214E0CD49E909FE3FB11003578
+IV=8512BA1B57BC04EF3C021DB1EC3CA9C6
+PT=86587FF85D73F77FB638011CECCE5BF0
+CT=FA582C37D4063D61428C886A9FD54C84
+
+I=343
+KEY=C574CA7322F443FBA2AA42169A0AE9FFD2136B918ED579FC
+IV=FA582C37D4063D61428C886A9FD54C84
+PT=3A7425A8B7BC3A941B4F4FCE2B18D043
+CT=7571B4D46CBC671964AB5BDE9C843DCF
+
+I=344
+KEY=078109812EFBA9DBD7DBF6C2F6B68EE6B6B8304F12514433
+IV=7571B4D46CBC671964AB5BDE9C843DCF
+PT=5224060F0848F028C2F5C3F20C0FEA20
+CT=DA9EB72D65D492FE88B819674B8433C1
+
+I=345
+KEY=5BF7FA2E15A87C850D4541EF93621C183E00292859D577F2
+IV=DA9EB72D65D492FE88B819674B8433C1
+PT=2622B2A19CBBAD065C76F3AF3B53D55E
+CT=C66EF470CEDDD499AE6214E75DE9051B
+
+I=346
+KEY=ECBE2377CAF0C9E9CB2BB59F5DBFC88190623DCF043C72E9
+IV=C66EF470CEDDD499AE6214E75DE9051B
+PT=833F22A76D51E360B749D959DF58B56C
+CT=57407E3DEFFF753E879619424FCE5713
+
+I=347
+KEY=4EAB83DA78D60CB09C6BCBA2B240BDBF17F4248D4BF225FA
+IV=57407E3DEFFF753E879619424FCE5713
+PT=25781A534FB9192CA215A0ADB226C559
+CT=644D89381439E7BBED7DC344CBF4C886
+
+I=348
+KEY=C4977EF1F6271D6CF826429AA6795A04FA89E7C98006ED7C
+IV=644D89381439E7BBED7DC344CBF4C886
+PT=E8EDD9AA25A8C5B08A3CFD2B8EF111DC
+CT=CA4B2680D0EE8E28818BE8DE8D625ADC
+
+I=349
+KEY=80212F6D11C6DAE2326D641A7697D42C7B020F170D64B7A0
+IV=CA4B2680D0EE8E28818BE8DE8D625ADC
+PT=8F667EEDB79E930644B6519CE7E1C78E
+CT=5497F477AD5E65BB748A781533F1BCEF
+
+I=350
+KEY=A05DF1DF7E0393A566FA906DDBC9B1970F8877023E950B4F
+IV=5497F477AD5E65BB748A781533F1BCEF
+PT=099FDB76E6D21788207CDEB26FC54947
+CT=C8C541B359BF1B53441C4EFFFD2F65AF
+
+I=351
+KEY=3970F236F800D18BAE3FD1DE8276AAC44B9439FDC3BA6EE0
+IV=C8C541B359BF1B53441C4EFFFD2F65AF
+PT=C79FA2079ECCEBCD992D03E98603422E
+CT=E59765A861DE0168161EA1360B5966A9
+
+I=352
+KEY=8ED3BFA3E4C9453C4BA8B476E3A8ABAC5D8A98CBC8E30849
+IV=E59765A861DE0168161EA1360B5966A9
+PT=AFBCD48F06709730B7A34D951CC994B7
+CT=5A65435BD1B4DB742E8AFF8C402927FC
+
+I=353
+KEY=2A3F01E56E45895B11CDF72D321C70D87300674788CA2FB5
+IV=5A65435BD1B4DB742E8AFF8C402927FC
+PT=CF684F64B8CCD2EDA4ECBE468A8CCC67
+CT=551AF68D50D23408F47214C0B18E6C8A
+
+I=354
+KEY=CA12AC8D17941E6244D701A062CE44D0877273873944433F
+IV=551AF68D50D23408F47214C0B18E6C8A
+PT=561072AC144854C1E02DAD6879D19739
+CT=ADFF035C89E040A4C3CCE190D6CB7283
+
+I=355
+KEY=D1CA1B08A51B5086E92802FCEB2E047444BE9217EF8F31BC
+IV=ADFF035C89E040A4C3CCE190D6CB7283
+PT=827ADE7D0F329D9A1BD8B785B28F4EE4
+CT=425F5596D3FD37243EE59D6FC1F5ADCC
+
+I=356
+KEY=54EC325FE63AA470AB77576A38D333507A5B0F782E7A9C70
+IV=425F5596D3FD37243EE59D6FC1F5ADCC
+PT=4AAF21E64F8DBDB0852629574321F4F6
+CT=D85520FE860C9F320CDC8192A900F499
+
+I=357
+KEY=5B4612BC35BFC12473227794BEDFAC6276878EEA877A68E9
+IV=D85520FE860C9F320CDC8192A900F499
+PT=0D046A402A1860C70FAA20E3D3856554
+CT=11C20F3ACED79B37402B2F04886D4CC7
+
+I=358
+KEY=5052384CE705101562E078AE7008375536ACA1EE0F17242E
+IV=11C20F3ACED79B37402B2F04886D4CC7
+PT=7546E6521BBBFAFE0B142AF0D2BAD131
+CT=BCDA339266E3AFB779AF17CE34218BE5
+
+I=359
+KEY=F7ECFB2AA4FC6DE2DE3A4B3C16EB98E24F03B6203B36AFCB
+IV=BCDA339266E3AFB779AF17CE34218BE5
+PT=85DF7958789E9090A7BEC36643F97DF7
+CT=300D46EAB6466314BB00DBC869C77F4E
+
+I=360
+KEY=1E27229506EC9555EE370DD6A0ADFBF6F4036DE852F1D085
+IV=300D46EAB6466314BB00DBC869C77F4E
+PT=C6CED700614467A0E9CBD9BFA210F8B7
+CT=51735C075A14FE95D4A02F527A9474D3
+
+I=361
+KEY=857F653E1E811CABBF4451D1FAB9056320A342BA2865A456
+IV=51735C075A14FE95D4A02F527A9474D3
+PT=53D436401D6811B19B5847AB186D89FE
+CT=827017531E56980C4357549D0E70114F
+
+I=362
+KEY=1BCE612F3A5262223D344682E4EF9D6F63F416272615B519
+IV=827017531E56980C4357549D0E70114F
+PT=4C1BD17FFD65AB2C9EB1041124D37E89
+CT=751BCA9516123906561FB8AF2208CEE1
+
+I=363
+KEY=7C7034EC27524FC3482F8C17F2FDA46935EBAE88041D7BF8
+IV=751BCA9516123906561FB8AF2208CEE1
+PT=7C23D6E77039F35267BE55C31D002DE1
+CT=82CAFBBE859FA80B2A8E58CEC074B01A
+
+I=364
+KEY=7F31EEE0447BB53CCAE577A977620C621F65F646C469CBE2
+IV=82CAFBBE859FA80B2A8E58CEC074B01A
+PT=B91FF7759419BBB10341DA0C6329FAFF
+CT=B7614376C9BAFC92E17E39D2BDF1F2EF
+
+I=365
+KEY=E705144BCE40FC987D8434DFBED8F0F0FE1BCF947998390D
+IV=B7614376C9BAFC92E17E39D2BDF1F2EF
+PT=72B3472217AC80979834FAAB8A3B49A4
+CT=A63BA38FDDFE99D28BA447871BBA6211
+
+I=366
+KEY=15C813D2D9AD1494DBBF97506326692275BF881362225B1C
+IV=A63BA38FDDFE99D28BA447871BBA6211
+PT=349F8E5FAE004B51F2CD079917EDE80C
+CT=C87E448872E619419766CB46787F2581
+
+I=367
+KEY=B12B790C217821DA13C1D3D811C07063E2D943551A5D7E9D
+IV=C87E448872E619419766CB46787F2581
+PT=EC474C794E3C8322A4E36ADEF8D5354E
+CT=73DD478F7F41857F7A5DE7EDF3F1AF7B
+
+I=368
+KEY=1CFA6A54B3E572DC601C94576E81F51C9884A4B8E9ACD1E6
+IV=73DD478F7F41857F7A5DE7EDF3F1AF7B
+PT=48F8361EF11F94C1ADD11358929D5306
+CT=8B85DE2CBE5C96CBDFE16064079754D9
+
+I=369
+KEY=6718C10E683F4D73EB994A7BD0DD63D74765C4DCEE3B853F
+IV=8B85DE2CBE5C96CBDFE16064079754D9
+PT=59BFDA108542EDDB7BE2AB5ADBDA3FAF
+CT=56FF53384CED780F604F86EC0CE26B26
+
+I=370
+KEY=704ED4F1E96776A2BD6619439C301BD8272A4230E2D9EE19
+IV=56FF53384CED780F604F86EC0CE26B26
+PT=468FDBDB8BC26B5A175615FF81583BD1
+CT=7B0C2436262A262C5FAFC3A9B786DB00
+
+I=371
+KEY=67AFB86317B622B2C66A3D75BA1A3DF478858199555F3519
+IV=7B0C2436262A262C5FAFC3A9B786DB00
+PT=768BE978E5E8CA6E17E16C92FED15410
+CT=D32206D5D1521AB667516391810F5719
+
+I=372
+KEY=0BF4E0C32EA3D69615483BA06B4827421FD4E208D4506200
+IV=D32206D5D1521AB667516391810F5719
+PT=1943C5D93D10A0E36C5B58A03915F424
+CT=6BCE2BEC0D5A0DA9051AF2B34A873694
+
+I=373
+KEY=924D1C527572A2EF7E86104C66122AEB1ACE10BB9ED75494
+IV=6BCE2BEC0D5A0DA9051AF2B34A873694
+PT=E3020D099D0841C299B9FC915BD17479
+CT=3BEBA6BA0762BF5FAA4D26B70071B4A9
+
+I=374
+KEY=CFA41DB53F2F8766456DB6F6617095B4B083360C9EA6E03D
+IV=3BEBA6BA0762BF5FAA4D26B70071B4A9
+PT=31F7316F0D1012CD5DE901E74A5D2589
+CT=C4253CED7F88DF97596B08A15BAEF533
+
+I=375
+KEY=E2B9D43008C1537281488A1B1EF84A23E9E83EADC508150E
+IV=C4253CED7F88DF97596B08A15BAEF533
+PT=00365D6755A898E62D1DC98537EED414
+CT=2D4EB6BA84D1C0C978EA20C1693BB75C
+
+I=376
+KEY=43EA75DFD5B35CCBAC063CA19A298AEA91021E6CAC33A252
+IV=2D4EB6BA84D1C0C978EA20C1693BB75C
+PT=599279C68B67A988A153A1EFDD720FB9
+CT=03698CC5E133AD8855B847C124FD2778
+
+I=377
+KEY=8F2C76FCFBD8060DAF6FB0647B1A2762C4BA59AD88CE852A
+IV=03698CC5E133AD8855B847C124FD2778
+PT=47EFAF7E090B94B5CCC603232E6B5AC6
+CT=8D44C11C25ADE5631E05FAAECCA70AF7
+
+I=378
+KEY=E02084775A2E1A4E222B71785EB7C201DABFA30344698FDD
+IV=8D44C11C25ADE5631E05FAAECCA70AF7
+PT=394EC624EBC0D79E6F0CF28BA1F61C43
+CT=5EB407847213D5E950C66787B140BC35
+
+I=379
+KEY=D8208A70940589F47C9F76FC2CA417E88A79C484F52933E8
+IV=5EB407847213D5E950C66787B140BC35
+PT=F28816D227AC09F538000E07CE2B93BA
+CT=2D4FBD74A027526BADC8C2A433963C22
+
+I=380
+KEY=858193C76AFE48D951D0CB888C83458327B10620C6BF0FCA
+IV=2D4FBD74A027526BADC8C2A433963C22
+PT=FBAA6C644F8E08885DA119B7FEFBC12D
+CT=FA2DAE761EBBFDE4B77CBCD2381165DB
+
+I=381
+KEY=DA9A9F800056FC6EABFD65FE9238B86790CDBAF2FEAE6A11
+IV=FA2DAE761EBBFDE4B77CBCD2381165DB
+PT=F66A574C26D0F15C5F1B0C476AA8B4B7
+CT=DB18F5B16BF19C2BCCA36091A302BF38
+
+I=382
+KEY=BD2AB07F036032AB70E5904FF9C9244C5C6EDA635DACD529
+IV=DB18F5B16BF19C2BCCA36091A302BF38
+PT=04B0C1A19C6D38B467B02FFF0336CEC5
+CT=D3F01581B21DF4E470EE595CAB44912C
+
+I=383
+KEY=7EF57F6BDE41D79CA31585CE4BD4D0A82C80833FF6E84405
+IV=D3F01581B21DF4E470EE595CAB44912C
+PT=83BF32E0F3F3CEE7C3DFCF14DD21E537
+CT=10C69B9A04E0851B63D85D025BBACA29
+
+I=384
+KEY=22057A9912BB6B76B3D31E544F3455B34F58DE3DAD528E2C
+IV=10C69B9A04E0851B63D85D025BBACA29
+PT=150ACC96322893CC5CF005F2CCFABCEA
+CT=2743FE5769DDA5D591318E200AF672D0
+
+I=385
+KEY=742A2117B51176E69490E00326E9F066DE69501DA7A4FCFC
+IV=2743FE5769DDA5D591318E200AF672D0
+PT=93246C1A26F66DAF562F5B8EA7AA1D90
+CT=5CA8FC8DB4A20B2CA8AB86B1B40DA1A1
+
+I=386
+KEY=3C09F8C3B20BE749C8381C8E924BFB4A76C2D6AC13A95D5D
+IV=5CA8FC8DB4A20B2CA8AB86B1B40DA1A1
+PT=D91806E0F3451C374823D9D4071A91AF
+CT=25701E4C6685C98333566EB75498AEB7
+
+I=387
+KEY=DD0386F2D0D1E8FFED4802C2F4CE32C94594B81B4731F3EA
+IV=25701E4C6685C98333566EB75498AEB7
+PT=701A5D7027053688E10A7E3162DA0FB6
+CT=E4A5889FC49B62F767F61F1D2810801A
+
+I=388
+KEY=BB9A1FA7287B0D3D09ED8A5D3055503E2262A7066F2173F0
+IV=E4A5889FC49B62F767F61F1D2810801A
+PT=A110B0A38255279B66999955F8AAE5C2
+CT=F1A9BDA2045F3EAE2AB9CEE2AD352270
+
+I=389
+KEY=21B561DC3C44B5A5F84437FF340A6E9008DB69E4C2145180
+IV=F1A9BDA2045F3EAE2AB9CEE2AD352270
+PT=1562CF8420963B479A2F7E7B143FB898
+CT=E7E2BA657D3482A4825D643B8C01B52E
+
+I=390
+KEY=60A0FA1F5FA435401FA68D9A493EEC348A860DDF4E15E4AE
+IV=E7E2BA657D3482A4825D643B8C01B52E
+PT=930490633BC4EDC941159BC363E080E5
+CT=2FDBCD145EB8620594834B0D63BBD137
+
+I=391
+KEY=7DD1686F811E4017307D408E17868E311E0546D22DAE3599
+IV=2FDBCD145EB8620594834B0D63BBD137
+PT=4BB1C43F4ABC51CD1D719270DEBA7557
+CT=B703658AD9FFCDE05E2C7E252990402E
+
+I=392
+KEY=18203DC5AAA632F5877E2504CE7943D1402938F7043E75B7
+IV=B703658AD9FFCDE05E2C7E252990402E
+PT=47931942F275F05E65F155AA2BB872E2
+CT=5B79CB7FA90D3BB5A979A4588D4DE434
+
+I=393
+KEY=9F6D532CBAF42FCDDC07EE7B67747864E9509CAF89739183
+IV=5B79CB7FA90D3BB5A979A4588D4DE434
+PT=E3A36DF4EB896B4D874D6EE910521D38
+CT=61BF460521E67B3CAC638F3298EF9310
+
+I=394
+KEY=ED4F97BC99036E83BDB8A87E469203584533139D119C0293
+IV=61BF460521E67B3CAC638F3298EF9310
+PT=55EABDF72CCB5D737222C49023F7414E
+CT=8A27D87B53B2FB8BBAFF7851AF1D51F2
+
+I=395
+KEY=E1B9A7291D885F8E379F70051520F8D3FFCC6BCCBE815361
+IV=8A27D87B53B2FB8BBAFF7851AF1D51F2
+PT=D30271EA236E948F0CF63095848B310D
+CT=15075FDCBD2D6FC15B9A3841A2D58C34
+
+I=396
+KEY=976B101EE3E10E0822982FD9A80D9712A456538D1C54DF55
+IV=15075FDCBD2D6FC15B9A3841A2D58C34
+PT=879EED3434159D8076D2B737FE695186
+CT=6896582462983FAAE443078F9768B339
+
+I=397
+KEY=A7A3277BF5F605FC4A0E77FDCA95A8B8401554028B3C6C6C
+IV=6896582462983FAAE443078F9768B339
+PT=89DDABE96D1069ED30C8376516170BF4
+CT=96FE6B921416B667AA5B34D2D2E25747
+
+I=398
+KEY=DD57026B1D4E32A8DCF01C6FDE831EDFEA4E60D059DE3B2B
+IV=96FE6B921416B667AA5B34D2D2E25747
+PT=8144C8BB09FC72827AF42510E8B83754
+CT=EEDC3677AB7B57829F6D733F8090DA8A
+
+I=399
+KEY=B4D1BDF297DC0574322C2A1875F8495D752313EFD94EE1A1
+IV=EEDC3677AB7B57829F6D733F8090DA8A
+PT=510F7A55799B39786986BF998A9237DC
+CT=BA50C94440C04A8C0899D42658E25437
+
+==========
+
+KEYSIZE=256
+
+I=0
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+IV=00000000000000000000000000000000
+PT=00000000000000000000000000000000
+CT=FE3C53653E2F45B56FCD88B2CC898FF0
+
+I=1
+KEY=B2493DE29713367D9FAA93469F8EF596FE3C53653E2F45B56FCD88B2CC898FF0
+IV=FE3C53653E2F45B56FCD88B2CC898FF0
+PT=B2493DE29713367D9FAA93469F8EF596
+CT=7CE2ABAF8BEF23C4816DC8CE842048A7
+
+I=2
+KEY=33A36646FE56F70DC0C51A3117E639F182DEF8CAB5C06671EEA0407C48A9C757
+IV=7CE2ABAF8BEF23C4816DC8CE842048A7
+PT=81EA5BA46945C1705F6F89778868CC67
+CT=50CD14A12C6852D39654C816BFAF9AC2
+
+I=3
+KEY=0D6A3DACE75B104CA8A303A32670BF3AD213EC6B99A834A278F4886AF7065D95
+IV=50CD14A12C6852D39654C816BFAF9AC2
+PT=3EC95BEA190DE74168661992319686CB
+CT=3F411DAD0E339FE281637133BF46BD13
+
+I=4
+KEY=A53BE0709BF686A7DB7C3848D81AB66BED52F1C6979BAB40F997F9594840E086
+IV=3F411DAD0E339FE281637133BF46BD13
+PT=A851DDDC7CAD96EB73DF3BEBFE6A0951
+CT=5BA2C7663A4061719A7CCC2AF2A3EE8A
+
+I=5
+KEY=ECF3490CB7717A5236A3A94811BEBF13B6F036A0ADDBCA3163EB3573BAE30E0C
+IV=5BA2C7663A4061719A7CCC2AF2A3EE8A
+PT=49C8A97C2C87FCF5EDDF9100C9A40978
+CT=F105031CE7E5111317745C64F4F6D150
+
+I=6
+KEY=CE8A062A2A9F9EDE2EFB43A8602BB47847F535BC4A3EDB22749F69174E15DF5C
+IV=F105031CE7E5111317745C64F4F6D150
+PT=22794F269DEEE48C1858EAE071950B6B
+CT=C8F030398A873550A34386D9A153D833
+
+I=7
+KEY=2BE39545B8FC27444178BF0004C7F1048F050585C0B9EE72D7DCEFCEEF46076F
+IV=C8F030398A873550A34386D9A153D833
+PT=E569936F9263B99A6F83FCA864EC457C
+CT=519CF42C0BBFCBD79679089BC5E963B4
+
+I=8
+KEY=80E9C0F78F99E309935C0A69B961D787DE99F1A9CB0625A541A5E7552AAF64DB
+IV=519CF42C0BBFCBD79679089BC5E963B4
+PT=AB0A55B23765C44DD224B569BDA62683
+CT=64AC8FEA3B83584E9B7379B48F88B7A4
+
+I=9
+KEY=48DDBDA704BA7702960820A0D2CA485CBA357E43F0857DEBDAD69EE1A527D37F
+IV=64AC8FEA3B83584E9B7379B48F88B7A4
+PT=C8347D508B23940B05542AC96BAB9FDB
+CT=2B1F53F35A308673E9B1E004C32B2080
+
+I=10
+KEY=D26C4C6BE601D63BDDE6F1A49B5124CB912A2DB0AAB5FB9833677EE5660CF3FF
+IV=2B1F53F35A308673E9B1E004C32B2080
+PT=9AB1F1CCE2BBA1394BEED104499B6C97
+CT=0DAE66B5741FE38E544D9EC4E90ABDAF
+
+I=11
+KEY=D241355DB8FC5F23D0D207F72E290F189C844B05DEAA1816672AE0218F064E50
+IV=0DAE66B5741FE38E544D9EC4E90ABDAF
+PT=002D79365EFD89180D34F653B5782BD3
+CT=D00122636CC0D9D62E614EAF0963C448
+
+I=12
+KEY=1BC3268A0B674A05B2FC6E18460231564C856966B26AC1C0494BAE8E86658A18
+IV=D00122636CC0D9D62E614EAF0963C448
+PT=C98213D7B39B1526622E69EF682B3E4E
+CT=30EF014D1766651C524B3CC82F0140C6
+
+I=13
+KEY=50BE5951A5C2403C52425897C442A8457C6A682BA50CA4DC1B009246A964CADE
+IV=30EF014D1766651C524B3CC82F0140C6
+PT=4B7D7FDBAEA50A39E0BE368F82409913
+CT=BAD488702B447FABEC2074E1DD37E631
+
+I=14
+KEY=C007EE52430FF98EDD206C94ED349DE6C6BEE05B8E48DB77F720E6A774532CEF
+IV=BAD488702B447FABEC2074E1DD37E631
+PT=90B9B703E6CDB9B28F623403297635A3
+CT=EC3862EB60E7D8D0827645BD690F71B8
+
+I=15
+KEY=AE37C1DBEBF9B269E8D10CC4F046F9FC2A8682B0EEAF03A77556A31A1D5C5D57
+IV=EC3862EB60E7D8D0827645BD690F71B8
+PT=6E302F89A8F64BE735F160501D72641A
+CT=6073D1F25F3697C1E07384C67D71D8AE
+
+I=16
+KEY=86E8B9050AB24200E3757B67F08761534AF55342B1999466952527DC602D85F9
+IV=6073D1F25F3697C1E07384C67D71D8AE
+PT=28DF78DEE14BF0690BA477A300C198AF
+CT=90EF55AB8837792F82CF0F002E36F8DB
+
+I=17
+KEY=DE93EA10BB6DC2B0A6D3919561CE5AE4DA1A06E939AEED4917EA28DC4E1B7D22
+IV=90EF55AB8837792F82CF0F002E36F8DB
+PT=587B5315B1DF80B045A6EAF291493BB7
+CT=063783CB1A2137732D10CA6233C5CE93
+
+I=18
+KEY=3D147E3727A1FEB2C6F36AB9DF772E97DC2D8522238FDA3A3AFAE2BE7DDEB3B1
+IV=063783CB1A2137732D10CA6233C5CE93
+PT=E38794279CCC3C026020FB2CBEB97473
+CT=79C5CEEE64BFD33948D2E08EBE25B7E9
+
+I=19
+KEY=34586C52923969647663A0D69436D7D1A5E84BCC4730090372280230C3FB0458
+IV=79C5CEEE64BFD33948D2E08EBE25B7E9
+PT=094C1265B59897D6B090CA6F4B41F946
+CT=87DFB65D575F56670DB739C988FD7DE5
+
+I=20
+KEY=53724BF79612A7F0237927604619DD592237FD91106F5F647F9F3BF94B0679BD
+IV=87DFB65D575F56670DB739C988FD7DE5
+PT=672A27A5042BCE94551A87B6D22F0A88
+CT=643F46BC77A5FE2434753B9C38142583
+
+I=21
+KEY=8FBC30746F29985FFFA43C8BD3C4FC664608BB2D67CAA1404BEA006573125C3E
+IV=643F46BC77A5FE2434753B9C38142583
+PT=DCCE7B83F93B3FAFDCDD1BEB95DD213F
+CT=FD774BD6874EA7C0D790A5015440B664
+
+I=22
+KEY=9A61A910701A4A42873549F78D3D9FD1BB7FF0FBE08406809C7AA5642752EA5A
+IV=FD774BD6874EA7C0D790A5015440B664
+PT=15DD99641F33D21D7891757C5EF963B7
+CT=BFCEF4403428F5C96C24C249962371D4
+
+I=23
+KEY=8D98738F6DF30113AF69A7A61C1582EE04B104BBD4ACF349F05E672DB1719B8E
+IV=BFCEF4403428F5C96C24C249962371D4
+PT=17F9DA9F1DE94B51285CEE5191281D3F
+CT=CC79F35C41F0E6C0EB03472B1D13029E
+
+I=24
+KEY=976C27F1A15FF6780043636FC4777090C8C8F7E7955C15891B5D2006AC629910
+IV=CC79F35C41F0E6C0EB03472B1D13029E
+PT=1AF4547ECCACF76BAF2AC4C9D862F27E
+CT=0629B80F94FBC2C1984985B9F3B85BDD
+
+I=25
+KEY=E8934C533DED166F58D65C9E60A906A5CEE14FE801A7D7488314A5BF5FDAC2CD
+IV=0629B80F94FBC2C1984985B9F3B85BDD
+PT=7FFF6BA29CB2E01758953FF1A4DE7635
+CT=F2A70F4ED1A836696841D523F2650B55
+
+I=26
+KEY=8116688C16D2C26D162C4D813FB267103C4640A6D00FE121EB55709CADBFC998
+IV=F2A70F4ED1A836696841D523F2650B55
+PT=698524DF2B3FD4024EFA111F5F1B61B5
+CT=A9B5565EB9B5D5DAC52BE0F449FBE11A
+
+I=27
+KEY=5A7062E77C6D20563AFD0BFDAAE04BE995F316F869BA34FB2E7E9068E4442882
+IV=A9B5565EB9B5D5DAC52BE0F449FBE11A
+PT=DB660A6B6ABFE23B2CD1467C95522CF9
+CT=E47F675379D4CE3DDABA0F906BE014B2
+
+I=28
+KEY=4DDC0A5938F4A3DC1AF8D3AFD3DF6198718C71AB106EFAC6F4C49FF88FA43C30
+IV=E47F675379D4CE3DDABA0F906BE014B2
+PT=17AC68BE4499838A2005D852793F2A71
+CT=7B95AB0E030C70B7940ECDAEFCA570A5
+
+I=29
+KEY=E287EFC66626600AF3453F68BE53E5250A19DAA513628A7160CA525673014C95
+IV=7B95AB0E030C70B7940ECDAEFCA570A5
+PT=AF5BE59F5ED2C3D6E9BDECC76D8C84BD
+CT=E854E5DE0C42D57B869C29FC8D5AFFF3
+
+I=30
+KEY=7F3415A538F60B24A58447E1D38805B3E24D3F7B1F205F0AE6567BAAFE5BB366
+IV=E854E5DE0C42D57B869C29FC8D5AFFF3
+PT=9DB3FA635ED06B2E56C178896DDBE096
+CT=4E55EDEDC35CDEAB3BFB2B5D39871625
+
+I=31
+KEY=59E5F5ECC5693DA07046636094970E8CAC18D296DC7C81A1DDAD50F7C7DCA543
+IV=4E55EDEDC35CDEAB3BFB2B5D39871625
+PT=26D1E049FD9F3684D5C22481471F0B3F
+CT=3355C2CC762E58FA941E0004209CA710
+
+I=32
+KEY=0B62CF7EA869036A529E9D184574CD609F4D105AAA52D95B49B350F3E7400253
+IV=3355C2CC762E58FA941E0004209CA710
+PT=52873A926D003ECA22D8FE78D1E3C3EC
+CT=9B86680D69D38870268D42E78EDA2B50
+
+I=33
+KEY=CEDC9CCC4DC42CB055EDC50597EE24DF04CB7857C381512B6F3E1214699A2903
+IV=9B86680D69D38870268D42E78EDA2B50
+PT=C5BE53B2E5AD2FDA0773581DD29AE9BF
+CT=05DD4896F08EEAA6A53FA7BCF183F538
+
+I=34
+KEY=CA30B422016C86247D75B618D19247AC011630C1330FBB8DCA01B5A89819DC3B
+IV=05DD4896F08EEAA6A53FA7BCF183F538
+PT=04EC28EE4CA8AA942898731D467C6373
+CT=F81E56F4390D65C7959348A6FBD8A94E
+
+I=35
+KEY=B7096A2EC0259DA21ACA6DBE637A9F15F90866350A02DE4A5F92FD0E63C17575
+IV=F81E56F4390D65C7959348A6FBD8A94E
+PT=7D39DE0CC1491B8667BFDBA6B2E8D8B9
+CT=4364CA2D90FA256084DF8E2FCDC62AB3
+
+I=36
+KEY=436C0894D4436149EE685F0061BDF3AEBA6CAC189AF8FB2ADB4D7321AE075FC6
+IV=4364CA2D90FA256084DF8E2FCDC62AB3
+PT=F46562BA1466FCEBF4A232BE02C76CBB
+CT=0991DE19A5ABE5F7E8AE24120789B9AB
+
+I=37
+KEY=44E1636AFF962EC4F1C446A89B9393C6B3FD72013F531EDD33E35733A98EE66D
+IV=0991DE19A5ABE5F7E8AE24120789B9AB
+PT=078D6BFE2BD54F8D1FAC19A8FA2E6068
+CT=0F4EF4FA608671AC5F71063CF6C1EBDE
+
+I=38
+KEY=44289918A9E99F859FC2F604FE38B86EBCB386FB5FD56F716C92510F5F4F0DB3
+IV=0F4EF4FA608671AC5F71063CF6C1EBDE
+PT=00C9FA72567FB1416E06B0AC65AB2BA8
+CT=2D6A2A1CC9D208C16236BBC9451EC5E1
+
+I=39
+KEY=BE5907C77B0939D20575F27427A2C3FE91D9ACE7960767B00EA4EAC61A51C852
+IV=2D6A2A1CC9D208C16236BBC9451EC5E1
+PT=FA719EDFD2E0A6579AB70470D99A7B90
+CT=237A8DFBA42708BBF7E540766F2059F1
+
+I=40
+KEY=CD97125720F2002207AC44C456CDDF0DB2A3211C32206F0BF941AAB0757191A3
+IV=237A8DFBA42708BBF7E540766F2059F1
+PT=73CE15905BFB39F002D9B6B0716F1CF3
+CT=2D1AB5CF3E9C27ADA9FB45F15007A7BB
+
+I=41
+KEY=123F64F2A28C80C2F6E000F69C8E5A639FB994D30CBC48A650BAEF4125763618
+IV=2D1AB5CF3E9C27ADA9FB45F15007A7BB
+PT=DFA876A5827E80E0F14C4432CA43856E
+CT=7039C9AF1E10FE99A91483EA578AE6DD
+
+I=42
+KEY=6CD69C4F5AD7CB5E9E4574F6A48FDB28EF805D7C12ACB63FF9AE6CAB72FCD0C5
+IV=7039C9AF1E10FE99A91483EA578AE6DD
+PT=7EE9F8BDF85B4B9C68A574003801814B
+CT=116DD8566366A19EEAF2F3E744B3EF9C
+
+I=43
+KEY=C73969C7D6D057003E2E215D94978792FEED852A71CA17A1135C9F4C364F3F59
+IV=116DD8566366A19EEAF2F3E744B3EF9C
+PT=ABEFF5888C079C5EA06B55AB30185CBA
+CT=648A801EF27E77D964BB751A32B8CFE8
+
+I=44
+KEY=E0960DD6E807F3D0B5DF057D0D1E6DCC9A67053483B4607877E7EA5604F7F0B1
+IV=648A801EF27E77D964BB751A32B8CFE8
+PT=27AF64113ED7A4D08BF124209989EA5E
+CT=D18AE728717C535049868FA6F1B4294E
+
+I=45
+KEY=466AE043435C6CCA67FF1C5D4B4175DA4BEDE21CF2C833283E6165F0F543D9FF
+IV=D18AE728717C535049868FA6F1B4294E
+PT=A6FCED95AB5B9F1AD2201920465F1816
+CT=169B55360728DA8F582C488F2569411F
+
+I=46
+KEY=27E1BC4931601D667CD807454D58B2BB5D76B72AF5E0E9A7664D2D7FD02A98E0
+IV=169B55360728DA8F582C488F2569411F
+PT=618B5C0A723C71AC1B271B180619C761
+CT=67DADCF7C31CA394F46F18AB1AEA022E
+
+I=47
+KEY=2D4EB1F3A709F0A4CA5E2CD47F8F10123AAC6BDD36FC4A33922235D4CAC09ACE
+IV=67DADCF7C31CA394F46F18AB1AEA022E
+PT=0AAF0DBA9669EDC2B6862B9132D7A2A9
+CT=A5D49BDF099335166BBFDCBE29C90B80
+
+I=48
+KEY=2A90CE470EB8C9400B056307D53452BE9F78F0023F6F7F25F99DE96AE309914E
+IV=A5D49BDF099335166BBFDCBE29C90B80
+PT=07DE7FB4A9B139E4C15B4FD3AABB42AC
+CT=5AFC238F19E369E77278593C6E20A946
+
+I=49
+KEY=90B696E9A0792BFF7BF21BE373731CB5C584D38D268C16C28BE5B0568D293808
+IV=5AFC238F19E369E77278593C6E20A946
+PT=BA2658AEAEC1E2BF70F778E4A6474E0B
+CT=2861A363922099D0F0B2A5AD2A5F421E
+
+I=50
+KEY=4FE5C563B7DB98C6B9CCA52F313FBAFCEDE570EEB4AC8F127B5715FBA7767A16
+IV=2861A363922099D0F0B2A5AD2A5F421E
+PT=DF53538A17A2B339C23EBECC424CA649
+CT=D76E51B6EA5F74D0116C4D16EDD0DFAC
+
+I=51
+KEY=EBF784D98E40372429819EE23BE85B723A8B21585EF3FBC26A3B58ED4AA6A5BA
+IV=D76E51B6EA5F74D0116C4D16EDD0DFAC
+PT=A41241BA399BAFE2904D3BCD0AD7E18E
+CT=6214F5E50EC99F40B86951CE395C8315
+
+I=52
+KEY=C01A5093C6A29CEED72D14D903BD17E8589FD4BD503A6482D252092373FA26AF
+IV=6214F5E50EC99F40B86951CE395C8315
+PT=2BEDD44A48E2ABCAFEAC8A3B38554C9A
+CT=6CFC2188E40E806BBE277988B924627E
+
+I=53
+KEY=A8C3A10380B6D4D1CEFABF57F3C695193463F535B434E4E96C7570ABCADE44D1
+IV=6CFC2188E40E806BBE277988B924627E
+PT=68D9F1904614483F19D7AB8EF07B82F1
+CT=B98E851902AEC129FD1607DECA9E0669
+
+I=54
+KEY=B828711ABA1D06408099944287112DE58DED702CB69A25C091637775004042B8
+IV=B98E851902AEC129FD1607DECA9E0669
+PT=10EBD0193AABD2914E632B1574D7B8FC
+CT=DBDA9DB56E6FF915D67D7DEE541DD6A3
+
+I=55
+KEY=3B0E9FE343D665ABB3706243EF023C765637ED99D8F5DCD5471E0A9B545D941B
+IV=DBDA9DB56E6FF915D67D7DEE541DD6A3
+PT=8326EEF9F9CB63EB33E9F60168131193
+CT=399802CE3FF3878A73C7D85E19FDD54B
+
+I=56
+KEY=9270D72D972B46C8E630FBD1AA67FBED6FAFEF57E7065B5F34D9D2C54DA04150
+IV=399802CE3FF3878A73C7D85E19FDD54B
+PT=A97E48CED4FD2363554099924565C79B
+CT=40FABA067414961FD964EC91196943E3
+
+I=57
+KEY=017211AC512541BFBDD0292385AA20862F5555519312CD40EDBD3E5454C902B3
+IV=40FABA067414961FD964EC91196943E3
+PT=9302C681C60E07775BE0D2F22FCDDB6B
+CT=6BF1125E581341510FD02B9450886B17
+
+I=58
+KEY=AC2652A877F924710178641D20B239B944A4470FCB018C11E26D15C0044169A4
+IV=6BF1125E581341510FD02B9450886B17
+PT=AD54430426DC65CEBCA84D3EA518193F
+CT=74871D2EF6D1F29181B0A2530885EEC8
+
+I=59
+KEY=0BF012A9F0CB194C1F00893D4803E10130235A213DD07E8063DDB7930CC4876C
+IV=74871D2EF6D1F29181B0A2530885EEC8
+PT=A7D6400187323D3D1E78ED2068B1D8B8
+CT=2A2DC9F5CB47C94D430ECAAAB1D0811E
+
+I=60
+KEY=8D22EEEA013E327509E84630166331DB1A0E93D4F697B7CD20D37D39BD140672
+IV=2A2DC9F5CB47C94D430ECAAAB1D0811E
+PT=86D2FC43F1F52B3916E8CF0D5E60D0DA
+CT=BC318E32957CE6577CD06E2D3166CD1F
+
+I=61
+KEY=1C4909D11840D978FD7232D0FBC0E6A3A63F1DE663EB519A5C0313148C72CB6D
+IV=BC318E32957CE6577CD06E2D3166CD1F
+PT=916BE73B197EEB0DF49A74E0EDA3D778
+CT=E9858DBB1B5145ABB598ADE882346DDB
+
+I=62
+KEY=DD2ED3C6FCE0034F19259D57A35B60CF4FBA905D78BA1431E99BBEFC0E46A6B6
+IV=E9858DBB1B5145ABB598ADE882346DDB
+PT=C167DA17E4A0DA37E457AF87589B866C
+CT=1E04B15BBF727BEAC33C0C26141636DD
+
+I=63
+KEY=81C434CDF7EABAA49252EC86DFE15FBA51BE2106C7C86FDB2AA7B2DA1A50906B
+IV=1E04B15BBF727BEAC33C0C26141636DD
+PT=5CEAE70B0B0AB9EB8B7771D17CBA3F75
+CT=EB21AED731D594017F5729262A1E23B4
+
+I=64
+KEY=AEF6BF8323CAE4C2270CC5E51B0A3BFFBA9F8FD1F61DFBDA55F09BFC304EB3DF
+IV=EB21AED731D594017F5729262A1E23B4
+PT=2F328B4ED4205E66B55E2963C4EB6445
+CT=EB73CFADA0ACB98B37091CB81489CC7C
+
+I=65
+KEY=BC3BD548867FA82FF80EF67B38016A1E51EC407C56B1425162F9874424C77FA3
+IV=EB73CFADA0ACB98B37091CB81489CC7C
+PT=12CD6ACBA5B54CEDDF02339E230B51E1
+CT=1FEEF226D6759E8813B98A5D43B2F22A
+
+I=66
+KEY=E1F5760C694DBE5688A0241B5517B4B14E02B25A80C4DCD971400D1967758D89
+IV=1FEEF226D6759E8813B98A5D43B2F22A
+PT=5DCEA344EF32167970AED2606D16DEAF
+CT=9C591D087F0F45C8AE3DEC9C455FE200
+
+I=67
+KEY=ABF2D79C472D0159FA9AE646D0C0FC9CD25BAF52FFCB9911DF7DE185222A6F89
+IV=9C591D087F0F45C8AE3DEC9C455FE200
+PT=4A07A1902E60BF0F723AC25D85D7482D
+CT=62C4F4D7E4AC5ABC03BECA3CA56DA4FD
+
+I=68
+KEY=E58A351A4DD79A2ED6D386E11A8563F2B09F5B851B67C3ADDCC32BB98747CB74
+IV=62C4F4D7E4AC5ABC03BECA3CA56DA4FD
+PT=4E78E2860AFA9B772C4960A7CA459F6E
+CT=AD8557C0D04675CC312C7A106D5C8B83
+
+I=69
+KEY=BCF7BB1010AF5CEB05E06339689067E31D1A0C45CB21B661EDEF51A9EA1B40F7
+IV=AD8557C0D04675CC312C7A106D5C8B83
+PT=597D8E0A5D78C6C5D333E5D872150411
+CT=80159F4F5E0C2DC07D3CD3C52A1A8E6D
+
+I=70
+KEY=328BB8EB86055D2BB52A02E40BB5D2C39D0F930A952D9BA190D3826CC001CE9A
+IV=80159F4F5E0C2DC07D3CD3C52A1A8E6D
+PT=8E7C03FB96AA01C0B0CA61DD6325B520
+CT=F58A2EE5A5BDE8CA0A96F4F4B64BE737
+
+I=71
+KEY=F192AE51D926A2B68C38EA4E48A0590F6885BDEF3090736B9A457698764A29AD
+IV=F58A2EE5A5BDE8CA0A96F4F4B64BE737
+PT=C31916BA5F23FF9D3912E8AA43158BCC
+CT=B4C0DD55013AEFE12D94F31B861134CC
+
+I=72
+KEY=5EE48E38C2C805E2AACC89AD8682E552DC4560BA31AA9C8AB7D18583F05B1D61
+IV=B4C0DD55013AEFE12D94F31B861134CC
+PT=AF7620691BEEA75426F463E3CE22BC5D
+CT=FD8B06AEF9B3C25D11B950A6648276BB
+
+I=73
+KEY=F425B9BF4D114251736EE7FCDB430B6721CE6614C8195ED7A668D52594D96BDA
+IV=FD8B06AEF9B3C25D11B950A6648276BB
+PT=AAC137878FD947B3D9A26E515DC1EE35
+CT=31BE8DF4A8A749FBF11AB07D8479A10B
+
+I=74
+KEY=61A2D5337BCB827887F884AD98C67BEA1070EBE060BE172C5772655810A0CAD1
+IV=31BE8DF4A8A749FBF11AB07D8479A10B
+PT=95876C8C36DAC029F49663514385708D
+CT=E9A2EF0C882781788D50033B79FE181F
+
+I=75
+KEY=E930B2277AC4475FB0A94519F60DE552F9D204ECE8999654DA226663695ED2CE
+IV=E9A2EF0C882781788D50033B79FE181F
+PT=88926714010FC5273751C1B46ECB9EB8
+CT=17FFCD5A010709A2737570E038D63B27
+
+I=76
+KEY=B944CE978DF68F8FBFF0A5EA62AAC299EE2DC9B6E99E9FF6A95716835188E9E9
+IV=17FFCD5A010709A2737570E038D63B27
+PT=50747CB0F732C8D00F59E0F394A727CB
+CT=E12B89FA1B1DD3B29F02219FD3D7D3D2
+
+I=77
+KEY=0E2D7FCEB557462267BED2CCA8B48CD70F06404CF2834C443655371C825F3A3B
+IV=E12B89FA1B1DD3B29F02219FD3D7D3D2
+PT=B769B15938A1C9ADD84E7726CA1E4E4E
+CT=75AE99B6022B08E36FB88A6F4D7698BF
+
+I=78
+KEY=8046D73D60912221694B2AFE703EDB167AA8D9FAF0A844A759EDBD73CF29A284
+IV=75AE99B6022B08E36FB88A6F4D7698BF
+PT=8E6BA8F3D5C664030EF5F832D88A57C1
+CT=CF32DCE11FDB098A6435315342796064
+
+I=79
+KEY=20716D6975C32231968BF76725144CBAB59A051BEF734D2D3DD88C208D50C2E0
+IV=CF32DCE11FDB098A6435315342796064
+PT=A037BA5415520010FFC0DD99552A97AC
+CT=80F12B261317C66F21AC811230848468
+
+I=80
+KEY=AD5A2011E425AFFD57E7191336D37D25356B2E3DFC648B421C740D32BDD44688
+IV=80F12B261317C66F21AC811230848468
+PT=8D2B4D7891E68DCCC16CEE7413C7319F
+CT=F2C6B70C19A5748C6D2B5DE41544854F
+
+I=81
+KEY=49D4228508C789105CF457D10FA56048C7AD9931E5C1FFCE715F50D6A890C3C7
+IV=F2C6B70C19A5748C6D2B5DE41544854F
+PT=E48E0294ECE226ED0B134EC239761D6D
+CT=A31FB3535978DAA555DD617FAB27A97A
+
+I=82
+KEY=67CE710A3E778CB4A37D1F2274D4462D64B22A62BCB9256B248231A903B76ABD
+IV=A31FB3535978DAA555DD617FAB27A97A
+PT=2E1A538F36B005A4FF8948F37B712665
+CT=97336ECFAE89015E0B5A7D1C154C71BF
+
+I=83
+KEY=A87C517EF43CACC6D41EEB661DD1142CF38144AD123024352FD84CB516FB1B02
+IV=97336ECFAE89015E0B5A7D1C154C71BF
+PT=CFB22074CA4B20727763F44469055201
+CT=466CD227A6A9D5FC3C0579064530FCE0
+
+I=84
+KEY=D73F926A5B5DD8F5B82DE8F77E0E0697B5ED968AB499F1C913DD35B353CBE7E2
+IV=466CD227A6A9D5FC3C0579064530FCE0
+PT=7F43C314AF6174336C33039163DF12BB
+CT=4F444B4554E965A113DC0097AA8FAD7A
+
+I=85
+KEY=7A19BE1C42A13B85B754834E9808DF4BFAA9DDCFE070946800013524F9444A98
+IV=4F444B4554E965A113DC0097AA8FAD7A
+PT=AD262C7619FCE3700F796BB9E606D9DC
+CT=F7078ABE7617867274CBBEDA1082B987
+
+I=86
+KEY=D256675EDBF987B5CA86C21DE177C6A00DAE57719667121A74CA8BFEE9C6F31F
+IV=F7078ABE7617867274CBBEDA1082B987
+PT=A84FD9429958BC307DD24153797F19EB
+CT=676ACAB66B04597F1A33FF462BD5E0EE
+
+I=87
+KEY=C025616AB6F89BB1B90AA0E8F63FF1CC6AC49DC7FD634B656EF974B8C21313F1
+IV=676ACAB66B04597F1A33FF462BD5E0EE
+PT=127306346D011C04738C62F51748376C
+CT=BF66B8DD1E540A4FED759FDB9A44B439
+
+I=88
+KEY=2A437D44D93C25B3233FB168D63751A5D5A2251AE337412A838CEB635857A7C8
+IV=BF66B8DD1E540A4FED759FDB9A44B439
+PT=EA661C2E6FC4BE029A3511802008A069
+CT=EC8DBB5B3FE245180856B312D3052A87
+
+I=89
+KEY=838278123F0261D1F287C9FF94CA4A55392F9E41DCD504328BDA58718B528D4F
+IV=EC8DBB5B3FE245180856B312D3052A87
+PT=A9C10556E63E4462D1B8789742FD1BF0
+CT=02E1E60312BB371912C35E3EBC6EA755
+
+I=90
+KEY=64F3A47C8C7CFA9FF2AC88637C598E6A3BCE7842CE6E332B9919064F373C2A1A
+IV=02E1E60312BB371912C35E3EBC6EA755
+PT=E771DC6EB37E9B4E002B419CE893C43F
+CT=73D7499EBB38716D71CCB737CFFFA3FB
+
+I=91
+KEY=585ABE6B779F22400FC2AC3B55B39E91481931DC75564246E8D5B178F8C389E1
+IV=73D7499EBB38716D71CCB737CFFFA3FB
+PT=3CA91A17FBE3D8DFFD6E245829EA10FB
+CT=CEE7721855B7381D369ECC1C9337BB02
+
+I=92
+KEY=7BC1E883465CBBB9BA624FF99308259386FE43C420E17A5BDE4B7D646BF432E3
+IV=CEE7721855B7381D369ECC1C9337BB02
+PT=239B56E831C399F9B5A0E3C2C6BBBB02
+CT=B6F48D369383974D163E4F17FDFC59EF
+
+I=93
+KEY=70032AF50BB5E080D4AA7722CEDC7DA9300ACEF2B362ED16C875327396086B0C
+IV=B6F48D369383974D163E4F17FDFC59EF
+PT=0BC2C2764DE95B396EC838DB5DD4583A
+CT=E8372DA404126C63190626D95583629D
+
+I=94
+KEY=5C61B59BDA2FF51D4F4F740578466EA9D83DE356B7708175D17314AAC38B0991
+IV=E8372DA404126C63190626D95583629D
+PT=2C629F6ED19A159D9BE50327B69A1300
+CT=F717B53E51665D0854C895EA1D1D7E77
+
+I=95
+KEY=59A35E82B9C8D8FF25CFC5BAD979A9052F2A5668E616DC7D85BB8140DE9677E6
+IV=F717B53E51665D0854C895EA1D1D7E77
+PT=05C2EB1963E72DE26A80B1BFA13FC7AC
+CT=7D3EE90EEF7C16872F98296977AA9557
+
+I=96
+KEY=5BC419836F7C4F57957E13E39B2181455214BF66096ACAFAAA23A829A93CE2B1
+IV=7D3EE90EEF7C16872F98296977AA9557
+PT=02674701D6B497A8B0B1D65942582840
+CT=6DCD0C4B5633078FDEA9AE24781CB212
+
+I=97
+KEY=E6D2BB67584AA2FAAE1D0DAD8C9C60253FD9B32D5F59CD75748A060DD12050A3
+IV=6DCD0C4B5633078FDEA9AE24781CB212
+PT=BD16A2E43736EDAD3B631E4E17BDE160
+CT=6515251260A73AE868E992B6D49579C5
+
+I=98
+KEY=57637851C3C08A2923EBD2FEA27472DC5ACC963F3FFEF79D1C6394BB05B52966
+IV=6515251260A73AE868E992B6D49579C5
+PT=B1B1C3369B8A28D38DF6DF532EE812F9
+CT=1A40C2C15F03867E81F951B545396BB4
+
+I=99
+KEY=E08E94110F1E64554848AB1966299B7D408C54FE60FD71E39D9AC50E408C42D2
+IV=1A40C2C15F03867E81F951B545396BB4
+PT=B7EDEC40CCDEEE7C6BA379E7C45DE9A1
+CT=DD331F336D669EFD37106099EA51010D
+
+I=100
+KEY=17F2544156745EC108BF97DA806752C39DBF4BCD0D9BEF1EAA8AA597AADD43DF
+IV=DD331F336D669EFD37106099EA51010D
+PT=F77CC050596A3A9440F73CC3E64EC9BE
+CT=0EF37EC0B6071874FF68926D98A0EEAB
+
+I=101
+KEY=C97ABFF115E20A6C72A6206DB63EC0FD934C350DBB9CF76A55E237FA327DAD74
+IV=0EF37EC0B6071874FF68926D98A0EEAB
+PT=DE88EBB0439654AD7A19B7B73659923E
+CT=DA1DAEB42178A7657A40BD72A06CEDDC
+
+I=102
+KEY=77AB469FBC999BB2922D460413E2012049519BB99AE4500F2FA28A88921140A8
+IV=DA1DAEB42178A7657A40BD72A06CEDDC
+PT=BED1F96EA97B91DEE08B6669A5DCC1DD
+CT=E78523134FC8EAA77CC85E0EEC60FCD3
+
+I=103
+KEY=4F88FA6F4053B3A15094ED532C2F47DCAED4B8AAD52CBAA8536AD4867E71BC7B
+IV=E78523134FC8EAA77CC85E0EEC60FCD3
+PT=3823BCF0FCCA2813C2B9AB573FCD46FC
+CT=BC540D1838D7AD8E8B1C44B96684DD31
+
+I=104
+KEY=D178E105443700CFEE007AB3BAA71E4C1280B5B2EDFB1726D876903F18F5614A
+IV=BC540D1838D7AD8E8B1C44B96684DD31
+PT=9EF01B6A0464B36EBE9497E096885990
+CT=6C6B95A5D8F4E7F1A5864DDBFCDCEED8
+
+I=105
+KEY=8F6A589BA0ED1A67FE426368A7E523047EEB2017350FF0D77DF0DDE4E4298F92
+IV=6C6B95A5D8F4E7F1A5864DDBFCDCEED8
+PT=5E12B99EE4DA1AA8104219DB1D423D48
+CT=B58C92AE19B332621E7A4E5512C88596
+
+I=106
+KEY=147895B157BF16B87C32AAA17480A886CB67B2B92CBCC2B5638A93B1F6E10A04
+IV=B58C92AE19B332621E7A4E5512C88596
+PT=9B12CD2AF7520CDF8270C9C9D3658B82
+CT=4D1D90F007BB5099C382E69C9CD1F7E5
+
+I=107
+KEY=4C8441FCEBBD595999864A6CC37F7EDB867A22492B07922CA008752D6A30FDE1
+IV=4D1D90F007BB5099C382E69C9CD1F7E5
+PT=58FCD44DBC024FE1E5B4E0CDB7FFD65D
+CT=7F59920056EC32FA48F8A9CCCFFE437A
+
+I=108
+KEY=CD922EEA60F0F136A799C650F5D4B030F923B0497DEBA0D6E8F0DCE1A5CEBE9B
+IV=7F59920056EC32FA48F8A9CCCFFE437A
+PT=81166F168B4DA86F3E1F8C3C36ABCEEB
+CT=A546F57E48A783694577D59F7FD01D9E
+
+I=109
+KEY=90DE3ECB26E68BDD3C4B7AB9B9CDE6195C654537354C23BFAD87097EDA1EA305
+IV=A546F57E48A783694577D59F7FD01D9E
+PT=5D4C102146167AEB9BD2BCE94C195629
+CT=6342B8CB1E493F916585FF1BBFC42AB3
+
+I=110
+KEY=ADF1869FEA15122394E1F6FF6B51E5DE3F27FDFC2B051C2EC802F66565DA89B6
+IV=6342B8CB1E493F916585FF1BBFC42AB3
+PT=3D2FB854CCF399FEA8AA8C46D29C03C7
+CT=052AEDF54016429320B04243E308ECFE
+
+I=111
+KEY=DF52D7982845CBAEB4E56592906B63943A0D10096B135EBDE8B2B42686D26548
+IV=052AEDF54016429320B04243E308ECFE
+PT=72A35107C250D98D2004936DFB3A864A
+CT=EE147A64DC2E31222A3A14B133769ACE
+
+I=112
+KEY=5D6B5899612FF15825029DEB0B37CB4ED4196A6DB73D6F9FC288A097B5A4FF86
+IV=EE147A64DC2E31222A3A14B133769ACE
+PT=82398F01496A3AF691E7F8799B5CA8DA
+CT=8330EF868E72D33172D7DEC7B440056C
+
+I=113
+KEY=FC23917C478894C9490A6585CCB8A716572985EB394FBCAEB05F7E5001E4FAEA
+IV=8330EF868E72D33172D7DEC7B440056C
+PT=A148C9E526A765916C08F86EC78F6C58
+CT=DC83E3727C4E9754A82BFCFFD924ACB3
+
+I=114
+KEY=BCD556FA7AFA27F9675F45922924DFA68BAA669945012BFA187482AFD8C05659
+IV=DC83E3727C4E9754A82BFCFFD924ACB3
+PT=40F6C7863D72B3302E552017E59C78B0
+CT=C0B97D9320DC3E893953E1D93859D3E4
+
+I=115
+KEY=A0F23A11C85F008CFEC20F76BD6751054B131B0A65DD157321276376E09985BD
+IV=C0B97D9320DC3E893953E1D93859D3E4
+PT=1C276CEBB2A52775999D4AE494438EA3
+CT=8C28875C39211D01A084A59BA71D0C31
+
+I=116
+KEY=2BB58C8FE9FE5BAEC5DB3F6A7EB98187C73B9C565CFC087281A3C6ED4784898C
+IV=8C28875C39211D01A084A59BA71D0C31
+PT=8B47B69E21A15B223B19301CC3DED082
+CT=7865E390E8019259A117669082ED5CCC
+
+I=117
+KEY=6035A1AC1F0C1871EA06773DEA40B5C5BF5E7FC6B4FD9A2B20B4A07DC569D540
+IV=7865E390E8019259A117669082ED5CCC
+PT=4B802D23F6F243DF2FDD485794F93442
+CT=DC7BA7C54217B8DEE966C0672DBE79CD
+
+I=118
+KEY=CCA70BB373BA65736D25078BB99980F66325D803F6EA22F5C9D2601AE8D7AC8D
+IV=DC7BA7C54217B8DEE966C0672DBE79CD
+PT=AC92AA1F6CB67D02872370B653D93533
+CT=CBB60FB6BE7240A2037CDA46DAAAC4E4
+
+I=119
+KEY=E6D9E4347ABCE875CDFB026A9B1CE767A893D7B548986257CAAEBA5C327D6869
+IV=CBB60FB6BE7240A2037CDA46DAAAC4E4
+PT=2A7EEF8709068D06A0DE05E122856791
+CT=3B0863884DCFFDAAE439E3BCFC2E0491
+
+I=120
+KEY=90C0678C9B9796FACBD3A9E8E40A46E6939BB43D05579FFD2E9759E0CE536CF8
+IV=3B0863884DCFFDAAE439E3BCFC2E0491
+PT=761983B8E12B7E8F0628AB827F16A181
+CT=1407CDBD04CA6450D15A276B0E45D500
+
+I=121
+KEY=A3505D86BF4B95AEC0F720B4CBDF4985879C7980019DFBADFFCD7E8BC016B9F8
+IV=1407CDBD04CA6450D15A276B0E45D500
+PT=33903A0A24DC03540B24895C2FD50F63
+CT=94B64DF8376EAF94F24EB0457DF81418
+
+I=122
+KEY=EAD741BA44D8637A4D49A089E4A122F2132A347836F354390D83CECEBDEEADE0
+IV=94B64DF8376EAF94F24EB0457DF81418
+PT=49871C3CFB93F6D48DBE803D2F7E6B77
+CT=6E2DE304D4A21A218291FD9B59FED9BF
+
+I=123
+KEY=278551B22B73239BF36E61370FFF43EA7D07D77CE2514E188F123355E410745F
+IV=6E2DE304D4A21A218291FD9B59FED9BF
+PT=CD5210086FAB40E1BE27C1BEEB5E6118
+CT=72A1E7B22D6B8B8C38C4CCD545466879
+
+I=124
+KEY=C7046CA82928EA5AE1E6998399A090BB0FA630CECF3AC594B7D6FF80A1561C26
+IV=72A1E7B22D6B8B8C38C4CCD545466879
+PT=E0813D1A025BC9C11288F8B4965FD351
+CT=F5F1B011C644D119625733433C3DBB40
+
+I=125
+KEY=82AF7079A309A3B1367E4DC8EE90B8C5FA5780DF097E148DD581CCC39D6BA766
+IV=F5F1B011C644D119625733433C3DBB40
+PT=45AB1CD18A2149EBD798D44B7730287E
+CT=FDD90319FC2878AE4E23CE63C6660D1A
+
+I=126
+KEY=EB439411E1412BA8D6DB9F3052753D3F078E83C6F5566C239BA202A05B0DAA7C
+IV=FDD90319FC2878AE4E23CE63C6660D1A
+PT=69ECE46842488819E0A5D2F8BCE585FA
+CT=0B3948AEFD674622289CB41E3F668A5C
+
+I=127
+KEY=C2FDF3EB8C01693C7FB990CE6D7F56E10CB7CB6808312A01B33EB6BE646B2020
+IV=0B3948AEFD674622289CB41E3F668A5C
+PT=29BE67FA6D404294A9620FFE3F0A6BDE
+CT=9F5BF60EB5CCF9D9F3A20DA569209636
+
+I=128
+KEY=ECF0B5C32A3163495086894AB263166D93EC3D66BDFDD3D8409CBB1B0D4BB616
+IV=9F5BF60EB5CCF9D9F3A20DA569209636
+PT=2E0D4628A6300A752F3F1984DF1C408C
+CT=3FED40A5796B3D1FF8805E5EF8922511
+
+I=129
+KEY=259CAA194EE9BE90B2B1E7654CBDCD03AC017DC3C496EEC7B81CE545F5D99307
+IV=3FED40A5796B3D1FF8805E5EF8922511
+PT=C96C1FDA64D8DDD9E2376E2FFEDEDB6E
+CT=2973A39E09EF5F4F42B29E6730ECC127
+
+I=130
+KEY=FAAB18CE5FA7895BAA9EC69A55F690208572DE5DCD79B188FAAE7B22C5355220
+IV=2973A39E09EF5F4F42B29E6730ECC127
+PT=DF37B2D7114E37CB182F21FF194B5D23
+CT=F8C4C1A86B0665E2124CFFA9128FFEFD
+
+I=131
+KEY=3806BAB3764E794DF526A17BCE0112877DB61FF5A67FD46AE8E2848BD7BAACDD
+IV=F8C4C1A86B0665E2124CFFA9128FFEFD
+PT=C2ADA27D29E9F0165FB867E19BF782A7
+CT=90996F6629A41FC86A9520DD33AE5B3F
+
+I=132
+KEY=B7F781357E024140C3797D01C286E72BED2F70938FDBCBA28277A456E414F7E2
+IV=90996F6629A41FC86A9520DD33AE5B3F
+PT=8FF13B86084C380D365FDC7A0C87F5AC
+CT=9DAFB2F259BFD18945A0A6EFF9A81A75
+
+I=133
+KEY=B67D37A8E281AFD015C38A72F5662BEE7080C261D6641A2BC7D702B91DBCED97
+IV=9DAFB2F259BFD18945A0A6EFF9A81A75
+PT=018AB69D9C83EE90D6BAF77337E0CCC5
+CT=C89F523289AE2A7C8F796C2252CB0597
+
+I=134
+KEY=A47B97F34FB4A8F219ED7A59EFE40080B81F90535FCA305748AE6E9B4F77E800
+IV=C89F523289AE2A7C8F796C2252CB0597
+PT=1206A05BAD3507220C2EF02B1A822B6E
+CT=3AACC4E5DE152BB1730C6D10C9A81A0A
+
+I=135
+KEY=E8EBBFDA61B6BC6735953F8E448B5E0282B354B681DF1BE63BA2038B86DFF20A
+IV=3AACC4E5DE152BB1730C6D10C9A81A0A
+PT=4C9028292E0214952C7845D7AB6F5E82
+CT=1E315BFFFDC3DA42438E683263B496DD
+
+I=136
+KEY=EE950FF3D603DECEE18F4ACF99A623589C820F497C1CC1A4782C6BB9E56B64D7
+IV=1E315BFFFDC3DA42438E683263B496DD
+PT=067EB029B7B562A9D41A7541DD2D7D5A
+CT=9B021A44CD9FF920DFE1EC97B3EE8AE4
+
+I=137
+KEY=E073E1149A4A605E041167F3739F17240780150DB1833884A7CD872E5685EE33
+IV=9B021A44CD9FF920DFE1EC97B3EE8AE4
+PT=0EE6EEE74C49BE90E59E2D3CEA39347C
+CT=4F62EE03D7A8337ECB3DCC0EA5444C2D
+
+I=138
+KEY=BF449E4B7DFA404D3F18C0266725F67248E2FB0E662B0BFA6CF04B20F3C1A21E
+IV=4F62EE03D7A8337ECB3DCC0EA5444C2D
+PT=5F377F5FE7B020133B09A7D514BAE156
+CT=AC8767B1E15D6D1ECACCCBF2D0FAB043
+
+I=139
+KEY=3AB2898399D0F8467B37A5C916D9117AE4659CBF877666E4A63C80D2233B125D
+IV=AC8767B1E15D6D1ECACCCBF2D0FAB043
+PT=85F617C8E42AB80B442F65EF71FCE708
+CT=9CA6E27F1966AE133CB7B98C2B13C1DA
+
+I=140
+KEY=06A09B6D5A6BCA82B26D0625F2A89FA178C37EC09E10C8F79A8B395E0828D387
+IV=9CA6E27F1966AE133CB7B98C2B13C1DA
+PT=3C1212EEC3BB32C4C95AA3ECE4718EDB
+CT=B7A6788E6D9886047D1450B093F5B6FE
+
+I=141
+KEY=79A26263675E11BE581DDEA79A20CAACCF65064EF3884EF3E79F69EE9BDD6579
+IV=B7A6788E6D9886047D1450B093F5B6FE
+PT=7F02F90E3D35DB3CEA70D8826888550D
+CT=5C1785DC27BC301DEAFAEF325A4CCBFD
+
+I=142
+KEY=21DEF781026D9ACB4108C6F9847C635F93728392D4347EEE0D6586DCC191AE84
+IV=5C1785DC27BC301DEAFAEF325A4CCBFD
+PT=587C95E265338B751915185E1E5CA9F3
+CT=9577E8F6DF5921C4B518974A2F1FCF07
+
+I=143
+KEY=EB000BAA170733EA4D077BDD7DA1623506056B640B6D5F2AB87D1196EE8E6183
+IV=9577E8F6DF5921C4B518974A2F1FCF07
+PT=CADEFC2B156AA9210C0FBD24F9DD016A
+CT=09F8E3DA7C5E39F2F13C2B72001D1D56
+
+I=144
+KEY=D56A1025AB5F7B5F943B3AECAF87A2800FFD88BE773366D849413AE4EE937CD5
+IV=09F8E3DA7C5E39F2F13C2B72001D1D56
+PT=3E6A1B8FBC5848B5D93C4131D226C0B5
+CT=7344F33968E177F3864908F02915739A
+
+I=145
+KEY=876077EA9BDB2134098B73CAD4411D997CB97B871FD2112BCF083214C7860F4F
+IV=7344F33968E177F3864908F02915739A
+PT=520A67CF30845A6B9DB049267BC6BF19
+CT=EC286360EF2A54CE894ED06ACF39970C
+
+I=146
+KEY=AA9943761AD545F47EBCF5CD4584C3B3909118E7F0F845E54646E27E08BF9843
+IV=EC286360EF2A54CE894ED06ACF39970C
+PT=2DF9349C810E64C07737860791C5DE2A
+CT=89F4BE70D36A05C84FD2124F6A69786B
+
+I=147
+KEY=5C285D3FD07EF5F6664B1F4C4CA771E31965A6972392402D0994F03162D6E028
+IV=89F4BE70D36A05C84FD2124F6A69786B
+PT=F6B11E49CAABB00218F7EA810923B250
+CT=9A65E99C06E0744056365C4A26CD001F
+
+I=148
+KEY=F28851656D77922A55655DBE4610993683004F0B2572346D5FA2AC7B441BE037
+IV=9A65E99C06E0744056365C4A26CD001F
+PT=AEA00C5ABD0967DC332E42F20AB7E8D5
+CT=566ECB7B317C81CF87BC483B4B6CF417
+
+I=149
+KEY=62428DD3F6B04C564CA6D9DA9A9A64B3D56E8470140EB5A2D81EE4400F771420
+IV=566ECB7B317C81CF87BC483B4B6CF417
+PT=90CADCB69BC7DE7C19C38464DC8AFD85
+CT=16E3F727D2D4CC2E88C2A4B0DFEF34AF
+
+I=150
+KEY=78A68A0EC33E2C0198538C1EA591AF46C38D7357C6DA798C50DC40F0D098208F
+IV=16E3F727D2D4CC2E88C2A4B0DFEF34AF
+PT=1AE407DD358E6057D4F555C43F0BCBF5
+CT=6F6606018F5491FC43864FC29B572551
+
+I=151
+KEY=4EFBCF71F7A0DA7564DAF1F0488AA933ACEB7556498EE870135A0F324BCF05DE
+IV=6F6606018F5491FC43864FC29B572551
+PT=365D457F349EF674FC897DEEED1B0675
+CT=BC07194E716B4D78F64E14B6E5762439
+
+I=152
+KEY=A4BBF15395604071DF929A4922A129DD10EC6C1838E5A508E5141B84AEB921E7
+IV=BC07194E716B4D78F64E14B6E5762439
+PT=EA403E2262C09A04BB486BB96A2B80EE
+CT=BF1994171481FB4F84AB092F437EA9C7
+
+I=153
+KEY=665F10926596E8F5691ACE10AA5075AEAFF5F80F2C645E4761BF12ABEDC78820
+IV=BF1994171481FB4F84AB092F437EA9C7
+PT=C2E4E1C1F0F6A884B688545988F15C73
+CT=254FE05D25B67D3BF6C2688F46A7FAD8
+
+I=154
+KEY=15F4BA29EBAAF160AC95507FDA03D7D58ABA185209D2237C977D7A24AB6072F8
+IV=254FE05D25B67D3BF6C2688F46A7FAD8
+PT=73ABAABB8E3C1995C58F9E6F7053A27B
+CT=A03B8DB2C1C9B6C574A8499C6E5869CF
+
+I=155
+KEY=96A760AB52E1D6A5ACFCA016E98D0BA12A8195E0C81B95B9E3D533B8C5381B37
+IV=A03B8DB2C1C9B6C574A8499C6E5869CF
+PT=8353DA82B94B27C50069F069338EDC74
+CT=088F141F097F659145DE8E1EDB2300B5
+
+I=156
+KEY=7C06F9EE0327C811CEE3CC3B2B492620220E81FFC164F028A60BBDA61E1B1B82
+IV=088F141F097F659145DE8E1EDB2300B5
+PT=EAA1994551C61EB4621F6C2DC2C42D81
+CT=43703327BFDAF109F6F9C5969D3C7649
+
+I=157
+KEY=0F8AC1E3014DD99D1A440A693CB73B51617EB2D87EBE012150F2783083276DCB
+IV=43703327BFDAF109F6F9C5969D3C7649
+PT=738C380D026A118CD4A7C65217FE1D71
+CT=BDAC873D0A674CDA98105DC3070F7BE4
+
+I=158
+KEY=E595998ABEF32CABDD4A441B4042BF8BDCD235E574D94DFBC8E225F38428162F
+IV=BDAC873D0A674CDA98105DC3070F7BE4
+PT=EA1F5869BFBEF536C70E4E727CF584DA
+CT=A1A89122CF532FBC69E74A70F1E7346F
+
+I=159
+KEY=FBA3999F7BF540184E9BE7715CA8C0497D7AA4C7BB8A6247A1056F8375CF2240
+IV=A1A89122CF532FBC69E74A70F1E7346F
+PT=1E360015C5066CB393D1A36A1CEA7FC2
+CT=68C2A6FF8EABE7EA05E5DD6093C00129
+
+I=160
+KEY=65AF7CB5F5CEF75FEF0BF5F746D7DD7D15B80238352185ADA4E0B2E3E60F2369
+IV=68C2A6FF8EABE7EA05E5DD6093C00129
+PT=9E0CE52A8E3BB747A19012861A7F1D34
+CT=1EA92E63C6926082B04F69E658CFA478
+
+I=161
+KEY=7D3BA807729873EB2021AC1817B2C7D30B112C5BF3B3E52F14AFDB05BEC08711
+IV=1EA92E63C6926082B04F69E658CFA478
+PT=1894D4B2875684B4CF2A59EF51651AAE
+CT=45A943F0B6430ABA20C562469AE98A6D
+
+I=162
+KEY=5ECAEF5BF4EC899C7BFAEE2F50B864924EB86FAB45F0EF95346AB94324290D7C
+IV=45A943F0B6430ABA20C562469AE98A6D
+PT=23F1475C8674FA775BDB4237470AA341
+CT=6CDF579A8429606CC9BC56D010845954
+
+I=163
+KEY=8D394BD1C8C1D1F8A67A3BA16530662A22673831C1D98FF9FDD6EF9334AD5428
+IV=6CDF579A8429606CC9BC56D010845954
+PT=D3F3A48A3C2D5864DD80D58E358802B8
+CT=96E9E19694DB9931AC09A7B6296FEAA8
+
+I=164
+KEY=9ABEC4725C717368463710CB2D45774DB48ED9A7550216C851DF48251DC2BE80
+IV=96E9E19694DB9931AC09A7B6296FEAA8
+PT=17878FA394B0A290E04D2B6A48751167
+CT=176C9B9B32A539F35BDFB21B38C42134
+
+I=165
+KEY=3CA1E23510949D81242F16DE0E9B2B3AA3E2423C67A72F3B0A00FA3E25069FB4
+IV=176C9B9B32A539F35BDFB21B38C42134
+PT=A61F26474CE5EEE96218061523DE5C77
+CT=06004480169FB7B6D4DBA7453A85E54D
+
+I=166
+KEY=2A72AA0C7EAA3113480EF57A83C272D7A5E206BC7138988DDEDB5D7B1F837AF9
+IV=06004480169FB7B6D4DBA7453A85E54D
+PT=16D348396E3EAC926C21E3A48D5959ED
+CT=FF2F4F6E32133CE8C70252937FE5BDA6
+
+I=167
+KEY=90C0C8FC5B65BE92E643956293A70AF35ACD49D2432BA46519D90FE86066C75F
+IV=FF2F4F6E32133CE8C70252937FE5BDA6
+PT=BAB262F025CF8F81AE4D601810657824
+CT=0972CCC79C412DB6FBC5918B8E6EAB7C
+
+I=168
+KEY=E0AF49BAC4BD146E83C884327FFB682353BF8515DF6A89D3E21C9E63EE086C23
+IV=0972CCC79C412DB6FBC5918B8E6EAB7C
+PT=706F81469FD8AAFC658B1150EC5C62D0
+CT=2D8C668310308FCF7B3E325F50AA89E5
+
+I=169
+KEY=E5C29451893B7B94249E89469E58DEAD7E33E396CF5A061C9922AC3CBEA2E5C6
+IV=2D8C668310308FCF7B3E325F50AA89E5
+PT=056DDDEB4D866FFAA7560D74E1A3B68E
+CT=8342DD95F1040E763C82E36F8F74822F
+
+I=170
+KEY=4A9AD7CAFA46AE63362069120B502D33FD713E033E5E086AA5A04F5331D667E9
+IV=8342DD95F1040E763C82E36F8F74822F
+PT=AF58439B737DD5F712BEE0549508F39E
+CT=8CA83627884D9B7A62F096BD37C14EFF
+
+I=171
+KEY=21AEFC00E7CC2942F319630702ECCC6B71D90824B6139310C750D9EE06172916
+IV=8CA83627884D9B7A62F096BD37C14EFF
+PT=6B342BCA1D8A8721C5390A1509BCE158
+CT=13073AB95C0C0587372564189A4C176F
+
+I=172
+KEY=7E615F002723795F6E37182ECC0C429E62DE329DEA1F9697F075BDF69C5B3E79
+IV=13073AB95C0C0587372564189A4C176F
+PT=5FCFA300C0EF501D9D2E7B29CEE08EF5
+CT=247A01C6A7072F64CB463E6580DA222E
+
+I=173
+KEY=C2A25232803E901B35080B5CA64DEC2646A4335B4D18B9F33B3383931C811C57
+IV=247A01C6A7072F64CB463E6580DA222E
+PT=BCC30D32A71DE9445B3F13726A41AEB8
+CT=562355D078402DA76B0CCAAC2BE63DAE
+
+I=174
+KEY=46C06B83AD1C5CD849C53A11C05137141087668B35589454503F493F376721F9
+IV=562355D078402DA76B0CCAAC2BE63DAE
+PT=846239B12D22CCC37CCD314D661CDB32
+CT=841B1644CCE1BF9DB0D537733047DB7F
+
+I=175
+KEY=CB3AD5FB9E07D380841D712E7A71FC15949C70CFF9B92BC9E0EA7E4C0720FA86
+IV=841B1644CCE1BF9DB0D537733047DB7F
+PT=8DFABE78331B8F58CDD84B3FBA20CB01
+CT=DE34C065627DB86A2D0AE89FB31BDA86
+
+I=176
+KEY=240CFC15D60F6AE4A53D2C25BD71DD6E4AA8B0AA9BC493A3CDE096D3B43B2000
+IV=DE34C065627DB86A2D0AE89FB31BDA86
+PT=EF3629EE4808B96421205D0BC700217B
+CT=38DD744B95756614261178685FBF097F
+
+I=177
+KEY=FAA7CBA4AAAD9576591C12233960F1C87275C4E10EB1F5B7EBF1EEBBEB84297F
+IV=38DD744B95756614261178685FBF097F
+PT=DEAB37B17CA2FF92FC213E0684112CA6
+CT=DC1CF4E4633355111AD09BE1C6BC1E39
+
+I=178
+KEY=29E0D33A81FFDCE220D1587C36C5EB09AE6930056D82A0A6F121755A2D383746
+IV=DC1CF4E4633355111AD09BE1C6BC1E39
+PT=D347189E2B52499479CD4A5F0FA51AC1
+CT=2A5DC4E8C16753D202B638E5003AF83D
+
+I=179
+KEY=956C5751C5B439990A006DB1B52336E78434F4EDACE5F374F3974DBF2D02CF7B
+IV=2A5DC4E8C16753D202B638E5003AF83D
+PT=BC8C846B444BE57B2AD135CD83E6DDEE
+CT=70F5676DC7646EA8F8A913AE6AD21949
+
+I=180
+KEY=8AD9D44BC9018FD05B103360575592FEF4C193806B819DDC0B3E5E1147D0D632
+IV=70F5676DC7646EA8F8A913AE6AD21949
+PT=1FB5831A0CB5B64951105ED1E276A419
+CT=C44DA6A603A1E9C02F18123D5CAD5291
+
+I=181
+KEY=DA77F2DA5CD7148B15FE8CA898C9A25E308C35266820741C24264C2C1B7D84A3
+IV=C44DA6A603A1E9C02F18123D5CAD5291
+PT=50AE269195D69B5B4EEEBFC8CF9C30A0
+CT=53C2D89EC4D5867DC79168D21C9B8755
+
+I=182
+KEY=4A4FD6AED6825A2A0C2114460F029EDA634EEDB8ACF5F261E3B724FE07E603F6
+IV=53C2D89EC4D5867DC79168D21C9B8755
+PT=903824748A554EA119DF98EE97CB3C84
+CT=79B9DABE5171A614CAFDEA11637A1800
+
+I=183
+KEY=29102930967275801BD019D6766FDA1A1AF73706FD845475294ACEEF649C1BF6
+IV=79B9DABE5171A614CAFDEA11637A1800
+PT=635FFF9E40F02FAA17F10D90796D44C0
+CT=8AB92FA5EA50F1185112FE4D8D2FCC21
+
+I=184
+KEY=F4ABA34B232C18EAD6D367320651C374904E18A317D4A56D785830A2E9B3D7D7
+IV=8AB92FA5EA50F1185112FE4D8D2FCC21
+PT=DDBB8A7BB55E6D6ACD037EE4703E196E
+CT=FB97C84040732D7B308C5959059D90A9
+
+I=185
+KEY=FB140F98A79F5D5D68B80301CB7B640E6BD9D0E357A7881648D469FBEC2E477E
+IV=FB97C84040732D7B308C5959059D90A9
+PT=0FBFACD384B345B7BE6B6433CD2AA77A
+CT=D0D0119D500519BF5B4770C494B41680
+
+I=186
+KEY=BC98221C0792D22B6EB258E57DB0D8B0BB09C17E07A291A91393193F789A51FE
+IV=D0D0119D500519BF5B4770C494B41680
+PT=478C2D84A00D8F76060A5BE4B6CBBCBE
+CT=94842399FC93828D30979DAD9210B827
+
+I=187
+KEY=C92F345AC3CB803EA91C123F97E7005A2F8DE2E7FB31132423048492EA8AE9D9
+IV=94842399FC93828D30979DAD9210B827
+PT=75B71646C4595215C7AE4ADAEA57D8EA
+CT=5BDB886E7A7DBBA8679704F13F44B981
+
+I=188
+KEY=3EACAF51FEA9A9886D0B9D1B6BA8436574566A89814CA88C44938063D5CE5058
+IV=5BDB886E7A7DBBA8679704F13F44B981
+PT=F7839B0B3D6229B6C4178F24FC4F433F
+CT=A2DA893257EE0F732A80FC52887A0788
+
+I=189
+KEY=72E26FEDC250C5FED59FE29C966B61FAD68CE3BBD6A2A7FF6E137C315DB457D0
+IV=A2DA893257EE0F732A80FC52887A0788
+PT=4C4EC0BC3CF96C76B8947F87FDC3229F
+CT=2F7877481B1162B01616C9F3268B4C44
+
+I=190
+KEY=901C1268AD3582E6A9FA4C5CBB99D07EF9F494F3CDB3C54F7805B5C27B3F1B94
+IV=2F7877481B1162B01616C9F3268B4C44
+PT=E2FE7D856F6547187C65AEC02DF2B184
+CT=9FFA4AF8D0F096CC40A9F879076211E0
+
+I=191
+KEY=EAF814EC49F2254E4933FAF977D7BEEC660EDE0B1D43538338AC4DBB7C5D0A74
+IV=9FFA4AF8D0F096CC40A9F879076211E0
+PT=7AE40684E4C7A7A8E0C9B6A5CC4E6E92
+CT=886097F5BC20C157A605CBEFCA5663D7
+
+I=192
+KEY=8ED70BBA192093A0C9AD62E86C27091FEE6E49FEA16392D49EA98654B60B69A3
+IV=886097F5BC20C157A605CBEFCA5663D7
+PT=642F1F5650D2B6EE809E98111BF0B7F3
+CT=00DBBB84F52B3C9B28325161072753B6
+
+I=193
+KEY=18280464C9E683CFFF9B75A5FD74EE96EEB5F27A5448AE4FB69BD735B12C3A15
+IV=00DBBB84F52B3C9B28325161072753B6
+PT=96FF0FDED0C6106F3636174D9153E789
+CT=714A27832B326F0A8FA745012DE4D936
+
+I=194
+KEY=F464EE1298B09059016082CCC5ABC0129FFFD5F97F7AC145393C92349CC8E323
+IV=714A27832B326F0A8FA745012DE4D936
+PT=EC4CEA7651561396FEFBF76938DF2E84
+CT=5DE8A5CDBA7A6111A646AA17CA5324D4
+
+I=195
+KEY=EE7301D63C482593ABB33CF4A57F1101C2177034C500A0549F7A3823569BC7F7
+IV=5DE8A5CDBA7A6111A646AA17CA5324D4
+PT=1A17EFC4A4F8B5CAAAD3BE3860D4D113
+CT=EA197ECF36E63616EBB0D9D7C1BD9A22
+
+I=196
+KEY=10528506D50D143EAC40D83731DD55F0280E0EFBF3E6964274CAE1F497265DD5
+IV=EA197ECF36E63616EBB0D9D7C1BD9A22
+PT=FE2184D0E94531AD07F3E4C394A244F1
+CT=798349D56EC37993B0E131F8E3F64860
+
+I=197
+KEY=438E1B672254504B972927644802ED36518D472E9D25EFD1C42BD00C74D015B5
+IV=798349D56EC37993B0E131F8E3F64860
+PT=53DC9E61F75944753B69FF5379DFB8C6
+CT=545E4CD72E74F5A91B29DDBA60BCEB5A
+
+I=198
+KEY=7E32F16A4E2E125A95FF9963C6F9796105D30BF9B3511A78DF020DB6146CFEEF
+IV=545E4CD72E74F5A91B29DDBA60BCEB5A
+PT=3DBCEA0D6C7A421102D6BE078EFB9457
+CT=084142F2C892DCF8A37A509DF0D669BC
+
+I=199
+KEY=B1BEC1C124A0941D0BA6C75239C17E250D92490B7BC3C6807C785D2BE4BA9753
+IV=084142F2C892DCF8A37A509DF0D669BC
+PT=CF8C30AB6A8E86479E595E31FF380744
+CT=0A96C326C9D642F1F84C8772BCF8EB4A
+
+I=200
+KEY=80D7A5A2AE29B42143046D45B6B6B36C07048A2DB21584718434DA5958427C19
+IV=0A96C326C9D642F1F84C8772BCF8EB4A
+PT=316964638A89203C48A2AA178F77CD49
+CT=273916ED09A517CE5C6A294D82E78980
+
+I=201
+KEY=4D1C892DF27868BBB0FE803145C1D731203D9CC0BBB093BFD85EF314DAA5F599
+IV=273916ED09A517CE5C6A294D82E78980
+PT=CDCB2C8F5C51DC9AF3FAED74F377645D
+CT=7183A7C83964ECFB2A1E44FFCFEBB7C1
+
+I=202
+KEY=8C9B28041ECD5149A51207ACE38F0D0351BE3B0882D47F44F240B7EB154E4258
+IV=7183A7C83964ECFB2A1E44FFCFEBB7C1
+PT=C187A129ECB539F215EC879DA64EDA32
+CT=6015DF395D795DECA0A2F833E3614000
+
+I=203
+KEY=FF175C7C745BB06E51EEDAA4F2C61E0F31ABE431DFAD22A852E24FD8F62F0258
+IV=6015DF395D795DECA0A2F833E3614000
+PT=738C74786A96E127F4FCDD081149130C
+CT=B6B466B56B0E994E672072C273BA067D
+
+I=204
+KEY=0C84C64E1BB3B86E9AF5A8405D950B3A871F8284B4A3BBE635C23D1A85950425
+IV=B6B466B56B0E994E672072C273BA067D
+PT=F3939A326FE80800CB1B72E4AF531535
+CT=C8566E37DF2E2958DDD5D2DB49889BA8
+
+I=205
+KEY=5FF4C2A08B85338172D2779BF789DA234F49ECB36B8D92BEE817EFC1CC1D9F8D
+IV=C8566E37DF2E2958DDD5D2DB49889BA8
+PT=537004EE90368BEFE827DFDBAA1CD119
+CT=C4A8D14DB86637E94AF515764BC7DF44
+
+I=206
+KEY=BD81DE1813AEC9BAFDDC90E4A563CB338BE13DFED3EBA557A2E2FAB787DA40C9
+IV=C4A8D14DB86637E94AF515764BC7DF44
+PT=E2751CB8982BFA3B8F0EE77F52EA1110
+CT=5707495E4CBA3727FBA5D7F4F61AF35C
+
+I=207
+KEY=AE1B09CB7D99BAC0A71B3E83815F10A2DCE674A09F51927059472D4371C0B395
+IV=5707495E4CBA3727FBA5D7F4F61AF35C
+PT=139AD7D36E37737A5AC7AE67243CDB91
+CT=C770CD182DFF66E4D6A7BFEFE2820AE1
+
+I=208
+KEY=4F7491F03447293C42DE8393E7AD91741B96B9B8B2AEF4948FE092AC9342B974
+IV=C770CD182DFF66E4D6A7BFEFE2820AE1
+PT=E16F983B49DE93FCE5C5BD1066F281D6
+CT=E2044134ACD21D5AD026671BDC0CB2E4
+
+I=209
+KEY=A747EF80608CED4309800CA0B1C73081F992F88C1E7CE9CE5FC6F5B74F4E0B90
+IV=E2044134ACD21D5AD026671BDC0CB2E4
+PT=E8337E7054CBC47F4B5E8F33566AA1F5
+CT=303CF7780126AD06B5272A8350639C93
+
+I=210
+KEY=E5EBF5E471F2CA9F38492F604438B9C0C9AE0FF41F5A44C8EAE1DF341F2D9703
+IV=303CF7780126AD06B5272A8350639C93
+PT=42AC1A64117E27DC31C923C0F5FF8941
+CT=DACCD42953603A1321CAD9C236454598
+
+I=211
+KEY=B5E5C9211A5C43F2267B4A2411FC2CC21362DBDD4C3A7EDBCB2B06F62968D29B
+IV=DACCD42953603A1321CAD9C236454598
+PT=500E3CC56BAE896D1E32654455C49502
+CT=F9AB4D1D8255E83B330031EBE2ECE5C6
+
+I=212
+KEY=8D78453D63A2DD8D08BF5F250F2581CFEAC996C0CE6F96E0F82B371DCB84375D
+IV=F9AB4D1D8255E83B330031EBE2ECE5C6
+PT=389D8C1C79FE9E7F2EC415011ED9AD0D
+CT=0F28E2D4CC948D36E18F80184A594841
+
+I=213
+KEY=2E921775036404FD9939EE83C9585481E5E1741402FB1BD619A4B70581DD7F1C
+IV=0F28E2D4CC948D36E18F80184A594841
+PT=A3EA524860C6D9709186B1A6C67DD54E
+CT=A4756EAB45BCF716A52038C729E420C6
+
+I=214
+KEY=9F86FEF42701B1D779BD46BE515680FC41941ABF4747ECC0BC848FC2A8395FDA
+IV=A4756EAB45BCF716A52038C729E420C6
+PT=B114E9812465B52AE084A83D980ED47D
+CT=9834425E009006673E777E3552E83D20
+
+I=215
+KEY=2212046FFD03BA552089FBF7B2F3EF32D9A058E147D7EAA782F3F1F7FAD162FA
+IV=9834425E009006673E777E3552E83D20
+PT=BD94FA9BDA020B825934BD49E3A56FCE
+CT=AEA572D530A3694EAFF6DFDE30B80D5A
+
+I=216
+KEY=F73BB21F916D8011751AFDDDCD130A6477052A34777483E92D052E29CA696FA0
+IV=AEA572D530A3694EAFF6DFDE30B80D5A
+PT=D529B6706C6E3A445593062A7FE0E556
+CT=86394E06B621147758CAB012852035A6
+
+I=217
+KEY=EE44A367A3CDDFED7DBD980BF731B4E5F13C6432C155979E75CF9E3B4F495A06
+IV=86394E06B621147758CAB012852035A6
+PT=197F117832A05FFC08A765D63A22BE81
+CT=3CBC18C1AC02C0A7595199E08F1F552B
+
+I=218
+KEY=1558BABB3DCD830F693E7950F736BCADCD807CF36D5757392C9E07DBC0560F2D
+IV=3CBC18C1AC02C0A7595199E08F1F552B
+PT=FB1C19DC9E005CE21483E15B00070848
+CT=5A9CFD8BFE10CF7FBD0F9A3FAF6C117B
+
+I=219
+KEY=D083F58141F5E5AF3D5479739D55780D971C81789347984691919DE46F3A1E56
+IV=5A9CFD8BFE10CF7FBD0F9A3FAF6C117B
+PT=C5DB4F3A7C3866A0546A00236A63C4A0
+CT=61A437D4E2F1C3779F1EBE906C5D2C12
+
+I=220
+KEY=C60824F2DDC67623D270974E9F87BD27F6B8B6AC71B65B310E8F237403673244
+IV=61A437D4E2F1C3779F1EBE906C5D2C12
+PT=168BD1739C33938CEF24EE3D02D2C52A
+CT=FC675EE1B12B47410A20CFAC23FD20EE
+
+I=221
+KEY=F73A715AD84DB0A6F55AD584922001920ADFE84DC09D1C7004AFECD8209A12AA
+IV=FC675EE1B12B47410A20CFAC23FD20EE
+PT=313255A8058BC685272A42CA0DA7BCB5
+CT=82E3FB6189716D94C8E9D30E1ECCABC4
+
+I=222
+KEY=6ABBDCE21E2ECECBCAA3473897A2E178883C132C49EC71E4CC463FD63E56B96E
+IV=82E3FB6189716D94C8E9D30E1ECCABC4
+PT=9D81ADB8C6637E6D3FF992BC0582E0EA
+CT=BD84DCE4994B505EED71596B454BDF85
+
+I=223
+KEY=0D4F68CDB9B53B08E22DDDFE4FD5FCC035B8CFC8D0A721BA213766BD7B1D66EB
+IV=BD84DCE4994B505EED71596B454BDF85
+PT=67F4B42FA79BF5C3288E9AC6D8771DB8
+CT=1B3AA490C6E874BA77CE55D71789616C
+
+I=224
+KEY=3D8E3121698DD7E9D1835EFF5FA02DB22E826B58164F550056F9336A6C940787
+IV=1B3AA490C6E874BA77CE55D71789616C
+PT=30C159ECD038ECE133AE83011075D172
+CT=D6EE171B39B5E40535FBF5A7CB4C6953
+
+I=225
+KEY=1A5B2249CA785F0DB58FF5B07CCCFCDEF86C7C432FFAB1056302C6CDA7D86ED4
+IV=D6EE171B39B5E40535FBF5A7CB4C6953
+PT=27D51368A3F588E4640CAB4F236CD16C
+CT=8691BE10D13B4C08246938750EE33643
+
+I=226
+KEY=48AD5DEF217F83DC5039ECD1191ABE3A7EFDC253FEC1FD0D476BFEB8A93B5897
+IV=8691BE10D13B4C08246938750EE33643
+PT=52F67FA6EB07DCD1E5B6196165D642E4
+CT=E40AD0EE818639E37349E1132B138D63
+
+I=227
+KEY=FEB84B0B264A8A6FB8D4DE065DA68A479AF712BD7F47C4EE34221FAB8228D5F4
+IV=E40AD0EE818639E37349E1132B138D63
+PT=B61516E4073509B3E8ED32D744BC347D
+CT=6E40A22767A39C978F279D40B447099D
+
+I=228
+KEY=2FE79FCC3C959901BAAEE8C55B71D01FF4B7B09A18E45879BB0582EB366FDC69
+IV=6E40A22767A39C978F279D40B447099D
+PT=D15FD4C71ADF136E027A36C306D75A58
+CT=C2DE8C5200F6FCBF1A4D6178909DF110
+
+I=229
+KEY=C3EB1424EFD0ACDF3670C4943CB2CF5936693CC81812A4C6A148E393A6F22D79
+IV=C2DE8C5200F6FCBF1A4D6178909DF110
+PT=EC0C8BE8D34535DE8CDE2C5167C31F46
+CT=104CBECB1134CAE09B2FE8C5CE2E0901
+
+I=230
+KEY=DF9F70702DA816906F3907575DF4D3032625820309266E263A670B5668DC2478
+IV=104CBECB1134CAE09B2FE8C5CE2E0901
+PT=1C746454C278BA4F5949C3C361461C5A
+CT=65287F66F01AC054B1051D700EDDBF2B
+
+I=231
+KEY=F6C4CE3006A43EFBE18C5FF305F32C37430DFD65F93CAE728B62162666019B53
+IV=65287F66F01AC054B1051D700EDDBF2B
+PT=295BBE402B0C286B8EB558A45807FF34
+CT=4933D44FD414225CB1E6951240D28150
+
+I=232
+KEY=3963CE7465D89FBE550649326262DB450A3E292A2D288C2E3A84833426D31A03
+IV=4933D44FD414225CB1E6951240D28150
+PT=CFA70044637CA145B48A16C16791F772
+CT=3733351F76DE0E07581F84600E38EFDD
+
+I=233
+KEY=42468662273D8CB3EFAB19DBC802888B3D0D1C355BF68229629B075428EBF5DE
+IV=3733351F76DE0E07581F84600E38EFDD
+PT=7B25481642E5130DBAAD50E9AA6053CE
+CT=F16F22EB9CCD854591AE2FC28E1D4B59
+
+I=234
+KEY=E2B3E5EA6573FC8ABE4E890FA4F5502DCC623EDEC73B076CF3352896A6F6BE87
+IV=F16F22EB9CCD854591AE2FC28E1D4B59
+PT=A0F56388424E703951E590D46CF7D8A6
+CT=1D607C6E9BAD454DD5DE785F2A78F990
+
+I=235
+KEY=FDB55AF96E09AF677AA4737992E13C9ED10242B05C96422126EB50C98C8E4717
+IV=1D607C6E9BAD454DD5DE785F2A78F990
+PT=1F06BF130B7A53EDC4EAFA7636146CB3
+CT=7B16B6A8F88E05F6A9A036A67CB8A2B6
+
+I=236
+KEY=E546D74518CF4AA64B399EA321C570CAAA14F418A41847D78F4B666FF036E5A1
+IV=7B16B6A8F88E05F6A9A036A67CB8A2B6
+PT=18F38DBC76C6E5C1319DEDDAB3244C54
+CT=63AD66FCF9D52195CD0339443F554311
+
+I=237
+KEY=2F9B91A24BEF0E503DC576E4F8D32C16C9B992E45DCD664242485F2BCF63A6B0
+IV=63AD66FCF9D52195CD0339443F554311
+PT=CADD46E7532044F676FCE847D9165CDC
+CT=6293FBB897D8F0C60171BEA3072CA512
+
+I=238
+KEY=97B7DF112EFFE9279D5EDF932889D84BAB2A695CCA1596844339E188C84F03A2
+IV=6293FBB897D8F0C60171BEA3072CA512
+PT=B82C4EB36510E777A09BA977D05AF45D
+CT=9555D7F244448C80E965CE6AB7EF0F7B
+
+I=239
+KEY=39F26B429FE4111DAA984F03112B339F3E7FBEAE8E511A04AA5C2FE27FA00CD9
+IV=9555D7F244448C80E965CE6AB7EF0F7B
+PT=AE45B453B11BF83A37C6909039A2EBD4
+CT=FA242C9DB2984E9EFA8CD98AE7C29D6F
+
+I=240
+KEY=64C6D001CB3C8AFC24A72DA11D172727C45B92333CC9549A50D0F668986291B6
+IV=FA242C9DB2984E9EFA8CD98AE7C29D6F
+PT=5D34BB4354D89BE18E3F62A20C3C14B8
+CT=2998B59B0441F068D7F3FCE7AEAA6FD9
+
+I=241
+KEY=FE56E2EB2434CA49D46A684DBCE2426CEDC327A83888A4F287230A8F36C8FE6F
+IV=2998B59B0441F068D7F3FCE7AEAA6FD9
+PT=9A9032EAEF0840B5F0CD45ECA1F5654B
+CT=A3F77BBA27BA88F33D4330EB2CC0EFBA
+
+I=242
+KEY=0F9B3CAD0EDFA9C429F3A005C78FE9F84E345C121F322C01BA603A641A0811D5
+IV=A3F77BBA27BA88F33D4330EB2CC0EFBA
+PT=F1CDDE462AEB638DFD99C8487B6DAB94
+CT=9C751C64BCB82229ABA5130353455CCB
+
+I=243
+KEY=1725A4C019FB909FB1DE2ACA00E9A33DD2414076A38A0E2811C52967494D4D1E
+IV=9C751C64BCB82229ABA5130353455CCB
+PT=18BE986D1724395B982D8ACFC7664AC5
+CT=540DE482B7170E925FA4B429F6BCD458
+
+I=244
+KEY=E2A619367235AA4611A72FD4FAF68FB3864CA4F4149D00BA4E619D4EBFF19946
+IV=540DE482B7170E925FA4B429F6BCD458
+PT=F583BDF66BCE3AD9A079051EFA1F2C8E
+CT=6AADE1E1A12F5C83AF434CAD95B29678
+
+I=245
+KEY=8629FB2CC8C06A07EC910681499E917FECE14515B5B25C39E122D1E32A430F3E
+IV=6AADE1E1A12F5C83AF434CAD95B29678
+PT=648FE21ABAF5C041FD362955B3681ECC
+CT=11308758A1C2075FEAECD260867CA343
+
+I=246
+KEY=5EDD76C395D2A0D3D547CFB394B439EAFDD1C24D14705B660BCE0383AC3FAC7D
+IV=11308758A1C2075FEAECD260867CA343
+PT=D8F48DEF5D12CAD439D6C932DD2AA895
+CT=14C9A904A3909A8FF44D88E22F8626DF
+
+I=247
+KEY=AF3FA8D6034564D7151C3933C7986CFCE9186B49B7E0C1E9FF838B6183B98AA2
+IV=14C9A904A3909A8FF44D88E22F8626DF
+PT=F1E2DE159697C404C05BF680532C5516
+CT=A042D7F391A37E5A3EDB3022400EC797
+
+I=248
+KEY=8ACC720216DBDBDB4C213FE65E575A09495ABCBA2643BFB3C158BB43C3B74D35
+IV=A042D7F391A37E5A3EDB3022400EC797
+PT=25F3DAD4159EBF0C593D06D599CF36F5
+CT=439FEF326223A65F7A555C6231178190
+
+I=249
+KEY=F2882A52603203A71895A5870CCF7EE40AC55388446019ECBB0DE721F2A0CCA5
+IV=439FEF326223A65F7A555C6231178190
+PT=7844585076E9D87C54B49A61529824ED
+CT=6FE1286C19AA3BC802F1C6C7B58DB4C4
+
+I=250
+KEY=57EFB10BFC21E28397A9D5E5A533D35B65247BE45DCA2224B9FC21E6472D7861
+IV=6FE1286C19AA3BC802F1C6C7B58DB4C4
+PT=A5679B599C13E1248F3C7062A9FCADBF
+CT=C38D763981392FF038573CA341DD8EA1
+
+I=251
+KEY=19328A5147BC2E7C5149DA257487D734A6A90DDDDCF30DD481AB1D4506F0F6C0
+IV=C38D763981392FF038573CA341DD8EA1
+PT=4EDD3B5ABB9DCCFFC6E00FC0D1B4046F
+CT=5FD553A2848C683B138D50F2741B124D
+
+I=252
+KEY=ED66DE43FE0F966850EF6754E21B69A0F97C5E7F587F65EF92264DB772EBE48D
+IV=5FD553A2848C683B138D50F2741B124D
+PT=F4545412B9B3B81401A6BD71969CBE94
+CT=910CDCBE38068A51185A879FF2B45B9C
+
+I=253
+KEY=E53D9016DE7DF4E2377968864B6F69F8687082C16079EFBE8A7CCA28805FBF11
+IV=910CDCBE38068A51185A879FF2B45B9C
+PT=085B4E552072628A67960FD2A9740058
+CT=E0A0E68A14893501D75BC42B8EFC6F96
+
+I=254
+KEY=C88C4383E2D16541765E5DB85957C59188D0644B74F0DABF5D270E030EA3D087
+IV=E0A0E68A14893501D75BC42B8EFC6F96
+PT=2DB1D3953CAC91A34127353E1238AC69
+CT=A66DD21DA627347F962A0AB7DCA887ED
+
+I=255
+KEY=6F01CC5C22DE71C7C2D5B429AA756A392EBDB656D2D7EEC0CB0D04B4D20B576A
+IV=A66DD21DA627347F962A0AB7DCA887ED
+PT=A78D8FDFC00F1486B48BE991F322AFA8
+CT=87551BC7A6B6D9B76239CB8A31FF1993
+
+I=256
+KEY=DAC405506CD3779FC2400B459B7C6B6EA9E8AD9174613777A934CF3EE3F44EF9
+IV=87551BC7A6B6D9B76239CB8A31FF1993
+PT=B5C5C90C4E0D06580095BF6C31090157
+CT=B909B206A041F33EB3AC7ED481DFBA21
+
+I=257
+KEY=E482333E6FBAA8427A2E30D56069E0B810E11F97D420C4491A98B1EA622BF4D8
+IV=B909B206A041F33EB3AC7ED481DFBA21
+PT=3E46366E0369DFDDB86E3B90FB158BD6
+CT=DE5E71F446794D3402400C96FBFEB93F
+
+I=258
+KEY=176CAD69CD20690B95DA40B95C43AC54CEBF6E639259897D18D8BD7C99D54DE7
+IV=DE5E71F446794D3402400C96FBFEB93F
+PT=F3EE9E57A29AC149EFF4706C3C2A4CEC
+CT=175A7C580A99E985A2FD2F185D9BAADB
+
+I=259
+KEY=FA4DD79A64960C8264624CDF215B54A1D9E5123B98C060F8BA259264C44EE73C
+IV=175A7C580A99E985A2FD2F185D9BAADB
+PT=ED217AF3A9B66589F1B80C667D18F8F5
+CT=413EB5D166C1D196F0239FF34D184013
+
+I=260
+KEY=49855C1008EAF59432518A9F3807A0B398DBA7EAFE01B16E4A060D978956A72F
+IV=413EB5D166C1D196F0239FF34D184013
+PT=B3C88B8A6C7CF9165633C640195CF412
+CT=69A3A63C580336296FF826600C754747
+
+I=261
+KEY=849D231AE9F90F233F328BE6EE0AC180F17801D6A602874725FE2BF78523E068
+IV=69A3A63C580336296FF826600C754747
+PT=CD187F0AE113FAB70D630179D60D6133
+CT=B9AF0CA2B502C2DEB66834BD729AA528
+
+I=262
+KEY=40E3F7EA3E7CFBDBF57935DBB124CF7F48D70D741300459993961F4AF7B94540
+IV=B9AF0CA2B502C2DEB66834BD729AA528
+PT=C47ED4F0D785F4F8CA4BBE3D5F2E0EFF
+CT=99E16968796AB521FC460A8DF6744FA8
+
+I=263
+KEY=4FDF8D16B85E527490FBE95EA34138D6D136641C6A6AF0B86FD015C701CD0AE8
+IV=99E16968796AB521FC460A8DF6744FA8
+PT=0F3C7AFC8622A9AF6582DC851265F7A9
+CT=7B871B0153657949D1FE7259E16791B7
+
+I=264
+KEY=6AD7099EA6DC50F5CC836C3EB934CF92AAB17F1D390F89F1BE2E679EE0AA9B5F
+IV=7B871B0153657949D1FE7259E16791B7
+PT=250884881E8202815C7885601A75F744
+CT=8D6B80EAC01BF7E204A79DD14BFDB71A
+
+I=265
+KEY=0860DD776AD2014ED90D0837A5A298B627DAFFF7F9147E13BA89FA4FAB572C45
+IV=8D6B80EAC01BF7E204A79DD14BFDB71A
+PT=62B7D4E9CC0E51BB158E64091C965724
+CT=DAD6A83408559AD3003C6995DC099303
+
+I=266
+KEY=9E8757199D96CA08B9C3CEF817E902B8FD0C57C3F141E4C0BAB593DA775EBF46
+IV=DAD6A83408559AD3003C6995DC099303
+PT=96E78A6EF744CB4660CEC6CFB24B9A0E
+CT=AA6EF32AFC8AA6ADCDE86D86CC59AFB4
+
+I=267
+KEY=483AD9696154B929F35016B648F5952B5762A4E90DCB426D775DFE5CBB0710F2
+IV=AA6EF32AFC8AA6ADCDE86D86CC59AFB4
+PT=D6BD8E70FCC273214A93D84E5F1C9793
+CT=713F9516A55FBFA4AE8155EC12A3AB5D
+
+I=268
+KEY=027B7F5F83B26099A4CE8FCC1AB84529265D31FFA894FDC9D9DCABB0A9A4BBAF
+IV=713F9516A55FBFA4AE8155EC12A3AB5D
+PT=4A41A636E2E6D9B0579E997A524DD002
+CT=B2E4BEAF6DB84214E379B89697191379
+
+I=269
+KEY=D7AEFAD28855BB04A9604527F8376CAF94B98F50C52CBFDD3AA513263EBDA8D6
+IV=B2E4BEAF6DB84214E379B89697191379
+PT=D5D5858D0BE7DB9D0DAECAEBE28F2986
+CT=9FE3B8941D9F85B1400CC45B7BDE8E9F
+
+I=270
+KEY=B5EBE7CB901F69E61EC6F011E6A46A2E0B5A37C4D8B33A6C7AA9D77D45632649
+IV=9FE3B8941D9F85B1400CC45B7BDE8E9F
+PT=62451D19184AD2E2B7A6B5361E930681
+CT=E9ABFC5563B4AD1718EF4A91F7D60913
+
+I=271
+KEY=571805B63BC20F5784AF56FDB71CBCD7E2F1CB91BB07977B62469DECB2B52F5A
+IV=E9ABFC5563B4AD1718EF4A91F7D60913
+PT=E2F3E27DABDD66B19A69A6EC51B8D6F9
+CT=D825DC1C8C73A84BDFEFD9799D9E3960
+
+I=272
+KEY=9EED79D9ABB11094FB4475ED2EC042133AD4178D37743F30BDA944952F2B163A
+IV=D825DC1C8C73A84BDFEFD9799D9E3960
+PT=C9F57C6F90731FC37FEB231099DCFEC4
+CT=7D0DC4C31259FD0A46D2D2282F1FE22E
+
+I=273
+KEY=EF905E20846E064A3B3281FD2BD59AB647D9D34E252DC23AFB7B96BD0034F414
+IV=7D0DC4C31259FD0A46D2D2282F1FE22E
+PT=717D27F92FDF16DEC076F4100515D8A5
+CT=93FAFC16EFF504A9D2B791A272A78135
+
+I=274
+KEY=8F219C67ACF0F1C745FA0ABBADE96015D4232F58CAD8C69329CC071F72937521
+IV=93FAFC16EFF504A9D2B791A272A78135
+PT=60B1C247289EF78D7EC88B46863CFAA3
+CT=EF387517F8C781A79700C8196DCA6F1A
+
+I=275
+KEY=48C6408FD8FA84D30DD53B83B31C425D3B1B5A4F321F4734BECCCF061F591A3B
+IV=EF387517F8C781A79700C8196DCA6F1A
+PT=C7E7DCE8740A7514482F31381EF52248
+CT=A6166002C7239645D55494BB64840B26
+
+I=276
+KEY=1C9EB0648715CA5738A4FD27A63693A09D0D3A4DF53CD1716B985BBD7BDD111D
+IV=A6166002C7239645D55494BB64840B26
+PT=5458F0EB5FEF4E843571C6A4152AD1FD
+CT=FB35646B2008AD29AFF508B94179F223
+
+I=277
+KEY=4AA2E4BAC74E8CD9AEA969550D27877866385E26D5347C58C46D53043AA4E33E
+IV=FB35646B2008AD29AFF508B94179F223
+PT=563C54DE405B468E960D9472AB1114D8
+CT=59C1692D4598AD622B6586A06892E11D
+
+I=278
+KEY=B9F5A3BAAA0C2F6EA5E835F6E6E5D50E3FF9370B90ACD13AEF08D5A452360223
+IV=59C1692D4598AD622B6586A06892E11D
+PT=F35747006D42A3B70B415CA3EBC25276
+CT=3131E251A6A4AC7226A1809553198AB8
+
+I=279
+KEY=EF46814F8656D3D8ABAF3B08EFEBC3150EC8D55A36087D48C9A95531012F889B
+IV=3131E251A6A4AC7226A1809553198AB8
+PT=56B322F52C5AFCB60E470EFE090E161B
+CT=2E30D8D5B7B636307A6D354FBED41A2D
+
+I=280
+KEY=3DFBE0FE20F0421CAABD62E2CDB0E60F20F80D8F81BE4B78B3C4607EBFFB92B6
+IV=2E30D8D5B7B636307A6D354FBED41A2D
+PT=D2BD61B1A6A691C4011259EA225B251A
+CT=6D791952F9416FC09B78517A2FFE986F
+
+I=281
+KEY=5197CF05753D155C5B08A5EB51B82F2D4D8114DD78FF24B828BC310490050AD9
+IV=6D791952F9416FC09B78517A2FFE986F
+PT=6C6C2FFB55CD5740F1B5C7099C08C922
+CT=37A8E0B9375AD5669A396D980D68D0F3
+
+I=282
+KEY=B3EFE2F914264AAAB7C7FD9C4843619E7A29F4644FA5F1DEB2855C9C9D6DDA2A
+IV=37A8E0B9375AD5669A396D980D68D0F3
+PT=E2782DFC611B5FF6ECCF587719FB4EB3
+CT=BC65630DB71EE8DA2194E5DFBC48360E
+
+I=283
+KEY=CAAB7758FF4AFF39A98C2202A26165CFC64C9769F8BB19049311B9432125EC24
+IV=BC65630DB71EE8DA2194E5DFBC48360E
+PT=794495A1EB6CB5931E4BDF9EEA220451
+CT=9C47136C1B510BFCEFA7F6659BDA08C2
+
+I=284
+KEY=CC38852E17544DB004372C4A3AA3DFDB5A0B8405E3EA12F87CB64F26BAFFE4E6
+IV=9C47136C1B510BFCEFA7F6659BDA08C2
+PT=0693F276E81EB289ADBB0E4898C2BA14
+CT=68AC57D13EC53C250FEBFC64B1992B1C
+
+I=285
+KEY=108FE55553F353DFABD421E15A18C9F532A7D3D4DD2F2EDD735DB3420B66CFFA
+IV=68AC57D13EC53C250FEBFC64B1992B1C
+PT=DCB7607B44A71E6FAFE30DAB60BB162E
+CT=9A8C11E031E57B77138A3637784D1D71
+
+I=286
+KEY=C432EA6E854DE8C191C6F0ED4A2BF1D7A82BC234ECCA55AA60D78575732BD28B
+IV=9A8C11E031E57B77138A3637784D1D71
+PT=D4BD0F3BD6BEBB1E3A12D10C10333822
+CT=3BBB1E76A491A5AA145ED931BB886333
+
+I=287
+KEY=980941D5FEFD458061B1B443E39818299390DC42485BF00074895C44C8A3B1B8
+IV=3BBB1E76A491A5AA145ED931BB886333
+PT=5C3BABBB7BB0AD41F07744AEA9B3E9FE
+CT=F79F1B46F57BDD36B58DDA33619D3920
+
+I=288
+KEY=B4FF33FB094612B6A3438A285C3AEA41640FC704BD202D36C1048677A93E8898
+IV=F79F1B46F57BDD36B58DDA33619D3920
+PT=2CF6722EF7BB5736C2F23E6BBFA2F268
+CT=F1C3ED72D0B6D917DD6F8AE86CFD8CBF
+
+I=289
+KEY=BC81027596771F9C591BE6C61762B1E795CC2A766D96F4211C6B0C9FC5C30427
+IV=F1C3ED72D0B6D917DD6F8AE86CFD8CBF
+PT=087E318E9F310D2AFA586CEE4B585BA6
+CT=EAF1AACEEB9F9BE0E880911BFEEAC2AC
+
+I=290
+KEY=D41458000DDED43B83DAA81B1D7FFB597F3D80B886096FC1F4EB9D843B29C68B
+IV=EAF1AACEEB9F9BE0E880911BFEEAC2AC
+PT=68955A759BA9CBA7DAC14EDD0A1D4ABE
+CT=7B35179E67E9B40346F7DE6356EDC98F
+
+I=291
+KEY=FACDC2B3BA9E125B2A734DE75F99F48C04089726E1E0DBC2B21C43E76DC40F04
+IV=7B35179E67E9B40346F7DE6356EDC98F
+PT=2ED99AB3B740C660A9A9E5FC42E60FD5
+CT=0EDE849D7E56B296B12C1EDF37436A8D
+
+I=292
+KEY=E73022253439EB4464CE0B205BBB0F1F0AD613BB9FB6695403305D385A876589
+IV=0EDE849D7E56B296B12C1EDF37436A8D
+PT=1DFDE0968EA7F91F4EBD46C70422FB93
+CT=D02F1EAF3CF6A6B681BAF8ECB921FFC4
+
+I=293
+KEY=9F3671205266DC4F7C771EBA74265F36DAF90D14A340CFE2828AA5D4E3A69A4D
+IV=D02F1EAF3CF6A6B681BAF8ECB921FFC4
+PT=78065305665F370B18B9159A2F9D5029
+CT=E365BE1A125C6930DFDCBB33E6937EC5
+
+I=294
+KEY=111A3E012C9D5CB2967E8BD22907D6F7399CB30EB11CA6D25D561EE70535E488
+IV=E365BE1A125C6930DFDCBB33E6937EC5
+PT=8E2C4F217EFB80FDEA0995685D2189C1
+CT=C5B24EEC5CDD17AA56838B09EC4AB725
+
+I=295
+KEY=15DA3EE4EE9A560B05493FFC971713A5FC2EFDE2EDC1B1780BD595EEE97F53AD
+IV=C5B24EEC5CDD17AA56838B09EC4AB725
+PT=04C000E5C2070AB99337B42EBE10C552
+CT=4D8A43CD28BBCB86953FA55A409BF130
+
+I=296
+KEY=2C8B30484D954192818342F3766C1415B1A4BE2FC57A7AFE9EEA30B4A9E4A29D
+IV=4D8A43CD28BBCB86953FA55A409BF130
+PT=39510EACA30F179984CA7D0FE17B07B0
+CT=A524A6329E6DCE041F72459234ECDE78
+
+I=297
+KEY=0F162BAD5F298EE0B0164CFED6A7AC271480181D5B17B4FA819875269D087CE5
+IV=A524A6329E6DCE041F72459234ECDE78
+PT=239D1BE512BCCF7231950E0DA0CBB832
+CT=90BBC5130D1C06182F737FE7F0FCD00D
+
+I=298
+KEY=62744CA02B6684D05A91F2049D403480843BDD0E560BB2E2AEEB0AC16DF4ACE8
+IV=90BBC5130D1C06182F737FE7F0FCD00D
+PT=6D62670D744F0A30EA87BEFA4BE798A7
+CT=35F293EDDEC8D9446A4ACD34602839B5
+
+I=299
+KEY=21F5373DA5D6BF15BC163383F62EA92FB1C94EE388C36BA6C4A1C7F50DDC955D
+IV=35F293EDDEC8D9446A4ACD34602839B5
+PT=43817B9D8EB03BC5E687C1876B6E9DAF
+CT=E45CF478D7C84325143165F58B041A13
+
+I=300
+KEY=4CF4A508B4DF37A831916353620DC1F45595BA9B5F0B2883D090A20086D88F4E
+IV=E45CF478D7C84325143165F58B041A13
+PT=6D019235110988BD8D8750D0942368DB
+CT=964983C30745D7EEA1BD5E287DAC466C
+
+I=301
+KEY=35C99C004D01E89F94A9B3BC79C492D7C3DC3958584EFF6D712DFC28FB74C922
+IV=964983C30745D7EEA1BD5E287DAC466C
+PT=793D3908F9DEDF37A538D0EF1BC95323
+CT=6834813D8403A963AD36C1A18CA605C0
+
+I=302
+KEY=F185723D6A2D2A6F9F4B9194A444AA2AABE8B865DC4D560EDC1B3D8977D2CCE2
+IV=6834813D8403A963AD36C1A18CA605C0
+PT=C44CEE3D272CC2F00BE22228DD8038FD
+CT=61F35AA76E1E0EC2D5E4F4F432B68260
+
+I=303
+KEY=B571B0BC6CFD2BA23611FB9A900A31FACA1BE2C2B25358CC09FFC97D45644E82
+IV=61F35AA76E1E0EC2D5E4F4F432B68260
+PT=44F4C28106D001CDA95A6A0E344E9BD0
+CT=DD081A96602E6665B860466B8D14050E
+
+I=304
+KEY=2A5757156C596DE633D0D8908011C3771713F854D27D3EA9B19F8F16C8704B8C
+IV=DD081A96602E6665B860466B8D14050E
+PT=9F26E7A900A4464405C1230A101BF28D
+CT=5BF18EA3D7F3ED1D941EA1B995313B98
+
+I=305
+KEY=DA008B517FA48E908A72B8525CC31AEF4CE276F7058ED3B425812EAF5D417014
+IV=5BF18EA3D7F3ED1D941EA1B995313B98
+PT=F057DC4413FDE376B9A260C2DCD2D998
+CT=74C361B6A13013E9ABF6841601513539
+
+I=306
+KEY=E313244DC22AC16C1D59AC494AA728D738211741A4BEC05D8E77AAB95C10452D
+IV=74C361B6A13013E9ABF6841601513539
+PT=3913AF1CBD8E4FFC972B141B16643238
+CT=9937614570FD404D5B39BA43D3A20602
+
+I=307
+KEY=92A7173E943CBA80AF56203552625E8AA1167604D4438010D54E10FA8FB2432F
+IV=9937614570FD404D5B39BA43D3A20602
+PT=71B4337356167BECB20F8C7C18C5765D
+CT=726FCDDF8E6738B51D767828EBDFC71E
+
+I=308
+KEY=242C75C141A58DC403020E52421BB347D379BBDB5A24B8A5C83868D2646D8431
+IV=726FCDDF8E6738B51D767828EBDFC71E
+PT=B68B62FFD5993744AC542E671079EDCD
+CT=78F735344BF10EED47969F1C02ECBF8C
+
+I=309
+KEY=5247008C3EB79AA67E5D2E0B95D0AC3AAB8E8EEF11D5B6488FAEF7CE66813BBD
+IV=78F735344BF10EED47969F1C02ECBF8C
+PT=766B754D7F1217627D5F2059D7CB1F7D
+CT=7D6A6CA54B084105DF6A778A4913BB04
+
+I=310
+KEY=06E7C1A6C8BC6A3355A86F61B41E70C6D6E4E24A5ADDF74D50C480442F9280B9
+IV=7D6A6CA54B084105DF6A778A4913BB04
+PT=54A0C12AF60BF0952BF5416A21CEDCFC
+CT=11F0A303D6C0ED5E18F40248AF1A794B
+
+I=311
+KEY=D7722746B58D494BE9B97F586CA4BB0AC71441498C1D1A134830820C8088F9F2
+IV=11F0A303D6C0ED5E18F40248AF1A794B
+PT=D195E6E07D312378BC111039D8BACBCC
+CT=2A715E8AC7101415E65EBF34CC4CD786
+
+I=312
+KEY=98B1E5954DE8000B6FFFE98D918B6237ED651FC34B0D0E06AE6E3D384CC42E74
+IV=2A715E8AC7101415E65EBF34CC4CD786
+PT=4FC3C2D3F8654940864696D5FD2FD93D
+CT=965E8AF93D390E424C9F4F1FBF9D98A5
+
+I=313
+KEY=74B910207ACD1D7C801724D53ED6BBC47B3B953A76340044E2F17227F359B6D1
+IV=965E8AF93D390E424C9F4F1FBF9D98A5
+PT=EC08F5B537251D77EFE8CD58AF5DD9F3
+CT=294782DD29C65B6C445C5D92F50E6D19
+
+I=314
+KEY=3E1AD36FDCC33F6B3425B5D52717845E527C17E75FF25B28A6AD2FB50657DBC8
+IV=294782DD29C65B6C445C5D92F50E6D19
+PT=4AA3C34FA60E2217B432910019C13F9A
+CT=E22098E7EDBEECC49FA8E31B76E925CA
+
+I=315
+KEY=BE9F93FE153DF61370F6709F8265DCCDB05C8F00B24CB7EC3905CCAE70BEFE02
+IV=E22098E7EDBEECC49FA8E31B76E925CA
+PT=80854091C9FEC97844D3C54AA5725893
+CT=24E80C1F59A4EA36044358E0C0D4F29D
+
+I=316
+KEY=A790F593CFA1643BD2EB3A1AAB8176A294B4831FEBE85DDA3D46944EB06A0C9F
+IV=24E80C1F59A4EA36044358E0C0D4F29D
+PT=190F666DDA9C9228A21D4A8529E4AA6F
+CT=63CF21803941B521532FF36F9FBFC7BD
+
+I=317
+KEY=0CF6F000352B4B583E4AEE707D111DC9F77BA29FD2A9E8FB6E6967212FD5CB22
+IV=63CF21803941B521532FF36F9FBFC7BD
+PT=AB660593FA8A2F63ECA1D46AD6906B6B
+CT=250941C1D45C82B0D9C381293CDD833A
+
+I=318
+KEY=1F875BCF1967857990EC97864B1EA9F8D272E35E06F56A4BB7AAE60813084818
+IV=250941C1D45C82B0D9C381293CDD833A
+PT=1371ABCF2C4CCE21AEA679F6360FB431
+CT=8303B962DAFC4A225C0FD6EA60D29CF4
+
+I=319
+KEY=42FE25BF51418FE7A7C7A1828219E1DB51715A3CDC092069EBA530E273DAD4EC
+IV=8303B962DAFC4A225C0FD6EA60D29CF4
+PT=5D797E7048260A9E372B3604C9074823
+CT=29E2DB359FAB42C0A83A4059A059CB51
+
+I=320
+KEY=6C821A4893FE0EAC88FC1F98BD44AD0A7893810943A262A9439F70BBD3831FBD
+IV=29E2DB359FAB42C0A83A4059A059CB51
+PT=2E7C3FF7C2BF814B2F3BBE1A3F5D4CD1
+CT=02BDB7EC18279FA9B7788D95FEB4000E
+
+I=321
+KEY=411670D389D0A04859FDC26DE5AAD1297A2E36E55B85FD00F4E7FD2E2D371FB3
+IV=02BDB7EC18279FA9B7788D95FEB4000E
+PT=2D946A9B1A2EAEE4D101DDF558EE7C23
+CT=3960A92A34967F13B754F2265A6F68C1
+
+I=322
+KEY=851BCD18F6043DE625BBEA33E1E860E3434E9FCF6F13821343B30F0877587772
+IV=3960A92A34967F13B754F2265A6F68C1
+PT=C40DBDCB7FD49DAE7C46285E0442B1CA
+CT=EF396AB8613AC6083932734D38869458
+
+I=323
+KEY=1944F363F3143A380F26BD4831A6BD9EAC77F5770E29441B7A817C454FDEE32A
+IV=EF396AB8613AC6083932734D38869458
+PT=9C5F3E7B051007DE2A9D577BD04EDD7D
+CT=CB73B8D257CC1A8235E48DA0E6AECC4E
+
+I=324
+KEY=C2F3C203F591C78914E31BA1E083AB9867044DA559E55E994F65F1E5A9702F64
+IV=CB73B8D257CC1A8235E48DA0E6AECC4E
+PT=DBB731600685FDB11BC5A6E9D1251606
+CT=3B0B12757B5D1B6E0130FCC306E9DBAA
+
+I=325
+KEY=0DCB66B972631AFBB1DA22F1418EE1C45C0F5FD022B845F74E550D26AF99F4CE
+IV=3B0B12757B5D1B6E0130FCC306E9DBAA
+PT=CF38A4BA87F2DD72A5393950A10D4A5C
+CT=CCEF4079CE8FAF0E6B8CD4C8751059E1
+
+I=326
+KEY=8FF976D3C735506D86A3540664F1C40590E01FA9EC37EAF925D9D9EEDA89AD2F
+IV=CCEF4079CE8FAF0E6B8CD4C8751059E1
+PT=8232106AB5564A96377976F7257F25C1
+CT=D835D2FA5583D9B2C16424960163DF7F
+
+I=327
+KEY=3499925B26E4F846CAA230EC069F127F48D5CD53B9B4334BE4BDFD78DBEA7250
+IV=D835D2FA5583D9B2C16424960163DF7F
+PT=BB60E488E1D1A82B4C0164EA626ED67A
+CT=4634485DB5D9C40FA2F6EF36E477F0B7
+
+I=328
+KEY=7A133EEC3DD747FE38A3370F8927A3C70EE1850E0C6DF744464B124E3F9D82E7
+IV=4634485DB5D9C40FA2F6EF36E477F0B7
+PT=4E8AACB71B33BFB8F20107E38FB8B1B8
+CT=AE30CD2A5D84CEF10B9C15EE1FE20CEB
+
+I=329
+KEY=F573665345317BAB5F14881777A0D789A0D1482451E939B54DD707A0207F8E0C
+IV=AE30CD2A5D84CEF10B9C15EE1FE20CEB
+PT=8F6058BF78E63C5567B7BF18FE87744E
+CT=B3926CDE5BFB1363DCCA28CDA2DC4CD8
+
+I=330
+KEY=FEFB661FA786BF2DA1B70FD7D06B86E8134324FA0A122AD6911D2F6D82A3C2D4
+IV=B3926CDE5BFB1363DCCA28CDA2DC4CD8
+PT=0B88004CE2B7C486FEA387C0A7CB5161
+CT=633388FA9EAE0DB2036F63CB2E21C266
+
+I=331
+KEY=BFC495DFBA60078708D992724C9201577070AC0094BC276492724CA6AC8200B2
+IV=633388FA9EAE0DB2036F63CB2E21C266
+PT=413FF3C01DE6B8AAA96E9DA59CF987BF
+CT=54ACB838D247D26A1544B2E42F18CF3F
+
+I=332
+KEY=EB0113E4FFE1201B59EAE94706B2571F24DC143846FBF50E8736FE42839ACF8D
+IV=54ACB838D247D26A1544B2E42F18CF3F
+PT=54C5863B4581279C51337B354A205648
+CT=B9210B8A8639CA5C94A1CF1169F89DDB
+
+I=333
+KEY=0E1D5F7873FD6440227C5529AEB4C7999DFD1FB2C0C23F5213973153EA625256
+IV=B9210B8A8639CA5C94A1CF1169F89DDB
+PT=E51C4C9C8C1C445B7B96BC6EA8069086
+CT=8990488561B43B03CF9FE631E2E7D5E7
+
+I=334
+KEY=8B2759471137DBF37906B394EFEF96D2146D5737A1760451DC08D762088587B1
+IV=8990488561B43B03CF9FE631E2E7D5E7
+PT=853A063F62CABFB35B7AE6BD415B514B
+CT=9DCE77D8CCC0F041FA717C28474E9A30
+
+I=335
+KEY=0D4B29E8D6F39CA01BC01CE73E2834C689A320EF6DB6F4102679AB4A4FCB1D81
+IV=9DCE77D8CCC0F041FA717C28474E9A30
+PT=866C70AFC7C4475362C6AF73D1C7A214
+CT=E1DA174FE5848D21735E55B91CA48A9B
+
+I=336
+KEY=55228F6FF93B7DE9304CD75991C133A5687937A0883279315527FEF3536F971A
+IV=E1DA174FE5848D21735E55B91CA48A9B
+PT=5869A6872FC8E1492B8CCBBEAFE90763
+CT=C578F53AD69AD508711E674F8DD2A843
+
+I=337
+KEY=35CA943437046860F72A1F8554127676AD01C29A5EA8AC39243999BCDEBD3F59
+IV=C578F53AD69AD508711E674F8DD2A843
+PT=60E81B5BCE3F1589C766C8DCC5D345D3
+CT=177A50196260D3F0A3F97423899EBEE2
+
+I=338
+KEY=B8C3B8414C112FC2E2E848733D5CF69CBA7B92833CC87FC987C0ED9F572381BB
+IV=177A50196260D3F0A3F97423899EBEE2
+PT=8D092C757B1547A215C257F6694E80EA
+CT=6B03A799C51C7D0A9D3C9929617E69B1
+
+I=339
+KEY=E82B651AE5740119104FE3284CE780E4D178351AF9D402C31AFC74B6365DE80A
+IV=6B03A799C51C7D0A9D3C9929617E69B1
+PT=50E8DD5BA9652EDBF2A7AB5B71BB7678
+CT=8D4C7C1157422E7B6DDA47C5C2C246F4
+
+I=340
+KEY=3C0B660F2B78F768812AC671D3107AD85C34490BAE962CB877263373F49FAEFE
+IV=8D4C7C1157422E7B6DDA47C5C2C246F4
+PT=D4200315CE0CF671916525599FF7FA3C
+CT=787B3C51094569BC1F139102964DF5AF
+
+I=341
+KEY=A197B59C700A4786E840733047964FD4244F755AA7D345046835A27162D25B51
+IV=787B3C51094569BC1F139102964DF5AF
+PT=9D9CD3935B72B0EE696AB5419486350C
+CT=AE02945B4E63AC35B6AC2DFA2DF3CEBA
+
+I=342
+KEY=00E75C4B909D44A94FA20EDA6C3628418A4DE101E9B0E931DE998F8B4F2195EB
+IV=AE02945B4E63AC35B6AC2DFA2DF3CEBA
+PT=A170E9D7E097032FA7E27DEA2BA06795
+CT=AC4AACD3597FE73F519F7CEDAFE6E000
+
+I=343
+KEY=4626BE31853C15DE412EF2A42328D47326074DD2B0CF0E0E8F06F366E0C775EB
+IV=AC4AACD3597FE73F519F7CEDAFE6E000
+PT=46C1E27A15A151770E8CFC7E4F1EFC32
+CT=5EB8B35708A135E041603BA323663F34
+
+I=344
+KEY=1733A037E76437411F49821D948A098978BFFE85B86E3BEECE66C8C5C3A14ADF
+IV=5EB8B35708A135E041603BA323663F34
+PT=51151E066258229F5E6770B9B7A2DDFA
+CT=6674FB922570377334A4F22D13E95BD8
+
+I=345
+KEY=8474275A2E4D5E5448EB8D34B65EE7081ECB05179D1E0C9DFAC23AE8D0481107
+IV=6674FB922570377334A4F22D13E95BD8
+PT=9347876DC929691557A20F2922D4EE81
+CT=F0E3F09C0350C0172E449A01F24AB828
+
+I=346
+KEY=765AA3F4014B8475CF832DE6128F7F2DEE28F58B9E4ECC8AD486A0E92202A92F
+IV=F0E3F09C0350C0172E449A01F24AB828
+PT=F22E84AE2F06DA218768A0D2A4D19825
+CT=CC156010299679ADEE9CC000FD5C90E5
+
+I=347
+KEY=DD3D3AFC83B7EEBC58CE35B35719B587223D959BB7D8B5273A1A60E9DF5E39CA
+IV=CC156010299679ADEE9CC000FD5C90E5
+PT=AB67990882FC6AC9974D18554596CAAA
+CT=80354EDEA10038E903C4896313236CE5
+
+I=348
+KEY=4764BB8C98BCF3FD4A21A370AE5432BBA208DB4516D88DCE39DEE98ACC7D552F
+IV=80354EDEA10038E903C4896313236CE5
+PT=9A5981701B0B1D4112EF96C3F94D873C
+CT=15140DC26F383EB99425FB51D445CC98
+
+I=349
+KEY=DF729AB7D09BC85489F8AD373EBDDA70B71CD68779E0B377ADFB12DB183899B7
+IV=15140DC26F383EB99425FB51D445CC98
+PT=9816213B48273BA9C3D90E4790E9E8CB
+CT=163465787010C97D3C2023D803F62556
+
+I=350
+KEY=A945B0C5997C596B5155A6BCA5055127A128B3FF09F07A0A91DB31031BCEBCE1
+IV=163465787010C97D3C2023D803F62556
+PT=76372A7249E7913FD8AD0B8B9BB88B57
+CT=23E861D557EE72534C8B729240E3A54F
+
+I=351
+KEY=0E1C166F2B947D14D0C7E6ABD280A31E82C0D22A5E1E0859DD5043915B2D19AE
+IV=23E861D557EE72534C8B729240E3A54F
+PT=A759A6AAB2E8247F819240177785F239
+CT=652CA6A199D7DBC37936FCD70636989F
+
+I=352
+KEY=208A37149072011877E3E85B3DC7F4A7E7EC748BC7C9D39AA466BF465D1B8131
+IV=652CA6A199D7DBC37936FCD70636989F
+PT=2E96217BBBE67C0CA7240EF0EF4757B9
+CT=7C29D6F4788553E3C50A48027478A98F
+
+I=353
+KEY=A8FFCB194C077EEED66632AEBE01652E9BC5A27FBF4C8079616CF744296328BE
+IV=7C29D6F4788553E3C50A48027478A98F
+PT=8875FC0DDC757FF6A185DAF583C69189
+CT=7B886FC819D625B224F2516901788E88
+
+I=354
+KEY=3716969BDDBF04FF4010D4667CCA994AE04DCDB7A69AA5CB459EA62D281BA636
+IV=7B886FC819D625B224F2516901788E88
+PT=9FE95D8291B87A119676E6C8C2CBFC64
+CT=3EAB925C025F379153CE2C7191026976
+
+I=355
+KEY=991D0D313717C7AC62537C8572DE094BDEE65FEBA4C5925A16508A5CB919CF40
+IV=3EAB925C025F379153CE2C7191026976
+PT=AE0B9BAAEAA8C3532243A8E30E149001
+CT=B9904B8BDF431FDDB9166086C9D3E24C
+
+I=356
+KEY=315772BB82A3DD286FE5891934B19434677614607B868D87AF46EADA70CA2D0C
+IV=B9904B8BDF431FDDB9166086C9D3E24C
+PT=A84A7F8AB5B41A840DB6F59C466F9D7F
+CT=3C7029336ECCA5D352DB9D0C060D3830
+
+I=357
+KEY=C99E4E6A8C1D42A9E431FF8B2A8ACA615B063D53154A2854FD9D77D676C7153C
+IV=3C7029336ECCA5D352DB9D0C060D3830
+PT=F8C93CD10EBE9F818BD476921E3B5E55
+CT=4AF4290AA79EB96435D2D3FC745033D7
+
+I=358
+KEY=55317B8B407B7D089ED2CEF7BE80E99111F21459B2D49130C84FA42A029726EB
+IV=4AF4290AA79EB96435D2D3FC745033D7
+PT=9CAF35E1CC663FA17AE3317C940A23F0
+CT=BFCA0B6B31AAD81F1BDC743B48B7CCA4
+
+I=359
+KEY=6EAE6D8B06AA25493BA3608357D71404AE381F32837E492FD393D0114A20EA4F
+IV=BFCA0B6B31AAD81F1BDC743B48B7CCA4
+PT=3B9F160046D15841A571AE74E957FD95
+CT=89C1D565569A12A68B2E808AB5CFA2E3
+
+I=360
+KEY=3245D7C1F5571A1329E1B2303F8A689D27F9CA57D5E45B8958BD509BFFEF48AC
+IV=89C1D565569A12A68B2E808AB5CFA2E3
+PT=5CEBBA4AF3FD3F5A1242D2B3685D7C99
+CT=EC8EEAED7894646B1D1A5E058ED41178
+
+I=361
+KEY=1DE05811428569D3F89CF1C01AF434AFCB7720BAAD703FE245A70E9E713B59D4
+IV=EC8EEAED7894646B1D1A5E058ED41178
+PT=2FA58FD0B7D273C0D17D43F0257E5C32
+CT=92802F392579C66AD72D2E85776720E8
+
+I=362
+KEY=0A8FB6D844AB0B73C05A121085E07FFE59F70F838809F988928A201B065C793C
+IV=92802F392579C66AD72D2E85776720E8
+PT=176FEEC9062E62A038C6E3D09F144B51
+CT=461DBCF9894F5319FE772F6529FBCEC0
+
+I=363
+KEY=4E6818B3BBEF69FA7ABEC1EBE2E54CDC1FEAB37A0146AA916CFD0F7E2FA7B7FC
+IV=461DBCF9894F5319FE772F6529FBCEC0
+PT=44E7AE6BFF446289BAE4D3FB67053322
+CT=794CA9DC41BAE95D415A6D1119582763
+
+I=364
+KEY=4A1EABB13924B188441724141F1C88A966A61AA640FC43CC2DA7626F36FF909F
+IV=794CA9DC41BAE95D415A6D1119582763
+PT=0476B30282CBD8723EA9E5FFFDF9C475
+CT=B761EAF5CC07651BD33D8BF93913EAE8
+
+I=365
+KEY=FFE4E48F8D96710A1BE7DBE36F4905CDD1C7F0538CFB26D7FE9AE9960FEC7A77
+IV=B761EAF5CC07651BD33D8BF93913EAE8
+PT=B5FA4F3EB4B2C0825FF0FFF770558D64
+CT=0B5146EB77161E60D6D1E2FAEAE80694
+
+I=366
+KEY=7A4F383AF4BB2DC6588E75EE82C7D9CFDA96B6B8FBED38B7284B0B6CE5047CE3
+IV=0B5146EB77161E60D6D1E2FAEAE80694
+PT=85ABDCB5792D5CCC4369AE0DED8EDC02
+CT=07635064CE85F6AE17961AF1F2B44469
+
+I=367
+KEY=EFFE7F8BBBEC8BEC83FA199102763BEDDDF5E6DC3568CE193FDD119D17B0388A
+IV=07635064CE85F6AE17961AF1F2B44469
+PT=95B147B14F57A62ADB746C7F80B1E222
+CT=3A9CD5F30C421FF333BA2C2F0A7AD07D
+
+I=368
+KEY=1DF51B7A35E11E2AF79E8C59094A1ECFE769332F392AD1EA0C673DB21DCAE8F7
+IV=3A9CD5F30C421FF333BA2C2F0A7AD07D
+PT=F20B64F18E0D95C6746495C80B3C2522
+CT=F60032C249CF561CB02421DA189A57D1
+
+I=369
+KEY=CC09FFE72A10AE27FE14934A6628AB83116901ED70E587F6BC431C680550BF26
+IV=F60032C249CF561CB02421DA189A57D1
+PT=D1FCE49D1FF1B00D098A1F136F62B54C
+CT=EAD5844B160C08F9CDAA15FD5936EF26
+
+I=370
+KEY=09C84CA0DA0B9FD79D3090E690BAB419FBBC85A666E98F0F71E909955C665000
+IV=EAD5844B160C08F9CDAA15FD5936EF26
+PT=C5C1B347F01B31F0632403ACF6921F9A
+CT=26AD72F011133FD4CED8F38A1ABE7D73
+
+I=371
+KEY=74FA53C172A2003EC5933F486FCC7BBFDD11F75677FAB0DBBF31FA1F46D82D73
+IV=26AD72F011133FD4CED8F38A1ABE7D73
+PT=7D321F61A8A99FE958A3AFAEFF76CFA6
+CT=F115FBC0D3F386527176D1DF6AD4B38A
+
+I=372
+KEY=0E5BA209B7BC28D184E73BD37F35C1312C040C96A4093689CE472BC02C0C9EF9
+IV=F115FBC0D3F386527176D1DF6AD4B38A
+PT=7AA1F1C8C51E28EF4174049B10F9BA8E
+CT=27ED0BA04734E70317BF58E11B0DD051
+
+I=373
+KEY=9404D9139B6597D1F7C7519713C6CBC80BE90736E33DD18AD9F8732137014EA8
+IV=27ED0BA04734E70317BF58E11B0DD051
+PT=9A5F7B1A2CD9BF0073206A446CF30AF9
+CT=24080A577426F8F270A13F3A5F3DB546
+
+I=374
+KEY=E72476BC679C8DCBAB92BBA5D48BF6D32FE10D61971B2978A9594C1B683CFBEE
+IV=24080A577426F8F270A13F3A5F3DB546
+PT=7320AFAFFCF91A1A5C55EA32C74D3D1B
+CT=A754CC0464E35B387435790505F2DCE5
+
+I=375
+KEY=4548DE389CCAD4A65B02A9B5FE90930188B5C165F3F87240DD6C351E6DCE270B
+IV=A754CC0464E35B387435790505F2DCE5
+PT=A26CA884FB56596DF09012102A1B65D2
+CT=D9AED2566884E97D081EADB45780AA7D
+
+I=376
+KEY=2E54365B503140D0EC9074DFA05F4B2C511B13339B7C9B3DD57298AA3A4E8D76
+IV=D9AED2566884E97D081EADB45780AA7D
+PT=6B1CE863CCFB9476B792DD6A5ECFD82D
+CT=9FA221E082CAD838AB4B210A8794BD8F
+
+I=377
+KEY=7C9FB092B8A96465076E14C575E9A8F0CEB932D319B643057E39B9A0BDDA30F9
+IV=9FA221E082CAD838AB4B210A8794BD8F
+PT=52CB86C9E89824B5EBFE601AD5B6E3DC
+CT=AAEA6DE5734CF14BED503512EB071C2A
+
+I=378
+KEY=90AB85A18F2B0255D4F43AF5E98DAA7E64535F366AFAB24E93698CB256DD2CD3
+IV=AAEA6DE5734CF14BED503512EB071C2A
+PT=EC34353337826630D39A2E309C64028E
+CT=1359A157B415EB63E038AB7354E6B0F2
+
+I=379
+KEY=9135D4D54A1CE6BBF4F23AFDE23F537C770AFE61DEEF592D735127C1023B9C21
+IV=1359A157B415EB63E038AB7354E6B0F2
+PT=019E5174C537E4EE200600080BB2F902
+CT=0764EBDBFAE8FD447244408A5153CC3B
+
+I=380
+KEY=4B5F1BC60EF5DCE83474A3970EB2ABA8706E15BA2407A4690115674B5368501A
+IV=0764EBDBFAE8FD447244408A5153CC3B
+PT=DA6ACF1344E93A53C086996AEC8DF8D4
+CT=A31F69E0055E8D4162AC06C088925FBA
+
+I=381
+KEY=9DD8E8D75BE2E4D1BC70B30DAE0B375FD3717C5A2159292863B9618BDBFA0FA0
+IV=A31F69E0055E8D4162AC06C088925FBA
+PT=D687F311551738398804109AA0B99CF7
+CT=EB84AC035534CDF1698E660F529E0EC7
+
+I=382
+KEY=4A2B2FC8446B4C2575CFE584A490680238F5D059746DE4D90A37078489640167
+IV=EB84AC035534CDF1698E660F529E0EC7
+PT=D7F3C71F1F89A8F4C9BF56890A9B5F5D
+CT=9236D37A28C2CF29237127173B93C5D5
+
+I=383
+KEY=9BE42576823EEAADB34657A5CBB44B21AAC303235CAF2BF029462093B2F7C4B2
+IV=9236D37A28C2CF29237127173B93C5D5
+PT=D1CF0ABEC655A688C689B2216F242323
+CT=86C122CFA62B1356FEE33FECF598ACC9
+
+I=384
+KEY=5DFC1838B052E95A948D0AC31736CBE62C0221ECFA8438A6D7A51F7F476F687B
+IV=86C122CFA62B1356FEE33FECF598ACC9
+PT=C6183D4E326C03F727CB5D66DC8280C7
+CT=8A9926125B1CA354B1D7A9FED0850FEE
+
+I=385
+KEY=2B12FA914EE7674EADED81C47A67A1B4A69B07FEA1989BF26672B68197EA6795
+IV=8A9926125B1CA354B1D7A9FED0850FEE
+PT=76EEE2A9FEB58E1439608B076D516A52
+CT=AD99A2A427BFF7A17C375DB38764EBFC
+
+I=386
+KEY=10607DE088CB92382089EF99B7C054280B02A55A86276C531A45EB32108E8C69
+IV=AD99A2A427BFF7A17C375DB38764EBFC
+PT=3B728771C62CF5768D646E5DCDA7F59C
+CT=0E141FD7D6928E7B7885638B6334947C
+
+I=387
+KEY=605ECCB38F9FFD9DAB2DB523313FFADB0516BA8D50B5E22862C088B973BA1815
+IV=0E141FD7D6928E7B7885638B6334947C
+PT=703EB15307546FA58BA45ABA86FFAEF3
+CT=996CB8723B08B99A4959072DC8A73292
+
+I=388
+KEY=C6371257BDA461F3A4D2F1ED5DD4B0B69C7A02FF6BBD5BB22B998F94BB1D2A87
+IV=996CB8723B08B99A4959072DC8A73292
+PT=A669DEE4323B9C6E0FFF44CE6CEB4A6D
+CT=72966BAA5E4D7FA9129088F2C072E301
+
+I=389
+KEY=DDD8877C25005F9B8336823CBF4D4B1DEEEC695535F0241B390907667B6FC986
+IV=72966BAA5E4D7FA9129088F2C072E301
+PT=1BEF952B98A43E6827E473D1E299FBAB
+CT=32C321C999A2D68EA4517D332C785FC4
+
+I=390
+KEY=00882DCBC6CFDED1A2ED7D9892F494A5DC2F489CAC52F2959D587A5557179642
+IV=32C321C999A2D68EA4517D332C785FC4
+PT=DD50AAB7E3CF814A21DBFFA42DB9DFB8
+CT=391D95DD63982E0A9AF3980A234DB5B9
+
+I=391
+KEY=234B9097BD6519EFE106103720AC937DE532DD41CFCADC9F07ABE25F745A23FB
+IV=391D95DD63982E0A9AF3980A234DB5B9
+PT=23C3BD5C7BAAC73E43EB6DAFB25807D8
+CT=D3A279EE1BABABA71DB01DC35EBA879D
+
+I=392
+KEY=AFF7D52D959CC7E41F1F3FF3CA2425053690A4AFD46177381A1BFF9C2AE0A466
+IV=D3A279EE1BABABA71DB01DC35EBA879D
+PT=8CBC45BA28F9DE0BFE192FC4EA88B678
+CT=B4696871EE3A9D035BC32308DA5A5DA7
+
+I=393
+KEY=B557440CEEB6E4EF54F6CD1B222246AC82F9CCDE3A5BEA3B41D8DC94F0BAF9C1
+IV=B4696871EE3A9D035BC32308DA5A5DA7
+PT=1AA091217B2A230B4BE9F2E8E80663A9
+CT=C5047AFD7884E0124928229AA6E72F67
+
+I=394
+KEY=BF64C071FAAD2C48CB269C03563FA06147FDB62342DF0A2908F0FE0E565DD6A6
+IV=C5047AFD7884E0124928229AA6E72F67
+PT=0A33847D141BC8A79FD05118741DE6CD
+CT=240D684E6BAD3FD4E41D58DB871E93CD
+
+I=395
+KEY=F6945509258A1584398F5438DFD679DB63F0DE6D297235FDECEDA6D5D143456B
+IV=240D684E6BAD3FD4E41D58DB871E93CD
+PT=49F09578DF2739CCF2A9C83B89E9D9BA
+CT=F66917F0C3C67774F9263062F918DDD5
+
+I=396
+KEY=A8E48107D59287ABBA374E7CE5BC28E89599C99DEAB4428915CB96B7285B98BE
+IV=F66917F0C3C67774F9263062F918DDD5
+PT=5E70D40EF018922F83B81A443A6A5133
+CT=85C42456F11D0191BC4B4DD4EA0406EE
+
+I=397
+KEY=E4F367569F4F9114AFE937A0190C9738105DEDCB1BA94318A980DB63C25F9E50
+IV=85C42456F11D0191BC4B4DD4EA0406EE
+PT=4C17E6514ADD16BF15DE79DCFCB0BFD0
+CT=D48B6C87A25C71113947569411C2186A
+
+I=398
+KEY=987ED2D586DA9AB08C584BBEA0478953C4D6814CB9F5320990C78DF7D39D863A
+IV=D48B6C87A25C71113947569411C2186A
+PT=7C8DB58319950BA423B17C1EB94B1E6B
+CT=AB6957C2F3D360593E9096F3A392A701
+
+I=399
+KEY=3DF2BF13B7FF97CA13567A890E11C9796FBFD68E4A265250AE571B04700F213B
+IV=AB6957C2F3D360593E9096F3A392A701
+PT=A58C6DC631250D7A9F0E3137AE56402A
+CT=C0FEFFF07506A0B4CD7B8B0CF25D3664
+
+===========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_d_m.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_d_m.txt
new file mode 100644
index 00000000..d99a69af
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_d_m.txt
@@ -0,0 +1,6024 @@
+
+=========================
+
+FILENAME:  "ecb_d_m.txt"
+
+Electronic Codebook (ECB) Mode - DECRYPTION
+Monte Carlo Test
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+=========================
+
+KEYSIZE=128
+
+I=0
+KEY=00000000000000000000000000000000
+CT=00000000000000000000000000000000
+PT=44416AC2D1F53C583303917E6BE9EBE0
+
+I=1
+KEY=44416AC2D1F53C583303917E6BE9EBE0
+CT=44416AC2D1F53C583303917E6BE9EBE0
+PT=E3FD51123B48A2E2AB1DB29894202222
+
+I=2
+KEY=A7BC3BD0EABD9EBA981E23E6FFC9C9C2
+CT=E3FD51123B48A2E2AB1DB29894202222
+PT=877B88A77AEF04F05546539E17259F53
+
+I=3
+KEY=20C7B37790529A4ACD587078E8EC5691
+CT=877B88A77AEF04F05546539E17259F53
+PT=C7A71C1B46261602EB1EE48FDA8155A4
+
+I=4
+KEY=E760AF6CD6748C48264694F7326D0335
+CT=C7A71C1B46261602EB1EE48FDA8155A4
+PT=6B6AC8E00FAF7E045ECCFC426A137221
+
+I=5
+KEY=8C0A678CD9DBF24C788A68B5587E7114
+CT=6B6AC8E00FAF7E045ECCFC426A137221
+PT=3F252821FA79AFC3F1798B343AAD41EE
+
+I=6
+KEY=B32F4FAD23A25D8F89F3E38162D330FA
+CT=3F252821FA79AFC3F1798B343AAD41EE
+PT=0B55C691E1F97205D137FF34478E5BC9
+
+I=7
+KEY=B87A893CC25B2F8A58C41CB5255D6B33
+CT=0B55C691E1F97205D137FF34478E5BC9
+PT=F6CCC1CC18A3199D6427EDCA0BB2DF90
+
+I=8
+KEY=4EB648F0DAF836173CE3F17F2EEFB4A3
+CT=F6CCC1CC18A3199D6427EDCA0BB2DF90
+PT=0CDD7D9734B1515C73DDA60EFF28CD89
+
+I=9
+KEY=426B3567EE49674B4F3E5771D1C7792A
+CT=0CDD7D9734B1515C73DDA60EFF28CD89
+PT=3E813131EDD440D9054799CEA508FF6F
+
+I=10
+KEY=7CEA0456039D27924A79CEBF74CF8645
+CT=3E813131EDD440D9054799CEA508FF6F
+PT=8C6859BD0B6E078FAA6B686297653232
+
+I=11
+KEY=F0825DEB08F3201DE012A6DDE3AAB477
+CT=8C6859BD0B6E078FAA6B686297653232
+PT=C966A4106C1DCE062D1346EB5E5133BB
+
+I=12
+KEY=39E4F9FB64EEEE1BCD01E036BDFB87CC
+CT=C966A4106C1DCE062D1346EB5E5133BB
+PT=4F4AE38B53FD7800F0E9F5C214E16F2A
+
+I=13
+KEY=76AE1A703713961B3DE815F4A91AE8E6
+CT=4F4AE38B53FD7800F0E9F5C214E16F2A
+PT=C73A033491DC0B6A77FEA2FBCC9D305E
+
+I=14
+KEY=B1941944A6CF9D714A16B70F6587D8B8
+CT=C73A033491DC0B6A77FEA2FBCC9D305E
+PT=C928C2A05BB44816EFBE6B13E94BC70E
+
+I=15
+KEY=78BCDBE4FD7BD567A5A8DC1C8CCC1FB6
+CT=C928C2A05BB44816EFBE6B13E94BC70E
+PT=A7C1593E7B4BAEE5256D4081337E7CAF
+
+I=16
+KEY=DF7D82DA86307B8280C59C9DBFB26319
+CT=A7C1593E7B4BAEE5256D4081337E7CAF
+PT=7ECD305AC27AEBFA2B8F85F9AC312638
+
+I=17
+KEY=A1B0B280444A9078AB4A196413834521
+CT=7ECD305AC27AEBFA2B8F85F9AC312638
+PT=A24D1403A58B94798F5F3565ABFD3B44
+
+I=18
+KEY=03FDA683E1C1040124152C01B87E7E65
+CT=A24D1403A58B94798F5F3565ABFD3B44
+PT=5B6E097B3B0E21DCC9CE9970701C7BD5
+
+I=19
+KEY=5893AFF8DACF25DDEDDBB571C86205B0
+CT=5B6E097B3B0E21DCC9CE9970701C7BD5
+PT=4E21CEA52B3111AC8F6B204A1F5E65E2
+
+I=20
+KEY=16B2615DF1FE347162B0953BD73C6052
+CT=4E21CEA52B3111AC8F6B204A1F5E65E2
+PT=806DDC5C37ADEEBB6FCE4730939D7A99
+
+I=21
+KEY=96DFBD01C653DACA0D7ED20B44A11ACB
+CT=806DDC5C37ADEEBB6FCE4730939D7A99
+PT=3462F7C6D3E071A0D3ACE7FD79149776
+
+I=22
+KEY=A2BD4AC715B3AB6ADED235F63DB58DBD
+CT=3462F7C6D3E071A0D3ACE7FD79149776
+PT=AF0FFF307B72284E794C8A64C30299D2
+
+I=23
+KEY=0DB2B5F76EC18324A79EBF92FEB7146F
+CT=AF0FFF307B72284E794C8A64C30299D2
+PT=E482B613FBCF9C4422D85E3160B1FB0F
+
+I=24
+KEY=E93003E4950E1F608546E1A39E06EF60
+CT=E482B613FBCF9C4422D85E3160B1FB0F
+PT=FADC8EF9C95540AD69897DECAB2D50D5
+
+I=25
+KEY=13EC8D1D5C5B5FCDECCF9C4F352BBFB5
+CT=FADC8EF9C95540AD69897DECAB2D50D5
+PT=2A765E237FB5230D792D455596A17118
+
+I=26
+KEY=399AD33E23EE7CC095E2D91AA38ACEAD
+CT=2A765E237FB5230D792D455596A17118
+PT=0887DA8012C7F95BD6ADB18D1ED3C2DB
+
+I=27
+KEY=311D09BE3129859B434F6897BD590C76
+CT=0887DA8012C7F95BD6ADB18D1ED3C2DB
+PT=3BB831A7B6FAC3649176471012FAD1C1
+
+I=28
+KEY=0AA5381987D346FFD2392F87AFA3DDB7
+CT=3BB831A7B6FAC3649176471012FAD1C1
+PT=E4F8629AB3489A0945B8B7188B953DE5
+
+I=29
+KEY=EE5D5A83349BDCF69781989F2436E052
+CT=E4F8629AB3489A0945B8B7188B953DE5
+PT=1D4B0B5B321EB711939AB481239E2541
+
+I=30
+KEY=F31651D806856BE7041B2C1E07A8C513
+CT=1D4B0B5B321EB711939AB481239E2541
+PT=71A368D5A33665D6FF9F33FECAFC6884
+
+I=31
+KEY=82B5390DA5B30E31FB841FE0CD54AD97
+CT=71A368D5A33665D6FF9F33FECAFC6884
+PT=8ACF418080075BA23B05A52552773B84
+
+I=32
+KEY=087A788D25B45593C081BAC59F239613
+CT=8ACF418080075BA23B05A52552773B84
+PT=E0E6058735F4FE765E882521D769FB41
+
+I=33
+KEY=E89C7D0A1040ABE59E099FE4484A6D52
+CT=E0E6058735F4FE765E882521D769FB41
+PT=70DCE91F818DF2CDC4269F1B4EA0A465
+
+I=34
+KEY=9840941591CD59285A2F00FF06EAC937
+CT=70DCE91F818DF2CDC4269F1B4EA0A465
+PT=E2F809D6DD77D72EF6DB5A82C42BF1CF
+
+I=35
+KEY=7AB89DC34CBA8E06ACF45A7DC2C138F8
+CT=E2F809D6DD77D72EF6DB5A82C42BF1CF
+PT=0741D11DDD877957E753ECF8DB91C72B
+
+I=36
+KEY=7DF94CDE913DF7514BA7B6851950FFD3
+CT=0741D11DDD877957E753ECF8DB91C72B
+PT=03E411012CA3B5B3CC163677D4B52456
+
+I=37
+KEY=7E1D5DDFBD9E42E287B180F2CDE5DB85
+CT=03E411012CA3B5B3CC163677D4B52456
+PT=0270D90790EF8347ACFB87EB2FEC2710
+
+I=38
+KEY=7C6D84D82D71C1A52B4A0719E209FC95
+CT=0270D90790EF8347ACFB87EB2FEC2710
+PT=3AE40270512374AF4022638E0A7A6D8E
+
+I=39
+KEY=468986A87C52B50A6B686497E873911B
+CT=3AE40270512374AF4022638E0A7A6D8E
+PT=8008D87E928A980FECA08CAF1EC91DDA
+
+I=40
+KEY=C6815ED6EED82D0587C8E838F6BA8CC1
+CT=8008D87E928A980FECA08CAF1EC91DDA
+PT=1D479A54832FF1A81D30008EFDF16A34
+
+I=41
+KEY=DBC6C4826DF7DCAD9AF8E8B60B4BE6F5
+CT=1D479A54832FF1A81D30008EFDF16A34
+PT=9E731FECD9A767BDA0C84B4C4D552BD3
+
+I=42
+KEY=45B5DB6EB450BB103A30A3FA461ECD26
+CT=9E731FECD9A767BDA0C84B4C4D552BD3
+PT=C2211A6B16CD27C6C73A5C3C1A0132AC
+
+I=43
+KEY=8794C105A29D9CD6FD0AFFC65C1FFF8A
+CT=C2211A6B16CD27C6C73A5C3C1A0132AC
+PT=7E523DD6F25706F971F020F88FFA0CF7
+
+I=44
+KEY=F9C6FCD350CA9A2F8CFADF3ED3E5F37D
+CT=7E523DD6F25706F971F020F88FFA0CF7
+PT=0EDC01C6C1A8DA6A7C9EEE3587CB098E
+
+I=45
+KEY=F71AFD1591624045F064310B542EFAF3
+CT=0EDC01C6C1A8DA6A7C9EEE3587CB098E
+PT=EE479106871DA872632794633B1ACF0E
+
+I=46
+KEY=195D6C13167FE8379343A5686F3435FD
+CT=EE479106871DA872632794633B1ACF0E
+PT=7EC1A4578D911F336184DACCCA92D943
+
+I=47
+KEY=679CC8449BEEF704F2C77FA4A5A6ECBE
+CT=7EC1A4578D911F336184DACCCA92D943
+PT=53715F25AE02513F181E3DECBB007803
+
+I=48
+KEY=34ED976135ECA63BEAD942481EA694BD
+CT=53715F25AE02513F181E3DECBB007803
+PT=304D5764B5206F8204A69D1BED11FA62
+
+I=49
+KEY=04A0C00580CCC9B9EE7FDF53F3B76EDF
+CT=304D5764B5206F8204A69D1BED11FA62
+PT=5A7590ADEF208BFD808499A2BFE9B011
+
+I=50
+KEY=5ED550A86FEC42446EFB46F14C5EDECE
+CT=5A7590ADEF208BFD808499A2BFE9B011
+PT=2502C0F68A721A93ECE8D7B6C2097BA4
+
+I=51
+KEY=7BD7905EE59E58D7821391478E57A56A
+CT=2502C0F68A721A93ECE8D7B6C2097BA4
+PT=1C814E26A6464086D606C7B4C6DFD85B
+
+I=52
+KEY=6756DE7843D81851541556F348887D31
+CT=1C814E26A6464086D606C7B4C6DFD85B
+PT=9D55D6EA99BA391190068205DD9AE69C
+
+I=53
+KEY=FA030892DA622140C413D4F695129BAD
+CT=9D55D6EA99BA391190068205DD9AE69C
+PT=9D1212D0BD8C26422EEFF4DDB16B2EF3
+
+I=54
+KEY=67111A4267EE0702EAFC202B2479B55E
+CT=9D1212D0BD8C26422EEFF4DDB16B2EF3
+PT=54DF71E70141E1712449CDC1AC7D07F6
+
+I=55
+KEY=33CE6BA566AFE673CEB5EDEA8804B2A8
+CT=54DF71E70141E1712449CDC1AC7D07F6
+PT=AF3DE6F3510978928C129CFC19FB29B4
+
+I=56
+KEY=9CF38D5637A69EE142A7711691FF9B1C
+CT=AF3DE6F3510978928C129CFC19FB29B4
+PT=830DB7014774C7DF870C8456BC0162AB
+
+I=57
+KEY=1FFE3A5770D2593EC5ABF5402DFEF9B7
+CT=830DB7014774C7DF870C8456BC0162AB
+PT=6606C0A36A18BEFF33485F95B82C30E7
+
+I=58
+KEY=79F8FAF41ACAE7C1F6E3AAD595D2C950
+CT=6606C0A36A18BEFF33485F95B82C30E7
+PT=4B1E64672B89056DF693E73B419E786E
+
+I=59
+KEY=32E69E933143E2AC00704DEED44CB13E
+CT=4B1E64672B89056DF693E73B419E786E
+PT=1877DEEAFF10A5A3F5E9A811BF7595BA
+
+I=60
+KEY=2A914079CE53470FF599E5FF6B392484
+CT=1877DEEAFF10A5A3F5E9A811BF7595BA
+PT=A11A48215BF59CC53BC8A009DCA3973D
+
+I=61
+KEY=8B8B085895A6DBCACE5145F6B79AB3B9
+CT=A11A48215BF59CC53BC8A009DCA3973D
+PT=E80535676DE8898A3624B8127EC21024
+
+I=62
+KEY=638E3D3FF84E5240F875FDE4C958A39D
+CT=E80535676DE8898A3624B8127EC21024
+PT=E2977A804EC9A8B03C85234AD3A95B52
+
+I=63
+KEY=811947BFB687FAF0C4F0DEAE1AF1F8CF
+CT=E2977A804EC9A8B03C85234AD3A95B52
+PT=D776D8BF13F736483862328571C06C61
+
+I=64
+KEY=566F9F00A570CCB8FC92EC2B6B3194AE
+CT=D776D8BF13F736483862328571C06C61
+PT=3AF7969F3247A0914037209556997164
+
+I=65
+KEY=6C98099F97376C29BCA5CCBE3DA8E5CA
+CT=3AF7969F3247A0914037209556997164
+PT=4F87DDC715CEE3A9D67645AD920DF74A
+
+I=66
+KEY=231FD45882F98F806AD38913AFA51280
+CT=4F87DDC715CEE3A9D67645AD920DF74A
+PT=9E88CA52E6B0C160E52B23F36882DBA1
+
+I=67
+KEY=BD971E0A64494EE08FF8AAE0C727C921
+CT=9E88CA52E6B0C160E52B23F36882DBA1
+PT=CAD26E5881D9D4E52C7595C773E0FDAB
+
+I=68
+KEY=77457052E5909A05A38D3F27B4C7348A
+CT=CAD26E5881D9D4E52C7595C773E0FDAB
+PT=C2D0B3D713CFCA5ABB7B9DED14429F37
+
+I=69
+KEY=B595C385F65F505F18F6A2CAA085ABBD
+CT=C2D0B3D713CFCA5ABB7B9DED14429F37
+PT=DD7AADA7524A4878F7C598C4CBCD9CAB
+
+I=70
+KEY=68EF6E22A4151827EF333A0E6B483716
+CT=DD7AADA7524A4878F7C598C4CBCD9CAB
+PT=A0F33B1FCC3F4A4B0982F0823C4ED3C9
+
+I=71
+KEY=C81C553D682A526CE6B1CA8C5706E4DF
+CT=A0F33B1FCC3F4A4B0982F0823C4ED3C9
+PT=B22BB23CD68E8779A8C0FC9A350CB756
+
+I=72
+KEY=7A37E701BEA4D5154E713616620A5389
+CT=B22BB23CD68E8779A8C0FC9A350CB756
+PT=EA4D96AC54BD8387AD36AC8C855A9D44
+
+I=73
+KEY=907A71ADEA195692E3479A9AE750CECD
+CT=EA4D96AC54BD8387AD36AC8C855A9D44
+PT=A3B90CFDE355723BC94999784534FA74
+
+I=74
+KEY=33C37D50094C24A92A0E03E2A26434B9
+CT=A3B90CFDE355723BC94999784534FA74
+PT=55636C86A64383768CB948FF57B29322
+
+I=75
+KEY=66A011D6AF0FA7DFA6B74B1DF5D6A79B
+CT=55636C86A64383768CB948FF57B29322
+PT=B29CCDFD8E7BE50892F0D77DD969F97E
+
+I=76
+KEY=D43CDC2B217442D734479C602CBF5EE5
+CT=B29CCDFD8E7BE50892F0D77DD969F97E
+PT=9CF0432822EABDF489B57EDD9CEF7FEA
+
+I=77
+KEY=48CC9F03039EFF23BDF2E2BDB050210F
+CT=9CF0432822EABDF489B57EDD9CEF7FEA
+PT=AA753B7D38E807D691005899385DC6DA
+
+I=78
+KEY=E2B9A47E3B76F8F52CF2BA24880DE7D5
+CT=AA753B7D38E807D691005899385DC6DA
+PT=E4F0681527FA7AD3D1E7C78C03FB79FA
+
+I=79
+KEY=0649CC6B1C8C8226FD157DA88BF69E2F
+CT=E4F0681527FA7AD3D1E7C78C03FB79FA
+PT=7923AF8E50F378B9C97D2F162348025B
+
+I=80
+KEY=7F6A63E54C7FFA9F346852BEA8BE9C74
+CT=7923AF8E50F378B9C97D2F162348025B
+PT=3BEFAB920CA31A6B8B87E11DF97B42DE
+
+I=81
+KEY=4485C87740DCE0F4BFEFB3A351C5DEAA
+CT=3BEFAB920CA31A6B8B87E11DF97B42DE
+PT=4661D6B8004611976A21C69804D102C0
+
+I=82
+KEY=02E41ECF409AF163D5CE753B5514DC6A
+CT=4661D6B8004611976A21C69804D102C0
+PT=B861DF2279F2AEE4FCFD7D322AD0BE2B
+
+I=83
+KEY=BA85C1ED39685F87293308097FC46241
+CT=B861DF2279F2AEE4FCFD7D322AD0BE2B
+PT=1785745618A541F9454443FFB494F2E9
+
+I=84
+KEY=AD00B5BB21CD1E7E6C774BF6CB5090A8
+CT=1785745618A541F9454443FFB494F2E9
+PT=AA7507A80B4CCF33E8B4F09E2D7004F6
+
+I=85
+KEY=0775B2132A81D14D84C3BB68E620945E
+CT=AA7507A80B4CCF33E8B4F09E2D7004F6
+PT=433412B8F10F81A557AC461823097FC7
+
+I=86
+KEY=4441A0ABDB8E50E8D36FFD70C529EB99
+CT=433412B8F10F81A557AC461823097FC7
+PT=EC3206BDB3765876B74952C411D40373
+
+I=87
+KEY=A873A61668F8089E6426AFB4D4FDE8EA
+CT=EC3206BDB3765876B74952C411D40373
+PT=F7F994027D328FA3D70C9DEABD3BE733
+
+I=88
+KEY=5F8A321415CA873DB32A325E69C60FD9
+CT=F7F994027D328FA3D70C9DEABD3BE733
+PT=E2A8419BF86A2408ED8D0274A5CE0E10
+
+I=89
+KEY=BD22738FEDA0A3355EA7302ACC0801C9
+CT=E2A8419BF86A2408ED8D0274A5CE0E10
+PT=80FB8CD5243C89D77F503B2F16979F90
+
+I=90
+KEY=3DD9FF5AC99C2AE221F70B05DA9F9E59
+CT=80FB8CD5243C89D77F503B2F16979F90
+PT=F7773137F233AE2609C2C9AC36F58224
+
+I=91
+KEY=CAAECE6D3BAF84C42835C2A9EC6A1C7D
+CT=F7773137F233AE2609C2C9AC36F58224
+PT=F3D0A1DADA4A009E8E4C0EF717469BCD
+
+I=92
+KEY=397E6FB7E1E5845AA679CC5EFB2C87B0
+CT=F3D0A1DADA4A009E8E4C0EF717469BCD
+PT=0AC0FF22EB653A26A3F1F0CFE3808609
+
+I=93
+KEY=33BE90950A80BE7C05883C9118AC01B9
+CT=0AC0FF22EB653A26A3F1F0CFE3808609
+PT=28FF865CE11720BB1B56EF49D7D1840D
+
+I=94
+KEY=1B4116C9EB979EC71EDED3D8CF7D85B4
+CT=28FF865CE11720BB1B56EF49D7D1840D
+PT=001FAF58E22F5E8ED6BCC7FD581D7C2F
+
+I=95
+KEY=1B5EB99109B8C049C86214259760F99B
+CT=001FAF58E22F5E8ED6BCC7FD581D7C2F
+PT=32B41303A58AB49CB4CB2322B77383B3
+
+I=96
+KEY=29EAAA92AC3274D57CA9370720137A28
+CT=32B41303A58AB49CB4CB2322B77383B3
+PT=9C52020FCDE0306C8E19CDF68FEFDF50
+
+I=97
+KEY=B5B8A89D61D244B9F2B0FAF1AFFCA578
+CT=9C52020FCDE0306C8E19CDF68FEFDF50
+PT=2E3452997687D12E3A8C59B9178B09E2
+
+I=98
+KEY=9B8CFA0417559597C83CA348B877AC9A
+CT=2E3452997687D12E3A8C59B9178B09E2
+PT=872CF16DBB7CD6EA8EBB91A60BDE0C6F
+
+I=99
+KEY=1CA00B69AC29437D468732EEB3A9A0F5
+CT=872CF16DBB7CD6EA8EBB91A60BDE0C6F
+PT=7862C78E3B209535E6C6BE92F5EDF42B
+
+I=100
+KEY=64C2CCE79709D648A0418C7C464454DE
+CT=7862C78E3B209535E6C6BE92F5EDF42B
+PT=9185D8487C1D2DB679A52FDA2FE5FFCD
+
+I=101
+KEY=F54714AFEB14FBFED9E4A3A669A1AB13
+CT=9185D8487C1D2DB679A52FDA2FE5FFCD
+PT=77C3AF8C81CDB1CDEF5C0429CF3E5DA4
+
+I=102
+KEY=8284BB236AD94A3336B8A78FA69FF6B7
+CT=77C3AF8C81CDB1CDEF5C0429CF3E5DA4
+PT=6F36C74290EA6332E98CD23D08AEF7F9
+
+I=103
+KEY=EDB27C61FA332901DF3475B2AE31014E
+CT=6F36C74290EA6332E98CD23D08AEF7F9
+PT=4A7831538FA1D32E3F8631BEFD99AA73
+
+I=104
+KEY=A7CA4D327592FA2FE0B2440C53A8AB3D
+CT=4A7831538FA1D32E3F8631BEFD99AA73
+PT=5D2B599D9AF9054A99C25577C9286C9E
+
+I=105
+KEY=FAE114AFEF6BFF657970117B9A80C7A3
+CT=5D2B599D9AF9054A99C25577C9286C9E
+PT=65E4088200BCC01FCEE39C6E42082FD8
+
+I=106
+KEY=9F051C2DEFD73F7AB7938D15D888E87B
+CT=65E4088200BCC01FCEE39C6E42082FD8
+PT=4588E0D3AABBEFE611B9576391B903E9
+
+I=107
+KEY=DA8DFCFE456CD09CA62ADA764931EB92
+CT=4588E0D3AABBEFE611B9576391B903E9
+PT=A55622F833FF271DD8A8F01CF5828FCF
+
+I=108
+KEY=7FDBDE067693F7817E822A6ABCB3645D
+CT=A55622F833FF271DD8A8F01CF5828FCF
+PT=8C954010C870B2DB7FA44E1DEBFE6DE8
+
+I=109
+KEY=F34E9E16BEE3455A01266477574D09B5
+CT=8C954010C870B2DB7FA44E1DEBFE6DE8
+PT=58B7BD00ED18FC81E618807DE65305B8
+
+I=110
+KEY=ABF9231653FBB9DBE73EE40AB11E0C0D
+CT=58B7BD00ED18FC81E618807DE65305B8
+PT=EF82E5F4879039F2A1A4CC2F2044BD14
+
+I=111
+KEY=447BC6E2D46B8029469A2825915AB119
+CT=EF82E5F4879039F2A1A4CC2F2044BD14
+PT=2B6C12307F14FD50B41D8F972B19AC76
+
+I=112
+KEY=6F17D4D2AB7F7D79F287A7B2BA431D6F
+CT=2B6C12307F14FD50B41D8F972B19AC76
+PT=C9B6D042CE76892D17F70D4EE00A0D79
+
+I=113
+KEY=A6A104906509F454E570AAFC5A491016
+CT=C9B6D042CE76892D17F70D4EE00A0D79
+PT=1B08F9293BBFC44DDCF2C1D26A9DD00B
+
+I=114
+KEY=BDA9FDB95EB6301939826B2E30D4C01D
+CT=1B08F9293BBFC44DDCF2C1D26A9DD00B
+PT=4FD353B247048FAAA728E10C691C70CA
+
+I=115
+KEY=F27AAE0B19B2BFB39EAA8A2259C8B0D7
+CT=4FD353B247048FAAA728E10C691C70CA
+PT=0BBB6FDBC62C428B85111BC7C93AE994
+
+I=116
+KEY=F9C1C1D0DF9EFD381BBB91E590F25943
+CT=0BBB6FDBC62C428B85111BC7C93AE994
+PT=9C1A213A5772DE6C15CE7406F84BED03
+
+I=117
+KEY=65DBE0EA88EC23540E75E5E368B9B440
+CT=9C1A213A5772DE6C15CE7406F84BED03
+PT=AB3DE06BBDB213D64F735CA990DC373C
+
+I=118
+KEY=CEE60081355E30824106B94AF865837C
+CT=AB3DE06BBDB213D64F735CA990DC373C
+PT=6C004A1A114E90C7903AA4A0120A2B10
+
+I=119
+KEY=A2E64A9B2410A045D13C1DEAEA6FA86C
+CT=6C004A1A114E90C7903AA4A0120A2B10
+PT=6405A033C294E72119A8955712548121
+
+I=120
+KEY=C6E3EAA8E6844764C89488BDF83B294D
+CT=6405A033C294E72119A8955712548121
+PT=AE8A3BAC7279B1BC152A5AD8EBAC3EAD
+
+I=121
+KEY=6869D10494FDF6D8DDBED265139717E0
+CT=AE8A3BAC7279B1BC152A5AD8EBAC3EAD
+PT=4ADDA9999D2BE20D8925F39699563294
+
+I=122
+KEY=22B4789D09D614D5549B21F38AC12574
+CT=4ADDA9999D2BE20D8925F39699563294
+PT=BC5CA33CB2A1A580EB92946C77A63467
+
+I=123
+KEY=9EE8DBA1BB77B155BF09B59FFD671113
+CT=BC5CA33CB2A1A580EB92946C77A63467
+PT=F7ABEAD301264A3E59EABA0B9606DC92
+
+I=124
+KEY=69433172BA51FB6BE6E30F946B61CD81
+CT=F7ABEAD301264A3E59EABA0B9606DC92
+PT=2566114A10BE9BF19E0910486DAB6BE5
+
+I=125
+KEY=4C252038AAEF609A78EA1FDC06CAA664
+CT=2566114A10BE9BF19E0910486DAB6BE5
+PT=AF72E1B179660A1B833D9D4FC8473B6B
+
+I=126
+KEY=E357C189D3896A81FBD78293CE8D9D0F
+CT=AF72E1B179660A1B833D9D4FC8473B6B
+PT=DFF968B761D8E154B74C9D568C12008E
+
+I=127
+KEY=3CAEA93EB2518BD54C9B1FC5429F9D81
+CT=DFF968B761D8E154B74C9D568C12008E
+PT=42DF098BCB57D0D25269E29C9BC99DE6
+
+I=128
+KEY=7E71A0B579065B071EF2FD59D9560067
+CT=42DF098BCB57D0D25269E29C9BC99DE6
+PT=66C34CAAEFC2009B985D1E622FC61AB4
+
+I=129
+KEY=18B2EC1F96C45B9C86AFE33BF6901AD3
+CT=66C34CAAEFC2009B985D1E622FC61AB4
+PT=150C1BF943982C5EA1A6839D94F23288
+
+I=130
+KEY=0DBEF7E6D55C77C2270960A66262285B
+CT=150C1BF943982C5EA1A6839D94F23288
+PT=048BFBB28879206964C5F3B41264011A
+
+I=131
+KEY=09350C545D2557AB43CC931270062941
+CT=048BFBB28879206964C5F3B41264011A
+PT=54D2DC53B87EC949F0FA0E134EE26D50
+
+I=132
+KEY=5DE7D007E55B9EE2B3369D013EE44411
+CT=54D2DC53B87EC949F0FA0E134EE26D50
+PT=1BA46AFE1AE87C4F0254BF02DF3B6D37
+
+I=133
+KEY=4643BAF9FFB3E2ADB1622203E1DF2926
+CT=1BA46AFE1AE87C4F0254BF02DF3B6D37
+PT=7733E74E743C9E997AC2ED36B2E89CE8
+
+I=134
+KEY=31705DB78B8F7C34CBA0CF355337B5CE
+CT=7733E74E743C9E997AC2ED36B2E89CE8
+PT=670AEA160FAC67ABCECA140EB8195EB5
+
+I=135
+KEY=567AB7A184231B9F056ADB3BEB2EEB7B
+CT=670AEA160FAC67ABCECA140EB8195EB5
+PT=7CFD74D510AC894FF5B698280386F4FF
+
+I=136
+KEY=2A87C374948F92D0F0DC4313E8A81F84
+CT=7CFD74D510AC894FF5B698280386F4FF
+PT=10D03F32C0694E9FFF598E101998105E
+
+I=137
+KEY=3A57FC4654E6DC4F0F85CD03F1300FDA
+CT=10D03F32C0694E9FFF598E101998105E
+PT=351D6E8D1C26F36973356F6235B8ABAD
+
+I=138
+KEY=0F4A92CB48C02F267CB0A261C488A477
+CT=351D6E8D1C26F36973356F6235B8ABAD
+PT=0DDDA7AA09FBD986C0B9EA2B018FAE4F
+
+I=139
+KEY=02973561413BF6A0BC09484AC5070A38
+CT=0DDDA7AA09FBD986C0B9EA2B018FAE4F
+PT=31C5B68B7A08D1B7320FAB052CC3B0D1
+
+I=140
+KEY=335283EA3B3327178E06E34FE9C4BAE9
+CT=31C5B68B7A08D1B7320FAB052CC3B0D1
+PT=501B8D9EE91468522029020A39484DB5
+
+I=141
+KEY=63490E74D2274F45AE2FE145D08CF75C
+CT=501B8D9EE91468522029020A39484DB5
+PT=2714FBA566DFD4909B8ABF29B1D5A8E8
+
+I=142
+KEY=445DF5D1B4F89BD535A55E6C61595FB4
+CT=2714FBA566DFD4909B8ABF29B1D5A8E8
+PT=94485381E5088D67BC1335C89FA5C2B8
+
+I=143
+KEY=D015A65051F016B289B66BA4FEFC9D0C
+CT=94485381E5088D67BC1335C89FA5C2B8
+PT=BE5BEE26D6686A0EB5838C237FEF79B7
+
+I=144
+KEY=6E4E487687987CBC3C35E7878113E4BB
+CT=BE5BEE26D6686A0EB5838C237FEF79B7
+PT=417F73D46CFBE3C5C9AD513BCBC6D185
+
+I=145
+KEY=2F313BA2EB639F79F598B6BC4AD5353E
+CT=417F73D46CFBE3C5C9AD513BCBC6D185
+PT=AE3B07350B3BE7D4F9F6FE2F95622449
+
+I=146
+KEY=810A3C97E05878AD0C6E4893DFB71177
+CT=AE3B07350B3BE7D4F9F6FE2F95622449
+PT=7BD4231225A7B665953AB034E24A7C7A
+
+I=147
+KEY=FADE1F85C5FFCEC89954F8A73DFD6D0D
+CT=7BD4231225A7B665953AB034E24A7C7A
+PT=3C1FBE8F3CEB1438B4A64E59FAF291CF
+
+I=148
+KEY=C6C1A10AF914DAF02DF2B6FEC70FFCC2
+CT=3C1FBE8F3CEB1438B4A64E59FAF291CF
+PT=ACFF7F1E71AA952CF8ADB24FEE18A7BB
+
+I=149
+KEY=6A3EDE1488BE4FDCD55F04B129175B79
+CT=ACFF7F1E71AA952CF8ADB24FEE18A7BB
+PT=3C3A6D3FD73B36317417106A92E2B43E
+
+I=150
+KEY=5604B32B5F8579EDA14814DBBBF5EF47
+CT=3C3A6D3FD73B36317417106A92E2B43E
+PT=F34F8C719A4A74DD8F4FA4CBC520827A
+
+I=151
+KEY=A54B3F5AC5CF0D302E07B0107ED56D3D
+CT=F34F8C719A4A74DD8F4FA4CBC520827A
+PT=6A5D56FB6C7EBA15112AF8A093F3E1E1
+
+I=152
+KEY=CF1669A1A9B1B7253F2D48B0ED268CDC
+CT=6A5D56FB6C7EBA15112AF8A093F3E1E1
+PT=8BF39EE3B8ED0F6A6EA92319A81B10E6
+
+I=153
+KEY=44E5F742115CB84F51846BA9453D9C3A
+CT=8BF39EE3B8ED0F6A6EA92319A81B10E6
+PT=2BC796D320C444BBBAD466D686F460F6
+
+I=154
+KEY=6F2261913198FCF4EB500D7FC3C9FCCC
+CT=2BC796D320C444BBBAD466D686F460F6
+PT=2CF595F424ED50B1A146E387B128CBA3
+
+I=155
+KEY=43D7F4651575AC454A16EEF872E1376F
+CT=2CF595F424ED50B1A146E387B128CBA3
+PT=56F2E856045BAE66EA003A6C39205344
+
+I=156
+KEY=15251C33112E0223A016D4944BC1642B
+CT=56F2E856045BAE66EA003A6C39205344
+PT=31C83401BD83424BA6E94C0D6D453D9A
+
+I=157
+KEY=24ED2832ACAD406806FF9899268459B1
+CT=31C83401BD83424BA6E94C0D6D453D9A
+PT=A687F05992CCB57CDE61AFF8878913ED
+
+I=158
+KEY=826AD86B3E61F514D89E3761A10D4A5C
+CT=A687F05992CCB57CDE61AFF8878913ED
+PT=16E771193C2473502F415C27FB101D94
+
+I=159
+KEY=948DA97202458644F7DF6B465A1D57C8
+CT=16E771193C2473502F415C27FB101D94
+PT=C69CDBA29C9EDC3407C1C73A756A0B6E
+
+I=160
+KEY=521172D09EDB5A70F01EAC7C2F775CA6
+CT=C69CDBA29C9EDC3407C1C73A756A0B6E
+PT=566D82281F48E3217F3852115CF2E944
+
+I=161
+KEY=047CF0F88193B9518F26FE6D7385B5E2
+CT=566D82281F48E3217F3852115CF2E944
+PT=B3FEBC8F8F0F0B652C4358BCC9BF54DF
+
+I=162
+KEY=B7824C770E9CB234A365A6D1BA3AE13D
+CT=B3FEBC8F8F0F0B652C4358BCC9BF54DF
+PT=BBB84877094B3EB86203D17C92CF5168
+
+I=163
+KEY=0C3A040007D78C8CC16677AD28F5B055
+CT=BBB84877094B3EB86203D17C92CF5168
+PT=2C45E5A3F8C564862DA4D8AD428D3E67
+
+I=164
+KEY=207FE1A3FF12E80AECC2AF006A788E32
+CT=2C45E5A3F8C564862DA4D8AD428D3E67
+PT=10ADC2AF56600D95AD8BB579EF5170C9
+
+I=165
+KEY=30D2230CA972E59F41491A798529FEFB
+CT=10ADC2AF56600D95AD8BB579EF5170C9
+PT=1854BB8AC568F3599153BE1AC60BA78D
+
+I=166
+KEY=288698866C1A16C6D01AA46343225976
+CT=1854BB8AC568F3599153BE1AC60BA78D
+PT=E641765C80D8812A1A0F4606C639642E
+
+I=167
+KEY=CEC7EEDAECC297ECCA15E265851B3D58
+CT=E641765C80D8812A1A0F4606C639642E
+PT=317AC70CEAA87AE66A15C22BD5E534E5
+
+I=168
+KEY=FFBD29D6066AED0AA000204E50FE09BD
+CT=317AC70CEAA87AE66A15C22BD5E534E5
+PT=BFFB8D7B3D9F54727944ABC3F6474362
+
+I=169
+KEY=4046A4AD3BF5B978D9448B8DA6B94ADF
+CT=BFFB8D7B3D9F54727944ABC3F6474362
+PT=060765D1D9D289B862DA274CFDB4D7A0
+
+I=170
+KEY=4641C17CE22730C0BB9EACC15B0D9D7F
+CT=060765D1D9D289B862DA274CFDB4D7A0
+PT=FBAFA4C1D6CEF2A45E9E084311FDF858
+
+I=171
+KEY=BDEE65BD34E9C264E500A4824AF06527
+CT=FBAFA4C1D6CEF2A45E9E084311FDF858
+PT=F7F36BFDA77362B470B0B074241C58E9
+
+I=172
+KEY=4A1D0E40939AA0D095B014F66EEC3DCE
+CT=F7F36BFDA77362B470B0B074241C58E9
+PT=2FC236EDCD573A6DCFBA7930E9CF4698
+
+I=173
+KEY=65DF38AD5ECD9ABD5A0A6DC687237B56
+CT=2FC236EDCD573A6DCFBA7930E9CF4698
+PT=949A9994DC976595BFACA5F31116A165
+
+I=174
+KEY=F145A139825AFF28E5A6C8359635DA33
+CT=949A9994DC976595BFACA5F31116A165
+PT=19373CA9D519BF83EAA4C17E1EE8225C
+
+I=175
+KEY=E8729D90574340AB0F02094B88DDF86F
+CT=19373CA9D519BF83EAA4C17E1EE8225C
+PT=685C783918997A7572B0A09315F1F2DB
+
+I=176
+KEY=802EE5A94FDA3ADE7DB2A9D89D2C0AB4
+CT=685C783918997A7572B0A09315F1F2DB
+PT=FC0CB1792EADB7E8DECB021A435DE1E7
+
+I=177
+KEY=7C2254D061778D36A379ABC2DE71EB53
+CT=FC0CB1792EADB7E8DECB021A435DE1E7
+PT=797C5E5B4F3B38E7C72FF7AAAB270E86
+
+I=178
+KEY=055E0A8B2E4CB5D164565C687556E5D5
+CT=797C5E5B4F3B38E7C72FF7AAAB270E86
+PT=A5AB675262EA186F777681647B6AA1F9
+
+I=179
+KEY=A0F56DD94CA6ADBE1320DD0C0E3C442C
+CT=A5AB675262EA186F777681647B6AA1F9
+PT=08CDF6AF55BBB247D0DE1A69CD041A78
+
+I=180
+KEY=A8389B76191D1FF9C3FEC765C3385E54
+CT=08CDF6AF55BBB247D0DE1A69CD041A78
+PT=DED1F3C30AB5EC3455C7B6A756E5FF03
+
+I=181
+KEY=76E968B513A8F3CD963971C295DDA157
+CT=DED1F3C30AB5EC3455C7B6A756E5FF03
+PT=C759A17B354D668D1BA5541D16241D9F
+
+I=182
+KEY=B1B0C9CE26E595408D9C25DF83F9BCC8
+CT=C759A17B354D668D1BA5541D16241D9F
+PT=97E011FE7B327B8292270D4CD18BD9AC
+
+I=183
+KEY=2650D8305DD7EEC21FBB289352726564
+CT=97E011FE7B327B8292270D4CD18BD9AC
+PT=9F004E4282F790C06681F16262EF78CF
+
+I=184
+KEY=B9509672DF207E02793AD9F1309D1DAB
+CT=9F004E4282F790C06681F16262EF78CF
+PT=6B34AA95EFD874915DAE275CE34A04B9
+
+I=185
+KEY=D2643CE730F80A932494FEADD3D71912
+CT=6B34AA95EFD874915DAE275CE34A04B9
+PT=96966D118C50B67849F93B109492B5EB
+
+I=186
+KEY=44F251F6BCA8BCEB6D6DC5BD4745ACF9
+CT=96966D118C50B67849F93B109492B5EB
+PT=2CA6F85E4F29BE884392A0FEDD08D5A7
+
+I=187
+KEY=6854A9A8F38102632EFF65439A4D795E
+CT=2CA6F85E4F29BE884392A0FEDD08D5A7
+PT=21B71D4F23DDC002CAAFB7426009BD27
+
+I=188
+KEY=49E3B4E7D05CC261E450D201FA44C479
+CT=21B71D4F23DDC002CAAFB7426009BD27
+PT=BF059F1945E9E51B22B308849757B475
+
+I=189
+KEY=F6E62BFE95B5277AC6E3DA856D13700C
+CT=BF059F1945E9E51B22B308849757B475
+PT=434F4E756A3178472E12B80A1C2ED83E
+
+I=190
+KEY=B5A9658BFF845F3DE8F1628F713DA832
+CT=434F4E756A3178472E12B80A1C2ED83E
+PT=37DB2B0D5967700CDE348FB60661A6D4
+
+I=191
+KEY=82724E86A6E32F3136C5ED39775C0EE6
+CT=37DB2B0D5967700CDE348FB60661A6D4
+PT=D31C5130F8F217AC0014B5F37B9BB86B
+
+I=192
+KEY=516E1FB65E11389D36D158CA0CC7B68D
+CT=D31C5130F8F217AC0014B5F37B9BB86B
+PT=3B8CD15967907F9C617697EBEF395B16
+
+I=193
+KEY=6AE2CEEF3981470157A7CF21E3FEED9B
+CT=3B8CD15967907F9C617697EBEF395B16
+PT=AF17B5E5236BF46576379CD4E5AF8A34
+
+I=194
+KEY=C5F57B0A1AEAB364219053F5065167AF
+CT=AF17B5E5236BF46576379CD4E5AF8A34
+PT=88286D6FB237181EC239C1D70C0D6675
+
+I=195
+KEY=4DDD1665A8DDAB7AE3A992220A5C01DA
+CT=88286D6FB237181EC239C1D70C0D6675
+PT=8A5207BB1283343B3692045183451A7D
+
+I=196
+KEY=C78F11DEBA5E9F41D53B967389191BA7
+CT=8A5207BB1283343B3692045183451A7D
+PT=53C12FAC4B0185AA0CE067FC67EC5B9C
+
+I=197
+KEY=944E3E72F15F1AEBD9DBF18FEEF5403B
+CT=53C12FAC4B0185AA0CE067FC67EC5B9C
+PT=BBA2BB9B1CA48D2E97E0C39E500EB9C0
+
+I=198
+KEY=2FEC85E9EDFB97C54E3B3211BEFBF9FB
+CT=BBA2BB9B1CA48D2E97E0C39E500EB9C0
+PT=8BA2341064B7B5184CD7E7A40FA0358E
+
+I=199
+KEY=A44EB1F9894C22DD02ECD5B5B15BCC75
+CT=8BA2341064B7B5184CD7E7A40FA0358E
+PT=97121EEEA68CC6200FBC0B311849E625
+
+I=200
+KEY=335CAF172FC0E4FD0D50DE84A9122A50
+CT=97121EEEA68CC6200FBC0B311849E625
+PT=027FA370A9412B342043A15F19294961
+
+I=201
+KEY=31230C678681CFC92D137FDBB03B6331
+CT=027FA370A9412B342043A15F19294961
+PT=72CFBE6BA03AB28A53A6727717D1199A
+
+I=202
+KEY=43ECB20C26BB7D437EB50DACA7EA7AAB
+CT=72CFBE6BA03AB28A53A6727717D1199A
+PT=7A15B1B4B4ED35F9C208500FE7C4C1C7
+
+I=203
+KEY=39F903B8925648BABCBD5DA3402EBB6C
+CT=7A15B1B4B4ED35F9C208500FE7C4C1C7
+PT=AF46496D09254FAB5F381E93EEB4FBB0
+
+I=204
+KEY=96BF4AD59B730711E3854330AE9A40DC
+CT=AF46496D09254FAB5F381E93EEB4FBB0
+PT=ADA064E0F4324E8B0C062F6E33C7D016
+
+I=205
+KEY=3B1F2E356F41499AEF836C5E9D5D90CA
+CT=ADA064E0F4324E8B0C062F6E33C7D016
+PT=7723A61733BD5BBFAB8C559ED379B8B5
+
+I=206
+KEY=4C3C88225CFC1225440F39C04E24287F
+CT=7723A61733BD5BBFAB8C559ED379B8B5
+PT=5D210E8F35DD863316E89FADA70E8392
+
+I=207
+KEY=111D86AD6921941652E7A66DE92AABED
+CT=5D210E8F35DD863316E89FADA70E8392
+PT=92B1D20E7D87787950990052DE2ABA4F
+
+I=208
+KEY=83AC54A314A6EC6F027EA63F370011A2
+CT=92B1D20E7D87787950990052DE2ABA4F
+PT=178E494D23AA6AC13AC180727C47FD2A
+
+I=209
+KEY=94221DEE370C86AE38BF264D4B47EC88
+CT=178E494D23AA6AC13AC180727C47FD2A
+PT=CB9C10817C059D5BE4F123576FF459C6
+
+I=210
+KEY=5FBE0D6F4B091BF5DC4E051A24B3B54E
+CT=CB9C10817C059D5BE4F123576FF459C6
+PT=4934C56CC7BAF0A8DEBB62CFB2B0DEBF
+
+I=211
+KEY=168AC8038CB3EB5D02F567D596036BF1
+CT=4934C56CC7BAF0A8DEBB62CFB2B0DEBF
+PT=F6F2A4B90B357D88401702C968D9EC02
+
+I=212
+KEY=E0786CBA878696D542E2651CFEDA87F3
+CT=F6F2A4B90B357D88401702C968D9EC02
+PT=06A35CAD7B36751BEE345C33112EB6D1
+
+I=213
+KEY=E6DB3017FCB0E3CEACD6392FEFF43122
+CT=06A35CAD7B36751BEE345C33112EB6D1
+PT=3244CDE10DF48795DA702CD8C2F4CABD
+
+I=214
+KEY=D49FFDF6F144645B76A615F72D00FB9F
+CT=3244CDE10DF48795DA702CD8C2F4CABD
+PT=47C06F5BEA8C3503512E0E200966C546
+
+I=215
+KEY=935F92AD1BC8515827881BD724663ED9
+CT=47C06F5BEA8C3503512E0E200966C546
+PT=68A077D25CBEA7F76B88D8C6A414D0CE
+
+I=216
+KEY=FBFFE57F4776F6AF4C00C3118072EE17
+CT=68A077D25CBEA7F76B88D8C6A414D0CE
+PT=DDF110C2C79B46C5132CCEF654280D7E
+
+I=217
+KEY=260EF5BD80EDB06A5F2C0DE7D45AE369
+CT=DDF110C2C79B46C5132CCEF654280D7E
+PT=0AB610A0082813076D052011C12DC924
+
+I=218
+KEY=2CB8E51D88C5A36D32292DF615772A4D
+CT=0AB610A0082813076D052011C12DC924
+PT=8C42F49EDAE1BD6B631E74B68B1B8444
+
+I=219
+KEY=A0FA118352241E06513759409E6CAE09
+CT=8C42F49EDAE1BD6B631E74B68B1B8444
+PT=B5A5B6E50B3A066D16DF883F353019FE
+
+I=220
+KEY=155FA766591E186B47E8D17FAB5CB7F7
+CT=B5A5B6E50B3A066D16DF883F353019FE
+PT=70CFA25AFC9919937E2FC90900F0B398
+
+I=221
+KEY=6590053CA58701F839C71876ABAC046F
+CT=70CFA25AFC9919937E2FC90900F0B398
+PT=B927A5911AE33DEAB619DAFEE22CD0DF
+
+I=222
+KEY=DCB7A0ADBF643C128FDEC2884980D4B0
+CT=B927A5911AE33DEAB619DAFEE22CD0DF
+PT=10C548438C5B976EDD624129B2102D7A
+
+I=223
+KEY=CC72E8EE333FAB7C52BC83A1FB90F9CA
+CT=10C548438C5B976EDD624129B2102D7A
+PT=4549E45DA2F8FE82972DC7DF3548CAFF
+
+I=224
+KEY=893B0CB391C755FEC591447ECED83335
+CT=4549E45DA2F8FE82972DC7DF3548CAFF
+PT=2B85505E64089FEB6B5763011E778C96
+
+I=225
+KEY=A2BE5CEDF5CFCA15AEC6277FD0AFBFA3
+CT=2B85505E64089FEB6B5763011E778C96
+PT=4B157930F9A6EBE3D9D6AC9FADDEB35C
+
+I=226
+KEY=E9AB25DD0C6921F677108BE07D710CFF
+CT=4B157930F9A6EBE3D9D6AC9FADDEB35C
+PT=12341C0FE9EB6757BFFCC4BC1A8F2585
+
+I=227
+KEY=FB9F39D2E58246A1C8EC4F5C67FE297A
+CT=12341C0FE9EB6757BFFCC4BC1A8F2585
+PT=5422D62D794B02FC04BE01198EE23ACE
+
+I=228
+KEY=AFBDEFFF9CC9445DCC524E45E91C13B4
+CT=5422D62D794B02FC04BE01198EE23ACE
+PT=42D43022FD6DB571BCB2FDE653C9068C
+
+I=229
+KEY=ED69DFDD61A4F12C70E0B3A3BAD51538
+CT=42D43022FD6DB571BCB2FDE653C9068C
+PT=80BD3AAED5D519B75D22BF060EF1DFC6
+
+I=230
+KEY=6DD4E573B471E89B2DC20CA5B424CAFE
+CT=80BD3AAED5D519B75D22BF060EF1DFC6
+PT=B72973F9016A348CDDCCFFC2DD291B5A
+
+I=231
+KEY=DAFD968AB51BDC17F00EF367690DD1A4
+CT=B72973F9016A348CDDCCFFC2DD291B5A
+PT=5692E61C86A7B2C043ABBED712390361
+
+I=232
+KEY=8C6F709633BC6ED7B3A54DB07B34D2C5
+CT=5692E61C86A7B2C043ABBED712390361
+PT=75138737269AA27855C2CFD2DCEDEFC4
+
+I=233
+KEY=F97CF7A11526CCAFE6678262A7D93D01
+CT=75138737269AA27855C2CFD2DCEDEFC4
+PT=A022AA28CECC4BB5EB28BA5B7828AB6E
+
+I=234
+KEY=595E5D89DBEA871A0D4F3839DFF1966F
+CT=A022AA28CECC4BB5EB28BA5B7828AB6E
+PT=17B0BF87EE02AA44705B1B1B4DF7D3F4
+
+I=235
+KEY=4EEEE20E35E82D5E7D1423229206459B
+CT=17B0BF87EE02AA44705B1B1B4DF7D3F4
+PT=095A5A041C43DCFEB5D0DF3E7659344A
+
+I=236
+KEY=47B4B80A29ABF1A0C8C4FC1CE45F71D1
+CT=095A5A041C43DCFEB5D0DF3E7659344A
+PT=9DCE0D1C572509F3367EE952B89044E5
+
+I=237
+KEY=DA7AB5167E8EF853FEBA154E5CCF3534
+CT=9DCE0D1C572509F3367EE952B89044E5
+PT=E6075BCC82399A91E52034EA2F197058
+
+I=238
+KEY=3C7DEEDAFCB762C21B9A21A473D6456C
+CT=E6075BCC82399A91E52034EA2F197058
+PT=431D243CEE96B424B0FA4FEC5E707036
+
+I=239
+KEY=7F60CAE61221D6E6AB606E482DA6355A
+CT=431D243CEE96B424B0FA4FEC5E707036
+PT=5EF70106A2EA454CA9405A8AA1B54EF0
+
+I=240
+KEY=2197CBE0B0CB93AA022034C28C137BAA
+CT=5EF70106A2EA454CA9405A8AA1B54EF0
+PT=09B003CB7E2ADDD587A2ABCDD03D234F
+
+I=241
+KEY=2827C82BCEE14E7F85829F0F5C2E58E5
+CT=09B003CB7E2ADDD587A2ABCDD03D234F
+PT=3647FAC6EF758113DC768E7737098DE9
+
+I=242
+KEY=1E6032ED2194CF6C59F411786B27D50C
+CT=3647FAC6EF758113DC768E7737098DE9
+PT=C043BD96A88492C85431B72C708C3C60
+
+I=243
+KEY=DE238F7B89105DA40DC5A6541BABE96C
+CT=C043BD96A88492C85431B72C708C3C60
+PT=299A25142A6B5D334158D359DD9CD574
+
+I=244
+KEY=F7B9AA6FA37B00974C9D750DC6373C18
+CT=299A25142A6B5D334158D359DD9CD574
+PT=21E56C2202C8D6F81EDC63A8A1EA4B6A
+
+I=245
+KEY=D65CC64DA1B3D66F524116A567DD7772
+CT=21E56C2202C8D6F81EDC63A8A1EA4B6A
+PT=FD3565957E3845065B7AEF27A900FDD5
+
+I=246
+KEY=2B69A3D8DF8B9369093BF982CEDD8AA7
+CT=FD3565957E3845065B7AEF27A900FDD5
+PT=A4DB9120D1ED0419342AFC2CBF114647
+
+I=247
+KEY=8FB232F80E6697703D1105AE71CCCCE0
+CT=A4DB9120D1ED0419342AFC2CBF114647
+PT=27FDDEA1E746BD217CFB4CD7A511BACE
+
+I=248
+KEY=A84FEC59E9202A5141EA4979D4DD762E
+CT=27FDDEA1E746BD217CFB4CD7A511BACE
+PT=6A9189FD46E47B22F151A213D023442B
+
+I=249
+KEY=C2DE65A4AFC45173B0BBEB6A04FE3205
+CT=6A9189FD46E47B22F151A213D023442B
+PT=1C729701404C76D5D7A156C39CF52542
+
+I=250
+KEY=DEACF2A5EF8827A6671ABDA9980B1747
+CT=1C729701404C76D5D7A156C39CF52542
+PT=6F97CB4564E0783DFE962DCB13FEDF72
+
+I=251
+KEY=B13B39E08B685F9B998C90628BF5C835
+CT=6F97CB4564E0783DFE962DCB13FEDF72
+PT=F818140A280299B182CDA37CBE9B27AB
+
+I=252
+KEY=49232DEAA36AC62A1B41331E356EEF9E
+CT=F818140A280299B182CDA37CBE9B27AB
+PT=20E9F2BE7017C2945005FD8A420A5B7D
+
+I=253
+KEY=69CADF54D37D04BE4B44CE947764B4E3
+CT=20E9F2BE7017C2945005FD8A420A5B7D
+PT=60BB97C634161EF6A36056193B6EDDB0
+
+I=254
+KEY=09714892E76B1A48E824988D4C0A6953
+CT=60BB97C634161EF6A36056193B6EDDB0
+PT=E4B9777B7390EF430A93FF7DD0B68CD4
+
+I=255
+KEY=EDC83FE994FBF50BE2B767F09CBCE587
+CT=E4B9777B7390EF430A93FF7DD0B68CD4
+PT=E5E3BD960CF15BBDB8A6C08711A884CF
+
+I=256
+KEY=082B827F980AAEB65A11A7778D146148
+CT=E5E3BD960CF15BBDB8A6C08711A884CF
+PT=71A6AEFD0181DCE69A116585044C7F66
+
+I=257
+KEY=798D2C82998B7250C000C2F289581E2E
+CT=71A6AEFD0181DCE69A116585044C7F66
+PT=8E9C1CFFDB8972617D74DA0E9ED065D1
+
+I=258
+KEY=F711307D42020031BD7418FC17887BFF
+CT=8E9C1CFFDB8972617D74DA0E9ED065D1
+PT=CE7882AB901A199910FC463A4D1D626A
+
+I=259
+KEY=3969B2D6D21819A8AD885EC65A951995
+CT=CE7882AB901A199910FC463A4D1D626A
+PT=2334546032E850D0029CB1AD6AFCEA7A
+
+I=260
+KEY=1A5DE6B6E0F04978AF14EF6B3069F3EF
+CT=2334546032E850D0029CB1AD6AFCEA7A
+PT=88B4CF0D4AB7BD00BE98DA1626063A69
+
+I=261
+KEY=92E929BBAA47F478118C357D166FC986
+CT=88B4CF0D4AB7BD00BE98DA1626063A69
+PT=5A7FF831F28E5EC4A11DA524E2323925
+
+I=262
+KEY=C896D18A58C9AABCB0919059F45DF0A3
+CT=5A7FF831F28E5EC4A11DA524E2323925
+PT=DF000551EF9BBD914969BD1B353BDC8C
+
+I=263
+KEY=1796D4DBB752172DF9F82D42C1662C2F
+CT=DF000551EF9BBD914969BD1B353BDC8C
+PT=1EECBC47697208193C354E28D23E8CE9
+
+I=264
+KEY=097A689CDE201F34C5CD636A1358A0C6
+CT=1EECBC47697208193C354E28D23E8CE9
+PT=DF85CD4B3F821A7411F9F5D1FDF9DB85
+
+I=265
+KEY=D6FFA5D7E1A20540D43496BBEEA17B43
+CT=DF85CD4B3F821A7411F9F5D1FDF9DB85
+PT=038E765F1910D8C0C1251254605218F2
+
+I=266
+KEY=D571D388F8B2DD80151184EF8EF363B1
+CT=038E765F1910D8C0C1251254605218F2
+PT=FBA8FE850294EEAEE75F56C974BF7DE4
+
+I=267
+KEY=2ED92D0DFA26332EF24ED226FA4C1E55
+CT=FBA8FE850294EEAEE75F56C974BF7DE4
+PT=47F9D6F7A3E2A1BFA360EA1BA8B0450E
+
+I=268
+KEY=6920FBFA59C49291512E383D52FC5B5B
+CT=47F9D6F7A3E2A1BFA360EA1BA8B0450E
+PT=FD6F4A4825DE5E776BFD569223CB5A2C
+
+I=269
+KEY=944FB1B27C1ACCE63AD36EAF71370177
+CT=FD6F4A4825DE5E776BFD569223CB5A2C
+PT=10430ED7EE0FDB8FBC348F8E08286622
+
+I=270
+KEY=840CBF659215176986E7E121791F6755
+CT=10430ED7EE0FDB8FBC348F8E08286622
+PT=4B75D5C573185303B01EB649884758B1
+
+I=271
+KEY=CF796AA0E10D446A36F95768F1583FE4
+CT=4B75D5C573185303B01EB649884758B1
+PT=85CCA4271A941517D55D05B4F29527C3
+
+I=272
+KEY=4AB5CE87FB99517DE3A452DC03CD1827
+CT=85CCA4271A941517D55D05B4F29527C3
+PT=615EA2D44C52D639B6AD05D621B4A1A6
+
+I=273
+KEY=2BEB6C53B7CB87445509570A2279B981
+CT=615EA2D44C52D639B6AD05D621B4A1A6
+PT=1DFD1E93D34ABFE45BA6BF6BD3FBF30E
+
+I=274
+KEY=361672C0648138A00EAFE861F1824A8F
+CT=1DFD1E93D34ABFE45BA6BF6BD3FBF30E
+PT=B65C3F09FFFF752DEE2F8F2D441A51CA
+
+I=275
+KEY=804A4DC99B7E4D8DE080674CB5981B45
+CT=B65C3F09FFFF752DEE2F8F2D441A51CA
+PT=3B36D6FD4F7ACAD4681FF4398AC7AFB3
+
+I=276
+KEY=BB7C9B34D4048759889F93753F5FB4F6
+CT=3B36D6FD4F7ACAD4681FF4398AC7AFB3
+PT=F3CDEFABE450D887CD585C280BB22367
+
+I=277
+KEY=48B1749F30545FDE45C7CF5D34ED9791
+CT=F3CDEFABE450D887CD585C280BB22367
+PT=ECC49251BAD79981CA1B1F683A843531
+
+I=278
+KEY=A475E6CE8A83C65F8FDCD0350E69A2A0
+CT=ECC49251BAD79981CA1B1F683A843531
+PT=8BE43F0A30663108513A0E5F49F9152C
+
+I=279
+KEY=2F91D9C4BAE5F757DEE6DE6A4790B78C
+CT=8BE43F0A30663108513A0E5F49F9152C
+PT=DB3D559FCEBE0FAF3B218161BA6B3F07
+
+I=280
+KEY=F4AC8C5B745BF8F8E5C75F0BFDFB888B
+CT=DB3D559FCEBE0FAF3B218161BA6B3F07
+PT=8F0C3AE11B03433C07CABD26BF47A430
+
+I=281
+KEY=7BA0B6BA6F58BBC4E20DE22D42BC2CBB
+CT=8F0C3AE11B03433C07CABD26BF47A430
+PT=73578DC3464CE3EE0314B206E1E9504C
+
+I=282
+KEY=08F73B792914582AE119502BA3557CF7
+CT=73578DC3464CE3EE0314B206E1E9504C
+PT=60DA2C12B296804C608348A54EE1C60D
+
+I=283
+KEY=682D176B9B82D866819A188EEDB4BAFA
+CT=60DA2C12B296804C608348A54EE1C60D
+PT=A960934724BDC61E5429E59856FC1902
+
+I=284
+KEY=C14D842CBF3F1E78D5B3FD16BB48A3F8
+CT=A960934724BDC61E5429E59856FC1902
+PT=6B7E71535C6B7B09BDF19AF79CD58C95
+
+I=285
+KEY=AA33F57FE3546571684267E1279D2F6D
+CT=6B7E71535C6B7B09BDF19AF79CD58C95
+PT=B95E0126EF320F1E6F288366DB7F2773
+
+I=286
+KEY=136DF4590C666A6F076AE487FCE2081E
+CT=B95E0126EF320F1E6F288366DB7F2773
+PT=6403B99D6FE0F85128FDD1F05B81AA6E
+
+I=287
+KEY=776E4DC46386923E2F973577A763A270
+CT=6403B99D6FE0F85128FDD1F05B81AA6E
+PT=9EBA25F2D6CE5817F4317F3AFE6421E7
+
+I=288
+KEY=E9D46836B548CA29DBA64A4D59078397
+CT=9EBA25F2D6CE5817F4317F3AFE6421E7
+PT=5E77AAE8A3C5EEAF4732BB310DAC3771
+
+I=289
+KEY=B7A3C2DE168D24869C94F17C54ABB4E6
+CT=5E77AAE8A3C5EEAF4732BB310DAC3771
+PT=5FD00675371300B60C30EFCEE0171080
+
+I=290
+KEY=E873C4AB219E243090A41EB2B4BCA466
+CT=5FD00675371300B60C30EFCEE0171080
+PT=482D701DBCE3AE108F65836C12A41C2C
+
+I=291
+KEY=A05EB4B69D7D8A201FC19DDEA618B84A
+CT=482D701DBCE3AE108F65836C12A41C2C
+PT=2966D81642542925891D8F7409051E4A
+
+I=292
+KEY=89386CA0DF29A30596DC12AAAF1DA600
+CT=2966D81642542925891D8F7409051E4A
+PT=2FD6F3DB9DD1DEDED9F32D1806AE69D6
+
+I=293
+KEY=A6EE9F7B42F87DDB4F2F3FB2A9B3CFD6
+CT=2FD6F3DB9DD1DEDED9F32D1806AE69D6
+PT=9B59277165B792790E29ADB53ADE60DB
+
+I=294
+KEY=3DB7B80A274FEFA241069207936DAF0D
+CT=9B59277165B792790E29ADB53ADE60DB
+PT=A4873C5246044200B56C25FFADAB15D6
+
+I=295
+KEY=99308458614BADA2F46AB7F83EC6BADB
+CT=A4873C5246044200B56C25FFADAB15D6
+PT=9E2BBBD65649EB2A0CD974AD32BF382F
+
+I=296
+KEY=071B3F8E37024688F8B3C3550C7982F4
+CT=9E2BBBD65649EB2A0CD974AD32BF382F
+PT=F83F4408675892DADA4833A43F22FFC8
+
+I=297
+KEY=FF247B86505AD45222FBF0F1335B7D3C
+CT=F83F4408675892DADA4833A43F22FFC8
+PT=19C337CCBF8D06DC68D9A16DB294EF44
+
+I=298
+KEY=E6E74C4AEFD7D28E4A22519C81CF9278
+CT=19C337CCBF8D06DC68D9A16DB294EF44
+PT=433578E0901A4F4B134E6DCF68249FC7
+
+I=299
+KEY=A5D234AA7FCD9DC5596C3C53E9EB0DBF
+CT=433578E0901A4F4B134E6DCF68249FC7
+PT=7F317CB0B3279C894B8A08289797FFF1
+
+I=300
+KEY=DAE3481ACCEA014C12E6347B7E7CF24E
+CT=7F317CB0B3279C894B8A08289797FFF1
+PT=AFFB4CA21A2A36FD24BB18C5AED17789
+
+I=301
+KEY=751804B8D6C037B1365D2CBED0AD85C7
+CT=AFFB4CA21A2A36FD24BB18C5AED17789
+PT=394DA5EC353A68B844D1BC24A468DA5C
+
+I=302
+KEY=4C55A154E3FA5F09728C909A74C55F9B
+CT=394DA5EC353A68B844D1BC24A468DA5C
+PT=C649C174B98A06351F26C117D14FF290
+
+I=303
+KEY=8A1C60205A70593C6DAA518DA58AAD0B
+CT=C649C174B98A06351F26C117D14FF290
+PT=2E122AA7C90B57304A80C19480627DD7
+
+I=304
+KEY=A40E4A87937B0E0C272A901925E8D0DC
+CT=2E122AA7C90B57304A80C19480627DD7
+PT=9841ADE6A65834CE89959EFE8F059ED6
+
+I=305
+KEY=3C4FE76135233AC2AEBF0EE7AAED4E0A
+CT=9841ADE6A65834CE89959EFE8F059ED6
+PT=6B70D74762A4BEFBD15B9EC6835CB69B
+
+I=306
+KEY=573F3026578784397FE4902129B1F891
+CT=6B70D74762A4BEFBD15B9EC6835CB69B
+PT=2E8B5DEF53E2294C0C953A9B8BD9399D
+
+I=307
+KEY=79B46DC90465AD757371AABAA268C10C
+CT=2E8B5DEF53E2294C0C953A9B8BD9399D
+PT=D32D00F78BA00F6CEA792598B89779E4
+
+I=308
+KEY=AA996D3E8FC5A21999088F221AFFB8E8
+CT=D32D00F78BA00F6CEA792598B89779E4
+PT=7059DCC6CB8D295B95F2978F25927B31
+
+I=309
+KEY=DAC0B1F844488B420CFA18AD3F6DC3D9
+CT=7059DCC6CB8D295B95F2978F25927B31
+PT=833A1AFA7DC4CAF54F5B36981A98D7E3
+
+I=310
+KEY=59FAAB02398C41B743A12E3525F5143A
+CT=833A1AFA7DC4CAF54F5B36981A98D7E3
+PT=4CC5A526400B493AAA28909A2F4932BF
+
+I=311
+KEY=153F0E247987088DE989BEAF0ABC2685
+CT=4CC5A526400B493AAA28909A2F4932BF
+PT=D7134DEE2967104D161876A0802B3727
+
+I=312
+KEY=C22C43CA50E018C0FF91C80F8A9711A2
+CT=D7134DEE2967104D161876A0802B3727
+PT=C45DB7BC52D7A0D53399B91EFB686D32
+
+I=313
+KEY=0671F4760237B815CC08711171FF7C90
+CT=C45DB7BC52D7A0D53399B91EFB686D32
+PT=2F49EA2A8D7F44909BCF41C3640FD0AB
+
+I=314
+KEY=29381E5C8F48FC8557C730D215F0AC3B
+CT=2F49EA2A8D7F44909BCF41C3640FD0AB
+PT=6D416059758F4AC555A05D83E9CFC4DE
+
+I=315
+KEY=44797E05FAC7B64002676D51FC3F68E5
+CT=6D416059758F4AC555A05D83E9CFC4DE
+PT=2721015DDF85EC87ED8480A87705CD37
+
+I=316
+KEY=63587F5825425AC7EFE3EDF98B3AA5D2
+CT=2721015DDF85EC87ED8480A87705CD37
+PT=3B045F5DD5ADC6E5D341E2E6A5B919D3
+
+I=317
+KEY=585C2005F0EF9C223CA20F1F2E83BC01
+CT=3B045F5DD5ADC6E5D341E2E6A5B919D3
+PT=85DA9719FF16899B343BE56FDF9F86BF
+
+I=318
+KEY=DD86B71C0FF915B90899EA70F11C3ABE
+CT=85DA9719FF16899B343BE56FDF9F86BF
+PT=67FD32AC2783C381E77AE0BB8ACEECCD
+
+I=319
+KEY=BA7B85B0287AD638EFE30ACB7BD2D673
+CT=67FD32AC2783C381E77AE0BB8ACEECCD
+PT=D8BEC715849E6A2A164F0139B8EC038E
+
+I=320
+KEY=62C542A5ACE4BC12F9AC0BF2C33ED5FD
+CT=D8BEC715849E6A2A164F0139B8EC038E
+PT=6ECA9375A207148E36203C8BD885A520
+
+I=321
+KEY=0C0FD1D00EE3A89CCF8C37791BBB70DD
+CT=6ECA9375A207148E36203C8BD885A520
+PT=A96877A8369B7086EF76D8281C066068
+
+I=322
+KEY=A567A6783878D81A20FAEF5107BD10B5
+CT=A96877A8369B7086EF76D8281C066068
+PT=2D6DDF2C136F5ACDC12D33D52ECD6397
+
+I=323
+KEY=880A79542B1782D7E1D7DC8429707322
+CT=2D6DDF2C136F5ACDC12D33D52ECD6397
+PT=E2F3EFF780EEDAD7B820CF57F946AB21
+
+I=324
+KEY=6AF996A3ABF9580059F713D3D036D803
+CT=E2F3EFF780EEDAD7B820CF57F946AB21
+PT=D083829AB624DC46BF55F15C2ACA2CDC
+
+I=325
+KEY=BA7A14391DDD8446E6A2E28FFAFCF4DF
+CT=D083829AB624DC46BF55F15C2ACA2CDC
+PT=637A1328711A701F011B0D66953A11FC
+
+I=326
+KEY=D90007116CC7F459E7B9EFE96FC6E523
+CT=637A1328711A701F011B0D66953A11FC
+PT=9230F9E8C4AA7D697641B4E800AECE8B
+
+I=327
+KEY=4B30FEF9A86D893091F85B016F682BA8
+CT=9230F9E8C4AA7D697641B4E800AECE8B
+PT=CABC2F3EBCB87AEF4550060FB6F95C7D
+
+I=328
+KEY=818CD1C714D5F3DFD4A85D0ED99177D5
+CT=CABC2F3EBCB87AEF4550060FB6F95C7D
+PT=25C93DA609BEDFD48D88B7E005EA9D4D
+
+I=329
+KEY=A445EC611D6B2C0B5920EAEEDC7BEA98
+CT=25C93DA609BEDFD48D88B7E005EA9D4D
+PT=E445C1B43DC6AA0D47C766675676CA29
+
+I=330
+KEY=40002DD520AD86061EE78C898A0D20B1
+CT=E445C1B43DC6AA0D47C766675676CA29
+PT=3F8A99E9D556F0CE0B0F3B4FE89A7C15
+
+I=331
+KEY=7F8AB43CF5FB76C815E8B7C662975CA4
+CT=3F8A99E9D556F0CE0B0F3B4FE89A7C15
+PT=BE04197CADBDBC917AB288D85C554D4A
+
+I=332
+KEY=C18EAD405846CA596F5A3F1E3EC211EE
+CT=BE04197CADBDBC917AB288D85C554D4A
+PT=2CF8FE59EED67AF15BD6C09C8DA37882
+
+I=333
+KEY=ED765319B690B0A8348CFF82B361696C
+CT=2CF8FE59EED67AF15BD6C09C8DA37882
+PT=FF8CBF98D0B15198ACDC53D7247511C5
+
+I=334
+KEY=12FAEC816621E1309850AC55971478A9
+CT=FF8CBF98D0B15198ACDC53D7247511C5
+PT=27794678855BAE2BDE7EB75487813E28
+
+I=335
+KEY=3583AAF9E37A4F1B462E1B0110954681
+CT=27794678855BAE2BDE7EB75487813E28
+PT=5681B2CECDE71663A864D0288607D86B
+
+I=336
+KEY=630218372E9D5978EE4ACB2996929EEA
+CT=5681B2CECDE71663A864D0288607D86B
+PT=8936EB6E65F2CD2B3AFD1310B5B2D6C8
+
+I=337
+KEY=EA34F3594B6F9453D4B7D83923204822
+CT=8936EB6E65F2CD2B3AFD1310B5B2D6C8
+PT=16045490148187B05CC46B80099A4530
+
+I=338
+KEY=FC30A7C95FEE13E38873B3B92ABA0D12
+CT=16045490148187B05CC46B80099A4530
+PT=FE909FFB1D490B028867288FE682EEE9
+
+I=339
+KEY=02A0383242A718E100149B36CC38E3FB
+CT=FE909FFB1D490B028867288FE682EEE9
+PT=7B3E5C0017089A7842866ABA6364FFEA
+
+I=340
+KEY=799E643255AF82994292F18CAF5C1C11
+CT=7B3E5C0017089A7842866ABA6364FFEA
+PT=CC263F129618975F204AE499F115C69B
+
+I=341
+KEY=B5B85B20C3B715C662D815155E49DA8A
+CT=CC263F129618975F204AE499F115C69B
+PT=997ACE7EABF6EBF9CC7BBCC2670CF1A0
+
+I=342
+KEY=2CC2955E6841FE3FAEA3A9D739452B2A
+CT=997ACE7EABF6EBF9CC7BBCC2670CF1A0
+PT=88D4A74B19278ED442068D0954DFA8B2
+
+I=343
+KEY=A4163215716670EBECA524DE6D9A8398
+CT=88D4A74B19278ED442068D0954DFA8B2
+PT=F1CC6407AB254178DEFEF983112D6AC5
+
+I=344
+KEY=55DA5612DA433193325BDD5D7CB7E95D
+CT=F1CC6407AB254178DEFEF983112D6AC5
+PT=689A0E429CDAF1BD1197C160BF962544
+
+I=345
+KEY=3D4058504699C02E23CC1C3DC321CC19
+CT=689A0E429CDAF1BD1197C160BF962544
+PT=54CF618196D978C0460CF8051DF5BE18
+
+I=346
+KEY=698F39D1D040B8EE65C0E438DED47201
+CT=54CF618196D978C0460CF8051DF5BE18
+PT=4AA0EF106F23B43C3DD371C66404C602
+
+I=347
+KEY=232FD6C1BF630CD2581395FEBAD0B403
+CT=4AA0EF106F23B43C3DD371C66404C602
+PT=A5185CAE1718143FC6CC329D9F233E17
+
+I=348
+KEY=86378A6FA87B18ED9EDFA76325F38A14
+CT=A5185CAE1718143FC6CC329D9F233E17
+PT=A2A7E8855D25A0C475961E9B7ED7BE35
+
+I=349
+KEY=249062EAF55EB829EB49B9F85B243421
+CT=A2A7E8855D25A0C475961E9B7ED7BE35
+PT=E0B7536B335FB98F197F762B3B97CECE
+
+I=350
+KEY=C4273181C60101A6F236CFD360B3FAEF
+CT=E0B7536B335FB98F197F762B3B97CECE
+PT=C45C38164083871528D8B3BA7423BFEA
+
+I=351
+KEY=007B0997868286B3DAEE7C6914904505
+CT=C45C38164083871528D8B3BA7423BFEA
+PT=017AEBDEF43CF9664C582356A4A0C374
+
+I=352
+KEY=0101E24972BE7FD596B65F3FB0308671
+CT=017AEBDEF43CF9664C582356A4A0C374
+PT=BBB48EA21B5EDCCF5346A7B4E6796BED
+
+I=353
+KEY=BAB56CEB69E0A31AC5F0F88B5649ED9C
+CT=BBB48EA21B5EDCCF5346A7B4E6796BED
+PT=3A53DFCB6067F9E98653136A44A4B537
+
+I=354
+KEY=80E6B32009875AF343A3EBE112ED58AB
+CT=3A53DFCB6067F9E98653136A44A4B537
+PT=951BA0E2272E46FC8CC3990E002EEFF0
+
+I=355
+KEY=15FD13C22EA91C0FCF6072EF12C3B75B
+CT=951BA0E2272E46FC8CC3990E002EEFF0
+PT=249202E40BC5892B9CEE96279E69432A
+
+I=356
+KEY=316F1126256C9524538EE4C88CAAF471
+CT=249202E40BC5892B9CEE96279E69432A
+PT=B90CE5BF126163B37F75032A88AFD615
+
+I=357
+KEY=8863F499370DF6972CFBE7E204052264
+CT=B90CE5BF126163B37F75032A88AFD615
+PT=E0BDD9E1FF493D82777BD7FB4035D309
+
+I=358
+KEY=68DE2D78C844CB155B8030194430F16D
+CT=E0BDD9E1FF493D82777BD7FB4035D309
+PT=0A3A5E377CDB2D1F6CB09E200494F578
+
+I=359
+KEY=62E4734FB49FE60A3730AE3940A40415
+CT=0A3A5E377CDB2D1F6CB09E200494F578
+PT=483DF6E2936389D1FC09921497AF8AE7
+
+I=360
+KEY=2AD985AD27FC6FDBCB393C2DD70B8EF2
+CT=483DF6E2936389D1FC09921497AF8AE7
+PT=7A90B7B1E493109323A54AD285090EC6
+
+I=361
+KEY=5049321CC36F7F48E89C76FF52028034
+CT=7A90B7B1E493109323A54AD285090EC6
+PT=B6471BF36A24B5B0CAC19BDD4C83DC50
+
+I=362
+KEY=E60E29EFA94BCAF8225DED221E815C64
+CT=B6471BF36A24B5B0CAC19BDD4C83DC50
+PT=EFBDC6ECADCE6AA5DBD302E7A0647700
+
+I=363
+KEY=09B3EF030485A05DF98EEFC5BEE52B64
+CT=EFBDC6ECADCE6AA5DBD302E7A0647700
+PT=783A89B88CC875F743B645BA1449CEE7
+
+I=364
+KEY=718966BB884DD5AABA38AA7FAAACE583
+CT=783A89B88CC875F743B645BA1449CEE7
+PT=EAD61D2577852D4EA276F3699EFB2BDC
+
+I=365
+KEY=9B5F7B9EFFC8F8E4184E59163457CE5F
+CT=EAD61D2577852D4EA276F3699EFB2BDC
+PT=9E804D8814AF4FC67BA931D1C72774C7
+
+I=366
+KEY=05DF3616EB67B72263E768C7F370BA98
+CT=9E804D8814AF4FC67BA931D1C72774C7
+PT=7C383CC27D8C2B117AC72088EB334FD9
+
+I=367
+KEY=79E70AD496EB9C331920484F1843F541
+CT=7C383CC27D8C2B117AC72088EB334FD9
+PT=9D4BE61ECECB2E60EC621A6320C0E844
+
+I=368
+KEY=E4ACECCA5820B253F542522C38831D05
+CT=9D4BE61ECECB2E60EC621A6320C0E844
+PT=227992ADFC526D9AA99BA629E7523198
+
+I=369
+KEY=C6D57E67A472DFC95CD9F405DFD12C9D
+CT=227992ADFC526D9AA99BA629E7523198
+PT=93A265FB7650BE75CBDD8732F65F09A5
+
+I=370
+KEY=55771B9CD22261BC97047337298E2538
+CT=93A265FB7650BE75CBDD8732F65F09A5
+PT=5AB3354B8D28F041C5A7FDAB828996BC
+
+I=371
+KEY=0FC42ED75F0A91FD52A38E9CAB07B384
+CT=5AB3354B8D28F041C5A7FDAB828996BC
+PT=BA5C6566701BD3791C2DA51CDC5AB6DD
+
+I=372
+KEY=B5984BB12F1142844E8E2B80775D0559
+CT=BA5C6566701BD3791C2DA51CDC5AB6DD
+PT=2C96CE0653EFB1113C6E822DD4AE6200
+
+I=373
+KEY=990E85B77CFEF39572E0A9ADA3F36759
+CT=2C96CE0653EFB1113C6E822DD4AE6200
+PT=1065F5519472C78BADAB79EC00BBCABA
+
+I=374
+KEY=896B70E6E88C341EDF4BD041A348ADE3
+CT=1065F5519472C78BADAB79EC00BBCABA
+PT=049AA7D4B4C1A59C1A16E3E5D8B46515
+
+I=375
+KEY=8DF1D7325C4D9182C55D33A47BFCC8F6
+CT=049AA7D4B4C1A59C1A16E3E5D8B46515
+PT=C8F1C4179DD8FCD6942D07AF7392F481
+
+I=376
+KEY=45001325C1956D545170340B086E3C77
+CT=C8F1C4179DD8FCD6942D07AF7392F481
+PT=9C9AE90AFE18822197EA47FE2F48813F
+
+I=377
+KEY=D99AFA2F3F8DEF75C69A73F52726BD48
+CT=9C9AE90AFE18822197EA47FE2F48813F
+PT=DFBABE8688391CC868CDE134DDFFE1F0
+
+I=378
+KEY=062044A9B7B4F3BDAE5792C1FAD95CB8
+CT=DFBABE8688391CC868CDE134DDFFE1F0
+PT=72BE585F98DA4DC03998B5820D5230A9
+
+I=379
+KEY=749E1CF62F6EBE7D97CF2743F78B6C11
+CT=72BE585F98DA4DC03998B5820D5230A9
+PT=BCF3D47B888599A27AD63D6EFD8FB86F
+
+I=380
+KEY=C86DC88DA7EB27DFED191A2D0A04D47E
+CT=BCF3D47B888599A27AD63D6EFD8FB86F
+PT=62F7A2AD05BB46CB81B9601129100455
+
+I=381
+KEY=AA9A6A20A25061146CA07A3C2314D02B
+CT=62F7A2AD05BB46CB81B9601129100455
+PT=FA4D3B82232D19BE14A57422012C7751
+
+I=382
+KEY=50D751A2817D78AA78050E1E2238A77A
+CT=FA4D3B82232D19BE14A57422012C7751
+PT=40953AAA3D6C1BBE375A1E275754C98C
+
+I=383
+KEY=10426B08BC1163144F5F1039756C6EF6
+CT=40953AAA3D6C1BBE375A1E275754C98C
+PT=CE9123C6A5A66AF788A8515721D646A0
+
+I=384
+KEY=DED348CE19B709E3C7F7416E54BA2856
+CT=CE9123C6A5A66AF788A8515721D646A0
+PT=E45F3483E343F5C3C0AC77E955369AB3
+
+I=385
+KEY=3A8C7C4DFAF4FC20075B3687018CB2E5
+CT=E45F3483E343F5C3C0AC77E955369AB3
+PT=6E7CE5F4BE070EC870691CDD494A767E
+
+I=386
+KEY=54F099B944F3F2E877322A5A48C6C49B
+CT=6E7CE5F4BE070EC870691CDD494A767E
+PT=2BB1EE551920A632E90EB9E462280365
+
+I=387
+KEY=7F4177EC5DD354DA9E3C93BE2AEEC7FE
+CT=2BB1EE551920A632E90EB9E462280365
+PT=692E0FA8B1C39CB96A11E21EA1B3365E
+
+I=388
+KEY=166F7844EC10C863F42D71A08B5DF1A0
+CT=692E0FA8B1C39CB96A11E21EA1B3365E
+PT=345C0DE98A9F472B6BCBE241BB346590
+
+I=389
+KEY=223375AD668F8F489FE693E130699430
+CT=345C0DE98A9F472B6BCBE241BB346590
+PT=D9D9313DC80FB90608614ECCC962207F
+
+I=390
+KEY=FBEA4490AE80364E9787DD2DF90BB44F
+CT=D9D9313DC80FB90608614ECCC962207F
+PT=7AEE31C488D1DD54B9AD8EE3AEFE546C
+
+I=391
+KEY=810475542651EB1A2E2A53CE57F5E023
+CT=7AEE31C488D1DD54B9AD8EE3AEFE546C
+PT=9CF27E1202080D9F3A9B5E02290204EA
+
+I=392
+KEY=1DF60B462459E68514B10DCC7EF7E4C9
+CT=9CF27E1202080D9F3A9B5E02290204EA
+PT=670085C6D3B95C6017DB9163B9D2D565
+
+I=393
+KEY=7AF68E80F7E0BAE5036A9CAFC72531AC
+CT=670085C6D3B95C6017DB9163B9D2D565
+PT=2A36E88DF74BA4B24283FEE52DDE5AA4
+
+I=394
+KEY=50C0660D00AB1E5741E9624AEAFB6B08
+CT=2A36E88DF74BA4B24283FEE52DDE5AA4
+PT=81B75B31F130467F4A1FA6CA4A329E5E
+
+I=395
+KEY=D1773D3CF19B58280BF6C480A0C9F556
+CT=81B75B31F130467F4A1FA6CA4A329E5E
+PT=D0A0347102BD11F9E2BD8E8A72D53ADC
+
+I=396
+KEY=01D7094DF32649D1E94B4A0AD21CCF8A
+CT=D0A0347102BD11F9E2BD8E8A72D53ADC
+PT=97F0187509608DF1D9B27AB5D005E505
+
+I=397
+KEY=96271138FA46C42030F930BF02192A8F
+CT=97F0187509608DF1D9B27AB5D005E505
+PT=E60139E36ECD7B24C7C98772C92A1E87
+
+I=398
+KEY=702628DB948BBF04F730B7CDCB333408
+CT=E60139E36ECD7B24C7C98772C92A1E87
+PT=7E92E19E07A469E7D49D3D07EF719157
+
+I=399
+KEY=0EB4C945932FD6E323AD8ACA2442A55F
+CT=7E92E19E07A469E7D49D3D07EF719157
+PT=F5BF8B37136F2E1F6BEC6F572021E3BA
+
+=========================
+
+KEYSIZE=192
+
+I=0
+KEY=000000000000000000000000000000000000000000000000
+CT=00000000000000000000000000000000
+PT=48E31E9E256718F29229319C19F15BA4
+
+I=1
+KEY=9643D8334A63DF4D48E31E9E256718F29229319C19F15BA4
+CT=48E31E9E256718F29229319C19F15BA4
+PT=CC01684BE9B29ED01EA7923E7D2380AA
+
+I=2
+KEY=EF334C87288C43DE84E276D5CCD586228C8EA3A264D2DB0E
+CT=CC01684BE9B29ED01EA7923E7D2380AA
+PT=8726B4E66D6B8FBAA22D42981A5A40CC
+
+I=3
+KEY=0891A045BB044B9D03C4C233A1BE09982EA3E13A7E889BC2
+CT=8726B4E66D6B8FBAA22D42981A5A40CC
+PT=83B9A21A0710FDB9C603797613772ED6
+
+I=4
+KEY=A5233519DE914717807D6029A6AEF421E8A0984C6DFFB514
+CT=83B9A21A0710FDB9C603797613772ED6
+PT=F15479A2B2C250F7E5C11D333D867CBD
+
+I=5
+KEY=A1CB19726DB4C2C77129198B146CA4D60D61857F5079C9A9
+CT=F15479A2B2C250F7E5C11D333D867CBD
+PT=C1AF401BD4E62D8BA15BEC3690F2FB25
+
+I=6
+KEY=04B03C15DB8324B3B0865990C08A895DAC3A6949C08B328C
+CT=C1AF401BD4E62D8BA15BEC3690F2FB25
+PT=01E01E3B10470286035EBD7502EF11A0
+
+I=7
+KEY=A1CB0164AB1E88EDB16647ABD0CD8BDBAF64D43CC264232C
+CT=01E01E3B10470286035EBD7502EF11A0
+PT=A681127825B718411291106AB416779A
+
+I=8
+KEY=27BFD9CB824C525617E755D3F57A939ABDF5C456767254B6
+CT=A681127825B718411291106AB416779A
+PT=5C2EBA728589A9CAA15E28E7D8E59AA0
+
+I=9
+KEY=B308E0DCE108194C4BC9EFA170F33A501CABECB1AE97CE16
+CT=5C2EBA728589A9CAA15E28E7D8E59AA0
+PT=E738305279BE636648B6D5FFA3E97E4A
+
+I=10
+KEY=FE787701EE66664BACF1DFF3094D5936541D394E0D7EB05C
+CT=E738305279BE636648B6D5FFA3E97E4A
+PT=5AF7D4C9439C7412FD7236E7685659DF
+
+I=11
+KEY=DD93D742AFA0B19CF6060B3A4AD12D24A96F0FA96528E983
+CT=5AF7D4C9439C7412FD7236E7685659DF
+PT=30D0681D4060E24D1427D1AAC498DB1B
+
+I=12
+KEY=D5D19C2FEA9DC94BC6D663270AB1CF69BD48DE03A1B03298
+CT=30D0681D4060E24D1427D1AAC498DB1B
+PT=FC9B6752064B1CCE75EBFBE91AF8F2CD
+
+I=13
+KEY=EB0954ECE44620833A4D04750CFAD3A7C8A325EABB48C055
+CT=FC9B6752064B1CCE75EBFBE91AF8F2CD
+PT=61E6AE6E035BCC3C94EF00101216904A
+
+I=14
+KEY=E6E5AB38545B6DF75BABAA1B0FA11F9B5C4C25FAA95E501F
+CT=61E6AE6E035BCC3C94EF00101216904A
+PT=BF738A4E55F036126CC9B56DED530B8C
+
+I=15
+KEY=E8C670F71E5B62B6E4D820555A51298930859097440D5B93
+CT=BF738A4E55F036126CC9B56DED530B8C
+PT=6B9CD4C227FC30C14FD881B838D9F8F5
+
+I=16
+KEY=23FF647DD75770418F44F4977DAD19487F5D112F7CD4A366
+CT=6B9CD4C227FC30C14FD881B838D9F8F5
+PT=6173EF2B5C9B569A1BD4B62C7C913844
+
+I=17
+KEY=DB94124B11CC03D9EE371BBC21364FD26489A70300459B22
+CT=6173EF2B5C9B569A1BD4B62C7C913844
+PT=709EF90F853E55123A917FB258E900F9
+
+I=18
+KEY=4821CA96B50ACA049EA9E2B3A4081AC05E18D8B158AC9BDB
+CT=709EF90F853E55123A917FB258E900F9
+PT=5D73D99E47B1DB28E0ED9B9D1C212CFA
+
+I=19
+KEY=FA47C5BF5E688F8BC3DA3B2DE3B9C1E8BEF5432C448DB721
+CT=5D73D99E47B1DB28E0ED9B9D1C212CFA
+PT=32016FFCB2AA5EA6EA0C808F60613CA2
+
+I=20
+KEY=C66A73E0D1261C2CF1DB54D151139F4E54F9C3A324EC8B83
+CT=32016FFCB2AA5EA6EA0C808F60613CA2
+PT=CAA3704F7FD76EBACB1D2A266A0899FF
+
+I=21
+KEY=FAE8E04094E572A33B78249E2EC4F1F49FE4E9854EE4127C
+CT=CAA3704F7FD76EBACB1D2A266A0899FF
+PT=E32DBD027A1A36B2EC8D0A98C9293E7E
+
+I=22
+KEY=8F2FBF9E40182950D855999C54DEC7467369E31D87CD2C02
+CT=E32DBD027A1A36B2EC8D0A98C9293E7E
+PT=1C117311882C0D5159A9DFD5C3C68D95
+
+I=23
+KEY=F6FB8F6DFAA034BFC444EA8DDCF2CA172AC03CC8440BA197
+CT=1C117311882C0D5159A9DFD5C3C68D95
+PT=5E379C2471DB04582CD861E6F8A419D7
+
+I=24
+KEY=699DCA67F4EF50C49A7376A9AD29CE4F06185D2EBCAFB840
+CT=5E379C2471DB04582CD861E6F8A419D7
+PT=5932A84C6ACBD8452EE9AC47CE4B6BD8
+
+I=25
+KEY=F568B4F126486CE4C341DEE5C7E2160A28F1F16972E4D398
+CT=5932A84C6ACBD8452EE9AC47CE4B6BD8
+PT=00634EED1D18C84AE0A8198CF791DE81
+
+I=26
+KEY=C49E5E8D366B6FE7C3229008DAFADE40C859E8E585750D19
+CT=00634EED1D18C84AE0A8198CF791DE81
+PT=E10C93B1C466FFF0B6EB6DB50AF271EC
+
+I=27
+KEY=22B07DB9ED443A9D222E03B91E9C21B07EB285508F877CF5
+CT=E10C93B1C466FFF0B6EB6DB50AF271EC
+PT=58A0C680F565E63A7E41C6EAC50A3B01
+
+I=28
+KEY=2BDF4CCE2B4CAFDD7A8EC539EBF9C78A00F343BA4A8D47F4
+CT=58A0C680F565E63A7E41C6EAC50A3B01
+PT=92921B2AA7FC6367199A4C42FAE0E2A4
+
+I=29
+KEY=E2BE29F6905D41C5E81CDE134C05A4ED19690FF8B06DA550
+CT=92921B2AA7FC6367199A4C42FAE0E2A4
+PT=B6EC2A692D2657E5506F2C3BA1912799
+
+I=30
+KEY=E43634FD3DB719C75EF0F47A6123F308490623C311FC82C9
+CT=B6EC2A692D2657E5506F2C3BA1912799
+PT=23ECD0813B1A7090CF9BE874D6B0846C
+
+I=31
+KEY=ACA2F21EF46E30B57D1C24FB5A398398869DCBB7C74C06A5
+CT=23ECD0813B1A7090CF9BE874D6B0846C
+PT=04BD52F4C1AB8DF4816A6E11F8B54452
+
+I=32
+KEY=0130B37AFE24D66079A1760F9B920E6C07F7A5A63FF942F7
+CT=04BD52F4C1AB8DF4816A6E11F8B54452
+PT=DFA0074DEFEDB44D0D96AD6020D1A37D
+
+I=33
+KEY=00AC6BF5E3AD20FFA6017142747FBA210A6108C61F28E18A
+CT=DFA0074DEFEDB44D0D96AD6020D1A37D
+PT=5AB15057E05F73FAAF12C0EC26D3F02F
+
+I=34
+KEY=E3A70EBF3D9167AAFCB021159420C9DBA573C82A39FB11A5
+CT=5AB15057E05F73FAAF12C0EC26D3F02F
+PT=6ECC2F23AB7854E97F215C52EF1E62E0
+
+I=35
+KEY=CBCD9116DC78FA64927C0E363F589D32DA529478D6E57345
+CT=6ECC2F23AB7854E97F215C52EF1E62E0
+PT=930B3EBDE0989049056022E83FC9EF1E
+
+I=36
+KEY=FBB5E5462DE715180177308BDFC00D7BDF32B690E92C9C5B
+CT=930B3EBDE0989049056022E83FC9EF1E
+PT=1EE4ABB9ACD70B93A83BCD8751F858DE
+
+I=37
+KEY=E5D2B1ACD8BE6DF21F939B32731706E877097B17B8D4C485
+CT=1EE4ABB9ACD70B93A83BCD8751F858DE
+PT=FCAC610EA0D309C6D36EED5A4BC04036
+
+I=38
+KEY=54DD0B6CB083BDE8E33FFA3CD3C40F2EA467964DF31484B3
+CT=FCAC610EA0D309C6D36EED5A4BC04036
+PT=161D5EE8F50A3F69A11ADFEAF1A2A2AA
+
+I=39
+KEY=28309F7EB99AAEE1F522A4D426CE3047057D49A702B62619
+CT=161D5EE8F50A3F69A11ADFEAF1A2A2AA
+PT=D9D365B061D2F3BF9DF94181837621B4
+
+I=40
+KEY=E55ECDDFAE95A2C92CF1C164471CC3F89884082681C007AD
+CT=D9D365B061D2F3BF9DF94181837621B4
+PT=938647A6AAD455D89A6DFEFE60D62331
+
+I=41
+KEY=C9CEE1C9D89DF76ABF7786C2EDC8962002E9F6D8E116249C
+CT=938647A6AAD455D89A6DFEFE60D62331
+PT=06A002DDC7DC4F22F9B1D5734C312AAA
+
+I=42
+KEY=B26709109B66C916B9D7841F2A14D902FB5823ABAD270E36
+CT=06A002DDC7DC4F22F9B1D5734C312AAA
+PT=BB45E9BE2237E3288F56EDD0D9AD6734
+
+I=43
+KEY=2FAD2FF32E10680502926DA108233A2A740ECE7B748A6902
+CT=BB45E9BE2237E3288F56EDD0D9AD6734
+PT=CF5A1338F5FA7ED4C77F6EA3836F079A
+
+I=44
+KEY=63D3D62540C790D1CDC87E99FDD944FEB371A0D8F7E56E98
+CT=CF5A1338F5FA7ED4C77F6EA3836F079A
+PT=32F2D628117ADB46383FC101B58E95A6
+
+I=45
+KEY=0DF38CE71CF26A19FF3AA8B1ECA39FB88B4E61D9426BFB3E
+CT=32F2D628117ADB46383FC101B58E95A6
+PT=3A3CCEA99D43887AC64498AB4EFC87DD
+
+I=46
+KEY=7EEEB78A0C9BAA9FC506661871E017C24D0AF9720C977CE3
+CT=3A3CCEA99D43887AC64498AB4EFC87DD
+PT=787DC1C632C4AA77D42324338C510146
+
+I=47
+KEY=4DF02EE427AE29A1BD7BA7DE4324BDB59929DD4180C67DA5
+CT=787DC1C632C4AA77D42324338C510146
+PT=BB0635A471D26B80E5E387E4F14A1626
+
+I=48
+KEY=D6983F5E8BE728D9067D927A32F6D6357CCA5AA5718C6B83
+CT=BB0635A471D26B80E5E387E4F14A1626
+PT=14A9AA3EE6343C2D57E0F2ED7A05DC0D
+
+I=49
+KEY=BD84A7CD471613B512D43844D4C2EA182B2AA8480B89B78E
+CT=14A9AA3EE6343C2D57E0F2ED7A05DC0D
+PT=25E254AD6C33908BC07B3DEC4052F549
+
+I=50
+KEY=E54A2146242AADFB37366CE9B8F17A93EB5195A44BDB42C7
+CT=25E254AD6C33908BC07B3DEC4052F549
+PT=10E09F426E6F33CD21DF1EB748A46088
+
+I=51
+KEY=0517B745BCE24E0527D6F3ABD69E495ECA8E8B13037F224F
+CT=10E09F426E6F33CD21DF1EB748A46088
+PT=B65D2FFE83F9469AA2B1ABC559EAAB87
+
+I=52
+KEY=8297790C75E8931C918BDC5555670FC4683F20D65A9589C8
+CT=B65D2FFE83F9469AA2B1ABC559EAAB87
+PT=E743F6441CCF9703FF4B8E3F4921ACDF
+
+I=53
+KEY=7EC47C0C5663CD4C76C82A1149A898C79774AEE913B42517
+CT=E743F6441CCF9703FF4B8E3F4921ACDF
+PT=BECC5CF2F2C62A9E7D3CF979A9E96F94
+
+I=54
+KEY=FBB1F10529FABEB3C80476E3BB6EB259EA485790BA5D4A83
+CT=BECC5CF2F2C62A9E7D3CF979A9E96F94
+PT=3718199958EAA473B980B95F9C76E03F
+
+I=55
+KEY=EE4113D30720269DFF1C6F7AE384162A53C8EECF262BAABC
+CT=3718199958EAA473B980B95F9C76E03F
+PT=D15525B8BBB6D209E0BB3B6F5ACB2556
+
+I=56
+KEY=488286944DC6B0842E494AC25832C423B373D5A07CE08FEA
+CT=D15525B8BBB6D209E0BB3B6F5ACB2556
+PT=0270AF07DDA52DF7CA7B0EE7DF098A80
+
+I=57
+KEY=A32A880A84E7EDB82C39E5C58597E9D47908DB47A3E9056A
+CT=0270AF07DDA52DF7CA7B0EE7DF098A80
+PT=2D380F99A182CD14CFFEF5E88B93B416
+
+I=58
+KEY=DBD0FD5053BC52C60101EA5C241524C0B6F62EAF287AB17C
+CT=2D380F99A182CD14CFFEF5E88B93B416
+PT=47FE8C67DCBC616E4C984D323EA4A45B
+
+I=59
+KEY=D79F78A4726F5FCA46FF663BF8A945AEFA6E639D16DE1527
+CT=47FE8C67DCBC616E4C984D323EA4A45B
+PT=FA595C69C3286771FB8C921DFBBFFC2E
+
+I=60
+KEY=0C88AAD46F951FB6BCA63A523B8122DF01E2F180ED61E909
+CT=FA595C69C3286771FB8C921DFBBFFC2E
+PT=8FA64C511FCE6FC987B327D12EBDADAD
+
+I=61
+KEY=762EEA21D382067E33007603244F4D168651D651C3DC44A4
+CT=8FA64C511FCE6FC987B327D12EBDADAD
+PT=8F52C709508408B40C241FD38E515E76
+
+I=62
+KEY=EA05788C20FB364EBC52B10A74CB45A28A75C9824D8D1AD2
+CT=8F52C709508408B40C241FD38E515E76
+PT=7CFD332B306684AC92279CE06F1287D8
+
+I=63
+KEY=D4B2582B094D874DC0AF822144ADC10E18525562229F9D0A
+CT=7CFD332B306684AC92279CE06F1287D8
+PT=0DA14F6619665E0128044355481BD658
+
+I=64
+KEY=C080E7033FDF1BCFCD0ECD475DCB9F0F305616376A844B52
+CT=0DA14F6619665E0128044355481BD658
+PT=FEDEBE73AA4047AF27E86A8B9E8E2ED7
+
+I=65
+KEY=C5BA9667999CF2D633D07334F78BD8A017BE7CBCF40A6585
+CT=FEDEBE73AA4047AF27E86A8B9E8E2ED7
+PT=12CD6896129E376AAB9C0E980F3B7CD2
+
+I=66
+KEY=65FF092A539C4600211D1BA2E515EFCABC227224FB311957
+CT=12CD6896129E376AAB9C0E980F3B7CD2
+PT=04E7939B352F7B5C38B7EC5784EC78C2
+
+I=67
+KEY=F98E7062F9EBE61C25FA8839D03A949684959E737FDD6195
+CT=04E7939B352F7B5C38B7EC5784EC78C2
+PT=0184996278A57E36E608E95616C46964
+
+I=68
+KEY=306FBEFB3BF4E241247E115BA89FEAA0629D7725691908F1
+CT=0184996278A57E36E608E95616C46964
+PT=92179E392E05C8B96A0CFAC36109B09E
+
+I=69
+KEY=EE641F5DB58F9057B6698F62869A221908918DE60810B86F
+CT=92179E392E05C8B96A0CFAC36109B09E
+PT=7F197B01172C809635198E6B156D13BC
+
+I=70
+KEY=EADB8B255F98FD9DC970F46391B6A28F3D88038D1D7DABD3
+CT=7F197B01172C809635198E6B156D13BC
+PT=46F6DD79AD079DCFBC451B24ECDDA4FA
+
+I=71
+KEY=47225D75FE68FFA08F86291A3CB13F4081CD18A9F1A00F29
+CT=46F6DD79AD079DCFBC451B24ECDDA4FA
+PT=B5DAA09E3545F92FF44176187A1F9179
+
+I=72
+KEY=7CDECC21E72E54F43A5C898409F4C66F758C6EB18BBF9E50
+CT=B5DAA09E3545F92FF44176187A1F9179
+PT=F51A35F3DD410132EEC9E9F22A6F6FAB
+
+I=73
+KEY=75D1AAFDBFE72C94CF46BC77D4B5C75D9B458743A1D0F1FB
+CT=F51A35F3DD410132EEC9E9F22A6F6FAB
+PT=D1CC6D95B58793C342CF14AF250D5E40
+
+I=74
+KEY=41874C54BD58757A1E8AD1E26132549ED98A93EC84DDAFBB
+CT=D1CC6D95B58793C342CF14AF250D5E40
+PT=A1FAB3B352A887A829357528FED4B80E
+
+I=75
+KEY=1D94704F4A51A5CABF706251339AD336F0BFE6C47A0917B5
+CT=A1FAB3B352A887A829357528FED4B80E
+PT=CBC6473B3AA4DE2D64EED554CA241EAC
+
+I=76
+KEY=A41B52E0AE7E568074B6256A093E0D1B94513390B02D0919
+CT=CBC6473B3AA4DE2D64EED554CA241EAC
+PT=19DC6E89D71DCE5DCECD1A6F85C3FBD6
+
+I=77
+KEY=85F21BCD70691F596D6A4BE3DE23C3465A9C29FF35EEF2CF
+CT=19DC6E89D71DCE5DCECD1A6F85C3FBD6
+PT=EC6974E51B21F26A100E66183C68FD15
+
+I=78
+KEY=CAD0B254A88B669681033F06C502312C4A924FE709860FDA
+CT=EC6974E51B21F26A100E66183C68FD15
+PT=A16B6F78009B6E30CB758E87AD4D8034
+
+I=79
+KEY=8AC49B19582BFCF32068507EC5995F1C81E7C160A4CB8FEE
+CT=A16B6F78009B6E30CB758E87AD4D8034
+PT=CB5C20AAFA898193BC34FF3EE460B313
+
+I=80
+KEY=988F8D4F3A66AC99EB3470D43F10DE8F3DD33E5E40AB3CFD
+CT=CB5C20AAFA898193BC34FF3EE460B313
+PT=397F92C8E69E0916E30DC6889779799E
+
+I=81
+KEY=DE2D26C6130E006ED24BE21CD98ED799DEDEF8D6D7D24563
+CT=397F92C8E69E0916E30DC6889779799E
+PT=9A9CBD9380E2187855CAE5A73D58480F
+
+I=82
+KEY=BF6BE6D55C04977348D75F8F596CCFE18B141D71EA8A0D6C
+CT=9A9CBD9380E2187855CAE5A73D58480F
+PT=B67B360EE0FF297D3662F5B7CDB82CB9
+
+I=83
+KEY=6582BCA895FA1221FEAC6981B993E69CBD76E8C6273221D5
+CT=B67B360EE0FF297D3662F5B7CDB82CB9
+PT=2D146ED9236082D2D71810969A1AB1FB
+
+I=84
+KEY=6AC68BB8BBC7F520D3B807589AF3644E6A6EF850BD28902E
+CT=2D146ED9236082D2D71810969A1AB1FB
+PT=4B9F55652C40B6DA963A98D875ADACE4
+
+I=85
+KEY=180DAB1B14A92DB29827523DB6B3D294FC546088C8853CCA
+CT=4B9F55652C40B6DA963A98D875ADACE4
+PT=FC0A8A3D511F5FAFF0A3DD13B49E5A13
+
+I=86
+KEY=7ABD7440D5EE5FE2642DD800E7AC8D3B0CF7BD9B7C1B66D9
+CT=FC0A8A3D511F5FAFF0A3DD13B49E5A13
+PT=4231C02AD3231C3EB7AEB9135B95AC4B
+
+I=87
+KEY=54ACAE182B5FDACF261C182A348F9105BB590488278ECA92
+CT=4231C02AD3231C3EB7AEB9135B95AC4B
+PT=4C3A949ACCCBB55F9415C81B1413FD9D
+
+I=88
+KEY=015706F99E81CC026A268CB0F844245A2F4CCC93339D370F
+CT=4C3A949ACCCBB55F9415C81B1413FD9D
+PT=E9B1CEAF77B64A88CC3E020B16E1BF7E
+
+I=89
+KEY=929BD0A1CC6450E78397421F8FF26ED2E372CE98257C8871
+CT=E9B1CEAF77B64A88CC3E020B16E1BF7E
+PT=98FFEA0827068CB0B508CA520D8B43F7
+
+I=90
+KEY=9B81EC47D8442D311B68A817A8F4E262567A04CA28F7CB86
+CT=98FFEA0827068CB0B508CA520D8B43F7
+PT=BEDA572C3CA3FEF97F7071DA35414EA1
+
+I=91
+KEY=93B211B869CBECCBA5B2FF3B94571C9B290A75101DB68527
+CT=BEDA572C3CA3FEF97F7071DA35414EA1
+PT=35E8CB8302748C8623A09980909FB516
+
+I=92
+KEY=BC5320E4025EB960905A34B89623901D0AAAEC908D293031
+CT=35E8CB8302748C8623A09980909FB516
+PT=E136148B2FA5AF5CD3F8BC3883566CB8
+
+I=93
+KEY=C4EC937F948D0B5A716C2033B9863F41D95250A80E7F5C89
+CT=E136148B2FA5AF5CD3F8BC3883566CB8
+PT=B7CE40E3E3D30191CDF4AB5BE98F347A
+
+I=94
+KEY=6D381856C149D9DCC6A260D05A553ED014A6FBF3E7F068F3
+CT=B7CE40E3E3D30191CDF4AB5BE98F347A
+PT=A821E934DAAE37FF3136E769DAC315FB
+
+I=95
+KEY=A3679C5957C656DE6E8389E480FB092F25901C9A3D337D08
+CT=A821E934DAAE37FF3136E769DAC315FB
+PT=4227B96A0CC6CA1C21BCF8B1ADB3BDE1
+
+I=96
+KEY=BE7112453B1DF3EC2CA4308E8C3DC333042CE42B9080C0E9
+CT=4227B96A0CC6CA1C21BCF8B1ADB3BDE1
+PT=EE36BBFDDF19165F9E64AE79B4CF06A9
+
+I=97
+KEY=AEA4A2D5CD0A2FC7C2928B735324D56C9A484A52244FC640
+CT=EE36BBFDDF19165F9E64AE79B4CF06A9
+PT=C3DFE088C6767BC939F492C1FA9604CD
+
+I=98
+KEY=A16FC5F22F03984F014D6BFB9552AEA5A3BCD893DED9C28D
+CT=C3DFE088C6767BC939F492C1FA9604CD
+PT=DB1202E468119D977868F6E294E3CC3A
+
+I=99
+KEY=A4E0565DD419BDD1DA5F691FFD433332DBD42E714A3A0EB7
+CT=DB1202E468119D977868F6E294E3CC3A
+PT=6F2F682BA4F95EB8C5B883C7660B2653
+
+I=100
+KEY=3CAEE44D0E85058EB570013459BA6D8A1E6CADB62C3128E4
+CT=6F2F682BA4F95EB8C5B883C7660B2653
+PT=1036B4AA6C897D36DFE6658A953E5075
+
+I=101
+KEY=4E883A500CA89963A546B59E353310BCC18AC83CB90F7891
+CT=1036B4AA6C897D36DFE6658A953E5075
+PT=04FCB3A81E5319A16CCF212719906229
+
+I=102
+KEY=ADED5A405C5C095AA1BA06362B60091DAD45E91BA09F1AB8
+CT=04FCB3A81E5319A16CCF212719906229
+PT=CD79BAC069BB58605D43005B927816E5
+
+I=103
+KEY=5499B441405D16B06CC3BCF642DB517DF006E94032E70C5D
+CT=CD79BAC069BB58605D43005B927816E5
+PT=DB5B3C625D1F66CF28A86CC100472398
+
+I=104
+KEY=D31221246382CA8EB79880941FC437B2D8AE858132A02FC5
+CT=DB5B3C625D1F66CF28A86CC100472398
+PT=D8732A2C16EC6AE202371AF03A6F91E8
+
+I=105
+KEY=CDF928E97051F08B6FEBAAB809285D50DA999F7108CFBE2D
+CT=D8732A2C16EC6AE202371AF03A6F91E8
+PT=F0A1A353A8AB9A893F621F0BEA3B4F01
+
+I=106
+KEY=10CC2EED0ECBD1E69F4A09EBA183C7D9E5FB807AE2F4F12C
+CT=F0A1A353A8AB9A893F621F0BEA3B4F01
+PT=27E4451BD15E43F301E138713DC12E78
+
+I=107
+KEY=03C4F5E1FD3D34D1B8AE4CF070DD842AE41AB80BDF35DF54
+CT=27E4451BD15E43F301E138713DC12E78
+PT=C7FA931DA414CB37A9BDB6F128E082EE
+
+I=108
+KEY=CC5D7D36D085E3257F54DFEDD4C94F1D4DA70EFAF7D55DBA
+CT=C7FA931DA414CB37A9BDB6F128E082EE
+PT=A6777D51A0A1C94DD74A18795341015F
+
+I=109
+KEY=9F4EE4750FF3F53AD923A2BC746886509AED1683A4945CE5
+CT=A6777D51A0A1C94DD74A18795341015F
+PT=32A4D930A5597E02D7076E399D18D895
+
+I=110
+KEY=8525417BB6D8095BEB877B8CD131F8524DEA78BA398C8470
+CT=32A4D930A5597E02D7076E399D18D895
+PT=1B78FCF274EEB1E597998EE4EFFF9F8B
+
+I=111
+KEY=54EFA98071F1EF62F0FF877EA5DF49B7DA73F65ED6731BFB
+CT=1B78FCF274EEB1E597998EE4EFFF9F8B
+PT=2997FEE2823CC84DA14E8439449F5C7C
+
+I=112
+KEY=2505931CE4D41D16D968799C27E381FA7B3D726792EC4787
+CT=2997FEE2823CC84DA14E8439449F5C7C
+PT=810534A9E8DB2808FEE681B13C04411D
+
+I=113
+KEY=C2DF863BEB4F27AB586D4D35CF38A9F285DBF3D6AEE8069A
+CT=810534A9E8DB2808FEE681B13C04411D
+PT=BE2380994365F1D7FC8278E86C8B497D
+
+I=114
+KEY=036C0C95D0C26B66E64ECDAC8C5D582579598B3EC2634FE7
+CT=BE2380994365F1D7FC8278E86C8B497D
+PT=EFEC3977D5A21DC4AC786E786CA3ECE9
+
+I=115
+KEY=BD05AD63A0A9F1B509A2F4DB59FF45E1D521E546AEC0A30E
+CT=EFEC3977D5A21DC4AC786E786CA3ECE9
+PT=22A7280D8231895EA4F0B6A39AC583C3
+
+I=116
+KEY=A16DFA00981597B42B05DCD6DBCECCBF71D153E5340520CD
+CT=22A7280D8231895EA4F0B6A39AC583C3
+PT=0CC61E91B3CBCD0E190D52059E27647A
+
+I=117
+KEY=ABC1AD453235832727C3C247680501B168DC01E0AA2244B7
+CT=0CC61E91B3CBCD0E190D52059E27647A
+PT=5CE91F77F7C8F0AB1BBA802D2FFF0E9B
+
+I=118
+KEY=64D40ACA0F526EC67B2ADD309FCDF11A736681CD85DD4A2C
+CT=5CE91F77F7C8F0AB1BBA802D2FFF0E9B
+PT=255459BE5A27E08942A049F6EC44582E
+
+I=119
+KEY=8BB5C7D8B2B177855E7E848EC5EA119331C6C83B69991202
+CT=255459BE5A27E08942A049F6EC44582E
+PT=28E2E20115C3665D9D88CB74681301EA
+
+I=120
+KEY=4E30FCC4C182F471769C668FD02977CEAC4E034F018A13E8
+CT=28E2E20115C3665D9D88CB74681301EA
+PT=2E96E6BBCD999F4B1507C7EC9E4B8430
+
+I=121
+KEY=906B361E9D72E107580A80341DB0E885B949C4A39FC197D8
+CT=2E96E6BBCD999F4B1507C7EC9E4B8430
+PT=03DED0A95164E5FA215E9C49C433E95B
+
+I=122
+KEY=F656F5D9D973C02C5BD4509D4CD40D7F981758EA5BF27E83
+CT=03DED0A95164E5FA215E9C49C433E95B
+PT=AD9C16D2567B73FCA4866FE16CF09CDA
+
+I=123
+KEY=8811A4ACDF37A140F648464F1AAF7E833C91370B3702E259
+CT=AD9C16D2567B73FCA4866FE16CF09CDA
+PT=68539BFF0F8CC23A0A3267796A11B75C
+
+I=124
+KEY=E5AF2E8CDBAD01589E1BDDB01523BCB936A350725D135505
+CT=68539BFF0F8CC23A0A3267796A11B75C
+PT=B15F623E5A7D73452A419EB04AFCF72E
+
+I=125
+KEY=C9E743CAD731A62E2F44BF8E4F5ECFFC1CE2CEC217EFA22B
+CT=B15F623E5A7D73452A419EB04AFCF72E
+PT=520142AFDA69E9CFA98D8DD59CCB12BC
+
+I=126
+KEY=6CF6C656FFBB77807D45FD2195372633B56F43178B24B097
+CT=520142AFDA69E9CFA98D8DD59CCB12BC
+PT=7EC2A8430F23A5E183E0032DAB5232C5
+
+I=127
+KEY=772CEE9F934D57D4038755629A1483D2368F403A20768252
+CT=7EC2A8430F23A5E183E0032DAB5232C5
+PT=E5E3A5D968B1FF774B55CCA06BE3BD65
+
+I=128
+KEY=9A4DAB93F3C74EBBE664F0BBF2A57CA57DDA8C9A4B953F37
+CT=E5E3A5D968B1FF774B55CCA06BE3BD65
+PT=9608643D0A34DA28372A7E7E34427E1B
+
+I=129
+KEY=EF0F60BCBA3374E0706C9486F891A68D4AF0F2E47FD7412C
+CT=9608643D0A34DA28372A7E7E34427E1B
+PT=B22BD410584F29610801B18EDAB1BD19
+
+I=130
+KEY=DE013A6C3440AFF3C2474096A0DE8FEC42F1436AA566FC35
+CT=B22BD410584F29610801B18EDAB1BD19
+PT=ADEC4519F1A7AD74BCCECABEDCF20D73
+
+I=131
+KEY=2B5B547A934A5A376FAB058F51792298FE3F89D47994F146
+CT=ADEC4519F1A7AD74BCCECABEDCF20D73
+PT=E04D4FF54191BEEEF5B295A32DA2ADE5
+
+I=132
+KEY=BF356F2FFC2C538F8FE64A7A10E89C760B8D1C7754365CA3
+CT=E04D4FF54191BEEEF5B295A32DA2ADE5
+PT=3F9531EDD5072F7A9F2A62ECC2CCE50A
+
+I=133
+KEY=7CEBD7310CC4791AB0737B97C5EFB30C94A77E9B96FAB9A9
+CT=3F9531EDD5072F7A9F2A62ECC2CCE50A
+PT=C3DC95781FAE7BB6C02BD08B3617DDF1
+
+I=134
+KEY=192741D2AB9C887673AFEEEFDA41C8BA548CAE10A0ED6458
+CT=C3DC95781FAE7BB6C02BD08B3617DDF1
+PT=F69B837F168B9A9E637E7357B65F2B60
+
+I=135
+KEY=38552740A79FB5BF85346D90CCCA522437F2DD4716B24F38
+CT=F69B837F168B9A9E637E7357B65F2B60
+PT=40DCDF58E7EFDD62C114A83F8AC898BB
+
+I=136
+KEY=A0AED2C07C2168B6C5E8B2C82B258F46F6E675789C7AD783
+CT=40DCDF58E7EFDD62C114A83F8AC898BB
+PT=27F78F3BD8E04A8646EBF364155A71ED
+
+I=137
+KEY=2B4FAEBF17993E12E21F3DF3F3C5C5C0B00D861C8920A66E
+CT=27F78F3BD8E04A8646EBF364155A71ED
+PT=F305DFC8EAD44E786F59B0551C7104F5
+
+I=138
+KEY=96819F6E9738209F111AE23B19118BB8DF5436499551A29B
+CT=F305DFC8EAD44E786F59B0551C7104F5
+PT=2E47F833BE7C06ED1E42AC11366F4BEF
+
+I=139
+KEY=AAEA16BAC3E84DD73F5D1A08A76D8D55C1169A58A33EE974
+CT=2E47F833BE7C06ED1E42AC11366F4BEF
+PT=A9D3A511C3D76779B607AAB2556823AD
+
+I=140
+KEY=F66BA47C56AC5A36968EBF1964BAEA2C771130EAF656CAD9
+CT=A9D3A511C3D76779B607AAB2556823AD
+PT=153A7CC2387C05289F759C85076CDD88
+
+I=141
+KEY=1D892BCCFAF3DA1083B4C3DB5CC6EF04E864AC6FF13A1751
+CT=153A7CC2387C05289F759C85076CDD88
+PT=76B6089030D914F0F4C6078193207A7D
+
+I=142
+KEY=DAEBAF980095A397F502CB4B6C1FFBF41CA2ABEE621A6D2C
+CT=76B6089030D914F0F4C6078193207A7D
+PT=EB71D127848BA397451D45801830461E
+
+I=143
+KEY=85F86FADA92076AB1E731A6CE894586359BFEE6E7A2A2B32
+CT=EB71D127848BA397451D45801830461E
+PT=B79D9BE1B2DB808B412413C203C710DF
+
+I=144
+KEY=BEADDA5CE1E7F3D4A9EE818D5A4FD8E8189BFDAC79ED3BED
+CT=B79D9BE1B2DB808B412413C203C710DF
+PT=E6423467C3CA69D94C944FA2A97BB61F
+
+I=145
+KEY=D4664C8DCFA8304D4FACB5EA9985B131540FB20ED0968DF2
+CT=E6423467C3CA69D94C944FA2A97BB61F
+PT=18EFF53B7D62A9D9ED8AB9ABE67FC110
+
+I=146
+KEY=9CCF1EEAF55FEA5A574340D1E4E718E8B9850BA536E94CE2
+CT=18EFF53B7D62A9D9ED8AB9ABE67FC110
+PT=8E6A4AC577153D806ED71A07319CAB67
+
+I=147
+KEY=7D840184CB9D3A05D9290A1493F22568D75211A20775E785
+CT=8E6A4AC577153D806ED71A07319CAB67
+PT=B7B23D8E7D344F39B3EA0D67CCF37377
+
+I=148
+KEY=D72F35B6DD825B656E9B379AEEC66A5164B81CC5CB8694F2
+CT=B7B23D8E7D344F39B3EA0D67CCF37377
+PT=3385AD0503AF68BFBFBEAA89B1C87736
+
+I=149
+KEY=48335F06D7C27C955D1E9A9FED6902EEDB06B64C7A4EE3C4
+CT=3385AD0503AF68BFBFBEAA89B1C87736
+PT=9FC40A6B984BEEC182AB650B05CEF38C
+
+I=150
+KEY=A66149286535FD6EC2DA90F47522EC2F59ADD3477F801048
+CT=9FC40A6B984BEEC182AB650B05CEF38C
+PT=4CEC52C9DE143486DFC9D098637DFBB5
+
+I=151
+KEY=7EA78450FAEEF8BF8E36C23DAB36D8A9866403DF1CFDEBFD
+CT=4CEC52C9DE143486DFC9D098637DFBB5
+PT=EB8E40333ACD18EFB04DC0A857DDCD7A
+
+I=152
+KEY=197DDF842BAEF36E65B8820E91FBC0463629C3774B202687
+CT=EB8E40333ACD18EFB04DC0A857DDCD7A
+PT=F1AFF04058F819B0F191398C8022130F
+
+I=153
+KEY=D68841CF848B0F619417724EC903D9F6C7B8FAFBCB023588
+CT=F1AFF04058F819B0F191398C8022130F
+PT=6DF4A95D8D602C0E53F5A5C350D3EB64
+
+I=154
+KEY=6DFA0F7B01A2F011F9E3DB134463F5F8944D5F389BD1DEEC
+CT=6DF4A95D8D602C0E53F5A5C350D3EB64
+PT=057D8F9BE9260BB3A0382CD2EF7D1FCA
+
+I=155
+KEY=88227C4AD1CBC8F0FC9E5488AD45FE4B347573EA74ACC126
+CT=057D8F9BE9260BB3A0382CD2EF7D1FCA
+PT=D4EDACCB9B7B35F2A0690E22C91E25AE
+
+I=156
+KEY=848B8E3213D366B22873F843363ECBB9941C7DC8BDB2E488
+CT=D4EDACCB9B7B35F2A0690E22C91E25AE
+PT=A2F61B5BDD9F580B26C329B878BAFA3C
+
+I=157
+KEY=FA3A476D1C6E33FD8A85E318EBA193B2B2DF5470C5081EB4
+CT=A2F61B5BDD9F580B26C329B878BAFA3C
+PT=5A0616880CD40B72B58CF268EC8F934B
+
+I=158
+KEY=C9F77D58F58D5FEDD083F590E77598C00753A61829878DFF
+CT=5A0616880CD40B72B58CF268EC8F934B
+PT=0E42047D7EDE2A5FBB37767A69A45B9B
+
+I=159
+KEY=00A523C700FBB663DEC1F1ED99ABB29FBC64D0624023D664
+CT=0E42047D7EDE2A5FBB37767A69A45B9B
+PT=2AFA823A10BB436A7B00816C80A52711
+
+I=160
+KEY=660275323A59E807F43B73D78910F1F5C764510EC086F175
+CT=2AFA823A10BB436A7B00816C80A52711
+PT=B2406F3F9160E25DF7C9AA81AF6EB449
+
+I=161
+KEY=47A4FCDB97D4A383467B1CE8187013A830ADFB8F6FE8453C
+CT=B2406F3F9160E25DF7C9AA81AF6EB449
+PT=B1E01D2A401495F8DDAEAB7B04BEB23D
+
+I=162
+KEY=2BDD5B54D4EB236AF79B01C258648650ED0350F46B56F701
+CT=B1E01D2A401495F8DDAEAB7B04BEB23D
+PT=390572A9ECE28A0E0BBDC729DBE5F79A
+
+I=163
+KEY=328202460B65D004CE9E736BB4860C5EE6BE97DDB0B3009B
+CT=390572A9ECE28A0E0BBDC729DBE5F79A
+PT=5D41665811702124C597DB4E3BD950E1
+
+I=164
+KEY=94457C0A759DF4E993DF1533A5F62D7A23294C938B6A507A
+CT=5D41665811702124C597DB4E3BD950E1
+PT=689EB1CB1586D127696E8725DEE49E58
+
+I=165
+KEY=4E0226CA850DDC79FB41A4F8B070FC5D4A47CBB6558ECE22
+CT=689EB1CB1586D127696E8725DEE49E58
+PT=A2D9DF62AC8BF8A93E7A954416864052
+
+I=166
+KEY=659C817A1C10A24D59987B9A1CFB04F4743D5EF243088E70
+CT=A2D9DF62AC8BF8A93E7A954416864052
+PT=507835696F1920BD4A05797563DF5769
+
+I=167
+KEY=92192D9175187FB409E04EF373E224493E38278720D7D919
+CT=507835696F1920BD4A05797563DF5769
+PT=2070413F5103482B6C83129304E5AC87
+
+I=168
+KEY=6959063FBA59CCEC29900FCC22E16C6252BB35142432759E
+CT=2070413F5103482B6C83129304E5AC87
+PT=BF7FD1E21B41B1F1C2625C1097F1BCB8
+
+I=169
+KEY=5722993710D811B196EFDE2E39A0DD9390D96904B3C3C926
+CT=BF7FD1E21B41B1F1C2625C1097F1BCB8
+PT=6E2236654F2999545F50FA9CF63F9F2E
+
+I=170
+KEY=038FA98E7A226A9FF8CDE84B768944C7CF89939845FC5608
+CT=6E2236654F2999545F50FA9CF63F9F2E
+PT=3F370291CEDCB115C8EE409A8EEB46D6
+
+I=171
+KEY=CACF0199725D5466C7FAEADAB855F5D20767D302CB1710DE
+CT=3F370291CEDCB115C8EE409A8EEB46D6
+PT=84023DB96D373EC8315AE78A3B7E82FB
+
+I=172
+KEY=7B40321CB11520D143F8D763D562CB1A363D3488F0699225
+CT=84023DB96D373EC8315AE78A3B7E82FB
+PT=C35064D82A3016FE2C2E2CC0627E7B5C
+
+I=173
+KEY=F045CFEC2A6BC7E580A8B3BBFF52DDE41A1318489217E979
+CT=C35064D82A3016FE2C2E2CC0627E7B5C
+PT=D78DFFE87C0F95856C31A07BADA23084
+
+I=174
+KEY=86B3CA5F50CEF6C557254C53835D48617622B8333FB5D9FD
+CT=D78DFFE87C0F95856C31A07BADA23084
+PT=5B5B5D3CA5C6E5CF18F3E4EE802BE82B
+
+I=175
+KEY=E6D99DC0C58655B70C7E116F269BADAE6ED15CDDBF9E31D6
+CT=5B5B5D3CA5C6E5CF18F3E4EE802BE82B
+PT=DB65A82F6EB7A410A367165900E85117
+
+I=176
+KEY=B8F770CFBE47D070D71BB940482C09BECDB64A84BF7660C1
+CT=DB65A82F6EB7A410A367165900E85117
+PT=FE8BE8484D925043102238FF63FDAC57
+
+I=177
+KEY=FF09ADB06FE587192990510805BE59FDDD94727BDC8BCC96
+CT=FE8BE8484D925043102238FF63FDAC57
+PT=AC36E01A7AD482A8D89703D2A6528720
+
+I=178
+KEY=B5C937A4019CDAD185A6B1127F6ADB55050371A97AD94BB6
+CT=AC36E01A7AD482A8D89703D2A6528720
+PT=9F3698CE06C6497C89B58CA723F7ECAA
+
+I=179
+KEY=F60CAF8FB99B63B21A9029DC79AC92298CB6FD0E592EA71C
+CT=9F3698CE06C6497C89B58CA723F7ECAA
+PT=FB8CE2E1D332FE4557B6C5CF1676F2FB
+
+I=180
+KEY=B7CF2BABD58B5FDCE11CCB3DAA9E6C6CDB0038C14F5855E7
+CT=FB8CE2E1D332FE4557B6C5CF1676F2FB
+PT=A2631F612698318AD454E9DB10319DA6
+
+I=181
+KEY=FD99B4137CAFC47F437FD45C8C065DE60F54D11A5F69C841
+CT=A2631F612698318AD454E9DB10319DA6
+PT=FCA42B332B5974EE6DFA54B54EC89AC7
+
+I=182
+KEY=271CEEF189AD367DBFDBFF6FA75F290862AE85AF11A15286
+CT=FCA42B332B5974EE6DFA54B54EC89AC7
+PT=A70DBBDFCE54B8648C3FC4A8A58CCDF8
+
+I=183
+KEY=7B78F7ECC9B28EC718D644B0690B916CEE914107B42D9F7E
+CT=A70DBBDFCE54B8648C3FC4A8A58CCDF8
+PT=C90CE914F9310F9C3EE065DD95281A51
+
+I=184
+KEY=762F521ADF6C5F24D1DAADA4903A9EF0D07124DA2105852F
+CT=C90CE914F9310F9C3EE065DD95281A51
+PT=63E8430CE22F531E4A4D4583533F6FC4
+
+I=185
+KEY=A88A493EB3C28C49B232EEA87215CDEE9A3C6159723AEAEB
+CT=63E8430CE22F531E4A4D4583533F6FC4
+PT=E7562DC647910A052F4AFBF165A68A3A
+
+I=186
+KEY=1C97343A60EE05035564C36E3584C7EBB5769AA8179C60D1
+CT=E7562DC647910A052F4AFBF165A68A3A
+PT=3E070B3F65FD01B49849513B556DB199
+
+I=187
+KEY=C5110692100A332E6B63C8515079C65F2D3FCB9342F1D148
+CT=3E070B3F65FD01B49849513B556DB199
+PT=3DE5A45B2CAA4FAFAC3032F89F15195D
+
+I=188
+KEY=D94D8CAA9EBD67F056866C0A7CD389F0810FF96BDDE4C815
+CT=3DE5A45B2CAA4FAFAC3032F89F15195D
+PT=A36A163E8806B1E053EBE439B0D1302F
+
+I=189
+KEY=1C1D7A3E9358048CF5EC7A34F4D53810D2E41D526D35F83A
+CT=A36A163E8806B1E053EBE439B0D1302F
+PT=67CA4B988CCABA4E4DBEE6C387562762
+
+I=190
+KEY=9182E40D14973087922631AC781F825E9F5AFB91EA63DF58
+CT=67CA4B988CCABA4E4DBEE6C387562762
+PT=9F404F0E1A9FE5A988CE6E4A54FE9E23
+
+I=191
+KEY=7D89ECFC0DCFFE0A0D667EA2628067F7179495DBBE9D417B
+CT=9F404F0E1A9FE5A988CE6E4A54FE9E23
+PT=D71EFD794457C71614E4266C77193444
+
+I=192
+KEY=AC7A11D29CDA0FB6DA7883DB26D7A0E10370B3B7C984753F
+CT=D71EFD794457C71614E4266C77193444
+PT=185DBF418A6834CD118B16EAF381F3CB
+
+I=193
+KEY=1029D5FA3D38927EC2253C9AACBF942C12FBA55D3A0586F4
+CT=185DBF418A6834CD118B16EAF381F3CB
+PT=737A502DEE68DDFA3FEECD42ACE124EA
+
+I=194
+KEY=F261B484C642750CB15F6CB742D749D62D15681F96E4A21E
+CT=737A502DEE68DDFA3FEECD42ACE124EA
+PT=FD11B0F356455913E892928B5B16946B
+
+I=195
+KEY=BCCFAF05FF47A5EC4C4EDC44149210C5C587FA94CDF23675
+CT=FD11B0F356455913E892928B5B16946B
+PT=4B06F6D6D149BAF25D4C76E46EFF8571
+
+I=196
+KEY=1000A15983B73D6807482A92C5DBAA3798CB8C70A30DB304
+CT=4B06F6D6D149BAF25D4C76E46EFF8571
+PT=450713DA24492403C48CB16D2F39744E
+
+I=197
+KEY=306F097E64B634AC424F3948E1928E345C473D1D8C34C74A
+CT=450713DA24492403C48CB16D2F39744E
+PT=998CA5E3C80B66EB11EAD376FA358A92
+
+I=198
+KEY=13965208C3EF77E1DBC39CAB2999E8DF4DADEE6B76014DD8
+CT=998CA5E3C80B66EB11EAD376FA358A92
+PT=F54A34F6F0833CA808D60A8F75BB0585
+
+I=199
+KEY=1A6DC3FDD0D1F97C2E89A85DD91AD477457BE4E403BA485D
+CT=F54A34F6F0833CA808D60A8F75BB0585
+PT=8760D5CBD1DA48807BAEAF7F781680F2
+
+I=200
+KEY=228897B4E2F16967A9E97D9608C09CF73ED54B9B7BACC8AF
+CT=8760D5CBD1DA48807BAEAF7F781680F2
+PT=EF57DF7161E1BC0F7B466A50C576691A
+
+I=201
+KEY=D0E8190E72A305C946BEA2E7692120F8459321CBBEDAA1B5
+CT=EF57DF7161E1BC0F7B466A50C576691A
+PT=E01ECA338A93EA38E43B2F364314C121
+
+I=202
+KEY=087F0486B80659F0A6A068D4E3B2CAC0A1A80EFDFDCE6094
+CT=E01ECA338A93EA38E43B2F364314C121
+PT=A7683273638D02272FF6A311BB94256F
+
+I=203
+KEY=1D807E4730DDA3EB01C85AA7803FC8E78E5EADEC465A45FB
+CT=A7683273638D02272FF6A311BB94256F
+PT=1BCC3DF6B07BD2615C13E381F5F877C3
+
+I=204
+KEY=D4D4F2780D52D7521A04675130441A86D24D4E6DB3A23238
+CT=1BCC3DF6B07BD2615C13E381F5F877C3
+PT=D1B3B793D1377E82A2DE5D46E53791FB
+
+I=205
+KEY=86D08D85652DB662CBB7D0C2E17364047093132B5695A3C3
+CT=D1B3B793D1377E82A2DE5D46E53791FB
+PT=9AC7AF9B82621E18E4FF613EAA609F46
+
+I=206
+KEY=C03996907AC99A7A51707F5963117A1C946C7215FCF53C85
+CT=9AC7AF9B82621E18E4FF613EAA609F46
+PT=57F3FA35A42C29F33DEC4671140264A4
+
+I=207
+KEY=F8CA52D95C587EF80683856CC73D53EFA9803464E8F75821
+CT=57F3FA35A42C29F33DEC4671140264A4
+PT=A887ED8BF6C19F5012F317A4FCF3D7BF
+
+I=208
+KEY=DE99CC8F9756C1DCAE0468E731FCCCBFBB7323C014048F9E
+CT=A887ED8BF6C19F5012F317A4FCF3D7BF
+PT=A29C8D764BCF211C789158A9B8EB330C
+
+I=209
+KEY=9228DB1B61E0D8670C98E5917A33EDA3C3E27B69ACEFBC92
+CT=A29C8D764BCF211C789158A9B8EB330C
+PT=EB6AFD9B36315DB322EC8C4243043F50
+
+I=210
+KEY=24AFE14097C2A217E7F2180A4C02B010E10EF72BEFEB83C2
+CT=EB6AFD9B36315DB322EC8C4243043F50
+PT=05C8AC90CCD00E2A3809C68C11D6D65A
+
+I=211
+KEY=32810943F9313BD0E23AB49A80D2BE3AD90731A7FE3D5598
+CT=05C8AC90CCD00E2A3809C68C11D6D65A
+PT=E39991B58C52154166AD09367B04C67A
+
+I=212
+KEY=FBEC72A177254EA501A3252F0C80AB7BBFAA3891853993E2
+CT=E39991B58C52154166AD09367B04C67A
+PT=CBC8974F72F77A1821FC69B29FE2DB60
+
+I=213
+KEY=C706D206DE538439CA6BB2607E77D1639E5651231ADB4882
+CT=CBC8974F72F77A1821FC69B29FE2DB60
+PT=1D08F4E2B8DFED1032B6CA5211B3E34C
+
+I=214
+KEY=9A7EB0A4F8E67F87D7634682C6A83C73ACE09B710B68ABCE
+CT=1D08F4E2B8DFED1032B6CA5211B3E34C
+PT=1888CEC22449EFF96BDC2C7A242BBBDC
+
+I=215
+KEY=70CA2CAD6A50D22BCFEB8840E2E1D38AC73CB70B2F431012
+CT=1888CEC22449EFF96BDC2C7A242BBBDC
+PT=032E6155677B6A72D7F94C7A9A9AA53F
+
+I=216
+KEY=B16697FEA247CDB9CCC5E915859AB9F810C5FB71B5D9B52D
+CT=032E6155677B6A72D7F94C7A9A9AA53F
+PT=9B43BBD1C0CEBF7593E9BC0ABB626E96
+
+I=217
+KEY=7A3E844BEB897A63578652C44554068D832C477B0EBBDBBB
+CT=9B43BBD1C0CEBF7593E9BC0ABB626E96
+PT=8D661E03C61C28D5786EBCEBE0D5B63D
+
+I=218
+KEY=E7A1B96EFC4D5FB5DAE04CC783482E58FB42FB90EE6E6D86
+CT=8D661E03C61C28D5786EBCEBE0D5B63D
+PT=F61D5DCBF8F2F3F0EAB387149790E079
+
+I=219
+KEY=0EDA761C06FBA0A02CFD110C7BBADDA811F17C8479FE8DFF
+CT=F61D5DCBF8F2F3F0EAB387149790E079
+PT=1F03E0957B6892533BBEAB06EB35AD4F
+
+I=220
+KEY=E242AD5B7141916133FEF19900D24FFB2A4FD78292CB20B0
+CT=1F03E0957B6892533BBEAB06EB35AD4F
+PT=BB9E7343035F88764B229D506E7ADC7B
+
+I=221
+KEY=D901A6CF874A6A77886082DA038DC78D616D4AD2FCB1FCCB
+CT=BB9E7343035F88764B229D506E7ADC7B
+PT=3934EBF7AD2243C0D09734E30B41C0E4
+
+I=222
+KEY=0F488E86E7D92F29B154692DAEAF844DB1FA7E31F7F03C2F
+CT=3934EBF7AD2243C0D09734E30B41C0E4
+PT=B9CE1A1A9595E7235F5B10FBA29ACCD2
+
+I=223
+KEY=A7E2CF991692247A089A73373B3A636EEEA16ECA556AF0FD
+CT=B9CE1A1A9595E7235F5B10FBA29ACCD2
+PT=624EBA65EE9E3E1BDF8C5AA7E1283A65
+
+I=224
+KEY=1DE03E09395E56CE6AD4C952D5A45D75312D346DB442CA98
+CT=624EBA65EE9E3E1BDF8C5AA7E1283A65
+PT=375132E5F47DA19E80CC8652BE5A3692
+
+I=225
+KEY=51B6813629EFE53C5D85FBB721D9FCEBB1E1B23F0A18FC0A
+CT=375132E5F47DA19E80CC8652BE5A3692
+PT=8165A4126FE75EFC6AFF7BFD732F94A6
+
+I=226
+KEY=8DD50DFF93624339DCE05FA54E3EA217DB1EC9C2793768AC
+CT=8165A4126FE75EFC6AFF7BFD732F94A6
+PT=35012FABD289E6B7FB07946591D18F0D
+
+I=227
+KEY=C7A4F75CB74C7F3DE9E1700E9CB744A020195DA7E8E6E7A1
+CT=35012FABD289E6B7FB07946591D18F0D
+PT=C26F37D700677ED72F4FC2C8F6AEADE2
+
+I=228
+KEY=198B572CD0E711352B8E47D99CD03A770F569F6F1E484A43
+CT=C26F37D700677ED72F4FC2C8F6AEADE2
+PT=CB29ECE41596736B72AED2460AEEFBA2
+
+I=229
+KEY=0A1FB41CA720E357E0A7AB3D8946491C7DF84D2914A6B1E1
+CT=CB29ECE41596736B72AED2460AEEFBA2
+PT=7F7BD6FAF9C37D5522A3BF480CCEBF20
+
+I=230
+KEY=7E383601899DEA729FDC7DC7708534495F5BF26118680EC1
+CT=7F7BD6FAF9C37D5522A3BF480CCEBF20
+PT=C501E371005DF57E0037F41A744D026F
+
+I=231
+KEY=13ACF410865B41E15ADD9EB670D8C1375F6C067B6C250CAE
+CT=C501E371005DF57E0037F41A744D026F
+PT=624EF8749580108CDC7A020179F81D0F
+
+I=232
+KEY=75F025072AA2406F389366C2E558D1BB8316047A15DD11A1
+CT=624EF8749580108CDC7A020179F81D0F
+PT=40D72550603522C67180DE6EC3D30139
+
+I=233
+KEY=C5ED76F88EA65C3D78444392856DF37DF296DA14D60E1098
+CT=40D72550603522C67180DE6EC3D30139
+PT=96C6F647AFB90F804431F9E2F1780F29
+
+I=234
+KEY=E827DFF88D0B1A43EE82B5D52AD4FCFDB6A723F627761FB1
+CT=96C6F647AFB90F804431F9E2F1780F29
+PT=CCB934A501DDAD11E994938A214EB189
+
+I=235
+KEY=F0777D1BFF12EE42223B81702B0951EC5F33B07C0638AE38
+CT=CCB934A501DDAD11E994938A214EB189
+PT=07825F2D35E761C76893B697E30E4D08
+
+I=236
+KEY=6912B59C06C90D3725B9DE5D1EEE302B37A006EBE536E330
+CT=07825F2D35E761C76893B697E30E4D08
+PT=1F674E97F88EB1DA1DD24C0AB4321258
+
+I=237
+KEY=AE24933526FAE5F83ADE90CAE66081F12A724AE15104F168
+CT=1F674E97F88EB1DA1DD24C0AB4321258
+PT=B6DE499EBE0B3C30F1DAC8E40FE9F10C
+
+I=238
+KEY=F348F88852CF356C8C00D954586BBDC1DBA882055EED0064
+CT=B6DE499EBE0B3C30F1DAC8E40FE9F10C
+PT=105E31DBDE33764B098862AF6D0B6CD2
+
+I=239
+KEY=83B06CC00A17D3149C5EE88F8658CB8AD220E0AA33E66CB6
+CT=105E31DBDE33764B098862AF6D0B6CD2
+PT=697D6537677B20C188246FBF4997C7CB
+
+I=240
+KEY=A5381A9C91D61A01F5238DB8E123EB4B5A048F157A71AB7D
+CT=697D6537677B20C188246FBF4997C7CB
+PT=4FBFB0EFBA92C1E0189E2C3097AA35BA
+
+I=241
+KEY=FDF831A7D1345AFEBA9C3D575BB12AAB429AA325EDDB9EC7
+CT=4FBFB0EFBA92C1E0189E2C3097AA35BA
+PT=600288531DCEB99B69A7890CE804FA9F
+
+I=242
+KEY=A10ED54E7B2B2B2BDA9EB504467F93302B3D2A2905DF6458
+CT=600288531DCEB99B69A7890CE804FA9F
+PT=EE94D4376D9332C8DCD05C695EDB124F
+
+I=243
+KEY=2F69F01250D7745F340A61332BECA1F8F7ED76405B047617
+CT=EE94D4376D9332C8DCD05C695EDB124F
+PT=7EDC3182C36DC5A172B170A919524888
+
+I=244
+KEY=FCD5F8FAB347624E4AD650B1E8816459855C06E942563E9F
+CT=7EDC3182C36DC5A172B170A919524888
+PT=95FA03C96DFCB9ABCFF23B5ABFBABCDE
+
+I=245
+KEY=A9307E62197A747EDF2C5378857DDDF24AAE3DB3FDEC8241
+CT=95FA03C96DFCB9ABCFF23B5ABFBABCDE
+PT=6CE2C6CFC61667965C20B0BE11B55DDE
+
+I=246
+KEY=DA3B03896DDFDE08B3CE95B7436BBA64168E8D0DEC59DF9F
+CT=6CE2C6CFC61667965C20B0BE11B55DDE
+PT=3DBDFBE63A6FAE7572C778108A62A27C
+
+I=247
+KEY=7D766BAD6E536CE38E736E51790414116449F51D663B7DE3
+CT=3DBDFBE63A6FAE7572C778108A62A27C
+PT=1C197D3449FED6ED6924E14B43A17BF0
+
+I=248
+KEY=36F69C30B0272CAB926A136530FAC2FC0D6D1456259A0613
+CT=1C197D3449FED6ED6924E14B43A17BF0
+PT=0B0CCC6F508C18168284F7976AD81BEE
+
+I=249
+KEY=632661C312B2EB5D9966DF0A6076DAEA8FE9E3C14F421DFD
+CT=0B0CCC6F508C18168284F7976AD81BEE
+PT=F437B8FD92CE37D8D74550C5BE29BF99
+
+I=250
+KEY=5FB1BDFC29EFE2DA6D5167F7F2B8ED3258ACB304F16BA264
+CT=F437B8FD92CE37D8D74550C5BE29BF99
+PT=78F6E6F6480A04F5632EA112170F928C
+
+I=251
+KEY=2B24C5188F4A2E7B15A78101BAB2E9C73B821216E66430E8
+CT=78F6E6F6480A04F5632EA112170F928C
+PT=2FD38831EE4D09DD8DB9A84B5825B528
+
+I=252
+KEY=F816FB720A08828C3A74093054FFE01AB63BBA5DBE4185C0
+CT=2FD38831EE4D09DD8DB9A84B5825B528
+PT=ED307697B51CFAD7052A3A7B3A564990
+
+I=253
+KEY=776B08F4778FAB96D7447FA7E1E31ACDB31180268417CC50
+CT=ED307697B51CFAD7052A3A7B3A564990
+PT=DB9952A98F0D4B045C624EFA5619CAF9
+
+I=254
+KEY=C7A944C9BA2D5F740CDD2D0E6EEE51C9EF73CEDCD20E06A9
+CT=DB9952A98F0D4B045C624EFA5619CAF9
+PT=DADA40BF0E367AF50874BB2628251AA3
+
+I=255
+KEY=69B8688D9C1ECD95D6076DB160D82B3CE70775FAFA2B1C0A
+CT=DADA40BF0E367AF50874BB2628251AA3
+PT=35DFA85D3F2D7F47DD7865EA0BC73A5C
+
+I=256
+KEY=7E6C7E90EDE36F44E3D8C5EC5FF5547B3A7F1010F1EC2656
+CT=35DFA85D3F2D7F47DD7865EA0BC73A5C
+PT=EE0231F994C2DB6C7C04746170F03E54
+
+I=257
+KEY=0E56C8FD184AB5D40DDAF415CB378F17467B6471811C1802
+CT=EE0231F994C2DB6C7C04746170F03E54
+PT=D9F314FEAD11122CE8F532ED0C0B129C
+
+I=258
+KEY=267BC5325796002BD429E0EB66269D3BAE8E569C8D170A9E
+CT=D9F314FEAD11122CE8F532ED0C0B129C
+PT=74A32BDFF53A59F09AAFB328977E05B1
+
+I=259
+KEY=889B6087CAAD1B43A08ACB34931CC4CB3421E5B41A690F2F
+CT=74A32BDFF53A59F09AAFB328977E05B1
+PT=D4CCC3077C15EE470D5EFCF815A48410
+
+I=260
+KEY=F9AE78D077E3F98574460833EF092A8C397F194C0FCD8B3F
+CT=D4CCC3077C15EE470D5EFCF815A48410
+PT=29284B0E7776DFB8BB536B3C16399D62
+
+I=261
+KEY=71BBCD4B1F4B04265D6E433D987FF534822C727019F4165D
+CT=29284B0E7776DFB8BB536B3C16399D62
+PT=202326CEAD57A5C13592FFBFFD5BF508
+
+I=262
+KEY=F6F461C7931CF0317D4D65F3352850F5B7BE8DCFE4AFE355
+CT=202326CEAD57A5C13592FFBFFD5BF508
+PT=B9AFAD0658E1A4A1EECAA25B2863AD53
+
+I=263
+KEY=BC0D82D3B7909D54C4E2C8F56DC9F45459742F94CCCC4E06
+CT=B9AFAD0658E1A4A1EECAA25B2863AD53
+PT=DE7AC7F7381DD34F3148911F306F4161
+
+I=264
+KEY=339FFE2E01AB1D621A980F0255D4271B683CBE8BFCA30F67
+CT=DE7AC7F7381DD34F3148911F306F4161
+PT=F197DE9FED1EA08F6C17E631BF5449FE
+
+I=265
+KEY=EC908F9A4F266644EB0FD19DB8CA8794042B58BA43F74699
+CT=F197DE9FED1EA08F6C17E631BF5449FE
+PT=7E1416C06ED3F56782DB5CB536B9B56E
+
+I=266
+KEY=CFE36CCCC94F8A5B951BC75DD61972F386F0040F754EF3F7
+CT=7E1416C06ED3F56782DB5CB536B9B56E
+PT=BE1FE1F7B4CFF55D15BBCB6D9313729D
+
+I=267
+KEY=90690906407FB8AC2B0426AA62D687AE934BCF62E65D816A
+CT=BE1FE1F7B4CFF55D15BBCB6D9313729D
+PT=50E6818C06583D3D1C99C4A127D118CF
+
+I=268
+KEY=5D2A712578EC47217BE2A726648EBA938FD20BC3C18C99A5
+CT=50E6818C06583D3D1C99C4A127D118CF
+PT=E1BFD3ED18E9A6D7BF383D590DA23B59
+
+I=269
+KEY=3CA141EE57D7E0FC9A5D74CB7C671C4430EA369ACC2EA2FC
+CT=E1BFD3ED18E9A6D7BF383D590DA23B59
+PT=03961127347C141C01F5276CB9BB31F7
+
+I=270
+KEY=65E9B8AE22DC52A599CB65EC481B0858311F11F67595930B
+CT=03961127347C141C01F5276CB9BB31F7
+PT=E9A8336DC0B530A86988B2DE74EDFFA1
+
+I=271
+KEY=870A30E0F3B836FA7063568188AE38F05897A32801786CAA
+CT=E9A8336DC0B530A86988B2DE74EDFFA1
+PT=B5FA5E388CFFFE2BA33436CC39A73972
+
+I=272
+KEY=4B81E55C765F570CC59908B90451C6DBFBA395E438DF55D8
+CT=B5FA5E388CFFFE2BA33436CC39A73972
+PT=CEF4896BBC86F1E02312479C40D96DAE
+
+I=273
+KEY=0FAB0DCFB6E3E7940B6D81D2B8D7373BD8B1D27878063876
+CT=CEF4896BBC86F1E02312479C40D96DAE
+PT=F195F5321FCAA68B0B0CBA83978A8084
+
+I=274
+KEY=F860076D3847A80BFAF874E0A71D91B0D3BD68FBEF8CB8F2
+CT=F195F5321FCAA68B0B0CBA83978A8084
+PT=861575205386223EBC6B48B22C35A2A6
+
+I=275
+KEY=B2DB77DC3E18C3A77CED01C0F49BB38E6FD62049C3B91A54
+CT=861575205386223EBC6B48B22C35A2A6
+PT=DC074F3D41C62DA9D609A982DEB9E074
+
+I=276
+KEY=E632B0C6EE68910EA0EA4EFDB55D9E27B9DF89CB1D00FA20
+CT=DC074F3D41C62DA9D609A982DEB9E074
+PT=6933F4F193B028A22B913453B0B4C9A2
+
+I=277
+KEY=88AA3FEE5FDFA336C9D9BA0C26EDB685924EBD98ADB43382
+CT=6933F4F193B028A22B913453B0B4C9A2
+PT=56811E665DDFBEA07A7C2C762F0D5C73
+
+I=278
+KEY=2A0A1FE31ADFC64F9F58A46A7B320825E83291EE82B96FF1
+CT=56811E665DDFBEA07A7C2C762F0D5C73
+PT=CFF92E47C8C973ADA7B57D9FE320B356
+
+I=279
+KEY=7958F9D10B6DC91050A18A2DB3FB7B884F87EC716199DCA7
+CT=CFF92E47C8C973ADA7B57D9FE320B356
+PT=A55A4F827552761580DC27E0712051B1
+
+I=280
+KEY=ADDB73FE13D439CAF5FBC5AFC6A90D9DCF5BCB9110B98D16
+CT=A55A4F827552761580DC27E0712051B1
+PT=734B095C3C54FCDE26C33659C82CACCB
+
+I=281
+KEY=E979AF9C739F60AE86B0CCF3FAFDF143E998FDC8D89521DD
+CT=734B095C3C54FCDE26C33659C82CACCB
+PT=122A4F2ADE6C69364943658517A56587
+
+I=282
+KEY=E05BDC75E94EB2A8949A83D924919875A0DB984DCF30445A
+CT=122A4F2ADE6C69364943658517A56587
+PT=C6EF3170C5EF69B479AC6653E8B7E979
+
+I=283
+KEY=67AF0BE0DE572F595275B2A9E17EF1C1D977FE1E2787AD23
+CT=C6EF3170C5EF69B479AC6653E8B7E979
+PT=51113FF8A1000A5449F24E8E5363FB72
+
+I=284
+KEY=7C8DCBB512AE775603648D51407EFB959085B09074E45651
+CT=51113FF8A1000A5449F24E8E5363FB72
+PT=B9341E24A41C9D9CE56D6E4F17A7A311
+
+I=285
+KEY=EEBE49DAF88030F5BA509375E462660975E8DEDF6343F540
+CT=B9341E24A41C9D9CE56D6E4F17A7A311
+PT=26A135C466B061791DE40A40E9366FC6
+
+I=286
+KEY=A06A0B9127769EF79CF1A6B182D20770680CD49F8A759A86
+CT=26A135C466B061791DE40A40E9366FC6
+PT=AE832B68C147CF8A70A8E5CCC3FF05F2
+
+I=287
+KEY=CD394B7808099B2832728DD94395C8FA18A43153498A9F74
+CT=AE832B68C147CF8A70A8E5CCC3FF05F2
+PT=72747F478E3AE57C6C7D6D4E5C4FCE71
+
+I=288
+KEY=80D4A1BD538D11434006F29ECDAF2D8674D95C1D15C55105
+CT=72747F478E3AE57C6C7D6D4E5C4FCE71
+PT=21539022400BEE401E8FE7E9F0F7AAC3
+
+I=289
+KEY=C8BCB868E11B46E3615562BC8DA4C3C66A56BBF4E532FBC6
+CT=21539022400BEE401E8FE7E9F0F7AAC3
+PT=44149C7C375F07B7169C8A9A14133C8C
+
+I=290
+KEY=DFC35DD4FAD95C2A2541FEC0BAFBC4717CCA316EF121C74A
+CT=44149C7C375F07B7169C8A9A14133C8C
+PT=2A7FA9D2EACC0C5444510E7D69EB3FD6
+
+I=291
+KEY=73B0B53EE6D591140F3E57125037C825389B3F1398CAF89C
+CT=2A7FA9D2EACC0C5444510E7D69EB3FD6
+PT=9949145B8C88D03BBA46FEBE9856B732
+
+I=292
+KEY=7BFBD6A0A317DEE996774349DCBF181E82DDC1AD009C4FAE
+CT=9949145B8C88D03BBA46FEBE9856B732
+PT=714E072347ECDEA4F8EB2B02746FBC66
+
+I=293
+KEY=CA326A1D191B2BC6E739446A9B53C6BA7A36EAAF74F3F3C8
+CT=714E072347ECDEA4F8EB2B02746FBC66
+PT=CCF2295814759A5004E8C3E2B97C4958
+
+I=294
+KEY=428400F7196D32C62BCB6D328F265CEA7EDE294DCD8FBA90
+CT=CCF2295814759A5004E8C3E2B97C4958
+PT=12108AB0753EAAE007DEFF2EBA8A3EF0
+
+I=295
+KEY=3E38F6FA3F49742339DBE782FA18F60A7900D66377058460
+CT=12108AB0753EAAE007DEFF2EBA8A3EF0
+PT=0109AC127FB55B91BC922EDFF3C43819
+
+I=296
+KEY=07C585ABD1C227D638D24B9085ADAD9BC592F8BC84C1BC79
+CT=0109AC127FB55B91BC922EDFF3C43819
+PT=33FF03F6966E81EE28889CFA0B9BA8B9
+
+I=297
+KEY=FB823872148252C20B2D486613C32C75ED1A64468F5A14C0
+CT=33FF03F6966E81EE28889CFA0B9BA8B9
+PT=D8468C180BAC0F6D703611DDAD951014
+
+I=298
+KEY=F81900EAD21ECE3BD36BC47E186F23189D2C759B22CF04D4
+CT=D8468C180BAC0F6D703611DDAD951014
+PT=07994906A8377D64F2D32DB4BB170EF1
+
+I=299
+KEY=2ADC8C0244307531D4F28D78B0585E7C6FFF582F99D80A25
+CT=07994906A8377D64F2D32DB4BB170EF1
+PT=48382015F82AA7EC8944C40275595CEF
+
+I=300
+KEY=2E917F5C5BAB80939CCAAD6D4872F990E6BB9C2DEC8156CA
+CT=48382015F82AA7EC8944C40275595CEF
+PT=D4EEE0A1A56118EB8F6AE16FE16F70ED
+
+I=301
+KEY=126D396B29E0252248244DCCED13E17B69D17D420DEE2627
+CT=D4EEE0A1A56118EB8F6AE16FE16F70ED
+PT=358E5FAE4A4ED6B1058E32942AE030DB
+
+I=302
+KEY=D390A60684F5C9147DAA1262A75D37CA6C5F4FD6270E16FC
+CT=358E5FAE4A4ED6B1058E32942AE030DB
+PT=B9730D311EA8312DAC34F444A4560DDC
+
+I=303
+KEY=0B2A03E62FCD9B06C4D91F53B9F506E7C06BBB9283581B20
+CT=B9730D311EA8312DAC34F444A4560DDC
+PT=D64F286B32B4058A51B73844BCA93DDA
+
+I=304
+KEY=5858183C5713BBD6129637388B41036D91DC83D63FF126FA
+CT=D64F286B32B4058A51B73844BCA93DDA
+PT=78425B7FE64D972C642ED17369ED8844
+
+I=305
+KEY=C555D9DC23D3A1846AD46C476D0C9441F5F252A5561CAEBE
+CT=78425B7FE64D972C642ED17369ED8844
+PT=2DE9202F4CD7F67C7B7F94CF7F3B9B5A
+
+I=306
+KEY=7BA871DA6E336CFA473D4C6821DB623D8E8DC66A292735E4
+CT=2DE9202F4CD7F67C7B7F94CF7F3B9B5A
+PT=A30322EC9A51266B50153995BCEBC846
+
+I=307
+KEY=55BF35687EBA169AE43E6E84BB8A4456DE98FFFF95CCFDA2
+CT=A30322EC9A51266B50153995BCEBC846
+PT=14754B0469683F36E4791FD9B8B1C585
+
+I=308
+KEY=0404CAE90360F118F04B2580D2E27B603AE1E0262D7D3827
+CT=14754B0469683F36E4791FD9B8B1C585
+PT=E8592DC147A1DC4F48D43E365B9D63FF
+
+I=309
+KEY=109E16AA717A4EF4181208419543A72F7235DE1076E05BD8
+CT=E8592DC147A1DC4F48D43E365B9D63FF
+PT=47A3BF0743562C7D412563C94C2CD717
+
+I=310
+KEY=0A8DC7647F8C06D15FB1B746D6158B523310BDD93ACC8CCF
+CT=47A3BF0743562C7D412563C94C2CD717
+PT=63F8C6A062937471364050815D856793
+
+I=311
+KEY=CC9B8854C13F73623C4971E6B486FF230550ED586749EB5C
+CT=63F8C6A062937471364050815D856793
+PT=E70443AF44BF549607251A86CD83A4D3
+
+I=312
+KEY=2D067D896DF1E749DB4D3249F039ABB50275F7DEAACA4F8F
+CT=E70443AF44BF549607251A86CD83A4D3
+PT=ACEF2AE95CA660AEE513BF48BCF7D125
+
+I=313
+KEY=DEC45DD3C0DAD30A77A218A0AC9FCB1BE7664896163D9EAA
+CT=ACEF2AE95CA660AEE513BF48BCF7D125
+PT=859E9E4001245A50ED76055539672F1A
+
+I=314
+KEY=6F208E93D9C89CE8F23C86E0ADBB914B0A104DC32F5AB1B0
+CT=859E9E4001245A50ED76055539672F1A
+PT=42B059061FE4C86C7AC2B7C8B62820C2
+
+I=315
+KEY=86EC7CE558994E8EB08CDFE6B25F592770D2FA0B99729172
+CT=42B059061FE4C86C7AC2B7C8B62820C2
+PT=01C6296F1532450F182D6A3FC8249DD7
+
+I=316
+KEY=C74B31CEC9B31130B14AF689A76D1C2868FF903451560CA5
+CT=01C6296F1532450F182D6A3FC8249DD7
+PT=14334054946821E3FE8D72D1EF402EE1
+
+I=317
+KEY=AC636B2AD3699560A579B6DD33053DCB9672E2E5BE162244
+CT=14334054946821E3FE8D72D1EF402EE1
+PT=F09B2FE9A8F17CD847532D4979D2A8C4
+
+I=318
+KEY=6F956E3680FC783155E299349BF44113D121CFACC7C48A80
+CT=F09B2FE9A8F17CD847532D4979D2A8C4
+PT=4C97BD8822E63C7A2EE0E444563AF1C8
+
+I=319
+KEY=C69B2FB718C41B1A197524BCB9127D69FFC12BE891FE7B48
+CT=4C97BD8822E63C7A2EE0E444563AF1C8
+PT=344E85BE2C8B36430C8058B310062171
+
+I=320
+KEY=BFFA143B8A18CACF2D3BA10295994B2AF341735B81F85A39
+CT=344E85BE2C8B36430C8058B310062171
+PT=FF3F882CB22D13A8631DCA6DD702D0E0
+
+I=321
+KEY=22F58A0FC077AB5FD204292E27B45882905CB93656FA8AD9
+CT=FF3F882CB22D13A8631DCA6DD702D0E0
+PT=866B2E52CF71505973D9D6642C8178BB
+
+I=322
+KEY=DC8CE7A9130F3662546F077CE8C508DBE3856F527A7BF262
+CT=866B2E52CF71505973D9D6642C8178BB
+PT=4802741ADF67A3811A8AEC7008D8827E
+
+I=323
+KEY=743B09AA8FD3C6A01C6D736637A2AB5AF90F832272A3701C
+CT=4802741ADF67A3811A8AEC7008D8827E
+PT=FD3701579815D02BE878C74ABB98C59B
+
+I=324
+KEY=865B3EC9EFBE27D0E15A7231AFB77B7111774468C93BB587
+CT=FD3701579815D02BE878C74ABB98C59B
+PT=99BCA8250D54F3A9A72054AF5578F842
+
+I=325
+KEY=041C037E08923FFF78E6DA14A2E388D8B65710C79C434DC5
+CT=99BCA8250D54F3A9A72054AF5578F842
+PT=F0DA5C0E446547356D5027BA346A831C
+
+I=326
+KEY=FBABCE025CF5FF3D883C861AE686CFEDDB07377DA829CED9
+CT=F0DA5C0E446547356D5027BA346A831C
+PT=EED0140AF408652DD879E3289536C389
+
+I=327
+KEY=3F12399A3E5C0F9566EC9210128EAAC0037ED4553D1F0D50
+CT=EED0140AF408652DD879E3289536C389
+PT=FDC7299A95BDB941A299478B7B409EF8
+
+I=328
+KEY=D541517B701036E39B2BBB8A87331381A1E793DE465F93A8
+CT=FDC7299A95BDB941A299478B7B409EF8
+PT=5BE5AEC30578CD03BA7B17E8B16AAFBF
+
+I=329
+KEY=6657840FF425DD8AC0CE1549824BDE821B9C8436F7353C17
+CT=5BE5AEC30578CD03BA7B17E8B16AAFBF
+PT=3C7A9745F48DA61CF7875A449E24C735
+
+I=330
+KEY=52D29BBD64550DFBFCB4820C76C6789EEC1BDE726911FB22
+CT=3C7A9745F48DA61CF7875A449E24C735
+PT=69516DE0343F3552830D28CE8B9A282C
+
+I=331
+KEY=3699B16BB0349B9195E5EFEC42F94DCC6F16F6BCE28BD30E
+CT=69516DE0343F3552830D28CE8B9A282C
+PT=EB09EE300286690EA65A30526A43B86B
+
+I=332
+KEY=60E79B9E7C41814E7EEC01DC407F24C2C94CC6EE88C86B65
+CT=EB09EE300286690EA65A30526A43B86B
+PT=A235384FE517A5F455BBE6B850C05E33
+
+I=333
+KEY=11F650282BBCB584DCD93993A56881369CF72056D8083556
+CT=A235384FE517A5F455BBE6B850C05E33
+PT=41E297350390E91EC00FF875B3CA60BA
+
+I=334
+KEY=11B449F7EE983AB89D3BAEA6A6F868285CF8D8236BC255EC
+CT=41E297350390E91EC00FF875B3CA60BA
+PT=5FB9F6408D54401A9A76288AE3A04944
+
+I=335
+KEY=54CBA9A5782ED91FC28258E62BAC2832C68EF0A988621CA8
+CT=5FB9F6408D54401A9A76288AE3A04944
+PT=7C9CD2510E96FF37BF75E57E84098535
+
+I=336
+KEY=871169F28E704C95BE1E8AB7253AD70579FB15D70C6B999D
+CT=7C9CD2510E96FF37BF75E57E84098535
+PT=8E041B8C74A84D747B02714452B34F11
+
+I=337
+KEY=7F44ED6AA755957A301A913B51929A7102F964935ED8D68C
+CT=8E041B8C74A84D747B02714452B34F11
+PT=3698639F56657A40D52B9B8015448C2A
+
+I=338
+KEY=EEAF09001996BA6E0682F2A407F7E031D7D2FF134B9C5AA6
+CT=3698639F56657A40D52B9B8015448C2A
+PT=79FB5E4A065D29E1CA3E15897B60032F
+
+I=339
+KEY=D21CCA06254A64C97F79ACEE01AAC9D01DECEA9A30FC5989
+CT=79FB5E4A065D29E1CA3E15897B60032F
+PT=C582F5F8D9D2E9323C769B2B1AE369BD
+
+I=340
+KEY=29D2F84E4568BA6FBAFB5916D87820E2219A71B12A1F3034
+CT=C582F5F8D9D2E9323C769B2B1AE369BD
+PT=916405DC8F2AD50548997D87BCCADBFB
+
+I=341
+KEY=43AC4D54A8A0222F2B9F5CCA5752F5E769030C3696D5EBCF
+CT=916405DC8F2AD50548997D87BCCADBFB
+PT=0E9FF0E147A47056EC6B09837C9E0E62
+
+I=342
+KEY=9AF110B8274794772500AC2B10F685B1856805B5EA4BE5AD
+CT=0E9FF0E147A47056EC6B09837C9E0E62
+PT=3B6E3CAAC358427980E66E3D30D39E4F
+
+I=343
+KEY=49F910E7957BC95C1E6E9081D3AEC7C8058E6B88DA987BE2
+CT=3B6E3CAAC358427980E66E3D30D39E4F
+PT=25CBE5AB4C6785C0F2847CF89F2635AB
+
+I=344
+KEY=64D90092DD97AC3C3BA5752A9FC94208F70A177045BE4E49
+CT=25CBE5AB4C6785C0F2847CF89F2635AB
+PT=3D9200D39461D8B2CE7874DA20BFD9DA
+
+I=345
+KEY=C7A8403AFB011673063775F90BA89ABA397263AA65019793
+CT=3D9200D39461D8B2CE7874DA20BFD9DA
+PT=E61E7E06A1E1F656AE8F8C29C96E5A16
+
+I=346
+KEY=071AF635AF7A9602E0290BFFAA496CEC97FDEF83AC6FCD85
+CT=E61E7E06A1E1F656AE8F8C29C96E5A16
+PT=7488BB35F06E94F31A744D1EA95E71D0
+
+I=347
+KEY=A4B5ECB7047E08D694A1B0CA5A27F81F8D89A29D0531BC55
+CT=7488BB35F06E94F31A744D1EA95E71D0
+PT=3912DC00C0AB79C473CA2CC8F69262F0
+
+I=348
+KEY=BD4478B38A0E9347ADB36CCA9A8C81DBFE438E55F3A3DEA5
+CT=3912DC00C0AB79C473CA2CC8F69262F0
+PT=C4B546F134A016DADA8E7C478B1E7D45
+
+I=349
+KEY=F7B6F476517483AD69062A3BAE2C970124CDF21278BDA3E0
+CT=C4B546F134A016DADA8E7C478B1E7D45
+PT=298524C5D468EBFA97DEFEC7B80EE752
+
+I=350
+KEY=8E0C5244F7417C2440830EFE7A447CFBB3130CD5C0B344B2
+CT=298524C5D468EBFA97DEFEC7B80EE752
+PT=B27EFB90BA3A27A1077C6742D5B68396
+
+I=351
+KEY=C6E8F264FA0C9A9AF2FDF56EC07E5B5AB46F6B971505C724
+CT=B27EFB90BA3A27A1077C6742D5B68396
+PT=D02C27A94DD3B772B338C7462379B009
+
+I=352
+KEY=AD694D243DCC6B7B22D1D2C78DADEC280757ACD1367C772D
+CT=D02C27A94DD3B772B338C7462379B009
+PT=1CED06084E67BA4BAD3C331F4074B9FF
+
+I=353
+KEY=68AEF48D86D395583E3CD4CFC3CA5663AA6B9FCE7608CED2
+CT=1CED06084E67BA4BAD3C331F4074B9FF
+PT=C0D7811FE8630B3E7C3A60DA9042A6B2
+
+I=354
+KEY=670A8D40573F598AFEEB55D02BA95D5DD651FF14E64A6860
+CT=C0D7811FE8630B3E7C3A60DA9042A6B2
+PT=45F92C84CE2AEC6E7953C8AAC5901D0F
+
+I=355
+KEY=D44FD97B0D59C923BB127954E583B133AF0237BE23DA756F
+CT=45F92C84CE2AEC6E7953C8AAC5901D0F
+PT=23A4863C994EFE93E7CE1C89FE14143D
+
+I=356
+KEY=4E08C6A539C74A6598B6FF687CCD4FA048CC2B37DDCE6152
+CT=23A4863C994EFE93E7CE1C89FE14143D
+PT=85EB5F46988211E3077FDBE38F1EBE6B
+
+I=357
+KEY=21B17D5E461224B31D5DA02EE44F5E434FB3F0D452D0DF39
+CT=85EB5F46988211E3077FDBE38F1EBE6B
+PT=59CF6CCC81A8BC17A52D7550B40C7514
+
+I=358
+KEY=6CC595309F161F3E4492CCE265E7E254EA9E8584E6DCAA2D
+CT=59CF6CCC81A8BC17A52D7550B40C7514
+PT=13DF4C2AA74A4B9123B3A57FE94F85BE
+
+I=359
+KEY=77B90151B41B1B7D574D80C8C2ADA9C5C92D20FB0F932F93
+CT=13DF4C2AA74A4B9123B3A57FE94F85BE
+PT=6DEDE53AD5DC2A87744DA0EA561977A3
+
+I=360
+KEY=8E1683C57C1817C23AA065F217718342BD608011598A5830
+CT=6DEDE53AD5DC2A87744DA0EA561977A3
+PT=F9D912AAB5ED1ACBD0475411DF98F49C
+
+I=361
+KEY=E9FDD94AE4B4FABAC3797758A29C99896D27D4008612ACAC
+CT=F9D912AAB5ED1ACBD0475411DF98F49C
+PT=853C907D9FD35B61D2ABBE5C1A89DB4B
+
+I=362
+KEY=BCC524DF4D452AE14645E7253D4FC2E8BF8C6A5C9C9B77E7
+CT=853C907D9FD35B61D2ABBE5C1A89DB4B
+PT=874C4BC1993FBA12136443B57F9523BE
+
+I=363
+KEY=9F5EFA7196589240C109ACE4A47078FAACE829E9E30E5459
+CT=874C4BC1993FBA12136443B57F9523BE
+PT=E6B6E9133DD0EC2844EF3CC0C2F9E4AC
+
+I=364
+KEY=2F0731DB4FA3024127BF45F799A094D2E807152921F7B0F5
+CT=E6B6E9133DD0EC2844EF3CC0C2F9E4AC
+PT=20B41EE01134041DF8D11BB7F86928EA
+
+I=365
+KEY=7E44D240F06AAA5E070B5B17889490CF10D60E9ED99E981F
+CT=20B41EE01134041DF8D11BB7F86928EA
+PT=BF6B03096DCDC052B1325CC34BF6E56C
+
+I=366
+KEY=D8D3E3D538C8CA34B860581EE559509DA1E4525D92687D73
+CT=BF6B03096DCDC052B1325CC34BF6E56C
+PT=5ED3E40FB5C34DD1F370C3AD72C7C24D
+
+I=367
+KEY=F3DF20767CDA5E0CE6B3BC11509A1D4C529491F0E0AFBF3E
+CT=5ED3E40FB5C34DD1F370C3AD72C7C24D
+PT=3EA6BCE2317C5D696DF8240C481B34DD
+
+I=368
+KEY=484932A15D75173FD81500F361E640253F6CB5FCA8B48BE3
+CT=3EA6BCE2317C5D696DF8240C481B34DD
+PT=41D6E077746FE1A9307E1107631A5D2C
+
+I=369
+KEY=EF960956685DE1CE99C3E0841589A18C0F12A4FBCBAED6CF
+CT=41D6E077746FE1A9307E1107631A5D2C
+PT=D0C6DDEF0A623686BA303C278D445964
+
+I=370
+KEY=82477D8D682C1D4849053D6B1FEB970AB52298DC46EA8FAB
+CT=D0C6DDEF0A623686BA303C278D445964
+PT=EEFFA6025D6CAFBF9DC18E5B1B99A6ED
+
+I=371
+KEY=15D8DCF80A26856AA7FA9B69428738B528E316875D732946
+CT=EEFFA6025D6CAFBF9DC18E5B1B99A6ED
+PT=38E222ABAA07CDAE9CC02FAC84EC0FC1
+
+I=372
+KEY=556151278277D7579F18B9C2E880F51BB423392BD99F2687
+CT=38E222ABAA07CDAE9CC02FAC84EC0FC1
+PT=B00C719E6A320E4385794EB7F23C0D80
+
+I=373
+KEY=777F91003E4410572F14C85C82B2FB58315A779C2BA32B07
+CT=B00C719E6A320E4385794EB7F23C0D80
+PT=0E667CA932023D2EFD8DDBDED5A43D78
+
+I=374
+KEY=130507FC817F14432172B4F5B0B0C676CCD7AC42FE07167F
+CT=0E667CA932023D2EFD8DDBDED5A43D78
+PT=6B15DA892F0B5916F31BB74FC7D03F9A
+
+I=375
+KEY=D045A84BBF62DE2E4A676E7C9FBB9F603FCC1B0D39D729E5
+CT=6B15DA892F0B5916F31BB74FC7D03F9A
+PT=EBEF6DC298D63BF6E6E46F833B217033
+
+I=376
+KEY=7742FB68CDF60735A18803BE076DA496D928748E02F659D6
+CT=EBEF6DC298D63BF6E6E46F833B217033
+PT=48DC6F65F193AFCCE559EA6F04FBD79A
+
+I=377
+KEY=5CE32BC22C77B664E9546CDBF6FE0B5A3C719EE1060D8E4C
+CT=48DC6F65F193AFCCE559EA6F04FBD79A
+PT=D0596880F92716C51E41519C640AEFDA
+
+I=378
+KEY=2DA6B73C5131E24C390D045B0FD91D9F2230CF7D62076196
+CT=D0596880F92716C51E41519C640AEFDA
+PT=ABB7C3E499086F53C4DB97640168943B
+
+I=379
+KEY=E41C1A826978491892BAC7BF96D172CCE6EB5819636FF5AD
+CT=ABB7C3E499086F53C4DB97640168943B
+PT=0CC58B3D0370317E1025E1AF97962646
+
+I=380
+KEY=501012EE411DCDC59E7F4C8295A143B2F6CEB9B6F4F9D3EB
+CT=0CC58B3D0370317E1025E1AF97962646
+PT=28920AED2B644C4346FC146903887244
+
+I=381
+KEY=97B7E8C1147A5062B6ED466FBEC50FF1B032ADDFF771A1AF
+CT=28920AED2B644C4346FC146903887244
+PT=E7A28DA5EC871DAF8C2D196C7ED8977F
+
+I=382
+KEY=988B9928402BCD63514FCBCA5242125E3C1FB4B389A936D0
+CT=E7A28DA5EC871DAF8C2D196C7ED8977F
+PT=013876A92413AED2E360A241FE021B25
+
+I=383
+KEY=3432357430ACC9135077BD637651BC8CDF7F16F277AB2DF5
+CT=013876A92413AED2E360A241FE021B25
+PT=10F1A56A8CFDA1D5044D5D0E53F6A773
+
+I=384
+KEY=CE94F859CD3E85F440861809FAAC1D59DB324BFC245D8A86
+CT=10F1A56A8CFDA1D5044D5D0E53F6A773
+PT=941C717EE6642DD474719F099AEEB1EB
+
+I=385
+KEY=A1BFA52EA232FDF0D49A69771CC8308DAF43D4F5BEB33B6D
+CT=941C717EE6642DD474719F099AEEB1EB
+PT=F31B47230ABC94977E14E1080528C1C9
+
+I=386
+KEY=37B36A8E7A3B4F2A27812E541674A41AD15735FDBB9BFAA4
+CT=F31B47230ABC94977E14E1080528C1C9
+PT=A91264221890CA93541B662F64A11C62
+
+I=387
+KEY=04F603F98A9D1AC78E934A760EE46E89854C53D2DF3AE6C6
+CT=A91264221890CA93541B662F64A11C62
+PT=05F5171B639825EC67A37B3671F2F884
+
+I=388
+KEY=A294EBBBD53D18DD8B665D6D6D7C4B65E2EF28E4AEC81E42
+CT=05F5171B639825EC67A37B3671F2F884
+PT=B6FE84EB2987DE956953DEBA6FD2E029
+
+I=389
+KEY=E0E38A82F60E8EED3D98D98644FB95F08BBCF65EC11AFE6B
+CT=B6FE84EB2987DE956953DEBA6FD2E029
+PT=2741338CF00FBC70C4B1C67C97E85B97
+
+I=390
+KEY=2193D386143F6D761AD9EA0AB4F429804F0D302256F2A5FC
+CT=2741338CF00FBC70C4B1C67C97E85B97
+PT=E56C7C453E2E13028AD812F9CDB78E2F
+
+I=391
+KEY=05AD3BC4F1B29F17FFB5964F8ADA3A82C5D522DB9B452BD3
+CT=E56C7C453E2E13028AD812F9CDB78E2F
+PT=9A9B49AC0691F1576D515E935F042229
+
+I=392
+KEY=1588C005075F4674652EDFE38C4BCBD5A8847C48C44109FA
+CT=9A9B49AC0691F1576D515E935F042229
+PT=143E5F64AD38373D3B54FA24CC7C0AF5
+
+I=393
+KEY=731083CCCB22E7CF711080872173FCE893D0866C083D030F
+CT=143E5F64AD38373D3B54FA24CC7C0AF5
+PT=61F6AF426601588CB7C525255EC1A06D
+
+I=394
+KEY=DACEE3906B98DFC110E62FC54772A4642415A34956FCA362
+CT=61F6AF426601588CB7C525255EC1A06D
+PT=DB5DC1C3B3413F653D72F8744C2DD881
+
+I=395
+KEY=D9ACA0F56DCA4FC0CBBBEE06F4339B0119675B3D1AD17BE3
+CT=DB5DC1C3B3413F653D72F8744C2DD881
+PT=4E9D548DA49E992AD3123F53558909C9
+
+I=396
+KEY=12C2FE0C57D21C208526BA8B50AD022BCA75646E4F58722A
+CT=4E9D548DA49E992AD3123F53558909C9
+PT=EB2E835192E64ABC30C3F2662B703C47
+
+I=397
+KEY=7A43322D6174BA786E0839DAC24B4897FAB6960864284E6D
+CT=EB2E835192E64ABC30C3F2662B703C47
+PT=CD0690863F63F2B263D4C11190A7985B
+
+I=398
+KEY=EBC6D71978D39185A30EA95CFD28BA2599625719F48FD636
+CT=CD0690863F63F2B263D4C11190A7985B
+PT=C044E800B65CA78559D0642C370C7D3E
+
+I=399
+KEY=A1B6CE2EEC5FC386634A415C4B741DA0C0B23335C383AB08
+CT=C044E800B65CA78559D0642C370C7D3E
+PT=F1A81B68F6E5A6271A8CB24E7D9491EF
+
+=========================
+
+KEYSIZE=256
+
+I=0
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+CT=00000000000000000000000000000000
+PT=058CCFFDBBCB382D1F6F56585D8A4ADE
+
+I=1
+KEY=85C6B2BB2300148F945AEBF1F021CF79058CCFFDBBCB382D1F6F56585D8A4ADE
+CT=058CCFFDBBCB382D1F6F56585D8A4ADE
+PT=15173A0EB65F5CC05E704EFE61D9E346
+
+I=2
+KEY=2447EC44111548FBB670B98F182D5DEE109BF5F30D9464ED411F18A63C53A998
+CT=15173A0EB65F5CC05E704EFE61D9E346
+PT=85F083ACC676D91EDD1ABFB43935237A
+
+I=3
+KEY=85D3E1D750CAA89BEE274AA7C32C2207956B765FCBE2BDF39C05A71205668AE2
+CT=85F083ACC676D91EDD1ABFB43935237A
+PT=42C8F0ABC58E0BEAC32911D2DD9FA8C8
+
+I=4
+KEY=CE86B24954745B2BAAF27010202EE7FAD7A386F40E6CB6195F2CB6C0D8F9222A
+CT=42C8F0ABC58E0BEAC32911D2DD9FA8C8
+PT=5E44123D2CA07981B073BB2749F557D6
+
+I=5
+KEY=CD7BCBBA4555A0D034FD7B528A1D042C89E794C922CCCF98EF5F0DE7910C75FC
+CT=5E44123D2CA07981B073BB2749F557D6
+PT=8B649458EA90F4F7E13467E509B7F164
+
+I=6
+KEY=EF28DFAED7794B1C7B892F3C98FCDC9602830091C85C3B6F0E6B6A0298BB8498
+CT=8B649458EA90F4F7E13467E509B7F164
+PT=F240D1F579DA2CA8839F7072DF52EBA3
+
+I=7
+KEY=C66605EC92F96B49F08CBC6276A0DC68F0C3D164B18617C78DF41A7047E96F3B
+CT=F240D1F579DA2CA8839F7072DF52EBA3
+PT=B05297490A394B4A1736DE7F8DC12969
+
+I=8
+KEY=347403B6E6344E1525B8D2BD4DCA343F4091462DBBBF5C8D9AC2C40FCA284652
+CT=B05297490A394B4A1736DE7F8DC12969
+PT=8BA49D44B98E67501235CE1C2F26BB28
+
+I=9
+KEY=B932CD0C70488602C56F92A0DA57BE27CB35DB6902313BDD88F70A13E50EFD7A
+CT=8BA49D44B98E67501235CE1C2F26BB28
+PT=86CE4E4D040C49F2717407157454162E
+
+I=10
+KEY=28F8B6B4AB2B0B81F3676F6E422D438C4DFB9524063D722FF9830D06915AEB54
+CT=86CE4E4D040C49F2717407157454162E
+PT=4E9CA7FB0FF9F38FC821CA91052483F9
+
+I=11
+KEY=5CD19F4D3C5B58602B101E15B39F51E4036732DF09C481A031A2C797947E68AD
+CT=4E9CA7FB0FF9F38FC821CA91052483F9
+PT=55E49ED59245C1850CB0C17C1CEEA05E
+
+I=12
+KEY=E822BB0D1F25F3DCA6FE0CB1A8AF39F15683AC0A9B8140253D1206EB8890C8F3
+CT=55E49ED59245C1850CB0C17C1CEEA05E
+PT=F7F0BFA319AC289C9F64E6FCDD531B44
+
+I=13
+KEY=8B64FF354C6E303F14EA34C9F667FEC9A17313A9822D68B9A276E01755C3D3B7
+CT=F7F0BFA319AC289C9F64E6FCDD531B44
+PT=6ACB8A177226AE47E2170F77D2FE4923
+
+I=14
+KEY=1A9D440EBAC3F3625E229B66C5D9249CCBB899BEF00BC6FE4061EF60873D9A94
+CT=6ACB8A177226AE47E2170F77D2FE4923
+PT=BAA9BB819332A87D6004164927EAC699
+
+I=15
+KEY=97F92B9AD44A3182FF10E07747C560B37111223F63396E832065F929A0D75C0D
+CT=BAA9BB819332A87D6004164927EAC699
+PT=EB84793E2D68632900B0517392EC4B94
+
+I=16
+KEY=2AEEBA2AC59870A7B4274B80FE74D55A9A955B014E510DAA20D5A85A323B1799
+CT=EB84793E2D68632900B0517392EC4B94
+PT=6C662FBE2B22394CC1D45453772C72BA
+
+I=17
+KEY=EEA4B3C4F96C42E3B7DF5A3870C85B69F6F374BF657334E6E101FC0945176523
+CT=6C662FBE2B22394CC1D45453772C72BA
+PT=70D2BBC1FA7D49848D94112DA93A3C3C
+
+I=18
+KEY=F930D1529C654F31549809C6CD5CC4608621CF7E9F0E7D626C95ED24EC2D591F
+CT=70D2BBC1FA7D49848D94112DA93A3C3C
+PT=1AFF91E67039133946638E4E505310C2
+
+I=19
+KEY=5D0F461C1A5FF7BA5C93F0CED9DD49FF9CDE5E98EF376E5B2AF6636ABC7E49DD
+CT=1AFF91E67039133946638E4E505310C2
+PT=8E4358B22DE7BCDC8B8409E6250633BF
+
+I=20
+KEY=AA4B475845EB19F601856A40AB517594129D062AC2D0D287A1726A8C99787A62
+CT=8E4358B22DE7BCDC8B8409E6250633BF
+PT=2A79FE5A222C9503954346D6C15AC679
+
+I=21
+KEY=9703F4DD85A3BE85343FFD15950A266B38E4F870E0FC478434312C5A5822BC1B
+CT=2A79FE5A222C9503954346D6C15AC679
+PT=0FF812C5B863282C294D7069F830EE86
+
+I=22
+KEY=3DD1B2ACBC6568851E767D20D82AD324371CEAB5589F6FA81D7C5C33A012529D
+CT=0FF812C5B863282C294D7069F830EE86
+PT=D449218625DE49D2B9514E032CA096E7
+
+I=23
+KEY=95CC16235D3DFF4F7DB2116D2B380F39E355CB337D41267AA42D12308CB2C47A
+CT=D449218625DE49D2B9514E032CA096E7
+PT=F951EAC3BC78DB0AE13FDC33048D2D81
+
+I=24
+KEY=A6F55AFBDA7EA939F6F2A28530C416781A0421F0C139FD704512CE03883FE9FB
+CT=F951EAC3BC78DB0AE13FDC33048D2D81
+PT=7D5A03A955F6403F918AC915AC22B797
+
+I=25
+KEY=7C5D39885F4C0F4FCF672321B711C5B7675E225994CFBD4FD4980716241D5E6C
+CT=7D5A03A955F6403F918AC915AC22B797
+PT=CA2E1C274073AD2A3AE35C60ECA52A58
+
+I=26
+KEY=4E7B914B84BFA1A2D7BD409AFADD2EDCAD703E7ED4BC1065EE7B5B76C8B87434
+CT=CA2E1C274073AD2A3AE35C60ECA52A58
+PT=C5048FA0148CED10A06E107269DA9C95
+
+I=27
+KEY=F62D8C4822C5F89D51E3C68695D91CA66874B1DEC030FD754E154B04A162E8A1
+CT=C5048FA0148CED10A06E107269DA9C95
+PT=CB9B457A7A24577DA71AC335F0572DAB
+
+I=28
+KEY=C37AAD7CB20087F4B98390C59D3ECFB2A3EFF4A4BA14AA08E90F88315135C50A
+CT=CB9B457A7A24577DA71AC335F0572DAB
+PT=FA60BFF170DD30C29DF1807C1612CD67
+
+I=29
+KEY=1A2C6858B37D0341BF8796FB72D00B72598F4B55CAC99ACA74FE084D4727086D
+CT=FA60BFF170DD30C29DF1807C1612CD67
+PT=E2FACFB5DF4E69C911838FCC546D0C8E
+
+I=30
+KEY=039B73E3A8DCF3C678FBC246AAECDAECBB7584E01587F303657D8781134A04E3
+CT=E2FACFB5DF4E69C911838FCC546D0C8E
+PT=749AB2B9176AFDB8B6714DF44BBF2B58
+
+I=31
+KEY=773D90EA7ECA29DFD9141A42EB2BBC64CFEF365902ED0EBBD30CCA7558F52FBB
+CT=749AB2B9176AFDB8B6714DF44BBF2B58
+PT=0285E58D09A8D33FB196FD16A8DF37C0
+
+I=32
+KEY=598262B046B44784D977F6BE2553C6ACCD6AD3D40B45DD84629A3763F02A187B
+CT=0285E58D09A8D33FB196FD16A8DF37C0
+PT=1C952C46AE829D8805031A44F9D85521
+
+I=33
+KEY=AFAE657D3220CD1E6199A49754525F4AD1FFFF92A5C7400C67992D2709F24D5A
+CT=1C952C46AE829D8805031A44F9D85521
+PT=EED0A47E63FF354B4D9C53F7FD75D720
+
+I=34
+KEY=A61F583BCFD120B8CABE1E4C616F4FC73F2F5BECC63875472A057ED0F4879A7A
+CT=EED0A47E63FF354B4D9C53F7FD75D720
+PT=10C1F0F7C32AD36F03AEA8DCE6AAE7BC
+
+I=35
+KEY=FB76D4B83A7F50482A92F5A92CB60F522FEEAB1B0512A62829ABD60C122D7DC6
+CT=10C1F0F7C32AD36F03AEA8DCE6AAE7BC
+PT=372488DF6543180F1F2AE15E5B0C8785
+
+I=36
+KEY=35EAC2BA73F55570CB727220C027FE6218CA23C46051BE27368137524921FA43
+CT=372488DF6543180F1F2AE15E5B0C8785
+PT=3DE420FF3699D68DB69966F57D09045A
+
+I=37
+KEY=48B6E08B9FD9B5C130E1829CD4540D9C252E033B56C868AA801851A73428FE19
+CT=3DE420FF3699D68DB69966F57D09045A
+PT=7858F396DC520131C789CB8F8C919CCD
+
+I=38
+KEY=DB39C13F29241FF29C5BEB839705AD5B5D76F0AD8A9A699B47919A28B8B962D4
+CT=7858F396DC520131C789CB8F8C919CCD
+PT=07BE8BBF9FCD7D04888E61935DD7222F
+
+I=39
+KEY=A5F9B675531AB58C1FFC316C9359EA335AC87B121557149FCF1FFBBBE56E40FB
+CT=07BE8BBF9FCD7D04888E61935DD7222F
+PT=EDD619B7C12E2AF6BDAA953B2E7871EF
+
+I=40
+KEY=A02D1F14A64BBC67DD7EE9EAB3FB0EADB71E62A5D4793E6972B56E80CB163114
+CT=EDD619B7C12E2AF6BDAA953B2E7871EF
+PT=C748CDB645F1A1E44A63FAF00B2C3A45
+
+I=41
+KEY=177D7A6843B5ABBEB212E68734A7A05C7056AF1391889F8D38D69470C03A0B51
+CT=C748CDB645F1A1E44A63FAF00B2C3A45
+PT=BD3ED4C8CD7DBF4299AC63FE119D291E
+
+I=42
+KEY=BD9BDC6BD09DEED3E75C918BE55E5332CD687BDB5CF520CFA17AF78ED1A7224F
+CT=BD3ED4C8CD7DBF4299AC63FE119D291E
+PT=A16B82F958441E90A965427C854EECBB
+
+I=43
+KEY=E6325C33EC76F8EDE02707A3AE82F1096C03F92204B13E5F081FB5F254E9CEF4
+CT=A16B82F958441E90A965427C854EECBB
+PT=E04E642689D1AB78E7CDE26D0563901C
+
+I=44
+KEY=B8543DB3071AB9F0802D4106FBDA59648C4D9D048D609527EFD2579F518A5EE8
+CT=E04E642689D1AB78E7CDE26D0563901C
+PT=08E59C72C13C030DA3C50300861EA097
+
+I=45
+KEY=ECDD43A6B225DB325BFFE5462B66E97884A801764C5C962A4C17549FD794FE7F
+CT=08E59C72C13C030DA3C50300861EA097
+PT=C224B2EFEE07AAC33F1F6EB1295D9A50
+
+I=46
+KEY=741D627C8B47BED4497C71FDC9854912468CB399A25B3CE973083A2EFEC9642F
+CT=C224B2EFEE07AAC33F1F6EB1295D9A50
+PT=1653CE734D27B44369D4FE582E7A885F
+
+I=47
+KEY=A47BDC62B1D80815AC6BF04481C5601F50DF7DEAEF7C88AA1ADCC476D0B3EC70
+CT=1653CE734D27B44369D4FE582E7A885F
+PT=CADC89828B6147FAEC581DDCFF3C0960
+
+I=48
+KEY=CB91E738F51C111DAC2E0A3BF7B076A39A03F468641DCF50F684D9AA2F8FE510
+CT=CADC89828B6147FAEC581DDCFF3C0960
+PT=49402F0F4AFA2518D57C5D1CFCECC0F2
+
+I=49
+KEY=BDA1FFAEE7B93EDFCA4374871A149550D343DB672EE7EA4823F884B6D36325E2
+CT=49402F0F4AFA2518D57C5D1CFCECC0F2
+PT=EBFF53AB449DE5A53EDC6E595AA47B10
+
+I=50
+KEY=18D865B8E8C779268D3876C22AF479FB38BC88CC6A7A0FED1D24EAEF89C75EF2
+CT=EBFF53AB449DE5A53EDC6E595AA47B10
+PT=30073458509F9AC9DA21B2DF566AB3BE
+
+I=51
+KEY=967E2580238300563A34A6E70D84B4FF08BBBC943AE59524C7055830DFADED4C
+CT=30073458509F9AC9DA21B2DF566AB3BE
+PT=5AB9F90CC2A7603A68E2ACA95A2DE55D
+
+I=52
+KEY=A469A4E2F0B3847F3B52886FAD7DBAF652024598F842F51EAFE7F49985800811
+CT=5AB9F90CC2A7603A68E2ACA95A2DE55D
+PT=F22A13F395B6064172CA9DC572C26B2E
+
+I=53
+KEY=9EA4946ED73FF8BB8700C18967C01968A028566B6DF4F35FDD2D695CF742633F
+CT=F22A13F395B6064172CA9DC572C26B2E
+PT=26E44B9F3DEBA8EE3531DDFA42F1DC14
+
+I=54
+KEY=3D25EEEACEF18702FD3896283CFF8A8386CC1DF4501F5BB1E81CB4A6B5B3BF2B
+CT=26E44B9F3DEBA8EE3531DDFA42F1DC14
+PT=32D9F05174FFF34594E952B7ADE09737
+
+I=55
+KEY=8BF2A692F6A35980C0CF02FF4650871BB415EDA524E0A8F47CF5E6111853281C
+CT=32D9F05174FFF34594E952B7ADE09737
+PT=7BEF027DEB1FF22774CE8A8A101DD41B
+
+I=56
+KEY=C90BF0E1A8B615B4C8BD318260BB80AECFFAEFD8CFFF5AD3083B6C9B084EFC07
+CT=7BEF027DEB1FF22774CE8A8A101DD41B
+PT=CF6B2444DFBBFE5B6A1CA99F2D13DE9A
+
+I=57
+KEY=C2A4C82B4AAEE0A22315026C6FE396900091CB9C1044A4886227C504255D229D
+CT=CF6B2444DFBBFE5B6A1CA99F2D13DE9A
+PT=14AD8C7B0F0460A3F48D5CD2CFFB385C
+
+I=58
+KEY=BF76E610192E2AEF42FF8F487CDDC318143C47E71F40C42B96AA99D6EAA61AC1
+CT=14AD8C7B0F0460A3F48D5CD2CFFB385C
+PT=A5A850FC44A09C5985CE9661AF84F186
+
+I=59
+KEY=1E42AEC368C600F18CBFA305EB559946B194171B5BE0587213640FB74522EB47
+CT=A5A850FC44A09C5985CE9661AF84F186
+PT=E2895D416951FDA66B695ABFA313F89D
+
+I=60
+KEY=4E9BC121E32849DAA501BEA4E534D9C2531D4A5A32B1A5D4780D5508E63113DA
+CT=E2895D416951FDA66B695ABFA313F89D
+PT=91E93AAECC5FB253F7463F101B2A4132
+
+I=61
+KEY=ACC045A67F680F14D3F8DA454C922071C2F470F4FEEE17878F4B6A18FD1B52E8
+CT=91E93AAECC5FB253F7463F101B2A4132
+PT=F0F339022B4001E72F3BCC1A140603AD
+
+I=62
+KEY=4B47D2639B4A04D3C87D35DB4E63E563320749F6D5AE1660A070A602E91D5145
+CT=F0F339022B4001E72F3BCC1A140603AD
+PT=DBECAFF90EDD4555A5D9A23817520D51
+
+I=63
+KEY=C73B1C617BE90F2710DFF2C3AC60E0F9E9EBE60FDB73533505A9043AFE4F5C14
+CT=DBECAFF90EDD4555A5D9A23817520D51
+PT=73315A63A8889095AFED497AEFE657B4
+
+I=64
+KEY=7F368758F7B303DE356481ED8EBFA46F9ADABC6C73FBC3A0AA444D4011A90BA0
+CT=73315A63A8889095AFED497AEFE657B4
+PT=3AB7E2F81D24D857308A1FC785559333
+
+I=65
+KEY=6D7EF76412498AB3C70AA3006CC87188A06D5E946EDF1BF79ACE528794FC9893
+CT=3AB7E2F81D24D857308A1FC785559333
+PT=7EAA2814E372F674AB0B6E0E428D1AF4
+
+I=66
+KEY=D626AD50A7B86153BF9215A6A8F7E908DEC776808DADED8331C53C89D6718267
+CT=7EAA2814E372F674AB0B6E0E428D1AF4
+PT=ADD212A59AC9EF6A55AEAC22D35A1BFE
+
+I=67
+KEY=4B9C7ED9AC7835C87DAB8BEF3ED6878B73156425176402E9646B90AB052B9999
+CT=ADD212A59AC9EF6A55AEAC22D35A1BFE
+PT=203ECD34AE1BB2F23BC673DBD74FA07B
+
+I=68
+KEY=E34FBDEF9D81B464DD1138093F132051532BA911B97FB01B5FADE370D26439E2
+CT=203ECD34AE1BB2F23BC673DBD74FA07B
+PT=0A18AFD5EEBBD338299897EA1F01324C
+
+I=69
+KEY=77BD51D39775121C22343FFC66D40F0B593306C457C463237635749ACD650BAE
+CT=0A18AFD5EEBBD338299897EA1F01324C
+PT=2892A6AE9517642A0977942360FB8104
+
+I=70
+KEY=2761BF5478726AF184C86B45AE331A7E71A1A06AC2D307097F42E0B9AD9E8AAA
+CT=2892A6AE9517642A0977942360FB8104
+PT=8A4CD7685B9A1E663C3130C34BC418B9
+
+I=71
+KEY=DD168B81E90D806FF468BE5E551F3344FBED77029949196F4373D07AE65A9213
+CT=8A4CD7685B9A1E663C3130C34BC418B9
+PT=C7C0A15A1A22363B378D5DD27A69D4C2
+
+I=72
+KEY=3442C07C0E98F523F9278D934F424BD83C2DD658836B2F5474FE8DA89C3346D1
+CT=C7C0A15A1A22363B378D5DD27A69D4C2
+PT=55A8EF8CAE213FE3FD6AA77E7415400A
+
+I=73
+KEY=291BD1577921B2947BC470C19727F0BD698539D42D4A10B789942AD6E82606DB
+CT=55A8EF8CAE213FE3FD6AA77E7415400A
+PT=0B07BEB71461356645936996AC45EB87
+
+I=74
+KEY=46475B4C21F0F4895FEFCC67632DBCDC62828763392B25D1CC0743404463ED5C
+CT=0B07BEB71461356645936996AC45EB87
+PT=6DFA5978F740C18CEE6F70FF50008BFD
+
+I=75
+KEY=CF89BDDE5D363B3C44DB6FED2DAB47AA0F78DE1BCE6BE45D226833BF146366A1
+CT=6DFA5978F740C18CEE6F70FF50008BFD
+PT=6F58747F0336A2C4D2A397511E06D703
+
+I=76
+KEY=85F7D4A4503F7C3D52998384F8B29BEF6020AA64CD5D4699F0CBA4EE0A65B1A2
+CT=6F58747F0336A2C4D2A397511E06D703
+PT=32AC7B1B8FFA7D411F46C129EEFFAF13
+
+I=77
+KEY=CDE87D2DFB6198CFC737D93433419757528CD17F42A73BD8EF8D65C7E49A1EB1
+CT=32AC7B1B8FFA7D411F46C129EEFFAF13
+PT=CF5D039714814E72ECE7B9D5D1B27D11
+
+I=78
+KEY=BCB9F75F11496AABFE2633E393B59B449DD1D2E8562675AA036ADC12352863A0
+CT=CF5D039714814E72ECE7B9D5D1B27D11
+PT=3455F997002A1818967E2679A07C1D56
+
+I=79
+KEY=99E143B3524E724A009533AEC659E15BA9842B7F560C6DB29514FA6B95547EF6
+CT=3455F997002A1818967E2679A07C1D56
+PT=1F2113D44E290F1379A3CEC6D57D6279
+
+I=80
+KEY=90086C83794D6878FF2CE748ECA6EDF4B6A538AB182562A1ECB734AD40291C8F
+CT=1F2113D44E290F1379A3CEC6D57D6279
+PT=88866DB676AA3B21954AFDE0A0F33007
+
+I=81
+KEY=FA254EB868F6CD5965346ACAE326BD2A3E23551D6E8F598079FDC94DE0DA2C88
+CT=88866DB676AA3B21954AFDE0A0F33007
+PT=A1665AD0252764E2691E65FEFB609CDA
+
+I=82
+KEY=92032C92FEEB0A5CD5D71AAF1BF5F47D9F450FCD4BA83D6210E3ACB31BBAB052
+CT=A1665AD0252764E2691E65FEFB609CDA
+PT=988CE348430A206546379A8C684C00F1
+
+I=83
+KEY=CF32144187F7B98256B5B4204DFABC8807C9EC8508A21D0756D4363F73F6B0A3
+CT=988CE348430A206546379A8C684C00F1
+PT=60289F0B6A9ADD08BF8924AA6D7F4D12
+
+I=84
+KEY=A7BD244360E3C325F3EA315C86959DD867E1738E6238C00FE95D12951E89FDB1
+CT=60289F0B6A9ADD08BF8924AA6D7F4D12
+PT=FA3EA122499D7E083D81F147D9D68B09
+
+I=85
+KEY=86213610EDC35A883A3364E8D529C6459DDFD2AC2BA5BE07D4DCE3D2C75F76B8
+CT=FA3EA122499D7E083D81F147D9D68B09
+PT=8E0B2452EF0515FC554A0AADF107714D
+
+I=86
+KEY=92CC3AE4A2A68CD93634075E902C66CB13D4F6FEC4A0ABFB8196E97F365807F5
+CT=8E0B2452EF0515FC554A0AADF107714D
+PT=463CEAE83A50BA54280E792AB6B29B94
+
+I=87
+KEY=6D86FA00DBB949A29D4A6166F1EF531E55E81C16FEF011AFA998905580EA9C61
+CT=463CEAE83A50BA54280E792AB6B29B94
+PT=416CA710B874E50CC98DF842B3435AD1
+
+I=88
+KEY=C9400C98A04F5041BE1C6090A866F7DA1484BB064684F4A36015681733A9C6B0
+CT=416CA710B874E50CC98DF842B3435AD1
+PT=3BA8BB5C572C0404E4B8199528825904
+
+I=89
+KEY=ED5043E9699B37844033E8BD170588342F2C005A11A8F0A784AD71821B2B9FB4
+CT=3BA8BB5C572C0404E4B8199528825904
+PT=1D2812DE70AA2D59894DA4DA7FE906FC
+
+I=90
+KEY=1964C6C301EEEF60B34E8E35175CAF8D320412846102DDFE0DE0D55864C29948
+CT=1D2812DE70AA2D59894DA4DA7FE906FC
+PT=2735CAAFE653442FFC2E878AE2829998
+
+I=91
+KEY=567B1E0737D0F72F82EB3A47D17209191531D82B875199D1F1CE52D2864000D0
+CT=2735CAAFE653442FFC2E878AE2829998
+PT=07B5FA4835E5DFC67E02F490A497145D
+
+I=92
+KEY=89AAD6DCA6A8973580D02768EBC8372412842263B2B446178FCCA64222D7148D
+CT=07B5FA4835E5DFC67E02F490A497145D
+PT=A31272EC8623213B015811FAE12330CE
+
+I=93
+KEY=4B4AB47A0DBA39907D8E919767E69518B196508F3497672C8E94B7B8C3F42443
+CT=A31272EC8623213B015811FAE12330CE
+PT=9132AB51C9738A62CABDE4977947E0BF
+
+I=94
+KEY=BEC71999AEE5517C243B65830D30DEBB20A4FBDEFDE4ED4E4429532FBAB3C4FC
+CT=9132AB51C9738A62CABDE4977947E0BF
+PT=689375EA83B61894631E6EFA2D509531
+
+I=95
+KEY=77CE2C97A458300D7C95C6871CEB56D648378E347E52F5DA27373DD597E351CD
+CT=689375EA83B61894631E6EFA2D509531
+PT=AAA5C6C5917DFC103383DE6C79EB2BA6
+
+I=96
+KEY=0AD691774612F7EFA41FE39B8B3A2D14E29248F1EF2F09CA14B4E3B9EE087A6B
+CT=AAA5C6C5917DFC103383DE6C79EB2BA6
+PT=29D9945BDB3770ED2A41D2760D0DC51D
+
+I=97
+KEY=4E1D42ADC4CEF6BAE3A5B9E08F7ACD65CB4BDCAA341879273EF531CFE305BF76
+CT=29D9945BDB3770ED2A41D2760D0DC51D
+PT=2F9B3C4E1FDCDC8F7D5DFBEA342284F2
+
+I=98
+KEY=2D76A3E35C075DB14E40A59F46E07A81E4D0E0E42BC4A5A843A8CA25D7273B84
+CT=2F9B3C4E1FDCDC8F7D5DFBEA342284F2
+PT=ED4CFCF1C8D226EBACCC8FF11B1C81B8
+
+I=99
+KEY=E7364D0D17D723A69C0BA956778BD0E9099C1C15E3168343EF6445D4CC3BBA3C
+CT=ED4CFCF1C8D226EBACCC8FF11B1C81B8
+PT=2F9B5E1392B767E8497F849D00E98193
+
+I=100
+KEY=709380C7012CB4272A69F6D4936B163E2607420671A1E4ABA61BC149CCD23BAF
+CT=2F9B5E1392B767E8497F849D00E98193
+PT=3BE783A4A38EFB44150AA7A08E1888F6
+
+I=101
+KEY=98FF27B8AB7B91F690231E24608076EF1DE0C1A2D22F1FEFB31166E942CAB359
+CT=3BE783A4A38EFB44150AA7A08E1888F6
+PT=F35AED9C83E53D2EADDE507345096218
+
+I=102
+KEY=24F9D2FF633EE9AAED7321CFCF4D1D20EEBA2C3E51CA22C11ECF369A07C3D141
+CT=F35AED9C83E53D2EADDE507345096218
+PT=A22BF93FD521A6E59C196022FF252DC2
+
+I=103
+KEY=70E491840BC5C42A878655E18E9AAAA74C91D50184EB842482D656B8F8E6FC83
+CT=A22BF93FD521A6E59C196022FF252DC2
+PT=11E67B52F8CD97D63268485EB546E1FE
+
+I=104
+KEY=098FF2D6DE55FF5C66D5AD7D5949643A5D77AE537C2613F2B0BE1EE64DA01D7D
+CT=11E67B52F8CD97D63268485EB546E1FE
+PT=1E67AF3F7E7FDEFB868696E96F718ACC
+
+I=105
+KEY=B89EA7CBAE57B8AD39F23B22A8F651A44310016C0259CD093638880F22D197B1
+CT=1E67AF3F7E7FDEFB868696E96F718ACC
+PT=332B0045710B2DD6EC3D619051580C7F
+
+I=106
+KEY=39F71BC56EBFA91088499DC41A0C5B5B703B01297352E0DFDA05E99F73899BCE
+CT=332B0045710B2DD6EC3D619051580C7F
+PT=86F3D75D18F7AB31C6C52C19B0C35023
+
+I=107
+KEY=417147DB03FDA0B26BEED7FE8A9487D5F6C8D6746BA54BEE1CC0C586C34ACBED
+CT=86F3D75D18F7AB31C6C52C19B0C35023
+PT=452E6C2DA8B93A1E282F1A86AECB9F15
+
+I=108
+KEY=C4336C26C20AD7811578044800A51E8EB3E6BA59C31C71F034EFDF006D8154F8
+CT=452E6C2DA8B93A1E282F1A86AECB9F15
+PT=637F010BAC28AC108331F4E26B262D3A
+
+I=109
+KEY=D0369C75D40EEF29CF7588FB87EE2ED2D099BB526F34DDE0B7DE2BE206A779C2
+CT=637F010BAC28AC108331F4E26B262D3A
+PT=3F3DCA8B4C2DDFD556880A17FB575E7B
+
+I=110
+KEY=4DE25218630A678C287EC42F93985D22EFA471D923190235E15621F5FDF027B9
+CT=3F3DCA8B4C2DDFD556880A17FB575E7B
+PT=3DA8C1D40B51A8BC6E728D7A1E6B3B2E
+
+I=111
+KEY=C0526C3096805B532433C0248E153A00D20CB00D2848AA898F24AC8FE39B1C97
+CT=3DA8C1D40B51A8BC6E728D7A1E6B3B2E
+PT=449B050578191E4C156F7040EF27D5EC
+
+I=112
+KEY=6A1B7384328BAA25B6A857FB12A90FD49697B5085051B4C59A4BDCCF0CBCC97B
+CT=449B050578191E4C156F7040EF27D5EC
+PT=D58ACA128F936803BDD5EC1E6DECAB04
+
+I=113
+KEY=44B7F3EB0EF0EF4325353D30F35C4D71431D7F1ADFC2DCC6279E30D16150627F
+CT=D58ACA128F936803BDD5EC1E6DECAB04
+PT=77F1011F968AD46338CA68D5DF37959E
+
+I=114
+KEY=E1E6BBD70AEAC4D65159422B3DFE82DF34EC7E05494808A51F545804BE67F7E1
+CT=77F1011F968AD46338CA68D5DF37959E
+PT=FC692161766A29C9E6A86C353E2F3FE5
+
+I=115
+KEY=5C33A88179175BB12593D6574245A6A6C8855F643F22216CF9FC34318048C804
+CT=FC692161766A29C9E6A86C353E2F3FE5
+PT=F5FD2F77BC4908F470142417048C6233
+
+I=116
+KEY=E6A3CDD47570AEC4FC3B3453F78F253F3D787013836B299889E8102684C4AA37
+CT=F5FD2F77BC4908F470142417048C6233
+PT=FBDC2774D7E426CBD8B62ABD0E0EAA6F
+
+I=117
+KEY=4F5B3EDC53366D4C74D94663E17CBDB6C6A45767548F0F53515E3A9B8ACA0058
+CT=FBDC2774D7E426CBD8B62ABD0E0EAA6F
+PT=796D978C9D724C1C9445EC5BD272CEB0
+
+I=118
+KEY=9119AD19E78100B3D04BED87FF5C22B5BFC9C0EBC9FD434FC51BD6C058B8CEE8
+CT=796D978C9D724C1C9445EC5BD272CEB0
+PT=15ECF7D3F516D3CBA0307959287A5BAB
+
+I=119
+KEY=600B4D7604FF2650611C453A50D02275AA2537383CEB9084652BAF9970C29543
+CT=15ECF7D3F516D3CBA0307959287A5BAB
+PT=DA67996084E9C74C143310FC3CF207DD
+
+I=120
+KEY=3B8E0B73BBF745BB360EA50E7DA9B3297042AE58B80257C87118BF654C30929E
+CT=DA67996084E9C74C143310FC3CF207DD
+PT=6E9BC50580D45D54FEEC74830C0D9516
+
+I=121
+KEY=231592D0CE761359AE2E85CC4E4156A01ED96B5D38D60A9C8FF4CBE6403D0788
+CT=6E9BC50580D45D54FEEC74830C0D9516
+PT=A4B0F6A50C72C5EE755FA5595334DF2E
+
+I=122
+KEY=7ABD82D278910B909B0D6219EF5E0D98BA699DF834A4CF72FAAB6EBF1309D8A6
+CT=A4B0F6A50C72C5EE755FA5595334DF2E
+PT=24CDAEEB54A1EB7E2D4A0BEE526EA6E0
+
+I=123
+KEY=5C8F7B23850BD287F011E257D691F8979EA433136005240CD7E1655141677E46
+CT=24CDAEEB54A1EB7E2D4A0BEE526EA6E0
+PT=84F24CDC0AA63CEA2DDE8F94C8776765
+
+I=124
+KEY=DF8EEE46309021F6E7D7D41908B6CABE1A567FCF6AA318E6FA3FEAC589101923
+CT=84F24CDC0AA63CEA2DDE8F94C8776765
+PT=EEA20542DEDB0B99A2144942FFEAC820
+
+I=125
+KEY=8634A663D618B3BB54F44A5849170ACDF4F47A8DB478137F582BA38776FAD103
+CT=EEA20542DEDB0B99A2144942FFEAC820
+PT=CDD91737753BE9F672A60DD722202127
+
+I=126
+KEY=E41913E97F21A4E6A948ABEB45279E0D392D6DBAC143FA892A8DAE5054DAF024
+CT=CDD91737753BE9F672A60DD722202127
+PT=E6E2F7846E06BB90F19B21521DD4D238
+
+I=127
+KEY=1E63624B5EADBE7D42255F208CC7D348DFCF9A3EAF454119DB168F02490E221C
+CT=E6E2F7846E06BB90F19B21521DD4D238
+PT=0110CA2647D43C8BD012976113EFB860
+
+I=128
+KEY=8476329019AA4D0D91C71E0DFFF47906DEDF5018E8917D920B0418635AE19A7C
+CT=0110CA2647D43C8BD012976113EFB860
+PT=CC9AACC98876387D09565F1A20D329AF
+
+I=129
+KEY=DB1C0803BC1AD91C5621FA8C54AA83EF1245FCD160E745EF025247797A32B3D3
+CT=CC9AACC98876387D09565F1A20D329AF
+PT=55AB296D67DEEBA179AD8093C1952CC2
+
+I=130
+KEY=5C0887FF7C888D7800C43BC9E88D9B3B47EED5BC0739AE4E7BFFC7EABBA79F11
+CT=55AB296D67DEEBA179AD8093C1952CC2
+PT=27016691505182706848CD5D7A2C5CAB
+
+I=131
+KEY=0FFBE12ADFA17F3BF26622C20311D38960EFB32D57682C3E13B70AB7C18BC3BA
+CT=27016691505182706848CD5D7A2C5CAB
+PT=5E6C9FAF480FFE51D7687ADE203D5367
+
+I=132
+KEY=C4C12330BC21062618E2E83EC3755DAC3E832C821F67D26FC4DF7069E1B690DD
+CT=5E6C9FAF480FFE51D7687ADE203D5367
+PT=082FF20DC6AFBA3888348E5724F5C526
+
+I=133
+KEY=3F6BF56A0136C1058924FCD831A65EBC36ACDE8FD9C868574CEBFE3EC54355FB
+CT=082FF20DC6AFBA3888348E5724F5C526
+PT=67AE68CDDA349A067339F28FA216A188
+
+I=134
+KEY=4AB9E8E9B5BB84353006AB43065C6B8F5102B64203FCF2513FD20CB16755F473
+CT=67AE68CDDA349A067339F28FA216A188
+PT=3316F37F97D679B78A537A0E107923AB
+
+I=135
+KEY=E04DE045508423D735B20168C7974CC26214453D942A8BE6B58176BF772CD7D8
+CT=3316F37F97D679B78A537A0E107923AB
+PT=00AEB331686999C5F5FB1E7C6CCF1072
+
+I=136
+KEY=D4D19E570760468E9703F0E49C4AC9F262BAF60CFC431223407A68C31BE3C7AA
+CT=00AEB331686999C5F5FB1E7C6CCF1072
+PT=29A5DB93D2AE9B1ED9714213EAD9AA1C
+
+I=137
+KEY=6D6789354D2CC3EFA9ABFC466F21A6E24B1F2D9F2EED893D990B2AD0F13A6DB6
+CT=29A5DB93D2AE9B1ED9714213EAD9AA1C
+PT=E98426CB0F858A084EB66311188D9200
+
+I=138
+KEY=06ED66801B81943BF1640AAE222A23C7A29B0B5421680335D7BD49C1E9B7FFB6
+CT=E98426CB0F858A084EB66311188D9200
+PT=21527326577425261F2D40268C428E29
+
+I=139
+KEY=2232758279A806C21870C85273C12FA883C97872761C2613C89009E765F5719F
+CT=21527326577425261F2D40268C428E29
+PT=CC9393A43B8A8194C0EC29F989E597A6
+
+I=140
+KEY=E7E22C2A6E6D4A1BFE7B706047094AF44F5AEBD64D96A787087C201EEC10E639
+CT=CC9393A43B8A8194C0EC29F989E597A6
+PT=714846062B262A823B24164900DF91AD
+
+I=141
+KEY=89A78F64BCAEE02CAC92928134C2567C3E12ADD066B08D0533583657ECCF7794
+CT=714846062B262A823B24164900DF91AD
+PT=1D0AC79D1E9BB36A6A6A8E49538C08FF
+
+I=142
+KEY=4F6E8D81296C95FAA0FE6F2D324A392223186A4D782B3E6F5932B81EBF437F6B
+CT=1D0AC79D1E9BB36A6A6A8E49538C08FF
+PT=403D8B10E0AB31493589AFFA8E8B1BEE
+
+I=143
+KEY=24E398291CF018E4666728F4F635F74D6325E15D98800F266CBB17E431C86485
+CT=403D8B10E0AB31493589AFFA8E8B1BEE
+PT=9E0516EDA401DAAF6AC013841C0D63C8
+
+I=144
+KEY=F80CF8AF1FA463D2ED7C7F59C1B239B0FD20F7B03C81D589067B04602DC5074D
+CT=9E0516EDA401DAAF6AC013841C0D63C8
+PT=74B2B200922B21AA20A0C5860CFB7E4D
+
+I=145
+KEY=577A5456424E1A76C3E113EB82CCDF34899245B0AEAAF42326DBC1E6213E7900
+CT=74B2B200922B21AA20A0C5860CFB7E4D
+PT=25AFF27E13888A638CDA2673D7F16AFD
+
+I=146
+KEY=7C623BBD4777E6EF9BC058DF5BA27BEAAC3DB7CEBD227E40AA01E795F6CF13FD
+CT=25AFF27E13888A638CDA2673D7F16AFD
+PT=A54F400AB9C52913D7302BA36BF217DD
+
+I=147
+KEY=A8B33E433720C4B925C4F0315DDB73B00972F7C404E757537D31CC369D3D0420
+CT=A54F400AB9C52913D7302BA36BF217DD
+PT=48A263A07112AA95EA1414CE03545790
+
+I=148
+KEY=DA864B91AED3E2FAC25782F4A50C13C841D0946475F5FDC69725D8F89E6953B0
+CT=48A263A07112AA95EA1414CE03545790
+PT=541547E924522E59C1721D130B64D92F
+
+I=149
+KEY=EEB5FF6F9C435510E12934F5E806553E15C5D38D51A7D39F5657C5EB950D8A9F
+CT=541547E924522E59C1721D130B64D92F
+PT=5830544939EB4607145538388840248B
+
+I=150
+KEY=24E609AD29E4C601189CB2FE119767884DF587C4684C95984202FDD31D4DAE14
+CT=5830544939EB4607145538388840248B
+PT=CBE1F82FD3318448AA36ADB5967EF865
+
+I=151
+KEY=5A7EBB76C38C2E5F038612A06E84BB2C86147FEBBB7D11D0E83450668B335671
+CT=CBE1F82FD3318448AA36ADB5967EF865
+PT=3B104547D2D620879E3CB2B5774C0FB4
+
+I=152
+KEY=827EFCB7BC862C2466B8C79FC297AD3DBD043AAC69AB31577608E2D3FC7F59C5
+CT=3B104547D2D620879E3CB2B5774C0FB4
+PT=B667F7544FE49A07611A160E3312F69A
+
+I=153
+KEY=9BC6C18805144F98CAEA7B252B3EE2930B63CDF8264FAB501712F4DDCF6DAF5F
+CT=B667F7544FE49A07611A160E3312F69A
+PT=C3E928FDEB5D7DDF7CF32C4DBCFE32F3
+
+I=154
+KEY=2BC00DF6D26F9A968C3BFF47AE761718C88AE505CD12D68F6BE1D89073939DAC
+CT=C3E928FDEB5D7DDF7CF32C4DBCFE32F3
+PT=72A9CF7AA2EDAF1907D77D10A02A45DE
+
+I=155
+KEY=15A0EE054E2D5E7EDCF3FC766860ACCDBA232A7F6FFF79966C36A580D3B9D872
+CT=72A9CF7AA2EDAF1907D77D10A02A45DE
+PT=97ABFAAD506940F88FDC8F55AD7EA919
+
+I=156
+KEY=C56C11F3A96852119C16751963C24CD42D88D0D23F96396EE3EA2AD57EC7716B
+CT=97ABFAAD506940F88FDC8F55AD7EA919
+PT=DD55A02B1EB01EB091CA6337D0BEB5BD
+
+I=157
+KEY=8634CC7B3416FCE337AAFA39791D1545F0DD70F9212627DE722049E2AE79C4D6
+CT=DD55A02B1EB01EB091CA6337D0BEB5BD
+PT=C5EB3DF5A328B267F3895CECD4A828AF
+
+I=158
+KEY=DDC1361E1432CCAC3551E2478A321A0035364D0C820E95B981A9150E7AD1EC79
+CT=C5EB3DF5A328B267F3895CECD4A828AF
+PT=49952DACD97FD5583A7D9C4FF515EC17
+
+I=159
+KEY=52658EEC2A7441D866CFA15944BB12857CA360A05B7140E1BBD489418FC4006E
+CT=49952DACD97FD5583A7D9C4FF515EC17
+PT=4971EEEF871E935AC470BD770802B04B
+
+I=160
+KEY=05FC7A181B1935EA8DCEC961B0DFC14B35D28E4FDC6FD3BB7FA4343687C6B025
+CT=4971EEEF871E935AC470BD770802B04B
+PT=3DB5E9165C24EC3790DC3E53E5E5D2DE
+
+I=161
+KEY=8D2793B7BDCF80338AA39C86008361BC08676759804B3F8CEF780A65622362FB
+CT=3DB5E9165C24EC3790DC3E53E5E5D2DE
+PT=1FDB5D4FBB59F082B3B617C8A23734F1
+
+I=162
+KEY=37BE37961B77866869826907BB9E9C1717BC3A163B12CF0E5CCE1DADC014560A
+CT=1FDB5D4FBB59F082B3B617C8A23734F1
+PT=8C59775AD3FF7C337B22C8E785321E25
+
+I=163
+KEY=F3184EA1C8FFE3D436BEE076AA999B659BE54D4CE8EDB33D27ECD54A4526482F
+CT=8C59775AD3FF7C337B22C8E785321E25
+PT=0CB834FCC0CFDAECAF4AFC5A2E38DF23
+
+I=164
+KEY=CACF50D99B066EB84CBFAEEC9B0D6769975D79B0282269D188A629106B1E970C
+CT=0CB834FCC0CFDAECAF4AFC5A2E38DF23
+PT=229EB7B6A97D91921BCD8C95A0D7C17B
+
+I=165
+KEY=3FA80E4FB785B9FC3B058CC62D289958B5C3CE06815FF843936BA585CBC95677
+CT=229EB7B6A97D91921BCD8C95A0D7C17B
+PT=0D7692C281DD4FF35D9B1620E1385C34
+
+I=166
+KEY=CE2A3A893C96A4F1AA81AD52EBCC3C23B8B55CC40082B7B0CEF0B3A52AF10A43
+CT=0D7692C281DD4FF35D9B1620E1385C34
+PT=D3C5FE594F5C8C5A359235448EB20146
+
+I=167
+KEY=FC8642DB8CB42D1B1251CB7FE6AFF90D6B70A29D4FDE3BEAFB6286E1A4430B05
+CT=D3C5FE594F5C8C5A359235448EB20146
+PT=8C0F88460C700D96847249807B84223F
+
+I=168
+KEY=2A9C9FD184A5B2418FD415A228A5C0AFE77F2ADB43AE367C7F10CF61DFC7293A
+CT=8C0F88460C700D96847249807B84223F
+PT=5A4237A5C2DABDCDA6389D5FC66032F6
+
+I=169
+KEY=FDB533163E989D2FA32CCA5D3CC5D376BD3D1D7E81748BB1D928523E19A71BCC
+CT=5A4237A5C2DABDCDA6389D5FC66032F6
+PT=BF8AAC6B1536CCCCECCC9D6BE970EB3E
+
+I=170
+KEY=3C4B3CF0FD0C4292B2497175D4400F8902B7B1159442477D35E4CF55F0D7F0F2
+CT=BF8AAC6B1536CCCCECCC9D6BE970EB3E
+PT=97CE58407FD26D63C86765CB05EA6277
+
+I=171
+KEY=367862F3E2C5520EA2269392B6139E9C9579E955EB902A1EFD83AA9EF53D9285
+CT=97CE58407FD26D63C86765CB05EA6277
+PT=B411687B044B624077A92D8C130697B9
+
+I=172
+KEY=0300AF491DAF6C607417FB1FD9B1EC612168812EEFDB485E8A2A8712E63B053C
+CT=B411687B044B624077A92D8C130697B9
+PT=D22E92A5132EA85F4FB25EE19C248008
+
+I=173
+KEY=7C92EF49A7D27E97F1884299B635F0ADF346138BFCF5E001C598D9F37A1F8534
+CT=D22E92A5132EA85F4FB25EE19C248008
+PT=FD6817CD680A2A8CE93E4B4F9CAA72AA
+
+I=174
+KEY=80EABB1D8C9B5F769FCAC87ED8D0C9CA0E2E044694FFCA8D2CA692BCE6B5F79E
+CT=FD6817CD680A2A8CE93E4B4F9CAA72AA
+PT=8DDD9B3B9278D2DE3453EA6769E1C39C
+
+I=175
+KEY=FB345E2D7BBBED527259FAEAEA79C05D83F39F7D0687185318F578DB8F543402
+CT=8DDD9B3B9278D2DE3453EA6769E1C39C
+PT=AE69F5CD8D342E74113E979ACE3539F2
+
+I=176
+KEY=7D93DC33FF2266770291160CD317C65E2D9A6AB08BB3362709CBEF4141610DF0
+CT=AE69F5CD8D342E74113E979ACE3539F2
+PT=30E19A4E84997172486DAE4FB4C41E58
+
+I=177
+KEY=82362FF3E9C1AD93474CF4CABD354E7E1D7BF0FE0F2A475541A6410EF5A513A8
+CT=30E19A4E84997172486DAE4FB4C41E58
+PT=75B3D07617EB189512DC5161908940C1
+
+I=178
+KEY=8EFD0FCB3855CCC16BD919FBD17596C768C8208818C15FC0537A106F652C5369
+CT=75B3D07617EB189512DC5161908940C1
+PT=FD13E89107FAFA44998721AD726C620F
+
+I=179
+KEY=2299D22282C798107F489637DCD479C395DBC8191F3BA584CAFD31C217403166
+CT=FD13E89107FAFA44998721AD726C620F
+PT=C1B0210C0387864717BD7D02063B6A69
+
+I=180
+KEY=75E05597A2BBDF23E5BD172C83548C9B546BE9151CBC23C3DD404CC0117B5B0F
+CT=C1B0210C0387864717BD7D02063B6A69
+PT=0E442B38E9024CCA5DC43A7B8D5F6FCF
+
+I=181
+KEY=4DBC8DCB8C25B5F4AD374BA3064216555A2FC22DF5BE6F09808476BB9C2434C0
+CT=0E442B38E9024CCA5DC43A7B8D5F6FCF
+PT=8FD213EC19D62FD2C19E6C91B97E56A0
+
+I=182
+KEY=E393BAD07E955EBC1446B847DE5A891ED5FDD1C1EC6840DB411A1A2A255A6260
+CT=8FD213EC19D62FD2C19E6C91B97E56A0
+PT=F52ADFD33A68EE198F33708E676D0CE9
+
+I=183
+KEY=3F33A76F87DB0388C2D66C7F2EFAA1B820D70E12D600AEC2CE296AA442376E89
+CT=F52ADFD33A68EE198F33708E676D0CE9
+PT=7649EB4283505EEEE1BE16DB6677B3F5
+
+I=184
+KEY=04BC65DE70C9E01EEEDA5A507C218C8D569EE5505550F02C2F977C7F2440DD7C
+CT=7649EB4283505EEEE1BE16DB6677B3F5
+PT=6FB1C4AD8A5B8A606621A8BF4277F3DC
+
+I=185
+KEY=8A6EF9710F4AE10EB60C8D25A8F67C50392F21FDDF0B7A4C49B6D4C066372EA0
+CT=6FB1C4AD8A5B8A606621A8BF4277F3DC
+PT=22C2CF9572D708F688291056E2F8E120
+
+I=186
+KEY=ED6D084D5F8AA4F201F9C20EA26A90E81BEDEE68ADDC72BAC19FC49684CFCF80
+CT=22C2CF9572D708F688291056E2F8E120
+PT=28AC7257911ECEB549D910BFA0905AE5
+
+I=187
+KEY=BA2735927D6A76B952C08A219FBB572233419C3F3CC2BC0F8846D429245F9565
+CT=28AC7257911ECEB549D910BFA0905AE5
+PT=2A1F3842DF988CDA0C6415450A657DB2
+
+I=188
+KEY=53BCC06CCCBC31A5BEE2CE88E6EAEFAC195EA47DE35A30D58422C16C2E3AE8D7
+CT=2A1F3842DF988CDA0C6415450A657DB2
+PT=6055EB3A24DE4D87C6BA5073A5BAC919
+
+I=189
+KEY=DF88C3CEC31C7B88D8AC0C7AAA2CED99790B4F47C7847D524298911F8B8021CE
+CT=6055EB3A24DE4D87C6BA5073A5BAC919
+PT=CC051CCD37068B41935FD14538DFEF82
+
+I=190
+KEY=265B351B93FF456D5A1EAADD2BEA1296B50E538AF082F613D1C7405AB35FCE4C
+CT=CC051CCD37068B41935FD14538DFEF82
+PT=225B63F455DD72EC87CF6FD5DF0FDAF3
+
+I=191
+KEY=BAC4C541E0A693CF8A3892A82F67CD959755307EA55F84FF56082F8F6C5014BF
+CT=225B63F455DD72EC87CF6FD5DF0FDAF3
+PT=64027F6B72F0A11628F66D5C502658E8
+
+I=192
+KEY=E8F68EF4909A128F331DFEFAE8560EBCF3574F15D7AF25E97EFE42D33C764C57
+CT=64027F6B72F0A11628F66D5C502658E8
+PT=529AAF9163EDA1BC39E66D2556BE938B
+
+I=193
+KEY=1951B1A50BED04096C17E816D4EC6225A1CDE084B442845547182FF66AC8DFDC
+CT=529AAF9163EDA1BC39E66D2556BE938B
+PT=F93E85D98EB9BDDD7D3844421235FBAB
+
+I=194
+KEY=D39AF070909FBC0E3226E28041B0286158F3655D3AFB39883A206BB478FD2477
+CT=F93E85D98EB9BDDD7D3844421235FBAB
+PT=16B6B3CC08003BA36C9E84B1EE9CD7CC
+
+I=195
+KEY=B705C6CCD010B980E386B8690C83E96C4E45D69132FB022B56BEEF059661F3BB
+CT=16B6B3CC08003BA36C9E84B1EE9CD7CC
+PT=301AFE66055149FA5775A9CE19F1FF63
+
+I=196
+KEY=B3C813D4FCBD31ED95E7E71CEC15153E7E5F28F737AA4BD101CB46CB8F900CD8
+CT=301AFE66055149FA5775A9CE19F1FF63
+PT=1090E68F7C8400861589E304A5B815CD
+
+I=197
+KEY=0EBC30ADB6946B6415C0309D636C79F46ECFCE784B2E4B571442A5CF2A281915
+CT=1090E68F7C8400861589E304A5B815CD
+PT=2778F0C712804C0B8D085B196A4D73C4
+
+I=198
+KEY=9C5815C6705B39DEECB8BDDDC9329A0D49B73EBF59AE075C994AFED640656AD1
+CT=2778F0C712804C0B8D085B196A4D73C4
+PT=14FECB137DC9C38A04D92B60A177A61D
+
+I=199
+KEY=9D83B41F8F415B5F3B2C08682383471B5D49F5AC2467C4D69D93D5B6E112CCCC
+CT=14FECB137DC9C38A04D92B60A177A61D
+PT=0EF1321EA52EAA7624E3F2EFD0C886AF
+
+I=200
+KEY=2960CEE0AF043ED1A549BA223F6C1CF153B8C7B281496EA0B970275931DA4A63
+CT=0EF1321EA52EAA7624E3F2EFD0C886AF
+PT=AFA8B2129577EC178B59D42D1B92D313
+
+I=201
+KEY=51E0DECF48A151021C70EC3EE3CE9008FC1075A0143E82B73229F3742A489970
+CT=AFA8B2129577EC178B59D42D1B92D313
+PT=3351631344E6EF86712327D3C05EBDEB
+
+I=202
+KEY=5F34A789B0B1185BA7D1BB3EF2677060CF4116B350D86D31430AD4A7EA16249B
+CT=3351631344E6EF86712327D3C05EBDEB
+PT=C299D0556B0D15014627CADBCCC3DC33
+
+I=203
+KEY=FC3E420F84F4C75802DCF68ABF0030E70DD8C6E63BD57830052D1E7C26D5F8A8
+CT=C299D0556B0D15014627CADBCCC3DC33
+PT=CEB83A2B9DD76B649BAAE48A8B772A5C
+
+I=204
+KEY=C04448AD77DBF33F22A2346C7A40F813C360FCCDA60213549E87FAF6ADA2D2F4
+CT=CEB83A2B9DD76B649BAAE48A8B772A5C
+PT=A8C6AEC94E82BC68AC8E29A8CB9504F6
+
+I=205
+KEY=3FA863ECC4AFA141DD7349C44F94FEE16BA65204E880AF3C3209D35E6637D602
+CT=A8C6AEC94E82BC68AC8E29A8CB9504F6
+PT=1EDED55C8D3309F828C17AF072C79D7A
+
+I=206
+KEY=8893E5FB27191AE09E4AB5F062289F117578875865B3A6C41AC8A9AE14F04B78
+CT=1EDED55C8D3309F828C17AF072C79D7A
+PT=FD2AC22891FB294EB0AD2BADFE759C29
+
+I=207
+KEY=90BA1205BB7927E86F9895855648D3EB88524570F4488F8AAA658203EA85D751
+CT=FD2AC22891FB294EB0AD2BADFE759C29
+PT=2FE6AE59ACD516EE1567A7A1C43FDE2A
+
+I=208
+KEY=278FD88834EA67564F301785C4045D6FA7B4EB29589D9964BF0225A22EBA097B
+CT=2FE6AE59ACD516EE1567A7A1C43FDE2A
+PT=35BEC13F159F61C7EF4C860AD3B41A75
+
+I=209
+KEY=E9D2F23C213D02724737A5E907BFBDF0920A2A164D02F8A3504EA3A8FD0E130E
+CT=35BEC13F159F61C7EF4C860AD3B41A75
+PT=650D65D6ED716DA515EAAF1A7447C3FB
+
+I=210
+KEY=4A0A997634E2D9305795FC90291F6FD9F7074FC0A073950645A40CB28949D0F5
+CT=650D65D6ED716DA515EAAF1A7447C3FB
+PT=7AFE0D2F234A6CDEDD7103DA09147285
+
+I=211
+KEY=BD671DD81F8FCD9D472564589AA13F5D8DF942EF8339F9D898D50F68805DA270
+CT=7AFE0D2F234A6CDEDD7103DA09147285
+PT=40627620B17313AF42EA7DD6CFD900F9
+
+I=212
+KEY=5668F777C46BF78DC664E72186626BF5CD9B34CF324AEA77DA3F72BE4F84A289
+CT=40627620B17313AF42EA7DD6CFD900F9
+PT=0C62985837C8C6FB468BD6E3928F8497
+
+I=213
+KEY=B82B5D4C3DEF62CFAE064CFDB5D904EFC1F9AC9705822C8C9CB4A45DDD0B261E
+CT=0C62985837C8C6FB468BD6E3928F8497
+PT=A1FFF4635AAF2AD8AE6EA8C70858EF3B
+
+I=214
+KEY=6A179EF63528EFA2B12DBA23D1EC8D21600658F45F2D065432DA0C9AD553C925
+CT=A1FFF4635AAF2AD8AE6EA8C70858EF3B
+PT=403F8E2D050E2976487BBEDD6466357E
+
+I=215
+KEY=6857720AC4DDCFFE8A96B455C973901A2039D6D95A232F227AA1B247B135FC5B
+CT=403F8E2D050E2976487BBEDD6466357E
+PT=2DD7EB8476988C850E8D95DC598FC61A
+
+I=216
+KEY=5B938E230BFE9056471E7C83A6ED03930DEE3D5D2CBBA3A7742C279BE8BA3A41
+CT=2DD7EB8476988C850E8D95DC598FC61A
+PT=676B96F400AE18138B302FD3D70D490E
+
+I=217
+KEY=4CE7ECA340DEC23715C53343EB9162DA6A85ABA92C15BBB4FF1C08483FB7734F
+CT=676B96F400AE18138B302FD3D70D490E
+PT=620AAA14B94BF6B60A83129085BCF02B
+
+I=218
+KEY=1024ECE618D140CAE8B9DFC8EB1DE137088F01BD955E4D02F59F1AD8BA0B8364
+CT=620AAA14B94BF6B60A83129085BCF02B
+PT=B701A38325DC282045C6F914394B9F70
+
+I=219
+KEY=6B8C6DA855E1E72E4A6AC44601B24D60BF8EA23EB0826522B059E3CC83401C14
+CT=B701A38325DC282045C6F914394B9F70
+PT=808D0B334B775C59F8C34A3524CB4126
+
+I=220
+KEY=C50A625A89465321DACCB9EB40DEF57D3F03A90DFBF5397B489AA9F9A78B5D32
+CT=808D0B334B775C59F8C34A3524CB4126
+PT=4E29C921CC295F6A3082C1BC02ACDA70
+
+I=221
+KEY=973341A4E3DB315FA97C7EEDF493EA71712A602C37DC661178186845A5278742
+CT=4E29C921CC295F6A3082C1BC02ACDA70
+PT=77BC204E50EFCA2AEBDC16D3F3C3D739
+
+I=222
+KEY=639EB8FB16B34B55550705FDCFF7C8CC069640626733AC3B93C47E9656E4507B
+CT=77BC204E50EFCA2AEBDC16D3F3C3D739
+PT=A677A7B55AA03EB0587EE00123D047F3
+
+I=223
+KEY=610A9602B725E4D87AB2904E91050D90A0E1E7D73D93928BCBBA9E9775341788
+CT=A677A7B55AA03EB0587EE00123D047F3
+PT=09AF5421548AC11466370484F8C556DE
+
+I=224
+KEY=314A6E0BD202458489059738917B6678A94EB3F66919539FAD8D9A138DF14156
+CT=09AF5421548AC11466370484F8C556DE
+PT=B6CDD2336AB8735EE7A9946A1FE7EE0C
+
+I=225
+KEY=73658C0F88490F7C3B9F2B7B39551BBF1F8361C503A120C14A240E799216AF5A
+CT=B6CDD2336AB8735EE7A9946A1FE7EE0C
+PT=B5A2F3B47E4AC87BC06612587253930E
+
+I=226
+KEY=968794DEC3E866DE4F999C860E9851E9AA2192717DEBE8BA8A421C21E0453C54
+CT=B5A2F3B47E4AC87BC06612587253930E
+PT=09C9C38BB3348147EB284FFA24D87244
+
+I=227
+KEY=205605E66A4BE2CF61E13243E104FED9A3E851FACEDF69FD616A53DBC49D4E10
+CT=09C9C38BB3348147EB284FFA24D87244
+PT=9D1EDCA2674E5A30416DF7CC2938DC63
+
+I=228
+KEY=9CA7508C83DB6E56EFF3489F2BD30C573EF68D58A99133CD2007A417EDA59273
+CT=9D1EDCA2674E5A30416DF7CC2938DC63
+PT=E8A2282B47DAB6A666A4607BBC857FC6
+
+I=229
+KEY=0F98884E85FEB533CFC281C2F4437915D654A573EE4B856B46A3C46C5120EDB5
+CT=E8A2282B47DAB6A666A4607BBC857FC6
+PT=B6675D2263DC1C1E0F04A9A9BC666D2D
+
+I=230
+KEY=3F3ED6DC6E08DF2515D08273832429286033F8518D97997549A76DC5ED468098
+CT=B6675D2263DC1C1E0F04A9A9BC666D2D
+PT=D6FF2642FD84C80674EAF8674242248D
+
+I=231
+KEY=67910C06B57CD52767674B70F59337D8B6CCDE13701351733D4D95A2AF04A415
+CT=D6FF2642FD84C80674EAF8674242248D
+PT=47D4419A669253C39A0CC96C7CD612C0
+
+I=232
+KEY=43EE254E414DB89044EE2F703B340F6AF1189F89168102B0A7415CCED3D2B6D5
+CT=47D4419A669253C39A0CC96C7CD612C0
+PT=B2B3FD7A1D4B0695B3499430F2E44CEA
+
+I=233
+KEY=89C9881E6D6CEFF00DDFC5618655FA4543AB62F30BCA04251408C8FE2136FA3F
+CT=B2B3FD7A1D4B0695B3499430F2E44CEA
+PT=4AAD0AE20AFF0675CF78992DFD2B685C
+
+I=234
+KEY=2C24846D047677F89EF73B917962D0FA0906681101350250DB7051D3DC1D9263
+CT=4AAD0AE20AFF0675CF78992DFD2B685C
+PT=C90343412CFE70201CE22D9AD2222788
+
+I=235
+KEY=770637F8F8F32915BF7630919D0726AEC0052B502DCB7270C7927C490E3FB5EB
+CT=C90343412CFE70201CE22D9AD2222788
+PT=923FE89134FAF362802C5A2EBF399D2C
+
+I=236
+KEY=426891CF6B068FAC7FFB5A04874AEC78523AC3C11931811247BE2667B10628C7
+CT=923FE89134FAF362802C5A2EBF399D2C
+PT=9C08F05026196BA3550A2496049B720B
+
+I=237
+KEY=B66BCCA5EFAF3F448BDD52DC48F2B904CE3233913F28EAB112B402F1B59D5ACC
+CT=9C08F05026196BA3550A2496049B720B
+PT=7B487FD67D0C2D987C3DEFD335C2EF17
+
+I=238
+KEY=079CCBC13FCFB0D032293FDFEC563F86B57A4C474224C7296E89ED22805FB5DB
+CT=7B487FD67D0C2D987C3DEFD335C2EF17
+PT=CEC12158856704CE8ABF0CA6C6F3006B
+
+I=239
+KEY=998AFEF458902CA632D60843A88D36637BBB6D1FC743C3E7E436E18446ACB5B0
+CT=CEC12158856704CE8ABF0CA6C6F3006B
+PT=DA19C7C7283ADD9C5145ABBA53F1E7E1
+
+I=240
+KEY=95EDAF196289EE6D24AA752DF489DEFCA1A2AAD8EF791E7BB5734A3E155D5251
+CT=DA19C7C7283ADD9C5145ABBA53F1E7E1
+PT=F043A57E686C1FE7DACB858F0C3E6857
+
+I=241
+KEY=3050D2C04C0860414427BF5B19792D7651E10FA68715019C6FB8CFB119633A06
+CT=F043A57E686C1FE7DACB858F0C3E6857
+PT=2FB7B264BB4B3FAFA01A6BB93CC2958D
+
+I=242
+KEY=26186DD7BE83659550BA3B52D99975037E56BDC23C5E3E33CFA2A40825A1AF8B
+CT=2FB7B264BB4B3FAFA01A6BB93CC2958D
+PT=D46BBD3ABD958DA722F3591578C30F5E
+
+I=243
+KEY=DE1D625B9C840580FDDE57EDE82419D1AA3D00F881CBB394ED51FD1D5D62A0D5
+CT=D46BBD3ABD958DA722F3591578C30F5E
+PT=3D69379AB60535902C38AB5E121DD035
+
+I=244
+KEY=FF9396CB65FFB9D47EF4E0253FD98BBA9754376237CE8604C16956434F7F70E0
+CT=3D69379AB60535902C38AB5E121DD035
+PT=A5767F4E6C8482290BC7B76D23EEF145
+
+I=245
+KEY=B98B5F1CA9752B1B07514B72C3D585F23222482C5B4A042DCAAEE12E6C9181A5
+CT=A5767F4E6C8482290BC7B76D23EEF145
+PT=9388736A82C99337C49BB4F32437B1DA
+
+I=246
+KEY=5F130919FB4ED29397E4781550B1D444A1AA3B46D983971A0E3555DD48A6307F
+CT=9388736A82C99337C49BB4F32437B1DA
+PT=915C6C5181E797DADC289F8FFF60CD19
+
+I=247
+KEY=D3F202F140D38545C8A04EC2D0993E2B30F65717586400C0D21DCA52B7C6FD66
+CT=915C6C5181E797DADC289F8FFF60CD19
+PT=A61167CDBE95ABFAD9C1A58BDA90F0D4
+
+I=248
+KEY=FBFA83B249C3B13C83E8FC111611391296E730DAE6F1AB3A0BDC6FD96D560DB2
+CT=A61167CDBE95ABFAD9C1A58BDA90F0D4
+PT=9AF2B4CF00B037976D0F5CAC4201885D
+
+I=249
+KEY=CC24CC54D0889912C7AD2473EBA8BBB30C158415E6419CAD66D333752F5785EF
+CT=9AF2B4CF00B037976D0F5CAC4201885D
+PT=A9B74046119B6699FD5EFD1E476BEE64
+
+I=250
+KEY=F520F18D9FACA98E5F57226127FA9B6BA5A2C453F7DAFA349B8DCE6B683C6B8B
+CT=A9B74046119B6699FD5EFD1E476BEE64
+PT=CD7EAA1EF3B91B69FD3E54FCC5A802E9
+
+I=251
+KEY=9BFD59A9F78FB1BE6F13B701D7EB0F6268DC6E4D0463E15D66B39A97AD946962
+CT=CD7EAA1EF3B91B69FD3E54FCC5A802E9
+PT=FD7095C419E2722425E6D4CA1A393D8C
+
+I=252
+KEY=C1C39AC5158C8CDBE82CF37D00B7896995ACFB891D81937943554E5DB7AD54EE
+CT=FD7095C419E2722425E6D4CA1A393D8C
+PT=9963CE47EB0322135C5D20B923FC341A
+
+I=253
+KEY=C9E26AE18D08643029C92F11BD3E8AA40CCF35CEF682B16A1F086EE4945160F4
+CT=9963CE47EB0322135C5D20B923FC341A
+PT=11589A1BDD037FABABBB9BF5AAC859A7
+
+I=254
+KEY=2183FF3C1EB1DF48DB8FA5F87F279F891D97AFD52B81CEC1B4B3F5113E993953
+CT=11589A1BDD037FABABBB9BF5AAC859A7
+PT=B6CEE1CD709BE6E055041FC2E1A87539
+
+I=255
+KEY=738690954B4B92CE2367567B3A960E8DAB594E185B1A2821E1B7EAD3DF314C6A
+CT=B6CEE1CD709BE6E055041FC2E1A87539
+PT=D776658F01CCEC460FA7145C6C6CBD42
+
+I=256
+KEY=71AB2DBD9923F08E516D8DF0CF57CC227C2F2B975AD6C467EE10FE8FB35DF128
+CT=D776658F01CCEC460FA7145C6C6CBD42
+PT=0C6D2578060A0A1024230D838AA45234
+
+I=257
+KEY=1C0E18C83D74E46DDF65BFC3335CFF0D70420EEF5CDCCE77CA33F30C39F9A31C
+CT=0C6D2578060A0A1024230D838AA45234
+PT=BFD55D67EF4883200FDAEEA5D44F0302
+
+I=258
+KEY=7DA814BD80D8CBBEE778E030682E7F34CF975388B3944D57C5E91DA9EDB6A01E
+CT=BFD55D67EF4883200FDAEEA5D44F0302
+PT=E821629542650FAFEF08D94AC889078A
+
+I=259
+KEY=10490CD6F16D915CE9891C69E10884D827B6311DF1F142F82AE1C4E3253FA794
+CT=E821629542650FAFEF08D94AC889078A
+PT=F2F81CD9CBD3E932686B6195A97EE13A
+
+I=260
+KEY=F0114F7C7101931F6A4595A6C3D2F34AD54E2DC43A22ABCA428AA5768C4146AE
+CT=F2F81CD9CBD3E932686B6195A97EE13A
+PT=C90348C14450EE3D9BFA30377D4B2440
+
+I=261
+KEY=C5802B19BA4921D3750A590F02658F621C4D65057E7245F7D9709541F10A62EE
+CT=C90348C14450EE3D9BFA30377D4B2440
+PT=619E907C4E7FD3A723E34B8D3880D71B
+
+I=262
+KEY=236500CE70AC49E98907DC4EDAE41CCA7DD3F579300D9650FA93DECCC98AB5F5
+CT=619E907C4E7FD3A723E34B8D3880D71B
+PT=932A17E8FDA853F6DB1C9271EC4FBF56
+
+I=263
+KEY=7BB7D14473E7E2D70F3C8C90D4B1035CEEF9E291CDA5C5A6218F4CBD25C50AA3
+CT=932A17E8FDA853F6DB1C9271EC4FBF56
+PT=549CB80C490E592E18ACC04FAA933489
+
+I=264
+KEY=415AD8391B32F6E61A861B4C8A4BBC6DBA655A9D84AB9C8839238CF28F563E2A
+CT=549CB80C490E592E18ACC04FAA933489
+PT=BF6337BEDE116D5A60B06DA8B270159C
+
+I=265
+KEY=058F24C125EB3E94B54BB6F1F099501C05066D235ABAF1D25993E15A3D262BB6
+CT=BF6337BEDE116D5A60B06DA8B270159C
+PT=CBD3D52496E6DF0DBD065BD924C5001F
+
+I=266
+KEY=B85B96EC639098C392FD33D11A49251ECED5B807CC5C2EDFE495BA8319E32BA9
+CT=CBD3D52496E6DF0DBD065BD924C5001F
+PT=AF8879C67DF265E118096478FBA003AD
+
+I=267
+KEY=526BF9DCAF4A4DFD05FAD0EA3B58131D615DC1C1B1AE4B3EFC9CDEFBE2432804
+CT=AF8879C67DF265E118096478FBA003AD
+PT=C627176029E2D22A51F5630B129A1095
+
+I=268
+KEY=553316781F120EE83A2D083D97D19F99A77AD6A1984C9914AD69BDF0F0D93891
+CT=C627176029E2D22A51F5630B129A1095
+PT=F46AC5870C65636D6C200312F2A15BE6
+
+I=269
+KEY=E9A37578C1402447D6CC1161F126D5C7531013269429FA79C149BEE202786377
+CT=F46AC5870C65636D6C200312F2A15BE6
+PT=4FBBFF3856FC0DEC7EE18585FFA4AC16
+
+I=270
+KEY=78521B42D0FBE8EA8BB6D44D66AE476D1CABEC1EC2D5F795BFA83B67FDDCCF61
+CT=4FBBFF3856FC0DEC7EE18585FFA4AC16
+PT=8711DAE7DD9B3F6D9FAD03669C1C8F5E
+
+I=271
+KEY=851C9A078620280FBCDDFB4FD3745C749BBA36F91F4EC8F82005380161C0403F
+CT=8711DAE7DD9B3F6D9FAD03669C1C8F5E
+PT=050E884136E09368DEFBC43F6B3182CC
+
+I=272
+KEY=50CCAA51D781B7090285D907E68B1F7A9EB4BEB829AE5B90FEFEFC3E0AF1C2F3
+CT=050E884136E09368DEFBC43F6B3182CC
+PT=CEC37197CEE3E0D797F441CC0541B851
+
+I=273
+KEY=DAB5ECB43982EAE8412102E2B7BC7CEA5077CF2FE74DBB47690ABDF20FB07AA2
+CT=CEC37197CEE3E0D797F441CC0541B851
+PT=197ECC091E5620DCA63BA2E6CFBC9F43
+
+I=274
+KEY=57974D1C4BBF761C9E09B8DAD3E510DF49090326F91B9B9BCF311F14C00CE5E1
+CT=197ECC091E5620DCA63BA2E6CFBC9F43
+PT=F2E836DEE9668E81D74A3C0F03CF3C10
+
+I=275
+KEY=E37677110C5A9A59EC06E0968BF5D14EBBE135F8107D151A187B231BC3C3D9F1
+CT=F2E836DEE9668E81D74A3C0F03CF3C10
+PT=DD581BB9F4A7BEC66CAC7916871F55C8
+
+I=276
+KEY=2CD760C245E62EA5B477BDA094B3AD5166B92E41E4DAABDC74D75A0D44DC8C39
+CT=DD581BB9F4A7BEC66CAC7916871F55C8
+PT=7B05D43A3BE733E0DE6E2CE494141B46
+
+I=277
+KEY=DE35BF6BC48E8B8E6A30DB886C9D75DD1DBCFA7BDF3D983CAAB976E9D0C8977F
+CT=7B05D43A3BE733E0DE6E2CE494141B46
+PT=1D561DCAA42E92568DD6ACD583FF7BCE
+
+I=278
+KEY=8AD7FCADA5D092DD5D221532EED3FD1000EAE7B17B130A6A276FDA3C5337ECB1
+CT=1D561DCAA42E92568DD6ACD583FF7BCE
+PT=1E9AB09A76FD91CC33B85390BDE631F8
+
+I=279
+KEY=534EEF6B1450693335980E00CD3CDE361E70572B0DEE9BA614D789ACEED1DD49
+CT=1E9AB09A76FD91CC33B85390BDE631F8
+PT=CBD0E3A07952EAC118A81B76D09276FD
+
+I=280
+KEY=8A39C2221622785E4DA9B14DAAE6ADF3D5A0B48B74BC71670C7F92DA3E43ABB4
+CT=CBD0E3A07952EAC118A81B76D09276FD
+PT=AC20057B857E6C34F7E68A5765573538
+
+I=281
+KEY=50887AD2D325CBC04B5FD69518318BAD7980B1F0F1C21D53FB99188D5B149E8C
+CT=AC20057B857E6C34F7E68A5765573538
+PT=DDFFD26BA5B33AEA36A0A6D75EAA047C
+
+I=282
+KEY=9613965C1776C5BAEA3CEE6154AABC9FA47F639B547127B9CD39BE5A05BE9AF0
+CT=DDFFD26BA5B33AEA36A0A6D75EAA047C
+PT=F0883B6DD3CA0515CB9F1ABA646CCB69
+
+I=283
+KEY=E7F6DB8A94597956CEE07447F9BB5CA454F758F687BB22AC06A6A4E061D25199
+CT=F0883B6DD3CA0515CB9F1ABA646CCB69
+PT=F4E27CA9E27B3E81B981298738C01FDA
+
+I=284
+KEY=0CB665943D6E6E32886A94C070366FB2A015245F65C01C2DBF278D6759124E43
+CT=F4E27CA9E27B3E81B981298738C01FDA
+PT=B03B2EB7A1E13E1A17C51FF5684E2A72
+
+I=285
+KEY=1EA698290E4B1D41B0CC4F3B9A9398FF102E0AE8C4212237A8E29292315C6431
+CT=B03B2EB7A1E13E1A17C51FF5684E2A72
+PT=BE133CCCE406C1C0BC1707115B5B0C84
+
+I=286
+KEY=BA38F49FA3D4A74ED41F8DA958A953C7AE3D36242027E3F714F595836A0768B5
+CT=BE133CCCE406C1C0BC1707115B5B0C84
+PT=A15B1C9BCF319AEF262E366C142A0DCF
+
+I=287
+KEY=935F2CEECBBCF3465DB9B0DB927AF4310F662ABFEF16791832DBA3EF7E2D657A
+CT=A15B1C9BCF319AEF262E366C142A0DCF
+PT=7A8DA23874D28EB75261D87D57451EAE
+
+I=288
+KEY=B8E67B884E3E229EBB516065499F790275EB88879BC4F7AF60BA7B9229687BD4
+CT=7A8DA23874D28EB75261D87D57451EAE
+PT=9331C989A7E291FD94BA4C945A79126E
+
+I=289
+KEY=CFB51BE6CDA499D66E7B36CAAC220FB7E6DA410E3C266652F4003706731169BA
+CT=9331C989A7E291FD94BA4C945A79126E
+PT=70A2F921A8BB0548D91A114478308448
+
+I=290
+KEY=19821B21FED0C1659AF4E16F49F63B699678B82F949D631A2D1A26420B21EDF2
+CT=70A2F921A8BB0548D91A114478308448
+PT=8ED8FC98045BA0EF9C15E9565EECE5BB
+
+I=291
+KEY=27DA5E31E794D670BDB701F361B8977018A044B790C6C3F5B10FCF1455CD0849
+CT=8ED8FC98045BA0EF9C15E9565EECE5BB
+PT=F6621989AFC0427E3E84039B6C6C2E75
+
+I=292
+KEY=64E8F7C4292DF7D0B01BED3FAE08DA4FEEC25D3E3F06818B8F8BCC8F39A1263C
+CT=F6621989AFC0427E3E84039B6C6C2E75
+PT=68F4804D1E8D383FAF4E76F80FB8F92B
+
+I=293
+KEY=EE626AFFE4997C11CAE2714FF96D84B18636DD73218BB9B420C5BA773619DF17
+CT=68F4804D1E8D383FAF4E76F80FB8F92B
+PT=2D61F123E2479D56AE5C327A57F6A28B
+
+I=294
+KEY=EA24B2DB953084C818B0E6F34BA1584DAB572C50C3CC24E28E99880D61EF7D9C
+CT=2D61F123E2479D56AE5C327A57F6A28B
+PT=C6CD16E7A122D105EE398E6C7F15B4EF
+
+I=295
+KEY=F209D1ADE0869F674F6FEDCD3DB7D2EB6D9A3AB762EEF5E760A006611EFAC973
+CT=C6CD16E7A122D105EE398E6C7F15B4EF
+PT=EDD6BBA5787DA2BF6A1ADF297DB98281
+
+I=296
+KEY=302BEB9AA2ACB3594D7E50859C187294804C81121A9357580ABAD94863434BF2
+CT=EDD6BBA5787DA2BF6A1ADF297DB98281
+PT=4A51E54F4F81469A06F6001F2F32F4AC
+
+I=297
+KEY=3270FC87B4DC04FDD3F20C01407BE123CA1D645D551211C20C4CD9574C71BF5E
+CT=4A51E54F4F81469A06F6001F2F32F4AC
+PT=F7A2303EA59907BCC32AA4FC5A6DE448
+
+I=298
+KEY=C85326465BF46A442BC1E544F9041C4A3DBF5463F08B167ECF667DAB161C5B16
+CT=F7A2303EA59907BCC32AA4FC5A6DE448
+PT=2274E43F9F8A7081DF74D5225EC28AD8
+
+I=299
+KEY=A54E889A4D9FFBF993C53A9DD3B951391FCBB05C6F0166FF1012A88948DED1CE
+CT=2274E43F9F8A7081DF74D5225EC28AD8
+PT=0C8358EC431313223B59126BDBB36571
+
+I=300
+KEY=FA14699C20CFFE7DB68786E6117F95851348E8B02C1275DD2B4BBAE2936DB4BF
+CT=0C8358EC431313223B59126BDBB36571
+PT=03237A81EEA2EAFBB5AC0B3E635CC1AC
+
+I=301
+KEY=B3744022A5397A735A4271261A2C96DF106B9231C2B09F269EE7B1DCF0317513
+CT=03237A81EEA2EAFBB5AC0B3E635CC1AC
+PT=409EBF7DF31FD9557118B1B5CAB5EBE3
+
+I=302
+KEY=8C7A22A934DCBC5E084E472DBAE4848350F52D4C31AF4673EFFF00693A849EF0
+CT=409EBF7DF31FD9557118B1B5CAB5EBE3
+PT=6CF5C9CF4A62C668B6481F7A12EE43DB
+
+I=303
+KEY=DB0497ED308C95BC9703265174B654D23C00E4837BCD801B59B71F13286ADD2B
+CT=6CF5C9CF4A62C668B6481F7A12EE43DB
+PT=D8A84E93CFF3EB9DC891333BDA5F3560
+
+I=304
+KEY=7A88D30D4CC9AB8EFA76139B68F0028AE4A8AA10B43E6B8691262C28F235E84B
+CT=D8A84E93CFF3EB9DC891333BDA5F3560
+PT=009E0C2454E321326336CC56D0660F91
+
+I=305
+KEY=55A78B8839B395B552630641648DFCE5E436A634E0DD4AB4F210E07E2253E7DA
+CT=009E0C2454E321326336CC56D0660F91
+PT=EBC89334F29560D9B9AEAE2F1D9DC65B
+
+I=306
+KEY=B41A907C82EDE32C6C1FD0DFED0A232D0FFE350012482A6D4BBE4E513FCE2181
+CT=EBC89334F29560D9B9AEAE2F1D9DC65B
+PT=4DA63E94EBB4DA255800C9B25068E47E
+
+I=307
+KEY=3E428E8A77067008EFDE7BD6174B05B742580B94F9FCF04813BE87E36FA6C5FF
+CT=4DA63E94EBB4DA255800C9B25068E47E
+PT=6833E2CEFA8CF4B5B4607FA49D7B658D
+
+I=308
+KEY=39D17AE8C7232386F8339427E4A79AAC2A6BE95A037004FDA7DEF847F2DDA072
+CT=6833E2CEFA8CF4B5B4607FA49D7B658D
+PT=41D882B653BEFEEEB9AE354F5ABCC058
+
+I=309
+KEY=E8D52C97FA4149312A45D3EFE0A326086BB36BEC50CEFA131E70CD08A861602A
+CT=41D882B653BEFEEEB9AE354F5ABCC058
+PT=D54A329BCF56B703BE0F02EE3AACB933
+
+I=310
+KEY=D36FAED6CF436A491111890449BC3C66BEF959779F984D10A07FCFE692CDD919
+CT=D54A329BCF56B703BE0F02EE3AACB933
+PT=5FAAEB95E0F9D0C3C43BF725DADC9595
+
+I=311
+KEY=9D7BCBB15816A0A941BBB787D2EEA155E153B2E27F619DD3644438C348114C8C
+CT=5FAAEB95E0F9D0C3C43BF725DADC9595
+PT=BC699D5E82FD43B45A7B925E8C1A2F3C
+
+I=312
+KEY=F2EB78917ECAC2E77C19B892E846AE715D3A2FBCFD9CDE673E3FAA9DC40B63B0
+CT=BC699D5E82FD43B45A7B925E8C1A2F3C
+PT=773D115B40F0E9EF780B2D10846FA684
+
+I=313
+KEY=B10B9F0CECA554749EC178F3C63547DD2A073EE7BD6C37884634878D4064C534
+CT=773D115B40F0E9EF780B2D10846FA684
+PT=50095809CC96520EB8E3A66F499EE147
+
+I=314
+KEY=E86E52AEB04DE0D3DC85A91E9B10D2677A0E66EE71FA6586FED721E209FA2473
+CT=50095809CC96520EB8E3A66F499EE147
+PT=6994CF8BA4C731CA33DAFE33D2A0BF94
+
+I=315
+KEY=44C3C8A2F0F931926AC73F3E5351B114139AA965D53D544CCD0DDFD1DB5A9BE7
+CT=6994CF8BA4C731CA33DAFE33D2A0BF94
+PT=981902A8FD71DF8B67D52E6FC2813B90
+
+I=316
+KEY=2D309D3D2603EC7E7B4EA626E9BDECFE8B83ABCD284C8BC7AAD8F1BE19DBA077
+CT=981902A8FD71DF8B67D52E6FC2813B90
+PT=35FA9A93AE142F562E62771991752B78
+
+I=317
+KEY=E80939BCB4DB83768EBAD3CF2DD3F270BE79315E8658A49184BA86A788AE8B0F
+CT=35FA9A93AE142F562E62771991752B78
+PT=A3651DBF8585004F0729AF4CA615C674
+
+I=318
+KEY=BF1A4C57D4434FA59A2E45DB589AA16F1D1C2CE103DDA4DE839329EB2EBB4D7B
+CT=A3651DBF8585004F0729AF4CA615C674
+PT=AF31F082CACEB768627B93A4D3E5349A
+
+I=319
+KEY=6EB47730BACAAB2207A3D12B0652B0CDB22DDC63C91313B6E1E8BA4FFD5E79E1
+CT=AF31F082CACEB768627B93A4D3E5349A
+PT=57B75D2B640F45DB2D4A1F71F08545A5
+
+I=320
+KEY=3EB0F3D31E648E260FE9F6FA8812ADD1E59A8148AD1C566DCCA2A53E0DDB3C44
+CT=57B75D2B640F45DB2D4A1F71F08545A5
+PT=A812DA38D7B82DF310366FA62FFD11E6
+
+I=321
+KEY=0409A87F024E710C27E456CA170B60184D885B707AA47B9EDC94CA9822262DA2
+CT=A812DA38D7B82DF310366FA62FFD11E6
+PT=447F235914368F2BECD5FF98D1A34205
+
+I=322
+KEY=7DE3A1E7234BF755908324E13DF413EB09F778296E92F4B530413500F3856FA7
+CT=447F235914368F2BECD5FF98D1A34205
+PT=5205860E4562B5CD6748EF89BF2791E9
+
+I=323
+KEY=12EE9519335A2D827649D4EB047EB5255BF2FE272BF041785709DA894CA2FE4E
+CT=5205860E4562B5CD6748EF89BF2791E9
+PT=30C0229AFDFF59E24426ACAD8D4AEFDB
+
+I=324
+KEY=78FF32A055D51E0A9D6E77D838AE72AD6B32DCBDD60F189A132F7624C1E81195
+CT=30C0229AFDFF59E24426ACAD8D4AEFDB
+PT=FF467C6E0F82F5D2F9487DDBDB43EFB3
+
+I=325
+KEY=6E49FA4CDEFC70619F739B488DD434969474A0D3D98DED48EA670BFF1AABFE26
+CT=FF467C6E0F82F5D2F9487DDBDB43EFB3
+PT=7E375B3D13871B09CA4D3357AC5EBB0E
+
+I=326
+KEY=90791666C996FF15EED1E20BAFB6B4B3EA43FBEECA0AF641202A38A8B6F54528
+CT=7E375B3D13871B09CA4D3357AC5EBB0E
+PT=E64A319F6FBD96BD799760C4077F9713
+
+I=327
+KEY=7F0D0CAB938585CF65726A6CB01DE8B00C09CA71A5B760FC59BD586CB18AD23B
+CT=E64A319F6FBD96BD799760C4077F9713
+PT=1487C8488C675BD46FAF2EEC0BC7AE7E
+
+I=328
+KEY=7B429E6D59D4D65E16ED325F49E93D9C188E023929D03B2836127680BA4D7C45
+CT=1487C8488C675BD46FAF2EEC0BC7AE7E
+PT=1F103E64A4F5239C9157E70487C50941
+
+I=329
+KEY=AF20B02C3C5BD4E33E34359B86BBF2CF079E3C5D8D2518B4A74591843D887504
+CT=1F103E64A4F5239C9157E70487C50941
+PT=24C8481DD1A2245735597A18A2433E41
+
+I=330
+KEY=E4F3CE6AFF9926837BAAB04C311F72A7235674405C873CE3921CEB9C9FCB4B45
+CT=24C8481DD1A2245735597A18A2433E41
+PT=3D9E715A686DE9AF8EE37AF54F82AA8A
+
+I=331
+KEY=A9BACBEC55AA453A83FF82CFDDB7F2F91EC8051A34EAD54C1CFF9169D049E1CF
+CT=3D9E715A686DE9AF8EE37AF54F82AA8A
+PT=B330735D9AB5B96501CDAF61A8EAD19F
+
+I=332
+KEY=5826BE9127DB557D401AF4DE6343F8AFADF87647AE5F6C291D323E0878A33050
+CT=B330735D9AB5B96501CDAF61A8EAD19F
+PT=61AE40475EA11DBCC364F5377673CE37
+
+I=333
+KEY=A8F0146E46A5391D0663380DF9F1FD6FCC563600F0FE7195DE56CB3F0ED0FE67
+CT=61AE40475EA11DBCC364F5377673CE37
+PT=525C1ED538B23D7CFA4A43114CF35BD4
+
+I=334
+KEY=20F90A51E7A0BB9B88AE1DD28C8B484A9E0A28D5C84C4CE9241C882E4223A5B3
+CT=525C1ED538B23D7CFA4A43114CF35BD4
+PT=C2957E002E35236D455F53006495E4B7
+
+I=335
+KEY=A71CC695B7AEB0D5148FA622536669385C9F56D5E6796F846143DB2E26B64104
+CT=C2957E002E35236D455F53006495E4B7
+PT=76F9C97A4B414E5DE532082BB12F5362
+
+I=336
+KEY=617CF5726F26BD9A3B52FC0D902A97AD2A669FAFAD3821D98471D30597991266
+CT=76F9C97A4B414E5DE532082BB12F5362
+PT=F4D9E814D4C61B2FB1D7CDCCBAF14AA1
+
+I=337
+KEY=D4DBBCC269A61933E4D63C3BDA5F522EDEBF77BB79FE3AF635A61EC92D6858C7
+CT=F4D9E814D4C61B2FB1D7CDCCBAF14AA1
+PT=6B51AF38B42F226D62474A97BD001FFF
+
+I=338
+KEY=512FAF06A5885D032A885EC030AF3C18B5EED883CDD1189B57E1545E90684738
+CT=6B51AF38B42F226D62474A97BD001FFF
+PT=868C58D6B805CF8F9EB04A8BA123371A
+
+I=339
+KEY=BDD2CB78E9B554FC7FEEEC05D02309F23362805575D4D714C9511ED5314B7022
+CT=868C58D6B805CF8F9EB04A8BA123371A
+PT=1752558A1F90975140CA41F68BE5333F
+
+I=340
+KEY=15CC46826BFD5B45ABAE9B0B2756D39C2430D5DF6A444045899B5F23BAAE431D
+CT=1752558A1F90975140CA41F68BE5333F
+PT=68801EAB4042E7390E64AA53C38C1D15
+
+I=341
+KEY=DF5FB425C5B25E15EA717736D8ABE6644CB0CB742A06A77C87FFF57079225E08
+CT=68801EAB4042E7390E64AA53C38C1D15
+PT=02FE87211909D8954EC90EF53100F26D
+
+I=342
+KEY=CD73FCED5EBA6038DD8B8A000111BEF94E4E4C55330F7FE9C936FB854822AC65
+CT=02FE87211909D8954EC90EF53100F26D
+PT=3A51FAFD22A2CC95B532023A37BBF0FE
+
+I=343
+KEY=EF890ED47D9F1581CC98C88F3BF7F88D741FB6A811ADB37C7C04F9BF7F995C9B
+CT=3A51FAFD22A2CC95B532023A37BBF0FE
+PT=D233A6BBC315BA5F4630AE7F99F77116
+
+I=344
+KEY=AA9CA1A7DFA24E1936E49D34054F7749A62C1013D2B809233A3457C0E66E2D8D
+CT=D233A6BBC315BA5F4630AE7F99F77116
+PT=E6B9619D7B0E1DF6CFE79FD51533406B
+
+I=345
+KEY=ADC4161B346687F98D4CB5B661662A8A4095718EA9B614D5F5D3C815F35D6DE6
+CT=E6B9619D7B0E1DF6CFE79FD51533406B
+PT=A746D31BCB29F7512E3F6E5EFD14FDAD
+
+I=346
+KEY=9C1CA3776C9ED13D220453C8AEFA0ECDE7D3A295629FE384DBECA64B0E49904B
+CT=A746D31BCB29F7512E3F6E5EFD14FDAD
+PT=B2489A51878848EC37E6782FB2110122
+
+I=347
+KEY=B64A5B45ABFDEC3EF8164FCEAE89919E559B38C4E517AB68EC0ADE64BC589169
+CT=B2489A51878848EC37E6782FB2110122
+PT=EF77F9367A063FDB874C9FC96983EAD1
+
+I=348
+KEY=AEFFDEE2501961FEEB985134E2B651EDBAECC1F29F1194B36B4641ADD5DB7BB8
+CT=EF77F9367A063FDB874C9FC96983EAD1
+PT=4ECFF4DA51BB2BE1EF8E85C4BBE51C69
+
+I=349
+KEY=6B28BA96CEB25B3862F413A2CBED4889F4233528CEAABF5284C8C4696E3E67D1
+CT=4ECFF4DA51BB2BE1EF8E85C4BBE51C69
+PT=0CAEAF484505A1AF13BB0ADCC665F91C
+
+I=350
+KEY=2062889724A47DD541F1F0A3FC8C5952F88D9A608BAF1EFD9773CEB5A85B9ECD
+CT=0CAEAF484505A1AF13BB0ADCC665F91C
+PT=6C75CA469CACCCE29CAE88202E02727C
+
+I=351
+KEY=C2115A8A6EE164B944A8C8128EBAB8E694F850261703D21F0BDD46958659ECB1
+CT=6C75CA469CACCCE29CAE88202E02727C
+PT=567060CEFF3AEDDE8AB5823450E35967
+
+I=352
+KEY=C3D2704E15936C6916073E234D0012CCC28830E8E8393FC18168C4A1D6BAB5D6
+CT=567060CEFF3AEDDE8AB5823450E35967
+PT=E04F927E409060080EC530D5C344CA24
+
+I=353
+KEY=49173A9FB3283181B71264E3FB5591FA22C7A296A8A95FC98FADF47415FE7FF2
+CT=E04F927E409060080EC530D5C344CA24
+PT=4D473408396C17D4BA3DBB63B46E7727
+
+I=354
+KEY=8BF3DDDC9217496E29F46E61233D62B66F80969E91C5481D35904F17A19008D5
+CT=4D473408396C17D4BA3DBB63B46E7727
+PT=BB6779933AC9E435C637CDA146A04284
+
+I=355
+KEY=6ACA3C31248BFBB5BB9FD54C4B31BC21D4E7EF0DAB0CAC28F3A782B6E7304A51
+CT=BB6779933AC9E435C637CDA146A04284
+PT=5C2129A55114540ED68591C60E45D6CF
+
+I=356
+KEY=1A270DAD402DC752332671216A6C3BFF88C6C6A8FA18F82625221370E9759C9E
+CT=5C2129A55114540ED68591C60E45D6CF
+PT=57790B87F69BF1C007E563A82987EEAE
+
+I=357
+KEY=6E39E75268AC2C51ABE11CE3CE16CAF3DFBFCD2F0C8309E622C770D8C0F27230
+CT=57790B87F69BF1C007E563A82987EEAE
+PT=58790B192C8B90B76F34990E28A6689A
+
+I=358
+KEY=2367A67114D722A79F9434B5A418BEEB87C6C636200899514DF3E9D6E8541AAA
+CT=58790B192C8B90B76F34990E28A6689A
+PT=599CA8B58EFE301A87CE72540CCB4067
+
+I=359
+KEY=A4CE195518F7E36D7E0D5C9666802411DE5A6E83AEF6A94BCA3D9B82E49F5ACD
+CT=599CA8B58EFE301A87CE72540CCB4067
+PT=4483131C7E03089F898166A5B3E85E3A
+
+I=360
+KEY=73C5204211D3648DAAF5FE071186C0E99AD97D9FD0F5A1D443BCFD27577704F7
+CT=4483131C7E03089F898166A5B3E85E3A
+PT=DBF64C5A0897B343BAF7047A6C564D02
+
+I=361
+KEY=1A3831AFF223BB2FE79C8EF8845E553C412F31C5D8621297F94BF95D3B2149F5
+CT=DBF64C5A0897B343BAF7047A6C564D02
+PT=B24420DA45E3620B619978CB09F1860C
+
+I=362
+KEY=31EF243EF87C32148751F8F299151042F36B111F9D81709C98D2819632D0CFF9
+CT=B24420DA45E3620B619978CB09F1860C
+PT=12B466EF6AE6F28AF78AC184DB8B3C83
+
+I=363
+KEY=9E935E6F5D76BEE2E639F2880C8352EEE1DF77F0F76782166F584012E95BF37A
+CT=12B466EF6AE6F28AF78AC184DB8B3C83
+PT=518E89A35CF55D591DE8BB924D8F96E7
+
+I=364
+KEY=C6398957838B02B5948A95DCBFBF2813B051FE53AB92DF4F72B0FB80A4D4659D
+CT=518E89A35CF55D591DE8BB924D8F96E7
+PT=1FDF7FE52BD46EF54F1F7A6242B04BD8
+
+I=365
+KEY=5764E84D9000518C185717581E0D70E5AF8E81B68046B1BA3DAF81E2E6642E45
+CT=1FDF7FE52BD46EF54F1F7A6242B04BD8
+PT=2C68E67C37B50056E80DC09B9ED84AA8
+
+I=366
+KEY=5F8CB51BF30B954B4AC09620B0A20FCA83E667CAB7F3B1ECD5A2417978BC64ED
+CT=2C68E67C37B50056E80DC09B9ED84AA8
+PT=14CC2D821B03BE21355A779B9066BE41
+
+I=367
+KEY=50B32E6D62EE3B8CE2DD5797BA70D8D2972A4A48ACF00FCDE0F836E2E8DADAAC
+CT=14CC2D821B03BE21355A779B9066BE41
+PT=BB09D339888C27294E73326E64AC3B21
+
+I=368
+KEY=E1B2199CAF1C3FA78E973ACF5C3AC8702C239971247C28E4AE8B048C8C76E18D
+CT=BB09D339888C27294E73326E64AC3B21
+PT=BCFBD8255802CC8233AEA86E49089328
+
+I=369
+KEY=3403D2498A4562E73734D065E9B44AD890D841547C7EE4669D25ACE2C57E72A5
+CT=BCFBD8255802CC8233AEA86E49089328
+PT=5A919AC72F12DB1FAB8E4876FBA8842B
+
+I=370
+KEY=B979FA15F93E5ACA1F6E452C9053751BCA49DB93536C3F7936ABE4943ED6F68E
+CT=5A919AC72F12DB1FAB8E4876FBA8842B
+PT=BDB03BD29FD3828AF1AE8C729F37F88A
+
+I=371
+KEY=A8CDF9FE3C0227A9107C700C404AE39777F9E041CCBFBDF3C70568E6A1E10E04
+CT=BDB03BD29FD3828AF1AE8C729F37F88A
+PT=0AAC43CE316476F3A532D44B4DFBF4B8
+
+I=372
+KEY=B4D497FBD5DE2CA68FF60C701E208A257D55A38FFDDBCB006237BCADEC1AFABC
+CT=0AAC43CE316476F3A532D44B4DFBF4B8
+PT=853A5EE7CB3C4BB3F0120BB2CFFB4436
+
+I=373
+KEY=A019DCC09A4CAAA3772BF4C54C8828E9F86FFD6836E780B39225B71F23E1BE8A
+CT=853A5EE7CB3C4BB3F0120BB2CFFB4436
+PT=B525599C918446AF4EA9F6965F3971EA
+
+I=374
+KEY=238BF8B851B0864F9BEC8E242B7795D14D4AA4F4A763C61CDC8C41897CD8CF60
+CT=B525599C918446AF4EA9F6965F3971EA
+PT=A8377EC293D41F74A0A2DB66BA7D3D2F
+
+I=375
+KEY=AF9E313988F294AE6A8155BC76F2514BE57DDA3634B7D9687C2E9AEFC6A5F24F
+CT=A8377EC293D41F74A0A2DB66BA7D3D2F
+PT=301BD4D318101A02166EBC23DED9C12D
+
+I=376
+KEY=3B6186F7ACE8E9B022DDE0ECF5D808D3D5660EE52CA7C36A6A4026CC187C3362
+CT=301BD4D318101A02166EBC23DED9C12D
+PT=05BD0686BE53B94FB1B42AE407BE081C
+
+I=377
+KEY=EADED20A0F405D9E3AAE404FB074162ED0DB086392F47A25DBF40C281FC23B7E
+CT=05BD0686BE53B94FB1B42AE407BE081C
+PT=7A3AF681F2043806EDB761F65D9A6C3A
+
+I=378
+KEY=AA6F474F5F5FF513FC992E4232061B75AAE1FEE260F0422336436DDE42585744
+CT=7A3AF681F2043806EDB761F65D9A6C3A
+PT=3C297DE35CCF4E6E0A800B9A3EE37C95
+
+I=379
+KEY=68BFE30863F135A09B81BE2800CBBC3796C883013C3F0C4D3CC366447CBB2BD1
+CT=3C297DE35CCF4E6E0A800B9A3EE37C95
+PT=5F8AAC15C74CC7EA87A1AC185103A9D7
+
+I=380
+KEY=9093DEBE66D714180BEB8FE51C4807ADC9422F14FB73CBA7BB62CA5C2DB88206
+CT=5F8AAC15C74CC7EA87A1AC185103A9D7
+PT=083AF3AF30961FD5A077F5564D55E9E9
+
+I=381
+KEY=A1E1049159A94DF638092C90F7707CD7C178DCBBCBE5D4721B153F0A60ED6BEF
+CT=083AF3AF30961FD5A077F5564D55E9E9
+PT=89BEFF6AB40B18ECD9413446E848253A
+
+I=382
+KEY=7C506732A8863DB1BF61EFC710F22D2348C623D17FEECC9EC2540B4C88A54ED5
+CT=89BEFF6AB40B18ECD9413446E848253A
+PT=095B2C04636C9C5BF9735BCA21211EAA
+
+I=383
+KEY=7283413612863BA1E1B5AE93DF1318F5419D0FD51C8250C53B275086A984507F
+CT=095B2C04636C9C5BF9735BCA21211EAA
+PT=E95DB3DB1E3A478C8A31212B28E0E7BC
+
+I=384
+KEY=BE861CED86D725162D938727D7AEFC1BA8C0BC0E02B81749B11671AD8164B7C3
+CT=E95DB3DB1E3A478C8A31212B28E0E7BC
+PT=9927F1D7EF0631500E1DF058932BF320
+
+I=385
+KEY=45AA89CBCE192CEEC22BF5F33DDE0E8D31E74DD9EDBE2619BF0B81F5124F44E3
+CT=9927F1D7EF0631500E1DF058932BF320
+PT=4B1147179F2AF27E5C9DBB7F01CC56A8
+
+I=386
+KEY=B08A08DABC52884E9EBB310236815BFE7AF60ACE7294D467E3963A8A1383124B
+CT=4B1147179F2AF27E5C9DBB7F01CC56A8
+PT=E9752A7D47734DACAC6E74A1A3EC4956
+
+I=387
+KEY=34B4424CE75A4A1BCE9E6C825F5F0DC1938320B335E799CB4FF84E2BB06F5B1D
+CT=E9752A7D47734DACAC6E74A1A3EC4956
+PT=AB2D652BCEE42804C5155980DA02CECC
+
+I=388
+KEY=F9954BB1A793565A79AA2B9DF408A34A38AE4598FB03B1CF8AED17AB6A6D95D1
+CT=AB2D652BCEE42804C5155980DA02CECC
+PT=3C6651362E89F6C6B28C04CA22F110EC
+
+I=389
+KEY=9548931715FB259E318020E30D68165604C814AED58A470938611361489C853D
+CT=3C6651362E89F6C6B28C04CA22F110EC
+PT=15598364698838475AB96F95CFCF3342
+
+I=390
+KEY=1CDB0706417BBE66B559237109353221119197CABC027F4E62D87CF48753B67F
+CT=15598364698838475AB96F95CFCF3342
+PT=D8B3BB941893206E1CA6654B81F403E4
+
+I=391
+KEY=8C4AD897B595252B0987673F45EE73F2C9222C5EA4915F207E7E19BF06A7B59B
+CT=D8B3BB941893206E1CA6654B81F403E4
+PT=ECE471CC2FF45C26C7143C41702F90D2
+
+I=392
+KEY=A6D3DF3279B7405256C0D22DA240524125C65D928B650306B96A25FE76882549
+CT=ECE471CC2FF45C26C7143C41702F90D2
+PT=AB387AE5A5FC892C311D97C22467940D
+
+I=393
+KEY=36F250F7C3906C7E0020055422CDB8B28EFE27772E998A2A8877B23C52EFB144
+CT=AB387AE5A5FC892C311D97C22467940D
+PT=FF48C2C77D5F52DF27C4060DF7F895D7
+
+I=394
+KEY=4FF045275860B943EDE02C802F34B71B71B6E5B053C6D8F5AFB3B431A5172493
+CT=FF48C2C77D5F52DF27C4060DF7F895D7
+PT=221BC444E2A6A7F8DE9DA16AB01EB2AC
+
+I=395
+KEY=E15B4E0E242FBABF1D47E9DBE6D0660253AD21F4B1607F0D712E155B1509963F
+CT=221BC444E2A6A7F8DE9DA16AB01EB2AC
+PT=DE252D19973ABD9F182049D39455784B
+
+I=396
+KEY=401023A611A3133C895A3684AB3E7C9D8D880CED265AC292690E5C88815CEE74
+CT=DE252D19973ABD9F182049D39455784B
+PT=843163BD101982EE948039915C8F60D8
+
+I=397
+KEY=B9DDF52C271F143E523532E45E6F368D09B96F503643407CFD8E6519DDD38EAC
+CT=843163BD101982EE948039915C8F60D8
+PT=6FD9D36B751854C3417F29E8F3B654D9
+
+I=398
+KEY=AC7F45F8630CE02525F9F4941B4E13206660BC3B435B14BFBCF14CF12E65DA75
+CT=6FD9D36B751854C3417F29E8F3B654D9
+PT=E1268BA8A1473DEDE6CA64DDF2C8B805
+
+I=399
+KEY=DE11FF0A429E1CD3DE016DAC294F771187463793E21C29525A3B282CDCAD6270
+CT=E1268BA8A1473DEDE6CA64DDF2C8B805
+PT=4DE0C6DF7CB1697284604D60271BC59A
+
+===========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_e_m.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_e_m.txt
new file mode 100644
index 00000000..40a95e7c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_e_m.txt
@@ -0,0 +1,6024 @@
+
+=========================
+
+FILENAME:  "ecb_e_m.txt"
+
+Electronic Codebook (ECB) Mode - ENCRYPTION
+Monte Carlo Test
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+=========================
+
+KEYSIZE=128
+
+I=0
+KEY=00000000000000000000000000000000
+PT=00000000000000000000000000000000
+CT=C34C052CC0DA8D73451AFE5F03BE297F
+
+I=1
+KEY=C34C052CC0DA8D73451AFE5F03BE297F
+PT=C34C052CC0DA8D73451AFE5F03BE297F
+CT=0AC15A9AFBB24D54AD99E987208272E2
+
+I=2
+KEY=C98D5FB63B68C027E88317D8233C5B9D
+PT=0AC15A9AFBB24D54AD99E987208272E2
+CT=A3D43BFFA65D0E80092F67A314857870
+
+I=3
+KEY=6A5964499D35CEA7E1AC707B37B923ED
+PT=A3D43BFFA65D0E80092F67A314857870
+CT=355F697E8B868B65B25A04E18D782AFA
+
+I=4
+KEY=5F060D3716B345C253F6749ABAC10917
+PT=355F697E8B868B65B25A04E18D782AFA
+CT=ACC863637868E3E068D2FD6E3508454A
+
+I=5
+KEY=F3CE6E546EDBA6223B2489F48FC94C5D
+PT=ACC863637868E3E068D2FD6E3508454A
+CT=665F9F12A824F3D52A1C71D6210D5470
+
+I=6
+KEY=9591F146C6FF55F71138F822AEC4182D
+PT=665F9F12A824F3D52A1C71D6210D5470
+CT=9B27361DBC8E5618E8E98036F5AD40B0
+
+I=7
+KEY=0EB6C75B7A7103EFF9D178145B69589D
+PT=9B27361DBC8E5618E8E98036F5AD40B0
+CT=21D9BD7EBA0163A293F2D56C316CBD36
+
+I=8
+KEY=2F6F7A25C070604D6A23AD786A05E5AB
+PT=21D9BD7EBA0163A293F2D56C316CBD36
+CT=3E8037A9988E28FF81F2A7154ACD91BE
+
+I=9
+KEY=11EF4D8C58FE48B2EBD10A6D20C87415
+PT=3E8037A9988E28FF81F2A7154ACD91BE
+CT=014EE14F1AA8C0D4A47A72F197F4DCB0
+
+I=10
+KEY=10A1ACC3425688664FAB789CB73CA8A5
+PT=014EE14F1AA8C0D4A47A72F197F4DCB0
+CT=0B542083DBC03A96AA00C1A5AE58C9F1
+
+I=11
+KEY=1BF58C409996B2F0E5ABB93919646154
+PT=0B542083DBC03A96AA00C1A5AE58C9F1
+CT=7340B59E1E3BB9211CE167F2DEBDB090
+
+I=12
+KEY=68B539DE87AD0BD1F94ADECBC7D9D1C4
+PT=7340B59E1E3BB9211CE167F2DEBDB090
+CT=67E05F75135BA834CBCDCFF068541BBE
+
+I=13
+KEY=0F5566AB94F6A3E53287113BAF8DCA7A
+PT=67E05F75135BA834CBCDCFF068541BBE
+CT=8BD5553105C3507B0A07FDB351B25B4F
+
+I=14
+KEY=8480339A9135F39E3880EC88FE3F9135
+PT=8BD5553105C3507B0A07FDB351B25B4F
+CT=649F061F95C0A79BD3066EFFE5B27CAB
+
+I=15
+KEY=E01F358504F55405EB8682771B8DED9E
+PT=649F061F95C0A79BD3066EFFE5B27CAB
+CT=697F4EB0603340E90FE91C27B6D9CEAA
+
+I=16
+KEY=89607B3564C614ECE46F9E50AD542334
+PT=697F4EB0603340E90FE91C27B6D9CEAA
+CT=A8CBBA624FA28A7F8637324E1E20CB9C
+
+I=17
+KEY=21ABC1572B649E936258AC1EB374E8A8
+PT=A8CBBA624FA28A7F8637324E1E20CB9C
+CT=73B852132DE715872A40EB25B1133C00
+
+I=18
+KEY=5213934406838B144818473B0267D4A8
+PT=73B852132DE715872A40EB25B1133C00
+CT=1328A1C2F386BB3E4D4BE0942B8249A2
+
+I=19
+KEY=413B3286F505302A0553A7AF29E59D0A
+PT=1328A1C2F386BB3E4D4BE0942B8249A2
+CT=06F72DEA0067F543AA8C342CC9191745
+
+I=20
+KEY=47CC1F6CF562C569AFDF9383E0FC8A4F
+PT=06F72DEA0067F543AA8C342CC9191745
+CT=110B6011B60C94382C2321BFCAA62A1C
+
+I=21
+KEY=56C77F7D436E515183FCB23C2A5AA053
+PT=110B6011B60C94382C2321BFCAA62A1C
+CT=80C90EF6794361DFA400EFE922F45A59
+
+I=22
+KEY=D60E718B3A2D308E27FC5DD508AEFA0A
+PT=80C90EF6794361DFA400EFE922F45A59
+CT=F8DF0AC62EE229245DB1F300F2E5B143
+
+I=23
+KEY=2ED17B4D14CF19AA7A4DAED5FA4B4B49
+PT=F8DF0AC62EE229245DB1F300F2E5B143
+CT=45390146539E773B502E84A0C29AD5B0
+
+I=24
+KEY=6BE87A0B47516E912A632A7538D19EF9
+PT=45390146539E773B502E84A0C29AD5B0
+CT=B07721757865838BDFC2329998B5174F
+
+I=25
+KEY=DB9F5B7E3F34ED1AF5A118ECA06489B6
+PT=B07721757865838BDFC2329998B5174F
+CT=B83F3B7A9FFBA35DF1D6661A0F8AD0F4
+
+I=26
+KEY=63A06004A0CF4E4704777EF6AFEE5942
+PT=B83F3B7A9FFBA35DF1D6661A0F8AD0F4
+CT=7098C99B1B245DE623B78F1B07D08EBE
+
+I=27
+KEY=1338A99FBBEB13A127C0F1EDA83ED7FC
+PT=7098C99B1B245DE623B78F1B07D08EBE
+CT=58A095EF9268B923920238486D0B13E1
+
+I=28
+KEY=4B983C702983AA82B5C2C9A5C535C41D
+PT=58A095EF9268B923920238486D0B13E1
+CT=97DD8052CE0D87715075A42942C120ED
+
+I=29
+KEY=DC45BC22E78E2DF3E5B76D8C87F4E4F0
+PT=97DD8052CE0D87715075A42942C120ED
+CT=F480B5A67DAFCB9524DC21453AF66FAF
+
+I=30
+KEY=28C509849A21E666C16B4CC9BD028B5F
+PT=F480B5A67DAFCB9524DC21453AF66FAF
+CT=71CE64CE8C98367F2F12E6851AC70FF3
+
+I=31
+KEY=590B6D4A16B9D019EE79AA4CA7C584AC
+PT=71CE64CE8C98367F2F12E6851AC70FF3
+CT=81C3AA693CC1C647399701DA17D5FDD5
+
+I=32
+KEY=D8C8C7232A78165ED7EEAB96B0107979
+PT=81C3AA693CC1C647399701DA17D5FDD5
+CT=5BB93103F6DDF0415592EE2217704D41
+
+I=33
+KEY=8371F620DCA5E61F827C45B4A7603438
+PT=5BB93103F6DDF0415592EE2217704D41
+CT=87B8B17FF9079829AB5C47E055FFCEE3
+
+I=34
+KEY=04C9475F25A27E3629200254F29FFADB
+PT=87B8B17FF9079829AB5C47E055FFCEE3
+CT=615FE7D34154F42D6CE9D647904295E0
+
+I=35
+KEY=6596A08C64F68A1B45C9D41362DD6F3B
+PT=615FE7D34154F42D6CE9D647904295E0
+CT=A60C213CDF9B54DF9041948F98585CE2
+
+I=36
+KEY=C39A81B0BB6DDEC4D588409CFA8533D9
+PT=A60C213CDF9B54DF9041948F98585CE2
+CT=FB126C61071EB9167B6FF28E5244E624
+
+I=37
+KEY=3888EDD1BC7367D2AEE7B212A8C1D5FD
+PT=FB126C61071EB9167B6FF28E5244E624
+CT=8A79CE45F030B91B53D1591D10FF1B02
+
+I=38
+KEY=B2F123944C43DEC9FD36EB0FB83ECEFF
+PT=8A79CE45F030B91B53D1591D10FF1B02
+CT=BE20190BAE15162F43E93F67A580192B
+
+I=39
+KEY=0CD13A9FE256C8E6BEDFD4681DBED7D4
+PT=BE20190BAE15162F43E93F67A580192B
+CT=0107D3E3511F91545D02B498A9E3C318
+
+I=40
+KEY=0DD6E97CB34959B2E3DD60F0B45D14CC
+PT=0107D3E3511F91545D02B498A9E3C318
+CT=2A832A1205D6B5FCF1B20126EE59DD9D
+
+I=41
+KEY=2755C36EB69FEC4E126F61D65A04C951
+PT=2A832A1205D6B5FCF1B20126EE59DD9D
+CT=F362782F550DCBFC49CEF15C3A0ABA7A
+
+I=42
+KEY=D437BB41E39227B25BA1908A600E732B
+PT=F362782F550DCBFC49CEF15C3A0ABA7A
+CT=51A8A0C6434A3BE8C939B6DDD56EAA53
+
+I=43
+KEY=859F1B87A0D81C5A92982657B560D978
+PT=51A8A0C6434A3BE8C939B6DDD56EAA53
+CT=89D3F1086F3D96C18A76C61F25A52221
+
+I=44
+KEY=0C4CEA8FCFE58A9B18EEE04890C5FB59
+PT=89D3F1086F3D96C18A76C61F25A52221
+CT=A5F7E0A5FA70DDB718EF970F50EB7B86
+
+I=45
+KEY=A9BB0A2A3595572C00017747C02E80DF
+PT=A5F7E0A5FA70DDB718EF970F50EB7B86
+CT=7BB64305538E71AFBF993B5BD23D5523
+
+I=46
+KEY=D20D492F661B2683BF984C1C1213D5FC
+PT=7BB64305538E71AFBF993B5BD23D5523
+CT=E6BF8F5338568603EC668C6D15331FA5
+
+I=47
+KEY=34B2C67C5E4DA08053FEC0710720CA59
+PT=E6BF8F5338568603EC668C6D15331FA5
+CT=27644649FCDF52085CDB20E3DEE1E2F6
+
+I=48
+KEY=13D68035A292F2880F25E092D9C128AF
+PT=27644649FCDF52085CDB20E3DEE1E2F6
+CT=7629AACAED7F49938373C83410AD1744
+
+I=49
+KEY=65FF2AFF4FEDBB1B8C5628A6C96C3FEB
+PT=7629AACAED7F49938373C83410AD1744
+CT=D440FC6E9A65819934FAF8641C05A17C
+
+I=50
+KEY=B1BFD691D5883A82B8ACD0C2D5699E97
+PT=D440FC6E9A65819934FAF8641C05A17C
+CT=FBEE29FEFD725E1852B58502D3076C46
+
+I=51
+KEY=4A51FF6F28FA649AEA1955C0066EF2D1
+PT=FBEE29FEFD725E1852B58502D3076C46
+CT=E345A47A6C89BE4350CDD8C9D319529D
+
+I=52
+KEY=A9145B154473DAD9BAD48D09D577A04C
+PT=E345A47A6C89BE4350CDD8C9D319529D
+CT=1C6A7CBAF21E483B6025DB6DA573C5C6
+
+I=53
+KEY=B57E27AFB66D92E2DAF156647004658A
+PT=1C6A7CBAF21E483B6025DB6DA573C5C6
+CT=2B05F4D8EB50D851A013798753B65A1F
+
+I=54
+KEY=9E7BD3775D3D4AB37AE22FE323B23F95
+PT=2B05F4D8EB50D851A013798753B65A1F
+CT=CEFE04978228A0DBCCE9EE42B21DD34A
+
+I=55
+KEY=5085D7E0DF15EA68B60BC1A191AFECDF
+PT=CEFE04978228A0DBCCE9EE42B21DD34A
+CT=7B41DF8CD85B61EA800536648DBDA2AE
+
+I=56
+KEY=2BC4086C074E8B82360EF7C51C124E71
+PT=7B41DF8CD85B61EA800536648DBDA2AE
+CT=08688872151D18CD19E2FC14B9E4C962
+
+I=57
+KEY=23AC801E1253934F2FEC0BD1A5F68713
+PT=08688872151D18CD19E2FC14B9E4C962
+CT=F08C88BE5E748C4D82D2E7D7813A33AF
+
+I=58
+KEY=D32008A04C271F02AD3EEC0624CCB4BC
+PT=F08C88BE5E748C4D82D2E7D7813A33AF
+CT=319B7D38AB1AC3AEA0A0490C341F4F20
+
+I=59
+KEY=E2BB7598E73DDCAC0D9EA50A10D3FB9C
+PT=319B7D38AB1AC3AEA0A0490C341F4F20
+CT=EE70748772E8D88B2717D78F31F0EA86
+
+I=60
+KEY=0CCB011F95D504272A8972852123111A
+PT=EE70748772E8D88B2717D78F31F0EA86
+CT=A3A5DC791EA1BBB9D7A2B292572DFD5C
+
+I=61
+KEY=AF6EDD668B74BF9EFD2BC017760EEC46
+PT=A3A5DC791EA1BBB9D7A2B292572DFD5C
+CT=255692B06B3A18498BCAF99F7B3EE374
+
+I=62
+KEY=8A384FD6E04EA7D776E139880D300F32
+PT=255692B06B3A18498BCAF99F7B3EE374
+CT=500E492232891293875F50279B5DC5C3
+
+I=63
+KEY=DA3606F4D2C7B544F1BE69AF966DCAF1
+PT=500E492232891293875F50279B5DC5C3
+CT=57C3FCCE9B5BA3BC19BBF7BB9B37A9AC
+
+I=64
+KEY=8DF5FA3A499C16F8E8059E140D5A635D
+PT=57C3FCCE9B5BA3BC19BBF7BB9B37A9AC
+CT=BF06FDFDB687C8B24FB0E2A6D6D37EA5
+
+I=65
+KEY=32F307C7FF1BDE4AA7B57CB2DB891DF8
+PT=BF06FDFDB687C8B24FB0E2A6D6D37EA5
+CT=6D459ED545CF3C6FF2746411CD9B3E31
+
+I=66
+KEY=5FB69912BAD4E22555C118A3161223C9
+PT=6D459ED545CF3C6FF2746411CD9B3E31
+CT=C74E0704A9D9EC2D90F75B34FC95CD32
+
+I=67
+KEY=98F89E16130D0E08C5364397EA87EEFB
+PT=C74E0704A9D9EC2D90F75B34FC95CD32
+CT=0453D4FBC2D7F8E0AD0AD90F98D1EC5C
+
+I=68
+KEY=9CAB4AEDD1DAF6E8683C9A98725602A7
+PT=0453D4FBC2D7F8E0AD0AD90F98D1EC5C
+CT=5BBA052D6C39DC1E9553B7646CB7344B
+
+I=69
+KEY=C7114FC0BDE32AF6FD6F2DFC1EE136EC
+PT=5BBA052D6C39DC1E9553B7646CB7344B
+CT=9870FFE04984426501ECB55FFBB363CB
+
+I=70
+KEY=5F61B020F4676893FC8398A3E5525527
+PT=9870FFE04984426501ECB55FFBB363CB
+CT=1363D65F7C943FC4512E41A717D3704D
+
+I=71
+KEY=4C02667F88F35757ADADD904F281256A
+PT=1363D65F7C943FC4512E41A717D3704D
+CT=664762AED6BC5FB74A646A928837FC83
+
+I=72
+KEY=2A4504D15E4F08E0E7C9B3967AB6D9E9
+PT=664762AED6BC5FB74A646A928837FC83
+CT=655CB6BAB4B0532273689E4DC9234C42
+
+I=73
+KEY=4F19B26BEAFF5BC294A12DDBB39595AB
+PT=655CB6BAB4B0532273689E4DC9234C42
+CT=E8AAE0E0B9D2BE6259AEBC478DC90FD9
+
+I=74
+KEY=A7B3528B532DE5A0CD0F919C3E5C9A72
+PT=E8AAE0E0B9D2BE6259AEBC478DC90FD9
+CT=FECACAF43DD920FA3078256C6A587741
+
+I=75
+KEY=5979987F6EF4C55AFD77B4F05404ED33
+PT=FECACAF43DD920FA3078256C6A587741
+CT=11F3F56529B8B172D87A4C86BB90F3B6
+
+I=76
+KEY=488A6D1A474C7428250DF876EF941E85
+PT=11F3F56529B8B172D87A4C86BB90F3B6
+CT=B44340D44F1ABA37CB09FE57FC771A9E
+
+I=77
+KEY=FCC92DCE0856CE1FEE04062113E3041B
+PT=B44340D44F1ABA37CB09FE57FC771A9E
+CT=C49F12B88C34A0D696FE283B01D5710C
+
+I=78
+KEY=38563F7684626EC978FA2E1A12367517
+PT=C49F12B88C34A0D696FE283B01D5710C
+CT=58D6D2D36C14DDBDA7604AB740918D76
+
+I=79
+KEY=6080EDA5E876B374DF9A64AD52A7F861
+PT=58D6D2D36C14DDBDA7604AB740918D76
+CT=21F735F77B0EAD7551CE06900A568EB3
+
+I=80
+KEY=4177D85293781E018E54623D58F176D2
+PT=21F735F77B0EAD7551CE06900A568EB3
+CT=FE2E9BDB393BF6D1BBF108B8AC3B6818
+
+I=81
+KEY=BF594389AA43E8D035A56A85F4CA1ECA
+PT=FE2E9BDB393BF6D1BBF108B8AC3B6818
+CT=FECFCD3722C6C8E6608258341220E739
+
+I=82
+KEY=41968EBE88852036552732B1E6EAF9F3
+PT=FECFCD3722C6C8E6608258341220E739
+CT=10A8BB234C9D9A22DEC7887E931F85BD
+
+I=83
+KEY=513E359DC418BA148BE0BACF75F57C4E
+PT=10A8BB234C9D9A22DEC7887E931F85BD
+CT=767EB7DBA70BC7094DF7A5BDD233EB5C
+
+I=84
+KEY=2740824663137D1DC6171F72A7C69712
+PT=767EB7DBA70BC7094DF7A5BDD233EB5C
+CT=FCD7184F3F4DB7CA182225B9A358209D
+
+I=85
+KEY=DB979A095C5ECAD7DE353ACB049EB78F
+PT=FCD7184F3F4DB7CA182225B9A358209D
+CT=A5CD025AEBF0380EAC66EF034806179F
+
+I=86
+KEY=7E5A9853B7AEF2D97253D5C84C98A010
+PT=A5CD025AEBF0380EAC66EF034806179F
+CT=FE46F4A72C7031FE8D900152CD20B95F
+
+I=87
+KEY=801C6CF49BDEC327FFC3D49A81B8194F
+PT=FE46F4A72C7031FE8D900152CD20B95F
+CT=CF1ACB502A4B608C61364891E34F93A0
+
+I=88
+KEY=4F06A7A4B195A3AB9EF59C0B62F78AEF
+PT=CF1ACB502A4B608C61364891E34F93A0
+CT=95AB1367FF6C03DE87FFA282A3E52200
+
+I=89
+KEY=DAADB4C34EF9A075190A3E89C112A8EF
+PT=95AB1367FF6C03DE87FFA282A3E52200
+CT=762B6393252B347F55AF3E4CA16F2FC9
+
+I=90
+KEY=AC86D7506BD2940A4CA500C5607D8726
+PT=762B6393252B347F55AF3E4CA16F2FC9
+CT=A63491A22E23AD921ADAB9CC0DA20521
+
+I=91
+KEY=0AB246F245F13998567FB9096DDF8207
+PT=A63491A22E23AD921ADAB9CC0DA20521
+CT=C0852A5E7CEEAFB5FA87C440B598BFD6
+
+I=92
+KEY=CA376CAC391F962DACF87D49D8473DD1
+PT=C0852A5E7CEEAFB5FA87C440B598BFD6
+CT=485747C528B08033169E991E98E4CBB5
+
+I=93
+KEY=82602B6911AF161EBA66E45740A3F664
+PT=485747C528B08033169E991E98E4CBB5
+CT=415B95B222161A8C9ED20CF99C26848C
+
+I=94
+KEY=C33BBEDB33B90C9224B4E8AEDC8572E8
+PT=415B95B222161A8C9ED20CF99C26848C
+CT=7E673E6348C38CD40C9B11F4C9F3E3A0
+
+I=95
+KEY=BD5C80B87B7A8046282FF95A15769148
+PT=7E673E6348C38CD40C9B11F4C9F3E3A0
+CT=B88508E55279AFF0D848C38DBEC76B2C
+
+I=96
+KEY=05D9885D29032FB6F0673AD7ABB1FA64
+PT=B88508E55279AFF0D848C38DBEC76B2C
+CT=3902B5DC34E815BA50A53DB9C8FFAA92
+
+I=97
+KEY=3CDB3D811DEB3A0CA0C2076E634E50F6
+PT=3902B5DC34E815BA50A53DB9C8FFAA92
+CT=FEF57F51360547EA6B88085B8656A1D0
+
+I=98
+KEY=C22E42D02BEE7DE6CB4A0F35E518F126
+PT=FEF57F51360547EA6B88085B8656A1D0
+CT=94D052E1F097106A5B714ADD0EF79E64
+
+I=99
+KEY=56FE1031DB796D8C903B45E8EBEF6F42
+PT=94D052E1F097106A5B714ADD0EF79E64
+CT=7FD3EF411360E5270F63A8BACCCC74C0
+
+I=100
+KEY=292DFF70C81988AB9F58ED5227231B82
+PT=7FD3EF411360E5270F63A8BACCCC74C0
+CT=F572692DE6EFBC2309B947D1A75BE009
+
+I=101
+KEY=DC5F965D2EF6348896E1AA838078FB8B
+PT=F572692DE6EFBC2309B947D1A75BE009
+CT=BFD3233C513448C283C05311B8085B5C
+
+I=102
+KEY=638CB5617FC27C4A1521F9923870A0D7
+PT=BFD3233C513448C283C05311B8085B5C
+CT=078739F570071AA1A96A1F00F31E05FD
+
+I=103
+KEY=640B8C940FC566EBBC4BE692CB6EA52A
+PT=078739F570071AA1A96A1F00F31E05FD
+CT=947CA236277CDD0AC13C194B99E8CF16
+
+I=104
+KEY=F0772EA228B9BBE17D77FFD952866A3C
+PT=947CA236277CDD0AC13C194B99E8CF16
+CT=34DE5F2D355BC4ACE54AD0CB8C008CB8
+
+I=105
+KEY=C4A9718F1DE27F4D983D2F12DE86E684
+PT=34DE5F2D355BC4ACE54AD0CB8C008CB8
+CT=E5729CBD84C89B914F35412F902A2CA3
+
+I=106
+KEY=21DBED32992AE4DCD7086E3D4EACCA27
+PT=E5729CBD84C89B914F35412F902A2CA3
+CT=EB326D6ABAFC93EADBEC9B05CE4AAF0C
+
+I=107
+KEY=CAE9805823D677360CE4F53880E6652B
+PT=EB326D6ABAFC93EADBEC9B05CE4AAF0C
+CT=9F088089F8D8E8E28A9A2A1FF50F2ED3
+
+I=108
+KEY=55E100D1DB0E9FD4867EDF2775E94BF8
+PT=9F088089F8D8E8E28A9A2A1FF50F2ED3
+CT=C8D2BF3D6ADB57F478656D4808142160
+
+I=109
+KEY=9D33BFECB1D5C820FE1BB26F7DFD6A98
+PT=C8D2BF3D6ADB57F478656D4808142160
+CT=062016811215B9DBDD3C794A15FBEBBA
+
+I=110
+KEY=9B13A96DA3C071FB2327CB2568068122
+PT=062016811215B9DBDD3C794A15FBEBBA
+CT=71F9F04E9AED1C302E5ED2AD36B5C7F5
+
+I=111
+KEY=EAEA5923392D6DCB0D7919885EB346D7
+PT=71F9F04E9AED1C302E5ED2AD36B5C7F5
+CT=253982568F6C3FDFDE173E46B614989C
+
+I=112
+KEY=CFD3DB75B6415214D36E27CEE8A7DE4B
+PT=253982568F6C3FDFDE173E46B614989C
+CT=6D51D51276A6FA9C933E4D4496D0455E
+
+I=113
+KEY=A2820E67C0E7A88840506A8A7E779B15
+PT=6D51D51276A6FA9C933E4D4496D0455E
+CT=B9A6924F773CE826BBBC6DDBFA4E146A
+
+I=114
+KEY=1B249C28B7DB40AEFBEC075184398F7F
+PT=B9A6924F773CE826BBBC6DDBFA4E146A
+CT=474943C523162BC81186779A07144BC6
+
+I=115
+KEY=5C6DDFED94CD6B66EA6A70CB832DC4B9
+PT=474943C523162BC81186779A07144BC6
+CT=20128A092B99B4BC212B1107C3BA1DF9
+
+I=116
+KEY=7C7F55E4BF54DFDACB4161CC4097D940
+PT=20128A092B99B4BC212B1107C3BA1DF9
+CT=90330B8FB5A50E958250A953EF5145C7
+
+I=117
+KEY=EC4C5E6B0AF1D14F4911C89FAFC69C87
+PT=90330B8FB5A50E958250A953EF5145C7
+CT=C1B788D0EB2C8C7B9E020CC2BEACD595
+
+I=118
+KEY=2DFBD6BBE1DD5D34D713C45D116A4912
+PT=C1B788D0EB2C8C7B9E020CC2BEACD595
+CT=EF87960DABBE82F6CFA8045CE4A9EED0
+
+I=119
+KEY=C27C40B64A63DFC218BBC001F5C3A7C2
+PT=EF87960DABBE82F6CFA8045CE4A9EED0
+CT=405C8408D5027DF90CBE3159701D161A
+
+I=120
+KEY=8220C4BE9F61A23B1405F15885DEB1D8
+PT=405C8408D5027DF90CBE3159701D161A
+CT=FCAB7F88E85D6573A98D23D684A5A5F3
+
+I=121
+KEY=7E8BBB36773CC748BD88D28E017B142B
+PT=FCAB7F88E85D6573A98D23D684A5A5F3
+CT=191E6F1EECBF5149F4D49446E97D8820
+
+I=122
+KEY=6795D4289B839601495C46C8E8069C0B
+PT=191E6F1EECBF5149F4D49446E97D8820
+CT=C77128F53D48594194EFBA67E46C6B23
+
+I=123
+KEY=A0E4FCDDA6CBCF40DDB3FCAF0C6AF728
+PT=C77128F53D48594194EFBA67E46C6B23
+CT=DFB898170571450CC5E2244AE4D3AF43
+
+I=124
+KEY=7F5C64CAA3BA8A4C1851D8E5E8B9586B
+PT=DFB898170571450CC5E2244AE4D3AF43
+CT=3BD1633B5053609A3B42CC098F9F5D87
+
+I=125
+KEY=448D07F1F3E9EAD6231314EC672605EC
+PT=3BD1633B5053609A3B42CC098F9F5D87
+CT=AC15B23F205AEB10470F853BA18361E0
+
+I=126
+KEY=E898B5CED3B301C6641C91D7C6A5640C
+PT=AC15B23F205AEB10470F853BA18361E0
+CT=2DA73BA6E01B1ADFBEEAFA2E37942078
+
+I=127
+KEY=C53F8E6833A81B19DAF66BF9F1314474
+PT=2DA73BA6E01B1ADFBEEAFA2E37942078
+CT=C5B3D7089173958B32340B88D35B738B
+
+I=128
+KEY=008C5960A2DB8E92E8C26071226A37FF
+PT=C5B3D7089173958B32340B88D35B738B
+CT=8318BAA96569F3ADCD30C08D54494392
+
+I=129
+KEY=8394E3C9C7B27D3F25F2A0FC7623746D
+PT=8318BAA96569F3ADCD30C08D54494392
+CT=4F6F2A06A1A344B261084563BCCC5A5A
+
+I=130
+KEY=CCFBC9CF6611398D44FAE59FCAEF2E37
+PT=4F6F2A06A1A344B261084563BCCC5A5A
+CT=07EC18166362BF049A48D146A63FF378
+
+I=131
+KEY=CB17D1D905738689DEB234D96CD0DD4F
+PT=07EC18166362BF049A48D146A63FF378
+CT=81CB17ABAC28A3ED135442454C212646
+
+I=132
+KEY=4ADCC672A95B2564CDE6769C20F1FB09
+PT=81CB17ABAC28A3ED135442454C212646
+CT=C1CBDE45E27B9B1198CE93A51E38D9C5
+
+I=133
+KEY=8B1718374B20BE755528E5393EC922CC
+PT=C1CBDE45E27B9B1198CE93A51E38D9C5
+CT=8E4EB89DDFEE065784556FA0B426954A
+
+I=134
+KEY=0559A0AA94CEB822D17D8A998AEFB786
+PT=8E4EB89DDFEE065784556FA0B426954A
+CT=6A966414CC6FE52F957E9DE7012EC4BD
+
+I=135
+KEY=6FCFC4BE58A15D0D4403177E8BC1733B
+PT=6A966414CC6FE52F957E9DE7012EC4BD
+CT=7C88474D963BFDFE61F052F51D1796EF
+
+I=136
+KEY=134783F3CE9AA0F325F3458B96D6E5D4
+PT=7C88474D963BFDFE61F052F51D1796EF
+CT=6269F5DA04B09D442DDCB46001573AE9
+
+I=137
+KEY=712E7629CA2A3DB7082FF1EB9781DF3D
+PT=6269F5DA04B09D442DDCB46001573AE9
+CT=FBD2965ACE0B360A12EF39873A8F3805
+
+I=138
+KEY=8AFCE07304210BBD1AC0C86CAD0EE738
+PT=FBD2965ACE0B360A12EF39873A8F3805
+CT=5B46EF12C9BE55DCD5571D82E5BC6FF1
+
+I=139
+KEY=D1BA0F61CD9F5E61CF97D5EE48B288C9
+PT=5B46EF12C9BE55DCD5571D82E5BC6FF1
+CT=403DEFDB60876F3161CF02F319F5EA9A
+
+I=140
+KEY=9187E0BAAD183150AE58D71D51476253
+PT=403DEFDB60876F3161CF02F319F5EA9A
+CT=70FD321C583C1B54ED6AD3A79721E84A
+
+I=141
+KEY=E17AD2A6F5242A04433204BAC6668A19
+PT=70FD321C583C1B54ED6AD3A79721E84A
+CT=32AE26E948D563782532AC711BFAB644
+
+I=142
+KEY=D3D4F44FBDF1497C6600A8CBDD9C3C5D
+PT=32AE26E948D563782532AC711BFAB644
+CT=ECF948F5EBB98E4C7286046E0F7AF127
+
+I=143
+KEY=3F2DBCBA5648C7301486ACA5D2E6CD7A
+PT=ECF948F5EBB98E4C7286046E0F7AF127
+CT=818F87EFA0B5E4098E737AD44DB537BA
+
+I=144
+KEY=BEA23B55F6FD23399AF5D6719F53FAC0
+PT=818F87EFA0B5E4098E737AD44DB537BA
+CT=029F170737413F1BFBE02C292D506E44
+
+I=145
+KEY=BC3D2C52C1BC1C226115FA58B2039484
+PT=029F170737413F1BFBE02C292D506E44
+CT=77A7C520912761121373E35FD3B5AF0F
+
+I=146
+KEY=CB9AE972509B7D307266190761B63B8B
+PT=77A7C520912761121373E35FD3B5AF0F
+CT=D407B965C368E1F77195ED446BEEBA73
+
+I=147
+KEY=1F9D501793F39CC703F3F4430A5881F8
+PT=D407B965C368E1F77195ED446BEEBA73
+CT=D1F304E0B3614A4840F128AA364BA6A3
+
+I=148
+KEY=CE6E54F72092D68F4302DCE93C13275B
+PT=D1F304E0B3614A4840F128AA364BA6A3
+CT=69B748543EE72474D0CC301BDBD50A6C
+
+I=149
+KEY=A7D91CA31E75F2FB93CEECF2E7C62D37
+PT=69B748543EE72474D0CC301BDBD50A6C
+CT=BA471D91DBC6D27EBA7B510E67830C3F
+
+I=150
+KEY=1D9E0132C5B3208529B5BDFC80452108
+PT=BA471D91DBC6D27EBA7B510E67830C3F
+CT=7C0CF396D078E01A741613B1E1D7A9CB
+
+I=151
+KEY=6192F2A415CBC09F5DA3AE4D619288C3
+PT=7C0CF396D078E01A741613B1E1D7A9CB
+CT=6F670A289398F49C75ACBBE9EAC2ABFC
+
+I=152
+KEY=0EF5F88C86533403280F15A48B50233F
+PT=6F670A289398F49C75ACBBE9EAC2ABFC
+CT=C392EF479528BF1B02296E6C894E4FDD
+
+I=153
+KEY=CD6717CB137B8B182A267BC8021E6CE2
+PT=C392EF479528BF1B02296E6C894E4FDD
+CT=C4226C8C98D5F137A4C6A239E04B0FB3
+
+I=154
+KEY=09457B478BAE7A2F8EE0D9F1E2556351
+PT=C4226C8C98D5F137A4C6A239E04B0FB3
+CT=2382714FC945AD4A1E03858B63973B9E
+
+I=155
+KEY=2AC70A0842EBD76590E35C7A81C258CF
+PT=2382714FC945AD4A1E03858B63973B9E
+CT=E41F350AC9320A8A23E27C0349978168
+
+I=156
+KEY=CED83F028BD9DDEFB3012079C855D9A7
+PT=E41F350AC9320A8A23E27C0349978168
+CT=7E9137997CB7676F3D0141797C6F31A8
+
+I=157
+KEY=B049089BF76EBA808E006100B43AE80F
+PT=7E9137997CB7676F3D0141797C6F31A8
+CT=4BF7EBC15369A757981EE4A0B7F55706
+
+I=158
+KEY=FBBEE35AA4071DD7161E85A003CFBF09
+PT=4BF7EBC15369A757981EE4A0B7F55706
+CT=EC677E86A8D2A5935D33D6471A58A781
+
+I=159
+KEY=17D99DDC0CD5B8444B2D53E719971888
+PT=EC677E86A8D2A5935D33D6471A58A781
+CT=F31066D48884BC9B37F218FCF385344B
+
+I=160
+KEY=E4C9FB08845104DF7CDF4B1BEA122CC3
+PT=F31066D48884BC9B37F218FCF385344B
+CT=51CFEA4E482A7B7BCF4D31DA5CED4370
+
+I=161
+KEY=B5061146CC7B7FA4B3927AC1B6FF6FB3
+PT=51CFEA4E482A7B7BCF4D31DA5CED4370
+CT=89F3CD1590669A16F8460991BFD3CF5C
+
+I=162
+KEY=3CF5DC535C1DE5B24BD47350092CA0EF
+PT=89F3CD1590669A16F8460991BFD3CF5C
+CT=9930DA8E5DBC1F6C87B0B41BD386E2E0
+
+I=163
+KEY=A5C506DD01A1FADECC64C74BDAAA420F
+PT=9930DA8E5DBC1F6C87B0B41BD386E2E0
+CT=41A8CB583E5B9D2BA7CDA3763B6529C0
+
+I=164
+KEY=E46DCD853FFA67F56BA9643DE1CF6BCF
+PT=41A8CB583E5B9D2BA7CDA3763B6529C0
+CT=53479DCFB0C69624B42B9C272B0A1A85
+
+I=165
+KEY=B72A504A8F3CF1D1DF82F81ACAC5714A
+PT=53479DCFB0C69624B42B9C272B0A1A85
+CT=E72F27AE86E913EF55309120358BAD35
+
+I=166
+KEY=500577E409D5E23E8AB2693AFF4EDC7F
+PT=E72F27AE86E913EF55309120358BAD35
+CT=9B1EF901BACC70819DBC627C7CDC8CD9
+
+I=167
+KEY=CB1B8EE5B31992BF170E0B46839250A6
+PT=9B1EF901BACC70819DBC627C7CDC8CD9
+CT=9546C7B789345E4C32EE84BCE8E78C7E
+
+I=168
+KEY=5E5D49523A2DCCF325E08FFA6B75DCD8
+PT=9546C7B789345E4C32EE84BCE8E78C7E
+CT=33700B93E03CE8202BAC7E64E3255108
+
+I=169
+KEY=6D2D42C1DA1124D30E4CF19E88508DD0
+PT=33700B93E03CE8202BAC7E64E3255108
+CT=44246615BCA5C0A8DCB7E63729398F0A
+
+I=170
+KEY=290924D466B4E47BD2FB17A9A16902DA
+PT=44246615BCA5C0A8DCB7E63729398F0A
+CT=3215FC55FEE5A30BFA11F8EBBC912652
+
+I=171
+KEY=1B1CD8819851477028EAEF421DF82488
+PT=3215FC55FEE5A30BFA11F8EBBC912652
+CT=796C9136407BC4F484B253DAEB206912
+
+I=172
+KEY=627049B7D82A8384AC58BC98F6D84D9A
+PT=796C9136407BC4F484B253DAEB206912
+CT=B18977B404F0671C10AA979389408CCA
+
+I=173
+KEY=D3F93E03DCDAE498BCF22B0B7F98C150
+PT=B18977B404F0671C10AA979389408CCA
+CT=B2592621EE947D4ED9AD4295E0675F93
+
+I=174
+KEY=61A01822324E99D6655F699E9FFF9EC3
+PT=B2592621EE947D4ED9AD4295E0675F93
+CT=62D3B7E28765DA8F83EBE19C97293C0A
+
+I=175
+KEY=0373AFC0B52B4359E6B4880208D6A2C9
+PT=62D3B7E28765DA8F83EBE19C97293C0A
+CT=F417D650D6B7631542CFF8F95FC81C9B
+
+I=176
+KEY=F7647990639C204CA47B70FB571EBE52
+PT=F417D650D6B7631542CFF8F95FC81C9B
+CT=700A5DE153D6B438FFF7BA902DEC32FF
+
+I=177
+KEY=876E2471304A94745B8CCA6B7AF28CAD
+PT=700A5DE153D6B438FFF7BA902DEC32FF
+CT=67DC08A48F1EC7E32121B8693BB23621
+
+I=178
+KEY=E0B22CD5BF5453977AAD72024140BA8C
+PT=67DC08A48F1EC7E32121B8693BB23621
+CT=90038BB156A7F7992E260E9CBFAC0D82
+
+I=179
+KEY=70B1A764E9F3A40E548B7C9EFEECB70E
+PT=90038BB156A7F7992E260E9CBFAC0D82
+CT=C6BB1407C2D037BF238BEC772BA95352
+
+I=180
+KEY=B60AB3632B2393B1770090E9D545E45C
+PT=C6BB1407C2D037BF238BEC772BA95352
+CT=8C3D249574FF74F84053977219D69F5E
+
+I=181
+KEY=3A3797F65FDCE7493753079BCC937B02
+PT=8C3D249574FF74F84053977219D69F5E
+CT=131F7FC5A1528AD5DCB167AFAA8BFD47
+
+I=182
+KEY=2928E833FE8E6D9CEBE2603466188645
+PT=131F7FC5A1528AD5DCB167AFAA8BFD47
+CT=6E68AE6FDF2C10B42B85486D3EFBCEB9
+
+I=183
+KEY=4740465C21A27D28C067285958E348FC
+PT=6E68AE6FDF2C10B42B85486D3EFBCEB9
+CT=26808ABFA3967D742D64A26CADF8DD70
+
+I=184
+KEY=61C0CCE38234005CED038A35F51B958C
+PT=26808ABFA3967D742D64A26CADF8DD70
+CT=8BBCBA5E4C219D000A2F6B701CDA09C3
+
+I=185
+KEY=EA7C76BDCE159D5CE72CE145E9C19C4F
+PT=8BBCBA5E4C219D000A2F6B701CDA09C3
+CT=5D707BB328BEFF51C8C1D984C1608AA0
+
+I=186
+KEY=B70C0D0EE6AB620D2FED38C128A116EF
+PT=5D707BB328BEFF51C8C1D984C1608AA0
+CT=8D0A485482B914FC282C2DA9F7147D0C
+
+I=187
+KEY=3A06455A641276F107C11568DFB56BE3
+PT=8D0A485482B914FC282C2DA9F7147D0C
+CT=C5678BC12445627CBAA94177F070F736
+
+I=188
+KEY=FF61CE9B4057148DBD68541F2FC59CD5
+PT=C5678BC12445627CBAA94177F070F736
+CT=EB9B50846E92C20CD6EDBA7A3A260684
+
+I=189
+KEY=14FA9E1F2EC5D6816B85EE6515E39A51
+PT=EB9B50846E92C20CD6EDBA7A3A260684
+CT=E2178B471A3F72A271013C4CBE41FA1C
+
+I=190
+KEY=F6ED155834FAA4231A84D229ABA2604D
+PT=E2178B471A3F72A271013C4CBE41FA1C
+CT=C10C8084A17D90339E5ED8C638B902A4
+
+I=191
+KEY=37E195DC9587341084DA0AEF931B62E9
+PT=C10C8084A17D90339E5ED8C638B902A4
+CT=03C839CCF269548279F30A1F45C30556
+
+I=192
+KEY=3429AC1067EE6092FD2900F0D6D867BF
+PT=03C839CCF269548279F30A1F45C30556
+CT=1C5DC5C94B5C7E332D4122A0A4FACD96
+
+I=193
+KEY=287469D92CB21EA1D06822507222AA29
+PT=1C5DC5C94B5C7E332D4122A0A4FACD96
+CT=E7292B7D15E9311F242FACFAFC0B0B81
+
+I=194
+KEY=CF5D42A4395B2FBEF4478EAA8E29A1A8
+PT=E7292B7D15E9311F242FACFAFC0B0B81
+CT=EA6DF86EEE09613104DB81B97B949AEC
+
+I=195
+KEY=2530BACAD7524E8FF09C0F13F5BD3B44
+PT=EA6DF86EEE09613104DB81B97B949AEC
+CT=8FBCCDEBA43FE3FFDE4C3C279BDD4A27
+
+I=196
+KEY=AA8C7721736DAD702ED033346E607163
+PT=8FBCCDEBA43FE3FFDE4C3C279BDD4A27
+CT=985971BE962C63B0F50D1004963E9BED
+
+I=197
+KEY=32D5069FE541CEC0DBDD2330F85EEA8E
+PT=985971BE962C63B0F50D1004963E9BED
+CT=F2CC0FF4B6D2F88766F1B8BE370FE463
+
+I=198
+KEY=C019096B53933647BD2C9B8ECF510EED
+PT=F2CC0FF4B6D2F88766F1B8BE370FE463
+CT=FE33F823B7B97FC017B35B6E22415D3E
+
+I=199
+KEY=3E2AF148E42A4987AA9FC0E0ED1053D3
+PT=FE33F823B7B97FC017B35B6E22415D3E
+CT=465D804A6053EC2580B59F0CD645C060
+
+I=200
+KEY=787771028479A5A22A2A5FEC3B5593B3
+PT=465D804A6053EC2580B59F0CD645C060
+CT=DE05AD28693E3D471B8F39BAD1803C0E
+
+I=201
+KEY=A672DC2AED4798E531A56656EAD5AFBD
+PT=DE05AD28693E3D471B8F39BAD1803C0E
+CT=61EB397D55A2FC3D78974C8A10200AC6
+
+I=202
+KEY=C799E557B8E564D849322ADCFAF5A57B
+PT=61EB397D55A2FC3D78974C8A10200AC6
+CT=BD95D742D81AD795AA4E10FB41F54294
+
+I=203
+KEY=7A0C321560FFB34DE37C3A27BB00E7EF
+PT=BD95D742D81AD795AA4E10FB41F54294
+CT=F43A1E8C6E057E68414D23DA6932DE2C
+
+I=204
+KEY=8E362C990EFACD25A23119FDD23239C3
+PT=F43A1E8C6E057E68414D23DA6932DE2C
+CT=8EBB208032245988E851148B34B92F0E
+
+I=205
+KEY=008D0C193CDE94AD4A600D76E68B16CD
+PT=8EBB208032245988E851148B34B92F0E
+CT=2F18B4B14A360E06C50C89A4E6FE6C17
+
+I=206
+KEY=2F95B8A876E89AAB8F6C84D200757ADA
+PT=2F18B4B14A360E06C50C89A4E6FE6C17
+CT=681E131FA7EA5EBE10B59D3F16009582
+
+I=207
+KEY=478BABB7D102C4159FD919ED1675EF58
+PT=681E131FA7EA5EBE10B59D3F16009582
+CT=376FA31CC9D18E756E96715D61403C5D
+
+I=208
+KEY=70E408AB18D34A60F14F68B07735D305
+PT=376FA31CC9D18E756E96715D61403C5D
+CT=519E87E4A1AC61C376842F028D1BD75F
+
+I=209
+KEY=217A8F4FB97F2BA387CB47B2FA2E045A
+PT=519E87E4A1AC61C376842F028D1BD75F
+CT=BFAED9E9964967342808C6C332E02204
+
+I=210
+KEY=9ED456A62F364C97AFC38171C8CE265E
+PT=BFAED9E9964967342808C6C332E02204
+CT=5A9F55C61A03D6A3196FFD6879CBCA02
+
+I=211
+KEY=C44B036035359A34B6AC7C19B105EC5C
+PT=5A9F55C61A03D6A3196FFD6879CBCA02
+CT=0FD872478223CDE765A62036EDD6F42F
+
+I=212
+KEY=CB937127B71657D3D30A5C2F5CD31873
+PT=0FD872478223CDE765A62036EDD6F42F
+CT=965ED2AF7D26CDA8A8B7E7B2F1ADA768
+
+I=213
+KEY=5DCDA388CA309A7B7BBDBB9DAD7EBF1B
+PT=965ED2AF7D26CDA8A8B7E7B2F1ADA768
+CT=05599B8D42D92457605A69200C6DC0AA
+
+I=214
+KEY=5894380588E9BE2C1BE7D2BDA1137FB1
+PT=05599B8D42D92457605A69200C6DC0AA
+CT=3436A49EE590788F625A6FB44BF72FA3
+
+I=215
+KEY=6CA29C9B6D79C6A379BDBD09EAE45012
+PT=3436A49EE590788F625A6FB44BF72FA3
+CT=DB181195EFF35E307167BADA138A837A
+
+I=216
+KEY=B7BA8D0E828A989308DA07D3F96ED368
+PT=DB181195EFF35E307167BADA138A837A
+CT=45E06B534233447E3CB696C1DD179477
+
+I=217
+KEY=F25AE65DC0B9DCED346C91122479471F
+PT=45E06B534233447E3CB696C1DD179477
+CT=D2EDC4E2B4EDD671D984E8AA5BABAAD7
+
+I=218
+KEY=20B722BF74540A9CEDE879B87FD2EDC8
+PT=D2EDC4E2B4EDD671D984E8AA5BABAAD7
+CT=DB92F4E9F2DD6A61E20A79CFC82CD061
+
+I=219
+KEY=FB25D656868960FD0FE20077B7FE3DA9
+PT=DB92F4E9F2DD6A61E20A79CFC82CD061
+CT=79383629DF124FD94A1C36BECB711747
+
+I=220
+KEY=821DE07F599B2F2445FE36C97C8F2AEE
+PT=79383629DF124FD94A1C36BECB711747
+CT=3F3F592FB3DB51CF08B70E6F2174AB43
+
+I=221
+KEY=BD22B950EA407EEB4D4938A65DFB81AD
+PT=3F3F592FB3DB51CF08B70E6F2174AB43
+CT=D34FDA2917E9697118502CB7A6CAE07C
+
+I=222
+KEY=6E6D6379FDA9179A55191411FB3161D1
+PT=D34FDA2917E9697118502CB7A6CAE07C
+CT=24D2C38E5C52A404DBE0D8BB6DA44AEE
+
+I=223
+KEY=4ABFA0F7A1FBB39E8EF9CCAA96952B3F
+PT=24D2C38E5C52A404DBE0D8BB6DA44AEE
+CT=2ED6A7503B3547C04E0B7B709218CD4A
+
+I=224
+KEY=646907A79ACEF45EC0F2B7DA048DE675
+PT=2ED6A7503B3547C04E0B7B709218CD4A
+CT=4F11BE7A8B5D1A04AB82F60000BC7B50
+
+I=225
+KEY=2B78B9DD1193EE5A6B7041DA04319D25
+PT=4F11BE7A8B5D1A04AB82F60000BC7B50
+CT=B98B51B76B262CB9ED157567A05770AF
+
+I=226
+KEY=92F3E86A7AB5C2E3866534BDA466ED8A
+PT=B98B51B76B262CB9ED157567A05770AF
+CT=D6CA5483F89D5AA01DBCFEBE30C26F5E
+
+I=227
+KEY=4439BCE9822898439BD9CA0394A482D4
+PT=D6CA5483F89D5AA01DBCFEBE30C26F5E
+CT=7706922EBA53937E287084C8FDFEB33F
+
+I=228
+KEY=333F2EC7387B0B3DB3A94ECB695A31EB
+PT=7706922EBA53937E287084C8FDFEB33F
+CT=0F2DA3B8BFCB1046CA94EC9322320BF9
+
+I=229
+KEY=3C128D7F87B01B7B793DA2584B683A12
+PT=0F2DA3B8BFCB1046CA94EC9322320BF9
+CT=29CAD5CDC5A2834A5D533335FED2EA81
+
+I=230
+KEY=15D858B242129831246E916DB5BAD093
+PT=29CAD5CDC5A2834A5D533335FED2EA81
+CT=A48A2D319552BF02E84E4662E75884DB
+
+I=231
+KEY=B1527583D7402733CC20D70F52E25448
+PT=A48A2D319552BF02E84E4662E75884DB
+CT=334560ECD22BB9F660BC4FFAB13891C9
+
+I=232
+KEY=8217156F056B9EC5AC9C98F5E3DAC581
+PT=334560ECD22BB9F660BC4FFAB13891C9
+CT=DAAEB8436205DFB6688D9DE0A21A6B9D
+
+I=233
+KEY=58B9AD2C676E4173C411051541C0AE1C
+PT=DAAEB8436205DFB6688D9DE0A21A6B9D
+CT=E38798615C2158872704125A7CFC6540
+
+I=234
+KEY=BB3E354D3B4F19F4E315174F3D3CCB5C
+PT=E38798615C2158872704125A7CFC6540
+CT=BACB9EA5499A093F6595E8D1D5CF7E50
+
+I=235
+KEY=01F5ABE872D510CB8680FF9EE8F3B50C
+PT=BACB9EA5499A093F6595E8D1D5CF7E50
+CT=813B0D4AC4C2B8371A1A132927D24F62
+
+I=236
+KEY=80CEA6A2B617A8FC9C9AECB7CF21FA6E
+PT=813B0D4AC4C2B8371A1A132927D24F62
+CT=D1AD1AE650B377520EE19370D9E968A9
+
+I=237
+KEY=5163BC44E6A4DFAE927B7FC716C892C7
+PT=D1AD1AE650B377520EE19370D9E968A9
+CT=3CEC25102A51A5A4C26E7391590D54ED
+
+I=238
+KEY=6D8F9954CCF57A0A50150C564FC5C62A
+PT=3CEC25102A51A5A4C26E7391590D54ED
+CT=505FD54017E89E9FAA6376E399F2FF09
+
+I=239
+KEY=3DD04C14DB1DE495FA767AB5D6373923
+PT=505FD54017E89E9FAA6376E399F2FF09
+CT=1B45550B4E3AB908A2CC72FFFB38701A
+
+I=240
+KEY=2695191F95275D9D58BA084A2D0F4939
+PT=1B45550B4E3AB908A2CC72FFFB38701A
+CT=E2469D9D2F91E3AA88DC7970C94E7237
+
+I=241
+KEY=C4D38482BAB6BE37D066713AE4413B0E
+PT=E2469D9D2F91E3AA88DC7970C94E7237
+CT=9352C72F2B5093D1AF52BA959963F59B
+
+I=242
+KEY=578143AD91E62DE67F34CBAF7D22CE95
+PT=9352C72F2B5093D1AF52BA959963F59B
+CT=F26DE32F035B270BA42075574056564E
+
+I=243
+KEY=A5ECA08292BD0AEDDB14BEF83D7498DB
+PT=F26DE32F035B270BA42075574056564E
+CT=6AC08B3D91FC31A34B3A81F7C300587E
+
+I=244
+KEY=CF2C2BBF03413B4E902E3F0FFE74C0A5
+PT=6AC08B3D91FC31A34B3A81F7C300587E
+CT=E5E6455304C3B5E2349E2372D6E4B0B8
+
+I=245
+KEY=2ACA6EEC07828EACA4B01C7D2890701D
+PT=E5E6455304C3B5E2349E2372D6E4B0B8
+CT=90524F27C63CCA1E4CA9674381786C30
+
+I=246
+KEY=BA9821CBC1BE44B2E8197B3EA9E81C2D
+PT=90524F27C63CCA1E4CA9674381786C30
+CT=44625D68290415039E2C6C05B4954896
+
+I=247
+KEY=FEFA7CA3E8BA51B17635173B1D7D54BB
+PT=44625D68290415039E2C6C05B4954896
+CT=EC401B0D3780FDB4A3952706B07F6CEF
+
+I=248
+KEY=12BA67AEDF3AAC05D5A0303DAD023854
+PT=EC401B0D3780FDB4A3952706B07F6CEF
+CT=DCEDC88021F6FD1C61C08DAABF0E73BA
+
+I=249
+KEY=CE57AF2EFECC5119B460BD97120C4BEE
+PT=DCEDC88021F6FD1C61C08DAABF0E73BA
+CT=C15C85D8161B97DD61EB8B514CDCFFD5
+
+I=250
+KEY=0F0B2AF6E8D7C6C4D58B36C65ED0B43B
+PT=C15C85D8161B97DD61EB8B514CDCFFD5
+CT=B68B65E041C84433DEA4D9E15E9F98AB
+
+I=251
+KEY=B9804F16A91F82F70B2FEF27004F2C90
+PT=B68B65E041C84433DEA4D9E15E9F98AB
+CT=8122505A5B6F8D985A8D9D7E9E2FF4F3
+
+I=252
+KEY=38A21F4CF2700F6F51A272599E60D863
+PT=8122505A5B6F8D985A8D9D7E9E2FF4F3
+CT=8F72F8FFA71D24C900D2BBE8784B9C48
+
+I=253
+KEY=B7D0E7B3556D2BA65170C9B1E62B442B
+PT=8F72F8FFA71D24C900D2BBE8784B9C48
+CT=1D541D794774264680CF3689365CD845
+
+I=254
+KEY=AA84FACA12190DE0D1BFFF38D0779C6E
+PT=1D541D794774264680CF3689365CD845
+CT=CBAE9336C5C1F038176B5123CC205BF7
+
+I=255
+KEY=612A69FCD7D8FDD8C6D4AE1B1C57C799
+PT=CBAE9336C5C1F038176B5123CC205BF7
+CT=C4CE2DC1BAE3028392BD8A005A360F56
+
+I=256
+KEY=A5E4443D6D3BFF5B5469241B4661C8CF
+PT=C4CE2DC1BAE3028392BD8A005A360F56
+CT=549B7075DE975B759A6DAE7D761CDC01
+
+I=257
+KEY=F17F3448B3ACA42ECE048A66307D14CE
+PT=549B7075DE975B759A6DAE7D761CDC01
+CT=2338FFEEE2A391B2DAFD1EBB0ECF19E3
+
+I=258
+KEY=D247CBA6510F359C14F994DD3EB20D2D
+PT=2338FFEEE2A391B2DAFD1EBB0ECF19E3
+CT=B27705C512C6849DE6012A490F834F36
+
+I=259
+KEY=6030CE6343C9B101F2F8BE943131421B
+PT=B27705C512C6849DE6012A490F834F36
+CT=33A239E0426921192F8C89C6FBCDD23C
+
+I=260
+KEY=5392F78301A09018DD743752CAFC9027
+PT=33A239E0426921192F8C89C6FBCDD23C
+CT=90CCBE46338C7E9FB25409F82BF81234
+
+I=261
+KEY=C35E49C5322CEE876F203EAAE1048213
+PT=90CCBE46338C7E9FB25409F82BF81234
+CT=873D1CAF1F2C2A56BEE419FE8A01489F
+
+I=262
+KEY=4463556A2D00C4D1D1C427546B05CA8C
+PT=873D1CAF1F2C2A56BEE419FE8A01489F
+CT=1E9ED35EB85ADD9AB88B6D85299FD8E7
+
+I=263
+KEY=5AFD8634955A194B694F4AD1429A126B
+PT=1E9ED35EB85ADD9AB88B6D85299FD8E7
+CT=36871F8BD629B27EEDE04E086FC539C4
+
+I=264
+KEY=6C7A99BF4373AB3584AF04D92D5F2BAF
+PT=36871F8BD629B27EEDE04E086FC539C4
+CT=10D10983F98D799235E8142BD67C1FD2
+
+I=265
+KEY=7CAB903CBAFED2A7B14710F2FB23347D
+PT=10D10983F98D799235E8142BD67C1FD2
+CT=193CEDEEE0410DE79F1B2FC077B14199
+
+I=266
+KEY=65977DD25ABFDF402E5C3F328C9275E4
+PT=193CEDEEE0410DE79F1B2FC077B14199
+CT=1EC99AD6EEF155B6B5F61452D2E73A7D
+
+I=267
+KEY=7B5EE704B44E8AF69BAA2B605E754F99
+PT=1EC99AD6EEF155B6B5F61452D2E73A7D
+CT=92DA7D1858210C87B32C6FEA1CC6A0E6
+
+I=268
+KEY=E9849A1CEC6F86712886448A42B3EF7F
+PT=92DA7D1858210C87B32C6FEA1CC6A0E6
+CT=A06C4ACCA35DE95CFAD365349969271D
+
+I=269
+KEY=49E8D0D04F326F2DD25521BEDBDAC862
+PT=A06C4ACCA35DE95CFAD365349969271D
+CT=4B892CB63A35A3DED0F43BA4309CBB2E
+
+I=270
+KEY=0261FC667507CCF302A11A1AEB46734C
+PT=4B892CB63A35A3DED0F43BA4309CBB2E
+CT=E05F73446706A68A5099088279B58064
+
+I=271
+KEY=E23E8F2212016A795238129892F3F328
+PT=E05F73446706A68A5099088279B58064
+CT=542D8314299AF433EC549EBFFCF2B3D9
+
+I=272
+KEY=B6130C363B9B9E4ABE6C8C276E0140F1
+PT=542D8314299AF433EC549EBFFCF2B3D9
+CT=4935A91590E8A70D9F75489F6D5B70E7
+
+I=273
+KEY=FF26A523AB7339472119C4B8035A3016
+PT=4935A91590E8A70D9F75489F6D5B70E7
+CT=C3A4940C6EC7D0E2F11C3CF60AB2C31D
+
+I=274
+KEY=3C82312FC5B4E9A5D005F84E09E8F30B
+PT=C3A4940C6EC7D0E2F11C3CF60AB2C31D
+CT=F109AC488D917B5FC28BA28C9720A46F
+
+I=275
+KEY=CD8B9D67482592FA128E5AC29EC85764
+PT=F109AC488D917B5FC28BA28C9720A46F
+CT=65234934641FA21D8C3A3804D09208F3
+
+I=276
+KEY=A8A8D4532C3A30E79EB462C64E5A5F97
+PT=65234934641FA21D8C3A3804D09208F3
+CT=DE015A71CB9C9A3B11C2C9B744B6B5ED
+
+I=277
+KEY=76A98E22E7A6AADC8F76AB710AECEA7A
+PT=DE015A71CB9C9A3B11C2C9B744B6B5ED
+CT=973D0C12D7826B45CC7824EF09D82BAB
+
+I=278
+KEY=E19482303024C199430E8F9E0334C1D1
+PT=973D0C12D7826B45CC7824EF09D82BAB
+CT=EBD2D23B9D08F63385A0D21FF76FAC33
+
+I=279
+KEY=0A46500BAD2C37AAC6AE5D81F45B6DE2
+PT=EBD2D23B9D08F63385A0D21FF76FAC33
+CT=A7A460A555E4C4E53457AE00FC0D9BA8
+
+I=280
+KEY=ADE230AEF8C8F34FF2F9F3810856F64A
+PT=A7A460A555E4C4E53457AE00FC0D9BA8
+CT=56F0329103B5238E03C781E2AB0E7A2D
+
+I=281
+KEY=FB12023FFB7DD0C1F13E7263A3588C67
+PT=56F0329103B5238E03C781E2AB0E7A2D
+CT=0D5710472E980CF439109BAC3EAB19A8
+
+I=282
+KEY=F6451278D5E5DC35C82EE9CF9DF395CF
+PT=0D5710472E980CF439109BAC3EAB19A8
+CT=063CB786AD88ECADC4EAC8FE39A84286
+
+I=283
+KEY=F079A5FE786D30980CC42131A45BD749
+PT=063CB786AD88ECADC4EAC8FE39A84286
+CT=825BD1E57F0E16D744C2A69233C8654B
+
+I=284
+KEY=7222741B0763264F480687A39793B202
+PT=825BD1E57F0E16D744C2A69233C8654B
+CT=8EA54322F26DC051F831A5CBBD07A73C
+
+I=285
+KEY=FC873739F50EE61EB03722682A94153E
+PT=8EA54322F26DC051F831A5CBBD07A73C
+CT=803F3194726F4D5C5BD80D12D1284F0A
+
+I=286
+KEY=7CB806AD8761AB42EBEF2F7AFBBC5A34
+PT=803F3194726F4D5C5BD80D12D1284F0A
+CT=5A1D90E682989AB1A84F01422CE69F82
+
+I=287
+KEY=26A5964B05F931F343A02E38D75AC5B6
+PT=5A1D90E682989AB1A84F01422CE69F82
+CT=3F5AFCD41950EEFBC3D7CEF744F0C060
+
+I=288
+KEY=19FF6A9F1CA9DF088077E0CF93AA05D6
+PT=3F5AFCD41950EEFBC3D7CEF744F0C060
+CT=2EE3691BD58D7645DA91CD4943F10157
+
+I=289
+KEY=371C0384C924A94D5AE62D86D05B0481
+PT=2EE3691BD58D7645DA91CD4943F10157
+CT=BEF4B188364E87A9E49855CC68C02A50
+
+I=290
+KEY=89E8B20CFF6A2EE4BE7E784AB89B2ED1
+PT=BEF4B188364E87A9E49855CC68C02A50
+CT=2263387A7A52AB73704774D07EA5AA69
+
+I=291
+KEY=AB8B8A7685388597CE390C9AC63E84B8
+PT=2263387A7A52AB73704774D07EA5AA69
+CT=84E68DA3E9D999016D0B734DAE8C128B
+
+I=292
+KEY=2F6D07D56CE11C96A3327FD768B29633
+PT=84E68DA3E9D999016D0B734DAE8C128B
+CT=978F5F49D7BA1189F16FC0635231DF5F
+
+I=293
+KEY=B8E2589CBB5B0D1F525DBFB43A83496C
+PT=978F5F49D7BA1189F16FC0635231DF5F
+CT=FE59B2F2BDE0AB5E1700A1771EDF8663
+
+I=294
+KEY=46BBEA6E06BBA641455D1EC3245CCF0F
+PT=FE59B2F2BDE0AB5E1700A1771EDF8663
+CT=A94B982DC50C338E25ABFB4113F904A8
+
+I=295
+KEY=EFF07243C3B795CF60F6E58237A5CBA7
+PT=A94B982DC50C338E25ABFB4113F904A8
+CT=79A5BB282D8247192AC9F8A3DB431EA1
+
+I=296
+KEY=9655C96BEE35D2D64A3F1D21ECE6D506
+PT=79A5BB282D8247192AC9F8A3DB431EA1
+CT=FC339DA0D4593CD79D407CD6F1E1E7ED
+
+I=297
+KEY=6A6654CB3A6CEE01D77F61F71D0732EB
+PT=FC339DA0D4593CD79D407CD6F1E1E7ED
+CT=08EAB51652B85C6E9BC07B718E57E144
+
+I=298
+KEY=628CE1DD68D4B26F4CBF1A869350D3AF
+PT=08EAB51652B85C6E9BC07B718E57E144
+CT=9EA63934609F947AAA926443D0D5BEFA
+
+I=299
+KEY=FC2AD8E9084B2615E62D7EC543856D55
+PT=9EA63934609F947AAA926443D0D5BEFA
+CT=7FE121C45E158FF1F527BAFDDBEAE223
+
+I=300
+KEY=83CBF92D565EA9E4130AC438986F8F76
+PT=7FE121C45E158FF1F527BAFDDBEAE223
+CT=B1B70D5AD08BE5DCB8126D8700F25969
+
+I=301
+KEY=327CF47786D54C38AB18A9BF989DD61F
+PT=B1B70D5AD08BE5DCB8126D8700F25969
+CT=389812FA2D4A6419380A2AC8961CCDA6
+
+I=302
+KEY=0AE4E68DAB9F2821931283770E811BB9
+PT=389812FA2D4A6419380A2AC8961CCDA6
+CT=CEF20323EE53A2BA576F4DF86A7AC078
+
+I=303
+KEY=C416E5AE45CC8A9BC47DCE8F64FBDBC1
+PT=CEF20323EE53A2BA576F4DF86A7AC078
+CT=A65611BF1901C940B883D746F1694278
+
+I=304
+KEY=6240F4115CCD43DB7CFE19C9959299B9
+PT=A65611BF1901C940B883D746F1694278
+CT=7E43C2A99D11C656351B96CECD400E75
+
+I=305
+KEY=1C0336B8C1DC858D49E58F0758D297CC
+PT=7E43C2A99D11C656351B96CECD400E75
+CT=7DE74D06851AD329C60DD1934C34CBE4
+
+I=306
+KEY=61E47BBE44C656A48FE85E9414E65C28
+PT=7DE74D06851AD329C60DD1934C34CBE4
+CT=A99B66FE5825C895DCC6BE718AB8BE34
+
+I=307
+KEY=C87F1D401CE39E31532EE0E59E5EE21C
+PT=A99B66FE5825C895DCC6BE718AB8BE34
+CT=4752E30DDA44BA393EF197270C111AB7
+
+I=308
+KEY=8F2DFE4DC6A724086DDF77C2924FF8AB
+PT=4752E30DDA44BA393EF197270C111AB7
+CT=5A3FC324D12AC30FE5BBE87FC4B655F0
+
+I=309
+KEY=D5123D69178DE70788649FBD56F9AD5B
+PT=5A3FC324D12AC30FE5BBE87FC4B655F0
+CT=79061587E9D9FEEF52F753AE9BCDC4B1
+
+I=310
+KEY=AC1428EEFE5419E8DA93CC13CD3469EA
+PT=79061587E9D9FEEF52F753AE9BCDC4B1
+CT=86C32E69874EAA0D103581199AFA813A
+
+I=311
+KEY=2AD70687791AB3E5CAA64D0A57CEE8D0
+PT=86C32E69874EAA0D103581199AFA813A
+CT=82A924A5928570E29D18DE200F8558DD
+
+I=312
+KEY=A87E2222EB9FC30757BE932A584BB00D
+PT=82A924A5928570E29D18DE200F8558DD
+CT=2D3E0ECCC1FEA93736BD205A5217D830
+
+I=313
+KEY=85402CEE2A616A306103B3700A5C683D
+PT=2D3E0ECCC1FEA93736BD205A5217D830
+CT=52FA0FCF771191A4A4C4E48C7B11DC1F
+
+I=314
+KEY=D7BA23215D70FB94C5C757FC714DB422
+PT=52FA0FCF771191A4A4C4E48C7B11DC1F
+CT=C2A47519AACA187B97C884D20ED1D825
+
+I=315
+KEY=151E5638F7BAE3EF520FD32E7F9C6C07
+PT=C2A47519AACA187B97C884D20ED1D825
+CT=66F1D0799F3C473978C189F745695293
+
+I=316
+KEY=73EF86416886A4D62ACE5AD93AF53E94
+PT=66F1D0799F3C473978C189F745695293
+CT=803361A1428EAC3E134B0726E5CF0754
+
+I=317
+KEY=F3DCE7E02A0808E839855DFFDF3A39C0
+PT=803361A1428EAC3E134B0726E5CF0754
+CT=2CC85CEDEE03D7AB279D766D3F2BADF4
+
+I=318
+KEY=DF14BB0DC40BDF431E182B92E0119434
+PT=2CC85CEDEE03D7AB279D766D3F2BADF4
+CT=706626C1CE6731DD4DBA263C4D7EAB67
+
+I=319
+KEY=AF729DCC0A6CEE9E53A20DAEAD6F3F53
+PT=706626C1CE6731DD4DBA263C4D7EAB67
+CT=BD7A59659E3774B85465C91740017628
+
+I=320
+KEY=1208C4A9945B9A2607C7C4B9ED6E497B
+PT=BD7A59659E3774B85465C91740017628
+CT=F1778330059467556D08223682EC32AA
+
+I=321
+KEY=E37F479991CFFD736ACFE68F6F827BD1
+PT=F1778330059467556D08223682EC32AA
+CT=7B3C6979DCEE500E3FBB2CF4E17B0A3B
+
+I=322
+KEY=98432EE04D21AD7D5574CA7B8EF971EA
+PT=7B3C6979DCEE500E3FBB2CF4E17B0A3B
+CT=AFEBC6E81B90C3D82ECE26D788AB2412
+
+I=323
+KEY=37A8E80856B16EA57BBAECAC065255F8
+PT=AFEBC6E81B90C3D82ECE26D788AB2412
+CT=E4087042AB32B9C43128AADACB4F7FA6
+
+I=324
+KEY=D3A0984AFD83D7614A924676CD1D2A5E
+PT=E4087042AB32B9C43128AADACB4F7FA6
+CT=07E1230BC456A3DCE7DF8A4EF7265BC8
+
+I=325
+KEY=D441BB4139D574BDAD4DCC383A3B7196
+PT=07E1230BC456A3DCE7DF8A4EF7265BC8
+CT=88F0C30172B9A0EA8CD657CE6847AC94
+
+I=326
+KEY=5CB178404B6CD457219B9BF6527CDD02
+PT=88F0C30172B9A0EA8CD657CE6847AC94
+CT=710FE26B2DAB5A12D147D6446732B272
+
+I=327
+KEY=2DBE9A2B66C78E45F0DC4DB2354E6F70
+PT=710FE26B2DAB5A12D147D6446732B272
+CT=9C30630A9ADF9B4EBF099452AB75D14A
+
+I=328
+KEY=B18EF921FC18150B4FD5D9E09E3BBE3A
+PT=9C30630A9ADF9B4EBF099452AB75D14A
+CT=77526DA4D9AE9FD4347AAC10EA4728AA
+
+I=329
+KEY=C6DC948525B68ADF7BAF75F0747C9690
+PT=77526DA4D9AE9FD4347AAC10EA4728AA
+CT=A9EDBD1A190BC67AC91D27BB7F5A1BD1
+
+I=330
+KEY=6F31299F3CBD4CA5B2B2524B0B268D41
+PT=A9EDBD1A190BC67AC91D27BB7F5A1BD1
+CT=B8700A2BAEABCB0C67251C26F82ACEF7
+
+I=331
+KEY=D74123B4921687A9D5974E6DF30C43B6
+PT=B8700A2BAEABCB0C67251C26F82ACEF7
+CT=FF5F30BA14A8C49276B040B00864BE29
+
+I=332
+KEY=281E130E86BE433BA3270EDDFB68FD9F
+PT=FF5F30BA14A8C49276B040B00864BE29
+CT=B448E87BE1E1A41FF94353F6018929C8
+
+I=333
+KEY=9C56FB75675FE7245A645D2BFAE1D457
+PT=B448E87BE1E1A41FF94353F6018929C8
+CT=9F59D422CB9265C17732E0B16DEF352A
+
+I=334
+KEY=030F2F57ACCD82E52D56BD9A970EE17D
+PT=9F59D422CB9265C17732E0B16DEF352A
+CT=06FD7DB54E62FAC3C511F4DE5C1E93B9
+
+I=335
+KEY=05F252E2E2AF7826E8474944CB1072C4
+PT=06FD7DB54E62FAC3C511F4DE5C1E93B9
+CT=0DDA3E4AD600F8D3EA6B06AE465DF3BC
+
+I=336
+KEY=08286CA834AF80F5022C4FEA8D4D8178
+PT=0DDA3E4AD600F8D3EA6B06AE465DF3BC
+CT=17305FA95D26FB72995165DA8A07FCDF
+
+I=337
+KEY=1F18330169897B879B7D2A30074A7DA7
+PT=17305FA95D26FB72995165DA8A07FCDF
+CT=12B56FEBEE2773A2258FC6E0F9115728
+
+I=338
+KEY=0DAD5CEA87AE0825BEF2ECD0FE5B2A8F
+PT=12B56FEBEE2773A2258FC6E0F9115728
+CT=36440D1A561E8F77B89DF6EA3D8EC7F5
+
+I=339
+KEY=3BE951F0D1B08752066F1A3AC3D5ED7A
+PT=36440D1A561E8F77B89DF6EA3D8EC7F5
+CT=752C4D620413C0F4A313CF37EB34CFDD
+
+I=340
+KEY=4EC51C92D5A347A6A57CD50D28E122A7
+PT=752C4D620413C0F4A313CF37EB34CFDD
+CT=B2A282D0B6A9EB8B7B7C962675AEC843
+
+I=341
+KEY=FC679E42630AAC2DDE00432B5D4FEAE4
+PT=B2A282D0B6A9EB8B7B7C962675AEC843
+CT=D0C3D785B5507C1460DDC44B123ED5FE
+
+I=342
+KEY=2CA449C7D65AD039BEDD87604F713F1A
+PT=D0C3D785B5507C1460DDC44B123ED5FE
+CT=4DAE52B77F8001CBAB8D1949E73DD578
+
+I=343
+KEY=610A1B70A9DAD1F215509E29A84CEA62
+PT=4DAE52B77F8001CBAB8D1949E73DD578
+CT=29AA82197E8158D88FFFE5BEAFC0C967
+
+I=344
+KEY=48A09969D75B892A9AAF7B97078C2305
+PT=29AA82197E8158D88FFFE5BEAFC0C967
+CT=58C665AA97945F7D3AA23BE8B8DDA20D
+
+I=345
+KEY=1066FCC340CFD657A00D407FBF518108
+PT=58C665AA97945F7D3AA23BE8B8DDA20D
+CT=5A104A7093DB3308EB4009829B5E26B1
+
+I=346
+KEY=4A76B6B3D314E55F4B4D49FD240FA7B9
+PT=5A104A7093DB3308EB4009829B5E26B1
+CT=8C8EA0BEE4640F6BB6D906A7A6EA3810
+
+I=347
+KEY=C6F8160D3770EA34FD944F5A82E59FA9
+PT=8C8EA0BEE4640F6BB6D906A7A6EA3810
+CT=1517ED0B6D4EC3B85479AB28DF48BFDB
+
+I=348
+KEY=D3EFFB065A3E298CA9EDE4725DAD2072
+PT=1517ED0B6D4EC3B85479AB28DF48BFDB
+CT=9546CCBB8094E65E464C38E0809552E3
+
+I=349
+KEY=46A937BDDAAACFD2EFA1DC92DD387291
+PT=9546CCBB8094E65E464C38E0809552E3
+CT=7D5AD8DEDB92F80D2B28C3458843AE84
+
+I=350
+KEY=3BF3EF63013837DFC4891FD7557BDC15
+PT=7D5AD8DEDB92F80D2B28C3458843AE84
+CT=E62676E27ED61D0FD7DFE170E0938361
+
+I=351
+KEY=DDD599817FEE2AD01356FEA7B5E85F74
+PT=E62676E27ED61D0FD7DFE170E0938361
+CT=DA9865198B9463681C66FB96C2C1DAA5
+
+I=352
+KEY=074DFC98F47A49B80F300531772985D1
+PT=DA9865198B9463681C66FB96C2C1DAA5
+CT=62CD9DAA9487F34AF168E6E20A0684CF
+
+I=353
+KEY=6580613260FDBAF2FE58E3D37D2F011E
+PT=62CD9DAA9487F34AF168E6E20A0684CF
+CT=10BA978FDABA586691946145BE246D3C
+
+I=354
+KEY=753AF6BDBA47E2946FCC8296C30B6C22
+PT=10BA978FDABA586691946145BE246D3C
+CT=13443CF524213B08776D7F5169B79C0F
+
+I=355
+KEY=667ECA489E66D99C18A1FDC7AABCF02D
+PT=13443CF524213B08776D7F5169B79C0F
+CT=6507336876ED4F6DB3E35D6CF5A89A2B
+
+I=356
+KEY=0379F920E88B96F1AB42A0AB5F146A06
+PT=6507336876ED4F6DB3E35D6CF5A89A2B
+CT=B84902B5CBBC6DB8111CA45BC5F99991
+
+I=357
+KEY=BB30FB952337FB49BA5E04F09AEDF397
+PT=B84902B5CBBC6DB8111CA45BC5F99991
+CT=20973140A999B8AD9982B9B706F7C32E
+
+I=358
+KEY=9BA7CAD58AAE43E423DCBD479C1A30B9
+PT=20973140A999B8AD9982B9B706F7C32E
+CT=EE7FF1177C5E080AA03854A2A819565E
+
+I=359
+KEY=75D83BC2F6F04BEE83E4E9E5340366E7
+PT=EE7FF1177C5E080AA03854A2A819565E
+CT=7A4F74EC2181269AC17D0E48A4DA2A88
+
+I=360
+KEY=0F974F2ED7716D744299E7AD90D94C6F
+PT=7A4F74EC2181269AC17D0E48A4DA2A88
+CT=5B7A7751F0FD91E203A14CE518838DD7
+
+I=361
+KEY=54ED387F278CFC964138AB48885AC1B8
+PT=5B7A7751F0FD91E203A14CE518838DD7
+CT=71319FDDBACB038354A37A41F1910F94
+
+I=362
+KEY=25DCA7A29D47FF15159BD10979CBCE2C
+PT=71319FDDBACB038354A37A41F1910F94
+CT=81AC58FD503FC3AA78199168AE2C9085
+
+I=363
+KEY=A470FF5FCD783CBF6D824061D7E75EA9
+PT=81AC58FD503FC3AA78199168AE2C9085
+CT=1F668F512038142C1155B950B0B040EC
+
+I=364
+KEY=BB16700EED4028937CD7F93167571E45
+PT=1F668F512038142C1155B950B0B040EC
+CT=6B27D7791E9B14A5AC3D9582DBDBD929
+
+I=365
+KEY=D031A777F3DB3C36D0EA6CB3BC8CC76C
+PT=6B27D7791E9B14A5AC3D9582DBDBD929
+CT=9B7151FDC4E135EE93DAB2D9EB74D59C
+
+I=366
+KEY=4B40F68A373A09D84330DE6A57F812F0
+PT=9B7151FDC4E135EE93DAB2D9EB74D59C
+CT=1F199945BCFA624B1AD3DCBBD95291B2
+
+I=367
+KEY=54596FCF8BC06B9359E302D18EAA8342
+PT=1F199945BCFA624B1AD3DCBBD95291B2
+CT=E2C82FA8FE98F26283A6E0B75D0A58C6
+
+I=368
+KEY=B6914067755899F1DA45E266D3A0DB84
+PT=E2C82FA8FE98F26283A6E0B75D0A58C6
+CT=5A240FFB99C3594C273B51CACF01B28B
+
+I=369
+KEY=ECB54F9CEC9BC0BDFD7EB3AC1CA1690F
+PT=5A240FFB99C3594C273B51CACF01B28B
+CT=D01847391534848FB102CA85C97749B1
+
+I=370
+KEY=3CAD08A5F9AF44324C7C7929D5D620BE
+PT=D01847391534848FB102CA85C97749B1
+CT=DC5CF60EBDF4A8DDDDF997E7ACA67515
+
+I=371
+KEY=E0F1FEAB445BECEF9185EECE797055AB
+PT=DC5CF60EBDF4A8DDDDF997E7ACA67515
+CT=749E3815FE305B307D9F4DB6A7E4658C
+
+I=372
+KEY=946FC6BEBA6BB7DFEC1AA378DE943027
+PT=749E3815FE305B307D9F4DB6A7E4658C
+CT=8152C1E676A4FC8B0CD093FEB4B51615
+
+I=373
+KEY=153D0758CCCF4B54E0CA30866A212632
+PT=8152C1E676A4FC8B0CD093FEB4B51615
+CT=0847044668710F6E5C93DD248AC921BA
+
+I=374
+KEY=1D7A031EA4BE443ABC59EDA2E0E80788
+PT=0847044668710F6E5C93DD248AC921BA
+CT=1D6C3EFB413A59AB40F34CEFBFF25C17
+
+I=375
+KEY=00163DE5E5841D91FCAAA14D5F1A5B9F
+PT=1D6C3EFB413A59AB40F34CEFBFF25C17
+CT=5D7C206A79D61868FFE7AA28044996D3
+
+I=376
+KEY=5D6A1D8F9C5205F9034D0B655B53CD4C
+PT=5D7C206A79D61868FFE7AA28044996D3
+CT=78B4DE3B84D5D1010245CA3077A41BAC
+
+I=377
+KEY=25DEC3B41887D4F80108C1552CF7D6E0
+PT=78B4DE3B84D5D1010245CA3077A41BAC
+CT=9E003AACEDECDBB077BDE832465F40C7
+
+I=378
+KEY=BBDEF918F56B0F4876B529676AA89627
+PT=9E003AACEDECDBB077BDE832465F40C7
+CT=EEFF9E6C73E6DC5432AA446385AA1499
+
+I=379
+KEY=55216774868DD31C441F6D04EF0282BE
+PT=EEFF9E6C73E6DC5432AA446385AA1499
+CT=03252A19E37D9F040C56E4D712982798
+
+I=380
+KEY=56044D6D65F04C18484989D3FD9AA526
+PT=03252A19E37D9F040C56E4D712982798
+CT=CF59A752BA0E14BE23AFD09437B39C65
+
+I=381
+KEY=995DEA3FDFFE58A66BE65947CA293943
+PT=CF59A752BA0E14BE23AFD09437B39C65
+CT=8B08FB7974A77167DFB234F57C8DFFE1
+
+I=382
+KEY=12551146AB5929C1B4546DB2B6A4C6A2
+PT=8B08FB7974A77167DFB234F57C8DFFE1
+CT=DD2A93C1106CFDAE4A1684EE02C82FE2
+
+I=383
+KEY=CF7F8287BB35D46FFE42E95CB46CE940
+PT=DD2A93C1106CFDAE4A1684EE02C82FE2
+CT=38696128584F60636354E9F802590391
+
+I=384
+KEY=F716E3AFE37AB40C9D1600A4B635EAD1
+PT=38696128584F60636354E9F802590391
+CT=7E552E3AD28729F642D590E3C289D598
+
+I=385
+KEY=8943CD9531FD9DFADFC3904774BC3F49
+PT=7E552E3AD28729F642D590E3C289D598
+CT=17A40392AA00D7B5A6E9F59007E60C22
+
+I=386
+KEY=9EE7CE079BFD4A4F792A65D7735A336B
+PT=17A40392AA00D7B5A6E9F59007E60C22
+CT=A048D6755C2AD24DD8833DDCEB145BA6
+
+I=387
+KEY=3EAF1872C7D79802A1A9580B984E68CD
+PT=A048D6755C2AD24DD8833DDCEB145BA6
+CT=2F1CCE852396986EC4B2852E5F684CD2
+
+I=388
+KEY=11B3D6F7E441006C651BDD25C726241F
+PT=2F1CCE852396986EC4B2852E5F684CD2
+CT=2C28BD1E98DA63B95C0C81202BBCFE39
+
+I=389
+KEY=3D9B6BE97C9B63D539175C05EC9ADA26
+PT=2C28BD1E98DA63B95C0C81202BBCFE39
+CT=6AE097A8E685B58BA2309B59D6A9EB2B
+
+I=390
+KEY=577BFC419A1ED65E9B27C75C3A33310D
+PT=6AE097A8E685B58BA2309B59D6A9EB2B
+CT=6EFC01751753999843A9BB6749097E0C
+
+I=391
+KEY=3987FD348D4D4FC6D88E7C3B733A4F01
+PT=6EFC01751753999843A9BB6749097E0C
+CT=6B6B75F78016052E4F89C73EA826D2F2
+
+I=392
+KEY=52EC88C30D5B4AE89707BB05DB1C9DF3
+PT=6B6B75F78016052E4F89C73EA826D2F2
+CT=1E9890E8F0AABCBFB8C4EDAEA0F563EF
+
+I=393
+KEY=4C74182BFDF1F6572FC356AB7BE9FE1C
+PT=1E9890E8F0AABCBFB8C4EDAEA0F563EF
+CT=143ED9FE6FD7DFB822C31DE8A3E868A9
+
+I=394
+KEY=584AC1D5922629EF0D004B43D80196B5
+PT=143ED9FE6FD7DFB822C31DE8A3E868A9
+CT=9C2834AA5C95F2874DC6B267C0469E14
+
+I=395
+KEY=C462F57FCEB3DB6840C6F924184708A1
+PT=9C2834AA5C95F2874DC6B267C0469E14
+CT=0720377F673352693EE2EF76D4FCFB0F
+
+I=396
+KEY=C342C200A98089017E241652CCBBF3AE
+PT=0720377F673352693EE2EF76D4FCFB0F
+CT=E83ED303F4B0ABF675C7BBC470B924FE
+
+I=397
+KEY=2B7C11035D3022F70BE3AD96BC02D750
+PT=E83ED303F4B0ABF675C7BBC470B924FE
+CT=D87ADD68CBCAEA46DFFF99AE3723BC94
+
+I=398
+KEY=F306CC6B96FAC8B1D41C34388B216BC4
+PT=D87ADD68CBCAEA46DFFF99AE3723BC94
+CT=2C290AE7C65B6E5BBAA32DE577DBA343
+
+I=399
+KEY=DF2FC68C50A1A6EA6EBF19DDFCFAC887
+PT=2C290AE7C65B6E5BBAA32DE577DBA343
+CT=A04377ABE259B0D0B5BA2D40A501971B
+
+=========================
+
+KEYSIZE=192
+
+I=0
+KEY=000000000000000000000000000000000000000000000000
+PT=00000000000000000000000000000000
+CT=F3F6752AE8D7831138F041560631B114
+
+I=1
+KEY=AAFE47EE82411A2BF3F6752AE8D7831138F041560631B114
+PT=F3F6752AE8D7831138F041560631B114
+CT=77BA00ED5412DFF27C8ED91F3C376172
+
+I=2
+KEY=A92B07597B52873C844C75C7BCC55CE3447E98493A06D066
+PT=77BA00ED5412DFF27C8ED91F3C376172
+CT=2D92DE893574463412BD7D121A94952F
+
+I=3
+KEY=5FD632DA76165EDBA9DEAB4E89B11AD756C3E55B20924549
+PT=2D92DE893574463412BD7D121A94952F
+CT=96650F835912F5E748422727802C6CE1
+
+I=4
+KEY=984A4BEC5D3474103FBBA4CDD0A3EF301E81C27CA0BE29A8
+PT=96650F835912F5E748422727802C6CE1
+CT=5FCCD4B5F125ADC5B85A56DB32283732
+
+I=5
+KEY=6B7EDEEAC755885F60777078218642F5A6DB94A792961E9A
+PT=5FCCD4B5F125ADC5B85A56DB32283732
+CT=EA5B1DAE2E4F9FD254A2CC28E128EB9B
+
+I=6
+KEY=CA5585D8C9727F208A2C6DD60FC9DD27F279588F73BEF501
+PT=EA5B1DAE2E4F9FD254A2CC28E128EB9B
+CT=BB87C0FF5DB4B2A593B93398407F823A
+
+I=7
+KEY=BADA7C0D4A0CDD4631ABAD29527D6F8261C06B1733C1773B
+PT=BB87C0FF5DB4B2A593B93398407F823A
+CT=D5AF7D56281F86E3E079BE6B9465DBB4
+
+I=8
+KEY=FF98AB620A203FFCE404D07F7A62E96181B9D57CA7A4AC8F
+PT=D5AF7D56281F86E3E079BE6B9465DBB4
+CT=511331CCA62B067CAC47475800EE33CD
+
+I=9
+KEY=1186A7F46656EA07B517E1B3DC49EF1D2DFE9224A74A9F42
+PT=511331CCA62B067CAC47475800EE33CD
+CT=64ACDC3579D7871644DD585C582AF3A2
+
+I=10
+KEY=313ADFF9712EABE4D1BB3D86A59E680B6923CA78FF606CE0
+PT=64ACDC3579D7871644DD585C582AF3A2
+CT=EA3C45FB8A6E548DAB14BAE07966246C
+
+I=11
+KEY=DDABAC02BE6C40493B87787D2FF03C86C23770988606488C
+PT=EA3C45FB8A6E548DAB14BAE07966246C
+CT=6BC276C465C9ADBE900049A5B58D2DCB
+
+I=12
+KEY=9A9F7E267C2BFCD150450EB94A3991385237393D338B6547
+PT=6BC276C465C9ADBE900049A5B58D2DCB
+CT=E2F0FFA8D6DF327CA0FB80A325B21931
+
+I=13
+KEY=80246B9FB6224226B2B5F1119CE6A344F2CCB99E16397C76
+PT=E2F0FFA8D6DF327CA0FB80A325B21931
+CT=ACEE4C9B8A00A7760DD9CD2F6C6DFA8C
+
+I=14
+KEY=60CDC3E8265B71E81E5BBD8A16E60432FF1574B17A5486FA
+PT=ACEE4C9B8A00A7760DD9CD2F6C6DFA8C
+CT=9579E43690FD2800FED810F7442D366B
+
+I=15
+KEY=9DEC584DB87D63F48B2259BC861B2C3201CD64463E79B091
+PT=9579E43690FD2800FED810F7442D366B
+CT=72D4D064851A050D415FC94E3FBB6A1C
+
+I=16
+KEY=BBC1ED636907611EF9F689D80301293F4092AD0801C2DA8D
+PT=72D4D064851A050D415FC94E3FBB6A1C
+CT=0CCC3B9B35CE3584D7B78C14905BEE55
+
+I=17
+KEY=AE398529289F7994F53AB24336CF1CBB9725211C919934D8
+PT=0CCC3B9B35CE3584D7B78C14905BEE55
+CT=66B6A61BF7BCC6392B8FEC12152E5363
+
+I=18
+KEY=4617E60BD8AF29D5938C1458C173DA82BCAACD0E84B767BB
+PT=66B6A61BF7BCC6392B8FEC12152E5363
+CT=6C2247EA3BC566A84A30BF0B30AB4EEC
+
+I=19
+KEY=6B762D1391AA17CBFFAE53B2FAB6BC2AF69A7205B41C2957
+PT=6C2247EA3BC566A84A30BF0B30AB4EEC
+CT=C16FBCDFAE34E839BA449D697452550D
+
+I=20
+KEY=374499A8C09A60DA3EC1EF6D548254134CDEEF6CC04E7C5A
+PT=C16FBCDFAE34E839BA449D697452550D
+CT=C8B704B4AFE68AF5C91A810F2873F13F
+
+I=21
+KEY=09DCC638DD59F37CF676EBD9FB64DEE685C46E63E83D8D65
+PT=C8B704B4AFE68AF5C91A810F2873F13F
+CT=FC9C31036B26234ED1CBA46E0BE944EE
+
+I=22
+KEY=CE2CEB8869D7EC160AEADADA9042FDA8540FCA0DE3D4C98B
+PT=FC9C31036B26234ED1CBA46E0BE944EE
+CT=DCF13203AD179CD008779F189EBC78F0
+
+I=23
+KEY=505FBECF6B0B083CD61BE8D93D5561785C7855157D68B17B
+PT=DCF13203AD179CD008779F189EBC78F0
+CT=24AEB937E259D44D352FF39C1A8A79E0
+
+I=24
+KEY=1D1649FDB7484DD2F2B551EEDF0CB5356957A68967E2C89B
+PT=24AEB937E259D44D352FF39C1A8A79E0
+CT=19016D033872CB7694A712A84DBC43F2
+
+I=25
+KEY=9BE41771C0F74BDEEBB43CEDE77E7E43FDF0B4212A5E8B69
+PT=19016D033872CB7694A712A84DBC43F2
+CT=0536107FEA26AB6A4FE2667EF7FCF16A
+
+I=26
+KEY=FF3619AED9A1F724EE822C920D58D529B212D25FDDA27A03
+PT=0536107FEA26AB6A4FE2667EF7FCF16A
+CT=5D35213390FCA53AD422DC2ED4BF674D
+
+I=27
+KEY=59D2F5AF4BB6F28BB3B70DA19DA4701366300E71091D1D4E
+PT=5D35213390FCA53AD422DC2ED4BF674D
+CT=04A6F9B1AE64AD03659C4E375A690852
+
+I=28
+KEY=C8384D35CAF0074EB711F41033C0DD1003AC40465374151C
+PT=04A6F9B1AE64AD03659C4E375A690852
+CT=18AB347EFC2F8F93655E16732BB509DE
+
+I=29
+KEY=910CE58F963B684EAFBAC06ECFEF528366F2563578C11CC2
+PT=18AB347EFC2F8F93655E16732BB509DE
+CT=F6037C06C71793BD14A4FC89A05D918F
+
+I=30
+KEY=5D1EF94FBA1E098459B9BC6808F8C13E7256AABCD89C8D4D
+PT=F6037C06C71793BD14A4FC89A05D918F
+CT=75094DD9B2FDDAC96B49CAB676057288
+
+I=31
+KEY=61FDA8DA3EF8949C2CB0F1B1BA051BF7191F600AAE99FFC5
+PT=75094DD9B2FDDAC96B49CAB676057288
+CT=346F9F9E70C05B53DCDAF736FE59749D
+
+I=32
+KEY=5C383CCC2DCAE66A18DF6E2FCAC540A4C5C5973C50C08B58
+PT=346F9F9E70C05B53DCDAF736FE59749D
+CT=1DB82CC8EF5B736AAEFD1F1B9CE5B67D
+
+I=33
+KEY=1EC7FDBB8AE4FF05056742E7259E33CE6B388827CC253D25
+PT=1DB82CC8EF5B736AAEFD1F1B9CE5B67D
+CT=31B5E80D946AE577268973AF865151EB
+
+I=34
+KEY=FFE21FDAB07E755034D2AAEAB1F4D6B94DB1FB884A746CCE
+PT=31B5E80D946AE577268973AF865151EB
+CT=9FD63EB3EC6A15FC149A4F058EDA7080
+
+I=35
+KEY=7EC4053A63B2353BAB0494595D9EC345592BB48DC4AE1C4E
+PT=9FD63EB3EC6A15FC149A4F058EDA7080
+CT=41730A9E9D197435AC36902C57B16588
+
+I=36
+KEY=FB6D2FAFD47FE8D1EA779EC7C087B770F51D24A1931F79C6
+PT=41730A9E9D197435AC36902C57B16588
+CT=08AD282171F0772F85C0A43E8BACEC74
+
+I=37
+KEY=9531B1BBE0863D44E2DAB6E6B177C05F70DD809F18B395B2
+PT=08AD282171F0772F85C0A43E8BACEC74
+CT=8561E508FA237E4170CECD3A8352CFA4
+
+I=38
+KEY=0AB0CF2D1CA2957A67BB53EE4B54BE1E00134DA59BE15A16
+PT=8561E508FA237E4170CECD3A8352CFA4
+CT=4470EFA3C3172EBF64A064F59AE364A9
+
+I=39
+KEY=291FD5C38E400CFA23CBBC4D884390A164B3295001023EBF
+PT=4470EFA3C3172EBF64A064F59AE364A9
+CT=FCC5636DFE9E45CB7761DD14A1CF4773
+
+I=40
+KEY=114E4DEF0447E1D5DF0EDF2076DDD56A13D2F444A0CD79CC
+PT=FCC5636DFE9E45CB7761DD14A1CF4773
+CT=2130BA8736D4933678C3B536AEDBC500
+
+I=41
+KEY=0C19F74860652278FE3E65A74009465C6B1141720E16BCCC
+PT=2130BA8736D4933678C3B536AEDBC500
+CT=1725EECBA8F9A542E9956168390C82C2
+
+I=42
+KEY=EF9E7E57576D8A3EE91B8B6CE8F0E31E8284201A371A3E0E
+PT=1725EECBA8F9A542E9956168390C82C2
+CT=60912D3EEDC962D68A29AED73DDAA24D
+
+I=43
+KEY=CE6464925302B9F4898AA652053981C808AD8ECD0AC09C43
+PT=60912D3EEDC962D68A29AED73DDAA24D
+CT=43A8B490BBC75DC8D2D2F060C8672E9E
+
+I=44
+KEY=8657F15C75C74469CA2212C2BEFEDC00DA7F7EADC2A7B2DD
+PT=43A8B490BBC75DC8D2D2F060C8672E9E
+CT=67D856AF692A4BA7DEC7C8C14A37BD50
+
+I=45
+KEY=2D566517DCC2D4EBADFA446DD7D497A704B8B66C88900F8D
+PT=67D856AF692A4BA7DEC7C8C14A37BD50
+CT=293C5A05F31E863C6CA26DB8018751CA
+
+I=46
+KEY=826DFA3FD5229B9B84C61E6824CA119B681ADBD489175E47
+PT=293C5A05F31E863C6CA26DB8018751CA
+CT=9421BF2E7727F49C252D644B952C76C4
+
+I=47
+KEY=A5A13E0D1C01D7CF10E7A14653EDE5074D37BF9F1C3B2883
+PT=9421BF2E7727F49C252D644B952C76C4
+CT=CEE8F6FCF7CAF1C5EA9F746C10BD405B
+
+I=48
+KEY=923D8EE015266BA8DE0F57BAA42714C2A7A8CBF30C8668D8
+PT=CEE8F6FCF7CAF1C5EA9F746C10BD405B
+CT=403220B81E6E0837ACCEDA5ACB3730BE
+
+I=49
+KEY=B41FA03C1181401A9E3D7702BA491CF50B6611A9C7B15866
+PT=403220B81E6E0837ACCEDA5ACB3730BE
+CT=8C5D05679F78F853CF83CB8E5BBEBA44
+
+I=50
+KEY=00B6D7172075472F126072652531E4A6C4E5DA279C0FE222
+PT=8C5D05679F78F853CF83CB8E5BBEBA44
+CT=6F9C74C0BB40608AAD1A1202FCAF62EB
+
+I=51
+KEY=BEB1F890B29E8EFE7DFC06A59E71842C69FFC82560A080C9
+PT=6F9C74C0BB40608AAD1A1202FCAF62EB
+CT=B812DB4E295951BB04B1636A9CE91DDB
+
+I=52
+KEY=9455ABC4AC495686C5EEDDEBB728D5976D4EAB4FFC499D12
+PT=B812DB4E295951BB04B1636A9CE91DDB
+CT=B164574EAECAD5A06FFB4F3E6C607D61
+
+I=53
+KEY=1E9CCB2A3541F810748A8AA519E2003702B5E4719029E073
+PT=B164574EAECAD5A06FFB4F3E6C607D61
+CT=1433D23C1500EDBA0EFFD03D96E18F20
+
+I=54
+KEY=F4817B9409F1F1D160B958990CE2ED8D0C4A344C06C86F53
+PT=1433D23C1500EDBA0EFFD03D96E18F20
+CT=B81C889B6FAF5DA800AEBA561992853B
+
+I=55
+KEY=49F7CD1535080039D8A5D002634DB0250CE48E1A1F5AEA68
+PT=B81C889B6FAF5DA800AEBA561992853B
+CT=5B558B7C5916CF14FA5BC9266CFE875F
+
+I=56
+KEY=FCD5479474EA721783F05B7E3A5B7F31F6BF473C73A46D37
+PT=5B558B7C5916CF14FA5BC9266CFE875F
+CT=49BE310D74A9980E9A78B0A8BB3BA1AB
+
+I=57
+KEY=6A68208CC7D6782ECA4E6A734EF2E73F6CC7F794C89FCC9C
+PT=49BE310D74A9980E9A78B0A8BB3BA1AB
+CT=7BD5BABAD7F1EEAA56E17BF9B6678DC8
+
+I=58
+KEY=38DE1A69C03EF9C1B19BD0C9990309953A268C6D7EF84154
+PT=7BD5BABAD7F1EEAA56E17BF9B6678DC8
+CT=62448A767C344E7E7CDB02112F475EFE
+
+I=59
+KEY=02634EC657B436A8D3DF5ABFE53747EB46FD8E7C51BF1FAA
+PT=62448A767C344E7E7CDB02112F475EFE
+CT=F490A20D8B5C53E34C4CF5B7B72A4591
+
+I=60
+KEY=DCDAAB8CBD526850274FF8B26E6B14080AB17BCBE6955A3B
+PT=F490A20D8B5C53E34C4CF5B7B72A4591
+CT=ACFFD7CD5C01B183AB92DBB62DC088F6
+
+I=61
+KEY=51EB6B7172C22A248BB02F7F326AA58BA123A07DCB55D2CD
+PT=ACFFD7CD5C01B183AB92DBB62DC088F6
+CT=0BEDDFA8E7A1AC84E3E164A59D599BAB
+
+I=62
+KEY=4796B5FA7B22626B805DF0D7D5CB090F42C2C4D8560C4966
+PT=0BEDDFA8E7A1AC84E3E164A59D599BAB
+CT=9CC82E2B6B96254345C1FDBAD667275E
+
+I=63
+KEY=D8E112F9657BD2BF1C95DEFCBE5D2C4C07033962806B6E38
+PT=9CC82E2B6B96254345C1FDBAD667275E
+CT=75926F4D3503411CD3C059DA4FFABD62
+
+I=64
+KEY=A19B892107C4F8F86907B1B18B5E6D50D4C360B8CF91D35A
+PT=75926F4D3503411CD3C059DA4FFABD62
+CT=1073561CF6BA28EC57F4B7E5073D27FA
+
+I=65
+KEY=AEFE35F52D8D54A27974E7AD7DE445BC8337D75DC8ACF4A0
+PT=1073561CF6BA28EC57F4B7E5073D27FA
+CT=83E161BA51E6F3A4588C94F7A24BA81F
+
+I=66
+KEY=5E41A6382F88A350FA9586172C02B618DBBB43AA6AE75CBF
+PT=83E161BA51E6F3A4588C94F7A24BA81F
+CT=BD693B4C49378F17322D175932B87111
+
+I=67
+KEY=A2D760EE839234F147FCBD5B6535390FE99654F3585F2DAE
+PT=BD693B4C49378F17322D175932B87111
+CT=101A83CF8487BEDD2C93180BB5024EC9
+
+I=68
+KEY=0F463C72AF8E4B5357E63E94E1B287D2C5054CF8ED5D6367
+PT=101A83CF8487BEDD2C93180BB5024EC9
+CT=757949BE62D3328D09E2F45DF2AD095A
+
+I=69
+KEY=C3C0A16686A5D66B229F772A8361B55FCCE7B8A51FF06A3D
+PT=757949BE62D3328D09E2F45DF2AD095A
+CT=63EBBF9E15BECEC1A0885BECB3D06BF8
+
+I=70
+KEY=3A0B55738CF3B3E94174C8B496DF7B9E6C6FE349AC2001C5
+PT=63EBBF9E15BECEC1A0885BECB3D06BF8
+CT=E176B5C7AFCE06E8ED0C63A4CF7E3034
+
+I=71
+KEY=450F848D964934DAA0027D7339117D76816380ED635E31F1
+PT=E176B5C7AFCE06E8ED0C63A4CF7E3034
+CT=97B91F0A898E5B3A77A0883140D477BC
+
+I=72
+KEY=F3AF781D6EA3529237BB6279B09F264CF6C308DC238A464D
+PT=97B91F0A898E5B3A77A0883140D477BC
+CT=346AD1C470309DFE6CB08DCC24E17470
+
+I=73
+KEY=4E43AB584BF1F8C603D1B3BDC0AFBBB29A738510076B323D
+PT=346AD1C470309DFE6CB08DCC24E17470
+CT=F8B462FB7D758B3AF2CDF7D9244B738F
+
+I=74
+KEY=5A1F023E8F0987B4FB65D146BDDA308868BE72C9232041B2
+PT=F8B462FB7D758B3AF2CDF7D9244B738F
+CT=B44D090FD0B7F762146FF6301C6DBF54
+
+I=75
+KEY=FFC4BB75031165DA4F28D8496D6DC7EA7CD184F93F4DFEE6
+PT=B44D090FD0B7F762146FF6301C6DBF54
+CT=15CB042313710F2CD1C3409B5F3AF419
+
+I=76
+KEY=8107240E1FB855765AE3DC6A7E1CC8C6AD12C46260770AFF
+PT=15CB042313710F2CD1C3409B5F3AF419
+CT=0AB01B03F415A58D52CF7A1E40856275
+
+I=77
+KEY=4493743ADE27D1D85053C7698A096D4BFFDDBE7C20F2688A
+PT=0AB01B03F415A58D52CF7A1E40856275
+CT=05BE037C28719B4C4EEBEA329FAC63D5
+
+I=78
+KEY=F582EC062155016255EDC415A278F607B136544EBF5E0B5F
+PT=05BE037C28719B4C4EEBEA329FAC63D5
+CT=74C3C4F42B3F575C6B8D5BAD9AF0191F
+
+I=79
+KEY=8FAF8EEAA5E2D76B212E00E18947A15BDABB0FE325AE1240
+PT=74C3C4F42B3F575C6B8D5BAD9AF0191F
+CT=92CB4A3DF34E6711FB56391F26D949AD
+
+I=80
+KEY=1CAD393CC06BC104B3E54ADC7A09C64A21ED36FC03775BED
+PT=92CB4A3DF34E6711FB56391F26D949AD
+CT=3754BB3D8C3D7370EDBA842CDF17D5C0
+
+I=81
+KEY=E3AB53BB36BDFBBB84B1F1E1F634B53ACC57B2D0DC608E2D
+PT=3754BB3D8C3D7370EDBA842CDF17D5C0
+CT=94EAC7FD54D228619791BCCBF9F633F4
+
+I=82
+KEY=480B1D923E853259105B361CA2E69D5B5BC60E1B2596BDD9
+PT=94EAC7FD54D228619791BCCBF9F633F4
+CT=CAB29222355968E9CF492D5BF08B0999
+
+I=83
+KEY=D8F6791107FB3D26DAE9A43E97BFF5B2948F2340D51DB440
+PT=CAB29222355968E9CF492D5BF08B0999
+CT=00837C78B88005288DB39452F1EB8F13
+
+I=84
+KEY=6521B6B771FE24B2DA6AD8462F3FF09A193CB71224F63B53
+PT=00837C78B88005288DB39452F1EB8F13
+CT=2082F77D48A63E223A79217CD4516854
+
+I=85
+KEY=9D9F3198682E2476FAE82F3B6799CEB82345966EF0A75307
+PT=2082F77D48A63E223A79217CD4516854
+CT=C5074D4B3F455346B078DAFBC1327AB6
+
+I=86
+KEY=61832291235DC7C33FEF627058DC9DFE933D4C95319529B1
+PT=C5074D4B3F455346B078DAFBC1327AB6
+CT=72EE56572A2B7CEC53FC4E4FC0293D63
+
+I=87
+KEY=5C2877854338D45D4D01342772F7E112C0C102DAF1BC14D2
+PT=72EE56572A2B7CEC53FC4E4FC0293D63
+CT=7350039161DF9E8E45B360E6139E4226
+
+I=88
+KEY=A8225CF65297BA953E5137B613287F9C8572623CE22256F4
+PT=7350039161DF9E8E45B360E6139E4226
+CT=4339288215BE1BB87E31AF8FB35DEDC1
+
+I=89
+KEY=51649B52A8458F4B7D681F3406966424FB43CDB3517FBB35
+PT=4339288215BE1BB87E31AF8FB35DEDC1
+CT=4D7AB61CC2C930CBB0DF43EEE92EBA1F
+
+I=90
+KEY=750E4E7E9183E2FF3012A928C45F54EF4B9C8E5DB851012A
+PT=4D7AB61CC2C930CBB0DF43EEE92EBA1F
+CT=1090FE663EA77DC2EC30E8F89E662918
+
+I=91
+KEY=B65FBDF702246E442082574EFAF8292DA7AC66A526372832
+PT=1090FE663EA77DC2EC30E8F89E662918
+CT=14307A2CC40BDFB0413DF10F961337CA
+
+I=92
+KEY=7BEC3480AA0A44FF34B22D623EF3F69DE69197AAB0241FF8
+PT=14307A2CC40BDFB0413DF10F961337CA
+CT=8F378E272D82DE8E63EC418912EF8642
+
+I=93
+KEY=63921E8700657D6ABB85A34513712813857DD623A2CB99BA
+PT=8F378E272D82DE8E63EC418912EF8642
+CT=3947DDC00E3C4D958E508DF58AB4982A
+
+I=94
+KEY=754B2E8355FABCAF82C27E851D4D65860B2D5BD6287F0190
+PT=3947DDC00E3C4D958E508DF58AB4982A
+CT=492DB375B3CC640DD8FEDBAF2C943535
+
+I=95
+KEY=E8F8C2450F8597B3CBEFCDF0AE81018BD3D3807904EB34A5
+PT=492DB375B3CC640DD8FEDBAF2C943535
+CT=D74BD4118D448B674935B80E4B1BFB93
+
+I=96
+KEY=34A2C5B010AE479A1CA419E123C58AEC9AE638774FF0CF36
+PT=D74BD4118D448B674935B80E4B1BFB93
+CT=E9742B41295BC3ED3AA66E80E8718665
+
+I=97
+KEY=0E11D08AA9EC81A4F5D032A00A9E4901A04056F7A7814953
+PT=E9742B41295BC3ED3AA66E80E8718665
+CT=5FB17BFE146B410F90EC922B1385D0E4
+
+I=98
+KEY=B15779E61FD27B02AA61495E1EF5080E30ACC4DCB40499B7
+PT=5FB17BFE146B410F90EC922B1385D0E4
+CT=1B0CCF643F19DDBC0E3ED0EEAE83ACC1
+
+I=99
+KEY=861B580225193DD5B16D863A21ECD5B23E9214321A873576
+PT=1B0CCF643F19DDBC0E3ED0EEAE83ACC1
+CT=B3A7D434E30DC0CDEE4D17BBC27B855E
+
+I=100
+KEY=B6DF2A8726C31D6E02CA520EC2E1157FD0DF0389D8FCB028
+PT=B3A7D434E30DC0CDEE4D17BBC27B855E
+CT=57DE2345D91E26A2AB7CA88AEA23A84F
+
+I=101
+KEY=6976D3780B5F01E25514714B1BFF33DD7BA3AB0332DF1867
+PT=57DE2345D91E26A2AB7CA88AEA23A84F
+CT=7B03541D239B569FEE7ABD8980F1BD05
+
+I=102
+KEY=734CAC477A2727542E1725563864654295D9168AB22EA562
+PT=7B03541D239B569FEE7ABD8980F1BD05
+CT=5CB7E72B2E6CFF8C18AEB026FE40C2FA
+
+I=103
+KEY=B59171BEBC7BFB8672A0C27D16089ACE8D77A6AC4C6E6798
+PT=5CB7E72B2E6CFF8C18AEB026FE40C2FA
+CT=50B9186306DA92FE785D6EB9223E43A9
+
+I=104
+KEY=E460BA8A2F82DBB72219DA1E10D20830F52AC8156E502431
+PT=50B9186306DA92FE785D6EB9223E43A9
+CT=B3D8CE8B04B99CF2F82571E1588C358B
+
+I=105
+KEY=CE7C790CD4B34C4791C11495146B94C20D0FB9F436DC11BA
+PT=B3D8CE8B04B99CF2F82571E1588C358B
+CT=9845F0A5681A40A6DC3D9BCA639FE786
+
+I=106
+KEY=699FE59B482743180984E4307C71D464D132223E5543F63C
+PT=9845F0A5681A40A6DC3D9BCA639FE786
+CT=C7EBF5CEAAD5652563A8550020EC7070
+
+I=107
+KEY=FEBE2836F5099F53CE6F11FED6A4B141B29A773E75AF864C
+PT=C7EBF5CEAAD5652563A8550020EC7070
+CT=DE94A376634FE9856A84E2EE6EED86E8
+
+I=108
+KEY=22BCFFB0740FC30510FBB288B5EB58C4D81E95D01B4200A4
+PT=DE94A376634FE9856A84E2EE6EED86E8
+CT=64B9917E23328A4FE1F8FDB8AE43E7F3
+
+I=109
+KEY=E8491AFDF41F0DFB744223F696D9D28B39E66868B501E757
+PT=64B9917E23328A4FE1F8FDB8AE43E7F3
+CT=2C59820184ABC99E82A7F51D4E3A86A8
+
+I=110
+KEY=3BE5F390D72ABE6A581BA1F712721B15BB419D75FB3B61FF
+PT=2C59820184ABC99E82A7F51D4E3A86A8
+CT=387ACD0BAD539773287C209A0876581F
+
+I=111
+KEY=B7388762F772C83560616CFCBF218C66933DBDEFF34D39E0
+PT=387ACD0BAD539773287C209A0876581F
+CT=F12D3E1F21AFB9CACAB541EFB7334438
+
+I=112
+KEY=FBD600191276FA5C914C52E39E8E35AC5988FC00447E7DD8
+PT=F12D3E1F21AFB9CACAB541EFB7334438
+CT=68D2FA1BB635D9D35E4BF440335CBD80
+
+I=113
+KEY=1E2B19106450AA2FF99EA8F828BBEC7F07C308407722C058
+PT=68D2FA1BB635D9D35E4BF440335CBD80
+CT=4532507D5E0227054CB36CBD3C489D53
+
+I=114
+KEY=C0B60F65BAD77DA4BCACF88576B9CB7A4B7064FD4B6A5D0B
+PT=4532507D5E0227054CB36CBD3C489D53
+CT=6DB8FD7DE7924B7E92CF27BC0AD11D16
+
+I=115
+KEY=451836B53318CC33D11405F8912B8004D9BF434141BB401D
+PT=6DB8FD7DE7924B7E92CF27BC0AD11D16
+CT=A3D5F6A8D4372B66F8D3DD9FF945DECA
+
+I=116
+KEY=0E57235F9B527C5172C1F350451CAB62216C9EDEB8FE9ED7
+PT=A3D5F6A8D4372B66F8D3DD9FF945DECA
+CT=BEDFF233AD31EEB9943EEBF52F66AABF
+
+I=117
+KEY=BB7E1C438E5F36A3CC1E0163E82D45DBB552752B97983468
+PT=BEDFF233AD31EEB9943EEBF52F66AABF
+CT=4531EDEC06570582755199A0C4745EA5
+
+I=118
+KEY=DE70EC87811AFD32892FEC8FEE7A4059C003EC8B53EC6ACD
+PT=4531EDEC06570582755199A0C4745EA5
+CT=F3189383C202A472CE238571D187F8EB
+
+I=119
+KEY=CA2AE67397E9238A7A377F0C2C78E42B0E2069FA826B9226
+PT=F3189383C202A472CE238571D187F8EB
+CT=B48952CBAC43D0114985A9035DFF0382
+
+I=120
+KEY=335EF040D622E95BCEBE2DC7803B343A47A5C0F9DF9491A4
+PT=B48952CBAC43D0114985A9035DFF0382
+CT=9B71302FDFBC47DF6276AB73D4D0D8B3
+
+I=121
+KEY=683CC10DFBC6C09C55CF1DE85F8773E525D36B8A0B444917
+PT=9B71302FDFBC47DF6276AB73D4D0D8B3
+CT=69EED4A0C5428005199DF12B338393E2
+
+I=122
+KEY=B86C9A2F1A978E123C21C9489AC5F3E03C4E9AA138C7DAF5
+PT=69EED4A0C5428005199DF12B338393E2
+CT=D0C2ACA653E6D7D80D32F445B0DD2347
+
+I=123
+KEY=EF7E3DCDF05FFA86ECE365EEC9232438317C6EE4881AF9B2
+PT=D0C2ACA653E6D7D80D32F445B0DD2347
+CT=F373D4DBD7ADAFEF582621EC8C7CD2A2
+
+I=124
+KEY=B8059C7A6BA2273E1F90B1351E8E8BD7695A4F0804662B10
+PT=F373D4DBD7ADAFEF582621EC8C7CD2A2
+CT=0AD37AFC8C929513F9BDB976E69C7CF3
+
+I=125
+KEY=F5C9ECCBB672D46F1543CBC9921C1EC490E7F67EE2FA57E3
+PT=0AD37AFC8C929513F9BDB976E69C7CF3
+CT=E80B118DFB34F11DB344B6AE34EDEBC8
+
+I=126
+KEY=AA67DC18543A7A88FD48DA446928EFD923A340D0D617BC2B
+PT=E80B118DFB34F11DB344B6AE34EDEBC8
+CT=628D5C42DDEBA9AE4983F51D339366B4
+
+I=127
+KEY=BF0C30A039C0FEE89FC58606B4C346776A20B5CDE584DA9F
+PT=628D5C42DDEBA9AE4983F51D339366B4
+CT=1BE2A5A8CCA8E065557F6982AF3E056F
+
+I=128
+KEY=A219F6B8E2FF1AA3842723AE786BA6123F5FDC4F4ABADFF0
+PT=1BE2A5A8CCA8E065557F6982AF3E056F
+CT=5E1187D78AEB34780F07905A84D2EBBA
+
+I=129
+KEY=851DDD078D4B7802DA36A479F280926A30584C15CE68344A
+PT=5E1187D78AEB34780F07905A84D2EBBA
+CT=31EE3AC2EC79D14EBCA71E760326CD74
+
+I=130
+KEY=E6741084FEDEEFFEEBD89EBB1EF943248CFF5263CD4EF93E
+PT=31EE3AC2EC79D14EBCA71E760326CD74
+CT=298E3A00F280BBF8364CF8D6D44CF54E
+
+I=131
+KEY=8A41136FE9DB1FB5C256A4BBEC79F8DCBAB3AAB519020C70
+PT=298E3A00F280BBF8364CF8D6D44CF54E
+CT=39B7A0416C1F9B19C7B99A1F6A70258C
+
+I=132
+KEY=E1F1B622EB8BC9B1FBE104FA806663C57D0A30AA737229FC
+PT=39B7A0416C1F9B19C7B99A1F6A70258C
+CT=B1655FA9AB2C4956E2C56F7A6C421BE5
+
+I=133
+KEY=0EE0B7E1AF7093694A845B532B4A2A939FCF5FD01F303219
+PT=B1655FA9AB2C4956E2C56F7A6C421BE5
+CT=1AD9CBB1A28F7A2A6CBC7EC98EF483FC
+
+I=134
+KEY=180A2BD07F77D34E505D90E289C550B9F373211991C4B1E5
+PT=1AD9CBB1A28F7A2A6CBC7EC98EF483FC
+CT=6363BE57D6D587EE3ABA9FE81F3D3A10
+
+I=135
+KEY=848B7408CAACF02E333E2EB55F10D757C9C9BEF18EF98BF5
+PT=6363BE57D6D587EE3ABA9FE81F3D3A10
+CT=05618580D7915AA7398EF4DB7D1F1DE3
+
+I=136
+KEY=E581D7B4F84F2860365FAB3588818DF0F0474A2AF3E69616
+PT=05618580D7915AA7398EF4DB7D1F1DE3
+CT=F8D0118087404FD729F96CA6551338AD
+
+I=137
+KEY=6C81D6873EFFF763CE8FBAB50FC1C227D9BE268CA6F5AEBB
+PT=F8D0118087404FD729F96CA6551338AD
+CT=784913B38D32A7395D73AF1378A0DC56
+
+I=138
+KEY=D971137D872F606EB6C6A90682F3651E84CD899FDE5572ED
+PT=784913B38D32A7395D73AF1378A0DC56
+CT=D07C418BD183457B6683AE99C457FC0B
+
+I=139
+KEY=196BBA79E35EEC7966BAE88D53702065E24E27061A028EE6
+PT=D07C418BD183457B6683AE99C457FC0B
+CT=5595D16DF7668779825BC135D1408013
+
+I=140
+KEY=6F140EC274635FA2332F39E0A416A71C6015E633CB420EF5
+PT=5595D16DF7668779825BC135D1408013
+CT=1AB9F5075E063403FEFD976044C89C95
+
+I=141
+KEY=926F3A2AA0BD8C952996CCE7FA10931F9EE871538F8A9260
+PT=1AB9F5075E063403FEFD976044C89C95
+CT=6DF413E53FCEDA296D7ABA796179D600
+
+I=142
+KEY=740F74BF0E0C38154462DF02C5DE4936F392CB2AEEF34460
+PT=6DF413E53FCEDA296D7ABA796179D600
+CT=0D0F499B0D51948A9CCBC4B6531A05F7
+
+I=143
+KEY=2500C9B63042B24B496D9699C88FDDBC6F590F9CBDE94197
+PT=0D0F499B0D51948A9CCBC4B6531A05F7
+CT=85833A1072B6A0ED932D4D89D53A785A
+
+I=144
+KEY=FCB377C07622271FCCEEAC89BA397D51FC74421568D339CD
+PT=85833A1072B6A0ED932D4D89D53A785A
+CT=545EDE1A4B737F1E51CBDAE311E91D5C
+
+I=145
+KEY=BB108ABE391C394E98B07293F14A024FADBF98F6793A2491
+PT=545EDE1A4B737F1E51CBDAE311E91D5C
+CT=DA8CC635CF1450685DDAAA5A56BC3BD9
+
+I=146
+KEY=34F8623EC93A6C2A423CB4A63E5E5227F06532AC2F861F48
+PT=DA8CC635CF1450685DDAAA5A56BC3BD9
+CT=FE73162BF90B52DEE7D0EA9D73F8444D
+
+I=147
+KEY=5E3CB25583365D5EBC4FA28DC75500F917B5D8315C7E5B05
+PT=FE73162BF90B52DEE7D0EA9D73F8444D
+CT=BC75D12F66C232E1979D0F6C3E1ED8F1
+
+I=148
+KEY=EABE655116470AE1003A73A2A19732188028D75D626083F4
+PT=BC75D12F66C232E1979D0F6C3E1ED8F1
+CT=661A3FA0530BF47C266D609FE01DAF48
+
+I=149
+KEY=97A1B8E97CF217C366204C02F29CC664A645B7C2827D2CBC
+PT=661A3FA0530BF47C266D609FE01DAF48
+CT=791144514CF8E4CC15BC6ADE3291F9CD
+
+I=150
+KEY=5189DC6F535B5A091F310853BE6422A8B3F9DD1CB0ECD571
+PT=791144514CF8E4CC15BC6ADE3291F9CD
+CT=4369FDB3626F399A6526C476373A52D4
+
+I=151
+KEY=21CD36EDB27428AB5C58F5E0DC0B1B32D6DF196A87D687A5
+PT=4369FDB3626F399A6526C476373A52D4
+CT=4C8869494C044703CFDD09F83B2208AA
+
+I=152
+KEY=85C08C7D4667AE3710D09CA9900F5C3119021092BCF48F0F
+PT=4C8869494C044703CFDD09F83B2208AA
+CT=06BC45BDB38A7028CB2D189E9E0C3046
+
+I=153
+KEY=807182BD7E1F29BE166CD91423852C19D22F080C22F8BF49
+PT=06BC45BDB38A7028CB2D189E9E0C3046
+CT=74AFD5F37F8F0712710585FB8DB22FF8
+
+I=154
+KEY=1AF15D0DE00CEF3F62C30CE75C0A2B0BA32A8DF7AF4A90B1
+PT=74AFD5F37F8F0712710585FB8DB22FF8
+CT=B1A4EE894A12794E0C1A286DDBC01CFD
+
+I=155
+KEY=E0732BA619DCF2F5D367E26E16185245AF30A59A748A8C4C
+PT=B1A4EE894A12794E0C1A286DDBC01CFD
+CT=0EA90279135DFFC7F58DB959F9E8BFE1
+
+I=156
+KEY=AE8779E669BFF77EDDCEE0170545AD825ABD1CC38D6233AD
+PT=0EA90279135DFFC7F58DB959F9E8BFE1
+CT=3717C67E520D87778350E62525C01730
+
+I=157
+KEY=79D13142BE9066A2EAD9266957482AF5D9EDFAE6A8A2249D
+PT=3717C67E520D87778350E62525C01730
+CT=A8F96DA7AE81EF8810A317AB4C9B82A9
+
+I=158
+KEY=597D70828E56003942204BCEF9C9C57DC94EED4DE439A634
+PT=A8F96DA7AE81EF8810A317AB4C9B82A9
+CT=8C373A065986BAC9E345475F5D83FBCF
+
+I=159
+KEY=96C8CF3884D5DA18CE1771C8A04F7FB42A0BAA12B9BA5DFB
+PT=8C373A065986BAC9E345475F5D83FBCF
+CT=8E4D562CBEDC360EFB25B857DD4C4FF2
+
+I=160
+KEY=5A0A29B58F17F9F9405A27E41E9349BAD12E124564F61209
+PT=8E4D562CBEDC360EFB25B857DD4C4FF2
+CT=192CCD79E3B4C8F5617D1F55B789B7A3
+
+I=161
+KEY=29A4692EDE3EAABE5976EA9DFD27814FB0530D10D37FA5AA
+PT=192CCD79E3B4C8F5617D1F55B789B7A3
+CT=8A5F181E1748C98121D1C22204591B23
+
+I=162
+KEY=5E5CA30210E78677D329F283EA6F48CE9182CF32D726BE89
+PT=8A5F181E1748C98121D1C22204591B23
+CT=14512A4997094A0536594E63ACC5EF4A
+
+I=163
+KEY=7DA5F9C99B68DFB0C778D8CA7D6602CBA7DB81517BE351C3
+PT=14512A4997094A0536594E63ACC5EF4A
+CT=F91BA751D5E2ADC074FC6CC14476DE67
+
+I=164
+KEY=658144C57CCFDAD83E637F9BA884AF0BD327ED903F958FA4
+PT=F91BA751D5E2ADC074FC6CC14476DE67
+CT=5F7FED22BABA25D48C95C4E2CAEDB3F4
+
+I=165
+KEY=13C5D7A44396F6FD611C92B9123E8ADF5FB22972F5783C50
+PT=5F7FED22BABA25D48C95C4E2CAEDB3F4
+CT=0FCFB3CB93B2E7FDF7E156486929BD17
+
+I=166
+KEY=99DBAC1D5D268DB06ED32172818C6D22A8537F3A9C518147
+PT=0FCFB3CB93B2E7FDF7E156486929BD17
+CT=3E16265A02271FF68AE6310A6BFDEE60
+
+I=167
+KEY=A8876A49E2F1CC5250C5072883AB72D422B54E30F7AC6F27
+PT=3E16265A02271FF68AE6310A6BFDEE60
+CT=1657BF722B57D083D8864B6447317E05
+
+I=168
+KEY=0A615A71BC2BE3E94692B85AA8FCA257FA330554B09D1122
+PT=1657BF722B57D083D8864B6447317E05
+CT=018B742E941E27C547451B9E41F245F5
+
+I=169
+KEY=6AE11571E3D54C4B4719CC743CE28592BD761ECAF16F54D7
+PT=018B742E941E27C547451B9E41F245F5
+CT=8C5BB61774502B6A9C44BEE8D6C44A63
+
+I=170
+KEY=DCE75079013F0865CB427A6348B2AEF82132A02227AB1EB4
+PT=8C5BB61774502B6A9C44BEE8D6C44A63
+CT=361D3B51C751298194CB1AA32C0A86EE
+
+I=171
+KEY=E73232D50D457866FD5F41328FE38779B5F9BA810BA1985A
+PT=361D3B51C751298194CB1AA32C0A86EE
+CT=7B734F34DD4F332CBE5CFC7659C390BF
+
+I=172
+KEY=BEEF9073227655EB862C0E0652ACB4550BA546F7526208E5
+PT=7B734F34DD4F332CBE5CFC7659C390BF
+CT=63CCC9CE5DADA5B5AC68870E6C675943
+
+I=173
+KEY=1E9078C198526C1DE5E0C7C80F0111E0A7CDC1F93E0551A6
+PT=63CCC9CE5DADA5B5AC68870E6C675943
+CT=7BBC6F7B62807CBE1C93CADB5E6CAE0A
+
+I=174
+KEY=AD26AC70784FF1B99E5CA8B36D816D5EBB5E0B226069FFAC
+PT=7BBC6F7B62807CBE1C93CADB5E6CAE0A
+CT=E95B0C766EF9049163D3A249E196DDB8
+
+I=175
+KEY=E17835A277F1D1EE7707A4C5037869CFD88DA96B81FF2214
+PT=E95B0C766EF9049163D3A249E196DDB8
+CT=968263CBCDB4582FC9CDFD0C9FD0B4F0
+
+I=176
+KEY=22F9EB31E67C62DBE185C70ECECC31E0114054671E2F96E4
+PT=968263CBCDB4582FC9CDFD0C9FD0B4F0
+CT=9F573A339DFA07B844E4034718A4FE88
+
+I=177
+KEY=0FEC8766966A42DA7ED2FD3D5336365855A45720068B686C
+PT=9F573A339DFA07B844E4034718A4FE88
+CT=A0809BA3A742C0EB1BDA613B7472F56A
+
+I=178
+KEY=98E655519C9A8A95DE52669EF474F6B34E7E361B72F99D06
+PT=A0809BA3A742C0EB1BDA613B7472F56A
+CT=9BF1D85440818035FA6AC36E5A5F00A7
+
+I=179
+KEY=A8D37BE0EB386F8045A3BECAB4F57686B414F57528A69DA1
+PT=9BF1D85440818035FA6AC36E5A5F00A7
+CT=924E309AC04A655C50980360914E9830
+
+I=180
+KEY=7D89F156EA181E92D7ED8E5074BF13DAE48CF615B9E80591
+PT=924E309AC04A655C50980360914E9830
+CT=427819CDAE419A046D4586FF5A784A1C
+
+I=181
+KEY=B028A265666F69629595979DDAFE89DE89C970EAE3904F8D
+PT=427819CDAE419A046D4586FF5A784A1C
+CT=D8B51EEC0A6A6D17F1E476C922AD8548
+
+I=182
+KEY=DF20B45B990C5E734D208971D094E4C9782D0623C13DCAC5
+PT=D8B51EEC0A6A6D17F1E476C922AD8548
+CT=7823F1BBA96105168195CDAC34AB5315
+
+I=183
+KEY=AF4C64F7E4AA6DE2350378CA79F5E1DFF9B8CB8FF59699D0
+PT=7823F1BBA96105168195CDAC34AB5315
+CT=85DD0256BC29EAA867DB77C1A049574D
+
+I=184
+KEY=4047F74604E37A00B0DE7A9CC5DC0B779E63BC4E55DFCE9D
+PT=85DD0256BC29EAA867DB77C1A049574D
+CT=64C1880D34408CB1A92BBA354941D5B6
+
+I=185
+KEY=9C3BF36E47110C08D41FF291F19C87C63748067B1C9E1B2B
+PT=64C1880D34408CB1A92BBA354941D5B6
+CT=25B80866FE3198C775F64C412E734348
+
+I=186
+KEY=FAE7368F99242159F1A7FAF70FAD1F0142BE4A3A32ED5863
+PT=25B80866FE3198C775F64C412E734348
+CT=8D3D7E9A195363C96334C48120BC343A
+
+I=187
+KEY=5F48BD86A9C4DC897C9A846D16FE7CC8218A8EBB12516C59
+PT=8D3D7E9A195363C96334C48120BC343A
+CT=E886EEA0F2D556D693DC94FFC588D1F4
+
+I=188
+KEY=B7406993C120EA20941C6ACDE42B2A1EB2561A44D7D9BDAD
+PT=E886EEA0F2D556D693DC94FFC588D1F4
+CT=76CB89CBB935D422DED9784D4548A84F
+
+I=189
+KEY=4DB740C3FA55F4ABE2D7E3065D1EFE3C6C8F6209929115E2
+PT=76CB89CBB935D422DED9784D4548A84F
+CT=93D7AC7B18A1196D5C166203C44A43D3
+
+I=190
+KEY=353A0293DEFB648071004F7D45BFE7513099000A56DB5631
+PT=93D7AC7B18A1196D5C166203C44A43D3
+CT=8982BD77485524EE9E49769591E922CE
+
+I=191
+KEY=F6FC1F7E838CD8A7F882F20A0DEAC3BFAED0769FC73274FF
+PT=8982BD77485524EE9E49769591E922CE
+CT=89012A1E3F7669C76C5F5F4987108662
+
+I=192
+KEY=A1AA84E01EBC3E837183D814329CAA78C28F29D64022F29D
+PT=89012A1E3F7669C76C5F5F4987108662
+CT=139E37ADA17990054AF8EF5B717E884B
+
+I=193
+KEY=C631229E9871F2AC621DEFB993E53A7D8877C68D315C7AD6
+PT=139E37ADA17990054AF8EF5B717E884B
+CT=CEC8F9C90B2E393BDA4602C2A83F953C
+
+I=194
+KEY=824604723CD82F95ACD5167098CB03465231C44F9963EFEA
+PT=CEC8F9C90B2E393BDA4602C2A83F953C
+CT=2A2E1344AE4C6BA40568E170BF67FD74
+
+I=195
+KEY=2B17489FA71F683B86FB0534368768E25759253F2604129E
+PT=2A2E1344AE4C6BA40568E170BF67FD74
+CT=7402AC6982DBB0BED678746E4523556C
+
+I=196
+KEY=DA9C0CF5A89D3D94F2F9A95DB45CD85C81215151632747F2
+PT=7402AC6982DBB0BED678746E4523556C
+CT=36A36B5B55F950F00B9F3E31156BFD65
+
+I=197
+KEY=543619886B56830BC45AC206E1A588AC8ABE6F60764CBA97
+PT=36A36B5B55F950F00B9F3E31156BFD65
+CT=D7B36A117E824A49A5944C37BEE27F06
+
+I=198
+KEY=9494630598E7618213E9A8179F27C2E52F2A2357C8AEC591
+PT=D7B36A117E824A49A5944C37BEE27F06
+CT=2D60BC0BC950EEE7E36D50E971CF68D0
+
+I=199
+KEY=B0328218DF523A0C3E89141C56772C02CC4773BEB961AD41
+PT=2D60BC0BC950EEE7E36D50E971CF68D0
+CT=49A4643E535F45A1ABDEF41ABABBE268
+
+I=200
+KEY=5E3FD7ACD8EF334D772D7022052869A3679987A403DA4F29
+PT=49A4643E535F45A1ABDEF41ABABBE268
+CT=D5EEB5CC40AF8612708BAABE85685E4C
+
+I=201
+KEY=A232D0267D606002A2C3C5EE4587EFB117122D1A86B21165
+PT=D5EEB5CC40AF8612708BAABE85685E4C
+CT=3F5B875DE202C5441165FE5C5CA2D258
+
+I=202
+KEY=844ED6FAFA342BFE9D9842B3A7852AF50677D346DA10C33D
+PT=3F5B875DE202C5441165FE5C5CA2D258
+CT=9B5F0210E0EC623C6ACF1C0BC06EBF51
+
+I=203
+KEY=109F8CEC689E0F5306C740A3476948C96CB8CF4D1A7E7C6C
+PT=9B5F0210E0EC623C6ACF1C0BC06EBF51
+CT=E57015FAB0006446E544704DB6629059
+
+I=204
+KEY=D9ABCBAC4B271B04E3B75559F7692C8F89FCBF00AC1CEC35
+PT=E57015FAB0006446E544704DB6629059
+CT=85F0DF6B1ED933E87F6A9F609D516346
+
+I=205
+KEY=09915869AE1F57F766478A32E9B01F67F6962060314D8F73
+PT=85F0DF6B1ED933E87F6A9F609D516346
+CT=471B931539C155478A1D4B9BA50DCE43
+
+I=206
+KEY=BFB70AA6C4F05C1D215C1927D0714A207C8B6BFB94404130
+PT=471B931539C155478A1D4B9BA50DCE43
+CT=9AC55C1CC77E7B59CC9204898A38CEA7
+
+I=207
+KEY=660972D79B056F14BB99453B170F3179B0196F721E788F97
+PT=9AC55C1CC77E7B59CC9204898A38CEA7
+CT=19B00FEB13145F9F356173B42184D516
+
+I=208
+KEY=F09576EB17FB1A07A2294AD0041B6EE685781CC63FFC5A81
+PT=19B00FEB13145F9F356173B42184D516
+CT=5F1379E25F6DD8653B73F58E738D6243
+
+I=209
+KEY=8D170BBC5E3662BEFD3A33325B76B683BE0BE9484C7138C2
+PT=5F1379E25F6DD8653B73F58E738D6243
+CT=AEF55C09E7AD76CC9BA7B83874A0A86B
+
+I=210
+KEY=1A7BD2572D3CDB8C53CF6F3BBCDBC04F25AC517038D190A9
+PT=AEF55C09E7AD76CC9BA7B83874A0A86B
+CT=6BEF52E6D86DC15D2A03B5CB3EBAB130
+
+I=211
+KEY=B4BC0603F59BE3D038203DDD64B601120FAFE4BB066B2199
+PT=6BEF52E6D86DC15D2A03B5CB3EBAB130
+CT=FDC093FFED096B7812E77E23AD9C7C71
+
+I=212
+KEY=C00A0DDA74D55250C5E0AE2289BF6A6A1D489A98ABF75DE8
+PT=FDC093FFED096B7812E77E23AD9C7C71
+CT=072625CB0C022827E195DE8AB4FE7E0C
+
+I=213
+KEY=6534CBAB46880CE0C2C68BE985BD424DFCDD44121F0923E4
+PT=072625CB0C022827E195DE8AB4FE7E0C
+CT=11AA47C5557437AEE8A8BE31A849A047
+
+I=214
+KEY=C204AFE794D81224D36CCC2CD0C975E31475FA23B74083A3
+PT=11AA47C5557437AEE8A8BE31A849A047
+CT=4C91B3031567DFFC22829CBC3C419B6D
+
+I=215
+KEY=01A4820CC4D281B99FFD7F2FC5AEAA1F36F7669F8B0118CE
+PT=4C91B3031567DFFC22829CBC3C419B6D
+CT=54C0F95B0179CB753917A2592F58BD77
+
+I=216
+KEY=B5C1DD77446C8FD1CB3D8674C4D7616A0FE0C4C6A459A5B9
+PT=54C0F95B0179CB753917A2592F58BD77
+CT=A2A19A98250E432131F9EF4AE473677F
+
+I=217
+KEY=9FDC1167AC2D1A51699C1CECE1D9224B3E192B8C402AC2C6
+PT=A2A19A98250E432131F9EF4AE473677F
+CT=9B5780CA9669A92688F54887E303F2D3
+
+I=218
+KEY=C734A73F4A32D311F2CB9C2677B08B6DB6EC630BA3293015
+PT=9B5780CA9669A92688F54887E303F2D3
+CT=F1750745D1E74E41A07B99482ECABAAA
+
+I=219
+KEY=1612B86730F487EF03BE9B63A657C52C1697FA438DE38ABF
+PT=F1750745D1E74E41A07B99482ECABAAA
+CT=30F510DBDDAEC6FC0D2504C11DF23CFA
+
+I=220
+KEY=D52E3B50F72B085D334B8BB87BF903D01BB2FE829011B645
+PT=30F510DBDDAEC6FC0D2504C11DF23CFA
+CT=64998C3018185D722477A2DBFB84ABB8
+
+I=221
+KEY=7F9F2A23D320792E57D2078863E15EA23FC55C596B951DFD
+PT=64998C3018185D722477A2DBFB84ABB8
+CT=9293A4FF9ED5D57D81BB8A63381BF66A
+
+I=222
+KEY=B529B6E7080E0AE4C541A377FD348BDFBE7ED63A538EEB97
+PT=9293A4FF9ED5D57D81BB8A63381BF66A
+CT=A389ABCF609B41F28CC3188B2C126915
+
+I=223
+KEY=A5C4C3A89459F79566C808B89DAFCA2D32BDCEB17F9C8282
+PT=A389ABCF609B41F28CC3188B2C126915
+CT=5F4BC60608A3DF788631EBB66763E7DF
+
+I=224
+KEY=F59456291C6CF0C83983CEBE950C1555B48C250718FF655D
+PT=5F4BC60608A3DF788631EBB66763E7DF
+CT=EFDE2113118EDFD5A15D4DFA1C1E79B4
+
+I=225
+KEY=9A4CD87E44EA7DEED65DEFAD8482CA8015D168FD04E11CE9
+PT=EFDE2113118EDFD5A15D4DFA1C1E79B4
+CT=2526BA56DA8A9F9A5799A9D2BE96AEBA
+
+I=226
+KEY=A19D5DFAEC1C9B9DF37B55FB5E08551A4248C12FBA77B253
+PT=2526BA56DA8A9F9A5799A9D2BE96AEBA
+CT=83F237712EF89A7B1E84D69DEFC9B9B9
+
+I=227
+KEY=C48B0103470544867089628A70F0CF615CCC17B255BE0BEA
+PT=83F237712EF89A7B1E84D69DEFC9B9B9
+CT=13B7E26895FEEFE2356306D8D822DDD3
+
+I=228
+KEY=B366B0FE6BB3DB17633E80E2E50E208369AF116A8D9CD639
+PT=13B7E26895FEEFE2356306D8D822DDD3
+CT=BF8C47559B230A3311543BEAA90D4DA1
+
+I=229
+KEY=BE5A735484B72645DCB2C7B77E2D2AB078FB2A8024919B98
+PT=BF8C47559B230A3311543BEAA90D4DA1
+CT=D3C9AFCED64F46AC74FFF73302DE10EB
+
+I=230
+KEY=1DFD852FE9F131840F7B6879A8626C1C0C04DDB3264F8B73
+PT=D3C9AFCED64F46AC74FFF73302DE10EB
+CT=004386EABD8F3C60971D34B5A5F220F8
+
+I=231
+KEY=BB9831D80259A5A40F38EE9315ED507C9B19E90683BDAB8B
+PT=004386EABD8F3C60971D34B5A5F220F8
+CT=119A244F6A3ED1947A764CFE96568213
+
+I=232
+KEY=93B0F09E78E610741EA2CADC7FD381E8E16FA5F815EB2998
+PT=119A244F6A3ED1947A764CFE96568213
+CT=4C8D061BD62737E674DDCACEFC37DA11
+
+I=233
+KEY=43E5036A09590404522FCCC7A9F4B60E95B26F36E9DCF389
+PT=4C8D061BD62737E674DDCACEFC37DA11
+CT=7B5EFE44536B5AB9CF75A457BB8C2417
+
+I=234
+KEY=869CF7BF36FBB5D829713283FA9FECB75AC7CB615250D79E
+PT=7B5EFE44536B5AB9CF75A457BB8C2417
+CT=25771915A1C0F8149634963E1C91BD26
+
+I=235
+KEY=C9BD373897A760E30C062B965B5F14A3CCF35D5F4EC16AB8
+PT=25771915A1C0F8149634963E1C91BD26
+CT=8BB2BC7E7BAAEA1AAF7A9E285BEEB8F1
+
+I=236
+KEY=D2EE543EACA1592687B497E820F5FEB96389C377152FD249
+PT=8BB2BC7E7BAAEA1AAF7A9E285BEEB8F1
+CT=05556B6AB68D2DABCDB32FB724D44F57
+
+I=237
+KEY=9583438F7194754F82E1FC829678D312AE3AECC031FB9D1E
+PT=05556B6AB68D2DABCDB32FB724D44F57
+CT=A4CE8197B0EAE6AD57D5A0630D0CABD0
+
+I=238
+KEY=A5B96A3EFB2EF0C7262F7D15269235BFF9EF4CA33CF736CE
+PT=A4CE8197B0EAE6AD57D5A0630D0CABD0
+CT=8E40F09865AA8EA114EA7F36E11815C3
+
+I=239
+KEY=8E7A04E47969F5DBA86F8D8D4338BB1EED053395DDEF230D
+PT=8E40F09865AA8EA114EA7F36E11815C3
+CT=194A76947319ED92D96D292684C29B5A
+
+I=240
+KEY=E52197304B446A01B125FB193021568C34681AB3592DB857
+PT=194A76947319ED92D96D292684C29B5A
+CT=93526BBB6405BDEA68AC01F1C807EBF7
+
+I=241
+KEY=DA4552EC2C076DC3227790A25424EB665CC41B42912A53A0
+PT=93526BBB6405BDEA68AC01F1C807EBF7
+CT=59860971F900B739B36CB97D35B082D1
+
+I=242
+KEY=E7329ED9491CA8227BF199D3AD245C5FEFA8A23FA49AD171
+PT=59860971F900B739B36CB97D35B082D1
+CT=92F430D5B1F35B469ECDDFDCB2A110F5
+
+I=243
+KEY=1ADC19560D9AEF09E905A9061CD7071971657DE3163BC184
+PT=92F430D5B1F35B469ECDDFDCB2A110F5
+CT=F81D2505FD9A569A71502B23894DA535
+
+I=244
+KEY=6ED932F2BEBD486911188C03E14D5183003556C09F7664B1
+PT=F81D2505FD9A569A71502B23894DA535
+CT=93BACD72A0E761D34E8603FC44F6BA5E
+
+I=245
+KEY=F0A52339F0C68F5782A2417141AA30504EB3553CDB80DEEF
+PT=93BACD72A0E761D34E8603FC44F6BA5E
+CT=631DB808708B5EBB54A2DE6B62519235
+
+I=246
+KEY=0B262E7EA7109C03E1BFF97931216EEB1A118B57B9D14CDA
+PT=631DB808708B5EBB54A2DE6B62519235
+CT=C402023DA5F2F230FEEACE1C5F8B5390
+
+I=247
+KEY=1E7EB042CA0EA74F25BDFB4494D39CDBE4FB454BE65A1F4A
+PT=C402023DA5F2F230FEEACE1C5F8B5390
+CT=CAD88E79E0AB4A3B324F6D3ABBEA211C
+
+I=248
+KEY=215E3E970705BE3DEF65753D7478D6E0D6B428715DB03E56
+PT=CAD88E79E0AB4A3B324F6D3ABBEA211C
+CT=1B2303C4FEB78105B5BF35BC1C5C2FF9
+
+I=249
+KEY=512CE443B55593D9F44676F98ACF57E5630B1DCD41EC11AF
+PT=1B2303C4FEB78105B5BF35BC1C5C2FF9
+CT=06CAE1EED611AF829C83216697F8AEFA
+
+I=250
+KEY=533251960972B2BFF28C97175CDEF867FF883CABD614BF55
+PT=06CAE1EED611AF829C83216697F8AEFA
+CT=170194A7E4E85B0A339BF86460E5ABC6
+
+I=251
+KEY=B484A158FBC3D31FE58D03B0B836A36DCC13C4CFB6F11493
+PT=170194A7E4E85B0A339BF86460E5ABC6
+CT=AF7014D972F55B0CD759CAFBC0D9483B
+
+I=252
+KEY=C470759A6962C1934AFD1769CAC3F8611B4A0E3476285CA8
+PT=AF7014D972F55B0CD759CAFBC0D9483B
+CT=E8BD547419DADD980682B701CCEF3C7E
+
+I=253
+KEY=D27A5BF9DD3B6F61A240431DD31925F91DC8B935BAC760D6
+PT=E8BD547419DADD980682B701CCEF3C7E
+CT=E8F9CFAA891A471EBBC5806F03E0E18A
+
+I=254
+KEY=041C2FF776BAF2334AB98CB75A0362E7A60D395AB927815C
+PT=E8F9CFAA891A471EBBC5806F03E0E18A
+CT=F90F888C03CEBFC9A807DF2100488B24
+
+I=255
+KEY=9BB4307835C91BA4B3B6043B59CDDD2E0E0AE67BB96F0A78
+PT=F90F888C03CEBFC9A807DF2100488B24
+CT=7874C642B44810334C2CF572DA0DEF68
+
+I=256
+KEY=56E742B84F293B68CBC2C279ED85CD1D422613096362E510
+PT=7874C642B44810334C2CF572DA0DEF68
+CT=064513BBD5E667B651B93502E86B6C43
+
+I=257
+KEY=66E28C26E01570FCCD87D1C23863AAAB139F260B8B098953
+PT=064513BBD5E667B651B93502E86B6C43
+CT=D461A03D7D8669BBC32430D00D437E59
+
+I=258
+KEY=5674831937969B7619E671FF45E5C310D0BB16DB864AF70A
+PT=D461A03D7D8669BBC32430D00D437E59
+CT=0A07F858DBD1909FF970C95ED7287FB3
+
+I=259
+KEY=D45BCD0FF3E14A7013E189A79E34538F29CBDF85516288B9
+PT=0A07F858DBD1909FF970C95ED7287FB3
+CT=C2E45D29C1DF02CB4D768682ADD73E6B
+
+I=260
+KEY=40F81EBEF03AAAABD105D48E5FEB514464BD5907FCB5B6D2
+PT=C2E45D29C1DF02CB4D768682ADD73E6B
+CT=01E21E496061DAC195F24F6D1CF22B8A
+
+I=261
+KEY=99C8875EE8221C3FD0E7CAC73F8A8B85F14F166AE0479D58
+PT=01E21E496061DAC195F24F6D1CF22B8A
+CT=71D1C35E1126F6907CDB5414B8C97E84
+
+I=262
+KEY=F1582613B3466D7FA13609992EAC7D158D94427E588EE3DC
+PT=71D1C35E1126F6907CDB5414B8C97E84
+CT=8B7BBAF63C993D4BBB098A22D00C5608
+
+I=263
+KEY=4679A2F69656CFD32A4DB36F1235405E369DC85C8882B5D4
+PT=8B7BBAF63C993D4BBB098A22D00C5608
+CT=651B19F5C1B67FC52151E7C5F1246485
+
+I=264
+KEY=A404FC3490DFC7244F56AA9AD3833F9B17CC2F9979A6D151
+PT=651B19F5C1B67FC52151E7C5F1246485
+CT=158F0AE36B5585868DFB998520318FEB
+
+I=265
+KEY=F7DCCA4394981F2D5AD9A079B8D6BA1D9A37B61C59975EBA
+PT=158F0AE36B5585868DFB998520318FEB
+CT=B62EC94231405F3FB0D160FBFF2DE27E
+
+I=266
+KEY=1F38711C9B6BD060ECF7693B8996E5222AE6D6E7A6BABCC4
+PT=B62EC94231405F3FB0D160FBFF2DE27E
+CT=464AFFA35373CEE71523FF0AFBFB1F51
+
+I=267
+KEY=6B846AAC0C448654AABD9698DAE52BC53FC529ED5D41A395
+PT=464AFFA35373CEE71523FF0AFBFB1F51
+CT=C729EA9A05D5482491CE31DBBC03CE24
+
+I=268
+KEY=BD539A9B4001B6876D947C02DF3063E1AE0B1836E1426DB1
+PT=C729EA9A05D5482491CE31DBBC03CE24
+CT=C755C048ADAD22A628B077163097415F
+
+I=269
+KEY=18B524EEF606589DAAC1BC4A729D414786BB6F20D1D52CEE
+PT=C755C048ADAD22A628B077163097415F
+CT=2DADB8F8FC76D8C997627449E44D14B2
+
+I=270
+KEY=3C2C6A047706E3DD876C04B28EEB998E11D91B693598385C
+PT=2DADB8F8FC76D8C997627449E44D14B2
+CT=2D7109526C2F1B5D08DD356B163498D7
+
+I=271
+KEY=40593D776B6C5920AA1D0DE0E2C482D319042E0223ACA08B
+PT=2D7109526C2F1B5D08DD356B163498D7
+CT=D9C1D988ABD5C892B2E5BA7BF4F584D3
+
+I=272
+KEY=72B53E4711B3DE9873DCD46849114A41ABE19479D7592458
+PT=D9C1D988ABD5C892B2E5BA7BF4F584D3
+CT=0A32E78440A8AE4A3FF74B20A3F5F7DE
+
+I=273
+KEY=C0BEF126899B305B79EE33EC09B9E40B9416DF5974ACD386
+PT=0A32E78440A8AE4A3FF74B20A3F5F7DE
+CT=E7AA36688851D8E4E08E9EFE6987C571
+
+I=274
+KEY=D16257EFEE63CC399E44058481E83CEF749841A71D2B16F7
+PT=E7AA36688851D8E4E08E9EFE6987C571
+CT=0E3E2E99FFA84F8A69CAA897017DD09C
+
+I=275
+KEY=3509E5A7A66648B9907A2B1D7E4073651D52E9301C56C66B
+PT=0E3E2E99FFA84F8A69CAA897017DD09C
+CT=96766B7F6E78537994466BDC62607C85
+
+I=276
+KEY=46BC3EB6FA22C8AC060C40621038201C891482EC7E36BAEE
+PT=96766B7F6E78537994466BDC62607C85
+CT=AA42980BBABA21DACE6D9FCD28A5B0BA
+
+I=277
+KEY=26FC66C5E5C6E585AC4ED869AA8201C647791D2156930A54
+PT=AA42980BBABA21DACE6D9FCD28A5B0BA
+CT=EC057F10222EC91403E1B6CEFCE3556A
+
+I=278
+KEY=91FBDF7B24B0FEB4404BA77988ACC8D24498ABEFAA705F3E
+PT=EC057F10222EC91403E1B6CEFCE3556A
+CT=E6E91EC6B977C3547D08F717F6702E80
+
+I=279
+KEY=5BD8360BB35CE209A6A2B9BF31DB0B8639905CF85C0071BE
+PT=E6E91EC6B977C3547D08F717F6702E80
+CT=DF9BE6A5A61CC4B66C76447202CBFADA
+
+I=280
+KEY=E58D0EFAB72342BD79395F1A97C7CF3055E6188A5ECB8B64
+PT=DF9BE6A5A61CC4B66C76447202CBFADA
+CT=8466FA526E1038CC14A2EC6D85FC4EDF
+
+I=281
+KEY=7EB51DD43B05BB26FD5FA548F9D7F7FC4144F4E7DB37C5BB
+PT=8466FA526E1038CC14A2EC6D85FC4EDF
+CT=5C5A965E386B16D50F3487D54C04AA6B
+
+I=282
+KEY=8F4BEBA429FE57C4A1053316C1BCE1294E70733297336FD0
+PT=5C5A965E386B16D50F3487D54C04AA6B
+CT=BCD57B57FAA6E3F81660113345CD24F9
+
+I=283
+KEY=4A5DA421D27E62821DD048413B1A02D158106201D2FE4B29
+PT=BCD57B57FAA6E3F81660113345CD24F9
+CT=7450D38B3A6D8C4987EE3F7F71C68FFC
+
+I=284
+KEY=77934AE2BB39BC4469809BCA01778E98DFFE5D7EA338C4D5
+PT=7450D38B3A6D8C4987EE3F7F71C68FFC
+CT=A6D1D5A31BAB1CE9F027376539B2AAE2
+
+I=285
+KEY=2C6FD4455E96F2F6CF514E691ADC92712FD96A1B9A8A6E37
+PT=A6D1D5A31BAB1CE9F027376539B2AAE2
+CT=10894E2E6275D172259D4C23332508B9
+
+I=286
+KEY=2608AB9AA8CED631DFD8004778A943030A442638A9AF668E
+PT=10894E2E6275D172259D4C23332508B9
+CT=53C2AB8E42B4EF7FF659D3FB251453C7
+
+I=287
+KEY=68840BD9639AC3128C1AABC93A1DAC7CFC1DF5C38CBB3549
+PT=53C2AB8E42B4EF7FF659D3FB251453C7
+CT=3A9C38D026561B83B0F3E7B566C66CD2
+
+I=288
+KEY=EFCDF07C0E70D051B68693191C4BB7FF4CEE1276EA7D599B
+PT=3A9C38D026561B83B0F3E7B566C66CD2
+CT=B9F7E495B96BE7C0307D8F7A53200193
+
+I=289
+KEY=87DFC62793B45EF60F71778CA520503F7C939D0CB95D5808
+PT=B9F7E495B96BE7C0307D8F7A53200193
+CT=2425FE8AAA7ED06A5FFEC11D7B289891
+
+I=290
+KEY=5FD78DA64A9F50142B5489060F5E8055236D5C11C275C099
+PT=2425FE8AAA7ED06A5FFEC11D7B289891
+CT=93BC83BCF69DBB256C27AF250FDEFAEB
+
+I=291
+KEY=81C88579E065FD16B8E80ABAF9C33B704F4AF334CDAB3A72
+PT=93BC83BCF69DBB256C27AF250FDEFAEB
+CT=A1AF953D4BD1A474B1173D4686EBB8CF
+
+I=292
+KEY=DEE7FFE9A3814D2B19479F87B2129F04FE5DCE724B4082BD
+PT=A1AF953D4BD1A474B1173D4686EBB8CF
+CT=00AAC1CD74952011A03714A6BB091653
+
+I=293
+KEY=8331CC8136829F1E19ED5E4AC687BF155E6ADAD4F04994EE
+PT=00AAC1CD74952011A03714A6BB091653
+CT=00B92CBFFC3589CEB3ECAA7D221C3F0B
+
+I=294
+KEY=FF862EBFECC11E93195472F53AB236DBED8670A9D255ABE5
+PT=00B92CBFFC3589CEB3ECAA7D221C3F0B
+CT=2E07858E94AD300A35448EFA848A767A
+
+I=295
+KEY=18B8678C5497708E3753F77BAE1F06D1D8C2FE5356DFDD9F
+PT=2E07858E94AD300A35448EFA848A767A
+CT=B02F0C98F3B7BB7807F35F6DFD925238
+
+I=296
+KEY=C90D1E18331CA38F877CFBE35DA8BDA9DF31A13EAB4D8FA7
+PT=B02F0C98F3B7BB7807F35F6DFD925238
+CT=EAACC8624146D29129ED8B904E89F04A
+
+I=297
+KEY=A08AD721EE869F2E6DD033811CEE6F38F6DC2AAEE5C47FED
+PT=EAACC8624146D29129ED8B904E89F04A
+CT=8949A5A4289B65A32C5116E8A4B55A50
+
+I=298
+KEY=CED3055CB1AC48CAE499962534750A9BDA8D3C46417125BD
+PT=8949A5A4289B65A32C5116E8A4B55A50
+CT=B632C5FD8EB9676B5504A8BA13E63E2D
+
+I=299
+KEY=AD1DA883EFFC2F3052AB53D8BACC6DF08F8994FC52971B90
+PT=B632C5FD8EB9676B5504A8BA13E63E2D
+CT=EF28A1297C07A575686B3429AC9B62D1
+
+I=300
+KEY=007F57339EC932CCBD83F2F1C6CBC885E7E2A0D5FE0C7941
+PT=EF28A1297C07A575686B3429AC9B62D1
+CT=C99F15E4000944120D1C3DD283D99BFF
+
+I=301
+KEY=3688FDD4FD7822F2741CE715C6C28C97EAFE9D077DD5E2BE
+PT=C99F15E4000944120D1C3DD283D99BFF
+CT=0AC0219E2BD43F9F19F3A0997FCB9FCD
+
+I=302
+KEY=AB54BF259C6F5CEE7EDCC68BED16B308F30D3D9E021E7D73
+PT=0AC0219E2BD43F9F19F3A0997FCB9FCD
+CT=E27242BC80823BDC09C33C1BDB2EA3BE
+
+I=303
+KEY=9C88F101B483F8399CAE84376D9488D4FACE0185D930DECD
+PT=E27242BC80823BDC09C33C1BDB2EA3BE
+CT=7ABF9BD872F54E12FB7F0B11A6D10472
+
+I=304
+KEY=971A26707E5B8BC2E6111FEF1F61C6C601B10A947FE1DABF
+PT=7ABF9BD872F54E12FB7F0B11A6D10472
+CT=336653E5166F1B4146DBEAED74D72BB7
+
+I=305
+KEY=1FFD085658F88F24D5774C0A090EDD87476AE0790B36F108
+PT=336653E5166F1B4146DBEAED74D72BB7
+CT=4849136D0509CE6C404E5685FBEEE9B8
+
+I=306
+KEY=411DF55702805FE69D3E5F670C0713EB0724B6FCF0D818B0
+PT=4849136D0509CE6C404E5685FBEEE9B8
+CT=6CF8DCFD53E2ED214A449398D8BF0F6C
+
+I=307
+KEY=504BFF39E24E870FF1C6839A5FE5FECA4D602564286717DC
+PT=6CF8DCFD53E2ED214A449398D8BF0F6C
+CT=9C8326B89B3054A46ECA3BB76BC2F292
+
+I=308
+KEY=E4F4B55125D2D1056D45A522C4D5AA6E23AA1ED343A5E54E
+PT=9C8326B89B3054A46ECA3BB76BC2F292
+CT=C85479C9E038BA5495F67D6E8B2BEB64
+
+I=309
+KEY=F2E9B605207E0FD4A511DCEB24ED103AB65C63BDC88E0E2A
+PT=C85479C9E038BA5495F67D6E8B2BEB64
+CT=145607ACFFA06C08AB958DCB7BC0BDBC
+
+I=310
+KEY=CC0D3F478519145BB147DB47DB4D7C321DC9EE76B34EB396
+PT=145607ACFFA06C08AB958DCB7BC0BDBC
+CT=ED7EE0DA132D9964BE5E7B2581C3C270
+
+I=311
+KEY=EB3AFCDD9AAB59705C393B9DC860E556A3979553328D71E6
+PT=ED7EE0DA132D9964BE5E7B2581C3C270
+CT=6B576FD09F34ED38774AA383BB88B385
+
+I=312
+KEY=866ECC1B3691532D376E544D5754086ED4DD36D08905C263
+PT=6B576FD09F34ED38774AA383BB88B385
+CT=E540518151453A18C29BE22B5DE84D5B
+
+I=313
+KEY=2B3BF12A0A10E6F9D22E05CC061132761646D4FBD4ED8F38
+PT=E540518151453A18C29BE22B5DE84D5B
+CT=7865DE74099D486ECB584BE7890F3078
+
+I=314
+KEY=3C6EA741634001E0AA4BDBB80F8C7A18DD1E9F1C5DE2BF40
+PT=7865DE74099D486ECB584BE7890F3078
+CT=5226B72FA16653187980D265EB6C7C6D
+
+I=315
+KEY=A32E19E0F06CB649F86D6C97AEEA2900A49E4D79B68EC32D
+PT=5226B72FA16653187980D265EB6C7C6D
+CT=CA0D39D92B042BECABF7A14115B3A307
+
+I=316
+KEY=E48451707115D4A03260554E85EE02EC0F69EC38A33D602A
+PT=CA0D39D92B042BECABF7A14115B3A307
+CT=EC1658D60F1D94EF514FA8EDADAB3C1D
+
+I=317
+KEY=89A589616229672BDE760D988AF396035E2644D50E965C37
+PT=EC1658D60F1D94EF514FA8EDADAB3C1D
+CT=F278CD13BF2C6A1F2D9A9F0C1113205D
+
+I=318
+KEY=6013E84EFD076E402C0EC08B35DFFC1C73BCDBD91F857C6A
+PT=F278CD13BF2C6A1F2D9A9F0C1113205D
+CT=0B1A35F604DDB043BCD0573DC0850AF0
+
+I=319
+KEY=68BCE1DC00C592E22714F57D31024C5FCF6C8CE4DF00769A
+PT=0B1A35F604DDB043BCD0573DC0850AF0
+CT=EAC4FE6F8A04871AC434322CB06308E3
+
+I=320
+KEY=1BE682363F216340CDD00B12BB06CB450B58BEC86F637E79
+PT=EAC4FE6F8A04871AC434322CB06308E3
+CT=64B6BA31C6B15BE040DC2C0A07FFE60F
+
+I=321
+KEY=2082C6C0D49B4DECA966B1237DB790A54B8492C2689C9876
+PT=64B6BA31C6B15BE040DC2C0A07FFE60F
+CT=5ECDC37FEA4176145C6A308F91659D43
+
+I=322
+KEY=23668EEA68987F8CF7AB725C97F6E6B117EEA24DF9F90535
+PT=5ECDC37FEA4176145C6A308F91659D43
+CT=BB25C81945A062A7D53531593D9910F6
+
+I=323
+KEY=10B544566773DD5F4C8EBA45D2568416C2DB9314C46015C3
+PT=BB25C81945A062A7D53531593D9910F6
+CT=48D98FFFC4E378D42CFC785B53DFC38D
+
+I=324
+KEY=7F96DD27E1C0B7B7045735BA16B5FCC2EE27EB4F97BFD64E
+PT=48D98FFFC4E378D42CFC785B53DFC38D
+CT=7DCE20BAE8345CB68103461B4AFA9F09
+
+I=325
+KEY=A73354FC47570B2679991500FE81A0746F24AD54DD454947
+PT=7DCE20BAE8345CB68103461B4AFA9F09
+CT=099B315B4DD55CAB5D02163154DA521C
+
+I=326
+KEY=92A57B873A1D292F7002245BB354FCDF3226BB65899F1B5B
+PT=099B315B4DD55CAB5D02163154DA521C
+CT=37207C17099989D3EA0D13DBD6DF7FEF
+
+I=327
+KEY=7048AF52E1763E8E4722584CBACD750CD82BA8BE5F4064B4
+PT=37207C17099989D3EA0D13DBD6DF7FEF
+CT=7CE37081A6751A1518F03B70FBC1479D
+
+I=328
+KEY=24E37AF6A4BC72403BC128CD1CB86F19C0DB93CEA4812329
+PT=7CE37081A6751A1518F03B70FBC1479D
+CT=201BBD8456F70ED0BB4E19A7AE36F1A6
+
+I=329
+KEY=17E541A643CB8EE01BDA95494A4F61C97B958A690AB7D28F
+PT=201BBD8456F70ED0BB4E19A7AE36F1A6
+CT=3384168E4F022049B0E3AD6899B71DC9
+
+I=330
+KEY=31D5A160B61690A0285E83C7054D4180CB7627019300CF46
+PT=3384168E4F022049B0E3AD6899B71DC9
+CT=C83AA6AE617CB17E2977D394EBC4AD19
+
+I=331
+KEY=6EBA775B83D704AAE06425696431F0FEE201F49578C4625F
+PT=C83AA6AE617CB17E2977D394EBC4AD19
+CT=8AC467890AF8E729C7A86A471ADEB378
+
+I=332
+KEY=C1237F715488582E6AA042E06EC917D725A99ED2621AD127
+PT=8AC467890AF8E729C7A86A471ADEB378
+CT=B89CE4F733A9D67C8E504BC4BC2F7664
+
+I=333
+KEY=0A9E4BDAD3E856F1D23CA6175D60C1ABABF9D516DE35A743
+PT=B89CE4F733A9D67C8E504BC4BC2F7664
+CT=47B421469B794A5188255ACE84D89721
+
+I=334
+KEY=4BE367B885F7AF9195888751C6198BFA23DC8FD85AED3062
+PT=47B421469B794A5188255ACE84D89721
+CT=B6B09DBF9E62C60951368C9C8B63A860
+
+I=335
+KEY=CDFB62995E4C5D4E23381AEE587B4DF372EA0344D18E9802
+PT=B6B09DBF9E62C60951368C9C8B63A860
+CT=68933B4BD0BC23EB3178347DFE68E7F6
+
+I=336
+KEY=8887EBF40DE51F064BAB21A588C76E18439237392FE67FF4
+PT=68933B4BD0BC23EB3178347DFE68E7F6
+CT=C6F16CDDF00C982A927609B559B0BCBD
+
+I=337
+KEY=221D949B8CA9F4C48D5A4D7878CBF632D1E43E8C7656C349
+PT=C6F16CDDF00C982A927609B559B0BCBD
+CT=CBEE831F7623E3214E72AF57706525C7
+
+I=338
+KEY=3D35666DACEFF3C846B4CE670EE815139F9691DB0633E68E
+PT=CBEE831F7623E3214E72AF57706525C7
+CT=DFE0297AE9B69F0AD69D6189C1447333
+
+I=339
+KEY=43370C9C958216DC9954E71DE75E8A19490BF052C77795BD
+PT=DFE0297AE9B69F0AD69D6189C1447333
+CT=59C3B4D6055B9F73064B715CD5213C99
+
+I=340
+KEY=DF43233D68EE5C4AC09753CBE205156A4F40810E1256A924
+PT=59C3B4D6055B9F73064B715CD5213C99
+CT=5373F13BB16B3653FCC138FC9A9E8A47
+
+I=341
+KEY=472E0A65B06B4F4693E4A2F0536E2339B381B9F288C82363
+PT=5373F13BB16B3653FCC138FC9A9E8A47
+CT=9C7514B7FEDF2DC26B0C2C1954745077
+
+I=342
+KEY=1409E4DF955583A00F91B647ADB10EFBD88D95EBDCBC7314
+PT=9C7514B7FEDF2DC26B0C2C1954745077
+CT=2480D7C35D6B0207D84A9CEFA1C2CFDC
+
+I=343
+KEY=458552CAB6B1A8AC2B116184F0DA0CFC00C709047D7EBCC8
+PT=2480D7C35D6B0207D84A9CEFA1C2CFDC
+CT=46DE3E51F1355FA76652C8DA3642409B
+
+I=344
+KEY=2065D6F033E1EE2E6DCF5FD501EF535B6695C1DE4B3CFC53
+PT=46DE3E51F1355FA76652C8DA3642409B
+CT=13F328173D057A64DA3917468528DB4F
+
+I=345
+KEY=6D30053E2C95BC5A7E3C77C23CEA293FBCACD698CE14271C
+PT=13F328173D057A64DA3917468528DB4F
+CT=33D71B6CD0A68B685C89C9F2D70FDFCE
+
+I=346
+KEY=59D69C2D25BFB6A34DEB6CAEEC4CA257E0251F6A191BF8D2
+PT=33D71B6CD0A68B685C89C9F2D70FDFCE
+CT=8E9F57B5E945CD7DFC2B9FCD5AF96DFB
+
+I=347
+KEY=F41ABD021E5C144EC3743B1B05096F2A1C0E80A743E29529
+PT=8E9F57B5E945CD7DFC2B9FCD5AF96DFB
+CT=71295B41B9E5872E1BD4D5C3C4C62D71
+
+I=348
+KEY=41C1194732CD4654B25D605ABCECE80407DA55648724B858
+PT=71295B41B9E5872E1BD4D5C3C4C62D71
+CT=E704FBBAA917788CE906A54B2A56A232
+
+I=349
+KEY=AF58932371569CE655599BE015FB9088EEDCF02FAD721A6A
+PT=E704FBBAA917788CE906A54B2A56A232
+CT=8DBA56CF3E019B8EA80CCB772551CA5B
+
+I=350
+KEY=B1E68A05A144F4FAD8E3CD2F2BFA0B0646D03B588823D031
+PT=8DBA56CF3E019B8EA80CCB772551CA5B
+CT=18F8A23F785AFEFC4ECD527AC6DBE609
+
+I=351
+KEY=456D39FF40B1622BC01B6F1053A0F5FA081D69224EF83638
+PT=18F8A23F785AFEFC4ECD527AC6DBE609
+CT=073F93A707D6B9A82E99990CB13BD00E
+
+I=352
+KEY=1FF446993B6927C6C724FCB754764C522684F02EFFC3E636
+PT=073F93A707D6B9A82E99990CB13BD00E
+CT=76723E1239356EDC37FB5E1EAFDF4678
+
+I=353
+KEY=0DED89E36C3B06B9B156C2A56D43228E117FAE30501CA04E
+PT=76723E1239356EDC37FB5E1EAFDF4678
+CT=1B57D35B4E2484D3945B82D59114A531
+
+I=354
+KEY=E433448EB970D64FAA0111FE2367A65D85242CE5C108057F
+PT=1B57D35B4E2484D3945B82D59114A531
+CT=4466DCB75F6B83885EE32D9FD533A902
+
+I=355
+KEY=3751EC4737F029E3EE67CD497C0C25D5DBC7017A143BAC7D
+PT=4466DCB75F6B83885EE32D9FD533A902
+CT=A8B62B9FCAA9331A3282899DB475AADE
+
+I=356
+KEY=6C1042FACD259CC346D1E6D6B6A516CFE94588E7A04E06A3
+PT=A8B62B9FCAA9331A3282899DB475AADE
+CT=DFE1CB42B29F119E44F37F60A8C2BD7C
+
+I=357
+KEY=640D2DB3E708999A99302D94043A0751ADB6F787088CBBDF
+PT=DFE1CB42B29F119E44F37F60A8C2BD7C
+CT=891B211EE1BEA05AD7BA478FDFEBC507
+
+I=358
+KEY=C434FF9BD02BDF6C102B0C8AE584A70B7A0CB008D7677ED8
+PT=891B211EE1BEA05AD7BA478FDFEBC507
+CT=16ABB92A1E0F433250C551F84AE177CF
+
+I=359
+KEY=22A76DAFC8A7748E0680B5A0FB8BE4392AC9E1F09D860917
+PT=16ABB92A1E0F433250C551F84AE177CF
+CT=1A2F4BF6ED0CADB7FA3FC52F3C6AF191
+
+I=360
+KEY=5DDEDF839CF5C0D11CAFFE561687498ED0F624DFA1ECF886
+PT=1A2F4BF6ED0CADB7FA3FC52F3C6AF191
+CT=16AE687EE38FB85C0F70E20F5585F750
+
+I=361
+KEY=13D0157C6A30C26C0A019628F508F1D2DF86C6D0F4690FD6
+PT=16AE687EE38FB85C0F70E20F5585F750
+CT=6CD2D70F641B2A7814014177C4880107
+
+I=362
+KEY=6DBFF188E61696C966D341279113DBAACB8787A730E10ED1
+PT=6CD2D70F641B2A7814014177C4880107
+CT=8CAD28041AE53AA64CE0173DBD9046C2
+
+I=363
+KEY=44A13B269C44F018EA7E69238BF6E10C8767909A8D714813
+PT=8CAD28041AE53AA64CE0173DBD9046C2
+CT=FC8D4274BA1EF15CC39E750DD1848F7B
+
+I=364
+KEY=B7A8311B81A3B82C16F32B5731E8105044F9E5975CF5C768
+PT=FC8D4274BA1EF15CC39E750DD1848F7B
+CT=01CBDAEAADE486CF655401D8F7F7E84E
+
+I=365
+KEY=A3AC668823C917DE1738F1BD9C0C969F21ADE44FAB022F26
+PT=01CBDAEAADE486CF655401D8F7F7E84E
+CT=494C3219700E06EE9C4DCB61EF932FDF
+
+I=366
+KEY=05CC07DC3CBB1A4B5E74C3A4EC029071BDE02F2E449100F9
+PT=494C3219700E06EE9C4DCB61EF932FDF
+CT=BB0E7D5CD93B1839DF5CAED7996F9560
+
+I=367
+KEY=8768468EFC3CE954E57ABEF83539884862BC81F9DDFE9599
+PT=BB0E7D5CD93B1839DF5CAED7996F9560
+CT=CC1F9A504A67C24621ED127C63AE2A36
+
+I=368
+KEY=470E251F98662CEC296524A87F5E4A0E43519385BE50BFAF
+PT=CC1F9A504A67C24621ED127C63AE2A36
+CT=A48D3751956B71F925680073B35BC0A3
+
+I=369
+KEY=533C67C061CE6B9E8DE813F9EA353BF7663993F60D0B7F0C
+PT=A48D3751956B71F925680073B35BC0A3
+CT=80143AC021E94718146EBC7808A9DDD8
+
+I=370
+KEY=0303563B9274349D0DFC2939CBDC7CEF72572F8E05A2A2D4
+PT=80143AC021E94718146EBC7808A9DDD8
+CT=B90AC6ADEE1B60228096D022EE5C681B
+
+I=371
+KEY=1E7D3A52CC112BDCB4F6EF9425C71CCDF2C1FFACEBFECACF
+PT=B90AC6ADEE1B60228096D022EE5C681B
+CT=CB8553B21250642107E824E8FB27CAEA
+
+I=372
+KEY=750A36009059323E7F73BC26379778ECF529DB4410D90025
+PT=CB8553B21250642107E824E8FB27CAEA
+CT=9C86DA9646FCFEA7E778A5498F50E01E
+
+I=373
+KEY=6876C614C460B02CE3F566B0716B864B12517E0D9F89E03B
+PT=9C86DA9646FCFEA7E778A5498F50E01E
+CT=1481357AD5690762FD6F3809F1E5F219
+
+I=374
+KEY=7CE6B00F6B651FAEF77453CAA4028129EF3E46046E6C1222
+PT=1481357AD5690762FD6F3809F1E5F219
+CT=39B64998D4370E0CB47C1DC23EDCDD03
+
+I=375
+KEY=C3F72A84EF6F4A0CCEC21A5270358F255B425BC650B0CF21
+PT=39B64998D4370E0CB47C1DC23EDCDD03
+CT=EB1BA96272D7BB044A3381439BA4CD5B
+
+I=376
+KEY=C670185A26E7DA4A25D9B33002E234211171DA85CB14027A
+PT=EB1BA96272D7BB044A3381439BA4CD5B
+CT=F87EC3D7F55DA25790718E461BA2E194
+
+I=377
+KEY=72ECF820AC459D8DDDA770E7F7BF9676810054C3D0B6E3EE
+PT=F87EC3D7F55DA25790718E461BA2E194
+CT=AD7EA1621AD7FBA975D6BB0AB9AED116
+
+I=378
+KEY=CE4ECAD1C7D17D1170D9D185ED686DDFF4D6EFC9691832F8
+PT=AD7EA1621AD7FBA975D6BB0AB9AED116
+CT=473B6484F6EAE1FC837A2710AE8D462F
+
+I=379
+KEY=3273752C9A8682F237E2B5011B828C2377ACC8D9C79574D7
+PT=473B6484F6EAE1FC837A2710AE8D462F
+CT=0E3634529E49692762F4D80333738045
+
+I=380
+KEY=8C2CFBB98A4E5E3839D4815385CBE504155810DAF4E6F492
+PT=0E3634529E49692762F4D80333738045
+CT=F8EFEBD78C115CC620F25AB66038F2A0
+
+I=381
+KEY=0416DBCAFA0850D8C13B6A8409DAB9C235AA4A6C94DE0632
+PT=F8EFEBD78C115CC620F25AB66038F2A0
+CT=B4442C38E3B8E87D8AAE2C17A5571CE9
+
+I=382
+KEY=7A7815A748696E99757F46BCEA6251BFBF04667B31891ADB
+PT=B4442C38E3B8E87D8AAE2C17A5571CE9
+CT=576A20E194015AB069D769FCA7D842FC
+
+I=383
+KEY=3848903CD019B4572215665D7E630B0FD6D30F8796515827
+PT=576A20E194015AB069D769FCA7D842FC
+CT=E253D9FB4075B021DF452B3AD51204D6
+
+I=384
+KEY=3E468D281DF03284C046BFA63E16BB2E099624BD43435CF1
+PT=E253D9FB4075B021DF452B3AD51204D6
+CT=D9454AE62207E70A34F13B0063498A8F
+
+I=385
+KEY=860E4E60B132A8851903F5401C115C243D671FBD200AD67E
+PT=D9454AE62207E70A34F13B0063498A8F
+CT=A21F7DA8A298670D631F677D23504757
+
+I=386
+KEY=27B82EDF5FFD15DDBB1C88E8BE893B295E7878C0035A9129
+PT=A21F7DA8A298670D631F677D23504757
+CT=1D239EFBABD09A029FE11C59A385C909
+
+I=387
+KEY=631BCB74800FD13AA63F16131559A12BC1996499A0DF5820
+PT=1D239EFBABD09A029FE11C59A385C909
+CT=C87EB2AB019AFA608BE99CE77717B333
+
+I=388
+KEY=EE1326871289985E6E41A4B814C35B4B4A70F87ED7C8EB13
+PT=C87EB2AB019AFA608BE99CE77717B333
+CT=528DBF70307431E33815D1AA44C30FA8
+
+I=389
+KEY=F1D72A84C2FE044F3CCC1BC824B76AA8726529D4930BE4BB
+PT=528DBF70307431E33815D1AA44C30FA8
+CT=6C8014B427ED6331A5C174CF2846B70A
+
+I=390
+KEY=A1610602C8DD2836504C0F7C035A0999D7A45D1BBB4D53B1
+PT=6C8014B427ED6331A5C174CF2846B70A
+CT=3DF4C4BE003A13030E73026F7027ADB1
+
+I=391
+KEY=B2418E725A1435DD6DB8CBC203601A9AD9D75F74CB6AFE00
+PT=3DF4C4BE003A13030E73026F7027ADB1
+CT=39C50365300DCC5B47F827054879C642
+
+I=392
+KEY=761AF29E74671706547DC8A7336DD6C19E2F787183133842
+PT=39C50365300DCC5B47F827054879C642
+CT=847F488B3CEC2E1E4E1C6B9F37E4F631
+
+I=393
+KEY=C912116E7B47169AD002802C0F81F8DFD03313EEB4F7CE73
+PT=847F488B3CEC2E1E4E1C6B9F37E4F631
+CT=9A581179C883C5E057CC560A3DF6CD34
+
+I=394
+KEY=B08B1226353C6BD34A5A9155C7023D3F87FF45E489010347
+PT=9A581179C883C5E057CC560A3DF6CD34
+CT=799B437C3EF3663EFBD6F186EDFDF21A
+
+I=395
+KEY=1ECAE821E161A2C833C1D229F9F15B017C29B46264FCF15D
+PT=799B437C3EF3663EFBD6F186EDFDF21A
+CT=138A858B14FE28D9A47C76BB3FAE9AA1
+
+I=396
+KEY=3AD2B951E451EEA8204B57A2ED0F73D8D855C2D95B526BFC
+PT=138A858B14FE28D9A47C76BB3FAE9AA1
+CT=5E35BC76C5AC8765A6C396DFE5689579
+
+I=397
+KEY=791E5F91477E986E7E7EEBD428A3F4BD7E965406BE3AFE85
+PT=5E35BC76C5AC8765A6C396DFE5689579
+CT=53F8361BF47A82EF27492322BA6F57AD
+
+I=398
+KEY=194A170B3D4FA6E62D86DDCFDCD9765259DF77240455A928
+PT=53F8361BF47A82EF27492322BA6F57AD
+CT=FF626D77AE144C11480610EC1ABB5028
+
+I=399
+KEY=C9DC82F000187721D2E4B0B872CD3A4311D967C81EEEF900
+PT=FF626D77AE144C11480610EC1ABB5028
+CT=4E46F8C5092B29E29A971A0CD1F610FB
+
+=========================
+
+KEYSIZE=256
+
+I=0
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+PT=00000000000000000000000000000000
+CT=8B79EECC93A0EE5DFF30B4EA21636DA4
+
+I=1
+KEY=AD3965683E6FA98B5F38AC26653679288B79EECC93A0EE5DFF30B4EA21636DA4
+PT=8B79EECC93A0EE5DFF30B4EA21636DA4
+CT=C737317FE0846F132B23C8C2A672CE22
+
+I=2
+KEY=28E79E2AFC5F7745FCCABE2F6257C2EF4C4EDFB37324814ED4137C288711A386
+PT=C737317FE0846F132B23C8C2A672CE22
+CT=E58B82BFBA53C0040DC610C642121168
+
+I=3
+KEY=0721E93EACF9DC6C870D8133376B7C0DA9C55D0CC977414AD9D56CEEC503B2EE
+PT=E58B82BFBA53C0040DC610C642121168
+CT=10B296ABB40504995DB71DDA0B7E26FB
+
+I=4
+KEY=0ECE1E210ADA32EBC497AD50F516602EB977CBA77D7245D384627134CE7D9415
+PT=10B296ABB40504995DB71DDA0B7E26FB
+CT=B7198D8E88BAA25234C18517E99BB70D
+
+I=5
+KEY=D31313ACD90A9BB7D6596DEAB752003F0E6E4629F5C8E781B0A3F42327E62318
+PT=B7198D8E88BAA25234C18517E99BB70D
+CT=6125097DB5738C64513E125872EA436C
+
+I=6
+KEY=488B6A78D9AA23FEA7289E250928BDE36F4B4F5440BB6BE5E19DE67B550C6074
+PT=6125097DB5738C64513E125872EA436C
+CT=07FF2ED24B522F1E31D46E94BE5C505B
+
+I=7
+KEY=03DDD56B142AD3B0E4FFD2BAC6568E5468B461860BE944FBD04988EFEB50302F
+PT=07FF2ED24B522F1E31D46E94BE5C505B
+CT=EB3C1E3328F840B110E934B0129F2F23
+
+I=8
+KEY=20F9D92C65B2F00183464197B23BE5AF83887FB52311044AC0A0BC5FF9CF1F0C
+PT=EB3C1E3328F840B110E934B0129F2F23
+CT=107CB7B403DC3F6F09EC30EC1718D183
+
+I=9
+KEY=79CF0BCF8EFE3DE82E27778923D1AA1993F4C80120CD3B25C94C8CB3EED7CE8F
+PT=107CB7B403DC3F6F09EC30EC1718D183
+CT=CE9DB77B1FAE0CFEC5341FA5AF4CDE8A
+
+I=10
+KEY=F50ADABA26525BFA7BF6EEF2402450785D697F7A3F6337DB0C789316419B1005
+PT=CE9DB77B1FAE0CFEC5341FA5AF4CDE8A
+CT=157B5946862DA3E9A1A83E45857E207D
+
+I=11
+KEY=3B6947995411D0AE50645129D13BACC04812263CB94E9432ADD0AD53C4E53078
+PT=157B5946862DA3E9A1A83E45857E207D
+CT=4AE3583491DF78918CAB3AC241286855
+
+I=12
+KEY=AAD12F02F5E5681D16236B668EF2C46702F17E082891ECA3217B979185CD582D
+PT=4AE3583491DF78918CAB3AC241286855
+CT=05400C32DC84F1AB486A9BADB1415B50
+
+I=13
+KEY=EA02EB82D4B2112DD3BD64C1C908CEC307B1723AF4151D0869110C3C348C037D
+PT=05400C32DC84F1AB486A9BADB1415B50
+CT=E4C0781A2EA68D142504739731EF396E
+
+I=14
+KEY=D51A1846DFEB738F0AF138F74C968DCCE3710A20DAB3901C4C157FAB05633A13
+PT=E4C0781A2EA68D142504739731EF396E
+CT=44CC8A9C84E6AD66BD24F1EE1F925EC3
+
+I=15
+KEY=B6401DFC35AF21E53CD254431CC639E9A7BD80BC5E553D7AF1318E451AF164D0
+PT=44CC8A9C84E6AD66BD24F1EE1F925EC3
+CT=20AF5FDDF65856D1A60ADC03567AE163
+
+I=16
+KEY=D1D2E8B5644910077B3EDB245F029C0D8712DF61A80D6BAB573B52464C8B85B3
+PT=20AF5FDDF65856D1A60ADC03567AE163
+CT=CEB74DD6FBEAFDCEE54930D58AF22ACA
+
+I=17
+KEY=9F932DC2AB83FA5153E7081E7360ABB449A592B753E79665B2726293C679AF79
+PT=CEB74DD6FBEAFDCEE54930D58AF22ACA
+CT=72FB3F7BBBDBA9C036C94531A32E937D
+
+I=18
+KEY=06AABCA83922297791C9D07AEB639BDD3B5EADCCE83C3FA584BB27A265573C04
+PT=72FB3F7BBBDBA9C036C94531A32E937D
+CT=299B26D5D6DFA2C20824D8A84E98A244
+
+I=19
+KEY=6124BC71768DE5E9C14D37915D90F1AE12C58B193EE39D678C9FFF0A2BCF9E40
+PT=299B26D5D6DFA2C20824D8A84E98A244
+CT=0A35C0D4170BDE0258D79B668C7C98F4
+
+I=20
+KEY=282B067BD441670E11E576F26C4EA67D18F04BCD29E84365D448646CA7B306B4
+PT=0A35C0D4170BDE0258D79B668C7C98F4
+CT=F4E3E981FFC8B50FC9146B85A22E71D4
+
+I=21
+KEY=2864E2A3986F99C55EC21C225E3498ECEC13A24CD620F66A1D5C0FE9059D7760
+PT=F4E3E981FFC8B50FC9146B85A22E71D4
+CT=130ACF4CEAFE3277DF057D4D170582ED
+
+I=22
+KEY=600FD4DFD03132B0DB7B2432DBE027C2FF196D003CDEC41DC25972A41298F58D
+PT=130ACF4CEAFE3277DF057D4D170582ED
+CT=50001D54F2EA5EAA3BE2206F3845D9A9
+
+I=23
+KEY=C1CBE3A1679D6C1913EABE3400993100AF197054CE349AB7F9BB52CB2ADD2C24
+PT=50001D54F2EA5EAA3BE2206F3845D9A9
+CT=69F3EE4B230B2DB2492FE0E36B949154
+
+I=24
+KEY=7C6C63E14606A0B09254A531CACB45A0C6EA9E1FED3FB705B094B2284149BD70
+PT=69F3EE4B230B2DB2492FE0E36B949154
+CT=CEEE40F3D2FD9A5521F44AD3AB55198D
+
+I=25
+KEY=22BB6E21BCA0450240DB117B028837AF0804DEEC3FC22D509160F8FBEA1CA4FD
+PT=CEEE40F3D2FD9A5521F44AD3AB55198D
+CT=1FA1F1AE7BF2A8C66A6ED6D5F276846B
+
+I=26
+KEY=7364D9AE40CBB0CCA6640B7E542DBA2617A52F4244308596FB0E2E2E186A2096
+PT=1FA1F1AE7BF2A8C66A6ED6D5F276846B
+CT=6D5BD8391C73507D57B902AB3D58D228
+
+I=27
+KEY=A2D8BF7602FCD22755ADA9979B2DD33B7AFEF77B5843D5EBACB72C852532F2BE
+PT=6D5BD8391C73507D57B902AB3D58D228
+CT=15ACD05539318363F275C857FBC5D86C
+
+I=28
+KEY=3AD56A33CE89D8D3510C4152DEE734126F52272E617256885EC2E4D2DEF72AD2
+PT=15ACD05539318363F275C857FBC5D86C
+CT=B54F8D944301A899A2A88440FE8AB631
+
+I=29
+KEY=13ED08137C66C2000D3FE9E167387864DA1DAABA2273FE11FC6A6092207D9CE3
+PT=B54F8D944301A899A2A88440FE8AB631
+CT=23B4BF936BF383325F0DAF0548E32851
+
+I=30
+KEY=3C2C53CCDB4721F44B6C057BF758361AF9A9152949807D23A367CF97689EB4B2
+PT=23B4BF936BF383325F0DAF0548E32851
+CT=8B4984C6F39C7FD543B4A8629EAC6740
+
+I=31
+KEY=95E744B66044529E2DC2B06BF84FF3D672E091EFBA1C02F6E0D367F5F632D3F2
+PT=8B4984C6F39C7FD543B4A8629EAC6740
+CT=108834058381578E8AA7988E03942230
+
+I=32
+KEY=E7715B09238876A93F9858D9548CBEA56268A5EA399D55786A74FF7BF5A6F1C2
+PT=108834058381578E8AA7988E03942230
+CT=EE3974A2ECEA5A1E6FC09535323BFF29
+
+I=33
+KEY=08F25145082684F576933E4DF5C63DFE8C51D148D5770F6605B46A4EC79D0EEB
+PT=EE3974A2ECEA5A1E6FC09535323BFF29
+CT=1AC80F42E3529BCA587D4EA828BD3631
+
+I=34
+KEY=93D63C9069B415595934FA66C76A9CD09699DE0A362594AC5DC924E6EF2038DA
+PT=1AC80F42E3529BCA587D4EA828BD3631
+CT=E196DF1E8A0DE844EBD3FD84B307EEB6
+
+I=35
+KEY=0F5E4A3907A7BC56AAC2CB6F6871674C770F0114BC287CE8B61AD9625C27D66C
+PT=E196DF1E8A0DE844EBD3FD84B307EEB6
+CT=917AC29C88967EE5C792E72B046A4399
+
+I=36
+KEY=B935C42A3A93D1E45E94CBE1E232A135E675C38834BE020D71883E49584D95F5
+PT=917AC29C88967EE5C792E72B046A4399
+CT=9CE3D545895005F3EC432699F17FFDA2
+
+I=37
+KEY=CC3C0DCF9E6E91BE48B7F7AE251D1CB37A9616CDBDEE07FE9DCB18D0A9326857
+PT=9CE3D545895005F3EC432699F17FFDA2
+CT=089F0D41397E27B04D3268834ADF932C
+
+I=38
+KEY=29AB63D0AB0E237BA75D250BC67E362472091B8C8490204ED0F97053E3EDFB7B
+PT=089F0D41397E27B04D3268834ADF932C
+CT=9C364B0CC209389C00824505226B8989
+
+I=39
+KEY=7FB99ABACCC92D9C8B17CC0066F02F39EE3F5080469918D2D07B3556C18672F2
+PT=9C364B0CC209389C00824505226B8989
+CT=767FB14493BE17A29839FBF115B9B38B
+
+I=40
+KEY=DB08EEBD184AEEB002302A3C41E5595B9840E1C4D5270F704842CEA7D43FC179
+PT=767FB14493BE17A29839FBF115B9B38B
+CT=CBEC5B7FB05D673C19EBF0F4B647CDB5
+
+I=41
+KEY=F7C517C27F319857F1D9DA5D29B6B76353ACBABB657A684C51A93E5362780CCC
+PT=CBEC5B7FB05D673C19EBF0F4B647CDB5
+CT=9721CB9555EF079ADD547D8DE09CC0C7
+
+I=42
+KEY=47D5164E15743853C8B0E55ED3A965D6C48D712E30956FD68CFD43DE82E4CC0B
+PT=9721CB9555EF079ADD547D8DE09CC0C7
+CT=5B16109122E874A08A2A48D5B5753256
+
+I=43
+KEY=152E7EF1B0FAD417DA84B4FA0AB560DB9F9B61BF127D1B7606D70B0B3791FE5D
+PT=5B16109122E874A08A2A48D5B5753256
+CT=198A9B7C41C225334176614A16F1D7CB
+
+I=44
+KEY=81BB271A9F0CE56E452C9FBE4CF09FF88611FAC353BF3E4547A16A4121602996
+PT=198A9B7C41C225334176614A16F1D7CB
+CT=56E255DB999AFA713020C4E987F4433B
+
+I=45
+KEY=A654ABA71B351BCBFD1CB03B5F88CE1AD0F3AF18CA25C4347781AEA8A6946AAD
+PT=56E255DB999AFA713020C4E987F4433B
+CT=7BF8470233D197839D4FC1B365E79C8D
+
+I=46
+KEY=C700B39660C3C72E15E278B2D22DD528AB0BE81AF9F453B7EACE6F1BC373F620
+PT=7BF8470233D197839D4FC1B365E79C8D
+CT=D7CDF94CBBE5E7EF7E47E4CE9BD5E073
+
+I=47
+KEY=C49B1589810F1915998C8C79CA2382D87CC611564211B45894898BD558A61653
+PT=D7CDF94CBBE5E7EF7E47E4CE9BD5E073
+CT=A5617B71AF28E732A0B69BFA3B90F291
+
+I=48
+KEY=D37A9390FD2C8D4D01704352BAFC2EE2D9A76A27ED39536A343F102F6336E4C2
+PT=A5617B71AF28E732A0B69BFA3B90F291
+CT=156D08F6A2AC3F7202DBEE15D53C8BCD
+
+I=49
+KEY=E4E2958608635DF83B8E39FD503356D5CCCA62D14F956C1836E4FE3AB60A6F0F
+PT=156D08F6A2AC3F7202DBEE15D53C8BCD
+CT=1790CB4B9B4E01F4CA3AAB588A3B7A51
+
+I=50
+KEY=B0F77AF53FB1FAF66A421093111DC925DB5AA99AD4DB6DECFCDE55623C31155E
+PT=1790CB4B9B4E01F4CA3AAB588A3B7A51
+CT=5E2DC515FE9BAE8F16188DC052C63A80
+
+I=51
+KEY=487CA8ECBA3E2CAF61A16285005F01F685776C8F2A40C363EAC6D8A26EF72FDE
+PT=5E2DC515FE9BAE8F16188DC052C63A80
+CT=A625E46D2DA293F536D25C9207090AA5
+
+I=52
+KEY=410909F6119DDA628537B825D24E8DF9235288E207E25096DC14843069FE257B
+PT=A625E46D2DA293F536D25C9207090AA5
+CT=FEFCF38ABD12EAAD37F3AE73BC4B4A8C
+
+I=53
+KEY=F1027D98B61D2F383BCF60A83D317D03DDAE7B68BAF0BA3BEBE72A43D5B56FF7
+PT=FEFCF38ABD12EAAD37F3AE73BC4B4A8C
+CT=76D8221C2AAD44D226C769875A93CDA8
+
+I=54
+KEY=DDA104019F122286887545C85F6B09B1AB765974905DFEE9CD2043C48F26A25F
+PT=76D8221C2AAD44D226C769875A93CDA8
+CT=DE7FBEB010089D7EE0A1BD18F3461AEE
+
+I=55
+KEY=46CE686778BA955831B63F2ACFE397747509E7C4805563972D81FEDC7C60B8B1
+PT=DE7FBEB010089D7EE0A1BD18F3461AEE
+CT=A8B0824BD1FC52D92AFA0B4B23ABDEBD
+
+I=56
+KEY=EF1408D365E549B808DADADE3D4CBCDADDB9658F51A9314E077BF5975FCB660C
+PT=A8B0824BD1FC52D92AFA0B4B23ABDEBD
+CT=93AC85EE8DE4091894F0E1800A0DF443
+
+I=57
+KEY=8E8FC86B7F82A57799FE32DD1C748C8D4E15E061DC4D3856938B141755C6924F
+PT=93AC85EE8DE4091894F0E1800A0DF443
+CT=0FAE963D9B74341316D7EA8862D0766F
+
+I=58
+KEY=D3900458ABB1ACCE0707A49565D27C4C41BB765C47390C45855CFE9F3716E420
+PT=0FAE963D9B74341316D7EA8862D0766F
+CT=37930DFBC771510D0BBDCBFAB2A5852F
+
+I=59
+KEY=C55EE2F5633DE3E7EF3710C6C143AA7076287BA780485D488EE1356585B3610F
+PT=37930DFBC771510D0BBDCBFAB2A5852F
+CT=9C3B82D06CB9378F6CBBF6325B456A8B
+
+I=60
+KEY=AA16073435B24614EB1E9AE81FD921F0EA13F977ECF16AC7E25AC357DEF60B84
+PT=9C3B82D06CB9378F6CBBF6325B456A8B
+CT=2DB135F2599323714B4D0E66562FAF48
+
+I=61
+KEY=033F102BFB13F9F84A4E9FC0C6F52AC8C7A2CC85B56249B6A917CD3188D9A4CC
+PT=2DB135F2599323714B4D0E66562FAF48
+CT=130D64DC60EE70F07F6A68F26A9B5E19
+
+I=62
+KEY=60D36FD89196DB13031E829B54615707D4AFA859D58C3946D67DA5C3E242FAD5
+PT=130D64DC60EE70F07F6A68F26A9B5E19
+CT=E4E5C4A1E2A0DC99EEC583E311824371
+
+I=63
+KEY=532BC273D1843EB5CC1DE01D28684454304A6CF8372CE5DF38B82620F3C0B9A4
+PT=E4E5C4A1E2A0DC99EEC583E311824371
+CT=72CCE240749A6BFD0A93CDCBE2589B41
+
+I=64
+KEY=DAE91111E43D9DF4A0F44C27A6B1AB0842868EB843B68E22322BEBEB119822E5
+PT=72CCE240749A6BFD0A93CDCBE2589B41
+CT=300F85629B48F47444D2AA51EBAAD16C
+
+I=65
+KEY=5C7C95B43BEA70F20A5C490F9A9F716372890BDAD8FE7A5676F941BAFA32F389
+PT=300F85629B48F47444D2AA51EBAAD16C
+CT=89278608A583E1243704B39AB9C0F30C
+
+I=66
+KEY=5B64FDB468399A031D5745325331C2E8FBAE8DD27D7D9B7241FDF22043F20085
+PT=89278608A583E1243704B39AB9C0F30C
+CT=71B74D5FAA4558A59F3BC91AA564579A
+
+I=67
+KEY=0166230CCF036B4B22C63D36F71C3CF58A19C08DD738C3D7DEC63B3AE696571F
+PT=71B74D5FAA4558A59F3BC91AA564579A
+CT=7B433C70951E4BD140FF7A0CBF367429
+
+I=68
+KEY=D7A12389D7DD5DE963841B344315ADF9F15AFCFD422688069E39413659A02336
+PT=7B433C70951E4BD140FF7A0CBF367429
+CT=B0BE67EBCD672549AF03D323AF026FFF
+
+I=69
+KEY=A3EC2E92C58FE150F708C6FAEB1F459E41E49B168F41AD4F313A9215F6A24CC9
+PT=B0BE67EBCD672549AF03D323AF026FFF
+CT=99A829A7C5C7CD6A44C7EABA9A5421C7
+
+I=70
+KEY=CC3F7485BF8460CB1EA0AA3C20553644D84CB2B14A86602575FD78AF6CF66D0E
+PT=99A829A7C5C7CD6A44C7EABA9A5421C7
+CT=76E1A70AF79F89CFE68EAF15DC0E9BC5
+
+I=71
+KEY=17DC64F06B3A2941A21AE58E2FFAB363AEAD15BBBD19E9EA9373D7BAB0F8F6CB
+PT=76E1A70AF79F89CFE68EAF15DC0E9BC5
+CT=DB0805B5DCC1CA2CA7489C8E1237E7A2
+
+I=72
+KEY=DC7128E894C9DA167D0ACED5888F846275A5100E61D823C6343B4B34A2CF1169
+PT=DB0805B5DCC1CA2CA7489C8E1237E7A2
+CT=935D409B87A85A2CFCC09DE3D2A9A294
+
+I=73
+KEY=8073895C9316D299F4F32C602F2F2616E6F85095E67079EAC8FBD6D77066B3FD
+PT=935D409B87A85A2CFCC09DE3D2A9A294
+CT=F22B73EFF24249CBCB31BDC7C126B735
+
+I=74
+KEY=99E16793433652800ABAD7000638560914D3237A1432302103CA6B10B14004C8
+PT=F22B73EFF24249CBCB31BDC7C126B735
+CT=A16A380AE9B3F2B0AE39BB0E24BF7C0A
+
+I=75
+KEY=8F77C5E97DA567CC447B52F45175BC74B5B91B70FD81C291ADF3D01E95FF78C2
+PT=A16A380AE9B3F2B0AE39BB0E24BF7C0A
+CT=9CF088DE60AE87687481C9F217E86A7C
+
+I=76
+KEY=DA1B3C2C424D2BC6A1C7A3D18D41C3F5294993AE9D2F45F9D97219EC821712BE
+PT=9CF088DE60AE87687481C9F217E86A7C
+CT=1C8B68951E65E32E77F1A31571351C1B
+
+I=77
+KEY=3D64F3D4BF8F585917273805AA43DCD735C2FB3B834AA6D7AE83BAF9F3220EA5
+PT=1C8B68951E65E32E77F1A31571351C1B
+CT=4AD3F3B0C15D810F0EA0FF62C6B2D0FE
+
+I=78
+KEY=51D61FB1B31EB55C7AA2D918E7BE32A97F11088B421727D8A023459B3590DE5B
+PT=4AD3F3B0C15D810F0EA0FF62C6B2D0FE
+CT=0DFCF7CA661572E050C522AE554A4BF8
+
+I=79
+KEY=B93510F7689FB9856194CF629EF63AAA72EDFF4124025538F0E6673560DA95A3
+PT=0DFCF7CA661572E050C522AE554A4BF8
+CT=7C185A5A68675DAC7A16C8DDE4B8CF8B
+
+I=80
+KEY=8496679D7598A1B91D2F221CF958F90B0EF5A51B4C6508948AF0AFE884625A28
+PT=7C185A5A68675DAC7A16C8DDE4B8CF8B
+CT=88FDDDA7BC2B09E48598A94474C64DC7
+
+I=81
+KEY=F27BCC0F919566675B129C526A4DC796860878BCF04E01700F6806ACF0A417EF
+PT=88FDDDA7BC2B09E48598A94474C64DC7
+CT=35C5C98C9C774D0BE9EFFB55C90B2F9C
+
+I=82
+KEY=05F12B58DBF5602D31CFD0EB10313502B3CDB1306C394C7BE687FDF939AF3873
+PT=35C5C98C9C774D0BE9EFFB55C90B2F9C
+CT=C3374B5C81646AC881F0F924C22A723B
+
+I=83
+KEY=FD05BE617555BC8184C2F46911C46B9E70FAFA6CED5D26B3677704DDFB854A48
+PT=C3374B5C81646AC881F0F924C22A723B
+CT=0CE756792AF27525A088700DB66D4399
+
+I=84
+KEY=3831345DFA5ADDF7CE8B5F76B5E1EBDE7C1DAC15C7AF5396C7FF74D04DE809D1
+PT=0CE756792AF27525A088700DB66D4399
+CT=401CD076E03C108A7FD79651407923E9
+
+I=85
+KEY=B101FDD95C23BE560262D355E09FC39B3C017C632793431CB828E2810D912A38
+PT=401CD076E03C108A7FD79651407923E9
+CT=88614E46C416E5164F2A63CDA9DD7B89
+
+I=86
+KEY=0B53859962A79D216E395830E36F8D45B4603225E385A60AF702814CA44C51B1
+PT=88614E46C416E5164F2A63CDA9DD7B89
+CT=7411856C8F14A2E5F6C5F1830302A66F
+
+I=87
+KEY=FE07E3B8961C2A1B3E34A50F8CFA1A45C071B7496C9104EF01C770CFA74EF7DE
+PT=7411856C8F14A2E5F6C5F1830302A66F
+CT=B0A815E93EBAC7A68F8BB420C8A5692D
+
+I=88
+KEY=9F2E0D3DB033B1929009D6C4C460B24F70D9A2A0522BC3498E4CC4EF6FEB9EF3
+PT=B0A815E93EBAC7A68F8BB420C8A5692D
+CT=AA6D27BB26275F5CB3EC3D6A8AFB80BF
+
+I=89
+KEY=5E903EF160161E1CA79A26D28FE32175DAB4851B740C9C153DA0F985E5101E4C
+PT=AA6D27BB26275F5CB3EC3D6A8AFB80BF
+CT=EAF7941A7E5D3907B6F52C1106EED2CE
+
+I=90
+KEY=60284EF35A9246CC32002028E4969309304311010A51A5128B55D594E3FECC82
+PT=EAF7941A7E5D3907B6F52C1106EED2CE
+CT=1178DD3DBDB1810E360E6FE09AA0D75C
+
+I=91
+KEY=300CB519F3203AD4589749651BD99AC7213BCC3CB7E0241CBD5BBA74795E1BDE
+PT=1178DD3DBDB1810E360E6FE09AA0D75C
+CT=584B48263DE541E93B29C6E570D4A6F4
+
+I=92
+KEY=2F79EA55D0E3EAF1D0DBD364A7D64E2A7970841A8A0565F586727C91098ABD2A
+PT=584B48263DE541E93B29C6E570D4A6F4
+CT=7B2EC27F2F1BC24EAD4FC0AA0519685C
+
+I=93
+KEY=8B46F59BF2C4B226523C203E8FD3936D025E4665A51EA7BB2B3DBC3B0C93D576
+PT=7B2EC27F2F1BC24EAD4FC0AA0519685C
+CT=13404D003576493EBB36C07C6D16A1B6
+
+I=94
+KEY=C7E75C30B0CE770A0075E3EBEB244811111E0B659068EE85900B7C47618574C0
+PT=13404D003576493EBB36C07C6D16A1B6
+CT=A083421A139DF68C8F863B337F3408BE
+
+I=95
+KEY=A957F876769BE9005DCEE4B7514FAC62B19D497F83F518091F8D47741EB17C7E
+PT=A083421A139DF68C8F863B337F3408BE
+CT=BF86650C9ECBD6C14B420FBE6B6E488B
+
+I=96
+KEY=FD4DE7532652D17C5ACCEA759C52A95C0E1B2C731D3ECEC854CF48CA75DF34F5
+PT=BF86650C9ECBD6C14B420FBE6B6E488B
+CT=75CEFAE872574AB6F26B0CAF6F08D858
+
+I=97
+KEY=54DBCDC0A57363DE6B3A032607E968C27BD5D69B6F69847EA6A444651AD7ECAD
+PT=75CEFAE872574AB6F26B0CAF6F08D858
+CT=8A3F9C96598883E9D3760C8A8FE406C6
+
+I=98
+KEY=AC10312E365401908F2C8AE371CB8C90F1EA4A0D36E1079775D248EF9533EA6B
+PT=8A3F9C96598883E9D3760C8A8FE406C6
+CT=B8B372C0CC6D164F340DF26B8F832DF8
+
+I=99
+KEY=64265CF02043C966C01DF5255F8D2867495938CDFA8C11D841DFBA841AB0C793
+PT=B8B372C0CC6D164F340DF26B8F832DF8
+CT=A7F6267A6F0CEB0EF7D07959EE065760
+
+I=100
+KEY=CF6B88FB273B247B8D64B5A323EF5760EEAF1EB79580FAD6B60FC3DDF4B690F3
+PT=A7F6267A6F0CEB0EF7D07959EE065760
+CT=AD96ADAC9B786AB78B1B46D9E026C935
+
+I=101
+KEY=4C8EEA35A90CB46AF32235997D2ADBBE4339B31B0EF890613D148504149059C6
+PT=AD96ADAC9B786AB78B1B46D9E026C935
+CT=FC7BAC9A5F64571AABF4B0A451C8D88D
+
+I=102
+KEY=0DD6D30191FABEC371CF0BA223BECF19BF421F81519CC77B96E035A04558814B
+PT=FC7BAC9A5F64571AABF4B0A451C8D88D
+CT=2B56E363834F27090FAC8061507A4787
+
+I=103
+KEY=2E69324E634312611C33F695A137AFE49414FCE2D2D3E072994CB5C11522C6CC
+PT=2B56E363834F27090FAC8061507A4787
+CT=FD37886E30CEFA28F8E8A5662A9EC5DC
+
+I=104
+KEY=8AFAC0C1507472CCB28B37CA88B7139D6923748CE21D1A5A61A410A73FBC0310
+PT=FD37886E30CEFA28F8E8A5662A9EC5DC
+CT=F7F36142C000D5162F789C392971FCE7
+
+I=105
+KEY=7DC5DA2A80219692F9F26C5934826DF29ED015CE221DCF4C4EDC8C9E16CDFFF7
+PT=F7F36142C000D5162F789C392971FCE7
+CT=D560607A0F0BE8320F2CEE56B155163F
+
+I=106
+KEY=3CC9AE3E3EB90B511C6D8CD74419D6944BB075B42D16277E41F062C8A798E9C8
+PT=D560607A0F0BE8320F2CEE56B155163F
+CT=708133FEB47A226A616900D46FA85037
+
+I=107
+KEY=8B84B7F96F9B3184D5B6402ECAE344CB3B31464A996C05142099621CC830B9FF
+PT=708133FEB47A226A616900D46FA85037
+CT=1B2ED9348FC7A4E4AD8BFCE2A148D1AD
+
+I=108
+KEY=655CB7606D17582441247D23E222ECCF201F9F7E16ABA1F08D129EFE69786852
+PT=1B2ED9348FC7A4E4AD8BFCE2A148D1AD
+CT=B2B726C8605A6F5CBA97F04E85A1F985
+
+I=109
+KEY=E0BA77DAAD3E3502AB9A6CEBEC654D0492A8B9B676F1CEAC37856EB0ECD991D7
+PT=B2B726C8605A6F5CBA97F04E85A1F985
+CT=CD7F53BB4AEB364A1D8630E0B5C4A6A2
+
+I=110
+KEY=1470D5E493B0E8212F02D4419C46A8CD5FD7EA0D3C1AF8E62A035E50591D3775
+PT=CD7F53BB4AEB364A1D8630E0B5C4A6A2
+CT=57271A960FE2170BA3F1987E694BBD16
+
+I=111
+KEY=415408E88421573F93FDBE25DD4B90C208F0F09B33F8EFED89F2C62E30568A63
+PT=57271A960FE2170BA3F1987E694BBD16
+CT=E9D47C3E926475FFDB783624C3ADB17B
+
+I=112
+KEY=40B3017DC81EEE4BF652AE8BB8CEED1DE1248CA5A19C9A12528AF00AF3FB3B18
+PT=E9D47C3E926475FFDB783624C3ADB17B
+CT=D78F96812BB55723E04BE8818C262485
+
+I=113
+KEY=9EABE9B3608ACE61684BAD3F3FED5C9736AB1A248A29CD31B2C1188B7FDD1F9D
+PT=D78F96812BB55723E04BE8818C262485
+CT=E2092227E1A3D2E525942090DA0A3F3E
+
+I=114
+KEY=B095E4F38E060016EBC4C42D3A4EFBD6D4A238036B8A1FD49755381BA5D720A3
+PT=E2092227E1A3D2E525942090DA0A3F3E
+CT=95E9EE1F56A65FF85B752FC300F525AE
+
+I=115
+KEY=9B2841F44291552EA04DE13E4E78011B414BD61C3D2C402CCC2017D8A522050D
+PT=95E9EE1F56A65FF85B752FC300F525AE
+CT=32D8465F2E11A04F8984FEE8E710CD25
+
+I=116
+KEY=67D8B10D0DDB61932E610EB077F0D85F73939043133DE06345A4E9304232C828
+PT=32D8465F2E11A04F8984FEE8E710CD25
+CT=2D9803ECFB95B2591FE56B3CBB4307F2
+
+I=117
+KEY=B0C80A38EDE23A549EF08E5DC3CEA2F25E0B93AFE8A8523A5A41820CF971CFDA
+PT=2D9803ECFB95B2591FE56B3CBB4307F2
+CT=4B19F9BCAFD471BF9014ADA19891E4E6
+
+I=118
+KEY=85C6DF29F9AEBA6087E3746BA5CF6C1515126A13477C2385CA552FAD61E02B3C
+PT=4B19F9BCAFD471BF9014ADA19891E4E6
+CT=53159BC4FBD06FD03ABAC028A536C4A0
+
+I=119
+KEY=2D42BE0B33D92ECC40DF48CF0AE0CB764607F1D7BCAC4C55F0EFEF85C4D6EF9C
+PT=53159BC4FBD06FD03ABAC028A536C4A0
+CT=BCDB1347ACD50D0084D588D4540420E3
+
+I=120
+KEY=338A4DC6E729E6FCF71095BB4E6F52FEFADCE29010794155743A675190D2CF7F
+PT=BCDB1347ACD50D0084D588D4540420E3
+CT=E12DC82E79554E1202DA471C3221A554
+
+I=121
+KEY=47597486437CBCD33FC195C56FF972BB1BF12ABE692C0F4776E0204DA2F36A2B
+PT=E12DC82E79554E1202DA471C3221A554
+CT=23A43E9D6F7C5A6C842233CCEC120EB9
+
+I=122
+KEY=CEE8CF713EBF0C609E3429E5183014BB385514230650552BF2C213814EE16492
+PT=23A43E9D6F7C5A6C842233CCEC120EB9
+CT=9F3F4349BF98D3CC00DB167F0FFDC7AB
+
+I=123
+KEY=C9B3A1CAFA0D4F0DA942C17FFB75E333A76A576AB9C886E7F21905FE411CA339
+PT=9F3F4349BF98D3CC00DB167F0FFDC7AB
+CT=C4D8B8EBEF311C11FE2404220EA65E99
+
+I=124
+KEY=8360E6F464B61C4BAE31D3A72422128463B2EF8156F99AF60C3D01DC4FBAFDA0
+PT=C4D8B8EBEF311C11FE2404220EA65E99
+CT=47E3318C721E6C094763F0A18042911D
+
+I=125
+KEY=926B00B9767D0CAD5331CD6F0343C4A92451DE0D24E7F6FF4B5EF17DCFF86CBD
+PT=47E3318C721E6C094763F0A18042911D
+CT=D709FA9A1415B0FAC71B4CF52504791F
+
+I=126
+KEY=3F4349126EF6A51FD196742CB461D01EF358249730F246058C45BD88EAFC15A2
+PT=D709FA9A1415B0FAC71B4CF52504791F
+CT=7937DD067DDB85F200A492E5824DA23C
+
+I=127
+KEY=4420ADF6906CFBF8421524E88517327C8A6FF9914D29C3F78CE12F6D68B1B79E
+PT=7937DD067DDB85F200A492E5824DA23C
+CT=B68617F1372847206BA088D7100334A4
+
+I=128
+KEY=125BEB5234B89A376ABBB2185F24BDDE3CE9EE607A0184D7E741A7BA78B2833A
+PT=B68617F1372847206BA088D7100334A4
+CT=390938BA9F2264484DE63D8003C15369
+
+I=129
+KEY=A457831AB172D88111E87C3955D0C0F205E0D6DAE523E09FAAA79A3A7B73D053
+PT=390938BA9F2264484DE63D8003C15369
+CT=A69ED32FD728337A5C25FBC2230DC788
+
+I=130
+KEY=CC7ED4183BFAE0FA0F9DD348B8E194F2A37E05F5320BD3E5F68261F8587E17DB
+PT=A69ED32FD728337A5C25FBC2230DC788
+CT=EDB9D6099202FE4AE51EEC725478FB47
+
+I=131
+KEY=686AB4F5C19296AED306ADEA4FD52D1A4EC7D3FCA0092DAF139C8D8A0C06EC9C
+PT=EDB9D6099202FE4AE51EEC725478FB47
+CT=61059EA3BF0C953762CB37E50ED7081F
+
+I=132
+KEY=8115329FADEBA92AB2827BD7701A01442FC24D5F1F05B8987157BA6F02D1E483
+PT=61059EA3BF0C953762CB37E50ED7081F
+CT=A683E36EF7CCDABDBCA683C2D6560D25
+
+I=133
+KEY=49254E8904EED2766A6A1A615B63B97C8941AE31E8C96225CDF139ADD487E9A6
+PT=A683E36EF7CCDABDBCA683C2D6560D25
+CT=8EF424771561BFEC0058C7CAA5876EF6
+
+I=134
+KEY=259194CE8701581012F5592B61BCA99507B58A46FDA8DDC9CDA9FE6771008750
+PT=8EF424771561BFEC0058C7CAA5876EF6
+CT=79AC024A7BA5FFE143D40D34F2E587A6
+
+I=135
+KEY=CA0427FE28C77D0CA25D6851CCFE58C47E19880C860D22288E7DF35383E500F6
+PT=79AC024A7BA5FFE143D40D34F2E587A6
+CT=2258AB9F0E254CE21EB9B7F6EA690671
+
+I=136
+KEY=DA9A4B566C9F670DF850F891A5274CC95C41239388286ECA90C444A5698C0687
+PT=2258AB9F0E254CE21EB9B7F6EA690671
+CT=55ACB73E8A45BF964BD040C799724DAD
+
+I=137
+KEY=9F177A6A6B524C75DB5CC0DBB6AD733209ED94AD026DD15CDB140462F0FE4B2A
+PT=55ACB73E8A45BF964BD040C799724DAD
+CT=3E904B15F2E5DDC934DABC25259CB3CF
+
+I=138
+KEY=2AD96F6874C1BA6A82C5EE80A9A2E8E5377DDFB8F0880C95EFCEB847D562F8E5
+PT=3E904B15F2E5DDC934DABC25259CB3CF
+CT=3ACFF8D5B701A5BD1355DDA705D269CB
+
+I=139
+KEY=ADD59DF57CC01DE988C6D81E65B1D00E0DB2276D4789A928FC9B65E0D0B0912E
+PT=3ACFF8D5B701A5BD1355DDA705D269CB
+CT=3EF4AC14CC954FB4A9A808C7C00A2F1F
+
+I=140
+KEY=D3EBE43C4E9C96B37133F6AF8910A25F33468B798B1CE69C55336D2710BABE31
+PT=3EF4AC14CC954FB4A9A808C7C00A2F1F
+CT=61C50D5C736AEDCF03C06FC310CC19D9
+
+I=141
+KEY=FA45F434377F2E217C4A5B7A7526CC1952838625F8760B5356F302E40076A7E8
+PT=61C50D5C736AEDCF03C06FC310CC19D9
+CT=2BF543C6548ED0344262640AD95F95C9
+
+I=142
+KEY=71EAD73C81ED5AE731D19B0B2B42F0E87976C5E3ACF8DB67149166EED9293221
+PT=2BF543C6548ED0344262640AD95F95C9
+CT=F8C1DBDD20317FEB1625634A451931B5
+
+I=143
+KEY=3FD0019D000111D4300D2CEF39F53C0D81B71E3E8CC9A48C02B405A49C300394
+PT=F8C1DBDD20317FEB1625634A451931B5
+CT=DEDB54735B8B90C8EEC66EAECFB13ED6
+
+I=144
+KEY=070976B2D3AA1E737BC24A8A794A21BE5F6C4A4DD7423444EC726B0A53813D42
+PT=DEDB54735B8B90C8EEC66EAECFB13ED6
+CT=75941A1ADA444115961E058E2D6C6396
+
+I=145
+KEY=81AC2B7F073D0D06BA8A43D3381D3A3F2AF850570D0675517A6C6E847EED5ED4
+PT=75941A1ADA444115961E058E2D6C6396
+CT=7C66BE2B0354A6549E10489AF7A83424
+
+I=146
+KEY=37BDD1946BB9B5616115F015E9162F5B569EEE7C0E52D305E47C261E89456AF0
+PT=7C66BE2B0354A6549E10489AF7A83424
+CT=F589769555BDEFD0B29E6A65313BD2E1
+
+I=147
+KEY=CF27BD543BB4EED052B808D1EE350D35A31798E95BEF3CD556E24C7BB87EB811
+PT=F589769555BDEFD0B29E6A65313BD2E1
+CT=9B3215F70FBCC5ED9CC0D6D7E1E56F11
+
+I=148
+KEY=43321308251C33234CCD9ED19E5E74AF38258D1E5453F938CA229AAC599BD700
+PT=9B3215F70FBCC5ED9CC0D6D7E1E56F11
+CT=705CCB60E0A6E997578DCC804D49D265
+
+I=149
+KEY=F2152160EAD144776BA6BDED0AC49CD24879467EB4F510AF9DAF562C14D20565
+PT=705CCB60E0A6E997578DCC804D49D265
+CT=3DA4CEC68D47E55ECF21A1C5CDAFE4E6
+
+I=150
+KEY=593B7EDAE946A5269EF33D088D1B297675DD88B839B2F5F1528EF7E9D97DE183
+PT=3DA4CEC68D47E55ECF21A1C5CDAFE4E6
+CT=32299EDBED49B66271107CA1822F179E
+
+I=151
+KEY=852E4554AD1459CE81DBA17D18DA96C447F41663D4FB4393239E8B485B52F61D
+PT=32299EDBED49B66271107CA1822F179E
+CT=45856FD2080FA9BBFA0857BCF7381823
+
+I=152
+KEY=1D8F910508F9C08DB4DE4D5C465310F4027179B1DCF4EA28D996DCF4AC6AEE3E
+PT=45856FD2080FA9BBFA0857BCF7381823
+CT=6A8C18595AF5D1E46F9F168C31566BAF
+
+I=153
+KEY=1A42C028C1ABA740D95A47ABD7B4F40D68FD61E886013BCCB609CA789D3C8591
+PT=6A8C18595AF5D1E46F9F168C31566BAF
+CT=71A41A6B6BF9FB906B0617DCB76B4BA5
+
+I=154
+KEY=3C408CB08BCAF34B2BCE6EF787A96D5219597B83EDF8C05CDD0FDDA42A57CE34
+PT=71A41A6B6BF9FB906B0617DCB76B4BA5
+CT=9105B8FC516E0B19AEDD003979F8C298
+
+I=155
+KEY=804516E36B1B5E046B15CBE1D3F26EE9885CC37FBC96CB4573D2DD9D53AF0CAC
+PT=9105B8FC516E0B19AEDD003979F8C298
+CT=27ACD01CC0403AD6DB45C7DF3E515EDE
+
+I=156
+KEY=CD8199690660BD4DBA38CE522D1A12CEAFF013637CD6F193A8971A426DFE5272
+PT=27ACD01CC0403AD6DB45C7DF3E515EDE
+CT=86E2A23AC567C5F05F15A318E38360A7
+
+I=157
+KEY=0AD8BB3D5B2A538DF0BDD50EB74CC1BA2912B159B9B13463F782B95A8E7D32D5
+PT=86E2A23AC567C5F05F15A318E38360A7
+CT=CB03EDA81BF211B5FE03D4A0879E9EDD
+
+I=158
+KEY=081040B60AE9E733243F4C39013EEDB5E2115CF1A24325D609816DFA09E3AC08
+PT=CB03EDA81BF211B5FE03D4A0879E9EDD
+CT=6F1AD4AD727348DD593459E0D7661813
+
+I=159
+KEY=A51E29D20BB0963DF854C898299E114A8D0B885CD0306D0B50B5341ADE85B41B
+PT=6F1AD4AD727348DD593459E0D7661813
+CT=236B421E3103D4C17297D3F5C8BA1D17
+
+I=160
+KEY=49D4EB9964431F42F0FC6494A47A50CCAE60CA42E133B9CA2222E7EF163FA90C
+PT=236B421E3103D4C17297D3F5C8BA1D17
+CT=118AE5A5597E8DB200B26DBE11AC4BC8
+
+I=161
+KEY=0F3F7298BE444450A0A07A4B73897720BFEA2FE7B84D347822908A510793E2C4
+PT=118AE5A5597E8DB200B26DBE11AC4BC8
+CT=DF02587F25CC4C59E6AECE98BCAACCB8
+
+I=162
+KEY=7E30984A4C0B18D2F791858B83FC960960E877989D817821C43E44C9BB392E7C
+PT=DF02587F25CC4C59E6AECE98BCAACCB8
+CT=3DA0F35FDAEF499ADBF602939FC748D4
+
+I=163
+KEY=360A7168E056892E5BF0127EA3B58CAF5D4884C7476E31BB1FC8465A24FE66A8
+PT=3DA0F35FDAEF499ADBF602939FC748D4
+CT=FE462F878CEEDDDAA00855B85A81A14B
+
+I=164
+KEY=A75B3537E0EB98FC0F41C9E1306F6667A30EAB40CB80EC61BFC013E27E7FC7E3
+PT=FE462F878CEEDDDAA00855B85A81A14B
+CT=47EA8AC561D7A9F99F64F41A9AD46E5C
+
+I=165
+KEY=219E71FC6D23A5103DE4DA9C5EDFA0AEE4E42185AA57459820A4E7F8E4ABA9BF
+PT=47EA8AC561D7A9F99F64F41A9AD46E5C
+CT=650FAE7F29A098D787F60CC3C0D77580
+
+I=166
+KEY=038A888C6EA4E9502A15110832AE0DF081EB8FFA83F7DD4FA752EB3B247CDC3F
+PT=650FAE7F29A098D787F60CC3C0D77580
+CT=0334BF8CA2835C71F2A283736D54E933
+
+I=167
+KEY=714967419F9129B9649A13A9DA3291A582DF30762174813E55F068484928350C
+PT=0334BF8CA2835C71F2A283736D54E933
+CT=1B3A09B325F3D833A3C83D941832B204
+
+I=168
+KEY=BCDB12EAF8D3C95F821C0DD324FD36BB99E539C50487590DF63855DC511A8708
+PT=1B3A09B325F3D833A3C83D941832B204
+CT=CF980ED2619858290881314B7F0B9516
+
+I=169
+KEY=B8FA32AE829E8AF3EF543A407E2D61BA567D3717651F0124FEB964972E11121E
+PT=CF980ED2619858290881314B7F0B9516
+CT=98FF5ADA0739122DBBD241847D4A318D
+
+I=170
+KEY=D62592634F0ABD21AC98887A88845E2ECE826DCD62261309456B2513535B2393
+PT=98FF5ADA0739122DBBD241847D4A318D
+CT=1824306B9F54BE4CE3F94F037B4B8569
+
+I=171
+KEY=77005AE2FA1AD6D77D36566B9E988345D6A65DA6FD72AD45A6926A102810A6FA
+PT=1824306B9F54BE4CE3F94F037B4B8569
+CT=25BA57B9035625DD268492282535960C
+
+I=172
+KEY=BE766696DC4458442056D89C96CAFDF0F31C0A1FFE2488988016F8380D2530F6
+PT=25BA57B9035625DD268492282535960C
+CT=26AEAD4ED08CA78CE2A3358F36DA0E3F
+
+I=173
+KEY=1E1D3EBC714EE191EDB2A02B64EF2C23D5B2A7512EA82F1462B5CDB73BFF3EC9
+PT=26AEAD4ED08CA78CE2A3358F36DA0E3F
+CT=10AB48E0CB1D72D82794E35DBDEF88F6
+
+I=174
+KEY=D3EAD2DA40B4C94B506A0ED75210023BC519EFB1E5B55DCC45212EEA8610B63F
+PT=10AB48E0CB1D72D82794E35DBDEF88F6
+CT=878BCAC367294B227533E1451F654960
+
+I=175
+KEY=87D0B5D4A1314054EC37B67B4245BA8C42922572829C16EE3012CFAF9975FF5F
+PT=878BCAC367294B227533E1451F654960
+CT=98CC3311EC8E8B75944503734DEAC00D
+
+I=176
+KEY=EF3FA3235BB42B1326DE67088C68E2BDDA5E16636E129D9BA457CCDCD49F3F52
+PT=98CC3311EC8E8B75944503734DEAC00D
+CT=DAF5FB711E259B498918871933A2E1FD
+
+I=177
+KEY=2EBBBB1B070658DD43299478725AA88F00ABED12703706D22D4F4BC5E73DDEAF
+PT=DAF5FB711E259B498918871933A2E1FD
+CT=AACC545DEE8FF1F5C7A91A2EE3D25C1B
+
+I=178
+KEY=E15D1FC214F23FF93886D219B4DFCD45AA67B94F9EB8F727EAE651EB04EF82B4
+PT=AACC545DEE8FF1F5C7A91A2EE3D25C1B
+CT=B844B67FBFD12E2712CCB66EBB4F7691
+
+I=179
+KEY=CC3335B792121DE55FA04A4D6FEE57B012230F302169D900F82AE785BFA0F425
+PT=B844B67FBFD12E2712CCB66EBB4F7691
+CT=3E00C548BAEE6150FAA5B67986331FD5
+
+I=180
+KEY=18DB585F810069C584251CA1E04A58382C23CA789B87B850028F51FC3993EBF0
+PT=3E00C548BAEE6150FAA5B67986331FD5
+CT=EB23DEEA8449E8FA0D828C12B98437AE
+
+I=181
+KEY=DFE08CA44B0BC4F51C43BE3631E20735C70014921FCE50AA0F0DDDEE8017DC5E
+PT=EB23DEEA8449E8FA0D828C12B98437AE
+CT=35BBE35CFC1D8FC40BC52F20D3FB35D5
+
+I=182
+KEY=0F7DCC456D50A31AC9351794BFE6DD57F2BBF7CEE3D3DF6E04C8F2CE53ECE98B
+PT=35BBE35CFC1D8FC40BC52F20D3FB35D5
+CT=DFFE7AEEAAF4762C7EB52453B1F61AD8
+
+I=183
+KEY=D34FDEB3F04FB4563BC0FD204E8D459F2D458D204927A9427A7DD69DE21AF353
+PT=DFFE7AEEAAF4762C7EB52453B1F61AD8
+CT=C648DAF9EBFB4BC6166B15BF067E107F
+
+I=184
+KEY=5E90B747C9976A3F5050B0C51F116A81EB0D57D9A2DCE2846C16C322E464E32C
+PT=C648DAF9EBFB4BC6166B15BF067E107F
+CT=057258D07CAEE57807C396FAE651855A
+
+I=185
+KEY=52D3686BC0CD56B9DFF3A69F5073F30AEE7F0F09DE7207FC6BD555D802356676
+PT=057258D07CAEE57807C396FAE651855A
+CT=B1109BE49E6E0F4C4190D8E0D717E8D0
+
+I=186
+KEY=39C89286B658E006FBF97BAB1C4874025F6F94ED401C08B02A458D38D5228EA6
+PT=B1109BE49E6E0F4C4190D8E0D717E8D0
+CT=4DDE60FEEE40402058C988092603AB53
+
+I=187
+KEY=562C9A004CBF05A4CA97994D48C0874C12B1F413AE5C4890728C0531F32125F5
+PT=4DDE60FEEE40402058C988092603AB53
+CT=3B18CBF83791E93D661EB269CFEAB1BE
+
+I=188
+KEY=F95206C4D3862E01A4DFE3676A2F297C29A93FEB99CDA1AD1492B7583CCB944B
+PT=3B18CBF83791E93D661EB269CFEAB1BE
+CT=0A3204DEE28B65E849136960949E4E5E
+
+I=189
+KEY=FEFDBE4294E46E22074E77B6BB7F964B239B3B357B46C4455D81DE38A855DA15
+PT=0A3204DEE28B65E849136960949E4E5E
+CT=6C47ECB8B1478F0BBEDEF3A05A439776
+
+I=190
+KEY=05858C957F861410187DD8CC2EE48E364FDCD78DCA014B4EE35F2D98F2164D63
+PT=6C47ECB8B1478F0BBEDEF3A05A439776
+CT=881188C2834B0496CB97F15F7A5C332A
+
+I=191
+KEY=A51CABC6D50BF9043E95CE2BC511D26DC7CD5F4F494A4FD828C8DCC7884A7E49
+PT=881188C2834B0496CB97F15F7A5C332A
+CT=1FAE86251E2F615E3BFCAC545013CD12
+
+I=192
+KEY=4EE1F6812CC35A16AA63F1CB39669ED7D863D96A57652E8613347093D859B35B
+PT=1FAE86251E2F615E3BFCAC545013CD12
+CT=6017C6764080CB6D2BAC24C0F1BFF8F5
+
+I=193
+KEY=F4F31D57DD72E6BF842D3834372AA60CB8741F1C17E5E5EB3898545329E64BAE
+PT=6017C6764080CB6D2BAC24C0F1BFF8F5
+CT=10C8548253FB2BCD5D6F87CB28FAE7E7
+
+I=194
+KEY=9DBB357DC99A95C240E750F1970C5C65A8BC4B9E441ECE2665F7D398011CAC49
+PT=10C8548253FB2BCD5D6F87CB28FAE7E7
+CT=20E253845A3DD51FFC16141FDAA20749
+
+I=195
+KEY=A814CD8766E0BFFBD8530589D6202BE0885E181A1E231B3999E1C787DBBEAB00
+PT=20E253845A3DD51FFC16141FDAA20749
+CT=9383323218D891F9DCE7578FCD6A54A5
+
+I=196
+KEY=C516C26E23E38C2B87346F759D8AEF881BDD2A2806FB8AC04506900816D4FFA5
+PT=9383323218D891F9DCE7578FCD6A54A5
+CT=9CFF8002D46EAFAAC7B035A788A37CF5
+
+I=197
+KEY=9301F8120939D0E70C97F614F61F18648722AA2AD295256A82B6A5AF9E778350
+PT=9CFF8002D46EAFAAC7B035A788A37CF5
+CT=90C9F34994D5DA86406C7E82EDDD1009
+
+I=198
+KEY=82B163831972D2CEF8F1780AA6B0707A17EB59634640FFECC2DADB2D73AA9359
+PT=90C9F34994D5DA86406C7E82EDDD1009
+CT=C8B5021EE84635EB7E7D0F5DBE967FD0
+
+I=199
+KEY=F99FF8714EE5D822E0E25C499D7C96ACDF5E5B7DAE06CA07BCA7D470CD3CEC89
+PT=C8B5021EE84635EB7E7D0F5DBE967FD0
+CT=15CCB3C950764E24CA714707034DF9A7
+
+I=200
+KEY=3529E6B83266BD558B7F33FC00AE4904CA92E8B4FE70842376D69377CE71152E
+PT=15CCB3C950764E24CA714707034DF9A7
+CT=5FDA0EF6A2172D5DAA8E842F061A2E44
+
+I=201
+KEY=2D77F95D8B556740CD9E2CC546CA45C99548E6425C67A97EDC581758C86B3B6A
+PT=5FDA0EF6A2172D5DAA8E842F061A2E44
+CT=808781D0D10B3A02333E0A53E159287F
+
+I=202
+KEY=79298FD5F3C4B6378403CFAD05C3C96E15CF67928D6C937CEF661D0B29321315
+PT=808781D0D10B3A02333E0A53E159287F
+CT=CC760400725FCFD37E757D99C6361B93
+
+I=203
+KEY=69535F335F6AEBF452407F3F1C203410D9B96392FF335CAF91136092EF040886
+PT=CC760400725FCFD37E757D99C6361B93
+CT=247D3A6BB4C883C142C4000B085C3B79
+
+I=204
+KEY=1A4F8FD7BD8DBCFB3677C708CDDDC7C4FDC459F94BFBDF6ED3D76099E75833FF
+PT=247D3A6BB4C883C142C4000B085C3B79
+CT=47E4C802C61E6A1706BAE95AF75CA70D
+
+I=205
+KEY=A573989455A11CAD1E8642CD774806B1BA2091FB8DE5B579D56D89C3100494F2
+PT=47E4C802C61E6A1706BAE95AF75CA70D
+CT=4297101350A5CE6C435FAD2725C22E46
+
+I=206
+KEY=8D52414DD5600AA0CACD5AD399FD1B37F8B781E8DD407B15963224E435C6BAB4
+PT=4297101350A5CE6C435FAD2725C22E46
+CT=BEC56BF1F3B6BE60C0F4CB7AE77BF0F5
+
+I=207
+KEY=49D4DF2FB3B561817F2BA6599B66C9244672EA192EF6C57556C6EF9ED2BD4A41
+PT=BEC56BF1F3B6BE60C0F4CB7AE77BF0F5
+CT=5B590F24D329BB6ED981938A4CDB9907
+
+I=208
+KEY=68BD5721E2A51A184CDBAC3A035670701D2BE53DFDDF7E1B8F477C149E66D346
+PT=5B590F24D329BB6ED981938A4CDB9907
+CT=A8A15DBB79BB9B1131EF39C1E3FCFC9C
+
+I=209
+KEY=2CC71F1B9BE892100E8A340E61D0A128B58AB8868464E50ABEA845D57D9A2FDA
+PT=A8A15DBB79BB9B1131EF39C1E3FCFC9C
+CT=E8CBAB9E98D2866E779512AAC2FA2EA0
+
+I=210
+KEY=EEF45CE1BB444A6BA5A029363FB9D4DB5D4113181CB66364C93D577FBF60017A
+PT=E8CBAB9E98D2866E779512AAC2FA2EA0
+CT=7E4896F0A48A25FFE950B74B96F5F40E
+
+I=211
+KEY=151FE809785C11F8F19F31EA0246B416230985E8B83C469B206DE0342995F574
+PT=7E4896F0A48A25FFE950B74B96F5F40E
+CT=E1C642B54B89822E73A695C851BC8EBE
+
+I=212
+KEY=14FE470CD366C580F124EA924B918BF5C2CFC75DF3B5C4B553CB75FC78297BCA
+PT=E1C642B54B89822E73A695C851BC8EBE
+CT=5FA2C6A2303ED7219984F30B78BE6B96
+
+I=213
+KEY=92E61F4C495462354EF612492557D6AB9D6D01FFC38B1394CA4F86F70097105C
+PT=5FA2C6A2303ED7219984F30B78BE6B96
+CT=3791959FBF178682A711623C2F91616C
+
+I=214
+KEY=6C0B6F23AC7526204C451A8ADE54D404AAFC94607C9C95166D5EE4CB2F067130
+PT=3791959FBF178682A711623C2F91616C
+CT=E14FCACD5FD26FC2710776EE82317ABC
+
+I=215
+KEY=0DAE926E4172586817730DB9FDF2CE0B4BB35EAD234EFAD41C599225AD370B8C
+PT=E14FCACD5FD26FC2710776EE82317ABC
+CT=E576499EAF5365E7FE3B4961D9C74419
+
+I=216
+KEY=DCD553F2977BD114B61F724ABC6AFE8EAEC517338C1D9F33E262DB4474F04F95
+PT=E576499EAF5365E7FE3B4961D9C74419
+CT=38567558119E72929F2932E6C289095E
+
+I=217
+KEY=6333DA8D5B655B5B5AABBCAF0B010BE89693626B9D83EDA17D4BE9A2B67946CB
+PT=38567558119E72929F2932E6C289095E
+CT=D20AD648F558E5507CC5C905E92CC268
+
+I=218
+KEY=F9010180B464FBB8AD7C9D5E41B1E09A4499B42368DB08F1018E20A75F5584A3
+PT=D20AD648F558E5507CC5C905E92CC268
+CT=00C719F3757DDD2D2E64C3F2666FB2CB
+
+I=219
+KEY=8CE68ED02B4FFD9720B3D16FAE92D164445EADD01DA6D5DC2FEAE355393A3668
+PT=00C719F3757DDD2D2E64C3F2666FB2CB
+CT=AEEAB9F50456CA3233A964219D2E7816
+
+I=220
+KEY=57E26BA4DBD3549051B0D9436EB38D4FEAB4142519F01FEE1C438774A4144E7E
+PT=AEEAB9F50456CA3233A964219D2E7816
+CT=3F02C97E127FD697AFD58BC66941F654
+
+I=221
+KEY=4D0BC4A8796407C939797EF19D0CE7E3D5B6DD5B0B8FC979B3960CB2CD55B82A
+PT=3F02C97E127FD697AFD58BC66941F654
+CT=BC4C0DDBCF0003B7814EEF1ABD22B6A8
+
+I=222
+KEY=9C1FD1789544D2F3FF84574A216767CD69FAD080C48FCACE32D8E3A870770E82
+PT=BC4C0DDBCF0003B7814EEF1ABD22B6A8
+CT=D125D8C2920ADD3EA00103DC695A0D9D
+
+I=223
+KEY=ADBE97F99DBE61213892D9849B81B3FBB8DF0842568517F092D9E074192D031F
+PT=D125D8C2920ADD3EA00103DC695A0D9D
+CT=C0C57598639BA69E13C82E3AF24777C5
+
+I=224
+KEY=A14DC5CF6CD0BD9AC9499317C509CCB4781A7DDA351EB16E8111CE4EEB6A74DA
+PT=C0C57598639BA69E13C82E3AF24777C5
+CT=81E3B8F6A691BC30AA66AD70F0358881
+
+I=225
+KEY=0EC479D8681AC8CA455D64A4BB34C86DF9F9C52C938F0D5E2B77633E1B5FFC5B
+PT=81E3B8F6A691BC30AA66AD70F0358881
+CT=3CD03908D4ABA4B9885BCB1AC89D16C3
+
+I=226
+KEY=E74102D814426E659732B303E6D44DB7C529FC244724A9E7A32CA824D3C2EA98
+PT=3CD03908D4ABA4B9885BCB1AC89D16C3
+CT=61662DD8EE676E17AE5CF2BABDC54A67
+
+I=227
+KEY=EE4034F1A2EF16D7D848BB005CDA5E99A44FD1FCA943C7F00D705A9E6E07A0FF
+PT=61662DD8EE676E17AE5CF2BABDC54A67
+CT=4E637432B0FF54FD665A902725B977EB
+
+I=228
+KEY=45E8F2DF7FC6E49FB0AF3B73788A1065EA2CA5CE19BC930D6B2ACAB94BBED714
+PT=4E637432B0FF54FD665A902725B977EB
+CT=E53D1440407503B66530EEEEBBC9182B
+
+I=229
+KEY=0BEBC981186DEF84C01688CA16A061E00F11B18E59C990BB0E1A2457F077CF3F
+PT=E53D1440407503B66530EEEEBBC9182B
+CT=12134ADF5BB16D867B4EE9CE87EBE36D
+
+I=230
+KEY=6FADFDB92B0F888514730F17A37A81B61D02FB510278FD3D7554CD99779C2C52
+PT=12134ADF5BB16D867B4EE9CE87EBE36D
+CT=310EACEF26A3EB5E4511437145DC30F9
+
+I=231
+KEY=A565724F25EE29346543964864A0FFAA2C0C57BE24DB166330458EE832401CAB
+PT=310EACEF26A3EB5E4511437145DC30F9
+CT=6848E5A618419EC6BACD9CD40BB42083
+
+I=232
+KEY=1FAEBFE13AC7545DC742ED60241BC2E84444B2183C9A88A58A88123C39F43C28
+PT=6848E5A618419EC6BACD9CD40BB42083
+CT=C64DA25E7CB1A004E31CD37F9D4E1112
+
+I=233
+KEY=A8EE2725373C48BAD9C0009C53C298A982091046402B28A16994C143A4BA2D3A
+PT=C64DA25E7CB1A004E31CD37F9D4E1112
+CT=D02E6AE8FDD0C5813669080AA7B82527
+
+I=234
+KEY=0770874A41ED1396940D75E6A5A09F5352277AAEBDFBED205FFDC9490302081D
+PT=D02E6AE8FDD0C5813669080AA7B82527
+CT=5DDFBC75FE48D88E7D6F307E4A008BC7
+
+I=235
+KEY=D7D098F85AB45E754629D2AB7DA2226C0FF8C6DB43B335AE2292F937490283DA
+PT=5DDFBC75FE48D88E7D6F307E4A008BC7
+CT=E216C9AC28239E97237930079739ECE0
+
+I=236
+KEY=5D6FAFF37EE7400691E504578251ECB1EDEE0F776B90AB3901EBC930DE3B6F3A
+PT=E216C9AC28239E97237930079739ECE0
+CT=8D126659360D03548879000642E78029
+
+I=237
+KEY=D75C5C64D94D0BC8566F568278B502D560FC692E5D9DA86D8992C9369CDCEF13
+PT=8D126659360D03548879000642E78029
+CT=9EA4C85D0F07AD618A2EBEBBE50D72B6
+
+I=238
+KEY=D42BD9CDCD8BDA71E64817A2755C97C0FE58A173529A050C03BC778D79D19DA5
+PT=9EA4C85D0F07AD618A2EBEBBE50D72B6
+CT=1F525901AF1D94BA6CA3C7244E2CD885
+
+I=239
+KEY=32DD1758D2EFC602EE85C58A66D0B080E10AF872FD8791B66F1FB0A937FD4520
+PT=1F525901AF1D94BA6CA3C7244E2CD885
+CT=E131C071BFA21FCE21D18DB87B522903
+
+I=240
+KEY=BEC98C02D74E088458A668D0B6DDCF13003B380342258E784ECE3D114CAF6C23
+PT=E131C071BFA21FCE21D18DB87B522903
+CT=51F1B72C99C869BF73A6637D3A2E2278
+
+I=241
+KEY=D368F7BE25A6A0C9AD2004E764F43A3551CA8F2FDBEDE7C73D685E6C76814E5B
+PT=51F1B72C99C869BF73A6637D3A2E2278
+CT=0965CDD7A134672036F0C69774CFD380
+
+I=242
+KEY=E5A7E12124540DBB4147A55C276A35B958AF42F87AD980E70B9898FB024E9DDB
+PT=0965CDD7A134672036F0C69774CFD380
+CT=52ECEB721073FBF3D1BD5808351BEC5E
+
+I=243
+KEY=7D9702E2C8906805A580D5D85B03BBC60A43A98A6AAA7B14DA25C0F337557185
+PT=52ECEB721073FBF3D1BD5808351BEC5E
+CT=493CE4E2B090DA3A2354C9DA7DB44D39
+
+I=244
+KEY=8EFA5EC96F3AEF51AB38F4CCD969E5D5437F4D68DA3AA12EF97109294AE13CBC
+PT=493CE4E2B090DA3A2354C9DA7DB44D39
+CT=DA64246FF65969995F9A4E8AE7C805CF
+
+I=245
+KEY=19C97957444E9931293047A647D7A19A991B69072C63C8B7A6EB47A3AD293973
+PT=DA64246FF65969995F9A4E8AE7C805CF
+CT=CF85EBD76908CD8F8D3177E53DA3AD5E
+
+I=246
+KEY=7BDB3ED45BD78C131611FD9D54B8E9D2569E82D0456B05382BDA3046908A942D
+PT=CF85EBD76908CD8F8D3177E53DA3AD5E
+CT=45E1FDEFC98E62A841BD1D8D8236CEEF
+
+I=247
+KEY=19961521A42D96238D44F651E7E7D463137F7F3F8CE567906A672DCB12BC5AC2
+PT=45E1FDEFC98E62A841BD1D8D8236CEEF
+CT=E056EF7B711A9CBDED8878EF74AF1671
+
+I=248
+KEY=343360636E697E607319D4DCBC12B543F3299044FDFFFB2D87EF552466134CB3
+PT=E056EF7B711A9CBDED8878EF74AF1671
+CT=E4EFF77C6C3273393BE4814A16C3DF4A
+
+I=249
+KEY=B63D4D3D099F8E68F6A041D2EB1B1C1417C6673891CD8814BC0BD46E70D093F9
+PT=E4EFF77C6C3273393BE4814A16C3DF4A
+CT=EC562E353DF8BA76699B01A6ACC8AD52
+
+I=250
+KEY=EF500379EDE772968F1499F07B0B09CFFB90490DAC353262D590D5C8DC183EAB
+PT=EC562E353DF8BA76699B01A6ACC8AD52
+CT=4473050ADC687112AACB86AA73CB6C6D
+
+I=251
+KEY=EA5CD4EDD99E64018AD3104026F0F528BFE34C07705D43707F5B5362AFD352C6
+PT=4473050ADC687112AACB86AA73CB6C6D
+CT=6561A82EE86E4F18DF6965312F0C0984
+
+I=252
+KEY=2ABF9529FC88D85FF68CF6D72B9A9CB5DA82E42998330C68A032365380DF5B42
+PT=6561A82EE86E4F18DF6965312F0C0984
+CT=47590CE1C90F3AC2C68B272B4A667F61
+
+I=253
+KEY=A485B647790DBFF76F16C42A39F5F5559DDBE8C8513C36AA66B91178CAB92423
+PT=47590CE1C90F3AC2C68B272B4A667F61
+CT=4ED731A36BCB2672A810633E432D8922
+
+I=254
+KEY=F0D0E858B597595A06458FF6C2259127D30CD96B3AF710D8CEA972468994AD01
+PT=4ED731A36BCB2672A810633E432D8922
+CT=4AC2F0D5F52762F77DB5D9EF53B76642
+
+I=255
+KEY=EDDE80556ECA4CC51EFB33E23C43C04399CE29BECFD0722FB31CABA9DA23CB43
+PT=4AC2F0D5F52762F77DB5D9EF53B76642
+CT=A574FBE71E359A57D57A24A388FDF6EE
+
+I=256
+KEY=3C7C248C9FCE1D060D5B0664C0FF3F6B3CBAD259D1E5E87866668F0A52DE3DAD
+PT=A574FBE71E359A57D57A24A388FDF6EE
+CT=CCC3A011108469A7987F336C209BB84E
+
+I=257
+KEY=D43727570A809BE0D9EB78760FE4CDA9F0797248C16181DFFE19BC66724585E3
+PT=CCC3A011108469A7987F336C209BB84E
+CT=686357D3013977390164834D4E5324DC
+
+I=258
+KEY=2F060E361977E544B98779AB55886D57981A259BC058F6E6FF7D3F2B3C16A13F
+PT=686357D3013977390164834D4E5324DC
+CT=DDDAD6FBDBF7C7BE7EBF3F036009A270
+
+I=259
+KEY=A3630C05DC65905D37AFDB315B2AA4D945C0F3601BAF315881C200285C1F034F
+PT=DDDAD6FBDBF7C7BE7EBF3F036009A270
+CT=237124FEDF28B4201B6D1584B93D5F7C
+
+I=260
+KEY=3E6ADAAEF53A36294CDEA0D94BE742C166B1D79EC48785789AAF15ACE5225C33
+PT=237124FEDF28B4201B6D1584B93D5F7C
+CT=D1A9DDFB5662934AAD98B2861E50A871
+
+I=261
+KEY=234615019E03C466AEA186112C4EB523B7180A6592E516323737A72AFB72F442
+PT=D1A9DDFB5662934AAD98B2861E50A871
+CT=CA18344F4C7A0F068398CA8137C056DD
+
+I=262
+KEY=22ED93581611798050E94CC70F6090BF7D003E2ADE9F1934B4AF6DABCCB2A29F
+PT=CA18344F4C7A0F068398CA8137C056DD
+CT=91FA4D62D10E852D9EDA42FAC8C34557
+
+I=263
+KEY=A5981D9A37D6D3D948391D1D462B6DCFECFA73480F919C192A752F510471E7C8
+PT=91FA4D62D10E852D9EDA42FAC8C34557
+CT=B956221510135066B2B2552C4CB37642
+
+I=264
+KEY=BF2E4397D0E93DFFA38D69B30F33835B55AC515D1F82CC7F98C77A7D48C2918A
+PT=B956221510135066B2B2552C4CB37642
+CT=300CFCEAFED28E622CD08222D3A3B0B0
+
+I=265
+KEY=55432143B807A628001F8D062CE0157265A0ADB7E150421DB417F85F9B61213A
+PT=300CFCEAFED28E622CD08222D3A3B0B0
+CT=26681BCFDC630A21A684C60EF6A23747
+
+I=266
+KEY=2966A6CB3BA9028583813B91FD72748D43C8B6783D33483C12933E516DC3167D
+PT=26681BCFDC630A21A684C60EF6A23747
+CT=8EDD4B1B458D16841AD4525C01A8397E
+
+I=267
+KEY=1A22288AC28060F8E4B20C2AE0C82AEACD15FD6378BE5EB808476C0D6C6B2F03
+PT=8EDD4B1B458D16841AD4525C01A8397E
+CT=BFDE412A7CAF0326AD1727996056A61C
+
+I=268
+KEY=C882E880508E92FF709E9BD4A555B30A72CBBC4904115D9EA5504B940C3D891F
+PT=BFDE412A7CAF0326AD1727996056A61C
+CT=88C039A0B395C5D08848C64DFC150C57
+
+I=269
+KEY=298B3829EE60112C926E1FD583C9A2DEFA0B85E9B784984E2D188DD9F0288548
+PT=88C039A0B395C5D08848C64DFC150C57
+CT=ACDF23F2CB73FD8D3D814A79E3C94126
+
+I=270
+KEY=2F2A3D0DDB2DBA8B8E3FF8A9DE765FE356D4A61B7CF765C31099C7A013E1C46E
+PT=ACDF23F2CB73FD8D3D814A79E3C94126
+CT=A8BE26FE8780972650D5F384B744AC44
+
+I=271
+KEY=F8CC20E8296CD38F1EF8BB2777EE1200FE6A80E5FB77F2E5404C3424A4A5682A
+PT=A8BE26FE8780972650D5F384B744AC44
+CT=B5557CC20F64FCC576A6EC7BE324CE43
+
+I=272
+KEY=678B5341F1BC13DB366B36D59ADADC7C4B3FFC27F4130E2036EAD85F4781A669
+PT=B5557CC20F64FCC576A6EC7BE324CE43
+CT=B59281EFF9C8D19E5D9C053CBE1F2F33
+
+I=273
+KEY=E4701C9009693E38C455CE186A4B87DFFEAD7DC80DDBDFBE6B76DD63F99E895A
+PT=B59281EFF9C8D19E5D9C053CBE1F2F33
+CT=7E8B1D4BFF81C5B9AA1FCA81DF8DE64F
+
+I=274
+KEY=C1F886CBCBF2BD920A0E68F30FCB8FCE80266083F25A1A07C16917E226136F15
+PT=7E8B1D4BFF81C5B9AA1FCA81DF8DE64F
+CT=20841B35C77A109B528A1135E17D36EE
+
+I=275
+KEY=F05D61A9441B3C741D9D7489F2EE4A5EA0A27BB635200A9C93E306D7C76E59FB
+PT=20841B35C77A109B528A1135E17D36EE
+CT=C3195DC001FA1AD7C253DD3FE4A4BC7D
+
+I=276
+KEY=0C8E70943252DD5DC9819A9FDB375B3F63BB267634DA104B51B0DBE823CAE586
+PT=C3195DC001FA1AD7C253DD3FE4A4BC7D
+CT=7E06BD1B3440DB4CA73AF1A05B33AD3F
+
+I=277
+KEY=84F1B5CF1AD11205E98ECD317AD670A11DBD9B6D009ACB07F68A2A4878F948B9
+PT=7E06BD1B3440DB4CA73AF1A05B33AD3F
+CT=6224DBD71C1DC35A5C62777D2EA32C3E
+
+I=278
+KEY=E3465353AED687EF62CD1DA8D7DA3EEB7F9940BA1C87085DAAE85D35565A6487
+PT=6224DBD71C1DC35A5C62777D2EA32C3E
+CT=1E4E51CD7BA1F7467AC69755F8894EF4
+
+I=279
+KEY=31F715D1FFA116F58AB70E4A3EEF6E9561D711776726FF1BD02ECA60AED32A73
+PT=1E4E51CD7BA1F7467AC69755F8894EF4
+CT=4AB8AFEACB2A1B1AE9E74D647266E234
+
+I=280
+KEY=487B6847CA14B04D429C81278332273F2B6FBE9DAC0CE40139C98704DCB5C847
+PT=4AB8AFEACB2A1B1AE9E74D647266E234
+CT=64C0BBA15382C142BBEE84B86B7D0BA0
+
+I=281
+KEY=D1C9CA26B21945011B044EA6E29C9AD54FAF053CFF8E2543822703BCB7C8C3E7
+PT=64C0BBA15382C142BBEE84B86B7D0BA0
+CT=F82292AF614648EC6C1E9A1027167410
+
+I=282
+KEY=3F585C00E187BE1B0C9E09781C9548A8B78D97939EC86DAFEE3999AC90DEB7F7
+PT=F82292AF614648EC6C1E9A1027167410
+CT=31C38ED5F207B412A14A51632D8805CE
+
+I=283
+KEY=340B8C115BAFF387400CD8F0EE8F8F6F864E19466CCFD9BD4F73C8CFBD56B239
+PT=31C38ED5F207B412A14A51632D8805CE
+CT=3FC4CC8F4245BBBC5939A0C0A24A14DE
+
+I=284
+KEY=EA8EACF07402225D6C5181A8802DA515B98AD5C92E8A6201164A680F1F1CA6E7
+PT=3FC4CC8F4245BBBC5939A0C0A24A14DE
+CT=23A98FA41D6C3D4CD9CFB9737A6D7872
+
+I=285
+KEY=56EF7B73BF04F5F463E4D0EA0F6FC4DA9A235A6D33E65F4DCF85D17C6571DE95
+PT=23A98FA41D6C3D4CD9CFB9737A6D7872
+CT=82CC2D376B2772B7B988BEA17EFBB3D2
+
+I=286
+KEY=C425E380DA91C34B73CE922C59B13C8818EF775A58C12DFA760D6FDD1B8A6D47
+PT=82CC2D376B2772B7B988BEA17EFBB3D2
+CT=5330F6218D528A32B24085EA496A05A9
+
+I=287
+KEY=EA66C7FF9FCD2F9E76BCC5C6387E133E4BDF817BD593A7C8C44DEA3752E068EE
+PT=5330F6218D528A32B24085EA496A05A9
+CT=7C1E082C2C89C90AD91AE81DF73F1F5F
+
+I=288
+KEY=C89CF336490832FB54BB536813AEE6EA37C18957F91A6EC21D57022AA5DF77B1
+PT=7C1E082C2C89C90AD91AE81DF73F1F5F
+CT=2AB33673B654E2C49D6736D65A5F45C8
+
+I=289
+KEY=7CC5409A9AE1F997774C3FEB74A6E9061D72BF244F4E8C06803034FCFF803279
+PT=2AB33673B654E2C49D6736D65A5F45C8
+CT=21BA6CADDCA5E0BE779D1A2651794C81
+
+I=290
+KEY=E5E1873FDEE9DC066AF79C0E6027D0703CC8D38993EB6CB8F7AD2EDAAEF97EF8
+PT=21BA6CADDCA5E0BE779D1A2651794C81
+CT=8E2AF8BA54CF04812AE786C180FCFCA8
+
+I=291
+KEY=844AA67914DE1C11677B5526D5B12765B2E22B33C7246839DD4AA81B2E058250
+PT=8E2AF8BA54CF04812AE786C180FCFCA8
+CT=E48A7CD35CA33B1D919B8A83ADF4C6BE
+
+I=292
+KEY=FE3248768ACB0AF9DBD639AF7B7EB944566857E09B8753244CD1229883F144EE
+PT=E48A7CD35CA33B1D919B8A83ADF4C6BE
+CT=C377A76CF43C27784CC54079744413D1
+
+I=293
+KEY=709E7BC30A7DE8FADC071B3D04338FCA951FF08C6FBB745C001462E1F7B5573F
+PT=C377A76CF43C27784CC54079744413D1
+CT=01D8083A9EA403A4754EF82CA29CDD5B
+
+I=294
+KEY=448B1AEC2F68D202679183D85C4A6D2194C7F8B6F11F77F8755A9ACD55298A64
+PT=01D8083A9EA403A4754EF82CA29CDD5B
+CT=46ADC32EFF2C3EFF40B468E845EFC2E4
+
+I=295
+KEY=529401616FA6193014D6A10BEF1A816FD26A3B980E33490735EEF22510C64880
+PT=46ADC32EFF2C3EFF40B468E845EFC2E4
+CT=FCC6594B1BBF40E28BE798ABC00163F1
+
+I=296
+KEY=15A5E8BAF02EF91390AB7D35742CC5C12EAC62D3158C09E5BE096A8ED0C72B71
+PT=FCC6594B1BBF40E28BE798ABC00163F1
+CT=28D35B6E1140738ED1DF20FE11003B1E
+
+I=297
+KEY=589C04ECDF2B884807919A2018A93080067F39BD04CC7A6B6FD64A70C1C7106F
+PT=28D35B6E1140738ED1DF20FE11003B1E
+CT=3354C7962E19FB043FD4CD7B2C99E195
+
+I=298
+KEY=A6987BEB541098C7173475B34568F36B352BFE2B2AD5816F5002870BED5EF1FA
+PT=3354C7962E19FB043FD4CD7B2C99E195
+CT=EB76F282C9F10F507FACFCDEEC8BBBB8
+
+I=299
+KEY=3732B395057761A8A2624F52354668CFDE5D0CA9E3248E3F2FAE7BD501D54A42
+PT=EB76F282C9F10F507FACFCDEEC8BBBB8
+CT=77A4DAE8406992C5018D6B0310195E0C
+
+I=300
+KEY=E24C9F98F43E840AE04ED4928133F65AA9F9D641A34D1CFA2E2310D611CC144E
+PT=77A4DAE8406992C5018D6B0310195E0C
+CT=655DEC1062EDB50B8B31A66071E236A2
+
+I=301
+KEY=8BA207CA6E2B720810E66CCAB597E8DACCA43A51C1A0A9F1A512B6B6602E22EC
+PT=655DEC1062EDB50B8B31A66071E236A2
+CT=28A22A069D8FF3DE359860B0A5B6FD1F
+
+I=302
+KEY=22C629C84758D553AFE4876AA739A1F0E40610575C2F5A2F908AD606C598DFF3
+PT=28A22A069D8FF3DE359860B0A5B6FD1F
+CT=95DD88B4AFD0680E221C70422ADFFCD1
+
+I=303
+KEY=F86A3C799AAB6884220196BF07E1643D71DB98E3F3FF3221B296A644EF472322
+PT=95DD88B4AFD0680E221C70422ADFFCD1
+CT=323475C634FD6845BAA9F371F29DC363
+
+I=304
+KEY=83412E9600B279F76C93F171C469AD1943EFED25C7025A64083F55351DDAE041
+PT=323475C634FD6845BAA9F371F29DC363
+CT=61276AD535F9E73FCFB53DBF2D5D1F62
+
+I=305
+KEY=01AD15137C4A572322660716B6B4EDCD22C887F0F2FBBD5BC78A688A3087FF23
+PT=61276AD535F9E73FCFB53DBF2D5D1F62
+CT=105ECB04A5CA32FC93987569A7CB46D7
+
+I=306
+KEY=1CC639BA56CA0DF23E64BB3395C08BB332964CF457318FA754121DE3974CB9F4
+PT=105ECB04A5CA32FC93987569A7CB46D7
+CT=831DBB3F4BBD4343B94D54AA2B3E0620
+
+I=307
+KEY=25ABCF5B8DB1A7CCB1FA49936E0AB3C8B18BF7CB1C8CCCE4ED5F4949BC72BFD4
+PT=831DBB3F4BBD4343B94D54AA2B3E0620
+CT=40B9D9C6201E639DC9A04E500BCD7F61
+
+I=308
+KEY=75B34E0F371C4527732F22CF35AD923BF1322E0D3C92AF7924FF0719B7BFC0B5
+PT=40B9D9C6201E639DC9A04E500BCD7F61
+CT=A159BB0C751148C14D561E0407A9F6DB
+
+I=309
+KEY=1EB6E3491B431B7EFFCCC965C9041274506B95014983E7B869A9191DB016366E
+PT=A159BB0C751148C14D561E0407A9F6DB
+CT=2012E67815334AC48E5309DD129E0476
+
+I=310
+KEY=F0BDAFB216613A6FB3819D08B17EFDC1707973795CB0AD7CE7FA10C0A2883218
+PT=2012E67815334AC48E5309DD129E0476
+CT=53E415BC0C9013F83B77298395FC9FEF
+
+I=311
+KEY=9C5A3B9C862E07159AB06D5B7FB585C5239D66C55020BE84DC8D39433774ADF7
+PT=53E415BC0C9013F83B77298395FC9FEF
+CT=2B1EEAA13373494A2A56C15FD5ECA103
+
+I=312
+KEY=9764AC349B8222394160F4896BA6761808838C646353F7CEF6DBF81CE2980CF4
+PT=2B1EEAA13373494A2A56C15FD5ECA103
+CT=2A00E873782853DC842427A03C30A81A
+
+I=313
+KEY=42A1614569C4DE66D6336BC082B3B9DD228364171B7BA41272FFDFBCDEA8A4EE
+PT=2A00E873782853DC842427A03C30A81A
+CT=5FEB74E489C4C8121A15C2BCF51046A5
+
+I=314
+KEY=CED80BE0859A5863CFE41F0F2CE9F65B7D6810F392BF6C0068EA1D002BB8E24B
+PT=5FEB74E489C4C8121A15C2BCF51046A5
+CT=948214D5DB68997C37A48927AA97B89A
+
+I=315
+KEY=178DAF533EBB695D5E57401E5345C3E8E9EA042649D7F57C5F4E9427812F5AD1
+PT=948214D5DB68997C37A48927AA97B89A
+CT=AB8F3BB9917E4D1C8F1F2EDDB7070530
+
+I=316
+KEY=66F4B8B5A0BD877514FDB4CD2DD04D8C42653F9FD8A9B860D051BAFA36285FE1
+PT=AB8F3BB9917E4D1C8F1F2EDDB7070530
+CT=CB5FB11C6DB1AB6BC189F0F3FB47A2A5
+
+I=317
+KEY=9753278CFCEE8B059ECF573A2E0D65D6893A8E83B518130B11D84A09CD6FFD44
+PT=CB5FB11C6DB1AB6BC189F0F3FB47A2A5
+CT=F0CE65E6C5C263182E6C253F26460A1B
+
+I=318
+KEY=121A860A5B53C56E536DE56566F31E2079F4EB6570DA70133FB46F36EB29F75F
+PT=F0CE65E6C5C263182E6C253F26460A1B
+CT=9AA17B0F532814CA74FF0A046F377C48
+
+I=319
+KEY=88F5E58E9522495BF7B68430946F7C0FE355906A23F264D94B4B6532841E8B17
+PT=9AA17B0F532814CA74FF0A046F377C48
+CT=52CAAEF16E55858487AEDBDBA822002D
+
+I=320
+KEY=D9A3D3547F215D44D80C6A5D3548D4D2B19F3E9B4DA7E15DCCE5BEE92C3C8B3A
+PT=52CAAEF16E55858487AEDBDBA822002D
+CT=2599545FD15C7F59A6F02CDCB95E6589
+
+I=321
+KEY=6ACE86543B0F981C2D0FCB1408A42C3294066AC49CFB9E046A1592359562EEB3
+PT=2599545FD15C7F59A6F02CDCB95E6589
+CT=DC7A68313CE3E1963D31E5149CDBE22A
+
+I=322
+KEY=E9D6D08194DAFBB7B491124515118FA6487C02F5A0187F925724772109B90C99
+PT=DC7A68313CE3E1963D31E5149CDBE22A
+CT=333B588A7354CB3229E43780AFE4738D
+
+I=323
+KEY=762FC93CEED1EE9C6EF702A4E3BBABD67B475A7FD34CB4A07EC040A1A65D7F14
+PT=333B588A7354CB3229E43780AFE4738D
+CT=41727DC0D18725AFD2EF8FF51EAE1C2C
+
+I=324
+KEY=FF4EC1DF818E820424CFE5D09EE2E5423A3527BF02CB910FAC2FCF54B8F36338
+PT=41727DC0D18725AFD2EF8FF51EAE1C2C
+CT=A7236B16D9937C84F37BF9D79D0251F9
+
+I=325
+KEY=59BDAB706DEA2EC52AE05A2E4382A4169D164CA9DB58ED8B5F54368325F132C1
+PT=A7236B16D9937C84F37BF9D79D0251F9
+CT=B81D30EFDB86688F1DCA616EC771B9FD
+
+I=326
+KEY=4C008516CD614B6588A526FFE33C055B250B7C4600DE8504429E57EDE2808B3C
+PT=B81D30EFDB86688F1DCA616EC771B9FD
+CT=A5AD142C8F078ABF419B7CF5C86C9F83
+
+I=327
+KEY=DB65698F99E4A27019ABE194A89E9BC680A6686A8FD90FBB03052B182AEC14BF
+PT=A5AD142C8F078ABF419B7CF5C86C9F83
+CT=861B59E3B61A5D02F0D70DFF40EF7FF2
+
+I=328
+KEY=0790C16C53A7826B4B309DDF99B5239006BD318939C352B9F3D226E76A036B4D
+PT=861B59E3B61A5D02F0D70DFF40EF7FF2
+CT=B0F4C2C4D0D282BE3128AD78D34B1FA6
+
+I=329
+KEY=AFE168F089E676A806DD191003777E6DB649F34DE911D007C2FA8B9FB94874EB
+PT=B0F4C2C4D0D282BE3128AD78D34B1FA6
+CT=9DFCF5727851ADE8C37A9AA3AA77B20D
+
+I=330
+KEY=F261CDF199D9EF436C1A08EB9755A2112BB5063F91407DEF0180113C133FC6E6
+PT=9DFCF5727851ADE8C37A9AA3AA77B20D
+CT=9268DBA972B72C9DEF15CF9B8041F23B
+
+I=331
+KEY=E0D6DCF3BA840720688456A43E849C5CB9DDDD96E3F75172EE95DEA7937E34DD
+PT=9268DBA972B72C9DEF15CF9B8041F23B
+CT=D45A8B321CB6D8F28167C857BC2900BF
+
+I=332
+KEY=B77CF3A880C2E9E66D0C98A4D88555F46D8756A4FF4189806FF216F02F573462
+PT=D45A8B321CB6D8F28167C857BC2900BF
+CT=0124FE2D8BCB81E1286A18D2BABEA919
+
+I=333
+KEY=7729E55EFA6B249E0207E06AAF6F09206CA3A889748A086147980E2295E99D7B
+PT=0124FE2D8BCB81E1286A18D2BABEA919
+CT=A1BB0D975A50BE8BD8C2973D4BA7BF42
+
+I=334
+KEY=102384784C54539084BC7181AA95F184CD18A51E2EDAB6EA9F5A991FDE4E2239
+PT=A1BB0D975A50BE8BD8C2973D4BA7BF42
+CT=15302D5DBFD8E407EADDE9896B42CB13
+
+I=335
+KEY=9FF48EF1068BFC07DA38F7790D7418D2D8288843910252ED75877096B50CE92A
+PT=15302D5DBFD8E407EADDE9896B42CB13
+CT=90D93B8F802CFAD3F6E682DD704B5F43
+
+I=336
+KEY=84477EB9007ECDF8D1C4A6A976C76AB848F1B3CC112EA83E8361F24BC547B669
+PT=90D93B8F802CFAD3F6E682DD704B5F43
+CT=2DD7E0B91C5DDF0FD118F4CDD836A212
+
+I=337
+KEY=F1CE87DE930567CE29DF313D8778358D652653750D737731527906861D71147B
+PT=2DD7E0B91C5DDF0FD118F4CDD836A212
+CT=AC9D307EFF44703D6FDA621FFF8D077C
+
+I=338
+KEY=22D31C8F64CFB23620A70E7CD4A486D3C9BB630BF237070C3DA36499E2FC1307
+PT=AC9D307EFF44703D6FDA621FFF8D077C
+CT=CC6772DE3B27CB1DB3E5A804843EB6FF
+
+I=339
+KEY=FC9057D2D2D28BFAC4D5E3654717188205DC11D5C910CC118E46CC9D66C2A5F8
+PT=CC6772DE3B27CB1DB3E5A804843EB6FF
+CT=BDB021550FE0744090EAFEEBCF422061
+
+I=340
+KEY=1EA032190E7E4CC45D2E1E138429658AB86C3080C6F0B8511EAC3276A9808599
+PT=BDB021550FE0744090EAFEEBCF422061
+CT=C6E21F9A1305C3969F2D70C11D58A1A7
+
+I=341
+KEY=B633EDA212B952785755700FBDC91CA57E8E2F1AD5F57BC7818142B7B4D8243E
+PT=C6E21F9A1305C3969F2D70C11D58A1A7
+CT=01BC936B7063CA9D28DB1FFCCB9C2048
+
+I=342
+KEY=94A06984520AB40D74568F0D5286AEE37F32BC71A596B15AA95A5D4B7F440476
+PT=01BC936B7063CA9D28DB1FFCCB9C2048
+CT=88279D100DFA68CEBD9949F19C3333F4
+
+I=343
+KEY=96A3BD621155F71A9EFB8E35F95238ACF7152161A86CD99414C314BAE3773782
+PT=88279D100DFA68CEBD9949F19C3333F4
+CT=41574A686596D4741BF5DE52B5183260
+
+I=344
+KEY=185312E4301E5AADC373CEB3EBA66FB7B6426B09CDFA0DE00F36CAE8566F05E2
+PT=41574A686596D4741BF5DE52B5183260
+CT=BD9F5087C32A66A4797C7EE87355FF4A
+
+I=345
+KEY=BC5D60D256DCA48E88E52F05C349431A0BDD3B8E0ED06B44764AB400253AFAA8
+PT=BD9F5087C32A66A4797C7EE87355FF4A
+CT=A88BC3FAF87D6C1D3F98A2884EF1D4DA
+
+I=346
+KEY=1485A9209167A6FA2ECD2CE6AA03DBA5A356F874F6AD075949D216886BCB2E72
+PT=A88BC3FAF87D6C1D3F98A2884EF1D4DA
+CT=E514E6E34A050EB917F2382EDF92353A
+
+I=347
+KEY=2B62B0E29763FF09F53A2006B990E97746421E97BCA809E05E202EA6B4591B48
+PT=E514E6E34A050EB917F2382EDF92353A
+CT=142EEBE72E0F56ABE5D67FCC28F957F6
+
+I=348
+KEY=FC13067E362B7C9C39AA73B85F32011C526CF57092A75F4BBBF6516A9CA04CBE
+PT=142EEBE72E0F56ABE5D67FCC28F957F6
+CT=24FDB7A03FE8A9288BFAA5AC2527D015
+
+I=349
+KEY=8AC3B473244989EA74025FE98269BC17769142D0AD4FF663300CF4C6B9879CAB
+PT=24FDB7A03FE8A9288BFAA5AC2527D015
+CT=649095ABA5F4006B7B89D20F10A37AE9
+
+I=350
+KEY=FD0F4205DBFF0160203898EF02E9088E1201D77B08BBF6084B8526C9A924E642
+PT=649095ABA5F4006B7B89D20F10A37AE9
+CT=F5428E8BDDDC31FC8EF67BC7DB3201D3
+
+I=351
+KEY=701AF95194FB0918BC2CA79AFD507336E74359F0D567C7F4C5735D0E7216E791
+PT=F5428E8BDDDC31FC8EF67BC7DB3201D3
+CT=A56B2014A4929373DC1F6FD5C0AC138C
+
+I=352
+KEY=633D0E72722E6443D4E219086D221939422879E471F55487196C32DBB2BAF41D
+PT=A56B2014A4929373DC1F6FD5C0AC138C
+CT=F35F9CD43144B358843A48B4D1C41882
+
+I=353
+KEY=DCA79BA0184EC0A22A875E5057CA967AB177E53040B1E7DF9D567A6F637EEC9F
+PT=F35F9CD43144B358843A48B4D1C41882
+CT=A572C1F98330A1C1FA91DFD5A5B76AB9
+
+I=354
+KEY=A3D0FE4C3C1A1CE19CF66CF80135553D140524C9C381461E67C7A5BAC6C98626
+PT=A572C1F98330A1C1FA91DFD5A5B76AB9
+CT=23C56E065427F0409504053DD8A994CD
+
+I=355
+KEY=175C8D4085802768D20875CDBE6EFE2437C04ACF97A6B65EF2C3A0871E6012EB
+PT=23C56E065427F0409504053DD8A994CD
+CT=7E666724C1CAC0A582325381E9C98D73
+
+I=356
+KEY=800EE65CA3DE8643371DA10FB0605AB649A62DEB566C76FB70F1F306F7A99F98
+PT=7E666724C1CAC0A582325381E9C98D73
+CT=B6C18D730A074196884CADF151CAC890
+
+I=357
+KEY=F526E578E8978822944644B146154425FF67A0985C6B376DF8BD5EF7A6635708
+PT=B6C18D730A074196884CADF151CAC890
+CT=0068BB370419CD39748559C2DE206817
+
+I=358
+KEY=7D144850BE03306F41A642442890EA20FF0F1BAF5872FA548C38073578433F1F
+PT=0068BB370419CD39748559C2DE206817
+CT=56852D240F01729C4EAD0B1FFC3EDA1F
+
+I=359
+KEY=33B2189E3774B1A066BE522C07550F88A98A368B577388C8C2950C2A847DE500
+PT=56852D240F01729C4EAD0B1FFC3EDA1F
+CT=458633A84E1F5737E9668A37388CF3C2
+
+I=360
+KEY=CF53C76250347B0CC5CAC660D52199B1EC0C0523196CDFFF2BF3861DBCF116C2
+PT=458633A84E1F5737E9668A37388CF3C2
+CT=F96E181E03350F27106C8D24403A49DD
+
+I=361
+KEY=618676C1702531077565060B5DA0570B15621D3D1A59D0D83B9F0B39FCCB5F1F
+PT=F96E181E03350F27106C8D24403A49DD
+CT=B515584E252F703A4EB55E81EDA58E30
+
+I=362
+KEY=D2C8CF9645CD741F67263845150FE649A07745733F76A0E2752A55B8116ED12F
+PT=B515584E252F703A4EB55E81EDA58E30
+CT=54E7D10C236785AFE0A93B3971D6F237
+
+I=363
+KEY=D0847F41C7940023491C2F83D02F8271F490947F1C11254D95836E8160B82318
+PT=54E7D10C236785AFE0A93B3971D6F237
+CT=937DFDE10E96030A0A8823EA3EF31B98
+
+I=364
+KEY=17502FC3077EFD420D2268CE0FF26F4667ED699E128726479F0B4D6B5E4B3880
+PT=937DFDE10E96030A0A8823EA3EF31B98
+CT=93FDF0392A3391C74DBE4229792C9630
+
+I=365
+KEY=4D6AA08A6C7EB7CA9CBE7AF4500C229EF41099A738B4B780D2B50F422767AEB0
+PT=93FDF0392A3391C74DBE4229792C9630
+CT=B9F80E1476658E6CE7FADBA215298958
+
+I=366
+KEY=D8820A50934290C146AFE477D9D4A0224DE897B34ED139EC354FD4E0324E27E8
+PT=B9F80E1476658E6CE7FADBA215298958
+CT=87ACDCD1F1332B9961CC5E18F9009A39
+
+I=367
+KEY=50E8959452DD52247A6F21A0C7BEDEB8CA444B62BFE2127554838AF8CB4EBDD1
+PT=87ACDCD1F1332B9961CC5E18F9009A39
+CT=3DD6249971FEC0FB4432236078D98D53
+
+I=368
+KEY=7A1973C5B90748596A54C709D1598DA5F7926FFBCE1CD28E10B1A998B3973082
+PT=3DD6249971FEC0FB4432236078D98D53
+CT=D540F8BDE3442D17E88B524D00618309
+
+I=369
+KEY=F9C08719A452CA931A62C5BD8F1D669D22D297462D58FF99F83AFBD5B3F6B38B
+PT=D540F8BDE3442D17E88B524D00618309
+CT=7BB18B2DA9ED188BCE3B18C02C9B3F3B
+
+I=370
+KEY=5EBA35F7E58381DBE29EC4A1D9B5B9AD59631C6B84B5E7123601E3159F6D8CB0
+PT=7BB18B2DA9ED188BCE3B18C02C9B3F3B
+CT=9A7380BAA169495B0FC29BB002D70E48
+
+I=371
+KEY=E442442FE32FA6BDA63AF0A6AC5D5AB2C3109CD125DCAE4939C378A59DBA82F8
+PT=9A7380BAA169495B0FC29BB002D70E48
+CT=88F3FE65298F7498A788E4196F13FC80
+
+I=372
+KEY=39079A8713E148703212A6F7FFD1B04D4BE362B40C53DAD19E4B9CBCF2A97E78
+PT=88F3FE65298F7498A788E4196F13FC80
+CT=A5E6361FBA6418CD9B2F50992B50A557
+
+I=373
+KEY=A99A33F38B36E3EE4DEE59F8A4282A84EE0554ABB637C21C0564CC25D9F9DB2F
+PT=A5E6361FBA6418CD9B2F50992B50A557
+CT=B1430F431ACC1C498FABF2D33B63CC67
+
+I=374
+KEY=BC09FAC540F44949F3B8EDFE2444CA725F465BE8ACFBDE558ACF3EF6E29A1748
+PT=B1430F431ACC1C498FABF2D33B63CC67
+CT=A90D76642D8D7899DD4A85EB92C89382
+
+I=375
+KEY=D26C1D07B51073C609030DC782FFAE93F64B2D8C8176A6CC5785BB1D705284CA
+PT=A90D76642D8D7899DD4A85EB92C89382
+CT=57522F39211100EF248D4A34E35CE4CE
+
+I=376
+KEY=2D7ADCD18F615F814B8D8B07CE48B4A1A11902B5A067A6237308F129930E6004
+PT=57522F39211100EF248D4A34E35CE4CE
+CT=87AED1E0C9F067C5F3F6D3D3BBCDE872
+
+I=377
+KEY=CA206C3442FAEFF3CB1292C675F52C2426B7D3556997C1E680FE22FA28C38876
+PT=87AED1E0C9F067C5F3F6D3D3BBCDE872
+CT=05798F53DFAE4A78D7BEEC24BE775B55
+
+I=378
+KEY=6ECC5BC346B18446D77FFBC44CCB0B1823CE5C06B6398B9E5740CEDE96B4D323
+PT=05798F53DFAE4A78D7BEEC24BE775B55
+CT=7677CE104395FFA15B51F81DAFBCAB1A
+
+I=379
+KEY=2E52C8E239CF1E959AB831307034FEF755B99216F5AC743F0C1136C339087839
+PT=7677CE104395FFA15B51F81DAFBCAB1A
+CT=760DE53561246F944B3E6279B39373F1
+
+I=380
+KEY=79B65B7D435E2134A1AB9A1CC1F08A8423B4772394881BAB472F54BA8A9B0BC8
+PT=760DE53561246F944B3E6279B39373F1
+CT=5B61CC978A9C808767C272432765EC0B
+
+I=381
+KEY=9EF57B89E7B8127348A9EF05E93DCC8D78D5BBB41E149B2C20ED26F9ADFEE7C3
+PT=5B61CC978A9C808767C272432765EC0B
+CT=902CDF3BD5E869E9CCFF8F2A454E1D42
+
+I=382
+KEY=15BB7B6BC685E4865BFA134C59CFC9C5E8F9648FCBFCF2C5EC12A9D3E8B0FA81
+PT=902CDF3BD5E869E9CCFF8F2A454E1D42
+CT=38264937B9372C316478BDF7AE578900
+
+I=383
+KEY=735D93C1DDD54986ACC6C2B0DFCC5E8AD0DF2DB872CBDEF4886A142446E77381
+PT=38264937B9372C316478BDF7AE578900
+CT=3BFE31D3E909E6EC3112F88DB8FFCA45
+
+I=384
+KEY=675B0E7FC5BCC3AF319B1D55C1F62CCAEB211C6B9BC23818B978ECA9FE18B9C4
+PT=3BFE31D3E909E6EC3112F88DB8FFCA45
+CT=2BFD5F6532BC1D2A8DA34481F9228B84
+
+I=385
+KEY=0AB242F9783E75D04E98733E63458F53C0DC430EA97E253234DBA828073A3240
+PT=2BFD5F6532BC1D2A8DA34481F9228B84
+CT=161481003108BAEFCC02BFD335C6A89F
+
+I=386
+KEY=58457CB82A24222839CF20D837F168A8D6C8C20E98769FDDF8D917FB32FC9ADF
+PT=161481003108BAEFCC02BFD335C6A89F
+CT=8A50E98A1165C1B6137231E519EC137B
+
+I=387
+KEY=C2C52CEA5654AAC9BD60FA04068094EF5C982B8489135E6BEBAB261E2B1089A4
+PT=8A50E98A1165C1B6137231E519EC137B
+CT=24ACAA0F045F5A6765D3B468550585B5
+
+I=388
+KEY=816757A434D81AA348E0B2F4FC44F4387834818B8D4C040C8E7892767E150C11
+PT=24ACAA0F045F5A6765D3B468550585B5
+CT=9993F9CBDAD9CA98C74CCBDB3E079F50
+
+I=389
+KEY=647A9F1E43B08FD15EFC17342EB8970AE1A778405795CE94493459AD40129341
+PT=9993F9CBDAD9CA98C74CCBDB3E079F50
+CT=F676785AEF58297C28035E8E065829FF
+
+I=390
+KEY=4BB8B5020862EA9228B663DEDB39336717D1001AB8CDE7E861370723464ABABE
+PT=F676785AEF58297C28035E8E065829FF
+CT=ED16C74BD4252F7B72AA37D11E198508
+
+I=391
+KEY=5392AAED87CE40891A69F4690A8743FBFAC7C7516CE8C893139D30F258533FB6
+PT=ED16C74BD4252F7B72AA37D11E198508
+CT=3BE7B6A9E197598146E98B7A501A2226
+
+I=392
+KEY=9D8BABE9C12E6BA3A18EB23A92205456C12071F88D7F91125574BB8808491D90
+PT=3BE7B6A9E197598146E98B7A501A2226
+CT=CC1163A3D9AF3307ED740591AB66BD81
+
+I=393
+KEY=231B451E506AC98FF993A3C7AD9C37F70D31125B54D0A215B800BE19A32FA011
+PT=CC1163A3D9AF3307ED740591AB66BD81
+CT=43FB8B2B44C740956111DA816616771D
+
+I=394
+KEY=1699C517EE1713D02C6EA0957E4A00CE4ECA99701017E280D9116498C539D70C
+PT=43FB8B2B44C740956111DA816616771D
+CT=A511AEA01DB8E7E16E7C53931625BEC3
+
+I=395
+KEY=2624CE7970CC5DAFAC73C881FDD5F6EBEBDB37D00DAF0561B76D370BD31C69CF
+PT=A511AEA01DB8E7E16E7C53931625BEC3
+CT=82EF6D2A1FF1DBCDF39DC04BE523229F
+
+I=396
+KEY=60C9931E19ED0D095F8DF75AEA56689769345AFA125EDEAC44F0F740363F4B50
+PT=82EF6D2A1FF1DBCDF39DC04BE523229F
+CT=A595C8AAAAAD80DD4F40693FF2D89A19
+
+I=397
+KEY=D461E3605B0AD0E87F5A078ECFE25934CCA19250B8F35E710BB09E7FC4E7D149
+PT=A595C8AAAAAD80DD4F40693FF2D89A19
+CT=57B18DFEAD129795C3BB8D6C06764729
+
+I=398
+KEY=0BE3FC6C21764F1C15782D52D92919A09B101FAE15E1C9E4C80B1313C2919660
+PT=57B18DFEAD129795C3BB8D6C06764729
+CT=6F8606BBA6CC03A5D0A64FE21E277B60
+
+I=399
+KEY=982D617A0F737342E99123A5A573D266F4961915B32DCA4118AD5CF1DCB6ED00
+PT=6F8606BBA6CC03A5D0A64FE21E277B60
+CT=1F6763DF807A7E70960D4CD3118E601A
+
+===========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_iv.readme b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_iv.readme
new file mode 100644
index 00000000..c3721576
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_iv.readme
@@ -0,0 +1,19 @@
+Description of the Intermediate Value Known Answer Test
+--------------------------------------------------------
+
+The test encrypts one plaintext with a variable number of rounds.
+In ECB encryption mode, the output PTi is the output after the 
+initial key addition and i rounds (a round ends with a key
+addition). 
+
+As explained in the documentation, in ECB decryption mode 
+there are several definitions of a `round' possible. In order
+to make visual inspection more intuitive, we output the
+intermediate values that correspond with the output of the
+encryption mode. 
+These values might actually not occur in a practical decryption,
+especially in an optimised implementation, where various operations
+of different rounds are interchanged.
+
+This explains also why the Java and the C code output different
+files for this test.
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_iv.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_iv.txt
new file mode 100644
index 00000000..3f6608e4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_iv.txt
@@ -0,0 +1,123 @@
+
+=========================
+
+FILENAME:  "ecb_iv.txt"
+
+Electronic Codebook (ECB) Mode
+Intermediate Value Known Answer Tests
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+==========
+
+KEYSIZE=128
+KEY=000102030405060708090A0B0C0D0E0F
+
+Intermediate Ciphertext Values (Encryption)
+
+PT=000102030405060708090A0B0C0D0E0F
+CT1=B5C9179EB1CC1199B9C51B92B5C8159D
+CT2=2B65F6374C427C5B2FE3A9256896755B
+CT3=D1015FCBB4EF65679688462076B9D6AD
+CT4=8E17064A2A35A183729FE59FF3A591F1
+CT5=D7557DD55999DB3259E2183D558DCDD2
+CT6=73A96A5D7799A5F3111D2B63684B1F7F
+CT7=1B6B853069EEFC749AFEFD7B57A04CD1
+CT8=107EEADFB6F77933B5457A6F08F046B2
+CT9=8EC166481A677AA96A14FF6ECE88C010
+CT=0A940BB5416EF045F1C39458C653EA5A
+
+Intermediate Ciphertext Values (Decryption)
+
+CT=0A940BB5416EF045F1C39458C653EA5A
+PT1=8EC166481A677AA96A14FF6ECE88C010
+PT2=107EEADFB6F77933B5457A6F08F046B2
+PT3=1B6B853069EEFC749AFEFD7B57A04CD1
+PT4=73A96A5D7799A5F3111D2B63684B1F7F
+PT5=D7557DD55999DB3259E2183D558DCDD2
+PT6=8E17064A2A35A183729FE59FF3A591F1
+PT7=D1015FCBB4EF65679688462076B9D6AD
+PT8=2B65F6374C427C5B2FE3A9256896755B
+PT9=B5C9179EB1CC1199B9C51B92B5C8159D
+PT=000102030405060708090A0B0C0D0E0F
+
+==========
+
+KEYSIZE=192
+KEY=000102030405060708090A0B0C0D0E0F1011121314151617
+
+Intermediate Ciphertext Values (Encryption)
+
+PT=000102030405060708090A0B0C0D0E0F
+CT1=73727170777675743B25919A3F20979D
+CT2=C673B27A311EC2EB64AD47FF53B233D7
+CT3=0B5CC6BA34C807E6496D79B46826A1E8
+CT4=005B53A5B660E280307883487E4D1A4D
+CT5=88A105F0DDD45F3674DBC3DE1A211B03
+CT6=EB5CD8B5FD8A3F33F03A70FB5C620C06
+CT7=909913B09BD2CC5A70B6C647931F0A1F
+CT8=6EB6CA10E395AFD646B02C5E9E745A9F
+CT9=2CFD2FC41AF82B8DFB80E9BD1C989ECE
+CT10=31C5D5E27EAF073E5C21ADAAEAA969D4
+CT11=1DB94956A7268B0DE963D27E55868580
+CT=0060BFFE46834BB8DA5CF9A61FF220AE
+
+Intermediate Ciphertext Values (Decryption)
+
+CT=0060BFFE46834BB8DA5CF9A61FF220AE
+PT1=1DB94956A7268B0DE963D27E55868580
+PT2=31C5D5E27EAF073E5C21ADAAEAA969D4
+PT3=2CFD2FC41AF82B8DFB80E9BD1C989ECE
+PT4=6EB6CA10E395AFD646B02C5E9E745A9F
+PT5=909913B09BD2CC5A70B6C647931F0A1F
+PT6=EB5CD8B5FD8A3F33F03A70FB5C620C06
+PT7=88A105F0DDD45F3674DBC3DE1A211B03
+PT8=005B53A5B660E280307883487E4D1A4D
+PT9=0B5CC6BA34C807E6496D79B46826A1E8
+PT10=C673B27A311EC2EB64AD47FF53B233D7
+PT11=73727170777675743B25919A3F20979D
+PT=000102030405060708090A0B0C0D0E0F
+
+==========
+
+KEYSIZE=256
+KEY=000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+
+Intermediate Ciphertext Values (Encryption)
+
+PT=000102030405060708090A0B0C0D0E0F
+CT1=73727170777675747B7A79787F7E7D7C
+CT2=4E5D32BB8B67FD1BD4CFEC9FFB20AC4F
+CT3=96A212E486341549C4AAF7C843F0277A
+CT4=0F45F284CDD0CB16E3EA81ECC891A4E1
+CT5=E59BFC458A89063E0137BBE6DB63A058
+CT6=1D958D960EA3143383C17D5CD87BA327
+CT7=43843EF40D9219481935B77A586DB5DE
+CT8=5AA5ABADBC40230CBA6124E9FAEEEFB5
+CT9=DAD61937BDFD582927F14C990C5FC761
+CT10=E8A48C5DEE5C0792AB6DFFF5B038529D
+CT11=4B71E5A8BFB4E9A5312A18119E68E829
+CT12=DCBA75CEE6589DDC0D289A172E8415B5
+CT13=8A0E856B2074C1093104131D0628BFE8
+CT=5A6E045708FB7196F02E553D02C3A692
+
+Intermediate Ciphertext Values (Decryption)
+
+CT=5A6E045708FB7196F02E553D02C3A692
+PT1=8A0E856B2074C1093104131D0628BFE8
+PT2=DCBA75CEE6589DDC0D289A172E8415B5
+PT3=4B71E5A8BFB4E9A5312A18119E68E829
+PT4=E8A48C5DEE5C0792AB6DFFF5B038529D
+PT5=DAD61937BDFD582927F14C990C5FC761
+PT6=5AA5ABADBC40230CBA6124E9FAEEEFB5
+PT7=43843EF40D9219481935B77A586DB5DE
+PT8=1D958D960EA3143383C17D5CD87BA327
+PT9=E59BFC458A89063E0137BBE6DB63A058
+PT10=0F45F284CDD0CB16E3EA81ECC891A4E1
+PT11=96A212E486341549C4AAF7C843F0277A
+PT12=4E5D32BB8B67FD1BD4CFEC9FFB20AC4F
+PT13=73727170777675747B7A79787F7E7D7C
+PT=000102030405060708090A0B0C0D0E0F
+
+==========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_tbl.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_tbl.txt
new file mode 100644
index 00000000..f1eef530
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_tbl.txt
@@ -0,0 +1,1955 @@
+/* Description of what tables are tested:
+   The provided implementations each use a different set of tables
+    - Java implementation: uses no tables
+    - reference C implementation: uses Logtable, Alogtable, S, Si, rcon
+    - fast C implementation: uses Logtable, Alogtable,  rcon
+        and additionally, T1, T2, T3, T4, T5, T6, T7, T8
+        and (for the inverse key schedule only) U1, U2, U3, U4.
+   All these tables are tested.
+
+=========================
+
+FILENAME:  "ecb_tbl.txt"
+
+Electronic Codebook (ECB) Mode
+Tables Known Answer Tests
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+==========
+
+KEYSIZE=128
+
+
+I=1
+KEY=00010203050607080A0B0C0D0F101112
+PT=506812A45F08C889B97F5980038B8359
+CT=D8F532538289EF7D06B506A4FD5BE9C9
+
+I=2
+KEY=14151617191A1B1C1E1F202123242526
+PT=5C6D71CA30DE8B8B00549984D2EC7D4B
+CT=59AB30F4D4EE6E4FF9907EF65B1FB68C
+
+I=3
+KEY=28292A2B2D2E2F30323334353738393A
+PT=53F3F4C64F8616E4E7C56199F48F21F6
+CT=BF1ED2FCB2AF3FD41443B56D85025CB1
+
+I=4
+KEY=3C3D3E3F41424344464748494B4C4D4E
+PT=A1EB65A3487165FB0F1C27FF9959F703
+CT=7316632D5C32233EDCB0780560EAE8B2
+
+I=5
+KEY=50515253555657585A5B5C5D5F606162
+PT=3553ECF0B1739558B08E350A98A39BFA
+CT=408C073E3E2538072B72625E68B8364B
+
+I=6
+KEY=64656667696A6B6C6E6F707173747576
+PT=67429969490B9711AE2B01DC497AFDE8
+CT=E1F94DFA776597BEACA262F2F6366FEA
+
+I=7
+KEY=78797A7B7D7E7F80828384858788898A
+PT=93385C1F2AEC8BED192F5A8E161DD508
+CT=F29E986C6A1C27D7B29FFD7EE92B75F1
+
+I=8
+KEY=8C8D8E8F91929394969798999B9C9D9E
+PT=B5BF946BE19BEB8DB3983B5F4C6E8DDB
+CT=131C886A57F8C2E713ABA6955E2B55B5
+
+I=9
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2
+PT=41321EE10E21BD907227C4450FF42324
+CT=D2AB7662DF9B8C740210E5EEB61C199D
+
+I=10
+KEY=B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=00A82F59C91C8486D12C0A80124F6089
+CT=14C10554B2859C484CAB5869BBE7C470
+
+I=11
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DA
+PT=7CE0FD076754691B4BBD9FAF8A1372FE
+CT=DB4D498F0A49CF55445D502C1F9AB3B5
+
+I=12
+KEY=DCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=23605A8243D07764541BC5AD355B3129
+CT=6D96FEF7D66590A77A77BB2056667F7F
+
+I=13
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE010002
+PT=12A8CFA23EA764FD876232B4E842BC44
+CT=316FB68EDBA736C53E78477BF913725C
+
+I=14
+KEY=04050607090A0B0C0E0F101113141516
+PT=BCAF32415E8308B3723E5FDD853CCC80
+CT=6936F2B93AF8397FD3A771FC011C8C37
+
+I=15
+KEY=2C2D2E2F31323334363738393B3C3D3E
+PT=89AFAE685D801AD747ACE91FC49ADDE0
+CT=F3F92F7A9C59179C1FCC2C2BA0B082CD
+
+I=16
+KEY=40414243454647484A4B4C4D4F505152
+PT=F521D07B484357C4A69E76124A634216
+CT=6A95EA659EE3889158E7A9152FF04EBC
+
+I=17
+KEY=54555657595A5B5C5E5F606163646566
+PT=3E23B3BC065BCC152407E23896D77783
+CT=1959338344E945670678A5D432C90B93
+
+I=18
+KEY=68696A6B6D6E6F70727374757778797A
+PT=79F0FBA002BE1744670E7E99290D8F52
+CT=E49BDDD2369B83EE66E6C75A1161B394
+
+I=19
+KEY=7C7D7E7F81828384868788898B8C8D8E
+PT=DA23FE9D5BD63E1D72E3DAFBE21A6C2A
+CT=D3388F19057FF704B70784164A74867D
+
+I=20
+KEY=A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=E3F5698BA90B6A022EFD7DB2C7E6C823
+CT=23AA03E2D5E4CD24F3217E596480D1E1
+
+I=21
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2
+PT=BDC2691D4F1B73D2700679C3BCBF9C6E
+CT=C84113D68B666AB2A50A8BDB222E91B9
+
+I=22
+KEY=08090A0B0D0E0F10121314151718191A
+PT=BA74E02093217EE1BA1B42BD5624349A
+CT=AC02403981CD4340B507963DB65CB7B6
+
+I=23
+KEY=6C6D6E6F71727374767778797B7C7D7E
+PT=B5C593B5851C57FBF8B3F57715E8F680
+CT=8D1299236223359474011F6BF5088414
+
+I=24
+KEY=80818283858687888A8B8C8D8F909192
+PT=3DA9BD9CEC072381788F9387C3BBF4EE
+CT=5A1D6AB8605505F7977E55B9A54D9B90
+
+I=25
+KEY=94959697999A9B9C9E9FA0A1A3A4A5A6
+PT=4197F3051121702AB65D316B3C637374
+CT=72E9C2D519CF555E4208805AABE3B258
+
+I=26
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BA
+PT=9F46C62EC4F6EE3F6E8C62554BC48AB7
+CT=A8F3E81C4A23A39EF4D745DFFE026E80
+
+I=27
+KEY=BCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCE
+PT=0220673FE9E699A4EBC8E0DBEB6979C8
+CT=546F646449D31458F9EB4EF5483AEE6C
+
+I=28
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2
+PT=B2B99171337DED9BC8C2C23FF6F18867
+CT=4DBE4BC84AC797C0EE4EFB7F1A07401C
+
+I=29
+KEY=E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=A7FACF4E301E984E5EFEEFD645B23505
+CT=25E10BFB411BBD4D625AC8795C8CA3B3
+
+I=30
+KEY=F8F9FAFBFDFEFE00020304050708090A
+PT=F7C762E4A9819160FD7ACFB6C4EEDCDD
+CT=315637405054EC803614E43DEF177579
+
+I=31
+KEY=0C0D0E0F11121314161718191B1C1D1E
+PT=9B64FC21EA08709F4915436FAA70F1BE
+CT=60C5BC8A1410247295C6386C59E572A8
+
+I=32
+KEY=20212223252627282A2B2C2D2F303132
+PT=52AF2C3DE07EE6777F55A4ABFC100B3F
+CT=01366FC8CA52DFE055D6A00A76471BA6
+
+I=33
+KEY=34353637393A3B3C3E3F404143444546
+PT=2FCA001224386C57AA3F968CBE2C816F
+CT=ECC46595516EC612449C3F581E7D42FF
+
+I=34
+KEY=48494A4B4D4E4F50525354555758595A
+PT=4149C73658A4A9C564342755EE2C132F
+CT=6B7FFE4C602A154B06EE9C7DAB5331C9
+
+I=35
+KEY=5C5D5E5F61626364666768696B6C6D6E
+PT=AF60005A00A1772F7C07A48A923C23D2
+CT=7DA234C14039A240DD02DD0FBF84EB67
+
+I=36
+KEY=70717273757677787A7B7C7D7F808182
+PT=6FCCBC28363759914B6F0280AFAF20C6
+CT=C7DC217D9E3604FFE7E91F080ECD5A3A
+
+I=37
+KEY=84858687898A8B8C8E8F909193949596
+PT=7D82A43DDF4FEFA2FC5947499884D386
+CT=37785901863F5C81260EA41E7580CDA5
+
+I=38
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AA
+PT=5D5A990EAAB9093AFE4CE254DFA49EF9
+CT=A07B9338E92ED105E6AD720FCCCE9FE4
+
+I=39
+KEY=ACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=4CD1E2FD3F4434B553AAE453F0ED1A02
+CT=AE0FB9722418CC21A7DA816BBC61322C
+
+I=40
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2
+PT=5A2C9A9641D4299125FA1B9363104B5E
+CT=C826A193080FF91FFB21F71D3373C877
+
+I=41
+KEY=D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=B517FE34C0FA217D341740BFD4FE8DD4
+CT=1181B11B0E494E8D8B0AA6B1D5AC2C48
+
+I=42
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA
+PT=014BAF2278A69D331D5180103643E99A
+CT=6743C3D1519AB4F2CD9A78AB09A511BD
+
+I=43
+KEY=FCFDFEFF01020304060708090B0C0D0E
+PT=B529BD8164F20D0AA443D4932116841C
+CT=DC55C076D52BACDF2EEFD952946A439D
+
+I=44
+KEY=10111213151617181A1B1C1D1F202122
+PT=2E596DCBB2F33D4216A1176D5BD1E456
+CT=711B17B590FFC72B5C8E342B601E8003
+
+I=45
+KEY=24252627292A2B2C2E2F303133343536
+PT=7274A1EA2B7EE2424E9A0E4673689143
+CT=19983BB0950783A537E1339F4AA21C75
+
+I=46
+KEY=38393A3B3D3E3F40424344454748494A
+PT=AE20020BD4F13E9D90140BEE3B5D26AF
+CT=3BA7762E15554169C0F4FA39164C410C
+
+I=47
+KEY=4C4D4E4F51525354565758595B5C5D5E
+PT=BAAC065DA7AC26E855E79C8849D75A02
+CT=A0564C41245AFCA7AF8AA2E0E588EA89
+
+I=48
+KEY=60616263656667686A6B6C6D6F707172
+PT=7C917D8D1D45FAB9E2540E28832540CC
+CT=5E36A42A2E099F54AE85ECD92E2381ED
+
+I=49
+KEY=74757677797A7B7C7E7F808183848586
+PT=BDE6F89E16DAADB0E847A2A614566A91
+CT=770036F878CD0F6CA2268172F106F2FE
+
+I=50
+KEY=88898A8B8D8E8F90929394959798999A
+PT=C9DE163725F1F5BE44EBB1DB51D07FBC
+CT=7E4E03908B716116443CCF7C94E7C259
+
+I=51
+KEY=9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=3AF57A58F0C07DFFA669572B521E2B92
+CT=482735A48C30613A242DD494C7F9185D
+
+I=52
+KEY=B0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2
+PT=3D5EBAC306DDE4604F1B4FBBBFCDAE55
+CT=B4C0F6C9D4D7079ADDF9369FC081061D
+
+I=53
+KEY=C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=C2DFA91BCEB76A1183C995020AC0B556
+CT=D5810FE0509AC53EDCD74F89962E6270
+
+I=54
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EA
+PT=C70F54305885E9A0746D01EC56C8596B
+CT=03F17A16B3F91848269ECDD38EBB2165
+
+I=55
+KEY=ECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=C4F81B610E98012CE000182050C0C2B2
+CT=DA1248C3180348BAD4A93B4D9856C9DF
+
+I=56
+KEY=00010203050607080A0B0C0D0F101112
+PT=EAAB86B1D02A95D7404EFF67489F97D4
+CT=3D10D7B63F3452C06CDF6CCE18BE0C2C
+
+I=57
+KEY=14151617191A1B1C1E1F202123242526
+PT=7C55BDB40B88870B52BEC3738DE82886
+CT=4AB823E7477DFDDC0E6789018FCB6258
+
+I=58
+KEY=28292A2B2D2E2F30323334353738393A
+PT=BA6EAA88371FF0A3BD875E3F2A975CE0
+CT=E6478BA56A77E70CFDAA5C843ABDE30E
+
+I=59
+KEY=3C3D3E3F41424344464748494B4C4D4E
+PT=08059130C4C24BD30CF0575E4E0373DC
+CT=1673064895FBEAF7F09C5429FF75772D
+
+I=60
+KEY=50515253555657585A5B5C5D5F606162
+PT=9A8EAB004EF53093DFCF96F57E7EDA82
+CT=4488033AE9F2EFD0CA9383BFCA1A94E9
+
+I=61
+KEY=64656667696A6B6C6E6F707173747576
+PT=0745B589E2400C25F117B1D796C28129
+CT=978F3B8C8F9D6F46626CAC3C0BCB9217
+
+I=62
+KEY=78797A7B7D7E7F80828384858788898A
+PT=2F1777781216CEC3F044F134B1B92BBE
+CT=E08C8A7E582E15E5527F1D9E2EECB236
+
+I=63
+KEY=8C8D8E8F91929394969798999B9C9D9E
+PT=353A779FFC541B3A3805D90CE17580FC
+CT=CEC155B76AC5FFDA4CF4F9CA91E49A7A
+
+I=64
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2
+PT=1A1EAE4415CEFCF08C4AC1C8F68BEA8F
+CT=D5AC7165763225DD2A38CDC6862C29AD
+
+I=65
+KEY=B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=E6E7E4E5B0B3B2B5D4D5AAAB16111013
+CT=03680FE19F7CE7275452020BE70E8204
+
+I=66
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DA
+PT=F8F9FAFBFBF8F9E677767170EFE0E1E2
+CT=461DF740C9781C388E94BB861CEB54F6
+
+I=67
+KEY=DCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=63626160A1A2A3A445444B4A75727370
+CT=451BD60367F96483042742219786A074
+
+I=68
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE010002
+PT=717073720605040B2D2C2B2A05FAFBF9
+CT=E4DFA42671A02E57EF173B85C0EA9F2B
+
+I=69
+KEY=04050607090A0B0C0E0F101113141516
+PT=78797A7BEAE9E8EF3736292891969794
+CT=ED11B89E76274282227D854700A78B9E
+
+I=70
+KEY=18191A1B1D1E1F20222324252728292A
+PT=838281803231300FDDDCDBDAA0AFAEAD
+CT=433946EAA51EA47AF33895F2B90B3B75
+
+I=71
+KEY=2C2D2E2F31323334363738393B3C3D3E
+PT=18191A1BBFBCBDBA75747B7A7F78797A
+CT=6BC6D616A5D7D0284A5910AB35022528
+
+I=72
+KEY=40414243454647484A4B4C4D4F505152
+PT=848586879B989996A3A2A5A4849B9A99
+CT=D2A920ECFE919D354B5F49EAE9719C98
+
+I=73
+KEY=54555657595A5B5C5E5F606163646566
+PT=0001020322212027CACBF4F551565754
+CT=3A061B17F6A92885EFBD0676985B373D
+
+I=74
+KEY=68696A6B6D6E6F70727374757778797A
+PT=CECFCCCDAFACADB2515057564A454447
+CT=FADEEC16E33EA2F4688499D157E20D8F
+
+I=75
+KEY=7C7D7E7F81828384868788898B8C8D8E
+PT=92939091CDCECFC813121D1C80878685
+CT=5CDEFEDE59601AA3C3CDA36FA6B1FA13
+
+I=76
+KEY=90919293959697989A9B9C9D9FA0A1A2
+PT=D2D3D0D16F6C6D6259585F5ED1EEEFEC
+CT=9574B00039844D92EBBA7EE8719265F8
+
+I=77
+KEY=A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=ACADAEAF878485820F0E1110D5D2D3D0
+CT=9A9CF33758671787E5006928188643FA
+
+I=78
+KEY=B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CA
+PT=9091929364676619E6E7E0E1757A7B78
+CT=2CDDD634C846BA66BB46CBFEA4A674F9
+
+I=79
+KEY=CCCDCECFD1D2D3D4D6D7D8D9DBDCDDDE
+PT=BABBB8B98A89888F74757A7B92959497
+CT=D28BAE029393C3E7E26E9FAFBBB4B98F
+
+I=80
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2
+PT=8D8C8F8E6E6D6C633B3A3D3CCAD5D4D7
+CT=EC27529B1BEE0A9AB6A0D73EBC82E9B7
+
+I=81
+KEY=F4F5F6F7F9FAFBFCFEFE010103040506
+PT=86878485010203040808F7F767606162
+CT=3CB25C09472AFF6EE7E2B47CCD7CCB17
+
+I=82
+KEY=08090A0B0D0E0F10121314151718191A
+PT=8E8F8C8D656667788A8B8C8D010E0F0C
+CT=DEE33103A7283370D725E44CA38F8FE5
+
+I=83
+KEY=1C1D1E1F21222324262728292B2C2D2E
+PT=C8C9CACB858687807A7B7475E7E0E1E2
+CT=27F9BCD1AAC64BFFC11E7815702C1A69
+
+I=84
+KEY=30313233353637383A3B3C3D3F404142
+PT=6D6C6F6E5053525D8C8D8A8BADD2D3D0
+CT=5DF534FFAD4ED0749A9988E9849D0021
+
+I=85
+KEY=44454647494A4B4C4E4F505153545556
+PT=28292A2B393A3B3C0607181903040506
+CT=A48BEE75DB04FB60CA2B80F752A8421B
+
+I=86
+KEY=58595A5B5D5E5F60626364656768696A
+PT=A5A4A7A6B0B3B28DDBDADDDCBDB2B3B0
+CT=024C8CF70BC86EE5CE03678CB7AF45F9
+
+I=87
+KEY=6C6D6E6F71727374767778797B7C7D7E
+PT=323330316467666130313E3F2C2B2A29
+CT=3C19AC0F8A3A3862CE577831301E166B
+
+I=88
+KEY=80818283858687888A8B8C8D8F909192
+PT=27262524080B0A05171611100B141516
+CT=C5E355B796A57421D59CA6BE82E73BCA
+
+I=89
+KEY=94959697999A9B9C9E9FA0A1A3A4A5A6
+PT=040506074142434435340B0AA3A4A5A6
+CT=D94033276417ABFB05A69D15B6E386E2
+
+I=90
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BA
+PT=242526271112130C61606766BDB2B3B0
+CT=24B36559EA3A9B9B958FE6DA3E5B8D85
+
+I=91
+KEY=BCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCE
+PT=4B4A4948252627209E9F9091CEC9C8CB
+CT=20FD4FEAA0E8BF0CCE7861D74EF4CB72
+
+I=92
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2
+PT=68696A6B6665646B9F9E9998D9E6E7E4
+CT=350E20D5174277B9EC314C501570A11D
+
+I=93
+KEY=E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=34353637C5C6C7C0F0F1EEEF7C7B7A79
+CT=87A29D61B7C604D238FE73045A7EFD57
+
+I=94
+KEY=F8F9FAFBFDFEFE00020304050708090A
+PT=32333031C2C1C13F0D0C0B0A050A0B08
+CT=2C3164C1CC7D0064816BDC0FAA362C52
+
+I=95
+KEY=0C0D0E0F11121314161718191B1C1D1E
+PT=CDCCCFCEBEBDBCBBABAAA5A4181F1E1D
+CT=195FE5E8A05A2ED594F6E4400EEE10B3
+
+I=96
+KEY=20212223252627282A2B2C2D2F303132
+PT=212023223635343BA0A1A6A7445B5A59
+CT=E4663DF19B9A21A5A284C2BD7F905025
+
+I=97
+KEY=34353637393A3B3C3E3F404143444546
+PT=0E0F0C0DA8ABAAAD2F2E515002050407
+CT=21B88714CFB4E2A933BD281A2C4743FD
+
+I=98
+KEY=48494A4B4D4E4F50525354555758595A
+PT=070605042A2928378E8F8889BDB2B3B0
+CT=CBFC3980D704FD0FC54378AB84E17870
+
+I=99
+KEY=5C5D5E5F61626364666768696B6C6D6E
+PT=CBCAC9C893909196A9A8A7A6A5A2A3A0
+CT=BC5144BAA48BDEB8B63E22E03DA418EF
+
+I=100
+KEY=70717273757677787A7B7C7D7F808182
+PT=80818283C1C2C3CC9C9D9A9B0CF3F2F1
+CT=5A1DBAEF1EE2984B8395DA3BDFFA3CCC
+
+I=101
+KEY=84858687898A8B8C8E8F909193949596
+PT=1213101125262720FAFBE4E5B1B6B7B4
+CT=F0B11CD0729DFCC80CEC903D97159574
+
+I=102
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AA
+PT=7F7E7D7C3033320D97969190222D2C2F
+CT=9F95314ACFDDC6D1914B7F19A9CC8209
+
+I=103
+KEY=ACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=4E4F4C4D484B4A4D81808F8E53545556
+CT=595736F6F0F70914A94E9E007F022519
+
+I=104
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2
+PT=DCDDDEDFB0B3B2BD15141312A1BEBFBC
+CT=1F19F57892CAE586FCDFB4C694DEB183
+
+I=105
+KEY=D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=93929190282B2A2DC4C5FAFB92959497
+CT=540700EE1F6F3DAB0B3EDDF6CAEE1EF5
+
+I=106
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA
+PT=F5F4F7F6C4C7C6D9373631307E717073
+CT=14A342A91019A331687A2254E6626CA2
+
+I=107
+KEY=FCFDFEFF01020304060708090B0C0D0E
+PT=93929190B6B5B4B364656A6B05020300
+CT=7B25F3C3B2EEA18D743EF283140F29FF
+
+I=108
+KEY=10111213151617181A1B1C1D1F202122
+PT=BABBB8B90D0E0F00A4A5A2A3043B3A39
+CT=46C2587D66E5E6FA7F7CA6411AD28047
+
+I=109
+KEY=24252627292A2B2C2E2F303133343536
+PT=D8D9DADB7F7C7D7A10110E0F787F7E7D
+CT=09470E72229D954ED5EE73886DFEEBA9
+
+I=110
+KEY=38393A3B3D3E3F40424344454748494A
+PT=FEFFFCFDEFECED923B3A3D3C6768696A
+CT=D77C03DE92D4D0D79EF8D4824EF365EB
+
+I=111
+KEY=4C4D4E4F51525354565758595B5C5D5E
+PT=D6D7D4D58A89888F96979899A5A2A3A0
+CT=1D190219F290E0F1715D152D41A23593
+
+I=112
+KEY=60616263656667686A6B6C6D6F707172
+PT=18191A1BA8ABAAA5303136379B848586
+CT=A2CD332CE3A0818769616292E87F757B
+
+I=113
+KEY=74757677797A7B7C7E7F808183848586
+PT=6B6A6968A4A7A6A1D6D72829B0B7B6B5
+CT=D54AFA6CE60FBF9341A3690E21385102
+
+I=114
+KEY=88898A8B8D8E8F90929394959798999A
+PT=000102038A89889755545352A6A9A8AB
+CT=06E5C364DED628A3F5E05E613E356F46
+
+I=115
+KEY=9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=2D2C2F2EB3B0B1B6B6B7B8B9F2F5F4F7
+CT=EAE63C0E62556DAC85D221099896355A
+
+I=116
+KEY=B0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2
+PT=979695943536373856575051E09F9E9D
+CT=1FED060E2C6FC93EE764403A889985A2
+
+I=117
+KEY=C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=A4A5A6A7989B9A9DB1B0AFAE7A7D7C7F
+CT=C25235C1A30FDEC1C7CB5C5737B2A588
+
+I=118
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EA
+PT=C1C0C3C2686B6A55A8A9AEAFEAE5E4E7
+CT=796DBEF95147D4D30873AD8B7B92EFC0
+
+I=119
+KEY=ECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=C1C0C3C2141716118C8D828364636261
+CT=CBCF0FB34D98D0BD5C22CE37211A46BF
+
+I=120
+KEY=00010203050607080A0B0C0D0F101112
+PT=93929190CCCFCEC196979091E0FFFEFD
+CT=94B44DA6466126CAFA7C7FD09063FC24
+
+I=121
+KEY=14151617191A1B1C1E1F202123242526
+PT=B4B5B6B7F9FAFBFC25241B1A6E69686B
+CT=D78C5B5EBF9B4DBDA6AE506C5074C8FE
+
+I=122
+KEY=28292A2B2D2E2F30323334353738393A
+PT=868784850704051AC7C6C1C08788898A
+CT=6C27444C27204B043812CF8CF95F9769
+
+I=123
+KEY=3C3D3E3F41424344464748494B4C4D4E
+PT=F4F5F6F7AAA9A8AFFDFCF3F277707172
+CT=BE94524EE5A2AA50BBA8B75F4C0AEBCF
+
+I=124
+KEY=50515253555657585A5B5C5D5F606162
+PT=D3D2D1D00605040BC3C2C5C43E010003
+CT=A0AEAAE91BA9F31F51AEB3588CF3A39E
+
+I=125
+KEY=64656667696A6B6C6E6F707173747576
+PT=73727170424140476A6B74750D0A0B08
+CT=275297779C28266EF9FE4C6A13C08488
+
+I=126
+KEY=78797A7B7D7E7F80828384858788898A
+PT=C2C3C0C10A0908F754555253A1AEAFAC
+CT=86523D92BB8672CB01CF4A77FD725882
+
+I=127
+KEY=8C8D8E8F91929394969798999B9C9D9E
+PT=6D6C6F6EF8FBFAFD82838C8DF8FFFEFD
+CT=4B8327640E9F33322A04DD96FCBF9A36
+
+I=128
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2
+PT=F5F4F7F684878689A6A7A0A1D2CDCCCF
+CT=CE52AF650D088CA559425223F4D32694
+
+==========
+
+KEYSIZE=192
+
+
+I=1
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C
+PT=2D33EEF2C0430A8A9EBF45E809C40BB6
+CT=DFF4945E0336DF4C1C56BC700EFF837F
+
+I=2
+KEY=1E1F20212324252628292A2B2D2E2F30323334353738393A
+PT=6AA375D1FA155A61FB72353E0A5A8756
+CT=B6FDDEF4752765E347D5D2DC196D1252
+
+I=3
+KEY=3C3D3E3F41424344464748494B4C4D4E5051525355565758
+PT=BC3736518B9490DCB8ED60EB26758ED4
+CT=D23684E3D963B3AFCF1A114ACA90CBD6
+
+I=4
+KEY=5A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=AA214402B46CFFB9F761EC11263A311E
+CT=3A7AC027753E2A18C2CEAB9E17C11FD0
+
+I=5
+KEY=78797A7B7D7E7F80828384858788898A8C8D8E8F91929394
+PT=02AEA86E572EEAB66B2C3AF5E9A46FD6
+CT=8F6786BD007528BA26603C1601CDD0D8
+
+I=6
+KEY=969798999B9C9D9EA0A1A2A3A5A6A7A8AAABACADAFB0B1B2
+PT=E2AEF6ACC33B965C4FA1F91C75FF6F36
+CT=D17D073B01E71502E28B47AB551168B3
+
+I=7
+KEY=B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6C8C9CACBCDCECFD0
+PT=0659DF46427162B9434865DD9499F91D
+CT=A469DA517119FAB95876F41D06D40FFA
+
+I=8
+KEY=D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=49A44239C748FEB456F59C276A5658DF
+CT=6091AA3B695C11F5C0B6AD26D3D862FF
+
+I=9
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE01000204050607090A0B0C
+PT=66208F6E9D04525BDEDB2733B6A6BE37
+CT=70F9E67F9F8DF1294131662DC6E69364
+
+I=10
+KEY=0E0F10111314151618191A1B1D1E1F20222324252728292A
+PT=3393F8DFC729C97F5480B950BC9666B0
+CT=D154DCAFAD8B207FA5CBC95E9996B559
+
+I=11
+KEY=2C2D2E2F31323334363738393B3C3D3E4041424345464748
+PT=606834C8CE063F3234CF1145325DBD71
+CT=4934D541E8B46FA339C805A7AEB9E5DA
+
+I=12
+KEY=4A4B4C4D4F50515254555657595A5B5C5E5F606163646566
+PT=FEC1C04F529BBD17D8CECFCC4718B17F
+CT=62564C738F3EFE186E1A127A0C4D3C61
+
+I=13
+KEY=68696A6B6D6E6F70727374757778797A7C7D7E7F81828384
+PT=32DF99B431ED5DC5ACF8CAF6DC6CE475
+CT=07805AA043986EB23693E23BEF8F3438
+
+I=14
+KEY=868788898B8C8D8E90919293959697989A9B9C9D9FA0A1A2
+PT=7FDC2B746F3F665296943B83710D1F82
+CT=DF0B4931038BADE848DEE3B4B85AA44B
+
+I=15
+KEY=A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6B8B9BABBBDBEBFC0
+PT=8FBA1510A3C5B87E2EAA3F7A91455CA2
+CT=592D5FDED76582E4143C65099309477C
+
+I=16
+KEY=C2C3C4C5C7C8C9CACCCDCECFD1D2D3D4D6D7D8D9DBDCDDDE
+PT=2C9B468B1C2EED92578D41B0716B223B
+CT=C9B8D6545580D3DFBCDD09B954ED4E92
+
+I=17
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2F4F5F6F7F9FAFBFC
+PT=0A2BBF0EFC6BC0034F8A03433FCA1B1A
+CT=5DCCD5D6EB7C1B42ACB008201DF707A0
+
+I=18
+KEY=FEFE01010304050608090A0B0D0E0F10121314151718191A
+PT=25260E1F31F4104D387222E70632504B
+CT=A2A91682FFEB6ED1D34340946829E6F9
+
+I=19
+KEY=1C1D1E1F21222324262728292B2C2D2E3031323335363738
+PT=C527D25A49F08A5228D338642AE65137
+CT=E45D185B797000348D9267960A68435D
+
+I=20
+KEY=3A3B3C3D3F40414244454647494A4B4C4E4F505153545556
+PT=3B49FC081432F5890D0E3D87E884A69E
+CT=45E060DAE5901CDA8089E10D4F4C246B
+
+I=21
+KEY=58595A5B5D5E5F60626364656768696A6C6D6E6F71727374
+PT=D173F9ED1E57597E166931DF2754A083
+CT=F6951AFACC0079A369C71FDCFF45DF50
+
+I=22
+KEY=767778797B7C7D7E80818283858687888A8B8C8D8F909192
+PT=8C2B7CAFA5AFE7F13562DAEAE1ADEDE0
+CT=9E95E00F351D5B3AC3D0E22E626DDAD6
+
+I=23
+KEY=94959697999A9B9C9E9FA0A1A3A4A5A6A8A9AAABADAEAFB0
+PT=AAF4EC8C1A815AEB826CAB741339532C
+CT=9CB566FF26D92DAD083B51FDC18C173C
+
+I=24
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2E4E5E6E7E9EAEBEC
+PT=40BE8C5D9108E663F38F1A2395279ECF
+CT=C9C82766176A9B228EB9A974A010B4FB
+
+I=25
+KEY=2A2B2C2D2F30313234353637393A3B3C3E3F404143444546
+PT=0C8AD9BC32D43E04716753AA4CFBE351
+CT=D8E26AA02945881D5137F1C1E1386E88
+
+I=26
+KEY=48494A4B4D4E4F50525354555758595A5C5D5E5F61626364
+PT=1407B1D5F87D63357C8DC7EBBAEBBFEE
+CT=C0E024CCD68FF5FFA4D139C355A77C55
+
+I=27
+KEY=84858687898A8B8C8E8F90919394959698999A9B9D9E9FA0
+PT=E62734D1AE3378C4549E939E6F123416
+CT=0B18B3D16F491619DA338640DF391D43
+
+I=28
+KEY=A2A3A4A5A7A8A9AAACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=5A752CFF2A176DB1A1DE77F2D2CDEE41
+CT=DBE09AC8F66027BF20CB6E434F252EFC
+
+I=29
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2D4D5D6D7D9DADBDC
+PT=A9C8C3A4EABEDC80C64730DDD018CD88
+CT=6D04E5E43C5B9CBE05FEB9606B6480FE
+
+I=30
+KEY=1A1B1C1D1F20212224252627292A2B2C2E2F303133343536
+PT=EE9B3DBBDB86180072130834D305999A
+CT=DD1D6553B96BE526D9FEE0FBD7176866
+
+I=31
+KEY=38393A3B3D3E3F40424344454748494A4C4D4E4F51525354
+PT=A7FA8C3586B8EBDE7568EAD6F634A879
+CT=0260CA7E3F979FD015B0DD4690E16D2A
+
+I=32
+KEY=929394959798999A9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=37E0F4A87F127D45AC936FE7AD88C10A
+CT=9893734DE10EDCC8A67C3B110B8B8CC6
+
+I=33
+KEY=464748494B4C4D4E50515253555657585A5B5C5D5F606162
+PT=3F77D8B5D92BAC148E4E46F697A535C5
+CT=93B30B750516B2D18808D710C2EE84EF
+
+I=34
+KEY=828384858788898A8C8D8E8F91929394969798999B9C9D9E
+PT=D25EBB686C40F7E2C4DA1014936571CA
+CT=16F65FA47BE3CB5E6DFE7C6C37016C0E
+
+I=35
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2B4B5B6B7B9BABBBC
+PT=4F1C769D1E5B0552C7ECA84DEA26A549
+CT=F3847210D5391E2360608E5ACB560581
+
+I=36
+KEY=BEBFC0C1C3C4C5C6C8C9CACBCDCECFD0D2D3D4D5D7D8D9DA
+PT=8548E2F882D7584D0FAFC54372B6633A
+CT=8754462CD223366D0753913E6AF2643D
+
+I=37
+KEY=DCDDDEDFE1E2E3E4E6E7E8E9EBECEDEEF0F1F2F3F5F6F7F8
+PT=87D7A336CB476F177CD2A51AF2A62CDF
+CT=1EA20617468D1B806A1FD58145462017
+
+I=38
+KEY=FAFBFCFDFE01000204050607090A0B0C0E0F101113141516
+PT=03B1FEAC668C4E485C1065DFC22B44EE
+CT=3B155D927355D737C6BE9DDA60136E2E
+
+I=39
+KEY=18191A1B1D1E1F20222324252728292A2C2D2E2F31323334
+PT=BDA15E66819FA72D653A6866AA287962
+CT=26144F7B66DAA91B6333DBD3850502B3
+
+I=40
+KEY=363738393B3C3D3E40414243454647484A4B4C4D4F505152
+PT=4D0C7A0D2505B80BF8B62CEB12467F0A
+CT=E4F9A4AB52CED8134C649BF319EBCC90
+
+I=41
+KEY=54555657595A5B5C5E5F60616364656668696A6B6D6E6F70
+PT=626D34C9429B37211330986466B94E5F
+CT=B9DDD29AC6128A6CAB121E34A4C62B36
+
+I=42
+KEY=727374757778797A7C7D7E7F81828384868788898B8C8D8E
+PT=333C3E6BF00656B088A17E5FF0E7F60A
+CT=6FCDDAD898F2CE4EFF51294F5EAAF5C9
+
+I=43
+KEY=90919293959697989A9B9C9D9FA0A1A2A4A5A6A7A9AAABAC
+PT=687ED0CDC0D2A2BC8C466D05EF9D2891
+CT=C9A6FE2BF4028080BEA6F7FC417BD7E3
+
+I=44
+KEY=AEAFB0B1B3B4B5B6B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CA
+PT=487830E78CC56C1693E64B2A6660C7B6
+CT=6A2026846D8609D60F298A9C0673127F
+
+I=45
+KEY=CCCDCECFD1D2D3D4D6D7D8D9DBDCDDDEE0E1E2E3E5E6E7E8
+PT=7A48D6B7B52B29392AA2072A32B66160
+CT=2CB25C005E26EFEA44336C4C97A4240B
+
+I=46
+KEY=EAEBECEDEFF0F1F2F4F5F6F7F9FAFBFCFEFE010103040506
+PT=907320E64C8C5314D10F8D7A11C8618D
+CT=496967AB8680DDD73D09A0E4C7DCC8AA
+
+I=47
+KEY=08090A0B0D0E0F10121314151718191A1C1D1E1F21222324
+PT=B561F2CA2D6E65A4A98341F3ED9FF533
+CT=D5AF94DE93487D1F3A8C577CB84A66A4
+
+I=48
+KEY=262728292B2C2D2E30313233353637383A3B3C3D3F404142
+PT=DF769380D212792D026F049E2E3E48EF
+CT=84BDAC569CAE2828705F267CC8376E90
+
+I=49
+KEY=44454647494A4B4C4E4F50515354555658595A5B5D5E5F60
+PT=79F374BC445BDABF8FCCB8843D6054C6
+CT=F7401DDA5AD5AB712B7EB5D10C6F99B6
+
+I=50
+KEY=626364656768696A6C6D6E6F71727374767778797B7C7D7E
+PT=4E02F1242FA56B05C68DBAE8FE44C9D6
+CT=1C9D54318539EBD4C3B5B7E37BF119F0
+
+I=51
+KEY=80818283858687888A8B8C8D8F90919294959697999A9B9C
+PT=CF73C93CBFF57AC635A6F4AD2A4A1545
+CT=ACA572D65FB2764CFFD4A6ECA090EA0D
+
+I=52
+KEY=9E9FA0A1A3A4A5A6A8A9AAABADAEAFB0B2B3B4B5B7B8B9BA
+PT=9923548E2875750725B886566784C625
+CT=36D9C627B8C2A886A10CCB36EAE3DFBB
+
+I=53
+KEY=BCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCED0D1D2D3D5D6D7D8
+PT=4888336B723A022C9545320F836A4207
+CT=010EDBF5981E143A81D646E597A4A568
+
+I=54
+KEY=DADBDCDDDFE0E1E2E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=F84D9A5561B0608B1160DEE000C41BA8
+CT=8DB44D538DC20CC2F40F3067FD298E60
+
+I=55
+KEY=F8F9FAFBFDFEFE00020304050708090A0C0D0E0F11121314
+PT=C23192A0418E30A19B45AE3E3625BF22
+CT=930EB53BC71E6AC4B82972BDCD5AAFB3
+
+I=56
+KEY=161718191B1C1D1E20212223252627282A2B2C2D2F303132
+PT=B84E0690B28B0025381AD82A15E501A7
+CT=6C42A81EDCBC9517CCD89C30C95597B4
+
+I=57
+KEY=34353637393A3B3C3E3F40414344454648494A4B4D4E4F50
+PT=ACEF5E5C108876C4F06269F865B8F0B0
+CT=DA389847AD06DF19D76EE119C71E1DD3
+
+I=58
+KEY=525354555758595A5C5D5E5F61626364666768696B6C6D6E
+PT=0F1B3603E0F5DDEA4548246153A5E064
+CT=E018FDAE13D3118F9A5D1A647A3F0462
+
+I=59
+KEY=70717273757677787A7B7C7D7F80818284858687898A8B8C
+PT=FBB63893450D42B58C6D88CD3C1809E3
+CT=2AA65DB36264239D3846180FABDFAD20
+
+I=60
+KEY=8E8F90919394959698999A9B9D9E9FA0A2A3A4A5A7A8A9AA
+PT=4BEF736DF150259DAE0C91354E8A5F92
+CT=1472163E9A4F780F1CEB44B07ECF4FDB
+
+I=61
+KEY=ACADAEAFB1B2B3B4B6B7B8B9BBBCBDBEC0C1C2C3C5C6C7C8
+PT=7D2D46242056EF13D3C3FC93C128F4C7
+CT=C8273FDC8F3A9F72E91097614B62397C
+
+I=62
+KEY=CACBCCCDCFD0D1D2D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=E9C1BA2DF415657A256EDB33934680FD
+CT=66C8427DCD733AAF7B3470CB7D976E3F
+
+I=63
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FAFCFDFEFF01020304
+PT=E23EE277B0AA0A1DFB81F7527C3514F1
+CT=146131CB17F1424D4F8DA91E6F80C1D0
+
+I=64
+KEY=060708090B0C0D0E10111213151617181A1B1C1D1F202122
+PT=3E7445B0B63CAAF75E4A911E12106B4C
+CT=2610D0AD83659081AE085266A88770DC
+
+I=65
+KEY=24252627292A2B2C2E2F30313334353638393A3B3D3E3F40
+PT=767774752023222544455A5BE6E1E0E3
+CT=38A2B5A974B0575C5D733917FB0D4570
+
+I=66
+KEY=424344454748494A4C4D4E4F51525354565758595B5C5D5E
+PT=72737475717E7F7CE9E8EBEA696A6B6C
+CT=E21D401EBC60DE20D6C486E4F39A588B
+
+I=67
+KEY=60616263656667686A6B6C6D6F70717274757677797A7B7C
+PT=DFDEDDDC25262728C9C8CFCEF1EEEFEC
+CT=E51D5F88C670B079C0CA1F0C2C4405A2
+
+I=68
+KEY=7E7F80818384858688898A8B8D8E8F90929394959798999A
+PT=FFFE0100707776755F5E5D5C7675746B
+CT=246A94788A642FB3D1B823C8762380C8
+
+I=69
+KEY=9C9D9E9FA1A2A3A4A6A7A8A9ABACADAEB0B1B2B3B5B6B7B8
+PT=E0E1E2E3424140479F9E9190292E2F2C
+CT=B80C391C5C41A4C3B30C68E0E3D7550F
+
+I=70
+KEY=BABBBCBDBFC0C1C2C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=2120272690EFEEED3B3A39384E4D4C4B
+CT=B77C4754FC64EB9A1154A9AF0BB1F21C
+
+I=71
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EAECEDEEEFF1F2F3F4
+PT=ECEDEEEF5350516EA1A0A7A6A3ACADAE
+CT=FB554DE520D159A06BF219FC7F34A02F
+
+I=72
+KEY=F6F7F8F9FBFCFDFE00010203050607080A0B0C0D0F101112
+PT=32333C3D25222320E9E8EBEACECDCCC3
+CT=A89FBA152D76B4927BEED160DDB76C57
+
+I=73
+KEY=14151617191A1B1C1E1F20212324252628292A2B2D2E2F30
+PT=40414243626160678A8BB4B511161714
+CT=5676EAB4A98D2E8473B3F3D46424247C
+
+I=74
+KEY=323334353738393A3C3D3E3F41424344464748494B4C4D4E
+PT=94959293F5FAFBF81F1E1D1C7C7F7E79
+CT=4E8F068BD7EDE52A639036EC86C33568
+
+I=75
+KEY=50515253555657585A5B5C5D5F60616264656667696A6B6C
+PT=BEBFBCBD191A1B14CFCEC9C8546B6A69
+CT=F0193C4D7AFF1791EE4C07EB4A1824FC
+
+I=76
+KEY=6E6F70717374757678797A7B7D7E7F80828384858788898A
+PT=2C2D3233898E8F8CBBBAB9B8333031CE
+CT=AC8686EECA9BA761AFE82D67B928C33F
+
+I=77
+KEY=8C8D8E8F91929394969798999B9C9D9EA0A1A2A3A5A6A7A8
+PT=84858687BFBCBDBA37363938FDFAFBF8
+CT=5FAF8573E33B145B6A369CD3606AB2C9
+
+I=78
+KEY=AAABACADAFB0B1B2B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=828384857669686B909192930B08090E
+CT=31587E9944AB1C16B844ECAD0DF2E7DA
+
+I=79
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4
+PT=BEBFBCBD9695948B707176779E919093
+CT=D017FECD91148ABA37F6F3068AA67D8A
+
+I=80
+KEY=E6E7E8E9EBECEDEEF0F1F2F3F5F6F7F8FAFBFCFDFE010002
+PT=8B8A85846067666521202322D0D3D2DD
+CT=788EF2F021A73CBA2794B616078A8500
+
+I=81
+KEY=04050607090A0B0C0E0F10111314151618191A1B1D1E1F20
+PT=76777475F1F2F3F4F8F9E6E777707172
+CT=5D1EF20DCED6BCBC12131AC7C54788AA
+
+I=82
+KEY=222324252728292A2C2D2E2F31323334363738393B3C3D3E
+PT=A4A5A2A34F404142B4B5B6B727242522
+CT=B3C8CF961FAF9EA05FDDE6D1E4D8F663
+
+I=83
+KEY=40414243454647484A4B4C4D4F50515254555657595A5B5C
+PT=94959697E1E2E3EC16171011839C9D9E
+CT=143075C70605861C7FAC6526199E459F
+
+I=84
+KEY=5E5F60616364656668696A6B6D6E6F70727374757778797A
+PT=03023D3C06010003DEDFDCDDFFFCFDE2
+CT=A5AE12EADE9A87268D898BFC8FC0252A
+
+I=85
+KEY=7C7D7E7F81828384868788898B8C8D8E9091929395969798
+PT=10111213F1F2F3F4CECFC0C1DBDCDDDE
+CT=0924F7CF2E877A4819F5244A360DCEA9
+
+I=86
+KEY=9A9B9C9D9FA0A1A2A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=67666160724D4C4F1D1C1F1E73707176
+CT=3D9E9635AFCC3E291CC7AB3F27D1C99A
+
+I=87
+KEY=B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CACCCDCECFD1D2D3D4
+PT=E6E7E4E5A8ABAAD584858283909F9E9D
+CT=9D80FEEBF87510E2B8FB98BB54FD788C
+
+I=88
+KEY=D6D7D8D9DBDCDDDEE0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2
+PT=71707F7E565150537D7C7F7E6162636C
+CT=5F9D1A082A1A37985F174002ECA01309
+
+I=89
+KEY=F4F5F6F7F9FAFBFCFEFE01010304050608090A0B0D0E0F10
+PT=64656667212223245555AAAA03040506
+CT=A390EBB1D1403930184A44B4876646E4
+
+I=90
+KEY=121314151718191A1C1D1E1F21222324262728292B2C2D2E
+PT=9E9F9899ABA4A5A6CFCECDCC2B28292E
+CT=700FE918981C3195BB6C4BCB46B74E29
+
+I=91
+KEY=30313233353637383A3B3C3D3F40414244454647494A4B4C
+PT=C7C6C5C4D1D2D3DC626364653A454447
+CT=907984406F7BF2D17FB1EB15B673D747
+
+I=92
+KEY=4E4F50515354555658595A5B5D5E5F60626364656768696A
+PT=F6F7E8E9E0E7E6E51D1C1F1E5B585966
+CT=C32A956DCFC875C2AC7C7CC8B8CC26E1
+
+I=93
+KEY=6C6D6E6F71727374767778797B7C7D7E8081828385868788
+PT=BCBDBEBF5D5E5F5868696667F4F3F2F1
+CT=02646E2EBFA9B820CF8424E9B9B6EB51
+
+I=94
+KEY=8A8B8C8D8F90919294959697999A9B9C9E9FA0A1A3A4A5A6
+PT=40414647B0AFAEAD9B9A99989B98999E
+CT=621FDA3A5BBD54C6D3C685816BD4EAD8
+
+I=95
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BABCBDBEBFC1C2C3C4
+PT=69686B6A0201001F0F0E0908B4BBBAB9
+CT=D4E216040426DFAF18B152469BC5AC2F
+
+I=96
+KEY=C6C7C8C9CBCCCDCED0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2
+PT=C7C6C9C8D8DFDEDD5A5B5859BEBDBCB3
+CT=9D0635B9D33B6CDBD71F5D246EA17CC8
+
+I=97
+KEY=E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6F8F9FAFBFDFEFE00
+PT=DEDFDCDD787B7A7DFFFEE1E0B2B5B4B7
+CT=10ABAD1BD9BAE5448808765583A2CC1A
+
+I=98
+KEY=020304050708090A0C0D0E0F11121314161718191B1C1D1E
+PT=4D4C4B4A606F6E6DD0D1D2D3FBF8F9FE
+CT=6891889E16544E355FF65A793C39C9A8
+
+I=99
+KEY=20212223252627282A2B2C2D2F30313234353637393A3B3C
+PT=B7B6B5B4D7D4D5DAE5E4E3E2E1FEFFFC
+CT=CC735582E68072C163CD9DDF46B91279
+
+I=100
+KEY=3E3F40414344454648494A4B4D4E4F50525354555758595A
+PT=CECFB0B1F7F0F1F2AEAFACAD3E3D3C23
+CT=C5C68B9AEEB7F878DF578EFA562F9574
+
+I=101
+KEY=5C5D5E5F61626364666768696B6C6D6E7071727375767778
+PT=CACBC8C9CDCECFC812131C1D494E4F4C
+CT=5F4764395A667A47D73452955D0D2CE8
+
+I=102
+KEY=7A7B7C7D7F80818284858687898A8B8C8E8F909193949596
+PT=9D9C9B9AD22D2C2FB1B0B3B20C0F0E09
+CT=701448331F66106CEFDDF1EB8267C357
+
+I=103
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AAACADAEAFB1B2B3B4
+PT=7A7B787964676659959493924F404142
+CT=CB3EE56D2E14B4E1941666F13379D657
+
+I=104
+KEY=B6B7B8B9BBBCBDBEC0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2
+PT=AAABA4A5CEC9C8CB1F1E1D1CABA8A9A6
+CT=9FE16EFD18AB6E1981191851FEDB0764
+
+I=105
+KEY=D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6E8E9EAEBEDEEEFF0
+PT=93929190282B2A2DC4C5FAFB92959497
+CT=3DC9BA24E1B223589B147ADCEB4C8E48
+
+I=106
+KEY=F2F3F4F5F7F8F9FAFCFDFEFF01020304060708090B0C0D0E
+PT=EFEEE9E8DED1D0D339383B3A888B8A8D
+CT=1C333032682E7D4DE5E5AFC05C3E483C
+
+I=107
+KEY=10111213151617181A1B1C1D1F20212224252627292A2B2C
+PT=7F7E7D7CA2A1A0AF78797E7F112E2F2C
+CT=D593CC99A95AFEF7E92038E05A59D00A
+
+I=108
+KEY=2E2F30313334353638393A3B3D3E3F40424344454748494A
+PT=84859A9B2B2C2D2E868784852625245B
+CT=51E7F96F53B4353923452C222134E1EC
+
+I=109
+KEY=4C4D4E4F51525354565758595B5C5D5E6061626365666768
+PT=B0B1B2B3070405026869666710171615
+CT=4075B357A1A2B473400C3B25F32F81A4
+
+I=110
+KEY=6A6B6C6D6F70717274757677797A7B7C7E7F808183848586
+PT=ACADAAABBDA2A3A00D0C0F0E595A5B5C
+CT=302E341A3EBCD74F0D55F61714570284
+
+I=111
+KEY=88898A8B8D8E8F90929394959798999A9C9D9E9FA1A2A3A4
+PT=121310115655544B5253545569666764
+CT=57ABDD8231280DA01C5042B78CF76522
+
+I=112
+KEY=A6A7A8A9ABACADAEB0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2
+PT=DEDFD0D166616063EAEBE8E94142434C
+CT=17F9EA7EEA17AC1ADF0E190FEF799E92
+
+I=113
+KEY=C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6D8D9DADBDDDEDFE0
+PT=DBDAD9D81417161166677879E0E7E6E5
+CT=2E1BDD563DD87EE5C338DD6D098D0A7A
+
+I=114
+KEY=E2E3E4E5E7E8E9EAECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=6A6B6C6DE0EFEEED2B2A2928C0C3C2C5
+CT=EB869996E6F8BFB2BFDD9E0C4504DBB2
+
+I=115
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C
+PT=B1B0B3B21714151A1A1B1C1D5649484B
+CT=C2E01549E9DECF317468B3E018C61BA8
+
+I=116
+KEY=1E1F20212324252628292A2B2D2E2F30323334353738393A
+PT=39380706A3A4A5A6C4C5C6C77271706F
+CT=8DA875D033C01DD463B244A1770F4A22
+
+I=117
+KEY=3C3D3E3F41424344464748494B4C4D4E5051525355565758
+PT=5C5D5E5F1013121539383736E2E5E4E7
+CT=8BA0DCF3A186844F026D022F8839D696
+
+I=118
+KEY=5A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=43424544EAD5D4D72E2F2C2D64676661
+CT=E9691FF9A6CC6970E51670A0FD5B88C1
+
+I=119
+KEY=78797A7B7D7E7F80828384858788898A8C8D8E8F91929394
+PT=55545756989B9A65F8F9FEFF18171615
+CT=F2BAEC06FAEED30F88EE63BA081A6E5B
+
+I=120
+KEY=969798999B9C9D9EA0A1A2A3A5A6A7A8AAABACADAFB0B1B2
+PT=05040B0A525554573C3D3E3F4A494847
+CT=9C39D4C459AE5753394D6094ADC21E78
+
+I=121
+KEY=B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6C8C9CACBCDCECFD0
+PT=14151617595A5B5C8584FBFA8E89888B
+CT=6345B532A11904502EA43BA99C6BD2B2
+
+I=122
+KEY=D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=7C7D7A7BFDF2F3F029282B2A51525354
+CT=5FFAE3061A95172E4070CEDCE1E428C8
+
+I=123
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE01000204050607090A0B0C
+PT=38393A3B1E1D1C1341404746C23D3C3E
+CT=0A4566BE4CDF9ADCE5DEC865B5AB34CD
+
+I=124
+KEY=0E0F10111314151618191A1B1D1E1F20222324252728292A
+PT=8D8C939240474645818083827C7F7E41
+CT=CA17FCCE79B7404F2559B22928F126FB
+
+I=125
+KEY=2C2D2E2F31323334363738393B3C3D3E4041424345464748
+PT=3B3A39381A19181F32333C3D45424340
+CT=97CA39B849ED73A6470A97C821D82F58
+
+I=126
+KEY=4A4B4C4D4F50515254555657595A5B5C5E5F606163646566
+PT=F0F1F6F738272625828380817F7C7D7A
+CT=8198CB06BC684C6D3E9B7989428DCF7A
+
+I=127
+KEY=68696A6B6D6E6F70727374757778797A7C7D7E7F81828384
+PT=89888B8A0407061966676061141B1A19
+CT=F53C464C705EE0F28D9A4C59374928BD
+
+I=128
+KEY=868788898B8C8D8E90919293959697989A9B9C9D9FA0A1A2
+PT=D3D2DDDCAAADACAF9C9D9E9FE8EBEAE5
+CT=9ADB3D4CCA559BB98C3E2ED73DBF1154
+
+==========
+
+KEYSIZE=256
+
+
+I=1
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C1E1F202123242526
+PT=834EADFCCAC7E1B30664B1ABA44815AB
+CT=1946DABF6A03A2A2C3D0B05080AED6FC
+
+I=2
+KEY=28292A2B2D2E2F30323334353738393A3C3D3E3F41424344464748494B4C4D4E
+PT=D9DC4DBA3021B05D67C0518F72B62BF1
+CT=5ED301D747D3CC715445EBDEC62F2FB4
+
+I=3
+KEY=50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=A291D86301A4A739F7392173AA3C604C
+CT=6585C8F43D13A6BEAB6419FC5935B9D0
+
+I=4
+KEY=78797A7B7D7E7F80828384858788898A8C8D8E8F91929394969798999B9C9D9E
+PT=4264B2696498DE4DF79788A9F83E9390
+CT=2A5B56A596680FCC0E05F5E0F151ECAE
+
+I=5
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=EE9932B3721804D5A83EF5949245B6F6
+CT=F5D6FF414FD2C6181494D20C37F2B8C4
+
+I=6
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=E6248F55C5FDCBCA9CBBB01C88A2EA77
+CT=85399C01F59FFFB5204F19F8482F00B8
+
+I=7
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE01000204050607090A0B0C0E0F101113141516
+PT=B8358E41B9DFF65FD461D55A99266247
+CT=92097B4C88A041DDF98144BC8D22E8E7
+
+I=8
+KEY=18191A1B1D1E1F20222324252728292A2C2D2E2F31323334363738393B3C3D3E
+PT=F0E2D72260AF58E21E015AB3A4C0D906
+CT=89BD5B73B356AB412AEF9F76CEA2D65C
+
+I=9
+KEY=40414243454647484A4B4C4D4F50515254555657595A5B5C5E5F606163646566
+PT=475B8B823CE8893DB3C44A9F2A379FF7
+CT=2536969093C55FF9454692F2FAC2F530
+
+I=10
+KEY=68696A6B6D6E6F70727374757778797A7C7D7E7F81828384868788898B8C8D8E
+PT=688F5281945812862F5F3076CF80412F
+CT=07FC76A872843F3F6E0081EE9396D637
+
+I=11
+KEY=90919293959697989A9B9C9D9FA0A1A2A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=08D1D2BC750AF553365D35E75AFACEAA
+CT=E38BA8EC2AA741358DCC93E8F141C491
+
+I=12
+KEY=B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CACCCDCECFD1D2D3D4D6D7D8D9DBDCDDDE
+PT=8707121F47CC3EFCECA5F9A8474950A1
+CT=D028EE23E4A89075D0B03E868D7D3A42
+
+I=13
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2F4F5F6F7F9FAFBFCFEFE010103040506
+PT=E51AA0B135DBA566939C3B6359A980C5
+CT=8CD9423DFC459E547155C5D1D522E540
+
+I=14
+KEY=08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
+PT=069A007FC76A459F98BAF917FEDF9521
+CT=080E9517EB1677719ACF728086040AE3
+
+I=15
+KEY=30313233353637383A3B3C3D3F40414244454647494A4B4C4E4F505153545556
+PT=726165C1723FBCF6C026D7D00B091027
+CT=7C1700211A3991FC0ECDED0AB3E576B0
+
+I=16
+KEY=58595A5B5D5E5F60626364656768696A6C6D6E6F71727374767778797B7C7D7E
+PT=D7C544DE91D55CFCDE1F84CA382200CE
+CT=DABCBCC855839251DB51E224FBE87435
+
+I=17
+KEY=80818283858687888A8B8C8D8F90919294959697999A9B9C9E9FA0A1A3A4A5A6
+PT=FED3C9A161B9B5B2BD611B41DC9DA357
+CT=68D56FAD0406947A4DD27A7448C10F1D
+
+I=18
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BABCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCE
+PT=4F634CDC6551043409F30B635832CF82
+CT=DA9A11479844D1FFEE24BBF3719A9925
+
+I=19
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=109CE98DB0DFB36734D9F3394711B4E6
+CT=5E4BA572F8D23E738DA9B05BA24B8D81
+
+I=20
+KEY=70717273757677787A7B7C7D7F80818284858687898A8B8C8E8F909193949596
+PT=4EA6DFABA2D8A02FFDFFA89835987242
+CT=A115A2065D667E3F0B883837A6E903F8
+
+I=21
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AAACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=5AE094F54AF58E6E3CDBF976DAC6D9EF
+CT=3E9E90DC33EAC2437D86AD30B137E66E
+
+I=22
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=764D8E8E0F29926DBE5122E66354FDBE
+CT=01CE82D8FBCDAE824CB3C48E495C3692
+
+I=23
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FAFCFDFEFF01020304060708090B0C0D0E
+PT=3F0418F888CDF29A982BF6B75410D6A9
+CT=0C9CFF163CE936FAAF083CFD3DEA3117
+
+I=24
+KEY=10111213151617181A1B1C1D1F20212224252627292A2B2C2E2F303133343536
+PT=E4A3E7CB12CDD56AA4A75197A9530220
+CT=5131BA9BD48F2BBA85560680DF504B52
+
+I=25
+KEY=38393A3B3D3E3F40424344454748494A4C4D4E4F51525354565758595B5C5D5E
+PT=211677684AAC1EC1A160F44C4EBF3F26
+CT=9DC503BBF09823AEC8A977A5AD26CCB2
+
+I=26
+KEY=60616263656667686A6B6C6D6F70717274757677797A7B7C7E7F808183848586
+PT=D21E439FF749AC8F18D6D4B105E03895
+CT=9A6DB0C0862E506A9E397225884041D7
+
+I=27
+KEY=88898A8B8D8E8F90929394959798999A9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=D9F6FF44646C4725BD4C0103FF5552A7
+CT=430BF9570804185E1AB6365FC6A6860C
+
+I=28
+KEY=B0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=0B1256C2A00B976250CFC5B0C37ED382
+CT=3525EBC02F4886E6A5A3762813E8CE8A
+
+I=29
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EAECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=B056447FFC6DC4523A36CC2E972A3A79
+CT=07FA265C763779CCE224C7BAD671027B
+
+I=30
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C1E1F202123242526
+PT=5E25CA78F0DE55802524D38DA3FE4456
+CT=E8B72B4E8BE243438C9FFF1F0E205872
+
+I=31
+KEY=28292A2B2D2E2F30323334353738393A3C3D3E3F41424344464748494B4C4D4E
+PT=A5BCF4728FA5EAAD8567C0DC24675F83
+CT=109D4F999A0E11ACE1F05E6B22CBCB50
+
+I=32
+KEY=50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=814E59F97ED84646B78B2CA022E9CA43
+CT=45A5E8D4C3ED58403FF08D68A0CC4029
+
+I=33
+KEY=78797A7B7D7E7F80828384858788898A8C8D8E8F91929394969798999B9C9D9E
+PT=15478BEEC58F4775C7A7F5D4395514D7
+CT=196865964DB3D417B6BD4D586BCB7634
+
+I=34
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=253548FFCA461C67C8CBC78CD59F4756
+CT=60436AD45AC7D30D99195F815D98D2AE
+
+I=35
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=FD7AD8D73B9B0F8CC41600640F503D65
+CT=BB07A23F0B61014B197620C185E2CD75
+
+I=36
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE01000204050607090A0B0C0E0F101113141516
+PT=06199DE52C6CBF8AF954CD65830BCD56
+CT=5BC0B2850129C854423AFF0751FE343B
+
+I=37
+KEY=18191A1B1D1E1F20222324252728292A2C2D2E2F31323334363738393B3C3D3E
+PT=F17C4FFE48E44C61BD891E257E725794
+CT=7541A78F96738E6417D2A24BD2BECA40
+
+I=38
+KEY=40414243454647484A4B4C4D4F50515254555657595A5B5C5E5F606163646566
+PT=9A5B4A402A3E8A59BE6BF5CD8154F029
+CT=B0A303054412882E464591F1546C5B9E
+
+I=39
+KEY=68696A6B6D6E6F70727374757778797A7C7D7E7F81828384868788898B8C8D8E
+PT=79BD40B91A7E07DC939D441782AE6B17
+CT=778C06D8A355EEEE214FCEA14B4E0EEF
+
+I=40
+KEY=90919293959697989A9B9C9D9FA0A1A2A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=D8CEAAF8976E5FBE1012D8C84F323799
+CT=09614206D15CBACE63227D06DB6BEEBB
+
+I=41
+KEY=B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CACCCDCECFD1D2D3D4D6D7D8D9DBDCDDDE
+PT=3316E2751E2E388B083DA23DD6AC3FBE
+CT=41B97FB20E427A9FDBBB358D9262255D
+
+I=42
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2F4F5F6F7F9FAFBFCFEFE010103040506
+PT=8B7CFBE37DE7DCA793521819242C5816
+CT=C1940F703D845F957652C2D64ABD7ADF
+
+I=43
+KEY=08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
+PT=F23F033C0EEBF8EC55752662FD58CE68
+CT=D2D44FCDAE5332343366DB297EFCF21B
+
+I=44
+KEY=30313233353637383A3B3C3D3F40414244454647494A4B4C4E4F505153545556
+PT=59EB34F6C8BDBACC5FC6AD73A59A1301
+CT=EA8196B79DBE167B6AA9896E287EED2B
+
+I=45
+KEY=58595A5B5D5E5F60626364656768696A6C6D6E6F71727374767778797B7C7D7E
+PT=DCDE8B6BD5CF7CC22D9505E3CE81261A
+CT=D6B0B0C4BA6C7DBE5ED467A1E3F06C2D
+
+I=46
+KEY=80818283858687888A8B8C8D8F90919294959697999A9B9C9E9FA0A1A3A4A5A6
+PT=E33CF7E524FED781E7042FF9F4B35DC7
+CT=EC51EB295250C22C2FB01816FB72BCAE
+
+I=47
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BABCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCE
+PT=27963C8FACDF73062867D164DF6D064C
+CT=ADED6630A07CE9C7408A155D3BD0D36F
+
+I=48
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=77B1CE386B551B995F2F2A1DA994EEF8
+CT=697C9245B9937F32F5D1C82319F0363A
+
+I=49
+KEY=F8F9FAFBFDFEFE00020304050708090A0C0D0E0F11121314161718191B1C1D1E
+PT=F083388B013679EFCF0BB9B15D52AE5C
+CT=AAD5AD50C6262AAEC30541A1B7B5B19C
+
+I=50
+KEY=20212223252627282A2B2C2D2F30313234353637393A3B3C3E3F404143444546
+PT=C5009E0DAB55DB0ABDB636F2600290C8
+CT=7D34B893855341EC625BD6875AC18C0D
+
+I=51
+KEY=48494A4B4D4E4F50525354555758595A5C5D5E5F61626364666768696B6C6D6E
+PT=7804881E26CD532D8514D3683F00F1B9
+CT=7EF05105440F83862F5D780E88F02B41
+
+I=52
+KEY=70717273757677787A7B7C7D7F80818284858687898A8B8C8E8F909193949596
+PT=46CDDCD73D1EB53E675CA012870A92A3
+CT=C377C06403382061AF2C9C93A8E70DF6
+
+I=53
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AAACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=A9FB44062BB07FE130A8E8299EACB1AB
+CT=1DBDB3FFDC052DACC83318853ABC6DE5
+
+I=54
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=2B6FF8D7A5CC3A28A22D5A6F221AF26B
+CT=69A6EAB00432517D0BF483C91C0963C7
+
+I=55
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FAFCFDFEFF01020304060708090B0C0D0E
+PT=1A9527C29B8ADD4B0E3E656DBB2AF8B4
+CT=0797F41DC217C80446E1D514BD6AB197
+
+I=56
+KEY=10111213151617181A1B1C1D1F20212224252627292A2B2C2E2F303133343536
+PT=7F99CF2C75244DF015EB4B0C1050AEAE
+CT=9DFD76575902A637C01343C58E011A03
+
+I=57
+KEY=38393A3B3D3E3F40424344454748494A4C4D4E4F51525354565758595B5C5D5E
+PT=E84FF85B0D9454071909C1381646C4ED
+CT=ACF4328AE78F34B9FA9B459747CC2658
+
+I=58
+KEY=60616263656667686A6B6C6D6F70717274757677797A7B7C7E7F808183848586
+PT=89AFD40F99521280D5399B12404F6DB4
+CT=B0479AEA12BAC4FE2384CF98995150C6
+
+I=59
+KEY=88898A8B8D8E8F90929394959798999A9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=A09EF32DBC5119A35AB7FA38656F0329
+CT=9DD52789EFE3FFB99F33B3DA5030109A
+
+I=60
+KEY=B0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=61773457F068C376C7829B93E696E716
+CT=ABBB755E4621EF8F1214C19F649FB9FD
+
+I=61
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EAECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=A34F0CAE726CCE41DD498747D891B967
+CT=DA27FB8174357BCE2BED0E7354F380F9
+
+I=62
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C1E1F202123242526
+PT=856F59496C7388EE2D2B1A27B7697847
+CT=C59A0663F0993838F6E5856593BDC5EF
+
+I=63
+KEY=28292A2B2D2E2F30323334353738393A3C3D3E3F41424344464748494B4C4D4E
+PT=CB090C593EF7720BD95908FB93B49DF4
+CT=ED60B264B5213E831607A99C0CE5E57E
+
+I=64
+KEY=50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=A0AC75CD2F1923D460FC4D457AD95BAF
+CT=E50548746846F3EB77B8C520640884ED
+
+I=65
+KEY=78797A7B7D7E7F80828384858788898A8C8D8E8F91929394969798999B9C9D9E
+PT=2A2B282974777689E8E9EEEF525D5C5F
+CT=28282CC7D21D6A2923641E52D188EF0C
+
+I=66
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=909192939390919E0F0E09089788898A
+CT=0DFA5B02ABB18E5A815305216D6D4F8E
+
+I=67
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=777675748D8E8F907170777649464744
+CT=7359635C0EECEFE31D673395FB46FB99
+
+I=68
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE01000204050607090A0B0C0E0F101113141516
+PT=717073720605040B2D2C2B2A05FAFBF9
+CT=73C679F7D5AEF2745C9737BB4C47FB36
+
+I=69
+KEY=18191A1B1D1E1F20222324252728292A2C2D2E2F31323334363738393B3C3D3E
+PT=64656667FEFDFCC31B1A1D1CA5AAABA8
+CT=B192BD472A4D2EAFB786E97458967626
+
+I=70
+KEY=40414243454647484A4B4C4D4F50515254555657595A5B5C5E5F606163646566
+PT=DBDAD9D86A696867B5B4B3B2C8D7D6D5
+CT=0EC327F6C8A2B147598CA3FDE61DC6A4
+
+I=71
+KEY=68696A6B6D6E6F70727374757778797A7C7D7E7F81828384868788898B8C8D8E
+PT=5C5D5E5FE3E0E1FE31303736333C3D3E
+CT=FC418EB3C41B859B38D4B6F646629729
+
+I=72
+KEY=90919293959697989A9B9C9D9FA0A1A2A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=545556574B48494673727574546B6A69
+CT=30249E5AC282B1C981EA64B609F3A154
+
+I=73
+KEY=B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CACCCDCECFD1D2D3D4D6D7D8D9DBDCDDDE
+PT=ECEDEEEFC6C5C4BB56575051F5FAFBF8
+CT=5E6E08646D12150776BB43C2D78A9703
+
+I=74
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2F4F5F6F7F9FAFBFCFEFE010103040506
+PT=464744452724252AC9C8CFCED2CDCCCF
+CT=FAEB3D5DE652CD3447DCEB343F30394A
+
+I=75
+KEY=08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
+PT=E6E7E4E54142435C878681801C131211
+CT=A8E88706823F6993EF80D05C1C7B2CF0
+
+I=76
+KEY=30313233353637383A3B3C3D3F40414244454647494A4B4C4E4F505153545556
+PT=72737071CFCCCDC2F9F8FFFE710E0F0C
+CT=8CED86677E6E00A1A1B15968F2D3CCE6
+
+I=77
+KEY=58595A5B5D5E5F60626364656768696A6C6D6E6F71727374767778797B7C7D7E
+PT=505152537370714EC3C2C5C4010E0F0C
+CT=9FC7C23858BE03BDEBB84E90DB6786A9
+
+I=78
+KEY=80818283858687888A8B8C8D8F90919294959697999A9B9C9E9FA0A1A3A4A5A6
+PT=A8A9AAAB5C5F5E51AEAFA8A93D222320
+CT=B4FBD65B33F70D8CF7F1111AC4649C36
+
+I=79
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BABCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCE
+PT=DEDFDCDDF6F5F4EB10111617FEF1F0F3
+CT=C5C32D5ED03C4B53CC8C1BD0EF0DBBF6
+
+I=80
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=BDBCBFBE5E5D5C530B0A0D0CFAC5C4C7
+CT=D1A7F03B773E5C212464B63709C6A891
+
+I=81
+KEY=F8F9FAFBFDFEFE00020304050708090A0C0D0E0F11121314161718191B1C1D1E
+PT=8A8B8889050606F8F4F5F2F3636C6D6E
+CT=6B7161D8745947AC6950438EA138D028
+
+I=82
+KEY=20212223252627282A2B2C2D2F30313234353637393A3B3C3E3F404143444546
+PT=A6A7A4A54D4E4F40B2B3B4B539262724
+CT=FD47A9F7E366EE7A09BC508B00460661
+
+I=83
+KEY=48494A4B4D4E4F50525354555758595A5C5D5E5F61626364666768696B6C6D6E
+PT=9C9D9E9FE9EAEBF40E0F08099B949596
+CT=00D40B003DC3A0D9310B659B98C7E416
+
+I=84
+KEY=70717273757677787A7B7C7D7F80818284858687898A8B8C8E8F909193949596
+PT=2D2C2F2E1013121DCCCDCACBED121310
+CT=EEA4C79DCC8E2BDA691F20AC48BE0717
+
+I=85
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AAACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=F4F5F6F7EDEEEFD0EAEBECEDF7F8F9FA
+CT=E78F43B11C204403E5751F89D05A2509
+
+I=86
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=3D3C3F3E282B2A2573727574150A0B08
+CT=D0F0E3D1F1244BB979931E38DD1786EF
+
+I=87
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FAFCFDFEFF01020304060708090B0C0D0E
+PT=B6B7B4B5F8FBFAE5B4B5B2B3A0AFAEAD
+CT=042E639DC4E1E4DDE7B75B749EA6F765
+
+I=88
+KEY=10111213151617181A1B1C1D1F20212224252627292A2B2C2E2F303133343536
+PT=B7B6B5B4989B9A95878681809BA4A5A6
+CT=BC032FDD0EFE29503A980A7D07AB46A8
+
+I=89
+KEY=38393A3B3D3E3F40424344454748494A4C4D4E4F51525354565758595B5C5D5E
+PT=A8A9AAABE5E6E798E9E8EFEE4748494A
+CT=0C93AC949C0DA6446EFFB86183B6C910
+
+I=90
+KEY=60616263656667686A6B6C6D6F70717274757677797A7B7C7E7F808183848586
+PT=ECEDEEEFD9DADBD4B9B8BFBE657A7B78
+CT=E0D343E14DA75C917B4A5CEC4810D7C2
+
+I=91
+KEY=88898A8B8D8E8F90929394959798999A9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=7F7E7D7C696A6B74CACBCCCD929D9C9F
+CT=0EAFB821748408279B937B626792E619
+
+I=92
+KEY=B0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=08090A0B0605040BFFFEF9F8B9C6C7C4
+CT=FA1AC6E02D23B106A1FEF18B274A553F
+
+I=93
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EAECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=08090A0BF1F2F3CCFCFDFAFB68676665
+CT=0DADFE019CD12368075507DF33C1A1E9
+
+I=94
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C1E1F202123242526
+PT=CACBC8C93A393837050403020D121310
+CT=3A0879B414465D9FFBAF86B33A63A1B9
+
+I=95
+KEY=28292A2B2D2E2F30323334353738393A3C3D3E3F41424344464748494B4C4D4E
+PT=E9E8EBEA8281809F8F8E8988343B3A39
+CT=62199FADC76D0BE1805D3BA0B7D914BF
+
+I=96
+KEY=50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=515053524645444BD0D1D6D7340B0A09
+CT=1B06D6C5D333E742730130CF78E719B4
+
+I=97
+KEY=78797A7B7D7E7F80828384858788898A8C8D8E8F91929394969798999B9C9D9E
+PT=42434041ECEFEE1193929594C6C9C8CB
+CT=F1F848824C32E9DCDCBF21580F069329
+
+I=98
+KEY=A0A1A2A3A5A6A7A8AAABACADAFB0B1B2B4B5B6B7B9BABBBCBEBFC0C1C3C4C5C6
+PT=EFEEEDECC2C1C0CF76777071455A5B58
+CT=1A09050CBD684F784D8E965E0782F28A
+
+I=99
+KEY=C8C9CACBCDCECFD0D2D3D4D5D7D8D9DADCDDDEDFE1E2E3E4E6E7E8E9EBECEDEE
+PT=5F5E5D5C3F3C3D221D1C1B1A19161714
+CT=79C2969E7DED2BA7D088F3F320692360
+
+I=100
+KEY=F0F1F2F3F5F6F7F8FAFBFCFDFE01000204050607090A0B0C0E0F101113141516
+PT=000102034142434C1C1D1A1B8D727371
+CT=091A658A2F7444C16ACCB669450C7B63
+
+I=101
+KEY=18191A1B1D1E1F20222324252728292A2C2D2E2F31323334363738393B3C3D3E
+PT=8E8F8C8DB1B2B38C56575051050A0B08
+CT=97C1E3A72CCA65FA977D5ED0E8A7BBFC
+
+I=102
+KEY=40414243454647484A4B4C4D4F50515254555657595A5B5C5E5F606163646566
+PT=A7A6A5A4E8EBEAE57F7E7978CAD5D4D7
+CT=70C430C6DB9A17828937305A2DF91A2A
+
+I=103
+KEY=68696A6B6D6E6F70727374757778797A7C7D7E7F81828384868788898B8C8D8E
+PT=8A8B888994979689454443429F909192
+CT=629553457FBE2479098571C7C903FDE8
+
+I=104
+KEY=90919293959697989A9B9C9D9FA0A1A2A4A5A6A7A9AAABACAEAFB0B1B3B4B5B6
+PT=8C8D8E8FE0E3E2ED45444342F1CECFCC
+CT=A25B25A61F612669E7D91265C7D476BA
+
+I=105
+KEY=B8B9BABBBDBEBFC0C2C3C4C5C7C8C9CACCCDCECFD1D2D3D4D6D7D8D9DBDCDDDE
+PT=FFFEFDFC4C4F4E31D8D9DEDFB6B9B8BB
+CT=EB7E4E49B8AE0F024570DDA293254FED
+
+I=106
+KEY=E0E1E2E3E5E6E7E8EAEBECEDEFF0F1F2F4F5F6F7F9FAFBFCFEFE010103040506
+PT=FDFCFFFECCCFCEC12F2E29286679787B
+CT=38FE15D61CCA84516E924ADCE5014F67
+
+I=107
+KEY=08090A0B0D0E0F10121314151718191A1C1D1E1F21222324262728292B2C2D2E
+PT=67666564BAB9B8A77071767719161714
+CT=3AD208492249108C9F3EBEB167AD0583
+
+I=108
+KEY=30313233353637383A3B3C3D3F40414244454647494A4B4C4E4F505153545556
+PT=9A9B98992D2E2F2084858283245B5A59
+CT=299BA9F9BF5AB05C3580FC26EDD1ED12
+
+I=109
+KEY=58595A5B5D5E5F60626364656768696A6C6D6E6F71727374767778797B7C7D7E
+PT=A4A5A6A70B0809365C5D5A5B2C232221
+CT=19DC705B857A60FB07717B2EA5717781
+
+I=110
+KEY=80818283858687888A8B8C8D8F90919294959697999A9B9C9E9FA0A1A3A4A5A6
+PT=464744455754555AF3F2F5F4AFB0B1B2
+CT=FFC8AEB885B5EFCAD06B6DBEBF92E76B
+
+I=111
+KEY=A8A9AAABADAEAFB0B2B3B4B5B7B8B9BABCBDBEBFC1C2C3C4C6C7C8C9CBCCCDCE
+PT=323330317675746B7273747549464744
+CT=F58900C5E0B385253FF2546250A0142B
+
+I=112
+KEY=D0D1D2D3D5D6D7D8DADBDCDDDFE0E1E2E4E5E6E7E9EAEBECEEEFF0F1F3F4F5F6
+PT=A8A9AAAB181B1A15808186872B141516
+CT=2EE67B56280BC462429CEE6E3370CBC1
+
+I=113
+KEY=F8F9FAFBFDFEFE00020304050708090A0C0D0E0F11121314161718191B1C1D1E
+PT=E7E6E5E4202323DDAAABACAD343B3A39
+CT=20DB650A9C8E9A84AB4D25F7EDC8F03F
+
+I=114
+KEY=20212223252627282A2B2C2D2F30313234353637393A3B3C3E3F404143444546
+PT=A8A9AAAB2221202FEDECEBEA1E010003
+CT=3C36DA169525CF818843805F25B78AE5
+
+I=115
+KEY=48494A4B4D4E4F50525354555758595A5C5D5E5F61626364666768696B6C6D6E
+PT=F9F8FBFA5F5C5D42424344450E010003
+CT=9A781D960DB9E45E37779042FEA51922
+
+I=116
+KEY=70717273757677787A7B7C7D7F80818284858687898A8B8C8E8F909193949596
+PT=57565554F5F6F7F89697909120DFDEDD
+CT=6560395EC269C672A3C288226EFDBA77
+
+I=117
+KEY=98999A9B9D9E9FA0A2A3A4A5A7A8A9AAACADAEAFB1B2B3B4B6B7B8B9BBBCBDBE
+PT=F8F9FAFBCCCFCEF1DDDCDBDA0E010003
+CT=8C772B7A189AC544453D5916EBB27B9A
+
+I=118
+KEY=C0C1C2C3C5C6C7C8CACBCCCDCFD0D1D2D4D5D6D7D9DADBDCDEDFE0E1E3E4E5E6
+PT=D9D8DBDA7073727D80818687C2DDDCDF
+CT=77CA5468CC48E843D05F78EED9D6578F
+
+I=119
+KEY=E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FAFCFDFEFF01020304060708090B0C0D0E
+PT=C5C4C7C6080B0A1588898E8F68676665
+CT=72CDCC71DC82C60D4429C9E2D8195BAA
+
+I=120
+KEY=10111213151617181A1B1C1D1F20212224252627292A2B2C2E2F303133343536
+PT=83828180DCDFDED186878081F0CFCECD
+CT=8080D68CE60E94B40B5B8B69EEB35AFA
+
+I=121
+KEY=38393A3B3D3E3F40424344454748494A4C4D4E4F51525354565758595B5C5D5E
+PT=98999A9BDDDEDFA079787F7E0A050407
+CT=44222D3CDE299C04369D58AC0EBA1E8E
+
+I=122
+KEY=60616263656667686A6B6C6D6F70717274757677797A7B7C7E7F808183848586
+PT=CECFCCCD4F4C4D429F9E9998DFC0C1C2
+CT=9B8721B0A8DFC691C5BC5885DBFCB27A
+
+I=123
+KEY=88898A8B8D8E8F90929394959798999A9C9D9E9FA1A2A3A4A6A7A8A9ABACADAE
+PT=404142436665647B29282F2EABA4A5A6
+CT=0DC015CE9A3A3414B5E62EC643384183
+
+I=124
+KEY=B0B1B2B3B5B6B7B8BABBBCBDBFC0C1C2C4C5C6C7C9CACBCCCECFD0D1D3D4D5D6
+PT=33323130E6E5E4EB23222524DEA1A0A3
+CT=705715448A8DA412025CE38345C2A148
+
+I=125
+KEY=D8D9DADBDDDEDFE0E2E3E4E5E7E8E9EAECEDEEEFF1F2F3F4F6F7F8F9FBFCFDFE
+PT=CFCECDCCF6F5F4CBE6E7E0E199969794
+CT=C32B5B0B6FBAE165266C569F4B6ECF0B
+
+I=126
+KEY=00010203050607080A0B0C0D0F10111214151617191A1B1C1E1F202123242526
+PT=BABBB8B97271707FDCDDDADB29363734
+CT=4DCA6C75192A01DDCA9476AF2A521E87
+
+I=127
+KEY=28292A2B2D2E2F30323334353738393A3C3D3E3F41424344464748494B4C4D4E
+PT=C9C8CBCA4447465926272021545B5A59
+CT=058691E627ECBC36AC07B6DB423BD698
+
+I=128
+KEY=50515253555657585A5B5C5D5F60616264656667696A6B6C6E6F707173747576
+PT=050407067477767956575051221D1C1F
+CT=7444527095838FE080FC2BCDD30847EB
+
+==========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_vk.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_vk.txt
new file mode 100644
index 00000000..5dfd6008
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_vk.txt
@@ -0,0 +1,2334 @@
+
+=========================
+
+FILENAME:  "ecb_vk.txt"
+
+Electronic Codebook (ECB) Mode
+Variable Key Known Answer Tests
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+==========
+
+KEYSIZE=128
+
+PT=00000000000000000000000000000000
+
+I=1
+KEY=80000000000000000000000000000000
+CT=0EDD33D3C621E546455BD8BA1418BEC8
+
+I=2
+KEY=40000000000000000000000000000000
+CT=C0CC0C5DA5BD63ACD44A80774FAD5222
+
+I=3
+KEY=20000000000000000000000000000000
+CT=2F0B4B71BC77851B9CA56D42EB8FF080
+
+I=4
+KEY=10000000000000000000000000000000
+CT=6B1E2FFFE8A114009D8FE22F6DB5F876
+
+I=5
+KEY=08000000000000000000000000000000
+CT=9AA042C315F94CBB97B62202F83358F5
+
+I=6
+KEY=04000000000000000000000000000000
+CT=DBE01DE67E346A800C4C4B4880311DE4
+
+I=7
+KEY=02000000000000000000000000000000
+CT=C117D2238D53836ACD92DDCDB85D6A21
+
+I=8
+KEY=01000000000000000000000000000000
+CT=DC0ED85DF9611ABB7249CDD168C5467E
+
+I=9
+KEY=00800000000000000000000000000000
+CT=807D678FFF1F56FA92DE3381904842F2
+
+I=10
+KEY=00400000000000000000000000000000
+CT=0E53B3FCAD8E4B130EF73AEB957FB402
+
+I=11
+KEY=00200000000000000000000000000000
+CT=969FFD3B7C35439417E7BDE923035D65
+
+I=12
+KEY=00100000000000000000000000000000
+CT=A99B512C19CA56070491166A1503BF15
+
+I=13
+KEY=00080000000000000000000000000000
+CT=6E9985252126EE344D26AE369D2327E3
+
+I=14
+KEY=00040000000000000000000000000000
+CT=B85F4809F904C275491FCDCD1610387E
+
+I=15
+KEY=00020000000000000000000000000000
+CT=ED365B8D7D20C1F5D53FB94DD211DF7B
+
+I=16
+KEY=00010000000000000000000000000000
+CT=B3A575E86A8DB4A7135D604C43304896
+
+I=17
+KEY=00008000000000000000000000000000
+CT=89704BCB8E69F846259EB0ACCBC7F8A2
+
+I=18
+KEY=00004000000000000000000000000000
+CT=C56EE7C92197861F10D7A92B90882055
+
+I=19
+KEY=00002000000000000000000000000000
+CT=92F296F6846E0EAF9422A5A24A08B069
+
+I=20
+KEY=00001000000000000000000000000000
+CT=E67E32BB8F11DEB8699318BEE9E91A60
+
+I=21
+KEY=00000800000000000000000000000000
+CT=B08EEF85EAF626DD91B65C4C3A97D92B
+
+I=22
+KEY=00000400000000000000000000000000
+CT=661083A6ADDCE79BB4E0859AB5538013
+
+I=23
+KEY=00000200000000000000000000000000
+CT=55DFE2941E0EB10AFC0B333BD34DE1FE
+
+I=24
+KEY=00000100000000000000000000000000
+CT=6BFE5945E715C9662609770F8846087A
+
+I=25
+KEY=00000080000000000000000000000000
+CT=79848E9C30C2F8CDA8B325F7FED2B139
+
+I=26
+KEY=00000040000000000000000000000000
+CT=7A713A53B99FEF34AC04DEEF80965BD0
+
+I=27
+KEY=00000020000000000000000000000000
+CT=18144A2B46620D32C3C32CE52D49257F
+
+I=28
+KEY=00000010000000000000000000000000
+CT=872E827C70887C80749F7B8BB1847C7E
+
+I=29
+KEY=00000008000000000000000000000000
+CT=6B86C6A4FE6A60C59B1A3102F8DE49F3
+
+I=30
+KEY=00000004000000000000000000000000
+CT=9848BB3DFDF6F532F094679A4C231A20
+
+I=31
+KEY=00000002000000000000000000000000
+CT=925AD528E852E329B2091CD3F1C2BCEE
+
+I=32
+KEY=00000001000000000000000000000000
+CT=80DF436544B0DD596722E46792A40CD8
+
+I=33
+KEY=00000000800000000000000000000000
+CT=525DAF18F93E83E1E74BBBDDE4263BBA
+
+I=34
+KEY=00000000400000000000000000000000
+CT=F65C9D2EE485D24701FFA3313B9D5BE6
+
+I=35
+KEY=00000000200000000000000000000000
+CT=E4FC8D8BCA06425BDF94AFA40FCC14BA
+
+I=36
+KEY=00000000100000000000000000000000
+CT=A53F0A5CA1E4E6440BB975FF320DE6F8
+
+I=37
+KEY=00000000080000000000000000000000
+CT=D55313B9394080462E87E02899B553F0
+
+I=38
+KEY=00000000040000000000000000000000
+CT=34A71D761F71BCD344384C7F97D27906
+
+I=39
+KEY=00000000020000000000000000000000
+CT=233F3D819599612EBC89580245C996A8
+
+I=40
+KEY=00000000010000000000000000000000
+CT=B4F1374E5268DBCB676E447529E53F89
+
+I=41
+KEY=00000000008000000000000000000000
+CT=0816BD27861D2BA891D1044E39951E96
+
+I=42
+KEY=00000000004000000000000000000000
+CT=F3BE9EA3F10C73CA64FDE5DB13A951D1
+
+I=43
+KEY=00000000002000000000000000000000
+CT=2448086A8106FBD03048DDF857D3F1C8
+
+I=44
+KEY=00000000001000000000000000000000
+CT=670756E65BEC8B68F03D77CDCDCE7B91
+
+I=45
+KEY=00000000000800000000000000000000
+CT=EF968CF0D36FD6C6EFFD225F6FB44CA9
+
+I=46
+KEY=00000000000400000000000000000000
+CT=2E8767157922E3826DDCEC1B0CC1E105
+
+I=47
+KEY=00000000000200000000000000000000
+CT=78CE7EEC670E45A967BAB17E26A1AD36
+
+I=48
+KEY=00000000000100000000000000000000
+CT=3C5CEE825655F098F6E81A2F417DA3FB
+
+I=49
+KEY=00000000000080000000000000000000
+CT=67BFDB431DCE1292200BC6F5207ADB12
+
+I=50
+KEY=00000000000040000000000000000000
+CT=7540FD38E447C0779228548747843A6F
+
+I=51
+KEY=00000000000020000000000000000000
+CT=B85E513301F8A936EA9EC8A21A85B5E6
+
+I=52
+KEY=00000000000010000000000000000000
+CT=04C67DBF16C11427D507A455DE2C9BC5
+
+I=53
+KEY=00000000000008000000000000000000
+CT=03F75EB8959E55079CFFB4FF149A37B6
+
+I=54
+KEY=00000000000004000000000000000000
+CT=74550287F666C63BB9BC7838433434B0
+
+I=55
+KEY=00000000000002000000000000000000
+CT=7D537200195EBC3AEFD1EAAB1C385221
+
+I=56
+KEY=00000000000001000000000000000000
+CT=CE24E4D40C68A82B535CBD3C8E21652A
+
+I=57
+KEY=00000000000000800000000000000000
+CT=AB20072405AA8FC40265C6F1F3DC8BC0
+
+I=58
+KEY=00000000000000400000000000000000
+CT=6CFD2CF688F566B093F67B9B3839E80A
+
+I=59
+KEY=00000000000000200000000000000000
+CT=BD95977E6B7239D407A012C5544BF584
+
+I=60
+KEY=00000000000000100000000000000000
+CT=DF9C0130AC77E7C72C997F587B46DBE0
+
+I=61
+KEY=00000000000000080000000000000000
+CT=E7F1B82CADC53A648798945B34EFEFF2
+
+I=62
+KEY=00000000000000040000000000000000
+CT=932C6DBF69255CF13EDCDB72233ACEA3
+
+I=63
+KEY=00000000000000020000000000000000
+CT=5C76002BC7206560EFE550C80B8F12CC
+
+I=64
+KEY=00000000000000010000000000000000
+CT=F6B7BDD1CAEEBAB574683893C4475484
+
+I=65
+KEY=00000000000000008000000000000000
+CT=A920E37CC6DC6B31DA8C0169569F5034
+
+I=66
+KEY=00000000000000004000000000000000
+CT=919380ECD9C778BC513148B0C28D65FD
+
+I=67
+KEY=00000000000000002000000000000000
+CT=EE67308DD3F2D9E6C2170755E5784BE1
+
+I=68
+KEY=00000000000000001000000000000000
+CT=3CC73E53B85609023A05E149B223AE09
+
+I=69
+KEY=00000000000000000800000000000000
+CT=983E8AF7CF05EBB28D71EB841C9406E6
+
+I=70
+KEY=00000000000000000400000000000000
+CT=0F3099B2D31FA5299EE5BF43193287FC
+
+I=71
+KEY=00000000000000000200000000000000
+CT=B763D84F38C27FE6931DCEB6715D4DB6
+
+I=72
+KEY=00000000000000000100000000000000
+CT=5AE3C9B0E3CC29C0C61565CD01F8A248
+
+I=73
+KEY=00000000000000000080000000000000
+CT=F58083572CD90981958565D48D2DEE25
+
+I=74
+KEY=00000000000000000040000000000000
+CT=7E6255EEF8F70C0EF10337AAB1CCCEF8
+
+I=75
+KEY=00000000000000000020000000000000
+CT=AAD4BAC34DB22821841CE2F631961902
+
+I=76
+KEY=00000000000000000010000000000000
+CT=D7431C0409BB1441BA9C6858DC7D4E81
+
+I=77
+KEY=00000000000000000008000000000000
+CT=EF9298C65E339F6E801A59C626456993
+
+I=78
+KEY=00000000000000000004000000000000
+CT=53FE29F68FF541ABC3F0EF3350B72F7E
+
+I=79
+KEY=00000000000000000002000000000000
+CT=F6BBA5C10DB02529E2C2DA3FB582CC14
+
+I=80
+KEY=00000000000000000001000000000000
+CT=E4239AA37FC531A386DAD1126FC0E9CD
+
+I=81
+KEY=00000000000000000000800000000000
+CT=8F7758F857D15BBE7BFD0E416404C365
+
+I=82
+KEY=00000000000000000000400000000000
+CT=D273EB57C687BCD1B4EA7218A509E7B8
+
+I=83
+KEY=00000000000000000000200000000000
+CT=65D64F8D76E8B3423FA25C4EB58A210A
+
+I=84
+KEY=00000000000000000000100000000000
+CT=623D802B4EC450D66A16625702FCDBE0
+
+I=85
+KEY=00000000000000000000080000000000
+CT=7496460CB28E5791BAEAF9B68FB00022
+
+I=86
+KEY=00000000000000000000040000000000
+CT=34EA600F18BB0694B41681A49D510C1D
+
+I=87
+KEY=00000000000000000000020000000000
+CT=5F8FF0D47D5766D29B5D6E8F46423BD8
+
+I=88
+KEY=00000000000000000000010000000000
+CT=225F9286C5928BF09F84D3F93F541959
+
+I=89
+KEY=00000000000000000000008000000000
+CT=B21E90D25DF383416A5F072CEBEB1FFB
+
+I=90
+KEY=00000000000000000000004000000000
+CT=4AEFCDA089318125453EB9E8EB5E492E
+
+I=91
+KEY=00000000000000000000002000000000
+CT=4D3E75C6CD40EC4869BC85158591ADB8
+
+I=92
+KEY=00000000000000000000001000000000
+CT=63A8B904405436A1B99D7751866771B7
+
+I=93
+KEY=00000000000000000000000800000000
+CT=64F0DAAE47529199792EAE172BA53293
+
+I=94
+KEY=00000000000000000000000400000000
+CT=C3EEF84BEA18225D515A8C852A9047EE
+
+I=95
+KEY=00000000000000000000000200000000
+CT=A44AC422B47D47B81AF73B3E9AC9596E
+
+I=96
+KEY=00000000000000000000000100000000
+CT=D16E04A8FBC435094F8D53ADF25F5084
+
+I=97
+KEY=00000000000000000000000080000000
+CT=EF13DC34BAB03E124EEAD8B6BF44B532
+
+I=98
+KEY=00000000000000000000000040000000
+CT=D94799075C24DCC067AF0D392049250D
+
+I=99
+KEY=00000000000000000000000020000000
+CT=14F431771EDDCE4764C21A2254B5E3C8
+
+I=100
+KEY=00000000000000000000000010000000
+CT=7039329F36F2ED682B02991F28D64679
+
+I=101
+KEY=00000000000000000000000008000000
+CT=124EE24EDE5551639DB8B8B941F6141D
+
+I=102
+KEY=00000000000000000000000004000000
+CT=C2852879A34D5184E478EC918B993FEE
+
+I=103
+KEY=00000000000000000000000002000000
+CT=86A806A3525B93E432053C9AB5ABBEDF
+
+I=104
+KEY=00000000000000000000000001000000
+CT=C1609BF5A4F07E37C17A36366EC23ECC
+
+I=105
+KEY=00000000000000000000000000800000
+CT=7E81E7CB92159A51FFCEA331B1E8EA53
+
+I=106
+KEY=00000000000000000000000000400000
+CT=37A7BE002856C5A59A6E03EAFCE7729A
+
+I=107
+KEY=00000000000000000000000000200000
+CT=BDF98A5A4F91E890C9A1D1E5FAAB138F
+
+I=108
+KEY=00000000000000000000000000100000
+CT=4E96ACB66E051F2BC739CC3D3E34A26B
+
+I=109
+KEY=00000000000000000000000000080000
+CT=EE996CDD120EB86E21ECFA49E8E1FCF1
+
+I=110
+KEY=00000000000000000000000000040000
+CT=61B9E6B579DBF6070C351A1440DD85FF
+
+I=111
+KEY=00000000000000000000000000020000
+CT=AC369E484316440B40DFC83AA96E28E7
+
+I=112
+KEY=00000000000000000000000000010000
+CT=0A2D16DE985C76D45C579C1159413BBE
+
+I=113
+KEY=00000000000000000000000000008000
+CT=DA3FDC38DA1D374FA4802CDA1A1C6B0F
+
+I=114
+KEY=00000000000000000000000000004000
+CT=B842523D4C41C2211AFE43A5800ADCE3
+
+I=115
+KEY=00000000000000000000000000002000
+CT=9E2CDA90D8E992DBA6C73D8229567192
+
+I=116
+KEY=00000000000000000000000000001000
+CT=D49583B781D9E20F5BE101415957FC49
+
+I=117
+KEY=00000000000000000000000000000800
+CT=EF09DA5C12B376E458B9B8670032498E
+
+I=118
+KEY=00000000000000000000000000000400
+CT=A96BE0463DA774461A5E1D5A9DD1AC10
+
+I=119
+KEY=00000000000000000000000000000200
+CT=32CEE3341060790D2D4B1362EF397090
+
+I=120
+KEY=00000000000000000000000000000100
+CT=21CEA416A3D3359D2C4D58FB6A035F06
+
+I=121
+KEY=00000000000000000000000000000080
+CT=172AEAB3D507678ECAF455C12587ADB7
+
+I=122
+KEY=00000000000000000000000000000040
+CT=B6F897941EF8EBFF9FE80A567EF38478
+
+I=123
+KEY=00000000000000000000000000000020
+CT=A9723259D94A7DC662FB0C782CA3F1DD
+
+I=124
+KEY=00000000000000000000000000000010
+CT=2F91C984B9A4839F30001B9F430493B4
+
+I=125
+KEY=00000000000000000000000000000008
+CT=0472406345A610B048CB99EE0EF3FA0F
+
+I=126
+KEY=00000000000000000000000000000004
+CT=F5F39086646F8C05ED16EFA4B617957C
+
+I=127
+KEY=00000000000000000000000000000002
+CT=26D50F485A30408D5AF47A5736292450
+
+I=128
+KEY=00000000000000000000000000000001
+CT=0545AAD56DA2A97C3663D1432A3D1C84
+
+==========
+
+KEYSIZE=192
+
+PT=00000000000000000000000000000000
+
+I=1
+KEY=800000000000000000000000000000000000000000000000
+CT=DE885DC87F5A92594082D02CC1E1B42C
+
+I=2
+KEY=400000000000000000000000000000000000000000000000
+CT=C749194F94673F9DD2AA1932849630C1
+
+I=3
+KEY=200000000000000000000000000000000000000000000000
+CT=0CEF643313912934D310297B90F56ECC
+
+I=4
+KEY=100000000000000000000000000000000000000000000000
+CT=C4495D39D4A553B225FBA02A7B1B87E1
+
+I=5
+KEY=080000000000000000000000000000000000000000000000
+CT=636D10B1A0BCAB541D680A7970ADC830
+
+I=6
+KEY=040000000000000000000000000000000000000000000000
+CT=07CF045786BD6AFCC147D99E45A901A7
+
+I=7
+KEY=020000000000000000000000000000000000000000000000
+CT=6A8E3F425A7599348F95398448827976
+
+I=8
+KEY=010000000000000000000000000000000000000000000000
+CT=5518276836148A00D91089A20D8BFF57
+
+I=9
+KEY=008000000000000000000000000000000000000000000000
+CT=F267E07B5E87E3BC20B969C61D4FCB06
+
+I=10
+KEY=004000000000000000000000000000000000000000000000
+CT=5A1CDE69571D401BFCD20DEBADA2212C
+
+I=11
+KEY=002000000000000000000000000000000000000000000000
+CT=70A9057263254701D12ADD7D74CD509E
+
+I=12
+KEY=001000000000000000000000000000000000000000000000
+CT=35713A7E108031279388A33A0FE2E190
+
+I=13
+KEY=000800000000000000000000000000000000000000000000
+CT=E74EDE82B1254714F0C7B4B243108655
+
+I=14
+KEY=000400000000000000000000000000000000000000000000
+CT=39272E3100FAA37B55B862320D1B3EB3
+
+I=15
+KEY=000200000000000000000000000000000000000000000000
+CT=6D6E24C659FC5AEF712F77BCA19C9DD0
+
+I=16
+KEY=000100000000000000000000000000000000000000000000
+CT=76D18212F972370D3CC2C6C372C6CF2F
+
+I=17
+KEY=000080000000000000000000000000000000000000000000
+CT=B21A1F0BAE39E55C7594ED570A7783EA
+
+I=18
+KEY=000040000000000000000000000000000000000000000000
+CT=77DE202111895AC48DD1C974B358B458
+
+I=19
+KEY=000020000000000000000000000000000000000000000000
+CT=67810B311969012AAF7B504FFAF39FD1
+
+I=20
+KEY=000010000000000000000000000000000000000000000000
+CT=C22EA2344D3E9417A6BA07843E713AEA
+
+I=21
+KEY=000008000000000000000000000000000000000000000000
+CT=C79CAF4B97BEE0BD0630AB354539D653
+
+I=22
+KEY=000004000000000000000000000000000000000000000000
+CT=135FD1AF761D9AE23DF4AA6B86760DB4
+
+I=23
+KEY=000002000000000000000000000000000000000000000000
+CT=D4659D0B06ACD4D56AB8D11A16FD83B9
+
+I=24
+KEY=000001000000000000000000000000000000000000000000
+CT=F7D270028FC188E4E4F35A4AAA25D4D4
+
+I=25
+KEY=000000800000000000000000000000000000000000000000
+CT=345CAE5A8C9620A9913D5473985852FF
+
+I=26
+KEY=000000400000000000000000000000000000000000000000
+CT=4E8980ADDE60B0E42C0B287FEA41E729
+
+I=27
+KEY=000000200000000000000000000000000000000000000000
+CT=F11B6D74E1F15155633DC39743C1A527
+
+I=28
+KEY=000000100000000000000000000000000000000000000000
+CT=9C87916C0180064F9D3179C6F5DD8C35
+
+I=29
+KEY=000000080000000000000000000000000000000000000000
+CT=71AB186BCAEA518E461D4F7FAD230E6A
+
+I=30
+KEY=000000040000000000000000000000000000000000000000
+CT=C4A31BBC3DAAF742F9141C2A5001A49C
+
+I=31
+KEY=000000020000000000000000000000000000000000000000
+CT=E7C47B7B1D40F182A8928C8A55671D07
+
+I=32
+KEY=000000010000000000000000000000000000000000000000
+CT=8E17F294B28FA373C6249538868A7EEF
+
+I=33
+KEY=000000008000000000000000000000000000000000000000
+CT=754404096A5CBC08AF09491BE249141A
+
+I=34
+KEY=000000004000000000000000000000000000000000000000
+CT=101CB56E55F05D86369B6D1069204F0A
+
+I=35
+KEY=000000002000000000000000000000000000000000000000
+CT=73F19BB6604205C6EE227B9759791E41
+
+I=36
+KEY=000000001000000000000000000000000000000000000000
+CT=6270C0028F0D136C37A56B2CB64D24D6
+
+I=37
+KEY=000000000800000000000000000000000000000000000000
+CT=A3BF7C2C38D1114A087ECF212E694346
+
+I=38
+KEY=000000000400000000000000000000000000000000000000
+CT=49CABFF2CEF7D9F95F5EFB1F7A1A7DDE
+
+I=39
+KEY=000000000200000000000000000000000000000000000000
+CT=EC7F8A47CC59B849469255AD49F62752
+
+I=40
+KEY=000000000100000000000000000000000000000000000000
+CT=68FAE55A13EFAF9B07B3552A8A0DC9D1
+
+I=41
+KEY=000000000080000000000000000000000000000000000000
+CT=211E6B19C69FAEF481F64F24099CDA65
+
+I=42
+KEY=000000000040000000000000000000000000000000000000
+CT=DBB918C75BC5732416F79FB0C8EE4C5C
+
+I=43
+KEY=000000000020000000000000000000000000000000000000
+CT=98D494E5D963A6C8B92536D3EC35E3FD
+
+I=44
+KEY=000000000010000000000000000000000000000000000000
+CT=C9A873404D403D6F074190851D67781A
+
+I=45
+KEY=000000000008000000000000000000000000000000000000
+CT=073AEF4A7C77D921928CB0DD9D27CAE7
+
+I=46
+KEY=000000000004000000000000000000000000000000000000
+CT=89BDE25CEE36FDE769A10E52298CF90F
+
+I=47
+KEY=000000000002000000000000000000000000000000000000
+CT=26D0842D37EAD38557C65E0A5E5F122E
+
+I=48
+KEY=000000000001000000000000000000000000000000000000
+CT=F8294BA375AF46B3F22905BBAFFAB107
+
+I=49
+KEY=000000000000800000000000000000000000000000000000
+CT=2AD63EB4D0D43813B979CF72B35BDB94
+
+I=50
+KEY=000000000000400000000000000000000000000000000000
+CT=7710C171EE0F4EFA39BE4C995180181D
+
+I=51
+KEY=000000000000200000000000000000000000000000000000
+CT=C0CB2B40DBA7BE8C0698FAE1E4B80FF8
+
+I=52
+KEY=000000000000100000000000000000000000000000000000
+CT=97970E505194622FD955CA1B80B784E9
+
+I=53
+KEY=000000000000080000000000000000000000000000000000
+CT=7CB1824B29F850900DF2CAD9CF04C1CF
+
+I=54
+KEY=000000000000040000000000000000000000000000000000
+CT=FDF4F036BB988E42F2F62DE63FE19A64
+
+I=55
+KEY=000000000000020000000000000000000000000000000000
+CT=08908CFE2C82606B2C15DF61B75CF3E2
+
+I=56
+KEY=000000000000010000000000000000000000000000000000
+CT=B3AA689EF2D07FF365ACB9ADBA2AF07A
+
+I=57
+KEY=000000000000008000000000000000000000000000000000
+CT=F2672CD8EAA3B98776660D0263656F5C
+
+I=58
+KEY=000000000000004000000000000000000000000000000000
+CT=5BDEAC00E986687B9E1D94A0DA7BF452
+
+I=59
+KEY=000000000000002000000000000000000000000000000000
+CT=E6D57BD66EA1627363EE0C4B711B0B21
+
+I=60
+KEY=000000000000001000000000000000000000000000000000
+CT=03730DD6ACB4AD9996A63BE7765EC06F
+
+I=61
+KEY=000000000000000800000000000000000000000000000000
+CT=A470E361AA5437B2BE8586D2F78DE582
+
+I=62
+KEY=000000000000000400000000000000000000000000000000
+CT=7567FEEFA559911FD479670246B484E3
+
+I=63
+KEY=000000000000000200000000000000000000000000000000
+CT=29829DEA15A4E7A4C049045E7B106E29
+
+I=64
+KEY=000000000000000100000000000000000000000000000000
+CT=A407834C3D89D48A2CB7A152208FA4ED
+
+I=65
+KEY=000000000000000080000000000000000000000000000000
+CT=68F948053F78FEF0D8F9FE7EF3A89819
+
+I=66
+KEY=000000000000000040000000000000000000000000000000
+CT=B605174CAB13AD8FE3B20DA3AE7B0234
+
+I=67
+KEY=000000000000000020000000000000000000000000000000
+CT=CCAB8F0AEBFF032893996D383CBFDBFA
+
+I=68
+KEY=000000000000000010000000000000000000000000000000
+CT=AF14BB8428C9730B7DC17B6C1CBEBCC8
+
+I=69
+KEY=000000000000000008000000000000000000000000000000
+CT=5A41A21332040877EB7B89E8E80D19FE
+
+I=70
+KEY=000000000000000004000000000000000000000000000000
+CT=AC1BA52EFCDDE368B1596F2F0AD893A0
+
+I=71
+KEY=000000000000000002000000000000000000000000000000
+CT=41B890E31B9045E6ECDC1BC3F2DB9BCC
+
+I=72
+KEY=000000000000000001000000000000000000000000000000
+CT=4D54A549728E55B19A23660424A0F146
+
+I=73
+KEY=000000000000000000800000000000000000000000000000
+CT=A917581F41C47C7DDCFFD5285E2D6A61
+
+I=74
+KEY=000000000000000000400000000000000000000000000000
+CT=604DF24BA6099B93A7405A524D764FCB
+
+I=75
+KEY=000000000000000000200000000000000000000000000000
+CT=78D9D156F28B190E232D1B7AE7FC730A
+
+I=76
+KEY=000000000000000000100000000000000000000000000000
+CT=5A12C39E442CD7F27B3CD77F5D029582
+
+I=77
+KEY=000000000000000000080000000000000000000000000000
+CT=FF2BF2F47CF7B0F28EE25AF95DBF790D
+
+I=78
+KEY=000000000000000000040000000000000000000000000000
+CT=1863BB7D193BDA39DF090659EB8AE48B
+
+I=79
+KEY=000000000000000000020000000000000000000000000000
+CT=38178F2FB4CFCF31E87E1ABCDC023EB5
+
+I=80
+KEY=000000000000000000010000000000000000000000000000
+CT=F5B13DC690CC0D541C6BA533023DC8C9
+
+I=81
+KEY=000000000000000000008000000000000000000000000000
+CT=48EC05238D7375D126DC9D08884D4827
+
+I=82
+KEY=000000000000000000004000000000000000000000000000
+CT=ACD0D81139691B310B92A6E377BACC87
+
+I=83
+KEY=000000000000000000002000000000000000000000000000
+CT=9A4AA43578B55CE9CC178F0D2E162C79
+
+I=84
+KEY=000000000000000000001000000000000000000000000000
+CT=08AD94BC737DB3C87D49B9E01B720D81
+
+I=85
+KEY=000000000000000000000800000000000000000000000000
+CT=3BCFB2D5D210E8332900C5991D551A2A
+
+I=86
+KEY=000000000000000000000400000000000000000000000000
+CT=C5F0C6B9397ACB29635CE1A0DA2D8D96
+
+I=87
+KEY=000000000000000000000200000000000000000000000000
+CT=844A29EFC693E2FA9900F87FBF5DCD5F
+
+I=88
+KEY=000000000000000000000100000000000000000000000000
+CT=5126A1C41051FEA158BE41200E1EA59D
+
+I=89
+KEY=000000000000000000000080000000000000000000000000
+CT=302123CA7B4F46D667FFFB0EB6AA7703
+
+I=90
+KEY=000000000000000000000040000000000000000000000000
+CT=A9D16BCE7DB5C024277709EE2A88D91A
+
+I=91
+KEY=000000000000000000000020000000000000000000000000
+CT=F013C5EC123A26CFC34B598C992A996B
+
+I=92
+KEY=000000000000000000000010000000000000000000000000
+CT=E38A825CD971A1D2E56FB1DBA248F2A8
+
+I=93
+KEY=000000000000000000000008000000000000000000000000
+CT=6E701773C0311E0BD4C5A097406D22B3
+
+I=94
+KEY=000000000000000000000004000000000000000000000000
+CT=754262CEF0C64BE4C3E67C35ABE439F7
+
+I=95
+KEY=000000000000000000000002000000000000000000000000
+CT=C9C2D4C47DF7D55CFA0EE5F1FE5070F4
+
+I=96
+KEY=000000000000000000000001000000000000000000000000
+CT=6AB4BEA85B172573D8BD2D5F4329F13D
+
+I=97
+KEY=000000000000000000000000800000000000000000000000
+CT=11F03EF28E2CC9AE5165C587F7396C8C
+
+I=98
+KEY=000000000000000000000000400000000000000000000000
+CT=0682F2EB1A68BAC7949922C630DD27FA
+
+I=99
+KEY=000000000000000000000000200000000000000000000000
+CT=ABB0FEC0413D659AFE8E3DCF6BA873BB
+
+I=100
+KEY=000000000000000000000000100000000000000000000000
+CT=FE86A32E19F805D6569B2EFADD9C92AA
+
+I=101
+KEY=000000000000000000000000080000000000000000000000
+CT=E434E472275D1837D3D717F2EECC88C3
+
+I=102
+KEY=000000000000000000000000040000000000000000000000
+CT=74E57DCD12A21D26EF8ADAFA5E60469A
+
+I=103
+KEY=000000000000000000000000020000000000000000000000
+CT=C275429D6DAD45DDD423FA63C816A9C1
+
+I=104
+KEY=000000000000000000000000010000000000000000000000
+CT=7F6EC1A9AE729E86F7744AED4B8F4F07
+
+I=105
+KEY=000000000000000000000000008000000000000000000000
+CT=48B5A71AB9292BD4F9E608EF102636B2
+
+I=106
+KEY=000000000000000000000000004000000000000000000000
+CT=076FB95D5F536C78CBED3181BCCF3CF1
+
+I=107
+KEY=000000000000000000000000002000000000000000000000
+CT=BFA76BEA1E684FD3BF9256119EE0BC0F
+
+I=108
+KEY=000000000000000000000000001000000000000000000000
+CT=7D395923D56577F3FF8670998F8C4A71
+
+I=109
+KEY=000000000000000000000000000800000000000000000000
+CT=BA02C986E529AC18A882C34BA389625F
+
+I=110
+KEY=000000000000000000000000000400000000000000000000
+CT=3DFCF2D882AFE75D3A191193013A84B5
+
+I=111
+KEY=000000000000000000000000000200000000000000000000
+CT=FAD1FDE1D0241784B63080D2C74D236C
+
+I=112
+KEY=000000000000000000000000000100000000000000000000
+CT=7D6C80D39E41F007A14FB9CD2B2C15CD
+
+I=113
+KEY=000000000000000000000000000080000000000000000000
+CT=7975F401FC10637BB33EA2DB058FF6EC
+
+I=114
+KEY=000000000000000000000000000040000000000000000000
+CT=657983865C55A818F02B7FCD52ED7E99
+
+I=115
+KEY=000000000000000000000000000020000000000000000000
+CT=B32BEB1776F9827FF4C3AC9997E84B20
+
+I=116
+KEY=000000000000000000000000000010000000000000000000
+CT=2AE2C7C374F0A41E3D46DBC3E66BB59F
+
+I=117
+KEY=000000000000000000000000000008000000000000000000
+CT=4D835E4ABDD4BDC6B88316A6E931A07F
+
+I=118
+KEY=000000000000000000000000000004000000000000000000
+CT=E07EFABFF1C353F7384EBB87B435A3F3
+
+I=119
+KEY=000000000000000000000000000002000000000000000000
+CT=ED3088DC3FAF89AD87B4356FF1BB09C2
+
+I=120
+KEY=000000000000000000000000000001000000000000000000
+CT=4324D01140C156FC898C2E32BA03FB05
+
+I=121
+KEY=000000000000000000000000000000800000000000000000
+CT=BE15D016FACB5BAFBC24FA9289132166
+
+I=122
+KEY=000000000000000000000000000000400000000000000000
+CT=AC9B7048EDB1ACF4D97A5B0B3F50884B
+
+I=123
+KEY=000000000000000000000000000000200000000000000000
+CT=448BECE1F86C7845DFA9A4BB2A016FB3
+
+I=124
+KEY=000000000000000000000000000000100000000000000000
+CT=10DD445E87686EB46EA9B1ABC49257F0
+
+I=125
+KEY=000000000000000000000000000000080000000000000000
+CT=B7FCCF7659FA756D4B7303EEA6C07458
+
+I=126
+KEY=000000000000000000000000000000040000000000000000
+CT=289117115CA3513BAA7640B1004872C2
+
+I=127
+KEY=000000000000000000000000000000020000000000000000
+CT=57CB42F7EE7186051F50B93FFA7B35BF
+
+I=128
+KEY=000000000000000000000000000000010000000000000000
+CT=F2741BFBFB81663B9136802FB9C3126A
+
+I=129
+KEY=000000000000000000000000000000008000000000000000
+CT=E32DDDC5C7398C096E3BD535B31DB5CE
+
+I=130
+KEY=000000000000000000000000000000004000000000000000
+CT=81D3C204E608AF9CC713EAEBCB72433F
+
+I=131
+KEY=000000000000000000000000000000002000000000000000
+CT=D4DEEF4BFC36AAA579496E6935F8F98E
+
+I=132
+KEY=000000000000000000000000000000001000000000000000
+CT=C356DB082B97802B038571C392C5C8F6
+
+I=133
+KEY=000000000000000000000000000000000800000000000000
+CT=A3919ECD4861845F2527B77F06AC6A4E
+
+I=134
+KEY=000000000000000000000000000000000400000000000000
+CT=A53858E17A2F802A20E40D44494FFDA0
+
+I=135
+KEY=000000000000000000000000000000000200000000000000
+CT=5D989E122B78C758921EDBEEB827F0C0
+
+I=136
+KEY=000000000000000000000000000000000100000000000000
+CT=4B1C0C8F9E7830CC3C4BE7BD226FA8DE
+
+I=137
+KEY=000000000000000000000000000000000080000000000000
+CT=82C40C5FD897FBCA7B899C70713573A1
+
+I=138
+KEY=000000000000000000000000000000000040000000000000
+CT=ED13EE2D45E00F75CCDB51EA8E3E36AD
+
+I=139
+KEY=000000000000000000000000000000000020000000000000
+CT=F121799EEFE8432423176A3CCF6462BB
+
+I=140
+KEY=000000000000000000000000000000000010000000000000
+CT=4FA0C06F07997E98271DD86F7B355C50
+
+I=141
+KEY=000000000000000000000000000000000008000000000000
+CT=849EB364B4E81D058649DC5B1BF029B9
+
+I=142
+KEY=000000000000000000000000000000000004000000000000
+CT=F48F9E0DE8DE7AD944A207809335D9B1
+
+I=143
+KEY=000000000000000000000000000000000002000000000000
+CT=E59E9205B5A81A4FD26DFCF308966022
+
+I=144
+KEY=000000000000000000000000000000000001000000000000
+CT=3A91A1BE14AAE9ED700BDF9D70018804
+
+I=145
+KEY=000000000000000000000000000000000000800000000000
+CT=8ABAD78DCB79A48D79070E7DA89664EC
+
+I=146
+KEY=000000000000000000000000000000000000400000000000
+CT=B68377D98AAE6044938A7457F6C649D9
+
+I=147
+KEY=000000000000000000000000000000000000200000000000
+CT=E4E1275C42F5F1B63D662C099D6CE33D
+
+I=148
+KEY=000000000000000000000000000000000000100000000000
+CT=7DEF32A34C6BE668F17DA1BB193B06EF
+
+I=149
+KEY=000000000000000000000000000000000000080000000000
+CT=78B6000CC3D30CB3A74B68D0EDBD2B53
+
+I=150
+KEY=000000000000000000000000000000000000040000000000
+CT=0A47531DE88DD8AE5C23EAE4F7D1F2D5
+
+I=151
+KEY=000000000000000000000000000000000000020000000000
+CT=667B24E8000CF68231EC484581D922E5
+
+I=152
+KEY=000000000000000000000000000000000000010000000000
+CT=39DAA5EBD4AACAE130E9C33236C52024
+
+I=153
+KEY=000000000000000000000000000000000000008000000000
+CT=E3C88760B3CB21360668A63E55BB45D1
+
+I=154
+KEY=000000000000000000000000000000000000004000000000
+CT=F131EE903C1CDB49D416866FD5D8DE51
+
+I=155
+KEY=000000000000000000000000000000000000002000000000
+CT=7A1916135B0447CF4033FC13047A583A
+
+I=156
+KEY=000000000000000000000000000000000000001000000000
+CT=F7D55FB27991143DCDFA90DDF0424FCB
+
+I=157
+KEY=000000000000000000000000000000000000000800000000
+CT=EA93E7D1CA1111DBD8F7EC111A848C0C
+
+I=158
+KEY=000000000000000000000000000000000000000400000000
+CT=2A689E39DFD3CBCBE221326E95888779
+
+I=159
+KEY=000000000000000000000000000000000000000200000000
+CT=C1CE399CA762318AC2C40D1928B4C57D
+
+I=160
+KEY=000000000000000000000000000000000000000100000000
+CT=D43FB6F2B2879C8BFAF0092DA2CA63ED
+
+I=161
+KEY=000000000000000000000000000000000000000080000000
+CT=224563E617158DF97650AF5D130E78A5
+
+I=162
+KEY=000000000000000000000000000000000000000040000000
+CT=6562FDF6833B7C4F7484AE6EBCC243DD
+
+I=163
+KEY=000000000000000000000000000000000000000020000000
+CT=93D58BA7BED22615D661D002885A7457
+
+I=164
+KEY=000000000000000000000000000000000000000010000000
+CT=9A0EF559003AD9E52D3E09ED3C1D3320
+
+I=165
+KEY=000000000000000000000000000000000000000008000000
+CT=96BAF5A7DC6F3DD27EB4C717A85D261C
+
+I=166
+KEY=000000000000000000000000000000000000000004000000
+CT=B8762E06884900E8452293190E19CCDB
+
+I=167
+KEY=000000000000000000000000000000000000000002000000
+CT=785416A22BD63CBABF4B1789355197D3
+
+I=168
+KEY=000000000000000000000000000000000000000001000000
+CT=A0D20CE1489BAA69A3612DCE90F7ABF6
+
+I=169
+KEY=000000000000000000000000000000000000000000800000
+CT=700244E93DC94230CC607FFBA0E48F32
+
+I=170
+KEY=000000000000000000000000000000000000000000400000
+CT=85329E476829F872A2B4A7E59F91FF2D
+
+I=171
+KEY=000000000000000000000000000000000000000000200000
+CT=E4219B4935D988DB719B8B8B2B53D247
+
+I=172
+KEY=000000000000000000000000000000000000000000100000
+CT=6ACDD04FD13D4DB4409FE8DD13FD737B
+
+I=173
+KEY=000000000000000000000000000000000000000000080000
+CT=9EB7A670AB59E15BE582378701C1EC14
+
+I=174
+KEY=000000000000000000000000000000000000000000040000
+CT=29DF2D6935FE657763BC7A9F22D3D492
+
+I=175
+KEY=000000000000000000000000000000000000000000020000
+CT=99303359D4A13AFDBE6C784028CE533A
+
+I=176
+KEY=000000000000000000000000000000000000000000010000
+CT=FF5C70A6334545F33B9DBF7BEA0417CA
+
+I=177
+KEY=000000000000000000000000000000000000000000008000
+CT=289F58A17E4C50EDA4269EFB3DF55815
+
+I=178
+KEY=000000000000000000000000000000000000000000004000
+CT=EA35DCB416E9E1C2861D1682F062B5EB
+
+I=179
+KEY=000000000000000000000000000000000000000000002000
+CT=3A47BF354BE775383C50B0C0A83E3A58
+
+I=180
+KEY=000000000000000000000000000000000000000000001000
+CT=BF6C1DC069FB95D05D43B01D8206D66B
+
+I=181
+KEY=000000000000000000000000000000000000000000000800
+CT=046D1D580D5898DA6595F32FD1F0C33D
+
+I=182
+KEY=000000000000000000000000000000000000000000000400
+CT=5F57803B7B82A110F7E9855D6A546082
+
+I=183
+KEY=000000000000000000000000000000000000000000000200
+CT=25336ECF34E7BE97862CDFF715FF05A8
+
+I=184
+KEY=000000000000000000000000000000000000000000000100
+CT=ACBAA2A943D8078022D693890E8C4FEF
+
+I=185
+KEY=000000000000000000000000000000000000000000000080
+CT=3947597879F6B58E4E2F0DF825A83A38
+
+I=186
+KEY=000000000000000000000000000000000000000000000040
+CT=4EB8CC3335496130655BF3CA570A4FC0
+
+I=187
+KEY=000000000000000000000000000000000000000000000020
+CT=BBDA7769AD1FDA425E18332D97868824
+
+I=188
+KEY=000000000000000000000000000000000000000000000010
+CT=5E7532D22DDB0829A29C868198397154
+
+I=189
+KEY=000000000000000000000000000000000000000000000008
+CT=E66DA67B630AB7AE3E682855E1A1698E
+
+I=190
+KEY=000000000000000000000000000000000000000000000004
+CT=4D93800F671B48559A64D1EA030A590A
+
+I=191
+KEY=000000000000000000000000000000000000000000000002
+CT=F33159FCC7D9AE30C062CD3B322AC764
+
+I=192
+KEY=000000000000000000000000000000000000000000000001
+CT=8BAE4EFB70D33A9792EEA9BE70889D72
+
+==========
+
+KEYSIZE=256
+
+PT=00000000000000000000000000000000
+
+I=1
+KEY=8000000000000000000000000000000000000000000000000000000000000000
+CT=E35A6DCB19B201A01EBCFA8AA22B5759
+
+I=2
+KEY=4000000000000000000000000000000000000000000000000000000000000000
+CT=5075C2405B76F22F553488CAE47CE90B
+
+I=3
+KEY=2000000000000000000000000000000000000000000000000000000000000000
+CT=49DF95D844A0145A7DE01C91793302D3
+
+I=4
+KEY=1000000000000000000000000000000000000000000000000000000000000000
+CT=E7396D778E940B8418A86120E5F421FE
+
+I=5
+KEY=0800000000000000000000000000000000000000000000000000000000000000
+CT=05F535C36FCEDE4657BE37F4087DB1EF
+
+I=6
+KEY=0400000000000000000000000000000000000000000000000000000000000000
+CT=D0C1DDDD10DA777C68AB36AF51F2C204
+
+I=7
+KEY=0200000000000000000000000000000000000000000000000000000000000000
+CT=1C55FB811B5C6464C4E5DE1535A75514
+
+I=8
+KEY=0100000000000000000000000000000000000000000000000000000000000000
+CT=52917F3AE957D5230D3A2AF57C7B5A71
+
+I=9
+KEY=0080000000000000000000000000000000000000000000000000000000000000
+CT=C6E3D5501752DD5E9AEF086D6B45D705
+
+I=10
+KEY=0040000000000000000000000000000000000000000000000000000000000000
+CT=A24A9C7AF1D9B1E17E1C9A3E711B3FA7
+
+I=11
+KEY=0020000000000000000000000000000000000000000000000000000000000000
+CT=B881ECA724A6D43DBC6B96F6F59A0D20
+
+I=12
+KEY=0010000000000000000000000000000000000000000000000000000000000000
+CT=EC524D9A24DFFF2A9639879B83B8E137
+
+I=13
+KEY=0008000000000000000000000000000000000000000000000000000000000000
+CT=34C4F345F5466215A037F443635D6F75
+
+I=14
+KEY=0004000000000000000000000000000000000000000000000000000000000000
+CT=5BA5055BEDB8895F672E29F2EB5A355D
+
+I=15
+KEY=0002000000000000000000000000000000000000000000000000000000000000
+CT=B3F692AA3A435259EBBEF9B51AD1E08D
+
+I=16
+KEY=0001000000000000000000000000000000000000000000000000000000000000
+CT=414FEB4376F2C64A5D2FBB2ED531BA7D
+
+I=17
+KEY=0000800000000000000000000000000000000000000000000000000000000000
+CT=A20D519E3BCA3303F07E81719F61605E
+
+I=18
+KEY=0000400000000000000000000000000000000000000000000000000000000000
+CT=A08D10E520AF811F45BD60A2DC0DC4B1
+
+I=19
+KEY=0000200000000000000000000000000000000000000000000000000000000000
+CT=B06893A8C563C430E6F3858826EFBBE4
+
+I=20
+KEY=0000100000000000000000000000000000000000000000000000000000000000
+CT=0FFEE26AE2D3929C6BD9C6BEDFF84409
+
+I=21
+KEY=0000080000000000000000000000000000000000000000000000000000000000
+CT=4D0F5E906ED77801FC0EF53EDC5F9E2B
+
+I=22
+KEY=0000040000000000000000000000000000000000000000000000000000000000
+CT=8B6EC00119AD8B026DCE56EA7DEFE930
+
+I=23
+KEY=0000020000000000000000000000000000000000000000000000000000000000
+CT=69026591D43363EE9D83B5007F0B484E
+
+I=24
+KEY=0000010000000000000000000000000000000000000000000000000000000000
+CT=27135D86950C6A2F86872706279A4761
+
+I=25
+KEY=0000008000000000000000000000000000000000000000000000000000000000
+CT=35E6DB8723F281DA410C3AC8535ED77C
+
+I=26
+KEY=0000004000000000000000000000000000000000000000000000000000000000
+CT=57427CF214B8C28E4BBF487CCB8D0E09
+
+I=27
+KEY=0000002000000000000000000000000000000000000000000000000000000000
+CT=6DF01BF56E5131AC87F96E99CAB86367
+
+I=28
+KEY=0000001000000000000000000000000000000000000000000000000000000000
+CT=3856C5B55790B768BBF7D43031579BCF
+
+I=29
+KEY=0000000800000000000000000000000000000000000000000000000000000000
+CT=1E6ED8FB7C15BC4D2F63BA7037ED44D0
+
+I=30
+KEY=0000000400000000000000000000000000000000000000000000000000000000
+CT=E1B2ED6CD8D93D455534E401156D4BCF
+
+I=31
+KEY=0000000200000000000000000000000000000000000000000000000000000000
+CT=EFBCCA5BDFDAD10E875F02336212CE36
+
+I=32
+KEY=0000000100000000000000000000000000000000000000000000000000000000
+CT=0B777F02FD18DCE2646DCFE868DFAFAD
+
+I=33
+KEY=0000000080000000000000000000000000000000000000000000000000000000
+CT=C8A104B5693D1B14F5BF1F10100BF508
+
+I=34
+KEY=0000000040000000000000000000000000000000000000000000000000000000
+CT=4CCE6615244AFCB38408FECE219962EA
+
+I=35
+KEY=0000000020000000000000000000000000000000000000000000000000000000
+CT=F99E7845D3A255B394C9C050CBA258B1
+
+I=36
+KEY=0000000010000000000000000000000000000000000000000000000000000000
+CT=B4AFBB787F9BCFB7B55FDF447F611295
+
+I=37
+KEY=0000000008000000000000000000000000000000000000000000000000000000
+CT=AE1C426A697FAF2808B7EF6ADDB5C020
+
+I=38
+KEY=0000000004000000000000000000000000000000000000000000000000000000
+CT=7572F92811A85B9BDD38DEAD9945BCAE
+
+I=39
+KEY=0000000002000000000000000000000000000000000000000000000000000000
+CT=71BC7AA46E43FB95A181527D9F6A360F
+
+I=40
+KEY=0000000001000000000000000000000000000000000000000000000000000000
+CT=5542EF2923066F1EC8F546DD0D8E7CA8
+
+I=41
+KEY=0000000000800000000000000000000000000000000000000000000000000000
+CT=6B92317C7D623790B748FDD7EFC42422
+
+I=42
+KEY=0000000000400000000000000000000000000000000000000000000000000000
+CT=0FE7C097E899C71EF045360F8D6C25CF
+
+I=43
+KEY=0000000000200000000000000000000000000000000000000000000000000000
+CT=4ECE7EE107D0264D04693151C25B9DF6
+
+I=44
+KEY=0000000000100000000000000000000000000000000000000000000000000000
+CT=FD6AE687CBFCA9E301045888D3BB9605
+
+I=45
+KEY=0000000000080000000000000000000000000000000000000000000000000000
+CT=476B579C8556C7254424902CC1D6D36E
+
+I=46
+KEY=0000000000040000000000000000000000000000000000000000000000000000
+CT=4133CBCDFDD6B8860A1FC18665D6D71B
+
+I=47
+KEY=0000000000020000000000000000000000000000000000000000000000000000
+CT=3B36EC2664798C108B816812C65DFDC7
+
+I=48
+KEY=0000000000010000000000000000000000000000000000000000000000000000
+CT=364E20A234FEA385D48DC5A09C9E70CF
+
+I=49
+KEY=0000000000008000000000000000000000000000000000000000000000000000
+CT=4A4BA25969DE3F5EE5642C71AAD0EFD1
+
+I=50
+KEY=0000000000004000000000000000000000000000000000000000000000000000
+CT=E42CBAAE43297F67A76C1C501BB79E36
+
+I=51
+KEY=0000000000002000000000000000000000000000000000000000000000000000
+CT=23CEDEDA4C15B4C037E8C61492217937
+
+I=52
+KEY=0000000000001000000000000000000000000000000000000000000000000000
+CT=A1719147A1F4A1A1180BD16E8593DCDE
+
+I=53
+KEY=0000000000000800000000000000000000000000000000000000000000000000
+CT=AB82337E9FB0EC60D1F25A1D0014192C
+
+I=54
+KEY=0000000000000400000000000000000000000000000000000000000000000000
+CT=74BF2D8FC5A8388DF1A3A4D7D33FC164
+
+I=55
+KEY=0000000000000200000000000000000000000000000000000000000000000000
+CT=D5B493317E6FBC6FFFD664B3C491368A
+
+I=56
+KEY=0000000000000100000000000000000000000000000000000000000000000000
+CT=BA767381586DA56A2A8D503D5F7ADA0B
+
+I=57
+KEY=0000000000000080000000000000000000000000000000000000000000000000
+CT=E8E6BC57DFE9CCADB0DECABF4E5CF91F
+
+I=58
+KEY=0000000000000040000000000000000000000000000000000000000000000000
+CT=3C8E5A5CDC9CEED90815D1F84BB2998C
+
+I=59
+KEY=0000000000000020000000000000000000000000000000000000000000000000
+CT=283843020BA38F056001B2FD585F7CC9
+
+I=60
+KEY=0000000000000010000000000000000000000000000000000000000000000000
+CT=D8ADC7426F623ECE8741A70621D28870
+
+I=61
+KEY=0000000000000008000000000000000000000000000000000000000000000000
+CT=D7C5C215592D06F00E6A80DA69A28EA9
+
+I=62
+KEY=0000000000000004000000000000000000000000000000000000000000000000
+CT=52CF6FA433C3C870CAC70190358F7F16
+
+I=63
+KEY=0000000000000002000000000000000000000000000000000000000000000000
+CT=F63D442A584DA71786ADEC9F3346DF75
+
+I=64
+KEY=0000000000000001000000000000000000000000000000000000000000000000
+CT=549078F4B0CA7079B45F9A5ADAFAFD99
+
+I=65
+KEY=0000000000000000800000000000000000000000000000000000000000000000
+CT=F2A5986EE4E9984BE2BAFB79EA8152FA
+
+I=66
+KEY=0000000000000000400000000000000000000000000000000000000000000000
+CT=8A74535017B4DB2776668A1FAE64384C
+
+I=67
+KEY=0000000000000000200000000000000000000000000000000000000000000000
+CT=E613342F57A97FD95DC088711A5D0ECD
+
+I=68
+KEY=0000000000000000100000000000000000000000000000000000000000000000
+CT=3FFAEBF6B22CF1DC82AE17CD48175B01
+
+I=69
+KEY=0000000000000000080000000000000000000000000000000000000000000000
+CT=BAFD52EFA15C248CCBF9757735E6B1CE
+
+I=70
+KEY=0000000000000000040000000000000000000000000000000000000000000000
+CT=7AF94BC018D9DDD4539D2DD1C6F4000F
+
+I=71
+KEY=0000000000000000020000000000000000000000000000000000000000000000
+CT=FE177AD61CA0FDB281086FBA8FE76803
+
+I=72
+KEY=0000000000000000010000000000000000000000000000000000000000000000
+CT=74DBEA15E2E9285BAD163D7D534251B6
+
+I=73
+KEY=0000000000000000008000000000000000000000000000000000000000000000
+CT=23DD21331B3A92F200FE56FF050FFE74
+
+I=74
+KEY=0000000000000000004000000000000000000000000000000000000000000000
+CT=A69C5AA34AB20A858CAFA766EACED6D8
+
+I=75
+KEY=0000000000000000002000000000000000000000000000000000000000000000
+CT=3F72BB4DF2A4F941A4A09CB78F04B97A
+
+I=76
+KEY=0000000000000000001000000000000000000000000000000000000000000000
+CT=72CC43577E1FD5FD14622D24D97FCDCC
+
+I=77
+KEY=0000000000000000000800000000000000000000000000000000000000000000
+CT=D83AF8EBE93E0B6B99CAFADE224937D1
+
+I=78
+KEY=0000000000000000000400000000000000000000000000000000000000000000
+CT=44042329128D56CAA8D084C8BD769D1E
+
+I=79
+KEY=0000000000000000000200000000000000000000000000000000000000000000
+CT=14102D72290DE4F2C430ADD1ED64BA1D
+
+I=80
+KEY=0000000000000000000100000000000000000000000000000000000000000000
+CT=449124097B1ECD0AE7065206DF06F03C
+
+I=81
+KEY=0000000000000000000080000000000000000000000000000000000000000000
+CT=D060A99F8CC153A42E11E5F97BD7584A
+
+I=82
+KEY=0000000000000000000040000000000000000000000000000000000000000000
+CT=65605B3EA9261488D53E48602ADEA299
+
+I=83
+KEY=0000000000000000000020000000000000000000000000000000000000000000
+CT=C5E5CAD7A208DE8EA6BE049EFE5C7346
+
+I=84
+KEY=0000000000000000000010000000000000000000000000000000000000000000
+CT=4C280C46D2181646048DD5BC0C0831A5
+
+I=85
+KEY=0000000000000000000008000000000000000000000000000000000000000000
+CT=5DD65CF37F2A0929559AABAFDA08E730
+
+I=86
+KEY=0000000000000000000004000000000000000000000000000000000000000000
+CT=31F2335CAAF264172F69A693225E6D22
+
+I=87
+KEY=0000000000000000000002000000000000000000000000000000000000000000
+CT=3E28B35F99A72662590DA96426DD377F
+
+I=88
+KEY=0000000000000000000001000000000000000000000000000000000000000000
+CT=570F40F5D7B20441486578ED344343BE
+
+I=89
+KEY=0000000000000000000000800000000000000000000000000000000000000000
+CT=C54308AD1C9E3B19F8B7417873045A8C
+
+I=90
+KEY=0000000000000000000000400000000000000000000000000000000000000000
+CT=CBF335E39CE13ADE2B696179E8FD0CE1
+
+I=91
+KEY=0000000000000000000000200000000000000000000000000000000000000000
+CT=9C2FBF422355D8293083D51F4A3C18A9
+
+I=92
+KEY=0000000000000000000000100000000000000000000000000000000000000000
+CT=5ED8B5A31ECEFAB16C9AA6986DA67BCE
+
+I=93
+KEY=0000000000000000000000080000000000000000000000000000000000000000
+CT=627815DCFC814ABC75900041B1DD7B59
+
+I=94
+KEY=0000000000000000000000040000000000000000000000000000000000000000
+CT=9EF3E82A50A59F166260494F7A7F2CC3
+
+I=95
+KEY=0000000000000000000000020000000000000000000000000000000000000000
+CT=878CD0D8D920888B5935D6C351128737
+
+I=96
+KEY=0000000000000000000000010000000000000000000000000000000000000000
+CT=E44429474D6FC3084EB2A6B8B46AF754
+
+I=97
+KEY=0000000000000000000000008000000000000000000000000000000000000000
+CT=EBAACF9641D54E1FB18D0A2BE4F19BE5
+
+I=98
+KEY=0000000000000000000000004000000000000000000000000000000000000000
+CT=13B3BF497CEE780E123C7E193DEA3A01
+
+I=99
+KEY=0000000000000000000000002000000000000000000000000000000000000000
+CT=6E8F381DE00A41161F0DF03B4155BFD4
+
+I=100
+KEY=0000000000000000000000001000000000000000000000000000000000000000
+CT=35E4F29BBA2BAE01144910783C3FEF49
+
+I=101
+KEY=0000000000000000000000000800000000000000000000000000000000000000
+CT=55B17BD66788CEAC366398A31F289FFB
+
+I=102
+KEY=0000000000000000000000000400000000000000000000000000000000000000
+CT=11341F56C0D6D1008D28741DAA7679CE
+
+I=103
+KEY=0000000000000000000000000200000000000000000000000000000000000000
+CT=4DF7253DF421D83358BDBE924745D98C
+
+I=104
+KEY=0000000000000000000000000100000000000000000000000000000000000000
+CT=BAE2EE651116D93EDC8E83B5F3347BE1
+
+I=105
+KEY=0000000000000000000000000080000000000000000000000000000000000000
+CT=F9721ABD06709157183AF3965A659D9D
+
+I=106
+KEY=0000000000000000000000000040000000000000000000000000000000000000
+CT=19A1C252A613FE2860A4AE6D75CE6FA3
+
+I=107
+KEY=0000000000000000000000000020000000000000000000000000000000000000
+CT=B5DDB2F5D9752C949FBDE3FFF5556C6E
+
+I=108
+KEY=0000000000000000000000000010000000000000000000000000000000000000
+CT=81B044FCFFC78ECCFCD171AAD0405C66
+
+I=109
+KEY=0000000000000000000000000008000000000000000000000000000000000000
+CT=C640566D3C06020EB2C42F1D62E56A9B
+
+I=110
+KEY=0000000000000000000000000004000000000000000000000000000000000000
+CT=EA6C4BCF425291679FDFFD26A424FBCC
+
+I=111
+KEY=0000000000000000000000000002000000000000000000000000000000000000
+CT=57F6901465D9440D9F15EE2CBA5A4090
+
+I=112
+KEY=0000000000000000000000000001000000000000000000000000000000000000
+CT=FBCFA74CADC7406260F63D96C8AAB6B1
+
+I=113
+KEY=0000000000000000000000000000800000000000000000000000000000000000
+CT=DFF4F096CEA211D4BBDACA033D0EC7D1
+
+I=114
+KEY=0000000000000000000000000000400000000000000000000000000000000000
+CT=1EE5190D551F0F42F675227A381296A9
+
+I=115
+KEY=0000000000000000000000000000200000000000000000000000000000000000
+CT=F98E1905012E580F097623C10B93054F
+
+I=116
+KEY=0000000000000000000000000000100000000000000000000000000000000000
+CT=E7D43743D21DD3C9F168C86856558B9A
+
+I=117
+KEY=0000000000000000000000000000080000000000000000000000000000000000
+CT=632A9DDA730DAB67593C5D08D8AC1059
+
+I=118
+KEY=0000000000000000000000000000040000000000000000000000000000000000
+CT=E084317000715B9057BC9DE9F3AB6124
+
+I=119
+KEY=0000000000000000000000000000020000000000000000000000000000000000
+CT=61F9EF33A0BB4E666C2ED99101919FAB
+
+I=120
+KEY=0000000000000000000000000000010000000000000000000000000000000000
+CT=6DC1D68A11834657D46703C22578D59A
+
+I=121
+KEY=0000000000000000000000000000008000000000000000000000000000000000
+CT=53AC1548863D3D16F1D4DC7242E05F2C
+
+I=122
+KEY=0000000000000000000000000000004000000000000000000000000000000000
+CT=E82CD587A408306AD78CEAE0916B9F8C
+
+I=123
+KEY=0000000000000000000000000000002000000000000000000000000000000000
+CT=0FD2D40EA6AD17A3A767F0A8600D6295
+
+I=124
+KEY=0000000000000000000000000000001000000000000000000000000000000000
+CT=AD84CC8255ADB39DFCA23F92761AE7E9
+
+I=125
+KEY=0000000000000000000000000000000800000000000000000000000000000000
+CT=F4F20CF7D51BEE7DA024A2B11A7ECA0B
+
+I=126
+KEY=0000000000000000000000000000000400000000000000000000000000000000
+CT=5057691B85D9CE93A193214DB0A016B6
+
+I=127
+KEY=0000000000000000000000000000000200000000000000000000000000000000
+CT=0F58C960876390BDEF4BB6BE95CAA1EE
+
+I=128
+KEY=0000000000000000000000000000000100000000000000000000000000000000
+CT=9A3E66EEBC21BC0BD9430B341EF465FA
+
+I=129
+KEY=0000000000000000000000000000000080000000000000000000000000000000
+CT=20415035F34B8BCBCB28ABF07F78F0D4
+
+I=130
+KEY=0000000000000000000000000000000040000000000000000000000000000000
+CT=AC89FC7BA10479EBF10DE65BCEF89B3C
+
+I=131
+KEY=0000000000000000000000000000000020000000000000000000000000000000
+CT=068FA75A30BE443171AF3F6FEB1A20D2
+
+I=132
+KEY=0000000000000000000000000000000010000000000000000000000000000000
+CT=50E02F213246C525A8C27700CA34B502
+
+I=133
+KEY=0000000000000000000000000000000008000000000000000000000000000000
+CT=227DA47D5A0906DB3AB042BB0A695FB6
+
+I=134
+KEY=0000000000000000000000000000000004000000000000000000000000000000
+CT=8663AC30ED12514F1DE46777F4514BFC
+
+I=135
+KEY=0000000000000000000000000000000002000000000000000000000000000000
+CT=A987D4BC12E1DE9F4B6DF43567C34A8B
+
+I=136
+KEY=0000000000000000000000000000000001000000000000000000000000000000
+CT=6D5A0370F599ACA605F63B04E5143D0C
+
+I=137
+KEY=0000000000000000000000000000000000800000000000000000000000000000
+CT=9809266E378B07B7AFDB3BAA97B7E442
+
+I=138
+KEY=0000000000000000000000000000000000400000000000000000000000000000
+CT=8F753252B30CCCACE12D9A301F4D5090
+
+I=139
+KEY=0000000000000000000000000000000000200000000000000000000000000000
+CT=032465F6C0CE34D41962F561692A1AFF
+
+I=140
+KEY=0000000000000000000000000000000000100000000000000000000000000000
+CT=C50E9AD5BEB8F3B00821DD47FF8AC093
+
+I=141
+KEY=0000000000000000000000000000000000080000000000000000000000000000
+CT=9C6FEA3D46268D54A6829B2AD25BB276
+
+I=142
+KEY=0000000000000000000000000000000000040000000000000000000000000000
+CT=0FD8575E87706F561343D7B3A41E044A
+
+I=143
+KEY=0000000000000000000000000000000000020000000000000000000000000000
+CT=BEE9BEB3739540D88CBCE77925F0A114
+
+I=144
+KEY=0000000000000000000000000000000000010000000000000000000000000000
+CT=D24EAEE7FFFBAC3D6F26C2DCE0DCDE28
+
+I=145
+KEY=0000000000000000000000000000000000008000000000000000000000000000
+CT=47771A90398FF0F7FA821C2F8F5E1398
+
+I=146
+KEY=0000000000000000000000000000000000004000000000000000000000000000
+CT=4639741B6F84B135AD118C8249B64ED0
+
+I=147
+KEY=0000000000000000000000000000000000002000000000000000000000000000
+CT=8EE5505EC85567697A3306F250A27720
+
+I=148
+KEY=0000000000000000000000000000000000001000000000000000000000000000
+CT=7C8A19AC1AEFBC5E0119D91A5F05D4C2
+
+I=149
+KEY=0000000000000000000000000000000000000800000000000000000000000000
+CT=5141B9B672E54773B672E3A6C424887B
+
+I=150
+KEY=0000000000000000000000000000000000000400000000000000000000000000
+CT=B5A2D3CD206653C6402F34FB0AE3613D
+
+I=151
+KEY=0000000000000000000000000000000000000200000000000000000000000000
+CT=0F5BD9408738231D114B0A82753279A3
+
+I=152
+KEY=0000000000000000000000000000000000000100000000000000000000000000
+CT=FEF033FF4268EA487FC74C5E43A45338
+
+I=153
+KEY=0000000000000000000000000000000000000080000000000000000000000000
+CT=A3EDC09DCD529B113910D904AD855581
+
+I=154
+KEY=0000000000000000000000000000000000000040000000000000000000000000
+CT=AB8FBB6F27A0AC7C55B59FDD36B72F1C
+
+I=155
+KEY=0000000000000000000000000000000000000020000000000000000000000000
+CT=EEA44D5ED4D769CC930CD83D8999EC46
+
+I=156
+KEY=0000000000000000000000000000000000000010000000000000000000000000
+CT=6972276803AE9AA7C6F431AB10979C34
+
+I=157
+KEY=0000000000000000000000000000000000000008000000000000000000000000
+CT=86DEAA9F39244101818178474D7DBDE9
+
+I=158
+KEY=0000000000000000000000000000000000000004000000000000000000000000
+CT=88C6B466EA361D662D8D08CBF181F4FE
+
+I=159
+KEY=0000000000000000000000000000000000000002000000000000000000000000
+CT=91AB2C6B7C63FF59F7CBEEBF91B20B95
+
+I=160
+KEY=0000000000000000000000000000000000000001000000000000000000000000
+CT=2DFE6C146AD5B3D8C3C1718F13B48E01
+
+I=161
+KEY=0000000000000000000000000000000000000000800000000000000000000000
+CT=C7CFF1623451711391A302EEC3584AAA
+
+I=162
+KEY=0000000000000000000000000000000000000000400000000000000000000000
+CT=089FE845CC05011686C66019D18BE050
+
+I=163
+KEY=0000000000000000000000000000000000000000200000000000000000000000
+CT=08C8410B9B427211A67124B0DCCEAD48
+
+I=164
+KEY=0000000000000000000000000000000000000000100000000000000000000000
+CT=8D91592F5566085254784606334D7629
+
+I=165
+KEY=0000000000000000000000000000000000000000080000000000000000000000
+CT=3298FEAAF2E1201D6299FF8846639C97
+
+I=166
+KEY=0000000000000000000000000000000000000000040000000000000000000000
+CT=C497CB9F0BDFE0EFC8C2F3F90760AA72
+
+I=167
+KEY=0000000000000000000000000000000000000000020000000000000000000000
+CT=2788AFD046E0309CBE4424690DA2AB89
+
+I=168
+KEY=0000000000000000000000000000000000000000010000000000000000000000
+CT=E9891707F25EF29FEE372890D4258982
+
+I=169
+KEY=0000000000000000000000000000000000000000008000000000000000000000
+CT=DB041D94A23D45D4D4DCED5A030CAF61
+
+I=170
+KEY=0000000000000000000000000000000000000000004000000000000000000000
+CT=FFAFDBF0ECB18DF9EA02C27077448E6D
+
+I=171
+KEY=0000000000000000000000000000000000000000002000000000000000000000
+CT=2DAAA42A7D0A1D3B0E4761D99CF2150A
+
+I=172
+KEY=0000000000000000000000000000000000000000001000000000000000000000
+CT=3B7A54CB7CF30ABE263DD6ED5BFE8D63
+
+I=173
+KEY=0000000000000000000000000000000000000000000800000000000000000000
+CT=EEFA090174C590C448A55D43648F534A
+
+I=174
+KEY=0000000000000000000000000000000000000000000400000000000000000000
+CT=9E15798731ED42F43EA2740A691DA872
+
+I=175
+KEY=0000000000000000000000000000000000000000000200000000000000000000
+CT=31FBD661540A5DEAAD1017CFD3909EC8
+
+I=176
+KEY=0000000000000000000000000000000000000000000100000000000000000000
+CT=CDA9AE05F224140E28CB951721B44D6A
+
+I=177
+KEY=0000000000000000000000000000000000000000000080000000000000000000
+CT=0C5BC512C60A1EAC3434EFB1A8FBB182
+
+I=178
+KEY=0000000000000000000000000000000000000000000040000000000000000000
+CT=AA863610DEEEEB62D045E87EA30B59B5
+
+I=179
+KEY=0000000000000000000000000000000000000000000020000000000000000000
+CT=6AC2448DE568D279C7EEBE1DF403920C
+
+I=180
+KEY=0000000000000000000000000000000000000000000010000000000000000000
+CT=E2011E3D292B26888AE801215FD0CB40
+
+I=181
+KEY=0000000000000000000000000000000000000000000008000000000000000000
+CT=E06F3E15EE3A61672D1C99BADE5B9DBE
+
+I=182
+KEY=0000000000000000000000000000000000000000000004000000000000000000
+CT=BB7027F0548CF6712CEB4C7A4B28E178
+
+I=183
+KEY=0000000000000000000000000000000000000000000002000000000000000000
+CT=061EC21FB70FADBDF87C3BD2AE23825B
+
+I=184
+KEY=0000000000000000000000000000000000000000000001000000000000000000
+CT=4C21F26FE94ABBAC381352375314C3EB
+
+I=185
+KEY=0000000000000000000000000000000000000000000000800000000000000000
+CT=F7CEE6DD99909C2B569EEDA61ED8942E
+
+I=186
+KEY=0000000000000000000000000000000000000000000000400000000000000000
+CT=CE98C4A876C65E4CCB261EBB1D9DF7F5
+
+I=187
+KEY=0000000000000000000000000000000000000000000000200000000000000000
+CT=A5491881CF833C3604ABC08044F402AC
+
+I=188
+KEY=0000000000000000000000000000000000000000000000100000000000000000
+CT=A1BA16E64CCCB3087D57A768507B0BFC
+
+I=189
+KEY=0000000000000000000000000000000000000000000000080000000000000000
+CT=D55951E202D2949EBD3BE43120C738BF
+
+I=190
+KEY=0000000000000000000000000000000000000000000000040000000000000000
+CT=EBB8E43069E69F450EFEC65DCD52B7FD
+
+I=191
+KEY=0000000000000000000000000000000000000000000000020000000000000000
+CT=2B292135663B4AA5ABFE9423D57E7EE9
+
+I=192
+KEY=0000000000000000000000000000000000000000000000010000000000000000
+CT=E91BF974B3BE3AD966249D8655292A85
+
+I=193
+KEY=0000000000000000000000000000000000000000000000008000000000000000
+CT=384365998EAA9562236CC58F6ADF9610
+
+I=194
+KEY=0000000000000000000000000000000000000000000000004000000000000000
+CT=C2E997012AA3D4D8D359C9A947CBE69F
+
+I=195
+KEY=0000000000000000000000000000000000000000000000002000000000000000
+CT=F49421204148BA213BE87E2D5C22B0BF
+
+I=196
+KEY=0000000000000000000000000000000000000000000000001000000000000000
+CT=82ED0ED9953AA92E4DF30929CA65C00F
+
+I=197
+KEY=0000000000000000000000000000000000000000000000000800000000000000
+CT=291EB1D11653C8479437C74A977F5106
+
+I=198
+KEY=0000000000000000000000000000000000000000000000000400000000000000
+CT=BCB997B1939B8983ABD550D6025683E3
+
+I=199
+KEY=0000000000000000000000000000000000000000000000000200000000000000
+CT=1FBA2592C6F489775CAADA71F9B983E9
+
+I=200
+KEY=0000000000000000000000000000000000000000000000000100000000000000
+CT=969F66F217AF1A3DB9E41C1B29039824
+
+I=201
+KEY=0000000000000000000000000000000000000000000000000080000000000000
+CT=A54BB7D6B17E423AC0A7744C19073CB8
+
+I=202
+KEY=0000000000000000000000000000000000000000000000000040000000000000
+CT=B0AC6E6578D1021F47DCF9748A32EAD5
+
+I=203
+KEY=0000000000000000000000000000000000000000000000000020000000000000
+CT=B87B361C3B7B194C77A4358D4669153E
+
+I=204
+KEY=0000000000000000000000000000000000000000000000000010000000000000
+CT=46A133847F96EAA8282A799DC8899D58
+
+I=205
+KEY=0000000000000000000000000000000000000000000000000008000000000000
+CT=2265EC3A9F2D5C9547A091CC8CFB18EA
+
+I=206
+KEY=0000000000000000000000000000000000000000000000000004000000000000
+CT=54CBF3A6FC4FE56D426117AA1FFD1DDE
+
+I=207
+KEY=0000000000000000000000000000000000000000000000000002000000000000
+CT=5312877CCEAB6CFB0905394A370A8003
+
+I=208
+KEY=0000000000000000000000000000000000000000000000000001000000000000
+CT=7190BD6EC613FE38B84ECFE28F702FE4
+
+I=209
+KEY=0000000000000000000000000000000000000000000000000000800000000000
+CT=D1FA5B9CA89A43B04C05F0EF29EF68CD
+
+I=210
+KEY=0000000000000000000000000000000000000000000000000000400000000000
+CT=808285751548ED934FD1056D2D9AE8BA
+
+I=211
+KEY=0000000000000000000000000000000000000000000000000000200000000000
+CT=2758DEF3E7B95A9AE89777BE64D5A6CF
+
+I=212
+KEY=0000000000000000000000000000000000000000000000000000100000000000
+CT=07D81F87DB3E0ACC82B01E08FB22F3C1
+
+I=213
+KEY=0000000000000000000000000000000000000000000000000000080000000000
+CT=8DA250E5553D650711A75EE1CB4FD1C7
+
+I=214
+KEY=0000000000000000000000000000000000000000000000000000040000000000
+CT=A93D946BD0E87F32719DF5F158CEE669
+
+I=215
+KEY=0000000000000000000000000000000000000000000000000000020000000000
+CT=03945236EC2A4D4EAF30B8ABEB54330D
+
+I=216
+KEY=0000000000000000000000000000000000000000000000000000010000000000
+CT=11CC35301F24B79DDE31AEA2D1354F88
+
+I=217
+KEY=0000000000000000000000000000000000000000000000000000008000000000
+CT=E73715B3E8D9A290F44AE6FFBF247E5D
+
+I=218
+KEY=0000000000000000000000000000000000000000000000000000004000000000
+CT=7345E07732B71CB158BBF64CCA5C5B96
+
+I=219
+KEY=0000000000000000000000000000000000000000000000000000002000000000
+CT=6E128F296D24705A1924FD9B70C4ED04
+
+I=220
+KEY=0000000000000000000000000000000000000000000000000000001000000000
+CT=95A789776F036783FBD330947083F54F
+
+I=221
+KEY=0000000000000000000000000000000000000000000000000000000800000000
+CT=360DEC2533EA4AA2E3E54FD3DE2906EB
+
+I=222
+KEY=0000000000000000000000000000000000000000000000000000000400000000
+CT=E68EFD7FECF4D601EA22727BD764965B
+
+I=223
+KEY=0000000000000000000000000000000000000000000000000000000200000000
+CT=9065C64A8BFF44AC33EDBB611CF83D7B
+
+I=224
+KEY=0000000000000000000000000000000000000000000000000000000100000000
+CT=8F33C8DF2A7A51CE8090E8F123BC3723
+
+I=225
+KEY=0000000000000000000000000000000000000000000000000000000080000000
+CT=807F391FFBA8291BA625623210F99018
+
+I=226
+KEY=0000000000000000000000000000000000000000000000000000000040000000
+CT=5E8B3F3A701522CE5CAA761C929D6292
+
+I=227
+KEY=0000000000000000000000000000000000000000000000000000000020000000
+CT=3BA404DC38735A78289E3809E8364835
+
+I=228
+KEY=0000000000000000000000000000000000000000000000000000000010000000
+CT=D23BEDBAD229F8305DC425B6B759DCC9
+
+I=229
+KEY=0000000000000000000000000000000000000000000000000000000008000000
+CT=44880F21CF5913040AE376AEE2A10AD8
+
+I=230
+KEY=0000000000000000000000000000000000000000000000000000000004000000
+CT=9BC98E29D057C0E828C3B5CCE69256C1
+
+I=231
+KEY=0000000000000000000000000000000000000000000000000000000002000000
+CT=B293CC7A975DA141A68279368057CC41
+
+I=232
+KEY=0000000000000000000000000000000000000000000000000000000001000000
+CT=8D60FB87ACD91385B313BE5F1D7BD30F
+
+I=233
+KEY=0000000000000000000000000000000000000000000000000000000000800000
+CT=2C8E56132D70291B303C48FDF75543CD
+
+I=234
+KEY=0000000000000000000000000000000000000000000000000000000000400000
+CT=D1F80035B826791F6CE4E59B7DB1BB0D
+
+I=235
+KEY=0000000000000000000000000000000000000000000000000000000000200000
+CT=42CE6224FC36469339A133DD08173BD4
+
+I=236
+KEY=0000000000000000000000000000000000000000000000000000000000100000
+CT=61817155EA41BCBA2AF7F06AE7CBF585
+
+I=237
+KEY=0000000000000000000000000000000000000000000000000000000000080000
+CT=D1923A9866068D2EF5FB77D57C3315B6
+
+I=238
+KEY=0000000000000000000000000000000000000000000000000000000000040000
+CT=B37CBDB5D719F49691CA968EF2E84140
+
+I=239
+KEY=0000000000000000000000000000000000000000000000000000000000020000
+CT=EC974E653A055D7F8F22171030F68E1D
+
+I=240
+KEY=0000000000000000000000000000000000000000000000000000000000010000
+CT=DDE5D3B9AAD9C32213BB3675A822499C
+
+I=241
+KEY=0000000000000000000000000000000000000000000000000000000000008000
+CT=D3B6E9216EA1AE57EB1C628A3C38AB78
+
+I=242
+KEY=0000000000000000000000000000000000000000000000000000000000004000
+CT=82C99ECC69472B7E96324B042AE8B87A
+
+I=243
+KEY=0000000000000000000000000000000000000000000000000000000000002000
+CT=97144DC5338C43600F84439C0AA0D147
+
+I=244
+KEY=0000000000000000000000000000000000000000000000000000000000001000
+CT=400AC4A0BBADA1DB2121EB144C7E5209
+
+I=245
+KEY=0000000000000000000000000000000000000000000000000000000000000800
+CT=EFD9D550EB419ED278F4885A490AB54C
+
+I=246
+KEY=0000000000000000000000000000000000000000000000000000000000000400
+CT=2AB7816E149B7C0404C88A8857793670
+
+I=247
+KEY=0000000000000000000000000000000000000000000000000000000000000200
+CT=5B591DFF9E8DEE15BAD24C025DBCA481
+
+I=248
+KEY=0000000000000000000000000000000000000000000000000000000000000100
+CT=0C06633E30721C3749F49AD8CBF2B754
+
+I=249
+KEY=0000000000000000000000000000000000000000000000000000000000000080
+CT=96D6D31A41B5123B2035FD91A921D4CA
+
+I=250
+KEY=0000000000000000000000000000000000000000000000000000000000000040
+CT=E7F6C34D86668BC2805CA7793C5E86AD
+
+I=251
+KEY=0000000000000000000000000000000000000000000000000000000000000020
+CT=F46DFF5FF500D6879C4D3E45CF0CF0F3
+
+I=252
+KEY=0000000000000000000000000000000000000000000000000000000000000010
+CT=60D842D9C61DA7495C116197B7CECBBE
+
+I=253
+KEY=0000000000000000000000000000000000000000000000000000000000000008
+CT=D45B24EDB673353EBDF248B8FA06B67A
+
+I=254
+KEY=0000000000000000000000000000000000000000000000000000000000000004
+CT=119EAEBCC165D0BD02C0D35DC82EF992
+
+I=255
+KEY=0000000000000000000000000000000000000000000000000000000000000002
+CT=E673143680414ADA301D0ED34626B9FE
+
+I=256
+KEY=0000000000000000000000000000000000000000000000000000000000000001
+CT=6B6CFE160A6263631B292F879EEFF926
+
+==========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_vt.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_vt.txt
new file mode 100644
index 00000000..6dea60fc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/ecb_vt.txt
@@ -0,0 +1,1566 @@
+
+=========================
+
+FILENAME:  "ecb_vt.txt"
+
+Electronic Codebook (ECB) Mode
+Variable Text Known Answer Tests
+
+Algorithm Name: Rijndael
+Principal Submitter: Joan Daemen
+
+==========
+
+KEYSIZE=128
+
+KEY=00000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=3AD78E726C1EC02B7EBFE92B23D9EC34
+
+I=2
+PT=40000000000000000000000000000000
+CT=45BC707D29E8204D88DFBA2F0B0CAD9B
+
+I=3
+PT=20000000000000000000000000000000
+CT=161556838018F52805CDBD6202002E3F
+
+I=4
+PT=10000000000000000000000000000000
+CT=F5569B3AB6A6D11EFDE1BF0A64C6854A
+
+I=5
+PT=08000000000000000000000000000000
+CT=64E82B50E501FBD7DD4116921159B83E
+
+I=6
+PT=04000000000000000000000000000000
+CT=BAAC12FB613A7DE11450375C74034041
+
+I=7
+PT=02000000000000000000000000000000
+CT=BCF176A7EAAD8085EBACEA362462A281
+
+I=8
+PT=01000000000000000000000000000000
+CT=47711816E91D6FF059BBBF2BF58E0FD3
+
+I=9
+PT=00800000000000000000000000000000
+CT=B970DFBE40698AF1638FE38BD3DF3B2F
+
+I=10
+PT=00400000000000000000000000000000
+CT=F95B59A44F391E14CF20B74BDC32FCFF
+
+I=11
+PT=00200000000000000000000000000000
+CT=720F74AE04A2A435B9A7256E49378F5B
+
+I=12
+PT=00100000000000000000000000000000
+CT=2A0445F61D36BFA7E277070730CF76DA
+
+I=13
+PT=00080000000000000000000000000000
+CT=8D0536B997AEFEC1D94011BAB6699A03
+
+I=14
+PT=00040000000000000000000000000000
+CT=674F002E19F6ED47EFF319E51FAD4498
+
+I=15
+PT=00020000000000000000000000000000
+CT=292C02C5CB9163C80AC0F6CF1DD8E92D
+
+I=16
+PT=00010000000000000000000000000000
+CT=FA321CF18EF5FE727DD82A5C1E945141
+
+I=17
+PT=00008000000000000000000000000000
+CT=A5A7AFE1034C39CCCEBE3C584BC0BE05
+
+I=18
+PT=00004000000000000000000000000000
+CT=4FF5A52E697E77D081205DBDB21CEA39
+
+I=19
+PT=00002000000000000000000000000000
+CT=209E88DC94C9003000CE0769AF7B7166
+
+I=20
+PT=00001000000000000000000000000000
+CT=5DEE41AF864CB4B650E5F51551824D38
+
+I=21
+PT=00000800000000000000000000000000
+CT=A79A63FA7E4503AE6D6E09F5F9053030
+
+I=22
+PT=00000400000000000000000000000000
+CT=A48316749FAE7FAC7002031A6AFD8BA7
+
+I=23
+PT=00000200000000000000000000000000
+CT=D6EEE8A7357A0E1D64262CA9C337AC42
+
+I=24
+PT=00000100000000000000000000000000
+CT=B013CA8A62A858053E9FB667ED39829E
+
+I=25
+PT=00000080000000000000000000000000
+CT=DF6EA9E4538A45A52D5C1A43C88F4B55
+
+I=26
+PT=00000040000000000000000000000000
+CT=7D03BA451371591D3FD5547D9165C73B
+
+I=27
+PT=00000020000000000000000000000000
+CT=0E0426281A6277E186499D365D5F49FF
+
+I=28
+PT=00000010000000000000000000000000
+CT=DBC02169DD2059E6CC4C57C1FEDF5AB4
+
+I=29
+PT=00000008000000000000000000000000
+CT=826590E05D167DA6F00DCC75E22788EB
+
+I=30
+PT=00000004000000000000000000000000
+CT=34A73F21A04421D9786335FAAB49423A
+
+I=31
+PT=00000002000000000000000000000000
+CT=ED347D0E0128EE1A7392A1D36AB78AA9
+
+I=32
+PT=00000001000000000000000000000000
+CT=EE944B2FE6E9FC888042608DA9615F75
+
+I=33
+PT=00000000800000000000000000000000
+CT=9E7C85A909EF7218BA7947CFB4718F46
+
+I=34
+PT=00000000400000000000000000000000
+CT=811AE07A0B2B1F816587FA73699AE77D
+
+I=35
+PT=00000000200000000000000000000000
+CT=68466FBF43C2FE13D4B18F7EC5EA745F
+
+I=36
+PT=00000000100000000000000000000000
+CT=D20B015C7191B219780956E6101F9354
+
+I=37
+PT=00000000080000000000000000000000
+CT=5939D5C1BBF54EE1B3E326D757BDDE25
+
+I=38
+PT=00000000040000000000000000000000
+CT=B1FDAFE9A0240E8FFEA19CE94B5105D3
+
+I=39
+PT=00000000020000000000000000000000
+CT=D62962ECE02CDD68C06BDFEFB2F9495B
+
+I=40
+PT=00000000010000000000000000000000
+CT=B3BB2DE6F3C26587BA8BAC4F7AD9499A
+
+I=41
+PT=00000000008000000000000000000000
+CT=E0B1072D6D9FF703D6FBEF77852B0A6B
+
+I=42
+PT=00000000004000000000000000000000
+CT=D8DD51C907F478DE0228E83E61FD1758
+
+I=43
+PT=00000000002000000000000000000000
+CT=A42DFFE6E7C1671C06A25236FDD10017
+
+I=44
+PT=00000000001000000000000000000000
+CT=25ACF141550BFAB9EF451B6C6A5B2163
+
+I=45
+PT=00000000000800000000000000000000
+CT=4DA7FCA3949B16E821DBC84F19581018
+
+I=46
+PT=00000000000400000000000000000000
+CT=7D49B6347CBCC8919C7FA96A37A7A215
+
+I=47
+PT=00000000000200000000000000000000
+CT=900024B29A08C6721B95BA3B753DDB4D
+
+I=48
+PT=00000000000100000000000000000000
+CT=6D2182FB283B6934D90BA7848CAB5E66
+
+I=49
+PT=00000000000080000000000000000000
+CT=F73EF01B448D23A4D90DE8B2F9666E7A
+
+I=50
+PT=00000000000040000000000000000000
+CT=4AD9CDA2418643E9A3D926AF5E6B0412
+
+I=51
+PT=00000000000020000000000000000000
+CT=7CAEC8E7E5953997D545B033201C8C5B
+
+I=52
+PT=00000000000010000000000000000000
+CT=3C43CA1F6B6864503E27B48D88230CF5
+
+I=53
+PT=00000000000008000000000000000000
+CT=44F779B93108FE9FEEC880D79BA74488
+
+I=54
+PT=00000000000004000000000000000000
+CT=9E50E8D9CFD3A682A78E527C9072A1CF
+
+I=55
+PT=00000000000002000000000000000000
+CT=68D000CBC838BBE3C505D6F814C01F28
+
+I=56
+PT=00000000000001000000000000000000
+CT=2CB2A9FEC1ACD1D9B0FA05205E304F57
+
+I=57
+PT=00000000000000800000000000000000
+CT=01EB2806606E46444520A5CC6180CD4B
+
+I=58
+PT=00000000000000400000000000000000
+CT=DAA9B25168CC702326F217F1A0C0B162
+
+I=59
+PT=00000000000000200000000000000000
+CT=3E07E648975D9578D03555B1755807ED
+
+I=60
+PT=00000000000000100000000000000000
+CT=0B45F52E802C8B8DE09579425B80B711
+
+I=61
+PT=00000000000000080000000000000000
+CT=659595DA0B68F6DF0DD6CA77202986E1
+
+I=62
+PT=00000000000000040000000000000000
+CT=05FF42873893536E58C8FA98A45C73C4
+
+I=63
+PT=00000000000000020000000000000000
+CT=B5B03421DE8BBFFC4EADEC767339A9BD
+
+I=64
+PT=00000000000000010000000000000000
+CT=788BCD111ECF73D4E78D2E21BEF55460
+
+I=65
+PT=00000000000000008000000000000000
+CT=909CD9EC6790359F982DC6F2393D5315
+
+I=66
+PT=00000000000000004000000000000000
+CT=332950F361535FF24EFAC8C76293F12C
+
+I=67
+PT=00000000000000002000000000000000
+CT=A68CCD4E330FFDA9D576DA436DB53D75
+
+I=68
+PT=00000000000000001000000000000000
+CT=27C8A1CCFDB0B015D1ED5B3E77143791
+
+I=69
+PT=00000000000000000800000000000000
+CT=D76A4B95887A77DF610DD3E1D3B20325
+
+I=70
+PT=00000000000000000400000000000000
+CT=C068AB0DE71C66DAE83C361EF4B2D989
+
+I=71
+PT=00000000000000000200000000000000
+CT=C2120BCD49EDA9A288B3B4BE79AC8158
+
+I=72
+PT=00000000000000000100000000000000
+CT=0C546F62BF2773CD0F564FCECA7BA688
+
+I=73
+PT=00000000000000000080000000000000
+CT=18F3462BEDE4920213CCB66DAB1640AA
+
+I=74
+PT=00000000000000000040000000000000
+CT=FE42F245EDD0E24B216AEBD8B392D690
+
+I=75
+PT=00000000000000000020000000000000
+CT=3D3EEBC8D3D1558A194C2D00C337FF2B
+
+I=76
+PT=00000000000000000010000000000000
+CT=29AAEDF043E785DB42836F79BE6CBA28
+
+I=77
+PT=00000000000000000008000000000000
+CT=215F90C6744E2944358E78619159A611
+
+I=78
+PT=00000000000000000004000000000000
+CT=8606B1AA9E1D548E5442B06551E2C6DC
+
+I=79
+PT=00000000000000000002000000000000
+CT=987BB4B8740EC0EDE7FEA97DF033B5B1
+
+I=80
+PT=00000000000000000001000000000000
+CT=C0A3500DA5B0AE07D2F450930BEEDF1B
+
+I=81
+PT=00000000000000000000800000000000
+CT=525FDF8312FE8F32C781481A8DAAAE37
+
+I=82
+PT=00000000000000000000400000000000
+CT=BFD2C56AE5FB9C9DE33A6944572A6487
+
+I=83
+PT=00000000000000000000200000000000
+CT=7975A57A425CDF5AA1FA929101F650B0
+
+I=84
+PT=00000000000000000000100000000000
+CT=BF174BC49609A8709B2CD8366DAA79FE
+
+I=85
+PT=00000000000000000000080000000000
+CT=06C50C43222F56C874B1704E9F44BF7D
+
+I=86
+PT=00000000000000000000040000000000
+CT=0CEC48CD34043EA29CA3B8ED5278721E
+
+I=87
+PT=00000000000000000000020000000000
+CT=9548EA34A1560197B304D0ACB8A1698D
+
+I=88
+PT=00000000000000000000010000000000
+CT=22F9E9B1BD73B6B5B7D3062C986272F3
+
+I=89
+PT=00000000000000000000008000000000
+CT=FEE8E934BD0873295059002230E298D4
+
+I=90
+PT=00000000000000000000004000000000
+CT=1B08E2E3EB820D139CB4ABBDBE81D00D
+
+I=91
+PT=00000000000000000000002000000000
+CT=0021177681E4D90CEAF69DCED0145125
+
+I=92
+PT=00000000000000000000001000000000
+CT=4A8E314452CA8A8A3619FC54BC423643
+
+I=93
+PT=00000000000000000000000800000000
+CT=65047474F7222C94C6965425FF1BFD0A
+
+I=94
+PT=00000000000000000000000400000000
+CT=E123F551A9C4A8489622B16F961A9AA4
+
+I=95
+PT=00000000000000000000000200000000
+CT=EF05530948B80915028BB2B6FE429380
+
+I=96
+PT=00000000000000000000000100000000
+CT=72535B7FE0F0F777CEDCD55CD77E2DDF
+
+I=97
+PT=00000000000000000000000080000000
+CT=3423D8EFC31FA2F4C365C77D8F3B5C63
+
+I=98
+PT=00000000000000000000000040000000
+CT=DE0E51C264663F3C5DBC59580A98D8E4
+
+I=99
+PT=00000000000000000000000020000000
+CT=B2D9391166680947AB09264156719679
+
+I=100
+PT=00000000000000000000000010000000
+CT=10DB79F23B06D263835C424AF749ADB7
+
+I=101
+PT=00000000000000000000000008000000
+CT=DDF72D27E6B01EC107EA3E005B59563B
+
+I=102
+PT=00000000000000000000000004000000
+CT=8266B57485A5954A4236751DE07F6694
+
+I=103
+PT=00000000000000000000000002000000
+CT=669A501E1F1ADE6E5523DE01D6DBC987
+
+I=104
+PT=00000000000000000000000001000000
+CT=C20C48F2989725D461D1DB589DC0896E
+
+I=105
+PT=00000000000000000000000000800000
+CT=DE35158E7810ED1191825D2AA98FA97D
+
+I=106
+PT=00000000000000000000000000400000
+CT=4FE294F2C0F34D0671B693A237EBDDC8
+
+I=107
+PT=00000000000000000000000000200000
+CT=087AE74B10CCBFDF6739FEB9559C01A4
+
+I=108
+PT=00000000000000000000000000100000
+CT=5DC278970B7DEF77A5536C77AB59C207
+
+I=109
+PT=00000000000000000000000000080000
+CT=7607F078C77085184EAA9B060C1FBFFF
+
+I=110
+PT=00000000000000000000000000040000
+CT=9DB841531BCBE7998DAD19993FB3CC00
+
+I=111
+PT=00000000000000000000000000020000
+CT=D6A089B654854A94560BAE13298835B8
+
+I=112
+PT=00000000000000000000000000010000
+CT=E1E223C4CF90CC5D195B370D65114622
+
+I=113
+PT=00000000000000000000000000008000
+CT=1CBED73C50D053BDAD372CEEE54836A1
+
+I=114
+PT=00000000000000000000000000004000
+CT=D309E69376D257ADF2BFDA152B26555F
+
+I=115
+PT=00000000000000000000000000002000
+CT=740F7649117F0DEE6EAA7789A9994C36
+
+I=116
+PT=00000000000000000000000000001000
+CT=76AE64417C297184D668C5FD908B3CE5
+
+I=117
+PT=00000000000000000000000000000800
+CT=6095FEA4AA8035591F1787A819C48787
+
+I=118
+PT=00000000000000000000000000000400
+CT=D1FF4E7ACD1C79967FEBAB0F7465D450
+
+I=119
+PT=00000000000000000000000000000200
+CT=5F5AD3C42B9489557BB63BF49ECF5F8A
+
+I=120
+PT=00000000000000000000000000000100
+CT=FB56CC09B680B1D07C5A52149E29F07C
+
+I=121
+PT=00000000000000000000000000000080
+CT=FF49B8DF4A97CBE03833E66197620DAD
+
+I=122
+PT=00000000000000000000000000000040
+CT=5E070ADE533D2E090ED0F5BE13BC0983
+
+I=123
+PT=00000000000000000000000000000020
+CT=3AB4FB1D2B7BA376590A2C241D1F508D
+
+I=124
+PT=00000000000000000000000000000010
+CT=58B2431BC0BEDE02550F40238969EC78
+
+I=125
+PT=00000000000000000000000000000008
+CT=0253786E126504F0DAB90C48A30321DE
+
+I=126
+PT=00000000000000000000000000000004
+CT=200211214E7394DA2089B6ACD093ABE0
+
+I=127
+PT=00000000000000000000000000000002
+CT=0388DACE60B6A392F328C2B971B2FE78
+
+I=128
+PT=00000000000000000000000000000001
+CT=58E2FCCEFA7E3061367F1D57A4E7455A
+
+==========
+
+KEYSIZE=192
+
+KEY=000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=6CD02513E8D4DC986B4AFE087A60BD0C
+
+I=2
+PT=40000000000000000000000000000000
+CT=423D2772A0CA56DAABB48D2129062987
+
+I=3
+PT=20000000000000000000000000000000
+CT=1021F2A8DA70EB2219DC16804445FF98
+
+I=4
+PT=10000000000000000000000000000000
+CT=C636E35B402577F96974D8804295EBB8
+
+I=5
+PT=08000000000000000000000000000000
+CT=1566D2E57E8393C19E29F892EA28A9A7
+
+I=6
+PT=04000000000000000000000000000000
+CT=883C878FED70B36CC09D040F9619DD19
+
+I=7
+PT=02000000000000000000000000000000
+CT=06734593A974965790E715594FC34AA9
+
+I=8
+PT=01000000000000000000000000000000
+CT=F19B389948D9A45534E5BD36C984134A
+
+I=9
+PT=00800000000000000000000000000000
+CT=D8410DFC14FA6D175EC968EA8CAC514C
+
+I=10
+PT=00400000000000000000000000000000
+CT=7E6C6EBB4029A177CF7B2FDD9AC6BB7A
+
+I=11
+PT=00200000000000000000000000000000
+CT=4B51DD4850DC0A6C3A46D924003D2C27
+
+I=12
+PT=00100000000000000000000000000000
+CT=2E510A9D917B15BE32A192B12A668F23
+
+I=13
+PT=00080000000000000000000000000000
+CT=88F6F79962B0FB77FEA8E7C632D3108E
+
+I=14
+PT=00040000000000000000000000000000
+CT=A3A35AB1D88DAF07B52794A0F065383A
+
+I=15
+PT=00020000000000000000000000000000
+CT=DC6CC878433E2B3BB193049A4ECBFC53
+
+I=16
+PT=00010000000000000000000000000000
+CT=EFCD3763EB7B1A415938248A9A5B4FD5
+
+I=17
+PT=00008000000000000000000000000000
+CT=AB7E9FB9A66DBE5BB44854F07D9015EE
+
+I=18
+PT=00004000000000000000000000000000
+CT=8B8E9D3365F8F6743ECF7E33E99255A4
+
+I=19
+PT=00002000000000000000000000000000
+CT=54D37B4F176FF3D8F6AFC866066D8572
+
+I=20
+PT=00001000000000000000000000000000
+CT=E83310889480FBF3C00342E3126D0D02
+
+I=21
+PT=00000800000000000000000000000000
+CT=D321AB2511F92F098174AA2DE6E85DA2
+
+I=22
+PT=00000400000000000000000000000000
+CT=D8E3F40B1112D5149D58C481DFA9983F
+
+I=23
+PT=00000200000000000000000000000000
+CT=2454C4E0806639DDF19854D6C68054AD
+
+I=24
+PT=00000100000000000000000000000000
+CT=A5506D410F7CA32F3955DD79D9D09418
+
+I=25
+PT=00000080000000000000000000000000
+CT=7908EE40677699568A7DC1AA317C7E4E
+
+I=26
+PT=00000040000000000000000000000000
+CT=B4B7B29DD43B2F5CF765E25192273982
+
+I=27
+PT=00000020000000000000000000000000
+CT=92AFE9668159BEFFE2A86F8503260164
+
+I=28
+PT=00000010000000000000000000000000
+CT=5C36A232FBA6D187A84657AD4028B18F
+
+I=29
+PT=00000008000000000000000000000000
+CT=A2E994DFAB3A798DF8F54F6DA87E58E2
+
+I=30
+PT=00000004000000000000000000000000
+CT=6CDAB10A72ADF77D71D0765BAAE95631
+
+I=31
+PT=00000002000000000000000000000000
+CT=9FE3C801BCAAF7BB800F2E6BF3278E21
+
+I=32
+PT=00000001000000000000000000000000
+CT=B459D90D9A6C392E5493BC91CF5A0863
+
+I=33
+PT=00000000800000000000000000000000
+CT=0518A9FA5007F6787E0FB4E5AC27D758
+
+I=34
+PT=00000000400000000000000000000000
+CT=BED9795415D28599700ED7952384A963
+
+I=35
+PT=00000000200000000000000000000000
+CT=F0140421173D60251EF6CAB0229B1B50
+
+I=36
+PT=00000000100000000000000000000000
+CT=460EB4652B3F6779EA28CB11B37529ED
+
+I=37
+PT=00000000080000000000000000000000
+CT=C4283D351C960A6AC13CD19CCF03AE38
+
+I=38
+PT=00000000040000000000000000000000
+CT=6815A10047B2C834A798EBDCC6786C75
+
+I=39
+PT=00000000020000000000000000000000
+CT=99BA19F0CDD5990D0386B32CE56C9C4C
+
+I=40
+PT=00000000010000000000000000000000
+CT=DE76F62C61E07915162DA13E79679DEC
+
+I=41
+PT=00000000008000000000000000000000
+CT=DD0325D6854803D06D1D2277D5FB8D67
+
+I=42
+PT=00000000004000000000000000000000
+CT=580B71A41DE37D6FAC83CCB0B3BB1C97
+
+I=43
+PT=00000000002000000000000000000000
+CT=E9B1AB470A1B02EF0FF5E6754A092C96
+
+I=44
+PT=00000000001000000000000000000000
+CT=8590620F5AF5993B7410282F4126BC1F
+
+I=45
+PT=00000000000800000000000000000000
+CT=8D4914D2F1B22B2E268E66E532D29D7C
+
+I=46
+PT=00000000000400000000000000000000
+CT=FD826CE48E62C5E30867044B86BA4B56
+
+I=47
+PT=00000000000200000000000000000000
+CT=100E7B831C9F35FA1271F5F1316C6FCF
+
+I=48
+PT=00000000000100000000000000000000
+CT=0A2DD0C17F68B996AA96C007003D0B31
+
+I=49
+PT=00000000000080000000000000000000
+CT=C95F68C57E06B0A2E1F623C83C5D80BF
+
+I=50
+PT=00000000000040000000000000000000
+CT=571CAFC92C7C8A5EC54C0741E186905C
+
+I=51
+PT=00000000000020000000000000000000
+CT=22514353E95312C112255E1EED0B2DF6
+
+I=52
+PT=00000000000010000000000000000000
+CT=791A8BF462BD17580BD9152C6D11C6C5
+
+I=53
+PT=00000000000008000000000000000000
+CT=5882A0178D548F84A165DB809C60DC28
+
+I=54
+PT=00000000000004000000000000000000
+CT=3CE4A90EED4458CA6039E42DDADB71C3
+
+I=55
+PT=00000000000002000000000000000000
+CT=D3CBAB261207A16BE2751E77044FD7C9
+
+I=56
+PT=00000000000001000000000000000000
+CT=24E32B698A7B32217093628B01F424AB
+
+I=57
+PT=00000000000000800000000000000000
+CT=9F6AFC0AF27CF565110C77E3C24F4F5B
+
+I=58
+PT=00000000000000400000000000000000
+CT=E088AA5CDA20EF267BB039B00C72C45B
+
+I=59
+PT=00000000000000200000000000000000
+CT=5CF1018B7E0BA1775601C2E279900360
+
+I=60
+PT=00000000000000100000000000000000
+CT=3B1A7388B89FB9416AD8753CF5AF35D2
+
+I=61
+PT=00000000000000080000000000000000
+CT=137FA4ED00AFCD9F5D8BC0D14BD5837A
+
+I=62
+PT=00000000000000040000000000000000
+CT=806F5C9B663559BB56F234881E4A3E60
+
+I=63
+PT=00000000000000020000000000000000
+CT=8069A449152292DF2DE8642992C632B6
+
+I=64
+PT=00000000000000010000000000000000
+CT=37C6CF2A1ABD1B1F1922B46C7B4A280D
+
+I=65
+PT=00000000000000008000000000000000
+CT=7A2835260E5A0AA2B5DC301800EC8438
+
+I=66
+PT=00000000000000004000000000000000
+CT=EE81FAF2F9058213FFCACF281CB8509E
+
+I=67
+PT=00000000000000002000000000000000
+CT=57F22D93C37129BA331FDBA38E005A1E
+
+I=68
+PT=00000000000000001000000000000000
+CT=EC798782E87B7D9F780CC3C3A46519B5
+
+I=69
+PT=00000000000000000800000000000000
+CT=43EA28497F5D40E3A4744FA2EDAA42DE
+
+I=70
+PT=00000000000000000400000000000000
+CT=91F004E7DEBF41B3414DD8C5C317372C
+
+I=71
+PT=00000000000000000200000000000000
+CT=C249EAE54E7B4DF43B938C1B4CC28314
+
+I=72
+PT=00000000000000000100000000000000
+CT=32C289D7EEFB99D2F17AD7B7D45FE1EC
+
+I=73
+PT=00000000000000000080000000000000
+CT=A675FB2E8DDBF810CEF01CF2B728CD2B
+
+I=74
+PT=00000000000000000040000000000000
+CT=A418AAAB6E6921CC731AA8A349386080
+
+I=75
+PT=00000000000000000020000000000000
+CT=2E2B0F44863E67D9B0215C4ABD60417F
+
+I=76
+PT=00000000000000000010000000000000
+CT=F0AF7CB19E911D481F6426DAEFDD2240
+
+I=77
+PT=00000000000000000008000000000000
+CT=CB1304DAAA2DF6878F56AC2E0F887E04
+
+I=78
+PT=00000000000000000004000000000000
+CT=B1B70A7E6A0CD1916D9B78BEA19084AE
+
+I=79
+PT=00000000000000000002000000000000
+CT=0CDE9F9BE646A5FCE3436B794A9CFC65
+
+I=80
+PT=00000000000000000001000000000000
+CT=68C7946D476A0A36674B36AFD7E5DF33
+
+I=81
+PT=00000000000000000000800000000000
+CT=48770159A07DD8DFFF06C80105F8D57C
+
+I=82
+PT=00000000000000000000400000000000
+CT=665E62801B3260E3C45BD3BE34DFDEBE
+
+I=83
+PT=00000000000000000000200000000000
+CT=4159C1F686BFBE5B0E50BDB0DA532B69
+
+I=84
+PT=00000000000000000000100000000000
+CT=6333100A5A4AD917DC2D4E78A04869A3
+
+I=85
+PT=00000000000000000000080000000000
+CT=866A4519AB1D199F25886B89D0539ACC
+
+I=86
+PT=00000000000000000000040000000000
+CT=EC0CFD37E4CBC7E8BE385283F7AEA75A
+
+I=87
+PT=00000000000000000000020000000000
+CT=CA2F383AACCA0810AA13F3E710621422
+
+I=88
+PT=00000000000000000000010000000000
+CT=1D0EEF6870444F950937831EC0A55D98
+
+I=89
+PT=00000000000000000000008000000000
+CT=37839B35ED6801E7670496D479A95017
+
+I=90
+PT=00000000000000000000004000000000
+CT=02317C8C7098C4F94AB867AC7A49DD8D
+
+I=91
+PT=00000000000000000000002000000000
+CT=FFB4CB4E3F7F8BF3367EBD43236518B4
+
+I=92
+PT=00000000000000000000001000000000
+CT=36BEDEF1E4AA3E4A40A305741713FCBF
+
+I=93
+PT=00000000000000000000000800000000
+CT=B2DFE3C4870269C1E3FEEC39161540D9
+
+I=94
+PT=00000000000000000000000400000000
+CT=147EF2518AD45DA0026056ECBF6A3DFA
+
+I=95
+PT=00000000000000000000000200000000
+CT=027A75E4DE635790E47ACE90D7928804
+
+I=96
+PT=00000000000000000000000100000000
+CT=C4CF3CCB59BF87D0AFBD629F48CFBB7B
+
+I=97
+PT=00000000000000000000000080000000
+CT=35165C93F564C97E1C32EF97E8151A87
+
+I=98
+PT=00000000000000000000000040000000
+CT=449DE37F7D5A1BBD628ABBE7E061701D
+
+I=99
+PT=00000000000000000000000020000000
+CT=B1D45EAF218F1799B149BAD677FE129F
+
+I=100
+PT=00000000000000000000000010000000
+CT=BE08AC6DB6BD0583AA9D2ABC71C73DCD
+
+I=101
+PT=00000000000000000000000008000000
+CT=BCC835BD3DF1A79E4C7C145B899A5C25
+
+I=102
+PT=00000000000000000000000004000000
+CT=3D311EA611FF5AF371301C58A8E9912D
+
+I=103
+PT=00000000000000000000000002000000
+CT=A5A1BEA594ACC7CA80F09EA5ADDB5C71
+
+I=104
+PT=00000000000000000000000001000000
+CT=0F09492429FE7222D6CD8190D9F2FFBF
+
+I=105
+PT=00000000000000000000000000800000
+CT=816D2220A16B8AAEE71364FD43636C6F
+
+I=106
+PT=00000000000000000000000000400000
+CT=D7E8702408419ED73191B107EAF75A0B
+
+I=107
+PT=00000000000000000000000000200000
+CT=9B170EFB1E235B433C78E276BEA082F0
+
+I=108
+PT=00000000000000000000000000100000
+CT=03BBECC5598AE974430F29395522F096
+
+I=109
+PT=00000000000000000000000000080000
+CT=DB53517766C0E8CF42059607CBA89380
+
+I=110
+PT=00000000000000000000000000040000
+CT=2E2AF4B7931F0AEFFAC5471148A5BB97
+
+I=111
+PT=00000000000000000000000000020000
+CT=C872C0408266403B984F635FF5683DE4
+
+I=112
+PT=00000000000000000000000000010000
+CT=15DCF750B0E3A68AD1F4EFD07E8967B4
+
+I=113
+PT=00000000000000000000000000008000
+CT=B41092048E9E6A749F6FD8CE515A23A3
+
+I=114
+PT=00000000000000000000000000004000
+CT=4DA9267D62507994312BD5C99ADDE730
+
+I=115
+PT=00000000000000000000000000002000
+CT=9E2FCA6D1D626E9C6A924EBF7DBF618A
+
+I=116
+PT=00000000000000000000000000001000
+CT=E092E8D7EF2C2465AEFB2493C3063590
+
+I=117
+PT=00000000000000000000000000000800
+CT=1C0E58DA37D1068378A88DBE2EDE4E10
+
+I=118
+PT=00000000000000000000000000000400
+CT=19063F854232B8509A6A3A6D46809959
+
+I=119
+PT=00000000000000000000000000000200
+CT=447FB09E54EFA285F7530F25C4EA0022
+
+I=120
+PT=00000000000000000000000000000100
+CT=F6ABE86321BE40E1FBFDAFED37CC1D9B
+
+I=121
+PT=00000000000000000000000000000080
+CT=4E8506CD006666341D6CF51F98B41F35
+
+I=122
+PT=00000000000000000000000000000040
+CT=53995DE0009CA18BECAFB8307C54C14C
+
+I=123
+PT=00000000000000000000000000000020
+CT=2006BF99F4C58B6CC2627856593FAEEA
+
+I=124
+PT=00000000000000000000000000000010
+CT=2DA697D2737CB30B744A4644FA1CBC6E
+
+I=125
+PT=00000000000000000000000000000008
+CT=47A22ACDB60C3A986A8F76ECD0EA3433
+
+I=126
+PT=00000000000000000000000000000004
+CT=FDAA17C2CDE20268FE36E164EA532151
+
+I=127
+PT=00000000000000000000000000000002
+CT=98E7247C07F0FE411C267E4384B0F600
+
+I=128
+PT=00000000000000000000000000000001
+CT=CD33B28AC773F74BA00ED1F312572435
+
+==========
+
+KEYSIZE=256
+
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=DDC6BF790C15760D8D9AEB6F9A75FD4E
+
+I=2
+PT=40000000000000000000000000000000
+CT=C7098C217C334D0C9BDF37EA13B0822C
+
+I=3
+PT=20000000000000000000000000000000
+CT=60F0FB0D4C56A8D4EEFEC5264204042D
+
+I=4
+PT=10000000000000000000000000000000
+CT=73376FBBF654D0686E0E84001477106B
+
+I=5
+PT=08000000000000000000000000000000
+CT=2F443B52BA5F0C6EA0602C7C4FD259B6
+
+I=6
+PT=04000000000000000000000000000000
+CT=75D11B0E3A68C4223D88DBF017977DD7
+
+I=7
+PT=02000000000000000000000000000000
+CT=779B38D15BFFB63D8D609D551A5CC98E
+
+I=8
+PT=01000000000000000000000000000000
+CT=5275F3D86B4FB8684593133EBFA53CD3
+
+I=9
+PT=00800000000000000000000000000000
+CT=1CEF2074B336CEC62F12DEA2F6AB1481
+
+I=10
+PT=00400000000000000000000000000000
+CT=1AEF5ABBAD9D7160874578DCD8BAE172
+
+I=11
+PT=00200000000000000000000000000000
+CT=46C525DB17E72F26BF03216846B6F609
+
+I=12
+PT=00100000000000000000000000000000
+CT=E24411F941BBE08788781E3EC52CBAA4
+
+I=13
+PT=00080000000000000000000000000000
+CT=83A3DEDD1DD27018F6A6477E40527581
+
+I=14
+PT=00040000000000000000000000000000
+CT=B68F8A2CDBAB0C923C67FC8F0F1087DE
+
+I=15
+PT=00020000000000000000000000000000
+CT=649944A70C32BF87A7409E7AE128FDE8
+
+I=16
+PT=00010000000000000000000000000000
+CT=2846526D67387539C89314DE9E0C2D02
+
+I=17
+PT=00008000000000000000000000000000
+CT=A9A0B8402E53C70DD1688054BA58DDFD
+
+I=18
+PT=00004000000000000000000000000000
+CT=4A72E6E1B79C83AC4BE3EBA5699EED48
+
+I=19
+PT=00002000000000000000000000000000
+CT=B0E36B867BA4FF2B77D0614B0E364E4C
+
+I=20
+PT=00001000000000000000000000000000
+CT=49B57DE141F6418E3090F24DDD4014B6
+
+I=21
+PT=00000800000000000000000000000000
+CT=A6C0D5B9797258E1987AC5F6CD20146D
+
+I=22
+PT=00000400000000000000000000000000
+CT=426CF4BDCAA369175965D26E7C71EEA2
+
+I=23
+PT=00000200000000000000000000000000
+CT=E27F484CE54BC99BC1A52BDA3B518A26
+
+I=24
+PT=00000100000000000000000000000000
+CT=D16D186284C7E6EE64B8104E0EF20BA5
+
+I=25
+PT=00000080000000000000000000000000
+CT=6431F8538AD54E1E044A9F71F8EF556B
+
+I=26
+PT=00000040000000000000000000000000
+CT=ECD57CEB451D27EB96C55B2042257E8E
+
+I=27
+PT=00000020000000000000000000000000
+CT=4F0F188DC911B1954AFBC734C9F68872
+
+I=28
+PT=00000010000000000000000000000000
+CT=B54DEF0337626B65614E81EDFDE620F3
+
+I=29
+PT=00000008000000000000000000000000
+CT=6655D8074CAE0B90B0D3A3FE72D4D9DB
+
+I=30
+PT=00000004000000000000000000000000
+CT=C6B74B6B9EB4FC0C9A237DB1B616D09A
+
+I=31
+PT=00000002000000000000000000000000
+CT=D7B5D076EA56EC2B20791D7AD51CCF8F
+
+I=32
+PT=00000001000000000000000000000000
+CT=FE160C224BF003CE3BDDC90CB52ED22C
+
+I=33
+PT=00000000800000000000000000000000
+CT=5E00DA9BA94B5EC0D258D8A8002E0F6A
+
+I=34
+PT=00000000400000000000000000000000
+CT=09AC6DCFF4DACFF1651E2BA212A292A3
+
+I=35
+PT=00000000200000000000000000000000
+CT=B283617E318D99AF83A05D9810BA89F7
+
+I=36
+PT=00000000100000000000000000000000
+CT=0B5F70CCB40B0EF2538AE9B4A9770B35
+
+I=37
+PT=00000000080000000000000000000000
+CT=43282BF180248FB517839B37F4DDAAE4
+
+I=38
+PT=00000000040000000000000000000000
+CT=DDBD534C8B2E6D30A268F88C55AD765B
+
+I=39
+PT=00000000020000000000000000000000
+CT=A41A164E50EC2D9F175E752B755E0B5C
+
+I=40
+PT=00000000010000000000000000000000
+CT=37BFF99FF2F7AA97779E4ADF6F13FB10
+
+I=41
+PT=00000000008000000000000000000000
+CT=9BA4F7BD298152903A683C4CEC669216
+
+I=42
+PT=00000000004000000000000000000000
+CT=5FB750C7CE10DE7B4504248914D0DA06
+
+I=43
+PT=00000000002000000000000000000000
+CT=3E748BFA108E086F51D56EC74A9E0FB9
+
+I=44
+PT=00000000001000000000000000000000
+CT=31D4E56B99F5B73C1B8437DF332AFB98
+
+I=45
+PT=00000000000800000000000000000000
+CT=9DC6717B84FC55D266E7B1D9B5C52A5F
+
+I=46
+PT=00000000000400000000000000000000
+CT=8EF8BA007F23C0A50FC120E07041BCCD
+
+I=47
+PT=00000000000200000000000000000000
+CT=C58F38E1839FC1918A12B8C9E88C66B6
+
+I=48
+PT=00000000000100000000000000000000
+CT=B695D72A3FCF508C4050E12E40061C2D
+
+I=49
+PT=00000000000080000000000000000000
+CT=5D2736AD478A50583BC8C11BEFF16D7A
+
+I=50
+PT=00000000000040000000000000000000
+CT=DF0EACA8F17847AD41F9578F14C7B56B
+
+I=51
+PT=00000000000020000000000000000000
+CT=E5AA14AD48AD0A3C47CC35D5F8020E51
+
+I=52
+PT=00000000000010000000000000000000
+CT=11BE6C8F58EBD8CEF1A53F591A68E8CE
+
+I=53
+PT=00000000000008000000000000000000
+CT=ECFE7BAFCBF42C1FEE015488770B3053
+
+I=54
+PT=00000000000004000000000000000000
+CT=E552649F8D8EC4A1E1CD6DF50B6E6777
+
+I=55
+PT=00000000000002000000000000000000
+CT=521C0629DE93B9119CDB1DDC5809DDEA
+
+I=56
+PT=00000000000001000000000000000000
+CT=CB38A62A0BAB1784156BA038CBA99BF6
+
+I=57
+PT=00000000000000800000000000000000
+CT=76CCEE8AAACD394DE1EEF3DDA10CB54B
+
+I=58
+PT=00000000000000400000000000000000
+CT=6AFF910FA1D5673140E2DB59B8416049
+
+I=59
+PT=00000000000000200000000000000000
+CT=064A12C0EF73FB386801BF4F35F3120D
+
+I=60
+PT=00000000000000100000000000000000
+CT=2240E374929D5B1BB8FF0FFDDDF640EC
+
+I=61
+PT=00000000000000080000000000000000
+CT=D4BA15C904C7692185DE85C02052E180
+
+I=62
+PT=00000000000000040000000000000000
+CT=1714A315AB0166728A44CD91D4AE9018
+
+I=63
+PT=00000000000000020000000000000000
+CT=6C970BDD9F0E222722EA31A1D12DD0AD
+
+I=64
+PT=00000000000000010000000000000000
+CT=F5956EDF02BD36A401BBB6CE77C3D3FB
+
+I=65
+PT=00000000000000008000000000000000
+CT=0CA11F122CCD7C259DC597EED3DF9BC4
+
+I=66
+PT=00000000000000004000000000000000
+CT=50109AB4912AD2560B206F331B62EB6C
+
+I=67
+PT=00000000000000002000000000000000
+CT=DBE7C91A4175614889A2D4BEFD64845E
+
+I=68
+PT=00000000000000001000000000000000
+CT=0D3322853A571A6B46B79C0228E0DD25
+
+I=69
+PT=00000000000000000800000000000000
+CT=96E4EE0BB9A11C6FB8522F285BADDEB6
+
+I=70
+PT=00000000000000000400000000000000
+CT=96705C52D2CFCE82E630C93477C79C49
+
+I=71
+PT=00000000000000000200000000000000
+CT=C50130AED6A126149D71F3888C83C232
+
+I=72
+PT=00000000000000000100000000000000
+CT=4816EFE3DEB380566EBA0C17BF582090
+
+I=73
+PT=00000000000000000080000000000000
+CT=0390857B4C8C98E4CF7A2B6F3394C507
+
+I=74
+PT=00000000000000000040000000000000
+CT=422E73A02025EBE8B8B5D6E0FA24FCB2
+
+I=75
+PT=00000000000000000020000000000000
+CT=3271AA7F4BF1D7C38050A43076D4FF76
+
+I=76
+PT=00000000000000000010000000000000
+CT=D2074946F0D37B8975607BFC2E70234C
+
+I=77
+PT=00000000000000000008000000000000
+CT=1A509194C1270AB92E5A42D3A9F8D98B
+
+I=78
+PT=00000000000000000004000000000000
+CT=512438946360CCC4A5C6D73F6EED7130
+
+I=79
+PT=00000000000000000002000000000000
+CT=98CFCDEC46EBEA1A286B3004F2746A0D
+
+I=80
+PT=00000000000000000001000000000000
+CT=A1CF369949677A3AF3D58E3EABF2741B
+
+I=81
+PT=00000000000000000000800000000000
+CT=D84C2E1A0E4A52166FA8FF6889D1E5E2
+
+I=82
+PT=00000000000000000000400000000000
+CT=4AD91CCEEF60119B5078FD162D2735DE
+
+I=83
+PT=00000000000000000000200000000000
+CT=2860793D818E97AAFF1D339D7702438D
+
+I=84
+PT=00000000000000000000100000000000
+CT=6F9068BE73364AE250D89D78A6C9CE6F
+
+I=85
+PT=00000000000000000000080000000000
+CT=024FC3FEF4883FEB1A8DD005305FECCE
+
+I=86
+PT=00000000000000000000040000000000
+CT=08A61FE0816D75EA15EB3C9FB9CCDED6
+
+I=87
+PT=00000000000000000000020000000000
+CT=449C86DFA13F260175CE39797686FFA4
+
+I=88
+PT=00000000000000000000010000000000
+CT=4FFFFC29A59858E1133F2BFB1A8A4817
+
+I=89
+PT=00000000000000000000008000000000
+CT=19425D1F6480B25096561295697DC2B7
+
+I=90
+PT=00000000000000000000004000000000
+CT=31974727ECDD2C77C3A428FC3A8CB3FC
+
+I=91
+PT=00000000000000000000002000000000
+CT=A57CD704B3C95E744D08DF443458F2F5
+
+I=92
+PT=00000000000000000000001000000000
+CT=486D8C193DB1ED73ACB17990442FC40B
+
+I=93
+PT=00000000000000000000000800000000
+CT=5E4DBF4E83AB3BC055B9FCC7A6B3A763
+
+I=94
+PT=00000000000000000000000400000000
+CT=ACF2E0A693FBBCBA4D41B861E0D89E37
+
+I=95
+PT=00000000000000000000000200000000
+CT=32A7CB2AE066A51D2B78FC4B4CFCB608
+
+I=96
+PT=00000000000000000000000100000000
+CT=677D494DBB73CAF55C1990158DA12F14
+
+I=97
+PT=00000000000000000000000080000000
+CT=082A0D2367512ADF0D75A151BFBE0A17
+
+I=98
+PT=00000000000000000000000040000000
+CT=5E5BB7337923C482CE8CBA249E6A8C7D
+
+I=99
+PT=00000000000000000000000020000000
+CT=D3001BA7C7026EE3E5003179530AFCFC
+
+I=100
+PT=00000000000000000000000010000000
+CT=46EC44F8931E629FE8FD8961312EDDE1
+
+I=101
+PT=00000000000000000000000008000000
+CT=C5F8ECD79C7B30E81D17E32079969310
+
+I=102
+PT=00000000000000000000000004000000
+CT=5B8AD6919E24CAEBCC55401AEE0C9802
+
+I=103
+PT=00000000000000000000000002000000
+CT=C2302B7E701B5CC7F8B29E3516DBBFA6
+
+I=104
+PT=00000000000000000000000001000000
+CT=A1D04D6A76F9F7A94D49FAA64A87F244
+
+I=105
+PT=00000000000000000000000000800000
+CT=7FB6F92D35B5CB6C631600EDB9E860BA
+
+I=106
+PT=00000000000000000000000000400000
+CT=B2EF7078BCFACE07AEEC3F9B48830EB3
+
+I=107
+PT=00000000000000000000000000200000
+CT=F475A7493D24C7036E53390374C378B3
+
+I=108
+PT=00000000000000000000000000100000
+CT=B36802AC987377A37BD8EADC97C57D60
+
+I=109
+PT=00000000000000000000000000080000
+CT=ADDCD3D19689C4DDC738CE5F69DC9505
+
+I=110
+PT=00000000000000000000000000040000
+CT=0DAF8CA22884915403C0F0BB1F4BD74F
+
+I=111
+PT=00000000000000000000000000020000
+CT=4AF36BAE2660503B3248E4685059FD05
+
+I=112
+PT=00000000000000000000000000010000
+CT=7D5631814DD8E917D97A0D514C743971
+
+I=113
+PT=00000000000000000000000000008000
+CT=BC3352500FC0CBB9DB5B5F6B491C1BE8
+
+I=114
+PT=00000000000000000000000000004000
+CT=6A4A30BA87E87AF65C90AEB7AFEDC76B
+
+I=115
+PT=00000000000000000000000000002000
+CT=77E6125897668AC8E73E8C79A6FF8336
+
+I=116
+PT=00000000000000000000000000001000
+CT=3FA9D39104EBB323C7AAAA248960DD1E
+
+I=117
+PT=00000000000000000000000000000800
+CT=FAD75AD76AB10ADC49036B250E229D39
+
+I=118
+PT=00000000000000000000000000000400
+CT=2FACAA5FE35B228A16AC74088D702EC4
+
+I=119
+PT=00000000000000000000000000000200
+CT=88B6CBCFDFEF8AD91720A1BB69A1F33E
+
+I=120
+PT=00000000000000000000000000000100
+CT=C7E9D250998632D444356242EF04058D
+
+I=121
+PT=00000000000000000000000000000080
+CT=B14DAD8D3D9153F46C0D3A1AD63C7A05
+
+I=122
+PT=00000000000000000000000000000040
+CT=60ABA678A506608D0845966D29B5F790
+
+I=123
+PT=00000000000000000000000000000020
+CT=482DC43F2388EF25D24144E144BD834E
+
+I=124
+PT=00000000000000000000000000000010
+CT=1490A05A7CEE43BDE98B56E309DC0126
+
+I=125
+PT=00000000000000000000000000000008
+CT=ABFA77CD6E85DA245FB0BDC5E52CFC29
+
+I=126
+PT=00000000000000000000000000000004
+CT=DD4AB1284D4AE17B41E85924470C36F7
+
+I=127
+PT=00000000000000000000000000000002
+CT=CEA7403D4D606B6E074EC5D3BAF39D18
+
+I=128
+PT=00000000000000000000000000000001
+CT=530F8AFBC74536B9A963B4F1C4CB738B
+
+==========
\ No newline at end of file
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/test/katmct.pdf b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/katmct.pdf
new file mode 100644
index 00000000..b494fb53
Binary files /dev/null and b/krb5-1.21.3/src/lib/crypto/crypto_tests/test/katmct.pdf differ
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/vb.txt b/krb5-1.21.3/src/lib/crypto/crypto_tests/vb.txt
new file mode 100644
index 00000000..dab133c2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/vb.txt
@@ -0,0 +1,87 @@
+
+Private Const BlkLenMax = 32        ' maximum block length in bytes
+Private Const KeyLenMax = 32        ' maximum block length in bytes
+Private Const KeySchLenMax = 128    ' maximum key schedule length in bytes
+Private BlkLen As Integer           ' actual block length
+Private KeyLen As Integer           ' actual key length
+
+Private Type AESctx     ' Type to hold the AES context data
+  Ekey(0 To KeySchLenMax - 1) As Long
+  Nrnd As Long
+  Ncol As Long
+End Type
+
+Private Type KeyBlk     ' Type to hold user key data
+ K(0 To KeyLenMax - 1) As Byte
+End Type
+
+Private Type IoBlk      ' Type to hold cipher input and output blocks
+ IO(0 To BlkLenMax - 1) As Byte
+End Type
+
+Rem Change "d:\dll_pth" in the following lines to the directory path where the AES DLL is located
+Private Declare Function AesBlkLen Lib "d:\dll_path\aes.dll" Alias "_aes_blk_len@8" (ByVal N As Long, C As AESctx) As Integer
+Private Declare Function AesEncKey Lib "d:\dll_path\aes.dll" Alias "_aes_enc_key@12" (K As KeyBlk, ByVal N As Long, C As AESctx) As Integer
+Private Declare Function AesDecKey Lib "d:\dll_path\aes.dll" Alias "_aes_dec_key@12" (K As KeyBlk, ByVal N As Long, C As AESctx) As Integer
+Private Declare Function AesEncBlk Lib "d:\dll_path\aes.dll" Alias "_aes_enc_blk@12" (Ib As IoBlk, Ob As IoBlk, C As AESctx) As Integer
+Private Declare Function AesDecBlk Lib "d:\dll_path\aes.dll" Alias "_aes_dec_blk@12" (Ib As IoBlk, Ob As IoBlk, C As AESctx) As Integer
+
+Private Sub Hex(X As Byte)  ' Output a byte in hexadecimal format
+Dim H As Byte
+H = Int(X / 16)
+If H < 10 Then
+    Debug.Print Chr(48 + H);
+Else
+    Debug.Print Chr(87 + H);
+End If
+H = Int(X Mod 16)
+If H < 10 Then
+    Debug.Print Chr(48 + H);
+Else
+    Debug.Print Chr(87 + H);
+End If
+End Sub
+
+Private Sub OutKey(S As String, B As KeyBlk)    ' Display a key value
+Debug.Print: Debug.Print S;
+For i = 0 To KeyLen - 1
+   Hex B.K(i)
+Next i
+End Sub
+
+Private Sub OutBlock(S As String, B As IoBlk)   ' Display an input/output block
+Debug.Print: Debug.Print S;
+For i = 0 To BlkLen - 1
+   Hex B.IO(i)
+Next i
+End Sub
+
+Rem The following Main routine should output the following in the immediate window:
+Rem Key =            00000000000000000000000000000000
+Rem Input =          00000000000000000000000000000000
+Rem Encrypted Text = 66e94bd4ef8a2c3b884cfa59ca342b2e
+Rem Decrypted Text = 00000000000000000000000000000000
+
+Sub Main()
+Dim Key As KeyBlk   ' These variables are automatically
+Dim Ib As IoBlk, Ob As IoBlk, Rb As IoBlk
+Dim Cx As AESctx    ' initialised to zero values in VBA
+Dim RetVal As Integer
+
+BlkLen = 16: KeyLen = 16
+
+Rem RetVal = AesBlkLen(BlkLen, Cx)          ' include if the cipher block size is variable
+
+OutKey "Key =            ", Key
+OutBlock "Input =          ", Ib
+
+RetVal = AesEncKey(Key, KeyLen, Cx)     ' set an all zero encryption key
+RetVal = AesEncBlk(Ib, Ob, Cx)          ' encrypt Ib to Ob
+OutBlock "Encrypted Text = ", Ob
+
+RetVal = AesDecKey(Key, KeyLen, Cx)     ' set an all zero decryption key
+RetVal = AesDecBlk(Ob, Rb, Cx)          ' decrypt Ob to Rb
+OutBlock "Decrypted Text = ", Rb
+Debug.Print
+
+End Sub
diff --git a/krb5-1.21.3/src/lib/crypto/crypto_tests/vectors.c b/krb5-1.21.3/src/lib/crypto/crypto_tests/vectors.c
new file mode 100644
index 00000000..bcf5c910
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/crypto_tests/vectors.c
@@ -0,0 +1,454 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/crypto_tests/vectors.c */
+/*
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test vectors for crypto code, matching data submitted for inclusion
+ * with RFC1510bis.
+ *
+ * N.B.: Doesn't compile -- this file uses some routines internal to our
+ * crypto library which are declared "static" and thus aren't accessible
+ * without modifying the other sources.  Additionally, some ciphers have been
+ * removed.
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include "crypto_int.h"
+
+#define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0]))
+
+const char *whoami;
+
+static void printhex (size_t len, const char *p)
+{
+    while (len--)
+        printf ("%02x", 0xff & *p++);
+}
+
+static void printstringhex (const char *p) { printhex (strlen (p), p); }
+
+static void printdata (krb5_data *d) { printhex (d->length, d->data); }
+
+static void printkey (krb5_keyblock *k) { printhex (k->length, k->contents); }
+
+static void test_nfold ()
+{
+    int i;
+    static const struct {
+        char *input;
+        int n;
+    } tests[] = {
+        { "012345", 64, },
+        { "password", 56, },
+        { "Rough Consensus, and Running Code", 64, },
+        { "password", 168, },
+        { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192 },
+        { "Q", 168 },
+        { "ba", 168 },
+    };
+    unsigned char outbuf[192/8];
+
+    for (i = 0; i < ASIZE (tests); i++) {
+        char *p = tests[i].input;
+        assert (tests[i].n / 8 <= sizeof (outbuf));
+        printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
+        printf ("%d-fold(", tests[i].n);
+        printstringhex (p);
+        printf (") =\n\t");
+        krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
+        printhex (tests[i].n / 8U, outbuf);
+        printf ("\n\n");
+    }
+}
+
+#define JURISIC "Juri\305\241i\304\207" /* hi Miro */
+#define ESZETT "\303\237"
+#define GCLEF  "\360\235\204\236" /* outside BMP, woo hoo!  */
+
+/* Some weak keys:
+   {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
+   {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
+   so try to generate them. */
+
+static void
+test_mit_des_s2k ()
+{
+    static const struct {
+        const char *pass;
+        const char *salt;
+    } pairs[] = {
+        { "password", "ATHENA.MIT.EDUraeburn" },
+        { "potatoe", "WHITEHOUSE.GOVdanny" },
+        { "penny", "EXAMPLE.COMbuckaroo", },
+        { GCLEF, "EXAMPLE.COMpianist" },
+        { ESZETT, "ATHENA.MIT.EDU" JURISIC },
+        /* These two trigger weak-key fixups.  */
+        { "11119999", "AAAAAAAA" },
+        { "NNNN6666", "FFFFAAAA" },
+    };
+    int i;
+
+    for (i = 0; i < ASIZE (pairs); i++) {
+        const char *p = pairs[i].pass;
+        const char *s = pairs[i].salt;
+        krb5_data pd;
+        krb5_data sd;
+        unsigned char key_contents[60];
+        krb5_keyblock key;
+        krb5_error_code r;
+        char buf[80];
+
+        key.contents = key_contents;
+
+        pd.length = strlen (p);
+        pd.data = (char *) p;
+        sd.length = strlen (s);
+        sd.data = (char *) s;
+
+        assert (strlen (s) + 4 < sizeof (buf));
+        snprintf (buf, sizeof (buf), "\"%s\"", s);
+        printf (  "salt:     %-25s", buf);
+        printhex (strlen(s), s);
+        snprintf (buf, sizeof (buf), "\"%s\"", p);
+        printf ("\npassword: %-25s", buf);
+        printhex (strlen(p), p);
+        printf ("\n");
+        r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key);
+        printf (  "DES key:  %-25s", "");
+        printhex (key.length, key.contents);
+        printf ("\n\n");
+    }
+}
+
+static void
+test_s2k (krb5_enctype enctype)
+{
+    static const struct {
+        const char *pass;
+        const char *salt;
+    } pairs[] = {
+        { "password", "ATHENA.MIT.EDUraeburn" },
+        { "potatoe", "WHITEHOUSE.GOVdanny" },
+        { "penny", "EXAMPLE.COMbuckaroo", },
+        { ESZETT, "ATHENA.MIT.EDU" JURISIC },
+        { GCLEF, "EXAMPLE.COMpianist" },
+    };
+    int i;
+
+    for (i = 0; i < ASIZE (pairs); i++) {
+        const char *p = pairs[i].pass;
+        const char *s = pairs[i].salt;
+        krb5_data pd, sd;
+        unsigned char key_contents[60];
+        krb5_keyblock key;
+        krb5_error_code r;
+        char buf[80];
+
+        pd.length = strlen (p);
+        pd.data = (char *) p;
+        sd.length = strlen (s);
+        sd.data = (char *) s;
+        key.contents = key_contents;
+
+        assert (strlen (s) + 4 < sizeof (buf));
+        snprintf (buf, sizeof(buf), "\"%s\"", s);
+        printf (  "salt:\t%s\n\t", buf);
+        printhex (strlen(s), s);
+        snprintf (buf, sizeof(buf), "\"%s\"", p);
+        printf ("\npasswd:\t%s\n\t", buf);
+        printhex (strlen(p), p);
+        printf ("\n");
+        r = krb5_c_string_to_key (0, enctype, &pd, &sd, &key);
+        printf (  "key:\t");
+        printhex (key.length, key.contents);
+        printf ("\n\n");
+    }
+}
+
+static void test_des3_s2k () { test_s2k (ENCTYPE_DES3_CBC_SHA1); }
+
+static void
+keyToData (krb5_keyblock *k, krb5_data *d)
+{
+    d->length = k->length;
+    d->data = k->contents;
+}
+
+void check_error (int r, int line) {
+    if (r != 0) {
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
+    }
+}
+#define CHECK check_error(r, __LINE__)
+
+extern struct krb5_enc_provider krb5int_enc_des3;
+struct krb5_enc_provider *enc = &krb5int_enc_des3;
+extern struct krb5_enc_provider krb5int_enc_aes128, krb5int_enc_aes256;
+
+void DK (krb5_keyblock *out, krb5_keyblock *in, const krb5_data *usage) {
+    krb5_error_code r;
+    r = krb5int_derive_key (enc, in, out, usage, DERIVE_RFC3961);
+    CHECK;
+}
+
+void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) {
+    krb5_error_code r;
+    r = krb5int_derive_random (enc, in, out, usage, DERIVE_RFC3961);
+    CHECK;
+}
+
+#define KEYBYTES  21
+#define KEYLENGTH 24
+
+void test_dr_dk ()
+{
+    static const struct {
+        unsigned char keydata[KEYLENGTH];
+        int usage_len;
+        unsigned char usage[8];
+    } derive_tests[] = {
+        {
+            {
+                0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1,
+                0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c,
+                0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57,
+                0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b,
+                0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85,
+                0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52,
+                0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad,
+                0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02,
+                0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38,
+                0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92,
+                0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb,
+            },
+            8, { 'k', 'e', 'r', 'b', 'e', 'r', 'o', 's' },
+        },
+        {
+            {
+                0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3,
+                0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76,
+                0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e,
+            },
+            7, { 'c', 'o', 'm', 'b', 'i', 'n', 'e', },
+        },
+        {
+            {
+                0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62,
+                0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d,
+                0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13,
+                0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79,
+                0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57,
+                0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1,
+                0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f,
+                0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4,
+                0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+    };
+    int i;
+
+    for (i = 0; i < ASIZE(derive_tests); i++) {
+#define D (derive_tests[i])
+        krb5_keyblock key;
+        krb5_data usage;
+
+        unsigned char drData[KEYBYTES];
+        krb5_data dr;
+        unsigned char dkData[KEYLENGTH];
+        krb5_keyblock dk;
+
+        key.length = KEYLENGTH, key.contents = D.keydata;
+        usage.length = D.usage_len, usage.data = D.usage;
+        dr.length = KEYBYTES, dr.data = drData;
+        dk.length = KEYLENGTH, dk.contents = dkData;
+
+        printf ("key:\t"); printkey (&key); printf ("\n");
+        printf ("usage:\t"); printdata (&usage); printf ("\n");
+        DR (&dr, &key, &usage);
+        printf ("DR:\t"); printdata (&dr); printf ("\n");
+        DK (&dk, &key, &usage);
+        printf ("DK:\t"); printkey (&dk); printf ("\n\n");
+    }
+}
+
+
+static void printd (const char *descr, krb5_data *d) {
+    int i, j;
+    const int r = 16;
+
+    printf("%s:", descr);
+
+    for (i = 0; i < d->length; i += r) {
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
+    }
+    printf("\n");
+}
+static void printk(const char *descr, krb5_keyblock *k) {
+    krb5_data d;
+    d.data = k->contents;
+    d.length = k->length;
+    printd(descr, &d);
+}
+
+
+static void
+test_pbkdf2()
+{
+    static struct {
+        int count;
+        char *pass;
+        char *salt;
+    } test[] = {
+        { 1, "password", "ATHENA.MIT.EDUraeburn" },
+        { 2, "password", "ATHENA.MIT.EDUraeburn" },
+        { 1200, "password", "ATHENA.MIT.EDUraeburn" },
+        { 5, "password", "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { 1200,
+          "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "pass phrase equals block size" },
+        { 1200,
+          "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "pass phrase exceeds block size" },
+        { 50, "\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist" },
+    };
+    unsigned char x[100];
+    unsigned char x2[100];
+    int j;
+    krb5_error_code err;
+    krb5_data d;
+    krb5_keyblock k, dk;
+    krb5_data usage, pass, salt;
+
+    d.data = x;
+    dk.contents = x2;
+
+    usage.data = "kerberos";
+    usage.length = 8;
+
+    for (j = 0; j < sizeof(test)/sizeof(test[0]); j++) {
+        printf("pkbdf2(count=%d, pass=\"%s\", salt=",
+               test[j].count, test[j].pass);
+        if (isprint(test[j].salt[0]))
+            printf("\"%s\")\n", test[j].salt);
+        else {
+            char *s = test[j].salt;
+            printf("0x");
+            while (*s)
+                printf("%02X", 0xff & *s++);
+            printf(")\n");
+        }
+
+        d.length = 16;
+        pass.data = test[j].pass;
+        pass.length = strlen(pass.data);
+        salt.data = test[j].salt;
+        salt.length = strlen(salt.data);
+        err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
+        printd("128-bit PBKDF2 output", &d);
+        enc = &krb5int_enc_aes128;
+        k.contents = d.data;
+        k.length = d.length;
+        dk.length = d.length;
+        DK (&dk, &k, &usage);
+        printk("128-bit AES key",&dk);
+
+        d.length = 32;
+        err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
+        printd("256-bit PBKDF2 output", &d);
+        enc = &krb5int_enc_aes256;
+        k.contents = d.data;
+        k.length = d.length;
+        dk.length = d.length;
+        DK (&dk, &k, &usage);
+        printk("256-bit AES key", &dk);
+
+        printf("\n");
+    }
+}
+
+int main (int argc, char **argv)
+{
+    whoami = argv[0];
+    test_nfold ();
+    test_pbkdf2();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/deps b/krb5-1.21.3/src/lib/crypto/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/lib/crypto/krb/Makefile.in b/krb5-1.21.3/src/lib/crypto/krb/Makefile.in
new file mode 100644
index 00000000..cb2e40a3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/Makefile.in
@@ -0,0 +1,188 @@
+mydir=lib$(S)crypto$(S)krb
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR = krb
+##DOS##OBJFILE = ..\$(OUTPRE)krb.lst
+
+STLIBOBJS=\
+	aead.o		 	\
+	block_size.o		\
+	cf2.o 			\
+	checksum_dk_cmac.o	\
+	checksum_dk_hmac.o	\
+	checksum_etm.o		\
+	checksum_hmac_md5.o	\
+	checksum_unkeyed.o	\
+	checksum_length.o	\
+	cksumtype_to_string.o	\
+	cksumtypes.o		\
+	coll_proof_cksum.o	\
+	crypto_length.o		\
+	default_state.o 	\
+	decrypt.o		\
+	decrypt_iov.o		\
+	derive.o		\
+	encrypt.o		\
+	encrypt_iov.o		\
+	encrypt_length.o	\
+	enctype_util.o		\
+	enc_dk_cmac.o		\
+	enc_dk_hmac.o		\
+	enc_etm.o		\
+	enc_raw.o		\
+	enc_rc4.o		\
+	etypes.o		\
+	key.o			\
+	keyblocks.o 		\
+	keyed_cksum.o		\
+	keyed_checksum_types.o	\
+	keylengths.o		\
+	make_checksum.o		\
+	make_checksum_iov.o	\
+	make_random_key.o	\
+	mandatory_sumtype.o	\
+	nfold.o			\
+	old_api_glue.o		\
+	prf.o			\
+	prf_aes2.o		\
+	prf_cmac.o		\
+	prf_des.o		\
+	prf_dk.o		\
+	prf_rc4.o		\
+	prng.o			\
+	random_to_key.o		\
+	s2k_pbkdf2.o		\
+	s2k_rc4.o		\
+	state.o 		\
+	string_to_cksumtype.o	\
+	string_to_key.o		\
+	valid_cksumtype.o	\
+	verify_checksum.o	\
+	verify_checksum_iov.o
+
+OBJS=\
+	$(OUTPRE)aead.$(OBJEXT)		 	\
+	$(OUTPRE)block_size.$(OBJEXT)		\
+	$(OUTPRE)cf2.$(OBJEXT) 			\
+	$(OUTPRE)checksum_dk_cmac.$(OBJEXT)	\
+	$(OUTPRE)checksum_dk_hmac.$(OBJEXT)	\
+	$(OUTPRE)checksum_etm.$(OBJEXT)		\
+	$(OUTPRE)checksum_hmac_md5.$(OBJEXT)	\
+	$(OUTPRE)checksum_unkeyed.$(OBJEXT)	\
+	$(OUTPRE)checksum_length.$(OBJEXT)	\
+	$(OUTPRE)cksumtype_to_string.$(OBJEXT)	\
+	$(OUTPRE)cksumtypes.$(OBJEXT)		\
+	$(OUTPRE)coll_proof_cksum.$(OBJEXT)	\
+	$(OUTPRE)crypto_length.$(OBJEXT)	\
+	$(OUTPRE)default_state.$(OBJEXT) 	\
+	$(OUTPRE)decrypt.$(OBJEXT)		\
+	$(OUTPRE)decrypt_iov.$(OBJEXT)		\
+	$(OUTPRE)derive.$(OBJEXT)		\
+	$(OUTPRE)encrypt.$(OBJEXT)		\
+	$(OUTPRE)encrypt_iov.$(OBJEXT)		\
+	$(OUTPRE)encrypt_length.$(OBJEXT)	\
+	$(OUTPRE)enctype_util.$(OBJEXT)		\
+	$(OUTPRE)enc_dk_cmac.$(OBJEXT)		\
+	$(OUTPRE)enc_dk_hmac.$(OBJEXT)		\
+	$(OUTPRE)enc_etm.$(OBJEXT)		\
+	$(OUTPRE)enc_raw.$(OBJEXT)		\
+	$(OUTPRE)enc_rc4.$(OBJEXT)		\
+	$(OUTPRE)etypes.$(OBJEXT)		\
+	$(OUTPRE)key.$(OBJEXT)			\
+	$(OUTPRE)keyblocks.$(OBJEXT) 		\
+	$(OUTPRE)keyed_cksum.$(OBJEXT)		\
+	$(OUTPRE)keyed_checksum_types.$(OBJEXT)	\
+	$(OUTPRE)keylengths.$(OBJEXT)		\
+	$(OUTPRE)make_checksum.$(OBJEXT)	\
+	$(OUTPRE)make_checksum_iov.$(OBJEXT)	\
+	$(OUTPRE)make_random_key.$(OBJEXT)	\
+	$(OUTPRE)mandatory_sumtype.$(OBJEXT)	\
+	$(OUTPRE)nfold.$(OBJEXT)		\
+	$(OUTPRE)old_api_glue.$(OBJEXT)		\
+	$(OUTPRE)prf.$(OBJEXT)			\
+	$(OUTPRE)prf_aes2.$(OBJEXT)		\
+	$(OUTPRE)prf_cmac.$(OBJEXT)		\
+	$(OUTPRE)prf_des.$(OBJEXT)		\
+	$(OUTPRE)prf_dk.$(OBJEXT)		\
+	$(OUTPRE)prf_rc4.$(OBJEXT)		\
+	$(OUTPRE)prng.$(OBJEXT)			\
+	$(OUTPRE)random_to_key.$(OBJEXT)	\
+	$(OUTPRE)s2k_pbkdf2.$(OBJEXT)		\
+	$(OUTPRE)s2k_rc4.$(OBJEXT)		\
+	$(OUTPRE)state.$(OBJEXT) 		\
+	$(OUTPRE)string_to_cksumtype.$(OBJEXT)	\
+	$(OUTPRE)string_to_key.$(OBJEXT)	\
+	$(OUTPRE)valid_cksumtype.$(OBJEXT)	\
+	$(OUTPRE)verify_checksum.$(OBJEXT)	\
+	$(OUTPRE)verify_checksum_iov.$(OBJEXT)
+
+SRCS=\
+	$(srcdir)/aead.c		\
+	$(srcdir)/block_size.c		\
+	$(srcdir)/cf2.c 			\
+	$(srcdir)/checksum_dk_cmac.c	\
+	$(srcdir)/checksum_dk_hmac.c	\
+	$(srcdir)/checksum_etm.c	\
+	$(srcdir)/checksum_hmac_md5.c	\
+	$(srcdir)/checksum_unkeyed.c	\
+	$(srcdir)/checksum_length.c	\
+	$(srcdir)/cksumtype_to_string.c	\
+	$(srcdir)/cksumtypes.c		\
+	$(srcdir)/coll_proof_cksum.c	\
+	$(srcdir)/crypto_length.c	\
+	$(srcdir)/default_state.c 	\
+	$(srcdir)/decrypt.c		\
+	$(srcdir)/decrypt_iov.c		\
+	$(srcdir)/derive.c		\
+	$(srcdir)/encrypt.c		\
+	$(srcdir)/encrypt_iov.c		\
+	$(srcdir)/encrypt_length.c	\
+	$(srcdir)/enctype_util.c	\
+	$(srcdir)/enc_dk_cmac.c		\
+	$(srcdir)/enc_dk_hmac.c		\
+	$(srcdir)/enc_etm.c		\
+	$(srcdir)/enc_raw.c		\
+	$(srcdir)/enc_rc4.c		\
+	$(srcdir)/etypes.c		\
+	$(srcdir)/key.c			\
+	$(srcdir)/keyblocks.c 		\
+	$(srcdir)/keyed_cksum.c		\
+	$(srcdir)/keyed_checksum_types.c\
+	$(srcdir)/keylengths.c		\
+	$(srcdir)/make_checksum.c	\
+	$(srcdir)/make_checksum_iov.c	\
+	$(srcdir)/make_random_key.c	\
+	$(srcdir)/mandatory_sumtype.c	\
+	$(srcdir)/nfold.c		\
+	$(srcdir)/old_api_glue.c	\
+	$(srcdir)/prf.c			\
+	$(srcdir)/prf_aes2.c		\
+	$(srcdir)/prf_cmac.c		\
+	$(srcdir)/prf_des.c		\
+	$(srcdir)/prf_dk.c		\
+	$(srcdir)/prf_rc4.c		\
+	$(srcdir)/prng.c 		\
+	$(srcdir)/cf2.c 		\
+	$(srcdir)/random_to_key.c	\
+	$(srcdir)/s2k_pbkdf2.c		\
+	$(srcdir)/s2k_rc4.c		\
+	$(srcdir)/state.c 		\
+	$(srcdir)/string_to_cksumtype.c	\
+	$(srcdir)/string_to_key.c	\
+	$(srcdir)/valid_cksumtype.c	\
+	$(srcdir)/verify_checksum.c	\
+	$(srcdir)/verify_checksum_iov.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/krb/aead.c b/krb5-1.21.3/src/lib/crypto/krb/aead.c
new file mode 100644
index 00000000..9d4e206a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/aead.c
@@ -0,0 +1,223 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/aead.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_crypto_iov *
+krb5int_c_locate_iov(krb5_crypto_iov *data, size_t num_data,
+                     krb5_cryptotype type)
+{
+    size_t i;
+    krb5_crypto_iov *iov = NULL;
+
+    if (data == NULL)
+        return NULL;
+
+    for (i = 0; i < num_data; i++) {
+        if (data[i].flags == type) {
+            if (iov == NULL)
+                iov = &data[i];
+            else
+                return NULL; /* can't appear twice */
+        }
+    }
+
+    return iov;
+}
+
+krb5_error_code
+krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
+                             krb5_keyusage keyusage, const krb5_data *ivec,
+                             krb5_crypto_iov *data, size_t num_data)
+{
+    krb5_error_code ret;
+    unsigned int header_len, trailer_len;
+    krb5_crypto_iov *iov;
+    krb5_crypto_iov *stream;
+    size_t i, j;
+    int got_data = 0;
+
+    stream = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM);
+    assert(stream != NULL);
+
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+    if (stream->data.length < header_len + trailer_len)
+        return KRB5_BAD_MSIZE;
+
+    iov = calloc(num_data + 2, sizeof(krb5_crypto_iov));
+    if (iov == NULL)
+        return ENOMEM;
+
+    i = 0;
+
+    iov[i].flags = KRB5_CRYPTO_TYPE_HEADER; /* takes place of STREAM */
+    iov[i].data = make_data(stream->data.data, header_len);
+    i++;
+
+    for (j = 0; j < num_data; j++) {
+        if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) {
+            if (got_data) {
+                free(iov);
+                return KRB5_BAD_MSIZE;
+            }
+
+            got_data++;
+
+            data[j].data.data = stream->data.data + header_len;
+            data[j].data.length = stream->data.length - header_len
+                - trailer_len;
+        }
+        if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
+            data[j].flags == KRB5_CRYPTO_TYPE_DATA)
+            iov[i++] = data[j];
+    }
+
+    /* Use empty padding since tokens don't indicate the padding length. */
+    iov[i].flags = KRB5_CRYPTO_TYPE_PADDING;
+    iov[i].data = empty_data();
+    i++;
+
+    iov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    iov[i].data = make_data(stream->data.data + stream->data.length -
+                            trailer_len, trailer_len);
+    i++;
+
+    assert(i <= num_data + 2);
+
+    ret = ktp->decrypt(ktp, key, keyusage, ivec, iov, i);
+    free(iov);
+    return ret;
+}
+
+unsigned int
+krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length)
+{
+    unsigned int header, padding;
+
+    /*
+     * Add in the header length since the header is encrypted along with the
+     * data.  (arcfour violates this assumption since not all of the header is
+     * encrypted, but that's okay since it has no padding.  If there is ever an
+     * enctype using a similar token format and a block cipher, we will have to
+     * move this logic into an enctype-dependent function.)
+     */
+    header = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    data_length += header;
+
+    padding = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+    if (padding == 0 || (data_length % padding) == 0)
+        return 0;
+    else
+        return padding - (data_length % padding);
+}
+
+/* Return the next iov (starting from ind) which cursor should process, or
+ * cursor->iov_count if there are none remaining. */
+static size_t
+next_iov_to_process(struct iov_cursor *cursor, size_t ind)
+{
+    const krb5_crypto_iov *iov;
+
+    for (; ind < cursor->iov_count; ind++) {
+        iov = &cursor->iov[ind];
+        if (cursor->signing ? SIGN_IOV(iov) : ENCRYPT_IOV(iov))
+            break;
+    }
+    return ind;
+}
+
+void
+k5_iov_cursor_init(struct iov_cursor *cursor, const krb5_crypto_iov *iov,
+                   size_t count, size_t block_size, krb5_boolean signing)
+{
+    cursor->iov = iov;
+    cursor->iov_count = count;
+    cursor->block_size = block_size;
+    cursor->signing = signing;
+    cursor->in_iov = next_iov_to_process(cursor, 0);
+    cursor->out_iov = cursor->in_iov;
+    cursor->in_pos = cursor->out_pos = 0;
+}
+
+/* Fetch one block from cursor's input position. */
+krb5_boolean
+k5_iov_cursor_get(struct iov_cursor *cursor, unsigned char *block)
+{
+    size_t nbytes, bsz = cursor->block_size, remain = cursor->block_size;
+    const krb5_crypto_iov *iov;
+
+    remain = cursor->block_size;
+    while (remain > 0 && cursor->in_iov < cursor->iov_count) {
+        iov = &cursor->iov[cursor->in_iov];
+
+        nbytes = iov->data.length - cursor->in_pos;
+        if (nbytes > remain)
+            nbytes = remain;
+
+        memcpy(block + bsz - remain, iov->data.data + cursor->in_pos, nbytes);
+        cursor->in_pos += nbytes;
+        remain -= nbytes;
+
+        if (cursor->in_pos == iov->data.length) {
+            cursor->in_iov = next_iov_to_process(cursor, cursor->in_iov + 1);
+            cursor->in_pos = 0;
+        }
+    }
+
+    if (remain == bsz)
+        return FALSE;
+    if (remain > 0)
+        memset(block + bsz - remain, 0, remain);
+    return TRUE;
+}
+
+/* Write a block to a cursor's output position. */
+void
+k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block)
+{
+    size_t nbytes, bsz = cursor->block_size, remain = cursor->block_size;
+    const krb5_crypto_iov *iov;
+
+    remain = cursor->block_size;
+    while (remain > 0 && cursor->out_iov < cursor->iov_count) {
+        iov = &cursor->iov[cursor->out_iov];
+
+        nbytes = iov->data.length - cursor->out_pos;
+        if (nbytes > remain)
+            nbytes = remain;
+
+        memcpy(iov->data.data + cursor->out_pos, block + bsz - remain, nbytes);
+        cursor->out_pos += nbytes;
+        remain -= nbytes;
+
+        if (cursor->out_pos == iov->data.length) {
+            cursor->out_iov = next_iov_to_process(cursor, cursor->out_iov + 1);
+            cursor->out_pos = 0;
+        }
+    }
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/block_size.c b/krb5-1.21.3/src/lib/crypto/krb/block_size.c
new file mode 100644
index 00000000..d50c9446
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/block_size.c
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_block_size(krb5_context context, krb5_enctype enctype,
+                  size_t *blocksize)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    *blocksize = ktp->enc->block_size;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/cf2.c b/krb5-1.21.3/src/lib/crypto/krb/cf2.c
new file mode 100644
index 00000000..2ee5aebd
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/cf2.c
@@ -0,0 +1,176 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/cf2.c */
+/*
+ * Copyright (C) 2009, 2015 by the Massachusetts Institute of Technology.  All
+ * rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Implement KRB_FX_CF2 function per draft-ietf-krb-wg-preauth-framework-09.
+ * Take two keys and two pepper strings as input and return a combined key.
+ */
+
+#include "crypto_int.h"
+
+#ifndef MIN
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_prfplus(krb5_context context, const krb5_keyblock *k,
+               const krb5_data *input, krb5_data *output)
+{
+    krb5_error_code ret;
+    krb5_data prf_in = empty_data(), prf_out = empty_data();
+    size_t prflen, nblocks, i;
+
+    /* Calculate the number of PRF invocations we will need. */
+    ret = krb5_c_prf_length(context, k->enctype, &prflen);
+    if (ret)
+        return ret;
+    nblocks = (output->length + prflen - 1)/ prflen;
+    if (nblocks > 255)
+        return E2BIG;
+
+    /* Allocate PRF input and output buffers. */
+    ret = alloc_data(&prf_in, input->length + 1);
+    if (ret)
+        goto cleanup;
+    ret = alloc_data(&prf_out, prflen);
+    if (ret)
+        goto cleanup;
+
+    /* Concatenate PRF(k, 1||input) || PRF(k, 2||input) || ... to produce the
+     * desired number of bytes. */
+    memcpy(&prf_in.data[1], input->data, input->length);
+    for (i = 0; i < nblocks; i++) {
+        prf_in.data[0] = i + 1;
+        ret = krb5_c_prf(context, k, &prf_in, &prf_out);
+        if (ret)
+            goto cleanup;
+
+        memcpy(&output->data[i * prflen], prf_out.data,
+               MIN(prflen, output->length - i * prflen));
+    }
+
+cleanup:
+    zapfree(prf_out.data, prf_out.length);
+    zapfree(prf_in.data, prf_in.length);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_derive_prfplus(krb5_context context, const krb5_keyblock *k,
+                      const krb5_data *input, krb5_enctype enctype,
+                      krb5_keyblock **out)
+{
+    krb5_error_code ret;
+    const struct krb5_keytypes *ktp;
+    krb5_data rnd = empty_data();
+    krb5_keyblock *kb = NULL;
+
+    *out = NULL;
+
+    ktp = find_enctype((enctype == ENCTYPE_NULL) ? k->enctype : enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    /* Generate enough pseudo-random bytes for the random-to-key function. */
+    ret = alloc_data(&rnd, ktp->enc->keybytes);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_prfplus(context, k, input, &rnd);
+    if (ret)
+        goto cleanup;
+
+    /* Generate a key from the pseudo-random bytes. */
+    ret = krb5int_c_init_keyblock(context, ktp->etype, ktp->enc->keylength,
+                                  &kb);
+    if (ret)
+        goto cleanup;
+    ret = (*ktp->rand2key)(&rnd, kb);
+    if (ret)
+        goto cleanup;
+
+    *out = kb;
+    kb = NULL;
+
+cleanup:
+    zapfree(rnd.data, rnd.length);
+    krb5int_c_free_keyblock(context, kb);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_fx_cf2_simple(krb5_context context,
+                     const krb5_keyblock *k1, const char *pepper1,
+                     const krb5_keyblock *k2, const char *pepper2,
+                     krb5_keyblock **out)
+{
+    krb5_error_code ret;
+    const struct krb5_keytypes *ktp = NULL;
+    const krb5_data pepper1_data = string2data((char *)pepper1);
+    const krb5_data pepper2_data = string2data((char *)pepper2);
+    krb5_data prf1 = empty_data(), prf2 = empty_data();
+    unsigned int i;
+    krb5_keyblock *kb = NULL;
+
+    *out = NULL;
+
+    ktp = find_enctype(k1->enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    /* Generate PRF+(k1, pepper1) and PRF+(k2, kepper2). */
+    ret = alloc_data(&prf1, ktp->enc->keybytes);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_prfplus(context, k1, &pepper1_data, &prf1);
+    if (ret)
+        goto cleanup;
+    ret = alloc_data(&prf2, ktp->enc->keybytes);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_prfplus(context, k2, &pepper2_data, &prf2);
+    if (ret)
+        goto cleanup;
+
+    /* Compute the XOR of the two PRF+ values and generate a key. */
+    for (i = 0; i < prf1.length; i++)
+        prf1.data[i] ^= prf2.data[i];
+    ret = krb5int_c_init_keyblock(context, ktp->etype, ktp->enc->keylength,
+                                  &kb);
+    if (ret)
+        goto cleanup;
+    ret = (*ktp->rand2key)(&prf1, kb);
+    if (ret)
+        goto cleanup;
+
+    *out = kb;
+    kb = NULL;
+
+cleanup:
+    zapfree(prf2.data, prf2.length);
+    zapfree(prf1.data, prf1.length);
+    krb5int_c_free_keyblock(context, kb);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/checksum_dk_cmac.c b/krb5-1.21.3/src/lib/crypto/krb/checksum_dk_cmac.c
new file mode 100644
index 00000000..809f9d72
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/checksum_dk_cmac.c
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/checksum_dk_cmac.c */
+/*
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+krb5_error_code
+krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
+                         krb5_key key, krb5_keyusage usage,
+                         const krb5_crypto_iov *data, size_t num_data,
+                         krb5_data *output)
+{
+    const struct krb5_enc_provider *enc = ctp->enc;
+    krb5_error_code ret;
+    unsigned char constantdata[K5CLENGTH];
+    krb5_data datain;
+    krb5_key kc;
+
+    /* Derive the key. */
+    datain = make_data(constantdata, K5CLENGTH);
+    store_32_be(usage, constantdata);
+    constantdata[4] = (char) 0x99;
+    ret = krb5int_derive_key(enc, NULL, key, &kc, &datain,
+                             DERIVE_SP800_108_CMAC);
+    if (ret != 0)
+        return ret;
+
+    /* Hash the data. */
+    ret = krb5int_cmac_checksum(enc, kc, data, num_data, output);
+    if (ret != 0)
+        memset(output->data, 0, output->length);
+
+    krb5_k_free_key(NULL, kc);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/checksum_dk_hmac.c b/krb5-1.21.3/src/lib/crypto/krb/checksum_dk_hmac.c
new file mode 100644
index 00000000..64ab8993
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/checksum_dk_hmac.c
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+krb5_error_code
+krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
+                    krb5_key key, krb5_keyusage usage,
+                    const krb5_crypto_iov *data, size_t num_data,
+                    krb5_data *output)
+{
+    const struct krb5_enc_provider *enc = ctp->enc;
+    krb5_error_code ret;
+    unsigned char constantdata[K5CLENGTH];
+    krb5_data datain;
+    krb5_key kc;
+
+    /* Derive the key. */
+    datain = make_data(constantdata, K5CLENGTH);
+    store_32_be(usage, constantdata);
+    constantdata[4] = (char) 0x99;
+    ret = krb5int_derive_key(enc, NULL, key, &kc, &datain, DERIVE_RFC3961);
+    if (ret)
+        return ret;
+
+    /* Hash the data. */
+    ret = krb5int_hmac(ctp->hash, kc, data, num_data, output);
+    if (ret)
+        memset(output->data, 0, output->length);
+
+    krb5_k_free_key(NULL, kc);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/checksum_etm.c b/krb5-1.21.3/src/lib/crypto/krb/checksum_etm.c
new file mode 100644
index 00000000..eaa85b2d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/checksum_etm.c
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/checksum_etm.c - checksum for encrypt-then-mac enctypes */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_etm_checksum(const struct krb5_cksumtypes *ctp, krb5_key key,
+                     krb5_keyusage usage, const krb5_crypto_iov *data,
+                     size_t num_data, krb5_data *output)
+{
+    krb5_error_code ret;
+    uint8_t label[5];
+    krb5_data label_data = make_data(label, 5), kc = empty_data();
+    krb5_keyblock kb = { 0 };
+
+    /* Derive the checksum key. */
+    store_32_be(usage, label);
+    label[4] = 0x99;
+    label_data = make_data(label, 5);
+    ret = alloc_data(&kc, ctp->hash->hashsize / 2);
+    if (ret)
+        goto cleanup;
+    ret = krb5int_derive_random(ctp->enc, ctp->hash, key, &kc, &label_data,
+                                DERIVE_SP800_108_HMAC);
+    if (ret)
+        goto cleanup;
+
+    /* Compute an HMAC with kc over the data. */
+    kb.length = kc.length;
+    kb.contents = (uint8_t *)kc.data;
+    ret = krb5int_hmac_keyblock(ctp->hash, &kb, data, num_data, output);
+
+cleanup:
+    zapfree(kc.data, kc.length);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/checksum_hmac_md5.c b/krb5-1.21.3/src/lib/crypto/krb/checksum_hmac_md5.c
new file mode 100644
index 00000000..ec024f39
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/checksum_hmac_md5.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/checksum_hmac_md5.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Microsoft HMAC-MD5 and MD5-HMAC checksums (see RFC 4757):
+ *   HMAC(KS, hash(msusage || input))
+ * KS is HMAC(key, "signaturekey\0") for HMAC-MD5, or just the key for
+ * MD5-HMAC.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output)
+{
+    krb5_keyusage ms_usage;
+    krb5_error_code ret;
+    krb5_keyblock ks, *keyblock;
+    krb5_crypto_iov *hash_iov = NULL, iov;
+    krb5_data ds = empty_data(), hashval = empty_data();
+    char t[4];
+
+    if (key == NULL || key->keyblock.length > ctp->hash->blocksize)
+        return KRB5_BAD_ENCTYPE;
+    if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) {
+        /* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */
+        ret = alloc_data(&ds, ctp->hash->hashsize);
+        if (ret != 0)
+            goto cleanup;
+
+        iov.flags = KRB5_CRYPTO_TYPE_DATA;
+        iov.data = make_data("signaturekey", 13);
+        ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
+        if (ret)
+            goto cleanup;
+        ks.length = ds.length;
+        ks.contents = (krb5_octet *) ds.data;
+        keyblock = &ks;
+    } else  /* For md5-hmac, just use the key. */
+        keyblock = &key->keyblock;
+
+    /* Compute the MD5 value of the input. */
+    ms_usage = krb5int_arcfour_translate_usage(usage);
+    store_32_le(ms_usage, t);
+    hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret);
+    if (hash_iov == NULL)
+        goto cleanup;
+    hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    hash_iov[0].data = make_data(t, 4);
+    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
+    ret = alloc_data(&hashval, ctp->hash->hashsize);
+    if (ret != 0)
+        goto cleanup;
+    ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Compute HMAC(ks, md5value). */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = hashval;
+    ret = krb5int_hmac_keyblock(ctp->hash, keyblock, &iov, 1, output);
+
+cleanup:
+    zapfree(ds.data, ds.length);
+    zapfree(hashval.data, hashval.length);
+    free(hash_iov);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/checksum_length.c b/krb5-1.21.3/src/lib/crypto/krb/checksum_length.c
new file mode 100644
index 00000000..d4071e10
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/checksum_length.c
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
+                       size_t *length)
+{
+    const struct krb5_cksumtypes *ctp;
+
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    *length = ctp->output_size;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/checksum_unkeyed.c b/krb5-1.21.3/src/lib/crypto/krb/checksum_unkeyed.c
new file mode 100644
index 00000000..ff4f2b46
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/checksum_unkeyed.c
@@ -0,0 +1,36 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/checksum_unkeyed.c - Unkeyed checksum handler */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp,
+                         krb5_key key, krb5_keyusage usage,
+                         const krb5_crypto_iov *data, size_t num_data,
+                         krb5_data *output)
+{
+    return ctp->hash->hash(data, num_data, output);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/cksumtype_to_string.c b/krb5-1.21.3/src/lib/crypto/krb/cksumtype_to_string.c
new file mode 100644
index 00000000..758940a1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/cksumtype_to_string.c
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
+{
+    const struct krb5_cksumtypes *ctp;
+
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    if (strlcpy(buffer, ctp->out_string, buflen) >= buflen)
+        return ENOMEM;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/cksumtypes.c b/krb5-1.21.3/src/lib/crypto/krb/cksumtypes.c
new file mode 100644
index 00000000..f7ba322f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/cksumtypes.c
@@ -0,0 +1,112 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
+    { CKSUMTYPE_RSA_MD4,
+      "md4", { 0 }, "RSA-MD4",
+      NULL, &krb5int_hash_md4,
+      krb5int_unkeyed_checksum, NULL,
+      16, 16, CKSUM_UNKEYED },
+
+    { CKSUMTYPE_RSA_MD5,
+      "md5", { 0 }, "RSA-MD5",
+      NULL, &krb5int_hash_md5,
+      krb5int_unkeyed_checksum, NULL,
+      16, 16, CKSUM_UNKEYED },
+
+    { CKSUMTYPE_NIST_SHA,
+      "sha", { 0 }, "NIST-SHA",
+      NULL, &krb5int_hash_sha1,
+      krb5int_unkeyed_checksum, NULL,
+      20, 20, CKSUM_UNKEYED },
+
+    { CKSUMTYPE_SHA1,
+      "sha", { 0 }, "SHA-1",
+      NULL, &krb5int_hash_sha1,
+      krb5int_unkeyed_checksum, NULL,
+      20, 20, CKSUM_UNKEYED },
+
+    { CKSUMTYPE_HMAC_SHA1_DES3,
+      "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key",
+      &krb5int_enc_des3, &krb5int_hash_sha1,
+      krb5int_dk_checksum, NULL,
+      20, 20, 0 },
+
+    { CKSUMTYPE_HMAC_MD5_ARCFOUR,
+      "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" },
+      "Microsoft HMAC MD5",
+      NULL, &krb5int_hash_md5,
+      krb5int_hmacmd5_checksum, NULL,
+      16, 16, 0 },
+
+    { CKSUMTYPE_HMAC_SHA1_96_AES128,
+      "hmac-sha1-96-aes128", { 0 }, "HMAC-SHA1 AES128 key",
+      &krb5int_enc_aes128, &krb5int_hash_sha1,
+      krb5int_dk_checksum, NULL,
+      20, 12, 0 },
+
+    { CKSUMTYPE_HMAC_SHA1_96_AES256,
+      "hmac-sha1-96-aes256", { 0 }, "HMAC-SHA1 AES256 key",
+      &krb5int_enc_aes256, &krb5int_hash_sha1,
+      krb5int_dk_checksum, NULL,
+      20, 12, 0 },
+
+    { CKSUMTYPE_MD5_HMAC_ARCFOUR,
+      "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC",
+      &krb5int_enc_arcfour, &krb5int_hash_md5,
+      krb5int_hmacmd5_checksum, NULL,
+      16, 16, 0 },
+
+    { CKSUMTYPE_CMAC_CAMELLIA128,
+      "cmac-camellia128", { 0 }, "CMAC Camellia128 key",
+      &krb5int_enc_camellia128, NULL,
+      krb5int_dk_cmac_checksum, NULL,
+      16, 16, 0 },
+
+    { CKSUMTYPE_CMAC_CAMELLIA256,
+      "cmac-camellia256", { 0 }, "CMAC Camellia256 key",
+      &krb5int_enc_camellia256, NULL,
+      krb5int_dk_cmac_checksum, NULL,
+      16, 16, 0 },
+
+    { CKSUMTYPE_HMAC_SHA256_128_AES128,
+      "hmac-sha256-128-aes128", { 0 }, "HMAC-SHA256 AES128 key",
+      &krb5int_enc_aes128, &krb5int_hash_sha256,
+      krb5int_etm_checksum, NULL,
+      32, 16, 0 },
+
+    { CKSUMTYPE_HMAC_SHA384_192_AES256,
+      "hmac-sha384-192-aes256", { 0 }, "HMAC-SHA384 AES256 key",
+      &krb5int_enc_aes256, &krb5int_hash_sha384,
+      krb5int_etm_checksum, NULL,
+      48, 24, 0 },
+};
+
+const size_t krb5int_cksumtypes_length =
+    sizeof(krb5int_cksumtypes_list) / sizeof(struct krb5_cksumtypes);
diff --git a/krb5-1.21.3/src/lib/crypto/krb/coll_proof_cksum.c b/krb5-1.21.3/src/lib/crypto/krb/coll_proof_cksum.c
new file mode 100644
index 00000000..13cb182a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/coll_proof_cksum.c
@@ -0,0 +1,37 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_boolean KRB5_CALLCONV
+krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
+{
+    const struct krb5_cksumtypes *ctp;
+
+    ctp = find_cksumtype(ctype);
+    return (ctp != NULL && !(ctp->flags & CKSUM_NOT_COLL_PROOF));
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/crypto_int.h b/krb5-1.21.3/src/lib/crypto/krb/crypto_int.h
new file mode 100644
index 00000000..3629616d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/crypto_int.h
@@ -0,0 +1,674 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/crypto_int.h - Master libk5crypto internal header */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* This header is the entry point for libk5crypto sources, and also documents
+ * requirements for crypto modules. */
+
+#ifndef CRYPTO_INT_H
+#define CRYPTO_INT_H
+
+#include <k5-int.h>
+
+#if defined(CRYPTO_OPENSSL)
+
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/*
+ * OpenSSL 3.0 relegates MD4 and RC4 to the legacy provider, which must be
+ * explicitly loaded into a library context.  Performing this loading within a
+ * library carries complications, so use the built-in implementations of these
+ * primitives instead.  OpenSSL 3.0 also deprecates DES_set_odd_parity() with
+ * no replacement.
+ *
+ * OpenSSL 3.0 adds KDF implementations matching the ones we use to derive
+ * encryption and authentication keys from protocol keys.  It also adds
+ * the EVP_MAC interface which can be used for CMAC.  (We could use the CMAC
+ * interface with OpenSSL 1.1 but currently do not.)
+ */
+#define K5_BUILTIN_DES_KEY_PARITY
+#define K5_BUILTIN_MD4
+#define K5_BUILTIN_RC4
+#define K5_OPENSSL_KDF
+#define K5_OPENSSL_CMAC
+#else
+#define K5_OPENSSL_DES_KEY_PARITY
+#define K5_OPENSSL_MD4
+#define K5_OPENSSL_RC4
+#define K5_BUILTIN_KDF
+#define K5_BUILTIN_CMAC
+#endif
+
+#define K5_OPENSSL_AES
+#define K5_OPENSSL_CAMELLIA
+#define K5_OPENSSL_DES
+#define K5_OPENSSL_HMAC
+#define K5_OPENSSL_MD5
+#define K5_OPENSSL_PBKDF2
+#define K5_OPENSSL_SHA1
+#define K5_OPENSSL_SHA2
+
+#else
+
+#define K5_BUILTIN_AES
+#define K5_BUILTIN_CAMELLIA
+#define K5_BUILTIN_CMAC
+#define K5_BUILTIN_DES
+#define K5_BUILTIN_DES_KEY_PARITY
+#define K5_BUILTIN_HMAC
+#define K5_BUILTIN_KDF
+#define K5_BUILTIN_MD4
+#define K5_BUILTIN_MD5
+#define K5_BUILTIN_PBKDF2
+#define K5_BUILTIN_RC4
+#define K5_BUILTIN_SHA1
+#define K5_BUILTIN_SHA2
+
+#endif
+
+/* Enc providers and hash providers specify well-known ciphers and hashes to be
+ * implemented by the crypto module. */
+
+struct krb5_enc_provider {
+    /* keybytes is the input size to make_key;
+       keylength is the output size */
+    size_t block_size, keybytes, keylength;
+
+    krb5_error_code (*encrypt)(krb5_key key, const krb5_data *cipher_state,
+                               krb5_crypto_iov *data, size_t num_data);
+
+    krb5_error_code (*decrypt)(krb5_key key, const krb5_data *cipher_state,
+                               krb5_crypto_iov *data, size_t num_data);
+
+    /* May be NULL if the cipher is not used for a cbc-mac checksum. */
+    krb5_error_code (*cbc_mac)(krb5_key key, const krb5_crypto_iov *data,
+                               size_t num_data, const krb5_data *ivec,
+                               krb5_data *output);
+
+    krb5_error_code (*init_state)(const krb5_keyblock *key,
+                                  krb5_keyusage keyusage,
+                                  krb5_data *out_state);
+    void (*free_state)(krb5_data *state);
+
+    /* May be NULL if there is no key-derived data cached.  */
+    void (*key_cleanup)(krb5_key key);
+};
+
+struct krb5_hash_provider {
+    char hash_name[8];
+    size_t hashsize, blocksize;
+
+    krb5_error_code (*hash)(const krb5_crypto_iov *data, size_t num_data,
+                            krb5_data *output);
+};
+
+/*** RFC 3961 enctypes table ***/
+
+#define MAX_ETYPE_ALIASES 2
+
+struct krb5_keytypes;
+
+typedef unsigned int (*crypto_length_func)(const struct krb5_keytypes *ktp,
+                                           krb5_cryptotype type);
+
+typedef krb5_error_code (*crypt_func)(const struct krb5_keytypes *ktp,
+                                      krb5_key key, krb5_keyusage keyusage,
+                                      const krb5_data *ivec,
+                                      krb5_crypto_iov *data, size_t num_data);
+
+typedef krb5_error_code (*str2key_func)(const struct krb5_keytypes *ktp,
+                                        const krb5_data *string,
+                                        const krb5_data *salt,
+                                        const krb5_data *parm,
+                                        krb5_keyblock *key);
+
+typedef krb5_error_code (*rand2key_func)(const krb5_data *randombits,
+                                         krb5_keyblock *key);
+
+typedef krb5_error_code (*prf_func)(const struct krb5_keytypes *ktp,
+                                    krb5_key key,
+                                    const krb5_data *in, krb5_data *out);
+
+struct krb5_keytypes {
+    krb5_enctype etype;
+    char *name;
+    char *aliases[MAX_ETYPE_ALIASES];
+    char *out_string;
+    const struct krb5_enc_provider *enc;
+    const struct krb5_hash_provider *hash;
+    size_t prf_length;
+    crypto_length_func crypto_length;
+    crypt_func encrypt;
+    crypt_func decrypt;
+    str2key_func str2key;
+    rand2key_func rand2key;
+    prf_func prf;
+    krb5_cksumtype required_ctype;
+    krb5_flags flags;
+    unsigned int ssf;
+};
+
+/*
+ * "Weak" means the enctype is believed to be vulnerable to practical attacks,
+ * and will be disabled unless allow_weak_crypto is set to true.  "Deprecated"
+ * means the enctype has been deprecated by the IETF, and affects display and
+ * logging.
+ */
+#define ETYPE_WEAK (1 << 0)
+#define ETYPE_DEPRECATED (1 << 1)
+
+extern const struct krb5_keytypes krb5int_enctypes_list[];
+extern const int krb5int_enctypes_length;
+
+/*** RFC 3961 checksum types table ***/
+
+struct krb5_cksumtypes;
+
+/*
+ * Compute a checksum over the header, data, padding, and sign-only fields of
+ * the iov array data (of size num_data).  The output buffer will already be
+ * allocated with ctp->compute_size bytes available; the handler just needs to
+ * fill in the contents.  If ctp->enc is not NULL, the handler can assume that
+ * key is a valid-length key of an enctype which uses that enc provider.
+ */
+typedef krb5_error_code (*checksum_func)(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output);
+
+/*
+ * Verify a checksum over the header, data, padding, and sign-only fields of
+ * the iov array data (of size num_data), and store the boolean result in
+ * *valid.  The handler can assume that hash has length ctp->output_size.  If
+ * ctp->enc is not NULL, the handler can assume that key a valid-length key of
+ * an enctype which uses that enc provider.
+ */
+typedef krb5_error_code (*verify_func)(const struct krb5_cksumtypes *ctp,
+                                       krb5_key key, krb5_keyusage usage,
+                                       const krb5_crypto_iov *data,
+                                       size_t num_data,
+                                       const krb5_data *input,
+                                       krb5_boolean *valid);
+
+struct krb5_cksumtypes {
+    krb5_cksumtype ctype;
+    char *name;
+    char *aliases[2];
+    char *out_string;
+    const struct krb5_enc_provider *enc;
+    const struct krb5_hash_provider *hash;
+    checksum_func checksum;
+    verify_func verify;         /* NULL means recompute checksum and compare */
+    unsigned int compute_size;  /* Allocation size for checksum computation */
+    unsigned int output_size;   /* Possibly truncated output size */
+    krb5_flags flags;
+};
+
+#define CKSUM_UNKEYED          0x0001
+#define CKSUM_NOT_COLL_PROOF   0x0002
+
+extern const struct krb5_cksumtypes krb5int_cksumtypes_list[];
+extern const size_t krb5int_cksumtypes_length;
+
+/*** Prototypes for enctype table functions ***/
+
+/* Length */
+unsigned int krb5int_raw_crypto_length(const struct krb5_keytypes *ktp,
+                                       krb5_cryptotype type);
+unsigned int krb5int_arcfour_crypto_length(const struct krb5_keytypes *ktp,
+                                           krb5_cryptotype type);
+unsigned int krb5int_dk_crypto_length(const struct krb5_keytypes *ktp,
+                                      krb5_cryptotype type);
+unsigned int krb5int_aes_crypto_length(const struct krb5_keytypes *ktp,
+                                       krb5_cryptotype type);
+unsigned int krb5int_camellia_crypto_length(const struct krb5_keytypes *ktp,
+                                            krb5_cryptotype type);
+unsigned int krb5int_aes2_crypto_length(const struct krb5_keytypes *ktp,
+                                        krb5_cryptotype type);
+
+/* Encrypt */
+krb5_error_code krb5int_raw_encrypt(const struct krb5_keytypes *ktp,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    krb5_crypto_iov *data, size_t num_data);
+krb5_error_code krb5int_arcfour_encrypt(const struct krb5_keytypes *ktp,
+                                        krb5_key key, krb5_keyusage usage,
+                                        const krb5_data *ivec,
+                                        krb5_crypto_iov *data,
+                                        size_t num_data);
+krb5_error_code krb5int_dk_encrypt(const struct krb5_keytypes *ktp,
+                                   krb5_key key, krb5_keyusage usage,
+                                   const krb5_data *ivec,
+                                   krb5_crypto_iov *data, size_t num_data);
+krb5_error_code krb5int_dk_cmac_encrypt(const struct krb5_keytypes *ktp,
+                                        krb5_key key, krb5_keyusage usage,
+                                        const krb5_data *ivec,
+                                        krb5_crypto_iov *data,
+                                        size_t num_data);
+krb5_error_code krb5int_etm_encrypt(const struct krb5_keytypes *ktp,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    krb5_crypto_iov *data, size_t num_data);
+
+/* Decrypt */
+krb5_error_code krb5int_raw_decrypt(const struct krb5_keytypes *ktp,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    krb5_crypto_iov *data, size_t num_data);
+krb5_error_code krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp,
+                                        krb5_key key, krb5_keyusage usage,
+                                        const krb5_data *ivec,
+                                        krb5_crypto_iov *data,
+                                        size_t num_data);
+krb5_error_code krb5int_dk_decrypt(const struct krb5_keytypes *ktp,
+                                   krb5_key key, krb5_keyusage usage,
+                                   const krb5_data *ivec,
+                                   krb5_crypto_iov *data, size_t num_data);
+krb5_error_code krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp,
+                                        krb5_key key, krb5_keyusage usage,
+                                        const krb5_data *ivec,
+                                        krb5_crypto_iov *data,
+                                        size_t num_data);
+krb5_error_code krb5int_etm_decrypt(const struct krb5_keytypes *ktp,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_data *ivec,
+                                    krb5_crypto_iov *data, size_t num_data);
+
+/* String to key */
+krb5_error_code krb5int_des_string_to_key(const struct krb5_keytypes *ktp,
+                                          const krb5_data *string,
+                                          const krb5_data *salt,
+                                          const krb5_data *params,
+                                          krb5_keyblock *key);
+krb5_error_code krb5int_arcfour_string_to_key(const struct krb5_keytypes *ktp,
+                                              const krb5_data *string,
+                                              const krb5_data *salt,
+                                              const krb5_data *params,
+                                              krb5_keyblock *key);
+krb5_error_code krb5int_dk_string_to_key(const struct krb5_keytypes *enc,
+                                         const krb5_data *string,
+                                         const krb5_data *salt,
+                                         const krb5_data *params,
+                                         krb5_keyblock *key);
+krb5_error_code krb5int_aes_string_to_key(const struct krb5_keytypes *enc,
+                                          const krb5_data *string,
+                                          const krb5_data *salt,
+                                          const krb5_data *params,
+                                          krb5_keyblock *key);
+krb5_error_code krb5int_camellia_string_to_key(const struct krb5_keytypes *enc,
+                                               const krb5_data *string,
+                                               const krb5_data *salt,
+                                               const krb5_data *params,
+                                               krb5_keyblock *key);
+krb5_error_code krb5int_aes2_string_to_key(const struct krb5_keytypes *enc,
+                                           const krb5_data *string,
+                                           const krb5_data *salt,
+                                           const krb5_data *params,
+                                           krb5_keyblock *key);
+
+/* Random to key */
+krb5_error_code k5_rand2key_direct(const krb5_data *randombits,
+                                   krb5_keyblock *keyblock);
+krb5_error_code k5_rand2key_des3(const krb5_data *randombits,
+                                 krb5_keyblock *keyblock);
+
+/* Pseudo-random function */
+krb5_error_code krb5int_des_prf(const struct krb5_keytypes *ktp,
+                                krb5_key key, const krb5_data *in,
+                                krb5_data *out);
+krb5_error_code krb5int_arcfour_prf(const struct krb5_keytypes *ktp,
+                                    krb5_key key, const krb5_data *in,
+                                    krb5_data *out);
+krb5_error_code krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                               const krb5_data *in, krb5_data *out);
+krb5_error_code krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp,
+                                    krb5_key key, const krb5_data *in,
+                                    krb5_data *out);
+krb5_error_code krb5int_aes2_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                                 const krb5_data *in, krb5_data *out);
+
+/*** Prototypes for cksumtype handler functions ***/
+
+krb5_error_code krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output);
+krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output);
+krb5_error_code krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
+                                    krb5_key key, krb5_keyusage usage,
+                                    const krb5_crypto_iov *data,
+                                    size_t num_data, krb5_data *output);
+krb5_error_code krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data, krb5_data *output);
+krb5_error_code krb5int_etm_checksum(const struct krb5_cksumtypes *ctp,
+                                     krb5_key key, krb5_keyusage usage,
+                                     const krb5_crypto_iov *data,
+                                     size_t num_data, krb5_data *output);
+
+/*** Key derivation functions ***/
+
+enum deriv_alg {
+    DERIVE_RFC3961,             /* RFC 3961 section 5.1 */
+    DERIVE_SP800_108_CMAC,      /* NIST SP 800-108 with CMAC as PRF */
+    DERIVE_SP800_108_HMAC       /* NIST SP 800-108 with HMAC as PRF */
+};
+
+krb5_error_code krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
+                                        const struct krb5_hash_provider *hash,
+                                        krb5_key inkey, krb5_keyblock *outkey,
+                                        const krb5_data *in_constant,
+                                        enum deriv_alg alg);
+krb5_error_code krb5int_derive_key(const struct krb5_enc_provider *enc,
+                                   const struct krb5_hash_provider *hash,
+                                   krb5_key inkey, krb5_key *outkey,
+                                   const krb5_data *in_constant,
+                                   enum deriv_alg alg);
+krb5_error_code krb5int_derive_random(const struct krb5_enc_provider *enc,
+                                      const struct krb5_hash_provider *hash,
+                                      krb5_key inkey, krb5_data *outrnd,
+                                      const krb5_data *in_constant,
+                                      enum deriv_alg alg);
+
+/*** Miscellaneous prototypes ***/
+
+/* nfold algorithm from RFC 3961 */
+void krb5int_nfold(unsigned int inbits, const unsigned char *in,
+                   unsigned int outbits, unsigned char *out);
+
+/* Translate an RFC 3961 key usage to a Microsoft RC4 usage. */
+krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage);
+
+/* Ensure library initialization has occurred. */
+int krb5int_crypto_init(void);
+
+/* DES default state initialization handler (used by module enc providers). */
+krb5_error_code krb5int_des_init_state(const krb5_keyblock *key,
+                                       krb5_keyusage keyusage,
+                                       krb5_data *state_out);
+
+/* Default state cleanup handler (used by module enc providers). */
+void krb5int_default_free_state(krb5_data *state);
+
+/*** Input/output vector processing declarations **/
+
+#define ENCRYPT_CONF_IOV(_iov)  ((_iov)->flags == KRB5_CRYPTO_TYPE_HEADER)
+
+#define ENCRYPT_DATA_IOV(_iov)  ((_iov)->flags == KRB5_CRYPTO_TYPE_DATA || \
+                                 (_iov)->flags == KRB5_CRYPTO_TYPE_PADDING)
+
+#define ENCRYPT_IOV(_iov)       (ENCRYPT_CONF_IOV(_iov) || ENCRYPT_DATA_IOV(_iov))
+
+#define SIGN_IOV(_iov)          (ENCRYPT_IOV(_iov) ||                   \
+                                 (_iov)->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY )
+
+struct iov_cursor {
+    const krb5_crypto_iov *iov; /* iov array we are iterating over */
+    size_t iov_count;           /* size of iov array */
+    size_t block_size;          /* size of blocks we will be obtaining */
+    krb5_boolean signing;       /* should we process SIGN_ONLY blocks */
+    size_t in_iov;              /* read index into iov array */
+    size_t in_pos;              /* read index into iov contents */
+    size_t out_iov;             /* write index into iov array */
+    size_t out_pos;             /* write index into iov contents */
+};
+
+krb5_crypto_iov *krb5int_c_locate_iov(krb5_crypto_iov *data, size_t num_data,
+                                      krb5_cryptotype type);
+
+krb5_error_code krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp,
+                                             krb5_key key,
+                                             krb5_keyusage keyusage,
+                                             const krb5_data *ivec,
+                                             krb5_crypto_iov *data,
+                                             size_t num_data);
+
+unsigned int krb5int_c_padding_length(const struct krb5_keytypes *ktp,
+                                      size_t data_length);
+
+void k5_iov_cursor_init(struct iov_cursor *cursor, const krb5_crypto_iov *iov,
+                        size_t count, size_t block_size, krb5_boolean signing);
+
+krb5_boolean k5_iov_cursor_get(struct iov_cursor *cursor,
+                               unsigned char *block);
+
+void k5_iov_cursor_put(struct iov_cursor *cursor, unsigned char *block);
+
+/*** Crypto module declarations ***/
+
+/* Modules must implement the k5_sha256() function prototyped in k5-int.h. */
+
+/* Modules must implement the following enc_providers and hash_providers: */
+extern const struct krb5_enc_provider krb5int_enc_des3;
+extern const struct krb5_enc_provider krb5int_enc_arcfour;
+extern const struct krb5_enc_provider krb5int_enc_aes128;
+extern const struct krb5_enc_provider krb5int_enc_aes256;
+extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
+extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
+extern const struct krb5_enc_provider krb5int_enc_camellia128;
+extern const struct krb5_enc_provider krb5int_enc_camellia256;
+
+extern const struct krb5_hash_provider krb5int_hash_md4;
+extern const struct krb5_hash_provider krb5int_hash_md5;
+extern const struct krb5_hash_provider krb5int_hash_sha1;
+extern const struct krb5_hash_provider krb5int_hash_sha256;
+extern const struct krb5_hash_provider krb5int_hash_sha384;
+
+/* Modules must implement the following functions. */
+
+/* Set the parity bits to the correct values in keybits. */
+void k5_des_fixup_key_parity(unsigned char *keybits);
+
+/* Compute an HMAC using the provided hash function, key, and data, storing the
+ * result into output (caller-allocated). */
+krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash,
+                             krb5_key key, const krb5_crypto_iov *data,
+                             size_t num_data, krb5_data *output);
+
+/* Compute a CMAC checksum over data. */
+krb5_error_code krb5int_cmac_checksum(const struct krb5_enc_provider *enc,
+                                      krb5_key key,
+                                      const krb5_crypto_iov *data,
+                                      size_t num_data, krb5_data *output);
+
+/* As above, using a keyblock as the key input. */
+krb5_error_code krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+                                      const krb5_keyblock *keyblock,
+                                      const krb5_crypto_iov *data,
+                                      size_t num_data, krb5_data *output);
+
+/*
+ * Compute the PBKDF2 (see RFC 2898) of password and salt, with the specified
+ * count, using HMAC with the specified hash as the pseudo-random function,
+ * storing the result into out (caller-allocated).
+ */
+krb5_error_code krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                                    const krb5_data *out, unsigned long count,
+                                    const krb5_data *password,
+                                    const krb5_data *salt);
+
+/*
+ * Compute the NIST SP800-108 KDF in counter mode (section 5.1) with the
+ * following parameters:
+ *   - HMAC (with hash as the hash provider) is the PRF.
+ *   - A block counter of four bytes is used.
+ *   - Four bytes are used to encode the output length in the PRF input.
+ *
+ * There are no uses requiring more than a single PRF invocation.
+ */
+krb5_error_code
+k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash,
+                          krb5_key key, const krb5_data *label,
+                          const krb5_data *context, krb5_data *rnd_out);
+
+/*
+ * Compute the NIST SP800-108 KDF in feedback mode (section 5.2) with the
+ * following parameters:
+ *   - CMAC (with enc as the enc provider) is the PRF.
+ *   - A block counter of four bytes is used.
+ *   - Label is the key derivation constant.
+ *   - Context is empty.
+ *   - Four bytes are used to encode the output length in the PRF input.
+ */
+krb5_error_code
+k5_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, krb5_key key,
+                           const krb5_data *label, krb5_data *rnd_out);
+
+/* Compute the RFC 3961 section 5.1 KDF (which uses n-fold) with enc as E,
+ * inkey as Key, and in_constant as Constant. */
+krb5_error_code
+k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, krb5_key key,
+                         const krb5_data *constant, krb5_data *rnd_out);
+
+/* The following are used by test programs and are just handler functions from
+ * the AES and Camellia enc providers. */
+krb5_error_code krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
+                                    krb5_crypto_iov *data, size_t num_data);
+krb5_error_code krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
+                                    krb5_crypto_iov *data, size_t num_data);
+krb5_error_code krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
+                                         krb5_crypto_iov *data,
+                                         size_t num_data);
+
+/*** Inline helper functions ***/
+
+/* Find an enctype by number in the enctypes table. */
+static inline const struct krb5_keytypes *
+find_enctype(krb5_enctype enctype)
+{
+    int i;
+
+    for (i = 0; i < krb5int_enctypes_length; i++) {
+        if (krb5int_enctypes_list[i].etype == enctype)
+            break;
+    }
+
+    if (i == krb5int_enctypes_length)
+        return NULL;
+    return &krb5int_enctypes_list[i];
+}
+
+/* Find a checksum type by number in the cksumtypes table. */
+static inline const struct krb5_cksumtypes *
+find_cksumtype(krb5_cksumtype ctype)
+{
+    size_t i;
+
+    for (i = 0; i < krb5int_cksumtypes_length; i++) {
+        if (krb5int_cksumtypes_list[i].ctype == ctype)
+            break;
+    }
+
+    if (i == krb5int_cksumtypes_length)
+        return NULL;
+    return &krb5int_cksumtypes_list[i];
+}
+
+/* Verify that a key is appropriate for a checksum type. */
+static inline krb5_error_code
+verify_key(const struct krb5_cksumtypes *ctp, krb5_key key)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = key ? find_enctype(key->keyblock.enctype) : NULL;
+    if (ctp->enc != NULL && (!ktp || ktp->enc != ctp->enc))
+        return KRB5_BAD_ENCTYPE;
+    if (key && (!ktp || key->keyblock.length != ktp->enc->keylength))
+        return KRB5_BAD_KEYSIZE;
+    return 0;
+}
+
+/* Encrypt one block of plaintext in place, for block ciphers. */
+static inline krb5_error_code
+encrypt_block(const struct krb5_enc_provider *enc, krb5_key key,
+              krb5_data *block)
+{
+    krb5_crypto_iov iov;
+
+    /* Verify that this is a block cipher and block is the right length. */
+    if (block->length != enc->block_size || enc->block_size == 1)
+        return EINVAL;
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *block;
+    if (enc->cbc_mac != NULL)   /* One-block cbc-mac with no ivec. */
+        return enc->cbc_mac(key, &iov, 1, NULL, block);
+    else                        /* Assume cbc-mode encrypt. */
+        return enc->encrypt(key, 0, &iov, 1);
+}
+
+/* Return the total length of the to-be-signed or to-be-encrypted buffers in an
+ * iov chain. */
+static inline size_t
+iov_total_length(const krb5_crypto_iov *data, size_t num_data,
+                 krb5_boolean signing)
+{
+    size_t i, total = 0;
+
+    for (i = 0; i < num_data; i++) {
+        if (signing ? SIGN_IOV(&data[i]) : ENCRYPT_IOV(&data[i]))
+            total += data[i].data.length;
+    }
+    return total;
+}
+
+/*
+ * Return the number of contiguous blocks available within the current input
+ * IOV of the cursor c, so that the caller can do in-place encryption.
+ * Do not call if c might be exhausted.
+ */
+static inline size_t
+iov_cursor_contig_blocks(struct iov_cursor *c)
+{
+    return (c->iov[c->in_iov].data.length - c->in_pos) / c->block_size;
+}
+
+/* Return the current input pointer within the cursor c.  Do not call if c
+ * might be exhausted. */
+static inline unsigned char *
+iov_cursor_ptr(struct iov_cursor *c)
+{
+    return (unsigned char *)&c->iov[c->in_iov].data.data[c->in_pos];
+}
+
+/*
+ * Advance the input and output pointers of c by nblocks blocks.  nblocks must
+ * not be greater than the return value of iov_cursor_contig_blocks, and the
+ * input and output positions must be identical.
+ */
+static inline void
+iov_cursor_advance(struct iov_cursor *c, size_t nblocks)
+{
+    c->in_pos += nblocks * c->block_size;
+    c->out_pos += nblocks * c->block_size;
+}
+
+#endif /* CRYPTO_INT_H */
diff --git a/krb5-1.21.3/src/lib/crypto/krb/crypto_length.c b/krb5-1.21.3/src/lib/crypto/krb/crypto_length.c
new file mode 100644
index 00000000..a621423a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/crypto_length.c
@@ -0,0 +1,125 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/crypto_length.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
+                     krb5_cryptotype type, unsigned int *size)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_EMPTY:
+    case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+        *size = 0;
+        break;
+    case KRB5_CRYPTO_TYPE_DATA:
+        *size = (unsigned int)~0; /* match Heimdal */
+        break;
+    case KRB5_CRYPTO_TYPE_HEADER:
+    case KRB5_CRYPTO_TYPE_PADDING:
+    case KRB5_CRYPTO_TYPE_TRAILER:
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        *size = ktp->crypto_length(ktp, type);
+        break;
+    default:
+        return EINVAL;
+    }
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
+                      size_t data_length, unsigned int *pad_length)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    *pad_length = krb5int_c_padding_length(ktp, data_length);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
+                         krb5_crypto_iov *data, size_t num_data)
+{
+    size_t i;
+    const struct krb5_keytypes *ktp;
+    unsigned int data_length = 0, pad_length;
+    krb5_crypto_iov *padding = NULL;
+
+    /*
+     * XXX need to rejig internal interface so we can accurately
+     * report variable header lengths.
+     */
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    for (i = 0; i < num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
+
+        switch (iov->flags) {
+        case KRB5_CRYPTO_TYPE_DATA:
+            data_length += iov->data.length;
+            break;
+        case KRB5_CRYPTO_TYPE_PADDING:
+            if (padding != NULL)
+                return EINVAL;
+
+            padding = iov;
+            break;
+        case KRB5_CRYPTO_TYPE_HEADER:
+        case KRB5_CRYPTO_TYPE_TRAILER:
+        case KRB5_CRYPTO_TYPE_CHECKSUM:
+            iov->data.length = ktp->crypto_length(ktp, iov->flags);
+            break;
+        case KRB5_CRYPTO_TYPE_EMPTY:
+        case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+        default:
+            break;
+        }
+    }
+
+    pad_length = krb5int_c_padding_length(ktp, data_length);
+    if (pad_length != 0 && padding == NULL)
+        return EINVAL;
+
+    if (padding != NULL)
+        padding->data.length = pad_length;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/decrypt.c b/krb5-1.21.3/src/lib/crypto/krb/decrypt.c
new file mode 100644
index 00000000..496d262e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/decrypt.c
@@ -0,0 +1,101 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt(krb5_context context, krb5_key key,
+               krb5_keyusage usage, const krb5_data *cipher_state,
+               const krb5_enc_data *input, krb5_data *output)
+{
+    const struct krb5_keytypes *ktp;
+    krb5_crypto_iov iov[4];
+    krb5_error_code ret;
+    unsigned int header_len, trailer_len, plain_len;
+    char *scratch = NULL;
+
+    ktp = find_enctype(key->keyblock.enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype)
+        return KRB5_BAD_ENCTYPE;
+
+    /* Verify the input and output lengths. */
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+    if (input->ciphertext.length < header_len + trailer_len)
+        return KRB5_BAD_MSIZE;
+    plain_len = input->ciphertext.length - header_len - trailer_len;
+    if (output->length < plain_len)
+        return KRB5_BAD_MSIZE;
+
+    scratch = k5alloc(header_len + trailer_len, &ret);
+    if (scratch == NULL)
+        return ret;
+
+    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+    iov[0].data = make_data(scratch, header_len);
+    memcpy(iov[0].data.data, input->ciphertext.data, header_len);
+
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = make_data(output->data, plain_len);
+    memcpy(iov[1].data.data, input->ciphertext.data + header_len, plain_len);
+
+    /* Use empty padding since tokens don't indicate the padding length. */
+    iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
+    iov[2].data = empty_data();
+
+    iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    iov[3].data = make_data(scratch + header_len, trailer_len);
+    memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len,
+           trailer_len);
+
+    ret = ktp->decrypt(ktp, key, usage, cipher_state, iov, 4);
+    if (ret != 0)
+        zap(output->data, plain_len);
+    else
+        output->length = plain_len;
+    zapfree(scratch, header_len + trailer_len);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_decrypt(krb5_context context, const krb5_keyblock *keyblock,
+               krb5_keyusage usage, const krb5_data *cipher_state,
+               const krb5_enc_data *input, krb5_data *output)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_decrypt(context, key, usage, cipher_state, input, output);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/decrypt_iov.c b/krb5-1.21.3/src/lib/crypto/krb/decrypt_iov.c
new file mode 100644
index 00000000..8d43e8ff
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/decrypt_iov.c
@@ -0,0 +1,64 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/decrypt_iov.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                   const krb5_data *cipher_state, krb5_crypto_iov *data,
+                   size_t num_data)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(key->keyblock.enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    if (krb5int_c_locate_iov(data, num_data,
+                             KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+        return krb5int_c_iov_decrypt_stream(ktp, key, usage, cipher_state,
+                                            data, num_data);
+    }
+
+    return ktp->decrypt(ktp, key, usage, cipher_state, data, num_data);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                   krb5_keyusage usage, const krb5_data *cipher_state,
+                   krb5_crypto_iov *data, size_t num_data)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_decrypt_iov(context, key, usage, cipher_state, data,
+                             num_data);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/default_state.c b/krb5-1.21.3/src/lib/crypto/krb/default_state.c
new file mode 100644
index 00000000..0757c8b0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/default_state.c
@@ -0,0 +1,50 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2001, 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Section 6 (Encryption) of the Kerberos revisions document defines
+ * cipher states to be used to chain encryptions and decryptions
+ * together.  Examples of cipher states include initialization vectors
+ * for CBC encription.  Most Kerberos encryption systems can share
+ * code for initializing and freeing cipher states.  This file
+ * contains that default code.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_des_init_state(const krb5_keyblock *key, krb5_keyusage usage,
+                       krb5_data *state_out)
+{
+    if (alloc_data(state_out, 8))
+        return ENOMEM;
+
+    return 0;
+}
+
+void
+krb5int_default_free_state(krb5_data *state)
+{
+    free(state->data);
+    *state = empty_data();
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/deps b/krb5-1.21.3/src/lib/crypto/krb/deps
new file mode 100644
index 00000000..92928572
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/deps
@@ -0,0 +1,580 @@
+#
+# Generated makefile dependencies follow.
+#
+aead.so aead.po $(OUTPRE)aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h aead.c crypto_int.h
+block_size.so block_size.po $(OUTPRE)block_size.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  block_size.c crypto_int.h
+cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cf2.c crypto_int.h
+checksum_dk_cmac.so checksum_dk_cmac.po $(OUTPRE)checksum_dk_cmac.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_dk_cmac.c crypto_int.h
+checksum_dk_hmac.so checksum_dk_hmac.po $(OUTPRE)checksum_dk_hmac.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_dk_hmac.c crypto_int.h
+checksum_etm.so checksum_etm.po $(OUTPRE)checksum_etm.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_etm.c crypto_int.h
+checksum_hmac_md5.so checksum_hmac_md5.po $(OUTPRE)checksum_hmac_md5.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_hmac_md5.c crypto_int.h
+checksum_unkeyed.so checksum_unkeyed.po $(OUTPRE)checksum_unkeyed.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_unkeyed.c crypto_int.h
+checksum_length.so checksum_length.po $(OUTPRE)checksum_length.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_length.c crypto_int.h
+cksumtype_to_string.so cksumtype_to_string.po $(OUTPRE)cksumtype_to_string.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtype_to_string.c crypto_int.h
+cksumtypes.so cksumtypes.po $(OUTPRE)cksumtypes.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.c crypto_int.h
+coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  coll_proof_cksum.c crypto_int.h
+crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h crypto_length.c
+default_state.so default_state.po $(OUTPRE)default_state.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h default_state.c
+decrypt.so decrypt.po $(OUTPRE)decrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h decrypt.c
+decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h decrypt_iov.c
+derive.so derive.po $(OUTPRE)derive.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h derive.c
+encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h encrypt.c
+encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h encrypt_iov.c
+encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h encrypt_length.c
+enctype_util.so enctype_util.po $(OUTPRE)enctype_util.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h enctype_util.c
+enc_dk_cmac.so enc_dk_cmac.po $(OUTPRE)enc_dk_cmac.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h enc_dk_cmac.c
+enc_dk_hmac.so enc_dk_hmac.po $(OUTPRE)enc_dk_hmac.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h enc_dk_hmac.c
+enc_etm.so enc_etm.po $(OUTPRE)enc_etm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h enc_etm.c
+enc_raw.so enc_raw.po $(OUTPRE)enc_raw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h enc_raw.c
+enc_rc4.so enc_rc4.po $(OUTPRE)enc_rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h enc_rc4.c
+etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h etypes.c
+key.so key.po $(OUTPRE)key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h key.c
+keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h keyblocks.c
+keyed_cksum.so keyed_cksum.po $(OUTPRE)keyed_cksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h keyed_cksum.c
+keyed_checksum_types.so keyed_checksum_types.po $(OUTPRE)keyed_checksum_types.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h keyed_checksum_types.c
+keylengths.so keylengths.po $(OUTPRE)keylengths.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h keylengths.c
+make_checksum.so make_checksum.po $(OUTPRE)make_checksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h make_checksum.c
+make_checksum_iov.so make_checksum_iov.po $(OUTPRE)make_checksum_iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h make_checksum_iov.c
+make_random_key.so make_random_key.po $(OUTPRE)make_random_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h make_random_key.c
+mandatory_sumtype.so mandatory_sumtype.po $(OUTPRE)mandatory_sumtype.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h mandatory_sumtype.c
+nfold.so nfold.po $(OUTPRE)nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h nfold.c
+old_api_glue.so old_api_glue.po $(OUTPRE)old_api_glue.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h old_api_glue.c
+prf.so prf.po $(OUTPRE)prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h prf.c
+prf_aes2.so prf_aes2.po $(OUTPRE)prf_aes2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h prf_aes2.c
+prf_cmac.so prf_cmac.po $(OUTPRE)prf_cmac.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h prf_cmac.c
+prf_des.so prf_des.po $(OUTPRE)prf_des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h prf_des.c
+prf_dk.so prf_dk.po $(OUTPRE)prf_dk.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h prf_dk.c
+prf_rc4.so prf_rc4.po $(OUTPRE)prf_rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h prf_rc4.c
+prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h prng.c
+random_to_key.so random_to_key.po $(OUTPRE)random_to_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h random_to_key.c
+s2k_pbkdf2.so s2k_pbkdf2.po $(OUTPRE)s2k_pbkdf2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h s2k_pbkdf2.c
+s2k_rc4.so s2k_rc4.po $(OUTPRE)s2k_rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h s2k_rc4.c
+state.so state.po $(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crypto_int.h state.c
+string_to_cksumtype.so string_to_cksumtype.po $(OUTPRE)string_to_cksumtype.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h string_to_cksumtype.c
+string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h string_to_key.c
+valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h valid_cksumtype.c
+verify_checksum.so verify_checksum.po $(OUTPRE)verify_checksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h verify_checksum.c
+verify_checksum_iov.so verify_checksum_iov.po $(OUTPRE)verify_checksum_iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  crypto_int.h verify_checksum_iov.c
diff --git a/krb5-1.21.3/src/lib/crypto/krb/derive.c b/krb5-1.21.3/src/lib/crypto/krb/derive.c
new file mode 100644
index 00000000..3e51a005
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/derive.c
@@ -0,0 +1,174 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+static krb5_key
+find_cached_dkey(struct derived_key *list, const krb5_data *constant)
+{
+    for (; list; list = list->next) {
+        if (data_eq(list->constant, *constant)) {
+            krb5_k_reference_key(NULL, list->dkey);
+            return list->dkey;
+        }
+    }
+    return NULL;
+}
+
+static krb5_error_code
+add_cached_dkey(krb5_key key, const krb5_data *constant,
+                const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
+{
+    krb5_key dkey;
+    krb5_error_code ret;
+    struct derived_key *dkent = NULL;
+    char *data = NULL;
+
+    /* Allocate fields for the new entry. */
+    dkent = malloc(sizeof(*dkent));
+    if (dkent == NULL)
+        goto cleanup;
+    data = k5memdup(constant->data, constant->length, &ret);
+    if (data == NULL)
+        goto cleanup;
+    ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Add the new entry to the list. */
+    dkent->dkey = dkey;
+    dkent->constant.data = data;
+    dkent->constant.length = constant->length;
+    dkent->next = key->derived;
+    key->derived = dkent;
+
+    /* Return a "copy" of the cached key. */
+    krb5_k_reference_key(NULL, dkey);
+    *cached_dkey = dkey;
+    return 0;
+
+cleanup:
+    free(dkent);
+    free(data);
+    return ENOMEM;
+}
+
+krb5_error_code
+krb5int_derive_random(const struct krb5_enc_provider *enc,
+                      const struct krb5_hash_provider *hash,
+                      krb5_key inkey, krb5_data *outrnd,
+                      const krb5_data *in_constant, enum deriv_alg alg)
+{
+    krb5_data empty = empty_data();
+
+    switch (alg) {
+    case DERIVE_RFC3961:
+        return k5_derive_random_rfc3961(enc, inkey, in_constant, outrnd);
+    case DERIVE_SP800_108_CMAC:
+        return k5_sp800_108_feedback_cmac(enc, inkey, in_constant, outrnd);
+    case DERIVE_SP800_108_HMAC:
+        return k5_sp800_108_counter_hmac(hash, inkey, in_constant, &empty,
+                                         outrnd);
+    default:
+        return EINVAL;
+    }
+}
+
+/*
+ * Compute a derived key into the keyblock outkey.  This variation on
+ * krb5int_derive_key does not cache the result, as it is only used
+ * directly in situations which are not expected to be repeated with
+ * the same inkey and constant.
+ */
+krb5_error_code
+krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
+                        const struct krb5_hash_provider *hash,
+                        krb5_key inkey, krb5_keyblock *outkey,
+                        const krb5_data *in_constant, enum deriv_alg alg)
+{
+    krb5_error_code ret;
+    krb5_data rawkey = empty_data();
+
+    /* Allocate a buffer for the raw key bytes. */
+    ret = alloc_data(&rawkey, enc->keybytes);
+    if (ret)
+        goto cleanup;
+
+    /* Derive pseudo-random data for the key bytes. */
+    ret = krb5int_derive_random(enc, hash, inkey, &rawkey, in_constant, alg);
+    if (ret)
+        goto cleanup;
+
+    /* Postprocess the key. */
+    ret = krb5_c_random_to_key(NULL, inkey->keyblock.enctype, &rawkey, outkey);
+
+cleanup:
+    zapfree(rawkey.data, enc->keybytes);
+    return ret;
+}
+
+krb5_error_code
+krb5int_derive_key(const struct krb5_enc_provider *enc,
+                   const struct krb5_hash_provider *hash,
+                   krb5_key inkey, krb5_key *outkey,
+                   const krb5_data *in_constant, enum deriv_alg alg)
+{
+    krb5_keyblock keyblock;
+    krb5_error_code ret;
+    krb5_key dkey;
+
+    *outkey = NULL;
+
+    /* Check for a cached result. */
+    dkey = find_cached_dkey(inkey->derived, in_constant);
+    if (dkey != NULL) {
+        *outkey = dkey;
+        return 0;
+    }
+
+    /* Derive into a temporary keyblock. */
+    keyblock.length = enc->keylength;
+    keyblock.contents = malloc(keyblock.length);
+    keyblock.enctype = inkey->keyblock.enctype;
+    if (keyblock.contents == NULL)
+        return ENOMEM;
+    ret = krb5int_derive_keyblock(enc, hash, inkey, &keyblock, in_constant,
+                                  alg);
+    if (ret)
+        goto cleanup;
+
+    /* Cache the derived key. */
+    ret = add_cached_dkey(inkey, in_constant, &keyblock, &dkey);
+    if (ret != 0)
+        goto cleanup;
+
+    *outkey = dkey;
+
+cleanup:
+    zapfree(keyblock.contents, keyblock.length);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/enc_dk_cmac.c b/krb5-1.21.3/src/lib/crypto/krb/enc_dk_cmac.c
new file mode 100644
index 00000000..b65b9b70
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/enc_dk_cmac.c
@@ -0,0 +1,182 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/enc_dk_cmac.c - Derived-key enctype functions using CMAC */
+/*
+ * Copyright 2008, 2009, 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "crypto_int.h"
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+/* AEAD */
+
+unsigned int
+krb5int_camellia_crypto_length(const struct krb5_keytypes *ktp,
+                               krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->enc->block_size;
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return 0;
+    case KRB5_CRYPTO_TYPE_TRAILER:
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return ktp->enc->block_size;
+    default:
+        assert(0 && "bad type passed to krb5int_camellia_crypto_length");
+        return 0;
+    }
+}
+
+/* Derive encryption and integrity keys for CMAC-using enctypes. */
+static krb5_error_code
+derive_keys(const struct krb5_enc_provider *enc, krb5_key key,
+            krb5_keyusage usage, krb5_key *ke_out, krb5_key *ki_out)
+{
+    krb5_error_code ret;
+    unsigned char buf[K5CLENGTH];
+    krb5_data constant = make_data(buf, K5CLENGTH);
+    krb5_key ke, ki;
+
+    *ke_out = *ki_out = NULL;
+
+    /* Derive the encryption key. */
+    store_32_be(usage, buf);
+    buf[4] = 0xAA;
+    ret = krb5int_derive_key(enc, NULL, key, &ke, &constant,
+                             DERIVE_SP800_108_CMAC);
+    if (ret != 0)
+        return ret;
+
+    /* Derive the integrity key. */
+    buf[4] = 0x55;
+    ret = krb5int_derive_key(enc, NULL, key, &ki, &constant,
+                             DERIVE_SP800_108_CMAC);
+    if (ret != 0) {
+        krb5_k_free_key(NULL, ke);
+        return ret;
+    }
+
+    *ke_out = ke;
+    *ki_out = ki;
+    return 0;
+}
+
+krb5_error_code
+krb5int_dk_cmac_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer, *padding;
+    krb5_key ke = NULL, ki = NULL;
+
+    /* E(Confounder | Plaintext | Pad) | Checksum */
+
+    /* Validate header and trailer lengths, and zero out padding length. */
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL || header->data.length < enc->block_size)
+        return KRB5_BAD_MSIZE;
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer == NULL || trailer->data.length < enc->block_size)
+        return KRB5_BAD_MSIZE;
+    padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+    if (padding != NULL)
+        padding->data.length = 0;
+
+    /* Derive the encryption and integrity keys. */
+    ret = derive_keys(enc, key, usage, &ke, &ki);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Generate confounder. */
+    header->data.length = enc->block_size;
+    ret = krb5_c_random_make_octets(NULL, &header->data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Checksum the plaintext. */
+    ret = krb5int_cmac_checksum(enc, ki, data, num_data, &trailer->data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Encrypt the plaintext (header | data | padding) */
+    ret = enc->encrypt(ke, ivec, data, num_data);
+    if (ret != 0)
+        goto cleanup;
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    krb5_k_free_key(NULL, ki);
+    return ret;
+}
+
+krb5_error_code
+krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer;
+    krb5_data cksum = empty_data();
+    krb5_key ke = NULL, ki = NULL;
+
+    /* E(Confounder | Plaintext | Pad) | Checksum */
+
+    /* Validate header and trailer lengths. */
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL || header->data.length != enc->block_size)
+        return KRB5_BAD_MSIZE;
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer == NULL || trailer->data.length != enc->block_size)
+        return KRB5_BAD_MSIZE;
+
+    /* Derive the encryption and integrity keys. */
+    ret = derive_keys(enc, key, usage, &ke, &ki);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Decrypt the plaintext (header | data | padding). */
+    ret = enc->decrypt(ke, ivec, data, num_data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Verify the hash. */
+    ret = alloc_data(&cksum, enc->block_size);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_cmac_checksum(enc, ki, data, num_data, &cksum);
+    if (ret != 0)
+        goto cleanup;
+    if (k5_bcmp(cksum.data, trailer->data.data, enc->block_size) != 0)
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    krb5_k_free_key(NULL, ki);
+    zapfree(cksum.data, cksum.length);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/enc_dk_hmac.c b/krb5-1.21.3/src/lib/crypto/krb/enc_dk_hmac.c
new file mode 100644
index 00000000..713044c6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/enc_dk_hmac.c
@@ -0,0 +1,269 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/enc_dk_hmac.c */
+/*
+ * Copyright 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "crypto_int.h"
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+/* AEAD */
+
+unsigned int
+krb5int_dk_crypto_length(const struct krb5_keytypes *ktp, krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return ktp->enc->block_size;
+    case KRB5_CRYPTO_TYPE_TRAILER:
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return ktp->hash->hashsize;
+    default:
+        assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
+        return 0;
+    }
+}
+
+unsigned int
+krb5int_aes_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->enc->block_size;
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return 0;
+    case KRB5_CRYPTO_TYPE_TRAILER:
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return 96 / 8;
+    default:
+        assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
+        return 0;
+    }
+}
+
+krb5_error_code
+krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                   krb5_keyusage usage, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    unsigned char constantdata[K5CLENGTH];
+    krb5_data d1, d2;
+    krb5_crypto_iov *header, *trailer, *padding;
+    krb5_key ke = NULL, ki = NULL;
+    size_t i;
+    unsigned int blocksize, hmacsize, plainlen = 0, padsize = 0;
+    unsigned char *cksum = NULL;
+
+    /* E(Confounder | Plaintext | Pad) | Checksum */
+
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+    hmacsize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+    for (i = 0; i < num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
+
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
+    }
+
+    /* Validate header and trailer lengths. */
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL || header->data.length < enc->block_size)
+        return KRB5_BAD_MSIZE;
+
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer == NULL || trailer->data.length < hmacsize)
+        return KRB5_BAD_MSIZE;
+
+    if (blocksize != 0) {
+        /* Check that the input data is correctly padded. */
+        if (plainlen % blocksize)
+            padsize = blocksize - (plainlen % blocksize);
+    }
+
+    padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+    if (padsize && (padding == NULL || padding->data.length < padsize))
+        return KRB5_BAD_MSIZE;
+
+    if (padding != NULL) {
+        memset(padding->data.data, 0, padsize);
+        padding->data.length = padsize;
+    }
+
+    cksum = k5alloc(hash->hashsize, &ret);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive the keys. */
+
+    d1.data = (char *)constantdata;
+    d1.length = K5CLENGTH;
+
+    store_32_be(usage, constantdata);
+
+    d1.data[4] = 0xAA;
+
+    ret = krb5int_derive_key(enc, NULL, key, &ke, &d1, DERIVE_RFC3961);
+    if (ret != 0)
+        goto cleanup;
+
+    d1.data[4] = 0x55;
+
+    ret = krb5int_derive_key(enc, NULL, key, &ki, &d1, DERIVE_RFC3961);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Generate confounder. */
+
+    header->data.length = enc->block_size;
+
+    ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Hash the plaintext. */
+    d2.length = hash->hashsize;
+    d2.data = (char *)cksum;
+
+    ret = krb5int_hmac(hash, ki, data, num_data, &d2);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Encrypt the plaintext (header | data | padding) */
+    ret = enc->encrypt(ke, ivec, data, num_data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Possibly truncate the hash */
+    assert(hmacsize <= d2.length);
+
+    memcpy(trailer->data.data, cksum, hmacsize);
+    trailer->data.length = hmacsize;
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    krb5_k_free_key(NULL, ki);
+    free(cksum);
+    return ret;
+}
+
+krb5_error_code
+krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                   krb5_keyusage usage, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    unsigned char constantdata[K5CLENGTH];
+    krb5_data d1;
+    krb5_crypto_iov *header, *trailer;
+    krb5_key ke = NULL, ki = NULL;
+    size_t i;
+    unsigned int blocksize; /* enc block size, not confounder len */
+    unsigned int hmacsize, cipherlen = 0;
+    unsigned char *cksum = NULL;
+
+    /* E(Confounder | Plaintext | Pad) | Checksum */
+
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+    hmacsize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+    if (blocksize != 0) {
+        /* Check that the input data is correctly padded. */
+        for (i = 0; i < num_data; i++) {
+            const krb5_crypto_iov *iov = &data[i];
+
+            if (ENCRYPT_DATA_IOV(iov))
+                cipherlen += iov->data.length;
+        }
+        if (cipherlen % blocksize != 0)
+            return KRB5_BAD_MSIZE;
+    }
+
+    /* Validate header and trailer lengths */
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL || header->data.length != enc->block_size)
+        return KRB5_BAD_MSIZE;
+
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer == NULL || trailer->data.length != hmacsize)
+        return KRB5_BAD_MSIZE;
+
+    cksum = k5alloc(hash->hashsize, &ret);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive the keys. */
+
+    d1.data = (char *)constantdata;
+    d1.length = K5CLENGTH;
+
+    store_32_be(usage, constantdata);
+
+    d1.data[4] = 0xAA;
+
+    ret = krb5int_derive_key(enc, NULL, key, &ke, &d1, DERIVE_RFC3961);
+    if (ret != 0)
+        goto cleanup;
+
+    d1.data[4] = 0x55;
+
+    ret = krb5int_derive_key(enc, NULL, key, &ki, &d1, DERIVE_RFC3961);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Decrypt the plaintext (header | data | padding). */
+    ret = enc->decrypt(ke, ivec, data, num_data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Verify the hash. */
+    d1.length = hash->hashsize; /* non-truncated length */
+    d1.data = (char *)cksum;
+
+    ret = krb5int_hmac(hash, ki, data, num_data, &d1);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Compare only the possibly truncated length. */
+    if (k5_bcmp(cksum, trailer->data.data, hmacsize) != 0) {
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
+    }
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    krb5_k_free_key(NULL, ki);
+    free(cksum);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/enc_etm.c b/krb5-1.21.3/src/lib/crypto/krb/enc_etm.c
new file mode 100644
index 00000000..3135dd5b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/enc_etm.c
@@ -0,0 +1,257 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/enc_etm.c - encrypt-then-mac construction for aes-sha2 */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+unsigned int
+krb5int_aes2_crypto_length(const struct krb5_keytypes *ktp,
+                           krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->enc->block_size;
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return 0;
+    case KRB5_CRYPTO_TYPE_TRAILER:
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return ktp->hash->hashsize / 2;
+    default:
+        assert(0 && "invalid cryptotype passed to krb5int_aes2_crypto_length");
+        return 0;
+    }
+}
+
+/* Derive encryption and integrity keys for CMAC-using enctypes. */
+static krb5_error_code
+derive_keys(const struct krb5_keytypes *ktp, krb5_key key,
+            krb5_keyusage usage, krb5_key *ke_out, krb5_data *ki_out)
+{
+    krb5_error_code ret;
+    uint8_t label[5];
+    krb5_data label_data = make_data(label, 5), ki = empty_data();
+    krb5_key ke = NULL;
+
+    *ke_out = NULL;
+    *ki_out = empty_data();
+
+    /* Derive the encryption key. */
+    store_32_be(usage, label);
+    label[4] = 0xAA;
+    ret = krb5int_derive_key(ktp->enc, ktp->hash, key, &ke, &label_data,
+                             DERIVE_SP800_108_HMAC);
+    if (ret)
+        goto cleanup;
+
+    /* Derive the integrity key. */
+    label[4] = 0x55;
+    ret = alloc_data(&ki, ktp->hash->hashsize / 2);
+    if (ret)
+        goto cleanup;
+    ret = krb5int_derive_random(NULL, ktp->hash, key, &ki, &label_data,
+                                DERIVE_SP800_108_HMAC);
+    if (ret)
+        goto cleanup;
+
+    *ke_out = ke;
+    ke = NULL;
+    *ki_out = ki;
+    ki = empty_data();
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    zapfree(ki.data, ki.length);
+    return ret;
+}
+
+/* Compute an HMAC checksum over the cipher state and data.  Allocate enough
+ * space in *out for the checksum. */
+static krb5_error_code
+hmac_ivec_data(const struct krb5_keytypes *ktp, const krb5_data *ki,
+               const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data,
+               krb5_data *out)
+{
+    krb5_error_code ret;
+    krb5_data zeroivec = empty_data();
+    krb5_crypto_iov *iovs = NULL;
+    krb5_keyblock kb = { 0 };
+
+    if (ivec == NULL) {
+        ret = ktp->enc->init_state(NULL, 0, &zeroivec);
+        if (ret)
+            goto cleanup;
+        ivec = &zeroivec;
+    }
+
+    /* Make a copy of data with an extra iov at the beginning for the ivec. */
+    iovs = k5calloc(num_data + 1, sizeof(*iovs), &ret);
+    if (iovs == NULL)
+        goto cleanup;
+    iovs[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iovs[0].data = *ivec;
+    memcpy(iovs + 1, data, num_data * sizeof(*iovs));
+
+    ret = alloc_data(out, ktp->hash->hashsize);
+    if (ret)
+        goto cleanup;
+    kb.length = ki->length;
+    kb.contents = (uint8_t *)ki->data;
+    ret = krb5int_hmac_keyblock(ktp->hash, &kb, iovs, num_data + 1, out);
+
+cleanup:
+    if (zeroivec.data != NULL)
+        ktp->enc->free_state(&zeroivec);
+    free(iovs);
+    return ret;
+}
+
+krb5_error_code
+krb5int_etm_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    krb5_error_code ret;
+    krb5_data ivcopy = empty_data(), cksum = empty_data();
+    krb5_crypto_iov *header, *trailer, *padding;
+    krb5_key ke = NULL;
+    krb5_data ki = empty_data();
+    unsigned int trailer_len;
+
+    /* E(Confounder | Plaintext) | Checksum(IV | ciphertext) */
+
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+    /* Validate header and trailer lengths, and zero out padding length. */
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL || header->data.length < enc->block_size)
+        return KRB5_BAD_MSIZE;
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer == NULL || trailer->data.length < trailer_len)
+        return KRB5_BAD_MSIZE;
+    padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+    if (padding != NULL)
+        padding->data.length = 0;
+
+    if (ivec != NULL) {
+        ret = alloc_data(&ivcopy, ivec->length);
+        if (ret)
+            goto cleanup;
+        memcpy(ivcopy.data, ivec->data, ivec->length);
+    }
+
+    /* Derive the encryption and integrity keys. */
+    ret = derive_keys(ktp, key, usage, &ke, &ki);
+    if (ret)
+        goto cleanup;
+
+    /* Generate confounder. */
+    header->data.length = enc->block_size;
+    ret = krb5_c_random_make_octets(NULL, &header->data);
+    if (ret)
+        goto cleanup;
+
+    /* Encrypt the plaintext (header | data). */
+    ret = enc->encrypt(ke, (ivec == NULL) ? NULL : &ivcopy, data, num_data);
+    if (ret)
+        goto cleanup;
+
+    /* HMAC the IV, confounder, and ciphertext with sign-only data. */
+    ret = hmac_ivec_data(ktp, &ki, ivec, data, num_data, &cksum);
+    if (ret)
+        goto cleanup;
+
+    /* Truncate the HMAC checksum to the trailer length. */
+    assert(trailer_len <= cksum.length);
+    memcpy(trailer->data.data, cksum.data, trailer_len);
+    trailer->data.length = trailer_len;
+
+    /* Copy out the updated ivec if desired. */
+    if (ivec != NULL)
+        memcpy(ivec->data, ivcopy.data, ivcopy.length);
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    zapfree(ki.data, ki.length);
+    free(cksum.data);
+    zapfree(ivcopy.data, ivcopy.length);
+    return ret;
+}
+
+krb5_error_code
+krb5int_etm_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    krb5_error_code ret;
+    krb5_data cksum = empty_data();
+    krb5_crypto_iov *header, *trailer;
+    krb5_key ke = NULL;
+    krb5_data ki = empty_data();
+    unsigned int trailer_len;
+
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+    /* Validate header and trailer lengths. */
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL || header->data.length != enc->block_size)
+        return KRB5_BAD_MSIZE;
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer == NULL || trailer->data.length != trailer_len)
+        return KRB5_BAD_MSIZE;
+
+    /* Derive the encryption and integrity keys. */
+    ret = derive_keys(ktp, key, usage, &ke, &ki);
+    if (ret)
+        goto cleanup;
+
+    /* HMAC the IV, confounder, and ciphertext with sign-only data. */
+    ret = hmac_ivec_data(ktp, &ki, ivec, data, num_data, &cksum);
+    if (ret)
+        goto cleanup;
+
+    /* Compare only the possibly truncated length. */
+    assert(trailer_len <= cksum.length);
+    if (k5_bcmp(cksum.data, trailer->data.data, trailer_len) != 0) {
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
+    }
+
+    /* Decrypt the ciphertext (header | data | padding). */
+    ret = enc->decrypt(ke, ivec, data, num_data);
+
+cleanup:
+    krb5_k_free_key(NULL, ke);
+    zapfree(ki.data, ki.length);
+    zapfree(cksum.data, cksum.length);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/enc_raw.c b/krb5-1.21.3/src/lib/crypto/krb/enc_raw.c
new file mode 100644
index 00000000..554d5c4d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/enc_raw.c
@@ -0,0 +1,109 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/enc_raw.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "crypto_int.h"
+
+unsigned int
+krb5int_raw_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return ktp->enc->block_size;
+    default:
+        return 0;
+    }
+}
+
+krb5_error_code
+krb5int_raw_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    krb5_crypto_iov *padding;
+    size_t i;
+    unsigned int blocksize, plainlen = 0, padsize = 0;
+
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+
+    for (i = 0; i < num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
+
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
+    }
+
+    if (blocksize != 0) {
+        /* Check that the input data is correctly padded */
+        if (plainlen % blocksize)
+            padsize = blocksize - (plainlen % blocksize);
+    }
+
+    padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+    if (padsize && (padding == NULL || padding->data.length < padsize))
+        return KRB5_BAD_MSIZE;
+
+    if (padding != NULL) {
+        memset(padding->data.data, 0, padsize);
+        padding->data.length = padsize;
+    }
+
+    return ktp->enc->encrypt(key, ivec, data, num_data);
+}
+
+krb5_error_code
+krb5int_raw_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    size_t i;
+    unsigned int blocksize = 0; /* enc block size, not confounder len */
+    unsigned int cipherlen = 0;
+
+    /* E(Confounder | Plaintext | Pad) | Checksum */
+
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (ENCRYPT_DATA_IOV(iov))
+            cipherlen += iov->data.length;
+    }
+
+    if (blocksize == 0) {
+        /* Check for correct input length in CTS mode */
+        if (ktp->enc->block_size != 0 && cipherlen < ktp->enc->block_size)
+            return KRB5_BAD_MSIZE;
+    } else {
+        /* Check that the input data is correctly padded */
+        if (cipherlen % blocksize != 0)
+            return KRB5_BAD_MSIZE;
+    }
+
+    return ktp->enc->decrypt(key, ivec, data, num_data);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/enc_rc4.c b/krb5-1.21.3/src/lib/crypto/krb/enc_rc4.c
new file mode 100644
index 00000000..aac8508b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/enc_rc4.c
@@ -0,0 +1,347 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+
+  ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
+  This cipher is widely believed and has been tested to be equivalent
+  with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
+  of RSA Data Security)
+
+*/
+#include "crypto_int.h"
+
+#define CONFOUNDERLENGTH 8
+
+const char l40[] = "fortybits";
+
+krb5_keyusage
+krb5int_arcfour_translate_usage(krb5_keyusage usage)
+{
+    switch (usage) {
+    case 1:  return 1;   /* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+    case 2:  return 2;   /* ticket from kdc */
+    case 3:  return 8;   /* as-rep encrypted part */
+    case 4:  return 4;   /* tgs-req authz data */
+    case 5:  return 5;   /* tgs-req authz data in subkey */
+    case 6:  return 6;   /* tgs-req authenticator cksum */
+    case 7:  return 7;   /* tgs-req authenticator */
+    case 8:  return 8;
+    case 9:  return 9;   /* tgs-rep encrypted with subkey */
+    case 10: return 10;  /* ap-rep authentication cksum (never used by MS) */
+    case 11: return 11;  /* app-req authenticator */
+    case 12: return 12;  /* app-rep encrypted part */
+    case 23: return 13;  /* sign wrap token*/
+    default: return usage;
+    }
+}
+
+/* Derive a usage key from a session key and krb5 usage constant. */
+static krb5_error_code
+usage_key(const struct krb5_enc_provider *enc,
+          const struct krb5_hash_provider *hash,
+          const krb5_keyblock *session_keyblock, krb5_keyusage usage,
+          krb5_keyblock *out)
+{
+    char salt_buf[14];
+    unsigned int salt_len;
+    krb5_data out_data = make_data(out->contents, out->length);
+    krb5_crypto_iov iov;
+    krb5_keyusage ms_usage;
+
+    /* Generate the salt. */
+    ms_usage = krb5int_arcfour_translate_usage(usage);
+    if (session_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        memcpy(salt_buf, l40, 10);
+        store_32_le(ms_usage, salt_buf + 10);
+        salt_len = 14;
+    } else {
+        store_32_le(ms_usage, salt_buf);
+        salt_len = 4;
+    }
+
+    /* Compute HMAC(key, salt) to produce the usage key. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(salt_buf, salt_len);
+    return krb5int_hmac_keyblock(hash, session_keyblock, &iov, 1, &out_data);
+}
+
+/* Derive an encryption key from a usage key and (typically) checksum. */
+static krb5_error_code
+enc_key(const struct krb5_enc_provider *enc,
+        const struct krb5_hash_provider *hash,
+        const krb5_keyblock *usage_keyblock, const krb5_data *checksum,
+        krb5_keyblock *out)
+{
+    krb5_keyblock *trunc_keyblock = NULL;
+    krb5_data out_data = make_data(out->contents, out->length);
+    krb5_crypto_iov iov;
+    krb5_error_code ret;
+
+    /* Copy usage_keyblock to trunc_keyblock and truncate if exportable. */
+    ret = krb5int_c_copy_keyblock(NULL, usage_keyblock, &trunc_keyblock);
+    if (ret != 0)
+        return ret;
+    if (trunc_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+        memset(trunc_keyblock->contents + 7, 0xab, 9);
+
+    /* Compute HMAC(trunc_key, checksum) to produce the encryption key. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *checksum;
+    ret = krb5int_hmac_keyblock(hash, trunc_keyblock, &iov, 1, &out_data);
+    krb5int_c_free_keyblock(NULL, trunc_keyblock);
+    return ret;
+}
+
+unsigned int
+krb5int_arcfour_crypto_length(const struct krb5_keytypes *ktp,
+                              krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->hash->hashsize + CONFOUNDERLENGTH;
+    case KRB5_CRYPTO_TYPE_PADDING:
+    case KRB5_CRYPTO_TYPE_TRAILER:
+        return 0;
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return ktp->hash->hashsize;
+    default:
+        assert(0 &&
+               "invalid cryptotype passed to krb5int_arcfour_crypto_length");
+        return 0;
+    }
+}
+
+/* Encrypt or decrypt using a keyblock. */
+static krb5_error_code
+keyblock_crypt(const struct krb5_enc_provider *enc, krb5_keyblock *keyblock,
+               const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data)
+{
+    krb5_error_code ret;
+    krb5_key key;
+
+    ret = krb5_k_create_key(NULL, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    /* Works for encryption or decryption since arcfour is a stream cipher. */
+    ret = enc->encrypt(key, ivec, data, num_data);
+    krb5_k_free_key(NULL, key);
+    return ret;
+}
+
+krb5_error_code
+krb5int_arcfour_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer;
+    krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
+    krb5_data checksum, confounder, header_data;
+    size_t i;
+
+    /*
+     * Caller must have provided space for the header, padding
+     * and trailer; per RFC 4757 we will arrange it as:
+     *
+     *      Checksum | E(Confounder | Plaintext)
+     */
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL ||
+        header->data.length < hash->hashsize + CONFOUNDERLENGTH)
+        return KRB5_BAD_MSIZE;
+
+    header_data = header->data;
+
+    /* Trailer may be absent. */
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer != NULL)
+        trailer->data.length = 0;
+
+    /* Ensure that there is no padding. */
+    for (i = 0; i < num_data; i++) {
+        if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING)
+            data[i].data.length = 0;
+    }
+
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive a usage key from the session key and usage. */
+    ret = usage_key(enc, hash, &key->keyblock, usage, usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Generate a confounder in the header block, after the checksum. */
+    header->data.length = hash->hashsize + CONFOUNDERLENGTH;
+    confounder = make_data(header->data.data + hash->hashsize,
+                           CONFOUNDERLENGTH);
+    ret = krb5_c_random_make_octets(0, &confounder);
+    if (ret != 0)
+        goto cleanup;
+    checksum = make_data(header->data.data, hash->hashsize);
+
+    /* Adjust pointers so confounder is at start of header. */
+    header->data.length -= hash->hashsize;
+    header->data.data += hash->hashsize;
+
+    /* Compute the checksum using the usage key. */
+    ret = krb5int_hmac_keyblock(hash, usage_keyblock, data, num_data,
+                                &checksum);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive the encryption key from the usage key and checksum. */
+    ret = enc_key(enc, hash, usage_keyblock, &checksum, enc_keyblock);
+    if (ret)
+        goto cleanup;
+
+    ret = keyblock_crypt(enc, enc_keyblock, ivec, data, num_data);
+
+cleanup:
+    header->data = header_data; /* Restore header pointers. */
+    krb5int_c_free_keyblock(NULL, usage_keyblock);
+    krb5int_c_free_keyblock(NULL, enc_keyblock);
+    return ret;
+}
+
+krb5_error_code
+krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer;
+    krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
+    krb5_data checksum, header_data, comp_checksum = empty_data();
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL ||
+        header->data.length != hash->hashsize + CONFOUNDERLENGTH)
+        return KRB5_BAD_MSIZE;
+
+    header_data = header->data;
+
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer != NULL && trailer->data.length != 0)
+        return KRB5_BAD_MSIZE;
+
+    /* Allocate buffers. */
+    ret = alloc_data(&comp_checksum, hash->hashsize);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    checksum = make_data(header->data.data, hash->hashsize);
+
+    /* Adjust pointers so confounder is at start of header. */
+    header->data.length -= hash->hashsize;
+    header->data.data += hash->hashsize;
+
+    /* We may have to try two usage values; see below. */
+    do {
+        /* Derive a usage key from the session key and usage. */
+        ret = usage_key(enc, hash, &key->keyblock, usage, usage_keyblock);
+        if (ret != 0)
+            goto cleanup;
+
+        /* Derive the encryption key from the usage key and checksum. */
+        ret = enc_key(enc, hash, usage_keyblock, &checksum, enc_keyblock);
+        if (ret)
+            goto cleanup;
+
+        /* Decrypt the ciphertext. */
+        ret = keyblock_crypt(enc, enc_keyblock, ivec, data, num_data);
+        if (ret != 0)
+            goto cleanup;
+
+        /* Compute HMAC(usage key, plaintext) to get the checksum. */
+        ret = krb5int_hmac_keyblock(hash, usage_keyblock, data, num_data,
+                                    &comp_checksum);
+        if (ret != 0)
+            goto cleanup;
+
+        if (k5_bcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) {
+            if (usage == 9) {
+                /*
+                 * RFC 4757 specifies usage 8 for TGS-REP encrypted parts
+                 * encrypted in a subkey, but the value used by MS is actually
+                 * 9.  We now use 9 to start with, but fall back to 8 on
+                 * failure in case we are communicating with a KDC using the
+                 * value from the RFC.  ivec is always NULL in this case.
+                 * We need to re-encrypt the data in the wrong key first.
+                 */
+                ret = keyblock_crypt(enc, enc_keyblock, NULL, data, num_data);
+                if (ret != 0)
+                    goto cleanup;
+                usage = 8;
+                continue;
+            }
+            ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+            goto cleanup;
+        }
+
+        break;
+    } while (1);
+
+cleanup:
+    header->data = header_data; /* Restore header pointers. */
+    krb5int_c_free_keyblock(NULL, usage_keyblock);
+    krb5int_c_free_keyblock(NULL, enc_keyblock);
+    zapfree(comp_checksum.data, comp_checksum.length);
+    return ret;
+}
+
+krb5_error_code
+krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
+                         const krb5_data *kd_data, krb5_crypto_iov *data,
+                         size_t num_data)
+{
+    const struct krb5_enc_provider *enc = &krb5int_enc_arcfour;
+    const struct krb5_hash_provider *hash = &krb5int_hash_md5;
+    krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
+    krb5_error_code ret;
+
+    ret = krb5int_c_init_keyblock(NULL, keyblock->enctype, enc->keybytes,
+                                  &usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, keyblock->enctype, enc->keybytes,
+                                  &enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive a usage key from the session key and usage. */
+    ret = usage_key(enc, hash, keyblock, usage, usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive the encryption key from the usage key and kd_data. */
+    ret = enc_key(enc, hash, usage_keyblock, kd_data, enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Encrypt or decrypt (encrypt_iov works for both) the input. */
+    ret = keyblock_crypt(enc, enc_keyblock, 0, data, num_data);
+
+cleanup:
+    krb5int_c_free_keyblock(NULL, usage_keyblock);
+    krb5int_c_free_keyblock(NULL, enc_keyblock);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/encrypt.c b/krb5-1.21.3/src/lib/crypto/krb/encrypt.c
new file mode 100644
index 00000000..d9d575a4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/encrypt.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt(krb5_context context, krb5_key key,
+               krb5_keyusage usage, const krb5_data *cipher_state,
+               const krb5_data *input, krb5_enc_data *output)
+{
+    const struct krb5_keytypes *ktp;
+    krb5_crypto_iov iov[4];
+    krb5_error_code ret;
+    unsigned int header_len, padding_len, trailer_len, total_len;
+
+    ktp = find_enctype(key->keyblock.enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    output->magic = KV5M_ENC_DATA;
+    output->kvno = 0;
+    output->enctype = key->keyblock.enctype;
+
+    /* Get the lengths of the token parts and compute the total. */
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    padding_len = krb5int_c_padding_length(ktp, input->length);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+    total_len = header_len + input->length + padding_len + trailer_len;
+    if (output->ciphertext.length < total_len)
+        return KRB5_BAD_MSIZE;
+
+    /* Set up the iov structures for the token parts. */
+    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+    iov[0].data = make_data(output->ciphertext.data, header_len);
+
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = make_data(output->ciphertext.data + header_len,
+                            input->length);
+    if (input->length > 0)
+        memcpy(iov[1].data.data, input->data, input->length);
+
+    iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
+    iov[2].data = make_data(iov[1].data.data + input->length, padding_len);
+
+    iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    iov[3].data = make_data(iov[2].data.data + padding_len, trailer_len);
+
+    ret = ktp->encrypt(ktp, key, usage, cipher_state, iov, 4);
+    if (ret != 0)
+        zap(iov[1].data.data, iov[1].data.length);
+    else
+        output->ciphertext.length = total_len;
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_encrypt(krb5_context context, const krb5_keyblock *keyblock,
+               krb5_keyusage usage, const krb5_data *cipher_state,
+               const krb5_data *input, krb5_enc_data *output)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_encrypt(context, key, usage, cipher_state, input, output);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/encrypt_iov.c b/krb5-1.21.3/src/lib/crypto/krb/encrypt_iov.c
new file mode 100644
index 00000000..d66fcfa5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/encrypt_iov.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/encrypt_iov.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                   const krb5_data *cipher_state, krb5_crypto_iov *data,
+                   size_t num_data)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(key->keyblock.enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    return ktp->encrypt(ktp, key, usage, cipher_state, data, num_data);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                   krb5_keyusage usage, const krb5_data *cipher_state,
+                   krb5_crypto_iov *data, size_t num_data)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_encrypt_iov(context, key, usage, cipher_state, data,
+                             num_data);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/encrypt_length.c b/krb5-1.21.3/src/lib/crypto/krb/encrypt_length.c
new file mode 100644
index 00000000..5428e429
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/encrypt_length.c
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
+                      size_t inputlen, size_t *length)
+{
+    const struct krb5_keytypes *ktp;
+    unsigned int header_len = 0, padding_len = 0, trailer_len = 0;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    padding_len = krb5int_c_padding_length(ktp, inputlen);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+    *length = header_len + inputlen + padding_len + trailer_len;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/enctype_util.c b/krb5-1.21.3/src/lib/crypto/krb/enctype_util.c
new file mode 100644
index 00000000..1542d406
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/enctype_util.c
@@ -0,0 +1,176 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/enctype_util.c */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/*
+ * krb5int_c_valid_enctype()
+ * krb5int_c_weak_enctype()
+ * krb5_c_enctype_compare()
+ * krb5_string_to_enctype()
+ * krb5_enctype_to_string()
+ */
+
+#include "crypto_int.h"
+
+struct {
+    krb5_enctype etype;
+    const char *name;
+} unsupported_etypes[] = {
+    { ENCTYPE_DES_CBC_CRC, "des-cbc-crc" },
+    { ENCTYPE_DES_CBC_MD4, "des-cbc-md4" },
+    { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" },
+    { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" },
+    { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" },
+    { ENCTYPE_NULL, NULL }
+};
+
+krb5_boolean KRB5_CALLCONV
+krb5_c_valid_enctype(krb5_enctype etype)
+{
+    return (find_enctype(etype) != NULL);
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5int_c_weak_enctype(krb5_enctype etype)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(etype);
+    return (ktp != NULL && (ktp->flags & ETYPE_WEAK) != 0);
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5int_c_deprecated_enctype(krb5_enctype etype)
+{
+    const struct krb5_keytypes *ktp = find_enctype(etype);
+    return ktp == NULL || (ktp->flags & ETYPE_DEPRECATED) != 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
+                       krb5_boolean *similar)
+{
+    const struct krb5_keytypes *ktp1, *ktp2;
+
+    ktp1 = find_enctype(e1);
+    ktp2 = find_enctype(e2);
+    if (ktp1 == NULL || ktp2 == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    *similar = (ktp1->enc == ktp2->enc && ktp1->str2key == ktp2->str2key);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
+{
+    int i;
+    unsigned int j;
+    const char *alias;
+    const struct krb5_keytypes *ktp;
+
+    for (i = 0; i < krb5int_enctypes_length; i++) {
+        ktp = &krb5int_enctypes_list[i];
+        if (strcasecmp(ktp->name, string) == 0) {
+            *enctypep = ktp->etype;
+            return 0;
+        }
+        for (j = 0; j < MAX_ETYPE_ALIASES; j++) {
+            alias = ktp->aliases[j];
+            if (alias == NULL)
+                break;
+            if (strcasecmp(alias, string) == 0) {
+                *enctypep = ktp->etype;
+                return 0;
+            }
+        }
+    }
+
+    return EINVAL;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return EINVAL;
+    if (strlcpy(buffer, ktp->out_string, buflen) >= buflen)
+        return ENOMEM;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest,
+                     char *buffer, size_t buflen)
+{
+    const struct krb5_keytypes *ktp;
+    const char *name;
+    int i;
+
+    for (i = 0; unsupported_etypes[i].etype != ENCTYPE_NULL; i++) {
+        if (enctype == unsupported_etypes[i].etype) {
+            if (strlcpy(buffer, unsupported_etypes[i].name, buflen) >= buflen)
+                return ENOMEM;
+            return 0;
+        }
+    }
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return EINVAL;
+    name = ktp->name;
+    if (shortest) {
+        for (i = 0; i < MAX_ETYPE_ALIASES; i++) {
+            if (ktp->aliases[i] == NULL)
+                break;
+            if (strlen(ktp->aliases[i]) < strlen(name))
+                name = ktp->aliases[i];
+        }
+    }
+    if (strlcpy(buffer, name, buflen) >= buflen)
+        return ENOMEM;
+    return 0;
+}
+
+/* The security of a mechanism cannot be summarized with a simple integer
+ * value, but we provide a per-enctype value for Cyrus SASL's SSF. */
+krb5_error_code
+k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out)
+{
+    const struct krb5_keytypes *ktp;
+
+    *ssf_out = 0;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return EINVAL;
+    *ssf_out = ktp->ssf;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/etypes.c b/krb5-1.21.3/src/lib/crypto/krb/etypes.c
new file mode 100644
index 00000000..fc278783
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/etypes.c
@@ -0,0 +1,152 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+/* these will be linear searched.  if they ever get big, a binary
+   search or hash table would be better, which means these would need
+   to be sorted.  An array would be more efficient, but that assumes
+   that the keytypes are all near each other.  I'd rather not make
+   that assumption. */
+
+/* Deprecations come from RFC 6649 and RFC 8249. */
+const struct krb5_keytypes krb5int_enctypes_list[] = {
+    { ENCTYPE_DES3_CBC_RAW,
+      "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
+      &krb5int_enc_des3, NULL,
+      16,
+      krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
+      krb5int_dk_string_to_key, k5_rand2key_des3,
+      NULL, /*PRF*/
+      0,
+      ETYPE_WEAK | ETYPE_DEPRECATED, 112 },
+
+    { ENCTYPE_DES3_CBC_SHA1,
+      "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
+      "Triple DES cbc mode with HMAC/sha1",
+      &krb5int_enc_des3, &krb5int_hash_sha1,
+      16,
+      krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
+      krb5int_dk_string_to_key, k5_rand2key_des3,
+      krb5int_dk_prf,
+      CKSUMTYPE_HMAC_SHA1_DES3,
+      ETYPE_DEPRECATED, 112 },
+
+    /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we
+     * consider its strength degraded and assign it an SSF value of 64. */
+    { ENCTYPE_ARCFOUR_HMAC,
+      "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
+      "ArcFour with HMAC/md5",
+      &krb5int_enc_arcfour,
+      &krb5int_hash_md5,
+      20,
+      krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
+      krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      k5_rand2key_direct, krb5int_arcfour_prf,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR,
+      ETYPE_DEPRECATED, 64 },
+    { ENCTYPE_ARCFOUR_HMAC_EXP,
+      "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
+      "Exportable ArcFour with HMAC/md5",
+      &krb5int_enc_arcfour,
+      &krb5int_hash_md5,
+      20,
+      krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
+      krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
+      k5_rand2key_direct, krb5int_arcfour_prf,
+      CKSUMTYPE_HMAC_MD5_ARCFOUR,
+      ETYPE_WEAK | ETYPE_DEPRECATED, 40
+    },
+
+    { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+      "aes128-cts-hmac-sha1-96", { "aes128-cts", "aes128-sha1" },
+      "AES-128 CTS mode with 96-bit SHA-1 HMAC",
+      &krb5int_enc_aes128, &krb5int_hash_sha1,
+      16,
+      krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
+      krb5int_aes_string_to_key, k5_rand2key_direct,
+      krb5int_dk_prf,
+      CKSUMTYPE_HMAC_SHA1_96_AES128,
+      0 /*flags*/, 128 },
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+      "aes256-cts-hmac-sha1-96", { "aes256-cts", "aes256-sha1" },
+      "AES-256 CTS mode with 96-bit SHA-1 HMAC",
+      &krb5int_enc_aes256, &krb5int_hash_sha1,
+      16,
+      krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
+      krb5int_aes_string_to_key, k5_rand2key_direct,
+      krb5int_dk_prf,
+      CKSUMTYPE_HMAC_SHA1_96_AES256,
+      0 /*flags*/, 256 },
+
+    { ENCTYPE_CAMELLIA128_CTS_CMAC,
+      "camellia128-cts-cmac", { "camellia128-cts" },
+      "Camellia-128 CTS mode with CMAC",
+      &krb5int_enc_camellia128, NULL,
+      16,
+      krb5int_camellia_crypto_length,
+      krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt,
+      krb5int_camellia_string_to_key, k5_rand2key_direct,
+      krb5int_dk_cmac_prf,
+      CKSUMTYPE_CMAC_CAMELLIA128,
+      0 /*flags*/, 128 },
+    { ENCTYPE_CAMELLIA256_CTS_CMAC,
+      "camellia256-cts-cmac", { "camellia256-cts" },
+      "Camellia-256 CTS mode with CMAC",
+      &krb5int_enc_camellia256, NULL,
+      16,
+      krb5int_camellia_crypto_length,
+      krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt,
+      krb5int_camellia_string_to_key, k5_rand2key_direct,
+      krb5int_dk_cmac_prf,
+      CKSUMTYPE_CMAC_CAMELLIA256,
+      0 /*flags */, 256 },
+
+    { ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+      "aes128-cts-hmac-sha256-128", { "aes128-sha2" },
+      "AES-128 CTS mode with 128-bit SHA-256 HMAC",
+      &krb5int_enc_aes128, &krb5int_hash_sha256,
+      32,
+      krb5int_aes2_crypto_length, krb5int_etm_encrypt, krb5int_etm_decrypt,
+      krb5int_aes2_string_to_key, k5_rand2key_direct,
+      krb5int_aes2_prf,
+      CKSUMTYPE_HMAC_SHA256_128_AES128,
+      0 /*flags*/, 128 },
+    { ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+      "aes256-cts-hmac-sha384-192", { "aes256-sha2" },
+      "AES-256 CTS mode with 192-bit SHA-384 HMAC",
+      &krb5int_enc_aes256, &krb5int_hash_sha384,
+      48,
+      krb5int_aes2_crypto_length, krb5int_etm_encrypt, krb5int_etm_decrypt,
+      krb5int_aes2_string_to_key, k5_rand2key_direct,
+      krb5int_aes2_prf,
+      CKSUMTYPE_HMAC_SHA384_192_AES256,
+      0 /*flags*/, 256 },
+};
+
+const int krb5int_enctypes_length =
+    sizeof(krb5int_enctypes_list) / sizeof(struct krb5_keytypes);
diff --git a/krb5-1.21.3/src/lib/crypto/krb/key.c b/krb5-1.21.3/src/lib/crypto/krb/key.c
new file mode 100644
index 00000000..550ac20d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/key.c
@@ -0,0 +1,110 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Functions for manipulating krb5_key structures
+ */
+
+#include "crypto_int.h"
+
+/*
+ * The krb5_key data type wraps an exposed keyblock in an opaque data
+ * structure, to allow for internal optimizations such as caching of
+ * derived keys.
+ */
+
+/* Create a krb5_key from the enctype and key data in a keyblock. */
+krb5_error_code KRB5_CALLCONV
+krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
+                  krb5_key *out)
+{
+    krb5_key key = NULL;
+    krb5_error_code code;
+
+    *out = NULL;
+
+    key = malloc(sizeof(*key));
+    if (key == NULL)
+        return ENOMEM;
+    code = krb5int_c_copy_keyblock_contents(context, key_data, &key->keyblock);
+    if (code)
+        goto cleanup;
+
+    key->refcount = 1;
+    key->derived = NULL;
+    key->cache = NULL;
+    *out = key;
+    return 0;
+
+cleanup:
+    free(key);
+    return code;
+}
+
+void KRB5_CALLCONV
+krb5_k_reference_key(krb5_context context, krb5_key key)
+{
+    if (key)
+        key->refcount++;
+}
+
+/* Free the memory used by a krb5_key. */
+void KRB5_CALLCONV
+krb5_k_free_key(krb5_context context, krb5_key key)
+{
+    struct derived_key *dk;
+    const struct krb5_keytypes *ktp;
+
+    if (key == NULL || --key->refcount > 0)
+        return;
+
+    /* Free the derived key cache. */
+    while ((dk = key->derived) != NULL) {
+        key->derived = dk->next;
+        free(dk->constant.data);
+        krb5_k_free_key(context, dk->dkey);
+        free(dk);
+    }
+    krb5int_c_free_keyblock_contents(context, &key->keyblock);
+    if (key->cache) {
+        ktp = find_enctype(key->keyblock.enctype);
+        if (ktp && ktp->enc->key_cleanup)
+            ktp->enc->key_cleanup(key);
+    }
+    free(key);
+}
+
+/* Retrieve a copy of the keyblock from a krb5_key. */
+krb5_error_code KRB5_CALLCONV
+krb5_k_key_keyblock(krb5_context context, krb5_key key,
+                    krb5_keyblock **key_data)
+{
+    return krb5int_c_copy_keyblock(context, &key->keyblock, key_data);
+}
+
+/* Retrieve the enctype of a krb5_key. */
+krb5_enctype KRB5_CALLCONV
+krb5_k_key_enctype(krb5_context context, krb5_key key)
+{
+    return key->keyblock.enctype;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/keyblocks.c b/krb5-1.21.3/src/lib/crypto/krb/keyblocks.c
new file mode 100644
index 00000000..1126d0a0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/keyblocks.c
@@ -0,0 +1,108 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/keyblocks.c - Keyblock utility functions */
+/*
+ * Copyright (C) 2002, 2005 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
+                        size_t length, krb5_keyblock **out)
+{
+    krb5_keyblock *kb;
+
+    assert(out);
+    *out = NULL;
+
+    kb = malloc(sizeof(krb5_keyblock));
+    if (kb == NULL)
+        return ENOMEM;
+    kb->magic = KV5M_KEYBLOCK;
+    kb->enctype = enctype;
+    kb->length = length;
+    if (length) {
+        kb->contents = malloc(length);
+        if (!kb->contents) {
+            free(kb);
+            return ENOMEM;
+        }
+    } else {
+        kb->contents = NULL;
+    }
+
+    *out = kb;
+    return 0;
+}
+
+void
+krb5int_c_free_keyblock(krb5_context context, krb5_keyblock *val)
+{
+    krb5int_c_free_keyblock_contents(context, val);
+    free(val);
+}
+
+void
+krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
+{
+    if (key && key->contents) {
+        zapfree(key->contents, key->length);
+        key->contents = NULL;
+        key->length = 0;
+    }
+}
+
+krb5_error_code
+krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
+                        krb5_keyblock **to)
+{
+    krb5_keyblock *new_key;
+    krb5_error_code code;
+
+    *to = NULL;
+    new_key = malloc(sizeof(*new_key));
+    if (!new_key)
+        return ENOMEM;
+    code = krb5int_c_copy_keyblock_contents(context, from, new_key);
+    if (code) {
+        free(new_key);
+        return code;
+    }
+    *to = new_key;
+    return 0;
+}
+
+krb5_error_code
+krb5int_c_copy_keyblock_contents(krb5_context context,
+                                 const krb5_keyblock *from, krb5_keyblock *to)
+{
+    *to = *from;
+    if (to->length) {
+        to->contents = malloc(to->length);
+        if (!to->contents)
+            return ENOMEM;
+        memcpy(to->contents, from->contents, to->length);
+    } else
+        to->contents = 0;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/keyed_checksum_types.c b/krb5-1.21.3/src/lib/crypto/krb/keyed_checksum_types.c
new file mode 100644
index 00000000..4b211fb4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/keyed_checksum_types.c
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+static krb5_boolean
+is_keyed_for(const struct krb5_cksumtypes *ctp,
+             const struct krb5_keytypes *ktp)
+{
+    if (ctp->flags & CKSUM_UNKEYED)
+        return FALSE;
+    return (!ctp->enc || ktp->enc == ctp->enc);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
+                            unsigned int *count, krb5_cksumtype **cksumtypes)
+{
+    unsigned int i, c, nctypes;
+    krb5_cksumtype *ctypes;
+    const struct krb5_cksumtypes *ctp;
+    const struct krb5_keytypes *ktp;
+
+    *count = 0;
+    *cksumtypes = NULL;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    nctypes = 0;
+    for (i = 0; i < krb5int_cksumtypes_length; i++) {
+        ctp = &krb5int_cksumtypes_list[i];
+        if (is_keyed_for(ctp, ktp))
+            nctypes++;
+    }
+
+    ctypes = malloc(nctypes * sizeof(krb5_cksumtype));
+    if (ctypes == NULL)
+        return ENOMEM;
+
+    c = 0;
+    for (i = 0; i < krb5int_cksumtypes_length; i++) {
+        ctp = &krb5int_cksumtypes_list[i];
+        if (is_keyed_for(ctp, ktp))
+            ctypes[c++] = ctp->ctype;
+    }
+
+    *count = nctypes;
+    *cksumtypes = ctypes;
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_cksumtypes(krb5_context context, krb5_cksumtype *val)
+{
+    free(val);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/keyed_cksum.c b/krb5-1.21.3/src/lib/crypto/krb/keyed_cksum.c
new file mode 100644
index 00000000..d3db8f31
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/keyed_cksum.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_boolean KRB5_CALLCONV
+krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
+{
+    const struct krb5_cksumtypes *ctp;
+
+    ctp = find_cksumtype(ctype);
+    if (ctp == NULL)
+        return FALSE;
+    return !(ctp->flags & CKSUM_UNKEYED);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/keylengths.c b/krb5-1.21.3/src/lib/crypto/krb/keylengths.c
new file mode 100644
index 00000000..2bbd1cc6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/keylengths.c
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (c) 2006
+ * The Regents of the University of Michigan
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include "crypto_int.h"
+
+/*
+ * keybytes is the number of bytes required as input to make a key,
+ * keylength is the length of the final key in bytes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
+                  size_t *keybytes, size_t *keylength)
+{
+    const struct krb5_keytypes *ktp;
+
+    if (keybytes == NULL && keylength == NULL)
+        return EINVAL;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    if (keybytes)
+        *keybytes = ktp->enc->keybytes;
+    if (keylength)
+        *keylength = ktp->enc->keylength;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/make_checksum.c b/krb5-1.21.3/src/lib/crypto/krb/make_checksum.c
new file mode 100644
index 00000000..398c84a8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/make_checksum.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+/* A 0 checksum type means use the mandatory checksum. */
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+                     krb5_key key, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum)
+{
+    const struct krb5_cksumtypes *ctp;
+    krb5_crypto_iov iov;
+    krb5_data cksum_data;
+    krb5_octet *trunc;
+    krb5_error_code ret;
+
+    if (cksumtype == 0) {
+        ret = krb5int_c_mandatory_cksumtype(context, key->keyblock.enctype,
+                                            &cksumtype);
+        if (ret != 0)
+            return ret;
+    }
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
+
+    ret = alloc_data(&cksum_data, ctp->compute_size);
+    if (ret != 0)
+        return ret;
+
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *input;
+    ret = ctp->checksum(ctp, key, usage, &iov, 1, &cksum_data);
+    if (ret != 0)
+        goto cleanup;
+
+    cksum->magic = KV5M_CHECKSUM;
+    cksum->checksum_type = cksumtype;
+    cksum->length = ctp->output_size;
+    cksum->contents = (krb5_octet *) cksum_data.data;
+    cksum_data.data = NULL;
+    if (ctp->output_size < ctp->compute_size) {
+        trunc = realloc(cksum->contents, ctp->output_size);
+        if (trunc != NULL)
+            cksum->contents = trunc;
+    }
+
+cleanup:
+    zapfree(cksum_data.data, ctp->compute_size);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+                     const krb5_keyblock *keyblock, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum)
+{
+    krb5_key key = NULL;
+    krb5_error_code ret;
+
+    if (keyblock != NULL) {
+        ret = krb5_k_create_key(context, keyblock, &key);
+        if (ret != 0)
+            return ret;
+    }
+    ret = krb5_k_make_checksum(context, cksumtype, key, usage, input, cksum);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/make_checksum_iov.c b/krb5-1.21.3/src/lib/crypto/krb/make_checksum_iov.c
new file mode 100644
index 00000000..549180df
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/make_checksum_iov.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/make_checksum_iov.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum_iov(krb5_context context,
+                         krb5_cksumtype cksumtype,
+                         krb5_key key,
+                         krb5_keyusage usage,
+                         krb5_crypto_iov *data,
+                         size_t num_data)
+{
+    krb5_error_code ret;
+    krb5_data cksum_data;
+    krb5_crypto_iov *checksum;
+    const struct krb5_cksumtypes *ctp;
+
+    if (cksumtype == 0) {
+        ret = krb5int_c_mandatory_cksumtype(context, key->keyblock.enctype,
+                                            &cksumtype);
+        if (ret != 0)
+            return ret;
+    }
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
+
+    checksum = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM);
+    if (checksum == NULL || checksum->data.length < ctp->output_size)
+        return(KRB5_BAD_MSIZE);
+
+    ret = alloc_data(&cksum_data, ctp->compute_size);
+    if (ret != 0)
+        return ret;
+
+    ret = ctp->checksum(ctp, key, usage, data, num_data, &cksum_data);
+    if (ret != 0)
+        goto cleanup;
+
+    memcpy(checksum->data.data, cksum_data.data, ctp->output_size);
+    checksum->data.length = ctp->output_size;
+
+cleanup:
+    zapfree(cksum_data.data, ctp->compute_size);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_checksum_iov(krb5_context context,
+                         krb5_cksumtype cksumtype,
+                         const krb5_keyblock *keyblock,
+                         krb5_keyusage usage,
+                         krb5_crypto_iov *data,
+                         size_t num_data)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_make_checksum_iov(context, cksumtype, key, usage,
+                                   data, num_data);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/make_random_key.c b/krb5-1.21.3/src/lib/crypto/krb/make_random_key.c
new file mode 100644
index 00000000..f5af1878
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/make_random_key.c
@@ -0,0 +1,76 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
+                       krb5_keyblock *random_key)
+{
+    krb5_error_code ret;
+    const struct krb5_keytypes *ktp;
+    const struct krb5_enc_provider *enc;
+    size_t keybytes, keylength;
+    krb5_data random_data;
+    unsigned char *bytes = NULL;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    enc = ktp->enc;
+
+    keybytes = enc->keybytes;
+    keylength = enc->keylength;
+
+    bytes = k5alloc(keybytes, &ret);
+    if (ret)
+        return ret;
+    random_key->contents = k5alloc(keylength, &ret);
+    if (ret)
+        goto cleanup;
+
+    random_data.data = (char *) bytes;
+    random_data.length = keybytes;
+
+    ret = krb5_c_random_make_octets(context, &random_data);
+    if (ret)
+        goto cleanup;
+
+    random_key->magic = KV5M_KEYBLOCK;
+    random_key->enctype = enctype;
+    random_key->length = keylength;
+
+    ret = (*ktp->rand2key)(&random_data, random_key);
+
+cleanup:
+    if (ret) {
+        zapfree(random_key->contents, keylength);
+        random_key->contents = NULL;
+    }
+    zapfree(bytes, keybytes);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/mandatory_sumtype.c b/krb5-1.21.3/src/lib/crypto/krb/mandatory_sumtype.c
new file mode 100644
index 00000000..55ea81fa
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/mandatory_sumtype.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_c_mandatory_cksumtype(krb5_context ctx, krb5_enctype etype,
+                              krb5_cksumtype *cksumtype)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(etype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    *cksumtype = ktp->required_ctype;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/nfold.c b/krb5-1.21.3/src/lib/crypto/krb/nfold.c
new file mode 100644
index 00000000..75bceaec
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/nfold.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+
+/* representation: msb first, assume n and k are multiples of 8, and
+ * that k>=16.  this is the case of all the cryptosystems which are
+ * likely to be used.  this function can be replaced if that
+ * assumption ever fails.  */
+
+/* input length is in bits */
+
+void
+krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits,
+              unsigned char *out)
+{
+    int a,b,c,lcm;
+    int byte, i, msbit;
+
+    /* the code below is more readable if I make these bytes
+       instead of bits */
+
+    inbits >>= 3;
+    outbits >>= 3;
+
+    /* first compute lcm(n,k) */
+
+    a = outbits;
+    b = inbits;
+
+    while(b != 0) {
+        c = b;
+        b = a%b;
+        a = c;
+    }
+
+    lcm = outbits*inbits/a;
+
+    /* now do the real work */
+
+    memset(out, 0, outbits);
+    byte = 0;
+
+    /* this will end up cycling through k lcm(k,n)/k times, which
+       is correct */
+    for (i=lcm-1; i>=0; i--) {
+        /* compute the msbit in k which gets added into this byte */
+        msbit = (/* first, start with the msbit in the first, unrotated
+                    byte */
+            ((inbits<<3)-1)
+            /* then, for each byte, shift to the right for each
+               repetition */
+            +(((inbits<<3)+13)*(i/inbits))
+            /* last, pick out the correct byte within that
+               shifted repetition */
+            +((inbits-(i%inbits))<<3)
+        )%(inbits<<3);
+
+        /* pull out the byte value itself */
+        byte += (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
+                  (in[((inbits)-(msbit>>3))%inbits]))
+                 >>((msbit&7)+1))&0xff;
+
+        /* do the addition */
+        byte += out[i%outbits];
+        out[i%outbits] = byte&0xff;
+
+        /* keep around the carry bit, if any */
+        byte >>= 8;
+
+    }
+
+    /* if there's a carry bit left over, add it back in */
+    if (byte) {
+        for (i=outbits-1; i>=0; i--) {
+            /* do the addition */
+            byte += out[i];
+            out[i] = byte&0xff;
+
+            /* keep around the carry bit, if any */
+            byte >>= 8;
+        }
+    }
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/old_api_glue.c b/krb5-1.21.3/src/lib/crypto/krb/old_api_glue.c
new file mode 100644
index 00000000..b5bb2808
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/old_api_glue.c
@@ -0,0 +1,390 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+/*
+ * The following functions were removed from the API in krb5 1.3 but
+ * still need to be exported for ABI compatibility.  The other
+ * functions defined in this file are still in the API (and thus
+ * prototyped in krb5.hin) but are deprecated.
+ */
+krb5_boolean KRB5_CALLCONV valid_enctype(krb5_enctype ktype);
+krb5_boolean KRB5_CALLCONV valid_cksumtype(krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV is_coll_proof_cksum(krb5_cksumtype ctype);
+krb5_boolean KRB5_CALLCONV is_keyed_cksum(krb5_cksumtype ctype);
+krb5_error_code KRB5_CALLCONV krb5_random_confounder(size_t, krb5_pointer);
+krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
+                                  krb5_pointer ivec, krb5_data *data,
+                                  krb5_enc_data *enc_data);
+krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
+                                  krb5_pointer ivec, krb5_enc_data *data,
+                                  krb5_data *enc_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec)
+{
+    krb5_data inputd, ivecd;
+    krb5_enc_data outputd;
+    size_t blocksize, outlen;
+    krb5_error_code ret;
+
+    if (ivec) {
+        ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+        if (ret)
+            return ret;
+
+        ivecd = make_data(ivec, blocksize);
+    }
+
+    /* size is the length of the input cleartext data. */
+    inputd = make_data((void *) inptr, size);
+
+    /*
+     * The size of the output buffer isn't part of the old api.  Not too
+     * safe.  So, we assume here that it's big enough.
+     */
+    ret = krb5_c_encrypt_length(context, eblock->key->enctype, size, &outlen);
+    if (ret)
+        return ret;
+
+    outputd.ciphertext = make_data(outptr, outlen);
+
+    return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
+                          &inputd, &outputd);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec)
+{
+    krb5_enc_data inputd;
+    krb5_data outputd, ivecd;
+    size_t blocksize;
+    krb5_error_code ret;
+
+    if (ivec) {
+        ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+        if (ret)
+            return ret;
+
+        ivecd = make_data(ivec, blocksize);
+    }
+
+    /* size is the length of the input ciphertext data */
+    inputd.enctype = eblock->key->enctype;
+    inputd.ciphertext = make_data((void *) inptr, size);
+
+    /* we don't really know how big this is, but the code tends to assume
+       that the output buffer size should be the same as the input
+       buffer size */
+    outputd = make_data(outptr, size);
+
+    return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
+                          &inputd, &outputd);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_process_key(krb5_context context, krb5_encrypt_block *eblock,
+                 const krb5_keyblock *key)
+{
+    eblock->key = (krb5_keyblock *) key;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_finish_key(krb5_context context, krb5_encrypt_block *eblock)
+{
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock,
+                   krb5_keyblock *keyblock, const krb5_data *data,
+                   const krb5_data *salt)
+{
+    return krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
+                                keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+                     const krb5_keyblock *keyblock, krb5_pointer *ptr)
+{
+    krb5_data data = make_data(keyblock->contents, keyblock->length);
+
+    return krb5_c_random_seed(context, &data);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+                       krb5_pointer *ptr)
+{
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
+                krb5_pointer ptr, krb5_keyblock **keyblock)
+{
+    krb5_keyblock *key;
+    krb5_error_code ret;
+
+    *keyblock = NULL;
+
+    key = malloc(sizeof(krb5_keyblock));
+    if (key == NULL)
+        return ENOMEM;
+
+    ret = krb5_c_make_random_key(context, eblock->crypto_entry, key);
+    if (ret) {
+        free(key);
+        return ret;
+    }
+
+    *keyblock = key;
+    return(ret);
+}
+
+krb5_enctype KRB5_CALLCONV
+krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock)
+{
+    return eblock->crypto_entry;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock,
+                 krb5_enctype enctype)
+{
+    eblock->crypto_entry = enctype;
+
+    return 0;
+}
+
+size_t KRB5_CALLCONV
+krb5_encrypt_size(size_t length, krb5_enctype crypto)
+{
+    size_t ret;
+
+    if (krb5_c_encrypt_length(NULL, crypto, length, &ret))
+        return (size_t) -1; /* XXX */
+
+    return ret;
+}
+
+size_t KRB5_CALLCONV
+krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
+{
+    size_t ret;
+
+    if (krb5_c_checksum_length(context, ctype, &ret))
+        return (size_t) -1; /* XXX */
+
+    return ret;
+}
+
+/* Guess the enctype for an untyped key used with checksum type ctype. */
+static krb5_enctype
+guess_enctype(krb5_cksumtype ctype)
+{
+    const struct krb5_cksumtypes *ctp;
+    int i;
+
+    if (ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR)
+        return ENCTYPE_ARCFOUR_HMAC;
+    ctp = find_cksumtype(ctype);
+    if (ctp == NULL || ctp->enc == NULL)
+        return 0;
+    for (i = 0; i < krb5int_enctypes_length; i++) {
+        if (krb5int_enctypes_list[i].enc == ctp->enc)
+            return i;
+    }
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
+                        krb5_const_pointer in, size_t in_length,
+                        krb5_const_pointer seed, size_t seed_length,
+                        krb5_checksum *outcksum)
+{
+    krb5_data input = make_data((void *) in, in_length);
+    krb5_keyblock keyblock, *kptr = NULL;
+    krb5_error_code ret;
+    krb5_checksum cksum;
+
+    if (seed != NULL) {
+        keyblock.enctype = guess_enctype(ctype);
+        keyblock.length = seed_length;
+        keyblock.contents = (unsigned char *) seed;
+        kptr = &keyblock;
+    }
+
+    ret = krb5_c_make_checksum(context, ctype, kptr, 0, &input, &cksum);
+    if (ret)
+        return ret;
+
+    if (outcksum->length < cksum.length) {
+        memset(cksum.contents, 0, cksum.length);
+        free(cksum.contents);
+        return KRB5_BAD_MSIZE;
+    }
+
+    outcksum->magic = cksum.magic;
+    outcksum->checksum_type = cksum.checksum_type;
+    memcpy(outcksum->contents, cksum.contents, cksum.length);
+    outcksum->length = cksum.length;
+
+    free(cksum.contents);
+
+    return(0);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
+                     const krb5_checksum *cksum, krb5_const_pointer in,
+                     size_t in_length, krb5_const_pointer seed,
+                     size_t seed_length)
+{
+    krb5_data input = make_data((void *) in, in_length);
+    krb5_keyblock keyblock, *kptr = NULL;
+    krb5_error_code ret;
+    krb5_boolean valid;
+
+    if (seed != NULL) {
+        keyblock.enctype = guess_enctype(ctype);
+        keyblock.length = seed_length;
+        keyblock.contents = (unsigned char *) seed;
+        kptr = &keyblock;
+    }
+
+    ret = krb5_c_verify_checksum(context, kptr, 0, &input, cksum, &valid);
+    if (ret)
+        return ret;
+
+    if (!valid)
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_random_confounder(size_t size, krb5_pointer ptr)
+{
+    krb5_data random_data = make_data(ptr, size);
+
+    return krb5_c_random_make_octets(NULL, &random_data);
+}
+
+krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
+                                  krb5_pointer ivec, krb5_data *data,
+                                  krb5_enc_data *enc_data)
+{
+    krb5_error_code ret;
+    size_t enclen, blocksize;
+    krb5_data ivecd;
+
+    ret = krb5_c_encrypt_length(context, key->enctype, data->length, &enclen);
+    if (ret)
+        return ret;
+
+    if (ivec) {
+        ret = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (ret)
+            return ret;
+
+        ivecd = make_data(ivec, blocksize);
+    }
+
+    enc_data->magic = KV5M_ENC_DATA;
+    enc_data->kvno = 0;
+    enc_data->enctype = key->enctype;
+    ret = alloc_data(&enc_data->ciphertext, enclen);
+    if (ret)
+        return ret;
+
+    ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data);
+    if (ret)
+        free(enc_data->ciphertext.data);
+
+    return ret;
+}
+
+krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
+                                  krb5_pointer ivec, krb5_enc_data *enc_data,
+                                  krb5_data *data)
+{
+    krb5_error_code ret;
+    krb5_data ivecd;
+    size_t blocksize;
+
+    if (ivec) {
+        ret = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (ret)
+            return ret;
+
+        ivecd = make_data(ivec, blocksize);
+    }
+
+    ret = alloc_data(data, enc_data->ciphertext.length);
+    if (ret)
+        return ret;
+
+    ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data);
+    if (ret)
+        free(data->data);
+
+    return 0;
+}
+
+krb5_boolean KRB5_CALLCONV
+valid_cksumtype(krb5_cksumtype ctype)
+{
+    return krb5_c_valid_cksumtype(ctype);
+}
+
+krb5_boolean KRB5_CALLCONV
+is_keyed_cksum(krb5_cksumtype ctype)
+{
+    return krb5_c_is_keyed_cksum(ctype);
+}
+
+krb5_boolean KRB5_CALLCONV
+is_coll_proof_cksum(krb5_cksumtype ctype)
+{
+    return krb5_c_is_coll_proof_cksum(ctype);
+}
+
+krb5_boolean KRB5_CALLCONV
+valid_enctype(krb5_enctype etype)
+{
+    return krb5_c_valid_enctype(etype);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prf.c b/krb5-1.21.3/src/lib/crypto/krb/prf.c
new file mode 100644
index 00000000..67b856a9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prf.c
@@ -0,0 +1,84 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prf.c */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This contains the implementation of krb5_c_prf, which will find the
+ * enctype-specific PRF and then generate pseudo-random data.  This function
+ * yields krb5_c_prf_length bytes of output.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len)
+{
+    const struct krb5_keytypes *ktp;
+
+    assert(len);
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    *len = ktp->prf_length;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_prf(krb5_context context, krb5_key key,
+           krb5_data *input, krb5_data *output)
+{
+    const struct krb5_keytypes *ktp;
+    krb5_error_code ret;
+
+    assert(input && output);
+    assert(output->data);
+
+    ktp = find_enctype(key->keyblock.enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    if (ktp->prf == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    output->magic = KV5M_DATA;
+    if (ktp->prf_length != output->length)
+        return KRB5_CRYPTO_INTERNAL;
+    ret = ktp->prf(ktp, key, input, output);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf(krb5_context context, const krb5_keyblock *keyblock,
+           krb5_data *input, krb5_data *output)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_prf(context, key, input, output);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prf_aes2.c b/krb5-1.21.3/src/lib/crypto/krb/prf_aes2.c
new file mode 100644
index 00000000..43612280
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prf_aes2.c
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prf_aes2.c - PRF for aes-sha2 enctypes */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_aes2_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                 const krb5_data *in, krb5_data *out)
+{
+    krb5_data label = string2data("prf");
+
+    return k5_sp800_108_counter_hmac(ktp->hash, key, &label, in, out);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prf_cmac.c b/krb5-1.21.3/src/lib/crypto/krb/prf_cmac.c
new file mode 100644
index 00000000..1d4cc4c3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prf_cmac.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prf_cmac.c - CMAC-based PRF */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                    const krb5_data *in, krb5_data *out)
+{
+    krb5_crypto_iov iov;
+    krb5_data prfconst = make_data("prf", 3);
+    krb5_key kp = NULL;
+    krb5_error_code ret;
+
+    if (ktp->prf_length != ktp->enc->block_size)
+        return KRB5_BAD_MSIZE;
+
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+
+    /* Derive a key using the PRF constant. */
+    ret = krb5int_derive_key(ktp->enc, NULL, key, &kp, &prfconst,
+                             DERIVE_SP800_108_CMAC);
+    if (ret != 0)
+        goto cleanup;
+
+    /* PRF is CMAC of input */
+    ret = krb5int_cmac_checksum(ktp->enc, kp, &iov, 1, out);
+    if (ret != 0)
+        goto cleanup;
+
+cleanup:
+    krb5_k_free_key(NULL, kp);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prf_des.c b/krb5-1.21.3/src/lib/crypto/krb/prf_des.c
new file mode 100644
index 00000000..7a2d719c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prf_des.c
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prf_des.c - RFC 3961 DES-based PRF */
+/*
+ * Copyright (C) 2004, 2009  by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                const krb5_data *in, krb5_data *out)
+{
+    const struct krb5_hash_provider *hash = &krb5int_hash_md5;
+    krb5_crypto_iov iov;
+    krb5_error_code ret;
+
+    /* Compute a hash of the input, storing into the output buffer. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    ret = hash->hash(&iov, 1, out);
+    if (ret != 0)
+        return ret;
+
+    /* Encrypt the hash in place. */
+    iov.data = *out;
+    return ktp->enc->encrypt(key, NULL, &iov, 1);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prf_dk.c b/krb5-1.21.3/src/lib/crypto/krb/prf_dk.c
new file mode 100644
index 00000000..544418ba
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prf_dk.c
@@ -0,0 +1,70 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prf_dk.c - RFC 3961 simplified profile PRF */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
+               const krb5_data *in, krb5_data *out)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_crypto_iov iov;
+    krb5_data cksum = empty_data(), prfconst = make_data("prf", 3);
+    krb5_key kp = NULL;
+    krb5_error_code ret;
+
+    /* Hash the input data into an allocated buffer. */
+    ret = alloc_data(&cksum, hash->hashsize);
+    if (ret != 0)
+        goto cleanup;
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    ret = hash->hash(&iov, 1, &cksum);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive a key using the PRF constant. */
+    ret = krb5int_derive_key(ktp->enc, NULL, key, &kp, &prfconst,
+                             DERIVE_RFC3961);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Truncate the hash to the closest multiple of the block size. */
+    iov.data.data = cksum.data;
+    iov.data.length = (hash->hashsize / enc->block_size) * enc->block_size;
+
+    /* Encrypt the truncated hash in the derived key to get the output. */
+    ret = ktp->enc->encrypt(kp, NULL, &iov, 1);
+    if (ret != 0)
+        goto cleanup;
+    memcpy(out->data, iov.data.data, out->length);
+
+cleanup:
+    zapfree(cksum.data, hash->hashsize);
+    krb5_k_free_key(NULL, kp);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prf_rc4.c b/krb5-1.21.3/src/lib/crypto/krb/prf_rc4.c
new file mode 100644
index 00000000..09279532
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prf_rc4.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/prf_rc4.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code
+krb5int_arcfour_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                    const krb5_data *in, krb5_data *out)
+{
+    krb5_crypto_iov iov;
+
+    assert(out->length == 20);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    return krb5int_hmac(&krb5int_hash_sha1, key, &iov, 1, out);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/prng.c b/krb5-1.21.3/src/lib/crypto/krb/prng.c
new file mode 100644
index 00000000..d6b79e2d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/prng.c
@@ -0,0 +1,153 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2001, 2002, 2004, 2007, 2008, 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_seed(krb5_context context, krb5_data *data)
+{
+    return krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OLDAPI, data);
+}
+
+/* Routines to get entropy from the OS. */
+#if defined(_WIN32)
+
+static krb5_boolean
+get_os_entropy(unsigned char *buf, size_t len)
+{
+    krb5_boolean result;
+    HCRYPTPROV provider;
+
+    if (!CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+                             CRYPT_VERIFYCONTEXT))
+        return FALSE;
+    result = CryptGenRandom(provider, len, buf);
+    (void)CryptReleaseContext(provider, 0);
+    return result;
+}
+
+#else /* not Windows */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef __linux__
+#include <sys/syscall.h>
+#endif /* __linux__ */
+
+/* Open device, ensure that it is not a regular file, and read entropy.  Return
+ * true on success, false on failure. */
+static krb5_boolean
+read_entropy_from_device(const char *device, unsigned char *buf, size_t len)
+{
+    struct stat sb;
+    int fd;
+    unsigned char *bp;
+    size_t left;
+    ssize_t count;
+    krb5_boolean result = FALSE;
+
+    fd = open(device, O_RDONLY);
+    if (fd == -1)
+        return FALSE;
+    set_cloexec_fd(fd);
+    if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode))
+        goto cleanup;
+
+    for (bp = buf, left = len; left > 0;) {
+        count = read(fd, bp, left);
+        if (count <= 0)
+            goto cleanup;
+        left -= count;
+        bp += count;
+    }
+    result = TRUE;
+
+cleanup:
+    close(fd);
+    return result;
+}
+
+static krb5_boolean
+get_os_entropy(unsigned char *buf, size_t len)
+{
+#if defined(__linux__) && defined(SYS_getrandom)
+    int r;
+
+    while (len > 0) {
+        /*
+         * Pull from the /dev/urandom pool, but require it to have been seeded.
+         * This ensures strong randomness while only blocking during first
+         * system boot.
+         *
+         * glibc does not currently provide a binding for getrandom:
+         * https://sourceware.org/bugzilla/show_bug.cgi?id=17252
+         */
+        errno = 0;
+        r = syscall(SYS_getrandom, buf, len, 0);
+        if (r <= 0) {
+            if (errno == EINTR)
+                continue;
+
+            /* ENOSYS or other unrecoverable failure */
+            break;
+        }
+        len -= r;
+        buf += r;
+    }
+    if (len == 0)
+        return TRUE;
+#endif /* defined(__linux__) && defined(SYS_getrandom) */
+
+    return read_entropy_from_device("/dev/urandom", buf, len);
+}
+
+#endif /* not Windows */
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
+{
+    krb5_boolean res;
+
+    res = get_os_entropy((uint8_t *)outdata->data, outdata->length);
+    return res ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
+                          const krb5_data *indata)
+{
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
+{
+    *success = 0;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/random_to_key.c b/krb5-1.21.3/src/lib/crypto/krb/random_to_key.c
new file mode 100644
index 00000000..9394385a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/random_to_key.c
@@ -0,0 +1,101 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (c) 2006
+ * The Regents of the University of Michigan
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+/*
+ * Create a key given random data.  It is assumed that random_key has
+ * already been initialized and random_key->contents have been allocated
+ * with the correct length.
+ */
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
+                     krb5_data *random_data, krb5_keyblock *random_key)
+{
+    krb5_error_code ret;
+    const struct krb5_keytypes *ktp;
+
+    if (random_data == NULL || random_key == NULL ||
+        random_key->contents == NULL)
+        return EINVAL;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    if (random_key->length != ktp->enc->keylength)
+        return KRB5_BAD_KEYSIZE;
+
+    ret = ktp->rand2key(random_data, random_key);
+    if (ret)
+        zap(random_key->contents, random_key->length);
+
+    return ret;
+}
+
+krb5_error_code
+k5_rand2key_direct(const krb5_data *randombits, krb5_keyblock *keyblock)
+{
+    if (randombits->length != keyblock->length)
+        return KRB5_CRYPTO_INTERNAL;
+
+    keyblock->magic = KV5M_KEYBLOCK;
+    memcpy(keyblock->contents, randombits->data, randombits->length);
+    return 0;
+}
+
+static inline void
+eighth_byte(unsigned char *b)
+{
+    b[7] = (((b[0] & 1) << 1) | ((b[1] & 1) << 2) | ((b[2] & 1) << 3) |
+            ((b[3] & 1) << 4) | ((b[4] & 1) << 5) | ((b[5] & 1) << 6) |
+            ((b[6] & 1) << 7));
+}
+
+krb5_error_code
+k5_rand2key_des3(const krb5_data *randombits, krb5_keyblock *keyblock)
+{
+    int i;
+
+    if (randombits->length != 21)
+        return KRB5_CRYPTO_INTERNAL;
+
+    keyblock->magic = KV5M_KEYBLOCK;
+
+    /* Take the seven bytes, move them around into the top 7 bits of the
+     * 8 key bytes, then compute the parity bits.  Do this three times. */
+    for (i = 0; i < 3; i++) {
+        memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7);
+        eighth_byte(&keyblock->contents[i * 8]);
+        k5_des_fixup_key_parity(&keyblock->contents[i * 8]);
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c b/krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c
new file mode 100644
index 00000000..1fea0340
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c
@@ -0,0 +1,216 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+static const unsigned char kerberos[] = "kerberos";
+#define kerberos_len (sizeof(kerberos)-1)
+
+krb5_error_code
+krb5int_dk_string_to_key(const struct krb5_keytypes *ktp,
+                         const krb5_data *string, const krb5_data *salt,
+                         const krb5_data *parms, krb5_keyblock *keyblock)
+{
+    krb5_error_code ret;
+    size_t keybytes, keylength, concatlen;
+    unsigned char *concat = NULL, *foldstring = NULL, *foldkeydata = NULL;
+    krb5_data indata;
+    krb5_keyblock foldkeyblock;
+    krb5_key foldkey = NULL;
+
+    /* keyblock->length is checked by krb5int_derive_key. */
+
+    keybytes = ktp->enc->keybytes;
+    keylength = ktp->enc->keylength;
+
+    concatlen = string->length + salt->length;
+
+    concat = k5alloc(concatlen, &ret);
+    if (ret != 0)
+        goto cleanup;
+    foldstring = k5alloc(keybytes, &ret);
+    if (ret != 0)
+        goto cleanup;
+    foldkeydata = k5alloc(keylength, &ret);
+    if (ret != 0)
+        goto cleanup;
+
+    /* construct input string ( = string + salt), fold it, make_key it */
+
+    if (string->length > 0)
+        memcpy(concat, string->data, string->length);
+    if (salt->length > 0)
+        memcpy(concat + string->length, salt->data, salt->length);
+
+    krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
+
+    indata.length = keybytes;
+    indata.data = (char *) foldstring;
+    foldkeyblock.length = keylength;
+    foldkeyblock.contents = foldkeydata;
+    foldkeyblock.enctype = ktp->etype;
+
+    ret = ktp->rand2key(&indata, &foldkeyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    ret = krb5_k_create_key(NULL, &foldkeyblock, &foldkey);
+    if (ret != 0)
+        goto cleanup;
+
+    /* now derive the key from this one */
+
+    indata.length = kerberos_len;
+    indata.data = (char *) kerberos;
+
+    ret = krb5int_derive_keyblock(ktp->enc, NULL, foldkey, keyblock, &indata,
+                                  DERIVE_RFC3961);
+    if (ret != 0)
+        memset(keyblock->contents, 0, keyblock->length);
+
+cleanup:
+    zapfree(concat, concatlen);
+    zapfree(foldstring, keybytes);
+    zapfree(foldkeydata, keylength);
+    krb5_k_free_key(NULL, foldkey);
+    return ret;
+}
+
+
+#define MAX_ITERATION_COUNT             0x1000000L
+
+krb5_boolean k5_allow_weak_pbkdf2iter = FALSE;
+
+static krb5_error_code
+pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string,
+                     const krb5_data *salt, const krb5_data *pepper,
+                     const krb5_data *params, krb5_keyblock *key,
+                     enum deriv_alg deriv_alg, unsigned long def_iter_count)
+{
+    const struct krb5_hash_provider *hash;
+    unsigned long iter_count;
+    krb5_data out;
+    static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
+    krb5_key tempkey = NULL;
+    krb5_error_code err;
+    krb5_data sandp = empty_data();
+
+    if (params) {
+        unsigned char *p = (unsigned char *) params->data;
+        if (params->length != 4)
+            return KRB5_ERR_BAD_S2K_PARAMS;
+        iter_count = load_32_be(p);
+        /* Zero means 2^32, which is way above what we will accept.  Also don't
+         * accept values less than the default, unless we're running tests. */
+        if (iter_count == 0 ||
+            (!k5_allow_weak_pbkdf2iter && iter_count < def_iter_count))
+            return KRB5_ERR_BAD_S2K_PARAMS;
+
+    } else
+        iter_count = def_iter_count;
+
+    /* This is not a protocol specification constraint; this is an
+       implementation limit, which should eventually be controlled by
+       a config file.  */
+    if (iter_count >= MAX_ITERATION_COUNT)
+        return KRB5_ERR_BAD_S2K_PARAMS;
+
+    /* Use the output keyblock contents for temporary space. */
+    out.data = (char *) key->contents;
+    out.length = key->length;
+    if (out.length != 16 && out.length != 32)
+        return KRB5_CRYPTO_INTERNAL;
+
+    if (pepper != NULL) {
+        err = alloc_data(&sandp, pepper->length + 1 + salt->length);
+        if (err)
+            return err;
+
+        if (pepper->length > 0)
+            memcpy(sandp.data, pepper->data, pepper->length);
+        sandp.data[pepper->length] = '\0';
+        if (salt->length > 0)
+            memcpy(&sandp.data[pepper->length + 1], salt->data, salt->length);
+
+        salt = &sandp;
+    }
+
+    hash = (ktp->hash != NULL) ? ktp->hash : &krb5int_hash_sha1;
+    err = krb5int_pbkdf2_hmac(hash, &out, iter_count, string, salt);
+    if (err)
+        goto cleanup;
+
+    err = krb5_k_create_key (NULL, key, &tempkey);
+    if (err)
+        goto cleanup;
+
+    err = krb5int_derive_keyblock(ktp->enc, ktp->hash, tempkey, key, &usage,
+                                  deriv_alg);
+
+cleanup:
+    if (sandp.data)
+        free(sandp.data);
+    if (err)
+        memset (out.data, 0, out.length);
+    krb5_k_free_key (NULL, tempkey);
+    return err;
+}
+
+krb5_error_code
+krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
+                          const krb5_data *string,
+                          const krb5_data *salt,
+                          const krb5_data *params,
+                          krb5_keyblock *key)
+{
+    return pbkdf2_string_to_key(ktp, string, salt, NULL, params, key,
+                                DERIVE_RFC3961, 4096);
+}
+
+krb5_error_code
+krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp,
+                               const krb5_data *string,
+                               const krb5_data *salt,
+                               const krb5_data *params,
+                               krb5_keyblock *key)
+{
+    krb5_data pepper = string2data(ktp->name);
+
+    return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key,
+                                DERIVE_SP800_108_CMAC, 32768);
+}
+
+krb5_error_code
+krb5int_aes2_string_to_key(const struct krb5_keytypes *ktp,
+                           const krb5_data *string, const krb5_data *salt,
+                           const krb5_data *params, krb5_keyblock *key)
+{
+    krb5_data pepper = string2data(ktp->name);
+
+    return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key,
+                                DERIVE_SP800_108_HMAC, 32768);
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c b/krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c
new file mode 100644
index 00000000..f7e699d6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "crypto_int.h"
+#include "k5-utf8.h"
+
+krb5_error_code
+krb5int_arcfour_string_to_key(const struct krb5_keytypes *ktp,
+                              const krb5_data *string, const krb5_data *salt,
+                              const krb5_data *params, krb5_keyblock *key)
+{
+    krb5_error_code err = 0;
+    krb5_crypto_iov iov;
+    krb5_data hash_out;
+    char *utf8;
+    unsigned char *copystr;
+    size_t copystrlen;
+
+    if (params != NULL)
+        return KRB5_ERR_BAD_S2K_PARAMS;
+
+    if (key->length != 16)
+        return (KRB5_BAD_MSIZE);
+
+    /* We ignore salt per the Microsoft spec. */
+    utf8 = k5memdup0(string->data, string->length, &err);
+    if (utf8 == NULL)
+        return err;
+    err = k5_utf8_to_utf16le(utf8, &copystr, &copystrlen);
+    zapfree(utf8, string->length);
+    if (err)
+        return err;
+
+    /* the actual MD4 hash of the data */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(copystr, copystrlen);
+    hash_out = make_data(key->contents, key->length);
+    err = krb5int_hash_md4.hash(&iov, 1, &hash_out);
+
+    /* Zero out the data behind us */
+    zapfree(copystr, copystrlen);
+    return err;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/state.c b/krb5-1.21.3/src/lib/crypto/krb/state.c
new file mode 100644
index 00000000..a7fb020b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/state.c
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/state.c */
+/*
+ * Copyright (C) 2001 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+
+ *
+ *
+ *
+ *  * Section 6 (Encryption) of the Kerberos revisions document defines
+ * cipher states to be used to chain encryptions and decryptions
+ * together.  Examples of cipher states include initialization vectors
+ * for CBC encription.    This file contains implementations of
+ * krb5_c_init_state and krb5_c_free_state used by clients of the
+ * Kerberos crypto library.
+ */
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
+                   krb5_keyusage keyusage, krb5_data *new_state)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    return ktp->enc->init_state(key, keyusage, new_state);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
+                  krb5_data *state)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = find_enctype(key->enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    ktp->enc->free_state(state);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/string_to_cksumtype.c b/krb5-1.21.3/src/lib/crypto/krb/string_to_cksumtype.c
new file mode 100644
index 00000000..3498d2a0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/string_to_cksumtype.c
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
+{
+    unsigned int i, j;
+    const char *alias;
+    const struct krb5_cksumtypes *ctp;
+
+    for (i=0; i<krb5int_cksumtypes_length; i++) {
+        ctp = &krb5int_cksumtypes_list[i];
+        if (strcasecmp(ctp->name, string) == 0) {
+            *cksumtypep = ctp->ctype;
+            return 0;
+        }
+#define MAX_ALIASES (sizeof(ctp->aliases) / sizeof(ctp->aliases[0]))
+        for (j = 0; j < MAX_ALIASES; j++) {
+            alias = ctp->aliases[j];
+            if (alias == NULL)
+                break;
+            if (strcasecmp(alias, string) == 0) {
+                *cksumtypep = ctp->ctype;
+                return 0;
+            }
+        }
+    }
+
+    return EINVAL;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/string_to_key.c b/krb5-1.21.3/src/lib/crypto/krb/string_to_key.c
new file mode 100644
index 00000000..352a8e8d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/string_to_key.c
@@ -0,0 +1,79 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key(krb5_context context, krb5_enctype enctype,
+                     const krb5_data *string, const krb5_data *salt,
+                     krb5_keyblock *key)
+{
+    return krb5_c_string_to_key_with_params(context, enctype, string, salt,
+                                            NULL, key);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
+                                 const krb5_data *string,
+                                 const krb5_data *salt,
+                                 const krb5_data *params, krb5_keyblock *key)
+{
+    krb5_error_code ret;
+    krb5_data empty = empty_data();
+    const struct krb5_keytypes *ktp;
+    size_t keylength;
+
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+    keylength = ktp->enc->keylength;
+
+    /* For compatibility with past behavior, treat a null salt as empty. */
+    if (salt == NULL)
+        salt = &empty;
+
+    /* Fail gracefully if someone is using the old AFS string-to-key hack. */
+    if (salt->length == SALT_TYPE_AFS_LENGTH)
+        return EINVAL;
+
+    key->contents = malloc(keylength);
+    if (key->contents == NULL)
+        return ENOMEM;
+
+    key->magic = KV5M_KEYBLOCK;
+    key->enctype = enctype;
+    key->length = keylength;
+
+    ret = (*ktp->str2key)(ktp, string, salt, params, key);
+    if (ret) {
+        zapfree(key->contents, keylength);
+        key->length = 0;
+        key->contents = NULL;
+    }
+
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/valid_cksumtype.c b/krb5-1.21.3/src/lib/crypto/krb/valid_cksumtype.c
new file mode 100644
index 00000000..eb7807f7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/valid_cksumtype.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_boolean KRB5_CALLCONV
+krb5_c_valid_cksumtype(krb5_cksumtype ctype)
+{
+    const struct krb5_cksumtypes *ctp;
+
+    ctp = find_cksumtype(ctype);
+    if (ctp == NULL)
+        return FALSE;
+    return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/verify_checksum.c b/krb5-1.21.3/src/lib/crypto/krb/verify_checksum.c
new file mode 100644
index 00000000..09425ea7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/verify_checksum.c
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum(krb5_context context, krb5_key key,
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid)
+{
+    const struct krb5_cksumtypes *ctp;
+    krb5_cksumtype cksumtype;
+    krb5_crypto_iov iov;
+    krb5_error_code ret;
+    krb5_data cksum_data;
+    krb5_checksum computed;
+
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *data;
+
+    /* A 0 checksum type means use the mandatory checksum. */
+    cksumtype = cksum->checksum_type;
+    if (cksumtype == 0 && key != NULL) {
+        ret = krb5int_c_mandatory_cksumtype(context, key->keyblock.enctype,
+                                            &cksumtype);
+        if (ret)
+            return ret;
+    }
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
+
+    /* If there's actually a verify function, call it. */
+    cksum_data = make_data(cksum->contents, cksum->length);
+    if (ctp->verify != NULL)
+        return ctp->verify(ctp, key, usage, &iov, 1, &cksum_data, valid);
+
+    /* Otherwise, make the checksum again, and compare. */
+    if (cksum->length != ctp->output_size)
+        return KRB5_BAD_MSIZE;
+
+    ret = krb5_k_make_checksum(context, cksum->checksum_type, key, usage,
+                               data, &computed);
+    if (ret)
+        return ret;
+
+    *valid = (k5_bcmp(computed.contents, cksum->contents,
+                      ctp->output_size) == 0);
+
+    free(computed.contents);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *keyblock,
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid)
+{
+    krb5_key key = NULL;
+    krb5_error_code ret;
+
+    if (keyblock != NULL) {
+        ret = krb5_k_create_key(context, keyblock, &key);
+        if (ret != 0)
+            return ret;
+    }
+    ret = krb5_k_verify_checksum(context, key, usage, data, cksum, valid);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c b/krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c
new file mode 100644
index 00000000..fc76c0e2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c
@@ -0,0 +1,101 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/krb/verify_checksum_iov.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum_iov(krb5_context context,
+                           krb5_cksumtype checksum_type,
+                           krb5_key key,
+                           krb5_keyusage usage,
+                           const krb5_crypto_iov *data,
+                           size_t num_data,
+                           krb5_boolean *valid)
+{
+    const struct krb5_cksumtypes *ctp;
+    krb5_error_code ret;
+    krb5_data computed;
+    krb5_crypto_iov *checksum;
+
+    if (checksum_type == 0) {
+        ret = krb5int_c_mandatory_cksumtype(context, key->keyblock.enctype,
+                                            &checksum_type);
+        if (ret != 0)
+            return ret;
+    }
+    ctp = find_cksumtype(checksum_type);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
+
+    checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data,
+                                    KRB5_CRYPTO_TYPE_CHECKSUM);
+    if (checksum == NULL || checksum->data.length != ctp->output_size)
+        return KRB5_BAD_MSIZE;
+
+    /* If there's actually a verify function, call it. */
+    if (ctp->verify != NULL) {
+        return ctp->verify(ctp, key, usage, data, num_data, &checksum->data,
+                           valid);
+    }
+
+    ret = alloc_data(&computed, ctp->compute_size);
+    if (ret != 0)
+        return ret;
+
+    ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
+    if (ret == 0) {
+        *valid = (k5_bcmp(computed.data, checksum->data.data,
+                          ctp->output_size) == 0);
+    }
+
+    zapfree(computed.data, ctp->compute_size);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_verify_checksum_iov(krb5_context context,
+                           krb5_cksumtype checksum_type,
+                           const krb5_keyblock *keyblock,
+                           krb5_keyusage usage,
+                           const krb5_crypto_iov *data,
+                           size_t num_data,
+                           krb5_boolean *valid)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
+    ret = krb5_k_create_key(context, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_verify_checksum_iov(context, checksum_type, key, usage, data,
+                                     num_data, valid);
+    krb5_k_free_key(context, key);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/crypto/libk5crypto.exports b/krb5-1.21.3/src/lib/crypto/libk5crypto.exports
new file mode 100644
index 00000000..052f4d4b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/libk5crypto.exports
@@ -0,0 +1,105 @@
+krb5_c_make_random_key
+krb5_c_encrypt_length
+krb5_process_key
+krb5_string_to_cksumtype
+krb5_c_valid_enctype
+krb5_c_valid_cksumtype
+krb5_string_to_key
+krb5_c_encrypt_iov
+krb5_c_checksum_length
+is_keyed_cksum
+krb5_c_padding_length
+is_coll_proof_cksum
+krb5_init_random_key
+krb5_c_string_to_key_with_params
+krb5_c_random_make_octets
+krb5_c_random_os_entropy
+krb5_c_decrypt
+krb5_c_crypto_length
+krb5_c_block_size
+krb5_cksumtype_to_string
+krb5_c_keyed_checksum_types
+krb5_c_is_keyed_cksum
+krb5_c_crypto_length_iov
+valid_cksumtype
+krb5_c_random_seed
+krb5_c_random_to_key
+krb5_verify_checksum
+krb5_c_free_state
+krb5_c_verify_checksum
+krb5_c_random_add_entropy
+krb5_c_decrypt_iov
+krb5_c_make_checksum
+krb5_checksum_size
+krb5_free_cksumtypes
+krb5_finish_key
+krb5_encrypt_size
+krb5_c_keylengths
+krb5_c_prf
+krb5_encrypt
+krb5_string_to_enctype
+krb5_c_is_coll_proof_cksum
+krb5_c_init_state
+krb5_eblock_enctype
+krb5_decrypt
+krb5_c_encrypt
+krb5_c_enctype_compare
+krb5_c_verify_checksum_iov
+valid_enctype
+krb5_enctype_to_string
+krb5_enctype_to_name
+krb5_c_make_checksum_iov
+krb5_calculate_checksum
+krb5_c_string_to_key
+krb5_use_enctype
+krb5_random_key
+krb5_finish_random_key
+krb5_c_prf_length
+krb5int_c_mandatory_cksumtype
+krb5_c_fx_cf2_simple
+krb5int_c_weak_enctype
+krb5_encrypt_data
+krb5int_c_copy_keyblock
+krb5int_c_copy_keyblock_contents
+krb5int_c_free_keyblock_contents
+krb5int_c_free_keyblock
+krb5int_c_init_keyblock
+krb5int_hash_md4
+krb5int_hash_md5
+krb5int_hash_sha256
+krb5int_hash_sha384
+krb5int_enc_arcfour
+krb5int_hmac
+krb5_k_create_key
+krb5_k_decrypt
+krb5_k_decrypt_iov
+krb5_k_encrypt
+krb5_k_encrypt_iov
+krb5_k_free_key
+krb5_k_key_enctype
+krb5_k_key_keyblock
+krb5_k_make_checksum
+krb5_k_make_checksum_iov
+krb5_k_prf
+krb5_k_reference_key
+krb5_k_verify_checksum
+krb5_k_verify_checksum_iov
+krb5int_aes_encrypt
+krb5int_aes_decrypt
+krb5int_enc_des3
+krb5int_arcfour_gsscrypt
+krb5int_camellia_encrypt
+krb5int_cmac_checksum
+krb5int_enc_aes128
+krb5int_enc_aes256
+krb5int_enc_camellia128
+krb5int_enc_camellia256
+krb5int_derive_key
+krb5int_derive_random
+k5_sha256
+krb5int_nfold
+k5_allow_weak_pbkdf2iter
+krb5_c_prfplus
+krb5_c_derive_prfplus
+k5_enctype_to_ssf
+krb5int_c_deprecated_enctype
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/Makefile.in b/krb5-1.21.3/src/lib/crypto/openssl/Makefile.in
new file mode 100644
index 00000000..cf11f684
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/Makefile.in
@@ -0,0 +1,44 @@
+mydir=lib$(S)crypto$(S)openssl
+BUILDTOP=$(REL)..$(S)..$(S)..
+SUBDIRS=des enc_provider hash_provider
+LOCALINCLUDES=-I$(srcdir)/../krb $(CRYPTO_IMPL_CFLAGS)
+
+STLIBOBJS=\
+	cmac.o	\
+	hmac.o	\
+	kdf.o	\
+	pbkdf2.o \
+	sha256.o
+
+OBJS=\
+	$(OUTPRE)cmac.$(OBJEXT)	\
+	$(OUTPRE)hmac.$(OBJEXT)	\
+	$(OUTPRE)kdf.$(OBJEXT)	\
+	$(OUTPRE)pbkdf2.$(OBJEXT) \
+	$(OUTPRE)sha256.$(OBJEXT)
+
+SRCS=\
+	$(srcdir)/cmac.c	\
+	$(srcdir)/hmac.c	\
+	$(srcdir)/kdf.c		\
+	$(srcdir)/pbkdf2.c	\
+	$(srcdir)/sha256.c
+
+SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
+		md5/OBJS.ST sha1/OBJS.ST sha2/OBJS.ST 	\
+		enc_provider/OBJS.ST 		\
+		hash_provider/OBJS.ST 		\
+		aes/OBJS.ST 
+
+STOBJLISTS= $(SUBDIROBJLISTS) OBJS.ST
+
+all-unix: all-libobjs
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/cmac.c b/krb5-1.21.3/src/lib/crypto/openssl/cmac.c
new file mode 100644
index 00000000..8f2717b1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/cmac.c
@@ -0,0 +1,93 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/cmac.c - OpenSSL CMAC implementation */
+/*
+ * Copyright (C) 2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_CMAC
+
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+
+krb5_error_code
+krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
+{
+    int ok;
+    EVP_MAC *mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    OSSL_PARAM params[2], *p = params;
+    size_t i = 0, md_len;
+    char *cipher;
+
+    if (enc == &krb5int_enc_camellia128)
+        cipher = "CAMELLIA-128-CBC";
+    else if (enc == &krb5int_enc_camellia256)
+        cipher = "CAMELLIA-256-CBC";
+    else
+        return KRB5_CRYPTO_INTERNAL;
+
+    mac = EVP_MAC_fetch(NULL, "CMAC", NULL);
+    if (mac == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    ctx = EVP_MAC_CTX_new(mac);
+    if (ctx == NULL) {
+        ok = 0;
+        goto cleanup;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, cipher, 0);
+    *p = OSSL_PARAM_construct_end();
+
+    ok = EVP_MAC_init(ctx, key->keyblock.contents, key->keyblock.length,
+                      params);
+    for (i = 0; ok && i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+        if (!SIGN_IOV(iov))
+            continue;
+        ok = EVP_MAC_update(ctx, (uint8_t *)iov->data.data, iov->data.length);
+    }
+    ok = ok && EVP_MAC_final(ctx, (unsigned char *)output->data, &md_len,
+                             output->length);
+    if (!ok)
+        goto cleanup;
+    output->length = md_len;
+
+cleanup:
+    EVP_MAC_free(mac);
+    EVP_MAC_CTX_free(ctx);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#endif /* K5_OPENSSL_CMAC */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/deps b/krb5-1.21.3/src/lib/crypto/openssl/deps
new file mode 100644
index 00000000..3d276a4c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/deps
@@ -0,0 +1,58 @@
+#
+# Generated makefile dependencies follow.
+#
+cmac.so cmac.po $(OUTPRE)cmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cmac.c
+hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hmac.c
+kdf.so kdf.po $(OUTPRE)kdf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdf.c
+pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pbkdf2.c
+sha256.so sha256.po $(OUTPRE)sha256.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  sha256.c
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/des/Makefile.in b/krb5-1.21.3/src/lib/crypto/openssl/des/Makefile.in
new file mode 100644
index 00000000..a6cece1d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/des/Makefile.in
@@ -0,0 +1,20 @@
+mydir=lib$(S)crypto$(S)openssl$(S)des
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+STLIBOBJS= des_keys.o
+
+OBJS= $(OUTPRE)des_keys.$(OBJEXT)
+
+SRCS= $(srcdir)/des_keys.c
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/des/deps b/krb5-1.21.3/src/lib/crypto/openssl/des/deps
new file mode 100644
index 00000000..723c2680
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/des/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+des_keys.so des_keys.po $(OUTPRE)des_keys.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_keys.c
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/des/des_keys.c b/krb5-1.21.3/src/lib/crypto/openssl/des/des_keys.c
new file mode 100644
index 00000000..83f1cbf2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/des/des_keys.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/des/des_keys.c - Key functions used by Kerberos code */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_DES_KEY_PARITY
+
+#include <openssl/des.h>
+
+void
+k5_des_fixup_key_parity(unsigned char *keybits)
+{
+    DES_set_odd_parity((DES_cblock *)keybits);
+}
+
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/Makefile.in b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/Makefile.in
new file mode 100644
index 00000000..26827cfe
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/Makefile.in
@@ -0,0 +1,31 @@
+mydir=lib$(S)crypto$(S)openssl$(S)enc_provider
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+STLIBOBJS= \
+	des3.o 	\
+	rc4.o 	\
+	aes.o   \
+	camellia.o
+
+OBJS= \
+	$(OUTPRE)des3.$(OBJEXT) 	\
+	$(OUTPRE)aes.$(OBJEXT) 	\
+	$(OUTPRE)camellia.$(OBJEXT) 	\
+	$(OUTPRE)rc4.$(OBJEXT)
+
+SRCS= \
+	$(srcdir)/des3.c 	\
+	$(srcdir)/aes.c 	\
+	$(srcdir)/camellia.c 	\
+	$(srcdir)/rc4.c
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/aes.c b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/aes.c
new file mode 100644
index 00000000..4c6ef361
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/aes.c
@@ -0,0 +1,398 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/enc_provider/aes.c */
+/*
+ * Copyright (C) 2003, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_AES
+
+#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#else
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+#endif
+
+/* proto's */
+static krb5_error_code
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+        size_t num_data);
+static krb5_error_code
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data);
+static krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen);
+static krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen);
+
+#define BLOCK_SIZE 16
+#define NUM_BITS 8
+#define IV_CTS_BUF_SIZE 16 /* 16 - hardcoded in CRYPTO_cts128_en/decrypt */
+
+static const EVP_CIPHER *
+map_mode(unsigned int len)
+{
+    if (len==16)
+        return EVP_aes_128_cbc();
+    if (len==32)
+        return EVP_aes_256_cbc();
+    else
+        return NULL;
+}
+
+/* Encrypt one block using CBC. */
+static krb5_error_code
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+        size_t num_data)
+{
+    int             ret, olen = BLOCK_SIZE;
+    unsigned char   iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
+    EVP_CIPHER_CTX  *ctx;
+    struct iov_cursor cursor;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ret = EVP_EncryptInit_ex(ctx, map_mode(key->keyblock.length),
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (ret == 0) {
+        EVP_CIPHER_CTX_free(ctx);
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+    k5_iov_cursor_get(&cursor, iblock);
+    EVP_CIPHER_CTX_set_padding(ctx,0);
+    ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, BLOCK_SIZE);
+    if (ret == 1)
+        k5_iov_cursor_put(&cursor, oblock);
+    EVP_CIPHER_CTX_free(ctx);
+
+    zap(iblock, BLOCK_SIZE);
+    zap(oblock, BLOCK_SIZE);
+    return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+/* Decrypt one block using CBC. */
+static krb5_error_code
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data)
+{
+    int              ret = 0, olen = BLOCK_SIZE;
+    unsigned char    iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
+    EVP_CIPHER_CTX   *ctx;
+    struct iov_cursor cursor;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ret = EVP_DecryptInit_ex(ctx, map_mode(key->keyblock.length),
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (ret == 0) {
+        EVP_CIPHER_CTX_free(ctx);
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+    k5_iov_cursor_get(&cursor, iblock);
+    EVP_CIPHER_CTX_set_padding(ctx,0);
+    ret = EVP_DecryptUpdate(ctx, oblock, &olen, iblock, BLOCK_SIZE);
+    if (ret == 1)
+        k5_iov_cursor_put(&cursor, oblock);
+    EVP_CIPHER_CTX_free(ctx);
+
+    zap(iblock, BLOCK_SIZE);
+    zap(oblock, BLOCK_SIZE);
+    return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+static krb5_error_code
+do_cts(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+       size_t num_data, size_t dlen, int encrypt)
+{
+    krb5_error_code ret;
+    int outlen, len;
+    unsigned char *oblock = NULL, *dbuf = NULL;
+    unsigned char iv_cts[IV_CTS_BUF_SIZE];
+    struct iov_cursor cursor;
+    OSSL_PARAM params[2], *p = params;
+    EVP_CIPHER_CTX *ctx = NULL;
+    EVP_CIPHER *cipher = NULL;
+
+    memset(iv_cts, 0, sizeof(iv_cts));
+    if (ivec != NULL && ivec->data != NULL){
+        if (ivec->length != sizeof(iv_cts))
+            return KRB5_CRYPTO_INTERNAL;
+        memcpy(iv_cts, ivec->data, ivec->length);
+    }
+
+    if (key->keyblock.length == 16)
+        cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC-CTS", NULL);
+    else if (key->keyblock.length == 32)
+        cipher = EVP_CIPHER_fetch(NULL, "AES-256-CBC-CTS", NULL);
+    if (cipher == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    oblock = OPENSSL_malloc(dlen);
+    dbuf = OPENSSL_malloc(dlen);
+    ctx = EVP_CIPHER_CTX_new();
+    if (oblock == NULL || dbuf == NULL || ctx == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+    k5_iov_cursor_get(&cursor, dbuf);
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
+                                            "CS3", 0);
+    *p = OSSL_PARAM_construct_end();
+    if (!EVP_CipherInit_ex2(ctx, cipher, key->keyblock.contents, iv_cts,
+                            encrypt, params) ||
+        !EVP_CipherUpdate(ctx, oblock, &outlen, dbuf, dlen) ||
+        !EVP_CipherFinal_ex(ctx, oblock + outlen, &len)) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto cleanup;
+    }
+
+    if (ivec != NULL && ivec->data != NULL &&
+        !EVP_CIPHER_CTX_get_updated_iv(ctx, ivec->data, sizeof(iv_cts))) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto cleanup;
+    }
+
+    k5_iov_cursor_put(&cursor, oblock);
+
+    ret = 0;
+cleanup:
+    OPENSSL_clear_free(oblock, dlen);
+    OPENSSL_clear_free(dbuf, dlen);
+    EVP_CIPHER_CTX_free(ctx);
+    EVP_CIPHER_free(cipher);
+    return ret;
+}
+
+static inline krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    return do_cts(key, ivec, data, num_data, dlen, 1);
+}
+
+static inline krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    return do_cts(key, ivec, data, num_data, dlen, 0);
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+static krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    int                    ret = 0;
+    size_t                 size = 0;
+    unsigned char         *oblock = NULL, *dbuf = NULL;
+    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
+    struct iov_cursor      cursor;
+    AES_KEY                enck;
+
+    memset(iv_cts,0,sizeof(iv_cts));
+    if (ivec && ivec->data){
+        if (ivec->length != sizeof(iv_cts))
+            return KRB5_CRYPTO_INTERNAL;
+        memcpy(iv_cts, ivec->data,ivec->length);
+    }
+
+    oblock = OPENSSL_malloc(dlen);
+    if (!oblock){
+        return ENOMEM;
+    }
+    dbuf = OPENSSL_malloc(dlen);
+    if (!dbuf){
+        OPENSSL_free(oblock);
+        return ENOMEM;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+    k5_iov_cursor_get(&cursor, dbuf);
+
+    AES_set_encrypt_key(key->keyblock.contents,
+                        NUM_BITS * key->keyblock.length, &enck);
+
+    size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
+                                 iv_cts, (cbc128_f)AES_cbc_encrypt);
+    if (size <= 0)
+        ret = KRB5_CRYPTO_INTERNAL;
+    else
+        k5_iov_cursor_put(&cursor, oblock);
+
+    if (!ret && ivec && ivec->data)
+        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
+
+    zap(oblock, dlen);
+    zap(dbuf, dlen);
+    OPENSSL_free(oblock);
+    OPENSSL_free(dbuf);
+
+    return ret;
+}
+
+static krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    int                    ret = 0;
+    size_t                 size = 0;
+    unsigned char         *oblock = NULL;
+    unsigned char         *dbuf = NULL;
+    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
+    struct iov_cursor      cursor;
+    AES_KEY                deck;
+
+    memset(iv_cts,0,sizeof(iv_cts));
+    if (ivec && ivec->data){
+        if (ivec->length != sizeof(iv_cts))
+            return KRB5_CRYPTO_INTERNAL;
+        memcpy(iv_cts, ivec->data,ivec->length);
+    }
+
+    oblock = OPENSSL_malloc(dlen);
+    if (!oblock)
+        return ENOMEM;
+    dbuf = OPENSSL_malloc(dlen);
+    if (!dbuf){
+        OPENSSL_free(oblock);
+        return ENOMEM;
+    }
+
+    AES_set_decrypt_key(key->keyblock.contents,
+                        NUM_BITS * key->keyblock.length, &deck);
+
+    k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+    k5_iov_cursor_get(&cursor, dbuf);
+
+    size = CRYPTO_cts128_decrypt((unsigned char *)dbuf, oblock,
+                                 dlen, &deck,
+                                 iv_cts, (cbc128_f)AES_cbc_encrypt);
+    if (size <= 0)
+        ret = KRB5_CRYPTO_INTERNAL;
+    else
+        k5_iov_cursor_put(&cursor, oblock);
+
+    if (!ret && ivec && ivec->data)
+        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
+
+    zap(oblock, dlen);
+    zap(dbuf, dlen);
+    OPENSSL_free(oblock);
+    OPENSSL_free(dbuf);
+
+    return ret;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+krb5_error_code
+krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    int    ret = 0;
+    size_t input_length, nblocks;
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        if (input_length != BLOCK_SIZE)
+            return KRB5_BAD_MSIZE;
+        ret = cbc_enc(key, ivec, data, num_data);
+    } else if (nblocks > 1) {
+        ret = cts_encr(key, ivec, data, num_data, input_length);
+    }
+
+    return ret;
+}
+
+krb5_error_code
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    int    ret = 0;
+    size_t input_length, nblocks;
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        if (input_length != BLOCK_SIZE)
+            return KRB5_BAD_MSIZE;
+        ret = cbc_decr(key, ivec, data, num_data);
+    } else if (nblocks > 1) {
+        ret = cts_decr(key, ivec, data, num_data, input_length);
+    }
+
+    return ret;
+}
+
+static krb5_error_code
+krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+                        krb5_data *state)
+{
+    state->length = 16;
+    state->data = (void *) malloc(16);
+    if (state->data == NULL)
+        return ENOMEM;
+    memset(state->data, 0, state->length);
+    return 0;
+}
+const struct krb5_enc_provider krb5int_enc_aes128 = {
+    16,
+    16, 16,
+    krb5int_aes_encrypt,
+    krb5int_aes_decrypt,
+    NULL,
+    krb5int_aes_init_state,
+    krb5int_default_free_state
+};
+
+const struct krb5_enc_provider krb5int_enc_aes256 = {
+    16,
+    32, 32,
+    krb5int_aes_encrypt,
+    krb5int_aes_decrypt,
+    NULL,
+    krb5int_aes_init_state,
+    krb5int_default_free_state
+};
+
+#endif /* K5_OPENSSL_AES */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/camellia.c b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/camellia.c
new file mode 100644
index 00000000..01920e6c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/camellia.c
@@ -0,0 +1,448 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/enc_provider/camellia.c */
+/*
+ * Copyright (C) 2003, 2007, 2008, 2009, 2010 by the Massachusetts Institute of
+ * Technology.  All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_CAMELLIA
+
+#include <openssl/evp.h>
+#include <openssl/camellia.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#else
+#include <openssl/modes.h>
+#endif
+
+static krb5_error_code
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+        size_t num_data);
+static krb5_error_code
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data);
+static krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen);
+static krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen);
+
+#define BLOCK_SIZE 16
+#define NUM_BITS 8
+#define IV_CTS_BUF_SIZE 16 /* 16 - hardcoded in CRYPTO_cts128_en/decrypt */
+
+static const EVP_CIPHER *
+map_mode(unsigned int len)
+{
+    if (len==16)
+        return EVP_camellia_128_cbc();
+    if (len==32)
+        return EVP_camellia_256_cbc();
+    else
+        return NULL;
+}
+
+/* Encrypt one block using CBC. */
+static krb5_error_code
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+        size_t num_data)
+{
+    int             ret, olen = BLOCK_SIZE;
+    unsigned char   iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
+    EVP_CIPHER_CTX  *ctx;
+    struct iov_cursor cursor;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ret = EVP_EncryptInit_ex(ctx, map_mode(key->keyblock.length),
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (ret == 0) {
+        EVP_CIPHER_CTX_free(ctx);
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+    k5_iov_cursor_get(&cursor, iblock);
+    EVP_CIPHER_CTX_set_padding(ctx,0);
+    ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, BLOCK_SIZE);
+    if (ret == 1)
+        k5_iov_cursor_put(&cursor, oblock);
+    EVP_CIPHER_CTX_free(ctx);
+
+    zap(iblock, BLOCK_SIZE);
+    zap(oblock, BLOCK_SIZE);
+    return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+/* Decrypt one block using CBC. */
+static krb5_error_code
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data)
+{
+    int              ret = 0, olen = BLOCK_SIZE;
+    unsigned char    iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
+    EVP_CIPHER_CTX   *ctx;
+    struct iov_cursor cursor;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ret = EVP_DecryptInit_ex(ctx, map_mode(key->keyblock.length),
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (ret == 0) {
+        EVP_CIPHER_CTX_free(ctx);
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, BLOCK_SIZE, FALSE);
+    k5_iov_cursor_get(&cursor, iblock);
+    EVP_CIPHER_CTX_set_padding(ctx,0);
+    ret = EVP_DecryptUpdate(ctx, oblock, &olen, iblock, BLOCK_SIZE);
+    if (ret == 1)
+        k5_iov_cursor_put(&cursor, oblock);
+    EVP_CIPHER_CTX_free(ctx);
+
+    zap(iblock, BLOCK_SIZE);
+    zap(oblock, BLOCK_SIZE);
+    return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+static krb5_error_code
+do_cts(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+       size_t num_data, size_t dlen, int encrypt)
+{
+    krb5_error_code ret;
+    int outlen, len;
+    unsigned char *oblock = NULL, *dbuf = NULL;
+    unsigned char iv_cts[IV_CTS_BUF_SIZE];
+    struct iov_cursor cursor;
+    OSSL_PARAM params[2], *p = params;
+    EVP_CIPHER_CTX *ctx = NULL;
+    EVP_CIPHER *cipher = NULL;
+
+    memset(iv_cts, 0, sizeof(iv_cts));
+    if (ivec != NULL && ivec->data != NULL){
+        if (ivec->length != sizeof(iv_cts))
+            return KRB5_CRYPTO_INTERNAL;
+        memcpy(iv_cts, ivec->data, ivec->length);
+    }
+
+    if (key->keyblock.length == 16)
+        cipher = EVP_CIPHER_fetch(NULL, "CAMELLIA-128-CBC-CTS", NULL);
+    else if (key->keyblock.length == 32)
+        cipher = EVP_CIPHER_fetch(NULL, "CAMELLIA-256-CBC-CTS", NULL);
+    if (cipher == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    oblock = OPENSSL_malloc(dlen);
+    dbuf = OPENSSL_malloc(dlen);
+    ctx = EVP_CIPHER_CTX_new();
+    if (oblock == NULL || dbuf == NULL || ctx == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+    k5_iov_cursor_get(&cursor, dbuf);
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE,
+                                            "CS3", 0);
+    *p = OSSL_PARAM_construct_end();
+    if (!EVP_CipherInit_ex2(ctx, cipher, key->keyblock.contents, iv_cts,
+                            encrypt, params) ||
+        !EVP_CipherUpdate(ctx, oblock, &outlen, dbuf, dlen) ||
+        !EVP_CipherFinal_ex(ctx, oblock + outlen, &len)) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto cleanup;
+    }
+
+    if (ivec != NULL && ivec->data != NULL &&
+        !EVP_CIPHER_CTX_get_updated_iv(ctx, ivec->data, sizeof(iv_cts))) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto cleanup;
+    }
+
+    k5_iov_cursor_put(&cursor, oblock);
+
+    ret = 0;
+cleanup:
+    OPENSSL_clear_free(oblock, dlen);
+    OPENSSL_clear_free(dbuf, dlen);
+    EVP_CIPHER_CTX_free(ctx);
+    EVP_CIPHER_free(cipher);
+    return ret;
+}
+
+static inline krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    return do_cts(key, ivec, data, num_data, dlen, 1);
+}
+
+static inline krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    return do_cts(key, ivec, data, num_data, dlen, 0);
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+static krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    int                    ret = 0;
+    size_t                 size = 0;
+    unsigned char         *oblock = NULL, *dbuf = NULL;
+    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
+    struct iov_cursor      cursor;
+    CAMELLIA_KEY           enck;
+
+    memset(iv_cts,0,sizeof(iv_cts));
+    if (ivec && ivec->data){
+        if (ivec->length != sizeof(iv_cts))
+            return KRB5_CRYPTO_INTERNAL;
+        memcpy(iv_cts, ivec->data,ivec->length);
+    }
+
+    oblock = OPENSSL_malloc(dlen);
+    if (!oblock){
+        return ENOMEM;
+    }
+    dbuf = OPENSSL_malloc(dlen);
+    if (!dbuf){
+        OPENSSL_free(oblock);
+        return ENOMEM;
+    }
+
+    k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+    k5_iov_cursor_get(&cursor, dbuf);
+
+    Camellia_set_key(key->keyblock.contents, NUM_BITS * key->keyblock.length,
+                     &enck);
+
+    size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
+                                 iv_cts, (cbc128_f)Camellia_cbc_encrypt);
+    if (size <= 0)
+        ret = KRB5_CRYPTO_INTERNAL;
+    else
+        k5_iov_cursor_put(&cursor, oblock);
+
+    if (!ret && ivec && ivec->data)
+        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
+
+    zap(oblock, dlen);
+    zap(dbuf, dlen);
+    OPENSSL_free(oblock);
+    OPENSSL_free(dbuf);
+
+    return ret;
+}
+
+static krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
+{
+    int                    ret = 0;
+    size_t                 size = 0;
+    unsigned char         *oblock = NULL;
+    unsigned char         *dbuf = NULL;
+    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
+    struct iov_cursor      cursor;
+    CAMELLIA_KEY           deck;
+
+    memset(iv_cts,0,sizeof(iv_cts));
+    if (ivec && ivec->data){
+        if (ivec->length != sizeof(iv_cts))
+            return KRB5_CRYPTO_INTERNAL;
+        memcpy(iv_cts, ivec->data,ivec->length);
+    }
+
+    oblock = OPENSSL_malloc(dlen);
+    if (!oblock)
+        return ENOMEM;
+    dbuf = OPENSSL_malloc(dlen);
+    if (!dbuf){
+        OPENSSL_free(oblock);
+        return ENOMEM;
+    }
+
+    Camellia_set_key(key->keyblock.contents, NUM_BITS * key->keyblock.length,
+                     &deck);
+
+    k5_iov_cursor_init(&cursor, data, num_data, dlen, FALSE);
+    k5_iov_cursor_get(&cursor, dbuf);
+
+    size = CRYPTO_cts128_decrypt((unsigned char *)dbuf, oblock,
+                                 dlen, &deck,
+                                 iv_cts, (cbc128_f)Camellia_cbc_encrypt);
+    if (size <= 0)
+        ret = KRB5_CRYPTO_INTERNAL;
+    else
+        k5_iov_cursor_put(&cursor, oblock);
+
+    if (!ret && ivec && ivec->data)
+        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
+
+    zap(oblock, dlen);
+    zap(dbuf, dlen);
+    OPENSSL_free(oblock);
+    OPENSSL_free(dbuf);
+
+    return ret;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+krb5_error_code
+krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
+                         krb5_crypto_iov *data, size_t num_data)
+{
+    int    ret = 0;
+    size_t input_length, nblocks;
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        if (input_length != BLOCK_SIZE)
+            return KRB5_BAD_MSIZE;
+        ret = cbc_enc(key, ivec, data, num_data);
+    } else if (nblocks > 1) {
+        ret = cts_encr(key, ivec, data, num_data, input_length);
+    }
+
+    return ret;
+}
+
+static krb5_error_code
+krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
+                         krb5_crypto_iov *data, size_t num_data)
+{
+    int    ret = 0;
+    size_t input_length, nblocks;
+
+    input_length = iov_total_length(data, num_data, FALSE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        if (input_length != BLOCK_SIZE)
+            return KRB5_BAD_MSIZE;
+        ret = cbc_decr(key, ivec, data, num_data);
+    } else if (nblocks > 1) {
+        ret = cts_decr(key, ivec, data, num_data, input_length);
+    }
+
+    return ret;
+}
+
+#ifdef K5_BUILTIN_CMAC
+
+static void
+xorblock(uint8_t *out, const uint8_t *in)
+{
+    int z;
+
+    for (z = 0; z < CAMELLIA_BLOCK_SIZE / 4; z++) {
+        uint8_t *outptr = &out[z * 4];
+        const uint8_t *inptr = &in[z * 4];
+
+        store_32_n(load_32_n(outptr) ^ load_32_n(inptr), outptr);
+    }
+}
+
+static krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+                         size_t num_data, const krb5_data *iv,
+                         krb5_data *output)
+{
+    CAMELLIA_KEY enck;
+    unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
+    struct iov_cursor cursor;
+
+    if (output->length < CAMELLIA_BLOCK_SIZE)
+        return KRB5_BAD_MSIZE;
+
+    Camellia_set_key(key->keyblock.contents,
+                     NUM_BITS * key->keyblock.length, &enck);
+
+    if (iv != NULL)
+        memcpy(blockY, iv->data, CAMELLIA_BLOCK_SIZE);
+    else
+        memset(blockY, 0, CAMELLIA_BLOCK_SIZE);
+
+    k5_iov_cursor_init(&cursor, data, num_data, CAMELLIA_BLOCK_SIZE, FALSE);
+    while (k5_iov_cursor_get(&cursor, blockB)) {
+        xorblock(blockB, blockY);
+        Camellia_ecb_encrypt(blockB, blockY, &enck, 1);
+    }
+
+    output->length = CAMELLIA_BLOCK_SIZE;
+    memcpy(output->data, blockY, CAMELLIA_BLOCK_SIZE);
+
+    return 0;
+}
+
+#else
+#define krb5int_camellia_cbc_mac NULL
+#endif
+
+static krb5_error_code
+krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+                             krb5_data *state)
+{
+    state->length = 16;
+    state->data = (void *) malloc(16);
+    if (state->data == NULL)
+        return ENOMEM;
+    memset(state->data, 0, state->length);
+    return 0;
+}
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
+    16,
+    16, 16,
+    krb5int_camellia_encrypt,
+    krb5int_camellia_decrypt,
+    krb5int_camellia_cbc_mac,   /* NULL if K5_BUILTIN_CMAC not defined */
+    krb5int_camellia_init_state,
+    krb5int_default_free_state
+};
+
+const struct krb5_enc_provider krb5int_enc_camellia256 = {
+    16,
+    32, 32,
+    krb5int_camellia_encrypt,
+    krb5int_camellia_decrypt,
+    krb5int_camellia_cbc_mac,   /* NULL if K5_BUILTIN_CMAC not defined */
+    krb5int_camellia_init_state,
+    krb5int_default_free_state
+};
+
+#endif /* K5_OPENSSL_CAMELLIA */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/deps b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/deps
new file mode 100644
index 00000000..1c87a526
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/deps
@@ -0,0 +1,47 @@
+#
+# Generated makefile dependencies follow.
+#
+des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des3.c
+aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aes.c
+camellia.so camellia.po $(OUTPRE)camellia.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h camellia.c
+rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  rc4.c
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/des3.c b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/des3.c
new file mode 100644
index 00000000..90fcf9ac
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/des3.c
@@ -0,0 +1,188 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/enc_provider/des3.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_DES
+
+#include <openssl/evp.h>
+
+#define DES3_BLOCK_SIZE 8
+#define DES3_KEY_SIZE 24
+#define DES3_KEY_BYTES 21
+
+static krb5_error_code
+validate(krb5_key key, const krb5_data *ivec, const krb5_crypto_iov *data,
+         size_t num_data, krb5_boolean *empty)
+{
+    size_t input_length = iov_total_length(data, num_data, FALSE);
+
+    if (key->keyblock.length != DES3_KEY_SIZE)
+        return(KRB5_BAD_KEYSIZE);
+    if ((input_length%DES3_BLOCK_SIZE) != 0)
+        return(KRB5_BAD_MSIZE);
+    if (ivec && (ivec->length != 8))
+        return(KRB5_BAD_MSIZE);
+
+    *empty = (input_length == 0);
+    return 0;
+}
+
+static krb5_error_code
+k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
+{
+    int ret, olen = DES3_BLOCK_SIZE;
+    unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE];
+    struct iov_cursor cursor;
+    EVP_CIPHER_CTX *ctx;
+    krb5_boolean empty;
+
+    ret = validate(key, ivec, data, num_data, &empty);
+    if (ret != 0 || empty)
+        return ret;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ret = EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
+                             key->keyblock.contents,
+                             (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (!ret) {
+        EVP_CIPHER_CTX_free(ctx);
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    EVP_CIPHER_CTX_set_padding(ctx,0);
+
+    k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE);
+    while (k5_iov_cursor_get(&cursor, iblock)) {
+        ret = EVP_EncryptUpdate(ctx, oblock, &olen, iblock, DES3_BLOCK_SIZE);
+        if (!ret)
+            break;
+        k5_iov_cursor_put(&cursor, oblock);
+    }
+
+    if (ivec != NULL)
+        memcpy(ivec->data, oblock, DES3_BLOCK_SIZE);
+
+    EVP_CIPHER_CTX_free(ctx);
+
+    zap(iblock, sizeof(iblock));
+    zap(oblock, sizeof(oblock));
+
+    if (ret != 1)
+        return KRB5_CRYPTO_INTERNAL;
+    return 0;
+}
+
+static krb5_error_code
+k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
+{
+    int ret, olen = DES3_BLOCK_SIZE;
+    unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE];
+    struct iov_cursor cursor;
+    EVP_CIPHER_CTX *ctx;
+    krb5_boolean empty;
+
+    ret = validate(key, ivec, data, num_data, &empty);
+    if (ret != 0 || empty)
+        return ret;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ret = EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
+                             key->keyblock.contents,
+                             (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (!ret) {
+        EVP_CIPHER_CTX_free(ctx);
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    EVP_CIPHER_CTX_set_padding(ctx,0);
+
+    k5_iov_cursor_init(&cursor, data, num_data, DES3_BLOCK_SIZE, FALSE);
+    while (k5_iov_cursor_get(&cursor, iblock)) {
+        ret = EVP_DecryptUpdate(ctx, oblock, &olen,
+                                (unsigned char *)iblock, DES3_BLOCK_SIZE);
+        if (!ret)
+            break;
+        k5_iov_cursor_put(&cursor, oblock);
+    }
+
+    if (ivec != NULL)
+        memcpy(ivec->data, iblock, DES3_BLOCK_SIZE);
+
+    EVP_CIPHER_CTX_free(ctx);
+
+    zap(iblock, sizeof(iblock));
+    zap(oblock, sizeof(oblock));
+
+    if (ret != 1)
+        return KRB5_CRYPTO_INTERNAL;
+    return 0;
+}
+
+const struct krb5_enc_provider krb5int_enc_des3 = {
+    DES3_BLOCK_SIZE,
+    DES3_KEY_BYTES, DES3_KEY_SIZE,
+    k5_des3_encrypt,
+    k5_des3_decrypt,
+    NULL,
+    krb5int_des_init_state,
+    krb5int_default_free_state
+};
+
+#endif /* K5_OPENSSL_DES */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/rc4.c b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/rc4.c
new file mode 100644
index 00000000..448d5633
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/enc_provider/rc4.c
@@ -0,0 +1,170 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/enc_provider/rc4.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright (c) 2000 by Computer Science Laboratory,
+ *                       Rensselaer Polytechnic Institute
+ *
+ * #include STD_DISCLAIMER
+ */
+
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_RC4
+
+#include <openssl/evp.h>
+
+/*
+ * The loopback field is a pointer to the structure.  If the application copies
+ * the state (not a valid operation, but one which happens to works with some
+ * other enc providers), we can detect it via the loopback field and return a
+ * sane error code.
+ */
+struct arcfour_state {
+    struct arcfour_state *loopback;
+    EVP_CIPHER_CTX *ctx;
+};
+
+#define RC4_KEY_SIZE 16
+#define RC4_BLOCK_SIZE 1
+
+/* Interface layer to krb5 crypto layer */
+
+/* The workhorse of the arcfour system,
+ * this implements the cipher
+ */
+
+/* In-place IOV crypto */
+static krb5_error_code
+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+                   size_t num_data)
+{
+    size_t i;
+    int ret = 1, tmp_len = 0;
+    krb5_crypto_iov *iov     = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    struct arcfour_state *arcstate;
+
+    arcstate = (state != NULL) ? (void *)state->data : NULL;
+    if (arcstate != NULL) {
+        ctx = arcstate->ctx;
+        if (arcstate->loopback != arcstate)
+            return KRB5_CRYPTO_INTERNAL;
+    }
+
+    if (ctx == NULL) {
+        ctx = EVP_CIPHER_CTX_new();
+        if (ctx == NULL)
+            return ENOMEM;
+
+        ret = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, key->keyblock.contents,
+                                 NULL);
+        if (!ret) {
+            EVP_CIPHER_CTX_free(ctx);
+            return KRB5_CRYPTO_INTERNAL;
+        }
+
+        if (arcstate != NULL)
+            arcstate->ctx = ctx;
+    }
+
+    for (i = 0; i < num_data; i++) {
+        iov = &data[i];
+        if (ENCRYPT_IOV(iov)) {
+            ret = EVP_EncryptUpdate(ctx,
+                                    (unsigned char *) iov->data.data, &tmp_len,
+                                    (unsigned char *) iov->data.data,
+                                    iov->data.length);
+            if (!ret)
+                break;
+        }
+    }
+
+    if (arcstate == NULL)
+        EVP_CIPHER_CTX_free(ctx);
+
+    if (!ret)
+        return KRB5_CRYPTO_INTERNAL;
+
+    return 0;
+}
+
+static void
+k5_arcfour_free_state(krb5_data *state)
+{
+    struct arcfour_state *arcstate = (void *)state->data;
+
+    EVP_CIPHER_CTX_free(arcstate->ctx);
+    free(arcstate);
+}
+
+static krb5_error_code
+k5_arcfour_init_state(const krb5_keyblock *key,
+                      krb5_keyusage keyusage, krb5_data *new_state)
+{
+    struct arcfour_state *arcstate;
+
+    /*
+     * The cipher state here is a saved pointer to a struct arcfour_state
+     * object, rather than a flat byte array as in most enc providers.  The
+     * object includes a loopback pointer to detect if if the caller made a
+     * copy of the krb5_data value or otherwise assumed it was a simple byte
+     * array.  When we cast the data pointer back, we need to go through void *
+     * to avoid increased alignment warnings.
+     */
+
+    /* Create a state structure with an uninitialized context. */
+    arcstate = calloc(1, sizeof(*arcstate));
+    if (arcstate == NULL)
+        return ENOMEM;
+    arcstate->loopback = arcstate;
+    arcstate->ctx = NULL;
+    new_state->data = (char *) arcstate;
+    new_state->length = sizeof(*arcstate);
+    return 0;
+}
+
+/* Since the arcfour cipher is identical going forwards and backwards,
+   we just call "docrypt" directly
+*/
+const struct krb5_enc_provider krb5int_enc_arcfour = {
+    /* This seems to work... although I am not sure what the
+       implications are in other places in the kerberos library */
+    RC4_BLOCK_SIZE,
+    /* Keysize is arbitrary in arcfour, but the constraints of the
+       system, and to attempt to work with the MSFT system forces us
+       to 16byte/128bit.  Since there is no parity in the key, the
+       byte and length are the same.  */
+    RC4_KEY_SIZE, RC4_KEY_SIZE,
+    k5_arcfour_docrypt,
+    k5_arcfour_docrypt,
+    NULL,
+    k5_arcfour_init_state,
+    k5_arcfour_free_state
+};
+
+#endif /* K5_OPENSSL_RC4 */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/Makefile.in b/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/Makefile.in
new file mode 100644
index 00000000..b696c4e9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/Makefile.in
@@ -0,0 +1,20 @@
+mydir=lib$(S)crypto$(S)openssl$(S)hash_provider
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../../krb $(CRYPTO_IMPL_CFLAGS)
+
+STLIBOBJS=   hash_evp.o
+
+OBJS=   $(OUTPRE)hash_evp.$(OBJEXT)
+
+SRCS=	$(srcdir)/hash_evp.c
+
+all-unix: all-libobjs
+
+includes: depend
+
+depend: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/deps b/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/deps
new file mode 100644
index 00000000..afc2e845
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+hash_evp.so hash_evp.po $(OUTPRE)hash_evp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/crypto_int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h hash_evp.c
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/hash_evp.c b/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/hash_evp.c
new file mode 100644
index 00000000..f2fbffdb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/hash_provider/hash_evp.c
@@ -0,0 +1,133 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/hash_provider/hash_evp.c - OpenSSL hash providers */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+#if defined(K5_OPENSSL_MD4) || defined(K5_OPENSSL_MD5) ||       \
+    defined(K5_OPENSSL_SHA1) || defined(K5_OPENSSL_SHA2)
+
+#include <openssl/evp.h>
+
+/* 1.1 standardizes constructor and destructor names, renaming
+ * EVP_MD_CTX_create and EVP_MD_CTX_destroy. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
+static krb5_error_code
+hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data,
+         krb5_data *output)
+{
+    EVP_MD_CTX *ctx;
+    const krb5_data *d;
+    size_t i;
+    int ok;
+
+    if (output->length != (unsigned int)EVP_MD_size(type))
+        return KRB5_CRYPTO_INTERNAL;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ok = EVP_DigestInit_ex(ctx, type, NULL);
+    for (i = 0; i < num_data; i++) {
+        if (!SIGN_IOV(&data[i]))
+            continue;
+        d = &data[i].data;
+        ok = ok && EVP_DigestUpdate(ctx, d->data, d->length);
+    }
+    ok = ok && EVP_DigestFinal_ex(ctx, (uint8_t *)output->data, NULL);
+    EVP_MD_CTX_free(ctx);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#endif
+
+#ifdef K5_OPENSSL_MD4
+static krb5_error_code
+hash_md4(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_md4(), data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_md4 = {
+    "MD4", 16, 64, hash_md4
+};
+#endif
+
+#ifdef K5_OPENSSL_MD5
+static krb5_error_code
+hash_md5(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_md5(), data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_md5 = {
+    "MD5", 16, 64, hash_md5
+};
+#endif
+
+#ifdef K5_OPENSSL_SHA1
+static krb5_error_code
+hash_sha1(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_sha1(), data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_sha1 = {
+    "SHA1", 20, 64, hash_sha1
+};
+#endif
+
+#ifdef K5_OPENSSL_SHA2
+static krb5_error_code
+hash_sha256(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_sha256(), data, num_data, output);
+}
+
+static krb5_error_code
+hash_sha384(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
+{
+    return hash_evp(EVP_sha384(), data, num_data, output);
+}
+
+const struct krb5_hash_provider krb5int_hash_sha256 = {
+    "SHA-256", 32, 64, hash_sha256
+};
+
+const struct krb5_hash_provider krb5int_hash_sha384 = {
+    "SHA-384", 48, 128, hash_sha384
+};
+#endif
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/hmac.c b/krb5-1.21.3/src/lib/crypto/openssl/hmac.c
new file mode 100644
index 00000000..bf12b8d6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/hmac.c
@@ -0,0 +1,231 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/hmac.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_HMAC
+
+#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#else
+#include <openssl/hmac.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/* OpenSSL 1.1 makes HMAC_CTX opaque, while 1.0 does not have pointer
+ * constructors or destructors. */
+
+#define HMAC_CTX_new compat_hmac_ctx_new
+static HMAC_CTX *
+compat_hmac_ctx_new()
+{
+    HMAC_CTX *ctx;
+
+    ctx = calloc(1, sizeof(*ctx));
+    if (ctx != NULL)
+        HMAC_CTX_init(ctx);
+    return ctx;
+}
+
+#define HMAC_CTX_free compat_hmac_ctx_free
+static void
+compat_hmac_ctx_free(HMAC_CTX *ctx)
+{
+    HMAC_CTX_cleanup(ctx);
+    free(ctx);
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+/*
+ * the HMAC transform looks like:
+ *
+ * H(K XOR opad, H(K XOR ipad, text))
+ *
+ * where H is a cryptographic hash
+ * K is an n byte key
+ * ipad is the byte 0x36 repeated blocksize times
+ * opad is the byte 0x5c repeated blocksize times
+ * and text is the data being protected
+ */
+
+static const EVP_MD *
+map_digest(const struct krb5_hash_provider *hash)
+{
+    if (hash == &krb5int_hash_sha1)
+        return EVP_sha1();
+    else if (hash == &krb5int_hash_sha256)
+        return EVP_sha256();
+    else if (hash == &krb5int_hash_sha384)
+        return EVP_sha384();
+    else if (hash == &krb5int_hash_md5)
+        return EVP_md5();
+    else if (hash == &krb5int_hash_md4)
+        return EVP_md4();
+    else
+        return NULL;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+krb5_error_code
+krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
+{
+    int ok;
+    const EVP_MD *md = map_digest(hash);
+    EVP_MAC *mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    OSSL_PARAM params[2], *p = params;
+    size_t i = 0, md_len;
+
+    if (md == NULL || keyblock->length > hash->blocksize)
+        return KRB5_CRYPTO_INTERNAL;
+    if (output->length < hash->hashsize)
+        return KRB5_BAD_MSIZE;
+
+    mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (mac == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    ctx = EVP_MAC_CTX_new(mac);
+    if (ctx == NULL) {
+        ok = 0;
+        goto cleanup;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
+                                            (char *)EVP_MD_get0_name(md), 0);
+    *p = OSSL_PARAM_construct_end();
+
+    ok = EVP_MAC_init(ctx, keyblock->contents, keyblock->length, params);
+    for (i = 0; ok && i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+        if (!SIGN_IOV(iov))
+            continue;
+        ok = EVP_MAC_update(ctx, (uint8_t *)iov->data.data, iov->data.length);
+    }
+    ok = ok && EVP_MAC_final(ctx, (uint8_t *)output->data, &md_len,
+                             output->length);
+    if (!ok)
+        goto cleanup;
+    output->length = md_len;
+
+cleanup:
+    EVP_MAC_free(mac);
+    EVP_MAC_CTX_free(ctx);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+krb5_error_code
+krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
+{
+    unsigned int i = 0, md_len = 0, ok;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    HMAC_CTX *ctx;
+    size_t hashsize, blocksize;
+
+    hashsize = hash->hashsize;
+    blocksize = hash->blocksize;
+
+    if (keyblock->length > blocksize)
+        return(KRB5_CRYPTO_INTERNAL);
+    if (output->length < hashsize)
+        return(KRB5_BAD_MSIZE);
+
+    if (!map_digest(hash))
+        return(KRB5_CRYPTO_INTERNAL); // unsupported alg
+
+    ctx = HMAC_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+
+    ok = HMAC_Init_ex(ctx, keyblock->contents, keyblock->length,
+                      map_digest(hash), NULL);
+    for (i = 0; ok && i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov))
+            ok = HMAC_Update(ctx, (uint8_t *)iov->data.data, iov->data.length);
+    }
+    if (ok)
+        ok = HMAC_Final(ctx, md, &md_len);
+    if (ok && md_len <= output->length) {
+        output->length = md_len;
+        memcpy(output->data, md, output->length);
+    }
+    HMAC_CTX_free(ctx);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+krb5_error_code
+krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
+             const krb5_crypto_iov *data, size_t num_data,
+             krb5_data *output)
+{
+    return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output);
+}
+
+#endif /* K5_OPENSSL_HMAC */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/kdf.c b/krb5-1.21.3/src/lib/crypto/openssl/kdf.c
new file mode 100644
index 00000000..41e845ea
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/kdf.c
@@ -0,0 +1,237 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2021 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_KDF
+
+#include <openssl/core_names.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+static char *
+hash_name(const struct krb5_hash_provider *hash)
+{
+    if (hash == &krb5int_hash_sha1)
+        return "SHA1";
+    if (hash == &krb5int_hash_sha256)
+        return "SHA256";
+    if (hash == &krb5int_hash_sha384)
+        return "SHA384";
+    return NULL;
+}
+
+static char *
+enc_name(const struct krb5_enc_provider *enc)
+{
+    if (enc == &krb5int_enc_camellia128)
+        return "CAMELLIA-128-CBC";
+    if (enc == &krb5int_enc_camellia256)
+        return "CAMELLIA-256-CBC";
+    if (enc == &krb5int_enc_aes128)
+        return "AES-128-CBC";
+    if (enc == &krb5int_enc_aes256)
+        return "AES-256-CBC";
+    if (enc == &krb5int_enc_des3)
+        return "DES-EDE3-CBC";
+    return NULL;
+}
+
+krb5_error_code
+k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash,
+                          krb5_key key, const krb5_data *label,
+                          const krb5_data *context, krb5_data *rnd_out)
+{
+    krb5_error_code ret;
+    EVP_KDF *kdf = NULL;
+    EVP_KDF_CTX *kctx = NULL;
+    OSSL_PARAM params[6], *p = params;
+    char *digest;
+
+    digest = hash_name(hash);
+    if (digest == NULL) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+    if (!kdf) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    kctx = EVP_KDF_CTX_new(kdf);
+    if (!kctx) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                            OSSL_MAC_NAME_HMAC, 0);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             key->keyblock.contents,
+                                             key->keyblock.length);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                             context->data, context->length);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                             label->data, label->length);
+    *p = OSSL_PARAM_construct_end();
+    if (EVP_KDF_derive(kctx, (uint8_t *)rnd_out->data, rnd_out->length,
+                       params) <= 0) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    ret = 0;
+done:
+    if (ret)
+        zap(rnd_out->data, rnd_out->length);
+    EVP_KDF_free(kdf);
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
+krb5_error_code
+k5_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, krb5_key key,
+                           const krb5_data *label, krb5_data *rnd_out)
+{
+    krb5_error_code ret;
+    EVP_KDF *kdf = NULL;
+    EVP_KDF_CTX *kctx = NULL;
+    OSSL_PARAM params[7], *p = params;
+    char *cipher;
+    static uint8_t zeroes[16];
+
+    memset(zeroes, 0, sizeof(zeroes));
+
+    cipher = enc_name(enc);
+    if (cipher == NULL) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
+    if (!kdf) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    kctx = EVP_KDF_CTX_new(kdf);
+    if (!kctx) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
+                                            "FEEDBACK", 0);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
+                                            OSSL_MAC_NAME_CMAC, 0);
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             key->keyblock.contents,
+                                             key->keyblock.length);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+                                             label->data, label->length);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+                                             zeroes, sizeof(zeroes));
+    *p = OSSL_PARAM_construct_end();
+    if (EVP_KDF_derive(kctx, (uint8_t *)rnd_out->data, rnd_out->length,
+                       params) <= 0) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    ret = 0;
+done:
+    if (ret)
+        zap(rnd_out->data, rnd_out->length);
+    EVP_KDF_free(kdf);
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
+krb5_error_code
+k5_derive_random_rfc3961(const struct krb5_enc_provider *enc, krb5_key key,
+                         const krb5_data *constant, krb5_data *rnd_out)
+{
+    krb5_error_code ret;
+    EVP_KDF *kdf = NULL;
+    EVP_KDF_CTX *kctx = NULL;
+    OSSL_PARAM params[4], *p = params;
+    char *cipher;
+
+    if (key->keyblock.length != enc->keylength ||
+        rnd_out->length != enc->keybytes) {
+        return KRB5_CRYPTO_INTERNAL;
+    }
+
+    cipher = enc_name(enc);
+    if (cipher == NULL) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
+    if (kdf == NULL) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    kctx = EVP_KDF_CTX_new(kdf);
+    if (kctx == NULL) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             key->keyblock.contents,
+                                             key->keyblock.length);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
+                                             constant->data, constant->length);
+    *p = OSSL_PARAM_construct_end();
+    if (EVP_KDF_derive(kctx, (uint8_t *)rnd_out->data, rnd_out->length,
+                       params) <= 0) {
+        ret = KRB5_CRYPTO_INTERNAL;
+        goto done;
+    }
+
+    ret = 0;
+done:
+    if (ret)
+        zap(rnd_out->data, rnd_out->length);
+    EVP_KDF_free(kdf);
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
+#endif /* K5_OPENSSL_KDF */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/pbkdf2.c b/krb5-1.21.3/src/lib/crypto/openssl/pbkdf2.c
new file mode 100644
index 00000000..b8c8de9e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/pbkdf2.c
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/pbkdf2.c */
+/*
+ * Copyright 2002, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_HMAC
+
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+krb5_error_code
+krb5int_pbkdf2_hmac(const struct krb5_hash_provider *hash,
+                    const krb5_data *out, unsigned long count,
+                    const krb5_data *pass, const krb5_data *salt)
+{
+    const EVP_MD *md = NULL;
+    int ok;
+
+    /* Get the message digest handle corresponding to the hash. */
+    if (hash == &krb5int_hash_sha1)
+        md = EVP_sha1();
+    else if (hash == &krb5int_hash_sha256)
+        md = EVP_sha256();
+    else if (hash == &krb5int_hash_sha384)
+        md = EVP_sha384();
+    if (md == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+
+    ok = PKCS5_PBKDF2_HMAC(pass->data, pass->length,
+                           (unsigned char *)salt->data, salt->length, count,
+                           md, out->length, (unsigned char *)out->data);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#endif /* K5_OPENSSL_HMAC */
diff --git a/krb5-1.21.3/src/lib/crypto/openssl/sha256.c b/krb5-1.21.3/src/lib/crypto/openssl/sha256.c
new file mode 100644
index 00000000..855ebd7e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/crypto/openssl/sha256.c
@@ -0,0 +1,64 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/openssl/sha256.c - k5_sha256() implementation */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto_int.h"
+
+#ifdef K5_OPENSSL_SHA2
+
+#include <openssl/evp.h>
+
+/* 1.1 standardizes constructor and destructor names, renaming
+ * EVP_MD_CTX_create and EVP_MD_CTX_destroy. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
+krb5_error_code
+k5_sha256(const krb5_data *in, size_t n, uint8_t out[K5_SHA256_HASHLEN])
+{
+    EVP_MD_CTX *ctx;
+    size_t i;
+    int ok;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+    ok = EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
+    for (i = 0; i < n; i++)
+        ok = ok && EVP_DigestUpdate(ctx, in[i].data, in[i].length);
+    ok = ok && EVP_DigestFinal_ex(ctx, out, NULL);
+    EVP_MD_CTX_free(ctx);
+    return ok ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+#endif
diff --git a/krb5-1.21.3/src/lib/deps b/krb5-1.21.3/src/lib/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/lib/gssapi/LICENSE b/krb5-1.21.3/src/lib/gssapi/LICENSE
new file mode 100644
index 00000000..612f8ad6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/LICENSE
@@ -0,0 +1,91 @@
+[ NOTE: MIT has only incorporated the mechglue and spnego change, and
+not the incremental propagation changes.  The filenames are different
+between the Sun and MIT sources.  The actual MIT filenames appear in
+the top-level README file.  Original text of Sun's LICENSE file
+follows. ]
+
+Subject to the license set forth below, Sun Microsystems, Inc. donates
+the attached files to MIT for the purpose of including these
+modifications and additions in future versions of the Kerberos system.
+
+Many of the files attached are subject to licenses issued by other
+entities, including OpenVision, MIT, and FundsXpress.  See the
+individual files, and/or related Readme files, for these licenses.
+
+In addition Sun requires that the license set forth below be
+incorporated into any future version of the Kerberos system which
+contains portions of the files attached.  The following files must be
+listed, in the top level Readme file, as being provided subject to such
+license:
+
+cmd/krb5/iprop/iprop.x
+cmd/krb5/iprop/iprop_hdr.h
+cmd/krb5/kadmin/server/ipropd_svc.c
+cmd/krb5/kproplog/kproplog.c
+cmd/krb5/slave/kpropd_rpc.c
+lib/gss_mechs/mech_krb5/et/kdb5_err.c
+lib/gss_mechs/mech_spnego/mech/gssapiP_spnego.h
+lib/gss_mechs/mech_spnego/mech/spnego_mech.c
+lib/krb5/kadm5/kadm_host_srv_names.c
+lib/krb5/kdb/kdb_convert.c
+lib/krb5/kdb/kdb_hdr.h
+lib/krb5/kdb/kdb_log.c
+lib/krb5/kdb/kdb_log.h
+lib/libgss/g_accept_sec_context.c
+lib/libgss/g_acquire_cred.c
+lib/libgss/g_canon_name.c
+lib/libgss/g_compare_name.c
+lib/libgss/g_context_time.c
+lib/libgss/g_delete_sec_context.c
+lib/libgss/g_dsp_name.c
+lib/libgss/g_dsp_status.c
+lib/libgss/g_dup_name.c
+lib/libgss/g_exp_sec_context.c
+lib/libgss/g_export_name.c
+lib/libgss/g_glue.c
+lib/libgss/g_imp_name.c
+lib/libgss/g_imp_sec_context.c
+lib/libgss/g_init_sec_context.c
+lib/libgss/g_initialize.c
+lib/libgss/g_inquire_context.c
+lib/libgss/g_inquire_cred.c
+lib/libgss/g_inquire_names.c
+lib/libgss/g_process_context.c
+lib/libgss/g_rel_buffer.c
+lib/libgss/g_rel_cred.c
+lib/libgss/g_rel_name.c
+lib/libgss/g_rel_oid_set.c
+lib/libgss/g_seal.c
+lib/libgss/g_sign.c
+lib/libgss/g_store_cred.c
+lib/libgss/g_unseal.c
+lib/libgss/g_userok.c
+lib/libgss/g_utils.c
+lib/libgss/g_verify.c
+lib/libgss/gssd_pname_to_uid.c
+uts/common/gssapi/include/gssapi_err_generic.h
+uts/common/gssapi/include/mechglueP.h
+
+Sun's License is as follows:
+
+Copyright (c) 2004 Sun Microsystems, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/krb5-1.21.3/src/lib/gssapi/Makefile.in b/krb5-1.21.3/src/lib/gssapi/Makefile.in
new file mode 100644
index 00000000..46a9a6bc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/Makefile.in
@@ -0,0 +1,104 @@
+mydir=lib$(S)gssapi
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS= generic krb5 spnego mechglue
+DEFINES=-D_GSS_STATIC_LINK=1
+
+##DOSLIBNAME=$(OUTPRE)gssapi.lib
+##DOSOBJFILELIST=@$(OUTPRE)mechglue.lst @$(OUTPRE)spnego.lst @$(OUTPRE)generic.lst @$(OUTPRE)krb5.lst # @$(OUTPRE)gssapi.lst
+##DOSOBJFILEDEP=$(OUTPRE)mechglue.lst $(OUTPRE)spnego.lst $(OUTPRE)generic.lst $(OUTPRE)krb5.lst # $(OUTPRE)gssapi.lst
+
+###DOSOBJFILE=$(OUTPRE)gssapi.lst
+##DOSLIBOBJS=$(OBJS)
+
+##DOS##DLL_EXP_TYPE=GSS
+
+LOCALINCLUDES = -Igeneric -I$(srcdir)/generic -Ikrb5 -I$(srcdir)/krb5 -I$(srcdir)/mechglue
+STLIBOBJS=
+
+OBJS=
+SRCS=
+
+LIBBASE=gssapi_krb5
+LIBMAJOR=2
+LIBMINOR=2
+#LIBINITFUNC=gssint_lib_init
+#LIBFINIFUNC=gssint_lib_fini
+SUBDIROBJLISTS=generic/OBJS.ST mechglue/OBJS.ST krb5/OBJS.ST spnego/OBJS.ST
+STOBJLISTS=OBJS.ST $(SUBDIROBJLISTS)
+SHLIB_EXPDEPS=\
+	$(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) $(COM_ERR_DEPLIB)
+SHLIB_EXPLIBS=-lkrb5 -lk5crypto $(COM_ERR_LIB) $(SUPPORT_LIB) $(DL_LIB) $(LIBS)
+RELDIR=gssapi
+
+all-unix: all-liblinks @MAINT@ verify-calling-conventions-gssapi
+
+install-unix: install-libs
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs clean-misc-unix
+
+clean-windows::
+	$(RM) gssapi.lib gssapi.bak
+
+clean-misc-unix: clean-recurse
+	$(RM) merged-gssapi-header.h
+	$(RM) -r $(EHDRDIR)
+
+EHDRDIR=$(BUILDTOP)$(S)include$(S)gssapi
+EXPORTED_HEADERS= \
+	$(EHDRDIR)$(S)gssapi_krb5.h \
+	$(EHDRDIR)$(S)gssapi_generic.h \
+	$(EHDRDIR)$(S)gssapi.h \
+	$(EHDRDIR)$(S)gssapi_alloc.h \
+	$(EHDRDIR)$(S)gssapi_ext.h
+merged-gssapi-header.h: $(EXPORTED_HEADERS)
+	cat $(EXPORTED_HEADERS) > merged.tmp
+	$(MV) merged.tmp merged-gssapi-header.h
+verify-calling-conventions-gssapi: merged-gssapi-header.h
+	$(PERL) -w $(top_srcdir)/util/def-check.pl merged-gssapi-header.h $(srcdir)/../gssapi32.def
+
+# These rules are an attempt to handle several different problems:
+#
+# Certain files in subdirectories must be made current by the
+# recursion step before we can build files in this directory that
+# depend on them.  Existing but out-of-date versions must not be used.
+#
+# In a parallel make, nothing should be built more than once.  This
+# effect can be exaggerated for testing by sticking "sleep 5" into the
+# rules for generating the files in subdirectories.  For example, in
+# between testing for a directory and creating it -- do you then get
+# mkdir complaining that the directory exists?  Adding the sleep
+# command may also exaggerate the build-with-outdated-headers problem,
+# by causing the timestamp on the newly generated header to be several
+# seconds newer than object files built with its old version, even on
+# fast machines where the UNIX filesystem's one-second granularity
+# would mask the problem.
+#
+# We must not cause these files to always be considered newly updated
+# when it comes time to build the object files in this directory.
+# Otherwise, we wind up recompiling some files every time we run make.
+
+# This set of rules fails the parallel make case; it can build
+# gssapi-include and all-recurse at the same time, and both will
+# create include/gssapi and gssapi.h.
+#$(BUILDTOP)/include/gssapi/gssapi.h: generic/gssapi.h
+#	(cd generic && $(MAKE) gssapi-include)
+#generic/gssapi.h: generic/gssapi.hin
+#	(cd generic && $(MAKE) gssapi.h)
+#generic/gssapi_err_generic.h: generic/gssapi_err_generic.et
+#	(cd generic && $(MAKE) gssapi_err_generic.h)
+#krb5/gssapi_err_krb5.h: krb5/gssapi_err_krb5.et
+#	(cd krb5 && $(MAKE) gssapi_err_krb5.h)
+
+# This version, without the no-op command to run, reportedly caused
+# repeated rebuilds in certain cases.  With the no-op command, it
+# appears to be properly serializing the subdir processing and local
+# compiles... so far.
+##DOS##!if 0
+$(EXPORTED_HEADERS) generic/gssapi.h krb5/gssapi_err_krb5.h generic/gssapi_err_generic.h krb5/gssapi_krb5.h: all-recurse
+	: $@ updated by recursion rule
+##DOS##!endif
+
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/gssapi/README_SAMPLE_APP b/krb5-1.21.3/src/lib/gssapi/README_SAMPLE_APP
new file mode 100644
index 00000000..c26bb09a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/README_SAMPLE_APP
@@ -0,0 +1,4 @@
+A sample GSS-API client and server application can be found in the
+directory ./appl/gss-sample in this distribution.  Read the file
+./appl/gss-sample/README for information on how it works and how to
+build it.
diff --git a/krb5-1.21.3/src/lib/gssapi/deps b/krb5-1.21.3/src/lib/gssapi/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/Makefile.in b/krb5-1.21.3/src/lib/gssapi/generic/Makefile.in
new file mode 100644
index 00000000..1a95a7d3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/Makefile.in
@@ -0,0 +1,172 @@
+mydir=lib$(S)gssapi$(S)generic
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=generic
+##DOS##OBJFILE=..\$(OUTPRE)generic.lst
+
+##DOS##DLL_EXP_TYPE=GSS
+
+ETSRCS= gssapi_err_generic.c
+ETOBJS= $(OUTPRE)gssapi_err_generic.$(OBJEXT)
+ETHDRS= gssapi_err_generic.h
+
+EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi
+
+HDRS=	$(EHDRDIR)$(S)gssapi.h \
+	$(EHDRDIR)$(S)gssapi_generic.h \
+	$(EHDRDIR)$(S)gssapi_alloc.h \
+	$(EHDRDIR)$(S)gssapi_ext.h
+
+MK_EHDRDIR=if test -d $(EHDRDIR); then :; else (set -x; mkdir $(EHDRDIR)); fi
+##DOS##MK_EHDRDIR=rem
+
+gssapi-include: $(EHDRDIR)$(S)gssapi.h
+
+$(EHDRDIR)$(S)gssapi.h: $(EHDRDIR)$(S)timestamp gssapi.h
+	$(CP) gssapi.h $@
+$(EHDRDIR)$(S)gssapi_generic.h: $(EHDRDIR)$(S)timestamp $(srcdir)$(S)gssapi_generic.h
+	$(CP) $(srcdir)$(S)gssapi_generic.h $@
+$(EHDRDIR)$(S)gssapi_alloc.h: $(EHDRDIR)$(S)timestamp $(srcdir)$(S)gssapi_alloc.h
+	$(CP) $(srcdir)$(S)gssapi_alloc.h $@
+$(EHDRDIR)$(S)gssapi_ext.h: $(EHDRDIR)$(S)timestamp $(srcdir)$(S)gssapi_ext.h
+	$(CP) $(srcdir)$(S)gssapi_ext.h $@
+
+$(EHDRDIR)$(S)timestamp:
+	$(MK_EHDRDIR)
+	echo timestamp > $(EHDRDIR)$(S)timestamp
+
+$(OUTPRE)gssapi_err_generic.$(OBJEXT): gssapi_err_generic.c
+gssapi_err_generic.h: gssapi_err_generic.et
+gssapi_err_generic.c: gssapi_err_generic.et
+
+##DOS##!if 0
+include_xom=@include_xom@
+##DOS##include_xom=rem
+gssapi.h: gssapi.hin
+	@echo "Creating gssapi.h" ; \
+	h=gss$$$$; $(RM) $$h; \
+	(echo "/* This is the gssapi.h prologue. */"; \
+	$(include_xom) && \
+	echo "/* End of gssapi.h prologue. */"&& \
+	cat $(srcdir)/gssapi.hin )> $$h && \
+	(set -x; $(MV) $$h $@) ; e=$$?; $(RM) $$h; exit $$e
+##DOS##!endif
+##DOS##gssapi.h: gssapi.hin
+##DOS##	$(CP) $** $@
+
+SRCS = \
+	$(srcdir)/disp_com_err_status.c \
+	$(srcdir)/disp_major_status.c \
+	$(srcdir)/gssapi_generic.c \
+	$(srcdir)/oid_ops.c \
+	$(srcdir)/rel_buffer.c \
+	$(srcdir)/rel_oid_set.c \
+	$(srcdir)/util_buffer.c \
+	$(srcdir)/util_buffer_set.c \
+	$(srcdir)/util_errmap.c \
+	$(srcdir)/util_set.c \
+	$(srcdir)/util_seqstate.c \
+	$(srcdir)/util_token.c \
+	gssapi_err_generic.c
+
+EXTRADEPSRCS = t_seqstate.c
+
+OBJS = \
+	$(OUTPRE)disp_com_err_status.$(OBJEXT) \
+	$(OUTPRE)disp_major_status.$(OBJEXT) \
+	$(OUTPRE)gssapi_generic.$(OBJEXT) \
+	$(OUTPRE)oid_ops.$(OBJEXT) \
+	$(OUTPRE)rel_buffer.$(OBJEXT) \
+	$(OUTPRE)rel_oid_set.$(OBJEXT) \
+	$(OUTPRE)util_buffer.$(OBJEXT) \
+	$(OUTPRE)util_buffer_set.$(OBJEXT) \
+	$(OUTPRE)util_errmap.$(OBJEXT) \
+	$(OUTPRE)util_set.$(OBJEXT) \
+	$(OUTPRE)util_seqstate.$(OBJEXT) \
+	$(OUTPRE)util_token.$(OBJEXT) \
+	$(OUTPRE)gssapi_err_generic.$(OBJEXT)
+
+STLIBOBJS = \
+	disp_com_err_status.o \
+	disp_major_status.o \
+	gssapi_generic.o \
+	oid_ops.o \
+	rel_buffer.o \
+	rel_oid_set.o \
+	util_buffer.o \
+	util_buffer_set.o \
+	util_errmap.o \
+	util_set.o \
+	util_seqstate.o \
+	util_token.o \
+	gssapi_err_generic.o
+
+EXPORTED_HEADERS= gssapi_generic.h  gssapi_ext.h gssapi_alloc.h
+EXPORTED_BUILT_HEADERS= gssapi.h
+
+$(OBJS): $(EXPORTED_HEADERS) $(ETHDRS)
+
+all-unix: $(EXPORTED_HEADERS) $(ETHDRS) $(HDRS)
+all-unix: all-libobjs
+
+errmap.h: $(top_srcdir)/util/gen.pl $(top_srcdir)/util/t_array.pm \
+		$(top_srcdir)/util/t_bimap.pm
+	$(PERL) -w -I$(top_srcdir)/util $(top_srcdir)/util/gen.pl bimap \
+		errmap.h \
+		NAME=mecherrmap LEFT=OM_uint32 RIGHT="struct mecherror" \
+		LEFTPRINT=print_OM_uint32 RIGHTPRINT=mecherror_print \
+		LEFTCMP=cmp_OM_uint32 RIGHTCMP=mecherror_cmp
+
+maptest.h: $(top_srcdir)/util/gen.pl $(top_srcdir)/util/t_array.pm \
+		$(top_srcdir)/util/t_bimap.pm
+	$(PERL) -w -I$(top_srcdir)/util $(top_srcdir)/util/gen.pl bimap \
+		maptest.h \
+		NAME=foo LEFT=int RIGHT=elt LEFTPRINT=intprt \
+		RIGHTPRINT=eltprt LEFTCMP=intcmp RIGHTCMP=eltcmp
+maptest.o: maptest.c maptest.h
+maptest: maptest.o
+	$(CC_LINK) -o maptest maptest.o
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-windows: win-create-ehdrdir
+all-windows: $(HDRS)
+
+win-create-ehdrdir:
+	if not exist $(EHDRDIR)\nul mkdir $(EHDRDIR)
+
+clean-unix:: clean-libobjs
+	$(RM) $(ETHDRS) $(ETSRCS) $(HDRS) $(EXPORTED_BUILT_HEADERS) \
+		$(EHDRDIR)$(S)timestamp errmap.h maptest.h
+	$(RM) t_seqstate.o t_seqstate
+
+clean-windows::
+	$(RM) $(HDRS) maptest.h
+	-if exist $(EHDRDIR)\nul rmdir $(EHDRDIR)
+
+t_seqstate: t_seqstate.o util_seqstate.o $(SUPPORT_DEPLIB)
+	$(CC_LINK) $(ALL_CFLAGS) -o $@ t_seqstate.o util_seqstate.o \
+		$(SUPPORT_LIB)
+
+check-unix: t_seqstate
+	$(RUN_TEST) ./t_seqstate
+
+generate-files-mac: gssapi.h errmap.h
+
+# Krb5InstallHeaders($(EXPORTED_HEADERS), $(KRB5_INCDIR)/krb5)
+install-headers-unix install: gssapi.h
+	@set -x; for f in $(EXPORTED_HEADERS) ; \
+	do $(INSTALL_DATA) $(srcdir)/$$f	\
+		$(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \
+	done
+	@set -x; for f in $(EXPORTED_BUILT_HEADERS) ; \
+	do $(INSTALL_DATA) $$f	\
+		$(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \
+	done
+
+depend: $(ETSRCS) $(ETHDRS) $(HDRS) errmap.h maptest.h
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/deps b/krb5-1.21.3/src/lib/gssapi/generic/deps
new file mode 100644
index 00000000..0f090925
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/deps
@@ -0,0 +1,97 @@
+#
+# Generated makefile dependencies follow.
+#
+disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h disp_com_err_status.c \
+  gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+  gssapi_generic.h
+disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h disp_major_status.c \
+  gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+  gssapi_generic.h
+gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.c \
+  gssapi_generic.h
+oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  oid_ops.c
+rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  rel_buffer.c
+rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  rel_oid_set.c
+util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_buffer.c
+util_buffer_set.so util_buffer_set.po $(OUTPRE)util_buffer_set.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_buffer_set.c
+util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  errmap.h gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+  gssapi_generic.h util_errmap.c
+util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_set.c
+util_seqstate.so util_seqstate.po $(OUTPRE)util_seqstate.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_seqstate.c
+util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-der.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_token.c
+gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT): \
+  $(COM_ERR_DEPS) gssapi_err_generic.c
+t_seqstate.so t_seqstate.po $(OUTPRE)t_seqstate.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(COM_ERR_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  t_seqstate.c
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/disp_com_err_status.c b/krb5-1.21.3/src/lib/gssapi/generic/disp_com_err_status.c
new file mode 100644
index 00000000..bc416107
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/disp_com_err_status.c
@@ -0,0 +1,62 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+#include "com_err.h"
+
+/* XXXX internationalization!! */
+
+/**/
+
+static const char * const no_error = "No error";
+
+/**/
+
+/* if status_type == GSS_C_GSS_CODE, return up to three error messages,
+   for routine errors, call error, and status, in that order.
+   message_context == 0 : print the routine error
+   message_context == 1 : print the calling error
+   message_context > 2  : print supplementary info bit (message_context-2)
+   if status_type == GSS_C_MECH_CODE, return the output from error_message()
+*/
+
+OM_uint32
+g_display_com_err_status(OM_uint32 *minor_status, OM_uint32 status_value,
+                         gss_buffer_t status_string)
+{
+    status_string->length = 0;
+    status_string->value = NULL;
+
+    if (! g_make_string_buffer(((status_value == 0)?no_error:
+                                error_message(status_value)),
+                               status_string)) {
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/disp_major_status.c b/krb5-1.21.3/src/lib/gssapi/generic/disp_major_status.c
new file mode 100644
index 00000000..848af8fa
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/disp_major_status.c
@@ -0,0 +1,301 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_generic.h"
+#include <string.h>
+#include <stdio.h>
+
+/*
+ * $Id$
+ */
+
+/* This code has knowledge of the min and max errors of each type
+   within the gssapi major status */
+
+#define GSS_ERROR_STR(value, array, select, min, max, num)              \
+    (((select(value) < (min)) || (select(value) > (max))) ? NULL :      \
+     _((array)[num(value)]))
+
+/**/
+
+static const char * const calling_error_string[] = {
+    NULL,
+    N_("A required input parameter could not be read"),
+    N_("A required input parameter could not be written"),
+    N_("A parameter was malformed"),
+};
+
+static const char * const calling_error = N_("calling error");
+
+#define GSS_CALLING_ERROR_STR(x)                                        \
+    GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR,         \
+                  GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
+                  GSS_CALLING_ERROR_FIELD)
+
+/**/
+
+static const char * const routine_error_string[] = {
+    NULL,
+    N_("An unsupported mechanism was requested"),
+    N_("An invalid name was supplied"),
+    N_("A supplied name was of an unsupported type"),
+    N_("Incorrect channel bindings were supplied"),
+    N_("An invalid status code was supplied"),
+    N_("A token had an invalid signature"),
+    N_("No credentials were supplied"),
+    N_("No context has been established"),
+    N_("A token was invalid"),
+    N_("A credential was invalid"),
+    N_("The referenced credentials have expired"),
+    N_("The context has expired"),
+    N_("Miscellaneous failure"),
+    N_("The quality-of-protection requested could not be provided"),
+    N_("The operation is forbidden by the local security policy"),
+    N_("The operation or option is not available"),
+};
+
+static const char * const routine_error = N_("routine error");
+
+#define GSS_ROUTINE_ERROR_STR(x)                                \
+    GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
+                  GSS_S_BAD_MECH, GSS_S_FAILURE,                \
+                  GSS_ROUTINE_ERROR_FIELD)
+
+/**/
+
+/* this becomes overly gross after about 4 strings */
+
+static const char * const sinfo_string[] = {
+    N_("The routine must be called again to complete its function"),
+    N_("The token was a duplicate of an earlier token"),
+    N_("The token's validity period has expired"),
+    N_("A later token has already been processed"),
+};
+
+static const char * const sinfo_code = N_("supplementary info code");
+
+#define LSBGET(x) ((((x)^((x)-1))+1)>>1)
+#define LSBMASK(n) ((1<<(n))^((1<<(n))-1))
+
+#define GSS_SINFO_STR(x)                                                \
+    ((((1<<(x)) < GSS_S_CONTINUE_NEEDED) || ((1<<(x)) > GSS_S_UNSEQ_TOKEN)) ? \
+     /**/NULL:sinfo_string[(x)])
+
+/**/
+
+static const char * const no_error = N_("No error");
+static const char * const unknown_error = N_("Unknown %s (field = %d)");
+
+/**/
+
+static int
+display_unknown(const char *kind, OM_uint32 value, gss_buffer_t buffer)
+{
+    char *str;
+
+    if (asprintf(&str, _(unknown_error), kind, value) < 0)
+        return(0);
+
+    buffer->length = strlen(str);
+    buffer->value = str;
+
+    return(1);
+}
+
+/* code should be set to the calling error field */
+
+static OM_uint32
+display_calling(OM_uint32 *minor_status, OM_uint32 code,
+                gss_buffer_t status_string)
+{
+    const char *str;
+
+    if ((str = GSS_CALLING_ERROR_STR(code))) {
+        if (! g_make_string_buffer(str, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    } else {
+        if (! display_unknown(_(calling_error), GSS_CALLING_ERROR_FIELD(code),
+                              status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+
+/* code should be set to the routine error field */
+
+static OM_uint32
+display_routine(OM_uint32 *minor_status, OM_uint32 code,
+                gss_buffer_t status_string)
+{
+    const char *str;
+
+    if ((str = GSS_ROUTINE_ERROR_STR(code))) {
+        if (! g_make_string_buffer(str, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    } else {
+        if (! display_unknown(_(routine_error), GSS_ROUTINE_ERROR_FIELD(code),
+                              status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+
+/* code should be set to the bit offset (log_2) of a supplementary info bit */
+
+static OM_uint32
+display_bit(OM_uint32 *minor_status, OM_uint32 code,
+            gss_buffer_t status_string)
+{
+    const char *str;
+
+    if ((str = GSS_SINFO_STR(code))) {
+        if (! g_make_string_buffer(str, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    } else {
+        if (! display_unknown(_(sinfo_code), 1<<code, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+
+/**/
+
+/* return error messages, for routine errors, call error, and status,
+   in that order.
+   message_context == 0 : print the routine error
+   message_context == 1 : print the calling error
+   message_context > 2  : print supplementary info bit (message_context-2)
+*/
+
+OM_uint32
+g_display_major_status(OM_uint32 *minor_status, OM_uint32 status_value,
+                       OM_uint32 *message_context, gss_buffer_t status_string)
+{
+    OM_uint32 ret, tmp;
+    int bit;
+
+    /*** deal with no error at all specially */
+
+    if (status_value == 0) {
+        if (! g_make_string_buffer(no_error, status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+        *message_context = 0;
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    }
+
+    /*** do routine error */
+
+    if (*message_context == 0) {
+        if ((tmp = GSS_ROUTINE_ERROR(status_value))) {
+            status_value -= tmp;
+            if ((ret = display_routine(minor_status, tmp, status_string)))
+                return(ret);
+            *minor_status = 0;
+            if (status_value) {
+                (*message_context)++;
+                return(GSS_S_COMPLETE);
+            } else {
+                *message_context = 0;
+                return(GSS_S_COMPLETE);
+            }
+        } else {
+            (*message_context)++;
+        }
+    } else {
+        status_value -= GSS_ROUTINE_ERROR(status_value);
+    }
+
+    /*** do calling error */
+
+    if (*message_context == 1) {
+        if ((tmp = GSS_CALLING_ERROR(status_value))) {
+            status_value -= tmp;
+            if ((ret = display_calling(minor_status, tmp, status_string)))
+                return(ret);
+            *minor_status = 0;
+            if (status_value) {
+                (*message_context)++;
+                return(GSS_S_COMPLETE);
+            } else {
+                *message_context = 0;
+                return(GSS_S_COMPLETE);
+            }
+        } else {
+            (*message_context)++;
+        }
+    } else {
+        status_value -= GSS_CALLING_ERROR(status_value);
+    }
+
+    /*** do sinfo bits (*message_context == 2 + number of bits done) */
+
+    tmp = GSS_SUPPLEMENTARY_INFO_FIELD(status_value);
+    /* mask off the bits which have been done */
+    if (*message_context > 2) {
+        tmp &= ~LSBMASK(*message_context-3);
+        status_value &= ~LSBMASK(*message_context-3);
+    }
+
+    if (!tmp) {
+        /* bogon input - there should be something left */
+        *minor_status = (OM_uint32) G_BAD_MSG_CTX;
+        return(GSS_S_FAILURE);
+    }
+
+    /* compute the bit offset */
+    /*SUPPRESS 570*/
+    for (bit=0; (((OM_uint32) 1)<<bit) != LSBGET(tmp); bit++) ;
+
+    /* print it */
+    if ((ret = display_bit(minor_status, bit, status_string)))
+        return(ret);
+
+    /* compute the new status_value/message_context */
+    status_value -= ((OM_uint32) 1)<<bit;
+
+    if (status_value) {
+        *message_context = bit+3;
+        return(GSS_S_COMPLETE);
+    } else {
+        *message_context = 0;
+        return(GSS_S_COMPLETE);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapi.hin b/krb5-1.21.3/src/lib/gssapi/generic/gssapi.hin
new file mode 100644
index 00000000..767fb07b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapi.hin
@@ -0,0 +1,920 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPI_H_
+#define _GSSAPI_H_
+
+/*
+ * Determine platform-dependent configuration.
+ */
+
+#if defined(__MACH__) && defined(__APPLE__)
+#       include <TargetConditionals.h>
+#       if TARGET_RT_MAC_CFM
+#               error "Use KfM 4.0 SDK headers for CFM compilation."
+#       endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(push,2)
+#endif
+
+#if defined(_MSDOS) || defined(_WIN32)
+#include <win-mac.h>
+#endif
+
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif
+
+#include <stdint.h>
+
+/*
+ * First, include stddef.h to get size_t defined.
+ */
+#include <stddef.h>
+
+/*
+ * POSIX says that sys/types.h is where size_t is defined.
+ */
+#include <sys/types.h>
+
+/*
+ * $Id$
+ */
+
+/*
+ * First, define the three platform-dependent pointer types.
+ */
+
+struct gss_name_struct;
+typedef struct gss_name_struct * gss_name_t;
+
+struct gss_cred_id_struct;
+typedef struct gss_cred_id_struct * gss_cred_id_t;
+
+struct gss_ctx_id_struct;
+typedef struct gss_ctx_id_struct * gss_ctx_id_t;
+
+/*
+ * The following type must be defined as the smallest natural unsigned integer
+ * supported by the platform that has at least 32 bits of precision.
+ */
+typedef uint32_t gss_uint32;
+typedef int32_t gss_int32;
+
+#ifdef  OM_STRING
+/*
+ * We have included the xom.h header file.  Use the definition for
+ * OM_object identifier.
+ */
+typedef OM_object_identifier    gss_OID_desc, *gss_OID;
+#else   /* OM_STRING */
+/*
+ * We can't use X/Open definitions, so roll our own.
+ */
+typedef gss_uint32      OM_uint32;
+
+typedef struct gss_OID_desc_struct {
+    OM_uint32 length;
+    void *elements;
+} gss_OID_desc, *gss_OID;
+#endif  /* OM_STRING */
+
+typedef struct gss_OID_set_desc_struct  {
+    size_t  count;
+    gss_OID elements;
+} gss_OID_set_desc, *gss_OID_set;
+
+typedef struct gss_buffer_desc_struct {
+    size_t length;
+    void *value;
+} gss_buffer_desc, *gss_buffer_t;
+
+typedef struct gss_channel_bindings_struct {
+    OM_uint32 initiator_addrtype;
+    gss_buffer_desc initiator_address;
+    OM_uint32 acceptor_addrtype;
+    gss_buffer_desc acceptor_address;
+    gss_buffer_desc application_data;
+} *gss_channel_bindings_t;
+
+/*
+ * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing
+ * discussions).
+ */
+typedef OM_uint32       gss_qop_t;
+typedef int             gss_cred_usage_t;
+
+/*
+ * Flag bits for context-level services.
+ */
+#define GSS_C_DELEG_FLAG        1
+#define GSS_C_MUTUAL_FLAG       2
+#define GSS_C_REPLAY_FLAG       4
+#define GSS_C_SEQUENCE_FLAG     8
+#define GSS_C_CONF_FLAG         16
+#define GSS_C_INTEG_FLAG        32
+#define GSS_C_ANON_FLAG         64
+#define GSS_C_PROT_READY_FLAG   128
+#define GSS_C_TRANS_FLAG        256
+#define GSS_C_DELEG_POLICY_FLAG 32768
+
+/*
+ * Credential usage options
+ */
+#define GSS_C_BOTH      0
+#define GSS_C_INITIATE  1
+#define GSS_C_ACCEPT    2
+
+/*
+ * Status code types for gss_display_status
+ */
+#define GSS_C_GSS_CODE  1
+#define GSS_C_MECH_CODE 2
+
+/*
+ * The constant definitions for channel-bindings address families
+ */
+#define GSS_C_AF_UNSPEC     0
+#define GSS_C_AF_LOCAL      1
+#define GSS_C_AF_INET       2
+#define GSS_C_AF_IMPLINK    3
+#define GSS_C_AF_PUP        4
+#define GSS_C_AF_CHAOS      5
+#define GSS_C_AF_NS         6
+#define GSS_C_AF_NBS        7
+#define GSS_C_AF_ECMA       8
+#define GSS_C_AF_DATAKIT    9
+#define GSS_C_AF_CCITT      10
+#define GSS_C_AF_SNA        11
+#define GSS_C_AF_DECnet     12
+#define GSS_C_AF_DLI        13
+#define GSS_C_AF_LAT        14
+#define GSS_C_AF_HYLINK     15
+#define GSS_C_AF_APPLETALK  16
+#define GSS_C_AF_BSC        17
+#define GSS_C_AF_DSS        18
+#define GSS_C_AF_OSI        19
+#define GSS_C_AF_NETBIOS    20
+#define GSS_C_AF_X25        21
+
+#define GSS_C_AF_NULLADDR   255
+
+/*
+ * Various Null values.
+ */
+#define GSS_C_NO_NAME ((gss_name_t) 0)
+#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
+#define GSS_C_NO_OID ((gss_OID) 0)
+#define GSS_C_NO_OID_SET ((gss_OID_set) 0)
+#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
+#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
+#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
+#define GSS_C_EMPTY_BUFFER {0, NULL}
+
+/*
+ * Some alternate names for a couple of the above values.  These are defined
+ * for V1 compatibility.
+ */
+#define GSS_C_NULL_OID          GSS_C_NO_OID
+#define GSS_C_NULL_OID_SET      GSS_C_NO_OID_SET
+
+/*
+ * Define the default Quality of Protection for per-message services.  Note
+ * that an implementation that offers multiple levels of QOP may either reserve
+ * a value (for example zero, as assumed here) to mean "default protection", or
+ * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit
+ * QOP value.  However a value of 0 should always be interpreted by a GSSAPI
+ * implementation as a request for the default protection level.
+ */
+#define GSS_C_QOP_DEFAULT 0
+
+/*
+ * Expiration time of 2^32-1 seconds means infinite lifetime for a
+ * credential or security context
+ */
+#define GSS_C_INDEFINITE ((OM_uint32) 0xfffffffful)
+
+
+/* Major status codes */
+
+#define GSS_S_COMPLETE 0
+
+/*
+ * Some "helper" definitions to make the status code macros obvious.
+ */
+#define GSS_C_CALLING_ERROR_OFFSET 24
+#define GSS_C_ROUTINE_ERROR_OFFSET 16
+#define GSS_C_SUPPLEMENTARY_OFFSET 0
+#define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul)
+#define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul)
+#define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul)
+
+/*
+ * The macros that test status codes for error conditions.  Note that the
+ * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now
+ * evaluates its argument only once.
+ */
+#define GSS_CALLING_ERROR(x) \
+  ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
+#define GSS_ROUTINE_ERROR(x) \
+  ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
+#define GSS_SUPPLEMENTARY_INFO(x) \
+  ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
+#define GSS_ERROR(x) \
+  ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \
+          (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)))
+
+/*
+ * Now the actual status code definitions
+ */
+
+/*
+ * Calling errors:
+ */
+#define GSS_S_CALL_INACCESSIBLE_READ \
+                             (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET)
+#define GSS_S_CALL_INACCESSIBLE_WRITE \
+                             (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET)
+#define GSS_S_CALL_BAD_STRUCTURE \
+                             (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET)
+
+/*
+ * Routine errors:
+ */
+#define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_MIC GSS_S_BAD_SIG
+#define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_CREDENTIAL \
+     (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CREDENTIALS_EXPIRED \
+     (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CONTEXT_EXPIRED \
+     (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DUPLICATE_ELEMENT \
+     (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NAME_NOT_MN \
+     (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_MECH_ATTR \
+     (((OM_uint32) 19ul) << GSS_C_ROUTINE_ERROR_OFFSET)
+
+/*
+ * Supplementary info bits:
+ */
+#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
+#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
+#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
+#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
+#define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4))
+
+
+/*
+ * Finally, function prototypes for the GSSAPI routines.
+ */
+
+#if defined (_WIN32) && defined (_MSC_VER)
+# ifdef GSS_DLL_FILE
+#  define GSS_DLLIMP __declspec(dllexport)
+# else
+#  define GSS_DLLIMP __declspec(dllimport)
+# endif
+#else
+# define GSS_DLLIMP
+#endif
+
+/* Reserved static storage for GSS_oids.  Comments are quotes from RFC 2744.
+ *
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
+ * GSS_C_NT_USER_NAME should be initialized to point
+ * to that gss_OID_desc.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_USER_NAME;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+ * The constant GSS_C_NT_MACHINE_UID_NAME should be
+ * initialized to point to that gss_OID_desc.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_MACHINE_UID_NAME;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
+ * corresponding to an object-identifier value of
+ * {iso(1) member-body(2) United States(840) mit(113554)
+ * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+ * The constant GSS_C_NT_STRING_UID_NAME should be
+ * initialized to point to that gss_OID_desc.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_STRING_UID_NAME;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
+ * corresponding to an object-identifier value of
+ * {iso(1) org(3) dod(6) internet(1) security(5)
+ * nametypes(6) gss-host-based-services(2)).  The constant
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
+ * to that gss_OID_desc.  This is a deprecated OID value, and
+ * implementations wishing to support hostbased-service names
+ * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
+ * defined below, to identify such names;
+ * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
+ * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
+ * parameter, but should not be emitted by GSS-API
+ * implementations
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
+ *              "\x01\x02\x01\x04"}, corresponding to an
+ * object-identifier value of {iso(1) member-body(2)
+ * Unites States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) service_name(4)}.  The constant
+ * GSS_C_NT_HOSTBASED_SERVICE should be initialized
+ * to point to that gss_OID_desc.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE;
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
+ * corresponding to an object identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 3(gss-anonymous-name)}.  The constant
+ * and GSS_C_NT_ANONYMOUS should be initialized to point
+ * to that gss_OID_desc.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_ANONYMOUS;
+
+
+/*
+ * The implementation must reserve static storage for a
+ * gss_OID_desc object containing the value
+ * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
+ * corresponding to an object-identifier value of
+ * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+ * 6(nametypes), 4(gss-api-exported-name)}.  The constant
+ * GSS_C_NT_EXPORT_NAME should be initialized to point
+ * to that gss_OID_desc.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME;
+
+/* Function Prototypes */
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* desired_name */
+    OM_uint32,          /* time_req */
+    gss_OID_set,        /* desired_mechs */
+    gss_cred_usage_t,   /* cred_usage */
+    gss_cred_id_t *,    /* output_cred_handle */
+    gss_OID_set *,      /* actual_mechs */
+    OM_uint32 *);       /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t *);   /* cred_handle */
+
+OM_uint32 KRB5_CALLCONV
+gss_init_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* claimant_cred_handle */
+    gss_ctx_id_t *,     /* context_handle */
+    gss_name_t,         /* target_name */
+    gss_OID,            /* mech_type (used to be const) */
+    OM_uint32,          /* req_flags */
+    OM_uint32,          /* time_req */
+    gss_channel_bindings_t,     /* input_chan_bindings */
+    gss_buffer_t,       /* input_token */
+    gss_OID *,          /* actual_mech_type */
+    gss_buffer_t,       /* output_token */
+    OM_uint32 *,        /* ret_flags */
+    OM_uint32 *);       /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_accept_sec_context(
+    OM_uint32 *,                /* minor_status */
+    gss_ctx_id_t *,             /* context_handle */
+    gss_cred_id_t,              /* acceptor_cred_handle */
+    gss_buffer_t,               /* input_token_buffer */
+    gss_channel_bindings_t,     /* input_chan_bindings */
+    gss_name_t *,               /* src_name */
+    gss_OID *,                  /* mech_type */
+    gss_buffer_t,               /* output_token */
+    OM_uint32 *,                /* ret_flags */
+    OM_uint32 *,                /* time_rec */
+    gss_cred_id_t *);           /* delegated_cred_handle */
+
+OM_uint32 KRB5_CALLCONV
+gss_process_context_token(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t);      /* token_buffer */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_delete_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t *,     /* context_handle */
+    gss_buffer_t);      /* output_token */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_context_time(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    OM_uint32 *);       /* time_rec */
+
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_get_mic(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_qop_t,          /* qop_req */
+    gss_buffer_t,       /* message_buffer */
+    gss_buffer_t);      /* message_token */
+
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_verify_mic(OM_uint32 *,     /* minor_status */
+               gss_ctx_id_t,    /* context_handle */
+               gss_buffer_t,    /* message_buffer */
+               gss_buffer_t,    /* message_token */
+               gss_qop_t *      /* qop_state */
+);
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_wrap(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* conf_req_flag */
+    gss_qop_t,          /* qop_req */
+    gss_buffer_t,       /* input_message_buffer */
+    int *,              /* conf_state */
+    gss_buffer_t);      /* output_message_buffer */
+
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_unwrap(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t,       /* input_message_buffer */
+    gss_buffer_t,       /* output_message_buffer */
+    int *,              /* conf_state */
+    gss_qop_t *);       /* qop_state */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_display_status(
+    OM_uint32 *,        /* minor_status */
+    OM_uint32,          /* status_value */
+    int,                /* status_type */
+    gss_OID,            /* mech_type (used to be const) */
+    OM_uint32 *,        /* message_context */
+    gss_buffer_t);      /* status_string */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_indicate_mechs(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* mech_set */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_compare_name(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* name1 */
+    gss_name_t,         /* name2 */
+    int *);             /* name_equal */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_display_name(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* input_name */
+    gss_buffer_t,       /* output_name_buffer */
+    gss_OID *);         /* output_name_type */
+
+
+OM_uint32 KRB5_CALLCONV
+gss_import_name(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* input_name_buffer */
+    gss_OID,            /* input_name_type(used to be const) */
+    gss_name_t *);      /* output_name */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_name(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t *);      /* input_name */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_buffer(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t);      /* buffer */
+
+OM_uint32 KRB5_CALLCONV
+gss_release_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* set */
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* cred_handle */
+    gss_name_t *,       /* name */
+    OM_uint32 *,        /* lifetime */
+    gss_cred_usage_t *, /* cred_usage */
+    gss_OID_set *);     /* mechanisms */
+
+/* Last argument new for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_context(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_name_t *,       /* src_name */
+    gss_name_t *,       /* targ_name */
+    OM_uint32 *,        /* lifetime_rec */
+    gss_OID *,          /* mech_type */
+    OM_uint32 *,        /* ctx_flags */
+    int *,              /* locally_initiated */
+    int *);             /* open */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_wrap_size_limit(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* conf_req_flag */
+    gss_qop_t,          /* qop_req */
+    OM_uint32,          /* req_output_size */
+    OM_uint32 *);       /* max_input_size */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_import_name_object(
+    OM_uint32 *,        /* minor_status */
+    void *,             /* input_name */
+    gss_OID,            /* input_name_type */
+    gss_name_t *);      /* output_name */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_export_name_object(
+    OM_uint32 *,        /* minor_status */
+    gss_name_t,         /* input_name */
+    gss_OID,            /* desired_name_type */
+    void **);           /* output_name */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_add_cred(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* input_cred_handle */
+    gss_name_t,         /* desired_name */
+    gss_OID,            /* desired_mech */
+    gss_cred_usage_t,   /* cred_usage */
+    OM_uint32,          /* initiator_time_req */
+    OM_uint32,          /* acceptor_time_req */
+    gss_cred_id_t *,    /* output_cred_handle */
+    gss_OID_set *,      /* actual_mechs */
+    OM_uint32 *,        /* initiator_time_rec */
+    OM_uint32 *);       /* acceptor_time_rec */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred_by_mech(
+    OM_uint32 *,                /* minor_status */
+    gss_cred_id_t,              /* cred_handle */
+    gss_OID,                    /* mech_type */
+    gss_name_t *,               /* name */
+    OM_uint32 *,                /* initiator_lifetime */
+    OM_uint32 *,                /* acceptor_lifetime */
+    gss_cred_usage_t *);        /* cred_usage */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_export_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t *,     /* context_handle */
+    gss_buffer_t);      /* interprocess_token */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_import_sec_context(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* interprocess_token */
+    gss_ctx_id_t *);    /* context_handle */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_release_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_OID *);         /* oid */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_create_empty_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* oid_set */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_add_oid_set_member(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* member_oid */
+    gss_OID_set *);     /* oid_set */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_test_oid_set_member(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* member */
+    gss_OID_set,        /* set */
+    int *);             /* present */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_str_to_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* oid_str */
+    gss_OID *);         /* oid */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_oid_to_str(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* oid */
+    gss_buffer_t);      /* oid_str */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_names_for_mech(
+    OM_uint32 *,        /* minor_status */
+    gss_OID,            /* mechanism */
+    gss_OID_set *);     /* name_types */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_mechs_for_name(
+    OM_uint32 *,        /* minor_status */
+    const gss_name_t,   /* input_name */
+    gss_OID_set *);     /* mech_types */
+
+/*
+ * The following routines are obsolete variants of gss_get_mic, gss_wrap,
+ * gss_verify_mic and gss_unwrap.  They should be provided by GSSAPI V2
+ * implementations for backwards compatibility with V1 applications.  Distinct
+ * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI
+ * V1 applications to link against GSSAPI V2 implementations.
+ */
+OM_uint32 KRB5_CALLCONV
+gss_sign(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* qop_req */
+    gss_buffer_t,       /* message_buffer */
+    gss_buffer_t);      /* message_token */
+
+OM_uint32 KRB5_CALLCONV
+gss_verify(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t,       /* message_buffer */
+    gss_buffer_t,       /* token_buffer */
+    int *);             /* qop_state */
+
+OM_uint32 KRB5_CALLCONV
+gss_seal(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,                /* conf_req_flag */
+    int,                /* qop_req */
+    gss_buffer_t,       /* input_message_buffer */
+    int *,              /* conf_state */
+    gss_buffer_t);      /* output_message_buffer */
+
+OM_uint32 KRB5_CALLCONV
+gss_unseal(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    gss_buffer_t,       /* input_message_buffer */
+    gss_buffer_t,       /* output_message_buffer */
+    int *,              /* conf_state */
+    int *);             /* qop_state */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_export_name(
+    OM_uint32  *,       /* minor_status */
+    const gss_name_t,   /* input_name */
+    gss_buffer_t);      /* exported_name */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_duplicate_name(
+    OM_uint32  *,       /* minor_status */
+    const gss_name_t,   /* input_name */
+    gss_name_t *);      /* dest_name */
+
+/* New for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_canonicalize_name(
+    OM_uint32  *,       /* minor_status */
+    const gss_name_t,   /* input_name */
+    const gss_OID,      /* mech_type */
+    gss_name_t *);      /* output_name */
+
+/* RFC 4401 */
+
+#define GSS_C_PRF_KEY_FULL      0
+#define GSS_C_PRF_KEY_PARTIAL   1
+
+OM_uint32 KRB5_CALLCONV
+gss_pseudo_random(
+    OM_uint32 *,        /* minor_status */
+    gss_ctx_id_t,       /* context */
+    int,                /* prf_key */
+    const gss_buffer_t, /* prf_in */
+    ssize_t,            /* desired_output_len */
+    gss_buffer_t);      /* prf_out */
+
+OM_uint32 KRB5_CALLCONV
+gss_store_cred(
+    OM_uint32 *,        /* minor_status */
+    const gss_cred_id_t,/* input_cred_handle */
+    gss_cred_usage_t,   /* input_usage */
+    const gss_OID,      /* desired_mech */
+    OM_uint32,          /* overwrite_cred */
+    OM_uint32,          /* default_cred */
+    gss_OID_set *,      /* elements_stored */
+    gss_cred_usage_t *);/* cred_usage_stored */
+
+OM_uint32 KRB5_CALLCONV
+gss_set_neg_mechs(
+    OM_uint32 *,        /* minor_status */
+    gss_cred_id_t,      /* cred_handle */
+    const gss_OID_set); /* mech_set */
+
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(pop)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+/* XXXX these are not part of the GSSAPI C bindings!  (but should be) */
+
+#define GSS_CALLING_ERROR_FIELD(x) \
+   (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK)
+#define GSS_ROUTINE_ERROR_FIELD(x) \
+   (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK)
+#define GSS_SUPPLEMENTARY_INFO_FIELD(x) \
+   (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK)
+
+/* XXXX This is a necessary evil until the spec is fixed */
+#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+
+/*
+ * RFC 5587
+ */
+typedef const gss_buffer_desc *gss_const_buffer_t;
+typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t;
+typedef const struct gss_ctx_id_struct *gss_const_ctx_id_t;
+typedef const struct gss_cred_id_struct *gss_const_cred_id_t;
+typedef const struct gss_name_struct *gss_const_name_t;
+typedef const gss_OID_desc *gss_const_OID;
+typedef const gss_OID_set_desc *gss_const_OID_set;
+
+OM_uint32 KRB5_CALLCONV
+gss_indicate_mechs_by_attrs(
+    OM_uint32 *,        /* minor_status */
+    gss_const_OID_set,  /* desired_mech_attrs */
+    gss_const_OID_set,  /* except_mech_attrs */
+    gss_const_OID_set,  /* critical_mech_attrs */
+    gss_OID_set *);     /* mechs */
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_attrs_for_mech(
+    OM_uint32 *,        /* minor_status */
+    gss_const_OID,      /* mech */
+    gss_OID_set *,      /* mech_attrs */
+    gss_OID_set *);     /* known_mech_attrs */
+
+OM_uint32 KRB5_CALLCONV
+gss_display_mech_attr(
+    OM_uint32 *,        /* minor_status */
+    gss_const_OID,      /* mech_attr */
+    gss_buffer_t,       /* name */
+    gss_buffer_t,       /* short_desc */
+    gss_buffer_t);      /* long_desc */
+
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_CONCRETE;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_PSEUDO;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_COMPOSITE;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_NEGO;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_GLUE;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_MECH;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_DEPRECATED;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_DFLT_MECH;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_ITOK_FRAMED;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_INIT;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_INIT;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_ANON;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_ANON;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_DELEG_CRED;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_INTEG_PROT;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_CONF_PROT;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_MIC;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_WRAP;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_PROT_READY;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_REPLAY_DET;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_OOS_DET;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_CBINDINGS;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_PFS;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_COMPRESS;
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_CTX_TRANS;
+
+/*
+ * RFC 5801
+ */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_saslname_for_mech(
+    OM_uint32 *,        /* minor_status */
+    const gss_OID,      /* desired_mech */
+    gss_buffer_t,       /* sasl_mech_name */
+    gss_buffer_t,       /* mech_name */
+    gss_buffer_t        /* mech_description */
+);
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_mech_for_saslname(
+    OM_uint32 *,        /* minor_status */
+    const gss_buffer_t, /* sasl_mech_name */
+    gss_OID *           /* mech_type */
+);
+
+#endif /* _GSSAPI_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapiP_generic.h b/krb5-1.21.3/src/lib/gssapi/generic/gssapiP_generic.h
new file mode 100644
index 00000000..3c6bfa53
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapiP_generic.h
@@ -0,0 +1,298 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPIP_GENERIC_H_
+#define _GSSAPIP_GENERIC_H_
+
+/*
+ * $Id$
+ */
+
+#if defined(_WIN32)
+#include "k5-int.h"
+#else
+#include "autoconf.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#endif
+
+#include "k5-thread.h"
+
+#include "gssapi_generic.h"
+#include "gssapi_ext.h"
+#include <gssapi/gssapi_alloc.h>
+#include "gssapi_err_generic.h"
+#include <errno.h>
+
+#include "k5-platform.h"
+#include "k5-buf.h"
+
+/** helper macros **/
+
+#define g_OID_equal(o1, o2)                                             \
+        (((o1)->length == (o2)->length) &&                              \
+        (memcmp((o1)->elements, (o2)->elements, (o1)->length) == 0))
+
+/** malloc wrappers; these may actually do something later */
+
+#define xmalloc(n) malloc(n)
+#define xrealloc(p,n) realloc(p,n)
+#ifdef xfree
+#undef xfree
+#endif
+#define xfree(p) free(p)
+
+/** helper functions **/
+
+/* hide names from applications, especially glib applications */
+#define g_set_init              gssint_g_set_init
+#define g_set_destroy           gssint_g_set_destroy
+#define g_set_entry_add         gssint_g_set_entry_add
+#define g_set_entry_delete      gssint_g_set_entry_delete
+#define g_set_entry_get         gssint_g_set_entry_get
+#define g_make_string_buffer    gssint_g_make_string_buffer
+#define g_token_size            gssint_g_token_size
+#define g_make_token_header     gssint_g_make_token_header
+#define g_verify_token_header   gssint_g_verify_token_header
+#define g_display_major_status  gssint_g_display_major_status
+#define g_display_com_err_status gssint_g_display_com_err_status
+#define g_seqstate_init         gssint_g_seqstate_init
+#define g_seqstate_check        gssint_g_seqstate_check
+#define g_seqstate_free         gssint_g_seqstate_free
+#define g_seqstate_size         gssint_g_seqstate_size
+#define g_seqstate_externalize  gssint_g_seqstate_externalize
+#define g_seqstate_internalize  gssint_g_seqstate_internalize
+#define g_canonicalize_host     gssint_g_canonicalize_host
+#define g_local_host_name       gssint_g_local_host_name
+#define g_strdup                gssint_g_strdup
+
+typedef struct _g_set_elt *g_set_elt;
+typedef struct {
+    k5_mutex_t mutex;
+    void *data;
+} g_set;
+#define G_SET_INIT { K5_MUTEX_PARTIAL_INITIALIZER, 0 }
+
+typedef struct g_seqnum_state_st *g_seqnum_state;
+
+int g_set_init (g_set_elt *s);
+int g_set_destroy (g_set_elt *s);
+int g_set_entry_add (g_set_elt *s, void *key, void *value);
+int g_set_entry_delete (g_set_elt *s, void *key);
+int g_set_entry_get (g_set_elt *s, void *key, void **value);
+
+int g_save_name (g_set *vdb, gss_name_t name);
+int g_save_cred_id (g_set *vdb, gss_cred_id_t cred);
+int g_save_ctx_id (g_set *vdb, gss_ctx_id_t ctx);
+int g_save_lucidctx_id (g_set *vdb, void *lctx);
+
+int g_validate_name (g_set *vdb, gss_name_t name);
+int g_validate_cred_id (g_set *vdb, gss_cred_id_t cred);
+int g_validate_ctx_id (g_set *vdb, gss_ctx_id_t ctx);
+int g_validate_lucidctx_id (g_set *vdb, void *lctx);
+
+int g_delete_name (g_set *vdb, gss_name_t name);
+int g_delete_cred_id (g_set *vdb, gss_cred_id_t cred);
+int g_delete_ctx_id (g_set *vdb, gss_ctx_id_t ctx);
+int g_delete_lucidctx_id (g_set *vdb, void *lctx);
+
+int g_make_string_buffer (const char *str, gss_buffer_t buffer);
+
+unsigned int g_token_size (const gss_OID_desc * mech, unsigned int body_size);
+
+void g_make_token_header (struct k5buf *buf, const gss_OID_desc *mech,
+                          size_t body_size, int tok_type);
+
+/* flags for g_verify_token_header() */
+#define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED        0x01
+
+gss_int32 g_verify_token_header (const gss_OID_desc * mech,
+                                 unsigned int *body_size,
+                                 unsigned char **buf, int tok_type,
+                                 unsigned int toksize_in,
+                                 int flags);
+
+OM_uint32 g_display_major_status (OM_uint32 *minor_status,
+                                  OM_uint32 status_value,
+                                  OM_uint32 *message_context,
+                                  gss_buffer_t status_string);
+
+OM_uint32 g_display_com_err_status (OM_uint32 *minor_status,
+                                    OM_uint32 status_value,
+                                    gss_buffer_t status_string);
+
+long g_seqstate_init(g_seqnum_state *state_out, uint64_t seqnum,
+                     int do_replay, int do_sequence, int wide);
+OM_uint32 g_seqstate_check(g_seqnum_state state, uint64_t seqnum);
+void g_seqstate_free(g_seqnum_state state);
+void g_seqstate_size(g_seqnum_state state, size_t *sizep);
+long g_seqstate_externalize(g_seqnum_state state, unsigned char **buf,
+                            size_t *lenremain);
+long g_seqstate_internalize(g_seqnum_state *state_out, unsigned char **buf,
+                            size_t *lenremain);
+
+char *g_strdup (char *str);
+
+/** declarations of internal name mechanism functions **/
+
+OM_uint32
+generic_gss_release_buffer(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t);      /* buffer */
+
+OM_uint32
+generic_gss_release_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* set */
+
+OM_uint32
+generic_gss_release_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_OID *);         /* set */
+
+OM_uint32
+generic_gss_copy_oid(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* oid */
+    gss_OID *);                 /* new_oid */
+
+OM_uint32
+generic_gss_create_empty_oid_set(
+    OM_uint32 *,        /* minor_status */
+    gss_OID_set *);     /* oid_set */
+
+OM_uint32
+generic_gss_add_oid_set_member(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* member_oid */
+    gss_OID_set *);             /* oid_set */
+
+OM_uint32
+generic_gss_test_oid_set_member(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* member */
+    gss_OID_set,                /* set */
+    int *);                     /* present */
+
+OM_uint32
+generic_gss_oid_to_str(
+    OM_uint32 *,                /* minor_status */
+    const gss_OID_desc * const, /* oid */
+    gss_buffer_t);              /* oid_str */
+
+OM_uint32
+generic_gss_str_to_oid(
+    OM_uint32 *,        /* minor_status */
+    gss_buffer_t,       /* oid_str */
+    gss_OID *);         /* oid */
+
+OM_uint32
+generic_gss_oid_compose(
+    OM_uint32 *,        /* minor_status */
+    const char *,       /* prefix */
+    size_t,             /* prefix_len */
+    int,                /* suffix */
+    gss_OID_desc *);    /* oid */
+
+OM_uint32
+generic_gss_oid_decompose(
+    OM_uint32 *,        /* minor_status */
+    const char *,       /*prefix */
+    size_t,             /* prefix_len */
+    gss_OID_desc *,     /* oid */
+    int *);             /* suffix */
+
+int gssint_mecherrmap_init(void);
+void gssint_mecherrmap_destroy(void);
+OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc *oid);
+int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
+                          OM_uint32 *mech_minor);
+OM_uint32 gssint_mecherrmap_map_errcode(OM_uint32 errcode);
+
+/*
+ * Transfer contents of a k5buf to a gss_buffer and invalidate the source
+ * On unix, this is a simple pointer copy
+ * On windows, memory is reallocated and copied.
+ */
+static inline OM_uint32
+k5buf_to_gss(OM_uint32 *minor,
+             struct k5buf *input_k5buf,
+             gss_buffer_t output_buffer)
+{
+    OM_uint32 status = GSS_S_COMPLETE;
+
+    if (k5_buf_status(input_k5buf) != 0) {
+        *minor = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    output_buffer->length = input_k5buf->len;
+#if defined(_WIN32) || defined(DEBUG_GSSALLOC)
+    if (output_buffer->length > 0) {
+        output_buffer->value = gssalloc_malloc(output_buffer->length);
+        if (output_buffer->value) {
+            memcpy(output_buffer->value, input_k5buf->data,
+                   output_buffer->length);
+        } else {
+            status = GSS_S_FAILURE;
+            *minor = ENOMEM;
+        }
+    } else {
+        output_buffer->value = NULL;
+    }
+    k5_buf_free(input_k5buf);
+#else
+    output_buffer->value = input_k5buf->data;
+    memset(input_k5buf, 0, sizeof(*input_k5buf));
+#endif
+    return status;
+}
+
+OM_uint32 generic_gss_create_empty_buffer_set
+(OM_uint32 * /*minor_status*/,
+            gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 generic_gss_add_buffer_set_member
+(OM_uint32 * /*minor_status*/,
+            const gss_buffer_t /*member_buffer*/,
+            gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 generic_gss_release_buffer_set
+(OM_uint32 * /*minor_status*/,
+            gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 generic_gss_copy_oid_set
+(OM_uint32 *, /* minor_status */
+            const gss_OID_set_desc * const /*oidset*/,
+            gss_OID_set * /*new_oidset*/);
+
+extern gss_OID_set gss_ma_known_attrs;
+
+OM_uint32 generic_gss_display_mech_attr(
+      OM_uint32         *minor_status,
+      gss_const_OID      mech_attr,
+      gss_buffer_t       name,
+      gss_buffer_t       short_desc,
+      gss_buffer_t       long_desc);
+
+#endif /* _GSSAPIP_GENERIC_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapi_alloc.h b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_alloc.h
new file mode 100644
index 00000000..89ef3324
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_alloc.h
@@ -0,0 +1,131 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* To the extent possible under law, Painless Security, LLC has waived
+ * all copyright and related or neighboring rights to GSS-API Memory
+ * Management Header. This work is published from: United States.
+ */
+
+#ifndef GSSAPI_ALLOC_H
+#define GSSAPI_ALLOC_H
+
+#ifdef _WIN32
+#include "winbase.h"
+#endif
+#include <string.h>
+
+#if defined(_WIN32)
+
+static inline void
+gssalloc_free(void *value)
+{
+    if (value)
+        HeapFree(GetProcessHeap(), 0, value);
+}
+
+static inline void *
+gssalloc_malloc(size_t size)
+{
+    return HeapAlloc(GetProcessHeap(), 0, size);
+}
+
+static inline void *
+gssalloc_calloc(size_t count, size_t size)
+{
+    return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * size);
+}
+
+static inline void *
+gssalloc_realloc(void *value, size_t size)
+{
+    /* Unlike realloc(), HeapReAlloc() does not work on null values. */
+    if (value == NULL)
+        return HeapAlloc(GetProcessHeap(), 0, size);
+    return HeapReAlloc(GetProcessHeap(), 0, value, size);
+}
+
+#elif defined(DEBUG_GSSALLOC)
+
+/* Be deliberately incompatible with malloc and free, to allow us to detect
+ * mismatched malloc/gssalloc usage on Unix. */
+
+static inline void
+gssalloc_free(void *value)
+{
+    char *p = (char *)value - 8;
+
+    if (value == NULL)
+        return;
+    if (memcmp(p, "gssalloc", 8) != 0)
+        abort();
+    free(p);
+}
+
+static inline void *
+gssalloc_malloc(size_t size)
+{
+    char *p = calloc(size + 8, 1);
+
+    memcpy(p, "gssalloc", 8);
+    return p + 8;
+}
+
+static inline void *
+gssalloc_calloc(size_t count, size_t size)
+{
+    return gssalloc_malloc(count * size);
+}
+
+static inline void *
+gssalloc_realloc(void *value, size_t size)
+{
+    char *p = (char *)value - 8;
+
+    if (value == NULL)
+        return gssalloc_malloc(size);
+    if (memcmp(p, "gssalloc", 8) != 0)
+        abort();
+    return (char *)realloc(p, size + 8) + 8;
+}
+
+#else /* not _WIN32 or DEBUG_GSSALLOC */
+
+/* Normal Unix case, just use free/malloc/calloc/realloc. */
+
+static inline void
+gssalloc_free(void *value)
+{
+    free(value);
+}
+
+static inline void *
+gssalloc_malloc(size_t size)
+{
+    return malloc(size);
+}
+
+static inline void *
+gssalloc_calloc(size_t count, size_t size)
+{
+    return calloc(count, size);
+}
+
+static inline void *
+gssalloc_realloc(void *value, size_t size)
+{
+    return realloc(value, size);
+}
+
+#endif /* not _WIN32 or DEBUG_GSSALLOC */
+
+static inline char *
+gssalloc_strdup(const char *str)
+{
+    size_t size = strlen(str)+1;
+    char *copy = gssalloc_malloc(size);
+    if (copy) {
+        memcpy(copy, str, size);
+        copy[size-1] = '\0';
+    }
+    return copy;
+}
+
+#endif
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapi_err_generic.et b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_err_generic.et
new file mode 100644
index 00000000..3e976e3d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_err_generic.et
@@ -0,0 +1,49 @@
+# 
+# Copyright 1993 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+# 
+
+#
+# $Id$
+#
+
+error_table ggss
+
+error_code G_BAD_SERVICE_NAME, "No @ in SERVICE-NAME name string"
+error_code G_BAD_STRING_UID, "STRING-UID-NAME contains nondigits"
+error_code G_NOUSER, "UID does not resolve to username"
+error_code G_VALIDATE_FAILED, "Validation error"
+error_code G_BUFFER_ALLOC, "Couldn't allocate gss_buffer_t data"
+error_code G_BAD_MSG_CTX, "Message context invalid"
+error_code G_WRONG_SIZE, "Buffer is the wrong size"
+error_code G_BAD_USAGE, "Credential usage type is unknown"
+error_code G_UNKNOWN_QOP, "Unknown quality of protection specified"
+error_code G_NO_HOSTNAME, "Local host name could not be determined"
+error_code G_BAD_HOSTNAME, "Hostname in SERVICE-NAME string could not be canonicalized"
+error_code G_WRONG_MECH, "Mechanism is incorrect"
+error_code G_BAD_TOK_HEADER, "Token header is malformed or corrupt"
+error_code G_BAD_DIRECTION, "Packet was replayed in wrong direction"
+error_code G_TOK_TRUNC, "Token is missing data"
+error_code G_REFLECT, "Token was reflected"
+error_code G_WRONG_TOKID, "Received token ID does not match expected token ID"
+error_code G_CRED_USAGE_MISMATCH, "The given credential's usage does not match the requested usage"
+error_code G_STORE_ACCEPTOR_CRED_NOSUPP, "Storing of acceptor credentials is not supported by the mechanism"
+error_code G_STORE_NON_DEFAULT_CRED_NOSUPP, "Storing of non-default credentials is not supported by the mechanism"
+end
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapi_ext.h b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_ext.h
new file mode 100644
index 00000000..38e39616
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_ext.h
@@ -0,0 +1,650 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef GSSAPI_EXT_H_
+#define GSSAPI_EXT_H_
+
+#include <gssapi/gssapi.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/*
+ * Solaris extensions
+ */
+#ifndef _WIN32
+OM_uint32 KRB5_CALLCONV
+gss_pname_to_uid
+	(OM_uint32 *minor,
+         const gss_name_t name,
+	 const gss_OID mech_type,
+	 uid_t *uidOut);
+#endif
+
+/**
+ * Provides a platform-specific name for a GSSAPI name as interpreted by a
+ * given mechanism.
+ *
+ * @param [out] minor      Minor status code
+ * @param [in] name        The gss name resulting from accept_sec_context
+ * @param [in] mech_type   The mechanism that will be asked to map @a name to a
+ *                         local name
+ * @param [out] localname  Caller-allocated buffer to be filled in with the
+ *                         local name on success
+ */
+OM_uint32 KRB5_CALLCONV
+gss_localname
+	(OM_uint32 *minor,
+	 const gss_name_t name,
+	 gss_const_OID mech_type,
+	 gss_buffer_t localname);
+
+/**
+ * Determine whether a mechanism name is authorized to act as a username.
+ *
+ * @param [in] name      Mechanism name
+ * @param [in] username  System username
+ *
+ * This is a simple wrapper around gss_authorize_localname().  It only supports
+ * system usernames as local names, and cannot distinguish between lack of
+ * authorization and other errors.
+ *
+ * @retval 1 @a name is authorized to act as @a username
+ * @retval 0 @a name is not authorized or an error occurred
+ */
+int KRB5_CALLCONV
+gss_userok(const gss_name_t name,
+           const char *username);
+
+/**
+ *  Determine whether a mechanism name is authorized to act as a local name.
+ *
+ * @param [out] minor  Minor status code
+ * @param [in] name    Mechanism name
+ * @param [in] user    Local name
+ *
+ * @a name is a mechanism name, typically the result of a completed
+ * gss_accept_sec_context().  @a user is an internal name representing a local
+ * name, such as a name imported by gss_import_name() with an @a
+ * input_name_type of @c GSS_C_NT_USER_NAME.
+ *
+ * @return Return GSS_S_COMPLETE if @a name is authorized to act as @a user,
+ * GSS_S_UNAUTHORIZED if not, or an appropriate GSS error code if an error
+ * occurred.
+ *
+ * @sa gss_userok
+ */
+OM_uint32 KRB5_CALLCONV
+gss_authorize_localname(OM_uint32 *minor,
+                        const gss_name_t name,
+                        const gss_name_t user);
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_with_password(
+    OM_uint32 *,        /* minor_status */
+    const gss_name_t,   /* desired_name */
+    const gss_buffer_t, /* password */
+    OM_uint32,          /* time_req */
+    const gss_OID_set,  /* desired_mechs */
+    gss_cred_usage_t,   /* cred_usage */
+    gss_cred_id_t *,    /* output_cred_handle */
+    gss_OID_set *,      /* actual_mechs */
+    OM_uint32 *);       /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_add_cred_with_password(
+    OM_uint32 *,        /* minor_status */
+    const gss_cred_id_t,/* input_cred_handle */
+    const gss_name_t,   /* desired_name */
+    const gss_OID,      /* desired_mech */
+    const gss_buffer_t, /* password */
+    gss_cred_usage_t,   /* cred_usage */
+    OM_uint32,          /* initiator_time_req */
+    OM_uint32,          /* acceptor_time_req */
+    gss_cred_id_t *,    /* output_cred_handle */
+    gss_OID_set *,      /* actual_mechs */
+    OM_uint32 *,        /* initiator_time_rec */
+    OM_uint32 *);       /* acceptor_time_rec */
+
+/*
+ * GGF extensions
+ */
+typedef struct gss_buffer_set_desc_struct {
+    size_t count;
+    gss_buffer_desc *elements;
+} gss_buffer_set_desc, *gss_buffer_set_t;
+
+#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
+
+OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set
+	(OM_uint32 * /*minor_status*/,
+	 gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member
+	(OM_uint32 * /*minor_status*/,
+	 const gss_buffer_t /*member_buffer*/,
+	 gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_release_buffer_set
+	(OM_uint32 * /*minor_status*/,
+	 gss_buffer_set_t * /*buffer_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_inquire_sec_context_by_oid
+	(OM_uint32 * /*minor_status*/,
+	 const gss_ctx_id_t /*context_handle*/,
+	 const gss_OID /*desired_object*/,
+	 gss_buffer_set_t * /*data_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_oid
+	(OM_uint32 * /*minor_status*/,
+	 const gss_cred_id_t /*cred_handle*/,
+	 const gss_OID /*desired_object*/,
+	 gss_buffer_set_t * /*data_set*/);
+
+OM_uint32 KRB5_CALLCONV gss_set_sec_context_option
+	(OM_uint32 * /*minor_status*/,
+	 gss_ctx_id_t * /*cred_handle*/,
+	 const gss_OID /*desired_object*/,
+	 const gss_buffer_t /*value*/);
+
+/*
+ * Export import cred extensions from GGF, but using Heimdal's signatures
+ */
+OM_uint32 KRB5_CALLCONV gss_export_cred
+	(OM_uint32 * /* minor_status */,
+	 gss_cred_id_t /* cred_handle */,
+	 gss_buffer_t /* token */);
+
+OM_uint32 KRB5_CALLCONV gss_import_cred
+	(OM_uint32 * /* minor_status */,
+	 gss_buffer_t /* token */,
+	 gss_cred_id_t * /* cred_handle */);
+
+/*
+ * Heimdal extension
+ */
+OM_uint32 KRB5_CALLCONV gss_set_cred_option
+	(OM_uint32 * /*minor_status*/,
+	 gss_cred_id_t * /*cred*/,
+	 const gss_OID /*desired_object*/,
+	 const gss_buffer_t /*value*/);
+
+/*
+ * Call the given method on the given mechanism
+ */
+OM_uint32 KRB5_CALLCONV gssspi_mech_invoke
+	(OM_uint32 * /*minor_status*/,
+	 const gss_OID /*desired_mech*/,
+	 const gss_OID /*desired_object*/,
+	 gss_buffer_t /*value*/);
+
+/*
+ * AEAD extensions
+ */
+
+OM_uint32 KRB5_CALLCONV gss_wrap_aead
+	(OM_uint32 * /*minor_status*/,
+	 gss_ctx_id_t /*context_handle*/,
+	 int /*conf_req_flag*/,
+	 gss_qop_t /*qop_req*/,
+	 gss_buffer_t /*input_assoc_buffer*/,
+	 gss_buffer_t /*input_payload_buffer*/,
+	 int * /*conf_state*/,
+	 gss_buffer_t /*output_message_buffer*/);
+
+OM_uint32 KRB5_CALLCONV gss_unwrap_aead
+	(OM_uint32 * /*minor_status*/,
+	 gss_ctx_id_t /*context_handle*/,
+	 gss_buffer_t /*input_message_buffer*/,
+	 gss_buffer_t /*input_assoc_buffer*/,
+	 gss_buffer_t /*output_payload_buffer*/,
+	 int * /*conf_state*/,
+	 gss_qop_t * /*qop_state*/);
+
+/*
+ * SSPI extensions
+ */
+#define GSS_C_DCE_STYLE			0x1000
+#define GSS_C_IDENTIFY_FLAG		0x2000
+#define GSS_C_EXTENDED_ERROR_FLAG	0x4000
+
+/*
+ * Returns a buffer set with the first member containing the
+ * session key for SSPI compatibility. The optional second
+ * member contains an OID identifying the session key type.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY;
+
+/*
+ * Returns a buffer set with the first member containing the ticket session key
+ * for ODBC compatibility.  The optional second member contains an OID
+ * identifying the session key type.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_INQ_ODBC_SESSION_KEY;
+
+GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_KEY;
+GSS_DLLIMP extern gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY;
+
+OM_uint32 KRB5_CALLCONV gss_complete_auth_token
+	(OM_uint32 *minor_status,
+	 const gss_ctx_id_t context_handle,
+	 gss_buffer_t input_message_buffer);
+
+typedef struct gss_iov_buffer_desc_struct {
+    OM_uint32 type;
+    gss_buffer_desc buffer;
+} gss_iov_buffer_desc, *gss_iov_buffer_t;
+
+#define GSS_C_NO_IOV_BUFFER		    ((gss_iov_buffer_t)0)
+
+#define GSS_IOV_BUFFER_TYPE_EMPTY	    0
+#define GSS_IOV_BUFFER_TYPE_DATA	    1	/* Packet data */
+#define GSS_IOV_BUFFER_TYPE_HEADER	    2	/* Mechanism header */
+#define GSS_IOV_BUFFER_TYPE_MECH_PARAMS	    3	/* Mechanism specific parameters */
+#define GSS_IOV_BUFFER_TYPE_TRAILER	    7	/* Mechanism trailer */
+#define GSS_IOV_BUFFER_TYPE_PADDING	    9	/* Padding */
+#define GSS_IOV_BUFFER_TYPE_STREAM	    10	/* Complete wrap token */
+#define GSS_IOV_BUFFER_TYPE_SIGN_ONLY	    11	/* Sign only packet data */
+#define GSS_IOV_BUFFER_TYPE_MIC_TOKEN	    12	/* MIC token destination */
+
+#define GSS_IOV_BUFFER_FLAG_MASK	    0xFFFF0000
+#define GSS_IOV_BUFFER_FLAG_ALLOCATE	    0x00010000	/* indicates GSS should allocate */
+#define GSS_IOV_BUFFER_FLAG_ALLOCATED	    0x00020000	/* indicates caller should free */
+
+#define GSS_IOV_BUFFER_TYPE(_type)	    ((_type) & ~(GSS_IOV_BUFFER_FLAG_MASK))
+#define GSS_IOV_BUFFER_FLAGS(_type)	    ((_type) & GSS_IOV_BUFFER_FLAG_MASK)
+
+/*
+ * Sign and optionally encrypt a sequence of buffers. The buffers
+ * shall be ordered HEADER | DATA | PADDING | TRAILER. Suitable
+ * space for the header, padding and trailer should be provided
+ * by calling gss_wrap_iov_length(), or the ALLOCATE flag should
+ * be set on those buffers.
+ *
+ * Encryption is in-place. SIGN_ONLY buffers are untouched. Only
+ * a single PADDING buffer should be provided. The order of the
+ * buffers in memory does not matter. Buffers in the IOV should
+ * be arranged in the order above, and in the case of multiple
+ * DATA buffers the sender and receiver should agree on the
+ * order.
+ *
+ * With GSS_C_DCE_STYLE it is acceptable to not provide PADDING
+ * and TRAILER, but the caller must guarantee the plaintext data
+ * being encrypted is correctly padded, otherwise an error will
+ * be returned.
+ *
+ * While applications that have knowledge of the underlying
+ * cryptosystem may request a specific configuration of data
+ * buffers, the only generally supported configurations are:
+ *
+ *  HEADER | DATA | PADDING | TRAILER
+ *
+ * which will emit GSS_Wrap() compatible tokens, and:
+ *
+ *  HEADER | SIGN_ONLY | DATA | PADDING | TRAILER
+ *
+ * for AEAD.
+ *
+ * The typical (special cased) usage for DCE is as follows:
+ *
+ *  SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER
+ */
+OM_uint32 KRB5_CALLCONV gss_wrap_iov
+(
+    OM_uint32 *,	/* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int,		/* conf_req_flag */
+    gss_qop_t,		/* qop_req */
+    int *,		/* conf_state */
+    gss_iov_buffer_desc *,    /* iov */
+    int);		/* iov_count */
+
+/*
+ * Verify and optionally decrypt a sequence of buffers. To process
+ * a GSS-API message without separate buffer, pass STREAM | DATA.
+ * Upon return DATA will contain the decrypted or integrity
+ * protected message. Only a single DATA buffer may be provided
+ * with this usage. DATA by default will point into STREAM, but if
+ * the ALLOCATE flag is set a copy will be returned.
+ *
+ * Otherwise, decryption is in-place. SIGN_ONLY buffers are
+ * untouched.
+ */
+OM_uint32 KRB5_CALLCONV gss_unwrap_iov
+(
+    OM_uint32 *,	/* minor_status */
+    gss_ctx_id_t,       /* context_handle */
+    int *,		/* conf_state */
+    gss_qop_t *,	/* qop_state */
+    gss_iov_buffer_desc *,    /* iov */
+    int);		/* iov_count */
+
+/*
+ * Query HEADER, PADDING and TRAILER buffer lengths. DATA buffers
+ * should be provided so the correct padding length can be determined.
+ */
+OM_uint32 KRB5_CALLCONV gss_wrap_iov_length
+(
+    OM_uint32 *,	/* minor_status */
+    gss_ctx_id_t,	/* context_handle */
+    int,		/* conf_req_flag */
+    gss_qop_t,		/* qop_req */
+    int *,		/* conf_state */
+    gss_iov_buffer_desc *, /* iov */
+    int);		/* iov_count */
+
+/*
+ * Produce a GSSAPI MIC token for a sequence of buffers.  All SIGN_ONLY and
+ * DATA buffers will be signed, in the order they appear.  One MIC_TOKEN buffer
+ * must be included for the result.  Suitable space should be provided for the
+ * MIC_TOKEN buffer by calling gss_get_mic_iov_length, or the ALLOCATE flag
+ * should be set on that buffer.  If the ALLOCATE flag is used, use
+ * gss_release_iov_buffer to free the allocated buffer within the iov list when
+ * it is no longer needed.
+ */
+OM_uint32 KRB5_CALLCONV gss_get_mic_iov
+(
+    OM_uint32 *,	/* minor_status */
+    gss_ctx_id_t,	/* context_handle */
+    gss_qop_t,		/* qop_req */
+    gss_iov_buffer_desc *, /* iov */
+    int);		/* iov_count */
+
+/*
+ * Query the MIC_TOKEN buffer length within the iov list.
+ */
+OM_uint32 KRB5_CALLCONV gss_get_mic_iov_length(
+    OM_uint32 *,	/* minor_status */
+    gss_ctx_id_t,	/* context_handle */
+    gss_qop_t,		/* qop_req */
+    gss_iov_buffer_desc *, /* iov */
+    int);		/* iov_count */
+
+/*
+ * Verify the MIC_TOKEN buffer within the iov list against the SIGN_ONLY and
+ * DATA buffers in the order they appear.  Return values are the same as for
+ * gss_verify_mic.
+ */
+OM_uint32 KRB5_CALLCONV gss_verify_mic_iov
+(
+    OM_uint32 *,	/* minor_status */
+    gss_ctx_id_t,	/* context_handle */
+    gss_qop_t *,	/* qop_state */
+    gss_iov_buffer_desc *, /* iov */
+    int);		/* iov_count */
+
+/*
+ * Release buffers that have the ALLOCATED flag set.
+ */
+OM_uint32 KRB5_CALLCONV gss_release_iov_buffer
+(
+    OM_uint32 *,	/* minor_status */
+    gss_iov_buffer_desc *, /* iov */
+    int);		/* iov_count */
+
+/*
+ * Protocol transition
+ */
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_impersonate_name(
+    OM_uint32 *,	    /* minor_status */
+    const gss_cred_id_t,    /* impersonator_cred_handle */
+    const gss_name_t,	    /* desired_name */
+    OM_uint32,		    /* time_req */
+    const gss_OID_set,	    /* desired_mechs */
+    gss_cred_usage_t,	    /* cred_usage */
+    gss_cred_id_t *,	    /* output_cred_handle */
+    gss_OID_set *,	    /* actual_mechs */
+    OM_uint32 *);	    /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_add_cred_impersonate_name(
+    OM_uint32 *,	    /* minor_status */
+    gss_cred_id_t,	    /* input_cred_handle */
+    const gss_cred_id_t,    /* impersonator_cred_handle */
+    const gss_name_t,	    /* desired_name */
+    const gss_OID,	    /* desired_mech */
+    gss_cred_usage_t,	    /* cred_usage */
+    OM_uint32,		    /* initiator_time_req */
+    OM_uint32,		    /* acceptor_time_req */
+    gss_cred_id_t *,	    /* output_cred_handle */
+    gss_OID_set *,	    /* actual_mechs */
+    OM_uint32 *,	    /* initiator_time_rec */
+    OM_uint32 *);	    /* acceptor_time_rec */
+
+/*
+ * Naming extensions
+ */
+GSS_DLLIMP extern gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER;
+GSS_DLLIMP extern gss_OID GSS_C_NT_COMPOSITE_EXPORT;
+
+OM_uint32 KRB5_CALLCONV gss_display_name_ext
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    gss_OID,		/* display_as_name_type */
+    gss_buffer_t	/* display_name */
+);
+
+OM_uint32 KRB5_CALLCONV gss_inquire_name
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    int *,		/* name_is_MN */
+    gss_OID *,		/* MN_mech */
+    gss_buffer_set_t *	/* attrs */
+);
+
+OM_uint32 KRB5_CALLCONV gss_get_name_attribute
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    gss_buffer_t,	/* attr */
+    int *,		/* authenticated */
+    int *,		/* complete */
+    gss_buffer_t,	/* value */
+    gss_buffer_t,	/* display_value */
+    int *		/* more */
+);
+
+OM_uint32 KRB5_CALLCONV gss_set_name_attribute
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    int,		/* complete */
+    gss_buffer_t,	/* attr */
+    gss_buffer_t	/* value */
+);
+
+OM_uint32 KRB5_CALLCONV gss_delete_name_attribute
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    gss_buffer_t	/* attr */
+);
+
+OM_uint32 KRB5_CALLCONV gss_export_name_composite
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    gss_buffer_t	/* exp_composite_name */
+);
+
+typedef struct gss_any *gss_any_t;
+
+OM_uint32 KRB5_CALLCONV gss_map_name_to_any
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    int,		/* authenticated */
+    gss_buffer_t,	/* type_id */
+    gss_any_t *		/* output */
+);
+
+OM_uint32 KRB5_CALLCONV gss_release_any_name_mapping
+(
+    OM_uint32 *,	/* minor_status */
+    gss_name_t,		/* name */
+    gss_buffer_t,	/* type_id */
+    gss_any_t *		/* input */
+);
+
+/* draft-josefsson-gss-capsulate */
+OM_uint32 KRB5_CALLCONV gss_encapsulate_token
+(
+    gss_const_buffer_t, /* input_token */
+    gss_const_OID,      /* token_oid */
+    gss_buffer_t        /* output_token */
+);
+
+OM_uint32 KRB5_CALLCONV gss_decapsulate_token
+(
+    gss_const_buffer_t, /* input_token */
+    gss_const_OID,      /* token_oid */
+    gss_buffer_t        /* output_token */
+);
+
+int KRB5_CALLCONV gss_oid_equal
+(
+    gss_const_OID,      /* first_oid */
+    gss_const_OID       /* second_oid */
+);
+
+/* Credential store extensions */
+
+struct gss_key_value_element_struct {
+    const char *key;
+    const char *value;
+};
+typedef struct gss_key_value_element_struct gss_key_value_element_desc;
+
+struct gss_key_value_set_struct {
+    OM_uint32 count;
+    gss_key_value_element_desc *elements;
+};
+typedef struct gss_key_value_set_struct gss_key_value_set_desc;
+typedef const gss_key_value_set_desc *gss_const_key_value_set_t;
+
+#define GSS_C_NO_CRED_STORE ((gss_const_key_value_set_t) 0)
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_from(
+    OM_uint32 *,               /* minor_status */
+    gss_name_t,                /* desired_name */
+    OM_uint32,                 /* time_req */
+    gss_OID_set,               /* desired_mechs */
+    gss_cred_usage_t,          /* cred_usage */
+    gss_const_key_value_set_t, /* cred_store */
+    gss_cred_id_t *,           /* output_cred_handle */
+    gss_OID_set *,             /* actual_mechs */
+    OM_uint32 *);              /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_add_cred_from(
+    OM_uint32 *,               /* minor_status */
+    gss_cred_id_t,             /* input_cred_handle */
+    gss_name_t,                /* desired_name */
+    gss_OID,                   /* desired_mech */
+    gss_cred_usage_t,          /* cred_usage */
+    OM_uint32,                 /* initiator_time_req */
+    OM_uint32,                 /* acceptor_time_req */
+    gss_const_key_value_set_t, /* cred_store */
+    gss_cred_id_t *,           /* output_cred_handle */
+    gss_OID_set *,             /* actual_mechs */
+    OM_uint32 *,               /* initiator_time_rec */
+    OM_uint32 *);              /* acceptor_time_rec */
+
+OM_uint32 KRB5_CALLCONV
+gss_store_cred_into(
+    OM_uint32 *,               /* minor_status */
+    gss_cred_id_t,             /* input_cred_handle */
+    gss_cred_usage_t,          /* input_usage */
+    gss_OID,                   /* desired_mech */
+    OM_uint32,                 /* overwrite_cred */
+    OM_uint32,                 /* default_cred */
+    gss_const_key_value_set_t, /* cred_store */
+    gss_OID_set *,             /* elements_stored */
+    gss_cred_usage_t *);       /* cred_usage_stored */
+
+/*
+ * A mech can make itself negotiable via NegoEx (draft-zhu-negoex) by
+ * implementing the following three SPIs, and also implementing
+ * gss_inquire_sec_context_by_oid() and answering the GSS_C_INQ_NEGOEX_KEY and
+ * GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs.  The answer must be in two buffers: the
+ * first contains the key contents, and the second contains the key enctype as
+ * a four-byte little-endian integer.
+ *
+ * By default, NegoEx mechanisms will not be directly negotiated via SPNEGO.
+ * If direct SPNEGO negotiation is required for interoperability, implement
+ * gss_inquire_attrs_for_mech() and assert the GSS_C_MA_NEGOEX_AND_SPNEGO
+ * attribute (along with any applicable RFC 5587 attributes).
+ */
+
+#define GSS_C_CHANNEL_BOUND_FLAG 2048 /* 0x00000800 */
+
+OM_uint32 KRB5_CALLCONV
+gssspi_query_meta_data(
+    OM_uint32 *minor_status,
+    gss_const_OID mech_oid,
+    gss_cred_id_t cred_handle,
+    gss_ctx_id_t *context_handle,
+    const gss_name_t targ_name,
+    OM_uint32 req_flags,
+    gss_buffer_t meta_data);
+
+OM_uint32 KRB5_CALLCONV
+gssspi_exchange_meta_data(
+    OM_uint32 *minor_status,
+    gss_const_OID mech_oid,
+    gss_cred_id_t cred_handle,
+    gss_ctx_id_t *context_handle,
+    const gss_name_t targ_name,
+    OM_uint32 req_flags,
+    gss_const_buffer_t meta_data);
+
+OM_uint32 KRB5_CALLCONV
+gssspi_query_mechanism_info(
+    OM_uint32 *minor_status,
+    gss_const_OID mech_oid,
+    unsigned char auth_scheme[16]);
+
+GSS_DLLIMP extern gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO;
+
+#ifdef __cplusplus
+}
+#endif
+
+/*
+ * When used with gss_inquire_sec_context_by_oid(), return a buffer set with
+ * the first member containing an unsigned 32-bit integer in network byte
+ * order.  This is the Security Strength Factor (SSF) associated with the
+ * secure channel established by the security context.  NOTE: This value is
+ * made available solely as an indication for use by APIs like Cyrus SASL that
+ * classify the strength of a secure channel via this number.  The strength of
+ * a channel cannot necessarily be represented by a simple number.
+ */
+GSS_DLLIMP extern gss_OID GSS_C_SEC_CONTEXT_SASL_SSF;
+
+#endif /* GSSAPI_EXT_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapi_generic.c b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_generic.c
new file mode 100644
index 00000000..7fbecbed
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_generic.c
@@ -0,0 +1,488 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+
+/*
+ * See krb5/gssapi_krb5.c for a description of the algorithm for
+ * encoding an object identifier.
+ */
+
+/* Reserved static storage for GSS_oids.  Comments are quotes from RFC 2744. */
+
+#define oids ((gss_OID_desc *)const_oids)
+static const gss_OID_desc const_oids[] = {
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
+     * GSS_C_NT_USER_NAME should be initialized to point
+     * to that gss_OID_desc.
+     */
+
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
+     * The constant GSS_C_NT_MACHINE_UID_NAME should be
+     * initialized to point to that gss_OID_desc.
+     */
+
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
+     * The constant GSS_C_NT_STRING_UID_NAME should be
+     * initialized to point to that gss_OID_desc.
+     */
+
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) org(3) dod(6) internet(1) security(5)
+     * nametypes(6) gss-host-based-services(2)).  The constant
+     * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
+     * to that gss_OID_desc.  This is a deprecated OID value, and
+     * implementations wishing to support hostbased-service names
+     * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
+     * defined below, to identify such names;
+     * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
+     * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
+     * parameter, but should not be emitted by GSS-API
+     * implementations
+     */
+
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"},
+    /* corresponding to an object-identifier value of
+     * {iso(1) member-body(2) Unites States(840) mit(113554)
+     * infosys(1) gssapi(2) generic(1) service_name(4)}.
+     * The constant GSS_C_NT_HOSTBASED_SERVICE should be
+     * initialized to point to that gss_OID_desc.
+     */
+
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {6, (void *)"\x2b\x06\01\x05\x06\x03"},
+    /* corresponding to an object identifier value of
+     * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+     * 6(nametypes), 3(gss-anonymous-name)}.  The constant
+     * and GSS_C_NT_ANONYMOUS should be initialized to point
+     * to that gss_OID_desc.
+     */
+
+    /*
+     * The implementation must reserve static storage for a
+     * gss_OID_desc object containing the value */
+    {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
+    /* corresponding to an object-identifier value of
+     * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+     * 6(nametypes), 4(gss-api-exported-name)}.  The constant
+     * GSS_C_NT_EXPORT_NAME should be initialized to point
+     * to that gss_OID_desc.
+     */
+    {6, (void *)"\x2b\x06\x01\x05\x06\x06"},
+    /* corresponding to an object-identifier value of
+     * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
+     * 6(nametypes), 6(gss-composite-export)}.  The constant
+     * GSS_C_NT_COMPOSITE_EXPORT should be initialized to point
+     * to that gss_OID_desc.
+     */
+    /* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */
+    {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"},
+    /* GSS_C_INQ_NEGOEX_KEY 1.2.840.113554.1.2.2.5.16 */
+    {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x10"},
+    /* GSS_C_INQ_NEGOEX_VERIFY_KEY 1.2.840.113554.1.2.2.5.17 */
+    {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x11"},
+
+    /* RFC 5587 attributes, see below */
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x01"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x02"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x03"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x04"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x05"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x06"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x07"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x08"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x09"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0a"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0b"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0c"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0d"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0e"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0f"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x10"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x11"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x12"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x13"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x14"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x15"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x16"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x17"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x18"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x19"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1a"},
+    {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1b"},
+    /* GSS_C_MA_NEGOEX_AND_SPNEGO 1.2.840.113554.1.2.2.5.18 */
+    {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x12"},
+
+    /*
+     * GSS_SEC_CONTEXT_SASL_SSF_OID 1.2.840.113554.1.2.2.5.15
+     * iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) gssapi(2) krb5(2) krb5-gssapi-ext(5) sasl-ssf(15)
+     */
+    {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0f"},
+
+    /*
+     * GSS_C_INQ_ODBC_SESSION_KEY 1.2.840.113554.1.2.2.5.19
+     * iso(1) member-body(2) United States(840) mit(113554)
+     * infosys(1) ssapi(2) krb5(2) krb5-gssapi-ext(5)
+     * inq-odbc-session-key(19)
+     */
+    {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05\13"},
+};
+
+/* Here are the constants which point to the static structure above.
+ *
+ * Constants of the form GSS_C_NT_* are specified by rfc 2744.
+ *
+ * Constants of the form gss_nt_* are the original MIT krb5 names
+ * found in gssapi_generic.h.  They are provided for compatibility. */
+
+GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME           = oids+0;
+GSS_DLLIMP gss_OID gss_nt_user_name             = oids+0;
+
+GSS_DLLIMP gss_OID GSS_C_NT_MACHINE_UID_NAME    = oids+1;
+GSS_DLLIMP gss_OID gss_nt_machine_uid_name      = oids+1;
+
+GSS_DLLIMP gss_OID GSS_C_NT_STRING_UID_NAME     = oids+2;
+GSS_DLLIMP gss_OID gss_nt_string_uid_name       = oids+2;
+
+GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3;
+gss_OID gss_nt_service_name_v2                  = oids+3;
+
+GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE   = oids+4;
+GSS_DLLIMP gss_OID gss_nt_service_name          = oids+4;
+
+GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS           = oids+5;
+
+GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME         = oids+6;
+gss_OID gss_nt_exported_name                    = oids+6;
+
+GSS_DLLIMP gss_OID GSS_C_NT_COMPOSITE_EXPORT    = oids+7;
+GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY   = oids+8;
+GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_KEY         = oids+9;
+GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY  = oids+10;
+
+GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE     = oids+11;
+GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO       = oids+12;
+GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE    = oids+13;
+GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO         = oids+14;
+GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE         = oids+15;
+GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH          = oids+16;
+GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED        = oids+17;
+GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH     = oids+18;
+GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED       = oids+19;
+GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT         = oids+20;
+GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG         = oids+21;
+GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT    = oids+22;
+GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT    = oids+23;
+GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON    = oids+24;
+GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON    = oids+25;
+GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED        = oids+26;
+GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT        = oids+27;
+GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT         = oids+28;
+GSS_DLLIMP gss_const_OID GSS_C_MA_MIC               = oids+29;
+GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP              = oids+30;
+GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY        = oids+31;
+GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET        = oids+32;
+GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET           = oids+33;
+GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS         = oids+34;
+GSS_DLLIMP gss_const_OID GSS_C_MA_PFS               = oids+35;
+GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS          = oids+36;
+GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS         = oids+37;
+GSS_DLLIMP gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO = oids+38;
+
+GSS_DLLIMP gss_OID GSS_C_SEC_CONTEXT_SASL_SSF = oids+39;
+
+GSS_DLLIMP gss_OID GSS_C_INQ_ODBC_SESSION_KEY = oids+40;
+
+static gss_OID_set_desc gss_ma_known_attrs_desc = { 28, oids+11 };
+
+gss_OID_set gss_ma_known_attrs = &gss_ma_known_attrs_desc;
+
+static struct mech_attr_info_desc {
+    gss_OID mech_attr;
+    const char *name;
+    const char *short_desc;
+    const char *long_desc;
+} mech_attr_info[] = {
+    {
+        oids+11,
+        "GSS_C_MA_MECH_CONCRETE",
+        "concrete-mech",
+        "Mechanism is neither a pseudo-mechanism nor a composite mechanism.",
+    },
+    {
+        oids+12,
+        "GSS_C_MA_MECH_PSEUDO",
+        "pseudo-mech",
+        "Mechanism is a pseudo-mechanism.",
+    },
+    {
+        oids+13,
+        "GSS_C_MA_MECH_COMPOSITE",
+        "composite-mech",
+        "Mechanism is a composite of other mechanisms.",
+    },
+    {
+        oids+14,
+        "GSS_C_MA_MECH_NEGO",
+        "mech-negotiation-mech",
+        "Mechanism negotiates other mechanisms.",
+    },
+    {
+        oids+15,
+        "GSS_C_MA_MECH_GLUE",
+        "mech-glue",
+        "OID is not a mechanism but the GSS-API itself.",
+    },
+    {
+        oids+16,
+        "GSS_C_MA_NOT_MECH",
+        "not-mech",
+        "Known OID but not a mechanism OID.",
+    },
+    {
+        oids+17,
+        "GSS_C_MA_DEPRECATED",
+        "mech-deprecated",
+        "Mechanism is deprecated.",
+    },
+    {
+        oids+18,
+        "GSS_C_MA_NOT_DFLT_MECH",
+        "mech-not-default",
+        "Mechanism must not be used as a default mechanism.",
+    },
+    {
+        oids+19,
+        "GSS_C_MA_ITOK_FRAMED",
+        "initial-is-framed",
+        "Mechanism's initial contexts are properly framed.",
+    },
+    {
+        oids+20,
+        "GSS_C_MA_AUTH_INIT",
+        "auth-init-princ",
+        "Mechanism supports authentication of initiator to acceptor.",
+    },
+    {
+        oids+21,
+        "GSS_C_MA_AUTH_TARG",
+        "auth-targ-princ",
+        "Mechanism supports authentication of acceptor to initiator.",
+    },
+    {
+        oids+22,
+        "GSS_C_MA_AUTH_INIT_INIT",
+        "auth-init-princ-initial",
+        "Mechanism supports authentication of initiator using "
+        "initial credentials.",
+    },
+    {
+        oids+23,
+        "GSS_C_MA_AUTH_TARG_INIT",
+        "auth-target-princ-initial",
+        "Mechanism supports authentication of acceptor using "
+        "initial credentials.",
+    },
+    {
+        oids+24,
+        "GSS_C_MA_AUTH_INIT_ANON",
+        "auth-init-princ-anon",
+        "Mechanism supports GSS_C_NT_ANONYMOUS as an initiator name.",
+    },
+    {
+        oids+25,
+        "GSS_C_MA_AUTH_TARG_ANON",
+        "auth-targ-princ-anon",
+        "Mechanism supports GSS_C_NT_ANONYMOUS as an acceptor name.",
+    },
+    {
+        oids+26,
+        "GSS_C_MA_DELEG_CRED",
+        "deleg-cred",
+        "Mechanism supports credential delegation.",
+    },
+    {
+        oids+27,
+        "GSS_C_MA_INTEG_PROT",
+        "integ-prot",
+        "Mechanism supports per-message integrity protection.",
+    },
+    {
+        oids+28,
+        "GSS_C_MA_CONF_PROT",
+        "conf-prot",
+        "Mechanism supports per-message confidentiality protection.",
+    },
+    {
+        oids+29,
+        "GSS_C_MA_MIC",
+        "mic",
+        "Mechanism supports Message Integrity Code (MIC) tokens.",
+    },
+    {
+        oids+30,
+        "GSS_C_MA_WRAP",
+        "wrap",
+        "Mechanism supports wrap tokens.",
+    },
+    {
+        oids+31,
+        "GSS_C_MA_PROT_READY",
+        "prot-ready",
+        "Mechanism supports per-message proteciton prior to "
+        "full context establishment.",
+    },
+    {
+        oids+32,
+        "GSS_C_MA_REPLAY_DET",
+        "replay-detection",
+        "Mechanism supports replay detection.",
+    },
+    {
+        oids+33,
+        "GSS_C_MA_OOS_DET",
+        "oos-detection",
+        "Mechanism supports out-of-sequence detection.",
+    },
+    {
+        oids+34,
+        "GSS_C_MA_CBINDINGS",
+        "channel-bindings",
+        "Mechanism supports channel bindings.",
+    },
+    {
+        oids+35,
+        "GSS_C_MA_PFS",
+        "pfs",
+        "Mechanism supports Perfect Forward Security.",
+    },
+    {
+        oids+36,
+        "GSS_C_MA_COMPRESS",
+        "compress",
+        "Mechanism supports compression of data inputs to gss_wrap().",
+    },
+    {
+        oids+37,
+        "GSS_C_MA_CTX_TRANS",
+        "context-transfer",
+        "Mechanism supports security context export/import.",
+    },
+    {
+        oids+38,
+        "GSS_C_MA_NEGOEX_AND_SPNEGO",
+        "negoex-only",
+        "NegoEx mechanism should also be negotiable through SPNEGO.",
+    },
+};
+
+OM_uint32
+generic_gss_display_mech_attr(
+    OM_uint32         *minor_status,
+    gss_const_OID      mech_attr,
+    gss_buffer_t       name,
+    gss_buffer_t       short_desc,
+    gss_buffer_t       long_desc)
+{
+    size_t i;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+    if (name != GSS_C_NO_BUFFER) {
+        name->length = 0;
+        name->value = NULL;
+    }
+    if (short_desc != GSS_C_NO_BUFFER) {
+        short_desc->length = 0;
+        short_desc->value = NULL;
+    }
+    if (long_desc != GSS_C_NO_BUFFER) {
+        long_desc->length = 0;
+        long_desc->value = NULL;
+    }
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    for (i = 0; i < sizeof(mech_attr_info)/sizeof(mech_attr_info[0]); i++) {
+        struct mech_attr_info_desc *mai = &mech_attr_info[i];
+
+        if (g_OID_equal(mech_attr, mai->mech_attr)) {
+            if (name != GSS_C_NO_BUFFER &&
+                !g_make_string_buffer(mai->name, name)) {
+                *minor_status = ENOMEM;
+                return GSS_S_FAILURE;
+            }
+            if (short_desc != GSS_C_NO_BUFFER &&
+                !g_make_string_buffer(mai->short_desc, short_desc)) {
+                *minor_status = ENOMEM;
+                return GSS_S_FAILURE;
+            }
+            if (long_desc != GSS_C_NO_BUFFER &&
+                !g_make_string_buffer(mai->long_desc, long_desc)) {
+                *minor_status = ENOMEM;
+                return GSS_S_FAILURE;
+            }
+            return GSS_S_COMPLETE;
+        }
+    }
+
+    return GSS_S_BAD_MECH_ATTR;
+}
+
+static gss_buffer_desc const_attrs[] = {
+    { sizeof("local-login-user") - 1,
+      "local-login-user" },
+};
+
+GSS_DLLIMP gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER = &const_attrs[0];
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/gssapi_generic.h b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_generic.h
new file mode 100644
index 00000000..e11f938c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/gssapi_generic.h
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPI_GENERIC_H_
+#define _GSSAPI_GENERIC_H_
+
+/*
+ * $Id$
+ */
+
+#include <gssapi/gssapi.h>
+
+#if defined(__cplusplus) && !defined(GSSAPIGENERIC_BEGIN_DECLS)
+#define GSSAPIGENERIC_BEGIN_DECLS       extern "C" {
+#define GSSAPIGENERIC_END_DECLS }
+#else
+#define GSSAPIGENERIC_BEGIN_DECLS
+#define GSSAPIGENERIC_END_DECLS
+#endif
+
+#define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||                       \
+                                 (buf)->value == NULL || (buf)->length == 0)
+
+GSSAPIGENERIC_BEGIN_DECLS
+
+/* Deprecated MIT krb5 oid names provided for compatibility.
+ * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744
+ * are defined in gssapi.h. */
+
+GSS_DLLIMP extern gss_OID gss_nt_user_name;
+GSS_DLLIMP extern gss_OID gss_nt_machine_uid_name;
+GSS_DLLIMP extern gss_OID gss_nt_string_uid_name;
+extern gss_OID gss_nt_service_name_v2;
+GSS_DLLIMP extern gss_OID gss_nt_service_name;
+extern gss_OID gss_nt_exported_name;
+
+GSSAPIGENERIC_END_DECLS
+
+#endif /* _GSSAPI_GENERIC_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/maptest.c b/krb5-1.21.3/src/lib/gssapi/generic/maptest.c
new file mode 100644
index 00000000..566d88c3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/maptest.c
@@ -0,0 +1,68 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <stdio.h>
+#include <stdarg.h>
+#include <assert.h>
+
+typedef struct { int a, b; } elt;
+static int eltcp(elt *dest, elt src)
+{
+    *dest = src;
+    return 0;
+}
+static int eltcmp(elt left, elt right)
+{
+    if (left.a < right.a)
+        return -1;
+    if (left.a > right.a)
+        return 1;
+    if (left.b < right.b)
+        return -1;
+    if (left.b > right.b)
+        return 1;
+    return 0;
+}
+static void eltprt(elt v, FILE *f)
+{
+    fprintf(f, "{%d,%d}", v.a, v.b);
+}
+static int intcmp(int left, int right)
+{
+    if (left < right)
+        return -1;
+    if (left > right)
+        return 1;
+    return 0;
+}
+static void intprt(int v, FILE *f)
+{
+    fprintf(f, "%d", v);
+}
+
+#include "maptest.h"
+
+foo foo1;
+
+int main ()
+{
+    elt v1 = { 1, 2 }, v2 = { 3, 4 };
+    const elt *vp;
+    const int *ip;
+
+    assert(0 == foo_init(&foo1));
+    vp = foo_findleft(&foo1, 47);
+    assert(vp == NULL);
+    assert(0 == foo_add(&foo1, 47, v1));
+    vp = foo_findleft(&foo1, 47);
+    assert(vp != NULL);
+    assert(0 == eltcmp(*vp, v1));
+    vp = foo_findleft(&foo1, 3);
+    assert(vp == NULL);
+    assert(0 == foo_add(&foo1, 93, v2));
+    ip = foo_findright(&foo1, v1);
+    assert(ip != NULL);
+    assert(*ip == 47);
+    printf("Map content: ");
+    foo_printmap(&foo1, stdout);
+    printf("\n");
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c b/krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c
new file mode 100644
index 00000000..253d6469
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c
@@ -0,0 +1,553 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/generic/oid_ops.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* GSS-API V2 interfaces to manipulate OIDs */
+
+#include "gssapiP_generic.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <gssapi/gssapi_generic.h>
+#include <errno.h>
+#include <ctype.h>
+
+/*
+ * The functions for allocating and releasing individual OIDs use malloc and
+ * free instead of the gssalloc wrappers, because the mechglue currently mixes
+ * generic_gss_copy_oid() with hand-freeing of OIDs.  We do not need to free
+ * free OIDs allocated by mechanisms, so this should not be a problem.
+ */
+
+OM_uint32
+generic_gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
+{
+    if (minor_status)
+        *minor_status = 0;
+
+    if (oid == NULL || *oid == GSS_C_NO_OID)
+        return(GSS_S_COMPLETE);
+
+    /*
+     * The V2 API says the following!
+     *
+     * gss_release_oid[()] will recognize any of the GSSAPI's own OID values,
+     * and will silently ignore attempts to free these OIDs; for other OIDs
+     * it will call the C free() routine for both the OID data and the
+     * descriptor.  This allows applications to freely mix their own heap-
+     * allocated OID values with OIDs returned by GSS-API.
+     */
+
+    /*
+     * We use the official OID definitions instead of the unofficial OID
+     * definitions. But we continue to support the unofficial OID
+     * gss_nt_service_name just in case if some gss applications use
+     * the old OID.
+     */
+
+    if ((*oid != GSS_C_NT_USER_NAME) &&
+        (*oid != GSS_C_NT_MACHINE_UID_NAME) &&
+        (*oid != GSS_C_NT_STRING_UID_NAME) &&
+        (*oid != GSS_C_NT_HOSTBASED_SERVICE) &&
+        (*oid != GSS_C_NT_ANONYMOUS) &&
+        (*oid != GSS_C_NT_EXPORT_NAME) &&
+        (*oid != GSS_C_NT_COMPOSITE_EXPORT) &&
+        (*oid != gss_nt_service_name)) {
+        free((*oid)->elements);
+        free(*oid);
+    }
+    *oid = GSS_C_NO_OID;
+    return(GSS_S_COMPLETE);
+}
+
+OM_uint32
+generic_gss_copy_oid(OM_uint32 *minor_status,
+                     const gss_OID_desc * const oid,
+                     gss_OID *new_oid)
+{
+    gss_OID         p;
+
+    *minor_status = 0;
+
+    p = (gss_OID) malloc(sizeof(gss_OID_desc));
+    if (!p) {
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    p->length = oid->length;
+    p->elements = malloc(p->length);
+    if (!p->elements) {
+        free(p);
+        return GSS_S_FAILURE;
+    }
+    memcpy(p->elements, oid->elements, p->length);
+    *new_oid = p;
+    return(GSS_S_COMPLETE);
+}
+
+
+OM_uint32
+generic_gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set)
+{
+    *minor_status = 0;
+
+    if (oid_set == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if ((*oid_set = (gss_OID_set) gssalloc_malloc(sizeof(gss_OID_set_desc)))) {
+        memset(*oid_set, 0, sizeof(gss_OID_set_desc));
+        return(GSS_S_COMPLETE);
+    }
+    else {
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+}
+
+OM_uint32
+generic_gss_add_oid_set_member(OM_uint32 *minor_status,
+                               const gss_OID_desc * const member_oid,
+                               gss_OID_set *oid_set)
+{
+    gss_OID     elist;
+    gss_OID     lastel;
+
+    *minor_status = 0;
+
+    if (member_oid == NULL || member_oid->length == 0 ||
+        member_oid->elements == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (oid_set == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    elist = (*oid_set)->elements;
+    /* Get an enlarged copy of the array */
+    if (((*oid_set)->elements = (gss_OID) gssalloc_malloc(((*oid_set)->count+1) *
+                                                          sizeof(gss_OID_desc)))) {
+        /* Copy in the old junk */
+        if (elist)
+            memcpy((*oid_set)->elements,
+                   elist,
+                   ((*oid_set)->count * sizeof(gss_OID_desc)));
+
+        /* Duplicate the input element */
+        lastel = &(*oid_set)->elements[(*oid_set)->count];
+        if ((lastel->elements =
+             (void *) gssalloc_malloc((size_t) member_oid->length))) {
+            /* Success - copy elements */
+            memcpy(lastel->elements, member_oid->elements,
+                   (size_t) member_oid->length);
+            /* Set length */
+            lastel->length = member_oid->length;
+
+            /* Update count */
+            (*oid_set)->count++;
+            if (elist)
+                gssalloc_free(elist);
+            *minor_status = 0;
+            return(GSS_S_COMPLETE);
+        }
+        else
+            gssalloc_free((*oid_set)->elements);
+    }
+    /* Failure - restore old contents of list */
+    (*oid_set)->elements = elist;
+    *minor_status = ENOMEM;
+    return(GSS_S_FAILURE);
+}
+
+OM_uint32
+generic_gss_test_oid_set_member(OM_uint32 *minor_status,
+                                const gss_OID_desc * const member,
+                                gss_OID_set set,
+                                int * present)
+{
+    OM_uint32   i;
+    int         result;
+
+    *minor_status = 0;
+
+    if (member == NULL || set == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (present == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    result = 0;
+    for (i=0; i<set->count; i++) {
+        if ((set->elements[i].length == member->length) &&
+            !memcmp(set->elements[i].elements,
+                    member->elements,
+                    (size_t) member->length)) {
+            result = 1;
+            break;
+        }
+    }
+    *present = result;
+    return(GSS_S_COMPLETE);
+}
+
+OM_uint32
+generic_gss_oid_to_str(OM_uint32 *minor_status,
+                       const gss_OID_desc * const oid,
+                       gss_buffer_t oid_str)
+{
+    unsigned long       number, n;
+    OM_uint32           i;
+    int                 first;
+    unsigned char       *cp;
+    struct k5buf        buf;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (oid_str != GSS_C_NO_BUFFER) {
+        oid_str->length = 0;
+        oid_str->value = NULL;
+    }
+
+    if (oid == NULL || oid->length == 0 || oid->elements == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (oid_str == GSS_C_NO_BUFFER)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /* Decoded according to krb5/gssapi_krb5.c */
+
+    cp = (unsigned char *) oid->elements;
+    number = (unsigned long) cp[0];
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add(&buf, "{ ");
+    number = 0;
+    cp = (unsigned char *) oid->elements;
+    first = 1;
+    for (i = 0; i < oid->length; i++) {
+        number = (number << 7) | (cp[i] & 0x7f);
+        if ((cp[i] & 0x80) == 0) {
+            if (first) {
+                n = (number < 40) ? 0 : (number < 80) ? 1 : 2;
+                k5_buf_add_fmt(&buf, "%lu %lu ", n, number - (n * 40));
+                first = 0;
+            } else {
+                k5_buf_add_fmt(&buf, "%lu ", number);
+            }
+            number = 0;
+        }
+    }
+    k5_buf_add_len(&buf, "}\0", 2);
+    return k5buf_to_gss(minor_status, &buf, oid_str);
+}
+
+/* Return the length of a DER OID subidentifier encoding. */
+static size_t
+arc_encoded_length(unsigned long arc)
+{
+    size_t len = 1;
+
+    for (arc >>= 7; arc; arc >>= 7)
+        len++;
+    return len;
+}
+
+/* Encode a subidentifier into *bufp and advance it to the encoding's end. */
+static void
+arc_encode(unsigned long arc, unsigned char **bufp)
+{
+    unsigned char *p;
+
+    /* Advance to the end and encode backwards. */
+    p = *bufp = *bufp + arc_encoded_length(arc);
+    *--p = arc & 0x7f;
+    for (arc >>= 7; arc; arc >>= 7)
+        *--p = (arc & 0x7f) | 0x80;
+}
+
+/* Fetch an arc value from *bufp and advance past it and any following spaces
+ * or periods.  Return 1 on success, 0 if *bufp is not at a valid arc value. */
+static int
+get_arc(const unsigned char **bufp, const unsigned char *end,
+        unsigned long *arc_out)
+{
+    const unsigned char *p = *bufp;
+    unsigned long arc = 0, newval;
+
+    if (p == end || !isdigit(*p))
+        return 0;
+    for (; p < end && isdigit(*p); p++) {
+        newval = arc * 10 + (*p - '0');
+        if (newval < arc)
+            return 0;
+        arc = newval;
+    }
+    while (p < end && (isspace(*p) || *p == '.'))
+        p++;
+    *bufp = p;
+    *arc_out = arc;
+    return 1;
+}
+
+/*
+ * Convert a sequence of two or more decimal arc values into a DER-encoded OID.
+ * The values may be separated by any combination of whitespace and period
+ * characters, and may be optionally surrounded with braces.  Leading
+ * whitespace and trailing garbage is allowed.  The first arc value must be 0,
+ * 1, or 2, and the second value must be less than 40 if the first value is not
+ * 2.
+ */
+OM_uint32
+generic_gss_str_to_oid(OM_uint32 *minor_status,
+                       gss_buffer_t oid_str,
+                       gss_OID *oid_out)
+{
+    const unsigned char *p, *end, *arc3_start;
+    unsigned char *out;
+    unsigned long arc, arc1, arc2;
+    size_t nbytes;
+    int brace = 0;
+    gss_OID oid;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (oid_out != NULL)
+        *oid_out = GSS_C_NO_OID;
+
+    if (GSS_EMPTY_BUFFER(oid_str))
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (oid_out == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /* Skip past initial spaces and, optionally, an open brace. */
+    brace = 0;
+    p = oid_str->value;
+    end = p + oid_str->length;
+    while (p < end && isspace(*p))
+        p++;
+    if (p < end && *p == '{') {
+        brace = 1;
+        p++;
+    }
+    while (p < end && isspace(*p))
+        p++;
+
+    /* Get the first two arc values, to be encoded as one subidentifier. */
+    if (!get_arc(&p, end, &arc1) || !get_arc(&p, end, &arc2))
+        return (GSS_S_FAILURE);
+    if (arc1 > 2 || (arc1 < 2 && arc2 > 39) || arc2 > ULONG_MAX - 80)
+        return (GSS_S_FAILURE);
+    arc3_start = p;
+
+    /* Compute the total length of the encoding while checking syntax. */
+    nbytes = arc_encoded_length(arc1 * 40 + arc2);
+    while (get_arc(&p, end, &arc))
+        nbytes += arc_encoded_length(arc);
+    if (brace && (p == end || *p != '}'))
+        return (GSS_S_FAILURE);
+
+    /* Allocate an oid structure. */
+    oid = malloc(sizeof(*oid));
+    if (oid == NULL)
+        return (GSS_S_FAILURE);
+    oid->elements = malloc(nbytes);
+    if (oid->elements == NULL) {
+        free(oid);
+        return (GSS_S_FAILURE);
+    }
+    oid->length = nbytes;
+
+    out = oid->elements;
+    arc_encode(arc1 * 40 + arc2, &out);
+    p = arc3_start;
+    while (get_arc(&p, end, &arc))
+        arc_encode(arc, &out);
+    assert(out - nbytes == oid->elements);
+    *oid_out = oid;
+    return(GSS_S_COMPLETE);
+}
+
+/* Compose an OID of a prefix and an integer suffix */
+OM_uint32
+generic_gss_oid_compose(OM_uint32 *minor_status,
+                        const char *prefix,
+                        size_t prefix_len,
+                        int suffix,
+                        gss_OID_desc *oid)
+{
+    int osuffix, i;
+    size_t nbytes;
+    unsigned char *op;
+
+    if (oid == GSS_C_NO_OID) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+    if (oid->length < prefix_len) {
+        *minor_status = ERANGE;
+        return GSS_S_FAILURE;
+    }
+
+    memcpy(oid->elements, prefix, prefix_len);
+
+    nbytes = 0;
+    osuffix = suffix;
+    while (suffix) {
+        nbytes++;
+        suffix >>= 7;
+    }
+    suffix = osuffix;
+
+    if (oid->length < prefix_len + nbytes) {
+        *minor_status = ERANGE;
+        return GSS_S_FAILURE;
+    }
+
+    op = (unsigned char *) oid->elements + prefix_len + nbytes;
+    i = -1;
+    while (suffix) {
+        op[i] = (unsigned char)suffix & 0x7f;
+        if (i != -1)
+            op[i] |= 0x80;
+        i--;
+        suffix >>= 7;
+    }
+
+    oid->length = prefix_len + nbytes;
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+generic_gss_oid_decompose(OM_uint32 *minor_status,
+                          const char *prefix,
+                          size_t prefix_len,
+                          gss_OID_desc *oid,
+                          int *suffix)
+{
+    size_t i, slen;
+    unsigned char *op;
+
+    if (oid->length < prefix_len ||
+        memcmp(oid->elements, prefix, prefix_len) != 0) {
+        return GSS_S_BAD_MECH;
+    }
+
+    op = (unsigned char *) oid->elements + prefix_len;
+
+    *suffix = 0;
+
+    slen = oid->length - prefix_len;
+
+    for (i = 0; i < slen; i++) {
+        *suffix = (*suffix << 7) | (op[i] & 0x7f);
+        if (i + 1 != slen && (op[i] & 0x80) == 0) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+generic_gss_copy_oid_set(OM_uint32 *minor_status,
+                         const gss_OID_set_desc * const oidset,
+                         gss_OID_set *new_oidset)
+{
+    gss_OID_set_desc *copy;
+    OM_uint32 minor = 0;
+    OM_uint32 major = GSS_S_COMPLETE;
+    OM_uint32 i;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (new_oidset != NULL)
+        *new_oidset = GSS_C_NO_OID_SET;
+
+    if (oidset == GSS_C_NO_OID_SET)
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (new_oidset == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if ((copy = (gss_OID_set_desc *) gssalloc_calloc(1, sizeof (*copy))) == NULL) {
+        major = GSS_S_FAILURE;
+        goto done;
+    }
+
+    if ((copy->elements = (gss_OID_desc *)
+         gssalloc_calloc(oidset->count, sizeof (*copy->elements))) == NULL) {
+        major = GSS_S_FAILURE;
+        goto done;
+    }
+    copy->count = oidset->count;
+
+    for (i = 0; i < copy->count; i++) {
+        gss_OID_desc *out = &copy->elements[i];
+        gss_OID_desc *in = &oidset->elements[i];
+
+        if ((out->elements = (void *) gssalloc_malloc(in->length)) == NULL) {
+            major = GSS_S_FAILURE;
+            goto done;
+        }
+        (void) memcpy(out->elements, in->elements, in->length);
+        out->length = in->length;
+    }
+
+    *new_oidset = copy;
+done:
+    if (major != GSS_S_COMPLETE) {
+        (void) generic_gss_release_oid_set(&minor, &copy);
+    }
+
+    return (major);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/rel_buffer.c b/krb5-1.21.3/src/lib/gssapi/generic/rel_buffer.c
new file mode 100644
index 00000000..44dc9815
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/rel_buffer.c
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* #ident  "@(#)g_rel_buffer.c 1.2     96/02/06 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_release_buffer
+ */
+
+#include "gssapiP_generic.h"
+
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+OM_uint32
+generic_gss_release_buffer(
+    OM_uint32 *minor_status,
+    gss_buffer_t buffer)
+{
+    if (minor_status)
+        *minor_status = 0;
+
+    /* if buffer is NULL, return */
+
+    if (buffer == GSS_C_NO_BUFFER)
+        return(GSS_S_COMPLETE);
+
+    if (buffer->value) {
+        gssalloc_free(buffer->value);
+        buffer->length = 0;
+        buffer->value = NULL;
+    }
+
+    return (GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/rel_oid_set.c b/krb5-1.21.3/src/lib/gssapi/generic/rel_oid_set.c
new file mode 100644
index 00000000..954542e4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/rel_oid_set.c
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* #ident  "@(#)gss_release_oid_set.c 1.12     95/08/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_release_oid_set
+ */
+
+#include "gssapiP_generic.h"
+
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+OM_uint32
+generic_gss_release_oid_set(
+    OM_uint32 *minor_status,
+    gss_OID_set *set)
+{
+    size_t i;
+    if (minor_status)
+        *minor_status = 0;
+
+    if (set == NULL)
+        return(GSS_S_COMPLETE);
+
+    if (*set == GSS_C_NULL_OID_SET)
+        return(GSS_S_COMPLETE);
+
+    for (i=0; i<(*set)->count; i++)
+        gssalloc_free((*set)->elements[i].elements);
+
+    gssalloc_free((*set)->elements);
+    gssalloc_free(*set);
+
+    *set = GSS_C_NULL_OID_SET;
+
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/t_seqstate.c b/krb5-1.21.3/src/lib/gssapi/generic/t_seqstate.c
new file mode 100644
index 00000000..8f44fcf3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/t_seqstate.c
@@ -0,0 +1,197 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/generic/t_seqstate.c - Test program for sequence number state */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gssapiP_generic.h"
+
+enum resultcode {
+    NOERR = GSS_S_COMPLETE,
+    GAP = GSS_S_GAP_TOKEN,
+    UNSEQ = GSS_S_UNSEQ_TOKEN,
+    OLD = GSS_S_OLD_TOKEN,
+    REPLAY = GSS_S_DUPLICATE_TOKEN
+};
+
+enum replayflag { NO_REPLAY = 0, DO_REPLAY = 1 };
+enum sequenceflag { NO_SEQUENCE = 0, DO_SEQUENCE = 1 };
+enum width { NARROW = 0, WIDE = 1, BOTH = 2 };
+
+struct test {
+    uint64_t initial;
+    enum replayflag do_replay;
+    enum sequenceflag do_sequence;
+    enum width wide_seqnums;
+    size_t nseqs;
+    struct {
+        uint64_t seqnum;
+        enum resultcode result;
+    } seqs[10];
+} tests[] = {
+    /* No replay or sequence checking. */
+    {
+        10, NO_REPLAY, NO_SEQUENCE, BOTH,
+        4, { { 11, NOERR }, { 10, NOERR }, { 10, NOERR }, { 9, NOERR } }
+    },
+
+    /* Basic sequence checking, no wraparound. */
+    {
+        100, NO_REPLAY, DO_SEQUENCE, BOTH,
+        4, { { 100, NOERR }, { 102, GAP }, { 103, NOERR }, { 101, UNSEQ } }
+    },
+
+    /* Initial gap sequence checking, no wraparound. */
+    {
+        200, NO_REPLAY, DO_SEQUENCE, BOTH,
+        4, { { 201, GAP }, { 202, NOERR }, { 200, UNSEQ }, { 203, NOERR } }
+    },
+
+    /* Sequence checking with wraparound. */
+    {
+        UINT32_MAX - 1, NO_REPLAY, DO_SEQUENCE, NARROW,
+        4, { { UINT32_MAX - 1, NOERR }, { UINT32_MAX, NOERR }, { 0, NOERR },
+             { 1, NOERR } }
+    },
+    {
+        UINT32_MAX - 1, NO_REPLAY, DO_SEQUENCE, NARROW,
+        4, { { UINT32_MAX - 1, NOERR }, { 0, GAP }, { UINT32_MAX, UNSEQ },
+             { 1, NOERR } }
+    },
+    {
+        UINT64_MAX - 1, NO_REPLAY, DO_SEQUENCE, WIDE,
+        4, { { UINT64_MAX - 1, NOERR }, { UINT64_MAX, NOERR }, { 0, NOERR },
+             { 1, NOERR } }
+    },
+    {
+        UINT64_MAX - 1, NO_REPLAY, DO_SEQUENCE, WIDE,
+        4, { { UINT64_MAX - 1, NOERR }, { 0, GAP }, { UINT64_MAX, UNSEQ },
+             { 1, NOERR } }
+    },
+
+    /* 64-bit sequence checking beyond 32-bit range */
+    {
+        UINT32_MAX - 1, NO_REPLAY, DO_SEQUENCE, WIDE,
+        4, { { UINT32_MAX - 1, NOERR },
+             { UINT32_MAX, NOERR },
+             { (uint64_t)UINT32_MAX + 1, NOERR },
+             { (uint64_t)UINT32_MAX + 2, NOERR } }
+    },
+    {
+        UINT32_MAX - 1, NO_REPLAY, DO_SEQUENCE, WIDE,
+        4, { { UINT32_MAX - 1, NOERR },
+             { (uint64_t)UINT32_MAX + 1, GAP },
+             { UINT32_MAX, UNSEQ },
+             { (uint64_t)UINT32_MAX + 2, NOERR } }
+    },
+    {
+        UINT32_MAX - 1, NO_REPLAY, DO_SEQUENCE, WIDE,
+        3, { { UINT32_MAX - 1, NOERR }, { UINT32_MAX, NOERR }, { 0, GAP } }
+    },
+
+    /* Replay without the replay flag set. */
+    {
+        250, NO_REPLAY, DO_SEQUENCE, BOTH,
+        2, { { 250, NOERR }, { 250, UNSEQ } }
+    },
+
+    /* Basic replay detection with and without sequence checking. */
+    {
+        0, DO_REPLAY, DO_SEQUENCE, BOTH,
+        10, { { 5, GAP }, { 3, UNSEQ }, { 8, GAP }, { 3, REPLAY },
+              { 0, UNSEQ }, { 0, REPLAY }, { 5, REPLAY }, { 3, REPLAY },
+              { 8, REPLAY }, { 9, NOERR } }
+    },
+    {
+        0, DO_REPLAY, NO_SEQUENCE, BOTH,
+        10, { { 5, NOERR }, { 3, NOERR }, { 8, NOERR }, { 3, REPLAY },
+              { 0, NOERR }, { 0, REPLAY }, { 5, REPLAY }, { 3, REPLAY },
+              { 8, REPLAY }, { 9, NOERR } }
+    },
+
+    /* Replay and sequence detection with wraparound.  The last seqnum produces
+     * GAP because it is before the initial sequence number. */
+    {
+        UINT64_MAX - 5, DO_REPLAY, DO_SEQUENCE, WIDE,
+        10, { { UINT64_MAX, GAP }, { UINT64_MAX - 2, UNSEQ }, { 0, NOERR },
+              { UINT64_MAX, REPLAY }, { UINT64_MAX, REPLAY },
+              { 2, GAP }, { 0, REPLAY }, { 1, UNSEQ },
+              { UINT64_MAX - 2, REPLAY }, { UINT64_MAX - 6, GAP } }
+    },
+    {
+        UINT32_MAX - 5, DO_REPLAY, DO_SEQUENCE, NARROW,
+        10, { { UINT32_MAX, GAP }, { UINT32_MAX - 2, UNSEQ }, { 0, NOERR },
+              { UINT32_MAX, REPLAY }, { UINT32_MAX, REPLAY },
+              { 2, GAP }, { 0, REPLAY }, { 1, UNSEQ },
+              { UINT32_MAX - 2, REPLAY }, { UINT32_MAX - 6, GAP } }
+    },
+
+    /* Old token edge cases.  The current code can detect replays up to 64
+     * numbers behind the expected sequence number (1164 in this case). */
+    {
+        1000, DO_REPLAY, NO_SEQUENCE, BOTH,
+        10, { { 1163, NOERR }, { 1100, NOERR }, { 1100, REPLAY },
+              { 1163, REPLAY }, { 1099, OLD }, { 1100, REPLAY },
+              { 1150, NOERR }, { 1150, REPLAY }, { 1000, OLD },
+              { 999, NOERR } }
+    },
+};
+
+int
+main()
+{
+    size_t i, j;
+    enum width w;
+    struct test *t;
+    g_seqnum_state seqstate;
+    OM_uint32 status;
+
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        t = &tests[i];
+        /* Try both widths if t->wide_seqnums is both, otherwise just one. */
+        for (w = NARROW; w <= WIDE; w++) {
+            if (t->wide_seqnums != BOTH && t->wide_seqnums != w)
+                continue;
+            if (g_seqstate_init(&seqstate, t->initial, t->do_replay,
+                                t->do_sequence, w))
+                abort();
+            for (j = 0; j < t->nseqs; j++) {
+                status = g_seqstate_check(seqstate, t->seqs[j].seqnum);
+                if (status != t->seqs[j].result) {
+                    fprintf(stderr, "Test %d seq %d failed: %d != %d\n",
+                            (int)i, (int)j, status, t->seqs[j].result);
+                    return 1;
+                }
+            }
+            g_seqstate_free(seqstate);
+        }
+    }
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/util_buffer.c b/krb5-1.21.3/src/lib/gssapi/generic/util_buffer.c
new file mode 100644
index 00000000..da2d8329
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/util_buffer.c
@@ -0,0 +1,48 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+#include <string.h>
+
+/* return nonzero on success, 0 on failure
+   make sure that buffer is consistent (release'able) when this
+   function exits, no matter what the exit value */
+
+int g_make_string_buffer(const char *str, gss_buffer_t buffer)
+{
+    if (buffer == GSS_C_NO_BUFFER)
+        return (1);
+
+    buffer->length = strlen(str);
+
+    if ((buffer->value = gssalloc_strdup(str)) == NULL) {
+        buffer->length = 0;
+        return(0);
+    }
+
+    return(1);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/util_buffer_set.c b/krb5-1.21.3/src/lib/gssapi/generic/util_buffer_set.c
new file mode 100644
index 00000000..f7472a08
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/util_buffer_set.c
@@ -0,0 +1,126 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "gssapiP_generic.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+OM_uint32
+generic_gss_create_empty_buffer_set(OM_uint32 * minor_status,
+                                    gss_buffer_set_t *buffer_set)
+{
+    gss_buffer_set_t set;
+
+    set = (gss_buffer_set_desc *) gssalloc_malloc(sizeof(*set));
+    if (set == GSS_C_NO_BUFFER_SET) {
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+
+    set->count = 0;
+    set->elements = NULL;
+
+    *buffer_set = set;
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+generic_gss_add_buffer_set_member(OM_uint32 * minor_status,
+                                  const gss_buffer_t member_buffer,
+                                  gss_buffer_set_t *buffer_set)
+{
+    gss_buffer_set_t set;
+    gss_buffer_t p;
+    OM_uint32 ret;
+
+    if (*buffer_set == GSS_C_NO_BUFFER_SET) {
+        ret = generic_gss_create_empty_buffer_set(minor_status,
+                                                  buffer_set);
+        if (ret) {
+            return ret;
+        }
+    }
+
+    set = *buffer_set;
+    set->elements = (gss_buffer_desc *)gssalloc_realloc(set->elements,
+                                                        (set->count + 1) *
+                                                        sizeof(gss_buffer_desc));
+    if (set->elements == NULL) {
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+
+    p = &set->elements[set->count];
+
+    p->value = gssalloc_malloc(member_buffer->length);
+    if (p->value == NULL) {
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    memcpy(p->value, member_buffer->value, member_buffer->length);
+    p->length = member_buffer->length;
+
+    set->count++;
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+generic_gss_release_buffer_set(OM_uint32 * minor_status,
+                               gss_buffer_set_t *buffer_set)
+{
+    size_t i;
+    OM_uint32 minor;
+
+    *minor_status = 0;
+
+    if (*buffer_set == GSS_C_NO_BUFFER_SET) {
+        return GSS_S_COMPLETE;
+    }
+
+    for (i = 0; i < (*buffer_set)->count; i++) {
+        generic_gss_release_buffer(&minor, &((*buffer_set)->elements[i]));
+    }
+
+    if ((*buffer_set)->elements != NULL) {
+        gssalloc_free((*buffer_set)->elements);
+        (*buffer_set)->elements = NULL;
+    }
+
+    (*buffer_set)->count = 0;
+
+    gssalloc_free(*buffer_set);
+    *buffer_set = GSS_C_NO_BUFFER_SET;
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/util_errmap.c b/krb5-1.21.3/src/lib/gssapi/generic/util_errmap.c
new file mode 100644
index 00000000..628a455d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/util_errmap.c
@@ -0,0 +1,264 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2007, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "gssapiP_generic.h"
+#include <string.h>
+#ifndef _WIN32
+#include <unistd.h>
+#endif
+
+/* The mapping table is 0-based, but let's export codes that are
+   1-based, keeping 0 for errors or unknown errors.
+
+   The elements in the mapping table currently have separate copies of
+   each OID stored.  This is a bit wasteful, but we are assuming the
+   table isn't likely to grow very large.  */
+
+struct mecherror {
+    gss_OID_desc mech;
+    OM_uint32 code;
+};
+
+static inline int
+cmp_OM_uint32(OM_uint32 m1, OM_uint32 m2)
+{
+    if (m1 < m2)
+        return -1;
+    else if (m1 > m2)
+        return 1;
+    else
+        return 0;
+}
+
+static inline int
+mecherror_cmp(struct mecherror m1, struct mecherror m2)
+{
+    if (m1.code < m2.code)
+        return -1;
+    if (m1.code > m2.code)
+        return 1;
+    if (m1.mech.length < m2.mech.length)
+        return -1;
+    if (m1.mech.length > m2.mech.length)
+        return 1;
+    if (m1.mech.length == 0)
+        return 0;
+    return memcmp(m1.mech.elements, m2.mech.elements, m1.mech.length);
+}
+
+static void
+print_OM_uint32 (OM_uint32 value, FILE *f)
+{
+    fprintf(f, "%lu", (unsigned long) value);
+}
+
+static inline int
+mecherror_copy(struct mecherror *dest, struct mecherror src)
+{
+    *dest = src;
+    if (src.mech.length > 0) {
+        dest->mech.elements = malloc(src.mech.length);
+        if (dest->mech.elements == NULL)
+            return ENOMEM;
+        memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
+    } else {
+        dest->mech.elements = NULL;
+    }
+    return 0;
+}
+
+static void
+mecherror_print(struct mecherror value, FILE *f)
+{
+    OM_uint32 minor;
+    gss_buffer_desc str;
+    static const struct {
+        const char *oidstr, *name;
+    } mechnames[] = {
+        { "{ 1 2 840 113554 1 2 2 }", "krb5-new" },
+        { "{ 1 3 5 1 5 2 }", "krb5-old" },
+        { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" },
+        { "{ 1 3 6 1 5 5 2 }", "spnego" },
+    };
+    unsigned int i;
+
+    fprintf(f, "%lu@", (unsigned long) value.code);
+
+    if (value.mech.length == 0) {
+        fprintf(f, "(com_err)");
+        return;
+    }
+    fprintf(f, "%p=", value.mech.elements);
+    if (generic_gss_oid_to_str(&minor, &value.mech, &str)) {
+        fprintf(f, "(error in conversion)");
+        return;
+    }
+    /* Note: generic_gss_oid_to_str returns a null-terminated string.  */
+    for (i = 0; i < sizeof(mechnames)/sizeof(mechnames[0]); i++) {
+        if (!strcmp(str.value, mechnames[i].oidstr) && mechnames[i].name != 0) {
+            fprintf(f, "%s", mechnames[i].name);
+            break;
+        }
+    }
+    if (i == sizeof(mechnames)/sizeof(mechnames[0]))
+        fprintf(f, "%s", (char *) str.value);
+    generic_gss_release_buffer(&minor, &str);
+}
+
+#include "errmap.h"
+#include "krb5.h"               /* for KRB5KRB_AP_WRONG_PRINC */
+
+static mecherrmap m;
+static k5_mutex_t mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+static OM_uint32 next_fake = 100000;
+
+int gssint_mecherrmap_init(void)
+{
+    int err;
+
+    err = mecherrmap_init(&m);
+    if (err)
+        return err;
+    err = k5_mutex_finish_init(&mutex);
+    if (err) {
+        mecherrmap_destroy(&m);
+        return err;
+    }
+
+    return 0;
+}
+
+/* Currently the enumeration template doesn't handle freeing
+   element storage when destroying the collection.  */
+static int free_one(OM_uint32 i, struct mecherror value, void *p)
+{
+    free(value.mech.elements);
+    return 0;
+}
+
+void gssint_mecherrmap_destroy(void)
+{
+    mecherrmap_foreach(&m, free_one, NULL);
+    mecherrmap_destroy(&m);
+    k5_mutex_destroy(&mutex);
+}
+
+OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid)
+{
+    const struct mecherror *mep;
+    struct mecherror me, me_copy;
+    const OM_uint32 *p;
+    int err;
+    OM_uint32 new_status;
+
+#ifdef DEBUG
+    FILE *f;
+    f = fopen("/dev/pts/9", "w+");
+    if (f == NULL)
+        f = stderr;
+#endif
+
+    me.code = minor;
+    me.mech = *oid;
+    k5_mutex_lock(&mutex);
+
+    /* Is this status+oid already mapped?  */
+    p = mecherrmap_findright(&m, me);
+    if (p != NULL) {
+        k5_mutex_unlock(&mutex);
+#ifdef DEBUG
+        fprintf(f, "%s: found ", __FUNCTION__);
+        mecherror_print(me, f);
+        fprintf(f, " in map as %lu\n", (unsigned long) *p);
+        if (f != stderr) fclose(f);
+#endif
+        return *p;
+    }
+    /* Is this status code already mapped to something else
+       mech-specific?  */
+    mep = mecherrmap_findleft(&m, minor);
+    if (mep == NULL) {
+        /* Map it to itself plus this mech-oid.  */
+        new_status = minor;
+    } else {
+        /* Already assigned.  Pick a fake new value and map it.  */
+        /* There's a theoretical infinite loop risk here, if we fill
+           in 2**32 values.  Also, returning 0 has a special
+           meaning.  */
+        do {
+            next_fake++;
+            new_status = next_fake;
+            if (new_status == 0)
+                /* ??? */;
+        } while (mecherrmap_findleft(&m, new_status) != NULL);
+    }
+    err = mecherror_copy(&me_copy, me);
+    if (err) {
+        k5_mutex_unlock(&mutex);
+        return err;
+    }
+    err = mecherrmap_add(&m, new_status, me_copy);
+    k5_mutex_unlock(&mutex);
+    if (err)
+        free(me_copy.mech.elements);
+#ifdef DEBUG
+    fprintf(f, "%s: mapping ", __FUNCTION__);
+    mecherror_print(me, f);
+    fprintf(f, " to %lu: err=%d\nnew map: ", (unsigned long) new_status, err);
+    mecherrmap_printmap(&m, f);
+    fprintf(f, "\n");
+    if (f != stderr) fclose(f);
+#endif
+    if (err)
+        return 0;
+    else
+        return new_status;
+}
+
+static gss_OID_desc no_oid = { 0, 0 };
+OM_uint32 gssint_mecherrmap_map_errcode(OM_uint32 errcode)
+{
+    return gssint_mecherrmap_map(errcode, &no_oid);
+}
+
+int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
+                          OM_uint32 *mech_minor)
+{
+    const struct mecherror *p;
+
+    if (minor == 0) {
+        return EINVAL;
+    }
+    k5_mutex_lock(&mutex);
+    p = mecherrmap_findleft(&m, minor);
+    k5_mutex_unlock(&mutex);
+    if (!p) {
+        return EINVAL;
+    }
+    *mech_oid = p->mech;
+    *mech_minor = p->code;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/util_seqstate.c b/krb5-1.21.3/src/lib/gssapi/generic/util_seqstate.c
new file mode 100644
index 00000000..a0bc2cc1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/util_seqstate.c
@@ -0,0 +1,163 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/generic/util_seqstate.c - sequence number checking */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gssapiP_generic.h"
+#include <string.h>
+
+struct g_seqnum_state_st {
+    /* Flags to indicate whether we are supposed to check for replays or
+     * enforce strict sequencing. */
+    int do_replay;
+    int do_sequence;
+
+    /* UINT32_MAX for 32-bit sequence numbers, UINT64_MAX for 64-bit.  Mask
+     * against this after arithmetic to stay within the correct range. */
+    uint64_t seqmask;
+
+    /* The initial sequence number for this context.  This value will be
+     * subtracted from all received sequence numbers to simplify wraparound. */
+    uint64_t base;
+
+    /* The expected next sequence number (one more than the highest previously
+     * seen sequence number), relative to base. */
+    uint64_t next;
+
+    /*
+     * A bitmap for the 64 sequence numbers prior to next.  If the 1<<(i-1) bit
+     * is set, then we have seen seqnum next-i relative to base.  The least
+     * significant bit is always set if we have received any sequence numbers,
+     * and indicates the highest sequence number we have seen (next-1).  When
+     * we advance next, we shift recvmap to the left.
+     */
+    uint64_t recvmap;
+};
+
+long
+g_seqstate_init(g_seqnum_state *state_out, uint64_t seqnum, int do_replay,
+                int do_sequence, int wide)
+{
+    g_seqnum_state state;
+
+    *state_out = NULL;
+    state = malloc(sizeof(*state));
+    if (state == NULL)
+        return ENOMEM;
+    state->do_replay = do_replay;
+    state->do_sequence = do_sequence;
+    state->seqmask = wide ? UINT64_MAX : UINT32_MAX;
+    state->base = seqnum;
+    state->next = state->recvmap = 0;
+    *state_out = state;
+    return 0;
+}
+
+OM_uint32
+g_seqstate_check(g_seqnum_state state, uint64_t seqnum)
+{
+    uint64_t rel_seqnum, offset, bit;
+
+    if (!state->do_replay && !state->do_sequence)
+        return GSS_S_COMPLETE;
+
+    /* Use the difference from the base seqnum, to simplify wraparound. */
+    rel_seqnum = (seqnum - state->base) & state->seqmask;
+
+    if (rel_seqnum >= state->next) {
+        /* seqnum is the expected sequence number or in the future.  Update the
+         * received bitmap and expected next sequence number. */
+        offset = rel_seqnum - state->next;
+        state->recvmap = (state->recvmap << (offset + 1)) | 1;
+        state->next = (rel_seqnum + 1) & state->seqmask;
+
+        return (offset > 0 && state->do_sequence) ? GSS_S_GAP_TOKEN :
+            GSS_S_COMPLETE;
+    }
+
+    /* seqnum is in the past.  Check if it's too old for replay detection. */
+    offset = state->next - rel_seqnum;
+    if (offset > 64)
+        return state->do_sequence ? GSS_S_UNSEQ_TOKEN : GSS_S_OLD_TOKEN;
+
+    /* Check for replay and mark as received. */
+    bit = (uint64_t)1 << (offset - 1);
+    if (state->do_replay && (state->recvmap & bit))
+        return GSS_S_DUPLICATE_TOKEN;
+    state->recvmap |= bit;
+
+    return state->do_sequence ? GSS_S_UNSEQ_TOKEN : GSS_S_COMPLETE;
+}
+
+void
+g_seqstate_free(g_seqnum_state state)
+{
+    free(state);
+}
+
+/*
+ * These support functions are for the serialization routines
+ */
+void
+g_seqstate_size(g_seqnum_state state, size_t *sizep)
+{
+    *sizep += sizeof(*state);
+}
+
+long
+g_seqstate_externalize(g_seqnum_state state, unsigned char **buf,
+                       size_t *lenremain)
+{
+    if (*lenremain < sizeof(*state))
+        return ENOMEM;
+    memcpy(*buf, state, sizeof(*state));
+    *buf += sizeof(*state);
+    *lenremain -= sizeof(*state);
+    return 0;
+}
+
+long
+g_seqstate_internalize(g_seqnum_state *state_out, unsigned char **buf,
+                       size_t *lenremain)
+{
+    g_seqnum_state state;
+
+    *state_out = NULL;
+    if (*lenremain < sizeof(*state))
+        return EINVAL;
+    state = malloc(sizeof(*state));
+    if (state == NULL)
+        return ENOMEM;
+    memcpy(state, *buf, sizeof(*state));
+    *buf += sizeof(*state);
+    *lenremain -= sizeof(*state);
+    *state_out = state;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/util_set.c b/krb5-1.21.3/src/lib/gssapi/generic/util_set.c
new file mode 100644
index 00000000..432a9ee0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/util_set.c
@@ -0,0 +1,91 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1995 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+
+struct _g_set_elt {
+    void *key;
+    void *value;
+    struct _g_set_elt *next;
+};
+
+int g_set_init(g_set_elt *s)
+{
+    *s = NULL;
+
+    return(0);
+}
+
+int g_set_entry_add(g_set_elt *s, void *key, void *value)
+{
+    g_set_elt first;
+
+    if ((first = (struct _g_set_elt *) malloc(sizeof(struct _g_set_elt))) == NULL)
+        return(ENOMEM);
+
+    first->key = key;
+    first->value = value;
+    first->next = *s;
+
+    *s = first;
+
+    return(0);
+}
+
+int g_set_entry_delete(g_set_elt *s, void *key)
+{
+    g_set_elt *p;
+
+    for (p=s; *p; p = &((*p)->next)) {
+        if ((*p)->key == key) {
+            g_set_elt next = (*p)->next;
+            free(*p);
+            *p = next;
+
+            return(0);
+        }
+    }
+
+    return(-1);
+}
+
+int g_set_entry_get(g_set_elt *s, void *key, void **value)
+{
+    g_set_elt p;
+
+    for (p = *s; p; p = p->next) {
+        if (p->key == key) {
+            *value = p->value;
+
+            return(0);
+        }
+    }
+
+    *value = NULL;
+
+    return(-1);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/generic/util_token.c b/krb5-1.21.3/src/lib/gssapi/generic/util_token.c
new file mode 100644
index 00000000..2369cae2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/generic/util_token.c
@@ -0,0 +1,108 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_generic.h"
+#include "k5-der.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <limits.h>
+
+/*
+ * $Id$
+ */
+
+/* Return the length of an RFC 4121 token with RFC 2743 token framing, given
+ * the mech oid and the body size (without the two-byte RFC 4121 token ID). */
+unsigned int
+g_token_size(const gss_OID_desc * mech, unsigned int body_size)
+{
+    size_t mech_der_len = k5_der_value_len(mech->length);
+
+    return k5_der_value_len(mech_der_len + 2 + body_size);
+}
+
+/*
+ * Add RFC 2743 generic token framing to buf with room left for body_size bytes
+ * in the sequence to be added by the caller.  If tok_type is not -1, add it as
+ * a two-byte RFC 4121 token identifier after the framing and include room for
+ * it in the sequence.
+ */
+void
+g_make_token_header(struct k5buf *buf, const gss_OID_desc *mech,
+                    size_t body_size, int tok_type)
+{
+    size_t tok_len = (tok_type == -1) ? 0 : 2;
+    size_t seq_len = k5_der_value_len(mech->length) + body_size + tok_len;
+
+    k5_der_add_taglen(buf, 0x60, seq_len);
+    k5_der_add_value(buf, 0x06, mech->elements, mech->length);
+    if (tok_type != -1)
+        k5_buf_add_uint16_be(buf, tok_type);
+}
+
+/*
+ * Given a buffer containing a token, reads and verifies the token,
+ * leaving buf advanced past the token header, and setting body_size
+ * to the number of remaining bytes.  Returns 0 on success,
+ * G_BAD_TOK_HEADER for a variety of errors, and G_WRONG_MECH if the
+ * mechanism in the token does not match the mech argument.  buf and
+ * *body_size are left unmodified on error.
+ */
+
+gss_int32
+g_verify_token_header(
+    const gss_OID_desc * mech,
+    unsigned int *body_size,
+    unsigned char **buf_in,
+    int tok_type,
+    unsigned int toksize_in,
+    int flags)
+{
+    struct k5input in, mech_der;
+    gss_OID_desc toid;
+
+    k5_input_init(&in, *buf_in, toksize_in);
+
+    if (k5_der_get_value(&in, 0x60, &in)) {
+        if (in.ptr + in.len != *buf_in + toksize_in)
+            return G_BAD_TOK_HEADER;
+        if (!k5_der_get_value(&in, 0x06, &mech_der))
+            return G_BAD_TOK_HEADER;
+        toid.elements = (uint8_t *)mech_der.ptr;
+        toid.length = mech_der.len;
+        if (!g_OID_equal(&toid, mech))
+            return G_WRONG_MECH;
+    } else if (flags & G_VFY_TOKEN_HDR_WRAPPER_REQUIRED) {
+        return G_BAD_TOK_HEADER;
+    }
+
+    if (tok_type != -1) {
+        if (k5_input_get_uint16_be(&in) != tok_type)
+            return in.status ? G_BAD_TOK_HEADER : G_WRONG_TOKID;
+    }
+
+    *buf_in = (uint8_t *)in.ptr;
+    *body_size = in.len;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/Makefile.in b/krb5-1.21.3/src/lib/gssapi/krb5/Makefile.in
new file mode 100644
index 00000000..be439956
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/Makefile.in
@@ -0,0 +1,259 @@
+mydir=lib$(S)gssapi$(S)krb5
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue
+DEFINES=-D_GSS_STATIC_LINK=1
+
+#MODULE_INSTALL_DIR = $(GSS_MODULE_DIR)
+#LIBBASE=mech_krb5
+#LIBMAJOR=0
+#LIBMINOR=0
+#LIBINITFUNC=gss_krb5int_init
+#LIBFINIFUNC=gss_krb5int_fini
+#STOBJLISTS=../generic/OBJS.ST OBJS.ST
+#SUBDIROBJLISTS=../generic/OBJS.ST
+#SHLIB_EXPDEPS=$(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) $(COM_ERR_DEPLIB)
+#SHLIB_EXPLIBS=-lkrb5 -lk5crypto $(COM_ERR_LIB) $(SUPPORT_LIB) $(DL_LIB) $(LIBS)
+#RELDIR=gssapi/krb5
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=krb5
+##DOS##OBJFILE = ..\$(OUTPRE)krb5.lst
+
+##DOS##DLL_EXP_TYPE=GSS
+
+ETSRCS= gssapi_err_krb5.c
+ETOBJS= $(OUTPRE)gssapi_err_krb5.$(OBJEXT)
+ETHDRS= gssapi_err_krb5.h
+
+$(OUTPRE)gssapi_err_krb5.$(OBJEXT): gssapi_err_krb5.c
+gssapi_err_krb5.h: gssapi_err_krb5.et
+gssapi_err_krb5.c: gssapi_err_krb5.et
+
+SRCS = \
+	$(srcdir)/accept_sec_context.c \
+	$(srcdir)/acquire_cred.c \
+	$(srcdir)/canon_name.c \
+	$(srcdir)/compare_name.c \
+	$(srcdir)/context_time.c \
+	$(srcdir)/copy_ccache.c \
+	$(srcdir)/cred_store.c \
+	$(srcdir)/delete_sec_context.c \
+	$(srcdir)/disp_name.c \
+	$(srcdir)/disp_status.c \
+	$(srcdir)/duplicate_name.c \
+	$(srcdir)/export_cred.c \
+	$(srcdir)/export_name.c \
+	$(srcdir)/export_sec_context.c \
+	$(srcdir)/get_tkt_flags.c \
+	$(srcdir)/gssapi_krb5.c \
+	$(srcdir)/iakerb.c \
+	$(srcdir)/import_cred.c \
+	$(srcdir)/import_name.c \
+	$(srcdir)/import_sec_context.c \
+	$(srcdir)/indicate_mechs.c \
+	$(srcdir)/init_sec_context.c \
+	$(srcdir)/inq_context.c \
+	$(srcdir)/inq_cred.c \
+	$(srcdir)/inq_names.c \
+	$(srcdir)/k5seal.c \
+	$(srcdir)/k5sealiov.c \
+	$(srcdir)/k5sealv3.c \
+	$(srcdir)/k5sealv3iov.c \
+	$(srcdir)/k5unseal.c \
+	$(srcdir)/k5unsealiov.c \
+	$(srcdir)/krb5_gss_glue.c \
+	$(srcdir)/lucid_context.c \
+	$(srcdir)/naming_exts.c \
+	$(srcdir)/prf.c \
+	$(srcdir)/process_context_token.c \
+	$(srcdir)/rel_cred.c \
+	$(srcdir)/rel_oid.c \
+	$(srcdir)/rel_name.c \
+	$(srcdir)/s4u_gss_glue.c \
+	$(srcdir)/set_allowable_enctypes.c \
+	$(srcdir)/ser_sctx.c \
+	$(srcdir)/set_ccache.c \
+	$(srcdir)/store_cred.c \
+	$(srcdir)/util_cksum.c \
+	$(srcdir)/util_crypt.c \
+	$(srcdir)/util_seed.c \
+	$(srcdir)/util_seqnum.c \
+	$(srcdir)/val_cred.c \
+	$(srcdir)/wrap_size_limit.c 
+
+
+OBJS = \
+	$(OUTPRE)accept_sec_context.$(OBJEXT) \
+	$(OUTPRE)acquire_cred.$(OBJEXT) \
+	$(OUTPRE)canon_name.$(OBJEXT) \
+	$(OUTPRE)compare_name.$(OBJEXT) \
+	$(OUTPRE)context_time.$(OBJEXT) \
+	$(OUTPRE)copy_ccache.$(OBJEXT) \
+	$(OUTPRE)cred_store.$(OBJEXT) \
+	$(OUTPRE)delete_sec_context.$(OBJEXT) \
+	$(OUTPRE)disp_name.$(OBJEXT) \
+	$(OUTPRE)disp_status.$(OBJEXT) \
+	$(OUTPRE)duplicate_name.$(OBJEXT) \
+	$(OUTPRE)export_cred.$(OBJEXT) \
+	$(OUTPRE)export_name.$(OBJEXT) \
+	$(OUTPRE)export_sec_context.$(OBJEXT) \
+	$(OUTPRE)get_tkt_flags.$(OBJEXT) \
+	$(OUTPRE)gssapi_krb5.$(OBJEXT) \
+	$(OUTPRE)iakerb.$(OBJEXT) \
+	$(OUTPRE)import_cred.$(OBJEXT) \
+	$(OUTPRE)import_name.$(OBJEXT) \
+	$(OUTPRE)import_sec_context.$(OBJEXT) \
+	$(OUTPRE)indicate_mechs.$(OBJEXT) \
+	$(OUTPRE)init_sec_context.$(OBJEXT) \
+	$(OUTPRE)inq_context.$(OBJEXT) \
+	$(OUTPRE)inq_cred.$(OBJEXT) \
+	$(OUTPRE)inq_names.$(OBJEXT) \
+	$(OUTPRE)k5seal.$(OBJEXT) \
+	$(OUTPRE)k5sealiov.$(OBJEXT) \
+	$(OUTPRE)k5sealv3.$(OBJEXT) \
+	$(OUTPRE)k5sealv3iov.$(OBJEXT) \
+	$(OUTPRE)k5unseal.$(OBJEXT) \
+	$(OUTPRE)k5unsealiov.$(OBJEXT) \
+	$(OUTPRE)krb5_gss_glue.$(OBJEXT) \
+	$(OUTPRE)lucid_context.$(OBJEXT) \
+	$(OUTPRE)naming_exts.$(OBJEXT) \
+	$(OUTPRE)prf.$(OBJEXT) \
+	$(OUTPRE)process_context_token.$(OBJEXT) \
+	$(OUTPRE)rel_cred.$(OBJEXT) \
+	$(OUTPRE)rel_oid.$(OBJEXT) \
+	$(OUTPRE)rel_name.$(OBJEXT) \
+	$(OUTPRE)s4u_gss_glue.$(OBJEXT) \
+	$(OUTPRE)set_allowable_enctypes.$(OBJEXT) \
+	$(OUTPRE)ser_sctx.$(OBJEXT) \
+	$(OUTPRE)set_ccache.$(OBJEXT) \
+	$(OUTPRE)store_cred.$(OBJEXT) \
+	$(OUTPRE)util_cksum.$(OBJEXT) \
+	$(OUTPRE)util_crypt.$(OBJEXT) \
+	$(OUTPRE)util_seed.$(OBJEXT) \
+	$(OUTPRE)util_seqnum.$(OBJEXT) \
+	$(OUTPRE)val_cred.$(OBJEXT) \
+	$(OUTPRE)wrap_size_limit.$(OBJEXT) \
+	$(OUTPRE)gssapi_err_krb5.$(OBJEXT)
+
+#	k5mech.$(OBJEXT) \
+#	pname_to_uid.$(OBJEXT)
+
+STLIBOBJS = \
+	accept_sec_context.o \
+	acquire_cred.o \
+	canon_name.o \
+	compare_name.o \
+	context_time.o \
+	copy_ccache.o \
+	cred_store.o \
+	delete_sec_context.o \
+	disp_name.o \
+	disp_status.o \
+	duplicate_name.o \
+	export_cred.o \
+	export_name.o \
+	export_sec_context.o \
+	get_tkt_flags.o \
+	gssapi_krb5.o \
+	iakerb.o \
+	import_cred.o \
+	import_name.o \
+	import_sec_context.o \
+	indicate_mechs.o \
+	init_sec_context.o \
+	inq_context.o \
+	inq_cred.o \
+	inq_names.o \
+	k5seal.o \
+	k5sealiov.o \
+	k5sealv3.o \
+	k5sealv3iov.o \
+	k5unseal.o \
+	k5unsealiov.o \
+	krb5_gss_glue.o \
+	lucid_context.o \
+	naming_exts.o \
+	prf.o \
+	process_context_token.o \
+	rel_cred.o \
+	rel_oid.o \
+	rel_name.o \
+	s4u_gss_glue.o \
+	set_allowable_enctypes.o \
+	ser_sctx.o \
+	set_ccache.o \
+	store_cred.o \
+	util_cksum.o \
+	util_crypt.o \
+	util_seed.o \
+	util_seqnum.o \
+	val_cred.o \
+	wrap_size_limit.o \
+	gssapi_err_krb5.o
+
+#	k5mech.o \
+#	pname_to_uid.o
+
+HDRS= $(ETHDRS)
+
+EHDRDIR=$(BUILDTOP)$(S)include$(S)gssapi
+EXPORTED_HEADERS= gssapi_krb5.h
+
+##DOS##LIBOBJS = $(OBJS)
+
+GSSAPI_KRB5_HDR=$(EHDRDIR)$(S)gssapi_krb5.h
+
+all-windows: $(EHDRDIR) $(GSSAPI_KRB5_HDR) $(SRCS) $(HDRS)
+
+##DOS##$(EHDRDIR):
+##DOS##	mkdir $(EHDRDIR)
+
+MK_EHDRDIR=if test -d $(EHDRDIR); then :; else (set -x; mkdir $(EHDRDIR)); fi
+##DOS##MK_EHDRDIR=rem
+
+$(GSSAPI_KRB5_HDR): $(srcdir)$(S)gssapi_krb5.h
+	@$(MK_EHDRDIR)
+	$(CP) $(srcdir)$(S)gssapi_krb5.h "$@"
+
+all-unix: $(SRCS) $(HDRS) $(GSSAPI_KRB5_HDR)
+all-unix: all-libobjs
+
+error_map.h: $(top_srcdir)/util/gen-map.pl \
+		$(top_srcdir)/util/ktemplate.pm Makefile
+	$(PERL) -I$(top_srcdir)/util $(top_srcdir)/util/gen-map.pl \
+		-oerror_map.new \
+		NAME=gsserrmap \
+		KEY=OM_uint32 \
+		VALUE="char *" \
+		COMPARE=compare_OM_uint32 \
+		FREEVALUE=free_string
+	$(RM) $@
+	$(MV) error_map.new $@
+
+clean-unix::
+	$(RM) $(BUILDTOP)/include/gssapi/gssapi_krb5.h
+	-$(RM) error_map.h
+
+clean-unix:: clean-libobjs
+	$(RM) $(ETHDRS) $(ETSRCS)
+
+clean-windows::
+	$(RM) $(EHDRDIR)\gssapi_krb5.h
+	$(RM) error_map.h
+	-if exist $(EHDRDIR)\nul rmdir $(EHDRDIR)
+
+
+generate-files-mac: error_map.h
+
+install-headers-unix install:
+	@set -x; for f in $(EXPORTED_HEADERS) ; \
+	do $(INSTALL_DATA) $(srcdir)/$$f	\
+		$(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \
+	done
+
+depend: $(ETSRCS) $(ETHDRS) $(GSSAPI_KRB5_HDR) error_map.h
+
+install:
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/accept_sec_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/accept_sec_context.c
new file mode 100644
index 00000000..b35e11bf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/accept_sec_context.c
@@ -0,0 +1,1346 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2000, 2004, 2007, 2008  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-input.h"
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <assert.h>
+
+#ifdef CFX_EXERCISE
+#define CFX_ACCEPTOR_SUBKEY (time(0) & 1)
+#else
+#define CFX_ACCEPTOR_SUBKEY 1
+#endif
+
+#ifndef LEAN_CLIENT
+
+static OM_uint32
+create_constrained_deleg_creds(OM_uint32 *minor_status,
+                               krb5_gss_cred_id_t verifier_cred_handle,
+                               krb5_ticket *ticket,
+                               krb5_gss_cred_id_t *out_cred,
+                               krb5_context context)
+{
+    OM_uint32 major_status;
+    krb5_creds krb_creds;
+    krb5_data *data;
+    krb5_error_code code;
+
+    assert(out_cred != NULL);
+    assert(verifier_cred_handle->usage == GSS_C_BOTH);
+
+    memset(&krb_creds, 0, sizeof(krb_creds));
+    krb_creds.client = ticket->enc_part2->client;
+    krb_creds.server = ticket->server;
+    krb_creds.keyblock = *(ticket->enc_part2->session);
+    krb_creds.ticket_flags = ticket->enc_part2->flags;
+    krb_creds.times = ticket->enc_part2->times;
+    krb_creds.magic = KV5M_CREDS;
+    krb_creds.authdata = NULL;
+
+    code = encode_krb5_ticket(ticket, &data);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    krb_creds.ticket = *data;
+
+    major_status = kg_compose_deleg_cred(minor_status,
+                                         verifier_cred_handle,
+                                         &krb_creds,
+                                         GSS_C_INDEFINITE,
+                                         out_cred,
+                                         NULL,
+                                         context);
+
+    krb5_free_data(context, data);
+
+    return major_status;
+}
+
+/* Decode, decrypt and store the forwarded creds in the local ccache. */
+static krb5_error_code
+rd_and_store_for_creds(context, auth_context, inbuf, out_cred)
+    krb5_context context;
+    krb5_auth_context auth_context;
+    krb5_data *inbuf;
+    krb5_gss_cred_id_t *out_cred;
+{
+    krb5_creds ** creds = NULL;
+    krb5_error_code retval;
+    krb5_ccache ccache = NULL;
+    krb5_gss_cred_id_t cred = NULL;
+    krb5_auth_context new_auth_ctx = NULL;
+    krb5_int32 flags_org;
+
+    if ((retval = krb5_auth_con_getflags(context, auth_context, &flags_org)))
+        return retval;
+    krb5_auth_con_setflags(context, auth_context,
+                           0);
+
+    /*
+     * By the time krb5_rd_cred is called here (after krb5_rd_req has been
+     * called in krb5_gss_accept_sec_context), the "keyblock" field of
+     * auth_context contains a pointer to the session key, and the
+     * "recv_subkey" field might contain a session subkey.  Either of
+     * these (the "recv_subkey" if it isn't NULL, otherwise the
+     * "keyblock") might have been used to encrypt the encrypted part of
+     * the KRB_CRED message that contains the forwarded credentials.  (The
+     * Java Crypto and Security Implementation from the DSTC in Australia
+     * always uses the session key.  But apparently it never negotiates a
+     * subkey, so this code works fine against a JCSI client.)  Up to the
+     * present, though, GSSAPI clients linked against the MIT code (which
+     * is almost all GSSAPI clients) don't encrypt the KRB_CRED message at
+     * all -- at this level.  So if the first call to krb5_rd_cred fails,
+     * we should call it a second time with another auth context freshly
+     * created by krb5_auth_con_init.  All of its keyblock fields will be
+     * NULL, so krb5_rd_cred will assume that the KRB_CRED message is
+     * unencrypted.  (The MIT code doesn't actually send the KRB_CRED
+     * message in the clear -- the "authenticator" whose "checksum" ends up
+     * containing the KRB_CRED message does get encrypted.)
+     */
+    if (krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) {
+        if ((retval = krb5_auth_con_init(context, &new_auth_ctx)))
+            goto cleanup;
+        krb5_auth_con_setflags(context, new_auth_ctx, 0);
+        if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf,
+                                   &creds, NULL)))
+            goto cleanup;
+    }
+
+    if ((retval = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) {
+        ccache = NULL;
+        goto cleanup;
+    }
+
+    if ((retval = krb5_cc_initialize(context, ccache, creds[0]->client)))
+        goto cleanup;
+
+    if ((retval = k5_cc_store_primary_cred(context, ccache, creds[0])))
+        goto cleanup;
+
+    /* generate a delegated credential handle */
+    if (out_cred) {
+        /* allocate memory for a cred_t... */
+        if (!(cred =
+              (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))) {
+            retval = ENOMEM; /* out of memory? */
+            goto cleanup;
+        }
+
+        /* zero it out... */
+        memset(cred, 0, sizeof(krb5_gss_cred_id_rec));
+
+        retval = k5_mutex_init(&cred->lock);
+        if (retval) {
+            xfree(cred);
+            cred = NULL;
+            goto cleanup;
+        }
+
+        /* copy the client principle into it... */
+        if ((retval =
+             kg_init_name(context, creds[0]->client, NULL, NULL, NULL, 0,
+                          &cred->name))) {
+            k5_mutex_destroy(&cred->lock);
+            retval = ENOMEM; /* out of memory? */
+            xfree(cred); /* clean up memory on failure */
+            cred = NULL;
+            goto cleanup;
+        }
+
+        cred->usage = GSS_C_INITIATE; /* we can't accept with this */
+        /* cred->name already set */
+        cred->keytab = NULL; /* no keytab associated with this... */
+        cred->expire = creds[0]->times.endtime; /* store the end time */
+        cred->ccache = ccache; /* the ccache containing the credential */
+        cred->destroy_ccache = 1;
+        ccache = NULL; /* cred takes ownership so don't destroy */
+    }
+
+    /* If there were errors, there might have been a memory leak
+       if (!cred)
+       if ((retval = krb5_cc_close(context, ccache)))
+       goto cleanup;
+    */
+cleanup:
+    if (creds)
+        krb5_free_tgt_creds(context, creds);
+
+    if (ccache)
+        (void)krb5_cc_destroy(context, ccache);
+
+    if (out_cred)
+        *out_cred = cred; /* return credential */
+
+    if (new_auth_ctx)
+        krb5_auth_con_free(context, new_auth_ctx);
+
+    krb5_auth_con_setflags(context, auth_context, flags_org);
+
+    return retval;
+}
+
+
+/*
+ * Performs third leg of DCE authentication
+ */
+static OM_uint32
+kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
+              input_token, input_chan_bindings, src_name, mech_type,
+              output_token, ret_flags, time_rec, delegated_cred_handle)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_cred_id_t verifier_cred_handle;
+    gss_buffer_t input_token;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_name_t *src_name;
+    gss_OID *mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+    gss_cred_id_t *delegated_cred_handle;
+{
+    krb5_error_code code;
+    krb5_gss_ctx_id_rec *ctx = 0;
+    krb5_timestamp now;
+    krb5_gss_name_t name = NULL;
+    krb5_ui_4 nonce = 0;
+    krb5_data ap_rep;
+    OM_uint32 major_status = GSS_S_FAILURE;
+
+    output_token->length = 0;
+    output_token->value = NULL;
+
+    if (mech_type)
+        *mech_type = GSS_C_NULL_OID;
+    /* return a bogus cred handle */
+    if (delegated_cred_handle)
+        *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    ctx = (krb5_gss_ctx_id_rec *)*context_handle;
+
+    code = krb5_timeofday(ctx->k5_context, &now);
+    if (code != 0) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    ap_rep.data = input_token->value;
+    ap_rep.length = input_token->length;
+
+    code = krb5_rd_rep_dce(ctx->k5_context,
+                           ctx->auth_context,
+                           &ap_rep,
+                           &nonce);
+    if (code != 0) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    ctx->established = 1;
+
+    if (src_name) {
+        code = kg_duplicate_name(ctx->k5_context, ctx->there, &name);
+        if (code) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+        *src_name = (gss_name_t) name;
+    }
+
+    if (mech_type)
+        *mech_type = ctx->mech_used;
+
+    if (time_rec) {
+        *time_rec = ts_interval(ts_incr(now, -ctx->k5_context->clockskew),
+                                ctx->krb_times.endtime);
+    }
+
+    /* Never return GSS_C_DELEG_FLAG since we don't support DCE credential
+     * delegation yet. */
+    if (ret_flags)
+        *ret_flags = (ctx->gss_flags & ~GSS_C_DELEG_FLAG);
+
+    *minor_status = 0;
+
+    return GSS_S_COMPLETE;
+
+fail:
+    /* real failure code follows */
+
+    (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
+                                       NULL);
+    *context_handle = GSS_C_NO_CONTEXT;
+    *minor_status = code;
+
+    return major_status;
+}
+
+static krb5_error_code
+kg_process_extension(krb5_context context,
+                     krb5_auth_context auth_context,
+                     int ext_type,
+                     krb5_data *ext_data,
+                     krb5_gss_ctx_ext_t exts)
+{
+    krb5_error_code code = 0;
+
+    assert(exts != NULL);
+
+    switch (ext_type) {
+    case KRB5_GSS_EXTS_IAKERB_FINISHED:
+        if (exts->iakerb.conv == NULL) {
+            code = KRB5KRB_AP_ERR_MSG_TYPE; /* XXX */
+        } else {
+            krb5_key key;
+
+            code = krb5_auth_con_getrecvsubkey_k(context, auth_context, &key);
+            if (code != 0)
+                break;
+
+            code = iakerb_verify_finished(context, key, exts->iakerb.conv,
+                                          ext_data);
+            if (code == 0)
+                exts->iakerb.verified = 1;
+
+            krb5_k_free_key(context, key);
+        }
+        break;
+    default:
+        break;
+    }
+
+    return code;
+}
+
+/* The length of the MD5 channel bindings in an 0x8003 checksum */
+#define CB_MD5_LEN 16
+
+/* The minimum length of an 0x8003 checksum value (4-byte channel bindings
+ * length, 16-byte channel bindings, 4-byte flags) */
+#define MIN_8003_LEN (4 + CB_MD5_LEN + 4)
+
+/* The flags we accept from the initiator's authenticator checksum. */
+#define INITIATOR_FLAGS (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG |           \
+                         GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |        \
+                         GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE |        \
+                         GSS_C_IDENTIFY_FLAG | GSS_C_EXTENDED_ERROR_FLAG)
+
+/* A zero-value channel binding, for comparison */
+static const uint8_t null_cb[CB_MD5_LEN];
+
+/* Look for AP_OPTIONS in authdata.  If present and the options include
+ * KERB_AP_OPTIONS_CBT, set *cbt_out to true. */
+static krb5_error_code
+check_cbt(krb5_context context, krb5_authdata *const *authdata,
+          krb5_boolean *cbt_out)
+{
+    krb5_error_code code;
+    krb5_authdata **ad;
+    uint32_t ad_ap_options;
+    const uint32_t KERB_AP_OPTIONS_CBT = 0x4000;
+
+    *cbt_out = FALSE;
+
+    code = krb5_find_authdata(context, NULL, authdata,
+                              KRB5_AUTHDATA_AP_OPTIONS, &ad);
+    if (code || ad == NULL)
+        return code;
+    if (ad[1] != NULL || ad[0]->length != 4) {
+        code = KRB5KRB_AP_ERR_MSG_TYPE;
+    } else {
+        ad_ap_options = load_32_le(ad[0]->contents);
+        if (ad_ap_options & KERB_AP_OPTIONS_CBT)
+            *cbt_out = TRUE;
+    }
+
+    krb5_free_authdata(context, ad);
+    return code;
+}
+
+/*
+ * The krb5 GSS mech appropriates the authenticator checksum field from RFC
+ * 4120 to store structured data instead of a checksum, indicated with checksum
+ * type 0x8003 (see RFC 4121 section 4.1.1).  Some implementations instead send
+ * no checksum, or a regular checksum over empty data.
+ *
+ * Interpret the checksum.  Read delegated creds into *deleg_out if it is not
+ * NULL.  Set *flags_out to the allowed subset of token flags, plus
+ * GSS_C_DELEG_FLAG if a delegated credential was present and
+ * GSS_C_CHANNEL_BOUND_FLAG if matching channel bindings are present.  Process
+ * any extensions found using exts.  On error, set *code_out to a krb5_error
+ * code for use as a minor status value.
+ */
+static OM_uint32
+process_checksum(OM_uint32 *minor_status, krb5_context context,
+                 gss_channel_bindings_t acceptor_cb,
+                 krb5_auth_context auth_context, krb5_flags ap_req_options,
+                 krb5_authenticator *authenticator, krb5_gss_ctx_ext_t exts,
+                 krb5_gss_cred_id_t *deleg_out, krb5_ui_4 *flags_out,
+                 krb5_error_code *code_out)
+{
+    krb5_error_code code = 0;
+    OM_uint32 status, option_id, token_flags;
+    size_t cb_len, option_len;
+    krb5_boolean valid, client_cbt, token_cb_present = FALSE, cb_match = FALSE;
+    krb5_key subkey;
+    krb5_data option, empty = empty_data();
+    krb5_checksum cb_cksum;
+    const uint8_t *token_cb, *option_bytes;
+    struct k5input in;
+    const krb5_checksum *cksum = authenticator->checksum;
+
+    cb_cksum.contents = NULL;
+
+    if (cksum == NULL) {
+        /*
+         * Some SMB client implementations use handcrafted GSSAPI code that
+         * does not provide a checksum.  MS-KILE documents that the Microsoft
+         * implementation considers a missing checksum acceptable; the server
+         * assumes all flags are unset in this case, and does not check channel
+         * bindings.
+         */
+        *flags_out = 0;
+    } else if (cksum->checksum_type != CKSUMTYPE_KG_CB) {
+        /* Samba sends a regular checksum. */
+        code = krb5_auth_con_getkey_k(context, auth_context, &subkey);
+        if (code) {
+            status = GSS_S_FAILURE;
+            goto fail;
+        }
+
+        /* Verifying the checksum ensures that this authenticator wasn't
+         * replayed from one with a checksum over actual data. */
+        code = krb5_k_verify_checksum(context, subkey,
+                                      KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, &empty,
+                                      cksum, &valid);
+        krb5_k_free_key(context, subkey);
+        if (code || !valid) {
+            status = GSS_S_BAD_SIG;
+            goto fail;
+        }
+
+        /* Use ap_options from the request to guess the mutual flag. */
+        *flags_out = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+        if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED)
+            *flags_out |= GSS_C_MUTUAL_FLAG;
+    } else {
+        /* The checksum must contain at least a fixed 24-byte part. */
+        if (cksum->length < MIN_8003_LEN) {
+            status = GSS_S_BAD_BINDINGS;
+            goto fail;
+        }
+
+        k5_input_init(&in, cksum->contents, cksum->length);
+        cb_len = k5_input_get_uint32_le(&in);
+        if (cb_len != CB_MD5_LEN) {
+            code = KG_BAD_LENGTH;
+            status = GSS_S_FAILURE;
+            goto fail;
+        }
+
+        token_cb = k5_input_get_bytes(&in, cb_len);
+        if (acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS) {
+            code = kg_checksum_channel_bindings(context, acceptor_cb,
+                                                &cb_cksum);
+            if (code) {
+                status = GSS_S_BAD_BINDINGS;
+                goto fail;
+            }
+            assert(cb_cksum.length == cb_len);
+            token_cb_present = (k5_bcmp(token_cb, null_cb, cb_len) != 0);
+            cb_match = (k5_bcmp(token_cb, cb_cksum.contents, cb_len) == 0);
+            if (token_cb_present && !cb_match) {
+                status = GSS_S_BAD_BINDINGS;
+                goto fail;
+            }
+        }
+
+        /* Read the token flags and accept some of them as context flags. */
+        token_flags = k5_input_get_uint32_le(&in);
+        *flags_out = token_flags & INITIATOR_FLAGS;
+        if (cb_match)
+            *flags_out |= GSS_C_CHANNEL_BOUND_FLAG;
+
+        /* Read the delegated credential if present. */
+        if (in.len >= 4 && (token_flags & GSS_C_DELEG_FLAG)) {
+            option_id = k5_input_get_uint16_le(&in);
+            option_len = k5_input_get_uint16_le(&in);
+            option_bytes = k5_input_get_bytes(&in, option_len);
+            option = make_data((uint8_t *)option_bytes, option_len);
+            if (in.status) {
+                code = KG_BAD_LENGTH;
+                status = GSS_S_FAILURE;
+                goto fail;
+            }
+            if (option_id != KRB5_GSS_FOR_CREDS_OPTION) {
+                status = GSS_S_FAILURE;
+                goto fail;
+            }
+
+            /* Store the delegated credential. */
+            code = rd_and_store_for_creds(context, auth_context, &option,
+                                          deleg_out);
+            if (code) {
+                status = GSS_S_FAILURE;
+                goto fail;
+            }
+            *flags_out |= GSS_C_DELEG_FLAG;
+        }
+
+        /* Process any extensions at the end of the checksum.  Extensions use
+         * 4-byte big-endian tag and length instead of 2-byte little-endian. */
+        while (in.len > 0) {
+            option_id = k5_input_get_uint32_be(&in);
+            option_len = k5_input_get_uint32_be(&in);
+            option_bytes = k5_input_get_bytes(&in, option_len);
+            option = make_data((uint8_t *)option_bytes, option_len);
+            if (in.status) {
+                code = KG_BAD_LENGTH;
+                status = GSS_S_FAILURE;
+                goto fail;
+            }
+
+            code = kg_process_extension(context, auth_context, option_id,
+                                        &option, exts);
+            if (code) {
+                status = GSS_S_FAILURE;
+                goto fail;
+            }
+        }
+    }
+
+    /*
+     * If the client asserts the KERB_AP_OPTIONS_CBT flag (from MS-KILE) in the
+     * authenticator authdata, and the acceptor passed channel bindings,
+     * require matching channel bindings from the client.  The intent is to
+     * prevent an authenticator generated for use outside of a TLS channel from
+     * being used inside of one.
+     */
+    code = check_cbt(context, authenticator->authorization_data, &client_cbt);
+    if (code) {
+        status = GSS_S_FAILURE;
+        goto fail;
+    }
+    if (client_cbt && acceptor_cb != GSS_C_NO_CHANNEL_BINDINGS && !cb_match) {
+        status = GSS_S_BAD_BINDINGS;
+        goto fail;
+    }
+
+    status = GSS_S_COMPLETE;
+
+fail:
+    free(cb_cksum.contents);
+    *code_out = code;
+    return status;
+}
+
+static OM_uint32
+kg_accept_krb5(minor_status, context_handle,
+               verifier_cred_handle, input_token,
+               input_chan_bindings, src_name, mech_type,
+               output_token, ret_flags, time_rec,
+               delegated_cred_handle, exts)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_cred_id_t verifier_cred_handle;
+    gss_buffer_t input_token;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_name_t *src_name;
+    gss_OID *mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+    gss_cred_id_t *delegated_cred_handle;
+    krb5_gss_ctx_ext_t exts;
+{
+    krb5_context context;
+    unsigned char *ptr;
+    krb5_gss_cred_id_t cred = 0;
+    krb5_data ap_rep, ap_req;
+    krb5_error_code code;
+    krb5_address addr, *paddr;
+    krb5_authenticator *authdat = 0;
+    krb5_gss_name_t name = NULL;
+    krb5_ui_4 gss_flags = 0;
+    krb5_gss_ctx_id_rec *ctx = NULL;
+    krb5_timestamp now;
+    gss_buffer_desc token;
+    krb5_auth_context auth_context = NULL;
+    krb5_ticket * ticket = NULL;
+    const gss_OID_desc *mech_used = NULL;
+    OM_uint32 major_status;
+    OM_uint32 tmp_minor_status;
+    krb5_error krb_error_data;
+    krb5_data scratch;
+    gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
+    krb5_gss_cred_id_t deleg_cred = NULL;
+    krb5int_access kaccess;
+    int cred_rcache = 0;
+    int no_encap = 0;
+    krb5_flags ap_req_options = 0;
+    krb5_enctype negotiated_etype;
+    krb5_authdata_context ad_context = NULL;
+    krb5_ap_req *request = NULL;
+    struct k5buf buf;
+
+    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code) {
+        *minor_status = code;
+        return(GSS_S_FAILURE);
+    }
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    /* set up returns to be freeable */
+
+    if (src_name)
+        *src_name = (gss_name_t) NULL;
+    output_token->length = 0;
+    output_token->value = NULL;
+    token.value = 0;
+    ap_req.data = 0;
+    ap_rep.data = 0;
+
+    if (mech_type)
+        *mech_type = GSS_C_NULL_OID;
+    /* return a bogus cred handle */
+    if (delegated_cred_handle)
+        *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    /* handle default cred handle */
+    if (verifier_cred_handle == GSS_C_NO_CREDENTIAL) {
+        major_status = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME,
+                                             GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+                                             GSS_C_ACCEPT, &defcred,
+                                             NULL, NULL);
+        if (major_status != GSS_S_COMPLETE) {
+            code = *minor_status;
+            goto fail;
+        }
+        verifier_cred_handle = defcred;
+    }
+
+    /* Resolve any initiator state in the verifier cred and lock it. */
+    major_status = kg_cred_resolve(minor_status, context, verifier_cred_handle,
+                                   GSS_C_NO_NAME);
+    if (GSS_ERROR(major_status)) {
+        code = *minor_status;
+        goto fail;
+    }
+    cred = (krb5_gss_cred_id_t)verifier_cred_handle;
+
+    /* make sure the supplied credentials are valid for accept */
+
+    if ((cred->usage != GSS_C_ACCEPT) &&
+        (cred->usage != GSS_C_BOTH)) {
+        code = 0;
+        major_status = GSS_S_NO_CRED;
+        goto fail;
+    }
+
+    /* verify the token's integrity, and leave the token in ap_req.
+       figure out which mech oid was used, and save it */
+
+    ptr = (unsigned char *) input_token->value;
+
+    if (!(code = g_verify_token_header(gss_mech_krb5,
+                                       &(ap_req.length),
+                                       &ptr, KG_TOK_CTX_AP_REQ,
+                                       input_token->length, 1))) {
+        mech_used = gss_mech_krb5;
+    } else if ((code == G_WRONG_MECH)
+               &&!(code = g_verify_token_header((gss_OID) gss_mech_iakerb,
+                                                &(ap_req.length),
+                                                &ptr, KG_TOK_CTX_AP_REQ,
+                                                input_token->length, 1))) {
+        mech_used = gss_mech_iakerb;
+    } else if ((code == G_WRONG_MECH)
+               &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong,
+                                                &(ap_req.length),
+                                                &ptr, KG_TOK_CTX_AP_REQ,
+                                                input_token->length, 1))) {
+        mech_used = gss_mech_krb5_wrong;
+    } else if ((code == G_WRONG_MECH) &&
+               !(code = g_verify_token_header(gss_mech_krb5_old,
+                                              &(ap_req.length),
+                                              &ptr, KG_TOK_CTX_AP_REQ,
+                                              input_token->length, 1))) {
+        /*
+         * Previous versions of this library used the old mech_id
+         * and some broken behavior (wrong IV on checksum
+         * encryption).  We support the old mech_id for
+         * compatibility, and use it to decide when to use the
+         * old behavior.
+         */
+        mech_used = gss_mech_krb5_old;
+    } else if (code == G_WRONG_TOKID) {
+        major_status = GSS_S_CONTINUE_NEEDED;
+        code = KRB5KRB_AP_ERR_MSG_TYPE;
+        mech_used = gss_mech_krb5;
+        goto fail;
+    } else if (code == G_BAD_TOK_HEADER) {
+        /* DCE style not encapsulated */
+        ap_req.length = input_token->length;
+        mech_used = gss_mech_krb5;
+        no_encap = 1;
+    } else {
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto fail;
+    }
+    ap_req.data = (char *)ptr;
+
+    /* construct the sender_addr */
+
+    if ((input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) &&
+        (input_chan_bindings->initiator_addrtype == GSS_C_AF_INET)) {
+        /* XXX is this right? */
+        addr.addrtype = ADDRTYPE_INET;
+        addr.length = input_chan_bindings->initiator_address.length;
+        addr.contents = input_chan_bindings->initiator_address.value;
+
+        paddr = &addr;
+    } else {
+        paddr = NULL;
+    }
+
+    /* decode the AP_REQ message */
+    code = decode_krb5_ap_req(&ap_req, &request);
+    if (code) {
+        major_status = GSS_S_FAILURE;
+        goto done;
+    }
+    ticket = request->ticket;
+
+    /* decode the message */
+
+    if ((code = krb5_auth_con_init(context, &auth_context))) {
+        major_status = GSS_S_FAILURE;
+        save_error_info((OM_uint32)code, context);
+        goto fail;
+    }
+    if (cred->rcache) {
+        cred_rcache = 1;
+        if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+    if ((code = krb5_auth_con_setaddrs(context, auth_context, NULL, paddr))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    /* Limit the encryption types negotiated (if requested). */
+    if (cred->req_enctypes) {
+        if ((code = krb5_auth_con_setpermetypes(context, auth_context,
+                                                cred->req_enctypes))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+
+    code = krb5_rd_req_decoded(context, &auth_context, request,
+                               cred->acceptor_mprinc, cred->keytab,
+                               &ap_req_options, NULL);
+    if (code) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+    krb5_auth_con_setflags(context, auth_context,
+                           KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+    krb5_auth_con_getauthenticator(context, auth_context, &authdat);
+
+    major_status = process_checksum(minor_status, context, input_chan_bindings,
+                                    auth_context, ap_req_options,
+                                    authdat, exts,
+                                    delegated_cred_handle ? &deleg_cred : NULL,
+                                    &gss_flags, &code);
+
+    if (major_status != GSS_S_COMPLETE)
+        goto fail;
+
+    if (exts->iakerb.conv && !exts->iakerb.verified) {
+        major_status = GSS_S_BAD_SIG;
+        goto fail;
+    }
+
+    /* only DCE_STYLE clients are allowed to send raw AP-REQs */
+    if (no_encap != ((gss_flags & GSS_C_DCE_STYLE) != 0)) {
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto fail;
+    }
+
+    /* create the ctx struct and start filling it in */
+
+    if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
+        == NULL) {
+        code = ENOMEM;
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+    ctx->magic = KG_CONTEXT;
+    ctx->mech_used = (gss_OID) mech_used;
+    ctx->auth_context = auth_context;
+    ctx->initiate = 0;
+    ctx->gss_flags = gss_flags | GSS_C_TRANS_FLAG;
+    ctx->seed_init = 0;
+    ctx->cred_rcache = cred_rcache;
+
+    /* XXX move this into gss_name_t */
+    if (        (code = krb5_merge_authdata(context,
+                                            ticket->enc_part2->authorization_data,
+                                            authdat->authorization_data,
+                                            &ctx->authdata))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+    if ((code = kg_init_name(context, ticket->server, NULL, NULL, NULL, 0,
+                             &ctx->here))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+    if ((code = krb5_auth_con_get_authdata_context(context, auth_context,
+                                                   &ad_context))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+    if ((code = kg_init_name(context, authdat->client, NULL, NULL,
+                             ad_context, KG_INIT_NAME_NO_COPY, &ctx->there))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+    /* Now owned by ctx->there */
+    authdat->client = NULL;
+    krb5_auth_con_set_authdata_context(context, auth_context, NULL);
+
+    if ((code = krb5_auth_con_getrecvsubkey_k(context, auth_context,
+                                              &ctx->subkey))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    /* use the session key if the subkey isn't present */
+
+    if (ctx->subkey == NULL) {
+        if ((code = krb5_auth_con_getkey_k(context, auth_context,
+                                           &ctx->subkey))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+
+    if (ctx->subkey == NULL) {
+        /* this isn't a very good error, but it's not clear to me this
+           can actually happen */
+        major_status = GSS_S_FAILURE;
+        code = KRB5KDC_ERR_NULL_KEY;
+        goto fail;
+    }
+
+    ctx->enc = NULL;
+    ctx->seq = NULL;
+    ctx->have_acceptor_subkey = 0;
+    /* DCE_STYLE implies acceptor_subkey */
+    if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
+        code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
+        if (code) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+    ctx->krb_times = ticket->enc_part2->times; /* struct copy */
+    ctx->krb_flags = ticket->enc_part2->flags;
+
+    if (delegated_cred_handle != NULL &&
+        deleg_cred == NULL && /* no unconstrained delegation */
+        cred->usage == GSS_C_BOTH) {
+        /*
+         * Now, we always fabricate a delegated credentials handle
+         * containing the service ticket to ourselves, which can be
+         * used for S4U2Proxy.
+         */
+        major_status = create_constrained_deleg_creds(minor_status, cred,
+                                                      ticket, &deleg_cred,
+                                                      context);
+        if (GSS_ERROR(major_status))
+            goto fail;
+        ctx->gss_flags |= GSS_C_DELEG_FLAG;
+    }
+
+    {
+        krb5_int32 seq_temp;
+        krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp);
+        ctx->seq_recv = (uint32_t)seq_temp;
+    }
+
+    if ((code = krb5_timeofday(context, &now))) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    code = g_seqstate_init(&ctx->seqstate, ctx->seq_recv,
+                           (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+                           (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0,
+                           ctx->proto);
+    if (code) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    /* DCE_STYLE implies mutual authentication */
+    if (ctx->gss_flags & GSS_C_DCE_STYLE)
+        ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
+
+    /* at this point, the entire context structure is filled in,
+       so it can be released.  */
+
+    /* generate an AP_REP if necessary */
+
+    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
+        krb5_int32 seq_temp;
+        int cfx_generate_subkey;
+
+        /*
+         * Do not generate a subkey per RFC 4537 unless we are upgrading to CFX,
+         * because pre-CFX tokens do not indicate which key to use. (Note that
+         * DCE_STYLE implies that we will use a subkey.)
+         */
+        if (ctx->proto == 0 &&
+            (ctx->gss_flags & GSS_C_DCE_STYLE) == 0 &&
+            (ap_req_options & AP_OPTS_USE_SUBKEY)) {
+            code = (*kaccess.auth_con_get_subkey_enctype)(context,
+                                                          auth_context,
+                                                          &negotiated_etype);
+            if (code != 0) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+
+            switch (negotiated_etype) {
+            case ENCTYPE_DES3_CBC_SHA1:
+            case ENCTYPE_ARCFOUR_HMAC:
+            case ENCTYPE_ARCFOUR_HMAC_EXP:
+                /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer"
+                 * enctype, even though RFC 4757 treats it as one. */
+                ap_req_options &= ~(AP_OPTS_USE_SUBKEY);
+                break;
+            }
+        }
+
+        if (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
+            (ap_req_options & AP_OPTS_USE_SUBKEY))
+            cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY;
+        else
+            cfx_generate_subkey = 0;
+
+        if (cfx_generate_subkey) {
+            krb5_int32 acflags;
+            code = krb5_auth_con_getflags(context, auth_context, &acflags);
+            if (code == 0) {
+                acflags |= KRB5_AUTH_CONTEXT_USE_SUBKEY;
+                code = krb5_auth_con_setflags(context, auth_context, acflags);
+            }
+            if (code) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+        }
+
+        if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+
+        krb5_auth_con_getlocalseqnumber(context, auth_context, &seq_temp);
+        ctx->seq_send = (uint32_t)seq_temp;
+
+        if (cfx_generate_subkey) {
+            /* Get the new acceptor subkey.  With the code above, there
+               should always be one if we make it to this point.  */
+            code = krb5_auth_con_getsendsubkey_k(context, auth_context,
+                                                 &ctx->acceptor_subkey);
+            if (code != 0) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+            ctx->have_acceptor_subkey = 1;
+
+            code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
+                                 &ctx->acceptor_subkey_cksumtype);
+            if (code) {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+        }
+
+        /* the reply token hasn't been sent yet, but that's ok. */
+        if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+            assert(ctx->have_acceptor_subkey);
+
+            /* in order to force acceptor subkey to be used, don't set PROT_READY */
+
+            /* Raw AP-REP is returned */
+            code = data_to_gss(&ap_rep, output_token);
+            if (code)
+            {
+                major_status = GSS_S_FAILURE;
+                goto fail;
+            }
+
+            ctx->established = 0;
+
+            *context_handle = (gss_ctx_id_t)ctx;
+            *minor_status = 0;
+            major_status = GSS_S_CONTINUE_NEEDED;
+
+            /* Only last leg should set return arguments */
+            goto fail;
+        } else
+            ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+
+        ctx->established = 1;
+
+        token.length = g_token_size(mech_used, ap_rep.length);
+        token.value = gssalloc_malloc(token.length);
+        if (token.value == NULL) {
+            major_status = GSS_S_FAILURE;
+            code = ENOMEM;
+            goto fail;
+        }
+        k5_buf_init_fixed(&buf, token.value, token.length);
+        g_make_token_header(&buf, mech_used, ap_rep.length, KG_TOK_CTX_AP_REP);
+        k5_buf_add_len(&buf, ap_rep.data, ap_rep.length);
+        assert(buf.len == token.length);
+
+        ctx->established = 1;
+
+    } else {
+        token.length = 0;
+        token.value = NULL;
+        ctx->seq_send = ctx->seq_recv;
+
+        ctx->established = 1;
+    }
+
+    /* set the return arguments */
+
+    if (src_name) {
+        code = kg_duplicate_name(context, ctx->there, &name);
+        if (code) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+    }
+
+    if (mech_type)
+        *mech_type = (gss_OID) mech_used;
+
+    /* Add the maximum allowable clock skew as a grace period for context
+     * expiration, just as we do for the ticket. */
+    if (time_rec) {
+        *time_rec = ts_interval(ts_incr(now, -context->clockskew),
+                                ctx->krb_times.endtime);
+    }
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    *context_handle = (gss_ctx_id_t)ctx;
+    *output_token = token;
+
+    if (src_name)
+        *src_name = (gss_name_t) name;
+
+    if (delegated_cred_handle)
+        *delegated_cred_handle = (gss_cred_id_t) deleg_cred;
+
+    /* finally! */
+
+    *minor_status = 0;
+    major_status = GSS_S_COMPLETE;
+
+fail:
+    if (authdat)
+        krb5_free_authenticator(context, authdat);
+    /* The ctx structure has the handle of the auth_context */
+    if (auth_context && !ctx) {
+        if (cred_rcache)
+            (void)krb5_auth_con_setrcache(context, auth_context, NULL);
+
+        krb5_auth_con_free(context, auth_context);
+    }
+    if (ap_rep.data)
+        krb5_free_data_contents(context, &ap_rep);
+    if (major_status == GSS_S_COMPLETE ||
+        (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
+        ctx->k5_context = context;
+        context = NULL;
+        goto done;
+    }
+
+    /* from here on is the real "fail" code */
+
+    if (ctx)
+        (void) krb5_gss_delete_sec_context(&tmp_minor_status,
+                                           (gss_ctx_id_t *) &ctx, NULL);
+    if (deleg_cred) { /* free memory associated with the deleg credential */
+        if (deleg_cred->ccache)
+            (void)krb5_cc_close(context, deleg_cred->ccache);
+        if (deleg_cred->name)
+            kg_release_name(context, &deleg_cred->name);
+        xfree(deleg_cred);
+    }
+    if (token.value)
+        xfree(token.value);
+    if (name) {
+        (void) kg_release_name(context, &name);
+    }
+
+    *minor_status = code;
+
+    /* We may have failed before being able to read the GSS flags from the
+     * authenticator, so also check the request AP options. */
+    if (cred != NULL && request != NULL &&
+        ((gss_flags & GSS_C_MUTUAL_FLAG) ||
+         (request->ap_options & AP_OPTS_MUTUAL_REQUIRED) ||
+         major_status == GSS_S_CONTINUE_NEEDED)) {
+        unsigned int tmsglen;
+
+        /*
+         * The client is expecting a response, so we can send an
+         * error token back
+         */
+        memset(&krb_error_data, 0, sizeof(krb_error_data));
+
+        code -= ERROR_TABLE_BASE_krb5;
+        if (code < 0 || code > KRB_ERR_MAX)
+            code = 60 /* KRB_ERR_GENERIC */;
+
+        krb_error_data.error = code;
+        (void) krb5_us_timeofday(context, &krb_error_data.stime,
+                                 &krb_error_data.susec);
+
+        krb_error_data.server = ticket->server;
+        code = krb5_mk_error(context, &krb_error_data, &scratch);
+        if (code)
+            goto done;
+
+        tmsglen = scratch.length;
+
+        token.length = g_token_size(mech_used, tmsglen);
+        token.value = gssalloc_malloc(token.length);
+        if (!token.value)
+            goto done;
+        k5_buf_init_fixed(&buf, token.value, token.length);
+        g_make_token_header(&buf, mech_used, tmsglen, KG_TOK_CTX_ERROR);
+        k5_buf_add_len(&buf, scratch.data, scratch.length);
+        assert(buf.len == token.length);
+
+        krb5_free_data_contents(context, &scratch);
+
+        *output_token = token;
+    }
+
+done:
+    krb5_free_ap_req(context, request);
+    if (cred)
+        k5_mutex_unlock(&cred->lock);
+    if (defcred)
+        krb5_gss_release_cred(&tmp_minor_status, &defcred);
+    if (context) {
+        if (major_status && *minor_status)
+            save_error_info(*minor_status, context);
+        krb5_free_context(context);
+    }
+    return (major_status);
+}
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_accept_sec_context_ext(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    gss_cred_id_t verifier_cred_handle,
+    gss_buffer_t input_token,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_name_t *src_name,
+    gss_OID *mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    gss_cred_id_t *delegated_cred_handle,
+    krb5_gss_ctx_ext_t exts)
+{
+    krb5_gss_ctx_id_rec *ctx = (krb5_gss_ctx_id_rec *)*context_handle;
+
+    /*
+     * Context handle must be unspecified.  Actually, it must be
+     * non-established, but currently, accept_sec_context never returns
+     * a non-established context handle.
+     */
+    /*SUPPRESS 29*/
+    if (ctx != NULL) {
+        if (ctx->established == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+            return kg_accept_dce(minor_status, context_handle,
+                                 verifier_cred_handle, input_token,
+                                 input_chan_bindings, src_name, mech_type,
+                                 output_token, ret_flags, time_rec,
+                                 delegated_cred_handle);
+        } else {
+            *minor_status = EINVAL;
+            save_error_string(EINVAL, "accept_sec_context called with existing context handle");
+            return GSS_S_FAILURE;
+        }
+    }
+
+    return kg_accept_krb5(minor_status, context_handle,
+                          verifier_cred_handle, input_token,
+                          input_chan_bindings, src_name, mech_type,
+                          output_token, ret_flags, time_rec,
+                          delegated_cred_handle, exts);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_accept_sec_context(minor_status, context_handle,
+                            verifier_cred_handle, input_token,
+                            input_chan_bindings, src_name, mech_type,
+                            output_token, ret_flags, time_rec,
+                            delegated_cred_handle)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_cred_id_t verifier_cred_handle;
+    gss_buffer_t input_token;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_name_t *src_name;
+    gss_OID *mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+    gss_cred_id_t *delegated_cred_handle;
+{
+    krb5_gss_ctx_ext_rec exts;
+
+    memset(&exts, 0, sizeof(exts));
+
+    return krb5_gss_accept_sec_context_ext(minor_status,
+                                           context_handle,
+                                           verifier_cred_handle,
+                                           input_token,
+                                           input_chan_bindings,
+                                           src_name,
+                                           mech_type,
+                                           output_token,
+                                           ret_flags,
+                                           time_rec,
+                                           delegated_cred_handle,
+                                           &exts);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/acquire_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/acquire_cred.c
new file mode 100644
index 00000000..006eba11
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/acquire_cred.c
@@ -0,0 +1,1369 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2000, 2007-2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+
+#ifdef USE_LEASH
+#ifdef _WIN64
+#define LEASH_DLL "leashw64.dll"
+#else
+#define LEASH_DLL "leashw32.dll"
+#endif
+static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL;
+static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
+#endif
+
+#ifndef LEAN_CLIENT
+k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+static char *krb5_gss_keytab = NULL;
+
+/* Heimdal calls this gsskrb5_register_acceptor_identity. */
+OM_uint32
+gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status,
+                                       const gss_OID desired_mech,
+                                       const gss_OID desired_object,
+                                       gss_buffer_t value)
+{
+    char *new = NULL, *old;
+    int err;
+
+    err = gss_krb5int_initialize_library();
+    if (err != 0)
+        return GSS_S_FAILURE;
+
+    if (value->value != NULL) {
+        new = strdup((char *)value->value);
+        if (new == NULL)
+            return GSS_S_FAILURE;
+    }
+
+    k5_mutex_lock(&gssint_krb5_keytab_lock);
+    old = krb5_gss_keytab;
+    krb5_gss_keytab = new;
+    k5_mutex_unlock(&gssint_krb5_keytab_lock);
+    free(old);
+    return GSS_S_COMPLETE;
+}
+
+/* Try to verify that keytab contains at least one entry for name.  Return 0 if
+ * it does, KRB5_KT_NOTFOUND if it doesn't, or another error as appropriate. */
+static krb5_error_code
+check_keytab(krb5_context context, krb5_keytab kt, krb5_gss_name_t name,
+             krb5_principal mprinc)
+{
+    krb5_error_code code;
+    krb5_keytab_entry ent;
+    char *princname;
+
+    if (name->service == NULL) {
+        code = krb5_kt_get_entry(context, kt, name->princ, 0, 0, &ent);
+        if (code == 0)
+            krb5_kt_free_entry(context, &ent);
+        return code;
+    }
+
+    /* If we can't iterate through the keytab, skip this check. */
+    if (kt->ops->start_seq_get == NULL)
+        return 0;
+
+    /* Scan the keytab for host-based entries matching mprinc. */
+    code = k5_kt_have_match(context, kt, mprinc);
+    if (code == KRB5_KT_NOTFOUND) {
+        if (krb5_unparse_name(context, mprinc, &princname) == 0) {
+            k5_setmsg(context, code, _("No key table entry found matching %s"),
+                      princname);
+            free(princname);
+        }
+    }
+    return code;
+}
+
+/* get credentials corresponding to a key in the krb5 keytab.
+   If successful, set the keytab-specific fields in cred
+*/
+
+static OM_uint32
+acquire_accept_cred(krb5_context context, OM_uint32 *minor_status,
+                    krb5_keytab req_keytab, const char *rcname,
+                    krb5_gss_cred_id_rec *cred)
+{
+    OM_uint32 major;
+    krb5_error_code code;
+    krb5_keytab kt = NULL;
+    krb5_rcache rc = NULL;
+
+    assert(cred->keytab == NULL);
+
+    /* If we have an explicit rcache name, open it. */
+    if (rcname != NULL) {
+        code = k5_rc_resolve(context, rcname, &rc);
+        if (code) {
+            major = GSS_S_FAILURE;
+            goto cleanup;
+        }
+    }
+
+    if (req_keytab != NULL) {
+        code = krb5_kt_dup(context, req_keytab, &kt);
+    } else {
+        k5_mutex_lock(&gssint_krb5_keytab_lock);
+        if (krb5_gss_keytab != NULL) {
+            code = krb5_kt_resolve(context, krb5_gss_keytab, &kt);
+            k5_mutex_unlock(&gssint_krb5_keytab_lock);
+        } else {
+            k5_mutex_unlock(&gssint_krb5_keytab_lock);
+            code = krb5_kt_default(context, &kt);
+        }
+    }
+    if (code) {
+        major = GSS_S_NO_CRED;
+        goto cleanup;
+    }
+
+    if (cred->name != NULL) {
+        code = kg_acceptor_princ(context, cred->name, &cred->acceptor_mprinc);
+        if (code) {
+            major = GSS_S_FAILURE;
+            goto cleanup;
+        }
+
+        /* Make sure we have keys matching the desired name in the keytab. */
+        code = check_keytab(context, kt, cred->name, cred->acceptor_mprinc);
+        if (code) {
+            if (code == KRB5_KT_NOTFOUND) {
+                k5_change_error_message_code(context, code, KG_KEYTAB_NOMATCH);
+                code = KG_KEYTAB_NOMATCH;
+            }
+            major = GSS_S_NO_CRED;
+            goto cleanup;
+        }
+
+        if (rc == NULL) {
+            /* Open the replay cache for this principal. */
+            code = krb5_get_server_rcache(context, &cred->name->princ->data[0],
+                                          &rc);
+            if (code) {
+                major = GSS_S_FAILURE;
+                goto cleanup;
+            }
+        }
+    } else {
+        /* Make sure we have a keytab with keys in it. */
+        code = krb5_kt_have_content(context, kt);
+        if (code) {
+            major = GSS_S_NO_CRED;
+            goto cleanup;
+        }
+    }
+
+    cred->keytab = kt;
+    kt = NULL;
+    cred->rcache = rc;
+    rc = NULL;
+    major = GSS_S_COMPLETE;
+
+cleanup:
+    if (kt != NULL)
+        krb5_kt_close(context, kt);
+    if (rc != NULL)
+        k5_rc_close(context, rc);
+    *minor_status = code;
+    return major;
+}
+#endif /* LEAN_CLIENT */
+
+#ifdef USE_LEASH
+static krb5_error_code
+get_ccache_leash(krb5_context context, krb5_principal desired_princ,
+                 krb5_ccache *ccache_out)
+{
+    krb5_error_code code;
+    krb5_ccache ccache;
+    char ccname[256] = "";
+
+    *ccache_out = NULL;
+
+    if (hLeashDLL == INVALID_HANDLE_VALUE) {
+        hLeashDLL = LoadLibrary(LEASH_DLL);
+        if (hLeashDLL != INVALID_HANDLE_VALUE) {
+            (FARPROC) pLeash_AcquireInitialTicketsIfNeeded =
+                GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
+        }
+    }
+
+    if (pLeash_AcquireInitialTicketsIfNeeded) {
+        pLeash_AcquireInitialTicketsIfNeeded(context, desired_princ, ccname,
+                                             sizeof(ccname));
+        if (!ccname[0])
+            return KRB5_CC_NOTFOUND;
+
+        code = krb5_cc_resolve(context, ccname, &ccache);
+        if (code)
+            return code;
+    } else {
+        /* leash dll not available, open the default credential cache. */
+        code = krb5int_cc_default(context, &ccache);
+        if (code)
+            return code;
+    }
+
+    *ccache_out = ccache;
+    return 0;
+}
+#endif /* USE_LEASH */
+
+/* Set fields in cred according to a ccache config entry whose key (in
+ * principal form) is config_princ and whose value is value. */
+static krb5_error_code
+scan_cc_config(krb5_context context, krb5_gss_cred_id_rec *cred,
+               krb5_const_principal config_princ, const krb5_data *value)
+{
+    krb5_error_code code;
+    krb5_data data0 = empty_data();
+
+    if (config_princ->length != 2)
+        return 0;
+    if (data_eq_string(config_princ->data[1], KRB5_CC_CONF_PROXY_IMPERSONATOR)
+        && cred->impersonator == NULL) {
+        code = krb5int_copy_data_contents_add0(context, value, &data0);
+        if (code)
+            return code;
+        code = krb5_parse_name(context, data0.data, &cred->impersonator);
+        krb5_free_data_contents(context, &data0);
+        if (code)
+            return code;
+    } else if (data_eq_string(config_princ->data[1], KRB5_CC_CONF_REFRESH_TIME)
+               && cred->refresh_time == 0) {
+        code = krb5int_copy_data_contents_add0(context, value, &data0);
+        if (code)
+            return code;
+        cred->refresh_time = atol(data0.data);
+        krb5_free_data_contents(context, &data0);
+    }
+    return 0;
+}
+
+/* Return true if it appears that we can non-interactively get initial
+ * tickets for cred. */
+static krb5_boolean
+can_get_initial_creds(krb5_context context, krb5_gss_cred_id_rec *cred)
+{
+    krb5_error_code code;
+
+    if (cred->password != NULL)
+        return TRUE;
+
+    if (cred->client_keytab == NULL)
+        return FALSE;
+
+    /* If we don't know the client principal yet, check for any keytab keys. */
+    if (cred->name == NULL)
+        return !krb5_kt_have_content(context, cred->client_keytab);
+
+    /*
+     * Check if we have a keytab key for the client principal.  This is a bit
+     * more permissive than we really want because krb5_kt_have_match()
+     * supports wildcarding and obeys ignore_acceptor_hostname, but that should
+     * generally be harmless.
+     */
+    code = k5_kt_have_match(context, cred->client_keytab, cred->name->princ);
+    return code == 0;
+}
+
+/* Scan cred->ccache for name, expiry time, impersonator, refresh time.  If
+ * check_name is true, verify the cache name against the credential name. */
+static krb5_error_code
+scan_ccache(krb5_context context, krb5_gss_cred_id_rec *cred,
+            krb5_boolean check_name)
+{
+    krb5_error_code code;
+    krb5_ccache ccache = cred->ccache;
+    krb5_principal ccache_princ = NULL, tgt_princ = NULL;
+    krb5_data *realm;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_timestamp endtime;
+    krb5_boolean is_tgt;
+
+    /* Turn on NOTICKET, as we don't need session keys here. */
+    code = krb5_cc_set_flags(context, ccache, KRB5_TC_NOTICKET);
+    if (code)
+        return code;
+
+    code = krb5_cc_get_principal(context, ccache, &ccache_princ);
+    if (code != 0)
+        goto cleanup;
+
+    if (cred->name == NULL) {
+        /* Save the ccache principal as the credential name. */
+        code = kg_init_name(context, ccache_princ, NULL, NULL, NULL,
+                            KG_INIT_NAME_NO_COPY, &cred->name);
+        if (code)
+            goto cleanup;
+        ccache_princ = NULL;
+    } else {
+        /* Check against the desired name if needed. */
+        if (check_name) {
+            if (!k5_sname_compare(context, cred->name->princ, ccache_princ)) {
+                code = KG_CCACHE_NOMATCH;
+                goto cleanup;
+            }
+        }
+
+        /* Replace the credential name principal with the canonical client
+         * principal, retaining acceptor_mprinc if set. */
+        krb5_free_principal(context, cred->name->princ);
+        cred->name->princ = ccache_princ;
+        ccache_princ = NULL;
+    }
+
+    assert(cred->name->princ != NULL);
+    realm = krb5_princ_realm(context, cred->name->princ);
+    code = krb5_build_principal_ext(context, &tgt_princ,
+                                    realm->length, realm->data,
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    realm->length, realm->data,
+                                    0);
+    if (code)
+        return code;
+
+    /* If there's a tgt for the principal's local realm in here, use its expiry
+     * time.  Otherwise use the first key. */
+    code = krb5_cc_start_seq_get(context, ccache, &cursor);
+    if (code) {
+        krb5_free_principal(context, tgt_princ);
+        return code;
+    }
+    while (!(code = krb5_cc_next_cred(context, ccache, &cursor, &creds))) {
+        if (krb5_is_config_principal(context, creds.server)) {
+            code = scan_cc_config(context, cred, creds.server, &creds.ticket);
+            krb5_free_cred_contents(context, &creds);
+            if (code)
+                break;
+            continue;
+        }
+        is_tgt = krb5_principal_compare(context, tgt_princ, creds.server);
+        endtime = creds.times.endtime;
+        krb5_free_cred_contents(context, &creds);
+        if (is_tgt)
+            cred->have_tgt = TRUE;
+        if (is_tgt || cred->expire == 0)
+            cred->expire = endtime;
+    }
+    krb5_cc_end_seq_get(context, ccache, &cursor);
+    if (code && code != KRB5_CC_END)
+        goto cleanup;
+    code = 0;
+
+    if (cred->expire == 0 && !can_get_initial_creds(context, cred)) {
+        code = KG_EMPTY_CCACHE;
+        goto cleanup;
+    }
+
+cleanup:
+    (void)krb5_cc_set_flags(context, ccache, 0);
+    krb5_free_principal(context, ccache_princ);
+    krb5_free_principal(context, tgt_princ);
+    return code;
+}
+
+/* Find an existing or destination ccache for cred->name. */
+static krb5_error_code
+get_cache_for_name(krb5_context context, krb5_gss_cred_id_rec *cred)
+{
+    krb5_error_code code;
+    krb5_boolean can_get, have_collection;
+    krb5_ccache defcc = NULL;
+    krb5_principal princ = NULL;
+    const char *cctype;
+
+    assert(cred->name != NULL && cred->ccache == NULL);
+#ifdef USE_LEASH
+    code = get_ccache_leash(context, cred->name->princ, &cred->ccache);
+    return code ? code : scan_ccache(context, cred, TRUE);
+#else
+    /* Check first whether we can acquire tickets, to avoid overwriting the
+     * extended error message from krb5_cc_cache_match. */
+    can_get = can_get_initial_creds(context, cred);
+
+    /* Look for an existing cache for the client principal. */
+    code = krb5_cc_cache_match(context, cred->name->princ, &cred->ccache);
+    if (code == 0)
+        return scan_ccache(context, cred, FALSE);
+    if (code != KRB5_CC_NOTFOUND || !can_get)
+        return code;
+    krb5_clear_error_message(context);
+
+    /* There is no existing ccache, but we can acquire credentials.  Get the
+     * default ccache to help decide where we should put them. */
+    code = krb5_cc_default(context, &defcc);
+    if (code)
+        return code;
+    cctype = krb5_cc_get_type(context, defcc);
+    have_collection = krb5_cc_support_switch(context, cctype);
+
+    /* We can use an empty default ccache if we're using a password or if
+     * there's no collection. */
+    if (cred->password != NULL || !have_collection) {
+        if (krb5_cc_get_principal(context, defcc, &princ) == KRB5_FCC_NOFILE) {
+            cred->ccache = defcc;
+            defcc = NULL;
+        }
+        krb5_clear_error_message(context);
+    }
+
+    /* Otherwise, try to use a new cache in the collection. */
+    if (cred->ccache == NULL) {
+        if (!have_collection) {
+            code = KG_CCACHE_NOMATCH;
+            goto cleanup;
+        }
+        code = krb5_cc_new_unique(context, cctype, NULL, &cred->ccache);
+        if (code)
+            goto cleanup;
+    }
+
+cleanup:
+    krb5_free_principal(context, princ);
+    if (defcc != NULL)
+        krb5_cc_close(context, defcc);
+    return code;
+#endif /* not USE_LEASH */
+}
+
+/* Try to set cred->name using the client keytab. */
+static krb5_error_code
+get_name_from_client_keytab(krb5_context context, krb5_gss_cred_id_rec *cred)
+{
+    krb5_error_code code;
+    krb5_principal princ;
+
+    assert(cred->name == NULL);
+
+    if (cred->client_keytab == NULL)
+        return KRB5_KT_NOTFOUND;
+
+    code = k5_kt_get_principal(context, cred->client_keytab, &princ);
+    if (code)
+        return code;
+    code = kg_init_name(context, princ, NULL, NULL, NULL, KG_INIT_NAME_NO_COPY,
+                        &cred->name);
+    if (code) {
+        krb5_free_principal(context, princ);
+        return code;
+    }
+    return 0;
+}
+
+/* Make a note in ccache that we should attempt to refresh it from the client
+ * keytab at refresh_time. */
+static void
+set_refresh_time(krb5_context context, krb5_ccache ccache,
+                 krb5_timestamp refresh_time)
+{
+    char buf[128];
+    krb5_data d;
+
+    snprintf(buf, sizeof(buf), "%u", (unsigned int)ts2tt(refresh_time));
+    d = string2data(buf);
+    (void)krb5_cc_set_config(context, ccache, NULL, KRB5_CC_CONF_REFRESH_TIME,
+                             &d);
+    krb5_clear_error_message(context);
+}
+
+/* Return true if it's time to refresh cred from the client keytab.  If
+ * returning true, avoid retrying for 30 seconds. */
+krb5_boolean
+kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred)
+{
+    krb5_timestamp now, soon;
+
+    if (krb5_timeofday(context, &now))
+        return FALSE;
+    soon = ts_incr(now, 30);
+    if (cred->refresh_time != 0 && !ts_after(cred->refresh_time, now)) {
+        set_refresh_time(context, cred->ccache, soon);
+        return TRUE;
+    }
+
+    /* If the creds will expire soon, try to refresh even if they weren't
+     * acquired with a client keytab. */
+    if (ts_after(soon, cred->expire)) {
+        set_refresh_time(context, cred->ccache, soon);
+        return TRUE;
+    }
+
+    return FALSE;
+}
+
+/* If appropriate, make a note to refresh cred from the client keytab when it
+ * is halfway to expired. */
+void
+kg_cred_set_initial_refresh(krb5_context context, krb5_gss_cred_id_rec *cred,
+                            krb5_ticket_times *times)
+{
+    krb5_timestamp refresh;
+
+    /* For now, we only mark keytab-acquired credentials for refresh. */
+    if (cred->password != NULL)
+        return;
+
+    /* Make a note to refresh these when they are halfway to expired. */
+    refresh = ts_incr(times->starttime,
+                      ts_delta(times->endtime, times->starttime) / 2);
+    set_refresh_time(context, cred->ccache, refresh);
+}
+
+struct verify_params {
+    krb5_principal princ;
+    krb5_keytab keytab;
+};
+
+static krb5_error_code
+verify_initial_cred(krb5_context context, krb5_creds *creds,
+                    const struct verify_params *verify)
+{
+    krb5_verify_init_creds_opt vopts;
+
+    krb5_verify_init_creds_opt_init(&vopts);
+    krb5_verify_init_creds_opt_set_ap_req_nofail(&vopts, TRUE);
+    return krb5_verify_init_creds(context, creds, verify->princ,
+                                  verify->keytab, NULL, &vopts);
+}
+
+/* Get initial credentials using the supplied password or client keytab. */
+static krb5_error_code
+get_initial_cred(krb5_context context, const struct verify_params *verify,
+                 krb5_gss_cred_id_rec *cred)
+{
+    krb5_error_code code;
+    krb5_get_init_creds_opt *opt = NULL;
+    krb5_creds creds;
+
+    code = krb5_get_init_creds_opt_alloc(context, &opt);
+    if (code)
+        return code;
+    code = krb5_get_init_creds_opt_set_out_ccache(context, opt, cred->ccache);
+    if (code)
+        goto cleanup;
+    if (cred->password != NULL) {
+        code = krb5_get_init_creds_password(context, &creds, cred->name->princ,
+                                            cred->password, NULL, NULL, 0,
+                                            NULL, opt);
+    } else if (cred->client_keytab != NULL) {
+        code = krb5_get_init_creds_keytab(context, &creds, cred->name->princ,
+                                          cred->client_keytab, 0, NULL, opt);
+    } else {
+        code = KRB5_KT_NOTFOUND;
+    }
+    if (code)
+        goto cleanup;
+    if (cred->password != NULL && verify != NULL) {
+        code = verify_initial_cred(context, &creds, verify);
+        if (code)
+            goto cleanup;
+    }
+    kg_cred_set_initial_refresh(context, cred, &creds.times);
+    cred->have_tgt = TRUE;
+    cred->expire = creds.times.endtime;
+
+    /* Steal the canonical client principal name from creds and save it in the
+     * credential name, retaining acceptor_mprinc if set. */
+    krb5_free_principal(context, cred->name->princ);
+    cred->name->princ = creds.client;
+    creds.client = NULL;
+
+    krb5_free_cred_contents(context, &creds);
+cleanup:
+    krb5_get_init_creds_opt_free(context, opt);
+    return code;
+}
+
+/* Get initial credentials if we ought to and are able to. */
+static krb5_error_code
+maybe_get_initial_cred(krb5_context context,
+                       const struct verify_params *verify,
+                       krb5_gss_cred_id_rec *cred)
+{
+    krb5_error_code code;
+
+    /* Don't get creds if we don't know the name or are doing IAKERB. */
+    if (cred->name == NULL || cred->iakerb_mech)
+        return 0;
+
+    /* Get creds if we have none or if it's time to refresh. */
+    if (cred->expire == 0 || kg_cred_time_to_refresh(context, cred)) {
+        code = get_initial_cred(context, verify, cred);
+        /* If we were trying to refresh and failed, we can keep going. */
+        if (code && cred->expire == 0)
+            return code;
+        krb5_clear_error_message(context);
+    }
+    return 0;
+}
+
+static OM_uint32
+acquire_init_cred(krb5_context context, OM_uint32 *minor_status,
+                  krb5_ccache req_ccache, gss_buffer_t password,
+                  krb5_keytab client_keytab,
+                  const struct verify_params *verify,
+                  krb5_gss_cred_id_rec *cred)
+{
+    krb5_error_code code;
+    krb5_data pwdata, pwcopy;
+    int caller_ccname = 0;
+
+    /* Get ccache from caller if available. */
+    if (GSS_ERROR(kg_sync_ccache_name(context, minor_status)))
+        return GSS_S_FAILURE;
+    if (GSS_ERROR(kg_caller_provided_ccache_name(minor_status,
+                                                 &caller_ccname)))
+        return GSS_S_FAILURE;
+
+    if (password != GSS_C_NO_BUFFER) {
+        pwdata = make_data(password->value, password->length);
+        code = krb5int_copy_data_contents_add0(context, &pwdata, &pwcopy);
+        if (code)
+            goto error;
+        cred->password = pwcopy.data;
+
+        /* We will fetch the credential into a private memory ccache. */
+        assert(req_ccache == NULL);
+        code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache);
+        if (code)
+            goto error;
+        cred->destroy_ccache = 1;
+    } else if (req_ccache != NULL) {
+        code = krb5_cc_dup(context, req_ccache, &cred->ccache);
+        if (code)
+            goto error;
+    } else if (caller_ccname) {
+        /* Caller's ccache name has been set as the context default. */
+        code = krb5int_cc_default(context, &cred->ccache);
+        if (code)
+            goto error;
+    }
+
+    if (client_keytab != NULL) {
+        code = krb5_kt_dup(context, client_keytab, &cred->client_keytab);
+    } else {
+        code = krb5_kt_client_default(context, &cred->client_keytab);
+        if (code) {
+            /* Treat resolution failure similarly to a client keytab which
+             * resolves but doesn't exist or has no content. */
+            TRACE_GSS_CLIENT_KEYTAB_FAIL(context, code);
+            krb5_clear_error_message(context);
+            code = 0;
+        }
+    }
+    if (code)
+        goto error;
+
+    if (cred->ccache != NULL) {
+        /* The caller specified a ccache; check what's in it. */
+        code = scan_ccache(context, cred, TRUE);
+        if (code == KRB5_FCC_NOFILE) {
+            /* See if we can get initial creds.  If the caller didn't specify
+             * a name, pick one from the client keytab. */
+            if (cred->name == NULL) {
+                if (!get_name_from_client_keytab(context, cred))
+                    code = 0;
+            } else if (can_get_initial_creds(context, cred)) {
+                code = 0;
+            }
+        }
+        if (code)
+            goto error;
+    } else if (cred->name != NULL) {
+        /* The caller specified a name but not a ccache; pick a cache. */
+        code = get_cache_for_name(context, cred);
+        if (code)
+            goto error;
+    }
+
+#ifndef USE_LEASH
+    /* If we haven't picked a name, make sure we have or can get any creds,
+     * unless we're using Leash and might be able to get them interactively. */
+    if (cred->name == NULL && !can_get_initial_creds(context, cred)) {
+        code = krb5_cccol_have_content(context);
+        if (code)
+            goto error;
+    }
+#endif
+
+    code = maybe_get_initial_cred(context, verify, cred);
+    if (code)
+        goto error;
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+
+error:
+    *minor_status = code;
+    return GSS_S_NO_CRED;
+}
+
+static OM_uint32
+acquire_cred_context(krb5_context context, OM_uint32 *minor_status,
+                     gss_name_t desired_name, gss_buffer_t password,
+                     OM_uint32 time_req, gss_cred_usage_t cred_usage,
+                     krb5_ccache ccache, krb5_keytab client_keytab,
+                     krb5_keytab keytab, const char *rcname,
+                     const struct verify_params *verify,
+                     krb5_boolean iakerb, gss_cred_id_t *output_cred_handle,
+                     OM_uint32 *time_rec)
+{
+    krb5_gss_cred_id_t cred = NULL;
+    krb5_gss_name_t name = (krb5_gss_name_t)desired_name;
+    OM_uint32 ret;
+    krb5_error_code code = 0;
+
+    /* make sure all outputs are valid */
+    *output_cred_handle = GSS_C_NO_CREDENTIAL;
+    if (time_rec)
+        *time_rec = 0;
+
+    /* create the gss cred structure */
+    cred = k5alloc(sizeof(krb5_gss_cred_id_rec), &code);
+    if (cred == NULL)
+        goto krb_error_out;
+
+    cred->usage = cred_usage;
+    cred->name = NULL;
+    cred->impersonator = NULL;
+    cred->iakerb_mech = iakerb;
+    cred->default_identity = (name == NULL);
+#ifndef LEAN_CLIENT
+    cred->keytab = NULL;
+#endif /* LEAN_CLIENT */
+    cred->destroy_ccache = 0;
+    cred->suppress_ci_flags = 0;
+    cred->ccache = NULL;
+
+    code = k5_mutex_init(&cred->lock);
+    if (code)
+        goto krb_error_out;
+
+    switch (cred_usage) {
+    case GSS_C_INITIATE:
+    case GSS_C_ACCEPT:
+    case GSS_C_BOTH:
+        break;
+    default:
+        ret = GSS_S_FAILURE;
+        *minor_status = (OM_uint32) G_BAD_USAGE;
+        goto error_out;
+    }
+
+    if (name != NULL) {
+        code = kg_duplicate_name(context, name, &cred->name);
+        if (code)
+            goto krb_error_out;
+    }
+
+#ifndef LEAN_CLIENT
+    /*
+     * If requested, acquire credentials for accepting. This will fill
+     * in cred->name if desired_princ is specified.
+     */
+    if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
+        ret = acquire_accept_cred(context, minor_status, keytab, rcname, cred);
+        if (ret != GSS_S_COMPLETE)
+            goto error_out;
+    }
+#endif /* LEAN_CLIENT */
+
+    /*
+     * If requested, acquire credentials for initiation. This will fill
+     * in cred->name if it wasn't set above.
+     */
+    if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
+        ret = acquire_init_cred(context, minor_status, ccache, password,
+                                client_keytab, verify, cred);
+        if (ret != GSS_S_COMPLETE)
+            goto error_out;
+    }
+
+    assert(cred->default_identity || cred->name != NULL);
+
+    /*** at this point, the cred structure has been completely created */
+
+    if (cred_usage == GSS_C_ACCEPT) {
+        if (time_rec)
+            *time_rec = GSS_C_INDEFINITE;
+    } else {
+        krb5_timestamp now;
+
+        code = krb5_timeofday(context, &now);
+        if (code != 0)
+            goto krb_error_out;
+
+        if (time_rec) {
+            /* Resolve cred now to determine the expiration time. */
+            ret = kg_cred_resolve(minor_status, context, (gss_cred_id_t)cred,
+                                  GSS_C_NO_NAME);
+            if (GSS_ERROR(ret))
+                goto error_out;
+            *time_rec = ts_interval(now, cred->expire);
+            k5_mutex_unlock(&cred->lock);
+        }
+    }
+
+    *minor_status = 0;
+    *output_cred_handle = (gss_cred_id_t) cred;
+
+    return GSS_S_COMPLETE;
+
+krb_error_out:
+    *minor_status = code;
+    ret = GSS_S_FAILURE;
+
+error_out:
+    if (cred != NULL) {
+        if (cred->ccache) {
+            if (cred->destroy_ccache)
+                krb5_cc_destroy(context, cred->ccache);
+            else
+                krb5_cc_close(context, cred->ccache);
+        }
+        if (cred->client_keytab)
+            krb5_kt_close(context, cred->client_keytab);
+#ifndef LEAN_CLIENT
+        if (cred->keytab)
+            krb5_kt_close(context, cred->keytab);
+#endif /* LEAN_CLIENT */
+        if (cred->rcache)
+            k5_rc_close(context, cred->rcache);
+        if (cred->name)
+            kg_release_name(context, &cred->name);
+        krb5_free_principal(context, cred->impersonator);
+        zapfreestr(cred->password);
+        k5_mutex_destroy(&cred->lock);
+        xfree(cred);
+    }
+    save_error_info(*minor_status, context);
+    return ret;
+}
+
+static OM_uint32
+acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name,
+             gss_buffer_t password, OM_uint32 time_req,
+             gss_cred_usage_t cred_usage, krb5_ccache ccache,
+             krb5_keytab keytab, krb5_boolean iakerb,
+             gss_cred_id_t *output_cred_handle, OM_uint32 *time_rec)
+{
+    krb5_context context = NULL;
+    krb5_error_code code = 0;
+    OM_uint32 ret;
+
+    code = gss_krb5int_initialize_library();
+    if (code) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto out;
+    }
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto out;
+    }
+
+    ret = acquire_cred_context(context, minor_status, desired_name, password,
+                               time_req, cred_usage, ccache, NULL, keytab,
+                               NULL, NULL, iakerb, output_cred_handle,
+                               time_rec);
+
+out:
+    krb5_free_context(context);
+    return ret;
+}
+
+/*
+ * Resolve the name and ccache for an initiator credential if it has not yet
+ * been done.  If specified, use the target name to pick an appropriate ccache
+ * within the collection.  Validates cred_handle and leaves it locked on
+ * success.
+ */
+OM_uint32
+kg_cred_resolve(OM_uint32 *minor_status, krb5_context context,
+                gss_cred_id_t cred_handle, gss_name_t target_name)
+{
+    OM_uint32 maj;
+    krb5_error_code code;
+    krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t)cred_handle;
+    krb5_gss_name_t tname = (krb5_gss_name_t)target_name;
+    krb5_principal client_princ;
+
+    *minor_status = 0;
+
+    maj = krb5_gss_validate_cred_1(minor_status, cred_handle, context);
+    if (maj != 0)
+        return maj;
+    k5_mutex_assert_locked(&cred->lock);
+
+    if (cred->usage == GSS_C_ACCEPT || cred->name != NULL)
+        return GSS_S_COMPLETE;
+    /* acquire_init_cred should have set both name and ccache, or neither. */
+    assert(cred->ccache == NULL);
+
+    if (tname != NULL) {
+        /* Use the target name to select an existing ccache or a principal. */
+        code = krb5_cc_select(context, tname->princ, &cred->ccache,
+                              &client_princ);
+        if (code && code != KRB5_CC_NOTFOUND)
+            goto kerr;
+        if (client_princ != NULL) {
+            code = kg_init_name(context, client_princ, NULL, NULL, NULL,
+                                KG_INIT_NAME_NO_COPY, &cred->name);
+            if (code) {
+                krb5_free_principal(context, client_princ);
+                goto kerr;
+            }
+        }
+        if (cred->ccache != NULL) {
+            code = scan_ccache(context, cred, FALSE);
+            if (code)
+                goto kerr;
+        }
+    }
+
+    /* If we still haven't picked a client principal, try using an existing
+     * default ccache.  (On Windows, this may acquire initial creds.) */
+    if (cred->name == NULL) {
+        code = krb5int_cc_default(context, &cred->ccache);
+        if (code)
+            goto kerr;
+        code = scan_ccache(context, cred, FALSE);
+        if (code == KRB5_FCC_NOFILE) {
+            /* Default ccache doesn't exist; fall through to client keytab. */
+            krb5_cc_close(context, cred->ccache);
+            cred->ccache = NULL;
+        } else if (code) {
+            goto kerr;
+        }
+    }
+
+    /* If that didn't work, try getting a name from the client keytab. */
+    if (cred->name == NULL) {
+        code = get_name_from_client_keytab(context, cred);
+        if (code) {
+            code = KG_EMPTY_CCACHE;
+            goto kerr;
+        }
+    }
+
+    if (cred->name != NULL && cred->ccache == NULL) {
+        /* Pick a cache for the name we chose (from krb5_cc_select or from the
+         * client keytab). */
+        code = get_cache_for_name(context, cred);
+        if (code)
+            goto kerr;
+    }
+
+    /* Resolve name to ccache and possibly get initial credentials. */
+    code = maybe_get_initial_cred(context, NULL, cred);
+    if (code)
+        goto kerr;
+
+    return GSS_S_COMPLETE;
+
+kerr:
+    k5_mutex_unlock(&cred->lock);
+    save_error_info(code, context);
+    *minor_status = code;
+    return GSS_S_NO_CRED;
+}
+
+OM_uint32
+gss_krb5int_set_cred_rcache(OM_uint32 *minor_status,
+                            gss_cred_id_t *cred_handle,
+                            const gss_OID desired_oid,
+                            const gss_buffer_t value)
+{
+    krb5_gss_cred_id_t cred;
+    krb5_error_code code;
+    krb5_context context;
+    krb5_rcache rcache;
+
+    assert(value->length == sizeof(rcache));
+
+    if (value->length != sizeof(rcache))
+        return GSS_S_FAILURE;
+
+    rcache = (krb5_rcache)value->value;
+
+    cred = (krb5_gss_cred_id_t)*cred_handle;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+    if (cred->rcache != NULL)
+        k5_rc_close(context, cred->rcache);
+
+    cred->rcache = rcache;
+
+    krb5_free_context(context);
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+/*
+ * krb5 and IAKERB mech API functions follow.  The mechglue always passes null
+ * desired_mechs and actual_mechs, so we ignore those parameters.
+ */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name,
+                      OM_uint32 time_req, gss_OID_set desired_mechs,
+                      gss_cred_usage_t cred_usage,
+                      gss_cred_id_t *output_cred_handle,
+                      gss_OID_set *actual_mechs, OM_uint32 *time_rec)
+{
+    return acquire_cred(minor_status, desired_name, NULL, time_req, cred_usage,
+                        NULL, NULL, FALSE, output_cred_handle, time_rec);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name,
+                        OM_uint32 time_req, gss_OID_set desired_mechs,
+                        gss_cred_usage_t cred_usage,
+                        gss_cred_id_t *output_cred_handle,
+                        gss_OID_set *actual_mechs, OM_uint32 *time_rec)
+{
+    return acquire_cred(minor_status, desired_name, NULL, time_req, cred_usage,
+                        NULL, NULL, TRUE, output_cred_handle, time_rec);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_acquire_cred_with_password(OM_uint32 *minor_status,
+                                    const gss_name_t desired_name,
+                                    const gss_buffer_t password,
+                                    OM_uint32 time_req,
+                                    const gss_OID_set desired_mechs,
+                                    int cred_usage,
+                                    gss_cred_id_t *output_cred_handle,
+                                    gss_OID_set *actual_mechs,
+                                    OM_uint32 *time_rec)
+{
+    return acquire_cred(minor_status, desired_name, password, time_req,
+                        cred_usage, NULL, NULL, FALSE, output_cred_handle,
+                        time_rec);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_acquire_cred_with_password(OM_uint32 *minor_status,
+                                      const gss_name_t desired_name,
+                                      const gss_buffer_t password,
+                                      OM_uint32 time_req,
+                                      const gss_OID_set desired_mechs,
+                                      int cred_usage,
+                                      gss_cred_id_t *output_cred_handle,
+                                      gss_OID_set *actual_mechs,
+                                      OM_uint32 *time_rec)
+{
+    return acquire_cred(minor_status, desired_name, password, time_req,
+                        cred_usage, NULL, NULL, TRUE, output_cred_handle,
+                        time_rec);
+}
+
+OM_uint32
+gss_krb5int_import_cred(OM_uint32 *minor_status,
+                        gss_cred_id_t *cred_handle,
+                        const gss_OID desired_oid,
+                        const gss_buffer_t value)
+{
+    struct krb5_gss_import_cred_req *req;
+    krb5_gss_name_rec name;
+    OM_uint32 time_rec;
+    krb5_error_code code;
+    gss_cred_usage_t usage;
+    gss_name_t desired_name = GSS_C_NO_NAME;
+
+    assert(value->length == sizeof(*req));
+
+    if (value->length != sizeof(*req))
+        return GSS_S_FAILURE;
+
+    req = (struct krb5_gss_import_cred_req *)value->value;
+
+    if (req->id != NULL) {
+        usage = (req->keytab != NULL) ? GSS_C_BOTH : GSS_C_INITIATE;
+    } else if (req->keytab != NULL) {
+        usage = GSS_C_ACCEPT;
+    } else {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+
+    if (req->keytab_principal != NULL) {
+        memset(&name, 0, sizeof(name));
+        code = k5_mutex_init(&name.lock);
+        if (code != 0) {
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+        name.princ = req->keytab_principal;
+        desired_name = (gss_name_t)&name;
+    }
+
+    code = acquire_cred(minor_status, desired_name, NULL, GSS_C_INDEFINITE,
+                        usage, req->id, req->keytab, FALSE, cred_handle,
+                        &time_rec);
+    if (req->keytab_principal != NULL)
+        k5_mutex_destroy(&name.lock);
+    return code;
+}
+
+static OM_uint32
+acquire_cred_from(OM_uint32 *minor_status, const gss_name_t desired_name,
+                  OM_uint32 time_req, const gss_OID_set desired_mechs,
+                  gss_cred_usage_t cred_usage,
+                  gss_const_key_value_set_t cred_store, krb5_boolean iakerb,
+                  gss_cred_id_t *output_cred_handle,
+                  gss_OID_set *actual_mechs, OM_uint32 *time_rec)
+{
+    krb5_context context = NULL;
+    krb5_error_code code = 0;
+    krb5_keytab client_keytab = NULL;
+    krb5_keytab keytab = NULL;
+    krb5_ccache ccache = NULL;
+    krb5_principal verify_princ = NULL;
+    const char *rcname, *value;
+    struct verify_params vparams = { NULL };
+    const struct verify_params *verify = NULL;
+    gss_buffer_desc pwbuf;
+    gss_buffer_t password = NULL;
+    OM_uint32 ret;
+
+    code = gss_krb5int_initialize_library();
+    if (code) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto out;
+    }
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto out;
+    }
+
+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_CCACHE_URN, &value);
+    if (GSS_ERROR(ret))
+        goto out;
+
+    if (value) {
+        code = krb5_cc_resolve(context, value, &ccache);
+        if (code != 0) {
+            *minor_status = code;
+            ret = GSS_S_NO_CRED;
+            goto out;
+        }
+    }
+
+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_CLI_KEYTAB_URN, &value);
+    if (GSS_ERROR(ret))
+        goto out;
+
+    if (value) {
+        code = krb5_kt_resolve(context, value, &client_keytab);
+        if (code != 0) {
+            *minor_status = code;
+            ret = GSS_S_NO_CRED;
+            goto out;
+        }
+    }
+
+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_KEYTAB_URN, &value);
+    if (GSS_ERROR(ret))
+        goto out;
+
+    if (value) {
+        code = krb5_kt_resolve(context, value, &keytab);
+        if (code != 0) {
+            *minor_status = code;
+            ret = GSS_S_NO_CRED;
+            goto out;
+        }
+    }
+
+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_RCACHE_URN, &rcname);
+    if (GSS_ERROR(ret))
+        goto out;
+
+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_PASSWORD_URN, &value);
+    if (GSS_ERROR(ret))
+        goto out;
+
+    if (value) {
+        /* We must be acquiring an initiator cred with an explicit name.  A
+         * password is mutually exclusive with a client keytab or ccache. */
+        if (desired_name == GSS_C_NO_NAME) {
+            ret = GSS_S_BAD_NAME;
+            goto out;
+        }
+        if (cred_usage == GSS_C_ACCEPT || desired_name == GSS_C_NO_NAME ||
+            ccache != NULL || client_keytab != NULL) {
+            *minor_status = (OM_uint32)G_BAD_USAGE;
+            ret = GSS_S_FAILURE;
+            goto out;
+        }
+        pwbuf.length = strlen(value);
+        pwbuf.value = (void *)value;
+        password = &pwbuf;
+    }
+
+    ret = kg_value_from_cred_store(cred_store, KRB5_CS_VERIFY_URN, &value);
+    if (GSS_ERROR(ret))
+        goto out;
+    if (value != NULL) {
+        if (iakerb || password == NULL) {
+            /* Only valid if acquiring cred with password, and not supported
+             * with IAKERB. */
+            *minor_status = G_BAD_USAGE;
+            ret = GSS_S_FAILURE;
+            goto out;
+        }
+        if (*value != '\0') {
+            code = krb5_parse_name(context, value, &verify_princ);
+            if (code != 0) {
+                *minor_status = code;
+                ret = GSS_S_FAILURE;
+                goto out;
+            }
+        }
+        vparams.princ = verify_princ;
+        vparams.keytab = keytab;
+        verify = &vparams;
+    }
+    ret = acquire_cred_context(context, minor_status, desired_name, password,
+                               time_req, cred_usage, ccache, client_keytab,
+                               keytab, rcname, verify, iakerb,
+                               output_cred_handle, time_rec);
+
+out:
+    if (ccache != NULL)
+        krb5_cc_close(context, ccache);
+    if (client_keytab != NULL)
+        krb5_kt_close(context, client_keytab);
+    if (keytab != NULL)
+        krb5_kt_close(context, keytab);
+    krb5_free_principal(context, verify_princ);
+    krb5_free_context(context);
+    return ret;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_acquire_cred_from(OM_uint32 *minor_status,
+                           const gss_name_t desired_name,
+                           OM_uint32 time_req,
+                           const gss_OID_set desired_mechs,
+                           gss_cred_usage_t cred_usage,
+                           gss_const_key_value_set_t cred_store,
+                           gss_cred_id_t *output_cred_handle,
+                           gss_OID_set *actual_mechs,
+                           OM_uint32 *time_rec)
+{
+    return acquire_cred_from(minor_status, desired_name, time_req,
+                             desired_mechs, cred_usage, cred_store,
+                             FALSE, output_cred_handle, actual_mechs,
+                             time_rec);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_acquire_cred_from(OM_uint32 *minor_status,
+                             const gss_name_t desired_name,
+                             OM_uint32 time_req,
+                             const gss_OID_set desired_mechs,
+                             gss_cred_usage_t cred_usage,
+                             gss_const_key_value_set_t cred_store,
+                             gss_cred_id_t *output_cred_handle,
+                             gss_OID_set *actual_mechs,
+                             OM_uint32 *time_rec)
+{
+    return acquire_cred_from(minor_status, desired_name, time_req,
+                             desired_mechs, cred_usage, cred_store,
+                             TRUE, output_cred_handle, actual_mechs,
+                             time_rec);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/canon_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/canon_name.c
new file mode 100644
index 00000000..81b08a53
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/canon_name.c
@@ -0,0 +1,44 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/canon_name.c */
+/*
+ * Copyright 1997 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+
+/* This is trivial since we're a single mechanism implementation */
+
+OM_uint32 krb5_gss_canonicalize_name(OM_uint32  *minor_status,
+                                     const gss_name_t input_name,
+                                     const gss_OID mech_type,
+                                     gss_name_t *output_name)
+{
+    if ((mech_type != GSS_C_NULL_OID) &&
+        !g_OID_equal(gss_mech_krb5, mech_type) &&
+        !g_OID_equal(gss_mech_krb5_old, mech_type)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
+    }
+
+    return(krb5_gss_duplicate_name(minor_status, input_name, output_name));
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/compare_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/compare_name.c
new file mode 100644
index 00000000..3f3788d2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/compare_name.c
@@ -0,0 +1,52 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_compare_name(minor_status, name1, name2, name_equal)
+    OM_uint32 *minor_status;
+    gss_name_t name1;
+    gss_name_t name2;
+    int *name_equal;
+{
+    krb5_context context;
+    krb5_error_code code;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    *minor_status = 0;
+    *name_equal = kg_compare_name(context,
+                                  (krb5_gss_name_t)name1,
+                                  (krb5_gss_name_t)name2);
+    krb5_free_context(context);
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/context_time.c b/krb5-1.21.3/src/lib/gssapi/krb5/context_time.c
new file mode 100644
index 00000000..226de05f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/context_time.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+/*
+ * $Id$
+ */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_context_time(minor_status, context_handle, time_rec)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    OM_uint32 *time_rec;
+{
+    krb5_error_code code;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_timestamp now, start;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    if ((code = krb5_timeofday(ctx->k5_context, &now))) {
+        *minor_status = code;
+        save_error_info(*minor_status, ctx->k5_context);
+        return(GSS_S_FAILURE);
+    }
+
+    /* Add the maximum allowable clock skew for acceptor contexts. */
+    start = ctx->initiate ? now : ts_incr(now, -ctx->k5_context->clockskew);
+    *time_rec = ts_interval(start, ctx->krb_times.endtime);
+    *minor_status = 0;
+    return (*time_rec == 0) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/copy_ccache.c b/krb5-1.21.3/src/lib/gssapi/krb5/copy_ccache.c
new file mode 100644
index 00000000..2b2806e7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/copy_ccache.c
@@ -0,0 +1,45 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "gssapiP_krb5.h"
+
+OM_uint32
+gss_krb5int_copy_ccache(OM_uint32 *minor_status,
+                        gss_cred_id_t *cred_handle,
+                        const gss_OID desired_object,
+                        const gss_buffer_t value)
+{
+    krb5_gss_cred_id_t k5creds;
+    krb5_error_code code;
+    krb5_context context = NULL;
+    krb5_ccache out_ccache;
+
+    assert(value->length == sizeof(out_ccache));
+
+    if (value->length != sizeof(out_ccache))
+        return GSS_S_FAILURE;
+
+    out_ccache = (krb5_ccache)value->value;
+
+    /* cred handle will have been validated by gssspi_set_cred_option() */
+    k5creds = (krb5_gss_cred_id_t) *cred_handle;
+    k5_mutex_lock(&k5creds->lock);
+    if (k5creds->usage == GSS_C_ACCEPT) {
+        code = G_BAD_USAGE;
+        goto cleanup;
+    }
+
+    code = krb5_gss_init_context(&context);
+    if (code)
+        goto cleanup;
+
+    code = krb5_cc_copy_creds(context, k5creds->ccache, out_ccache);
+
+cleanup:
+    k5_mutex_unlock(&k5creds->lock);
+    *minor_status = code;
+    if (context != NULL) {
+        if (code)
+            save_error_info(*minor_status, context);
+        krb5_free_context(context);
+    }
+    return code ? GSS_S_FAILURE : GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/cred_store.c b/krb5-1.21.3/src/lib/gssapi/krb5/cred_store.c
new file mode 100644
index 00000000..008dd208
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/cred_store.c
@@ -0,0 +1,50 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32
+kg_value_from_cred_store(gss_const_key_value_set_t cred_store,
+                         const char *type, const char **value)
+{
+    OM_uint32 i;
+
+    if (value == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *value = NULL;
+
+    if (cred_store == GSS_C_NO_CRED_STORE)
+        return GSS_S_COMPLETE;
+
+    for (i = 0; i < cred_store->count; i++) {
+        if (strcmp(cred_store->elements[i].key, type) == 0) {
+            if (*value != NULL)
+                return GSS_S_DUPLICATE_ELEMENT;
+            *value = cred_store->elements[i].value;
+        }
+    }
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/delete_sec_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/delete_sec_context.c
new file mode 100644
index 00000000..4b9dfae0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/delete_sec_context.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+/*
+ * $Id$
+ */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_delete_sec_context(minor_status, context_handle, output_token)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_buffer_t output_token;
+{
+    krb5_context context;
+    krb5_gss_ctx_id_rec *ctx;
+
+    if (output_token) {
+        output_token->length = 0;
+        output_token->value = NULL;
+    }
+
+    /*SUPPRESS 29*/
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    }
+
+    ctx = (krb5_gss_ctx_id_t) *context_handle;
+    context = ctx->k5_context;
+
+    /* free all the context state */
+
+    if (ctx->seqstate)
+        g_seqstate_free(ctx->seqstate);
+
+    if (ctx->enc)
+        krb5_k_free_key(context, ctx->enc);
+
+    if (ctx->seq)
+        krb5_k_free_key(context, ctx->seq);
+
+    if (ctx->here)
+        kg_release_name(context, &ctx->here);
+    if (ctx->there)
+        kg_release_name(context, &ctx->there);
+    if (ctx->subkey)
+        krb5_k_free_key(context, ctx->subkey);
+    if (ctx->acceptor_subkey)
+        krb5_k_free_key(context, ctx->acceptor_subkey);
+
+    if (ctx->auth_context) {
+        if (ctx->cred_rcache)
+            (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL);
+
+        krb5_auth_con_free(context, ctx->auth_context);
+    }
+
+    if (ctx->mech_used)
+        krb5_gss_release_oid(minor_status, &ctx->mech_used);
+
+    if (ctx->authdata)
+        krb5_free_authdata(context, ctx->authdata);
+
+    if (ctx->k5_context)
+        krb5_free_context(ctx->k5_context);
+
+    /* Zero out context */
+    zap(ctx, sizeof(*ctx));
+    xfree(ctx);
+
+    /* zero the handle itself */
+
+    *context_handle = GSS_C_NO_CONTEXT;
+
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/deps b/krb5-1.21.3/src/lib/gssapi/krb5/deps
new file mode 100644
index 00000000..2d93c728
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/deps
@@ -0,0 +1,759 @@
+#
+# Generated makefile dependencies follow.
+#
+accept_sec_context.so accept_sec_context.po $(OUTPRE)accept_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
+  accept_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h
+acquire_cred.so acquire_cred.po $(OUTPRE)acquire_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h acquire_cred.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+canon_name.so canon_name.po $(OUTPRE)canon_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h canon_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+compare_name.so compare_name.po $(OUTPRE)compare_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h compare_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+context_time.so context_time.po $(OUTPRE)context_time.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h context_time.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+copy_ccache.so copy_ccache.po $(OUTPRE)copy_ccache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h copy_ccache.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+cred_store.so cred_store.po $(OUTPRE)cred_store.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h cred_store.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+delete_sec_context.so delete_sec_context.po $(OUTPRE)delete_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h delete_sec_context.c \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+disp_name.so disp_name.po $(OUTPRE)disp_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h disp_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+disp_status.so disp_status.po $(OUTPRE)disp_status.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h disp_status.c error_map.h \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+duplicate_name.so duplicate_name.po $(OUTPRE)duplicate_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h duplicate_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+export_cred.so export_cred.po $(OUTPRE)export_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
+  export_cred.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+export_name.so export_name.po $(OUTPRE)export_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h export_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+export_sec_context.so export_sec_context.po $(OUTPRE)export_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h export_sec_context.c \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+get_tkt_flags.so get_tkt_flags.po $(OUTPRE)get_tkt_flags.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h get_tkt_flags.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
+gssapi_krb5.so gssapi_krb5.po $(OUTPRE)gssapi_krb5.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.c gssapi_krb5.h
+iakerb.so iakerb.po $(OUTPRE)iakerb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-der.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h iakerb.c
+import_cred.so import_cred.po $(OUTPRE)import_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h import_cred.c
+import_name.so import_name.po $(OUTPRE)import_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h import_name.c
+import_sec_context.so import_sec_context.po $(OUTPRE)import_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h import_sec_context.c
+indicate_mechs.so indicate_mechs.po $(OUTPRE)indicate_mechs.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h indicate_mechs.c
+init_sec_context.so init_sec_context.po $(OUTPRE)init_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h init_sec_context.c
+inq_context.so inq_context.po $(OUTPRE)inq_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h inq_context.c
+inq_cred.so inq_cred.po $(OUTPRE)inq_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h inq_cred.c
+inq_names.so inq_names.po $(OUTPRE)inq_names.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h inq_names.c
+k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5seal.c
+k5sealiov.so k5sealiov.po $(OUTPRE)k5sealiov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5sealiov.c
+k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5sealv3.c
+k5sealv3iov.so k5sealv3iov.po $(OUTPRE)k5sealv3iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5sealv3iov.c
+k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5unseal.c
+k5unsealiov.so k5unsealiov.po $(OUTPRE)k5unsealiov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-der.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5unsealiov.c
+krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h krb5_gss_glue.c
+lucid_context.so lucid_context.po $(OUTPRE)lucid_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h lucid_context.c
+naming_exts.so naming_exts.po $(OUTPRE)naming_exts.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h naming_exts.c
+prf.so prf.po $(OUTPRE)prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h prf.c
+process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h process_context_token.c
+rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h rel_cred.c
+rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h rel_oid.c
+rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h rel_name.c
+s4u_gss_glue.so s4u_gss_glue.po $(OUTPRE)s4u_gss_glue.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h s4u_gss_glue.c
+set_allowable_enctypes.so set_allowable_enctypes.po \
+  $(OUTPRE)set_allowable_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h set_allowable_enctypes.c
+ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h ser_sctx.c
+set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h set_ccache.c
+store_cred.so store_cred.po $(OUTPRE)store_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h store_cred.c
+util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_cksum.c
+util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_crypt.c
+util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_seed.c
+util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_seqnum.c
+val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h val_cred.c
+wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h wrap_size_limit.c
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/disp_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/disp_name.c
new file mode 100644
index 00000000..b097bf0e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/disp_name.c
@@ -0,0 +1,81 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_display_name(minor_status, input_name, output_name_buffer,
+                      output_name_type)
+    OM_uint32 *minor_status;
+    gss_name_t input_name;
+    gss_buffer_t output_name_buffer;
+    gss_OID *output_name_type;
+{
+    krb5_context context;
+    krb5_error_code code;
+    char *str;
+    krb5_gss_name_t k5name = (krb5_gss_name_t) input_name;
+    gss_OID nametype = (gss_OID) gss_nt_krb5_name;
+
+    output_name_buffer->length = 0;
+    output_name_buffer->value = NULL;
+    if (output_name_type)
+        *output_name_type = GSS_C_NO_OID;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    if (krb5_princ_type(context, k5name->princ) == KRB5_NT_WELLKNOWN) {
+        if (krb5_principal_compare(context, k5name->princ,
+                                   krb5_anonymous_principal()))
+            nametype = GSS_C_NT_ANONYMOUS;
+    }
+
+    if ((code = krb5_unparse_name(context,
+                                  ((krb5_gss_name_t) input_name)->princ,
+                                  &str))) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+
+    if (! g_make_string_buffer(str, output_name_buffer)) {
+        krb5_free_unparsed_name(context, str);
+        krb5_free_context(context);
+
+        *minor_status = (OM_uint32) G_BUFFER_ALLOC;
+        return(GSS_S_FAILURE);
+    }
+
+    krb5_free_unparsed_name(context, str);
+    krb5_free_context(context);
+
+    *minor_status = 0;
+    if (output_name_type)
+        *output_name_type = (gss_OID) nametype;
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c b/krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c
new file mode 100644
index 00000000..6ff62a9d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c
@@ -0,0 +1,200 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+#include "com_err.h"
+
+/* XXXX internationalization!! */
+
+static inline int
+compare_OM_uint32 (OM_uint32 a, OM_uint32 b)
+{
+    if (a < b)
+        return -1;
+    else if (a == b)
+        return 0;
+    else
+        return 1;
+}
+static inline void
+free_string (char *s)
+{
+    free(s);
+}
+#include "error_map.h"
+#include <stdio.h>
+char *get_error_message(OM_uint32 minor_code)
+{
+    gsserrmap *p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
+    char *msg = NULL;
+#ifdef DEBUG
+    fprintf(stderr, "%s(%lu, p=%p)", __FUNCTION__, (unsigned long) minor_code,
+            (void *) p);
+#endif
+    if (p) {
+        char **v = gsserrmap_find(p, minor_code);
+        if (v) {
+            msg = *v;
+#ifdef DEBUG
+            fprintf(stderr, " FOUND!");
+#endif
+        }
+    }
+    if (msg == 0)
+        msg = (char *)error_message((krb5_error_code)minor_code);
+#ifdef DEBUG
+    fprintf(stderr, " -> %p/%s\n", (void *) msg, msg);
+#endif
+    return msg;
+}
+#define save_error_string_nocopy gss_krb5_save_error_string_nocopy
+static int save_error_string_nocopy(OM_uint32 minor_code, char *msg)
+{
+    gsserrmap *p;
+    int ret;
+
+#ifdef DEBUG
+    fprintf(stderr, "%s(%lu, %s)", __FUNCTION__, (unsigned long) minor_code, msg);
+#endif
+    p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
+    if (!p) {
+        p = malloc(sizeof(*p));
+        if (p == NULL) {
+            ret = 1;
+            goto fail;
+        }
+        if (gsserrmap_init(p) != 0) {
+            free(p);
+            p = NULL;
+            ret = 1;
+            goto fail;
+        }
+        if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) {
+            gsserrmap_destroy(p);
+            free(p);
+            p = NULL;
+            ret = 1;
+            goto fail;
+        }
+    }
+    ret = gsserrmap_replace_or_insert(p, minor_code, msg);
+fail:
+#ifdef DEBUG
+    fprintf(stderr, " p=%p %s\n", (void *)p, ret ? "FAIL" : "SUCCESS");
+#endif
+    return ret;
+}
+void save_error_string(OM_uint32 minor_code, char *msg)
+{
+    char *s = strdup(msg);
+    if (s) {
+        if (save_error_string_nocopy(minor_code, s) != 0)
+            free(s);
+    }
+}
+void save_error_message(OM_uint32 minor_code, const char *format, ...)
+{
+    char *s;
+    int n;
+    va_list ap;
+
+    va_start(ap, format);
+    n = vasprintf(&s, format, ap);
+    va_end(ap);
+    if (n >= 0) {
+        if (save_error_string_nocopy(minor_code, s) != 0)
+            free(s);
+    }
+}
+void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx)
+{
+    char *s;
+
+#ifdef DEBUG
+    fprintf(stderr, "%s(%lu, ctx=%p)\n", __FUNCTION__,
+            (unsigned long) minor_code, (void *)ctx);
+#endif
+    s = (char *)krb5_get_error_message(ctx, (krb5_error_code)minor_code);
+#ifdef DEBUG
+    fprintf(stderr, "%s(%lu, ctx=%p) saving: %s\n", __FUNCTION__,
+            (unsigned long) minor_code, (void *)ctx, s);
+#endif
+    save_error_string(minor_code, s);
+    /* The get_error_message call above resets the error message in
+       ctx.  Put it back, in case we make this call again *sigh*.  */
+    k5_setmsg(ctx, (krb5_error_code)minor_code, "%s", s);
+    krb5_free_error_message(ctx, s);
+}
+void krb5_gss_delete_error_info(void *p)
+{
+    gsserrmap_destroy(p);
+    free(p);
+}
+
+/**/
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_display_status(minor_status, status_value, status_type,
+                        mech_type, message_context, status_string)
+    OM_uint32 *minor_status;
+    OM_uint32 status_value;
+    int status_type;
+    gss_OID mech_type;
+    OM_uint32 *message_context;
+    gss_buffer_t status_string;
+{
+    status_string->length = 0;
+    status_string->value = NULL;
+
+    if ((mech_type != GSS_C_NULL_OID) &&
+        !g_OID_equal(gss_mech_krb5, mech_type) &&
+        !g_OID_equal(gss_mech_krb5_old, mech_type) &&
+        !g_OID_equal(gss_mech_iakerb, mech_type)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
+    }
+
+    if (status_type == GSS_C_GSS_CODE) {
+        return(g_display_major_status(minor_status, status_value,
+                                      message_context, status_string));
+    } else if (status_type == GSS_C_MECH_CODE) {
+        (void) gss_krb5int_initialize_library();
+
+        if (*message_context) {
+            *minor_status = (OM_uint32) G_BAD_MSG_CTX;
+            return(GSS_S_FAILURE);
+        }
+
+        /* If this fails, there's not much we can do...  */
+        if (!g_make_string_buffer(krb5_gss_get_error_message(status_value),
+                                  status_string)) {
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    } else {
+        *minor_status = 0;
+        return(GSS_S_BAD_STATUS);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/duplicate_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/duplicate_name.c
new file mode 100644
index 00000000..670b2b50
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/duplicate_name.c
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/duplicate_name.c */
+/*
+ * Copyright 1997,2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t input_name,
+                        gss_name_t *dest_name)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t princ, outprinc;
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    princ = (krb5_gss_name_t)input_name;
+    code = kg_duplicate_name(context, princ, &outprinc);
+    if (code) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+    krb5_free_context(context);
+    *dest_name = (gss_name_t) outprinc;
+    return(GSS_S_COMPLETE);
+
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/export_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/export_cred.c
new file mode 100644
index 00000000..96a408c2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/export_cred.c
@@ -0,0 +1,477 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/export_cred.c - krb5 export_cred implementation */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-json.h"
+#include "gssapiP_krb5.h"
+
+/* Return a JSON null or array value representing princ. */
+static krb5_error_code
+json_principal(krb5_context context, krb5_principal princ,
+               k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_string str = NULL;
+    char *princname;
+
+    *val_out = NULL;
+    if (princ == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = krb5_unparse_name(context, princ, &princname);
+    if (ret)
+        return ret;
+    ret = k5_json_string_create(princname, &str);
+    krb5_free_unparsed_name(context, princname);
+    *val_out = str;
+    return ret;
+}
+
+/* Return a json null or array value representing etypes. */
+static krb5_error_code
+json_etypes(krb5_enctype *etypes, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_number num;
+    k5_json_array array;
+
+    *val_out = NULL;
+    if (etypes == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = k5_json_array_create(&array);
+    if (ret)
+        return ret;
+    for (; *etypes != 0; etypes++) {
+        ret = k5_json_number_create(*etypes, &num);
+        if (ret)
+            goto err;
+        ret = k5_json_array_add(array, num);
+        k5_json_release(num);
+        if (ret)
+            goto err;
+    }
+    *val_out = array;
+    return 0;
+err:
+    k5_json_release(array);
+    return ret;
+}
+
+/* Return a JSON null or array value representing name. */
+static krb5_error_code
+json_kgname(krb5_context context, krb5_gss_name_t name, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array = NULL;
+    k5_json_value princ;
+
+    *val_out = NULL;
+    if (name == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = json_principal(context, name->princ, &princ);
+    if (ret)
+        return ret;
+    ret = k5_json_array_fmt(&array, "vss", princ, name->service, name->host);
+    k5_json_release(princ);
+    *val_out = array;
+    return ret;
+}
+
+/* Return a JSON null or string value representing keytab. */
+static krb5_error_code
+json_keytab(krb5_context context, krb5_keytab keytab, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_string str;
+    char name[1024];
+
+    *val_out = NULL;
+    if (keytab == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = krb5_kt_get_name(context, keytab, name, sizeof(name));
+    if (ret)
+        return ret;
+    ret = k5_json_string_create(name, &str);
+    *val_out = str;
+    return ret;
+}
+
+/* Return a JSON null or string value representing rcache. */
+static krb5_error_code
+json_rcache(krb5_context context, krb5_rcache rcache, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_string str = NULL;
+
+    if (rcache == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = k5_json_string_create(k5_rc_get_name(context, rcache), &str);
+    *val_out = str;
+    return ret;
+}
+
+/* Return a JSON array value representing keyblock. */
+static krb5_error_code
+json_keyblock(krb5_keyblock *kb, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+
+    *val_out = NULL;
+    ret = k5_json_array_fmt(&array, "iB", kb->enctype, (void *)kb->contents,
+                            (size_t)kb->length);
+    if (ret)
+        return ret;
+    *val_out = array;
+    return 0;
+}
+
+/* Return a JSON array value representing addr. */
+static krb5_error_code
+json_address(krb5_address *addr, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+
+    *val_out = NULL;
+    ret = k5_json_array_fmt(&array, "iB", addr->addrtype,
+                            (void *)addr->contents, (size_t)addr->length);
+    if (ret)
+        return ret;
+    *val_out = array;
+    return 0;
+}
+
+/* Return a JSON null or array value representing addrs. */
+static krb5_error_code
+json_addresses(krb5_address **addrs, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+    k5_json_value val;
+
+    *val_out = NULL;
+    if (addrs == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = k5_json_array_create(&array);
+    if (ret)
+        return ret;
+    for (; *addrs != NULL; addrs++) {
+        ret = json_address(*addrs, &val);
+        if (ret)
+            goto err;
+        ret = k5_json_array_add(array, val);
+        k5_json_release(val);
+        if (ret)
+            goto err;
+    }
+    *val_out = array;
+    return 0;
+err:
+    k5_json_release(array);
+    return ret;
+}
+
+/* Return a JSON array value representing ad. */
+static krb5_error_code
+json_authdata_element(krb5_authdata *ad, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+
+    *val_out = NULL;
+    ret = k5_json_array_fmt(&array, "iB", ad->ad_type, (void *)ad->contents,
+                            (size_t)ad->length);
+    if (ret)
+        return ret;
+    *val_out = array;
+    return 0;
+}
+
+/* Return a JSON null or array value representing authdata. */
+static krb5_error_code
+json_authdata(krb5_authdata **authdata, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+    k5_json_value val;
+
+    *val_out = NULL;
+    if (authdata == NULL)
+        return k5_json_null_create_val(val_out);
+    ret = k5_json_array_create(&array);
+    if (ret)
+        return ret;
+    for (; *authdata != NULL; authdata++) {
+        ret = json_authdata_element(*authdata, &val);
+        if (ret)
+            goto err;
+        ret = k5_json_array_add(array, val);
+        k5_json_release(val);
+        if (ret)
+            goto err;
+    }
+    *val_out = array;
+    return 0;
+err:
+    k5_json_release(array);
+    return ret;
+}
+
+/* Return a JSON array value representing creds. */
+static krb5_error_code
+json_creds(krb5_context context, krb5_creds *creds, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+    k5_json_value client = NULL, server = NULL, keyblock = NULL, addrs = NULL;
+    k5_json_value authdata = NULL;
+
+    *val_out = NULL;
+    ret = json_principal(context, creds->client, &client);
+    if (ret)
+        goto cleanup;
+    ret = json_principal(context, creds->server, &server);
+    if (ret)
+        goto cleanup;
+    ret = json_keyblock(&creds->keyblock, &keyblock);
+    if (ret)
+        goto cleanup;
+    ret = json_addresses(creds->addresses, &addrs);
+    if (ret)
+        goto cleanup;
+    ret = json_authdata(creds->authdata, &authdata);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_json_array_fmt(&array, "vvviiiibivBBv", client, server, keyblock,
+                            creds->times.authtime, creds->times.starttime,
+                            creds->times.endtime, creds->times.renew_till,
+                            creds->is_skey, creds->ticket_flags, addrs,
+                            (void *)creds->ticket.data,
+                            (size_t)creds->ticket.length,
+                            (void *)creds->second_ticket.data,
+                            (size_t)creds->second_ticket.length, authdata);
+    if (ret)
+        goto cleanup;
+    *val_out = array;
+
+cleanup:
+    k5_json_release(client);
+    k5_json_release(server);
+    k5_json_release(keyblock);
+    k5_json_release(addrs);
+    k5_json_release(authdata);
+    return ret;
+}
+
+/* Return a JSON array value representing the contents of ccache. */
+static krb5_error_code
+json_ccache_contents(krb5_context context, krb5_ccache ccache,
+                     k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    k5_json_array array;
+    k5_json_value val;
+
+    *val_out = NULL;
+    ret = k5_json_array_create(&array);
+    if (ret)
+        return ret;
+
+    /* Put the principal in the first array entry. */
+    ret = krb5_cc_get_principal(context, ccache, &princ);
+    if (ret)
+        goto err;
+    ret = json_principal(context, princ, &val);
+    krb5_free_principal(context, princ);
+    if (ret)
+        goto err;
+    ret = k5_json_array_add(array, val);
+    k5_json_release(val);
+    if (ret)
+        goto err;
+
+    /* Put credentials in the remaining array entries. */
+    ret = krb5_cc_start_seq_get(context, ccache, &cursor);
+    if (ret)
+        goto err;
+    while ((ret = krb5_cc_next_cred(context, ccache, &cursor, &creds)) == 0) {
+        ret = json_creds(context, &creds, &val);
+        krb5_free_cred_contents(context, &creds);
+        if (ret)
+            break;
+        ret = k5_json_array_add(array, val);
+        k5_json_release(val);
+        if (ret)
+            break;
+    }
+    krb5_cc_end_seq_get(context, ccache, &cursor);
+    if (ret != KRB5_CC_END)
+        goto err;
+    *val_out = array;
+    return 0;
+
+err:
+    k5_json_release(array);
+    return ret;
+}
+
+/* Return a JSON null, string, or array value representing ccache. */
+static krb5_error_code
+json_ccache(krb5_context context, krb5_ccache ccache, k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_string str;
+    char *name;
+
+    *val_out = NULL;
+    if (ccache == NULL)
+        return k5_json_null_create_val(val_out);
+    if (strcmp(krb5_cc_get_type(context, ccache), "MEMORY") == 0) {
+        return json_ccache_contents(context, ccache, val_out);
+    } else {
+        ret = krb5_cc_get_full_name(context, ccache, &name);
+        if (ret)
+            return ret;
+        ret = k5_json_string_create(name, &str);
+        free(name);
+        *val_out = str;
+        return ret;
+    }
+}
+
+/* Return a JSON array value representing cred. */
+static krb5_error_code
+json_kgcred(krb5_context context, krb5_gss_cred_id_t cred,
+            k5_json_value *val_out)
+{
+    krb5_error_code ret;
+    k5_json_array array;
+    k5_json_value name = NULL, imp = NULL, keytab = NULL, rcache = NULL;
+    k5_json_value ccache = NULL, ckeytab = NULL, etypes = NULL;
+
+    *val_out = NULL;
+    ret = json_kgname(context, cred->name, &name);
+    if (ret)
+        goto cleanup;
+    ret = json_principal(context, cred->impersonator, &imp);
+    if (ret)
+        goto cleanup;
+    ret = json_keytab(context, cred->keytab, &keytab);
+    if (ret)
+        goto cleanup;
+    ret = json_rcache(context, cred->rcache, &rcache);
+    if (ret)
+        goto cleanup;
+    ret = json_ccache(context, cred->ccache, &ccache);
+    if (ret)
+        goto cleanup;
+    ret = json_keytab(context, cred->client_keytab, &ckeytab);
+    if (ret)
+        goto cleanup;
+    ret = json_etypes(cred->req_enctypes, &etypes);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_json_array_fmt(&array, "ivvbbvvvvbLLvs", cred->usage, name, imp,
+                            cred->default_identity, cred->iakerb_mech, keytab,
+                            rcache, ccache, ckeytab, cred->have_tgt,
+                            (long long)ts2tt(cred->expire),
+                            (long long)ts2tt(cred->refresh_time), etypes,
+                            cred->password);
+    if (ret)
+        goto cleanup;
+    *val_out = array;
+
+cleanup:
+    k5_json_release(name);
+    k5_json_release(imp);
+    k5_json_release(keytab);
+    k5_json_release(rcache);
+    k5_json_release(ccache);
+    k5_json_release(ckeytab);
+    k5_json_release(etypes);
+    return ret;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_export_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
+                     gss_buffer_t token)
+{
+    OM_uint32 status = GSS_S_COMPLETE;
+    krb5_context context;
+    krb5_error_code ret;
+    krb5_gss_cred_id_t cred;
+    k5_json_array array = NULL;
+    k5_json_value jcred = NULL;
+    char *str = NULL;
+    krb5_data d;
+
+    ret = krb5_gss_init_context(&context);
+    if (ret) {
+        *minor_status = ret;
+        return GSS_S_FAILURE;
+    }
+
+    /* Validate and lock cred_handle. */
+    status = krb5_gss_validate_cred_1(minor_status, cred_handle, context);
+    if (status != GSS_S_COMPLETE)
+        return status;
+    cred = (krb5_gss_cred_id_t)cred_handle;
+
+    if (json_kgcred(context, cred, &jcred))
+        goto oom;
+    if (k5_json_array_fmt(&array, "sv", CRED_EXPORT_MAGIC, jcred))
+        goto oom;
+    if (k5_json_encode(array, &str))
+        goto oom;
+    d = string2data(str);
+    if (data_to_gss(&d, token))
+        goto oom;
+    str = NULL;
+
+cleanup:
+    free(str);
+    k5_mutex_unlock(&cred->lock);
+    k5_json_release(array);
+    k5_json_release(jcred);
+    krb5_free_context(context);
+    return status;
+
+oom:
+    *minor_status = ENOMEM;
+    status = GSS_S_FAILURE;
+    goto cleanup;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/export_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/export_name.c
new file mode 100644
index 00000000..485ebfb6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/export_name.c
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/export_name.c */
+/*
+ * Copyright 1997, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_export_name(OM_uint32 *minor_status, const gss_name_t input_name,
+                     gss_buffer_t exported_name)
+{
+    krb5_context context;
+    krb5_error_code code;
+    size_t length;
+    char *str;
+    unsigned char *cp;
+
+    if (minor_status)
+        *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        if (minor_status)
+            *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    exported_name->length = 0;
+    exported_name->value = NULL;
+
+    if ((code = krb5_unparse_name(context, ((krb5_gss_name_t) input_name)->princ,
+                                  &str))) {
+        if (minor_status)
+            *minor_status = code;
+        save_error_info((OM_uint32)code, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+
+    krb5_free_context(context);
+    length = strlen(str);
+    exported_name->length = 10 + length + gss_mech_krb5->length;
+    exported_name->value = gssalloc_malloc(exported_name->length);
+    if (!exported_name->value) {
+        free(str);
+        if (minor_status)
+            *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+    cp = exported_name->value;
+
+    /* Note: we assume the OID will be less than 128 bytes... */
+    *cp++ = 0x04; *cp++ = 0x01;
+    store_16_be(gss_mech_krb5->length+2, cp);
+    cp += 2;
+    *cp++ = 0x06;
+    *cp++ = (gss_mech_krb5->length) & 0xFF;
+    memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
+    cp += gss_mech_krb5->length;
+    store_32_be(length, cp);
+    cp += 4;
+    memcpy(cp, str, length);
+
+    free(str);
+
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c
new file mode 100644
index 00000000..44e50080
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c
@@ -0,0 +1,96 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/export_sec_context.c - Externalize a security context */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV
+krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        *context_handle;
+    gss_buffer_t        interprocess_token;
+{
+    krb5_context        context = NULL;
+    krb5_error_code     kret;
+    OM_uint32           retval;
+    size_t              bufsize, blen;
+    krb5_gss_ctx_id_t   ctx;
+    krb5_octet          *obuffer, *obp;
+
+    /* Assume a tragic failure */
+    obuffer = (krb5_octet *) NULL;
+    retval = GSS_S_FAILURE;
+    *minor_status = 0;
+
+    ctx = (krb5_gss_ctx_id_t) *context_handle;
+    if (ctx->terminated) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return (GSS_S_NO_CONTEXT);
+    }
+
+    context = ctx->k5_context;
+
+    /* Determine size needed for externalization of context */
+    bufsize = 0;
+    if ((kret = kg_ctx_size(context, ctx, &bufsize)))
+        goto error_out;
+
+    /* Allocate the buffer */
+    if ((obuffer = gssalloc_malloc(bufsize)) == NULL) {
+        kret = ENOMEM;
+        goto error_out;
+    }
+
+    obp = obuffer;
+    blen = bufsize;
+    /* Externalize the context */
+    if ((kret = kg_ctx_externalize(context, ctx, &obp, &blen)))
+        goto error_out;
+
+    /* Success!  Return the buffer */
+    interprocess_token->length = bufsize - blen;
+    interprocess_token->value = obuffer;
+    *minor_status = 0;
+    retval = GSS_S_COMPLETE;
+
+    /* Now, clean up the context state */
+    (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+    *context_handle = GSS_C_NO_CONTEXT;
+
+    return (GSS_S_COMPLETE);
+
+error_out:
+    if (retval != GSS_S_COMPLETE)
+        if (kret != 0 && context != 0)
+            save_error_info((OM_uint32)kret, context);
+    if (obuffer && bufsize) {
+        zap(obuffer, bufsize);
+        xfree(obuffer);
+    }
+    if (*minor_status == 0)
+        *minor_status = (OM_uint32) kret;
+    return(retval);
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/get_tkt_flags.c b/krb5-1.21.3/src/lib/gssapi/krb5/get_tkt_flags.c
new file mode 100644
index 00000000..636fc04d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/get_tkt_flags.c
@@ -0,0 +1,45 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+/*
+ * $Id$
+ */
+
+OM_uint32
+gss_krb5int_get_tkt_flags(OM_uint32 *minor_status,
+                          const gss_ctx_id_t context_handle,
+                          const gss_OID desired_object,
+                          gss_buffer_set_t *data_set)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    gss_buffer_desc rep;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    rep.value = &ctx->krb_flags;
+    rep.length = sizeof(ctx->krb_flags);
+
+    return generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/gssapiP_krb5.h b/krb5-1.21.3/src/lib/gssapi/krb5/gssapiP_krb5.h
new file mode 100644
index 00000000..73646071
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -0,0 +1,1456 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPIP_KRB5_H_
+#define _GSSAPIP_KRB5_H_
+
+#include <k5-int.h>
+
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+/* work around sunos braindamage */
+#ifdef major
+#undef major
+#endif
+#ifdef minor
+#undef minor
+#endif
+
+#include "gssapiP_generic.h"
+
+/* The include of gssapi_krb5.h will dtrt with the above #defines in
+ * effect.
+ */
+#include "gssapi_krb5.h"
+#include "gssapi_err_krb5.h"
+#include "gssapi_ext.h"
+
+/* for debugging */
+#undef CFX_EXERCISE
+
+/** constants **/
+
+#define GSS_MECH_KRB5_OID_LENGTH 9
+#define GSS_MECH_KRB5_OID "\052\206\110\206\367\022\001\002\002"
+
+#define GSS_MECH_KRB5_OLD_OID_LENGTH 5
+#define GSS_MECH_KRB5_OLD_OID "\053\005\001\005\002"
+
+/* Incorrect krb5 mech OID emitted by MS. */
+#define GSS_MECH_KRB5_WRONG_OID_LENGTH 9
+#define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
+
+/* IAKERB variant */
+#define GSS_MECH_IAKERB_OID_LENGTH 6
+#define GSS_MECH_IAKERB_OID "\053\006\001\005\002\005"
+
+extern const gss_OID_set kg_all_mechs;
+
+#define CKSUMTYPE_KG_CB         0x8003
+
+#define KG_TOK_CTX_AP_REQ       0x0100
+#define KG_TOK_CTX_AP_REP       0x0200
+#define KG_TOK_CTX_ERROR        0x0300
+#define KG_TOK_SIGN_MSG         0x0101
+#define KG_TOK_SEAL_MSG         0x0201
+#define KG_TOK_MIC_MSG          0x0101
+#define KG_TOK_WRAP_MSG         0x0201
+#define KG_TOK_DEL_CTX          0x0102
+#define KG2_TOK_MIC_MSG         0x0404
+#define KG2_TOK_WRAP_MSG        0x0504
+#define KG2_TOK_DEL_CTX         0x0405
+#define IAKERB_TOK_PROXY        0x0501
+
+#define KRB5_GSS_FOR_CREDS_OPTION 1
+
+#define KG2_RESP_FLAG_ERROR             0x0001
+#define KG2_RESP_FLAG_DELEG_OK          0x0002
+
+/** CFX flags **/
+#define FLAG_SENDER_IS_ACCEPTOR 0x01
+#define FLAG_WRAP_CONFIDENTIAL  0x02
+#define FLAG_ACCEPTOR_SUBKEY    0x04
+
+/* These are to be stored in little-endian order, i.e., des-mac is
+   stored as 02 00.  */
+enum sgn_alg {
+    /* SGN_ALG_DES_MAC_MD5           = 0x0000, */
+    /* SGN_ALG_MD2_5                 = 0x0001, */
+    /* SGN_ALG_DES_MAC               = 0x0002, */
+    /* SGN_ALG_3                     = 0x0003, /\* not published *\/ */
+    SGN_ALG_HMAC_MD5              = 0x0011, /* microsoft w2k;  */
+    SGN_ALG_HMAC_SHA1_DES3_KD     = 0x0004
+};
+enum seal_alg {
+    SEAL_ALG_NONE            = 0xffff,
+    /* SEAL_ALG_DES             = 0x0000, */
+    /* SEAL_ALG_1               = 0x0001, /\* not published *\/ */
+    SEAL_ALG_MICROSOFT_RC4   = 0x0010, /* microsoft w2k;  */
+    SEAL_ALG_DES3KD          = 0x0002
+};
+
+/* for 3DES */
+#define KG_USAGE_SEAL 22
+#define KG_USAGE_SIGN 23
+#define KG_USAGE_SEQ  24
+
+/* for draft-ietf-krb-wg-gssapi-cfx-01 */
+#define KG_USAGE_ACCEPTOR_SEAL  22
+#define KG_USAGE_ACCEPTOR_SIGN  23
+#define KG_USAGE_INITIATOR_SEAL 24
+#define KG_USAGE_INITIATOR_SIGN 25
+
+enum qop {
+    /* GSS_KRB5_INTEG_C_QOP_MD5       = 0x0001, */
+    /* GSS_KRB5_INTEG_C_QOP_DES_MD5   = 0x0002, */
+    /* GSS_KRB5_INTEG_C_QOP_DES_MAC   = 0x0003, */
+    GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004,
+    GSS_KRB5_INTEG_C_QOP_MASK      = 0x00ff,
+    /* GSS_KRB5_CONF_C_QOP_DES        = 0x0100, */
+    GSS_KRB5_CONF_C_QOP_DES3_KD    = 0x0200,
+    GSS_KRB5_CONF_C_QOP_MASK       = 0xff00
+};
+
+/** internal types **/
+
+typedef struct _krb5_gss_name_rec {
+    krb5_principal princ;       /* immutable */
+    char *service;              /* immutable */
+    char *host;                 /* immutable */
+    int is_cert;                /* immutable */
+    k5_mutex_t lock;            /* protects ad_context only for now */
+    krb5_authdata_context ad_context;
+} krb5_gss_name_rec, *krb5_gss_name_t;
+
+typedef struct _krb5_gss_cred_id_rec {
+    /* protect against simultaneous accesses */
+    k5_mutex_t lock;
+
+    /* name/type of credential */
+    gss_cred_usage_t usage;
+    krb5_gss_name_t name;
+    krb5_principal acceptor_mprinc;
+    krb5_principal impersonator;
+    unsigned int default_identity : 1;
+    unsigned int iakerb_mech : 1;
+    unsigned int destroy_ccache : 1;
+    unsigned int suppress_ci_flags : 1;
+
+    /* keytab (accept) data */
+    krb5_keytab keytab;
+    krb5_rcache rcache;
+
+    /* ccache (init) data */
+    krb5_ccache ccache;
+    krb5_keytab client_keytab;
+    krb5_boolean have_tgt;
+    krb5_timestamp expire;
+    krb5_timestamp refresh_time;
+    krb5_enctype *req_enctypes;  /* limit negotiated enctypes to this list */
+    char *password;
+} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t;
+
+typedef struct _krb5_gss_ctx_ext_rec {
+    struct {
+        krb5_data *conv;
+        int verified;
+    } iakerb;
+} krb5_gss_ctx_ext_rec, *krb5_gss_ctx_ext_t;
+
+typedef struct _krb5_gss_ctx_id_rec {
+    krb5_magic magic;
+    unsigned int initiate : 1;   /* nonzero if initiating, zero if accepting */
+    unsigned int established : 1;
+    unsigned int have_acceptor_subkey : 1;
+    unsigned int seed_init : 1;  /* XXX tested but never actually set */
+    unsigned int terminated : 1;
+    OM_uint32 gss_flags;
+    unsigned char seed[16];
+    krb5_gss_name_t here;
+    krb5_gss_name_t there;
+    krb5_key subkey; /* One of two potential keys to use with RFC 4121
+                      * packets; this key must always be set. */
+    int signalg;
+    size_t cksum_size;
+    int sealalg;
+    krb5_key enc; /* RFC 1964 encryption key; seq xored with a constant
+                   * for DES, seq for other RFC 1964 enctypes  */
+    krb5_key seq; /* RFC 1964 sequencing key */
+    krb5_ticket_times krb_times;
+    krb5_flags krb_flags;
+    /* XXX these used to be signed.  the old spec is inspecific, and
+       the new spec specifies unsigned.  I don't believe that the change
+       affects the wire encoding. */
+    uint64_t seq_send;
+    uint64_t seq_recv;
+    g_seqnum_state seqstate;
+    krb5_context k5_context;
+    krb5_auth_context auth_context;
+    gss_OID_desc *mech_used;
+    /* Protocol spec revision for sending packets
+       0 => RFC 1964 with 3DES and RC4 enhancements
+       1 => RFC 4121
+       No others defined so far.  It is always permitted to receive
+       tokens in RFC 4121 format.  If enc is non-null, receiving RFC
+       1964 tokens is permitted.*/
+    int proto;
+    krb5_cksumtype cksumtype;    /* for "main" subkey */
+    krb5_key acceptor_subkey; /* CFX only */
+    krb5_cksumtype acceptor_subkey_cksumtype;
+    int cred_rcache;             /* did we get rcache from creds? */
+    krb5_authdata **authdata;
+} krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t;
+
+extern g_set kg_vdb;
+
+#ifndef LEAN_CLIENT
+extern k5_mutex_t gssint_krb5_keytab_lock;
+#endif /* LEAN_CLIENT */
+
+/** helper functions **/
+
+OM_uint32 kg_get_defcred
+(OM_uint32 *minor_status,
+ gss_cred_id_t *cred);
+
+krb5_error_code kg_checksum_channel_bindings
+(krb5_context context, gss_channel_bindings_t cb,
+ krb5_checksum *cksum);
+
+krb5_error_code kg_make_seq_num (krb5_context context,
+                                 krb5_key key,
+                                 int direction, krb5_ui_4 seqnum, unsigned char *cksum,
+                                 unsigned char *buf);
+
+krb5_error_code kg_get_seq_num (krb5_context context,
+                                krb5_key key,
+                                unsigned char *cksum, unsigned char *buf, int *direction,
+                                krb5_ui_4 *seqnum);
+
+krb5_error_code kg_make_seed (krb5_context context,
+                              krb5_key key,
+                              unsigned char *seed);
+
+krb5_error_code
+kg_setup_keys(krb5_context context,
+              krb5_gss_ctx_id_rec *ctx,
+              krb5_key subkey,
+              krb5_cksumtype *cksumtype);
+
+int kg_confounder_size (krb5_context context, krb5_enctype enctype);
+
+krb5_error_code kg_make_confounder (krb5_context context,
+                                    krb5_enctype enctype, unsigned char *buf);
+
+krb5_error_code kg_encrypt (krb5_context context,
+                            krb5_key key, int usage,
+                            krb5_pointer iv,
+                            krb5_const_pointer in,
+                            krb5_pointer out,
+                            unsigned int length);
+
+/* Encrypt length bytes at ptr in place, with the given key and usage.  If
+ * iv is not NULL, use it as the cipher state. */
+krb5_error_code kg_encrypt_inplace(krb5_context context, krb5_key key,
+                                   int usage, krb5_pointer iv,
+                                   krb5_pointer ptr, unsigned int length);
+
+krb5_error_code kg_encrypt_iov (krb5_context context,
+                                int proto, int dce_style,
+                                size_t ec, size_t rrc,
+                                krb5_key key, int usage,
+                                krb5_pointer iv,
+                                gss_iov_buffer_desc *iov,
+                                int iov_count);
+
+krb5_error_code
+kg_arcfour_docrypt (const krb5_keyblock *keyblock, int usage,
+                    const unsigned char *kd_data, size_t kd_data_len,
+                    const unsigned char *input_buf, size_t input_len,
+                    unsigned char *output_buf);
+
+krb5_error_code
+kg_arcfour_docrypt_iov (krb5_context context,
+                        const krb5_keyblock *keyblock, int usage,
+                        const unsigned char *kd_data, size_t kd_data_len,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count);
+
+krb5_error_code kg_decrypt (krb5_context context,
+                            krb5_key key,  int usage,
+                            krb5_pointer iv,
+                            krb5_const_pointer in,
+                            krb5_pointer out,
+                            unsigned int length);
+
+krb5_error_code kg_decrypt_iov (krb5_context context,
+                                int proto, int dce_style,
+                                size_t ec, size_t rrc,
+                                krb5_key key,  int usage,
+                                krb5_pointer iv,
+                                gss_iov_buffer_desc *iov,
+                                int iov_count);
+
+OM_uint32 kg_seal (OM_uint32 *minor_status,
+                   gss_ctx_id_t context_handle,
+                   int conf_req_flag,
+                   gss_qop_t qop_req,
+                   gss_buffer_t input_message_buffer,
+                   int *conf_state,
+                   gss_buffer_t output_message_buffer,
+                   int toktype);
+
+OM_uint32 kg_unseal (OM_uint32 *minor_status,
+                     gss_ctx_id_t context_handle,
+                     gss_buffer_t input_token_buffer,
+                     gss_buffer_t message_buffer,
+                     int *conf_state,
+                     gss_qop_t *qop_state,
+                     int toktype);
+
+OM_uint32 kg_seal_size (OM_uint32 *minor_status,
+                        gss_ctx_id_t context_handle,
+                        int conf_req_flag,
+                        gss_qop_t qop_req,
+                        OM_uint32 output_size,
+                        OM_uint32 *input_size);
+
+krb5_error_code kg_ctx_size (krb5_context kcontext,
+                             krb5_gss_ctx_id_t ctx,
+                             size_t *sizep);
+
+krb5_error_code kg_ctx_externalize (krb5_context kcontext,
+                                    krb5_gss_ctx_id_t ctx,
+                                    krb5_octet **buffer,
+                                    size_t *lenremain);
+
+krb5_error_code kg_ctx_internalize (krb5_context kcontext,
+                                    krb5_gss_ctx_id_t *argp,
+                                    krb5_octet **buffer,
+                                    size_t *lenremain);
+
+OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status);
+
+OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status,
+                                          int *out_caller_provided_name);
+
+OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, char **out_name);
+
+OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status,
+                              const char *name);
+
+/* AEAD */
+
+krb5_error_code gss_krb5int_make_seal_token_v3_iov(krb5_context context,
+                           krb5_gss_ctx_id_rec *ctx,
+                           int conf_req_flag,
+                           int *conf_state,
+                           gss_iov_buffer_desc *iov,
+                           int iov_count,
+                           int toktype);
+
+OM_uint32 gss_krb5int_unseal_v3_iov(krb5_context context,
+                          OM_uint32 *minor_status,
+                          krb5_gss_ctx_id_rec *ctx,
+                          gss_iov_buffer_desc *iov,
+                          int iov_count,
+                          int *conf_state,
+                          gss_qop_t *qop_state,
+                          int toktype);
+
+gss_iov_buffer_t kg_locate_iov (gss_iov_buffer_desc *iov,
+              int iov_count,
+              OM_uint32 type);
+
+gss_iov_buffer_t kg_locate_header_iov(gss_iov_buffer_desc *iov, int iov_count,
+                                      int toktype);
+
+void kg_iov_msglen(gss_iov_buffer_desc *iov,
+              int iov_count,
+              size_t *data_length,
+              size_t *assoc_data_length);
+
+void kg_release_iov(gss_iov_buffer_desc *iov,
+               int iov_count);
+
+krb5_error_code kg_make_checksum_iov_v1(krb5_context context,
+                krb5_cksumtype type,
+                size_t token_cksum_len,
+                krb5_key seq,
+                krb5_key enc, /* for conf len */
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                int toktype,
+                krb5_checksum *checksum);
+
+krb5_error_code kg_make_checksum_iov_v3(krb5_context context,
+                krb5_cksumtype type,
+                size_t rrc,
+                krb5_key key,
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                int toktype);
+
+krb5_error_code kg_verify_checksum_iov_v3(krb5_context context,
+                krb5_cksumtype type,
+                size_t rrc,
+                krb5_key key,
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                int toktype,
+                krb5_boolean *valid);
+
+OM_uint32 kg_seal_iov (OM_uint32 *minor_status,
+            gss_ctx_id_t context_handle,
+            int conf_req_flag,
+            gss_qop_t qop_req,
+            int *conf_state,
+            gss_iov_buffer_desc *iov,
+            int iov_count,
+            int toktype);
+
+OM_uint32 kg_unseal_iov (OM_uint32 *minor_status,
+            gss_ctx_id_t context_handle,
+            int *conf_state,
+            gss_qop_t *qop_state,
+            gss_iov_buffer_desc *iov,
+            int iov_count,
+            int toktype);
+
+OM_uint32 kg_seal_iov_length(OM_uint32 *minor_status,
+           gss_ctx_id_t context_handle,
+           int conf_req_flag,
+           gss_qop_t qop_req,
+           int *conf_state,
+           gss_iov_buffer_desc *iov,
+           int iov_count,
+           int toktype);
+
+krb5_cryptotype kg_translate_flag_iov(OM_uint32 type);
+
+OM_uint32 kg_fixup_padding_iov(OM_uint32 *minor_status,
+        gss_iov_buffer_desc *iov,
+        int iov_count);
+
+krb5_boolean kg_integ_only_iov(gss_iov_buffer_desc *iov, int iov_count);
+
+krb5_error_code kg_allocate_iov(gss_iov_buffer_t iov, size_t size);
+
+krb5_error_code
+krb5_to_gss_cred(krb5_context context,
+                 krb5_creds *creds,
+                 krb5_gss_cred_id_t *out_cred);
+
+krb5_boolean
+kg_cred_time_to_refresh(krb5_context context, krb5_gss_cred_id_rec *cred);
+
+void
+kg_cred_set_initial_refresh(krb5_context context, krb5_gss_cred_id_rec *cred,
+                            krb5_ticket_times *times);
+
+OM_uint32
+kg_cred_resolve(OM_uint32 *minor_status, krb5_context context,
+                gss_cred_id_t cred_handle, gss_name_t target_name);
+
+/** declarations of internal name mechanism functions **/
+
+OM_uint32 KRB5_CALLCONV krb5_gss_acquire_cred
+(OM_uint32*,       /* minor_status */
+ gss_name_t,       /* desired_name */
+ OM_uint32,        /* time_req */
+ gss_OID_set,      /* desired_mechs */
+ gss_cred_usage_t, /* cred_usage */
+ gss_cred_id_t*,   /* output_cred_handle */
+ gss_OID_set*,     /* actual_mechs */
+ OM_uint32*        /* time_rec */
+);
+
+OM_uint32 KRB5_CALLCONV iakerb_gss_acquire_cred
+(OM_uint32*,       /* minor_status */
+ gss_name_t,       /* desired_name */
+ OM_uint32,        /* time_req */
+ gss_OID_set,      /* desired_mechs */
+ gss_cred_usage_t, /* cred_usage */
+ gss_cred_id_t*,   /* output_cred_handle */
+ gss_OID_set*,     /* actual_mechs */
+ OM_uint32*        /* time_rec */
+);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_acquire_cred_with_password(
+    OM_uint32 *minor_status,
+    const gss_name_t desired_name,
+    const gss_buffer_t password,
+    OM_uint32 time_req,
+    const gss_OID_set desired_mechs,
+    int cred_usage,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_acquire_cred_with_password(
+    OM_uint32 *minor_status,
+    const gss_name_t desired_name,
+    const gss_buffer_t password,
+    OM_uint32 time_req,
+    const gss_OID_set desired_mechs,
+    int cred_usage,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_acquire_cred_from(OM_uint32 *minor_status,
+                             const gss_name_t desired_name,
+                             OM_uint32 time_req,
+                             const gss_OID_set desired_mechs,
+                             gss_cred_usage_t cred_usage,
+                             gss_const_key_value_set_t cred_store,
+                             gss_cred_id_t *output_cred_handle,
+                             gss_OID_set *actual_mechs,
+                             OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_release_cred
+(OM_uint32*,       /* minor_status */
+ gss_cred_id_t*    /* cred_handle */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_init_sec_context
+(OM_uint32*,       /* minor_status */
+ gss_cred_id_t,    /* claimant_cred_handle */
+ gss_ctx_id_t*,    /* context_handle */
+ gss_name_t,       /* target_name */
+ gss_OID,          /* mech_type */
+ OM_uint32,        /* req_flags */
+ OM_uint32,        /* time_req */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_buffer_t,     /* input_token */
+ gss_OID*,         /* actual_mech_type */
+ gss_buffer_t,     /* output_token */
+ OM_uint32*,       /* ret_flags */
+ OM_uint32*        /* time_rec */
+);
+
+OM_uint32 krb5_gss_init_sec_context_ext
+(OM_uint32*,       /* minor_status */
+ gss_cred_id_t,    /* claimant_cred_handle */
+ gss_ctx_id_t*,    /* context_handle */
+ gss_name_t,       /* target_name */
+ gss_OID,          /* mech_type */
+ OM_uint32,        /* req_flags */
+ OM_uint32,        /* time_req */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_buffer_t,     /* input_token */
+ gss_OID*,         /* actual_mech_type */
+ gss_buffer_t,     /* output_token */
+ OM_uint32*,       /* ret_flags */
+ OM_uint32*,       /* time_rec */
+ krb5_gss_ctx_ext_t /* exts */
+);
+
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV krb5_gss_accept_sec_context
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t*,    /* context_handle */
+ gss_cred_id_t,    /* verifier_cred_handle */
+ gss_buffer_t,     /* input_token_buffer */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_name_t*,      /* src_name */
+ gss_OID*,         /* mech_type */
+ gss_buffer_t,     /* output_token */
+ OM_uint32*,       /* ret_flags */
+ OM_uint32*,       /* time_rec */
+ gss_cred_id_t*    /* delegated_cred_handle */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_accept_sec_context_ext
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t*,    /* context_handle */
+ gss_cred_id_t,    /* verifier_cred_handle */
+ gss_buffer_t,     /* input_token_buffer */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_name_t*,      /* src_name */
+ gss_OID*,         /* mech_type */
+ gss_buffer_t,     /* output_token */
+ OM_uint32*,       /* ret_flags */
+ OM_uint32*,       /* time_rec */
+ gss_cred_id_t*,   /* delegated_cred_handle */
+ krb5_gss_ctx_ext_t/*exts */
+);
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV krb5_gss_inquire_sec_context_by_oid
+(OM_uint32*,       /* minor_status */
+ const gss_ctx_id_t,
+ /* context_handle */
+ const gss_OID,    /* desired_object */
+ gss_buffer_set_t* /* data_set */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_set_sec_context_option
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t*,    /* context_handle */
+ const gss_OID,    /* desired_object */
+ const gss_buffer_t/* value */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_process_context_token
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t,     /* context_handle */
+ gss_buffer_t      /* token_buffer */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_delete_sec_context
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t*,    /* context_handle */
+ gss_buffer_t      /* output_token */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_context_time
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t,     /* context_handle */
+ OM_uint32*        /* time_rec */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_display_status
+(OM_uint32*,       /* minor_status */
+ OM_uint32,        /* status_value */
+ int,              /* status_type */
+ gss_OID,          /* mech_type */
+ OM_uint32*,       /* message_context */
+ gss_buffer_t      /* status_string */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_indicate_mechs
+(OM_uint32*,       /* minor_status */
+ gss_OID_set*      /* mech_set */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_compare_name
+(OM_uint32*,       /* minor_status */
+ gss_name_t,       /* name1 */
+ gss_name_t,       /* name2 */
+ int*              /* name_equal */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_display_name
+(OM_uint32*,      /* minor_status */
+ gss_name_t,      /* input_name */
+ gss_buffer_t,    /* output_name_buffer */
+ gss_OID*         /* output_name_type */
+);
+
+
+OM_uint32 KRB5_CALLCONV krb5_gss_import_name
+(OM_uint32*,       /* minor_status */
+ gss_buffer_t,     /* input_name_buffer */
+ gss_OID,          /* input_name_type */
+ gss_name_t*       /* output_name */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_release_name
+(OM_uint32*,       /* minor_status */
+ gss_name_t*       /* input_name */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_inquire_cred
+(OM_uint32 *,      /* minor_status */
+ gss_cred_id_t,    /* cred_handle */
+ gss_name_t *,     /* name */
+ OM_uint32 *,      /* lifetime */
+ gss_cred_usage_t*,/* cred_usage */
+ gss_OID_set *     /* mechanisms */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_inquire_context
+(OM_uint32*,       /* minor_status */
+ gss_ctx_id_t,     /* context_handle */
+ gss_name_t*,      /* initiator_name */
+ gss_name_t*,      /* acceptor_name */
+ OM_uint32*,       /* lifetime_rec */
+ gss_OID*,         /* mech_type */
+ OM_uint32*,       /* ret_flags */
+ int*,             /* locally_initiated */
+ int*              /* open */
+);
+
+/* New V2 entry points */
+OM_uint32 KRB5_CALLCONV krb5_gss_get_mic
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_qop_t,                  /* qop_req */
+ gss_buffer_t,               /* message_buffer */
+ gss_buffer_t                /* message_token */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_get_mic_iov
+(OM_uint32 *,                /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_qop_t,                  /* qop_req */
+ gss_iov_buffer_desc *,      /* iov */
+ int                         /* iov_count */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_get_mic_iov_length
+(OM_uint32 *,                /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_qop_t,                  /* qop_req */
+ gss_iov_buffer_desc *,      /* iov */
+ int                         /* iov_count */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_verify_mic
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_buffer_t,               /* message_buffer */
+ gss_buffer_t,               /* message_token */
+ gss_qop_t *                 /* qop_state */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_verify_mic_iov
+(OM_uint32 *,                /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_qop_t *,                /* qop_state */
+ gss_iov_buffer_desc *,      /* iov */
+ int                         /* iov_count */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_wrap
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ int,                        /* conf_req_flag */
+ gss_qop_t,                  /* qop_req */
+ gss_buffer_t,               /* input_message_buffer */
+ int *,                      /* conf_state */
+ gss_buffer_t                /* output_message_buffer */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_wrap_iov
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,              /* context_handle */
+ int,                       /* conf_req_flag */
+ gss_qop_t,                 /* qop_req */
+ int *,                     /* conf_state */
+ gss_iov_buffer_desc *,     /* iov */
+ int                        /* iov_count */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_wrap_iov_length
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,              /* context_handle */
+ int,                       /* conf_req_flag */
+ gss_qop_t,                 /* qop_req */
+ int *,                     /* conf_state */
+ gss_iov_buffer_desc *,     /* iov */
+ int                        /* iov_count */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_unwrap
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ gss_buffer_t,               /* input_message_buffer */
+ gss_buffer_t,               /* output_message_buffer */
+ int *,                      /* conf_state */
+ gss_qop_t *                 /* qop_state */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_unwrap_iov
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,              /* context_handle */
+ int *,                     /* conf_state */
+ gss_qop_t *,               /* qop_state */
+ gss_iov_buffer_desc *,     /* iov */
+ int                        /* iov_count */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_wrap_size_limit
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t,               /* context_handle */
+ int,                        /* conf_req_flag */
+ gss_qop_t,                  /* qop_req */
+ OM_uint32,                  /* req_output_size */
+ OM_uint32 *                 /* max_input_size */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_import_name_object
+(OM_uint32 *,           /* minor_status */
+ void *,                     /* input_name */
+ gss_OID,                    /* input_name_type */
+ gss_name_t *                /* output_name */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_export_name_object
+(OM_uint32 *,           /* minor_status */
+ gss_name_t,                 /* input_name */
+ gss_OID,                    /* desired_name_type */
+ void * *                    /* output_name */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_inquire_cred_by_mech
+(OM_uint32  *,          /* minor_status */
+ gss_cred_id_t,              /* cred_handle */
+ gss_OID,                    /* mech_type */
+ gss_name_t *,               /* name */
+ OM_uint32 *,                /* initiator_lifetime */
+ OM_uint32 *,                /* acceptor_lifetime */
+ gss_cred_usage_t *          /* cred_usage */
+);
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV krb5_gss_export_sec_context
+(OM_uint32 *,           /* minor_status */
+ gss_ctx_id_t *,             /* context_handle */
+ gss_buffer_t                /* interprocess_token */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_import_sec_context
+(OM_uint32 *,           /* minor_status */
+ gss_buffer_t,               /* interprocess_token */
+ gss_ctx_id_t *              /* context_handle */
+);
+#endif /* LEAN_CLIENT */
+
+OM_uint32 krb5_gss_release_oid
+(OM_uint32 *,           /* minor_status */
+ gss_OID *                   /* oid */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_internal_release_oid
+(OM_uint32 *,           /* minor_status */
+ gss_OID *                   /* oid */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_inquire_names_for_mech
+(OM_uint32 *,           /* minor_status */
+ gss_OID,                    /* mechanism */
+ gss_OID_set *               /* name_types */
+);
+
+OM_uint32 krb5_gss_canonicalize_name
+(OM_uint32  *,          /* minor_status */
+ const gss_name_t,           /* input_name */
+ const gss_OID,              /* mech_type */
+ gss_name_t *                /* output_name */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_export_name
+(OM_uint32  *,          /* minor_status */
+ const gss_name_t,           /* input_name */
+ gss_buffer_t                /* exported_name */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_duplicate_name
+(OM_uint32  *,          /* minor_status */
+ const gss_name_t,           /* input_name */
+ gss_name_t *                /* dest_name */
+);
+
+OM_uint32 krb5_gss_validate_cred
+(OM_uint32 *,           /* minor_status */
+ gss_cred_id_t               /* cred */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_acquire_cred_impersonate_name(
+    OM_uint32 *,            /* minor_status */
+    const gss_cred_id_t,    /* impersonator_cred_handle */
+    const gss_name_t,       /* desired_name */
+    OM_uint32,              /* time_req */
+    const gss_OID_set,      /* desired_mechs */
+    gss_cred_usage_t,       /* cred_usage */
+    gss_cred_id_t *,        /* output_cred_handle */
+    gss_OID_set *,          /* actual_mechs */
+    OM_uint32 *);           /* time_rec */
+
+OM_uint32
+krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */,
+                         gss_cred_id_t /* cred_handle */,
+                         krb5_context /* context */);
+
+gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid);
+
+krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context,
+                                               krb5_gss_ctx_id_rec *,
+                                               const gss_buffer_desc *,
+                                               gss_buffer_t,
+                                               int, int);
+
+OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr,
+                                      OM_uint32 *minor_status,
+                                      krb5_gss_ctx_id_rec *ctx,
+                                      unsigned char *ptr,
+                                      unsigned int bodysize,
+                                      gss_buffer_t message_buffer,
+                                      int *conf_state, gss_qop_t *qop_state,
+                                      int toktype);
+
+int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc);
+
+/* naming_exts.c */
+#define KG_INIT_NAME_NO_COPY 0x1
+
+krb5_error_code
+kg_init_name(krb5_context context, krb5_principal principal,
+             char *service, char *host, krb5_authdata_context ad_context,
+             krb5_flags flags, krb5_gss_name_t *name);
+
+krb5_error_code
+kg_release_name(krb5_context context, krb5_gss_name_t *name);
+
+krb5_error_code
+kg_duplicate_name(krb5_context context, const krb5_gss_name_t src,
+                  krb5_gss_name_t *dst);
+
+krb5_boolean
+kg_compare_name(krb5_context context,
+                krb5_gss_name_t name1,
+                krb5_gss_name_t name2);
+
+krb5_boolean
+kg_acceptor_princ(krb5_context context, krb5_gss_name_t name,
+                  krb5_principal *princ_out);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_display_name_ext(OM_uint32 *minor_status,
+                          gss_name_t name,
+                          gss_OID display_as_name_type,
+                          gss_buffer_t display_name);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_name(OM_uint32 *minor_status,
+                      gss_name_t name,
+                      int *name_is_MN,
+                      gss_OID *MN_mech,
+                      gss_buffer_set_t *attrs);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_get_name_attribute(OM_uint32 *minor_status,
+                            gss_name_t name,
+                            gss_buffer_t attr,
+                            int *authenticated,
+                            int *complete,
+                            gss_buffer_t value,
+                            gss_buffer_t display_value,
+                            int *more);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_set_name_attribute(OM_uint32 *minor_status,
+                            gss_name_t name,
+                            int complete,
+                            gss_buffer_t attr,
+                            gss_buffer_t value);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_delete_name_attribute(OM_uint32 *minor_status,
+                               gss_name_t name,
+                               gss_buffer_t attr);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_export_name_composite(OM_uint32 *minor_status,
+                               gss_name_t name,
+                               gss_buffer_t exp_composite_name);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_map_name_to_any(OM_uint32 *minor_status,
+                         gss_name_t name,
+                         int authenticated,
+                         gss_buffer_t type_id,
+                         gss_any_t *output);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_release_any_name_mapping(OM_uint32 *minor_status,
+                                  gss_name_t name,
+                                  gss_buffer_t type_id,
+                                  gss_any_t *input);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_pseudo_random(OM_uint32 *minor_status,
+                       gss_ctx_id_t context,
+                       int prf_key,
+                       const gss_buffer_t prf_in,
+                       ssize_t desired_output_len,
+                       gss_buffer_t prf_out);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_store_cred(OM_uint32 *minor_status,
+                    gss_cred_id_t input_cred_handle,
+                    gss_cred_usage_t cred_usage,
+                    const gss_OID desired_mech,
+                    OM_uint32 overwrite_cred,
+                    OM_uint32 default_cred,
+                    gss_OID_set *elements_stored,
+                    gss_cred_usage_t *cred_usage_stored);
+
+/* s4u_gss_glue.c */
+OM_uint32
+kg_compose_deleg_cred(OM_uint32 *minor_status,
+                      krb5_gss_cred_id_t impersonator_cred,
+                      krb5_creds *subject_creds,
+                      OM_uint32 time_req,
+                      krb5_gss_cred_id_t *output_cred,
+                      OM_uint32 *time_rec,
+                      krb5_context context);
+
+/*
+ * These take unglued krb5-mech-specific contexts.
+ */
+
+#define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11
+#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01"
+
+OM_uint32 gss_krb5int_get_tkt_flags
+(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+
+#define GSS_KRB5_COPY_CCACHE_OID_LENGTH 11
+#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02"
+
+OM_uint32 gss_krb5int_copy_ccache
+(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_oid,
+ const gss_buffer_t value);
+
+#define GSS_KRB5_CCACHE_NAME_OID_LENGTH 11
+#define GSS_KRB5_CCACHE_NAME_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03"
+
+struct krb5_gss_ccache_name_req {
+    const char *name;
+    const char **out_name;
+};
+
+OM_uint32
+gss_krb5int_ccache_name(OM_uint32 *minor_status, const gss_OID, const gss_OID,
+                        const gss_buffer_t);
+
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11
+#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"
+#define GSS_KRB5_INQ_ODBC_SESSION_KEY_OID_LENGTH 11
+#define GSS_KRB5_INQ_ODBC_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x13"
+
+OM_uint32
+gss_krb5int_inq_sspi_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
+OM_uint32
+gss_krb5int_inq_odbc_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
+
+#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11
+#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04"
+
+struct krb5_gss_set_allowable_enctypes_req {
+    OM_uint32 num_ktypes;
+    krb5_enctype *ktypes;
+};
+
+OM_uint32
+gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
+                                   gss_cred_id_t *cred,
+                                   const gss_OID desired_oid,
+                                   const gss_buffer_t value);
+
+#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06"
+
+OM_uint32
+gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status,
+                                     const gss_ctx_id_t context_handle,
+                                     const gss_OID desired_object,
+                                     gss_buffer_set_t *data_set);
+
+#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07"
+
+OM_uint32
+gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID,
+                                   const gss_OID, gss_buffer_t);
+
+extern k5_mutex_t kg_kdc_flag_mutex;
+krb5_error_code krb5_gss_init_context (krb5_context *ctxp);
+
+#define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08"
+
+OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID,
+                                      const gss_OID, gss_buffer_t);
+
+krb5_error_code krb5_gss_use_kdc_context(void);
+
+#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11
+#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09"
+
+OM_uint32
+gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
+
+#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a"
+
+OM_uint32
+gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+                                                const gss_ctx_id_t context_handle,
+                                                const gss_OID desired_object,
+                                                gss_buffer_set_t *ad_data);
+
+#define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11
+#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b"
+
+OM_uint32
+gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t *, const gss_OID, const gss_buffer_t);
+
+#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11
+#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c"
+
+OM_uint32
+gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *,
+                                              const gss_ctx_id_t,
+                                              const gss_OID,
+                                              gss_buffer_set_t *);
+
+#define GET_SEC_CONTEXT_SASL_SSF_OID_LENGTH 11
+#define GET_SEC_CONTEXT_SASL_SSF_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0f"
+OM_uint32
+gss_krb5int_sec_context_sasl_ssf(OM_uint32 *, const gss_ctx_id_t,
+                                 const gss_OID, gss_buffer_set_t *);
+
+#define GSS_KRB5_IMPORT_CRED_OID_LENGTH 11
+#define GSS_KRB5_IMPORT_CRED_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0d"
+
+struct krb5_gss_import_cred_req {
+    krb5_ccache id;
+    krb5_principal keytab_principal;
+    krb5_keytab keytab;
+};
+
+OM_uint32
+gss_krb5int_import_cred(OM_uint32 *minor_status,
+                        gss_cred_id_t *cred,
+                        const gss_OID desired_oid,
+                        const gss_buffer_t value);
+
+#ifdef _GSS_STATIC_LINK
+int gss_krb5int_lib_init(void);
+void gss_krb5int_lib_fini(void);
+#endif /* _GSS_STATIC_LINK */
+
+OM_uint32 gss_krb5int_initialize_library(void);
+void gss_krb5int_cleanup_library(void);
+
+/* For error message handling.  */
+/* Returns a shared string, not a private copy!  */
+extern char *
+krb5_gss_get_error_message(OM_uint32 minor_code);
+extern void
+krb5_gss_save_error_string(OM_uint32 minor_code, char *msg);
+extern void
+krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 3)))
+#endif
+    ;
+    extern void
+    krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx);
+#define get_error_message krb5_gss_get_error_message
+#define save_error_string krb5_gss_save_error_string
+#define save_error_message krb5_gss_save_error_message
+#ifdef KRB5_KERNEL
+/* Error messages aren't needed in the kernel, so reduce dependencies. */
+#define save_error_info(x,y)
+#else
+#define save_error_info krb5_gss_save_error_info
+#endif
+extern void krb5_gss_delete_error_info(void *p);
+
+/* Prefix concatenated with Kerberos encryption type */
+#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10
+#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID  "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04"
+
+/* IAKERB */
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_init_sec_context(OM_uint32 *minor_status,
+                            gss_cred_id_t claimant_cred_handle,
+                            gss_ctx_id_t *context_handle,
+                            gss_name_t target_name,
+                            gss_OID mech_type,
+                            OM_uint32 req_flags,
+                            OM_uint32 time_req,
+                            gss_channel_bindings_t input_chan_bindings,
+                            gss_buffer_t input_token,
+                            gss_OID *actual_mech_type,
+                            gss_buffer_t output_token,
+                            OM_uint32 *ret_flags,
+                            OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_accept_sec_context(OM_uint32 *minor_status,
+                              gss_ctx_id_t *context_handler,
+                              gss_cred_id_t verifier_cred_handle,
+                              gss_buffer_t input_token,
+                              gss_channel_bindings_t input_chan_bindings,
+                              gss_name_t *src_name,
+                              gss_OID *mech_type,
+                              gss_buffer_t output_token,
+                              OM_uint32 *ret_flags,
+                              OM_uint32 *time_rec,
+                              gss_cred_id_t *delegated_cred_handle);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_delete_sec_context(OM_uint32 *minor_status,
+                              gss_ctx_id_t *context_handle,
+                              gss_buffer_t output_token);
+
+krb5_error_code
+iakerb_make_finished(krb5_context context,
+                     krb5_key key,
+                     const krb5_data *conv,
+                     krb5_data **finished);
+
+krb5_error_code
+iakerb_verify_finished(krb5_context context,
+                       krb5_key key,
+                       const krb5_data *conv,
+                       const krb5_data *finished);
+
+/*
+ * Transfer contents of a krb5_data to a gss_buffer and invalidate the source
+ * On unix, this is a simple pointer copy
+ * On windows, memory is reallocated and copied.
+ */
+static inline krb5_error_code
+data_to_gss(krb5_data *input_k5data, gss_buffer_t output_buffer)
+{
+    krb5_error_code code = 0;
+    output_buffer->length = input_k5data->length;
+#if defined(_WIN32) || defined(DEBUG_GSSALLOC)
+    if (output_buffer->length > 0) {
+        output_buffer->value = gssalloc_malloc(output_buffer->length);
+        if (output_buffer->value)
+            memcpy(output_buffer->value, input_k5data->data, output_buffer->length);
+        else
+            code = ENOMEM;
+    } else {
+        output_buffer->value = NULL;
+    }
+    free(input_k5data->data);
+#else
+    output_buffer->value = input_k5data->data;
+#endif
+    *input_k5data = empty_data();
+    return code;
+}
+
+#define KRB5_GSS_EXTS_IAKERB_FINISHED 1
+
+
+/* Credential store extensions */
+
+#define KRB5_CS_CLI_KEYTAB_URN "client_keytab"
+#define KRB5_CS_KEYTAB_URN "keytab"
+#define KRB5_CS_CCACHE_URN "ccache"
+#define KRB5_CS_RCACHE_URN "rcache"
+#define KRB5_CS_PASSWORD_URN "password"
+#define KRB5_CS_VERIFY_URN "verify"
+
+OM_uint32
+kg_value_from_cred_store(gss_const_key_value_set_t cred_store,
+                         const char *type, const char **value);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_acquire_cred_from(
+    OM_uint32 *,               /* minor_status */
+    const gss_name_t,          /* desired_name */
+    OM_uint32,                 /* time_req */
+    const gss_OID_set,         /* desired_mechs */
+    gss_cred_usage_t,          /* cred_usage */
+    gss_const_key_value_set_t, /* cred_store */
+    gss_cred_id_t *,           /* output_cred_handle */
+    gss_OID_set *,             /* actual_mechs */
+    OM_uint32 *);              /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_store_cred_into(
+    OM_uint32 *,               /* minor_status */
+    gss_cred_id_t,             /* input_cred_handle */
+    gss_cred_usage_t,          /* input_usage */
+    const gss_OID,             /* desired_mech */
+    OM_uint32,                 /* overwrite_cred */
+    OM_uint32,                 /* default_cred */
+    gss_const_key_value_set_t, /* cred_store */
+    gss_OID_set *,             /* elements_stored */
+    gss_cred_usage_t *);       /* cred_usage_stored */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_export_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
+                     gss_buffer_t token);
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
+                     gss_cred_id_t *cred_handle);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_process_context_token(OM_uint32 *minor_status,
+                                 const gss_ctx_id_t context_handle,
+                                 const gss_buffer_t token_buffer);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_context_time(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                        OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_context(OM_uint32 *minor_status,
+                           gss_ctx_id_t context_handle, gss_name_t *src_name,
+                           gss_name_t *targ_name, OM_uint32 *lifetime_rec,
+                           gss_OID *mech_type, OM_uint32 *ctx_flags,
+                           int *locally_initiated, int *opened);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                   gss_qop_t qop_req, gss_buffer_t message_buffer,
+                   gss_buffer_t message_token);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                       gss_qop_t qop_req, gss_iov_buffer_desc *iov,
+                       int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov_length(OM_uint32 *minor_status,
+                              gss_ctx_id_t context_handle, gss_qop_t qop_req,
+                              gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                      gss_buffer_t msg_buffer, gss_buffer_t token_buffer,
+                      gss_qop_t *qop_state);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                          gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
+                          int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                int conf_req_flag, gss_qop_t qop_req,
+                gss_buffer_t input_message_buffer, int *conf_state,
+                gss_buffer_t output_message_buffer);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                    int conf_req_flag, gss_qop_t qop_req, int *conf_state,
+                    gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov_length(OM_uint32 *minor_status,
+                           gss_ctx_id_t context_handle, int conf_req_flag,
+                           gss_qop_t qop_req, int *conf_state,
+                           gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                  gss_buffer_t input_message_buffer,
+                  gss_buffer_t output_message_buffer, int *conf_state,
+                  gss_qop_t *qop_state);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                      int *conf_state, gss_qop_t *qop_state,
+                      gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_size_limit(OM_uint32 *minor_status,
+                           gss_ctx_id_t context_handle, int conf_req_flag,
+                           gss_qop_t qop_req, OM_uint32 req_output_size,
+                           OM_uint32 *max_input_size);
+
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_export_sec_context(OM_uint32 *minor_status,
+                              gss_ctx_id_t *context_handle,
+                              gss_buffer_t interprocess_token);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_import_sec_context(OM_uint32 *minor_status,
+                              const gss_buffer_t interprocess_token,
+                              gss_ctx_id_t *context_handle);
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+                                      const gss_ctx_id_t context_handle,
+                                      const gss_OID desired_object,
+                                      gss_buffer_set_t *data_set);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_set_sec_context_option(OM_uint32 *minor_status,
+                                  gss_ctx_id_t *context_handle,
+                                  const gss_OID desired_object,
+                                  const gss_buffer_t value);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                         int prf_key, const gss_buffer_t prf_in,
+                         ssize_t desired_output_len, gss_buffer_t prf_out);
+
+/* Magic string to identify exported krb5 GSS credentials.  Increment this if
+ * the format changes. */
+#define CRED_EXPORT_MAGIC "K5C1"
+
+OM_uint32
+gss_krb5int_get_cred_impersonator(OM_uint32 *minor_status,
+                                  const gss_cred_id_t cred_handle,
+                                  const gss_OID desired_object,
+                                  gss_buffer_set_t *data_set);
+
+#endif /* _GSSAPIP_KRB5_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_err_krb5.et b/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_err_krb5.et
new file mode 100644
index 00000000..6396d590
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_err_krb5.et
@@ -0,0 +1,42 @@
+# 
+# Copyright 1993 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+# 
+
+error_table k5g
+
+error_code KG_CCACHE_NOMATCH, "Principal in credential cache does not match desired name"
+error_code KG_KEYTAB_NOMATCH, "No principal in keytab matches desired name"
+error_code KG_TGT_MISSING, "Credential cache has no TGT"
+error_code KG_NO_SUBKEY, "Authenticator has no subkey"
+error_code KG_CONTEXT_ESTABLISHED, "Context is already fully established"
+error_code KG_BAD_SIGN_TYPE, "Unknown signature type in token"
+error_code KG_BAD_LENGTH, "Invalid field length in token"
+error_code KG_CTX_INCOMPLETE, "Attempt to use incomplete security context"
+error_code KG_CONTEXT, "Bad magic number for krb5_gss_ctx_id_t"
+error_code KG_CRED, "Bad magic number for krb5_gss_cred_id_t"
+error_code KG_ENC_DESC, "Bad magic number for krb5_gss_enc_desc"
+error_code KG_BAD_SEQ, "Sequence number in token is corrupt"
+error_code KG_EMPTY_CCACHE, "Credential cache is empty"
+error_code KG_NO_CTYPES, "Acceptor and Initiator share no checksum types"
+error_code KG_LUCID_VERSION, "Requested lucid context version not supported"
+error_code KG_INPUT_TOO_LONG, "PRF input too long"
+error_code KG_IAKERB_CONTEXT, "Bad magic number for iakerb_ctx_id_t"
+end
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c b/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c
new file mode 100644
index 00000000..1e62b07c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -0,0 +1,1132 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * $Id$
+ */
+
+
+#include "gssapiP_krb5.h"
+#include "mglueP.h"
+
+#ifndef NO_PASSWORD
+#include <pwd.h>
+#endif
+
+/** exported constants defined in gssapi_krb5{,_nx}.h **/
+
+/* these are bogus, but will compile */
+
+/*
+ * The OID of the draft krb5 mechanism, assigned by IETF, is:
+ *      iso(1) org(3) dod(5) internet(1) security(5)
+ *      kerberosv5(2) = 1.3.5.1.5.2
+ * The OID of the krb5_name type is:
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) krb5_name(1) = 1.2.840.113554.1.2.2.1
+ * The OID of the krb5_principal type is:
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) krb5_principal(2) = 1.2.840.113554.1.2.2.2
+ * The OID of the proposed standard krb5 mechanism is:
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) = 1.2.840.113554.1.2.2
+ * The OID of the proposed standard krb5 v2 mechanism is:
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5v2(3) = 1.2.840.113554.1.2.3
+ * Provisionally reserved for Kerberos session key algorithm
+ * identifiers is:
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) krb5_enctype(4) = 1.2.840.113554.1.2.2.4
+ * Provisionally reserved for Kerberos mechanism-specific APIs:
+ *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
+ *      krb5(2) krb5_gssapi_ext(5) = 1.2.840.113554.1.2.2.5
+ */
+
+/*
+ * Encoding rules: The first two values are encoded in one byte as 40
+ * * value1 + value2.  Subsequent values are encoded base 128, most
+ * significant digit first, with the high bit (\200) set on all octets
+ * except the last in each value's encoding.
+ */
+
+#define NO_CI_FLAGS_X_OID_LENGTH 6
+#define NO_CI_FLAGS_X_OID "\x2a\x85\x70\x2b\x0d\x1d"
+#define GET_CRED_IMPERSONATOR_OID_LENGTH 11
+#define GET_CRED_IMPERSONATOR_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0e"
+
+const gss_OID_desc krb5_gss_oid_array[] = {
+    /* this is the official, rfc-specified OID */
+    {GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID},
+    /* this pre-RFC mech OID */
+    {GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID},
+    /* this is the unofficial, incorrect mech OID emitted by MS */
+    {GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID},
+    /* IAKERB OID */
+    {GSS_MECH_IAKERB_OID_LENGTH, GSS_MECH_IAKERB_OID},
+    /* this is the v2 assigned OID */
+    {9, "\052\206\110\206\367\022\001\002\003"},
+    /* these two are name type OID's */
+    /* 2.1.1. Kerberos Principal Name Form:  (rfc 1964)
+     * This name form shall be represented by the Object Identifier {iso(1)
+     * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+     * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
+     * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
+    {10, "\052\206\110\206\367\022\001\002\002\001"},
+    /* gss_nt_krb5_principal.  Object identifier for a krb5_principal. Do not use. */
+    {10, "\052\206\110\206\367\022\001\002\002\002"},
+    {NO_CI_FLAGS_X_OID_LENGTH, NO_CI_FLAGS_X_OID},
+    /* this is an inquire cred OID */
+    {GET_CRED_IMPERSONATOR_OID_LENGTH, GET_CRED_IMPERSONATOR_OID},
+    /* GSS_KRB5_NT_ENTERPRISE_NAME */
+    {10, "\052\206\110\206\367\022\001\002\002\006"},
+    /* GSS_KRB5_NT_X509_CERT */
+    {10, "\052\206\110\206\367\022\001\002\002\007"},
+    { 0, 0 }
+};
+
+#define kg_oids ((gss_OID)krb5_gss_oid_array)
+
+const gss_OID gss_mech_krb5             = &kg_oids[0];
+const gss_OID gss_mech_krb5_old         = &kg_oids[1];
+const gss_OID gss_mech_krb5_wrong       = &kg_oids[2];
+const gss_OID gss_mech_iakerb           = &kg_oids[3];
+
+
+const gss_OID gss_nt_krb5_name                  = &kg_oids[5];
+const gss_OID gss_nt_krb5_principal             = &kg_oids[6];
+const gss_OID GSS_KRB5_NT_PRINCIPAL_NAME        = &kg_oids[5];
+
+const gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X       = &kg_oids[7];
+const gss_OID GSS_KRB5_GET_CRED_IMPERSONATOR    = &kg_oids[8];
+const gss_OID GSS_KRB5_NT_ENTERPRISE_NAME       = &kg_oids[9];
+const gss_OID GSS_KRB5_NT_X509_CERT             = &kg_oids[10];
+
+static const gss_OID_set_desc oidsets[] = {
+    {1, &kg_oids[0]}, /* RFC OID */
+    {1, &kg_oids[1]}, /* pre-RFC OID */
+    {3, &kg_oids[0]}, /* all names for krb5 mech */
+    {4, &kg_oids[0]}, /* all krb5 names and IAKERB */
+};
+
+#define kg_oidsets ((gss_OID_set)oidsets)
+
+const gss_OID_set gss_mech_set_krb5             = &kg_oidsets[0];
+const gss_OID_set gss_mech_set_krb5_old         = &kg_oidsets[1];
+const gss_OID_set gss_mech_set_krb5_both        = &kg_oidsets[2];
+const gss_OID_set kg_all_mechs                  = &kg_oidsets[3];
+
+g_set kg_vdb = G_SET_INIT;
+
+/** default credential support */
+
+/*
+ * init_sec_context() will explicitly re-acquire default credentials,
+ * so handling the expiration/invalidation condition here isn't needed.
+ */
+OM_uint32
+kg_get_defcred(minor_status, cred)
+    OM_uint32 *minor_status;
+    gss_cred_id_t *cred;
+{
+    OM_uint32 major;
+
+    if ((major = krb5_gss_acquire_cred(minor_status,
+                                       (gss_name_t) NULL, GSS_C_INDEFINITE,
+                                       GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+                                       cred, NULL, NULL)) && GSS_ERROR(major)) {
+        return(major);
+    }
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+
+OM_uint32
+kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status)
+{
+    OM_uint32 err = 0;
+
+    /*
+     * Sync up the context ccache name with the GSSAPI ccache name.
+     * If kg_ccache_name is NULL -- normal unless someone has called
+     * gss_krb5_ccache_name() -- then the system default ccache will
+     * be picked up and used by resetting the context default ccache.
+     * This is needed for platforms which support multiple ccaches.
+     */
+
+    if (!err) {
+        /* if NULL, resets the context default ccache */
+        err = krb5_cc_set_default_name(context,
+                                       (char *) k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME));
+    }
+
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+
+/* This function returns whether or not the caller set a cccache name.  Used by
+ * gss_acquire_cred to figure out if the caller wants to only look at this
+ * ccache or search the cache collection for the desired name */
+OM_uint32
+kg_caller_provided_ccache_name (OM_uint32 *minor_status,
+                                int *out_caller_provided_name)
+{
+    if (out_caller_provided_name) {
+        *out_caller_provided_name =
+            (k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME) != NULL);
+    }
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+kg_get_ccache_name(OM_uint32 *minor_status, char **out_name)
+{
+    char *kg_ccache_name;
+    const char *def_name;
+    OM_uint32 err;
+    krb5_context context;
+
+    *out_name = NULL;
+
+    kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME);
+    if (kg_ccache_name != NULL) {
+        *out_name = strdup(kg_ccache_name);
+        err = (*out_name == NULL) ? ENOMEM : 0;
+    } else {
+        /* Use the default ccache name. */
+        err = krb5_gss_init_context(&context);
+        if (err)
+            goto cleanup;
+        def_name = krb5_cc_default_name(context);
+        *out_name = (def_name != NULL) ? strdup(def_name) : NULL;
+        err = (*out_name == NULL) ? ENOMEM : 0;
+        krb5_free_context(context);
+    }
+
+cleanup:
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
+
+OM_uint32
+kg_set_ccache_name (OM_uint32 *minor_status, const char *name)
+{
+    char *new_name = NULL;
+    char *swap = NULL;
+    char *kg_ccache_name;
+    krb5_error_code kerr;
+
+    if (name) {
+        new_name = strdup(name);
+        if (new_name == NULL) {
+            *minor_status = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+    }
+
+    kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME);
+    swap = kg_ccache_name;
+    kg_ccache_name = new_name;
+    new_name = swap;
+    kerr = k5_setspecific(K5_KEY_GSS_KRB5_CCACHE_NAME, kg_ccache_name);
+    if (kerr != 0) {
+        /* Can't store, so free up the storage.  */
+        free(kg_ccache_name);
+        /* ??? free(new_name); */
+        *minor_status = kerr;
+        return GSS_S_FAILURE;
+    }
+
+    free (new_name);
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+#define g_OID_prefix_equal(o1, o2)                                      \
+    (((o1)->length >= (o2)->length) &&                                  \
+     (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
+
+/*
+ * gss_inquire_sec_context_by_oid() methods
+ */
+static struct {
+    gss_OID_desc oid;
+    OM_uint32 (*func)(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *);
+} krb5_gss_inquire_sec_context_by_oid_ops[] = {
+    {
+        {GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID},
+        gss_krb5int_get_tkt_flags
+    },
+    {
+        {GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID},
+        gss_krb5int_extract_authz_data_from_sec_context
+    },
+    {
+        {GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID},
+        gss_krb5int_inq_sspi_session_key
+    },
+    {
+        {GSS_KRB5_INQ_ODBC_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_ODBC_SESSION_KEY_OID},
+        gss_krb5int_inq_odbc_session_key
+    },
+    {
+        {GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID},
+        gss_krb5int_export_lucid_sec_context
+    },
+    {
+        {GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID},
+        gss_krb5int_extract_authtime_from_sec_context
+    },
+    {
+        {GET_SEC_CONTEXT_SASL_SSF_OID_LENGTH, GET_SEC_CONTEXT_SASL_SSF_OID},
+        gss_krb5int_sec_context_sasl_ssf
+    }
+};
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
+                                     const gss_ctx_id_t context_handle,
+                                     const gss_OID desired_object,
+                                     gss_buffer_set_t *data_set)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    size_t i;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    if (desired_object == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (data_set == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *data_set = GSS_C_NO_BUFFER_SET;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    if (ctx->terminated || !ctx->established)
+        return GSS_S_NO_CONTEXT;
+
+    for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
+             sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
+            return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
+                                                                      context_handle,
+                                                                      desired_object,
+                                                                      data_set);
+        }
+    }
+
+    *minor_status = EINVAL;
+
+    return GSS_S_UNAVAILABLE;
+}
+
+/*
+ * gss_inquire_cred_by_oid() methods
+ */
+
+static struct {
+    gss_OID_desc oid;
+    OM_uint32 (*func)(OM_uint32 *, const gss_cred_id_t, const gss_OID, gss_buffer_set_t *);
+} krb5_gss_inquire_cred_by_oid_ops[] = {
+    {
+        {GET_CRED_IMPERSONATOR_OID_LENGTH, GET_CRED_IMPERSONATOR_OID},
+        gss_krb5int_get_cred_impersonator
+    }
+};
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status,
+                             const gss_cred_id_t cred_handle,
+                             const gss_OID desired_object,
+                             gss_buffer_set_t *data_set)
+{
+    OM_uint32 major_status = GSS_S_FAILURE;
+    size_t i;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    if (desired_object == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (data_set == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *data_set = GSS_C_NO_BUFFER_SET;
+    if (cred_handle == GSS_C_NO_CREDENTIAL) {
+        *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED;
+        return GSS_S_NO_CRED;
+    }
+
+    major_status = krb5_gss_validate_cred(minor_status, cred_handle);
+    if (GSS_ERROR(major_status))
+        return major_status;
+
+    for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
+             sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
+            return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
+                                                               cred_handle,
+                                                               desired_object,
+                                                               data_set);
+        }
+    }
+
+    *minor_status = EINVAL;
+
+    return GSS_S_UNAVAILABLE;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_set_sec_context_option (OM_uint32 *minor_status,
+                                 gss_ctx_id_t *context_handle,
+                                 const gss_OID desired_object,
+                                 const gss_buffer_t value)
+{
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    if (context_handle == NULL)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (desired_object == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    *minor_status = EINVAL;
+
+    return GSS_S_UNAVAILABLE;
+}
+
+static OM_uint32
+no_ci_flags(OM_uint32 *minor_status,
+            gss_cred_id_t *cred_handle,
+            const gss_OID desired_oid,
+            const gss_buffer_t value)
+{
+    krb5_gss_cred_id_t cred;
+
+    cred = (krb5_gss_cred_id_t) *cred_handle;
+    cred->suppress_ci_flags = 1;
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+/*
+ * gssspi_set_cred_option() methods
+ */
+static struct {
+    gss_OID_desc oid;
+    OM_uint32 (*func)(OM_uint32 *, gss_cred_id_t *, const gss_OID, const gss_buffer_t);
+} krb5_gssspi_set_cred_option_ops[] = {
+    {
+        {GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID},
+        gss_krb5int_copy_ccache
+    },
+    {
+        {GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID},
+        gss_krb5int_set_allowable_enctypes
+    },
+    {
+        {GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID},
+        gss_krb5int_set_cred_rcache
+    },
+    {
+        {GSS_KRB5_IMPORT_CRED_OID_LENGTH, GSS_KRB5_IMPORT_CRED_OID},
+        gss_krb5int_import_cred
+    },
+    {
+        {NO_CI_FLAGS_X_OID_LENGTH, NO_CI_FLAGS_X_OID},
+        no_ci_flags
+    },
+};
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gssspi_set_cred_option(OM_uint32 *minor_status,
+                            gss_cred_id_t *cred_handle,
+                            const gss_OID desired_object,
+                            const gss_buffer_t value)
+{
+    OM_uint32 major_status = GSS_S_FAILURE;
+    size_t i;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (cred_handle == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    if (desired_object == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (*cred_handle != GSS_C_NO_CREDENTIAL) {
+        major_status = krb5_gss_validate_cred(minor_status, *cred_handle);
+        if (GSS_ERROR(major_status))
+            return major_status;
+    }
+
+    for (i = 0; i < sizeof(krb5_gssspi_set_cred_option_ops)/
+             sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
+            return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
+                                                              cred_handle,
+                                                              desired_object,
+                                                              value);
+        }
+    }
+
+    *minor_status = EINVAL;
+
+    return GSS_S_UNAVAILABLE;
+}
+
+/*
+ * gssspi_mech_invoke() methods
+ */
+static struct {
+    gss_OID_desc oid;
+    OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t);
+} krb5_gssspi_mech_invoke_ops[] = {
+    {
+        {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID},
+        gss_krb5int_register_acceptor_identity
+    },
+    {
+        {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID},
+        gss_krb5int_ccache_name
+    },
+    {
+        {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID},
+        gss_krb5int_free_lucid_sec_context
+    },
+#ifndef _WIN32
+    {
+        {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID},
+        krb5int_gss_use_kdc_context
+    },
+#endif
+};
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
+                         const gss_OID desired_mech,
+                         const gss_OID desired_object,
+                         gss_buffer_t value)
+{
+    size_t i;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    if (desired_mech == GSS_C_NO_OID)
+        return GSS_S_BAD_MECH;
+
+    if (desired_object == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
+             sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
+        if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
+            return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
+                                                          desired_mech,
+                                                          desired_object,
+                                                          value);
+        }
+    }
+
+    *minor_status = EINVAL;
+
+    return GSS_S_UNAVAILABLE;
+}
+
+#define GS2_KRB5_SASL_NAME        "GS2-KRB5"
+#define GS2_KRB5_SASL_NAME_LEN    (sizeof(GS2_KRB5_SASL_NAME) - 1)
+
+#define GS2_IAKERB_SASL_NAME      "GS2-IAKERB"
+#define GS2_IAKERB_SASL_NAME_LEN  (sizeof(GS2_IAKERB_SASL_NAME) - 1)
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
+                                   const gss_buffer_t sasl_mech_name,
+                                   gss_OID *mech_type)
+{
+    *minor_status = 0;
+
+    if (sasl_mech_name->length == GS2_KRB5_SASL_NAME_LEN &&
+        memcmp(sasl_mech_name->value,
+               GS2_KRB5_SASL_NAME, GS2_KRB5_SASL_NAME_LEN) == 0) {
+        if (mech_type != NULL)
+            *mech_type = (gss_OID)gss_mech_krb5;
+        return GSS_S_COMPLETE;
+    } else if (sasl_mech_name->length == GS2_IAKERB_SASL_NAME_LEN &&
+               memcmp(sasl_mech_name->value,
+                      GS2_IAKERB_SASL_NAME, GS2_IAKERB_SASL_NAME_LEN) == 0) {
+        if (mech_type != NULL)
+            *mech_type = (gss_OID)gss_mech_iakerb;
+        return GSS_S_COMPLETE;
+    }
+
+    return GSS_S_BAD_MECH;
+}
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
+                                   const gss_OID desired_mech,
+                                   gss_buffer_t sasl_mech_name,
+                                   gss_buffer_t mech_name,
+                                   gss_buffer_t mech_description)
+{
+    if (g_OID_equal(desired_mech, gss_mech_iakerb)) {
+        if (!g_make_string_buffer(GS2_IAKERB_SASL_NAME, sasl_mech_name) ||
+            !g_make_string_buffer("iakerb", mech_name) ||
+            !g_make_string_buffer("Initial and Pass Through Authentication "
+                                  "Kerberos Mechanism (IAKERB)",
+                                  mech_description))
+            goto fail;
+    } else {
+        if (!g_make_string_buffer(GS2_KRB5_SASL_NAME, sasl_mech_name) ||
+            !g_make_string_buffer("krb5", mech_name) ||
+            !g_make_string_buffer("Kerberos 5 GSS-API Mechanism",
+                                  mech_description))
+            goto fail;
+    }
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+
+fail:
+    *minor_status = ENOMEM;
+    return GSS_S_FAILURE;
+}
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_attrs_for_mech(OM_uint32 *minor_status,
+                                gss_const_OID mech,
+                                gss_OID_set *mech_attrs,
+                                gss_OID_set *known_mech_attrs)
+{
+    OM_uint32 major, tmpMinor;
+
+    if (mech_attrs == NULL) {
+        *minor_status = 0;
+        return GSS_S_COMPLETE;
+    }
+
+    major = gss_create_empty_oid_set(minor_status, mech_attrs);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+#define MA_SUPPORTED(ma)    do {                                        \
+        major = gss_add_oid_set_member(minor_status, (gss_OID)ma,       \
+                                       mech_attrs);                     \
+        if (GSS_ERROR(major))                                           \
+            goto cleanup;                                               \
+    } while (0)
+
+    MA_SUPPORTED(GSS_C_MA_MECH_CONCRETE);
+    MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED);
+    MA_SUPPORTED(GSS_C_MA_AUTH_INIT);
+    MA_SUPPORTED(GSS_C_MA_AUTH_TARG);
+    MA_SUPPORTED(GSS_C_MA_DELEG_CRED);
+    MA_SUPPORTED(GSS_C_MA_INTEG_PROT);
+    MA_SUPPORTED(GSS_C_MA_CONF_PROT);
+    MA_SUPPORTED(GSS_C_MA_MIC);
+    MA_SUPPORTED(GSS_C_MA_WRAP);
+    MA_SUPPORTED(GSS_C_MA_PROT_READY);
+    MA_SUPPORTED(GSS_C_MA_REPLAY_DET);
+    MA_SUPPORTED(GSS_C_MA_OOS_DET);
+    MA_SUPPORTED(GSS_C_MA_CBINDINGS);
+    MA_SUPPORTED(GSS_C_MA_CTX_TRANS);
+
+    if (g_OID_equal(mech, gss_mech_iakerb)) {
+        MA_SUPPORTED(GSS_C_MA_AUTH_INIT_INIT);
+        MA_SUPPORTED(GSS_C_MA_NOT_DFLT_MECH);
+    } else if (!g_OID_equal(mech, gss_mech_krb5)) {
+        MA_SUPPORTED(GSS_C_MA_DEPRECATED);
+    }
+
+cleanup:
+    if (GSS_ERROR(major))
+        gss_release_oid_set(&tmpMinor, mech_attrs);
+
+    return major;
+}
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gss_localname(OM_uint32 *minor,
+                   const gss_name_t pname,
+                   const gss_const_OID mech_type,
+                   gss_buffer_t localname)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    char lname[BUFSIZ];
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)pname;
+
+    code = krb5_aname_to_localname(context, kname->princ,
+                                   sizeof(lname), lname);
+    if (code != 0) {
+        *minor = KRB5_NO_LOCALNAME;
+        krb5_free_context(context);
+        return GSS_S_FAILURE;
+    }
+
+
+    krb5_free_context(context);
+    localname->value = gssalloc_strdup(lname);
+    localname->length = strlen(lname);
+
+    return GSS_S_COMPLETE;
+}
+
+
+static OM_uint32 KRB5_CALLCONV
+krb5_gss_authorize_localname(OM_uint32 *minor,
+                             const gss_name_t pname,
+                             gss_const_buffer_t local_user,
+                             gss_const_OID name_type)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    char *user;
+    int user_ok;
+
+    if (name_type != GSS_C_NO_OID &&
+        !g_OID_equal(name_type, GSS_C_NT_USER_NAME)) {
+        return GSS_S_BAD_NAMETYPE;
+    }
+
+    kname = (krb5_gss_name_t)pname;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor = code;
+        return GSS_S_FAILURE;
+    }
+
+    user = k5memdup0(local_user->value, local_user->length, &code);
+    if (user == NULL) {
+        *minor = code;
+        krb5_free_context(context);
+        return GSS_S_FAILURE;
+    }
+
+    user_ok = krb5_kuserok(context, kname->princ, user);
+
+    free(user);
+    krb5_free_context(context);
+
+    *minor = 0;
+    return user_ok ? GSS_S_COMPLETE : GSS_S_UNAUTHORIZED;
+}
+
+static struct gss_config krb5_mechanism = {
+    { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
+    NULL,
+    krb5_gss_acquire_cred,
+    krb5_gss_release_cred,
+    krb5_gss_init_sec_context,
+#ifdef LEAN_CLIENT
+    NULL,
+#else
+    krb5_gss_accept_sec_context,
+#endif
+    krb5_gss_process_context_token,
+    krb5_gss_delete_sec_context,
+    krb5_gss_context_time,
+    krb5_gss_get_mic,
+    krb5_gss_verify_mic,
+#if defined(IOV_SHIM_EXERCISE_WRAP) || defined(IOV_SHIM_EXERCISE)
+    NULL,
+#else
+    krb5_gss_wrap,
+#endif
+#if defined(IOV_SHIM_EXERCISE_UNWRAP) || defined(IOV_SHIM_EXERCISE)
+    NULL,
+#else
+    krb5_gss_unwrap,
+#endif
+    krb5_gss_display_status,
+    krb5_gss_indicate_mechs,
+    krb5_gss_compare_name,
+    krb5_gss_display_name,
+    krb5_gss_import_name,
+    krb5_gss_release_name,
+    krb5_gss_inquire_cred,
+    NULL,                /* add_cred */
+#ifdef LEAN_CLIENT
+    NULL,
+    NULL,
+#else
+    krb5_gss_export_sec_context,
+    krb5_gss_import_sec_context,
+#endif
+    krb5_gss_inquire_cred_by_mech,
+    krb5_gss_inquire_names_for_mech,
+    krb5_gss_inquire_context,
+    krb5_gss_internal_release_oid,
+    krb5_gss_wrap_size_limit,
+    krb5_gss_localname,
+
+    krb5_gss_authorize_localname,
+    krb5_gss_export_name,
+    krb5_gss_duplicate_name,
+    krb5_gss_store_cred,
+    krb5_gss_inquire_sec_context_by_oid,
+    krb5_gss_inquire_cred_by_oid,
+    krb5_gss_set_sec_context_option,
+    krb5_gssspi_set_cred_option,
+    krb5_gssspi_mech_invoke,
+    NULL,                /* wrap_aead */
+    NULL,                /* unwrap_aead */
+    krb5_gss_wrap_iov,
+    krb5_gss_unwrap_iov,
+    krb5_gss_wrap_iov_length,
+    NULL,               /* complete_auth_token */
+    krb5_gss_acquire_cred_impersonate_name,
+    NULL,               /* krb5_gss_add_cred_impersonate_name */
+    NULL,               /* display_name_ext */
+    krb5_gss_inquire_name,
+    krb5_gss_get_name_attribute,
+    krb5_gss_set_name_attribute,
+    krb5_gss_delete_name_attribute,
+    krb5_gss_export_name_composite,
+    krb5_gss_map_name_to_any,
+    krb5_gss_release_any_name_mapping,
+    krb5_gss_pseudo_random,
+    NULL,               /* set_neg_mechs */
+    krb5_gss_inquire_saslname_for_mech,
+    krb5_gss_inquire_mech_for_saslname,
+    krb5_gss_inquire_attrs_for_mech,
+    krb5_gss_acquire_cred_from,
+    krb5_gss_store_cred_into,
+    krb5_gss_acquire_cred_with_password,
+    krb5_gss_export_cred,
+    krb5_gss_import_cred,
+    NULL,               /* import_sec_context_by_mech */
+    NULL,               /* import_name_by_mech */
+    NULL,               /* import_cred_by_mech */
+    krb5_gss_get_mic_iov,
+    krb5_gss_verify_mic_iov,
+    krb5_gss_get_mic_iov_length,
+};
+
+/* Functions which use security contexts or acquire creds are IAKERB-specific;
+ * other functions can borrow from the krb5 mech. */
+static struct gss_config iakerb_mechanism = {
+    { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
+    NULL,
+    iakerb_gss_acquire_cred,
+    krb5_gss_release_cred,
+    iakerb_gss_init_sec_context,
+#ifdef LEAN_CLIENT
+    NULL,
+#else
+    iakerb_gss_accept_sec_context,
+#endif
+    iakerb_gss_process_context_token,
+    iakerb_gss_delete_sec_context,
+    iakerb_gss_context_time,
+    iakerb_gss_get_mic,
+    iakerb_gss_verify_mic,
+#if defined(IOV_SHIM_EXERCISE_WRAP) || defined(IOV_SHIM_EXERCISE)
+    NULL,
+#else
+    iakerb_gss_wrap,
+#endif
+#if defined(IOV_SHIM_EXERCISE_UNWRAP) || defined(IOV_SHIM_EXERCISE)
+    NULL,
+#else
+    iakerb_gss_unwrap,
+#endif
+    krb5_gss_display_status,
+    krb5_gss_indicate_mechs,
+    krb5_gss_compare_name,
+    krb5_gss_display_name,
+    krb5_gss_import_name,
+    krb5_gss_release_name,
+    krb5_gss_inquire_cred,
+    NULL,                /* add_cred */
+#ifdef LEAN_CLIENT
+    NULL,
+    NULL,
+#else
+    iakerb_gss_export_sec_context,
+    iakerb_gss_import_sec_context,
+#endif
+    krb5_gss_inquire_cred_by_mech,
+    krb5_gss_inquire_names_for_mech,
+    iakerb_gss_inquire_context,
+    krb5_gss_internal_release_oid,
+    iakerb_gss_wrap_size_limit,
+    krb5_gss_localname,
+    krb5_gss_authorize_localname,
+    krb5_gss_export_name,
+    krb5_gss_duplicate_name,
+    krb5_gss_store_cred,
+    iakerb_gss_inquire_sec_context_by_oid,
+    krb5_gss_inquire_cred_by_oid,
+    iakerb_gss_set_sec_context_option,
+    krb5_gssspi_set_cred_option,
+    krb5_gssspi_mech_invoke,
+    NULL,                /* wrap_aead */
+    NULL,                /* unwrap_aead */
+    iakerb_gss_wrap_iov,
+    iakerb_gss_unwrap_iov,
+    iakerb_gss_wrap_iov_length,
+    NULL,               /* complete_auth_token */
+    NULL,               /* acquire_cred_impersonate_name */
+    NULL,               /* add_cred_impersonate_name */
+    NULL,               /* display_name_ext */
+    krb5_gss_inquire_name,
+    krb5_gss_get_name_attribute,
+    krb5_gss_set_name_attribute,
+    krb5_gss_delete_name_attribute,
+    krb5_gss_export_name_composite,
+    krb5_gss_map_name_to_any,
+    krb5_gss_release_any_name_mapping,
+    iakerb_gss_pseudo_random,
+    NULL,               /* set_neg_mechs */
+    krb5_gss_inquire_saslname_for_mech,
+    krb5_gss_inquire_mech_for_saslname,
+    krb5_gss_inquire_attrs_for_mech,
+    iakerb_gss_acquire_cred_from,
+    krb5_gss_store_cred_into,
+    iakerb_gss_acquire_cred_with_password,
+    krb5_gss_export_cred,
+    krb5_gss_import_cred,
+    NULL,               /* import_sec_context_by_mech */
+    NULL,               /* import_name_by_mech */
+    NULL,               /* import_cred_by_mech */
+    iakerb_gss_get_mic_iov,
+    iakerb_gss_verify_mic_iov,
+    iakerb_gss_get_mic_iov_length,
+};
+
+#ifdef _GSS_STATIC_LINK
+#include "mglueP.h"
+static int gss_iakerbmechglue_init(void)
+{
+    struct gss_mech_config mech_iakerb;
+
+    memset(&mech_iakerb, 0, sizeof(mech_iakerb));
+    mech_iakerb.mech = &iakerb_mechanism;
+
+    mech_iakerb.mechNameStr = "iakerb";
+    mech_iakerb.mech_type = (gss_OID)gss_mech_iakerb;
+    gssint_register_mechinfo(&mech_iakerb);
+
+    return 0;
+}
+
+static int gss_krb5mechglue_init(void)
+{
+    struct gss_mech_config mech_krb5;
+
+    memset(&mech_krb5, 0, sizeof(mech_krb5));
+    mech_krb5.mech = &krb5_mechanism;
+
+    mech_krb5.mechNameStr = "kerberos_v5";
+    mech_krb5.mech_type = (gss_OID)gss_mech_krb5;
+    gssint_register_mechinfo(&mech_krb5);
+
+    mech_krb5.mechNameStr = "kerberos_v5_old";
+    mech_krb5.mech_type = (gss_OID)gss_mech_krb5_old;
+    gssint_register_mechinfo(&mech_krb5);
+
+    mech_krb5.mechNameStr = "mskrb";
+    mech_krb5.mech_type = (gss_OID)gss_mech_krb5_wrong;
+    gssint_register_mechinfo(&mech_krb5);
+
+    return 0;
+}
+#else
+MAKE_INIT_FUNCTION(gss_krb5int_lib_init);
+MAKE_FINI_FUNCTION(gss_krb5int_lib_fini);
+
+gss_mechanism KRB5_CALLCONV
+gss_mech_initialize(void)
+{
+    return &krb5_mechanism;
+}
+#endif /* _GSS_STATIC_LINK */
+
+int gss_krb5int_lib_init(void)
+{
+    int err;
+
+#ifdef SHOW_INITFINI_FUNCS
+    printf("gss_krb5int_lib_init\n");
+#endif
+
+    add_error_table(&et_k5g_error_table);
+
+#ifndef LEAN_CLIENT
+    err = k5_mutex_finish_init(&gssint_krb5_keytab_lock);
+    if (err)
+        return err;
+#endif /* LEAN_CLIENT */
+    err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free);
+    if (err)
+        return err;
+    err = k5_key_register(K5_KEY_GSS_KRB5_CCACHE_NAME, free);
+    if (err)
+        return err;
+    err = k5_key_register(K5_KEY_GSS_KRB5_ERROR_MESSAGE,
+                          krb5_gss_delete_error_info);
+    if (err)
+        return err;
+#ifndef _WIN32
+    err = k5_mutex_finish_init(&kg_kdc_flag_mutex);
+    if (err)
+        return err;
+    err = k5_mutex_finish_init(&kg_vdb.mutex);
+    if (err)
+        return err;
+#endif
+#ifdef _GSS_STATIC_LINK
+    err = gss_krb5mechglue_init();
+    if (err)
+        return err;
+    err = gss_iakerbmechglue_init();
+    if (err)
+        return err;
+#endif
+
+    return 0;
+}
+
+void gss_krb5int_lib_fini(void)
+{
+#ifndef _GSS_STATIC_LINK
+    if (!INITIALIZER_RAN(gss_krb5int_lib_init) || PROGRAM_EXITING()) {
+# ifdef SHOW_INITFINI_FUNCS
+        printf("gss_krb5int_lib_fini: skipping\n");
+# endif
+        return;
+    }
+#endif
+#ifdef SHOW_INITFINI_FUNCS
+    printf("gss_krb5int_lib_fini\n");
+#endif
+    remove_error_table(&et_k5g_error_table);
+
+    k5_key_delete(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME);
+    k5_key_delete(K5_KEY_GSS_KRB5_CCACHE_NAME);
+    k5_key_delete(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
+    k5_mutex_destroy(&kg_vdb.mutex);
+#ifndef _WIN32
+    k5_mutex_destroy(&kg_kdc_flag_mutex);
+#endif
+#ifndef LEAN_CLIENT
+    k5_mutex_destroy(&gssint_krb5_keytab_lock);
+#endif /* LEAN_CLIENT */
+}
+
+#ifdef _GSS_STATIC_LINK
+extern OM_uint32 gssint_lib_init(void);
+#endif
+
+OM_uint32 gss_krb5int_initialize_library (void)
+{
+#ifdef _GSS_STATIC_LINK
+    return gssint_mechglue_initialize_library();
+#else
+    return CALL_INIT_FUNCTION(gss_krb5int_lib_init);
+#endif
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.h b/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.h
new file mode 100644
index 00000000..8141f41d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.h
@@ -0,0 +1,305 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPI_KRB5_H_
+#define _GSSAPI_KRB5_H_
+
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+#include <krb5.h>
+#include <stdint.h>
+
+/* C++ friendlyness */
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
+
+/* 2.1.1. Kerberos Principal Name Form: */
+GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_PRINCIPAL_NAME;
+/* This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
+ * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
+
+/* 2.1.2. Host-Based Service Name Form */
+#define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
+/* This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) service_name(4)}.  The previously recommended symbolic
+ * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME".  The
+ * currently preferred symbolic name for this type is
+ * "GSS_C_NT_HOSTBASED_SERVICE". */
+
+/* 2.2.1. User Name Form */
+#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME
+/* This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) user_name(1)}.  The recommended symbolic name for this
+ * type is "GSS_KRB5_NT_USER_NAME". */
+
+/* 2.2.2. Machine UID Form */
+#define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME
+/* This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) machine_uid_name(2)}.  The recommended symbolic name for
+ * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */
+
+/* 2.2.3. String UID Form */
+#define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME
+/* This name form shall be represented by the Object Identifier {iso(1)
+ * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * generic(1) string_uid_name(3)}.  The recommended symbolic name for
+ * this type is "GSS_KRB5_NT_STRING_UID_NAME". */
+
+/* Kerberos Enterprise Name Form (see RFC 6806 section 5): */
+GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_ENTERPRISE_NAME;
+/* {iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * krb5(2) krb5-enterprise-name(6)}. */
+
+/* Kerberos X.509 DER-encoded certificate */
+GSS_DLLIMP extern const gss_OID GSS_KRB5_NT_X509_CERT;
+/* {iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * krb5(2) krb5-x509-cert(7)}. */
+
+GSS_DLLIMP extern const gss_OID gss_mech_krb5;
+GSS_DLLIMP extern const gss_OID gss_mech_krb5_old;
+GSS_DLLIMP extern const gss_OID gss_mech_krb5_wrong;
+GSS_DLLIMP extern const gss_OID gss_mech_iakerb;
+GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5;
+GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5_old;
+GSS_DLLIMP extern const gss_OID_set gss_mech_set_krb5_both;
+
+GSS_DLLIMP extern const gss_OID gss_nt_krb5_name;
+GSS_DLLIMP extern const gss_OID gss_nt_krb5_principal;
+
+GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[];
+
+/*
+ * This OID can be used with gss_set_cred_option() to suppress the
+ * confidentiality and integrity flags from being asserted in initial context
+ * tokens.
+ *
+ * iso(1) member-body(2) Sweden(752) Stockholm University(43) Heimdal GSS-API
+ * Extensions(13) no_ci_flags(29)
+ */
+GSS_DLLIMP extern const gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X;
+
+/*
+ * This OID can be used with gss_inquire_cred_by_oid(0 to retrieve the
+ * impersonator name (if any).
+ *
+ * iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
+ * krb5(2) krb5-gssapi-ext(5) get-cred-impersonator(14)
+ */
+GSS_DLLIMP extern const gss_OID GSS_KRB5_GET_CRED_IMPERSONATOR;
+
+#define gss_krb5_nt_general_name        gss_nt_krb5_name
+#define gss_krb5_nt_principal           gss_nt_krb5_principal
+#define gss_krb5_nt_service_name        gss_nt_service_name
+#define gss_krb5_nt_user_name           gss_nt_user_name
+#define gss_krb5_nt_machine_uid_name    gss_nt_machine_uid_name
+#define gss_krb5_nt_string_uid_name     gss_nt_string_uid_name
+
+typedef struct gss_krb5_lucid_key {
+    OM_uint32       type;           /* key encryption type */
+    OM_uint32       length;         /* length of key data */
+    void *          data;           /* actual key data */
+} gss_krb5_lucid_key_t;
+
+typedef struct gss_krb5_rfc1964_keydata {
+    OM_uint32       sign_alg;       /* signing algorithm */
+    OM_uint32       seal_alg;       /* seal/encrypt algorithm */
+    gss_krb5_lucid_key_t    ctx_key;
+    /* Context key
+       (Kerberos session key or subkey) */
+} gss_krb5_rfc1964_keydata_t;
+
+typedef struct gss_krb5_cfx_keydata {
+    OM_uint32               have_acceptor_subkey;
+    /* 1 if there is an acceptor_subkey
+       present, 0 otherwise */
+    gss_krb5_lucid_key_t    ctx_key;
+    /* Context key
+       (Kerberos session key or subkey) */
+    gss_krb5_lucid_key_t    acceptor_subkey;
+    /* acceptor-asserted subkey or
+       0's if no acceptor subkey */
+} gss_krb5_cfx_keydata_t;
+
+typedef struct gss_krb5_lucid_context_v1 {
+    OM_uint32       version;        /* Structure version number (1)
+                                       MUST be at beginning of struct! */
+    OM_uint32       initiate;       /* Are we the initiator? */
+    OM_uint32       endtime;        /* expiration time of context */
+    uint64_t        send_seq;       /* sender sequence number */
+    uint64_t        recv_seq;       /* receive sequence number */
+    OM_uint32       protocol;       /* 0: rfc1964,
+                                       1: draft-ietf-krb-wg-gssapi-cfx-07 */
+    /*
+     * if (protocol == 0) rfc1964_kd should be used
+     * and cfx_kd contents are invalid and should be zero
+     * if (protocol == 1) cfx_kd should be used
+     * and rfc1964_kd contents are invalid and should be zero
+     */
+    gss_krb5_rfc1964_keydata_t rfc1964_kd;
+    gss_krb5_cfx_keydata_t     cfx_kd;
+} gss_krb5_lucid_context_v1_t;
+
+/*
+ * Mask for determining the version of a lucid context structure.  Callers
+ * should not require this.
+ */
+typedef struct gss_krb5_lucid_context_version {
+    OM_uint32       version;        /* Structure version number */
+} gss_krb5_lucid_context_version_t;
+
+
+
+
+/* Alias for Heimdal compat. */
+#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity
+
+OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *);
+
+OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    krb5_flags *ticket_flags);
+
+/*
+ * Copy krb5 creds from cred_handle into out_ccache, which must already be
+ * initialized.  Use gss_store_cred_into() (new in krb5 1.11) instead, if
+ * possible.
+ */
+OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache(
+    OM_uint32 *minor_status,
+    gss_cred_id_t cred_handle,
+    krb5_ccache out_ccache);
+
+OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name(
+    OM_uint32 *minor_status, const char *name,
+    const char **out_name);
+
+/*
+ * gss_krb5_set_allowable_enctypes
+ *
+ * This function may be called by a context initiator after calling
+ * gss_acquire_cred(), but before calling gss_init_sec_context(),
+ * to restrict the set of enctypes which will be negotiated during
+ * context establishment to those in the provided array.
+ *
+ * 'cred' must be a valid credential handle obtained via
+ * gss_acquire_cred().  It may not be GSS_C_NO_CREDENTIAL.
+ * gss_acquire_cred() may have been called to get a handle to
+ * the default credential.
+ *
+ * The purpose of this function is to limit the keys that may
+ * be exported via gss_krb5_export_lucid_sec_context(); thus it
+ * should limit the enctypes of all keys that will be needed
+ * after the security context has been established.
+ * (i.e. context establishment may use a session key with a
+ * stronger enctype than in the provided array, however a
+ * subkey must be established within the enctype limits
+ * established by this function.)
+ *
+ */
+OM_uint32 KRB5_CALLCONV
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
+                                gss_cred_id_t cred,
+                                OM_uint32 num_ktypes,
+                                krb5_enctype *ktypes);
+
+/*
+ * Returns a non-opaque (lucid) version of the internal context
+ * information.
+ *
+ * Note that context_handle must not be used again by the caller
+ * after this call.  The GSS implementation is free to release any
+ * resources associated with the original context.  It is up to the
+ * GSS implementation whether it returns pointers to existing data,
+ * or copies of the data.  The caller should treat the returned
+ * lucid context as read-only.
+ *
+ * The caller must call gss_krb5_free_lucid_context() to free
+ * the context and allocated resources when it is finished with it.
+ *
+ * 'version' is an integer indicating the requested version of the lucid
+ * context.  If the implementation does not understand the requested version,
+ * it will return an error.
+ *
+ * For example:
+ *      void *return_ctx;
+ *      gss_krb5_lucid_context_v1_t *ctx;
+ *      OM_uint32 min_stat, maj_stat;
+ *      OM_uint32 vers;
+ *      gss_ctx_id_t *ctx_handle;
+ *
+ *      maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
+ *                      ctx_handle, 1, &return_ctx);
+ *      // Verify success
+ *      ctx = (gss_krb5_lucid_context_v1_t *) return_ctx;
+ */
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
+                                  gss_ctx_id_t *context_handle,
+                                  OM_uint32 version,
+                                  void **kctx);
+
+/*
+ * Frees the allocated storage associated with an
+ * exported struct gss_krb5_lucid_context.
+ */
+OM_uint32 KRB5_CALLCONV
+gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
+                                void *kctx);
+
+
+OM_uint32 KRB5_CALLCONV
+gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+                                            const gss_ctx_id_t context_handle,
+                                            int ad_type,
+                                            gss_buffer_t ad_data);
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_set_cred_rcache(OM_uint32 *minor_status,
+                         gss_cred_id_t cred,
+                         krb5_rcache rcache);
+
+OM_uint32 KRB5_CALLCONV
+gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, krb5_timestamp *);
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_import_cred(OM_uint32 *minor_status,
+                     krb5_ccache id,
+                     krb5_principal keytab_principal,
+                     krb5_keytab keytab,
+                     gss_cred_id_t *cred);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* _GSSAPI_KRB5_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c b/krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c
new file mode 100644
index 00000000..a0d298c4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c
@@ -0,0 +1,1310 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+#include "k5-int.h"
+#include "k5-der.h"
+#include "gssapiP_krb5.h"
+
+/*
+ * IAKERB implementation
+ */
+
+enum iakerb_state {
+    IAKERB_AS_REQ,      /* acquiring ticket with initial creds */
+    IAKERB_TGS_REQ,     /* acquiring ticket with TGT */
+    IAKERB_AP_REQ       /* hand-off to normal GSS AP-REQ exchange */
+};
+
+struct _iakerb_ctx_id_rec {
+    krb5_magic magic;                   /* KG_IAKERB_CONTEXT */
+    krb5_context k5c;
+    gss_cred_id_t defcred;              /* Initiator only */
+    enum iakerb_state state;            /* Initiator only */
+    krb5_init_creds_context icc;        /* Initiator only */
+    krb5_tkt_creds_context tcc;         /* Initiator only */
+    gss_ctx_id_t gssc;
+    krb5_data conv;                     /* conversation for checksumming */
+    unsigned int count;                 /* number of round trips */
+    int initiate;
+    int established;
+    krb5_get_init_creds_opt *gic_opts;
+};
+
+#define IAKERB_MAX_HOPS ( 16 /* MAX_IN_TKT_LOOPS */ + KRB5_REFERRAL_MAXHOPS )
+
+typedef struct _iakerb_ctx_id_rec iakerb_ctx_id_rec;
+typedef iakerb_ctx_id_rec *iakerb_ctx_id_t;
+
+/*
+ * Release an IAKERB context
+ */
+static void
+iakerb_release_context(iakerb_ctx_id_t ctx)
+{
+    OM_uint32 tmp;
+
+    if (ctx == NULL)
+        return;
+
+    krb5_gss_release_cred(&tmp, &ctx->defcred);
+    krb5_init_creds_free(ctx->k5c, ctx->icc);
+    krb5_tkt_creds_free(ctx->k5c, ctx->tcc);
+    krb5_gss_delete_sec_context(&tmp, &ctx->gssc, NULL);
+    krb5_free_data_contents(ctx->k5c, &ctx->conv);
+    krb5_get_init_creds_opt_free(ctx->k5c, ctx->gic_opts);
+    krb5_free_context(ctx->k5c);
+    free(ctx);
+}
+
+/*
+ * Create a IAKERB-FINISHED structure containing a checksum of
+ * the entire IAKERB exchange.
+ */
+krb5_error_code
+iakerb_make_finished(krb5_context context,
+                     krb5_key key,
+                     const krb5_data *conv,
+                     krb5_data **finished)
+{
+    krb5_error_code code;
+    krb5_iakerb_finished iaf;
+
+    *finished = NULL;
+
+    memset(&iaf, 0, sizeof(iaf));
+
+    if (key == NULL)
+        return KRB5KDC_ERR_NULL_KEY;
+
+    code = krb5_k_make_checksum(context, 0, key, KRB5_KEYUSAGE_IAKERB_FINISHED,
+                                conv, &iaf.checksum);
+    if (code != 0)
+        return code;
+
+    code = encode_krb5_iakerb_finished(&iaf, finished);
+
+    krb5_free_checksum_contents(context, &iaf.checksum);
+
+    return code;
+}
+
+/*
+ * Verify a IAKERB-FINISHED structure submitted by the initiator
+ */
+krb5_error_code
+iakerb_verify_finished(krb5_context context,
+                       krb5_key key,
+                       const krb5_data *conv,
+                       const krb5_data *finished)
+{
+    krb5_error_code code;
+    krb5_iakerb_finished *iaf;
+    krb5_boolean valid = FALSE;
+
+    if (key == NULL)
+        return KRB5KDC_ERR_NULL_KEY;
+
+    code = decode_krb5_iakerb_finished(finished, &iaf);
+    if (code != 0)
+        return code;
+
+    code = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_IAKERB_FINISHED,
+                                  conv, &iaf->checksum, &valid);
+    if (code == 0 && valid == FALSE)
+        code = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+    krb5_free_iakerb_finished(context, iaf);
+
+    return code;
+}
+
+/*
+ * Save a token for future checksumming.
+ */
+static krb5_error_code
+iakerb_save_token(iakerb_ctx_id_t ctx, const gss_buffer_t token)
+{
+    char *p;
+
+    p = realloc(ctx->conv.data, ctx->conv.length + token->length);
+    if (p == NULL)
+        return ENOMEM;
+
+    memcpy(p + ctx->conv.length, token->value, token->length);
+    ctx->conv.data = p;
+    ctx->conv.length += token->length;
+
+    return 0;
+}
+
+/*
+ * Parse a token into IAKERB-HEADER and KRB-KDC-REQ/REP
+ */
+static krb5_error_code
+iakerb_parse_token(iakerb_ctx_id_t ctx,
+                   int initialContextToken,
+                   const gss_buffer_t token,
+                   krb5_data *realm,
+                   krb5_data **cookie,
+                   krb5_data *request)
+{
+    krb5_error_code code;
+    krb5_iakerb_header *iah = NULL;
+    unsigned int bodysize;
+    uint8_t *body;
+    int flags = 0;
+    krb5_data data;
+    struct k5input in, seq;
+
+    if (token == GSS_C_NO_BUFFER || token->length == 0) {
+        code = KRB5_BAD_MSIZE;
+        goto cleanup;
+    }
+
+    if (initialContextToken)
+        flags |= G_VFY_TOKEN_HDR_WRAPPER_REQUIRED;
+
+    body = token->value;
+    code = g_verify_token_header(gss_mech_iakerb, &bodysize, &body,
+                                 IAKERB_TOK_PROXY, token->length, flags);
+    if (code != 0)
+        goto cleanup;
+
+    /* Find the end of the DER sequence tag and decode it (with the tag) as the
+     * IAKERB jeader. */
+    k5_input_init(&in, body, bodysize);
+    if (!k5_der_get_value(&in, 0x30, &seq)) {
+        code = ASN1_BAD_ID;
+        goto cleanup;
+    }
+    data = make_data(body, seq.ptr + seq.len - body);
+    code = decode_krb5_iakerb_header(&data, &iah);
+    if (code != 0)
+        goto cleanup;
+
+    if (realm != NULL) {
+        *realm = iah->target_realm;
+        iah->target_realm.data = NULL;
+    }
+
+    if (cookie != NULL) {
+        *cookie = iah->cookie;
+        iah->cookie = NULL;
+    }
+
+    /* The remainder of the token body is the request. */
+    *request = make_data((uint8_t *)in.ptr, in.len);
+    assert(request->data + request->length ==
+           (char *)token->value + token->length);
+
+cleanup:
+    krb5_free_iakerb_header(ctx->k5c, iah);
+
+    return code;
+}
+
+/*
+ * Create a token from IAKERB-HEADER and KRB-KDC-REQ/REP
+ */
+static krb5_error_code
+iakerb_make_token(iakerb_ctx_id_t ctx,
+                  krb5_data *realm,
+                  krb5_data *cookie,
+                  krb5_data *request,
+                  int initialContextToken,
+                  gss_buffer_t token)
+{
+    krb5_error_code code;
+    krb5_iakerb_header iah;
+    krb5_data *data = NULL;
+    char *p;
+    unsigned int tokenSize;
+    struct k5buf buf;
+
+    token->value = NULL;
+    token->length = 0;
+
+    /*
+     * Assemble the IAKERB-HEADER from the realm and cookie
+     */
+    iah.target_realm = *realm;
+    iah.cookie = cookie;
+
+    code = encode_krb5_iakerb_header(&iah, &data);
+    if (code != 0)
+        goto cleanup;
+
+    /*
+     * Concatenate Kerberos request.
+     */
+    p = realloc(data->data, data->length + request->length);
+    if (p == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+    data->data = p;
+
+    if (request->length > 0)
+        memcpy(data->data + data->length, request->data, request->length);
+    data->length += request->length;
+
+    if (initialContextToken)
+        tokenSize = g_token_size(gss_mech_iakerb, data->length);
+    else
+        tokenSize = 2 + data->length;
+
+    token->value = gssalloc_malloc(tokenSize);
+    if (token->value == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+    token->length = tokenSize;
+    k5_buf_init_fixed(&buf, token->value, token->length);
+
+    if (initialContextToken) {
+        g_make_token_header(&buf, gss_mech_iakerb, data->length,
+                            IAKERB_TOK_PROXY);
+    } else {
+        k5_buf_add_uint16_be(&buf, IAKERB_TOK_PROXY);
+    }
+    k5_buf_add_len(&buf, data->data, data->length);
+    assert(buf.len == token->length);
+
+cleanup:
+    krb5_free_data(ctx->k5c, data);
+
+    return code;
+}
+
+/*
+ * Parse the IAKERB token in input_token and send the contained KDC
+ * request to the KDC for the realm.
+ *
+ * Wrap the KDC reply in output_token.
+ */
+static krb5_error_code
+iakerb_acceptor_step(iakerb_ctx_id_t ctx,
+                     int initialContextToken,
+                     const gss_buffer_t input_token,
+                     gss_buffer_t output_token)
+{
+    krb5_error_code code;
+    krb5_data request = empty_data(), reply = empty_data();
+    krb5_data realm = empty_data();
+    OM_uint32 tmp;
+    int tcp_only, use_primary;
+    krb5_ui_4 kdc_code;
+
+    output_token->length = 0;
+    output_token->value = NULL;
+
+    if (ctx->count >= IAKERB_MAX_HOPS) {
+        code = KRB5_KDC_UNREACH;
+        goto cleanup;
+    }
+
+    code = iakerb_parse_token(ctx, initialContextToken, input_token, &realm,
+                              NULL, &request);
+    if (code != 0)
+        goto cleanup;
+
+    if (realm.length == 0 || request.length == 0) {
+        code = KRB5_BAD_MSIZE;
+        goto cleanup;
+    }
+
+    code = iakerb_save_token(ctx, input_token);
+    if (code != 0)
+        goto cleanup;
+
+    for (tcp_only = 0; tcp_only <= 1; tcp_only++) {
+        use_primary = 0;
+        code = krb5_sendto_kdc(ctx->k5c, &request, &realm,
+                               &reply, &use_primary, tcp_only);
+        if (code == 0 && krb5_is_krb_error(&reply)) {
+            krb5_error *error;
+
+            code = decode_krb5_error(&reply, &error);
+            if (code != 0)
+                goto cleanup;
+            kdc_code = error->error;
+            krb5_free_error(ctx->k5c, error);
+            if (kdc_code == KRB_ERR_RESPONSE_TOO_BIG) {
+                krb5_free_data_contents(ctx->k5c, &reply);
+                reply = empty_data();
+                continue;
+            }
+        }
+        break;
+    }
+
+    if (code == KRB5_KDC_UNREACH || code == KRB5_REALM_UNKNOWN) {
+        krb5_error error;
+
+        memset(&error, 0, sizeof(error));
+        if (code == KRB5_KDC_UNREACH)
+            error.error = KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE;
+        else if (code == KRB5_REALM_UNKNOWN)
+            error.error = KRB_AP_ERR_IAKERB_KDC_NOT_FOUND;
+
+        code = krb5_mk_error(ctx->k5c, &error, &reply);
+        if (code != 0)
+            goto cleanup;
+    } else if (code != 0)
+        goto cleanup;
+
+    code = iakerb_make_token(ctx, &realm, NULL, &reply, 0, output_token);
+    if (code != 0)
+        goto cleanup;
+
+    code = iakerb_save_token(ctx, output_token);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->count++;
+
+cleanup:
+    if (code != 0)
+        gss_release_buffer(&tmp, output_token);
+    /* request is a pointer into input_token, no need to free */
+    krb5_free_data_contents(ctx->k5c, &realm);
+    krb5_free_data_contents(ctx->k5c, &reply);
+
+    return code;
+}
+
+/*
+ * Initialise the krb5_init_creds context for the IAKERB context
+ */
+static krb5_error_code
+iakerb_init_creds_ctx(iakerb_ctx_id_t ctx,
+                      krb5_gss_cred_id_t cred,
+                      OM_uint32 time_req)
+{
+    krb5_error_code code;
+
+    if (cred->iakerb_mech == 0) {
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    assert(cred->name != NULL);
+    assert(cred->name->princ != NULL);
+
+    code = krb5_get_init_creds_opt_alloc(ctx->k5c, &ctx->gic_opts);
+    if (code != 0)
+        goto cleanup;
+
+    if (time_req != 0 && time_req != GSS_C_INDEFINITE)
+        krb5_get_init_creds_opt_set_tkt_life(ctx->gic_opts, time_req);
+
+    code = krb5_get_init_creds_opt_set_out_ccache(ctx->k5c, ctx->gic_opts,
+                                                  cred->ccache);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_init_creds_init(ctx->k5c,
+                                cred->name->princ,
+                                NULL,   /* prompter */
+                                NULL,   /* data */
+                                0,      /* start_time */
+                                ctx->gic_opts,
+                                &ctx->icc);
+    if (code != 0)
+        goto cleanup;
+
+    if (cred->password != NULL) {
+        code = krb5_init_creds_set_password(ctx->k5c, ctx->icc,
+                                            cred->password);
+    } else if (cred->client_keytab != NULL) {
+        code = krb5_init_creds_set_keytab(ctx->k5c, ctx->icc,
+                                          cred->client_keytab);
+    } else {
+        code = KRB5_KT_NOTFOUND;
+    }
+    if (code != 0)
+        goto cleanup;
+
+cleanup:
+    return code;
+}
+
+/*
+ * Initialise the krb5_tkt_creds context for the IAKERB context
+ */
+static krb5_error_code
+iakerb_tkt_creds_ctx(iakerb_ctx_id_t ctx,
+                     krb5_gss_cred_id_t cred,
+                     krb5_gss_name_t name,
+                     OM_uint32 time_req)
+
+{
+    krb5_error_code code;
+    krb5_creds creds;
+    krb5_timestamp now;
+
+    assert(cred->name != NULL);
+    assert(cred->name->princ != NULL);
+
+    memset(&creds, 0, sizeof(creds));
+
+    creds.client = cred->name->princ;
+    creds.server = name->princ;
+
+    if (time_req != 0 && time_req != GSS_C_INDEFINITE) {
+        code = krb5_timeofday(ctx->k5c, &now);
+        if (code != 0)
+            goto cleanup;
+
+        creds.times.endtime = ts_incr(now, time_req);
+    }
+
+    if (cred->name->ad_context != NULL) {
+        code = krb5_authdata_export_authdata(ctx->k5c,
+                                             cred->name->ad_context,
+                                             AD_USAGE_TGS_REQ,
+                                             &creds.authdata);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5_tkt_creds_init(ctx->k5c, cred->ccache, &creds, 0, &ctx->tcc);
+    if (code != 0)
+        goto cleanup;
+
+cleanup:
+    krb5_free_authdata(ctx->k5c, creds.authdata);
+
+    return code;
+}
+
+/*
+ * Parse the IAKERB token in input_token and process the KDC
+ * response.
+ *
+ * Emit the next KDC request, if any, in output_token.
+ */
+static krb5_error_code
+iakerb_initiator_step(iakerb_ctx_id_t ctx,
+                      krb5_gss_cred_id_t cred,
+                      krb5_gss_name_t name,
+                      OM_uint32 time_req,
+                      const gss_buffer_t input_token,
+                      gss_buffer_t output_token)
+{
+    krb5_error_code code = 0;
+    krb5_data in = empty_data(), out = empty_data(), realm = empty_data();
+    krb5_data *cookie = NULL;
+    OM_uint32 tmp;
+    unsigned int flags = 0;
+    krb5_ticket_times times;
+
+    output_token->length = 0;
+    output_token->value = NULL;
+
+    if (input_token != GSS_C_NO_BUFFER) {
+        code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
+        if (code != 0)
+            goto cleanup;
+
+        code = iakerb_save_token(ctx, input_token);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    switch (ctx->state) {
+    case IAKERB_AS_REQ:
+        if (ctx->icc == NULL) {
+            code = iakerb_init_creds_ctx(ctx, cred, time_req);
+            if (code != 0)
+                goto cleanup;
+        }
+
+        code = krb5_init_creds_step(ctx->k5c, ctx->icc, &in, &out, &realm,
+                                    &flags);
+        if (code != 0) {
+            if (cred->have_tgt) {
+                /* We were trying to refresh; keep going with current creds. */
+                ctx->state = IAKERB_TGS_REQ;
+                krb5_clear_error_message(ctx->k5c);
+            } else {
+                goto cleanup;
+            }
+        } else if (!(flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE)) {
+            krb5_init_creds_get_times(ctx->k5c, ctx->icc, &times);
+            kg_cred_set_initial_refresh(ctx->k5c, cred, &times);
+            cred->expire = times.endtime;
+
+            krb5_init_creds_free(ctx->k5c, ctx->icc);
+            ctx->icc = NULL;
+
+            ctx->state = IAKERB_TGS_REQ;
+        } else
+            break;
+        in = empty_data();
+        /* Done with AS request; fall through to TGS request. */
+    case IAKERB_TGS_REQ:
+        if (ctx->tcc == NULL) {
+            code = iakerb_tkt_creds_ctx(ctx, cred, name, time_req);
+            if (code != 0)
+                goto cleanup;
+        }
+
+        code = krb5_tkt_creds_step(ctx->k5c, ctx->tcc, &in, &out, &realm,
+                                   &flags);
+        if (code != 0)
+            goto cleanup;
+        if (!(flags & KRB5_TKT_CREDS_STEP_FLAG_CONTINUE)) {
+            krb5_tkt_creds_get_times(ctx->k5c, ctx->tcc, &times);
+            cred->expire = times.endtime;
+
+            krb5_tkt_creds_free(ctx->k5c, ctx->tcc);
+            ctx->tcc = NULL;
+
+            ctx->state = IAKERB_AP_REQ;
+        } else
+            break;
+        /* Done with TGS request; fall through to AP request. */
+    case IAKERB_AP_REQ:
+        break;
+    }
+
+    if (out.length != 0) {
+        assert(ctx->state != IAKERB_AP_REQ);
+
+        code = iakerb_make_token(ctx, &realm, cookie, &out,
+                                 (input_token == GSS_C_NO_BUFFER),
+                                 output_token);
+        if (code != 0)
+            goto cleanup;
+
+        /* Save the token for generating a future checksum */
+        code = iakerb_save_token(ctx, output_token);
+        if (code != 0)
+            goto cleanup;
+
+        ctx->count++;
+    }
+
+cleanup:
+    if (code != 0)
+        gss_release_buffer(&tmp, output_token);
+    krb5_free_data(ctx->k5c, cookie);
+    krb5_free_data_contents(ctx->k5c, &out);
+    krb5_free_data_contents(ctx->k5c, &realm);
+
+    return code;
+}
+
+/*
+ * Determine the starting IAKERB state for a context. If we already
+ * have a ticket, we may not need to do IAKERB at all.
+ */
+static krb5_error_code
+iakerb_get_initial_state(iakerb_ctx_id_t ctx,
+                         krb5_gss_cred_id_t cred,
+                         krb5_gss_name_t target,
+                         OM_uint32 time_req,
+                         enum iakerb_state *state)
+{
+    krb5_creds in_creds, *out_creds = NULL;
+    krb5_error_code code;
+
+    memset(&in_creds, 0, sizeof(in_creds));
+
+    in_creds.client = cred->name->princ;
+    in_creds.server = target->princ;
+
+    if (cred->name->ad_context != NULL) {
+        code = krb5_authdata_export_authdata(ctx->k5c,
+                                             cred->name->ad_context,
+                                             AD_USAGE_TGS_REQ,
+                                             &in_creds.authdata);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    if (time_req != 0 && time_req != GSS_C_INDEFINITE) {
+        krb5_timestamp now;
+
+        code = krb5_timeofday(ctx->k5c, &now);
+        if (code != 0)
+            goto cleanup;
+
+        in_creds.times.endtime = ts_incr(now, time_req);
+    }
+
+    /* Make an AS request if we have no creds or it's time to refresh them. */
+    if (cred->expire == 0 || kg_cred_time_to_refresh(ctx->k5c, cred)) {
+        *state = IAKERB_AS_REQ;
+        code = 0;
+        goto cleanup;
+    }
+
+    code = krb5_get_credentials(ctx->k5c, KRB5_GC_CACHED, cred->ccache,
+                                &in_creds, &out_creds);
+    if (code == KRB5_CC_NOTFOUND || code == KRB5_CC_NOT_KTYPE) {
+        *state = cred->have_tgt ? IAKERB_TGS_REQ : IAKERB_AS_REQ;
+        code = 0;
+    } else if (code == 0) {
+        *state = IAKERB_AP_REQ;
+        krb5_free_creds(ctx->k5c, out_creds);
+    }
+
+cleanup:
+    krb5_free_authdata(ctx->k5c, in_creds.authdata);
+
+    return code;
+}
+
+/*
+ * Allocate and initialise an IAKERB context
+ */
+static krb5_error_code
+iakerb_alloc_context(iakerb_ctx_id_t *pctx, int initiate)
+{
+    iakerb_ctx_id_t ctx;
+    krb5_error_code code;
+
+    *pctx = NULL;
+
+    ctx = k5alloc(sizeof(*ctx), &code);
+    if (ctx == NULL)
+        goto cleanup;
+    ctx->defcred = GSS_C_NO_CREDENTIAL;
+    ctx->magic = KG_IAKERB_CONTEXT;
+    ctx->state = IAKERB_AS_REQ;
+    ctx->count = 0;
+    ctx->initiate = initiate;
+    ctx->established = 0;
+
+    code = krb5_gss_init_context(&ctx->k5c);
+    if (code != 0)
+        goto cleanup;
+
+    *pctx = ctx;
+
+cleanup:
+    if (code != 0)
+        iakerb_release_context(ctx);
+
+    return code;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_delete_sec_context(OM_uint32 *minor_status,
+                              gss_ctx_id_t *context_handle,
+                              gss_buffer_t output_token)
+{
+    iakerb_ctx_id_t iakerb_ctx = (iakerb_ctx_id_t)*context_handle;
+
+    if (output_token != GSS_C_NO_BUFFER) {
+        output_token->length = 0;
+        output_token->value = NULL;
+    }
+
+    *minor_status = 0;
+    *context_handle = GSS_C_NO_CONTEXT;
+    iakerb_release_context(iakerb_ctx);
+
+    return GSS_S_COMPLETE;
+}
+
+static krb5_boolean
+iakerb_is_iakerb_token(const gss_buffer_t token)
+{
+    krb5_error_code code;
+    unsigned int bodysize = token->length;
+    unsigned char *ptr = token->value;
+
+    code = g_verify_token_header(gss_mech_iakerb,
+                                 &bodysize, &ptr,
+                                 IAKERB_TOK_PROXY,
+                                 token->length, 0);
+
+    return (code == 0);
+}
+
+static void
+iakerb_make_exts(iakerb_ctx_id_t ctx, krb5_gss_ctx_ext_rec *exts)
+{
+    memset(exts, 0, sizeof(*exts));
+
+    if (ctx->conv.length != 0)
+        exts->iakerb.conv = &ctx->conv;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_accept_sec_context(OM_uint32 *minor_status,
+                              gss_ctx_id_t *context_handle,
+                              gss_cred_id_t verifier_cred_handle,
+                              gss_buffer_t input_token,
+                              gss_channel_bindings_t input_chan_bindings,
+                              gss_name_t *src_name,
+                              gss_OID *mech_type,
+                              gss_buffer_t output_token,
+                              OM_uint32 *ret_flags,
+                              OM_uint32 *time_rec,
+                              gss_cred_id_t *delegated_cred_handle)
+{
+    OM_uint32 major_status = GSS_S_FAILURE;
+    OM_uint32 code;
+    iakerb_ctx_id_t ctx;
+    int initialContextToken = (*context_handle == GSS_C_NO_CONTEXT);
+
+    if (initialContextToken) {
+        code = iakerb_alloc_context(&ctx, 0);
+        if (code != 0)
+            goto cleanup;
+
+    } else
+        ctx = (iakerb_ctx_id_t)*context_handle;
+
+    if (iakerb_is_iakerb_token(input_token)) {
+        if (ctx->gssc != GSS_C_NO_CONTEXT) {
+            /* We shouldn't get an IAKERB token now. */
+            code = G_WRONG_TOKID;
+            major_status = GSS_S_DEFECTIVE_TOKEN;
+            goto cleanup;
+        }
+        code = iakerb_acceptor_step(ctx, initialContextToken,
+                                    input_token, output_token);
+        if (code == (OM_uint32)KRB5_BAD_MSIZE)
+            major_status = GSS_S_DEFECTIVE_TOKEN;
+        if (code != 0)
+            goto cleanup;
+        if (initialContextToken) {
+            *context_handle = (gss_ctx_id_t)ctx;
+            ctx = NULL;
+        }
+        if (src_name != NULL)
+            *src_name = GSS_C_NO_NAME;
+        if (ret_flags != NULL)
+            *ret_flags = 0;
+        if (time_rec != NULL)
+            *time_rec = 0;
+        if (delegated_cred_handle != NULL)
+            *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+        major_status = GSS_S_CONTINUE_NEEDED;
+    } else {
+        krb5_gss_ctx_ext_rec exts;
+
+        iakerb_make_exts(ctx, &exts);
+
+        major_status = krb5_gss_accept_sec_context_ext(&code,
+                                                       &ctx->gssc,
+                                                       verifier_cred_handle,
+                                                       input_token,
+                                                       input_chan_bindings,
+                                                       src_name,
+                                                       NULL,
+                                                       output_token,
+                                                       ret_flags,
+                                                       time_rec,
+                                                       delegated_cred_handle,
+                                                       &exts);
+        if (major_status == GSS_S_COMPLETE)
+            ctx->established = 1;
+    }
+
+    if (mech_type != NULL)
+        *mech_type = gss_mech_iakerb;
+
+cleanup:
+    if (initialContextToken && GSS_ERROR(major_status)) {
+        iakerb_release_context(ctx);
+        *context_handle = GSS_C_NO_CONTEXT;
+    }
+
+    *minor_status = code;
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_init_sec_context(OM_uint32 *minor_status,
+                            gss_cred_id_t claimant_cred_handle,
+                            gss_ctx_id_t *context_handle,
+                            gss_name_t target_name,
+                            gss_OID mech_type,
+                            OM_uint32 req_flags,
+                            OM_uint32 time_req,
+                            gss_channel_bindings_t input_chan_bindings,
+                            gss_buffer_t input_token,
+                            gss_OID *actual_mech_type,
+                            gss_buffer_t output_token,
+                            OM_uint32 *ret_flags,
+                            OM_uint32 *time_rec)
+{
+    OM_uint32 major_status = GSS_S_FAILURE;
+    krb5_error_code code;
+    iakerb_ctx_id_t ctx;
+    krb5_gss_cred_id_t kcred;
+    krb5_gss_name_t kname;
+    krb5_boolean cred_locked = FALSE;
+    int initialContextToken = (*context_handle == GSS_C_NO_CONTEXT);
+
+    if (initialContextToken) {
+        code = iakerb_alloc_context(&ctx, 1);
+        if (code != 0) {
+            *minor_status = code;
+            goto cleanup;
+        }
+        if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
+            major_status = iakerb_gss_acquire_cred(minor_status, NULL,
+                                                   GSS_C_INDEFINITE,
+                                                   GSS_C_NULL_OID_SET,
+                                                   GSS_C_INITIATE,
+                                                   &ctx->defcred, NULL, NULL);
+            if (GSS_ERROR(major_status))
+                goto cleanup;
+            claimant_cred_handle = ctx->defcred;
+        }
+    } else {
+        ctx = (iakerb_ctx_id_t)*context_handle;
+        if (claimant_cred_handle == GSS_C_NO_CREDENTIAL)
+            claimant_cred_handle = ctx->defcred;
+    }
+
+    kname = (krb5_gss_name_t)target_name;
+
+    major_status = kg_cred_resolve(minor_status, ctx->k5c,
+                                   claimant_cred_handle, target_name);
+    if (GSS_ERROR(major_status))
+        goto cleanup;
+    cred_locked = TRUE;
+    kcred = (krb5_gss_cred_id_t)claimant_cred_handle;
+
+    major_status = GSS_S_FAILURE;
+
+    if (initialContextToken) {
+        code = iakerb_get_initial_state(ctx, kcred, kname, time_req,
+                                        &ctx->state);
+        if (code != 0) {
+            *minor_status = code;
+            goto cleanup;
+        }
+        *context_handle = (gss_ctx_id_t)ctx;
+    }
+
+    if (ctx->state != IAKERB_AP_REQ) {
+        /* We need to do IAKERB. */
+        code = iakerb_initiator_step(ctx,
+                                     kcred,
+                                     kname,
+                                     time_req,
+                                     input_token,
+                                     output_token);
+        if (code == KRB5_BAD_MSIZE)
+            major_status = GSS_S_DEFECTIVE_TOKEN;
+        if (code != 0) {
+            *minor_status = code;
+            goto cleanup;
+        }
+    }
+
+    if (ctx->state == IAKERB_AP_REQ) {
+        krb5_gss_ctx_ext_rec exts;
+
+        if (cred_locked) {
+            k5_mutex_unlock(&kcred->lock);
+            cred_locked = FALSE;
+        }
+
+        iakerb_make_exts(ctx, &exts);
+
+        if (ctx->gssc == GSS_C_NO_CONTEXT)
+            input_token = GSS_C_NO_BUFFER;
+
+        /* IAKERB is finished, or we skipped to Kerberos directly. */
+        major_status = krb5_gss_init_sec_context_ext(minor_status,
+                                                     (gss_cred_id_t) kcred,
+                                                     &ctx->gssc,
+                                                     target_name,
+                                                     (gss_OID)gss_mech_iakerb,
+                                                     req_flags,
+                                                     time_req,
+                                                     input_chan_bindings,
+                                                     input_token,
+                                                     NULL,
+                                                     output_token,
+                                                     ret_flags,
+                                                     time_rec,
+                                                     &exts);
+        if (major_status == GSS_S_COMPLETE)
+            ctx->established = 1;
+    } else {
+        if (ret_flags != NULL)
+            *ret_flags = 0;
+        if (time_rec != NULL)
+            *time_rec = 0;
+        major_status = GSS_S_CONTINUE_NEEDED;
+    }
+
+    if (actual_mech_type != NULL)
+        *actual_mech_type = gss_mech_iakerb;
+
+cleanup:
+    if (cred_locked)
+        k5_mutex_unlock(&kcred->lock);
+    if (initialContextToken && GSS_ERROR(major_status)) {
+        iakerb_release_context(ctx);
+        *context_handle = GSS_C_NO_CONTEXT;
+    }
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                  gss_buffer_t input_message_buffer,
+                  gss_buffer_t output_message_buffer, int *conf_state,
+                  gss_qop_t *qop_state)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_unwrap(minor_status, ctx->gssc, input_message_buffer,
+                           output_message_buffer, conf_state, qop_state);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                int conf_req_flag, gss_qop_t qop_req,
+                gss_buffer_t input_message_buffer, int *conf_state,
+                gss_buffer_t output_message_buffer)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_wrap(minor_status, ctx->gssc, conf_req_flag, qop_req,
+                         input_message_buffer, conf_state,
+                         output_message_buffer);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_process_context_token(OM_uint32 *minor_status,
+                                 const gss_ctx_id_t context_handle,
+                                 const gss_buffer_t token_buffer)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_DEFECTIVE_TOKEN;
+
+    return krb5_gss_process_context_token(minor_status, ctx->gssc,
+                                          token_buffer);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_context_time(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                        OM_uint32 *time_rec)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_context_time(minor_status, ctx->gssc, time_rec);
+}
+
+#ifndef LEAN_CLIENT
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_export_sec_context(OM_uint32 *minor_status,
+                              gss_ctx_id_t *context_handle,
+                              gss_buffer_t interprocess_token)
+{
+    OM_uint32 maj;
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)*context_handle;
+
+    /* We don't currently support exporting partially established contexts. */
+    if (!ctx->established)
+        return GSS_S_UNAVAILABLE;
+
+    maj = krb5_gss_export_sec_context(minor_status, &ctx->gssc,
+                                      interprocess_token);
+    if (ctx->gssc == GSS_C_NO_CONTEXT) {
+        iakerb_release_context(ctx);
+        *context_handle = GSS_C_NO_CONTEXT;
+    }
+    return maj;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_import_sec_context(OM_uint32 *minor_status,
+                              gss_buffer_t interprocess_token,
+                              gss_ctx_id_t *context_handle)
+{
+    OM_uint32 maj, tmpmin;
+    krb5_error_code code;
+    gss_ctx_id_t gssc;
+    krb5_gss_ctx_id_t kctx;
+    iakerb_ctx_id_t ctx;
+
+    maj = krb5_gss_import_sec_context(minor_status, interprocess_token, &gssc);
+    if (maj != GSS_S_COMPLETE)
+        return maj;
+    kctx = (krb5_gss_ctx_id_t)gssc;
+
+    if (!kctx->established) {
+        /* We don't currently support importing partially established
+         * contexts. */
+        krb5_gss_delete_sec_context(&tmpmin, &gssc, GSS_C_NO_BUFFER);
+        return GSS_S_FAILURE;
+    }
+
+    code = iakerb_alloc_context(&ctx, kctx->initiate);
+    if (code != 0) {
+        krb5_gss_delete_sec_context(&tmpmin, &gssc, GSS_C_NO_BUFFER);
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    ctx->gssc = gssc;
+    ctx->established = 1;
+    *context_handle = (gss_ctx_id_t)ctx;
+    return GSS_S_COMPLETE;
+}
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_context(OM_uint32 *minor_status,
+                           gss_ctx_id_t context_handle, gss_name_t *src_name,
+                           gss_name_t *targ_name, OM_uint32 *lifetime_rec,
+                           gss_OID *mech_type, OM_uint32 *ctx_flags,
+                           int *initiate, int *opened)
+{
+    OM_uint32 ret;
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (src_name != NULL)
+        *src_name = GSS_C_NO_NAME;
+    if (targ_name != NULL)
+        *targ_name = GSS_C_NO_NAME;
+    if (lifetime_rec != NULL)
+        *lifetime_rec = 0;
+    if (mech_type != NULL)
+        *mech_type = (gss_OID)gss_mech_iakerb;
+    if (ctx_flags != NULL)
+        *ctx_flags = 0;
+    if (initiate != NULL)
+        *initiate = ctx->initiate;
+    if (opened != NULL)
+        *opened = ctx->established;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_COMPLETE;
+
+    ret = krb5_gss_inquire_context(minor_status, ctx->gssc, src_name,
+                                   targ_name, lifetime_rec, mech_type,
+                                   ctx_flags, initiate, opened);
+
+    if (!ctx->established) {
+        /* Report IAKERB as the mech OID until the context is established. */
+        if (mech_type != NULL)
+            *mech_type = (gss_OID)gss_mech_iakerb;
+
+        /* We don't support exporting partially-established contexts. */
+        if (ctx_flags != NULL)
+            *ctx_flags &= ~GSS_C_TRANS_FLAG;
+    }
+
+    return ret;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_size_limit(OM_uint32 *minor_status,
+                           gss_ctx_id_t context_handle, int conf_req_flag,
+                           gss_qop_t qop_req, OM_uint32 req_output_size,
+                           OM_uint32 *max_input_size)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_wrap_size_limit(minor_status, ctx->gssc, conf_req_flag,
+                                    qop_req, req_output_size, max_input_size);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                   gss_qop_t qop_req, gss_buffer_t message_buffer,
+                   gss_buffer_t message_token)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_get_mic(minor_status, ctx->gssc, qop_req, message_buffer,
+                            message_token);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                      gss_buffer_t msg_buffer, gss_buffer_t token_buffer,
+                      gss_qop_t *qop_state)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_verify_mic(minor_status, ctx->gssc, msg_buffer,
+                               token_buffer, qop_state);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+                                      const gss_ctx_id_t context_handle,
+                                      const gss_OID desired_object,
+                                      gss_buffer_set_t *data_set)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_UNAVAILABLE;
+
+    return krb5_gss_inquire_sec_context_by_oid(minor_status, ctx->gssc,
+                                               desired_object, data_set);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_set_sec_context_option(OM_uint32 *minor_status,
+                                  gss_ctx_id_t *context_handle,
+                                  const gss_OID desired_object,
+                                  const gss_buffer_t value)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)*context_handle;
+
+    if (ctx == NULL || ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_UNAVAILABLE;
+
+    return krb5_gss_set_sec_context_option(minor_status, &ctx->gssc,
+                                           desired_object, value);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                    int conf_req_flag, gss_qop_t qop_req, int *conf_state,
+                    gss_iov_buffer_desc *iov, int iov_count)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_wrap_iov(minor_status, ctx->gssc, conf_req_flag, qop_req,
+                             conf_state, iov, iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                      int *conf_state, gss_qop_t *qop_state,
+                      gss_iov_buffer_desc *iov, int iov_count)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_unwrap_iov(minor_status, ctx->gssc, conf_state, qop_state,
+                               iov, iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov_length(OM_uint32 *minor_status,
+                           gss_ctx_id_t context_handle, int conf_req_flag,
+                           gss_qop_t qop_req, int *conf_state,
+                           gss_iov_buffer_desc *iov, int iov_count)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_wrap_iov_length(minor_status, ctx->gssc, conf_req_flag,
+                                    qop_req, conf_state, iov, iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                         int prf_key, const gss_buffer_t prf_in,
+                         ssize_t desired_output_len, gss_buffer_t prf_out)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_pseudo_random(minor_status, ctx->gssc, prf_key, prf_in,
+                                  desired_output_len, prf_out);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                       gss_qop_t qop_req, gss_iov_buffer_desc *iov,
+                       int iov_count)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_get_mic_iov(minor_status, ctx->gssc, qop_req, iov,
+                                iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+                          gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
+                          int iov_count)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_verify_mic_iov(minor_status, ctx->gssc, qop_state, iov,
+                                   iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov_length(OM_uint32 *minor_status,
+                              gss_ctx_id_t context_handle, gss_qop_t qop_req,
+                              gss_iov_buffer_desc *iov, int iov_count)
+{
+    iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+    if (ctx->gssc == GSS_C_NO_CONTEXT)
+        return GSS_S_NO_CONTEXT;
+
+    return krb5_gss_get_mic_iov_length(minor_status, ctx->gssc, qop_req, iov,
+                                       iov_count);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c
new file mode 100644
index 00000000..0bea5e6c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c
@@ -0,0 +1,644 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/import_cred.c - krb5 import_cred implementation */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-json.h"
+#include "gssapiP_krb5.h"
+
+/* Return the idx element of array if it is of type tid; otherwise return
+ * NULL.  The caller is responsible for checking the array length. */
+static k5_json_value
+check_element(k5_json_array array, size_t idx, k5_json_tid tid)
+{
+    k5_json_value v;
+
+    v = k5_json_array_get(array, idx);
+    return (k5_json_get_tid(v) == tid) ? v : NULL;
+}
+
+/* All of the json_to_x functions return 0 on success, -1 on failure (either
+ * from running out of memory or from defective input). */
+
+/* Convert a JSON value to a C string or to NULL. */
+static int
+json_to_optional_string(k5_json_value v, char **string_out)
+{
+    *string_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_STRING)
+        return -1;
+    *string_out = strdup(k5_json_string_utf8(v));
+    return (*string_out == NULL) ? -1 : 0;
+}
+
+/* Convert a JSON value to a principal or to NULL. */
+static int
+json_to_principal(krb5_context context, k5_json_value v,
+                  krb5_principal *princ_out)
+{
+    *princ_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_STRING)
+        return -1;
+    if (krb5_parse_name(context, k5_json_string_utf8(v), princ_out))
+        return -1;
+    return 0;
+}
+
+/* Convert a JSON value to a zero-terminated enctypes list or to NULL. */
+static int
+json_to_etypes(k5_json_value v, krb5_enctype **etypes_out)
+{
+    krb5_enctype *etypes = NULL;
+    k5_json_array array;
+    k5_json_number n;
+    size_t len, i;
+
+    *etypes_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    len = k5_json_array_length(array);
+    etypes = calloc(len + 1, sizeof(*etypes));
+    for (i = 0; i < len; i++) {
+        n = check_element(array, i, K5_JSON_TID_NUMBER);
+        if (n == NULL)
+            goto invalid;
+        etypes[i] = k5_json_number_value(n);
+    }
+    *etypes_out = etypes;
+    return 0;
+
+invalid:
+    free(etypes);
+    return -1;
+}
+
+/* Convert a JSON value to a krb5 GSS name or to NULL. */
+static int
+json_to_kgname(krb5_context context, k5_json_value v,
+               krb5_gss_name_t *name_out)
+{
+    k5_json_array array;
+    krb5_gss_name_t name = NULL;
+
+    *name_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    if (k5_json_array_length(array) != 3)
+        return -1;
+    name = calloc(1, sizeof(*name));
+    if (name == NULL)
+        return -1;
+    if (k5_mutex_init(&name->lock)) {
+        free(name);
+        return -1;
+    }
+
+    if (json_to_principal(context, k5_json_array_get(array, 0), &name->princ))
+        goto invalid;
+    if (json_to_optional_string(k5_json_array_get(array, 1), &name->service))
+        goto invalid;
+    if (json_to_optional_string(k5_json_array_get(array, 2), &name->host))
+        goto invalid;
+
+    *name_out = name;
+    return 0;
+
+invalid:
+    kg_release_name(context, &name);
+    return -1;
+}
+
+/* Convert a JSON value to a keytab handle or to NULL. */
+static int
+json_to_keytab(krb5_context context, k5_json_value v, krb5_keytab *keytab_out)
+{
+    *keytab_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_STRING)
+        return -1;
+    if (krb5_kt_resolve(context, k5_json_string_utf8(v), keytab_out))
+        return -1;
+    return 0;
+}
+
+/* Convert a JSON value to an rcache handle or to NULL. */
+static int
+json_to_rcache(krb5_context context, k5_json_value v, krb5_rcache *rcache_out)
+{
+    krb5_rcache rcache;
+
+    *rcache_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_STRING)
+        return -1;
+    if (k5_rc_resolve(context, (char *)k5_json_string_utf8(v), &rcache))
+        return -1;
+    *rcache_out = rcache;
+    return 0;
+}
+
+/* Convert a JSON value to a keyblock, filling in keyblock. */
+static int
+json_to_keyblock(k5_json_value v, krb5_keyblock *keyblock)
+{
+    k5_json_array array;
+    k5_json_number n;
+    k5_json_string s;
+    size_t len;
+
+    memset(keyblock, 0, sizeof(*keyblock));
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    if (k5_json_array_length(array) != 2)
+        return -1;
+
+    n = check_element(array, 0, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        return -1;
+    keyblock->enctype = k5_json_number_value(n);
+
+    s = check_element(array, 1, K5_JSON_TID_STRING);
+    if (s == NULL)
+        return -1;
+    if (k5_json_string_unbase64(s, &keyblock->contents, &len))
+        return -1;
+    keyblock->length = len;
+    keyblock->magic = KV5M_KEYBLOCK;
+    return 0;
+}
+
+/* Convert a JSON value to a krb5 address. */
+static int
+json_to_address(k5_json_value v, krb5_address **addr_out)
+{
+    k5_json_array array;
+    krb5_address *addr = NULL;
+    k5_json_number n;
+    k5_json_string s;
+    size_t len;
+
+    *addr_out = NULL;
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    if (k5_json_array_length(array) != 2)
+        return -1;
+
+    n = check_element(array, 0, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        return -1;
+    s = check_element(array, 1, K5_JSON_TID_STRING);
+    if (s == NULL)
+        return -1;
+
+    addr = malloc(sizeof(*addr));
+    if (addr == NULL)
+        return -1;
+    addr->addrtype = k5_json_number_value(n);
+    if (k5_json_string_unbase64(s, &addr->contents, &len)) {
+        free(addr);
+        return -1;
+    }
+    addr->length = len;
+    addr->magic = KV5M_ADDRESS;
+    *addr_out = addr;
+    return 0;
+}
+
+/* Convert a JSON value to a null-terminated list of krb5 addresses or to
+ * NULL. */
+static int
+json_to_addresses(krb5_context context, k5_json_value v,
+                  krb5_address ***addresses_out)
+{
+    k5_json_array array;
+    krb5_address **addrs = NULL;
+    size_t len, i;
+
+    *addresses_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    len = k5_json_array_length(array);
+    addrs = calloc(len + 1, sizeof(*addrs));
+    for (i = 0; i < len; i++) {
+        if (json_to_address(k5_json_array_get(array, i), &addrs[i]))
+            goto invalid;
+    }
+    addrs[i] = NULL;
+    *addresses_out = addrs;
+    return 0;
+
+invalid:
+    krb5_free_addresses(context, addrs);
+    return -1;
+}
+
+/* Convert a JSON value to an authdata element. */
+static int
+json_to_authdata_element(k5_json_value v, krb5_authdata **ad_out)
+{
+    k5_json_array array;
+    krb5_authdata *ad = NULL;
+    k5_json_number n;
+    k5_json_string s;
+    size_t len;
+
+    *ad_out = NULL;
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    if (k5_json_array_length(array) != 2)
+        return -1;
+
+    n = check_element(array, 0, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        return -1;
+    s = check_element(array, 1, K5_JSON_TID_STRING);
+    if (s == NULL)
+        return -1;
+
+    ad = malloc(sizeof(*ad));
+    if (ad == NULL)
+        return -1;
+    ad->ad_type = k5_json_number_value(n);
+    if (k5_json_string_unbase64(s, &ad->contents, &len)) {
+        free(ad);
+        return -1;
+    }
+    ad->length = len;
+    ad->magic = KV5M_AUTHDATA;
+    *ad_out = ad;
+    return 0;
+}
+
+/* Convert a JSON value to a null-terminated authdata list or to NULL. */
+static int
+json_to_authdata(krb5_context context, k5_json_value v,
+                 krb5_authdata ***authdata_out)
+{
+    k5_json_array array;
+    krb5_authdata **authdata = NULL;
+    size_t len, i;
+
+    *authdata_out = NULL;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    len = k5_json_array_length(array);
+    authdata = calloc(len + 1, sizeof(*authdata));
+    for (i = 0; i < len; i++) {
+        if (json_to_authdata_element(k5_json_array_get(array, i),
+                                     &authdata[i]))
+            goto invalid;
+    }
+    authdata[i] = NULL;
+    *authdata_out = authdata;
+    return 0;
+
+invalid:
+    krb5_free_authdata(context, authdata);
+    return -1;
+}
+
+/* Convert a JSON value to a krb5 credential structure, filling in creds. */
+static int
+json_to_creds(krb5_context context, k5_json_value v, krb5_creds *creds)
+{
+    k5_json_array array;
+    k5_json_number n;
+    k5_json_bool b;
+    k5_json_string s;
+    unsigned char *data;
+    size_t len;
+
+    memset(creds, 0, sizeof(*creds));
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    if (k5_json_array_length(array) != 13)
+        return -1;
+
+    if (json_to_principal(context, k5_json_array_get(array, 0),
+                          &creds->client))
+        goto invalid;
+
+    if (json_to_principal(context, k5_json_array_get(array, 1),
+                          &creds->server))
+        goto invalid;
+
+    if (json_to_keyblock(k5_json_array_get(array, 2), &creds->keyblock))
+        goto invalid;
+
+    n = check_element(array, 3, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    creds->times.authtime = k5_json_number_value(n);
+
+    n = check_element(array, 4, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    creds->times.starttime = k5_json_number_value(n);
+
+    n = check_element(array, 5, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    creds->times.endtime = k5_json_number_value(n);
+
+    n = check_element(array, 6, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    creds->times.renew_till = k5_json_number_value(n);
+
+    b = check_element(array, 7, K5_JSON_TID_BOOL);
+    if (b == NULL)
+        goto invalid;
+    creds->is_skey = k5_json_bool_value(b);
+
+    n = check_element(array, 8, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    creds->ticket_flags = k5_json_number_value(n);
+
+    if (json_to_addresses(context, k5_json_array_get(array, 9),
+                          &creds->addresses))
+        goto invalid;
+
+    s = check_element(array, 10, K5_JSON_TID_STRING);
+    if (s == NULL)
+        goto invalid;
+    if (k5_json_string_unbase64(s, &data, &len))
+        goto invalid;
+    creds->ticket.data = (char *)data;
+    creds->ticket.length = len;
+
+    s = check_element(array, 11, K5_JSON_TID_STRING);
+    if (s == NULL)
+        goto invalid;
+    if (k5_json_string_unbase64(s, &data, &len))
+        goto invalid;
+    creds->second_ticket.data = (char *)data;
+    creds->second_ticket.length = len;
+
+    if (json_to_authdata(context, k5_json_array_get(array, 12),
+                         &creds->authdata))
+        goto invalid;
+
+    creds->magic = KV5M_CREDS;
+    return 0;
+
+invalid:
+    krb5_free_cred_contents(context, creds);
+    memset(creds, 0, sizeof(*creds));
+    return -1;
+}
+
+/* Convert a JSON value to a ccache handle or to NULL.  Set *new_out to true if
+ * the ccache handle is a newly created memory ccache, false otherwise. */
+static int
+json_to_ccache(krb5_context context, k5_json_value v, krb5_ccache *ccache_out,
+               krb5_boolean *new_out)
+{
+    krb5_error_code ret;
+    krb5_ccache ccache = NULL;
+    krb5_principal princ;
+    krb5_creds creds;
+    k5_json_array array;
+    size_t i, len;
+
+    *ccache_out = NULL;
+    *new_out = FALSE;
+    if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
+        return 0;
+    if (k5_json_get_tid(v) == K5_JSON_TID_STRING) {
+        /* We got a reference to an external ccache; just resolve it. */
+        return krb5_cc_resolve(context, k5_json_string_utf8(v), ccache_out) ?
+            -1 : 0;
+    }
+
+    /* We got the contents of a memory ccache. */
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        return -1;
+    array = v;
+    len = k5_json_array_length(array);
+    if (len < 1)
+        return -1;
+
+    /* Initialize a new memory ccache using the principal in the first array
+     * entry.*/
+    if (krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))
+        return -1;
+    if (json_to_principal(context, k5_json_array_get(array, 0), &princ))
+        goto invalid;
+    ret = krb5_cc_initialize(context, ccache, princ);
+    krb5_free_principal(context, princ);
+    if (ret)
+        goto invalid;
+
+    /* Add remaining array entries to the ccache as credentials. */
+    for (i = 1; i < len; i++) {
+        if (json_to_creds(context, k5_json_array_get(array, i), &creds))
+            goto invalid;
+        ret = krb5_cc_store_cred(context, ccache, &creds);
+        krb5_free_cred_contents(context, &creds);
+        if (ret)
+            goto invalid;
+    }
+
+    *ccache_out = ccache;
+    *new_out = TRUE;
+    return 0;
+
+invalid:
+    (void)krb5_cc_destroy(context, ccache);
+    return -1;
+}
+
+/* Convert a JSON array value to a krb5 GSS credential. */
+static int
+json_to_kgcred(krb5_context context, k5_json_array array,
+               krb5_gss_cred_id_t *cred_out)
+{
+    krb5_gss_cred_id_t cred;
+    k5_json_number n;
+    k5_json_bool b;
+    krb5_boolean is_new;
+    OM_uint32 tmp;
+
+    *cred_out = NULL;
+    if (k5_json_array_length(array) != 14)
+        return -1;
+
+    cred = calloc(1, sizeof(*cred));
+    if (cred == NULL)
+        return -1;
+    if (k5_mutex_init(&cred->lock)) {
+        free(cred);
+        return -1;
+    }
+
+    n = check_element(array, 0, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    cred->usage = k5_json_number_value(n);
+
+    if (json_to_kgname(context, k5_json_array_get(array, 1), &cred->name))
+        goto invalid;
+
+    if (json_to_principal(context, k5_json_array_get(array, 2),
+                          &cred->impersonator))
+        goto invalid;
+
+    b = check_element(array, 3, K5_JSON_TID_BOOL);
+    if (b == NULL)
+        goto invalid;
+    cred->default_identity = k5_json_bool_value(b);
+
+    b = check_element(array, 4, K5_JSON_TID_BOOL);
+    if (b == NULL)
+        goto invalid;
+    cred->iakerb_mech = k5_json_bool_value(b);
+
+    if (json_to_keytab(context, k5_json_array_get(array, 5), &cred->keytab))
+        goto invalid;
+
+    if (json_to_rcache(context, k5_json_array_get(array, 6), &cred->rcache))
+        goto invalid;
+
+    if (json_to_ccache(context, k5_json_array_get(array, 7), &cred->ccache,
+                       &is_new))
+        goto invalid;
+    cred->destroy_ccache = is_new;
+
+    if (json_to_keytab(context, k5_json_array_get(array, 8),
+                       &cred->client_keytab))
+        goto invalid;
+
+    b = check_element(array, 9, K5_JSON_TID_BOOL);
+    if (b == NULL)
+        goto invalid;
+    cred->have_tgt = k5_json_bool_value(b);
+
+    n = check_element(array, 10, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    cred->expire = k5_json_number_value(n);
+
+    n = check_element(array, 11, K5_JSON_TID_NUMBER);
+    if (n == NULL)
+        goto invalid;
+    cred->refresh_time = k5_json_number_value(n);
+
+    if (json_to_etypes(k5_json_array_get(array, 12), &cred->req_enctypes))
+        goto invalid;
+
+    if (json_to_optional_string(k5_json_array_get(array, 13), &cred->password))
+        goto invalid;
+
+    *cred_out = cred;
+    return 0;
+
+invalid:
+    (void)krb5_gss_release_cred(&tmp, (gss_cred_id_t *)&cred);
+    return -1;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
+                     gss_cred_id_t *cred_handle)
+{
+    OM_uint32 status = GSS_S_COMPLETE;
+    krb5_context context;
+    krb5_error_code ret;
+    krb5_gss_cred_id_t cred;
+    k5_json_value v = NULL;
+    k5_json_array array;
+    k5_json_string str;
+    char *copy = NULL;
+
+    ret = krb5_gss_init_context(&context);
+    if (ret) {
+        *minor_status = ret;
+        return GSS_S_FAILURE;
+    }
+
+    /* Decode token. */
+    copy = k5memdup0(token->value, token->length, &ret);
+    if (copy == NULL) {
+        status = GSS_S_FAILURE;
+        *minor_status = ret;
+        goto cleanup;
+    }
+    if (k5_json_decode(copy, &v))
+        goto invalid;
+
+    /* Decode the CRED_EXPORT_MAGIC array wrapper. */
+    if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
+        goto invalid;
+    array = v;
+    if (k5_json_array_length(array) != 2)
+        goto invalid;
+    str = check_element(array, 0, K5_JSON_TID_STRING);
+    if (str == NULL ||
+        strcmp(k5_json_string_utf8(str), CRED_EXPORT_MAGIC) != 0)
+        goto invalid;
+    if (json_to_kgcred(context, k5_json_array_get(array, 1), &cred))
+        goto invalid;
+
+    *cred_handle = (gss_cred_id_t)cred;
+
+cleanup:
+    free(copy);
+    k5_json_release(v);
+    krb5_free_context(context);
+    return status;
+
+invalid:
+    status = GSS_S_DEFECTIVE_TOKEN;
+    goto cleanup;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/import_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/import_name.c
new file mode 100644
index 00000000..f64635a2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/import_name.c
@@ -0,0 +1,346 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_krb5.h"
+
+#ifndef NO_PASSWORD
+#include <pwd.h>
+#include <stdio.h>
+#endif
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+
+/*
+ * errors:
+ * GSS_S_BAD_NAMETYPE   if the type is bogus
+ * GSS_S_BAD_NAME       if the type is good but the name is bogus
+ * GSS_S_FAILURE        if memory allocation fails
+ */
+
+/*
+ * Import serialized authdata context
+ */
+static krb5_error_code
+import_name_composite(krb5_context context,
+                      unsigned char *enc_data, size_t enc_length,
+                      krb5_authdata_context *pad_context)
+{
+    krb5_authdata_context ad_context;
+    krb5_error_code code;
+    krb5_data data;
+
+    if (enc_length == 0)
+        return 0;
+
+    code = krb5_authdata_context_init(context, &ad_context);
+    if (code != 0)
+        return code;
+
+    data.data = (char *)enc_data;
+    data.length = enc_length;
+
+    code = krb5_authdata_import_attributes(context,
+                                           ad_context,
+                                           AD_USAGE_MASK,
+                                           &data);
+    if (code != 0) {
+        krb5_authdata_context_free(context, ad_context);
+        return code;
+    }
+
+    *pad_context = ad_context;
+
+    return 0;
+}
+
+/* Split a host-based name "service[@host]" into allocated strings
+ * placed in *service_out and *host_out (possibly NULL). */
+static krb5_error_code
+parse_hostbased(const char *str, size_t len,
+                char **service_out, char **host_out)
+{
+    const char *at;
+    size_t servicelen, hostlen;
+    char *service, *host = NULL;
+
+    *service_out = *host_out = NULL;
+
+    /* Find the bound of the service name and copy it. */
+    at = memchr(str, '@', len);
+    servicelen = (at == NULL) ? len : (size_t)(at - str);
+    service = xmalloc(servicelen + 1);
+    if (service == NULL)
+        return ENOMEM;
+    memcpy(service, str, servicelen);
+    service[servicelen] = '\0';
+
+    /* Copy the hostname if present (at least one character after '@'). */
+    if (len - servicelen > 1) {
+        hostlen = len - servicelen - 1;
+        host = malloc(hostlen + 1);
+        if (host == NULL) {
+            free(service);
+            return ENOMEM;
+        }
+        memcpy(host, at + 1, hostlen);
+        host[hostlen] = '\0';
+    }
+
+    *service_out = service;
+    *host_out = host;
+    return 0;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_import_name(minor_status, input_name_buffer,
+                     input_name_type, output_name)
+    OM_uint32 *minor_status;
+    gss_buffer_t input_name_buffer;
+    gss_OID input_name_type;
+    gss_name_t *output_name;
+{
+    krb5_context context;
+    krb5_principal princ = NULL;
+    krb5_error_code code;
+    unsigned char *cp, *end;
+    char *tmp = NULL, *tmp2 = NULL, *service = NULL, *host = NULL, *stringrep;
+    ssize_t    length;
+#ifndef NO_PASSWORD
+    struct passwd *pw;
+#endif
+    int is_composite = 0, is_cert = 0;
+    krb5_authdata_context ad_context = NULL;
+    OM_uint32 status = GSS_S_FAILURE;
+    krb5_gss_name_t name;
+    int flags = 0;
+
+    *output_name = NULL;
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code)
+        goto cleanup;
+
+    if ((input_name_type != GSS_C_NULL_OID) &&
+        (g_OID_equal(input_name_type, gss_nt_service_name) ||
+         g_OID_equal(input_name_type, gss_nt_service_name_v2))) {
+        /* Split the name into service and host (or NULL). */
+        code = parse_hostbased(input_name_buffer->value,
+                               input_name_buffer->length, &service, &host);
+        if (code)
+            goto cleanup;
+
+        /*
+         * Compute the initiator target name.  In some cases this is a waste of
+         * getaddrinfo/getnameinfo queries, but computing the name when we need
+         * it would require a lot of code changes.
+         */
+        code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST,
+                                       &princ);
+        if (code)
+            goto cleanup;
+    } else if ((input_name_type != GSS_C_NULL_OID) &&
+               (g_OID_equal(input_name_type, gss_nt_krb5_principal))) {
+        krb5_principal input;
+
+        if (input_name_buffer->length != sizeof(krb5_principal)) {
+            code = G_WRONG_SIZE;
+            status = GSS_S_BAD_NAME;
+            goto cleanup;
+        }
+
+        input = *((krb5_principal *) input_name_buffer->value);
+
+        code = krb5_copy_principal(context, input, &princ);
+        if (code)
+            goto cleanup;
+    } else if ((input_name_type != NULL) &&
+               g_OID_equal(input_name_type, GSS_C_NT_ANONYMOUS)) {
+        code = krb5_copy_principal(context, krb5_anonymous_principal(),
+                                   &princ);
+        if (code)
+            goto cleanup;
+    } else if ((input_name_type != NULL) &&
+               g_OID_equal(input_name_type, GSS_KRB5_NT_X509_CERT)) {
+        code = krb5_build_principal_ext(context, &princ, 0, NULL,
+                                        input_name_buffer->length,
+                                        input_name_buffer->value, 0);
+        if (code)
+            goto cleanup;
+        is_cert = 1;
+    } else {
+#ifndef NO_PASSWORD
+        uid_t uid;
+        struct passwd pwx;
+        char pwbuf[BUFSIZ];
+#endif
+
+        stringrep = NULL;
+
+        tmp = k5memdup0(input_name_buffer->value, input_name_buffer->length,
+                        &code);
+        if (tmp == NULL)
+            goto cleanup;
+        tmp2 = NULL;
+
+        /* Find the appropriate string rep to pass into parse_name. */
+        if ((input_name_type == GSS_C_NULL_OID) ||
+            g_OID_equal(input_name_type, gss_nt_krb5_name) ||
+            g_OID_equal(input_name_type, gss_nt_user_name)) {
+            stringrep = tmp;
+        } else if (g_OID_equal(input_name_type, GSS_KRB5_NT_ENTERPRISE_NAME)) {
+            stringrep = tmp;
+            flags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
+#ifndef NO_PASSWORD
+        } else if (g_OID_equal(input_name_type, gss_nt_machine_uid_name)) {
+            uid = *(uid_t *) input_name_buffer->value;
+        do_getpwuid:
+            if (k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw) == 0)
+                stringrep = pw->pw_name;
+            else
+                code = G_NOUSER;
+        } else if (g_OID_equal(input_name_type, gss_nt_string_uid_name)) {
+            uid = atoi(tmp);
+            goto do_getpwuid;
+#endif
+        } else if (g_OID_equal(input_name_type, gss_nt_exported_name) ||
+                   g_OID_equal(input_name_type, GSS_C_NT_COMPOSITE_EXPORT)) {
+#define BOUNDS_CHECK(cp, end, n)                                        \
+            do { if ((end) - (cp) < (n)) goto fail_name; } while (0)
+            cp = (unsigned char *)tmp;
+            end = cp + input_name_buffer->length;
+
+            BOUNDS_CHECK(cp, end, 2);
+            if (*cp++ != 0x04)
+                goto fail_name;
+            switch (*cp++) {
+            case 0x01:
+                break;
+            case 0x02:
+                is_composite++;
+                break;
+            default:
+                goto fail_name;
+            }
+
+            BOUNDS_CHECK(cp, end, 2);
+            if (*cp++ != 0x00)
+                goto fail_name;
+            length = *cp++;
+            if (length != (ssize_t)gss_mech_krb5->length+2)
+                goto fail_name;
+
+            BOUNDS_CHECK(cp, end, 2);
+            if (*cp++ != 0x06)
+                goto fail_name;
+            length = *cp++;
+            if (length != (ssize_t)gss_mech_krb5->length)
+                goto fail_name;
+
+            BOUNDS_CHECK(cp, end, length);
+            if (memcmp(cp, gss_mech_krb5->elements, length) != 0)
+                goto fail_name;
+            cp += length;
+
+            BOUNDS_CHECK(cp, end, 4);
+            length = *cp++;
+            length = (length << 8) | *cp++;
+            length = (length << 8) | *cp++;
+            length = (length << 8) | *cp++;
+
+            BOUNDS_CHECK(cp, end, length);
+            tmp2 = k5alloc(length + 1, &code);
+            if (tmp2 == NULL)
+                goto cleanup;
+            strncpy(tmp2, (char *)cp, length);
+            tmp2[length] = 0;
+            stringrep = tmp2;
+            cp += length;
+
+            if (is_composite) {
+                BOUNDS_CHECK(cp, end, 4);
+                length = *cp++;
+                length = (length << 8) | *cp++;
+                length = (length << 8) | *cp++;
+                length = (length << 8) | *cp++;
+
+                BOUNDS_CHECK(cp, end, length);
+                code = import_name_composite(context,
+                                             cp, length,
+                                             &ad_context);
+                if (code != 0)
+                    goto fail_name;
+                cp += length;
+            }
+            assert(cp == end);
+        } else {
+            status = GSS_S_BAD_NAMETYPE;
+            goto cleanup;
+        }
+
+        /* At this point, stringrep is set, or if not, code is. */
+        if (stringrep) {
+            code = krb5_parse_name_flags(context, stringrep, flags, &princ);
+            if (code)
+                goto cleanup;
+        } else {
+        fail_name:
+            status = GSS_S_BAD_NAME;
+            goto cleanup;
+        }
+    }
+
+    /* Create a name and save it in the validation database. */
+    code = kg_init_name(context, princ, service, host, ad_context,
+                        KG_INIT_NAME_NO_COPY, &name);
+    if (code)
+        goto cleanup;
+    name->is_cert = is_cert;
+
+    princ = NULL;
+    ad_context = NULL;
+    service = host = NULL;
+    *output_name = (gss_name_t)name;
+    status = GSS_S_COMPLETE;
+
+cleanup:
+    *minor_status = (OM_uint32)code;
+    if (*minor_status)
+        save_error_info(*minor_status, context);
+    krb5_free_principal(context, princ);
+    krb5_authdata_context_free(context, ad_context);
+    krb5_free_context(context);
+    free(tmp);
+    free(tmp2);
+    free(service);
+    free(host);
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/import_sec_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/import_sec_context.c
new file mode 100644
index 00000000..7d26f4df
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/import_sec_context.c
@@ -0,0 +1,95 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/import_sec_context.c - Internalize the security context */
+/*
+ * Copyright 1995,2004,2007,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+/* for serialization initialization functions */
+#include "k5-int.h"
+
+/*
+ * Fix up the OID of the mechanism so that uses the static version of
+ * the OID if possible.
+ */
+gss_OID krb5_gss_convert_static_mech_oid(oid)
+    gss_OID    oid;
+{
+    const gss_OID_desc      *p;
+    OM_uint32               minor_status;
+
+    for (p = krb5_gss_oid_array; p->length; p++) {
+        if ((oid->length == p->length) &&
+            (memcmp(oid->elements, p->elements, p->length) == 0)) {
+            generic_gss_release_oid(&minor_status, &oid);
+            return (gss_OID) p;
+        }
+    }
+    return oid;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle)
+    OM_uint32           *minor_status;
+    gss_buffer_t        interprocess_token;
+    gss_ctx_id_t        *context_handle;
+{
+    krb5_context        context;
+    krb5_error_code     kret = 0;
+    size_t              blen;
+    krb5_gss_ctx_id_t   ctx;
+    krb5_octet          *ibp;
+
+    /* This is a bit screwy.  We create a krb5 context because we need
+       one when calling the serialization code.  However, one of the
+       objects we're unpacking is a krb5 context, so when we finish,
+       we can throw this one away.  */
+    kret = krb5_gss_init_context(&context);
+    if (kret) {
+        *minor_status = kret;
+        return GSS_S_FAILURE;
+    }
+
+    /* Assume a tragic failure */
+    ctx = (krb5_gss_ctx_id_t) NULL;
+    *minor_status = 0;
+
+    /* Internalize the context */
+    ibp = (krb5_octet *) interprocess_token->value;
+    blen = (size_t) interprocess_token->length;
+    kret = kg_ctx_internalize(context, &ctx, &ibp, &blen);
+    if (kret) {
+        *minor_status = (OM_uint32) kret;
+        save_error_info(*minor_status, context);
+        krb5_free_context(context);
+        return(GSS_S_FAILURE);
+    }
+    krb5_free_context(context);
+
+    ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
+
+    *context_handle = (gss_ctx_id_t) ctx;
+
+    *minor_status = 0;
+    return (GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/indicate_mechs.c b/krb5-1.21.3/src/lib/gssapi/krb5/indicate_mechs.c
new file mode 100644
index 00000000..45538cb7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/indicate_mechs.c
@@ -0,0 +1,37 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_krb5.h"
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_indicate_mechs(minor_status, mech_set)
+    OM_uint32 *minor_status;
+    gss_OID_set *mech_set;
+{
+    return generic_gss_copy_oid_set(minor_status, kg_all_mechs, mech_set);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c
new file mode 100644
index 00000000..5748b843
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c
@@ -0,0 +1,1088 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2000, 2002, 2003, 2007, 2008 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <stdlib.h>
+#include <assert.h>
+
+/*
+ * $Id$
+ */
+
+/* XXX This is for debugging only!!!  Should become a real bitfield
+   at some point */
+int krb5_gss_dbg_client_expcreds = 0;
+
+/*
+ * Common code which fetches the correct krb5 credentials from the
+ * ccache.
+ */
+static krb5_error_code get_credentials(context, cred, server, now,
+                                       endtime, out_creds)
+    krb5_context context;
+    krb5_gss_cred_id_t cred;
+    krb5_gss_name_t server;
+    krb5_timestamp now;
+    krb5_timestamp endtime;
+    krb5_creds **out_creds;
+{
+    krb5_error_code     code;
+    krb5_creds          in_creds, evidence_creds, mcreds, *result_creds = NULL;
+    krb5_flags          flags = 0;
+    krb5_principal_data server_data;
+
+    *out_creds = NULL;
+
+    k5_mutex_assert_locked(&cred->lock);
+    memset(&in_creds, 0, sizeof(krb5_creds));
+    memset(&evidence_creds, 0, sizeof(krb5_creds));
+    in_creds.client = in_creds.server = NULL;
+
+    assert(cred->name != NULL);
+
+    /* Remove assumed realm from host-based S4U2Proxy requests as they must
+     * start in the client realm. */
+    server_data = *server->princ;
+    if (cred->impersonator != NULL && server_data.type == KRB5_NT_SRV_HST)
+        server_data.realm = empty_data();
+    in_creds.server = &server_data;
+
+    in_creds.client = cred->name->princ;
+    in_creds.times.endtime = endtime;
+    in_creds.authdata = NULL;
+    in_creds.keyblock.enctype = 0;
+
+    /*
+     * cred->name is immutable, so there is no need to acquire
+     * cred->name->lock.
+     */
+    if (cred->name->ad_context != NULL) {
+        code = krb5_authdata_export_authdata(context,
+                                             cred->name->ad_context,
+                                             AD_USAGE_TGS_REQ,
+                                             &in_creds.authdata);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    /* Try constrained delegation if we have proxy credentials. */
+    if (cred->impersonator != NULL) {
+        /* If we are trying to get a ticket to ourselves, we should use the
+         * the evidence ticket directly from cache. */
+        if (krb5_principal_compare(context, cred->impersonator,
+                                   server->princ)) {
+            flags |= KRB5_GC_CACHED;
+        } else {
+            memset(&mcreds, 0, sizeof(mcreds));
+            mcreds.magic = KV5M_CREDS;
+            mcreds.server = cred->impersonator;
+            mcreds.client = cred->name->princ;
+            code = krb5_cc_retrieve_cred(context, cred->ccache,
+                                         KRB5_TC_MATCH_AUTHDATA, &mcreds,
+                                         &evidence_creds);
+            if (code)
+                goto cleanup;
+
+            in_creds.client = cred->impersonator;
+            in_creds.second_ticket = evidence_creds.ticket;
+            flags = KRB5_GC_CANONICALIZE | KRB5_GC_CONSTRAINED_DELEGATION;
+        }
+    }
+
+    /* For IAKERB, only check the cache in this step.  We will ask the server
+     * to make any necessary TGS requests. */
+    if (cred->iakerb_mech)
+        flags |= KRB5_GC_CACHED;
+
+    code = krb5_get_credentials(context, flags, cred->ccache,
+                                &in_creds, &result_creds);
+    if (code)
+        goto cleanup;
+
+    if (flags & KRB5_GC_CONSTRAINED_DELEGATION) {
+        if (!krb5_principal_compare(context, cred->name->princ,
+                                    result_creds->client)) {
+            /* server did not support constrained delegation */
+            code = KRB5_KDCREP_MODIFIED;
+            goto cleanup;
+        }
+    }
+
+    /*
+     * Enforce a stricter limit (without timeskew forgiveness at the
+     * boundaries) because accept_sec_context code is also similarly
+     * non-forgiving.
+     */
+    if (!krb5_gss_dbg_client_expcreds &&
+        ts_after(now, result_creds->times.endtime)) {
+        code = KRB5KRB_AP_ERR_TKT_EXPIRED;
+        goto cleanup;
+    }
+
+    *out_creds = result_creds;
+    result_creds = NULL;
+
+cleanup:
+    krb5_free_authdata(context, in_creds.authdata);
+    krb5_free_cred_contents(context, &evidence_creds);
+    krb5_free_creds(context, result_creds);
+
+    return code;
+}
+struct gss_checksum_data {
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_gss_cred_id_t cred;
+    krb5_checksum md5;
+    krb5_data checksum_data;
+    krb5_gss_ctx_ext_t exts;
+};
+
+#ifdef CFX_EXERCISE
+#include "../../krb5/krb/auth_con.h"
+#endif
+static krb5_error_code KRB5_CALLCONV
+make_gss_checksum (krb5_context context, krb5_auth_context auth_context,
+                   void *cksum_data, krb5_data **out)
+{
+    krb5_error_code code;
+    krb5_int32 con_flags;
+    struct gss_checksum_data *data = cksum_data;
+    krb5_data credmsg;
+    unsigned int junk;
+    krb5_data *finished = NULL;
+    krb5_key send_subkey;
+    struct k5buf buf;
+
+    data->checksum_data = empty_data();
+    credmsg.data = 0;
+    /* build the checksum field */
+
+    if (data->ctx->gss_flags & GSS_C_DELEG_FLAG) {
+        /* first get KRB_CRED message, so we know its length */
+
+        /* clear the time check flag that was set in krb5_auth_con_init() */
+        krb5_auth_con_getflags(context, auth_context, &con_flags);
+        krb5_auth_con_setflags(context, auth_context,
+                               con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
+
+        assert(data->cred->name != NULL);
+
+        /*
+         * RFC 4121 4.1.1 specifies forwarded credentials must be encrypted in
+         * the session key, but krb5_fwd_tgt_creds will use the send subkey if
+         * it's set in the auth context.  Suppress the send subkey
+         * temporarily.
+         */
+        krb5_auth_con_getsendsubkey_k(context, auth_context, &send_subkey);
+        krb5_auth_con_setsendsubkey_k(context, auth_context, NULL);
+
+        code = krb5_fwd_tgt_creds(context, auth_context, 0,
+                                  data->cred->name->princ, data->ctx->there->princ,
+                                  data->cred->ccache, 1,
+                                  &credmsg);
+
+        /* Turn KRB5_AUTH_CONTEXT_DO_TIME back on and reset the send subkey. */
+        krb5_auth_con_setflags(context, auth_context, con_flags);
+        krb5_auth_con_setsendsubkey_k(context, auth_context, send_subkey);
+        krb5_k_free_key(context, send_subkey);
+
+        if (code) {
+            /* don't fail here; just don't accept/do the delegation
+               request */
+            data->ctx->gss_flags &= ~(GSS_C_DELEG_FLAG |
+                                      GSS_C_DELEG_POLICY_FLAG);
+        } else {
+            if (credmsg.length+28 > KRB5_INT16_MAX) {
+                code = KRB5KRB_ERR_FIELD_TOOLONG;
+                goto cleanup;
+            }
+        }
+    }
+#ifdef CFX_EXERCISE
+    if (data->ctx->auth_context->keyblock != NULL
+        && data->ctx->auth_context->keyblock->enctype == 18) {
+        srand(time(0) ^ getpid());
+        /* Our ftp client code stupidly assumes a base64-encoded
+           version of the token will fit in 10K, so don't make this
+           too big.  */
+        junk = rand() & 0xff;
+    } else
+        junk = 0;
+#else
+    junk = 0;
+#endif
+
+    assert(data->exts != NULL);
+
+    if (data->exts->iakerb.conv) {
+        krb5_key key;
+
+        code = krb5_auth_con_getsendsubkey_k(context, auth_context, &key);
+        if (code != 0)
+            goto cleanup;
+
+        code = iakerb_make_finished(context, key, data->exts->iakerb.conv,
+                                    &finished);
+        if (code != 0) {
+            krb5_k_free_key(context, key);
+            goto cleanup;
+        }
+
+        krb5_k_free_key(context, key);
+    }
+
+    /* now allocate a buffer to hold the checksum data and
+       (maybe) KRB_CRED msg */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_uint32_le(&buf, data->md5.length);
+    k5_buf_add_len(&buf, data->md5.contents, data->md5.length);
+    k5_buf_add_uint32_le(&buf, data->ctx->gss_flags);
+    if (credmsg.data != NULL) {
+        k5_buf_add_uint16_le(&buf, KRB5_GSS_FOR_CREDS_OPTION);
+        k5_buf_add_uint16_le(&buf, credmsg.length);
+        k5_buf_add_len(&buf, credmsg.data, credmsg.length);
+    }
+    if (data->exts->iakerb.conv != NULL) {
+        k5_buf_add_uint32_be(&buf, KRB5_GSS_EXTS_IAKERB_FINISHED);
+        k5_buf_add_uint32_be(&buf, finished->length);
+        k5_buf_add_len(&buf, finished->data, finished->length);
+    }
+    while (junk--)
+        k5_buf_add_byte(&buf, 'i');
+
+    code = k5_buf_status(&buf);
+    if (code)
+        goto cleanup;
+
+    data->checksum_data = make_data(buf.data, buf.len);
+    *out = &data->checksum_data;
+    code = 0;
+
+cleanup:
+    krb5_free_data_contents(context, &credmsg);
+    krb5_free_data(context, finished);
+    return code;
+}
+
+static krb5_error_code
+make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
+               chan_bindings, mech_type, token, exts)
+    krb5_context context;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_gss_cred_id_t cred;
+    krb5_creds *k_cred;
+    krb5_authdata_context ad_context;
+    gss_channel_bindings_t chan_bindings;
+    gss_OID mech_type;
+    gss_buffer_t token;
+    krb5_gss_ctx_ext_t exts;
+{
+    krb5_flags mk_req_flags = 0;
+    krb5_error_code code;
+    struct gss_checksum_data cksum_struct;
+    krb5_checksum md5;
+    krb5_data ap_req;
+    unsigned char *t;
+    unsigned int tlen;
+    struct k5buf buf;
+
+    k5_mutex_assert_locked(&cred->lock);
+    ap_req.data = 0;
+
+    /* compute the hash of the channel bindings */
+
+    if ((code = kg_checksum_channel_bindings(context, chan_bindings, &md5)))
+        return(code);
+
+    krb5_auth_con_set_req_cksumtype(context, ctx->auth_context,
+                                    CKSUMTYPE_KG_CB);
+    cksum_struct.md5 = md5;
+    cksum_struct.ctx = ctx;
+    cksum_struct.cred = cred;
+    cksum_struct.checksum_data.data = NULL;
+    cksum_struct.exts = exts;
+    krb5_auth_con_set_checksum_func(context, ctx->auth_context,
+                                    make_gss_checksum, &cksum_struct);
+
+    /* call mk_req.  subkey and ap_req need to be used or destroyed */
+
+    mk_req_flags = AP_OPTS_USE_SUBKEY;
+
+    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG)
+        mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_ETYPE_NEGOTIATION;
+
+    krb5_auth_con_set_authdata_context(context, ctx->auth_context, ad_context);
+    code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
+                                NULL, k_cred, &ap_req);
+    krb5_auth_con_set_authdata_context(context, ctx->auth_context, NULL);
+    krb5_free_checksum_contents(context, &cksum_struct.md5);
+    krb5_free_data_contents(context, &cksum_struct.checksum_data);
+    if (code)
+        goto cleanup;
+
+    /* store the interesting stuff from creds and authent */
+    ctx->krb_times = k_cred->times;
+    ctx->krb_flags = k_cred->ticket_flags;
+
+    /* build up the token */
+    if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+        /*
+         * For DCE RPC, do not encapsulate the AP-REQ in the
+         * typical GSS wrapping.
+         */
+        code = data_to_gss(&ap_req, token);
+        if (code)
+            goto cleanup;
+    } else {
+        /* allocate space for the token */
+        tlen = g_token_size((gss_OID) mech_type, ap_req.length);
+        t = gssalloc_malloc(tlen);
+        if (t == NULL) {
+            code = ENOMEM;
+            goto cleanup;
+        }
+        k5_buf_init_fixed(&buf, t, tlen);
+        g_make_token_header(&buf, mech_type, ap_req.length, KG_TOK_CTX_AP_REQ);
+        k5_buf_add_len(&buf, ap_req.data, ap_req.length);
+        assert(buf.len == tlen);
+
+        /* pass it back */
+
+        token->length = tlen;
+        token->value = (void *) t;
+    }
+
+    code = 0;
+
+cleanup:
+    if (ap_req.data)
+        krb5_free_data_contents(context, &ap_req);
+
+    return (code);
+}
+
+/*
+ * new_connection
+ *
+ * Do the grunt work of setting up a new context.
+ */
+static OM_uint32
+kg_new_connection(
+    OM_uint32 *minor_status,
+    krb5_gss_cred_id_t cred,
+    gss_ctx_id_t *context_handle,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    OM_uint32 req_flags,
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID *actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    krb5_context context,
+    krb5_gss_ctx_ext_t exts)
+{
+    OM_uint32 major_status;
+    krb5_error_code code;
+    krb5_creds *k_cred = NULL;
+    krb5_gss_ctx_id_rec *ctx, *ctx_free;
+    krb5_timestamp now;
+    gss_buffer_desc token;
+    krb5_keyblock *keyblock;
+
+    k5_mutex_assert_locked(&cred->lock);
+    major_status = GSS_S_FAILURE;
+    token.length = 0;
+    token.value = NULL;
+
+    /* make sure the cred is usable for init */
+
+    if ((cred->usage != GSS_C_INITIATE) &&
+        (cred->usage != GSS_C_BOTH)) {
+        *minor_status = 0;
+        return(GSS_S_NO_CRED);
+    }
+
+    /* complain if the input token is non-null */
+
+    if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
+        *minor_status = 0;
+        return(GSS_S_DEFECTIVE_TOKEN);
+    }
+
+    /* create the ctx */
+
+    if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec)))
+        == NULL) {
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
+    }
+
+    /* fill in the ctx */
+    memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+    ctx->magic = KG_CONTEXT;
+    ctx_free = ctx;
+    if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
+        goto cleanup;
+    krb5_auth_con_setflags(context, ctx->auth_context,
+                           KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+
+    /* limit the encryption types negotiated (if requested) */
+    if (cred->req_enctypes) {
+        if ((code = krb5_set_default_tgs_enctypes(context,
+                                                  cred->req_enctypes))) {
+            goto cleanup;
+        }
+    }
+
+    ctx->initiate = 1;
+    ctx->seed_init = 0;
+    ctx->seqstate = 0;
+
+    /* enforce_ok_as_delegate causes GSS_C_DELEG_FLAG to be treated as
+     * GSS_C_DELEG_POLICY_FLAG (so ok-as-delegate is always enforced). */
+    if (context->enforce_ok_as_delegate && (req_flags & GSS_C_DELEG_FLAG)) {
+        req_flags &= ~GSS_C_DELEG_FLAG;
+        req_flags |= GSS_C_DELEG_POLICY_FLAG;
+    }
+
+    ctx->gss_flags = req_flags & (GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG |
+                                  GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+                                  GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG |
+                                  GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG |
+                                  GSS_C_EXTENDED_ERROR_FLAG);
+    ctx->gss_flags |= GSS_C_TRANS_FLAG;
+    if (!cred->suppress_ci_flags)
+        ctx->gss_flags |= (GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG);
+    if (req_flags & GSS_C_DCE_STYLE)
+        ctx->gss_flags |= GSS_C_MUTUAL_FLAG;
+
+    if ((code = krb5_timeofday(context, &now)))
+        goto cleanup;
+
+    if (time_req == 0 || time_req == GSS_C_INDEFINITE) {
+        ctx->krb_times.endtime = 0;
+    } else {
+        ctx->krb_times.endtime = ts_incr(now, time_req);
+    }
+
+    if ((code = kg_duplicate_name(context, cred->name, &ctx->here)))
+        goto cleanup;
+
+    if ((code = kg_duplicate_name(context, (krb5_gss_name_t)target_name,
+                                  &ctx->there)))
+        goto cleanup;
+
+    code = get_credentials(context, cred, ctx->there, now,
+                           ctx->krb_times.endtime, &k_cred);
+    if (code)
+        goto cleanup;
+
+    ctx->krb_times = k_cred->times;
+
+    /*
+     * GSS_C_DELEG_POLICY_FLAG means to delegate only if the
+     * ok-as-delegate ticket flag is set.
+     */
+    if ((req_flags & GSS_C_DELEG_POLICY_FLAG)
+        && (k_cred->ticket_flags & TKT_FLG_OK_AS_DELEGATE))
+        ctx->gss_flags |= GSS_C_DELEG_FLAG | GSS_C_DELEG_POLICY_FLAG;
+
+    if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used)
+        != GSS_S_COMPLETE) {
+        code = *minor_status;
+        goto cleanup;
+    }
+    /*
+     * Now try to make it static if at all possible....
+     */
+    ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used);
+
+    {
+        /* gsskrb5 v1 */
+        krb5_int32 seq_temp;
+        if ((code = make_ap_req_v1(context, ctx,
+                                   cred, k_cred, ctx->here->ad_context,
+                                   input_chan_bindings,
+                                   mech_type, &token, exts))) {
+            if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) ||
+                (code == KG_EMPTY_CCACHE))
+                major_status = GSS_S_NO_CRED;
+            if (code == KRB5KRB_AP_ERR_TKT_EXPIRED)
+                major_status = GSS_S_CREDENTIALS_EXPIRED;
+            goto cleanup;
+        }
+
+        krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp);
+        ctx->seq_send = (uint32_t)seq_temp;
+        code = krb5_auth_con_getsendsubkey(context, ctx->auth_context,
+                                           &keyblock);
+        if (code != 0)
+            goto cleanup;
+        code = krb5_k_create_key(context, keyblock, &ctx->subkey);
+        krb5_free_keyblock(context, keyblock);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    ctx->enc = NULL;
+    ctx->seq = NULL;
+    ctx->have_acceptor_subkey = 0;
+    code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype);
+    if (code != 0)
+        goto cleanup;
+
+    if (!(ctx->gss_flags & GSS_C_MUTUAL_FLAG)) {
+        /* There will be no AP-REP, so set up sequence state now. */
+        ctx->seq_recv = ctx->seq_send;
+        code = g_seqstate_init(&ctx->seqstate, ctx->seq_recv,
+                               (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+                               (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0,
+                               ctx->proto);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    /* compute time_rec */
+    if (time_rec) {
+        if ((code = krb5_timeofday(context, &now)))
+            goto cleanup;
+        *time_rec = ts_interval(now, ctx->krb_times.endtime);
+    }
+
+    /* set the other returns */
+    *output_token = token;
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    if (actual_mech_type)
+        *actual_mech_type = mech_type;
+
+    /* return successfully */
+
+    *context_handle = (gss_ctx_id_t) ctx;
+    ctx_free = NULL;
+    if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) {
+        ctx->established = 0;
+        major_status = GSS_S_CONTINUE_NEEDED;
+    } else {
+        ctx->gss_flags |= GSS_C_PROT_READY_FLAG;
+        ctx->established = 1;
+        major_status = GSS_S_COMPLETE;
+    }
+
+cleanup:
+    krb5_free_creds(context, k_cred);
+    if (ctx_free) {
+        if (ctx_free->auth_context)
+            krb5_auth_con_free(context, ctx_free->auth_context);
+        if (ctx_free->here)
+            kg_release_name(context, &ctx_free->here);
+        if (ctx_free->there)
+            kg_release_name(context, &ctx_free->there);
+        if (ctx_free->subkey)
+            krb5_k_free_key(context, ctx_free->subkey);
+        xfree(ctx_free);
+    }
+
+    *minor_status = code;
+    return (major_status);
+}
+
+/*
+ * mutual_auth
+ *
+ * Handle the reply from the acceptor, if we're doing mutual auth.
+ */
+static OM_uint32
+mutual_auth(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    OM_uint32 req_flags,
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID *actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    krb5_context context)
+{
+    OM_uint32 major_status;
+    unsigned char *ptr;
+    krb5_data ap_rep;
+    krb5_ap_rep_enc_part *ap_rep_data;
+    krb5_timestamp now;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_error *krb_error;
+    krb5_error_code code;
+    krb5int_access kaccess;
+
+    major_status = GSS_S_FAILURE;
+
+    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (code)
+        goto fail;
+
+    ctx = (krb5_gss_ctx_id_t) *context_handle;
+
+    /* make sure the context is non-established, and that certain
+       arguments are unchanged */
+
+    if ((ctx->established) ||
+        ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
+        code = KG_CONTEXT_ESTABLISHED;
+        goto fail;
+    }
+
+    if (! kg_compare_name(context, ctx->there, (krb5_gss_name_t)target_name)) {
+        (void)krb5_gss_delete_sec_context(minor_status,
+                                          context_handle, NULL);
+        code = 0;
+        major_status = GSS_S_BAD_NAME;
+        goto fail;
+    }
+
+    /* verify the token and leave the AP_REP message in ap_rep */
+
+    if (input_token == GSS_C_NO_BUFFER) {
+        (void)krb5_gss_delete_sec_context(minor_status,
+                                          context_handle, NULL);
+        code = 0;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto fail;
+    }
+
+    ptr = (unsigned char *) input_token->value;
+
+    if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+        /* Raw AP-REP */
+        ap_rep.length = input_token->length;
+    } else if (g_verify_token_header(ctx->mech_used,
+                                     &(ap_rep.length),
+                                     &ptr, KG_TOK_CTX_AP_REP,
+                                     input_token->length, 1)) {
+        if (g_verify_token_header((gss_OID) ctx->mech_used,
+                                  &(ap_rep.length),
+                                  &ptr, KG_TOK_CTX_ERROR,
+                                  input_token->length, 1) == 0) {
+
+            /* Handle a KRB_ERROR message from the server */
+
+            ap_rep.data = (char *)ptr;
+            code = krb5_rd_error(context, &ap_rep, &krb_error);
+            if (code)
+                goto fail;
+            if (krb_error->error)
+                code = (krb5_error_code)krb_error->error + ERROR_TABLE_BASE_krb5;
+            else
+                code = 0;
+            krb5_free_error(context, krb_error);
+            goto fail;
+        } else {
+            *minor_status = 0;
+            return(GSS_S_DEFECTIVE_TOKEN);
+        }
+    }
+    ap_rep.data = (char *)ptr;
+
+    /* decode the ap_rep */
+    if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+                            &ap_rep_data))) {
+        /*
+         * XXX A hack for backwards compatibility.
+         * To be removed in 1999 -- proven
+         */
+        krb5_auth_con_setuseruserkey(context, ctx->auth_context,
+                                     &ctx->subkey->keyblock);
+        if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+                         &ap_rep_data)))
+            goto fail;
+    }
+
+    /* store away the sequence number */
+    ctx->seq_recv = ap_rep_data->seq_number;
+    code = g_seqstate_init(&ctx->seqstate, ctx->seq_recv,
+                           (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+                           (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0,
+                           ctx->proto);
+    if (code) {
+        krb5_free_ap_rep_enc_part(context, ap_rep_data);
+        goto fail;
+    }
+
+    if (ap_rep_data->subkey != NULL &&
+        (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) ||
+         ap_rep_data->subkey->enctype != ctx->subkey->keyblock.enctype)) {
+        /* Keep acceptor's subkey.  */
+        ctx->have_acceptor_subkey = 1;
+        code = krb5_k_create_key(context, ap_rep_data->subkey,
+                                 &ctx->acceptor_subkey);
+        if (code) {
+            krb5_free_ap_rep_enc_part(context, ap_rep_data);
+            goto fail;
+        }
+        code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
+                             &ctx->acceptor_subkey_cksumtype);
+        if (code) {
+            krb5_free_ap_rep_enc_part(context, ap_rep_data);
+            goto fail;
+        }
+    }
+    /* free the ap_rep_data */
+    krb5_free_ap_rep_enc_part(context, ap_rep_data);
+
+    if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+        krb5_data outbuf;
+
+        code = krb5_mk_rep_dce(context, ctx->auth_context, &outbuf);
+        if (code)
+            goto fail;
+
+        code = data_to_gss(&outbuf, output_token);
+        if (code)
+            goto fail;
+    }
+
+    /* set established */
+    ctx->established = 1;
+
+    /* set returns */
+
+    if (time_rec) {
+        if ((code = krb5_timeofday(context, &now)))
+            goto fail;
+        *time_rec = ts_interval(now, ctx->krb_times.endtime);
+    }
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    if (actual_mech_type)
+        *actual_mech_type = mech_type;
+
+    /* success */
+
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+
+fail:
+    (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL);
+
+    *minor_status = code;
+    return (major_status);
+}
+
+OM_uint32
+krb5_gss_init_sec_context_ext(
+    OM_uint32 *minor_status,
+    gss_cred_id_t claimant_cred_handle,
+    gss_ctx_id_t *context_handle,
+    gss_name_t target_name,
+    gss_OID mech_type,
+    OM_uint32 req_flags,
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID *actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    krb5_gss_ctx_ext_t exts)
+{
+    krb5_context context;
+    gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
+    krb5_gss_cred_id_t cred;
+    krb5_error_code kerr;
+    OM_uint32 major_status;
+    OM_uint32 tmp_min_stat;
+
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        kerr = krb5_gss_init_context(&context);
+        if (kerr) {
+            *minor_status = kerr;
+            return GSS_S_FAILURE;
+        }
+        if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) {
+            save_error_info(*minor_status, context);
+            krb5_free_context(context);
+            return GSS_S_FAILURE;
+        }
+    } else {
+        context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context;
+    }
+
+    /* set up return values so they can be "freed" successfully */
+
+    major_status = GSS_S_FAILURE; /* Default major code */
+    output_token->length = 0;
+    output_token->value = NULL;
+    if (actual_mech_type)
+        *actual_mech_type = NULL;
+
+    /* verify the mech_type */
+
+    if (mech_type == GSS_C_NULL_OID || g_OID_equal(mech_type, gss_mech_krb5)) {
+        mech_type = (gss_OID) gss_mech_krb5;
+    } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
+        mech_type = (gss_OID) gss_mech_krb5_old;
+    } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) {
+        mech_type = (gss_OID) gss_mech_krb5_wrong;
+    } else if (g_OID_equal(mech_type, gss_mech_iakerb)) {
+        mech_type = (gss_OID) gss_mech_iakerb;
+    } else {
+        *minor_status = 0;
+        if (*context_handle == GSS_C_NO_CONTEXT)
+            krb5_free_context(context);
+        return(GSS_S_BAD_MECH);
+    }
+
+    /* is this a new connection or not? */
+
+    /*SUPPRESS 29*/
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        /* verify the credential, or use the default */
+        /*SUPPRESS 29*/
+        if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) {
+            major_status = kg_get_defcred(minor_status, &defcred);
+            if (major_status && GSS_ERROR(major_status)) {
+                if (*context_handle == GSS_C_NO_CONTEXT)
+                    krb5_free_context(context);
+                return(major_status);
+            }
+            claimant_cred_handle = defcred;
+        }
+
+        major_status = kg_cred_resolve(minor_status, context,
+                                       claimant_cred_handle, target_name);
+        if (GSS_ERROR(major_status)) {
+            save_error_info(*minor_status, context);
+            krb5_gss_release_cred(&tmp_min_stat, &defcred);
+            if (*context_handle == GSS_C_NO_CONTEXT)
+                krb5_free_context(context);
+            return(major_status);
+        }
+        cred = (krb5_gss_cred_id_t)claimant_cred_handle;
+
+        major_status = kg_new_connection(minor_status, cred, context_handle,
+                                         target_name, mech_type, req_flags,
+                                         time_req, input_chan_bindings,
+                                         input_token, actual_mech_type,
+                                         output_token, ret_flags, time_rec,
+                                         context, exts);
+        k5_mutex_unlock(&cred->lock);
+        krb5_gss_release_cred(&tmp_min_stat, &defcred);
+        if (*context_handle == GSS_C_NO_CONTEXT) {
+            save_error_info (*minor_status, context);
+            krb5_free_context(context);
+        } else
+            ((krb5_gss_ctx_id_rec *) *context_handle)->k5_context = context;
+    } else {
+        /* mutual_auth doesn't care about the credentials */
+        major_status = mutual_auth(minor_status, context_handle,
+                                   target_name, mech_type, req_flags,
+                                   time_req, input_chan_bindings,
+                                   input_token, actual_mech_type,
+                                   output_token, ret_flags, time_rec,
+                                   context);
+        /* If context_handle is now NO_CONTEXT, mutual_auth called
+           delete_sec_context, which would've zapped the krb5 context
+           too.  */
+    }
+
+    return(major_status);
+}
+
+#ifndef _WIN32
+k5_mutex_t kg_kdc_flag_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+static int kdc_flag = 0;
+#endif
+
+krb5_error_code
+krb5_gss_init_context (krb5_context *ctxp)
+{
+    krb5_error_code err;
+#ifndef _WIN32
+    int is_kdc;
+#endif
+
+    err = gss_krb5int_initialize_library();
+    if (err)
+        return err;
+#ifndef _WIN32
+    k5_mutex_lock(&kg_kdc_flag_mutex);
+    is_kdc = kdc_flag;
+    k5_mutex_unlock(&kg_kdc_flag_mutex);
+
+    if (is_kdc)
+        return krb5int_init_context_kdc(ctxp);
+#endif
+
+    return krb5_init_context(ctxp);
+}
+
+#ifndef _WIN32
+OM_uint32
+krb5int_gss_use_kdc_context(OM_uint32 *minor_status,
+                            const gss_OID desired_mech,
+                            const gss_OID desired_object,
+                            gss_buffer_t value)
+{
+    OM_uint32 err;
+
+    *minor_status = 0;
+
+    err = gss_krb5int_initialize_library();
+    if (err)
+        return err;
+    k5_mutex_lock(&kg_kdc_flag_mutex);
+    kdc_flag = 1;
+    k5_mutex_unlock(&kg_kdc_flag_mutex);
+    return GSS_S_COMPLETE;
+}
+#endif
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
+                          context_handle, target_name, mech_type,
+                          req_flags, time_req, input_chan_bindings,
+                          input_token, actual_mech_type, output_token,
+                          ret_flags, time_rec)
+    OM_uint32 *minor_status;
+    gss_cred_id_t claimant_cred_handle;
+    gss_ctx_id_t *context_handle;
+    gss_name_t target_name;
+    gss_OID mech_type;
+    OM_uint32 req_flags;
+    OM_uint32 time_req;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_buffer_t input_token;
+    gss_OID *actual_mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+{
+    krb5_gss_ctx_ext_rec exts;
+
+    memset(&exts, 0, sizeof(exts));
+
+    return krb5_gss_init_sec_context_ext(minor_status,
+                                         claimant_cred_handle,
+                                         context_handle,
+                                         target_name,
+                                         mech_type,
+                                         req_flags,
+                                         time_req,
+                                         input_chan_bindings,
+                                         input_token,
+                                         actual_mech_type,
+                                         output_token,
+                                         ret_flags,
+                                         time_rec,
+                                         &exts);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/inq_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/inq_context.c
new file mode 100644
index 00000000..97678e3e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/inq_context.c
@@ -0,0 +1,373 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
+                         acceptor_name, lifetime_rec, mech_type, ret_flags,
+                         locally_initiated, opened)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_name_t *initiator_name;
+    gss_name_t *acceptor_name;
+    OM_uint32 *lifetime_rec;
+    gss_OID *mech_type;
+    OM_uint32 *ret_flags;
+    int *locally_initiated;
+    int *opened;
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_gss_name_t initiator, acceptor;
+    krb5_timestamp now, start;
+    OM_uint32 lifetime;
+
+    if (initiator_name)
+        *initiator_name = (gss_name_t) NULL;
+    if (acceptor_name)
+        *acceptor_name = (gss_name_t) NULL;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+    context = ctx->k5_context;
+
+    /* RFC 2743 states that a partially completed context must return
+     * flags, locally_initiated, and open, and *may* return mech_type. */
+    if (ctx->established) {
+        initiator = NULL;
+        acceptor = NULL;
+
+        if ((code = krb5_timeofday(context, &now))) {
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            return(GSS_S_FAILURE);
+        }
+
+        /* Add the maximum allowable clock skew as a grace period for context
+         * expiration, just as we do for the ticket during authentication. */
+        start = ctx->initiate ? now : ts_incr(now, -context->clockskew);
+        lifetime = ts_interval(start, ctx->krb_times.endtime);
+
+        if (initiator_name) {
+            code = kg_duplicate_name(context,
+                                     ctx->initiate ? ctx->here : ctx->there,
+                                     &initiator);
+            if (code) {
+                *minor_status = code;
+                save_error_info(*minor_status, context);
+                return(GSS_S_FAILURE);
+            }
+        }
+
+        if (acceptor_name) {
+            code = kg_duplicate_name(context,
+                                     ctx->initiate ? ctx->there : ctx->here,
+                                     &acceptor);
+            if (code) {
+                if (initiator)
+                    kg_release_name(context, &initiator);
+                *minor_status = code;
+                save_error_info(*minor_status, context);
+                return(GSS_S_FAILURE);
+            }
+        }
+
+        if (initiator_name)
+            *initiator_name = (gss_name_t) initiator;
+
+        if (acceptor_name)
+            *acceptor_name = (gss_name_t) acceptor;
+
+        if (lifetime_rec)
+            *lifetime_rec = lifetime;
+    } else {
+        lifetime = 0;
+        if (initiator_name)
+            *initiator_name = GSS_C_NO_NAME;
+
+        if (acceptor_name)
+            *acceptor_name = GSS_C_NO_NAME;
+
+        if (lifetime_rec)
+            *lifetime_rec = 0;
+    }
+
+    if (mech_type)
+        *mech_type = (gss_OID) ctx->mech_used;
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    if (locally_initiated)
+        *locally_initiated = ctx->initiate;
+
+    if (opened)
+        *opened = ctx->established;
+
+    *minor_status = 0;
+    if (ctx->established)
+        return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
+    else
+        return GSS_S_COMPLETE;
+}
+
+/* Add two buffers to data_set giving the contents and enctype of key. */
+static OM_uint32
+inq_session_key_result(OM_uint32 *minor_status, krb5_key key,
+                       gss_buffer_set_t *data_set)
+{
+    gss_buffer_desc keyvalue, keyinfo;
+    OM_uint32 major, tmpmin;
+    unsigned char oid_buf[GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + 6];
+    gss_OID_desc oid;
+
+    keyvalue.value = key->keyblock.contents;
+    keyvalue.length = key->keyblock.length;
+    major = generic_gss_add_buffer_set_member(minor_status, &keyvalue,
+                                              data_set);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    oid.elements = oid_buf;
+    oid.length = sizeof(oid_buf);
+    major = generic_gss_oid_compose(minor_status,
+                                    GSS_KRB5_SESSION_KEY_ENCTYPE_OID,
+                                    GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH,
+                                    key->keyblock.enctype, &oid);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    keyinfo.value = oid.elements;
+    keyinfo.length = oid.length;
+    major = generic_gss_add_buffer_set_member(minor_status, &keyinfo,
+                                              data_set);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    return GSS_S_COMPLETE;
+
+cleanup:
+    if (*data_set != GSS_C_NO_BUFFER_SET) {
+        if ((*data_set)->count != 0) {
+            zap((*data_set)->elements[0].value,
+                (*data_set)->elements[0].length);
+        }
+        gss_release_buffer_set(&tmpmin, data_set);
+    }
+
+    return major;
+}
+
+OM_uint32
+gss_krb5int_inq_sspi_session_key(OM_uint32 *minor_status,
+                                 const gss_ctx_id_t context_handle,
+                                 const gss_OID desired_object,
+                                 gss_buffer_set_t *data_set)
+{
+    krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle;
+    krb5_key key;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+    key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey;
+    return inq_session_key_result(minor_status, key, data_set);
+}
+
+OM_uint32
+gss_krb5int_inq_odbc_session_key(OM_uint32 *minor_status,
+                                 const gss_ctx_id_t context_handle,
+                                 const gss_OID desired_object,
+                                 gss_buffer_set_t *data_set)
+{
+    OM_uint32 major;
+    krb5_error_code ret;
+    krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle;
+    krb5_key key;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+
+    ret = krb5_auth_con_getkey_k(ctx->k5_context, ctx->auth_context, &key);
+    if (ret) {
+        *minor_status = ret;
+        return GSS_S_FAILURE;
+    }
+
+    major = inq_session_key_result(minor_status, key, data_set);
+    krb5_k_free_key(ctx->k5_context, key);
+    return major;
+}
+
+OM_uint32
+gss_krb5int_extract_authz_data_from_sec_context(
+    OM_uint32 *minor_status,
+    const gss_ctx_id_t context_handle,
+    const gss_OID desired_object,
+    gss_buffer_set_t *data_set)
+{
+    OM_uint32 major_status;
+    krb5_gss_ctx_id_rec *ctx;
+    int ad_type = 0;
+    size_t i;
+
+    *data_set = GSS_C_NO_BUFFER_SET;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    major_status = generic_gss_oid_decompose(minor_status,
+                                             GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+                                             GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+                                             desired_object,
+                                             &ad_type);
+    if (major_status != GSS_S_COMPLETE || ad_type == 0) {
+        *minor_status = ENOENT;
+        return GSS_S_FAILURE;
+    }
+
+    if (ctx->authdata != NULL) {
+        for (i = 0; ctx->authdata[i] != NULL; i++) {
+            if (ctx->authdata[i]->ad_type == ad_type) {
+                gss_buffer_desc ad_data;
+
+                ad_data.length = ctx->authdata[i]->length;
+                ad_data.value = ctx->authdata[i]->contents;
+
+                major_status = generic_gss_add_buffer_set_member(minor_status,
+                                                                 &ad_data, data_set);
+                if (GSS_ERROR(major_status))
+                    break;
+            }
+        }
+    }
+
+    if (GSS_ERROR(major_status)) {
+        OM_uint32 tmp;
+
+        generic_gss_release_buffer_set(&tmp, data_set);
+    }
+
+    return major_status;
+}
+
+OM_uint32
+gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status,
+                                              const gss_ctx_id_t context_handle,
+                                              const gss_OID desired_oid,
+                                              gss_buffer_set_t *data_set)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    gss_buffer_desc rep;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    rep.value = &ctx->krb_times.authtime;
+    rep.length = sizeof(ctx->krb_times.authtime);
+
+    return generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
+}
+
+OM_uint32
+gss_krb5int_sec_context_sasl_ssf(OM_uint32 *minor_status,
+                                 const gss_ctx_id_t context_handle,
+                                 const gss_OID desired_object,
+                                 gss_buffer_set_t *data_set)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_key key;
+    krb5_error_code code;
+    gss_buffer_desc ssfbuf;
+    unsigned int ssf;
+    uint8_t buf[4];
+
+    ctx = (krb5_gss_ctx_id_rec *)context_handle;
+    key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey;
+
+    code = k5_enctype_to_ssf(key->keyblock.enctype, &ssf);
+    if (code)
+        return GSS_S_FAILURE;
+
+    store_32_be(ssf, buf);
+    ssfbuf.value = buf;
+    ssfbuf.length = sizeof(buf);
+
+    return generic_gss_add_buffer_set_member(minor_status, &ssfbuf, data_set);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/inq_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/inq_cred.c
new file mode 100644
index 00000000..0e675959
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/inq_cred.c
@@ -0,0 +1,288 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret,
+                      cred_usage, mechanisms)
+    OM_uint32 *minor_status;
+    gss_cred_id_t cred_handle;
+    gss_name_t *name;
+    OM_uint32 *lifetime_ret;
+    gss_cred_usage_t *cred_usage;
+    gss_OID_set *mechanisms;
+{
+    krb5_context context;
+    gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
+    krb5_gss_cred_id_t cred = NULL;
+    krb5_error_code code;
+    krb5_timestamp now;
+    krb5_deltat lifetime;
+    krb5_gss_name_t ret_name;
+    krb5_principal princ;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
+    OM_uint32 major, tmpmin, ret;
+
+    ret = GSS_S_FAILURE;
+    ret_name = NULL;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    if (name) *name = NULL;
+    if (mechanisms) *mechanisms = NULL;
+
+    /* check for default credential */
+    /*SUPPRESS 29*/
+    if (cred_handle == GSS_C_NO_CREDENTIAL) {
+        major = kg_get_defcred(minor_status, &defcred);
+        if (GSS_ERROR(major)) {
+            krb5_free_context(context);
+            return(major);
+        }
+        cred_handle = defcred;
+    }
+
+    major = kg_cred_resolve(minor_status, context, cred_handle, GSS_C_NO_NAME);
+    if (GSS_ERROR(major)) {
+        krb5_gss_release_cred(minor_status, &defcred);
+        krb5_free_context(context);
+        return(major);
+    }
+    cred = (krb5_gss_cred_id_t)cred_handle;
+
+    if ((code = krb5_timeofday(context, &now))) {
+        *minor_status = code;
+        ret = GSS_S_FAILURE;
+        goto cleanup;
+    }
+
+    if (cred->expire != 0) {
+        lifetime = ts_interval(now, cred->expire);
+        if (lifetime < 0)
+            lifetime = 0;
+    }
+    else
+        lifetime = GSS_C_INDEFINITE;
+
+    if (name) {
+        if (cred->name) {
+            code = kg_duplicate_name(context, cred->name, &ret_name);
+        } else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH)
+                   && cred->keytab != NULL) {
+            /* This is a default acceptor cred; use a name from the keytab if
+             * we can. */
+            code = k5_kt_get_principal(context, cred->keytab, &princ);
+            if (code == 0) {
+                code = kg_init_name(context, princ, NULL, NULL, NULL,
+                                    KG_INIT_NAME_NO_COPY, &ret_name);
+                if (code)
+                    krb5_free_principal(context, princ);
+            } else if (code == KRB5_KT_NOTFOUND)
+                code = 0;
+        }
+        if (code) {
+            *minor_status = code;
+            save_error_info(*minor_status, context);
+            ret = GSS_S_FAILURE;
+            goto cleanup;
+        }
+    }
+
+    if (mechanisms) {
+        if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status,
+                                                             &mechs)) ||
+            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
+                                                           gss_mech_krb5_old,
+                                                           &mechs)) ||
+            GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status,
+                                                           gss_mech_krb5,
+                                                           &mechs))) {
+            if (ret_name)
+                kg_release_name(context, &ret_name);
+            /* *minor_status set above */
+            goto cleanup;
+        }
+    }
+
+    if (name) {
+        if (ret_name != NULL)
+            *name = (gss_name_t) ret_name;
+        else
+            *name = GSS_C_NO_NAME;
+    }
+
+    if (lifetime_ret)
+        *lifetime_ret = lifetime;
+
+    if (cred_usage)
+        *cred_usage = cred->usage;
+
+    if (mechanisms) {
+        *mechanisms = mechs;
+        mechs = GSS_C_NO_OID_SET;
+    }
+
+    *minor_status = 0;
+    ret = (lifetime == 0) ? GSS_S_CREDENTIALS_EXPIRED : GSS_S_COMPLETE;
+
+cleanup:
+    k5_mutex_unlock(&cred->lock);
+    krb5_gss_release_cred(&tmpmin, &defcred);
+    krb5_free_context(context);
+    (void)generic_gss_release_oid_set(&tmpmin, &mechs);
+    return ret;
+}
+
+/* V2 interface */
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_cred_by_mech(minor_status, cred_handle,
+                              mech_type, name, initiator_lifetime,
+                              acceptor_lifetime, cred_usage)
+    OM_uint32           *minor_status;
+    gss_cred_id_t       cred_handle;
+    gss_OID             mech_type;
+    gss_name_t          *name;
+    OM_uint32           *initiator_lifetime;
+    OM_uint32           *acceptor_lifetime;
+    gss_cred_usage_t *cred_usage;
+{
+    krb5_gss_cred_id_t  cred;
+    OM_uint32           lifetime;
+    OM_uint32           mstat;
+
+    cred = (krb5_gss_cred_id_t) cred_handle;
+    mstat = krb5_gss_inquire_cred(minor_status,
+                                  cred_handle,
+                                  name,
+                                  &lifetime,
+                                  cred_usage,
+                                  (gss_OID_set *) NULL);
+    if (mstat == GSS_S_COMPLETE) {
+        if (cred &&
+            ((cred->usage == GSS_C_INITIATE) ||
+             (cred->usage == GSS_C_BOTH)) &&
+            initiator_lifetime)
+            *initiator_lifetime = lifetime;
+        if (cred &&
+            ((cred->usage == GSS_C_ACCEPT) ||
+             (cred->usage == GSS_C_BOTH)) &&
+            acceptor_lifetime)
+            *acceptor_lifetime = lifetime;
+    }
+    return(mstat);
+}
+
+OM_uint32
+gss_krb5int_get_cred_impersonator(OM_uint32 *minor_status,
+                                  const gss_cred_id_t cred_handle,
+                                  const gss_OID desired_object,
+                                  gss_buffer_set_t *data_set)
+{
+    krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t)cred_handle;
+    gss_buffer_desc rep = GSS_C_EMPTY_BUFFER;
+    krb5_context context = NULL;
+    char *impersonator = NULL;
+    krb5_error_code ret;
+    OM_uint32 major;
+
+    *data_set = GSS_C_NO_BUFFER_SET;
+
+    /* Return an empty buffer set if no impersonator is present */
+    if (cred->impersonator == NULL)
+        return generic_gss_create_empty_buffer_set(minor_status, data_set);
+
+    ret = krb5_gss_init_context(&context);
+    if (ret) {
+        *minor_status = ret;
+        return GSS_S_FAILURE;
+    }
+
+    ret = krb5_unparse_name(context, cred->impersonator, &impersonator);
+    if (ret) {
+        krb5_free_context(context);
+        *minor_status = ret;
+        return GSS_S_FAILURE;
+    }
+
+    rep.value = impersonator;
+    rep.length = strlen(impersonator);
+    major = generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
+
+    krb5_free_unparsed_name(context, impersonator);
+    krb5_free_context(context);
+    return major;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/inq_names.c b/krb5-1.21.3/src/lib/gssapi/krb5/inq_names.c
new file mode 100644
index 00000000..b326adbb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/inq_names.c
@@ -0,0 +1,100 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/inq_names.c - Return nametypes supported by krb5 mech */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_names_for_mech(minor_status, mechanism, name_types)
+    OM_uint32   *minor_status;
+    gss_OID     mechanism;
+    gss_OID_set *name_types;
+{
+    OM_uint32   major, minor;
+
+    /*
+     * We only know how to handle our own mechanism.
+     */
+    if ((mechanism != GSS_C_NULL_OID) &&
+        !g_OID_equal(gss_mech_krb5, mechanism) &&
+        !g_OID_equal(gss_mech_krb5_old, mechanism) &&
+        !g_OID_equal(gss_mech_krb5_wrong, mechanism) &&
+        !g_OID_equal(gss_mech_iakerb, mechanism)) {
+        *minor_status = 0;
+        return(GSS_S_BAD_MECH);
+    }
+
+    /* We're okay.  Create an empty OID set */
+    major = generic_gss_create_empty_oid_set(minor_status, name_types);
+    if (major == GSS_S_COMPLETE) {
+        /* Now add our members. */
+        if (
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_user_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_machine_uid_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_string_uid_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_service_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_service_name_v2,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_exported_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     gss_nt_krb5_name,
+                                                     name_types)
+            ) == GSS_S_COMPLETE) &&
+            ((major = generic_gss_add_oid_set_member(minor_status,
+                                                     GSS_C_NT_COMPOSITE_EXPORT,
+                                                     name_types)
+            ) == GSS_S_COMPLETE)
+        ) {
+            major = generic_gss_add_oid_set_member(minor_status,
+                                                   gss_nt_krb5_principal,
+                                                   name_types);
+        }
+
+        /*
+         * If we choked, then release the set, but don't overwrite the minor
+         * status with the release call.
+         */
+        if (major != GSS_S_COMPLETE)
+            (void) generic_gss_release_oid_set(&minor, name_types);
+    }
+    return(major);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c b/krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c
new file mode 100644
index 00000000..99275be5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c
@@ -0,0 +1,392 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "gssapiP_krb5.h"
+
+#include <assert.h>
+
+static krb5_error_code
+make_seal_token_v1 (krb5_context context,
+                    krb5_key enc,
+                    krb5_key seq,
+                    uint64_t *seqnum,
+                    int direction,
+                    gss_buffer_t text,
+                    gss_buffer_t token,
+                    int signalg,
+                    size_t cksum_size,
+                    int sealalg,
+                    int do_encrypt,
+                    int toktype,
+                    gss_OID oid)
+{
+    krb5_error_code code;
+    size_t sumlen;
+    char *data_ptr;
+    krb5_data plaind;
+    krb5_checksum md5cksum;
+    /* msglen contains the message length
+     * we are signing/encrypting.  tmsglen
+     * contains the length of the message
+     * we plan to write out to the token.
+     * tlen is the length of the token
+     * including header. */
+    unsigned int conflen=0, tmsglen, tlen, msglen;
+    unsigned char *t, *metadata, *checksum, *payload;
+    unsigned char *plain;
+    unsigned char pad;
+    krb5_keyusage sign_usage = KG_USAGE_SIGN;
+    struct k5buf buf;
+
+    assert((!do_encrypt) || (toktype == KG_TOK_SEAL_MSG));
+    /* create the token buffer */
+    /* Do we need confounder? */
+    if (do_encrypt || toktype == KG_TOK_SEAL_MSG)
+        conflen = kg_confounder_size(context, enc->keyblock.enctype);
+    else conflen = 0;
+
+    if (toktype == KG_TOK_SEAL_MSG) {
+        switch (sealalg) {
+        case SEAL_ALG_MICROSOFT_RC4:
+            msglen = conflen + text->length+1;
+            pad = 1;
+            break;
+        default:
+            /* XXX knows that des block size is 8 */
+            msglen = (conflen+text->length+8)&(~7);
+            pad = 8-(text->length%8);
+        }
+        tmsglen = msglen;
+    } else {
+        tmsglen = 0;
+        msglen = text->length;
+        pad = 0;
+    }
+
+    tlen = g_token_size(oid, 14 + cksum_size + tmsglen);
+    t = gssalloc_malloc(tlen);
+    if (t == NULL)
+        return(ENOMEM);
+    k5_buf_init_fixed(&buf, t, tlen);
+
+    /*** fill in the token */
+
+    g_make_token_header(&buf, oid, 14 + cksum_size + tmsglen, toktype);
+    metadata = k5_buf_get_space(&buf, 14);
+    checksum = k5_buf_get_space(&buf, cksum_size);
+    payload = k5_buf_get_space(&buf, tmsglen);
+    assert(metadata != NULL && checksum != NULL && payload != NULL);
+    assert(buf.len == tlen);
+
+    /* 0..1 SIGN_ALG */
+    store_16_le(signalg, &metadata[0]);
+
+    /* 2..3 SEAL_ALG or Filler */
+    if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) {
+        store_16_le(sealalg, &metadata[2]);
+    } else {
+        /* No seal */
+        metadata[2] = 0xFF;
+        metadata[3] = 0xFF;
+    }
+
+    /* 4..5 Filler */
+    metadata[4] = 0xFF;
+    metadata[5] = 0xFF;
+
+    /* pad the plaintext, encrypt if needed, and stick it in the token */
+
+    /* initialize the the checksum */
+    switch (signalg) {
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
+    case SGN_ALG_HMAC_MD5:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        if (toktype != KG_TOK_SEAL_MSG)
+            sign_usage = 15;
+        break;
+    default:
+        abort ();
+    }
+
+    code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
+    if (code) {
+        gssalloc_free(t);
+        return(code);
+    }
+    md5cksum.length = sumlen;
+
+
+    if ((plain = (unsigned char *) xmalloc(msglen ? msglen : 1)) == NULL) {
+        gssalloc_free(t);
+        return(ENOMEM);
+    }
+
+    if (conflen) {
+        if ((code = kg_make_confounder(context, enc->keyblock.enctype,
+                                       plain))) {
+            xfree(plain);
+            gssalloc_free(t);
+            return(code);
+        }
+    }
+
+    memcpy(plain+conflen, text->value, text->length);
+    if (pad) memset(plain+conflen+text->length, pad, pad);
+
+    /* compute the checksum */
+
+    /* 8 = head of token body as specified by mech spec */
+    if (! (data_ptr = xmalloc(8 + msglen))) {
+        xfree(plain);
+        gssalloc_free(t);
+        return(ENOMEM);
+    }
+    /* Checksum over the token ID, metadata bytes, and plaintext. */
+    memcpy(data_ptr, metadata - 2, 8);
+    memcpy(data_ptr + 8, plain, msglen);
+    plaind.length = 8 + msglen;
+    plaind.data = data_ptr;
+    code = krb5_k_make_checksum(context, md5cksum.checksum_type, seq,
+                                sign_usage, &plaind, &md5cksum);
+    xfree(data_ptr);
+
+    if (code) {
+        xfree(plain);
+        gssalloc_free(t);
+        return(code);
+    }
+    switch(signalg) {
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        /*
+         * Using key derivation, the call to krb5_c_make_checksum
+         * already dealt with encrypting.
+         */
+        if (md5cksum.length != cksum_size)
+            abort ();
+        memcpy(checksum, md5cksum.contents, md5cksum.length);
+        break;
+    case SGN_ALG_HMAC_MD5:
+        memcpy(checksum, md5cksum.contents, cksum_size);
+        break;
+    }
+
+    krb5_free_checksum_contents(context, &md5cksum);
+
+    /* create the seq_num */
+
+    code = kg_make_seq_num(context, seq, direction?0:0xff,
+                           (krb5_ui_4)*seqnum, checksum, metadata + 6);
+    if (code) {
+        xfree (plain);
+        gssalloc_free(t);
+        return(code);
+    }
+
+    if (do_encrypt) {
+        switch(sealalg) {
+        case SEAL_ALG_MICROSOFT_RC4:
+        {
+            unsigned char bigend_seqnum[4];
+            krb5_keyblock *enc_key;
+            int i;
+            store_32_be(*seqnum, bigend_seqnum);
+            code = krb5_k_key_keyblock(context, enc, &enc_key);
+            if (code)
+            {
+                xfree(plain);
+                gssalloc_free(t);
+                return(code);
+            }
+            assert (enc_key->length == 16);
+            for (i = 0; i <= 15; i++)
+                ((char *) enc_key->contents)[i] ^=0xf0;
+            code = kg_arcfour_docrypt(enc_key, 0, bigend_seqnum, 4, plain,
+                                      tmsglen, payload);
+            krb5_free_keyblock (context, enc_key);
+            if (code)
+            {
+                xfree(plain);
+                gssalloc_free(t);
+                return(code);
+            }
+        }
+        break;
+        default:
+            code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL,  plain,
+                              payload, tmsglen);
+            if (code) {
+                xfree(plain);
+                gssalloc_free(t);
+                return(code);
+            }
+        }
+    }else {
+        if (tmsglen)
+            memcpy(payload, plain, tmsglen);
+    }
+    xfree(plain);
+
+
+    /* that's it.  return the token */
+
+    (*seqnum)++;
+    *seqnum &= 0xffffffffL;
+
+    token->length = tlen;
+    token->value = (void *) t;
+
+    return(0);
+}
+
+/* if signonly is true, ignore conf_req, conf_state,
+   and do not encode the ENC_TYPE, MSG_LENGTH, or MSG_TEXT fields */
+
+OM_uint32
+kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
+        input_message_buffer, conf_state, output_message_buffer, toktype)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    int conf_req_flag;
+    gss_qop_t qop_req;
+    gss_buffer_t input_message_buffer;
+    int *conf_state;
+    gss_buffer_t output_message_buffer;
+    int toktype;
+{
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_error_code code;
+    krb5_context context;
+
+    output_message_buffer->length = 0;
+    output_message_buffer->value = NULL;
+
+    /* Only default qop or matching established cryptosystem is allowed.
+
+       There are NO EXTENSIONS to this set for AES and friends!  The
+       new spec says "just use 0".  The old spec plus extensions would
+       actually allow for certain non-zero values.  Fix this to handle
+       them later.  */
+    if (qop_req != 0) {
+        *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+        return GSS_S_BAD_QOP;
+    }
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    context = ctx->k5_context;
+    switch (ctx->proto)
+    {
+    case 0:
+        code = make_seal_token_v1(context, ctx->enc, ctx->seq,
+                                  &ctx->seq_send, ctx->initiate,
+                                  input_message_buffer, output_message_buffer,
+                                  ctx->signalg, ctx->cksum_size, ctx->sealalg,
+                                  conf_req_flag, toktype, ctx->mech_used);
+        break;
+    case 1:
+        code = gss_krb5int_make_seal_token_v3(context, ctx,
+                                              input_message_buffer,
+                                              output_message_buffer,
+                                              conf_req_flag, toktype);
+        break;
+    default:
+        code = G_UNKNOWN_QOP;   /* XXX */
+        break;
+    }
+
+    if (code) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return(GSS_S_FAILURE);
+    }
+
+    if (conf_state)
+        *conf_state = conf_req_flag;
+
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_wrap(minor_status, context_handle, conf_req_flag,
+              qop_req, input_message_buffer, conf_state,
+              output_message_buffer)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    int                 conf_req_flag;
+    gss_qop_t           qop_req;
+    gss_buffer_t        input_message_buffer;
+    int                 *conf_state;
+    gss_buffer_t        output_message_buffer;
+{
+    return(kg_seal(minor_status, context_handle, conf_req_flag,
+                   qop_req, input_message_buffer, conf_state,
+                   output_message_buffer, KG_TOK_WRAP_MSG));
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_get_mic(minor_status, context_handle, qop_req,
+                 message_buffer, message_token)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_qop_t           qop_req;
+    gss_buffer_t        message_buffer;
+    gss_buffer_t        message_token;
+{
+    return(kg_seal(minor_status, context_handle, 0,
+                   qop_req, message_buffer, NULL,
+                   message_token, KG_TOK_MIC_MSG));
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/k5sealiov.c b/krb5-1.21.3/src/lib/gssapi/krb5/k5sealiov.c
new file mode 100644
index 00000000..7bf7609a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/k5sealiov.c
@@ -0,0 +1,542 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/k5sealiov.c */
+/*
+ * Copyright 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+static krb5_error_code
+make_seal_token_v1_iov(krb5_context context,
+                       krb5_gss_ctx_id_rec *ctx,
+                       int conf_req_flag,
+                       int *conf_state,
+                       gss_iov_buffer_desc *iov,
+                       int iov_count,
+                       int toktype)
+{
+    krb5_error_code code = 0;
+    gss_iov_buffer_t header;
+    gss_iov_buffer_t padding;
+    gss_iov_buffer_t trailer;
+    krb5_checksum md5cksum;
+    krb5_checksum cksum;
+    size_t k5_headerlen = 0, k5_trailerlen = 0;
+    size_t data_length = 0, assoc_data_length = 0;
+    size_t tmsglen = 0, cnflen = 0, tlen;
+    uint8_t *metadata, *checksum, *confounder;
+    krb5_keyusage sign_usage = KG_USAGE_SIGN;
+    struct k5buf buf;
+
+    md5cksum.length = cksum.length = 0;
+    md5cksum.contents = cksum.contents = NULL;
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    if (header == NULL)
+        return EINVAL;
+
+    padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    if (padding == NULL && toktype == KG_TOK_WRAP_MSG &&
+        (ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
+        return EINVAL;
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    if (trailer != NULL)
+        trailer->buffer.length = 0;
+
+    /* Determine confounder length */
+    if (toktype == KG_TOK_WRAP_MSG) {
+        size_t k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
+        size_t gss_padlen;
+        size_t conf_data_length;
+
+        cnflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
+
+        kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+        conf_data_length = cnflen + data_length - assoc_data_length;
+
+        if (k5_padlen == 1)
+            gss_padlen = 1; /* one byte to indicate one byte of padding */
+        else
+            gss_padlen = k5_padlen - (conf_data_length % k5_padlen);
+
+        if (ctx->gss_flags & GSS_C_DCE_STYLE) {
+            /* DCE will pad the actual data itself; padding buffer optional and will be zeroed */
+            gss_padlen = 0;
+
+            if (conf_data_length % k5_padlen)
+                code = KRB5_BAD_MSIZE;
+        } else if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+            code = kg_allocate_iov(padding, gss_padlen);
+        } else if (padding->buffer.length < gss_padlen) {
+            code = KRB5_BAD_MSIZE;
+        }
+        if (code != 0)
+            goto cleanup;
+
+        /* Initialize padding buffer to pad itself */
+        if (padding != NULL) {
+            padding->buffer.length = gss_padlen;
+            memset(padding->buffer.value, (int)gss_padlen, gss_padlen);
+        }
+
+        if (ctx->gss_flags & GSS_C_DCE_STYLE)
+            tmsglen = cnflen; /* confounder length */
+        else
+            tmsglen = conf_data_length + padding->buffer.length;
+    }
+
+    /* Determine token size */
+    tlen = g_token_size(ctx->mech_used, 14 + ctx->cksum_size + tmsglen);
+
+    k5_headerlen = cnflen + tlen - tmsglen;
+
+    if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+        code = kg_allocate_iov(header, k5_headerlen);
+    else if (header->buffer.length < k5_headerlen)
+        code = KRB5_BAD_MSIZE;
+    if (code != 0)
+        goto cleanup;
+
+    header->buffer.length = k5_headerlen;
+
+    k5_buf_init_fixed(&buf, header->buffer.value, k5_headerlen);
+    g_make_token_header(&buf, ctx->mech_used, 14 + ctx->cksum_size + tmsglen,
+                        toktype);
+    metadata = k5_buf_get_space(&buf, 14);
+    checksum = k5_buf_get_space(&buf, ctx->cksum_size);
+    assert(metadata != NULL && checksum != NULL);
+
+    /* 0..1 SIGN_ALG */
+    store_16_le(ctx->signalg, &metadata[0]);
+
+    /* 2..3 SEAL_ALG or Filler */
+    if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
+        store_16_le(ctx->sealalg, &metadata[2]);
+    } else {
+        /* No seal */
+        metadata[2] = 0xFF;
+        metadata[3] = 0xFF;
+    }
+
+    /* 4..5 Filler */
+    metadata[4] = 0xFF;
+    metadata[5] = 0xFF;
+
+    /* pad the plaintext, encrypt if needed, and stick it in the token */
+
+    /* initialize the checksum */
+    switch (ctx->signalg) {
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
+    case SGN_ALG_HMAC_MD5:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        if (toktype != KG_TOK_WRAP_MSG)
+            sign_usage = 15;
+        break;
+    default:
+        abort ();
+    }
+
+    code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen);
+    if (code != 0)
+        goto cleanup;
+    md5cksum.length = k5_trailerlen;
+
+    if (k5_headerlen != 0 && toktype == KG_TOK_WRAP_MSG) {
+        confounder = k5_buf_get_space(&buf, cnflen);
+        assert(confounder != NULL);
+        code = kg_make_confounder(context, ctx->enc->keyblock.enctype,
+                                  confounder);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    /* compute the checksum */
+    code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type,
+                                   ctx->cksum_size, ctx->seq, ctx->enc,
+                                   sign_usage, iov, iov_count, toktype,
+                                   &md5cksum);
+    if (code != 0)
+        goto cleanup;
+
+    switch (ctx->signalg) {
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        assert(md5cksum.length == ctx->cksum_size);
+        memcpy(checksum, md5cksum.contents, md5cksum.length);
+        break;
+    case SGN_ALG_HMAC_MD5:
+        memcpy(checksum, md5cksum.contents, ctx->cksum_size);
+        break;
+    }
+
+    /* create the seq_num */
+    code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF,
+                           (OM_uint32)ctx->seq_send, checksum, metadata + 6);
+    if (code != 0)
+        goto cleanup;
+
+    if (conf_req_flag) {
+        if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+            unsigned char bigend_seqnum[4];
+            krb5_keyblock *enc_key;
+            size_t i;
+
+            store_32_be(ctx->seq_send, bigend_seqnum);
+
+            code = krb5_k_key_keyblock(context, ctx->enc, &enc_key);
+            if (code != 0)
+                goto cleanup;
+
+            assert(enc_key->length == 16);
+
+            for (i = 0; i < enc_key->length; i++)
+                ((char *)enc_key->contents)[i] ^= 0xF0;
+
+            code = kg_arcfour_docrypt_iov(context, enc_key, 0,
+                                          bigend_seqnum, 4,
+                                          iov, iov_count);
+            krb5_free_keyblock(context, enc_key);
+        } else {
+            code = kg_encrypt_iov(context, ctx->proto,
+                                  ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                                  0 /*EC*/, 0 /*RRC*/,
+                                  ctx->enc, KG_USAGE_SEAL, NULL,
+                                  iov, iov_count);
+        }
+        if (code != 0)
+            goto cleanup;
+    }
+
+    ctx->seq_send++;
+    ctx->seq_send &= 0xFFFFFFFFL;
+
+    code = 0;
+
+    if (conf_state != NULL)
+        *conf_state = conf_req_flag;
+
+cleanup:
+    if (code != 0)
+        kg_release_iov(iov, iov_count);
+    krb5_free_checksum_contents(context, &md5cksum);
+
+    return code;
+}
+
+OM_uint32
+kg_seal_iov(OM_uint32 *minor_status,
+            gss_ctx_id_t context_handle,
+            int conf_req_flag,
+            gss_qop_t qop_req,
+            int *conf_state,
+            gss_iov_buffer_desc *iov,
+            int iov_count,
+            int toktype)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_error_code code;
+    krb5_context context;
+
+    if (qop_req != 0) {
+        *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+        return GSS_S_BAD_QOP;
+    }
+
+    ctx = (krb5_gss_ctx_id_rec *)context_handle;
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+
+    if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) {
+        /* may be more sensible to return an error here */
+        conf_req_flag = FALSE;
+    }
+
+    context = ctx->k5_context;
+    switch (ctx->proto) {
+    case 0:
+        code = make_seal_token_v1_iov(context, ctx, conf_req_flag,
+                                      conf_state, iov, iov_count, toktype);
+        break;
+    case 1:
+        code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag,
+                                                  conf_state, iov, iov_count, toktype);
+        break;
+    default:
+        code = G_UNKNOWN_QOP;
+        break;
+    }
+
+    if (code != 0) {
+        *minor_status = code;
+        save_error_info(*minor_status, context);
+        return GSS_S_FAILURE;
+    }
+
+    *minor_status = 0;
+
+    return GSS_S_COMPLETE;
+}
+
+#define INIT_IOV_DATA(_iov)     do { (_iov)->buffer.value = NULL;       \
+        (_iov)->buffer.length = 0; }                                    \
+    while (0)
+
+OM_uint32
+kg_seal_iov_length(OM_uint32 *minor_status,
+                   gss_ctx_id_t context_handle,
+                   int conf_req_flag,
+                   gss_qop_t qop_req,
+                   int *conf_state,
+                   gss_iov_buffer_desc *iov,
+                   int iov_count,
+                   int toktype)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    gss_iov_buffer_t header, trailer, padding;
+    size_t data_length, assoc_data_length;
+    size_t gss_headerlen, gss_padlen, gss_trailerlen;
+    unsigned int k5_headerlen = 0, k5_trailerlen = 0, k5_padlen = 0;
+    krb5_error_code code;
+    krb5_context context;
+    int dce_or_mic;
+
+    if (qop_req != GSS_C_QOP_DEFAULT) {
+        *minor_status = (OM_uint32)G_UNKNOWN_QOP;
+        return GSS_S_BAD_QOP;
+    }
+
+    ctx = (krb5_gss_ctx_id_rec *)context_handle;
+    if (!ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    if (header == NULL) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+    INIT_IOV_DATA(header);
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    if (trailer != NULL) {
+        INIT_IOV_DATA(trailer);
+    }
+
+    /* MIC tokens and DCE-style wrap tokens have similar length considerations:
+     * no padding, and the framing surrounds the header only, not the data. */
+    dce_or_mic = ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0 ||
+                  toktype == KG_TOK_MIC_MSG);
+
+    /* For CFX, EC is used instead of padding, and is placed in header or trailer */
+    padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    if (padding == NULL) {
+        if (conf_req_flag && ctx->proto == 0 && !dce_or_mic) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
+    } else {
+        INIT_IOV_DATA(padding);
+    }
+
+    kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+
+    if (conf_req_flag && kg_integ_only_iov(iov, iov_count))
+        conf_req_flag = FALSE;
+
+    context = ctx->k5_context;
+
+    gss_headerlen = gss_padlen = gss_trailerlen = 0;
+
+    if (ctx->proto == 1) {
+        krb5_key key;
+        krb5_enctype enctype;
+        size_t ec;
+
+        key = (ctx->have_acceptor_subkey) ? ctx->acceptor_subkey : ctx->subkey;
+        enctype = key->keyblock.enctype;
+
+        code = krb5_c_crypto_length(context, enctype,
+                                    conf_req_flag ?
+                                    KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &k5_trailerlen);
+        if (code != 0) {
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+
+        if (conf_req_flag) {
+            code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+            if (code != 0) {
+                *minor_status = code;
+                return GSS_S_FAILURE;
+            }
+        }
+
+        gss_headerlen = 16; /* Header */
+        if (conf_req_flag) {
+            gss_headerlen += k5_headerlen; /* Kerb-Header */
+            gss_trailerlen = 16 /* E(Header) */ + k5_trailerlen; /* Kerb-Trailer */
+
+            code = krb5_c_padding_length(context, enctype,
+                                         data_length - assoc_data_length + 16 /* E(Header) */, &k5_padlen);
+            if (code != 0) {
+                *minor_status = code;
+                return GSS_S_FAILURE;
+            }
+
+            if (k5_padlen == 0 && dce_or_mic) {
+                /* Windows rejects AEAD tokens with non-zero EC */
+                code = krb5_c_block_size(context, enctype, &ec);
+                if (code != 0) {
+                    *minor_status = code;
+                    return GSS_S_FAILURE;
+                }
+            } else
+                ec = k5_padlen;
+
+            gss_trailerlen += ec;
+        } else {
+            gss_trailerlen = k5_trailerlen; /* Kerb-Checksum */
+        }
+    } else if (!dce_or_mic) {
+        k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8;
+
+        if (k5_padlen == 1)
+            gss_padlen = 1;
+        else
+            gss_padlen = k5_padlen - ((data_length - assoc_data_length) % k5_padlen);
+    }
+
+    data_length += gss_padlen;
+
+    if (ctx->proto == 0) {
+        /* Header | Checksum | Confounder | Data | Pad */
+        size_t data_size;
+
+        k5_headerlen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
+
+        data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen;
+
+        if (!dce_or_mic)
+            data_size += data_length;
+
+        gss_headerlen = g_token_size(ctx->mech_used, data_size);
+
+        /* g_token_size() will include data_size as well as the overhead, so
+         * subtract data_length just to get the overhead (ie. token size) */
+        if (!dce_or_mic)
+            gss_headerlen -= data_length;
+    }
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (trailer == NULL)
+        gss_headerlen += gss_trailerlen;
+    else
+        trailer->buffer.length = gss_trailerlen;
+
+    assert(gss_padlen == 0 || padding != NULL);
+
+    if (padding != NULL)
+        padding->buffer.length = gss_padlen;
+
+    header->buffer.length = gss_headerlen;
+
+    if (conf_state != NULL)
+        *conf_state = conf_req_flag;
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_wrap_iov(OM_uint32 *minor_status,
+                  gss_ctx_id_t context_handle,
+                  int conf_req_flag,
+                  gss_qop_t qop_req,
+                  int *conf_state,
+                  gss_iov_buffer_desc *iov,
+                  int iov_count)
+{
+    OM_uint32 major_status;
+
+    major_status = kg_seal_iov(minor_status, context_handle, conf_req_flag,
+                               qop_req, conf_state,
+                               iov, iov_count, KG_TOK_WRAP_MSG);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_wrap_iov_length(OM_uint32 *minor_status,
+                         gss_ctx_id_t context_handle,
+                         int conf_req_flag,
+                         gss_qop_t qop_req,
+                         int *conf_state,
+                         gss_iov_buffer_desc *iov,
+                         int iov_count)
+{
+    OM_uint32 major_status;
+
+    major_status = kg_seal_iov_length(minor_status, context_handle,
+                                      conf_req_flag, qop_req, conf_state, iov,
+                                      iov_count, KG_TOK_WRAP_MSG);
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_get_mic_iov(OM_uint32 *minor_status,
+                     gss_ctx_id_t context_handle,
+                     gss_qop_t qop_req,
+                     gss_iov_buffer_desc *iov,
+                     int iov_count)
+{
+    OM_uint32 major_status;
+
+    major_status = kg_seal_iov(minor_status, context_handle, FALSE,
+                               qop_req, NULL,
+                               iov, iov_count, KG_TOK_MIC_MSG);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_get_mic_iov_length(OM_uint32 *minor_status,
+                            gss_ctx_id_t context_handle,
+                            gss_qop_t qop_req,
+                            gss_iov_buffer_desc *iov,
+                            int iov_count)
+{
+    OM_uint32 major_status;
+
+    major_status = kg_seal_iov_length(minor_status, context_handle, FALSE,
+                                      qop_req, NULL, iov, iov_count,
+                                      KG_TOK_MIC_MSG);
+    return major_status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c b/krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c
new file mode 100644
index 00000000..1fcbdfbb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c
@@ -0,0 +1,522 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/k5sealv3.c */
+/*
+ * Copyright 2003,2004,2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* draft-ietf-krb-wg-gssapi-cfx-05 */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+int
+gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc)
+{
+    /* Optimize for receiving.  After some debugging is done, the MIT
+       implementation won't do any rotates on sending, and while
+       debugging, they'll be randomly chosen.
+
+       Return 1 for success, 0 for failure (ENOMEM).  */
+    void *tbuf;
+
+    if (bufsiz == 0)
+        return 1;
+    rc = rc % bufsiz;
+    if (rc == 0)
+        return 1;
+
+    tbuf = malloc(rc);
+    if (tbuf == 0)
+        return 0;
+    memcpy(tbuf, ptr, rc);
+    memmove(ptr, (char *)ptr + rc, bufsiz - rc);
+    memcpy((char *)ptr + bufsiz - rc, tbuf, rc);
+    free(tbuf);
+    return 1;
+}
+
+static const gss_buffer_desc empty_message = { 0, 0 };
+
+krb5_error_code
+gss_krb5int_make_seal_token_v3 (krb5_context context,
+                                krb5_gss_ctx_id_rec *ctx,
+                                const gss_buffer_desc * message,
+                                gss_buffer_t token,
+                                int conf_req_flag, int toktype)
+{
+    size_t bufsize = 16;
+    unsigned char *outbuf = 0;
+    krb5_error_code err;
+    int key_usage;
+    unsigned char acceptor_flag;
+    const gss_buffer_desc *message2 = message;
+#ifdef CFX_EXERCISE
+    size_t rrc;
+#endif
+    size_t ec;
+    unsigned short tok_id;
+    krb5_checksum sum;
+    krb5_key key;
+    krb5_cksumtype cksumtype;
+
+    acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
+    key_usage = (toktype == KG_TOK_WRAP_MSG
+                 ? (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
+    if (ctx->have_acceptor_subkey) {
+        key = ctx->acceptor_subkey;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
+    } else {
+        key = ctx->subkey;
+        cksumtype = ctx->cksumtype;
+    }
+    assert(key != NULL);
+
+#ifdef CFX_EXERCISE
+    {
+        static int initialized = 0;
+        if (!initialized) {
+            srand(time(0));
+            initialized = 1;
+        }
+    }
+#endif
+
+    if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
+        krb5_data plain;
+        krb5_enc_data cipher;
+        size_t ec_max;
+        size_t encrypt_size;
+
+        /* 300: Adds some slop.  */
+        if (SIZE_MAX - 300 < message->length)
+            return ENOMEM;
+        ec_max = SIZE_MAX - message->length - 300;
+        if (ec_max > 0xffff)
+            ec_max = 0xffff;
+#ifdef CFX_EXERCISE
+        /* For testing only.  For performance, always set ec = 0.  */
+        ec = ec_max & rand();
+#else
+        ec = 0;
+#endif
+        err = alloc_data(&plain, message->length + 16 + ec);
+        if (err)
+            return err;
+
+        /* Get size of ciphertext.  */
+        encrypt_size = krb5_encrypt_size(plain.length, key->keyblock.enctype);
+        if (encrypt_size > SIZE_MAX / 2) {
+            err = ENOMEM;
+            goto error;
+        }
+        bufsize = 16 + encrypt_size;
+        /* Allocate space for header plus encrypted data.  */
+        outbuf = gssalloc_malloc(bufsize);
+        if (outbuf == NULL) {
+            free(plain.data);
+            return ENOMEM;
+        }
+
+        /* TOK_ID */
+        store_16_be(KG2_TOK_WRAP_MSG, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag | FLAG_WRAP_CONFIDENTIAL |
+                     (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xff;
+        /* EC */
+        store_16_be(ec, outbuf+4);
+        /* RRC */
+        store_16_be(0, outbuf+6);
+        store_64_be(ctx->seq_send, outbuf+8);
+
+        memcpy(plain.data, message->value, message->length);
+        if (ec != 0)
+            memset(plain.data + message->length, 'x', ec);
+        memcpy(plain.data + message->length + ec, outbuf, 16);
+
+        cipher.ciphertext.data = (char *)outbuf + 16;
+        cipher.ciphertext.length = bufsize - 16;
+        cipher.enctype = key->keyblock.enctype;
+        err = krb5_k_encrypt(context, key, key_usage, 0, &plain, &cipher);
+        zap(plain.data, plain.length);
+        free(plain.data);
+        plain.data = 0;
+        if (err)
+            goto error;
+
+        /* Now that we know we're returning a valid token....  */
+        ctx->seq_send++;
+
+#ifdef CFX_EXERCISE
+        rrc = rand() & 0xffff;
+        if (gss_krb5int_rotate_left(outbuf+16, bufsize-16,
+                                    (bufsize-16) - (rrc % (bufsize - 16))))
+            store_16_be(rrc, outbuf+6);
+        /* If the rotate fails, don't worry about it.  */
+#endif
+    } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
+        krb5_data plain;
+        size_t cksumsize;
+
+        /* Here, message is the application-supplied data; message2 is
+           what goes into the output token.  They may be the same, or
+           message2 may be empty (for MIC).  */
+
+        tok_id = KG2_TOK_WRAP_MSG;
+
+    wrap_with_checksum:
+        err = alloc_data(&plain, message->length + 16);
+        if (err)
+            return err;
+
+        err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
+        if (err)
+            goto error;
+
+        assert(cksumsize <= 0xffff);
+
+        bufsize = 16 + message2->length + cksumsize;
+        outbuf = gssalloc_malloc(bufsize);
+        if (outbuf == NULL) {
+            free(plain.data);
+            plain.data = 0;
+            err = ENOMEM;
+            goto error;
+        }
+
+        /* TOK_ID */
+        store_16_be(tok_id, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag
+                     | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xff;
+        if (toktype == KG_TOK_WRAP_MSG) {
+            /* Use 0 for checksum calculation, substitute
+               checksum length later.  */
+            /* EC */
+            store_16_be(0, outbuf+4);
+            /* RRC */
+            store_16_be(0, outbuf+6);
+        } else {
+            /* MIC and DEL store 0xFF in EC and RRC.  */
+            store_16_be(0xffff, outbuf+4);
+            store_16_be(0xffff, outbuf+6);
+        }
+        store_64_be(ctx->seq_send, outbuf+8);
+
+        memcpy(plain.data, message->value, message->length);
+        memcpy(plain.data + message->length, outbuf, 16);
+
+        /* Fill in the output token -- data contents, if any, and
+           space for the checksum.  */
+        if (message2->length)
+            memcpy(outbuf + 16, message2->value, message2->length);
+
+        sum.contents = outbuf + 16 + message2->length;
+        sum.length = cksumsize;
+
+        err = krb5_k_make_checksum(context, cksumtype, key,
+                                   key_usage, &plain, &sum);
+        zap(plain.data, plain.length);
+        free(plain.data);
+        plain.data = 0;
+        if (err) {
+            zap(outbuf,bufsize);
+            goto error;
+        }
+        if (sum.length != cksumsize)
+            abort();
+        memcpy(outbuf + 16 + message2->length, sum.contents, cksumsize);
+        krb5_free_checksum_contents(context, &sum);
+        sum.contents = 0;
+        /* Now that we know we're actually generating the token...  */
+        ctx->seq_send++;
+
+        if (toktype == KG_TOK_WRAP_MSG) {
+#ifdef CFX_EXERCISE
+            rrc = rand() & 0xffff;
+            /* If the rotate fails, don't worry about it.  */
+            if (gss_krb5int_rotate_left(outbuf+16, bufsize-16,
+                                        (bufsize-16) - (rrc % (bufsize - 16))))
+                store_16_be(rrc, outbuf+6);
+#endif
+            /* Fix up EC field.  */
+            store_16_be(cksumsize, outbuf+4);
+        } else {
+            store_16_be(0xffff, outbuf+6);
+        }
+    } else if (toktype == KG_TOK_MIC_MSG) {
+        tok_id = KG2_TOK_MIC_MSG;
+        message2 = &empty_message;
+        goto wrap_with_checksum;
+    } else if (toktype == KG_TOK_DEL_CTX) {
+        tok_id = KG2_TOK_DEL_CTX;
+        message = message2 = &empty_message;
+        goto wrap_with_checksum;
+    } else
+        abort();
+
+    token->value = outbuf;
+    token->length = bufsize;
+    return 0;
+
+error:
+    gssalloc_free(outbuf);
+    token->value = NULL;
+    token->length = 0;
+    return err;
+}
+
+/* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
+   conf_state is only valid if SEAL. */
+
+OM_uint32
+gss_krb5int_unseal_token_v3(krb5_context *contextptr,
+                            OM_uint32 *minor_status,
+                            krb5_gss_ctx_id_rec *ctx,
+                            unsigned char *ptr, unsigned int bodysize,
+                            gss_buffer_t message_buffer,
+                            int *conf_state, gss_qop_t *qop_state, int toktype)
+{
+    krb5_context context = *contextptr;
+    krb5_data plain = empty_data();
+    uint64_t seqnum;
+    size_t ec, rrc;
+    int key_usage;
+    unsigned char acceptor_flag;
+    krb5_checksum sum;
+    krb5_error_code err;
+    krb5_boolean valid;
+    krb5_key key;
+    krb5_cksumtype cksumtype;
+
+    if (qop_state)
+        *qop_state = GSS_C_QOP_DEFAULT;
+
+    acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
+    key_usage = (toktype == KG_TOK_WRAP_MSG
+                 ? (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
+
+    /* Oops.  I wrote this code assuming ptr would be at the start of
+       the token header.  */
+    ptr -= 2;
+    bodysize += 2;
+
+    if (bodysize < 16) {
+    defective:
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) {
+        *minor_status = (OM_uint32)G_BAD_DIRECTION;
+        return GSS_S_BAD_SIG;
+    }
+
+    /* Two things to note here.
+
+       First, we can't really enforce the use of the acceptor's subkey,
+       if we're the acceptor; the initiator may have sent messages
+       before getting the subkey.  We could probably enforce it if
+       we're the initiator.
+
+       Second, if someone tweaks the code to not set the flag telling
+       the krb5 library to generate a new subkey in the AP-REP
+       message, the MIT library may include a subkey anyways --
+       namely, a copy of the AP-REQ subkey, if it was provided.  So
+       the initiator may think we wanted a subkey, and set the flag,
+       even though we weren't trying to set the subkey.  The "other"
+       key, the one not asserted by the acceptor, will have the same
+       value in that case, though, so we can just ignore the flag.  */
+    if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
+        key = ctx->acceptor_subkey;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
+    } else {
+        key = ctx->subkey;
+        cksumtype = ctx->cksumtype;
+    }
+    assert(key != NULL);
+
+    if (toktype == KG_TOK_WRAP_MSG) {
+        if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
+            goto defective;
+        if (ptr[3] != 0xff)
+            goto defective;
+        ec = load_16_be(ptr+4);
+        rrc = load_16_be(ptr+6);
+        seqnum = load_64_be(ptr+8);
+        if (!gss_krb5int_rotate_left(ptr+16, bodysize-16, rrc)) {
+        no_mem:
+            *minor_status = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+        if (ptr[2] & FLAG_WRAP_CONFIDENTIAL) {
+            /* confidentiality */
+            krb5_enc_data cipher;
+            unsigned char *althdr;
+
+            if (conf_state)
+                *conf_state = 1;
+            /* Do we have no decrypt_size function?
+
+               For all current cryptosystems, the ciphertext size will
+               be larger than the plaintext size.  */
+            cipher.enctype = key->keyblock.enctype;
+            cipher.ciphertext.length = bodysize - 16;
+            cipher.ciphertext.data = (char *)ptr + 16;
+            plain.length = bodysize - 16;
+            plain.data = gssalloc_malloc(plain.length);
+            if (plain.data == NULL)
+                goto no_mem;
+            err = krb5_k_decrypt(context, key, key_usage, 0,
+                                 &cipher, &plain);
+            if (err) {
+                gssalloc_free(plain.data);
+                goto error;
+            }
+            /* Don't use bodysize here!  Use the fact that
+               cipher.ciphertext.length has been adjusted to the
+               correct length.  */
+            if (plain.length < 16 + ec) {
+                free(plain.data);
+                goto defective;
+            }
+            althdr = (unsigned char *)plain.data + plain.length - 16;
+            if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
+                || althdr[2] != ptr[2]
+                || althdr[3] != ptr[3]
+                || load_16_be(althdr+4) != ec
+                || memcmp(althdr+8, ptr+8, 8)) {
+                free(plain.data);
+                goto defective;
+            }
+            message_buffer->value = plain.data;
+            message_buffer->length = plain.length - ec - 16;
+            if(message_buffer->length == 0) {
+                gssalloc_free(message_buffer->value);
+                message_buffer->value = NULL;
+            }
+        } else {
+            size_t cksumsize;
+
+            err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
+            if (err)
+                goto error;
+
+            /* no confidentiality */
+            if (conf_state)
+                *conf_state = 0;
+            if (ec + 16 < ec)
+                /* overflow check */
+                goto defective;
+            if (ec + 16 > bodysize)
+                goto defective;
+            /* We have: header | msg | cksum.
+               We need cksum(msg | header).
+               Rotate the first two.  */
+            store_16_be(0, ptr+4);
+            store_16_be(0, ptr+6);
+            plain = make_data(ptr, bodysize - ec);
+            if (!gss_krb5int_rotate_left(ptr, bodysize-ec, 16))
+                goto no_mem;
+            sum.length = ec;
+            if (sum.length != cksumsize) {
+                *minor_status = 0;
+                return GSS_S_BAD_SIG;
+            }
+            sum.contents = ptr+bodysize-ec;
+            sum.checksum_type = cksumtype;
+            err = krb5_k_verify_checksum(context, key, key_usage,
+                                         &plain, &sum, &valid);
+            if (err)
+                goto error;
+            if (!valid) {
+                *minor_status = 0;
+                return GSS_S_BAD_SIG;
+            }
+            message_buffer->length = plain.length - 16;
+            message_buffer->value = gssalloc_malloc(message_buffer->length);
+            if (message_buffer->value == NULL)
+                goto no_mem;
+            memcpy(message_buffer->value, plain.data, message_buffer->length);
+        }
+        err = g_seqstate_check(ctx->seqstate, seqnum);
+        *minor_status = 0;
+        return err;
+    } else if (toktype == KG_TOK_MIC_MSG) {
+        /* wrap token, no confidentiality */
+        if (load_16_be(ptr) != KG2_TOK_MIC_MSG)
+            goto defective;
+    verify_mic_1:
+        if (ptr[3] != 0xff)
+            goto defective;
+        if (load_32_be(ptr+4) != 0xffffffffL)
+            goto defective;
+        seqnum = load_64_be(ptr+8);
+        plain.length = message_buffer->length + 16;
+        plain.data = malloc(plain.length);
+        if (plain.data == NULL)
+            goto no_mem;
+        if (message_buffer->length)
+            memcpy(plain.data, message_buffer->value, message_buffer->length);
+        memcpy(plain.data + message_buffer->length, ptr, 16);
+        sum.length = bodysize - 16;
+        sum.contents = ptr + 16;
+        sum.checksum_type = cksumtype;
+        err = krb5_k_verify_checksum(context, key, key_usage,
+                                     &plain, &sum, &valid);
+        free(plain.data);
+        plain.data = NULL;
+        if (err) {
+        error:
+            *minor_status = err;
+            save_error_info(*minor_status, context);
+            return GSS_S_BAD_SIG; /* XXX */
+        }
+        if (!valid) {
+            *minor_status = 0;
+            return GSS_S_BAD_SIG;
+        }
+        err = g_seqstate_check(ctx->seqstate, seqnum);
+        *minor_status = 0;
+        return err;
+    } else if (toktype == KG_TOK_DEL_CTX) {
+        if (load_16_be(ptr) != KG2_TOK_DEL_CTX)
+            goto defective;
+        message_buffer = (gss_buffer_t)&empty_message;
+        goto verify_mic_1;
+    } else {
+        goto defective;
+    }
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3iov.c b/krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3iov.c
new file mode 100644
index 00000000..f8e90c35
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3iov.c
@@ -0,0 +1,468 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/k5sealv3iov.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+krb5_error_code
+gss_krb5int_make_seal_token_v3_iov(krb5_context context,
+                                   krb5_gss_ctx_id_rec *ctx,
+                                   int conf_req_flag,
+                                   int *conf_state,
+                                   gss_iov_buffer_desc *iov,
+                                   int iov_count,
+                                   int toktype)
+{
+    krb5_error_code code = 0;
+    gss_iov_buffer_t header;
+    gss_iov_buffer_t padding;
+    gss_iov_buffer_t trailer;
+    unsigned char acceptor_flag;
+    unsigned short tok_id;
+    unsigned char *outbuf = NULL;
+    unsigned char *tbuf = NULL;
+    int key_usage;
+    size_t rrc = 0;
+    unsigned int  gss_headerlen, gss_trailerlen;
+    krb5_key key;
+    krb5_cksumtype cksumtype;
+    size_t data_length, assoc_data_length;
+
+    assert(ctx->proto == 1);
+
+    acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR;
+    key_usage = (toktype == KG_TOK_WRAP_MSG
+                 ? (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
+    if (ctx->have_acceptor_subkey) {
+        key = ctx->acceptor_subkey;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
+    } else {
+        key = ctx->subkey;
+        cksumtype = ctx->cksumtype;
+    }
+    assert(key != NULL);
+    assert(cksumtype != 0);
+
+    kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    if (header == NULL)
+        return EINVAL;
+
+    padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    if (padding != NULL)
+        padding->buffer.length = 0;
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+
+    if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) {
+        unsigned int k5_headerlen, k5_trailerlen, k5_padlen;
+        size_t ec = 0;
+        size_t conf_data_length = data_length - assoc_data_length;
+
+        code = krb5_c_crypto_length(context, key->keyblock.enctype,
+                                    KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+        if (code != 0)
+            goto cleanup;
+
+        code = krb5_c_padding_length(context, key->keyblock.enctype,
+                                     conf_data_length + 16 /* E(Header) */, &k5_padlen);
+        if (code != 0)
+            goto cleanup;
+
+        if (k5_padlen == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+            /* Windows rejects AEAD tokens with non-zero EC */
+            code = krb5_c_block_size(context, key->keyblock.enctype, &ec);
+            if (code != 0)
+                goto cleanup;
+        } else
+            ec = k5_padlen;
+
+        code = krb5_c_crypto_length(context, key->keyblock.enctype,
+                                    KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
+        if (code != 0)
+            goto cleanup;
+
+        gss_headerlen = 16 /* Header */ + k5_headerlen;
+        gss_trailerlen = ec + 16 /* E(Header) */ + k5_trailerlen;
+
+        if (trailer == NULL) {
+            rrc = gss_trailerlen;
+            /* Workaround for Windows bug where it rotates by EC + RRC */
+            if (ctx->gss_flags & GSS_C_DCE_STYLE)
+                rrc -= ec;
+            gss_headerlen += gss_trailerlen;
+        }
+
+        if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+            code = kg_allocate_iov(header, (size_t) gss_headerlen);
+        } else if (header->buffer.length < gss_headerlen)
+            code = KRB5_BAD_MSIZE;
+        if (code != 0)
+            goto cleanup;
+        outbuf = (unsigned char *)header->buffer.value;
+        header->buffer.length = (size_t) gss_headerlen;
+
+        if (trailer != NULL) {
+            if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+                code = kg_allocate_iov(trailer, (size_t) gss_trailerlen);
+            else if (trailer->buffer.length < gss_trailerlen)
+                code = KRB5_BAD_MSIZE;
+            if (code != 0)
+                goto cleanup;
+            trailer->buffer.length = (size_t) gss_trailerlen;
+        }
+
+        /* TOK_ID */
+        store_16_be(KG2_TOK_WRAP_MSG, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag | FLAG_WRAP_CONFIDENTIAL |
+                     (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xFF;
+        /* EC */
+        store_16_be(ec, outbuf + 4);
+        /* RRC */
+        store_16_be(0, outbuf + 6);
+        store_64_be(ctx->seq_send, outbuf + 8);
+
+        /* EC | copy of header to be encrypted, located in (possibly rotated) trailer */
+        if (trailer == NULL)
+            tbuf = (unsigned char *)header->buffer.value + 16; /* Header */
+        else
+            tbuf = (unsigned char *)trailer->buffer.value;
+
+        memset(tbuf, 0xFF, ec);
+        memcpy(tbuf + ec, header->buffer.value, 16);
+
+        code = kg_encrypt_iov(context, ctx->proto,
+                              ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                              ec, rrc, key, key_usage, 0, iov, iov_count);
+        if (code != 0)
+            goto cleanup;
+
+        /* RRC */
+        store_16_be(rrc, outbuf + 6);
+
+        ctx->seq_send++;
+    } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) {
+        tok_id = KG2_TOK_WRAP_MSG;
+
+    wrap_with_checksum:
+
+        gss_headerlen = 16;
+
+        code = krb5_c_crypto_length(context, key->keyblock.enctype,
+                                    KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &gss_trailerlen);
+        if (code != 0)
+            goto cleanup;
+
+        assert(gss_trailerlen <= 0xFFFF);
+
+        if (trailer == NULL) {
+            rrc = gss_trailerlen;
+            gss_headerlen += gss_trailerlen;
+        }
+
+        if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+            code = kg_allocate_iov(header, (size_t) gss_headerlen);
+        else if (header->buffer.length < gss_headerlen)
+            code = KRB5_BAD_MSIZE;
+        if (code != 0)
+            goto cleanup;
+        outbuf = (unsigned char *)header->buffer.value;
+        header->buffer.length = (size_t) gss_headerlen;
+
+        if (trailer != NULL) {
+            if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE)
+                code = kg_allocate_iov(trailer, (size_t) gss_trailerlen);
+            else if (trailer->buffer.length < gss_trailerlen)
+                code = KRB5_BAD_MSIZE;
+            if (code != 0)
+                goto cleanup;
+            trailer->buffer.length = (size_t) gss_trailerlen;
+        }
+
+        /* TOK_ID */
+        store_16_be(tok_id, outbuf);
+        /* flags */
+        outbuf[2] = (acceptor_flag
+                     | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0));
+        /* filler */
+        outbuf[3] = 0xFF;
+        if (toktype == KG_TOK_WRAP_MSG) {
+            /* Use 0 for checksum calculation, substitute
+             * checksum length later.
+             */
+            /* EC */
+            store_16_be(0, outbuf + 4);
+            /* RRC */
+            store_16_be(0, outbuf + 6);
+        } else {
+            /* MIC and DEL store 0xFF in EC and RRC */
+            store_16_be(0xFFFF, outbuf + 4);
+            store_16_be(0xFFFF, outbuf + 6);
+        }
+        store_64_be(ctx->seq_send, outbuf + 8);
+
+        code = kg_make_checksum_iov_v3(context, cksumtype,
+                                       rrc, key, key_usage,
+                                       iov, iov_count, toktype);
+        if (code != 0)
+            goto cleanup;
+
+        ctx->seq_send++;
+
+        if (toktype == KG_TOK_WRAP_MSG) {
+            /* Fix up EC field */
+            store_16_be(gss_trailerlen, outbuf + 4);
+            /* Fix up RRC field */
+            store_16_be(rrc, outbuf + 6);
+        }
+    } else if (toktype == KG_TOK_MIC_MSG) {
+        tok_id = KG2_TOK_MIC_MSG;
+        trailer = NULL;
+        goto wrap_with_checksum;
+    } else if (toktype == KG_TOK_DEL_CTX) {
+        tok_id = KG2_TOK_DEL_CTX;
+        goto wrap_with_checksum;
+    } else {
+        abort();
+    }
+
+    code = 0;
+    if (conf_state != NULL)
+        *conf_state = conf_req_flag;
+
+cleanup:
+    if (code != 0)
+        kg_release_iov(iov, iov_count);
+
+    return code;
+}
+
+OM_uint32
+gss_krb5int_unseal_v3_iov(krb5_context context,
+                          OM_uint32 *minor_status,
+                          krb5_gss_ctx_id_rec *ctx,
+                          gss_iov_buffer_desc *iov,
+                          int iov_count,
+                          int *conf_state,
+                          gss_qop_t *qop_state,
+                          int toktype)
+{
+    OM_uint32 code;
+    gss_iov_buffer_t header;
+    gss_iov_buffer_t padding;
+    gss_iov_buffer_t trailer;
+    unsigned char acceptor_flag;
+    unsigned char *ptr = NULL;
+    int key_usage;
+    size_t rrc, ec;
+    size_t data_length, assoc_data_length;
+    krb5_key key;
+    uint64_t seqnum;
+    krb5_boolean valid;
+    krb5_cksumtype cksumtype;
+    int conf_flag = 0;
+
+    if (qop_state != NULL)
+        *qop_state = GSS_C_QOP_DEFAULT;
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    assert(header != NULL);
+
+    padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    if (padding != NULL && padding->buffer.length != 0)
+        return GSS_S_DEFECTIVE_TOKEN;
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+
+    acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0;
+    key_usage = (toktype == KG_TOK_WRAP_MSG
+                 ? (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SEAL
+                    : KG_USAGE_ACCEPTOR_SEAL)
+                 : (!ctx->initiate
+                    ? KG_USAGE_INITIATOR_SIGN
+                    : KG_USAGE_ACCEPTOR_SIGN));
+
+    kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+
+    ptr = (unsigned char *)header->buffer.value;
+
+    if (header->buffer.length < 16) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) {
+        *minor_status = (OM_uint32)G_BAD_DIRECTION;
+        return GSS_S_BAD_SIG;
+    }
+
+    if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
+        key = ctx->acceptor_subkey;
+        cksumtype = ctx->acceptor_subkey_cksumtype;
+    } else {
+        key = ctx->subkey;
+        cksumtype = ctx->cksumtype;
+    }
+    assert(key != NULL);
+
+
+    if (toktype == KG_TOK_WRAP_MSG) {
+        unsigned int k5_trailerlen;
+
+        if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
+            goto defective;
+        conf_flag = ((ptr[2] & FLAG_WRAP_CONFIDENTIAL) != 0);
+        if (ptr[3] != 0xFF)
+            goto defective;
+        ec = load_16_be(ptr + 4);
+        rrc = load_16_be(ptr + 6);
+        seqnum = load_64_be(ptr + 8);
+
+        code = krb5_c_crypto_length(context, key->keyblock.enctype,
+                                    conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
+                                    KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &k5_trailerlen);
+        if (code != 0) {
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+
+        /* Deal with RRC */
+        if (trailer == NULL) {
+            size_t desired_rrc = k5_trailerlen;
+
+            if (conf_flag) {
+                desired_rrc += 16; /* E(Header) */
+
+                if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0)
+                    desired_rrc += ec;
+            }
+
+            /* According to MS, we only need to deal with a fixed RRC for DCE */
+            if (rrc != desired_rrc)
+                goto defective;
+        } else if (rrc != 0) {
+            /* Should have been rotated by kg_unseal_stream_iov() */
+            goto defective;
+        }
+
+        if (conf_flag) {
+            unsigned char *althdr;
+
+            /* Decrypt */
+            code = kg_decrypt_iov(context, ctx->proto,
+                                  ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                                  ec, rrc,
+                                  key, key_usage, 0, iov, iov_count);
+            if (code != 0) {
+                *minor_status = code;
+                return GSS_S_BAD_SIG;
+            }
+
+            /* Validate header integrity */
+            if (trailer == NULL)
+                althdr = (unsigned char *)header->buffer.value + 16 + ec;
+            else
+                althdr = (unsigned char *)trailer->buffer.value + ec;
+
+            if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
+                || althdr[2] != ptr[2]
+                || althdr[3] != ptr[3]
+                || load_16_be(althdr + 4) != ec
+                || memcmp(althdr + 8, ptr + 8, 8) != 0) {
+                *minor_status = 0;
+                return GSS_S_DEFECTIVE_TOKEN;
+            }
+        } else {
+            /* Verify checksum: note EC is checksum size here, not padding */
+            if (ec != k5_trailerlen)
+                goto defective;
+
+            /* Zero EC, RRC before computing checksum */
+            store_16_be(0, ptr + 4);
+            store_16_be(0, ptr + 6);
+
+            code = kg_verify_checksum_iov_v3(context, cksumtype, rrc,
+                                             key, key_usage,
+                                             iov, iov_count, toktype, &valid);
+            if (code != 0 || valid == FALSE) {
+                *minor_status = code;
+                return GSS_S_BAD_SIG;
+            }
+        }
+
+        code = g_seqstate_check(ctx->seqstate, seqnum);
+    } else if (toktype == KG_TOK_MIC_MSG) {
+        if (load_16_be(ptr) != KG2_TOK_MIC_MSG)
+            goto defective;
+
+    verify_mic_1:
+        if (ptr[3] != 0xFF)
+            goto defective;
+        seqnum = load_64_be(ptr + 8);
+
+        /* For MIC tokens, the GSS header and checksum are in the same buffer.
+         * Fake up an RRC so that the checksum is expected in the header. */
+        rrc = (trailer != NULL) ? 0 : header->buffer.length - 16;
+        code = kg_verify_checksum_iov_v3(context, cksumtype, rrc,
+                                         key, key_usage,
+                                         iov, iov_count, toktype, &valid);
+        if (code != 0 || valid == FALSE) {
+            *minor_status = code;
+            return GSS_S_BAD_SIG;
+        }
+        code = g_seqstate_check(ctx->seqstate, seqnum);
+    } else if (toktype == KG_TOK_DEL_CTX) {
+        if (load_16_be(ptr) != KG2_TOK_DEL_CTX)
+            goto defective;
+        goto verify_mic_1;
+    } else {
+        goto defective;
+    }
+
+    *minor_status = 0;
+
+    if (conf_state != NULL)
+        *conf_state = conf_flag;
+
+    return code;
+
+defective:
+    *minor_status = 0;
+
+    return GSS_S_DEFECTIVE_TOKEN;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c b/krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c
new file mode 100644
index 00000000..9b183bc3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c
@@ -0,0 +1,476 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2001, 2007 by the Massachusetts Institute of Technology.
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <assert.h>
+
+/* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
+   conf_state is only valid if SEAL. */
+
+static OM_uint32
+kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer,
+             conf_state, qop_state, toktype)
+    krb5_context context;
+    OM_uint32 *minor_status;
+    krb5_gss_ctx_id_rec *ctx;
+    unsigned char *ptr;
+    int bodysize;
+    gss_buffer_t message_buffer;
+    int *conf_state;
+    gss_qop_t *qop_state;
+    int toktype;
+{
+    krb5_error_code code;
+    int conflen = 0;
+    int signalg;
+    int sealalg;
+    int bad_pad = 0;
+    gss_buffer_desc token;
+    krb5_checksum md5cksum;
+    krb5_data plaind;
+    char *data_ptr;
+    unsigned char *plain;
+    unsigned int cksum_len = 0;
+    size_t plainlen;
+    int direction;
+    krb5_ui_4 seqnum;
+    OM_uint32 retval;
+    size_t sumlen;
+    size_t padlen;
+    krb5_keyusage sign_usage = KG_USAGE_SIGN;
+
+    if (toktype == KG_TOK_SEAL_MSG) {
+        message_buffer->length = 0;
+        message_buffer->value = NULL;
+    }
+
+    /* Sanity checks */
+
+    if (ctx->seq == NULL) {
+        /* ctx was established using a newer enctype, and cannot process RFC
+         * 1964 tokens. */
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if ((bodysize < 22) || (ptr[4] != 0xff) || (ptr[5] != 0xff)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    signalg = ptr[0] + (ptr[1]<<8);
+    sealalg = ptr[2] + (ptr[3]<<8);
+
+    if ((toktype != KG_TOK_SEAL_MSG) &&
+        (sealalg != 0xffff)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* in the current spec, there is only one valid seal algorithm per
+       key type, so a simple comparison is ok */
+
+    if ((toktype == KG_TOK_SEAL_MSG) &&
+        !((sealalg == 0xffff) ||
+          (sealalg == ctx->sealalg))) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* there are several mappings of seal algorithms to sign algorithms,
+       but few enough that we can try them all. */
+
+    if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
+        (ctx->sealalg == SEAL_ALG_DES3KD &&
+         signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
+        (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
+         signalg != SGN_ALG_HMAC_MD5)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    switch (signalg) {
+    case SGN_ALG_HMAC_MD5:
+        cksum_len = 8;
+        if (toktype != KG_TOK_SEAL_MSG)
+            sign_usage = 15;
+        break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        cksum_len = 20;
+        break;
+    default:
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if ((size_t)bodysize < 14 + cksum_len) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* get the token parameters */
+
+    if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction,
+                               &seqnum))) {
+        *minor_status = code;
+        return(GSS_S_BAD_SIG);
+    }
+
+    /* decode the message, if SEAL */
+
+    if (toktype == KG_TOK_SEAL_MSG) {
+        size_t tmsglen = bodysize-(14+cksum_len);
+        if (sealalg != 0xffff) {
+            if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) {
+                *minor_status = ENOMEM;
+                return(GSS_S_FAILURE);
+            }
+            if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+                unsigned char bigend_seqnum[4];
+                krb5_keyblock *enc_key;
+                int i;
+                store_32_be(seqnum, bigend_seqnum);
+                code = krb5_k_key_keyblock(context, ctx->enc, &enc_key);
+                if (code)
+                {
+                    xfree(plain);
+                    *minor_status = code;
+                    return(GSS_S_FAILURE);
+                }
+
+                assert (enc_key->length == 16);
+                for (i = 0; i <= 15; i++)
+                    ((char *) enc_key->contents)[i] ^=0xf0;
+                code = kg_arcfour_docrypt (enc_key, 0,
+                                           &bigend_seqnum[0], 4,
+                                           ptr+14+cksum_len, tmsglen,
+                                           plain);
+                krb5_free_keyblock (context, enc_key);
+            } else {
+                code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
+                                  ptr+14+cksum_len, plain, tmsglen);
+            }
+            if (code) {
+                xfree(plain);
+                *minor_status = code;
+                return(GSS_S_FAILURE);
+            }
+        } else {
+            plain = ptr+14+cksum_len;
+        }
+
+        plainlen = tmsglen;
+
+        conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
+        if (tmsglen < (size_t)conflen) {
+            if (sealalg != 0xffff)
+                xfree(plain);
+            *minor_status = 0;
+            return(GSS_S_DEFECTIVE_TOKEN);
+        }
+        padlen = plain[tmsglen - 1];
+        if (tmsglen - conflen < padlen) {
+            /* Don't error out yet, to avoid padding oracle attacks.  We will
+             * treat this as a checksum failure later on. */
+            padlen = 0;
+            bad_pad = 1;
+        }
+        token.length = tmsglen - conflen - padlen;
+
+        if (token.length) {
+            if ((token.value = (void *) gssalloc_malloc(token.length)) == NULL) {
+                if (sealalg != 0xffff)
+                    xfree(plain);
+                *minor_status = ENOMEM;
+                return(GSS_S_FAILURE);
+            }
+            memcpy(token.value, plain+conflen, token.length);
+        } else {
+            token.value = NULL;
+        }
+    } else if (toktype == KG_TOK_SIGN_MSG) {
+        token = *message_buffer;
+        plain = token.value;
+        plainlen = token.length;
+    } else {
+        token.length = 0;
+        token.value = NULL;
+        plain = token.value;
+        plainlen = token.length;
+    }
+
+    /* compute the checksum of the message */
+
+    /* initialize the the cksum */
+    switch (signalg) {
+    case SGN_ALG_HMAC_MD5:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
+    default:
+        abort ();
+    }
+
+    code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
+    if (code)
+        return(code);
+    md5cksum.length = sumlen;
+
+    switch (signalg) {
+    default:
+        *minor_status = 0;
+        return(GSS_S_DEFECTIVE_TOKEN);
+
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+    case SGN_ALG_HMAC_MD5:
+        /* compute the checksum of the message */
+
+        /* 8 = bytes of token body to be checksummed according to spec */
+
+        if (! (data_ptr = xmalloc(8 + plainlen))) {
+            if (sealalg != 0xffff)
+                xfree(plain);
+            if (toktype == KG_TOK_SEAL_MSG)
+                gssalloc_free(token.value);
+            *minor_status = ENOMEM;
+            return(GSS_S_FAILURE);
+        }
+
+        (void) memcpy(data_ptr, ptr-2, 8);
+
+        (void) memcpy(data_ptr+8, plain, plainlen);
+
+        plaind.length = 8 + plainlen;
+        plaind.data = data_ptr;
+        code = krb5_k_make_checksum(context, md5cksum.checksum_type,
+                                    ctx->seq, sign_usage,
+                                    &plaind, &md5cksum);
+        xfree(data_ptr);
+
+        if (code) {
+            if (toktype == KG_TOK_SEAL_MSG)
+                gssalloc_free(token.value);
+            *minor_status = code;
+            return(GSS_S_FAILURE);
+        }
+
+        code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);
+        break;
+    }
+
+    krb5_free_checksum_contents(context, &md5cksum);
+    if (sealalg != 0xffff)
+        xfree(plain);
+
+    /* compare the computed checksum against the transmitted checksum */
+
+    if (code || bad_pad) {
+        if (toktype == KG_TOK_SEAL_MSG)
+            gssalloc_free(token.value);
+        *minor_status = 0;
+        return(GSS_S_BAD_SIG);
+    }
+
+
+    /* It got through unscathed.  Make sure the context is unexpired. */
+
+    if (toktype == KG_TOK_SEAL_MSG)
+        *message_buffer = token;
+
+    if (conf_state)
+        *conf_state = (sealalg != 0xffff);
+
+    if (qop_state)
+        *qop_state = GSS_C_QOP_DEFAULT;
+
+    /* do sequencing checks */
+
+    if ((ctx->initiate && direction != 0xff) ||
+        (!ctx->initiate && direction != 0)) {
+        if (toktype == KG_TOK_SEAL_MSG) {
+            gssalloc_free(token.value);
+            message_buffer->value = NULL;
+            message_buffer->length = 0;
+        }
+        *minor_status = (OM_uint32)G_BAD_DIRECTION;
+        return(GSS_S_BAD_SIG);
+    }
+
+    retval = g_seqstate_check(ctx->seqstate, (uint64_t)seqnum);
+
+    /* success or ordering violation */
+
+    *minor_status = 0;
+    return(retval);
+}
+
+/* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX
+   conf_state is only valid if SEAL. */
+
+OM_uint32
+kg_unseal(minor_status, context_handle, input_token_buffer,
+          message_buffer, conf_state, qop_state, toktype)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t input_token_buffer;
+    gss_buffer_t message_buffer;
+    int *conf_state;
+    gss_qop_t *qop_state;
+    int toktype;
+{
+    krb5_gss_ctx_id_rec *ctx;
+    unsigned char *ptr;
+    unsigned int bodysize;
+    int err;
+    int toktype2;
+    int vfyflags = 0;
+    OM_uint32 ret;
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    /* parse the token, leave the data in message_buffer, setting conf_state */
+
+    /* verify the header */
+
+    ptr = (unsigned char *) input_token_buffer->value;
+
+
+    err = g_verify_token_header(ctx->mech_used,
+                                &bodysize, &ptr, -1,
+                                input_token_buffer->length,
+                                vfyflags);
+    if (err) {
+        *minor_status = err;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (bodysize < 2) {
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    toktype2 = load_16_be(ptr);
+
+    ptr += 2;
+    bodysize -= 2;
+
+    switch (toktype2) {
+    case KG2_TOK_MIC_MSG:
+    case KG2_TOK_WRAP_MSG:
+    case KG2_TOK_DEL_CTX:
+        ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx,
+                                          ptr, bodysize, message_buffer,
+                                          conf_state, qop_state, toktype);
+        break;
+    case KG_TOK_MIC_MSG:
+    case KG_TOK_WRAP_MSG:
+    case KG_TOK_DEL_CTX:
+        ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize,
+                           message_buffer, conf_state, qop_state,
+                           toktype);
+        break;
+    default:
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        ret = GSS_S_DEFECTIVE_TOKEN;
+        break;
+    }
+
+    if (ret != 0)
+        save_error_info (*minor_status, ctx->k5_context);
+
+    return ret;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_unwrap(minor_status, context_handle,
+                input_message_buffer, output_message_buffer,
+                conf_state, qop_state)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_buffer_t        input_message_buffer;
+    gss_buffer_t        output_message_buffer;
+    int                 *conf_state;
+    gss_qop_t           *qop_state;
+{
+    OM_uint32           rstat;
+
+    rstat = kg_unseal(minor_status, context_handle,
+                      input_message_buffer, output_message_buffer,
+                      conf_state, qop_state, KG_TOK_WRAP_MSG);
+    return(rstat);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_verify_mic(minor_status, context_handle,
+                    message_buffer, token_buffer,
+                    qop_state)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    gss_buffer_t        message_buffer;
+    gss_buffer_t        token_buffer;
+    gss_qop_t           *qop_state;
+{
+    OM_uint32           rstat;
+
+    rstat = kg_unseal(minor_status, context_handle,
+                      token_buffer, message_buffer,
+                      NULL, qop_state, KG_TOK_MIC_MSG);
+    return(rstat);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c b/krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c
new file mode 100644
index 00000000..21b50173
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c
@@ -0,0 +1,712 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/k5unsealiov.c */
+/*
+ * Copyright 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-der.h"
+#include "gssapiP_krb5.h"
+
+static OM_uint32
+kg_unseal_v1_iov(krb5_context context,
+                 OM_uint32 *minor_status,
+                 krb5_gss_ctx_id_rec *ctx,
+                 gss_iov_buffer_desc *iov,
+                 int iov_count,
+                 size_t token_wrapper_len,
+                 int *conf_state,
+                 gss_qop_t *qop_state,
+                 int toktype)
+{
+    OM_uint32 code;
+    gss_iov_buffer_t header;
+    gss_iov_buffer_t trailer;
+    unsigned char *ptr;
+    int sealalg;
+    int signalg;
+    krb5_checksum md5cksum;
+    size_t cksum_len = 0;
+    size_t conflen = 0;
+    int direction;
+    krb5_ui_4 seqnum;
+    OM_uint32 retval;
+    size_t sumlen;
+    krb5_keyusage sign_usage = KG_USAGE_SIGN;
+
+    md5cksum.length = 0;
+    md5cksum.contents = NULL;
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    assert(header != NULL);
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    if (trailer != NULL && trailer->buffer.length != 0) {
+        *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (ctx->seq == NULL) {
+        /* ctx was established using a newer enctype, and cannot process RFC
+         * 1964 tokens. */
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (header->buffer.length < token_wrapper_len + 22) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    ptr = (unsigned char *)header->buffer.value + token_wrapper_len;
+
+    signalg  = ptr[0];
+    signalg |= ptr[1] << 8;
+
+    sealalg  = ptr[2];
+    sealalg |= ptr[3] << 8;
+
+    if (ptr[4] != 0xFF || ptr[5] != 0xFF) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (toktype != KG_TOK_WRAP_MSG && sealalg != 0xFFFF) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (toktype == KG_TOK_WRAP_MSG &&
+        !(sealalg == 0xFFFF || sealalg == ctx->sealalg)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) ||
+        (ctx->sealalg == SEAL_ALG_DES3KD &&
+         signalg != SGN_ALG_HMAC_SHA1_DES3_KD)||
+        (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 &&
+         signalg != SGN_ALG_HMAC_MD5)) {
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    switch (signalg) {
+    case SGN_ALG_HMAC_MD5:
+        cksum_len = 8;
+        if (toktype != KG_TOK_WRAP_MSG)
+            sign_usage = 15;
+        break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        cksum_len = 20;
+        break;
+    default:
+        *minor_status = 0;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* get the token parameters */
+    code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction,
+                          &seqnum);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_BAD_SIG;
+    }
+
+    /* decode the message, if SEAL */
+    if (toktype == KG_TOK_WRAP_MSG) {
+        if (sealalg != 0xFFFF) {
+            if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
+                unsigned char bigend_seqnum[4];
+                krb5_keyblock *enc_key;
+                size_t i;
+
+                store_32_be(seqnum, bigend_seqnum);
+
+                code = krb5_k_key_keyblock(context, ctx->enc, &enc_key);
+                if (code != 0) {
+                    retval = GSS_S_FAILURE;
+                    goto cleanup;
+                }
+
+                assert(enc_key->length == 16);
+
+                for (i = 0; i < enc_key->length; i++)
+                    ((char *)enc_key->contents)[i] ^= 0xF0;
+
+                code = kg_arcfour_docrypt_iov(context, enc_key, 0,
+                                              &bigend_seqnum[0], 4,
+                                              iov, iov_count);
+                krb5_free_keyblock(context, enc_key);
+            } else {
+                code = kg_decrypt_iov(context, 0,
+                                      ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0),
+                                      0 /*EC*/, 0 /*RRC*/,
+                                      ctx->enc, KG_USAGE_SEAL, NULL,
+                                      iov, iov_count);
+            }
+            if (code != 0) {
+                retval = GSS_S_FAILURE;
+                goto cleanup;
+            }
+        }
+        conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
+    }
+
+    if (header->buffer.length != token_wrapper_len + 14 + cksum_len + conflen) {
+        retval = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+    }
+
+    /* compute the checksum of the message */
+
+    /* initialize the checksum */
+
+    switch (signalg) {
+    case SGN_ALG_HMAC_MD5:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        break;
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+        md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3;
+        break;
+    default:
+        abort();
+    }
+
+    code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
+    if (code != 0) {
+        retval = GSS_S_FAILURE;
+        goto cleanup;
+    }
+    md5cksum.length = sumlen;
+
+    /* compute the checksum of the message */
+    code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type,
+                                   cksum_len, ctx->seq, ctx->enc,
+                                   sign_usage, iov, iov_count, toktype,
+                                   &md5cksum);
+    if (code != 0) {
+        retval = GSS_S_FAILURE;
+        goto cleanup;
+    }
+
+    switch (signalg) {
+    case SGN_ALG_HMAC_SHA1_DES3_KD:
+    case SGN_ALG_HMAC_MD5:
+        code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);
+        break;
+    default:
+        code = 0;
+        retval = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+        break;
+    }
+
+    if (code != 0) {
+        code = 0;
+        retval = GSS_S_BAD_SIG;
+        goto cleanup;
+    }
+
+    /*
+     * For GSS_C_DCE_STYLE, the caller manages the padding, because the
+     * pad length is in the RPC PDU. The value of the padding may be
+     * uninitialized. For normal GSS, the last bytes of the decrypted
+     * data contain the pad length. kg_fixup_padding_iov() will find
+     * this and fixup the last data IOV appropriately.
+     */
+    if (toktype == KG_TOK_WRAP_MSG &&
+        (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) {
+        retval = kg_fixup_padding_iov(&code, iov, iov_count);
+        if (retval != GSS_S_COMPLETE)
+            goto cleanup;
+    }
+
+    if (conf_state != NULL)
+        *conf_state = (sealalg != 0xFFFF);
+
+    if (qop_state != NULL)
+        *qop_state = GSS_C_QOP_DEFAULT;
+
+    if ((ctx->initiate && direction != 0xff) ||
+        (!ctx->initiate && direction != 0)) {
+        *minor_status = (OM_uint32)G_BAD_DIRECTION;
+        retval = GSS_S_BAD_SIG;
+        goto cleanup;
+    }
+
+    code = 0;
+    retval = g_seqstate_check(ctx->seqstate, (uint64_t)seqnum);
+
+cleanup:
+    krb5_free_checksum_contents(context, &md5cksum);
+
+    *minor_status = code;
+
+    return retval;
+}
+
+/* Similar to k5_der_get_value(), but output an unchecked content length
+ * instead of a k5input containing the contents. */
+static inline bool
+get_der_tag(struct k5input *in, uint8_t idbyte, size_t *len_out)
+{
+    uint8_t lenbyte, i;
+    size_t len;
+
+    /* Do nothing if in is empty or the next byte doesn't match idbyte. */
+    if (in->status || in->len == 0 || *in->ptr != idbyte)
+        return false;
+
+    /* Advance past the identifier byte and decode the length. */
+    (void)k5_input_get_byte(in);
+    lenbyte = k5_input_get_byte(in);
+    if (lenbyte < 128) {
+        len = lenbyte;
+    } else {
+        len = 0;
+        for (i = 0; i < (lenbyte & 0x7F); i++) {
+            if (len > (SIZE_MAX >> 8)) {
+                k5_input_set_status(in, EOVERFLOW);
+                return false;
+            }
+            len = (len << 8) | k5_input_get_byte(in);
+        }
+    }
+
+    if (in->status)
+        return false;
+
+    *len_out = len;
+    return true;
+}
+
+/*
+ * Similar to g_verify_token_header() without toktype or flags, but do not read
+ * more than *header_len bytes of ASN.1 wrapper, and on output set *header_len
+ * to the remaining number of header bytes.  Verify the outer DER tag's length
+ * against token_len, which may be larger (but not smaller) than *header_len.
+ */
+static gss_int32
+verify_detached_wrapper(const gss_OID_desc *mech, size_t *header_len,
+                        uint8_t **header_in, size_t token_len)
+{
+    struct k5input in, mech_der;
+    gss_OID_desc toid;
+    size_t len;
+
+    k5_input_init(&in, *header_in, *header_len);
+
+    if (get_der_tag(&in, 0x60, &len)) {
+        if (len != token_len - (in.ptr - *header_in))
+            return G_BAD_TOK_HEADER;
+        if (!k5_der_get_value(&in, 0x06, &mech_der))
+            return G_BAD_TOK_HEADER;
+        toid.elements = (uint8_t *)mech_der.ptr;
+        toid.length = mech_der.len;
+        if (!g_OID_equal(&toid, mech))
+            return G_WRONG_MECH;
+    }
+
+    *header_in = (uint8_t *)in.ptr;
+    *header_len = in.len;
+    return 0;
+}
+
+/*
+ * Caller must provide TOKEN | DATA | PADDING | TRAILER, except
+ * for DCE in which case it can just provide TOKEN | DATA (must
+ * guarantee that DATA is padded)
+ */
+static OM_uint32
+kg_unseal_iov_token(OM_uint32 *minor_status,
+                    krb5_gss_ctx_id_rec *ctx,
+                    int *conf_state,
+                    gss_qop_t *qop_state,
+                    gss_iov_buffer_desc *iov,
+                    int iov_count,
+                    int toktype)
+{
+    krb5_error_code code;
+    krb5_context context = ctx->k5_context;
+    unsigned char *ptr;
+    gss_iov_buffer_t header;
+    gss_iov_buffer_t padding;
+    gss_iov_buffer_t trailer;
+    size_t input_length, hlen;
+    int toktype2;
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    if (header == NULL) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+
+    padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+
+    ptr = (unsigned char *)header->buffer.value;
+    input_length = header->buffer.length;
+
+    if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0 &&
+        toktype == KG_TOK_WRAP_MSG) {
+        size_t data_length, assoc_data_length;
+
+        kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length);
+
+        input_length += data_length - assoc_data_length;
+
+        if (padding != NULL)
+            input_length += padding->buffer.length;
+
+        if (trailer != NULL)
+            input_length += trailer->buffer.length;
+    }
+
+    hlen = header->buffer.length;
+    code = verify_detached_wrapper(ctx->mech_used, &hlen, &ptr, input_length);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (hlen < 2) {
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    toktype2 = load_16_be(ptr);
+
+    ptr += 2;
+    hlen -= 2;
+
+    switch (toktype2) {
+    case KG2_TOK_MIC_MSG:
+    case KG2_TOK_WRAP_MSG:
+    case KG2_TOK_DEL_CTX:
+        code = gss_krb5int_unseal_v3_iov(context, minor_status, ctx, iov, iov_count,
+                                         conf_state, qop_state, toktype);
+        break;
+    case KG_TOK_MIC_MSG:
+    case KG_TOK_WRAP_MSG:
+    case KG_TOK_DEL_CTX:
+        code = kg_unseal_v1_iov(context, minor_status, ctx, iov, iov_count,
+                                (size_t)(ptr - (unsigned char *)header->buffer.value),
+                                conf_state, qop_state, toktype);
+        break;
+    default:
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        code = GSS_S_DEFECTIVE_TOKEN;
+        break;
+    }
+
+    if (code != 0)
+        save_error_info(*minor_status, context);
+
+    return code;
+}
+
+/*
+ * Split a STREAM | SIGN_DATA | DATA into
+ *         HEADER | SIGN_DATA | DATA | PADDING | TRAILER
+ */
+static OM_uint32
+kg_unseal_stream_iov(OM_uint32 *minor_status,
+                     krb5_gss_ctx_id_rec *ctx,
+                     int *conf_state,
+                     gss_qop_t *qop_state,
+                     gss_iov_buffer_desc *iov,
+                     int iov_count,
+                     int toktype)
+{
+    unsigned char *ptr;
+    unsigned int bodysize;
+    OM_uint32 code = 0, major_status = GSS_S_FAILURE;
+    krb5_context context = ctx->k5_context;
+    int conf_req_flag, toktype2;
+    int i = 0, j;
+    gss_iov_buffer_desc *tiov = NULL;
+    gss_iov_buffer_t stream, data = NULL;
+    gss_iov_buffer_t theader, tdata = NULL, tpadding, ttrailer;
+
+    assert(toktype == KG_TOK_WRAP_MSG);
+
+    if (toktype != KG_TOK_WRAP_MSG || (ctx->gss_flags & GSS_C_DCE_STYLE)) {
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    stream = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM);
+    assert(stream != NULL);
+
+    ptr = (unsigned char *)stream->buffer.value;
+
+    code = g_verify_token_header(ctx->mech_used,
+                                 &bodysize, &ptr, -1,
+                                 stream->buffer.length, 0);
+    if (code != 0) {
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+    }
+
+    if (bodysize < 2) {
+        *minor_status = (OM_uint32)G_BAD_TOK_HEADER;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    toktype2 = load_16_be(ptr);
+
+    ptr += 2;
+    bodysize -= 2;
+
+    tiov = (gss_iov_buffer_desc *)calloc((size_t)iov_count + 2, sizeof(gss_iov_buffer_desc));
+    if (tiov == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    /* HEADER */
+    theader = &tiov[i++];
+    theader->type = GSS_IOV_BUFFER_TYPE_HEADER;
+    theader->buffer.value = stream->buffer.value;
+    theader->buffer.length = ptr - (unsigned char *)stream->buffer.value;
+    if (bodysize < 14 ||
+        stream->buffer.length != theader->buffer.length + bodysize) {
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+    }
+    theader->buffer.length += 14;
+
+    /* n[SIGN_DATA] | DATA | m[SIGN_DATA] */
+    for (j = 0; j < iov_count; j++) {
+        OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type);
+
+        if (type == GSS_IOV_BUFFER_TYPE_DATA) {
+            if (data != NULL) {
+                /* only a single DATA buffer can appear */
+                code = EINVAL;
+                goto cleanup;
+            }
+
+            data = &iov[j];
+            tdata = &tiov[i];
+        }
+        if (type == GSS_IOV_BUFFER_TYPE_DATA ||
+            type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            tiov[i++] = iov[j];
+    }
+
+    if (data == NULL) {
+        /* a single DATA buffer must be present */
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    /* PADDING | TRAILER */
+    tpadding = &tiov[i++];
+    tpadding->type = GSS_IOV_BUFFER_TYPE_PADDING;
+    tpadding->buffer.length = 0;
+    tpadding->buffer.value = NULL;
+
+    ttrailer = &tiov[i++];
+    ttrailer->type = GSS_IOV_BUFFER_TYPE_TRAILER;
+
+    switch (toktype2) {
+    case KG2_TOK_MIC_MSG:
+    case KG2_TOK_WRAP_MSG:
+    case KG2_TOK_DEL_CTX: {
+        size_t ec, rrc;
+        krb5_enctype enctype;
+        unsigned int k5_headerlen = 0;
+        unsigned int k5_trailerlen = 0;
+
+        if (ctx->have_acceptor_subkey)
+            enctype = ctx->acceptor_subkey->keyblock.enctype;
+        else
+            enctype = ctx->subkey->keyblock.enctype;
+        conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
+        ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
+        rrc = load_16_be(ptr + 4);
+
+        if (rrc != 0) {
+            if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16,
+                                         stream->buffer.length - 16, rrc)) {
+                code = ENOMEM;
+                goto cleanup;
+            }
+            store_16_be(0, ptr + 4); /* set RRC to zero */
+        }
+
+        if (conf_req_flag) {
+            code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+            if (code != 0)
+                goto cleanup;
+            theader->buffer.length += k5_headerlen; /* length validated later */
+        }
+
+        /* no PADDING for CFX, EC is used instead */
+        code = krb5_c_crypto_length(context, enctype,
+                                    conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    &k5_trailerlen);
+        if (code != 0)
+            goto cleanup;
+
+        ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
+        ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
+            stream->buffer.length - ttrailer->buffer.length;
+        break;
+    }
+    case KG_TOK_MIC_MSG:
+    case KG_TOK_WRAP_MSG:
+    case KG_TOK_DEL_CTX:
+        theader->buffer.length += ctx->cksum_size +
+            kg_confounder_size(context, ctx->enc->keyblock.enctype);
+
+        /*
+         * we can't set the padding accurately until decryption;
+         * kg_fixup_padding_iov() will take care of this
+         */
+        tpadding->buffer.length = 1;
+        tpadding->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - 1;
+
+        /* no TRAILER for pre-CFX */
+        ttrailer->buffer.length = 0;
+        ttrailer->buffer.value = NULL;
+
+        break;
+    default:
+        code = (OM_uint32)G_BAD_TOK_HEADER;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+        break;
+    }
+
+    /* IOV: -----------0-------------+---1---+--2--+----------------3--------------*/
+    /* Old: GSS-Header | Conf        | Data  | Pad |                               */
+    /* CFX: GSS-Header | Kerb-Header | Data  |     | EC | E(Header) | Kerb-Trailer */
+    /* GSS: -------GSS-HEADER--------+-DATA--+-PAD-+----------GSS-TRAILER----------*/
+
+    /* validate lengths */
+    if (stream->buffer.length < theader->buffer.length +
+        tpadding->buffer.length +
+        ttrailer->buffer.length)
+    {
+        code = (OM_uint32)KRB5_BAD_MSIZE;
+        major_status = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+    }
+
+    /* setup data */
+    tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
+        tpadding->buffer.length - theader->buffer.length;
+
+    assert(data != NULL);
+
+    if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+        code = kg_allocate_iov(tdata, tdata->buffer.length);
+        if (code != 0)
+            goto cleanup;
+        memcpy(tdata->buffer.value,
+               (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length);
+    } else
+        tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length;
+
+    assert(i <= iov_count + 2);
+
+    major_status = kg_unseal_iov_token(&code, ctx, conf_state, qop_state,
+                                       tiov, i, toktype);
+    if (major_status == GSS_S_COMPLETE)
+        *data = *tdata;
+    else
+        kg_release_iov(tdata, 1);
+
+cleanup:
+    if (tiov != NULL)
+        free(tiov);
+
+    *minor_status = code;
+
+    return major_status;
+}
+
+OM_uint32
+kg_unseal_iov(OM_uint32 *minor_status,
+              gss_ctx_id_t context_handle,
+              int *conf_state,
+              gss_qop_t *qop_state,
+              gss_iov_buffer_desc *iov,
+              int iov_count,
+              int toktype)
+{
+    krb5_gss_ctx_id_rec *ctx;
+    OM_uint32 code;
+
+    ctx = (krb5_gss_ctx_id_rec *)context_handle;
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+
+    if (kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM) != NULL) {
+        code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state,
+                                    iov, iov_count, toktype);
+    } else {
+        code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state,
+                                   iov, iov_count, toktype);
+    }
+
+    return code;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_unwrap_iov(OM_uint32 *minor_status,
+                    gss_ctx_id_t context_handle,
+                    int *conf_state,
+                    gss_qop_t *qop_state,
+                    gss_iov_buffer_desc *iov,
+                    int iov_count)
+{
+    OM_uint32 major_status;
+
+    major_status = kg_unseal_iov(minor_status, context_handle,
+                                 conf_state, qop_state,
+                                 iov, iov_count, KG_TOK_WRAP_MSG);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_verify_mic_iov(OM_uint32 *minor_status,
+                        gss_ctx_id_t context_handle,
+                        gss_qop_t *qop_state,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count)
+{
+    OM_uint32 major_status;
+
+    major_status = kg_unseal_iov(minor_status, context_handle,
+                                 NULL, qop_state,
+                                 iov, iov_count, KG_TOK_MIC_MSG);
+
+    return major_status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/krb5_gss_glue.c b/krb5-1.21.3/src/lib/gssapi/krb5/krb5_gss_glue.c
new file mode 100644
index 00000000..b35a2152
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -0,0 +1,445 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
+                       gss_ctx_id_t context_handle,
+                       krb5_flags *ticket_flags)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH,
+        GSS_KRB5_GET_TKT_FLAGS_OID };
+    OM_uint32 major_status;
+    gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
+
+    if (ticket_flags == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    major_status = gss_inquire_sec_context_by_oid(minor_status,
+                                                  context_handle,
+                                                  (gss_OID)&req_oid,
+                                                  &data_set);
+    if (major_status != GSS_S_COMPLETE)
+        return major_status;
+
+    if (data_set == GSS_C_NO_BUFFER_SET ||
+        data_set->count != 1 ||
+        data_set->elements[0].length != sizeof(*ticket_flags)) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+
+    *ticket_flags = *((krb5_flags *)data_set->elements[0].value);
+
+    gss_release_buffer_set(minor_status, &data_set);
+
+    *minor_status = 0;
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_copy_ccache(OM_uint32 *minor_status,
+                     gss_cred_id_t cred_handle,
+                     krb5_ccache out_ccache)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_COPY_CCACHE_OID_LENGTH,
+        GSS_KRB5_COPY_CCACHE_OID };
+    OM_uint32 major_status;
+    gss_buffer_desc req_buffer;
+
+    if (out_ccache == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    req_buffer.value = out_ccache;
+    req_buffer.length = sizeof(out_ccache);
+
+    major_status = gss_set_cred_option(minor_status,
+                                       &cred_handle,
+                                       (gss_OID)&req_oid,
+                                       &req_buffer);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_import_cred(OM_uint32 *minor_status,
+                     krb5_ccache id,
+                     krb5_principal keytab_principal,
+                     krb5_keytab keytab,
+                     gss_cred_id_t *cred)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_IMPORT_CRED_OID_LENGTH,
+        GSS_KRB5_IMPORT_CRED_OID };
+    OM_uint32 major_status;
+    struct krb5_gss_import_cred_req req;
+    gss_buffer_desc req_buffer;
+
+    if (cred == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *cred = GSS_C_NO_CREDENTIAL;
+
+    req.id = id;
+    req.keytab_principal = keytab_principal;
+    req.keytab = keytab;
+
+    req_buffer.value = &req;
+    req_buffer.length = sizeof(req);
+
+    major_status = gss_set_cred_option(minor_status,
+                                       cred,
+                                       (gss_OID)&req_oid,
+                                       &req_buffer);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
+                                  gss_ctx_id_t *context_handle,
+                                  OM_uint32 version,
+                                  void **kctx)
+{
+    unsigned char oid_buf[GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + 6];
+    gss_OID_desc req_oid;
+    OM_uint32 major_status, minor;
+    gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
+
+    if (kctx == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *kctx = NULL;
+
+    req_oid.elements = oid_buf;
+    req_oid.length = sizeof(oid_buf);
+
+    major_status = generic_gss_oid_compose(minor_status,
+                                           GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+                                           GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+                                           (int)version,
+                                           &req_oid);
+    if (GSS_ERROR(major_status))
+        return major_status;
+
+    major_status = gss_inquire_sec_context_by_oid(minor_status,
+                                                  *context_handle,
+                                                  &req_oid,
+                                                  &data_set);
+    if (GSS_ERROR(major_status))
+        return major_status;
+
+    if (data_set == GSS_C_NO_BUFFER_SET ||
+        data_set->count != 1 ||
+        data_set->elements[0].length != sizeof(void *)) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+
+    *kctx = *((void **)data_set->elements[0].value);
+
+    /* Clean up the context state (it is an error for
+     * someone to attempt to use this context again)
+     */
+    (void)gss_delete_sec_context(minor_status, context_handle, NULL);
+    *context_handle = GSS_C_NO_CONTEXT;
+
+    generic_gss_release_buffer_set(&minor, &data_set);
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
+                                gss_cred_id_t cred,
+                                OM_uint32 num_ktypes,
+                                krb5_enctype *ktypes)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH,
+        GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID };
+    OM_uint32 major_status;
+    struct krb5_gss_set_allowable_enctypes_req req;
+    gss_buffer_desc req_buffer;
+
+    req.num_ktypes = num_ktypes;
+    req.ktypes = ktypes;
+
+    req_buffer.length = sizeof(req);
+    req_buffer.value = &req;
+
+    major_status = gss_set_cred_option(minor_status,
+                                       &cred,
+                                       (gss_OID)&req_oid,
+                                       &req_buffer);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_ccache_name(OM_uint32 *minor_status,
+                     const char *name,
+                     const char **out_name)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_CCACHE_NAME_OID_LENGTH,
+        GSS_KRB5_CCACHE_NAME_OID };
+    OM_uint32 major_status;
+    struct krb5_gss_ccache_name_req req;
+    gss_buffer_desc req_buffer;
+
+    req.name = name;
+    req.out_name = out_name;
+
+    req_buffer.length = sizeof(req);
+    req_buffer.value = &req;
+
+    major_status = gssspi_mech_invoke(minor_status,
+                                      (gss_OID)gss_mech_krb5,
+                                      (gss_OID)&req_oid,
+                                      &req_buffer);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *kctx)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
+        GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID };
+    OM_uint32 major_status;
+    gss_buffer_desc req_buffer;
+
+    req_buffer.length = sizeof(kctx);
+    req_buffer.value = kctx;
+
+    major_status = gssspi_mech_invoke(minor_status,
+                                      (gss_OID)gss_mech_krb5,
+                                      (gss_OID)&req_oid,
+                                      &req_buffer);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_register_acceptor_identity(const char *keytab)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH,
+        GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID };
+    OM_uint32 major_status;
+    OM_uint32 minor_status;
+    gss_buffer_desc req_buffer;
+
+    req_buffer.length = (keytab == NULL) ? 0 : strlen(keytab);
+    req_buffer.value = (char *)keytab;
+
+    major_status = gssspi_mech_invoke(&minor_status,
+                                      (gss_OID)gss_mech_krb5,
+                                      (gss_OID)&req_oid,
+                                      &req_buffer);
+
+    return major_status;
+}
+
+#ifndef _WIN32
+krb5_error_code
+krb5_gss_use_kdc_context(void)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH,
+        GSS_KRB5_USE_KDC_CONTEXT_OID };
+    OM_uint32 major_status;
+    OM_uint32 minor_status;
+    gss_buffer_desc req_buffer;
+    krb5_error_code ret;
+
+    req_buffer.length = 0;
+    req_buffer.value = NULL;
+
+    major_status = gssspi_mech_invoke(&minor_status,
+                                      (gss_OID)gss_mech_krb5,
+                                      (gss_OID)&req_oid,
+                                      &req_buffer);
+
+    if (major_status != GSS_S_COMPLETE) {
+        if (minor_status != 0)
+            ret = (krb5_error_code)minor_status;
+        else
+            ret = KRB5KRB_ERR_GENERIC;
+    } else
+        ret = 0;
+
+    return ret;
+}
+#endif
+
+/*
+ * This API should go away and be replaced with an accessor
+ * into a gss_name_t.
+ */
+OM_uint32 KRB5_CALLCONV
+gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+                                            const gss_ctx_id_t context_handle,
+                                            int ad_type,
+                                            gss_buffer_t ad_data)
+{
+    gss_OID_desc req_oid;
+    unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
+    OM_uint32 major_status;
+    gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
+
+    if (ad_data == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    req_oid.elements = oid_buf;
+    req_oid.length = sizeof(oid_buf);
+
+    major_status = generic_gss_oid_compose(minor_status,
+                                           GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID,
+                                           GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+                                           ad_type,
+                                           &req_oid);
+    if (GSS_ERROR(major_status))
+        return major_status;
+
+    major_status = gss_inquire_sec_context_by_oid(minor_status,
+                                                  context_handle,
+                                                  (gss_OID)&req_oid,
+                                                  &data_set);
+    if (major_status != GSS_S_COMPLETE) {
+        return major_status;
+    }
+
+    if (data_set == GSS_C_NO_BUFFER_SET ||
+        data_set->count != 1) {
+        return GSS_S_FAILURE;
+    }
+
+    ad_data->length = data_set->elements[0].length;
+    ad_data->value = data_set->elements[0].value;
+
+    data_set->elements[0].length = 0;
+    data_set->elements[0].value = NULL;
+
+    data_set->count = 0;
+
+    gss_release_buffer_set(minor_status, &data_set);
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_krb5_set_cred_rcache(OM_uint32 *minor_status,
+                         gss_cred_id_t cred,
+                         krb5_rcache rcache)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH,
+        GSS_KRB5_SET_CRED_RCACHE_OID };
+    OM_uint32 major_status;
+    gss_buffer_desc req_buffer;
+
+    req_buffer.length = sizeof(rcache);
+    req_buffer.value = rcache;
+
+    major_status = gss_set_cred_option(minor_status,
+                                       &cred,
+                                       (gss_OID)&req_oid,
+                                       &req_buffer);
+
+    return major_status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
+                                          gss_ctx_id_t context_handle,
+                                          krb5_timestamp *authtime)
+{
+    static const gss_OID_desc req_oid = {
+        GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH,
+        GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID };
+    OM_uint32 major_status;
+    gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
+
+    if (authtime == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    major_status = gss_inquire_sec_context_by_oid(minor_status,
+                                                  context_handle,
+                                                  (gss_OID)&req_oid,
+                                                  &data_set);
+    if (major_status != GSS_S_COMPLETE)
+        return major_status;
+
+    if (data_set == GSS_C_NO_BUFFER_SET ||
+        data_set->count != 1 ||
+        data_set->elements[0].length != sizeof(*authtime)) {
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
+    }
+
+    *authtime = *((krb5_timestamp *)data_set->elements[0].value);
+
+    gss_release_buffer_set(minor_status, &data_set);
+
+    *minor_status = 0;
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c b/krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c
new file mode 100644
index 00000000..a894f0e7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c
@@ -0,0 +1,292 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/lucid_context.c */
+/*
+ * Copyright 2004, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Externalize a "lucid" security context from a krb5_gss_ctx_id_rec
+ * structure. */
+#include "gssapiP_krb5.h"
+#include "gssapi_krb5.h"
+
+/*
+ * Local routine prototypes
+ */
+static void
+free_external_lucid_ctx_v1(
+    gss_krb5_lucid_context_v1_t *ctx);
+
+static void
+free_lucid_key_data(
+    gss_krb5_lucid_key_t *key);
+
+static krb5_error_code
+copy_keyblock_to_lucid_key(
+    krb5_keyblock *k5key,
+    gss_krb5_lucid_key_t *lkey);
+
+static krb5_error_code
+make_external_lucid_ctx_v1(
+    krb5_gss_ctx_id_rec * gctx,
+    int version,
+    void **out_ptr);
+
+
+/*
+ * Exported routines
+ */
+
+OM_uint32
+gss_krb5int_export_lucid_sec_context(
+    OM_uint32           *minor_status,
+    const gss_ctx_id_t  context_handle,
+    const gss_OID       desired_object,
+    gss_buffer_set_t    *data_set)
+{
+    krb5_error_code     kret = 0;
+    OM_uint32           retval;
+    krb5_gss_ctx_id_t   ctx = (krb5_gss_ctx_id_t)context_handle;
+    void                *lctx = NULL;
+    int                 version = 0;
+    gss_buffer_desc     rep;
+
+    /* Assume failure */
+    retval = GSS_S_FAILURE;
+    *minor_status = 0;
+    *data_set = GSS_C_NO_BUFFER_SET;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+
+    retval = generic_gss_oid_decompose(minor_status,
+                                       GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID,
+                                       GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH,
+                                       desired_object,
+                                       &version);
+    if (GSS_ERROR(retval))
+        return retval;
+
+    /* Externalize a structure of the right version */
+    switch (version) {
+    case 1:
+        kret = make_external_lucid_ctx_v1((krb5_pointer)ctx,
+                                          version, &lctx);
+        break;
+    default:
+        kret = (OM_uint32) KG_LUCID_VERSION;
+        break;
+    }
+
+    if (kret)
+        goto error_out;
+
+    rep.value = &lctx;
+    rep.length = sizeof(lctx);
+
+    retval = generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
+    if (GSS_ERROR(retval))
+        goto error_out;
+
+error_out:
+    if (*minor_status == 0)
+        *minor_status = (OM_uint32) kret;
+    return(retval);
+}
+
+/*
+ * Frees the storage associated with an
+ * exported lucid context structure.
+ */
+OM_uint32
+gss_krb5int_free_lucid_sec_context(
+    OM_uint32 *minor_status,
+    const gss_OID desired_mech,
+    const gss_OID desired_object,
+    gss_buffer_t value)
+{
+    OM_uint32           retval;
+    krb5_error_code     kret = 0;
+    int                 version;
+    void                *kctx;
+
+    /* Assume failure */
+    retval = GSS_S_FAILURE;
+    *minor_status = 0;
+
+    kctx = value->value;
+    if (!kctx) {
+        kret = EINVAL;
+        goto error_out;
+    }
+
+    /* Determine version and call correct free routine */
+    version = ((gss_krb5_lucid_context_version_t *)kctx)->version;
+    switch (version) {
+    case 1:
+        free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx);
+        break;
+    default:
+        kret = EINVAL;
+        break;
+    }
+
+    if (kret)
+        goto error_out;
+
+    /* Success! */
+    *minor_status = 0;
+    retval = GSS_S_COMPLETE;
+
+    return (retval);
+
+error_out:
+    if (*minor_status == 0)
+        *minor_status = (OM_uint32) kret;
+    return(retval);
+}
+
+/*
+ * Local routines
+ */
+
+static krb5_error_code
+make_external_lucid_ctx_v1(
+    krb5_gss_ctx_id_rec * gctx,
+    int version,
+    void **out_ptr)
+{
+    gss_krb5_lucid_context_v1_t *lctx = NULL;
+    unsigned int bufsize = sizeof(gss_krb5_lucid_context_v1_t);
+    krb5_error_code retval;
+
+    /* Allocate the structure */
+    if ((lctx = xmalloc(bufsize)) == NULL) {
+        retval = ENOMEM;
+        goto error_out;
+    }
+
+    memset(lctx, 0, bufsize);
+
+    lctx->version = 1;
+    lctx->initiate = gctx->initiate ? 1 : 0;
+    lctx->endtime = gctx->krb_times.endtime;
+    lctx->send_seq = gctx->seq_send;
+    lctx->recv_seq = gctx->seq_recv;
+    lctx->protocol = gctx->proto;
+    /* gctx->proto == 0 ==> rfc1964-style key information
+       gctx->proto == 1 ==> cfx-style (draft-ietf-krb-wg-gssapi-cfx-07) keys */
+    if (gctx->proto == 0) {
+        lctx->rfc1964_kd.sign_alg = gctx->signalg;
+        lctx->rfc1964_kd.seal_alg = gctx->sealalg;
+        /* Copy key */
+        if ((retval = copy_keyblock_to_lucid_key(&gctx->seq->keyblock,
+                                                 &lctx->rfc1964_kd.ctx_key)))
+            goto error_out;
+    }
+    else if (gctx->proto == 1) {
+        /* Copy keys */
+        /* (subkey is always present, either a copy of the kerberos
+           session key or a subkey) */
+        if ((retval = copy_keyblock_to_lucid_key(&gctx->subkey->keyblock,
+                                                 &lctx->cfx_kd.ctx_key)))
+            goto error_out;
+        if (gctx->have_acceptor_subkey) {
+            if ((retval = copy_keyblock_to_lucid_key(&gctx->acceptor_subkey->keyblock,
+                                                     &lctx->cfx_kd.acceptor_subkey)))
+                goto error_out;
+            lctx->cfx_kd.have_acceptor_subkey = 1;
+        }
+    }
+    else {
+        xfree(lctx);
+        return EINVAL;  /* XXX better error code? */
+    }
+
+    /* Success! */
+    *out_ptr = lctx;
+    return 0;
+
+error_out:
+    if (lctx) {
+        free_external_lucid_ctx_v1(lctx);
+    }
+    return retval;
+
+}
+
+/* Copy the contents of a krb5_keyblock to a gss_krb5_lucid_key_t structure */
+static krb5_error_code
+copy_keyblock_to_lucid_key(
+    krb5_keyblock *k5key,
+    gss_krb5_lucid_key_t *lkey)
+{
+    if (!k5key || !k5key->contents || k5key->length == 0)
+        return EINVAL;
+
+    memset(lkey, 0, sizeof(gss_krb5_lucid_key_t));
+
+    /* Allocate storage for the key data */
+    if ((lkey->data = xmalloc(k5key->length)) == NULL) {
+        return ENOMEM;
+    }
+    memcpy(lkey->data, k5key->contents, k5key->length);
+    lkey->length = k5key->length;
+    lkey->type = k5key->enctype;
+
+    return 0;
+}
+
+
+/* Free any storage associated with a gss_krb5_lucid_key_t structure */
+static void
+free_lucid_key_data(
+    gss_krb5_lucid_key_t *key)
+{
+    if (key) {
+        if (key->data && key->length) {
+            zap(key->data, key->length);
+            xfree(key->data);
+            zap(key, sizeof(gss_krb5_lucid_key_t));
+        }
+    }
+}
+/* Free any storage associated with a gss_krb5_lucid_context_v1 structure */
+static void
+free_external_lucid_ctx_v1(
+    gss_krb5_lucid_context_v1_t *ctx)
+{
+    if (ctx) {
+        if (ctx->protocol == 0) {
+            free_lucid_key_data(&ctx->rfc1964_kd.ctx_key);
+        }
+        if (ctx->protocol == 1) {
+            free_lucid_key_data(&ctx->cfx_kd.ctx_key);
+            if (ctx->cfx_kd.have_acceptor_subkey)
+                free_lucid_key_data(&ctx->cfx_kd.acceptor_subkey);
+        }
+        xfree(ctx);
+        ctx = NULL;
+    }
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c b/krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c
new file mode 100644
index 00000000..2ac1aba3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c
@@ -0,0 +1,666 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/naming_exts.c */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+krb5_error_code
+kg_init_name(krb5_context context, krb5_principal principal,
+             char *service, char *host, krb5_authdata_context ad_context,
+             krb5_flags flags, krb5_gss_name_t *ret_name)
+{
+    krb5_error_code code;
+    krb5_gss_name_t name;
+
+    *ret_name = NULL;
+
+    assert(principal != NULL);
+
+    if (principal == NULL)
+        return EINVAL;
+
+    name = xmalloc(sizeof(krb5_gss_name_rec));
+    if (name == NULL)
+        return ENOMEM;
+
+    memset(name, 0, sizeof(krb5_gss_name_rec));
+
+    code = k5_mutex_init(&name->lock);
+    if (code != 0)
+        goto cleanup;
+
+    if ((flags & KG_INIT_NAME_NO_COPY) == 0) {
+        code = krb5_copy_principal(context, principal, &name->princ);
+        if (code != 0)
+            goto cleanup;
+
+        if (ad_context != NULL) {
+            code = krb5_authdata_context_copy(context,
+                                              ad_context,
+                                              &name->ad_context);
+            if (code != 0)
+                goto cleanup;
+        }
+
+        code = ENOMEM;
+        if (service != NULL) {
+            name->service = strdup(service);
+            if (name->service == NULL)
+                goto cleanup;
+        }
+        if (host != NULL) {
+            name->host = strdup(host);
+            if (name->host == NULL)
+                goto cleanup;
+        }
+        code = 0;
+    } else {
+        name->princ = principal;
+        name->service = service;
+        name->host = host;
+        name->ad_context = ad_context;
+    }
+
+    *ret_name = name;
+
+cleanup:
+    if (code != 0)
+        kg_release_name(context, &name);
+
+    return code;
+}
+
+krb5_error_code
+kg_release_name(krb5_context context,
+                krb5_gss_name_t *name)
+{
+    if (*name != NULL) {
+        krb5_free_principal(context, (*name)->princ);
+        free((*name)->service);
+        free((*name)->host);
+        krb5_authdata_context_free(context, (*name)->ad_context);
+        k5_mutex_destroy(&(*name)->lock);
+        free(*name);
+        *name = NULL;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+kg_duplicate_name(krb5_context context,
+                  const krb5_gss_name_t src,
+                  krb5_gss_name_t *dst)
+{
+    krb5_error_code code;
+
+    k5_mutex_lock(&src->lock);
+    code = kg_init_name(context, src->princ, src->service, src->host,
+                        src->ad_context, 0, dst);
+    k5_mutex_unlock(&src->lock);
+    return code;
+}
+
+
+krb5_boolean
+kg_compare_name(krb5_context context,
+                krb5_gss_name_t name1,
+                krb5_gss_name_t name2)
+{
+    return krb5_principal_compare(context, name1->princ, name2->princ);
+}
+
+/* Determine the principal to use for an acceptor name, which is different from
+ * name->princ for host-based names. */
+krb5_boolean
+kg_acceptor_princ(krb5_context context, krb5_gss_name_t name,
+                  krb5_principal *princ_out)
+{
+    krb5_error_code code;
+    const char *host;
+    char *tmp = NULL;
+
+    *princ_out = NULL;
+    if (name == NULL)
+        return 0;
+
+    /* If it's not a host-based name, just copy name->princ. */
+    if (name->service == NULL)
+        return krb5_copy_principal(context, name->princ, princ_out);
+
+    if (name->host != NULL && name->princ->length == 2) {
+        /* If a host was given, we have to use the canonicalized form of it (as
+         * given by krb5_sname_to_principal) for backward compatibility. */
+        const krb5_data *d = &name->princ->data[1];
+        tmp = k5memdup0(d->data, d->length, &code);
+        if (tmp == NULL)
+            return ENOMEM;
+        host = tmp;
+    } else                      /* No host was given; use an empty string. */
+        host = "";
+
+    code = krb5_build_principal(context, princ_out, 0, "", name->service, host,
+                                (char *)NULL);
+    if (*princ_out != NULL)
+        (*princ_out)->type = KRB5_NT_SRV_HST;
+    free(tmp);
+    return code;
+}
+
+static OM_uint32
+kg_map_name_error(OM_uint32 *minor_status, krb5_error_code code)
+{
+    OM_uint32 major_status;
+
+    switch (code) {
+    case 0:
+        major_status = GSS_S_COMPLETE;
+        break;
+    case ENOENT:
+    case EPERM:
+        major_status = GSS_S_UNAVAILABLE;
+        break;
+    default:
+        major_status = GSS_S_FAILURE;
+        break;
+    }
+
+    *minor_status = code;
+
+    return major_status;
+}
+
+/* Owns data on success */
+static krb5_error_code
+data_list_to_buffer_set(krb5_context context,
+                        krb5_data *data,
+                        gss_buffer_set_t *buffer_set)
+{
+    gss_buffer_set_t set = GSS_C_NO_BUFFER_SET;
+    OM_uint32 minor_status;
+    int i;
+    krb5_error_code code = 0;
+
+    if (data == NULL)
+        goto cleanup;
+
+    if (buffer_set == NULL)
+        goto cleanup;
+
+    if (GSS_ERROR(gss_create_empty_buffer_set(&minor_status,
+                                              &set))) {
+        assert(minor_status != 0);
+        code = minor_status;
+        goto cleanup;
+    }
+
+    for (i = 0; data[i].data != NULL; i++)
+        ;
+
+    set->count = i;
+    set->elements = gssalloc_calloc(i, sizeof(gss_buffer_desc));
+    if (set->elements == NULL) {
+        gss_release_buffer_set(&minor_status, &set);
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    /*
+     * Copy last element first so data remains properly
+     * NULL-terminated in case of allocation failure
+     * in data_to_gss() on windows.
+     */
+    for (i = set->count-1; i >= 0; i--) {
+        if (data_to_gss(&data[i], &set->elements[i])) {
+            gss_release_buffer_set(&minor_status, &set);
+            code = ENOMEM;
+            goto cleanup;
+        }
+    }
+cleanup:
+    krb5int_free_data_list(context, data);
+
+    if (buffer_set != NULL)
+        *buffer_set = set;
+
+    return code;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_inquire_name(OM_uint32 *minor_status,
+                      gss_name_t name,
+                      int *name_is_MN,
+                      gss_OID *MN_mech,
+                      gss_buffer_set_t *attrs)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    krb5_data *kattrs = NULL;
+
+    *minor_status = 0;
+
+    if (attrs != NULL)
+        *attrs = GSS_C_NO_BUFFER_SET;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+
+    k5_mutex_lock(&kname->lock);
+
+    if (kname->ad_context == NULL) {
+        code = krb5_authdata_context_init(context, &kname->ad_context);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5_authdata_get_attribute_types(context,
+                                             kname->ad_context,
+                                             &kattrs);
+    if (code != 0)
+        goto cleanup;
+
+    code = data_list_to_buffer_set(context, kattrs, attrs);
+    kattrs = NULL;
+    if (code != 0)
+        goto cleanup;
+
+cleanup:
+    k5_mutex_unlock(&kname->lock);
+    krb5int_free_data_list(context, kattrs);
+
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_get_name_attribute(OM_uint32 *minor_status,
+                            gss_name_t name,
+                            gss_buffer_t attr,
+                            int *authenticated,
+                            int *complete,
+                            gss_buffer_t value,
+                            gss_buffer_t display_value,
+                            int *more)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    krb5_data kattr;
+    krb5_boolean kauthenticated;
+    krb5_boolean kcomplete;
+    krb5_data kvalue = empty_data();
+    krb5_data kdisplay_value = empty_data();
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+    k5_mutex_lock(&kname->lock);
+
+    if (kname->ad_context == NULL) {
+        code = krb5_authdata_context_init(context, &kname->ad_context);
+        if (code != 0) {
+            *minor_status = code;
+            k5_mutex_unlock(&kname->lock);
+            krb5_free_context(context);
+            return GSS_S_UNAVAILABLE;
+        }
+    }
+
+    kattr.data = (char *)attr->value;
+    kattr.length = attr->length;
+
+    kauthenticated = FALSE;
+    kcomplete = FALSE;
+
+    code = krb5_authdata_get_attribute(context,
+                                       kname->ad_context,
+                                       &kattr,
+                                       &kauthenticated,
+                                       &kcomplete,
+                                       &kvalue,
+                                       &kdisplay_value,
+                                       more);
+    if (code == 0) {
+        if (value != NULL)
+            code = data_to_gss(&kvalue, value);
+
+        if (authenticated != NULL)
+            *authenticated = kauthenticated;
+        if (complete != NULL)
+            *complete = kcomplete;
+
+        if (display_value != NULL && code == 0)
+            code = data_to_gss(&kdisplay_value, display_value);
+    }
+
+    free(kdisplay_value.data);
+    free(kvalue.data);
+
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_set_name_attribute(OM_uint32 *minor_status,
+                            gss_name_t name,
+                            int complete,
+                            gss_buffer_t attr,
+                            gss_buffer_t value)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    krb5_data kattr;
+    krb5_data kvalue;
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+    k5_mutex_lock(&kname->lock);
+
+    if (kname->ad_context == NULL) {
+        code = krb5_authdata_context_init(context, &kname->ad_context);
+        if (code != 0) {
+            *minor_status = code;
+            k5_mutex_unlock(&kname->lock);
+            krb5_free_context(context);
+            return GSS_S_UNAVAILABLE;
+        }
+    }
+
+    kattr.data = (char *)attr->value;
+    kattr.length = attr->length;
+
+    kvalue.data = (char *)value->value;
+    kvalue.length = value->length;
+
+    code = krb5_authdata_set_attribute(context,
+                                       kname->ad_context,
+                                       complete,
+                                       &kattr,
+                                       &kvalue);
+
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_delete_name_attribute(OM_uint32 *minor_status,
+                               gss_name_t name,
+                               gss_buffer_t attr)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    krb5_data kattr;
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+    k5_mutex_lock(&kname->lock);
+
+    if (kname->ad_context == NULL) {
+        code = krb5_authdata_context_init(context, &kname->ad_context);
+        if (code != 0) {
+            *minor_status = code;
+            k5_mutex_unlock(&kname->lock);
+            krb5_free_context(context);
+            return GSS_S_UNAVAILABLE;
+        }
+    }
+
+    kattr.data = (char *)attr->value;
+    kattr.length = attr->length;
+
+    code = krb5_authdata_delete_attribute(context,
+                                          kname->ad_context,
+                                          &kattr);
+
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_map_name_to_any(OM_uint32 *minor_status,
+                         gss_name_t name,
+                         int authenticated,
+                         gss_buffer_t type_id,
+                         gss_any_t *output)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    char *kmodule;
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+    k5_mutex_lock(&kname->lock);
+
+    if (kname->ad_context == NULL) {
+        code = krb5_authdata_context_init(context, &kname->ad_context);
+        if (code != 0) {
+            *minor_status = code;
+            k5_mutex_unlock(&kname->lock);
+            krb5_free_context(context);
+            return GSS_S_UNAVAILABLE;
+        }
+    }
+
+    kmodule = (char *)type_id->value;
+    if (kmodule[type_id->length] != '\0') {
+        k5_mutex_unlock(&kname->lock);
+        krb5_free_context(context);
+        return GSS_S_UNAVAILABLE;
+    }
+
+    code = krb5_authdata_export_internal(context,
+                                         kname->ad_context,
+                                         authenticated,
+                                         kmodule,
+                                         (void **)output);
+
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_release_any_name_mapping(OM_uint32 *minor_status,
+                                  gss_name_t name,
+                                  gss_buffer_t type_id,
+                                  gss_any_t *input)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    char *kmodule;
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+    k5_mutex_lock(&kname->lock);
+
+    if (kname->ad_context == NULL) {
+        code = krb5_authdata_context_init(context, &kname->ad_context);
+        if (code != 0) {
+            *minor_status = code;
+            k5_mutex_unlock(&kname->lock);
+            krb5_free_context(context);
+            return GSS_S_UNAVAILABLE;
+        }
+    }
+
+    kmodule = (char *)type_id->value;
+    if (kmodule[type_id->length] != '\0') {
+        k5_mutex_unlock(&kname->lock);
+        krb5_free_context(context);
+        return GSS_S_UNAVAILABLE;
+    }
+
+    code = krb5_authdata_free_internal(context,
+                                       kname->ad_context,
+                                       kmodule,
+                                       *input);
+    if (code == 0)
+        *input = NULL;
+
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_export_name_composite(OM_uint32 *minor_status,
+                               gss_name_t name,
+                               gss_buffer_t exp_composite_name)
+{
+    krb5_context context;
+    krb5_error_code code;
+    krb5_gss_name_t kname;
+    krb5_data *attrs = NULL;
+    char *princstr = NULL;
+    unsigned char *cp;
+    size_t princlen;
+
+    *minor_status = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kname = (krb5_gss_name_t)name;
+    k5_mutex_lock(&kname->lock);
+
+    code = krb5_unparse_name(context, kname->princ, &princstr);
+    if (code != 0)
+        goto cleanup;
+
+    princlen = strlen(princstr);
+
+    if (kname->ad_context != NULL) {
+        code = krb5_authdata_export_attributes(context,
+                                               kname->ad_context,
+                                               AD_USAGE_MASK,
+                                               &attrs);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    /* 04 02 OID Name AuthData */
+
+    exp_composite_name->length = 10 + gss_mech_krb5->length + princlen;
+    exp_composite_name->length += 4; /* length of encoded attributes */
+    if (attrs != NULL)
+        exp_composite_name->length += attrs->length;
+    exp_composite_name->value = gssalloc_malloc(exp_composite_name->length);
+    if (exp_composite_name->value == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    cp = exp_composite_name->value;
+
+    /* Note: we assume the OID will be less than 128 bytes... */
+    *cp++ = 0x04;
+    *cp++ = 0x02;
+
+    store_16_be(gss_mech_krb5->length + 2, cp);
+    cp += 2;
+    *cp++ = 0x06;
+    *cp++ = (gss_mech_krb5->length) & 0xFF;
+    memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
+    cp += gss_mech_krb5->length;
+
+    store_32_be(princlen, cp);
+    cp += 4;
+    memcpy(cp, princstr, princlen);
+    cp += princlen;
+
+    store_32_be(attrs != NULL ? attrs->length : 0, cp);
+    cp += 4;
+
+    if (attrs != NULL) {
+        memcpy(cp, attrs->data, attrs->length);
+        cp += attrs->length;
+    }
+
+cleanup:
+    krb5_free_unparsed_name(context, princstr);
+    krb5_free_data(context, attrs);
+    k5_mutex_unlock(&kname->lock);
+    krb5_free_context(context);
+
+    return kg_map_name_error(minor_status, code);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/prf.c b/krb5-1.21.3/src/lib/gssapi/krb5/prf.c
new file mode 100644
index 00000000..f87957bd
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/prf.c
@@ -0,0 +1,139 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/prf.c */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+#ifndef MIN             /* Usually found in <sys/param.h>. */
+#define MIN(_a,_b)  ((_a)<(_b)?(_a):(_b))
+#endif
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_pseudo_random(OM_uint32 *minor_status,
+                       gss_ctx_id_t context,
+                       int prf_key,
+                       const gss_buffer_t prf_in,
+                       ssize_t desired_output_len,
+                       gss_buffer_t prf_out)
+{
+    krb5_error_code code;
+    krb5_key key = NULL;
+    krb5_gss_ctx_id_t ctx;
+    int i;
+    OM_uint32 minor;
+    size_t prflen;
+    krb5_data t, ns;
+    unsigned char *p;
+
+    prf_out->length = 0;
+    prf_out->value = NULL;
+
+    t.length = 0;
+    t.data = NULL;
+
+    ns.length = 0;
+    ns.data = NULL;
+
+    ctx = (krb5_gss_ctx_id_t)context;
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return GSS_S_NO_CONTEXT;
+    }
+
+    switch (prf_key) {
+    case GSS_C_PRF_KEY_FULL:
+        if (ctx->have_acceptor_subkey) {
+            key = ctx->acceptor_subkey;
+            break;
+        }
+        /* fallthrough */
+    case GSS_C_PRF_KEY_PARTIAL:
+        key = ctx->subkey;
+        break;
+    default:
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    if (key == NULL) {
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    if (desired_output_len == 0)
+        return GSS_S_COMPLETE;
+
+    prf_out->value = gssalloc_malloc(desired_output_len);
+    if (prf_out->value == NULL) {
+        code = KG_INPUT_TOO_LONG;
+        goto cleanup;
+    }
+    prf_out->length = desired_output_len;
+
+    code = krb5_c_prf_length(ctx->k5_context,
+                             krb5_k_key_enctype(ctx->k5_context, key),
+                             &prflen);
+    if (code != 0)
+        goto cleanup;
+
+    ns.length = 4 + prf_in->length;
+    ns.data = k5alloc(ns.length, &code);
+    if (ns.data == NULL) {
+        code = KG_INPUT_TOO_LONG;
+        goto cleanup;
+    }
+
+    t.length = prflen;
+    t.data = k5alloc(t.length, &code);
+    if (t.data == NULL)
+        goto cleanup;
+
+    memcpy(ns.data + 4, prf_in->value, prf_in->length);
+    i = 0;
+    p = (unsigned char *)prf_out->value;
+    while (desired_output_len > 0) {
+        store_32_be(i, ns.data);
+
+        code = krb5_k_prf(ctx->k5_context, key, &ns, &t);
+        if (code != 0)
+            goto cleanup;
+
+        memcpy(p, t.data, MIN(t.length, desired_output_len));
+
+        p += t.length;
+        desired_output_len -= t.length;
+        i++;
+    }
+
+cleanup:
+    if (code != 0)
+        gss_release_buffer(&minor, prf_out);
+    krb5_free_data_contents(ctx->k5_context, &ns);
+    krb5_free_data_contents(ctx->k5_context, &t);
+
+    *minor_status = (OM_uint32)code;
+    return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/process_context_token.c b/krb5-1.21.3/src/lib/gssapi/krb5/process_context_token.c
new file mode 100644
index 00000000..a672f48c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/process_context_token.c
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+/*
+ * $Id$
+ */
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_process_context_token(minor_status, context_handle,
+                               token_buffer)
+    OM_uint32 *minor_status;
+    gss_ctx_id_t context_handle;
+    gss_buffer_t token_buffer;
+{
+    krb5_gss_ctx_id_rec *ctx;
+    OM_uint32 majerr;
+
+    ctx = (krb5_gss_ctx_id_t) context_handle;
+
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    /* We only support context deletion tokens for now, and RFC 4121 does not
+     * define a context deletion token. */
+    if (ctx->proto) {
+        *minor_status = 0;
+        return(GSS_S_DEFECTIVE_TOKEN);
+    }
+
+    /* "unseal" the token */
+
+    if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle,
+                                     token_buffer,
+                                     GSS_C_NO_BUFFER, NULL, NULL,
+                                     KG_TOK_DEL_CTX)))
+        return(majerr);
+
+    /* Mark the context as terminated, but do not delete it (as that would
+     * leave the caller with a dangling context handle). */
+    ctx->terminated = 1;
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/rel_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/rel_cred.c
new file mode 100644
index 00000000..0da6c1b9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/rel_cred.c
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_release_cred(minor_status, cred_handle)
+    OM_uint32 *minor_status;
+    gss_cred_id_t *cred_handle;
+{
+    krb5_context context;
+    krb5_gss_cred_id_t cred;
+    krb5_error_code code1, code2;
+
+    code1 = krb5_gss_init_context(&context);
+    if (code1) {
+        *minor_status = code1;
+        return GSS_S_FAILURE;
+    }
+
+    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+        *minor_status = 0;
+        krb5_free_context(context);
+        return(GSS_S_COMPLETE);
+    }
+
+    cred = (krb5_gss_cred_id_t)*cred_handle;
+
+    k5_mutex_destroy(&cred->lock);
+    /* ignore error destroying mutex */
+
+    if (cred->ccache) {
+        if (cred->destroy_ccache)
+            code1 = krb5_cc_destroy(context, cred->ccache);
+        else
+            code1 = krb5_cc_close(context, cred->ccache);
+    } else
+        code1 = 0;
+
+    if (cred->client_keytab)
+        krb5_kt_close(context, cred->client_keytab);
+
+#ifndef LEAN_CLIENT
+    if (cred->keytab)
+        code2 = krb5_kt_close(context, cred->keytab);
+    else
+#endif /* LEAN_CLIENT */
+        code2 = 0;
+
+    if (cred->rcache)
+        k5_rc_close(context, cred->rcache);
+    if (cred->name)
+        kg_release_name(context, &cred->name);
+
+    krb5_free_principal(context, cred->acceptor_mprinc);
+    krb5_free_principal(context, cred->impersonator);
+
+    if (cred->req_enctypes)
+        free(cred->req_enctypes);
+
+    if (cred->password != NULL)
+        zapfree(cred->password, strlen(cred->password));
+
+    xfree(cred);
+
+    *cred_handle = NULL;
+
+    *minor_status = 0;
+    if (code1)
+        *minor_status = code1;
+    if (code2)
+        *minor_status = code2;
+
+    if (*minor_status)
+        save_error_info(*minor_status, context);
+    krb5_free_context(context);
+    return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/rel_name.c b/krb5-1.21.3/src/lib/gssapi/krb5/rel_name.c
new file mode 100644
index 00000000..3dabe32f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/rel_name.c
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_release_name(minor_status, input_name)
+    OM_uint32 *minor_status;
+    gss_name_t *input_name;
+{
+    krb5_context context;
+    krb5_error_code code;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    kg_release_name(context, (krb5_gss_name_t *)input_name);
+    krb5_free_context(context);
+
+    *input_name = (gss_name_t) NULL;
+
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/rel_oid.c b/krb5-1.21.3/src/lib/gssapi/krb5/rel_oid.c
new file mode 100644
index 00000000..739efe46
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/rel_oid.c
@@ -0,0 +1,78 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/rel_oid.c - Release an OID */
+/*
+ * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+
+OM_uint32
+krb5_gss_release_oid(minor_status, oid)
+    OM_uint32   *minor_status;
+    gss_OID     *oid;
+{
+    /*
+     * The V2 API says the following!
+     *
+     * gss_release_oid[()] will recognize any of the GSSAPI's own OID values,
+     * and will silently ignore attempts to free these OIDs; for other OIDs
+     * it will call the C free() routine for both the OID data and the
+     * descriptor.  This allows applications to freely mix their own heap-
+     * allocated OID values with OIDs returned by GSS-API.
+     */
+    if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) {
+        /* Pawn it off on the generic routine */
+        return(generic_gss_release_oid(minor_status, oid));
+    }
+    else {
+        *oid = GSS_C_NO_OID;
+        *minor_status = 0;
+        return(GSS_S_COMPLETE);
+    }
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_internal_release_oid(minor_status, oid)
+    OM_uint32   *minor_status;
+    gss_OID     *oid;
+{
+    /*
+     * This function only knows how to release internal OIDs. It will
+     * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize.
+     */
+
+    *minor_status = 0;
+    if ((*oid != gss_mech_krb5) &&
+        (*oid != gss_mech_krb5_old) &&
+        (*oid != gss_mech_krb5_wrong) &&
+        (*oid != gss_mech_iakerb) &&
+        (*oid != gss_nt_krb5_name) &&
+        (*oid != gss_nt_krb5_principal)) {
+        /* We don't know about this OID */
+        return(GSS_S_CONTINUE_NEEDED);
+    }
+    else {
+        *oid = GSS_C_NO_OID;
+        return(GSS_S_COMPLETE);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/s4u_gss_glue.c b/krb5-1.21.3/src/lib/gssapi/krb5/s4u_gss_glue.c
new file mode 100644
index 00000000..fa7f980a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -0,0 +1,303 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <assert.h>
+
+static int
+kg_is_initiator_cred(krb5_gss_cred_id_t cred)
+{
+    return (cred->usage == GSS_C_INITIATE || cred->usage == GSS_C_BOTH) &&
+        (cred->ccache != NULL);
+}
+
+static OM_uint32
+kg_impersonate_name(OM_uint32 *minor_status,
+                    const krb5_gss_cred_id_t impersonator_cred,
+                    const krb5_gss_name_t user,
+                    OM_uint32 time_req,
+                    krb5_gss_cred_id_t *output_cred,
+                    OM_uint32 *time_rec,
+                    krb5_context context)
+{
+    OM_uint32 major_status;
+    krb5_error_code code;
+    krb5_creds in_creds, *out_creds = NULL;
+    krb5_data *subject_cert = NULL;
+
+    *output_cred = NULL;
+    memset(&in_creds, 0, sizeof(in_creds));
+
+    if (user->is_cert)
+        subject_cert = user->princ->data;
+    else
+        in_creds.client = user->princ;
+    in_creds.server = impersonator_cred->name->princ;
+
+    if (impersonator_cred->req_enctypes != NULL)
+        in_creds.keyblock.enctype = impersonator_cred->req_enctypes[0];
+
+    k5_mutex_lock(&user->lock);
+
+    if (user->ad_context != NULL) {
+        code = krb5_authdata_export_authdata(context,
+                                             user->ad_context,
+                                             AD_USAGE_TGS_REQ,
+                                             &in_creds.authdata);
+        if (code != 0) {
+            k5_mutex_unlock(&user->lock);
+            *minor_status = code;
+            return GSS_S_FAILURE;
+        }
+    }
+
+    k5_mutex_unlock(&user->lock);
+
+    code = krb5_get_credentials_for_user(context,
+                                         KRB5_GC_CANONICALIZE | KRB5_GC_NO_STORE,
+                                         impersonator_cred->ccache,
+                                         &in_creds, subject_cert, &out_creds);
+    if (code != 0) {
+        krb5_free_authdata(context, in_creds.authdata);
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    major_status = kg_compose_deleg_cred(minor_status,
+                                         impersonator_cred,
+                                         out_creds,
+                                         time_req,
+                                         output_cred,
+                                         time_rec,
+                                         context);
+
+    krb5_free_authdata(context, in_creds.authdata);
+    krb5_free_creds(context, out_creds);
+
+    return major_status;
+}
+
+/* The mechglue always passes null desired_mechs and actual_mechs. */
+OM_uint32 KRB5_CALLCONV
+krb5_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
+                                       const gss_cred_id_t impersonator_cred_handle,
+                                       const gss_name_t desired_name,
+                                       OM_uint32 time_req,
+                                       const gss_OID_set desired_mechs,
+                                       gss_cred_usage_t cred_usage,
+                                       gss_cred_id_t *output_cred_handle,
+                                       gss_OID_set *actual_mechs,
+                                       OM_uint32 *time_rec)
+{
+    OM_uint32 major_status;
+    krb5_error_code code;
+    krb5_gss_cred_id_t imp_cred = (krb5_gss_cred_id_t)impersonator_cred_handle;
+    krb5_gss_cred_id_t cred;
+    krb5_context context;
+
+    if (impersonator_cred_handle == GSS_C_NO_CREDENTIAL)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (desired_name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (output_cred_handle == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (cred_usage != GSS_C_INITIATE) {
+        *minor_status = (OM_uint32)G_BAD_USAGE;
+        return GSS_S_FAILURE;
+    }
+
+    if (imp_cred->usage != GSS_C_INITIATE && imp_cred->usage != GSS_C_BOTH) {
+        *minor_status = 0;
+        return GSS_S_NO_CRED;
+    }
+
+    *output_cred_handle = GSS_C_NO_CREDENTIAL;
+    if (time_rec != NULL)
+        *time_rec = 0;
+
+    code = krb5_gss_init_context(&context);
+    if (code != 0) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    major_status = kg_cred_resolve(minor_status, context,
+                                   impersonator_cred_handle, NULL);
+    if (GSS_ERROR(major_status)) {
+        krb5_free_context(context);
+        return major_status;
+    }
+
+    major_status = kg_impersonate_name(minor_status,
+                                       imp_cred,
+                                       (krb5_gss_name_t)desired_name,
+                                       time_req,
+                                       &cred,
+                                       time_rec,
+                                       context);
+
+    if (!GSS_ERROR(major_status))
+        *output_cred_handle = (gss_cred_id_t)cred;
+
+    k5_mutex_unlock(&imp_cred->lock);
+    krb5_free_context(context);
+
+    return major_status;
+
+}
+
+/*
+ * Set up cred to be an S4U2Proxy credential by copying in the impersonator's
+ * creds, setting a cache config variable with the impersonator principal name,
+ * and saving the impersonator principal name in the cred structure.
+ */
+static krb5_error_code
+make_proxy_cred(krb5_context context, krb5_gss_cred_id_t cred,
+                krb5_gss_cred_id_t impersonator_cred)
+{
+    krb5_error_code code;
+    krb5_data data;
+    char *str;
+
+    code = krb5_cc_copy_creds(context, impersonator_cred->ccache,
+                              cred->ccache);
+    if (code)
+        return code;
+
+    code = krb5_unparse_name(context, impersonator_cred->name->princ, &str);
+    if (code)
+        return code;
+
+    data = string2data(str);
+    code = krb5_cc_set_config(context, cred->ccache, NULL,
+                              KRB5_CC_CONF_PROXY_IMPERSONATOR, &data);
+    krb5_free_unparsed_name(context, str);
+    if (code)
+        return code;
+
+    return krb5_copy_principal(context, impersonator_cred->name->princ,
+                               &cred->impersonator);
+}
+
+OM_uint32
+kg_compose_deleg_cred(OM_uint32 *minor_status,
+                      krb5_gss_cred_id_t impersonator_cred,
+                      krb5_creds *subject_creds,
+                      OM_uint32 time_req,
+                      krb5_gss_cred_id_t *output_cred,
+                      OM_uint32 *time_rec,
+                      krb5_context context)
+{
+    OM_uint32 major_status;
+    krb5_error_code code;
+    krb5_gss_cred_id_t cred = NULL;
+
+    *output_cred = NULL;
+    k5_mutex_assert_locked(&impersonator_cred->lock);
+
+    if (!kg_is_initiator_cred(impersonator_cred) ||
+        impersonator_cred->name == NULL ||
+        impersonator_cred->impersonator != NULL) {
+        code = G_BAD_USAGE;
+        goto cleanup;
+    }
+
+    assert(impersonator_cred->name->princ != NULL);
+
+    assert(subject_creds != NULL);
+    assert(subject_creds->client != NULL);
+
+    cred = xmalloc(sizeof(*cred));
+    if (cred == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+    memset(cred, 0, sizeof(*cred));
+
+    code = k5_mutex_init(&cred->lock);
+    if (code != 0)
+        goto cleanup;
+
+    cred->usage = GSS_C_INITIATE;
+
+    cred->expire = subject_creds->times.endtime;
+
+    code = kg_init_name(context, subject_creds->client, NULL, NULL, NULL, 0,
+                        &cred->name);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_cc_new_unique(context, "MEMORY", NULL, &cred->ccache);
+    if (code != 0)
+        goto cleanup;
+    cred->destroy_ccache = 1;
+
+    code = krb5_cc_initialize(context, cred->ccache, subject_creds->client);
+    if (code != 0)
+        goto cleanup;
+
+    code = make_proxy_cred(context, cred, impersonator_cred);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_cc_store_cred(context, cred->ccache, subject_creds);
+    if (code != 0)
+        goto cleanup;
+
+    if (time_rec != NULL) {
+        krb5_timestamp now;
+
+        code = krb5_timeofday(context, &now);
+        if (code != 0)
+            goto cleanup;
+
+        *time_rec = ts_interval(now, cred->expire);
+    }
+
+    major_status = GSS_S_COMPLETE;
+    *minor_status = 0;
+    *output_cred = cred;
+
+cleanup:
+    if (code != 0) {
+        *minor_status = code;
+        major_status = GSS_S_FAILURE;
+    }
+
+    if (GSS_ERROR(major_status) && cred != NULL) {
+        k5_mutex_destroy(&cred->lock);
+        krb5_cc_destroy(context, cred->ccache);
+        kg_release_name(context, &cred->name);
+        xfree(cred);
+    }
+
+    return major_status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c b/krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c
new file mode 100644
index 00000000..9e2d32e9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c
@@ -0,0 +1,698 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/ser_sctx.c - [De]serialization of security context */
+/*
+ * Copyright 1995, 2004, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+/*
+ * This module contains routines to [de]serialize
+ *      krb5_gss_enc_desc and krb5_gss_ctx_id_t.
+ * XXX This whole serialization abstraction is unnecessary in a
+ * non-messaging environment, which krb5 is.  Someday, this should
+ * all get redone without the extra level of indirection. I've done
+ * some of this work here, since adding new serializers is an internal
+ * krb5 interface, and I won't use those.  There is some more
+ * deobfuscation (no longer anonymizing pointers, mostly) which could
+ * still be done. --marc
+ */
+
+static krb5_error_code
+kg_oid_externalize(gss_OID oid, krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code err;
+
+    err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
+    if (err)
+        return err;
+    err = krb5_ser_pack_int32((krb5_int32) oid->length,
+                              buffer, lenremain);
+    if (err)
+        return err;
+    err = krb5_ser_pack_bytes((krb5_octet *) oid->elements,
+                              oid->length, buffer, lenremain);
+    if (err)
+        return err;
+    err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain);
+    return err;
+}
+
+static krb5_error_code
+kg_oid_internalize(gss_OID *argp, krb5_octet **buffer, size_t *lenremain)
+{
+    gss_OID oid;
+    krb5_int32 ibuf;
+    krb5_octet         *bp;
+    size_t             remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Read in and check our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        return (EINVAL);
+
+    if (ibuf != KV5M_GSS_OID)
+        return (EINVAL);
+
+    oid = (gss_OID) malloc(sizeof(gss_OID_desc));
+    if (oid == NULL)
+        return ENOMEM;
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        free(oid);
+        return EINVAL;
+    }
+    oid->length = ibuf;
+    oid->elements = malloc((size_t)ibuf);
+    if (oid->elements == 0) {
+        free(oid);
+        return ENOMEM;
+    }
+    if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
+                              oid->length, &bp, &remain)) {
+        free(oid->elements);
+        free(oid);
+        return EINVAL;
+    }
+
+    /* Read in and check our trailing magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        free(oid->elements);
+        free(oid);
+        return (EINVAL);
+    }
+
+    if (ibuf != KV5M_GSS_OID) {
+        free(oid->elements);
+        free(oid);
+        return (EINVAL);
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    *argp = oid;
+    return 0;
+}
+
+static krb5_error_code
+kg_oid_size(gss_OID oid, size_t *sizep)
+{
+    krb5_error_code kret;
+    size_t required;
+
+    kret = EINVAL;
+    if (oid != NULL) {
+        required = 2*sizeof(krb5_int32); /* For the header and trailer */
+        required += sizeof(krb5_int32);
+        required += oid->length;
+
+        kret = 0;
+
+        *sizep += required;
+    }
+
+    return(kret);
+}
+
+static krb5_error_code
+kg_seqstate_externalize(arg, buffer, lenremain)
+    g_seqnum_state      arg;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
+{
+    krb5_error_code err;
+    err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+    if (err == 0)
+        err = g_seqstate_externalize(arg, buffer, lenremain);
+    if (err == 0)
+        err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain);
+    return err;
+}
+
+static krb5_error_code
+kg_seqstate_internalize(argp, buffer, lenremain)
+    g_seqnum_state      *argp;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
+{
+    krb5_int32 ibuf;
+    krb5_octet         *bp;
+    size_t             remain;
+    krb5_error_code    err;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Read in and check our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        return (EINVAL);
+
+    if (ibuf != KV5M_GSS_QUEUE)
+        return (EINVAL);
+
+    err = g_seqstate_internalize(argp, &bp, &remain);
+    if (err)
+        return err;
+
+    /* Read in and check our trailing magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
+        g_seqstate_free(*argp);
+        return (EINVAL);
+    }
+
+    if (ibuf != KV5M_GSS_QUEUE) {
+        g_seqstate_free(*argp);
+        return (EINVAL);
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    return 0;
+}
+
+static krb5_error_code
+kg_seqstate_size(arg, sizep)
+    g_seqnum_state      arg;
+    size_t              *sizep;
+{
+    krb5_error_code kret;
+    size_t required;
+
+    kret = EINVAL;
+    if (arg) {
+        required = 2*sizeof(krb5_int32); /* For the header and trailer */
+        g_seqstate_size(arg, &required);
+
+        kret = 0;
+        *sizep += required;
+    }
+    return(kret);
+}
+
+/*
+ * Determine the size required for this krb5_gss_ctx_id_rec.
+ */
+krb5_error_code
+kg_ctx_size(krb5_context kcontext, krb5_gss_ctx_id_t ctx, size_t *sizep)
+{
+    krb5_error_code     kret;
+    size_t              required;
+
+    /*
+     * krb5_gss_ctx_id_rec requires:
+     *  krb5_int32      for KG_CONTEXT
+     *  krb5_int32      for initiate.
+     *  krb5_int32      for established.
+     *  krb5_int32      for have_acceptor_subkey.
+     *  krb5_int32      for seed_init.
+     *  krb5_int32      for gss_flags.
+     *  sizeof(seed)    for seed
+     *  ...             for here
+     *  ...             for there
+     *  ...             for subkey
+     *  krb5_int32      for signalg.
+     *  krb5_int32      for cksum_size.
+     *  krb5_int32      for sealalg.
+     *  ...             for enc
+     *  ...             for seq
+     *  krb5_int32      for authtime.
+     *  krb5_int32      for starttime.
+     *  krb5_int32      for endtime.
+     *  krb5_int32      for renew_till.
+     *  krb5_int32      for flags.
+     *  int64_t         for seq_send.
+     *  int64_t         for seq_recv.
+     *  ...             for seqstate
+     *  ...             for auth_context
+     *  ...             for mech_used
+     *  krb5_int32      for proto
+     *  krb5_int32      for cksumtype
+     *  ...             for acceptor_subkey
+     *  krb5_int32      for acceptor_key_cksumtype
+     *  krb5_int32      for cred_rcache
+     *  krb5_int32      for number of elements in authdata array
+     *  ...             for authdata array
+     *  krb5_int32      for trailer.
+     */
+    kret = EINVAL;
+    if (ctx != NULL) {
+        required = 21*sizeof(krb5_int32);
+        required += 2*sizeof(int64_t);
+        required += sizeof(ctx->seed);
+
+        kret = 0;
+        if (!kret && ctx->here)
+            kret = k5_size_principal(ctx->here->princ, &required);
+
+        if (!kret && ctx->there)
+            kret = k5_size_principal(ctx->there->princ, &required);
+
+        if (!kret && ctx->subkey)
+            kret = k5_size_keyblock(&ctx->subkey->keyblock, &required);
+
+        if (!kret && ctx->enc)
+            kret = k5_size_keyblock(&ctx->enc->keyblock, &required);
+
+        if (!kret && ctx->seq)
+            kret = k5_size_keyblock(&ctx->seq->keyblock, &required);
+
+        if (!kret)
+            kret = kg_oid_size(ctx->mech_used, &required);
+
+        if (!kret && ctx->seqstate)
+            kret = kg_seqstate_size(ctx->seqstate, &required);
+
+        if (!kret)
+            kret = k5_size_context(ctx->k5_context, &required);
+        if (!kret)
+            kret = k5_size_auth_context(ctx->auth_context, &required);
+        if (!kret && ctx->acceptor_subkey)
+            kret = k5_size_keyblock(&ctx->acceptor_subkey->keyblock,
+                                    &required);
+        if (!kret && ctx->authdata) {
+            krb5_int32 i;
+
+            for (i = 0; !kret && ctx->authdata[i]; i++)
+                kret = k5_size_authdata(ctx->authdata[i], &required);
+        }
+        if (!kret) {
+            krb5_gss_name_t initiator_name;
+
+            initiator_name = ctx->initiate ? ctx->here : ctx->there;
+
+            if (initiator_name && initiator_name->ad_context) {
+                kret = k5_size_authdata_context(kcontext,
+                                                initiator_name->ad_context,
+                                                &required);
+            }
+        }
+        *sizep += required;
+    }
+    return(kret);
+}
+
+/*
+ * Externalize this krb5_gss_ctx_id_ret.
+ */
+krb5_error_code
+kg_ctx_externalize(krb5_context kcontext, krb5_gss_ctx_id_t ctx,
+                   krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    krb5int_access kaccess;
+
+    kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (kret)
+        return(kret);
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (ctx != NULL) {
+        kret = ENOMEM;
+        if (!kg_ctx_size(kcontext, ctx, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
+
+            /* Now static data */
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->established,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed,
+                                       sizeof(ctx->seed),
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.authtime,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.starttime,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.endtime,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.renew_till,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags,
+                                       &bp, &remain);
+            (void) (*kaccess.ser_pack_int64)((int64_t) ctx->seq_send,
+                                             &bp, &remain);
+            (void) (*kaccess.ser_pack_int64)((int64_t) ctx->seq_recv,
+                                             &bp, &remain);
+
+            /* Now dynamic data */
+            kret = 0;
+
+            if (!kret && ctx->mech_used)
+                kret = kg_oid_externalize(ctx->mech_used, &bp, &remain);
+
+            if (!kret && ctx->here)
+                kret = k5_externalize_principal(ctx->here->princ,
+                                                &bp, &remain);
+
+            if (!kret && ctx->there)
+                kret = k5_externalize_principal(ctx->there->princ,
+                                                &bp, &remain);
+
+            if (!kret && ctx->subkey)
+                kret = k5_externalize_keyblock(&ctx->subkey->keyblock,
+                                               &bp, &remain);
+
+            if (!kret && ctx->enc)
+                kret = k5_externalize_keyblock(&ctx->enc->keyblock,
+                                               &bp, &remain);
+
+            if (!kret && ctx->seq)
+                kret = k5_externalize_keyblock(&ctx->seq->keyblock,
+                                               &bp, &remain);
+
+            if (!kret && ctx->seqstate)
+                kret = kg_seqstate_externalize(ctx->seqstate, &bp, &remain);
+
+            if (!kret)
+                kret = k5_externalize_context(ctx->k5_context, &bp, &remain);
+
+            if (!kret)
+                kret = k5_externalize_auth_context(ctx->auth_context,
+                                                   &bp, &remain);
+
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->proto,
+                                           &bp, &remain);
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype,
+                                           &bp, &remain);
+            if (!kret && ctx->acceptor_subkey)
+                kret = k5_externalize_keyblock(&ctx->acceptor_subkey->keyblock,
+                                               &bp, &remain);
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype,
+                                           &bp, &remain);
+
+            if (!kret)
+                kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache,
+                                           &bp, &remain);
+            if (!kret) {
+                krb5_int32 i = 0;
+
+                if (ctx->authdata) {
+                    for (; ctx->authdata[i]; i++)
+                        ;
+                }
+                /* authdata count */
+                kret = krb5_ser_pack_int32(i, &bp, &remain);
+                if (!kret && ctx->authdata) {
+                    /* authdata */
+                    for (i = 0; !kret && ctx->authdata[i]; i++)
+                        kret = k5_externalize_authdata(ctx->authdata[i],
+                                                       &bp, &remain);
+                }
+            }
+            /* authdata context */
+            if (!kret) {
+                krb5_gss_name_t initiator_name;
+
+                initiator_name = ctx->initiate ? ctx->here : ctx->there;
+
+                if (initiator_name && initiator_name->ad_context) {
+                    kret = k5_externalize_authdata_context(kcontext,
+                                                           initiator_name->
+                                                           ad_context,
+                                                           &bp, &remain);
+                }
+            }
+            /* trailer */
+            if (!kret)
+                kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain);
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
+    }
+    return(kret);
+}
+
+/* Internalize a keyblock and convert it to a key. */
+static krb5_error_code
+intern_key(krb5_key *key, krb5_octet **bp, size_t *sp)
+{
+    krb5_keyblock *keyblock;
+    krb5_error_code ret;
+
+    ret = k5_internalize_keyblock(&keyblock, bp, sp);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_create_key(NULL, keyblock, key);
+    krb5_free_keyblock(NULL, keyblock);
+    return ret;
+}
+
+/*
+ * Internalize this krb5_gss_ctx_id_t.
+ */
+krb5_error_code
+kg_ctx_internalize(krb5_context kcontext, krb5_gss_ctx_id_t *argp,
+                   krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_gss_ctx_id_rec *ctx;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    krb5int_access kaccess;
+    krb5_principal        princ;
+
+    kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
+    if (kret)
+        return(kret);
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    princ = NULL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KG_CONTEXT) {
+        kret = ENOMEM;
+
+        /* Get a context */
+        if ((remain >= (17*sizeof(krb5_int32)
+                        + 2*sizeof(int64_t)
+                        + sizeof(ctx->seed))) &&
+            (ctx = (krb5_gss_ctx_id_rec *)
+             xmalloc(sizeof(krb5_gss_ctx_id_rec)))) {
+            memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec));
+
+            ctx->magic = ibuf;
+
+            /* Get static data */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->initiate = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->established = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->have_acceptor_subkey = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->seed_init = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->gss_flags = (int) ibuf;
+            (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed,
+                                         sizeof(ctx->seed),
+                                         &bp, &remain);
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->signalg = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->cksum_size = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->sealalg = (int) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->krb_times.authtime = (krb5_timestamp) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->krb_times.starttime = (krb5_timestamp) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->krb_times.endtime = (krb5_timestamp) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->krb_times.renew_till = (krb5_timestamp) ibuf;
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->krb_flags = (krb5_flags) ibuf;
+            (void) (*kaccess.ser_unpack_int64)((int64_t *)&ctx->seq_send,
+                                               &bp, &remain);
+            kret = (*kaccess.ser_unpack_int64)((int64_t *)&ctx->seq_recv,
+                                               &bp, &remain);
+            if (kret) {
+                free(ctx);
+                return kret;
+            }
+
+            {
+                gss_OID tmp;
+                kret = kg_oid_internalize(&tmp, &bp, &remain);
+                if (kret == 0)
+                    ctx->mech_used = tmp;
+                else if (kret == EINVAL)
+                    kret = 0;
+            }
+            /* Now get substructure data */
+            kret = k5_internalize_principal(&princ, &bp, &remain);
+            if (kret == 0) {
+                kret = kg_init_name(kcontext, princ, NULL, NULL, NULL,
+                                    KG_INIT_NAME_NO_COPY, &ctx->here);
+                if (kret)
+                    krb5_free_principal(kcontext, princ);
+            } else if (kret == EINVAL)
+                kret = 0;
+            if (!kret) {
+                kret = k5_internalize_principal(&princ, &bp, &remain);
+                if (kret == 0) {
+                    kret = kg_init_name(kcontext, princ, NULL, NULL, NULL,
+                                        KG_INIT_NAME_NO_COPY, &ctx->there);
+                    if (kret)
+                        krb5_free_principal(kcontext, princ);
+                } else if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = intern_key(&ctx->subkey, &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = intern_key(&ctx->enc, &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret &&
+                (kret = intern_key(&ctx->seq, &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            if (!kret) {
+                kret = kg_seqstate_internalize(&ctx->seqstate, &bp, &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            if (!kret)
+                kret = k5_internalize_context(&ctx->k5_context, &bp, &remain);
+
+            if (!kret)
+                kret = k5_internalize_auth_context(&ctx->auth_context,
+                                                   &bp, &remain);
+
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->proto = ibuf;
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->cksumtype = ibuf;
+            if (!kret &&
+                (kret = intern_key(&ctx->acceptor_subkey, &bp, &remain))) {
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->acceptor_subkey_cksumtype = ibuf;
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ctx->cred_rcache = ibuf;
+            /* authdata */
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            if (!kret) {
+                krb5_int32 nadata = ibuf, i;
+
+                if (nadata > 0) {
+                    ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1,
+                                                             sizeof(krb5_authdata *));
+                    if (ctx->authdata == NULL) {
+                        kret = ENOMEM;
+                    } else {
+                        for (i = 0; !kret && i < nadata; i++)
+                            kret = k5_internalize_authdata(&ctx->authdata[i],
+                                                           &bp, &remain);
+                    }
+                }
+            }
+            /* authdata context */
+            if (!kret) {
+                krb5_gss_name_t initiator_name;
+
+                initiator_name = ctx->initiate ? ctx->here : ctx->there;
+                if (initiator_name == NULL) {
+                    kret = EINVAL;
+                } else {
+                    kret = k5_internalize_authdata_context(kcontext,
+                                                           &initiator_name->
+                                                           ad_context,
+                                                           &bp, &remain);
+                    if (kret == EINVAL)
+                        kret = 0;
+                }
+            }
+            /* Get trailer */
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            if (!kret && ibuf != KG_CONTEXT)
+                kret = EINVAL;
+
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+                *argp = ctx;
+            } else {
+                if (ctx->seq)
+                    krb5_k_free_key(kcontext, ctx->seq);
+                if (ctx->enc)
+                    krb5_k_free_key(kcontext, ctx->enc);
+                if (ctx->subkey)
+                    krb5_k_free_key(kcontext, ctx->subkey);
+                if (ctx->there)
+                    kg_release_name(kcontext, &ctx->there);
+                if (ctx->here)
+                    kg_release_name(kcontext, &ctx->here);
+                xfree(ctx);
+            }
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c b/krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c
new file mode 100644
index 00000000..a74b161c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c
@@ -0,0 +1,122 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/set_allowable_enctypes.c */
+/*
+ * Copyright 2004  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5_gss_set_allowable_enctypes()
+ */
+
+/*
+ * gss_krb5_set_allowable_enctypes
+ *
+ * This function may be called by a context initiator after calling
+ * gss_acquire_cred(), but before calling gss_init_sec_context(),
+ * to restrict the set of enctypes which will be negotiated during
+ * context establishment to those in the provided array.
+ *
+ * 'cred_handle' must be a valid credential handle obtained via
+ * gss_acquire_cred().  It may not be GSS_C_NO_CREDENTIAL.
+ * gss_acquire_cred() may be called with GSS_C_NO_CREDENTIAL
+ * to get a handle to the default credential.
+ *
+ * The purpose of this function is to limit the keys that may
+ * be exported via gss_krb5_export_lucid_sec_context(); thus it
+ * should limit the enctypes of all keys that will be needed
+ * after the security context has been established.
+ * (i.e. context establishment may use a session key with a
+ * stronger enctype than in the provided array, however a
+ * subkey must be established within the enctype limits
+ * established by this function.)
+ *
+ */
+
+#include "gssapiP_krb5.h"
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+#include "gssapi_krb5.h"
+
+OM_uint32
+gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
+                                   gss_cred_id_t *cred_handle,
+                                   const gss_OID desired_oid,
+                                   const gss_buffer_t value)
+{
+    unsigned int i, j;
+    krb5_enctype * new_ktypes;
+    OM_uint32 major_status;
+    krb5_gss_cred_id_t cred;
+    krb5_error_code kerr = 0;
+    struct krb5_gss_set_allowable_enctypes_req *req;
+
+    /* Assume a failure */
+    *minor_status = 0;
+    major_status = GSS_S_FAILURE;
+
+    assert(value->length == sizeof(*req));
+    req = (struct krb5_gss_set_allowable_enctypes_req *)value->value;
+
+    /* verify and valildate cred handle */
+    cred = (krb5_gss_cred_id_t) *cred_handle;
+
+    if (req->ktypes == NULL) {
+        k5_mutex_lock(&cred->lock);
+        if (cred->req_enctypes)
+            free(cred->req_enctypes);
+        cred->req_enctypes = NULL;
+        k5_mutex_unlock(&cred->lock);
+        return GSS_S_COMPLETE;
+    }
+
+    /* Copy the requested enctypes into the cred structure.  Filter out the
+     * ones we don't consider valid.  Error out if no enctypes are valid. */
+    new_ktypes = k5calloc(req->num_ktypes + 1, sizeof(*new_ktypes), &kerr);
+    if (new_ktypes == NULL)
+        goto error_out;
+    for (i = 0, j = 0; i < req->num_ktypes && req->ktypes[i]; i++) {
+        if (krb5_c_valid_enctype(req->ktypes[i]))
+            new_ktypes[j++] = req->ktypes[i];
+    }
+    new_ktypes[j] = 0;
+    if (j == 0) {
+        free(new_ktypes);
+        kerr = KRB5_PROG_ETYPE_NOSUPP;
+        goto error_out;
+    }
+    k5_mutex_lock(&cred->lock);
+    if (cred->req_enctypes)
+        free(cred->req_enctypes);
+    cred->req_enctypes = new_ktypes;
+    k5_mutex_unlock(&cred->lock);
+
+    /* Success! */
+    return GSS_S_COMPLETE;
+
+error_out:
+    *minor_status = kerr;
+    return(major_status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/set_ccache.c b/krb5-1.21.3/src/lib/gssapi/krb5/set_ccache.c
new file mode 100644
index 00000000..91c3462b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/set_ccache.c
@@ -0,0 +1,87 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/set_ccache.c */
+/*
+ * Copyright 1999, 2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Set ccache name used by gssapi, and optionally obtain old ccache
+ * name.  Caller must not free returned name.
+ */
+
+#include <string.h>
+#include "gssapiP_krb5.h"
+
+OM_uint32
+gss_krb5int_ccache_name(OM_uint32 *minor_status,
+                        const gss_OID desired_mech,
+                        const gss_OID desired_object,
+                        const gss_buffer_t value)
+{
+    OM_uint32 err = 0;
+    struct krb5_gss_ccache_name_req *req;
+    char *old_name, *cur_name = NULL;
+
+    err = gss_krb5int_initialize_library();
+    if (err) {
+        *minor_status = err;
+        return GSS_S_FAILURE;
+    }
+
+    assert(value->length == sizeof(*req));
+
+    if (value->length != sizeof(*req))
+        return GSS_S_FAILURE;
+
+    req = (struct krb5_gss_ccache_name_req *)value->value;
+
+    /* Our job is simple if the caller doesn't want the current name. */
+    if (req->out_name == NULL)
+        return kg_set_ccache_name(minor_status, req->name);
+
+    /* Fetch the current name and change it. */
+    kg_get_ccache_name(&err, &cur_name);
+    if (err)
+        goto cleanup;
+    kg_set_ccache_name(&err, req->name);
+    if (err)
+        goto cleanup;
+
+    /* Store the current name in a thread-specific variable.  Free that
+     * variable's previous contents. */
+    old_name = k5_getspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME);
+    err = k5_setspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, cur_name);
+    if (err)
+        goto cleanup;
+    free(old_name);
+
+    /* Give the caller an alias to the stored value. */
+    *req->out_name = cur_name;
+    cur_name = NULL;
+    err = 0;
+
+cleanup:
+    free(cur_name);
+    *minor_status = err;
+    return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/store_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/store_cred.c
new file mode 100644
index 00000000..1e168bc5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/store_cred.c
@@ -0,0 +1,223 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/krb5/store_cred.c */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+
+static OM_uint32
+copy_initiator_creds(OM_uint32 *minor_status,
+                     gss_cred_id_t input_cred_handle,
+                     const gss_OID desired_mech,
+                     OM_uint32 overwrite_cred,
+                     OM_uint32 default_cred,
+                     gss_const_key_value_set_t cred_store)
+{
+    OM_uint32 major_status;
+    krb5_error_code ret;
+    krb5_gss_cred_id_t kcred = NULL;
+    krb5_context context = NULL;
+    krb5_ccache cache = NULL, defcache = NULL, mcc = NULL;
+    krb5_principal princ = NULL;
+    krb5_boolean switch_to_cache = FALSE;
+    const char *ccache_name, *deftype;
+
+    *minor_status = 0;
+
+    ret = krb5_gss_init_context(&context);
+    if (ret)
+        goto kerr_cleanup;
+
+    major_status = krb5_gss_validate_cred_1(minor_status,
+                                            input_cred_handle,
+                                            context);
+    if (GSS_ERROR(major_status))
+        goto cleanup;
+
+    kcred = (krb5_gss_cred_id_t)input_cred_handle;
+
+    if (kcred->ccache == NULL) {
+        *minor_status = KG_CCACHE_NOMATCH;
+        major_status = GSS_S_DEFECTIVE_CREDENTIAL;
+        goto cleanup;
+    }
+
+    major_status = kg_value_from_cred_store(cred_store,
+                                            KRB5_CS_CCACHE_URN, &ccache_name);
+    if (GSS_ERROR(major_status))
+        goto cleanup;
+
+    if (ccache_name != NULL) {
+        ret = krb5_cc_set_default_name(context, ccache_name);
+        if (ret)
+            goto kerr_cleanup;
+    } else {
+        major_status = kg_sync_ccache_name(context, minor_status);
+        if (major_status != GSS_S_COMPLETE)
+            goto cleanup;
+    }
+
+    /* Resolve the default ccache and get its type. */
+    ret = krb5_cc_default(context, &defcache);
+    if (ret)
+        goto kerr_cleanup;
+    deftype = krb5_cc_get_type(context, defcache);
+
+    if (krb5_cc_support_switch(context, deftype)) {
+        /* Use an existing or new cache within the collection. */
+        ret = krb5_cc_cache_match(context, kcred->name->princ, &cache);
+        if (!ret && !overwrite_cred) {
+            major_status = GSS_S_DUPLICATE_ELEMENT;
+            goto cleanup;
+        }
+        if (ret == KRB5_CC_NOTFOUND)
+            ret = krb5_cc_new_unique(context, deftype, NULL, &cache);
+        if (ret)
+            goto kerr_cleanup;
+        switch_to_cache = default_cred;
+    } else {
+        /* Use the default cache. */
+        cache = defcache;
+        defcache = NULL;
+        ret = krb5_cc_get_principal(context, cache, &princ);
+        krb5_free_principal(context, princ);
+        if (!ret && !overwrite_cred) {
+            major_status = GSS_S_DUPLICATE_ELEMENT;
+            goto cleanup;
+        }
+    }
+
+    ret = krb5_cc_new_unique(context, "MEMORY", NULL, &mcc);
+    if (ret)
+        goto kerr_cleanup;
+    ret = krb5_cc_initialize(context, mcc, kcred->name->princ);
+    if (ret)
+        goto kerr_cleanup;
+    ret = krb5_cc_copy_creds(context, kcred->ccache, mcc);
+    if (ret)
+        goto kerr_cleanup;
+    ret = krb5_cc_move(context, mcc, cache);
+    if (ret)
+        goto kerr_cleanup;
+    mcc = NULL;
+
+    if (switch_to_cache) {
+        ret = krb5_cc_switch(context, cache);
+        if (ret)
+            goto kerr_cleanup;
+    }
+
+    *minor_status = 0;
+    major_status = GSS_S_COMPLETE;
+
+cleanup:
+    if (kcred != NULL)
+        k5_mutex_unlock(&kcred->lock);
+    if (defcache != NULL)
+        krb5_cc_close(context, defcache);
+    if (cache != NULL)
+        krb5_cc_close(context, cache);
+    if (mcc != NULL)
+        krb5_cc_destroy(context, mcc);
+    krb5_free_context(context);
+
+    return major_status;
+
+kerr_cleanup:
+    *minor_status = ret;
+    major_status = GSS_S_FAILURE;
+    goto cleanup;
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_store_cred(OM_uint32 *minor_status,
+                    gss_cred_id_t input_cred_handle,
+                    gss_cred_usage_t cred_usage,
+                    const gss_OID desired_mech,
+                    OM_uint32 overwrite_cred,
+                    OM_uint32 default_cred,
+                    gss_OID_set *elements_stored,
+                    gss_cred_usage_t *cred_usage_stored)
+{
+    return krb5_gss_store_cred_into(minor_status, input_cred_handle,
+                                    cred_usage, desired_mech,
+                                    overwrite_cred, default_cred,
+                                    GSS_C_NO_CRED_STORE,
+                                    elements_stored, cred_usage_stored);
+}
+
+OM_uint32 KRB5_CALLCONV
+krb5_gss_store_cred_into(OM_uint32 *minor_status,
+                         gss_cred_id_t input_cred_handle,
+                         gss_cred_usage_t cred_usage,
+                         const gss_OID desired_mech,
+                         OM_uint32 overwrite_cred,
+                         OM_uint32 default_cred,
+                         gss_const_key_value_set_t cred_store,
+                         gss_OID_set *elements_stored,
+                         gss_cred_usage_t *cred_usage_stored)
+{
+    OM_uint32 major_status;
+    gss_cred_usage_t actual_usage;
+    OM_uint32 lifetime;
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL)
+        return GSS_S_NO_CRED;
+
+    major_status = GSS_S_FAILURE;
+
+    if (cred_usage == GSS_C_ACCEPT) {
+        *minor_status = G_STORE_ACCEPTOR_CRED_NOSUPP;
+        return GSS_S_FAILURE;
+    } else if (cred_usage != GSS_C_INITIATE && cred_usage != GSS_C_BOTH) {
+        *minor_status = G_BAD_USAGE;
+        return GSS_S_FAILURE;
+    }
+
+    major_status = krb5_gss_inquire_cred(minor_status, input_cred_handle,
+                                         NULL, &lifetime,
+                                         &actual_usage, elements_stored);
+    if (GSS_ERROR(major_status))
+        return major_status;
+
+    if (lifetime == 0)
+        return GSS_S_CREDENTIALS_EXPIRED;
+
+    if (actual_usage != GSS_C_INITIATE && actual_usage != GSS_C_BOTH) {
+        *minor_status = G_STORE_ACCEPTOR_CRED_NOSUPP;
+        return GSS_S_FAILURE;
+    }
+
+    major_status = copy_initiator_creds(minor_status, input_cred_handle,
+                                        desired_mech, overwrite_cred,
+                                        default_cred, cred_store);
+    if (GSS_ERROR(major_status))
+        return major_status;
+
+    if (cred_usage_stored != NULL)
+        *cred_usage_stored = GSS_C_INITIATE;
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c b/krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c
new file mode 100644
index 00000000..5b879563
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c
@@ -0,0 +1,270 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+/* Checksumming the channel bindings always uses plain MD5.  */
+krb5_error_code
+kg_checksum_channel_bindings(context, cb, cksum)
+    krb5_context context;
+    gss_channel_bindings_t cb;
+    krb5_checksum *cksum;
+{
+    struct k5buf buf;
+    size_t sumlen;
+    krb5_data plaind;
+    krb5_error_code code;
+
+    /* initialize the the cksum */
+    code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen);
+    if (code)
+        return(code);
+
+    cksum->checksum_type = CKSUMTYPE_RSA_MD5;
+    cksum->length = sumlen;
+    cksum->magic = KV5M_CHECKSUM;
+
+    /* generate a buffer full of zeros if no cb specified */
+
+    if (cb == GSS_C_NO_CHANNEL_BINDINGS) {
+        if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) {
+            return(ENOMEM);
+        }
+        memset(cksum->contents, '\0', cksum->length);
+        return(0);
+    }
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_uint32_le(&buf, cb->initiator_addrtype);
+    k5_buf_add_uint32_le(&buf, cb->initiator_address.length);
+    k5_buf_add_len(&buf, cb->initiator_address.value,
+                   cb->initiator_address.length);
+    k5_buf_add_uint32_le(&buf, cb->acceptor_addrtype);
+    k5_buf_add_uint32_le(&buf, cb->acceptor_address.length);
+    k5_buf_add_len(&buf, cb->acceptor_address.value,
+                   cb->acceptor_address.length);
+    k5_buf_add_uint32_le(&buf, cb->application_data.length);
+    k5_buf_add_len(&buf, cb->application_data.value,
+                   cb->application_data.length);
+    code = k5_buf_status(&buf);
+    if (code)
+        return code;
+
+    /* checksum the data */
+
+    plaind = make_data(buf.data, buf.len);
+    code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0,
+                                &plaind, cksum);
+    k5_buf_free(&buf);
+    return code;
+}
+
+krb5_error_code
+kg_make_checksum_iov_v1(krb5_context context,
+                        krb5_cksumtype type,
+                        size_t cksum_len,
+                        krb5_key seq,
+                        krb5_key enc,
+                        krb5_keyusage sign_usage,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count,
+                        int toktype,
+                        krb5_checksum *checksum)
+{
+    krb5_error_code code;
+    gss_iov_buffer_desc *header;
+    krb5_crypto_iov *kiov;
+    int i = 0, j;
+    size_t conf_len = 0, token_header_len;
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    assert(header != NULL);
+
+    kiov = calloc(iov_count + 3, sizeof(krb5_crypto_iov));
+    if (kiov == NULL)
+        return ENOMEM;
+
+    /* Checksum over ( Header | Confounder | Data | Pad ) */
+    if (toktype == KG_TOK_WRAP_MSG)
+        conf_len = kg_confounder_size(context, enc->keyblock.enctype);
+
+    /* Checksum output */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+    kiov[i].data.length = checksum->length;
+    kiov[i].data.data = xmalloc(checksum->length);
+    if (kiov[i].data.data == NULL) {
+        xfree(kiov);
+        return ENOMEM;
+    }
+    i++;
+
+    /* Header | SND_SEQ | SGN_CKSUM | Confounder */
+    token_header_len = 16 + cksum_len + conf_len;
+
+    /* Header (calculate from end because of variable length ASN.1 header) */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+    kiov[i].data.length = 8;
+    kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - token_header_len;
+    i++;
+
+    /* Confounder */
+    if (toktype == KG_TOK_WRAP_MSG) {
+        kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
+        kiov[i].data.length = conf_len;
+        kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len;
+        i++;
+    }
+
+    for (j = 0; j < iov_count; j++) {
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
+    }
+
+    code = krb5_k_make_checksum_iov(context, type, seq, sign_usage, kiov, i);
+    if (code == 0) {
+        checksum->length = kiov[0].data.length;
+        checksum->contents = (unsigned char *)kiov[0].data.data;
+    } else
+        free(kiov[0].data.data);
+
+    xfree(kiov);
+
+    return code;
+}
+
+static krb5_error_code
+checksum_iov_v3(krb5_context context,
+                krb5_cksumtype type,
+                size_t rrc,
+                krb5_key key,
+                krb5_keyusage sign_usage,
+                gss_iov_buffer_desc *iov,
+                int iov_count,
+                int toktype,
+                krb5_boolean verify,
+                krb5_boolean *valid)
+{
+    krb5_error_code code;
+    gss_iov_buffer_desc *header;
+    gss_iov_buffer_desc *trailer;
+    krb5_crypto_iov *kiov;
+    size_t kiov_count;
+    int i = 0, j;
+    unsigned int k5_checksumlen;
+
+    if (verify)
+        *valid = FALSE;
+
+    code = krb5_c_crypto_length(context, key->keyblock.enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
+    if (code != 0)
+        return code;
+
+    header = kg_locate_header_iov(iov, iov_count, toktype);
+    assert(header != NULL);
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    assert(rrc != 0 || trailer != NULL);
+
+    if (trailer == NULL) {
+        if (rrc != k5_checksumlen)
+            return KRB5_BAD_MSIZE;
+        if (header->buffer.length != 16 + k5_checksumlen)
+            return KRB5_BAD_MSIZE;
+    } else if (trailer->buffer.length != k5_checksumlen)
+        return KRB5_BAD_MSIZE;
+
+    kiov_count = 2 + iov_count;
+    kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov));
+    if (kiov == NULL)
+        return ENOMEM;
+
+    /* Checksum over ( Data | Header ) */
+
+    /* Data */
+    for (j = 0; j < iov_count; j++) {
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
+    }
+
+    /* Header */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+    kiov[i].data.length = 16;
+    kiov[i].data.data = (char *)header->buffer.value;
+    i++;
+
+    /* Checksum */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+    if (trailer == NULL) {
+        kiov[i].data.length = header->buffer.length - 16;
+        kiov[i].data.data = (char *)header->buffer.value + 16;
+    } else {
+        kiov[i].data.length = trailer->buffer.length;
+        kiov[i].data.data = (char *)trailer->buffer.value;
+    }
+    i++;
+
+    if (verify)
+        code = krb5_k_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
+    else
+        code = krb5_k_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);
+
+    xfree(kiov);
+
+    return code;
+}
+
+krb5_error_code
+kg_make_checksum_iov_v3(krb5_context context,
+                        krb5_cksumtype type,
+                        size_t rrc,
+                        krb5_key key,
+                        krb5_keyusage sign_usage,
+                        gss_iov_buffer_desc *iov,
+                        int iov_count,
+                        int toktype)
+{
+    return checksum_iov_v3(context, type, rrc, key,
+                           sign_usage, iov, iov_count, toktype, 0, NULL);
+}
+
+krb5_error_code
+kg_verify_checksum_iov_v3(krb5_context context,
+                          krb5_cksumtype type,
+                          size_t rrc,
+                          krb5_key key,
+                          krb5_keyusage sign_usage,
+                          gss_iov_buffer_desc *iov,
+                          int iov_count,
+                          int toktype,
+                          krb5_boolean *valid)
+{
+    return checksum_iov_v3(context, type, rrc, key,
+                           sign_usage, iov, iov_count, toktype, 1, valid);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c b/krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c
new file mode 100644
index 00000000..84f19498
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c
@@ -0,0 +1,738 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+static krb5_error_code
+kg_copy_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey)
+{
+    krb5_error_code code;
+
+    krb5_k_free_key(context, ctx->enc);
+    ctx->enc = NULL;
+    code = krb5_k_create_key(context, &subkey->keyblock, &ctx->enc);
+    if (code != 0)
+        return code;
+
+    krb5_k_free_key(context, ctx->seq);
+    ctx->seq = NULL;
+    code = krb5_k_create_key(context, &subkey->keyblock, &ctx->seq);
+    if (code != 0)
+        return code;
+
+    return 0;
+}
+
+krb5_error_code
+kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey,
+              krb5_cksumtype *cksumtype)
+{
+    krb5_error_code code;
+
+    assert(ctx != NULL);
+    assert(subkey != NULL);
+
+    *cksumtype = 0;
+    ctx->proto = 0;
+
+    if (ctx->enc == NULL) {
+        ctx->signalg = -1;
+        ctx->sealalg = -1;
+    }
+
+    code = krb5int_c_mandatory_cksumtype(context, subkey->keyblock.enctype,
+                                         cksumtype);
+    if (code != 0)
+        return code;
+
+    switch (subkey->keyblock.enctype) {
+    case ENCTYPE_DES3_CBC_SHA1:
+        code = kg_copy_keys(context, ctx, subkey);
+        if (code != 0)
+            return code;
+
+        ctx->enc->keyblock.enctype = ENCTYPE_DES3_CBC_RAW;
+        ctx->seq->keyblock.enctype = ENCTYPE_DES3_CBC_RAW;
+        ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD;
+        ctx->cksum_size = 20;
+        ctx->sealalg = SEAL_ALG_DES3KD;
+        break;
+    case ENCTYPE_ARCFOUR_HMAC:
+    case ENCTYPE_ARCFOUR_HMAC_EXP:
+        /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype,
+         * even though RFC 4757 treats it as one. */
+        code = kg_copy_keys(context, ctx, subkey);
+        if (code != 0)
+            return code;
+
+        ctx->signalg = SGN_ALG_HMAC_MD5;
+        ctx->cksum_size = 8;
+        ctx->sealalg = SEAL_ALG_MICROSOFT_RC4;
+        break;
+    default:
+        ctx->proto = 1;
+        break;
+    }
+
+    return 0;
+}
+
+int
+kg_confounder_size(krb5_context context, krb5_enctype enctype)
+{
+    krb5_error_code code;
+    size_t blocksize;
+    /* We special case rc4*/
+    if (enctype == ENCTYPE_ARCFOUR_HMAC || enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+        return 8;
+    code = krb5_c_block_size(context, enctype, &blocksize);
+    if (code)
+        return(-1); /* XXX */
+
+    return(blocksize);
+}
+
+krb5_error_code
+kg_make_confounder(krb5_context context, krb5_enctype enctype,
+                   unsigned char *buf)
+{
+    int confsize;
+    krb5_data lrandom;
+
+    confsize = kg_confounder_size(context, enctype);
+    if (confsize < 0)
+        return KRB5_BAD_MSIZE;
+
+    lrandom.length = confsize;
+    lrandom.data = (char *)buf;
+
+    return(krb5_c_random_make_octets(context, &lrandom));
+}
+
+/* Set *data_out to a krb5_data structure containing iv, or to NULL if iv is
+ * NULL. */
+static krb5_error_code
+iv_to_state(krb5_context context, krb5_key key, krb5_pointer iv,
+            krb5_data **data_out)
+{
+    krb5_error_code code;
+    krb5_data *data;
+    size_t blocksize;
+
+    *data_out = NULL;
+    if (iv == NULL)
+        return 0;
+
+    code = krb5_c_block_size(context, key->keyblock.enctype, &blocksize);
+    if (code)
+        return code;
+
+    data = k5alloc(sizeof(*data), &code);
+    if (data == NULL)
+        return code;
+    code = alloc_data(data, blocksize);
+    if (code) {
+        free(data);
+        return code;
+    }
+    memcpy(data->data, iv, blocksize);
+    *data_out = data;
+    return 0;
+}
+
+krb5_error_code
+kg_encrypt(krb5_context context, krb5_key key, int usage, krb5_pointer iv,
+           krb5_const_pointer in, krb5_pointer out, unsigned int length)
+{
+    krb5_error_code code;
+    krb5_data *state, inputd;
+    krb5_enc_data outputd;
+
+    code = iv_to_state(context, key, iv, &state);
+    if (code)
+        return code;
+
+    inputd.length = length;
+    inputd.data = (char *)in;
+
+    outputd.ciphertext.length = length;
+    outputd.ciphertext.data = out;
+
+    code = krb5_k_encrypt(context, key, usage, state, &inputd, &outputd);
+    krb5_free_data(context, state);
+    return code;
+}
+
+krb5_error_code
+kg_encrypt_inplace(krb5_context context, krb5_key key, int usage,
+                   krb5_pointer iv, krb5_pointer ptr, unsigned int length)
+{
+    krb5_error_code code;
+    krb5_crypto_iov iov;
+    krb5_data *state;
+
+    code = iv_to_state(context, key, iv, &state);
+    if (code)
+        return code;
+
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data((void *)ptr, length);
+    code = krb5_k_encrypt_iov(context, key, usage, state, &iov, 1);
+    krb5_free_data(context, state);
+    return code;
+}
+
+/* length is the length of the cleartext. */
+
+krb5_error_code
+kg_decrypt(krb5_context context, krb5_key key, int usage, krb5_pointer iv,
+           krb5_const_pointer in, krb5_pointer out, unsigned int length)
+{
+    krb5_error_code code;
+    krb5_data *state, outputd;
+    krb5_enc_data inputd;
+
+    code = iv_to_state(context, key, iv, &state);
+    if (code)
+        return code;
+
+    inputd.enctype = ENCTYPE_UNKNOWN;
+    inputd.ciphertext.length = length;
+    inputd.ciphertext.data = (char *)in;
+
+    outputd.length = length;
+    outputd.data = out;
+
+    code = krb5_k_decrypt(context, key, usage, state, &inputd, &outputd);
+    krb5_free_data(context, state);
+    return code;
+}
+
+krb5_error_code
+kg_arcfour_docrypt(const krb5_keyblock *keyblock, int usage,
+                   const unsigned char *kd_data, size_t kd_data_len,
+                   const unsigned char *input_buf, size_t input_len,
+                   unsigned char *output_buf)
+{
+    krb5_data kd = make_data((char *) kd_data, kd_data_len);
+    krb5_crypto_iov kiov;
+
+    memcpy(output_buf, input_buf, input_len);
+    kiov.flags = KRB5_CRYPTO_TYPE_DATA;
+    kiov.data = make_data(output_buf, input_len);
+    return krb5int_arcfour_gsscrypt(keyblock, usage, &kd, &kiov, 1);
+}
+
+/* AEAD */
+static krb5_error_code
+kg_translate_iov_v1(krb5_context context, krb5_enctype enctype,
+                    gss_iov_buffer_desc *iov, int iov_count,
+                    krb5_crypto_iov **pkiov, size_t *pkiov_count)
+{
+    gss_iov_buffer_desc *header;
+    gss_iov_buffer_desc *trailer;
+    int i = 0, j;
+    size_t kiov_count;
+    krb5_crypto_iov *kiov;
+    size_t conf_len;
+
+    *pkiov = NULL;
+    *pkiov_count = 0;
+
+    conf_len = kg_confounder_size(context, enctype);
+
+    header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+    assert(header != NULL);
+
+    if (header->buffer.length < conf_len)
+        return KRB5_BAD_MSIZE;
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    assert(trailer == NULL || trailer->buffer.length == 0);
+
+    kiov_count = 3 + iov_count;
+    kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov));
+    if (kiov == NULL)
+        return ENOMEM;
+
+    /* For pre-CFX (raw enctypes) there is no krb5 header */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER;
+    kiov[i].data.length = 0;
+    kiov[i].data.data = NULL;
+    i++;
+
+    /* For pre-CFX, the confounder is at the end of the GSS header */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
+    kiov[i].data.length = conf_len;
+    kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len;
+    i++;
+
+    for (j = 0; j < iov_count; j++) {
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
+            continue;
+
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
+    }
+
+    kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    kiov[i].data.length = 0;
+    kiov[i].data.data = NULL;
+    i++;
+
+    *pkiov = kiov;
+    *pkiov_count = i;
+
+    return 0;
+}
+
+/*
+ * DCE_STYLE indicates actual RRC is EC + RRC
+ * EC is extra rotate count for DCE_STYLE, pad length otherwise
+ * RRC is rotate count.
+ */
+static krb5_error_code
+kg_translate_iov_v3(krb5_context context, int dce_style, size_t ec, size_t rrc,
+                    krb5_enctype enctype, gss_iov_buffer_desc *iov,
+                    int iov_count, krb5_crypto_iov **pkiov,
+                    size_t *pkiov_count)
+{
+    gss_iov_buffer_t header;
+    gss_iov_buffer_t trailer;
+    int i = 0, j;
+    size_t kiov_count;
+    krb5_crypto_iov *kiov;
+    unsigned int k5_headerlen = 0, k5_trailerlen = 0;
+    size_t gss_headerlen, gss_trailerlen;
+    krb5_error_code code;
+
+    *pkiov = NULL;
+    *pkiov_count = 0;
+
+    header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+    assert(header != NULL);
+
+    trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+    assert(trailer == NULL || rrc == 0);
+
+    code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER,
+                                &k5_headerlen);
+    if (code != 0)
+        return code;
+
+    code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_TRAILER,
+                                &k5_trailerlen);
+    if (code != 0)
+        return code;
+
+    /* Check header and trailer sizes */
+    gss_headerlen = 16 /* GSS-Header */ + k5_headerlen; /* Kerb-Header */
+    gss_trailerlen = ec + 16 /* E(GSS-Header) */ + k5_trailerlen; /* Kerb-Trailer */
+
+    /* If we're caller without a trailer, we must rotate by trailer length */
+    if (trailer == NULL) {
+        size_t actual_rrc = rrc;
+
+        if (dce_style)
+            actual_rrc += ec; /* compensate for Windows bug */
+
+        if (actual_rrc != gss_trailerlen)
+            return KRB5_BAD_MSIZE;
+
+        gss_headerlen += gss_trailerlen;
+        gss_trailerlen = 0;
+    } else {
+        if (trailer->buffer.length != gss_trailerlen)
+            return KRB5_BAD_MSIZE;
+    }
+
+    if (header->buffer.length != gss_headerlen)
+        return KRB5_BAD_MSIZE;
+
+    kiov_count = 3 + iov_count;
+    kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov));
+    if (kiov == NULL)
+        return ENOMEM;
+
+    /*
+     * The krb5 header is located at the end of the GSS header.
+     */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER;
+    kiov[i].data.length = k5_headerlen;
+    kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - k5_headerlen;
+    i++;
+
+    for (j = 0; j < iov_count; j++) {
+        kiov[i].flags = kg_translate_flag_iov(iov[j].type);
+        if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY)
+            continue;
+
+        kiov[i].data.length = iov[j].buffer.length;
+        kiov[i].data.data = (char *)iov[j].buffer.value;
+        i++;
+    }
+
+    /*
+     * The EC and encrypted GSS header are placed in the trailer, which may
+     * be rotated directly after the plaintext header if no trailer buffer
+     * is provided.
+     */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_DATA;
+    kiov[i].data.length = ec + 16; /* E(Header) */
+    if (trailer == NULL)
+        kiov[i].data.data = (char *)header->buffer.value + 16;
+    else
+        kiov[i].data.data = (char *)trailer->buffer.value;
+    i++;
+
+    /*
+     * The krb5 trailer is placed after the encrypted copy of the
+     * krb5 header (which may be in the GSS header or trailer).
+     */
+    kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    kiov[i].data.length = k5_trailerlen;
+    kiov[i].data.data = kiov[i - 1].data.data + ec + 16; /* E(Header) */
+    i++;
+
+    *pkiov = kiov;
+    *pkiov_count = i;
+
+    return 0;
+}
+
+/* PROTO is 1 if CFX, 0 if pre-CFX */
+static krb5_error_code
+kg_translate_iov(krb5_context context, int proto, int dce_style, size_t ec,
+                 size_t rrc, krb5_enctype enctype, gss_iov_buffer_desc *iov,
+                 int iov_count, krb5_crypto_iov **pkiov, size_t *pkiov_count)
+{
+    return proto ?
+        kg_translate_iov_v3(context, dce_style, ec, rrc, enctype,
+                            iov, iov_count, pkiov, pkiov_count) :
+        kg_translate_iov_v1(context, enctype, iov, iov_count,
+                            pkiov, pkiov_count);
+}
+
+krb5_error_code
+kg_encrypt_iov(krb5_context context, int proto, int dce_style, size_t ec,
+               size_t rrc, krb5_key key, int usage, krb5_pointer iv,
+               gss_iov_buffer_desc *iov, int iov_count)
+{
+    krb5_error_code code;
+    krb5_data *state;
+    size_t kiov_len;
+    krb5_crypto_iov *kiov;
+
+    code = iv_to_state(context, key, iv, &state);
+    if (code)
+        return code;
+
+    code = kg_translate_iov(context, proto, dce_style, ec, rrc,
+                            key->keyblock.enctype, iov, iov_count,
+                            &kiov, &kiov_len);
+    if (code == 0) {
+        code = krb5_k_encrypt_iov(context, key, usage, state, kiov, kiov_len);
+        free(kiov);
+    }
+
+    krb5_free_data(context, state);
+    return code;
+}
+
+/* length is the length of the cleartext. */
+
+krb5_error_code
+kg_decrypt_iov(krb5_context context, int proto, int dce_style, size_t ec,
+               size_t rrc, krb5_key key, int usage, krb5_pointer iv,
+               gss_iov_buffer_desc *iov, int iov_count)
+{
+    krb5_error_code code;
+    krb5_data *state;
+    size_t kiov_len;
+    krb5_crypto_iov *kiov;
+
+    code = iv_to_state(context, key, iv, &state);
+    if (code)
+        return code;
+
+    code = kg_translate_iov(context, proto, dce_style, ec, rrc,
+                            key->keyblock.enctype, iov, iov_count,
+                            &kiov, &kiov_len);
+    if (code == 0) {
+        code = krb5_k_decrypt_iov(context, key, usage, state, kiov, kiov_len);
+        free(kiov);
+    }
+
+    krb5_free_data(context, state);
+    return code;
+}
+
+krb5_error_code
+kg_arcfour_docrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                       int usage, const unsigned char *kd_data,
+                       size_t kd_data_len, gss_iov_buffer_desc *iov,
+                       int iov_count)
+{
+    krb5_error_code code;
+    krb5_data kd = make_data((char *) kd_data, kd_data_len);
+    krb5_crypto_iov *kiov = NULL;
+    size_t kiov_len = 0;
+
+    code = kg_translate_iov(context, 0 /* proto */, 0 /* dce_style */,
+                            0 /* ec */, 0 /* rrc */, keyblock->enctype,
+                            iov, iov_count, &kiov, &kiov_len);
+    if (code)
+        return code;
+    code = krb5int_arcfour_gsscrypt(keyblock, usage, &kd, kiov, kiov_len);
+    free(kiov);
+    return code;
+}
+
+krb5_cryptotype
+kg_translate_flag_iov(OM_uint32 type)
+{
+    krb5_cryptotype ktype;
+
+    switch (GSS_IOV_BUFFER_TYPE(type)) {
+    case GSS_IOV_BUFFER_TYPE_DATA:
+    case GSS_IOV_BUFFER_TYPE_PADDING:
+        ktype = KRB5_CRYPTO_TYPE_DATA;
+        break;
+    case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
+        ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+        break;
+    default:
+        ktype = KRB5_CRYPTO_TYPE_EMPTY;
+        break;
+    }
+
+    return ktype;
+}
+
+gss_iov_buffer_t
+kg_locate_iov(gss_iov_buffer_desc *iov, int iov_count, OM_uint32 type)
+{
+    int i;
+    gss_iov_buffer_t p = GSS_C_NO_IOV_BUFFER;
+
+    if (iov == GSS_C_NO_IOV_BUFFER)
+        return GSS_C_NO_IOV_BUFFER;
+
+    for (i = iov_count - 1; i >= 0; i--) {
+        if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) {
+            if (p == GSS_C_NO_IOV_BUFFER)
+                p = &iov[i];
+            else
+                return GSS_C_NO_IOV_BUFFER;
+        }
+    }
+
+    return p;
+}
+
+/* Return the IOV where the GSSAPI token header should be placed (and possibly
+ * the checksum as well, depending on the token type). */
+gss_iov_buffer_t
+kg_locate_header_iov(gss_iov_buffer_desc *iov, int iov_count, int toktype)
+{
+    if (toktype == KG_TOK_MIC_MSG)
+        return kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_MIC_TOKEN);
+    else
+        return kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+}
+
+void
+kg_iov_msglen(gss_iov_buffer_desc *iov, int iov_count, size_t *data_length_p,
+              size_t *assoc_data_length_p)
+{
+    int i;
+    size_t data_length = 0, assoc_data_length = 0;
+
+    assert(iov != GSS_C_NO_IOV_BUFFER);
+
+    *data_length_p = *assoc_data_length_p = 0;
+
+    for (i = 0; i < iov_count; i++) {
+        OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type);
+
+        if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            assoc_data_length += iov[i].buffer.length;
+
+        if (type == GSS_IOV_BUFFER_TYPE_DATA ||
+            type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            data_length += iov[i].buffer.length;
+    }
+
+    *data_length_p = data_length;
+    *assoc_data_length_p = assoc_data_length;
+}
+
+void
+kg_release_iov(gss_iov_buffer_desc *iov, int iov_count)
+{
+    int i;
+
+    assert(iov != GSS_C_NO_IOV_BUFFER);
+
+    for (i = 0; i < iov_count; i++) {
+        if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
+            gssalloc_free(iov[i].buffer.value);
+            iov[i].buffer.length = 0;
+            iov[i].buffer.value = NULL;
+            iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+        }
+    }
+}
+
+OM_uint32
+kg_fixup_padding_iov(OM_uint32 *minor_status, gss_iov_buffer_desc *iov,
+                     int iov_count)
+{
+    gss_iov_buffer_t padding = NULL;
+    gss_iov_buffer_t data = NULL;
+    size_t padlength, relative_padlength;
+    unsigned char *p;
+
+    data = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_DATA);
+    padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+
+    /* Do nothing if padding is absent or empty, to allow unwrapping of WinRM
+     * unpadded RC4 tokens using an explicit IOV array. */
+    if (data == NULL || padding == NULL || padding->buffer.length == 0) {
+        *minor_status = 0;
+        return GSS_S_COMPLETE;
+    }
+
+    p = (unsigned char *)padding->buffer.value;
+    padlength = p[padding->buffer.length - 1];
+
+    if (data->buffer.length + padding->buffer.length < padlength ||
+        padlength == 0) {
+        *minor_status = (OM_uint32)KRB5_BAD_MSIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /*
+     * kg_unseal_stream_iov() will place one byte of padding in the
+     * padding buffer; its true value is unknown until after decryption.
+     *
+     * relative_padlength contains the number of bytes to compensate the
+     * padding and data buffers by; it will be zero if the caller manages
+     * the padding length.
+     *
+     * If the caller manages the padding length, then relative_padlength
+     * will be zero.
+     *
+     * eg. if the buffers are structured as follows:
+     *
+     *      +---DATA---+-PAD-+
+     *      | ABCDE444 | 4   |
+     *      +----------+-----+
+     *
+     * after compensation they would look like:
+     *
+     *      +-DATA--+-PAD--+
+     *      | ABCDE | NULL |
+     *      +-------+------+
+     */
+    relative_padlength = padlength - padding->buffer.length;
+
+    assert(data->buffer.length >= relative_padlength);
+
+    data->buffer.length -= relative_padlength;
+
+    kg_release_iov(padding, 1);
+    padding->buffer.length = 0;
+    padding->buffer.value = NULL;
+
+    return GSS_S_COMPLETE;
+}
+
+krb5_boolean
+kg_integ_only_iov(gss_iov_buffer_desc *iov, int iov_count)
+{
+    int i;
+    krb5_boolean has_conf_data = FALSE;
+
+    assert(iov != GSS_C_NO_IOV_BUFFER);
+
+    for (i = 0; i < iov_count; i++) {
+        if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) {
+            has_conf_data = TRUE;
+            break;
+        }
+    }
+
+    return (has_conf_data == FALSE);
+}
+
+krb5_error_code
+kg_allocate_iov(gss_iov_buffer_t iov, size_t size)
+{
+    assert(iov != GSS_C_NO_IOV_BUFFER);
+    assert(iov->type & GSS_IOV_BUFFER_FLAG_ALLOCATE);
+
+    iov->buffer.length = size;
+    iov->buffer.value = gssalloc_malloc(size);
+    if (iov->buffer.value == NULL) {
+        iov->buffer.length = 0;
+        return ENOMEM;
+    }
+
+    iov->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/util_seed.c b/krb5-1.21.3/src/lib/gssapi/krb5/util_seed.c
new file mode 100644
index 00000000..6e1c9ac8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/util_seed.c
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+static const unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
+
+krb5_error_code
+kg_make_seed(context, key, seed)
+    krb5_context context;
+    krb5_key key;
+    unsigned char *seed;
+{
+    krb5_error_code code;
+    krb5_key rkey = NULL;
+    krb5_keyblock *tmpkey, *kb;
+    unsigned int i;
+
+    code = krb5_k_key_keyblock(context, key, &tmpkey);
+    if (code)
+        return(code);
+
+    /* reverse the key bytes, as per spec */
+    kb = &key->keyblock;
+    for (i=0; i<tmpkey->length; i++)
+        tmpkey->contents[i] = kb->contents[kb->length - 1 - i];
+
+    code = krb5_k_create_key(context, tmpkey, &rkey);
+    if (code)
+        goto cleanup;
+
+    code = kg_encrypt(context, rkey, KG_USAGE_SEAL, NULL, zeros, seed, 16);
+
+cleanup:
+    krb5_free_keyblock(context, tmpkey);
+    krb5_k_free_key(context, rkey);
+    return(code);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/util_seqnum.c b/krb5-1.21.3/src/lib/gssapi/krb5/util_seqnum.c
new file mode 100644
index 00000000..bef631da
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/util_seqnum.c
@@ -0,0 +1,102 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2001, 2009 by the Massachusetts Institute of Technology.
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_krb5.h"
+#include "k5-int.h"
+
+/*
+ * $Id$
+ */
+
+krb5_error_code
+kg_make_seq_num(context, key, direction, seqnum, cksum, buf)
+    krb5_context context;
+    krb5_key key;
+    int direction;
+    krb5_ui_4 seqnum;
+    unsigned char *cksum;
+    unsigned char *buf;
+{
+    unsigned char plain[8];
+
+    plain[4] = direction;
+    plain[5] = direction;
+    plain[6] = direction;
+    plain[7] = direction;
+    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC ||
+        key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        /* Yes, Microsoft used big-endian sequence number.*/
+        store_32_be(seqnum, plain);
+        return kg_arcfour_docrypt (&key->keyblock, 0,
+                                   cksum, 8,
+                                   &plain[0], 8,
+                                   buf);
+
+    }
+
+    store_32_le(seqnum, plain);
+    return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8));
+}
+
+krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum)
+    krb5_context context;
+    krb5_key key;
+    unsigned char *cksum;
+    unsigned char *buf;
+    int *direction;
+    krb5_ui_4 *seqnum;
+{
+    krb5_error_code code;
+    unsigned char plain[8];
+
+    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC ||
+        key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        code = kg_arcfour_docrypt (&key->keyblock, 0,
+                                   cksum, 8,
+                                   buf, 8,
+                                   plain);
+    } else {
+        code = kg_decrypt(context, key, KG_USAGE_SEQ, cksum, buf, plain, 8);
+    }
+    if (code)
+        return(code);
+
+    if ((plain[4] != plain[5]) ||
+        (plain[4] != plain[6]) ||
+        (plain[4] != plain[7]))
+        return((krb5_error_code) KG_BAD_SEQ);
+
+    *direction = plain[4];
+    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC ||
+        key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        *seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24));
+    } else {
+        *seqnum = ((plain[0]) |
+                   (plain[1]<<8) |
+                   (plain[2]<<16) |
+                   (plain[3]<<24));
+    }
+
+    return(0);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/val_cred.c b/krb5-1.21.3/src/lib/gssapi/krb5/val_cred.c
new file mode 100644
index 00000000..cb1cb939
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/val_cred.c
@@ -0,0 +1,83 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1997, 2007 by Massachusetts Institute of Technology
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "gssapiP_krb5.h"
+
+/* Check to see whether or not a GSSAPI krb5 credential is valid.  If
+ * it is not, return an error. */
+
+OM_uint32
+krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
+                         krb5_context context)
+{
+    krb5_gss_cred_id_t cred;
+    krb5_error_code code;
+    krb5_principal princ;
+
+    cred = (krb5_gss_cred_id_t) cred_handle;
+    k5_mutex_lock(&cred->lock);
+
+    if (cred->ccache && cred->expire != 0) {
+        if ((code = krb5_cc_get_principal(context, cred->ccache, &princ))) {
+            k5_mutex_unlock(&cred->lock);
+            *minor_status = code;
+            return(GSS_S_DEFECTIVE_CREDENTIAL);
+        }
+        if (!krb5_principal_compare(context, princ, cred->name->princ)) {
+            k5_mutex_unlock(&cred->lock);
+            *minor_status = KG_CCACHE_NOMATCH;
+            return(GSS_S_DEFECTIVE_CREDENTIAL);
+        }
+        (void)krb5_free_principal(context, princ);
+    }
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+krb5_gss_validate_cred(minor_status, cred_handle)
+    OM_uint32 *minor_status;
+    gss_cred_id_t cred_handle;
+{
+    krb5_context context;
+    krb5_error_code code;
+    OM_uint32 maj;
+
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+
+    maj = krb5_gss_validate_cred_1(minor_status, cred_handle, context);
+    if (maj == 0) {
+        krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t) cred_handle;
+        k5_mutex_assert_locked(&cred->lock);
+        k5_mutex_unlock(&cred->lock);
+    }
+    save_error_info(*minor_status, context);
+    krb5_free_context(context);
+    return maj;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/krb5/wrap_size_limit.c b/krb5-1.21.3/src/lib/gssapi/krb5/wrap_size_limit.c
new file mode 100644
index 00000000..7959f424
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -0,0 +1,178 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "gssapiP_krb5.h"
+
+/* V2 interface */
+OM_uint32 KRB5_CALLCONV
+krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
+                         qop_req, req_output_size, max_input_size)
+    OM_uint32           *minor_status;
+    gss_ctx_id_t        context_handle;
+    int                 conf_req_flag;
+    gss_qop_t           qop_req;
+    OM_uint32           req_output_size;
+    OM_uint32           *max_input_size;
+{
+    krb5_gss_ctx_id_rec *ctx;
+    OM_uint32           data_size, conflen;
+    OM_uint32           ohlen;
+    int                 overhead;
+
+    /* only default qop is allowed */
+    if (qop_req != GSS_C_QOP_DEFAULT) {
+        *minor_status = (OM_uint32) G_UNKNOWN_QOP;
+        return GSS_S_BAD_QOP;
+    }
+
+    ctx = (krb5_gss_ctx_id_rec *) context_handle;
+    if (ctx->terminated || !ctx->established) {
+        *minor_status = KG_CTX_INCOMPLETE;
+        return(GSS_S_NO_CONTEXT);
+    }
+
+    if (ctx->proto == 1) {
+        /* No pseudo-ASN.1 wrapper overhead, so no sequence length and
+           OID.  */
+        OM_uint32 sz = req_output_size;
+
+        /* Token header: 16 octets.  */
+        if (conf_req_flag) {
+            krb5_key key;
+            krb5_enctype enctype;
+
+            key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey
+                : ctx->subkey;
+            enctype = key->keyblock.enctype;
+
+            while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
+                sz--;
+            /* Allow for encrypted copy of header.  */
+            if (sz > 16)
+                sz -= 16;
+            else
+                sz = 0;
+#ifdef CFX_EXERCISE
+            /* Allow for EC padding.  In the MIT implementation, only
+               added while testing.  */
+            if (sz > 65535)
+                sz -= 65535;
+            else
+                sz = 0;
+#endif
+        } else {
+            krb5_cksumtype cksumtype;
+            krb5_error_code err;
+            size_t cksumsize;
+
+            cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
+                : ctx->cksumtype;
+
+            err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
+            if (err) {
+                *minor_status = err;
+                return GSS_S_FAILURE;
+            }
+
+            /* Allow for token header and checksum.  */
+            if (sz < 16 + cksumsize)
+                sz = 0;
+            else
+                sz -= (16 + cksumsize);
+        }
+
+        *max_input_size = sz;
+        *minor_status = 0;
+        return GSS_S_COMPLETE;
+    }
+
+    /* Calculate the token size and subtract that from the output size */
+    overhead = 7 + ctx->mech_used->length;
+    data_size = req_output_size;
+    conflen = kg_confounder_size(ctx->k5_context, ctx->enc->keyblock.enctype);
+    data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
+    ohlen = g_token_size(ctx->mech_used,
+                         (unsigned int) (data_size + ctx->cksum_size + 14))
+        - req_output_size;
+
+    if (ohlen+overhead < req_output_size)
+        /*
+         * Cannot have trailer length that will cause us to pad over our
+         * length.
+         */
+        *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7);
+    else
+        *max_input_size = 0;
+
+    *minor_status = 0;
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/libgssapi_krb5.exports b/krb5-1.21.3/src/lib/gssapi/libgssapi_krb5.exports
new file mode 100644
index 00000000..fd4fced8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/libgssapi_krb5.exports
@@ -0,0 +1,169 @@
+GSS_C_ATTR_LOCAL_LOGIN_USER
+GSS_C_INQ_SSPI_SESSION_KEY
+GSS_C_INQ_NEGOEX_KEY
+GSS_C_INQ_NEGOEX_VERIFY_KEY
+GSS_C_NT_ANONYMOUS
+GSS_C_NT_COMPOSITE_EXPORT
+GSS_C_NT_EXPORT_NAME
+GSS_C_NT_HOSTBASED_SERVICE
+GSS_C_NT_HOSTBASED_SERVICE_X
+GSS_C_NT_MACHINE_UID_NAME
+GSS_C_NT_STRING_UID_NAME
+GSS_C_NT_USER_NAME
+GSS_KRB5_NT_PRINCIPAL_NAME
+GSS_KRB5_NT_ENTERPRISE_NAME
+GSS_KRB5_NT_X509_CERT
+GSS_KRB5_CRED_NO_CI_FLAGS_X
+GSS_KRB5_GET_CRED_IMPERSONATOR
+GSS_C_MA_MECH_CONCRETE
+GSS_C_MA_MECH_PSEUDO
+GSS_C_MA_MECH_COMPOSITE
+GSS_C_MA_MECH_NEGO
+GSS_C_MA_MECH_GLUE
+GSS_C_MA_NOT_MECH
+GSS_C_MA_DEPRECATED
+GSS_C_MA_NOT_DFLT_MECH
+GSS_C_MA_ITOK_FRAMED
+GSS_C_MA_AUTH_INIT
+GSS_C_MA_AUTH_TARG
+GSS_C_MA_AUTH_INIT_INIT
+GSS_C_MA_AUTH_TARG_INIT
+GSS_C_MA_AUTH_INIT_ANON
+GSS_C_MA_AUTH_TARG_ANON
+GSS_C_MA_DELEG_CRED
+GSS_C_MA_INTEG_PROT
+GSS_C_MA_CONF_PROT
+GSS_C_MA_MIC
+GSS_C_MA_WRAP
+GSS_C_MA_PROT_READY
+GSS_C_MA_REPLAY_DET
+GSS_C_MA_OOS_DET
+GSS_C_MA_CBINDINGS
+GSS_C_MA_PFS
+GSS_C_MA_COMPRESS
+GSS_C_MA_CTX_TRANS
+GSS_C_MA_NEGOEX_AND_SPNEGO
+GSS_C_SEC_CONTEXT_SASL_SSF
+gss_accept_sec_context
+gss_acquire_cred
+gss_acquire_cred_with_password
+gss_acquire_cred_impersonate_name
+gss_add_buffer_set_member
+gss_add_cred
+gss_add_cred_impersonate_name
+gss_add_cred_with_password
+gss_add_oid_set_member
+gss_authorize_localname
+gss_canonicalize_name
+gss_compare_name
+gss_complete_auth_token
+gss_context_time
+gss_create_empty_buffer_set
+gss_create_empty_oid_set
+gss_decapsulate_token
+gss_delete_name_attribute
+gss_delete_sec_context
+gss_display_mech_attr
+gss_display_name
+gss_display_name_ext
+gss_display_status
+gss_duplicate_name
+gss_encapsulate_token
+gss_export_cred
+gss_export_name
+gss_export_name_composite
+gss_export_sec_context
+gss_get_mic
+gss_get_mic_iov
+gss_get_mic_iov_length
+gss_get_name_attribute
+gss_import_cred
+gss_import_name
+gss_import_sec_context
+gss_indicate_mechs
+gss_init_sec_context
+gss_indicate_mechs_by_attrs
+gss_inquire_attrs_for_mech
+gss_inquire_context
+gss_inquire_cred
+gss_inquire_cred_by_mech
+gss_inquire_cred_by_oid
+gss_inquire_mech_for_saslname
+gss_inquire_mechs_for_name
+gss_inquire_names_for_mech
+gss_inquire_saslname_for_mech
+gss_inquire_sec_context_by_oid
+gss_krb5_ccache_name
+gss_krb5_copy_ccache
+gss_krb5_export_lucid_sec_context
+gss_krb5_free_lucid_sec_context
+gss_krb5_get_tkt_flags
+gss_krb5_import_cred
+gss_krb5_set_allowable_enctypes
+gss_krb5_set_cred_rcache
+gss_krb5int_make_seal_token_v3
+gss_krb5int_unseal_token_v3
+gsskrb5_extract_authtime_from_sec_context
+gsskrb5_extract_authz_data_from_sec_context
+gss_localname
+gss_map_name_to_any
+gss_mech_iakerb
+gss_mech_krb5
+gss_mech_krb5_old
+gss_mech_krb5_wrong
+gss_mech_set_krb5
+gss_mech_set_krb5_both
+gss_mech_set_krb5_old
+gss_nt_exported_name
+gss_nt_krb5_name
+gss_nt_krb5_principal
+gss_nt_machine_uid_name
+gss_nt_service_name
+gss_nt_service_name_v2
+gss_nt_string_uid_name
+gss_nt_user_name
+gss_oid_equal
+gss_oid_to_str
+gss_pname_to_uid
+gss_pseudo_random
+gss_process_context_token
+gss_release_any_name_mapping
+gss_release_buffer_set
+gss_release_buffer
+gss_release_cred
+gss_release_iov_buffer
+gss_release_name
+gss_release_oid
+gss_release_oid_set
+gss_seal
+gss_set_name_attribute
+gss_set_neg_mechs
+gss_set_sec_context_option
+gss_sign
+gss_store_cred
+gss_str_to_oid
+gss_test_oid_set_member
+gss_unseal
+gss_unwrap
+gss_unwrap_aead
+gss_unwrap_iov
+gss_userok
+gss_verify
+gss_verify_mic
+gss_verify_mic_iov
+gss_wrap
+gss_wrap_aead
+gss_wrap_iov
+gss_wrap_iov_length
+gss_wrap_size_limit
+gss_set_cred_option
+gssspi_set_cred_option
+gssspi_mech_invoke
+krb5_gss_dbg_client_expcreds
+krb5_gss_register_acceptor_identity
+krb5_gss_use_kdc_context
+gss_inquire_name
+gss_acquire_cred_from
+gss_add_cred_from
+gss_store_cred_into
+gssint_g_seqstate_init
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/Makefile.in b/krb5-1.21.3/src/lib/gssapi/mechglue/Makefile.in
new file mode 100644
index 00000000..33d93193
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/Makefile.in
@@ -0,0 +1,228 @@
+mydir=lib$(S)gssapi$(S)mechglue
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../krb5 -I$(srcdir)/../krb5 -I../spnego -I$(srcdir)/../spnego
+
+DEFINES=-D_GSS_STATIC_LINK=1
+
+##DOSBUILDTOP = ..\..\..
+##DOS##PREFIXDIR=mechglue
+##DOS##OBJFILE=..\$(OUTPRE)mechglue.lst
+
+##DOS##DLL_EXP_TYPE=GSS
+
+SRCS = \
+	$(srcdir)/g_accept_sec_context.c \
+	$(srcdir)/g_acquire_cred.c \
+	$(srcdir)/g_acquire_cred_with_pw.c \
+	$(srcdir)/g_acquire_cred_imp_name.c \
+	$(srcdir)/g_authorize_localname.c \
+	$(srcdir)/g_buffer_set.c \
+	$(srcdir)/g_canon_name.c \
+	$(srcdir)/g_compare_name.c \
+	$(srcdir)/g_complete_auth_token.c \
+	$(srcdir)/g_context_time.c \
+	$(srcdir)/g_decapsulate_token.c \
+	$(srcdir)/g_delete_sec_context.c \
+	$(srcdir)/g_del_name_attr.c \
+	$(srcdir)/g_dsp_name.c \
+	$(srcdir)/g_dsp_name_ext.c \
+	$(srcdir)/g_dsp_status.c \
+	$(srcdir)/g_dup_name.c \
+	$(srcdir)/g_encapsulate_token.c \
+	$(srcdir)/g_exp_sec_context.c \
+	$(srcdir)/g_export_cred.c \
+	$(srcdir)/g_export_name.c \
+	$(srcdir)/g_export_name_comp.c \
+	$(srcdir)/g_get_name_attr.c \
+	$(srcdir)/g_glue.c \
+	$(srcdir)/g_imp_cred.c \
+	$(srcdir)/g_imp_name.c \
+	$(srcdir)/g_imp_sec_context.c \
+	$(srcdir)/g_init_sec_context.c \
+	$(srcdir)/g_initialize.c \
+	$(srcdir)/g_inq_context.c \
+	$(srcdir)/g_inq_context_oid.c \
+	$(srcdir)/g_inq_cred.c \
+	$(srcdir)/g_inq_cred_oid.c \
+	$(srcdir)/g_inq_name.c \
+	$(srcdir)/g_inq_names.c \
+	$(srcdir)/g_map_name_to_any.c \
+	$(srcdir)/g_mech_invoke.c \
+	$(srcdir)/g_mechattr.c \
+	$(srcdir)/g_mechname.c \
+	$(srcdir)/g_negoex.c \
+	$(srcdir)/g_oid_ops.c \
+	$(srcdir)/g_prf.c \
+	$(srcdir)/g_process_context.c \
+	$(srcdir)/g_rel_buffer.c \
+	$(srcdir)/g_rel_cred.c \
+	$(srcdir)/g_rel_name.c \
+	$(srcdir)/g_rel_name_mapping.c \
+	$(srcdir)/g_rel_oid_set.c \
+	$(srcdir)/g_saslname.c \
+	$(srcdir)/g_seal.c \
+	$(srcdir)/g_set_context_option.c \
+	$(srcdir)/g_set_cred_option.c \
+	$(srcdir)/g_set_name_attr.c \
+	$(srcdir)/g_set_neg_mechs.c \
+	$(srcdir)/g_sign.c \
+	$(srcdir)/g_store_cred.c \
+	$(srcdir)/g_unseal.c \
+	$(srcdir)/g_unwrap_aead.c \
+	$(srcdir)/g_unwrap_iov.c \
+	$(srcdir)/g_verify.c \
+	$(srcdir)/g_wrap_aead.c \
+	$(srcdir)/g_wrap_iov.c \
+	$(srcdir)/gssd_pname_to_uid.c
+
+OBJS = \
+	$(OUTPRE)g_accept_sec_context.$(OBJEXT) \
+	$(OUTPRE)g_acquire_cred.$(OBJEXT) \
+	$(OUTPRE)g_acquire_cred_with_pw.$(OBJEXT) \
+	$(OUTPRE)g_acquire_cred_imp_name.$(OBJEXT) \
+	$(OUTPRE)g_authorize_localname.$(OBJEXT) \
+	$(OUTPRE)g_buffer_set.$(OBJEXT) \
+	$(OUTPRE)g_canon_name.$(OBJEXT) \
+	$(OUTPRE)g_compare_name.$(OBJEXT) \
+	$(OUTPRE)g_complete_auth_token.$(OBJEXT) \
+	$(OUTPRE)g_context_time.$(OBJEXT) \
+	$(OUTPRE)g_decapsulate_token.$(OBJEXT) \
+	$(OUTPRE)g_delete_sec_context.$(OBJEXT) \
+	$(OUTPRE)g_del_name_attr.$(OBJEXT) \
+	$(OUTPRE)g_dsp_name.$(OBJEXT) \
+	$(OUTPRE)g_dsp_name_ext.$(OBJEXT) \
+	$(OUTPRE)g_dsp_status.$(OBJEXT) \
+	$(OUTPRE)g_dup_name.$(OBJEXT) \
+	$(OUTPRE)g_encapsulate_token.$(OBJEXT) \
+	$(OUTPRE)g_exp_sec_context.$(OBJEXT) \
+	$(OUTPRE)g_export_cred.$(OBJEXT) \
+	$(OUTPRE)g_export_name.$(OBJEXT) \
+	$(OUTPRE)g_export_name_comp.$(OBJEXT) \
+	$(OUTPRE)g_get_name_attr.$(OBJEXT) \
+	$(OUTPRE)g_glue.$(OBJEXT) \
+	$(OUTPRE)g_imp_cred.$(OBJEXT) \
+	$(OUTPRE)g_imp_name.$(OBJEXT) \
+	$(OUTPRE)g_imp_sec_context.$(OBJEXT) \
+	$(OUTPRE)g_init_sec_context.$(OBJEXT) \
+	$(OUTPRE)g_initialize.$(OBJEXT) \
+	$(OUTPRE)g_inq_context.$(OBJEXT) \
+	$(OUTPRE)g_inq_context_oid.$(OBJEXT) \
+	$(OUTPRE)g_inq_cred.$(OBJEXT) \
+	$(OUTPRE)g_inq_cred_oid.$(OBJEXT) \
+	$(OUTPRE)g_inq_name.$(OBJEXT) \
+	$(OUTPRE)g_inq_names.$(OBJEXT) \
+	$(OUTPRE)g_map_name_to_any.$(OBJEXT) \
+	$(OUTPRE)g_mech_invoke.$(OBJEXT) \
+	$(OUTPRE)g_mechattr.$(OBJEXT) \
+	$(OUTPRE)g_mechname.$(OBJEXT) \
+	$(OUTPRE)g_negoex.$(OBJEXT) \
+	$(OUTPRE)g_oid_ops.$(OBJEXT) \
+	$(OUTPRE)g_prf.$(OBJEXT) \
+	$(OUTPRE)g_process_context.$(OBJEXT) \
+	$(OUTPRE)g_rel_buffer.$(OBJEXT) \
+	$(OUTPRE)g_rel_cred.$(OBJEXT) \
+	$(OUTPRE)g_rel_name.$(OBJEXT) \
+	$(OUTPRE)g_rel_name_mapping.$(OBJEXT) \
+	$(OUTPRE)g_rel_oid_set.$(OBJEXT) \
+	$(OUTPRE)g_saslname.$(OBJEXT) \
+	$(OUTPRE)g_seal.$(OBJEXT) \
+	$(OUTPRE)g_set_context_option.$(OBJEXT) \
+	$(OUTPRE)g_set_cred_option.$(OBJEXT) \
+	$(OUTPRE)g_set_name_attr.$(OBJEXT) \
+	$(OUTPRE)g_set_neg_mechs.$(OBJEXT) \
+	$(OUTPRE)g_sign.$(OBJEXT) \
+	$(OUTPRE)g_store_cred.$(OBJEXT) \
+	$(OUTPRE)g_unseal.$(OBJEXT) \
+	$(OUTPRE)g_unwrap_aead.$(OBJEXT) \
+	$(OUTPRE)g_unwrap_iov.$(OBJEXT) \
+	$(OUTPRE)g_verify.$(OBJEXT) \
+	$(OUTPRE)g_wrap_aead.$(OBJEXT) \
+	$(OUTPRE)g_wrap_iov.$(OBJEXT) \
+	$(OUTPRE)gssd_pname_to_uid.$(OBJEXT)
+
+STLIBOBJS = \
+	g_accept_sec_context.o \
+	g_acquire_cred.o \
+	g_acquire_cred_with_pw.o \
+	g_acquire_cred_imp_name.o \
+	g_authorize_localname.o \
+	g_buffer_set.o \
+	g_canon_name.o \
+	g_compare_name.o \
+	g_complete_auth_token.o \
+	g_context_time.o \
+	g_decapsulate_token.o \
+	g_delete_sec_context.o \
+	g_del_name_attr.o \
+	g_dsp_name.o \
+	g_dsp_name_ext.o \
+	g_dsp_status.o \
+	g_dup_name.o \
+	g_encapsulate_token.o \
+	g_exp_sec_context.o \
+	g_export_cred.o \
+	g_export_name.o \
+	g_export_name_comp.o \
+	g_get_name_attr.o \
+	g_glue.o \
+	g_imp_cred.o \
+	g_imp_name.o \
+	g_imp_sec_context.o \
+	g_init_sec_context.o \
+	g_initialize.o \
+	g_inq_context.o \
+	g_inq_context_oid.o \
+	g_inq_cred.o \
+	g_inq_cred_oid.o \
+	g_inq_name.o \
+	g_inq_names.o \
+	g_map_name_to_any.o \
+	g_mech_invoke.o \
+	g_mechattr.o \
+	g_mechname.o \
+	g_negoex.o \
+	g_oid_ops.o \
+	g_prf.o \
+	g_process_context.o \
+	g_rel_buffer.o \
+	g_rel_cred.o \
+	g_rel_name.o \
+	g_rel_name_mapping.o \
+	g_rel_oid_set.o \
+	g_saslname.o \
+	g_seal.o \
+	g_set_context_option.o \
+	g_set_cred_option.o \
+	g_set_name_attr.o \
+	g_set_neg_mechs.o \
+	g_sign.o \
+	g_store_cred.o \
+	g_unseal.o \
+	g_unwrap_aead.o \
+	g_unwrap_iov.o \
+	g_verify.o \
+	g_wrap_aead.o \
+	g_wrap_iov.o \
+	gssd_pname_to_uid.o
+
+EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi
+EXPORTED_HEADERS = mechglue.h
+
+$(OBJS): $(EXPORTED_HEADERS)
+
+all-unix: all-libobjs
+
+##DOS##LIBOBJS = $(OBJS)
+
+clean-unix:: clean-libobjs
+
+# Krb5InstallHeaders($(EXPORTED_HEADERS), $(KRB5_INCDIR)/krb5)
+install:
+	@set -x; for f in $(EXPORTED_HEADERS) ; \
+	do $(INSTALL_DATA) $(srcdir)$(S)$$f     \
+		$(DESTDIR)$(KRB5_INCDIR)$(S)gssapi$(S)$$f ; \
+	done
+
+includes:
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/deps b/krb5-1.21.3/src/lib/gssapi/mechglue/deps
new file mode 100644
index 00000000..d2125d20
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/deps
@@ -0,0 +1,521 @@
+#
+# Generated makefile dependencies follow.
+#
+g_accept_sec_context.so g_accept_sec_context.po $(OUTPRE)g_accept_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_accept_sec_context.c mechglue.h mglueP.h
+g_acquire_cred.so g_acquire_cred.po $(OUTPRE)g_acquire_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_acquire_cred.c mechglue.h mglueP.h
+g_acquire_cred_with_pw.so g_acquire_cred_with_pw.po \
+  $(OUTPRE)g_acquire_cred_with_pw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  ../generic/gssapi_err_generic.h g_acquire_cred_with_pw.c \
+  mechglue.h mglueP.h
+g_acquire_cred_imp_name.so g_acquire_cred_imp_name.po \
+  $(OUTPRE)g_acquire_cred_imp_name.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  ../generic/gssapi_err_generic.h g_acquire_cred_imp_name.c \
+  mechglue.h mglueP.h
+g_authorize_localname.so g_authorize_localname.po $(OUTPRE)g_authorize_localname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_authorize_localname.c mechglue.h mglueP.h
+g_buffer_set.so g_buffer_set.po $(OUTPRE)g_buffer_set.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_buffer_set.c mechglue.h mglueP.h
+g_canon_name.so g_canon_name.po $(OUTPRE)g_canon_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_canon_name.c mechglue.h mglueP.h
+g_compare_name.so g_compare_name.po $(OUTPRE)g_compare_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_compare_name.c mechglue.h mglueP.h
+g_complete_auth_token.so g_complete_auth_token.po $(OUTPRE)g_complete_auth_token.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_complete_auth_token.c mechglue.h mglueP.h
+g_context_time.so g_context_time.po $(OUTPRE)g_context_time.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_context_time.c mechglue.h mglueP.h
+g_decapsulate_token.so g_decapsulate_token.po $(OUTPRE)g_decapsulate_token.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_decapsulate_token.c mechglue.h mglueP.h
+g_delete_sec_context.so g_delete_sec_context.po $(OUTPRE)g_delete_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_delete_sec_context.c mechglue.h mglueP.h
+g_del_name_attr.so g_del_name_attr.po $(OUTPRE)g_del_name_attr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_del_name_attr.c mechglue.h mglueP.h
+g_dsp_name.so g_dsp_name.po $(OUTPRE)g_dsp_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_dsp_name.c mechglue.h mglueP.h
+g_dsp_name_ext.so g_dsp_name_ext.po $(OUTPRE)g_dsp_name_ext.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_dsp_name_ext.c mechglue.h mglueP.h
+g_dsp_status.so g_dsp_status.po $(OUTPRE)g_dsp_status.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_dsp_status.c mechglue.h mglueP.h
+g_dup_name.so g_dup_name.po $(OUTPRE)g_dup_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_dup_name.c mechglue.h mglueP.h
+g_encapsulate_token.so g_encapsulate_token.po $(OUTPRE)g_encapsulate_token.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_encapsulate_token.c mechglue.h mglueP.h
+g_exp_sec_context.so g_exp_sec_context.po $(OUTPRE)g_exp_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_exp_sec_context.c mechglue.h mglueP.h
+g_export_cred.so g_export_cred.po $(OUTPRE)g_export_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_export_cred.c mechglue.h mglueP.h
+g_export_name.so g_export_name.po $(OUTPRE)g_export_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_export_name.c mechglue.h mglueP.h
+g_export_name_comp.so g_export_name_comp.po $(OUTPRE)g_export_name_comp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_export_name_comp.c mechglue.h mglueP.h
+g_get_name_attr.so g_get_name_attr.po $(OUTPRE)g_get_name_attr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_get_name_attr.c mechglue.h mglueP.h
+g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-der.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  ../generic/gssapi_err_generic.h g_glue.c mechglue.h \
+  mglueP.h
+g_imp_cred.so g_imp_cred.po $(OUTPRE)g_imp_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_imp_cred.c mechglue.h mglueP.h
+g_imp_name.so g_imp_name.po $(OUTPRE)g_imp_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-der.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_imp_name.c mechglue.h mglueP.h
+g_imp_sec_context.so g_imp_sec_context.po $(OUTPRE)g_imp_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_imp_sec_context.c mechglue.h mglueP.h
+g_init_sec_context.so g_init_sec_context.po $(OUTPRE)g_init_sec_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_init_sec_context.c mechglue.h mglueP.h
+g_initialize.so g_initialize.po $(OUTPRE)g_initialize.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../krb5/gssapiP_krb5.h $(srcdir)/../krb5/gssapi_krb5.h \
+  $(srcdir)/../spnego/gssapiP_negoex.h $(srcdir)/../spnego/gssapiP_spnego.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
+  ../krb5/gssapi_err_krb5.h g_initialize.c mechglue.h \
+  mglueP.h
+g_inq_context.so g_inq_context.po $(OUTPRE)g_inq_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_inq_context.c mechglue.h mglueP.h
+g_inq_context_oid.so g_inq_context_oid.po $(OUTPRE)g_inq_context_oid.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_inq_context_oid.c mechglue.h mglueP.h
+g_inq_cred.so g_inq_cred.po $(OUTPRE)g_inq_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_inq_cred.c mechglue.h mglueP.h
+g_inq_cred_oid.so g_inq_cred_oid.po $(OUTPRE)g_inq_cred_oid.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_inq_cred_oid.c mechglue.h mglueP.h
+g_inq_name.so g_inq_name.po $(OUTPRE)g_inq_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_inq_name.c mechglue.h mglueP.h
+g_inq_names.so g_inq_names.po $(OUTPRE)g_inq_names.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_inq_names.c mechglue.h mglueP.h
+g_map_name_to_any.so g_map_name_to_any.po $(OUTPRE)g_map_name_to_any.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_map_name_to_any.c mechglue.h mglueP.h
+g_mech_invoke.so g_mech_invoke.po $(OUTPRE)g_mech_invoke.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_mech_invoke.c mechglue.h mglueP.h
+g_mechattr.so g_mechattr.po $(OUTPRE)g_mechattr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_mechattr.c mechglue.h mglueP.h
+g_mechname.so g_mechname.po $(OUTPRE)g_mechname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_mechname.c mechglue.h mglueP.h
+g_negoex.so g_negoex.po $(OUTPRE)g_negoex.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_negoex.c mechglue.h mglueP.h
+g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_oid_ops.c mechglue.h mglueP.h
+g_prf.so g_prf.po $(OUTPRE)g_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  ../generic/gssapi_err_generic.h g_prf.c mechglue.h \
+  mglueP.h
+g_process_context.so g_process_context.po $(OUTPRE)g_process_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_process_context.c mechglue.h mglueP.h
+g_rel_buffer.so g_rel_buffer.po $(OUTPRE)g_rel_buffer.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_rel_buffer.c mechglue.h mglueP.h
+g_rel_cred.so g_rel_cred.po $(OUTPRE)g_rel_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_rel_cred.c mechglue.h mglueP.h
+g_rel_name.so g_rel_name.po $(OUTPRE)g_rel_name.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_rel_name.c mechglue.h mglueP.h
+g_rel_name_mapping.so g_rel_name_mapping.po $(OUTPRE)g_rel_name_mapping.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_rel_name_mapping.c mechglue.h mglueP.h
+g_rel_oid_set.so g_rel_oid_set.po $(OUTPRE)g_rel_oid_set.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_rel_oid_set.c mechglue.h mglueP.h
+g_saslname.so g_saslname.po $(OUTPRE)g_saslname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_saslname.c mechglue.h mglueP.h
+g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  ../generic/gssapi_err_generic.h g_seal.c mechglue.h \
+  mglueP.h
+g_set_context_option.so g_set_context_option.po $(OUTPRE)g_set_context_option.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_set_context_option.c mechglue.h mglueP.h
+g_set_cred_option.so g_set_cred_option.po $(OUTPRE)g_set_cred_option.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_set_cred_option.c mechglue.h mglueP.h
+g_set_name_attr.so g_set_name_attr.po $(OUTPRE)g_set_name_attr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_set_name_attr.c mechglue.h mglueP.h
+g_set_neg_mechs.so g_set_neg_mechs.po $(OUTPRE)g_set_neg_mechs.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_set_neg_mechs.c mechglue.h mglueP.h
+g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  ../generic/gssapi_err_generic.h g_sign.c mechglue.h \
+  mglueP.h
+g_store_cred.so g_store_cred.po $(OUTPRE)g_store_cred.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_store_cred.c mechglue.h mglueP.h
+g_unseal.so g_unseal.po $(OUTPRE)g_unseal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_unseal.c mechglue.h mglueP.h
+g_unwrap_aead.so g_unwrap_aead.po $(OUTPRE)g_unwrap_aead.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_unwrap_aead.c mechglue.h mglueP.h
+g_unwrap_iov.so g_unwrap_iov.po $(OUTPRE)g_unwrap_iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_unwrap_iov.c mechglue.h mglueP.h
+g_verify.so g_verify.po $(OUTPRE)g_verify.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_verify.c mechglue.h mglueP.h
+g_wrap_aead.so g_wrap_aead.po $(OUTPRE)g_wrap_aead.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_wrap_aead.c mechglue.h mglueP.h
+g_wrap_iov.so g_wrap_iov.po $(OUTPRE)g_wrap_iov.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_wrap_iov.c mechglue.h mglueP.h
+gssd_pname_to_uid.so gssd_pname_to_uid.po $(OUTPRE)gssd_pname_to_uid.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  gssd_pname_to_uid.c mechglue.h mglueP.h
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_accept_sec_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_accept_sec_context.c
new file mode 100644
index 00000000..4f2a66e2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -0,0 +1,407 @@
+/* #pragma ident	"@(#)g_accept_sec_context.c	1.19	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_accept_sec_context
+ */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+#ifndef LEAN_CLIENT
+static OM_uint32
+val_acc_sec_ctx_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    gss_cred_id_t verifier_cred_handle,
+    gss_buffer_t input_token_buffer,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_name_t *src_name,
+    gss_OID *mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec,
+    gss_cred_id_t *d_cred)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (src_name != NULL)
+	*src_name = GSS_C_NO_NAME;
+
+    if (mech_type != NULL)
+	*mech_type = GSS_C_NO_OID;
+
+    if (output_token != GSS_C_NO_BUFFER) {
+	output_token->length = 0;
+	output_token->value = NULL;
+    }
+
+    if (ret_flags != NULL)
+	*ret_flags = 0;
+
+    if (time_rec != NULL)
+	*time_rec = 0;
+
+    if (d_cred != NULL)
+	*d_cred = GSS_C_NO_CREDENTIAL;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (input_token_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (output_token == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+/* Return true if mech should be accepted with no acceptor credential. */
+static int
+allow_mech_by_default(gss_OID mech)
+{
+    OM_uint32 status, minor;
+    gss_OID_set attrs;
+    int reject = 0, p;
+
+    /* Whether we accept an interposer mech depends on whether we accept the
+     * mech it interposes. */
+    mech = gssint_get_public_oid(mech);
+    if (mech == GSS_C_NO_OID)
+	return 0;
+
+    status = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
+    if (status)
+	return 0;
+
+    /* If the mechanism doesn't support RFC 5587, don't exclude it. */
+    if (attrs == GSS_C_NO_OID_SET)
+	return 1;
+
+    /* Check for each attribute which would cause us to exclude this mech from
+     * the default credential. */
+    if (generic_gss_test_oid_set_member(&minor, GSS_C_MA_DEPRECATED,
+					attrs, &p) != GSS_S_COMPLETE || p)
+	reject = 1;
+    else if (generic_gss_test_oid_set_member(&minor, GSS_C_MA_NOT_DFLT_MECH,
+					     attrs, &p) != GSS_S_COMPLETE || p)
+	reject = 1;
+
+    (void) gss_release_oid_set(&minor, &attrs);
+    return !reject;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_accept_sec_context (minor_status,
+                        context_handle,
+                        verifier_cred_handle,
+                        input_token_buffer,
+                        input_chan_bindings,
+                        src_name,
+                        mech_type,
+                        output_token,
+                        ret_flags,
+                        time_rec,
+                        d_cred)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t *		context_handle;
+gss_cred_id_t		verifier_cred_handle;
+gss_buffer_t		input_token_buffer;
+gss_channel_bindings_t	input_chan_bindings;
+gss_name_t *		src_name;
+gss_OID *		mech_type;
+gss_buffer_t		output_token;
+OM_uint32 *		ret_flags;
+OM_uint32 *		time_rec;
+gss_cred_id_t *		d_cred;
+
+{
+    OM_uint32		status, temp_status, temp_minor_status;
+    OM_uint32		temp_ret_flags = 0;
+    gss_union_ctx_id_t	union_ctx_id = NULL;
+    gss_cred_id_t	input_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t	tmp_d_cred = GSS_C_NO_CREDENTIAL;
+    gss_name_t		internal_name = GSS_C_NO_NAME;
+    gss_name_t		tmp_src_name = GSS_C_NO_NAME;
+    gss_OID_desc	token_mech_type_desc;
+    gss_OID		token_mech_type = &token_mech_type_desc;
+    gss_OID		actual_mech = GSS_C_NO_OID;
+    gss_OID		selected_mech = GSS_C_NO_OID;
+    gss_OID		public_mech;
+    gss_mechanism	mech = NULL;
+    gss_union_cred_t	uc;
+    int			i;
+
+    status = val_acc_sec_ctx_args(minor_status,
+				  context_handle,
+				  verifier_cred_handle,
+				  input_token_buffer,
+				  input_chan_bindings,
+				  src_name,
+				  mech_type,
+				  output_token,
+				  ret_flags,
+				  time_rec,
+				  d_cred);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * if context_handle is GSS_C_NO_CONTEXT, allocate a union context
+     * descriptor to hold the mech type information as well as the
+     * underlying mechanism context handle. Otherwise, cast the
+     * value of *context_handle to the union context variable.
+     */
+
+    if(*context_handle == GSS_C_NO_CONTEXT) {
+
+	if (input_token_buffer == GSS_C_NO_BUFFER)
+	    return (GSS_S_CALL_INACCESSIBLE_READ);
+
+	/* Get the token mech type */
+	status = gssint_get_mech_type(token_mech_type, input_token_buffer);
+	if (status)
+	    return status;
+
+	/*
+	 * An interposer calling back into the mechglue can't pass in a special
+	 * mech, so we have to recognize it using verifier_cred_handle.  Use
+	 * the mechanism for which we have matching creds, if available.
+	 */
+	if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) {
+	    uc = (gss_union_cred_t)verifier_cred_handle;
+	    for (i = 0; i < uc->count; i++) {
+		public_mech = gssint_get_public_oid(&uc->mechs_array[i]);
+		if (public_mech && g_OID_equal(token_mech_type, public_mech)) {
+		    selected_mech = &uc->mechs_array[i];
+		    break;
+		}
+	    }
+	}
+
+	if (selected_mech == GSS_C_NO_OID) {
+	    status = gssint_select_mech_type(minor_status, token_mech_type,
+					     &selected_mech);
+	    if (status)
+		return status;
+	}
+
+    } else {
+	union_ctx_id = (gss_union_ctx_id_t)*context_handle;
+	selected_mech = union_ctx_id->mech_type;
+	if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+	    return (GSS_S_NO_CONTEXT);
+    }
+
+    /* Now create a new context if we didn't get one. */
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+	status = gssint_create_union_context(minor_status, selected_mech,
+					     &union_ctx_id);
+	if (status != GSS_S_COMPLETE)
+	    return (status);
+    }
+
+    /*
+     * get the appropriate cred handle from the union cred struct.
+     */
+    if (verifier_cred_handle != GSS_C_NO_CREDENTIAL) {
+	input_cred_handle =
+	    gssint_get_mechanism_cred((gss_union_cred_t)verifier_cred_handle,
+				      selected_mech);
+	if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
+	    /* verifier credential specified but no acceptor credential found */
+	    status = GSS_S_NO_CRED;
+	    goto error_out;
+	}
+    } else if (!allow_mech_by_default(selected_mech)) {
+	status = GSS_S_NO_CRED;
+	goto error_out;
+    }
+
+    /*
+     * now select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech && mech->gss_accept_sec_context) {
+
+	    status = mech->gss_accept_sec_context(minor_status,
+						  &union_ctx_id->internal_ctx_id,
+						  input_cred_handle,
+						  input_token_buffer,
+						  input_chan_bindings,
+						  src_name ? &internal_name : NULL,
+						  &actual_mech,
+						  output_token,
+						  &temp_ret_flags,
+						  time_rec,
+					d_cred ? &tmp_d_cred : NULL);
+
+	    /* If there's more work to do, keep going... */
+	    if (status == GSS_S_CONTINUE_NEEDED) {
+		*context_handle = (gss_ctx_id_t)union_ctx_id;
+		return GSS_S_CONTINUE_NEEDED;
+	    }
+
+	    /* if the call failed, return with failure */
+	    if (status != GSS_S_COMPLETE) {
+		map_error(minor_status, mech);
+		goto error_out;
+	    }
+
+	    /*
+	     * if src_name is non-NULL,
+	     * convert internal_name into a union name equivalent
+	     * First call the mechanism specific display_name()
+	     * then call gss_import_name() to create
+	     * the union name struct cast to src_name
+	     */
+	    if (src_name != NULL) {
+		if (internal_name != GSS_C_NO_NAME) {
+		    /* consumes internal_name regardless of success */
+		    temp_status = gssint_convert_name_to_union_name(
+			    &temp_minor_status, mech,
+			    internal_name, &tmp_src_name);
+		    if (temp_status != GSS_S_COMPLETE) {
+			status = temp_status;
+			*minor_status = temp_minor_status;
+			map_error(minor_status, mech);
+			if (output_token->length)
+			    (void) gss_release_buffer(&temp_minor_status,
+						      output_token);
+			goto error_out;
+		    }
+		    *src_name = tmp_src_name;
+		} else
+		    *src_name = GSS_C_NO_NAME;
+	    }
+
+#define g_OID_prefix_equal(o1, o2) \
+        (((o1)->length >= (o2)->length) && \
+        (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
+
+	    /* Ensure we're returning correct creds format */
+	    if ((temp_ret_flags & GSS_C_DELEG_FLAG) &&
+		tmp_d_cred != GSS_C_NO_CREDENTIAL) {
+		public_mech = gssint_get_public_oid(selected_mech);
+		if (actual_mech != GSS_C_NO_OID &&
+		    public_mech != GSS_C_NO_OID &&
+		    !g_OID_prefix_equal(actual_mech, public_mech)) {
+		    *d_cred = tmp_d_cred; /* unwrapped pseudo-mech */
+		} else {
+		    gss_union_cred_t d_u_cred = NULL;
+
+		    d_u_cred = malloc(sizeof (gss_union_cred_desc));
+		    if (d_u_cred == NULL) {
+			status = GSS_S_FAILURE;
+			goto error_out;
+		    }
+		    (void) memset(d_u_cred, 0, sizeof (gss_union_cred_desc));
+
+		    d_u_cred->count = 1;
+
+		    status = generic_gss_copy_oid(&temp_minor_status,
+						  selected_mech,
+						  &d_u_cred->mechs_array);
+
+		    if (status != GSS_S_COMPLETE) {
+			free(d_u_cred);
+			goto error_out;
+		    }
+
+		    d_u_cred->cred_array = malloc(sizeof(gss_cred_id_t));
+		    if (d_u_cred->cred_array != NULL) {
+			d_u_cred->cred_array[0] = tmp_d_cred;
+		    } else {
+			free(d_u_cred);
+			status = GSS_S_FAILURE;
+			goto error_out;
+		    }
+
+		    d_u_cred->loopback = d_u_cred;
+		    *d_cred = (gss_cred_id_t)d_u_cred;
+		}
+	    }
+
+	    if (mech_type != NULL)
+		*mech_type = gssint_get_public_oid(actual_mech);
+	    if (ret_flags != NULL)
+		*ret_flags = temp_ret_flags;
+	    *context_handle = (gss_ctx_id_t)union_ctx_id;
+	    return GSS_S_COMPLETE;
+    } else {
+
+	status = GSS_S_BAD_MECH;
+    }
+
+error_out:
+	/*
+	 * RFC 2744 5.1 requires that we not create a context on a failed first
+	 * call to accept, and recommends that on a failed subsequent call we
+	 * make the caller responsible for calling gss_delete_sec_context.
+	 * Even if the mech deleted its context, keep the union context around
+	 * for the caller to delete.
+	 */
+    if (union_ctx_id && *context_handle == GSS_C_NO_CONTEXT) {
+	if (union_ctx_id->mech_type) {
+	    if (union_ctx_id->mech_type->elements)
+		free(union_ctx_id->mech_type->elements);
+	    free(union_ctx_id->mech_type);
+	}
+	if (union_ctx_id->internal_ctx_id && mech &&
+	    mech->gss_delete_sec_context) {
+	    mech->gss_delete_sec_context(&temp_minor_status,
+					 &union_ctx_id->internal_ctx_id,
+					 GSS_C_NO_BUFFER);
+	}
+	free(union_ctx_id);
+    }
+
+    if (src_name)
+	*src_name = GSS_C_NO_NAME;
+
+    if (tmp_src_name != GSS_C_NO_NAME)
+	(void) gss_release_buffer(&temp_minor_status,
+				  (gss_buffer_t)tmp_src_name);
+
+    return (status);
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c
new file mode 100644
index 00000000..c885f562
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -0,0 +1,633 @@
+/* #pragma ident	"@(#)g_acquire_cred.c	1.22	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_acquire_cred
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+static OM_uint32
+val_acq_cred_args(
+    OM_uint32 *minor_status,
+    gss_name_t desired_name,
+    OM_uint32 time_req,
+    gss_OID_set desired_mechs,
+    int cred_usage,
+    gss_const_key_value_set_t cred_store,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_cred_handle != NULL)
+	*output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    if (actual_mechs != NULL)
+	*actual_mechs = GSS_C_NULL_OID_SET;
+
+    if (time_rec != NULL)
+	*time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (output_cred_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred(minor_status,
+                 desired_name,
+                 time_req,
+                 desired_mechs,
+		 cred_usage,
+                 output_cred_handle,
+                 actual_mechs,
+                 time_rec)
+
+OM_uint32 *		minor_status;
+gss_name_t		desired_name;
+OM_uint32		time_req;
+gss_OID_set		desired_mechs;
+int			cred_usage;
+gss_cred_id_t *		output_cred_handle;
+gss_OID_set *		actual_mechs;
+OM_uint32 *		time_rec;
+
+{
+    return gss_acquire_cred_from(minor_status, desired_name, time_req,
+				 desired_mechs, cred_usage, NULL,
+				 output_cred_handle, actual_mechs, time_rec);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_from(minor_status,
+		      desired_name,
+		      time_req,
+		      desired_mechs,
+		      cred_usage,
+		      cred_store,
+		      output_cred_handle,
+		      actual_mechs,
+		      time_rec)
+
+OM_uint32 *			minor_status;
+gss_name_t			desired_name;
+OM_uint32			time_req;
+gss_OID_set			desired_mechs;
+int				cred_usage;
+gss_const_key_value_set_t	cred_store;
+gss_cred_id_t *			output_cred_handle;
+gss_OID_set *			actual_mechs;
+OM_uint32 *			time_rec;
+
+{
+    OM_uint32 major = GSS_S_FAILURE, tmpMinor;
+    OM_uint32 first_major = GSS_S_COMPLETE, first_minor = 0;
+    OM_uint32 initTimeOut = 0, acceptTimeOut = 0, outTime = GSS_C_INDEFINITE;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
+    gss_OID_set_desc except_attrs;
+    gss_OID_desc attr_oids[2];
+    unsigned int i;
+    gss_union_cred_t creds = NULL;
+
+    major = val_acq_cred_args(minor_status,
+			      desired_name,
+			      time_req,
+			      desired_mechs,
+			      cred_usage,
+			      cred_store,
+			      output_cred_handle,
+			      actual_mechs,
+			      time_rec);
+    if (major != GSS_S_COMPLETE)
+	goto cleanup;
+
+    /*
+     * if desired_mechs equals GSS_C_NULL_OID_SET, then try to
+     * acquire credentials for all non-deprecated mechanisms.
+     */
+    if (desired_mechs == GSS_C_NULL_OID_SET) {
+	attr_oids[0] = *GSS_C_MA_DEPRECATED;
+	attr_oids[1] = *GSS_C_MA_NOT_DFLT_MECH;
+	except_attrs.count = 2;
+	except_attrs.elements = attr_oids;
+	major = gss_indicate_mechs_by_attrs(minor_status, GSS_C_NO_OID_SET,
+					    &except_attrs, GSS_C_NO_OID_SET,
+					    &mechs);
+	if (major != GSS_S_COMPLETE)
+	    goto cleanup;
+    } else
+	mechs = desired_mechs;
+
+    if (mechs->count == 0) {
+	major = GSS_S_BAD_MECH;
+	goto cleanup;
+    }
+
+    /* allocate the output credential structure */
+    creds = (gss_union_cred_t)calloc(1, sizeof (gss_union_cred_desc));
+    if (creds == NULL) {
+	major = GSS_S_FAILURE;
+	*minor_status = ENOMEM;
+	goto cleanup;
+    }
+
+    creds->count = 0;
+    creds->loopback = creds;
+
+    /* for each requested mech attempt to obtain a credential */
+    for (i = 0, major = GSS_S_UNAVAILABLE; i < mechs->count; i++) {
+	major = gss_add_cred_from(&tmpMinor, (gss_cred_id_t)creds,
+				  desired_name, &mechs->elements[i],
+				  cred_usage, time_req, time_req,
+				  cred_store, NULL, NULL,
+				  time_rec ? &initTimeOut : NULL,
+				  time_rec ? &acceptTimeOut : NULL);
+	if (major == GSS_S_COMPLETE) {
+	    /* update the credential's time */
+	    if (cred_usage == GSS_C_ACCEPT) {
+		if (outTime > acceptTimeOut)
+		    outTime = acceptTimeOut;
+	    } else if (cred_usage == GSS_C_INITIATE) {
+		if (outTime > initTimeOut)
+		    outTime = initTimeOut;
+	    } else {
+		/*
+		 * time_rec is the lesser of the
+		 * init/accept times
+		 */
+		if (initTimeOut > acceptTimeOut)
+		    outTime = (outTime > acceptTimeOut) ?
+			acceptTimeOut : outTime;
+		else
+		    outTime = (outTime > initTimeOut) ?
+			initTimeOut : outTime;
+	    }
+	} else if (first_major == GSS_S_COMPLETE) {
+	    first_major = major;
+	    first_minor = tmpMinor;
+	}
+    } /* for */
+
+    /* If we didn't get any creds, return the error status from the first mech
+     * (which is often the preferred one). */
+    if (creds->count < 1) {
+	major = first_major;
+	*minor_status = first_minor;
+	goto cleanup;
+    }
+    major = GSS_S_COMPLETE;
+
+    /*
+     * fill in output parameters
+     * setup the actual mechs output parameter
+     */
+    if (actual_mechs != NULL) {
+	major = gssint_make_public_oid_set(minor_status, creds->mechs_array,
+					   creds->count, actual_mechs);
+	if (GSS_ERROR(major))
+	    goto cleanup;
+    }
+
+    if (time_rec)
+	*time_rec = outTime;
+
+    *output_cred_handle = (gss_cred_id_t)creds;
+
+cleanup:
+    if (GSS_ERROR(major))
+	gss_release_cred(&tmpMinor, (gss_cred_id_t *)&creds);
+    if (desired_mechs == GSS_C_NO_OID_SET)
+        generic_gss_release_oid_set(&tmpMinor, &mechs);
+
+    return (major);
+}
+
+static OM_uint32
+val_add_cred_args(
+    OM_uint32 *minor_status,
+    gss_cred_id_t input_cred_handle,
+    gss_name_t desired_name,
+    gss_OID desired_mech,
+    gss_cred_usage_t cred_usage,
+    gss_const_key_value_set_t cred_store,
+    OM_uint32 initiator_time_req,
+    OM_uint32 acceptor_time_req,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *initiator_time_rec,
+    OM_uint32 *acceptor_time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_cred_handle != NULL)
+	*output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    if (actual_mechs != NULL)
+	*actual_mechs = GSS_C_NO_OID_SET;
+
+    if (acceptor_time_rec != NULL)
+	*acceptor_time_rec = 0;
+
+    if (initiator_time_rec != NULL)
+	*initiator_time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
+	output_cred_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
+
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+/* Copy a mechanism credential (with the mechanism given by mech_oid) as
+ * faithfully as possible. */
+static OM_uint32
+copy_mech_cred(OM_uint32 *minor_status, gss_cred_id_t cred_in,
+	       gss_OID mech_oid, gss_cred_id_t *cred_out)
+{
+    OM_uint32 status, tmpmin;
+    gss_mechanism mech;
+    gss_buffer_desc buf;
+    gss_name_t name;
+    OM_uint32 life;
+    gss_cred_usage_t usage;
+    gss_OID_set_desc oidset;
+
+    mech = gssint_get_mechanism(mech_oid);
+    if (mech == NULL)
+	return (GSS_S_BAD_MECH);
+    if (mech->gss_export_cred != NULL && mech->gss_import_cred != NULL) {
+	status = mech->gss_export_cred(minor_status, cred_in, &buf);
+	if (status != GSS_S_COMPLETE)
+	    return (status);
+	status = mech->gss_import_cred(minor_status, &buf, cred_out);
+	(void) gss_release_buffer(&tmpmin, &buf);
+    } else if (mech->gss_inquire_cred != NULL &&
+	       mech->gss_acquire_cred != NULL) {
+	status = mech->gss_inquire_cred(minor_status, cred_in, &name, &life,
+					&usage, NULL);
+	if (status != GSS_S_COMPLETE)
+	    return (status);
+	oidset.count = 1;
+	oidset.elements = gssint_get_public_oid(mech_oid);
+	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
+					usage, cred_out, NULL, NULL);
+	gss_release_name(&tmpmin, &name);
+    } else {
+	status = GSS_S_UNAVAILABLE;
+    }
+    return (status);
+}
+
+/* Copy a union credential from cred_in to *cred_out. */
+static OM_uint32
+copy_union_cred(OM_uint32 *minor_status, gss_cred_id_t cred_in,
+		gss_union_cred_t *cred_out)
+{
+    OM_uint32 status, tmpmin;
+    gss_union_cred_t cred = (gss_union_cred_t)cred_in;
+    gss_union_cred_t ncred = NULL;
+    gss_cred_id_t tmpcred;
+    int i;
+
+    ncred = calloc(1, sizeof (*ncred));
+    if (ncred == NULL)
+	goto oom;
+    ncred->mechs_array = calloc(cred->count, sizeof (*ncred->mechs_array));
+    ncred->cred_array = calloc(cred->count, sizeof (*ncred->cred_array));
+    if (ncred->mechs_array == NULL || ncred->cred_array == NULL)
+	goto oom;
+    ncred->count = cred->count;
+
+    for (i = 0; i < cred->count; i++) {
+	/* Copy this element's mechanism OID. */
+	ncred->mechs_array[i].elements = malloc(cred->mechs_array[i].length);
+	if (ncred->mechs_array[i].elements == NULL)
+	    goto oom;
+	g_OID_copy(&ncred->mechs_array[i], &cred->mechs_array[i]);
+
+	/* Copy this element's mechanism cred. */
+	status = copy_mech_cred(minor_status, cred->cred_array[i],
+				&cred->mechs_array[i], &ncred->cred_array[i]);
+	if (status != GSS_S_COMPLETE)
+	    goto error;
+    }
+
+    ncred->loopback = ncred;
+    *cred_out = ncred;
+    return GSS_S_COMPLETE;
+
+oom:
+    status = GSS_S_FAILURE;
+    *minor_status = ENOMEM;
+error:
+    tmpcred = (gss_cred_id_t)ncred;
+    (void) gss_release_cred(&tmpmin, &tmpcred);
+    return status;
+}
+
+/* V2 KRB5_CALLCONV */
+OM_uint32 KRB5_CALLCONV
+gss_add_cred(minor_status, input_cred_handle,
+		  desired_name, desired_mech, cred_usage,
+		  initiator_time_req, acceptor_time_req,
+		  output_cred_handle, actual_mechs,
+		  initiator_time_rec, acceptor_time_rec)
+    OM_uint32		*minor_status;
+    gss_cred_id_t	input_cred_handle;
+    gss_name_t		desired_name;
+    gss_OID		desired_mech;
+    gss_cred_usage_t	cred_usage;
+    OM_uint32		initiator_time_req;
+    OM_uint32		acceptor_time_req;
+    gss_cred_id_t	*output_cred_handle;
+    gss_OID_set		*actual_mechs;
+    OM_uint32		*initiator_time_rec;
+    OM_uint32		*acceptor_time_rec;
+{
+    return gss_add_cred_from(minor_status, input_cred_handle, desired_name,
+			     desired_mech, cred_usage, initiator_time_req,
+			     acceptor_time_req, NULL, output_cred_handle,
+			     actual_mechs, initiator_time_rec,
+			     acceptor_time_rec);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_add_cred_from(minor_status, input_cred_handle,
+		  desired_name, desired_mech,
+		  cred_usage,
+		  initiator_time_req, acceptor_time_req,
+		  cred_store,
+		  output_cred_handle, actual_mechs,
+		  initiator_time_rec, acceptor_time_rec)
+    OM_uint32		*minor_status;
+    gss_cred_id_t	input_cred_handle;
+    gss_name_t		desired_name;
+    gss_OID		desired_mech;
+    gss_cred_usage_t	cred_usage;
+    OM_uint32		initiator_time_req;
+    OM_uint32		acceptor_time_req;
+    gss_const_key_value_set_t  cred_store;
+    gss_cred_id_t	*output_cred_handle;
+    gss_OID_set		*actual_mechs;
+    OM_uint32		*initiator_time_rec;
+    OM_uint32		*acceptor_time_rec;
+{
+    OM_uint32		status, temp_minor_status;
+    OM_uint32		time_req, time_rec = 0, *time_recp = NULL;
+    gss_union_name_t	union_name;
+    gss_union_cred_t	union_cred;
+    gss_name_t		internal_name = GSS_C_NO_NAME;
+    gss_name_t		allocated_name = GSS_C_NO_NAME;
+    gss_mechanism	mech;
+    gss_cred_id_t	cred = NULL, tmpcred;
+    void		*newptr, *oidbuf = NULL;
+    gss_OID_set_desc	target_mechs;
+    gss_OID		selected_mech = GSS_C_NO_OID;
+
+    status = val_add_cred_args(minor_status,
+			       input_cred_handle,
+			       desired_name,
+			       desired_mech,
+			       cred_usage,
+			       cred_store,
+			       initiator_time_req,
+			       acceptor_time_req,
+			       output_cred_handle,
+			       actual_mechs,
+			       initiator_time_rec,
+			       acceptor_time_rec);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    status = gssint_select_mech_type(minor_status, desired_mech,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (!mech)
+	return GSS_S_BAD_MECH;
+    else if (!mech->gss_acquire_cred)
+	return (GSS_S_UNAVAILABLE);
+
+    union_cred = (gss_union_cred_t)input_cred_handle;
+    if (union_cred != NULL &&
+	gssint_get_mechanism_cred(union_cred,
+				  selected_mech) != GSS_C_NO_CREDENTIAL)
+	return (GSS_S_DUPLICATE_ELEMENT);
+
+    if (union_cred == NULL) {
+	/* Create a new credential handle. */
+	union_cred = malloc(sizeof (gss_union_cred_desc));
+	if (union_cred == NULL)
+	    return (GSS_S_FAILURE);
+
+	(void) memset(union_cred, 0, sizeof (gss_union_cred_desc));
+	union_cred->loopback = union_cred;
+    } else if (output_cred_handle != NULL) {
+	/* Create a new credential handle with the mechanism credentials of the
+	 * input handle plus the acquired mechanism credential. */
+	status = copy_union_cred(minor_status, input_cred_handle, &union_cred);
+	if (status != GSS_S_COMPLETE)
+	    return (status);
+    }
+
+    /* We may need to create a mechanism specific name. */
+    if (desired_name != GSS_C_NO_NAME) {
+	union_name = (gss_union_name_t)desired_name;
+	if (union_name->mech_type &&
+	    g_OID_equal(union_name->mech_type, selected_mech)) {
+	    internal_name = union_name->mech_name;
+	} else {
+	    if (gssint_import_internal_name(minor_status, selected_mech,
+					    union_name, &allocated_name) !=
+		GSS_S_COMPLETE) {
+		status = GSS_S_BAD_NAME;
+		goto errout;
+	    }
+	    internal_name = allocated_name;
+	}
+    }
+
+
+    if (cred_usage == GSS_C_ACCEPT)
+	time_req = acceptor_time_req;
+    else if (cred_usage == GSS_C_INITIATE)
+	time_req = initiator_time_req;
+    else if (cred_usage == GSS_C_BOTH)
+	time_req = (acceptor_time_req > initiator_time_req) ?
+	    acceptor_time_req : initiator_time_req;
+    else
+	time_req = 0;
+
+    target_mechs.count = 1;
+    target_mechs.elements = gssint_get_public_oid(selected_mech);
+    if (target_mechs.elements == NULL) {
+	status = GSS_S_FAILURE;
+	goto errout;
+    }
+
+    if (initiator_time_rec != NULL || acceptor_time_rec != NULL)
+	time_recp = &time_rec;
+
+    if (mech->gss_acquire_cred_from) {
+	status = mech->gss_acquire_cred_from(minor_status, internal_name,
+					     time_req, &target_mechs,
+					     cred_usage, cred_store, &cred,
+					     NULL, time_recp);
+    } else if (cred_store == GSS_C_NO_CRED_STORE) {
+	status = mech->gss_acquire_cred(minor_status, internal_name, time_req,
+					&target_mechs, cred_usage, &cred, NULL,
+					time_recp);
+    } else {
+	status = GSS_S_UNAVAILABLE;
+	goto errout;
+    }
+
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	goto errout;
+    }
+
+    /* Extend the arrays in the union cred. */
+
+    newptr = realloc(union_cred->mechs_array,
+		     (union_cred->count + 1) * sizeof (gss_OID_desc));
+    if (newptr == NULL) {
+	status = GSS_S_FAILURE;
+	goto errout;
+    }
+    union_cred->mechs_array = newptr;
+
+    newptr = realloc(union_cred->cred_array,
+		     (union_cred->count + 1) * sizeof (gss_cred_id_t));
+    if (newptr == NULL) {
+	status = GSS_S_FAILURE;
+	goto errout;
+    }
+    union_cred->cred_array = newptr;
+
+    if (acceptor_time_rec)
+	if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
+	    *acceptor_time_rec = time_rec;
+    if (initiator_time_rec)
+	if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
+	    *initiator_time_rec = time_rec;
+
+    oidbuf = malloc(selected_mech->length);
+    if (oidbuf == NULL)
+	goto errout;
+    union_cred->mechs_array[union_cred->count].elements = oidbuf;
+    g_OID_copy(&union_cred->mechs_array[union_cred->count], selected_mech);
+
+    if (actual_mechs != NULL) {
+	status = gssint_make_public_oid_set(minor_status,
+					    union_cred->mechs_array,
+					    union_cred->count + 1,
+					    actual_mechs);
+	if (GSS_ERROR(status))
+	    goto errout;
+    }
+
+    union_cred->cred_array[union_cred->count] = cred;
+    union_cred->count++;
+    if (output_cred_handle != NULL)
+	*output_cred_handle = (gss_cred_id_t)union_cred;
+
+    /* We're done with the internal name. Free it if we allocated it. */
+
+    if (allocated_name)
+	(void) gssint_release_internal_name(&temp_minor_status,
+					   selected_mech,
+					   &allocated_name);
+
+    return (GSS_S_COMPLETE);
+
+errout:
+    if (cred != NULL && mech->gss_release_cred)
+	mech->gss_release_cred(&temp_minor_status, &cred);
+
+    if (allocated_name)
+	(void) gssint_release_internal_name(&temp_minor_status,
+					   selected_mech,
+					   &allocated_name);
+
+    if (output_cred_handle != NULL && union_cred != NULL) {
+	tmpcred = union_cred;
+	(void) gss_release_cred(&temp_minor_status, &tmpcred);
+    }
+
+    free(oidbuf);
+
+    return (status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
new file mode 100644
index 00000000..6ba170d8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
@@ -0,0 +1,529 @@
+/* #pragma ident	"@(#)g_acquire_cred.c	1.22	04/02/23 SMI" */
+
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Glue routine for gss_acquire_cred_impersonate_name */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+static OM_uint32
+val_acq_cred_impersonate_name_args(
+    OM_uint32 *minor_status,
+    const gss_cred_id_t impersonator_cred_handle,
+    const gss_name_t desired_name,
+    OM_uint32 time_req,
+    gss_OID_set desired_mechs,
+    gss_cred_usage_t cred_usage,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_cred_handle != NULL)
+	*output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    if (actual_mechs != NULL)
+	*actual_mechs = GSS_C_NULL_OID_SET;
+
+    if (time_rec != NULL)
+	*time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (impersonator_cred_handle == GSS_C_NO_CREDENTIAL)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
+
+    if (desired_name == GSS_C_NO_NAME)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    if (output_cred_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
+				  const gss_cred_id_t impersonator_cred_handle,
+				  const gss_name_t desired_name,
+				  OM_uint32 time_req,
+				  const gss_OID_set desired_mechs,
+				  gss_cred_usage_t cred_usage,
+				  gss_cred_id_t *output_cred_handle,
+				  gss_OID_set *actual_mechs,
+				  OM_uint32 *time_rec)
+{
+    OM_uint32 major = GSS_S_FAILURE;
+    OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE;
+    gss_OID_set_desc default_OID_set;
+    gss_OID_set mechs;
+    gss_OID_desc default_OID;
+    gss_mechanism mech;
+    unsigned int i;
+    gss_union_cred_t creds;
+
+    major = val_acq_cred_impersonate_name_args(minor_status,
+					       impersonator_cred_handle,
+					       desired_name,
+					       time_req,
+					       desired_mechs,
+					       cred_usage,
+					       output_cred_handle,
+					       actual_mechs,
+					       time_rec);
+    if (major != GSS_S_COMPLETE)
+	return (major);
+
+    /* Initial value needed below. */
+    major = GSS_S_FAILURE;
+
+    /*
+     * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an
+     * appropriate default.  We use the first mechanism in the
+     * mechanism list as the default. This set is created with
+     * statics thus needs not be freed
+     */
+    if(desired_mechs == GSS_C_NULL_OID_SET) {
+	mech = gssint_get_mechanism(NULL);
+	if (mech == NULL)
+	    return (GSS_S_BAD_MECH);
+
+	mechs = &default_OID_set;
+	default_OID_set.count = 1;
+	default_OID_set.elements = &default_OID;
+	default_OID.length = mech->mech_type.length;
+	default_OID.elements = mech->mech_type.elements;
+    } else
+	mechs = desired_mechs;
+
+    if (mechs->count == 0)
+	return (GSS_S_BAD_MECH);
+
+    /* allocate the output credential structure */
+    creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc));
+    if (creds == NULL)
+	return (GSS_S_FAILURE);
+
+    /* initialize to 0s */
+    (void) memset(creds, 0, sizeof (gss_union_cred_desc));
+    creds->loopback = creds;
+
+    /* for each requested mech attempt to obtain a credential */
+    for (i = 0; i < mechs->count; i++) {
+	major = gss_add_cred_impersonate_name(minor_status,
+					      (gss_cred_id_t)creds,
+					      impersonator_cred_handle,
+					      desired_name,
+					      &mechs->elements[i],
+					      cred_usage,
+					      time_req,
+					      time_req, NULL,
+					      NULL,
+					      &initTimeOut,
+					      &acceptTimeOut);
+	if (major == GSS_S_COMPLETE) {
+	    /* update the credential's time */
+	    if (cred_usage == GSS_C_ACCEPT) {
+		if (outTime > acceptTimeOut)
+		    outTime = acceptTimeOut;
+	    } else if (cred_usage == GSS_C_INITIATE) {
+		if (outTime > initTimeOut)
+		    outTime = initTimeOut;
+	    } else {
+		/*
+		 * time_rec is the lesser of the
+		 * init/accept times
+		 */
+		if (initTimeOut > acceptTimeOut)
+		    outTime = (outTime > acceptTimeOut) ?
+			acceptTimeOut : outTime;
+		else
+		    outTime = (outTime > initTimeOut) ?
+			initTimeOut : outTime;
+	    }
+	}
+    } /* for */
+
+    /* ensure that we have at least one credential element */
+    if (creds->count < 1) {
+	free(creds);
+	return (major);
+    }
+
+    /*
+     * fill in output parameters
+     * setup the actual mechs output parameter
+     */
+    if (actual_mechs != NULL) {
+	gss_OID_set_desc oids;
+
+	oids.count = creds->count;
+	oids.elements = creds->mechs_array;
+
+	major = generic_gss_copy_oid_set(minor_status, &oids, actual_mechs);
+	if (GSS_ERROR(major)) {
+	    (void) gss_release_cred(minor_status,
+				    (gss_cred_id_t *)&creds);
+	    return (major);
+	}
+    }
+
+    if (time_rec)
+	*time_rec = outTime;
+
+
+    creds->loopback = creds;
+    *output_cred_handle = (gss_cred_id_t)creds;
+    return (GSS_S_COMPLETE);
+}
+
+static OM_uint32
+val_add_cred_impersonate_name_args(
+    OM_uint32 *minor_status,
+    gss_cred_id_t input_cred_handle,
+    const gss_cred_id_t impersonator_cred_handle,
+    gss_name_t desired_name,
+    gss_OID desired_mech,
+    gss_cred_usage_t cred_usage,
+    OM_uint32 initiator_time_req,
+    OM_uint32 acceptor_time_req,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *initiator_time_rec,
+    OM_uint32 *acceptor_time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_cred_handle != NULL)
+	*output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    if (actual_mechs != NULL)
+	*actual_mechs = GSS_C_NO_OID_SET;
+
+    if (acceptor_time_rec != NULL)
+	*acceptor_time_rec = 0;
+
+    if (initiator_time_rec != NULL)
+	*initiator_time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (impersonator_cred_handle == GSS_C_NO_CREDENTIAL)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
+
+    if (desired_name == GSS_C_NO_NAME)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
+	output_cred_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
+
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+
+/* V2 KRB5_CALLCONV */
+OM_uint32 KRB5_CALLCONV
+gss_add_cred_impersonate_name(OM_uint32 *minor_status,
+			      gss_cred_id_t input_cred_handle,
+			      const gss_cred_id_t impersonator_cred_handle,
+			      const gss_name_t desired_name,
+			      const gss_OID desired_mech,
+			      gss_cred_usage_t cred_usage,
+			      OM_uint32 initiator_time_req,
+			      OM_uint32 acceptor_time_req,
+			      gss_cred_id_t *output_cred_handle,
+			      gss_OID_set *actual_mechs,
+			      OM_uint32 *initiator_time_rec,
+			      OM_uint32 *acceptor_time_rec)
+{
+    OM_uint32		status, temp_minor_status;
+    OM_uint32		time_req, time_rec;
+    gss_union_name_t	union_name;
+    gss_union_cred_t	new_union_cred, union_cred;
+    gss_cred_id_t	mech_impersonator_cred;
+    gss_name_t		internal_name = GSS_C_NO_NAME;
+    gss_name_t		allocated_name = GSS_C_NO_NAME;
+    gss_mechanism	mech;
+    gss_cred_id_t	cred = NULL;
+    gss_OID		new_mechs_array = NULL;
+    gss_cred_id_t *	new_cred_array = NULL;
+    gss_OID_set		target_mechs = GSS_C_NO_OID_SET;
+    gss_OID		selected_mech = GSS_C_NO_OID;
+
+    status = val_add_cred_impersonate_name_args(minor_status,
+						input_cred_handle,
+						impersonator_cred_handle,
+						desired_name,
+						desired_mech,
+						cred_usage,
+						initiator_time_req,
+						acceptor_time_req,
+						output_cred_handle,
+						actual_mechs,
+						initiator_time_rec,
+						acceptor_time_rec);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    status = gssint_select_mech_type(minor_status, desired_mech,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (!mech)
+	return GSS_S_BAD_MECH;
+    else if (!mech->gss_acquire_cred_impersonate_name)
+	return (GSS_S_UNAVAILABLE);
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
+	union_cred = malloc(sizeof (gss_union_cred_desc));
+	if (union_cred == NULL)
+	    return (GSS_S_FAILURE);
+
+	(void) memset(union_cred, 0, sizeof (gss_union_cred_desc));
+
+	/* for default credentials we will use GSS_C_NO_NAME */
+	internal_name = GSS_C_NO_NAME;
+    } else {
+	union_cred = (gss_union_cred_t)input_cred_handle;
+	if (gssint_get_mechanism_cred(union_cred, selected_mech) !=
+	    GSS_C_NO_CREDENTIAL)
+	    return (GSS_S_DUPLICATE_ELEMENT);
+    }
+
+    mech_impersonator_cred =
+	gssint_get_mechanism_cred((gss_union_cred_t)impersonator_cred_handle,
+				  selected_mech);
+    if (mech_impersonator_cred == GSS_C_NO_CREDENTIAL)
+	return (GSS_S_NO_CRED);
+
+    /* may need to create a mechanism specific name */
+    union_name = (gss_union_name_t)desired_name;
+    if (union_name->mech_type &&
+	g_OID_equal(union_name->mech_type, selected_mech))
+	internal_name = union_name->mech_name;
+    else {
+	if (gssint_import_internal_name(minor_status,
+					selected_mech, union_name,
+					&allocated_name) != GSS_S_COMPLETE)
+	    return (GSS_S_BAD_NAME);
+	internal_name = allocated_name;
+    }
+
+    if (cred_usage == GSS_C_ACCEPT)
+	time_req = acceptor_time_req;
+    else if (cred_usage == GSS_C_INITIATE)
+	time_req = initiator_time_req;
+    else if (cred_usage == GSS_C_BOTH)
+	time_req = (acceptor_time_req > initiator_time_req) ?
+	    acceptor_time_req : initiator_time_req;
+    else
+	time_req = 0;
+
+    status = gss_create_empty_oid_set(minor_status, &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
+    status = gss_add_oid_set_member(minor_status,
+				    gssint_get_public_oid(selected_mech),
+				    &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
+    status = mech->gss_acquire_cred_impersonate_name(minor_status,
+						     mech_impersonator_cred,
+						     internal_name,
+						     time_req,
+						     target_mechs,
+						     cred_usage,
+						     &cred,
+						     NULL,
+						     &time_rec);
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	goto errout;
+    }
+
+    /* now add the new credential elements */
+    new_mechs_array = (gss_OID)
+	malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
+
+    new_cred_array = (gss_cred_id_t *)
+	malloc(sizeof (gss_cred_id_t) * (union_cred->count+1));
+
+    if (!new_mechs_array || !new_cred_array) {
+	status = GSS_S_FAILURE;
+	goto errout;
+    }
+
+    if (acceptor_time_rec)
+	if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
+	    *acceptor_time_rec = time_rec;
+    if (initiator_time_rec)
+	if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
+	    *initiator_time_rec = time_rec;
+
+    /*
+     * OK, expand the mechanism array and the credential array
+     */
+    (void) memcpy(new_mechs_array, union_cred->mechs_array,
+		  sizeof (gss_OID_desc) * union_cred->count);
+    (void) memcpy(new_cred_array, union_cred->cred_array,
+		  sizeof (gss_cred_id_t) * union_cred->count);
+
+    new_cred_array[union_cred->count] = cred;
+    if ((new_mechs_array[union_cred->count].elements =
+	 malloc(selected_mech->length)) == NULL)
+	goto errout;
+
+    g_OID_copy(&new_mechs_array[union_cred->count], selected_mech);
+
+    if (actual_mechs != NULL) {
+	status = gssint_make_public_oid_set(minor_status, new_mechs_array,
+					    union_cred->count + 1,
+					    actual_mechs);
+	if (GSS_ERROR(status)) {
+	    free(new_mechs_array[union_cred->count].elements);
+	    goto errout;
+	}
+    }
+
+    if (output_cred_handle == NULL) {
+	free(union_cred->mechs_array);
+	free(union_cred->cred_array);
+	new_union_cred = union_cred;
+    } else {
+	new_union_cred = malloc(sizeof (gss_union_cred_desc));
+	if (new_union_cred == NULL) {
+	    free(new_mechs_array[union_cred->count].elements);
+	    goto errout;
+	}
+	*new_union_cred = *union_cred;
+	*output_cred_handle = (gss_cred_id_t)new_union_cred;
+    }
+
+    new_union_cred->mechs_array = new_mechs_array;
+    new_union_cred->cred_array = new_cred_array;
+    new_union_cred->count++;
+    new_union_cred->loopback = new_union_cred;
+
+    /* We're done with the internal name. Free it if we allocated it. */
+
+    if (allocated_name)
+	(void) gssint_release_internal_name(&temp_minor_status, selected_mech,
+					   &allocated_name);
+
+    if (target_mechs)
+	(void) gss_release_oid_set(&temp_minor_status, &target_mechs);
+
+    return (GSS_S_COMPLETE);
+
+errout:
+    if (new_mechs_array)
+	free(new_mechs_array);
+    if (new_cred_array)
+	free(new_cred_array);
+
+    if (cred != NULL && mech->gss_release_cred)
+	mech->gss_release_cred(&temp_minor_status, &cred);
+
+    if (allocated_name)
+	(void) gssint_release_internal_name(&temp_minor_status,
+					    selected_mech, &allocated_name);
+
+    if (target_mechs)
+	(void) gss_release_oid_set(&temp_minor_status, &target_mechs);
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
+	free(union_cred);
+
+    return (status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
new file mode 100644
index 00000000..cc34acc2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
@@ -0,0 +1,524 @@
+/* #pragma ident	"@(#)g_acquire_cred.c	1.22	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_acquire_cred_with_password
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+static OM_uint32
+val_acq_cred_pw_args(
+    OM_uint32 *minor_status,
+    const gss_name_t desired_name,
+    const gss_buffer_t password,
+    OM_uint32 time_req,
+    const gss_OID_set desired_mechs,
+    int cred_usage,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_cred_handle != NULL)
+	*output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    if (actual_mechs != NULL)
+	*actual_mechs = GSS_C_NULL_OID_SET;
+
+    if (time_rec != NULL)
+	*time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (desired_name == GSS_C_NO_NAME)
+	return (GSS_S_BAD_NAME);
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (output_cred_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    if (password == GSS_C_NO_BUFFER ||
+        password->length == 0 ||
+        password->value == NULL) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_with_password(
+    minor_status,
+    desired_name,
+    password,
+    time_req,
+    desired_mechs,
+    cred_usage,
+    output_cred_handle,
+    actual_mechs,
+    time_rec)
+
+OM_uint32 *		minor_status;
+const gss_name_t	desired_name;
+const gss_buffer_t	password;
+OM_uint32		time_req;
+const gss_OID_set	desired_mechs;
+int			cred_usage;
+gss_cred_id_t *		output_cred_handle;
+gss_OID_set *		actual_mechs;
+OM_uint32 *		time_rec;
+{
+    OM_uint32 major = GSS_S_FAILURE;
+    OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE;
+    gss_OID_set_desc default_OID_set;
+    gss_OID_set mechs;
+    gss_OID_desc default_OID;
+    gss_mechanism mech;
+    unsigned int i;
+    gss_union_cred_t creds;
+
+    major = val_acq_cred_pw_args(minor_status,
+			         desired_name,
+			         password,
+			         time_req,
+			         desired_mechs,
+			         cred_usage,
+			         output_cred_handle,
+			         actual_mechs,
+			         time_rec);
+    if (major != GSS_S_COMPLETE)
+	return (major);
+
+    /* Initial value needed below. */
+    major = GSS_S_FAILURE;
+
+    /*
+     * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an
+     * appropriate default.  We use the first mechanism in the
+     * mechanism list as the default. This set is created with
+     * statics thus needs not be freed
+     */
+    if(desired_mechs == GSS_C_NULL_OID_SET) {
+	mech = gssint_get_mechanism(NULL);
+	if (mech == NULL)
+	    return (GSS_S_BAD_MECH);
+
+	mechs = &default_OID_set;
+	default_OID_set.count = 1;
+	default_OID_set.elements = &default_OID;
+	default_OID.length = mech->mech_type.length;
+	default_OID.elements = mech->mech_type.elements;
+    } else
+	mechs = desired_mechs;
+
+    if (mechs->count == 0)
+	return (GSS_S_BAD_MECH);
+
+    /* allocate the output credential structure */
+    creds = (gss_union_cred_t)malloc(sizeof (gss_union_cred_desc));
+    if (creds == NULL)
+	return (GSS_S_FAILURE);
+
+    /* initialize to 0s */
+    (void) memset(creds, 0, sizeof (gss_union_cred_desc));
+    creds->loopback = creds;
+
+    /* for each requested mech attempt to obtain a credential */
+    for (i = 0; i < mechs->count; i++) {
+	major = gss_add_cred_with_password(minor_status, (gss_cred_id_t)creds,
+			     desired_name,
+			     &mechs->elements[i],
+			     password,
+			     cred_usage, time_req, time_req, NULL,
+			     NULL, &initTimeOut, &acceptTimeOut);
+	if (major == GSS_S_COMPLETE) {
+	    /* update the credential's time */
+	    if (cred_usage == GSS_C_ACCEPT) {
+		if (outTime > acceptTimeOut)
+		    outTime = acceptTimeOut;
+	    } else if (cred_usage == GSS_C_INITIATE) {
+		if (outTime > initTimeOut)
+		    outTime = initTimeOut;
+	    } else {
+		/*
+		 * time_rec is the lesser of the
+		 * init/accept times
+		 */
+		if (initTimeOut > acceptTimeOut)
+		    outTime = (outTime > acceptTimeOut) ?
+			acceptTimeOut : outTime;
+		else
+		    outTime = (outTime > initTimeOut) ?
+			initTimeOut : outTime;
+	    }
+	}
+    } /* for */
+
+    /* ensure that we have at least one credential element */
+    if (creds->count < 1) {
+	free(creds);
+	return (major);
+    }
+
+    /*
+     * fill in output parameters
+     * setup the actual mechs output parameter
+     */
+    if (actual_mechs != NULL) {
+	major = gssint_make_public_oid_set(minor_status, creds->mechs_array,
+					   creds->count, actual_mechs);
+	if (GSS_ERROR(major)) {
+	    (void) gss_release_cred(minor_status,
+				    (gss_cred_id_t *)&creds);
+	    return (major);
+	}
+    }
+
+    if (time_rec)
+	*time_rec = outTime;
+
+
+    creds->loopback = creds;
+    *output_cred_handle = (gss_cred_id_t)creds;
+    return (GSS_S_COMPLETE);
+}
+
+static OM_uint32
+val_add_cred_pw_args(
+    OM_uint32 *minor_status,
+    gss_cred_id_t input_cred_handle,
+    const gss_name_t desired_name,
+    const gss_OID desired_mech,
+    const gss_buffer_t password,
+    gss_cred_usage_t cred_usage,
+    OM_uint32 initiator_time_req,
+    OM_uint32 acceptor_time_req,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *initiator_time_rec,
+    OM_uint32 *acceptor_time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_cred_handle != NULL)
+	*output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    if (actual_mechs != NULL)
+	*actual_mechs = GSS_C_NO_OID_SET;
+
+    if (acceptor_time_rec != NULL)
+	*acceptor_time_rec = 0;
+
+    if (initiator_time_rec != NULL)
+	*initiator_time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (desired_name == GSS_C_NO_NAME)
+	return (GSS_S_BAD_NAME);
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
+	output_cred_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
+
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+    if (password == GSS_C_NO_BUFFER ||
+        password->length == 0 ||
+        password->value == NULL) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
+
+    return (GSS_S_COMPLETE);
+}
+
+
+/* V2 KRB5_CALLCONV */
+OM_uint32 KRB5_CALLCONV
+gss_add_cred_with_password(minor_status, input_cred_handle,
+		  desired_name, desired_mech, password, cred_usage,
+		  initiator_time_req, acceptor_time_req,
+		  output_cred_handle, actual_mechs,
+		  initiator_time_rec, acceptor_time_rec)
+    OM_uint32		*minor_status;
+    const gss_cred_id_t	input_cred_handle;
+    const gss_name_t	desired_name;
+    const gss_OID	desired_mech;
+    const gss_buffer_t	password;
+    gss_cred_usage_t	cred_usage;
+    OM_uint32		initiator_time_req;
+    OM_uint32		acceptor_time_req;
+    gss_cred_id_t	*output_cred_handle;
+    gss_OID_set		*actual_mechs;
+    OM_uint32		*initiator_time_rec;
+    OM_uint32		*acceptor_time_rec;
+{
+    OM_uint32		status, temp_minor_status;
+    OM_uint32		time_req, time_rec;
+    gss_union_name_t	union_name;
+    gss_union_cred_t	new_union_cred, union_cred;
+    gss_name_t		internal_name = GSS_C_NO_NAME;
+    gss_name_t		allocated_name = GSS_C_NO_NAME;
+    gss_mechanism       mech;
+    gss_cred_id_t	cred = NULL;
+    gss_OID		new_mechs_array = NULL;
+    gss_cred_id_t *	new_cred_array = NULL;
+    gss_OID_set		target_mechs = GSS_C_NO_OID_SET;
+    gss_OID		selected_mech = GSS_C_NO_OID;
+
+    status = val_add_cred_pw_args(minor_status,
+			          input_cred_handle,
+			          desired_name,
+			          desired_mech,
+			          password,
+			          cred_usage,
+			          initiator_time_req,
+			          acceptor_time_req,
+			          output_cred_handle,
+			          actual_mechs,
+			          initiator_time_rec,
+			          acceptor_time_rec);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    status = gssint_select_mech_type(minor_status, desired_mech,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (!mech)
+	return GSS_S_BAD_MECH;
+    if (!mech->gssspi_acquire_cred_with_password)
+	return GSS_S_UNAVAILABLE;
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
+	union_cred = malloc(sizeof (gss_union_cred_desc));
+	if (union_cred == NULL)
+	    return (GSS_S_FAILURE);
+
+	(void) memset(union_cred, 0, sizeof (gss_union_cred_desc));
+
+	/* for default credentials we will use GSS_C_NO_NAME */
+	internal_name = GSS_C_NO_NAME;
+    } else {
+	union_cred = (gss_union_cred_t)input_cred_handle;
+	if (gssint_get_mechanism_cred(union_cred, selected_mech) !=
+	    GSS_C_NO_CREDENTIAL)
+	    return (GSS_S_DUPLICATE_ELEMENT);
+    }
+
+    /* may need to create a mechanism specific name */
+    union_name = (gss_union_name_t)desired_name;
+    if (union_name->mech_type &&
+	g_OID_equal(union_name->mech_type, selected_mech))
+	internal_name = union_name->mech_name;
+    else {
+	if (gssint_import_internal_name(minor_status,
+					selected_mech, union_name,
+					&allocated_name) != GSS_S_COMPLETE)
+	    return (GSS_S_BAD_NAME);
+	internal_name = allocated_name;
+    }
+
+    if (cred_usage == GSS_C_ACCEPT)
+	time_req = acceptor_time_req;
+    else if (cred_usage == GSS_C_INITIATE)
+	time_req = initiator_time_req;
+    else if (cred_usage == GSS_C_BOTH)
+	time_req = (acceptor_time_req > initiator_time_req) ?
+	    acceptor_time_req : initiator_time_req;
+    else
+	time_req = 0;
+
+    status = gss_create_empty_oid_set(minor_status, &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
+    status = gss_add_oid_set_member(minor_status,
+				    gssint_get_public_oid(selected_mech),
+				    &target_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto errout;
+
+    status = mech->gssspi_acquire_cred_with_password(minor_status,
+						     internal_name,
+						     password,
+						     time_req,
+						     target_mechs,
+						     cred_usage,
+						     &cred,
+						     NULL,
+						     &time_rec);
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	goto errout;
+    }
+
+    /* now add the new credential elements */
+    new_mechs_array = (gss_OID)
+	malloc(sizeof (gss_OID_desc) * (union_cred->count+1));
+
+    new_cred_array = (gss_cred_id_t *)
+	malloc(sizeof (gss_cred_id_t) * (union_cred->count+1));
+
+    if (!new_mechs_array || !new_cred_array) {
+	status = GSS_S_FAILURE;
+	goto errout;
+    }
+
+    if (acceptor_time_rec)
+	if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH)
+	    *acceptor_time_rec = time_rec;
+    if (initiator_time_rec)
+	if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH)
+	    *initiator_time_rec = time_rec;
+
+    /*
+     * OK, expand the mechanism array and the credential array
+     */
+    (void) memcpy(new_mechs_array, union_cred->mechs_array,
+		  sizeof (gss_OID_desc) * union_cred->count);
+    (void) memcpy(new_cred_array, union_cred->cred_array,
+		  sizeof (gss_cred_id_t) * union_cred->count);
+
+    new_cred_array[union_cred->count] = cred;
+    if ((new_mechs_array[union_cred->count].elements =
+	 malloc(selected_mech->length)) == NULL)
+	goto errout;
+
+    g_OID_copy(&new_mechs_array[union_cred->count], selected_mech);
+
+    if (actual_mechs != NULL) {
+	status = gssint_make_public_oid_set(minor_status, new_mechs_array,
+					    union_cred->count + 1,
+					    actual_mechs);
+	if (GSS_ERROR(status)) {
+	    free(new_mechs_array[union_cred->count].elements);
+	    goto errout;
+	}
+    }
+
+    if (output_cred_handle == NULL) {
+	free(union_cred->mechs_array);
+	free(union_cred->cred_array);
+	new_union_cred = union_cred;
+    } else {
+	new_union_cred = malloc(sizeof (gss_union_cred_desc));
+	if (new_union_cred == NULL) {
+	    free(new_mechs_array[union_cred->count].elements);
+	    goto errout;
+	}
+	*new_union_cred = *union_cred;
+	*output_cred_handle = (gss_cred_id_t)new_union_cred;
+    }
+
+    new_union_cred->mechs_array = new_mechs_array;
+    new_union_cred->cred_array = new_cred_array;
+    new_union_cred->count++;
+    new_union_cred->loopback = new_union_cred;
+
+    /* We're done with the internal name. Free it if we allocated it. */
+
+    if (allocated_name)
+	(void) gssint_release_internal_name(&temp_minor_status,
+					    selected_mech,
+					   &allocated_name);
+
+    if (target_mechs)
+	(void)gss_release_oid_set(&temp_minor_status, &target_mechs);
+
+    return (GSS_S_COMPLETE);
+
+errout:
+    if (new_mechs_array)
+	free(new_mechs_array);
+    if (new_cred_array)
+	free(new_cred_array);
+
+    if (cred != NULL && mech->gss_release_cred)
+	mech->gss_release_cred(&temp_minor_status, &cred);
+
+    if (allocated_name)
+	(void) gssint_release_internal_name(&temp_minor_status,
+					    selected_mech, &allocated_name);
+
+    if (target_mechs)
+	(void)gss_release_oid_set(&temp_minor_status, &target_mechs);
+
+    if (input_cred_handle == GSS_C_NO_CREDENTIAL && union_cred)
+	free(union_cred);
+
+    return (status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_authorize_localname.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_authorize_localname.c
new file mode 100644
index 00000000..b6fc54da
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_authorize_localname.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright (c) 2011, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* #pragma ident	"@(#)g_userok.c	1.1	04/03/25 SMI" */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <mglueP.h>
+#include <gssapi/gssapi.h>
+
+static OM_uint32
+mech_authorize_localname(OM_uint32 *minor,
+			 const gss_union_name_t unionName,
+			 const gss_union_name_t unionUser)
+{
+	OM_uint32 major = GSS_S_UNAVAILABLE;
+	gss_mechanism mech;
+
+	if (unionName->mech_type == GSS_C_NO_OID)
+		return (GSS_S_NAME_NOT_MN);
+
+	mech = gssint_get_mechanism(unionName->mech_type);
+	if (mech == NULL)
+		return (GSS_S_UNAVAILABLE);
+
+	if (mech->gssspi_authorize_localname != NULL) {
+		major = mech->gssspi_authorize_localname(minor,
+							 unionName->mech_name,
+							 unionUser->external_name,
+							 unionUser->name_type);
+		if (major != GSS_S_COMPLETE)
+			map_error(minor, mech);
+	}
+
+	return (major);
+}
+
+/*
+ * Naming extensions based local login authorization.
+ */
+static OM_uint32
+attr_authorize_localname(OM_uint32 *minor,
+			 const gss_name_t name,
+			 const gss_union_name_t unionUser)
+{
+	OM_uint32 major = GSS_S_UNAVAILABLE; /* attribute not present */
+	gss_buffer_t externalName;
+	int more = -1;
+
+	if (unionUser->name_type != GSS_C_NO_OID &&
+	    !g_OID_equal(unionUser->name_type, GSS_C_NT_USER_NAME))
+		return (GSS_S_BAD_NAMETYPE);
+
+	externalName = unionUser->external_name;
+	assert(externalName != GSS_C_NO_BUFFER);
+
+	while (more != 0 && major != GSS_S_COMPLETE) {
+		OM_uint32 tmpMajor, tmpMinor;
+		gss_buffer_desc value;
+		gss_buffer_desc display_value;
+		int authenticated = 0, complete = 0;
+
+		tmpMajor = gss_get_name_attribute(minor,
+						  name,
+						  GSS_C_ATTR_LOCAL_LOGIN_USER,
+						  &authenticated,
+						  &complete,
+						  &value,
+						  &display_value,
+						  &more);
+		if (GSS_ERROR(tmpMajor)) {
+			major = tmpMajor;
+			break;
+		}
+
+		if (authenticated &&
+		    value.length == externalName->length &&
+		    memcmp(value.value, externalName->value, externalName->length) == 0)
+			major = GSS_S_COMPLETE;
+		else
+			major = GSS_S_UNAUTHORIZED;
+
+		gss_release_buffer(&tmpMinor, &value);
+		gss_release_buffer(&tmpMinor, &display_value);
+	}
+
+	return (major);
+}
+
+/*
+ * Equality based local login authorization.
+ */
+static OM_uint32
+compare_names_authorize_localname(OM_uint32 *minor,
+				 const gss_union_name_t unionName,
+				 const gss_name_t user)
+{
+
+	OM_uint32 status, tmpMinor;
+	gss_name_t canonName;
+	int match = 0;
+
+	status = gss_canonicalize_name(minor,
+				       user,
+				       unionName->mech_type,
+				       &canonName);
+	if (status != GSS_S_COMPLETE)
+		return (status);
+
+	status = gss_compare_name(minor,
+				  (gss_name_t)unionName,
+				  canonName,
+				  &match);
+	if (status == GSS_S_COMPLETE && match == 0)
+		status = GSS_S_UNAUTHORIZED;
+
+	(void) gss_release_name(&tmpMinor, &canonName);
+
+	return (status);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_authorize_localname(OM_uint32 *minor,
+			const gss_name_t name,
+			const gss_name_t user)
+
+{
+	OM_uint32 major;
+	gss_union_name_t unionName;
+	gss_union_name_t unionUser;
+	int mechAvailable = 0;
+
+	if (minor == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+	*minor = 0;
+
+	if (name == GSS_C_NO_NAME || user == GSS_C_NO_NAME)
+		return (GSS_S_CALL_INACCESSIBLE_READ);
+
+	unionName = (gss_union_name_t)name;
+	unionUser = (gss_union_name_t)user;
+
+	if (unionUser->mech_type != GSS_C_NO_OID)
+		return (GSS_S_BAD_NAME);
+
+	/* If mech returns yes, we return yes */
+	major = mech_authorize_localname(minor, unionName, unionUser);
+	if (major == GSS_S_COMPLETE)
+		return (GSS_S_COMPLETE);
+	else if (major != GSS_S_UNAVAILABLE)
+		mechAvailable = 1;
+
+	/* If attribute exists, we evaluate attribute */
+	major = attr_authorize_localname(minor, unionName, unionUser);
+	if (major == GSS_S_COMPLETE || major == GSS_S_UNAUTHORIZED)
+		return (major);
+
+	/* If mech did not implement SPI, compare the local name */
+	if (mechAvailable == 0 &&
+	    unionName->mech_type != GSS_C_NO_OID) {
+		major = compare_names_authorize_localname(minor,
+							  unionName,
+							  unionUser);
+	}
+
+	return (major);
+}
+
+int KRB5_CALLCONV
+gss_userok(const gss_name_t name,
+	   const char *user)
+{
+	OM_uint32 major, minor;
+	gss_buffer_desc userBuf;
+	gss_name_t userName;
+
+	userBuf.value = (void *)user;
+	userBuf.length = strlen(user);
+
+	major = gss_import_name(&minor, &userBuf, GSS_C_NT_USER_NAME, &userName);
+	if (GSS_ERROR(major))
+		return (0);
+
+	major = gss_authorize_localname(&minor, name, userName);
+
+	(void) gss_release_name(&minor, &userName);
+
+	return (major == GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_buffer_set.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_buffer_set.c
new file mode 100644
index 00000000..9310ddb4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_buffer_set.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set
+	   (OM_uint32 * minor_status,
+	    gss_buffer_set_t *buffer_set)
+{
+    return generic_gss_create_empty_buffer_set(minor_status, buffer_set);
+}
+
+OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member
+	   (OM_uint32 * minor_status,
+	    const gss_buffer_t member_buffer,
+	    gss_buffer_set_t *buffer_set)
+{
+    return generic_gss_add_buffer_set_member(minor_status,
+					     member_buffer,
+					     buffer_set);
+}
+
+OM_uint32 KRB5_CALLCONV gss_release_buffer_set
+	   (OM_uint32 * minor_status,
+	    gss_buffer_set_t *buffer_set)
+{
+    return generic_gss_release_buffer_set(minor_status, buffer_set);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c
new file mode 100644
index 00000000..61f657f9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* #pragma ident	"@(#)g_canon_name.c	1.15	04/02/23 SMI" */
+
+/*
+ * routine gss_canonicalize_name
+ *
+ * This routine is used to produce a mechanism specific
+ * representation of name that has been previously
+ * imported with gss_import_name.  The routine uses the mechanism
+ * specific implementation of gss_import_name to implement this
+ * function.
+ *
+ * We allow a NULL output_name, in which case we modify the
+ * input_name to include the mechanism specific name.
+ */
+
+#include <mglueP.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+static OM_uint32
+val_canon_name_args(
+	OM_uint32 *minor_status,
+	const gss_name_t input_name,
+	const gss_OID mech_type,
+	gss_name_t *output_name)
+{
+
+	/* Initialize outputs. */
+
+	if (minor_status != NULL)
+		*minor_status = 0;
+
+	if (output_name != NULL)
+		*output_name = GSS_C_NO_NAME;
+
+	/* Validate arguments. */
+
+	if (minor_status == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	if (input_name == GSS_C_NO_NAME || mech_type == GSS_C_NULL_OID)
+		return (GSS_S_CALL_INACCESSIBLE_READ);
+
+	return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_canonicalize_name(minor_status,
+				input_name,
+				mech_type,
+				output_name)
+OM_uint32 *minor_status;
+const gss_name_t input_name;
+const gss_OID mech_type;
+gss_name_t *output_name;
+{
+	gss_union_name_t in_union, out_union = NULL, dest_union = NULL;
+	OM_uint32 major_status = GSS_S_FAILURE, tmpmin;
+	gss_OID selected_mech;
+
+	major_status = val_canon_name_args(minor_status,
+					   input_name,
+					   mech_type,
+					   output_name);
+	if (major_status != GSS_S_COMPLETE)
+		return (major_status);
+
+	major_status = gssint_select_mech_type(minor_status, mech_type,
+					       &selected_mech);
+	if (major_status != GSS_S_COMPLETE)
+		return (major_status);
+
+	/* Initial value needed below. */
+	major_status = GSS_S_FAILURE;
+
+	in_union = (gss_union_name_t)input_name;
+	/*
+	 * If the caller wants to reuse the name, and the name has already
+	 * been converted, then there is nothing for us to do.
+	 */
+	if (!output_name && in_union->mech_type &&
+	    g_OID_equal(in_union->mech_type, selected_mech))
+		return (GSS_S_COMPLETE);
+
+	/* ok, then we need to do something - start by creating data struct */
+	if (output_name) {
+		out_union =
+			(gss_union_name_t)malloc(sizeof (gss_union_name_desc));
+		if (!out_union)
+			goto allocation_failure;
+
+		out_union->mech_type = 0;
+		out_union->mech_name = 0;
+		out_union->name_type = 0;
+		out_union->external_name = 0;
+		out_union->loopback = out_union;
+
+		/* Allocate the buffer for the user specified representation */
+		if (gssint_create_copy_buffer(in_union->external_name,
+				&out_union->external_name, 1))
+			goto allocation_failure;
+
+		if (in_union->name_type != GSS_C_NULL_OID) {
+		    major_status = generic_gss_copy_oid(minor_status,
+							in_union->name_type,
+							&out_union->name_type);
+		    if (major_status) {
+			map_errcode(minor_status);
+			goto allocation_failure;
+		    }
+		}
+
+	}
+
+	/*
+	 * might need to delete any old mechanism names if we are
+	 * reusing the buffer.
+	 */
+	if (!output_name) {
+		if (in_union->mech_type) {
+			(void) gssint_release_internal_name(minor_status,
+							in_union->mech_type,
+							&in_union->mech_name);
+			(void) gss_release_oid(minor_status,
+					    &in_union->mech_type);
+			in_union->mech_type = 0;
+		}
+		dest_union = in_union;
+	} else
+		dest_union = out_union;
+
+	/* now let's create the new mech name */
+	if ((major_status = generic_gss_copy_oid(minor_status, selected_mech,
+						 &dest_union->mech_type))) {
+	    map_errcode(minor_status);
+	    goto allocation_failure;
+	}
+
+	if ((major_status =
+		gssint_import_internal_name(minor_status, selected_mech,
+						in_union,
+						&dest_union->mech_name)))
+		goto allocation_failure;
+
+	if (output_name)
+		*output_name = (gss_name_t)dest_union;
+
+	return (GSS_S_COMPLETE);
+
+allocation_failure:
+	if (out_union) {
+	    /* Release the partly constructed out_union. */
+	    gss_name_t name = (gss_name_t)out_union;
+	    (void) gss_release_name(&tmpmin, &name);
+	} else if (!output_name) {
+	    /* Release only the mech name fields in in_union. */
+	    if (in_union->mech_name) {
+		(void) gssint_release_internal_name(&tmpmin,
+						    dest_union->mech_type,
+						    &dest_union->mech_name);
+	    }
+	    if (in_union->mech_type)
+		(void) gss_release_oid(&tmpmin, &dest_union->mech_type);
+	}
+
+	return (major_status);
+} /**********  gss_canonicalize_name ********/
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_compare_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_compare_name.c
new file mode 100644
index 00000000..af2e76bb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_compare_name.c
@@ -0,0 +1,210 @@
+/* #pragma ident	"@(#)g_compare_name.c	1.16	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_compare_name
+ *
+ */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_comp_name_args(
+    OM_uint32 *minor_status,
+    gss_name_t name1,
+    gss_name_t name2,
+    int *name_equal)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    /* Validate arguments. */
+
+    if (name1 == GSS_C_NO_NAME || name2 == GSS_C_NO_NAME)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    if (name_equal == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_compare_name (minor_status,
+                  name1,
+                  name2,
+                  name_equal)
+
+OM_uint32 *		minor_status;
+gss_name_t		name1;
+gss_name_t		name2;
+int *			name_equal;
+
+{
+    OM_uint32		major_status, temp_minor;
+    gss_union_name_t	union_name1, union_name2;
+    gss_mechanism	mech = NULL;
+    gss_name_t		internal_name;
+
+    major_status = val_comp_name_args(minor_status,
+				      name1, name2, name_equal);
+    if (major_status != GSS_S_COMPLETE)
+	return (major_status);
+
+    union_name1 = (gss_union_name_t) name1;
+    union_name2 = (gss_union_name_t) name2;
+    /*
+     * Try our hardest to make union_name1 be the mechanism-specific
+     * name.  (Of course we can't if both names aren't
+     * mechanism-specific.)
+     */
+    if (union_name1->mech_type == 0) {
+	union_name1 = (gss_union_name_t) name2;
+	union_name2 = (gss_union_name_t) name1;
+    }
+    /*
+     * If union_name1 is mechanism specific, then fetch its mechanism
+     * information.
+     */
+    if (union_name1->mech_type) {
+	mech = gssint_get_mechanism (union_name1->mech_type);
+	if (!mech)
+	    return (GSS_S_BAD_MECH);
+	if (!mech->gss_compare_name)
+			return (GSS_S_UNAVAILABLE);
+    }
+
+    *name_equal = 0;		/* Default to *not* equal.... */
+
+    /*
+     * First case... both names are mechanism-specific
+     */
+    if (union_name1->mech_type && union_name2->mech_type) {
+	if (!g_OID_equal(union_name1->mech_type, union_name2->mech_type))
+	    return (GSS_S_COMPLETE);
+	if ((union_name1->mech_name == 0) || (union_name2->mech_name == 0))
+	    /* should never happen */
+	    return (GSS_S_BAD_NAME);
+	if (!mech)
+	    return (GSS_S_BAD_MECH);
+	if (!mech->gss_compare_name)
+	    return (GSS_S_UNAVAILABLE);
+	major_status = mech->gss_compare_name(minor_status,
+					      union_name1->mech_name,
+					      union_name2->mech_name,
+					      name_equal);
+	if (major_status != GSS_S_COMPLETE)
+	    map_error(minor_status, mech);
+	return major_status;
+    }
+
+    /*
+     * Second case... both names are NOT mechanism specific.
+     *
+     * All we do here is make sure the two name_types are equal and then
+     * that the external_names are equal. Note the we do not take care
+     * of the case where two different external names map to the same
+     * internal name. We cannot determine this, since we as yet do not
+     * know what mechanism to use for calling the underlying
+     * gss_import_name().
+     */
+    if (!union_name1->mech_type && !union_name2->mech_type) {
+		/*
+		 * Second case, first sub-case... one name has null
+		 * name_type, the other doesn't.
+		 *
+		 * Not knowing a mech_type we can't import the name with
+		 * null name_type so we can't compare.
+		 */
+		if ((union_name1->name_type == GSS_C_NULL_OID &&
+		    union_name2->name_type != GSS_C_NULL_OID) ||
+		    (union_name1->name_type != GSS_C_NULL_OID &&
+		    union_name2->name_type == GSS_C_NULL_OID))
+			return (GSS_S_COMPLETE);
+		/*
+		 * Second case, second sub-case... both names have
+		 * name_types, but they are different.
+		 */
+		if ((union_name1->name_type != GSS_C_NULL_OID &&
+		    union_name2->name_type != GSS_C_NULL_OID) &&
+		    !g_OID_equal(union_name1->name_type,
+					union_name2->name_type))
+	    return (GSS_S_COMPLETE);
+		/*
+		 * Second case, third sub-case... both names have equal
+		 * name_types (and both have no mech_types) so we just
+		 * compare the external_names.
+		 */
+	if ((union_name1->external_name->length !=
+	     union_name2->external_name->length) ||
+	    (memcmp(union_name1->external_name->value,
+		    union_name2->external_name->value,
+		    union_name1->external_name->length) != 0))
+	    return (GSS_S_COMPLETE);
+	*name_equal = 1;
+	return (GSS_S_COMPLETE);
+    }
+
+    /*
+     * Final case... one name is mechanism specific, the other isn't.
+     *
+     * We attempt to convert the general name to the mechanism type of
+     * the mechanism-specific name, and then do the compare.  If we
+     * can't import the general name, then we return that the name is
+     * _NOT_ equal.
+     */
+    if (union_name2->mech_type) {
+	/* We make union_name1 the mechanism specific name. */
+	union_name1 = (gss_union_name_t) name2;
+	union_name2 = (gss_union_name_t) name1;
+    }
+    major_status = gssint_import_internal_name(minor_status,
+					      union_name1->mech_type,
+					      union_name2,
+					      &internal_name);
+    if (major_status != GSS_S_COMPLETE)
+	return (GSS_S_COMPLETE); /* return complete, but not equal */
+
+    if (!mech)
+	return (GSS_S_BAD_MECH);
+    if (!mech->gss_compare_name)
+	return (GSS_S_UNAVAILABLE);
+    major_status = mech->gss_compare_name(minor_status,
+					  union_name1->mech_name,
+					  internal_name, name_equal);
+    if (major_status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
+    gssint_release_internal_name(&temp_minor, union_name1->mech_type,
+				&internal_name);
+    return (major_status);
+
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_complete_auth_token.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_complete_auth_token.c
new file mode 100644
index 00000000..4f028a77
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_complete_auth_token.c
@@ -0,0 +1,77 @@
+/* #ident  "@(#)gss_seal.c 1.10     95/08/07 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_complete_auth_token
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+OM_uint32 KRB5_CALLCONV
+gss_complete_auth_token (OM_uint32 *minor_status,
+	                 const gss_ctx_id_t context_handle,
+	                 gss_buffer_t input_message_buffer)
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+    if (input_message_buffer == GSS_C_NO_BUFFER)
+	return GSS_S_CALL_INACCESSIBLE_READ;
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return GSS_S_NO_CONTEXT;
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return GSS_S_NO_CONTEXT;
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech != NULL) {
+	if (mech->gss_complete_auth_token != NULL) {
+	    status = mech->gss_complete_auth_token(minor_status,
+						   ctx->internal_ctx_id,
+						   input_message_buffer);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_COMPLETE;
+    } else
+	status = GSS_S_BAD_MECH;
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_context_time.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_context_time.c
new file mode 100644
index 00000000..c947e764
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_context_time.c
@@ -0,0 +1,81 @@
+/* #pragma ident	"@(#)g_context_time.c	1.12	98/01/22 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routines for gss_context_time
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_context_time (minor_status,
+                  context_handle,
+                  time_rec)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+OM_uint32 *		time_rec;
+
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *minor_status = 0;
+
+    if (time_rec == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+
+	if (mech->gss_context_time) {
+	    status = mech->gss_context_time(
+					    minor_status,
+					    ctx->internal_ctx_id,
+					    time_rec);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_decapsulate_token.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_decapsulate_token.c
new file mode 100644
index 00000000..1c04e2f2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_decapsulate_token.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2011, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_decapsulate_token(gss_const_buffer_t input_token,
+                      gss_const_OID token_oid,
+                      gss_buffer_t output_token)
+{
+    OM_uint32 minor;
+    unsigned int body_size = 0;
+    unsigned char *buf_in;
+
+    if (input_token == GSS_C_NO_BUFFER || token_oid == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (output_token == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    buf_in = input_token->value;
+
+    minor = g_verify_token_header(token_oid, &body_size, &buf_in,
+                                  -1, input_token->length,
+                                  G_VFY_TOKEN_HDR_WRAPPER_REQUIRED);
+    if (minor != 0)
+        return GSS_S_DEFECTIVE_TOKEN;
+
+    output_token->value = gssalloc_malloc(body_size);
+    if (output_token->value == NULL)
+        return GSS_S_FAILURE;
+
+    memcpy(output_token->value, buf_in, body_size);
+    output_token->length = body_size;
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_del_name_attr.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_del_name_attr.c
new file mode 100644
index 00000000..21f15681
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_del_name_attr.c
@@ -0,0 +1,65 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_delete_name_attribute */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_delete_name_attribute(OM_uint32 *minor_status,
+                          gss_name_t name,
+                          gss_buffer_t attr)
+{
+    OM_uint32           status;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID)
+        return GSS_S_UNAVAILABLE;
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL)
+        return GSS_S_BAD_NAME;
+
+    if (mech->gss_delete_name_attribute == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = (*mech->gss_delete_name_attribute)(minor_status,
+                                                union_name->mech_name,
+                                                attr);
+    if (status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_delete_sec_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_delete_sec_context.c
new file mode 100644
index 00000000..574ff029
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_delete_sec_context.c
@@ -0,0 +1,106 @@
+/* #pragma ident	"@(#)g_delete_sec_context.c	1.11	97/11/09 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_delete_sec_context
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+static OM_uint32
+val_del_sec_ctx_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    gss_buffer_t output_token)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_token != GSS_C_NO_BUFFER) {
+	output_token->length = 0;
+	output_token->value = NULL;
+    }
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_delete_sec_context (minor_status,
+                        context_handle,
+                        output_token)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t *		context_handle;
+gss_buffer_t		output_token;
+
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+
+    status = val_del_sec_ctx_args(minor_status, context_handle, output_token);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) *context_handle;
+    if (GSSINT_CHK_LOOP(ctx))
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (ctx->internal_ctx_id != GSS_C_NO_CONTEXT) {
+	status = gssint_delete_internal_sec_context(minor_status,
+						    ctx->mech_type,
+						    &ctx->internal_ctx_id,
+						    output_token);
+	if (status)
+	    return status;
+    }
+
+    /* now free up the space for the union context structure */
+    free(ctx->mech_type->elements);
+    free(ctx->mech_type);
+    free(*context_handle);
+    *context_handle = GSS_C_NO_CONTEXT;
+
+    return (GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_name.c
new file mode 100644
index 00000000..21867c81
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_name.c
@@ -0,0 +1,118 @@
+/* #pragma ident	"@(#)g_dsp_name.c	1.13	04/02/23 SMI" */
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_display_name()
+ *
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_dsp_name_args(
+    OM_uint32 *minor_status,
+    gss_name_t input_name,
+    gss_buffer_t output_name_buffer,
+    gss_OID *output_name_type)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_name_buffer != GSS_C_NO_BUFFER) {
+	output_name_buffer->length = 0;
+	output_name_buffer->value = NULL;
+    }
+
+    if (output_name_type != NULL)
+	*output_name_type = GSS_C_NO_OID;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (output_name_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (input_name == GSS_C_NO_NAME)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_display_name (minor_status,
+                  input_name,
+                  output_name_buffer,
+                  output_name_type)
+
+OM_uint32 *		minor_status;
+gss_name_t		input_name;
+gss_buffer_t		output_name_buffer;
+gss_OID *		output_name_type;
+
+{
+    OM_uint32		major_status;
+    gss_union_name_t	union_name;
+
+    major_status = val_dsp_name_args(minor_status, input_name,
+				     output_name_buffer, output_name_type);
+    if (major_status != GSS_S_COMPLETE)
+	return (major_status);
+
+    union_name = (gss_union_name_t) input_name;
+
+    if (union_name->mech_type) {
+	/*
+	 * OK, we have a mechanism-specific name; let's use it!
+	 */
+	return (gssint_display_internal_name(minor_status,
+					    union_name->mech_type,
+					    union_name->mech_name,
+					    output_name_buffer,
+					    output_name_type));
+    }
+
+    if ((output_name_buffer->value =
+	 gssalloc_malloc(union_name->external_name->length + 1)) == NULL)
+	return (GSS_S_FAILURE);
+    output_name_buffer->length = union_name->external_name->length;
+    (void) memcpy(output_name_buffer->value,
+		  union_name->external_name->value,
+		  union_name->external_name->length);
+    ((char *)output_name_buffer->value)[output_name_buffer->length] = '\0';
+
+    if (output_name_type != NULL)
+	*output_name_type = union_name->name_type;
+
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_name_ext.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_name_ext.c
new file mode 100644
index 00000000..be08dd16
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_name_ext.c
@@ -0,0 +1,133 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_display_name_ext()
+ *
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_dsp_name_ext_args(
+    OM_uint32 *minor_status,
+    gss_name_t input_name,
+    gss_OID display_as_name_type,
+    gss_buffer_t output_name_buffer)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (output_name_buffer != GSS_C_NO_BUFFER) {
+        output_name_buffer->length = 0;
+        output_name_buffer->value = NULL;
+    }
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (output_name_buffer == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (input_name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    if (display_as_name_type == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAMETYPE;
+
+    return GSS_S_COMPLETE;
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_display_name_ext (OM_uint32 *minor_status,
+                      gss_name_t input_name,
+                      gss_OID display_as_name_type,
+                      gss_buffer_t output_name_buffer)
+{
+    OM_uint32                status;
+    gss_union_name_t        union_name;
+    gss_mechanism        mech;
+
+    status = val_dsp_name_ext_args(minor_status,
+                                   input_name,
+                                   display_as_name_type,
+                                   output_name_buffer);
+    if (status != GSS_S_COMPLETE)
+        return status;
+
+    union_name = (gss_union_name_t) input_name;
+
+    if (union_name->mech_type) {
+        mech = gssint_get_mechanism(union_name->mech_type);
+        if (mech == NULL)
+            status = GSS_S_BAD_NAME;
+        else if (mech->gss_display_name_ext == NULL) {
+            if (mech->gss_display_name != NULL &&
+                union_name->name_type != GSS_C_NO_OID &&
+                g_OID_equal(display_as_name_type, union_name->name_type)) {
+                status = (*mech->gss_display_name)(minor_status,
+                                                   union_name->mech_name,
+                                                   output_name_buffer,
+                                                   NULL);
+                if (status != GSS_S_COMPLETE)
+                    map_error(minor_status, mech);
+            } else
+                status = GSS_S_UNAVAILABLE;
+        } else {
+            status = (*mech->gss_display_name_ext)(minor_status,
+                                                   union_name->mech_name,
+                                                   display_as_name_type,
+                                                   output_name_buffer);
+            if (status != GSS_S_COMPLETE)
+                map_error(minor_status, mech);
+        }
+        return status;
+    }
+
+    if (union_name->name_type == GSS_C_NO_OID ||
+        !g_OID_equal(display_as_name_type, union_name->name_type))
+        return GSS_S_UNAVAILABLE;
+
+    if ((output_name_buffer->value =
+         malloc(union_name->external_name->length + 1)) == NULL) {
+        return GSS_S_FAILURE;
+    }
+    output_name_buffer->length = union_name->external_name->length;
+    (void) memcpy(output_name_buffer->value,
+                  union_name->external_name->value,
+                  union_name->external_name->length);
+    ((char *)output_name_buffer->value)[output_name_buffer->length] = '\0';
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_status.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_status.c
new file mode 100644
index 00000000..70e84926
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dsp_status.c
@@ -0,0 +1,363 @@
+/* #pragma ident	"@(#)g_dsp_status.c	1.17	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine gss_display_status
+ *
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* local function */
+static OM_uint32 displayMajor(OM_uint32, OM_uint32 *, gss_buffer_t);
+
+OM_uint32 KRB5_CALLCONV
+gss_display_status (minor_status,
+                    status_value,
+                    status_type,
+                    req_mech_type,
+                    message_context,
+                    status_string)
+
+OM_uint32 *		minor_status;
+OM_uint32		status_value;
+int			status_type;
+gss_OID			req_mech_type;
+OM_uint32 *		message_context;
+gss_buffer_t		status_string;
+
+{
+    gss_OID		mech_type = (gss_OID) req_mech_type;
+    gss_mechanism	mech;
+    gss_OID_desc	m_oid = { 0, 0 };
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (status_string != GSS_C_NO_BUFFER) {
+	status_string->length = 0;
+	status_string->value = NULL;
+    }
+
+    if (minor_status == NULL ||
+	message_context == NULL ||
+	status_string == GSS_C_NO_BUFFER)
+
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /* we handle major status codes, and the mechs do the minor */
+    if (status_type == GSS_C_GSS_CODE)
+	return (displayMajor(status_value, message_context,
+			     status_string));
+
+    /*
+     * must be the minor status - let mechs do the work
+     * select the appropriate underlying mechanism routine and
+     * call it.
+     */
+
+    /* In this version, we only handle status codes that have been
+       mapped to a flat numbering space.  Look up the value we got
+       passed.  If it's not found, complain.  */
+    if (status_value == 0) {
+	status_string->value = gssalloc_strdup("Unknown error");
+	if (status_string->value == NULL) {
+	    *minor_status = ENOMEM;
+	    map_errcode(minor_status);
+	    return GSS_S_FAILURE;
+	}
+	status_string->length = strlen(status_string->value);
+	*message_context = 0;
+	*minor_status = 0;
+	return GSS_S_COMPLETE;
+    }
+    {
+	int err;
+	OM_uint32 m_status = 0, status;
+
+	err = gssint_mecherrmap_get(status_value, &m_oid, &m_status);
+	if (err) {
+	    *minor_status = err;
+	    map_errcode(minor_status);
+	    return GSS_S_BAD_STATUS;
+	}
+	if (m_oid.length == 0) {
+	    /* Magic flag for com_err values.  */
+	    status = g_display_com_err_status(minor_status, m_status, status_string);
+	    if (status != GSS_S_COMPLETE)
+		map_errcode(minor_status);
+	    return status;
+	}
+	mech_type = &m_oid;
+	status_value = m_status;
+    }
+
+    mech = gssint_get_mechanism (mech_type);
+
+    if (mech && mech->gss_display_status) {
+	OM_uint32 r;
+
+	r = mech->gss_display_status(minor_status,
+				     status_value, status_type, mech_type,
+				     message_context, status_string);
+	/* How's this for weird?  If we get an error returning the
+	   mechanism-specific error code, we save away the
+	   mechanism-specific error code describing the error.  */
+	if (r != GSS_S_COMPLETE)
+	    map_error(minor_status, mech);
+	return r;
+    }
+
+    if (!mech)
+	return (GSS_S_BAD_MECH);
+
+    return (GSS_S_UNAVAILABLE);
+}
+
+/*
+ * function to map the major error codes
+ * it uses case statements so that the strings could be wrapped by gettext
+ * msgCtxt is interpreted as:
+ *	0 - first call
+ *	1 - routine error
+ *	>= 2 - the supplementary error code bit shifted by 1
+ */
+static OM_uint32
+displayMajor(status, msgCtxt, outStr)
+OM_uint32 status;
+OM_uint32 *msgCtxt;
+gss_buffer_t outStr;
+{
+	OM_uint32 oneVal, mask = 0x1, currErr;
+	char *errStr = NULL;
+	int i, haveErr = 0;
+
+	/* take care of the success value first */
+	if (status == GSS_S_COMPLETE)
+	    errStr = _("The routine completed successfully");
+	else if (*msgCtxt == 0 && (oneVal = GSS_CALLING_ERROR(status))) {
+		switch (oneVal) {
+		case GSS_S_CALL_INACCESSIBLE_READ:
+			errStr = _("A required input parameter could not be "
+				   "read");
+			break;
+
+		case GSS_S_CALL_INACCESSIBLE_WRITE:
+			errStr = _("A required output parameter could not be "
+				   "written");
+			break;
+
+		case GSS_S_CALL_BAD_STRUCTURE:
+			errStr = _("A parameter was malformed");
+			break;
+
+		default:
+			errStr = _("An invalid status code was supplied");
+			break;
+		}
+
+		/* we now need to determine new value of msgCtxt */
+		if (GSS_ROUTINE_ERROR(status))
+			*msgCtxt = 1;
+		else if ((oneVal = GSS_SUPPLEMENTARY_INFO(status)) != 0)
+			*msgCtxt = (OM_uint32)(oneVal << 1);
+		else
+			*msgCtxt = 0;
+
+	} else if ((*msgCtxt == 0 || *msgCtxt == 1) &&
+		(oneVal = GSS_ROUTINE_ERROR(status))) {
+		switch (oneVal) {
+		case GSS_S_BAD_MECH:
+			errStr = _("An unsupported mechanism was requested");
+			break;
+
+		case GSS_S_BAD_NAME:
+			errStr = _("An invalid name was supplied");
+			break;
+
+		case GSS_S_BAD_NAMETYPE:
+			errStr = _("A supplied name was of an unsupported "
+				   "type");
+			break;
+
+		case GSS_S_BAD_BINDINGS:
+			errStr = _("Incorrect channel bindings were supplied");
+			break;
+
+		case GSS_S_BAD_SIG: /* same as GSS_S_BAD_MIC: */
+			errStr = _("A token had an invalid Message Integrity "
+				   "Check (MIC)");
+			break;
+
+		case GSS_S_NO_CRED:
+			errStr = _("No credentials were supplied, or the "
+				   "credentials were unavailable or "
+				   "inaccessible");
+			break;
+
+		case GSS_S_NO_CONTEXT:
+			errStr = _("No context has been established");
+			break;
+
+		case GSS_S_DEFECTIVE_TOKEN:
+			errStr = _("Invalid token was supplied");
+			break;
+
+		case GSS_S_DEFECTIVE_CREDENTIAL:
+			errStr = _("Invalid credential was supplied");
+			break;
+
+		case GSS_S_CREDENTIALS_EXPIRED:
+			errStr = _("The referenced credential has expired");
+			break;
+
+		case GSS_S_CONTEXT_EXPIRED:
+			errStr = _("The referenced context has expired");
+			break;
+
+		case GSS_S_FAILURE:
+			errStr = _("Unspecified GSS failure.  Minor code "
+				   "may provide more information");
+			break;
+
+		case GSS_S_BAD_QOP:
+			errStr = _("The quality-of-protection (QOP) "
+				   "requested could not be provided");
+			break;
+
+		case GSS_S_UNAUTHORIZED:
+			errStr = _("The operation is forbidden by local "
+				   "security policy");
+			break;
+
+		case GSS_S_UNAVAILABLE:
+			errStr = _("The operation or option is not "
+				   "available or unsupported");
+			break;
+
+		case GSS_S_DUPLICATE_ELEMENT:
+			errStr = _("The requested credential element "
+				   "already exists");
+			break;
+
+		case GSS_S_NAME_NOT_MN:
+			errStr = _("The provided name was not mechanism "
+				   "specific (MN)");
+			break;
+
+		case GSS_S_BAD_STATUS:
+		default:
+			errStr = _("An invalid status code was supplied");
+		}
+
+		/* we must determine if the caller should call us again */
+		if ((oneVal = GSS_SUPPLEMENTARY_INFO(status)) != 0)
+			*msgCtxt = (OM_uint32)(oneVal << 1);
+		else
+			*msgCtxt = 0;
+
+	} else if ((*msgCtxt == 0 || *msgCtxt >= 2) &&
+		(oneVal = GSS_SUPPLEMENTARY_INFO(status))) {
+		/*
+		 * if msgCtxt is not 0, then it should encode
+		 * the supplementary error code we should be printing
+		 */
+		if (*msgCtxt >= 2)
+			oneVal = (OM_uint32) (*msgCtxt) >> 1;
+		else
+			oneVal = GSS_SUPPLEMENTARY_INFO(status);
+
+		/* we display the errors LSB first */
+		for (i = 0; i < 16; i++) {
+			if (oneVal & mask) {
+				haveErr = 1;
+				break;
+			}
+			mask <<= 1;
+		}
+
+		/* isolate the bit or if not found set to illegal value */
+		if (haveErr)
+			currErr = oneVal & mask;
+		else
+			currErr = 1 << 17; /* illegal value */
+
+		switch (currErr) {
+		case GSS_S_CONTINUE_NEEDED:
+			errStr = _("The routine must be called again to "
+				   "complete its function");
+			break;
+
+		case GSS_S_DUPLICATE_TOKEN:
+			errStr = _("The token was a duplicate of an earlier "
+				   "token");
+			break;
+
+		case GSS_S_OLD_TOKEN:
+			errStr = _("The token's validity period has expired");
+			break;
+
+		case GSS_S_UNSEQ_TOKEN:
+			errStr = _("A later token has already been processed");
+			break;
+
+		case GSS_S_GAP_TOKEN:
+			errStr = _("An expected per-message token was not "
+				   "received");
+			break;
+
+		default:
+			errStr = _("An invalid status code was supplied");
+		}
+
+		/*
+		 * we must check if there is any other supplementary errors
+		 * if found, then turn off current bit, and store next value
+		 * in msgCtxt shifted by 1 bit
+		 */
+		if (!haveErr)
+			*msgCtxt = 0;
+		else if (GSS_SUPPLEMENTARY_INFO(oneVal) ^ mask)
+			*msgCtxt = (OM_uint32)
+				((GSS_SUPPLEMENTARY_INFO(oneVal) ^ mask) << 1);
+		else
+			*msgCtxt = 0;
+	}
+
+	if (errStr == NULL)
+		errStr = "An invalid status code was supplied";
+
+	/* now copy the status code and return to caller */
+	outStr->length = strlen(errStr);
+	outStr->value = gssalloc_strdup(errStr);
+	if (outStr->value == NULL) {
+		outStr->length = 0;
+		return (GSS_S_FAILURE);
+	}
+
+	return (GSS_S_COMPLETE);
+} /* displayMajor */
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c
new file mode 100644
index 00000000..ff01db27
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* #pragma ident	"@(#)g_dup_name.c	1.14	04/02/23 SMI" */
+
+/*
+ *  routine gss_duplicate_name
+ *
+ * This routine does not rely on mechanism implementation of this
+ * name, but instead uses mechanism specific gss_import_name routine.
+ */
+
+#include <mglueP.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+static OM_uint32
+val_dup_name_args(
+	OM_uint32 *minor_status,
+	const gss_name_t src_name,
+	gss_name_t *dest_name)
+{
+
+	/* Initialize outputs. */
+
+	if (minor_status != NULL)
+		*minor_status = 0;
+
+	if (dest_name != NULL)
+		*dest_name = GSS_C_NO_NAME;
+
+	/* Validate arguments. */
+
+	if (minor_status == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	/* if output_name is NULL, simply return */
+	if (dest_name == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	if (src_name == GSS_C_NO_NAME)
+		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+	return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_duplicate_name(minor_status,
+		src_name,
+		dest_name)
+OM_uint32 *minor_status;
+const gss_name_t src_name;
+gss_name_t *dest_name;
+{
+		gss_union_name_t src_union, dest_union;
+		OM_uint32 major_status = GSS_S_FAILURE;
+
+	major_status = val_dup_name_args(minor_status, src_name, dest_name);
+	if (major_status != GSS_S_COMPLETE)
+		return (major_status);
+
+	src_union = (gss_union_name_t)src_name;
+
+	/*
+	 * First create the union name struct that will hold the external
+	 * name and the name type.
+	 */
+	dest_union = (gss_union_name_t)malloc(sizeof (gss_union_name_desc));
+	if (!dest_union)
+		goto allocation_failure;
+
+	dest_union->loopback = 0;
+	dest_union->mech_type = 0;
+	dest_union->mech_name = 0;
+	dest_union->name_type = 0;
+	dest_union->external_name = 0;
+
+	/* Now copy the external representation. */
+	if (gssint_create_copy_buffer(src_union->external_name,
+				&dest_union->external_name, 0))
+		goto allocation_failure;
+
+	if (src_union->name_type != GSS_C_NULL_OID) {
+		major_status = generic_gss_copy_oid(minor_status,
+						src_union->name_type,
+						&dest_union->name_type);
+		if (major_status != GSS_S_COMPLETE) {
+		    map_errcode(minor_status);
+		    goto allocation_failure;
+		}
+	}
+
+	/*
+	 * See if source name is mechanim specific, if so then need to import it
+	 */
+	if (src_union->mech_type) {
+		major_status = generic_gss_copy_oid(minor_status,
+							src_union->mech_type,
+							&dest_union->mech_type);
+		if (major_status != GSS_S_COMPLETE) {
+		    map_errcode(minor_status);
+		    goto allocation_failure;
+		}
+
+		major_status = gssint_import_internal_name(minor_status,
+							src_union->mech_type,
+							src_union,
+							&dest_union->mech_name);
+		if (major_status != GSS_S_COMPLETE)
+			goto allocation_failure;
+	}
+
+
+	dest_union->loopback = dest_union;
+	*dest_name = (gss_name_t)dest_union;
+	return (GSS_S_COMPLETE);
+
+allocation_failure:
+	if (dest_union) {
+		if (dest_union->external_name) {
+			if (dest_union->external_name->value)
+				free(dest_union->external_name->value);
+			free(dest_union->external_name);
+		}
+		if (dest_union->name_type)
+			(void) generic_gss_release_oid(minor_status,
+							&dest_union->name_type);
+		if (dest_union->mech_name)
+			(void) gssint_release_internal_name(minor_status,
+						dest_union->mech_type,
+						&dest_union->mech_name);
+		if (dest_union->mech_type)
+			(void) generic_gss_release_oid(minor_status,
+							&dest_union->mech_type);
+		free(dest_union);
+	}
+	return (major_status);
+} /*	gss_duplicate_name	*/
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_encapsulate_token.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_encapsulate_token.c
new file mode 100644
index 00000000..1ccd3cd7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_encapsulate_token.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2011, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_encapsulate_token(gss_const_buffer_t input_token,
+                      gss_const_OID token_oid,
+                      gss_buffer_t output_token)
+{
+    unsigned int tokenSize;
+    struct k5buf buf;
+
+    if (input_token == GSS_C_NO_BUFFER || token_oid == GSS_C_NO_OID)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (output_token == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    tokenSize = g_token_size(token_oid, input_token->length);
+
+    assert(tokenSize > 2);
+    tokenSize -= 2; /* TOK_ID */
+
+    output_token->value = gssalloc_malloc(tokenSize);
+    if (output_token->value == NULL)
+        return GSS_S_FAILURE;
+
+    k5_buf_init_fixed(&buf, output_token->value, tokenSize);
+    g_make_token_header(&buf, token_oid, input_token->length, -1);
+    k5_buf_add_len(&buf, input_token->value, input_token->length);
+    assert(buf.len == tokenSize);
+    output_token->length = tokenSize;
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_exp_sec_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_exp_sec_context.c
new file mode 100644
index 00000000..a04afe3d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_exp_sec_context.c
@@ -0,0 +1,146 @@
+/* #pragma ident	"@(#)g_exp_sec_context.c	1.14	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_export_sec_context
+ */
+#ifndef LEAN_CLIENT
+
+#include "mglueP.h"
+#include <stdio.h>
+#include <errno.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_exp_sec_ctx_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t *context_handle,
+    gss_buffer_t interprocess_token)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (interprocess_token != GSS_C_NO_BUFFER) {
+	interprocess_token->length = 0;
+	interprocess_token->value = NULL;
+    }
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (interprocess_token == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_export_sec_context(minor_status,
+                       context_handle,
+                       interprocess_token)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t *		context_handle;
+gss_buffer_t		interprocess_token;
+
+{
+    OM_uint32		status;
+    OM_uint32 		length;
+    gss_union_ctx_id_t	ctx = NULL;
+    gss_mechanism	mech;
+    gss_buffer_desc	token = GSS_C_EMPTY_BUFFER;
+    char		*buf;
+
+    status = val_exp_sec_ctx_args(minor_status,
+				  context_handle, interprocess_token);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) *context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+    if (!mech)
+	return GSS_S_BAD_MECH;
+    if (!mech->gss_export_sec_context)
+	return (GSS_S_UNAVAILABLE);
+
+    status = mech->gss_export_sec_context(minor_status,
+					  &ctx->internal_ctx_id, &token);
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	goto cleanup;
+    }
+
+    length = token.length + 4 + ctx->mech_type->length;
+    interprocess_token->length = length;
+    interprocess_token->value = gssalloc_malloc(length);
+    if (interprocess_token->value == 0) {
+	*minor_status = ENOMEM;
+	status = GSS_S_FAILURE;
+	goto cleanup;
+    }
+    buf = interprocess_token->value;
+    length = ctx->mech_type->length;
+    buf[3] = (unsigned char) (length & 0xFF);
+    length >>= 8;
+    buf[2] = (unsigned char) (length & 0xFF);
+    length >>= 8;
+    buf[1] = (unsigned char) (length & 0xFF);
+    length >>= 8;
+    buf[0] = (unsigned char) (length & 0xFF);
+    memcpy(buf+4, ctx->mech_type->elements, (size_t) ctx->mech_type->length);
+    memcpy(buf+4+ctx->mech_type->length, token.value, token.length);
+
+    status = GSS_S_COMPLETE;
+
+cleanup:
+    (void) gss_release_buffer(minor_status, &token);
+    if (ctx != NULL && ctx->internal_ctx_id == GSS_C_NO_CONTEXT) {
+	/* If the mech deleted its context, delete the union context. */
+	free(ctx->mech_type->elements);
+	free(ctx->mech_type);
+	free(ctx);
+	*context_handle = GSS_C_NO_CONTEXT;
+    }
+    return status;
+}
+#endif /*LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_cred.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_cred.c
new file mode 100644
index 00000000..9678c6de
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_cred.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/mechglue/g_export_cred.c - gss_export_cred definition */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_exp_cred_args(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
+                  gss_buffer_t token)
+{
+
+    /* Initialize outputs. */
+    if (minor_status != NULL)
+        *minor_status = 0;
+    if (token != GSS_C_NO_BUFFER) {
+        token->length = 0;
+        token->value = NULL;
+    }
+
+    /* Validate arguments. */
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    if (cred_handle == GSS_C_NO_CREDENTIAL)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED;
+    if (token == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_export_cred(OM_uint32 * minor_status, gss_cred_id_t cred_handle,
+                gss_buffer_t token)
+{
+    OM_uint32 status, tmpmin;
+    gss_union_cred_t cred;
+    gss_OID mech_oid;
+    gss_OID public_oid;
+    gss_mechanism mech;
+    gss_buffer_desc mech_token;
+    struct k5buf buf;
+    int i;
+
+    status = val_exp_cred_args(minor_status, cred_handle, token);
+    if (status != GSS_S_COMPLETE)
+        return status;
+
+    k5_buf_init_dynamic(&buf);
+
+    cred = (gss_union_cred_t) cred_handle;
+    for (i = 0; i < cred->count; i++) {
+        /* Get an export token for this mechanism. */
+        mech_oid = &cred->mechs_array[i];
+        public_oid = gssint_get_public_oid(mech_oid);
+        mech = gssint_get_mechanism(mech_oid);
+        if (public_oid == GSS_C_NO_OID || mech == NULL) {
+            status = GSS_S_DEFECTIVE_CREDENTIAL;
+            goto error;
+        }
+        if (mech->gss_export_cred == NULL) {
+            status = GSS_S_UNAVAILABLE;
+            goto error;
+        }
+        status = mech->gss_export_cred(minor_status, cred->cred_array[i],
+                                       &mech_token);
+        if (status != GSS_S_COMPLETE) {
+            map_error(minor_status, mech);
+            goto error;
+        }
+
+        /* Append the mech OID and token to buf. */
+        k5_buf_add_uint32_be(&buf, public_oid->length);
+        k5_buf_add_len(&buf, public_oid->elements, public_oid->length);
+        k5_buf_add_uint32_be(&buf, mech_token.length);
+        k5_buf_add_len(&buf, mech_token.value, mech_token.length);
+        gss_release_buffer(&tmpmin, &mech_token);
+    }
+
+    return k5buf_to_gss(minor_status, &buf, token);
+
+error:
+    k5_buf_free(&buf);
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_name.c
new file mode 100644
index 00000000..c845f8ca
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_name.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1996,1997, by Sun Microsystems, Inc.
+ * All rights reserved.
+ */
+
+/* #pragma ident	"@(#)g_export_name.c	1.11	00/07/17 SMI" */
+
+/*
+ * glue routine gss_export_name
+ *
+ * Will either call the mechanism defined gss_export_name, or if one is
+ * not defined will call a generic_gss_export_name routine.
+ */
+
+#include <mglueP.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+OM_uint32 KRB5_CALLCONV
+gss_export_name(minor_status,
+			input_name,
+			exported_name)
+OM_uint32 *		minor_status;
+const gss_name_t	input_name;
+gss_buffer_t		exported_name;
+{
+	gss_union_name_t		union_name;
+
+	/* Initialize outputs. */
+
+	if (minor_status != NULL)
+		*minor_status = 0;
+
+	if (exported_name != GSS_C_NO_BUFFER) {
+		exported_name->value = NULL;
+		exported_name->length = 0;
+	}
+
+	/* Validate arguments. */
+
+	if (minor_status == NULL || exported_name == GSS_C_NO_BUFFER)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	if (input_name == GSS_C_NO_NAME)
+		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+	union_name = (gss_union_name_t)input_name;
+
+	/* the name must be in mechanism specific format */
+	if (!union_name->mech_type)
+		return (GSS_S_NAME_NOT_MN);
+
+	return gssint_export_internal_name(minor_status, union_name->mech_type,
+					union_name->mech_name, exported_name);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_name_comp.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_name_comp.c
new file mode 100644
index 00000000..0a2bac41
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_export_name_comp.c
@@ -0,0 +1,78 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ *  glue routine for gss_export_name_composite
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_export_name_composite(OM_uint32 *minor_status,
+                          gss_name_t name,
+                          gss_buffer_t exp_composite_name)
+{
+    OM_uint32           status;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (exp_composite_name != GSS_C_NO_BUFFER) {
+        exp_composite_name->value = NULL;
+        exp_composite_name->length = 0;
+    }
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    if (exp_composite_name == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID)
+        return GSS_S_UNAVAILABLE;
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL)
+        return GSS_S_BAD_NAME;
+
+    if (mech->gss_export_name_composite == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = (*mech->gss_export_name_composite)(minor_status,
+                                                union_name->mech_name,
+                                                exp_composite_name);
+    if (status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_get_name_attr.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_get_name_attr.c
new file mode 100644
index 00000000..2108beb3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_get_name_attr.c
@@ -0,0 +1,93 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_get_name_attribute */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_get_name_attribute(OM_uint32 *minor_status,
+                       gss_name_t name,
+                       gss_buffer_t attr,
+                       int *authenticated,
+                       int *complete,
+                       gss_buffer_t value,
+                       gss_buffer_t display_value,
+                       int *more)
+{
+    OM_uint32           status;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+    if (authenticated != NULL)
+        *authenticated = 0;
+    if (complete != NULL)
+        *complete = 0;
+    if (value != GSS_C_NO_BUFFER) {
+        value->value = NULL;
+        value->length = 0;
+    }
+    if (display_value != GSS_C_NO_BUFFER) {
+        display_value->value = NULL;
+        display_value->length = 0;
+    }
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+    if (attr == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+    if (more == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID)
+        return GSS_S_UNAVAILABLE;
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL)
+        return GSS_S_BAD_NAME;
+
+    if (mech->gss_get_name_attribute == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = (*mech->gss_get_name_attribute)(minor_status,
+                                             union_name->mech_name,
+                                             attr,
+                                             authenticated,
+                                             complete,
+                                             value,
+                                             display_value,
+                                             more);
+    if (status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c
new file mode 100644
index 00000000..176fbe63
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c
@@ -0,0 +1,562 @@
+/* #pragma ident	"@(#)g_glue.c	1.25	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "mglueP.h"
+#include "k5-der.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+#define	MSO_BIT (8*(sizeof (int) - 1))  /* Most significant octet bit */
+
+extern gss_mechanism *gssint_mechs_array;
+
+/*
+ * This file contains the support routines for the glue layer.
+ */
+
+/* Retrieve the mechanism OID from an RFC 2743 InitialContextToken.  Place
+ * the result into *oid_out, aliasing memory from token. */
+OM_uint32 gssint_get_mech_type_oid(gss_OID oid_out, gss_buffer_t token)
+{
+    struct k5input in;
+
+    if (oid_out == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    if (token == NULL || token->value == NULL)
+	return (GSS_S_DEFECTIVE_TOKEN);
+
+    k5_input_init(&in, token->value, token->length);
+    if (!k5_der_get_value(&in, 0x60, &in))
+	return (GSS_S_DEFECTIVE_TOKEN);
+    if (!k5_der_get_value(&in, 0x06, &in))
+	return (GSS_S_DEFECTIVE_TOKEN);
+    oid_out->length = in.len;
+    oid_out->elements = (uint8_t *)in.ptr;
+    return (GSS_S_COMPLETE);
+}
+
+/*
+ * The following mechanisms do not always identify themselves
+ * per the GSS-API specification, when interoperating with MS
+ * peers. We include the OIDs here so we do not have to ilnk
+ * with the mechanism.
+ */
+static gss_OID_desc gss_ntlm_mechanism_oid_desc =
+	{10, (void *)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"};
+static gss_OID_desc gss_spnego_mechanism_oid_desc =
+	{6, (void *)"\x2b\x06\x01\x05\x05\x02"};
+static gss_OID_desc gss_krb5_mechanism_oid_desc =
+	{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
+
+#define NTLMSSP_SIGNATURE "NTLMSSP"
+
+OM_uint32 gssint_get_mech_type(OID, token)
+    gss_OID		OID;
+    gss_buffer_t	token;
+{
+    /* Check for interoperability exceptions */
+    if (token->length >= sizeof(NTLMSSP_SIGNATURE) &&
+	memcmp(token->value, NTLMSSP_SIGNATURE,
+	       sizeof(NTLMSSP_SIGNATURE)) == 0) {
+	*OID = gss_ntlm_mechanism_oid_desc;
+    } else if (token->length != 0 &&
+	       ((char *)token->value)[0] == 0x6E) {
+ 	/* Could be a raw AP-REQ (check for APPLICATION tag) */
+	*OID = gss_krb5_mechanism_oid_desc;
+    } else if (token->length == 0) {
+	*OID = gss_spnego_mechanism_oid_desc;
+    } else {
+	return gssint_get_mech_type_oid(OID, token);
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+static OM_uint32
+import_internal_attributes(OM_uint32 *minor,
+			   gss_mechanism dmech,
+			   gss_union_name_t sname,
+			   gss_name_t dname)
+{
+    OM_uint32 major, tmpMinor;
+    gss_mechanism smech;
+    gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
+    size_t i;
+
+    if (sname->mech_name == GSS_C_NO_NAME)
+	return (GSS_S_UNAVAILABLE);
+
+    smech = gssint_get_mechanism (sname->mech_type);
+    if (smech == NULL)
+	return (GSS_S_BAD_MECH);
+
+    if (smech->gss_inquire_name == NULL ||
+	smech->gss_get_name_attribute == NULL)
+	return (GSS_S_UNAVAILABLE);
+
+    if (dmech->gss_set_name_attribute == NULL)
+	return (GSS_S_UNAVAILABLE);
+
+    major = smech->gss_inquire_name(minor, sname->mech_name,
+				    NULL, NULL, &attrs);
+    if (GSS_ERROR(major) || attrs == GSS_C_NO_BUFFER_SET) {
+	gss_release_buffer_set(&tmpMinor, &attrs);
+	return (major);
+    }
+
+    for (i = 0; i < attrs->count; i++) {
+	int more = -1;
+
+	while (more != 0) {
+	    gss_buffer_desc value, display_value;
+	    int authenticated, complete;
+
+	    major = smech->gss_get_name_attribute(minor, sname->mech_name,
+						  &attrs->elements[i],
+						  &authenticated, &complete,
+						  &value, &display_value,
+						  &more);
+	    if (GSS_ERROR(major))
+		continue;
+
+	    if (authenticated) {
+		dmech->gss_set_name_attribute(minor, dname, complete,
+					      &attrs->elements[i], &value);
+	    }
+
+	    gss_release_buffer(&tmpMinor, &value);
+	    gss_release_buffer(&tmpMinor, &display_value);
+	}
+    }
+
+    gss_release_buffer_set(&tmpMinor, &attrs);
+
+    return (GSS_S_COMPLETE);
+}
+
+/*
+ *  Internal routines to get and release an internal mechanism name
+ */
+
+OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name,
+				internal_name)
+OM_uint32	*minor_status;
+gss_OID		mech_type;
+gss_union_name_t	union_name;
+gss_name_t	*internal_name;
+{
+    OM_uint32		status, tmpMinor;
+    gss_mechanism	mech;
+    gss_OID		public_mech;
+
+    mech = gssint_get_mechanism (mech_type);
+    if (mech == NULL)
+	return (GSS_S_BAD_MECH);
+
+    /*
+     * If we are importing a name for the same mechanism, and the
+     * mechanism implements gss_duplicate_name, then use that.
+     */
+    if (union_name->mech_type != GSS_C_NO_OID &&
+	union_name->mech_name != GSS_C_NO_NAME &&
+	g_OID_equal(union_name->mech_type, mech_type) &&
+	mech->gss_duplicate_name != NULL) {
+	status = mech->gss_duplicate_name(minor_status,
+					  union_name->mech_name,
+					  internal_name);
+	if (status != GSS_S_UNAVAILABLE) {
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	    return (status);
+	}
+    }
+
+    if (mech->gssspi_import_name_by_mech) {
+	public_mech = gssint_get_public_oid(mech_type);
+	status = mech->gssspi_import_name_by_mech(minor_status, public_mech,
+						  union_name->external_name,
+						  union_name->name_type,
+						  internal_name);
+    } else if (mech->gss_import_name) {
+	status = mech->gss_import_name(minor_status, union_name->external_name,
+				       union_name->name_type, internal_name);
+    } else {
+	return (GSS_S_UNAVAILABLE);
+    }
+
+    if (status == GSS_S_COMPLETE) {
+        /* Attempt to round-trip attributes */
+	(void) import_internal_attributes(&tmpMinor, mech,
+				          union_name, *internal_name);
+    } else {
+	map_error(minor_status, mech);
+    }
+
+    return (status);
+}
+
+OM_uint32 gssint_export_internal_name(minor_status, mech_type,
+				     internal_name, name_buf)
+    OM_uint32		*minor_status;
+    const gss_OID		mech_type;
+    const gss_name_t	internal_name;
+    gss_buffer_t		name_buf;
+{
+    OM_uint32 status;
+    gss_mechanism mech;
+    gss_buffer_desc dispName;
+    gss_OID nameOid;
+    int mech_der_len = 0;
+    struct k5buf buf;
+
+    mech = gssint_get_mechanism(mech_type);
+    if (!mech)
+	return (GSS_S_BAD_MECH);
+
+    if (mech->gss_export_name) {
+	status = mech->gss_export_name(minor_status,
+				       internal_name,
+				       name_buf);
+	if (status != GSS_S_COMPLETE)
+	    map_error(minor_status, mech);
+	return status;
+    }
+
+    /*
+     * if we are here it is because the mechanism does not provide
+     * a gss_export_name so we will use our implementation.  We
+     * do required that the mechanism define a gss_display_name.
+     */
+    if (!mech->gss_display_name)
+	return (GSS_S_UNAVAILABLE);
+
+    /*
+     * NOTE: RFC2743 (section 3.2) governs the format of the outer
+     *	 wrapper of exported names; the mechanisms' specs govern
+     *	 the format of the inner portion of the exported name
+     *	 and, for some (e.g., RFC1964, the Kerberos V mech), a
+     *	 generic default as implemented here will do.
+     *
+     * The outer wrapper of an exported MN is: 2-octet tok Id
+     * (0x0401) + 2-octet network-byte order mech OID length + mech
+     * oid (in DER format, including DER tag and DER length) +
+     * 4-octet network-byte order length of inner portion + inner
+     * portion.
+     *
+     * For the Kerberos V mechanism the inner portion of an exported
+     * MN is the display name string and ignores the name type OID
+     * altogether.  And we hope this will be so for any future
+     * mechanisms also, so that factoring name export/import out of
+     * the mech and into libgss pays off.
+     */
+    if ((status = mech->gss_display_name(minor_status,
+					 internal_name,
+					 &dispName,
+					 &nameOid))
+	!= GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	return (status);
+    }
+
+    /* Allocate space and prepare a buffer. */
+    mech_der_len = k5_der_value_len(mech_type->length);
+    name_buf->length = 2 + 2 + mech_der_len + 4 + dispName.length;
+    name_buf->value = gssalloc_malloc(name_buf->length);
+    if (name_buf->value == NULL) {
+	name_buf->length = 0;
+	(void) gss_release_buffer(&status, &dispName);
+	return (GSS_S_FAILURE);
+    }
+    k5_buf_init_fixed(&buf, name_buf->value, name_buf->length);
+
+    /* Assemble the name. */
+    k5_buf_add_len(&buf, "\x04\x01", 2);
+    k5_buf_add_uint16_be(&buf, mech_der_len);
+    k5_der_add_value(&buf, 0x06, mech_type->elements, mech_type->length);
+    k5_buf_add_uint32_be(&buf, dispName.length);
+    k5_buf_add_len(&buf, dispName.value, dispName.length);
+    assert(buf.len == name_buf->length);
+
+    /* release the buffer obtained from gss_display_name */
+    (void) gss_release_buffer(minor_status, &dispName);
+    return (GSS_S_COMPLETE);
+} /*  gssint_export_internal_name */
+
+OM_uint32 gssint_display_internal_name (minor_status, mech_type, internal_name,
+				 external_name, name_type)
+OM_uint32	*minor_status;
+gss_OID		mech_type;
+gss_name_t	internal_name;
+gss_buffer_t	external_name;
+gss_OID		*name_type;
+{
+    OM_uint32		status;
+    gss_mechanism	mech;
+
+    mech = gssint_get_mechanism (mech_type);
+    if (mech) {
+	if (mech->gss_display_name) {
+	    status = mech->gss_display_name (
+					     minor_status,
+					     internal_name,
+					     external_name,
+					     name_type);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return (status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 gssint_release_internal_name (minor_status, mech_type, internal_name)
+OM_uint32	*minor_status;
+gss_OID		mech_type;
+gss_name_t	*internal_name;
+{
+    OM_uint32		status;
+    gss_mechanism	mech;
+
+    mech = gssint_get_mechanism (mech_type);
+    if (mech) {
+	if (mech->gss_release_name) {
+	    status = mech->gss_release_name (
+					     minor_status,
+					     internal_name);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return (status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 gssint_delete_internal_sec_context (minor_status,
+					      mech_type,
+					      internal_ctx,
+					      output_token)
+OM_uint32	*minor_status;
+gss_OID		mech_type;
+gss_ctx_id_t	*internal_ctx;
+gss_buffer_t	output_token;
+{
+    OM_uint32		status;
+    gss_mechanism	mech;
+
+    mech = gssint_get_mechanism (mech_type);
+    if (mech) {
+	if (mech->gss_delete_sec_context)
+	    status = mech->gss_delete_sec_context (minor_status,
+						   internal_ctx,
+						   output_token);
+	else
+	    status = GSS_S_UNAVAILABLE;
+
+	return (status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
+
+/*
+ * This function converts an internal gssapi name to a union gssapi
+ * name.  Note that internal_name should be considered "consumed" by
+ * this call, whether or not we return an error.
+ */
+OM_uint32 gssint_convert_name_to_union_name(minor_status, mech,
+					   internal_name, external_name)
+    OM_uint32 *minor_status;
+    gss_mechanism	mech;
+    gss_name_t	internal_name;
+    gss_name_t	*external_name;
+{
+    OM_uint32 major_status,tmp;
+    gss_union_name_t union_name;
+
+    union_name = (gss_union_name_t) malloc (sizeof(gss_union_name_desc));
+    if (!union_name) {
+	major_status = GSS_S_FAILURE;
+	*minor_status = ENOMEM;
+	map_errcode(minor_status);
+	goto allocation_failure;
+    }
+    union_name->mech_type = 0;
+    union_name->mech_name = internal_name;
+    union_name->name_type = 0;
+    union_name->external_name = 0;
+
+    major_status = generic_gss_copy_oid(minor_status, &mech->mech_type,
+					&union_name->mech_type);
+    if (major_status != GSS_S_COMPLETE) {
+	map_errcode(minor_status);
+	goto allocation_failure;
+    }
+
+    union_name->external_name =
+	(gss_buffer_t) malloc(sizeof(gss_buffer_desc));
+    if (!union_name->external_name) {
+	    major_status = GSS_S_FAILURE;
+	    goto allocation_failure;
+    }
+    union_name->external_name->length = 0;
+    union_name->external_name->value = NULL;
+
+    major_status = mech->gss_display_name(minor_status,
+					  internal_name,
+					  union_name->external_name,
+					  &union_name->name_type);
+    if (major_status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	goto allocation_failure;
+    }
+
+    union_name->loopback = union_name;
+    *external_name = /*(gss_name_t) CHECK */union_name;
+    return (GSS_S_COMPLETE);
+
+allocation_failure:
+    if (union_name) {
+	if (union_name->external_name) {
+	    if (union_name->external_name->value)
+		free(union_name->external_name->value);
+	    free(union_name->external_name);
+	}
+	if (union_name->name_type)
+	    gss_release_oid(&tmp, &union_name->name_type);
+	if (union_name->mech_type)
+	    gss_release_oid(&tmp, &union_name->mech_type);
+	free(union_name);
+    }
+    /*
+     * do as the top comment says - since we are now owners of
+     * internal_name, we must clean it up
+     */
+    if (internal_name)
+	(void) gssint_release_internal_name(&tmp, &mech->mech_type,
+					   &internal_name);
+    return (major_status);
+}
+
+/*
+ * Glue routine for returning the mechanism-specific credential from a
+ * external union credential.
+ */
+gss_cred_id_t
+gssint_get_mechanism_cred(union_cred, mech_type)
+    gss_union_cred_t	union_cred;
+    gss_OID		mech_type;
+{
+    int		i;
+
+    if (union_cred == GSS_C_NO_CREDENTIAL)
+	return GSS_C_NO_CREDENTIAL;
+
+    for (i=0; i < union_cred->count; i++) {
+	if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
+	    return union_cred->cred_array[i];
+    }
+    return GSS_C_NO_CREDENTIAL;
+}
+
+/*
+ * Routine to create and copy the gss_buffer_desc structure.
+ * Both space for the structure and the data is allocated.
+ */
+OM_uint32
+gssint_create_copy_buffer(srcBuf, destBuf, addNullChar)
+    const gss_buffer_t	srcBuf;
+    gss_buffer_t 		*destBuf;
+    int			addNullChar;
+{
+    gss_buffer_t aBuf;
+    unsigned int len;
+
+    if (destBuf == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    *destBuf = 0;
+
+    aBuf = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
+    if (!aBuf)
+	return (GSS_S_FAILURE);
+
+    if (addNullChar)
+	len = srcBuf->length + 1;
+    else
+	len = srcBuf->length;
+
+    if (!(aBuf->value = (void*)gssalloc_malloc(len))) {
+	free(aBuf);
+	return (GSS_S_FAILURE);
+    }
+
+
+    (void) memcpy(aBuf->value, srcBuf->value, srcBuf->length);
+    aBuf->length = srcBuf->length;
+    *destBuf = aBuf;
+
+    /* optionally add a NULL character */
+    if (addNullChar)
+	((char *)aBuf->value)[aBuf->length] = '\0';
+
+    return (GSS_S_COMPLETE);
+} /* ****** gssint_create_copy_buffer  ****** */
+
+OM_uint32
+gssint_create_union_context(OM_uint32 *minor, gss_const_OID mech_oid,
+			    gss_union_ctx_id_t *ctx_out)
+{
+    OM_uint32 status;
+    gss_union_ctx_id_t ctx;
+
+    *ctx_out = NULL;
+
+    ctx = calloc(1, sizeof(*ctx));
+    if (ctx == NULL) {
+	*minor = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    status = generic_gss_copy_oid(minor, mech_oid, &ctx->mech_type);
+    if (status != GSS_S_COMPLETE) {
+	free(ctx);
+	return status;
+    }
+
+    ctx->loopback = ctx;
+    ctx->internal_ctx_id = GSS_C_NO_CONTEXT;
+
+    *ctx_out = ctx;
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_cred.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_cred.c
new file mode 100644
index 00000000..77e2ff55
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_cred.c
@@ -0,0 +1,177 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/mechglue/g_imp_cred.c - gss_import_cred definition */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_imp_cred_args(OM_uint32 *minor_status, gss_buffer_t token,
+                  gss_cred_id_t *cred_handle)
+{
+    /* Initialize outputs. */
+    if (minor_status != NULL)
+        *minor_status = 0;
+    if (cred_handle != NULL)
+        *cred_handle = GSS_C_NO_CREDENTIAL;
+
+    /* Validate arguments. */
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    if (cred_handle == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    if (token == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN;
+    if (GSS_EMPTY_BUFFER(token))
+        return GSS_S_DEFECTIVE_TOKEN;
+    return GSS_S_COMPLETE;
+}
+
+/* Populate mech_oid and mech_token with the next entry in token, using aliased
+ * memory from token.  Advance token by the amount consumed. */
+static OM_uint32
+get_entry(OM_uint32 *minor_status, gss_buffer_t token, gss_OID mech_oid,
+          gss_buffer_t mech_token)
+{
+    OM_uint32 len;
+
+    /* Get the mechanism OID. */
+    if (token->length < 4)
+        return GSS_S_DEFECTIVE_TOKEN;
+    len = load_32_be(token->value);
+    if (token->length - 4 < len)
+        return GSS_S_DEFECTIVE_TOKEN;
+    mech_oid->length = len;
+    mech_oid->elements = (char *)token->value + 4;
+    token->value = (char *)token->value + 4 + len;
+    token->length -= 4 + len;
+
+    /* Get the mechanism token. */
+    if (token->length < 4)
+        return GSS_S_DEFECTIVE_TOKEN;
+    len = load_32_be(token->value);
+    if (token->length - 4 < len)
+        return GSS_S_DEFECTIVE_TOKEN;
+    mech_token->length = len;
+    mech_token->value = (char *)token->value + 4;
+    token->value = (char *)token->value + 4 + len;
+    token->length -= 4 + len;
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
+                gss_cred_id_t *cred_handle)
+{
+    OM_uint32 status, tmpmin, count;
+    gss_union_cred_t cred = NULL;
+    gss_mechanism mech;
+    gss_buffer_desc tok, mech_token;
+    gss_OID_desc mech_oid;
+    gss_OID selected_mech;
+    gss_cred_id_t mech_cred;
+    void *elemcopy;
+
+    status = val_imp_cred_args(minor_status, token, cred_handle);
+    if (status != GSS_S_COMPLETE)
+        return status;
+
+    /* Count the entries in token. */
+    for (tok = *token, count = 0; tok.length > 0; count++) {
+        status = get_entry(minor_status, &tok, &mech_oid, &mech_token);
+        if (status != GSS_S_COMPLETE)
+            return status;
+    }
+
+    /* Allocate a union credential. */
+    cred = calloc(1, sizeof(*cred));
+    if (cred == NULL)
+        goto oom;
+    cred->loopback = cred;
+    cred->count = 0;
+    cred->mechs_array = calloc(count, sizeof(*cred->mechs_array));
+    if (cred->mechs_array == NULL)
+        goto oom;
+    cred->cred_array = calloc(count, sizeof(*cred->cred_array));
+    if (cred->cred_array == NULL)
+        goto oom;
+
+    tok = *token;
+    while (tok.length > 0) {
+        (void)get_entry(minor_status, &tok, &mech_oid, &mech_token);
+
+        /* Import this entry's mechanism token. */
+        status = gssint_select_mech_type(minor_status, &mech_oid,
+                                         &selected_mech);
+        if (status != GSS_S_COMPLETE)
+            goto error;
+        mech = gssint_get_mechanism(selected_mech);
+        if (mech == NULL || (mech->gss_import_cred == NULL &&
+                             mech->gssspi_import_cred_by_mech == NULL)) {
+            status = GSS_S_DEFECTIVE_TOKEN;
+            goto error;
+        }
+        if (mech->gssspi_import_cred_by_mech) {
+            status = mech->gssspi_import_cred_by_mech(minor_status,
+                                        gssint_get_public_oid(selected_mech),
+                                        &mech_token, &mech_cred);
+        } else {
+            status = mech->gss_import_cred(minor_status, &mech_token,
+                                           &mech_cred);
+        }
+        if (status != GSS_S_COMPLETE) {
+            map_error(minor_status, mech);
+            goto error;
+        }
+
+        /* Add the resulting mechanism cred to the union cred. */
+        elemcopy = malloc(selected_mech->length);
+        if (elemcopy == NULL) {
+            if (mech->gss_release_cred != NULL)
+                mech->gss_release_cred(&tmpmin, &mech_cred);
+            goto oom;
+        }
+        memcpy(elemcopy, selected_mech->elements, selected_mech->length);
+        cred->mechs_array[cred->count].length = selected_mech->length;
+        cred->mechs_array[cred->count].elements = elemcopy;
+        cred->cred_array[cred->count++] = mech_cred;
+    }
+
+    *cred_handle = cred;
+    return GSS_S_COMPLETE;
+
+oom:
+    status = GSS_S_FAILURE;
+    *minor_status = ENOMEM;
+error:
+    (void)gss_release_cred(&tmpmin, &cred);
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c
new file mode 100644
index 00000000..a805078a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c
@@ -0,0 +1,333 @@
+/* #pragma ident	"@(#)g_imp_name.c	1.26	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine gss_import_name
+ *
+ */
+
+#include "mglueP.h"
+#include "k5-der.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+/* local function to import GSS_C_EXPORT_NAME names */
+static OM_uint32 importExportName(OM_uint32 *, gss_union_name_t, gss_OID);
+
+static OM_uint32
+val_imp_name_args(
+    OM_uint32 *minor_status,
+    gss_buffer_t input_name_buffer,
+    gss_OID input_name_type,
+    gss_name_t *output_name)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_name != NULL)
+	*output_name = GSS_C_NO_NAME;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (output_name == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (input_name_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    if (input_name_type == GSS_C_NO_OID ||
+	!g_OID_equal(input_name_type, GSS_C_NT_ANONYMOUS)) {
+	if (input_name_buffer->length == 0)
+	    return (GSS_S_BAD_NAME);
+
+	if (input_name_buffer->value == NULL)
+	    return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+    }
+
+    return (GSS_S_COMPLETE);
+}
+
+static gss_buffer_desc emptyNameBuffer;
+
+OM_uint32 KRB5_CALLCONV
+gss_import_name(minor_status,
+                input_name_buffer,
+                input_name_type,
+                output_name)
+
+OM_uint32 *		minor_status;
+gss_buffer_t		input_name_buffer;
+gss_OID			input_name_type;
+gss_name_t *		output_name;
+
+{
+    gss_union_name_t	union_name;
+    OM_uint32		tmp, major_status = GSS_S_FAILURE;
+
+    if (input_name_buffer == GSS_C_NO_BUFFER)
+	input_name_buffer = &emptyNameBuffer;
+
+    major_status = val_imp_name_args(minor_status,
+				     input_name_buffer, input_name_type,
+				     output_name);
+    if (major_status != GSS_S_COMPLETE)
+	return (major_status);
+
+    /*
+     * First create the union name struct that will hold the external
+     * name and the name type.
+     */
+    union_name = (gss_union_name_t) malloc (sizeof(gss_union_name_desc));
+    if (!union_name)
+	return (GSS_S_FAILURE);
+
+    union_name->loopback = 0;
+    union_name->mech_type = 0;
+    union_name->mech_name = 0;
+    union_name->name_type = 0;
+    union_name->external_name = 0;
+
+    /*
+     * All we do here is record the external name and name_type.
+     * When the name is actually used, the underlying gss_import_name()
+     * is called for the appropriate mechanism.  The exception to this
+     * rule is when the name of GSS_C_NT_EXPORT_NAME type.  If that is
+     * the case, then we make it MN in this call.
+     */
+    major_status = gssint_create_copy_buffer(input_name_buffer,
+					    &union_name->external_name, 0);
+    if (major_status != GSS_S_COMPLETE) {
+	free(union_name);
+	return (major_status);
+    }
+
+    if (input_name_type != GSS_C_NULL_OID) {
+	major_status = generic_gss_copy_oid(minor_status,
+					    input_name_type,
+					    &union_name->name_type);
+	if (major_status != GSS_S_COMPLETE) {
+	    map_errcode(minor_status);
+	    goto allocation_failure;
+	}
+    }
+
+    /*
+     * In MIT Distribution the mechanism is determined from the nametype;
+     * This is not a good idea - first mechanism that supports a given
+     * name type is picked up; later on the caller can request a
+     * different mechanism. So we don't determine the mechanism here. Now
+     * the user level and kernel level import_name routine looks similar
+     * except the kernel routine makes a copy of the nametype structure. We
+     * do however make this an MN for names of GSS_C_NT_EXPORT_NAME type.
+     */
+    if (input_name_type != GSS_C_NULL_OID &&
+	(g_OID_equal(input_name_type, GSS_C_NT_EXPORT_NAME) ||
+	 g_OID_equal(input_name_type, GSS_C_NT_COMPOSITE_EXPORT))) {
+	major_status = importExportName(minor_status, union_name, input_name_type);
+	if (major_status != GSS_S_COMPLETE)
+	    goto allocation_failure;
+    }
+
+    union_name->loopback = union_name;
+    *output_name = (gss_name_t)union_name;
+    return (GSS_S_COMPLETE);
+
+allocation_failure:
+    if (union_name) {
+	if (union_name->external_name) {
+	    if (union_name->external_name->value)
+		free(union_name->external_name->value);
+	    free(union_name->external_name);
+	}
+	if (union_name->name_type)
+	    generic_gss_release_oid(&tmp, &union_name->name_type);
+	if (union_name->mech_name)
+	    gssint_release_internal_name(minor_status, union_name->mech_type,
+					&union_name->mech_name);
+	if (union_name->mech_type)
+	    generic_gss_release_oid(&tmp, &union_name->mech_type);
+	free(union_name);
+    }
+    return (major_status);
+}
+
+static OM_uint32
+importExportName(minor, unionName, inputNameType)
+    OM_uint32 *minor;
+    gss_union_name_t unionName;
+    gss_OID inputNameType;
+{
+    gss_OID_desc mechOid;
+    gss_buffer_desc expName;
+    gss_mechanism mech;
+    OM_uint32 major, mechOidLen, nameLen;
+    uint8_t b2;
+    const uint8_t *name;
+    struct k5input in, oid, old_format;
+
+    expName.value = unionName->external_name->value;
+    expName.length = unionName->external_name->length;
+    k5_input_init(&in, expName.value, expName.length);
+
+    if (k5_input_get_byte(&in) != 0x04)
+	return (GSS_S_DEFECTIVE_TOKEN);
+    b2 = k5_input_get_byte(&in);
+    if (b2 != 0x01 && b2 != 0x02) /* allow composite names */
+	return (GSS_S_DEFECTIVE_TOKEN);
+
+    mechOidLen = k5_input_get_uint16_be(&in);
+
+    if (!k5_der_get_value(&in, 0x06, &oid))
+	return (GSS_S_DEFECTIVE_TOKEN);
+    /* Verify that mechOidLen is consistent with the DER OID length. */
+    if (mechOidLen != k5_der_value_len(oid.len))
+	return (GSS_S_DEFECTIVE_TOKEN);
+    mechOid.length = oid.len;
+    mechOid.elements = (uint8_t *)oid.ptr;
+    if ((mech = gssint_get_mechanism(&mechOid)) == NULL)
+	return (GSS_S_BAD_MECH);
+
+    if (mech->gssspi_import_name_by_mech == NULL &&
+	mech->gss_import_name == NULL)
+	return (GSS_S_UNAVAILABLE);
+
+    /*
+     * we must now determine if we should unwrap the name ourselves
+     * or make the mechanism do it - we should only unwrap it
+     * if we create it; so if mech->gss_export_name == NULL, we must
+     * have created it.
+     */
+    if (mech->gss_export_name) {
+	if (mech->gssspi_import_name_by_mech) {
+	    major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+						     inputNameType,
+						     &unionName->mech_name);
+	} else {
+	    major = mech->gss_import_name(minor, &expName, inputNameType,
+					  &unionName->mech_name);
+	}
+	if (major != GSS_S_COMPLETE)
+	    map_error(minor, mech);
+	else {
+	    major = generic_gss_copy_oid(minor, &mechOid,
+					 &unionName->mech_type);
+	    if (major != GSS_S_COMPLETE)
+		map_errcode(minor);
+	}
+	return (major);
+    }
+    /*
+     * we must have exported the name - so we now need to reconstruct it
+     * and call the mechanism to create it
+     *
+     * WARNING:	Older versions of gssint_export_internal_name() did
+     *		not export names correctly, but now it does.  In
+     *		order to stay compatible with existing exported
+     *		names we must support names exported the broken
+     *		way.
+     *
+     * Specifically, gssint_export_internal_name() used to include
+     * the name type OID in the encoding of the exported MN.
+     * Additionally, the Kerberos V mech used to make display names
+     * that included a null terminator which was counted in the
+     * display name gss_buffer_desc.
+     */
+
+    /* next 4 bytes in the name are the name length */
+    nameLen = k5_input_get_uint32_be(&in);
+    name = k5_input_get_bytes(&in, nameLen);
+    if (name == NULL)
+	return (GSS_S_DEFECTIVE_TOKEN);
+
+    /*
+     * We detect broken exported names here: they always start with
+     * a two-octet network-byte order OID length, which is always
+     * less than 256 bytes, so the first octet of the length is
+     * always '\0', which is not allowed in GSS-API display names
+     * (or never occurs in them anyways).  Of course, the OID
+     * shouldn't be there, but it is.  After the OID (sans DER tag
+     * and length) there's the name itself, though null-terminated;
+     * this null terminator should also not be there, but it is.
+     */
+    if (nameLen > 0 && *name == '\0') {
+	OM_uint32 nameTypeLen;
+
+	/* Skip the name type. */
+	k5_input_init(&old_format, name, nameLen);
+	nameTypeLen = k5_input_get_uint16_be(&old_format);
+	if (k5_input_get_bytes(&old_format, nameTypeLen) == NULL)
+	    return (GSS_S_DEFECTIVE_TOKEN);
+	/* Remove a null terminator if one is present. */
+	if (old_format.len > 0 && old_format.ptr[old_format.len - 1] == 0)
+	    old_format.len--;
+	name = old_format.ptr;
+	nameLen = old_format.len;
+    }
+
+    /*
+     * Can a name be null?  Let the mech decide.
+     *
+     * NOTE: We use GSS_C_NULL_OID as the name type when importing
+     *	 the unwrapped name.  Presumably the exported name had,
+     *	 prior to being exported been obtained in such a way
+     *	 that it has been properly perpared ("canonicalized," in
+     *	 GSS-API terms) according to some name type; we cannot
+     *	 tell what that name type was now, but the name should
+     *	 need no further preparation other than the lowest
+     *	 common denominator afforded by the mech to names
+     *	 imported with GSS_C_NULL_OID.  For the Kerberos V mech
+     *	 this means doing less busywork too (particularly once
+     *	 IDN is thrown in with Kerberos V extensions).
+     */
+    expName.length = nameLen;
+    expName.value = nameLen ? (uint8_t *)name : NULL;
+    if (mech->gssspi_import_name_by_mech) {
+	major = mech->gssspi_import_name_by_mech(minor, &mechOid, &expName,
+						 GSS_C_NULL_OID,
+						 &unionName->mech_name);
+    } else {
+	major = mech->gss_import_name(minor, &expName,
+				      GSS_C_NULL_OID, &unionName->mech_name);
+    }
+    if (major != GSS_S_COMPLETE) {
+	map_error(minor, mech);
+	return (major);
+    }
+
+    major = generic_gss_copy_oid(minor, &mechOid, &unionName->mech_type);
+    if (major != GSS_S_COMPLETE) {
+	map_errcode(minor);
+    }
+    return major;
+} /* importExportName */
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_sec_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_sec_context.c
new file mode 100644
index 00000000..6315201a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -0,0 +1,161 @@
+/* #pragma ident	"@(#)g_imp_sec_context.c	1.18	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine gss_export_sec_context
+ */
+
+#ifndef LEAN_CLIENT
+
+#include "mglueP.h"
+#include <stdio.h>
+#include <errno.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_imp_sec_ctx_args(
+    OM_uint32 *minor_status,
+    gss_buffer_t interprocess_token,
+    gss_ctx_id_t *context_handle)
+{
+
+    /* Initialize outputs. */
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (context_handle != NULL)
+	*context_handle = GSS_C_NO_CONTEXT;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (interprocess_token == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN);
+
+    if (GSS_EMPTY_BUFFER(interprocess_token))
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_DEFECTIVE_TOKEN);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_import_sec_context(minor_status,
+                       interprocess_token,
+                       context_handle)
+
+OM_uint32 *		minor_status;
+gss_buffer_t		interprocess_token;
+gss_ctx_id_t *		context_handle;
+
+{
+    OM_uint32		length = 0;
+    OM_uint32		status;
+    char		*p;
+    gss_union_ctx_id_t	ctx;
+    gss_ctx_id_t	mctx;
+    gss_buffer_desc	token;
+    gss_OID_desc	token_mech;
+    gss_OID		selected_mech = GSS_C_NO_OID;
+    gss_OID		public_mech;
+    gss_mechanism	mech;
+
+    status = val_imp_sec_ctx_args(minor_status,
+				  interprocess_token, context_handle);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /* Initial value needed below. */
+    status = GSS_S_FAILURE;
+
+    if (interprocess_token->length >= sizeof (OM_uint32)) {
+	p = interprocess_token->value;
+	length = (OM_uint32)*p++;
+	length = (OM_uint32)(length << 8) + *p++;
+	length = (OM_uint32)(length << 8) + *p++;
+	length = (OM_uint32)(length << 8) + *p++;
+    }
+
+    if (length == 0 ||
+	length > (interprocess_token->length - sizeof (OM_uint32))) {
+	return (GSS_S_CALL_BAD_STRUCTURE | GSS_S_DEFECTIVE_TOKEN);
+    }
+
+    token_mech.length = length;
+    token_mech.elements = p;
+
+    p += length;
+
+    token.length = interprocess_token->length - sizeof (OM_uint32) - length;
+    token.value = p;
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    status = gssint_select_mech_type(minor_status, &token_mech,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (!mech)
+	return GSS_S_BAD_MECH;
+    if (!mech->gssspi_import_sec_context_by_mech &&
+	!mech->gss_import_sec_context)
+	return GSS_S_UNAVAILABLE;
+
+    status = gssint_create_union_context(minor_status, selected_mech, &ctx);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    if (mech->gssspi_import_sec_context_by_mech) {
+	public_mech = gssint_get_public_oid(selected_mech);
+	status = mech->gssspi_import_sec_context_by_mech(minor_status,
+							 public_mech,
+							 &token, &mctx);
+    } else {
+	status = mech->gss_import_sec_context(minor_status, &token, &mctx);
+    }
+    if (status == GSS_S_COMPLETE) {
+	ctx->internal_ctx_id = mctx;
+	*context_handle = (gss_ctx_id_t)ctx;
+	return (GSS_S_COMPLETE);
+    }
+    map_error(minor_status, mech);
+    free(ctx->mech_type->elements);
+    free(ctx->mech_type);
+    free(ctx);
+    return status;
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_init_sec_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_init_sec_context.c
new file mode 100644
index 00000000..a58074c0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_init_sec_context.c
@@ -0,0 +1,252 @@
+/* #pragma ident	"@(#)g_init_sec_context.c	1.20	03/10/24 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_init_sec_context
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+static OM_uint32
+val_init_sec_ctx_args(
+    OM_uint32 *minor_status,
+    gss_cred_id_t claimant_cred_handle,
+    gss_ctx_id_t *context_handle,
+    gss_name_t target_name,
+    gss_OID req_mech_type,
+    OM_uint32 req_flags,
+    OM_uint32 time_req,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_OID *actual_mech_type,
+    gss_buffer_t output_token,
+    OM_uint32 *ret_flags,
+    OM_uint32 *time_rec)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (actual_mech_type != NULL)
+	*actual_mech_type = GSS_C_NO_OID;
+
+    if (output_token != GSS_C_NO_BUFFER) {
+	output_token->length = 0;
+	output_token->value = NULL;
+    }
+
+    if (ret_flags != NULL)
+	*ret_flags = 0;
+
+    if (time_rec != NULL)
+	*time_rec = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CONTEXT);
+
+    if (target_name == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    if (output_token == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_init_sec_context (minor_status,
+                      claimant_cred_handle,
+                      context_handle,
+                      target_name,
+                      req_mech_type,
+                      req_flags,
+                      time_req,
+                      input_chan_bindings,
+                      input_token,
+                      actual_mech_type,
+                      output_token,
+                      ret_flags,
+                      time_rec)
+
+OM_uint32 *		minor_status;
+gss_cred_id_t		claimant_cred_handle;
+gss_ctx_id_t *		context_handle;
+gss_name_t		target_name;
+gss_OID			req_mech_type;
+OM_uint32		req_flags;
+OM_uint32		time_req;
+gss_channel_bindings_t	input_chan_bindings;
+gss_buffer_t		input_token;
+gss_OID *		actual_mech_type;
+gss_buffer_t		output_token;
+OM_uint32 *		ret_flags;
+OM_uint32 *		time_rec;
+
+{
+    OM_uint32		status, temp_minor_status;
+    gss_union_name_t	union_name;
+    gss_union_cred_t	union_cred;
+    gss_name_t		internal_name;
+    gss_union_ctx_id_t	union_ctx_id;
+    gss_OID		selected_mech;
+    gss_mechanism	mech;
+    gss_cred_id_t	input_cred_handle;
+
+    status = val_init_sec_ctx_args(minor_status,
+				   claimant_cred_handle,
+				   context_handle,
+				   target_name,
+				   req_mech_type,
+				   req_flags,
+				   time_req,
+				   input_chan_bindings,
+				   input_token,
+				   actual_mech_type,
+				   output_token,
+				   ret_flags,
+				   time_rec);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    status = gssint_select_mech_type(minor_status, req_mech_type,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    union_name = (gss_union_name_t)target_name;
+
+    /*
+     * obtain the gss mechanism information for the requested
+     * mechanism.  If mech_type is NULL, set it to the resultant
+     * mechanism
+     */
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+	return (GSS_S_BAD_MECH);
+
+    if (mech->gss_init_sec_context == NULL)
+	return (GSS_S_UNAVAILABLE);
+
+    /*
+     * If target_name is mechanism_specific, then it must match the
+     * mech_type that we're about to use.  Otherwise, do an import on
+     * the external_name form of the target name.
+     */
+    if (union_name->mech_type &&
+	g_OID_equal(union_name->mech_type, selected_mech)) {
+	internal_name = union_name->mech_name;
+    } else {
+	if ((status = gssint_import_internal_name(minor_status, selected_mech,
+						 union_name,
+						 &internal_name)) != GSS_S_COMPLETE)
+	    return (status);
+    }
+
+    /*
+     * if context_handle is GSS_C_NO_CONTEXT, allocate a union context
+     * descriptor to hold the mech type information as well as the
+     * underlying mechanism context handle. Otherwise, cast the
+     * value of *context_handle to the union context variable.
+     */
+
+    if(*context_handle == GSS_C_NO_CONTEXT) {
+	status = gssint_create_union_context(minor_status, selected_mech,
+					     &union_ctx_id);
+	if (status != GSS_S_COMPLETE)
+	    goto end;
+    } else {
+	union_ctx_id = (gss_union_ctx_id_t)*context_handle;
+	if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) {
+	    status = GSS_S_NO_CONTEXT;
+	    goto end;
+	}
+    }
+
+    /*
+     * get the appropriate cred handle from the union cred struct.
+     * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will
+     * use the default credential.
+     */
+    union_cred = (gss_union_cred_t) claimant_cred_handle;
+    input_cred_handle = gssint_get_mechanism_cred(union_cred, selected_mech);
+
+    /*
+     * now call the approprate underlying mechanism routine
+     */
+
+    status = mech->gss_init_sec_context(
+	minor_status,
+	input_cred_handle,
+	&union_ctx_id->internal_ctx_id,
+	internal_name,
+	gssint_get_public_oid(selected_mech),
+	req_flags,
+	time_req,
+	input_chan_bindings,
+	input_token,
+	actual_mech_type,
+	output_token,
+	ret_flags,
+	time_rec);
+
+    if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
+	/*
+	 * RFC 2744 5.19 requires that we not create a context on a failed
+	 * first call to init, and recommends that on a failed subsequent call
+	 * we make the caller responsible for calling gss_delete_sec_context.
+	 * Even if the mech deleted its context, keep the union context around
+	 * for the caller to delete.
+	 */
+	map_error(minor_status, mech);
+	if (*context_handle == GSS_C_NO_CONTEXT) {
+	    free(union_ctx_id->mech_type->elements);
+	    free(union_ctx_id->mech_type);
+	    free(union_ctx_id);
+	}
+    } else if (*context_handle == GSS_C_NO_CONTEXT) {
+	*context_handle = (gss_ctx_id_t)union_ctx_id;
+    }
+
+end:
+    if (union_name->mech_name == NULL ||
+	union_name->mech_name != internal_name) {
+	(void) gssint_release_internal_name(&temp_minor_status,
+					    selected_mech, &internal_name);
+    }
+
+    return(status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c
new file mode 100644
index 00000000..22f6c615
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c
@@ -0,0 +1,1623 @@
+/* #pragma ident	"@(#)g_initialize.c	1.36	05/02/02 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This function will initialize the gssapi mechglue library
+ */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#ifndef _WIN32
+#include <glob.h>
+#endif
+
+#define	M_DEFAULT	"default"
+
+#include "k5-thread.h"
+#include "k5-plugin.h"
+#include "osconf.h"
+#ifdef _GSS_STATIC_LINK
+#include "gssapiP_krb5.h"
+#include "gssapiP_spnego.h"
+#endif
+
+#define MECH_SYM "gss_mech_initialize"
+#define MECH_INTERPOSER_SYM "gss_mech_interposer"
+
+#ifndef MECH_CONF
+#define	MECH_CONF "/etc/gss/mech"
+#endif
+#define MECH_CONF_PATTERN MECH_CONF ".d/*.conf"
+
+/* Local functions */
+static void addConfigEntry(const char *oidStr, const char *oid,
+			   const char *sharedLib, const char *kernMod,
+			   const char *modOptions, const char *modType);
+static gss_mech_info searchMechList(gss_const_OID);
+static void loadConfigFile(const char *);
+#if defined(_WIN32)
+#ifndef MECH_KEY
+#define MECH_KEY "SOFTWARE\\gss\\mech"
+#endif
+static time_t getRegKeyModTime(HKEY hBaseKey, const char *keyPath);
+static time_t getRegConfigModTime(const char *keyPath);
+static void getRegKeyValue(HKEY key, const char *keyPath, const char *valueName, void **data, DWORD *dataLen);
+static void loadConfigFromRegistry(HKEY keyBase, const char *keyPath);
+#endif
+static void updateMechList(void);
+static void initMechList(void);
+static void loadInterMech(gss_mech_info aMech);
+static void freeMechList(void);
+
+static OM_uint32 build_mechSet(void);
+static void free_mechSet(void);
+
+/*
+ * list of mechanism libraries and their entry points.
+ * the list also maintains state of the mech libraries (loaded or not).
+ */
+static gss_mech_info g_mechList = NULL;
+static gss_mech_info g_mechListTail = NULL;
+static k5_mutex_t g_mechListLock = K5_MUTEX_PARTIAL_INITIALIZER;
+static time_t g_confFileModTime = (time_t)-1;
+static time_t g_confLastCall = (time_t)0;
+
+static gss_OID_set_desc g_mechSet = { 0, NULL };
+static k5_mutex_t g_mechSetLock = K5_MUTEX_PARTIAL_INITIALIZER;
+
+MAKE_INIT_FUNCTION(gssint_mechglue_init);
+MAKE_FINI_FUNCTION(gssint_mechglue_fini);
+
+int
+gssint_mechglue_init(void)
+{
+	int err;
+
+#ifdef SHOW_INITFINI_FUNCS
+	printf("gssint_mechglue_init\n");
+#endif
+
+	add_error_table(&et_ggss_error_table);
+
+	err = k5_mutex_finish_init(&g_mechSetLock);
+	if (err)
+		return err;
+	err = k5_mutex_finish_init(&g_mechListLock);
+	if (err)
+		return err;
+
+#ifdef _GSS_STATIC_LINK
+	err = gss_krb5int_lib_init();
+	if (err)
+		return err;
+	err = gss_spnegoint_lib_init();
+	if (err)
+		return err;
+#endif
+
+	err = gssint_mecherrmap_init();
+	return err;
+}
+
+void
+gssint_mechglue_fini(void)
+{
+	if (!INITIALIZER_RAN(gssint_mechglue_init) || PROGRAM_EXITING()) {
+#ifdef SHOW_INITFINI_FUNCS
+		printf("gssint_mechglue_fini: skipping\n");
+#endif
+		return;
+	}
+
+#ifdef SHOW_INITFINI_FUNCS
+	printf("gssint_mechglue_fini\n");
+#endif
+#ifdef _GSS_STATIC_LINK
+	gss_spnegoint_lib_fini();
+	gss_krb5int_lib_fini();
+#endif
+	k5_mutex_destroy(&g_mechSetLock);
+	k5_mutex_destroy(&g_mechListLock);
+	free_mechSet();
+	freeMechList();
+	remove_error_table(&et_ggss_error_table);
+	gssint_mecherrmap_destroy();
+}
+
+int
+gssint_mechglue_initialize_library(void)
+{
+	return CALL_INIT_FUNCTION(gssint_mechglue_init);
+}
+
+/*
+ * function used to reclaim the memory used by a gss_OID structure.
+ * This routine requires direct access to the mechList.
+ */
+OM_uint32 KRB5_CALLCONV
+gss_release_oid(minor_status, oid)
+OM_uint32 *minor_status;
+gss_OID *oid;
+{
+	OM_uint32 major;
+	gss_mech_info aMech;
+
+	if (minor_status != NULL)
+	    *minor_status = 0;
+
+	if (minor_status == NULL || oid == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	*minor_status = gssint_mechglue_initialize_library();
+	if (*minor_status != 0)
+		return (GSS_S_FAILURE);
+
+	k5_mutex_lock(&g_mechListLock);
+	aMech = g_mechList;
+	while (aMech != NULL) {
+
+		/*
+		 * look through the loaded mechanism libraries for
+		 * gss_internal_release_oid until one returns success.
+		 * gss_internal_release_oid will only return success when
+		 * the OID was recognized as an internal mechanism OID. if no
+		 * mechanisms recognize the OID, then call the generic version.
+		 */
+		if (aMech->mech && aMech->mech->gss_internal_release_oid) {
+			major = aMech->mech->gss_internal_release_oid(
+					minor_status, oid);
+			if (major == GSS_S_COMPLETE) {
+				k5_mutex_unlock(&g_mechListLock);
+				return (GSS_S_COMPLETE);
+			}
+			map_error(minor_status, aMech->mech);
+		}
+		aMech = aMech->next;
+	} /* while */
+	k5_mutex_unlock(&g_mechListLock);
+
+	return (generic_gss_release_oid(minor_status, oid));
+} /* gss_release_oid */
+
+/*
+ * Wrapper around inquire_attrs_for_mech to determine whether a mechanism has
+ * the deprecated attribute.  Must be called without g_mechSetLock since it
+ * will call into the mechglue.
+ */
+static int
+is_deprecated(gss_OID element)
+{
+	OM_uint32 major, minor;
+	gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
+	int deprecated = 0;
+
+	major = gss_inquire_attrs_for_mech(&minor, element, &mech_attrs, NULL);
+	if (major == GSS_S_COMPLETE) {
+		gss_test_oid_set_member(&minor, (gss_OID)GSS_C_MA_DEPRECATED,
+					mech_attrs, &deprecated);
+	}
+
+	if (mech_attrs != GSS_C_NO_OID_SET)
+		gss_release_oid_set(&minor, &mech_attrs);
+
+	return deprecated;
+}
+
+/*
+ * Removes mechs with the deprecated attribute from an OID set.  Must be
+ * called without g_mechSetLock held since it calls into the mechglue.
+ */
+static void
+prune_deprecated(gss_OID_set mech_set)
+{
+	OM_uint32 i, j;
+
+	j = 0;
+	for (i = 0; i < mech_set->count; i++) {
+	    if (!is_deprecated(&mech_set->elements[i]))
+		mech_set->elements[j++] = mech_set->elements[i];
+	    else
+		gssalloc_free(mech_set->elements[i].elements);
+	}
+	mech_set->count = j;
+}
+
+/*
+ * this function will return an oid set indicating available mechanisms.
+ * The set returned is based on configuration file entries and
+ * NOT on the loaded mechanisms.  This function does not check if any
+ * of these can actually be loaded.
+ * Deprecated mechanisms will not be returned.
+ * This routine needs direct access to the mechanism list.
+ * To avoid reading the configuration file each call, we will save a
+ * a mech oid set, and only update it once the file has changed.
+ */
+OM_uint32 KRB5_CALLCONV
+gss_indicate_mechs(minorStatus, mechSet_out)
+OM_uint32 *minorStatus;
+gss_OID_set *mechSet_out;
+{
+	OM_uint32 status;
+
+	/* Initialize outputs. */
+
+	if (minorStatus != NULL)
+		*minorStatus = 0;
+
+	if (mechSet_out != NULL)
+		*mechSet_out = GSS_C_NO_OID_SET;
+
+	/* Validate arguments. */
+	if (minorStatus == NULL || mechSet_out == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	*minorStatus = gssint_mechglue_initialize_library();
+	if (*minorStatus != 0)
+		return (GSS_S_FAILURE);
+
+	if (build_mechSet())
+		return GSS_S_FAILURE;
+
+	/*
+	 * need to lock the g_mechSet in case someone tries to update it while
+	 * I'm copying it.
+	 */
+	k5_mutex_lock(&g_mechSetLock);
+	status = generic_gss_copy_oid_set(minorStatus, &g_mechSet, mechSet_out);
+	k5_mutex_unlock(&g_mechSetLock);
+
+	if (*mechSet_out != GSS_C_NO_OID_SET)
+		prune_deprecated(*mechSet_out);
+
+	return (status);
+} /* gss_indicate_mechs */
+
+
+/* Call with g_mechSetLock held, or during final cleanup.  */
+static void
+free_mechSet(void)
+{
+	unsigned int i;
+
+	if (g_mechSet.count != 0) {
+		for (i = 0; i < g_mechSet.count; i++)
+			free(g_mechSet.elements[i].elements);
+		free(g_mechSet.elements);
+		g_mechSet.elements = NULL;
+		g_mechSet.count = 0;
+	}
+}
+
+static OM_uint32
+build_mechSet(void)
+{
+	gss_mech_info mList;
+	size_t i;
+	size_t count;
+	gss_OID curItem;
+
+	/*
+	 * lock the mutex since we will be updating
+	 * the mechList structure
+	 * we need to keep the lock while we build the mechanism list
+	 * since we are accessing parts of the mechList which could be
+	 * modified.
+	 */
+	k5_mutex_lock(&g_mechListLock);
+
+	updateMechList();
+
+	/*
+	 * we need to lock the mech set so that no one else will
+	 * try to read it as we are re-creating it
+	 */
+	k5_mutex_lock(&g_mechSetLock);
+
+	/* if the oid list already exists we must free it first */
+	free_mechSet();
+
+	/* determine how many elements to have in the list */
+	mList = g_mechList;
+	count = 0;
+	while (mList != NULL) {
+		count++;
+		mList = mList->next;
+	}
+
+	/* this should always be true, but.... */
+	if (count > 0) {
+		g_mechSet.elements =
+			(gss_OID) calloc(count, sizeof (gss_OID_desc));
+		if (g_mechSet.elements == NULL) {
+			k5_mutex_unlock(&g_mechSetLock);
+			k5_mutex_unlock(&g_mechListLock);
+			return (GSS_S_FAILURE);
+		}
+
+		(void) memset(g_mechSet.elements, 0,
+			      count * sizeof (gss_OID_desc));
+
+		/* now copy each oid element */
+		count = 0;
+		for (mList = g_mechList; mList != NULL; mList = mList->next) {
+			/* Don't expose interposer mechanisms. */
+			if (mList->is_interposer)
+				continue;
+			curItem = &(g_mechSet.elements[count]);
+			curItem->elements = (void*)
+				malloc(mList->mech_type->length);
+			if (curItem->elements == NULL) {
+				/*
+				 * this is nasty - we must delete the
+				 * part of the array already copied
+				 */
+				for (i = 0; i < count; i++) {
+					free(g_mechSet.elements[i].
+					     elements);
+				}
+				free(g_mechSet.elements);
+				g_mechSet.count = 0;
+				g_mechSet.elements = NULL;
+				k5_mutex_unlock(&g_mechSetLock);
+				k5_mutex_unlock(&g_mechListLock);
+				return (GSS_S_FAILURE);
+			}
+			g_OID_copy(curItem, mList->mech_type);
+			count++;
+		}
+		g_mechSet.count = count;
+	}
+
+	k5_mutex_unlock(&g_mechSetLock);
+	k5_mutex_unlock(&g_mechListLock);
+
+	return GSS_S_COMPLETE;
+}
+
+
+/*
+ * this function has been added for use by modules that need to
+ * know what (if any) optional parameters are supplied in the
+ * config file (MECH_CONF).
+ * It will return the option string for a specified mechanism.
+ * caller is responsible for freeing the memory
+ */
+char *
+gssint_get_modOptions(oid)
+const gss_OID oid;
+{
+	gss_mech_info aMech;
+	char *modOptions = NULL;
+
+	if (gssint_mechglue_initialize_library() != 0)
+		return (NULL);
+
+	/* make sure we have fresh data */
+	k5_mutex_lock(&g_mechListLock);
+	updateMechList();
+
+	if ((aMech = searchMechList(oid)) == NULL ||
+		aMech->optionStr == NULL) {
+		k5_mutex_unlock(&g_mechListLock);
+		return (NULL);
+	}
+
+	if (aMech->optionStr)
+		modOptions = strdup(aMech->optionStr);
+	k5_mutex_unlock(&g_mechListLock);
+
+	return (modOptions);
+} /* gssint_get_modOptions */
+
+/* Return the mtime of filename or its eventual symlink target (if it is a
+ * symlink), whichever is larger.  Return (time_t)-1 if lstat or stat fails. */
+static time_t
+check_link_mtime(const char *filename, time_t *mtime_out)
+{
+	struct stat st1, st2;
+
+	if (lstat(filename, &st1) != 0)
+		return (time_t)-1;
+	if (!S_ISLNK(st1.st_mode))
+		return st1.st_mtime;
+	if (stat(filename, &st2) != 0)
+		return (time_t)-1;
+	return (st1.st_mtime > st2.st_mtime) ? st1.st_mtime : st2.st_mtime;
+}
+
+/* Load pathname if it is newer than last.  Update *highest to the maximum of
+ * its current value and pathname's mod time. */
+static void
+load_if_changed(const char *pathname, time_t last, time_t *highest)
+{
+	time_t mtime;
+
+	mtime = check_link_mtime(pathname, &mtime);
+	if (mtime == (time_t)-1)
+		return;
+	if (mtime > *highest || *highest == (time_t)-1)
+		*highest = mtime;
+	if (mtime > last || last == (time_t)-1)
+		loadConfigFile(pathname);
+}
+
+#ifndef _WIN32
+/* Try to load any config files which have changed since the last call.  Config
+ * files are MECH_CONF and any files matching MECH_CONF_PATTERN. */
+static void
+loadConfigFiles()
+{
+	glob_t globbuf;
+	time_t highest = (time_t)-1, now;
+	char **path;
+	const char *val;
+
+	/* Don't glob and stat more than once per second. */
+	if (time(&now) == (time_t)-1 || now == g_confLastCall)
+		return;
+	g_confLastCall = now;
+
+	val = secure_getenv("GSS_MECH_CONFIG");
+	if (val != NULL) {
+		load_if_changed(val, g_confFileModTime, &g_confFileModTime);
+		return;
+	}
+
+	load_if_changed(MECH_CONF, g_confFileModTime, &highest);
+
+	memset(&globbuf, 0, sizeof(globbuf));
+	if (glob(MECH_CONF_PATTERN, 0, NULL, &globbuf) == 0) {
+		for (path = globbuf.gl_pathv; *path != NULL; path++)
+			load_if_changed(*path, g_confFileModTime, &highest);
+	}
+	globfree(&globbuf);
+
+	g_confFileModTime = highest;
+}
+#endif
+
+/*
+ * determines if the mechList needs to be updated from file
+ * and performs the update.
+ * this functions must be called with a lock of g_mechListLock
+ */
+static void
+updateMechList(void)
+{
+	gss_mech_info minfo;
+
+#if defined(_WIN32)
+	time_t lastConfModTime = getRegConfigModTime(MECH_KEY);
+	if (g_confFileModTime >= lastConfModTime &&
+	    g_confFileModTime != (time_t)-1)
+		return;
+	g_confFileModTime = lastConfModTime;
+	loadConfigFromRegistry(HKEY_CURRENT_USER, MECH_KEY);
+	loadConfigFromRegistry(HKEY_LOCAL_MACHINE, MECH_KEY);
+#else /* _WIN32 */
+	loadConfigFiles();
+#endif /* !_WIN32 */
+
+	/* Load any unloaded interposer mechanisms immediately, to make sure we
+	 * interpose other mechanisms before they are used. */
+	for (minfo = g_mechList; minfo != NULL; minfo = minfo->next) {
+		if (minfo->is_interposer && minfo->mech == NULL)
+			loadInterMech(minfo);
+	}
+} /* updateMechList */
+
+/* Update the mech list from system configuration if we have never done so.
+ * Must be invoked with the g_mechListLock mutex held. */
+static void
+initMechList(void)
+{
+	static int lazy_init = 0;
+
+	if (lazy_init == 0) {
+		updateMechList();
+		lazy_init = 1;
+	}
+}
+
+static void
+releaseMechInfo(gss_mech_info *pCf)
+{
+	gss_mech_info cf;
+	OM_uint32 minor_status;
+
+	if (*pCf == NULL) {
+		return;
+	}
+
+	cf = *pCf;
+
+	if (cf->kmodName != NULL)
+		free(cf->kmodName);
+	if (cf->uLibName != NULL)
+		free(cf->uLibName);
+	if (cf->mechNameStr != NULL)
+		free(cf->mechNameStr);
+	if (cf->optionStr != NULL)
+		free(cf->optionStr);
+	if (cf->mech_type != GSS_C_NO_OID &&
+	    cf->mech_type != &cf->mech->mech_type)
+		generic_gss_release_oid(&minor_status, &cf->mech_type);
+	if (cf->freeMech)
+		zapfree(cf->mech, sizeof(*cf->mech));
+	if (cf->dl_handle != NULL)
+		krb5int_close_plugin(cf->dl_handle);
+	if (cf->int_mech_type != GSS_C_NO_OID)
+		generic_gss_release_oid(&minor_status, &cf->int_mech_type);
+
+	memset(cf, 0, sizeof(*cf));
+	free(cf);
+
+	*pCf = NULL;
+}
+
+#ifdef _GSS_STATIC_LINK
+/*
+ * Register a mechanism.  Called with g_mechListLock held.
+ */
+int
+gssint_register_mechinfo(gss_mech_info template)
+{
+	gss_mech_info cf, new_cf;
+
+	new_cf = calloc(1, sizeof(*new_cf));
+	if (new_cf == NULL) {
+		return ENOMEM;
+	}
+
+	new_cf->dl_handle = template->dl_handle;
+	/* copy mech so we can rewrite canonical mechanism OID */
+	new_cf->mech = (gss_mechanism)calloc(1, sizeof(struct gss_config));
+	if (new_cf->mech == NULL) {
+		releaseMechInfo(&new_cf);
+		return ENOMEM;
+	}
+	*new_cf->mech = *template->mech;
+	if (template->mech_type != NULL)
+		new_cf->mech->mech_type = *(template->mech_type);
+	new_cf->mech_type = &new_cf->mech->mech_type;
+	new_cf->priority = template->priority;
+	new_cf->freeMech = 1;
+	new_cf->next = NULL;
+
+	if (template->kmodName != NULL) {
+		new_cf->kmodName = strdup(template->kmodName);
+		if (new_cf->kmodName == NULL) {
+			releaseMechInfo(&new_cf);
+			return ENOMEM;
+		}
+	}
+	if (template->uLibName != NULL) {
+		new_cf->uLibName = strdup(template->uLibName);
+		if (new_cf->uLibName == NULL) {
+			releaseMechInfo(&new_cf);
+			return ENOMEM;
+		}
+	}
+	if (template->mechNameStr != NULL) {
+		new_cf->mechNameStr = strdup(template->mechNameStr);
+		if (new_cf->mechNameStr == NULL) {
+			releaseMechInfo(&new_cf);
+			return ENOMEM;
+		}
+	}
+	if (template->optionStr != NULL) {
+		new_cf->optionStr = strdup(template->optionStr);
+		if (new_cf->optionStr == NULL) {
+			releaseMechInfo(&new_cf);
+			return ENOMEM;
+		}
+	}
+	if (g_mechList == NULL) {
+		g_mechList = new_cf;
+		g_mechListTail = new_cf;
+		return 0;
+	} else if (new_cf->priority < g_mechList->priority) {
+		new_cf->next = g_mechList;
+		g_mechList = new_cf;
+		return 0;
+	}
+
+	for (cf = g_mechList; cf != NULL; cf = cf->next) {
+		if (cf->next == NULL ||
+		    new_cf->priority < cf->next->priority) {
+			new_cf->next = cf->next;
+			cf->next = new_cf;
+			if (g_mechListTail == cf) {
+				g_mechListTail = new_cf;
+			}
+			break;
+		}
+	}
+
+	return 0;
+}
+#endif /* _GSS_STATIC_LINK */
+
+#define GSS_ADD_DYNAMIC_METHOD(_dl, _mech, _symbol) \
+	do { \
+		struct errinfo errinfo; \
+		\
+		memset(&errinfo, 0, sizeof(errinfo)); \
+		if (krb5int_get_plugin_func(_dl, \
+					    #_symbol, \
+					    (void (**)())&(_mech)->_symbol, \
+					    &errinfo) || errinfo.code) {  \
+			(_mech)->_symbol = NULL; \
+			k5_clear_error(&errinfo); \
+			} \
+	} while (0)
+
+/*
+ * If _symbol is undefined in the shared object but the shared object
+ * is linked against the mechanism glue, it's possible for dlsym() to
+ * return the mechanism glue implementation. Guard against that.
+ */
+#define GSS_ADD_DYNAMIC_METHOD_NOLOOP(_dl, _mech, _symbol)	\
+	do {							\
+		GSS_ADD_DYNAMIC_METHOD(_dl, _mech, _symbol);	\
+		if ((_mech)->_symbol == _symbol)		\
+		    (_mech)->_symbol = NULL;			\
+	} while (0)
+
+static gss_mechanism
+build_dynamicMech(void *dl, const gss_OID mech_type)
+{
+	gss_mechanism mech;
+
+	mech = (gss_mechanism)calloc(1, sizeof(*mech));
+	if (mech == NULL) {
+		return NULL;
+	}
+
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_acquire_cred);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_release_cred);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_init_sec_context);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_accept_sec_context);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_process_context_token);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_delete_sec_context);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_context_time);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_get_mic);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_verify_mic);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_wrap);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_unwrap);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_display_status);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_indicate_mechs);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_compare_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_display_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_import_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_release_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_cred);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_add_cred);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_export_sec_context);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_import_sec_context);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_cred_by_mech);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_names_for_mech);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_context);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_internal_release_oid);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_wrap_size_limit);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_localname);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_authorize_localname);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_export_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_duplicate_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_store_cred);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_sec_context_by_oid);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_cred_by_oid);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_set_sec_context_option);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_set_cred_option);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_mech_invoke);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_wrap_aead);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_unwrap_aead);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_wrap_iov);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_unwrap_iov);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_wrap_iov_length);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_complete_auth_token);
+	/* Services4User (introduced in 1.8) */
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_acquire_cred_impersonate_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_add_cred_impersonate_name);
+	/* Naming extensions (introduced in 1.8) */
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_display_name_ext);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_name);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_get_name_attribute);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_set_name_attribute);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_delete_name_attribute);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_export_name_composite);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_map_name_to_any);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_release_any_name_mapping);
+        /* RFC 4401 (introduced in 1.8) */
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_pseudo_random);
+	/* RFC 4178 (introduced in 1.8; gss_get_neg_mechs not implemented) */
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_set_neg_mechs);
+        /* draft-ietf-sasl-gs2 */
+        GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_saslname_for_mech);
+        GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_mech_for_saslname);
+        /* RFC 5587 */
+        GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_attrs_for_mech);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_acquire_cred_from);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_store_cred_into);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_export_cred);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_import_cred);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
+	GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);
+	/* draft-zhu-negoex */
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_query_meta_data);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_exchange_meta_data);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gssspi_query_mechanism_info);
+	/* gss_get_mic_iov extensions (added 1.12, implementable 1.20) */
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_get_mic_iov);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_verify_mic_iov);
+	GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_get_mic_iov_length);
+
+	assert(mech_type != GSS_C_NO_OID);
+
+	mech->mech_type = *(mech_type);
+
+	return mech;
+}
+
+#define RESOLVE_GSSI_SYMBOL(_dl, _mech, _psym, _nsym)			\
+	do {								\
+		struct errinfo errinfo;					\
+		memset(&errinfo, 0, sizeof(errinfo));			\
+		if (krb5int_get_plugin_func(_dl,			\
+					    "gssi" #_nsym,		\
+					    (void (**)())&(_mech)->_psym \
+					    ## _nsym,			\
+					    &errinfo) || errinfo.code) { \
+			(_mech)->_psym ## _nsym = NULL;			\
+			k5_clear_error(&errinfo);			\
+		}							\
+	} while (0)
+
+/* Build an interposer mechanism function table from dl. */
+static gss_mechanism
+build_interMech(void *dl, const gss_OID mech_type)
+{
+	gss_mechanism mech;
+
+	mech = calloc(1, sizeof(*mech));
+	if (mech == NULL) {
+		return NULL;
+	}
+
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _acquire_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _release_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _init_sec_context);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _accept_sec_context);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _process_context_token);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _delete_sec_context);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _context_time);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _get_mic);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _verify_mic);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _wrap);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _unwrap);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _display_status);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _indicate_mechs);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _compare_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _display_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _import_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _release_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _add_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _export_sec_context);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _import_sec_context);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_cred_by_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_names_for_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_context);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _internal_release_oid);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _wrap_size_limit);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _localname);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _authorize_localname);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _export_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _duplicate_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _store_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_sec_context_by_oid);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_cred_by_oid);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _set_sec_context_option);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _set_cred_option);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _mech_invoke);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _wrap_aead);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _unwrap_aead);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _wrap_iov);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _unwrap_iov);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _wrap_iov_length);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _complete_auth_token);
+	/* Services4User (introduced in 1.8) */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _acquire_cred_impersonate_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _add_cred_impersonate_name);
+	/* Naming extensions (introduced in 1.8) */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _display_name_ext);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_name);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _get_name_attribute);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _set_name_attribute);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _delete_name_attribute);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _export_name_composite);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _map_name_to_any);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _release_any_name_mapping);
+	/* RFC 4401 (introduced in 1.8) */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _pseudo_random);
+	/* RFC 4178 (introduced in 1.8; get_neg_mechs not implemented) */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _set_neg_mechs);
+	/* draft-ietf-sasl-gs2 */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_saslname_for_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_mech_for_saslname);
+	/* RFC 5587 */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _inquire_attrs_for_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _acquire_cred_from);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _store_cred_into);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _acquire_cred_with_password);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _export_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _import_cred);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_sec_context_by_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_name_by_mech);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gssspi, _import_cred_by_mech);
+	/* gss_get_mic_iov extensions (added 1.12, implementable 1.20) */
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _get_mic_iov);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _verify_mic_iov);
+	RESOLVE_GSSI_SYMBOL(dl, mech, gss, _get_mic_iov_length);
+
+	mech->mech_type = *mech_type;
+	return mech;
+}
+
+/*
+ * Concatenate an interposer mech OID and a real mech OID to create an
+ * identifier for the interposed mech.  (The concatenation will not be a valid
+ * DER OID encoding, but the OID is only used internally.)
+ */
+static gss_OID
+interposed_oid(gss_OID pre, gss_OID real)
+{
+	gss_OID o;
+
+	o = (gss_OID)malloc(sizeof(gss_OID_desc));
+	if (!o)
+		return NULL;
+
+	o->length = pre->length + real->length;
+	o->elements = malloc(o->length);
+	if (!o->elements) {
+		free(o);
+		return NULL;
+	}
+
+	memcpy(o->elements, pre->elements, pre->length);
+	memcpy((char *)o->elements + pre->length, real->elements,
+	       real->length);
+
+	return o;
+}
+
+static void
+loadInterMech(gss_mech_info minfo)
+{
+	struct plugin_file_handle *dl = NULL;
+	struct errinfo errinfo;
+	gss_OID_set (*isym)(const gss_OID);
+	gss_OID_set list;
+	gss_OID oid;
+	OM_uint32 min;
+	gss_mech_info mi;
+	size_t i;
+
+	memset(&errinfo, 0, sizeof(errinfo));
+
+	if (krb5int_open_plugin(minfo->uLibName, &dl, &errinfo) != 0 ||
+	    errinfo.code != 0) {
+		return;
+	}
+
+	if (krb5int_get_plugin_func(dl, MECH_INTERPOSER_SYM,
+				    (void (**)())&isym, &errinfo) != 0)
+		goto cleanup;
+
+	/* Get a list of mechs to interpose. */
+	list = (*isym)(minfo->mech_type);
+	if (!list)
+		goto cleanup;
+	minfo->mech = build_interMech(dl, minfo->mech_type);
+	if (minfo->mech == NULL)
+		goto cleanup;
+	minfo->freeMech = 1;
+
+	/* Add interposer fields for each interposed mech. */
+	for (i = 0; i < list->count; i++) {
+		/* Skip this mech if it doesn't exist or is already
+		 * interposed. */
+		oid = &list->elements[i];
+		mi = searchMechList(oid);
+		if (mi == NULL || mi->int_mech_type != NULL)
+			continue;
+
+		/* Construct a special OID to represent the interposed mech. */
+		mi->int_mech_type = interposed_oid(minfo->mech_type, oid);
+		if (mi->int_mech_type == NULL)
+			continue;
+
+		/* Save an alias to the interposer's function table. */
+		mi->int_mech = minfo->mech;
+	}
+	(void)gss_release_oid_set(&min, &list);
+
+	minfo->dl_handle = dl;
+	dl = NULL;
+
+cleanup:
+	if (dl != NULL)
+		krb5int_close_plugin(dl);
+	k5_clear_error(&errinfo);
+}
+
+static void
+freeMechList(void)
+{
+	gss_mech_info cf, next_cf;
+
+	for (cf = g_mechList; cf != NULL; cf = next_cf) {
+		next_cf = cf->next;
+		releaseMechInfo(&cf);
+	}
+}
+
+/*
+ * Determine the mechanism to use for a caller-specified mech OID.  For the
+ * real mech OID of an interposed mech, return the interposed OID.  For an
+ * interposed mech OID (which an interposer mech uses when re-entering the
+ * mechglue), return the real mech OID.  The returned OID is an alias and
+ * should not be modified or freed.
+ */
+OM_uint32
+gssint_select_mech_type(OM_uint32 *minor, gss_const_OID oid,
+			gss_OID *selected_oid)
+{
+	gss_mech_info minfo;
+	OM_uint32 status;
+
+	*selected_oid = GSS_C_NO_OID;
+
+	if (gssint_mechglue_initialize_library() != 0)
+		return GSS_S_FAILURE;
+
+	k5_mutex_lock(&g_mechListLock);
+
+	/* Read conf file at least once so that interposer plugins have a
+	 * chance of getting initialized. */
+	initMechList();
+
+	minfo = g_mechList;
+	if (oid == GSS_C_NULL_OID)
+		oid = minfo->mech_type;
+	while (minfo != NULL) {
+		if (g_OID_equal(minfo->mech_type, oid)) {
+			if (minfo->int_mech_type != GSS_C_NO_OID)
+				*selected_oid = minfo->int_mech_type;
+			else
+				*selected_oid = minfo->mech_type;
+			status = GSS_S_COMPLETE;
+			goto done;
+		} else if ((minfo->int_mech_type != GSS_C_NO_OID) &&
+			   (g_OID_equal(minfo->int_mech_type, oid))) {
+			*selected_oid = minfo->mech_type;
+			status = GSS_S_COMPLETE;
+			goto done;
+		}
+		minfo = minfo->next;
+	}
+	status = GSS_S_BAD_MECH;
+
+done:
+	k5_mutex_unlock(&g_mechListLock);
+	return status;
+}
+
+/* If oid is an interposed OID, return the corresponding real mech OID.  If
+ * it's a real mech OID, return it unmodified.  Otherwised return null. */
+gss_OID
+gssint_get_public_oid(gss_const_OID oid)
+{
+	gss_mech_info minfo;
+	gss_OID public_oid = GSS_C_NO_OID;
+
+	/* if oid is null -> then get default which is the first in the list */
+	if (oid == GSS_C_NO_OID)
+		return GSS_C_NO_OID;
+
+	if (gssint_mechglue_initialize_library() != 0)
+		return GSS_C_NO_OID;
+
+	k5_mutex_lock(&g_mechListLock);
+
+	for (minfo = g_mechList; minfo != NULL; minfo = minfo->next) {
+		if (minfo->is_interposer)
+			continue;
+		if (g_OID_equal(minfo->mech_type, oid) ||
+		    ((minfo->int_mech_type != GSS_C_NO_OID) &&
+		     (g_OID_equal(minfo->int_mech_type, oid)))) {
+			public_oid = minfo->mech_type;
+			break;
+		}
+	}
+
+	k5_mutex_unlock(&g_mechListLock);
+	return public_oid;
+}
+
+/* Translate a vector of oids (as from a union cred struct) into a set of
+ * public OIDs using gssint_get_public_oid. */
+OM_uint32
+gssint_make_public_oid_set(OM_uint32 *minor_status, gss_OID oids, int count,
+			   gss_OID_set *public_set)
+{
+	OM_uint32 status, tmpmin;
+	gss_OID_set set;
+	gss_OID public_oid;
+	int i;
+
+	*public_set = GSS_C_NO_OID_SET;
+
+	status = generic_gss_create_empty_oid_set(minor_status, &set);
+	if (GSS_ERROR(status))
+		return status;
+
+	for (i = 0; i < count; i++) {
+		public_oid = gssint_get_public_oid(&oids[i]);
+		if (public_oid == GSS_C_NO_OID)
+			continue;
+		status = generic_gss_add_oid_set_member(minor_status,
+							public_oid, &set);
+		if (GSS_ERROR(status)) {
+			(void) generic_gss_release_oid_set(&tmpmin, &set);
+			return status;
+		}
+	}
+
+	*public_set = set;
+	return GSS_S_COMPLETE;
+}
+
+/*
+ * Register a mechanism.  Called with g_mechListLock held.
+ */
+
+/*
+ * given the mechanism type, return the mechanism structure
+ * containing the mechanism library entry points.
+ * will return NULL if mech type is not found
+ * This function will also trigger the loading of the mechanism
+ * module if it has not been already loaded.
+ */
+gss_mechanism
+gssint_get_mechanism(gss_const_OID oid)
+{
+	gss_mech_info aMech;
+	gss_mechanism (*sym)(const gss_OID);
+	struct plugin_file_handle *dl;
+	struct errinfo errinfo;
+
+	if (gssint_mechglue_initialize_library() != 0)
+		return (NULL);
+
+	k5_mutex_lock(&g_mechListLock);
+
+	/* Check if the mechanism is already loaded. */
+	aMech = g_mechList;
+	if (oid == GSS_C_NULL_OID)
+		oid = aMech->mech_type;
+	while (aMech != NULL) {
+		if (g_OID_equal(aMech->mech_type, oid) && aMech->mech) {
+			k5_mutex_unlock(&g_mechListLock);
+			return aMech->mech;
+		} else if (aMech->int_mech_type != GSS_C_NO_OID &&
+			   g_OID_equal(aMech->int_mech_type, oid)) {
+			k5_mutex_unlock(&g_mechListLock);
+			return aMech->int_mech;
+		}
+		aMech = aMech->next;
+	}
+
+	/*
+	 * might need to re-read the configuration file before loading
+	 * the mechanism to ensure we have the latest info.
+	 */
+	updateMechList();
+
+	aMech = searchMechList(oid);
+
+	/* is the mechanism present in the list ? */
+	if (aMech == NULL) {
+		k5_mutex_unlock(&g_mechListLock);
+		return ((gss_mechanism)NULL);
+	}
+
+	/* has another thread loaded the mech */
+	if (aMech->mech) {
+		k5_mutex_unlock(&g_mechListLock);
+		return (aMech->mech);
+	}
+
+	memset(&errinfo, 0, sizeof(errinfo));
+
+	if (krb5int_open_plugin(aMech->uLibName, &dl, &errinfo) != 0 ||
+	    errinfo.code != 0) {
+		k5_clear_error(&errinfo);
+		k5_mutex_unlock(&g_mechListLock);
+		return ((gss_mechanism)NULL);
+	}
+
+	if (krb5int_get_plugin_func(dl, MECH_SYM, (void (**)())&sym,
+				    &errinfo) == 0) {
+		/* Call the symbol to get the mechanism table */
+		aMech->mech = (*sym)(aMech->mech_type);
+	} else {
+		/* Try dynamic dispatch table */
+		k5_clear_error(&errinfo);
+		aMech->mech = build_dynamicMech(dl, aMech->mech_type);
+		aMech->freeMech = 1;
+	}
+	if (aMech->mech == NULL) {
+		(void) krb5int_close_plugin(dl);
+		k5_mutex_unlock(&g_mechListLock);
+		return ((gss_mechanism)NULL);
+	}
+
+	aMech->dl_handle = dl;
+
+	k5_mutex_unlock(&g_mechListLock);
+	return (aMech->mech);
+} /* gssint_get_mechanism */
+
+/*
+ * this routine is used for searching the list of mechanism data.
+ *
+ * this needs to be called with g_mechListLock held.
+ */
+static gss_mech_info searchMechList(gss_const_OID oid)
+{
+	gss_mech_info aMech = g_mechList;
+
+	/* if oid is null -> then get default which is the first in the list */
+	if (oid == GSS_C_NULL_OID)
+		return (aMech);
+
+	while (aMech != NULL) {
+		if (g_OID_equal(aMech->mech_type, oid))
+			return (aMech);
+		aMech = aMech->next;
+	}
+
+	/* none found */
+	return ((gss_mech_info) NULL);
+} /* searchMechList */
+
+/* Return the first non-whitespace character starting from str. */
+static char *
+skip_whitespace(char *str)
+{
+	while (isspace(*str))
+		str++;
+	return str;
+}
+
+/* Truncate str at the first whitespace character and return the first
+ * non-whitespace character after that point. */
+static char *
+delimit_ws(char *str)
+{
+	while (*str != '\0' && !isspace(*str))
+		str++;
+	if (*str != '\0')
+		*str++ = '\0';
+	return skip_whitespace(str);
+}
+
+/* Truncate str at the first occurrence of delimiter and return the first
+ * non-whitespace character after that point. */
+static char *
+delimit(char *str, char delimiter)
+{
+	while (*str != '\0' && *str != delimiter)
+		str++;
+	if (*str != '\0')
+		*str++ = '\0';
+	return skip_whitespace(str);
+}
+
+/*
+ * loads the configuration file
+ * this is called while having a mutex lock on the mechanism list
+ * entries for libraries that have been loaded can't be modified
+ * mechNameStr and mech_type fields are not updated during updates
+ */
+static void
+loadConfigFile(const char *fileName)
+{
+	char *sharedLib, *kernMod, *modOptions, *modType, *oid, *next;
+	char buffer[BUFSIZ], *oidStr;
+	FILE *confFile;
+
+	if ((confFile = fopen(fileName, "r")) == NULL) {
+		return;
+	}
+
+	(void) memset(buffer, 0, sizeof (buffer));
+	while (fgets(buffer, BUFSIZ, confFile) != NULL) {
+
+		/* ignore lines beginning with # */
+		if (*buffer == '#')
+			continue;
+
+		/* Parse out the name, oid, and shared library path. */
+		oidStr = buffer;
+		oid = delimit_ws(oidStr);
+		if (*oid == '\0')
+			continue;
+		sharedLib = delimit_ws(oid);
+		if (*sharedLib == '\0')
+			continue;
+		next = delimit_ws(sharedLib);
+
+		/* Parse out the kernel module name if present. */
+		if (*next != '\0' && *next != '[' && *next != '<') {
+			kernMod = next;
+			next = delimit_ws(kernMod);
+		} else {
+			kernMod = NULL;
+		}
+
+		/* Parse out the module options if present. */
+		if (*next == '[') {
+			modOptions = next + 1;
+			next = delimit(modOptions, ']');
+		} else {
+			modOptions = NULL;
+		}
+
+		/* Parse out the module type if present. */
+		if (*next == '<') {
+			modType = next + 1;
+			(void)delimit(modType, '>');
+		} else {
+			modType = NULL;
+		}
+
+		addConfigEntry(oidStr, oid, sharedLib, kernMod, modOptions,
+			       modType);
+	} /* while */
+	(void) fclose(confFile);
+} /* loadConfigFile */
+
+#if defined(_WIN32)
+
+static time_t
+filetimeToTimet(const FILETIME *ft)
+{
+	ULARGE_INTEGER ull;
+
+	ull.LowPart = ft->dwLowDateTime;
+	ull.HighPart = ft->dwHighDateTime;
+	return (time_t)(ull.QuadPart / 10000000ULL - 11644473600ULL);
+}
+
+static time_t
+getRegConfigModTime(const char *keyPath)
+{
+	time_t currentUserModTime = getRegKeyModTime(HKEY_CURRENT_USER,
+						     keyPath);
+	time_t localMachineModTime = getRegKeyModTime(HKEY_LOCAL_MACHINE,
+						      keyPath);
+
+	return currentUserModTime > localMachineModTime ? currentUserModTime :
+		localMachineModTime;
+}
+
+static time_t
+getRegKeyModTime(HKEY hBaseKey, const char *keyPath)
+{
+	HKEY hConfigKey;
+	HRESULT rc;
+	int iSubKey = 0;
+	time_t modTime = 0, keyModTime;
+	FILETIME keyLastWriteTime;
+	char subKeyName[256];
+
+	if ((rc = RegOpenKeyEx(hBaseKey, keyPath, 0, KEY_ENUMERATE_SUB_KEYS,
+			       &hConfigKey)) != ERROR_SUCCESS) {
+		/* TODO: log error message */
+		return 0;
+	}
+	do {
+		int subKeyNameSize=sizeof(subKeyName)/sizeof(subKeyName[0]);
+		if ((rc = RegEnumKeyEx(hConfigKey, iSubKey++, subKeyName,
+				       &subKeyNameSize, NULL, NULL, NULL,
+				       &keyLastWriteTime)) != ERROR_SUCCESS) {
+			break;
+		}
+		keyModTime = filetimeToTimet(&keyLastWriteTime);
+		if (modTime < keyModTime) {
+			modTime = keyModTime;
+		}
+	} while (1);
+	RegCloseKey(hConfigKey);
+	return modTime;
+}
+
+static void
+getRegKeyValue(HKEY hKey, const char *keyPath, const char *valueName,
+	       void **data, DWORD* dataLen)
+{
+	DWORD sizeRequired=*dataLen;
+	HRESULT hr;
+	/* Get data length required */
+	if ((hr = RegGetValue(hKey, keyPath, valueName, RRF_RT_REG_SZ, NULL,
+			      NULL, &sizeRequired)) != ERROR_SUCCESS) {
+		/* TODO: LOG registry error */
+		return;
+	}
+	/* adjust data buffer size if necessary */
+	if (*dataLen < sizeRequired) {
+		*dataLen = sizeRequired;
+		*data = realloc(*data, sizeRequired);
+		if (!*data) {
+			*dataLen = 0;
+			/* TODO: LOG OOM ERROR! */
+			return;
+		}
+	}
+	/* get data */
+	if ((hr = RegGetValue(hKey, keyPath, valueName, RRF_RT_REG_SZ, NULL,
+			      *data, &sizeRequired)) != ERROR_SUCCESS) {
+		/* LOG registry error */
+		return;
+	}
+}
+
+static void
+loadConfigFromRegistry(HKEY hBaseKey, const char *keyPath)
+{
+	HKEY hConfigKey;
+	DWORD iSubKey, nSubKeys, maxSubKeyNameLen, modTypeLen;
+	char *oidStr = NULL, *oid = NULL, *sharedLib = NULL, *kernMod = NULL;
+	char *modOptions = NULL, *modType = NULL;
+	DWORD oidStrLen = 0, oidLen = 0, sharedLibLen = 0, kernModLen = 0;
+	DWORD modOptionsLen = 0;
+	HRESULT rc;
+
+	if ((rc = RegOpenKeyEx(hBaseKey, keyPath, 0,
+			       KEY_ENUMERATE_SUB_KEYS|KEY_QUERY_VALUE,
+			       &hConfigKey)) != ERROR_SUCCESS) {
+		/* TODO: log registry error */
+		return;
+	}
+
+	if ((rc = RegQueryInfoKey(hConfigKey,
+		NULL, /* lpClass */
+		NULL, /* lpcClass */
+		NULL, /* lpReserved */
+		&nSubKeys,
+		&maxSubKeyNameLen,
+		NULL, /* lpcMaxClassLen */
+		NULL, /* lpcValues */
+		NULL, /* lpcMaxValueNameLen */
+		NULL, /* lpcMaxValueLen */
+		NULL, /* lpcbSecurityDescriptor */
+		NULL  /* lpftLastWriteTime */ )) != ERROR_SUCCESS) {
+		goto cleanup;
+	}
+	oidStr = malloc(++maxSubKeyNameLen);
+	if (!oidStr) {
+		goto cleanup;
+	}
+	for (iSubKey=0; iSubKey<nSubKeys; iSubKey++) {
+		oidStrLen = maxSubKeyNameLen;
+		if ((rc = RegEnumKeyEx(hConfigKey, iSubKey, oidStr, &oidStrLen,
+				       NULL, NULL, NULL, NULL)) !=
+		    ERROR_SUCCESS) {
+			/* TODO: log registry error */
+			continue;
+		}
+		getRegKeyValue(hConfigKey, oidStr, "OID", &oid, &oidLen);
+		getRegKeyValue(hConfigKey, oidStr, "Shared Library",
+			       &sharedLib, &sharedLibLen);
+		getRegKeyValue(hConfigKey, oidStr, "Kernel Module", &kernMod,
+			       &kernModLen);
+		getRegKeyValue(hConfigKey, oidStr, "Options", &modOptions,
+			       &modOptionsLen);
+		getRegKeyValue(hConfigKey, oidStr, "Type", &modType,
+			       &modTypeLen);
+		addConfigEntry(oidStr, oid, sharedLib, kernMod, modOptions,
+			       modType);
+	}
+cleanup:
+	RegCloseKey(hConfigKey);
+	if (oidStr) {
+		free(oidStr);
+	}
+	if (oid) {
+		free(oid);
+	}
+	if (sharedLib) {
+		free(sharedLib);
+	}
+	if (kernMod) {
+		free(kernMod);
+	}
+	if (modOptions) {
+		free(modOptions);
+	}
+}
+#endif
+
+static void
+addConfigEntry(const char *oidStr, const char *oid, const char *sharedLib,
+	       const char *kernMod, const char *modOptions,
+	       const char *modType)
+{
+#if defined(_WIN32)
+	const char *sharedPath;
+#else
+	char sharedPath[sizeof (MECH_LIB_PREFIX) + BUFSIZ];
+#endif
+	char *tmpStr;
+	gss_OID mechOid;
+	gss_mech_info aMech, tmp;
+	OM_uint32 minor;
+	gss_buffer_desc oidBuf;
+
+	if ((!oid) || (!oidStr)) {
+		return;
+	}
+	/*
+	 * check if an entry for this oid already exists
+	 * if it does, and the library is already loaded then
+	 * we can't modify it, so skip it
+	 */
+	oidBuf.value = (void *)oid;
+	oidBuf.length = strlen(oid);
+	if (generic_gss_str_to_oid(&minor, &oidBuf, &mechOid)
+		!= GSS_S_COMPLETE) {
+		return;
+	}
+
+	aMech = searchMechList(mechOid);
+	if (aMech && aMech->mech) {
+		generic_gss_release_oid(&minor, &mechOid);
+		return;
+	}
+
+	/*
+	 * If that's all, then this is a corrupt entry. Skip it.
+	 */
+	if (! *sharedLib) {
+		generic_gss_release_oid(&minor, &mechOid);
+		return;
+	}
+#if defined(_WIN32)
+	sharedPath = sharedLib;
+#else
+	if (sharedLib[0] == '/')
+		snprintf(sharedPath, sizeof(sharedPath), "%s", sharedLib);
+	else
+		snprintf(sharedPath, sizeof(sharedPath), "%s%s",
+			 MECH_LIB_PREFIX, sharedLib);
+#endif
+	/*
+	 * are we creating a new mechanism entry or
+	 * just modifying existing (non loaded) mechanism entry
+	 */
+	if (aMech) {
+		/*
+		 * delete any old values and set new
+		 * mechNameStr and mech_type are not modified
+		 */
+		if (aMech->kmodName) {
+			free(aMech->kmodName);
+			aMech->kmodName = NULL;
+		}
+
+		if (aMech->optionStr) {
+			free(aMech->optionStr);
+			aMech->optionStr = NULL;
+		}
+
+		if ((tmpStr = strdup(sharedPath)) != NULL) {
+			if (aMech->uLibName)
+				free(aMech->uLibName);
+			aMech->uLibName = tmpStr;
+		}
+
+		if (kernMod) /* this is an optional parameter */
+			aMech->kmodName = strdup(kernMod);
+
+		if (modOptions) /* optional module options */
+			aMech->optionStr = strdup(modOptions);
+
+		/* the oid is already set */
+		generic_gss_release_oid(&minor, &mechOid);
+		return;
+	}
+
+	/* adding a new entry */
+	aMech = calloc(1, sizeof (struct gss_mech_config));
+	if (aMech == NULL) {
+		generic_gss_release_oid(&minor, &mechOid);
+		return;
+	}
+	aMech->mech_type = mechOid;
+	aMech->uLibName = strdup(sharedPath);
+	aMech->mechNameStr = strdup(oidStr);
+	aMech->freeMech = 0;
+
+	/* check if any memory allocations failed - bad news */
+	if (aMech->uLibName == NULL || aMech->mechNameStr == NULL) {
+		if (aMech->uLibName)
+			free(aMech->uLibName);
+		if (aMech->mechNameStr)
+			free(aMech->mechNameStr);
+		generic_gss_release_oid(&minor, &mechOid);
+		free(aMech);
+		return;
+	}
+	if (kernMod)	/* this is an optional parameter */
+		aMech->kmodName = strdup(kernMod);
+
+	if (modOptions)
+		aMech->optionStr = strdup(modOptions);
+
+	if (modType && strcmp(modType, "interposer") == 0)
+		aMech->is_interposer = 1;
+
+	/*
+	 * add the new entry to the end of the list - make sure
+	 * that only complete entries are added because other
+	 * threads might currently be searching the list.
+	 */
+	tmp = g_mechListTail;
+	g_mechListTail = aMech;
+
+	if (tmp != NULL)
+		tmp->next = aMech;
+
+	if (g_mechList == NULL)
+		g_mechList = aMech;
+}
+
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_context.c
new file mode 100644
index 00000000..6c0d98dd
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_context.c
@@ -0,0 +1,170 @@
+/* #pragma ident	"@(#)g_inquire_context.c	1.15	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_inquire_context
+ */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+static OM_uint32
+val_inq_ctx_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    gss_name_t *src_name,
+    gss_name_t *targ_name,
+    OM_uint32 *lifetime_rec,
+    gss_OID *mech_type,
+    OM_uint32 *ctx_flags,
+    int *locally_initiated,
+    int *opened)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (src_name != NULL)
+	*src_name = GSS_C_NO_NAME;
+
+    if (targ_name != NULL)
+	*targ_name = GSS_C_NO_NAME;
+
+    if (mech_type != NULL)
+	*mech_type = GSS_C_NO_OID;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+/* Last argument new for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_context(
+	    OM_uint32 *minor_status,
+	    gss_ctx_id_t context_handle,
+	    gss_name_t *src_name,
+	    gss_name_t *targ_name,
+	    OM_uint32 *lifetime_rec,
+	    gss_OID *mech_type,
+	    OM_uint32 *ctx_flags,
+	    int *locally_initiated,
+	    int *opened)
+{
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+    OM_uint32		status, temp_minor;
+    gss_OID		actual_mech;
+    gss_name_t localTargName = NULL, localSourceName = NULL;
+
+    status = val_inq_ctx_args(minor_status,
+			      context_handle,
+			      src_name, targ_name,
+			      lifetime_rec,
+			      mech_type, ctx_flags,
+			      locally_initiated, opened);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (!mech || !mech->gss_inquire_context || !mech->gss_display_name ||
+	!mech->gss_release_name) {
+	return (GSS_S_UNAVAILABLE);
+    }
+
+    status = mech->gss_inquire_context(
+			minor_status,
+			ctx->internal_ctx_id,
+			(src_name ? &localSourceName : NULL),
+			(targ_name ? &localTargName : NULL),
+			lifetime_rec,
+			&actual_mech,
+			ctx_flags,
+			locally_initiated,
+			opened);
+
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	return status;
+    }
+
+    /* need to convert names */
+
+    if (src_name) {
+	if (localSourceName) {
+	    status = gssint_convert_name_to_union_name(minor_status, mech,
+						      localSourceName, src_name);
+
+	    if (status != GSS_S_COMPLETE) {
+		if (localTargName)
+		    mech->gss_release_name(&temp_minor, &localTargName);
+		return (status);
+	    }
+	} else {
+	    *src_name = GSS_C_NO_NAME;
+	}
+    }
+
+    if (targ_name) {
+        if (localTargName) {
+	    status = gssint_convert_name_to_union_name(minor_status, mech,
+						      localTargName, targ_name);
+
+	    if (status != GSS_S_COMPLETE) {
+		if (src_name)
+		    (void) gss_release_name(&temp_minor, src_name);
+
+		return (status);
+	    }
+        }
+        else {
+            *targ_name = GSS_C_NO_NAME;
+        }
+    }
+
+    if (mech_type)
+	*mech_type = gssint_get_public_oid(actual_mech);
+
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_context_oid.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_context_oid.c
new file mode 100644
index 00000000..d375cfc7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_context_oid.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_inquire_sec_context_by_oid */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
+	                        const gss_ctx_id_t context_handle,
+	                        const gss_OID desired_object,
+	                        gss_buffer_set_t *data_set)
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (data_set != NULL)
+	*data_set = GSS_C_NO_BUFFER_SET;
+
+    if (minor_status == NULL || data_set == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech != NULL) {
+	if (mech->gss_inquire_sec_context_by_oid != NULL) {
+	    status = mech->gss_inquire_sec_context_by_oid(minor_status,
+							  ctx->internal_ctx_id,
+							  desired_object,
+							  data_set);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return status;
+    }
+
+    return GSS_S_BAD_MECH;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_cred.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_cred.c
new file mode 100644
index 00000000..4ed7774f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -0,0 +1,230 @@
+/* #pragma ident	"@(#)g_inquire_cred.c	1.16	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_inquire_cred
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <time.h>
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred(minor_status,
+                 cred_handle,
+                 name,
+                 lifetime,
+		 cred_usage,
+                 mechanisms)
+
+OM_uint32 *		minor_status;
+gss_cred_id_t 		cred_handle;
+gss_name_t *		name;
+OM_uint32 *		lifetime;
+int *			cred_usage;
+gss_OID_set *		mechanisms;
+
+{
+    OM_uint32		status, temp_minor_status;
+    gss_union_cred_t	union_cred;
+    gss_mechanism	mech;
+    gss_cred_id_t	mech_cred;
+    gss_name_t		mech_name;
+    gss_OID_set		mechs = NULL;
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (name != NULL)
+	*name = GSS_C_NO_NAME;
+
+    if (mechanisms != NULL)
+	*mechanisms = GSS_C_NO_OID_SET;
+
+    /* Validate arguments. */
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /*
+     * XXX We should iterate over all mechanisms in the credential and
+     * aggregate the results.  This requires a union name structure containing
+     * multiple mechanism names, which we don't currently have.  For now,
+     * inquire the first mechanism in the credential; this is consistent with
+     * our historical behavior.
+     */
+
+    /* Determine mechanism and mechanism credential. */
+    if (cred_handle != GSS_C_NO_CREDENTIAL) {
+	union_cred = (gss_union_cred_t) cred_handle;
+	if (union_cred->count <= 0)
+	    return (GSS_S_DEFECTIVE_CREDENTIAL);
+	mech_cred = union_cred->cred_array[0];
+	mech = gssint_get_mechanism(&union_cred->mechs_array[0]);
+    } else {
+	union_cred = NULL;
+	mech_cred = GSS_C_NO_CREDENTIAL;
+	mech = gssint_get_mechanism(GSS_C_NULL_OID);
+    }
+
+    /* Skip the call into the mech if the caller doesn't care about any of the
+     * values we would ask for. */
+    if (name != NULL || lifetime != NULL || cred_usage != NULL) {
+	if (mech == NULL)
+	    return (GSS_S_DEFECTIVE_CREDENTIAL);
+	if (!mech->gss_inquire_cred)
+	    return (GSS_S_UNAVAILABLE);
+
+	status = mech->gss_inquire_cred(minor_status, mech_cred,
+					name ? &mech_name : NULL,
+					lifetime, cred_usage, NULL);
+	if (status != GSS_S_COMPLETE) {
+	    map_error(minor_status, mech);
+	    return(status);
+	}
+
+	if (name) {
+	    /* Convert mech_name into a union_name equivalent. */
+	    status = gssint_convert_name_to_union_name(&temp_minor_status,
+						       mech, mech_name, name);
+	    if (status != GSS_S_COMPLETE) {
+		*minor_status = temp_minor_status;
+		map_error(minor_status, mech);
+		return (status);
+	    }
+	}
+    }
+
+    /*
+     * copy the mechanism set in union_cred into an OID set and return in
+     * the mechanisms parameter.
+     */
+
+    if(mechanisms != NULL) {
+	if (union_cred) {
+	    status = gssint_make_public_oid_set(minor_status,
+						union_cred->mechs_array,
+						union_cred->count, &mechs);
+	    if (GSS_ERROR(status))
+		goto error;
+	} else {
+	    status = gss_create_empty_oid_set(minor_status, &mechs);
+	    if (GSS_ERROR(status))
+		goto error;
+
+	    status = gss_add_oid_set_member(minor_status,
+					    &mech->mech_type, &mechs);
+	    if (GSS_ERROR(status))
+		goto error;
+	}
+	*mechanisms = mechs;
+    }
+
+    return(GSS_S_COMPLETE);
+
+error:
+    if (mechs != NULL)
+	(void) gss_release_oid_set(&temp_minor_status, &mechs);
+
+    if (name && *name != NULL)
+	(void) gss_release_name(&temp_minor_status, name);
+
+    return (status);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
+			 initiator_lifetime, acceptor_lifetime, cred_usage)
+    OM_uint32		*minor_status;
+    gss_cred_id_t	cred_handle;
+    gss_OID		mech_type;
+    gss_name_t		*name;
+    OM_uint32		*initiator_lifetime;
+    OM_uint32		*acceptor_lifetime;
+    gss_cred_usage_t *cred_usage;
+{
+    gss_union_cred_t	union_cred;
+    gss_cred_id_t	mech_cred;
+    gss_mechanism	mech;
+    OM_uint32		status, temp_minor_status;
+    gss_name_t		internal_name;
+    gss_OID		selected_mech, public_mech;
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (name != NULL)
+	*name = GSS_C_NO_NAME;
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    status = gssint_select_mech_type(minor_status, mech_type, &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (!mech)
+	return (GSS_S_BAD_MECH);
+    if (!mech->gss_inquire_cred_by_mech)
+	return (GSS_S_BAD_BINDINGS);
+
+    union_cred = (gss_union_cred_t) cred_handle;
+    mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
+    if (cred_handle != GSS_C_NO_CREDENTIAL && mech_cred == GSS_C_NO_CREDENTIAL)
+	return (GSS_S_NO_CRED);
+
+    public_mech = gssint_get_public_oid(selected_mech);
+    status = mech->gss_inquire_cred_by_mech(minor_status,
+					    mech_cred, public_mech,
+					    name ? &internal_name : NULL,
+					    initiator_lifetime,
+					    acceptor_lifetime, cred_usage);
+
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	return (status);
+    }
+
+    if (name) {
+	/*
+	 * Convert internal_name into a union_name equivalent.
+	 */
+	status = gssint_convert_name_to_union_name(
+	    &temp_minor_status, mech,
+	    internal_name, name);
+	if (status != GSS_S_COMPLETE) {
+	    *minor_status = temp_minor_status;
+	    map_error(minor_status, mech);
+	    return (status);
+	}
+    }
+
+    return (GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_cred_oid.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_cred_oid.c
new file mode 100644
index 00000000..6d8594d1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_cred_oid.c
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_inquire_cred_by_oid */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <time.h>
+
+static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status,
+				      gss_buffer_set_t *dst,
+				      const gss_buffer_set_t src)
+{
+    size_t i;
+    OM_uint32 status;
+
+    if (src == GSS_C_NO_BUFFER_SET)
+	return GSS_S_COMPLETE;
+
+    if (*dst == GSS_C_NO_BUFFER_SET) {
+	status = gss_create_empty_buffer_set(minor_status, dst);
+	if (status != GSS_S_COMPLETE)
+	    return status;
+    }
+
+    status = GSS_S_COMPLETE;
+
+    for (i = 0; i < src->count; i++) {
+	status = gss_add_buffer_set_member(minor_status,
+					   &src->elements[i],
+					   dst);
+	if (status != GSS_S_COMPLETE)
+	    break;
+    }
+
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_cred_by_oid(OM_uint32 *minor_status,
+	                const gss_cred_id_t cred_handle,
+	                const gss_OID desired_object,
+	                gss_buffer_set_t *data_set)
+{
+    gss_union_cred_t	union_cred;
+    gss_mechanism	mech;
+    int			i;
+    gss_buffer_set_t	union_set = GSS_C_NO_BUFFER_SET;
+    gss_buffer_set_t	ret_set = GSS_C_NO_BUFFER_SET;
+    OM_uint32		status, minor;
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (data_set != NULL)
+	*data_set = GSS_C_NO_BUFFER_SET;
+
+    if (minor_status == NULL || data_set == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (cred_handle == GSS_C_NO_CREDENTIAL)
+	return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED;
+
+    if (desired_object == GSS_C_NO_OID)
+	return GSS_S_CALL_INACCESSIBLE_READ;
+
+    union_cred = (gss_union_cred_t) cred_handle;
+
+    status = GSS_S_UNAVAILABLE;
+
+    for (i = 0; i < union_cred->count; i++) {
+	mech = gssint_get_mechanism(&union_cred->mechs_array[i]);
+	if (mech == NULL) {
+	    status = GSS_S_BAD_MECH;
+	    break;
+	}
+
+	if (mech->gss_inquire_cred_by_oid == NULL) {
+	    status = GSS_S_UNAVAILABLE;
+	    continue;
+	}
+
+	status = (mech->gss_inquire_cred_by_oid)(minor_status,
+						 union_cred->cred_array[i],
+						 desired_object,
+						 &ret_set);
+	if (status != GSS_S_COMPLETE) {
+	    map_error(minor_status, mech);
+	    continue;
+	}
+
+	if (union_cred->count == 1) {
+	    union_set = ret_set;
+	    break;
+	}
+
+	status = append_to_buffer_set(minor_status, &union_set, ret_set);
+	gss_release_buffer_set(&minor, &ret_set);
+	if (status != GSS_S_COMPLETE)
+	    break;
+    }
+
+    if (status != GSS_S_COMPLETE)
+	gss_release_buffer_set(&minor, &union_set);
+
+    *data_set = union_set;
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_name.c
new file mode 100644
index 00000000..cd1cbe5d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_name.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_inquire_name */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_name(OM_uint32 *minor_status,
+                 gss_name_t name,
+                 int *name_is_MN,
+                 gss_OID *MN_mech,
+                 gss_buffer_set_t *attrs)
+{
+    OM_uint32           status, tmp;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (MN_mech != NULL)
+        *MN_mech = GSS_C_NO_OID;
+
+    if (attrs != NULL)
+        *attrs = GSS_C_NO_BUFFER_SET;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID) {
+        /* We don't yet support non-mechanism attributes */
+        if (name_is_MN != NULL)
+            *name_is_MN = 0;
+        *minor_status = 0;
+        return GSS_S_COMPLETE;
+    }
+
+    if (name_is_MN != NULL)
+        *name_is_MN = 1;
+
+    if (MN_mech != NULL) {
+        status = generic_gss_copy_oid(minor_status,
+                                      union_name->mech_type,
+                                      MN_mech);
+        if (GSS_ERROR(status))
+            return status;
+    }
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL) {
+        gss_release_oid(&tmp, MN_mech);
+        return GSS_S_BAD_NAME;
+    }
+
+    if (mech->gss_inquire_name == NULL) {
+        gss_release_oid(&tmp, MN_mech);
+        return GSS_S_UNAVAILABLE;
+    }
+
+    status = (*mech->gss_inquire_name)(minor_status,
+                                       union_name->mech_name,
+                                       NULL,
+                                       NULL,
+                                       attrs);
+    if (status != GSS_S_COMPLETE) {
+        generic_gss_release_oid(&tmp, MN_mech);
+        map_error(minor_status, mech);
+    }
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_names.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_names.c
new file mode 100644
index 00000000..d22af8bc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_inq_names.c
@@ -0,0 +1,168 @@
+/* #pragma ident	"@(#)g_inquire_names.c	1.16	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_inquire_context
+ */
+
+#include "mglueP.h"
+
+#define	MAX_MECH_OID_PAIRS 32
+
+/* Last argument new for V2 */
+OM_uint32 KRB5_CALLCONV
+gss_inquire_names_for_mech(minor_status, mechanism, name_types)
+
+OM_uint32 *	minor_status;
+gss_OID 	mechanism;
+gss_OID_set *	name_types;
+
+{
+    OM_uint32		status;
+    gss_OID		selected_mech = GSS_C_NO_OID, public_mech;
+    gss_mechanism	mech;
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (name_types != NULL)
+	*name_types = GSS_C_NO_OID_SET;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (name_types == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    status = gssint_select_mech_type(minor_status, mechanism,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    else if (mech->gss_inquire_names_for_mech == NULL)
+	return GSS_S_UNAVAILABLE;
+    public_mech = gssint_get_public_oid(selected_mech);
+    status = mech->gss_inquire_names_for_mech(minor_status, public_mech,
+					      name_types);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
+
+    return status;
+}
+
+static OM_uint32
+val_inq_mechs4name_args(
+    OM_uint32 *minor_status,
+    const gss_name_t input_name,
+    gss_OID_set *mech_set)
+{
+
+    /* Initialize outputs. */
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (mech_set != NULL)
+	*mech_set = GSS_C_NO_OID_SET;
+
+    /* Validate arguments.e
+ */
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (input_name == GSS_C_NO_NAME)
+	return (GSS_S_BAD_NAME);
+
+    return (GSS_S_COMPLETE);
+}
+
+static int
+mech_supports_nametype(gss_OID mech_oid, gss_OID name_type)
+{
+    OM_uint32		status, minor;
+    gss_OID_set		types = GSS_C_NO_OID_SET;
+    int 		present;
+
+    status = gss_inquire_names_for_mech(&minor, mech_oid, &types);
+    if (status != GSS_S_COMPLETE)
+	return (0);
+    status = gss_test_oid_set_member(&minor, name_type, types, &present);
+    (void) gss_release_oid_set(&minor, &types);
+    return (status == GSS_S_COMPLETE && present);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_mechs_for_name(OM_uint32 *minor_status,
+			   const gss_name_t input_name, gss_OID_set *mech_set)
+{
+    OM_uint32		status, tmpmin;
+    gss_OID_set		all_mechs = GSS_C_NO_OID_SET;
+    gss_OID_set		mechs = GSS_C_NO_OID_SET;
+    gss_OID 		mech_oid, name_type;
+    gss_buffer_desc	name_buffer = GSS_C_EMPTY_BUFFER;
+    size_t		i;
+
+    status = val_inq_mechs4name_args(minor_status, input_name, mech_set);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    status = gss_display_name(minor_status, input_name, &name_buffer,
+			      &name_type);
+    if (status != GSS_S_COMPLETE)
+	goto cleanup;
+    status = gss_indicate_mechs(minor_status, &all_mechs);
+    if (status != GSS_S_COMPLETE)
+	goto cleanup;
+    status = gss_create_empty_oid_set(minor_status, &mechs);
+    if (status != GSS_S_COMPLETE)
+	goto cleanup;
+    for (i = 0; i < all_mechs->count; i++) {
+	mech_oid = &all_mechs->elements[i];
+	if (mech_supports_nametype(mech_oid, name_type)) {
+	    status = gss_add_oid_set_member(minor_status, mech_oid, &mechs);
+	    if (status != GSS_S_COMPLETE)
+		goto cleanup;
+	}
+    }
+
+    *mech_set = mechs;
+    mechs = GSS_C_NO_OID_SET;
+
+cleanup:
+    (void) gss_release_buffer(&tmpmin, &name_buffer);
+    (void) gss_release_oid_set(&tmpmin, &all_mechs);
+    (void) gss_release_oid_set(&tmpmin, &mechs);
+    return (status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_map_name_to_any.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_map_name_to_any.c
new file mode 100644
index 00000000..0e5490be
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_map_name_to_any.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_map_name_to_any */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_map_name_to_any(OM_uint32 *minor_status,
+                    gss_name_t name,
+                    int authenticated,
+                    gss_buffer_t type_id,
+                    gss_any_t *output)
+{
+    OM_uint32           status;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (output != NULL)
+        *output = NULL;
+
+    if (minor_status == NULL || output == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    if (type_id == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID)
+        return GSS_S_UNAVAILABLE;
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL)
+        return GSS_S_BAD_NAME;
+
+    if (mech->gss_map_name_to_any == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = (*mech->gss_map_name_to_any)(minor_status,
+                                          union_name->mech_name,
+                                          authenticated,
+                                          type_id,
+                                          output);
+    if (status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_mech_invoke.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_mech_invoke.c
new file mode 100644
index 00000000..0647cda9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_mech_invoke.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gssspi_mech_invoke */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+OM_uint32 KRB5_CALLCONV
+gssspi_mech_invoke (OM_uint32 *minor_status,
+		    const gss_OID desired_mech,
+		    const gss_OID desired_object,
+		    gss_buffer_t value)
+{
+    OM_uint32		status;
+    gss_OID		selected_mech = GSS_C_NO_OID;
+    gss_mechanism	mech;
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    status = gssint_select_mech_type(minor_status, desired_mech,
+				     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL || mech->gssspi_mech_invoke == NULL) {
+	return GSS_S_BAD_MECH;
+    }
+
+    status = mech->gssspi_mech_invoke(minor_status,
+				      gssint_get_public_oid(selected_mech),
+				      desired_object,
+				      value);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_mechattr.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_mechattr.c
new file mode 100644
index 00000000..5d3e3f18
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_mechattr.c
@@ -0,0 +1,222 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/mechglue/g_mechattr.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "mglueP.h"
+
+static int
+testMechAttr(gss_const_OID attr,
+             gss_const_OID_set against)
+{
+    int present = 0;
+    OM_uint32 minor;
+
+    if (GSS_ERROR(generic_gss_test_oid_set_member(&minor, attr,
+                                                  (gss_OID_set)against,
+                                                  &present)))
+        return 0;
+
+    return present;
+}
+
+/*
+ * Return TRUE iff all the elements of desired and none of the elements
+ * of except exist in available.
+ */
+static int
+testMechAttrsOffered(gss_const_OID_set desired,
+                     gss_const_OID_set except,
+                     gss_const_OID_set available)
+{
+    size_t i;
+
+    if (desired != GSS_C_NO_OID_SET) {
+        for (i = 0; i < desired->count; i++) {
+            if (!testMechAttr(&desired->elements[i], available))
+                return 0;
+        }
+    }
+
+    if (except != GSS_C_NO_OID_SET) {
+        for (i = 0; i < except->count; i++) {
+            if (testMechAttr(&except->elements[i], available))
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Return TRUE iff all the elements of critical exist in known.
+ */
+static int
+testMechAttrsKnown(gss_const_OID_set critical,
+                   gss_const_OID_set known)
+{
+    size_t i;
+
+    if (critical != GSS_C_NO_OID_SET) {
+        for (i = 0; i < critical->count; i++) {
+            if (!testMechAttr(&critical->elements[i], known))
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_indicate_mechs_by_attrs(
+    OM_uint32         *minor,
+    gss_const_OID_set  desired_mech_attrs,
+    gss_const_OID_set  except_mech_attrs,
+    gss_const_OID_set  critical_mech_attrs,
+    gss_OID_set       *mechs)
+{
+    OM_uint32       status, tmpMinor;
+    gss_OID_set     allMechs = GSS_C_NO_OID_SET;
+    size_t          i;
+
+    if (minor != NULL)
+        *minor = 0;
+
+    if (mechs != NULL)
+        *mechs = GSS_C_NO_OID_SET;
+
+    if (minor == NULL || mechs == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    status = gss_indicate_mechs(minor, &allMechs);
+    if (GSS_ERROR(status))
+        goto cleanup;
+
+    status = generic_gss_create_empty_oid_set(minor, mechs);
+    if (GSS_ERROR(status))
+        goto cleanup;
+
+    for (i = 0; i < allMechs->count; i++) {
+        gss_OID_set supportedAttrs = GSS_C_NO_OID_SET;
+        gss_OID_set knownAttrs = GSS_C_NO_OID_SET;
+
+        status = gss_inquire_attrs_for_mech(minor, &allMechs->elements[i],
+                                            &supportedAttrs, &knownAttrs);
+        if (GSS_ERROR(status))
+            continue;
+
+        if (testMechAttrsOffered(desired_mech_attrs,
+                                 except_mech_attrs, supportedAttrs) &&
+            testMechAttrsKnown(critical_mech_attrs, knownAttrs)) {
+            status = gss_add_oid_set_member(minor, &allMechs->elements[i],
+                                            mechs);
+            if (GSS_ERROR(status)) {
+                gss_release_oid_set(&tmpMinor, &supportedAttrs);
+                gss_release_oid_set(&tmpMinor, &knownAttrs);
+                goto cleanup;
+            }
+        }
+
+        gss_release_oid_set(&tmpMinor, &supportedAttrs);
+        gss_release_oid_set(&tmpMinor, &knownAttrs);
+    }
+
+    *minor = 0;
+    status = GSS_S_COMPLETE;
+
+cleanup:
+    gss_release_oid_set(&tmpMinor, &allMechs);
+
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_attrs_for_mech(
+    OM_uint32         *minor,
+    gss_const_OID      mech_oid,
+    gss_OID_set       *mech_attrs,
+    gss_OID_set       *known_mech_attrs)
+{
+    OM_uint32       status, tmpMinor;
+    gss_OID         selected_mech, public_mech;
+    gss_mechanism   mech;
+
+    if (minor != NULL)
+        *minor = 0;
+
+    if (mech_attrs != NULL)
+        *mech_attrs = GSS_C_NO_OID_SET;
+
+    if (known_mech_attrs != NULL)
+        *known_mech_attrs = GSS_C_NO_OID_SET;
+
+    if (minor == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    status = gssint_select_mech_type(minor, mech_oid, &selected_mech);
+    if (status != GSS_S_COMPLETE)
+        return status;
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+        return GSS_S_BAD_MECH;
+
+    /* If the mech does not implement RFC 5587, return success with an empty
+     * mech_attrs and known_mech_attrs. */
+    if (mech->gss_inquire_attrs_for_mech == NULL)
+        return GSS_S_COMPLETE;
+
+    public_mech = gssint_get_public_oid(selected_mech);
+    status = mech->gss_inquire_attrs_for_mech(minor, public_mech, mech_attrs,
+                                              known_mech_attrs);
+    if (GSS_ERROR(status)) {
+        map_error(minor, mech);
+        return status;
+    }
+
+    if (known_mech_attrs != NULL && *known_mech_attrs == GSS_C_NO_OID_SET) {
+        status = generic_gss_copy_oid_set(minor,
+                                          gss_ma_known_attrs,
+                                          known_mech_attrs);
+        if (GSS_ERROR(status)) {
+            gss_release_oid_set(&tmpMinor, mech_attrs);
+            if (mech_attrs != NULL)
+                *mech_attrs = GSS_C_NO_OID_SET;
+        }
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_display_mech_attr(
+    OM_uint32         *minor,
+    gss_const_OID      mech_attr,
+    gss_buffer_t       name,
+    gss_buffer_t       short_desc,
+    gss_buffer_t       long_desc)
+{
+    return generic_gss_display_mech_attr(minor, mech_attr,
+                                         name, short_desc, long_desc);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c
new file mode 100644
index 00000000..cfb0a0d2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c
@@ -0,0 +1,116 @@
+/*
+ * g_mechname.c --- registry of mechanism-specific name types
+ *
+ * This file contains a registry of mechanism-specific name types.  It
+ * is used to determine which name types not should be lazy evaluated,
+ * but rather evaluated on the spot.
+ */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+static gss_mech_spec_name name_list = NULL;
+
+/*
+ * generic searching helper function.
+ */
+static gss_mech_spec_name search_mech_spec(name_type)
+    gss_OID name_type;
+{
+    gss_mech_spec_name p;
+
+    for (p = name_list; p; p = p->next) {
+	if (g_OID_equal(name_type, p->name_type))
+	    return p;
+    }
+    return NULL;
+}
+
+/*
+ * Given a name_type, if it is specific to a mechanism, return the
+ * mechanism OID.  Otherwise, return NULL.
+ */
+gss_OID gss_find_mechanism_from_name_type(name_type)
+    gss_OID name_type;
+{
+    gss_mech_spec_name p;
+
+    p = search_mech_spec(name_type);
+    if (!p)
+	return NULL;
+    return p->mech;
+}
+
+/*
+ * This function adds a (name_type, mechanism) pair to the
+ * mechanism-specific name type registry.  If an entry for the
+ * name_type already exists, then zero out the mechanism entry.
+ * Otherwise, enter the pair into the registry.
+ */
+OM_uint32
+gss_add_mech_name_type(minor_status, name_type, mech)
+    OM_uint32	*minor_status;
+    gss_OID	name_type;
+    gss_OID	mech;
+{
+    OM_uint32	major_status, tmp;
+    gss_mech_spec_name p;
+
+    p = search_mech_spec(name_type);
+    if (p) {
+	/*
+	 * We found an entry for this name type; mark it as not being
+	 * a mechanism-specific name type.
+	 */
+	if (p->mech) {
+	    if (!g_OID_equal(mech, p->mech)) {
+		generic_gss_release_oid(minor_status, &p->mech);
+		p->mech = 0;
+	    }
+	}
+	return GSS_S_COMPLETE;
+    }
+    p = malloc(sizeof(gss_mech_spec_name_desc));
+    if (!p) {
+	*minor_status = ENOMEM;
+	map_errcode(minor_status);
+	goto allocation_failure;
+    }
+    p->name_type = 0;
+    p->mech = 0;
+
+    major_status = generic_gss_copy_oid(minor_status, name_type,
+					&p->name_type);
+    if (major_status) {
+	map_errcode(minor_status);
+	goto allocation_failure;
+    }
+    major_status = generic_gss_copy_oid(minor_status, mech,
+					&p->mech);
+    if (major_status) {
+	map_errcode(minor_status);
+	goto allocation_failure;
+    }
+
+    p->next = name_list;
+    p->prev = 0;
+    name_list = p;
+
+    return GSS_S_COMPLETE;
+
+allocation_failure:
+    if (p) {
+	if (p->mech)
+	    generic_gss_release_oid(&tmp, &p->mech);
+	if (p->name_type)
+	    generic_gss_release_oid(&tmp, &p->name_type);
+	free(p);
+    }
+    return GSS_S_FAILURE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_negoex.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_negoex.c
new file mode 100644
index 00000000..9360fa4b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_negoex.c
@@ -0,0 +1,237 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file contains dispatch functions for the three GSSAPI extensions
+ * described in draft-zhu-negoex-04, renamed to use the gssspi_ prefix.  Since
+ * the only caller of these functions is SPNEGO, argument validation is
+ * omitted.
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gssspi_query_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
+                       gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle,
+                       const gss_name_t targ_name, OM_uint32 req_flags,
+                       gss_buffer_t meta_data)
+{
+    OM_uint32 status, minor;
+    gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle;
+    gss_union_cred_t cred = (gss_union_cred_t)cred_handle;
+    gss_union_name_t union_name = (gss_union_name_t)targ_name;
+    gss_mechanism mech;
+    gss_OID selected_mech, public_mech;
+    gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL;
+    gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME;
+    gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx;
+
+    *minor_status = 0;
+    meta_data->length = 0;
+    meta_data->value = NULL;
+
+    status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
+    if (status != GSS_S_COMPLETE)
+        return status;
+    public_mech = gssint_get_public_oid(selected_mech);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+        return GSS_S_BAD_MECH;
+    if (mech->gssspi_query_meta_data == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    if (cred != NULL) {
+        internal_cred = gssint_get_mechanism_cred(cred, selected_mech);
+        if (internal_cred == GSS_C_NO_CREDENTIAL)
+            return GSS_S_NO_CRED;
+    }
+
+    if (union_name != NULL) {
+        if (union_name->mech_type != GSS_C_NO_OID &&
+            g_OID_equal(union_name->mech_type, selected_mech)) {
+            internal_name = union_name->mech_name;
+        } else {
+            status = gssint_import_internal_name(minor_status, selected_mech,
+                                                 union_name, &imported_name);
+            if (status != GSS_S_COMPLETE)
+                goto cleanup;
+            internal_name = imported_name;
+        }
+    }
+
+    internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx;
+    status = mech->gssspi_query_meta_data(minor_status, public_mech,
+                                          internal_cred, internal_ctx,
+                                          internal_name, req_flags, meta_data);
+    if (status != GSS_S_COMPLETE) {
+        map_error(minor_status, mech);
+        goto cleanup;
+    }
+
+    /* If the mech created a context, wrap it in a union context. */
+    if (new_ctx != GSS_C_NO_CONTEXT) {
+        assert(ctx == NULL);
+        status = gssint_create_union_context(minor_status, selected_mech,
+                                             &ctx);
+        if (status != GSS_S_COMPLETE)
+            goto cleanup;
+
+        ctx->internal_ctx_id = new_ctx;
+        new_ctx = GSS_C_NO_CONTEXT;
+        *context_handle = (gss_ctx_id_t)ctx;
+    }
+
+cleanup:
+    if (imported_name != GSS_C_NO_NAME) {
+        (void)gssint_release_internal_name(&minor, selected_mech,
+                                           &imported_name);
+    }
+    if (new_ctx != GSS_C_NO_CONTEXT) {
+        (void)gssint_delete_internal_sec_context(&minor, &mech->mech_type,
+                                                 &new_ctx, GSS_C_NO_BUFFER);
+    }
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gssspi_exchange_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
+                          gss_cred_id_t cred_handle,
+                          gss_ctx_id_t *context_handle,
+                          const gss_name_t targ_name, OM_uint32 req_flags,
+                          gss_const_buffer_t meta_data)
+{
+    OM_uint32 status, minor;
+    gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle;
+    gss_union_cred_t cred = (gss_union_cred_t)cred_handle;
+    gss_union_name_t union_name = (gss_union_name_t)targ_name;
+    gss_mechanism mech;
+    gss_OID selected_mech, public_mech;
+    gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL;
+    gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME;
+    gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx;
+
+    *minor_status = 0;
+
+    status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
+    if (status != GSS_S_COMPLETE)
+        return status;
+    public_mech = gssint_get_public_oid(selected_mech);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+        return GSS_S_BAD_MECH;
+    if (mech->gssspi_exchange_meta_data == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    if (cred != NULL) {
+        internal_cred = gssint_get_mechanism_cred(cred, selected_mech);
+        if (internal_cred == GSS_C_NO_CREDENTIAL)
+            return GSS_S_NO_CRED;
+    }
+
+    if (union_name != NULL) {
+        if (union_name->mech_type != GSS_C_NO_OID &&
+            g_OID_equal(union_name->mech_type, selected_mech)) {
+            internal_name = union_name->mech_name;
+        } else {
+            status = gssint_import_internal_name(minor_status, selected_mech,
+                                                 union_name, &imported_name);
+            if (GSS_ERROR(status))
+                return status;
+            internal_name = imported_name;
+        }
+    }
+
+    internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx;
+    status = mech->gssspi_exchange_meta_data(minor_status, public_mech,
+                                             internal_cred, internal_ctx,
+                                             internal_name, req_flags,
+                                             meta_data);
+    if (status != GSS_S_COMPLETE) {
+        map_error(minor_status, mech);
+        goto cleanup;
+    }
+
+    /* If the mech created a context, wrap it in a union context. */
+    if (new_ctx != GSS_C_NO_CONTEXT) {
+        assert(ctx == NULL);
+        status = gssint_create_union_context(minor_status, selected_mech,
+                                             &ctx);
+        if (status != GSS_S_COMPLETE)
+            goto cleanup;
+
+        ctx->internal_ctx_id = new_ctx;
+        new_ctx = GSS_C_NO_CONTEXT;
+        *context_handle = (gss_ctx_id_t)ctx;
+    }
+
+cleanup:
+    if (imported_name != GSS_C_NO_NAME) {
+        (void)gssint_release_internal_name(&minor, selected_mech,
+                                           &imported_name);
+    }
+    if (new_ctx != GSS_C_NO_CONTEXT) {
+        (void)gssint_delete_internal_sec_context(&minor, &mech->mech_type,
+                                                 &new_ctx, GSS_C_NO_BUFFER);
+    }
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gssspi_query_mechanism_info(OM_uint32 *minor_status, gss_const_OID mech_oid,
+                            unsigned char auth_scheme[16])
+{
+    OM_uint32 status;
+    gss_OID selected_mech, public_mech;
+    gss_mechanism mech;
+
+    *minor_status = 0;
+    memset(auth_scheme, 0, 16);
+
+    status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
+    if (status != GSS_S_COMPLETE)
+        return status;
+    public_mech = gssint_get_public_oid(selected_mech);
+
+    mech = gssint_get_mechanism(selected_mech);
+    if (mech == NULL)
+        return GSS_S_BAD_MECH;
+    if (mech->gssspi_query_mechanism_info == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = mech->gssspi_query_mechanism_info(minor_status, public_mech,
+                                               auth_scheme);
+    if (GSS_ERROR(status))
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_oid_ops.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_oid_ops.c
new file mode 100644
index 00000000..1d7970c5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_oid_ops.c
@@ -0,0 +1,112 @@
+/* #pragma ident	"@(#)g_oid_ops.c	1.11	98/01/22 SMI" */
+/* lib/gssapi/mechglue/g_oid_ops.c - GSSAPI V2 interfaces to manipulate OIDs */
+/*
+ * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "mglueP.h"
+
+/*
+ * gss_release_oid has been moved to g_initialize, because it requires access
+ * to the mechanism list.  All functions requiring direct access to the
+ * mechanism list are now in g_initialize.c
+ */
+
+OM_uint32 KRB5_CALLCONV
+gss_create_empty_oid_set(minor_status, oid_set)
+    OM_uint32	*minor_status;
+    gss_OID_set	*oid_set;
+{
+    OM_uint32 status;
+    status = generic_gss_create_empty_oid_set(minor_status, oid_set);
+    if (status != GSS_S_COMPLETE)
+	map_errcode(minor_status);
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_add_oid_set_member(minor_status, member_oid, oid_set)
+    OM_uint32	*minor_status;
+    gss_OID	member_oid;
+    gss_OID_set	*oid_set;
+{
+    OM_uint32 status;
+    status = generic_gss_add_oid_set_member(minor_status, member_oid, oid_set);
+    if (status != GSS_S_COMPLETE)
+	map_errcode(minor_status);
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_test_oid_set_member(minor_status, member, set, present)
+    OM_uint32	*minor_status;
+    gss_OID	member;
+    gss_OID_set	set;
+    int		*present;
+{
+    return generic_gss_test_oid_set_member(minor_status, member, set, present);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_oid_to_str(minor_status, oid, oid_str)
+    OM_uint32		*minor_status;
+    gss_OID		oid;
+    gss_buffer_t	oid_str;
+{
+    OM_uint32 status = generic_gss_oid_to_str(minor_status, oid, oid_str);
+    if (status != GSS_S_COMPLETE)
+	map_errcode(minor_status);
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_str_to_oid(minor_status, oid_str, oid)
+    OM_uint32		*minor_status;
+    gss_buffer_t	oid_str;
+    gss_OID		*oid;
+{
+    OM_uint32 status = generic_gss_str_to_oid(minor_status, oid_str, oid);
+    if (status != GSS_S_COMPLETE)
+	map_errcode(minor_status);
+    return status;
+}
+
+OM_uint32
+gssint_copy_oid_set(
+    OM_uint32 *minor_status,
+    const gss_OID_set_desc * const oidset,
+    gss_OID_set *new_oidset)
+{
+    return generic_gss_copy_oid_set(minor_status, oidset, new_oidset);
+}
+
+int KRB5_CALLCONV
+gss_oid_equal(
+    gss_const_OID first_oid,
+    gss_const_OID second_oid)
+{
+    /* GSS_C_NO_OID doesn't match itself, per draft-josefsson-gss-capsulate. */
+    if (first_oid == GSS_C_NO_OID || second_oid == GSS_C_NO_OID)
+	return 0;
+    return g_OID_equal(first_oid, second_oid);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_prf.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_prf.c
new file mode 100644
index 00000000..96f2facf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_prf.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_pseudo_random */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_pseudo_random (OM_uint32 *minor_status,
+	           gss_ctx_id_t context_handle,
+	           int prf_key,
+	           const gss_buffer_t prf_in,
+	           ssize_t desired_output_len,
+	           gss_buffer_t prf_out)
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (prf_out != GSS_C_NO_BUFFER) {
+	prf_out->length = 0;
+	prf_out->value = NULL;
+    }
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+
+    if (prf_in == GSS_C_NO_BUFFER)
+	return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (prf_out == GSS_C_NO_BUFFER)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    prf_out->length = 0;
+    prf_out->value = NULL;
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return GSS_S_NO_CONTEXT;
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech != NULL) {
+	if (mech->gss_pseudo_random != NULL) {
+	    status = mech->gss_pseudo_random(minor_status,
+					     ctx->internal_ctx_id,
+					     prf_key,
+					     prf_in,
+					     desired_output_len,
+					     prf_out);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return status;
+    }
+
+    return GSS_S_BAD_MECH;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_process_context.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_process_context.c
new file mode 100644
index 00000000..3968b5d9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_process_context.c
@@ -0,0 +1,84 @@
+/* #pragma ident	"@(#)g_process_context.c	1.12	98/01/22 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine gss_process_context
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_process_context_token (minor_status,
+                           context_handle,
+                           token_buffer)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_buffer_t		token_buffer;
+
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *minor_status = 0;
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (token_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (GSS_EMPTY_BUFFER(token_buffer))
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+
+	if (mech->gss_process_context_token) {
+	    status = mech->gss_process_context_token(
+						    minor_status,
+						    ctx->internal_ctx_id,
+						    token_buffer);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_buffer.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_buffer.c
new file mode 100644
index 00000000..8c3328ac
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_buffer.c
@@ -0,0 +1,58 @@
+/* #ident  "@(#)g_rel_buffer.c 1.2     96/02/06 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_release_buffer
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+OM_uint32 KRB5_CALLCONV
+gss_release_buffer (minor_status,
+		    buffer)
+
+OM_uint32 *		minor_status;
+gss_buffer_t		buffer;
+{
+    if (minor_status)
+	*minor_status = 0;
+
+    /* if buffer is NULL, return */
+
+    if(buffer == GSS_C_NO_BUFFER)
+	return(GSS_S_COMPLETE);
+
+    if ((buffer->length) &&
+	(buffer->value)) {
+	    gssalloc_free(buffer->value);
+	    buffer->length = 0;
+	    buffer->value = NULL;
+    }
+
+    return (GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_cred.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_cred.c
new file mode 100644
index 00000000..ccdee05a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_cred.c
@@ -0,0 +1,99 @@
+/* #pragma ident	"@(#)g_rel_cred.c	1.14	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Glue routine for gss_release_cred */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+OM_uint32 KRB5_CALLCONV
+gss_release_cred(minor_status,
+                 cred_handle)
+
+OM_uint32 *		minor_status;
+gss_cred_id_t *		cred_handle;
+
+{
+    OM_uint32		status, temp_status;
+    int			j;
+    gss_union_cred_t	union_cred;
+    gss_mechanism	mech;
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    *minor_status = 0;
+
+    if (cred_handle == NULL)
+	return (GSS_S_NO_CRED | GSS_S_CALL_INACCESSIBLE_READ);
+
+    /*
+     * Loop through the union_cred struct, selecting the approprate
+     * underlying mechanism routine and calling it. At the end,
+     * release all of the storage taken by the union_cred struct.
+     */
+
+    union_cred = (gss_union_cred_t) *cred_handle;
+    if (union_cred == (gss_union_cred_t)GSS_C_NO_CREDENTIAL)
+	return (GSS_S_COMPLETE);
+
+    if (GSSINT_CHK_LOOP(union_cred))
+	return (GSS_S_NO_CRED | GSS_S_CALL_INACCESSIBLE_READ);
+    *cred_handle = NULL;
+
+    status = GSS_S_COMPLETE;
+
+    for(j=0; j < union_cred->count; j++) {
+
+	mech = gssint_get_mechanism (&union_cred->mechs_array[j]);
+
+	if (union_cred->mechs_array[j].elements)
+		free(union_cred->mechs_array[j].elements);
+	if (mech) {
+	    if (mech->gss_release_cred) {
+		temp_status = mech->gss_release_cred
+		    (
+		     minor_status,
+		     &union_cred->cred_array[j]);
+
+		if (temp_status != GSS_S_COMPLETE) {
+		    map_error(minor_status, mech);
+		    status = GSS_S_NO_CRED;
+		}
+
+	    } else
+		status = GSS_S_UNAVAILABLE;
+	} else
+	    status = GSS_S_DEFECTIVE_CREDENTIAL;
+    }
+
+    free(union_cred->cred_array);
+    free(union_cred->mechs_array);
+    free(union_cred);
+
+    return(status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_name.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_name.c
new file mode 100644
index 00000000..e0086923
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_name.c
@@ -0,0 +1,86 @@
+/* #pragma ident	"@(#)g_rel_name.c	1.11	04/02/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_release_name
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+
+OM_uint32 KRB5_CALLCONV
+gss_release_name (minor_status,
+		  input_name)
+
+OM_uint32 *		minor_status;
+gss_name_t *		input_name;
+
+{
+    gss_union_name_t	union_name;
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *minor_status = 0;
+
+    /* if input_name is NULL, return error */
+    if (input_name == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+
+    if (*input_name == GSS_C_NO_NAME)
+	return GSS_S_COMPLETE;
+
+    /*
+     * free up the space for the external_name and then
+     * free the union_name descriptor
+     */
+
+    union_name = (gss_union_name_t) *input_name;
+    if (GSSINT_CHK_LOOP(union_name))
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
+    *input_name = 0;
+    *minor_status = 0;
+
+    if (union_name->name_type != GSS_C_NO_OID)
+	gss_release_oid(minor_status, &union_name->name_type);
+
+    if (union_name->external_name != GSS_C_NO_BUFFER) {
+	if (union_name->external_name->value != NULL)
+	    gssalloc_free(union_name->external_name->value);
+	free(union_name->external_name);
+    }
+
+    if (union_name->mech_type) {
+	gssint_release_internal_name(minor_status, union_name->mech_type,
+				     &union_name->mech_name);
+	gss_release_oid(minor_status, &union_name->mech_type);
+    }
+
+    free(union_name);
+
+    return(GSS_S_COMPLETE);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_name_mapping.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_name_mapping.c
new file mode 100644
index 00000000..03631782
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_name_mapping.c
@@ -0,0 +1,73 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_release_any_name_mapping */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_release_any_name_mapping(OM_uint32 *minor_status,
+                             gss_name_t name,
+                             gss_buffer_t type_id,
+                             gss_any_t *input)
+{
+    OM_uint32           status;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    if (type_id == GSS_C_NO_BUFFER)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (input == NULL)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID)
+        return GSS_S_UNAVAILABLE;
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL)
+        return GSS_S_BAD_NAME;
+
+    if (mech->gss_release_any_name_mapping == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = (*mech->gss_release_any_name_mapping)(minor_status,
+                                                   union_name->mech_name,
+                                                   type_id,
+                                                   input);
+    if (status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_oid_set.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_oid_set.c
new file mode 100644
index 00000000..fa008d6b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_rel_oid_set.c
@@ -0,0 +1,43 @@
+/* #pragma ident	"@(#)g_rel_oid_set.c	1.12	97/11/11 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_release_oid_set
+ */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+OM_uint32 KRB5_CALLCONV
+gss_release_oid_set (minor_status,
+		     set)
+
+OM_uint32 *		minor_status;
+gss_OID_set *		set;
+{
+    return generic_gss_release_oid_set(minor_status, set);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_saslname.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_saslname.c
new file mode 100644
index 00000000..2be0c8a6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_saslname.c
@@ -0,0 +1,220 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/gssapi/mechglue/g_saslname.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "mglueP.h"
+#include <krb5/krb5.h>
+
+static char basis_32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+
+#define OID_SASL_NAME_LENGTH  (sizeof("GS2-XXXXXXXXXXX") - 1)
+
+static OM_uint32
+oidToSaslName(OM_uint32 *minor, const gss_OID mech,
+              char sasl_name[OID_SASL_NAME_LENGTH + 1])
+{
+    unsigned char derBuf[2];
+    krb5_crypto_iov iov[3];
+    unsigned char cksumBuf[20], *q = cksumBuf;
+    char *p = sasl_name;
+
+    if (mech->length > 127) {
+        *minor = ERANGE;
+        return GSS_S_BAD_MECH;
+    }
+
+    derBuf[0] = 0x06;
+    derBuf[1] = (unsigned char)mech->length;
+
+    iov[0].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+    iov[0].data.length = 2;
+    iov[0].data.data = (char *)derBuf;
+    iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+    iov[1].data.length = mech->length;
+    iov[1].data.data = (char *)mech->elements;
+    iov[2].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+    iov[2].data.length = sizeof(cksumBuf);
+    iov[2].data.data = (char *)cksumBuf;
+
+    *minor = krb5_k_make_checksum_iov(NULL, CKSUMTYPE_SHA1, NULL, 0, iov, 3);
+    if (*minor != 0)
+        return GSS_S_FAILURE;
+
+    memcpy(p, "GS2-", 4);
+    p += 4;
+
+    *p++ = basis_32[q[0] >> 3];
+    *p++ = basis_32[((q[0] & 7) << 2) | (q[1] >> 6)];
+    *p++ = basis_32[(q[1] & 0x3f) >> 1];
+    *p++ = basis_32[((q[1] & 1) << 4) | (q[2] >> 4)];
+    *p++ = basis_32[((q[2] & 0xf) << 1) | (q[3] >> 7)];
+    *p++ = basis_32[(q[3] & 0x7f) >> 2];
+    *p++ = basis_32[((q[3] & 3) << 3) | (q[4] >> 5)];
+    *p++ = basis_32[(q[4] & 0x1f)];
+    *p++ = basis_32[q[5] >> 3];
+    *p++ = basis_32[((q[5] & 7) << 2) | (q[6] >> 6)];
+    *p++ = basis_32[(q[6] & 0x3f) >> 1];
+
+    *p++ = '\0';
+
+    *minor = 0;
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+oidToSaslNameAlloc(OM_uint32 *minor, const gss_OID mech,
+                   gss_buffer_t sasl_name)
+{
+    OM_uint32 status, tmpMinor;
+
+    sasl_name->value = malloc(OID_SASL_NAME_LENGTH + 1);
+    if (sasl_name->value == NULL) {
+        *minor = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    sasl_name->length = OID_SASL_NAME_LENGTH;
+
+    status = oidToSaslName(minor, mech, (char *)sasl_name->value);
+    if (GSS_ERROR(status)) {
+        gss_release_buffer(&tmpMinor, sasl_name);
+        return status;
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech(
+    OM_uint32     *minor_status,
+    const gss_OID  desired_mech,
+    gss_buffer_t   sasl_mech_name,
+    gss_buffer_t   mech_name,
+    gss_buffer_t   mech_description)
+{
+    OM_uint32       status;
+    gss_OID         selected_mech, public_mech;
+    gss_mechanism   mech;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor_status = 0;
+
+    if (sasl_mech_name != GSS_C_NO_BUFFER) {
+        sasl_mech_name->length = 0;
+        sasl_mech_name->value = NULL;
+    }
+
+    if (mech_name != GSS_C_NO_BUFFER) {
+        mech_name->length = 0;
+        mech_name->value = NULL;
+    }
+
+    if (mech_description != GSS_C_NO_BUFFER) {
+        mech_description->length = 0;
+        mech_description->value = NULL;
+    }
+
+    status = gssint_select_mech_type(minor_status, desired_mech,
+                                     &selected_mech);
+    if (status != GSS_S_COMPLETE)
+        return status;
+
+    mech = gssint_get_mechanism(desired_mech);
+    if (mech == NULL) {
+        return GSS_S_BAD_MECH;
+    } else if (mech->gss_inquire_saslname_for_mech == NULL) {
+        status = GSS_S_UNAVAILABLE;
+    } else {
+        public_mech = gssint_get_public_oid(selected_mech);
+        status = mech->gss_inquire_saslname_for_mech(minor_status, public_mech,
+                                                     sasl_mech_name, mech_name,
+                                                     mech_description);
+        if (status != GSS_S_COMPLETE)
+            map_error(minor_status, mech);
+    }
+
+    if (status == GSS_S_UNAVAILABLE) {
+        if (sasl_mech_name != GSS_C_NO_BUFFER)
+            status = oidToSaslNameAlloc(minor_status, desired_mech,
+                                        sasl_mech_name);
+        else
+            status = GSS_S_COMPLETE;
+    }
+
+    return status;
+}
+
+/* We cannot interpose this function as mech_type is an output parameter. */
+OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname(
+    OM_uint32           *minor_status,
+    const gss_buffer_t   sasl_mech_name,
+    gss_OID             *mech_type)
+{
+    OM_uint32       status, tmpMinor;
+    gss_OID_set     mechSet = GSS_C_NO_OID_SET;
+    size_t          i;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (mech_type != NULL)
+        *mech_type = GSS_C_NO_OID;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    status = gss_indicate_mechs(minor_status, &mechSet);
+    if (status != GSS_S_COMPLETE)
+        return status;
+
+    for (i = 0, status = GSS_S_BAD_MECH; i < mechSet->count; i++) {
+        gss_mechanism mech;
+        char mappedName[OID_SASL_NAME_LENGTH + 1];
+
+        mech = gssint_get_mechanism(&mechSet->elements[i]);
+        if (mech != NULL && mech->gss_inquire_mech_for_saslname != NULL) {
+            status = mech->gss_inquire_mech_for_saslname(minor_status,
+                                                         sasl_mech_name,
+                                                         mech_type);
+            if (status == GSS_S_COMPLETE)
+                break;
+        }
+        if (status == GSS_S_BAD_MECH &&
+            sasl_mech_name->length == OID_SASL_NAME_LENGTH &&
+            oidToSaslName(&tmpMinor, &mechSet->elements[i],
+                          mappedName) == GSS_S_COMPLETE &&
+            memcmp(sasl_mech_name->value, mappedName,
+                   OID_SASL_NAME_LENGTH) == 0) {
+            if (mech_type != NULL)
+                *mech_type = &mech->mech_type;
+            status = GSS_S_COMPLETE;
+            break;
+        }
+    }
+
+    gss_release_oid_set(&tmpMinor, &mechSet);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_seal.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_seal.c
new file mode 100644
index 00000000..3db1ee09
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_seal.c
@@ -0,0 +1,253 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_wrap
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_wrap_args(OM_uint32 *minor_status,
+              gss_ctx_id_t context_handle,
+              int conf_req_flag,
+              gss_qop_t qop_req,
+              gss_buffer_t input_message_buffer,
+              int *conf_state,
+              gss_buffer_t output_message_buffer)
+{
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (output_message_buffer != GSS_C_NO_BUFFER) {
+        output_message_buffer->length = 0;
+        output_message_buffer->value = NULL;
+    }
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+        return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (input_message_buffer == GSS_C_NO_BUFFER)
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (output_message_buffer == GSS_C_NO_BUFFER)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_wrap( OM_uint32 *minor_status,
+          gss_ctx_id_t context_handle,
+          int conf_req_flag,
+          gss_qop_t qop_req,
+          gss_buffer_t input_message_buffer,
+          int *conf_state,
+          gss_buffer_t output_message_buffer)
+{
+
+    /* EXPORT DELETE START */
+
+    OM_uint32           status;
+    gss_union_ctx_id_t  ctx;
+    gss_mechanism       mech;
+
+    status = val_wrap_args(minor_status, context_handle,
+                           conf_req_flag, qop_req,
+                           input_message_buffer, conf_state,
+                           output_message_buffer);
+    if (status != GSS_S_COMPLETE)
+        return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+        return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+        if (mech->gss_wrap) {
+            status = mech->gss_wrap(minor_status,
+                                    ctx->internal_ctx_id,
+                                    conf_req_flag,
+                                    qop_req,
+                                    input_message_buffer,
+                                    conf_state,
+                                    output_message_buffer);
+            if (status != GSS_S_COMPLETE)
+                map_error(minor_status, mech);
+        } else if (mech->gss_wrap_aead ||
+                   (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) {
+            status = gssint_wrap_aead(mech,
+                                      minor_status,
+                                      ctx,
+                                      conf_req_flag,
+                                      (gss_qop_t)qop_req,
+                                      GSS_C_NO_BUFFER,
+                                      input_message_buffer,
+                                      conf_state,
+                                      output_message_buffer);
+        } else
+            status = GSS_S_UNAVAILABLE;
+
+        return(status);
+    }
+    /* EXPORT DELETE END */
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_seal(OM_uint32 *minor_status,
+         gss_ctx_id_t context_handle,
+         int conf_req_flag,
+         int qop_req,
+         gss_buffer_t input_message_buffer,
+         int *conf_state,
+         gss_buffer_t output_message_buffer)
+{
+
+    return gss_wrap(minor_status, context_handle,
+                    conf_req_flag, (gss_qop_t) qop_req,
+                    input_message_buffer, conf_state,
+                    output_message_buffer);
+}
+
+/*
+ * It is only possible to implement gss_wrap_size_limit() on top
+ * of gss_wrap_iov_length() for mechanisms that do not use any
+ * padding and have fixed length headers/trailers.
+ */
+static OM_uint32
+gssint_wrap_size_limit_iov_shim(gss_mechanism mech,
+                                OM_uint32 *minor_status,
+                                gss_ctx_id_t context_handle,
+                                int conf_req_flag,
+                                gss_qop_t qop_req,
+                                OM_uint32 req_output_size,
+                                OM_uint32 *max_input_size)
+{
+    gss_iov_buffer_desc iov[4];
+    OM_uint32           status;
+    OM_uint32           ohlen;
+
+    iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
+    iov[0].buffer.value = NULL;
+    iov[0].buffer.length = 0;
+
+    iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[1].buffer.length = req_output_size;
+    iov[1].buffer.value = NULL;
+
+    iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING;
+    iov[2].buffer.value = NULL;
+    iov[2].buffer.length = 0;
+
+    iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER;
+    iov[3].buffer.value = NULL;
+    iov[3].buffer.length = 0;
+
+    assert(mech->gss_wrap_iov_length);
+
+    status = mech->gss_wrap_iov_length(minor_status, context_handle,
+                                       conf_req_flag, qop_req,
+                                       NULL, iov,
+                                       sizeof(iov)/sizeof(iov[0]));
+    if (status != GSS_S_COMPLETE) {
+        map_error(minor_status, mech);
+        return status;
+    }
+
+    ohlen = iov[0].buffer.length + iov[3].buffer.length;
+
+    if (iov[2].buffer.length == 0 && ohlen < req_output_size)
+        *max_input_size = req_output_size - ohlen;
+    else
+        *max_input_size = 0;
+
+    return GSS_S_COMPLETE;
+}
+
+/*
+ * New for V2
+ */
+OM_uint32 KRB5_CALLCONV
+gss_wrap_size_limit(OM_uint32  *minor_status,
+                    gss_ctx_id_t context_handle,
+                    int conf_req_flag,
+                    gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 *max_input_size)
+{
+    gss_union_ctx_id_t  ctx;
+    gss_mechanism       mech;
+    OM_uint32           major_status;
+
+    if (minor_status == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *minor_status = 0;
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+        return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (max_input_size == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+        return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (!mech)
+        return (GSS_S_BAD_MECH);
+
+    if (mech->gss_wrap_size_limit)
+        major_status = mech->gss_wrap_size_limit(minor_status,
+                                                 ctx->internal_ctx_id,
+                                                 conf_req_flag, qop_req,
+                                                 req_output_size, max_input_size);
+    else if (mech->gss_wrap_iov_length)
+        major_status = gssint_wrap_size_limit_iov_shim(mech, minor_status,
+                                                       ctx->internal_ctx_id,
+                                                       conf_req_flag, qop_req,
+                                                       req_output_size, max_input_size);
+    else
+        major_status = GSS_S_UNAVAILABLE;
+    if (major_status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+    return major_status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_context_option.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_context_option.c
new file mode 100644
index 00000000..eb67a9eb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_context_option.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_set_sec_context_option */
+
+#include "mglueP.h"
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <errno.h>
+
+OM_uint32 KRB5_CALLCONV
+gss_set_sec_context_option (OM_uint32 *minor_status,
+			    gss_ctx_id_t *context_handle,
+			    const gss_OID desired_object,
+			    const gss_buffer_t value)
+{
+    OM_uint32		status, minor;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+    gss_ctx_id_t	internal_ctx = GSS_C_NO_CONTEXT;
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (context_handle == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) *context_handle;
+    if (ctx == NULL) {
+	mech = gssint_get_mechanism (GSS_C_NO_OID);
+    } else {
+	mech = gssint_get_mechanism (ctx->mech_type);
+    }
+
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    if (mech->gss_set_sec_context_option == NULL)
+	return GSS_S_UNAVAILABLE;
+
+    status = mech->gss_set_sec_context_option(minor_status,
+					      ctx ? &ctx->internal_ctx_id :
+					      &internal_ctx,
+					      desired_object,
+					      value);
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	return status;
+    }
+
+    if (ctx == NULL && internal_ctx != GSS_C_NO_CONTEXT) {
+	status = gssint_create_union_context(minor_status, &mech->mech_type,
+					     &ctx);
+	if (status != GSS_S_COMPLETE) {
+	    gssint_delete_internal_sec_context(&minor, ctx->mech_type,
+					       &internal_ctx, GSS_C_NO_BUFFER);
+	    return status;
+	}
+
+	ctx->internal_ctx_id = internal_ctx;
+	*context_handle = (gss_ctx_id_t)ctx;
+    }
+
+    return GSS_S_COMPLETE;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c
new file mode 100644
index 00000000..5c9d21db
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2008-2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gssspi_set_cred_option */
+
+#include "mglueP.h"
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <string.h>
+#include <time.h>
+
+static OM_uint32
+alloc_union_cred(OM_uint32 *minor_status,
+		 gss_mechanism mech,
+		 gss_cred_id_t mech_cred,
+		 gss_union_cred_t *pcred)
+{
+    OM_uint32		status;
+    OM_uint32		temp_minor_status;
+    gss_union_cred_t	cred = NULL;
+
+    *pcred = NULL;
+
+    status = GSS_S_FAILURE;
+
+    cred = calloc(1, sizeof(*cred));
+    if (cred == NULL) {
+	*minor_status = ENOMEM;
+	goto cleanup;
+    }
+
+    cred->loopback = cred;
+    cred->count = 1;
+
+    cred->cred_array = calloc(cred->count, sizeof(gss_cred_id_t));
+    if (cred->cred_array == NULL) {
+	*minor_status = ENOMEM;
+	goto cleanup;
+    }
+    cred->cred_array[0] = mech_cred;
+
+    status = generic_gss_copy_oid(minor_status,
+                                  &mech->mech_type,
+                                  &cred->mechs_array);
+    if (status != GSS_S_COMPLETE)
+        goto cleanup;
+
+    status = GSS_S_COMPLETE;
+    *pcred = cred;
+
+cleanup:
+    if (status != GSS_S_COMPLETE)
+	gss_release_cred(&temp_minor_status, (gss_cred_id_t *)&cred);
+
+    return status;
+}
+
+/*
+ * This differs from gssspi_set_cred_option() as shipped in 1.7, in that
+ * it can return a cred handle. To denote this change we have changed the
+ * name of the function from gssspi_set_cred_option() to gss_set_cred_option().
+ * However, the dlsym() entry point is still gssspi_set_cred_option(). This
+ * fixes a separate issue, namely that a dynamically loaded mechanism could
+ * not itself call set_cred_option() without calling its own implementation
+ * instead of the mechanism glue's. (This is useful where a mechanism wishes
+ * to export a mechanism-specific API that is a wrapper around this function.)
+ */
+OM_uint32 KRB5_CALLCONV
+gss_set_cred_option(OM_uint32 *minor_status,
+	            gss_cred_id_t *cred_handle,
+	            const gss_OID desired_object,
+	            const gss_buffer_t value)
+{
+    gss_union_cred_t	union_cred;
+    gss_mechanism	mech;
+    int			i;
+    OM_uint32		status;
+    OM_uint32		mech_status;
+    OM_uint32		mech_minor_status;
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (cred_handle == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    status = GSS_S_UNAVAILABLE;
+
+    if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+	gss_cred_id_t mech_cred = GSS_C_NO_CREDENTIAL;
+
+	/*
+	 * We need to give a mechanism the opportunity to allocate a
+	 * credentials handle. Unfortunately this does mean that only
+	 * the default mechanism can allocate a credentials handle.
+	 */
+        mech = gssint_get_mechanism(NULL);
+        if (mech == NULL)
+            return GSS_S_BAD_MECH;
+
+	if (mech->gssspi_set_cred_option == NULL)
+	    return GSS_S_UNAVAILABLE;
+
+	status = mech->gssspi_set_cred_option(minor_status,
+					      &mech_cred,
+					      desired_object,
+					      value);
+	if (status != GSS_S_COMPLETE) {
+	    map_error(minor_status, mech);
+	    return status;
+	}
+
+	if (mech_cred != GSS_C_NO_CREDENTIAL) {
+	    status = alloc_union_cred(minor_status,
+				      mech,
+				      mech_cred,
+				      &union_cred);
+	    if (status != GSS_S_COMPLETE)
+		return status;
+	    *cred_handle = (gss_cred_id_t)union_cred;
+	}
+    } else {
+	union_cred = (gss_union_cred_t)*cred_handle;
+
+	for (i = 0; i < union_cred->count; i++) {
+	    mech = gssint_get_mechanism(&union_cred->mechs_array[i]);
+	    if (mech == NULL) {
+		status = GSS_S_BAD_MECH;
+		break;
+	    }
+
+	    if (mech->gssspi_set_cred_option == NULL)
+		continue;
+
+	    mech_status = mech->gssspi_set_cred_option(&mech_minor_status,
+						       &union_cred->cred_array[i],
+						       desired_object,
+						       value);
+	    if (mech_status == GSS_S_UNAVAILABLE)
+		continue;
+	    else {
+		status = mech_status;
+		*minor_status = mech_minor_status;
+	    }
+	    if (status != GSS_S_COMPLETE) {
+		map_error(minor_status, mech);
+		break;
+	    }
+	}
+    }
+
+    return status;
+}
+
+/*
+ * Provide this for backward ABI compatibility, but remove it from the
+ * header.
+ */
+OM_uint32 KRB5_CALLCONV
+gssspi_set_cred_option(OM_uint32 *minor_status,
+	               gss_cred_id_t cred,
+	               const gss_OID desired_object,
+	               const gss_buffer_t value);
+
+OM_uint32 KRB5_CALLCONV
+gssspi_set_cred_option(OM_uint32 *minor_status,
+	               gss_cred_id_t cred,
+	               const gss_OID desired_object,
+	               const gss_buffer_t value)
+{
+    return gss_set_cred_option(minor_status, &cred,
+                               desired_object, value);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_name_attr.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_name_attr.c
new file mode 100644
index 00000000..42bde490
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_name_attr.c
@@ -0,0 +1,69 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Glue routine for gss_set_name_attribute */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_set_name_attribute(OM_uint32 *minor_status,
+                       gss_name_t name,
+                       int complete,
+                       gss_buffer_t attr,
+                       gss_buffer_t value)
+{
+    OM_uint32           status;
+    gss_union_name_t    union_name;
+    gss_mechanism       mech;
+
+    if (minor_status == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (name == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+
+    union_name = (gss_union_name_t)name;
+
+    if (union_name->mech_type == GSS_C_NO_OID)
+        return GSS_S_UNAVAILABLE;
+
+    mech = gssint_get_mechanism(name->mech_type);
+    if (mech == NULL)
+        return GSS_S_BAD_NAME;
+
+    if (mech->gss_set_name_attribute == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    status = (*mech->gss_set_name_attribute)(minor_status,
+                                             union_name->mech_name,
+                                             complete,
+                                             attr,
+                                             value);
+    if (status != GSS_S_COMPLETE)
+        map_error(minor_status, mech);
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_neg_mechs.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_neg_mechs.c
new file mode 100644
index 00000000..9b04ec9d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_set_neg_mechs.c
@@ -0,0 +1,72 @@
+/* lib/gssapi/mechglue/g_set_neg_mechs.c - Glue for gss_set_neg_mechs */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.	Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_set_neg_mechs(OM_uint32 *minor_status,
+		  gss_cred_id_t cred_handle,
+		  const gss_OID_set mech_set)
+{
+    gss_union_cred_t	union_cred;
+    gss_mechanism	mech;
+    int			i, avail;
+    OM_uint32		status;
+
+    if (minor_status == NULL)
+	return GSS_S_CALL_INACCESSIBLE_WRITE;
+    *minor_status = 0;
+
+    if (cred_handle == GSS_C_NO_CREDENTIAL)
+	return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED;
+
+    union_cred = (gss_union_cred_t) cred_handle;
+
+    avail = 0;
+    status = GSS_S_COMPLETE;
+    for (i = 0; i < union_cred->count; i++) {
+	mech = gssint_get_mechanism(&union_cred->mechs_array[i]);
+	if (mech == NULL) {
+	    status = GSS_S_BAD_MECH;
+	    break;
+	}
+
+	if (mech->gss_set_neg_mechs == NULL)
+	    continue;
+
+	avail = 1;
+	status = (mech->gss_set_neg_mechs)(minor_status,
+					   union_cred->cred_array[i],
+					   mech_set);
+	if (status != GSS_S_COMPLETE) {
+	    map_error(minor_status, mech);
+	    break;
+	}
+    }
+
+    if (status == GSS_S_COMPLETE && !avail)
+	return GSS_S_UNAVAILABLE;
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_sign.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_sign.c
new file mode 100644
index 00000000..03fbd8c0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_sign.c
@@ -0,0 +1,136 @@
+/* #pragma ident	"@(#)g_sign.c	1.14	98/04/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine gss_get_mic
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_get_mic_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    gss_qop_t qop_req,
+    gss_buffer_t message_buffer,
+    gss_buffer_t msg_token)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (msg_token != GSS_C_NO_BUFFER) {
+	msg_token->value = NULL;
+	msg_token->length = 0;
+    }
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (message_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (msg_token == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_get_mic (minor_status,
+	     context_handle,
+	     qop_req,
+	     message_buffer,
+	     msg_token)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_qop_t		qop_req;
+gss_buffer_t		message_buffer;
+gss_buffer_t		msg_token;
+
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    status = val_get_mic_args(minor_status, context_handle,
+			      qop_req, message_buffer, msg_token);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+	if (mech->gss_get_mic) {
+	    status = mech->gss_get_mic(
+				    minor_status,
+				    ctx->internal_ctx_id,
+				    qop_req,
+				    message_buffer,
+				    msg_token);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_sign (minor_status,
+          context_handle,
+          qop_req,
+          message_buffer,
+          msg_token)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+int			qop_req;
+gss_buffer_t		message_buffer;
+gss_buffer_t		msg_token;
+
+{
+	return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req,
+			    message_buffer, msg_token));
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_store_cred.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_store_cred.c
new file mode 100644
index 00000000..c2b6ddf3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_store_cred.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* #pragma ident	"@(#)g_store_cred.c	1.2	04/04/05 SMI" */
+
+/*
+ *  glue routine for gss_store_cred
+ */
+
+#include <mglueP.h>
+
+static OM_uint32
+store_cred_fallback(
+	OM_uint32 *minor_status,
+	gss_mechanism mech,
+	gss_cred_id_t mech_cred,
+	gss_cred_usage_t cred_usage,
+	gss_OID desired_mech,
+	OM_uint32 overwrite_cred,
+	OM_uint32 default_cred,
+	gss_const_key_value_set_t cred_store,
+	gss_OID_set *elements_stored,
+	gss_cred_usage_t *cred_usage_stored)
+{
+	gss_OID public_mech = gssint_get_public_oid(desired_mech);
+
+	if (mech->gss_store_cred_into != NULL) {
+		return mech->gss_store_cred_into(minor_status, mech_cred,
+						 cred_usage, public_mech,
+						 overwrite_cred, default_cred,
+						 cred_store, elements_stored,
+						 cred_usage_stored);
+	} else if (cred_store == GSS_C_NO_CRED_STORE) {
+		return mech->gss_store_cred(minor_status, mech_cred,
+					    cred_usage, public_mech,
+					    overwrite_cred, default_cred,
+					    elements_stored,
+					    cred_usage_stored);
+	} else {
+		return GSS_S_UNAVAILABLE;
+	}
+}
+
+static OM_uint32
+val_store_cred_args(
+	OM_uint32 *minor_status,
+	const gss_cred_id_t input_cred_handle,
+	gss_cred_usage_t cred_usage,
+	const gss_OID desired_mech,
+	OM_uint32 overwrite_cred,
+	OM_uint32 default_cred,
+	gss_const_key_value_set_t cred_store,
+	gss_OID_set *elements_stored,
+	gss_cred_usage_t *cred_usage_stored)
+{
+
+	/* Initialize outputs. */
+
+	if (minor_status != NULL)
+		*minor_status = 0;
+
+	if (elements_stored != NULL)
+		*elements_stored = GSS_C_NULL_OID_SET;
+
+	/* Validate arguments. */
+
+	if (minor_status == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	if (input_cred_handle == GSS_C_NO_CREDENTIAL)
+		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
+
+	if (cred_usage != GSS_C_ACCEPT
+	    && cred_usage != GSS_C_INITIATE
+	    && cred_usage != GSS_C_BOTH) {
+	    if (minor_status) {
+		*minor_status = EINVAL;
+		map_errcode(minor_status);
+	    }
+	    return GSS_S_FAILURE;
+	}
+
+	if (cred_store != NULL && cred_store->count == 0) {
+		*minor_status = EINVAL;
+		map_errcode(minor_status);
+		return GSS_S_FAILURE;
+	}
+
+	return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_store_cred(minor_status,
+	       input_cred_handle,
+	       cred_usage,
+	       desired_mech,
+	       overwrite_cred,
+	       default_cred,
+	       elements_stored,
+	       cred_usage_stored)
+
+OM_uint32		*minor_status;
+gss_cred_id_t	         input_cred_handle;
+gss_cred_usage_t	 cred_usage;
+const gss_OID		 desired_mech;
+OM_uint32		 overwrite_cred;
+OM_uint32		 default_cred;
+gss_OID_set		*elements_stored;
+gss_cred_usage_t	*cred_usage_stored;
+
+{
+	return gss_store_cred_into(minor_status, input_cred_handle, cred_usage,
+				   desired_mech, overwrite_cred, default_cred,
+				   GSS_C_NO_CRED_STORE, elements_stored,
+				   cred_usage_stored);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_store_cred_into(minor_status,
+		    input_cred_handle,
+		    cred_usage,
+		    desired_mech,
+		    overwrite_cred,
+		    default_cred,
+		    cred_store,
+		    elements_stored,
+		    cred_usage_stored)
+
+OM_uint32			 *minor_status;
+gss_cred_id_t			 input_cred_handle;
+gss_cred_usage_t		 cred_usage;
+gss_OID				 desired_mech;
+OM_uint32			 overwrite_cred;
+OM_uint32			 default_cred;
+gss_const_key_value_set_t	 cred_store;
+gss_OID_set			 *elements_stored;
+gss_cred_usage_t		 *cred_usage_stored;
+
+{
+	OM_uint32		major_status = GSS_S_FAILURE;
+	gss_union_cred_t	union_cred;
+	gss_cred_id_t		mech_cred;
+	gss_mechanism		mech;
+	gss_OID			dmech;
+	gss_OID			selected_mech;
+	int			i;
+
+	major_status = val_store_cred_args(minor_status,
+					   input_cred_handle,
+					   cred_usage,
+					   desired_mech,
+					   overwrite_cred,
+					   default_cred,
+					   cred_store,
+					   elements_stored,
+					   cred_usage_stored);
+	if (major_status != GSS_S_COMPLETE)
+		return (major_status);
+
+	/* Initial value needed below. */
+	major_status = GSS_S_FAILURE;
+
+	if (cred_usage_stored != NULL)
+		*cred_usage_stored = GSS_C_BOTH; /* there's no GSS_C_NEITHER */
+
+	union_cred = (gss_union_cred_t)input_cred_handle;
+
+	/* desired_mech != GSS_C_NULL_OID -> store one element */
+	if (desired_mech != GSS_C_NULL_OID) {
+		major_status = gssint_select_mech_type(minor_status,
+						       desired_mech,
+						       &selected_mech);
+		if (major_status != GSS_S_COMPLETE)
+			return (major_status);
+
+		mech = gssint_get_mechanism(selected_mech);
+		if (mech == NULL)
+			return (GSS_S_BAD_MECH);
+
+		if (mech->gss_store_cred_into == NULL &&
+		    cred_store != GSS_C_NO_CRED_STORE)
+			return (major_status);
+
+		if (mech->gss_store_cred == NULL &&
+		    mech->gss_store_cred_into == NULL)
+			return (major_status);
+
+		mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
+		if (mech_cred == GSS_C_NO_CREDENTIAL)
+			return (GSS_S_NO_CRED);
+
+		major_status = store_cred_fallback(minor_status, mech,
+						   mech_cred, cred_usage,
+						   selected_mech,
+						   overwrite_cred,
+						   default_cred, cred_store,
+						   elements_stored,
+						   cred_usage_stored);
+		if (major_status != GSS_S_COMPLETE)
+		    map_error(minor_status, mech);
+		return major_status;
+	}
+
+	/* desired_mech == GSS_C_NULL_OID -> store all elements */
+
+	*minor_status = 0;
+
+	for (i = 0; i < union_cred->count; i++) {
+		/* Get mech and cred element */
+		dmech = &union_cred->mechs_array[i];
+		mech = gssint_get_mechanism(dmech);
+		if (mech == NULL)
+			continue;
+
+		if (mech->gss_store_cred_into == NULL &&
+		    cred_store != GSS_C_NO_CRED_STORE)
+			continue;
+
+		if (mech->gss_store_cred == NULL &&
+		    mech->gss_store_cred_into == NULL)
+			continue;
+
+		mech_cred = gssint_get_mechanism_cred(union_cred, dmech);
+		if (mech_cred == GSS_C_NO_CREDENTIAL)
+			continue; /* can't happen, but safe to ignore */
+
+		major_status = store_cred_fallback(minor_status, mech,
+						   mech_cred, cred_usage,
+						   dmech, overwrite_cred,
+						   default_cred, cred_store,
+						   NULL, cred_usage_stored);
+		if (major_status != GSS_S_COMPLETE) {
+		    map_error(minor_status, mech);
+		    continue;
+		}
+
+		/* Succeeded for at least one mech */
+
+		if (elements_stored == NULL)
+			continue;
+
+		if (*elements_stored == GSS_C_NULL_OID_SET) {
+			major_status = gss_create_empty_oid_set(minor_status,
+						elements_stored);
+
+			if (GSS_ERROR(major_status))
+				return (major_status);
+		}
+
+		major_status = gss_add_oid_set_member(minor_status, dmech,
+			elements_stored);
+
+		/* The caller should clean up elements_stored */
+		if (GSS_ERROR(major_status))
+			return (major_status);
+	}
+
+	/*
+	 * Success with some mechs may mask failure with others, but
+	 * that's what elements_stored is for.
+	 */
+	return (major_status);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_unseal.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_unseal.c
new file mode 100644
index 00000000..c208635b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_unseal.c
@@ -0,0 +1,132 @@
+/* #pragma ident	"@(#)g_unseal.c	1.13	98/01/22 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine gss_unwrap
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_unwrap (minor_status,
+            context_handle,
+            input_message_buffer,
+            output_message_buffer,
+            conf_state,
+            qop_state)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_buffer_t		input_message_buffer;
+gss_buffer_t		output_message_buffer;
+int *			conf_state;
+gss_qop_t *		qop_state;
+
+{
+/* EXPORT DELETE START */
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    if (output_message_buffer != GSS_C_NO_BUFFER) {
+	output_message_buffer->length = 0;
+	output_message_buffer->value = NULL;
+    }
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (input_message_buffer == GSS_C_NO_BUFFER ||
+	GSS_EMPTY_BUFFER(input_message_buffer))
+
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (output_message_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+	if (mech->gss_unwrap) {
+	    status = mech->gss_unwrap(minor_status,
+				      ctx->internal_ctx_id,
+				      input_message_buffer,
+				      output_message_buffer,
+				      conf_state,
+				      qop_state);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else if (mech->gss_unwrap_aead || mech->gss_unwrap_iov) {
+	    status = gssint_unwrap_aead(mech,
+					minor_status,
+					ctx,
+					input_message_buffer,
+					GSS_C_NO_BUFFER,
+					output_message_buffer,
+					conf_state,
+					(gss_qop_t *)qop_state);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+
+/* EXPORT DELETE END */
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_unseal (minor_status,
+            context_handle,
+            input_message_buffer,
+            output_message_buffer,
+            conf_state,
+            qop_state)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_buffer_t		input_message_buffer;
+gss_buffer_t		output_message_buffer;
+int *			conf_state;
+int *			qop_state;
+
+{
+    return (gss_unwrap(minor_status, context_handle,
+		       input_message_buffer,
+		       output_message_buffer, conf_state, (gss_qop_t *) qop_state));
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_unwrap_aead.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_unwrap_aead.c
new file mode 100644
index 00000000..0682bd89
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_unwrap_aead.c
@@ -0,0 +1,199 @@
+/* #pragma ident	"@(#)g_seal.c	1.19	98/04/21 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_unwrap_aead
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_unwrap_aead_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    gss_buffer_t input_message_buffer,
+    gss_buffer_t input_assoc_buffer,
+    gss_buffer_t output_payload_buffer,
+    int *conf_state,
+    gss_qop_t *qop_state)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (input_message_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (output_payload_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+static OM_uint32
+gssint_unwrap_aead_iov_shim(gss_mechanism mech,
+			    OM_uint32 *minor_status,
+			    gss_ctx_id_t context_handle,
+			    gss_buffer_t input_message_buffer,
+			    gss_buffer_t input_assoc_buffer,
+			    gss_buffer_t output_payload_buffer,
+			    int *conf_state,
+			    gss_qop_t *qop_state)
+{
+    OM_uint32		    status;
+    gss_iov_buffer_desc	    iov[3];
+    int			    i = 0;
+
+    iov[i].type = GSS_IOV_BUFFER_TYPE_STREAM;
+    iov[i].buffer = *input_message_buffer;
+    i++;
+
+    if (input_assoc_buffer != NULL) {
+	iov[i].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+	iov[i].buffer = *input_assoc_buffer;
+	i++;
+    }
+
+    iov[i].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    iov[i].buffer.value = NULL;
+    iov[i].buffer.length = 0;
+    i++;
+
+    assert(mech->gss_unwrap_iov);
+
+    status = mech->gss_unwrap_iov(minor_status, context_handle, conf_state,
+				  qop_state, iov, i);
+    if (status == GSS_S_COMPLETE) {
+	*output_payload_buffer = iov[i - 1].buffer;
+    } else {
+	OM_uint32 minor;
+
+	map_error(minor_status, mech);
+
+	if (iov[i - 1].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
+	    gss_release_buffer(&minor, &iov[i - 1].buffer);
+	    iov[i - 1].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+	}
+    }
+
+    return status;
+}
+
+OM_uint32
+gssint_unwrap_aead (gss_mechanism mech,
+		    OM_uint32 *minor_status,
+		    gss_union_ctx_id_t ctx,
+		    gss_buffer_t input_message_buffer,
+		    gss_buffer_t input_assoc_buffer,
+		    gss_buffer_t output_payload_buffer,
+		    int *conf_state,
+		    gss_qop_t *qop_state)
+{
+    OM_uint32		    status;
+
+    assert(mech != NULL);
+    assert(ctx != NULL);
+
+ /* EXPORT DELETE START */
+
+    if (mech->gss_unwrap_aead) {
+	status = mech->gss_unwrap_aead(minor_status,
+				       ctx->internal_ctx_id,
+				       input_message_buffer,
+				       input_assoc_buffer,
+				       output_payload_buffer,
+				       conf_state,
+				       qop_state);
+	if (status != GSS_S_COMPLETE)
+	    map_error(minor_status, mech);
+    } else if (mech->gss_unwrap_iov) {
+	status = gssint_unwrap_aead_iov_shim(mech,
+					     minor_status,
+					     ctx->internal_ctx_id,
+					     input_message_buffer,
+					     input_assoc_buffer,
+					     output_payload_buffer,
+					     conf_state,
+					     qop_state);
+    } else
+	status = GSS_S_UNAVAILABLE;
+ /* EXPORT DELETE END */
+
+    return (status);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_unwrap_aead (minor_status,
+                 context_handle,
+		 input_message_buffer,
+		 input_assoc_buffer,
+		 output_payload_buffer,
+                 conf_state,
+                 qop_state)
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_buffer_t		input_message_buffer;
+gss_buffer_t		input_assoc_buffer;
+gss_buffer_t		output_payload_buffer;
+int 			*conf_state;
+gss_qop_t		*qop_state;
+{
+
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    status = val_unwrap_aead_args(minor_status, context_handle,
+				  input_message_buffer, input_assoc_buffer,
+				  output_payload_buffer,
+				  conf_state, qop_state);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (!mech)
+	return (GSS_S_BAD_MECH);
+
+    return gssint_unwrap_aead(mech, minor_status, ctx,
+			      input_message_buffer, input_assoc_buffer,
+			      output_payload_buffer, conf_state, qop_state);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_unwrap_iov.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_unwrap_iov.c
new file mode 100644
index 00000000..599be2c7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_unwrap_iov.c
@@ -0,0 +1,145 @@
+/* #pragma ident	"@(#)g_seal.c	1.19	98/04/21 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_unwrap_iov
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_unwrap_iov_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    int *conf_state,
+    gss_qop_t *qop_state,
+    gss_iov_buffer_desc *iov,
+    int iov_count)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (iov == GSS_C_NO_IOV_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_unwrap_iov (minor_status,
+                context_handle,
+                conf_state,
+                qop_state,
+                iov,
+                iov_count)
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+int *			conf_state;
+gss_qop_t		*qop_state;
+gss_iov_buffer_desc  *	iov;
+int			iov_count;
+{
+ /* EXPORT DELETE START */
+
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    status = val_unwrap_iov_args(minor_status, context_handle,
+				 conf_state, qop_state, iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+	if (mech->gss_unwrap_iov) {
+	    status = mech->gss_unwrap_iov(
+				 	  minor_status,
+					  ctx->internal_ctx_id,
+					  conf_state,
+					  qop_state,
+					  iov,
+					  iov_count);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+ /* EXPORT DELETE END */
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+		   gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
+		   int iov_count)
+{
+    OM_uint32 status;
+    gss_union_ctx_id_t ctx;
+    gss_mechanism mech;
+
+    status = val_unwrap_iov_args(minor_status, context_handle, NULL,
+				 qop_state, iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    /* Select the approprate underlying mechanism routine and call it. */
+    ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return GSS_S_NO_CONTEXT;
+    mech = gssint_get_mechanism(ctx->mech_type);
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    if (mech->gss_verify_mic_iov == NULL)
+	return GSS_S_UNAVAILABLE;
+    status = mech->gss_verify_mic_iov(minor_status, ctx->internal_ctx_id,
+				      qop_state, iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_verify.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_verify.c
new file mode 100644
index 00000000..8996fce8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_verify.c
@@ -0,0 +1,108 @@
+/* #pragma ident	"@(#)g_verify.c	1.13	98/04/23 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_verify_mic
+ */
+
+#include "mglueP.h"
+
+OM_uint32 KRB5_CALLCONV
+gss_verify_mic (minor_status,
+		context_handle,
+		message_buffer,
+		token_buffer,
+		qop_state)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_buffer_t		message_buffer;
+gss_buffer_t		token_buffer;
+gss_qop_t *		qop_state;
+
+{
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+    *minor_status = 0;
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if ((message_buffer == GSS_C_NO_BUFFER) ||
+	GSS_EMPTY_BUFFER(token_buffer))
+
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+	if (mech->gss_verify_mic) {
+	    status = mech->gss_verify_mic(
+					  minor_status,
+					  ctx->internal_ctx_id,
+					  message_buffer,
+					  token_buffer,
+					  qop_state);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_verify (minor_status,
+            context_handle,
+            message_buffer,
+            token_buffer,
+            qop_state)
+
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+gss_buffer_t		message_buffer;
+gss_buffer_t		token_buffer;
+int *			qop_state;
+
+{
+	return (gss_verify_mic(minor_status, context_handle,
+			       message_buffer, token_buffer,
+			       (gss_qop_t *) qop_state));
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_wrap_aead.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_wrap_aead.c
new file mode 100644
index 00000000..7fe3b7b3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_wrap_aead.c
@@ -0,0 +1,269 @@
+/* #pragma ident	"@(#)g_seal.c	1.19	98/04/21 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_wrap_aead
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_wrap_aead_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    int conf_req_flag,
+    gss_qop_t qop_req,
+    gss_buffer_t input_assoc_buffer,
+    gss_buffer_t input_payload_buffer,
+    int *conf_state,
+    gss_buffer_t output_message_buffer)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (input_payload_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (output_message_buffer == GSS_C_NO_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    return (GSS_S_COMPLETE);
+}
+
+static OM_uint32
+gssint_wrap_aead_iov_shim(gss_mechanism mech,
+			  OM_uint32 *minor_status,
+			  gss_ctx_id_t context_handle,
+			  int conf_req_flag,
+			  gss_qop_t qop_req,
+			  gss_buffer_t input_assoc_buffer,
+			  gss_buffer_t input_payload_buffer,
+			  int *conf_state,
+			  gss_buffer_t output_message_buffer)
+{
+    gss_iov_buffer_desc	iov[5];
+    OM_uint32		status;
+    size_t		offset;
+    int			i = 0, iov_count;
+
+    /* HEADER | SIGN_ONLY_DATA | DATA | PADDING | TRAILER */
+
+    iov[i].type = GSS_IOV_BUFFER_TYPE_HEADER;
+    iov[i].buffer.value = NULL;
+    iov[i].buffer.length = 0;
+    i++;
+
+    if (input_assoc_buffer != GSS_C_NO_BUFFER) {
+	iov[i].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+	iov[i].buffer = *input_assoc_buffer;
+	i++;
+    }
+
+    iov[i].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[i].buffer = *input_payload_buffer;
+    i++;
+
+    iov[i].type = GSS_IOV_BUFFER_TYPE_PADDING;
+    iov[i].buffer.value = NULL;
+    iov[i].buffer.length = 0;
+    i++;
+
+    iov[i].type = GSS_IOV_BUFFER_TYPE_TRAILER;
+    iov[i].buffer.value = NULL;
+    iov[i].buffer.length = 0;
+    i++;
+
+    iov_count = i;
+
+    assert(mech->gss_wrap_iov_length);
+
+    status = mech->gss_wrap_iov_length(minor_status, context_handle,
+				       conf_req_flag, qop_req,
+				       NULL, iov, iov_count);
+    if (status != GSS_S_COMPLETE) {
+	map_error(minor_status, mech);
+	return status;
+    }
+
+    /* Format output token (does not include associated data) */
+    for (i = 0, output_message_buffer->length = 0; i < iov_count; i++) {
+	if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+	    continue;
+
+	output_message_buffer->length += iov[i].buffer.length;
+    }
+
+    output_message_buffer->value = gssalloc_malloc(output_message_buffer->length);
+    if (output_message_buffer->value == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    i = 0, offset = 0;
+
+    /* HEADER */
+    iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset;
+    offset += iov[i].buffer.length;
+    i++;
+
+    /* SIGN_ONLY_DATA */
+    if (input_assoc_buffer != GSS_C_NO_BUFFER)
+	i++;
+
+    /* DATA */
+    iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset;
+    offset += iov[i].buffer.length;
+
+    memcpy(iov[i].buffer.value, input_payload_buffer->value, iov[i].buffer.length);
+    i++;
+
+    /* PADDING */
+    iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset;
+    offset += iov[i].buffer.length;
+    i++;
+
+    /* TRAILER */
+    iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset;
+    offset += iov[i].buffer.length;
+    i++;
+
+    assert(offset == output_message_buffer->length);
+
+    assert(mech->gss_wrap_iov);
+
+    status = mech->gss_wrap_iov(minor_status, context_handle,
+				conf_req_flag, qop_req,
+				conf_state, iov, iov_count);
+    if (status != GSS_S_COMPLETE) {
+	OM_uint32 minor;
+
+	map_error(minor_status, mech);
+	gss_release_buffer(&minor, output_message_buffer);
+    }
+
+    return status;
+}
+
+OM_uint32
+gssint_wrap_aead (gss_mechanism mech,
+		  OM_uint32 *minor_status,
+		  gss_union_ctx_id_t ctx,
+		  int conf_req_flag,
+		  gss_qop_t qop_req,
+		  gss_buffer_t input_assoc_buffer,
+		  gss_buffer_t input_payload_buffer,
+		  int *conf_state,
+		  gss_buffer_t output_message_buffer)
+{
+ /* EXPORT DELETE START */
+    OM_uint32		status;
+
+    assert(ctx != NULL);
+    assert(mech != NULL);
+
+    if (mech->gss_wrap_aead) {
+	status = mech->gss_wrap_aead(minor_status,
+				     ctx->internal_ctx_id,
+				     conf_req_flag,
+				     qop_req,
+				     input_assoc_buffer,
+				     input_payload_buffer,
+				     conf_state,
+				     output_message_buffer);
+	if (status != GSS_S_COMPLETE)
+	    map_error(minor_status, mech);
+    } else if (mech->gss_wrap_iov && mech->gss_wrap_iov_length) {
+	status = gssint_wrap_aead_iov_shim(mech,
+					   minor_status,
+					   ctx->internal_ctx_id,
+					   conf_req_flag,
+					   qop_req,
+					   input_assoc_buffer,
+					   input_payload_buffer,
+					   conf_state,
+					   output_message_buffer);
+    } else
+	status = GSS_S_UNAVAILABLE;
+
+ /* EXPORT DELETE END */
+
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_wrap_aead (minor_status,
+               context_handle,
+               conf_req_flag,
+               qop_req,
+	       input_assoc_buffer,
+	       input_payload_buffer,
+               conf_state,
+               output_message_buffer)
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+int			conf_req_flag;
+gss_qop_t		qop_req;
+gss_buffer_t		input_assoc_buffer;
+gss_buffer_t		input_payload_buffer;
+int *			conf_state;
+gss_buffer_t		output_message_buffer;
+{
+    OM_uint32		status;
+    gss_mechanism	mech;
+    gss_union_ctx_id_t	ctx;
+
+    status = val_wrap_aead_args(minor_status, context_handle,
+				conf_req_flag, qop_req,
+				input_assoc_buffer, input_payload_buffer,
+				conf_state, output_message_buffer);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+    ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+    if (!mech)
+	return (GSS_S_BAD_MECH);
+
+    return gssint_wrap_aead(mech, minor_status, ctx,
+			    conf_req_flag, qop_req,
+			    input_assoc_buffer, input_payload_buffer,
+			    conf_state, output_message_buffer);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/g_wrap_iov.c b/krb5-1.21.3/src/lib/gssapi/mechglue/g_wrap_iov.c
new file mode 100644
index 00000000..14447c4e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/g_wrap_iov.c
@@ -0,0 +1,269 @@
+/* #pragma ident	"@(#)g_seal.c	1.19	98/04/21 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routine for gss_wrap_iov
+ */
+
+#include "mglueP.h"
+
+static OM_uint32
+val_wrap_iov_args(
+    OM_uint32 *minor_status,
+    gss_ctx_id_t context_handle,
+    int conf_req_flag,
+    gss_qop_t qop_req,
+    int *conf_state,
+    gss_iov_buffer_desc *iov,
+    int iov_count)
+{
+
+    /* Initialize outputs. */
+
+    if (minor_status != NULL)
+	*minor_status = 0;
+
+    /* Validate arguments. */
+
+    if (minor_status == NULL)
+	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    if (context_handle == GSS_C_NO_CONTEXT)
+	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+
+    if (iov == GSS_C_NO_IOV_BUFFER)
+	return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    return (GSS_S_COMPLETE);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+gss_wrap_iov (minor_status,
+              context_handle,
+              conf_req_flag,
+              qop_req,
+              conf_state,
+              iov,
+              iov_count)
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+int			conf_req_flag;
+gss_qop_t		qop_req;
+int *			conf_state;
+gss_iov_buffer_desc  *	iov;
+int			iov_count;
+{
+ /* EXPORT DELETE START */
+
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    status = val_wrap_iov_args(minor_status, context_handle,
+			       conf_req_flag, qop_req,
+			       conf_state, iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+	if (mech->gss_wrap_iov) {
+	    status = mech->gss_wrap_iov(
+					minor_status,
+					ctx->internal_ctx_id,
+					conf_req_flag,
+					qop_req,
+					conf_state,
+					iov,
+					iov_count);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+ /* EXPORT DELETE END */
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_wrap_iov_length (minor_status,
+                     context_handle,
+                     conf_req_flag,
+                     qop_req,
+                     conf_state,
+                     iov,
+                     iov_count)
+OM_uint32 *		minor_status;
+gss_ctx_id_t		context_handle;
+int			conf_req_flag;
+gss_qop_t		qop_req;
+int *			conf_state;
+gss_iov_buffer_desc  *	iov;
+int			iov_count;
+{
+ /* EXPORT DELETE START */
+
+    OM_uint32		status;
+    gss_union_ctx_id_t	ctx;
+    gss_mechanism	mech;
+
+    status = val_wrap_iov_args(minor_status, context_handle,
+			       conf_req_flag, qop_req,
+			       conf_state, iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	return (status);
+
+    /*
+     * select the approprate underlying mechanism routine and
+     * call it.
+     */
+
+    ctx = (gss_union_ctx_id_t) context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return (GSS_S_NO_CONTEXT);
+    mech = gssint_get_mechanism (ctx->mech_type);
+
+    if (mech) {
+	if (mech->gss_wrap_iov_length) {
+	    status = mech->gss_wrap_iov_length(
+					      minor_status,
+					      ctx->internal_ctx_id,
+					      conf_req_flag,
+					      qop_req,
+					      conf_state,
+					      iov,
+					      iov_count);
+	    if (status != GSS_S_COMPLETE)
+		map_error(minor_status, mech);
+	} else
+	    status = GSS_S_UNAVAILABLE;
+
+	return(status);
+    }
+ /* EXPORT DELETE END */
+
+    return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+		gss_qop_t qop_req, gss_iov_buffer_desc *iov, int iov_count)
+{
+    OM_uint32 status;
+    gss_union_ctx_id_t ctx;
+    gss_mechanism mech;
+
+    status = val_wrap_iov_args(minor_status, context_handle, 0, qop_req, NULL,
+			       iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    /* Select the approprate underlying mechanism routine and call it. */
+    ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return GSS_S_NO_CONTEXT;
+    mech = gssint_get_mechanism(ctx->mech_type);
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    if (mech->gss_get_mic_iov == NULL)
+	return GSS_S_UNAVAILABLE;
+    status = mech->gss_get_mic_iov(minor_status, ctx->internal_ctx_id, qop_req,
+				   iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_get_mic_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+		       gss_qop_t qop_req, gss_iov_buffer_desc *iov,
+		       int iov_count)
+{
+    OM_uint32 status;
+    gss_union_ctx_id_t ctx;
+    gss_mechanism mech;
+
+    status = val_wrap_iov_args(minor_status, context_handle, 0, qop_req, NULL,
+			       iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	return status;
+
+    /* Select the approprate underlying mechanism routine and call it. */
+    ctx = (gss_union_ctx_id_t)context_handle;
+    if (ctx->internal_ctx_id == GSS_C_NO_CONTEXT)
+	return GSS_S_NO_CONTEXT;
+    mech = gssint_get_mechanism(ctx->mech_type);
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+    if (mech->gss_get_mic_iov_length == NULL)
+	return GSS_S_UNAVAILABLE;
+    status = mech->gss_get_mic_iov_length(minor_status, ctx->internal_ctx_id,
+					  qop_req, iov, iov_count);
+    if (status != GSS_S_COMPLETE)
+	map_error(minor_status, mech);
+    return status;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_release_iov_buffer (minor_status,
+			iov,
+			iov_count)
+OM_uint32 *		minor_status;
+gss_iov_buffer_desc *	iov;
+int			iov_count;
+{
+    OM_uint32		status = GSS_S_COMPLETE;
+    int			i;
+
+    if (minor_status)
+	*minor_status = 0;
+
+    if (iov == GSS_C_NO_IOV_BUFFER)
+	return GSS_S_COMPLETE;
+
+    for (i = 0; i < iov_count; i++) {
+	if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) {
+	    status = gss_release_buffer(minor_status, &iov[i].buffer);
+	    if (status != GSS_S_COMPLETE)
+		break;
+
+	    iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED);
+	}
+    }
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/krb5-1.21.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
new file mode 100644
index 00000000..4caa7516
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -0,0 +1,226 @@
+/* #pragma ident	"@(#)gssd_pname_to_uid.c	1.18	04/02/23 SMI" */
+/*
+ * Copyright (c) 2011, PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of PADL Software nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ *  glue routines that test the mech id either passed in to
+ *  gss_init_sec_contex() or gss_accept_sec_context() or within the glue
+ *  routine supported version of the security context and then call
+ *  the appropriate underlying mechanism library procedure.
+ *
+ */
+
+#include "mglueP.h"
+
+#ifndef NO_PASSWORD
+#include <pwd.h>
+#endif
+
+static OM_uint32
+attr_localname(OM_uint32 *minor,
+               const gss_mechanism mech,
+               const gss_name_t mech_name,
+               gss_buffer_t localname)
+{
+    OM_uint32 major = GSS_S_UNAVAILABLE;
+    OM_uint32 tmpMinor;
+    int more = -1;
+    gss_buffer_desc value;
+    gss_buffer_desc display_value;
+    int authenticated = 0, complete = 0;
+
+    value.value = NULL;
+    display_value.value = NULL;
+    if (mech->gss_get_name_attribute == NULL)
+        return GSS_S_UNAVAILABLE;
+
+    major = mech->gss_get_name_attribute(minor,
+                                         mech_name,
+                                         GSS_C_ATTR_LOCAL_LOGIN_USER,
+                                         &authenticated,
+                                         &complete,
+                                         &value,
+                                         &display_value,
+                                         &more);
+    if (GSS_ERROR(major)) {
+        map_error(minor, mech);
+        goto cleanup;
+    }
+
+    if (!authenticated)
+        major = GSS_S_UNAVAILABLE;
+    else {
+        localname->value = value.value;
+        localname->length = value.length;
+        value.value = NULL;
+    }
+
+cleanup:
+    if (display_value.value)
+        gss_release_buffer(&tmpMinor, &display_value);
+    if (value.value)
+        gss_release_buffer(&tmpMinor, &value);
+    return major;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_localname(OM_uint32 *minor,
+              const gss_name_t pname,
+              gss_const_OID mech_type,
+              gss_buffer_t localname)
+{
+    OM_uint32 major, tmpMinor;
+    gss_mechanism mech;
+    gss_union_name_t unionName;
+    gss_name_t mechName = GSS_C_NO_NAME, mechNameP;
+    gss_OID selected_mech = GSS_C_NO_OID, public_mech;
+
+    if (localname != GSS_C_NO_BUFFER) {
+	localname->length = 0;
+	localname->value = NULL;
+    }
+
+    if (minor == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    *minor = 0;
+
+    if (pname == GSS_C_NO_NAME)
+        return GSS_S_CALL_INACCESSIBLE_READ;
+
+    if (localname == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+    unionName = (gss_union_name_t)pname;
+
+    if (mech_type != GSS_C_NO_OID) {
+        major = gssint_select_mech_type(minor, mech_type, &selected_mech);
+        if (major != GSS_S_COMPLETE)
+	    return major;
+        mech = gssint_get_mechanism(selected_mech);
+    } else
+        mech = gssint_get_mechanism(unionName->mech_type);
+
+    if (mech == NULL)
+	return GSS_S_BAD_MECH;
+
+    /* may need to create a mechanism specific name */
+    if (unionName->mech_type == GSS_C_NO_OID ||
+        (unionName->mech_type != GSS_C_NO_OID &&
+         !g_OID_equal(unionName->mech_type, &mech->mech_type))) {
+        major = gssint_import_internal_name(minor, &mech->mech_type,
+                                            unionName, &mechName);
+        if (GSS_ERROR(major))
+            return major;
+
+        mechNameP = mechName;
+    } else
+        mechNameP = unionName->mech_name;
+
+    major = GSS_S_UNAVAILABLE;
+
+    if (mech->gss_localname != NULL) {
+        public_mech = gssint_get_public_oid(selected_mech);
+        major = mech->gss_localname(minor, mechNameP, public_mech, localname);
+        if (GSS_ERROR(major))
+            map_error(minor, mech);
+    }
+
+    if (GSS_ERROR(major))
+        major = attr_localname(minor, mech, mechNameP, localname);
+
+    if (mechName != GSS_C_NO_NAME)
+        gssint_release_internal_name(&tmpMinor, &mech->mech_type, &mechName);
+
+    return major;
+}
+
+#ifndef _WIN32
+OM_uint32 KRB5_CALLCONV
+gss_pname_to_uid(OM_uint32 *minor,
+                 const gss_name_t name,
+                 const gss_OID mech_type,
+                 uid_t *uidOut)
+{
+    OM_uint32 major = GSS_S_UNAVAILABLE, tmpminor;
+#ifndef NO_PASSWORD
+    gss_buffer_desc localname;
+    char pwbuf[BUFSIZ];
+    char *localuser = NULL;
+    struct passwd *pwd = NULL;
+    struct passwd pw;
+    int code = 0;
+
+    localname.value = NULL;
+    major = gss_localname(minor, name, mech_type, &localname);
+    if (!GSS_ERROR(major) && localname.value) {
+        localuser = malloc(localname.length + 1);
+        if (localuser == NULL)
+            code = ENOMEM;
+        if (code == 0) {
+            memcpy(localuser, localname.value, localname.length);
+            localuser[localname.length] = '\0';
+            code = k5_getpwnam_r(localuser, &pw, pwbuf, sizeof(pwbuf), &pwd);
+        }
+        if ((code == 0) && pwd)
+            *uidOut = pwd->pw_uid;
+        else
+            major = GSS_S_FAILURE;
+    }
+    free(localuser);
+    if (localname.value)
+        gss_release_buffer(&tmpminor, &localname);
+#endif /*NO_PASSWORD*/
+    return major;
+}
+#endif /*_WIN32*/
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/mechglue.h b/krb5-1.21.3/src/lib/gssapi/mechglue/mechglue.h
new file mode 100644
index 00000000..85983694
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/mechglue.h
@@ -0,0 +1,42 @@
+/* #ident  "@(#)mechglue.h 1.13     95/08/07 SMI" */
+
+/*
+ * Copyright 1996 by Sun Microsystems, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Sun Microsystems not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. Sun Microsystems makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This header contains the mechglue definitions.
+ */
+
+#ifndef _GSS_MECHGLUE_H
+#define _GSS_MECHGLUE_H
+
+#include <gssapi/gssapi.h>
+
+/********************************************************/
+/* GSSAPI Extension functions -- these functions aren't */
+/* in the GSSAPI, but they are provided in this library */
+
+#include <gssapi/gssapi_ext.h>
+
+void KRB5_CALLCONV gss_initialize(void);
+
+#endif /* _GSS_MECHGLUE_H */
diff --git a/krb5-1.21.3/src/lib/gssapi/mechglue/mglueP.h b/krb5-1.21.3/src/lib/gssapi/mechglue/mglueP.h
new file mode 100644
index 00000000..7f836fbb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/mechglue/mglueP.h
@@ -0,0 +1,864 @@
+/* lib/gssapi/mechglue/mglueP.h */
+
+/*
+ * Copyright (c) 1995, by Sun Microsystems, Inc.
+ * All rights reserved.
+ */
+
+/* This header contains the private mechglue definitions. */
+
+#ifndef _GSS_MECHGLUEP_H
+#define _GSS_MECHGLUEP_H
+
+#include "autoconf.h"
+#include "mechglue.h"
+#include "gssapiP_generic.h"
+
+#define	g_OID_copy(o1, o2)					\
+do {								\
+	memcpy((o1)->elements, (o2)->elements, (o2)->length);	\
+	(o1)->length = (o2)->length;				\
+} while (0)
+
+/*
+ * Array of context IDs typed by mechanism OID
+ */
+typedef struct gss_union_ctx_id_struct {
+	struct gss_union_ctx_id_struct *loopback;
+	gss_OID			mech_type;
+	gss_ctx_id_t		internal_ctx_id;
+} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
+
+/*
+ * Generic GSSAPI names.  A name can either be a generic name, or a
+ * mechanism specific name....
+ */
+typedef struct gss_name_struct {
+	struct gss_name_struct *loopback;
+	gss_OID			name_type;
+	gss_buffer_t		external_name;
+	/*
+	 * These last two fields are only filled in for mechanism
+	 * names.
+	 */
+	gss_OID			mech_type;
+	gss_name_t		mech_name;
+} gss_union_name_desc, *gss_union_name_t;
+
+/*
+ * Structure for holding list of mechanism-specific name types
+ */
+typedef struct gss_mech_spec_name_t {
+    gss_OID	name_type;
+    gss_OID	mech;
+    struct gss_mech_spec_name_t	*next, *prev;
+} gss_mech_spec_name_desc, *gss_mech_spec_name;
+
+/*
+ * Set of Credentials typed on mechanism OID
+ */
+typedef struct gss_cred_id_struct {
+	struct gss_cred_id_struct *loopback;
+	int			count;
+	gss_OID			mechs_array;
+	gss_cred_id_t		*cred_array;
+} gss_union_cred_desc, *gss_union_cred_t;
+
+/*
+ * Rudimentary pointer validation macro to check whether the
+ * "loopback" field of an opaque struct points back to itself.  This
+ * field also catches some programming errors where an opaque pointer
+ * is passed to a function expecting the address of the opaque
+ * pointer.
+ */
+#define GSSINT_CHK_LOOP(p) (!((p) != NULL && (p)->loopback == (p)))
+
+/********************************************************/
+/* The Mechanism Dispatch Table -- a mechanism needs to */
+/* define one of these and provide a function to return */
+/* it to initialize the GSSAPI library		  */
+int gssint_mechglue_initialize_library(void);
+
+OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token);
+
+/*
+ * This table is used to access mechanism-specific versions of the GSSAPI
+ * functions.  It contains all of the functions defined in gssapi.h except for
+ * gss_release_buffer() and gss_release_oid_set(), which are assumed to be
+ * identical across mechanisms.
+ */
+typedef struct gss_config {
+    gss_OID_desc    mech_type;
+    void *	    context;
+    OM_uint32       (KRB5_CALLCONV *gss_acquire_cred)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_name_t,		/* desired_name */
+		    OM_uint32,		/* time_req */
+		    gss_OID_set,	/* desired_mechs */
+		    int,		/* cred_usage */
+		    gss_cred_id_t*,	/* output_cred_handle */
+		    gss_OID_set*,	/* actual_mechs */
+		    OM_uint32*		/* time_rec */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_release_cred)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_cred_id_t*	/* cred_handle */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_init_sec_context)
+	(
+		    OM_uint32*,			/* minor_status */
+		    gss_cred_id_t,		/* claimant_cred_handle */
+		    gss_ctx_id_t*,		/* context_handle */
+		    gss_name_t,			/* target_name */
+		    gss_OID,			/* mech_type */
+		    OM_uint32,			/* req_flags */
+		    OM_uint32,			/* time_req */
+		    gss_channel_bindings_t,	/* input_chan_bindings */
+		    gss_buffer_t,		/* input_token */
+		    gss_OID*,			/* actual_mech_type */
+		    gss_buffer_t,		/* output_token */
+		    OM_uint32*,			/* ret_flags */
+		    OM_uint32*			/* time_rec */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_accept_sec_context)
+	(
+		    OM_uint32*,			/* minor_status */
+		    gss_ctx_id_t*,		/* context_handle */
+		    gss_cred_id_t,		/* verifier_cred_handle */
+		    gss_buffer_t,		/* input_token_buffer */
+		    gss_channel_bindings_t,	/* input_chan_bindings */
+		    gss_name_t*,		/* src_name */
+		    gss_OID*,			/* mech_type */
+		    gss_buffer_t,		/* output_token */
+		    OM_uint32*,			/* ret_flags */
+		    OM_uint32*,			/* time_rec */
+		    gss_cred_id_t*		/* delegated_cred_handle */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_process_context_token)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    gss_buffer_t	/* token_buffer */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_delete_sec_context)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t*,	/* context_handle */
+		    gss_buffer_t	/* output_token */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_context_time)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    OM_uint32*		/* time_rec */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_get_mic)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    gss_qop_t,		/* qop_req */
+		    gss_buffer_t,	/* message_buffer */
+		    gss_buffer_t	/* message_token */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_verify_mic)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    gss_buffer_t,	/* message_buffer */
+		    gss_buffer_t,	/* token_buffer */
+		    gss_qop_t*		/* qop_state */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_wrap)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    int,		/* conf_req_flag */
+		    gss_qop_t,		/* qop_req */
+		    gss_buffer_t,	/* input_message_buffer */
+		    int*,		/* conf_state */
+		    gss_buffer_t	/* output_message_buffer */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_unwrap)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    gss_buffer_t,	/* input_message_buffer */
+		    gss_buffer_t,	/* output_message_buffer */
+		    int*,		/* conf_state */
+		    gss_qop_t*		/* qop_state */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_display_status)
+	(
+		    OM_uint32*,		/* minor_status */
+		    OM_uint32,		/* status_value */
+		    int,		/* status_type */
+		    gss_OID,		/* mech_type */
+		    OM_uint32*,		/* message_context */
+		    gss_buffer_t	/* status_string */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_indicate_mechs)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_OID_set*	/* mech_set */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_compare_name)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_name_t,		/* name1 */
+		    gss_name_t,		/* name2 */
+		    int*		/* name_equal */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_display_name)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_name_t,		/* input_name */
+		    gss_buffer_t,	/* output_name_buffer */
+		    gss_OID*		/* output_name_type */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_import_name)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_buffer_t,	/* input_name_buffer */
+		    gss_OID,		/* input_name_type */
+		    gss_name_t*		/* output_name */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_release_name)
+	(
+		    OM_uint32*,		/* minor_status */
+		    gss_name_t*		/* input_name */
+		    );
+    OM_uint32       (KRB5_CALLCONV *gss_inquire_cred)
+	(
+		    OM_uint32 *,		/* minor_status */
+		    gss_cred_id_t,		/* cred_handle */
+		    gss_name_t *,		/* name */
+		    OM_uint32 *,		/* lifetime */
+		    int *,			/* cred_usage */
+		    gss_OID_set *		/* mechanisms */
+		    );
+    OM_uint32	    (KRB5_CALLCONV *gss_add_cred)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_cred_id_t,	/* input_cred_handle */
+		    gss_name_t,		/* desired_name */
+		    gss_OID,		/* desired_mech */
+		    gss_cred_usage_t,	/* cred_usage */
+		    OM_uint32,		/* initiator_time_req */
+		    OM_uint32,		/* acceptor_time_req */
+		    gss_cred_id_t *,	/* output_cred_handle */
+		    gss_OID_set *,	/* actual_mechs */
+		    OM_uint32 *,	/* initiator_time_rec */
+		    OM_uint32 *		/* acceptor_time_rec */
+		    );
+    OM_uint32	    (KRB5_CALLCONV *gss_export_sec_context)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_ctx_id_t *,	/* context_handle */
+		    gss_buffer_t	/* interprocess_token */
+		    );
+    OM_uint32	    (KRB5_CALLCONV *gss_import_sec_context)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_buffer_t,	/* interprocess_token */
+		    gss_ctx_id_t *	/* context_handle */
+		    );
+    OM_uint32 	    (KRB5_CALLCONV *gss_inquire_cred_by_mech)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_cred_id_t,	/* cred_handle */
+		    gss_OID,		/* mech_type */
+		    gss_name_t *,	/* name */
+		    OM_uint32 *,	/* initiator_lifetime */
+		    OM_uint32 *,	/* acceptor_lifetime */
+		    gss_cred_usage_t *	/* cred_usage */
+		    );
+    OM_uint32	    (KRB5_CALLCONV *gss_inquire_names_for_mech)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_OID,		/* mechanism */
+		    gss_OID_set *	/* name_types */
+		    );
+    OM_uint32	(KRB5_CALLCONV *gss_inquire_context)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    gss_name_t *,	/* src_name */
+		    gss_name_t *,	/* targ_name */
+		    OM_uint32 *,	/* lifetime_rec */
+		    gss_OID *,		/* mech_type */
+		    OM_uint32 *,	/* ctx_flags */
+		    int *,	   	/* locally_initiated */
+		    int *		/* open */
+		    );
+    OM_uint32	    (KRB5_CALLCONV *gss_internal_release_oid)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_OID *		/* OID */
+	 );
+    OM_uint32	     (KRB5_CALLCONV *gss_wrap_size_limit)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    gss_ctx_id_t,	/* context_handle */
+		    int,		/* conf_req_flag */
+		    gss_qop_t,		/* qop_req */
+		    OM_uint32,		/* req_output_size */
+		    OM_uint32 *		/* max_input_size */
+	 );
+    OM_uint32	     (KRB5_CALLCONV *gss_localname)
+	(
+		    OM_uint32 *,        /* minor */
+		    const gss_name_t,	/* name */
+		    gss_const_OID,	/* mech_type */
+		    gss_buffer_t /* localname */
+	    );
+	OM_uint32		(KRB5_CALLCONV *gssspi_authorize_localname)
+	(
+		    OM_uint32 *,	/* minor_status */
+		    const gss_name_t,	/* pname */
+		    gss_const_buffer_t,	/* local user */
+		    gss_const_OID	/* local nametype */
+	/* */);
+	OM_uint32		(KRB5_CALLCONV *gss_export_name)
+	(
+		OM_uint32 *,		/* minor_status */
+		const gss_name_t,	/* input_name */
+		gss_buffer_t		/* exported_name */
+	/* */);
+        OM_uint32       (KRB5_CALLCONV *gss_duplicate_name)
+	(
+		    OM_uint32*,		/* minor_status */
+		    const gss_name_t,	/* input_name */
+		    gss_name_t *	/* output_name */
+	/* */);
+	OM_uint32	(KRB5_CALLCONV *gss_store_cred)
+	(
+		OM_uint32 *,		/* minor_status */
+		const gss_cred_id_t,	/* input_cred */
+		gss_cred_usage_t,	/* cred_usage */
+		const gss_OID,		/* desired_mech */
+		OM_uint32,		/* overwrite_cred */
+		OM_uint32,		/* default_cred */
+		gss_OID_set *,		/* elements_stored */
+		gss_cred_usage_t *	/* cred_usage_stored */
+	/* */);
+
+
+	/* GGF extensions */
+
+	OM_uint32       (KRB5_CALLCONV *gss_inquire_sec_context_by_oid)
+    	(
+    		    OM_uint32 *,	/* minor_status */
+    		    const gss_ctx_id_t, /* context_handle */
+    		    const gss_OID,      /* OID */
+    		    gss_buffer_set_t *  /* data_set */
+    		    );
+	OM_uint32       (KRB5_CALLCONV *gss_inquire_cred_by_oid)
+    	(
+    		    OM_uint32 *,	/* minor_status */
+    		    const gss_cred_id_t, /* cred_handle */
+    		    const gss_OID,      /* OID */
+    		    gss_buffer_set_t *  /* data_set */
+    		    );
+	OM_uint32       (KRB5_CALLCONV *gss_set_sec_context_option)
+    	(
+    		    OM_uint32 *,	/* minor_status */
+    		    gss_ctx_id_t *,     /* context_handle */
+    		    const gss_OID,      /* OID */
+    		    const gss_buffer_t  /* value */
+    		    );
+	OM_uint32       (KRB5_CALLCONV *gssspi_set_cred_option)
+    	(
+    		    OM_uint32 *,	/* minor_status */
+    		    gss_cred_id_t *,    /* cred_handle */
+    		    const gss_OID,      /* OID */
+    		    const gss_buffer_t	/* value */
+    		    );
+	OM_uint32       (KRB5_CALLCONV *gssspi_mech_invoke)
+    	(
+    		    OM_uint32*,		/* minor_status */
+    		    const gss_OID, 	/* mech OID */
+    		    const gss_OID,      /* OID */
+    		    gss_buffer_t 	/* value */
+    		    );
+
+	/* AEAD extensions */
+	OM_uint32	(KRB5_CALLCONV *gss_wrap_aead)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    int,			/* conf_req_flag */
+	    gss_qop_t,			/* qop_req */
+	    gss_buffer_t,		/* input_assoc_buffer */
+	    gss_buffer_t,		/* input_payload_buffer */
+	    int *,			/* conf_state */
+	    gss_buffer_t		/* output_message_buffer */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_unwrap_aead)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    gss_buffer_t,		/* input_message_buffer */
+	    gss_buffer_t,		/* input_assoc_buffer */
+	    gss_buffer_t,		/* output_payload_buffer */
+	    int *,			/* conf_state */
+	    gss_qop_t *			/* qop_state */
+	/* */);
+
+	/* SSPI extensions */
+	OM_uint32	(KRB5_CALLCONV *gss_wrap_iov)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    int,			/* conf_req_flag */
+	    gss_qop_t,			/* qop_req */
+	    int *,			/* conf_state */
+	    gss_iov_buffer_desc *,	/* iov */
+	    int				/* iov_count */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_unwrap_iov)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    int *,			/* conf_state */
+	    gss_qop_t *,		/* qop_state */
+	    gss_iov_buffer_desc *,	/* iov */
+	    int				/* iov_count */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_wrap_iov_length)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    int,			/* conf_req_flag*/
+	    gss_qop_t, 			/* qop_req */
+	    int *, 			/* conf_state */
+	    gss_iov_buffer_desc *,	/* iov */
+	    int				/* iov_count */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gss_complete_auth_token)
+    	(
+    		    OM_uint32*,		/* minor_status */
+    		    const gss_ctx_id_t,	/* context_handle */
+    		    gss_buffer_t	/* input_message_buffer */
+    		    );
+
+	/* New for 1.8 */
+
+	OM_uint32	(KRB5_CALLCONV *gss_acquire_cred_impersonate_name)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    const gss_cred_id_t,	/* impersonator_cred_handle */
+	    const gss_name_t,		/* desired_name */
+	    OM_uint32,			/* time_req */
+	    const gss_OID_set,		/* desired_mechs */
+	    gss_cred_usage_t,		/* cred_usage */
+	    gss_cred_id_t *,		/* output_cred_handle */
+	    gss_OID_set *,		/* actual_mechs */
+	    OM_uint32 *			/* time_rec */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_add_cred_impersonate_name)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_cred_id_t,		/* input_cred_handle */
+	    const gss_cred_id_t,	/* impersonator_cred_handle */
+	    const gss_name_t,		/* desired_name */
+	    const gss_OID,		/* desired_mech */
+	    gss_cred_usage_t,		/* cred_usage */
+	    OM_uint32,			/* initiator_time_req */
+	    OM_uint32,			/* acceptor_time_req */
+	    gss_cred_id_t *,		/* output_cred_handle */
+	    gss_OID_set *,		/* actual_mechs */
+	    OM_uint32 *,		/* initiator_time_rec */
+	    OM_uint32 *			/* acceptor_time_rec */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_display_name_ext)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    gss_OID,			/* display_as_name_type */
+	    gss_buffer_t		/* display_name */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_inquire_name)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    int *,			/* name_is_MN */
+	    gss_OID *,			/* MN_mech */
+	    gss_buffer_set_t *		/* attrs */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_get_name_attribute)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    gss_buffer_t,		/* attr */
+	    int *,			/* authenticated */
+	    int *,			/* complete */
+	    gss_buffer_t,		/* value */
+	    gss_buffer_t,		/* display_value */
+	    int *			/* more */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_set_name_attribute)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    int,			/* complete */
+	    gss_buffer_t,		/* attr */
+	    gss_buffer_t		/* value */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_delete_name_attribute)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    gss_buffer_t		/* attr */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_export_name_composite)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    gss_buffer_t		/* exp_composite_name */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_map_name_to_any)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    int,			/* authenticated */
+	    gss_buffer_t,		/* type_id */
+	    gss_any_t *			/* output */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_release_any_name_mapping)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* name */
+	    gss_buffer_t,		/* type_id */
+	    gss_any_t *			/* input */
+	/* */);
+
+        OM_uint32       (KRB5_CALLCONV *gss_pseudo_random)
+        (
+            OM_uint32 *,                /* minor_status */
+            gss_ctx_id_t,               /* context */
+            int,                        /* prf_key */
+            const gss_buffer_t,         /* prf_in */
+            ssize_t,                    /* desired_output_len */
+            gss_buffer_t                /* prf_out */
+        /* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_set_neg_mechs)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_cred_id_t,		/* cred_handle */
+	    const gss_OID_set		/* mech_set */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_inquire_saslname_for_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    const gss_OID,		/* desired_mech */
+	    gss_buffer_t,		/* sasl_mech_name */
+	    gss_buffer_t,		/* mech_name */
+	    gss_buffer_t		/* mech_description */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_inquire_mech_for_saslname)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    const gss_buffer_t,		/* sasl_mech_name */
+	    gss_OID *			/* mech_type */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gss_inquire_attrs_for_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_const_OID,		/* mech */
+	    gss_OID_set *,		/* mech_attrs */
+	    gss_OID_set *		/* known_mech_attrs */
+	/* */);
+
+	/* Credential store extensions */
+
+	OM_uint32       (KRB5_CALLCONV *gss_acquire_cred_from)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_name_t,			/* desired_name */
+	    OM_uint32,			/* time_req */
+	    gss_OID_set,		/* desired_mechs */
+	    gss_cred_usage_t,		/* cred_usage */
+	    gss_const_key_value_set_t,	/* cred_store */
+	    gss_cred_id_t *,		/* output_cred_handle */
+	    gss_OID_set *,		/* actual_mechs */
+	    OM_uint32 *			/* time_rec */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gss_store_cred_into)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_cred_id_t,		/* input_cred_handle */
+	    gss_cred_usage_t,		/* input_usage */
+	    gss_OID,			/* desired_mech */
+	    OM_uint32,			/* overwrite_cred */
+	    OM_uint32,			/* default_cred */
+	    gss_const_key_value_set_t,	/* cred_store */
+	    gss_OID_set *,		/* elements_stored */
+	    gss_cred_usage_t *		/* cred_usage_stored */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gssspi_acquire_cred_with_password)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    const gss_name_t,		/* desired_name */
+	    const gss_buffer_t,	 /* password */
+	    OM_uint32,			/* time_req */
+	    const gss_OID_set,		/* desired_mechs */
+	    int,			/* cred_usage */
+	    gss_cred_id_t *,		/* output_cred_handle */
+	    gss_OID_set *,		/* actual_mechs */
+	    OM_uint32 *			/* time_rec */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gss_export_cred)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_cred_id_t,		/* cred_handle */
+	    gss_buffer_t		/* token */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gss_import_cred)
+	(
+		OM_uint32 *,		/* minor_status */
+		gss_buffer_t,		/* token */
+		gss_cred_id_t *		/* cred_handle */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_OID,			/* desired_mech */
+	    gss_buffer_t,		/* interprocess_token */
+	    gss_ctx_id_t *		/* context_handle */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gssspi_import_name_by_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_OID,			/* mech_type */
+	    gss_buffer_t,		/* input_name_buffer */
+	    gss_OID,			/* input_name_type */
+	    gss_name_t*			/* output_name */
+	/* */);
+
+	OM_uint32       (KRB5_CALLCONV *gssspi_import_cred_by_mech)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_OID,			/* mech_type */
+	    gss_buffer_t,		/* token */
+	    gss_cred_id_t *		/* cred_handle */
+	/* */);
+
+	/* get_mic_iov extensions, added in 1.12 */
+
+	OM_uint32	(KRB5_CALLCONV *gss_get_mic_iov)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    gss_qop_t,			/* qop_req */
+	    gss_iov_buffer_desc *,	/* iov */
+	    int				/* iov_count */
+	);
+
+	OM_uint32	(KRB5_CALLCONV *gss_verify_mic_iov)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    gss_qop_t *,		/* qop_state */
+	    gss_iov_buffer_desc *,	/* iov */
+	    int				/* iov_count */
+	);
+
+	OM_uint32	(KRB5_CALLCONV *gss_get_mic_iov_length)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_ctx_id_t,		/* context_handle */
+	    gss_qop_t,			/* qop_req */
+	    gss_iov_buffer_desc *,	/* iov */
+	    int				/* iov_count */
+	);
+
+	/* NegoEx extensions added in 1.18 */
+
+	OM_uint32	(KRB5_CALLCONV *gssspi_query_meta_data)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_const_OID,		/* mech_oid */
+	    gss_cred_id_t,		/* cred_handle */
+	    gss_ctx_id_t *,		/* context_handle */
+	    const gss_name_t,		/* targ_name */
+	    OM_uint32,			/* req_flags */
+	    gss_buffer_t		/* meta_data */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gssspi_exchange_meta_data)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_const_OID,		/* mech_oid */
+	    gss_cred_id_t,		/* cred_handle */
+	    gss_ctx_id_t *,		/* context_handle */
+	    const gss_name_t,		/* targ_name */
+	    OM_uint32,			/* req_flags */
+	    gss_const_buffer_t		/* meta_data */
+	/* */);
+
+	OM_uint32	(KRB5_CALLCONV *gssspi_query_mechanism_info)
+	(
+	    OM_uint32 *,		/* minor_status */
+	    gss_const_OID,		/* mech_oid */
+	    unsigned char[16]		/* auth_scheme */
+	/* */);
+
+} *gss_mechanism;
+
+/*
+ * In the user space we use a wrapper structure to encompass the
+ * mechanism entry points.  The wrapper contain the mechanism
+ * entry points and other data which is only relevant to the gss-api
+ * layer.  In the kernel we use only the gss_config structure because
+ * the kernel does not cantain any of the extra gss-api specific data.
+ */
+typedef struct gss_mech_config {
+	char *kmodName;			/* kernel module name */
+	char *uLibName;			/* user library name */
+	char *mechNameStr;		/* mechanism string name */
+	char *optionStr;		/* optional mech parameters */
+	void *dl_handle;		/* RTLD object handle for the mech */
+	gss_OID mech_type;		/* mechanism oid */
+	gss_mechanism mech;		/* mechanism initialization struct */
+ 	int priority;			/* mechanism preference order */
+	int freeMech;			/* free mech table */
+	int is_interposer;		/* interposer mechanism flag */
+	gss_OID int_mech_type;		/* points to the interposer OID */
+	gss_mechanism int_mech;		/* points to the interposer mech */
+	struct gss_mech_config *next;	/* next element in the list */
+} *gss_mech_info;
+
+/********************************************************/
+/* Internal mechglue routines */
+
+OM_uint32 gssint_select_mech_type(OM_uint32 *minor, gss_const_OID in_oid,
+				  gss_OID *selected_oid);
+gss_OID gssint_get_public_oid(gss_const_OID internal_oid);
+OM_uint32 gssint_make_public_oid_set(OM_uint32 *minor_status, gss_OID oids,
+				     int count, gss_OID_set *public_set);
+gss_mechanism gssint_get_mechanism (gss_const_OID);
+OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t);
+char *gssint_get_kmodName(const gss_OID);
+char *gssint_get_modOptions(const gss_OID);
+OM_uint32 gssint_import_internal_name (OM_uint32 *, gss_OID, gss_union_name_t,
+				      gss_name_t *);
+OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID,
+	const gss_name_t, gss_buffer_t);
+OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t,
+				       gss_buffer_t, gss_OID *);
+OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *);
+OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID,
+					      gss_ctx_id_t *, gss_buffer_t);
+#ifdef _GSS_STATIC_LINK
+int gssint_register_mechinfo(gss_mech_info template);
+#endif
+
+OM_uint32 gssint_convert_name_to_union_name
+	  (OM_uint32 *,		/* minor_status */
+	   gss_mechanism,	/* mech */
+	   gss_name_t,		/* internal_name */
+	   gss_name_t *		/* external_name */
+	   );
+gss_cred_id_t gssint_get_mechanism_cred
+	  (gss_union_cred_t,	/* union_cred */
+	   gss_OID		/* mech_type */
+	   );
+
+OM_uint32 gssint_create_copy_buffer(
+	const gss_buffer_t,	/* src buffer */
+	gss_buffer_t *,		/* destination buffer */
+	int			/* NULL terminate buffer ? */
+);
+
+OM_uint32 gssint_create_union_context(
+	OM_uint32 *minor,	/* minor_status */
+	gss_const_OID,		/* mech_oid */
+	gss_union_ctx_id_t *	/* ctx_out */
+);
+
+OM_uint32 gssint_copy_oid_set(
+	OM_uint32 *,			/* minor_status */
+	const gss_OID_set_desc * const,	/* oid set */
+	gss_OID_set *			/* new oid set */
+);
+
+gss_OID gss_find_mechanism_from_name_type (gss_OID); /* name_type */
+
+OM_uint32 gss_add_mech_name_type
+	   (OM_uint32 *,	/* minor_status */
+	    gss_OID,		/* name_type */
+	    gss_OID		/* mech */
+	       );
+
+/*
+ * Sun extensions to GSS-API v2
+ */
+
+OM_uint32
+gssint_wrap_aead (gss_mechanism,	/* mech */
+		  OM_uint32 *,		/* minor_status */
+		  gss_union_ctx_id_t,	/* ctx */
+		  int,			/* conf_req_flag */
+		  gss_qop_t,		/* qop_req_flag */
+		  gss_buffer_t,		/* input_assoc_buffer */
+		  gss_buffer_t,		/* input_payload_buffer */
+		  int *,		/* conf_state */
+		  gss_buffer_t);	/* output_message_buffer */
+OM_uint32
+gssint_unwrap_aead (gss_mechanism,	/* mech */
+		    OM_uint32 *,	/* minor_status */
+		    gss_union_ctx_id_t,	/* ctx */
+		    gss_buffer_t,	/* input_message_buffer */
+		    gss_buffer_t,	/* input_assoc_buffer */
+		    gss_buffer_t,	/* output_payload_buffer */
+		    int *,		/* conf_state */
+		    gss_qop_t *);	/* qop_state */
+
+
+/* Use this to map an error code that was returned from a mech
+   operation; the mech will be asked to produce the associated error
+   messages.
+
+   Remember that if the minor status code cannot be returned to the
+   caller (e.g., if it's stuffed in an automatic variable and then
+   ignored), then we don't care about producing a mapping.  */
+#define map_error(MINORP, MECH) \
+    (*(MINORP) = gssint_mecherrmap_map(*(MINORP), &(MECH)->mech_type))
+#define map_error_oid(MINORP, MECHOID) \
+    (*(MINORP) = gssint_mecherrmap_map(*(MINORP), (MECHOID)))
+
+/* Use this to map an errno value or com_err error code being
+   generated within the mechglue code (e.g., by calling generic oid
+   ops).  Any errno or com_err values produced by mech operations
+   should be processed with map_error.  This means they'll be stored
+   separately even if the mech uses com_err, because we can't assume
+   that it will use com_err.  */
+#define map_errcode(MINORP) \
+    (*(MINORP) = gssint_mecherrmap_map_errcode(*(MINORP)))
+
+#endif /* _GSS_MECHGLUEP_H */
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/Makefile.in b/krb5-1.21.3/src/lib/gssapi/spnego/Makefile.in
new file mode 100644
index 00000000..b44ad0e0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/Makefile.in
@@ -0,0 +1,25 @@
+mydir=lib$(S)gssapi$(S)spnego
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue
+DEFINES=-D_GSS_STATIC_LINK=1
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=spnego
+##DOS##OBJFILE = ..\$(OUTPRE)spnego.lst
+
+##DOS##DLL_EXP_TYPE=GSS
+
+SRCS = $(srcdir)/spnego_mech.c $(srcdir)/negoex_ctx.c $(srcdir)/negoex_util.c
+
+OBJS = $(OUTPRE)spnego_mech.$(OBJEXT) $(OUTPRE)negoex_ctx.$(OBJEXT) \
+	$(OUTPRE)negoex_util.$(OBJEXT)
+
+STLIBOBJS = spnego_mech.o negoex_ctx.o negoex_util.o
+
+all-unix: all-libobjs
+
+##DOS##LIBOBJS = $(OBJS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/deps b/krb5-1.21.3/src/lib/gssapi/spnego/deps
new file mode 100644
index 00000000..0d3d25a5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/deps
@@ -0,0 +1,51 @@
+#
+# Generated makefile dependencies follow.
+#
+spnego_mech.so spnego_mech.po $(OUTPRE)spnego_mech.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-der.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
+  gssapiP_negoex.h gssapiP_spnego.h spnego_mech.c
+negoex_ctx.so negoex_ctx.po $(OUTPRE)negoex_ctx.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ../generic/gssapi_err_generic.h \
+  gssapiP_negoex.h gssapiP_spnego.h negoex_ctx.c
+negoex_util.so negoex_util.po $(OUTPRE)negoex_util.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_negoex.h gssapiP_spnego.h \
+  negoex_util.c
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/gssapiP_negoex.h b/krb5-1.21.3/src/lib/gssapi/spnego/gssapiP_negoex.h
new file mode 100644
index 00000000..489ab7c4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/gssapiP_negoex.h
@@ -0,0 +1,210 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2011-2018 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+/*
+ * { iso(1) identified-organization(3) dod(6) internet(1) private(4)
+ *   enterprise(1) microsoft (311) security(2) mechanisms(2) negoex(30) }
+ */
+#define NEGOEX_OID_LENGTH 10
+#define NEGOEX_OID "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e"
+
+#define MESSAGE_SIGNATURE   0x535458454F47454EULL
+
+#define EXTENSION_LENGTH                    12
+
+#define EXTENSION_FLAG_CRITICAL             0x80000000
+
+#define CHECKSUM_SCHEME_RFC3961             1
+
+#define NEGOEX_KEYUSAGE_INITIATOR_CHECKSUM  23
+#define NEGOEX_KEYUSAGE_ACCEPTOR_CHECKSUM   25
+
+#define CHECKSUM_HEADER_LENGTH              20
+
+#define GUID_LENGTH                         16
+
+typedef uint8_t auth_scheme[GUID_LENGTH];
+typedef uint8_t conversation_id[GUID_LENGTH];
+#define GUID_EQ(a, b) (memcmp(a, b, GUID_LENGTH) == 0)
+
+#define NEGO_MESSAGE_HEADER_LENGTH          96
+#define EXCHANGE_MESSAGE_HEADER_LENGTH      64
+#define VERIFY_MESSAGE_HEADER_LENGTH        80
+#define ALERT_MESSAGE_HEADER_LENGTH         72
+#define ALERT_LENGTH                        12
+#define ALERT_PULSE_LENGTH                  8
+
+#define ALERT_TYPE_PULSE                    1
+#define ALERT_VERIFY_NO_KEY                 1
+
+enum message_type {
+    INITIATOR_NEGO = 0,         /* NEGO_MESSAGE */
+    ACCEPTOR_NEGO,              /* NEGO_MESSAGE */
+    INITIATOR_META_DATA,        /* EXCHANGE_MESSAGE */
+    ACCEPTOR_META_DATA,         /* EXCHANGE_MESSAGE */
+    CHALLENGE,                  /* EXCHANGE_MESSAGE */
+    AP_REQUEST,                 /* EXCHANGE_MESSAGE */
+    VERIFY,                     /* VERIFY_MESSAGE */
+    ALERT,                      /* ALERT */
+};
+
+struct nego_message {
+    uint8_t random[32];
+    const uint8_t *schemes;
+    uint16_t nschemes;
+};
+
+struct exchange_message {
+    auth_scheme scheme;
+    gss_buffer_desc token;
+};
+
+struct verify_message {
+    auth_scheme scheme;
+    uint32_t cksum_type;
+    const uint8_t *cksum;
+    size_t cksum_len;
+    size_t offset_in_token;
+};
+
+struct alert_message {
+    auth_scheme scheme;
+    int verify_no_key;
+};
+
+struct negoex_message {
+    uint32_t type;
+    union {
+        struct nego_message n;
+        struct exchange_message e;
+        struct verify_message v;
+        struct alert_message a;
+    } u;
+};
+
+struct negoex_auth_mech {
+    K5_TAILQ_ENTRY(negoex_auth_mech) links;
+    gss_OID oid;
+    auth_scheme scheme;
+    gss_ctx_id_t mech_context;
+    gss_buffer_desc metadata;
+    krb5_keyblock key;
+    krb5_keyblock verify_key;
+    int complete;
+    int sent_checksum;
+    int verified_checksum;
+};
+
+/* negoex_util.c */
+
+OM_uint32
+negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                   gss_const_buffer_t token,
+                   struct negoex_message **messages_out, size_t *count_out);
+
+
+struct nego_message *
+negoex_locate_nego_message(struct negoex_message *messages, size_t nmessages,
+                           enum message_type type);
+struct exchange_message *
+negoex_locate_exchange_message(struct negoex_message *messages,
+                               size_t nmessages, enum message_type type);
+struct verify_message *
+negoex_locate_verify_message(struct negoex_message *messages,
+                             size_t nmessages);
+struct alert_message *
+negoex_locate_alert_message(struct negoex_message *messages, size_t nmessages);
+
+void
+negoex_add_nego_message(spnego_gss_ctx_id_t ctx, enum message_type type,
+                        uint8_t random[32]);
+void
+negoex_add_exchange_message(spnego_gss_ctx_id_t ctx, enum message_type type,
+                            const auth_scheme scheme, gss_buffer_t token);
+void
+negoex_add_verify_message(spnego_gss_ctx_id_t ctx, const auth_scheme scheme,
+                          uint32_t cksum_type, const uint8_t *cksum,
+                          uint32_t cksum_len);
+
+void
+negoex_add_verify_no_key_alert(spnego_gss_ctx_id_t ctx,
+                               const auth_scheme scheme);
+
+OM_uint32
+negoex_random(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+              unsigned char *data, size_t length);
+
+void
+negoex_prep_context_for_spnego(spnego_gss_ctx_id_t ctx);
+
+OM_uint32
+negoex_prep_context_for_negoex(OM_uint32 *minor, spnego_gss_ctx_id_t ctx);
+
+void
+negoex_release_context(spnego_gss_ctx_id_t ctx);
+
+OM_uint32
+negoex_add_auth_mech(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                     gss_const_OID oid, auth_scheme scheme);
+
+void
+negoex_delete_auth_mech(spnego_gss_ctx_id_t ctx,
+                        struct negoex_auth_mech *mech);
+
+void
+negoex_select_auth_mech(spnego_gss_ctx_id_t ctx,
+                        struct negoex_auth_mech *mech);
+
+struct negoex_auth_mech *
+negoex_locate_auth_scheme(spnego_gss_ctx_id_t ctx, const auth_scheme scheme);
+
+void
+negoex_common_auth_schemes(spnego_gss_ctx_id_t ctx,
+                           const uint8_t *schemes, uint16_t nschemes);
+
+void
+negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx,
+                             const uint8_t *schemes, uint16_t nschemes);
+
+/* negoex_ctx.c */
+
+OM_uint32
+negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+            gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req,
+            gss_buffer_t input_token, gss_channel_bindings_t bindings,
+            gss_buffer_t output_token, OM_uint32 *time_rec);
+
+OM_uint32
+negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+              gss_buffer_t input_token, gss_channel_bindings_t bindings,
+              gss_buffer_t output_token, OM_uint32 *time_rec);
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/gssapiP_spnego.h b/krb5-1.21.3/src/lib/gssapi/spnego/gssapiP_spnego.h
new file mode 100644
index 00000000..066ec736
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -0,0 +1,698 @@
+/*
+ * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#ifndef	_GSSAPIP_SPNEGO_H_
+#define	_GSSAPIP_SPNEGO_H_
+
+/* #pragma ident	"@(#)gssapiP_spnego.h	1.3	03/09/18 SMI" */
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+typedef struct spnego_ctx_st *spnego_gss_ctx_id_t;
+
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+#include <k5-queue.h>
+#include "gssapiP_negoex.h"
+
+#define	SEC_CONTEXT_TOKEN 1
+#define	SPNEGO_SIZE_OF_INT 4
+
+#define	ACCEPT_COMPLETE 0
+#define	ACCEPT_INCOMPLETE 1
+#define	REJECT 2
+#define REQUEST_MIC 3
+#define	UNSPECIFIED 0xffffffffUL
+
+/*
+ * constants for der encoding/decoding routines.
+ */
+
+#define	MECH_OID		0x06
+#define	OCTET_STRING		0x04
+#define	CONTEXT			0xa0
+#define	SEQUENCE		0x30
+#define	SEQUENCE_OF		0x30
+#define	BIT_STRING		0x03
+#define	BIT_STRING_LENGTH	0x02
+#define	BIT_STRING_PADDING	0x01
+#define	ENUMERATED		0x0a
+#define	ENUMERATION_LENGTH	1
+#define	HEADER_ID		0x60
+#define GENERAL_STRING		0x1b
+
+/*
+ * SPNEGO and NegoEx minor status codes
+ */
+#define ERR_SPNEGO_NO_MECHS_AVAILABLE			0x20000001
+#define ERR_SPNEGO_NO_CREDS_ACQUIRED			0x20000002
+#define ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR		0x20000003
+#define ERR_SPNEGO_NEGOTIATION_FAILED			0x20000004
+#define ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR		0x20000005
+#define ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE		0x20000006
+#define ERR_NEGOEX_INVALID_MESSAGE_TYPE			0x20000007
+#define ERR_NEGOEX_INVALID_MESSAGE_SIZE			0x20000008
+#define ERR_NEGOEX_INVALID_CONVERSATION_ID		0x20000009
+#define ERR_NEGOEX_AUTH_SCHEME_NOT_FOUND		0x20000010
+#define ERR_NEGOEX_MISSING_NEGO_MESSAGE			0x20000011
+#define ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE		0x20000012
+#define ERR_NEGOEX_NO_AVAILABLE_MECHS			0x20000013
+#define ERR_NEGOEX_NO_VERIFY_KEY			0x20000014
+#define ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME		0x20000015
+#define ERR_NEGOEX_INVALID_CHECKSUM			0x20000016
+#define ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION	0x20000017
+#define ERR_NEGOEX_UNSUPPORTED_VERSION			0x20000018
+#define ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE		0x20000019
+
+/*
+ * send_token_flag is used to indicate in later steps what type
+ * of token, if any should be sent or processed.
+ * NO_TOKEN_SEND = no token should be sent
+ * INIT_TOKEN_SEND = initial token will be sent
+ * CONT_TOKEN_SEND = continuing tokens to be sent
+ * CHECK_MIC = no token to be sent, but have a MIC to check.
+ * ERROR_TOKEN_SEND = error token from peer needs to be sent.
+ */
+
+typedef	enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
+		CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
+
+/*
+ * The Mech OID:
+ * { iso(1) org(3) dod(6) internet(1) security(5)
+ *  mechanism(5) spnego(2) }
+ */
+
+#define	SPNEGO_OID_LENGTH 6
+#define	SPNEGO_OID "\053\006\001\005\005\002"
+
+typedef void *spnego_token_t;
+
+/* spnego name structure for internal representation. */
+typedef struct {
+	gss_OID type;
+	gss_buffer_t buffer;
+	gss_OID	mech_type;
+	gss_name_t	mech_name;
+} spnego_name_desc, *spnego_name_t;
+
+/* Structure for credential */
+typedef struct {
+	gss_cred_id_t mcred;	/* mechglue union of obtainable creds */
+	gss_OID_set neg_mechs;	/* app-specified list of allowable mechs */
+	int no_ask_integ;	/* do not request integ from mechs */
+} spnego_gss_cred_id_rec, *spnego_gss_cred_id_t;
+
+/* Structure for context handle */
+struct spnego_ctx_st {
+	OM_uint32	magic_num;
+	gss_buffer_desc DER_mechTypes;
+	gss_OID_set mech_set;
+	gss_OID internal_mech;  /* alias into mech_set->elements */
+	gss_ctx_id_t ctx_handle;
+	int mic_reqd;
+	int mic_sent;
+	int mic_rcvd;
+	int firstpass;
+	int mech_complete;
+	int nego_done;
+	int initiate;
+	int opened;
+	OM_uint32 ctx_flags;
+	gss_name_t internal_name;
+	gss_OID actual_mech;
+	gss_cred_id_t deleg_cred;
+	int negoex_step;
+	struct k5buf negoex_transcript;
+	uint32_t negoex_seqnum;
+	conversation_id negoex_conv_id;
+	K5_TAILQ_HEAD(negoex_mech_list, negoex_auth_mech) negoex_mechs;
+	krb5_context kctx;
+};
+
+/*
+ * The magic number must be less than a standard pagesize
+ * to avoid a possible collision with a real address.
+ */
+#define	SPNEGO_MAGIC_ID  0x00000fed
+
+/* SPNEGO oid declarations */
+extern const gss_OID_desc * const gss_mech_spnego;
+extern const gss_OID_set_desc * const gss_mech_set_spnego;
+
+#if defined(DEBUG) && defined(HAVE_SYSLOG_H)
+#include <syslog.h>
+#define	dsyslog(a) syslog(LOG_DEBUG, a)
+#else
+#define	dsyslog(a)
+#define	SPNEGO_STATIC
+#endif	/* DEBUG */
+
+/*
+ * declarations of internal name mechanism functions
+ */
+
+OM_uint32 KRB5_CALLCONV spnego_gss_acquire_cred
+(
+	OM_uint32 *,		/* minor_status */
+	gss_name_t,		/* desired_name */
+	OM_uint32,		/* time_req */
+	gss_OID_set,		/* desired_mechs */
+	gss_cred_usage_t,	/* cred_usage */
+	gss_cred_id_t *,	/* output_cred_handle */
+	gss_OID_set *,		/* actual_mechs */
+	OM_uint32 *		/* time_rec */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_release_cred
+(
+	OM_uint32 *,		/* minor_status */
+	/* CSTYLED */
+	gss_cred_id_t	*	/* cred_handle */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_init_sec_context
+(
+	OM_uint32 *,		/* minor_status */
+	gss_cred_id_t,		/* claimant_cred_handle */
+	gss_ctx_id_t *,		/* context_handle */
+	gss_name_t,		/* target_name */
+	gss_OID,		/* mech_type */
+	OM_uint32,		/* req_flags */
+	OM_uint32,		/* time_req */
+	gss_channel_bindings_t, /* input_chan_bindings */
+	gss_buffer_t,		/* input_token */
+	gss_OID *,		/* actual_mech_type */
+	gss_buffer_t,		/* output_token */
+	OM_uint32 *,		/* ret_flags */
+	OM_uint32 *		/* time_rec */
+);
+
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV spnego_gss_accept_sec_context
+(
+	OM_uint32 *,		/* minor_status */
+	gss_ctx_id_t *,		/* context_handle */
+	gss_cred_id_t,		/* verifier_cred_handle */
+	gss_buffer_t,		/* input_token_buffer */
+	gss_channel_bindings_t, /* input_chan_bindings */
+	gss_name_t *,		/* src_name */
+	gss_OID *,		/* mech_type */
+	gss_buffer_t,		/* output_token */
+	OM_uint32 *,		/* ret_flags */
+	OM_uint32 *,		/* time_rec */
+	/* CSTYLED */
+	gss_cred_id_t *		/* delegated_cred_handle */
+);
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV spnego_gss_compare_name
+(
+	OM_uint32 *,		/* minor_status */
+	const gss_name_t,	/* name1 */
+	const gss_name_t,	/* name2 */
+	int *			/* name_equal */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_display_name
+(
+	OM_uint32 *,		/* minor_status */
+	gss_name_t,		/*  input_name */
+	gss_buffer_t,		/*  output_name_buffer */
+	gss_OID *		/* output_name_type */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_display_status
+(
+	OM_uint32 *,		/* minor_status */
+	OM_uint32,		/* status_value */
+	int,			/* status_type */
+	gss_OID,		/* mech_type */
+	OM_uint32 *,		/* message_context */
+	gss_buffer_t		/* status_string */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_import_name
+(
+	OM_uint32 *,		/* minor_status */
+	gss_buffer_t,		/* input_name_buffer */
+	gss_OID,		/* input_name_type */
+	/* CSTYLED */
+	gss_name_t *		/* output_name */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_release_name
+(
+	OM_uint32 *,		/* minor_status */
+	/* CSTYLED */
+	gss_name_t *		/* input_name */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_duplicate_name
+(
+	OM_uint32 *,		/* minor_status */
+	/* CSTYLED */
+	const gss_name_t, 	/* input_name */
+	gss_name_t *		/* output_name */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_inquire_cred
+(
+	OM_uint32 *,		/* minor_status */
+	gss_cred_id_t,		/* cred_handle */
+	gss_name_t *,		/* name */
+	OM_uint32 *,		/* lifetime */
+	int *,			/* cred_usage */
+	gss_OID_set *		/* mechanisms */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_inquire_names_for_mech
+(
+	OM_uint32 *,		/* minor_status */
+	gss_OID,		/* mechanism */
+	gss_OID_set *		/* name_types */
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_unwrap
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	gss_buffer_t input_message_buffer,
+	gss_buffer_t output_message_buffer,
+	int *conf_state,
+	gss_qop_t *qop_state
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_wrap
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	int conf_req_flag,
+	gss_qop_t qop_req,
+	gss_buffer_t input_message_buffer,
+	int *conf_state,
+	gss_buffer_t output_message_buffer
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_process_context_token
+(
+	OM_uint32	*minor_status,
+	const gss_ctx_id_t context_handle,
+	const gss_buffer_t token_buffer
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_delete_sec_context
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t *context_handle,
+	gss_buffer_t output_token
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_context_time
+(
+	OM_uint32	*minor_status,
+	const gss_ctx_id_t context_handle,
+	OM_uint32	*time_rec
+);
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV spnego_gss_export_sec_context
+(
+	OM_uint32	*minor_status,
+	gss_ctx_id_t	*context_handle,
+	gss_buffer_t	interprocess_token
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_import_sec_context
+(
+	OM_uint32		*minor_status,
+	const gss_buffer_t	interprocess_token,
+	gss_ctx_id_t		*context_handle
+);
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV spnego_gss_inquire_context
+(
+	OM_uint32	*minor_status,
+	const gss_ctx_id_t context_handle,
+	gss_name_t	*src_name,
+	gss_name_t	*targ_name,
+	OM_uint32	*lifetime_rec,
+	gss_OID		*mech_type,
+	OM_uint32	*ctx_flags,
+	int		*locally_initiated,
+	int		*opened
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_wrap_size_limit
+(
+	OM_uint32	*minor_status,
+	const gss_ctx_id_t context_handle,
+	int		conf_req_flag,
+	gss_qop_t	qop_req,
+	OM_uint32	req_output_size,
+	OM_uint32	*max_input_size
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_localname
+(
+	OM_uint32 *minor_status,
+	const gss_name_t pname,
+	const gss_const_OID mech_type,
+	gss_buffer_t localname
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_get_mic
+(
+	OM_uint32 *minor_status,
+	const gss_ctx_id_t context_handle,
+	gss_qop_t qop_req,
+	const gss_buffer_t message_buffer,
+	gss_buffer_t message_token
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_verify_mic
+(
+	OM_uint32 *minor_status,
+	const gss_ctx_id_t context_handle,
+	const gss_buffer_t msg_buffer,
+	const gss_buffer_t token_buffer,
+	gss_qop_t *qop_state
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_sec_context_by_oid
+(
+	OM_uint32 *minor_status,
+	const gss_ctx_id_t context_handle,
+	const gss_OID desired_object,
+	gss_buffer_set_t *data_set
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_cred_by_oid
+(
+	OM_uint32 *minor_status,
+	const gss_cred_id_t cred_handle,
+	const gss_OID desired_object,
+	gss_buffer_set_t *data_set
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_cred_option
+(
+	OM_uint32 *minor_status,
+	gss_cred_id_t *cred_handle,
+	const gss_OID desired_object,
+	const gss_buffer_t value
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_sec_context_option
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t *context_handle,
+	const gss_OID desired_object,
+	const gss_buffer_t value
+);
+
+#ifdef _GSS_STATIC_LINK
+int gss_spnegoint_lib_init(void);
+void gss_spnegoint_lib_fini(void);
+#else
+gss_mechanism KRB5_CALLCONV gss_mech_initialize(void);
+#endif /* _GSS_STATIC_LINK */
+
+OM_uint32 KRB5_CALLCONV spnego_gss_wrap_aead
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	int conf_req_flag,
+	gss_qop_t qop_req,
+	gss_buffer_t input_assoc_buffer,
+	gss_buffer_t input_payload_buffer,
+	int *conf_state,
+	gss_buffer_t output_message_buffer
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_aead
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	gss_buffer_t input_message_buffer,
+	gss_buffer_t input_assoc_buffer,
+	gss_buffer_t output_payload_buffer,
+	int *conf_state,
+	gss_qop_t *qop_state
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	int conf_req_flag,
+	gss_qop_t qop_req,
+	int *conf_state,
+	gss_iov_buffer_desc *iov,
+	int iov_count
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_unwrap_iov
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	int *conf_state,
+	gss_qop_t *qop_state,
+	gss_iov_buffer_desc *iov,
+	int iov_count
+);
+
+OM_uint32 KRB5_CALLCONV spnego_gss_wrap_iov_length
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	int conf_req_flag,
+	gss_qop_t qop_req,
+	int *conf_state,
+	gss_iov_buffer_desc *iov,
+	int iov_count
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_complete_auth_token
+(
+	OM_uint32 *minor_status,
+	const gss_ctx_id_t context_handle,
+	gss_buffer_t input_message_buffer
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred_impersonate_name(
+    OM_uint32 *,	    /* minor_status */
+    const gss_cred_id_t,    /* impersonator_cred_handle */
+    const gss_name_t,	    /* desired_name */
+    OM_uint32,		    /* time_req */
+    const gss_OID_set,	    /* desired_mechs */
+    gss_cred_usage_t,	    /* cred_usage */
+    gss_cred_id_t *,	    /* output_cred_handle */
+    gss_OID_set *,	    /* actual_mechs */
+    OM_uint32 *);	    /* time_rec */
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred_with_password(
+    OM_uint32 *minor_status,
+    const gss_name_t desired_name,
+    const gss_buffer_t password,
+    OM_uint32 time_req,
+    const gss_OID_set desired_mechs,
+    gss_cred_usage_t cred_usage,
+    gss_cred_id_t *output_cred_handle,
+    gss_OID_set *actual_mechs,
+    OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_display_name_ext
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	gss_OID display_as_name_type,
+	gss_buffer_t display_name
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_name
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	int *name_is_MN,
+	gss_OID *MN_mech,
+	gss_buffer_set_t *attrs
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_name_attribute
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	gss_buffer_t attr,
+	int *authenticated,
+	int *complete,
+	gss_buffer_t value,
+	gss_buffer_t display_value,
+	int *more
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_name_attribute
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	int complete,
+	gss_buffer_t attr,
+	gss_buffer_t value
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_delete_name_attribute
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	gss_buffer_t attr
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_name_composite
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	gss_buffer_t exp_composite_name
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_map_name_to_any
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	int authenticated,
+	gss_buffer_t type_id,
+	gss_any_t *output
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_release_any_name_mapping
+(
+	OM_uint32 *minor_status,
+	gss_name_t name,
+	gss_buffer_t type_id,
+	gss_any_t *input
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_pseudo_random
+(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context,
+	int prf_key,
+	const gss_buffer_t prf_in,
+	ssize_t desired_output_len,
+	gss_buffer_t prf_out
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_neg_mechs
+(
+	OM_uint32 *minor_status,
+	gss_cred_id_t cred_handle,
+	const gss_OID_set mech_list
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_mech_for_saslname
+(
+	OM_uint32 *minor_status,
+	const gss_buffer_t sasl_mech_name,
+	gss_OID *mech_type
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_saslname_for_mech
+(
+	OM_uint32 *minor_status,
+	const gss_OID desired_mech,
+	gss_buffer_t sasl_mech_name,
+	gss_buffer_t mech_name,
+	gss_buffer_t mech_description
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_attrs_for_mech
+(
+	OM_uint32 *minor_status,
+	gss_const_OID mech,
+	gss_OID_set *mech_attrs,
+	gss_OID_set *known_mech_attrs
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred_from
+(
+	OM_uint32 *minor_status,
+	const gss_name_t desired_name,
+	OM_uint32 time_req,
+	const gss_OID_set desired_mechs,
+	gss_cred_usage_t cred_usage,
+	gss_const_key_value_set_t cred_store,
+	gss_cred_id_t *output_cred_handle,
+	gss_OID_set *actual_mechs,
+	OM_uint32 *time_rec
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(
+	OM_uint32 *minor_status,
+	gss_cred_id_t cred_handle,
+	gss_buffer_t token
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(
+	OM_uint32 *minor_status,
+	gss_buffer_t token,
+	gss_cred_id_t *cred_handle
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_mic_iov(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	gss_qop_t qop_req,
+	gss_iov_buffer_desc *iov,
+	int iov_count
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_verify_mic_iov(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	gss_qop_t *qop_state,
+	gss_iov_buffer_desc *iov,
+	int iov_count
+);
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_mic_iov_length(
+	OM_uint32 *minor_status,
+	gss_ctx_id_t context_handle,
+	gss_qop_t qop_req,
+	gss_iov_buffer_desc *iov,
+	int iov_count
+);
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif /* _GSSAPIP_SPNEGO_H_ */
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/mech_spnego.exports b/krb5-1.21.3/src/lib/gssapi/spnego/mech_spnego.exports
new file mode 100644
index 00000000..9d570e5c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/mech_spnego.exports
@@ -0,0 +1 @@
+gss_mech_initialize
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/negoex_ctx.c b/krb5-1.21.3/src/lib/gssapi/spnego/negoex_ctx.c
new file mode 100644
index 00000000..8848ee4d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/negoex_ctx.c
@@ -0,0 +1,788 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2011-2018 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+#include "gssapiP_spnego.h"
+#include <generic/gssapiP_generic.h>
+
+/*
+ * The initial context token emitted by the initiator is a INITIATOR_NEGO
+ * message followed by zero or more INITIATOR_META_DATA tokens, and zero
+ * or one AP_REQUEST tokens.
+ *
+ * Upon receiving this, the acceptor computes the list of mutually supported
+ * authentication mechanisms and performs the metadata exchange. The output
+ * token is ACCEPTOR_NEGO followed by zero or more ACCEPTOR_META_DATA tokens,
+ * and zero or one CHALLENGE tokens.
+ *
+ * Once the metadata exchange is complete and a mechanism is selected, the
+ * selected mechanism's context token exchange continues with AP_REQUEST and
+ * CHALLENGE messages.
+ *
+ * Once the context token exchange is complete, VERIFY messages are sent to
+ * authenticate the entire exchange.
+ */
+
+static void
+zero_and_release_buffer_set(gss_buffer_set_t *pbuffers)
+{
+    OM_uint32 tmpmin;
+    gss_buffer_set_t buffers = *pbuffers;
+    uint32_t i;
+
+    if (buffers != GSS_C_NO_BUFFER_SET) {
+        for (i = 0; i < buffers->count; i++)
+            zap(buffers->elements[i].value, buffers->elements[i].length);
+
+        gss_release_buffer_set(&tmpmin, &buffers);
+    }
+
+    *pbuffers = GSS_C_NO_BUFFER_SET;
+}
+
+static OM_uint32
+buffer_set_to_key(OM_uint32 *minor, gss_buffer_set_t buffers,
+                  krb5_keyblock *key)
+{
+    krb5_error_code ret;
+
+    /* Returned keys must be in two buffers, with the key contents in the first
+     * and the enctype as a 32-bit little-endian integer in the second. */
+    if (buffers->count != 2 || buffers->elements[1].length != 4) {
+        *minor = ERR_NEGOEX_NO_VERIFY_KEY;
+        return GSS_S_FAILURE;
+    }
+
+    krb5_free_keyblock_contents(NULL, key);
+
+    key->contents = k5memdup(buffers->elements[0].value,
+                             buffers->elements[0].length, &ret);
+    if (key->contents == NULL) {
+        *minor = ret;
+        return GSS_S_FAILURE;
+    }
+    key->length = buffers->elements[0].length;
+    key->enctype = load_32_le(buffers->elements[1].value);
+
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+get_session_keys(OM_uint32 *minor, struct negoex_auth_mech *mech)
+{
+    OM_uint32 major, tmpmin;
+    gss_buffer_set_t buffers = GSS_C_NO_BUFFER_SET;
+
+    major = gss_inquire_sec_context_by_oid(&tmpmin, mech->mech_context,
+                                           GSS_C_INQ_NEGOEX_KEY, &buffers);
+    if (major == GSS_S_COMPLETE) {
+        major = buffer_set_to_key(minor, buffers, &mech->key);
+        zero_and_release_buffer_set(&buffers);
+        if (major != GSS_S_COMPLETE)
+            return major;
+    }
+
+    major = gss_inquire_sec_context_by_oid(&tmpmin, mech->mech_context,
+                                           GSS_C_INQ_NEGOEX_VERIFY_KEY,
+                                           &buffers);
+    if (major == GSS_S_COMPLETE) {
+        major = buffer_set_to_key(minor, buffers, &mech->verify_key);
+        zero_and_release_buffer_set(&buffers);
+        if (major != GSS_S_COMPLETE)
+            return major;
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+emit_initiator_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
+{
+    OM_uint32 major;
+    uint8_t random[32];
+
+    major = negoex_random(minor, ctx, random, 32);
+    if (major != GSS_S_COMPLETE)
+        return major;
+
+    negoex_add_nego_message(ctx, INITIATOR_NEGO, random);
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+process_initiator_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                       struct negoex_message *messages, size_t nmessages)
+{
+    struct nego_message *msg;
+
+    assert(!ctx->initiate && ctx->negoex_step == 1);
+
+    msg = negoex_locate_nego_message(messages, nmessages, INITIATOR_NEGO);
+    if (msg == NULL) {
+        *minor = ERR_NEGOEX_MISSING_NEGO_MESSAGE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    negoex_restrict_auth_schemes(ctx, msg->schemes, msg->nschemes);
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+emit_acceptor_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
+{
+    OM_uint32 major;
+    uint8_t random[32];
+
+    major = negoex_random(minor, ctx, random, 32);
+    if (major != GSS_S_COMPLETE)
+        return major;
+
+    negoex_add_nego_message(ctx, ACCEPTOR_NEGO, random);
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+process_acceptor_nego(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                      struct negoex_message *messages, size_t nmessages)
+{
+    struct nego_message *msg;
+
+    msg = negoex_locate_nego_message(messages, nmessages, ACCEPTOR_NEGO);
+    if (msg == NULL) {
+        *minor = ERR_NEGOEX_MISSING_NEGO_MESSAGE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* Reorder and prune our mech list to match the acceptor's list (or a
+     * subset of it). */
+    negoex_common_auth_schemes(ctx, msg->schemes, msg->nschemes);
+
+    return GSS_S_COMPLETE;
+}
+
+static void
+query_meta_data(spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+                gss_name_t target, OM_uint32 req_flags)
+{
+    OM_uint32 major, minor;
+    struct negoex_auth_mech *p, *next;
+
+    K5_TAILQ_FOREACH_SAFE(p, &ctx->negoex_mechs, links, next) {
+        major = gssspi_query_meta_data(&minor, p->oid, cred, &p->mech_context,
+                                       target, req_flags, &p->metadata);
+        /* GSS_Query_meta_data failure removes mechanism from list. */
+        if (major != GSS_S_COMPLETE)
+            negoex_delete_auth_mech(ctx, p);
+    }
+}
+
+static void
+exchange_meta_data(spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+                   gss_name_t target, OM_uint32 req_flags,
+                   struct negoex_message *messages, size_t nmessages)
+{
+    OM_uint32 major, minor;
+    struct negoex_auth_mech *mech;
+    enum message_type type;
+    struct exchange_message *msg;
+    uint32_t i;
+
+    type = ctx->initiate ? ACCEPTOR_META_DATA : INITIATOR_META_DATA;
+
+    for (i = 0; i < nmessages; i++) {
+        if (messages[i].type != type)
+            continue;
+        msg = &messages[i].u.e;
+
+        mech = negoex_locate_auth_scheme(ctx, msg->scheme);
+        if (mech == NULL)
+            continue;
+
+        major = gssspi_exchange_meta_data(&minor, mech->oid, cred,
+                                          &mech->mech_context, target,
+                                          req_flags, &msg->token);
+        /* GSS_Exchange_meta_data failure removes mechanism from list. */
+        if (major != GSS_S_COMPLETE)
+            negoex_delete_auth_mech(ctx, mech);
+    }
+}
+
+/*
+ * In the initiator, if we are processing the acceptor's first reply, discard
+ * the optimistic context if the acceptor ignored the optimistic token.  If the
+ * acceptor continued the optimistic mech, discard all other mechs.
+ */
+static void
+check_optimistic_result(spnego_gss_ctx_id_t ctx,
+                        struct negoex_message *messages, size_t nmessages)
+{
+    struct negoex_auth_mech *mech;
+    OM_uint32 tmpmin;
+
+    assert(ctx->initiate && ctx->negoex_step == 2);
+
+    /* Do nothing if we didn't make an optimistic context. */
+    mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+    if (mech == NULL || mech->mech_context == GSS_C_NO_CONTEXT)
+        return;
+
+    /* If the acceptor used the optimistic token, it will send an acceptor
+     * token or a checksum (or both) in its first reply. */
+    if (negoex_locate_exchange_message(messages, nmessages,
+                                       CHALLENGE) != NULL ||
+        negoex_locate_verify_message(messages, nmessages) != NULL) {
+        /* The acceptor continued the optimistic mech, and metadata exchange
+         * didn't remove it.  Commit to this mechanism. */
+        negoex_select_auth_mech(ctx, mech);
+    } else {
+        /* The acceptor ignored the optimistic token.  Restart the mech. */
+        (void)gss_delete_sec_context(&tmpmin, &mech->mech_context, NULL);
+        krb5_free_keyblock_contents(NULL, &mech->key);
+        krb5_free_keyblock_contents(NULL, &mech->verify_key);
+        mech->complete = mech->sent_checksum = FALSE;
+    }
+}
+
+/* Perform an initiator step of the underlying mechanism exchange. */
+static OM_uint32
+mech_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+          gss_name_t target, OM_uint32 req_flags, OM_uint32 time_req,
+          struct negoex_message *messages, size_t nmessages,
+          gss_channel_bindings_t bindings, gss_buffer_t output_token,
+          OM_uint32 *time_rec)
+{
+    OM_uint32 major, first_major = 0, first_minor = 0;
+    struct negoex_auth_mech *mech = NULL;
+    gss_buffer_t input_token = GSS_C_NO_BUFFER;
+    struct exchange_message *msg;
+    int first_mech;
+
+    output_token->value = NULL;
+    output_token->length = 0;
+
+    /* Allow disabling of optimistic token for testing. */
+    if (ctx->negoex_step == 1 &&
+        secure_getenv("NEGOEX_NO_OPTIMISTIC_TOKEN") != NULL)
+        return GSS_S_COMPLETE;
+
+    if (K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
+        *minor = ERR_NEGOEX_NO_AVAILABLE_MECHS;
+        return GSS_S_FAILURE;
+    }
+
+    /*
+     * Get the input token.  The challenge could be for the optimistic mech,
+     * which we might have discarded in metadata exchange, so ignore the
+     * challenge if it doesn't match the first auth mech.
+     */
+    mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+    msg = negoex_locate_exchange_message(messages, nmessages, CHALLENGE);
+    if (msg != NULL && GUID_EQ(msg->scheme, mech->scheme))
+        input_token = &msg->token;
+
+    if (mech->complete)
+        return GSS_S_COMPLETE;
+
+    first_mech = TRUE;
+
+    while (!K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
+        mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+
+        major = gss_init_sec_context(minor, cred, &mech->mech_context, target,
+                                     mech->oid, req_flags, time_req, bindings,
+                                     input_token, &ctx->actual_mech,
+                                     output_token, &ctx->ctx_flags, time_rec);
+
+        if (major == GSS_S_COMPLETE)
+            mech->complete = 1;
+
+        if (!GSS_ERROR(major))
+            return get_session_keys(minor, mech);
+
+        /* Remember the error we got from the first mech. */
+        if (first_mech) {
+            first_major = major;
+            first_minor = *minor;
+        }
+
+        /* If we still have multiple mechs to try, move on to the next one. */
+        negoex_delete_auth_mech(ctx, mech);
+        first_mech = FALSE;
+        input_token = GSS_C_NO_BUFFER;
+    }
+
+    if (K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
+        major = first_major;
+        *minor = first_minor;
+    }
+
+    return major;
+}
+
+/* Perform an acceptor step of the underlying mechanism exchange. */
+static OM_uint32
+mech_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+            gss_cred_id_t cred, struct negoex_message *messages,
+            size_t nmessages, gss_channel_bindings_t bindings,
+            gss_buffer_t output_token, OM_uint32 *time_rec)
+{
+    OM_uint32 major, tmpmin;
+    struct negoex_auth_mech *mech;
+    struct exchange_message *msg;
+
+    assert(!ctx->initiate && !K5_TAILQ_EMPTY(&ctx->negoex_mechs));
+
+    msg = negoex_locate_exchange_message(messages, nmessages, AP_REQUEST);
+    if (msg == NULL) {
+        /* No input token is okay on the first request or if the mech is
+         * complete. */
+        if (ctx->negoex_step == 1 ||
+            K5_TAILQ_FIRST(&ctx->negoex_mechs)->complete)
+            return GSS_S_COMPLETE;
+        *minor = ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    if (ctx->negoex_step == 1) {
+        /* Ignore the optimistic token if it isn't for our most preferred
+         * mech. */
+        mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+        if (!GUID_EQ(msg->scheme, mech->scheme))
+            return GSS_S_COMPLETE;
+    } else {
+        /* The initiator has selected a mech; discard other entries. */
+        mech = negoex_locate_auth_scheme(ctx, msg->scheme);
+        if (mech == NULL) {
+            *minor = ERR_NEGOEX_NO_AVAILABLE_MECHS;
+            return GSS_S_FAILURE;
+        }
+        negoex_select_auth_mech(ctx, mech);
+    }
+
+    if (mech->complete)
+        return GSS_S_COMPLETE;
+
+    if (ctx->internal_name != GSS_C_NO_NAME)
+        gss_release_name(&tmpmin, &ctx->internal_name);
+    if (ctx->deleg_cred != GSS_C_NO_CREDENTIAL)
+        gss_release_cred(&tmpmin, &ctx->deleg_cred);
+
+    major = gss_accept_sec_context(minor, &mech->mech_context, cred,
+                                   &msg->token, bindings, &ctx->internal_name,
+                                   &ctx->actual_mech, output_token,
+                                   &ctx->ctx_flags, time_rec,
+                                   &ctx->deleg_cred);
+
+    if (major == GSS_S_COMPLETE)
+        mech->complete = 1;
+
+    if (!GSS_ERROR(major)) {
+        major = get_session_keys(minor, mech);
+    } else if (ctx->negoex_step == 1) {
+        /* This was an optimistic token; pretend this never happened. */
+        major = GSS_S_COMPLETE;
+        *minor = 0;
+        gss_release_buffer(&tmpmin, output_token);
+        gss_delete_sec_context(&tmpmin, &mech->mech_context, GSS_C_NO_BUFFER);
+    }
+
+    return major;
+}
+
+static krb5_keyusage
+verify_keyusage(spnego_gss_ctx_id_t ctx, int make_checksum)
+{
+    /* Of course, these are the wrong way around in the spec. */
+    return (ctx->initiate ^ !make_checksum) ?
+        NEGOEX_KEYUSAGE_ACCEPTOR_CHECKSUM : NEGOEX_KEYUSAGE_INITIATOR_CHECKSUM;
+}
+
+static OM_uint32
+verify_checksum(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                struct negoex_message *messages, size_t nmessages,
+                gss_buffer_t input_token, int *send_alert_out)
+{
+    krb5_error_code ret;
+    struct negoex_auth_mech *mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+    struct verify_message *msg;
+    krb5_crypto_iov iov[3];
+    krb5_keyusage usage = verify_keyusage(ctx, FALSE);
+    krb5_boolean valid;
+
+    *send_alert_out = FALSE;
+    assert(mech != NULL);
+
+    /* The other party may not be ready to send a verify token yet, or (in the
+     * first initiator step) may send one for a mechanism we don't support. */
+    msg = negoex_locate_verify_message(messages, nmessages);
+    if (msg == NULL || !GUID_EQ(msg->scheme, mech->scheme))
+        return GSS_S_COMPLETE;
+
+    /* A recoverable error may cause us to be unable to verify a token from the
+     * other party.  In this case we should send an alert. */
+    if (mech->verify_key.enctype == ENCTYPE_NULL) {
+        *send_alert_out = TRUE;
+        return GSS_S_COMPLETE;
+    }
+
+    /* Verify the checksum over the existing transcript and the portion of the
+     * input token leading up to the verify message. */
+    assert(input_token != NULL);
+    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[0].data = make_data(ctx->negoex_transcript.data,
+                            ctx->negoex_transcript.len);
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = make_data(input_token->value, msg->offset_in_token);
+    iov[2].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+    iov[2].data = make_data((uint8_t *)msg->cksum, msg->cksum_len);
+
+    ret = krb5_c_verify_checksum_iov(ctx->kctx, msg->cksum_type,
+                                     &mech->verify_key, usage, iov, 3, &valid);
+    if (ret) {
+        *minor = ret;
+        return GSS_S_FAILURE;
+    }
+    if (!valid || !krb5_c_is_keyed_cksum(msg->cksum_type)) {
+        *minor = ERR_NEGOEX_INVALID_CHECKSUM;
+        return GSS_S_BAD_SIG;
+    }
+
+    mech->verified_checksum = TRUE;
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+make_checksum(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
+{
+    krb5_error_code ret;
+    krb5_data d;
+    krb5_keyusage usage = verify_keyusage(ctx, TRUE);
+    krb5_checksum cksum;
+    struct negoex_auth_mech *mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+
+    assert(mech != NULL);
+
+    if (mech->key.enctype == ENCTYPE_NULL) {
+        if (mech->complete) {
+            *minor = ERR_NEGOEX_NO_VERIFY_KEY;
+            return GSS_S_UNAVAILABLE;
+        } else {
+            return GSS_S_COMPLETE;
+        }
+    }
+
+    d = make_data(ctx->negoex_transcript.data, ctx->negoex_transcript.len);
+    ret = krb5_c_make_checksum(ctx->kctx, 0, &mech->key, usage, &d, &cksum);
+    if (ret) {
+        *minor = ret;
+        return GSS_S_FAILURE;
+    }
+
+    negoex_add_verify_message(ctx, mech->scheme, cksum.checksum_type,
+                              cksum.contents, cksum.length);
+
+    mech->sent_checksum = TRUE;
+    krb5_free_checksum_contents(ctx->kctx, &cksum);
+    return GSS_S_COMPLETE;
+}
+
+/* If the other side sent a VERIFY_NO_KEY pulse alert, clear the checksum state
+ * on the mechanism so that we send another VERIFY message. */
+static void
+process_alerts(spnego_gss_ctx_id_t ctx,
+               struct negoex_message *messages, uint32_t nmessages)
+{
+    struct alert_message *msg;
+    struct negoex_auth_mech *mech;
+
+    msg = negoex_locate_alert_message(messages, nmessages);
+    if (msg != NULL && msg->verify_no_key) {
+        mech = negoex_locate_auth_scheme(ctx, msg->scheme);
+        if (mech != NULL) {
+            mech->sent_checksum = FALSE;
+            krb5_free_keyblock_contents(NULL, &mech->key);
+            krb5_free_keyblock_contents(NULL, &mech->verify_key);
+        }
+    }
+}
+
+static OM_uint32
+make_output_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                  gss_buffer_t mech_output_token, int send_alert,
+                  gss_buffer_t output_token)
+{
+    OM_uint32 major;
+    struct negoex_auth_mech *mech;
+    enum message_type type;
+    size_t old_transcript_len = ctx->negoex_transcript.len;
+
+    output_token->length = 0;
+    output_token->value = NULL;
+
+    /* If the mech is complete and we previously sent a checksum, we just
+     * processed the last leg and don't need to send another token. */
+    if (mech_output_token->length == 0 &&
+        K5_TAILQ_FIRST(&ctx->negoex_mechs)->sent_checksum)
+        return GSS_S_COMPLETE;
+
+    if (ctx->negoex_step == 1) {
+        if (ctx->initiate)
+            major = emit_initiator_nego(minor, ctx);
+        else
+            major = emit_acceptor_nego(minor, ctx);
+        if (major != GSS_S_COMPLETE)
+            return major;
+
+        type = ctx->initiate ? INITIATOR_META_DATA : ACCEPTOR_META_DATA;
+        K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links) {
+            if (mech->metadata.length > 0) {
+                negoex_add_exchange_message(ctx, type, mech->scheme,
+                                            &mech->metadata);
+            }
+        }
+    }
+
+    mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+
+    if (mech_output_token->length > 0) {
+        type = ctx->initiate ? AP_REQUEST : CHALLENGE;
+        negoex_add_exchange_message(ctx, type, mech->scheme,
+                                    mech_output_token);
+    }
+
+    if (send_alert)
+        negoex_add_verify_no_key_alert(ctx, mech->scheme);
+
+    /* Try to add a VERIFY message if we haven't already done so. */
+    if (!mech->sent_checksum) {
+        major = make_checksum(minor, ctx);
+        if (major != GSS_S_COMPLETE)
+            return major;
+    }
+
+    if (ctx->negoex_transcript.data == NULL) {
+        *minor = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+
+    /* Copy what we added to the transcript into the output token. */
+    output_token->length = ctx->negoex_transcript.len - old_transcript_len;
+    output_token->value = gssalloc_malloc(output_token->length);
+    if (output_token->value == NULL) {
+        *minor = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    memcpy(output_token->value,
+           (uint8_t *)ctx->negoex_transcript.data + old_transcript_len,
+           output_token->length);
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+negoex_init(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+            gss_name_t target_name, OM_uint32 req_flags, OM_uint32 time_req,
+            gss_buffer_t input_token, gss_channel_bindings_t bindings,
+            gss_buffer_t output_token, OM_uint32 *time_rec)
+{
+    OM_uint32 major, tmpmin;
+    gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER;
+    struct negoex_message *messages = NULL;
+    struct negoex_auth_mech *mech;
+    size_t nmessages = 0;
+    int send_alert = FALSE;
+
+    if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER &&
+        input_token->length != 0)
+        return GSS_S_DEFECTIVE_TOKEN;
+
+    major = negoex_prep_context_for_negoex(minor, ctx);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+
+    ctx->negoex_step++;
+
+    if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) {
+        major = negoex_parse_token(minor, ctx, input_token, &messages,
+                                   &nmessages);
+        if (major != GSS_S_COMPLETE)
+            goto cleanup;
+    }
+
+    process_alerts(ctx, messages, nmessages);
+
+    if (ctx->negoex_step == 1) {
+        /* Choose a random conversation ID. */
+        major = negoex_random(minor, ctx, ctx->negoex_conv_id, GUID_LENGTH);
+        if (major != GSS_S_COMPLETE)
+            goto cleanup;
+
+        /* Query each mech for its metadata (this may prune the mech list). */
+        query_meta_data(ctx, cred, target_name, req_flags);
+    } else if (ctx->negoex_step == 2) {
+        /* See if the mech processed the optimistic token. */
+        check_optimistic_result(ctx, messages, nmessages);
+
+        /* Pass the acceptor metadata to each mech to prune the list. */
+        exchange_meta_data(ctx, cred, target_name, req_flags,
+                           messages, nmessages);
+
+        /* Process the ACCEPTOR_NEGO message. */
+        major = process_acceptor_nego(minor, ctx, messages, nmessages);
+        if (major != GSS_S_COMPLETE)
+            goto cleanup;
+    }
+
+    /* Process the input token and/or produce an output token.  This may prune
+     * the mech list, but on success there will be at least one mech entry. */
+    major = mech_init(minor, ctx, cred, target_name, req_flags, time_req,
+                      messages, nmessages, bindings, &mech_output_token,
+                      time_rec);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+    assert(!K5_TAILQ_EMPTY(&ctx->negoex_mechs));
+
+    /* At this point in step 2 we have performed the metadata exchange and
+     * chosen a mech we can use, so discard any fallback mech entries. */
+    if (ctx->negoex_step == 2)
+        negoex_select_auth_mech(ctx, K5_TAILQ_FIRST(&ctx->negoex_mechs));
+
+    major = verify_checksum(minor, ctx, messages, nmessages, input_token,
+                            &send_alert);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+
+    if (input_token != GSS_C_NO_BUFFER) {
+        k5_buf_add_len(&ctx->negoex_transcript, input_token->value,
+                       input_token->length);
+    }
+
+    major = make_output_token(minor, ctx, &mech_output_token, send_alert,
+                              output_token);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+
+    mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+    major = (mech->complete && mech->verified_checksum) ? GSS_S_COMPLETE :
+        GSS_S_CONTINUE_NEEDED;
+
+cleanup:
+    free(messages);
+    gss_release_buffer(&tmpmin, &mech_output_token);
+    negoex_prep_context_for_spnego(ctx);
+    return major;
+}
+
+OM_uint32
+negoex_accept(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, gss_cred_id_t cred,
+              gss_buffer_t input_token, gss_channel_bindings_t bindings,
+              gss_buffer_t output_token, OM_uint32 *time_rec)
+{
+    OM_uint32 major, tmpmin;
+    gss_buffer_desc mech_output_token = GSS_C_EMPTY_BUFFER;
+    struct negoex_message *messages = NULL;
+    struct negoex_auth_mech *mech;
+    size_t nmessages;
+    int send_alert = FALSE;
+
+    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+        major = GSS_S_DEFECTIVE_TOKEN;
+        goto cleanup;
+    }
+
+    major = negoex_prep_context_for_negoex(minor, ctx);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+
+    ctx->negoex_step++;
+
+    major = negoex_parse_token(minor, ctx, input_token, &messages, &nmessages);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+
+    process_alerts(ctx, messages, nmessages);
+
+    if (ctx->negoex_step == 1) {
+        /* Read the INITIATOR_NEGO message to prune the candidate mech list. */
+        major = process_initiator_nego(minor, ctx, messages, nmessages);
+        if (major != GSS_S_COMPLETE)
+            goto cleanup;
+
+        /*
+         * Pass the initiator metadata to each mech to prune the list, and
+         * query each mech for its acceptor metadata (which may also prune the
+         * list).
+         */
+        exchange_meta_data(ctx, cred, GSS_C_NO_NAME, 0, messages, nmessages);
+        query_meta_data(ctx, cred, GSS_C_NO_NAME, 0);
+
+        if (K5_TAILQ_EMPTY(&ctx->negoex_mechs)) {
+            *minor = ERR_NEGOEX_NO_AVAILABLE_MECHS;
+            major = GSS_S_FAILURE;
+            goto cleanup;
+        }
+    }
+
+    /*
+     * Process the input token and possibly produce an output token.  This may
+     * prune the list to a single mech.  Continue on error if an output token
+     * is generated, so that we send the token to the initiator.
+     */
+    major = mech_accept(minor, ctx, cred, messages, nmessages, bindings,
+                        &mech_output_token, time_rec);
+    if (major != GSS_S_COMPLETE && mech_output_token.length == 0)
+        goto cleanup;
+
+    if (major == GSS_S_COMPLETE) {
+        major = verify_checksum(minor, ctx, messages, nmessages, input_token,
+                                &send_alert);
+        if (major != GSS_S_COMPLETE)
+            goto cleanup;
+    }
+
+    k5_buf_add_len(&ctx->negoex_transcript,
+                   input_token->value, input_token->length);
+
+    major = make_output_token(minor, ctx, &mech_output_token, send_alert,
+                              output_token);
+    if (major != GSS_S_COMPLETE)
+        goto cleanup;
+
+    mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+    major = (mech->complete && mech->verified_checksum) ? GSS_S_COMPLETE :
+        GSS_S_CONTINUE_NEEDED;
+
+cleanup:
+    free(messages);
+    gss_release_buffer(&tmpmin, &mech_output_token);
+    negoex_prep_context_for_spnego(ctx);
+    return major;
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/negoex_trace.c b/krb5-1.21.3/src/lib/gssapi/spnego/negoex_trace.c
new file mode 100644
index 00000000..04ed992b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/negoex_trace.c
@@ -0,0 +1,121 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2011-2018 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gssapiP_spnego.h"
+
+static int
+guid_to_string(const uint8_t guid[16], char *buffer, size_t bufsiz)
+{
+    uint32_t data1;
+    uint16_t data2, data3;
+
+    data1 = load_32_le(guid);
+    data2 = load_16_le(guid + 4);
+    data3 = load_16_le(guid + 6);
+
+    return snprintf(buffer, bufsiz,
+                    "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                    data1, data2, data3, guid[8], guid[9], guid[10], guid[11],
+                    guid[12], guid[13], guid[14], guid[15]);
+}
+
+static void
+trace_auth_scheme(spnego_gss_ctx_id_t ctx, const char *prefix, int ind,
+                  const auth_scheme scheme)
+{
+    char trace_msg[128];
+    char szAuthScheme[37];
+
+    guid_to_string(scheme, szAuthScheme, sizeof(szAuthScheme));
+
+    snprintf(trace_msg, sizeof(trace_msg),
+             "NEGOEXTS: %20s[%02u] -- AuthScheme %s",
+             prefix, ind, szAuthScheme);
+    TRACE_NEGOEX_AUTH_SCHEMES(ctx->kctx, trace_msg);
+}
+
+void
+negoex_trace_auth_schemes(spnego_gss_ctx_id_t ctx, const char *prefix,
+                          const uint8_t *schemes, uint16_t nschemes)
+{
+    uint16_t i;
+
+    for (i = 0; i < nschemes; i++)
+        trace_auth_scheme(ctx, prefix, i, schemes + i * GUID_LENGTH);
+}
+
+void
+negoex_trace_ctx_auth_schemes(spnego_gss_ctx_id_t ctx, const char *prefix)
+{
+    negoex_auth_mech_t mech;
+    int ind = 0;
+
+    K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links)
+        trace_auth_scheme(ctx, prefix, ind++, mech->scheme);
+}
+
+void
+negoex_trace_message(spnego_gss_ctx_id_t ctx, int direction,
+                     enum message_type type, const conversation_id conv_id,
+                     unsigned int seqnum, unsigned int header_len,
+                     unsigned int msg_len)
+{
+    char trace_msg[128];
+    char conv_str[37];
+    char *typestr;
+
+    if (type == INITIATOR_NEGO)
+        typestr = "INITIATOR_NEGO";
+    else if (type == ACCEPTOR_NEGO)
+        typestr = "ACCEPTOR_NEGO";
+    else if (type == INITIATOR_META_DATA)
+        typestr = "INITIATOR_META_DATA";
+    else if (type == ACCEPTOR_META_DATA)
+        typestr = "ACCEPTOR_META_DATA";
+    else if (type == CHALLENGE)
+        typestr = "CHALLENGE";
+    else if (type == AP_REQUEST)
+        typestr = "AP_REQUEST";
+    else if (type == VERIFY)
+        typestr = "VERIFY";
+    else if (type == ALERT)
+        typestr = "ALERT";
+    else
+        typestr = "UNKNOWN";
+
+    guid_to_string(conv_id, conv_str, sizeof(conv_str));
+    snprintf(trace_msg, sizeof(trace_msg),
+             "NEGOEXTS%c %20s[%02u] -- ConvId %s HdrLength %u MsgLength %u",
+             direction ? '<' : '>', typestr, seqnum, conv_str, header_len,
+             msg_len);
+
+    TRACE_NEGOEX_MESSAGE(ctx->kctx, trace_msg);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c b/krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c
new file mode 100644
index 00000000..edc5462e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c
@@ -0,0 +1,813 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2011-2018 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "gssapiP_spnego.h"
+#include <generic/gssapiP_generic.h>
+#include "k5-input.h"
+
+static void
+release_auth_mech(struct negoex_auth_mech *mech);
+
+OM_uint32
+negoex_random(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+              uint8_t *data, size_t length)
+{
+    krb5_data d = make_data(data, length);
+
+    *minor = krb5_c_random_make_octets(ctx->kctx, &d);
+    return *minor ? GSS_S_FAILURE : GSS_S_COMPLETE;
+}
+
+/*
+ * SPNEGO functions expect to find the active mech context in ctx->ctx_handle,
+ * but the metadata exchange APIs force us to have one mech context per mech
+ * entry.  To address this mismatch, move the active mech context (if we have
+ * one) to ctx->ctx_handle at the end of NegoEx processing.
+ */
+void
+negoex_prep_context_for_spnego(spnego_gss_ctx_id_t ctx)
+{
+    struct negoex_auth_mech *mech;
+
+    mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+    if (mech == NULL || mech->mech_context == GSS_C_NO_CONTEXT)
+        return;
+
+    assert(ctx->ctx_handle == GSS_C_NO_CONTEXT);
+    ctx->ctx_handle = mech->mech_context;
+    mech->mech_context = GSS_C_NO_CONTEXT;
+}
+
+OM_uint32
+negoex_prep_context_for_negoex(OM_uint32 *minor, spnego_gss_ctx_id_t ctx)
+{
+    krb5_error_code ret;
+    struct negoex_auth_mech *mech;
+
+    if (ctx->kctx != NULL) {
+        /* The context is already initialized for NegoEx.  Undo what
+         * negoex_prep_for_spnego() did, if applicable. */
+        if (ctx->ctx_handle != GSS_C_NO_CONTEXT) {
+            mech = K5_TAILQ_FIRST(&ctx->negoex_mechs);
+            assert(mech != NULL && mech->mech_context == GSS_C_NO_CONTEXT);
+            mech->mech_context = ctx->ctx_handle;
+            ctx->ctx_handle = GSS_C_NO_CONTEXT;
+        }
+        return GSS_S_COMPLETE;
+    }
+
+    /* Initialize the NegoEX context fields.  (negoex_mechs is already set up
+     * by SPNEGO.) */
+    ret = krb5_init_context(&ctx->kctx);
+    if (ret) {
+        *minor = ret;
+        return GSS_S_FAILURE;
+    }
+
+    k5_buf_init_dynamic(&ctx->negoex_transcript);
+
+    return GSS_S_COMPLETE;
+}
+
+static void
+release_all_mechs(spnego_gss_ctx_id_t ctx)
+{
+    struct negoex_auth_mech *mech, *next;
+
+    K5_TAILQ_FOREACH_SAFE(mech, &ctx->negoex_mechs, links, next)
+        release_auth_mech(mech);
+    K5_TAILQ_INIT(&ctx->negoex_mechs);
+}
+
+void
+negoex_release_context(spnego_gss_ctx_id_t ctx)
+{
+    k5_buf_free(&ctx->negoex_transcript);
+    release_all_mechs(ctx);
+    krb5_free_context(ctx->kctx);
+    ctx->kctx = NULL;
+}
+
+static const char *
+typestr(enum message_type type)
+{
+    if (type == INITIATOR_NEGO)
+        return "INITIATOR_NEGO";
+    else if (type == ACCEPTOR_NEGO)
+        return "ACCEPTOR_NEGO";
+    else if (type == INITIATOR_META_DATA)
+        return "INITIATOR_META_DATA";
+    else if (type == ACCEPTOR_META_DATA)
+        return "ACCEPTOR_META_DATA";
+    else if (type == CHALLENGE)
+        return "CHALLENGE";
+    else if (type == AP_REQUEST)
+        return "AP_REQUEST";
+    else if (type == VERIFY)
+        return "VERIFY";
+    else if (type == ALERT)
+        return "ALERT";
+    else
+        return "UNKNOWN";
+}
+
+static void
+add_guid(struct k5buf *buf, const uint8_t guid[GUID_LENGTH])
+{
+    uint32_t data1 = load_32_le(guid);
+    uint16_t data2 = load_16_le(guid + 4), data3 = load_16_le(guid + 6);
+
+    k5_buf_add_fmt(buf, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                   data1, data2, data3, guid[8], guid[9], guid[10], guid[11],
+                   guid[12], guid[13], guid[14], guid[15]);
+}
+
+static char *
+guid_to_string(const uint8_t guid[GUID_LENGTH])
+{
+    struct k5buf buf;
+
+    k5_buf_init_dynamic(&buf);
+    add_guid(&buf, guid);
+    return k5_buf_cstring(&buf);
+}
+
+/* Check that the described vector lies within the message, and return a
+ * pointer to its first element. */
+static inline const uint8_t *
+vector_base(size_t offset, size_t count, size_t width,
+            const uint8_t *msg_base, size_t msg_len)
+{
+    if (offset > msg_len || count > (msg_len - offset) / width)
+        return NULL;
+    return msg_base + offset;
+}
+
+/* Trace a received message.  Call after the context sequence number is
+ * incremented. */
+static void
+trace_received_message(spnego_gss_ctx_id_t ctx,
+                       const struct negoex_message *msg)
+{
+    struct k5buf buf;
+    uint16_t i;
+    char *info = NULL;
+
+    if (msg->type == INITIATOR_NEGO || msg->type == ACCEPTOR_NEGO) {
+        k5_buf_init_dynamic(&buf);
+        for (i = 0; i < msg->u.n.nschemes; i++) {
+            add_guid(&buf, msg->u.n.schemes + i * GUID_LENGTH);
+            if (i + 1 < msg->u.n.nschemes)
+                k5_buf_add(&buf, " ");
+        }
+        info = k5_buf_cstring(&buf);
+    } else if (msg->type == INITIATOR_META_DATA ||
+               msg->type == ACCEPTOR_META_DATA ||
+               msg->type == CHALLENGE || msg->type == AP_REQUEST) {
+        info = guid_to_string(msg->u.e.scheme);
+    } else if (msg->type == VERIFY) {
+        info = guid_to_string(msg->u.v.scheme);
+    } else if (msg->type == ALERT) {
+        info = guid_to_string(msg->u.a.scheme);
+    }
+
+    if (info == NULL)
+        return;
+
+    TRACE_NEGOEX_INCOMING(ctx->kctx, ctx->negoex_seqnum - 1,
+                          typestr(msg->type), info);
+    free(info);
+}
+
+/* Trace an outgoing message with a GUID info string.  Call after the context
+ * sequence number is incremented. */
+static void
+trace_outgoing_message(spnego_gss_ctx_id_t ctx, enum message_type type,
+                       const uint8_t guid[GUID_LENGTH])
+{
+    char *info = guid_to_string(guid);
+
+    if (info == NULL)
+        return;
+    TRACE_NEGOEX_OUTGOING(ctx->kctx, ctx->negoex_seqnum - 1, typestr(type),
+                          info);
+    free(info);
+}
+
+static OM_uint32
+parse_nego_message(OM_uint32 *minor, struct k5input *in,
+                   const uint8_t *msg_base, size_t msg_len,
+                   struct nego_message *msg)
+{
+    const uint8_t *p;
+    uint64_t protocol_version;
+    uint32_t extension_type;
+    size_t offset, count, i;
+
+    p = k5_input_get_bytes(in, sizeof(msg->random));
+    if (p != NULL)
+        memcpy(msg->random, p, sizeof(msg->random));
+    protocol_version = k5_input_get_uint64_le(in);
+    if (protocol_version != 0) {
+        *minor = ERR_NEGOEX_UNSUPPORTED_VERSION;
+        return GSS_S_UNAVAILABLE;
+    }
+
+    offset = k5_input_get_uint32_le(in);
+    count = k5_input_get_uint16_le(in);
+    msg->schemes = vector_base(offset, count, GUID_LENGTH, msg_base, msg_len);
+    msg->nschemes = count;
+    if (msg->schemes == NULL) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    offset = k5_input_get_uint32_le(in);
+    count = k5_input_get_uint16_le(in);
+    p = vector_base(offset, count, EXTENSION_LENGTH, msg_base, msg_len);
+    for (i = 0; i < count; i++) {
+        extension_type = load_32_le(p + i * EXTENSION_LENGTH);
+        if (extension_type & EXTENSION_FLAG_CRITICAL) {
+            *minor = ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION;
+            return GSS_S_UNAVAILABLE;
+        }
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+parse_exchange_message(OM_uint32 *minor, struct k5input *in,
+                       const uint8_t *msg_base, size_t msg_len,
+                       struct exchange_message *msg)
+{
+    const uint8_t *p;
+    size_t offset, len;
+
+    p = k5_input_get_bytes(in, GUID_LENGTH);
+    if (p != NULL)
+        memcpy(msg->scheme, p, GUID_LENGTH);
+
+    offset = k5_input_get_uint32_le(in);
+    len = k5_input_get_uint32_le(in);
+    p = vector_base(offset, len, 1, msg_base, msg_len);
+    if (p == NULL) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    msg->token.value = (void *)p;
+    msg->token.length = len;
+
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+parse_verify_message(OM_uint32 *minor, struct k5input *in,
+                     const uint8_t *msg_base, size_t msg_len,
+                     size_t token_offset, struct verify_message *msg)
+{
+    const uint8_t *p;
+    size_t offset, len;
+    uint32_t hdrlen, cksum_scheme;
+
+    p = k5_input_get_bytes(in, GUID_LENGTH);
+    if (p != NULL)
+        memcpy(msg->scheme, p, GUID_LENGTH);
+
+    hdrlen = k5_input_get_uint32_le(in);
+    if (hdrlen != CHECKSUM_HEADER_LENGTH) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    cksum_scheme = k5_input_get_uint32_le(in);
+    if (cksum_scheme != CHECKSUM_SCHEME_RFC3961) {
+        *minor = ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME;
+        return GSS_S_UNAVAILABLE;
+    }
+    msg->cksum_type = k5_input_get_uint32_le(in);
+
+    offset = k5_input_get_uint32_le(in);
+    len = k5_input_get_uint32_le(in);
+    msg->cksum = vector_base(offset, len, 1, msg_base, msg_len);
+    msg->cksum_len = len;
+    if (msg->cksum == NULL) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    msg->offset_in_token = token_offset;
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+parse_alert_message(OM_uint32 *minor, struct k5input *in,
+                    const uint8_t *msg_base, size_t msg_len,
+                    struct alert_message *msg)
+{
+    const uint8_t *p;
+    uint32_t atype, reason;
+    size_t alerts_offset, nalerts, value_offset, value_len, i;
+    struct k5input alerts_in, pulse_in;
+
+    p = k5_input_get_bytes(in, GUID_LENGTH);
+    if (p != NULL)
+        memcpy(msg->scheme, p, GUID_LENGTH);
+    (void)k5_input_get_uint32_le(in);  /* skip over ErrorCode */
+    alerts_offset = k5_input_get_uint32_le(in);
+    nalerts = k5_input_get_uint32_le(in);
+    p = vector_base(alerts_offset, nalerts, ALERT_LENGTH, msg_base, msg_len);
+    if (p == NULL) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* Look for a VERIFY_NO_KEY pulse alert in the alerts vector. */
+    msg->verify_no_key = FALSE;
+    k5_input_init(&alerts_in, p, nalerts * ALERT_LENGTH);
+    for (i = 0; i < nalerts; i++) {
+        atype = k5_input_get_uint32_le(&alerts_in);
+        value_offset = k5_input_get_uint32_le(&alerts_in);
+        value_len = k5_input_get_uint32_le(&alerts_in);
+        p = vector_base(value_offset, value_len, 1, msg_base, msg_len);
+        if (p == NULL) {
+            *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+            return GSS_S_DEFECTIVE_TOKEN;
+        }
+
+        if (atype == ALERT_TYPE_PULSE && value_len >= ALERT_PULSE_LENGTH) {
+            k5_input_init(&pulse_in, p, value_len);
+            (void)k5_input_get_uint32_le(&pulse_in);  /* skip header length */
+            reason = k5_input_get_uint32_le(&pulse_in);
+            if (reason == ALERT_VERIFY_NO_KEY)
+                msg->verify_no_key = TRUE;
+        }
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+parse_message(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, struct k5input *in,
+              const uint8_t *token_base, struct negoex_message *msg)
+{
+    OM_uint32 major;
+    const uint8_t *msg_base = in->ptr, *conv_id;
+    size_t token_remaining = in->len, header_len, msg_len;
+    uint64_t signature;
+    uint32_t type, seqnum;
+
+    signature = k5_input_get_uint64_le(in);
+    type = k5_input_get_uint32_le(in);
+    seqnum = k5_input_get_uint32_le(in);
+    header_len = k5_input_get_uint32_le(in);
+    msg_len = k5_input_get_uint32_le(in);
+    conv_id = k5_input_get_bytes(in, GUID_LENGTH);
+
+    if (in->status || msg_len > token_remaining || header_len > msg_len) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    if (signature != MESSAGE_SIGNATURE) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    if (seqnum != ctx->negoex_seqnum) {
+        *minor = ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    if (seqnum == 0) {
+        memcpy(ctx->negoex_conv_id, conv_id, GUID_LENGTH);
+    } else if (!GUID_EQ(conv_id, ctx->negoex_conv_id)) {
+        *minor = ERR_NEGOEX_INVALID_CONVERSATION_ID;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    /* Restrict the input region to the header. */
+    in->len = header_len - (in->ptr - msg_base);
+
+    msg->type = type;
+    if (type == INITIATOR_NEGO || type == ACCEPTOR_NEGO) {
+        major = parse_nego_message(minor, in, msg_base, msg_len, &msg->u.n);
+    } else if (type == INITIATOR_META_DATA || type == ACCEPTOR_META_DATA ||
+               type == CHALLENGE || type == AP_REQUEST) {
+        major = parse_exchange_message(minor, in, msg_base, msg_len,
+                                       &msg->u.e);
+    } else if (type == VERIFY) {
+        major = parse_verify_message(minor, in, msg_base, msg_len,
+                                     msg_base - token_base, &msg->u.v);
+    } else if (type == ALERT) {
+        major = parse_alert_message(minor, in, msg_base, msg_len, &msg->u.a);
+    } else {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_TYPE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+    if (major != GSS_S_COMPLETE)
+        return major;
+
+    /* Reset the input buffer to the remainder of the token. */
+    if (!in->status)
+        k5_input_init(in, msg_base + msg_len, token_remaining - msg_len);
+
+    ctx->negoex_seqnum++;
+    trace_received_message(ctx, msg);
+    return GSS_S_COMPLETE;
+}
+
+/*
+ * Parse token into an array of negoex_message structures.  All pointer fields
+ * within the parsed messages are aliases into token, so the result can be
+ * freed with free().  An unknown protocol version, a critical extension, or an
+ * unknown checksum scheme will cause a parsing failure.  Increment the
+ * sequence number in ctx for each message, and record and check the
+ * conversation ID in ctx as appropriate.
+ */
+OM_uint32
+negoex_parse_token(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                   gss_const_buffer_t token,
+                   struct negoex_message **messages_out, size_t *count_out)
+{
+    OM_uint32 major = GSS_S_COMPLETE;
+    size_t count = 0;
+    struct k5input in;
+    struct negoex_message *messages = NULL, *newptr;
+
+    *messages_out = NULL;
+    *count_out = 0;
+    assert(token != GSS_C_NO_BUFFER);
+    k5_input_init(&in, token->value, token->length);
+
+    while (in.status == 0 && in.len > 0) {
+        newptr = realloc(messages, (count + 1) * sizeof(*newptr));
+        if (newptr == NULL) {
+            free(messages);
+            *minor = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+        messages = newptr;
+
+        major = parse_message(minor, ctx, &in, token->value, &messages[count]);
+        if (major != GSS_S_COMPLETE)
+            break;
+
+        count++;
+    }
+
+    if (in.status) {
+        *minor = ERR_NEGOEX_INVALID_MESSAGE_SIZE;
+        major = GSS_S_DEFECTIVE_TOKEN;
+    }
+    if (major != GSS_S_COMPLETE) {
+        free(messages);
+        return major;
+    }
+
+    *messages_out = messages;
+    *count_out = count;
+    return GSS_S_COMPLETE;
+}
+
+static struct negoex_message *
+locate_message(struct negoex_message *messages, size_t nmessages,
+               enum message_type type)
+{
+    uint32_t i;
+
+    for (i = 0; i < nmessages; i++) {
+        if (messages[i].type == type)
+            return &messages[i];
+    }
+
+    return NULL;
+}
+
+struct nego_message *
+negoex_locate_nego_message(struct negoex_message *messages, size_t nmessages,
+                           enum message_type type)
+{
+    struct negoex_message *msg = locate_message(messages, nmessages, type);
+
+    return (msg == NULL) ? NULL : &msg->u.n;
+}
+
+struct exchange_message *
+negoex_locate_exchange_message(struct negoex_message *messages,
+                               size_t nmessages, enum message_type type)
+{
+    struct negoex_message *msg = locate_message(messages, nmessages, type);
+
+    return (msg == NULL) ? NULL : &msg->u.e;
+}
+
+struct verify_message *
+negoex_locate_verify_message(struct negoex_message *messages,
+                             size_t nmessages)
+{
+    struct negoex_message *msg = locate_message(messages, nmessages, VERIFY);
+
+    return (msg == NULL) ? NULL : &msg->u.v;
+}
+
+struct alert_message *
+negoex_locate_alert_message(struct negoex_message *messages, size_t nmessages)
+{
+    struct negoex_message *msg = locate_message(messages, nmessages, ALERT);
+
+    return (msg == NULL) ? NULL : &msg->u.a;
+}
+
+/*
+ * Add the encoding of a MESSAGE_HEADER structure to buf, given the number of
+ * bytes of the payload following the full header.  Increment the sequence
+ * number in ctx.  Set *payload_start_out to the position of the payload within
+ * the message.
+ */
+static void
+put_message_header(spnego_gss_ctx_id_t ctx, enum message_type type,
+                   uint32_t payload_len, uint32_t *payload_start_out)
+{
+    size_t header_len;
+
+    if (type == INITIATOR_NEGO || type == ACCEPTOR_NEGO)
+        header_len = NEGO_MESSAGE_HEADER_LENGTH;
+    else if (type == INITIATOR_META_DATA || type == ACCEPTOR_META_DATA ||
+             type == CHALLENGE || type == AP_REQUEST)
+        header_len = EXCHANGE_MESSAGE_HEADER_LENGTH;
+    else if (type == VERIFY)
+        header_len = VERIFY_MESSAGE_HEADER_LENGTH;
+    else if (type == ALERT)
+        header_len = ALERT_MESSAGE_HEADER_LENGTH;
+    else
+        abort();
+
+    k5_buf_add_uint64_le(&ctx->negoex_transcript, MESSAGE_SIGNATURE);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, type);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, ctx->negoex_seqnum++);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, header_len);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, header_len + payload_len);
+    k5_buf_add_len(&ctx->negoex_transcript, ctx->negoex_conv_id, GUID_LENGTH);
+
+    *payload_start_out = header_len;
+}
+
+void
+negoex_add_nego_message(spnego_gss_ctx_id_t ctx, enum message_type type,
+                        uint8_t random[32])
+{
+    struct negoex_auth_mech *mech;
+    uint32_t payload_start, seqnum = ctx->negoex_seqnum;
+    uint16_t nschemes;
+    struct k5buf buf;
+
+    nschemes = 0;
+    K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links)
+        nschemes++;
+
+    put_message_header(ctx, type, nschemes * GUID_LENGTH, &payload_start);
+    k5_buf_add_len(&ctx->negoex_transcript, random, 32);
+    /* ProtocolVersion */
+    k5_buf_add_uint64_le(&ctx->negoex_transcript, 0);
+    /* AuthSchemes vector */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
+    k5_buf_add_uint16_le(&ctx->negoex_transcript, nschemes);
+    /* Extensions vector */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
+    k5_buf_add_uint16_le(&ctx->negoex_transcript, 0);
+    /* Four bytes of padding to reach a multiple of 8 bytes. */
+    k5_buf_add_len(&ctx->negoex_transcript, "\0\0\0\0", 4);
+
+    /* Payload (auth schemes); also build guid string for tracing. */
+    k5_buf_init_dynamic(&buf);
+    K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links) {
+        k5_buf_add_len(&ctx->negoex_transcript, mech->scheme, GUID_LENGTH);
+        add_guid(&buf, mech->scheme);
+        k5_buf_add(&buf, " ");
+    }
+
+    if (buf.len > 0) {
+        k5_buf_truncate(&buf, buf.len - 1);
+        TRACE_NEGOEX_OUTGOING(ctx->kctx, seqnum, typestr(type),
+                              k5_buf_cstring(&buf));
+        k5_buf_free(&buf);
+    }
+}
+
+void
+negoex_add_exchange_message(spnego_gss_ctx_id_t ctx, enum message_type type,
+                            const auth_scheme scheme, gss_buffer_t token)
+{
+    uint32_t payload_start;
+
+    put_message_header(ctx, type, token->length, &payload_start);
+    k5_buf_add_len(&ctx->negoex_transcript, scheme, GUID_LENGTH);
+    /* Exchange byte vector */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, token->length);
+    /* Payload (token) */
+    k5_buf_add_len(&ctx->negoex_transcript, token->value, token->length);
+
+    trace_outgoing_message(ctx, type, scheme);
+}
+
+void
+negoex_add_verify_message(spnego_gss_ctx_id_t ctx, const auth_scheme scheme,
+                          uint32_t cksum_type, const uint8_t *cksum,
+                          uint32_t cksum_len)
+{
+    uint32_t payload_start;
+
+    put_message_header(ctx, VERIFY, cksum_len, &payload_start);
+    k5_buf_add_len(&ctx->negoex_transcript, scheme, GUID_LENGTH);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, CHECKSUM_HEADER_LENGTH);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, CHECKSUM_SCHEME_RFC3961);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, cksum_type);
+    /* ChecksumValue vector */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, cksum_len);
+    /* Four bytes of padding to reach a multiple of 8 bytes. */
+    k5_buf_add_len(&ctx->negoex_transcript, "\0\0\0\0", 4);
+    /* Payload (checksum contents) */
+    k5_buf_add_len(&ctx->negoex_transcript, cksum, cksum_len);
+
+    trace_outgoing_message(ctx, VERIFY, scheme);
+}
+
+/* Add an ALERT_MESSAGE containing a single ALERT_TYPE_PULSE alert with the
+ * reason ALERT_VERIFY_NO_KEY. */
+void
+negoex_add_verify_no_key_alert(spnego_gss_ctx_id_t ctx,
+                               const auth_scheme scheme)
+{
+    uint32_t payload_start;
+
+    put_message_header(ctx, ALERT, ALERT_LENGTH + ALERT_PULSE_LENGTH,
+                       &payload_start);
+    k5_buf_add_len(&ctx->negoex_transcript, scheme, GUID_LENGTH);
+    /* ErrorCode */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, 0);
+    /* Alerts vector */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, payload_start);
+    k5_buf_add_uint16_le(&ctx->negoex_transcript, 1);
+    /* Six bytes of padding to reach a multiple of 8 bytes. */
+    k5_buf_add_len(&ctx->negoex_transcript, "\0\0\0\0\0\0", 6);
+    /* Payload part 1: a single ALERT element */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_TYPE_PULSE);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript,
+                         payload_start + ALERT_LENGTH);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_PULSE_LENGTH);
+    /* Payload part 2: ALERT_PULSE */
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_PULSE_LENGTH);
+    k5_buf_add_uint32_le(&ctx->negoex_transcript, ALERT_VERIFY_NO_KEY);
+
+    trace_outgoing_message(ctx, ALERT, scheme);
+}
+
+static void
+release_auth_mech(struct negoex_auth_mech *mech)
+{
+    OM_uint32 tmpmin;
+
+    if (mech == NULL)
+        return;
+
+    gss_delete_sec_context(&tmpmin, &mech->mech_context, NULL);
+    generic_gss_release_oid(&tmpmin, &mech->oid);
+    gss_release_buffer(&tmpmin, &mech->metadata);
+    krb5_free_keyblock_contents(NULL, &mech->key);
+    krb5_free_keyblock_contents(NULL, &mech->verify_key);
+
+    free(mech);
+}
+
+void
+negoex_delete_auth_mech(spnego_gss_ctx_id_t ctx,
+                        struct negoex_auth_mech *mech)
+{
+    K5_TAILQ_REMOVE(&ctx->negoex_mechs, mech, links);
+    release_auth_mech(mech);
+}
+
+/* Remove all auth mech entries except for mech from ctx->mechs. */
+void
+negoex_select_auth_mech(spnego_gss_ctx_id_t ctx,
+                        struct negoex_auth_mech *mech)
+{
+    assert(mech != NULL);
+    K5_TAILQ_REMOVE(&ctx->negoex_mechs, mech, links);
+    release_all_mechs(ctx);
+    K5_TAILQ_INSERT_HEAD(&ctx->negoex_mechs, mech, links);
+}
+
+OM_uint32
+negoex_add_auth_mech(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
+                     gss_const_OID oid, auth_scheme scheme)
+{
+    OM_uint32 major;
+    struct negoex_auth_mech *mech;
+
+    mech = calloc(1, sizeof(*mech));
+    if (mech == NULL) {
+        *minor = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+
+    major = generic_gss_copy_oid(minor, (gss_OID)oid, &mech->oid);
+    if (major != GSS_S_COMPLETE) {
+        free(mech);
+        return major;
+    }
+
+    memcpy(mech->scheme, scheme, GUID_LENGTH);
+
+    K5_TAILQ_INSERT_TAIL(&ctx->negoex_mechs, mech, links);
+
+    *minor = 0;
+    return GSS_S_COMPLETE;
+}
+
+struct negoex_auth_mech *
+negoex_locate_auth_scheme(spnego_gss_ctx_id_t ctx, const auth_scheme scheme)
+{
+    struct negoex_auth_mech *mech;
+
+    K5_TAILQ_FOREACH(mech, &ctx->negoex_mechs, links) {
+        if (GUID_EQ(mech->scheme, scheme))
+            return mech;
+    }
+
+    return NULL;
+}
+
+/* Prune ctx->mechs to the schemes present in schemes, and reorder them to
+ * match its order. */
+void
+negoex_common_auth_schemes(spnego_gss_ctx_id_t ctx,
+                           const uint8_t *schemes, uint16_t nschemes)
+{
+    struct negoex_mech_list list;
+    struct negoex_auth_mech *mech;
+    uint16_t i;
+
+    /* Construct a new list in the order of schemes. */
+    K5_TAILQ_INIT(&list);
+    for (i = 0; i < nschemes; i++) {
+        mech = negoex_locate_auth_scheme(ctx, schemes + i * GUID_LENGTH);
+        if (mech == NULL)
+            continue;
+        K5_TAILQ_REMOVE(&ctx->negoex_mechs, mech, links);
+        K5_TAILQ_INSERT_TAIL(&list, mech, links);
+    }
+
+    /* Release any leftover entries and replace the context list. */
+    release_all_mechs(ctx);
+    K5_TAILQ_CONCAT(&ctx->negoex_mechs, &list, links);
+}
+
+/* Prune ctx->mechs to the schemes present in schemes, but do not change
+ * their order. */
+void
+negoex_restrict_auth_schemes(spnego_gss_ctx_id_t ctx,
+                             const uint8_t *schemes, uint16_t nschemes)
+{
+    struct negoex_auth_mech *mech, *next;
+    uint16_t i;
+    int found;
+
+    K5_TAILQ_FOREACH_SAFE(mech, &ctx->negoex_mechs, links, next) {
+        found = FALSE;
+        for (i = 0; i < nschemes && !found; i++) {
+            if (GUID_EQ(mech->scheme, schemes + i * GUID_LENGTH))
+                found = TRUE;
+        }
+
+        if (!found)
+            negoex_delete_auth_mech(ctx, mech);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c b/krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c
new file mode 100644
index 00000000..5923c880
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c
@@ -0,0 +1,3824 @@
+/*
+ * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ *
+ * A module that implements the spnego security mechanism.
+ * It is used to negotiate the security mechanism between
+ * peers using the GSS-API.  SPNEGO is specified in RFC 4178.
+ *
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/* #pragma ident	"@(#)spnego_mech.c	1.7	04/09/28 SMI" */
+
+#include	<k5-int.h>
+#include	<k5-der.h>
+#include	<krb5.h>
+#include	<mglueP.h>
+#include	"gssapiP_spnego.h"
+#include	<gssapi_err_generic.h>
+
+
+#define HARD_ERROR(v) ((v) != GSS_S_COMPLETE && (v) != GSS_S_CONTINUE_NEEDED)
+typedef const gss_OID_desc *gss_OID_const;
+
+/* private routines for spnego_mechanism */
+static spnego_token_t make_spnego_token(const char *);
+static gss_buffer_desc make_err_msg(const char *);
+static int verify_token_header(struct k5input *, gss_OID_const);
+static gss_OID get_mech_oid(OM_uint32 *minor_status, struct k5input *);
+static gss_buffer_t get_octet_string(struct k5input *);
+static gss_OID_set get_mech_set(OM_uint32 *, struct k5input *);
+static OM_uint32 get_req_flags(struct k5input *, OM_uint32 *);
+static OM_uint32 get_available_mechs(OM_uint32 *, gss_name_t, gss_cred_usage_t,
+				     gss_const_key_value_set_t,
+				     gss_cred_id_t *, gss_OID_set *,
+				     OM_uint32 *);
+static OM_uint32 get_negotiable_mechs(OM_uint32 *, spnego_gss_ctx_id_t,
+				      spnego_gss_cred_id_t, gss_cred_usage_t);
+static void release_spnego_ctx(spnego_gss_ctx_id_t *);
+static spnego_gss_ctx_id_t create_spnego_ctx(int);
+static int put_mech_set(gss_OID_set mechSet, gss_buffer_t buf);
+
+static OM_uint32
+process_mic(OM_uint32 *, gss_buffer_t, spnego_gss_ctx_id_t,
+	    gss_buffer_t *, OM_uint32 *, send_token_flag *);
+static OM_uint32
+handle_mic(OM_uint32 *, gss_buffer_t, int, spnego_gss_ctx_id_t,
+	   gss_buffer_t *, OM_uint32 *, send_token_flag *);
+
+static OM_uint32
+init_ctx_new(OM_uint32 *, spnego_gss_cred_id_t, send_token_flag *,
+	     spnego_gss_ctx_id_t *);
+static OM_uint32
+init_ctx_nego(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32, gss_OID,
+	      gss_buffer_t *, gss_buffer_t *, send_token_flag *);
+static OM_uint32
+init_ctx_cont(OM_uint32 *, spnego_gss_ctx_id_t, gss_buffer_t,
+	      gss_buffer_t *, gss_buffer_t *,
+	      OM_uint32 *, send_token_flag *);
+static OM_uint32
+init_ctx_reselect(OM_uint32 *, spnego_gss_ctx_id_t, OM_uint32,
+		  gss_OID, gss_buffer_t *, gss_buffer_t *, send_token_flag *);
+static OM_uint32
+init_ctx_call_init(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t,
+		   OM_uint32, gss_name_t, OM_uint32, OM_uint32, gss_buffer_t,
+		   gss_channel_bindings_t,
+		   gss_buffer_t, OM_uint32 *, send_token_flag *);
+
+static OM_uint32
+acc_ctx_new(OM_uint32 *, gss_buffer_t, spnego_gss_cred_id_t, gss_buffer_t *,
+	    gss_buffer_t *, OM_uint32 *, send_token_flag *,
+	    spnego_gss_ctx_id_t *);
+static OM_uint32
+acc_ctx_cont(OM_uint32 *, gss_buffer_t, spnego_gss_ctx_id_t, gss_buffer_t *,
+	     gss_buffer_t *, OM_uint32 *, send_token_flag *);
+static OM_uint32
+acc_ctx_vfy_oid(OM_uint32 *, spnego_gss_ctx_id_t, gss_OID,
+		OM_uint32 *, send_token_flag *);
+static OM_uint32
+acc_ctx_call_acc(OM_uint32 *, spnego_gss_ctx_id_t, spnego_gss_cred_id_t,
+		 gss_buffer_t, gss_channel_bindings_t, gss_buffer_t,
+		 OM_uint32 *, OM_uint32 *, send_token_flag *);
+
+static gss_OID
+negotiate_mech(spnego_gss_ctx_id_t, gss_OID_set, OM_uint32 *);
+
+static int
+make_spnego_tokenInit_msg(spnego_gss_ctx_id_t,
+			int,
+			gss_buffer_t,
+			OM_uint32, gss_buffer_t, send_token_flag,
+			gss_buffer_t);
+static OM_uint32
+make_spnego_tokenTarg_msg(uint8_t, gss_OID, gss_buffer_t,
+			gss_buffer_t, send_token_flag,
+			gss_buffer_t);
+
+static OM_uint32
+get_negTokenInit(OM_uint32 *, gss_buffer_t, gss_buffer_t,
+		 gss_OID_set *, OM_uint32 *, gss_buffer_t *,
+		 gss_buffer_t *);
+static OM_uint32
+get_negTokenResp(OM_uint32 *, struct k5input *, OM_uint32 *, gss_OID *,
+		 gss_buffer_t *, gss_buffer_t *);
+
+static int
+is_kerb_mech(gss_OID oid);
+
+/* SPNEGO oid structure */
+static const gss_OID_desc spnego_oids[] = {
+	{SPNEGO_OID_LENGTH, SPNEGO_OID},
+};
+
+const gss_OID_desc * const gss_mech_spnego = spnego_oids+0;
+static const gss_OID_set_desc spnego_oidsets[] = {
+	{1, (gss_OID) spnego_oids+0},
+};
+const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0;
+
+static gss_OID_desc negoex_mech = { NEGOEX_OID_LENGTH, NEGOEX_OID };
+
+static int make_NegHints(OM_uint32 *, gss_buffer_t *);
+static OM_uint32
+acc_ctx_hints(OM_uint32 *, spnego_gss_cred_id_t, gss_buffer_t *, OM_uint32 *,
+	      send_token_flag *, spnego_gss_ctx_id_t *);
+
+/*
+ * The Mech OID for SPNEGO:
+ * { iso(1) org(3) dod(6) internet(1) security(5)
+ *  mechanism(5) spnego(2) }
+ */
+static struct gss_config spnego_mechanism =
+{
+	{SPNEGO_OID_LENGTH, SPNEGO_OID},
+	NULL,
+	spnego_gss_acquire_cred,
+	spnego_gss_release_cred,
+	spnego_gss_init_sec_context,
+#ifndef LEAN_CLIENT
+	spnego_gss_accept_sec_context,
+#else
+	NULL,
+#endif  /* LEAN_CLIENT */
+	NULL,				/* gss_process_context_token */
+	spnego_gss_delete_sec_context,	/* gss_delete_sec_context */
+	spnego_gss_context_time,	/* gss_context_time */
+	spnego_gss_get_mic,		/* gss_get_mic */
+	spnego_gss_verify_mic,		/* gss_verify_mic */
+	spnego_gss_wrap,		/* gss_wrap */
+	spnego_gss_unwrap,		/* gss_unwrap */
+	spnego_gss_display_status,
+	NULL,				/* gss_indicate_mechs */
+	spnego_gss_compare_name,
+	spnego_gss_display_name,
+	spnego_gss_import_name,
+	spnego_gss_release_name,
+	spnego_gss_inquire_cred,	/* gss_inquire_cred */
+	NULL,				/* gss_add_cred */
+#ifndef LEAN_CLIENT
+	spnego_gss_export_sec_context,		/* gss_export_sec_context */
+	spnego_gss_import_sec_context,		/* gss_import_sec_context */
+#else
+	NULL,				/* gss_export_sec_context */
+	NULL,				/* gss_import_sec_context */
+#endif /* LEAN_CLIENT */
+	NULL, 				/* gss_inquire_cred_by_mech */
+	spnego_gss_inquire_names_for_mech,
+	spnego_gss_inquire_context,	/* gss_inquire_context */
+	NULL,				/* gss_internal_release_oid */
+	spnego_gss_wrap_size_limit,	/* gss_wrap_size_limit */
+	spnego_gss_localname,
+	NULL,				/* gss_userok */
+	NULL,				/* gss_export_name */
+	spnego_gss_duplicate_name,	/* gss_duplicate_name */
+	NULL,				/* gss_store_cred */
+ 	spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
+ 	spnego_gss_inquire_cred_by_oid,	/* gss_inquire_cred_by_oid */
+ 	spnego_gss_set_sec_context_option, /* gss_set_sec_context_option */
+	spnego_gss_set_cred_option,	/* gssspi_set_cred_option */
+ 	NULL,				/* gssspi_mech_invoke */
+	spnego_gss_wrap_aead,
+	spnego_gss_unwrap_aead,
+	spnego_gss_wrap_iov,
+	spnego_gss_unwrap_iov,
+	spnego_gss_wrap_iov_length,
+	spnego_gss_complete_auth_token,
+	spnego_gss_acquire_cred_impersonate_name,
+	NULL,				/* gss_add_cred_impersonate_name */
+	spnego_gss_display_name_ext,
+	spnego_gss_inquire_name,
+	spnego_gss_get_name_attribute,
+	spnego_gss_set_name_attribute,
+	spnego_gss_delete_name_attribute,
+	spnego_gss_export_name_composite,
+	spnego_gss_map_name_to_any,
+	spnego_gss_release_any_name_mapping,
+	spnego_gss_pseudo_random,
+	spnego_gss_set_neg_mechs,
+	spnego_gss_inquire_saslname_for_mech,
+	spnego_gss_inquire_mech_for_saslname,
+	spnego_gss_inquire_attrs_for_mech,
+	spnego_gss_acquire_cred_from,
+	NULL,				/* gss_store_cred_into */
+	spnego_gss_acquire_cred_with_password,
+	spnego_gss_export_cred,
+	spnego_gss_import_cred,
+	NULL,				/* gssspi_import_sec_context_by_mech */
+	NULL,				/* gssspi_import_name_by_mech */
+	NULL,				/* gssspi_import_cred_by_mech */
+	spnego_gss_get_mic_iov,
+	spnego_gss_verify_mic_iov,
+	spnego_gss_get_mic_iov_length
+};
+
+#ifdef _GSS_STATIC_LINK
+#include "mglueP.h"
+
+static int gss_spnegomechglue_init(void)
+{
+	struct gss_mech_config mech_spnego;
+
+	memset(&mech_spnego, 0, sizeof(mech_spnego));
+	mech_spnego.mech = &spnego_mechanism;
+	mech_spnego.mechNameStr = "spnego";
+	mech_spnego.mech_type = GSS_C_NO_OID;
+
+	return gssint_register_mechinfo(&mech_spnego);
+}
+#else
+gss_mechanism KRB5_CALLCONV
+gss_mech_initialize(void)
+{
+	return (&spnego_mechanism);
+}
+
+MAKE_INIT_FUNCTION(gss_krb5int_lib_init);
+MAKE_FINI_FUNCTION(gss_krb5int_lib_fini);
+int gss_krb5int_lib_init(void);
+#endif /* _GSS_STATIC_LINK */
+
+int gss_spnegoint_lib_init(void)
+{
+	int err;
+
+	err = k5_key_register(K5_KEY_GSS_SPNEGO_STATUS, NULL);
+	if (err)
+		return err;
+
+#ifdef _GSS_STATIC_LINK
+	return gss_spnegomechglue_init();
+#else
+	return 0;
+#endif
+}
+
+void gss_spnegoint_lib_fini(void)
+{
+	k5_key_delete(K5_KEY_GSS_SPNEGO_STATUS);
+}
+
+static OM_uint32
+create_spnego_cred(OM_uint32 *minor_status, gss_cred_id_t mcred,
+		   spnego_gss_cred_id_t *cred_out)
+{
+	spnego_gss_cred_id_t spcred;
+
+	*cred_out = NULL;
+	spcred = calloc(1, sizeof(*spcred));
+	if (spcred == NULL) {
+		*minor_status = ENOMEM;
+		return GSS_S_FAILURE;
+	}
+	spcred->mcred = mcred;
+	*cred_out = spcred;
+	return GSS_S_COMPLETE;
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred(OM_uint32 *minor_status,
+			gss_name_t desired_name,
+			OM_uint32 time_req,
+			gss_OID_set desired_mechs,
+			gss_cred_usage_t cred_usage,
+			gss_cred_id_t *output_cred_handle,
+			gss_OID_set *actual_mechs,
+			OM_uint32 *time_rec)
+{
+    return spnego_gss_acquire_cred_from(minor_status, desired_name, time_req,
+					desired_mechs, cred_usage, NULL,
+					output_cred_handle, actual_mechs,
+					time_rec);
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred_from(OM_uint32 *minor_status,
+			     const gss_name_t desired_name,
+			     OM_uint32 time_req,
+			     const gss_OID_set desired_mechs,
+			     gss_cred_usage_t cred_usage,
+			     gss_const_key_value_set_t cred_store,
+			     gss_cred_id_t *output_cred_handle,
+			     gss_OID_set *actual_mechs,
+			     OM_uint32 *time_rec)
+{
+	OM_uint32 status, tmpmin;
+	gss_OID_set amechs;
+	gss_cred_id_t mcred = NULL;
+	spnego_gss_cred_id_t spcred = NULL;
+	dsyslog("Entering spnego_gss_acquire_cred\n");
+
+	if (actual_mechs)
+		*actual_mechs = NULL;
+
+	if (time_rec)
+		*time_rec = 0;
+
+	/* We will obtain a mechglue credential and wrap it in a
+	 * spnego_gss_cred_id_rec structure.  Allocate the wrapper. */
+	status = create_spnego_cred(minor_status, mcred, &spcred);
+	if (status != GSS_S_COMPLETE)
+		return (status);
+
+	/*
+	 * Always use get_available_mechs to collect a list of
+	 * mechs for which creds are available.
+	 */
+	status = get_available_mechs(minor_status, desired_name,
+				     cred_usage, cred_store, &mcred,
+				     &amechs, time_rec);
+
+	if (actual_mechs && amechs != GSS_C_NULL_OID_SET) {
+		(void) gssint_copy_oid_set(&tmpmin, amechs, actual_mechs);
+	}
+	(void) gss_release_oid_set(&tmpmin, &amechs);
+
+	if (status == GSS_S_COMPLETE) {
+		spcred->mcred = mcred;
+		*output_cred_handle = (gss_cred_id_t)spcred;
+	} else {
+		free(spcred);
+		*output_cred_handle = GSS_C_NO_CREDENTIAL;
+	}
+
+	dsyslog("Leaving spnego_gss_acquire_cred\n");
+	return (status);
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_release_cred(OM_uint32 *minor_status,
+			gss_cred_id_t *cred_handle)
+{
+	spnego_gss_cred_id_t spcred = NULL;
+
+	dsyslog("Entering spnego_gss_release_cred\n");
+
+	if (minor_status == NULL || cred_handle == NULL)
+		return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+	*minor_status = 0;
+
+	if (*cred_handle == GSS_C_NO_CREDENTIAL)
+		return (GSS_S_COMPLETE);
+
+	spcred = (spnego_gss_cred_id_t)*cred_handle;
+	*cred_handle = GSS_C_NO_CREDENTIAL;
+	gss_release_oid_set(minor_status, &spcred->neg_mechs);
+	gss_release_cred(minor_status, &spcred->mcred);
+	free(spcred);
+
+	dsyslog("Leaving spnego_gss_release_cred\n");
+	return (GSS_S_COMPLETE);
+}
+
+static spnego_gss_ctx_id_t
+create_spnego_ctx(int initiate)
+{
+	spnego_gss_ctx_id_t spnego_ctx = NULL;
+
+	spnego_ctx = malloc(sizeof(*spnego_ctx));
+	if (spnego_ctx == NULL) {
+		return (NULL);
+	}
+
+	spnego_ctx->magic_num = SPNEGO_MAGIC_ID;
+	spnego_ctx->ctx_handle = GSS_C_NO_CONTEXT;
+	spnego_ctx->mech_set = NULL;
+	spnego_ctx->internal_mech = NULL;
+	spnego_ctx->DER_mechTypes.length = 0;
+	spnego_ctx->DER_mechTypes.value = NULL;
+	spnego_ctx->mic_reqd = 0;
+	spnego_ctx->mic_sent = 0;
+	spnego_ctx->mic_rcvd = 0;
+	spnego_ctx->mech_complete = 0;
+	spnego_ctx->nego_done = 0;
+	spnego_ctx->opened = 0;
+	spnego_ctx->initiate = initiate;
+	spnego_ctx->internal_name = GSS_C_NO_NAME;
+	spnego_ctx->actual_mech = GSS_C_NO_OID;
+	spnego_ctx->deleg_cred = GSS_C_NO_CREDENTIAL;
+	spnego_ctx->negoex_step = 0;
+	memset(&spnego_ctx->negoex_transcript, 0, sizeof(struct k5buf));
+	spnego_ctx->negoex_seqnum = 0;
+	K5_TAILQ_INIT(&spnego_ctx->negoex_mechs);
+	spnego_ctx->kctx = NULL;
+	memset(spnego_ctx->negoex_conv_id, 0, GUID_LENGTH);
+
+	return (spnego_ctx);
+}
+
+/* iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) samba(7165)
+ * gssntlmssp(655) controls(1) spnego_req_mechlistMIC(2) */
+static const gss_OID_desc spnego_req_mechlistMIC_oid =
+	{ 11, "\x2B\x06\x01\x04\x01\xB7\x7D\x85\x0F\x01\x02" };
+
+/*
+ * Return nonzero if the mechanism has reason to believe that a mechlistMIC
+ * exchange will be required.  Microsoft servers erroneously require SPNEGO
+ * mechlistMIC if they see an internal MIC within an NTLMSSP Authenticate
+ * message, even if NTLMSSP was the preferred mechanism.
+ */
+static int
+mech_requires_mechlistMIC(spnego_gss_ctx_id_t sc)
+{
+	OM_uint32 major, minor;
+	gss_ctx_id_t ctx = sc->ctx_handle;
+	gss_OID oid = (gss_OID)&spnego_req_mechlistMIC_oid;
+	gss_buffer_set_t bufs;
+	int result;
+
+	major = gss_inquire_sec_context_by_oid(&minor, ctx, oid, &bufs);
+	if (major != GSS_S_COMPLETE)
+		return 0;
+
+	/* Report true if the mech returns a single buffer containing a single
+	 * byte with value 1. */
+	result = (bufs != NULL && bufs->count == 1 &&
+		  bufs->elements[0].length == 1 &&
+		  memcmp(bufs->elements[0].value, "\1", 1) == 0);
+	(void) gss_release_buffer_set(&minor, &bufs);
+	return result;
+}
+
+/* iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) Microsoft(311)
+ * security(2) mechanisms(2) NTLM(10) */
+static const gss_OID_desc gss_mech_ntlmssp_oid =
+	{ 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
+
+/* iso(1) org(3) dod(6) internet(1) private(4) enterprises(1) samba(7165)
+ * gssntlmssp(655) controls(1) ntlmssp_reset_crypto(3) */
+static const gss_OID_desc ntlmssp_reset_crypto_oid =
+	{ 11, "\x2B\x06\x01\x04\x01\xB7\x7D\x85\x0F\x01\x03" };
+
+/*
+ * MS-SPNG section 3.3.5.1 warns that the NTLM mechanism requires special
+ * handling of the crypto state to interop with Windows.  If the mechanism for
+ * sc is SPNEGO, invoke a mechanism-specific operation on the context to reset
+ * the RC4 state after producing or verifying a MIC.  Ignore a result of
+ * GSS_S_UNAVAILABLE for compatibility with older versions of the mechanism
+ * that do not support this functionality.
+ */
+static OM_uint32
+ntlmssp_reset_crypto_state(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+			   OM_uint32 verify)
+{
+	OM_uint32 major, minor;
+	gss_buffer_desc value;
+
+	if (!g_OID_equal(sc->internal_mech, &gss_mech_ntlmssp_oid))
+		return GSS_S_COMPLETE;
+
+	value.length = sizeof(verify);
+	value.value = &verify;
+	major = gss_set_sec_context_option(&minor, &sc->ctx_handle,
+					   (gss_OID)&ntlmssp_reset_crypto_oid,
+					   &value);
+	if (major == GSS_S_UNAVAILABLE)
+		return GSS_S_COMPLETE;
+	*minor_status = minor;
+	return major;
+}
+
+/*
+ * Both initiator and acceptor call here to verify and/or create mechListMIC,
+ * and to consistency-check the MIC state.  handle_mic is invoked only if the
+ * negotiated mech has completed and supports MICs.
+ */
+static OM_uint32
+handle_mic(OM_uint32 *minor_status, gss_buffer_t mic_in,
+	   int send_mechtok, spnego_gss_ctx_id_t sc,
+	   gss_buffer_t *mic_out,
+	   OM_uint32 *negState, send_token_flag *tokflag)
+{
+	OM_uint32 ret;
+
+	ret = GSS_S_FAILURE;
+	*mic_out = GSS_C_NO_BUFFER;
+	if (mic_in != GSS_C_NO_BUFFER) {
+		if (sc->mic_rcvd) {
+			/* Reject MIC if we've already received a MIC. */
+			*negState = REJECT;
+			*tokflag = ERROR_TOKEN_SEND;
+			return GSS_S_DEFECTIVE_TOKEN;
+		}
+	} else if (sc->mic_reqd && !send_mechtok) {
+		/*
+		 * If the peer sends the final mechanism token, it
+		 * must send the MIC with that token if the
+		 * negotiation requires MICs.
+		 */
+		*negState = REJECT;
+		*tokflag = ERROR_TOKEN_SEND;
+		return GSS_S_DEFECTIVE_TOKEN;
+	}
+	ret = process_mic(minor_status, mic_in, sc, mic_out,
+			  negState, tokflag);
+	if (ret != GSS_S_COMPLETE) {
+		return ret;
+	}
+	if (sc->mic_reqd) {
+		assert(sc->mic_sent || sc->mic_rcvd);
+	}
+	if (sc->mic_sent && sc->mic_rcvd) {
+		ret = GSS_S_COMPLETE;
+		*negState = ACCEPT_COMPLETE;
+		if (*mic_out == GSS_C_NO_BUFFER) {
+			/*
+			 * We sent a MIC on the previous pass; we
+			 * shouldn't be sending a mechanism token.
+			 */
+			assert(!send_mechtok);
+			*tokflag = NO_TOKEN_SEND;
+		} else {
+			*tokflag = CONT_TOKEN_SEND;
+		}
+	} else if (sc->mic_reqd) {
+		*negState = ACCEPT_INCOMPLETE;
+		ret = GSS_S_CONTINUE_NEEDED;
+	} else if (*negState == ACCEPT_COMPLETE) {
+		ret = GSS_S_COMPLETE;
+	} else {
+		ret = GSS_S_CONTINUE_NEEDED;
+	}
+	return ret;
+}
+
+/*
+ * Perform the actual verification and/or generation of mechListMIC.
+ */
+static OM_uint32
+process_mic(OM_uint32 *minor_status, gss_buffer_t mic_in,
+	    spnego_gss_ctx_id_t sc, gss_buffer_t *mic_out,
+	    OM_uint32 *negState, send_token_flag *tokflag)
+{
+	OM_uint32 ret, tmpmin;
+	gss_qop_t qop_state;
+	gss_buffer_desc tmpmic = GSS_C_EMPTY_BUFFER;
+
+	ret = GSS_S_FAILURE;
+	if (mic_in != GSS_C_NO_BUFFER) {
+		ret = gss_verify_mic(minor_status, sc->ctx_handle,
+				     &sc->DER_mechTypes,
+				     mic_in, &qop_state);
+		if (ret == GSS_S_COMPLETE)
+			ret = ntlmssp_reset_crypto_state(minor_status, sc, 1);
+		if (ret != GSS_S_COMPLETE) {
+			*negState = REJECT;
+			*tokflag = ERROR_TOKEN_SEND;
+			return ret;
+		}
+		/* If we got a MIC, we must send a MIC. */
+		sc->mic_reqd = 1;
+		sc->mic_rcvd = 1;
+	}
+	if (sc->mic_reqd && !sc->mic_sent) {
+		ret = gss_get_mic(minor_status, sc->ctx_handle,
+				  GSS_C_QOP_DEFAULT,
+				  &sc->DER_mechTypes,
+				  &tmpmic);
+		if (ret == GSS_S_COMPLETE)
+			ret = ntlmssp_reset_crypto_state(minor_status, sc, 0);
+		if (ret != GSS_S_COMPLETE) {
+			gss_release_buffer(&tmpmin, &tmpmic);
+			*tokflag = NO_TOKEN_SEND;
+			return ret;
+		}
+		*mic_out = malloc(sizeof(gss_buffer_desc));
+		if (*mic_out == GSS_C_NO_BUFFER) {
+			gss_release_buffer(&tmpmin, &tmpmic);
+			*tokflag = NO_TOKEN_SEND;
+			return GSS_S_FAILURE;
+		}
+		**mic_out = tmpmic;
+		sc->mic_sent = 1;
+	}
+	return GSS_S_COMPLETE;
+}
+
+/* Create a new SPNEGO context handle for the initial call to
+ * spnego_gss_init_sec_context().  */
+static OM_uint32
+init_ctx_new(OM_uint32 *minor_status,
+	     spnego_gss_cred_id_t spcred,
+	     send_token_flag *tokflag,
+	     spnego_gss_ctx_id_t *sc_out)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = NULL;
+
+	*sc_out = NULL;
+
+	sc = create_spnego_ctx(1);
+	if (sc == NULL)
+		return GSS_S_FAILURE;
+
+	/* determine negotiation mech set */
+	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_INITIATE);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+
+	/* Set an initial internal mech to make the first context token. */
+	sc->internal_mech = &sc->mech_set->elements[0];
+
+	if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0) {
+		ret = GSS_S_FAILURE;
+		goto cleanup;
+	}
+
+	sc->ctx_handle = GSS_C_NO_CONTEXT;
+	*sc_out = sc;
+	sc = NULL;
+	*tokflag = INIT_TOKEN_SEND;
+	ret = GSS_S_COMPLETE;
+
+cleanup:
+	release_spnego_ctx(&sc);
+	return ret;
+}
+
+/*
+ * Called by second and later calls to spnego_gss_init_sec_context()
+ * to decode reply and update state.
+ */
+static OM_uint32
+init_ctx_cont(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+	      gss_buffer_t buf, gss_buffer_t *responseToken,
+	      gss_buffer_t *mechListMIC, OM_uint32 *acc_negState,
+	      send_token_flag *tokflag)
+{
+	OM_uint32 ret, tmpmin;
+	gss_OID supportedMech = GSS_C_NO_OID;
+	struct k5input in;
+
+	*acc_negState = UNSPECIFIED;
+	*tokflag = ERROR_TOKEN_SEND;
+
+	k5_input_init(&in, buf->value, buf->length);
+	ret = get_negTokenResp(minor_status, &in, acc_negState, &supportedMech,
+			       responseToken, mechListMIC);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+
+	/* Bail out now on a reject with no error token.  If we have an error
+	 * token, keep going and get a better error status from the mech. */
+	if (*acc_negState == REJECT && *responseToken == GSS_C_NO_BUFFER) {
+		if (!sc->nego_done) {
+			/* RFC 4178 says to return GSS_S_BAD_MECH on a
+			 * mechanism negotiation failure. */
+			*minor_status = ERR_SPNEGO_NEGOTIATION_FAILED;
+			map_errcode(minor_status);
+			ret = GSS_S_BAD_MECH;
+		} else {
+			ret = GSS_S_FAILURE;
+		}
+		*tokflag = NO_TOKEN_SEND;
+		goto cleanup;
+	}
+	/*
+	 * nego_done is false for the first call to init_ctx_cont()
+	 */
+	if (!sc->nego_done) {
+		ret = init_ctx_nego(minor_status, sc, *acc_negState,
+				    supportedMech, responseToken, mechListMIC,
+				    tokflag);
+	} else if ((!sc->mech_complete && *responseToken == GSS_C_NO_BUFFER) ||
+		   (sc->mech_complete && *responseToken != GSS_C_NO_BUFFER)) {
+		/* Missing or spurious token from acceptor. */
+		ret = GSS_S_DEFECTIVE_TOKEN;
+	} else if (!sc->mech_complete ||
+		   (sc->mic_reqd &&
+		    (sc->ctx_flags & GSS_C_INTEG_FLAG))) {
+		/* Not obviously done; we may decide we're done later in
+		 * init_ctx_call_init or handle_mic. */
+		*tokflag = CONT_TOKEN_SEND;
+		ret = GSS_S_COMPLETE;
+	} else {
+		/* mech finished on last pass and no MIC required, so done. */
+		*tokflag = NO_TOKEN_SEND;
+		ret = GSS_S_COMPLETE;
+	}
+cleanup:
+	if (supportedMech != GSS_C_NO_OID)
+		generic_gss_release_oid(&tmpmin, &supportedMech);
+	return ret;
+}
+
+/*
+ * Consistency checking and mechanism negotiation handling for second
+ * call of spnego_gss_init_sec_context().  Call init_ctx_reselect() to
+ * update internal state if acceptor has counter-proposed.
+ */
+static OM_uint32
+init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+	      OM_uint32 acc_negState, gss_OID supportedMech,
+	      gss_buffer_t *responseToken, gss_buffer_t *mechListMIC,
+	      send_token_flag *tokflag)
+{
+	OM_uint32 ret;
+
+	*tokflag = ERROR_TOKEN_SEND;
+	ret = GSS_S_DEFECTIVE_TOKEN;
+
+	/*
+	 * According to RFC 4178, both supportedMech and negState must be
+	 * present in the first acceptor token.  However, some Java
+	 * implementations include only a responseToken in the first
+	 * NegTokenResp.  In this case we can use sc->internal_mech as the
+	 * negotiated mechanism.  (We do not currently look at acc_negState
+	 * when continuing with the optimistic mechanism.)
+	 */
+	if (supportedMech == GSS_C_NO_OID)
+		supportedMech = sc->internal_mech;
+
+	/*
+	 * If the mechanism we sent is not the mechanism returned from
+	 * the server, we need to handle the server's counter
+	 * proposal.  There is a bug in SAMBA servers that always send
+	 * the old Kerberos mech OID, even though we sent the new one.
+	 * So we will treat all the Kerberos mech OIDS as the same.
+         */
+	if (!(is_kerb_mech(supportedMech) &&
+	      is_kerb_mech(sc->internal_mech)) &&
+	    !g_OID_equal(supportedMech, sc->internal_mech)) {
+		ret = init_ctx_reselect(minor_status, sc,
+					acc_negState, supportedMech,
+					responseToken, mechListMIC, tokflag);
+
+	} else if (*responseToken == GSS_C_NO_BUFFER) {
+		if (sc->mech_complete) {
+			/*
+			 * Mech completed on first call to its
+			 * init_sec_context().  Acceptor sends no mech
+			 * token.
+			 */
+			*tokflag = NO_TOKEN_SEND;
+			ret = GSS_S_COMPLETE;
+		} else {
+			/*
+			 * Reject missing mech token when optimistic
+			 * mech selected.
+			 */
+			*minor_status = ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR;
+			map_errcode(minor_status);
+			ret = GSS_S_DEFECTIVE_TOKEN;
+		}
+	} else if ((*responseToken)->length == 0 && sc->mech_complete) {
+		/* Handle old IIS servers returning empty token instead of
+		 * null tokens in the non-mutual auth case. */
+		*tokflag = NO_TOKEN_SEND;
+		ret = GSS_S_COMPLETE;
+	} else if (sc->mech_complete) {
+		/* Reject spurious mech token. */
+		ret = GSS_S_DEFECTIVE_TOKEN;
+	} else {
+		*tokflag = CONT_TOKEN_SEND;
+		ret = GSS_S_COMPLETE;
+	}
+	sc->nego_done = 1;
+	return ret;
+}
+
+/*
+ * Handle acceptor's counter-proposal of an alternative mechanism.
+ */
+static OM_uint32
+init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+		  OM_uint32 acc_negState, gss_OID supportedMech,
+		  gss_buffer_t *responseToken, gss_buffer_t *mechListMIC,
+		  send_token_flag *tokflag)
+{
+	OM_uint32 tmpmin;
+	size_t i;
+
+	gss_delete_sec_context(&tmpmin, &sc->ctx_handle,
+			       GSS_C_NO_BUFFER);
+
+	/* Find supportedMech in sc->mech_set. */
+	for (i = 0; i < sc->mech_set->count; i++) {
+		if (g_OID_equal(supportedMech, &sc->mech_set->elements[i]))
+			break;
+	}
+	if (i == sc->mech_set->count)
+		return GSS_S_DEFECTIVE_TOKEN;
+	sc->internal_mech = &sc->mech_set->elements[i];
+
+	/*
+	 * A server conforming to RFC4178 MUST set REQUEST_MIC here, but
+	 * Windows Server 2003 and earlier implement (roughly) RFC2478 instead,
+	 * and send ACCEPT_INCOMPLETE.  Tolerate that only if we are falling
+	 * back to NTLMSSP.
+	 */
+	if (acc_negState == ACCEPT_INCOMPLETE) {
+		if (!g_OID_equal(supportedMech, &gss_mech_ntlmssp_oid))
+			return GSS_S_DEFECTIVE_TOKEN;
+	} else if (acc_negState != REQUEST_MIC) {
+		return GSS_S_DEFECTIVE_TOKEN;
+	}
+
+	sc->mech_complete = 0;
+	sc->mic_reqd = (acc_negState == REQUEST_MIC);
+	*tokflag = CONT_TOKEN_SEND;
+	return GSS_S_COMPLETE;
+}
+
+/*
+ * Wrap call to mechanism gss_init_sec_context() and update state
+ * accordingly.
+ */
+static OM_uint32
+init_ctx_call_init(OM_uint32 *minor_status,
+		   spnego_gss_ctx_id_t sc,
+		   spnego_gss_cred_id_t spcred,
+		   OM_uint32 acc_negState,
+		   gss_name_t target_name,
+		   OM_uint32 req_flags,
+		   OM_uint32 time_req,
+		   gss_buffer_t mechtok_in,
+		   gss_channel_bindings_t bindings,
+		   gss_buffer_t mechtok_out,
+		   OM_uint32 *time_rec,
+		   send_token_flag *send_token)
+{
+	OM_uint32 ret, tmpret, tmpmin, mech_req_flags;
+	gss_cred_id_t mcred;
+
+	mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
+
+	mech_req_flags = req_flags;
+	if (spcred == NULL || !spcred->no_ask_integ)
+		mech_req_flags |= GSS_C_INTEG_FLAG;
+
+	if (gss_oid_equal(sc->internal_mech, &negoex_mech)) {
+		ret = negoex_init(minor_status, sc, mcred, target_name,
+				  mech_req_flags, time_req, mechtok_in,
+				  bindings, mechtok_out, time_rec);
+	} else {
+		ret = gss_init_sec_context(minor_status, mcred,
+					   &sc->ctx_handle, target_name,
+					   sc->internal_mech, mech_req_flags,
+					   time_req, bindings, mechtok_in,
+					   &sc->actual_mech, mechtok_out,
+					   &sc->ctx_flags, time_rec);
+	}
+
+	/* Bail out if the acceptor gave us an error token but the mech didn't
+	 * see it as an error. */
+	if (acc_negState == REJECT && !GSS_ERROR(ret)) {
+		ret = GSS_S_DEFECTIVE_TOKEN;
+		goto fail;
+	}
+
+	if (ret == GSS_S_COMPLETE) {
+		sc->mech_complete = 1;
+		/*
+		 * Microsoft SPNEGO implementations expect an even number of
+		 * token exchanges.  So if we're sending a final token, ask for
+		 * a zero-length token back from the server.  Also ask for a
+		 * token back if this is the first token or if a MIC exchange
+		 * is required.
+		 */
+		if (*send_token == CONT_TOKEN_SEND &&
+		    mechtok_out->length == 0 &&
+		    (!sc->mic_reqd || !(sc->ctx_flags & GSS_C_INTEG_FLAG)))
+			*send_token = NO_TOKEN_SEND;
+
+		return GSS_S_COMPLETE;
+	}
+
+	if (ret == GSS_S_CONTINUE_NEEDED)
+		return GSS_S_COMPLETE;
+
+	if (*send_token != INIT_TOKEN_SEND) {
+		*send_token = ERROR_TOKEN_SEND;
+		return ret;
+	}
+
+	/*
+	 * Since this is the first token, we can fall back to later mechanisms
+	 * in the list.  Since the mechanism list is expected to be short, we
+	 * can do this with recursion.  If all mechanisms produce errors, the
+	 * caller should get the error from the first mech in the list.
+	 */
+	gssalloc_free(sc->mech_set->elements->elements);
+	memmove(sc->mech_set->elements, sc->mech_set->elements + 1,
+		--sc->mech_set->count * sizeof(*sc->mech_set->elements));
+	if (sc->mech_set->count == 0)
+		goto fail;
+	gss_release_buffer(&tmpmin, &sc->DER_mechTypes);
+	if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0)
+		goto fail;
+	gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER);
+	tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState,
+				    target_name, req_flags, time_req,
+				    mechtok_in, bindings, mechtok_out,
+				    time_rec, send_token);
+	if (HARD_ERROR(tmpret))
+		goto fail;
+	*minor_status = tmpmin;
+	return tmpret;
+
+fail:
+	/* Don't output token on error from first call. */
+	*send_token = NO_TOKEN_SEND;
+	return ret;
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_init_sec_context(
+			OM_uint32 *minor_status,
+			gss_cred_id_t claimant_cred_handle,
+			gss_ctx_id_t *context_handle,
+			gss_name_t target_name,
+			gss_OID mech_type,
+			OM_uint32 req_flags,
+			OM_uint32 time_req,
+			gss_channel_bindings_t bindings,
+			gss_buffer_t input_token,
+			gss_OID *actual_mech,
+			gss_buffer_t output_token,
+			OM_uint32 *ret_flags,
+			OM_uint32 *time_rec)
+{
+	send_token_flag send_token = NO_TOKEN_SEND;
+	OM_uint32 tmpmin, ret, negState = UNSPECIFIED, acc_negState;
+	gss_buffer_t mechtok_in, mechListMIC_in, mechListMIC_out;
+	gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER;
+	spnego_gss_cred_id_t spcred = NULL;
+	spnego_gss_ctx_id_t spnego_ctx = NULL;
+
+	dsyslog("Entering init_sec_context\n");
+
+	mechtok_in = mechListMIC_out = mechListMIC_in = GSS_C_NO_BUFFER;
+
+	/*
+	 * This function works in three steps:
+	 *
+	 *   1. Perform mechanism negotiation.
+	 *   2. Invoke the negotiated or optimistic mech's gss_init_sec_context
+	 *      function and examine the results.
+	 *   3. Process or generate MICs if necessary.
+	 *
+	 * The three steps share responsibility for determining when the
+	 * exchange is complete.  If the selected mech completed in a previous
+	 * call and no MIC exchange is expected, then step 1 will decide.  If
+	 * the selected mech completes in this call and no MIC exchange is
+	 * expected, then step 2 will decide.  If a MIC exchange is expected,
+	 * then step 3 will decide.  If an error occurs in any step, the
+	 * exchange will be aborted, possibly with an error token.
+	 *
+	 * negState determines the state of the negotiation, and is
+	 * communicated to the acceptor if a continuing token is sent.
+	 * send_token is used to indicate what type of token, if any, should be
+	 * generated.
+	 */
+
+	/* Validate arguments. */
+	if (minor_status != NULL)
+		*minor_status = 0;
+	if (output_token != GSS_C_NO_BUFFER) {
+		output_token->length = 0;
+		output_token->value = NULL;
+	}
+	if (minor_status == NULL ||
+	    output_token == GSS_C_NO_BUFFER ||
+	    context_handle == NULL)
+		return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+	if (actual_mech != NULL)
+		*actual_mech = GSS_C_NO_OID;
+	if (time_rec != NULL)
+		*time_rec = 0;
+
+	/* Step 1: perform mechanism negotiation. */
+	spcred = (spnego_gss_cred_id_t)claimant_cred_handle;
+	spnego_ctx = (spnego_gss_ctx_id_t)*context_handle;
+	if (spnego_ctx == NULL) {
+		ret = init_ctx_new(minor_status, spcred, &send_token,
+				   &spnego_ctx);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+		*context_handle = (gss_ctx_id_t)spnego_ctx;
+		acc_negState = UNSPECIFIED;
+	} else {
+		ret = init_ctx_cont(minor_status, spnego_ctx, input_token,
+				    &mechtok_in, &mechListMIC_in,
+				    &acc_negState, &send_token);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+	}
+
+	/* Step 2: invoke the selected or optimistic mechanism's
+	 * gss_init_sec_context function, if it didn't complete previously. */
+	if (!spnego_ctx->mech_complete) {
+		ret = init_ctx_call_init(minor_status, spnego_ctx, spcred,
+					 acc_negState, target_name, req_flags,
+					 time_req, mechtok_in, bindings,
+					 &mechtok_out, time_rec, &send_token);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+
+		/* Give the mechanism a chance to force a mechlistMIC. */
+		if (mech_requires_mechlistMIC(spnego_ctx))
+			spnego_ctx->mic_reqd = 1;
+	}
+
+	/* Step 3: process or generate the MIC, if the negotiated mech is
+	 * complete and supports MICs.  Also decide the outgoing negState. */
+	negState = ACCEPT_INCOMPLETE;
+	if (spnego_ctx->mech_complete &&
+	    (spnego_ctx->ctx_flags & GSS_C_INTEG_FLAG)) {
+
+		ret = handle_mic(minor_status,
+				 mechListMIC_in,
+				 (mechtok_out.length != 0),
+				 spnego_ctx, &mechListMIC_out,
+				 &negState, &send_token);
+		if (HARD_ERROR(ret))
+			goto cleanup;
+	}
+
+	if (ret_flags != NULL)
+		*ret_flags = spnego_ctx->ctx_flags & ~GSS_C_PROT_READY_FLAG;
+
+	ret = (send_token == NO_TOKEN_SEND || negState == ACCEPT_COMPLETE) ?
+		GSS_S_COMPLETE : GSS_S_CONTINUE_NEEDED;
+
+cleanup:
+	if (send_token == INIT_TOKEN_SEND) {
+		if (make_spnego_tokenInit_msg(spnego_ctx,
+					      0,
+					      mechListMIC_out,
+					      req_flags,
+					      &mechtok_out, send_token,
+					      output_token) < 0) {
+			ret = GSS_S_FAILURE;
+		}
+	} else if (send_token != NO_TOKEN_SEND) {
+		if (send_token == ERROR_TOKEN_SEND)
+			negState = REJECT;
+		if (make_spnego_tokenTarg_msg(negState, GSS_C_NO_OID,
+					      &mechtok_out, mechListMIC_out,
+					      send_token,
+					      output_token) < 0) {
+			ret = GSS_S_FAILURE;
+		}
+	}
+	gss_release_buffer(&tmpmin, &mechtok_out);
+	if (ret == GSS_S_COMPLETE) {
+		spnego_ctx->opened = 1;
+		if (actual_mech != NULL)
+			*actual_mech = spnego_ctx->actual_mech;
+		/* Get an updated lifetime if we didn't call into the mech. */
+		if (time_rec != NULL && *time_rec == 0) {
+			(void) gss_context_time(&tmpmin,
+						spnego_ctx->ctx_handle,
+						time_rec);
+		}
+	} else if (ret != GSS_S_CONTINUE_NEEDED) {
+		if (spnego_ctx != NULL) {
+			gss_delete_sec_context(&tmpmin,
+					       &spnego_ctx->ctx_handle,
+					       GSS_C_NO_BUFFER);
+			release_spnego_ctx(&spnego_ctx);
+		}
+		*context_handle = GSS_C_NO_CONTEXT;
+	}
+	if (mechtok_in != GSS_C_NO_BUFFER) {
+		gss_release_buffer(&tmpmin, mechtok_in);
+		free(mechtok_in);
+	}
+	if (mechListMIC_in != GSS_C_NO_BUFFER) {
+		gss_release_buffer(&tmpmin, mechListMIC_in);
+		free(mechListMIC_in);
+	}
+	if (mechListMIC_out != GSS_C_NO_BUFFER) {
+		gss_release_buffer(&tmpmin, mechListMIC_out);
+		free(mechListMIC_out);
+	}
+	return ret;
+} /* init_sec_context */
+
+/* We don't want to import KRB5 headers here */
+static const gss_OID_desc gss_mech_krb5_oid =
+	{ 9, "\052\206\110\206\367\022\001\002\002" };
+static const gss_OID_desc gss_mech_krb5_wrong_oid =
+	{ 9, "\052\206\110\202\367\022\001\002\002" };
+
+/*
+ * NegHints ::= SEQUENCE {
+ *    hintName       [0]  GeneralString      OPTIONAL,
+ *    hintAddress    [1]  OCTET STRING       OPTIONAL
+ * }
+ */
+
+#define HOST_PREFIX	"host@"
+#define HOST_PREFIX_LEN	(sizeof(HOST_PREFIX) - 1)
+
+/* Encode the dummy hintname string (as specified in [MS-SPNG]) into a
+ * DER-encoded [0] tagged GeneralString, and place the result in *outbuf. */
+static int
+make_NegHints(OM_uint32 *minor_status, gss_buffer_t *outbuf)
+{
+	OM_uint32 major_status;
+	size_t hint_len, tlen;
+	uint8_t *t;
+	const char *hintname = "not_defined_in_RFC4178@please_ignore";
+	const size_t hintname_len = strlen(hintname);
+	struct k5buf buf;
+
+	*outbuf = GSS_C_NO_BUFFER;
+	major_status = GSS_S_FAILURE;
+
+	hint_len = k5_der_value_len(hintname_len);
+	tlen = k5_der_value_len(hint_len);
+
+	t = gssalloc_malloc(tlen);
+	if (t == NULL) {
+		*minor_status = ENOMEM;
+		goto errout;
+	}
+	k5_buf_init_fixed(&buf, t, tlen);
+
+	k5_der_add_taglen(&buf, CONTEXT | 0x00, hint_len);
+	k5_der_add_value(&buf, GENERAL_STRING, hintname, hintname_len);
+	assert(buf.len == tlen);
+
+	*outbuf = (gss_buffer_t)malloc(sizeof(gss_buffer_desc));
+	if (*outbuf == NULL) {
+		*minor_status = ENOMEM;
+		goto errout;
+	}
+	(*outbuf)->value = (void *)t;
+	(*outbuf)->length = tlen;
+
+	t = NULL; /* don't free */
+
+	*minor_status = 0;
+	major_status = GSS_S_COMPLETE;
+
+errout:
+	if (t != NULL) {
+		free(t);
+	}
+
+	return (major_status);
+}
+
+/*
+ * Create a new SPNEGO context handle for the initial call to
+ * spnego_gss_accept_sec_context() when the request is empty.  For empty
+ * requests, we implement the Microsoft NegHints extension to SPNEGO for
+ * compatibility with some versions of Samba.  See:
+ * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-spng/8e71cf53-e867-4b79-b5b5-38c92be3d472
+ */
+static OM_uint32
+acc_ctx_hints(OM_uint32 *minor_status,
+	      spnego_gss_cred_id_t spcred,
+	      gss_buffer_t *mechListMIC,
+	      OM_uint32 *negState,
+	      send_token_flag *return_token,
+	      spnego_gss_ctx_id_t *sc_out)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = NULL;
+
+	*mechListMIC = GSS_C_NO_BUFFER;
+	*return_token = NO_TOKEN_SEND;
+	*negState = REJECT;
+	*minor_status = 0;
+	*sc_out = NULL;
+
+	ret = make_NegHints(minor_status, mechListMIC);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+
+	sc = create_spnego_ctx(0);
+	if (sc == NULL) {
+		ret = GSS_S_FAILURE;
+		goto cleanup;
+	}
+
+	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+
+	if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0) {
+		ret = GSS_S_FAILURE;
+		goto cleanup;
+	}
+	sc->internal_mech = GSS_C_NO_OID;
+
+	*negState = ACCEPT_INCOMPLETE;
+	*return_token = INIT_TOKEN_SEND;
+	sc->firstpass = 1;
+	*sc_out = sc;
+	sc = NULL;
+	ret = GSS_S_COMPLETE;
+
+cleanup:
+	release_spnego_ctx(&sc);
+
+	return ret;
+}
+
+/*
+ * Create a new SPNEGO context handle for the initial call to
+ * spnego_gss_accept_sec_context().  Set negState to REJECT if the token is
+ * defective, else ACCEPT_INCOMPLETE or REQUEST_MIC, depending on whether
+ * the initiator's preferred mechanism is supported.
+ */
+static OM_uint32
+acc_ctx_new(OM_uint32 *minor_status,
+	    gss_buffer_t buf,
+	    spnego_gss_cred_id_t spcred,
+	    gss_buffer_t *mechToken,
+	    gss_buffer_t *mechListMIC,
+	    OM_uint32 *negState,
+	    send_token_flag *return_token,
+	    spnego_gss_ctx_id_t *sc_out)
+{
+	OM_uint32 tmpmin, ret, req_flags;
+	gss_OID_set mechTypes;
+	gss_buffer_desc der_mechTypes;
+	gss_OID mech_wanted;
+	spnego_gss_ctx_id_t sc = NULL;
+
+	ret = GSS_S_DEFECTIVE_TOKEN;
+	der_mechTypes.length = 0;
+	der_mechTypes.value = NULL;
+	*mechToken = *mechListMIC = GSS_C_NO_BUFFER;
+	mechTypes = GSS_C_NO_OID_SET;
+	*return_token = ERROR_TOKEN_SEND;
+	*negState = REJECT;
+	*minor_status = 0;
+
+	ret = get_negTokenInit(minor_status, buf, &der_mechTypes,
+			       &mechTypes, &req_flags,
+			       mechToken, mechListMIC);
+	if (ret != GSS_S_COMPLETE) {
+		goto cleanup;
+	}
+
+	sc = create_spnego_ctx(0);
+	if (sc == NULL) {
+		ret = GSS_S_FAILURE;
+		*return_token = NO_TOKEN_SEND;
+		goto cleanup;
+	}
+
+	ret = get_negotiable_mechs(minor_status, sc, spcred, GSS_C_ACCEPT);
+	if (ret != GSS_S_COMPLETE) {
+		*return_token = NO_TOKEN_SEND;
+		goto cleanup;
+	}
+	/*
+	 * Select the best match between the list of mechs
+	 * that the initiator requested and the list that
+	 * the acceptor will support.
+	 */
+	mech_wanted = negotiate_mech(sc, mechTypes, negState);
+	if (*negState == REJECT) {
+		ret = GSS_S_BAD_MECH;
+		goto cleanup;
+	}
+
+	sc->internal_mech = mech_wanted;
+	sc->DER_mechTypes = der_mechTypes;
+	der_mechTypes.length = 0;
+	der_mechTypes.value = NULL;
+
+	if (*negState == REQUEST_MIC)
+		sc->mic_reqd = 1;
+
+	*return_token = INIT_TOKEN_SEND;
+	sc->firstpass = 1;
+	*sc_out = sc;
+	sc = NULL;
+	ret = GSS_S_COMPLETE;
+
+cleanup:
+	release_spnego_ctx(&sc);
+	gss_release_oid_set(&tmpmin, &mechTypes);
+	if (der_mechTypes.length != 0)
+		gss_release_buffer(&tmpmin, &der_mechTypes);
+
+	return ret;
+}
+
+static OM_uint32
+acc_ctx_cont(OM_uint32 *minstat,
+	     gss_buffer_t buf,
+	     spnego_gss_ctx_id_t sc,
+	     gss_buffer_t *responseToken,
+	     gss_buffer_t *mechListMIC,
+	     OM_uint32 *negState,
+	     send_token_flag *return_token)
+{
+	OM_uint32 ret, tmpmin;
+	gss_OID supportedMech;
+	struct k5input in;
+
+	ret = GSS_S_DEFECTIVE_TOKEN;
+	*negState = REJECT;
+	*minstat = 0;
+	supportedMech = GSS_C_NO_OID;
+	*return_token = ERROR_TOKEN_SEND;
+	*responseToken = *mechListMIC = GSS_C_NO_BUFFER;
+
+	k5_input_init(&in, buf->value, buf->length);
+
+	/* Attempt to work with old Sun SPNEGO. */
+	if (in.len > 0 && *in.ptr == HEADER_ID) {
+		ret = verify_token_header(&in, gss_mech_spnego);
+		if (ret) {
+			*minstat = ret;
+			return GSS_S_DEFECTIVE_TOKEN;
+		}
+	}
+
+	ret = get_negTokenResp(minstat, &in, negState, &supportedMech,
+			       responseToken, mechListMIC);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+
+	if (*responseToken == GSS_C_NO_BUFFER &&
+	    *mechListMIC == GSS_C_NO_BUFFER) {
+
+		ret = GSS_S_DEFECTIVE_TOKEN;
+		goto cleanup;
+	}
+	if (supportedMech != GSS_C_NO_OID) {
+		ret = GSS_S_DEFECTIVE_TOKEN;
+		goto cleanup;
+	}
+	sc->firstpass = 0;
+	*negState = ACCEPT_INCOMPLETE;
+	*return_token = CONT_TOKEN_SEND;
+cleanup:
+	if (supportedMech != GSS_C_NO_OID) {
+		generic_gss_release_oid(&tmpmin, &supportedMech);
+	}
+	return ret;
+}
+
+/*
+ * Verify that mech OID is either exactly the same as the negotiated
+ * mech OID, or is a mech OID supported by the negotiated mech.  MS
+ * implementations can list a most preferred mech using an incorrect
+ * krb5 OID while emitting a krb5 initiator mech token having the
+ * correct krb5 mech OID.
+ */
+static OM_uint32
+acc_ctx_vfy_oid(OM_uint32 *minor_status,
+		spnego_gss_ctx_id_t sc, gss_OID mechoid,
+		OM_uint32 *negState, send_token_flag *tokflag)
+{
+	OM_uint32 ret, tmpmin;
+	gss_mechanism mech = NULL;
+	gss_OID_set mech_set = GSS_C_NO_OID_SET;
+	int present = 0;
+
+	if (g_OID_equal(sc->internal_mech, mechoid))
+		return GSS_S_COMPLETE;
+
+	mech = gssint_get_mechanism(sc->internal_mech);
+	if (mech == NULL || mech->gss_indicate_mechs == NULL) {
+		*minor_status = ERR_SPNEGO_NEGOTIATION_FAILED;
+		map_errcode(minor_status);
+		*negState = REJECT;
+		*tokflag = ERROR_TOKEN_SEND;
+		return GSS_S_BAD_MECH;
+	}
+	ret = mech->gss_indicate_mechs(minor_status, &mech_set);
+	if (ret != GSS_S_COMPLETE) {
+		*tokflag = NO_TOKEN_SEND;
+		map_error(minor_status, mech);
+		goto cleanup;
+	}
+	ret = gss_test_oid_set_member(minor_status, mechoid,
+				      mech_set, &present);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+	if (!present) {
+		*minor_status = ERR_SPNEGO_NEGOTIATION_FAILED;
+		map_errcode(minor_status);
+		*negState = REJECT;
+		*tokflag = ERROR_TOKEN_SEND;
+		ret = GSS_S_BAD_MECH;
+	}
+cleanup:
+	gss_release_oid_set(&tmpmin, &mech_set);
+	return ret;
+}
+#ifndef LEAN_CLIENT
+/*
+ * Wrap call to gss_accept_sec_context() and update state
+ * accordingly.
+ */
+static OM_uint32
+acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+		 spnego_gss_cred_id_t spcred, gss_buffer_t mechtok_in,
+		 gss_channel_bindings_t bindings, gss_buffer_t mechtok_out,
+		 OM_uint32 *time_rec, OM_uint32 *negState,
+		 send_token_flag *tokflag)
+{
+	OM_uint32 ret, tmpmin;
+	gss_OID_desc mechoid;
+	gss_cred_id_t mcred;
+	int negoex = gss_oid_equal(sc->internal_mech, &negoex_mech);
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT && !negoex) {
+		/*
+		 * mechoid is an alias; don't free it.
+		 */
+		ret = gssint_get_mech_type(&mechoid, mechtok_in);
+		if (ret != GSS_S_COMPLETE) {
+			*tokflag = NO_TOKEN_SEND;
+			return ret;
+		}
+		ret = acc_ctx_vfy_oid(minor_status, sc, &mechoid,
+				      negState, tokflag);
+		if (ret != GSS_S_COMPLETE)
+			return ret;
+	}
+
+	mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
+	if (negoex) {
+		ret = negoex_accept(minor_status, sc, mcred, mechtok_in,
+				    bindings, mechtok_out, time_rec);
+	} else {
+		(void) gss_release_name(&tmpmin, &sc->internal_name);
+		(void) gss_release_cred(&tmpmin, &sc->deleg_cred);
+		ret = gss_accept_sec_context(minor_status, &sc->ctx_handle,
+					     mcred, mechtok_in, bindings,
+					     &sc->internal_name,
+					     &sc->actual_mech, mechtok_out,
+					     &sc->ctx_flags, time_rec,
+					     &sc->deleg_cred);
+	}
+	if (ret == GSS_S_COMPLETE) {
+#ifdef MS_BUG_TEST
+		/*
+		 * Force MIC to be not required even if we previously
+		 * requested a MIC.
+		 */
+		char *envstr = getenv("MS_FORCE_NO_MIC");
+
+		if (envstr != NULL && strcmp(envstr, "1") == 0 &&
+		    !(sc->ctx_flags & GSS_C_MUTUAL_FLAG) &&
+		    sc->mic_reqd) {
+
+			sc->mic_reqd = 0;
+		}
+#endif
+		sc->mech_complete = 1;
+
+		if (!sc->mic_reqd ||
+		    !(sc->ctx_flags & GSS_C_INTEG_FLAG)) {
+			/* No MIC exchange required, so we're done. */
+			*negState = ACCEPT_COMPLETE;
+			ret = GSS_S_COMPLETE;
+		} else {
+			/* handle_mic will decide if we're done. */
+			ret = GSS_S_CONTINUE_NEEDED;
+		}
+	} else if (ret != GSS_S_CONTINUE_NEEDED) {
+		*negState = REJECT;
+		*tokflag = ERROR_TOKEN_SEND;
+	}
+	return ret;
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_accept_sec_context(
+			    OM_uint32 *minor_status,
+			    gss_ctx_id_t *context_handle,
+			    gss_cred_id_t verifier_cred_handle,
+			    gss_buffer_t input_token,
+			    gss_channel_bindings_t bindings,
+			    gss_name_t *src_name,
+			    gss_OID *mech_type,
+			    gss_buffer_t output_token,
+			    OM_uint32 *ret_flags,
+			    OM_uint32 *time_rec,
+			    gss_cred_id_t *delegated_cred_handle)
+{
+	OM_uint32 ret, tmpmin, negState;
+	send_token_flag return_token;
+	gss_buffer_t mechtok_in, mic_in, mic_out;
+	gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER;
+	spnego_gss_ctx_id_t sc = NULL;
+	spnego_gss_cred_id_t spcred = NULL;
+	int sendTokenInit = 0, tmpret;
+
+	mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
+
+	/*
+	 * This function works in three steps:
+	 *
+	 *   1. Perform mechanism negotiation.
+	 *   2. Invoke the negotiated mech's gss_accept_sec_context function
+	 *      and examine the results.
+	 *   3. Process or generate MICs if necessary.
+	 *
+	 * Step one determines whether the negotiation requires a MIC exchange,
+	 * while steps two and three share responsibility for determining when
+	 * the exchange is complete.  If the selected mech completes in this
+	 * call and no MIC exchange is expected, then step 2 will decide.  If a
+	 * MIC exchange is expected, then step 3 will decide.  If an error
+	 * occurs in any step, the exchange will be aborted, possibly with an
+	 * error token.
+	 *
+	 * negState determines the state of the negotiation, and is
+	 * communicated to the acceptor if a continuing token is sent.
+	 * return_token is used to indicate what type of token, if any, should
+	 * be generated.
+	 */
+
+	/* Validate arguments. */
+	if (minor_status != NULL)
+		*minor_status = 0;
+	if (output_token != GSS_C_NO_BUFFER) {
+		output_token->length = 0;
+		output_token->value = NULL;
+	}
+	if (src_name != NULL)
+		*src_name = GSS_C_NO_NAME;
+	if (mech_type != NULL)
+		*mech_type = GSS_C_NO_OID;
+	if (time_rec != NULL)
+		*time_rec = 0;
+	if (ret_flags != NULL)
+		*ret_flags = 0;
+	if (delegated_cred_handle != NULL)
+		*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+	if (minor_status == NULL ||
+	    output_token == GSS_C_NO_BUFFER ||
+	    context_handle == NULL)
+		return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+	if (input_token == GSS_C_NO_BUFFER)
+		return GSS_S_CALL_INACCESSIBLE_READ;
+
+	/* Step 1: Perform mechanism negotiation. */
+	sc = (spnego_gss_ctx_id_t)*context_handle;
+	spcred = (spnego_gss_cred_id_t)verifier_cred_handle;
+	if (sc == NULL && input_token->length == 0) {
+		/* Process a request for NegHints. */
+		ret = acc_ctx_hints(minor_status, spcred, &mic_out, &negState,
+				    &return_token, &sc);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+		*context_handle = (gss_ctx_id_t)sc;
+		sendTokenInit = 1;
+		ret = GSS_S_CONTINUE_NEEDED;
+	} else if (sc == NULL || sc->internal_mech == GSS_C_NO_OID) {
+		if (sc != NULL) {
+			/* Discard the context from the NegHints request. */
+			release_spnego_ctx(&sc);
+			*context_handle = GSS_C_NO_CONTEXT;
+		}
+		/* Process an initial token; can set negState to
+		 * REQUEST_MIC. */
+		ret = acc_ctx_new(minor_status, input_token, spcred,
+				  &mechtok_in, &mic_in, &negState,
+				  &return_token, &sc);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+		*context_handle = (gss_ctx_id_t)sc;
+		ret = GSS_S_CONTINUE_NEEDED;
+	} else {
+		/* Process a response token.  Can set negState to
+		 * ACCEPT_INCOMPLETE. */
+		ret = acc_ctx_cont(minor_status, input_token, sc, &mechtok_in,
+				   &mic_in, &negState, &return_token);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+		ret = GSS_S_CONTINUE_NEEDED;
+	}
+
+	/* Step 2: invoke the negotiated mechanism's gss_accept_sec_context
+	 * function. */
+	/*
+	 * Handle mechtok_in and mic_in only if they are
+	 * present in input_token.  If neither is present, whether
+	 * this is an error depends on whether this is the first
+	 * round-trip.  RET is set to a default value according to
+	 * whether it is the first round-trip.
+	 */
+	if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) {
+		ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in,
+				       bindings, &mechtok_out, time_rec,
+				       &negState, &return_token);
+	}
+
+	/* Step 3: process or generate the MIC, if the negotiated mech is
+	 * complete and supports MICs. */
+	if (!HARD_ERROR(ret) && sc->mech_complete &&
+	    (sc->ctx_flags & GSS_C_INTEG_FLAG)) {
+
+		ret = handle_mic(minor_status, mic_in,
+				 (mechtok_out.length != 0),
+				 sc, &mic_out,
+				 &negState, &return_token);
+	}
+
+	if (!HARD_ERROR(ret) && ret_flags != NULL)
+		*ret_flags = sc->ctx_flags & ~GSS_C_PROT_READY_FLAG;
+
+cleanup:
+	if (return_token == INIT_TOKEN_SEND && sendTokenInit) {
+		assert(sc != NULL);
+		tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0,
+						   GSS_C_NO_BUFFER,
+						   return_token, output_token);
+		if (tmpret < 0)
+			ret = GSS_S_FAILURE;
+	} else if (return_token != NO_TOKEN_SEND &&
+		   return_token != CHECK_MIC) {
+		tmpret = make_spnego_tokenTarg_msg(negState,
+						   sc ? sc->internal_mech :
+						   GSS_C_NO_OID,
+						   &mechtok_out, mic_out,
+						   return_token,
+						   output_token);
+		if (tmpret < 0)
+			ret = GSS_S_FAILURE;
+	}
+	if (ret == GSS_S_COMPLETE) {
+		sc->opened = 1;
+		if (sc->internal_name != GSS_C_NO_NAME &&
+		    src_name != NULL) {
+			*src_name = sc->internal_name;
+			sc->internal_name = GSS_C_NO_NAME;
+		}
+		if (mech_type != NULL)
+			*mech_type = sc->actual_mech;
+		/* Get an updated lifetime if we didn't call into the mech. */
+		if (time_rec != NULL && *time_rec == 0) {
+			(void) gss_context_time(&tmpmin, sc->ctx_handle,
+						time_rec);
+		}
+		if (delegated_cred_handle != NULL) {
+			*delegated_cred_handle = sc->deleg_cred;
+			sc->deleg_cred = GSS_C_NO_CREDENTIAL;
+		}
+	} else if (ret != GSS_S_CONTINUE_NEEDED) {
+		if (sc != NULL) {
+			gss_delete_sec_context(&tmpmin, &sc->ctx_handle,
+					       GSS_C_NO_BUFFER);
+			release_spnego_ctx(&sc);
+		}
+		*context_handle = GSS_C_NO_CONTEXT;
+	}
+	gss_release_buffer(&tmpmin, &mechtok_out);
+	if (mechtok_in != GSS_C_NO_BUFFER) {
+		gss_release_buffer(&tmpmin, mechtok_in);
+		free(mechtok_in);
+	}
+	if (mic_in != GSS_C_NO_BUFFER) {
+		gss_release_buffer(&tmpmin, mic_in);
+		free(mic_in);
+	}
+	if (mic_out != GSS_C_NO_BUFFER) {
+		gss_release_buffer(&tmpmin, mic_out);
+		free(mic_out);
+	}
+	return ret;
+}
+#endif /*  LEAN_CLIENT */
+
+static struct {
+	OM_uint32 status;
+	const char *msg;
+} msg_table[] = {
+	{ ERR_SPNEGO_NO_MECHS_AVAILABLE,
+	  N_("SPNEGO cannot find mechanisms to negotiate") },
+	{ ERR_SPNEGO_NO_CREDS_ACQUIRED,
+	  N_("SPNEGO failed to acquire creds") },
+	{ ERR_SPNEGO_NO_MECH_FROM_ACCEPTOR,
+	  N_("SPNEGO acceptor did not select a mechanism") },
+	{ ERR_SPNEGO_NEGOTIATION_FAILED,
+	  N_("SPNEGO failed to negotiate a mechanism") },
+	{ ERR_SPNEGO_NO_TOKEN_FROM_ACCEPTOR,
+	  N_("SPNEGO acceptor did not return a valid token") },
+	{ ERR_NEGOEX_INVALID_MESSAGE_SIGNATURE,
+	  N_("Invalid NegoEx signature") },
+	{ ERR_NEGOEX_INVALID_MESSAGE_TYPE,
+	  N_("Invalid NegoEx message type") },
+	{ ERR_NEGOEX_INVALID_MESSAGE_SIZE,
+	  N_("Invalid NegoEx message size") },
+	{ ERR_NEGOEX_INVALID_CONVERSATION_ID,
+	  N_("Invalid NegoEx conversation ID") },
+	{ ERR_NEGOEX_AUTH_SCHEME_NOT_FOUND,
+	  N_("NegoEx authentication scheme not found") },
+	{ ERR_NEGOEX_MISSING_NEGO_MESSAGE,
+	  N_("Missing NegoEx negotiate message") },
+	{ ERR_NEGOEX_MISSING_AP_REQUEST_MESSAGE,
+	  N_("Missing NegoEx authentication protocol request message") },
+	{ ERR_NEGOEX_NO_AVAILABLE_MECHS,
+	  N_("No mutually supported NegoEx authentication schemes") },
+	{ ERR_NEGOEX_NO_VERIFY_KEY,
+	  N_("No NegoEx verify key") },
+	{ ERR_NEGOEX_UNKNOWN_CHECKSUM_SCHEME,
+	  N_("Unknown NegoEx checksum scheme") },
+	{ ERR_NEGOEX_INVALID_CHECKSUM,
+	  N_("Invalid NegoEx checksum") },
+	{ ERR_NEGOEX_UNSUPPORTED_CRITICAL_EXTENSION,
+	  N_("Unsupported critical NegoEx extension") },
+	{ ERR_NEGOEX_UNSUPPORTED_VERSION,
+	  N_("Unsupported NegoEx version") },
+	{ ERR_NEGOEX_MESSAGE_OUT_OF_SEQUENCE,
+	  N_("NegoEx message out of sequence") },
+};
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_display_status(
+		OM_uint32 *minor_status,
+		OM_uint32 status_value,
+		int status_type,
+		gss_OID mech_type,
+		OM_uint32 *message_context,
+		gss_buffer_t status_string)
+{
+	OM_uint32 maj = GSS_S_COMPLETE;
+	const char *msg;
+	size_t i;
+	int ret;
+
+	*message_context = 0;
+	for (i = 0; i < sizeof(msg_table) / sizeof(*msg_table); i++) {
+		if (status_value == msg_table[i].status) {
+			msg = dgettext(KRB5_TEXTDOMAIN, msg_table[i].msg);
+			*status_string = make_err_msg(msg);
+			return GSS_S_COMPLETE;
+		}
+	}
+
+	/* Not one of our minor codes; might be from a mech.  Call back
+	 * to gss_display_status, but first check for recursion. */
+	if (k5_getspecific(K5_KEY_GSS_SPNEGO_STATUS) != NULL) {
+		/* Perhaps we returned a com_err code like ENOMEM. */
+		const char *err = error_message(status_value);
+		*status_string = make_err_msg(err);
+		return GSS_S_COMPLETE;
+	}
+	/* Set a non-null pointer value; doesn't matter which one. */
+	ret = k5_setspecific(K5_KEY_GSS_SPNEGO_STATUS, &ret);
+	if (ret != 0) {
+		*minor_status = ret;
+		return GSS_S_FAILURE;
+	}
+
+	maj = gss_display_status(minor_status, status_value,
+				 status_type, mech_type,
+				 message_context, status_string);
+	/* This is unlikely to fail; not much we can do if it does. */
+	(void)k5_setspecific(K5_KEY_GSS_SPNEGO_STATUS, NULL);
+
+	return maj;
+}
+
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_name(
+		    OM_uint32 *minor_status,
+		    gss_buffer_t input_name_buffer,
+		    gss_OID input_name_type,
+		    gss_name_t *output_name)
+{
+	OM_uint32 status;
+
+	dsyslog("Entering import_name\n");
+
+	status = gss_import_name(minor_status, input_name_buffer,
+			input_name_type, output_name);
+
+	dsyslog("Leaving import_name\n");
+	return (status);
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_release_name(
+			OM_uint32 *minor_status,
+			gss_name_t *input_name)
+{
+	OM_uint32 status;
+
+	dsyslog("Entering release_name\n");
+
+	status = gss_release_name(minor_status, input_name);
+
+	dsyslog("Leaving release_name\n");
+	return (status);
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_duplicate_name(
+			OM_uint32 *minor_status,
+			const gss_name_t input_name,
+			gss_name_t *output_name)
+{
+	OM_uint32 status;
+
+	dsyslog("Entering duplicate_name\n");
+
+	status = gss_duplicate_name(minor_status, input_name, output_name);
+
+	dsyslog("Leaving duplicate_name\n");
+	return (status);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_cred(
+			OM_uint32 *minor_status,
+			gss_cred_id_t cred_handle,
+			gss_name_t *name,
+			OM_uint32 *lifetime,
+			int *cred_usage,
+			gss_OID_set *mechanisms)
+{
+	OM_uint32 status;
+	spnego_gss_cred_id_t spcred = NULL;
+	gss_cred_id_t creds = GSS_C_NO_CREDENTIAL;
+	OM_uint32 tmp_minor_status;
+	OM_uint32 initiator_lifetime, acceptor_lifetime;
+
+	dsyslog("Entering inquire_cred\n");
+
+	/*
+	 * To avoid infinite recursion, if GSS_C_NO_CREDENTIAL is
+	 * supplied we call gss_inquire_cred_by_mech() on the
+	 * first non-SPNEGO mechanism.
+	 */
+	spcred = (spnego_gss_cred_id_t)cred_handle;
+	if (spcred == NULL) {
+		status = get_available_mechs(minor_status,
+			GSS_C_NO_NAME,
+			GSS_C_BOTH,
+			GSS_C_NO_CRED_STORE,
+			&creds,
+			mechanisms, NULL);
+		if (status != GSS_S_COMPLETE) {
+			dsyslog("Leaving inquire_cred\n");
+			return (status);
+		}
+
+		if ((*mechanisms)->count == 0) {
+			gss_release_cred(&tmp_minor_status, &creds);
+			gss_release_oid_set(&tmp_minor_status, mechanisms);
+			dsyslog("Leaving inquire_cred\n");
+			return (GSS_S_DEFECTIVE_CREDENTIAL);
+		}
+
+		assert((*mechanisms)->elements != NULL);
+
+		status = gss_inquire_cred_by_mech(minor_status,
+			creds,
+			&(*mechanisms)->elements[0],
+			name,
+			&initiator_lifetime,
+			&acceptor_lifetime,
+			cred_usage);
+		if (status != GSS_S_COMPLETE) {
+			gss_release_cred(&tmp_minor_status, &creds);
+			dsyslog("Leaving inquire_cred\n");
+			return (status);
+		}
+
+		if (lifetime != NULL)
+			*lifetime = (*cred_usage == GSS_C_ACCEPT) ?
+				acceptor_lifetime : initiator_lifetime;
+
+		gss_release_cred(&tmp_minor_status, &creds);
+	} else {
+		status = gss_inquire_cred(minor_status, spcred->mcred,
+					  name, lifetime,
+					  cred_usage, mechanisms);
+	}
+
+	dsyslog("Leaving inquire_cred\n");
+
+	return (status);
+}
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_compare_name(
+			OM_uint32 *minor_status,
+			const gss_name_t name1,
+			const gss_name_t name2,
+			int *name_equal)
+{
+	OM_uint32 status = GSS_S_COMPLETE;
+	dsyslog("Entering compare_name\n");
+
+	status = gss_compare_name(minor_status, name1, name2, name_equal);
+
+	dsyslog("Leaving compare_name\n");
+	return (status);
+}
+
+/*ARGSUSED*/
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_display_name(
+			OM_uint32 *minor_status,
+			gss_name_t input_name,
+			gss_buffer_t output_name_buffer,
+			gss_OID *output_name_type)
+{
+	OM_uint32 status = GSS_S_COMPLETE;
+	dsyslog("Entering display_name\n");
+
+	status = gss_display_name(minor_status, input_name,
+			output_name_buffer, output_name_type);
+
+	dsyslog("Leaving display_name\n");
+	return (status);
+}
+
+
+/*ARGSUSED*/
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_names_for_mech(
+				OM_uint32	*minor_status,
+				gss_OID		mechanism,
+				gss_OID_set	*name_types)
+{
+	OM_uint32   major, minor;
+
+	dsyslog("Entering inquire_names_for_mech\n");
+	/*
+	 * We only know how to handle our own mechanism.
+	 */
+	if ((mechanism != GSS_C_NULL_OID) &&
+	    !g_OID_equal(gss_mech_spnego, mechanism)) {
+		*minor_status = 0;
+		return (GSS_S_FAILURE);
+	}
+
+	major = gss_create_empty_oid_set(minor_status, name_types);
+	if (major == GSS_S_COMPLETE) {
+		/* Now add our members. */
+		if (((major = gss_add_oid_set_member(minor_status,
+				(gss_OID) GSS_C_NT_USER_NAME,
+				name_types)) == GSS_S_COMPLETE) &&
+		    ((major = gss_add_oid_set_member(minor_status,
+				(gss_OID) GSS_C_NT_MACHINE_UID_NAME,
+				name_types)) == GSS_S_COMPLETE) &&
+		    ((major = gss_add_oid_set_member(minor_status,
+				(gss_OID) GSS_C_NT_STRING_UID_NAME,
+				name_types)) == GSS_S_COMPLETE)) {
+			major = gss_add_oid_set_member(minor_status,
+				(gss_OID) GSS_C_NT_HOSTBASED_SERVICE,
+				name_types);
+		}
+
+		if (major != GSS_S_COMPLETE)
+			(void) gss_release_oid_set(&minor, name_types);
+	}
+
+	dsyslog("Leaving inquire_names_for_mech\n");
+	return (major);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_unwrap(
+		OM_uint32 *minor_status,
+		gss_ctx_id_t context_handle,
+		gss_buffer_t input_message_buffer,
+		gss_buffer_t output_message_buffer,
+		int *conf_state,
+		gss_qop_t *qop_state)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_unwrap(minor_status,
+			sc->ctx_handle,
+			input_message_buffer,
+			output_message_buffer,
+			conf_state,
+			qop_state);
+
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_wrap(
+		OM_uint32 *minor_status,
+		gss_ctx_id_t context_handle,
+		int conf_req_flag,
+		gss_qop_t qop_req,
+		gss_buffer_t input_message_buffer,
+		int *conf_state,
+		gss_buffer_t output_message_buffer)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_wrap(minor_status,
+		    sc->ctx_handle,
+		    conf_req_flag,
+		    qop_req,
+		    input_message_buffer,
+		    conf_state,
+		    output_message_buffer);
+
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_process_context_token(
+				OM_uint32	*minor_status,
+				const gss_ctx_id_t context_handle,
+				const gss_buffer_t token_buffer)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	/* SPNEGO doesn't have its own context tokens. */
+	if (!sc->opened)
+		return (GSS_S_DEFECTIVE_TOKEN);
+
+	ret = gss_process_context_token(minor_status,
+					sc->ctx_handle,
+					token_buffer);
+
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_delete_sec_context(
+			    OM_uint32 *minor_status,
+			    gss_ctx_id_t *context_handle,
+			    gss_buffer_t output_token)
+{
+	OM_uint32 ret = GSS_S_COMPLETE;
+	spnego_gss_ctx_id_t *ctx =
+		    (spnego_gss_ctx_id_t *)context_handle;
+
+	*minor_status = 0;
+
+	if (context_handle == NULL)
+		return (GSS_S_FAILURE);
+
+	if (*ctx == NULL)
+		return (GSS_S_COMPLETE);
+
+	(void) gss_delete_sec_context(minor_status, &(*ctx)->ctx_handle,
+				      output_token);
+	(void) release_spnego_ctx(ctx);
+
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_context_time(
+			OM_uint32	*minor_status,
+			const gss_ctx_id_t context_handle,
+			OM_uint32	*time_rec)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_context_time(minor_status,
+			    sc->ctx_handle,
+			    time_rec);
+	return (ret);
+}
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_sec_context(
+			    OM_uint32	  *minor_status,
+			    gss_ctx_id_t *context_handle,
+			    gss_buffer_t interprocess_token)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = *(spnego_gss_ctx_id_t *)context_handle;
+
+	/* We don't currently support exporting partially established
+	 * contexts. */
+	if (!sc->opened)
+		return GSS_S_UNAVAILABLE;
+
+	ret = gss_export_sec_context(minor_status,
+				    &sc->ctx_handle,
+				    interprocess_token);
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT) {
+		release_spnego_ctx(&sc);
+		*context_handle = GSS_C_NO_CONTEXT;
+	}
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_sec_context(
+	OM_uint32		*minor_status,
+	const gss_buffer_t	interprocess_token,
+	gss_ctx_id_t		*context_handle)
+{
+	OM_uint32 ret, tmpmin;
+	gss_ctx_id_t mctx;
+	spnego_gss_ctx_id_t sc;
+	int initiate, opened;
+
+	ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
+	if (ret != GSS_S_COMPLETE)
+		return ret;
+
+	ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
+				  &initiate, &opened);
+	if (ret != GSS_S_COMPLETE || !opened) {
+		/* We don't currently support importing partially established
+		 * contexts. */
+		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+		return GSS_S_FAILURE;
+	}
+
+	sc = create_spnego_ctx(initiate);
+	if (sc == NULL) {
+		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+		return GSS_S_FAILURE;
+	}
+	sc->ctx_handle = mctx;
+	sc->opened = 1;
+	*context_handle = (gss_ctx_id_t)sc;
+	return GSS_S_COMPLETE;
+}
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_context(
+			OM_uint32	*minor_status,
+			const gss_ctx_id_t context_handle,
+			gss_name_t	*src_name,
+			gss_name_t	*targ_name,
+			OM_uint32	*lifetime_rec,
+			gss_OID		*mech_type,
+			OM_uint32	*ctx_flags,
+			int		*locally_initiated,
+			int		*opened)
+{
+	OM_uint32 ret = GSS_S_COMPLETE;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (src_name != NULL)
+		*src_name = GSS_C_NO_NAME;
+	if (targ_name != NULL)
+		*targ_name = GSS_C_NO_NAME;
+	if (lifetime_rec != NULL)
+		*lifetime_rec = 0;
+	if (mech_type != NULL)
+		*mech_type = (gss_OID)gss_mech_spnego;
+	if (ctx_flags != NULL)
+		*ctx_flags = 0;
+	if (locally_initiated != NULL)
+		*locally_initiated = sc->initiate;
+	if (opened != NULL)
+		*opened = sc->opened;
+
+	if (sc->ctx_handle != GSS_C_NO_CONTEXT) {
+		ret = gss_inquire_context(minor_status, sc->ctx_handle,
+					  src_name, targ_name, lifetime_rec,
+					  mech_type, ctx_flags, NULL, NULL);
+	}
+
+	if (!sc->opened) {
+		/*
+		 * We are still doing SPNEGO negotiation, so report SPNEGO as
+		 * the OID.  After negotiation is complete we will report the
+		 * underlying mechanism OID.
+		 */
+		if (mech_type != NULL)
+			*mech_type = (gss_OID)gss_mech_spnego;
+
+		/*
+		 * Remove flags we don't support with partially-established
+		 * contexts.  (Change this to keep GSS_C_TRANS_FLAG if we add
+		 * support for exporting partial SPNEGO contexts.)
+		 */
+		if (ctx_flags != NULL) {
+			*ctx_flags &= ~GSS_C_PROT_READY_FLAG;
+			*ctx_flags &= ~GSS_C_TRANS_FLAG;
+		}
+	}
+
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_wrap_size_limit(
+	OM_uint32	*minor_status,
+	const gss_ctx_id_t context_handle,
+	int		conf_req_flag,
+	gss_qop_t	qop_req,
+	OM_uint32	req_output_size,
+	OM_uint32	*max_input_size)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_wrap_size_limit(minor_status,
+				sc->ctx_handle,
+				conf_req_flag,
+				qop_req,
+				req_output_size,
+				max_input_size);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_localname(OM_uint32 *minor_status, const gss_name_t pname,
+		     const gss_const_OID mech_type, gss_buffer_t localname)
+{
+	return gss_localname(minor_status, pname, GSS_C_NO_OID, localname);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_mic(
+		OM_uint32 *minor_status,
+		const gss_ctx_id_t context_handle,
+		gss_qop_t  qop_req,
+		const gss_buffer_t message_buffer,
+		gss_buffer_t message_token)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_get_mic(minor_status,
+		    sc->ctx_handle,
+		    qop_req,
+		    message_buffer,
+		    message_token);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_verify_mic(
+		OM_uint32 *minor_status,
+		const gss_ctx_id_t context_handle,
+		const gss_buffer_t msg_buffer,
+		const gss_buffer_t token_buffer,
+		gss_qop_t *qop_state)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_verify_mic(minor_status,
+			    sc->ctx_handle,
+			    msg_buffer,
+			    token_buffer,
+			    qop_state);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_sec_context_by_oid(
+		OM_uint32 *minor_status,
+		const gss_ctx_id_t context_handle,
+		const gss_OID desired_object,
+		gss_buffer_set_t *data_set)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	/* There are no SPNEGO-specific OIDs for this function. */
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_UNAVAILABLE);
+
+	ret = gss_inquire_sec_context_by_oid(minor_status,
+			    sc->ctx_handle,
+			    desired_object,
+			    data_set);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_cred_by_oid(
+		OM_uint32 *minor_status,
+		const gss_cred_id_t cred_handle,
+		const gss_OID desired_object,
+		gss_buffer_set_t *data_set)
+{
+	OM_uint32 ret;
+	spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle;
+	gss_cred_id_t mcred;
+	mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
+	ret = gss_inquire_cred_by_oid(minor_status,
+				mcred,
+				desired_object,
+				data_set);
+	return (ret);
+}
+
+/* This is the same OID as KRB5_NO_CI_FLAGS_X_OID. */
+#define NO_CI_FLAGS_X_OID_LENGTH 6
+#define NO_CI_FLAGS_X_OID "\x2a\x85\x70\x2b\x0d\x1d"
+static const gss_OID_desc no_ci_flags_oid[] = {
+	{NO_CI_FLAGS_X_OID_LENGTH, NO_CI_FLAGS_X_OID},
+};
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_cred_option(
+		OM_uint32 *minor_status,
+		gss_cred_id_t *cred_handle,
+		const gss_OID desired_object,
+		const gss_buffer_t value)
+{
+	OM_uint32 ret;
+	OM_uint32 tmp_minor_status;
+	spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)*cred_handle;
+	gss_cred_id_t mcred;
+
+	mcred = (spcred == NULL) ? GSS_C_NO_CREDENTIAL : spcred->mcred;
+	ret = gss_set_cred_option(minor_status,
+				  &mcred,
+				  desired_object,
+				  value);
+	if (ret == GSS_S_COMPLETE && spcred == NULL) {
+		/*
+		 * If the mechanism allocated a new credential handle, then
+		 * we need to wrap it up in an SPNEGO credential handle.
+		 */
+
+		ret = create_spnego_cred(minor_status, mcred, &spcred);
+		if (ret != GSS_S_COMPLETE) {
+			gss_release_cred(&tmp_minor_status, &mcred);
+			return (ret);
+		}
+		*cred_handle = (gss_cred_id_t)spcred;
+	}
+
+	if (ret != GSS_S_COMPLETE)
+		return (ret);
+
+	/* Recognize KRB5_NO_CI_FLAGS_X_OID and avoid asking for integrity. */
+	if (g_OID_equal(desired_object, no_ci_flags_oid))
+		spcred->no_ask_integ = 1;
+
+	return (GSS_S_COMPLETE);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_sec_context_option(
+		OM_uint32 *minor_status,
+		gss_ctx_id_t *context_handle,
+		const gss_OID desired_object,
+		const gss_buffer_t value)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)*context_handle;
+
+	/* There are no SPNEGO-specific OIDs for this function, and we cannot
+	 * construct an empty SPNEGO context with it. */
+	if (sc == NULL || sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_UNAVAILABLE);
+
+	ret = gss_set_sec_context_option(minor_status,
+			    &sc->ctx_handle,
+			    desired_object,
+			    value);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_wrap_aead(OM_uint32 *minor_status,
+		     gss_ctx_id_t context_handle,
+		     int conf_req_flag,
+		     gss_qop_t qop_req,
+		     gss_buffer_t input_assoc_buffer,
+		     gss_buffer_t input_payload_buffer,
+		     int *conf_state,
+		     gss_buffer_t output_message_buffer)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_wrap_aead(minor_status,
+			    sc->ctx_handle,
+			    conf_req_flag,
+			    qop_req,
+			    input_assoc_buffer,
+			    input_payload_buffer,
+			    conf_state,
+			    output_message_buffer);
+
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_unwrap_aead(OM_uint32 *minor_status,
+		       gss_ctx_id_t context_handle,
+		       gss_buffer_t input_message_buffer,
+		       gss_buffer_t input_assoc_buffer,
+		       gss_buffer_t output_payload_buffer,
+		       int *conf_state,
+		       gss_qop_t *qop_state)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_unwrap_aead(minor_status,
+			      sc->ctx_handle,
+			      input_message_buffer,
+			      input_assoc_buffer,
+			      output_payload_buffer,
+			      conf_state,
+			      qop_state);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_wrap_iov(OM_uint32 *minor_status,
+		    gss_ctx_id_t context_handle,
+		    int conf_req_flag,
+		    gss_qop_t qop_req,
+		    int *conf_state,
+		    gss_iov_buffer_desc *iov,
+		    int iov_count)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_wrap_iov(minor_status,
+			   sc->ctx_handle,
+			   conf_req_flag,
+			   qop_req,
+			   conf_state,
+			   iov,
+			   iov_count);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_unwrap_iov(OM_uint32 *minor_status,
+		      gss_ctx_id_t context_handle,
+		      int *conf_state,
+		      gss_qop_t *qop_state,
+		      gss_iov_buffer_desc *iov,
+		      int iov_count)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_unwrap_iov(minor_status,
+			     sc->ctx_handle,
+			     conf_state,
+			     qop_state,
+			     iov,
+			     iov_count);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_wrap_iov_length(OM_uint32 *minor_status,
+			   gss_ctx_id_t context_handle,
+			   int conf_req_flag,
+			   gss_qop_t qop_req,
+			   int *conf_state,
+			   gss_iov_buffer_desc *iov,
+			   int iov_count)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_wrap_iov_length(minor_status,
+				  sc->ctx_handle,
+				  conf_req_flag,
+				  qop_req,
+				  conf_state,
+				  iov,
+				  iov_count);
+	return (ret);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_complete_auth_token(
+		OM_uint32 *minor_status,
+		const gss_ctx_id_t context_handle,
+		gss_buffer_t input_message_buffer)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_UNAVAILABLE);
+
+	ret = gss_complete_auth_token(minor_status,
+				      sc->ctx_handle,
+				      input_message_buffer);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
+					 const gss_cred_id_t impersonator_cred_handle,
+					 const gss_name_t desired_name,
+					 OM_uint32 time_req,
+					 gss_OID_set desired_mechs,
+					 gss_cred_usage_t cred_usage,
+					 gss_cred_id_t *output_cred_handle,
+					 gss_OID_set *actual_mechs,
+					 OM_uint32 *time_rec)
+{
+	OM_uint32 status, tmpmin;
+	gss_OID_set amechs = GSS_C_NULL_OID_SET;
+	spnego_gss_cred_id_t imp_spcred = NULL, out_spcred = NULL;
+	gss_cred_id_t imp_mcred, out_mcred = GSS_C_NO_CREDENTIAL;
+
+	dsyslog("Entering spnego_gss_acquire_cred_impersonate_name\n");
+
+	if (actual_mechs)
+		*actual_mechs = NULL;
+
+	if (time_rec)
+		*time_rec = 0;
+
+	imp_spcred = (spnego_gss_cred_id_t)impersonator_cred_handle;
+	imp_mcred = imp_spcred ? imp_spcred->mcred : GSS_C_NO_CREDENTIAL;
+	status = gss_inquire_cred(minor_status, imp_mcred, NULL, NULL,
+				  NULL, &amechs);
+	if (status != GSS_S_COMPLETE)
+		return status;
+
+	status = gss_acquire_cred_impersonate_name(minor_status, imp_mcred,
+						   desired_name, time_req,
+						   amechs, cred_usage,
+						   &out_mcred, actual_mechs,
+						   time_rec);
+	if (status != GSS_S_COMPLETE)
+		goto cleanup;
+
+	status = create_spnego_cred(minor_status, out_mcred, &out_spcred);
+	if (status != GSS_S_COMPLETE)
+		goto cleanup;
+
+	out_mcred = GSS_C_NO_CREDENTIAL;
+	*output_cred_handle = (gss_cred_id_t)out_spcred;
+
+cleanup:
+	(void) gss_release_oid_set(&tmpmin, &amechs);
+	(void) gss_release_cred(&tmpmin, &out_mcred);
+
+	dsyslog("Leaving spnego_gss_acquire_cred_impersonate_name\n");
+	return (status);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_acquire_cred_with_password(OM_uint32 *minor_status,
+				      const gss_name_t desired_name,
+				      const gss_buffer_t password,
+				      OM_uint32 time_req,
+				      const gss_OID_set desired_mechs,
+				      gss_cred_usage_t cred_usage,
+				      gss_cred_id_t *output_cred_handle,
+				      gss_OID_set *actual_mechs,
+				      OM_uint32 *time_rec)
+{
+	OM_uint32 status, tmpmin;
+	gss_OID_set amechs = GSS_C_NULL_OID_SET;
+	gss_cred_id_t mcred = NULL;
+	spnego_gss_cred_id_t spcred = NULL;
+
+	dsyslog("Entering spnego_gss_acquire_cred_with_password\n");
+
+	if (actual_mechs)
+		*actual_mechs = NULL;
+
+	if (time_rec)
+		*time_rec = 0;
+
+	status = get_available_mechs(minor_status, desired_name,
+				     cred_usage, GSS_C_NO_CRED_STORE,
+				     NULL, &amechs, NULL);
+	if (status != GSS_S_COMPLETE)
+	    goto cleanup;
+
+	status = gss_acquire_cred_with_password(minor_status, desired_name,
+						password, time_req, amechs,
+						cred_usage, &mcred,
+						actual_mechs, time_rec);
+	if (status != GSS_S_COMPLETE)
+	    goto cleanup;
+
+	status = create_spnego_cred(minor_status, mcred, &spcred);
+	if (status != GSS_S_COMPLETE)
+		goto cleanup;
+
+	mcred = GSS_C_NO_CREDENTIAL;
+	*output_cred_handle = (gss_cred_id_t)spcred;
+
+cleanup:
+
+	(void) gss_release_oid_set(&tmpmin, &amechs);
+	(void) gss_release_cred(&tmpmin, &mcred);
+
+	dsyslog("Leaving spnego_gss_acquire_cred_with_password\n");
+	return (status);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_display_name_ext(OM_uint32 *minor_status,
+			    gss_name_t name,
+			    gss_OID display_as_name_type,
+			    gss_buffer_t display_name)
+{
+	OM_uint32 ret;
+	ret = gss_display_name_ext(minor_status,
+				   name,
+				   display_as_name_type,
+				   display_name);
+	return (ret);
+}
+
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_name(OM_uint32 *minor_status,
+			gss_name_t name,
+			int *name_is_MN,
+			gss_OID *MN_mech,
+			gss_buffer_set_t *attrs)
+{
+	OM_uint32 ret;
+	ret = gss_inquire_name(minor_status,
+			       name,
+			       name_is_MN,
+			       MN_mech,
+			       attrs);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_name_attribute(OM_uint32 *minor_status,
+			      gss_name_t name,
+			      gss_buffer_t attr,
+			      int *authenticated,
+			      int *complete,
+			      gss_buffer_t value,
+			      gss_buffer_t display_value,
+			      int *more)
+{
+	OM_uint32 ret;
+	ret = gss_get_name_attribute(minor_status,
+				     name,
+				     attr,
+				     authenticated,
+				     complete,
+				     value,
+				     display_value,
+				     more);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_name_attribute(OM_uint32 *minor_status,
+			      gss_name_t name,
+			      int complete,
+			      gss_buffer_t attr,
+			      gss_buffer_t value)
+{
+	OM_uint32 ret;
+	ret = gss_set_name_attribute(minor_status,
+				     name,
+				     complete,
+				     attr,
+				     value);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_delete_name_attribute(OM_uint32 *minor_status,
+				 gss_name_t name,
+				 gss_buffer_t attr)
+{
+	OM_uint32 ret;
+	ret = gss_delete_name_attribute(minor_status,
+					name,
+					attr);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_name_composite(OM_uint32 *minor_status,
+				 gss_name_t name,
+				 gss_buffer_t exp_composite_name)
+{
+	OM_uint32 ret;
+	ret = gss_export_name_composite(minor_status,
+					name,
+					exp_composite_name);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_map_name_to_any(OM_uint32 *minor_status,
+			   gss_name_t name,
+			   int authenticated,
+			   gss_buffer_t type_id,
+			   gss_any_t *output)
+{
+	OM_uint32 ret;
+	ret = gss_map_name_to_any(minor_status,
+				  name,
+				  authenticated,
+				  type_id,
+				  output);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_release_any_name_mapping(OM_uint32 *minor_status,
+				    gss_name_t name,
+				    gss_buffer_t type_id,
+				    gss_any_t *input)
+{
+	OM_uint32 ret;
+	ret = gss_release_any_name_mapping(minor_status,
+					   name,
+					   type_id,
+					   input);
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_pseudo_random(OM_uint32 *minor_status,
+			 gss_ctx_id_t context,
+			 int prf_key,
+			 const gss_buffer_t prf_in,
+			 ssize_t desired_output_len,
+			 gss_buffer_t prf_out)
+{
+	OM_uint32 ret;
+	spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context;
+
+	if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+		return (GSS_S_NO_CONTEXT);
+
+	ret = gss_pseudo_random(minor_status,
+				sc->ctx_handle,
+				prf_key,
+				prf_in,
+				desired_output_len,
+				prf_out);
+        return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_set_neg_mechs(OM_uint32 *minor_status,
+			 gss_cred_id_t cred_handle,
+			 const gss_OID_set mech_list)
+{
+	OM_uint32 ret;
+	spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle;
+
+	/* Store mech_list in spcred for use in negotiation logic. */
+	gss_release_oid_set(minor_status, &spcred->neg_mechs);
+	ret = generic_gss_copy_oid_set(minor_status, mech_list,
+				       &spcred->neg_mechs);
+	if (ret == GSS_S_COMPLETE) {
+		(void) gss_set_neg_mechs(minor_status,
+					 spcred->mcred,
+					 spcred->neg_mechs);
+	}
+
+	return (ret);
+}
+
+#define SPNEGO_SASL_NAME	"SPNEGO"
+#define SPNEGO_SASL_NAME_LEN	(sizeof(SPNEGO_SASL_NAME) - 1)
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
+                                     const gss_buffer_t sasl_mech_name,
+                                     gss_OID *mech_type)
+{
+	if (sasl_mech_name->length == SPNEGO_SASL_NAME_LEN &&
+	    memcmp(sasl_mech_name->value, SPNEGO_SASL_NAME,
+		   SPNEGO_SASL_NAME_LEN) == 0) {
+		if (mech_type != NULL)
+			*mech_type = (gss_OID)gss_mech_spnego;
+		return (GSS_S_COMPLETE);
+	}
+
+	return (GSS_S_BAD_MECH);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
+                                     const gss_OID desired_mech,
+                                     gss_buffer_t sasl_mech_name,
+                                     gss_buffer_t mech_name,
+                                     gss_buffer_t mech_description)
+{
+	*minor_status = 0;
+
+	if (!g_OID_equal(desired_mech, gss_mech_spnego))
+		return (GSS_S_BAD_MECH);
+
+	if (!g_make_string_buffer(SPNEGO_SASL_NAME, sasl_mech_name) ||
+	    !g_make_string_buffer("spnego", mech_name) ||
+	    !g_make_string_buffer("Simple and Protected GSS-API "
+				  "Negotiation Mechanism", mech_description))
+		goto fail;
+
+	return (GSS_S_COMPLETE);
+
+fail:
+	*minor_status = ENOMEM;
+	return (GSS_S_FAILURE);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_inquire_attrs_for_mech(OM_uint32 *minor_status,
+				  gss_const_OID mech,
+				  gss_OID_set *mech_attrs,
+				  gss_OID_set *known_mech_attrs)
+{
+	OM_uint32 major, tmpMinor;
+
+	/* known_mech_attrs is handled by mechglue */
+	*minor_status = 0;
+
+	if (mech_attrs == NULL)
+	    return (GSS_S_COMPLETE);
+
+	major = gss_create_empty_oid_set(minor_status, mech_attrs);
+	if (GSS_ERROR(major))
+		goto cleanup;
+
+#define MA_SUPPORTED(ma)    do {					\
+		major = gss_add_oid_set_member(minor_status,		\
+					       (gss_OID)ma, mech_attrs); \
+		if (GSS_ERROR(major))					\
+			goto cleanup;					\
+	} while (0)
+
+	MA_SUPPORTED(GSS_C_MA_MECH_NEGO);
+	MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED);
+
+cleanup:
+	if (GSS_ERROR(major))
+		gss_release_oid_set(&tmpMinor, mech_attrs);
+
+	return (major);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_export_cred(OM_uint32 *minor_status,
+		       gss_cred_id_t cred_handle,
+		       gss_buffer_t token)
+{
+	spnego_gss_cred_id_t spcred = (spnego_gss_cred_id_t)cred_handle;
+
+	return (gss_export_cred(minor_status, spcred->mcred, token));
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_import_cred(OM_uint32 *minor_status,
+		       gss_buffer_t token,
+		       gss_cred_id_t *cred_handle)
+{
+	OM_uint32 ret;
+	spnego_gss_cred_id_t spcred;
+	gss_cred_id_t mcred;
+
+	ret = gss_import_cred(minor_status, token, &mcred);
+	if (GSS_ERROR(ret))
+		return (ret);
+
+	ret = create_spnego_cred(minor_status, mcred, &spcred);
+	if (GSS_ERROR(ret))
+	    return (ret);
+
+	*cred_handle = (gss_cred_id_t)spcred;
+	return (ret);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+		       gss_qop_t qop_req, gss_iov_buffer_desc *iov,
+		       int iov_count)
+{
+    spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+    if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+	    return (GSS_S_NO_CONTEXT);
+
+    return gss_get_mic_iov(minor_status, sc->ctx_handle, qop_req, iov,
+			   iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+			  gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
+			  int iov_count)
+{
+    spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+    if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+	    return (GSS_S_NO_CONTEXT);
+
+    return gss_verify_mic_iov(minor_status, sc->ctx_handle, qop_state, iov,
+			      iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+spnego_gss_get_mic_iov_length(OM_uint32 *minor_status,
+			      gss_ctx_id_t context_handle, gss_qop_t qop_req,
+			      gss_iov_buffer_desc *iov, int iov_count)
+{
+    spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+    if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+	    return (GSS_S_NO_CONTEXT);
+
+    return gss_get_mic_iov_length(minor_status, sc->ctx_handle, qop_req, iov,
+				  iov_count);
+}
+
+/*
+ * We will release everything but the ctx_handle so that it
+ * can be passed back to init/accept context. This routine should
+ * not be called until after the ctx_handle memory is assigned to
+ * the supplied context handle from init/accept context.
+ */
+static void
+release_spnego_ctx(spnego_gss_ctx_id_t *ctx)
+{
+	spnego_gss_ctx_id_t context;
+	OM_uint32 minor_stat;
+	context = *ctx;
+
+	if (context != NULL) {
+		(void) gss_release_buffer(&minor_stat,
+					&context->DER_mechTypes);
+
+		(void) gss_release_oid_set(&minor_stat, &context->mech_set);
+
+		(void) gss_release_name(&minor_stat, &context->internal_name);
+		(void) gss_release_cred(&minor_stat, &context->deleg_cred);
+
+		negoex_release_context(context);
+
+		free(context);
+		*ctx = NULL;
+	}
+}
+
+/*
+ * Can't use gss_indicate_mechs by itself to get available mechs for
+ * SPNEGO because it will also return the SPNEGO mech and we do not
+ * want to consider SPNEGO as an available security mech for
+ * negotiation. For this reason, get_available_mechs will return
+ * all available, non-deprecated mechs except SPNEGO and NegoEx-
+ * only mechanisms.
+ *
+ * Note that gss_acquire_cred_from(GSS_C_NO_OID_SET) will filter
+ * out hidden (GSS_C_MA_NOT_INDICATED) mechanisms such as NegoEx, so
+ * calling gss_indicate_mechs_by_attrs() also works around that.
+ *
+ * If a ptr to a creds list is given, this function will attempt
+ * to acquire creds for the creds given and trim the list of
+ * returned mechanisms to only those for which creds are valid.
+ *
+ */
+static OM_uint32
+get_available_mechs(OM_uint32 *minor_status,
+	gss_name_t name, gss_cred_usage_t usage,
+	gss_const_key_value_set_t cred_store,
+	gss_cred_id_t *creds, gss_OID_set *rmechs, OM_uint32 *time_rec)
+{
+	OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
+	gss_OID_set mechs, goodmechs;
+	gss_OID_set_desc except_attrs;
+	gss_OID_desc attr_oids[3];
+
+	*rmechs = GSS_C_NO_OID_SET;
+
+	attr_oids[0] = *GSS_C_MA_DEPRECATED;
+	attr_oids[1] = *GSS_C_MA_NOT_DFLT_MECH;
+	attr_oids[2] = *GSS_C_MA_MECH_NEGO;     /* Exclude ourselves */
+	except_attrs.count = sizeof(attr_oids) / sizeof(attr_oids[0]);
+	except_attrs.elements = attr_oids;
+	major_status = gss_indicate_mechs_by_attrs(minor_status,
+						   GSS_C_NO_OID_SET,
+						   &except_attrs,
+						   GSS_C_NO_OID_SET, &mechs);
+
+	/*
+	 * If the caller wanted a list of creds returned,
+	 * trim the list of mechanisms down to only those
+	 * for which the creds are valid.
+	 */
+	if (mechs->count > 0 && major_status == GSS_S_COMPLETE &&
+	    creds != NULL) {
+		major_status = gss_acquire_cred_from(minor_status, name,
+						     GSS_C_INDEFINITE,
+						     mechs, usage,
+						     cred_store, creds,
+						     &goodmechs, time_rec);
+
+		/*
+		 * Drop the old list in favor of the new
+		 * "trimmed" list.
+		 */
+		if (major_status == GSS_S_COMPLETE) {
+			(void) gss_release_oid_set(&tmpmin, &mechs);
+			mechs = goodmechs;
+		}
+	}
+
+	if (mechs->count > 0 && major_status == GSS_S_COMPLETE) {
+		*rmechs = mechs;
+	} else {
+		(void) gss_release_oid_set(&tmpmin, &mechs);
+		*minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
+		map_errcode(minor_status);
+		if (major_status == GSS_S_COMPLETE)
+			major_status = GSS_S_FAILURE;
+	}
+
+	return (major_status);
+}
+
+/* Return true if mech asserts the GSS_C_MA_NEGOEX_AND_SPNEGO attribute. */
+static int
+negoex_and_spnego(gss_OID mech)
+{
+	OM_uint32 ret, minor;
+	gss_OID_set attrs;
+	int present;
+
+	ret = gss_inquire_attrs_for_mech(&minor, mech, &attrs, NULL);
+	if (ret != GSS_S_COMPLETE || attrs == GSS_C_NO_OID_SET)
+		return 0;
+
+	(void) generic_gss_test_oid_set_member(&minor,
+					       GSS_C_MA_NEGOEX_AND_SPNEGO,
+					       attrs, &present);
+	(void) gss_release_oid_set(&minor, &attrs);
+	return present;
+}
+
+/*
+ * Fill sc->mech_set with the SPNEGO-negotiable mechanism OIDs, and
+ * sc->negoex_mechs with an entry for each NegoEx-negotiable mechanism.  Take
+ * into account the mech set provided with gss_set_neg_mechs() if it exists.
+ */
+static OM_uint32
+get_negotiable_mechs(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
+		     spnego_gss_cred_id_t spcred, gss_cred_usage_t usage)
+{
+	OM_uint32 ret, tmpmin;
+	gss_cred_id_t creds = GSS_C_NO_CREDENTIAL;
+	gss_OID_set cred_mechs = GSS_C_NULL_OID_SET, mechs;
+	unsigned int i;
+	int present, added_negoex = 0;
+	auth_scheme scheme;
+
+	if (spcred != NULL) {
+		/* Get the list of mechs in the mechglue cred. */
+		ret = gss_inquire_cred(minor_status, spcred->mcred, NULL,
+				       NULL, NULL, &cred_mechs);
+		if (ret != GSS_S_COMPLETE)
+			return (ret);
+	} else {
+		/* Start with the list of available mechs. */
+		ret = get_available_mechs(minor_status, GSS_C_NO_NAME, usage,
+					  GSS_C_NO_CRED_STORE, &creds,
+					  &cred_mechs, NULL);
+		if (ret != GSS_S_COMPLETE)
+			return (ret);
+		gss_release_cred(&tmpmin, &creds);
+	}
+
+	/* If gss_set_neg_mechs() was called, use that to determine the
+	 * iteration order.  Otherwise iterate over the credential mechs. */
+	mechs = (spcred != NULL && spcred->neg_mechs != GSS_C_NULL_OID_SET) ?
+	    spcred->neg_mechs : cred_mechs;
+
+	ret = gss_create_empty_oid_set(minor_status, &sc->mech_set);
+	if (ret != GSS_S_COMPLETE)
+		goto cleanup;
+
+	for (i = 0; i < mechs->count; i++) {
+		if (mechs != cred_mechs) {
+			/* Intersect neg_mechs with cred_mechs. */
+			gss_test_oid_set_member(&tmpmin, &mechs->elements[i],
+						cred_mechs, &present);
+			if (!present)
+				continue;
+		}
+
+		/* Query the auth scheme to see if this is a NegoEx mech. */
+		ret = gssspi_query_mechanism_info(&tmpmin, &mechs->elements[i],
+						  scheme);
+		if (ret == GSS_S_COMPLETE) {
+			/* Add an entry for this mech to the NegoEx list. */
+			ret = negoex_add_auth_mech(minor_status, sc,
+						   &mechs->elements[i],
+						   scheme);
+			if (ret != GSS_S_COMPLETE)
+				goto cleanup;
+
+			/* Add the NegoEx OID to the SPNEGO list at the
+			 * position of the first NegoEx mechanism. */
+			if (!added_negoex) {
+				ret = gss_add_oid_set_member(minor_status,
+							     &negoex_mech,
+							     &sc->mech_set);
+				if (ret != GSS_S_COMPLETE)
+					goto cleanup;
+				added_negoex = 1;
+			}
+
+			/* Skip this mech in the SPNEGO list unless it asks for
+			 * direct SPNEGO negotiation. */
+			if (!negoex_and_spnego(&mechs->elements[i]))
+				continue;
+		}
+
+		/* Add this mech to the SPNEGO list. */
+		ret = gss_add_oid_set_member(minor_status, &mechs->elements[i],
+					     &sc->mech_set);
+		if (ret != GSS_S_COMPLETE)
+			goto cleanup;
+	}
+
+	*minor_status = 0;
+
+cleanup:
+	if (ret != GSS_S_COMPLETE || sc->mech_set->count == 0) {
+		*minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
+		map_errcode(minor_status);
+		ret = GSS_S_FAILURE;
+	}
+
+	gss_release_oid_set(&tmpmin, &cred_mechs);
+	return (ret);
+}
+
+/* following are token creation and reading routines */
+
+/*
+ * If in contains a tagged OID encoding, return a copy of the contents as a
+ * gss_OID and advance in past the encoding.  Otherwise return NULL and do not
+ * advance in.
+ */
+static gss_OID
+get_mech_oid(OM_uint32 *minor_status, struct k5input *in)
+{
+	struct k5input oidrep;
+	OM_uint32 status;
+	gss_OID_desc oid;
+	gss_OID mech_out = NULL;
+
+	if (!k5_der_get_value(in, MECH_OID, &oidrep))
+		return (NULL);
+
+	oid.length = oidrep.len;
+	oid.elements = (uint8_t *)oidrep.ptr;
+	status = generic_gss_copy_oid(minor_status, &oid, &mech_out);
+	if (status != GSS_S_COMPLETE) {
+		map_errcode(minor_status);
+		mech_out = NULL;
+	}
+
+	return (mech_out);
+}
+
+/*
+ * If in contains a tagged octet string encoding, return a copy of the contents
+ * as a gss_buffer_t and advance in past the encoding.  Otherwise return NULL
+ * and do not advance in.
+ */
+static gss_buffer_t
+get_octet_string(struct k5input *in)
+{
+	gss_buffer_t input_token;
+	struct k5input ostr;
+
+	if (!k5_der_get_value(in, OCTET_STRING, &ostr))
+		return (NULL);
+
+	input_token = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
+	if (input_token == NULL)
+		return (NULL);
+
+	input_token->length = ostr.len;
+	if (input_token->length > 0) {
+		input_token->value = gssalloc_malloc(input_token->length);
+		if (input_token->value == NULL) {
+			free(input_token);
+			return (NULL);
+		}
+
+		memcpy(input_token->value, ostr.ptr, input_token->length);
+	} else {
+		input_token->value = NULL;
+	}
+	return (input_token);
+}
+
+/*
+ * verify that buff_in points to a sequence of der encoding. The mech
+ * set is the only sequence of encoded object in the token, so if it is
+ * a sequence of encoding, decode the mechset into a gss_OID_set and
+ * return it, advancing the buffer pointer.
+ */
+static gss_OID_set
+get_mech_set(OM_uint32 *minor_status, struct k5input *in)
+{
+	gss_OID_set returned_mechSet;
+	OM_uint32 major_status, tmpmin;
+	struct k5input seq;
+
+	if (!k5_der_get_value(in, SEQUENCE_OF, &seq))
+		return (NULL);
+
+	major_status = gss_create_empty_oid_set(minor_status,
+						&returned_mechSet);
+	if (major_status != GSS_S_COMPLETE)
+		return (NULL);
+
+	while (!seq.status && seq.len > 0) {
+		gss_OID_desc *oid = get_mech_oid(minor_status, &seq);
+
+		if (oid == NULL) {
+			gss_release_oid_set(&tmpmin, &returned_mechSet);
+			return (NULL);
+		}
+
+		major_status = gss_add_oid_set_member(minor_status,
+						      oid, &returned_mechSet);
+		generic_gss_release_oid(minor_status, &oid);
+		if (major_status != GSS_S_COMPLETE) {
+			gss_release_oid_set(&tmpmin, &returned_mechSet);
+			return (NULL);
+		}
+	}
+
+	return (returned_mechSet);
+}
+
+/*
+ * Encode mechSet into buf.
+ */
+static int
+put_mech_set(gss_OID_set mechSet, gss_buffer_t buffer_out)
+{
+	uint8_t *ptr;
+	size_t ilen, tlen, i;
+	struct k5buf buf;
+
+	ilen = 0;
+	for (i = 0; i < mechSet->count; i++)
+	    ilen += k5_der_value_len(mechSet->elements[i].length);
+	tlen = k5_der_value_len(ilen);
+
+	ptr = gssalloc_malloc(tlen);
+	if (ptr == NULL)
+		return -1;
+	k5_buf_init_fixed(&buf, ptr, tlen);
+
+	k5_der_add_taglen(&buf, SEQUENCE_OF, ilen);
+	for (i = 0; i < mechSet->count; i++) {
+		k5_der_add_value(&buf, MECH_OID,
+				 mechSet->elements[i].elements,
+				 mechSet->elements[i].length);
+	}
+	assert(buf.len == tlen);
+
+	buffer_out->value = ptr;
+	buffer_out->length = tlen;
+	return 0;
+}
+
+/* Decode SPNEGO request flags from the DER encoding of a bit string and set
+ * them in *ret_flags. */
+static OM_uint32
+get_req_flags(struct k5input *in, OM_uint32 *req_flags)
+{
+	if (in->status || in->len != 4 ||
+	    k5_input_get_byte(in) != BIT_STRING ||
+	    k5_input_get_byte(in) != BIT_STRING_LENGTH ||
+	    k5_input_get_byte(in) != BIT_STRING_PADDING)
+		return GSS_S_DEFECTIVE_TOKEN;
+
+	*req_flags = k5_input_get_byte(in) >> 1;
+	return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+get_negTokenInit(OM_uint32 *minor_status,
+		 gss_buffer_t buf,
+		 gss_buffer_t der_mechSet,
+		 gss_OID_set *mechSet,
+		 OM_uint32 *req_flags,
+		 gss_buffer_t *mechtok,
+		 gss_buffer_t *mechListMIC)
+{
+	OM_uint32 err;
+	struct k5input in, seq, field;
+
+	*minor_status = 0;
+	der_mechSet->length = 0;
+	der_mechSet->value = NULL;
+	*mechSet = GSS_C_NO_OID_SET;
+	*req_flags = 0;
+	*mechtok = *mechListMIC = GSS_C_NO_BUFFER;
+
+	k5_input_init(&in, buf->value, buf->length);
+
+	/* Advance past the framing header. */
+	err = verify_token_header(&in, gss_mech_spnego);
+	if (err)
+		return GSS_S_DEFECTIVE_TOKEN;
+
+	/* Advance past the [0] tag for the NegotiationToken choice. */
+	if (!k5_der_get_value(&in, CONTEXT, &seq))
+		return GSS_S_DEFECTIVE_TOKEN;
+
+	/* Advance past the SEQUENCE tag. */
+	if (!k5_der_get_value(&seq, SEQUENCE, &seq))
+		return GSS_S_DEFECTIVE_TOKEN;
+
+	/* Get the contents of the mechTypes field.  Reject an empty field here
+	 * since we musn't allocate a zero-length buffer in the next step. */
+	if (!k5_der_get_value(&seq, CONTEXT, &field) || field.len == 0)
+		return GSS_S_DEFECTIVE_TOKEN;
+
+	/* Store a copy of the contents for MIC computation. */
+	der_mechSet->value = gssalloc_malloc(field.len);
+	if (der_mechSet->value == NULL)
+		return GSS_S_FAILURE;
+	memcpy(der_mechSet->value, field.ptr, field.len);
+	der_mechSet->length = field.len;
+
+	/* Decode the contents into an OID set. */
+	*mechSet = get_mech_set(minor_status, &field);
+	if (*mechSet == NULL)
+		return GSS_S_FAILURE;
+
+	if (k5_der_get_value(&seq, CONTEXT | 0x01, &field)) {
+		err = get_req_flags(&field, req_flags);
+		if (err != GSS_S_COMPLETE)
+			return err;
+	}
+
+	if (k5_der_get_value(&seq, CONTEXT | 0x02, &field)) {
+		*mechtok = get_octet_string(&field);
+		if (*mechtok == GSS_C_NO_BUFFER)
+			return GSS_S_FAILURE;
+	}
+
+	if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) {
+		*mechListMIC = get_octet_string(&field);
+		if (*mechListMIC == GSS_C_NO_BUFFER)
+			return GSS_S_FAILURE;
+	}
+
+	return seq.status ? GSS_S_DEFECTIVE_TOKEN : GSS_S_COMPLETE;
+}
+
+/* Decode a NegotiationToken of type negTokenResp. */
+static OM_uint32
+get_negTokenResp(OM_uint32 *minor_status, struct k5input *in,
+		 OM_uint32 *negState, gss_OID *supportedMech,
+		 gss_buffer_t *responseToken, gss_buffer_t *mechListMIC)
+{
+	struct k5input seq, field, en;
+
+	*negState = UNSPECIFIED;
+	*supportedMech = GSS_C_NO_OID;
+	*responseToken = *mechListMIC = GSS_C_NO_BUFFER;
+
+	/* Advance past the [1] tag for the NegotiationToken choice. */
+	if (!k5_der_get_value(in, CONTEXT | 0x01, &seq))
+		return GSS_S_DEFECTIVE_TOKEN;
+
+	/* Advance seq past the SEQUENCE tag (historically this code allows the
+	 * tag to be missing). */
+	(void)k5_der_get_value(&seq, SEQUENCE, &seq);
+
+	if (k5_der_get_value(&seq, CONTEXT, &field)) {
+		if (!k5_der_get_value(&field, ENUMERATED, &en))
+			return GSS_S_DEFECTIVE_TOKEN;
+		if (en.len != ENUMERATION_LENGTH)
+			return GSS_S_DEFECTIVE_TOKEN;
+		*negState = *en.ptr;
+	}
+
+	if (k5_der_get_value(&seq, CONTEXT | 0x01, &field)) {
+		*supportedMech = get_mech_oid(minor_status, &field);
+		if (*supportedMech == GSS_C_NO_OID)
+			return GSS_S_DEFECTIVE_TOKEN;
+	}
+
+	if (k5_der_get_value(&seq, CONTEXT | 0x02, &field)) {
+		*responseToken = get_octet_string(&field);
+		if (*responseToken == GSS_C_NO_BUFFER)
+			return GSS_S_DEFECTIVE_TOKEN;
+	}
+
+	if (k5_der_get_value(&seq, CONTEXT | 0x04, &field)) {
+		*mechListMIC = get_octet_string(&field);
+
+                /* Handle Windows 2000 duplicate response token */
+                if (*responseToken &&
+                    ((*responseToken)->length == (*mechListMIC)->length) &&
+                    !memcmp((*responseToken)->value, (*mechListMIC)->value,
+                            (*responseToken)->length)) {
+			OM_uint32 tmpmin;
+
+			gss_release_buffer(&tmpmin, *mechListMIC);
+			free(*mechListMIC);
+			*mechListMIC = NULL;
+		}
+	}
+
+	return seq.status ? GSS_S_DEFECTIVE_TOKEN : GSS_S_COMPLETE;
+}
+
+/*
+ * This routine compares the received mechset to the mechset that
+ * this server can support. It looks sequentially through the mechset
+ * and the first one that matches what the server can support is
+ * chosen as the negotiated mechanism. If one is found, negResult
+ * is set to ACCEPT_INCOMPLETE if it's the first mech, REQUEST_MIC if
+ * it's not the first mech, otherwise we return NULL and negResult
+ * is set to REJECT. The returned pointer is an alias into
+ * received->elements and should not be freed.
+ *
+ * NOTE: There is currently no way to specify a preference order of
+ * mechanisms supported by the acceptor.
+ */
+static gss_OID
+negotiate_mech(spnego_gss_ctx_id_t ctx, gss_OID_set received,
+	       OM_uint32 *negResult)
+{
+	size_t i, j;
+	int wrong_krb5_oid;
+
+	for (i = 0; i < received->count; i++) {
+		gss_OID mech_oid = &received->elements[i];
+
+		/* Accept wrong mechanism OID from MS clients */
+		wrong_krb5_oid = 0;
+		if (g_OID_equal(mech_oid, &gss_mech_krb5_wrong_oid)) {
+			mech_oid = (gss_OID)&gss_mech_krb5_oid;
+			wrong_krb5_oid = 1;
+		}
+
+		for (j = 0; j < ctx->mech_set->count; j++) {
+			if (g_OID_equal(mech_oid,
+					&ctx->mech_set->elements[j])) {
+				*negResult = (i == 0) ? ACCEPT_INCOMPLETE :
+					REQUEST_MIC;
+				return wrong_krb5_oid ?
+					(gss_OID)&gss_mech_krb5_wrong_oid :
+					&ctx->mech_set->elements[j];
+			}
+		}
+	}
+	*negResult = REJECT;
+	return (NULL);
+}
+
+/*
+ * the next two routines make a token buffer suitable for
+ * spnego_gss_display_status. These currently take the string
+ * in name and place it in the token. Eventually, if
+ * spnego_gss_display_status returns valid error messages,
+ * these routines will be changes to return the error string.
+ */
+static spnego_token_t
+make_spnego_token(const char *name)
+{
+	return (spnego_token_t)gssalloc_strdup(name);
+}
+
+static gss_buffer_desc
+make_err_msg(const char *name)
+{
+	gss_buffer_desc buffer;
+
+	if (name == NULL) {
+		buffer.length = 0;
+		buffer.value = NULL;
+	} else {
+		buffer.length = strlen(name)+1;
+		buffer.value = make_spnego_token(name);
+	}
+
+	return (buffer);
+}
+
+/*
+ * Create the client side spnego token passed back to gss_init_sec_context
+ * and eventually up to the application program and over to the server.
+ *
+ * Use DER rules, definite length method per RFC 2478
+ */
+static int
+make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, int negHintsCompat,
+			  gss_buffer_t mic, OM_uint32 req_flags,
+			  gss_buffer_t token, send_token_flag sendtoken,
+			  gss_buffer_t outbuf)
+{
+	size_t f0len, f2len, f3len, fields_len, seq_len, choice_len;
+	size_t mech_len, framed_len;
+	uint8_t *t;
+	struct k5buf buf;
+
+	if (outbuf == GSS_C_NO_BUFFER)
+		return (-1);
+
+	outbuf->length = 0;
+	outbuf->value = NULL;
+
+	/* Calculate the length of each field and the total fields length. */
+	fields_len = 0;
+	/* mechTypes [0] MechTypeList, previously assembled in spnego_ctx */
+	f0len = spnego_ctx->DER_mechTypes.length;
+	fields_len += k5_der_value_len(f0len);
+	if (token != NULL) {
+		/* mechToken [2] OCTET STRING OPTIONAL */
+		f2len = k5_der_value_len(token->length);
+		fields_len += k5_der_value_len(f2len);
+	}
+	if (mic != GSS_C_NO_BUFFER) {
+		/* mechListMIC [3] OCTET STRING OPTIONAL */
+		f3len = k5_der_value_len(mic->length);
+		fields_len += k5_der_value_len(f3len);
+	}
+
+	/* Calculate the length of the sequence and choice. */
+	seq_len = k5_der_value_len(fields_len);
+	choice_len = k5_der_value_len(seq_len);
+
+	/* Calculate the framed token length. */
+	mech_len = k5_der_value_len(gss_mech_spnego->length);
+	framed_len = k5_der_value_len(mech_len + choice_len);
+
+	/* Allocate space and prepare a buffer. */
+	t = gssalloc_malloc(framed_len);
+	if (t == NULL)
+		return (-1);
+	k5_buf_init_fixed(&buf, t, framed_len);
+
+	/* Add generic token framing. */
+	k5_der_add_taglen(&buf, HEADER_ID, mech_len + choice_len);
+	k5_der_add_value(&buf, MECH_OID, gss_mech_spnego->elements,
+			 gss_mech_spnego->length);
+
+	/* Add NegotiationToken choice tag and NegTokenInit sequence tag. */
+	k5_der_add_taglen(&buf, CONTEXT | 0x00, seq_len);
+	k5_der_add_taglen(&buf, SEQUENCE, fields_len);
+
+	/* Add the already-encoded mechanism list as mechTypes. */
+	k5_der_add_value(&buf, CONTEXT | 0x00, spnego_ctx->DER_mechTypes.value,
+			 spnego_ctx->DER_mechTypes.length);
+
+	if (token != NULL) {
+		k5_der_add_taglen(&buf, CONTEXT | 0x02, f2len);
+		k5_der_add_value(&buf, OCTET_STRING, token->value,
+				 token->length);
+	}
+
+	if (mic != GSS_C_NO_BUFFER) {
+		uint8_t id = negHintsCompat ? SEQUENCE : OCTET_STRING;
+		k5_der_add_taglen(&buf, CONTEXT | 0x03, f3len);
+		k5_der_add_value(&buf, id, mic->value, mic->length);
+	}
+
+	assert(buf.len == framed_len);
+	outbuf->length = framed_len;
+	outbuf->value = t;
+
+	return (0);
+}
+
+/*
+ * create the server side spnego token passed back to
+ * gss_accept_sec_context and eventually up to the application program
+ * and over to the client.
+ */
+static OM_uint32
+make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted,
+			  gss_buffer_t token, gss_buffer_t mic,
+			  send_token_flag sendtoken,
+			  gss_buffer_t outbuf)
+{
+	size_t f0len, f1len, f2len, f3len, fields_len, seq_len, choice_len;
+	uint8_t *t;
+	struct k5buf buf;
+
+	if (outbuf == GSS_C_NO_BUFFER)
+		return (GSS_S_DEFECTIVE_TOKEN);
+	if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID)
+		return (GSS_S_DEFECTIVE_TOKEN);
+
+	outbuf->length = 0;
+	outbuf->value = NULL;
+
+	/* Calculate the length of each field and the total fields length. */
+	fields_len = 0;
+	/* negState [0] ENUMERATED { ... } OPTIONAL */
+	f0len = k5_der_value_len(1);
+	fields_len += k5_der_value_len(f0len);
+	if (sendtoken == INIT_TOKEN_SEND) {
+		/* supportedMech [1] MechType OPTIONAL */
+		f1len = k5_der_value_len(mech_wanted->length);
+		fields_len += k5_der_value_len(f1len);
+	}
+	if (token != NULL && token->length > 0) {
+		/* mechToken [2] OCTET STRING OPTIONAL */
+		f2len = k5_der_value_len(token->length);
+		fields_len += k5_der_value_len(f2len);
+	}
+	if (mic != NULL) {
+		/* mechListMIC [3] OCTET STRING OPTIONAL */
+		f3len = k5_der_value_len(mic->length);
+		fields_len += k5_der_value_len(f3len);
+	}
+
+	/* Calculate the length of the sequence and choice. */
+	seq_len = k5_der_value_len(fields_len);
+	choice_len = k5_der_value_len(seq_len);
+
+	/* Allocate space and prepare a buffer. */
+	t = gssalloc_malloc(choice_len);
+	if (t == NULL)
+		return (GSS_S_DEFECTIVE_TOKEN);
+	k5_buf_init_fixed(&buf, t, choice_len);
+
+	/* Add the choice tag and begin the sequence. */
+	k5_der_add_taglen(&buf, CONTEXT | 0x01, seq_len);
+	k5_der_add_taglen(&buf, SEQUENCE, fields_len);
+
+	/* Add the negState field. */
+	k5_der_add_taglen(&buf, CONTEXT | 0x00, f0len);
+	k5_der_add_value(&buf, ENUMERATED, &status, 1);
+
+	if (sendtoken == INIT_TOKEN_SEND) {
+		/* Add the supportedMech field. */
+		k5_der_add_taglen(&buf, CONTEXT | 0x01, f1len);
+		k5_der_add_value(&buf, MECH_OID, mech_wanted->elements,
+				 mech_wanted->length);
+	}
+
+	if (token != NULL && token->length > 0) {
+		/* Add the mechToken field. */
+		k5_der_add_taglen(&buf, CONTEXT | 0x02, f2len);
+		k5_der_add_value(&buf, OCTET_STRING, token->value,
+				 token->length);
+	}
+
+	if (mic != NULL) {
+		/* Add the mechListMIC field. */
+		k5_der_add_taglen(&buf, CONTEXT | 0x03, f3len);
+		k5_der_add_value(&buf, OCTET_STRING, mic->value, mic->length);
+	}
+
+	assert(buf.len == choice_len);
+	outbuf->length = choice_len;
+	outbuf->value = t;
+
+	return (0);
+}
+
+/* Advance in past the [APPLICATION 0] tag and thisMech field of an
+ * InitialContextToken encoding, checking that thisMech matches mech. */
+static int
+verify_token_header(struct k5input *in, gss_OID_const mech)
+{
+	gss_OID_desc oid;
+	struct k5input field;
+
+	if (!k5_der_get_value(in, HEADER_ID, in))
+		return (G_BAD_TOK_HEADER);
+	if (!k5_der_get_value(in, MECH_OID, &field))
+		return (G_BAD_TOK_HEADER);
+
+	oid.length = field.len;
+	oid.elements = (uint8_t *)field.ptr;
+	return g_OID_equal(&oid, mech) ? 0 : G_WRONG_MECH;
+}
+
+/*
+ * Return non-zero if the oid is one of the kerberos mech oids,
+ * otherwise return zero.
+ *
+ * N.B. There are 3 oids that represent the kerberos mech:
+ * RFC-specified GSS_MECH_KRB5_OID,
+ * Old pre-RFC   GSS_MECH_KRB5_OLD_OID,
+ * Incorrect MS  GSS_MECH_KRB5_WRONG_OID
+ */
+
+static int
+is_kerb_mech(gss_OID oid)
+{
+	int answer = 0;
+	OM_uint32 minor;
+	extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
+
+	(void) gss_test_oid_set_member(&minor,
+		oid, (gss_OID_set)gss_mech_set_krb5_both, &answer);
+
+	return (answer);
+}
diff --git a/krb5-1.21.3/src/lib/gssapi32.def b/krb5-1.21.3/src/lib/gssapi32.def
new file mode 100644
index 00000000..a5a1e4a9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/gssapi32.def
@@ -0,0 +1,191 @@
+;----------------------------------------------------
+;   GSSAPI32.DEF - GSSAPI32.DLL module definition file
+;----------------------------------------------------
+
+;LIBRARY		GSSAPI32
+DESCRIPTION	'Base Generic Security Service API'
+HEAPSIZE	8192
+
+EXPORTS
+	gss_acquire_cred			@10
+	gss_release_cred			@54
+	gss_init_sec_context			@27
+	gss_accept_sec_context			@9
+	gss_process_context_token		@52
+	gss_delete_sec_context			@17
+	gss_context_time			@15
+	gss_sign				@59
+	gss_verify				@64
+	gss_seal				@58
+	gss_unseal				@62
+	gss_display_status			@19
+	gss_indicate_mechs			@26
+	gss_compare_name			@14
+	gss_display_name			@18
+	gss_import_name				@24
+	gss_release_name			@55
+	gss_release_buffer			@53
+	gss_release_oid_set			@57
+	gss_inquire_cred			@29
+;
+; GSS-API v2  additional credential calls
+;
+	gss_add_cred				@11
+	gss_inquire_cred_by_mech		@30
+;
+; GSS-API v2  additional context-level calls
+;
+	gss_inquire_context			@28
+	gss_wrap_size_limit			@67
+	gss_export_sec_context			@22
+	gss_import_sec_context			@25
+;
+; GSS-API v2  additional calls for OID and OID_set operations
+;
+	gss_release_oid
+	gss_create_empty_oid_set		@16
+	gss_add_oid_set_member			@12
+	gss_test_oid_set_member			@61
+	gss_oid_to_str				@51
+	gss_str_to_oid				@60
+;
+; GSS-API v2  renamed message protection calls
+;
+	gss_wrap				@66
+	gss_unwrap				@63
+	gss_get_mic				@23
+	gss_verify_mic				@65
+;
+; GSS-API v2  future extensions
+;
+	gss_inquire_names_for_mech		@32
+	gss_inquire_mechs_for_name		@31
+	gss_canonicalize_name			@13
+	gss_export_name				@21
+	gss_duplicate_name			@20
+;
+; Krb5 specific function extensions
+;
+	gss_krb5_get_tkt_flags 			@37
+	gss_krb5_copy_ccache			@34
+	gss_krb5_ccache_name			@33
+        gss_krb5_set_allowable_enctypes		@38
+        gss_krb5_export_lucid_sec_context	@35
+        gss_krb5_free_lucid_sec_context		@36
+	krb5_gss_register_acceptor_identity	@69
+;
+; GSS-API variables
+;
+        gss_nt_krb5_name               	@45	DATA
+        gss_nt_krb5_principal          	@46	DATA
+	gss_nt_user_name	       	@50	DATA
+	gss_nt_machine_uid_name	       	@47	DATA
+	gss_nt_string_uid_name	       	@49	DATA
+	gss_nt_service_name	       	@48	DATA
+        GSS_C_NT_USER_NAME             	@7 	DATA
+        GSS_C_NT_MACHINE_UID_NAME      	@5 	DATA
+        GSS_C_NT_STRING_UID_NAME       	@6 	DATA
+        GSS_C_NT_HOSTBASED_SERVICE     	@3 	DATA
+        GSS_C_NT_HOSTBASED_SERVICE_X   	@4 	DATA
+        GSS_C_NT_ANONYMOUS             	@1 	DATA
+        GSS_C_NT_EXPORT_NAME           	@2 	DATA
+        krb5_gss_oid_array             	@68 	DATA
+        gss_mech_krb5                  	@39	DATA
+        gss_mech_krb5_old              	@40	DATA
+        gss_mech_set_krb5              	@42	DATA
+        gss_mech_set_krb5_old          	@44	DATA
+        gss_mech_set_krb5_both         	@43	DATA
+	GSS_KRB5_NT_PRINCIPAL_NAME     	@8 	DATA
+	gss_mech_krb5_wrong	       	@41	DATA	
+
+; Added in krb5 1.7-1.9
+	gss_acquire_cred_impersonate_name		@70
+	gss_acquire_cred_with_password			@71
+	gss_add_buffer_set_member			@72
+	gss_add_cred_impersonate_name			@73
+	gss_complete_auth_token				@74
+	gss_create_empty_buffer_set			@75
+	gss_delete_name_attribute			@76
+	gss_display_mech_attr				@77
+	gss_display_name_ext				@78
+	gss_export_name_composite			@79
+	gss_get_name_attribute				@80
+	gss_indicate_mechs_by_attrs			@81
+	gss_inquire_attrs_for_mech			@82
+	gss_inquire_cred_by_oid				@83
+	gss_inquire_mech_for_saslname			@84
+	gss_inquire_name				@85
+	gss_inquire_saslname_for_mech			@86
+	gss_inquire_sec_context_by_oid			@87
+	gsskrb5_extract_authtime_from_sec_context	@88
+	gsskrb5_extract_authz_data_from_sec_context	@89
+	gss_krb5_import_cred				@90
+	gss_krb5_set_cred_rcache			@91
+	gss_map_name_to_any				@92
+	gss_pseudo_random				@93
+	gss_release_any_name_mapping			@94
+	gss_release_buffer_set				@95
+	gss_release_iov_buffer				@96
+	gss_set_cred_option				@97
+	gss_set_name_attribute				@98
+	gss_set_neg_mechs				@99
+	gss_set_sec_context_option			@100
+	gss_store_cred					@101
+	gss_unwrap_aead					@102
+	gss_unwrap_iov					@103
+	gss_wrap_aead					@104
+	gss_wrap_iov					@105
+	gss_wrap_iov_length				@106
+
+	GSS_C_INQ_SSPI_SESSION_KEY			@107	DATA
+	GSS_C_MA_AUTH_INIT				@108	DATA
+	GSS_C_MA_AUTH_INIT_ANON				@109	DATA
+	GSS_C_MA_AUTH_INIT_INIT				@110	DATA
+	GSS_C_MA_AUTH_TARG				@111	DATA
+	GSS_C_MA_AUTH_TARG_ANON				@112	DATA
+	GSS_C_MA_AUTH_TARG_INIT				@113	DATA
+	GSS_C_MA_CBINDINGS				@114	DATA
+	GSS_C_MA_COMPRESS				@115	DATA
+	GSS_C_MA_CONF_PROT				@116	DATA
+	GSS_C_MA_CTX_TRANS				@117	DATA
+	GSS_C_MA_DELEG_CRED				@118	DATA
+	GSS_C_MA_DEPRECATED				@119	DATA
+	GSS_C_MA_INTEG_PROT				@120	DATA
+	GSS_C_MA_ITOK_FRAMED				@121	DATA
+	GSS_C_MA_MECH_COMPOSITE				@122	DATA
+	GSS_C_MA_MECH_CONCRETE				@123	DATA
+	GSS_C_MA_MECH_GLUE				@124	DATA
+	GSS_C_MA_MECH_NEGO				@125	DATA
+	GSS_C_MA_MECH_PSEUDO				@126	DATA
+	GSS_C_MA_MIC					@127	DATA
+	GSS_C_MA_NOT_DFLT_MECH				@128	DATA
+	GSS_C_MA_NOT_MECH				@129	DATA
+	GSS_C_MA_OOS_DET				@130	DATA
+	GSS_C_MA_PFS					@131	DATA
+	GSS_C_MA_PROT_READY				@132	DATA
+	GSS_C_MA_REPLAY_DET				@133	DATA
+	GSS_C_MA_WRAP					@134	DATA
+	gss_mech_iakerb					@135	DATA
+	gss_nt_exported_name				@136	DATA
+	gss_nt_service_name_v2				@137	DATA
+; Added in 1.10
+	gss_localname					@138
+; Added in 1.11
+	gss_acquire_cred_from				@139
+	gss_add_cred_from				@140
+	gss_store_cred_into				@141
+	gss_export_cred					@142
+	gss_import_cred					@143
+; Added in 1.12
+	gss_get_mic_iov					@144
+	gss_get_mic_iov_length				@145
+	gss_verify_mic_iov				@146
+; Added in 1.14
+	GSS_KRB5_CRED_NO_CI_FLAGS_X			@147	DATA
+; Added in 1.16
+	GSS_KRB5_GET_CRED_IMPERSONATOR			@148	DATA
+	GSS_C_SEC_CONTEXT_SASL_SSF			@149	DATA
+; Added in 1.17
+	GSS_KRB5_NT_ENTERPRISE_NAME			@150 	DATA
+; Added in 1.19
+	GSS_KRB5_NT_X509_CERT				@151	DATA
diff --git a/krb5-1.21.3/src/lib/kadm5/Makefile.in b/krb5-1.21.3/src/lib/kadm5/Makefile.in
new file mode 100644
index 00000000..3ff71c42
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/Makefile.in
@@ -0,0 +1,113 @@
+mydir=lib$(S)kadm5
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS = clnt srv
+
+##DOSBUILDTOP = ..\..
+
+kadm_err.$(OBJEXT): kadm_err.c
+chpass_util_strings.$(OBJEXT): chpass_util_strings.c
+
+kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et
+chpass_util_strings.c chpass_util_strings.h: $(srcdir)/chpass_util_strings.et
+
+clean:
+	$(RM) kadm_err.c kadm_err.h kadm_err.o
+	$(RM) chpass_util_strings.c chpass_util_strings.h chpass_util_strings.o
+
+SRCS =	kadm_err.c \
+	chpass_util_strings.c \
+	$(srcdir)/misc_free.c \
+	$(srcdir)/kadm_rpc_xdr.c \
+	$(srcdir)/chpass_util.c \
+	$(srcdir)/alt_prof.c \
+	$(srcdir)/str_conv.c \
+	$(srcdir)/logger.c
+
+OBJS =	kadm_err.$(OBJEXT) \
+	chpass_util_strings.$(OBJEXT) \
+	misc_free.$(OBJEXT) \
+	kadm_rpc_xdr.$(OBJEXT) \
+	chpass_util.$(OBJEXT) \
+	alt_prof.$(OBJEXT) \
+	str_conv.$(OBJEXT) \
+	logger.$(OBJEXT)
+
+STLIBOBJS = \
+	kadm_err.o \
+	chpass_util_strings.o \
+	misc_free.o \
+	kadm_rpc_xdr.o \
+	chpass_util.o \
+	alt_prof.o \
+	str_conv.o \
+	logger.o
+
+HDRDIR=$(BUILDTOP)/include/kadm5
+HDRS =	$(HDRDIR)/admin.h \
+	$(HDRDIR)/admin_internal.h \
+	$(HDRDIR)/admin_xdr.h \
+	$(HDRDIR)/kadm_rpc.h \
+	$(HDRDIR)/server_internal.h \
+	$(HDRDIR)/chpass_util_strings.h \
+	$(HDRDIR)/kadm_err.h
+
+BUILD_HDRS = chpass_util_strings.h kadm_err.h
+SRC_HDRS = admin.h admin_internal.h admin_xdr.h kadm_rpc.h \
+		server_internal.h 
+
+$(HDRS): includes
+
+includes: $(SRC_HDRS) $(BUILD_HDRS)
+	if [ -d $(HDRDIR) ]; then :; else mkdir -p $(HDRDIR); fi
+	for i in $(SRC_HDRS) ; do \
+		i=`basename $$i`; \
+		if cmp $(srcdir)/$$i $(HDRDIR)/$$i >/dev/null 2>&1; then :; \
+		else \
+			(set -x; $(RM) $(HDRDIR)/$$i; \
+			 $(CP) $(srcdir)/$$i $(HDRDIR)/$$i) ; \
+		fi ; \
+	done
+	for i in $(BUILD_HDRS) ; do \
+		i=`basename $$i`; \
+		if cmp $$i $(HDRDIR)/$$i >/dev/null 2>&1; then :; \
+		else \
+			(set -x; $(RM) $(HDRDIR)/$$i; \
+			 $(CP) $$i $(HDRDIR)/$$i) ; \
+		fi ; \
+	done
+
+clean-unix::
+	$(RM) -r $(HDRDIR)
+
+all-prerecurse: includes
+all-prerecurse: all-libobjs
+
+all-windows: $(OBJS)
+
+t_kadm5clnt: t_kadm5.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_kadm5.o $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
+
+t_kadm5srv: t_kadm5.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_kadm5.o $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+
+check-pytests: t_kadm5clnt t_kadm5srv
+	$(RUNPYTEST) $(srcdir)/t_kadm5.py $(PYTESTFLAGS)
+
+generate-files-mac-prerecurse: includes
+
+check-windows:
+
+clean-unix:: clean-libobjs
+	$(RM) t_kadm5clnt t_kadm5srv t_kadm5.o
+
+clean-windows::
+
+install-headers-unix install: $(BUILD_HDRS)
+	$(INSTALL_DATA) $(srcdir)/admin.h $(DESTDIR)$(KRB5_INCDIR)$(S)kadm5$(S)admin.h
+	$(INSTALL_DATA) chpass_util_strings.h $(DESTDIR)$(KRB5_INCDIR)$(S)kadm5$(S)chpass_util_strings.h
+	$(INSTALL_DATA) kadm_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kadm5$(S)kadm_err.h
+
+depend: includes
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/kadm5/admin.h b/krb5-1.21.3/src/lib/kadm5/admin.h
new file mode 100644
index 00000000..296c86fa
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/admin.h
@@ -0,0 +1,500 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/admin.h */
+/*
+ * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+/*
+ * This API is not considered as stable as the main krb5 API.
+ *
+ * - We may make arbitrary incompatible changes between feature
+ *   releases (e.g. from 1.7 to 1.8).
+ * - We will make some effort to avoid making incompatible changes for
+ *   bugfix releases, but will make them if necessary.
+ */
+
+#ifndef __KADM5_ADMIN_H__
+#define __KADM5_ADMIN_H__
+
+#include        <sys/types.h>
+#include        <gssrpc/rpc.h>
+#include        <krb5.h>
+#include        <kdb.h>
+#include        <com_err.h>
+#include        <kadm5/kadm_err.h>
+#include        <kadm5/chpass_util_strings.h>
+
+#ifndef KADM5INT_BEGIN_DECLS
+#if defined(__cplusplus)
+#define KADM5INT_BEGIN_DECLS    extern "C" {
+#define KADM5INT_END_DECLS      }
+#else
+#define KADM5INT_BEGIN_DECLS
+#define KADM5INT_END_DECLS
+#endif
+#endif
+
+KADM5INT_BEGIN_DECLS
+
+#define KADM5_ADMIN_SERVICE     "kadmin/admin"
+#define KADM5_CHANGEPW_SERVICE  "kadmin/changepw"
+#define KADM5_HIST_PRINCIPAL    "kadmin/history"
+#define KADM5_KIPROP_HOST_SERVICE "kiprop"
+
+typedef krb5_principal  kadm5_princ_t;
+typedef char            *kadm5_policy_t;
+typedef long            kadm5_ret_t;
+
+#define KADM5_PW_FIRST_PROMPT                           \
+    (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
+#define KADM5_PW_SECOND_PROMPT                                  \
+    (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
+
+/*
+ * Successful return code
+ */
+#define KADM5_OK        0
+
+/*
+ * Field masks
+ */
+
+/* kadm5_principal_ent_t */
+#define KADM5_PRINCIPAL         0x000001
+#define KADM5_PRINC_EXPIRE_TIME 0x000002
+#define KADM5_PW_EXPIRATION     0x000004
+#define KADM5_LAST_PWD_CHANGE   0x000008
+#define KADM5_ATTRIBUTES        0x000010
+#define KADM5_MAX_LIFE          0x000020
+#define KADM5_MOD_TIME          0x000040
+#define KADM5_MOD_NAME          0x000080
+#define KADM5_KVNO              0x000100
+#define KADM5_MKVNO             0x000200
+#define KADM5_AUX_ATTRIBUTES    0x000400
+#define KADM5_POLICY            0x000800
+#define KADM5_POLICY_CLR        0x001000
+/* version 2 masks */
+#define KADM5_MAX_RLIFE         0x002000
+#define KADM5_LAST_SUCCESS      0x004000
+#define KADM5_LAST_FAILED       0x008000
+#define KADM5_FAIL_AUTH_COUNT   0x010000
+#define KADM5_KEY_DATA          0x020000
+#define KADM5_TL_DATA           0x040000
+#ifdef notyet /* Novell */
+#define KADM5_CPW_FUNCTION      0x080000
+#define KADM5_RANDKEY_USED      0x100000
+#endif
+#define KADM5_LOAD              0x200000
+#define KADM5_KEY_HIST          0x400000
+
+/* all but KEY_DATA, TL_DATA, LOAD */
+#define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff
+
+
+/* kadm5_policy_ent_t */
+#define KADM5_PW_MAX_LIFE               0x00004000
+#define KADM5_PW_MIN_LIFE               0x00008000
+#define KADM5_PW_MIN_LENGTH             0x00010000
+#define KADM5_PW_MIN_CLASSES            0x00020000
+#define KADM5_PW_HISTORY_NUM            0x00040000
+#define KADM5_REF_COUNT                 0x00080000
+#define KADM5_PW_MAX_FAILURE            0x00100000
+#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x00200000
+#define KADM5_PW_LOCKOUT_DURATION       0x00400000
+#define KADM5_POLICY_ATTRIBUTES         0x00800000
+#define KADM5_POLICY_MAX_LIFE           0x01000000
+#define KADM5_POLICY_MAX_RLIFE          0x02000000
+#define KADM5_POLICY_ALLOWED_KEYSALTS   0x04000000
+#define KADM5_POLICY_TL_DATA            0x08000000
+
+/* kadm5_config_params */
+#define KADM5_CONFIG_REALM              0x00000001
+#define KADM5_CONFIG_DBNAME             0x00000002
+#define KADM5_CONFIG_MKEY_NAME          0x00000004
+#define KADM5_CONFIG_MAX_LIFE           0x00000008
+#define KADM5_CONFIG_MAX_RLIFE          0x00000010
+#define KADM5_CONFIG_EXPIRATION         0x00000020
+#define KADM5_CONFIG_FLAGS              0x00000040
+/*#define KADM5_CONFIG_ADMIN_KEYTAB       0x00000080*/
+#define KADM5_CONFIG_STASH_FILE         0x00000100
+#define KADM5_CONFIG_ENCTYPE            0x00000200
+#define KADM5_CONFIG_ADBNAME            0x00000400
+#define KADM5_CONFIG_ADB_LOCKFILE       0x00000800
+#define KADM5_CONFIG_KADMIND_LISTEN     0x00001000
+#define KADM5_CONFIG_ACL_FILE           0x00002000
+#define KADM5_CONFIG_KADMIND_PORT       0x00004000
+#define KADM5_CONFIG_ENCTYPES           0x00008000
+#define KADM5_CONFIG_ADMIN_SERVER       0x00010000
+#define KADM5_CONFIG_DICT_FILE          0x00020000
+#define KADM5_CONFIG_MKEY_FROM_KBD      0x00040000
+#define KADM5_CONFIG_KPASSWD_PORT       0x00080000
+#define KADM5_CONFIG_OLD_AUTH_GSSAPI    0x00100000
+#define KADM5_CONFIG_NO_AUTH            0x00200000
+#define KADM5_CONFIG_AUTH_NOFALLBACK    0x00400000
+#define KADM5_CONFIG_KPASSWD_LISTEN     0x00800000
+#define KADM5_CONFIG_IPROP_ENABLED      0x01000000
+#define KADM5_CONFIG_ULOG_SIZE          0x02000000
+#define KADM5_CONFIG_POLL_TIME          0x04000000
+#define KADM5_CONFIG_IPROP_LOGFILE      0x08000000
+#define KADM5_CONFIG_IPROP_PORT         0x10000000
+#define KADM5_CONFIG_KVNO               0x20000000
+#define KADM5_CONFIG_IPROP_RESYNC_TIMEOUT   0x40000000
+#define KADM5_CONFIG_IPROP_LISTEN       0x80000000
+/*
+ * permission bits
+ */
+#define KADM5_PRIV_GET          0x01
+#define KADM5_PRIV_ADD          0x02
+#define KADM5_PRIV_MODIFY       0x04
+#define KADM5_PRIV_DELETE       0x08
+
+/*
+ * API versioning constants
+ */
+#define KADM5_MASK_BITS         0xffffff00
+
+#define KADM5_STRUCT_VERSION_MASK       0x12345600
+#define KADM5_STRUCT_VERSION_1  (KADM5_STRUCT_VERSION_MASK|0x01)
+#define KADM5_STRUCT_VERSION    KADM5_STRUCT_VERSION_1
+
+#define KADM5_API_VERSION_MASK  0x12345700
+#define KADM5_API_VERSION_2     (KADM5_API_VERSION_MASK|0x02)
+#define KADM5_API_VERSION_3     (KADM5_API_VERSION_MASK|0x03)
+#define KADM5_API_VERSION_4     (KADM5_API_VERSION_MASK|0x04)
+
+typedef struct _kadm5_principal_ent_t {
+    krb5_principal  principal;
+    krb5_timestamp  princ_expire_time;
+    krb5_timestamp  last_pwd_change;
+    krb5_timestamp  pw_expiration;
+    krb5_deltat     max_life;
+    krb5_principal  mod_name;
+    krb5_timestamp  mod_date;
+    krb5_flags      attributes;
+    krb5_kvno       kvno;
+    krb5_kvno       mkvno;
+    char            *policy;
+    long            aux_attributes;
+
+    /* version 2 fields */
+    krb5_deltat max_renewable_life;
+    krb5_timestamp last_success;
+    krb5_timestamp last_failed;
+    krb5_kvno fail_auth_count;
+    krb5_int16 n_key_data;
+    krb5_int16 n_tl_data;
+    krb5_tl_data *tl_data;
+    krb5_key_data *key_data;
+} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
+
+typedef struct _kadm5_policy_ent_t {
+    char            *policy;
+    long            pw_min_life;
+    long            pw_max_life;
+    long            pw_min_length;
+    long            pw_min_classes;
+    long            pw_history_num;
+    long            policy_refcnt;  /* no longer used */
+
+    /* version 3 fields */
+    krb5_kvno       pw_max_fail;
+    krb5_deltat     pw_failcnt_interval;
+    krb5_deltat     pw_lockout_duration;
+
+    /* version 4 fields */
+    krb5_flags      attributes;
+    krb5_deltat     max_life;
+    krb5_deltat     max_renewable_life;
+    char            *allowed_keysalts;
+    krb5_int16      n_tl_data;
+    krb5_tl_data    *tl_data;
+} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
+
+/*
+ * Data structure returned by kadm5_get_config_params()
+ */
+typedef struct _kadm5_config_params {
+    long               mask;
+    char *             realm;
+    int                kadmind_port;
+    int                kpasswd_port;
+
+    char *             admin_server;
+#ifdef notyet /* Novell */ /* ABI change? */
+    char *             kpasswd_server;
+#endif
+
+    /* Deprecated except for db2 backwards compatibility.  Don't add
+       new uses except as fallbacks for parameters that should be
+       specified in the database module section of the config
+       file.  */
+    char *             dbname;
+
+    char *             acl_file;
+    char *             dict_file;
+
+    int                mkey_from_kbd;
+    char *             stash_file;
+    char *             mkey_name;
+    krb5_enctype       enctype;
+    krb5_deltat        max_life;
+    krb5_deltat        max_rlife;
+    krb5_timestamp     expiration;
+    krb5_flags         flags;
+    krb5_key_salt_tuple *keysalts;
+    krb5_int32         num_keysalts;
+    krb5_kvno          kvno;
+    bool_t              iprop_enabled;
+    uint32_t            iprop_ulogsize;
+    krb5_deltat         iprop_poll_time;
+    char *              iprop_logfile;
+/*    char *            iprop_server;*/
+    int                 iprop_port;
+    int                 iprop_resync_timeout;
+    char *              kadmind_listen;
+    char *              kpasswd_listen;
+    char *              iprop_listen;
+} kadm5_config_params;
+
+typedef struct _kadm5_key_data {
+    krb5_kvno       kvno;
+    krb5_keyblock   key;
+    krb5_keysalt    salt;
+} kadm5_key_data;
+
+/*
+ * functions
+ */
+
+/* The use_kdc_config parameter is no longer used, as configuration is
+ * retrieved from the context profile. */
+krb5_error_code kadm5_get_config_params(krb5_context context,
+                                        int use_kdc_config,
+                                        kadm5_config_params *params_in,
+                                        kadm5_config_params *params_out);
+
+krb5_error_code kadm5_free_config_params(krb5_context context,
+                                         kadm5_config_params *params);
+
+krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
+                                             char *, size_t);
+
+/*
+ * For all initialization functions, the caller must first initialize
+ * a context with kadm5_init_krb5_context which will survive as long
+ * as the resulting handle.  The caller should free the context with
+ * krb5_free_context.
+ */
+
+kadm5_ret_t    kadm5_init(krb5_context context, char *client_name,
+                          char *pass, char *service_name,
+                          kadm5_config_params *params,
+                          krb5_ui_4 struct_version,
+                          krb5_ui_4 api_version,
+                          char **db_args,
+                          void **server_handle);
+kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
+                                 char *service_name,
+                                 kadm5_config_params *params,
+                                 krb5_ui_4 struct_version,
+                                 krb5_ui_4 api_version,
+                                 char **db_args,
+                                 void **server_handle);
+kadm5_ret_t    kadm5_init_with_password(krb5_context context,
+                                        char *client_name,
+                                        char *pass,
+                                        char *service_name,
+                                        kadm5_config_params *params,
+                                        krb5_ui_4 struct_version,
+                                        krb5_ui_4 api_version,
+                                        char **db_args,
+                                        void **server_handle);
+kadm5_ret_t    kadm5_init_with_skey(krb5_context context,
+                                    char *client_name,
+                                    char *keytab,
+                                    char *service_name,
+                                    kadm5_config_params *params,
+                                    krb5_ui_4 struct_version,
+                                    krb5_ui_4 api_version,
+                                    char **db_args,
+                                    void **server_handle);
+kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
+                                     char *client_name,
+                                     krb5_ccache cc,
+                                     char *service_name,
+                                     kadm5_config_params *params,
+                                     krb5_ui_4 struct_version,
+                                     krb5_ui_4 api_version,
+                                     char **db_args,
+                                     void **server_handle);
+kadm5_ret_t    kadm5_lock(void *server_handle);
+kadm5_ret_t    kadm5_unlock(void *server_handle);
+kadm5_ret_t    kadm5_flush(void *server_handle);
+kadm5_ret_t    kadm5_destroy(void *server_handle);
+kadm5_ret_t    kadm5_create_principal(void *server_handle,
+                                      kadm5_principal_ent_t ent,
+                                      long mask, char *pass);
+kadm5_ret_t    kadm5_create_principal_3(void *server_handle,
+                                        kadm5_principal_ent_t ent,
+                                        long mask,
+                                        int n_ks_tuple,
+                                        krb5_key_salt_tuple *ks_tuple,
+                                        char *pass);
+kadm5_ret_t    kadm5_delete_principal(void *server_handle,
+                                      krb5_principal principal);
+kadm5_ret_t    kadm5_modify_principal(void *server_handle,
+                                      kadm5_principal_ent_t ent,
+                                      long mask);
+kadm5_ret_t    kadm5_rename_principal(void *server_handle,
+                                      krb5_principal,krb5_principal);
+kadm5_ret_t    kadm5_get_principal(void *server_handle,
+                                   krb5_principal principal,
+                                   kadm5_principal_ent_t ent,
+                                   long mask);
+kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
+                                      krb5_principal principal,
+                                      char *pass);
+kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
+                                        krb5_principal principal,
+                                        krb5_boolean keepold,
+                                        int n_ks_tuple,
+                                        krb5_key_salt_tuple *ks_tuple,
+                                        char *pass);
+kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
+                                       krb5_principal principal,
+                                       krb5_keyblock **keyblocks,
+                                       int *n_keys);
+kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
+                                         krb5_principal principal,
+                                         krb5_boolean keepold,
+                                         int n_ks_tuple,
+                                         krb5_key_salt_tuple *ks_tuple,
+                                         krb5_keyblock **keyblocks,
+                                         int *n_keys);
+
+kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
+                                      krb5_principal principal,
+                                      krb5_keyblock *keyblocks,
+                                      int n_keys);
+
+kadm5_ret_t    kadm5_setkey_principal_3(void *server_handle,
+                                        krb5_principal principal,
+                                        krb5_boolean keepold,
+                                        int n_ks_tuple,
+                                        krb5_key_salt_tuple *ks_tuple,
+                                        krb5_keyblock *keyblocks,
+                                        int n_keys);
+
+kadm5_ret_t    kadm5_setkey_principal_4(void *server_handle,
+                                        krb5_principal principal,
+                                        krb5_boolean keepold,
+                                        kadm5_key_data *key_data,
+                                        int n_key_data);
+
+kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
+                                 kadm5_principal_ent_t entry, krb5_int32
+                                 ktype, krb5_int32 stype, krb5_int32
+                                 kvno, krb5_keyblock *keyblock,
+                                 krb5_keysalt *keysalt, int *kvnop);
+
+kadm5_ret_t    kadm5_create_policy(void *server_handle,
+                                   kadm5_policy_ent_t ent,
+                                   long mask);
+kadm5_ret_t    kadm5_delete_policy(void *server_handle,
+                                   kadm5_policy_t policy);
+kadm5_ret_t    kadm5_modify_policy(void *server_handle,
+                                   kadm5_policy_ent_t ent,
+                                   long mask);
+kadm5_ret_t    kadm5_get_policy(void *server_handle,
+                                kadm5_policy_t policy,
+                                kadm5_policy_ent_t ent);
+kadm5_ret_t    kadm5_get_privs(void *server_handle,
+                               long *privs);
+
+kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
+                                           krb5_principal princ,
+                                           char *new_pw,
+                                           char **ret_pw,
+                                           char *msg_ret,
+                                           unsigned int msg_len);
+
+kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
+                                        kadm5_principal_ent_t
+                                        ent);
+kadm5_ret_t    kadm5_free_policy_ent(void *server_handle,
+                                     kadm5_policy_ent_t ent);
+
+kadm5_ret_t    kadm5_get_principals(void *server_handle,
+                                    char *exp, char ***princs,
+                                    int *count);
+
+kadm5_ret_t    kadm5_get_policies(void *server_handle,
+                                  char *exp, char ***pols,
+                                  int *count);
+
+kadm5_ret_t    kadm5_free_key_data(void *server_handle,
+                                   krb5_int16 *n_key_data,
+                                   krb5_key_data *key_data);
+
+kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names,
+                                    int count);
+
+krb5_error_code kadm5_init_krb5_context (krb5_context *);
+
+krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
+
+kadm5_ret_t    kadm5_get_principal_keys(void *server_handle,
+                                        krb5_principal principal,
+                                        krb5_kvno kvno,
+                                        kadm5_key_data **key_data,
+                                        int *n_key_data);
+
+kadm5_ret_t    kadm5_purgekeys(void *server_handle,
+                               krb5_principal principal,
+                               int keepkvno);
+
+kadm5_ret_t    kadm5_get_strings(void *server_handle,
+                                 krb5_principal principal,
+                                 krb5_string_attr **strings_out,
+                                 int *count_out);
+
+kadm5_ret_t    kadm5_set_string(void *server_handle,
+                                krb5_principal principal,
+                                const char *key,
+                                const char *value);
+
+kadm5_ret_t    kadm5_free_strings(void *server_handle,
+                                  krb5_string_attr *strings,
+                                  int count);
+
+kadm5_ret_t    kadm5_free_kadm5_key_data(krb5_context context, int n_key_data,
+                                         kadm5_key_data *key_data);
+
+KADM5INT_END_DECLS
+
+#endif /* __KADM5_ADMIN_H__ */
diff --git a/krb5-1.21.3/src/lib/kadm5/admin_internal.h b/krb5-1.21.3/src/lib/kadm5/admin_internal.h
new file mode 100644
index 00000000..9be53883
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/admin_internal.h
@@ -0,0 +1,80 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ */
+
+#ifndef __KADM5_ADMIN_INTERNAL_H__
+#define __KADM5_ADMIN_INTERNAL_H__
+
+#include <kadm5/admin.h>
+
+#define KADM5_SERVER_HANDLE_MAGIC       0x12345800
+
+#define CHECK_VERSIONS(struct_version, api_version, old_api_err, new_api_err) \
+    {                                                                   \
+        if ((struct_version & KADM5_MASK_BITS) != KADM5_STRUCT_VERSION_MASK) \
+            return KADM5_BAD_STRUCT_VERSION;                            \
+        if (struct_version < KADM5_STRUCT_VERSION_1)                    \
+            return KADM5_OLD_STRUCT_VERSION;                            \
+        if (struct_version > KADM5_STRUCT_VERSION_1)                    \
+            return KADM5_NEW_STRUCT_VERSION;                            \
+        if ((api_version & KADM5_MASK_BITS) != KADM5_API_VERSION_MASK)  \
+            return KADM5_BAD_API_VERSION;                               \
+        if (api_version < KADM5_API_VERSION_2)                          \
+            return old_api_err;                                         \
+        if (api_version > KADM5_API_VERSION_4)                          \
+            return new_api_err;                                         \
+    }
+
+#define GENERIC_CHECK_HANDLE(handle, old_api_err, new_api_err)  \
+    {                                                           \
+        kadm5_server_handle_t srvr = handle;                    \
+                                                                \
+        if (srvr == NULL)                                       \
+            return KADM5_BAD_SERVER_HANDLE;                     \
+        if (srvr->magic_number != KADM5_SERVER_HANDLE_MAGIC)    \
+            return KADM5_BAD_SERVER_HANDLE;                     \
+        CHECK_VERSIONS(srvr->struct_version, srvr->api_version, \
+                       old_api_err, new_api_err);               \
+    }
+
+/*
+ * _KADM5_CHECK_HANDLE calls the function _kadm5_check_handle and
+ * returns any non-zero error code that function returns.
+ * _kadm5_check_handle, in client_handle.c and server_handle.c, exists
+ * in both the server- and client- side libraries.  In each library,
+ * it calls CHECK_HANDLE, which is defined by the appropriate
+ * _internal.h header file to call GENERIC_CHECK_HANDLE as well as
+ * CLIENT_CHECK_HANDLE and SERVER_CHECK_HANDLE.
+ *
+ * _KADM5_CHECK_HANDLE should be used by a function that needs to
+ * check the handle but wants to be the same code in both the client
+ * and server library; it makes a function call to the right handle
+ * checker.  Code that only exists in one library can call the
+ * CHECK_HANDLE macro, which inlines the test instead of making
+ * another function call.
+ *
+ * Got that?
+ */
+#define _KADM5_CHECK_HANDLE(handle)                                     \
+    { int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;}
+
+int         _kadm5_check_handle(void *handle);
+kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
+                                         void *lhandle,
+                                         krb5_principal princ,
+                                         char *new_pw,
+                                         char **ret_pw,
+                                         char *msg_ret,
+                                         unsigned int msg_len);
+
+/* this is needed by the alt_prof code I stole.  The functions
+   maybe shouldn't be named krb5_*, but they are. */
+
+krb5_error_code
+krb5_string_to_keysalts(const char *string, const char *tupleseps,
+                        const char *ksaltseps, krb5_boolean dups,
+                        krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp);
+
+#endif /* __KADM5_ADMIN_INTERNAL_H__ */
diff --git a/krb5-1.21.3/src/lib/kadm5/admin_xdr.h b/krb5-1.21.3/src/lib/kadm5/admin_xdr.h
new file mode 100644
index 00000000..9da98451
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/admin_xdr.h
@@ -0,0 +1,73 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ *
+ */
+
+#include    <kadm5/admin.h>
+#include    "kadm_rpc.h"
+#include    "server_internal.h"
+
+bool_t      xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp);
+bool_t	    xdr_nullstring(XDR *xdrs, char **objp);
+bool_t      xdr_nulltype(XDR *xdrs, void **objp, xdrproc_t proc);
+bool_t	    xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp);
+bool_t	    xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp);
+bool_t	    xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp);
+bool_t	    xdr_krb5_flags(XDR *xdrs, krb5_flags *objp);
+bool_t      xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp);
+bool_t      xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp);
+bool_t      xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp);
+bool_t      xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp);
+bool_t      xdr_krb5_key_salt_tuple(XDR *xdrs, krb5_key_salt_tuple *objp);
+bool_t      xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head);
+bool_t	    xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp);
+bool_t      xdr_kadm5_principal_ent_rec_v1(XDR *xdrs, kadm5_principal_ent_rec *objp);
+bool_t	    xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp);
+bool_t	    xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp);
+bool_t	    xdr_kadm5_policy_ent_t(XDR *xdrs, kadm5_policy_ent_t *objp);
+bool_t	    xdr_kadm5_principal_ent_t(XDR *xdrs, kadm5_principal_ent_t *objp);
+bool_t	    xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp);
+bool_t      xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp);
+bool_t      xdr_generic_ret(XDR *xdrs, generic_ret *objp);
+bool_t	    xdr_dprinc_arg(XDR *xdrs, dprinc_arg *objp);
+bool_t	    xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp);
+bool_t	    xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp);
+bool_t	    xdr_chpass_arg(XDR *xdrs, chpass_arg *objp);
+bool_t      xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp);
+bool_t      xdr_setkey_arg(XDR *xdrs, setkey_arg *objp);
+bool_t      xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp);
+bool_t      xdr_setkey4_arg(XDR *xdrs, setkey4_arg *objp);
+bool_t	    xdr_chrand_arg(XDR *xdrs, chrand_arg *objp);
+bool_t      xdr_chrand3_arg(XDR *xdrs, chrand3_arg *objp);
+bool_t	    xdr_chrand_ret(XDR *xdrs, chrand_ret *objp);
+bool_t	    xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp);
+bool_t      xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp);
+bool_t	    xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp);
+bool_t      xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp);
+bool_t	    xdr_cpol_arg(XDR *xdrs, cpol_arg *objp);
+bool_t	    xdr_dpol_arg(XDR *xdrs, dpol_arg *objp);
+bool_t	    xdr_mpol_arg(XDR *xdrs, mpol_arg *objp);
+bool_t	    xdr_gpol_arg(XDR *xdrs, gpol_arg *objp);
+bool_t	    xdr_gpol_ret(XDR *xdrs, gpol_ret *objp);
+bool_t      xdr_gpols_arg(XDR *xdrs, gpols_arg *objp);
+bool_t      xdr_gpols_ret(XDR *xdrs, gpols_ret *objp);
+bool_t      xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp);
+bool_t      xdr_purgekeys_arg(XDR *xdrs, purgekeys_arg *objp);
+bool_t      xdr_gstrings_arg(XDR *xdrs, gstrings_arg *objp);
+bool_t      xdr_gstrings_ret(XDR *xdrs, gstrings_ret *objp);
+bool_t      xdr_sstring_arg(XDR *xdrs, sstring_arg *objp);
+bool_t	    xdr_krb5_principal(XDR *xdrs, krb5_principal *objp);
+bool_t	    xdr_krb5_octet(XDR *xdrs, krb5_octet *objp);
+bool_t	    xdr_krb5_int32(XDR *xdrs, krb5_int32 *objp);
+bool_t	    xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp);
+bool_t      xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp);
+bool_t	    xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp);
+bool_t      xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp);
+bool_t      xdr_krb5_string_attr(XDR *xdrs, krb5_string_attr *objp);
+bool_t      xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp);
+bool_t      xdr_kadm5_key_data(XDR *xdrs, kadm5_key_data *objp);
+bool_t      xdr_getpkeys_arg(XDR *xdrs, getpkeys_arg *objp);
+bool_t      xdr_getpkeys_ret(XDR *xdrs, getpkeys_ret *objp);
diff --git a/krb5-1.21.3/src/lib/kadm5/alt_prof.c b/krb5-1.21.3/src/lib/kadm5/alt_prof.c
new file mode 100644
index 00000000..e8c1f51c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/alt_prof.c
@@ -0,0 +1,799 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/alt_prof.c */
+/*
+ * Copyright 1995,2001,2008,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* Implement alternate profile file handling. */
+#include "k5-int.h"
+#include "fake-addrinfo.h"
+#include <kadm5/admin.h>
+#include "adm_proto.h"
+#include <stdio.h>
+#include <ctype.h>
+#include <kdb_log.h>
+
+static krb5_key_salt_tuple *
+copy_key_salt_tuple(krb5_key_salt_tuple *ksalt, krb5_int32 len)
+{
+    krb5_key_salt_tuple *knew;
+
+    knew = calloc(len, sizeof(krb5_key_salt_tuple));
+    if (knew == NULL)
+        return NULL;
+    memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple));
+    return knew;
+}
+
+/*
+ * krb5_aprof_getvals()     - Get values from alternate profile.
+ *
+ * Parameters:
+ *        acontext          - opaque context for alternate profile.
+ *        hierarchy         - hierarchy of value to retrieve.
+ *        retdata           - Returned data values.
+ *
+ * Returns:
+ *         error codes from profile_get_values()
+ */
+krb5_error_code
+krb5_aprof_getvals(krb5_pointer acontext, const char **hierarchy,
+                   char ***retdata)
+{
+    return profile_get_values(acontext, hierarchy, retdata);
+}
+
+/*
+ * krb5_aprof_get_boolean()
+ *
+ * Parameters:
+ *        acontext          - opaque context for alternate profile
+ *        hierarchy         - hierarchy of value to retrieve
+ *        retdata           - Returned data value
+ * Returns:
+ *        error codes
+ */
+
+static krb5_error_code
+string_to_boolean(const char *string, krb5_boolean *out)
+{
+    static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" };
+    static const char *const no[] = { "n", "no", "false", "f", "nil", "0",
+                                      "off" };
+    unsigned int i;
+
+    for (i = 0; i < sizeof(yes) / sizeof(yes[0]); i++) {
+        if (!strcasecmp(string, yes[i])) {
+            *out = TRUE;
+            return 0;
+        }
+    }
+    for (i = 0; i < sizeof(no) / sizeof(no[0]); i++) {
+        if (!strcasecmp(string, no[i])) {
+            *out = FALSE;
+            return 0;
+        }
+    }
+    return PROF_BAD_BOOLEAN;
+}
+
+krb5_error_code
+krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy,
+                       int uselast, krb5_boolean *retdata)
+{
+    krb5_error_code ret;
+    char **values, *valp;
+    int idx;
+    krb5_boolean val;
+
+    ret = krb5_aprof_getvals(acontext, hierarchy, &values);
+    if (ret)
+        return ret;
+    idx = 0;
+    if (uselast) {
+        while (values[idx] != NULL)
+            idx++;
+        idx--;
+    }
+    valp = values[idx];
+    ret = string_to_boolean(valp, &val);
+    profile_free_list(values);
+    if (ret)
+        return ret;
+    *retdata = val;
+    return 0;
+}
+
+/*
+ * krb5_aprof_get_deltat()  - Get a delta time value from the alternate
+ *                            profile.
+ *
+ * Parameters:
+ *        acontext          - opaque context for alternate profile.
+ *        hierarchy         - hierarchy of value to retrieve.
+ *        uselast           - if true, use last value, otherwise use first
+ *                            value found.
+ *        deltatp           - returned delta time value.
+ *
+ * Returns:
+ *        error codes from profile_get_values()
+ *        error codes from krb5_string_to_deltat()
+ */
+krb5_error_code
+krb5_aprof_get_deltat(krb5_pointer acontext, const char **hierarchy,
+                      krb5_boolean uselast, krb5_deltat *deltatp)
+{
+    krb5_error_code ret;
+    char **values, *valp;
+    int idx;
+
+    ret = krb5_aprof_getvals(acontext, hierarchy, &values);
+    if (ret)
+        return ret;
+
+    idx = 0;
+    if (uselast) {
+        for (idx = 0; values[idx] != NULL; idx++);
+        idx--;
+    }
+    valp = values[idx];
+
+    ret = krb5_string_to_deltat(valp, deltatp);
+    profile_free_list(values);
+    return ret;
+}
+
+/*
+ * krb5_aprof_get_string()  - Get a string value from the alternate profile.
+ *
+ * Parameters:
+ *        acontext          - opaque context for alternate profile.
+ *        hierarchy         - hierarchy of value to retrieve.
+ *        uselast           - if true, use last value, otherwise use first
+ *                            value found.
+ *        stringp           - returned string value.
+ *
+ * Returns:
+ *         error codes from profile_get_values()
+ */
+krb5_error_code
+krb5_aprof_get_string(krb5_pointer acontext, const char **hierarchy,
+                      krb5_boolean uselast, char **stringp)
+{
+    krb5_error_code ret;
+    char **values;
+    int lastidx;
+
+    ret = krb5_aprof_getvals(acontext, hierarchy, &values);
+    if (ret)
+        return ret;
+
+    for (lastidx = 0; values[lastidx] != NULL; lastidx++);
+    lastidx--;
+
+    /* Excise the entry we want from the null-terminated list,
+     * and free up the rest. */
+    if (uselast) {
+        *stringp = values[lastidx];
+        values[lastidx] = NULL;
+    } else {
+        *stringp = values[0];
+        values[0] = values[lastidx];
+        values[lastidx] = NULL;
+    }
+
+    profile_free_list(values);
+    return 0;
+}
+
+/*
+ * krb5_aprof_get_string_all() - When the attr identified by "hierarchy" is
+ *                               specified multiple times, concatenate all of
+ *                               its string values from the alternate profile,
+ *                               separated with spaces.
+ *
+ * Parameters:
+ *        acontext             - opaque context for alternate profile.
+ *        hierarchy            - hierarchy of value to retrieve.
+ *        stringp              - Returned string value.
+ *
+ * Returns:
+ *        error codes from profile_get_values() or ENOMEM
+ *        Caller is responsible for deallocating stringp buffer
+ */
+krb5_error_code
+krb5_aprof_get_string_all(krb5_pointer acontext, const char **hierarchy,
+                          char **stringp)
+{
+    krb5_error_code ret;
+    char **values;
+    int idx = 0;
+    size_t buf_size = 0;
+
+    ret = krb5_aprof_getvals(acontext, hierarchy, &values);
+    if (ret)
+        return ret;
+
+    buf_size = strlen(values[0]) + 3;
+    for (idx = 1; values[idx] != NULL; idx++)
+        buf_size += strlen(values[idx]) + 3;
+
+    *stringp = calloc(1, buf_size);
+    if (*stringp == NULL) {
+        profile_free_list(values);
+        return ENOMEM;
+    }
+    strlcpy(*stringp, values[0], buf_size);
+    for (idx = 1; values[idx] != NULL; idx++) {
+        strlcat(*stringp, " ", buf_size);
+        strlcat(*stringp, values[idx], buf_size);
+    }
+
+    profile_free_list(values);
+    return 0;
+}
+
+
+/*
+ * krb5_aprof_get_int32()   - Get a 32-bit integer value from the alternate
+ *                            profile.
+ *
+ * Parameters:
+ *        acontext          - opaque context for alternate profile.
+ *        hierarchy         - hierarchy of value to retrieve.
+ *        uselast           - if true, use last value, otherwise use first
+ *                            value found.
+ *        intp              - returned 32-bit integer value.
+ *
+ * Returns:
+ *        error codes from profile_get_values()
+ *        EINVAL            - value is not an integer
+ */
+krb5_error_code
+krb5_aprof_get_int32(krb5_pointer acontext, const char **hierarchy,
+                     krb5_boolean uselast, krb5_int32 *intp)
+{
+    krb5_error_code ret;
+    char **values;
+    int idx;
+
+    ret = krb5_aprof_getvals(acontext, hierarchy, &values);
+    if (ret)
+        return ret;
+
+    idx = 0;
+    if (uselast) {
+        for (idx = 0; values[idx] != NULL; idx++);
+        idx--;
+    }
+
+    if (sscanf(values[idx], "%d", intp) != 1)
+        ret = EINVAL;
+
+    profile_free_list(values);
+    return ret;
+}
+
+/*
+ * Returns nonzero if it found something to copy; the caller may still need to
+ * check the output field or mask to see if the copy (allocation) was
+ * successful.  Returns zero if nothing was found to copy, and thus the caller
+ * may want to apply some default heuristic.  If the default action is just to
+ * use a fixed, compiled-in string, supply it as the default value here and
+ * ignore the return value.
+ */
+static int
+get_string_param(char **param_out, char *param_in, long *mask_out,
+                 long mask_in, long mask_bit, krb5_pointer aprofile,
+                 const char **hierarchy, const char *config_name,
+                 const char *default_value)
+{
+    char *svalue;
+
+    hierarchy[2] = config_name;
+    if (mask_in & mask_bit) {
+        *param_out = strdup(param_in);
+        if (*param_out)
+            *mask_out |= mask_bit;
+        return 1;
+    } else if (aprofile != NULL &&
+               !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+        *param_out = svalue;
+        *mask_out |= mask_bit;
+        return 1;
+    } else if (default_value) {
+        *param_out = strdup(default_value);
+        if (*param_out)
+            *mask_out |= mask_bit;
+        return 1;
+    } else {
+        return 0;
+    }
+}
+/*
+ * Similar, for (host-order) port number, if not already set in the output
+ * field; default_value == 0 means no default.
+ */
+static void
+get_port_param(int *param_out, int param_in, long *mask_out, long mask_in,
+               long mask_bit, krb5_pointer aprofile, const char **hierarchy,
+               const char *config_name, int default_value)
+{
+    krb5_int32 ivalue;
+
+    if (*mask_out & mask_bit)
+        return;
+    hierarchy[2] = config_name;
+    if (mask_in & mask_bit) {
+        *mask_out |= mask_bit;
+        *param_out = param_in;
+    } else if (aprofile != NULL &&
+               !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
+        *param_out = ivalue;
+        *mask_out |= mask_bit;
+    } else if (default_value) {
+        *param_out = default_value;
+        *mask_out |= mask_bit;
+    }
+}
+
+/*
+ * Similar, for delta_t; default is required.
+ */
+static void
+get_deltat_param(krb5_deltat *param_out, krb5_deltat param_in, long *mask_out,
+                 long mask_in, long mask_bit, krb5_pointer aprofile,
+                 const char **hierarchy, const char *config_name,
+                 krb5_deltat default_value)
+{
+    krb5_deltat dtvalue;
+
+    hierarchy[2] = config_name;
+    if (mask_in & mask_bit) {
+        *mask_out |= mask_bit;
+        *param_out = param_in;
+    } else if (aprofile &&
+               !krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
+        *param_out = dtvalue;
+        *mask_out |= mask_bit;
+    } else {
+        *param_out = default_value;
+        *mask_out |= mask_bit;
+    }
+}
+
+/*
+ * Parse out the port number from an admin_server setting.  Modify server to
+ * contain just the hostname or address.  If a port is given, set *port, and
+ * set the appropriate bit in *mask.
+ */
+static void
+parse_admin_server_port(char *server, int *port, long *mask)
+{
+    char *end, *portstr;
+
+    /* Allow the name or addr to be enclosed in brackets, for IPv6 addrs. */
+    if (*server == '[' && (end = strchr(server + 1, ']')) != NULL) {
+        portstr = (*(end + 1) == ':') ? end + 2 : NULL;
+        /* Shift the bracketed name or address back into server. */
+        memmove(server, server + 1, end - (server + 1));
+        *(end - 1) = '\0';
+    } else {
+        /* Terminate the name at the colon, if any. */
+        end = server + strcspn(server, ":");
+        portstr = (*end == ':') ? end + 1 : NULL;
+        *end = '\0';
+    }
+
+    /* If we found a port string, parse it and set the appropriate bit. */
+    if (portstr) {
+        *port = atoi(portstr);
+        *mask |= KADM5_CONFIG_KADMIND_PORT;
+    }
+}
+
+/*
+ * Function: kadm5_get_config_params
+ *
+ * Purpose: Merge configuration parameters provided by the caller with values
+ * specified in configuration files and with default values.
+ *
+ * Arguments:
+ *
+ *        context     (r) krb5_context to use
+ *        profile     (r) profile file to use
+ *        envname     (r) envname that contains a profile name to
+ *                        override profile
+ *        params_in   (r) params structure containing user-supplied
+ *                        values, or NULL
+ *        params_out  (w) params structure to be filled in
+ *
+ * Effects:
+ *
+ * The fields and mask of params_out are filled in with values obtained from
+ * params_in, the specified profile, and default values.  Only and all fields
+ * specified in params_out->mask are set.  The context of params_out must be
+ * freed with kadm5_free_config_params.
+ *
+ * params_in and params_out may be the same pointer.  However, all pointers in
+ * params_in for which the mask is set will be re-assigned to newly copied
+ * versions, overwriting the old pointer value.
+ */
+krb5_error_code kadm5_get_config_params(krb5_context context,
+                                        int use_kdc_config,
+                                        kadm5_config_params *params_in,
+                                        kadm5_config_params *params_out)
+{
+    char *lrealm, *svalue, *sp, *ep, *tp;
+    krb5_pointer aprofile = context->profile;
+    const char *hierarchy[4];
+    krb5_int32 ivalue;
+    kadm5_config_params params, empty_params;
+    krb5_boolean bvalue;
+    krb5_error_code ret = 0;
+
+    memset(&params, 0, sizeof(params));
+    memset(&empty_params, 0, sizeof(empty_params));
+
+    if (params_in == NULL)
+        params_in = &empty_params;
+
+    if (params_in->mask & KADM5_CONFIG_REALM) {
+        lrealm = params.realm = strdup(params_in->realm);
+        if (params.realm == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        params.mask |= KADM5_CONFIG_REALM;
+    } else {
+        ret = krb5_get_default_realm(context, &lrealm);
+        if (ret)
+            goto cleanup;
+        params.realm = lrealm;
+        params.mask |= KADM5_CONFIG_REALM;
+    }
+
+    if (params_in->mask & KADM5_CONFIG_KVNO) {
+        params.kvno = params_in->kvno;
+        params.mask |= KADM5_CONFIG_KVNO;
+    }
+
+    /* Initialize realm parameters. */
+    hierarchy[0] = KRB5_CONF_REALMS;
+    hierarchy[1] = lrealm;
+    hierarchy[3] = NULL;
+
+#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT)          \
+    get_string_param(&params.FIELD, params_in->FIELD,           \
+                     &params.mask, params_in->mask, BIT,        \
+                     aprofile, hierarchy, CONFTAG, DEFAULT)
+
+    /* Get the value for the admin server. */
+    GET_STRING_PARAM(admin_server, KADM5_CONFIG_ADMIN_SERVER,
+                     KRB5_CONF_ADMIN_SERVER, NULL);
+
+    if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
+        parse_admin_server_port(params.admin_server, &params.kadmind_port,
+                                &params.mask);
+    }
+
+    /* Get the value for the database. */
+    GET_STRING_PARAM(dbname, KADM5_CONFIG_DBNAME, KRB5_CONF_DATABASE_NAME,
+                     DEFAULT_KDB_FILE);
+
+    /* Get the name of the acl file. */
+    GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE,
+                     DEFAULT_KADM5_ACL_FILE);
+
+    /* Get the name of the dict file. */
+    GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE,
+                     NULL);
+
+    /* Get the kadmind listen addresses. */
+    GET_STRING_PARAM(kadmind_listen, KADM5_CONFIG_KADMIND_LISTEN,
+                     KRB5_CONF_KADMIND_LISTEN, NULL);
+    GET_STRING_PARAM(kpasswd_listen, KADM5_CONFIG_KPASSWD_LISTEN,
+                     KRB5_CONF_KPASSWD_LISTEN, NULL);
+    GET_STRING_PARAM(iprop_listen, KADM5_CONFIG_IPROP_LISTEN,
+                     KRB5_CONF_IPROP_LISTEN, NULL);
+
+#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT)            \
+    get_port_param(&params.FIELD, params_in->FIELD,             \
+                   &params.mask, params_in->mask, BIT,          \
+                   aprofile, hierarchy, CONFTAG, DEFAULT)
+
+    /* Get the value for the kadmind port. */
+    GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT,
+                   KRB5_CONF_KADMIND_PORT, DEFAULT_KADM5_PORT);
+
+    /* Get the value for the kpasswd port. */
+    GET_PORT_PARAM(kpasswd_port, KADM5_CONFIG_KPASSWD_PORT,
+                   KRB5_CONF_KPASSWD_PORT, DEFAULT_KPASSWD_PORT);
+
+    /* Get the value for the master key name. */
+    GET_STRING_PARAM(mkey_name, KADM5_CONFIG_MKEY_NAME,
+                     KRB5_CONF_MASTER_KEY_NAME, NULL);
+
+    /* Get the value for the master key type. */
+    hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
+    if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
+        params.mask |= KADM5_CONFIG_ENCTYPE;
+        params.enctype = params_in->enctype;
+    } else if (aprofile != NULL &&
+               !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+        if (!krb5_string_to_enctype(svalue, &params.enctype)) {
+            params.mask |= KADM5_CONFIG_ENCTYPE;
+            free(svalue);
+        }
+    } else {
+        params.mask |= KADM5_CONFIG_ENCTYPE;
+        params.enctype = DEFAULT_KDC_ENCTYPE;
+    }
+
+    /* Get the value for mkey_from_kbd. */
+    if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) {
+        params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        params.mkey_from_kbd = params_in->mkey_from_kbd;
+    }
+
+    /* Get the value for the stashfile. */
+    GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE,
+                     KRB5_CONF_KEY_STASH_FILE, NULL);
+
+    /* Get the value for maximum ticket lifetime. */
+#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT)          \
+    get_deltat_param(&params.FIELD, params_in->FIELD,           \
+                     &params.mask, params_in->mask, BIT,        \
+                     aprofile, hierarchy, CONFTAG, DEFAULT)
+
+    GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE,
+                     24 * 60 * 60); /* 1 day */
+
+    /* Get the value for maximum renewable ticket lifetime. */
+    GET_DELTAT_PARAM(max_rlife, KADM5_CONFIG_MAX_RLIFE,
+                     KRB5_CONF_MAX_RENEWABLE_LIFE, 0);
+
+    /* Get the value for the default principal expiration */
+    hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
+    if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
+        params.mask |= KADM5_CONFIG_EXPIRATION;
+        params.expiration = params_in->expiration;
+    } else if (aprofile &&
+               !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+        if (!krb5_string_to_timestamp(svalue, &params.expiration)) {
+            params.mask |= KADM5_CONFIG_EXPIRATION;
+            free(svalue);
+        }
+    } else {
+        params.mask |= KADM5_CONFIG_EXPIRATION;
+        params.expiration = 0;
+    }
+
+    /* Get the value for the default principal flags */
+    hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS;
+    if (params_in->mask & KADM5_CONFIG_FLAGS) {
+        params.mask |= KADM5_CONFIG_FLAGS;
+        params.flags = params_in->flags;
+    } else if (aprofile != NULL &&
+               !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+        sp = svalue;
+        params.flags = 0;
+        while (sp != NULL) {
+            if ((ep = strchr(sp, ',')) != NULL ||
+                (ep = strchr(sp, ' ')) != NULL ||
+                (ep = strchr(sp, '\t')) != NULL) {
+                /* Fill in trailing whitespace of sp. */
+                tp = ep - 1;
+                while (isspace((unsigned char)*tp) && tp > sp) {
+                    *tp = '\0';
+                    tp--;
+                }
+                *ep = '\0';
+                ep++;
+                /* Skip over trailing whitespace of ep. */
+                while (isspace((unsigned char)*ep) && *ep != '\0')
+                    ep++;
+            }
+            /* Convert this flag. */
+            if (krb5_flagspec_to_mask(sp, &params.flags, &params.flags))
+                break;
+            sp = ep;
+        }
+        if (sp == NULL)
+            params.mask |= KADM5_CONFIG_FLAGS;
+        free(svalue);
+    } else {
+        params.mask |= KADM5_CONFIG_FLAGS;
+        params.flags = KRB5_KDB_DEF_FLAGS;
+    }
+
+    /* Get the value for the supported enctype/salttype matrix. */
+    hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES;
+    if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
+        if (params_in->keysalts) {
+            params.keysalts = copy_key_salt_tuple(params_in->keysalts,
+                                                  params_in->num_keysalts);
+            if (params.keysalts) {
+                params.mask |= KADM5_CONFIG_ENCTYPES;
+                params.num_keysalts = params_in->num_keysalts;
+            }
+        } else {
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+            params.keysalts = NULL;
+            params.num_keysalts = params_in->num_keysalts;
+        }
+    } else {
+        svalue = NULL;
+        if (aprofile != NULL)
+            krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
+        if (svalue == NULL)
+            svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES);
+        if (svalue == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+
+        params.keysalts = NULL;
+        params.num_keysalts = 0;
+        krb5_string_to_keysalts(svalue,
+                                NULL, /* Tuple separators */
+                                NULL, /* Key/salt separators */
+                                0,      /* No duplicates */
+                                &params.keysalts,
+                                &params.num_keysalts);
+        if (params.num_keysalts)
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+
+        free(svalue);
+    }
+
+    hierarchy[2] = KRB5_CONF_IPROP_ENABLE;
+
+    params.iprop_enabled = FALSE;
+    params.mask |= KADM5_CONFIG_IPROP_ENABLED;
+
+    if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) {
+        params.mask |= KADM5_CONFIG_IPROP_ENABLED;
+        params.iprop_enabled = params_in->iprop_enabled;
+    } else {
+        if (aprofile &&
+            !krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
+            params.iprop_enabled = bvalue;
+            params.mask |= KADM5_CONFIG_IPROP_ENABLED;
+        }
+    }
+
+    if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE,
+                          KRB5_CONF_IPROP_LOGFILE, NULL)) {
+        if (params.mask & KADM5_CONFIG_DBNAME) {
+            if (asprintf(&params.iprop_logfile, "%s.ulog",
+                         params.dbname) >= 0)
+                params.mask |= KADM5_CONFIG_IPROP_LOGFILE;
+        }
+    }
+
+    GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT, KRB5_CONF_IPROP_PORT,
+                   0);
+
+    /* 5 min for large KDBs */
+    GET_DELTAT_PARAM(iprop_resync_timeout, KADM5_CONFIG_IPROP_RESYNC_TIMEOUT,
+                     KRB5_CONF_IPROP_RESYNC_TIMEOUT, 60 * 5);
+
+    if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
+        params.mask |= KADM5_CONFIG_ULOG_SIZE;
+        params.iprop_ulogsize = params_in->iprop_ulogsize;
+    } else {
+        params.iprop_ulogsize = 0;
+        hierarchy[2] = KRB5_CONF_IPROP_ULOGSIZE;
+        if (aprofile != NULL &&
+            !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue) &&
+            ivalue > 0)
+            params.iprop_ulogsize = ivalue;
+        hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
+        if (params.iprop_ulogsize == 0 && aprofile != NULL &&
+            !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue) &&
+            ivalue > 0)
+            params.iprop_ulogsize = ivalue;
+        if (params.iprop_ulogsize == 0)
+            params.iprop_ulogsize = DEF_ULOGENTRIES;
+    }
+    params.mask |= KADM5_CONFIG_ULOG_SIZE;
+
+    GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
+                     KRB5_CONF_IPROP_REPLICA_POLL, -1);
+    if (params.iprop_poll_time == -1) {
+        GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
+                         KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60);
+    }
+
+    *params_out = params;
+
+cleanup:
+    if (ret) {
+        kadm5_free_config_params(context, &params);
+        params_out->mask = 0;
+    }
+    return ret;
+}
+
+/*
+ * kadm5_free_config_params()        - Free data allocated by above.
+ */
+krb5_error_code
+kadm5_free_config_params(krb5_context context, kadm5_config_params *params)
+{
+    if (params == NULL)
+        return 0;
+    free(params->dbname);
+    free(params->mkey_name);
+    free(params->stash_file);
+    free(params->keysalts);
+    free(params->admin_server);
+    free(params->dict_file);
+    free(params->acl_file);
+    free(params->realm);
+    free(params->iprop_logfile);
+    return 0;
+}
+
+krb5_error_code
+kadm5_get_admin_service_name(krb5_context ctx, char *realm_in,
+                             char *admin_name, size_t maxlen)
+{
+    krb5_error_code ret;
+    kadm5_config_params params_in, params_out;
+    char *canonhost = NULL;
+
+    memset(&params_in, 0, sizeof(params_in));
+    memset(&params_out, 0, sizeof(params_out));
+
+    params_in.mask |= KADM5_CONFIG_REALM;
+    params_in.realm = realm_in;
+    ret = kadm5_get_config_params(ctx, 0, &params_in, &params_out);
+    if (ret)
+        return ret;
+
+    if (!(params_out.mask & KADM5_CONFIG_ADMIN_SERVER)) {
+        ret = KADM5_MISSING_KRB5_CONF_PARAMS;
+        goto err_params;
+    }
+
+    ret = krb5_expand_hostname(ctx, params_out.admin_server, &canonhost);
+    if (ret)
+        goto err_params;
+
+    if (strlen(canonhost) + sizeof("kadmin/") > maxlen) {
+        ret = ENOMEM;
+        goto err_params;
+    }
+    snprintf(admin_name, maxlen, "kadmin/%s", canonhost);
+
+err_params:
+    krb5_free_string(ctx, canonhost);
+    kadm5_free_config_params(ctx, &params_out);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/chpass_util.c b/krb5-1.21.3/src/lib/kadm5/chpass_util.c
new file mode 100644
index 00000000..9a1d62d9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/chpass_util.c
@@ -0,0 +1,240 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ */
+
+
+#include "k5-int.h"
+
+#include <kadm5/admin.h>
+#include "admin_internal.h"
+
+
+#define string_text error_message
+
+/*
+ * Function: kadm5_chpass_principal_util
+ *
+ * Purpose: Wrapper around chpass_principal. We can read new pw, change pw and return useful messages
+ *
+ * Arguments:
+ *
+ *      princ          (input) a krb5b_principal structure for the
+ *                     principal whose password we should change.
+ *
+ *      new_password   (input) NULL or a null terminated string with the
+ *                     the principal's desired new password.  If new_password
+ *                     is NULL then this routine will read a new password.
+ *
+ *      pw_ret          (output) if non-NULL, points to a static buffer
+ *                      containing the new password (if password is prompted
+ *                      internally), or to the new_password argument (if
+ *                      that is non-NULL).  If the former, then the buffer
+ *                      is only valid until the next call to the function,
+ *                      and the caller should be sure to zero it when
+ *                      it is no longer needed.
+ *
+ *      msg_ret         (output) a useful message is copied here.
+ *
+ *      <return value>  exit status of 0 for success, else the com err code
+ *                      for the last significant routine called.
+ *
+ * Requires:
+ *
+ *      A msg_ret should point to a buffer large enough for the messasge.
+ *
+ * Effects:
+ *
+ * Modifies:
+ *
+ *
+ */
+
+kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
+                                         void *lhandle,
+                                         krb5_principal princ,
+                                         char *new_pw,
+                                         char **ret_pw,
+                                         char *msg_ret,
+                                         unsigned int msg_len)
+{
+    int code, code2;
+    unsigned int pwsize;
+    static char buffer[255];
+    char *new_password;
+    kadm5_principal_ent_rec princ_ent;
+    kadm5_policy_ent_rec policy_ent;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (ret_pw)
+        *ret_pw = NULL;
+
+    if (new_pw != NULL) {
+        new_password = new_pw;
+    } else { /* read the password */
+        krb5_context context;
+
+        if ((code = (int) kadm5_init_krb5_context(&context)) == 0) {
+            pwsize = sizeof(buffer);
+            code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT,
+                                      KADM5_PW_SECOND_PROMPT,
+                                      buffer, &pwsize);
+            krb5_free_context(context);
+        }
+
+        if (code == 0)
+            new_password = buffer;
+        else {
+#ifdef ZEROPASSWD
+            memset(buffer, 0, sizeof(buffer));
+#endif
+            if (code == KRB5_LIBOS_BADPWDMATCH) {
+                strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH),
+                        msg_len - 1);
+                msg_ret[msg_len - 1] = '\0';
+                return(code);
+            } else {
+                snprintf(msg_ret, msg_len, "%s %s\n\n%s",
+                         error_message(code),
+                         string_text(CHPASS_UTIL_WHILE_READING_PASSWORD),
+                         string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+                msg_ret[msg_len - 1] = '\0';
+                return(code);
+            }
+        }
+        if (pwsize == 0) {
+#ifdef ZEROPASSWD
+            memset(buffer, 0, sizeof(buffer));
+#endif
+            strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1);
+            msg_ret[msg_len - 1] = '\0';
+            return(KRB5_LIBOS_CANTREADPWD); /* could do better */
+        }
+    }
+
+    if (ret_pw)
+        *ret_pw = new_password;
+
+    code = kadm5_chpass_principal(server_handle, princ, new_password);
+
+#ifdef ZEROPASSWD
+    if (!ret_pw)
+        memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */
+#endif
+
+    if (code == KADM5_OK) {
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1);
+        msg_ret[msg_len - 1] = '\0';
+        return(0);
+    }
+
+    if ((code != KADM5_PASS_Q_TOOSHORT) &&
+        (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) &&
+        (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) {
+        /* Can't get more info for other errors */
+        snprintf(msg_ret, msg_len, "%s\n%s %s\n",
+                 string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+                 error_message(code),
+                 string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
+        return(code);
+    }
+
+    /* Ok, we have a password quality error. Return a good message */
+
+    if (code == KADM5_PASS_REUSE) {
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1);
+        msg_ret[msg_len - 1] = '\0';
+        return(code);
+    }
+
+    if (code == KADM5_PASS_Q_DICT) {
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY),
+                msg_len - 1);
+        msg_ret[msg_len - 1] = '\0';
+        return(code);
+    }
+
+    /* Look up policy for the remaining messages */
+
+    code2 = kadm5_get_principal (lhandle, princ, &princ_ent,
+                                 KADM5_PRINCIPAL_NORMAL_MASK);
+    if (code2 != 0) {
+        snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n",
+                 error_message(code2),
+                 string_text(CHPASS_UTIL_GET_PRINC_INFO),
+                 error_message(code),
+                 string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
+                 string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+        msg_ret[msg_len - 1] = '\0';
+        return(code);
+    }
+
+    if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) {
+        /* Some module implements its own password policy. */
+        snprintf(msg_ret, msg_len, "%s\n\n%s",
+                 error_message(code),
+                 string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+        msg_ret[msg_len - 1] = '\0';
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        return(code);
+    }
+
+    code2 = kadm5_get_policy(lhandle, princ_ent.policy,
+                             &policy_ent);
+    if (code2 != 0) {
+        snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2),
+                 string_text(CHPASS_UTIL_GET_POLICY_INFO),
+                 error_message(code),
+                 string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
+                 string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        return(code);
+    }
+
+    if (code == KADM5_PASS_Q_TOOSHORT) {
+        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT),
+                 policy_ent.pw_min_length);
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+        return(code);
+    }
+
+/* Can't get more info for other errors */
+
+    if (code == KADM5_PASS_Q_CLASS) {
+        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES),
+                 policy_ent.pw_min_classes);
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+        return(code);
+    }
+
+    if (code == KADM5_PASS_TOOSOON) {
+        time_t until;
+        char *time_string, *ptr;
+
+        until = ts_incr(princ_ent.last_pwd_change, policy_ent.pw_min_life);
+
+        time_string = ctime(&until);
+        if (time_string == NULL)
+            time_string = "(error)";
+        else if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+            *ptr = '\0';
+
+        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON),
+                 time_string);
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+        return(code);
+    }
+
+    /* We should never get here, but just in case ... */
+    snprintf(msg_ret, msg_len, "%s\n%s %s\n",
+             string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+             error_message(code),
+             string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
+    (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+    (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+    return(code);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/chpass_util_strings.et b/krb5-1.21.3/src/lib/kadm5/chpass_util_strings.et
new file mode 100644
index 00000000..d2c4c3d1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/chpass_util_strings.et
@@ -0,0 +1,58 @@
+# this is really a string table for chpass_principal_util
+
+error_table ovku
+
+error_code CHPASS_UTIL_GET_POLICY_INFO, "while getting policy info."
+error_code CHPASS_UTIL_GET_PRINC_INFO, "while getting principal info."
+error_code CHPASS_UTIL_NEW_PASSWORD_MISMATCH, 
+	"New passwords do not match - password not changed.\n"
+
+error_code CHPASS_UTIL_NEW_PASSWORD_PROMPT, "New password"
+error_code CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT, "New password (again)"
+error_code CHPASS_UTIL_NO_PASSWORD_READ, "You must type a password. Passwords must be at least one character long.\n"
+error_code CHPASS_UTIL_NO_POLICY_YET_Q_ERROR, 
+"yet no policy set!  Contact your system security administrator."
+
+error_code CHPASS_UTIL_PASSWORD_CHANGED, "Password changed.\n"
+
+error_code CHPASS_UTIL_PASSWORD_IN_DICTIONARY,
+"New password was found in a dictionary of possible passwords and\n\
+therefore may be easily guessed. Please choose another password.\n\
+See the kpasswd man page for help in choosing a good password."
+
+error_code CHPASS_UTIL_PASSWORD_NOT_CHANGED, "Password not changed."
+
+error_code CHPASS_UTIL_PASSWORD_TOO_SHORT, 
+"New password is too short.\n\
+Please choose a password which is at least %d characters long."
+#	/*  <pw-min-len> */
+
+error_code CHPASS_UTIL_TOO_FEW_CLASSES, 
+"New password does not have enough character classes.\n\
+The character classes are:\n\
+	- lower-case letters,\n\
+	- upper-case letters,\n\
+	- digits,\n\
+	- punctuation, and\n\
+	- all other characters (e.g., control characters).\n\
+Please choose a password with at least %d character classes."
+# /* <min-classes> */
+
+
+error_code CHPASS_UTIL_PASSWORD_TOO_SOON,
+"Password cannot be changed because it was changed too recently.\n\
+Please wait until %s before you change it.\n\
+If you need to change your password before then, contact your system\n\
+security administrator."
+# /* <ctime(last-pw-change+pw-min-life)> */
+
+error_code CHPASS_UTIL_PASSWORD_REUSE, 
+"New password was used previously. Please choose a different password."
+
+error_code CHPASS_UTIL_WHILE_TRYING_TO_CHANGE, 
+"while trying to change password."
+
+error_code CHPASS_UTIL_WHILE_READING_PASSWORD, "while reading new password."
+
+end
+
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/Makefile.in b/krb5-1.21.3/src/lib/kadm5/clnt/Makefile.in
new file mode 100644
index 00000000..800f9387
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/Makefile.in
@@ -0,0 +1,79 @@
+mydir=lib$(S)kadm5$(S)clnt
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
+
+LIBBASE=kadm5clnt_mit
+LIBMAJOR=12
+LIBMINOR=0
+STOBJLISTS=../OBJS.ST OBJS.ST
+SHLIB_EXPDEPS=\
+	$(TOPLIBD)/libgssrpc$(SHLIBEXT) \
+	$(TOPLIBD)/libgssapi_krb5$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT) \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP)
+SHLIB_EXPLIBS=-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto $(SUPPORT_LIB) $(COM_ERR_LIB) $(LIBS)
+RELDIR=kadm5/clnt
+
+##DOSBUILDTOP = ..\..\..
+##DOSLIBNAME = libkadm5clnt.lib
+
+SRCS =	$(srcdir)/clnt_policy.c \
+	$(srcdir)/client_rpc.c \
+	$(srcdir)/client_principal.c \
+	$(srcdir)/client_init.c \
+	$(srcdir)/clnt_privs.c \
+	$(srcdir)/clnt_chpass_util.c
+
+OBJS =	\
+	clnt_policy.$(OBJEXT) \
+	client_rpc.$(OBJEXT) \
+	client_principal.$(OBJEXT) \
+	client_init.$(OBJEXT) \
+	clnt_privs.$(OBJEXT) \
+	clnt_chpass_util.$(OBJEXT)
+
+STLIBOBJS = \
+	clnt_policy.o \
+	client_rpc.o \
+	client_principal.o \
+	client_init.o \
+	clnt_privs.o \
+	clnt_chpass_util.o
+
+all-unix: includes
+all-unix: all-liblinks
+all-windows: $(OBJS)
+
+generate-files-mac: includes darwin.exports
+
+includes: client_internal.h
+	if cmp $(srcdir)/client_internal.h \
+	$(BUILDTOP)/include/kadm5/client_internal.h >/dev/null 2>&1; then :; \
+	else \
+		(set -x; $(RM) $(BUILDTOP)/include/kadm5/client_internal.h; \
+		 $(CP) $(srcdir)/client_internal.h \
+			$(BUILDTOP)/include/kadm5/client_internal.h) ; \
+	fi
+
+clean-unix::
+	$(RM) $(BUILDTOP)/include/kadm5/client_internal.h
+
+check-windows:
+
+clean-windows::
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+install: install-libs
+
+install-unix:
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/libkadm5clnt$(DEPLIBEXT)
+	(cd $(DESTDIR)$(KRB5_LIBDIR) && $(LN_S) lib$(LIBBASE)$(DEPLIBEXT) \
+		libkadm5clnt$(DEPLIBEXT))
+
+depend: includes
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/client_handle.c b/krb5-1.21.3/src/lib/kadm5/clnt/client_handle.c
new file mode 100644
index 00000000..48b76707
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/client_handle.c
@@ -0,0 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include "client_internal.h"
+
+int _kadm5_check_handle(void *handle)
+{
+    CHECK_HANDLE(handle);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/client_init.c b/krb5-1.21.3/src/lib/kadm5/clnt/client_init.c
new file mode 100644
index 00000000..d4fd5e17
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/client_init.c
@@ -0,0 +1,727 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <k5-int.h>
+#include <netdb.h>
+#include <com_err.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <fake-addrinfo.h>
+#include <krb5.h>
+
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include "client_internal.h"
+#include <iprop_hdr.h>
+#include "iprop.h"
+
+#include <gssrpc/rpc.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h>
+#include <gssrpc/auth_gssapi.h>
+
+#define ADM_CCACHE  "/tmp/ovsec_adm.XXXXXX"
+
+enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS, INIT_ANONYMOUS };
+
+static kadm5_ret_t
+init_any(krb5_context context, char *client_name, enum init_type init_type,
+         char *pass, krb5_ccache ccache_in, char *service_name,
+         kadm5_config_params *params, krb5_ui_4 struct_version,
+         krb5_ui_4 api_version, char **db_args, void **server_handle);
+
+static kadm5_ret_t
+get_init_creds(kadm5_server_handle_t handle, krb5_principal client,
+               enum init_type init_type, char *pass, krb5_ccache ccache_in,
+               char *svcname_in, char *realm, krb5_principal *server_out);
+
+static kadm5_ret_t
+gic_iter(kadm5_server_handle_t handle, enum init_type init_type,
+         krb5_ccache ccache, krb5_principal client, char *pass,
+         char *svcname, char *realm, krb5_principal *server_out);
+
+static kadm5_ret_t
+connect_to_server(const char *hostname, int port, int *fd);
+
+static kadm5_ret_t
+setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
+          krb5_principal client, krb5_principal server);
+
+static void
+rpc_auth(kadm5_server_handle_t handle, kadm5_config_params *params_in,
+         gss_cred_id_t gss_client_creds, gss_name_t gss_target);
+
+kadm5_ret_t
+kadm5_init_with_creds(krb5_context context, char *client_name,
+                      krb5_ccache ccache, char *service_name,
+                      kadm5_config_params *params, krb5_ui_4 struct_version,
+                      krb5_ui_4 api_version, char **db_args,
+                      void **server_handle)
+{
+    return init_any(context, client_name, INIT_CREDS, NULL, ccache,
+                    service_name, params, struct_version, api_version, db_args,
+                    server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_password(krb5_context context, char *client_name,
+                         char *pass, char *service_name,
+                         kadm5_config_params *params, krb5_ui_4 struct_version,
+                         krb5_ui_4 api_version, char **db_args,
+                         void **server_handle)
+{
+    return init_any(context, client_name, INIT_PASS, pass, NULL, service_name,
+                    params, struct_version, api_version, db_args,
+                    server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_anonymous(krb5_context context, char *client_name,
+                     char *service_name, kadm5_config_params *params,
+                     krb5_ui_4 struct_version, krb5_ui_4 api_version,
+                     char **db_args, void **server_handle)
+{
+    return init_any(context, client_name, INIT_ANONYMOUS, NULL, NULL,
+                    service_name, params, struct_version, api_version,
+                    db_args, server_handle);
+}
+
+kadm5_ret_t
+kadm5_init(krb5_context context, char *client_name, char *pass,
+           char *service_name, kadm5_config_params *params,
+           krb5_ui_4 struct_version, krb5_ui_4 api_version, char **db_args,
+           void **server_handle)
+{
+    return init_any(context, client_name, INIT_PASS, pass, NULL, service_name,
+                    params, struct_version, api_version, db_args,
+                    server_handle);
+}
+
+kadm5_ret_t
+kadm5_init_with_skey(krb5_context context, char *client_name,
+                     char *keytab, char *service_name,
+                     kadm5_config_params *params, krb5_ui_4 struct_version,
+                     krb5_ui_4 api_version, char **db_args,
+                     void **server_handle)
+{
+    return init_any(context, client_name, INIT_SKEY, keytab, NULL,
+                    service_name, params, struct_version, api_version, db_args,
+                    server_handle);
+}
+
+static kadm5_ret_t
+free_handle(kadm5_server_handle_t handle)
+{
+    kadm5_ret_t ret = 0;
+    OM_uint32 minor_stat;
+    krb5_ccache ccache;
+
+    if (handle == NULL)
+        return 0;
+
+    if (handle->destroy_cache && handle->cache_name != NULL) {
+        ret = krb5_cc_resolve(handle->context, handle->cache_name, &ccache);
+        if (!ret)
+            ret = krb5_cc_destroy(handle->context, ccache);
+    }
+    free(handle->cache_name);
+    (void)gss_release_cred(&minor_stat, &handle->cred);
+    if (handle->clnt != NULL && handle->clnt->cl_auth != NULL)
+        AUTH_DESTROY(handle->clnt->cl_auth);
+    if (handle->clnt != NULL)
+        clnt_destroy(handle->clnt);
+    if (handle->client_socket != -1)
+        close(handle->client_socket);
+    free(handle->lhandle);
+    kadm5_free_config_params(handle->context, &handle->params);
+    free(handle);
+
+    return ret;
+}
+
+static kadm5_ret_t
+init_any(krb5_context context, char *client_name, enum init_type init_type,
+         char *pass, krb5_ccache ccache_in, char *service_name,
+         kadm5_config_params *params_in, krb5_ui_4 struct_version,
+         krb5_ui_4 api_version, char **db_args, void **server_handle)
+{
+    int fd = -1;
+    krb5_boolean iprop_enable;
+    int port;
+    rpcprog_t rpc_prog;
+    rpcvers_t rpc_vers;
+    krb5_principal client = NULL, server = NULL;
+    struct timeval timeout;
+
+    kadm5_server_handle_t handle = NULL;
+    kadm5_config_params params_local;
+
+    krb5_error_code code;
+    generic_ret r = { 0, 0 };
+
+    initialize_ovk_error_table();
+    initialize_ovku_error_table();
+
+    if (server_handle == NULL || client_name == NULL)
+        return EINVAL;
+
+    CHECK_VERSIONS(struct_version, api_version, KADM5_OLD_LIB_API_VERSION,
+                   KADM5_NEW_LIB_API_VERSION);
+
+    handle = k5alloc(sizeof(*handle), &code);
+    if (handle == NULL)
+        goto cleanup;
+    handle->lhandle = k5alloc(sizeof(*handle), &code);
+    if (handle->lhandle == NULL)
+        goto cleanup;
+
+    handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
+    handle->struct_version = struct_version;
+    handle->api_version = api_version;
+    handle->clnt = 0;
+    handle->client_socket = -1;
+    handle->cache_name = 0;
+    handle->destroy_cache = 0;
+    handle->context = 0;
+    handle->cred = GSS_C_NO_CREDENTIAL;
+    *handle->lhandle = *handle;
+    handle->lhandle->api_version = KADM5_API_VERSION_4;
+    handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
+    handle->lhandle->lhandle = handle->lhandle;
+
+    handle->context = context;
+
+    memset(&params_local, 0, sizeof(params_local));
+
+    code = kadm5_get_config_params(handle->context, 0, params_in,
+                                   &handle->params);
+    if (code)
+        goto cleanup;
+
+#define REQUIRED_PARAMS (KADM5_CONFIG_REALM |           \
+                         KADM5_CONFIG_ADMIN_SERVER |    \
+                         KADM5_CONFIG_KADMIND_PORT)
+
+    if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+        code = KADM5_MISSING_KRB5_CONF_PARAMS;
+        goto cleanup;
+    }
+
+    /*
+     * Parse the client name.  If it has an empty realm, it is almost certainly
+     * a host-based principal using DNS fallback processing or the referral
+     * realm, so give it the appropriate name type for canonicalization.  Also
+     * check for iprop client principals as kpropd sets the realm on the
+     * sn2princ result.
+     */
+    code = krb5_parse_name(handle->context, client_name, &client);
+    if (code)
+        goto cleanup;
+    if ((init_type == INIT_SKEY && client->realm.length == 0) ||
+        (client->length == 2 &&
+         data_eq_string(client->data[0], KIPROP_SVC_NAME)))
+        client->type = KRB5_NT_SRV_HST;
+
+    /*
+     * Get credentials.  Also does some fallbacks in case kadmin/fqdn
+     * principal doesn't exist.
+     */
+    code = get_init_creds(handle, client, init_type, pass, ccache_in,
+                          service_name, handle->params.realm, &server);
+    if (code)
+        goto cleanup;
+
+    /* If the service_name and client_name are iprop-centric, use the iprop
+     * port and RPC identifiers. */
+    iprop_enable = (service_name != NULL &&
+                    strstr(service_name, KIPROP_SVC_NAME) != NULL &&
+                    strstr(client_name, KIPROP_SVC_NAME) != NULL);
+    if (iprop_enable) {
+        port = handle->params.iprop_port;
+        rpc_prog = KRB5_IPROP_PROG;
+        rpc_vers = KRB5_IPROP_VERS;
+    } else {
+        port = handle->params.kadmind_port;
+        rpc_prog = KADM;
+        rpc_vers = KADMVERS;
+    }
+
+    code = connect_to_server(handle->params.admin_server, port, &fd);
+    if (code)
+        goto cleanup;
+
+    handle->clnt = clnttcp_create(NULL, rpc_prog, rpc_vers, &fd, 0, 0);
+    if (handle->clnt == NULL) {
+        code = KADM5_RPC_ERROR;
+#ifdef DEBUG
+        clnt_pcreateerror("clnttcp_create");
+#endif
+        goto cleanup;
+    }
+
+    /* Set a one-hour timeout. */
+    timeout.tv_sec = 3600;
+    timeout.tv_usec = 0;
+    (void)clnt_control(handle->clnt, CLSET_TIMEOUT, &timeout);
+
+    handle->client_socket = fd;
+    handle->lhandle->clnt = handle->clnt;
+    handle->lhandle->client_socket = fd;
+
+    /*
+     * The RPC connection is open; establish the GSS-API
+     * authentication context.
+     */
+    code = setup_gss(handle, params_in,
+                     (init_type == INIT_CREDS) ? client : NULL, server);
+    if (code)
+        goto cleanup;
+
+    /*
+     * Bypass the remainder of the code and return straight away
+     * if the gss service requested is kiprop
+     */
+    if (iprop_enable) {
+        code = 0;
+        *server_handle = handle;
+        handle = NULL;
+        goto cleanup;
+    }
+
+    if (init_2(&handle->api_version, &r, handle->clnt)) {
+        code = KADM5_RPC_ERROR;
+#ifdef DEBUG
+        clnt_perror(handle->clnt, "init_2 null resp");
+#endif
+        goto cleanup;
+    }
+    /* Drop down to v3 wire protocol if server does not support v4 */
+    if (r.code == KADM5_NEW_SERVER_API_VERSION &&
+        handle->api_version == KADM5_API_VERSION_4) {
+        handle->api_version = KADM5_API_VERSION_3;
+        memset(&r, 0, sizeof(generic_ret));
+        if (init_2(&handle->api_version, &r, handle->clnt)) {
+            code = KADM5_RPC_ERROR;
+            goto cleanup;
+        }
+    }
+    /* Drop down to v2 wire protocol if server does not support v3 */
+    if (r.code == KADM5_NEW_SERVER_API_VERSION &&
+        handle->api_version == KADM5_API_VERSION_3) {
+        handle->api_version = KADM5_API_VERSION_2;
+        memset(&r, 0, sizeof(generic_ret));
+        if (init_2(&handle->api_version, &r, handle->clnt)) {
+            code = KADM5_RPC_ERROR;
+            goto cleanup;
+        }
+    }
+    if (r.code) {
+        code = r.code;
+        goto cleanup;
+    }
+
+    *server_handle = handle;
+    handle = NULL;
+
+cleanup:
+    krb5_free_principal(context, client);
+    krb5_free_principal(context, server);
+    (void)free_handle(handle);
+
+    return code;
+}
+
+/* Get initial credentials for authenticating to server.  Perform fallback from
+ * kadmin/fqdn to kadmin/admin if svcname_in is NULL. */
+static kadm5_ret_t
+get_init_creds(kadm5_server_handle_t handle, krb5_principal client,
+               enum init_type init_type, char *pass, krb5_ccache ccache_in,
+               char *svcname_in, char *realm, krb5_principal *server_out)
+{
+    kadm5_ret_t code;
+    krb5_ccache ccache = NULL;
+    char *svcname, svcbuf[BUFSIZ];
+
+    *server_out = NULL;
+
+    /*
+     * Acquire a service ticket for svcname@realm for client, using password
+     * pass (which could be NULL), and create a ccache to store them in.  If
+     * INIT_CREDS, use the ccache we were provided instead.
+     */
+    if (init_type == INIT_CREDS) {
+        ccache = ccache_in;
+        if (asprintf(&handle->cache_name, "%s:%s",
+                     krb5_cc_get_type(handle->context, ccache),
+                     krb5_cc_get_name(handle->context, ccache)) < 0) {
+            handle->cache_name = NULL;
+            code = ENOMEM;
+            goto error;
+        }
+    } else {
+        static int counter = 0;
+
+        if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) {
+            handle->cache_name = NULL;
+            code = ENOMEM;
+            goto error;
+        }
+        code = krb5_cc_resolve(handle->context, handle->cache_name,
+                               &ccache);
+        if (code)
+            goto error;
+
+        code = krb5_cc_initialize (handle->context, ccache, client);
+        if (code)
+            goto error;
+
+        handle->destroy_cache = 1;
+    }
+    handle->lhandle->cache_name = handle->cache_name;
+
+    svcname = (svcname_in != NULL) ? svcname_in : KADM5_ADMIN_SERVICE;
+    code = gic_iter(handle, init_type, ccache, client, pass, svcname, realm,
+                    server_out);
+    if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
+         || code == KRB5_CC_NOTFOUND) && svcname_in == NULL) {
+        /* Retry with host-based service principal. */
+        code = kadm5_get_admin_service_name(handle->context,
+                                            handle->params.realm,
+                                            svcbuf, sizeof(svcbuf));
+        if (code)
+            goto error;
+        code = gic_iter(handle, init_type, ccache, client, pass, svcbuf, realm,
+                        server_out);
+    }
+    /* Improved error messages */
+    if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
+    if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+        code = KADM5_SECURE_PRINC_MISSING;
+
+error:
+    if (ccache != NULL && init_type != INIT_CREDS)
+        krb5_cc_close(handle->context, ccache);
+    return code;
+}
+
+/* Perform one iteration of attempting to get credentials.  This includes
+ * searching existing ccache for requested service if INIT_CREDS. */
+static kadm5_ret_t
+gic_iter(kadm5_server_handle_t handle, enum init_type init_type,
+         krb5_ccache ccache, krb5_principal client, char *pass, char *svcname,
+         char *realm, krb5_principal *server_out)
+{
+    kadm5_ret_t code;
+    krb5_context ctx;
+    krb5_keytab kt;
+    krb5_get_init_creds_opt *opt = NULL;
+    krb5_creds mcreds, outcreds;
+
+    *server_out = NULL;
+    ctx = handle->context;
+    kt = NULL;
+    memset(&opt, 0, sizeof(opt));
+    memset(&mcreds, 0, sizeof(mcreds));
+    memset(&outcreds, 0, sizeof(outcreds));
+
+    /* Credentials for kadmin don't need to be forwardable or proxiable. */
+    if (init_type != INIT_CREDS) {
+        code = krb5_get_init_creds_opt_alloc(ctx, &opt);
+        if (code)
+            goto error;
+
+        krb5_get_init_creds_opt_set_forwardable(opt, 0);
+        krb5_get_init_creds_opt_set_proxiable(opt, 0);
+        krb5_get_init_creds_opt_set_out_ccache(ctx, opt, ccache);
+        if (init_type == INIT_ANONYMOUS)
+            krb5_get_init_creds_opt_set_anonymous(opt, 1);
+    }
+
+    if (init_type == INIT_PASS || init_type == INIT_ANONYMOUS) {
+        code = krb5_get_init_creds_password(ctx, &outcreds, client, pass,
+                                            krb5_prompter_posix,
+                                            NULL, 0, svcname, opt);
+        if (code)
+            goto error;
+    } else if (init_type == INIT_SKEY) {
+        if (pass) {
+            code = krb5_kt_resolve(ctx, pass, &kt);
+            if (code)
+                goto error;
+        }
+        code = krb5_get_init_creds_keytab(ctx, &outcreds, client, kt,
+                                          0, svcname, opt);
+        if (pass)
+            krb5_kt_close(ctx, kt);
+        if (code)
+            goto error;
+    } else if (init_type == INIT_CREDS) {
+        mcreds.client = client;
+        code = krb5_parse_name_flags(ctx, svcname,
+                                     KRB5_PRINCIPAL_PARSE_IGNORE_REALM,
+                                     &mcreds.server);
+        if (code)
+            goto error;
+        code = krb5_set_principal_realm(ctx, mcreds.server, realm);
+        if (code)
+            goto error;
+        code = krb5_cc_retrieve_cred(ctx, ccache, 0,
+                                     &mcreds, &outcreds);
+        krb5_free_principal(ctx, mcreds.server);
+        if (code)
+            goto error;
+    } else {
+        code = EINVAL;
+        goto error;
+    }
+
+    /* Steal the server principal of the creds we acquired and return it to the
+     * caller, which needs to knows what service to authenticate to. */
+    *server_out = outcreds.server;
+    outcreds.server = NULL;
+
+error:
+    krb5_free_cred_contents(ctx, &outcreds);
+    if (opt)
+        krb5_get_init_creds_opt_free(ctx, opt);
+    return code;
+}
+
+/* Set *fd to a socket connected to hostname and port. */
+static kadm5_ret_t
+connect_to_server(const char *hostname, int port, int *fd)
+{
+    struct addrinfo hint, *addrs, *a;
+    char portbuf[32];
+    int err, s;
+    kadm5_ret_t code;
+
+    /* Look up the server's addresses. */
+    (void) snprintf(portbuf, sizeof(portbuf), "%d", port);
+    memset(&hint, 0, sizeof(hint));
+    hint.ai_socktype = SOCK_STREAM;
+    hint.ai_flags = AI_ADDRCONFIG;
+#ifdef AI_NUMERICSERV
+    hint.ai_flags |= AI_NUMERICSERV;
+#endif
+    err = getaddrinfo(hostname, portbuf, &hint, &addrs);
+    if (err != 0)
+        return KADM5_CANT_RESOLVE;
+
+    /* Try to connect to each address until we succeed. */
+    for (a = addrs; a != NULL; a = a->ai_next) {
+        s = socket(a->ai_family, a->ai_socktype, 0);
+        if (s == -1) {
+            code = KADM5_FAILURE;
+            goto cleanup;
+        }
+        err = connect(s, a->ai_addr, a->ai_addrlen);
+        if (err == 0) {
+            *fd = s;
+            code = 0;
+            goto cleanup;
+        }
+        close(s);
+    }
+
+    /* We didn't succeed on any address. */
+    code = KADM5_RPC_ERROR;
+cleanup:
+    freeaddrinfo(addrs);
+    return code;
+}
+
+/* Acquire GSSAPI credentials and set up RPC auth flavor. */
+static kadm5_ret_t
+setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
+          krb5_principal client, krb5_principal server)
+{
+    OM_uint32 gssstat, minor_stat;
+    gss_buffer_desc buf;
+    gss_name_t gss_client;
+    gss_name_t gss_target;
+    const char *c_ccname_orig;
+    char *ccname_orig;
+
+    ccname_orig = NULL;
+    gss_client = gss_target = GSS_C_NO_NAME;
+
+    /* Temporarily use the kadm5 cache. */
+    gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name,
+                                   &c_ccname_orig);
+    if (gssstat != GSS_S_COMPLETE)
+        goto error;
+    if (c_ccname_orig)
+        ccname_orig = strdup(c_ccname_orig);
+    else
+        ccname_orig = 0;
+
+    buf.value = &server;
+    buf.length = sizeof(server);
+    gssstat = gss_import_name(&minor_stat, &buf,
+                              (gss_OID)gss_nt_krb5_principal, &gss_target);
+    if (gssstat != GSS_S_COMPLETE)
+        goto error;
+
+    if (client != NULL) {
+        buf.value = &client;
+        buf.length = sizeof(client);
+        gssstat = gss_import_name(&minor_stat, &buf,
+                                  (gss_OID)gss_nt_krb5_principal, &gss_client);
+    } else gss_client = GSS_C_NO_NAME;
+
+    if (gssstat != GSS_S_COMPLETE)
+        goto error;
+
+    gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
+                               GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+                               &handle->cred, NULL, NULL);
+    if (gssstat != GSS_S_COMPLETE)
+        goto error;
+
+    /*
+     * Do actual creation of RPC auth handle.  Implements auth flavor
+     * fallback.
+     */
+    rpc_auth(handle, params_in, handle->cred, gss_target);
+
+error:
+    if (gss_client)
+        gss_release_name(&minor_stat, &gss_client);
+    if (gss_target)
+        gss_release_name(&minor_stat, &gss_target);
+
+    /* Revert to prior gss_krb5 ccache. */
+    if (ccname_orig) {
+        gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL);
+        if (gssstat) {
+            return KADM5_GSS_ERROR;
+        }
+        free(ccname_orig);
+    } else {
+        gssstat = gss_krb5_ccache_name(&minor_stat, NULL, NULL);
+        if (gssstat) {
+            return KADM5_GSS_ERROR;
+        }
+    }
+
+    if (handle->clnt->cl_auth == NULL) {
+        return KADM5_GSS_ERROR;
+    }
+    return 0;
+}
+
+/* Create RPC auth handle.  Do auth flavor fallback if needed. */
+static void
+rpc_auth(kadm5_server_handle_t handle, kadm5_config_params *params_in,
+         gss_cred_id_t gss_client_creds, gss_name_t gss_target)
+{
+    OM_uint32 gssstat, minor_stat;
+    struct rpc_gss_sec sec;
+
+    /* Allow unauthenticated option for testing. */
+    if (params_in != NULL && (params_in->mask & KADM5_CONFIG_NO_AUTH))
+        return;
+
+    /* Use RPCSEC_GSS by default. */
+    if (params_in == NULL ||
+        !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
+        sec.mech = (gss_OID)gss_mech_krb5;
+        sec.qop = GSS_C_QOP_DEFAULT;
+        sec.svc = RPCSEC_GSS_SVC_PRIVACY;
+        sec.cred = gss_client_creds;
+        sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+
+        handle->clnt->cl_auth = authgss_create(handle->clnt,
+                                               gss_target, &sec);
+        if (handle->clnt->cl_auth != NULL)
+            return;
+    }
+
+    if (params_in != NULL && (params_in->mask & KADM5_CONFIG_AUTH_NOFALLBACK))
+        return;
+
+    /* Fall back to old AUTH_GSSAPI. */
+    handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
+                                               &gssstat,
+                                               &minor_stat,
+                                               gss_client_creds,
+                                               gss_target,
+                                               (gss_OID) gss_mech_krb5,
+                                               GSS_C_MUTUAL_FLAG
+                                               | GSS_C_REPLAY_FLAG,
+                                               0, NULL, NULL, NULL);
+}
+
+kadm5_ret_t
+kadm5_destroy(void *server_handle)
+{
+    CHECK_HANDLE(server_handle);
+    return free_handle(server_handle);
+}
+/* not supported on client */
+kadm5_ret_t kadm5_lock(void *server_handle)
+{
+    return EINVAL;
+}
+
+/* not supported on client */
+kadm5_ret_t kadm5_unlock(void *server_handle)
+{
+    return EINVAL;
+}
+
+kadm5_ret_t kadm5_flush(void *server_handle)
+{
+    return KADM5_OK;
+}
+
+int _kadm5_check_handle(void *handle)
+{
+    CHECK_HANDLE(handle);
+    return 0;
+}
+
+krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
+{
+    return krb5_init_context(ctx);
+}
+
+/*
+ * Stub function for kadmin.  It was created to eliminate the dependency on
+ * libkdb's ulog functions.  The srv equivalent makes the actual calls.
+ */
+krb5_error_code
+kadm5_init_iprop(void *handle, char **db_args)
+{
+    return (0);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/client_internal.h b/krb5-1.21.3/src/lib/kadm5/clnt/client_internal.h
new file mode 100644
index 00000000..fca7a7dc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/client_internal.h
@@ -0,0 +1,100 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ *
+ * $Log$
+ * Revision 1.1  1996/07/24 22:22:43  tlyu
+ *      * Makefile.in, configure.in: break out client lib into a
+ *              subdirectory
+ *
+ * Revision 1.11  1996/07/22 20:35:46  marc
+ * this commit includes all the changes on the OV_9510_INTEGRATION and
+ * OV_MERGE branches.  This includes, but is not limited to, the new openvision
+ * admin system, and major changes to gssapi to add functionality, and bring
+ * the implementation in line with rfc1964.  before committing, the
+ * code was built and tested for netbsd and solaris.
+ *
+ * Revision 1.10.4.1  1996/07/18 03:08:37  marc
+ * merged in changes from OV_9510_BP to OV_9510_FINAL1
+ *
+ * Revision 1.10.2.1  1996/06/20  02:16:46  marc
+ * File added to the repository on a branch
+ *
+ * Revision 1.10  1996/06/06  20:09:16  bjaspan
+ * add destroy_cache, for kadm5_init_with_creds
+ *
+ * Revision 1.9  1996/05/30 21:04:42  bjaspan
+ * add lhandle to handle
+ *
+ * Revision 1.8  1996/05/28 20:33:49  bjaspan
+ * rework kadm5_config
+ *
+ * Revision 1.7  1996/05/17 21:36:59  bjaspan
+ * rename to kadm5, begin implementing version 2
+ *
+ * Revision 1.6  1996/05/16 21:45:07  bjaspan
+ * add context
+ *
+ * Revision 1.5  1996/05/08 21:10:23  bjaspan
+ * marc's changes
+ *
+ * Revision 1.4  1996/01/16  20:54:30  grier
+ * secure/3570 use krb5_ui_4 not unsigned int
+ *
+ * Revision 1.3  1995/11/14  17:48:57  grier
+ * long to int
+ *
+ * Revision 1.2  1994/08/16  18:53:47  jik
+ * Versioning stuff.
+ *
+ * Revision 1.1  1994/08/09  21:14:38  jik
+ * Initial revision
+ *
+ */
+
+/*
+ * This header file is used internally by the Admin API client
+ * libraries.  IF YOU THINK YOU NEED TO USE THIS FILE FOR ANYTHING,
+ * YOU'RE ALMOST CERTAINLY WRONG.
+ */
+
+#ifndef __KADM5_CLIENT_INTERNAL_H__
+#define __KADM5_CLIENT_INTERNAL_H__
+
+#include "admin_internal.h"
+
+typedef struct _kadm5_server_handle_t {
+    krb5_ui_4       magic_number;
+    krb5_ui_4       struct_version;
+    krb5_ui_4       api_version;
+    char *          cache_name;
+    int             destroy_cache;
+    CLIENT *        clnt;
+    int             client_socket;
+    krb5_context    context;
+    gss_cred_id_t   cred;
+    kadm5_config_params params;
+    struct _kadm5_server_handle_t *lhandle;
+} kadm5_server_handle_rec, *kadm5_server_handle_t;
+
+#define CLIENT_CHECK_HANDLE(handle)             \
+    {                                           \
+        kadm5_server_handle_t srvr =            \
+            (kadm5_server_handle_t) handle;     \
+                                                \
+        if (! srvr->clnt)                       \
+            return KADM5_BAD_SERVER_HANDLE;     \
+        if (! srvr->cache_name)                 \
+            return KADM5_BAD_SERVER_HANDLE;     \
+        if (! srvr->lhandle)                    \
+            return KADM5_BAD_SERVER_HANDLE;     \
+    }
+
+#define CHECK_HANDLE(handle)                                    \
+    GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,     \
+                         KADM5_NEW_LIB_API_VERSION)             \
+    CLIENT_CHECK_HANDLE(handle)
+
+#endif /* __KADM5_CLIENT_INTERNAL_H__ */
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/client_principal.c b/krb5-1.21.3/src/lib/kadm5/clnt/client_principal.c
new file mode 100644
index 00000000..96d9d193
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/client_principal.c
@@ -0,0 +1,528 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include    <gssrpc/rpc.h>
+#include    <kadm5/admin.h>
+#include    <kadm5/kadm_rpc.h>
+#ifdef HAVE_MEMORY_H
+#include    <memory.h>
+#endif
+#include    <string.h>
+#include    <errno.h>
+#include    "client_internal.h"
+
+#ifdef DEBUG
+#define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0)
+#else
+#define eret() do { return KADM5_RPC_ERROR; } while (0)
+#endif
+
+kadm5_ret_t
+kadm5_create_principal(void *server_handle,
+                       kadm5_principal_ent_t princ, long mask,
+                       char *pw)
+{
+    generic_ret         r = { 0, 0 };
+    cprinc_arg          arg;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    memset(&arg, 0, sizeof(arg));
+    arg.mask = mask;
+    arg.passwd = pw;
+    arg.api_version = handle->api_version;
+
+    if(princ == NULL)
+        return EINVAL;
+
+    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+    arg.rec.mod_name = NULL;
+
+    if(!(mask & KADM5_POLICY))
+        arg.rec.policy = NULL;
+    if (! (mask & KADM5_KEY_DATA)) {
+        arg.rec.n_key_data = 0;
+        arg.rec.key_data = NULL;
+    }
+    if (! (mask & KADM5_TL_DATA)) {
+        arg.rec.n_tl_data = 0;
+        arg.rec.tl_data = NULL;
+    }
+
+    if (create_principal_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_create_principal_3(void *server_handle,
+                         kadm5_principal_ent_t princ, long mask,
+                         int n_ks_tuple,
+                         krb5_key_salt_tuple *ks_tuple,
+                         char *pw)
+{
+    generic_ret         r = { 0, 0 };
+    cprinc3_arg         arg;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    memset(&arg, 0, sizeof(arg));
+    arg.mask = mask;
+    arg.passwd = pw;
+    arg.api_version = handle->api_version;
+    arg.n_ks_tuple = n_ks_tuple;
+    arg.ks_tuple = ks_tuple;
+
+    if(princ == NULL)
+        return EINVAL;
+
+    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+    arg.rec.mod_name = NULL;
+
+    if(!(mask & KADM5_POLICY))
+        arg.rec.policy = NULL;
+    if (! (mask & KADM5_KEY_DATA)) {
+        arg.rec.n_key_data = 0;
+        arg.rec.key_data = NULL;
+    }
+    if (! (mask & KADM5_TL_DATA)) {
+        arg.rec.n_tl_data = 0;
+        arg.rec.tl_data = NULL;
+    }
+
+    if (create_principal3_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_delete_principal(void *server_handle, krb5_principal principal)
+{
+    dprinc_arg          arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(principal == NULL)
+        return EINVAL;
+    arg.princ = principal;
+    arg.api_version = handle->api_version;
+    if (delete_principal_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_modify_principal(void *server_handle,
+                       kadm5_principal_ent_t princ, long mask)
+{
+    mprinc_arg          arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    memset(&arg, 0, sizeof(arg));
+    arg.mask = mask;
+    arg.api_version = handle->api_version;
+    if(princ == NULL)
+        return EINVAL;
+    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+    if(!(mask & KADM5_POLICY))
+        arg.rec.policy = NULL;
+    if (! (mask & KADM5_KEY_DATA)) {
+        arg.rec.n_key_data = 0;
+        arg.rec.key_data = NULL;
+    }
+    if (! (mask & KADM5_TL_DATA)) {
+        arg.rec.n_tl_data = 0;
+        arg.rec.tl_data = NULL;
+    }
+
+    arg.rec.mod_name = NULL;
+
+    if (modify_principal_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_get_principal(void *server_handle,
+                    krb5_principal princ, kadm5_principal_ent_t ent,
+                    long mask)
+{
+    gprinc_arg  arg;
+    gprinc_ret  r;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(princ == NULL)
+        return EINVAL;
+    arg.princ = princ;
+    arg.mask = mask;
+    arg.api_version = handle->api_version;
+    memset(&r, 0, sizeof(gprinc_ret));
+    if (get_principal_2(&arg, &r, handle->clnt))
+        eret();
+    if (r.code == 0)
+        memcpy(ent, &r.rec, sizeof(r.rec));
+
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_get_principals(void *server_handle,
+                     char *exp, char ***princs, int *count)
+{
+    gprincs_arg arg;
+    gprincs_ret r;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(princs == NULL || count == NULL)
+        return EINVAL;
+    arg.exp = exp;
+    arg.api_version = handle->api_version;
+    memset(&r, 0, sizeof(gprincs_ret));
+    if (get_princs_2(&arg, &r, handle->clnt))
+        eret();
+    if (r.code == 0) {
+        *count = r.count;
+        *princs = r.princs;
+    } else {
+        *count = 0;
+        *princs = NULL;
+    }
+
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_rename_principal(void *server_handle,
+                       krb5_principal source, krb5_principal dest)
+{
+    rprinc_arg          arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.src = source;
+    arg.dest = dest;
+    arg.api_version = handle->api_version;
+    if (source == NULL || dest == NULL)
+        return EINVAL;
+    if (rename_principal_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_chpass_principal(void *server_handle,
+                       krb5_principal princ, char *password)
+{
+    chpass_arg          arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.pass = password;
+    arg.api_version = handle->api_version;
+
+    if(princ == NULL)
+        return EINVAL;
+    if (chpass_principal_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_chpass_principal_3(void *server_handle,
+                         krb5_principal princ, krb5_boolean keepold,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         char *password)
+{
+    chpass3_arg         arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.pass = password;
+    arg.api_version = handle->api_version;
+    arg.keepold = keepold;
+    arg.n_ks_tuple = n_ks_tuple;
+    arg.ks_tuple = ks_tuple;
+
+    if(princ == NULL)
+        return EINVAL;
+    if (chpass_principal3_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_setkey_principal(void *server_handle,
+                       krb5_principal princ,
+                       krb5_keyblock *keyblocks,
+                       int n_keys)
+{
+    setkey_arg          arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.keyblocks = keyblocks;
+    arg.n_keys = n_keys;
+    arg.api_version = handle->api_version;
+
+    if(princ == NULL || keyblocks == NULL)
+        return EINVAL;
+    if (setkey_principal_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_setkey_principal_3(void *server_handle,
+                         krb5_principal princ,
+                         krb5_boolean keepold, int n_ks_tuple,
+                         krb5_key_salt_tuple *ks_tuple,
+                         krb5_keyblock *keyblocks,
+                         int n_keys)
+{
+    setkey3_arg         arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.keyblocks = keyblocks;
+    arg.n_keys = n_keys;
+    arg.api_version = handle->api_version;
+    arg.keepold = keepold;
+    arg.n_ks_tuple = n_ks_tuple;
+    arg.ks_tuple = ks_tuple;
+
+    if(princ == NULL || keyblocks == NULL)
+        return EINVAL;
+    if (setkey_principal3_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_setkey_principal_4(void *server_handle,
+                         krb5_principal princ,
+                         krb5_boolean keepold,
+                         kadm5_key_data *key_data,
+                         int n_key_data)
+{
+    setkey4_arg         arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.api_version = handle->api_version;
+    arg.princ = princ;
+    arg.keepold = keepold;
+    arg.key_data = key_data;
+    arg.n_key_data = n_key_data;
+
+    if (princ == NULL || key_data == NULL || n_key_data == 0)
+        return EINVAL;
+    if (setkey_principal4_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_randkey_principal_3(void *server_handle,
+                          krb5_principal princ,
+                          krb5_boolean keepold, int n_ks_tuple,
+                          krb5_key_salt_tuple *ks_tuple,
+                          krb5_keyblock **key, int *n_keys)
+{
+    chrand3_arg         arg;
+    chrand_ret          r;
+    kadm5_server_handle_t handle = server_handle;
+    int                 i;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.api_version = handle->api_version;
+    arg.keepold = keepold;
+    arg.n_ks_tuple = n_ks_tuple;
+    arg.ks_tuple = ks_tuple;
+
+    if(princ == NULL)
+        return EINVAL;
+    memset(&r, 0, sizeof(chrand_ret));
+    if (chrand_principal3_2(&arg, &r, handle->clnt))
+        eret();
+    if (n_keys)
+        *n_keys = r.n_keys;
+    if (key) {
+        *key = r.keys;
+    } else {
+        for (i = 0; i < r.n_keys; i++)
+            krb5_free_keyblock_contents(handle->context, &r.keys[i]);
+        free(r.keys);
+    }
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_randkey_principal(void *server_handle,
+                        krb5_principal princ,
+                        krb5_keyblock **key, int *n_keys)
+{
+    chrand_arg          arg;
+    chrand_ret          r;
+    kadm5_server_handle_t handle = server_handle;
+    int                 i;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.api_version = handle->api_version;
+
+    if(princ == NULL)
+        return EINVAL;
+    memset(&r, 0, sizeof(chrand_ret));
+    if (chrand_principal_2(&arg, &r, handle->clnt))
+        eret();
+    if (n_keys)
+        *n_keys = r.n_keys;
+    if (key) {
+        *key = r.keys;
+    } else {
+        for (i = 0; i < r.n_keys; i++)
+            krb5_free_keyblock_contents(handle->context, &r.keys[i]);
+        free(r.keys);
+    }
+    return r.code;
+}
+
+/* not supported on client side */
+kadm5_ret_t kadm5_decrypt_key(void *server_handle,
+                              kadm5_principal_ent_t entry, krb5_int32
+                              ktype, krb5_int32 stype, krb5_int32
+                              kvno, krb5_keyblock *keyblock,
+                              krb5_keysalt *keysalt, int *kvnop)
+{
+    return EINVAL;
+}
+
+kadm5_ret_t
+kadm5_purgekeys(void *server_handle,
+                krb5_principal princ,
+                int keepkvno)
+{
+    purgekeys_arg       arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.princ = princ;
+    arg.keepkvno = keepkvno;
+    arg.api_version = handle->api_version;
+
+    if (princ == NULL)
+        return EINVAL;
+    if (purgekeys_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_get_strings(void *server_handle, krb5_principal principal,
+                  krb5_string_attr **strings_out, int *count_out)
+{
+    gstrings_arg arg;
+    gstrings_ret r;
+    kadm5_server_handle_t handle = server_handle;
+
+    *strings_out = NULL;
+    *count_out = 0;
+    CHECK_HANDLE(server_handle);
+    if (principal == NULL)
+        return EINVAL;
+
+    arg.princ = principal;
+    arg.api_version = handle->api_version;
+    memset(&r, 0, sizeof(gstrings_ret));
+    if (get_strings_2(&arg, &r, handle->clnt))
+        eret();
+    if (r.code == 0) {
+        *strings_out = r.strings;
+        *count_out = r.count;
+    }
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_set_string(void *server_handle, krb5_principal principal,
+                 const char *key, const char *value)
+{
+    sstring_arg arg;
+    generic_ret r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+    if (principal == NULL || key == NULL)
+        return EINVAL;
+
+    arg.princ = principal;
+    arg.key = (char *)key;
+    arg.value = (char *)value;
+    arg.api_version = handle->api_version;
+    if (set_string_2(&arg, &r, handle->clnt))
+        eret();
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_get_principal_keys(void *server_handle, krb5_principal princ,
+                         krb5_kvno kvno, kadm5_key_data **key_data,
+                         int *n_key_data)
+{
+    getpkeys_arg        arg;
+    getpkeys_ret        r;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    arg.api_version = handle->api_version;
+    arg.princ = princ;
+    arg.kvno = kvno;
+
+    if (princ == NULL || key_data == NULL || n_key_data == 0)
+        return EINVAL;
+    memset(&r, 0, sizeof(getpkeys_ret));
+    if (get_principal_keys_2(&arg, &r, handle->clnt))
+        eret();
+    if (r.code == 0) {
+        *key_data = r.key_data;
+        *n_key_data = r.n_key_data;
+    }
+    return r.code;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/client_rpc.c b/krb5-1.21.3/src/lib/kadm5/clnt/client_rpc.c
new file mode 100644
index 00000000..d84d158b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/client_rpc.c
@@ -0,0 +1,213 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+#include <gssrpc/rpc.h>
+#include <kadm5/kadm_rpc.h>
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <string.h>  /* for memset prototype */
+
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+/* Default timeout can be changed using clnt_control() */
+static struct timeval TIMEOUT = { 25, 0 };
+
+enum clnt_stat
+create_principal_2(cprinc_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CREATE_PRINCIPAL,
+			 (xdrproc_t)xdr_cprinc_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+create_principal3_2(cprinc3_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CREATE_PRINCIPAL3,
+			 (xdrproc_t)xdr_cprinc3_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+delete_principal_2(dprinc_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, DELETE_PRINCIPAL,
+			 (xdrproc_t)xdr_dprinc_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+modify_principal_2(mprinc_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, MODIFY_PRINCIPAL,
+			 (xdrproc_t)xdr_mprinc_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+rename_principal_2(rprinc_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, RENAME_PRINCIPAL,
+			 (xdrproc_t)xdr_rprinc_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_principal_2(gprinc_arg *argp, gprinc_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, GET_PRINCIPAL,
+			 (xdrproc_t)xdr_gprinc_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_gprinc_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_princs_2(gprincs_arg *argp, gprincs_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, GET_PRINCS,
+			 (xdrproc_t)xdr_gprincs_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_gprincs_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+chpass_principal_2(chpass_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CHPASS_PRINCIPAL,
+			 (xdrproc_t)xdr_chpass_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+chpass_principal3_2(chpass3_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CHPASS_PRINCIPAL3,
+			 (xdrproc_t)xdr_chpass3_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+setkey_principal_2(setkey_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, SETKEY_PRINCIPAL,
+			 (xdrproc_t)xdr_setkey_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+setkey_principal3_2(setkey3_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, SETKEY_PRINCIPAL3,
+			 (xdrproc_t)xdr_setkey3_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+setkey_principal4_2(setkey4_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, SETKEY_PRINCIPAL4,
+			 (xdrproc_t)xdr_setkey4_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+chrand_principal_2(chrand_arg *argp, chrand_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CHRAND_PRINCIPAL,
+			 (xdrproc_t)xdr_chrand_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_chrand_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+chrand_principal3_2(chrand3_arg *argp, chrand_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CHRAND_PRINCIPAL3,
+			 (xdrproc_t)xdr_chrand3_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_chrand_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+create_policy_2(cpol_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, CREATE_POLICY,
+			 (xdrproc_t)xdr_cpol_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+delete_policy_2(dpol_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, DELETE_POLICY,
+			 (xdrproc_t)xdr_dpol_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+modify_policy_2(mpol_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, MODIFY_POLICY,
+			 (xdrproc_t)xdr_mpol_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_policy_2(gpol_arg *argp, gpol_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, GET_POLICY,
+			 (xdrproc_t)xdr_gpol_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_gpol_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_pols_2(gpols_arg *argp, gpols_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, GET_POLS,
+			 (xdrproc_t)xdr_gpols_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_gpols_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_privs_2(void *argp, getprivs_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, GET_PRIVS,
+			 (xdrproc_t)xdr_u_int32, (caddr_t)argp,
+			 (xdrproc_t)xdr_getprivs_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+init_2(void *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, INIT,
+			 (xdrproc_t)xdr_u_int32, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+purgekeys_2(purgekeys_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, PURGEKEYS,
+			 (xdrproc_t)xdr_purgekeys_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_strings_2(gstrings_arg *argp, gstrings_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, GET_STRINGS,
+			 (xdrproc_t)xdr_gstrings_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_gstrings_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+set_string_2(sstring_arg *argp, generic_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, SET_STRING,
+			 (xdrproc_t)xdr_sstring_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
+}
+
+enum clnt_stat
+get_principal_keys_2(getpkeys_arg *argp, getpkeys_ret *res, CLIENT *clnt)
+{
+	return clnt_call(clnt, EXTRACT_KEYS,
+			 (xdrproc_t)xdr_getpkeys_arg, (caddr_t)argp,
+			 (xdrproc_t)xdr_getpkeys_ret, (caddr_t)res, TIMEOUT);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/clnt_chpass_util.c b/krb5-1.21.3/src/lib/kadm5/clnt/clnt_chpass_util.c
new file mode 100644
index 00000000..618efda9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/clnt_chpass_util.c
@@ -0,0 +1,17 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <kadm5/admin.h>
+#include "client_internal.h"
+
+kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
+                                        krb5_principal princ,
+                                        char *new_pw,
+                                        char **ret_pw,
+                                        char *msg_ret,
+                                        unsigned int msg_len)
+{
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+    return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
+                                        new_pw, ret_pw, msg_ret, msg_len);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/clnt_policy.c b/krb5-1.21.3/src/lib/kadm5/clnt/clnt_policy.c
new file mode 100644
index 00000000..42ba86f9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/clnt_policy.c
@@ -0,0 +1,130 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include    <gssrpc/rpc.h>
+#include    <kadm5/admin.h>
+#include    <kadm5/kadm_rpc.h>
+#include    "client_internal.h"
+#include        <stdlib.h>
+#include        <string.h>
+#include        <errno.h>
+
+kadm5_ret_t
+kadm5_create_policy(void *server_handle,
+                    kadm5_policy_ent_t policy, long mask)
+{
+    cpol_arg            arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(policy == (kadm5_policy_ent_t) NULL)
+        return EINVAL;
+
+    arg.mask = mask;
+    arg.api_version = handle->api_version;
+    memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
+    if (create_policy_2(&arg, &r, handle->clnt))
+        return KADM5_RPC_ERROR;
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_delete_policy(void *server_handle, char *name)
+{
+    dpol_arg            arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(name == NULL)
+        return EINVAL;
+
+    arg.name = name;
+    arg.api_version = handle->api_version;
+
+    if (delete_policy_2(&arg, &r, handle->clnt))
+        return KADM5_RPC_ERROR;
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_modify_policy(void *server_handle,
+                    kadm5_policy_ent_t policy, long mask)
+{
+    mpol_arg            arg;
+    generic_ret         r = { 0, 0 };
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(policy == (kadm5_policy_ent_t) NULL)
+        return EINVAL;
+
+    arg.mask = mask;
+    arg.api_version = handle->api_version;
+
+    memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
+    if (modify_policy_2(&arg, &r, handle->clnt))
+        return KADM5_RPC_ERROR;
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
+{
+    gpol_arg        arg;
+    gpol_ret        r;
+    kadm5_server_handle_t handle = server_handle;
+
+    memset(ent, 0, sizeof(*ent));
+
+    CHECK_HANDLE(server_handle);
+
+    arg.name = name;
+    arg.api_version = handle->api_version;
+
+    if(name == NULL)
+        return EINVAL;
+
+    memset(&r, 0, sizeof(gpol_ret));
+    if (get_policy_2(&arg, &r, handle->clnt))
+        return KADM5_RPC_ERROR;
+    if (r.code == 0)
+        memcpy(ent, &r.rec, sizeof(r.rec));
+    return r.code;
+}
+
+kadm5_ret_t
+kadm5_get_policies(void *server_handle,
+                   char *exp, char ***pols, int *count)
+{
+    gpols_arg   arg;
+    gpols_ret   r;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if(pols == NULL || count == NULL)
+        return EINVAL;
+    arg.exp = exp;
+    arg.api_version = handle->api_version;
+    memset(&r, 0, sizeof(gpols_ret));
+    if (get_pols_2(&arg, &r, handle->clnt))
+        return KADM5_RPC_ERROR;
+    if (r.code == 0) {
+        *count = r.count;
+        *pols = r.pols;
+    } else {
+        *count = 0;
+        *pols = NULL;
+    }
+
+    return r.code;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/clnt_privs.c b/krb5-1.21.3/src/lib/kadm5/clnt/clnt_privs.c
new file mode 100644
index 00000000..0627d72a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/clnt_privs.c
@@ -0,0 +1,28 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ * $Source$
+ *
+ */
+
+#include    <gssrpc/rpc.h>
+#include    <kadm5/admin.h>
+#include    <kadm5/kadm_rpc.h>
+#include    "client_internal.h"
+#include    <string.h>
+
+kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
+{
+    getprivs_ret r;
+    kadm5_server_handle_t handle = server_handle;
+
+    memset(&r, 0, sizeof(getprivs_ret));
+    if (get_privs_2(&handle->api_version, &r, handle->clnt))
+        return KADM5_RPC_ERROR;
+    else if (r.code == KADM5_OK)
+        *privs = r.privs;
+
+    return r.code;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/deps b/krb5-1.21.3/src/lib/kadm5/clnt/deps
new file mode 100644
index 00000000..f2a0b28c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/deps
@@ -0,0 +1,84 @@
+#
+# Generated makefile dependencies follow.
+#
+clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h clnt_policy.c
+client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_rpc.c
+client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h client_principal.c
+client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_gssapi.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  client_init.c client_internal.h
+clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h clnt_privs.c
+clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h clnt_chpass_util.c
diff --git a/krb5-1.21.3/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/krb5-1.21.3/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
new file mode 100644
index 00000000..9ed7d52d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
@@ -0,0 +1,115 @@
+_kadm5_check_handle
+_kadm5_chpass_principal_util
+kadm5_chpass_principal
+kadm5_chpass_principal_3
+kadm5_chpass_principal_util
+kadm5_create_policy
+kadm5_create_principal
+kadm5_create_principal_3
+kadm5_decrypt_key
+kadm5_delete_policy
+kadm5_delete_principal
+kadm5_destroy
+kadm5_flush
+kadm5_free_config_params
+kadm5_free_kadm5_key_data
+kadm5_free_key_data
+kadm5_free_name_list
+kadm5_free_policy_ent
+kadm5_free_principal_ent
+kadm5_free_strings
+kadm5_get_admin_service_name
+kadm5_get_config_params
+kadm5_get_policies
+kadm5_get_policy
+kadm5_get_principal
+kadm5_get_principal_keys
+kadm5_get_principals
+kadm5_get_privs
+kadm5_get_strings
+kadm5_init
+kadm5_init_anonymous
+kadm5_init_krb5_context
+kadm5_init_with_creds
+kadm5_init_with_password
+kadm5_init_with_skey
+kadm5_lock
+kadm5_modify_policy
+kadm5_modify_principal
+kadm5_purgekeys
+kadm5_randkey_principal
+kadm5_randkey_principal_3
+kadm5_rename_principal
+kadm5_set_string
+kadm5_setkey_principal
+kadm5_setkey_principal_3
+kadm5_setkey_principal_4
+kadm5_unlock
+krb5_aprof_get_boolean
+krb5_aprof_get_deltat
+krb5_aprof_get_int32
+krb5_aprof_get_string
+krb5_aprof_getvals
+krb5_flagnum_to_string
+krb5_flagspec_to_mask
+krb5_flags_to_strings
+krb5_free_key_data_contents
+krb5_keysalt_is_present
+krb5_keysalt_iterate
+krb5_klog_close
+krb5_klog_init
+krb5_klog_reopen
+krb5_klog_set_context
+krb5_klog_syslog
+krb5_string_to_keysalts
+xdr_chpass3_arg
+xdr_chpass_arg
+xdr_chrand3_arg
+xdr_chrand_arg
+xdr_chrand_ret
+xdr_cpol_arg
+xdr_cprinc3_arg
+xdr_cprinc_arg
+xdr_dpol_arg
+xdr_dprinc_arg
+xdr_generic_ret
+xdr_getpkeys_arg
+xdr_getpkeys_ret
+xdr_getprivs_ret
+xdr_gpol_arg
+xdr_gpol_ret
+xdr_gpols_arg
+xdr_gpols_ret
+xdr_gprinc_arg
+xdr_gprinc_ret
+xdr_gprincs_arg
+xdr_gprincs_ret
+xdr_kadm5_key_data
+xdr_kadm5_policy_ent_rec
+xdr_kadm5_principal_ent_rec
+xdr_kadm5_ret_t
+xdr_krb5_deltat
+xdr_krb5_enctype
+xdr_krb5_flags
+xdr_krb5_int16
+xdr_krb5_key_data_nocontents
+xdr_krb5_key_salt_tuple
+xdr_krb5_keyblock
+xdr_krb5_kvno
+xdr_krb5_octet
+xdr_krb5_principal
+xdr_krb5_salttype
+xdr_krb5_timestamp
+xdr_krb5_tl_data
+xdr_krb5_ui_2
+xdr_krb5_ui_4
+xdr_mpol_arg
+xdr_mprinc_arg
+xdr_nullstring
+xdr_nulltype
+xdr_rprinc_arg
+xdr_setkey3_arg
+xdr_setkey4_arg
+xdr_setkey_arg
+xdr_ui_4
+kadm5_init_iprop
diff --git a/krb5-1.21.3/src/lib/kadm5/deps b/krb5-1.21.3/src/lib/kadm5/deps
new file mode 100644
index 00000000..3585f08f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/deps
@@ -0,0 +1,111 @@
+#
+# Generated makefile dependencies follow.
+#
+kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) kadm_err.c
+chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \
+  $(COM_ERR_DEPS) chpass_util_strings.c
+misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  admin_internal.h misc_free.c server_internal.h
+kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
+  kadm_rpc_xdr.c
+chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  admin_internal.h chpass_util.c
+alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h alt_prof.c
+str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h admin_internal.h \
+  str_conv.c
+logger.so logger.po $(OUTPRE)logger.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  logger.c
diff --git a/krb5-1.21.3/src/lib/kadm5/kadm_err.et b/krb5-1.21.3/src/lib/kadm5/kadm_err.et
new file mode 100644
index 00000000..fbe2e763
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/kadm_err.et
@@ -0,0 +1,70 @@
+# This is the KADM5 error table.  The order of error codes
+# defined in this file MUST match that specified in the API
+# functionality specification, which is the master version.
+#
+error_table ovk
+# vv 0
+error_code KADM5_FAILURE, "Operation failed for unspecified reason"
+error_code KADM5_AUTH_GET, "Operation requires ``get'' privilege"
+error_code KADM5_AUTH_ADD, "Operation requires ``add'' privilege"
+error_code KADM5_AUTH_MODIFY, "Operation requires ``modify'' privilege"
+error_code KADM5_AUTH_DELETE, "Operation requires ``delete'' privilege"
+error_code KADM5_AUTH_INSUFFICIENT, "Insufficient authorization for operation"
+error_code KADM5_BAD_DB, "Database inconsistency detected"
+error_code KADM5_DUP, "Principal or policy already exists"
+error_code KADM5_RPC_ERROR, "Communication failure with server"
+error_code KADM5_NO_SRV, "No administration server found for realm"
+error_code KADM5_BAD_HIST_KEY, "Password history principal key version mismatch"
+error_code KADM5_NOT_INIT, "Connection to server not initialized"
+error_code KADM5_UNK_PRINC, "Principal does not exist"
+error_code KADM5_UNK_POLICY, "Policy does not exist"
+error_code KADM5_BAD_MASK, "Invalid field mask for operation"
+error_code KADM5_BAD_CLASS, "Invalid number of character classes"
+error_code KADM5_BAD_LENGTH, "Invalid password length"
+error_code KADM5_BAD_POLICY, "Illegal policy name"
+error_code KADM5_BAD_PRINCIPAL, "Illegal principal name"
+error_code KADM5_BAD_AUX_ATTR, "Invalid auxiliary attributes"
+error_code KADM5_BAD_HISTORY, "Invalid password history count"
+error_code KADM5_BAD_MIN_PASS_LIFE, "Password minimum life is greater than password maximum life"
+error_code KADM5_PASS_Q_TOOSHORT, "Password is too short"
+error_code KADM5_PASS_Q_CLASS, "Password does not contain enough character classes"
+error_code KADM5_PASS_Q_DICT, "Password is in the password dictionary"
+error_code KADM5_PASS_REUSE, "Cannot reuse password"
+error_code KADM5_PASS_TOOSOON, "Current password's minimum life has not expired"
+error_code KADM5_POLICY_REF, "Policy is in use"
+error_code KADM5_INIT,	"Connection to server already initialized"
+error_code KADM5_BAD_PASSWORD, "Incorrect password"
+error_code KADM5_PROTECT_PRINCIPAL, "Cannot change protected principal"
+error_code KADM5_BAD_SERVER_HANDLE, "Programmer error!  Bad Admin server handle"
+error_code KADM5_BAD_STRUCT_VERSION, "Programmer error!  Bad API structure version"
+error_code KADM5_OLD_STRUCT_VERSION, "API structure version specified by application is no longer supported (to fix, recompile application against current KADM5 API header files and libraries)"
+error_code KADM5_NEW_STRUCT_VERSION, "API structure version specified by application is unknown to libraries (to fix, obtain current KADM5 API header files and libraries and recompile application)"
+error_code KADM5_BAD_API_VERSION, "Programmer error!  Bad API version"
+error_code KADM5_OLD_LIB_API_VERSION, "API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile)"
+error_code KADM5_OLD_SERVER_API_VERSION, "API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile)"
+error_code KADM5_NEW_LIB_API_VERSION, "API version specified by application is unknown to libraries (to fix, obtain current KADM5 API header files and libraries and recompile application)"
+error_code KADM5_NEW_SERVER_API_VERSION, "API version specified by application is unknown to server (to fix, obtain and install newest KADM5 Admin Server)"
+error_code KADM5_SECURE_PRINC_MISSING, "Database error! Required KADM5 principal missing"
+error_code KADM5_NO_RENAME_SALT, "The salt type of the specified principal does not support renaming"
+error_code KADM5_BAD_CLIENT_PARAMS, "Illegal configuration parameter for remote KADM5 client"
+error_code KADM5_BAD_SERVER_PARAMS, "Illegal configuration parameter for local KADM5 client"
+error_code KADM5_AUTH_LIST, "Operation requires ``list'' privilege"
+error_code KADM5_AUTH_CHANGEPW, "Operation requires ``change-password'' privilege"
+error_code KADM5_GSS_ERROR, "GSS-API (or Kerberos) error"
+error_code KADM5_BAD_TL_TYPE, "Programmer error!  Illegal tagged data list type"
+error_code KADM5_MISSING_CONF_PARAMS, "Required parameters in kdc.conf missing"
+error_code KADM5_BAD_SERVER_NAME, "Bad krb5 admin server hostname"
+error_code KADM5_AUTH_SETKEY, "Operation requires ``set-key'' privilege"
+error_code KADM5_SETKEY_DUP_ENCTYPES, "Multiple values for single or folded enctype"
+error_code KADM5_SETV4KEY_INVAL_ENCTYPE, "Invalid enctype for setv4key"
+error_code KADM5_SETKEY3_ETYPE_MISMATCH, "Mismatched enctypes for setkey3"
+error_code KADM5_MISSING_KRB5_CONF_PARAMS, "Missing parameters in krb5.conf required for kadmin client"
+error_code KADM5_XDR_FAILURE,		"XDR encoding error"
+error_code KADM5_CANT_RESOLVE, "Cannot resolve network address for admin server in requested realm"
+error_code KADM5_PASS_Q_GENERIC, "Unspecified password quality failure"
+error_code KADM5_BAD_KEYSALTS, "Invalid key/salt tuples"
+error_code KADM5_SETKEY_BAD_KVNO, "Invalid multiple or duplicate kvnos in setkey operation"
+error_code KADM5_AUTH_EXTRACT, "Operation requires ``extract-keys'' privilege"
+error_code KADM5_PROTECT_KEYS, "Principal keys are locked down"
+error_code KADM5_AUTH_INITIAL, "Operation requires initial ticket"
+end
diff --git a/krb5-1.21.3/src/lib/kadm5/kadm_rpc.h b/krb5-1.21.3/src/lib/kadm5/kadm_rpc.h
new file mode 100644
index 00000000..5099c6c1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/kadm_rpc.h
@@ -0,0 +1,408 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+#ifndef __KADM_RPC_H__
+#define __KADM_RPC_H__
+
+#include <gssrpc/types.h>
+
+#include	<krb5.h>
+#include	<kadm5/admin.h>
+
+struct cprinc_arg {
+	krb5_ui_4 api_version;
+	kadm5_principal_ent_rec rec;
+	long mask;
+	char *passwd;
+};
+typedef struct cprinc_arg cprinc_arg;
+
+struct cprinc3_arg {
+	krb5_ui_4 api_version;
+	kadm5_principal_ent_rec rec;
+	long mask;
+	int n_ks_tuple;
+	krb5_key_salt_tuple *ks_tuple;
+	char *passwd;
+};
+typedef struct cprinc3_arg cprinc3_arg;
+
+struct generic_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+};
+typedef struct generic_ret generic_ret;
+
+struct dprinc_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+};
+typedef struct dprinc_arg dprinc_arg;
+
+struct mprinc_arg {
+	krb5_ui_4 api_version;
+	kadm5_principal_ent_rec rec;
+	long mask;
+};
+typedef struct mprinc_arg mprinc_arg;
+
+struct rprinc_arg {
+	krb5_ui_4 api_version;
+	krb5_principal src;
+	krb5_principal dest;
+};
+typedef struct rprinc_arg rprinc_arg;
+
+struct gprincs_arg {
+	krb5_ui_4 api_version;
+	char *exp;
+};
+typedef struct gprincs_arg gprincs_arg;
+
+struct gprincs_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	char **princs;
+	int count;
+};
+typedef struct gprincs_ret gprincs_ret;
+
+struct chpass_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	char *pass;
+};
+typedef struct chpass_arg chpass_arg;
+
+struct chpass3_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	krb5_boolean keepold;
+	int n_ks_tuple;
+	krb5_key_salt_tuple *ks_tuple;
+	char *pass;
+};
+typedef struct chpass3_arg chpass3_arg;
+
+struct setkey_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	krb5_keyblock *keyblocks;
+	int n_keys;
+};
+typedef struct setkey_arg setkey_arg;
+
+struct setkey3_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	krb5_boolean keepold;
+	int n_ks_tuple;
+	krb5_key_salt_tuple *ks_tuple;
+	krb5_keyblock *keyblocks;
+	int n_keys;
+};
+typedef struct setkey3_arg setkey3_arg;
+
+struct setkey4_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	krb5_boolean keepold;
+	kadm5_key_data *key_data;
+	int n_key_data;
+};
+typedef struct setkey4_arg setkey4_arg;
+
+struct chrand_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+};
+typedef struct chrand_arg chrand_arg;
+
+struct chrand3_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	krb5_boolean keepold;
+	int n_ks_tuple;
+	krb5_key_salt_tuple *ks_tuple;
+};
+typedef struct chrand3_arg chrand3_arg;
+
+struct chrand_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	krb5_keyblock key;
+	krb5_keyblock *keys;
+	int n_keys;
+};
+typedef struct chrand_ret chrand_ret;
+
+struct gprinc_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	long mask;
+};
+typedef struct gprinc_arg gprinc_arg;
+
+struct gprinc_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	kadm5_principal_ent_rec rec;
+};
+typedef struct gprinc_ret gprinc_ret;
+
+struct cpol_arg {
+	krb5_ui_4 api_version;
+	kadm5_policy_ent_rec rec;
+	long mask;
+};
+typedef struct cpol_arg cpol_arg;
+
+struct dpol_arg {
+	krb5_ui_4 api_version;
+	char *name;
+};
+typedef struct dpol_arg dpol_arg;
+
+struct mpol_arg {
+	krb5_ui_4 api_version;
+	kadm5_policy_ent_rec rec;
+	long mask;
+};
+typedef struct mpol_arg mpol_arg;
+
+struct gpol_arg {
+	krb5_ui_4 api_version;
+	char *name;
+};
+typedef struct gpol_arg gpol_arg;
+
+struct gpol_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	kadm5_policy_ent_rec rec;
+};
+typedef struct gpol_ret gpol_ret;
+
+struct gpols_arg {
+	krb5_ui_4 api_version;
+	char *exp;
+};
+typedef struct gpols_arg gpols_arg;
+
+struct gpols_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	char **pols;
+	int count;
+};
+typedef struct gpols_ret gpols_ret;
+
+struct getprivs_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	long privs;
+};
+typedef struct getprivs_ret getprivs_ret;
+
+struct purgekeys_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	int keepkvno;
+};
+typedef struct purgekeys_arg purgekeys_arg;
+
+struct gstrings_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+};
+typedef struct gstrings_arg gstrings_arg;
+
+struct gstrings_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	krb5_string_attr *strings;
+	int count;
+};
+typedef struct gstrings_ret gstrings_ret;
+
+struct sstring_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	char *key;
+	char *value;
+};
+typedef struct sstring_arg sstring_arg;
+
+struct getpkeys_arg {
+	krb5_ui_4 api_version;
+	krb5_principal princ;
+	krb5_kvno kvno;
+};
+typedef struct getpkeys_arg getpkeys_arg;
+
+struct getpkeys_ret {
+	krb5_ui_4 api_version;
+	kadm5_ret_t code;
+	kadm5_key_data *key_data;
+	int n_key_data;
+};
+typedef struct getpkeys_ret getpkeys_ret;
+
+#define KADM 2112
+#define KADMVERS 2
+#define CREATE_PRINCIPAL 1
+extern  enum clnt_stat create_principal_2(cprinc_arg *, generic_ret *,
+					  CLIENT *);
+extern  bool_t create_principal_2_svc(cprinc_arg *, generic_ret *,
+				      struct svc_req *);
+#define DELETE_PRINCIPAL 2
+extern  enum clnt_stat delete_principal_2(dprinc_arg *, generic_ret *,
+					  CLIENT *);
+extern  bool_t delete_principal_2_svc(dprinc_arg *, generic_ret *,
+				      struct svc_req *);
+#define MODIFY_PRINCIPAL 3
+extern  enum clnt_stat modify_principal_2(mprinc_arg *, generic_ret *,
+					  CLIENT *);
+extern  bool_t modify_principal_2_svc(mprinc_arg *, generic_ret *,
+				      struct svc_req *);
+#define RENAME_PRINCIPAL 4
+extern  enum clnt_stat rename_principal_2(rprinc_arg *, generic_ret *,
+					  CLIENT *);
+extern  bool_t rename_principal_2_svc(rprinc_arg *, generic_ret *,
+				      struct svc_req *);
+#define GET_PRINCIPAL 5
+extern  enum clnt_stat get_principal_2(gprinc_arg *, gprinc_ret *, CLIENT *);
+extern  bool_t get_principal_2_svc(gprinc_arg *, gprinc_ret *,
+				   struct svc_req *);
+#define CHPASS_PRINCIPAL 6
+extern  enum clnt_stat chpass_principal_2(chpass_arg *, generic_ret *,
+					  CLIENT *);
+extern  bool_t chpass_principal_2_svc(chpass_arg *, generic_ret *,
+				      struct svc_req *);
+#define CHRAND_PRINCIPAL 7
+extern  enum clnt_stat chrand_principal_2(chrand_arg *, chrand_ret *,
+					  CLIENT *);
+extern  bool_t chrand_principal_2_svc(chrand_arg *, chrand_ret *,
+				      struct svc_req *);
+#define CREATE_POLICY 8
+extern  enum clnt_stat create_policy_2(cpol_arg *, generic_ret *, CLIENT *);
+extern  bool_t create_policy_2_svc(cpol_arg *, generic_ret *,
+				   struct svc_req *);
+#define DELETE_POLICY 9
+extern  enum clnt_stat delete_policy_2(dpol_arg *, generic_ret *, CLIENT *);
+extern  bool_t delete_policy_2_svc(dpol_arg *, generic_ret *,
+				   struct svc_req *);
+#define MODIFY_POLICY 10
+extern  enum clnt_stat modify_policy_2(mpol_arg *, generic_ret *, CLIENT *);
+extern  bool_t modify_policy_2_svc(mpol_arg *, generic_ret *,
+				   struct svc_req *);
+#define GET_POLICY 11
+extern  enum clnt_stat get_policy_2(gpol_arg *, gpol_ret *, CLIENT *);
+extern  bool_t get_policy_2_svc(gpol_arg *, gpol_ret *, struct svc_req *);
+#define GET_PRIVS 12
+extern  enum clnt_stat get_privs_2(void *, getprivs_ret *, CLIENT *);
+extern  bool_t get_privs_2_svc(krb5_ui_4 *, getprivs_ret *, struct svc_req *);
+#define INIT 13
+extern  enum clnt_stat init_2(void *, generic_ret *, CLIENT *);
+extern  bool_t init_2_svc(krb5_ui_4 *, generic_ret *, struct svc_req *);
+#define GET_PRINCS 14
+extern  enum clnt_stat get_princs_2(gprincs_arg *, gprincs_ret *, CLIENT *);
+extern  bool_t get_princs_2_svc(gprincs_arg *, gprincs_ret *,
+				struct svc_req *);
+#define GET_POLS 15
+extern  enum clnt_stat get_pols_2(gpols_arg *, gpols_ret *, CLIENT *);
+extern  bool_t get_pols_2_svc(gpols_arg *, gpols_ret *, struct svc_req *);
+#define SETKEY_PRINCIPAL 16
+extern  enum clnt_stat setkey_principal_2(setkey_arg *, generic_ret *,
+					  CLIENT *);
+extern  bool_t setkey_principal_2_svc(setkey_arg *, generic_ret *,
+				      struct svc_req *);
+
+/* 17 was SETV4KEY_PRINCIPAL (removed in 1.18). */
+
+#define CREATE_PRINCIPAL3 18
+extern  enum clnt_stat create_principal3_2(cprinc3_arg *, generic_ret *,
+					   CLIENT *);
+extern  bool_t create_principal3_2_svc(cprinc3_arg *, generic_ret *,
+				       struct svc_req *);
+#define CHPASS_PRINCIPAL3 19
+extern  enum clnt_stat chpass_principal3_2(chpass3_arg *, generic_ret *,
+					   CLIENT *);
+extern  bool_t chpass_principal3_2_svc(chpass3_arg *, generic_ret *,
+				       struct svc_req *);
+#define CHRAND_PRINCIPAL3 20
+extern  enum clnt_stat chrand_principal3_2(chrand3_arg *, chrand_ret *,
+					   CLIENT *);
+extern  bool_t chrand_principal3_2_svc(chrand3_arg *, chrand_ret *,
+				       struct svc_req *);
+#define SETKEY_PRINCIPAL3 21
+extern  enum clnt_stat setkey_principal3_2(setkey3_arg *, generic_ret *,
+					   CLIENT *);
+extern  bool_t setkey_principal3_2_svc(setkey3_arg *, generic_ret *,
+				       struct svc_req *);
+#define PURGEKEYS 22
+extern  enum clnt_stat purgekeys_2(purgekeys_arg *, generic_ret *, CLIENT *);
+extern  bool_t purgekeys_2_svc(purgekeys_arg *, generic_ret *,
+			       struct svc_req *);
+#define GET_STRINGS 23
+extern  enum clnt_stat get_strings_2(gstrings_arg *, gstrings_ret *, CLIENT *);
+extern  bool_t get_strings_2_svc(gstrings_arg *, gstrings_ret *,
+				 struct svc_req *);
+#define SET_STRING 24
+extern  enum clnt_stat set_string_2(sstring_arg *, generic_ret *, CLIENT *);
+extern  bool_t set_string_2_svc(sstring_arg *, generic_ret *,
+				struct svc_req *);
+#define SETKEY_PRINCIPAL4 25
+extern  enum clnt_stat setkey_principal4_2(setkey4_arg *, generic_ret *,
+					   CLIENT *);
+extern  bool_t setkey_principal4_2_svc(setkey4_arg *, generic_ret *,
+				       struct svc_req *);
+#define EXTRACT_KEYS 26
+extern enum clnt_stat get_principal_keys_2(getpkeys_arg *, getpkeys_ret *,
+					   CLIENT *);
+extern  bool_t get_principal_keys_2_svc(getpkeys_arg *, getpkeys_ret *,
+					struct svc_req *);
+
+extern bool_t xdr_cprinc_arg ();
+extern bool_t xdr_cprinc3_arg ();
+extern bool_t xdr_generic_ret ();
+extern bool_t xdr_dprinc_arg ();
+extern bool_t xdr_mprinc_arg ();
+extern bool_t xdr_rprinc_arg ();
+extern bool_t xdr_gprincs_arg ();
+extern bool_t xdr_gprincs_ret ();
+extern bool_t xdr_chpass_arg ();
+extern bool_t xdr_chpass3_arg ();
+extern bool_t xdr_setkey_arg ();
+extern bool_t xdr_setkey3_arg ();
+extern bool_t xdr_setkey4_arg ();
+extern bool_t xdr_chrand_arg ();
+extern bool_t xdr_chrand3_arg ();
+extern bool_t xdr_chrand_ret ();
+extern bool_t xdr_gprinc_arg ();
+extern bool_t xdr_gprinc_ret ();
+extern bool_t xdr_kadm5_ret_t ();
+extern bool_t xdr_kadm5_principal_ent_rec ();
+extern bool_t xdr_kadm5_policy_ent_rec ();
+extern bool_t	xdr_krb5_keyblock ();
+extern bool_t	xdr_krb5_principal ();
+extern bool_t	xdr_krb5_enctype ();
+extern bool_t	xdr_krb5_octet ();
+extern bool_t	xdr_krb5_int32 ();
+extern bool_t	xdr_u_int32 ();
+extern bool_t xdr_cpol_arg ();
+extern bool_t xdr_dpol_arg ();
+extern bool_t xdr_mpol_arg ();
+extern bool_t xdr_gpol_arg ();
+extern bool_t xdr_gpol_ret ();
+extern bool_t xdr_gpols_arg ();
+extern bool_t xdr_gpols_ret ();
+extern bool_t xdr_getprivs_ret ();
+extern bool_t xdr_purgekeys_arg ();
+extern bool_t xdr_gstrings_arg ();
+extern bool_t xdr_gstrings_ret ();
+extern bool_t xdr_sstring_arg ();
+extern bool_t xdr_krb5_string_attr ();
+extern bool_t xdr_kadm5_key_data ();
+extern bool_t xdr_getpkeys_arg ();
+extern bool_t xdr_getpkeys_ret ();
+
+#endif /* __KADM_RPC_H__ */
diff --git a/krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c b/krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c
new file mode 100644
index 00000000..287cae75
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c
@@ -0,0 +1,1206 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ */
+
+#include <gssrpc/rpc.h>
+#include <krb5.h>
+#include <errno.h>
+#include <kadm5/admin.h>
+#include <kadm5/kadm_rpc.h>
+#include <kadm5/admin_xdr.h>
+#include <stdlib.h>
+#include <string.h>
+
+static bool_t
+_xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+			     int v);
+static bool_t
+_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers);
+
+/*
+ * Function: xdr_ui_4
+ *
+ * Purpose: XDR function which serves as a wrapper for xdr_u_int32,
+ * to prevent compiler warnings about type clashes between u_int32
+ * and krb5_ui_4.
+ */
+bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp)
+{
+  /* Assumes that krb5_ui_4 and u_int32 are both four bytes long.
+     This should not be a harmful assumption. */
+  return xdr_u_int32(xdrs, (uint32_t *) objp);
+}
+
+
+/*
+ * Function: xdr_nullstring
+ *
+ * Purpose: XDR function for "strings" that are either NULL-terminated
+ * or NULL.
+ */
+bool_t xdr_nullstring(XDR *xdrs, char **objp)
+{
+     u_int size;
+
+     if (xdrs->x_op == XDR_ENCODE) {
+	  if (*objp == NULL)
+	       size = 0;
+	  else
+	       size = strlen(*objp) + 1;
+     }
+     if (! xdr_u_int(xdrs, &size)) {
+	  return FALSE;
+	}
+     switch (xdrs->x_op) {
+     case XDR_DECODE:
+	  if (size == 0) {
+	       *objp = NULL;
+	       return TRUE;
+	  } else if (*objp == NULL) {
+	       *objp = (char *) mem_alloc(size);
+	       if (*objp == NULL) {
+		    errno = ENOMEM;
+		    return FALSE;
+	       }
+	  }
+	  if (!xdr_opaque(xdrs, *objp, size))
+		  return FALSE;
+	  /* Check that the unmarshalled bytes are a C string. */
+	  if ((*objp)[size - 1] != '\0')
+		  return FALSE;
+	  if (memchr(*objp, '\0', size - 1) != NULL)
+		  return FALSE;
+	  return TRUE;
+
+     case XDR_ENCODE:
+	  if (size != 0)
+	       return (xdr_opaque(xdrs, *objp, size));
+	  return TRUE;
+
+     case XDR_FREE:
+	  if (*objp != NULL)
+	       mem_free(*objp, size);
+	  *objp = NULL;
+	  return TRUE;
+     }
+
+     return FALSE;
+}
+
+/*
+ * Function: xdr_nulltype
+ *
+ * Purpose: XDR function for arbitrary pointer types that are either
+ * NULL or contain data.
+ */
+bool_t xdr_nulltype(XDR *xdrs, void **objp, xdrproc_t proc)
+{
+     bool_t null;
+
+     switch (xdrs->x_op) {
+     case XDR_DECODE:
+	  if (!xdr_bool(xdrs, &null))
+	      return FALSE;
+	  if (null) {
+	       *objp = NULL;
+	       return TRUE;
+	  }
+	  return (*proc)(xdrs, objp);
+
+     case XDR_ENCODE:
+	  if (*objp == NULL)
+	       null = TRUE;
+	  else
+	       null = FALSE;
+	  if (!xdr_bool(xdrs, &null))
+	       return FALSE;
+	  if (null == FALSE)
+	       return (*proc)(xdrs, objp);
+	  return TRUE;
+
+     case XDR_FREE:
+	  if (*objp)
+	       return (*proc)(xdrs, objp);
+	  return TRUE;
+     }
+
+     return FALSE;
+}
+
+bool_t
+xdr_krb5_timestamp(XDR *xdrs, krb5_timestamp *objp)
+{
+  /* This assumes that int32 and krb5_timestamp are the same size.
+     This shouldn't be a problem, since we've got a unit test which
+     checks for this. */
+	if (!xdr_int32(xdrs, (int32_t *) objp)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_krb5_kvno(XDR *xdrs, krb5_kvno *objp)
+{
+	return xdr_u_int(xdrs, objp);
+}
+
+bool_t
+xdr_krb5_deltat(XDR *xdrs, krb5_deltat *objp)
+{
+  /* This assumes that int32 and krb5_deltat are the same size.
+     This shouldn't be a problem, since we've got a unit test which
+     checks for this. */
+	if (!xdr_int32(xdrs, (int32_t *) objp)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_krb5_flags(XDR *xdrs, krb5_flags *objp)
+{
+  /* This assumes that int32 and krb5_flags are the same size.
+     This shouldn't be a problem, since we've got a unit test which
+     checks for this. */
+	if (!xdr_int32(xdrs, (int32_t *) objp)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_krb5_ui_4(XDR *xdrs, krb5_ui_4 *objp)
+{
+	if (!xdr_u_int32(xdrs, (uint32_t *) objp)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp)
+{
+    int tmp;
+
+    tmp = (int) *objp;
+
+    if (!xdr_int(xdrs, &tmp))
+	return(FALSE);
+
+    *objp = (krb5_int16) tmp;
+
+    return(TRUE);
+}
+
+/*
+ * Function: xdr_krb5_ui_2
+ *
+ * Purpose: XDR function which serves as a wrapper for xdr_u_int,
+ * to prevent compiler warnings about type clashes between u_int
+ * and krb5_ui_2.
+ */
+bool_t
+xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
+{
+    unsigned int tmp;
+
+    tmp = (unsigned int) *objp;
+
+    if (!xdr_u_int(xdrs, &tmp))
+	return(FALSE);
+
+    *objp = (krb5_ui_2) tmp;
+
+    return(TRUE);
+}
+
+
+
+static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool)
+{
+	bool_t val;
+
+	switch (xdrs->x_op) {
+	case XDR_DECODE:
+	     if (!xdr_bool(xdrs, &val))
+		     return FALSE;
+
+	     *kbool = (val == FALSE) ? FALSE : TRUE;
+	     return TRUE;
+
+	case XDR_ENCODE:
+	     val = *kbool ? TRUE : FALSE;
+	     return xdr_bool(xdrs, &val);
+
+	case XDR_FREE:
+	     return TRUE;
+	}
+
+	return FALSE;
+}
+
+bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp)
+{
+     /*
+      * Note that this function intentionally DOES NOT transfer key
+      * length or contents!  xdr_krb5_key_data in adb_xdr.c does, but
+      * that is only for use within the server-side library.
+      */
+     unsigned int tmp;
+
+     if (xdrs->x_op == XDR_DECODE)
+	  memset(objp, 0, sizeof(krb5_key_data));
+
+     if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) {
+	  return (FALSE);
+     }
+     if (!xdr_krb5_ui_2(xdrs, &objp->key_data_kvno)) {
+	  return (FALSE);
+     }
+     if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0])) {
+	  return (FALSE);
+     }
+     if (objp->key_data_ver > 1) {
+	  if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1])) {
+	       return (FALSE);
+	  }
+     }
+     /*
+      * kadm5_get_principal on the server side allocates and returns
+      * key contents when asked.  Even though this function refuses to
+      * transmit that data, it still has to *free* the data at the
+      * appropriate time to avoid a memory leak.
+      */
+     if (xdrs->x_op == XDR_FREE) {
+	  tmp = (unsigned int) objp->key_data_length[0];
+	  if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
+			 &tmp, ~0))
+	       return FALSE;
+
+	  tmp = (unsigned int) objp->key_data_length[1];
+	  if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
+			 &tmp, ~0))
+	       return FALSE;
+     }
+
+     return (TRUE);
+}
+
+
+bool_t
+xdr_krb5_key_salt_tuple(XDR *xdrs, krb5_key_salt_tuple *objp)
+{
+    if (!xdr_krb5_enctype(xdrs, &objp->ks_enctype))
+	return FALSE;
+    if (!xdr_krb5_salttype(xdrs, &objp->ks_salttype))
+	return FALSE;
+    return TRUE;
+}
+
+bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head)
+{
+     krb5_tl_data *tl, *tl2;
+     bool_t more;
+     unsigned int len;
+
+     switch (xdrs->x_op) {
+     case XDR_FREE:
+	  tl = tl2 = *tl_data_head;
+	  while (tl) {
+	       tl2 = tl->tl_data_next;
+	       free(tl->tl_data_contents);
+	       free(tl);
+	       tl = tl2;
+	  }
+	  *tl_data_head = NULL;
+	  break;
+
+     case XDR_ENCODE:
+	  tl = *tl_data_head;
+	  while (1) {
+	       more = (tl != NULL);
+	       if (!xdr_bool(xdrs, &more))
+		    return FALSE;
+	       if (tl == NULL)
+		    break;
+	       if (!xdr_krb5_int16(xdrs, &tl->tl_data_type))
+		    return FALSE;
+	       len = tl->tl_data_length;
+	       if (!xdr_bytes(xdrs, (char **) &tl->tl_data_contents, &len, ~0))
+		    return FALSE;
+	       tl = tl->tl_data_next;
+	  }
+	  break;
+
+     case XDR_DECODE:
+	  tl = NULL;
+	  while (1) {
+	       if (!xdr_bool(xdrs, &more))
+		    return FALSE;
+	       if (more == FALSE)
+		    break;
+	       tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
+	       if (tl2 == NULL)
+		    return FALSE;
+	       memset(tl2, 0, sizeof(krb5_tl_data));
+	       if (!xdr_krb5_int16(xdrs, &tl2->tl_data_type))
+		    return FALSE;
+	       if (!xdr_bytes(xdrs, (char **)&tl2->tl_data_contents, &len, ~0))
+		    return FALSE;
+	       tl2->tl_data_length = len;
+
+	       tl2->tl_data_next = tl;
+	       tl = tl2;
+	  }
+
+	  *tl_data_head = tl;
+	  break;
+     }
+
+     return TRUE;
+}
+
+bool_t
+xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp)
+{
+	uint32_t tmp;
+
+	if (xdrs->x_op == XDR_ENCODE)
+		tmp = (uint32_t) *objp;
+
+	if (!xdr_u_int32(xdrs, &tmp))
+		return (FALSE);
+
+	if (xdrs->x_op == XDR_DECODE)
+		*objp = (kadm5_ret_t) tmp;
+
+	return (TRUE);
+}
+
+bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs,
+				   kadm5_principal_ent_rec *objp)
+{
+     return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_3);
+}
+
+static bool_t
+_xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
+			     int v)
+{
+	unsigned int n;
+	bool_t r;
+
+	if (!xdr_krb5_principal(xdrs, &objp->principal)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_timestamp(xdrs, &objp->princ_expire_time)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_timestamp(xdrs, &objp->last_pwd_change)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_timestamp(xdrs, &objp->pw_expiration)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_deltat(xdrs, &objp->max_life)) {
+		return (FALSE);
+	}
+	if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
+			  xdr_krb5_principal)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_flags(xdrs, &objp->attributes)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_kvno(xdrs, &objp->kvno)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_kvno(xdrs, &objp->mkvno)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->policy)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->aux_attributes)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+		return (FALSE);
+	}
+	if (xdrs->x_op == XDR_DECODE && objp->n_key_data < 0) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+		return (FALSE);
+	}
+	if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+			  xdr_krb5_tl_data)) {
+		return FALSE;
+	}
+	n = objp->n_key_data;
+	r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data,
+		      sizeof(krb5_key_data), xdr_krb5_key_data_nocontents);
+	objp->n_key_data = n;
+	if (!r) {
+		return (FALSE);
+	}
+
+	return (TRUE);
+}
+
+static bool_t
+_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers)
+{
+	if (!xdr_nullstring(xdrs, &objp->policy)) {
+		return (FALSE);
+	}
+	/* these all used to be u_int32, but it's stupid for sized types
+	   to be exposed at the api, and they're the same as longs on the
+	   wire. */
+	if (!xdr_long(xdrs, &objp->pw_min_life)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->pw_max_life)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->pw_min_length)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->pw_min_classes)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->pw_history_num)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->policy_refcnt)) {
+		return (FALSE);
+	}
+	if (xdrs->x_op == XDR_DECODE) {
+		objp->pw_max_fail = 0;
+		objp->pw_failcnt_interval = 0;
+		objp->pw_lockout_duration = 0;
+		objp->attributes = 0;
+		objp->max_life = 0;
+		objp->max_renewable_life = 0;
+		objp->allowed_keysalts = NULL;
+		objp->n_tl_data = 0;
+		objp->tl_data = NULL;
+	}
+	if (vers >= KADM5_API_VERSION_3) {
+		if (!xdr_krb5_kvno(xdrs, &objp->pw_max_fail))
+			return (FALSE);
+		if (!xdr_krb5_deltat(xdrs, &objp->pw_failcnt_interval))
+			return (FALSE);
+		if (!xdr_krb5_deltat(xdrs, &objp->pw_lockout_duration))
+			return (FALSE);
+	}
+	if (vers >= KADM5_API_VERSION_4) {
+		if (!xdr_krb5_flags(xdrs, &objp->attributes)) {
+			return (FALSE);
+		}
+		if (!xdr_krb5_deltat(xdrs, &objp->max_life)) {
+			return (FALSE);
+		}
+		if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
+			return (FALSE);
+		}
+		if (!xdr_nullstring(xdrs, &objp->allowed_keysalts)) {
+			return (FALSE);
+		}
+		if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+			return (FALSE);
+		}
+		if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+				  xdr_krb5_tl_data)) {
+			return FALSE;
+		}
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp)
+{
+	return _xdr_kadm5_policy_ent_rec(xdrs, objp, KADM5_API_VERSION_4);
+}
+
+bool_t
+xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+					  objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->mask)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->passwd)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+					  objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->mask)) {
+		return (FALSE);
+	}
+	if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple,
+		       (unsigned int *)&objp->n_ks_tuple, ~0,
+		       sizeof(krb5_key_salt_tuple),
+		       xdr_krb5_key_salt_tuple)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->passwd)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_generic_ret(XDR *xdrs, generic_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+		return (FALSE);
+	}
+
+	return(TRUE);
+}
+
+bool_t
+xdr_dprinc_arg(XDR *xdrs, dprinc_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+					  objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->mask)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->src)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->dest)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp)
+{
+     if (!xdr_ui_4(xdrs, &objp->api_version)) {
+	  return (FALSE);
+     }
+     if (!xdr_nullstring(xdrs, &objp->exp)) {
+	  return (FALSE);
+     }
+     return (TRUE);
+}
+
+bool_t
+xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp)
+{
+     if (!xdr_ui_4(xdrs, &objp->api_version)) {
+	  return (FALSE);
+     }
+     if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+	  return (FALSE);
+     }
+     if (objp->code == KADM5_OK) {
+	  if (!xdr_int(xdrs, &objp->count)) {
+	       return (FALSE);
+	  }
+	  if (!xdr_array(xdrs, (caddr_t *) &objp->princs,
+			 (unsigned int *) &objp->count, ~0,
+			 sizeof(char *), xdr_nullstring)) {
+	       return (FALSE);
+	  }
+     }
+
+     return (TRUE);
+}
+
+bool_t
+xdr_chpass_arg(XDR *xdrs, chpass_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->pass)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_boolean(xdrs, &objp->keepold)) {
+		return (FALSE);
+	}
+	if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple,
+		       (unsigned int*)&objp->n_ks_tuple, ~0,
+		       sizeof(krb5_key_salt_tuple),
+		       xdr_krb5_key_salt_tuple)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->pass)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_setkey_arg(XDR *xdrs, setkey_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks,
+		       (unsigned int *) &objp->n_keys, ~0,
+		       sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_boolean(xdrs, &objp->keepold)) {
+		return (FALSE);
+	}
+	if (!xdr_array(xdrs, (caddr_t *) &objp->ks_tuple,
+		       (unsigned int *) &objp->n_ks_tuple, ~0,
+		       sizeof(krb5_key_salt_tuple), xdr_krb5_key_salt_tuple)) {
+		return (FALSE);
+	}
+	if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks,
+		       (unsigned int *) &objp->n_keys, ~0,
+		       sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_setkey4_arg(XDR *xdrs, setkey4_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return FALSE;
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return FALSE;
+	}
+	if (!xdr_krb5_boolean(xdrs, &objp->keepold)) {
+		return FALSE;
+	}
+	if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+		       (unsigned int *) &objp->n_key_data, ~0,
+		       sizeof(kadm5_key_data), xdr_kadm5_key_data)) {
+		return FALSE;
+	}
+	return TRUE;
+}
+
+bool_t
+xdr_chrand_arg(XDR *xdrs, chrand_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_chrand3_arg(XDR *xdrs, chrand3_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_boolean(xdrs, &objp->keepold)) {
+		return (FALSE);
+	}
+	if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple,
+		       (unsigned int*)&objp->n_ks_tuple, ~0,
+		       sizeof(krb5_key_salt_tuple),
+		       xdr_krb5_key_salt_tuple)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_chrand_ret(XDR *xdrs, chrand_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+		return (FALSE);
+	}
+	if (objp->code == KADM5_OK) {
+		if (!xdr_array(xdrs, (char **)&objp->keys,
+			       (unsigned int *)&objp->n_keys, ~0,
+			       sizeof(krb5_keyblock), xdr_krb5_keyblock))
+			return FALSE;
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->mask)) {
+	     return FALSE;
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+		return (FALSE);
+	}
+	if(objp->code == KADM5_OK)  {
+		if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+						  objp->api_version)) {
+			return (FALSE);
+		}
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_cpol_arg(XDR *xdrs, cpol_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
+				       objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->mask)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_dpol_arg(XDR *xdrs, dpol_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->name)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_mpol_arg(XDR *xdrs, mpol_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
+				       objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_long(xdrs, &objp->mask)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_gpol_arg(XDR *xdrs, gpol_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->name)) {
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+bool_t
+xdr_gpol_ret(XDR *xdrs, gpol_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+		return (FALSE);
+	}
+	if(objp->code == KADM5_OK) {
+	    if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
+					   objp->api_version))
+		return (FALSE);
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_gpols_arg(XDR *xdrs, gpols_arg *objp)
+{
+     if (!xdr_ui_4(xdrs, &objp->api_version)) {
+	  return (FALSE);
+     }
+     if (!xdr_nullstring(xdrs, &objp->exp)) {
+	  return (FALSE);
+     }
+     return (TRUE);
+}
+
+bool_t
+xdr_gpols_ret(XDR *xdrs, gpols_ret *objp)
+{
+     if (!xdr_ui_4(xdrs, &objp->api_version)) {
+	  return (FALSE);
+     }
+     if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+	  return (FALSE);
+     }
+     if (objp->code == KADM5_OK) {
+	  if (!xdr_int(xdrs, &objp->count)) {
+	       return (FALSE);
+	  }
+	  if (!xdr_array(xdrs, (caddr_t *) &objp->pols,
+			 (unsigned int *) &objp->count, ~0,
+			 sizeof(char *), xdr_nullstring)) {
+	       return (FALSE);
+	  }
+     }
+
+     return (TRUE);
+}
+
+bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+     if (! xdr_kadm5_ret_t(xdrs, &objp->code) ||
+	 ! xdr_long(xdrs, &objp->privs))
+	  return FALSE;
+
+     return TRUE;
+}
+
+bool_t
+xdr_purgekeys_arg(XDR *xdrs, purgekeys_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_int(xdrs, &objp->keepkvno)) {
+	     return FALSE;
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_gstrings_arg(XDR *xdrs, gstrings_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_gstrings_ret(XDR *xdrs, gstrings_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+		return (FALSE);
+	}
+	if (objp->code == KADM5_OK) {
+		if (!xdr_int(xdrs, &objp->count)) {
+			return (FALSE);
+		}
+		if (!xdr_array(xdrs, (caddr_t *) &objp->strings,
+			       (unsigned int *) &objp->count, ~0,
+			       sizeof(krb5_string_attr),
+			       xdr_krb5_string_attr)) {
+			return (FALSE);
+		}
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_sstring_arg(XDR *xdrs, sstring_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return (FALSE);
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->key)) {
+		return (FALSE);
+	}
+	if (!xdr_nullstring(xdrs, &objp->value)) {
+		return (FALSE);
+	}
+
+	return (TRUE);
+}
+
+bool_t
+xdr_krb5_principal(XDR *xdrs, krb5_principal *objp)
+{
+    int	    ret;
+    char	    *p = NULL;
+    krb5_principal  pr = NULL;
+    static krb5_context context = NULL;
+
+    /* using a static context here is ugly, but should work
+       ok, and the other solutions are even uglier */
+
+    if (!context &&
+	kadm5_init_krb5_context(&context))
+       return(FALSE);
+
+    switch(xdrs->x_op) {
+    case XDR_ENCODE:
+	if (*objp) {
+	     if((ret = krb5_unparse_name(context, *objp, &p)) != 0)
+		  return FALSE;
+	}
+	if(!xdr_nullstring(xdrs, &p))
+	    return FALSE;
+	if (p) free(p);
+	break;
+    case XDR_DECODE:
+	if(!xdr_nullstring(xdrs, &p))
+	    return FALSE;
+	if (p) {
+	     ret = krb5_parse_name(context, p, &pr);
+	     if(ret != 0)
+		  return FALSE;
+	     *objp = pr;
+	     free(p);
+	} else
+	     *objp = NULL;
+	break;
+    case XDR_FREE:
+	if(*objp != NULL)
+	    krb5_free_principal(context, *objp);
+	*objp = NULL;
+	break;
+    }
+    return TRUE;
+}
+
+bool_t
+xdr_krb5_octet(XDR *xdrs, krb5_octet *objp)
+{
+   if (!xdr_u_char(xdrs, objp))
+	return (FALSE);
+   return (TRUE);
+}
+
+bool_t
+xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp)
+{
+   if (!xdr_int32(xdrs, (int32_t *) objp))
+	return (FALSE);
+   return (TRUE);
+}
+
+bool_t
+xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp)
+{
+    if (!xdr_int32(xdrs, (int32_t *) objp))
+	return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp)
+{
+   char *cp;
+
+   /* XXX This only works because free_keyblock assumes ->contents
+      is allocated by malloc() */
+   if(!xdr_krb5_enctype(xdrs, &objp->enctype))
+      return FALSE;
+   cp = (char *)objp->contents;
+   if(!xdr_bytes(xdrs, &cp, &objp->length, ~0))
+      return FALSE;
+   objp->contents = (uint8_t *)cp;
+   return TRUE;
+}
+
+bool_t
+xdr_krb5_string_attr(XDR *xdrs, krb5_string_attr *objp)
+{
+	if (!xdr_nullstring(xdrs, &objp->key))
+		return FALSE;
+	if (!xdr_nullstring(xdrs, &objp->value))
+		return FALSE;
+	if (xdrs->x_op == XDR_DECODE &&
+	    (objp->key == NULL || objp->value == NULL))
+		return FALSE;
+	return TRUE;
+}
+
+bool_t
+xdr_kadm5_key_data(XDR *xdrs, kadm5_key_data *objp)
+{
+	if (!xdr_krb5_kvno(xdrs, &objp->kvno))
+		return FALSE;
+	if (!xdr_krb5_keyblock(xdrs, &objp->key))
+		return FALSE;
+	if (!xdr_krb5_int16(xdrs, &objp->salt.type))
+		return FALSE;
+	if (!xdr_bytes(xdrs, &objp->salt.data.data,
+		       &objp->salt.data.length, ~0))
+		return FALSE;
+	return TRUE;
+}
+
+bool_t
+xdr_getpkeys_arg(XDR *xdrs, getpkeys_arg *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return FALSE;
+	}
+	if (!xdr_krb5_principal(xdrs, &objp->princ)) {
+		return FALSE;
+	}
+	if (!xdr_krb5_kvno(xdrs, &objp->kvno)) {
+		return FALSE;
+	}
+	return TRUE;
+}
+
+bool_t
+xdr_getpkeys_ret(XDR *xdrs, getpkeys_ret *objp)
+{
+	if (!xdr_ui_4(xdrs, &objp->api_version)) {
+		return FALSE;
+	}
+	if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
+		return FALSE;
+	}
+	if (objp->code == KADM5_OK) {
+		if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+			       (unsigned int *) &objp->n_key_data, ~0,
+			       sizeof(kadm5_key_data), xdr_kadm5_key_data)) {
+		    return FALSE;
+		}
+	}
+	return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/logger.c b/krb5-1.21.3/src/lib/kadm5/logger.c
new file mode 100644
index 00000000..e14da537
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/logger.c
@@ -0,0 +1,791 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/logger.c */
+/*
+ * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* KADM5 wants non-syslog log files to contain syslog-like entries */
+#define VERBOSE_LOGS
+
+/*
+ * logger.c     - Handle logging functions for those who want it.
+ */
+#include "k5-int.h"
+#include "adm_proto.h"
+#include "com_err.h"
+#include <stdio.h>
+#include <ctype.h>
+#include <syslog.h>
+#include <stdarg.h>
+
+#define KRB5_KLOG_MAX_ERRMSG_SIZE       2048
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN  256
+#endif  /* MAXHOSTNAMELEN */
+
+/* This is to assure that we have at least one match in the syslog stuff */
+#ifndef LOG_AUTH
+#define LOG_AUTH        0
+#endif  /* LOG_AUTH */
+#ifndef LOG_ERR
+#define LOG_ERR         0
+#endif  /* LOG_ERR */
+
+#define lspec_parse_err_1       _("%s: cannot parse <%s>\n")
+#define lspec_parse_err_2       _("%s: warning - logging entry syntax error\n")
+#define log_file_err            _("%s: error writing to %s\n")
+#define log_device_err          _("%s: error writing to %s device\n")
+#define log_ufo_string          "?\?\?" /* nb: avoid trigraphs */
+#define log_emerg_string        _("EMERGENCY")
+#define log_alert_string        _("ALERT")
+#define log_crit_string         _("CRITICAL")
+#define log_err_string          _("Error")
+#define log_warning_string      _("Warning")
+#define log_notice_string       _("Notice")
+#define log_info_string         _("info")
+#define log_debug_string        _("debug")
+
+/*
+ * Output logging.
+ *
+ * Output logging is now controlled by the configuration file.  We can specify
+ * the following syntaxes under the [logging]->entity specification.
+ *      FILE<opentype><pathname>
+ *      SYSLOG[=<severity>[:<facility>]]
+ *      STDERR
+ *      CONSOLE
+ *      DEVICE=<device-spec>
+ *
+ * Where:
+ *      <opentype> is ":" for open/append, "=" for open/create.
+ *      <pathname> is a valid path name.
+ *      <severity> is one of: (default = ERR)
+ *              EMERG
+ *              ALERT
+ *              CRIT
+ *              ERR
+ *              WARNING
+ *              NOTICE
+ *              INFO
+ *              DEBUG
+ *      <facility> is one of: (default = AUTH)
+ *              KERN
+ *              USER
+ *              MAIL
+ *              DAEMON
+ *              AUTH
+ *              LPR
+ *              NEWS
+ *              UUCP
+ *              CRON
+ *              LOCAL0..LOCAL7
+ *      <device-spec> is a valid device specification.
+ */
+struct log_entry {
+    enum log_type { K_LOG_FILE,
+                    K_LOG_SYSLOG,
+                    K_LOG_STDERR,
+                    K_LOG_CONSOLE,
+                    K_LOG_DEVICE,
+                    K_LOG_NONE } log_type;
+    krb5_pointer log_2free;
+    union log_union {
+        struct log_file {
+            FILE        *lf_filep;
+            char        *lf_fname;
+        } log_file;
+        struct log_syslog {
+            int         ls_facility;
+        } log_syslog;
+        struct log_device {
+            FILE        *ld_filep;
+            char        *ld_devname;
+        } log_device;
+    } log_union;
+};
+#define lfu_filep       log_union.log_file.lf_filep
+#define lfu_fname       log_union.log_file.lf_fname
+#define lsu_facility    log_union.log_syslog.ls_facility
+#define ldu_filep       log_union.log_device.ld_filep
+#define ldu_devname     log_union.log_device.ld_devname
+
+struct log_control {
+    struct log_entry    *log_entries;
+    int                 log_nentries;
+    char                *log_whoami;
+    char                *log_hostname;
+    krb5_boolean        log_opened;
+    krb5_boolean        log_debug;
+};
+
+static struct log_control log_control = {
+    (struct log_entry *) NULL,
+    0,
+    (char *) NULL,
+    (char *) NULL,
+    0
+};
+static struct log_entry def_log_entry;
+
+/*
+ * These macros define any special processing that needs to happen for
+ * devices.  For unix, of course, this is hardly anything.
+ */
+#define DEVICE_OPEN(d, m)       fopen(d, m)
+#define CONSOLE_OPEN(m)         fopen("/dev/console", m)
+#define DEVICE_PRINT(f, m)      ((fprintf(f, "%s\r\n", m) >= 0) ?       \
+                                 (fflush(f), 0) :                       \
+                                 -1)
+#define DEVICE_CLOSE(d)         fclose(d)
+
+/*
+ * klog_com_err_proc()  - Handle com_err(3) messages as specified by the
+ *                        profile.
+ */
+static krb5_context err_context;
+
+static void
+klog_com_err_proc(const char *whoami, long int code, const char *format, va_list ap)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 0)))
+#endif
+    ;
+
+/*
+ * Write com_err() messages to the configured logging devices.  Ignore whoami,
+ * as krb5_klog_init() already received a whoami value.  If code is nonzero,
+ * log its error message (retrieved using err_context) and the formatted
+ * message at error severity.  If code is zero, log the formatted message at
+ * informational severity.
+ */
+static void
+klog_com_err_proc(const char *whoami, long int code, const char *format, va_list ap)
+{
+    struct k5buf buf;
+    const char *emsg, *msg;
+
+    if (format == NULL)
+        return;
+
+    k5_buf_init_dynamic(&buf);
+
+    if (code) {
+        /* Start with the error message and a separator. */
+        emsg = krb5_get_error_message(err_context, code);
+        k5_buf_add(&buf, emsg);
+        krb5_free_error_message(err_context, emsg);
+        k5_buf_add(&buf, " - ");
+    }
+
+    /* Add the formatted message. */
+    k5_buf_add_vfmt(&buf, format, ap);
+
+    msg = k5_buf_cstring(&buf);
+    if (msg != NULL)
+        krb5_klog_syslog(code ? LOG_ERR : LOG_INFO, "%s", msg);
+
+    k5_buf_free(&buf);
+}
+
+/*
+ * krb5_klog_init()     - Initialize logging.
+ *
+ * This routine parses the syntax described above to specify destinations for
+ * com_err(3) or krb5_klog_syslog() messages generated by the caller.
+ *
+ * Parameters:
+ *      kcontext        - Kerberos context.
+ *      ename           - Entity name as it is to appear in the profile.
+ *      whoami          - Entity name as it is to appear in error output.
+ *      do_com_err      - Take over com_err(3) processing.
+ *
+ * Implicit inputs:
+ *      stderr          - This is where STDERR output goes.
+ *
+ * Implicit outputs:
+ *      log_nentries    - Number of log entries, both valid and invalid.
+ *      log_control     - List of entries (log_nentries long) which contains
+ *                        data for klog_com_err_proc() to use to determine
+ *                        where/how to send output.
+ */
+krb5_error_code
+krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do_com_err)
+{
+    const char  *logging_profent[3];
+    const char  *logging_defent[3];
+    char        **logging_specs;
+    int         i, ngood, fd, append;
+    char        *cp, *cp2;
+    char        savec = '\0';
+    int         error, debug;
+    int         do_openlog, log_facility;
+    FILE        *f = NULL;
+
+    /* Initialize */
+    do_openlog = 0;
+    log_facility = 0;
+
+    err_context = kcontext;
+
+    /* Look up [logging]->debug in the profile to see if we should include
+     * debug messages for types other than syslog.  Default to false. */
+    if (!profile_get_boolean(kcontext->profile, KRB5_CONF_LOGGING,
+                             KRB5_CONF_DEBUG, NULL, 0, &debug))
+        log_control.log_debug = debug;
+
+    /*
+     * Look up [logging]-><ename> in the profile.  If that doesn't
+     * succeed, then look for [logging]->default.
+     */
+    logging_profent[0] = KRB5_CONF_LOGGING;
+    logging_profent[1] = ename;
+    logging_profent[2] = (char *) NULL;
+    logging_defent[0] = KRB5_CONF_LOGGING;
+    logging_defent[1] = KRB5_CONF_DEFAULT;
+    logging_defent[2] = (char *) NULL;
+    logging_specs = (char **) NULL;
+    ngood = 0;
+    log_control.log_nentries = 0;
+    if (!profile_get_values(kcontext->profile,
+                            logging_profent,
+                            &logging_specs) ||
+        !profile_get_values(kcontext->profile,
+                            logging_defent,
+                            &logging_specs)) {
+        /*
+         * We have a match, so we first count the number of elements
+         */
+        for (log_control.log_nentries = 0;
+             logging_specs[log_control.log_nentries];
+             log_control.log_nentries++);
+
+        /*
+         * Now allocate our structure.
+         */
+        log_control.log_entries = (struct log_entry *)
+            malloc(log_control.log_nentries * sizeof(struct log_entry));
+        if (log_control.log_entries) {
+            /*
+             * Scan through the list.
+             */
+            for (i=0; i<log_control.log_nentries; i++) {
+                log_control.log_entries[i].log_type = K_LOG_NONE;
+                log_control.log_entries[i].log_2free = logging_specs[i];
+                /*
+                 * The format is:
+                 *      <whitespace><data><whitespace>
+                 * so, trim off the leading and trailing whitespace here.
+                 */
+                for (cp = logging_specs[i]; isspace((int) *cp); cp++);
+                for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1];
+                     isspace((int) *cp2); cp2--);
+                cp2++;
+                *cp2 = '\0';
+                /*
+                 * Is this a file?
+                 */
+                if (!strncasecmp(cp, "FILE", 4)) {
+                    /*
+                     * Check for append/overwrite, then open the file.
+                     */
+                    append = (cp[4] == ':') ? O_APPEND : 0;
+                    if (append || cp[4] == '=') {
+                        fd = open(&cp[5], O_CREAT | O_WRONLY | append,
+                                  S_IRUSR | S_IWUSR | S_IRGRP);
+                        if (fd != -1)
+                            f = fdopen(fd, append ? "a" : "w");
+                        if (fd == -1 || f == NULL) {
+                            fprintf(stderr,"Couldn't open log file %s: %s\n",
+                                    &cp[5], error_message(errno));
+                            continue;
+                        }
+                        set_cloexec_file(f);
+                        log_control.log_entries[i].lfu_filep = f;
+                        log_control.log_entries[i].log_type = K_LOG_FILE;
+                        log_control.log_entries[i].lfu_fname = &cp[5];
+                    }
+                }
+                /*
+                 * Is this a syslog?
+                 */
+                else if (!strncasecmp(cp, "SYSLOG", 6)) {
+                    error = 0;
+                    log_control.log_entries[i].lsu_facility = LOG_AUTH;
+                    /*
+                     * Is there a severify (which is now ignored) specified?
+                     */
+                    if (cp[6] == ':') {
+                        /*
+                         * Find the end of the severity.
+                         */
+                        cp2 = strchr(&cp[7], ':');
+                        if (cp2) {
+                            savec = *cp2;
+                            *cp2 = '\0';
+                            cp2++;
+                        }
+
+                        /*
+                         * If there is a facility present, then parse that.
+                         */
+                        if (cp2) {
+                            static const struct {
+                                const char *name;
+                                int value;
+                            } facilities[] = {
+                                { "AUTH",       LOG_AUTH        },
+#ifdef  LOG_AUTHPRIV
+                                { "AUTHPRIV",   LOG_AUTHPRIV    },
+#endif  /* LOG_AUTHPRIV */
+#ifdef  LOG_KERN
+                                { "KERN",       LOG_KERN        },
+#endif  /* LOG_KERN */
+#ifdef  LOG_USER
+                                { "USER",       LOG_USER        },
+#endif  /* LOG_USER */
+#ifdef  LOG_MAIL
+                                { "MAIL",       LOG_MAIL        },
+#endif  /* LOG_MAIL */
+#ifdef  LOG_DAEMON
+                                { "DAEMON",     LOG_DAEMON      },
+#endif  /* LOG_DAEMON */
+#ifdef  LOG_FTP
+                                { "FTP",        LOG_FTP         },
+#endif  /* LOG_FTP */
+#ifdef  LOG_LPR
+                                { "LPR",        LOG_LPR         },
+#endif  /* LOG_LPR */
+#ifdef  LOG_NEWS
+                                { "NEWS",       LOG_NEWS        },
+#endif  /* LOG_NEWS */
+#ifdef  LOG_UUCP
+                                { "UUCP",       LOG_UUCP        },
+#endif  /* LOG_UUCP */
+#ifdef  LOG_CRON
+                                { "CRON",       LOG_CRON        },
+#endif  /* LOG_CRON */
+#ifdef  LOG_LOCAL0
+                                { "LOCAL0",     LOG_LOCAL0      },
+#endif  /* LOG_LOCAL0 */
+#ifdef  LOG_LOCAL1
+                                { "LOCAL1",     LOG_LOCAL1      },
+#endif  /* LOG_LOCAL1 */
+#ifdef  LOG_LOCAL2
+                                { "LOCAL2",     LOG_LOCAL2      },
+#endif  /* LOG_LOCAL2 */
+#ifdef  LOG_LOCAL3
+                                { "LOCAL3",     LOG_LOCAL3      },
+#endif  /* LOG_LOCAL3 */
+#ifdef  LOG_LOCAL4
+                                { "LOCAL4",     LOG_LOCAL4      },
+#endif  /* LOG_LOCAL4 */
+#ifdef  LOG_LOCAL5
+                                { "LOCAL5",     LOG_LOCAL5      },
+#endif  /* LOG_LOCAL5 */
+#ifdef  LOG_LOCAL6
+                                { "LOCAL6",     LOG_LOCAL6      },
+#endif  /* LOG_LOCAL6 */
+#ifdef  LOG_LOCAL7
+                                { "LOCAL7",     LOG_LOCAL7      },
+#endif  /* LOG_LOCAL7 */
+                            };
+                            unsigned int j;
+
+                            for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++)
+                                if (!strcasecmp(cp2, facilities[j].name)) {
+                                    log_control.log_entries[i].lsu_facility = facilities[j].value;
+                                    break;
+                                }
+                            cp2--;
+                            *cp2 = savec;
+                        }
+                    }
+                    if (!error) {
+                        log_control.log_entries[i].log_type = K_LOG_SYSLOG;
+                        do_openlog = 1;
+                        log_facility = log_control.log_entries[i].lsu_facility;
+                    }
+                }
+                /*
+                 * Is this a standard error specification?
+                 */
+                else if (!strcasecmp(cp, "STDERR")) {
+                    log_control.log_entries[i].lfu_filep =
+                        fdopen(fileno(stderr), "w");
+                    if (log_control.log_entries[i].lfu_filep) {
+                        log_control.log_entries[i].log_type = K_LOG_STDERR;
+                        log_control.log_entries[i].lfu_fname =
+                            "standard error";
+                    }
+                }
+                /*
+                 * Is this a specification of the console?
+                 */
+                else if (!strcasecmp(cp, "CONSOLE")) {
+                    log_control.log_entries[i].ldu_filep =
+                        CONSOLE_OPEN("a+");
+                    if (log_control.log_entries[i].ldu_filep) {
+                        set_cloexec_file(log_control.log_entries[i].ldu_filep);
+                        log_control.log_entries[i].log_type = K_LOG_CONSOLE;
+                        log_control.log_entries[i].ldu_devname = "console";
+                    }
+                }
+                /*
+                 * Is this a specification of a device?
+                 */
+                else if (!strncasecmp(cp, "DEVICE", 6)) {
+                    /*
+                     * We handle devices very similarly to files.
+                     */
+                    if (cp[6] == '=') {
+                        log_control.log_entries[i].ldu_filep =
+                            DEVICE_OPEN(&cp[7], "w");
+                        if (log_control.log_entries[i].ldu_filep) {
+                            set_cloexec_file(log_control.log_entries[i].ldu_filep);
+                            log_control.log_entries[i].log_type = K_LOG_DEVICE;
+                            log_control.log_entries[i].ldu_devname = &cp[7];
+                        }
+                    }
+                }
+                /*
+                 * See if we successfully parsed this specification.
+                 */
+                if (log_control.log_entries[i].log_type == K_LOG_NONE) {
+                    fprintf(stderr, lspec_parse_err_1, whoami, cp);
+                    fprintf(stderr, lspec_parse_err_2, whoami);
+                }
+                else
+                    ngood++;
+            }
+        }
+        /*
+         * If we didn't find anything, then free our lists.
+         */
+        if (ngood == 0) {
+            for (i=0; i<log_control.log_nentries; i++)
+                free(logging_specs[i]);
+        }
+        free(logging_specs);
+    }
+    /*
+     * If we didn't find anything, go for the default which is to log to
+     * the system log.
+     */
+    if (ngood == 0) {
+        if (log_control.log_entries)
+            free(log_control.log_entries);
+        log_control.log_entries = &def_log_entry;
+        log_control.log_entries->log_type = K_LOG_SYSLOG;
+        log_control.log_entries->log_2free = (krb5_pointer) NULL;
+        log_facility = log_control.log_entries->lsu_facility = LOG_AUTH;
+        do_openlog = 1;
+        log_control.log_nentries = 1;
+    }
+    if (log_control.log_nentries) {
+        log_control.log_whoami = strdup(whoami);
+        log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1);
+        if (log_control.log_hostname) {
+            if (gethostname(log_control.log_hostname, MAXHOSTNAMELEN) == -1) {
+                free(log_control.log_hostname);
+                log_control.log_hostname = NULL;
+            } else
+                log_control.log_hostname[MAXHOSTNAMELEN] = '\0';
+        }
+        if (do_openlog) {
+            openlog(whoami, LOG_NDELAY|LOG_PID, log_facility);
+            log_control.log_opened = 1;
+        }
+        if (do_com_err)
+            (void) set_com_err_hook(klog_com_err_proc);
+    }
+    return((log_control.log_nentries) ? 0 : ENOENT);
+}
+
+/* Reset the context used by the com_err hook to retrieve error messages. */
+void
+krb5_klog_set_context(krb5_context kcontext)
+{
+    err_context = kcontext;
+}
+
+/*
+ * krb5_klog_close()    - Close the logging context and free all data.
+ */
+void
+krb5_klog_close(krb5_context kcontext)
+{
+    int lindex;
+    (void) reset_com_err_hook();
+    for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
+        switch (log_control.log_entries[lindex].log_type) {
+        case K_LOG_FILE:
+        case K_LOG_STDERR:
+            /*
+             * Files/standard error.
+             */
+            fclose(log_control.log_entries[lindex].lfu_filep);
+            break;
+        case K_LOG_CONSOLE:
+        case K_LOG_DEVICE:
+            /*
+             * Devices (may need special handling)
+             */
+            DEVICE_CLOSE(log_control.log_entries[lindex].ldu_filep);
+            break;
+        case K_LOG_SYSLOG:
+            /*
+             * System log.
+             */
+            break;
+        default:
+            break;
+        }
+        if (log_control.log_entries[lindex].log_2free)
+            free(log_control.log_entries[lindex].log_2free);
+    }
+    if (log_control.log_entries != &def_log_entry)
+        free(log_control.log_entries);
+    log_control.log_entries = (struct log_entry *) NULL;
+    log_control.log_nentries = 0;
+    if (log_control.log_whoami)
+        free(log_control.log_whoami);
+    log_control.log_whoami = (char *) NULL;
+    if (log_control.log_hostname)
+        free(log_control.log_hostname);
+    log_control.log_hostname = (char *) NULL;
+    if (log_control.log_opened)
+        closelog();
+}
+
+/*
+ * severity2string()    - Convert a severity to a string.
+ */
+static const char *
+severity2string(int severity)
+{
+    int s;
+    const char *ss;
+
+    s = severity & LOG_PRIMASK;
+    ss = log_ufo_string;
+    switch (s) {
+    case LOG_EMERG:
+        ss = log_emerg_string;
+        break;
+    case LOG_ALERT:
+        ss = log_alert_string;
+        break;
+    case LOG_CRIT:
+        ss = log_crit_string;
+        break;
+    case LOG_ERR:
+        ss = log_err_string;
+        break;
+    case LOG_WARNING:
+        ss = log_warning_string;
+        break;
+    case LOG_NOTICE:
+        ss = log_notice_string;
+        break;
+    case LOG_INFO:
+        ss = log_info_string;
+        break;
+    case LOG_DEBUG:
+        ss = log_debug_string;
+        break;
+    }
+    return(ss);
+}
+
+/*
+ * krb5_klog_syslog()   - Simulate the calling sequence of syslog(3), while
+ *                        also performing the logging redirection as specified
+ *                        by krb5_klog_init().
+ */
+static int
+klog_vsyslog(int priority, const char *format, va_list arglist)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 2, 0)))
+#endif
+    ;
+
+static int
+klog_vsyslog(int priority, const char *format, va_list arglist)
+{
+    char        outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE];
+    int         lindex;
+    char        *syslogp;
+    char        *cp;
+    time_t      now;
+    size_t      soff;
+    struct tm  *tm;
+
+    /*
+     * Format a syslog-esque message of the format:
+     *
+     * (verbose form)
+     *          <date> <hostname> <id>[<pid>](<priority>): <message>
+     *
+     * (short form)
+     *          <date> <message>
+     */
+    cp = outbuf;
+    (void) time(&now);
+
+    /*
+     * Format the date: mon dd hh:mm:ss
+     */
+    tm = localtime(&now);
+    if (tm == NULL)
+        return(-1);
+    soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", tm);
+    if (soff > 0)
+        cp += soff;
+    else
+        return(-1);
+
+#ifdef VERBOSE_LOGS
+    snprintf(cp, sizeof(outbuf) - (cp-outbuf), " %s %s[%ld](%s): ",
+             log_control.log_hostname ? log_control.log_hostname : "",
+             log_control.log_whoami ? log_control.log_whoami : "",
+             (long) getpid(),
+             severity2string(priority));
+#else
+    snprintf(cp, sizeof(outbuf) - (cp-outbuf), " ");
+#endif
+    syslogp = &outbuf[strlen(outbuf)];
+
+    /* Now format the actual message */
+    vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist);
+
+    /*
+     * If the user did not use krb5_klog_init() instead of dropping
+     * the request on the floor, syslog it - if it exists
+     */
+    if (log_control.log_nentries == 0) {
+        /* Log the message with our header trimmed off */
+        syslog(priority, "%s", syslogp);
+    }
+
+    /*
+     * Now that we have the message formatted, perform the output to each
+     * logging specification.
+     */
+    for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
+        /* Omit LOG_DEBUG messages for non-syslog outputs unless we are
+         * configured to include them. */
+        if (priority == LOG_DEBUG && !log_control.log_debug &&
+            log_control.log_entries[lindex].log_type != K_LOG_SYSLOG)
+            continue;
+
+        switch (log_control.log_entries[lindex].log_type) {
+        case K_LOG_FILE:
+        case K_LOG_STDERR:
+            /*
+             * Files/standard error.
+             */
+            if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n",
+                        outbuf) < 0) {
+                /* Attempt to report error */
+                fprintf(stderr, log_file_err, log_control.log_whoami,
+                        log_control.log_entries[lindex].lfu_fname);
+            }
+            else {
+                fflush(log_control.log_entries[lindex].lfu_filep);
+            }
+            break;
+        case K_LOG_CONSOLE:
+        case K_LOG_DEVICE:
+            /*
+             * Devices (may need special handling)
+             */
+            if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep,
+                             outbuf) < 0) {
+                /* Attempt to report error */
+                fprintf(stderr, log_device_err, log_control.log_whoami,
+                        log_control.log_entries[lindex].ldu_devname);
+            }
+            break;
+        case K_LOG_SYSLOG:
+            /*
+             * System log.
+             */
+
+            /* Log the message with our header trimmed off */
+            syslog(priority, "%s", syslogp);
+            break;
+        default:
+            break;
+        }
+    }
+    return(0);
+}
+
+int
+krb5_klog_syslog(int priority, const char *format, ...)
+{
+    int         retval;
+    va_list     pvar;
+
+    va_start(pvar, format);
+    retval = klog_vsyslog(priority, format, pvar);
+    va_end(pvar);
+    return(retval);
+}
+
+/*
+ * krb5_klog_reopen() - Close and reopen any open (non-syslog) log files.
+ *                      This function is called when a SIGHUP is received
+ *                      so that external log-archival utilities may
+ *                      alert the Kerberos daemons that they should get
+ *                      a new file descriptor for the give filename.
+ */
+void
+krb5_klog_reopen(krb5_context kcontext)
+{
+    int lindex;
+    FILE *f;
+
+    /*
+     * Only logs which are actually files need to be closed
+     * and reopened in response to a SIGHUP
+     */
+    for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
+        if (log_control.log_entries[lindex].log_type == K_LOG_FILE) {
+            fclose(log_control.log_entries[lindex].lfu_filep);
+            /*
+             * In case the old logfile did not get moved out of the
+             * way, open for append to prevent squashing the old logs.
+             */
+            f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
+            if (f) {
+                set_cloexec_file(f);
+                log_control.log_entries[lindex].lfu_filep = f;
+            } else {
+                fprintf(stderr, _("Couldn't open log file %s: %s\n"),
+                        log_control.log_entries[lindex].lfu_fname,
+                        error_message(errno));
+            }
+        }
+    }
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/misc_free.c b/krb5-1.21.3/src/lib/kadm5/misc_free.c
new file mode 100644
index 00000000..74d23760
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/misc_free.c
@@ -0,0 +1,139 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ */
+
+#include "k5-int.h"
+#include        <kadm5/admin.h>
+#include        <stdlib.h>
+#include        "server_internal.h"
+
+kadm5_ret_t
+kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t val)
+{
+    krb5_tl_data *tl_next;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (val == NULL)
+        return KADM5_OK;
+
+    free(val->policy);
+    free(val->allowed_keysalts);
+    for (; val->tl_data; val->tl_data = tl_next) {
+        tl_next = val->tl_data->tl_data_next;
+        free(val->tl_data->tl_data_contents);
+        free(val->tl_data);
+    }
+    memset(val, 0, sizeof(*val));
+    return KADM5_OK;
+}
+
+kadm5_ret_t
+kadm5_free_name_list(void *server_handle, char **names, int count)
+{
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    while (count--)
+        free(names[count]);
+    free(names);
+    return KADM5_OK;
+}
+
+/* XXX this ought to be in libkrb5.a, but isn't */
+kadm5_ret_t krb5_free_key_data_contents(context, key)
+    krb5_context context;
+    krb5_key_data *key;
+{
+    int i, idx;
+
+    idx = (key->key_data_ver == 1 ? 1 : 2);
+    for (i = 0; i < idx; i++)
+        zapfree(key->key_data_contents[i], key->key_data_length[i]);
+    return KADM5_OK;
+}
+
+kadm5_ret_t kadm5_free_key_data(void *server_handle,
+                                krb5_int16 *n_key_data,
+                                krb5_key_data *key_data)
+{
+    kadm5_server_handle_t      handle = server_handle;
+    int i, nkeys = (int) *n_key_data;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (key_data == NULL)
+        return KADM5_OK;
+
+    for (i = 0; i < nkeys; i++)
+        krb5_free_key_data_contents(handle->context, &key_data[i]);
+    free(key_data);
+    return KADM5_OK;
+}
+
+kadm5_ret_t
+kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t val)
+{
+    kadm5_server_handle_t handle = server_handle;
+    krb5_tl_data *tl;
+    int i;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (!val)
+        return KADM5_OK;
+
+    krb5_free_principal(handle->context, val->principal);
+    krb5_free_principal(handle->context, val->mod_name);
+    free(val->policy);
+    if (val->n_key_data) {
+        for (i = 0; i < val->n_key_data; i++)
+            krb5_free_key_data_contents(handle->context, &val->key_data[i]);
+        free(val->key_data);
+    }
+
+    while (val->tl_data) {
+        tl = val->tl_data->tl_data_next;
+        free(val->tl_data->tl_data_contents);
+        free(val->tl_data);
+        val->tl_data = tl;
+    }
+    return KADM5_OK;
+}
+
+kadm5_ret_t
+kadm5_free_strings(void *server_handle, krb5_string_attr *strings,
+                   int count)
+{
+    int i;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (!strings)
+        return KADM5_OK;
+
+    for (i = 0; i < count; i++) {
+        free(strings[i].key);
+        free(strings[i].value);
+    }
+    free(strings);
+    return KADM5_OK;
+}
+
+kadm5_ret_t
+kadm5_free_kadm5_key_data(krb5_context context, int n_key_data,
+                          kadm5_key_data *key_data)
+{
+    int i;
+
+    if (key_data == NULL)
+        return KADM5_OK;
+
+    for (i = 0; i < n_key_data; i++) {
+        krb5_free_keyblock_contents(context, &key_data[i].key);
+        krb5_free_data_contents(context, &key_data[i].salt.data);
+    }
+    free(key_data);
+
+    return KADM5_OK;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/server_internal.h b/krb5-1.21.3/src/lib/kadm5/server_internal.h
new file mode 100644
index 00000000..433f4915
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/server_internal.h
@@ -0,0 +1,269 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+/*
+ * This header file is used internally by the Admin API server
+ * libraries and Admin server.  IF YOU THINK YOU NEED TO USE THIS FILE
+ * FOR ANYTHING, YOU'RE ALMOST CERTAINLY WRONG.
+ */
+
+#ifndef __KADM5_SERVER_INTERNAL_H__
+#define __KADM5_SERVER_INTERNAL_H__
+
+#include    "autoconf.h"
+#ifdef HAVE_MEMORY_H
+#include    <memory.h>
+#endif
+#include    <stdlib.h>
+#include    <errno.h>
+#include    <kdb.h>
+#include    <kadm5/admin.h>
+#include    <krb5/plugin.h>
+#include    "admin_internal.h"
+
+/*
+ * This is the history key version for a newly created DB.  We use this value
+ * for principals which have no password history yet to avoid having to look up
+ * the history key.  Values other than 2 will cause compatibility issues with
+ * pre-1.8 libkadm5 code; the older code will reject key changes when it sees
+ * an unexpected value of admin_history_kvno.
+ */
+#define INITIAL_HIST_KVNO 2
+
+/* A pwqual_handle represents a password quality plugin module. */
+typedef struct pwqual_handle_st *pwqual_handle;
+
+typedef struct kadm5_hook_handle_st *kadm5_hook_handle;
+
+typedef struct _kadm5_server_handle_t {
+    krb5_ui_4       magic_number;
+    krb5_ui_4       struct_version;
+    krb5_ui_4       api_version;
+    krb5_context    context;
+    krb5_principal  current_caller;
+    kadm5_config_params  params;
+    struct _kadm5_server_handle_t *lhandle;
+    char **db_args;
+    pwqual_handle   *qual_handles;
+    kadm5_hook_handle *hook_handles;
+} kadm5_server_handle_rec, *kadm5_server_handle_t;
+
+#define OSA_ADB_PRINC_VERSION_1  0x12345C01
+
+typedef struct _osa_pw_hist_t {
+    int n_key_data;
+    krb5_key_data *key_data;
+} osa_pw_hist_ent, *osa_pw_hist_t;
+
+typedef struct _osa_princ_ent_t {
+    int                         version;
+    char                        *policy;
+    long                        aux_attributes;
+    unsigned int                old_key_len;
+    unsigned int                old_key_next;
+    krb5_kvno                   admin_history_kvno;
+    osa_pw_hist_ent             *old_keys;
+} osa_princ_ent_rec, *osa_princ_ent_t;
+
+
+kadm5_ret_t    passwd_check(kadm5_server_handle_t handle,
+                            const char *pass, kadm5_policy_ent_t policy,
+                            krb5_principal principal);
+kadm5_ret_t    principal_exists(krb5_principal principal);
+krb5_error_code     kdb_init_master(kadm5_server_handle_t handle,
+                                    char *r, int from_keyboard);
+krb5_error_code     kdb_get_active_mkey(kadm5_server_handle_t handle,
+                                        krb5_kvno *act_kvno_out,
+                                        krb5_keyblock **act_mkey_out);
+krb5_error_code     kdb_init_hist(kadm5_server_handle_t handle,
+                                  char *r);
+krb5_error_code     kdb_get_hist_key(kadm5_server_handle_t handle,
+                                     krb5_keyblock **keyblocks_out,
+                                     krb5_kvno *kvno_out);
+void                kdb_free_keyblocks(kadm5_server_handle_t handle,
+                                       krb5_keyblock *keyblocks);
+krb5_error_code     kdb_get_entry(kadm5_server_handle_t handle,
+                                  krb5_principal principal,
+                                  krb5_db_entry **kdb, osa_princ_ent_rec *adb);
+krb5_error_code     kdb_free_entry(kadm5_server_handle_t handle,
+                                   krb5_db_entry *kdb, osa_princ_ent_rec *adb);
+krb5_error_code     kdb_put_entry(kadm5_server_handle_t handle,
+                                  krb5_db_entry *kdb, osa_princ_ent_rec *adb);
+krb5_error_code     kdb_delete_entry(kadm5_server_handle_t handle,
+                                     krb5_principal name);
+krb5_error_code     kdb_iter_entry(kadm5_server_handle_t handle,
+                                   char *match_entry,
+                                   void (*iter_fct)(void *, krb5_principal),
+                                   void *data);
+
+kadm5_ret_t         init_pwqual(kadm5_server_handle_t handle);
+void                destroy_pwqual(kadm5_server_handle_t handle);
+
+/* XXX this ought to be in libkrb5.a, but isn't */
+kadm5_ret_t krb5_copy_key_data_contents(krb5_context context,
+                                        krb5_key_data *from,
+                                        krb5_key_data *to);
+kadm5_ret_t krb5_free_key_data_contents(krb5_context context,
+                                        krb5_key_data *key);
+
+/*
+ * *Warning*
+ * *Warning*        This is going to break if we
+ * *Warning*        ever go multi-threaded
+ * *Warning*
+ */
+extern  krb5_principal  current_caller;
+
+/*
+ * Why is this (or something similar) not defined *anywhere* in krb5?
+ */
+#define KSUCCESS        0
+#define WORD_NOT_FOUND  1
+
+/*
+ * all the various mask bits or'd together
+ */
+
+#define ALL_PRINC_MASK                                                  \
+    (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION |  \
+     KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE |        \
+     KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO |       \
+     KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY |           \
+     KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT )
+
+#define ALL_POLICY_MASK                                                 \
+    (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE |             \
+     KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \
+     KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \
+     KADM5_PW_LOCKOUT_DURATION | KADM5_POLICY_ATTRIBUTES |              \
+     KADM5_POLICY_MAX_LIFE | KADM5_POLICY_MAX_RLIFE |                   \
+     KADM5_POLICY_ALLOWED_KEYSALTS | KADM5_POLICY_TL_DATA)
+
+#define SERVER_CHECK_HANDLE(handle)             \
+    {                                           \
+        kadm5_server_handle_t srvr =            \
+            (kadm5_server_handle_t) handle;     \
+                                                \
+        if (! srvr->current_caller)             \
+            return KADM5_BAD_SERVER_HANDLE;     \
+        if (! srvr->lhandle)                    \
+            return KADM5_BAD_SERVER_HANDLE;     \
+    }
+
+#define CHECK_HANDLE(handle)                                    \
+    GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION,  \
+                         KADM5_NEW_SERVER_API_VERSION)          \
+    SERVER_CHECK_HANDLE(handle)
+
+bool_t          xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp);
+
+void
+osa_free_princ_ent(osa_princ_ent_t val);
+
+/*** Password quality plugin consumer interface ***/
+
+/* Load all available password quality plugin modules, bind each module to the
+ * realm's dictionary file, and store the result into *handles_out.  Free the
+ * result with k5_pwqual_free_handles. */
+krb5_error_code
+k5_pwqual_load(krb5_context context, const char *dict_file,
+               pwqual_handle **handles_out);
+
+/* Release a handle list allocated by k5_pwqual_load. */
+void
+k5_pwqual_free_handles(krb5_context context, pwqual_handle *handles);
+
+/* Return the name of a password quality plugin module. */
+const char *
+k5_pwqual_name(krb5_context context, pwqual_handle handle);
+
+/* Check a password using a password quality plugin module. */
+krb5_error_code
+k5_pwqual_check(krb5_context context, pwqual_handle handle,
+                const char *password, const char *policy_name,
+                krb5_principal princ);
+
+/*** initvt functions for built-in password quality modules ***/
+
+/* The dict module checks passwords against the realm's dictionary. */
+krb5_error_code
+pwqual_dict_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable);
+
+/* The empty module rejects empty passwords (even with no password policy). */
+krb5_error_code
+pwqual_empty_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable);
+
+/* The hesiod module checks passwords against GECOS fields from Hesiod passwd
+ * information (only if the tree was built with Hesiod support). */
+krb5_error_code
+pwqual_hesiod_initvt(krb5_context context, int maj_ver, int min_ver,
+                     krb5_plugin_vtable vtable);
+
+/* The princ module checks passwords against principal components. */
+krb5_error_code
+pwqual_princ_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable);
+
+/** @{
+ * @name kadm5_hook plugin support
+ */
+
+/** Load all kadm5_hook plugins. */
+krb5_error_code
+k5_kadm5_hook_load(krb5_context context,
+                   kadm5_hook_handle **handles_out);
+
+/** Free handles allocated by k5_kadm5_hook_load(). */
+void
+k5_kadm5_hook_free_handles(krb5_context context, kadm5_hook_handle *handles);
+
+/** Call the chpass entry point on every kadm5_hook in @a handles. */
+kadm5_ret_t
+k5_kadm5_hook_chpass (krb5_context context,
+                      kadm5_hook_handle *handles,
+                      int stage, krb5_principal princ,
+                      krb5_boolean keepold,
+                      int n_ks_tuple,
+                      krb5_key_salt_tuple *ks_tuple,
+                      const char *newpass);
+
+/** Call the create entry point for kadm5_hook_plugins. */
+kadm5_ret_t
+k5_kadm5_hook_create (krb5_context context,
+                      kadm5_hook_handle *handles,
+                      int stage,
+                      kadm5_principal_ent_t princ, long mask,
+                      int n_ks_tuple,
+                      krb5_key_salt_tuple *ks_tuple,
+                      const char *newpass);
+
+/** Call modify kadm5_hook entry point. */
+kadm5_ret_t
+k5_kadm5_hook_modify (krb5_context context,
+                      kadm5_hook_handle *handles,
+                      int stage,
+                      kadm5_principal_ent_t princ, long mask);
+
+/** Call remove kadm5_hook entry point. */
+kadm5_ret_t
+k5_kadm5_hook_remove (krb5_context context,
+                      kadm5_hook_handle *handles,
+                      int stage,
+                      krb5_principal princ);
+
+/** Call rename kadm5_hook entry point. */
+kadm5_ret_t
+k5_kadm5_hook_rename (krb5_context context,
+                      kadm5_hook_handle *handles,
+                      int stage,
+                      krb5_principal oprinc, krb5_principal nprinc);
+
+/** @}*/
+
+#endif /* __KADM5_SERVER_INTERNAL_H__ */
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/Makefile.in b/krb5-1.21.3/src/lib/kadm5/srv/Makefile.in
new file mode 100644
index 00000000..d218ea48
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/Makefile.in
@@ -0,0 +1,93 @@
+mydir=lib$(S)kadm5$(S)srv
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5 \
+	-I$(top_srcdir)/lib/gssapi/krb5 -I$(top_srcdir)/lib/gssapi/generic \
+	-I$(BUILDTOP)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic
+DEFINES = @HESIOD_DEFS@
+
+##DOSBUILDTOP = ..\..\..
+##DOSLIBNAME = libkadm5srv.lib
+
+LIBBASE=kadm5srv_mit
+LIBMAJOR=12
+LIBMINOR=0
+STOBJLISTS=../OBJS.ST OBJS.ST
+
+SHLIB_EXPDEPS=\
+	$(TOPLIBD)/libgssrpc$(SHLIBEXT) \
+	$(TOPLIBD)/libgssapi_krb5$(SHLIBEXT) \
+	$(TOPLIBD)/libkdb5$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT) \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP)
+SHLIB_EXPLIBS =	-lgssrpc -lgssapi_krb5 -lkdb5 $(KDB5_DB_LIB) -lkrb5 \
+		-lk5crypto $(SUPPORT_LIB) $(COM_ERR_LIB) @GEN_LIB@ $(LIBS)
+RELDIR=kadm5/srv
+
+SRCS =	$(srcdir)/pwqual.c \
+	$(srcdir)/kadm5_hook.c \
+	$(srcdir)/pwqual_dict.c \
+	$(srcdir)/pwqual_empty.c \
+	$(srcdir)/pwqual_hesiod.c \
+	$(srcdir)/pwqual_princ.c \
+	$(srcdir)/svr_policy.c \
+	$(srcdir)/svr_principal.c \
+	$(srcdir)/server_kdb.c \
+	$(srcdir)/server_misc.c \
+	$(srcdir)/server_init.c \
+	$(srcdir)/svr_iters.c \
+	$(srcdir)/svr_chpass_util.c \
+	$(srcdir)/adb_xdr.c 
+
+OBJS =	pwqual.$(OBJEXT) \
+	pwqual_dict.$(OBJEXT) \
+	pwqual_empty.$(OBJEXT) \
+	pwqual_hesiod.$(OBJEXT) \
+	pwqual_princ.$(OBJEXT) \
+	kadm5_hook.$(OBJEXT) \
+	svr_policy.$(OBJEXT) \
+	svr_principal.$(OBJEXT) \
+	server_kdb.$(OBJEXT) \
+	server_misc.$(OBJEXT) \
+	server_init.$(OBJEXT) \
+	svr_iters.$(OBJEXT) \
+	svr_chpass_util.$(OBJEXT) \
+	adb_xdr.$(OBJEXT) 
+
+STLIBOBJS = \
+	pwqual.o \
+	pwqual_dict.o \
+	pwqual_empty.o \
+	pwqual_hesiod.o \
+	pwqual_princ.o \
+	kadm5_hook.o \
+	svr_policy.o \
+	svr_principal.o \
+	server_kdb.o \
+	server_misc.o \
+	server_init.o \
+	svr_iters.o \
+	svr_chpass_util.o \
+	adb_xdr.o
+
+all-unix: all-liblinks
+all-windows: $(OBJS)
+
+generate-files-mac: darwin.exports
+
+check-windows:
+
+clean-windows::
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+install: install-libs
+
+install-unix:
+	$(RM) $(DESTDIR)$(KRB5_LIBDIR)/libkadm5srv$(DEPLIBEXT)
+	(cd $(DESTDIR)$(KRB5_LIBDIR) && $(LN_S) lib$(LIBBASE)$(DEPLIBEXT) \
+		libkadm5srv$(DEPLIBEXT))
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/adb_xdr.c b/krb5-1.21.3/src/lib/kadm5/srv/adb_xdr.c
new file mode 100644
index 00000000..fc732971
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/adb_xdr.c
@@ -0,0 +1,106 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include <sys/types.h>
+#include <krb5.h>
+#include <gssrpc/rpc.h>
+#include	"server_internal.h"
+#include "admin_xdr.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+bool_t
+xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
+{
+    unsigned int tmp;
+
+    if (!xdr_krb5_int16(xdrs, &objp->key_data_ver))
+	return(FALSE);
+    if (!xdr_krb5_ui_2(xdrs, &objp->key_data_kvno))
+	return(FALSE);
+    if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
+	return(FALSE);
+    if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1]))
+	return(FALSE);
+    if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[0]))
+	return(FALSE);
+    if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[1]))
+	return(FALSE);
+
+    tmp = (unsigned int) objp->key_data_length[0];
+    if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
+		   &tmp, ~0))
+	return FALSE;
+
+    tmp = (unsigned int) objp->key_data_length[1];
+    if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
+		   &tmp, ~0))
+	return FALSE;
+
+    /* don't need to copy tmp out, since key_data_length will be set
+       by the above encoding. */
+
+    return(TRUE);
+}
+
+bool_t
+xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp)
+{
+    if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+		   (u_int *) &objp->n_key_data, ~0,
+		   sizeof(krb5_key_data),
+		   xdr_krb5_key_data))
+	return (FALSE);
+    return (TRUE);
+}
+
+bool_t
+xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp)
+{
+    switch (xdrs->x_op) {
+    case XDR_ENCODE:
+	 objp->version = OSA_ADB_PRINC_VERSION_1;
+	 /* fall through */
+    case XDR_FREE:
+	 if (!xdr_int(xdrs, &objp->version))
+	      return FALSE;
+	 break;
+    case XDR_DECODE:
+	 if (!xdr_int(xdrs, &objp->version))
+	      return FALSE;
+	 if (objp->version != OSA_ADB_PRINC_VERSION_1)
+	      return FALSE;
+	 break;
+    }
+
+    if (!xdr_nullstring(xdrs, &objp->policy))
+	return (FALSE);
+    if (!xdr_long(xdrs, &objp->aux_attributes))
+	return (FALSE);
+    if (!xdr_u_int(xdrs, &objp->old_key_next))
+	return (FALSE);
+    if (!xdr_krb5_kvno(xdrs, &objp->admin_history_kvno))
+	return (FALSE);
+    if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys,
+		   (unsigned int *) &objp->old_key_len, ~0,
+		   sizeof(osa_pw_hist_ent),
+		   xdr_osa_pw_hist_ent))
+	return (FALSE);
+    return (TRUE);
+}
+
+void
+osa_free_princ_ent(osa_princ_ent_t val)
+{
+    XDR xdrs;
+
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+
+    xdr_osa_princ_ent_rec(&xdrs, val);
+    free(val);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/deps b/krb5-1.21.3/src/lib/kadm5/srv/deps
new file mode 100644
index 00000000..01080d56
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/deps
@@ -0,0 +1,258 @@
+#
+# Generated makefile dependencies follow.
+#
+pwqual.so pwqual.po $(OUTPRE)pwqual.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/pwqual_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h pwqual.c
+kadm5_hook.so kadm5_hook.po $(OUTPRE)kadm5_hook.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kadm5_hook_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kadm5_hook.c
+pwqual_dict.so pwqual_dict.po $(OUTPRE)pwqual_dict.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/pwqual_plugin.h \
+  pwqual_dict.c
+pwqual_empty.so pwqual_empty.po $(OUTPRE)pwqual_empty.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/pwqual_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h pwqual_empty.c
+pwqual_hesiod.so pwqual_hesiod.po $(OUTPRE)pwqual_hesiod.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/pwqual_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h pwqual_hesiod.c
+pwqual_princ.so pwqual_princ.po $(OUTPRE)pwqual_princ.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/pwqual_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h pwqual_princ.c
+svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
+  svr_policy.c
+svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kadm5_hook_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h svr_principal.c
+server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  server_kdb.c
+server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h server_misc.c
+server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_alloc.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
+  $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(COM_ERR_DEPS) \
+  $(srcdir)/../../gssapi/generic/gssapiP_generic.h $(srcdir)/../../gssapi/generic/gssapi_ext.h \
+  $(srcdir)/../../gssapi/generic/gssapi_generic.h $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h \
+  $(srcdir)/../../gssapi/krb5/gssapi_krb5.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h server_init.c
+svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
+  svr_iters.c
+svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
+  svr_chpass_util.c
+adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
+  adb_xdr.c
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c b/krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c
new file mode 100644
index 00000000..df337bc3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c
@@ -0,0 +1,186 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/srv/kadm5_hook.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/* Consumer interface for kadm5_hook plugins. */
+
+#include "k5-int.h"
+#include "server_internal.h"
+#include <krb5/kadm5_hook_plugin.h>
+#include <adm_proto.h>
+#include <syslog.h>
+
+struct kadm5_hook_handle_st {
+    kadm5_hook_vftable_1 vt;
+    kadm5_hook_modinfo *data;
+};
+
+krb5_error_code
+k5_kadm5_hook_load(krb5_context context,
+                   kadm5_hook_handle **handles_out)
+{
+    krb5_error_code ret;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    size_t count;
+    kadm5_hook_handle *list = NULL, handle = NULL;
+
+    *handles_out = NULL;
+
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_KADM5_HOOK, &modules);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* For each module, allocate a handle, initialize its vtable, and
+     * initialize the module. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        handle = k5alloc(sizeof(*handle), &ret);
+        if (handle == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 2, (krb5_plugin_vtable)&handle->vt);
+        if (ret != 0) {         /* Failed vtable init is non-fatal. */
+            free(handle);
+            handle = NULL;
+            continue;
+        }
+        handle->data = NULL;
+        if (handle->vt.init != NULL) {
+            ret = handle->vt.init(context, &handle->data);
+            if (ret != 0)       /* Failed initialization is fatal. */
+                goto cleanup;
+        }
+        list[count++] = handle;
+        list[count] = NULL;
+        handle = NULL;
+    }
+    list[count] = NULL;
+
+    ret = 0;
+    *handles_out = list;
+    list = NULL;
+
+cleanup:
+    free(handle);
+    k5_plugin_free_modules(context, modules);
+    k5_kadm5_hook_free_handles(context, list);
+    return ret;
+}
+
+void
+k5_kadm5_hook_free_handles(krb5_context context, kadm5_hook_handle *handles)
+{
+    kadm5_hook_handle *hp, handle;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        handle = *hp;
+        if (handle->vt.fini != NULL)
+            handle->vt.fini(context, handle->data);
+        free(handle);
+    }
+    free(handles);
+}
+
+static void
+log_failure(krb5_context context,
+            const char *name,
+            const char *function,
+            krb5_error_code ret)
+{
+    const char *e = krb5_get_error_message(context, ret);
+
+    krb5_klog_syslog(LOG_ERR, _("kadm5_hook %s failed postcommit %s: %s"),
+                     name, function, e);
+    krb5_free_error_message(context, e);
+}
+
+#define ITERATE(operation, params)                                      \
+    for (; *handles; handles++) {                                       \
+        kadm5_hook_handle h = *handles;                                 \
+        krb5_error_code ret = 0;                                        \
+        if (h->vt.operation) {                                          \
+            ret = h->vt.operation params;                               \
+        }                                                               \
+        if (ret) {                                                      \
+            if (stage == KADM5_HOOK_STAGE_PRECOMMIT)                    \
+                return ret;                                             \
+            else                                                        \
+                log_failure(context, h->vt.name, #operation, ret);      \
+        }                                                               \
+    }
+
+
+kadm5_ret_t
+k5_kadm5_hook_chpass(krb5_context context, kadm5_hook_handle *handles,
+                     int stage, krb5_principal princ, krb5_boolean keepold,
+                     int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                     const char *newpass)
+{
+    ITERATE(chpass, (context, h->data,
+                     stage, princ, keepold,
+                     n_ks_tuple, ks_tuple, newpass));
+    return 0;
+}
+
+kadm5_ret_t
+k5_kadm5_hook_create(krb5_context context, kadm5_hook_handle *handles,
+                     int stage, kadm5_principal_ent_t princ, long mask,
+                     int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                     const char *newpass)
+{
+    ITERATE(create, (context, h->data,
+                     stage, princ, mask, n_ks_tuple, ks_tuple, newpass));
+    return 0;
+}
+
+kadm5_ret_t
+k5_kadm5_hook_modify(krb5_context context, kadm5_hook_handle *handles,
+                     int stage, kadm5_principal_ent_t princ, long mask)
+{
+    ITERATE(modify, (context, h->data, stage, princ, mask));
+    return 0;
+}
+
+kadm5_ret_t
+k5_kadm5_hook_rename(krb5_context context, kadm5_hook_handle *handles,
+                     int stage, krb5_principal oprinc, krb5_principal nprinc)
+{
+    ITERATE(rename, (context, h->data, stage, oprinc, nprinc));
+    return 0;
+}
+
+kadm5_ret_t
+k5_kadm5_hook_remove(krb5_context context, kadm5_hook_handle *handles,
+                     int stage, krb5_principal princ)
+{
+    ITERATE(remove, (context, h->data, stage, princ));
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/libkadm5srv_mit.exports b/krb5-1.21.3/src/lib/kadm5/srv/libkadm5srv_mit.exports
new file mode 100644
index 00000000..14c02a7f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/libkadm5srv_mit.exports
@@ -0,0 +1,134 @@
+_kadm5_check_handle
+_kadm5_chpass_principal_util
+hist_princ
+kadm5_chpass_principal
+kadm5_chpass_principal_3
+kadm5_chpass_principal_util
+kadm5_create_policy
+kadm5_create_principal
+kadm5_create_principal_3
+kadm5_decrypt_key
+kadm5_delete_policy
+kadm5_delete_principal
+kadm5_destroy
+kadm5_flush
+kadm5_free_config_params
+kadm5_free_kadm5_key_data
+kadm5_free_key_data
+kadm5_free_name_list
+kadm5_free_policy_ent
+kadm5_free_principal_ent
+kadm5_free_strings
+kadm5_get_config_params
+kadm5_get_policies
+kadm5_get_policy
+kadm5_get_principal
+kadm5_get_principal_keys
+kadm5_get_principals
+kadm5_get_privs
+kadm5_get_strings
+kadm5_init
+kadm5_init_anonymous
+kadm5_init_krb5_context
+kadm5_init_with_creds
+kadm5_init_with_password
+kadm5_init_with_skey
+kadm5_lock
+kadm5_modify_policy
+kadm5_modify_principal
+kadm5_purgekeys
+kadm5_randkey_principal
+kadm5_randkey_principal_3
+kadm5_rename_principal
+kadm5_set_string
+kadm5_setkey_principal
+kadm5_setkey_principal_3
+kadm5_setkey_principal_4
+kadm5_unlock
+kdb_delete_entry
+kdb_free_entry
+kdb_init_hist
+kdb_init_master
+kdb_iter_entry
+kdb_put_entry
+krb5_aprof_get_boolean
+krb5_aprof_get_deltat
+krb5_aprof_get_int32
+krb5_aprof_get_string
+krb5_aprof_get_string_all
+krb5_aprof_getvals
+krb5_copy_key_data_contents
+krb5_flagnum_to_string
+krb5_flagspec_to_mask
+krb5_flags_to_strings
+krb5_free_key_data_contents
+krb5_keysalt_is_present
+krb5_keysalt_iterate
+krb5_klog_close
+krb5_klog_init
+krb5_klog_reopen
+krb5_klog_set_context
+krb5_klog_syslog
+krb5_string_to_keysalts
+master_db
+master_princ
+osa_free_princ_ent
+passwd_check
+xdr_chpass3_arg
+xdr_chpass_arg
+xdr_chrand3_arg
+xdr_chrand_arg
+xdr_chrand_ret
+xdr_cpol_arg
+xdr_cprinc3_arg
+xdr_cprinc_arg
+xdr_dpol_arg
+xdr_dprinc_arg
+xdr_generic_ret
+xdr_getpkeys_arg
+xdr_getpkeys_ret
+xdr_getprivs_ret
+xdr_gpol_arg
+xdr_gpol_ret
+xdr_gpols_arg
+xdr_gpols_ret
+xdr_gprinc_arg
+xdr_gprinc_ret
+xdr_gprincs_arg
+xdr_gprincs_ret
+xdr_gstrings_arg
+xdr_gstrings_ret
+xdr_kadm5_policy_ent_rec
+xdr_kadm5_principal_ent_rec
+xdr_kadm5_ret_t
+xdr_krb5_deltat
+xdr_krb5_enctype
+xdr_krb5_flags
+xdr_krb5_int16
+xdr_krb5_key_data
+xdr_krb5_key_data_nocontents
+xdr_krb5_key_salt_tuple
+xdr_krb5_keyblock
+xdr_krb5_kvno
+xdr_krb5_octet
+xdr_krb5_principal
+xdr_krb5_salttype
+xdr_krb5_string_attr
+xdr_krb5_timestamp
+xdr_krb5_tl_data
+xdr_krb5_ui_2
+xdr_krb5_ui_4
+xdr_mpol_arg
+xdr_mprinc_arg
+xdr_nullstring
+xdr_nulltype
+xdr_osa_princ_ent_rec
+xdr_osa_pw_hist_ent
+xdr_purgekeys_arg
+xdr_rprinc_arg
+xdr_setkey3_arg
+xdr_setkey4_arg
+xdr_setkey_arg
+xdr_sstring_arg
+xdr_ui_4
+kadm5_init_iprop
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/pwqual.c b/krb5-1.21.3/src/lib/kadm5/srv/pwqual.c
new file mode 100644
index 00000000..666852f1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/pwqual.c
@@ -0,0 +1,127 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/srv/pwqual.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Consumer interface for password quality plugins.
+ */
+
+#include "k5-int.h"
+#include "server_internal.h"
+#include <krb5/pwqual_plugin.h>
+
+struct pwqual_handle_st {
+    struct krb5_pwqual_vtable_st vt;
+    krb5_pwqual_moddata data;
+};
+
+krb5_error_code
+k5_pwqual_load(krb5_context context, const char *dict_file,
+               pwqual_handle **handles_out)
+{
+    krb5_error_code ret;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    size_t count;
+    pwqual_handle *list = NULL, handle = NULL;
+
+    *handles_out = NULL;
+
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_PWQUAL, &modules);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* For each module, allocate a handle, initialize its vtable, and bind the
+     * dictionary filename. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        handle = k5alloc(sizeof(*handle), &ret);
+        if (handle == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
+        if (ret != 0) {         /* Failed vtable init is non-fatal. */
+            free(handle);
+            handle = NULL;
+            continue;
+        }
+        handle->data = NULL;
+        if (handle->vt.open != NULL) {
+            ret = handle->vt.open(context, dict_file, &handle->data);
+            if (ret != 0)       /* Failed dictionary binding is fatal. */
+                goto cleanup;
+        }
+        list[count++] = handle;
+        list[count] = NULL;
+        handle = NULL;
+    }
+    list[count] = NULL;
+
+    ret = 0;
+    *handles_out = list;
+    list = NULL;
+
+cleanup:
+    free(handle);
+    k5_plugin_free_modules(context, modules);
+    k5_pwqual_free_handles(context, list);
+    return ret;
+}
+
+void
+k5_pwqual_free_handles(krb5_context context, pwqual_handle *handles)
+{
+    pwqual_handle *hp, handle;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        handle = *hp;
+        if (handle->vt.close != NULL)
+            handle->vt.close(context, handle->data);
+        free(handle);
+    }
+    free(handles);
+}
+
+const char *
+k5_pwqual_name(krb5_context context, pwqual_handle handle)
+{
+    return handle->vt.name;
+}
+
+krb5_error_code
+k5_pwqual_check(krb5_context context, pwqual_handle handle,
+                const char *password, const char *policy_name,
+                krb5_principal princ)
+{
+    return handle->vt.check(context, handle->data, password, policy_name,
+                            princ, NULL);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c
new file mode 100644
index 00000000..bdd44c23
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c
@@ -0,0 +1,257 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/srv/pwqual_dict.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ */
+
+/* Password quality module to look up passwords within the realm dictionary. */
+
+#include "k5-platform.h"
+#include <krb5/pwqual_plugin.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <kadm5/admin.h>
+#include "adm_proto.h"
+#include <syslog.h>
+#include "server_internal.h"
+
+typedef struct dict_moddata_st {
+    char **word_list;        /* list of word pointers */
+    char *word_block;        /* actual word data */
+    unsigned int word_count; /* number of words */
+} *dict_moddata;
+
+
+/*
+ * Function: word_compare
+ *
+ * Purpose: compare two words in the dictionary.
+ *
+ * Arguments:
+ *      w1              (input) pointer to first word
+ *      w2              (input) pointer to second word
+ *      <return value>  result of strcmp
+ *
+ * Requires:
+ *      w1 and w2 to point to valid memory
+ *
+ */
+
+static int
+word_compare(const void *s1, const void *s2)
+{
+    return (strcasecmp(*(const char **)s1, *(const char **)s2));
+}
+
+/*
+ * Function: init-dict
+ *
+ * Purpose: Initialize in memory word dictionary
+ *
+ * Arguments:
+ *          none
+ *          <return value> KADM5_OK on success errno on failure;
+ *                         (but success on ENOENT)
+ *
+ * Requires:
+ *      If WORDFILE exists, it must contain a list of words,
+ *      one word per-line.
+ *
+ * Effects:
+ *      If WORDFILE exists, it is read into memory sorted for future
+ * use.  If it does not exist, it syslogs an error message and returns
+ * success.
+ *
+ * Modifies:
+ *      word_list to point to a chunk of allocated memory containing
+ *      pointers to words
+ *      word_block to contain the dictionary.
+ *
+ */
+
+static int
+init_dict(dict_moddata dict, const char *dict_file)
+{
+    int fd;
+    size_t len, i;
+    char *p, *t;
+    struct stat sb;
+
+    if (dict_file == NULL) {
+        krb5_klog_syslog(LOG_INFO,
+                         _("No dictionary file specified, continuing without "
+                           "one."));
+        return KADM5_OK;
+    }
+    if ((fd = open(dict_file, O_RDONLY)) == -1) {
+        if (errno == ENOENT) {
+            krb5_klog_syslog(LOG_ERR,
+                             _("WARNING!  Cannot find dictionary file %s, "
+                               "continuing without one."), dict_file);
+            return KADM5_OK;
+        } else
+            return errno;
+    }
+    set_cloexec_fd(fd);
+    if (fstat(fd, &sb) == -1) {
+        close(fd);
+        return errno;
+    }
+    dict->word_block = malloc(sb.st_size + 1);
+    if (dict->word_block == NULL) {
+        (void)close(fd);
+        return ENOMEM;
+    }
+    if (read(fd, dict->word_block, sb.st_size) != sb.st_size) {
+        (void)close(fd);
+        return errno;
+    }
+    (void)close(fd);
+    dict->word_block[sb.st_size] = '\0';
+
+    p = dict->word_block;
+    len = sb.st_size;
+    while(len > 0 && (t = memchr(p, '\n', len)) != NULL) {
+        *t = '\0';
+        len -= t - p + 1;
+        p = t + 1;
+        dict->word_count++;
+    }
+    if ((dict->word_list = malloc(dict->word_count * sizeof(char *))) == NULL)
+        return ENOMEM;
+    p = dict->word_block;
+    for (i = 0; i < dict->word_count; i++) {
+        dict->word_list[i] = p;
+        p += strlen(p) + 1;
+    }
+    qsort(dict->word_list, dict->word_count, sizeof(char *), word_compare);
+    return KADM5_OK;
+}
+
+/*
+ * Function: destroy_dict
+ *
+ * Purpose: destroy in-core copy of dictionary.
+ *
+ * Arguments:
+ *          none
+ *          <return value>  none
+ * Requires:
+ *          nothing
+ * Effects:
+ *      frees up memory occupied by word_list and word_block
+ *      sets count back to 0, and resets the pointers to NULL
+ *
+ * Modifies:
+ *      word_list, word_block, and word_count.
+ *
+ */
+
+static void
+destroy_dict(dict_moddata dict)
+{
+    if (dict == NULL)
+        return;
+    free(dict->word_list);
+    free(dict->word_block);
+    free(dict);
+    return;
+}
+
+/* Implement the password quality open method by reading in dict_file. */
+static krb5_error_code
+dict_open(krb5_context context, const char *dict_file,
+          krb5_pwqual_moddata *data)
+{
+    krb5_error_code ret;
+    dict_moddata dict;
+
+    *data = NULL;
+
+    /* Allocate and initialize a dictionary structure. */
+    dict = malloc(sizeof(*dict));
+    if (dict == NULL)
+        return ENOMEM;
+    dict->word_list = NULL;
+    dict->word_block = NULL;
+    dict->word_count = 0;
+
+    /* Fill in the dictionary structure with data from dict_file. */
+    ret = init_dict(dict, dict_file);
+    if (ret != 0) {
+        destroy_dict(dict);
+        return ret;
+    }
+
+    *data = (krb5_pwqual_moddata)dict;
+    return 0;
+}
+
+/* Implement the password quality check method by checking the password
+ * against the dictionary, as well as against principal components. */
+static krb5_error_code
+dict_check(krb5_context context, krb5_pwqual_moddata data,
+           const char *password, const char *policy_name,
+           krb5_principal princ, const char **languages)
+{
+    dict_moddata dict = (dict_moddata)data;
+
+    /* Don't check the dictionary for principals with no password policy. */
+    if (policy_name == NULL)
+        return 0;
+
+    /* Check against words in the dictionary if we successfully loaded one. */
+    if (dict->word_list != NULL &&
+        bsearch(&password, dict->word_list, dict->word_count, sizeof(char *),
+                word_compare) != NULL)
+        return KADM5_PASS_Q_DICT;
+
+    return 0;
+}
+
+/* Implement the password quality close method. */
+static void
+dict_close(krb5_context context, krb5_pwqual_moddata data)
+{
+    destroy_dict((dict_moddata)data);
+}
+
+krb5_error_code
+pwqual_dict_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable)
+{
+    krb5_pwqual_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_pwqual_vtable)vtable;
+    vt->name = "dict";
+    vt->open = dict_open;
+    vt->check = dict_check;
+    vt->close = dict_close;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/pwqual_empty.c b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_empty.c
new file mode 100644
index 00000000..1fc9b7bc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_empty.c
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/srv/pwqual_empty.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Password quality module to reject empty passwords */
+
+#include "k5-int.h"
+#include <krb5/pwqual_plugin.h>
+#include "server_internal.h"
+
+static krb5_error_code
+empty_check(krb5_context context, krb5_pwqual_moddata data,
+            const char *password, const char *policy_name,
+            krb5_principal princ, const char **languages)
+{
+    /* Unlike other built-in modules, this one operates even for principals
+     * with no password policy. */
+    if (*password == '\0') {
+        k5_setmsg(context, KADM5_PASS_Q_TOOSHORT,
+                  _("Empty passwords are not allowed"));
+        return KADM5_PASS_Q_TOOSHORT;
+    }
+    return 0;
+}
+
+krb5_error_code
+pwqual_empty_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable)
+{
+    krb5_pwqual_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_pwqual_vtable)vtable;
+    vt->name = "empty";
+    vt->check = empty_check;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/pwqual_hesiod.c b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_hesiod.c
new file mode 100644
index 00000000..7c82bba9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_hesiod.c
@@ -0,0 +1,134 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/srv/pwqual_hesiod.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Password quality module to check passwords against GECOS fields of Hesiod
+ * passwd information, if the tree is compiled with Hesiod support.
+ */
+
+#include "k5-int.h"
+#include <krb5/pwqual_plugin.h>
+#include "server_internal.h"
+#include <ctype.h>
+
+#ifdef HESIOD
+#include <pwd.h>
+
+static char *
+reverse(char *str, char *newstr, size_t newstr_size)
+{
+    char *p, *q;
+    size_t i;
+
+    i = strlen(str);
+    if (i >= newstr_size)
+        i = newstr_size - 1;
+    p = str + i - 1;
+    q = newstr;
+    q[i] = '\0';
+    for (; i > 0; i--)
+        *q++ = *p--;
+
+    return newstr;
+}
+
+static int
+str_check_gecos(char *gecos, const char *pwstr)
+{
+    char *cp, *ncp, *tcp, revbuf[80];
+
+    for (cp = gecos; *cp; ) {
+        /* Skip past punctuation */
+        for (; *cp; cp++)
+            if (isalnum(*cp))
+                break;
+
+        /* Skip to the end of the word */
+        for (ncp = cp; *ncp; ncp++) {
+            if (!isalnum(*ncp) && *ncp != '\'')
+                break;
+        }
+
+        /* Delimit end of word */
+        if (*ncp)
+            *ncp++ = '\0';
+
+        /* Check word to see if it's the password */
+        if (*cp) {
+            if (!strcasecmp(pwstr, cp))
+                return 1;
+            tcp = reverse(cp, revbuf, sizeof(revbuf));
+            if (!strcasecmp(pwstr, tcp))
+                return 1;
+            cp = ncp;
+        } else
+            break;
+    }
+    return 0;
+}
+#endif /* HESIOD */
+
+static krb5_error_code
+hesiod_check(krb5_context context, krb5_pwqual_moddata data,
+             const char *password, const char *policy_name,
+             krb5_principal princ, const char **languages)
+{
+#ifdef HESIOD
+    extern struct passwd *hes_getpwnam();
+    struct passwd *ent;
+    int i, n;
+    const char *cp;
+
+    /* Don't check for principals with no password policy. */
+    if (policy_name == NULL)
+        return 0;
+
+    n = krb5_princ_size(handle->context, princ);
+    for (i = 0; i < n; i++) {
+        ent = hes_getpwnam(cp);
+        if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) {
+            k5_setmsg(context, KADM5_PASS_Q_DICT,
+                      _("Password may not match user information."));
+            return KADM5_PASS_Q_DICT;
+        }
+    }
+#endif /* HESIOD */
+    return 0;
+}
+
+krb5_error_code
+pwqual_hesiod_initvt(krb5_context context, int maj_ver, int min_ver,
+                     krb5_plugin_vtable vtable)
+{
+    krb5_pwqual_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_pwqual_vtable)vtable;
+    vt->name = "hesiod";
+    vt->check = hesiod_check;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/pwqual_princ.c b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_princ.c
new file mode 100644
index 00000000..14012e59
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/pwqual_princ.c
@@ -0,0 +1,74 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/srv/pwqual_princ.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Password quality module to check passwords against principal components */
+
+#include "k5-int.h"
+#include <krb5/pwqual_plugin.h>
+#include "server_internal.h"
+
+static krb5_error_code
+princ_check(krb5_context context, krb5_pwqual_moddata data,
+            const char *password, const char *policy_name,
+            krb5_principal princ, const char **languages)
+{
+    int i, n;
+    char *cp;
+
+    /* Don't check for principals with no password policy. */
+    if (policy_name == NULL)
+        return 0;
+
+    /* Check against components of the principal. */
+    n = krb5_princ_size(handle->context, princ);
+    cp = krb5_princ_realm(handle->context, princ)->data;
+    if (strcasecmp(cp, password) == 0)
+        return KADM5_PASS_Q_DICT;
+    for (i = 0; i < n; i++) {
+        cp = krb5_princ_component(handle->context, princ, i)->data;
+        if (strcasecmp(cp, password) == 0) {
+            k5_setmsg(context, KADM5_PASS_Q_DICT,
+                      _("Password may not match principal name"));
+            return KADM5_PASS_Q_DICT;
+        }
+    }
+
+    return 0;
+}
+
+krb5_error_code
+pwqual_princ_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable)
+{
+    krb5_pwqual_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_pwqual_vtable)vtable;
+    vt->name = "princ";
+    vt->check = princ_check;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/server_handle.c b/krb5-1.21.3/src/lib/kadm5/srv/server_handle.c
new file mode 100644
index 00000000..37425c8b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/server_handle.c
@@ -0,0 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include "server_internal.h"
+
+int _kadm5_check_handle(void *handle)
+{
+    CHECK_HANDLE(handle);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/server_init.c b/krb5-1.21.3/src/lib/kadm5/srv/server_init.c
new file mode 100644
index 00000000..2c0d51ef
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/server_init.c
@@ -0,0 +1,362 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ * $Source$
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "k5-int.h"
+#include <com_err.h>
+#include <kadm5/admin.h>
+#include <krb5.h>
+#include <kdb_log.h>
+#include "server_internal.h"
+#include "osconf.h"
+#include "iprop_hdr.h"
+
+static int dup_db_args(kadm5_server_handle_t handle, char **db_args)
+{
+    int count  = 0;
+    int ret = 0;
+
+    for (count=0; db_args && db_args[count]; count++);
+    if (count == 0) {
+        handle->db_args = NULL;
+        goto clean_n_exit;
+    }
+
+    handle->db_args = calloc(sizeof(char*), count+1);
+    if (handle->db_args == NULL) {
+        ret=ENOMEM;
+        goto clean_n_exit;
+    }
+
+    for (count=0; db_args[count]; count++) {
+        handle->db_args[count] = strdup(db_args[count]);
+        if (handle->db_args[count] == NULL) {
+            ret = ENOMEM;
+            goto clean_n_exit;
+        }
+    }
+
+clean_n_exit:
+    if (ret && handle->db_args) {
+        for (count=0; handle->db_args[count]; count++)
+            free(handle->db_args[count]);
+
+        free(handle->db_args), handle->db_args = NULL;
+    }
+
+    return ret;
+}
+
+static void free_db_args(kadm5_server_handle_t handle)
+{
+    int count;
+
+    if (handle->db_args) {
+        for (count=0; handle->db_args[count]; count++)
+            free(handle->db_args[count]);
+
+        free(handle->db_args), handle->db_args = NULL;
+    }
+}
+
+static void
+free_handle(kadm5_server_handle_t handle)
+{
+    if (handle == NULL)
+        return;
+
+    destroy_pwqual(handle);
+    k5_kadm5_hook_free_handles(handle->context, handle->hook_handles);
+    ulog_fini(handle->context);
+    krb5_db_fini(handle->context);
+    krb5_free_principal(handle->context, handle->current_caller);
+    kadm5_free_config_params(handle->context, &handle->params);
+    free(handle->lhandle);
+    free_db_args(handle);
+    free(handle);
+}
+
+kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
+                                     char *pass, char *service_name,
+                                     kadm5_config_params *params,
+                                     krb5_ui_4 struct_version,
+                                     krb5_ui_4 api_version,
+                                     char **db_args,
+                                     void **server_handle)
+{
+    return kadm5_init(context, client_name, pass, service_name, params,
+                      struct_version, api_version, db_args,
+                      server_handle);
+}
+
+kadm5_ret_t kadm5_init_anonymous(krb5_context context, char *client_name,
+                                 char *service_name,
+                                 kadm5_config_params *params,
+                                 krb5_ui_4 struct_version,
+                                 krb5_ui_4 api_version,
+                                 char **db_args,
+                                 void **server_handle)
+{
+    return kadm5_init(context, client_name, NULL, service_name, params,
+                      struct_version, api_version, db_args,
+                      server_handle);
+}
+
+kadm5_ret_t kadm5_init_with_creds(krb5_context context,
+                                  char *client_name,
+                                  krb5_ccache ccache,
+                                  char *service_name,
+                                  kadm5_config_params *params,
+                                  krb5_ui_4 struct_version,
+                                  krb5_ui_4 api_version,
+                                  char **db_args,
+                                  void **server_handle)
+{
+    /*
+     * A program calling init_with_creds *never* expects to prompt
+     * the user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+     * non-zero, return an error.
+     */
+    if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+        params->mkey_from_kbd)
+        return KADM5_BAD_SERVER_PARAMS;
+    return kadm5_init(context, client_name, NULL, service_name, params,
+                      struct_version, api_version, db_args,
+                      server_handle);
+}
+
+
+kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
+                                 char *keytab, char *service_name,
+                                 kadm5_config_params *params,
+                                 krb5_ui_4 struct_version,
+                                 krb5_ui_4 api_version,
+                                 char **db_args,
+                                 void **server_handle)
+{
+    /*
+     * A program calling init_with_skey *never* expects to prompt the
+     * user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+     * non-zero, return an error.
+     */
+    if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+        params->mkey_from_kbd)
+        return KADM5_BAD_SERVER_PARAMS;
+    return kadm5_init(context, client_name, NULL, service_name, params,
+                      struct_version, api_version, db_args,
+                      server_handle);
+}
+
+kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
+                       char *service_name,
+                       kadm5_config_params *params_in,
+                       krb5_ui_4 struct_version,
+                       krb5_ui_4 api_version,
+                       char **db_args,
+                       void **server_handle)
+{
+    krb5_error_code ret;
+    kadm5_server_handle_t handle = NULL;
+    kadm5_config_params params_local; /* for v1 compat */
+
+    if (! server_handle)
+        return EINVAL;
+
+    if (! client_name)
+        return EINVAL;
+
+    CHECK_VERSIONS(struct_version, api_version, KADM5_OLD_SERVER_API_VERSION,
+                   KADM5_NEW_SERVER_API_VERSION);
+
+    handle = k5alloc(sizeof(*handle), &ret);
+    if (handle == NULL)
+        goto cleanup;
+    handle->context = context;
+
+    ret = dup_db_args(handle, db_args);
+    if (ret)
+        goto cleanup;
+
+    initialize_ovk_error_table();
+    initialize_ovku_error_table();
+
+    handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
+    handle->struct_version = struct_version;
+    handle->api_version = api_version;
+
+    /*
+     * Acquire relevant profile entries.  Merge values
+     * in params_in with values from profile, based on
+     * params_in->mask.
+     */
+    memset(&params_local, 0, sizeof(params_local));
+
+    ret = kadm5_get_config_params(handle->context, 1, params_in,
+                                  &handle->params);
+    if (ret)
+        goto cleanup;
+
+#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME |     \
+                         KADM5_CONFIG_ENCTYPE |                         \
+                         KADM5_CONFIG_FLAGS |                           \
+                         KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \
+                         KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES)
+
+#define IPROP_REQUIRED_PARAMS                   \
+    (KADM5_CONFIG_IPROP_ENABLED |               \
+     KADM5_CONFIG_IPROP_LOGFILE |               \
+     KADM5_CONFIG_IPROP_PORT)
+
+    if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+        ret = KADM5_MISSING_CONF_PARAMS;
+        goto cleanup;
+    }
+    if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED
+        && handle->params.iprop_enabled) {
+        if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) {
+            ret = KADM5_MISSING_CONF_PARAMS;
+            goto cleanup;
+        }
+    }
+
+    ret = krb5_set_default_realm(handle->context, handle->params.realm);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_db_open(handle->context, db_args,
+                       KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_parse_name(handle->context, client_name,
+                          &handle->current_caller);
+    if (ret)
+        goto cleanup;
+
+    handle->lhandle = k5alloc(sizeof(*handle), &ret);
+    if (handle->lhandle == NULL)
+        goto cleanup;
+    *handle->lhandle = *handle;
+    handle->lhandle->api_version = KADM5_API_VERSION_4;
+    handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
+    handle->lhandle->lhandle = handle->lhandle;
+
+    ret = kdb_init_master(handle, handle->params.realm,
+                          (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+                          && handle->params.mkey_from_kbd);
+    if (ret)
+        goto cleanup;
+
+    ret = kdb_init_hist(handle, handle->params.realm);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_kadm5_hook_load(context,&handle->hook_handles);
+    if (ret)
+        goto cleanup;
+
+    ret = init_pwqual(handle);
+    if (ret)
+        goto cleanup;
+
+    *server_handle = handle;
+    handle = NULL;
+
+cleanup:
+    free_handle(handle);
+    return ret;
+}
+
+kadm5_ret_t kadm5_destroy(void *server_handle)
+{
+    CHECK_HANDLE(server_handle);
+    free_handle(server_handle);
+    return KADM5_OK;
+}
+
+kadm5_ret_t kadm5_lock(void *server_handle)
+{
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+
+    CHECK_HANDLE(server_handle);
+    ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE);
+    if (ret)
+        return ret;
+
+    return KADM5_OK;
+}
+
+kadm5_ret_t kadm5_unlock(void *server_handle)
+{
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+
+    CHECK_HANDLE(server_handle);
+    ret = krb5_db_unlock(handle->context);
+    if (ret)
+        return ret;
+
+    return KADM5_OK;
+}
+
+kadm5_ret_t kadm5_flush(void *server_handle)
+{
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+
+    CHECK_HANDLE(server_handle);
+
+    if ((ret = krb5_db_fini(handle->context)) ||
+        (ret = krb5_db_open(handle->context, handle->db_args,
+                            KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
+        (void) kadm5_destroy(server_handle);
+        return ret;
+    }
+    return KADM5_OK;
+}
+
+int _kadm5_check_handle(void *handle)
+{
+    CHECK_HANDLE(handle);
+    return 0;
+}
+
+#include "gssapiP_krb5.h"
+krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
+{
+    static int first_time = 1;
+    if (first_time) {
+        krb5_error_code err;
+        err = krb5_gss_use_kdc_context();
+        if (err)
+            return err;
+        first_time = 0;
+    }
+    return krb5int_init_context_kdc(ctx);
+}
+
+krb5_error_code
+kadm5_init_iprop(void *handle, char **db_args)
+{
+    kadm5_server_handle_t iprop_h;
+    krb5_error_code retval;
+
+    iprop_h = handle;
+    if (iprop_h->params.iprop_enabled) {
+        ulog_set_role(iprop_h->context, IPROP_PRIMARY);
+        retval = ulog_map(iprop_h->context, iprop_h->params.iprop_logfile,
+                          iprop_h->params.iprop_ulogsize);
+        if (retval)
+            return (retval);
+    }
+    return (0);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c b/krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c
new file mode 100644
index 00000000..2ec80a0f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c
@@ -0,0 +1,449 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include "server_internal.h"
+
+krb5_principal      master_princ;
+krb5_keyblock       master_keyblock; /* local mkey */
+krb5_db_entry       master_db;
+
+krb5_principal      hist_princ;
+
+/* much of this code is stolen from the kdc.  there should be some
+   library code to deal with this. */
+
+krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
+                                char *r, int from_keyboard)
+{
+    int            ret = 0;
+    char           *realm;
+    krb5_boolean   from_kbd = FALSE;
+    krb5_kvno       mkvno = IGNORE_VNO;
+
+    if (from_keyboard)
+        from_kbd = TRUE;
+
+    if (r == NULL)  {
+        if ((ret = krb5_get_default_realm(handle->context, &realm)))
+            return ret;
+    } else {
+        realm = r;
+    }
+
+    krb5_free_principal(handle->context, master_princ);
+    master_princ = NULL;
+    if ((ret = krb5_db_setup_mkey_name(handle->context,
+                                       handle->params.mkey_name,
+                                       realm, NULL, &master_princ)))
+        goto done;
+
+    krb5_free_keyblock_contents(handle->context, &master_keyblock);
+    master_keyblock.enctype = handle->params.enctype;
+
+    /*
+     * Fetch the local mkey, may not be the latest but that's okay because we
+     * really want the list of all mkeys and those can be retrieved with any
+     * valid mkey.
+     */
+    ret = krb5_db_fetch_mkey(handle->context, master_princ,
+                             master_keyblock.enctype, from_kbd,
+                             FALSE /* only prompt once */,
+                             handle->params.stash_file,
+                             &mkvno  /* get the kvno of the returned mkey */,
+                             NULL /* I'm not sure about this,
+                                     but it's what the kdc does --marc */,
+                             &master_keyblock);
+    if (ret)
+        goto done;
+
+    if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ,
+                                       &master_keyblock))) {
+        krb5_db_fini(handle->context);
+        return (ret);
+    }
+
+done:
+    if (r == NULL)
+        free(realm);
+
+    return(ret);
+}
+
+/* Fetch the currently active master key version number and keyblock. */
+krb5_error_code
+kdb_get_active_mkey(kadm5_server_handle_t handle, krb5_kvno *act_kvno_out,
+                    krb5_keyblock **act_mkey_out)
+{
+    krb5_error_code ret;
+    krb5_actkvno_node *active_mkey_list;
+
+    ret = krb5_dbe_fetch_act_key_list(handle->context, master_princ,
+                                      &active_mkey_list);
+    if (ret)
+        return ret;
+    ret = krb5_dbe_find_act_mkey(handle->context, active_mkey_list,
+                                 act_kvno_out, act_mkey_out);
+    krb5_dbe_free_actkvno_list(handle->context, active_mkey_list);
+    return ret;
+}
+
+/*
+ * Function: kdb_init_hist
+ *
+ * Purpose: Initializes the hist_princ variable.
+ *
+ * Arguments:
+ *
+ *      handle          (r) kadm5 api server handle
+ *      r               (r) realm of history principal to use, or NULL
+ *
+ * Effects: This function sets the value of the hist_princ global variable.
+ */
+krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
+{
+    int     ret = 0;
+    char    *realm, *hist_name;
+
+    if (r == NULL)  {
+        if ((ret = krb5_get_default_realm(handle->context, &realm)))
+            return ret;
+    } else {
+        realm = r;
+    }
+
+    if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) {
+        hist_name = NULL;
+        goto done;
+    }
+
+    krb5_free_principal(handle->context, hist_princ);
+    hist_princ = NULL;
+    if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ)))
+        goto done;
+
+done:
+    free(hist_name);
+    if (r == NULL)
+        free(realm);
+    return ret;
+}
+
+static krb5_error_code
+create_hist(kadm5_server_handle_t handle)
+{
+    kadm5_ret_t ret;
+    krb5_key_salt_tuple ks[1];
+    kadm5_principal_ent_rec ent;
+    long mask = KADM5_PRINCIPAL | KADM5_MAX_LIFE | KADM5_ATTRIBUTES;
+
+    /* Create the history principal. */
+    memset(&ent, 0, sizeof(ent));
+    ent.principal = hist_princ;
+    ent.max_life = KRB5_KDB_DISALLOW_ALL_TIX;
+    ent.attributes = 0;
+    ks[0].ks_enctype = handle->params.enctype;
+    ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
+    ret = kadm5_create_principal_3(handle, &ent, mask, 1, ks, NULL);
+    if (ret)
+        return ret;
+
+    /* For better compatibility with pre-1.8 libkadm5 code, we want the
+     * initial history kvno to be 2, so re-randomize it. */
+    return kadm5_randkey_principal_3(handle, ent.principal, 0, 1, ks,
+                                     NULL, NULL);
+}
+
+/*
+ * Fetch the current history key(s), creating the history principal if
+ * necessary.  Database created since krb5 1.3 will have only one key, but
+ * databases created before that may have multiple keys (of the same kvno)
+ * and we need to try them all.  History keys will be returned in a list
+ * terminated by an entry with enctype 0.
+ */
+krb5_error_code
+kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock **keyblocks_out,
+                 krb5_kvno *kvno_out)
+{
+    krb5_error_code ret;
+    krb5_db_entry *kdb;
+    krb5_keyblock *mkey, *kblist = NULL;
+    krb5_int16 i;
+
+    /* Fetch the history principal, creating it if necessary. */
+    ret = kdb_get_entry(handle, hist_princ, &kdb, NULL);
+    if (ret == KADM5_UNK_PRINC) {
+        ret = create_hist(handle);
+        if (ret)
+            return ret;
+        ret = kdb_get_entry(handle, hist_princ, &kdb, NULL);
+    }
+    if (ret)
+        return ret;
+
+    if (kdb->n_key_data <= 0) {
+        ret = KRB5_KDB_NO_MATCHING_KEY;
+        k5_setmsg(handle->context, ret,
+                  _("History entry contains no key data"));
+        goto done;
+    }
+
+    ret = krb5_dbe_find_mkey(handle->context, kdb, &mkey);
+    if (ret)
+        goto done;
+
+    kblist = k5calloc(kdb->n_key_data + 1, sizeof(*kblist), &ret);
+    if (kblist == NULL)
+        goto done;
+    for (i = 0; i < kdb->n_key_data; i++) {
+        ret = krb5_dbe_decrypt_key_data(handle->context, mkey,
+                                        &kdb->key_data[i], &kblist[i],
+                                        NULL);
+        if (ret)
+            goto done;
+    }
+
+    *keyblocks_out = kblist;
+    kblist = NULL;
+    *kvno_out = kdb->key_data[0].key_data_kvno;
+
+done:
+    kdb_free_entry(handle, kdb, NULL);
+    kdb_free_keyblocks(handle, kblist);
+    return ret;
+}
+
+/* Free all keyblocks in a list (terminated by a keyblock with enctype 0). */
+void
+kdb_free_keyblocks(kadm5_server_handle_t handle, krb5_keyblock *keyblocks)
+{
+    krb5_keyblock *kb;
+
+    if (keyblocks == NULL)
+        return;
+    for (kb = keyblocks; kb->enctype != 0; kb++)
+        krb5_free_keyblock_contents(handle->context, kb);
+    free(keyblocks);
+}
+
+/*
+ * Function: kdb_get_entry
+ *
+ * Purpose: Gets an entry from the kerberos database and breaks
+ * it out into a krb5_db_entry and an osa_princ_ent_t.
+ *
+ * Arguments:
+ *
+ *              handle          (r) the server_handle
+ *              principal       (r) the principal to get
+ *              kdb             (w) krb5_db_entry to create
+ *              adb             (w) osa_princ_ent_rec to fill in
+ *
+ * when the caller is done with kdb and adb, kdb_free_entry must be
+ * called to release them.  The adb record is filled in with the
+ * contents of the KRB5_TL_KADM_DATA record; if that record doesn't
+ * exist, an empty but valid adb record is returned.
+ */
+krb5_error_code
+kdb_get_entry(kadm5_server_handle_t handle,
+              krb5_principal principal, krb5_db_entry **kdb_ptr,
+              osa_princ_ent_rec *adb)
+{
+    krb5_error_code ret;
+    krb5_tl_data tl_data;
+    XDR xdrs;
+    krb5_db_entry *kdb;
+
+    *kdb_ptr = NULL;
+
+    ret = krb5_db_get_principal(handle->context, principal, 0, &kdb);
+    if (ret == KRB5_KDB_NOENTRY)
+        return(KADM5_UNK_PRINC);
+    if (ret)
+        return(ret);
+
+    if (adb) {
+        memset(adb, 0, sizeof(*adb));
+
+        tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+        /*
+         * XXX Currently, lookup_tl_data always returns zero; it sets
+         * tl_data->tl_data_length to zero if the type isn't found.
+         * This should be fixed...
+         */
+        if ((ret = krb5_dbe_lookup_tl_data(handle->context, kdb, &tl_data))
+            || (tl_data.tl_data_length == 0)) {
+            /* there's no admin data.  this can happen, if the admin
+               server is put into production after some principals
+               are created.  In this case, return valid admin
+               data (which is all zeros with the hist_kvno filled
+               in), and when the entry is written, the admin
+               data will get stored correctly. */
+
+            adb->admin_history_kvno = INITIAL_HIST_KVNO;
+            *kdb_ptr = kdb;
+            return(ret);
+        }
+
+        xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents,
+                      tl_data.tl_data_length, XDR_DECODE);
+        if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
+            xdr_destroy(&xdrs);
+            krb5_db_free_principal(handle->context, kdb);
+            return(KADM5_XDR_FAILURE);
+        }
+        xdr_destroy(&xdrs);
+    }
+
+    *kdb_ptr = kdb;
+    return(0);
+}
+
+/*
+ * Function: kdb_free_entry
+ *
+ * Purpose: frees the resources allocated by kdb_get_entry
+ *
+ * Arguments:
+ *
+ *              handle          (r) the server_handle
+ *              kdb             (w) krb5_db_entry to fill in
+ *              adb             (w) osa_princ_ent_rec to fill in
+ *
+ * when the caller is done with kdb and adb, kdb_free_entry must be
+ * called to release them.
+ */
+
+krb5_error_code
+kdb_free_entry(kadm5_server_handle_t handle,
+               krb5_db_entry *kdb, osa_princ_ent_rec *adb)
+{
+    XDR xdrs;
+
+
+    if (kdb)
+        krb5_db_free_principal(handle->context, kdb);
+
+    if (adb) {
+        xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+        xdr_osa_princ_ent_rec(&xdrs, adb);
+        xdr_destroy(&xdrs);
+    }
+
+    return(0);
+}
+
+/*
+ * Function: kdb_put_entry
+ *
+ * Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to
+ * database.
+ *
+ * Arguments:
+ *
+ *              handle  (r) the server_handle
+ *              kdb     (r/w) the krb5_db_entry to store
+ *              adb     (r) the osa_princ_db_ent to store
+ *
+ * Effects:
+ *
+ * The last modifier field of the kdb is set to the caller at now.
+ * adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as
+ * KRB5_TL_KADM_DATA.  kdb is then written to the database.
+ */
+krb5_error_code
+kdb_put_entry(kadm5_server_handle_t handle,
+              krb5_db_entry *kdb, osa_princ_ent_rec *adb)
+{
+    krb5_error_code ret;
+    krb5_timestamp now;
+    XDR xdrs;
+    krb5_tl_data tl_data;
+
+    ret = krb5_timeofday(handle->context, &now);
+    if (ret)
+        return(ret);
+
+    ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
+                                         handle->current_caller);
+    if (ret)
+        return(ret);
+
+    xdralloc_create(&xdrs, XDR_ENCODE);
+    if(! xdr_osa_princ_ent_rec(&xdrs, adb)) {
+        xdr_destroy(&xdrs);
+        return(KADM5_XDR_FAILURE);
+    }
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+    tl_data.tl_data_length = xdr_getpos(&xdrs);
+    tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
+
+    ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data);
+
+    xdr_destroy(&xdrs);
+
+    if (ret)
+        return(ret);
+
+    /* we are always updating TL data */
+    kdb->mask |= KADM5_TL_DATA;
+
+    ret = krb5_db_put_principal(handle->context, kdb);
+    if (ret)
+        return(ret);
+
+    return(0);
+}
+
+krb5_error_code
+kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name)
+{
+    krb5_error_code ret;
+
+    ret = krb5_db_delete_principal(handle->context, name);
+    if (ret == KRB5_KDB_NOENTRY)
+        ret = 0;
+    return ret;
+}
+
+typedef struct _iter_data {
+    void (*func)(void *, krb5_principal);
+    void *data;
+} iter_data;
+
+static krb5_error_code
+kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb)
+{
+    iter_data *id = (iter_data *) data;
+
+    (*(id->func))(id->data, kdb->princ);
+
+    return(0);
+}
+
+krb5_error_code
+kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry,
+               void (*iter_fct)(void *, krb5_principal), void *data)
+{
+    iter_data id;
+    krb5_error_code ret;
+
+    id.func = iter_fct;
+    id.data = data;
+
+    ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id, 0);
+    if (ret)
+        return(ret);
+
+    return(0);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/server_misc.c b/krb5-1.21.3/src/lib/kadm5/srv/server_misc.c
new file mode 100644
index 00000000..87e97c9f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/server_misc.c
@@ -0,0 +1,158 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ */
+
+#include    "k5-int.h"
+#include    <kdb.h>
+#include    <ctype.h>
+#include    <pwd.h>
+#include    <syslog.h>
+#include    "server_internal.h"
+#include    <adm_proto.h>
+
+kadm5_ret_t
+init_pwqual(kadm5_server_handle_t handle)
+{
+    krb5_error_code ret;
+    pwqual_handle *list;
+    const char *dict_file = NULL;
+
+    /* Register the built-in password quality modules. */
+    ret = k5_plugin_register(handle->context, PLUGIN_INTERFACE_PWQUAL,
+                             "dict", pwqual_dict_initvt);
+    if (ret != 0)
+        return ret;
+    ret = k5_plugin_register(handle->context, PLUGIN_INTERFACE_PWQUAL,
+                             "empty", pwqual_empty_initvt);
+    if (ret != 0)
+        return ret;
+    ret = k5_plugin_register(handle->context, PLUGIN_INTERFACE_PWQUAL,
+                             "hesiod", pwqual_hesiod_initvt);
+    if (ret != 0)
+        return ret;
+    ret = k5_plugin_register(handle->context, PLUGIN_INTERFACE_PWQUAL,
+                             "princ", pwqual_princ_initvt);
+    if (ret != 0)
+        return ret;
+
+    /* Load all available password quality modules. */
+    if (handle->params.mask & KADM5_CONFIG_DICT_FILE)
+        dict_file = handle->params.dict_file;
+    ret = k5_pwqual_load(handle->context, dict_file, &list);
+    if (ret != 0)
+        return ret;
+
+    handle->qual_handles = list;
+    return 0;
+}
+
+/* Check that a password meets the quality constraints given in pol. */
+static kadm5_ret_t
+check_against_policy(kadm5_server_handle_t handle, const char *password,
+                     kadm5_policy_ent_t pol)
+{
+    int hasupper = 0, haslower = 0, hasdigit = 0, haspunct = 0, hasspec = 0;
+    int c, nclasses;
+
+    /* Check against the policy's minimum length. */
+    if (strlen(password) < (size_t)pol->pw_min_length)
+        return KADM5_PASS_Q_TOOSHORT;
+
+    /* Check against the policy's minimum number of character classes. */
+    while ((c = (unsigned char)*password++) != '\0') {
+        if (islower(c))
+            haslower = 1;
+        else if (isupper(c))
+            hasupper = 1;
+        else if (isdigit(c))
+            hasdigit = 1;
+        else if (ispunct(c))
+            haspunct = 1;
+        else
+            hasspec = 1;
+    }
+    nclasses = hasupper + haslower + hasdigit + haspunct + hasspec;
+    if (nclasses < pol->pw_min_classes)
+        return KADM5_PASS_Q_CLASS;
+    return KADM5_OK;
+}
+
+/* Check a password against all available password quality plugin modules
+ * and against policy. */
+kadm5_ret_t
+passwd_check(kadm5_server_handle_t handle, const char *password,
+             kadm5_policy_ent_t policy, krb5_principal princ)
+{
+    krb5_error_code ret;
+    pwqual_handle *h;
+    const char *polname = (policy == NULL) ? NULL : policy->policy;
+
+    if (policy != NULL) {
+        ret = check_against_policy(handle, password, policy);
+        if (ret != 0)
+            return ret;
+    }
+    for (h = handle->qual_handles; *h != NULL; h++) {
+        ret = k5_pwqual_check(handle->context, *h, password, polname, princ);
+        if (ret != 0) {
+            const char *e = krb5_get_error_message(handle->context, ret);
+            const char *modname = k5_pwqual_name(handle->context, *h);
+            char *princname;
+            if (krb5_unparse_name(handle->context, princ, &princname) != 0)
+                princname = NULL;
+            krb5_klog_syslog(LOG_ERR,
+                             _("password quality module %s rejected password "
+                               "for %s: %s"), modname,
+                             princname ? princname : "(can't unparse)", e);
+            krb5_free_error_message(handle->context, e);
+            free(princname);
+            return ret;
+        }
+    }
+    return 0;
+}
+
+void
+destroy_pwqual(kadm5_server_handle_t handle)
+{
+    k5_pwqual_free_handles(handle->context, handle->qual_handles);
+    handle->qual_handles = NULL;
+}
+
+kadm5_ret_t
+kadm5_get_privs(void *server_handle, long *privs)
+{
+    CHECK_HANDLE(server_handle);
+
+    /* this is impossible to do with the current interface.  For now,
+       return all privs, which will confuse some clients, but not
+       deny any access to users of "smart" clients which try to cache */
+
+    *privs = ~0;
+
+    return KADM5_OK;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/svr_chpass_util.c b/krb5-1.21.3/src/lib/kadm5/srv/svr_chpass_util.c
new file mode 100644
index 00000000..bfb66466
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/svr_chpass_util.c
@@ -0,0 +1,17 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <kadm5/admin.h>
+#include "server_internal.h"
+
+kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
+                                        krb5_principal princ,
+                                        char *new_pw,
+                                        char **ret_pw,
+                                        char *msg_ret,
+                                        unsigned int msg_len)
+{
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+    return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
+                                        new_pw, ret_pw, msg_ret, msg_len);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c b/krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c
new file mode 100644
index 00000000..d5a99dea
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c
@@ -0,0 +1,270 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include "autoconf.h"
+#if defined(HAVE_COMPILE) && defined(HAVE_STEP)
+#define SOLARIS_REGEXPS
+#elif defined(HAVE_REGCOMP) && defined(HAVE_REGEXEC)
+#define POSIX_REGEXPS
+#elif defined(HAVE_RE_COMP) && defined(HAVE_RE_EXEC)
+#define BSD_REGEXPS
+#else
+#error I cannot find any regexp functions
+#endif
+
+#include        <sys/types.h>
+#include        <string.h>
+#include        <kadm5/admin.h>
+#ifdef SOLARIS_REGEXPS
+#include        <regexpr.h>
+#endif
+#ifdef POSIX_REGEXPS
+#include        <regex.h>
+#endif
+#include <stdlib.h>
+
+#include        "server_internal.h"
+
+struct iter_data {
+    krb5_context context;
+    char **names;
+    int n_names, sz_names;
+    unsigned int malloc_failed;
+    char *exp;
+#ifdef SOLARIS_REGEXPS
+    char *expbuf;
+#endif
+#ifdef POSIX_REGEXPS
+    regex_t preg;
+#endif
+};
+
+/* XXX Duplicated in kdb5_util!  */
+/*
+ * Function: glob_to_regexp
+ *
+ * Arguments:
+ *
+ *      glob    (r) the shell-style glob (?*[]) to convert
+ *      realm   (r) the default realm to append, or NULL
+ *      regexp  (w) the ed-style regexp created from glob
+ *
+ * Effects:
+ *
+ * regexp is filled in with allocated memory contained a regular
+ * expression to be used with re_comp/compile that matches what the
+ * shell-style glob would match.  If glob does not contain an "@"
+ * character and realm is not NULL, "@*" is appended to the regexp.
+ *
+ * Conversion algorithm:
+ *
+ *      quoted characters are copied quoted
+ *      ? is converted to .
+ *      * is converted to .*
+ *      active characters are quoted: ^, $, .
+ *      [ and ] are active but supported and have the same meaning, so
+ *              they are copied
+ *      other characters are copied
+ *      regexp is anchored with ^ and $
+ */
+static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
+{
+    int append_realm;
+    char *p;
+
+    /* validate the glob */
+    if (glob[strlen(glob)-1] == '\\')
+        return EINVAL;
+
+    /* A character of glob can turn into two in regexp, plus ^ and $ */
+    /* and trailing null.  If glob has no @, also allocate space for */
+    /* the realm. */
+    append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
+    p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
+    if (p == NULL)
+        return ENOMEM;
+    *regexp = p;
+
+    *p++ = '^';
+    while (*glob) {
+        switch (*glob) {
+        case '?':
+            *p++ = '.';
+            break;
+        case '*':
+            *p++ = '.';
+            *p++ = '*';
+            break;
+        case '.':
+        case '^':
+        case '$':
+            *p++ = '\\';
+            *p++ = *glob;
+            break;
+        case '\\':
+            *p++ = '\\';
+            *p++ = *++glob;
+            break;
+        default:
+            *p++ = *glob;
+            break;
+        }
+        glob++;
+    }
+
+    if (append_realm) {
+        *p++ = '@';
+        *p++ = '.';
+        *p++ = '*';
+    }
+
+    *p++ = '$';
+    *p++ = '\0';
+    return KADM5_OK;
+}
+
+static void get_either_iter(struct iter_data *data, char *name)
+{
+    int match;
+#ifdef SOLARIS_REGEXPS
+    match = (step(name, data->expbuf) != 0);
+#endif
+#ifdef POSIX_REGEXPS
+    match = (regexec(&data->preg, name, 0, NULL, 0) == 0);
+#endif
+#ifdef BSD_REGEXPS
+    match = (re_exec(name) != 0);
+#endif
+    if (match) {
+        if (data->n_names == data->sz_names) {
+            int new_sz = data->sz_names * 2;
+            char **new_names = realloc(data->names,
+                                       new_sz * sizeof(char *));
+            if (new_names) {
+                data->names = new_names;
+                data->sz_names = new_sz;
+            } else {
+                data->malloc_failed = 1;
+                free(name);
+                return;
+            }
+        }
+        data->names[data->n_names++] = name;
+    } else
+        free(name);
+}
+
+static void get_pols_iter(void *data, osa_policy_ent_t entry)
+{
+    char *name;
+
+    if ((name = strdup(entry->name)) == NULL)
+        return;
+    get_either_iter(data, name);
+}
+
+static void get_princs_iter(void *data, krb5_principal princ)
+{
+    struct iter_data *id = (struct iter_data *) data;
+    char *name;
+
+    if (krb5_unparse_name(id->context, princ, &name) != 0)
+        return;
+    get_either_iter(data, name);
+}
+
+static kadm5_ret_t kadm5_get_either(int princ,
+                                    void *server_handle,
+                                    char *exp,
+                                    char ***princs,
+                                    int *count)
+{
+    struct iter_data data;
+#ifdef BSD_REGEXPS
+    char *msg;
+#endif
+    char *regexp = NULL;
+    int i, ret;
+    kadm5_server_handle_t handle = server_handle;
+
+    *princs = NULL;
+    *count = 0;
+    if (exp == NULL)
+        exp = "*";
+
+    CHECK_HANDLE(server_handle);
+
+    if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
+                              &regexp)) != KADM5_OK)
+        return ret;
+
+    if (
+#ifdef SOLARIS_REGEXPS
+        ((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
+#endif
+#ifdef POSIX_REGEXPS
+        ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0)
+#endif
+#ifdef BSD_REGEXPS
+        ((msg = (char *) re_comp(regexp)) != NULL)
+#endif
+    )
+    {
+        /* XXX syslog msg or regerr(regerrno) */
+        free(regexp);
+        return EINVAL;
+    }
+
+    data.n_names = 0;
+    data.sz_names = 10;
+    data.malloc_failed = 0;
+    data.names = malloc(sizeof(char *) * data.sz_names);
+    if (data.names == NULL) {
+        free(regexp);
+        return ENOMEM;
+    }
+
+    if (princ) {
+        data.context = handle->context;
+        ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data);
+    } else {
+        ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data);
+    }
+
+    free(regexp);
+#ifdef POSIX_REGEXPS
+    regfree(&data.preg);
+#endif
+    if ( !ret && data.malloc_failed)
+        ret = ENOMEM;
+    if ( ret ) {
+        for (i = 0; i < data.n_names; i++)
+            free(data.names[i]);
+        free(data.names);
+        return ret;
+    }
+
+    *princs = data.names;
+    *count = data.n_names;
+    return KADM5_OK;
+}
+
+kadm5_ret_t kadm5_get_principals(void *server_handle,
+                                 char *exp,
+                                 char ***princs,
+                                 int *count)
+{
+    return kadm5_get_either(1, server_handle, exp, princs, count);
+}
+
+kadm5_ret_t kadm5_get_policies(void *server_handle,
+                               char *exp,
+                               char ***pols,
+                               int *count)
+{
+    return kadm5_get_either(0, server_handle, exp, pols, count);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/svr_policy.c b/krb5-1.21.3/src/lib/kadm5/srv/svr_policy.c
new file mode 100644
index 00000000..9569e247
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/svr_policy.c
@@ -0,0 +1,427 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include        <sys/types.h>
+#include        <kadm5/admin.h>
+#include        "server_internal.h"
+#include        <stdlib.h>
+#include        <string.h>
+#include        <errno.h>
+
+#define MIN_PW_HISTORY  1
+#define MIN_PW_CLASSES  1
+#define MAX_PW_CLASSES  5
+#define MIN_PW_LENGTH   1
+
+/* Validate allowed_keysalts. */
+static kadm5_ret_t
+validate_allowed_keysalts(const char *allowed_keysalts)
+{
+    kadm5_ret_t ret;
+    krb5_key_salt_tuple *ks_tuple = NULL;
+    krb5_int32 n_ks_tuple = 0;
+
+    if (strchr(allowed_keysalts, '\t') != NULL)
+        return KADM5_BAD_KEYSALTS;
+    ret = krb5_string_to_keysalts(allowed_keysalts, ",", NULL, 0,
+                                  &ks_tuple, &n_ks_tuple);
+    free(ks_tuple);
+    if (ret == EINVAL)
+        return KADM5_BAD_KEYSALTS;
+    return ret;
+}
+
+/*
+ * Function: kadm5_create_policy
+ *
+ * Purpose: Create Policies in the policy DB.
+ *
+ * Arguments:
+ *      entry   (input) The policy entry to be written out to the DB.
+ *      mask    (input) Specifies which fields in entry are to ge written out
+ *                      and which get default values.
+ *      <return value> 0 if successful otherwise an error code is returned.
+ *
+ * Requires:
+ *      Entry must be a valid principal entry, and mask have a valid value.
+ *
+ * Effects:
+ *      Writes the data to the database, and does a database sync if
+ *      successful.
+ *
+ */
+
+kadm5_ret_t
+kadm5_create_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
+{
+    kadm5_server_handle_t handle = server_handle;
+    osa_policy_ent_rec  pent, *check_pol;
+    int                 ret;
+    char                *p;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
+        return EINVAL;
+    if(strlen(entry->policy) == 0)
+        return KADM5_BAD_POLICY;
+    if (!(mask & KADM5_POLICY) || (mask & ~ALL_POLICY_MASK))
+        return KADM5_BAD_MASK;
+    if ((mask & KADM5_POLICY_ALLOWED_KEYSALTS) &&
+        entry->allowed_keysalts != NULL) {
+        ret = validate_allowed_keysalts(entry->allowed_keysalts);
+        if (ret)
+            return ret;
+    }
+
+    ret = krb5_db_get_policy(handle->context, entry->policy, &check_pol);
+    if (!ret) {
+        krb5_db_free_policy(handle->context, check_pol);
+        return KADM5_DUP;
+    } else if (ret != KRB5_KDB_NOENTRY) {
+        return ret;
+    }
+
+    memset(&pent, 0, sizeof(pent));
+    pent.name = entry->policy;
+    p = entry->policy;
+    while(*p != '\0') {
+        if(*p < ' ' || *p > '~')
+            return KADM5_BAD_POLICY;
+        else
+            p++;
+    }
+    if (!(mask & KADM5_PW_MAX_LIFE))
+        pent.pw_max_life = 0;
+    else
+        pent.pw_max_life = entry->pw_max_life;
+    if (!(mask & KADM5_PW_MIN_LIFE))
+        pent.pw_min_life = 0;
+    else {
+        if((mask & KADM5_PW_MAX_LIFE)) {
+            if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0)
+                return KADM5_BAD_MIN_PASS_LIFE;
+        }
+        pent.pw_min_life = entry->pw_min_life;
+    }
+    if (!(mask & KADM5_PW_MIN_LENGTH))
+        pent.pw_min_length = MIN_PW_LENGTH;
+    else {
+        if(entry->pw_min_length < MIN_PW_LENGTH)
+            return KADM5_BAD_LENGTH;
+        pent.pw_min_length = entry->pw_min_length;
+    }
+    if (!(mask & KADM5_PW_MIN_CLASSES))
+        pent.pw_min_classes = MIN_PW_CLASSES;
+    else {
+        if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES)
+            return KADM5_BAD_CLASS;
+        pent.pw_min_classes = entry->pw_min_classes;
+    }
+    if (!(mask & KADM5_PW_HISTORY_NUM))
+        pent.pw_history_num = MIN_PW_HISTORY;
+    else {
+        if(entry->pw_history_num < MIN_PW_HISTORY)
+            return KADM5_BAD_HISTORY;
+        else
+            pent.pw_history_num = entry->pw_history_num;
+    }
+
+    if (handle->api_version >= KADM5_API_VERSION_4) {
+        if (!(mask & KADM5_POLICY_ATTRIBUTES))
+            pent.attributes = 0;
+        else
+            pent.attributes = entry->attributes;
+        if (!(mask & KADM5_POLICY_MAX_LIFE))
+            pent.max_life = 0;
+        else
+            pent.max_life = entry->max_life;
+        if (!(mask & KADM5_POLICY_MAX_RLIFE))
+            pent.max_renewable_life = 0;
+        else
+            pent.max_renewable_life = entry->max_renewable_life;
+        if (!(mask & KADM5_POLICY_ALLOWED_KEYSALTS))
+            pent.allowed_keysalts = 0;
+        else
+            pent.allowed_keysalts = entry->allowed_keysalts;
+        if (!(mask & KADM5_POLICY_TL_DATA)) {
+            pent.n_tl_data = 0;
+            pent.tl_data = NULL;
+        } else {
+            pent.n_tl_data = entry->n_tl_data;
+            pent.tl_data = entry->tl_data;
+        }
+    }
+    if (handle->api_version >= KADM5_API_VERSION_3) {
+        if (!(mask & KADM5_PW_MAX_FAILURE))
+            pent.pw_max_fail = 0;
+        else
+            pent.pw_max_fail = entry->pw_max_fail;
+        if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+            pent.pw_failcnt_interval = 0;
+        else
+            pent.pw_failcnt_interval = entry->pw_failcnt_interval;
+        if (!(mask & KADM5_PW_LOCKOUT_DURATION))
+            pent.pw_lockout_duration = 0;
+        else
+            pent.pw_lockout_duration = entry->pw_lockout_duration;
+    }
+
+    if ((ret = krb5_db_create_policy(handle->context, &pent)))
+        return ret;
+    else
+        return KADM5_OK;
+}
+
+kadm5_ret_t
+kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
+{
+    kadm5_server_handle_t handle = server_handle;
+    osa_policy_ent_t            entry;
+    int                         ret;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if(name == (kadm5_policy_t) NULL)
+        return EINVAL;
+    if(strlen(name) == 0)
+        return KADM5_BAD_POLICY;
+    ret = krb5_db_get_policy(handle->context, name, &entry);
+    if (ret == KRB5_KDB_NOENTRY)
+        return KADM5_UNK_POLICY;
+    else if (ret)
+        return ret;
+
+    krb5_db_free_policy(handle->context, entry);
+    ret = krb5_db_delete_policy(handle->context, name);
+    if (ret == KRB5_KDB_POLICY_REF)
+        ret = KADM5_POLICY_REF;
+    return (ret == 0) ? KADM5_OK : ret;
+}
+
+/* Allocate and form a TL data list of a desired size. */
+static int
+alloc_tl_data(krb5_int16 n_tl_data, krb5_tl_data **tldp)
+{
+    krb5_tl_data **tlp = tldp;
+    int i;
+
+    for (i = 0; i < n_tl_data; i++) {
+        *tlp = calloc(1, sizeof(krb5_tl_data));
+        if (*tlp == NULL)
+            return ENOMEM; /* caller cleans up */
+        memset(*tlp, 0, sizeof(krb5_tl_data));
+        tlp = &((*tlp)->tl_data_next);
+    }
+
+    return 0;
+}
+
+static kadm5_ret_t
+copy_tl_data(krb5_int16 n_tl_data, krb5_tl_data *tl_data,
+             krb5_tl_data **out)
+{
+    kadm5_ret_t ret;
+    krb5_tl_data *tl, *tl_new;
+
+    if ((ret = alloc_tl_data(n_tl_data, out)))
+        return ret; /* caller cleans up */
+
+    tl = tl_data;
+    tl_new = *out;
+    for (; tl; tl = tl->tl_data_next, tl_new = tl_new->tl_data_next) {
+        tl_new->tl_data_contents = malloc(tl->tl_data_length);
+        if (tl_new->tl_data_contents == NULL)
+            return ENOMEM;
+        memcpy(tl_new->tl_data_contents, tl->tl_data_contents,
+               tl->tl_data_length);
+        tl_new->tl_data_type = tl->tl_data_type;
+        tl_new->tl_data_length = tl->tl_data_length;
+    }
+
+    return 0;
+}
+
+kadm5_ret_t
+kadm5_modify_policy(void *server_handle, kadm5_policy_ent_t entry, long mask)
+{
+    kadm5_server_handle_t    handle = server_handle;
+    krb5_tl_data            *tl;
+    osa_policy_ent_t         p;
+    int                      ret;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
+        return EINVAL;
+    if(strlen(entry->policy) == 0)
+        return KADM5_BAD_POLICY;
+    if ((mask & KADM5_POLICY) || (mask & ~ALL_POLICY_MASK))
+        return KADM5_BAD_MASK;
+    if ((mask & KADM5_POLICY_ALLOWED_KEYSALTS) &&
+        entry->allowed_keysalts != NULL) {
+        ret = validate_allowed_keysalts(entry->allowed_keysalts);
+        if (ret)
+            return ret;
+    }
+    if ((mask & KADM5_POLICY_TL_DATA)) {
+        tl = entry->tl_data;
+        while (tl != NULL) {
+            if (tl->tl_data_type < 256)
+                return KADM5_BAD_TL_TYPE;
+            tl = tl->tl_data_next;
+        }
+    }
+
+    ret = krb5_db_get_policy(handle->context, entry->policy, &p);
+    if (ret == KRB5_KDB_NOENTRY)
+        return KADM5_UNK_POLICY;
+    else if (ret)
+        return ret;
+
+    if ((mask & KADM5_PW_MAX_LIFE))
+        p->pw_max_life = entry->pw_max_life;
+    if ((mask & KADM5_PW_MIN_LIFE)) {
+        if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0)  {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_MIN_PASS_LIFE;
+        }
+        p->pw_min_life = entry->pw_min_life;
+    }
+    if ((mask & KADM5_PW_MIN_LENGTH)) {
+        if(entry->pw_min_length < MIN_PW_LENGTH) {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_LENGTH;
+        }
+        p->pw_min_length = entry->pw_min_length;
+    }
+    if ((mask & KADM5_PW_MIN_CLASSES)) {
+        if(entry->pw_min_classes > MAX_PW_CLASSES ||
+           entry->pw_min_classes < MIN_PW_CLASSES) {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_CLASS;
+        }
+        p->pw_min_classes = entry->pw_min_classes;
+    }
+    if ((mask & KADM5_PW_HISTORY_NUM)) {
+        if(entry->pw_history_num < MIN_PW_HISTORY) {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_HISTORY;
+        }
+        p->pw_history_num = entry->pw_history_num;
+    }
+    if (handle->api_version >= KADM5_API_VERSION_3) {
+        if ((mask & KADM5_PW_MAX_FAILURE))
+            p->pw_max_fail = entry->pw_max_fail;
+        if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+            p->pw_failcnt_interval = entry->pw_failcnt_interval;
+        if ((mask & KADM5_PW_LOCKOUT_DURATION))
+            p->pw_lockout_duration = entry->pw_lockout_duration;
+    }
+    if (handle->api_version >= KADM5_API_VERSION_4) {
+        if ((mask & KADM5_POLICY_ATTRIBUTES))
+            p->attributes = entry->attributes;
+        if ((mask & KADM5_POLICY_MAX_LIFE))
+            p->max_life = entry->max_life;
+        if ((mask & KADM5_POLICY_MAX_RLIFE))
+            p->max_renewable_life = entry->max_renewable_life;
+        if ((mask & KADM5_POLICY_ALLOWED_KEYSALTS)) {
+            free(p->allowed_keysalts);
+            p->allowed_keysalts = NULL;
+            if (entry->allowed_keysalts != NULL) {
+                p->allowed_keysalts = strdup(entry->allowed_keysalts);
+                if (p->allowed_keysalts == NULL) {
+                    ret = ENOMEM;
+                    goto cleanup;
+                }
+            }
+        }
+        if ((mask & KADM5_POLICY_TL_DATA)) {
+            for (tl = entry->tl_data; tl != NULL; tl = tl->tl_data_next) {
+                ret = krb5_db_update_tl_data(handle->context, &p->n_tl_data,
+                                             &p->tl_data, tl);
+                if (ret)
+                    goto cleanup;
+            }
+        }
+    }
+    ret = krb5_db_put_policy(handle->context, p);
+
+cleanup:
+    krb5_db_free_policy(handle->context, p);
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_get_policy(void *server_handle, kadm5_policy_t name,
+                 kadm5_policy_ent_t entry)
+{
+    osa_policy_ent_t            t;
+    kadm5_ret_t                 ret;
+    kadm5_server_handle_t handle = server_handle;
+
+    memset(entry, 0, sizeof(*entry));
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if (name == (kadm5_policy_t) NULL)
+        return EINVAL;
+    if(strlen(name) == 0)
+        return KADM5_BAD_POLICY;
+    ret = krb5_db_get_policy(handle->context, name, &t);
+    if (ret == KRB5_KDB_NOENTRY)
+        return KADM5_UNK_POLICY;
+    else if (ret)
+        return ret;
+
+    if ((entry->policy = strdup(t->name)) == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    entry->pw_min_life = t->pw_min_life;
+    entry->pw_max_life = t->pw_max_life;
+    entry->pw_min_length = t->pw_min_length;
+    entry->pw_min_classes = t->pw_min_classes;
+    entry->pw_history_num = t->pw_history_num;
+    if (handle->api_version >= KADM5_API_VERSION_3) {
+        entry->pw_max_fail = t->pw_max_fail;
+        entry->pw_failcnt_interval = t->pw_failcnt_interval;
+        entry->pw_lockout_duration = t->pw_lockout_duration;
+    }
+    if (handle->api_version >= KADM5_API_VERSION_4) {
+        entry->attributes = t->attributes;
+        entry->max_life = t->max_life;
+        entry->max_renewable_life = t->max_renewable_life;
+        if (t->allowed_keysalts) {
+            entry->allowed_keysalts = strdup(t->allowed_keysalts);
+            if (!entry->allowed_keysalts) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        }
+        ret = copy_tl_data(t->n_tl_data, t->tl_data, &entry->tl_data);
+        if (ret)
+            goto cleanup;
+        entry->n_tl_data = t->n_tl_data;
+    }
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        kadm5_free_policy_ent(handle, entry);
+    krb5_db_free_policy(handle->context, t);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c b/krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c
new file mode 100644
index 00000000..8c3ad3a6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c
@@ -0,0 +1,2058 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+#include "k5-int.h"
+#include        <sys/time.h>
+#include        <kadm5/admin.h>
+#include        <kdb.h>
+#include        "server_internal.h"
+
+#include <krb5/kadm5_hook_plugin.h>
+
+#ifdef USE_VALGRIND
+#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_DEFINED(LVALUE) ((void)0)
+#endif
+
+extern  krb5_principal      master_princ;
+extern  krb5_principal      hist_princ;
+extern  krb5_keyblock       master_keyblock;
+extern  krb5_db_entry       master_db;
+
+static int decrypt_key_data(krb5_context context,
+                            int n_key_data, krb5_key_data *key_data,
+                            krb5_keyblock **keyblocks, int *n_keys);
+
+/*
+ * XXX Functions that ought to be in libkrb5.a, but aren't.
+ */
+kadm5_ret_t krb5_copy_key_data_contents(context, from, to)
+    krb5_context context;
+    krb5_key_data *from, *to;
+{
+    int i, idx;
+
+    *to = *from;
+
+    idx = (from->key_data_ver == 1 ? 1 : 2);
+
+    for (i = 0; i < idx; i++) {
+        if ( from->key_data_length[i] ) {
+            to->key_data_contents[i] = malloc(from->key_data_length[i]);
+            if (to->key_data_contents[i] == NULL) {
+                for (i = 0; i < idx; i++)
+                    zapfree(to->key_data_contents[i], to->key_data_length[i]);
+                return ENOMEM;
+            }
+            memcpy(to->key_data_contents[i], from->key_data_contents[i],
+                   from->key_data_length[i]);
+        }
+    }
+    return 0;
+}
+
+static krb5_tl_data *dup_tl_data(krb5_tl_data *tl)
+{
+    krb5_tl_data *n;
+
+    n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
+    if (n == NULL)
+        return NULL;
+    n->tl_data_contents = malloc(tl->tl_data_length);
+    if (n->tl_data_contents == NULL) {
+        free(n);
+        return NULL;
+    }
+    memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length);
+    n->tl_data_type = tl->tl_data_type;
+    n->tl_data_length = tl->tl_data_length;
+    n->tl_data_next = NULL;
+    return n;
+}
+
+/* This is in lib/kdb/kdb_cpw.c, but is static */
+static void cleanup_key_data(context, count, data)
+    krb5_context   context;
+    int                    count;
+    krb5_key_data        * data;
+{
+    int i;
+
+    for (i = 0; i < count; i++)
+        krb5_free_key_data_contents(context, &data[i]);
+    free(data);
+}
+
+/* Check whether a ks_tuple is present in an array of ks_tuples. */
+static krb5_boolean
+ks_tuple_present(int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                 krb5_key_salt_tuple *looking_for)
+{
+    int i;
+
+    for (i = 0; i < n_ks_tuple; i++) {
+        if (ks_tuple[i].ks_enctype == looking_for->ks_enctype &&
+            ks_tuple[i].ks_salttype == looking_for->ks_salttype)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Fetch a policy if it exists; set *have_pol_out appropriately.  Return
+ * success whether or not the policy exists. */
+static kadm5_ret_t
+get_policy(kadm5_server_handle_t handle, const char *name,
+           kadm5_policy_ent_t policy_out, krb5_boolean *have_pol_out)
+{
+    kadm5_ret_t ret;
+
+    *have_pol_out = FALSE;
+    if (name == NULL)
+        return 0;
+    ret = kadm5_get_policy(handle->lhandle, (char *)name, policy_out);
+    if (ret == 0)
+        *have_pol_out = TRUE;
+    return (ret == KADM5_UNK_POLICY) ? 0 : ret;
+}
+
+/*
+ * Apply the -allowedkeysalts policy (see kadmin(1)'s addpol/modpol
+ * commands).  We use the allowed key/salt tuple list as a default if
+ * no ks tuples as provided by the caller.  We reject lists that include
+ * key/salts outside the policy.  We re-order the requested ks tuples
+ * (which may be a subset of the policy) to reflect the policy order.
+ */
+static kadm5_ret_t
+apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
+                     int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                     int *new_n_kstp, krb5_key_salt_tuple **new_kstp)
+{
+    kadm5_ret_t ret;
+    kadm5_policy_ent_rec polent;
+    krb5_boolean have_polent;
+    int ak_n_ks_tuple = 0;
+    int new_n_ks_tuple = 0;
+    krb5_key_salt_tuple *ak_ks_tuple = NULL;
+    krb5_key_salt_tuple *new_ks_tuple = NULL;
+    krb5_key_salt_tuple *subset;
+    int i, m;
+
+    if (new_n_kstp != NULL) {
+        *new_n_kstp = 0;
+        *new_kstp = NULL;
+    }
+
+    memset(&polent, 0, sizeof(polent));
+    ret = get_policy(handle, policy, &polent, &have_polent);
+    if (ret)
+        goto cleanup;
+
+    if (polent.allowed_keysalts == NULL) {
+        /* Requested keysalts allowed or default to supported_enctypes. */
+        if (n_ks_tuple == 0) {
+            /* Default to supported_enctypes. */
+            n_ks_tuple = handle->params.num_keysalts;
+            ks_tuple = handle->params.keysalts;
+        }
+        /* Dup the requested or defaulted keysalt tuples. */
+        new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple));
+        if (new_ks_tuple == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple));
+        new_n_ks_tuple = n_ks_tuple;
+        ret = 0;
+        goto cleanup;
+    }
+
+    ret = krb5_string_to_keysalts(polent.allowed_keysalts,
+                                  ",",   /* Tuple separators */
+                                  NULL,  /* Key/salt separators */
+                                  0,     /* No duplicates */
+                                  &ak_ks_tuple,
+                                  &ak_n_ks_tuple);
+    /*
+     * Malformed policy?  Shouldn't happen, but it's remotely possible
+     * someday, so we don't assert, just bail.
+     */
+    if (ret)
+        goto cleanup;
+
+    /* Check that the requested ks_tuples are within policy, if we have one. */
+    for (i = 0; i < n_ks_tuple; i++) {
+        if (!ks_tuple_present(ak_n_ks_tuple, ak_ks_tuple, &ks_tuple[i])) {
+            ret = KADM5_BAD_KEYSALTS;
+            goto cleanup;
+        }
+    }
+
+    /* Have policy but no ks_tuple input?  Output the policy. */
+    if (n_ks_tuple == 0) {
+        new_n_ks_tuple = ak_n_ks_tuple;
+        new_ks_tuple = ak_ks_tuple;
+        ak_ks_tuple = NULL;
+        goto cleanup;
+    }
+
+    /*
+     * Now filter the policy ks tuples by the requested ones so as to
+     * preserve in the requested sub-set the relative ordering from the
+     * policy.  We could optimize this (if (n_ks_tuple == ak_n_ks_tuple)
+     * then skip this), but we don't bother.
+     */
+    subset = calloc(n_ks_tuple, sizeof(*subset));
+    if (subset == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    for (m = 0, i = 0; i < ak_n_ks_tuple && m < n_ks_tuple; i++) {
+        if (ks_tuple_present(n_ks_tuple, ks_tuple, &ak_ks_tuple[i]))
+            subset[m++] = ak_ks_tuple[i];
+    }
+    new_ks_tuple = subset;
+    new_n_ks_tuple = m;
+    ret = 0;
+
+cleanup:
+    if (have_polent)
+        kadm5_free_policy_ent(handle->lhandle, &polent);
+    free(ak_ks_tuple);
+
+    if (new_n_kstp != NULL) {
+        *new_n_kstp = new_n_ks_tuple;
+        *new_kstp = new_ks_tuple;
+    } else {
+        free(new_ks_tuple);
+    }
+    return ret;
+}
+
+
+/*
+ * Set *passptr to NULL if the request looks like the first part of a krb5 1.6
+ * addprinc -randkey operation.  The krb5 1.6 dummy password for these requests
+ * was invalid UTF-8, which runs afoul of the arcfour string-to-key.
+ */
+static void
+check_1_6_dummy(kadm5_principal_ent_t entry, long mask,
+                int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char **passptr)
+{
+    int i;
+    char *password = *passptr;
+
+    /* Old-style randkey operations disallowed tickets to start. */
+    if (password == NULL || !(mask & KADM5_ATTRIBUTES) ||
+        !(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX))
+        return;
+
+    /* The 1.6 dummy password was the octets 1..255. */
+    for (i = 0; (unsigned char) password[i] == i + 1; i++);
+    if (password[i] != '\0' || i != 255)
+        return;
+
+    /* This will make the caller use a random password instead. */
+    *passptr = NULL;
+}
+
+/* Return the number of keys with the newest kvno.  Assumes that all key data
+ * with the newest kvno are at the front of the key data array. */
+static int
+count_new_keys(int n_key_data, krb5_key_data *key_data)
+{
+    int n;
+
+    for (n = 1; n < n_key_data; n++) {
+        if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno)
+            return n;
+    }
+    return n_key_data;
+}
+
+kadm5_ret_t
+kadm5_create_principal(void *server_handle,
+                       kadm5_principal_ent_t entry, long mask,
+                       char *password)
+{
+    return
+        kadm5_create_principal_3(server_handle, entry, mask,
+                                 0, NULL, password);
+}
+kadm5_ret_t
+kadm5_create_principal_3(void *server_handle,
+                         kadm5_principal_ent_t entry, long mask,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         char *password)
+{
+    krb5_db_entry               *kdb;
+    osa_princ_ent_rec           adb;
+    kadm5_policy_ent_rec        polent;
+    krb5_boolean                have_polent = FALSE;
+    krb5_timestamp              now;
+    krb5_tl_data                *tl_data_tail;
+    unsigned int                ret;
+    kadm5_server_handle_t handle = server_handle;
+    krb5_keyblock               *act_mkey;
+    krb5_kvno                   act_kvno;
+    int                         new_n_ks_tuple = 0, i;
+    krb5_key_salt_tuple         *new_ks_tuple = NULL;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    check_1_6_dummy(entry, mask, n_ks_tuple, ks_tuple, &password);
+
+    /*
+     * Argument sanity checking, and opening up the DB
+     */
+    if (entry == NULL)
+        return EINVAL;
+    if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
+       (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
+       (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
+       (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) ||
+       (mask & KADM5_FAIL_AUTH_COUNT))
+        return KADM5_BAD_MASK;
+    if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
+        return KADM5_BAD_MASK;
+    if((mask & KADM5_POLICY) && entry->policy == NULL)
+        return KADM5_BAD_MASK;
+    if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
+        return KADM5_BAD_MASK;
+    if((mask & ~ALL_PRINC_MASK))
+        return KADM5_BAD_MASK;
+    if (mask & KADM5_TL_DATA) {
+        for (tl_data_tail = entry->tl_data; tl_data_tail != NULL;
+             tl_data_tail = tl_data_tail->tl_data_next) {
+            if (tl_data_tail->tl_data_type < 256)
+                return KADM5_BAD_TL_TYPE;
+        }
+    }
+
+    /*
+     * Check to see if the principal exists
+     */
+    ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
+
+    switch(ret) {
+    case KADM5_UNK_PRINC:
+        break;
+    case 0:
+        kdb_free_entry(handle, kdb, &adb);
+        return KADM5_DUP;
+    default:
+        return ret;
+    }
+
+    kdb = calloc(1, sizeof(*kdb));
+    if (kdb == NULL)
+        return ENOMEM;
+
+    /* In all cases the principal entry is new and key data is set; let the
+     * database provider know. */
+    kdb->mask = mask | KADM5_KEY_DATA | KADM5_PRINCIPAL;
+
+    memset(&adb, 0, sizeof(osa_princ_ent_rec));
+
+    /*
+     * If a policy was specified, load it.
+     * If we can not find the one specified return an error
+     */
+    if ((mask & KADM5_POLICY)) {
+        ret = get_policy(handle, entry->policy, &polent, &have_polent);
+        if (ret)
+            goto cleanup;
+    }
+    if (password) {
+        ret = passwd_check(handle, password, have_polent ? &polent : NULL,
+                           entry->principal);
+        if (ret)
+            goto cleanup;
+    }
+    /*
+     * Start populating the various DB fields, using the
+     * "defaults" for fields that were not specified by the
+     * mask.
+     */
+    if ((ret = krb5_timeofday(handle->context, &now)))
+        goto cleanup;
+
+    kdb->magic = KRB5_KDB_MAGIC_NUMBER;
+    kdb->len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */
+
+    if ((mask & KADM5_ATTRIBUTES))
+        kdb->attributes = entry->attributes;
+    else
+        kdb->attributes = handle->params.flags;
+
+    if ((mask & KADM5_MAX_LIFE))
+        kdb->max_life = entry->max_life;
+    else
+        kdb->max_life = handle->params.max_life;
+
+    if (mask & KADM5_MAX_RLIFE)
+        kdb->max_renewable_life = entry->max_renewable_life;
+    else
+        kdb->max_renewable_life = handle->params.max_rlife;
+
+    if ((mask & KADM5_PRINC_EXPIRE_TIME))
+        kdb->expiration = entry->princ_expire_time;
+    else
+        kdb->expiration = handle->params.expiration;
+
+    kdb->pw_expiration = 0;
+    if (mask & KADM5_PW_EXPIRATION) {
+        kdb->pw_expiration = entry->pw_expiration;
+    } else if (have_polent && polent.pw_max_life) {
+        kdb->mask |= KADM5_PW_EXPIRATION;
+        kdb->pw_expiration = ts_incr(now, polent.pw_max_life);
+    }
+
+    kdb->last_success = 0;
+    kdb->last_failed = 0;
+    kdb->fail_auth_count = 0;
+
+    /* this is kind of gross, but in order to free the tl data, I need
+       to free the entire kdb entry, and that will try to free the
+       principal. */
+
+    ret = krb5_copy_principal(handle->context, entry->principal, &kdb->princ);
+    if (ret)
+        goto cleanup;
+
+    if ((ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now)))
+        goto cleanup;
+
+    if (mask & KADM5_TL_DATA) {
+        /* splice entry->tl_data onto the front of kdb->tl_data */
+        for (tl_data_tail = entry->tl_data; tl_data_tail;
+             tl_data_tail = tl_data_tail->tl_data_next)
+        {
+            ret = krb5_dbe_update_tl_data(handle->context, kdb, tl_data_tail);
+            if( ret )
+                goto cleanup;
+        }
+    }
+
+    /*
+     * We need to have setup the TL data, so we have strings, so we can
+     * check enctype policy, which is why we check/initialize ks_tuple
+     * this late.
+     */
+    ret = apply_keysalt_policy(handle, entry->policy, n_ks_tuple, ks_tuple,
+                               &new_n_ks_tuple, &new_ks_tuple);
+    if (ret)
+        goto cleanup;
+
+    /* initialize the keys */
+
+    ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey);
+    if (ret)
+        goto cleanup;
+
+    if (mask & KADM5_KEY_DATA) {
+        /* The client requested no keys for this principal. */
+        assert(entry->n_key_data == 0);
+    } else if (password) {
+        ret = krb5_dbe_cpw(handle->context, act_mkey, new_ks_tuple,
+                           new_n_ks_tuple, password,
+                           (mask & KADM5_KVNO)?entry->kvno:1,
+                           FALSE, kdb);
+    } else {
+        /* Null password means create with random key (new in 1.8). */
+        ret = krb5_dbe_crk(handle->context, &master_keyblock,
+                           new_ks_tuple, new_n_ks_tuple, FALSE, kdb);
+        if (mask & KADM5_KVNO) {
+            for (i = 0; i < kdb->n_key_data; i++)
+                kdb->key_data[i].key_data_kvno = entry->kvno;
+        }
+    }
+    if (ret)
+        goto cleanup;
+
+    /* Record the master key VNO used to encrypt this entry's keys */
+    ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_kadm5_hook_create(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, entry, mask,
+                               new_n_ks_tuple, new_ks_tuple, password);
+    if (ret)
+        goto cleanup;
+
+    /* populate the admin-server-specific fields.  In the OV server,
+       this used to be in a separate database.  Since there's already
+       marshalling code for the admin fields, to keep things simple,
+       I'm going to keep it, and make all the admin stuff occupy a
+       single tl_data record, */
+
+    adb.admin_history_kvno = INITIAL_HIST_KVNO;
+    if (mask & KADM5_POLICY) {
+        adb.aux_attributes = KADM5_POLICY;
+
+        /* this does *not* need to be strdup'ed, because adb is xdr */
+        /* encoded in osa_adb_create_princ, and not ever freed */
+
+        adb.policy = entry->policy;
+    }
+
+    /* store the new db entry */
+    ret = kdb_put_entry(handle, kdb, &adb);
+
+    (void) k5_kadm5_hook_create(handle->context, handle->hook_handles,
+                                KADM5_HOOK_STAGE_POSTCOMMIT, entry, mask,
+                                new_n_ks_tuple, new_ks_tuple, password);
+
+cleanup:
+    free(new_ks_tuple);
+    krb5_db_free_principal(handle->context, kdb);
+    if (have_polent)
+        (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+    return ret;
+}
+
+
+kadm5_ret_t
+kadm5_delete_principal(void *server_handle, krb5_principal principal)
+{
+    unsigned int                ret;
+    krb5_db_entry               *kdb;
+    osa_princ_ent_rec           adb;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if (principal == NULL)
+        return EINVAL;
+
+    /* Deleting K/M is mostly unrecoverable, so don't allow it. */
+    if (krb5_principal_compare(handle->context, principal, master_princ))
+        return KADM5_PROTECT_PRINCIPAL;
+
+    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
+        return(ret);
+    ret = k5_kadm5_hook_remove(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, principal);
+    if (ret) {
+        kdb_free_entry(handle, kdb, &adb);
+        return ret;
+    }
+
+    ret = kdb_delete_entry(handle, principal);
+
+    kdb_free_entry(handle, kdb, &adb);
+
+    if (ret == 0)
+        (void) k5_kadm5_hook_remove(handle->context,
+                                    handle->hook_handles,
+                                    KADM5_HOOK_STAGE_POSTCOMMIT, principal);
+
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_modify_principal(void *server_handle,
+                       kadm5_principal_ent_t entry, long mask)
+{
+    int                     ret, ret2, i;
+    kadm5_policy_ent_rec    pol;
+    krb5_boolean            have_pol = FALSE;
+    krb5_db_entry           *kdb;
+    krb5_tl_data            *tl_data_orig;
+    osa_princ_ent_rec       adb;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if(entry == NULL)
+        return EINVAL;
+    if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
+       (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
+       (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
+       (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) ||
+       (mask & KADM5_LAST_FAILED))
+        return KADM5_BAD_MASK;
+    if((mask & ~ALL_PRINC_MASK))
+        return KADM5_BAD_MASK;
+    if((mask & KADM5_POLICY) && entry->policy == NULL)
+        return KADM5_BAD_MASK;
+    if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
+        return KADM5_BAD_MASK;
+    if (mask & KADM5_TL_DATA) {
+        tl_data_orig = entry->tl_data;
+        while (tl_data_orig) {
+            if (tl_data_orig->tl_data_type < 256)
+                return KADM5_BAD_TL_TYPE;
+            tl_data_orig = tl_data_orig->tl_data_next;
+        }
+    }
+
+    ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
+    if (ret)
+        return(ret);
+
+    /* Let the mask propagate to the database provider. */
+    kdb->mask = mask;
+
+    /*
+     * This is pretty much the same as create ...
+     */
+
+    if ((mask & KADM5_POLICY)) {
+        ret = get_policy(handle, entry->policy, &pol, &have_pol);
+        if (ret)
+            goto done;
+
+        /* set us up to use the new policy */
+        adb.aux_attributes |= KADM5_POLICY;
+        if (adb.policy)
+            free(adb.policy);
+        adb.policy = strdup(entry->policy);
+    }
+
+    if (mask & KADM5_PW_EXPIRATION) {
+        kdb->pw_expiration = entry->pw_expiration;
+    } else if (have_pol) {
+        /* set pw_max_life based on new policy */
+        kdb->mask |= KADM5_PW_EXPIRATION;
+        if (pol.pw_max_life) {
+            ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb,
+                                                  &kdb->pw_expiration);
+            if (ret)
+                goto done;
+            kdb->pw_expiration = ts_incr(kdb->pw_expiration, pol.pw_max_life);
+        } else {
+            kdb->pw_expiration = 0;
+        }
+    }
+
+    if ((mask & KADM5_POLICY_CLR) && (adb.aux_attributes & KADM5_POLICY)) {
+        free(adb.policy);
+        adb.policy = NULL;
+        adb.aux_attributes &= ~KADM5_POLICY;
+        kdb->pw_expiration = 0;
+    }
+
+    if ((mask & KADM5_ATTRIBUTES))
+        kdb->attributes = entry->attributes;
+    if ((mask & KADM5_MAX_LIFE))
+        kdb->max_life = entry->max_life;
+    if ((mask & KADM5_PRINC_EXPIRE_TIME))
+        kdb->expiration = entry->princ_expire_time;
+    if (mask & KADM5_MAX_RLIFE)
+        kdb->max_renewable_life = entry->max_renewable_life;
+
+    if((mask & KADM5_KVNO)) {
+        for (i = 0; i < kdb->n_key_data; i++)
+            kdb->key_data[i].key_data_kvno = entry->kvno;
+    }
+
+    if (mask & KADM5_TL_DATA) {
+        krb5_tl_data *tl;
+
+        /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writing */
+
+        for (tl = entry->tl_data; tl;
+             tl = tl->tl_data_next)
+        {
+            ret = krb5_dbe_update_tl_data(handle->context, kdb, tl);
+            if( ret )
+            {
+                goto done;
+            }
+        }
+    }
+
+    /*
+     * Setting entry->fail_auth_count to 0 can be used to manually unlock
+     * an account. It is not possible to set fail_auth_count to any other
+     * value using kadmin.
+     */
+    if (mask & KADM5_FAIL_AUTH_COUNT) {
+        if (entry->fail_auth_count != 0) {
+            ret = KADM5_BAD_SERVER_PARAMS;
+            goto done;
+        }
+
+        kdb->fail_auth_count = 0;
+    }
+
+    ret = k5_kadm5_hook_modify(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, entry, mask);
+    if (ret)
+        goto done;
+
+    ret = kdb_put_entry(handle, kdb, &adb);
+    if (ret) goto done;
+    (void) k5_kadm5_hook_modify(handle->context, handle->hook_handles,
+                                KADM5_HOOK_STAGE_POSTCOMMIT, entry, mask);
+
+    ret = KADM5_OK;
+done:
+    if (have_pol) {
+        ret2 = kadm5_free_policy_ent(handle->lhandle, &pol);
+        ret = ret ? ret : ret2;
+    }
+    kdb_free_entry(handle, kdb, &adb);
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_rename_principal(void *server_handle,
+                       krb5_principal source, krb5_principal target)
+{
+    krb5_db_entry *kdb;
+    osa_princ_ent_rec adb;
+    krb5_error_code ret;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if (source == NULL || target == NULL)
+        return EINVAL;
+
+    if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) {
+        kdb_free_entry(handle, kdb, &adb);
+        return(KADM5_DUP);
+    }
+
+    ret = k5_kadm5_hook_rename(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, source, target);
+    if (ret)
+        return ret;
+
+    ret = krb5_db_rename_principal(handle->context, source, target);
+    if (ret)
+        return ret;
+
+    /* Update the principal mod data. */
+    ret = kdb_get_entry(handle, target, &kdb, &adb);
+    if (ret)
+        return ret;
+    kdb->mask = 0;
+    ret = kdb_put_entry(handle, kdb, &adb);
+    kdb_free_entry(handle, kdb, &adb);
+    if (ret)
+        return ret;
+
+    (void) k5_kadm5_hook_rename(handle->context, handle->hook_handles,
+                                KADM5_HOOK_STAGE_POSTCOMMIT, source, target);
+    return 0;
+}
+
+kadm5_ret_t
+kadm5_get_principal(void *server_handle, krb5_principal principal,
+                    kadm5_principal_ent_t entry,
+                    long in_mask)
+{
+    krb5_db_entry               *kdb;
+    osa_princ_ent_rec           adb;
+    krb5_error_code             ret = 0;
+    long                        mask;
+    int i;
+    kadm5_server_handle_t handle = server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    /*
+     * In version 1, all the defined fields are always returned.
+     * entry is a pointer to a kadm5_principal_ent_t_v1 that should be
+     * filled with allocated memory.
+     */
+    mask = in_mask;
+
+    memset(entry, 0, sizeof(*entry));
+
+    if (principal == NULL)
+        return EINVAL;
+
+    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
+        return ret;
+
+    if ((mask & KADM5_POLICY) &&
+        adb.policy && (adb.aux_attributes & KADM5_POLICY)) {
+        if ((entry->policy = strdup(adb.policy)) == NULL) {
+            ret = ENOMEM;
+            goto done;
+        }
+    }
+
+    if (mask & KADM5_AUX_ATTRIBUTES)
+        entry->aux_attributes = adb.aux_attributes;
+
+    if ((mask & KADM5_PRINCIPAL) &&
+        (ret = krb5_copy_principal(handle->context, kdb->princ,
+                                   &entry->principal))) {
+        goto done;
+    }
+
+    if (mask & KADM5_PRINC_EXPIRE_TIME)
+        entry->princ_expire_time = kdb->expiration;
+
+    if ((mask & KADM5_LAST_PWD_CHANGE) &&
+        (ret = krb5_dbe_lookup_last_pwd_change(handle->context, kdb,
+                                               &(entry->last_pwd_change)))) {
+        goto done;
+    }
+
+    if (mask & KADM5_PW_EXPIRATION)
+        entry->pw_expiration = kdb->pw_expiration;
+    if (mask & KADM5_MAX_LIFE)
+        entry->max_life = kdb->max_life;
+
+    /* this is a little non-sensical because the function returns two */
+    /* values that must be checked separately against the mask */
+    if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) {
+        ret = krb5_dbe_lookup_mod_princ_data(handle->context, kdb,
+                                             &(entry->mod_date),
+                                             &(entry->mod_name));
+        if (ret) {
+            goto done;
+        }
+
+        if (! (mask & KADM5_MOD_TIME))
+            entry->mod_date = 0;
+        if (! (mask & KADM5_MOD_NAME)) {
+            krb5_free_principal(handle->context, entry->mod_name);
+            entry->mod_name = NULL;
+        }
+    }
+
+    if (mask & KADM5_ATTRIBUTES)
+        entry->attributes = kdb->attributes;
+
+    if (mask & KADM5_KVNO)
+        for (entry->kvno = 0, i=0; i<kdb->n_key_data; i++)
+            if ((krb5_kvno) kdb->key_data[i].key_data_kvno > entry->kvno)
+                entry->kvno = kdb->key_data[i].key_data_kvno;
+
+    if (mask & KADM5_MKVNO) {
+        ret = krb5_dbe_get_mkvno(handle->context, kdb, &entry->mkvno);
+        if (ret)
+            goto done;
+    }
+
+    if (mask & KADM5_MAX_RLIFE)
+        entry->max_renewable_life = kdb->max_renewable_life;
+    if (mask & KADM5_LAST_SUCCESS)
+        entry->last_success = kdb->last_success;
+    if (mask & KADM5_LAST_FAILED)
+        entry->last_failed = kdb->last_failed;
+    if (mask & KADM5_FAIL_AUTH_COUNT)
+        entry->fail_auth_count = kdb->fail_auth_count;
+    if (mask & KADM5_TL_DATA) {
+        krb5_tl_data *tl, *tl2;
+
+        entry->tl_data = NULL;
+
+        tl = kdb->tl_data;
+        while (tl) {
+            if (tl->tl_data_type > 255) {
+                if ((tl2 = dup_tl_data(tl)) == NULL) {
+                    ret = ENOMEM;
+                    goto done;
+                }
+                tl2->tl_data_next = entry->tl_data;
+                entry->tl_data = tl2;
+                entry->n_tl_data++;
+            }
+
+            tl = tl->tl_data_next;
+        }
+    }
+    if (mask & KADM5_KEY_DATA) {
+        entry->n_key_data = kdb->n_key_data;
+        if(entry->n_key_data) {
+            entry->key_data = k5calloc(entry->n_key_data,
+                                       sizeof(krb5_key_data), &ret);
+            if (entry->key_data == NULL)
+                goto done;
+        } else
+            entry->key_data = NULL;
+
+        for (i = 0; i < entry->n_key_data; i++)
+            ret = krb5_copy_key_data_contents(handle->context,
+                                              &kdb->key_data[i],
+                                              &entry->key_data[i]);
+        if (ret)
+            goto done;
+    }
+
+    ret = KADM5_OK;
+
+done:
+    if (ret && entry->principal) {
+        krb5_free_principal(handle->context, entry->principal);
+        entry->principal = NULL;
+    }
+    kdb_free_entry(handle, kdb, &adb);
+
+    return ret;
+}
+
+/*
+ * Function: check_pw_reuse
+ *
+ * Purpose: Check if a key appears in a list of keys, in order to
+ * enforce password history.
+ *
+ * Arguments:
+ *
+ *      context                 (r) the krb5 context
+ *      hist_keyblock           (r) the key that hist_key_data is
+ *                              encrypted in
+ *      n_new_key_data          (r) length of new_key_data
+ *      new_key_data            (r) keys to check against
+ *                              pw_hist_data, encrypted in hist_keyblock
+ *      n_pw_hist_data          (r) length of pw_hist_data
+ *      pw_hist_data            (r) passwords to check new_key_data against
+ *
+ * Effects:
+ * For each new_key in new_key_data:
+ *      decrypt new_key with the master_keyblock
+ *      for each password in pw_hist_data:
+ *              for each hist_key in password:
+ *                      decrypt hist_key with hist_keyblock
+ *                      compare the new_key and hist_key
+ *
+ * Returns krb5 errors, KADM5_PASS_RESUSE if a key in
+ * new_key_data is the same as a key in pw_hist_data, or 0.
+ */
+static kadm5_ret_t
+check_pw_reuse(krb5_context context,
+               krb5_keyblock *hist_keyblocks,
+               int n_new_key_data, krb5_key_data *new_key_data,
+               unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
+{
+    unsigned int x, y, z;
+    krb5_keyblock newkey, histkey, *kb;
+    krb5_key_data *key_data;
+    krb5_error_code ret;
+
+    assert (n_new_key_data >= 0);
+    for (x = 0; x < (unsigned) n_new_key_data; x++) {
+        /* Check only entries with the most recent kvno. */
+        if (new_key_data[x].key_data_kvno != new_key_data[0].key_data_kvno)
+            break;
+        ret = krb5_dbe_decrypt_key_data(context, NULL, &(new_key_data[x]),
+                                        &newkey, NULL);
+        if (ret)
+            return(ret);
+        for (y = 0; y < n_pw_hist_data; y++) {
+            for (z = 0; z < (unsigned int) pw_hist_data[y].n_key_data; z++) {
+                for (kb = hist_keyblocks; kb->enctype != 0; kb++) {
+                    key_data = &pw_hist_data[y].key_data[z];
+                    ret = krb5_dbe_decrypt_key_data(context, kb, key_data,
+                                                    &histkey, NULL);
+                    if (ret)
+                        continue;
+                    if (newkey.length == histkey.length &&
+                        newkey.enctype == histkey.enctype &&
+                        memcmp(newkey.contents, histkey.contents,
+                               histkey.length) == 0) {
+                        krb5_free_keyblock_contents(context, &histkey);
+                        krb5_free_keyblock_contents(context, &newkey);
+                        return KADM5_PASS_REUSE;
+                    }
+                    krb5_free_keyblock_contents(context, &histkey);
+                }
+            }
+        }
+        krb5_free_keyblock_contents(context, &newkey);
+    }
+
+    return(0);
+}
+
+static void
+free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
+{
+    int i;
+
+    for (i = 0; i < hist->n_key_data; i++)
+        krb5_free_key_data_contents(context, &hist->key_data[i]);
+    free(hist->key_data);
+}
+
+/*
+ * Function: create_history_entry
+ *
+ * Purpose: Creates a password history entry from an array of
+ * key_data.
+ *
+ * Arguments:
+ *
+ *      context         (r) krb5_context to use
+ *      mkey            (r) master keyblock to decrypt key data with
+ *      hist_key        (r) history keyblock to encrypt key data with
+ *      n_key_data      (r) number of elements in key_data
+ *      key_data        (r) keys to add to the history entry
+ *      hist_out        (w) history entry to fill in
+ *
+ * Effects:
+ *
+ * hist->key_data is allocated to store n_key_data key_datas.  Each
+ * element of key_data is decrypted with master_keyblock, re-encrypted
+ * in hist_key, and added to hist->key_data.  hist->n_key_data is
+ * set to n_key_data.
+ */
+static
+int create_history_entry(krb5_context context,
+                         krb5_keyblock *hist_key, int n_key_data,
+                         krb5_key_data *key_data, osa_pw_hist_ent *hist_out)
+{
+    int i;
+    krb5_error_code ret = 0;
+    krb5_keyblock key;
+    krb5_keysalt salt;
+    krb5_ui_2 kvno;
+    osa_pw_hist_ent hist;
+
+    hist_out->key_data = NULL;
+    hist_out->n_key_data = 0;
+
+    if (n_key_data < 0)
+        return EINVAL;
+
+    memset(&key, 0, sizeof(key));
+    memset(&hist, 0, sizeof(hist));
+
+    if (n_key_data == 0)
+        goto cleanup;
+
+    hist.key_data = k5calloc(n_key_data, sizeof(krb5_key_data), &ret);
+    if (hist.key_data == NULL)
+        goto cleanup;
+
+    /* We only want to store the most recent kvno, and key_data should already
+     * be sorted in descending order by kvno. */
+    kvno = key_data[0].key_data_kvno;
+
+    for (i = 0; i < n_key_data; i++) {
+        if (key_data[i].key_data_kvno < kvno)
+            break;
+        ret = krb5_dbe_decrypt_key_data(context, NULL,
+                                        &key_data[i], &key,
+                                        &salt);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5_dbe_encrypt_key_data(context, hist_key, &key, &salt,
+                                        key_data[i].key_data_kvno,
+                                        &hist.key_data[hist.n_key_data]);
+        if (ret)
+            goto cleanup;
+        hist.n_key_data++;
+        krb5_free_keyblock_contents(context, &key);
+        /* krb5_free_keysalt(context, &salt); */
+    }
+
+    *hist_out = hist;
+    hist.n_key_data = 0;
+    hist.key_data = NULL;
+
+cleanup:
+    krb5_free_keyblock_contents(context, &key);
+    free_history_entry(context, &hist);
+    return ret;
+}
+
+/*
+ * Function: add_to_history
+ *
+ * Purpose: Adds a password to a principal's password history.
+ *
+ * Arguments:
+ *
+ *      context         (r) krb5_context to use
+ *      hist_kvno       (r) kvno of current history key
+ *      adb             (r/w) admin principal entry to add keys to
+ *      pol             (r) adb's policy
+ *      pw              (r) keys for the password to add to adb's key history
+ *
+ * Effects:
+ *
+ * add_to_history adds a single password to adb's password history.
+ * pw contains n_key_data keys in its key_data, in storage should be
+ * allocated but not freed by the caller (XXX blech!).
+ *
+ * This function maintains adb->old_keys as a circular queue.  It
+ * starts empty, and grows each time this function is called until it
+ * is pol->pw_history_num items long.  adb->old_key_len holds the
+ * number of allocated entries in the array, and must therefore be [0,
+ * pol->pw_history_num).  adb->old_key_next is the index into the
+ * array where the next element should be written, and must be [0,
+ * adb->old_key_len).
+ */
+static kadm5_ret_t add_to_history(krb5_context context,
+                                  krb5_kvno hist_kvno,
+                                  osa_princ_ent_t adb,
+                                  kadm5_policy_ent_t pol,
+                                  osa_pw_hist_ent *pw)
+{
+    osa_pw_hist_ent *histp;
+    uint32_t nhist;
+    unsigned int i, knext, nkeys;
+
+    nhist = pol->pw_history_num;
+    /* A history of 1 means just check the current password */
+    if (nhist <= 1)
+        return 0;
+
+    if (adb->admin_history_kvno != hist_kvno) {
+        /* The history key has changed since the last password change, so we
+         * have to reset the password history. */
+        free(adb->old_keys);
+        adb->old_keys = NULL;
+        adb->old_key_len = 0;
+        adb->old_key_next = 0;
+        adb->admin_history_kvno = hist_kvno;
+    }
+
+    nkeys = adb->old_key_len;
+    knext = adb->old_key_next;
+    /* resize the adb->old_keys array if necessary */
+    if (nkeys + 1 < nhist) {
+        if (adb->old_keys == NULL) {
+            adb->old_keys = (osa_pw_hist_ent *)
+                malloc((nkeys + 1) * sizeof (osa_pw_hist_ent));
+        } else {
+            adb->old_keys = (osa_pw_hist_ent *)
+                realloc(adb->old_keys,
+                        (nkeys + 1) * sizeof (osa_pw_hist_ent));
+        }
+        if (adb->old_keys == NULL)
+            return(ENOMEM);
+
+        memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent));
+        nkeys = ++adb->old_key_len;
+        /*
+         * To avoid losing old keys, shift forward each entry after
+         * knext.
+         */
+        for (i = nkeys - 1; i > knext; i--) {
+            adb->old_keys[i] = adb->old_keys[i - 1];
+        }
+        memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent));
+    } else if (nkeys + 1 > nhist) {
+        /*
+         * The policy must have changed!  Shrink the array.
+         * Can't simply realloc() down, since it might be wrapped.
+         * To understand the arithmetic below, note that we are
+         * copying into new positions 0 .. N-1 from old positions
+         * old_key_next-N .. old_key_next-1, modulo old_key_len,
+         * where N = pw_history_num - 1 is the length of the
+         * shortened list.        Matt Crawford, FNAL
+         */
+        /*
+         * M = adb->old_key_len, N = pol->pw_history_num - 1
+         *
+         * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M]
+         */
+        int j;
+        osa_pw_hist_t tmp;
+
+        tmp = (osa_pw_hist_ent *)
+            malloc((nhist - 1) * sizeof (osa_pw_hist_ent));
+        if (tmp == NULL)
+            return ENOMEM;
+        for (i = 0; i < nhist - 1; i++) {
+            /*
+             * Add nkeys once before taking remainder to avoid
+             * negative values.
+             */
+            j = (i + nkeys + knext - (nhist - 1)) % nkeys;
+            tmp[i] = adb->old_keys[j];
+        }
+        /* Now free the ones we don't keep (the oldest ones) */
+        for (i = 0; i < nkeys - (nhist - 1); i++) {
+            j = (i + nkeys + knext) % nkeys;
+            histp = &adb->old_keys[j];
+            for (j = 0; j < histp->n_key_data; j++) {
+                krb5_free_key_data_contents(context, &histp->key_data[j]);
+            }
+            free(histp->key_data);
+        }
+        free(adb->old_keys);
+        adb->old_keys = tmp;
+        nkeys = adb->old_key_len = nhist - 1;
+        knext = adb->old_key_next = 0;
+    }
+
+    /*
+     * If nhist decreased since the last password change, and nkeys+1
+     * is less than the previous nhist, it is possible for knext to
+     * index into unallocated space.  This condition would not be
+     * caught by the resizing code above.
+     */
+    if (knext + 1 > nkeys)
+        knext = adb->old_key_next = 0;
+    /* free the old pw history entry if it contains data */
+    histp = &adb->old_keys[knext];
+    for (i = 0; i < (unsigned int) histp->n_key_data; i++)
+        krb5_free_key_data_contents(context, &histp->key_data[i]);
+    free(histp->key_data);
+
+    /* store the new entry */
+    adb->old_keys[knext] = *pw;
+
+    /* update the next pointer */
+    if (++adb->old_key_next == nhist - 1)
+        adb->old_key_next = 0;
+
+    return(0);
+}
+
+kadm5_ret_t
+kadm5_chpass_principal(void *server_handle,
+                       krb5_principal principal, char *password)
+{
+    return
+        kadm5_chpass_principal_3(server_handle, principal, FALSE,
+                                 0, NULL, password);
+}
+
+kadm5_ret_t
+kadm5_chpass_principal_3(void *server_handle,
+                         krb5_principal principal, krb5_boolean keepold,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         char *password)
+{
+    krb5_timestamp              now;
+    kadm5_policy_ent_rec        pol;
+    osa_princ_ent_rec           adb;
+    krb5_db_entry               *kdb;
+    int                         ret, ret2, hist_added;
+    krb5_boolean                have_pol = FALSE;
+    kadm5_server_handle_t       handle = server_handle;
+    osa_pw_hist_ent             hist;
+    krb5_keyblock               *act_mkey, *hist_keyblocks = NULL;
+    krb5_kvno                   act_kvno, hist_kvno;
+    int                         new_n_ks_tuple = 0;
+    krb5_key_salt_tuple         *new_ks_tuple = NULL;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    hist_added = 0;
+    memset(&hist, 0, sizeof(hist));
+
+    if (principal == NULL || password == NULL)
+        return EINVAL;
+    if ((krb5_principal_compare(handle->context,
+                                principal, hist_princ)) == TRUE)
+        return KADM5_PROTECT_PRINCIPAL;
+
+    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
+        return(ret);
+
+    /* We will always be changing the key data, attributes, auth failure count,
+     * and password expiration time. */
+    kdb->mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | KADM5_FAIL_AUTH_COUNT |
+        KADM5_PW_EXPIRATION;
+
+    ret = apply_keysalt_policy(handle, adb.policy, n_ks_tuple, ks_tuple,
+                               &new_n_ks_tuple, &new_ks_tuple);
+    if (ret)
+        goto done;
+
+    if ((adb.aux_attributes & KADM5_POLICY)) {
+        ret = get_policy(handle, adb.policy, &pol, &have_pol);
+        if (ret)
+            goto done;
+    }
+    if (have_pol) {
+        /* Create a password history entry before we change kdb's key_data. */
+        ret = kdb_get_hist_key(handle, &hist_keyblocks, &hist_kvno);
+        if (ret)
+            goto done;
+        ret = create_history_entry(handle->context, &hist_keyblocks[0],
+                                   kdb->n_key_data, kdb->key_data, &hist);
+        if (ret)
+            goto done;
+    }
+
+    if ((ret = passwd_check(handle, password, have_pol ? &pol : NULL,
+                            principal)))
+        goto done;
+
+    ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey);
+    if (ret)
+        goto done;
+
+    ret = krb5_dbe_cpw(handle->context, act_mkey, new_ks_tuple, new_n_ks_tuple,
+                       password, 0 /* increment kvno */,
+                       keepold, kdb);
+    if (ret)
+        goto done;
+
+    ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno);
+    if (ret)
+        goto done;
+
+    kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+
+    ret = krb5_timeofday(handle->context, &now);
+    if (ret)
+        goto done;
+
+    kdb->pw_expiration = 0;
+    if ((adb.aux_attributes & KADM5_POLICY)) {
+        /* the policy was loaded before */
+
+        ret = check_pw_reuse(handle->context, hist_keyblocks,
+                             kdb->n_key_data, kdb->key_data,
+                             1, &hist);
+        if (ret)
+            goto done;
+
+        if (pol.pw_history_num > 1) {
+            /* If hist_kvno has changed since the last password change, we
+             * can't check the history. */
+            if (adb.admin_history_kvno == hist_kvno) {
+                ret = check_pw_reuse(handle->context, hist_keyblocks,
+                                     kdb->n_key_data, kdb->key_data,
+                                     adb.old_key_len, adb.old_keys);
+                if (ret)
+                    goto done;
+            }
+
+            /* Don't save empty history. */
+            if (hist.n_key_data > 0) {
+                ret = add_to_history(handle->context, hist_kvno, &adb, &pol,
+                                     &hist);
+                if (ret)
+                    goto done;
+                hist_added = 1;
+            }
+        }
+
+        if (pol.pw_max_life)
+            kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
+    }
+
+    ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
+    if (ret)
+        goto done;
+
+    /* unlock principal on this KDC */
+    kdb->fail_auth_count = 0;
+
+    if (hist_added)
+        kdb->mask |= KADM5_KEY_HIST;
+
+    ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, principal, keepold,
+                               new_n_ks_tuple, new_ks_tuple, password);
+    if (ret)
+        goto done;
+
+    if ((ret = kdb_put_entry(handle, kdb, &adb)))
+        goto done;
+
+    (void) k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
+                                KADM5_HOOK_STAGE_POSTCOMMIT, principal,
+                                keepold, new_n_ks_tuple, new_ks_tuple, password);
+    ret = KADM5_OK;
+done:
+    free(new_ks_tuple);
+    if (!hist_added && hist.key_data)
+        free_history_entry(handle->context, &hist);
+    kdb_free_entry(handle, kdb, &adb);
+    kdb_free_keyblocks(handle, hist_keyblocks);
+
+    if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))
+        && !ret)
+        ret = ret2;
+
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_randkey_principal(void *server_handle,
+                        krb5_principal principal,
+                        krb5_keyblock **keyblocks,
+                        int *n_keys)
+{
+    return
+        kadm5_randkey_principal_3(server_handle, principal,
+                                  FALSE, 0, NULL,
+                                  keyblocks, n_keys);
+}
+kadm5_ret_t
+kadm5_randkey_principal_3(void *server_handle,
+                          krb5_principal principal,
+                          krb5_boolean keepold,
+                          int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                          krb5_keyblock **keyblocks,
+                          int *n_keys)
+{
+    krb5_db_entry               *kdb;
+    osa_princ_ent_rec           adb;
+    krb5_timestamp              now;
+    kadm5_policy_ent_rec        pol;
+    int                         ret, n_new_keys;
+    krb5_boolean                have_pol = FALSE;
+    kadm5_server_handle_t       handle = server_handle;
+    krb5_keyblock               *act_mkey;
+    krb5_kvno                   act_kvno;
+    int                         new_n_ks_tuple = 0;
+    krb5_key_salt_tuple         *new_ks_tuple = NULL;
+
+    if (keyblocks)
+        *keyblocks = NULL;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if (principal == NULL)
+        return EINVAL;
+
+    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
+        return(ret);
+
+    /* We will always be changing the key data, attributes, auth failure count,
+     * and password expiration time. */
+    kdb->mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | KADM5_FAIL_AUTH_COUNT |
+        KADM5_PW_EXPIRATION;
+
+    ret = apply_keysalt_policy(handle, adb.policy, n_ks_tuple, ks_tuple,
+                               &new_n_ks_tuple, &new_ks_tuple);
+    if (ret)
+        goto done;
+
+    if (krb5_principal_compare(handle->context, principal, hist_princ)) {
+        /* If changing the history entry, the new entry must have exactly one
+         * key. */
+        if (keepold) {
+            ret = KADM5_PROTECT_PRINCIPAL;
+            goto done;
+        }
+        new_n_ks_tuple = 1;
+    }
+
+    ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey);
+    if (ret)
+        goto done;
+
+    ret = krb5_dbe_crk(handle->context, act_mkey, new_ks_tuple, new_n_ks_tuple,
+                       keepold, kdb);
+    if (ret)
+        goto done;
+
+    ret = krb5_dbe_update_mkvno(handle->context, kdb, act_kvno);
+    if (ret)
+        goto done;
+
+    kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+
+    ret = krb5_timeofday(handle->context, &now);
+    if (ret)
+        goto done;
+
+    if ((adb.aux_attributes & KADM5_POLICY)) {
+        ret = get_policy(handle, adb.policy, &pol, &have_pol);
+        if (ret)
+            goto done;
+    }
+
+    kdb->pw_expiration = 0;
+    if (have_pol && pol.pw_max_life)
+        kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
+
+    ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
+    if (ret)
+        goto done;
+
+    /* unlock principal on this KDC */
+    kdb->fail_auth_count = 0;
+
+    if (keyblocks) {
+        /* Return only the new keys added by krb5_dbe_crk. */
+        n_new_keys = count_new_keys(kdb->n_key_data, kdb->key_data);
+        ret = decrypt_key_data(handle->context, n_new_keys, kdb->key_data,
+                               keyblocks, n_keys);
+        if (ret)
+            goto done;
+    }
+
+    ret = k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
+                               KADM5_HOOK_STAGE_PRECOMMIT, principal, keepold,
+                               new_n_ks_tuple, new_ks_tuple, NULL);
+    if (ret)
+        goto done;
+    if ((ret = kdb_put_entry(handle, kdb, &adb)))
+        goto done;
+
+    (void) k5_kadm5_hook_chpass(handle->context, handle->hook_handles,
+                                KADM5_HOOK_STAGE_POSTCOMMIT, principal,
+                                keepold, new_n_ks_tuple, new_ks_tuple, NULL);
+    ret = KADM5_OK;
+done:
+    free(new_ks_tuple);
+    kdb_free_entry(handle, kdb, &adb);
+    if (have_pol)
+        kadm5_free_policy_ent(handle->lhandle, &pol);
+
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_setkey_principal(void *server_handle,
+                       krb5_principal principal,
+                       krb5_keyblock *keyblocks,
+                       int n_keys)
+{
+    return
+        kadm5_setkey_principal_3(server_handle, principal,
+                                 FALSE, 0, NULL,
+                                 keyblocks, n_keys);
+}
+
+kadm5_ret_t
+kadm5_setkey_principal_3(void *server_handle,
+                         krb5_principal principal,
+                         krb5_boolean keepold,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         krb5_keyblock *keyblocks,
+                         int n_keys)
+{
+    kadm5_key_data *key_data;
+    kadm5_ret_t ret;
+    int i;
+
+    if (keyblocks == NULL)
+        return EINVAL;
+
+    if (n_ks_tuple) {
+        if (n_ks_tuple != n_keys)
+            return KADM5_SETKEY3_ETYPE_MISMATCH;
+        for (i = 0; i < n_ks_tuple; i++) {
+            if (ks_tuple[i].ks_enctype != keyblocks[i].enctype)
+                return KADM5_SETKEY3_ETYPE_MISMATCH;
+        }
+    }
+
+    key_data = calloc(n_keys, sizeof(kadm5_key_data));
+    if (key_data == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < n_keys; i++) {
+        key_data[i].key = keyblocks[i];
+        key_data[i].salt.type =
+            n_ks_tuple ? ks_tuple[i].ks_salttype : KRB5_KDB_SALTTYPE_NORMAL;
+    }
+
+    ret = kadm5_setkey_principal_4(server_handle, principal, keepold,
+                                   key_data, n_keys);
+    free(key_data);
+    return ret;
+}
+
+/* Create a key/salt list from a key_data array. */
+static kadm5_ret_t
+make_ks_from_key_data(krb5_context context, kadm5_key_data *key_data,
+                      int n_key_data, krb5_key_salt_tuple **out)
+{
+    int i;
+    krb5_key_salt_tuple *ks;
+
+    *out = NULL;
+
+    ks = calloc(n_key_data, sizeof(*ks));
+    if (ks == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < n_key_data; i++) {
+        ks[i].ks_enctype = key_data[i].key.enctype;
+        ks[i].ks_salttype = key_data[i].salt.type;
+    }
+    *out = ks;
+    return 0;
+}
+
+kadm5_ret_t
+kadm5_setkey_principal_4(void *server_handle, krb5_principal principal,
+                         krb5_boolean keepold, kadm5_key_data *key_data,
+                         int n_key_data)
+{
+    krb5_db_entry *kdb;
+    osa_princ_ent_rec adb;
+    krb5_timestamp now;
+    kadm5_policy_ent_rec pol;
+    krb5_key_data *new_key_data = NULL;
+    int i, j, ret, n_new_key_data = 0;
+    krb5_kvno kvno;
+    krb5_boolean similar, have_pol = FALSE;
+    kadm5_server_handle_t handle = server_handle;
+    krb5_keyblock *act_mkey;
+    krb5_key_salt_tuple *ks_from_keys = NULL;
+
+    CHECK_HANDLE(server_handle);
+
+    krb5_clear_error_message(handle->context);
+
+    if (principal == NULL || key_data == NULL || n_key_data == 0)
+        return EINVAL;
+
+    /* hist_princ will be NULL when initializing the database. */
+    if (hist_princ != NULL &&
+        krb5_principal_compare(handle->context, principal, hist_princ))
+        return KADM5_PROTECT_PRINCIPAL;
+
+    /* For now, all keys must have the same kvno. */
+    kvno = key_data[0].kvno;
+    for (i = 1; i < n_key_data; i++) {
+        if (key_data[i].kvno != kvno)
+            return KADM5_SETKEY_BAD_KVNO;
+    }
+
+    ret = kdb_get_entry(handle, principal, &kdb, &adb);
+    if (ret)
+        return ret;
+
+    /* We will always be changing the key data, attributes, auth failure count,
+     * and password expiration time. */
+    kdb->mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | KADM5_FAIL_AUTH_COUNT |
+        KADM5_PW_EXPIRATION;
+
+    if (kvno == 0) {
+        /* Pick the next kvno. */
+        for (i = 0; i < kdb->n_key_data; i++) {
+            if (kdb->key_data[i].key_data_kvno > kvno)
+                kvno = kdb->key_data[i].key_data_kvno;
+        }
+        kvno++;
+    } else if (keepold) {
+        /* Check that the kvno does collide with existing keys. */
+        for (i = 0; i < kdb->n_key_data; i++) {
+            if (kdb->key_data[i].key_data_kvno == kvno) {
+                ret = KADM5_SETKEY_BAD_KVNO;
+                goto done;
+            }
+        }
+    }
+
+    ret = make_ks_from_key_data(handle->context, key_data, n_key_data,
+                                &ks_from_keys);
+    if (ret)
+        goto done;
+
+    ret = apply_keysalt_policy(handle, adb.policy, n_key_data, ks_from_keys,
+                               NULL, NULL);
+    free(ks_from_keys);
+    if (ret)
+        goto done;
+
+    for (i = 0; i < n_key_data; i++) {
+        for (j = i + 1; j < n_key_data; j++) {
+            ret = krb5_c_enctype_compare(handle->context,
+                                         key_data[i].key.enctype,
+                                         key_data[j].key.enctype,
+                                         &similar);
+            if (ret)
+                goto done;
+            if (similar) {
+                if (key_data[i].salt.type == key_data[j].salt.type) {
+                    ret = KADM5_SETKEY_DUP_ENCTYPES;
+                    goto done;
+                }
+            }
+        }
+    }
+
+    n_new_key_data = n_key_data + (keepold ? kdb->n_key_data : 0);
+    new_key_data = calloc(n_new_key_data, sizeof(krb5_key_data));
+    if (new_key_data == NULL) {
+        n_new_key_data = 0;
+        ret = ENOMEM;
+        goto done;
+    }
+
+    n_new_key_data = 0;
+    for (i = 0; i < n_key_data; i++) {
+
+        ret = kdb_get_active_mkey(handle, NULL, &act_mkey);
+        if (ret)
+            goto done;
+
+        ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey,
+                                        &key_data[i].key, &key_data[i].salt,
+                                        kvno, &new_key_data[i]);
+        if (ret)
+            goto done;
+
+        n_new_key_data++;
+    }
+
+    /* Copy old key data if necessary. */
+    if (keepold) {
+        memcpy(new_key_data + n_new_key_data, kdb->key_data,
+               kdb->n_key_data * sizeof(krb5_key_data));
+        memset(kdb->key_data, 0, kdb->n_key_data * sizeof(krb5_key_data));
+
+        /*
+         * Sort the keys to maintain the defined kvno order.  We only need to
+         * sort if we keep old keys, as otherwise we allow only a single kvno
+         * to be specified.
+         */
+        krb5_dbe_sort_key_data(new_key_data, n_new_key_data);
+    }
+
+    /* Replace kdb->key_data with the new keys. */
+    cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
+    kdb->key_data = new_key_data;
+    kdb->n_key_data = n_new_key_data;
+    new_key_data = NULL;
+    n_new_key_data = 0;
+
+    kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+
+    ret = krb5_timeofday(handle->context, &now);
+    if (ret)
+        goto done;
+
+    if (adb.aux_attributes & KADM5_POLICY) {
+        ret = get_policy(handle, adb.policy, &pol, &have_pol);
+        if (ret)
+            goto done;
+    }
+
+    kdb->pw_expiration = 0;
+    if (have_pol && pol.pw_max_life)
+        kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
+
+    ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
+    if (ret)
+        goto done;
+
+    /* Unlock principal on this KDC. */
+    kdb->fail_auth_count = 0;
+
+    ret = kdb_put_entry(handle, kdb, &adb);
+    if (ret)
+        goto done;
+
+    ret = KADM5_OK;
+
+done:
+    cleanup_key_data(handle->context, n_new_key_data, new_key_data);
+    kdb_free_entry(handle, kdb, &adb);
+    if (have_pol)
+        kadm5_free_policy_ent(handle->lhandle, &pol);
+    return ret;
+}
+
+/*
+ * Return the list of keys like kadm5_randkey_principal,
+ * but don't modify the principal.
+ */
+kadm5_ret_t
+kadm5_get_principal_keys(void *server_handle /* IN */,
+                         krb5_principal principal /* IN */,
+                         krb5_kvno kvno /* IN */,
+                         kadm5_key_data **key_data_out /* OUT */,
+                         int *n_key_data_out /* OUT */)
+{
+    krb5_db_entry               *kdb;
+    osa_princ_ent_rec           adb;
+    kadm5_ret_t                 ret;
+    kadm5_server_handle_t       handle = server_handle;
+    kadm5_key_data              *key_data = NULL;
+    int i, nkeys = 0;
+
+    if (principal == NULL || key_data_out == NULL || n_key_data_out == NULL)
+        return EINVAL;
+
+    CHECK_HANDLE(server_handle);
+
+    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
+        return(ret);
+
+    key_data = calloc(kdb->n_key_data, sizeof(kadm5_key_data));
+    if (key_data == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    for (i = 0, nkeys = 0; i < kdb->n_key_data; i++) {
+        if (kvno != 0 && kvno != kdb->key_data[i].key_data_kvno)
+            continue;
+        key_data[nkeys].kvno = kdb->key_data[i].key_data_kvno;
+
+        ret = krb5_dbe_decrypt_key_data(handle->context, NULL,
+                                        &kdb->key_data[i],
+                                        &key_data[nkeys].key,
+                                        &key_data[nkeys].salt);
+        if (ret)
+            goto done;
+        nkeys++;
+    }
+
+    *n_key_data_out = nkeys;
+    *key_data_out = key_data;
+    key_data = NULL;
+    nkeys = 0;
+    ret = KADM5_OK;
+
+done:
+    kdb_free_entry(handle, kdb, &adb);
+    kadm5_free_kadm5_key_data(handle->context, nkeys, key_data);
+
+    return ret;
+}
+
+
+/*
+ * Allocate an array of n_key_data krb5_keyblocks, fill in each
+ * element with the results of decrypting the nth key in key_data,
+ * and if n_keys is not NULL fill it in with the
+ * number of keys decrypted.
+ */
+static int decrypt_key_data(krb5_context context,
+                            int n_key_data, krb5_key_data *key_data,
+                            krb5_keyblock **keyblocks, int *n_keys)
+{
+    krb5_keyblock *keys;
+    int ret, i;
+
+    keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock));
+    if (keys == NULL)
+        return ENOMEM;
+    memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
+
+    for (i = 0; i < n_key_data; i++) {
+        ret = krb5_dbe_decrypt_key_data(context, NULL, &key_data[i], &keys[i],
+                                        NULL);
+        if (ret) {
+            for (; i >= 0; i--)
+                krb5_free_keyblock_contents(context, &keys[i]);
+            free(keys);
+            return ret;
+        }
+    }
+
+    *keyblocks = keys;
+    if (n_keys)
+        *n_keys = n_key_data;
+
+    return 0;
+}
+
+/*
+ * Function: kadm5_decrypt_key
+ *
+ * Purpose: Retrieves and decrypts a principal key.
+ *
+ * Arguments:
+ *
+ *      server_handle   (r) kadm5 handle
+ *      entry           (r) principal retrieved with kadm5_get_principal
+ *      ktype           (r) enctype to search for, or -1 to ignore
+ *      stype           (r) salt type to search for, or -1 to ignore
+ *      kvno            (r) kvno to search for, -1 for max, 0 for max
+ *                      only if it also matches ktype and stype
+ *      keyblock        (w) keyblock to fill in
+ *      keysalt         (w) keysalt to fill in, or NULL
+ *      kvnop           (w) kvno to fill in, or NULL
+ *
+ * Effects: Searches the key_data array of entry, which must have been
+ * retrieved with kadm5_get_principal with the KADM5_KEY_DATA mask, to
+ * find a key with a specified enctype, salt type, and kvno in a
+ * principal entry.  If not found, return ENOENT.  Otherwise, decrypt
+ * it with the master key, and return the key in keyblock, the salt
+ * in salttype, and the key version number in kvno.
+ *
+ * If ktype or stype is -1, it is ignored for the search.  If kvno is
+ * -1, ktype and stype are ignored and the key with the max kvno is
+ * returned.  If kvno is 0, only the key with the max kvno is returned
+ * and only if it matches the ktype and stype; otherwise, ENOENT is
+ * returned.
+ */
+kadm5_ret_t kadm5_decrypt_key(void *server_handle,
+                              kadm5_principal_ent_t entry, krb5_int32
+                              ktype, krb5_int32 stype, krb5_int32
+                              kvno, krb5_keyblock *keyblock,
+                              krb5_keysalt *keysalt, int *kvnop)
+{
+    kadm5_server_handle_t handle = server_handle;
+    krb5_db_entry dbent;
+    krb5_key_data *key_data;
+    krb5_keyblock *mkey_ptr;
+    int ret;
+
+    CHECK_HANDLE(server_handle);
+
+    if (entry->n_key_data == 0 || entry->key_data == NULL)
+        return EINVAL;
+
+    /* find_enctype only uses these two fields */
+    dbent.n_key_data = entry->n_key_data;
+    dbent.key_data = entry->key_data;
+    if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
+                                     stype, kvno, &key_data)))
+        return ret;
+
+    /* find_mkey only uses this field */
+    dbent.tl_data = entry->tl_data;
+    if ((ret = krb5_dbe_find_mkey(handle->context, &dbent, &mkey_ptr))) {
+        /* try refreshing master key list */
+        /* XXX it would nice if we had the mkvno here for optimization */
+        if (krb5_db_fetch_mkey_list(handle->context, master_princ,
+                                    &master_keyblock) == 0) {
+            if ((ret = krb5_dbe_find_mkey(handle->context, &dbent,
+                                          &mkey_ptr))) {
+                return ret;
+            }
+        } else {
+            return ret;
+        }
+    }
+
+    if ((ret = krb5_dbe_decrypt_key_data(handle->context, NULL, key_data,
+                                         keyblock, keysalt)))
+        return ret;
+
+    /*
+     * Coerce the enctype of the output keyblock in case we got an
+     * inexact match on the enctype; this behavior will go away when
+     * the key storage architecture gets redesigned for 1.3.
+     */
+    if (ktype != -1)
+        keyblock->enctype = ktype;
+
+    if (kvnop)
+        *kvnop = key_data->key_data_kvno;
+
+    return KADM5_OK;
+}
+
+kadm5_ret_t
+kadm5_purgekeys(void *server_handle,
+                krb5_principal principal,
+                int keepkvno)
+{
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+    krb5_db_entry *kdb;
+    osa_princ_ent_rec adb;
+    krb5_key_data *old_keydata;
+    int n_old_keydata;
+    int i, j, k;
+
+    CHECK_HANDLE(server_handle);
+
+    if (principal == NULL)
+        return EINVAL;
+
+    ret = kdb_get_entry(handle, principal, &kdb, &adb);
+    if (ret)
+        return(ret);
+
+    if (keepkvno <= 0) {
+        keepkvno = krb5_db_get_key_data_kvno(handle->context, kdb->n_key_data,
+                                             kdb->key_data);
+    }
+
+    old_keydata = kdb->key_data;
+    n_old_keydata = kdb->n_key_data;
+    kdb->n_key_data = 0;
+    /* Allocate one extra key_data to avoid allocating 0 bytes. */
+    kdb->key_data = calloc(n_old_keydata, sizeof(krb5_key_data));
+    if (kdb->key_data == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+    memset(kdb->key_data, 0, n_old_keydata * sizeof(krb5_key_data));
+    for (i = 0, j = 0; i < n_old_keydata; i++) {
+        if (old_keydata[i].key_data_kvno < keepkvno)
+            continue;
+
+        /* Alias the key_data_contents pointers; we null them out in the
+         * source array immediately after. */
+        kdb->key_data[j] = old_keydata[i];
+        for (k = 0; k < old_keydata[i].key_data_ver; k++) {
+            old_keydata[i].key_data_contents[k] = NULL;
+        }
+        j++;
+    }
+    kdb->n_key_data = j;
+    cleanup_key_data(handle->context, n_old_keydata, old_keydata);
+
+    kdb->mask = KADM5_KEY_DATA;
+    ret = kdb_put_entry(handle, kdb, &adb);
+    if (ret)
+        goto done;
+
+done:
+    kdb_free_entry(handle, kdb, &adb);
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_get_strings(void *server_handle, krb5_principal principal,
+                  krb5_string_attr **strings_out, int *count_out)
+{
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+    krb5_db_entry *kdb = NULL;
+
+    *strings_out = NULL;
+    *count_out = 0;
+    CHECK_HANDLE(server_handle);
+    if (principal == NULL)
+        return EINVAL;
+
+    ret = kdb_get_entry(handle, principal, &kdb, NULL);
+    if (ret)
+        return ret;
+
+    ret = krb5_dbe_get_strings(handle->context, kdb, strings_out, count_out);
+    kdb_free_entry(handle, kdb, NULL);
+    return ret;
+}
+
+kadm5_ret_t
+kadm5_set_string(void *server_handle, krb5_principal principal,
+                 const char *key, const char *value)
+{
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+    krb5_db_entry *kdb;
+    osa_princ_ent_rec adb;
+
+    CHECK_HANDLE(server_handle);
+    if (principal == NULL || key == NULL)
+        return EINVAL;
+
+    ret = kdb_get_entry(handle, principal, &kdb, &adb);
+    if (ret)
+        return ret;
+
+    ret = krb5_dbe_set_string(handle->context, kdb, key, value);
+    if (ret)
+        goto done;
+
+    kdb->mask = KADM5_TL_DATA;
+    ret = kdb_put_entry(handle, kdb, &adb);
+
+done:
+    kdb_free_entry(handle, kdb, &adb);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/str_conv.c b/krb5-1.21.3/src/lib/kadm5/str_conv.c
new file mode 100644
index 00000000..79829560
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/str_conv.c
@@ -0,0 +1,403 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/str_conv.c */
+/*
+ * Copyright (C) 1995-2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Convert between strings and Kerberos internal data. */
+
+#include "k5-int.h"
+#include "admin_internal.h"
+#include "adm_proto.h"
+
+#include <ctype.h>
+
+static const char default_tupleseps[]   = ", \t";
+static const char default_ksaltseps[]   = ":";
+
+struct flag_table_row {
+    const char *spec;           /* Input specifier string */
+    krb5_flags flag;            /* Flag */
+    int invert;                 /* Whether to invert the sense */
+};
+
+static const struct flag_table_row ftbl[] = {
+    {"allow_postdated",         KRB5_KDB_DISALLOW_POSTDATED,    1},
+    {"postdateable",            KRB5_KDB_DISALLOW_POSTDATED,    1},
+    {"disallow_postdated",      KRB5_KDB_DISALLOW_POSTDATED,    0},
+    {"allow_forwardable",       KRB5_KDB_DISALLOW_FORWARDABLE,  1},
+    {"forwardable",             KRB5_KDB_DISALLOW_FORWARDABLE,  1},
+    {"disallow_forwardable",    KRB5_KDB_DISALLOW_FORWARDABLE,  0},
+    {"allow_tgs_req",           KRB5_KDB_DISALLOW_TGT_BASED,    1},
+    {"tgt_based",               KRB5_KDB_DISALLOW_TGT_BASED,    1},
+    {"disallow_tgt_based",      KRB5_KDB_DISALLOW_TGT_BASED,    0},
+    {"allow_renewable",         KRB5_KDB_DISALLOW_RENEWABLE,    1},
+    {"renewable",               KRB5_KDB_DISALLOW_RENEWABLE,    1},
+    {"disallow_renewable",      KRB5_KDB_DISALLOW_RENEWABLE,    0},
+    {"allow_proxiable",         KRB5_KDB_DISALLOW_PROXIABLE,    1},
+    {"proxiable",               KRB5_KDB_DISALLOW_PROXIABLE,    1},
+    {"disallow_proxiable",      KRB5_KDB_DISALLOW_PROXIABLE,    0},
+    {"allow_dup_skey",          KRB5_KDB_DISALLOW_DUP_SKEY,     1},
+    {"dup_skey",                KRB5_KDB_DISALLOW_DUP_SKEY,     1},
+    {"disallow_dup_skey",       KRB5_KDB_DISALLOW_DUP_SKEY,     0},
+    {"allow_tickets",           KRB5_KDB_DISALLOW_ALL_TIX,      1},
+    {"allow_tix",               KRB5_KDB_DISALLOW_ALL_TIX,      1},
+    {"disallow_all_tix",        KRB5_KDB_DISALLOW_ALL_TIX,      0},
+    {"preauth",                 KRB5_KDB_REQUIRES_PRE_AUTH,     0},
+    {"requires_pre_auth",       KRB5_KDB_REQUIRES_PRE_AUTH,     0},
+    {"requires_preauth",        KRB5_KDB_REQUIRES_PRE_AUTH,     0},
+    {"hwauth",                  KRB5_KDB_REQUIRES_HW_AUTH,      0},
+    {"requires_hw_auth",        KRB5_KDB_REQUIRES_HW_AUTH,      0},
+    {"requires_hwauth",         KRB5_KDB_REQUIRES_HW_AUTH,      0},
+    {"needchange",              KRB5_KDB_REQUIRES_PWCHANGE,     0},
+    {"pwchange",                KRB5_KDB_REQUIRES_PWCHANGE,     0},
+    {"requires_pwchange",       KRB5_KDB_REQUIRES_PWCHANGE,     0},
+    {"allow_svr",               KRB5_KDB_DISALLOW_SVR,          1},
+    {"service",                 KRB5_KDB_DISALLOW_SVR,          1},
+    {"disallow_svr",            KRB5_KDB_DISALLOW_SVR,          0},
+    {"password_changing_service", KRB5_KDB_PWCHANGE_SERVICE,    0},
+    {"pwchange_service",        KRB5_KDB_PWCHANGE_SERVICE,      0},
+    {"pwservice",               KRB5_KDB_PWCHANGE_SERVICE,      0},
+    {"md5",                     KRB5_KDB_SUPPORT_DESMD5,        0},
+    {"support_desmd5",          KRB5_KDB_SUPPORT_DESMD5,        0},
+    {"new_princ",               KRB5_KDB_NEW_PRINC,             0},
+    {"ok_as_delegate",          KRB5_KDB_OK_AS_DELEGATE,        0},
+    {"ok_to_auth_as_delegate",  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0},
+    {"no_auth_data_required",   KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0},
+    {"lockdown_keys",           KRB5_KDB_LOCKDOWN_KEYS,         0},
+};
+#define NFTBL (sizeof(ftbl) / sizeof(ftbl[0]))
+
+static const char *outflags[] = {
+    "DISALLOW_POSTDATED",       /* 0x00000001 */
+    "DISALLOW_FORWARDABLE",     /* 0x00000002 */
+    "DISALLOW_TGT_BASED",       /* 0x00000004 */
+    "DISALLOW_RENEWABLE",       /* 0x00000008 */
+    "DISALLOW_PROXIABLE",       /* 0x00000010 */
+    "DISALLOW_DUP_SKEY",        /* 0x00000020 */
+    "DISALLOW_ALL_TIX",         /* 0x00000040 */
+    "REQUIRES_PRE_AUTH",        /* 0x00000080 */
+    "REQUIRES_HW_AUTH",         /* 0x00000100 */
+    "REQUIRES_PWCHANGE",        /* 0x00000200 */
+    NULL,                       /* 0x00000400 */
+    NULL,                       /* 0x00000800 */
+    "DISALLOW_SVR",             /* 0x00001000 */
+    "PWCHANGE_SERVICE",         /* 0x00002000 */
+    "SUPPORT_DESMD5",           /* 0x00004000 */
+    "NEW_PRINC",                /* 0x00008000 */
+    NULL,                       /* 0x00010000 */
+    NULL,                       /* 0x00020000 */
+    NULL,                       /* 0x00040000 */
+    NULL,                       /* 0x00080000 */
+    "OK_AS_DELEGATE",           /* 0x00100000 */
+    "OK_TO_AUTH_AS_DELEGATE",   /* 0x00200000 */
+    "NO_AUTH_DATA_REQUIRED",    /* 0x00400000 */
+    "LOCKDOWN_KEYS",            /* 0x00800000 */
+};
+#define NOUTFLAGS (sizeof(outflags) / sizeof(outflags[0]))
+
+/*
+ * Given s, which is a normalized flagspec with the prefix stripped off, and
+ * req_neg indicating whether the flagspec is negated, update the toset and
+ * toclear masks.
+ */
+static krb5_error_code
+raw_flagspec_to_mask(const char *s, int req_neg, krb5_flags *toset,
+                     krb5_flags *toclear)
+{
+    int found = 0, invert = 0;
+    size_t i;
+    krb5_flags flag;
+    unsigned long ul;
+
+    for (i = 0; !found && i < NFTBL; i++) {
+        if (strcmp(s, ftbl[i].spec) != 0)
+            continue;
+        /* Found a match */
+        found = 1;
+        invert = ftbl[i].invert;
+        flag = ftbl[i].flag;
+    }
+    /* Accept hexadecimal numbers. */
+    if (!found && strncmp(s, "0x", 2) == 0) {
+        /* Assume that krb5_flags are 32 bits long. */
+        ul = strtoul(s, NULL, 16) & 0xffffffff;
+        flag = (krb5_flags)ul;
+        found = 1;
+    }
+    if (!found)
+        return EINVAL;
+    if (req_neg)
+        invert = !invert;
+    if (invert)
+        *toclear &= ~flag;
+    else
+        *toset |= flag;
+    return 0;
+}
+
+/*
+ * Update the toset and toclear flag masks according to flag specifier string
+ * spec, which is of the form {+|-}flagname.  toset and toclear can point to
+ * the same flag word.
+ */
+krb5_error_code
+krb5_flagspec_to_mask(const char *spec, krb5_flags *toset, krb5_flags *toclear)
+{
+    int req_neg = 0;
+    char *copy, *cp, *s;
+    krb5_error_code retval;
+
+    s = copy = strdup(spec);
+    if (s == NULL)
+        return ENOMEM;
+
+    if (*s == '-') {
+        req_neg = 1;
+        s++;
+    } else if (*s == '+')
+        s++;
+
+    for (cp = s; *cp != '\0'; cp++) {
+        /* Transform hyphens to underscores.*/
+        if (*cp == '-')
+            *cp = '_';
+        /* Downcase. */
+        if (isupper((unsigned char)*cp))
+            *cp = tolower((unsigned char)*cp);
+    }
+    retval = raw_flagspec_to_mask(s, req_neg, toset, toclear);
+    free(copy);
+    return retval;
+}
+
+/*
+ * Copy the flag name of flagnum to outstr.  On error, outstr points to a null
+ * pointer.
+ */
+krb5_error_code
+krb5_flagnum_to_string(int flagnum, char **outstr)
+{
+    const char *s = NULL;
+
+    *outstr = NULL;
+    if ((unsigned int)flagnum < NOUTFLAGS)
+        s = outflags[flagnum];
+    if (s == NULL) {
+        /* Assume that krb5_flags are 32 bits long. */
+        if (asprintf(outstr, "0x%08lx", 1UL << flagnum) == -1)
+            *outstr = NULL;
+    } else {
+        *outstr = strdup(s);
+    }
+    if (*outstr == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+/*
+ * Create a null-terminated array of string representations of flags.  Store a
+ * null pointer into outarray if there would be no strings.
+ */
+krb5_error_code
+krb5_flags_to_strings(krb5_int32 flags, char ***outarray)
+{
+    char **a = NULL, **a_new = NULL, **ap;
+    size_t amax = 0, i;
+    krb5_error_code retval;
+
+    *outarray = NULL;
+
+    /* Assume that krb5_flags are 32 bits long. */
+    for (i = 0; i < 32; i++) {
+        if (!(flags & (1UL << i)))
+            continue;
+
+        a_new = realloc(a, (amax + 2) * sizeof(*a));
+        if (a_new == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        a = a_new;
+        retval = krb5_flagnum_to_string(i, &a[amax++]);
+        a[amax] = NULL;
+        if (retval)
+            goto cleanup;
+    }
+    *outarray = a;
+    return 0;
+cleanup:
+    for (ap = a; ap != NULL && *ap != NULL; ap++) {
+        free(*ap);
+    }
+    free(a);
+    return retval;
+}
+
+/*
+ * krb5_keysalt_is_present()    - Determine if a key/salt pair is present
+ *                                in a list of key/salt tuples.
+ *
+ *      Salttype may be negative to indicate a search for only a enctype.
+ */
+krb5_boolean
+krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype)
+    krb5_key_salt_tuple *ksaltlist;
+    krb5_int32          nksalts;
+    krb5_enctype        enctype;
+    krb5_int32          salttype;
+{
+    krb5_boolean        foundit;
+    int                 i;
+
+    foundit = 0;
+    if (ksaltlist) {
+        for (i=0; i<nksalts; i++) {
+            if ((ksaltlist[i].ks_enctype == enctype) &&
+                ((ksaltlist[i].ks_salttype == salttype) ||
+                 (salttype < 0))) {
+                foundit = 1;
+                break;
+            }
+        }
+    }
+    return(foundit);
+}
+
+/* NOTE: This is a destructive parser (writes NULs). */
+static krb5_error_code
+string_to_keysalt(char *s, const char *ksaltseps,
+                  krb5_enctype *etype, krb5_int32 *stype)
+{
+    char *sp;
+    const char *ksseps = (ksaltseps != NULL) ? ksaltseps : default_ksaltseps;
+    krb5_error_code ret = 0;
+
+    sp = strpbrk(s, ksseps);
+    if (sp != NULL) {
+        *sp++ = '\0';
+    }
+    ret = krb5_string_to_enctype(s, etype);
+    if (ret)
+        return ret;
+
+    /* Default to normal salt if omitted. */
+    *stype = KRB5_KDB_SALTTYPE_NORMAL;
+    if (sp == NULL)
+        return 0;
+    return krb5_string_to_salttype(sp, stype);
+}
+
+/*
+ * krb5_string_to_keysalts()    - Convert a string representation to a list
+ *                                of key/salt tuples.
+ */
+krb5_error_code
+krb5_string_to_keysalts(const char *string, const char *tupleseps,
+                        const char *ksaltseps, krb5_boolean dups,
+                        krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp)
+{
+    char *copy, *p, *ksp;
+    char *tlasts = NULL;
+    const char *tseps = (tupleseps != NULL) ? tupleseps : default_tupleseps;
+    krb5_int32 nksalts = 0;
+    krb5_int32 stype;
+    krb5_enctype etype;
+    krb5_error_code ret = 0;
+    krb5_key_salt_tuple *ksalts = NULL, *ksalts_new = NULL;
+
+    *ksaltp = NULL;
+    *nksaltp = 0;
+    p = copy = strdup(string);
+    if (p == NULL)
+        return ENOMEM;
+    while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) {
+        /* Pass a null pointer to subsequent calls to strtok_r(). */
+        p = NULL;
+
+        /* Discard unrecognized keysalts. */
+        if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0)
+            continue;
+
+        /* Ignore duplicate keysalts if caller asks. */
+        if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))
+            continue;
+
+        ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts));
+        if (ksalts_new == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        ksalts = ksalts_new;
+        ksalts[nksalts].ks_enctype = etype;
+        ksalts[nksalts].ks_salttype = stype;
+        nksalts++;
+    }
+    *ksaltp = ksalts;
+    *nksaltp = nksalts;
+cleanup:
+    if (ret)
+        free(ksalts);
+    free(copy);
+    return ret;
+}
+
+/*
+ * krb5_keysalt_iterate()       - Do something for each unique key/salt
+ *                                combination.
+ *
+ * If ignoresalt set, then salttype is ignored.
+ */
+krb5_error_code
+krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg)
+    krb5_key_salt_tuple *ksaltlist;
+    krb5_int32          nksalt;
+    krb5_boolean        ignoresalt;
+    krb5_error_code     (*iterator) (krb5_key_salt_tuple *, krb5_pointer);
+    krb5_pointer        arg;
+{
+    int                 i;
+    krb5_error_code     kret;
+    krb5_key_salt_tuple scratch;
+
+    kret = 0;
+    for (i=0; i<nksalt; i++) {
+        scratch.ks_enctype = ksaltlist[i].ks_enctype;
+        scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype;
+        if (!krb5_keysalt_is_present(ksaltlist,
+                                     i,
+                                     scratch.ks_enctype,
+                                     scratch.ks_salttype)) {
+            kret = (*iterator)(&scratch, arg);
+            if (kret)
+                break;
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/t_kadm5.c b/krb5-1.21.3/src/lib/kadm5/t_kadm5.c
new file mode 100644
index 00000000..153147ff
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/t_kadm5.c
@@ -0,0 +1,1326 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kadm5/t_kadm5.c - API tests for libkadm5 */
+/*
+ * Copyright (C) 2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+
+static uint32_t api;
+static krb5_boolean rpc;
+
+static krb5_context context;
+
+/* These must match the creation commands in t_kadm5.py. */
+#define ADMIN_PASSWORD "admin"
+#define USER_PASSWORD "us3r"
+
+/* This list must match the supported_enctypes setting in t_kadm5.py. */
+static krb5_enctype
+default_supported_enctypes[] = {
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ENCTYPE_NULL
+};
+
+static void
+check(krb5_error_code code)
+{
+    assert(code == 0);
+}
+
+static void
+check_fail(krb5_error_code code, krb5_error_code expected)
+{
+    assert(code == expected);
+}
+
+/*
+ * Initialize a handle using the global context.  The caller must destroy this
+ * handle before initializing another one.  If the client name begins with '$',
+ * authenticate to kadmin/changepw; otherwise authenticate to kadmin/admin.  If
+ * client is null, return a null handle.
+ */
+static void *
+get_handle(char *client)
+{
+    void *handle;
+    char *service, *pass;
+
+    if (client == NULL)
+        return NULL;
+
+    if (*client == '$') {
+        service = KADM5_CHANGEPW_SERVICE;
+        client++;
+    } else {
+        service = KADM5_ADMIN_SERVICE;
+    }
+    pass = (strcmp(client, "user") == 0) ? USER_PASSWORD : ADMIN_PASSWORD;
+
+    check(kadm5_init(context, client, pass, service, NULL,
+                     KADM5_STRUCT_VERSION, api, NULL, &handle));
+    return handle;
+}
+
+static void
+free_handle(void *handle)
+{
+    if (handle != NULL)
+        check(kadm5_destroy(handle));
+}
+
+static krb5_principal
+parse_princ(const char *str)
+{
+    krb5_principal princ;
+
+    check(krb5_parse_name(context, str, &princ));
+    return princ;
+}
+
+static void
+create_simple_policy(char *name)
+{
+    void *handle = get_handle("admin");
+    kadm5_policy_ent_rec ent;
+
+    memset(&ent, 0, sizeof(ent));
+    ent.policy = name;
+    check(kadm5_create_policy(handle, &ent, KADM5_POLICY));
+    free_handle(handle);
+}
+
+static void
+delete_policy(char *name)
+{
+    void *handle = get_handle("admin");
+
+    check(kadm5_delete_policy(handle, name));
+    free_handle(handle);
+}
+
+static void
+compare_policy(kadm5_policy_ent_t x, uint32_t mask)
+{
+    kadm5_policy_ent_rec g;
+    void *handle = get_handle("admin");
+
+    check(kadm5_get_policy(handle, x->policy, &g));
+
+    assert(strcmp(g.policy, x->policy) == 0);
+    if (mask & KADM5_PW_MAX_LIFE)
+        assert(g.pw_max_life == x->pw_max_life);
+    if (mask & KADM5_PW_MIN_LIFE)
+        assert(g.pw_min_life == x->pw_min_life);
+    if (mask & KADM5_PW_MIN_LENGTH)
+        assert(g.pw_min_length == x->pw_min_length);
+    if (mask & KADM5_PW_MIN_CLASSES)
+        assert(g.pw_min_classes == x->pw_min_classes);
+    if (mask & KADM5_PW_HISTORY_NUM)
+        assert(g.pw_history_num == x->pw_history_num);
+    if (mask & KADM5_PW_MAX_FAILURE)
+        assert(g.pw_max_fail == x->pw_max_fail);
+    if (mask & KADM5_PW_FAILURE_COUNT_INTERVAL)
+        assert(g.pw_failcnt_interval == x->pw_failcnt_interval);
+    if (mask & KADM5_PW_LOCKOUT_DURATION)
+        assert(g.pw_lockout_duration == x->pw_lockout_duration);
+
+    check(kadm5_free_policy_ent(handle, &g));
+    free_handle(handle);
+}
+
+static void
+create_simple_princ(krb5_principal princ, char *policy)
+{
+    void *handle = get_handle("admin");
+    kadm5_principal_ent_rec ent;
+    uint32_t mask = KADM5_PRINCIPAL;
+
+    memset(&ent, 0, sizeof(ent));
+    ent.principal = princ;
+    ent.policy = policy;
+    if (policy != NULL)
+        mask |= KADM5_POLICY;
+    check(kadm5_create_principal(handle, &ent, mask, "pw"));
+    free_handle(handle);
+}
+
+static void
+delete_princ(krb5_principal princ)
+{
+    void *handle = get_handle("admin");
+
+    check(kadm5_delete_principal(handle, princ));
+    free_handle(handle);
+}
+
+static void
+compare_key_data(kadm5_principal_ent_t ent, const krb5_enctype *etypes)
+{
+    int i;
+
+    for (i = 0; etypes[i] != ENCTYPE_NULL; i++) {
+        assert(i < ent->n_key_data);
+        assert(ent->key_data[i].key_data_ver >= 1);
+        assert(ent->key_data[i].key_data_type[0] == etypes[i]);
+    }
+}
+
+static void
+compare_princ(kadm5_principal_ent_t x, uint32_t mask)
+{
+    void *handle = get_handle("admin");
+    kadm5_principal_ent_rec g;
+    kadm5_policy_ent_rec pol;
+
+    check(kadm5_get_principal(handle, x->principal, &g,
+                              KADM5_PRINCIPAL_NORMAL_MASK));
+
+    assert(krb5_principal_compare(context, g.principal, x->principal));
+    if (mask & KADM5_POLICY)
+        assert(strcmp(g.policy, x->policy) == 0);
+    if (mask & KADM5_PRINC_EXPIRE_TIME)
+        assert(g.princ_expire_time == x->princ_expire_time);
+    if (mask & KADM5_MAX_LIFE)
+        assert(g.max_life == x->max_life);
+    if (mask & KADM5_MAX_RLIFE)
+        assert(g.max_renewable_life == x->max_renewable_life);
+    if (mask & KADM5_FAIL_AUTH_COUNT)
+        assert(g.fail_auth_count == x->fail_auth_count);
+    if (mask & KADM5_ATTRIBUTES)
+        assert(g.attributes == x->attributes);
+    if (mask & KADM5_KVNO)
+        assert(g.kvno == x->kvno);
+
+    if (mask & KADM5_PW_EXPIRATION) {
+        assert(g.pw_expiration == x->pw_expiration);
+    } else if ((mask & KADM5_POLICY) &&
+               kadm5_get_policy(handle, g.policy, &pol) == 0) {
+        /* Check the policy pw_max_life computation. */
+        if (pol.pw_max_life != 0) {
+            assert(ts_incr(g.last_pwd_change, pol.pw_max_life) ==
+                   g.pw_expiration);
+        } else {
+            assert(g.pw_expiration == 0);
+        }
+        check(kadm5_free_policy_ent(handle, &pol));
+    }
+
+    if (mask & KADM5_POLICY_CLR) {
+        assert(g.policy == NULL);
+        if (!(mask & KADM5_PW_EXPIRATION))
+            assert(g.pw_expiration == 0);
+    }
+
+    check(kadm5_free_principal_ent(handle, &g));
+    free_handle(handle);
+}
+
+static void
+kinit(krb5_ccache cc, const char *user, const char *pass, const char *service)
+{
+    krb5_get_init_creds_opt *opt;
+    krb5_principal client = parse_princ(user);
+    krb5_creds creds;
+
+    check(krb5_get_init_creds_opt_alloc(context, &opt));
+    check(krb5_get_init_creds_opt_set_out_ccache(context, opt, cc));
+    check(krb5_get_init_creds_password(context, &creds, client, pass, NULL,
+                                       NULL, 0, service, opt));
+    krb5_get_init_creds_opt_free(context, opt);
+    krb5_free_cred_contents(context, &creds);
+    krb5_free_principal(context, client);
+}
+
+static void
+cpw_test_fail(char *user, krb5_principal princ, char *pass,
+              krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_chpass_principal(handle, princ, pass), code);
+    free_handle(handle);
+}
+
+static void
+cpw_test_succeed(char *user, krb5_principal princ, char *pass)
+{
+    cpw_test_fail(user, princ, pass, 0);
+}
+
+static void
+test_chpass()
+{
+    krb5_principal princ = parse_princ("chpass-test");
+    krb5_principal hist_princ = parse_princ("kadmin/history");
+    kadm5_principal_ent_rec ent;
+    void *handle;
+
+    /* Specify a policy so that kadmin/history is created. */
+    create_simple_princ(princ, "minlife-pol");
+
+    /* Check kvno and enctypes after a password change. */
+    handle = get_handle("admin");
+    check(kadm5_chpass_principal(handle, princ, "newpassword"));
+    check(kadm5_get_principal(handle, princ, &ent, KADM5_KEY_DATA));
+    compare_key_data(&ent, default_supported_enctypes);
+    assert(ent.key_data[0].key_data_kvno == 2);
+    check(kadm5_free_principal_ent(handle, &ent));
+    free_handle(handle);
+
+    /* Fails for protected principal. */
+    cpw_test_fail("admin", hist_princ, "pw", KADM5_PROTECT_PRINCIPAL);
+
+    /* Fails over RPC if "change" ACL is not granted, or if we authenticated to
+     * kadmin/changepw and are changing another principal's password. */
+    if (rpc) {
+        cpw_test_succeed("admin/modify", princ, "pw2");
+        cpw_test_fail("admin/none", princ, "pw3", KADM5_AUTH_CHANGEPW);
+        cpw_test_fail("$admin", princ, "pw3", KADM5_AUTH_CHANGEPW);
+    }
+
+    /* Fails with null handle or principal name. */
+    cpw_test_fail(NULL, princ, "pw", KADM5_BAD_SERVER_HANDLE);
+    cpw_test_fail("admin", NULL, "pw", EINVAL);
+
+    delete_princ(princ);
+    krb5_free_principal(context, princ);
+    krb5_free_principal(context, hist_princ);
+}
+
+static void
+cpol_test_fail(char *user, kadm5_policy_ent_t ent, uint32_t mask,
+               krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_create_policy(handle, ent, mask | KADM5_POLICY), code);
+    free_handle(handle);
+}
+
+static void
+cpol_test_compare(char *user, kadm5_policy_ent_t ent, uint32_t mask)
+{
+    cpol_test_fail(user, ent, mask, 0);
+    compare_policy(ent, mask);
+    delete_policy(ent->policy);
+}
+
+static void
+test_create_policy()
+{
+    void *handle;
+    kadm5_policy_ent_rec ent;
+
+    memset(&ent, 0, sizeof(ent));
+
+    /* Fails with undefined mask bit. */
+    ent.policy = "create-policy-test";
+    cpol_test_fail("admin", &ent, 0x10000000, KADM5_BAD_MASK);
+
+    /* Fails without KADM5_POLICY mask bit. */
+    handle = get_handle("admin");
+    check_fail(kadm5_create_policy(handle, &ent, 0), KADM5_BAD_MASK);
+    free_handle(handle);
+
+    /* pw_min_life = 0 and pw_min_life != 0 */
+    cpol_test_compare("admin", &ent, KADM5_PW_MIN_LIFE);
+    ent.pw_min_life = 32;
+    cpol_test_compare("admin", &ent, KADM5_PW_MIN_LIFE);
+
+    /* pw_max_life = 0 and pw_max_life != 0 */
+    cpol_test_compare("admin", &ent, KADM5_PW_MAX_LIFE);
+    ent.pw_max_life = 32;
+    cpol_test_compare("admin", &ent, KADM5_PW_MAX_LIFE);
+
+    /* pw_min_length = 0 (rejected) and pw_min_length != 0 */
+    cpol_test_fail("admin", &ent, KADM5_PW_MIN_LENGTH, KADM5_BAD_LENGTH);
+    ent.pw_min_length = 32;
+    cpol_test_compare("admin", &ent, KADM5_PW_MIN_LENGTH);
+
+    /* pw_min_classes = 0 (rejected), 1, 5, 6 (rejected) */
+    cpol_test_fail("admin", &ent, KADM5_PW_MIN_CLASSES, KADM5_BAD_CLASS);
+    ent.pw_min_classes = 1;
+    cpol_test_compare("admin", &ent, KADM5_PW_MIN_CLASSES);
+    ent.pw_min_classes = 5;
+    cpol_test_compare("admin", &ent, KADM5_PW_MIN_CLASSES);
+    ent.pw_min_classes = 6;
+    cpol_test_fail("admin", &ent, KADM5_PW_MIN_CLASSES, KADM5_BAD_CLASS);
+
+    /* pw_history_num = 0 (rejected), 1, 10 */
+    cpol_test_fail("admin", &ent, KADM5_PW_HISTORY_NUM, KADM5_BAD_HISTORY);
+    ent.pw_history_num = 1;
+    cpol_test_compare("admin", &ent, KADM5_PW_HISTORY_NUM);
+    ent.pw_history_num = 10;
+    cpol_test_compare("admin", &ent, KADM5_PW_HISTORY_NUM);
+
+    if (api >= KADM5_API_VERSION_3) {
+        ent.pw_max_fail = 2;
+        cpol_test_compare("admin", &ent, KADM5_PW_MAX_FAILURE);
+        ent.pw_failcnt_interval = 90;
+        cpol_test_compare("admin", &ent,
+                          KADM5_PW_FAILURE_COUNT_INTERVAL);
+        ent.pw_lockout_duration = 180;
+        cpol_test_compare("admin", &ent, KADM5_PW_LOCKOUT_DURATION);
+    }
+
+    /* Fails over RPC if "add" ACL is not granted, or if we authenticated to
+     * kadmin/changepw. */
+    if (rpc) {
+        cpol_test_fail("$admin", &ent, 0, KADM5_AUTH_ADD);
+        cpol_test_fail("admin/none", &ent, 0, KADM5_AUTH_ADD);
+        cpol_test_fail("admin/get", &ent, 0, KADM5_AUTH_ADD);
+        cpol_test_fail("admin/modify", &ent, 0, KADM5_AUTH_ADD);
+        cpol_test_fail("admin/delete", &ent, 0, KADM5_AUTH_ADD);
+        cpol_test_compare("admin/add", &ent, 0);
+    }
+
+    /* Fails with existing policy name. */
+    ent.policy = "test-pol";
+    cpol_test_fail("admin", &ent, 0, KADM5_DUP);
+
+    /* Fails with null or empty policy name, or invalid character in name. */
+    ent.policy = NULL;
+    cpol_test_fail("admin", &ent, 0, EINVAL);
+    ent.policy = "";
+    cpol_test_fail("admin", &ent, 0, KADM5_BAD_POLICY);
+    ent.policy = "pol\7";
+    cpol_test_fail("admin", &ent, 0, KADM5_BAD_POLICY);
+
+    /* Fails with null handle or policy ent. */
+    cpol_test_fail(NULL, &ent, 0, KADM5_BAD_SERVER_HANDLE);
+    cpol_test_fail("admin", NULL, 0, EINVAL);
+}
+
+static void
+cprinc_test_fail(char *user, kadm5_principal_ent_t ent, uint32_t mask,
+                 char *pass, krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_create_principal(handle, ent, mask | KADM5_PRINCIPAL,
+                                      pass), code);
+    free_handle(handle);
+}
+
+static void
+cprinc_test_compare(char *user, kadm5_principal_ent_t ent, uint32_t mask,
+                    char *pass)
+{
+    cprinc_test_fail(user, ent, mask, pass, 0);
+    compare_princ(ent, mask);
+    delete_princ(ent->principal);
+}
+
+static void
+test_create_principal()
+{
+    void *handle;
+    kadm5_principal_ent_rec ent;
+    krb5_principal princ = parse_princ("create-principal-test");
+    krb5_principal user_princ = parse_princ("user");
+
+    memset(&ent, 0, sizeof(ent));
+    ent.principal = princ;
+
+    /* Fails with undefined or prohibited mask bit. */
+    cprinc_test_fail("admin", &ent, 0x100000, "", KADM5_BAD_MASK);
+    cprinc_test_fail("admin", &ent, KADM5_LAST_PWD_CHANGE, "pw",
+                     KADM5_BAD_MASK);
+    cprinc_test_fail("admin", &ent, KADM5_MOD_TIME, "pw", KADM5_BAD_MASK);
+    cprinc_test_fail("admin", &ent, KADM5_MOD_NAME, "pw", KADM5_BAD_MASK);
+    cprinc_test_fail("admin", &ent, KADM5_MKVNO, "pw", KADM5_BAD_MASK);
+    cprinc_test_fail("admin", &ent, KADM5_AUX_ATTRIBUTES, "pw",
+                     KADM5_BAD_MASK);
+
+    /* Fails without KADM5_PRINCIPAL mask bit. */
+    handle = get_handle("admin");
+    check_fail(kadm5_create_principal(handle, &ent, 0, "pw"), KADM5_BAD_MASK);
+    free_handle(handle);
+
+    /* Fails with empty password or password prohibited by policy. */
+    cprinc_test_fail("admin", &ent, 0, "", KADM5_PASS_Q_TOOSHORT);
+    ent.policy = "test-pol";
+    cprinc_test_fail("admin", &ent, KADM5_POLICY, "tP", KADM5_PASS_Q_TOOSHORT);
+    cprinc_test_fail("admin", &ent, KADM5_POLICY, "testpassword",
+                     KADM5_PASS_Q_CLASS);
+    cprinc_test_fail("admin", &ent, KADM5_POLICY, "Abyssinia",
+                     KADM5_PASS_Q_DICT);
+
+    cprinc_test_compare("admin", &ent, 0, "pw");
+    ent.policy = "nonexistent-pol";
+    cprinc_test_compare("admin", &ent, KADM5_POLICY, "pw");
+    cprinc_test_compare("admin/rename", &ent, KADM5_POLICY, "pw");
+
+    /* Test pw_expiration explicit specifications vs. policy pw_max_life. */
+    ent.policy = "test-pol";
+    cprinc_test_compare("admin", &ent, KADM5_POLICY, "NotinTheDictionary");
+    cprinc_test_compare("admin", &ent, KADM5_PRINC_EXPIRE_TIME, "pw");
+    cprinc_test_compare("admin", &ent, KADM5_PW_EXPIRATION, "pw");
+    cprinc_test_compare("admin", &ent, KADM5_POLICY | KADM5_PW_EXPIRATION,
+                        "NotinTheDictionary");
+    ent.pw_expiration = 1234;
+    cprinc_test_compare("admin", &ent, KADM5_PW_EXPIRATION, "pw");
+    cprinc_test_compare("admin", &ent, KADM5_POLICY | KADM5_PW_EXPIRATION,
+                        "NotinTheDictionary");
+    ent.pw_expiration = 999999999;
+    cprinc_test_compare("admin", &ent, KADM5_POLICY | KADM5_PW_EXPIRATION,
+                        "NotinTheDictionary");
+    ent.policy = "dict-only-pol";
+    cprinc_test_compare("admin", &ent, KADM5_POLICY | KADM5_PW_EXPIRATION,
+                        "pw");
+
+    /* Fails over RPC if "add" ACL is not granted, or if we authenticated to
+     * kadmin/changepw. */
+    if (rpc) {
+        cprinc_test_fail("$admin", &ent, 0, "pw", KADM5_AUTH_ADD);
+        cprinc_test_fail("admin/none", &ent, 0, "pw", KADM5_AUTH_ADD);
+        cprinc_test_fail("admin/get", &ent, 0, "pw", KADM5_AUTH_ADD);
+        cprinc_test_fail("admin/modify", &ent, 0, "pw", KADM5_AUTH_ADD);
+        cprinc_test_fail("admin/delete", &ent, 0, "pw", KADM5_AUTH_ADD);
+    }
+
+    /* Fails with existing policy name. */
+    ent.principal = user_princ;
+    cprinc_test_fail("admin", &ent, 0, "pw", KADM5_DUP);
+
+    /* Fails with null handle or principal ent. */
+    cprinc_test_fail(NULL, &ent, 0, "pw", KADM5_BAD_SERVER_HANDLE);
+    cprinc_test_fail("admin", NULL, 0, "pw", EINVAL);
+
+    krb5_free_principal(context, princ);
+    krb5_free_principal(context, user_princ);
+}
+
+static void
+dpol_test_fail(char *user, char *name, krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_delete_policy(handle, name), code);
+    free_handle(handle);
+}
+
+static void
+dpol_test_succeed(char *user, char *name)
+{
+    dpol_test_fail(user, name, 0);
+}
+
+static void
+test_delete_policy()
+{
+    krb5_principal princ = parse_princ("delete-policy-test-princ");
+
+    /* Fails with unknown policy. */
+    dpol_test_fail("admin", "delete-policy-test", KADM5_UNK_POLICY);
+
+    /* Fails with empty policy name. */
+    dpol_test_fail("admin", "", KADM5_BAD_POLICY);
+
+    /* Succeeds with "delete" ACL (or local authentication). */
+    create_simple_policy("delete-policy-test");
+    dpol_test_succeed("admin/delete", "delete-policy-test");
+
+    /* Succeeds even if a principal references the policy, since we now allow
+     * principals to reference nonexistent policies. */
+    create_simple_policy("delete-policy-test");
+    create_simple_princ(princ, "delete-policy-test");
+    dpol_test_succeed("admin", "delete-policy-test");
+    delete_princ(princ);
+
+    /* Fails over RPC if "delete" ACL is not granted, or if we authenticated to
+     * kadmin/changepw. */
+    if (rpc) {
+        dpol_test_fail("$admin", "test-pol", KADM5_AUTH_DELETE);
+        dpol_test_fail("admin/none", "test-pol", KADM5_AUTH_DELETE);
+        dpol_test_fail("admin/add", "test-pol", KADM5_AUTH_DELETE);
+    }
+
+    /* Fails with null handle or principal ent. */
+    dpol_test_fail(NULL, "test-pol", KADM5_BAD_SERVER_HANDLE);
+    dpol_test_fail("admin", NULL, EINVAL);
+
+    krb5_free_principal(context, princ);
+}
+
+static void
+dprinc_test_fail(char *user, krb5_principal princ, krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_delete_principal(handle, princ), code);
+    free_handle(handle);
+}
+
+static void
+dprinc_test_succeed(char *user, krb5_principal princ)
+{
+    dprinc_test_fail(user, princ, 0);
+}
+
+static void
+test_delete_principal()
+{
+    krb5_principal princ = parse_princ("delete-principal-test");
+
+    /* Fails with unknown principal. */
+    dprinc_test_fail("admin", princ, KADM5_UNK_PRINC);
+
+    /* Succeeds with "delete" ACL (or local authentication). */
+    create_simple_princ(princ, NULL);
+    dprinc_test_succeed("admin/delete", princ);
+
+    /* Fails over RPC if "delete" ACL is not granted, or if we authenticated to
+     * kadmin/changepw. */
+    if (rpc) {
+        dprinc_test_fail("$admin", princ, KADM5_AUTH_DELETE);
+        dprinc_test_fail("admin/add", princ, KADM5_AUTH_DELETE);
+        dprinc_test_fail("admin/modify", princ, KADM5_AUTH_DELETE);
+        dprinc_test_fail("admin/get", princ, KADM5_AUTH_DELETE);
+        dprinc_test_fail("admin/none", princ, KADM5_AUTH_DELETE);
+    }
+
+    /* Fails with null handle or principal ent. */
+    dprinc_test_fail(NULL, princ, KADM5_BAD_SERVER_HANDLE);
+    dprinc_test_fail("admin", NULL, EINVAL);
+
+    krb5_free_principal(context, princ);
+}
+
+static void
+gpol_test_succeed(char *user, char *name)
+{
+    void *handle = get_handle(user);
+    kadm5_policy_ent_rec ent;
+
+    check(kadm5_get_policy(handle, name, &ent));
+    assert(strcmp(ent.policy, name) == 0);
+    check(kadm5_free_policy_ent(handle, &ent));
+    free_handle(handle);
+}
+
+static void
+gpol_test_fail(char *user, char *name, krb5_error_code code)
+{
+    void *handle = get_handle(user);
+    kadm5_policy_ent_rec ent;
+
+    check_fail(kadm5_get_policy(handle, name, &ent), code);
+    free_handle(handle);
+}
+
+static void
+test_get_policy()
+{
+    /* Fails with unknown policy. */
+    dpol_test_fail("admin", "unknown-policy", KADM5_UNK_POLICY);
+
+    /* Fails with empty or null policy name or a null handle. */
+    gpol_test_fail("admin", "", KADM5_BAD_POLICY);
+    gpol_test_fail("admin", NULL, EINVAL);
+    gpol_test_fail(NULL, "", KADM5_BAD_SERVER_HANDLE);
+
+    /* Fails over RPC unless "get" ACL is granted or the principal's own policy
+     * is retrieved. */
+    if (rpc) {
+        gpol_test_fail("admin/none", "test-pol", KADM5_AUTH_GET);
+        gpol_test_fail("admin/add", "test-pol", KADM5_AUTH_GET);
+        gpol_test_succeed("admin/get", "test-pol");
+        gpol_test_succeed("user", "minlife-pol");
+        gpol_test_succeed("$user", "minlife-pol");
+    }
+}
+
+static void
+gprinc_test_succeed(char *user, krb5_principal princ)
+{
+    void *handle = get_handle(user);
+    kadm5_principal_ent_rec ent;
+
+    check(kadm5_get_principal(handle, princ, &ent,
+                              KADM5_PRINCIPAL_NORMAL_MASK));
+    assert(krb5_principal_compare(context, ent.principal, princ));
+    check(kadm5_free_principal_ent(handle, &ent));
+    free_handle(handle);
+}
+
+static void
+gprinc_test_fail(char *user, krb5_principal princ, krb5_error_code code)
+{
+    void *handle = get_handle(user);
+    kadm5_principal_ent_rec ent;
+
+    check_fail(kadm5_get_principal(handle, princ, &ent,
+                                   KADM5_PRINCIPAL_NORMAL_MASK), code);
+    free_handle(handle);
+}
+
+static void
+test_get_principal()
+{
+    void *handle;
+    kadm5_principal_ent_rec ent;
+    krb5_principal princ = parse_princ("get-principal-test");
+    krb5_principal admin_princ = parse_princ("admin");
+    krb5_principal admin_none_princ = parse_princ("admin/none");
+    int i;
+
+    /* Fails with unknown principal. */
+    gprinc_test_fail("admin", princ, KADM5_UNK_PRINC);
+
+    create_simple_princ(princ, NULL);
+
+    /* Succeeds with "get" ACL (or local authentication), or operating on
+     * self. */
+    gprinc_test_succeed("admin/none", admin_none_princ);
+    gprinc_test_succeed("$admin", admin_princ);
+    gprinc_test_succeed("admin/get", princ);
+
+    /* Fails over RPC if "get" ACL is not granted, or if we authenticated to
+     * kadmin/changepw and getting another principal entry. */
+    if (rpc) {
+        gprinc_test_fail("$admin", princ, KADM5_AUTH_GET);
+        gprinc_test_fail("admin/none", princ, KADM5_AUTH_GET);
+        gprinc_test_fail("admin/add", princ, KADM5_AUTH_GET);
+        gprinc_test_fail("admin/modify", princ, KADM5_AUTH_GET);
+        gprinc_test_fail("admin/delete", princ, KADM5_AUTH_GET);
+    }
+
+    /* Entry contains no key data or tl-data unless asked for. */
+    handle = get_handle("admin");
+    check(kadm5_get_principal(handle, princ, &ent,
+                              KADM5_PRINCIPAL_NORMAL_MASK));
+    assert(ent.n_tl_data == 0);
+    assert(ent.n_key_data == 0);
+    assert(ent.tl_data == NULL);
+    check(kadm5_free_principal_ent(handle, &ent));
+
+    /* Key data (without the actual keys over RPC) is provided if asked for. */
+    check(kadm5_get_principal(handle, princ, &ent,
+                              KADM5_PRINCIPAL_NORMAL_MASK | KADM5_KEY_DATA));
+    assert(ent.n_key_data == 2);
+    for (i = 0; i < ent.n_key_data; i++)
+        assert(rpc == (ent.key_data[i].key_data_length[0] == 0));
+    check(kadm5_free_principal_ent(handle, &ent));
+    free_handle(handle);
+
+    /* Fails with null handle or principal. */
+    gprinc_test_fail(NULL, princ, KADM5_BAD_SERVER_HANDLE);
+    gprinc_test_fail("admin", NULL, EINVAL);
+
+    delete_princ(princ);
+    krb5_free_principal(context, princ);
+    krb5_free_principal(context, admin_princ);
+    krb5_free_principal(context, admin_none_princ);
+}
+
+static void
+test_init_destroy()
+{
+    krb5_context ctx;
+    kadm5_ret_t ret;
+    kadm5_config_params params;
+    kadm5_principal_ent_rec ent, gent;
+    krb5_principal princ = parse_princ("init-test");
+    krb5_ccache cc;
+    void *handle;
+    char hostname[MAXHOSTNAMELEN];
+    int r;
+
+    memset(&params, 0, sizeof(params));
+    memset(&ent, 0, sizeof(ent));
+    ent.principal = princ;
+
+    r = gethostname(hostname, sizeof(hostname));
+    assert(r == 0);
+
+    /* Destroy fails with no server handle. */
+    check_fail(kadm5_destroy(NULL), KADM5_BAD_SERVER_HANDLE);
+
+    /* Fails with bad structure version mask. */
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          0x65432101, api, NULL, &handle),
+               KADM5_BAD_STRUCT_VERSION);
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          1, api, NULL, &handle), KADM5_BAD_STRUCT_VERSION);
+
+    /* Fails with too-old or too-new structure version. */
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          KADM5_STRUCT_VERSION_MASK, api, NULL, &handle),
+               KADM5_OLD_STRUCT_VERSION);
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          KADM5_STRUCT_VERSION_MASK | 0xca, api, NULL,
+                          &handle), KADM5_NEW_STRUCT_VERSION);
+
+    /* Fails with bad API version mask. */
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          KADM5_STRUCT_VERSION, 0x65432100, NULL, &handle),
+               KADM5_BAD_API_VERSION);
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          KADM5_STRUCT_VERSION, 4, NULL, &handle),
+               KADM5_BAD_API_VERSION);
+
+    /* Fails with too-old or too-new API version.*/
+    ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_MASK, NULL,
+                     &handle);
+    assert(ret == (rpc ? KADM5_OLD_LIB_API_VERSION :
+                   KADM5_OLD_SERVER_API_VERSION));
+    ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_MASK | 0xca, NULL,
+                     &handle);
+    assert(ret == (rpc ? KADM5_NEW_LIB_API_VERSION :
+                   KADM5_NEW_SERVER_API_VERSION));
+
+    /* Fails with structure and API version reversed. */
+    check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                          api, KADM5_STRUCT_VERSION, NULL, &handle),
+               KADM5_BAD_STRUCT_VERSION);
+
+    /* Hardcoded default max lifetime is used when no handle or krb5.conf
+     * setting is given. */
+    handle = get_handle("admin");
+    check(kadm5_create_principal(handle, &ent, KADM5_PRINCIPAL, "pw"));
+    check(kadm5_get_principal(handle, princ, &gent,
+                              KADM5_PRINCIPAL_NORMAL_MASK));
+    assert(gent.max_life == KRB5_KDB_MAX_LIFE);
+    check(kadm5_delete_principal(handle, princ));
+    check(kadm5_free_principal_ent(handle, &gent));
+    free_handle(handle);
+
+    /* Fails with configured unknown realm.  Do these tests in separate krb5
+     * contexts since the realm setting sticks to the context. */
+    check(kadm5_init_krb5_context(&ctx));
+    params.realm = "";
+    params.mask = KADM5_CONFIG_REALM;
+    ret = kadm5_init(ctx, "admin", "admin", KADM5_ADMIN_SERVICE, &params,
+                     KADM5_STRUCT_VERSION, api, NULL, &handle);
+    assert(ret == (rpc ? KADM5_MISSING_KRB5_CONF_PARAMS : ENOENT));
+    krb5_free_context(ctx);
+
+    check(kadm5_init_krb5_context(&ctx));
+    params.realm = "@";
+    ret = kadm5_init(ctx, "admin", "admin", KADM5_ADMIN_SERVICE, &params,
+                     KADM5_STRUCT_VERSION, api, NULL, &handle);
+    assert(ret == (rpc ? KADM5_MISSING_KRB5_CONF_PARAMS : ENOENT));
+    krb5_free_context(ctx);
+
+    check(kadm5_init_krb5_context(&ctx));
+    params.realm = "BAD.REALM";
+    ret = kadm5_init(ctx, "admin", "admin", KADM5_ADMIN_SERVICE, &params,
+                     KADM5_STRUCT_VERSION, api, NULL, &handle);
+    assert(ret == (rpc ? KADM5_MISSING_KRB5_CONF_PARAMS : ENOENT));
+    krb5_free_context(ctx);
+
+    /* Succeeds with explicit client realm and configured realm. */
+    check(kadm5_init_krb5_context(&ctx));
+    params.realm = "KRBTEST.COM";
+    check(kadm5_init(ctx, "admin@KRBTEST.COM", "admin", KADM5_ADMIN_SERVICE,
+                     &params, KADM5_STRUCT_VERSION, api, NULL, &handle));
+    check(kadm5_destroy(handle));
+    krb5_free_context(ctx);
+
+    /* Succeeds with explicit client realm. */
+    check(kadm5_init(context, "admin@KRBTEST.COM", "admin",
+                     KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION, api,
+                     NULL, &handle));
+    check(kadm5_destroy(handle));
+
+
+    if (rpc) {
+        check(krb5_cc_default(context, &cc));
+
+        /* Succeeds with configured host and port. */
+        params.admin_server = hostname;
+        params.kadmind_port = 61001;
+        params.mask = KADM5_CONFIG_ADMIN_SERVER | KADM5_CONFIG_KADMIND_PORT;
+        check(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE,
+                         &params, KADM5_STRUCT_VERSION, api, NULL, &handle));
+        check(kadm5_destroy(handle));
+
+        /* Fails with wrong configured port. */
+        params.kadmind_port = 4;
+        check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE,
+                              &params, KADM5_STRUCT_VERSION, api, NULL,
+                              &handle), KADM5_RPC_ERROR);
+
+        /* Fails with non-resolving hostname. */
+        params.admin_server = "does.not.exist";
+        params.mask = KADM5_CONFIG_ADMIN_SERVER;
+        check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE,
+                              &params, KADM5_STRUCT_VERSION, api, NULL,
+                              &handle), KADM5_CANT_RESOLVE);
+
+        /* Fails with uninitialized cache. */
+        check_fail(kadm5_init_with_creds(context, "admin", cc,
+                                         KADM5_ADMIN_SERVICE, NULL,
+                                         KADM5_STRUCT_VERSION, api, NULL,
+                                         &handle), KRB5_FCC_NOFILE);
+
+        /* Succeeds with cache containing kadmin/admin cred. */
+        kinit(cc, "admin", "admin", KADM5_ADMIN_SERVICE);
+        check(kadm5_init_with_creds(context, "admin", cc, KADM5_ADMIN_SERVICE,
+                                    NULL, KADM5_STRUCT_VERSION, api, NULL,
+                                    &handle));
+        check(kadm5_destroy(handle));
+
+        /* Succeeds with cache containing kadmin/changepw cred. */
+        kinit(cc, "admin", "admin", KADM5_CHANGEPW_SERVICE);
+        check(kadm5_init_with_creds(context, "admin", cc,
+                                    KADM5_CHANGEPW_SERVICE, NULL,
+                                    KADM5_STRUCT_VERSION, api, NULL, &handle));
+        check(kadm5_destroy(handle));
+
+        /* Fails with cache containing only a TGT. */
+        kinit(cc, "admin", "admin", NULL);
+        check_fail(kadm5_init_with_creds(context, "admin", cc,
+                                         KADM5_ADMIN_SERVICE, NULL,
+                                         KADM5_STRUCT_VERSION, api, NULL,
+                                         &handle), KRB5_CC_NOTFOUND);
+
+        /* Fails authenticating to non-kadmin princ. */
+        check_fail(kadm5_init(context, "admin", "admin", "user", NULL,
+                              KADM5_STRUCT_VERSION, api, NULL, &handle),
+                   KADM5_RPC_ERROR);
+
+        /* Fails authenticating to nonexistent princ. */
+        check_fail(kadm5_init(context, "admin", "admin", "noexist", NULL,
+                              KADM5_STRUCT_VERSION, api, NULL, &handle),
+                   KADM5_SECURE_PRINC_MISSING);
+
+        /* Fails authenticating to client princ (which is non-kadmin). */
+        check_fail(kadm5_init(context, "admin", "admin", "admin", NULL,
+                              KADM5_STRUCT_VERSION, api, NULL, &handle),
+                   KADM5_RPC_ERROR);
+
+        /* Fails with wrong password. */
+        check_fail(kadm5_init(context, "admin", "wrong", KADM5_ADMIN_SERVICE,
+                              NULL, KADM5_STRUCT_VERSION, api, NULL, &handle),
+                   KADM5_BAD_PASSWORD);
+
+        /* Fails with null client name. */
+        check_fail(kadm5_init(context, NULL, "admin", KADM5_ADMIN_SERVICE,
+                              NULL, KADM5_STRUCT_VERSION, api, NULL, &handle),
+                   EINVAL);
+
+        /* Fails with nonexistent client name. */
+        check_fail(kadm5_init(context, "noexist", "admin", KADM5_ADMIN_SERVICE,
+                              NULL, KADM5_STRUCT_VERSION, api, NULL, &handle),
+                   KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN);
+
+        /* Fails with nonexistent client name with explicit realm. */
+        check_fail(kadm5_init(context, "noexist@KRBTEST.COM", "admin",
+                              KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION,
+                              api, NULL, &handle),
+                   KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN);
+
+        /* Fails with nonexistent client name with unknown realm. */
+        check_fail(kadm5_init(context, "noexist@BAD.REALM", "admin",
+                              KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION,
+                              api, NULL, &handle), KRB5_REALM_UNKNOWN);
+
+        /* Fails with known name but unknown realm. */
+        check_fail(kadm5_init(context, "admin@BAD.REALM", "admin",
+                              KADM5_ADMIN_SERVICE, NULL, KADM5_STRUCT_VERSION,
+                              api, NULL, &handle), KRB5_REALM_UNKNOWN);
+
+        check(krb5_cc_destroy(context, cc));
+    } else {
+        /* Fails with nonexistent stash file. */
+        params.stash_file = "does/not/exist";
+        params.mask = KADM5_CONFIG_STASH_FILE;
+        check_fail(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE,
+                              &params, KADM5_STRUCT_VERSION, api, NULL,
+                              &handle), KRB5_KDB_CANTREAD_STORED);
+
+        /* Uses configured defaults for principal creation. */
+        params.max_life = 10;
+        params.max_rlife = 20;
+        params.expiration = 30;
+        params.num_keysalts = 0;
+        params.mask = KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE |
+            KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES;
+        check(kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE,
+                         &params, KADM5_STRUCT_VERSION, api, NULL, &handle));
+        check(kadm5_create_principal(handle, &ent, KADM5_PRINCIPAL, "pw"));
+        check(kadm5_get_principal(handle, princ, &gent,
+                                  KADM5_PRINCIPAL_NORMAL_MASK |
+                                  KADM5_KEY_DATA));
+        assert(gent.max_life == 10);
+        assert(gent.max_renewable_life == 20);
+        assert(gent.princ_expire_time == 30);
+        assert(gent.n_key_data == 0);
+        check(kadm5_delete_principal(handle, princ));
+        check(kadm5_free_principal_ent(handle, &gent));
+        check(kadm5_destroy(handle));
+
+        /* Succeeds with incorrect password using local auth. */
+        check(kadm5_init(context, "admin", "wrong", KADM5_ADMIN_SERVICE, NULL,
+                         KADM5_STRUCT_VERSION, api, NULL, &handle));
+        check(kadm5_destroy(handle));
+
+        /* Succeeds with null service using local auth. */
+        check(kadm5_init(context, "admin", "admin", NULL, NULL,
+                         KADM5_STRUCT_VERSION, api, NULL, &handle));
+        check(kadm5_destroy(handle));
+
+        /* Succeeds with nonexistent, non-kadmin service using local auth. */
+        check(kadm5_init(context, "admin", "admin", "foobar", NULL,
+                         KADM5_STRUCT_VERSION, api, NULL, &handle));
+        check(kadm5_destroy(handle));
+    }
+
+    krb5_free_principal(context, princ);
+}
+
+static void
+mpol_test_fail(char *user, kadm5_policy_ent_t ent, uint32_t mask,
+               krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_modify_policy(handle, ent, mask), code);
+    free_handle(handle);
+}
+
+static void
+mpol_test_compare(void *handle, kadm5_policy_ent_t ent, uint32_t mask)
+{
+    mpol_test_fail(handle, ent, mask, 0);
+    compare_policy(ent, mask);
+}
+
+static void
+test_modify_policy()
+{
+    kadm5_policy_ent_rec ent;
+
+    memset(&ent, 0, sizeof(ent));
+    ent.policy = "modify-policy-test";
+    create_simple_policy(ent.policy);
+
+    /* pw_min_life = 0 and pw_min_life != 0 */
+    mpol_test_compare("admin", &ent, KADM5_PW_MIN_LIFE);
+    ent.pw_min_life = 32;
+    mpol_test_compare("admin", &ent, KADM5_PW_MIN_LIFE);
+
+    /* pw_max_life = 0 and pw_max_life != 0 */
+    mpol_test_compare("admin", &ent, KADM5_PW_MAX_LIFE);
+    ent.pw_max_life = 32;
+    mpol_test_compare("admin", &ent, KADM5_PW_MAX_LIFE);
+
+    /* pw_min_length = 0 (rejected) and pw_min_length != 0 */
+    mpol_test_fail("admin", &ent, KADM5_PW_MIN_LENGTH, KADM5_BAD_LENGTH);
+    ent.pw_min_length = 8;
+    mpol_test_compare("admin", &ent, KADM5_PW_MIN_LENGTH);
+
+    /* pw_min_classes = 0 (rejected), 1, 5, 6 (rejected) */
+    mpol_test_fail("admin", &ent, KADM5_PW_MIN_CLASSES, KADM5_BAD_CLASS);
+    ent.pw_min_classes = 1;
+    mpol_test_compare("admin", &ent, KADM5_PW_MIN_CLASSES);
+    ent.pw_min_classes = 5;
+    mpol_test_compare("admin", &ent, KADM5_PW_MIN_CLASSES);
+    ent.pw_min_classes = 6;
+    mpol_test_fail("admin", &ent, KADM5_PW_MIN_CLASSES, KADM5_BAD_CLASS);
+
+    /* pw_history_num = 0 (rejected), 1, 10 */
+    mpol_test_fail("admin", &ent, KADM5_PW_HISTORY_NUM, KADM5_BAD_HISTORY);
+    ent.pw_history_num = 1;
+    mpol_test_compare("admin", &ent, KADM5_PW_HISTORY_NUM);
+    ent.pw_history_num = 10;
+    mpol_test_compare("admin", &ent, KADM5_PW_HISTORY_NUM);
+
+    if (api >= KADM5_API_VERSION_3) {
+        ent.pw_max_fail = 2;
+        mpol_test_compare("admin", &ent, KADM5_PW_MAX_FAILURE);
+        ent.pw_failcnt_interval = 90;
+        mpol_test_compare("admin", &ent, KADM5_PW_FAILURE_COUNT_INTERVAL);
+        ent.pw_lockout_duration = 180;
+        mpol_test_compare("admin", &ent, KADM5_PW_LOCKOUT_DURATION);
+    }
+
+    /* Fails over RPC if "modify" ACL is not granted, or if we authenticated to
+     * kadmin/changepw. */
+    if (rpc) {
+        mpol_test_fail("$admin", &ent, KADM5_PW_MAX_LIFE, KADM5_AUTH_MODIFY);
+        mpol_test_fail("admin/none", &ent, KADM5_PW_MAX_LIFE,
+                       KADM5_AUTH_MODIFY);
+        mpol_test_fail("admin/get", &ent, KADM5_PW_MAX_LIFE,
+                       KADM5_AUTH_MODIFY);
+        mpol_test_compare("admin/modify", &ent, KADM5_PW_MAX_LIFE);
+    }
+
+    delete_policy(ent.policy);
+
+    /* Fails with empty or null policy name. */
+    ent.policy = NULL;
+    mpol_test_fail("admin", &ent, KADM5_PW_MAX_LIFE, EINVAL);
+    ent.policy = "";
+    mpol_test_fail("admin", &ent, KADM5_PW_MAX_LIFE, KADM5_BAD_POLICY);
+
+    /* Fails with null handle or policy ent. */
+    mpol_test_fail(NULL, &ent, KADM5_PW_MAX_LIFE, KADM5_BAD_SERVER_HANDLE);
+    mpol_test_fail("admin", NULL, KADM5_PW_MAX_LIFE, EINVAL);
+}
+
+static void
+mprinc_test_fail(char *user, kadm5_principal_ent_t ent, uint32_t mask,
+                 krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_modify_principal(handle, ent, mask), code);
+    free_handle(handle);
+}
+
+static void
+mprinc_test_compare(char *user, kadm5_principal_ent_t ent, uint32_t mask)
+{
+    mprinc_test_fail(user, ent, mask, 0);
+    compare_princ(ent, mask);
+}
+
+static void
+test_modify_principal()
+{
+    void *handle;
+    krb5_principal princ = parse_princ("modify-principal-test");
+    kadm5_principal_ent_rec ent;
+    krb5_tl_data tl = { NULL, 1, 1, (uint8_t *)"x" };
+    krb5_tl_data tl2 = { NULL, 999, 6, (uint8_t *)"foobar" };
+
+    memset(&ent, 0, sizeof(ent));
+    ent.principal = princ;
+
+    /* Fails with unknown principal. */
+    mprinc_test_fail("admin", &ent, KADM5_KVNO, KADM5_UNK_PRINC);
+
+    create_simple_princ(princ, NULL);
+
+    /* Fails with prohibited mask bit or tl-data type. */
+    mprinc_test_fail("admin", &ent, KADM5_AUX_ATTRIBUTES, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_KEY_DATA, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_LAST_FAILED, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_LAST_SUCCESS, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_LAST_PWD_CHANGE, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_MKVNO, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_MOD_NAME, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_MOD_TIME, KADM5_BAD_MASK);
+    mprinc_test_fail("admin", &ent, KADM5_PRINCIPAL, KADM5_BAD_MASK);
+
+    /* Fails with tl-data type below 256. */
+    ent.n_tl_data = 1;
+    ent.tl_data = &tl;
+    mprinc_test_fail("admin", &ent, KADM5_TL_DATA, KADM5_BAD_TL_TYPE);
+
+    /* Fails with fail_auth_count other than zero. */
+    ent.fail_auth_count = 1234;
+    mprinc_test_fail("admin", &ent, KADM5_FAIL_AUTH_COUNT,
+                     KADM5_BAD_SERVER_PARAMS);
+    ent.fail_auth_count = 0;
+
+    /* Succeeds with zero values of various fields. */
+    mprinc_test_compare("admin", &ent, KADM5_PW_EXPIRATION);
+    mprinc_test_compare("admin", &ent, KADM5_MAX_LIFE);
+    mprinc_test_compare("admin", &ent, KADM5_MAX_RLIFE);
+    mprinc_test_compare("admin", &ent, KADM5_FAIL_AUTH_COUNT);
+    mprinc_test_compare("admin/modify", &ent, KADM5_PRINC_EXPIRE_TIME);
+    mprinc_test_compare("admin", &ent, KADM5_POLICY_CLR);
+
+    /* Setting a policy causes a pw_expiration computation.  Explicit
+     * PW_EXPIRATION overrides the policy. */
+    ent.pw_expiration = 1234;
+    mprinc_test_compare("admin", &ent, KADM5_PW_EXPIRATION);
+    ent.policy = "dict-only-pol";
+    mprinc_test_compare("admin", &ent, KADM5_POLICY);
+    ent.policy = "test-pol";
+    mprinc_test_compare("admin", &ent, KADM5_POLICY);
+    ent.pw_expiration = 999999999;
+    mprinc_test_compare("admin", &ent, KADM5_PW_EXPIRATION);
+    mprinc_test_compare("admin", &ent, KADM5_POLICY_CLR);
+
+    /* Succeeds with non-zero values of various fields. */
+    ent.princ_expire_time = 1234;
+    mprinc_test_compare("admin", &ent, KADM5_PRINC_EXPIRE_TIME);
+    ent.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
+    mprinc_test_compare("admin", &ent, KADM5_ATTRIBUTES);
+    ent.attributes = KRB5_KDB_REQUIRES_PWCHANGE;
+    mprinc_test_compare("admin", &ent, KADM5_ATTRIBUTES);
+    ent.attributes = KRB5_KDB_DISALLOW_TGT_BASED;
+    mprinc_test_compare("admin", &ent, KADM5_ATTRIBUTES);
+    ent.max_life = 3456;
+    mprinc_test_compare("admin", &ent, KADM5_MAX_LIFE);
+    ent.kvno = 7;
+    mprinc_test_compare("admin", &ent, KADM5_KVNO);
+
+    /* Fails over RPC if "modify" ACL is not granted, or if we authenticated to
+     * kadmin/changepw. */
+    if (rpc) {
+        mprinc_test_fail("$admin", &ent, KADM5_KVNO, KADM5_AUTH_MODIFY);
+        mprinc_test_fail("admin/none", &ent, KADM5_KVNO, KADM5_AUTH_MODIFY);
+        mprinc_test_fail("admin/get", &ent, KADM5_KVNO, KADM5_AUTH_MODIFY);
+        mprinc_test_fail("admin/add", &ent, KADM5_KVNO, KADM5_AUTH_MODIFY);
+        mprinc_test_fail("admin/delete", &ent, KADM5_KVNO, KADM5_AUTH_MODIFY);
+    }
+
+    /* tl-data of type > 255 is accepted. */
+    handle = get_handle("admin");
+    ent.max_renewable_life = 88;
+    ent.tl_data = &tl2;
+    check(kadm5_modify_principal(handle, &ent,
+                                 KADM5_MAX_RLIFE | KADM5_TL_DATA));
+    memset(&ent, 0, sizeof(ent));
+    check(kadm5_get_principal(handle, princ, &ent,
+                              KADM5_PRINCIPAL_NORMAL_MASK | KADM5_TL_DATA));
+    assert(ent.max_renewable_life == 88);
+    assert(ent.n_tl_data == 1);
+    assert(ent.tl_data->tl_data_type == tl2.tl_data_type);
+    assert(ent.tl_data->tl_data_length == tl2.tl_data_length);
+    assert(memcmp(ent.tl_data->tl_data_contents, tl2.tl_data_contents,
+                  tl2.tl_data_length) == 0);
+    check(kadm5_free_principal_ent(handle, &ent));
+    free_handle(handle);
+
+    /* Fails with null handle or principal ent. */
+    mprinc_test_fail(NULL, &ent, KADM5_KVNO, KADM5_BAD_SERVER_HANDLE);
+    mprinc_test_fail("admin", NULL, KADM5_KVNO, EINVAL);
+
+    delete_princ(princ);
+    krb5_free_principal(context, princ);
+}
+
+static void
+rnd_test_fail(char *user, krb5_principal princ, krb5_error_code code)
+{
+    void *handle = get_handle(user);
+
+    check_fail(kadm5_randkey_principal(handle, princ, NULL, NULL), code);
+    free_handle(handle);
+}
+
+static void
+rnd_test_succeed(char *user, krb5_principal princ)
+{
+    rnd_test_fail(user, princ, 0);
+}
+
+static void
+test_randkey()
+{
+    void *handle;
+    krb5_principal princ = parse_princ("randkey-principal-test");
+    krb5_principal user_princ = parse_princ("user");
+    krb5_principal admin_princ = parse_princ("admin");
+    kadm5_principal_ent_rec ent;
+    krb5_keyblock *keys;
+    int n_keys, i;
+
+    create_simple_princ(princ, NULL);
+
+    /* Check kvno and enctypes after randkey. */
+    handle = get_handle("admin");
+    check(kadm5_randkey_principal(handle, princ, &keys, &n_keys));
+    check(kadm5_get_principal(handle, princ, &ent, KADM5_KEY_DATA));
+    compare_key_data(&ent, default_supported_enctypes);
+    assert(ent.key_data[0].key_data_kvno == 2);
+    assert(n_keys == ent.n_key_data);
+    for (i = 0; i < n_keys; i++)
+        krb5_free_keyblock_contents(context, &keys[i]);
+    free(keys);
+    check(kadm5_free_principal_ent(handle, &ent));
+    free_handle(handle);
+
+    /*
+     * Fails over RPC if "change" ACL is not granted, or if we authenticated to
+     * kadmin/changepw and are changing another principal's password, or for
+     * self-service if the policy minimum life has not elapsed since the last
+     * key change.
+     */
+    if (rpc) {
+        rnd_test_fail("$admin", user_princ, KADM5_AUTH_CHANGEPW);
+        rnd_test_fail("admin/none", user_princ, KADM5_AUTH_CHANGEPW);
+        rnd_test_fail("admin/delete", user_princ, KADM5_AUTH_CHANGEPW);
+        rnd_test_succeed("admin/modify", user_princ);
+        cpw_test_succeed("admin", user_princ, USER_PASSWORD);
+        rnd_test_fail("user", user_princ, KADM5_PASS_TOOSOON);
+        rnd_test_fail("$user", user_princ, KADM5_PASS_TOOSOON);
+    }
+
+    /* Succeeds with change privilege in spite of policy minimum life. */
+    rnd_test_succeed("admin/modify", user_princ);
+    cpw_test_succeed("admin", user_princ, USER_PASSWORD);
+
+    /* Succeeds for self-service when authenticating to kadmin/changepw. */
+    handle = get_handle("$admin");
+    check(kadm5_randkey_principal(handle, admin_princ, NULL, NULL));
+    check(kadm5_chpass_principal(handle, admin_princ, ADMIN_PASSWORD));
+    free_handle(handle);
+
+    /* Fails with null handle or principal name. */
+    rnd_test_fail(NULL, princ, KADM5_BAD_SERVER_HANDLE);
+    rnd_test_fail("admin", NULL, EINVAL);
+
+    delete_princ(princ);
+    krb5_free_principal(context, princ);
+    krb5_free_principal(context, user_princ);
+    krb5_free_principal(context, admin_princ);
+}
+
+int
+main(int argc, char **argv)
+{
+    assert(argc == 2);
+    rpc = (strcmp(argv[1], "clnt") == 0);
+
+    check(kadm5_init_krb5_context(&context));
+
+    api = KADM5_API_VERSION_2;
+    test_create_policy();
+    test_get_policy();
+    test_modify_policy();
+
+    api = KADM5_API_VERSION_4;
+    test_chpass();
+    test_create_policy();
+    test_create_principal();
+    test_delete_policy();
+    test_delete_principal();
+    test_get_policy();
+    test_get_principal();
+    test_init_destroy();
+    test_modify_policy();
+    test_modify_principal();
+    test_randkey();
+
+    krb5_free_context(context);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kadm5/t_kadm5.py b/krb5-1.21.3/src/lib/kadm5/t_kadm5.py
new file mode 100644
index 00000000..c218b67c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kadm5/t_kadm5.py
@@ -0,0 +1,45 @@
+from k5test import *
+
+# Specify a supported_enctypes so the chpass tests know what to expect.
+supported_enctypes = 'aes256-cts:normal aes128-cts:normal'
+conf = {'realms': {'$realm': {'supported_enctypes': supported_enctypes}}}
+realm = K5Realm(create_user=False, create_host=False, kdc_conf=conf)
+
+with open(os.path.join(realm.testdir, 'acl'), 'w') as f:
+    f.write('''
+admin                   admcilse
+admin/get               il
+admin/modify            mc
+admin/delete            d
+admin/add               a
+admin/rename            adil
+''')
+
+with open(os.path.join(realm.testdir, 'dictfile'), 'w') as f:
+    f.write('''
+Abyssinia
+Discordianism
+foo
+''')
+
+realm.start_kadmind()
+
+realm.run([kadminl, 'addpol', '-maxlife', '10000s', '-minlength', '8',
+           '-minclasses', '2', '-maxfailure', '2',
+           '-failurecountinterval', '90s', '-lockoutduration', '180s',
+           'test-pol'])
+realm.run([kadminl, 'addpol', '-minlife', '10s', 'minlife-pol'])
+realm.run([kadminl, 'addpol', 'dict-only-pol'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin/get'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin/modify'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin/delete'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin/add'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin/rename'])
+realm.run([kadminl, 'addprinc', '-pw', 'admin', 'admin/none'])
+realm.run([kadminl, 'addprinc', '-pw', 'us3r', '-policy', 'minlife-pol',
+           'user'])
+
+realm.run(['./t_kadm5srv', 'srv'])
+realm.run(['./t_kadm5clnt', 'clnt'])
+success('kadm5 API tests')
diff --git a/krb5-1.21.3/src/lib/kdb/Makefile.in b/krb5-1.21.3/src/lib/kdb/Makefile.in
new file mode 100644
index 00000000..8b346c74
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/Makefile.in
@@ -0,0 +1,84 @@
+mydir=lib$(S)kdb
+BUILDTOP=$(REL)..$(S)..
+DEFINES= -DKDB5_USE_LIB_KDB_DB2
+LOCALINCLUDES= -I.
+
+# Keep LIBMAJOR in sync with KRB5_KDB_API_VERSION in include/kdb.h.
+LIBBASE=kdb5
+LIBMAJOR=10
+LIBMINOR=0
+LIBINITFUNC=kdb_init_lock_list
+LIBFINIFUNC=kdb_fini_lock_list
+RELDIR=kdb
+# Depends on libk5crypto and libkrb5
+
+SHLIB_EXPDEPS = \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libgssrpc$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS=-lgssrpc -lkrb5 -lk5crypto $(COM_ERR_LIB) $(SUPPORT_LIB) $(DL_LIB) $(LIBS)
+
+adb_err.$(OBJEXT): adb_err.c
+adb_err.c adb_err.h: $(srcdir)/adb_err.et
+
+SRCS= \
+	$(srcdir)/kdb5.c \
+	$(srcdir)/encrypt_key.c \
+	$(srcdir)/decrypt_key.c \
+	$(srcdir)/kdb_default.c \
+	$(srcdir)/kdb_cpw.c \
+	adb_err.c \
+	$(srcdir)/iprop_xdr.c \
+	$(srcdir)/kdb_convert.c \
+	$(srcdir)/kdb_log.c \
+	$(srcdir)/keytab.c
+
+STLIBOBJS= \
+	kdb5.o \
+	encrypt_key.o \
+	decrypt_key.o \
+	kdb_default.o \
+	kdb_cpw.o \
+	adb_err.o \
+	iprop_xdr.o \
+	kdb_convert.o \
+	kdb_log.o \
+	keytab.o
+
+EXTRADEPSRCS= t_stringattr.c t_ulog.c t_sort_key_data.c
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+	$(RM) adb_err.c adb_err.h t_stringattr.o t_stringattr
+	$(RM) t_ulog.o t_ulog test.ulog
+	$(RM) t_sort_key_data.o t_sort_key_data
+
+check-unix: t_ulog
+	$(RUN_TEST) ./t_ulog test.ulog
+
+check-pytests: t_stringattr
+	$(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS)
+
+check-cmocka: t_sort_key_data
+	$(RUN_TEST) ./t_sort_key_data > /dev/null
+
+generate-files-mac: darwin.exports
+
+depend: adb_err.h
+
+t_stringattr: t_stringattr.o $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_stringattr.o $(KDB5_LIBS) $(KADM_COMM_LIBS) \
+		$(KRB5_BASE_LIBS)
+
+t_ulog: t_ulog.o $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_ulog.o $(KDB5_LIBS) $(KADM_COMM_LIBS) \
+		$(KRB5_BASE_LIBS)
+
+t_sort_key_data: t_sort_key_data.o $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) \
+		 $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_sort_key_data.o \
+	$(KDB5_LIBS) $(KADM_COMM_LIBS) $(CMOCKA_LIBS) $(KRB5_BASE_LIBS)
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/kdb/adb_err.et b/krb5-1.21.3/src/lib/kdb/adb_err.et
new file mode 100644
index 00000000..39480257
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/adb_err.et
@@ -0,0 +1,16 @@
+error_table adb
+error_code OSA_ADB_NOERR,		"No Error"
+error_code OSA_ADB_DUP,			"Principal or policy already exists"
+error_code OSA_ADB_NOENT,		"Principal or policy does not exist"
+error_code OSA_ADB_DBINIT,		"Database not initialized"
+error_code OSA_ADB_BAD_POLICY,		"Invalid policy name"
+error_code OSA_ADB_BAD_PRINC,		"Invalid principal name"
+error_code OSA_ADB_BAD_DB,		"Database inconsistency detected"
+error_code OSA_ADB_XDR_FAILURE,		"XDR encoding error"
+error_code OSA_ADB_FAILURE,		"Failure!"
+error_code OSA_ADB_BADLOCKMODE,		"Bad lock mode"
+error_code OSA_ADB_CANTLOCK_DB,		"Cannot lock database"
+error_code OSA_ADB_NOTLOCKED,		"Database not locked"
+error_code OSA_ADB_NOLOCKFILE,		"KADM5 administration database lock file missing"
+error_code OSA_ADB_NOEXCL_PERM,		"Insufficient permission to lock file"
+end
diff --git a/krb5-1.21.3/src/lib/kdb/decrypt_key.c b/krb5-1.21.3/src/lib/kdb/decrypt_key.c
new file mode 100644
index 00000000..82bbed63
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/decrypt_key.c
@@ -0,0 +1,135 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/decrypt_key.c */
+/*
+ * Copyright 1990,1991,2023 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+
+/* Decrypt key_data, putting the result into dbkey_out and (if not null)
+ * keysalt_out. */
+krb5_error_code
+krb5_dbe_def_decrypt_key_data(krb5_context context, const krb5_keyblock *mkey,
+                              const krb5_key_data *kd,
+                              krb5_keyblock *dbkey_out,
+                              krb5_keysalt *keysalt_out)
+{
+    krb5_error_code ret;
+    int16_t keylen;
+    krb5_enc_data cipher;
+    krb5_data plain = empty_data();
+    krb5_keyblock kb = { 0 };
+    krb5_keysalt salt = { 0 };
+
+    memset(dbkey_out, 0, sizeof(*dbkey_out));
+    if (keysalt_out != NULL)
+        memset(keysalt_out, 0, sizeof(*keysalt_out));
+
+    if (mkey == NULL)
+        return KRB5_KDB_BADSTORED_MKEY;
+
+    if (kd->key_data_contents[0] != NULL && kd->key_data_length[0] >= 2) {
+        keylen = load_16_le(kd->key_data_contents[0]);
+        if (keylen < 0)
+            return EINVAL;
+        cipher.enctype = ENCTYPE_UNKNOWN;
+        cipher.ciphertext = make_data(kd->key_data_contents[0] + 2,
+                                      kd->key_data_length[0] - 2);
+        ret = alloc_data(&plain, kd->key_data_length[0] - 2);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5_c_decrypt(context, mkey, 0, 0, &cipher, &plain);
+        if (ret)
+            goto cleanup;
+
+        /* Make sure the plaintext has at least as many bytes as the true ke
+         * length (it may have more due to padding). */
+        if ((unsigned int)keylen > plain.length) {
+            ret = KRB5_CRYPTO_INTERNAL;
+            if (ret)
+                goto cleanup;
+        }
+
+        kb.magic = KV5M_KEYBLOCK;
+        kb.enctype = kd->key_data_type[0];
+        kb.length = keylen;
+        kb.contents = (uint8_t *)plain.data;
+        plain = empty_data();
+    }
+
+    /* Decode salt data. */
+    if (keysalt_out != NULL) {
+        if (kd->key_data_ver == 2) {
+            salt.type = kd->key_data_type[1];
+            salt.data.length = kd->key_data_length[1];
+            if (kd->key_data_length[1] > 0) {
+                ret = alloc_data(&salt.data, kd->key_data_length[1]);
+                if (ret)
+                    goto cleanup;
+                memcpy(salt.data.data, kd->key_data_contents[1],
+                       salt.data.length);
+            }
+        } else {
+            salt.type = KRB5_KDB_SALTTYPE_NORMAL;
+        }
+    }
+
+    *dbkey_out = kb;
+    if (keysalt_out != NULL)
+        *keysalt_out = salt;
+    memset(&kb, 0, sizeof(kb));
+    memset(&salt, 0, sizeof(salt));
+
+cleanup:
+    zapfree(plain.data, plain.length);
+    krb5_free_keyblock_contents(context, &kb);
+    free(salt.data.data);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/kdb/deps b/krb5-1.21.3/src/lib/kdb/deps
new file mode 100644
index 00000000..152ef7fc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/deps
@@ -0,0 +1,158 @@
+#
+# Generated makefile dependencies follow.
+#
+kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h adb_err.h kdb5.c \
+  kdb5.h kdb5int.h
+encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h encrypt_key.c
+decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h decrypt_key.c
+kdb_default.so kdb_default.po $(OUTPRE)kdb_default.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_default.c
+kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb_cpw.c
+adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): $(COM_ERR_DEPS) \
+  adb_err.c
+iprop_xdr.so iprop_xdr.po $(OUTPRE)iprop_xdr.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h iprop_xdr.c
+kdb_convert.so kdb_convert.po $(OUTPRE)kdb_convert.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_convert.c
+kdb_log.so kdb_log.po $(OUTPRE)kdb_log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5.h kdb5int.h \
+  kdb_log.c
+keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_kt.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h keytab.c
+t_stringattr.so t_stringattr.po $(OUTPRE)t_stringattr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_stringattr.c
+t_ulog.so t_ulog.po $(OUTPRE)t_ulog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_ulog.c
+t_sort_key_data.so t_sort_key_data.po $(OUTPRE)t_sort_key_data.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-cmocka.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h t_sort_key_data.c
diff --git a/krb5-1.21.3/src/lib/kdb/encrypt_key.c b/krb5-1.21.3/src/lib/kdb/encrypt_key.c
new file mode 100644
index 00000000..a05c519a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/encrypt_key.c
@@ -0,0 +1,114 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/encrypt_key.c */
+/*
+ * Copyright 1990,1991,2023 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+
+/*
+ * Encrypt dbkey for storage in the database, putting the result into
+ * key_data_out.
+ */
+krb5_error_code
+krb5_dbe_def_encrypt_key_data(krb5_context context, const krb5_keyblock *mkey,
+                              const krb5_keyblock *dbkey,
+                              const krb5_keysalt *keysalt, int keyver,
+                              krb5_key_data *key_data_out)
+{
+    krb5_error_code ret;
+    size_t clen;
+    krb5_data plain;
+    krb5_enc_data cipher;
+    krb5_key_data kd = { 0 };
+
+    memset(key_data_out, 0, sizeof(*key_data_out));
+
+    kd.key_data_ver = 1;
+    kd.key_data_kvno = keyver;
+
+    ret = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length, &clen);
+    if (ret)
+        goto cleanup;
+
+    /* The first element of the type/length/contents fields is the key
+     * type/length/contents. */
+    kd.key_data_type[0] = dbkey->enctype;
+    kd.key_data_length[0] = 2 + clen;
+    kd.key_data_contents[0] = k5alloc(kd.key_data_length[0], &ret);
+    if (kd.key_data_contents[0] == NULL)
+        goto cleanup;
+    store_16_le(dbkey->length, kd.key_data_contents[0]);
+
+    plain = make_data(dbkey->contents, dbkey->length);
+    cipher.ciphertext = make_data(kd.key_data_contents[0] + 2, clen);
+    ret = krb5_c_encrypt(context, mkey, 0, 0, &plain, &cipher);
+    if (ret)
+        goto cleanup;
+
+    /* The second element of each array is the salt, if necessary. */
+    if (keysalt != NULL && keysalt->type > 0) {
+        kd.key_data_ver++;
+        kd.key_data_type[1] = keysalt->type;
+        kd.key_data_length[1] = keysalt->data.length;
+        if (keysalt->data.length > 0) {
+            kd.key_data_contents[1] = k5memdup(keysalt->data.data,
+                                               keysalt->data.length, &ret);
+            if (kd.key_data_contents[1] == NULL)
+                goto cleanup;
+        }
+    }
+
+    *key_data_out = kd;
+    memset(&kd, 0, sizeof(kd));
+
+cleanup:
+    krb5_dbe_free_key_data_contents(context, &kd);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/kdb/iprop.x b/krb5-1.21.3/src/lib/kdb/iprop.x
new file mode 100644
index 00000000..8796589f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/iprop.x
@@ -0,0 +1,243 @@
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* %#pragma ident	"@(#)iprop.x	1.2	04/02/20 SMI" */
+
+/*
+ * Main source:
+ * lib/kdb/iprop.x
+ *
+ * Generated files:
+ * lib/kdb/iprop_xdr.c
+ * include/iprop.h
+ * kprop/kpropd_rpc.c (clnt)
+ *
+ * Derived files:
+ * kadmin/server/ipropd_svc.c
+ */
+
+/*
+ * This file gets fed through the preprocessor to handle RPC_*
+ * symbols, but we don't want it to chew on __GNUC__ in this phase.
+ */
+#undef __GNUC__
+
+#ifdef RPC_XDR
+/*
+ * Sloppy rpcgen code declares "buf" and rarely uses it.  As it's
+ * generated code, and not presented to code building against the
+ * Kerberos code, it's not a problem we need to fix, so suppress the
+ * complaint.
+ */
+%#ifdef __GNUC__
+%#pragma GCC diagnostic ignored "-Wunused-variable"
+%#endif
+#endif /* RPC_XDR */
+
+/*
+ * Initial declarations
+ */
+
+#ifndef RPC_HDR
+typedef short int16_t;
+typedef unsigned short uint16_t;
+typedef int int32_t;
+typedef unsigned int uint32_t;
+/*typedef hyper int64_t;*/
+/*typedef unsigned hyper uint64_t;*/
+#endif  /* !RPC_HDR */
+
+typedef opaque	 utf8str_t<>;
+
+/*
+ * Transaction log serial no.
+ */
+typedef uint32_t	kdb_sno_t;
+
+/* Timestamp */
+struct kdbe_time_t {
+	uint32_t	seconds;
+	uint32_t	useconds;
+};
+
+/* Key Data */
+struct kdbe_key_t {
+	int32_t		k_ver;	/* Version */
+	int32_t		k_kvno;	/* Key version no. */
+	int32_t		k_enctype<>;
+	utf8str_t	k_contents<>;
+};
+
+/* Content data */
+struct kdbe_data_t {
+	int32_t		k_magic;
+	utf8str_t	k_data;
+};
+
+/* Principal Data */
+struct kdbe_princ_t {
+	utf8str_t	k_realm;
+	kdbe_data_t	k_components<>;
+	int32_t		k_nametype;
+};
+
+/* TL data (pre-auth specific data) */
+struct kdbe_tl_t {
+	int16_t		tl_type;
+	opaque		tl_data<>;
+};
+
+/* Structure to store pwd history */
+typedef kdbe_key_t kdbe_pw_hist_t<>;
+
+/* Basic KDB entry attributes */
+enum kdbe_attr_type_t {
+	AT_ATTRFLAGS = 0,
+	AT_MAX_LIFE = 1,
+	AT_MAX_RENEW_LIFE = 2,
+	AT_EXP = 3,
+	AT_PW_EXP = 4,
+	AT_LAST_SUCCESS = 5,
+	AT_LAST_FAILED = 6,
+	AT_FAIL_AUTH_COUNT = 7,
+	AT_PRINC = 8,
+	AT_KEYDATA = 9,
+	AT_TL_DATA = 10,
+	AT_LEN = 11,
+	AT_MOD_PRINC = 12,
+	AT_MOD_TIME = 13,
+	AT_MOD_WHERE = 14,
+	AT_PW_LAST_CHANGE = 15,
+	AT_PW_POLICY = 16,
+	AT_PW_POLICY_SWITCH = 17,
+	AT_PW_HIST_KVNO = 18,
+	AT_PW_HIST = 19
+};
+
+/* KDB entry, Attribute=value */
+union kdbe_val_t switch (kdbe_attr_type_t av_type) {
+case AT_ATTRFLAGS:
+	uint32_t	av_attrflags;
+case AT_MAX_LIFE:
+	uint32_t	av_max_life;
+case AT_MAX_RENEW_LIFE:
+	uint32_t	av_max_renew_life;
+case AT_EXP:
+	uint32_t	av_exp;
+case AT_PW_EXP:
+	uint32_t	av_pw_exp;
+case AT_LAST_SUCCESS:
+	uint32_t	av_last_success;
+case AT_LAST_FAILED:
+	uint32_t	av_last_failed;
+case AT_FAIL_AUTH_COUNT:
+	uint32_t	av_fail_auth_count;
+case AT_PRINC:
+	kdbe_princ_t	av_princ;
+case AT_KEYDATA:
+	kdbe_key_t	av_keydata<>;	/* array of keys */
+case AT_TL_DATA:
+	kdbe_tl_t	av_tldata<>;	/* array of TL data */
+case AT_LEN:
+	int16_t		av_len;
+case AT_PW_LAST_CHANGE:
+	uint32_t	av_pw_last_change;
+case AT_MOD_PRINC:
+	kdbe_princ_t	av_mod_princ;
+case AT_MOD_TIME:
+	uint32_t	av_mod_time;
+case AT_MOD_WHERE:
+	utf8str_t	av_mod_where;
+case AT_PW_POLICY:
+	utf8str_t	av_pw_policy;
+case AT_PW_POLICY_SWITCH:
+	bool		av_pw_policy_switch;
+case AT_PW_HIST_KVNO:
+	uint32_t	av_pw_hist_kvno;
+case AT_PW_HIST:
+	kdbe_pw_hist_t	av_pw_hist<>;	/* array of pw history */
+default:
+	opaque		av_extension<>;	/* futures */
+};
+
+typedef kdbe_val_t kdbe_t<>;	    /* Array of attr/val makes a KDB entry */
+
+/*
+ * Incremental update
+ */
+struct kdb_incr_update_t {
+	utf8str_t	kdb_princ_name;	/* Principal name */
+	kdb_sno_t	kdb_entry_sno;	/* Serial # of entry */
+	kdbe_time_t	kdb_time;	/* Timestamp of update */
+	kdbe_t		kdb_update; 	/* Attributes modified */
+	bool		kdb_deleted;	/* Is this update a DELETION ? */
+	bool		kdb_commit;	/* Is the entry committed or not ? */
+	utf8str_t	kdb_kdcs_seen_by<>; /* Names of replicass that have */
+					    /* seen this update - for */
+					    /* future use */
+	opaque		kdb_futures<>;	/* futures */
+};
+
+/*
+ * Update log body
+ */
+typedef kdb_incr_update_t kdb_ulog_t<>;
+
+enum update_status_t {
+	UPDATE_OK = 0,
+	UPDATE_ERROR = 1,
+	UPDATE_FULL_RESYNC_NEEDED = 2,
+	UPDATE_BUSY = 3,
+	UPDATE_NIL = 4,
+	UPDATE_PERM_DENIED = 5
+};
+
+struct kdb_last_t {
+	kdb_sno_t	last_sno;
+	kdbe_time_t	last_time;
+};
+
+struct kdb_incr_result_t {
+	kdb_last_t		lastentry;
+	kdb_ulog_t		updates;
+	update_status_t		ret;
+};
+
+struct kdb_fullresync_result_t {
+	kdb_last_t		lastentry;
+	update_status_t 	ret;
+};
+
+program KRB5_IPROP_PROG {
+	version KRB5_IPROP_VERS {
+		/*
+		 * NULL procedure
+		 */
+		void
+		IPROP_NULL(void) = 0;
+
+		/*
+		 * Keep waiting for and get next incremental update(s)
+		 *
+		 * Will return latest kdb_vers on the master (if different),
+		 * alongwith return value and affected db entries.
+		 */
+		kdb_incr_result_t
+		IPROP_GET_UPDATES(kdb_last_t) = 1;
+
+		/*
+		 * We need to do the full-resync of the db, since the
+		 * serial nos./timestamps are way out-of-whack
+		 */
+		kdb_fullresync_result_t
+		IPROP_FULL_RESYNC(void) = 2;
+
+		/*
+		 * Full resync with version marker
+		 */
+		kdb_fullresync_result_t
+		IPROP_FULL_RESYNC_EXT(uint32_t) = 3;
+	} = 1;
+} = 100423;
diff --git a/krb5-1.21.3/src/lib/kdb/iprop_xdr.c b/krb5-1.21.3/src/lib/kdb/iprop_xdr.c
new file mode 100644
index 00000000..b866fdf7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/iprop_xdr.c
@@ -0,0 +1,344 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Please do not edit this file.
+ * It was generated using rpcgen.
+ */
+
+#include "iprop.h"
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wunused-variable"
+#endif
+
+static bool_t
+xdr_int16_t (XDR *xdrs, int16_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_short (xdrs, objp))
+        return FALSE;
+    return TRUE;
+}
+
+static bool_t
+xdr_int32_t (XDR *xdrs, int32_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_int (xdrs, objp))
+        return FALSE;
+    return TRUE;
+}
+
+static bool_t
+xdr_uint32_t (XDR *xdrs, uint32_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_u_int (xdrs, objp))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_utf8str_t (XDR *xdrs, utf8str_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdb_sno_t (XDR *xdrs, kdb_sno_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_uint32_t (xdrs, objp))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_time_t (XDR *xdrs, kdbe_time_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_uint32_t (xdrs, &objp->seconds))
+        return FALSE;
+    if (!xdr_uint32_t (xdrs, &objp->useconds))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_key_t (XDR *xdrs, kdbe_key_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_int32_t (xdrs, &objp->k_ver))
+        return FALSE;
+    if (!xdr_int32_t (xdrs, &objp->k_kvno))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0,
+                    sizeof (int32_t), (xdrproc_t) xdr_int32_t))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0,
+                    sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_data_t (XDR *xdrs, kdbe_data_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_int32_t (xdrs, &objp->k_magic))
+        return FALSE;
+    if (!xdr_utf8str_t (xdrs, &objp->k_data))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_princ_t (XDR *xdrs, kdbe_princ_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_utf8str_t (xdrs, &objp->k_realm))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0,
+                    sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t))
+        return FALSE;
+    if (!xdr_int32_t (xdrs, &objp->k_nametype))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_tl_t (XDR *xdrs, kdbe_tl_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_int16_t (xdrs, &objp->tl_type))
+        return FALSE;
+    if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_pw_hist_t (XDR *xdrs, kdbe_pw_hist_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0,
+                    sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_attr_type_t (XDR *xdrs, kdbe_attr_type_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_enum (xdrs, (enum_t *) objp))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_val_t (XDR *xdrs, kdbe_val_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type))
+        return FALSE;
+    switch (objp->av_type) {
+    case AT_ATTRFLAGS:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags))
+            return FALSE;
+        break;
+    case AT_MAX_LIFE:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life))
+            return FALSE;
+        break;
+    case AT_MAX_RENEW_LIFE:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life))
+            return FALSE;
+        break;
+    case AT_EXP:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp))
+            return FALSE;
+        break;
+    case AT_PW_EXP:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp))
+            return FALSE;
+        break;
+    case AT_LAST_SUCCESS:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success))
+            return FALSE;
+        break;
+    case AT_LAST_FAILED:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed))
+            return FALSE;
+        break;
+    case AT_FAIL_AUTH_COUNT:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count))
+            return FALSE;
+        break;
+    case AT_PRINC:
+        if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ))
+            return FALSE;
+        break;
+    case AT_KEYDATA:
+        if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0,
+                        sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t))
+            return FALSE;
+        break;
+    case AT_TL_DATA:
+        if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0,
+                        sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t))
+            return FALSE;
+        break;
+    case AT_LEN:
+        if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len))
+            return FALSE;
+        break;
+    case AT_PW_LAST_CHANGE:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change))
+            return FALSE;
+        break;
+    case AT_MOD_PRINC:
+        if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ))
+            return FALSE;
+        break;
+    case AT_MOD_TIME:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time))
+            return FALSE;
+        break;
+    case AT_MOD_WHERE:
+        if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where))
+            return FALSE;
+        break;
+    case AT_PW_POLICY:
+        if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy))
+            return FALSE;
+        break;
+    case AT_PW_POLICY_SWITCH:
+        if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch))
+            return FALSE;
+        break;
+    case AT_PW_HIST_KVNO:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno))
+            return FALSE;
+        break;
+    case AT_PW_HIST:
+        if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0,
+                        sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t))
+            return FALSE;
+        break;
+    default:
+        if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0))
+            return FALSE;
+        break;
+    }
+    return TRUE;
+}
+
+bool_t
+xdr_kdbe_t (XDR *xdrs, kdbe_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0,
+                    sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdb_incr_update_t (XDR *xdrs, kdb_incr_update_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name))
+        return FALSE;
+    if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno))
+        return FALSE;
+    if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time))
+        return FALSE;
+    if (!xdr_kdbe_t (xdrs, &objp->kdb_update))
+        return FALSE;
+    if (!xdr_bool (xdrs, &objp->kdb_deleted))
+        return FALSE;
+    if (!xdr_bool (xdrs, &objp->kdb_commit))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0,
+                    sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t))
+        return FALSE;
+    if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdb_ulog_t (XDR *xdrs, kdb_ulog_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0,
+                    sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_update_status_t (XDR *xdrs, update_status_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_enum (xdrs, (enum_t *) objp))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdb_last_t (XDR *xdrs, kdb_last_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_kdb_sno_t (xdrs, &objp->last_sno))
+        return FALSE;
+    if (!xdr_kdbe_time_t (xdrs, &objp->last_time))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdb_incr_result_t (XDR *xdrs, kdb_incr_result_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_kdb_last_t (xdrs, &objp->lastentry))
+        return FALSE;
+    if (!xdr_kdb_ulog_t (xdrs, &objp->updates))
+        return FALSE;
+    if (!xdr_update_status_t (xdrs, &objp->ret))
+        return FALSE;
+    return TRUE;
+}
+
+bool_t
+xdr_kdb_fullresync_result_t (XDR *xdrs, kdb_fullresync_result_t *objp)
+{
+    int32_t *buf;
+
+    if (!xdr_kdb_last_t (xdrs, &objp->lastentry))
+        return FALSE;
+    if (!xdr_update_status_t (xdrs, &objp->ret))
+        return FALSE;
+    return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/kdb/kdb5.c b/krb5-1.21.3/src/lib/kdb/kdb5.c
new file mode 100644
index 00000000..415ae64e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb5.c
@@ -0,0 +1,2781 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2006, 2009, 2010, 2016 by the Massachusetts Institute of
+ * Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*
+ * This code was based on code donated to MIT by Novell for
+ * distribution under the MIT license.
+ */
+
+/*
+ * Include files
+ */
+
+#include <k5-int.h>
+#include "kdb5.h"
+#include "kdb_log.h"
+#include "kdb5int.h"
+
+/* Currently DB2 policy related errors are exported from DAL.  But
+   other databases should set_err function to return string.  */
+#include "adb_err.h"
+
+/*
+ * internal static variable
+ */
+
+static k5_mutex_t db_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+
+static db_library lib_list;
+
+/*
+ * Helper Functions
+ */
+
+MAKE_INIT_FUNCTION(kdb_init_lock_list);
+MAKE_FINI_FUNCTION(kdb_fini_lock_list);
+
+static void
+free_mkey_list(krb5_context context, krb5_keylist_node *mkey_list)
+{
+    krb5_keylist_node *cur, *next;
+
+    for (cur = mkey_list; cur != NULL; cur = next) {
+        next = cur->next;
+        krb5_free_keyblock_contents(context, &cur->keyblock);
+        free(cur);
+    }
+}
+
+int
+kdb_init_lock_list()
+{
+    return k5_mutex_finish_init(&db_lock);
+}
+
+static int
+kdb_lock_list()
+{
+    int err;
+    err = CALL_INIT_FUNCTION (kdb_init_lock_list);
+    if (err)
+        return err;
+    k5_mutex_lock(&db_lock);
+    return 0;
+}
+
+void
+kdb_fini_lock_list()
+{
+    if (INITIALIZER_RAN(kdb_init_lock_list))
+        k5_mutex_destroy(&db_lock);
+}
+
+static void
+kdb_unlock_list()
+{
+    k5_mutex_unlock(&db_lock);
+}
+
+/* Return true if the ulog is mapped in the primary role. */
+static inline krb5_boolean
+logging(krb5_context context)
+{
+    kdb_log_context *log_ctx = context->kdblog_context;
+
+    return log_ctx != NULL && log_ctx->iproprole == IPROP_PRIMARY &&
+        log_ctx->ulog != NULL;
+}
+
+void
+krb5_dbe_free_key_data_contents(krb5_context context, krb5_key_data *key)
+{
+    int i, idx;
+
+    if (key) {
+        idx = (key->key_data_ver == 1 ? 1 : 2);
+        for (i = 0; i < idx; i++) {
+            if (key->key_data_contents[i]) {
+                zap(key->key_data_contents[i], key->key_data_length[i]);
+                free(key->key_data_contents[i]);
+            }
+        }
+    }
+    return;
+}
+
+void
+krb5_dbe_free_key_list(krb5_context context, krb5_keylist_node *val)
+{
+    krb5_keylist_node *temp = val, *prev;
+
+    while (temp != NULL) {
+        prev = temp;
+        temp = temp->next;
+        krb5_free_keyblock_contents(context, &(prev->keyblock));
+        free(prev);
+    }
+}
+
+void
+krb5_dbe_free_actkvno_list(krb5_context context, krb5_actkvno_node *val)
+{
+    krb5_actkvno_node *temp = val, *prev;
+
+    while (temp != NULL) {
+        prev = temp;
+        temp = temp->next;
+        free(prev);
+    }
+}
+
+void
+krb5_dbe_free_mkey_aux_list(krb5_context context, krb5_mkey_aux_node *val)
+{
+    krb5_mkey_aux_node *temp = val, *prev;
+
+    while (temp != NULL) {
+        prev = temp;
+        temp = temp->next;
+        krb5_dbe_free_key_data_contents(context, &prev->latest_mkey);
+        free(prev);
+    }
+}
+
+void
+krb5_dbe_free_tl_data(krb5_context context, krb5_tl_data *tl_data)
+{
+    if (tl_data) {
+        if (tl_data->tl_data_contents)
+            free(tl_data->tl_data_contents);
+        free(tl_data);
+    }
+}
+
+void
+krb5_dbe_free_strings(krb5_context context, krb5_string_attr *strings,
+                      int count)
+{
+    int i;
+
+    if (strings == NULL)
+        return;
+    for (i = 0; i < count; i++) {
+        free(strings[i].key);
+        free(strings[i].value);
+    }
+    free(strings);
+}
+
+void
+krb5_dbe_free_string(krb5_context context, char *string)
+{
+    free(string);
+}
+
+/* Set *section to the appropriate section to use for a database module's
+ * profile queries.  The caller must free the result. */
+static krb5_error_code
+get_conf_section(krb5_context context, char **section)
+{
+    krb5_error_code status;
+    char *result = NULL, *value = NULL, *defrealm;
+
+    *section = NULL;
+
+    status = krb5_get_default_realm(context, &defrealm);
+    if (status) {
+        k5_setmsg(context, KRB5_KDB_SERVER_INTERNAL_ERR,
+                  _("No default realm set; cannot initialize KDB"));
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
+    }
+    status = profile_get_string(context->profile,
+                                /* realms */
+                                KDB_REALM_SECTION,
+                                defrealm,
+                                /* under the realm name, database_module */
+                                KDB_MODULE_POINTER,
+                                /* default value is the realm name itself */
+                                defrealm,
+                                &value);
+    krb5_free_default_realm(context, defrealm);
+    if (status)
+        return status;
+    result = strdup(value);
+    profile_release_string(value);
+    if (result == NULL)
+        return ENOMEM;
+    *section = result;
+    return 0;
+}
+
+static krb5_error_code
+kdb_get_library_name(krb5_context kcontext, char **libname_out)
+{
+    krb5_error_code status = 0;
+    char *value = NULL, *lib = NULL, *defrealm = NULL;
+
+    *libname_out = NULL;
+
+    status = krb5_get_default_realm(kcontext, &defrealm);
+    if (status)
+        goto clean_n_exit;
+    status = profile_get_string(kcontext->profile,
+                                /* realms */
+                                KDB_REALM_SECTION,
+                                defrealm,
+                                /* under the realm name, database_module */
+                                KDB_MODULE_POINTER,
+                                /* default value is the realm name itself */
+                                defrealm,
+                                &value);
+    if (status)
+        goto clean_n_exit;
+
+#define DB2_NAME "db2"
+    /* we got the module section. Get the library name from the module */
+    status = profile_get_string(kcontext->profile, KDB_MODULE_SECTION, value,
+                                KDB_LIB_POINTER,
+                                /* default to db2 */
+                                DB2_NAME,
+                                &lib);
+
+    if (status) {
+        goto clean_n_exit;
+    }
+
+    *libname_out = strdup(lib);
+    if (*libname_out == NULL)
+        status = ENOMEM;
+
+clean_n_exit:
+    krb5_free_default_realm(kcontext, defrealm);
+    profile_release_string(value);
+    profile_release_string(lib);
+    return status;
+}
+
+static void
+copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
+{
+    /* Copy fields for minor version 0. */
+    out->maj_ver = in->maj_ver;
+    out->min_ver = in->min_ver;
+    out->init_library = in->init_library;
+    out->fini_library = in->fini_library;
+    out->init_module = in->init_module;
+    out->fini_module = in->fini_module;
+    out->create = in->create;
+    out->destroy = in->destroy;
+    out->get_age = in->get_age;
+    out->lock = in->lock;
+    out->unlock = in->unlock;
+    out->get_principal = in->get_principal;
+    out->put_principal = in->put_principal;
+    out->delete_principal = in->delete_principal;
+    out->rename_principal = in->rename_principal;
+    out->iterate = in->iterate;
+    out->create_policy = in->create_policy;
+    out->get_policy = in->get_policy;
+    out->put_policy = in->put_policy;
+    out->iter_policy = in->iter_policy;
+    out->delete_policy = in->delete_policy;
+    out->fetch_master_key = in->fetch_master_key;
+    out->fetch_master_key_list = in->fetch_master_key_list;
+    out->store_master_key_list = in->store_master_key_list;
+    out->dbe_search_enctype = in->dbe_search_enctype;
+    out->change_pwd = in->change_pwd;
+    out->promote_db = in->promote_db;
+    out->decrypt_key_data = in->decrypt_key_data;
+    out->encrypt_key_data = in->encrypt_key_data;
+    out->check_transited_realms = in->check_transited_realms;
+    out->check_policy_as = in->check_policy_as;
+    out->check_policy_tgs = in->check_policy_tgs;
+    out->audit_as_req = in->audit_as_req;
+    out->refresh_config = in->refresh_config;
+    out->check_allowed_to_delegate = in->check_allowed_to_delegate;
+    out->free_principal_e_data = in->free_principal_e_data;
+    out->get_s4u_x509_principal = in->get_s4u_x509_principal;
+    out->allowed_to_delegate_from = in->allowed_to_delegate_from;
+    out->issue_pac = in->issue_pac;
+
+    /* Set defaults for optional fields. */
+    if (out->fetch_master_key == NULL)
+        out->fetch_master_key = krb5_db_def_fetch_mkey;
+    if (out->fetch_master_key_list == NULL)
+        out->fetch_master_key_list = krb5_def_fetch_mkey_list;
+    if (out->store_master_key_list == NULL)
+        out->store_master_key_list = krb5_def_store_mkey_list;
+    if (out->dbe_search_enctype == NULL)
+        out->dbe_search_enctype = krb5_dbe_def_search_enctype;
+    if (out->change_pwd == NULL)
+        out->change_pwd = krb5_dbe_def_cpw;
+    if (out->decrypt_key_data == NULL)
+        out->decrypt_key_data = krb5_dbe_def_decrypt_key_data;
+    if (out->encrypt_key_data == NULL)
+        out->encrypt_key_data = krb5_dbe_def_encrypt_key_data;
+    if (out->rename_principal == NULL)
+        out->rename_principal = krb5_db_def_rename_principal;
+}
+
+#ifdef STATIC_PLUGINS
+
+extern kdb_vftabl krb5_db2_kdb_function_table;
+#ifdef ENABLE_LDAP
+extern kdb_vftabl krb5_ldap_kdb_function_table;
+#endif
+
+static krb5_error_code
+kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
+{
+    krb5_error_code status;
+    db_library lib;
+    kdb_vftabl *vftabl_addr = NULL;
+
+    if (strcmp(lib_name, "db2") == 0)
+        vftabl_addr = &krb5_db2_kdb_function_table;
+#ifdef ENABLE_LDAP
+    if (strcmp(lib_name, "kldap") == 0)
+        vftabl_addr = &krb5_ldap_kdb_function_table;
+#endif
+    if (!vftabl_addr) {
+        k5_setmsg(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
+                  _("Unable to find requested database type: %s"), lib_name);
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    }
+
+    lib = calloc(1, sizeof(*lib));
+    if (lib == NULL)
+        return ENOMEM;
+
+    strlcpy(lib->name, lib_name, sizeof(lib->name));
+    copy_vtable(vftabl_addr, &lib->vftabl);
+
+    status = lib->vftabl.init_library();
+    if (status)
+        goto cleanup;
+
+    *libptr = lib;
+    return 0;
+
+cleanup:
+    free(lib);
+    return status;
+}
+
+#else /* KDB5_STATIC_LINK*/
+
+static char *db_dl_location[] = DEFAULT_KDB_LIB_PATH;
+#define db_dl_n_locations (sizeof(db_dl_location) / sizeof(db_dl_location[0]))
+
+static krb5_error_code
+kdb_load_library(krb5_context kcontext, char *lib_name, db_library *lib)
+{
+    krb5_error_code status = 0;
+    int     ndx;
+    void  **vftabl_addrs = NULL;
+    /* N.B.: If this is "const" but not "static", the Solaris 10
+       native compiler has trouble building the library because of
+       absolute relocations needed in read-only section ".rodata".
+       When it's static, it goes into ".picdata", which is
+       read-write.  */
+    static const char *const dbpath_names[] = {
+        KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL,
+    };
+    const char *filebases[2];
+    char **profpath = NULL;
+    char **path = NULL;
+
+    filebases[0] = lib_name;
+    filebases[1] = NULL;
+
+    *lib = calloc((size_t) 1, sizeof(**lib));
+    if (*lib == NULL)
+        return ENOMEM;
+
+    strlcpy((*lib)->name, lib_name, sizeof((*lib)->name));
+
+    /* Fetch the list of directories specified in the config
+       file(s) first.  */
+    status = profile_get_values(kcontext->profile, dbpath_names, &profpath);
+    if (status != 0 && status != PROF_NO_RELATION)
+        goto clean_n_exit;
+    ndx = 0;
+    if (profpath)
+        while (profpath[ndx] != NULL)
+            ndx++;
+
+    path = calloc(ndx + db_dl_n_locations, sizeof (char *));
+    if (path == NULL) {
+        status = ENOMEM;
+        goto clean_n_exit;
+    }
+    if (ndx)
+        memcpy(path, profpath, ndx * sizeof(profpath[0]));
+    memcpy(path + ndx, db_dl_location, db_dl_n_locations * sizeof(char *));
+    status = 0;
+
+    if ((status = krb5int_open_plugin_dirs ((const char **) path,
+                                            filebases,
+                                            &(*lib)->dl_dir_handle, &kcontext->err))) {
+        status = KRB5_KDB_DBTYPE_NOTFOUND;
+        k5_prependmsg(kcontext, status,
+                      _("Unable to find requested database type"));
+        goto clean_n_exit;
+    }
+
+    if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table",
+                                               &vftabl_addrs, &kcontext->err))) {
+        status = KRB5_KDB_DBTYPE_INIT;
+        k5_prependmsg(kcontext, status,
+                      _("plugin symbol 'kdb_function_table' lookup failed"));
+        goto clean_n_exit;
+    }
+
+    if (vftabl_addrs[0] == NULL) {
+        /* No plugins! */
+        status = KRB5_KDB_DBTYPE_NOTFOUND;
+        k5_setmsg(kcontext, status,
+                  _("Unable to load requested database module '%s': plugin "
+                    "symbol 'kdb_function_table' not found"), lib_name);
+        goto clean_n_exit;
+    }
+
+    if (((kdb_vftabl *)vftabl_addrs[0])->maj_ver !=
+        KRB5_KDB_DAL_MAJOR_VERSION) {
+        status = KRB5_KDB_DBTYPE_MISMATCH;
+        goto clean_n_exit;
+    }
+
+    copy_vtable(vftabl_addrs[0], &(*lib)->vftabl);
+
+    if ((status = (*lib)->vftabl.init_library()))
+        goto clean_n_exit;
+
+clean_n_exit:
+    krb5int_free_plugin_dir_data(vftabl_addrs);
+    /* Both of these DTRT with NULL.  */
+    profile_free_list(profpath);
+    free(path);
+    if (status && *lib) {
+        if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle)))
+            krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle);
+        free(*lib);
+        *lib = NULL;
+    }
+    return status;
+}
+
+#endif /* end of _KDB5_STATIC_LINK */
+
+static krb5_error_code
+kdb_find_library(krb5_context kcontext, char *lib_name, db_library *lib)
+{
+    /* lock here so that no two threads try to do the same at the same time */
+    krb5_error_code status = 0;
+    int     locked = 0;
+    db_library curr_elt, prev_elt = NULL;
+    static int kdb_db2_pol_err_loaded = 0;
+
+    if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) {
+        initialize_adb_error_table();
+        kdb_db2_pol_err_loaded = 1;
+    }
+
+    if ((status = kdb_lock_list()) != 0)
+        goto clean_n_exit;
+    locked = 1;
+
+    curr_elt = lib_list;
+    while (curr_elt != NULL) {
+        if (strcmp(lib_name, curr_elt->name) == 0) {
+            *lib = curr_elt;
+            goto clean_n_exit;
+        }
+        prev_elt = curr_elt;
+        curr_elt = curr_elt->next;
+    }
+
+    /* module not found. create and add to list */
+    status = kdb_load_library(kcontext, lib_name, lib);
+    if (status)
+        goto clean_n_exit;
+
+    if (prev_elt) {
+        /* prev_elt points to the last element in the list */
+        prev_elt->next = *lib;
+        (*lib)->prev = prev_elt;
+    } else {
+        lib_list = *lib;
+    }
+
+clean_n_exit:
+    if (*lib)
+        (*lib)->reference_cnt++;
+
+    if (locked)
+        kdb_unlock_list();
+
+    return status;
+}
+
+static krb5_error_code
+kdb_free_library(db_library lib)
+{
+    krb5_error_code status = 0;
+    int     locked = 0;
+
+    if ((status = kdb_lock_list()) != 0)
+        goto clean_n_exit;
+    locked = 1;
+
+    lib->reference_cnt--;
+
+    if (lib->reference_cnt == 0) {
+        status = lib->vftabl.fini_library();
+        if (status)
+            goto clean_n_exit;
+
+        /* close the library */
+        if (PLUGIN_DIR_OPEN((&lib->dl_dir_handle)))
+            krb5int_close_plugin_dirs (&lib->dl_dir_handle);
+
+        if (lib->prev == NULL)
+            lib_list = lib->next;  /* first element in the list */
+        else
+            lib->prev->next = lib->next;
+
+        if (lib->next)
+            lib->next->prev = lib->prev;
+        free(lib);
+    }
+
+clean_n_exit:
+    if (locked)
+        kdb_unlock_list();
+
+    return status;
+}
+
+krb5_error_code
+krb5_db_setup_lib_handle(krb5_context kcontext)
+{
+    char   *library = NULL;
+    krb5_error_code status = 0;
+    db_library lib = NULL;
+    kdb5_dal_handle *dal_handle = NULL;
+
+    dal_handle = calloc((size_t) 1, sizeof(kdb5_dal_handle));
+    if (dal_handle == NULL) {
+        status = ENOMEM;
+        goto clean_n_exit;
+    }
+
+    status = kdb_get_library_name(kcontext, &library);
+    if (library == NULL) {
+        k5_prependmsg(kcontext, status,
+                      _("Cannot initialize database library"));
+        goto clean_n_exit;
+    }
+
+    status = kdb_find_library(kcontext, library, &lib);
+    if (status)
+        goto clean_n_exit;
+
+    dal_handle->lib_handle = lib;
+    kcontext->dal_handle = dal_handle;
+
+clean_n_exit:
+    free(library);
+
+    if (status) {
+        free(dal_handle);
+        if (lib)
+            kdb_free_library(lib);
+    }
+
+    return status;
+}
+
+static krb5_error_code
+kdb_free_lib_handle(krb5_context kcontext)
+{
+    krb5_error_code status = 0;
+
+    status = kdb_free_library(kcontext->dal_handle->lib_handle);
+    if (status)
+        return status;
+
+    free_mkey_list(kcontext, kcontext->dal_handle->master_keylist);
+    krb5_free_principal(kcontext, kcontext->dal_handle->master_princ);
+    free(kcontext->dal_handle);
+    kcontext->dal_handle = NULL;
+    return 0;
+}
+
+static krb5_error_code
+get_vftabl(krb5_context kcontext, kdb_vftabl **vftabl_ptr)
+{
+    krb5_error_code status;
+
+    *vftabl_ptr = NULL;
+    if (kcontext->dal_handle == NULL) {
+        status = krb5_db_setup_lib_handle(kcontext);
+        if (status)
+            return status;
+    }
+    *vftabl_ptr = &kcontext->dal_handle->lib_handle->vftabl;
+    return 0;
+}
+
+/*
+ *      External functions... DAL API
+ */
+krb5_error_code
+krb5_db_open(krb5_context kcontext, char **db_args, int mode)
+{
+    krb5_error_code status;
+    char *section;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    status = get_conf_section(kcontext, &section);
+    if (status)
+        return status;
+    status = v->init_module(kcontext, section, db_args, mode);
+    free(section);
+    if (status)
+        (void)krb5_db_fini(kcontext);
+    return status;
+}
+
+krb5_error_code
+krb5_db_inited(krb5_context kcontext)
+{
+    return !(kcontext && kcontext->dal_handle &&
+             kcontext->dal_handle->db_context);
+}
+
+krb5_error_code
+krb5_db_create(krb5_context kcontext, char **db_args)
+{
+    krb5_error_code status;
+    char *section;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->create == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    status = get_conf_section(kcontext, &section);
+    if (status)
+        return status;
+    status = v->create(kcontext, section, db_args);
+    free(section);
+    if (status)
+        (void)krb5_db_fini(kcontext);
+    return status;
+}
+
+krb5_error_code
+krb5_db_fini(krb5_context kcontext)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    /* Do nothing if module was never loaded. */
+    if (kcontext->dal_handle == NULL)
+        return 0;
+
+    v = &kcontext->dal_handle->lib_handle->vftabl;
+    status = v->fini_module(kcontext);
+
+    if (status)
+        return status;
+
+    return kdb_free_lib_handle(kcontext);
+}
+
+krb5_error_code
+krb5_db_destroy(krb5_context kcontext, char **db_args)
+{
+    krb5_error_code status;
+    char *section;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->destroy == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    status = get_conf_section(kcontext, &section);
+    if (status)
+        return status;
+    status = v->destroy(kcontext, section, db_args);
+    free(section);
+    return status;
+}
+
+krb5_error_code
+krb5_db_get_age(krb5_context kcontext, char *db_name, time_t *t)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->get_age == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->get_age(kcontext, db_name, t);
+}
+
+krb5_error_code
+krb5_db_lock(krb5_context kcontext, int lock_mode)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->lock == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->lock(kcontext, lock_mode);
+}
+
+krb5_error_code
+krb5_db_unlock(krb5_context kcontext)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->unlock == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->unlock(kcontext);
+}
+
+krb5_error_code
+krb5_db_get_principal(krb5_context kcontext, krb5_const_principal search_for,
+                      unsigned int flags, krb5_db_entry **entry)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    *entry = NULL;
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->get_principal == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    status = v->get_principal(kcontext, search_for, flags, entry);
+    if (status)
+        return status;
+
+    /* Sort the keys in the db entry as some parts of krb5 expect it to be. */
+    if ((*entry)->key_data != NULL)
+        krb5_dbe_sort_key_data((*entry)->key_data, (*entry)->n_key_data);
+
+    return 0;
+}
+
+static void
+free_tl_data(krb5_tl_data *list)
+{
+    krb5_tl_data *next;
+
+    for (; list != NULL; list = next) {
+        next = list->tl_data_next;
+        free(list->tl_data_contents);
+        free(list);
+    }
+}
+
+void
+krb5_db_free_principal(krb5_context kcontext, krb5_db_entry *entry)
+{
+    kdb_vftabl *v;
+    int i;
+
+    if (entry == NULL)
+        return;
+    if (entry->e_data != NULL) {
+        if (get_vftabl(kcontext, &v) == 0 && v->free_principal_e_data != NULL)
+            v->free_principal_e_data(kcontext, entry->e_data);
+        else
+            free(entry->e_data);
+    }
+    krb5_free_principal(kcontext, entry->princ);
+    free_tl_data(entry->tl_data);
+    for (i = 0; i < entry->n_key_data; i++)
+        krb5_dbe_free_key_data_contents(kcontext, &entry->key_data[i]);
+    free(entry->key_data);
+    free(entry);
+}
+
+static void
+free_db_args(char **db_args)
+{
+    int i;
+    if (db_args) {
+        for (i = 0; db_args[i]; i++)
+            free(db_args[i]);
+        free(db_args);
+    }
+}
+
+static krb5_error_code
+extract_db_args_from_tl_data(krb5_context kcontext, krb5_tl_data **start,
+                             krb5_int16 *count, char ***db_argsp)
+{
+    char **db_args = NULL;
+    int db_args_size = 0;
+    krb5_tl_data *prev, *curr, *next;
+    krb5_error_code status;
+
+    /* Giving db_args as part of tl data causes db2 to store the
+       tl_data as such.  To prevent this, tl_data is collated and
+       passed as a separate argument.  Currently supports only one
+       principal, but passing it as a separate argument makes it
+       difficult for kadmin remote to pass arguments to server.  */
+    prev = NULL, curr = *start;
+    while (curr) {
+        if (curr->tl_data_type == KRB5_TL_DB_ARGS) {
+            char  **t;
+            /* Since this is expected to be NULL terminated string and
+               this could come from any client, do a check before
+               passing it to db.  */
+            if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] !=
+                '\0') {
+                /* Not null terminated. Dangerous input.  */
+                status = EINVAL;
+                goto clean_n_exit;
+            }
+
+            db_args_size++;
+            t = realloc(db_args, sizeof(char *) * (db_args_size + 1));  /* 1 for NULL */
+            if (t == NULL) {
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            db_args = t;
+            db_args[db_args_size - 1] = (char *) curr->tl_data_contents;
+            db_args[db_args_size] = NULL;
+
+            next = curr->tl_data_next;
+            if (prev == NULL) {
+                /* current node is the first in the linked list. remove it */
+                *start = curr->tl_data_next;
+            } else {
+                prev->tl_data_next = curr->tl_data_next;
+            }
+            (*count)--;
+            free(curr);
+
+            /* previous does not change */
+            curr = next;
+        } else {
+            prev = curr;
+            curr = curr->tl_data_next;
+        }
+    }
+    status = 0;
+clean_n_exit:
+    if (status != 0) {
+        free_db_args(db_args);
+        db_args = NULL;
+    }
+    *db_argsp = db_args;
+    return status;
+}
+
+krb5_error_code
+krb5int_put_principal_no_log(krb5_context kcontext, krb5_db_entry *entry)
+{
+    kdb_vftabl *v;
+    krb5_error_code status;
+    char **db_args;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->put_principal == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    status = extract_db_args_from_tl_data(kcontext, &entry->tl_data,
+                                          &entry->n_tl_data,
+                                          &db_args);
+    if (status)
+        return status;
+    status = v->put_principal(kcontext, entry, db_args);
+    free_db_args(db_args);
+    return status;
+}
+
+krb5_error_code
+krb5_db_put_principal(krb5_context kcontext, krb5_db_entry *entry)
+{
+    krb5_error_code status = 0;
+    kdb_incr_update_t *upd = NULL;
+    char *princ_name = NULL;
+
+    if (logging(kcontext)) {
+        upd = k5alloc(sizeof(*upd), &status);
+        if (upd == NULL)
+            goto cleanup;
+        if ((status = ulog_conv_2logentry(kcontext, entry, upd)))
+            goto cleanup;
+
+        status = krb5_unparse_name(kcontext, entry->princ, &princ_name);
+        if (status != 0)
+            goto cleanup;
+
+        upd->kdb_princ_name.utf8str_t_val = princ_name;
+        upd->kdb_princ_name.utf8str_t_len = strlen(princ_name);
+    }
+
+    status = krb5int_put_principal_no_log(kcontext, entry);
+    if (status)
+        goto cleanup;
+
+    if (logging(kcontext))
+        status = ulog_add_update(kcontext, upd);
+
+cleanup:
+    ulog_free_entries(upd, 1);
+    return status;
+}
+
+krb5_error_code
+krb5int_delete_principal_no_log(krb5_context kcontext,
+                                krb5_principal search_for)
+{
+    kdb_vftabl *v;
+    krb5_error_code status;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->delete_principal == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->delete_principal(kcontext, search_for);
+}
+
+krb5_error_code
+krb5_db_delete_principal(krb5_context kcontext, krb5_principal search_for)
+{
+    krb5_error_code status = 0;
+    kdb_incr_update_t upd;
+    char *princ_name = NULL;
+
+    status = krb5int_delete_principal_no_log(kcontext, search_for);
+    if (status || !logging(kcontext))
+        return status;
+
+    status = krb5_unparse_name(kcontext, search_for, &princ_name);
+    if (status)
+        return status;
+
+    memset(&upd, 0, sizeof(kdb_incr_update_t));
+    upd.kdb_princ_name.utf8str_t_val = princ_name;
+    upd.kdb_princ_name.utf8str_t_len = strlen(princ_name);
+    upd.kdb_deleted = TRUE;
+
+    status = ulog_add_update(kcontext, &upd);
+    free(princ_name);
+    return status;
+}
+
+krb5_error_code
+krb5_db_rename_principal(krb5_context kcontext, krb5_principal source,
+                         krb5_principal target)
+{
+    kdb_vftabl *v;
+    krb5_error_code status;
+    krb5_db_entry *entry;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+
+    /*
+     * If the default rename function isn't used and logging is enabled, iprop
+     * would fail since it doesn't formally support renaming.  In that case
+     * return KRB5_PLUGIN_OP_NOTSUPP.
+     */
+    if (v->rename_principal != krb5_db_def_rename_principal &&
+        logging(kcontext))
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
+    status = krb5_db_get_principal(kcontext, target, 0, &entry);
+    if (status == 0) {
+        krb5_db_free_principal(kcontext, entry);
+        return KRB5_KDB_INUSE;
+    }
+
+    return v->rename_principal(kcontext, source, target);
+}
+
+/*
+ * Use a proxy function for iterate so that we can sort the keys before sending
+ * them to the callback.
+ */
+struct callback_proxy_args {
+    int (*func)(krb5_pointer, krb5_db_entry *);
+    krb5_pointer func_arg;
+};
+
+static int
+sort_entry_callback_proxy(krb5_pointer func_arg, krb5_db_entry *entry)
+{
+    struct callback_proxy_args *args = (struct callback_proxy_args *)func_arg;
+
+    /* Sort the keys in the db entry as some parts of krb5 expect it to be. */
+    if (entry && entry->key_data)
+        krb5_dbe_sort_key_data(entry->key_data, entry->n_key_data);
+    return args->func(args->func_arg, entry);
+}
+
+krb5_error_code
+krb5_db_iterate(krb5_context kcontext, char *match_entry,
+                int (*func)(krb5_pointer, krb5_db_entry *),
+                krb5_pointer func_arg, krb5_flags iterflags)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+    struct callback_proxy_args proxy_args;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->iterate == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
+    /* Use the proxy function to sort key data before passing entries to
+     * callback. */
+    proxy_args.func = func;
+    proxy_args.func_arg = func_arg;
+    return v->iterate(kcontext, match_entry, sort_entry_callback_proxy,
+                      &proxy_args, iterflags);
+}
+
+/* Return a read only pointer alias to mkey list.  Do not free this! */
+krb5_keylist_node *
+krb5_db_mkey_list_alias(krb5_context kcontext)
+{
+    return kcontext->dal_handle->master_keylist;
+}
+
+krb5_error_code
+krb5_db_fetch_mkey_list(krb5_context context, krb5_principal mname,
+                        const krb5_keyblock *mkey)
+{
+    kdb_vftabl *v;
+    krb5_error_code status = 0;
+    krb5_keylist_node *local_keylist;
+
+    status = get_vftabl(context, &v);
+    if (status)
+        return status;
+
+    if (!context->dal_handle->master_princ) {
+        status = krb5_copy_principal(context, mname,
+                                     &context->dal_handle->master_princ);
+        if (status)
+            return status;
+    }
+
+    status = v->fetch_master_key_list(context, mname, mkey, &local_keylist);
+    if (status == 0) {
+        free_mkey_list(context, context->dal_handle->master_keylist);
+        context->dal_handle->master_keylist = local_keylist;
+    }
+    return status;
+}
+
+krb5_error_code
+krb5_db_store_master_key(krb5_context kcontext, char *keyfile,
+                         krb5_principal mname, krb5_kvno kvno,
+                         krb5_keyblock * key, char *master_pwd)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+    krb5_keylist_node list;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+
+    if (v->store_master_key_list == NULL)
+        return KRB5_KDB_DBTYPE_NOSUP;
+
+    list.kvno = kvno;
+    list.keyblock = *key;
+    list.next = NULL;
+
+    return v->store_master_key_list(kcontext, keyfile, mname,
+                                    &list, master_pwd);
+}
+
+krb5_error_code
+krb5_db_store_master_key_list(krb5_context kcontext, char *keyfile,
+                              krb5_principal mname, char *master_pwd)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+
+    if (v->store_master_key_list == NULL)
+        return KRB5_KDB_DBTYPE_NOSUP;
+
+    if (kcontext->dal_handle->master_keylist == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    return v->store_master_key_list(kcontext, keyfile, mname,
+                                    kcontext->dal_handle->master_keylist,
+                                    master_pwd);
+}
+
+char   *krb5_mkey_pwd_prompt1 = KRB5_KDC_MKEY_1;
+char   *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2;
+
+krb5_error_code
+krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
+                   krb5_enctype etype, krb5_boolean fromkeyboard,
+                   krb5_boolean twice, char *db_args, krb5_kvno *kvno,
+                   krb5_data *salt, krb5_keyblock *key)
+{
+    krb5_error_code retval;
+    char    password[BUFSIZ];
+    krb5_data pwd;
+    unsigned int size = sizeof(password);
+    krb5_keyblock tmp_key;
+
+    memset(&tmp_key, 0, sizeof(tmp_key));
+
+    if (fromkeyboard) {
+        krb5_data scratch;
+
+        if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
+                                         twice ? krb5_mkey_pwd_prompt2 : 0,
+                                         password, &size))) {
+            goto clean_n_exit;
+        }
+
+        pwd.data = password;
+        pwd.length = size;
+        if (!salt) {
+            retval = krb5_principal2salt(context, mname, &scratch);
+            if (retval)
+                goto clean_n_exit;
+        }
+        retval =
+            krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch,
+                                 key);
+        /*
+         * If a kvno pointer was passed in and it dereferences the IGNORE_VNO
+         * value then it should be assigned the value of the kvno associated
+         * with the current mkey princ key if that princ entry is available
+         * otherwise assign 1 which is the default kvno value for the mkey
+         * princ.
+         */
+        if (kvno != NULL && *kvno == IGNORE_VNO) {
+            krb5_error_code rc;
+            krb5_db_entry *master_entry;
+
+            rc = krb5_db_get_principal(context, mname, 0, &master_entry);
+            if (rc == 0 && master_entry->n_key_data > 0)
+                *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
+            else
+                *kvno = 1;
+            if (rc == 0)
+                krb5_db_free_principal(context, master_entry);
+        }
+
+        if (!salt)
+            free(scratch.data);
+        zap(password, sizeof(password));        /* erase it */
+
+    } else {
+        kdb_vftabl *v;
+
+        if (context->dal_handle == NULL) {
+            retval = krb5_db_setup_lib_handle(context);
+            if (retval)
+                goto clean_n_exit;
+        }
+
+        /* get the enctype from the stash */
+        tmp_key.enctype = ENCTYPE_UNKNOWN;
+
+        v = &context->dal_handle->lib_handle->vftabl;
+        retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args);
+
+        if (retval)
+            goto clean_n_exit;
+
+        key->contents = k5memdup(tmp_key.contents, tmp_key.length, &retval);
+        if (key->contents == NULL)
+            goto clean_n_exit;
+
+        key->magic = tmp_key.magic;
+        key->enctype = tmp_key.enctype;
+        key->length = tmp_key.length;
+    }
+
+clean_n_exit:
+    zapfree(tmp_key.contents, tmp_key.length);
+    return retval;
+}
+
+krb5_error_code
+krb5_dbe_fetch_act_key_list(krb5_context context, krb5_principal princ,
+                            krb5_actkvno_node **act_key_list)
+{
+    krb5_error_code retval = 0;
+    krb5_db_entry *entry;
+
+    if (act_key_list == NULL)
+        return (EINVAL);
+
+    retval = krb5_db_get_principal(context, princ, 0, &entry);
+    if (retval == KRB5_KDB_NOENTRY)
+        return KRB5_KDB_NOMASTERKEY;
+    else if (retval)
+        return retval;
+
+    retval = krb5_dbe_lookup_actkvno(context, entry, act_key_list);
+    krb5_db_free_principal(context, entry);
+    return retval;
+}
+
+/* Find the most recent entry in list (which must not be empty) for the given
+ * timestamp, and return its kvno. */
+static krb5_kvno
+find_actkvno(krb5_actkvno_node *list, krb5_timestamp now)
+{
+    /*
+     * The list is sorted in ascending order of time.  Return the kvno of the
+     * predecessor of the first entry whose time is in the future.  If
+     * (contrary to the safety checks in kdb5_util use_mkey) all of the entries
+     * are in the future, we will return the first node; if all are in the
+     * past, we will return the last node.
+     */
+    while (list->next != NULL && !ts_after(list->next->act_time, now))
+        list = list->next;
+    return list->act_kvno;
+}
+
+/* Search the master keylist for the master key with the specified kvno.
+ * Return the keyblock of the matching entry or NULL if it does not exist. */
+static krb5_keyblock *
+find_master_key(krb5_context context, krb5_kvno kvno)
+{
+    krb5_keylist_node *n;
+
+    for (n = context->dal_handle->master_keylist; n != NULL; n = n->next) {
+        if (n->kvno == kvno)
+            return &n->keyblock;
+    }
+    return NULL;
+}
+
+/*
+ * Locates the "active" mkey used when encrypting a princ's keys.  Note, the
+ * caller must NOT free the output act_mkey.
+ */
+
+krb5_error_code
+krb5_dbe_find_act_mkey(krb5_context context, krb5_actkvno_node *act_mkey_list,
+                       krb5_kvno *act_kvno, krb5_keyblock **act_mkey)
+{
+    krb5_kvno kvno;
+    krb5_error_code retval;
+    krb5_keyblock *mkey, *cur_mkey;
+    krb5_timestamp now;
+
+    if (act_mkey_list == NULL) {
+        *act_kvno = 0;
+        *act_mkey = NULL;
+        return 0;
+    }
+
+    if (context->dal_handle->master_keylist == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    /* Find the currently active master key version. */
+    if ((retval = krb5_timeofday(context, &now)))
+        return (retval);
+    kvno = find_actkvno(act_mkey_list, now);
+
+    /* Find the corresponding master key. */
+    mkey = find_master_key(context, kvno);
+    if (mkey == NULL) {
+        /* Reload the master key list and try again. */
+        cur_mkey = &context->dal_handle->master_keylist->keyblock;
+        if (krb5_db_fetch_mkey_list(context, context->dal_handle->master_princ,
+                                    cur_mkey) == 0)
+            mkey = find_master_key(context, kvno);
+    }
+    if (mkey == NULL)
+        return KRB5_KDB_NO_MATCHING_KEY;
+
+    *act_mkey = mkey;
+    if (act_kvno != NULL)
+        *act_kvno = kvno;
+    return 0;
+}
+
+/*
+ * Locates the mkey used to protect a princ's keys.  Note, the caller must not
+ * free the output key.
+ */
+krb5_error_code
+krb5_dbe_find_mkey(krb5_context context, krb5_db_entry *entry,
+                   krb5_keyblock **mkey)
+{
+    krb5_kvno mkvno;
+    krb5_error_code retval;
+    krb5_keylist_node *cur_keyblock = context->dal_handle->master_keylist;
+
+    if (!cur_keyblock)
+        return KRB5_KDB_DBNOTINITED;
+
+    retval = krb5_dbe_get_mkvno(context, entry, &mkvno);
+    if (retval)
+        return (retval);
+
+    while (cur_keyblock && cur_keyblock->kvno != mkvno)
+        cur_keyblock = cur_keyblock->next;
+
+    if (cur_keyblock) {
+        *mkey = &cur_keyblock->keyblock;
+        return (0);
+    } else {
+        return KRB5_KDB_NO_MATCHING_KEY;
+    }
+}
+
+void   *
+krb5_db_alloc(krb5_context kcontext, void *ptr, size_t size)
+{
+    return realloc(ptr, size);
+}
+
+void
+krb5_db_free(krb5_context kcontext, void *ptr)
+{
+    free(ptr);
+}
+
+/* has to be modified */
+
+krb5_error_code
+krb5_dbe_find_enctype(krb5_context kcontext, krb5_db_entry *dbentp,
+                      krb5_int32 ktype, krb5_int32 stype, krb5_int32 kvno,
+                      krb5_key_data **kdatap)
+{
+    krb5_int32 start = 0;
+    return krb5_dbe_search_enctype(kcontext, dbentp, &start, ktype, stype,
+                                   kvno, kdatap);
+}
+
+krb5_error_code
+krb5_dbe_search_enctype(krb5_context kcontext, krb5_db_entry *dbentp,
+                        krb5_int32 *start, krb5_int32 ktype, krb5_int32 stype,
+                        krb5_int32 kvno, krb5_key_data ** kdatap)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    return v->dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno,
+                                 kdatap);
+}
+
+#define REALM_SEP_STRING        "@"
+
+krb5_error_code
+krb5_db_setup_mkey_name(krb5_context context, const char *keyname,
+                        const char *realm, char **fullname,
+                        krb5_principal *principal)
+{
+    krb5_error_code retval;
+    char   *fname;
+
+    if (!keyname)
+        keyname = KRB5_KDB_M_NAME;      /* XXX external? */
+
+    if (asprintf(&fname, "%s%s%s", keyname, REALM_SEP_STRING, realm) < 0)
+        return ENOMEM;
+
+    retval = krb5_parse_name(context, fname, principal);
+    if (retval) {
+        free(fname);
+        return retval;
+    }
+    if (fullname)
+        *fullname = fname;
+    else
+        free(fname);
+    return 0;
+}
+
+krb5_error_code
+krb5_dbe_lookup_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp *stamp)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    krb5_int32 tmp;
+
+    tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return (code);
+
+    if (tl_data.tl_data_length != 4) {
+        *stamp = 0;
+        return (0);
+    }
+
+    krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
+
+    *stamp = (krb5_timestamp) tmp;
+
+    return (0);
+}
+
+krb5_error_code
+krb5_dbe_lookup_last_admin_unlock(krb5_context context, krb5_db_entry *entry,
+                                  krb5_timestamp *stamp)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    krb5_int32 tmp;
+
+    tl_data.tl_data_type = KRB5_TL_LAST_ADMIN_UNLOCK;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return (code);
+
+    if (tl_data.tl_data_length != 4) {
+        *stamp = 0;
+        return (0);
+    }
+
+    krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
+
+    *stamp = (krb5_timestamp) tmp;
+
+    return (0);
+}
+
+krb5_error_code
+krb5_dbe_lookup_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *ret_tl_data)
+{
+    krb5_tl_data *tl_data;
+
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
+        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+            *ret_tl_data = *tl_data;
+            return (0);
+        }
+    }
+
+    /*
+     * If the requested record isn't found, return zero bytes.  If it
+     * ever means something to have a zero-length tl_data, this code
+     * and its callers will have to be changed.
+     */
+
+    ret_tl_data->tl_data_length = 0;
+    ret_tl_data->tl_data_contents = NULL;
+    return (0);
+}
+
+krb5_error_code
+krb5_dbe_create_key_data(krb5_context context, krb5_db_entry *entry)
+{
+    krb5_key_data *newptr;
+
+    newptr = realloc(entry->key_data,
+                     (entry->n_key_data + 1) * sizeof(*entry->key_data));
+    if (newptr == NULL)
+        return ENOMEM;
+    entry->key_data = newptr;
+
+    memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
+    entry->n_key_data++;
+
+    return 0;
+}
+
+krb5_error_code
+krb5_dbe_update_mod_princ_data(krb5_context context, krb5_db_entry *entry,
+                               krb5_timestamp mod_date,
+                               krb5_const_principal mod_princ)
+{
+    krb5_tl_data tl_data;
+
+    krb5_error_code retval = 0;
+    krb5_octet *nextloc = 0;
+    char   *unparse_mod_princ = 0;
+    unsigned int unparse_mod_princ_size;
+
+    if ((retval = krb5_unparse_name(context, mod_princ, &unparse_mod_princ)))
+        return (retval);
+
+    unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
+
+    if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
+        == NULL) {
+        free(unparse_mod_princ);
+        return (ENOMEM);
+    }
+
+    tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
+    tl_data.tl_data_length = unparse_mod_princ_size + 4;
+    tl_data.tl_data_contents = nextloc;
+
+    /* Mod Date */
+    krb5_kdb_encode_int32(mod_date, nextloc);
+
+    /* Mod Princ */
+    memcpy(nextloc + 4, unparse_mod_princ, unparse_mod_princ_size);
+
+    retval = krb5_dbe_update_tl_data(context, entry, &tl_data);
+
+    free(unparse_mod_princ);
+    free(nextloc);
+
+    return (retval);
+}
+
+krb5_error_code
+krb5_dbe_lookup_mod_princ_data(krb5_context context, krb5_db_entry *entry,
+                               krb5_timestamp *mod_time,
+                               krb5_principal *mod_princ)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+
+    *mod_princ = NULL;
+    *mod_time = 0;
+
+    tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return (code);
+
+    if ((tl_data.tl_data_length < 5) ||
+        (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0'))
+        return (KRB5_KDB_TRUNCATED_RECORD);
+
+    /* Mod Date */
+    krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time);
+
+    /* Mod Princ */
+    if ((code = krb5_parse_name(context,
+                                (const char *) (tl_data.tl_data_contents + 4),
+                                mod_princ)))
+        return (code);
+
+    return (0);
+}
+
+krb5_error_code
+krb5_dbe_lookup_mkvno(krb5_context context, krb5_db_entry *entry,
+                      krb5_kvno *mkvno)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    krb5_int16 tmp;
+
+    tl_data.tl_data_type = KRB5_TL_MKVNO;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return (code);
+
+    if (tl_data.tl_data_length == 0) {
+        *mkvno = 0; /* Indicates KRB5_TL_MKVNO data not present */
+        return (0);
+    } else if (tl_data.tl_data_length != 2) {
+        return (KRB5_KDB_TRUNCATED_RECORD);
+    }
+
+    krb5_kdb_decode_int16(tl_data.tl_data_contents, tmp);
+    *mkvno = (krb5_kvno) tmp;
+    return (0);
+}
+
+krb5_error_code
+krb5_dbe_get_mkvno(krb5_context context, krb5_db_entry *entry,
+                   krb5_kvno *mkvno)
+{
+    krb5_error_code code;
+    krb5_kvno kvno;
+    krb5_keylist_node *mkey_list = context->dal_handle->master_keylist;
+
+    if (mkey_list == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    /* Output the value from entry tl_data if present. */
+    code = krb5_dbe_lookup_mkvno(context, entry, &kvno);
+    if (code != 0)
+        return code;
+    if (kvno != 0) {
+        *mkvno = kvno;
+        return 0;
+    }
+
+    /* Determine the minimum kvno in mkey_list and output that. */
+    kvno = (krb5_kvno) -1;
+    while (mkey_list != NULL) {
+        if (mkey_list->kvno < kvno)
+            kvno = mkey_list->kvno;
+        mkey_list = mkey_list->next;
+    }
+    *mkvno = kvno;
+    return 0;
+}
+
+krb5_error_code
+krb5_dbe_update_mkvno(krb5_context context, krb5_db_entry *entry,
+                      krb5_kvno mkvno)
+{
+    krb5_tl_data tl_data;
+    krb5_octet buf[2]; /* this is the encoded size of an int16 */
+    krb5_int16 tmp_kvno = (krb5_int16) mkvno;
+
+    tl_data.tl_data_type = KRB5_TL_MKVNO;
+    tl_data.tl_data_length = sizeof(buf);
+    krb5_kdb_encode_int16(tmp_kvno, buf);
+    tl_data.tl_data_contents = buf;
+
+    return (krb5_dbe_update_tl_data(context, entry, &tl_data));
+}
+
+krb5_error_code
+krb5_dbe_lookup_mkey_aux(krb5_context context, krb5_db_entry *entry,
+                         krb5_mkey_aux_node **mkey_aux_data_list)
+{
+    krb5_tl_data tl_data;
+    krb5_int16 version, mkey_kvno;
+    krb5_mkey_aux_node *head_data = NULL, *new_data = NULL,
+        *prev_data = NULL;
+    krb5_octet *curloc; /* current location pointer */
+    krb5_error_code code;
+
+    tl_data.tl_data_type = KRB5_TL_MKEY_AUX;
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return (code);
+
+    if (tl_data.tl_data_contents == NULL) {
+        *mkey_aux_data_list = NULL;
+        return (0);
+    } else {
+        /* get version to determine how to parse the data */
+        krb5_kdb_decode_int16(tl_data.tl_data_contents, version);
+        if (version == 1) {
+            /* variable size, must be at least 10 bytes */
+            if (tl_data.tl_data_length < 10)
+                return (KRB5_KDB_TRUNCATED_RECORD);
+
+            /* curloc points to first tuple entry in the tl_data_contents */
+            curloc = tl_data.tl_data_contents + sizeof(version);
+
+            while (curloc < (tl_data.tl_data_contents + tl_data.tl_data_length)) {
+
+                new_data = (krb5_mkey_aux_node *) malloc(sizeof(krb5_mkey_aux_node));
+                if (new_data == NULL) {
+                    krb5_dbe_free_mkey_aux_list(context, head_data);
+                    return (ENOMEM);
+                }
+                memset(new_data, 0, sizeof(krb5_mkey_aux_node));
+
+                krb5_kdb_decode_int16(curloc, mkey_kvno);
+                new_data->mkey_kvno = mkey_kvno;
+                curloc += sizeof(krb5_ui_2);
+                krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_kvno);
+                curloc += sizeof(krb5_ui_2);
+                krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_type[0]);
+                curloc += sizeof(krb5_ui_2);
+                krb5_kdb_decode_int16(curloc, new_data->latest_mkey.key_data_length[0]);
+                curloc += sizeof(krb5_ui_2);
+
+                new_data->latest_mkey.key_data_contents[0] = (krb5_octet *)
+                    malloc(new_data->latest_mkey.key_data_length[0]);
+
+                if (new_data->latest_mkey.key_data_contents[0] == NULL) {
+                    krb5_dbe_free_mkey_aux_list(context, head_data);
+                    free(new_data);
+                    return (ENOMEM);
+                }
+                memcpy(new_data->latest_mkey.key_data_contents[0], curloc,
+                       new_data->latest_mkey.key_data_length[0]);
+                curloc += new_data->latest_mkey.key_data_length[0];
+
+                /* always using key data ver 1 for mkeys */
+                new_data->latest_mkey.key_data_ver = 1;
+
+                new_data->next = NULL;
+                if (prev_data != NULL)
+                    prev_data->next = new_data;
+                else
+                    head_data = new_data;
+                prev_data = new_data;
+            }
+        } else {
+            k5_setmsg(context, KRB5_KDB_BAD_VERSION,
+                      _("Illegal version number for KRB5_TL_MKEY_AUX %d\n"),
+                      version);
+            return (KRB5_KDB_BAD_VERSION);
+        }
+    }
+    *mkey_aux_data_list = head_data;
+    return (0);
+}
+
+#if KRB5_TL_MKEY_AUX_VER == 1
+krb5_error_code
+krb5_dbe_update_mkey_aux(krb5_context context, krb5_db_entry *entry,
+                         krb5_mkey_aux_node *mkey_aux_data_list)
+{
+    krb5_error_code status;
+    krb5_tl_data tl_data;
+    krb5_int16 version, tmp_kvno;
+    unsigned char *nextloc;
+    krb5_mkey_aux_node *aux_data_entry;
+
+    if (!mkey_aux_data_list) {
+        /* delete the KRB5_TL_MKEY_AUX from the entry */
+        krb5_dbe_delete_tl_data(context, entry, KRB5_TL_MKEY_AUX);
+        return (0);
+    }
+
+    memset(&tl_data, 0, sizeof(tl_data));
+    tl_data.tl_data_type = KRB5_TL_MKEY_AUX;
+    /*
+     * determine out how much space to allocate.  Note key_data_ver not stored
+     * as this is hard coded to one and is accounted for in
+     * krb5_dbe_lookup_mkey_aux.
+     */
+    tl_data.tl_data_length = sizeof(version); /* version */
+    for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
+         aux_data_entry = aux_data_entry->next) {
+
+        tl_data.tl_data_length += (sizeof(krb5_ui_2) + /* mkey_kvno */
+                                   sizeof(krb5_ui_2) + /* latest_mkey kvno */
+                                   sizeof(krb5_ui_2) + /* latest_mkey enctype */
+                                   sizeof(krb5_ui_2) + /* latest_mkey length */
+                                   aux_data_entry->latest_mkey.key_data_length[0]);
+    }
+
+    tl_data.tl_data_contents = (krb5_octet *) malloc(tl_data.tl_data_length);
+    if (tl_data.tl_data_contents == NULL)
+        return (ENOMEM);
+
+    nextloc = tl_data.tl_data_contents;
+    version = KRB5_TL_MKEY_AUX_VER;
+    krb5_kdb_encode_int16(version, nextloc);
+    nextloc += sizeof(krb5_ui_2);
+
+    for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
+         aux_data_entry = aux_data_entry->next) {
+
+        tmp_kvno = (krb5_int16) aux_data_entry->mkey_kvno;
+        krb5_kdb_encode_int16(tmp_kvno, nextloc);
+        nextloc += sizeof(krb5_ui_2);
+
+        krb5_kdb_encode_int16(aux_data_entry->latest_mkey.key_data_kvno,
+                              nextloc);
+        nextloc += sizeof(krb5_ui_2);
+
+        krb5_kdb_encode_int16(aux_data_entry->latest_mkey.key_data_type[0],
+                              nextloc);
+        nextloc += sizeof(krb5_ui_2);
+
+        krb5_kdb_encode_int16(aux_data_entry->latest_mkey.key_data_length[0],
+                              nextloc);
+        nextloc += sizeof(krb5_ui_2);
+
+        if (aux_data_entry->latest_mkey.key_data_length[0] > 0) {
+            memcpy(nextloc, aux_data_entry->latest_mkey.key_data_contents[0],
+                   aux_data_entry->latest_mkey.key_data_length[0]);
+            nextloc += aux_data_entry->latest_mkey.key_data_length[0];
+        }
+    }
+
+    status = krb5_dbe_update_tl_data(context, entry, &tl_data);
+    free(tl_data.tl_data_contents);
+    return status;
+}
+#endif /* KRB5_TL_MKEY_AUX_VER == 1 */
+
+#if KRB5_TL_ACTKVNO_VER == 1
+/*
+ * If version of the KRB5_TL_ACTKVNO data is KRB5_TL_ACTKVNO_VER == 1 then size of
+ * a actkvno tuple {act_kvno, act_time} entry is:
+ */
+#define ACTKVNO_TUPLE_SIZE (sizeof(krb5_int16) + sizeof(krb5_int32))
+#define act_kvno(cp) (cp) /* return pointer to start of act_kvno data */
+#define act_time(cp) ((cp) + sizeof(krb5_int16)) /* return pointer to start of act_time data */
+#endif
+
+krb5_error_code
+krb5_dbe_lookup_actkvno(krb5_context context, krb5_db_entry *entry,
+                        krb5_actkvno_node **actkvno_list)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    krb5_int16 version, tmp_kvno;
+    krb5_actkvno_node *head_data = NULL, *new_data = NULL, *prev_data = NULL;
+    unsigned int num_actkvno, i;
+    krb5_octet *next_tuple;
+    krb5_kvno earliest_kvno;
+
+    memset(&tl_data, 0, sizeof(tl_data));
+    tl_data.tl_data_type = KRB5_TL_ACTKVNO;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return (code);
+
+    if (tl_data.tl_data_contents == NULL) {
+        /*
+         * If there is no KRB5_TL_ACTKVNO data (likely because the KDB was
+         * created prior to 1.7), synthesize the list which should have been
+         * created at KDB initialization, making the earliest master key
+         * active.
+         */
+
+        /* Get the earliest master key version. */
+        if (entry->n_key_data == 0)
+            return KRB5_KDB_NOMASTERKEY;
+        earliest_kvno = entry->key_data[entry->n_key_data - 1].key_data_kvno;
+
+        head_data = malloc(sizeof(*head_data));
+        if (head_data == NULL)
+            return ENOMEM;
+        memset(head_data, 0, sizeof(*head_data));
+        head_data->act_time = 0; /* earliest time possible */
+        head_data->act_kvno = earliest_kvno;
+    } else {
+        /* get version to determine how to parse the data */
+        krb5_kdb_decode_int16(tl_data.tl_data_contents, version);
+        if (version == 1) {
+
+            /* variable size, must be at least 8 bytes */
+            if (tl_data.tl_data_length < 8)
+                return (KRB5_KDB_TRUNCATED_RECORD);
+
+            /*
+             * Find number of tuple entries, remembering to account for version
+             * field.
+             */
+            num_actkvno = (tl_data.tl_data_length - sizeof(version)) /
+                ACTKVNO_TUPLE_SIZE;
+            prev_data = NULL;
+            /* next_tuple points to first tuple entry in the tl_data_contents */
+            next_tuple = tl_data.tl_data_contents + sizeof(version);
+            for (i = 0; i < num_actkvno; i++) {
+                new_data = (krb5_actkvno_node *) malloc(sizeof(krb5_actkvno_node));
+                if (new_data == NULL) {
+                    krb5_dbe_free_actkvno_list(context, head_data);
+                    return (ENOMEM);
+                }
+                memset(new_data, 0, sizeof(krb5_actkvno_node));
+
+                /* using tmp_kvno to avoid type mismatch */
+                krb5_kdb_decode_int16(act_kvno(next_tuple), tmp_kvno);
+                new_data->act_kvno = (krb5_kvno) tmp_kvno;
+                krb5_kdb_decode_int32(act_time(next_tuple), new_data->act_time);
+
+                if (prev_data != NULL)
+                    prev_data->next = new_data;
+                else
+                    head_data = new_data;
+                prev_data = new_data;
+                next_tuple += ACTKVNO_TUPLE_SIZE;
+            }
+        } else {
+            k5_setmsg(context, KRB5_KDB_BAD_VERSION,
+                      _("Illegal version number for KRB5_TL_ACTKVNO %d\n"),
+                      version);
+            return (KRB5_KDB_BAD_VERSION);
+        }
+    }
+    *actkvno_list = head_data;
+    return (0);
+}
+
+/*
+ * Add KRB5_TL_ACTKVNO TL data entries to krb5_db_entry *entry
+ */
+#if KRB5_TL_ACTKVNO_VER == 1
+krb5_error_code
+krb5_dbe_update_actkvno(krb5_context context, krb5_db_entry *entry,
+                        const krb5_actkvno_node *actkvno_list)
+{
+    krb5_error_code retval = 0;
+    krb5_int16 version, tmp_kvno;
+    krb5_tl_data new_tl_data;
+    unsigned char *nextloc;
+    const krb5_actkvno_node *cur_actkvno;
+    krb5_octet *tmpptr;
+
+    if (actkvno_list == NULL)
+        return EINVAL;
+
+    memset(&new_tl_data, 0, sizeof(new_tl_data));
+    /* allocate initial KRB5_TL_ACTKVNO tl_data entry */
+    new_tl_data.tl_data_length = sizeof(version);
+    new_tl_data.tl_data_contents = (krb5_octet *) malloc(new_tl_data.tl_data_length);
+    if (new_tl_data.tl_data_contents == NULL)
+        return ENOMEM;
+
+    /* add the current version # for the data format used for KRB5_TL_ACTKVNO */
+    version = KRB5_TL_ACTKVNO_VER;
+    krb5_kdb_encode_int16(version, (unsigned char *) new_tl_data.tl_data_contents);
+
+    for (cur_actkvno = actkvno_list; cur_actkvno != NULL;
+         cur_actkvno = cur_actkvno->next) {
+
+        new_tl_data.tl_data_length += ACTKVNO_TUPLE_SIZE;
+        tmpptr = realloc(new_tl_data.tl_data_contents, new_tl_data.tl_data_length);
+        if (tmpptr == NULL) {
+            free(new_tl_data.tl_data_contents);
+            return ENOMEM;
+        } else {
+            new_tl_data.tl_data_contents = tmpptr;
+        }
+
+        /*
+         * Using realloc so tl_data_contents is required to correctly calculate
+         * next location to store new tuple.
+         */
+        nextloc = new_tl_data.tl_data_contents + new_tl_data.tl_data_length - ACTKVNO_TUPLE_SIZE;
+        /* using tmp_kvno to avoid type mismatch issues */
+        tmp_kvno = (krb5_int16) cur_actkvno->act_kvno;
+        krb5_kdb_encode_int16(tmp_kvno, nextloc);
+        nextloc += sizeof(krb5_ui_2);
+        krb5_kdb_encode_int32((krb5_ui_4)cur_actkvno->act_time, nextloc);
+    }
+
+    new_tl_data.tl_data_type = KRB5_TL_ACTKVNO;
+    retval = krb5_dbe_update_tl_data(context, entry, &new_tl_data);
+    free(new_tl_data.tl_data_contents);
+
+    return (retval);
+}
+#endif /* KRB5_TL_ACTKVNO_VER == 1 */
+
+krb5_error_code
+krb5_dbe_update_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp stamp)
+{
+    krb5_tl_data tl_data;
+    krb5_octet buf[4];          /* this is the encoded size of an int32 */
+
+    tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+    tl_data.tl_data_length = sizeof(buf);
+    krb5_kdb_encode_int32((krb5_int32) stamp, buf);
+    tl_data.tl_data_contents = buf;
+
+    return (krb5_dbe_update_tl_data(context, entry, &tl_data));
+}
+
+krb5_error_code
+krb5_dbe_update_last_admin_unlock(krb5_context context, krb5_db_entry *entry,
+                                  krb5_timestamp stamp)
+{
+    krb5_tl_data tl_data;
+    krb5_octet buf[4];          /* this is the encoded size of an int32 */
+
+    tl_data.tl_data_type = KRB5_TL_LAST_ADMIN_UNLOCK;
+    tl_data.tl_data_length = sizeof(buf);
+    krb5_kdb_encode_int32((krb5_int32) stamp, buf);
+    tl_data.tl_data_contents = buf;
+
+    return (krb5_dbe_update_tl_data(context, entry, &tl_data));
+}
+
+/*
+ * Prepare to iterate over the string attributes of entry.  The returned
+ * pointers are aliases into entry's tl_data (or into an empty string literal)
+ * and remain valid until the entry's tl_data is changed.
+ */
+static krb5_error_code
+begin_attrs(krb5_context context, krb5_db_entry *entry, const char **pos_out,
+            const char **end_out)
+{
+    krb5_error_code code;
+    krb5_tl_data tl_data;
+
+    *pos_out = *end_out = NULL;
+    tl_data.tl_data_type = KRB5_TL_STRING_ATTRS;
+    code = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (code)
+        return code;
+
+    /* Copy the current mapping to buf, updating key with value if found. */
+    *pos_out = (const char *)tl_data.tl_data_contents;
+    *end_out = *pos_out + tl_data.tl_data_length;
+    return 0;
+}
+
+/* Find the next key and value pair in *pos and update *pos. */
+static krb5_boolean
+next_attr(const char **pos, const char *end, const char **key_out,
+          const char **val_out)
+{
+    const char *key, *key_end, *val, *val_end;
+
+    *key_out = *val_out = NULL;
+    if (*pos == end)
+        return FALSE;
+    key = *pos;
+    key_end = memchr(key, '\0', end - key);
+    if (key_end == NULL)        /* Malformed representation; give up. */
+        return FALSE;
+    val = key_end + 1;
+    val_end = memchr(val, '\0', end - val);
+    if (val_end == NULL)        /* Malformed representation; give up. */
+        return FALSE;
+
+    *key_out = key;
+    *val_out = val;
+    *pos = val_end + 1;
+    return TRUE;
+}
+
+krb5_error_code
+krb5_dbe_get_strings(krb5_context context, krb5_db_entry *entry,
+                     krb5_string_attr **strings_out, int *count_out)
+{
+    krb5_error_code code;
+    const char *pos, *end, *mapkey, *mapval;
+    char *key = NULL, *val = NULL;
+    krb5_string_attr *strings = NULL, *newstrings;
+    int count = 0;
+
+    *strings_out = NULL;
+    *count_out = 0;
+    code = begin_attrs(context, entry, &pos, &end);
+    if (code)
+        return code;
+
+    while (next_attr(&pos, end, &mapkey, &mapval)) {
+        /* Add a copy of mapkey and mapvalue to strings. */
+        newstrings = realloc(strings, (count + 1) * sizeof(*strings));
+        if (newstrings == NULL)
+            goto oom;
+        strings = newstrings;
+        key = strdup(mapkey);
+        val = strdup(mapval);
+        if (key == NULL || val == NULL)
+            goto oom;
+        strings[count].key = key;
+        strings[count].value = val;
+        count++;
+    }
+
+    *strings_out = strings;
+    *count_out = count;
+    return 0;
+
+oom:
+    free(key);
+    free(val);
+    krb5_dbe_free_strings(context, strings, count);
+    return ENOMEM;
+}
+
+krb5_error_code
+krb5_dbe_get_string(krb5_context context, krb5_db_entry *entry,
+                    const char *key, char **value_out)
+{
+    krb5_error_code code;
+    const char *pos, *end, *mapkey, *mapval;
+
+    *value_out = NULL;
+    code = begin_attrs(context, entry, &pos, &end);
+    if (code)
+        return code;
+    while (next_attr(&pos, end, &mapkey, &mapval)) {
+        if (strcmp(mapkey, key) == 0) {
+            *value_out = strdup(mapval);
+            return (*value_out == NULL) ? ENOMEM : 0;
+        }
+    }
+
+    return 0;
+}
+
+krb5_error_code
+krb5_dbe_set_string(krb5_context context, krb5_db_entry *entry,
+                    const char *key, const char *value)
+{
+    krb5_error_code code;
+    const char *pos, *end, *mapkey, *mapval;
+    struct k5buf buf = EMPTY_K5BUF;
+    krb5_boolean found = FALSE;
+    krb5_tl_data tl_data;
+
+    /* Copy the current mapping to buf, updating key with value if found. */
+    code = begin_attrs(context, entry, &pos, &end);
+    if (code)
+        return code;
+    k5_buf_init_dynamic(&buf);
+    while (next_attr(&pos, end, &mapkey, &mapval)) {
+        if (strcmp(mapkey, key) == 0) {
+            if (value != NULL) {
+                k5_buf_add_len(&buf, mapkey, strlen(mapkey) + 1);
+                k5_buf_add_len(&buf, value, strlen(value) + 1);
+            }
+            found = TRUE;
+        } else {
+            k5_buf_add_len(&buf, mapkey, strlen(mapkey) + 1);
+            k5_buf_add_len(&buf, mapval, strlen(mapval) + 1);
+        }
+    }
+
+    /* If key wasn't found in the map, add a new entry for it. */
+    if (!found && value != NULL) {
+        k5_buf_add_len(&buf, key, strlen(key) + 1);
+        k5_buf_add_len(&buf, value, strlen(value) + 1);
+    }
+
+    if (k5_buf_status(&buf) != 0)
+        return ENOMEM;
+    if (buf.len > 65535) {
+        code = KRB5_KDB_STRINGS_TOOLONG;
+        goto cleanup;
+    }
+    tl_data.tl_data_type = KRB5_TL_STRING_ATTRS;
+    tl_data.tl_data_contents = buf.data;
+    tl_data.tl_data_length = buf.len;
+
+    code = krb5_dbe_update_tl_data(context, entry, &tl_data);
+
+cleanup:
+    k5_buf_free(&buf);
+    return code;
+}
+
+krb5_error_code
+krb5_dbe_delete_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_int16 tl_data_type)
+{
+    krb5_tl_data *tl_data, *prev_tl_data, *free_tl_data;
+
+    /*
+     * Find existing entries of the specified type and remove them from the
+     * entry's tl_data list.
+     */
+
+    for (prev_tl_data = tl_data = entry->tl_data; tl_data != NULL;) {
+        if (tl_data->tl_data_type == tl_data_type) {
+            if (tl_data == entry->tl_data) {
+                /* remove from head */
+                entry->tl_data = tl_data->tl_data_next;
+                prev_tl_data = entry->tl_data;
+            } else if (tl_data->tl_data_next == NULL) {
+                /* remove from tail */
+                prev_tl_data->tl_data_next = NULL;
+            } else {
+                /* remove in between */
+                prev_tl_data->tl_data_next = tl_data->tl_data_next;
+            }
+            free_tl_data = tl_data;
+            tl_data = tl_data->tl_data_next;
+            krb5_dbe_free_tl_data(context, free_tl_data);
+            entry->n_tl_data--;
+        } else {
+            prev_tl_data = tl_data;
+            tl_data = tl_data->tl_data_next;
+        }
+    }
+
+    return (0);
+}
+
+krb5_error_code
+krb5_db_update_tl_data(krb5_context context, krb5_int16 *n_tl_datap,
+                       krb5_tl_data **tl_datap, krb5_tl_data *new_tl_data)
+{
+    krb5_tl_data *tl_data = NULL;
+    krb5_octet *tmp;
+
+    /*
+     * Copy the new data first, so we can fail cleanly if malloc()
+     * fails.
+     */
+    tmp = malloc(new_tl_data->tl_data_length);
+    if (tmp == NULL)
+        return (ENOMEM);
+
+    /*
+     * Find an existing entry of the specified type and point at
+     * it, or NULL if not found.
+     */
+
+    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */
+        for (tl_data = *tl_datap; tl_data;
+             tl_data = tl_data->tl_data_next)
+            if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+                break;
+    }
+
+    /* If necessary, chain a new record in the beginning and point at it.  */
+
+    if (!tl_data) {
+        tl_data = calloc(1, sizeof(*tl_data));
+        if (tl_data == NULL) {
+            free(tmp);
+            return (ENOMEM);
+        }
+        tl_data->tl_data_next = *tl_datap;
+        *tl_datap = tl_data;
+        (*n_tl_datap)++;
+    }
+
+    /* fill in the record */
+
+    free(tl_data->tl_data_contents);
+
+    tl_data->tl_data_type = new_tl_data->tl_data_type;
+    tl_data->tl_data_length = new_tl_data->tl_data_length;
+    tl_data->tl_data_contents = tmp;
+    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
+
+    return (0);
+}
+
+krb5_error_code
+krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *new_tl_data)
+{
+    return krb5_db_update_tl_data(context, &entry->n_tl_data, &entry->tl_data,
+                                  new_tl_data);
+}
+
+krb5_error_code
+krb5_dbe_compute_salt(krb5_context context, const krb5_key_data *key,
+                      krb5_const_principal princ, krb5_int16 *salttype_out,
+                      krb5_data **salt_out)
+{
+    krb5_error_code retval;
+    krb5_int16 stype;
+    krb5_data *salt, sdata;
+
+    stype = (key->key_data_ver < 2) ? KRB5_KDB_SALTTYPE_NORMAL :
+        key->key_data_type[1];
+    *salttype_out = stype;
+    *salt_out = NULL;
+
+    /* Place computed salt into sdata, or directly into salt_out and return. */
+    switch (stype) {
+    case KRB5_KDB_SALTTYPE_NORMAL:
+        retval = krb5_principal2salt(context, princ, &sdata);
+        if (retval)
+            return retval;
+        break;
+    case KRB5_KDB_SALTTYPE_NOREALM:
+        retval = krb5_principal2salt_norealm(context, princ, &sdata);
+        if (retval)
+            return retval;
+        break;
+    case KRB5_KDB_SALTTYPE_ONLYREALM:
+        return krb5_copy_data(context, &princ->realm, salt_out);
+    case KRB5_KDB_SALTTYPE_SPECIAL:
+        sdata = make_data(key->key_data_contents[1], key->key_data_length[1]);
+        return krb5_copy_data(context, &sdata, salt_out);
+    default:
+        return KRB5_KDB_BAD_SALTTYPE;
+    }
+
+    /* Make a container for sdata. */
+    salt = malloc(sizeof(*salt));
+    if (salt == NULL) {
+        free(sdata.data);
+        return ENOMEM;
+    }
+    *salt = sdata;
+    *salt_out = salt;
+    return 0;
+}
+
+krb5_error_code
+krb5_dbe_specialize_salt(krb5_context context, krb5_db_entry *entry)
+{
+    krb5_int16 stype, i;
+    krb5_data *salt;
+    krb5_error_code ret;
+
+    if (context == NULL || entry == NULL)
+        return EINVAL;
+
+    /*
+     * Store salt values explicitly so that they don't depend on the principal
+     * name.
+     */
+    for (i = 0; i < entry->n_key_data; i++) {
+        ret = krb5_dbe_compute_salt(context, &entry->key_data[i], entry->princ,
+                                    &stype, &salt);
+        if (ret)
+            return ret;
+
+        /* Steal the data pointer from salt and free the container. */
+        if (entry->key_data[i].key_data_ver >= 2)
+            free(entry->key_data[i].key_data_contents[1]);
+        entry->key_data[i].key_data_type[1] = KRB5_KDB_SALTTYPE_SPECIAL;
+        entry->key_data[i].key_data_contents[1] = (uint8_t *)salt->data;
+        entry->key_data[i].key_data_length[1] = salt->length;
+        entry->key_data[i].key_data_ver = 2;
+        free(salt);
+    }
+
+    return 0;
+}
+
+/* change password functions */
+krb5_error_code
+krb5_dbe_cpw(krb5_context kcontext, krb5_keyblock *master_key,
+             krb5_key_salt_tuple *ks_tuple, int ks_tuple_count, char *passwd,
+             int new_kvno, krb5_boolean keepold, krb5_db_entry *db_entry)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    return v->change_pwd(kcontext, master_key, ks_tuple, ks_tuple_count,
+                         passwd, new_kvno, keepold, db_entry);
+}
+
+/* policy management functions */
+krb5_error_code
+krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->create_policy == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
+    status = v->create_policy(kcontext, policy);
+    /* iprop does not support policy mods; force full resync. */
+    if (!status && logging(kcontext))
+        status = ulog_init_header(kcontext);
+    return status;
+}
+
+krb5_error_code
+krb5_db_get_policy(krb5_context kcontext, char *name, osa_policy_ent_t *policy)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->get_policy == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->get_policy(kcontext, name, policy);
+}
+
+krb5_error_code
+krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->put_policy == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
+    status = v->put_policy(kcontext, policy);
+    /* iprop does not support policy mods; force full resync. */
+    if (!status && logging(kcontext))
+        status = ulog_init_header(kcontext);
+    return status;
+}
+
+krb5_error_code
+krb5_db_iter_policy(krb5_context kcontext, char *match_entry,
+                    osa_adb_iter_policy_func func, void *data)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->iter_policy == NULL)
+        return 0;
+    return v->iter_policy(kcontext, match_entry, func, data);
+}
+
+krb5_error_code
+krb5_db_delete_policy(krb5_context kcontext, char *policy)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->delete_policy == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
+    status = v->delete_policy(kcontext, policy);
+    /* iprop does not support policy mods; force full resync. */
+    if (!status && logging(kcontext))
+        status = ulog_init_header(kcontext);
+    return status;
+}
+
+void
+krb5_db_free_policy(krb5_context kcontext, osa_policy_ent_t policy)
+{
+    if (policy == NULL)
+        return;
+    free(policy->name);
+    free(policy->allowed_keysalts);
+    free_tl_data(policy->tl_data);
+    free(policy);
+}
+
+krb5_error_code
+krb5_db_promote(krb5_context kcontext, char **db_args)
+{
+    krb5_error_code status;
+    char *section;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->promote_db == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    status = get_conf_section(kcontext, &section);
+    if (status)
+        return status;
+    status = v->promote_db(kcontext, section, db_args);
+    free(section);
+    return status;
+}
+
+static krb5_error_code
+decrypt_iterator(krb5_context kcontext, const krb5_key_data * key_data,
+                 krb5_keyblock *dbkey, krb5_keysalt *keysalt)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+    krb5_keylist_node *n = kcontext->dal_handle->master_keylist;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    for (; n; n = n->next) {
+        krb5_clear_error_message(kcontext);
+        status = v->decrypt_key_data(kcontext, &n->keyblock, key_data, dbkey,
+                                     keysalt);
+        if (status == 0)
+            return 0;
+    }
+    return status;
+}
+
+krb5_error_code
+krb5_dbe_decrypt_key_data(krb5_context kcontext, const krb5_keyblock *mkey,
+                          const krb5_key_data *key_data, krb5_keyblock *dbkey,
+                          krb5_keysalt *keysalt)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+    krb5_keyblock *cur_mkey;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (mkey || kcontext->dal_handle->master_keylist == NULL)
+        return v->decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt);
+    status = decrypt_iterator(kcontext, key_data, dbkey, keysalt);
+    if (status == 0)
+        return 0;
+    if (kcontext->dal_handle->master_keylist) {
+        /* Try reloading master keys. */
+        cur_mkey = &kcontext->dal_handle->master_keylist->keyblock;
+        if (krb5_db_fetch_mkey_list(kcontext,
+                                    kcontext->dal_handle->master_princ,
+                                    cur_mkey) == 0)
+            return decrypt_iterator(kcontext, key_data, dbkey, keysalt);
+    }
+    return status;
+}
+
+krb5_error_code
+krb5_dbe_encrypt_key_data(krb5_context kcontext, const krb5_keyblock *mkey,
+                          const krb5_keyblock *dbkey,
+                          const krb5_keysalt *keysalt, int keyver,
+                          krb5_key_data *key_data)
+{
+    krb5_error_code status = 0;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    return v->encrypt_key_data(kcontext, mkey, dbkey, keysalt, keyver,
+                               key_data);
+}
+
+krb5_error_code
+krb5_db_get_context(krb5_context context, void **db_context)
+{
+    *db_context = KRB5_DB_GET_DB_CONTEXT(context);
+    if (*db_context == NULL)
+        return KRB5_KDB_DBNOTINITED;
+    return 0;
+}
+
+krb5_error_code
+krb5_db_set_context(krb5_context context, void *db_context)
+{
+    KRB5_DB_GET_DB_CONTEXT(context) = db_context;
+
+    return 0;
+}
+
+krb5_error_code
+krb5_db_check_transited_realms(krb5_context kcontext,
+                               const krb5_data *tr_contents,
+                               const krb5_data *client_realm,
+                               const krb5_data *server_realm)
+{
+    krb5_error_code status;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->check_transited_realms == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->check_transited_realms(kcontext, tr_contents, client_realm,
+                                     server_realm);
+}
+
+krb5_error_code
+krb5_db_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                        krb5_db_entry *client, krb5_db_entry *server,
+                        krb5_timestamp kdc_time, const char **status,
+                        krb5_pa_data ***e_data)
+{
+    krb5_error_code ret;
+    kdb_vftabl *v;
+
+    *status = NULL;
+    *e_data = NULL;
+    ret = get_vftabl(kcontext, &v);
+    if (ret)
+        return ret;
+    if (v->check_policy_as == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->check_policy_as(kcontext, request, client, server, kdc_time,
+                              status, e_data);
+}
+
+krb5_error_code
+krb5_db_check_policy_tgs(krb5_context kcontext, krb5_kdc_req *request,
+                         krb5_db_entry *server, krb5_ticket *ticket,
+                         const char **status, krb5_pa_data ***e_data)
+{
+    krb5_error_code ret;
+    kdb_vftabl *v;
+
+    *status = NULL;
+    *e_data = NULL;
+    ret = get_vftabl(kcontext, &v);
+    if (ret)
+        return ret;
+    if (v->check_policy_tgs == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->check_policy_tgs(kcontext, request, server, ticket, status,
+                               e_data);
+}
+
+void
+krb5_db_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+                     const krb5_address *local_addr,
+                     const krb5_address *remote_addr, krb5_db_entry *client,
+                     krb5_db_entry *server, krb5_timestamp authtime,
+                     krb5_error_code error_code)
+{
+    krb5_error_code status;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status || v->audit_as_req == NULL)
+        return;
+    v->audit_as_req(kcontext, request, local_addr, remote_addr,
+                    client, server, authtime, error_code);
+}
+
+void
+krb5_db_refresh_config(krb5_context kcontext)
+{
+    krb5_error_code status;
+    kdb_vftabl *v;
+
+    status = get_vftabl(kcontext, &v);
+    if (status || v->refresh_config == NULL)
+        return;
+    v->refresh_config(kcontext);
+}
+
+krb5_error_code
+krb5_db_check_allowed_to_delegate(krb5_context kcontext,
+                                  krb5_const_principal client,
+                                  const krb5_db_entry *server,
+                                  krb5_const_principal proxy)
+{
+    krb5_error_code ret;
+    kdb_vftabl *v;
+
+    ret = get_vftabl(kcontext, &v);
+    if (ret)
+        return ret;
+    if (v->check_allowed_to_delegate == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->check_allowed_to_delegate(kcontext, client, server, proxy);
+}
+
+krb5_error_code
+krb5_db_get_s4u_x509_principal(krb5_context kcontext,
+                               const krb5_data *client_cert,
+                               krb5_const_principal in_princ,
+                               unsigned int flags, krb5_db_entry **entry)
+{
+    krb5_error_code ret;
+    kdb_vftabl *v;
+
+    ret = get_vftabl(kcontext, &v);
+    if (ret)
+        return ret;
+    if (v->get_s4u_x509_principal == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    ret = v->get_s4u_x509_principal(kcontext, client_cert, in_princ, flags,
+                                    entry);
+    if (ret)
+        return ret;
+
+    /* Sort the keys in the db entry, same as get_principal(). */
+    if ((*entry)->key_data != NULL)
+        krb5_dbe_sort_key_data((*entry)->key_data, (*entry)->n_key_data);
+
+    return 0;
+}
+
+krb5_error_code
+krb5_db_allowed_to_delegate_from(krb5_context kcontext,
+                                 krb5_const_principal client,
+                                 krb5_const_principal server,
+                                 krb5_pac server_pac,
+                                 const krb5_db_entry *proxy)
+{
+    krb5_error_code ret;
+    kdb_vftabl *v;
+
+    ret = get_vftabl(kcontext, &v);
+    if (ret)
+        return ret;
+    if (v->allowed_to_delegate_from == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->allowed_to_delegate_from(kcontext, client, server, server_pac,
+                                       proxy);
+}
+
+void
+krb5_dbe_sort_key_data(krb5_key_data *key_data, size_t key_data_length)
+{
+    size_t i, j;
+    krb5_key_data tmp;
+
+    /* Use insertion sort as a stable sort. */
+    for (i = 1; i < key_data_length; i++) {
+        j = i;
+        while (j > 0 &&
+               key_data[j - 1].key_data_kvno < key_data[j].key_data_kvno) {
+            tmp = key_data[j];
+            key_data[j] = key_data[j - 1];
+            key_data[j - 1] = tmp;
+            j--;
+        }
+    }
+}
+
+krb5_error_code
+krb5_db_issue_pac(krb5_context context, unsigned int flags,
+                  krb5_db_entry *client, krb5_keyblock *replaced_reply_key,
+                  krb5_db_entry *server, krb5_db_entry *krbtgt,
+                  krb5_timestamp authtime, krb5_pac old_pac, krb5_pac new_pac,
+                  krb5_data ***auth_indicators)
+{
+    krb5_error_code ret;
+    kdb_vftabl *v;
+
+    ret = get_vftabl(context, &v);
+    if (ret)
+        return ret;
+    if (v->issue_pac == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+    return v->issue_pac(context, flags, client, replaced_reply_key, server,
+                        krbtgt, authtime, old_pac, new_pac, auth_indicators);
+}
diff --git a/krb5-1.21.3/src/lib/kdb/kdb5.h b/krb5-1.21.3/src/lib/kdb/kdb5.h
new file mode 100644
index 00000000..9a43046b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb5.h
@@ -0,0 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef _KRB5_KDB5_H_
+#define _KRB5_KDB5_H_
+
+#include <k5-int.h>
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <errno.h>
+#include <utime.h>
+#include "kdb.h"
+
+#define KRB5_DB_GET_DB_CONTEXT(kcontext) (((kdb5_dal_handle*) (kcontext)->dal_handle)->db_context)
+#define KRB5_DB_GET_PROFILE(kcontext)  ((kcontext)->profile)
+#define KRB5_DB_GET_REALM(kcontext)    ((kcontext)->default_realm)
+
+typedef struct _db_library {
+    char name[KDB_MAX_DB_NAME];
+    int reference_cnt;
+    struct plugin_dir_handle dl_dir_handle;
+    kdb_vftabl vftabl;
+    struct _db_library *next, *prev;
+} *db_library;
+
+struct _kdb5_dal_handle
+{
+    /* Helps us to change db_library without affecting modules to some
+       extent.  */
+    void *db_context;
+    db_library lib_handle;
+    krb5_keylist_node *master_keylist;
+    krb5_principal master_princ;
+};
+/* typedef kdb5_dal_handle is in k5-int.h now */
+
+#endif  /* end of _KRB5_KDB5_H_ */
diff --git a/krb5-1.21.3/src/lib/kdb/kdb5int.h b/krb5-1.21.3/src/lib/kdb/kdb5int.h
new file mode 100644
index 00000000..56570cea
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb5int.h
@@ -0,0 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/kdb5int.h - Private header for kdb5 library */
+/*
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KDB5INT_H__
+#define __KDB5INT_H__
+
+#include "kdb5.h"
+
+krb5_error_code
+krb5int_put_principal_no_log(krb5_context kcontext,
+                             krb5_db_entry *entries);
+
+krb5_error_code
+krb5int_delete_principal_no_log(krb5_context kcontext,
+                                krb5_principal search_for);
+
+#endif /* __KDB5INT_H__ */
diff --git a/krb5-1.21.3/src/lib/kdb/kdb_convert.c b/krb5-1.21.3/src/lib/kdb/kdb_convert.c
new file mode 100644
index 00000000..59952f55
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb_convert.c
@@ -0,0 +1,918 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/* #pragma ident        "@(#)kdb_convert.c      1.3     05/01/05 SMI" */
+
+/*
+ * This file contains api's for conversion of the kdb_incr_update_t
+ * struct(s) into krb5_db_entry struct(s) and vice-versa.
+ */
+#include <k5-int.h>
+#include <sys/types.h>
+#include <com_err.h>
+#include <locale.h>
+#include <iprop_hdr.h>
+#include "iprop.h"
+#include <kdb.h>
+#include <kdb_log.h>
+
+/* BEGIN CSTYLED */
+#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i]
+
+#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u
+
+#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j]
+
+#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j]
+
+#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j]
+/* END CSTYLED */
+
+typedef enum {
+    REG_PRINC = 0,
+    MOD_PRINC = 1
+} princ_type;
+
+
+/*
+ * This routine tracks the krb5_db_entry fields that have been modified
+ * (by comparing it to the db_entry currently present in principal.db)
+ * in the update.
+ */
+static void
+find_changed_attrs(krb5_db_entry *current, krb5_db_entry *new,
+                   krb5_boolean exclude_nra,
+                   kdbe_attr_type_t *attrs, int *nattrs)
+{
+    int i = 0, j = 0;
+
+    krb5_tl_data *first, *second;
+
+    if (current->attributes != new->attributes)
+        attrs[i++] = AT_ATTRFLAGS;
+
+    if (current->max_life != new->max_life)
+        attrs[i++] = AT_MAX_LIFE;
+
+    if (current->max_renewable_life != new->max_renewable_life)
+        attrs[i++] = AT_MAX_RENEW_LIFE;
+
+    if (current->expiration != new->expiration)
+        attrs[i++] = AT_EXP;
+
+    if (current->pw_expiration != new->pw_expiration)
+        attrs[i++] = AT_PW_EXP;
+
+    if (!exclude_nra) {
+        if (current->last_success != new->last_success)
+            attrs[i++] = AT_LAST_SUCCESS;
+
+        if (current->last_failed != new->last_failed)
+            attrs[i++] = AT_LAST_FAILED;
+
+        if (current->fail_auth_count != new->fail_auth_count)
+            attrs[i++] = AT_FAIL_AUTH_COUNT;
+    }
+
+    if ((current->princ->type == new->princ->type) &&
+        (current->princ->length == new->princ->length)) {
+        if ((current->princ->realm.length ==
+             new->princ->realm.length) &&
+            strncmp(current->princ->realm.data,
+                    new->princ->realm.data,
+                    current->princ->realm.length)) {
+            for (j = 0; j < current->princ->length; j++) {
+                if ((current->princ->data[j].data != NULL) &&
+                    (strncmp(current->princ->data[j].data,
+                             new->princ->data[j].data,
+                             current->princ->data[j].length))) {
+                    attrs[i++] = AT_PRINC;
+                    break;
+                }
+            }
+        } else {
+            attrs[i++] = AT_PRINC;
+        }
+    } else {
+        attrs[i++] = AT_PRINC;
+    }
+
+    if (current->n_key_data == new->n_key_data) {
+        /* Assuming key ordering is the same in new & current */
+        for (j = 0; j < new->n_key_data; j++) {
+            if (current->key_data[j].key_data_kvno !=
+                new->key_data[j].key_data_kvno) {
+                attrs[i++] = AT_KEYDATA;
+                break;
+            }
+        }
+    } else {
+        attrs[i++] = AT_KEYDATA;
+    }
+
+    if (current->n_tl_data == new->n_tl_data) {
+        /* Assuming we preserve the TL_DATA ordering between updates */
+        for (first = current->tl_data, second = new->tl_data;
+             first; first = first->tl_data_next,
+                 second = second->tl_data_next) {
+            if ((first->tl_data_length == second->tl_data_length) &&
+                (first->tl_data_type == second->tl_data_type)) {
+                if ((memcmp((char *)first->tl_data_contents,
+                            (char *)second->tl_data_contents,
+                            first->tl_data_length)) != 0) {
+                    attrs[i++] = AT_TL_DATA;
+                    break;
+                }
+            } else {
+                attrs[i++] = AT_TL_DATA;
+                break;
+            }
+        }
+    } else {
+        attrs[i++] = AT_TL_DATA;
+    }
+
+    if (current->len != new->len)
+        attrs[i++] = AT_LEN;
+    /*
+     * Store the no. of (possibly :)) changed attributes
+     */
+    *nattrs = i;
+}
+
+
+/* Initialize *u with a copy of d.  Return 0 on success, -1 on failure. */
+static int
+data_to_utf8str(utf8str_t *u, krb5_data d)
+{
+    u->utf8str_t_len = d.length;
+    if (d.data) {
+        u->utf8str_t_val = malloc(d.length);
+        if (u->utf8str_t_val == NULL)
+            return -1;
+        memcpy(u->utf8str_t_val, d.data, d.length);
+    } else
+        u->utf8str_t_val = NULL;
+    return 0;
+}
+
+/*
+ * Converts the krb5_principal struct from db2 to ulog format.
+ */
+static krb5_error_code
+conv_princ_2ulog(krb5_principal princ, kdb_incr_update_t *upd,
+                 int cnt, princ_type tp)
+{
+    int i = 0;
+    kdbe_princ_t *p;
+    kdbe_data_t *components;
+
+    if ((upd == NULL) || !princ)
+        return (KRB5KRB_ERR_GENERIC);
+
+    switch (tp) {
+    case REG_PRINC:
+    case MOD_PRINC:
+        p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */
+        p->k_nametype = (int32_t)princ->type;
+
+        if (data_to_utf8str(&p->k_realm, princ->realm) < 0) {
+            return ENOMEM;
+        }
+
+        p->k_components.k_components_len = princ->length;
+
+        p->k_components.k_components_val = components
+            = malloc(princ->length * sizeof (kdbe_data_t));
+        if (p->k_components.k_components_val == NULL) {
+            free(p->k_realm.utf8str_t_val);
+            p->k_realm.utf8str_t_val = NULL;
+            return (ENOMEM);
+        }
+
+        memset(components, 0, princ->length * sizeof(kdbe_data_t));
+        for (i = 0; i < princ->length; i++)
+            components[i].k_data.utf8str_t_val = NULL;
+        for (i = 0; i < princ->length; i++) {
+            components[i].k_magic = princ->data[i].magic;
+            if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) {
+                int j;
+                for (j = 0; j < i; j++) {
+                    free(components[j].k_data.utf8str_t_val);
+                    components[j].k_data.utf8str_t_val = NULL;
+                }
+                free(components);
+                p->k_components.k_components_val = NULL;
+                free(p->k_realm.utf8str_t_val);
+                p->k_realm.utf8str_t_val = NULL;
+                return ENOMEM;
+            }
+        }
+        break;
+
+    default:
+        break;
+    }
+    return (0);
+}
+
+/*
+ * Copies a UTF-8 string from ulog to a krb5_data object, which may
+ * already have allocated storage associated with it.
+ *
+ * Maybe a return value should indicate success/failure?
+ */
+static void
+set_from_utf8str(krb5_data *d, utf8str_t u)
+{
+    if (u.utf8str_t_len > INT_MAX - 1) {
+        d->data = NULL;
+        return;
+    }
+    d->length = u.utf8str_t_len;
+    d->data = malloc(d->length + 1);
+    if (d->data == NULL)
+        return;
+    if (d->length)      /* Pointer may be null if length = 0.  */
+        strncpy(d->data, u.utf8str_t_val, d->length);
+    d->data[d->length] = 0;
+}
+
+/*
+ * Converts the krb5_principal struct from ulog to db2 format.
+ */
+static krb5_principal
+conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ)
+{
+    unsigned int i;
+    int j;
+    krb5_principal princ;
+    kdbe_data_t *components;
+
+    princ = calloc(1, sizeof (krb5_principal_data));
+    if (princ == NULL) {
+        return NULL;
+    }
+    princ->length = 0;
+    princ->data = NULL;
+
+    components = kdbe_princ->k_components.k_components_val;
+
+    princ->type = (krb5_int32) kdbe_princ->k_nametype;
+    princ->realm.data = NULL;
+    set_from_utf8str(&princ->realm, kdbe_princ->k_realm);
+    if (princ->realm.data == NULL)
+        goto error;
+
+    princ->data = calloc(kdbe_princ->k_components.k_components_len,
+                         sizeof (krb5_data));
+    if (princ->data == NULL)
+        goto error;
+    for (i = 0; i < kdbe_princ->k_components.k_components_len; i++)
+        princ->data[i].data = NULL;
+    princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len;
+
+    for (j = 0; j < princ->length; j++) {
+        princ->data[j].magic = components[j].k_magic;
+        set_from_utf8str(&princ->data[j], components[j].k_data);
+        if (princ->data[j].data == NULL)
+            goto error;
+    }
+
+    return princ;
+error:
+    krb5_free_principal(context, princ);
+    return NULL;
+}
+
+
+/*
+ * This routine converts a krb5 DB record into update log (ulog) entry format.
+ * Space for the update log entry should be allocated prior to invocation of
+ * this routine.
+ */
+krb5_error_code
+ulog_conv_2logentry(krb5_context context, krb5_db_entry *entry,
+                    kdb_incr_update_t *update)
+{
+    int i, j, cnt, final, nattrs, tmpint;
+    krb5_principal tmpprinc;
+    krb5_tl_data *newtl;
+    krb5_db_entry *curr;
+    krb5_error_code ret;
+    kdbe_attr_type_t *attr_types;
+    int kadm_data_yes;
+
+    nattrs = tmpint = 0;
+    final = -1;
+    kadm_data_yes = 0;
+    attr_types = NULL;
+
+    /*
+     * XXX we rely on the good behaviour of the database not to
+     * exceed this limit.
+     */
+    if ((update->kdb_update.kdbe_t_val = (kdbe_val_t *)
+         malloc(MAXENTRY_SIZE)) == NULL) {
+        return (ENOMEM);
+    }
+
+    /*
+     * Find out which attrs have been modified
+     */
+    if ((attr_types = (kdbe_attr_type_t *)malloc(
+             sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE))
+        == NULL) {
+        return (ENOMEM);
+    }
+
+    ret = krb5_db_get_principal(context, entry->princ, 0, &curr);
+    if (ret && ret != KRB5_KDB_NOENTRY) {
+        free(attr_types);
+        return (ret);
+    }
+
+    if (ret == KRB5_KDB_NOENTRY) {
+        /*
+         * This is a new entry to the database, hence will
+         * include all the attribute-value pairs
+         *
+         * We leave out the TL_DATA types which we model as
+         * attrs in kdbe_attr_type_t, since listing AT_TL_DATA
+         * encompasses these other types-turned-attributes
+         *
+         * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME,
+         * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY,
+         * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST,
+         * totalling 8 attrs.
+         */
+        while (nattrs < MAXATTRS_SIZE - 8) {
+            attr_types[nattrs] = nattrs;
+            nattrs++;
+        }
+    } else {
+        /* Always exclude non-replicated attributes for now. */
+        find_changed_attrs(curr, entry, TRUE, attr_types, &nattrs);
+        krb5_db_free_principal(context, curr);
+    }
+
+    for (i = 0; i < nattrs; i++) {
+        switch (attr_types[i]) {
+        case AT_ATTRFLAGS:
+            if (entry->attributes >= 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type =
+                    AT_ATTRFLAGS;
+                ULOG_ENTRY(update, final).av_attrflags =
+                    (uint32_t)entry->attributes;
+            }
+            break;
+
+        case AT_MAX_LIFE:
+            if (entry->max_life >= 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MAX_LIFE;
+                ULOG_ENTRY(update, final).av_max_life =
+                    (uint32_t)entry->max_life;
+            }
+            break;
+
+        case AT_MAX_RENEW_LIFE:
+            if (entry->max_renewable_life >= 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MAX_RENEW_LIFE;
+                ULOG_ENTRY(update, final).av_max_renew_life =
+                    (uint32_t)entry->max_renewable_life;
+            }
+            break;
+
+        case AT_EXP:
+            if (entry->expiration >= 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_EXP;
+                ULOG_ENTRY(update, final).av_exp = (uint32_t)entry->expiration;
+            }
+            break;
+
+        case AT_PW_EXP:
+            if (entry->pw_expiration >= 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PW_EXP;
+                ULOG_ENTRY(update, final).av_pw_exp =
+                    (uint32_t)entry->pw_expiration;
+            }
+            break;
+
+        case AT_PRINC:
+            if (entry->princ->length > 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PRINC;
+                if ((ret = conv_princ_2ulog(entry->princ,
+                                            update, final, REG_PRINC))) {
+                    free(attr_types);
+                    return (ret);
+                }
+            }
+            break;
+
+        case AT_KEYDATA:
+/* BEGIN CSTYLED */
+            if (entry->n_key_data >= 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_KEYDATA;
+                ULOG_ENTRY(update, final).av_keydata.av_keydata_len =
+                    entry->n_key_data;
+                ULOG_ENTRY(update, final).av_keydata.av_keydata_val =
+                    malloc(entry->n_key_data * sizeof (kdbe_key_t));
+                if (ULOG_ENTRY(update, final).av_keydata.av_keydata_val ==
+                    NULL) {
+                    free(attr_types);
+                    return (ENOMEM);
+                }
+
+                for (j = 0; j < entry->n_key_data; j++) {
+                    ULOG_ENTRY_KEYVAL(update, final, j).k_ver =
+                        entry->key_data[j].key_data_ver;
+                    ULOG_ENTRY_KEYVAL(update, final, j).k_kvno =
+                        entry->key_data[j].key_data_kvno;
+                    ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_len = entry->key_data[j].key_data_ver;
+                    ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_len = entry->key_data[j].key_data_ver;
+
+                    ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_val = malloc(entry->key_data[j].key_data_ver * sizeof(int32_t));
+                    if (ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_val == NULL) {
+                        free(attr_types);
+                        return (ENOMEM);
+                    }
+
+                    ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val = malloc(entry->key_data[j].key_data_ver * sizeof(utf8str_t));
+                    if (ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val == NULL) {
+                        free(attr_types);
+                        return (ENOMEM);
+                    }
+
+                    for (cnt = 0; cnt < entry->key_data[j].key_data_ver;
+                         cnt++) {
+                        ULOG_ENTRY_KEYVAL(update, final, j).k_enctype.k_enctype_val[cnt] = entry->key_data[j].key_data_type[cnt];
+                        ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = entry->key_data[j].key_data_length[cnt];
+                        ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(entry->key_data[j].key_data_length[cnt] * sizeof (char));
+                        if (ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) {
+                            free(attr_types);
+                            return (ENOMEM);
+                        }
+                        (void) memcpy(ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, entry->key_data[j].key_data_contents[cnt], entry->key_data[j].key_data_length[cnt]);
+                    }
+                }
+            }
+            break;
+
+        case AT_TL_DATA:
+            ret = krb5_dbe_lookup_last_pwd_change(context, entry, &tmpint);
+            if (ret == 0) {
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_PW_LAST_CHANGE;
+                ULOG_ENTRY(update, final).av_pw_last_change = tmpint;
+            }
+            tmpint = 0;
+
+            if(!(ret = krb5_dbe_lookup_mod_princ_data(context, entry, &tmpint,
+                                                      &tmpprinc))) {
+
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MOD_PRINC;
+
+                ret = conv_princ_2ulog(tmpprinc, update, final, MOD_PRINC);
+                krb5_free_principal(context, tmpprinc);
+                if (ret) {
+                    free(attr_types);
+                    return (ret);
+                }
+                ULOG_ENTRY_TYPE(update, ++final).av_type = AT_MOD_TIME;
+                ULOG_ENTRY(update, final).av_mod_time =
+                    tmpint;
+            }
+
+            newtl = entry->tl_data;
+            while (newtl) {
+                switch (newtl->tl_data_type) {
+                case KRB5_TL_LAST_PWD_CHANGE:
+                case KRB5_TL_MOD_PRINC:
+                    break;
+
+                case KRB5_TL_KADM_DATA:
+                default:
+                    if (kadm_data_yes == 0) {
+                        ULOG_ENTRY_TYPE(update, ++final).av_type = AT_TL_DATA;
+                        ULOG_ENTRY(update, final).av_tldata.av_tldata_len = 0;
+                        ULOG_ENTRY(update, final).av_tldata.av_tldata_val =
+                            malloc(entry->n_tl_data * sizeof(kdbe_tl_t));
+
+                        if (ULOG_ENTRY(update, final).av_tldata.av_tldata_val
+                            == NULL) {
+                            free(attr_types);
+                            return (ENOMEM);
+                        }
+                        kadm_data_yes = 1;
+                    }
+
+                    tmpint = ULOG_ENTRY(update, final).av_tldata.av_tldata_len;
+                    ULOG_ENTRY(update, final).av_tldata.av_tldata_len++;
+                    ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type;
+                    ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length;
+                    ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char));
+                    if (ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) {
+                        free(attr_types);
+                        return (ENOMEM);
+                    }
+                    (void) memcpy(ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length);
+                    break;
+                }
+                newtl = newtl->tl_data_next;
+            }
+            break;
+/* END CSTYLED */
+
+        case AT_LEN:
+            ULOG_ENTRY_TYPE(update, ++final).av_type = AT_LEN;
+            ULOG_ENTRY(update, final).av_len = (int16_t)entry->len;
+            break;
+
+        default:
+            break;
+        }
+
+    }
+
+    free(attr_types);
+
+    /*
+     * Update len field in kdb_update
+     */
+    update->kdb_update.kdbe_t_len = ++final;
+    return (0);
+}
+
+/* Convert an update log (ulog) entry into a kerberos record. */
+krb5_error_code
+ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
+                   kdb_incr_update_t *update)
+{
+    krb5_db_entry *ent = NULL;
+    int replica;
+    krb5_principal mod_princ = NULL;
+    int i, j, cnt = 0, mod_time = 0, nattrs;
+    krb5_principal dbprinc;
+    char *dbprincstr = NULL;
+    krb5_tl_data newtl;
+    krb5_error_code ret;
+    unsigned int prev_n_keys = 0;
+    krb5_boolean is_add;
+    void *newptr;
+
+    *entry = NULL;
+
+    replica = (context->kdblog_context != NULL) &&
+        (context->kdblog_context->iproprole == IPROP_REPLICA);
+
+    /*
+     * Store the no. of changed attributes in nattrs
+     */
+    nattrs = update->kdb_update.kdbe_t_len;
+
+    dbprincstr = k5memdup0(update->kdb_princ_name.utf8str_t_val,
+                           update->kdb_princ_name.utf8str_t_len, &ret);
+    if (dbprincstr == NULL)
+        goto cleanup;
+
+    ret = krb5_parse_name(context, dbprincstr, &dbprinc);
+    free(dbprincstr);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_db_get_principal(context, dbprinc, 0, &ent);
+    krb5_free_principal(context, dbprinc);
+    if (ret && ret != KRB5_KDB_NOENTRY)
+        goto cleanup;
+    is_add = (ret == KRB5_KDB_NOENTRY);
+
+    /*
+     * Set ent->n_tl_data = 0 initially, if this is an ADD update
+     */
+    if (is_add) {
+        ent = calloc(1, sizeof(*ent));
+        if (ent == NULL)
+            return (ENOMEM);
+        ent->n_tl_data = 0;
+    }
+
+    for (i = 0; i < nattrs; i++) {
+        krb5_principal tmpprinc = NULL;
+
+#define u (ULOG_ENTRY(update, i))
+        switch (ULOG_ENTRY_TYPE(update, i).av_type) {
+        case AT_ATTRFLAGS:
+            ent->attributes = (krb5_flags) u.av_attrflags;
+            break;
+
+        case AT_MAX_LIFE:
+            ent->max_life = (krb5_deltat) u.av_max_life;
+            break;
+
+        case AT_MAX_RENEW_LIFE:
+            ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life;
+            break;
+
+        case AT_EXP:
+            ent->expiration = (krb5_timestamp) u.av_exp;
+            break;
+
+        case AT_PW_EXP:
+            ent->pw_expiration = (krb5_timestamp) u.av_pw_exp;
+            break;
+
+        case AT_LAST_SUCCESS:
+            if (!replica)
+                ent->last_success = (krb5_timestamp) u.av_last_success;
+            break;
+
+        case AT_LAST_FAILED:
+            if (!replica)
+                ent->last_failed = (krb5_timestamp) u.av_last_failed;
+            break;
+
+        case AT_FAIL_AUTH_COUNT:
+            if (!replica)
+                ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count;
+            break;
+
+        case AT_PRINC:
+            tmpprinc = conv_princ_2db(context, &u.av_princ);
+            if (tmpprinc == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+            krb5_free_principal(context, ent->princ);
+            ent->princ = tmpprinc;
+            break;
+
+        case AT_KEYDATA:
+            if (!is_add)
+                prev_n_keys = ent->n_key_data;
+            else
+                prev_n_keys = 0;
+            ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len;
+            if (is_add)
+                ent->key_data = NULL;
+
+            /* Allocate one extra key data to avoid allocating zero bytes. */
+            newptr = realloc(ent->key_data, (ent->n_key_data + 1) *
+                             sizeof(krb5_key_data));
+            if (newptr == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+            ent->key_data = newptr;
+
+/* BEGIN CSTYLED */
+            for (j = prev_n_keys; j < ent->n_key_data; j++) {
+                for (cnt = 0; cnt < 2; cnt++) {
+                    ent->key_data[j].key_data_contents[cnt] = NULL;
+                }
+            }
+            for (j = 0; j < ent->n_key_data; j++) {
+                krb5_key_data *kp = &ent->key_data[j];
+                kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(update, i, j);
+                kp->key_data_ver = (krb5_int16)kv->k_ver;
+                kp->key_data_kvno = (krb5_ui_2)kv->k_kvno;
+                if (kp->key_data_ver > 2) {
+                    ret = EINVAL; /* XXX ? */
+                    goto cleanup;
+                }
+
+                for (cnt = 0; cnt < kp->key_data_ver; cnt++) {
+                    kp->key_data_type[cnt] =  (krb5_int16)kv->k_enctype.k_enctype_val[cnt];
+                    kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len;
+                    newptr = realloc(kp->key_data_contents[cnt],
+                                     kp->key_data_length[cnt]);
+                    if (newptr == NULL) {
+                        ret = ENOMEM;
+                        goto cleanup;
+                    }
+                    kp->key_data_contents[cnt] = newptr;
+
+                    (void) memset(kp->key_data_contents[cnt], 0,
+                                  kp->key_data_length[cnt]);
+                    (void) memcpy(kp->key_data_contents[cnt],
+                                  kv->k_contents.k_contents_val[cnt].utf8str_t_val,
+                                  kp->key_data_length[cnt]);
+                }
+            }
+            break;
+
+        case AT_TL_DATA: {
+            for (j = 0; j < (int)u.av_tldata.av_tldata_len; j++) {
+                newtl.tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
+                newtl.tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
+                newtl.tl_data_contents = (krb5_octet *)u.av_tldata.av_tldata_val[j].tl_data.tl_data_val;
+                newtl.tl_data_next = NULL;
+                ret = krb5_dbe_update_tl_data(context, ent, &newtl);
+                if (ret)
+                    goto cleanup;
+            }
+            break;
+/* END CSTYLED */
+        }
+        case AT_PW_LAST_CHANGE:
+            ret = krb5_dbe_update_last_pwd_change(context, ent,
+                                                  u.av_pw_last_change);
+            if (ret)
+                goto cleanup;
+            break;
+
+        case AT_MOD_PRINC:
+            tmpprinc = conv_princ_2db(context, &u.av_mod_princ);
+            if (tmpprinc == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+            mod_princ = tmpprinc;
+            break;
+
+        case AT_MOD_TIME:
+            mod_time = u.av_mod_time;
+            break;
+
+        case AT_LEN:
+            ent->len = (krb5_int16) u.av_len;
+            break;
+
+        default:
+            break;
+        }
+#undef u
+    }
+
+    /*
+     * process mod_princ_data request
+     */
+    if (mod_time && mod_princ) {
+        ret = krb5_dbe_update_mod_princ_data(context, ent,
+                                             mod_time, mod_princ);
+        if (ret)
+            goto cleanup;
+    }
+
+    *entry = ent;
+    ent = NULL;
+    ret = 0;
+cleanup:
+    krb5_db_free_principal(context, ent);
+    krb5_free_principal(context, mod_princ);
+    return ret;
+}
+
+
+
+/*
+ * This routine frees up memory associated with the bunched ulog entries.
+ */
+void
+ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates)
+{
+
+    kdb_incr_update_t *upd;
+    unsigned int i, j;
+    int k, cnt;
+
+    if (updates == NULL)
+        return;
+
+    upd = updates;
+
+    /*
+     * Loop thru each ulog entry
+     */
+    for (cnt = 0; cnt < no_of_updates; cnt++) {
+
+        /*
+         * ulog entry - kdb_princ_name
+         */
+        free(upd->kdb_princ_name.utf8str_t_val);
+
+/* BEGIN CSTYLED */
+
+        /*
+         * ulog entry - kdb_kdcs_seen_by
+         */
+        if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) {
+            for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++)
+                free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val);
+            free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val);
+        }
+
+        /*
+         * ulog entry - kdb_futures
+         */
+        free(upd->kdb_futures.kdb_futures_val);
+
+        /*
+         * ulog entry - kdb_update
+         */
+        if (upd->kdb_update.kdbe_t_val) {
+            /*
+             * Loop thru all the attributes and free up stuff
+             */
+            for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) {
+
+                /*
+                 * Free av_key_data
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) {
+
+                    for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) {
+                        free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val);
+                        if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) {
+                            for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) {
+                                free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val);
+                            }
+                            free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val);
+                        }
+                    }
+                    free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val);
+                }
+
+
+                /*
+                 * Free av_tl_data
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) {
+                    for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) {
+                        free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val);
+                    }
+                    free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val);
+                }
+
+                /*
+                 * Free av_princ
+                 */
+                if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) {
+                    free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val);
+                    if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) {
+                        for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) {
+                            free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val);
+                        }
+                        free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val);
+                    }
+                }
+
+                /*
+                 * Free av_mod_princ
+                 */
+                if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) {
+                    free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val);
+                    if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) {
+                        for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) {
+                            free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val);
+                        }
+                        free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val);
+                    }
+                }
+
+                /*
+                 * Free av_mod_where
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val)
+                    free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val);
+
+                /*
+                 * Free av_pw_policy
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val)
+                    free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val);
+
+                /*
+                 * XXX: Free av_pw_hist
+                 *
+                 * For now, we just free the pointer
+                 * to av_pw_hist_val, since we aren't
+                 * populating this union member in
+                 * the conv api function(s) anyways.
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val)
+                    free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val);
+
+            }
+
+            /*
+             * Free up the pointer to kdbe_t_val
+             */
+            free(upd->kdb_update.kdbe_t_val);
+        }
+
+/* END CSTYLED */
+
+        /*
+         * Bump up to next struct
+         */
+        upd++;
+    }
+
+
+    /*
+     * Finally, free up the pointer to the bunched ulog entries
+     */
+    free(updates);
+}
diff --git a/krb5-1.21.3/src/lib/kdb/kdb_cpw.c b/krb5-1.21.3/src/lib/kdb/kdb_cpw.c
new file mode 100644
index 00000000..450860f4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb_cpw.c
@@ -0,0 +1,462 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/kdb_cpw.c */
+/*
+ * Copyright 1995, 2009, 2014 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include <stdio.h>
+#include <errno.h>
+
+enum save { DISCARD_ALL, KEEP_LAST_KVNO, KEEP_ALL };
+
+int
+krb5_db_get_key_data_kvno(context, count, data)
+    krb5_context          context;
+    int                   count;
+    krb5_key_data       * data;
+{
+    int i, kvno;
+    /* Find last key version number */
+    for (kvno = i = 0; i < count; i++) {
+        if (kvno < data[i].key_data_kvno) {
+            kvno = data[i].key_data_kvno;
+        }
+    }
+    return(kvno);
+}
+
+static void
+cleanup_key_data(context, count, data)
+    krb5_context          context;
+    int                   count;
+    krb5_key_data       * data;
+{
+    int i;
+
+    /* If data is NULL, count is always 0 */
+    if (data == NULL) return;
+
+    for (i = 0; i < count; i++)
+        krb5_dbe_free_key_data_contents(context, &data[i]);
+    free(data);
+}
+
+/* Transfer key data from old_kd to new_kd, making sure that new_kd is
+ * encrypted with mkey.  May steal from old_kd and zero it out. */
+static krb5_error_code
+preserve_one_old_key(krb5_context context, krb5_keyblock *mkey,
+                     krb5_db_entry *dbent, krb5_key_data *old_kd,
+                     krb5_key_data *new_kd)
+{
+    krb5_error_code ret;
+    krb5_keyblock kb;
+    krb5_keysalt salt;
+
+    memset(new_kd, 0, sizeof(*new_kd));
+
+    ret = krb5_dbe_decrypt_key_data(context, mkey, old_kd, &kb, NULL);
+    if (ret == 0) {
+        /* old_kd is already encrypted in mkey, so just move it. */
+        *new_kd = *old_kd;
+        memset(old_kd, 0, sizeof(*old_kd));
+        krb5_free_keyblock_contents(context, &kb);
+        return 0;
+    }
+
+    /* Decrypt and re-encrypt old_kd using mkey. */
+    ret = krb5_dbe_decrypt_key_data(context, NULL, old_kd, &kb, &salt);
+    if (ret)
+        return ret;
+    ret = krb5_dbe_encrypt_key_data(context, mkey, &kb, &salt,
+                                    old_kd->key_data_kvno, new_kd);
+    krb5_free_keyblock_contents(context, &kb);
+    krb5_free_data_contents(context, &salt.data);
+    return ret;
+}
+
+/*
+ * Add key_data to dbent, making sure that each entry is encrypted in mkey.  If
+ * kvno is non-zero, preserve only keys of that kvno.  May steal some elements
+ * from key_data and zero them out.
+ */
+static krb5_error_code
+preserve_old_keys(krb5_context context, krb5_keyblock *mkey,
+                  krb5_db_entry *dbent, int kvno, int n_key_data,
+                  krb5_key_data *key_data)
+{
+    krb5_error_code ret;
+    int i;
+
+    for (i = 0; i < n_key_data; i++) {
+        if (kvno != 0 && key_data[i].key_data_kvno != kvno)
+            continue;
+        ret = krb5_dbe_create_key_data(context, dbent);
+        if (ret)
+            return ret;
+        ret = preserve_one_old_key(context, mkey, dbent, &key_data[i],
+                                   &dbent->key_data[dbent->n_key_data - 1]);
+        if (ret)
+            return ret;
+    }
+    return 0;
+}
+
+static krb5_error_code
+add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
+    krb5_context          context;
+    krb5_keyblock       * master_key;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    krb5_db_entry       * db_entry;
+    int                   kvno;
+{
+    krb5_keyblock         key;
+    int                   i, j;
+    krb5_error_code       retval;
+    krb5_key_data        *kd_slot;
+
+    for (i = 0; i < ks_tuple_count; i++) {
+        krb5_boolean similar;
+
+        similar = 0;
+
+        /*
+         * We could use krb5_keysalt_iterate to replace this loop, or use
+         * krb5_keysalt_is_present for the loop below, but we want to avoid
+         * circular library dependencies.
+         */
+        for (j = 0; j < i; j++) {
+            if ((retval = krb5_c_enctype_compare(context,
+                                                 ks_tuple[i].ks_enctype,
+                                                 ks_tuple[j].ks_enctype,
+                                                 &similar)))
+                return(retval);
+
+            if (similar)
+                break;
+        }
+
+        if (similar)
+            continue;
+
+        if ((retval = krb5_dbe_create_key_data(context, db_entry)))
+            return retval;
+        kd_slot = &db_entry->key_data[db_entry->n_key_data - 1];
+
+        /* there used to be code here to extract the old key, and derive
+           a new key from it.  Now that there's a unified prng, that isn't
+           necessary. */
+
+        /* make new key */
+        if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype,
+                                             &key)))
+            return retval;
+
+        retval = krb5_dbe_encrypt_key_data(context, master_key, &key, NULL,
+                                           kvno, kd_slot);
+
+        krb5_free_keyblock_contents(context, &key);
+        if( retval )
+            return retval;
+    }
+
+    return 0;
+}
+
+/* Construct a random explicit salt. */
+static krb5_error_code
+make_random_salt(krb5_context context, krb5_keysalt *salt_out)
+{
+    krb5_error_code retval;
+    unsigned char rndbuf[8];
+    krb5_data salt, rnd = make_data(rndbuf, sizeof(rndbuf));
+    unsigned int i;
+
+    /*
+     * Salts are limited by RFC 4120 to 7-bit ASCII.  For ease of examination
+     * and to avoid certain folding issues for older enctypes, we use printable
+     * characters with four fixed bits and four random bits, encoding 64
+     * psuedo-random bits into 16 bytes.
+     */
+    retval = krb5_c_random_make_octets(context, &rnd);
+    if (retval)
+        return retval;
+    retval = alloc_data(&salt, sizeof(rndbuf) * 2);
+    if (retval)
+        return retval;
+    for (i = 0; i < sizeof(rndbuf); i++) {
+        salt.data[i * 2] = 0x40 | (rndbuf[i] >> 4);
+        salt.data[i * 2 + 1] = 0x40 | (rndbuf[i] & 0xf);
+    }
+
+    salt_out->type = KRB5_KDB_SALTTYPE_SPECIAL;
+    salt_out->data = salt;
+    return 0;
+}
+
+/*
+ * Add key_data for a krb5_db_entry
+ * If passwd is NULL the assumes that the caller wants a random password.
+ */
+static krb5_error_code
+add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
+            db_entry, kvno)
+    krb5_context          context;
+    krb5_keyblock       * master_key;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    const char          * passwd;
+    krb5_db_entry       * db_entry;
+    int                   kvno;
+{
+    krb5_error_code       retval;
+    krb5_keysalt          key_salt;
+    krb5_keyblock         key;
+    krb5_data             pwd;
+    int                   i, j;
+    krb5_key_data        *kd_slot;
+
+    for (i = 0; i < ks_tuple_count; i++) {
+        krb5_boolean similar;
+
+        similar = 0;
+
+        /*
+         * We could use krb5_keysalt_iterate to replace this loop, or use
+         * krb5_keysalt_is_present for the loop below, but we want to avoid
+         * circular library dependencies.
+         */
+        for (j = 0; j < i; j++) {
+            if ((retval = krb5_c_enctype_compare(context,
+                                                 ks_tuple[i].ks_enctype,
+                                                 ks_tuple[j].ks_enctype,
+                                                 &similar)))
+                return(retval);
+
+            if (similar &&
+                (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype))
+                break;
+        }
+
+        if (j < i)
+            continue;
+
+        if ((retval = krb5_dbe_create_key_data(context, db_entry)))
+            return(retval);
+        kd_slot = &db_entry->key_data[db_entry->n_key_data - 1];
+
+        /* Convert password string to key using appropriate salt */
+        switch (key_salt.type = ks_tuple[i].ks_salttype) {
+        case KRB5_KDB_SALTTYPE_ONLYREALM: {
+            krb5_data * saltdata;
+            if ((retval = krb5_copy_data(context, krb5_princ_realm(context,
+                                                                   db_entry->princ), &saltdata)))
+                return(retval);
+
+            key_salt.data = *saltdata;
+            free(saltdata);
+        }
+            break;
+        case KRB5_KDB_SALTTYPE_NOREALM:
+            if ((retval=krb5_principal2salt_norealm(context, db_entry->princ,
+                                                    &key_salt.data)))
+                return(retval);
+            break;
+        case KRB5_KDB_SALTTYPE_NORMAL:
+            if ((retval = krb5_principal2salt(context, db_entry->princ,
+                                              &key_salt.data)))
+                return(retval);
+            break;
+        case KRB5_KDB_SALTTYPE_SPECIAL:
+            retval = make_random_salt(context, &key_salt);
+            if (retval)
+                return retval;
+            break;
+        default:
+            return(KRB5_KDB_BAD_SALTTYPE);
+        }
+
+        pwd = string2data((char *)passwd);
+
+        retval = krb5_c_string_to_key_with_params(context,
+                                                  ks_tuple[i].ks_enctype,
+                                                  &pwd, &key_salt.data,
+                                                  NULL, &key);
+        if (retval) {
+            free(key_salt.data.data);
+            return retval;
+        }
+
+        retval = krb5_dbe_encrypt_key_data(context, master_key, &key,
+                                           (const krb5_keysalt *)&key_salt,
+                                           kvno, kd_slot);
+        if (key_salt.data.data)
+            free(key_salt.data.data);
+        free(key.contents);
+
+        if( retval )
+            return retval;
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+rekey(krb5_context context, krb5_keyblock *mkey, krb5_key_salt_tuple *ks_tuple,
+      int ks_tuple_count, const char *password, int new_kvno,
+      enum save savekeys, krb5_db_entry *db_entry)
+{
+    krb5_error_code ret;
+    krb5_key_data *key_data;
+    int n_key_data, old_kvno, save_kvno;
+
+    /* Save aside the old key data. */
+    n_key_data = db_entry->n_key_data;
+    key_data = db_entry->key_data;
+    db_entry->n_key_data = 0;
+    db_entry->key_data = NULL;
+
+    /* Make sure the new kvno is greater than the old largest kvno. */
+    old_kvno = krb5_db_get_key_data_kvno(context, n_key_data, key_data);
+    if (new_kvno < old_kvno + 1)
+        new_kvno = old_kvno + 1;
+    /* Wrap from 65535 to 1; we can only store 16-bit kvno values in key_data,
+     * and we assign special meaning to kvno 0. */
+    if (new_kvno == (1 << 16))
+        new_kvno = 1;
+
+    /* Add new keys to the front of the list. */
+    if (password != NULL) {
+        ret = add_key_pwd(context, mkey, ks_tuple, ks_tuple_count, password,
+                          db_entry, new_kvno);
+    } else {
+        ret = add_key_rnd(context, mkey, ks_tuple, ks_tuple_count, db_entry,
+                          new_kvno);
+    }
+    if (ret) {
+        cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+        db_entry->n_key_data = n_key_data;
+        db_entry->key_data = key_data;
+        return ret;
+    }
+
+    /* Possibly add some or all of the old keys to the back of the list.  May
+     * steal from and zero out some of the old key data entries. */
+    if (savekeys != DISCARD_ALL) {
+        save_kvno = (savekeys == KEEP_LAST_KVNO) ? old_kvno : 0;
+        ret = preserve_old_keys(context, mkey, db_entry, save_kvno, n_key_data,
+                                key_data);
+    }
+
+    /* Free any old key data entries not stolen and zeroed out above. */
+    cleanup_key_data(context, n_key_data, key_data);
+    return ret;
+}
+
+/*
+ * Change random key for a krb5_db_entry
+ * Assumes the max kvno
+ *
+ * As a side effect all old keys are nuked if keepold is false.
+ */
+krb5_error_code
+krb5_dbe_crk(krb5_context context, krb5_keyblock *mkey,
+             krb5_key_salt_tuple *ks_tuple, int ks_tuple_count,
+             krb5_boolean keepold, krb5_db_entry *dbent)
+{
+    return rekey(context, mkey, ks_tuple, ks_tuple_count, NULL, 0,
+                 keepold ? KEEP_ALL : DISCARD_ALL, dbent);
+}
+
+/*
+ * Add random key for a krb5_db_entry
+ * Assumes the max kvno
+ *
+ * As a side effect all old keys older than the max kvno are nuked.
+ */
+krb5_error_code
+krb5_dbe_ark(krb5_context context, krb5_keyblock *mkey,
+             krb5_key_salt_tuple *ks_tuple, int ks_tuple_count,
+             krb5_db_entry *dbent)
+{
+    return rekey(context, mkey, ks_tuple, ks_tuple_count, NULL, 0,
+                 KEEP_LAST_KVNO, dbent);
+}
+
+/*
+ * Change password for a krb5_db_entry
+ * Assumes the max kvno
+ *
+ * As a side effect all old keys are nuked if keepold is false.
+ */
+krb5_error_code
+krb5_dbe_def_cpw(krb5_context context, krb5_keyblock *mkey,
+                 krb5_key_salt_tuple *ks_tuple, int ks_tuple_count,
+                 char *password, int new_kvno, krb5_boolean keepold,
+                 krb5_db_entry *dbent)
+{
+    return rekey(context, mkey, ks_tuple, ks_tuple_count, password, new_kvno,
+                 keepold ? KEEP_ALL : DISCARD_ALL, dbent);
+}
+
+/*
+ * Add password for a krb5_db_entry
+ * Assumes the max kvno
+ *
+ * As a side effect all old keys older than the max kvno are nuked.
+ */
+krb5_error_code
+krb5_dbe_apw(krb5_context context, krb5_keyblock *mkey,
+             krb5_key_salt_tuple *ks_tuple, int ks_tuple_count, char *password,
+             krb5_db_entry *dbent)
+{
+    return rekey(context, mkey, ks_tuple, ks_tuple_count, password, 0,
+                 KEEP_LAST_KVNO, dbent);
+}
diff --git a/krb5-1.21.3/src/lib/kdb/kdb_default.c b/krb5-1.21.3/src/lib/kdb/kdb_default.c
new file mode 100644
index 00000000..526ddd26
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb_default.c
@@ -0,0 +1,551 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/kdb_default.c */
+/*
+ * Copyright 1995, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <arpa/inet.h>
+
+
+/*
+ * Set *kd_out to the key data entry matching kvno, enctype, and salttype.  If
+ * any of those three parameters are -1, ignore them.  If kvno is 0, match only
+ * the highest kvno.  Begin searching at the index *start and set *start to the
+ * index after the match.  Do not return keys of non-permitted enctypes; return
+ * KRB5_KDB_NO_PERMITTED_KEY if the whole list was searched and only
+ * non-permitted matches were found.
+ */
+krb5_error_code
+krb5_dbe_def_search_enctype(krb5_context context, krb5_db_entry *ent,
+                            krb5_int32 *start, krb5_int32 enctype,
+                            krb5_int32 salttype, krb5_int32 kvno,
+                            krb5_key_data **kd_out)
+{
+    krb5_key_data *kd;
+    krb5_int32 db_salttype;
+    krb5_boolean saw_non_permitted = FALSE;
+    int i;
+
+    *kd_out = NULL;
+
+    if (enctype != -1 && !krb5_is_permitted_enctype(context, enctype))
+        return KRB5_KDB_NO_PERMITTED_KEY;
+    if (ent->n_key_data == 0)
+        return KRB5_KDB_NO_MATCHING_KEY;
+
+    /* Match the highest kvno if kvno is 0.  Key data is sorted in descending
+     * order of kvno. */
+    if (kvno == 0)
+        kvno = ent->key_data[0].key_data_kvno;
+
+    for (i = *start; i < ent->n_key_data; i++) {
+        kd = &ent->key_data[i];
+        db_salttype = (kd->key_data_ver > 1) ? kd->key_data_type[1] :
+            KRB5_KDB_SALTTYPE_NORMAL;
+
+        /* Match this entry against the arguments.  Stop searching if we have
+         * passed the entries for the requested kvno. */
+        if (enctype != -1 && kd->key_data_type[0] != enctype)
+            continue;
+        if (salttype >= 0 && db_salttype != salttype)
+            continue;
+        if (kvno >= 0 && kd->key_data_kvno < kvno)
+            break;
+        if (kvno >= 0 && kd->key_data_kvno != kvno)
+            continue;
+
+        /* Filter out non-permitted enctypes. */
+        if (!krb5_is_permitted_enctype(context, kd->key_data_type[0])) {
+            saw_non_permitted = TRUE;
+            continue;
+        }
+
+        *start = i + 1;
+        *kd_out = kd;
+        return 0;
+    }
+
+    /* If we scanned the whole set of keys and matched only non-permitted
+     * enctypes, indicate that. */
+    return (*start == 0 && saw_non_permitted) ? KRB5_KDB_NO_PERMITTED_KEY :
+        KRB5_KDB_NO_MATCHING_KEY;
+}
+
+/*
+ *  kdb default functions. Ideally, some other file should have this functions. For now, TBD.
+ */
+#ifndef min
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#endif
+
+krb5_error_code
+krb5_def_store_mkey_list(krb5_context       context,
+                         char               *keyfile,
+                         krb5_principal     mname,
+                         krb5_keylist_node  *keylist,
+                         char               *master_pwd)
+{
+    krb5_error_code retval = 0;
+    char defkeyfile[MAXPATHLEN+1];
+    char *tmp_ktname = NULL, *tmp_ktpath;
+    krb5_data *realm = krb5_princ_realm(context, mname);
+    krb5_keytab kt = NULL;
+    krb5_keytab_entry new_entry;
+    struct stat stb;
+    int statrc;
+
+    if (!keyfile) {
+        (void) snprintf(defkeyfile, sizeof(defkeyfile), "%s%s",
+                        DEFAULT_KEYFILE_STUB, realm->data);
+        keyfile = defkeyfile;
+    }
+
+    if ((statrc = stat(keyfile, &stb)) >= 0) {
+        /* if keyfile exists it better be a regular file */
+        if (!S_ISREG(stb.st_mode)) {
+            retval = EINVAL;
+            k5_setmsg(context, retval,
+                      _("keyfile (%s) is not a regular file: %s"),
+                      keyfile, error_message(retval));
+            goto out;
+        }
+    }
+
+    /*
+     * We assume the stash file is in a directory writable only by root.
+     * As such, don't worry about collisions, just do an atomic rename.
+     */
+    retval = asprintf(&tmp_ktname, "FILE:%s_tmp", keyfile);
+    if (retval < 0) {
+        k5_setmsg(context, retval,
+                  _("Could not create temp keytab file name."));
+        goto out;
+    }
+
+    /*
+     * Set tmp_ktpath to point to the keyfile path (skip FILE:).  Subtracting
+     * 1 to account for NULL terminator in sizeof calculation of a string
+     * constant.  Used further down.
+     */
+    tmp_ktpath = tmp_ktname + (sizeof("FILE:") - 1);
+
+    /*
+     * This time-of-check-to-time-of-access race is fine; we care only
+     * about an administrator running the command twice, not an attacker
+     * trying to beat us to creating the file.  Per the above comment, we
+     * assume the stash file is in a directory writable only by root.
+     */
+    statrc = stat(tmp_ktpath, &stb);
+    if (statrc == -1 && errno != ENOENT) {
+        /* ENOENT is the expected case */
+        retval = errno;
+        goto out;
+    } else if (statrc == 0) {
+        retval = EEXIST;
+        k5_setmsg(context, retval,
+                  _("Temporary stash file already exists: %s."), tmp_ktpath);
+        goto out;
+    }
+
+    /* create new stash keytab using temp file name */
+    retval = krb5_kt_resolve(context, tmp_ktname, &kt);
+    if (retval != 0)
+        goto out;
+
+    while (keylist && !retval) {
+        memset(&new_entry, 0, sizeof(new_entry));
+        new_entry.principal = mname;
+        new_entry.key = keylist->keyblock;
+        new_entry.vno = keylist->kvno;
+
+        retval = krb5_kt_add_entry(context, kt, &new_entry);
+        keylist = keylist->next;
+    }
+    krb5_kt_close(context, kt);
+
+    if (retval != 0) {
+        /* Clean up by deleting the tmp keyfile if it exists. */
+        (void)unlink(tmp_ktpath);
+    } else {
+        /* Atomically rename temp keyfile to original filename. */
+        if (rename(tmp_ktpath, keyfile) < 0) {
+            retval = errno;
+            k5_setmsg(context, retval,
+                      _("rename of temporary keyfile (%s) to (%s) failed: %s"),
+                      tmp_ktpath, keyfile, error_message(errno));
+        }
+    }
+
+out:
+    if (tmp_ktname != NULL)
+        free(tmp_ktname);
+
+    return retval;
+}
+
+static krb5_error_code
+krb5_db_def_fetch_mkey_stash(krb5_context   context,
+                             const char *keyfile,
+                             krb5_keyblock *key,
+                             krb5_kvno     *kvno)
+{
+    krb5_error_code retval = 0;
+    krb5_ui_2 enctype;
+    krb5_ui_4 keylength;
+    FILE *kf = NULL;
+
+    if (!(kf = fopen(keyfile, "rb")))
+        return KRB5_KDB_CANTREAD_STORED;
+    set_cloexec_file(kf);
+
+    if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
+        retval = KRB5_KDB_CANTREAD_STORED;
+        goto errout;
+    }
+
+#if BIG_ENDIAN_MASTER_KEY
+    enctype = ntohs((uint16_t) enctype);
+#endif
+
+    if (key->enctype == ENCTYPE_UNKNOWN)
+        key->enctype = enctype;
+    else if (enctype != key->enctype) {
+        retval = KRB5_KDB_BADSTORED_MKEY;
+        goto errout;
+    }
+
+    if (fread((krb5_pointer) &keylength,
+              sizeof(keylength), 1, kf) != 1) {
+        retval = KRB5_KDB_CANTREAD_STORED;
+        goto errout;
+    }
+
+#if BIG_ENDIAN_MASTER_KEY
+    key->length = ntohl((uint32_t) keylength);
+#else
+    key->length = keylength;
+#endif
+
+    if (!key->length || key->length > 1024) {
+        retval = KRB5_KDB_BADSTORED_MKEY;
+        goto errout;
+    }
+
+    if (!(key->contents = (krb5_octet *)malloc(key->length))) {
+        retval = ENOMEM;
+        goto errout;
+    }
+
+    if (fread((krb5_pointer) key->contents, sizeof(key->contents[0]),
+              key->length, kf) != key->length) {
+        retval = KRB5_KDB_CANTREAD_STORED;
+        zap(key->contents, key->length);
+        free(key->contents);
+        key->contents = 0;
+    } else
+        retval = 0;
+
+    /*
+     * Note, the old stash format did not store the kvno and at this point it
+     * can be assumed to be 1 as is the case for the mkey princ.  If the kvno is
+     * passed in and isn't ignore_vno just leave it alone as this could cause
+     * verifcation trouble if the mkey princ is using a kvno other than 1.
+     */
+    if (kvno && *kvno == IGNORE_VNO)
+        *kvno = 1;
+
+errout:
+    (void) fclose(kf);
+    return retval;
+}
+
+static krb5_error_code
+krb5_db_def_fetch_mkey_keytab(krb5_context   context,
+                              const char     *keyfile,
+                              krb5_principal mname,
+                              krb5_keyblock  *key,
+                              krb5_kvno      *kvno)
+{
+    krb5_error_code retval = 0;
+    krb5_keytab kt = NULL;
+    krb5_keytab_entry kt_ent;
+    krb5_enctype enctype = IGNORE_ENCTYPE;
+
+    if ((retval = krb5_kt_resolve(context, keyfile, &kt)) != 0)
+        goto errout;
+
+    /* override default */
+    if (key->enctype != ENCTYPE_UNKNOWN)
+        enctype = key->enctype;
+
+    if ((retval = krb5_kt_get_entry(context, kt, mname,
+                                    kvno ? *kvno : IGNORE_VNO,
+                                    enctype,
+                                    &kt_ent)) == 0) {
+
+        if (key->enctype == ENCTYPE_UNKNOWN)
+            key->enctype = kt_ent.key.enctype;
+
+        if (((int) kt_ent.key.length) < 0) {
+            retval = KRB5_KDB_BADSTORED_MKEY;
+            krb5_kt_free_entry(context, &kt_ent);
+            goto errout;
+        }
+
+        key->length = kt_ent.key.length;
+
+        /*
+         * If a kvno pointer was passed in and it dereferences the
+         * IGNORE_VNO value then it should be assigned the value of the kvno
+         * found in the keytab otherwise the KNVO specified should be the
+         * same as the one returned from the keytab.
+         */
+        if (kvno != NULL && *kvno == IGNORE_VNO)
+            *kvno = kt_ent.vno;
+
+        /*
+         * kt_ent will be free'd so need to allocate and copy key contents for
+         * output to caller.
+         */
+        key->contents = k5memdup(kt_ent.key.contents, kt_ent.key.length,
+                                 &retval);
+        if (key->contents == NULL) {
+            krb5_kt_free_entry(context, &kt_ent);
+            goto errout;
+        }
+        krb5_kt_free_entry(context, &kt_ent);
+    }
+
+errout:
+    if (kt)
+        krb5_kt_close(context, kt);
+
+    return retval;
+}
+
+krb5_error_code
+krb5_db_def_fetch_mkey(krb5_context   context,
+                       krb5_principal mname,
+                       krb5_keyblock *key,
+                       krb5_kvno     *kvno,
+                       char          *db_args)
+{
+    krb5_error_code retval;
+    char keyfile[MAXPATHLEN+1];
+    krb5_data *realm = krb5_princ_realm(context, mname);
+
+    key->magic = KV5M_KEYBLOCK;
+
+    if (db_args != NULL) {
+        (void) strncpy(keyfile, db_args, sizeof(keyfile));
+    } else {
+        (void) snprintf(keyfile, sizeof(keyfile), "%s%s",
+                        DEFAULT_KEYFILE_STUB, realm->data);
+    }
+    /* null terminate no matter what */
+    keyfile[sizeof(keyfile) - 1] = '\0';
+
+    /* Try the keytab and old stash file formats. */
+    retval = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno);
+    if (retval == KRB5_KEYTAB_BADVNO)
+        retval = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno);
+
+    /*
+     * Use a generic error code for failure to retrieve the master
+     * key, but set a message indicating the actual error.
+     */
+    if (retval != 0) {
+        k5_setmsg(context, KRB5_KDB_CANTREAD_STORED,
+                  _("Can not fetch master key (error: %s)."),
+                  error_message(retval));
+        return KRB5_KDB_CANTREAD_STORED;
+    } else
+        return 0;
+}
+
+krb5_error_code
+krb5_def_fetch_mkey_list(krb5_context        context,
+                         krb5_principal        mprinc,
+                         const krb5_keyblock  *mkey,
+                         krb5_keylist_node  **mkeys_list)
+{
+    krb5_error_code retval;
+    krb5_db_entry *master_entry;
+    krb5_boolean found_key = FALSE;
+    krb5_keyblock cur_mkey;
+    krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node;
+    krb5_key_data *key_data;
+    krb5_mkey_aux_node  *mkey_aux_data_list = NULL, *aux_data_entry;
+    int i;
+
+    if (mkeys_list == NULL)
+        return (EINVAL);
+
+    memset(&cur_mkey, 0, sizeof(cur_mkey));
+
+    retval = krb5_db_get_principal(context, mprinc, 0, &master_entry);
+    if (retval == KRB5_KDB_NOENTRY)
+        return (KRB5_KDB_NOMASTERKEY);
+    if (retval)
+        return (retval);
+
+    if (master_entry->n_key_data == 0) {
+        retval = KRB5_KDB_NOMASTERKEY;
+        goto clean_n_exit;
+    }
+
+    /*
+     * Check if the input mkey is the latest key and if it isn't then find the
+     * latest mkey.
+     */
+
+    if (mkey->enctype == master_entry->key_data[0].key_data_type[0]) {
+        if (krb5_dbe_decrypt_key_data(context, mkey,
+                                      &master_entry->key_data[0],
+                                      &cur_mkey, NULL) == 0) {
+            found_key = TRUE;
+        }
+    }
+
+    if (!found_key) {
+        if ((retval = krb5_dbe_lookup_mkey_aux(context, master_entry,
+                                               &mkey_aux_data_list)))
+            goto clean_n_exit;
+
+        for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
+             aux_data_entry = aux_data_entry->next) {
+
+            if (krb5_dbe_decrypt_key_data(context, mkey,
+                                          &aux_data_entry->latest_mkey,
+                                          &cur_mkey, NULL) == 0) {
+                found_key = TRUE;
+                break;
+            }
+        }
+        if (found_key != TRUE) {
+            k5_setmsg(context, KRB5_KDB_BADMASTERKEY,
+                      _("Unable to decrypt latest master key with the "
+                        "provided master key\n"));
+            retval = KRB5_KDB_BADMASTERKEY;
+            goto clean_n_exit;
+        }
+    }
+
+    /*
+     * Extract all the mkeys from master_entry using the most current mkey and
+     * create a mkey list for the mkeys field in kdc_realm_t.
+     */
+
+    mkey_list_head = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node));
+    if (mkey_list_head == NULL) {
+        retval = ENOMEM;
+        goto clean_n_exit;
+    }
+
+    memset(mkey_list_head, 0, sizeof(krb5_keylist_node));
+
+    /* Set mkey_list_head to the current mkey as an optimization. */
+    /* mkvno may not be latest so ... */
+    mkey_list_head->kvno = master_entry->key_data[0].key_data_kvno;
+    /* this is the latest clear mkey (avoids a redundant decrypt) */
+    mkey_list_head->keyblock = cur_mkey;
+
+    /* loop through any other master keys creating a list of krb5_keylist_nodes */
+    mkey_list_node = &mkey_list_head->next;
+    for (i = 1; i < master_entry->n_key_data; i++) {
+        if (*mkey_list_node == NULL) {
+            /* *mkey_list_node points to next field of previous node */
+            *mkey_list_node = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node));
+            if (*mkey_list_node == NULL) {
+                retval = ENOMEM;
+                goto clean_n_exit;
+            }
+            memset(*mkey_list_node, 0, sizeof(krb5_keylist_node));
+        }
+        key_data = &master_entry->key_data[i];
+        retval = krb5_dbe_decrypt_key_data(context, &cur_mkey, key_data,
+                                           &((*mkey_list_node)->keyblock),
+                                           NULL);
+        if (retval)
+            goto clean_n_exit;
+
+        (*mkey_list_node)->kvno = key_data->key_data_kvno;
+        mkey_list_node = &((*mkey_list_node)->next);
+    }
+
+    *mkeys_list = mkey_list_head;
+
+clean_n_exit:
+    krb5_db_free_principal(context, master_entry);
+    krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_list);
+    if (retval != 0)
+        krb5_dbe_free_key_list(context, mkey_list_head);
+    return retval;
+}
+
+krb5_error_code
+krb5_db_def_rename_principal(krb5_context kcontext,
+                             krb5_const_principal source,
+                             krb5_const_principal target)
+{
+    krb5_db_entry *kdb = NULL;
+    krb5_principal oldprinc;
+    krb5_error_code ret;
+
+    if (source == NULL || target == NULL)
+        return EINVAL;
+
+    ret = krb5_db_get_principal(kcontext, source, 0, &kdb);
+    if (ret)
+        goto cleanup;
+
+    /* Store salt values explicitly so that they don't depend on the principal
+     * name. */
+    ret = krb5_dbe_specialize_salt(kcontext, kdb);
+    if (ret)
+        goto cleanup;
+
+    /* Temporarily alias kdb->princ to target and put the principal entry. */
+    oldprinc = kdb->princ;
+    kdb->princ = (krb5_principal)target;
+    ret = krb5_db_put_principal(kcontext, kdb);
+    kdb->princ = oldprinc;
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_db_delete_principal(kcontext, (krb5_principal)source);
+
+
+cleanup:
+    krb5_db_free_principal(kcontext, kdb);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/kdb/kdb_log.c b/krb5-1.21.3/src/lib/kdb/kdb_log.c
new file mode 100644
index 00000000..2659a250
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/kdb_log.c
@@ -0,0 +1,688 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/mman.h>
+#include <k5-int.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <syslog.h>
+#include "kdb5.h"
+#include "kdb_log.h"
+#include "kdb5int.h"
+
+#ifndef MAP_FAILED
+#define MAP_FAILED ((void *)-1)
+#endif
+
+/* This module includes all the necessary functions that create and modify the
+ * Kerberos principal update and header logs. */
+
+#define getpagesize() sysconf(_SC_PAGESIZE)
+
+static int pagesize = 0;
+
+#define INIT_ULOG(ctx)                          \
+    log_ctx = ctx->kdblog_context;              \
+    assert(log_ctx != NULL);                    \
+    ulog = log_ctx->ulog;                       \
+    assert(ulog != NULL)
+
+/* Initialize context->kdblog_context if it does not yet exist, and return it.
+ * Return NULL on allocation failure. */
+static kdb_log_context *
+create_log_context(krb5_context context)
+{
+    kdb_log_context *log_ctx;
+
+    if (context->kdblog_context != NULL)
+        return context->kdblog_context;
+    log_ctx = calloc(1, sizeof(*log_ctx));
+    if (log_ctx == NULL)
+        return NULL;
+    log_ctx->ulogfd = -1;
+    context->kdblog_context = log_ctx;
+    return log_ctx;
+}
+
+static inline krb5_boolean
+time_equal(const kdbe_time_t *a, const kdbe_time_t *b)
+{
+    return a->seconds == b->seconds && a->useconds == b->useconds;
+}
+
+static void
+time_current(kdbe_time_t *out)
+{
+    struct timeval timestamp;
+
+    (void)gettimeofday(&timestamp, NULL);
+    out->seconds = timestamp.tv_sec;
+    out->useconds = timestamp.tv_usec;
+}
+
+/* Sync update entry to disk. */
+static void
+sync_update(kdb_hlog_t *ulog, kdb_ent_header_t *upd)
+{
+    unsigned long start, end, size;
+
+    if (!pagesize)
+        pagesize = getpagesize();
+
+    start = (unsigned long)upd & ~(pagesize - 1);
+
+    end = ((unsigned long)upd + ulog->kdb_block + (pagesize - 1)) &
+        ~(pagesize - 1);
+
+    size = end - start;
+    if (msync((caddr_t)start, size, MS_SYNC)) {
+        /* Couldn't sync to disk, let's panic. */
+        syslog(LOG_ERR, _("could not sync ulog update to disk"));
+        abort();
+    }
+}
+
+/* Sync memory to disk for the update log header. */
+static void
+sync_header(kdb_hlog_t *ulog)
+{
+    if (!pagesize)
+        pagesize = getpagesize();
+
+    if (msync((caddr_t)ulog, pagesize, MS_SYNC)) {
+        /* Couldn't sync to disk, let's panic. */
+        syslog(LOG_ERR, _("could not sync ulog header to disk"));
+        abort();
+    }
+}
+
+/* Return true if the ulog entry for sno matches sno and timestamp. */
+static krb5_boolean
+check_sno(kdb_log_context *log_ctx, kdb_sno_t sno,
+          const kdbe_time_t *timestamp)
+{
+    unsigned int indx = (sno - 1) % log_ctx->ulogentries;
+    kdb_ent_header_t *ent = INDEX(log_ctx->ulog, indx);
+
+    return ent->kdb_entry_sno == sno && time_equal(&ent->kdb_time, timestamp);
+}
+
+/*
+ * Check last against our ulog and determine whether it is up to date
+ * (UPDATE_NIL), so far out of date that a full dump is required
+ * (UPDATE_FULL_RESYNC_NEEDED), or okay to update with ulog entries
+ * (UPDATE_OK).
+ */
+static update_status_t
+get_sno_status(kdb_log_context *log_ctx, const kdb_last_t *last)
+{
+    kdb_hlog_t *ulog = log_ctx->ulog;
+
+    /* If last matches the ulog's last serial number and time exactly, it are
+     * up to date even if the ulog is empty. */
+    if (last->last_sno == ulog->kdb_last_sno &&
+        time_equal(&last->last_time, &ulog->kdb_last_time))
+        return UPDATE_NIL;
+
+    /* If our ulog is empty or does not contain last_sno, a full resync is
+     * required. */
+    if (ulog->kdb_num == 0 || last->last_sno > ulog->kdb_last_sno ||
+        last->last_sno < ulog->kdb_first_sno)
+        return UPDATE_FULL_RESYNC_NEEDED;
+
+    /* If the timestamp in our ulog entry does not match last, then sno was
+     * reused and a full resync is required. */
+    if (!check_sno(log_ctx, last->last_sno, &last->last_time))
+        return UPDATE_FULL_RESYNC_NEEDED;
+
+    /* last is not fully up to date, but can be updated using our ulog. */
+    return UPDATE_OK;
+}
+
+/* Extend update log file. */
+static krb5_error_code
+extend_file_to(int fd, unsigned int new_size)
+{
+    off_t current_offset;
+    static const char zero[512];
+    ssize_t wrote_size;
+    size_t write_size;
+
+    current_offset = lseek(fd, 0, SEEK_END);
+    if (current_offset < 0)
+        return errno;
+    if (new_size > INT_MAX)
+        return EINVAL;
+    while (current_offset < (off_t)new_size) {
+        write_size = new_size - current_offset;
+        if (write_size > 512)
+            write_size = 512;
+        wrote_size = write(fd, zero, write_size);
+        if (wrote_size < 0)
+            return errno;
+        if (wrote_size == 0)
+            return EINVAL;
+        current_offset += wrote_size;
+        write_size = new_size - current_offset;
+    }
+    return 0;
+}
+
+/*
+ * Resize the array elements.  We reinitialize the update log rather than
+ * unrolling the the log and copying it over to a temporary log for obvious
+ * performance reasons.  Replicas will subsequently do a full resync, but the
+ * need for resizing should be very small.
+ */
+static krb5_error_code
+resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd,
+       unsigned int recsize)
+{
+    unsigned int new_block, new_size;
+
+    if (ulog == NULL)
+        return KRB5_LOG_ERROR;
+
+    new_size = sizeof(kdb_hlog_t);
+    new_block = (recsize / ULOG_BLOCK) + 1;
+    new_block *= ULOG_BLOCK;
+    new_size += ulogentries * new_block;
+
+    if (new_size > MAXLOGLEN)
+        return KRB5_LOG_ERROR;
+
+    /* Reinit log with new block size. */
+    memset(ulog, 0, sizeof(*ulog));
+    ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+    ulog->db_version_num = KDB_VERSION;
+    ulog->kdb_state = KDB_STABLE;
+    ulog->kdb_block = new_block;
+    sync_header(ulog);
+
+    /* Expand log considering new block size. */
+    return extend_file_to(ulogfd, new_size);
+}
+
+/* Set the ulog to contain only a dummy entry with the given serial number and
+ * timestamp. */
+static void
+set_dummy(kdb_log_context *log_ctx, kdb_sno_t sno, const kdbe_time_t *kdb_time)
+{
+    kdb_hlog_t *ulog = log_ctx->ulog;
+    kdb_ent_header_t *ent = INDEX(ulog, (sno - 1) % log_ctx->ulogentries);
+
+    memset(ent, 0, sizeof(*ent));
+    ent->kdb_umagic = KDB_ULOG_MAGIC;
+    ent->kdb_entry_sno = sno;
+    ent->kdb_time = *kdb_time;
+    sync_update(ulog, ent);
+
+    ulog->kdb_num = 1;
+    ulog->kdb_first_sno = ulog->kdb_last_sno = sno;
+    ulog->kdb_first_time = ulog->kdb_last_time = *kdb_time;
+}
+
+/* Reinitialize the ulog header, starting from sno 1 with the current time. */
+static void
+reset_ulog(kdb_log_context *log_ctx)
+{
+    kdbe_time_t kdb_time;
+    kdb_hlog_t *ulog = log_ctx->ulog;
+
+    memset(ulog, 0, sizeof(*ulog));
+    ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+    ulog->db_version_num = KDB_VERSION;
+    ulog->kdb_block = ULOG_BLOCK;
+
+    /* Create a dummy entry to remember the timestamp for downstreams. */
+    time_current(&kdb_time);
+    set_dummy(log_ctx, 1, &kdb_time);
+    ulog->kdb_state = KDB_STABLE;
+    sync_header(ulog);
+}
+
+/*
+ * If any database operations will be invoked while the ulog lock is held, the
+ * caller must explicitly lock the database before locking the ulog, or
+ * deadlock may result.
+ */
+static krb5_error_code
+lock_ulog(krb5_context context, int mode)
+{
+    kdb_log_context *log_ctx = NULL;
+    kdb_hlog_t *ulog = NULL;
+
+    INIT_ULOG(context);
+    return krb5_lock_file(context, log_ctx->ulogfd, mode);
+}
+
+static void
+unlock_ulog(krb5_context context)
+{
+    (void)lock_ulog(context, KRB5_LOCKMODE_UNLOCK);
+}
+
+/*
+ * Add an update to the log.  The update's kdb_entry_sno and kdb_time fields
+ * must already be set.  The layout of the update log looks like:
+ *
+ * header log -> [ update header -> xdr(kdb_incr_update_t) ], ...
+ */
+static krb5_error_code
+store_update(kdb_log_context *log_ctx, kdb_incr_update_t *upd)
+{
+    XDR xdrs;
+    kdb_ent_header_t *indx_log;
+    unsigned int i, recsize;
+    unsigned long upd_size;
+    krb5_error_code retval;
+    kdb_hlog_t *ulog = log_ctx->ulog;
+    uint32_t ulogentries = log_ctx->ulogentries;
+
+    upd_size = xdr_sizeof((xdrproc_t)xdr_kdb_incr_update_t, upd);
+
+    recsize = sizeof(kdb_ent_header_t) + upd_size;
+
+    if (recsize > ulog->kdb_block) {
+        retval = resize(ulog, ulogentries, log_ctx->ulogfd, recsize);
+        if (retval)
+            return retval;
+    }
+
+    ulog->kdb_state = KDB_UNSTABLE;
+
+    i = (upd->kdb_entry_sno - 1) % ulogentries;
+    indx_log = INDEX(ulog, i);
+
+    memset(indx_log, 0, ulog->kdb_block);
+    indx_log->kdb_umagic = KDB_ULOG_MAGIC;
+    indx_log->kdb_entry_size = upd_size;
+    indx_log->kdb_entry_sno = upd->kdb_entry_sno;
+    indx_log->kdb_time = upd->kdb_time;
+    indx_log->kdb_commit = FALSE;
+
+    xdrmem_create(&xdrs, (char *)indx_log->entry_data,
+                  indx_log->kdb_entry_size, XDR_ENCODE);
+    if (!xdr_kdb_incr_update_t(&xdrs, upd))
+        return KRB5_LOG_CONV;
+
+    indx_log->kdb_commit = TRUE;
+    sync_update(ulog, indx_log);
+
+    /* Modify the ulog header to reflect the new update. */
+    ulog->kdb_last_sno = upd->kdb_entry_sno;
+    ulog->kdb_last_time = upd->kdb_time;
+    if (ulog->kdb_num == 0) {
+        /* We should only see this in old ulogs. */
+        ulog->kdb_num = 1;
+        ulog->kdb_first_sno = upd->kdb_entry_sno;
+        ulog->kdb_first_time = upd->kdb_time;
+    } else if (ulog->kdb_num < ulogentries) {
+        ulog->kdb_num++;
+    } else {
+        /* We are circling; set kdb_first_sno and time to the next update. */
+        i = upd->kdb_entry_sno % ulogentries;
+        indx_log = INDEX(ulog, i);
+        ulog->kdb_first_sno = indx_log->kdb_entry_sno;
+        ulog->kdb_first_time = indx_log->kdb_time;
+    }
+
+    ulog->kdb_state = KDB_STABLE;
+    sync_header(ulog);
+    return 0;
+}
+
+/* Add an entry to the update log. */
+krb5_error_code
+ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
+{
+    krb5_error_code ret;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog;
+
+    INIT_ULOG(context);
+    ret = lock_ulog(context, KRB5_LOCKMODE_EXCLUSIVE);
+    if (ret)
+        return ret;
+
+    /* If we have reached the last possible serial number, reinitialize the
+     * ulog and start over.  Replicas will do a full resync. */
+    if (ulog->kdb_last_sno == (kdb_sno_t)-1)
+        reset_ulog(log_ctx);
+
+    upd->kdb_entry_sno = ulog->kdb_last_sno + 1;
+    time_current(&upd->kdb_time);
+    ret = store_update(log_ctx, upd);
+    unlock_ulog(context);
+    return ret;
+}
+
+/* Used by the replica to update its hash db from the incr update log. */
+krb5_error_code
+ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args)
+{
+    krb5_db_entry *entry = NULL;
+    kdb_incr_update_t *upd = NULL, *fupd;
+    int i, no_of_updates;
+    krb5_error_code retval;
+    krb5_principal dbprinc;
+    char *dbprincstr;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog = NULL;
+
+    INIT_ULOG(context);
+
+    retval = krb5_db_open(context, db_args,
+                          KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
+    if (retval)
+        return retval;
+
+    no_of_updates = incr_ret->updates.kdb_ulog_t_len;
+    upd = incr_ret->updates.kdb_ulog_t_val;
+    fupd = upd;
+
+    for (i = 0; i < no_of_updates; i++) {
+        if (!upd->kdb_commit)
+            continue;
+
+        /* Replay this update in the database. */
+        if (upd->kdb_deleted) {
+            dbprincstr = k5memdup0(upd->kdb_princ_name.utf8str_t_val,
+                                   upd->kdb_princ_name.utf8str_t_len, &retval);
+            if (dbprincstr == NULL)
+                goto cleanup;
+
+            retval = krb5_parse_name(context, dbprincstr, &dbprinc);
+            free(dbprincstr);
+            if (retval)
+                goto cleanup;
+
+            retval = krb5int_delete_principal_no_log(context, dbprinc);
+            krb5_free_principal(context, dbprinc);
+            if (retval == KRB5_KDB_NOENTRY)
+                retval = 0;
+            if (retval)
+                goto cleanup;
+        } else {
+            retval = ulog_conv_2dbentry(context, &entry, upd);
+            if (retval)
+                goto cleanup;
+
+            retval = krb5int_put_principal_no_log(context, entry);
+            krb5_db_free_principal(context, entry);
+            if (retval)
+                goto cleanup;
+        }
+
+        retval = lock_ulog(context, KRB5_LOCKMODE_EXCLUSIVE);
+        if (retval)
+            goto cleanup;
+
+        /* If (unexpectedly) this update does not follow the last one we
+         * stored, discard any previous ulog state. */
+        if (ulog->kdb_num != 0 && upd->kdb_entry_sno != ulog->kdb_last_sno + 1)
+            reset_ulog(log_ctx);
+
+        /* Store this update in the ulog for any downstream KDCs. */
+        retval = store_update(log_ctx, upd);
+        unlock_ulog(context);
+        if (retval)
+            goto cleanup;
+
+        upd++;
+    }
+
+cleanup:
+    if (retval)
+        (void)ulog_init_header(context);
+    if (fupd)
+        ulog_free_entries(fupd, no_of_updates);
+    return retval;
+}
+
+/* Reinitialize the log header. */
+krb5_error_code
+ulog_init_header(krb5_context context)
+{
+    krb5_error_code ret;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog;
+
+    INIT_ULOG(context);
+    ret = lock_ulog(context, KRB5_LOCKMODE_EXCLUSIVE);
+    if (ret)
+        return ret;
+    reset_ulog(log_ctx);
+    unlock_ulog(context);
+    return 0;
+}
+
+/* Map the log file to memory for performance and simplicity. */
+krb5_error_code
+ulog_map(krb5_context context, const char *logname, uint32_t ulogentries)
+{
+    struct stat st;
+    krb5_error_code retval;
+    uint32_t filesize;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog = NULL;
+    krb5_boolean locked = FALSE;
+
+    log_ctx = create_log_context(context);
+    if (log_ctx == NULL)
+        return ENOMEM;
+
+    if (stat(logname, &st) == -1) {
+        log_ctx->ulogfd = open(logname, O_RDWR | O_CREAT, 0600);
+        if (log_ctx->ulogfd == -1) {
+            retval = errno;
+            goto cleanup;
+        }
+
+        filesize = sizeof(kdb_hlog_t) + ulogentries * ULOG_BLOCK;
+        retval = extend_file_to(log_ctx->ulogfd, filesize);
+        if (retval)
+            goto cleanup;
+    } else {
+        log_ctx->ulogfd = open(logname, O_RDWR, 0600);
+        if (log_ctx->ulogfd == -1) {
+            retval = errno;
+            goto cleanup;
+        }
+    }
+
+    ulog = mmap(0, MAXLOGLEN, PROT_READ | PROT_WRITE, MAP_SHARED,
+                log_ctx->ulogfd, 0);
+    if (ulog == MAP_FAILED) {
+        retval = errno;
+        goto cleanup;
+    }
+    log_ctx->ulog = ulog;
+    log_ctx->ulogentries = ulogentries;
+
+    retval = lock_ulog(context, KRB5_LOCKMODE_EXCLUSIVE);
+    if (retval)
+        goto cleanup;
+    locked = TRUE;
+
+    if (ulog->kdb_hmagic != KDB_ULOG_HDR_MAGIC) {
+        if (ulog->kdb_hmagic != 0) {
+            retval = KRB5_LOG_CORRUPT;
+            goto cleanup;
+        }
+        reset_ulog(log_ctx);
+    }
+
+    /* Reinit ulog if ulogentries changed such that we have too many entries or
+     * our first or last entry was written to the wrong location. */
+    if (ulog->kdb_num != 0 &&
+        (ulog->kdb_num > ulogentries ||
+         !check_sno(log_ctx, ulog->kdb_first_sno, &ulog->kdb_first_time) ||
+         !check_sno(log_ctx, ulog->kdb_last_sno, &ulog->kdb_last_time)))
+        reset_ulog(log_ctx);
+
+    if (ulog->kdb_num != ulogentries) {
+        /* Expand the ulog file if it isn't big enough. */
+        filesize = sizeof(kdb_hlog_t) + ulogentries * ulog->kdb_block;
+        retval = extend_file_to(log_ctx->ulogfd, filesize);
+        if (retval)
+            goto cleanup;
+    }
+
+cleanup:
+    if (locked)
+        unlock_ulog(context);
+    if (retval)
+        ulog_fini(context);
+    return retval;
+}
+
+/* Get the last set of updates seen, (last+1) to n is returned. */
+krb5_error_code
+ulog_get_entries(krb5_context context, const kdb_last_t *last,
+                 kdb_incr_result_t *ulog_handle)
+{
+    XDR xdrs;
+    kdb_ent_header_t *indx_log;
+    kdb_incr_update_t *upd;
+    unsigned int indx, count;
+    uint32_t sno;
+    krb5_error_code retval;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog = NULL;
+    uint32_t ulogentries;
+
+    INIT_ULOG(context);
+    ulogentries = log_ctx->ulogentries;
+
+    retval = lock_ulog(context, KRB5_LOCKMODE_SHARED);
+    if (retval)
+        return retval;
+
+    /* If another process terminated mid-update, reset the ulog and force full
+     * resyncs. */
+    if (ulog->kdb_state != KDB_STABLE)
+        reset_ulog(log_ctx);
+
+    ulog_handle->ret = get_sno_status(log_ctx, last);
+    if (ulog_handle->ret != UPDATE_OK)
+        goto cleanup;
+
+    sno = last->last_sno;
+    count = ulog->kdb_last_sno - sno;
+    upd = calloc(count, sizeof(kdb_incr_update_t));
+    if (upd == NULL) {
+        ulog_handle->ret = UPDATE_ERROR;
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    ulog_handle->updates.kdb_ulog_t_val = upd;
+
+    for (; sno < ulog->kdb_last_sno; sno++) {
+        indx = sno % ulogentries;
+        indx_log = INDEX(ulog, indx);
+
+        memset(upd, 0, sizeof(kdb_incr_update_t));
+        xdrmem_create(&xdrs, (char *)indx_log->entry_data,
+                      indx_log->kdb_entry_size, XDR_DECODE);
+        if (!xdr_kdb_incr_update_t(&xdrs, upd)) {
+            ulog_handle->ret = UPDATE_ERROR;
+            retval = KRB5_LOG_CONV;
+            goto cleanup;
+        }
+
+        /* Mark commitment since we didn't want to decode and encode the incr
+         * update record the first time. */
+        upd->kdb_commit = indx_log->kdb_commit;
+        upd++;
+    }
+
+    ulog_handle->updates.kdb_ulog_t_len = count;
+
+    ulog_handle->lastentry.last_sno = ulog->kdb_last_sno;
+    ulog_handle->lastentry.last_time.seconds = ulog->kdb_last_time.seconds;
+    ulog_handle->lastentry.last_time.useconds = ulog->kdb_last_time.useconds;
+    ulog_handle->ret = UPDATE_OK;
+
+cleanup:
+    unlock_ulog(context);
+    return retval;
+}
+
+krb5_error_code
+ulog_set_role(krb5_context ctx, iprop_role role)
+{
+    if (create_log_context(ctx) == NULL)
+        return ENOMEM;
+    ctx->kdblog_context->iproprole = role;
+    return 0;
+}
+
+update_status_t
+ulog_get_sno_status(krb5_context context, const kdb_last_t *last)
+{
+    update_status_t status;
+
+    if (lock_ulog(context, KRB5_LOCKMODE_SHARED) != 0)
+        return UPDATE_ERROR;
+    status = get_sno_status(context->kdblog_context, last);
+    unlock_ulog(context);
+    return status;
+}
+
+krb5_error_code
+ulog_get_last(krb5_context context, kdb_last_t *last_out)
+{
+    krb5_error_code ret;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog;
+
+    INIT_ULOG(context);
+    ret = lock_ulog(context, KRB5_LOCKMODE_SHARED);
+    if (ret)
+        return ret;
+    last_out->last_sno = log_ctx->ulog->kdb_last_sno;
+    last_out->last_time = log_ctx->ulog->kdb_last_time;
+    unlock_ulog(context);
+    return 0;
+}
+
+krb5_error_code
+ulog_set_last(krb5_context context, const kdb_last_t *last)
+{
+    krb5_error_code ret;
+    kdb_log_context *log_ctx;
+    kdb_hlog_t *ulog;
+
+    INIT_ULOG(context);
+    ret = lock_ulog(context, KRB5_LOCKMODE_EXCLUSIVE);
+    if (ret)
+        return ret;
+
+    set_dummy(log_ctx, last->last_sno, &last->last_time);
+    sync_header(ulog);
+    unlock_ulog(context);
+    return 0;
+}
+
+void
+ulog_fini(krb5_context context)
+{
+    kdb_log_context *log_ctx = context->kdblog_context;
+
+    if (log_ctx == NULL)
+        return;
+    if (log_ctx->ulog != NULL)
+        munmap(log_ctx->ulog, MAXLOGLEN);
+    if (log_ctx->ulogfd != -1)
+        close(log_ctx->ulogfd);
+    free(log_ctx);
+    context->kdblog_context = NULL;
+}
diff --git a/krb5-1.21.3/src/lib/kdb/keytab.c b/krb5-1.21.3/src/lib/kdb/keytab.c
new file mode 100644
index 00000000..a623e001
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/keytab.c
@@ -0,0 +1,229 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/keytab.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <string.h>
+
+#include "k5-int.h"
+#include "kdb_kt.h"
+
+static int
+is_xrealm_tgt(krb5_context, krb5_const_principal);
+
+krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab);
+
+krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal,
+                                      krb5_kvno, krb5_enctype, krb5_keytab_entry *);
+
+static krb5_error_code
+krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab,
+                    char *name, unsigned int namelen)
+{
+    if (strlcpy(name, "KDB:", namelen) >= namelen)
+        return KRB5_KT_NAME_TOOLONG;
+    return 0;
+}
+
+krb5_kt_ops krb5_kt_kdb_ops = {
+    0,
+    "KDB",      /* Prefix -- this string should not appear anywhere else! */
+    krb5_ktkdb_resolve,         /* resolve */
+    krb5_ktkdb_get_name,        /* get_name */
+    krb5_ktkdb_close,           /* close */
+    krb5_ktkdb_get_entry,       /* get */
+    NULL,                       /* start_seq_get */
+    NULL,                       /* get_next */
+    NULL,                       /* end_get */
+    NULL,                       /* add (extended) */
+    NULL,                       /* remove (extended) */
+};
+
+typedef struct krb5_ktkdb_data {
+    char * name;
+} krb5_ktkdb_data;
+
+krb5_error_code
+krb5_db_register_keytab(krb5_context context)
+{
+    return krb5_kt_register(context, &krb5_kt_kdb_ops);
+}
+
+krb5_error_code
+krb5_ktkdb_resolve(context, name, id)
+    krb5_context          context;
+    const char          * name;
+    krb5_keytab         * id;
+{
+    if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL)
+        return(ENOMEM);
+    (*id)->ops = &krb5_kt_kdb_ops;
+    (*id)->magic = KV5M_KEYTAB;
+    return(0);
+}
+
+krb5_error_code
+krb5_ktkdb_close(context, kt)
+    krb5_context context;
+    krb5_keytab kt;
+{
+    /*
+     * This routine is responsible for freeing all memory allocated
+     * for this keytab.  There are no system resources that need
+     * to be freed nor are there any open files.
+     *
+     * This routine should undo anything done by krb5_ktkdb_resolve().
+     */
+
+    kt->ops = NULL;
+    free(kt);
+
+    return 0;
+}
+
+static krb5_context ktkdb_ctx = NULL;
+
+/*
+ * Set a different context for use with ktkdb_get_entry().  This is
+ * primarily useful for kadmind, where the gssapi library context,
+ * which will be used for the keytab, will necessarily have a
+ * different context than that used by the kadm5 library to access the
+ * database for its own purposes.
+ */
+krb5_error_code
+krb5_ktkdb_set_context(krb5_context ctx)
+{
+    ktkdb_ctx = ctx;
+    return 0;
+}
+
+krb5_error_code
+krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
+    krb5_context          in_context;
+    krb5_keytab           id;
+    krb5_const_principal  principal;
+    krb5_kvno             kvno;
+    krb5_enctype          enctype;
+    krb5_keytab_entry   * entry;
+{
+    krb5_context          context;
+    krb5_error_code       kerror = 0;
+    krb5_key_data       * key_data;
+    krb5_db_entry       * db_entry;
+    int xrealm_tgt;
+    krb5_boolean similar;
+
+    if (ktkdb_ctx)
+        context = ktkdb_ctx;
+    else
+        context = in_context;
+
+    xrealm_tgt = is_xrealm_tgt(context, principal);
+
+    /* Check whether database is inited. Open is commented */
+    if ((kerror = krb5_db_inited(context)))
+        return(kerror);
+
+    /* get_principal */
+    kerror = krb5_db_get_principal(context, principal, 0, &db_entry);
+    if (kerror == KRB5_KDB_NOENTRY)
+        return(KRB5_KT_NOTFOUND);
+    if (kerror)
+        return(kerror);
+
+    if (db_entry->attributes & KRB5_KDB_DISALLOW_SVR
+        || db_entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
+        kerror = KRB5_KT_NOTFOUND;
+        goto error;
+    }
+
+    /* match key */
+    /* For cross realm tgts, we match whatever enctype is provided;
+     * for other principals, we only match the first enctype that is
+     * found.  Since the TGS and AS code do the same thing, then we
+     * will only successfully decrypt  tickets we have issued.*/
+    kerror = krb5_dbe_find_enctype(context, db_entry,
+                                   xrealm_tgt?enctype:-1,
+                                   -1, kvno, &key_data);
+    if (kerror == KRB5_KDB_NO_MATCHING_KEY)
+        kerror = KRB5_KT_KVNONOTFOUND;
+    if (kerror)
+        goto error;
+
+
+    kerror = krb5_dbe_decrypt_key_data(context, NULL, key_data,
+                                       &entry->key, NULL);
+    if (kerror)
+        goto error;
+
+    if (enctype > 0) {
+        kerror = krb5_c_enctype_compare(context, enctype,
+                                        entry->key.enctype, &similar);
+        if (kerror)
+            goto error;
+
+        if (!similar) {
+            kerror = KRB5_KDB_NO_PERMITTED_KEY;
+            goto error;
+        }
+    }
+    /*
+     * Coerce the enctype of the output keyblock in case we got an
+     * inexact match on the enctype.
+     */
+    entry->key.enctype = enctype;
+
+    kerror = krb5_copy_principal(context, principal, &entry->principal);
+    if (kerror)
+        goto error;
+
+    /* Close database */
+error:
+    krb5_db_free_principal(context, db_entry);
+    /*    krb5_db_close_database(context); */
+    return(kerror);
+}
+
+/*
+ * is_xrealm_tgt: Returns true if the principal is a cross-realm  TGT
+ * principal-- a principal with first component  krbtgt and second
+ * component not equal to realm.
+ */
+static int
+is_xrealm_tgt(krb5_context context, krb5_const_principal princ)
+{
+    krb5_data *dat;
+    if (krb5_princ_size(context, princ) != 2)
+        return 0;
+    dat = krb5_princ_component(context, princ, 0);
+    if (strncmp("krbtgt", dat->data, dat->length) != 0)
+        return 0;
+    dat = krb5_princ_component(context, princ, 1);
+    if (dat->length != princ->realm.length)
+        return 1;
+    if (strncmp(dat->data, princ->realm.data, dat->length) == 0)
+        return 0;
+    return 1;
+
+}
diff --git a/krb5-1.21.3/src/lib/kdb/libkdb5.exports b/krb5-1.21.3/src/lib/kdb/libkdb5.exports
new file mode 100644
index 00000000..97dc5c0d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/libkdb5.exports
@@ -0,0 +1,108 @@
+krb5_db_setup_lib_handle
+krb5_db_open
+krb5_db_inited
+krb5_db_alloc
+krb5_db_free
+krb5_db_allowed_to_delegate_from
+krb5_db_audit_as_req
+krb5_db_check_allowed_to_delegate
+krb5_db_get_s4u_x509_principal
+krb5_db_check_policy_as
+krb5_db_check_policy_tgs
+krb5_db_check_transited_realms
+krb5_db_create
+krb5_db_delete_principal
+krb5_db_destroy
+krb5_db_fetch_mkey
+krb5_db_fetch_mkey_list
+krb5_db_fini
+krb5_db_free_principal
+krb5_db_get_age
+krb5_db_get_key_data_kvno
+krb5_db_get_context
+krb5_db_get_principal
+krb5_db_issue_pac
+krb5_db_iterate
+krb5_db_lock
+krb5_db_mkey_list_alias
+krb5_db_put_principal
+krb5_db_refresh_config
+krb5_db_rename_principal
+krb5_db_set_context
+krb5_db_setup_mkey_name
+krb5_db_unlock
+krb5_db_store_master_key
+krb5_db_store_master_key_list
+krb5_dbe_apw
+krb5_dbe_ark
+krb5_dbe_cpw
+krb5_dbe_create_key_data
+krb5_dbe_crk
+krb5_dbe_find_act_mkey
+krb5_dbe_fetch_act_key_list
+krb5_dbe_find_enctype
+krb5_dbe_find_mkey
+krb5_dbe_free_actkvno_list
+krb5_dbe_free_key_data_contents
+krb5_dbe_free_mkey_aux_list
+krb5_dbe_free_key_list
+krb5_dbe_free_string
+krb5_dbe_free_strings
+krb5_dbe_get_mkvno
+krb5_dbe_get_string
+krb5_dbe_get_strings
+krb5_dbe_compute_salt
+krb5_dbe_lookup_last_admin_unlock
+krb5_dbe_lookup_last_pwd_change
+krb5_dbe_lookup_actkvno
+krb5_dbe_lookup_mkey_aux
+krb5_dbe_lookup_mkvno
+krb5_dbe_lookup_mod_princ_data
+krb5_dbe_lookup_tl_data
+krb5_dbe_search_enctype
+krb5_dbe_set_string
+krb5_dbe_specialize_salt
+krb5_dbe_update_actkvno
+krb5_dbe_update_last_admin_unlock
+krb5_dbe_update_last_pwd_change
+krb5_dbe_update_mkey_aux
+krb5_dbe_update_mkvno
+krb5_dbe_update_mod_princ_data
+krb5_dbe_update_tl_data
+krb5_db_update_tl_data
+krb5_dbe_def_encrypt_key_data
+krb5_dbe_def_decrypt_key_data
+krb5_dbe_decrypt_key_data
+krb5_dbe_encrypt_key_data
+krb5_kt_kdb_ops
+krb5_ktkdb_close
+krb5_ktkdb_get_entry
+krb5_ktkdb_resolve
+krb5_ktkdb_set_context
+krb5_mkey_pwd_prompt1
+krb5_mkey_pwd_prompt2
+krb5_db_create_policy
+krb5_db_get_policy
+krb5_db_put_policy
+krb5_db_iter_policy
+krb5_db_delete_policy
+krb5_db_free_policy
+krb5_def_store_mkey_list
+krb5_db_promote
+krb5_db_register_keytab
+ulog_add_update
+ulog_init_header
+ulog_map
+ulog_set_role
+ulog_free_entries
+xdr_kdb_last_t
+xdr_kdb_incr_result_t
+xdr_kdb_fullresync_result_t
+ulog_fini
+ulog_get_entries
+ulog_get_last
+ulog_get_sno_status
+ulog_replay
+ulog_set_last
+xdr_kdb_incr_update_t
+krb5_dbe_sort_key_data
diff --git a/krb5-1.21.3/src/lib/kdb/t_sort_key_data.c b/krb5-1.21.3/src/lib/kdb/t_sort_key_data.c
new file mode 100644
index 00000000..ffd1a156
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/t_sort_key_data.c
@@ -0,0 +1,96 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/t_sort_key_data.c - krb5_dbe_sort_key_data() unit tests */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-cmocka.h"
+#include "kdb.h"
+
+#define KEY(kvno) {                                             \
+        1, kvno, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },        \
+        { 16, 0 },                                              \
+        { (uint8_t *)("\xDC\xEE\xB7\x0B\x3D\xE7\x65\x62"        \
+                      "\xE6\x89\x22\x6C\x76\x42\x91\x48"),      \
+                NULL }                                          \
+    }
+
+static void
+assert_sorted(krb5_key_data *keys, int num_keys)
+{
+    int i;
+
+    for (i = 1; i < num_keys; i++)
+        assert_true(keys[i].key_data_kvno <= keys[i - 1].key_data_kvno);
+}
+
+static void
+test_pre_sorted(void **state)
+{
+    krb5_key_data keys[] = { KEY(5), KEY(5), KEY(4), KEY(3), KEY(3), KEY(2),
+                             KEY(2), KEY(1) };
+    int n_keys = sizeof(keys)/sizeof(keys[0]);
+
+    krb5_dbe_sort_key_data(keys, n_keys);
+    assert_sorted(keys, n_keys);
+}
+
+static void
+test_reverse_sorted(void **state)
+{
+    krb5_key_data keys[] = { KEY(1), KEY(2), KEY(2), KEY(3), KEY(3), KEY(3),
+                             KEY(4), KEY(5) };
+    int n_keys = sizeof(keys)/sizeof(keys[0]);
+
+    krb5_dbe_sort_key_data(keys, n_keys);
+    assert_sorted(keys, n_keys);
+}
+
+static void
+test_random_order(void **state)
+{
+    krb5_key_data keys[] = { KEY(1), KEY(4), KEY(1), KEY(3), KEY(4), KEY(3),
+                             KEY(5), KEY(2) };
+    int n_keys = sizeof(keys)/sizeof(keys[0]);
+
+    krb5_dbe_sort_key_data(keys, n_keys);
+    assert_sorted(keys, n_keys);
+}
+
+int
+main(void)
+{
+    const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_pre_sorted),
+        cmocka_unit_test(test_reverse_sorted),
+        cmocka_unit_test(test_random_order)
+    };
+
+    return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/krb5-1.21.3/src/lib/kdb/t_stringattr.c b/krb5-1.21.3/src/lib/kdb/t_stringattr.c
new file mode 100644
index 00000000..11740368
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/t_stringattr.c
@@ -0,0 +1,95 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/t_strings.c - Test program for KDB string attribute functions */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <kdb.h>
+
+/*
+ * This program exercises the KDB entry APIs for string attributes.  It relies
+ * on some implementation knowledge:
+ *
+ * - The APIs will work on a DB entry initialized to all zeros (because it has
+ *   an empty tl_data list).
+ *
+ * - Attribute order in krb5_dbe_get_strings matches attribute insertion order.
+ */
+
+int
+main()
+{
+    krb5_db_entry *ent;
+    krb5_context context;
+    krb5_string_attr *strings;
+    char *val;
+    int count;
+
+    assert(krb5int_init_context_kdc(&context) == 0);
+
+    /* Start with an empty entry. */
+    ent = calloc(1, sizeof(*ent));
+    if (ent == NULL) {
+        fprintf(stderr, "Can't allocate memory for entry.\n");
+        return 1;
+    }
+
+    /* Check that the entry has no strings to start. */
+    assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0);
+    assert(strings == NULL && count == 0);
+    krb5_dbe_free_strings(context, strings, count);
+
+    /* Check that we get a null value querying a specific attribute. */
+    assert(krb5_dbe_get_string(context, ent, "foo", &val) == 0);
+    assert(val == NULL);
+
+    /* Set some attributes one at a time, including a deletion. */
+    assert(krb5_dbe_set_string(context, ent, "eggs", "dozen") == 0);
+    assert(krb5_dbe_set_string(context, ent, "price", "right") == 0);
+    assert(krb5_dbe_set_string(context, ent, "eggs", NULL) == 0);
+    assert(krb5_dbe_set_string(context, ent, "time", "flies") == 0);
+
+    /* Query each attribute. */
+    assert(krb5_dbe_get_string(context, ent, "price", &val) == 0);
+    assert(strcmp(val, "right") == 0);
+    krb5_dbe_free_string(context, val);
+    assert(krb5_dbe_get_string(context, ent, "time", &val) == 0);
+    assert(strcmp(val, "flies") == 0);
+    krb5_dbe_free_string(context, val);
+    assert(krb5_dbe_get_string(context, ent, "eggs", &val) == 0);
+    assert(val == NULL);
+
+    /* Query the list of attributes and verify it. */
+    assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0);
+    assert(count == 2);
+    assert(strcmp(strings[0].key, "price") == 0);
+    assert(strcmp(strings[0].value, "right") == 0);
+    assert(strcmp(strings[1].key, "time") == 0);
+    assert(strcmp(strings[1].value, "flies") == 0);
+    krb5_dbe_free_strings(context, strings, count);
+
+    krb5_db_free_principal(context, ent);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/kdb/t_stringattr.py b/krb5-1.21.3/src/lib/kdb/t_stringattr.py
new file mode 100755
index 00000000..93e2b0c0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/t_stringattr.py
@@ -0,0 +1,5 @@
+from k5test import *
+
+realm = K5Realm(create_kdb=False)
+realm.run(['./t_stringattr'])
+success('String attribute unit tests')
diff --git a/krb5-1.21.3/src/lib/kdb/t_ulog.c b/krb5-1.21.3/src/lib/kdb/t_ulog.c
new file mode 100644
index 00000000..96e00bb4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/kdb/t_ulog.c
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/t_ulog.c - Unit tests for KDB update log */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program performs unit tests for the update log functions in kdb_log.c.
+ * Right now it contains only a test for issue #7839, checking that
+ * ulog_add_update behaves appropriately when the last serial number is
+ * reached.
+ *
+ * The test program accepts one argument, which it unlinks and then maps with
+ * ulog_map().  This lets us test all of the update log functions except for
+ * ulog_replay(), which needs to open and modify a Kerberos database.
+ * ulog_replay is adequately exercised by the functional tests in t_iprop.py.
+ */
+
+#include "k5-int.h"
+#include "kdb_log.h"
+
+/* Use a zeroed context structure to avoid reading the profile.  This works
+ * fine for the ulog functions. */
+static struct _krb5_context context_st;
+static krb5_context context = &context_st;
+
+int
+main(int argc, char **argv)
+{
+    kdb_log_context *lctx;
+    kdb_hlog_t *ulog;
+    kdb_incr_update_t upd;
+    const char *filename;
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s filename\n", argv[0]);
+        exit(1);
+    }
+    filename = argv[1];
+    unlink(filename);
+
+    if (ulog_map(context, filename, 10) != 0)
+        abort();
+    lctx = context->kdblog_context;
+    ulog = lctx->ulog;
+
+    /* Modify the ulog to look like it has reached the last serial number.
+     * Leave the timestamps at 0 and don't bother setting up the entries. */
+    ulog->kdb_num = lctx->ulogentries;
+    ulog->kdb_last_sno = (kdb_sno_t)-1;
+    ulog->kdb_first_sno = ulog->kdb_last_sno - ulog->kdb_num + 1;
+
+    /* Add an empty update.  This should reinitialize the ulog, then add the
+     * update with serial number 2. */
+    memset(&upd, 0, sizeof(kdb_incr_update_t));
+    if (ulog_add_update(context, &upd) != 0)
+        abort();
+    assert(ulog->kdb_num == 2);
+    assert(ulog->kdb_first_sno == 1);
+    assert(ulog->kdb_last_sno == 2);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/Makefile.in b/krb5-1.21.3/src/lib/krad/Makefile.in
new file mode 100644
index 00000000..8c3317fe
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/Makefile.in
@@ -0,0 +1,73 @@
+mydir=lib$(S)krad
+BUILDTOP=$(REL)..$(S)..
+RELDIR=krad
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+SHLIB_EXPLIBS=$(KRB5_BASE_LIBS) $(VERTO_LIBS)
+SHLIB_EXPDEPLIBS=$(KRB5_BASE_DEPLIBS) $(VERTO_DEPLIB)
+SHLIB_DIRS=-L$(TOPLIBD)
+SHLIB_RDIRS=$(KRB5_LIBDIR)
+
+LIBBASE=krad
+LIBMAJOR=0
+LIBMINOR=0
+
+STLIBOBJS=attr.o attrset.o client.o code.o packet.o remote.o
+LIBOBJS=$(OUTPRE)attr.$(OBJEXT) \
+	$(OUTPRE)attrset.$(OBJEXT) \
+	$(OUTPRE)client.$(OBJEXT) \
+	$(OUTPRE)code.$(OBJEXT) \
+	$(OUTPRE)packet.$(OBJEXT) \
+	$(OUTPRE)remote.$(OBJEXT)
+SRCS=attr.c attrset.c client.c code.c packet.c remote.c \
+	t_attr.c t_attrset.c t_client.c t_code.c t_packet.c t_remote.c t_test.c
+
+STOBJLISTS=OBJS.ST
+
+all-unix: all-liblinks
+install-unix: install-libs
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+check-unix: t_attr t_attrset t_code t_packet t_remote t_client
+	$(RUN_TEST) ./t_attr
+	$(RUN_TEST) ./t_attrset
+	$(RUN_TEST) ./t_code
+	$(RUN_TEST) ./t_packet $(PYTHON) $(srcdir)/t_daemon.py
+	$(RUN_TEST) ./t_remote $(PYTHON) $(srcdir)/t_daemon.py
+	$(RUN_TEST) ./t_client $(PYTHON) $(srcdir)/t_daemon.py
+
+TESTDEPS=t_test.o $(KRB5_BASE_DEPLIBS)
+TESTLIBS=t_test.o $(KRB5_BASE_LIBS)
+
+T_ATTR_OBJS=attr.o t_attr.o
+t_attr: $(T_ATTR_OBJS) $(TESTDEPS)
+	$(CC_LINK) -o $@ $(T_ATTR_OBJS) $(TESTLIBS)
+
+T_ATTRSET_OBJS=attr.o attrset.o t_attrset.o
+t_attrset: $(T_ATTRSET_OBJS) $(TESTDEPS)
+	$(CC_LINK) -o $@ $(T_ATTRSET_OBJS) $(TESTLIBS)
+
+T_CODE_OBJS=code.o t_code.o
+t_code: $(T_CODE_OBJS) $(TESTDEPS)
+	$(CC_LINK) -o $@ $(T_CODE_OBJS) $(TESTLIBS)
+
+T_PACKET_OBJS=attr.o attrset.o code.o packet.o t_packet.o
+t_packet: $(T_PACKET_OBJS) $(TESTDEPS)
+	$(CC_LINK) -o $@ $(T_PACKET_OBJS) $(TESTLIBS)
+
+T_REMOTE_OBJS=attr.o attrset.o code.o packet.o remote.o t_remote.o
+t_remote: $(T_REMOTE_OBJS) $(TESTDEPS) $(VERTO_DEPLIB)
+	$(CC_LINK) -o $@ $(T_REMOTE_OBJS) $(TESTLIBS) $(VERTO_LIBS)
+
+T_CLIENT_OBJS=attr.o attrset.o code.o packet.o remote.o client.o t_client.o
+t_client: $(T_CLIENT_OBJS) $(TESTDEPS) $(VERTO_DEPLIB)
+	$(CC_LINK) -o $@ $(T_CLIENT_OBJS) $(TESTLIBS) $(VERTO_LIBS)
+
+clean-unix:: clean-libobjs
+	$(RM) *.o t_attr t_attrset t_code t_packet t_remote t_client
+
+@lib_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/krad/attr.c b/krb5-1.21.3/src/lib/krad/attr.c
new file mode 100644
index 00000000..9c13d9d7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/attr.c
@@ -0,0 +1,317 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/attr.c - RADIUS attribute functions for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include "internal.h"
+
+#include <string.h>
+
+/* RFC 2865 */
+#define BLOCKSIZE 16
+
+typedef krb5_error_code
+(*attribute_transform_fn)(krb5_context ctx, const char *secret,
+                          const unsigned char *auth, const krb5_data *in,
+                          unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
+
+typedef struct {
+    const char *name;
+    unsigned char minval;
+    unsigned char maxval;
+    attribute_transform_fn encode;
+    attribute_transform_fn decode;
+} attribute_record;
+
+static krb5_error_code
+user_password_encode(krb5_context ctx, const char *secret,
+                     const unsigned char *auth, const krb5_data *in,
+                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
+
+static krb5_error_code
+user_password_decode(krb5_context ctx, const char *secret,
+                     const unsigned char *auth, const krb5_data *in,
+                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
+
+static const attribute_record attributes[UCHAR_MAX] = {
+    {"User-Name", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"User-Password", 1, 128, user_password_encode, user_password_decode},
+    {"CHAP-Password", 17, 17, NULL, NULL},
+    {"NAS-IP-Address", 4, 4, NULL, NULL},
+    {"NAS-Port", 4, 4, NULL, NULL},
+    {"Service-Type", 4, 4, NULL, NULL},
+    {"Framed-Protocol", 4, 4, NULL, NULL},
+    {"Framed-IP-Address", 4, 4, NULL, NULL},
+    {"Framed-IP-Netmask", 4, 4, NULL, NULL},
+    {"Framed-Routing", 4, 4, NULL, NULL},
+    {"Filter-Id", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Framed-MTU", 4, 4, NULL, NULL},
+    {"Framed-Compression", 4, 4, NULL, NULL},
+    {"Login-IP-Host", 4, 4, NULL, NULL},
+    {"Login-Service", 4, 4, NULL, NULL},
+    {"Login-TCP-Port", 4, 4, NULL, NULL},
+    {NULL, 0, 0, NULL, NULL}, /* Unassigned */
+    {"Reply-Message", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Callback-Number", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Callback-Id", 1, MAX_ATTRSIZE, NULL, NULL},
+    {NULL, 0, 0, NULL, NULL}, /* Unassigned */
+    {"Framed-Route", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Framed-IPX-Network", 4, 4, NULL, NULL},
+    {"State", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Class", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Vendor-Specific", 5, MAX_ATTRSIZE, NULL, NULL},
+    {"Session-Timeout", 4, 4, NULL, NULL},
+    {"Idle-Timeout", 4, 4, NULL, NULL},
+    {"Termination-Action", 4, 4, NULL, NULL},
+    {"Called-Station-Id", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Calling-Station-Id", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"NAS-Identifier", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Proxy-State", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Login-LAT-Service", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Login-LAT-Node", 1, MAX_ATTRSIZE, NULL, NULL},
+    {"Login-LAT-Group", 32, 32, NULL, NULL},
+    {"Framed-AppleTalk-Link", 4, 4, NULL, NULL},
+    {"Framed-AppleTalk-Network", 4, 4, NULL, NULL},
+    {"Framed-AppleTalk-Zone", 1, MAX_ATTRSIZE, NULL, NULL},
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {NULL, 0, 0, NULL, NULL}, /* Reserved for accounting */
+    {"CHAP-Challenge", 5, MAX_ATTRSIZE, NULL, NULL},
+    {"NAS-Port-Type", 4, 4, NULL, NULL},
+    {"Port-Limit", 4, 4, NULL, NULL},
+    {"Login-LAT-Port", 1, MAX_ATTRSIZE, NULL, NULL},
+};
+
+/* Encode User-Password attribute. */
+static krb5_error_code
+user_password_encode(krb5_context ctx, const char *secret,
+                     const unsigned char *auth, const krb5_data *in,
+                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
+{
+    const unsigned char *indx;
+    krb5_error_code retval;
+    unsigned int seclen;
+    krb5_checksum sum;
+    size_t blck, len, i;
+    krb5_data tmp;
+
+    /* Copy the input buffer to the (zero-padded) output buffer. */
+    len = (in->length + BLOCKSIZE - 1) / BLOCKSIZE * BLOCKSIZE;
+    if (len > MAX_ATTRSIZE)
+        return ENOBUFS;
+    memset(outbuf, 0, len);
+    memcpy(outbuf, in->data, in->length);
+
+    /* Create our temporary space for processing each block. */
+    seclen = strlen(secret);
+    retval = alloc_data(&tmp, seclen + BLOCKSIZE);
+    if (retval != 0)
+        return retval;
+
+    memcpy(tmp.data, secret, seclen);
+    for (blck = 0, indx = auth; blck * BLOCKSIZE < len; blck++) {
+        memcpy(tmp.data + seclen, indx, BLOCKSIZE);
+
+        retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
+                                      &sum);
+        if (retval != 0) {
+            zap(tmp.data, tmp.length);
+            zap(outbuf, len);
+            krb5_free_data_contents(ctx, &tmp);
+            return retval;
+        }
+
+        for (i = 0; i < BLOCKSIZE; i++)
+            outbuf[blck * BLOCKSIZE + i] ^= sum.contents[i];
+        krb5_free_checksum_contents(ctx, &sum);
+
+        indx = &outbuf[blck * BLOCKSIZE];
+    }
+
+    zap(tmp.data, tmp.length);
+    krb5_free_data_contents(ctx, &tmp);
+    *outlen = len;
+    return 0;
+}
+
+/* Decode User-Password attribute. */
+static krb5_error_code
+user_password_decode(krb5_context ctx, const char *secret,
+                     const unsigned char *auth, const krb5_data *in,
+                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
+{
+    const unsigned char *indx;
+    krb5_error_code retval;
+    unsigned int seclen;
+    krb5_checksum sum;
+    ssize_t blck, i;
+    krb5_data tmp;
+
+    if (in->length % BLOCKSIZE != 0)
+        return EINVAL;
+    if (in->length > MAX_ATTRSIZE)
+        return ENOBUFS;
+
+    /* Create our temporary space for processing each block. */
+    seclen = strlen(secret);
+    retval = alloc_data(&tmp, seclen + BLOCKSIZE);
+    if (retval != 0)
+        return retval;
+
+    memcpy(tmp.data, secret, seclen);
+    for (blck = 0, indx = auth; blck * BLOCKSIZE < in->length; blck++) {
+        memcpy(tmp.data + seclen, indx, BLOCKSIZE);
+
+        retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
+                                      &tmp, &sum);
+        if (retval != 0) {
+            zap(tmp.data, tmp.length);
+            zap(outbuf, in->length);
+            krb5_free_data_contents(ctx, &tmp);
+            return retval;
+        }
+
+        for (i = 0; i < BLOCKSIZE; i++) {
+            outbuf[blck * BLOCKSIZE + i] = in->data[blck * BLOCKSIZE + i] ^
+                sum.contents[i];
+        }
+        krb5_free_checksum_contents(ctx, &sum);
+
+        indx = (const unsigned char *)&in->data[blck * BLOCKSIZE];
+    }
+
+    /* Strip off trailing NULL bytes. */
+    *outlen = in->length;
+    while (*outlen > 0 && outbuf[*outlen - 1] == '\0')
+        (*outlen)--;
+
+    krb5_free_data_contents(ctx, &tmp);
+    return 0;
+}
+
+krb5_error_code
+kr_attr_valid(krad_attr type, const krb5_data *data)
+{
+    const attribute_record *ar;
+
+    if (type == 0)
+        return EINVAL;
+
+    ar = &attributes[type - 1];
+    return (data->length >= ar->minval && data->length <= ar->maxval) ? 0 :
+        EMSGSIZE;
+}
+
+krb5_error_code
+kr_attr_encode(krb5_context ctx, const char *secret,
+               const unsigned char *auth, krad_attr type,
+               const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
+               size_t *outlen)
+{
+    krb5_error_code retval;
+
+    retval = kr_attr_valid(type, in);
+    if (retval != 0)
+        return retval;
+
+    if (attributes[type - 1].encode == NULL) {
+        if (in->length > MAX_ATTRSIZE)
+            return ENOBUFS;
+
+        *outlen = in->length;
+        memcpy(outbuf, in->data, in->length);
+        return 0;
+    }
+
+    return attributes[type - 1].encode(ctx, secret, auth, in, outbuf, outlen);
+}
+
+krb5_error_code
+kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+               krad_attr type, const krb5_data *in,
+               unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
+{
+    krb5_error_code retval;
+
+    retval = kr_attr_valid(type, in);
+    if (retval != 0)
+        return retval;
+
+    if (attributes[type - 1].encode == NULL) {
+        if (in->length > MAX_ATTRSIZE)
+            return ENOBUFS;
+
+        *outlen = in->length;
+        memcpy(outbuf, in->data, in->length);
+        return 0;
+    }
+
+    return attributes[type - 1].decode(ctx, secret, auth, in, outbuf, outlen);
+}
+
+krad_attr
+krad_attr_name2num(const char *name)
+{
+    unsigned char i;
+
+    for (i = 0; i < UCHAR_MAX; i++) {
+        if (attributes[i].name == NULL)
+            continue;
+
+        if (strcmp(attributes[i].name, name) == 0)
+            return i + 1;
+    }
+
+    return 0;
+}
+
+const char *
+krad_attr_num2name(krad_attr type)
+{
+    if (type == 0)
+        return NULL;
+
+    return attributes[type - 1].name;
+}
diff --git a/krb5-1.21.3/src/lib/krad/attrset.c b/krb5-1.21.3/src/lib/krad/attrset.c
new file mode 100644
index 00000000..f309f158
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/attrset.c
@@ -0,0 +1,244 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/attrset.c - RADIUS attribute set functions for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include <k5-queue.h>
+#include "internal.h"
+
+#include <string.h>
+
+K5_TAILQ_HEAD(attr_head, attr_st);
+
+typedef struct attr_st attr;
+struct attr_st {
+    K5_TAILQ_ENTRY(attr_st) list;
+    krad_attr type;
+    krb5_data attr;
+    char buffer[MAX_ATTRSIZE];
+};
+
+struct krad_attrset_st {
+    krb5_context ctx;
+    struct attr_head list;
+};
+
+krb5_error_code
+krad_attrset_new(krb5_context ctx, krad_attrset **set)
+{
+    krad_attrset *tmp;
+
+    tmp = calloc(1, sizeof(krad_attrset));
+    if (tmp == NULL)
+        return ENOMEM;
+    tmp->ctx = ctx;
+    K5_TAILQ_INIT(&tmp->list);
+
+    *set = tmp;
+    return 0;
+}
+
+void
+krad_attrset_free(krad_attrset *set)
+{
+    attr *a;
+
+    if (set == NULL)
+        return;
+
+    while (!K5_TAILQ_EMPTY(&set->list)) {
+        a = K5_TAILQ_FIRST(&set->list);
+        K5_TAILQ_REMOVE(&set->list, a, list);
+        zap(a->buffer, sizeof(a->buffer));
+        free(a);
+    }
+
+    free(set);
+}
+
+krb5_error_code
+krad_attrset_add(krad_attrset *set, krad_attr type, const krb5_data *data)
+{
+    krb5_error_code retval;
+    attr *tmp;
+
+    retval = kr_attr_valid(type, data);
+    if (retval != 0)
+        return retval;
+
+    tmp = calloc(1, sizeof(attr));
+    if (tmp == NULL)
+        return ENOMEM;
+
+    tmp->type = type;
+    tmp->attr = make_data(tmp->buffer, data->length);
+    memcpy(tmp->attr.data, data->data, data->length);
+
+    K5_TAILQ_INSERT_TAIL(&set->list, tmp, list);
+    return 0;
+}
+
+krb5_error_code
+krad_attrset_add_number(krad_attrset *set, krad_attr type, krb5_ui_4 num)
+{
+    krb5_data data;
+
+    num = htonl(num);
+    data = make_data(&num, sizeof(num));
+    return krad_attrset_add(set, type, &data);
+}
+
+void
+krad_attrset_del(krad_attrset *set, krad_attr type, size_t indx)
+{
+    attr *a;
+
+    K5_TAILQ_FOREACH(a, &set->list, list) {
+        if (a->type == type && indx-- == 0) {
+            K5_TAILQ_REMOVE(&set->list, a, list);
+            zap(a->buffer, sizeof(a->buffer));
+            free(a);
+            return;
+        }
+    }
+}
+
+const krb5_data *
+krad_attrset_get(const krad_attrset *set, krad_attr type, size_t indx)
+{
+    attr *a;
+
+    K5_TAILQ_FOREACH(a, &set->list, list) {
+        if (a->type == type && indx-- == 0)
+            return &a->attr;
+    }
+
+    return NULL;
+}
+
+krb5_error_code
+krad_attrset_copy(const krad_attrset *set, krad_attrset **copy)
+{
+    krb5_error_code retval;
+    krad_attrset *tmp;
+    attr *a;
+
+    retval = krad_attrset_new(set->ctx, &tmp);
+    if (retval != 0)
+        return retval;
+
+    K5_TAILQ_FOREACH(a, &set->list, list) {
+        retval = krad_attrset_add(tmp, a->type, &a->attr);
+        if (retval != 0) {
+            krad_attrset_free(tmp);
+            return retval;
+        }
+    }
+
+    *copy = tmp;
+    return 0;
+}
+
+krb5_error_code
+kr_attrset_encode(const krad_attrset *set, const char *secret,
+                  const unsigned char *auth,
+                  unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen)
+{
+    unsigned char buffer[MAX_ATTRSIZE];
+    krb5_error_code retval;
+    size_t i = 0, attrlen;
+    attr *a;
+
+    if (set == NULL) {
+        *outlen = 0;
+        return 0;
+    }
+
+    K5_TAILQ_FOREACH(a, &set->list, list) {
+        retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr,
+                                buffer, &attrlen);
+        if (retval != 0)
+            return retval;
+
+        if (i + attrlen + 2 > MAX_ATTRSETSIZE)
+            return EMSGSIZE;
+
+        outbuf[i++] = a->type;
+        outbuf[i++] = attrlen + 2;
+        memcpy(&outbuf[i], buffer, attrlen);
+        i += attrlen;
+    }
+
+    *outlen = i;
+    return 0;
+}
+
+krb5_error_code
+kr_attrset_decode(krb5_context ctx, const krb5_data *in, const char *secret,
+                  const unsigned char *auth, krad_attrset **set_out)
+{
+    unsigned char buffer[MAX_ATTRSIZE];
+    krb5_data tmp;
+    krb5_error_code retval;
+    krad_attr type;
+    krad_attrset *set;
+    size_t i, len;
+
+    *set_out = NULL;
+
+    retval = krad_attrset_new(ctx, &set);
+    if (retval != 0)
+        return retval;
+
+    for (i = 0; i + 2 < in->length; ) {
+        type = in->data[i++];
+        tmp = make_data(&in->data[i + 1], (uint8_t)in->data[i] - 2);
+        i += tmp.length + 1;
+
+        retval = (in->length < i) ? EBADMSG : 0;
+        if (retval != 0)
+            goto cleanup;
+
+        retval = kr_attr_decode(ctx, secret, auth, type, &tmp, buffer, &len);
+        if (retval != 0)
+            goto cleanup;
+
+        tmp = make_data(buffer, len);
+        retval = krad_attrset_add(set, type, &tmp);
+        if (retval != 0)
+            goto cleanup;
+    }
+
+    *set_out = set;
+    set = NULL;
+
+cleanup:
+    zap(buffer, sizeof(buffer));
+    krad_attrset_free(set);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krad/client.c b/krb5-1.21.3/src/lib/krad/client.c
new file mode 100644
index 00000000..810940af
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/client.c
@@ -0,0 +1,321 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/client.c - Client request code for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-queue.h>
+#include "internal.h"
+
+#include <string.h>
+#include <sys/un.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <limits.h>
+
+K5_LIST_HEAD(server_head, server_st);
+
+typedef struct remote_state_st remote_state;
+typedef struct request_st request;
+typedef struct server_st server;
+
+struct remote_state_st {
+    const krad_packet *packet;
+    krad_remote *remote;
+};
+
+struct request_st {
+    krad_client *rc;
+
+    krad_code code;
+    krad_attrset *attrs;
+    int timeout;
+    size_t retries;
+    krad_cb cb;
+    void *data;
+
+    remote_state *remotes;
+    ssize_t current;
+    ssize_t count;
+};
+
+struct server_st {
+    krad_remote *serv;
+    K5_LIST_ENTRY(server_st) list;
+};
+
+struct krad_client_st {
+    krb5_context kctx;
+    verto_ctx *vctx;
+    struct server_head servers;
+};
+
+/* Return either a pre-existing server that matches the address info and the
+ * secret, or create a new one. */
+static krb5_error_code
+get_server(krad_client *rc, const struct addrinfo *ai, const char *secret,
+           krad_remote **out)
+{
+    krb5_error_code retval;
+    server *srv;
+
+    K5_LIST_FOREACH(srv, &rc->servers, list) {
+        if (kr_remote_equals(srv->serv, ai, secret)) {
+            *out = srv->serv;
+            return 0;
+        }
+    }
+
+    srv = calloc(1, sizeof(server));
+    if (srv == NULL)
+        return ENOMEM;
+
+    retval = kr_remote_new(rc->kctx, rc->vctx, ai, secret, &srv->serv);
+    if (retval != 0) {
+        free(srv);
+        return retval;
+    }
+
+    K5_LIST_INSERT_HEAD(&rc->servers, srv, list);
+    *out = srv->serv;
+    return 0;
+}
+
+/* Free a request. */
+static void
+request_free(request *req)
+{
+    krad_attrset_free(req->attrs);
+    free(req->remotes);
+    free(req);
+}
+
+/* Create a request. */
+static krb5_error_code
+request_new(krad_client *rc, krad_code code, const krad_attrset *attrs,
+            const struct addrinfo *ai, const char *secret, int timeout,
+            size_t retries, krad_cb cb, void *data, request **req)
+{
+    const struct addrinfo *tmp;
+    krb5_error_code retval;
+    request *rqst;
+    size_t i;
+
+    if (ai == NULL)
+        return EINVAL;
+
+    rqst = calloc(1, sizeof(request));
+    if (rqst == NULL)
+        return ENOMEM;
+
+    for (tmp = ai; tmp != NULL; tmp = tmp->ai_next)
+        rqst->count++;
+
+    rqst->rc = rc;
+    rqst->code = code;
+    rqst->cb = cb;
+    rqst->data = data;
+    rqst->timeout = timeout / rqst->count;
+    rqst->retries = retries;
+
+    retval = krad_attrset_copy(attrs, &rqst->attrs);
+    if (retval != 0) {
+        request_free(rqst);
+        return retval;
+    }
+
+    rqst->remotes = calloc(rqst->count + 1, sizeof(remote_state));
+    if (rqst->remotes == NULL) {
+        request_free(rqst);
+        return ENOMEM;
+    }
+
+    i = 0;
+    for (tmp = ai; tmp != NULL; tmp = tmp->ai_next) {
+        retval = get_server(rc, tmp, secret, &rqst->remotes[i++].remote);
+        if (retval != 0) {
+            request_free(rqst);
+            return retval;
+        }
+    }
+
+    *req = rqst;
+    return 0;
+}
+
+/* Handle a response from a server (or related errors). */
+static void
+on_response(krb5_error_code retval, const krad_packet *reqp,
+            const krad_packet *rspp, void *data)
+{
+    request *req = data;
+    size_t i;
+
+    /* Do nothing if we are already completed. */
+    if (req->count < 0)
+        return;
+
+    /* If we have timed out and have more remotes to try, do so. */
+    if (retval == ETIMEDOUT && req->remotes[++req->current].remote != NULL) {
+        retval = kr_remote_send(req->remotes[req->current].remote, req->code,
+                                req->attrs, on_response, req, req->timeout,
+                                req->retries,
+                                &req->remotes[req->current].packet);
+        if (retval == 0)
+            return;
+    }
+
+    /* Mark the request as complete. */
+    req->count = -1;
+
+    /* Inform the callback. */
+    req->cb(retval, reqp, rspp, req->data);
+
+    /* Cancel the outstanding packets. */
+    for (i = 0; req->remotes[i].remote != NULL; i++)
+        kr_remote_cancel(req->remotes[i].remote, req->remotes[i].packet);
+
+    request_free(req);
+}
+
+krb5_error_code
+krad_client_new(krb5_context kctx, verto_ctx *vctx, krad_client **out)
+{
+    krad_client *tmp;
+
+    tmp = calloc(1, sizeof(krad_client));
+    if (tmp == NULL)
+        return ENOMEM;
+
+    tmp->kctx = kctx;
+    tmp->vctx = vctx;
+
+    *out = tmp;
+    return 0;
+}
+
+void
+krad_client_free(krad_client *rc)
+{
+    server *srv;
+
+    if (rc == NULL)
+        return;
+
+    /* Cancel all requests before freeing any remotes, since each request's
+     * callback data may contain references to multiple remotes. */
+    K5_LIST_FOREACH(srv, &rc->servers, list)
+        kr_remote_cancel_all(srv->serv);
+
+    while (!K5_LIST_EMPTY(&rc->servers)) {
+        srv = K5_LIST_FIRST(&rc->servers);
+        K5_LIST_REMOVE(srv, list);
+        kr_remote_free(srv->serv);
+        free(srv);
+    }
+
+    free(rc);
+}
+
+static krb5_error_code
+resolve_remote(const char *remote, struct addrinfo **ai)
+{
+    const char *svc = "radius";
+    krb5_error_code retval;
+    struct addrinfo hints;
+    char *sep, *srv;
+
+    /* Isolate the port number if it exists. */
+    srv = strdup(remote);
+    if (srv == NULL)
+        return ENOMEM;
+
+    if (srv[0] == '[') {
+        /* IPv6 */
+        sep = strrchr(srv, ']');
+        if (sep != NULL && sep[1] == ':') {
+            sep[1] = '\0';
+            svc = &sep[2];
+        }
+    } else {
+        /* IPv4 or DNS */
+        sep = strrchr(srv, ':');
+        if (sep != NULL && sep[1] != '\0') {
+            sep[0] = '\0';
+            svc = &sep[1];
+        }
+    }
+
+    /* Perform the lookup. */
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_socktype = SOCK_DGRAM;
+    retval = gai_error_code(getaddrinfo(srv, svc, &hints, ai));
+    free(srv);
+    return retval;
+}
+
+krb5_error_code
+krad_client_send(krad_client *rc, krad_code code, const krad_attrset *attrs,
+                 const char *remote, const char *secret, int timeout,
+                 size_t retries, krad_cb cb, void *data)
+{
+    struct addrinfo usock, *ai = NULL;
+    krb5_error_code retval;
+    struct sockaddr_un ua;
+    request *req;
+
+    if (remote[0] == '/') {
+        ua.sun_family = AF_UNIX;
+        snprintf(ua.sun_path, sizeof(ua.sun_path), "%s", remote);
+        memset(&usock, 0, sizeof(usock));
+        usock.ai_family = AF_UNIX;
+        usock.ai_socktype = SOCK_STREAM;
+        usock.ai_addr = (struct sockaddr *)&ua;
+        usock.ai_addrlen = sizeof(ua);
+
+        retval = request_new(rc, code, attrs, &usock, secret, timeout, retries,
+                             cb, data, &req);
+    } else {
+        retval = resolve_remote(remote, &ai);
+        if (retval == 0) {
+            retval = request_new(rc, code, attrs, ai, secret, timeout, retries,
+                                 cb, data, &req);
+            freeaddrinfo(ai);
+        }
+    }
+    if (retval != 0)
+        return retval;
+
+    retval = kr_remote_send(req->remotes[req->current].remote, req->code,
+                            req->attrs, on_response, req, req->timeout,
+                            req->retries, &req->remotes[req->current].packet);
+    if (retval != 0) {
+        request_free(req);
+        return retval;
+    }
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/code.c b/krb5-1.21.3/src/lib/krad/code.c
new file mode 100644
index 00000000..16871bb0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/code.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/code.c - RADIUS code name table for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "internal.h"
+
+#include <string.h>
+
+static const char *codes[UCHAR_MAX] = {
+    "Access-Request",
+    "Access-Accept",
+    "Access-Reject",
+    "Accounting-Request",
+    "Accounting-Response",
+    "Accounting-Status",
+    "Password-Request",
+    "Password-Ack",
+    "Password-Reject",
+    "Accounting-Message",
+    "Access-Challenge",
+    "Status-Server",
+    "Status-Client",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    "Resource-Free-Request",
+    "Resource-Free-Response",
+    "Resource-Query-Request",
+    "Resource-Query-Response",
+    "Alternate-Resource-Reclaim-Request",
+    "NAS-Reboot-Request",
+    "NAS-Reboot-Response",
+    NULL,
+    "Next-Passcode",
+    "New-Pin",
+    "Terminate-Session",
+    "Password-Expired",
+    "Event-Request",
+    "Event-Response",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    "Disconnect-Request",
+    "Disconnect-Ack",
+    "Disconnect-Nak",
+    "Change-Filters-Request",
+    "Change-Filters-Ack",
+    "Change-Filters-Nak",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    "IP-Address-Allocate",
+    "IP-Address-Release",
+};
+
+krad_code
+krad_code_name2num(const char *name)
+{
+    unsigned char i;
+
+    for (i = 0; i < UCHAR_MAX; i++) {
+        if (codes[i] == NULL)
+            continue;
+
+        if (strcmp(codes[i], name) == 0)
+            return ++i;
+    }
+
+    return 0;
+}
+
+const char *
+krad_code_num2name(krad_code code)
+{
+    if (code == 0)
+        return NULL;
+
+    return codes[code - 1];
+}
diff --git a/krb5-1.21.3/src/lib/krad/deps b/krb5-1.21.3/src/lib/krad/deps
new file mode 100644
index 00000000..8171f944
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/deps
@@ -0,0 +1,156 @@
+#
+# Generated makefile dependencies follow.
+#
+attr.so attr.po $(OUTPRE)attr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h attr.c internal.h
+attrset.so attrset.po $(OUTPRE)attrset.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  attrset.c internal.h
+client.so client.po $(OUTPRE)client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  client.c internal.h
+code.so code.po $(OUTPRE)code.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h code.c internal.h
+packet.so packet.po $(OUTPRE)packet.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h internal.h packet.c
+remote.so remote.po $(OUTPRE)remote.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  internal.h remote.c
+t_attr.so t_attr.po $(OUTPRE)t_attr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h internal.h t_attr.c \
+  t_test.h
+t_attrset.so t_attrset.po $(OUTPRE)t_attrset.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  internal.h t_attrset.c t_test.h
+t_client.so t_client.po $(OUTPRE)t_client.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  internal.h t_client.c t_daemon.h t_test.h
+t_code.so t_code.po $(OUTPRE)t_code.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h internal.h t_code.c \
+  t_test.h
+t_packet.so t_packet.po $(OUTPRE)t_packet.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  internal.h t_daemon.h t_packet.c t_test.h
+t_remote.so t_remote.po $(OUTPRE)t_remote.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  internal.h t_daemon.h t_remote.c t_test.h
+t_test.so t_test.po $(OUTPRE)t_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h internal.h t_test.c \
+  t_test.h
diff --git a/krb5-1.21.3/src/lib/krad/internal.h b/krb5-1.21.3/src/lib/krad/internal.h
new file mode 100644
index 00000000..7619563f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/internal.h
@@ -0,0 +1,159 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/internal.h - Internal declarations for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef INTERNAL_H_
+#define INTERNAL_H_
+
+#include <k5-int.h>
+#include "krad.h"
+
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+#ifndef UCHAR_MAX
+#define UCHAR_MAX 255
+#endif
+
+/* RFC 2865 */
+#define MAX_ATTRSIZE (UCHAR_MAX - 2)
+#define MAX_ATTRSETSIZE (KRAD_PACKET_SIZE_MAX - 20)
+
+typedef struct krad_remote_st krad_remote;
+
+/* Validate constraints of an attribute. */
+krb5_error_code
+kr_attr_valid(krad_attr type, const krb5_data *data);
+
+/* Encode an attribute. */
+krb5_error_code
+kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
+               krad_attr type, const krb5_data *in,
+               unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
+
+/* Decode an attribute. */
+krb5_error_code
+kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
+               krad_attr type, const krb5_data *in,
+               unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
+
+/* Encode the attributes into the buffer. */
+krb5_error_code
+kr_attrset_encode(const krad_attrset *set, const char *secret,
+                  const unsigned char *auth,
+                  unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
+
+/* Decode attributes from a buffer. */
+krb5_error_code
+kr_attrset_decode(krb5_context ctx, const krb5_data *in, const char *secret,
+                  const unsigned char *auth, krad_attrset **set);
+
+/* Create a new remote object which manages a socket and the state of
+ * outstanding requests. */
+krb5_error_code
+kr_remote_new(krb5_context kctx, verto_ctx *vctx, const struct addrinfo *info,
+              const char *secret, krad_remote **rr);
+
+/* Free a remote object. */
+void
+kr_remote_free(krad_remote *rr);
+
+/*
+ * Send the packet to the remote. The cb will be called when a response is
+ * received, the request times out, the request is canceled or an error occurs.
+ *
+ * The timeout parameter is the total timeout across all retries in
+ * milliseconds.
+ *
+ * If the cb is called with a retval of ETIMEDOUT it indicates that the
+ * allotted time has elapsed. However, in the case of a timeout, we continue to
+ * listen for the packet until krad_remote_cancel() is called or a response is
+ * received. This means that cb will always be called twice in the event of a
+ * timeout. This permits you to pursue other remotes while still listening for
+ * a response from the first one.
+ */
+krb5_error_code
+kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
+               krad_cb cb, void *data, int timeout, size_t retries,
+               const krad_packet **pkt);
+
+/* Remove packet from the queue of requests awaiting responses. */
+void
+kr_remote_cancel(krad_remote *rr, const krad_packet *pkt);
+
+/* Cancel all requests awaiting responses. */
+void
+kr_remote_cancel_all(krad_remote *rr);
+
+/* Determine if this remote object refers to the remote resource identified
+ * by the addrinfo struct and the secret. */
+krb5_boolean
+kr_remote_equals(const krad_remote *rr, const struct addrinfo *info,
+                 const char *secret);
+
+/* Adapted from lib/krb5/os/sendto_kdc.c. */
+static inline krb5_error_code
+gai_error_code(int err)
+{
+    switch (err) {
+    case 0:
+        return 0;
+    case EAI_BADFLAGS:
+    case EAI_FAMILY:
+    case EAI_SOCKTYPE:
+    case EAI_SERVICE:
+#ifdef EAI_ADDRFAMILY
+    case EAI_ADDRFAMILY:
+#endif
+        return EINVAL;
+    case EAI_AGAIN:
+        return EAGAIN;
+    case EAI_MEMORY:
+        return ENOMEM;
+#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
+    case EAI_NODATA:
+#endif
+    case EAI_NONAME:
+        return EADDRNOTAVAIL;
+#ifdef EAI_OVERFLOW
+    case EAI_OVERFLOW:
+        return EOVERFLOW;
+#endif
+#ifdef EAI_SYSTEM
+    case EAI_SYSTEM:
+        return errno;
+#endif
+    default:
+        return EINVAL;
+    }
+}
+
+#endif /* INTERNAL_H_ */
diff --git a/krb5-1.21.3/src/lib/krad/libkrad.exports b/krb5-1.21.3/src/lib/krad/libkrad.exports
new file mode 100644
index 00000000..fe3f1590
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/libkrad.exports
@@ -0,0 +1,23 @@
+krad_code_name2num
+krad_code_num2name
+krad_attr_name2num
+krad_attr_num2name
+krad_attrset_new
+krad_attrset_copy
+krad_attrset_free
+krad_attrset_add
+krad_attrset_add_number
+krad_attrset_del
+krad_attrset_get
+krad_packet_bytes_needed
+krad_packet_free
+krad_packet_new_request
+krad_packet_new_response
+krad_packet_decode_request
+krad_packet_decode_response
+krad_packet_encode
+krad_packet_get_code
+krad_packet_get_attr
+krad_client_new
+krad_client_free
+krad_client_send
diff --git a/krb5-1.21.3/src/lib/krad/packet.c b/krb5-1.21.3/src/lib/krad/packet.c
new file mode 100644
index 00000000..c597174b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/packet.c
@@ -0,0 +1,470 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/packet.c - Packet functions for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "internal.h"
+
+#include <string.h>
+
+#include <arpa/inet.h>
+
+typedef unsigned char uchar;
+
+/* RFC 2865 */
+#define OFFSET_CODE 0
+#define OFFSET_ID 1
+#define OFFSET_LENGTH 2
+#define OFFSET_AUTH 4
+#define OFFSET_ATTR 20
+#define AUTH_FIELD_SIZE (OFFSET_ATTR - OFFSET_AUTH)
+
+#define offset(d, o) (&(d)->data[o])
+#define pkt_code_get(p) (*(krad_code *)offset(&(p)->pkt, OFFSET_CODE))
+#define pkt_code_set(p, v) (*(krad_code *)offset(&(p)->pkt, OFFSET_CODE)) = v
+#define pkt_id_get(p) (*(uchar *)offset(&(p)->pkt, OFFSET_ID))
+#define pkt_id_set(p, v) (*(uchar *)offset(&(p)->pkt, OFFSET_ID)) = v
+#define pkt_len_get(p)  load_16_be(offset(&(p)->pkt, OFFSET_LENGTH))
+#define pkt_len_set(p, v)  store_16_be(v, offset(&(p)->pkt, OFFSET_LENGTH))
+#define pkt_auth(p) ((uchar *)offset(&(p)->pkt, OFFSET_AUTH))
+#define pkt_attr(p) ((unsigned char *)offset(&(p)->pkt, OFFSET_ATTR))
+
+struct krad_packet_st {
+    char buffer[KRAD_PACKET_SIZE_MAX];
+    krad_attrset *attrset;
+    krb5_data pkt;
+};
+
+typedef struct {
+    uchar x[(UCHAR_MAX + 1) / 8];
+} idmap;
+
+/* Ensure the map is empty. */
+static inline void
+idmap_init(idmap *map)
+{
+    memset(map, 0, sizeof(*map));
+}
+
+/* Set an id as already allocated. */
+static inline void
+idmap_set(idmap *map, uchar id)
+{
+    map->x[id / 8] |= 1 << (id % 8);
+}
+
+/* Determine whether or not an id is used. */
+static inline krb5_boolean
+idmap_isset(const idmap *map, uchar id)
+{
+    return (map->x[id / 8] & (1 << (id % 8))) != 0;
+}
+
+/* Find an unused id starting the search at the value specified in id.
+ * NOTE: For optimal security, the initial value of id should be random. */
+static inline krb5_error_code
+idmap_find(const idmap *map, uchar *id)
+{
+    krb5_int16 i;
+
+    for (i = *id; i >= 0 && i <= UCHAR_MAX; (*id % 2 == 0) ? i++ : i--) {
+        if (!idmap_isset(map, i))
+            goto success;
+    }
+
+    for (i = *id; i >= 0 && i <= UCHAR_MAX; (*id % 2 == 1) ? i++ : i--) {
+        if (!idmap_isset(map, i))
+            goto success;
+    }
+
+    return ERANGE;
+
+success:
+    *id = i;
+    return 0;
+}
+
+/* Generate size bytes of random data into the buffer. */
+static inline krb5_error_code
+randomize(krb5_context ctx, void *buffer, unsigned int size)
+{
+    krb5_data rdata = make_data(buffer, size);
+    return krb5_c_random_make_octets(ctx, &rdata);
+}
+
+/* Generate a radius packet id. */
+static krb5_error_code
+id_generate(krb5_context ctx, krad_packet_iter_cb cb, void *data, uchar *id)
+{
+    krb5_error_code retval;
+    const krad_packet *tmp;
+    idmap used;
+    uchar i;
+
+    retval = randomize(ctx, &i, sizeof(i));
+    if (retval != 0) {
+        if (cb != NULL)
+            (*cb)(data, TRUE);
+        return retval;
+    }
+
+    if (cb != NULL) {
+        idmap_init(&used);
+        for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE))
+            idmap_set(&used, tmp->pkt.data[1]);
+
+        retval = idmap_find(&used, &i);
+        if (retval != 0)
+            return retval;
+    }
+
+    *id = i;
+    return 0;
+}
+
+/* Generate a random authenticator field. */
+static krb5_error_code
+auth_generate_random(krb5_context ctx, uchar *rauth)
+{
+    krb5_ui_4 trunctime;
+    time_t currtime;
+
+    /* Get the least-significant four bytes of the current time. */
+    currtime = time(NULL);
+    if (currtime == (time_t)-1)
+        return errno;
+    trunctime = (krb5_ui_4)currtime;
+    memcpy(rauth, &trunctime, sizeof(trunctime));
+
+    /* Randomize the rest of the buffer. */
+    return randomize(ctx, rauth + sizeof(trunctime),
+                     AUTH_FIELD_SIZE - sizeof(trunctime));
+}
+
+/* Generate a response authenticator field. */
+static krb5_error_code
+auth_generate_response(krb5_context ctx, const char *secret,
+                       const krad_packet *response, const uchar *auth,
+                       uchar *rauth)
+{
+    krb5_error_code retval;
+    krb5_checksum hash;
+    krb5_data data;
+
+    /* Allocate the temporary buffer. */
+    retval = alloc_data(&data, response->pkt.length + strlen(secret));
+    if (retval != 0)
+        return retval;
+
+    /* Encoded RADIUS packet with the request's
+     * authenticator and the secret at the end. */
+    memcpy(data.data, response->pkt.data, response->pkt.length);
+    memcpy(data.data + OFFSET_AUTH, auth, AUTH_FIELD_SIZE);
+    memcpy(data.data + response->pkt.length, secret, strlen(secret));
+
+    /* Hash it. */
+    retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
+                                  &hash);
+    free(data.data);
+    if (retval != 0)
+        return retval;
+
+    memcpy(rauth, hash.contents, AUTH_FIELD_SIZE);
+    krb5_free_checksum_contents(ctx, &hash);
+    return 0;
+}
+
+/* Create a new packet. */
+static krad_packet *
+packet_new()
+{
+    krad_packet *pkt;
+
+    pkt = calloc(1, sizeof(krad_packet));
+    if (pkt == NULL)
+        return NULL;
+    pkt->pkt = make_data(pkt->buffer, sizeof(pkt->buffer));
+
+    return pkt;
+}
+
+/* Set the attrset object by decoding the packet. */
+static krb5_error_code
+packet_set_attrset(krb5_context ctx, const char *secret, krad_packet *pkt)
+{
+    krb5_data tmp;
+
+    tmp = make_data(pkt_attr(pkt), pkt->pkt.length - OFFSET_ATTR);
+    return kr_attrset_decode(ctx, &tmp, secret, pkt_auth(pkt), &pkt->attrset);
+}
+
+ssize_t
+krad_packet_bytes_needed(const krb5_data *buffer)
+{
+    size_t len;
+
+    if (buffer->length < OFFSET_AUTH)
+        return OFFSET_AUTH - buffer->length;
+
+    len = load_16_be(offset(buffer, OFFSET_LENGTH));
+    if (len > KRAD_PACKET_SIZE_MAX)
+        return -1;
+
+    return (buffer->length > len) ? 0 : len - buffer->length;
+}
+
+void
+krad_packet_free(krad_packet *pkt)
+{
+    if (pkt)
+        krad_attrset_free(pkt->attrset);
+    free(pkt);
+}
+
+/* Create a new request packet. */
+krb5_error_code
+krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code,
+                        const krad_attrset *set, krad_packet_iter_cb cb,
+                        void *data, krad_packet **request)
+{
+    krb5_error_code retval;
+    krad_packet *pkt;
+    uchar id;
+    size_t attrset_len;
+
+    pkt = packet_new();
+    if (pkt == NULL) {
+        if (cb != NULL)
+            (*cb)(data, TRUE);
+        return ENOMEM;
+    }
+
+    /* Generate the ID. */
+    retval = id_generate(ctx, cb, data, &id);
+    if (retval != 0)
+        goto error;
+    pkt_id_set(pkt, id);
+
+    /* Generate the authenticator. */
+    retval = auth_generate_random(ctx, pkt_auth(pkt));
+    if (retval != 0)
+        goto error;
+
+    /* Encode the attributes. */
+    retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt),
+                               &attrset_len);
+    if (retval != 0)
+        goto error;
+
+    /* Set the code, ID and length. */
+    pkt->pkt.length = attrset_len + OFFSET_ATTR;
+    pkt_code_set(pkt, code);
+    pkt_len_set(pkt, pkt->pkt.length);
+
+    /* Copy the attrset for future use. */
+    retval = packet_set_attrset(ctx, secret, pkt);
+    if (retval != 0)
+        goto error;
+
+    *request = pkt;
+    return 0;
+
+error:
+    free(pkt);
+    return retval;
+}
+
+/* Create a new request packet. */
+krb5_error_code
+krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code,
+                         const krad_attrset *set, const krad_packet *request,
+                         krad_packet **response)
+{
+    krb5_error_code retval;
+    krad_packet *pkt;
+    size_t attrset_len;
+
+    pkt = packet_new();
+    if (pkt == NULL)
+        return ENOMEM;
+
+    /* Encode the attributes. */
+    retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt),
+                               &attrset_len);
+    if (retval != 0)
+        goto error;
+
+    /* Set the code, ID and length. */
+    pkt->pkt.length = attrset_len + OFFSET_ATTR;
+    pkt_code_set(pkt, code);
+    pkt_id_set(pkt, pkt_id_get(request));
+    pkt_len_set(pkt, pkt->pkt.length);
+
+    /* Generate the authenticator. */
+    retval = auth_generate_response(ctx, secret, pkt, pkt_auth(request),
+                                    pkt_auth(pkt));
+    if (retval != 0)
+        goto error;
+
+    /* Copy the attrset for future use. */
+    retval = packet_set_attrset(ctx, secret, pkt);
+    if (retval != 0)
+        goto error;
+
+    *response = pkt;
+    return 0;
+
+error:
+    free(pkt);
+    return retval;
+}
+
+/* Decode a packet. */
+static krb5_error_code
+decode_packet(krb5_context ctx, const char *secret, const krb5_data *buffer,
+              krad_packet **pkt)
+{
+    krb5_error_code retval;
+    krad_packet *tmp;
+    krb5_ui_2 len;
+
+    tmp = packet_new();
+    if (tmp == NULL) {
+        retval = ENOMEM;
+        goto error;
+    }
+
+    /* Ensure a proper message length. */
+    retval = (buffer->length < OFFSET_ATTR) ? EMSGSIZE : 0;
+    if (retval != 0)
+        goto error;
+    len = load_16_be(offset(buffer, OFFSET_LENGTH));
+    retval = (len < OFFSET_ATTR) ? EBADMSG : 0;
+    if (retval != 0)
+        goto error;
+    retval = (len > buffer->length || len > tmp->pkt.length) ? EBADMSG : 0;
+    if (retval != 0)
+        goto error;
+
+    /* Copy over the buffer. */
+    tmp->pkt.length = len;
+    memcpy(tmp->pkt.data, buffer->data, len);
+
+    /* Parse the packet to ensure it is well-formed. */
+    retval = packet_set_attrset(ctx, secret, tmp);
+    if (retval != 0)
+        goto error;
+
+    *pkt = tmp;
+    return 0;
+
+error:
+    krad_packet_free(tmp);
+    return retval;
+}
+
+krb5_error_code
+krad_packet_decode_request(krb5_context ctx, const char *secret,
+                           const krb5_data *buffer, krad_packet_iter_cb cb,
+                           void *data, const krad_packet **duppkt,
+                           krad_packet **reqpkt)
+{
+    const krad_packet *tmp = NULL;
+    krb5_error_code retval;
+
+    retval = decode_packet(ctx, secret, buffer, reqpkt);
+    if (cb != NULL && retval == 0) {
+        for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE)) {
+            if (pkt_id_get(*reqpkt) == pkt_id_get(tmp))
+                break;
+        }
+    }
+
+    if (cb != NULL && (retval != 0 || tmp != NULL))
+        (*cb)(data, TRUE);
+
+    *duppkt = tmp;
+    return retval;
+}
+
+krb5_error_code
+krad_packet_decode_response(krb5_context ctx, const char *secret,
+                            const krb5_data *buffer, krad_packet_iter_cb cb,
+                            void *data, const krad_packet **reqpkt,
+                            krad_packet **rsppkt)
+{
+    uchar auth[AUTH_FIELD_SIZE];
+    const krad_packet *tmp = NULL;
+    krb5_error_code retval;
+
+    retval = decode_packet(ctx, secret, buffer, rsppkt);
+    if (cb != NULL && retval == 0) {
+        for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE)) {
+            if (pkt_id_get(*rsppkt) != pkt_id_get(tmp))
+                continue;
+
+            /* Response */
+            retval = auth_generate_response(ctx, secret, *rsppkt,
+                                            pkt_auth(tmp), auth);
+            if (retval != 0) {
+                krad_packet_free(*rsppkt);
+                break;
+            }
+
+            /* If the authenticator matches, then the response is valid. */
+            if (memcmp(pkt_auth(*rsppkt), auth, sizeof(auth)) == 0)
+                break;
+        }
+    }
+
+    if (cb != NULL && (retval != 0 || tmp != NULL))
+        (*cb)(data, TRUE);
+
+    *reqpkt = tmp;
+    return retval;
+}
+
+const krb5_data *
+krad_packet_encode(const krad_packet *pkt)
+{
+    return &pkt->pkt;
+}
+
+krad_code
+krad_packet_get_code(const krad_packet *pkt)
+{
+    if (pkt == NULL)
+        return 0;
+
+    return pkt_code_get(pkt);
+}
+
+const krb5_data *
+krad_packet_get_attr(const krad_packet *pkt, krad_attr type, size_t indx)
+{
+    return krad_attrset_get(pkt->attrset, type, indx);
+}
diff --git a/krb5-1.21.3/src/lib/krad/remote.c b/krb5-1.21.3/src/lib/krad/remote.c
new file mode 100644
index 00000000..06ae751b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/remote.c
@@ -0,0 +1,541 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/remote.c - Protocol code for libkrad */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include <k5-queue.h>
+#include "internal.h"
+
+#include <string.h>
+#include <unistd.h>
+
+#include <sys/un.h>
+
+#define FLAGS_NONE  VERTO_EV_FLAG_NONE
+#define FLAGS_READ  VERTO_EV_FLAG_IO_READ
+#define FLAGS_WRITE VERTO_EV_FLAG_IO_WRITE
+#define FLAGS_BASE  VERTO_EV_FLAG_PERSIST | VERTO_EV_FLAG_IO_ERROR
+
+K5_TAILQ_HEAD(request_head, request_st);
+
+typedef struct request_st request;
+struct request_st {
+    K5_TAILQ_ENTRY(request_st) list;
+    krad_remote *rr;
+    krad_packet *request;
+    krad_cb cb;
+    void *data;
+    verto_ev *timer;
+    int timeout;
+    size_t retries;
+    size_t sent;
+};
+
+struct krad_remote_st {
+    krb5_context kctx;
+    verto_ctx *vctx;
+    int fd;
+    verto_ev *io;
+    char *secret;
+    struct addrinfo *info;
+    struct request_head list;
+    char buffer_[KRAD_PACKET_SIZE_MAX];
+    krb5_data buffer;
+};
+
+static void
+on_io(verto_ctx *ctx, verto_ev *ev);
+
+static void
+on_timeout(verto_ctx *ctx, verto_ev *ev);
+
+/* Iterate over the set of outstanding packets. */
+static const krad_packet *
+iterator(request **out)
+{
+    request *tmp = *out;
+
+    if (tmp == NULL)
+        return NULL;
+
+    *out = K5_TAILQ_NEXT(tmp, list);
+    return tmp->request;
+}
+
+/* Create a new request. */
+static krb5_error_code
+request_new(krad_remote *rr, krad_packet *rqst, int timeout, size_t retries,
+            krad_cb cb, void *data, request **out)
+{
+    request *tmp;
+
+    tmp = calloc(1, sizeof(request));
+    if (tmp == NULL)
+        return ENOMEM;
+
+    tmp->rr = rr;
+    tmp->request = rqst;
+    tmp->cb = cb;
+    tmp->data = data;
+    tmp->timeout = timeout;
+    tmp->retries = retries;
+
+    *out = tmp;
+    return 0;
+}
+
+/* Finish a request, calling the callback and freeing it. */
+static inline void
+request_finish(request *req, krb5_error_code retval,
+               const krad_packet *response)
+{
+    if (retval != ETIMEDOUT)
+        K5_TAILQ_REMOVE(&req->rr->list, req, list);
+
+    req->cb(retval, req->request, response, req->data);
+
+    if (retval != ETIMEDOUT) {
+        krad_packet_free(req->request);
+        verto_del(req->timer);
+        free(req);
+    }
+}
+
+/* Start the timeout timer for the request. */
+static krb5_error_code
+request_start_timer(request *r, verto_ctx *vctx)
+{
+    verto_del(r->timer);
+
+    r->timer = verto_add_timeout(vctx, VERTO_EV_FLAG_NONE, on_timeout,
+                                 r->timeout);
+    if (r->timer != NULL)
+        verto_set_private(r->timer, r, NULL);
+
+    return (r->timer == NULL) ? ENOMEM : 0;
+}
+
+/* Disconnect from the remote host. */
+static void
+remote_disconnect(krad_remote *rr)
+{
+    if (rr->fd >= 0)
+        close(rr->fd);
+    verto_del(rr->io);
+    rr->fd = -1;
+    rr->io = NULL;
+}
+
+/* Add the specified flags to the remote. This automatically manages the
+ * lifecycle of the underlying event. Also connects if disconnected. */
+static krb5_error_code
+remote_add_flags(krad_remote *remote, verto_ev_flag flags)
+{
+    verto_ev_flag curflags = VERTO_EV_FLAG_NONE;
+    int i;
+
+    flags &= (FLAGS_READ | FLAGS_WRITE);
+    if (remote == NULL || flags == FLAGS_NONE)
+        return EINVAL;
+
+    /* If there is no connection, connect. */
+    if (remote->fd < 0) {
+        verto_del(remote->io);
+        remote->io = NULL;
+
+        remote->fd = socket(remote->info->ai_family, remote->info->ai_socktype,
+                            remote->info->ai_protocol);
+        if (remote->fd < 0)
+            return errno;
+
+        i = connect(remote->fd, remote->info->ai_addr,
+                    remote->info->ai_addrlen);
+        if (i < 0) {
+            i = errno;
+            remote_disconnect(remote);
+            return i;
+        }
+    }
+
+    if (remote->io == NULL) {
+        remote->io = verto_add_io(remote->vctx, FLAGS_BASE | flags,
+                                  on_io, remote->fd);
+        if (remote->io == NULL)
+            return ENOMEM;
+        verto_set_private(remote->io, remote, NULL);
+    }
+
+    curflags = verto_get_flags(remote->io);
+    if ((curflags & flags) != flags)
+        verto_set_flags(remote->io, FLAGS_BASE | curflags | flags);
+
+    return 0;
+}
+
+/* Remove the specified flags to the remote. This automatically manages the
+ * lifecycle of the underlying event. */
+static void
+remote_del_flags(krad_remote *remote, verto_ev_flag flags)
+{
+    if (remote == NULL || remote->io == NULL)
+        return;
+
+    flags = verto_get_flags(remote->io) & (FLAGS_READ | FLAGS_WRITE) & ~flags;
+    if (flags == FLAGS_NONE) {
+        verto_del(remote->io);
+        remote->io = NULL;
+        return;
+    }
+
+    verto_set_flags(remote->io, FLAGS_BASE | flags);
+}
+
+/* Close the connection and start the timers of all outstanding requests. */
+static void
+remote_shutdown(krad_remote *rr)
+{
+    krb5_error_code retval;
+    request *r, *next;
+
+    remote_disconnect(rr);
+
+    /* Start timers for all unsent packets. */
+    K5_TAILQ_FOREACH_SAFE(r, &rr->list, list, next) {
+        if (r->timer == NULL) {
+            retval = request_start_timer(r, rr->vctx);
+            if (retval != 0)
+                request_finish(r, retval, NULL);
+        }
+    }
+}
+
+/* Handle when packets receive no response within their allotted time. */
+static void
+on_timeout(verto_ctx *ctx, verto_ev *ev)
+{
+    request *req = verto_get_private(ev);
+    krb5_error_code retval = ETIMEDOUT;
+
+    req->timer = NULL;          /* Void the timer event. */
+
+    /* If we have more retries to perform, resend the packet. */
+    if (req->retries-- > 0) {
+        req->sent = 0;
+        retval = remote_add_flags(req->rr, FLAGS_WRITE);
+        if (retval == 0)
+            return;
+    }
+
+    request_finish(req, retval, NULL);
+}
+
+/* Write data to the socket. */
+static void
+on_io_write(krad_remote *rr)
+{
+    const krb5_data *tmp;
+    ssize_t written;
+    request *r;
+
+    K5_TAILQ_FOREACH(r, &rr->list, list) {
+        tmp = krad_packet_encode(r->request);
+
+        /* If the packet has already been sent, do nothing. */
+        if (r->sent == tmp->length)
+            continue;
+
+        /* Send the packet. */
+        written = sendto(verto_get_fd(rr->io), tmp->data + r->sent,
+                         tmp->length - r->sent, 0, NULL, 0);
+        if (written < 0) {
+            /* Should we try again? */
+            if (errno == EWOULDBLOCK || errno == EAGAIN || errno == ENOBUFS ||
+                errno == EINTR)
+                return;
+
+            /* This error can't be worked around. */
+            remote_shutdown(rr);
+            return;
+        }
+
+        /* If the packet was completely sent, set a timeout. */
+        r->sent += written;
+        if (r->sent == tmp->length) {
+            if (request_start_timer(r, rr->vctx) != 0) {
+                request_finish(r, ENOMEM, NULL);
+                return;
+            }
+
+            if (remote_add_flags(rr, FLAGS_READ) != 0) {
+                remote_shutdown(rr);
+                return;
+            }
+        }
+
+        return;
+    }
+
+    remote_del_flags(rr, FLAGS_WRITE);
+    return;
+}
+
+/* Read data from the socket. */
+static void
+on_io_read(krad_remote *rr)
+{
+    const krad_packet *req = NULL;
+    krad_packet *rsp = NULL;
+    krb5_error_code retval;
+    ssize_t pktlen;
+    request *tmp, *r;
+    int i;
+
+    pktlen = sizeof(rr->buffer_) - rr->buffer.length;
+    if (rr->info->ai_socktype == SOCK_STREAM) {
+        pktlen = krad_packet_bytes_needed(&rr->buffer);
+        if (pktlen < 0) {
+            /* If we received a malformed packet on a stream socket,
+             * assume the socket to be unrecoverable. */
+            remote_shutdown(rr);
+            return;
+        }
+    }
+
+    /* Read the packet. */
+    i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
+             pktlen, 0);
+
+    /* On these errors, try again. */
+    if (i < 0 && (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR))
+        return;
+
+    /* On any other errors or on EOF, the socket is unrecoverable. */
+    if (i <= 0) {
+        remote_shutdown(rr);
+        return;
+    }
+
+    /* If we have a partial read or just the header, try again. */
+    rr->buffer.length += i;
+    pktlen = krad_packet_bytes_needed(&rr->buffer);
+    if (rr->info->ai_socktype == SOCK_STREAM && pktlen > 0)
+        return;
+
+    /* Decode the packet. */
+    tmp = K5_TAILQ_FIRST(&rr->list);
+    retval = krad_packet_decode_response(rr->kctx, rr->secret, &rr->buffer,
+                                         (krad_packet_iter_cb)iterator, &tmp,
+                                         &req, &rsp);
+    rr->buffer.length = 0;
+    if (retval != 0)
+        return;
+
+    /* Match the response with an outstanding request. */
+    if (req != NULL) {
+        K5_TAILQ_FOREACH(r, &rr->list, list) {
+            if (r->request == req &&
+                r->sent == krad_packet_encode(req)->length) {
+                request_finish(r, 0, rsp);
+                break;
+            }
+        }
+    }
+
+    krad_packet_free(rsp);
+}
+
+/* Handle when IO is ready on the socket. */
+static void
+on_io(verto_ctx *ctx, verto_ev *ev)
+{
+    krad_remote *rr;
+
+    rr = verto_get_private(ev);
+
+    if (verto_get_fd_state(ev) & VERTO_EV_FLAG_IO_WRITE)
+        on_io_write(rr);
+    else
+        on_io_read(rr);
+}
+
+krb5_error_code
+kr_remote_new(krb5_context kctx, verto_ctx *vctx, const struct addrinfo *info,
+              const char *secret, krad_remote **rr)
+{
+    krb5_error_code retval = ENOMEM;
+    krad_remote *tmp = NULL;
+
+    tmp = calloc(1, sizeof(krad_remote));
+    if (tmp == NULL)
+        goto error;
+    tmp->kctx = kctx;
+    tmp->vctx = vctx;
+    tmp->buffer = make_data(tmp->buffer_, 0);
+    K5_TAILQ_INIT(&tmp->list);
+    tmp->fd = -1;
+
+    tmp->secret = strdup(secret);
+    if (tmp->secret == NULL)
+        goto error;
+
+    tmp->info = k5memdup(info, sizeof(*info), &retval);
+    if (tmp->info == NULL)
+        goto error;
+
+    tmp->info->ai_addr = k5memdup(info->ai_addr, info->ai_addrlen, &retval);
+    if (tmp->info == NULL)
+        goto error;
+    tmp->info->ai_next = NULL;
+    tmp->info->ai_canonname = NULL;
+
+    *rr = tmp;
+    return 0;
+
+error:
+    kr_remote_free(tmp);
+    return retval;
+}
+
+void
+kr_remote_cancel_all(krad_remote *rr)
+{
+    while (!K5_TAILQ_EMPTY(&rr->list))
+        request_finish(K5_TAILQ_FIRST(&rr->list), ECANCELED, NULL);
+}
+
+void
+kr_remote_free(krad_remote *rr)
+{
+    if (rr == NULL)
+        return;
+
+    kr_remote_cancel_all(rr);
+    free(rr->secret);
+    if (rr->info != NULL)
+        free(rr->info->ai_addr);
+    free(rr->info);
+    remote_disconnect(rr);
+    free(rr);
+}
+
+krb5_error_code
+kr_remote_send(krad_remote *rr, krad_code code, krad_attrset *attrs,
+               krad_cb cb, void *data, int timeout, size_t retries,
+               const krad_packet **pkt)
+{
+    krad_packet *tmp = NULL;
+    krb5_error_code retval;
+    request *r, *new_request = NULL;
+
+    if (rr->info->ai_socktype == SOCK_STREAM)
+        retries = 0;
+
+    r = K5_TAILQ_FIRST(&rr->list);
+    retval = krad_packet_new_request(rr->kctx, rr->secret, code, attrs,
+                                     (krad_packet_iter_cb)iterator, &r, &tmp);
+    if (retval != 0)
+        goto error;
+
+    K5_TAILQ_FOREACH(r, &rr->list, list) {
+        if (r->request == tmp) {
+            retval = EALREADY;
+            goto error;
+        }
+    }
+
+    timeout = timeout / (retries + 1);
+    retval = request_new(rr, tmp, timeout, retries, cb, data, &new_request);
+    if (retval != 0)
+        goto error;
+
+    retval = remote_add_flags(rr, FLAGS_WRITE);
+    if (retval != 0)
+        goto error;
+
+    K5_TAILQ_INSERT_TAIL(&rr->list, new_request, list);
+    if (pkt != NULL)
+        *pkt = tmp;
+    return 0;
+
+error:
+    free(new_request);
+    krad_packet_free(tmp);
+    return retval;
+}
+
+void
+kr_remote_cancel(krad_remote *rr, const krad_packet *pkt)
+{
+    request *r;
+
+    K5_TAILQ_FOREACH(r, &rr->list, list) {
+        if (r->request == pkt) {
+            request_finish(r, ECANCELED, NULL);
+            return;
+        }
+    }
+}
+
+krb5_boolean
+kr_remote_equals(const krad_remote *rr, const struct addrinfo *info,
+                 const char *secret)
+{
+    struct sockaddr_un *a, *b;
+
+    if (strcmp(rr->secret, secret) != 0)
+        return FALSE;
+
+    if (info->ai_addrlen != rr->info->ai_addrlen)
+        return FALSE;
+
+    if (info->ai_family != rr->info->ai_family)
+        return FALSE;
+
+    if (info->ai_socktype != rr->info->ai_socktype)
+        return FALSE;
+
+    if (info->ai_protocol != rr->info->ai_protocol)
+        return FALSE;
+
+    if (info->ai_flags != rr->info->ai_flags)
+        return FALSE;
+
+    if (memcmp(rr->info->ai_addr, info->ai_addr, info->ai_addrlen) != 0) {
+        /* AF_UNIX fails the memcmp() test due to uninitialized bytes after the
+         * socket name. */
+        if (info->ai_family != AF_UNIX)
+            return FALSE;
+
+        a = (struct sockaddr_un *)info->ai_addr;
+        b = (struct sockaddr_un *)rr->info->ai_addr;
+        if (strncmp(a->sun_path, b->sun_path, sizeof(a->sun_path)) != 0)
+            return FALSE;
+    }
+
+    return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_attr.c b/krb5-1.21.3/src/lib/krad/t_attr.c
new file mode 100644
index 00000000..eb2a780c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_attr.c
@@ -0,0 +1,89 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_attr.c - Attribute test program */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_test.h"
+
+const static unsigned char encoded[] = {
+    0xba, 0xfc, 0xed, 0x50, 0xe1, 0xeb, 0xa6, 0xc3,
+    0xc1, 0x75, 0x20, 0xe9, 0x10, 0xce, 0xc2, 0xcb
+};
+
+const static unsigned char auth[] = {
+    0xac, 0x9d, 0xc1, 0x62, 0x08, 0xc4, 0xc7, 0x8b,
+    0xa1, 0x2f, 0x25, 0x0a, 0xc4, 0x1d, 0x36, 0x41
+};
+
+int
+main()
+{
+    unsigned char outbuf[MAX_ATTRSETSIZE];
+    const char *decoded = "accept";
+    const char *secret = "foo";
+    krb5_error_code retval;
+    krb5_context ctx;
+    const char *tmp;
+    krb5_data in;
+    size_t len;
+
+    noerror(krb5_init_context(&ctx));
+
+    /* Make sure User-Name is 1. */
+    insist(krad_attr_name2num("User-Name") == 1);
+
+    /* Make sure 2 is User-Password. */
+    tmp = krad_attr_num2name(2);
+    insist(tmp != NULL);
+    insist(strcmp(tmp, "User-Password") == 0);
+
+    /* Test decoding. */
+    in = make_data((void *)encoded, sizeof(encoded));
+    noerror(kr_attr_decode(ctx, secret, auth,
+                           krad_attr_name2num("User-Password"),
+                           &in, outbuf, &len));
+    insist(len == strlen(decoded));
+    insist(memcmp(outbuf, decoded, len) == 0);
+
+    /* Test encoding. */
+    in = string2data((char *)decoded);
+    retval = kr_attr_encode(ctx, secret, auth,
+                            krad_attr_name2num("User-Password"),
+                            &in, outbuf, &len);
+    insist(retval == 0);
+    insist(len == sizeof(encoded));
+    insist(memcmp(outbuf, encoded, len) == 0);
+
+    /* Test constraint. */
+    in.length = 100;
+    insist(kr_attr_valid(krad_attr_name2num("User-Password"), &in) == 0);
+    in.length = 200;
+    insist(kr_attr_valid(krad_attr_name2num("User-Password"), &in) != 0);
+
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_attrset.c b/krb5-1.21.3/src/lib/krad/t_attrset.c
new file mode 100644
index 00000000..7928335c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_attrset.c
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_attrset.c - Attribute set test program */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_test.h"
+
+const static unsigned char auth[] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+const static unsigned char encpass[] = {
+    0x58, 0x8d, 0xff, 0xda, 0x37, 0xf9, 0xe4, 0xca,
+    0x19, 0xae, 0x49, 0xb7, 0x16, 0x6d, 0x58, 0x27
+};
+
+int
+main()
+{
+    unsigned char buffer[KRAD_PACKET_SIZE_MAX], encoded[MAX_ATTRSETSIZE];
+    const char *username = "testUser", *password = "accept";
+    const krb5_data *tmpp;
+    krad_attrset *set;
+    krb5_context ctx;
+    size_t len = 0, encode_len;
+    krb5_data tmp;
+
+    noerror(krb5_init_context(&ctx));
+    noerror(krad_attrset_new(ctx, &set));
+
+    /* Add username. */
+    tmp = string2data((char *)username);
+    noerror(krad_attrset_add(set, krad_attr_name2num("User-Name"), &tmp));
+
+    /* Add password. */
+    tmp = string2data((char *)password);
+    noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp));
+
+    /* Encode attrset. */
+    noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len));
+    krad_attrset_free(set);
+
+    /* Manually encode User-Name. */
+    encoded[len + 0] = krad_attr_name2num("User-Name");
+    encoded[len + 1] = strlen(username) + 2;
+    memcpy(encoded + len + 2, username, strlen(username));
+    len += encoded[len + 1];
+
+    /* Manually encode User-Password. */
+    encoded[len + 0] = krad_attr_name2num("User-Password");
+    encoded[len + 1] = sizeof(encpass) + 2;
+    memcpy(encoded + len + 2, encpass, sizeof(encpass));
+    len += encoded[len + 1];
+
+    /* Compare output. */
+    insist(len == encode_len);
+    insist(memcmp(encoded, buffer, len) == 0);
+
+    /* Decode output. */
+    tmp = make_data(buffer, len);
+    noerror(kr_attrset_decode(ctx, &tmp, "foo", auth, &set));
+
+    /* Test getting an attribute. */
+    tmp = string2data((char *)username);
+    tmpp = krad_attrset_get(set, krad_attr_name2num("User-Name"), 0);
+    insist(tmpp != NULL);
+    insist(tmpp->length == tmp.length);
+    insist(strncmp(tmpp->data, tmp.data, tmp.length) == 0);
+
+    krad_attrset_free(set);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_client.c b/krb5-1.21.3/src/lib/krad/t_client.c
new file mode 100644
index 00000000..3d0fda93
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_client.c
@@ -0,0 +1,126 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_client.c - Client request test program */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_daemon.h"
+
+#define EVENT_COUNT 4
+
+static struct
+{
+    int count;
+    struct event events[EVENT_COUNT];
+} record;
+
+static verto_ctx *vctx;
+
+static void
+callback(krb5_error_code retval, const krad_packet *request,
+         const krad_packet *response, void *data)
+{
+    struct event *evt;
+
+    evt = &record.events[record.count++];
+    evt->error = retval != 0;
+    if (evt->error)
+        evt->result.retval = retval;
+    else
+        evt->result.code = krad_packet_get_code(response);
+    verto_break(vctx);
+}
+
+int
+main(int argc, const char **argv)
+{
+    krad_attrset *attrs;
+    krad_client *rc;
+    krb5_context kctx;
+    krb5_data tmp;
+
+    if (!daemon_start(argc, argv)) {
+        fprintf(stderr, "Unable to start pyrad daemon, skipping test...\n");
+        return 0;
+    }
+
+    noerror(krb5_init_context(&kctx));
+    vctx = verto_new(NULL, VERTO_EV_TYPE_IO | VERTO_EV_TYPE_TIMEOUT);
+    insist(vctx != NULL);
+    noerror(krad_client_new(kctx, vctx, &rc));
+
+    tmp = string2data("testUser");
+    noerror(krad_attrset_new(kctx, &attrs));
+    noerror(krad_attrset_add(attrs, krad_attr_name2num("User-Name"), &tmp));
+
+    /* Test accept. */
+    tmp = string2data("accept");
+    noerror(krad_attrset_add(attrs, krad_attr_name2num("User-Password"),
+                             &tmp));
+    noerror(krad_client_send(rc, krad_code_name2num("Access-Request"), attrs,
+                             "localhost", "foo", 1000, 3, callback, NULL));
+    verto_run(vctx);
+
+    /* Test reject. */
+    tmp = string2data("reject");
+    krad_attrset_del(attrs, krad_attr_name2num("User-Password"), 0);
+    noerror(krad_attrset_add(attrs, krad_attr_name2num("User-Password"),
+                             &tmp));
+    noerror(krad_client_send(rc, krad_code_name2num("Access-Request"), attrs,
+                             "localhost", "foo", 1000, 3, callback, NULL));
+    verto_run(vctx);
+
+    /* Test timeout. */
+    daemon_stop();
+    noerror(krad_client_send(rc, krad_code_name2num("Access-Request"), attrs,
+                             "localhost", "foo", 1000, 3, callback, NULL));
+    verto_run(vctx);
+
+    /* Test outstanding packet freeing. */
+    noerror(krad_client_send(rc, krad_code_name2num("Access-Request"), attrs,
+                             "localhost", "foo", 1000, 3, callback, NULL));
+    krad_client_free(rc);
+    rc = NULL;
+
+    /* Verify the results. */
+    insist(record.count == EVENT_COUNT);
+    insist(record.events[0].error == FALSE);
+    insist(record.events[0].result.code ==
+           krad_code_name2num("Access-Accept"));
+    insist(record.events[1].error == FALSE);
+    insist(record.events[1].result.code ==
+           krad_code_name2num("Access-Reject"));
+    insist(record.events[2].error == TRUE);
+    insist(record.events[2].result.retval == ETIMEDOUT);
+    insist(record.events[3].error == TRUE);
+    insist(record.events[3].result.retval == ECANCELED);
+
+    krad_attrset_free(attrs);
+    krad_client_free(rc);
+    verto_free(vctx);
+    krb5_free_context(kctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_code.c b/krb5-1.21.3/src/lib/krad/t_code.c
new file mode 100644
index 00000000..b245a7ef
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_code.c
@@ -0,0 +1,54 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_code.c - RADIUS code table test program */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_test.h"
+
+int
+main()
+{
+    const char *tmp;
+
+    insist(krad_code_name2num("Access-Request") == 1);
+    insist(krad_code_name2num("Access-Accept") == 2);
+    insist(krad_code_name2num("Access-Reject") == 3);
+
+    tmp = krad_code_num2name(1);
+    insist(tmp != NULL);
+    insist(strcmp(tmp, "Access-Request") == 0);
+
+    tmp = krad_code_num2name(2);
+    insist(tmp != NULL);
+    insist(strcmp(tmp, "Access-Accept") == 0);
+
+    tmp = krad_code_num2name(3);
+    insist(tmp != NULL);
+    insist(strcmp(tmp, "Access-Reject") == 0);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_daemon.h b/krb5-1.21.3/src/lib/krad/t_daemon.h
new file mode 100644
index 00000000..cbcb1325
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_daemon.h
@@ -0,0 +1,85 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_daemon.h - Daemonization helper for RADIUS test programs */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef T_DAEMON_H_
+#define T_DAEMON_H_
+
+#include "t_test.h"
+#include <libgen.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+static pid_t daemon_pid;
+
+static void
+daemon_stop(void)
+{
+    if (daemon_pid == 0)
+        return;
+    kill(daemon_pid, SIGTERM);
+    waitpid(daemon_pid, NULL, 0);
+    daemon_pid = 0;
+}
+
+static krb5_boolean
+daemon_start(int argc, const char **argv)
+{
+    int fds[2];
+    char buf[1];
+
+    if (argc != 3 || argv == NULL)
+        return FALSE;
+
+    if (daemon_pid != 0)
+        return TRUE;
+
+    if (pipe(fds) != 0)
+        return FALSE;
+
+    /* Start the child process with the write end of the pipe as stdout. */
+    daemon_pid = fork();
+    if (daemon_pid == 0) {
+        dup2(fds[1], STDOUT_FILENO);
+        close(fds[0]);
+        close(fds[1]);
+        exit(execlp(argv[1], argv[1], argv[2], NULL));
+    }
+    close(fds[1]);
+
+    /* The child will write a sentinel character when it is listening. */
+    if (read(fds[0], buf, 1) != 1 || *buf != '~')
+        return FALSE;
+    close(fds[0]);
+
+    atexit(daemon_stop);
+    return TRUE;
+}
+
+#endif /* T_DAEMON_H_ */
diff --git a/krb5-1.21.3/src/lib/krad/t_daemon.py b/krb5-1.21.3/src/lib/krad/t_daemon.py
new file mode 100755
index 00000000..4a3de079
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_daemon.py
@@ -0,0 +1,71 @@
+# Copyright 2013 Red Hat, Inc.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+#    1. Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#
+#    2. Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in
+#       the documentation and/or other materials provided with the
+#       distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+# OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+from io import StringIO
+import os
+import sys
+import signal
+
+try:
+    from pyrad import dictionary, packet, server
+except ImportError:
+    sys.stderr.write("pyrad not found!\n")
+    sys.exit(0)
+
+# We could use a dictionary file, but since we need
+# such few attributes, we'll just include them here
+DICTIONARY = """
+ATTRIBUTE\tUser-Name\t1\tstring
+ATTRIBUTE\tUser-Password\t2\toctets
+ATTRIBUTE\tNAS-Identifier\t32\tstring
+"""
+
+class TestServer(server.Server):
+    def _HandleAuthPacket(self, pkt):
+        server.Server._HandleAuthPacket(self, pkt)
+
+        passwd = []
+
+        for key in pkt.keys():
+            if key == "User-Password":
+                passwd = [pkt.PwDecrypt(x) for x in pkt[key]]
+
+        reply = self.CreateReplyPacket(pkt)
+        if passwd == ['accept']:
+            reply.code = packet.AccessAccept
+        else:
+            reply.code = packet.AccessReject
+        self.SendReplyPacket(pkt.fd, reply)
+
+srv = TestServer(addresses=["localhost"],
+                 hosts={"127.0.0.1":
+                        server.RemoteHost("127.0.0.1", b"foo", "localhost")},
+                 dict=dictionary.Dictionary(StringIO(DICTIONARY)))
+
+# Write a sentinel character to let the parent process know we're listening.
+sys.stdout.write("~")
+sys.stdout.flush()
+
+srv.Run()
diff --git a/krb5-1.21.3/src/lib/krad/t_packet.c b/krb5-1.21.3/src/lib/krad/t_packet.c
new file mode 100644
index 00000000..c2248914
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_packet.c
@@ -0,0 +1,207 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_packet.c - RADIUS packet test program */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_daemon.h"
+
+#define ACCEPT_PACKET 0
+#define REJECT_PACKET 1
+
+static krad_packet *packets[3];
+
+static const krad_packet *
+iterator(void *data, krb5_boolean cancel)
+{
+    krad_packet *tmp;
+    int *i = data;
+
+    if (cancel || packets[*i] == NULL)
+        return NULL;
+
+    tmp = packets[*i];
+    *i += 1;
+    return tmp;
+}
+
+static krb5_error_code
+make_packet(krb5_context ctx, const krb5_data *username,
+            const krb5_data *password, krad_packet **pkt)
+{
+    krad_attrset *set = NULL;
+    krad_packet *tmp = NULL;
+    krb5_error_code retval;
+    const krb5_data *data;
+    int i = 0;
+    krb5_data nas_id;
+
+    nas_id = string2data("12345678901234567890123456789012345678901234567890"
+                         "12345678901234567890123456789012345678901234567890"
+                         "12345678901234567890123456789012345678901234567890"
+                         "12345678901234567890123456789012345678901234567890"
+                         "12345678901234567890123456789012345678901234567890"
+                         "123");
+
+    retval = krad_attrset_new(ctx, &set);
+    if (retval != 0)
+        goto out;
+
+    retval = krad_attrset_add(set, krad_attr_name2num("User-Name"), username);
+    if (retval != 0)
+        goto out;
+
+    retval = krad_attrset_add(set, krad_attr_name2num("User-Password"),
+                              password);
+    if (retval != 0)
+        goto out;
+
+    retval = krad_attrset_add(set, krad_attr_name2num("NAS-Identifier"),
+                              &nas_id);
+    if (retval != 0)
+        goto out;
+
+    retval = krad_packet_new_request(ctx, "foo",
+                                     krad_code_name2num("Access-Request"),
+                                     set, iterator, &i, &tmp);
+    if (retval != 0)
+        goto out;
+
+    data = krad_packet_get_attr(tmp, krad_attr_name2num("User-Name"), 0);
+    if (data == NULL) {
+        retval = ENOENT;
+        goto out;
+    }
+
+    if (data->length != username->length ||
+        memcmp(data->data, username->data, data->length) != 0) {
+        retval = EINVAL;
+        goto out;
+    }
+
+    *pkt = tmp;
+    tmp = NULL;
+
+out:
+    krad_attrset_free(set);
+    krad_packet_free(tmp);
+    return retval;
+}
+
+static krb5_error_code
+do_auth(krb5_context ctx, struct addrinfo *ai, const char *secret,
+        const krad_packet *rqst, krb5_boolean *auth)
+{
+    const krad_packet *req = NULL;
+    char tmp[KRAD_PACKET_SIZE_MAX];
+    const krb5_data *request;
+    krad_packet *rsp = NULL;
+    krb5_error_code retval;
+    krb5_data response;
+    int sock = -1, i;
+
+    response = make_data(tmp, sizeof(tmp));
+
+    sock = socket(ai->ai_family, ai->ai_socktype, 0);
+    if (sock < 0) {
+        retval = errno;
+        goto out;
+    }
+
+    request = krad_packet_encode(rqst);
+    if (sendto(sock, request->data, request->length, 0, ai->ai_addr,
+               ai->ai_addrlen) < 0) {
+        retval = errno;
+        goto out;
+    }
+
+    i = recv(sock, response.data, sizeof(tmp), 0);
+    if (i < 0) {
+        retval = errno;
+        goto out;
+    }
+    response.length = i;
+
+    i = 0;
+    retval = krad_packet_decode_response(ctx, secret, &response, iterator, &i,
+                                         &req, &rsp);
+    if (retval != 0)
+        goto out;
+
+    if (req != rqst) {
+        retval = EBADMSG;
+        goto out;
+    }
+
+    *auth = krad_packet_get_code(rsp) == krad_code_name2num("Access-Accept");
+
+out:
+    krad_packet_free(rsp);
+    if (sock >= 0)
+        close(sock);
+    return retval;
+}
+
+int
+main(int argc, const char **argv)
+{
+    struct addrinfo *ai = NULL, hints;
+    krb5_data username, password;
+    krb5_boolean auth = FALSE;
+    krb5_context ctx;
+
+    username = string2data("testUser");
+
+    if (!daemon_start(argc, argv)) {
+        fprintf(stderr, "Unable to start pyrad daemon, skipping test...\n");
+        return 0;
+    }
+
+    noerror(krb5_init_context(&ctx));
+
+    password = string2data("accept");
+    noerror(make_packet(ctx, &username, &password, &packets[ACCEPT_PACKET]));
+
+    password = string2data("reject");
+    noerror(make_packet(ctx, &username, &password, &packets[REJECT_PACKET]));
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_DGRAM;
+    noerror(gai_error_code(getaddrinfo("127.0.0.1", "radius", &hints, &ai)));
+
+    noerror(do_auth(ctx, ai, "foo", packets[ACCEPT_PACKET], &auth));
+    insist(auth == TRUE);
+
+    noerror(do_auth(ctx, ai, "foo", packets[REJECT_PACKET], &auth));
+    insist(auth == FALSE);
+
+    krad_packet_free(packets[ACCEPT_PACKET]);
+    krad_packet_free(packets[REJECT_PACKET]);
+    krb5_free_context(ctx);
+    freeaddrinfo(ai);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_remote.c b/krb5-1.21.3/src/lib/krad/t_remote.c
new file mode 100644
index 00000000..a521ecb7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_remote.c
@@ -0,0 +1,170 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_remote.c - Protocol test program */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_daemon.h"
+
+#define EVENT_COUNT 6
+
+static struct
+{
+    int count;
+    struct event events[EVENT_COUNT];
+} record;
+
+static krad_attrset *set;
+static krad_remote *rr;
+static verto_ctx *vctx;
+
+static void
+callback(krb5_error_code retval, const krad_packet *request,
+         const krad_packet *response, void *data)
+{
+    struct event *evt;
+
+    evt = &record.events[record.count++];
+    evt->error = retval != 0;
+    if (evt->error)
+        evt->result.retval = retval;
+    else
+        evt->result.code = krad_packet_get_code(response);
+    verto_break(vctx);
+}
+
+static void
+remote_new(krb5_context kctx, krad_remote **remote)
+{
+    struct addrinfo *ai = NULL, hints;
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_DGRAM;
+    noerror(gai_error_code(getaddrinfo("127.0.0.1", "radius", &hints, &ai)));
+
+    noerror(kr_remote_new(kctx, vctx, ai, "foo", remote));
+    insist(kr_remote_equals(*remote, ai, "foo"));
+    freeaddrinfo(ai);
+}
+
+static krb5_error_code
+do_auth(const char *password, const krad_packet **pkt)
+{
+    const krad_packet *tmppkt;
+    krb5_error_code retval;
+    krb5_data tmp = string2data((char *)password);
+
+    retval = krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp);
+    if (retval != 0)
+        return retval;
+
+    retval = kr_remote_send(rr, krad_code_name2num("Access-Request"), set,
+                            callback, NULL, 1000, 3, &tmppkt);
+    krad_attrset_del(set, krad_attr_name2num("User-Password"), 0);
+    if (retval != 0)
+        return retval;
+
+    if (pkt != NULL)
+        *pkt = tmppkt;
+    return 0;
+}
+
+static void
+test_timeout(verto_ctx *ctx, verto_ev *ev)
+{
+    static const krad_packet *pkt;
+
+    noerror(do_auth("accept", &pkt));
+    kr_remote_cancel(rr, pkt);
+}
+
+int
+main(int argc, const char **argv)
+{
+    krb5_context kctx = NULL;
+    krb5_data tmp;
+
+    if (!daemon_start(argc, argv)) {
+        fprintf(stderr, "Unable to start pyrad daemon, skipping test...\n");
+        return 0;
+    }
+
+    /* Initialize. */
+    noerror(krb5_init_context(&kctx));
+    vctx = verto_new(NULL, VERTO_EV_TYPE_IO | VERTO_EV_TYPE_TIMEOUT);
+    insist(vctx != NULL);
+    remote_new(kctx, &rr);
+
+    /* Create attribute set. */
+    noerror(krad_attrset_new(kctx, &set));
+    tmp = string2data("testUser");
+    noerror(krad_attrset_add(set, krad_attr_name2num("User-Name"), &tmp));
+
+    /* Send accept packet. */
+    noerror(do_auth("accept", NULL));
+    verto_run(vctx);
+
+    /* Send reject packet. */
+    noerror(do_auth("reject", NULL));
+    verto_run(vctx);
+
+    /* Send canceled packet. */
+    insist(verto_add_timeout(vctx, VERTO_EV_FLAG_NONE, test_timeout, 0) !=
+           NULL);
+    verto_run(vctx);
+
+    /* Test timeout. */
+    daemon_stop();
+    noerror(do_auth("accept", NULL));
+    verto_run(vctx);
+
+    /* Test outstanding packet freeing. */
+    noerror(do_auth("accept", NULL));
+    kr_remote_free(rr);
+    krad_attrset_free(set);
+
+    /* Verify the results. */
+    insist(record.count == EVENT_COUNT);
+    insist(record.events[0].error == FALSE);
+    insist(record.events[0].result.code ==
+           krad_code_name2num("Access-Accept"));
+    insist(record.events[1].error == FALSE);
+    insist(record.events[1].result.code ==
+           krad_code_name2num("Access-Reject"));
+    insist(record.events[2].error == TRUE);
+    insist(record.events[2].result.retval == ECANCELED);
+    insist(record.events[3].error == TRUE);
+    insist(record.events[3].result.retval == ETIMEDOUT);
+    insist(record.events[4].error == TRUE);
+    insist(record.events[4].result.retval == ECANCELED);
+    insist(record.events[5].error == TRUE);
+    insist(record.events[5].result.retval == ECANCELED);
+
+    verto_free(vctx);
+    krb5_free_context(kctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_test.c b/krb5-1.21.3/src/lib/krad/t_test.c
new file mode 100644
index 00000000..152bc77c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_test.c
@@ -0,0 +1,50 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_test.c - Utility functions for libkrad tests */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "t_test.h"
+
+void
+noerror_impl(const char *file, int line, const char *cmd, int retval)
+{
+    if (retval == 0)
+        return;
+
+    fprintf(stderr, "%s:%d: %s:\n\t%s\n", file, line, strerror(retval), cmd);
+    exit(1);
+}
+
+void
+insist_impl(const char *file, int line, const char *cmd, krb5_boolean result)
+{
+    if (result)
+        return;
+
+    fprintf(stderr, "%s:%d: insist failed:\n\t%s\n", file, line, cmd);
+    exit(1);
+}
diff --git a/krb5-1.21.3/src/lib/krad/t_test.h b/krb5-1.21.3/src/lib/krad/t_test.h
new file mode 100644
index 00000000..f44742f5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krad/t_test.h
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krad/t_test.h - Shared declarations for libkrad test programs */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef T_TEST_H_
+#define T_TEST_H_
+
+#include "internal.h"
+
+#include <sys/wait.h>
+#include <signal.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define insist(x) insist_impl(__FILE__, __LINE__, #x, x)
+#define noerror(x) noerror_impl(__FILE__, __LINE__, #x, x)
+
+struct event {
+    krb5_boolean error;
+    union
+    {
+        krb5_error_code retval;
+        krad_code code;
+    } result;
+};
+
+void
+noerror_impl(const char *file, int line, const char *cmd, int retval);
+
+void
+insist_impl(const char *file, int line, const char *cmd, krb5_boolean result);
+
+#endif /* T_TEST_H_ */
diff --git a/krb5-1.21.3/src/lib/krb5.rc b/krb5-1.21.3/src/lib/krb5.rc
new file mode 100644
index 00000000..f8e54002
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5.rc
@@ -0,0 +1,44 @@
+/*
+ * lib/krb5/os/win-pwd.h
+ *
+ * Copyright 1997 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "win-mac.h"
+
+ID_READ_PWD_DIALOG DIALOG 60, 72, 200, 84
+STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU |
+	DS_SETFONT
+CAPTION "Kerberos Password/Challenge"
+FONT 8, "Helv"
+{
+  LTEXT "", ID_READ_PWD_PROMPT, 10, 8, 180, 10
+  LTEXT "", ID_READ_PWD_PROMPT2, 10, 24, 180, 10
+  EDITTEXT ID_READ_PWD_PWD, 10, 42, 180, 12, ES_AUTOHSCROLL | ES_PASSWORD |
+	WS_BORDER | WS_TABSTOP
+  DEFPUSHBUTTON "&OK", IDOK, 55, 61, 40, 14
+  PUSHBUTTON "&Cancel", IDCANCEL, 107, 61, 40, 14
+}
+
+#include "..\windows\version.rc"
diff --git a/krb5-1.21.3/src/lib/krb5/Makefile.in b/krb5-1.21.3/src/lib/krb5/Makefile.in
new file mode 100644
index 00000000..1ed0cf34
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/Makefile.in
@@ -0,0 +1,65 @@
+mydir=lib$(S)krb5
+BUILDTOP=$(REL)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/ccache -I$(srcdir)/keytab -I$(srcdir)/rcache -I$(srcdir)/os -I$(srcdir)/unicode
+SUBDIRS= error_tables asn.1 ccache keytab krb os rcache unicode
+WINSUBDIRS= $(SUBDIRS) posix
+DEFINES=-DLOCALEDIR=\"$(KRB5_LOCALEDIR)\"
+
+##DOSBUILDTOP = ..\..
+##DOSLIBNAME=$(OUTPRE)krb5.lib
+##DOSOBJFILEDEP=$(OUTPRE)asn1.lst $(OUTPRE)ccache.lst $(OUTPRE)err_tbls.lst $(OUTPRE)keytab.lst $(OUTPRE)krb.lst $(OUTPRE)os.lst $(OUTPRE)posix.lst $(OUTPRE)rcache.lst $(OUTPRE)krb5.lst $(OUTPRE)unicode.lst
+##DOSOBJFILELIST=@$(OUTPRE)asn1.lst @$(OUTPRE)ccache.lst @$(OUTPRE)err_tbls.lst @$(OUTPRE)keytab.lst @$(OUTPRE)krb.lst @$(OUTPRE)os.lst @$(OUTPRE)posix.lst @$(OUTPRE)rcache.lst @$(OUTPRE)krb5.lst @$(OUTPRE)unicode.lst
+##DOSOBJFILE=$(OUTPRE)krb5.lst
+##DOSLIBOBJS=$(OBJS)
+##DOSLOCALINCLUDES=-Iccache\ccapi -I..\..\windows\lib -Iccache -Ikeytab -Ircache -Ios
+
+TST=if test -n "`cat DONE`" ; then
+
+STLIBOBJS=krb5_libinit.o
+
+LIBBASE=krb5
+LIBMAJOR=3
+LIBMINOR=3
+LIBINITFUNC=profile_library_initializer krb5int_lib_init
+LIBFINIFUNC=profile_library_finalizer krb5int_lib_fini
+
+SUBDIROBJLISTS= \
+	error_tables/OBJS.ST \
+	asn.1/OBJS.ST \
+	ccache/OBJS.ST \
+	keytab/OBJS.ST \
+	krb/OBJS.ST \
+	rcache/OBJS.ST \
+	unicode/OBJS.ST \
+	os/OBJS.ST \
+	$(BUILDTOP)/util/profile/OBJS.ST
+
+STOBJLISTS= OBJS.ST $(SUBDIROBJLISTS)
+
+OBJS=\
+	$(OUTPRE)krb5_libinit.$(OBJEXT)
+
+SRCS=\
+	$(srcdir)/krb5_libinit.c
+
+RELDIR=krb5
+SHLIB_EXPDEPS = \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS=-lk5crypto $(COM_ERR_LIB) $(SUPPORT_LIB) @GEN_LIB@ \
+	@MACOS_FRAMEWORK@ $(LIBS)
+
+all-unix: all-liblinks
+
+all-windows:
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+clean-windows::
+	$(RM) $(OUTPRE)krb5.lib krb5.bak
+
+install-unix: install-libs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/KRB5-asn.py b/krb5-1.21.3/src/lib/krb5/asn.1/KRB5-asn.py
new file mode 100644
index 00000000..e455fd9a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/KRB5-asn.py
@@ -0,0 +1,436 @@
+-- lib/krb5/asn.1/KRB5-asn.py
+--
+-- Copyright 1989 by the Massachusetts Institute of Technology.
+--
+-- Export of this software from the United States of America may
+--   require a specific license from the United States Government.
+--   It is the responsibility of any person or organization contemplating
+--   export to obtain such a license before exporting.
+-- 
+-- WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+-- distribute this software and its documentation for any purpose and
+-- without fee is hereby granted, provided that the above copyright
+-- notice appear in all copies and that both that copyright notice and
+-- this permission notice appear in supporting documentation, and that
+-- the name of M.I.T. not be used in advertising or publicity pertaining
+-- to distribution of the software without specific, written prior
+-- permission.  Furthermore if you modify this software you must label
+-- your software as modified software and not distribute it in such a
+-- fashion that it might be confused with the original M.I.T. software.
+-- M.I.T. makes no representations about the suitability of
+-- this software for any purpose.  It is provided "as is" without express
+-- or implied warranty.
+--
+-- ASN.1 definitions for the kerberos network objects
+--
+-- Do not change the order of any structure containing some
+-- element_KRB5_xx unless the corresponding translation code is also
+-- changed.
+--
+
+KRB5 DEFINITIONS ::=
+BEGIN
+
+-- needed to do the Right Thing with pepsy; this isn't a valid ASN.1
+-- token, however.
+
+SECTIONS encode decode none
+
+-- the order of stuff in this file matches the order in the draft RFC
+
+Realm ::= GeneralString
+
+HostAddress ::= SEQUENCE  {
+	addr-type[0]			INTEGER,
+	address[1]			OCTET STRING
+}
+
+HostAddresses ::=	SEQUENCE OF SEQUENCE {
+	addr-type[0]	INTEGER,
+	address[1]	OCTET STRING
+}
+
+AuthorizationData ::=	SEQUENCE OF SEQUENCE {
+	ad-type[0]	INTEGER,
+	ad-data[1]	OCTET STRING
+}
+
+KDCOptions ::= BIT STRING {
+	reserved(0),
+	forwardable(1),
+	forwarded(2),
+	proxiable(3),
+	proxy(4),
+	allow-postdate(5),
+	postdated(6),
+	unused7(7),
+	renewable(8),
+	unused9(9),
+	renewable-ok(27),
+	enc-tkt-in-skey(28),
+	renew(30),
+	validate(31)
+}
+
+LastReq ::=	SEQUENCE OF SEQUENCE {
+	lr-type[0]	INTEGER,
+	lr-value[1]	KerberosTime
+}
+
+KerberosTime ::=	GeneralizedTime -- Specifying UTC time zone (Z)
+
+PrincipalName ::= SEQUENCE{
+	name-type[0]	INTEGER,
+	name-string[1]	SEQUENCE OF GeneralString
+}
+
+Ticket ::=	[APPLICATION 1] SEQUENCE {
+	tkt-vno[0]	INTEGER,
+	realm[1]	Realm,
+	sname[2]	PrincipalName,
+	enc-part[3]	EncryptedData	-- EncTicketPart
+}
+
+TransitedEncoding ::= SEQUENCE {
+	tr-type[0]	INTEGER, -- Only supported value is 1 == DOMAIN-COMPRESS
+	contents[1]	OCTET STRING
+}
+
+-- Encrypted part of ticket
+EncTicketPart ::=	[APPLICATION 3] SEQUENCE {
+	flags[0]	TicketFlags,
+	key[1]		EncryptionKey,
+	crealm[2]	Realm,
+	cname[3]	PrincipalName,
+	transited[4]	TransitedEncoding,
+	authtime[5]	KerberosTime,
+	starttime[6]	KerberosTime OPTIONAL,
+	endtime[7]	KerberosTime,
+	renew-till[8]	KerberosTime OPTIONAL,
+	caddr[9]	HostAddresses OPTIONAL,
+	authorization-data[10]	AuthorizationData OPTIONAL
+}
+
+-- Unencrypted authenticator
+Authenticator ::=	[APPLICATION 2] SEQUENCE  {
+	authenticator-vno[0]	INTEGER,
+	crealm[1]		Realm,
+	cname[2]		PrincipalName,
+	cksum[3]		Checksum OPTIONAL,
+	cusec[4]		INTEGER,
+	ctime[5]		KerberosTime,
+	subkey[6]		EncryptionKey OPTIONAL,
+	seq-number[7]		INTEGER OPTIONAL,
+	authorization-data[8]	AuthorizationData OPTIONAL
+}
+
+TicketFlags ::= BIT STRING {
+	reserved(0),
+	forwardable(1),
+	forwarded(2),
+	proxiable(3),
+	proxy(4),
+	may-postdate(5),
+	postdated(6),
+	invalid(7),
+	renewable(8),
+	initial(9)
+}
+
+AS-REQ ::= [APPLICATION 10] KDC-REQ
+TGS-REQ ::= [APPLICATION 12] KDC-REQ
+
+KDC-REQ ::= SEQUENCE {
+	pvno[1]		INTEGER,
+	msg-type[2]	INTEGER,
+	padata[3]	SEQUENCE OF PA-DATA OPTIONAL,
+	req-body[4]	KDC-REQ-BODY
+}
+
+PA-DATA ::= SEQUENCE {
+	padata-type[1]	INTEGER,
+	pa-data[2]	OCTET STRING -- might be encoded AP-REQ
+}
+
+KDC-REQ-BODY ::=	SEQUENCE {
+	 kdc-options[0]	KDCOptions,
+	 cname[1]	PrincipalName OPTIONAL, -- Used only in AS-REQ
+	 realm[2]	Realm, -- Server's realm  Also client's in AS-REQ
+	 sname[3]	PrincipalName OPTIONAL,
+	 from[4]	KerberosTime OPTIONAL,
+	 till[5]	KerberosTime,
+	 rtime[6]	KerberosTime OPTIONAL,
+	 nonce[7]	INTEGER,
+	 etype[8]	SEQUENCE OF INTEGER, -- EncryptionType, 
+			-- in preference order
+	 addresses[9]	HostAddresses OPTIONAL,
+	 enc-authorization-data[10]	EncryptedData OPTIONAL, 
+			-- AuthorizationData
+	 additional-tickets[11]	SEQUENCE OF Ticket OPTIONAL
+}
+
+AS-REP ::= [APPLICATION 11] KDC-REP
+TGS-REP ::= [APPLICATION 13] KDC-REP
+KDC-REP ::= SEQUENCE {
+	pvno[0]				INTEGER,
+	msg-type[1]			INTEGER,
+	padata[2]			SEQUENCE OF PA-DATA OPTIONAL,
+	crealm[3]			Realm,
+	cname[4]			PrincipalName,
+	ticket[5]			Ticket,		-- Ticket
+	enc-part[6]			EncryptedData	-- EncKDCRepPart
+}
+
+EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
+EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
+EncKDCRepPart ::=  SEQUENCE {
+	key[0]		EncryptionKey,
+	last-req[1]	LastReq,
+	nonce[2]	INTEGER,
+	key-expiration[3]	KerberosTime OPTIONAL,
+	flags[4]	TicketFlags,
+	authtime[5]	KerberosTime,
+	starttime[6]	KerberosTime OPTIONAL,
+	endtime[7]	KerberosTime,
+	renew-till[8]	KerberosTime OPTIONAL,
+	srealm[9]	Realm,
+	sname[10]	PrincipalName,
+	caddr[11]	HostAddresses OPTIONAL
+}
+
+AP-REQ ::= [APPLICATION 14] SEQUENCE {
+	pvno[0]				INTEGER,
+	msg-type[1]			INTEGER,
+	ap-options[2]			APOptions,
+	ticket[3]			Ticket,
+	authenticator[4]		EncryptedData	-- Authenticator
+}
+
+APOptions ::= BIT STRING {
+	reserved(0),
+	use-session-key(1),
+	mutual-required(2)
+}
+
+AP-REP ::= [APPLICATION 15] SEQUENCE {
+	pvno[0]				INTEGER,
+	msg-type[1]			INTEGER,
+	enc-part[2]			EncryptedData	-- EncAPRepPart
+}
+
+EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
+	ctime[0]			KerberosTime,
+	cusec[1]			INTEGER,
+	subkey[2]			EncryptionKey OPTIONAL,
+	seq-number[3]			INTEGER OPTIONAL
+}
+
+KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
+	pvno[0]				INTEGER,
+	msg-type[1]			INTEGER,
+	safe-body[2]			KRB-SAFE-BODY,
+	cksum[3]			Checksum			
+}
+
+KRB-SAFE-BODY ::= SEQUENCE {
+	user-data[0]			OCTET STRING,
+	timestamp[1]			KerberosTime OPTIONAL,
+	usec[2]				INTEGER OPTIONAL,
+	seq-number[3]			INTEGER OPTIONAL,
+	s-address[4]			HostAddress,	-- sender's addr
+	r-address[5]			HostAddress OPTIONAL -- recip's addr 
+}
+
+KRB-PRIV ::=	[APPLICATION 21] SEQUENCE {
+	pvno[0]		INTEGER,
+	msg-type[1]	INTEGER,
+	enc-part[3]	EncryptedData	-- EncKrbPrivPart 
+}
+
+EncKrbPrivPart ::=	[APPLICATION 28] SEQUENCE {
+	user-data[0]	OCTET STRING,
+	timestamp[1]	KerberosTime OPTIONAL,
+	usec[2]		INTEGER OPTIONAL,
+	seq-number[3]	INTEGER OPTIONAL,
+	s-address[4]	HostAddress,	-- sender's addr
+	r-address[5]	HostAddress OPTIONAL	-- recip's addr 
+}
+
+-- The KRB-CRED message allows easy forwarding of credentials.
+
+KRB-CRED ::= [APPLICATION 22] SEQUENCE {
+	pvno[0]		INTEGER,
+	msg-type[1]	INTEGER, -- KRB_CRED
+	tickets[2]	SEQUENCE OF Ticket,
+	enc-part[3]	EncryptedData -- EncKrbCredPart 
+}
+
+EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
+	ticket-info[0] 	SEQUENCE OF KRB-CRED-INFO,	
+	nonce[1]	INTEGER OPTIONAL,
+	timestamp[2]	KerberosTime OPTIONAL,
+	usec[3]		INTEGER OPTIONAL,
+	s-address[4]	HostAddress OPTIONAL,
+	r-address[5]	HostAddress OPTIONAL
+}
+
+KRB-CRED-INFO	::=	SEQUENCE {
+	key[0]		EncryptionKey,
+        prealm[1] 	Realm OPTIONAL,
+        pname[2] 	PrincipalName OPTIONAL,
+        flags[3] 	TicketFlags OPTIONAL,
+        authtime[4] 	KerberosTime OPTIONAL,
+        starttime[5] 	KerberosTime OPTIONAL,
+        endtime[6] 	KerberosTime OPTIONAL,
+        renew-till[7] 	KerberosTime OPTIONAL,
+        srealm[8] 	Realm OPTIONAL,
+        sname[9] 	PrincipalName OPTIONAL,
+        caddr[10] 	HostAddresses OPTIONAL 
+}
+
+KRB-ERROR ::=	[APPLICATION 30] SEQUENCE {
+	pvno[0]		INTEGER,
+	msg-type[1]	INTEGER,
+	ctime[2]	KerberosTime OPTIONAL,
+	cusec[3]	INTEGER OPTIONAL,
+	stime[4]	KerberosTime,
+	susec[5]	INTEGER,
+	error-code[6]	INTEGER,
+	crealm[7]	Realm OPTIONAL,
+	cname[8]	PrincipalName OPTIONAL,
+	realm[9]	Realm, -- Correct realm
+	sname[10]	PrincipalName, -- Correct name
+	e-text[11]	GeneralString OPTIONAL,
+	e-data[12]	OCTET STRING OPTIONAL
+}
+
+EncryptedData ::=	SEQUENCE {
+	etype[0]	INTEGER, -- EncryptionType
+	kvno[1]		INTEGER OPTIONAL,
+	cipher[2]	OCTET STRING -- CipherText
+}
+
+EncryptionKey ::= SEQUENCE {
+	keytype[0]			INTEGER,
+	keyvalue[1]			OCTET STRING
+}
+
+Checksum ::= SEQUENCE {
+	cksumtype[0]			INTEGER,
+	checksum[1]			OCTET STRING
+}
+
+METHOD-DATA ::= SEQUENCE {
+	method-type[0]	INTEGER,
+	method-data[1]	OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO-ENTRY ::= SEQUENCE {
+	etype[0]	INTEGER,
+	salt[1]		OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
+
+PA-ENC-TS-ENC   ::= SEQUENCE {
+       patimestamp[0]               KerberosTime, -- client's time
+       pausec[1]                    INTEGER OPTIONAL
+}
+
+-- These ASN.1 definitions are NOT part of the official Kerberos protocol... 
+
+-- New ASN.1 definitions for the kadmin protocol.
+-- Originally contributed from the Sandia modifications
+
+PasswdSequence ::= SEQUENCE {
+	passwd[0]			OCTET STRING,
+	phrase[1]			OCTET STRING
+}
+
+PasswdData ::= SEQUENCE {
+	passwd-sequence-count[0]	INTEGER,
+	passwd-sequence[1]		SEQUENCE OF PasswdSequence
+}
+
+-- encodings from 
+-- Integrating Single-use Authentication Mechanisms with Kerberos
+
+PA-SAM-CHALLENGE ::= SEQUENCE {
+    sam-type[0]                 INTEGER,
+    sam-flags[1]                SAMFlags,
+    sam-type-name[2]            GeneralString OPTIONAL,
+    sam-track-id[3]             GeneralString OPTIONAL,
+    sam-challenge-label[4]      GeneralString OPTIONAL,
+    sam-challenge[5]            GeneralString OPTIONAL,
+    sam-response-prompt[6]      GeneralString OPTIONAL,
+    sam-pk-for-sad[7]           OCTET STRING OPTIONAL,
+    sam-nonce[8]                INTEGER OPTIONAL,
+    sam-cksum[9]                Checksum OPTIONAL
+}
+
+PA-SAM-CHALLENGE-2 ::= SEQUENCE {
+    sam-body[0]                 PA-SAM-CHALLENGE-2-BODY,
+    sam-cksum[1]                SEQUENCE (1..MAX) OF Checksum,
+    ...
+}
+
+PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
+    sam-type[0]                 INTEGER,
+    sam-flags[1]                SAMFlags,
+    sam-type-name[2]            GeneralString OPTIONAL,
+    sam-track-id[3]             GeneralString OPTIONAL,
+    sam-challenge-label[4]      GeneralString OPTIONAL,
+    sam-challenge[5]            GeneralString OPTIONAL,
+    sam-response-prompt[6]      GeneralString OPTIONAL,
+    sam-pk-for-sad[7]           EncryptionKey OPTIONAL,
+    sam-nonce[8]                INTEGER,
+    sam-etype[9]		INTEGER,
+    ...
+}
+
+-- these are [0].. [2] in the draft
+SAMFlags ::= BIT STRING (SIZE (32..MAX))
+    -- use-sad-as-key(0)
+    -- send-encrypted-sad(1)
+    -- must-pk-encrypt-sad(2)
+
+PA-SAM-RESPONSE ::= SEQUENCE {
+    sam-type[0]                 INTEGER,
+    sam-flags[1]                SAMFlags,
+    sam-track-id[2]             GeneralString OPTIONAL,
+    -- sam-enc-key is reserved for future use, so I'm making it OPTIONAL - mwe
+    sam-enc-key[3]              EncryptedData,
+                                   -- PA-ENC-SAM-KEY
+    sam-enc-nonce-or-ts[4]      EncryptedData,
+                                   -- PA-ENC-SAM-RESPONSE-ENC
+    sam-nonce[5]                INTEGER OPTIONAL,
+    sam-patimestamp[6]          KerberosTime OPTIONAL
+}
+
+PA-SAM-RESPONSE-2 ::= SEQUENCE {
+    sam-type[0]                 INTEGER,
+    sam-flags[1]                SAMFlags,
+    sam-track-id[2]             GeneralString OPTIONAL,
+    sam-enc-nonce-or-sad[3]     EncryptedData,
+                                   -- PA-ENC-SAM-RESPONSE-ENC
+    sam-nonce[4]                INTEGER,
+    ...
+}
+
+PA-ENC-SAM-KEY ::= SEQUENCE {
+             sam-key[0]                 EncryptionKey
+}
+
+PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
+     sam-nonce[0]               INTEGER OPTIONAL,
+     sam-timestamp[1]           KerberosTime OPTIONAL,
+     sam-usec[2]                INTEGER OPTIONAL,
+     sam-passcode[3]            GeneralString OPTIONAL
+}
+
+PA-ENC-SAM-RESPONSE-ENC-2 ::= SEQUENCE {
+     sam-nonce[0]               INTEGER,
+     sam-sad[1]                 GeneralString OPTIONAL,
+     ...
+}
+END
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/Makefile.in b/krb5-1.21.3/src/lib/krb5/asn.1/Makefile.in
new file mode 100644
index 00000000..fe295232
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/Makefile.in
@@ -0,0 +1,32 @@
+mydir=lib$(S)krb5$(S)asn.1
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=asn.1
+##DOS##OBJFILE=..\$(OUTPRE)asn1.lst
+
+EHDRDIR=$(BUILDTOP)/include/krb5/asn.1
+
+STLIBOBJS= \
+	asn1_encode.o\
+	asn1_k_encode.o\
+	ldap_key_seq.o
+
+SRCS= \
+	$(srcdir)/asn1_encode.c\
+	$(srcdir)/asn1_k_encode.c\
+	$(srcdir)/ldap_key_seq.c
+
+OBJS= \
+	$(OUTPRE)asn1_encode.$(OBJEXT)\
+	$(OUTPRE)asn1_k_encode.$(OBJEXT)\
+	$(OUTPRE)ldap_key_seq.$(OBJEXT)
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/README.asn1 b/krb5-1.21.3/src/lib/krb5/asn.1/README.asn1
new file mode 100644
index 00000000..4990eec4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/README.asn1
@@ -0,0 +1,572 @@
+These notes attempt to explain how to use the ASN.1 infrastructure to
+add new ASN.1 types.  ASN.1 is complicated and easy to get wrong, so
+it is best to verify your results against another tool (such as asn1c)
+if at all possible.  These notes are up to date as of 2012-02-13.
+
+If you are trying to debug a problem that shows up in the ASN.1
+encoder or decoder, skip to the last section.
+
+
+General
+-------
+
+For the moment, a developer must hand-translate the ASN.1 module into
+macro invocations that generate data structures used by the encoder
+and decoder.  Ideally we would have a tool to compile an ASN.1 module
+(and probably some additional information about C identifier mappings)
+and generate the macro invocations.
+
+Currently the ASN.1 infrastructure is not visible to applications or
+plugins.  For plugin modules shipped as part of the krb5 tree, the
+types can be added to asn1_k_encode.c and exported from libkrb5.
+Plugin modules built separately from the krb5 tree must use another
+tool (such as asn1c) for now if they need to do ASN.1 encoding or
+decoding.
+
+
+Tags
+----
+
+Before you start writing macro invocations, it is important to
+understand a little bit about ASN.1 tags.  You will most commonly see
+tag notation in a sequence definition, like:
+
+  TypeName ::= SEQUENCE {
+    field-name [0] IMPLICIT OCTET STRING OPTIONAL
+  }
+
+Contrary to intuition, the tag notation "[0] IMPLICIT" is not a
+property of the sequence field; instead, it specifies a type that
+wraps the type to the right (OCTET STRING).  The right way to think
+about the above definition is:
+
+  TypeName is defined as a sequence type
+    which has an optional field named field-name
+      whose type is a tagged type
+        the tag's class is context-specific (by default)
+        the tag's number is 0
+        it is an implicit tag
+        the tagged type wraps OCTET STRING
+
+The other case you are likely to see tag notation is something like:
+
+  AS-REQ ::= [APPLICATION 10] KDC-REQ
+
+This example defines AS-REQ to be a tagged type whose class is
+application, whose tag number is 10, and whose base type is KDC-REQ.
+The tag may be implicit or explicit depending on the module's tag
+environment, which we will get to in a moment.
+
+Tags can have one of four classes: universal, application, private,
+and context-specific.  Universal tags are used for built-in ASN.1
+types.  Application and context-specific tags are the most common to
+see in ASN.1 modules; private is rarely used.  If no tag class is
+specified, the default is context-specific.
+
+Tags can be explicit or implicit, and the distinction is important to
+the wire encoding.  If a tag's closing bracket is followed by the word
+IMPLICIT or EXPLICIT, then it is clear which kind of tag it is, but
+usually there will be no such annotation.  If not, the default depends
+on the header of the ASN.1 module.  Look at the top of the module for
+the word DEFINITIONS.  It may be followed by one of three phrases:
+
+* EXPLICIT TAGS -- in this case, tags default to explicit
+* IMPLICIT TAGS -- in this case, tags default to implicit (usually)
+* AUTOMATIC TAGS -- tags default to implicit (usually) and are also
+  automatically added to sequence fields (usually)
+
+If none of those phrases appear, the default is explicit tags.
+
+Even if a module defaults to implicit tags, a tag defaults to explicit
+if its base type is a choice type or ANY type (or the information
+object equivalent of an ANY type).
+
+If the module's default is AUTOMATIC TAGS, sequence and set fields
+should have ascending context-specific tags wrapped around the field
+types, starting from 0, unless one of the fields of the sequence or
+set is already a tagged type.  See ITU X.680 section 24.2 for details,
+particularly if COMPONENTS OF is used in the sequence definition.
+
+
+Basic types
+-----------
+
+In our infrastructure, a type descriptor specifies a mapping between
+an ASN.1 type and a C type.  The first step is to ensure that type
+descriptors are defined for the basic types used by your ASN.1 module,
+as mapped to the C types used in your structures, in asn1_k_encode.c.
+If not, you will need to create it.  For a BOOLEAN or INTEGER ASN.1
+type, you will use one of these macros:
+
+  DEFBOOLTYPE(descname, ctype)
+  DEFINTTYPE(descname, ctype)
+  DEFUINTTYPE(descname, ctype)
+
+where "descname" is an identifier you make up and "ctype" is the
+integer type of the C object you want to map the ASN.1 value to.  For
+integers, use DEFINTTYPE if the C type is a signed integer type and
+DEFUINTTYPE if it is an unsigned type.  (For booleans, the distinction
+is unimportant since all integer types can hold the values 0 and 1.)
+We don't generally define integer mappings for every typedef name of
+an integer type.  For example, we use the type descriptor int32, which
+maps an ASN.1 INTEGER to an int32_t, for krb5_enctype values.
+
+String types are a little more complicated.  Our practice is to store
+strings in a krb5_data structure (rather than a zero-terminated C
+string), so our infrastructure currently assumes that all strings are
+represented as "counted types", meaning the C representation is a
+combination of a pointer and an integer type.  So, first you must
+declare a counted type descriptor (we will describe those in more
+detail later) with something like:
+
+  DEFCOUNTEDSTRINGTYPE(generalstring, char *, unsigned int,
+                       k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                       ASN1_GENERALSTRING);
+
+The first parameter is an identifier you make up.  The second and
+third parameters are the C types of the pointer and integer holding
+the string; for a krb5_data object, those should be the types in the
+example.  The pointer type must be char * or uint8_t *.  The fourth
+and fifth parameters reference primitive encoder and decoder
+functions; these should almost always be the ones in the example,
+unless the ASN.1 type is BIT STRING.  The sixth parameter is the
+universal tag number of the ASN.1 type, as defined in krbasn1.h.
+
+Once you have defined the counted type, you can define a normal type
+descriptor to wrap it in a krb5_data structure with something like:
+
+  DEFCOUNTEDTYPE(gstring_data, krb5_data, data, length, generalstring);
+
+
+Sequences
+---------
+
+In our infrastructure, we model ASN.1 sequences using an array of
+normal type descriptors.  Each type descriptor is applied in turn to
+the C object to generate (or consume) an encoding of an ASN.1 value.
+
+Of course, each value needs to be stored in a different place within
+the C object, or they would just overwrite each other.  To address
+this, you must create an offset type wrapper for each sequence field:
+
+  DEFOFFSETTYPE(descname, structuretype, fieldname, basedesc)
+
+where "descname" is an identifier you make up, "structuretype" and
+"fieldtype" are used to compute the offset and type-check the
+structure field, and "basedesc" is the type of the ASN.1 object to be
+stored at that offset.
+
+If your C structure contains a pointer to another C object, you will
+need to first define a pointer wrapper, which is very simple:
+
+  DEFPTRTYPE(descname, basedesc)
+
+Then wrap the defined pointer type in an offset type as described
+above.  Once a pointer descriptor is defined for a base descriptor, it
+can be reused many times, so pointer descriptors are usually defined
+right after the types they wrap.  When decoding, pointer wrappers
+cause a pointer to be allocated with a block of memory equal to the
+size of the C type corresponding to the base type.  (For offset types,
+the corresponding C type is the structure type inside which the offset
+is computed.)  It is okay for several fields of a sequence to
+reference the same pointer field within a structure, as long as the
+pointer types all wrap base types with the same corresponding C type.
+
+If the sequence field has a context tag attached to its type, you will
+also need to create a tag wrapper for it:
+
+  DEFCTAGGEDTYPE(descname, tagnum, basedesc)
+  DEFCTAGGEDTYPE_IMPLICIT(descname, tagnum, basedesc)
+
+Use the first macro for explicit context tags and the second for
+implicit context tags.  "tagnum" is the number of the context-specific
+tag, and "basedesc" is the name you chose for the offset type above.
+
+You don't actually need to separately write out DEFOFFSETTYPE and
+DEFCTAGGEDTYPE for each field.  The combination of offset and context
+tag is so common that we have a macro to combine them:
+
+  DEFFIELD(descname, structuretype, fieldname, tagnum, basedesc)
+  DEFFIELD_IMPLICIT(descname, structuretype, fieldname, tagnum, basedesc)
+
+Once you have defined tag and offset wrappers for each sequence field,
+combine them together in an array and use the DEFSEQTYPE macro to
+define the sequence type descriptor:
+
+  static const struct atype_info *my_sequence_fields[] = {
+      &k5_atype_my_sequence_0, &k5_atype_my_sequence_1,
+  };
+  DEFSEQTYPE(my_sequence, structuretype, my_sequence_fields)
+
+Each field name must by prefixed by "&k5_atype_" to get a pointer to
+the actual variable used to hold the type descriptor.
+
+ASN.1 sequence types may or may not be defined to be extensible, and
+may group extensions together in blocks which must appear together.
+Our model does not distinguish these cases.  Our decoder treats all
+sequence types as extensible.  Extension blocks must be modeled by
+making all of the extension fields optional, and the decoder will not
+enforce that they appear together.
+
+If your ASN.1 sequence contains optional fields, keep reading.
+
+
+Optional sequence fields
+------------------------
+
+ASN.1 sequence fields can be annotated with OPTIONAL or, less
+commonly, with DEFAULT VALUE.  (Be aware that if DEFAULT VALUE is
+specified for a sequence field, DER mandates that fields with that
+value not be encoded within the sequence.  Most standards in the
+Kerberos ecosystem avoid the use of DEFAULT VALUE for this reason.)
+Although optionality is a property of sequence or set fields, not
+types, we still model optional sequence fields using type wrappers.
+Optional type wrappers must only be used as members of a sequence,
+although they can be nested in offset or pointer wrappers first.
+
+The simplest way to represent an optional value in a C structure is
+with a pointer which takes the value NULL if the field is not present.
+In this case, you can just use DEFOPTIONALZEROTYPE to wrap the pointer
+type:
+
+  DEFPTRTYPE(ptr_basetype, basetype);
+  DEFOPTIONALZEROTYPE(opt_ptr_basetype, ptr_basetype);
+
+and then use opt_ptr_basetype in the DEFFIELD invocation for the
+sequence field.  DEFOPTIONALZEROTYPE can also be used for integer
+types, if it is okay for the value 0 to represent that the
+corresponding ASN.1 value is omitted.  Optional-zero wrappers, like
+pointer wrappers, are usually defined just after the types they wrap.
+
+For null-terminated sequences, you can use a wrapper like this:
+
+  DEFOPTIONALEMPTYTYPE(opt_seqof_basetype, seqof_basetype)
+
+to omit the sequence if it is either NULL or of zero length.
+
+A more general way to wrap optional types is:
+
+  DEFOPTIONALTYPE(descname, predicatefn, initfn, basedesc);
+
+where "predicatefn" has the signature "int (*fn)(const void *p)" and
+is used by the encoder to test whether the ASN.1 value is present in
+the C object.  "initfn" has the signature "void (*fn)(void *p)" and is
+used by the decoder to initialize the C object field if the
+corresponding ASN.1 value is omitted in the wire encoding.  "initfn"
+can be NULL, in which case the C object will simply be left alone.
+All C objects are initialized to zero-filled memory when they are
+allocated by the decoder.
+
+An optional string type, represented in a krb5_data structure, can be
+wrapped using the nonempty_data function already defined in
+asn1_k_encode.c, like so:
+
+  DEFOPTIONALTYPE(opt_ostring_data, nonempty_data, NULL, ostring_data);
+
+
+Sequence-of types
+-----------------
+
+ASN.1 sequence-of types can be represented as C types in two ways.
+The simplest is to use an array of pointers terminated in a null
+pointer.  A descriptor for a sequence-of represented this way is
+defined in three steps:
+
+  DEFPTRTYPE(ptr_basetype, basetype);
+  DEFNULLTERMSEQOFTYPE(seqof_basetype, ptr_basetype);
+  DEFPTRTYPE(ptr_seqof_basetype, seqof_basetype);
+
+If the C type corresponding to basetype is "ctype", then the C type
+corresponding to ptr_seqof_basetype will be "ctype **".  The middle
+type sort of corresponds to "ctype *", but not exactly, as it
+describes an object of variable size.
+
+You can also use DEFNONEMPTYNULLTERMSEQOFTYPE in the second step.  In
+this case, the encoder will throw an error if the sequence is empty.
+For historical reasons, the decoder will *not* throw an error if the
+sequence is empty, so the calling code must check before assuming a
+first element is present.
+
+The other way of representing sequences is through a combination of
+pointer and count.  This pattern is most often used for compactness
+when the base type is an integer type.  A descriptor for a sequence-of
+represented this way is defined using a counted type descriptor:
+
+  DEFCOUNTEDSEQOFTYPE(descname, lentype, basedesc)
+
+where "lentype" is the C type of the length and "basedesc" is a
+pointer wrapper for the sequence element type (*not* the element type
+itself).  For example, an array of 32-bit signed integers is defined
+as:
+
+  DEFINTTYPE(int32, int32_t);
+  DEFPTRTYPE(int32_ptr, int32);
+  DEFCOUNTEDSEQOFTYPE(cseqof_int32, int32_t, int32_ptr);
+
+To use a counted sequence-of type in a sequence, use DEFCOUNTEDTYPE:
+
+  DEFCOUNTEDTYPE(descname, structuretype, ptrfield, lenfield, cdesc)
+
+where "structuretype", "ptrfield", and "lenfield" are used to compute
+the field offsets and type-check the structure fields, and "cdesc" is
+the name of the counted type descriptor.
+
+The combination of DEFCOUNTEDTYPE and DEFCTAGGEDTYPE can be
+abbreviated using DEFCNFIELD:
+
+  DEFCNFIELD(descname, structuretype, ptrfield, lenfield, tagnum, cdesc)
+
+
+Tag wrappers
+------------
+
+We've previously covered DEFCTAGGEDTYPE and DEFCTAGGEDTYPE_IMPLICIT,
+which are used to define context-specific tag wrappers.  There are
+two other macros for creating tag wrappers.  The first is:
+
+  DEFAPPTAGGEDTYPE(descname, tagnum, basedesc)
+
+Use this macro to model an "[APPLICATION tagnum]" tag wrapper in an
+ASN.1 module.
+
+There is also a general tag wrapper macro:
+
+  DEFTAGGEDTYPE(descname, class, construction, tag, implicit, basedesc)
+
+where "class" is one of UNIVERSAL, APPLICATION, CONTEXT_SPECIFIC, or
+PRIVATE, "construction" is one of PRIMITIVE or CONSTRUCTED, "tag" is
+the tag number, "implicit" is 1 for an implicit tag and 0 for an
+explicit tag, and "basedesc" is the wrapped type.  Note that that
+primitive vs. constructed is not a concept within the abstract ASN.1
+type model, but is instead a concept used in DER.  In general, all
+explicit tags should be constructed (but see the section on "Dirty
+tricks" below).  The construction parameter is ignored for implicit
+tags.
+
+
+Choice types
+------------
+
+ASN.1 CHOICE types are represented in C using a signed integer
+distinguisher and a union.  Modeling a choice type happens in three
+steps:
+
+1. Define type descriptors for each alternative of the choice,
+typically using DEFCTAGGEDTYPE to create a tag wrapper for an existing
+type.  There is no need to create offset type wrappers, as union
+fields always have an offset of 0.  For example:
+
+  DEFCTAGGEDTYPE(my_choice_0, 0, firstbasedesc);
+  DEFCTAGGEDTYPE(my_choice_1, 1, secondbasedesc);
+
+2. Assemble them into an array, similar to how you would for a
+sequence, and use DEFCHOICETYPE to create a counted type descriptor:
+
+  static const struct atype_info *my_choice_alternatives[] = {
+      &k5_atype_my_choice_0, &k5_atype_my_choice_1
+  };
+  DEFCHOICETYPE(my_choice, union my_choice_choices, enum my_choice_selector,
+                my_choice_alternatives);
+
+The second and third parameters to DEFCHOICETYPE are the C types of
+the union and distinguisher fields.
+
+3. Wrap the counted type descriptor in a type descriptor for the
+structure containing the distinguisher and union:
+
+  DEFCOUNTEDTYPE_SIGNED(descname, structuretype, u, choice, my_choice);
+
+The third and fourth parameters to DEFCOUNTEDTYPE_SIGNED are the field
+names of the union and distinguisher fields within structuretype.
+
+ASN.1 choice types may be defined to be extensible, or may not be.
+Our model does not distinguish between the two cases.  Our decoder
+treats all choice types as extensible.
+
+Our encoder will throw an error if the distinguisher is not within the
+range of valid offsets of the alternatives array.  Our decoder will
+set the distinguisher to -1 if the tag of the ASN.1 value is not
+matched by any of the alternatives, and will leave the union
+zero-filled in that case.
+
+
+Counted type descriptors
+------------------------
+
+Several times in earlier sections we've referred to the notion of
+"counted type descriptors" without defining what they are.  Counted
+type descriptors live in a separate namespace from normal type
+descriptors, and specify a mapping between an ASN.1 type and two C
+objects, one of them having integer type.  There are four kinds of
+counted type descriptors, defined using the following macros:
+
+  DEFCOUNTEDSTRINGTYPE(descname, ptrtype, lentype, encfn, decfn, tagnum)
+  DEFCOUNTEDDERTYPE(descname, ptrtype, lentype)
+  DEFCOUNTEDSEQOFTYPE(descname, lentype, baseptrdesc)
+  DEFCHOICETYPE(descname, uniontype, distinguishertype, fields)
+
+DEFCOUNTEDDERTYPE is described in the "Dirty tricks" section below.
+The other three kinds of counted types have been covered previously.
+
+Counted types are always used by wrapping them in a normal type
+descriptor with one of these macros:
+
+  DEFCOUNTEDTYPE(descname, structuretype, datafield, countfield, cdesc)
+  DEFCOUNTEDTYPE_SIGNED(descname, structuretype, datafield, countfield, cdesc)
+
+These macros are similar in concept to an offset type, only with two
+offsets.  Use DEFCOUNTEDTYPE if the count field is unsigned,
+DEFCOUNTEDTYPE_SIGNED if it is signed.
+
+
+Defining encoder and decoder functions
+--------------------------------------
+
+After you have created a type descriptor for your types, you need to
+create encoder or decoder functions for the ones you want calling code
+to be able to process.  Do this with one of the following macros:
+
+  MAKE_ENCODER(funcname, desc)
+  MAKE_DECODER(funcname, desc)
+  MAKE_CODEC(typename, desc)
+
+MAKE_ENCODER and MAKE_DECODER allow you to choose function names.
+MAKE_CODEC defines encoder and decoder functions with the names
+"encode_typename" and "decode_typename".
+
+If you are defining functions for a null-terminated sequence, use the
+descriptor created with DEFNULLTERMSEQOFTYPE or
+DEFNONEMPTYNULLTERMSEQOFTYPE, rather than the pointer to it.  This is
+because encoder and decoder functions implicitly traffic in pointers
+to the C object being encoded or decoded.
+
+Encoder and decoder functions must be prototyped separately, either in
+k5-int.h or in a subsidiary included by it.  Encoder functions have
+the prototype:
+
+  krb5_error_code encode_typename(const ctype *rep, krb5_data **code_out);
+
+where "ctype" is the C type corresponding to desc.  Decoder functions
+have the prototype:
+
+  krb5_error_code decode_typename(const krb5_data *code, ctype **rep_out);
+
+Decoder functions allocate a container for the C type of the object
+being decoded and return a pointer to it in *rep_out.
+
+
+Writing test cases
+------------------
+
+New ASN.1 types in libkrb5 will typically only be accepted with test
+cases.  Our current test framework lives in src/tests/asn.1.  Adding
+new types to this framework involves the following steps:
+
+1. Define an initializer for a sample value of the type in ktest.c,
+named ktest_make_sample_typename().  Also define a contents-destructor
+for it, named ktest_empty_typename().  Prototype these functions in
+ktest.h.
+
+2. Define an equality test for the type in ktest_equal.c.  Prototype
+this in ktest_equal.h.  (This step is not necessary if the type has no
+decoder.)
+
+3. Add a test case to krb5_encode_test.c, following the examples of
+existing test cases there.  Update reference_encode.out and
+trval_reference.out to contain the output generated by your test case.
+
+4. Add a test case to krb5_decode_test.c, following the examples of
+existing test cases there, and using the output generated by your
+encode test.
+
+5. Add a test case to krb5_decode_leak.c, following the examples of
+existing test cases there.
+
+Following these steps will not ensure the correctness of your
+translation of the ASN.1 module to macro invocations; it only lets us
+detect unintentional changes to the encodings after they are defined.
+To ensure that your translations are correct, you should extend
+tests/asn.1/make-vectors.c and use "make test-vectors" to create
+vectors using asn1c.
+
+
+Dirty tricks
+------------
+
+In rare cases you may want to represent the raw DER encoding of a
+value in the C structure.  If so, you can use DEFCOUNTEDDERTYPE (or
+more likely, the existing der_data type descriptor).  The encoder and
+decoder will throw errors if the wire encoding doesn't have a valid
+outermost tag, so be sure to use valid DER encodings in your test
+cases (see ktest_make_sample_algorithm_identifier for an example).
+
+Conversely, the ASN.1 module may define an OCTET STRING wrapper around
+a DER encoding which you want to represent as the decoded value.  (The
+existing example of this is in PKINIT hash agility, where the
+PartyUInfo and PartyVInfo fields of OtherInfo are defined as octet
+strings which contain the DER encodings of KRB5PrincipalName values.)
+In this case you can use a DEFTAGGEDTYPE wrapper like so:
+
+  DEFTAGGEDTYPE(descname, UNIVERSAL, PRIMITIVE, ASN1_OCTETSTRING, 0,
+                basedesc)
+
+
+Limitations
+-----------
+
+We cannot currently encode or decode SET or SET OF types.
+
+We cannot model self-referential types (like "MATHSET ::= SET OF
+MATHSET").
+
+If a sequence uses an optional field that is a choice field (without
+a context tag wrapper), or an optional field that uses a stored DER
+encoding (again, without a context tag wrapper), our decoder may
+assign a value to the choice or stored-DER field when the correct
+behavior is to skip that field and assign the value to a subsequent
+field.  It should be very rare for ASN.1 modules to use choice or open
+types this way.
+
+
+Debugging
+---------
+
+If you are looking at a stack trace with a bunch of ASN.1 encoder or
+decoder calls at the top, here are some notes that might help with
+debugging:
+
+1. You may have noticed that the entry point into the encoder is
+defined by a macro like MAKE_CODEC.  Don't worry about this; those
+macros just define thin wrappers around k5_asn1_full_encode and
+k5_asn1_full_decode.  If you are stepping through code and hit a
+wrapper function, just enter "step" to get into the actual encoder or
+decoder function.
+
+2. If you are in the encoder, look for stack frames in
+encode_sequence(), and print the value of i within those stack frames.
+You should be able to subtract 1 from those values and match them up
+with the sequence field offsets in asn1_k_encode.c for the type being
+encoded.  For example, if an as-req is being encoded and the i values
+(starting with the one closest to encode_krb5_as_req) are 4, 2, and 2,
+you could match those up as following:
+
+* as_req_encode wraps untagged_as_req, whose field at offset 3 is the
+  descriptor for kdc_req_4, which wraps kdc_req_body.
+
+* kdc_req_body is a function wrapper around kdc_req_hack, whose field
+  at offset 1 is the descriptor for req_body_1, which wraps
+  opt_principal.
+
+* opt_principal wraps principal, which wraps principal_data, whose
+  field at offset 1 is the descriptor for princname_1.
+
+* princname_1 is a sequence of general strings represented in the data
+  and length fields of the krb5_principal_data structure.
+
+So the problem would likely be in the data components of the client
+principal in the kdc_req structure.
+
+3. If you are in the decoder, look for stacks frames in
+decode_sequence(), and again print the values of i.  You can match
+these up just as above, except without subtracting 1 from the i
+values.
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/TODO.asn1 b/krb5-1.21.3/src/lib/krb5/asn.1/TODO.asn1
new file mode 100644
index 00000000..6459f644
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/TODO.asn1
@@ -0,0 +1,75 @@
+-*- text -*-
+
+Stuff that should still be done on the ASN.1 encoder conversion:
+
+* Make offsetof uses conforming.  Currently we may use foo.bar or
+  foo[0] as fields.
+
+* Script to generate the tables.  Then each type or field entry can
+  generate multiple bits of code, instead of forcing us to bury the
+  type consistency checking into the structure initializer
+  expression.  For example, we might generate these bits of code from
+  one field descriptor:
+
+  * Field table entry.
+
+  * Type-checking code: Create a pointer of the expected type and a
+    pointer of the actual type (address of field of automatic struct),
+    and verify consistency with comparison, assignment, or conditional
+    expr.  Plenty of comments to indicate what's being compared and
+    what a compiler complain means.
+
+  * Range-checking code for bitfields: Create an automatic field info
+    struct, fill in the computed offset or whatever, read it back,
+    make sure it matches.  Also with comments.
+
+  * Possibly header declarations describing the types that could be
+    imported, with correct handles *and* C types.
+
+  * Static declarations for non-exported types to keep symbol table
+    sizes down.
+
+  Then similar bits of code (e.g., all the field table entries) can be
+  pulled together into the appropriate places.
+
+* Some kind of "module" system for exporting and importing encoders,
+  better than relying on the "type_*" variable names.  Probably use
+  meaningful strings that indicate both the ASN.1 type and the
+  associated C type.  Find a way to fit "imported type" into this
+  scheme so that we can cleanly move the PKINIT types into the PKINIT
+  plugin, the LDAP types into the LDAP plugin, etc., and still let
+  them use the encoders in the code.  Only a subset of types would be
+  exported probably.
+
+* More compact encoding: For struct atype and struct cntype, we could
+  use structures with a common base type (similar to Xlib events)
+  instead of a base structure with a void pointer, to save the cost of
+  a pointer for each type.  Doing this might not be strictly correct
+  C.
+
+* Pie in the sky: A verbose mode that can tell you "missing field
+  KDC-REP.cname.name-string[1].data" or some such.  This would require
+  tracking the stack of pending encodes and adding strings with type
+  and field names.
+
+* For ALL_POINTERS_ARE_THE_SAME mode (which is not strictly conforming
+  with the C standard, and thus not default currently, but makes
+  things a little smaller and faster), eliminate the loadptr structure
+  entry.  (Note that if this infrastructure becomes exposed to
+  plugins, ALL_POINTERS_ARE_THE_SAME changes the ABI.)
+
+* Maybe: Reorganize the data of a "module" so everything needing
+  relocation is put in some tables, referenced by index from other
+  structures without relocations.  E.g., for krb5_data, here's the
+  offset for the data pointer, here's the offset for the length value,
+  here's the index into the pointer reader function table, here's the
+  index into the length reader function table, here's an index into
+  the string-type encoder table.
+
+  Using an index into a set of pointer types, with a single function
+  taking an integer parameter used to switch between various
+  ptr-to-ptr-to-type code paths, will be a lot smaller -- with a good
+  compiler the function will probably collapse to a simple
+  fetch-a-pointer function ignoring the integer argument, while at the
+  C level it's strictly conforming by using the correct types for
+  access.
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/asn1_encode.c b/krb5-1.21.3/src/lib/krb5/asn.1/asn1_encode.c
new file mode 100644
index 00000000..c4140021
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/asn1_encode.c
@@ -0,0 +1,1585 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/asn.1/asn1_encode.c */
+/*
+ * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "asn1_encode.h"
+
+struct asn1buf_st {
+    uint8_t *ptr;               /* Position, moving backwards; may be NULL */
+    size_t count;               /* Count of bytes written so far */
+};
+
+/**** Functions for encoding primitive types ****/
+
+/* Insert one byte into buf going backwards. */
+static inline void
+insert_byte(asn1buf *buf, uint8_t o)
+{
+    if (buf->ptr != NULL) {
+        buf->ptr--;
+        *buf->ptr = o;
+    }
+    buf->count++;
+}
+
+/* Insert a block of bytes into buf going backwards (but without reversing
+ * bytes). */
+static inline void
+insert_bytes(asn1buf *buf, const void *bytes, size_t len)
+{
+    if (buf->ptr != NULL) {
+        memcpy(buf->ptr - len, bytes, len);
+        buf->ptr -= len;
+    }
+    buf->count += len;
+}
+
+void
+k5_asn1_encode_bool(asn1buf *buf, intmax_t val)
+{
+    insert_byte(buf, val ? 0xFF : 0x00);
+}
+
+void
+k5_asn1_encode_int(asn1buf *buf, intmax_t val)
+{
+    long valcopy;
+    int digit;
+
+    valcopy = val;
+    do {
+        digit = valcopy & 0xFF;
+        insert_byte(buf, digit);
+        valcopy = valcopy >> 8;
+    } while (valcopy != 0 && valcopy != ~0);
+
+    /* Make sure the high bit is of the proper signed-ness. */
+    if (val > 0 && (digit & 0x80) == 0x80)
+        insert_byte(buf, 0);
+    else if (val < 0 && (digit & 0x80) != 0x80)
+        insert_byte(buf, 0xFF);
+}
+
+void
+k5_asn1_encode_uint(asn1buf *buf, uintmax_t val)
+{
+    uintmax_t valcopy;
+    int digit;
+
+    valcopy = val;
+    do {
+        digit = valcopy & 0xFF;
+        insert_byte(buf, digit);
+        valcopy = valcopy >> 8;
+    } while (valcopy != 0);
+
+    /* Make sure the high bit is of the proper signed-ness. */
+    if (digit & 0x80)
+        insert_byte(buf, 0);
+}
+
+krb5_error_code
+k5_asn1_encode_bytestring(asn1buf *buf, uint8_t *const *val, size_t len)
+{
+    if (len > 0 && val == NULL)
+        return ASN1_MISSING_FIELD;
+    insert_bytes(buf, *val, len);
+    return 0;
+}
+
+krb5_error_code
+k5_asn1_encode_generaltime(asn1buf *buf, time_t val)
+{
+    struct tm *gtime, gtimebuf;
+    char s[16], *sp;
+    time_t gmt_time = val;
+    int len;
+
+    /*
+     * Time encoding: YYYYMMDDhhmmssZ
+     */
+    if (gmt_time == 0) {
+        sp = "19700101000000Z";
+    } else {
+        /*
+         * Sanity check this just to be paranoid, as gmtime can return NULL,
+         * and some bogus implementations might overrun on the sprintf.
+         */
+#ifdef HAVE_GMTIME_R
+#ifdef GMTIME_R_RETURNS_INT
+        if (gmtime_r(&gmt_time, &gtimebuf) != 0)
+            return ASN1_BAD_GMTIME;
+#else
+        if (gmtime_r(&gmt_time, &gtimebuf) == NULL)
+            return ASN1_BAD_GMTIME;
+#endif
+#else /* HAVE_GMTIME_R */
+        gtime = gmtime(&gmt_time);
+        if (gtime == NULL)
+            return ASN1_BAD_GMTIME;
+        memcpy(&gtimebuf, gtime, sizeof(gtimebuf));
+#endif /* HAVE_GMTIME_R */
+        gtime = &gtimebuf;
+
+        if (gtime->tm_year > 8099 || gtime->tm_mon > 11 ||
+            gtime->tm_mday > 31 || gtime->tm_hour > 23 ||
+            gtime->tm_min > 59 || gtime->tm_sec > 59)
+            return ASN1_BAD_GMTIME;
+        len = snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ",
+                       1900 + gtime->tm_year, gtime->tm_mon + 1,
+                       gtime->tm_mday, gtime->tm_hour,
+                       gtime->tm_min, gtime->tm_sec);
+        if (SNPRINTF_OVERFLOW(len, sizeof(s)))
+            /* Shouldn't be possible given above tests.  */
+            return ASN1_BAD_GMTIME;
+        sp = s;
+    }
+
+    insert_bytes(buf, sp, 15);
+    return 0;
+}
+
+krb5_error_code
+k5_asn1_encode_bitstring(asn1buf *buf, uint8_t *const *val, size_t len)
+{
+    insert_bytes(buf, *val, len);
+    insert_byte(buf, 0);
+    return 0;
+}
+
+/**** Functions for decoding primitive types ****/
+
+krb5_error_code
+k5_asn1_decode_bool(const uint8_t *asn1, size_t len, intmax_t *val)
+{
+    if (len != 1)
+        return ASN1_BAD_LENGTH;
+    *val = (*asn1 != 0);
+    return 0;
+}
+
+/* Decode asn1/len as the contents of a DER integer, placing the signed result
+ * in val. */
+krb5_error_code
+k5_asn1_decode_int(const uint8_t *asn1, size_t len, intmax_t *val)
+{
+    intmax_t n;
+    size_t i;
+
+    if (len == 0)
+        return ASN1_BAD_LENGTH;
+    n = (asn1[0] & 0x80) ? -1 : 0;
+    /* Check length. */
+    if (len > sizeof(intmax_t))
+        return ASN1_OVERFLOW;
+    for (i = 0; i < len; i++)
+        n = n * 256 + asn1[i];
+    *val = n;
+    return 0;
+}
+
+/* Decode asn1/len as the contents of a DER integer, placing the unsigned
+ * result in val. */
+krb5_error_code
+k5_asn1_decode_uint(const uint8_t *asn1, size_t len, uintmax_t *val)
+{
+    uintmax_t n;
+    size_t i;
+
+    if (len == 0)
+        return ASN1_BAD_LENGTH;
+    /* Check for negative values and check length. */
+    if ((asn1[0] & 0x80) || len > sizeof(uintmax_t) + (asn1[0] == 0))
+        return ASN1_OVERFLOW;
+    for (i = 0, n = 0; i < len; i++)
+        n = (n << 8) | asn1[i];
+    *val = n;
+    return 0;
+}
+
+krb5_error_code
+k5_asn1_decode_bytestring(const uint8_t *asn1, size_t len,
+                          uint8_t **str_out, size_t *len_out)
+{
+    uint8_t *str;
+
+    *str_out = NULL;
+    *len_out = 0;
+    if (len == 0)
+        return 0;
+    str = malloc(len);
+    if (str == NULL)
+        return ENOMEM;
+    memcpy(str, asn1, len);
+    *str_out = str;
+    *len_out = len;
+    return 0;
+}
+
+krb5_error_code
+k5_asn1_decode_generaltime(const uint8_t *asn1, size_t len, time_t *time_out)
+{
+    const char *s = (char *)asn1;
+    struct tm ts;
+    time_t t;
+    size_t i;
+
+    *time_out = 0;
+    if (len != 15)
+        return ASN1_BAD_LENGTH;
+    /* Time encoding: YYYYMMDDhhmmssZ */
+    if (s[14] != 'Z')
+        return ASN1_BAD_FORMAT;
+    if (memcmp(s, "19700101000000Z", 15) == 0) {
+        *time_out = 0;
+        return 0;
+    }
+#define c2i(c) ((c) - '0')
+    for (i = 0; i < 14; ++i) {
+        if ((uint8_t)c2i(s[i]) > 9)
+            return ASN1_BAD_TIMEFORMAT;
+    }
+    ts.tm_year = 1000 * c2i(s[0]) + 100 * c2i(s[1]) + 10 * c2i(s[2]) +
+        c2i(s[3]) - 1900;
+    ts.tm_mon = 10 * c2i(s[4]) + c2i(s[5]) - 1;
+    ts.tm_mday = 10 * c2i(s[6]) + c2i(s[7]);
+    ts.tm_hour = 10 * c2i(s[8]) + c2i(s[9]);
+    ts.tm_min = 10 * c2i(s[10]) + c2i(s[11]);
+    ts.tm_sec = 10 * c2i(s[12]) + c2i(s[13]);
+    ts.tm_isdst = -1;
+    t = krb5int_gmt_mktime(&ts);
+    if (t == -1)
+        return ASN1_BAD_TIMEFORMAT;
+    *time_out = t;
+    return 0;
+}
+
+/*
+ * Note: we return the number of bytes, not bits, in the bit string.  If the
+ * number of bits is not a multiple of 8 we effectively round up to the next
+ * multiple of 8.
+ */
+krb5_error_code
+k5_asn1_decode_bitstring(const uint8_t *asn1, size_t len,
+                         uint8_t **bits_out, size_t *len_out)
+{
+    uint8_t unused, *bits;
+
+    *bits_out = NULL;
+    *len_out = 0;
+    if (len == 0)
+        return ASN1_BAD_LENGTH;
+    unused = *asn1++;
+    len--;
+    if (unused > 7)
+        return ASN1_BAD_FORMAT;
+
+    bits = malloc(len);
+    if (bits == NULL)
+        return ENOMEM;
+    memcpy(bits, asn1, len);
+    if (len > 1)
+        bits[len - 1] &= (0xff << unused);
+
+    *bits_out = bits;
+    *len_out = len;
+    return 0;
+}
+
+/**** Functions for encoding and decoding tags ****/
+
+/* Encode a DER tag into buf with the tag parameters in t and the content
+ * length len.  Place the length of the encoded tag in *retlen. */
+static krb5_error_code
+make_tag(asn1buf *buf, const taginfo *t, size_t len)
+{
+    asn1_tagnum tag_copy;
+    size_t len_copy, oldcount;
+
+    if (t->tagnum > ASN1_TAGNUM_MAX)
+        return ASN1_OVERFLOW;
+
+    /* Encode the length of the content within the tag. */
+    if (len < 128) {
+        insert_byte(buf, len & 0x7F);
+    } else {
+        oldcount = buf->count;
+        for (len_copy = len; len_copy != 0; len_copy >>= 8)
+            insert_byte(buf, len_copy & 0xFF);
+        insert_byte(buf, 0x80 | ((buf->count - oldcount) & 0x7F));
+    }
+
+    /* Encode the tag and construction bit. */
+    if (t->tagnum < 31) {
+        insert_byte(buf, t->asn1class | t->construction | t->tagnum);
+    } else {
+        tag_copy = t->tagnum;
+        insert_byte(buf, tag_copy & 0x7F);
+        tag_copy >>= 7;
+
+        for (; tag_copy != 0; tag_copy >>= 7)
+            insert_byte(buf, 0x80 | (tag_copy & 0x7F));
+
+        insert_byte(buf, t->asn1class | t->construction | 0x1F);
+    }
+
+    return 0;
+}
+
+/*
+ * Read a DER tag and length from asn1/len.  Place the tag parameters in
+ * tag_out.  Set contents_out/clen_out to the octet range of the tag's
+ * contents, and remainder_out/rlen_out to the octet range after the end of the
+ * DER encoding.
+ */
+static krb5_error_code
+get_tag(const uint8_t *asn1, size_t len, taginfo *tag_out,
+        const uint8_t **contents_out, size_t *clen_out,
+        const uint8_t **remainder_out, size_t *rlen_out)
+{
+    uint8_t o;
+    const uint8_t *tag_start = asn1;
+    size_t clen, llen, i;
+
+    *contents_out = *remainder_out = NULL;
+    *clen_out = *rlen_out = 0;
+    if (len == 0)
+        return ASN1_OVERRUN;
+    o = *asn1++;
+    len--;
+    tag_out->asn1class = o & 0xC0;
+    tag_out->construction = o & 0x20;
+    if ((o & 0x1F) != 0x1F) {
+        tag_out->tagnum = o & 0x1F;
+    } else {
+        tag_out->tagnum = 0;
+        do {
+            if (len == 0)
+                return ASN1_OVERRUN;
+            if (tag_out->tagnum > (ASN1_TAGNUM_MAX >> 7))
+                return ASN1_OVERFLOW;
+            o = *asn1++;
+            len--;
+            tag_out->tagnum = (tag_out->tagnum << 7) | (o & 0x7F);
+        } while (o & 0x80);
+        /* Check for overly large tag values */
+        if (tag_out->tagnum > ASN1_TAGNUM_MAX)
+            return ASN1_OVERFLOW;
+    }
+
+    if (len == 0)
+        return ASN1_OVERRUN;
+    o = *asn1++;
+    len--;
+
+    if ((o & 0x80) == 0) {
+        /* Short form (first octet gives content length). */
+        if (o > len)
+            return ASN1_OVERRUN;
+        *contents_out = asn1;
+        *clen_out = o;
+        *remainder_out = asn1 + *clen_out;
+        *rlen_out = len - (*remainder_out - asn1);
+    } else {
+        /* Long form (first octet gives number of base-256 length octets). */
+        llen = o & 0x7F;
+        if (llen > len)
+            return ASN1_OVERRUN;
+        if (llen > sizeof(*clen_out))
+            return ASN1_OVERFLOW;
+        if (llen == 0)
+            return ASN1_INDEF;
+        for (i = 0, clen = 0; i < llen; i++)
+            clen = (clen << 8) | asn1[i];
+        if (clen > len - llen)
+            return ASN1_OVERRUN;
+        *contents_out = asn1 + llen;
+        *clen_out = clen;
+        *remainder_out = *contents_out + clen;
+        *rlen_out = len - (*remainder_out - asn1);
+    }
+    tag_out->tag_len = *contents_out - tag_start;
+    return 0;
+}
+
+#ifdef POINTERS_ARE_ALL_THE_SAME
+#define LOADPTR(PTR, TYPE) (*(const void *const *)(PTR))
+#define STOREPTR(PTR, TYPE, VAL) (*(void **)(VAL) = (PTR))
+#else
+#define LOADPTR(PTR, PTRINFO)                                           \
+    (assert((PTRINFO)->loadptr != NULL), (PTRINFO)->loadptr(PTR))
+#define STOREPTR(PTR, PTRINFO, VAL)                                     \
+    (assert((PTRINFO)->storeptr != NULL), (PTRINFO)->storeptr(PTR, VAL))
+#endif
+
+static size_t
+get_nullterm_sequence_len(const void *valp, const struct atype_info *seq)
+{
+    size_t i;
+    const struct atype_info *a;
+    const struct ptr_info *ptr;
+    const void *elt, *eltptr;
+
+    a = seq;
+    i = 0;
+    assert(a->type == atype_ptr);
+    assert(seq->size != 0);
+    ptr = a->tinfo;
+
+    while (1) {
+        eltptr = (const char *)valp + i * seq->size;
+        elt = LOADPTR(eltptr, ptr);
+        if (elt == NULL)
+            break;
+        i++;
+    }
+    return i;
+}
+static krb5_error_code
+encode_sequence_of(asn1buf *buf, size_t seqlen, const void *val,
+                   const struct atype_info *eltinfo);
+
+static krb5_error_code
+encode_nullterm_sequence_of(asn1buf *buf, const void *val,
+                            const struct atype_info *type, int can_be_empty)
+{
+    size_t len = get_nullterm_sequence_len(val, type);
+
+    if (!can_be_empty && len == 0)
+        return ASN1_MISSING_FIELD;
+    return encode_sequence_of(buf, len, val, type);
+}
+
+static intmax_t
+load_int(const void *val, size_t size)
+{
+    switch (size) {
+    case 1: return *(int8_t *)val;
+    case 2: return *(int16_t *)val;
+    case 4: return *(int32_t *)val;
+    case 8: return *(int64_t *)val;
+    default: abort();
+    }
+}
+
+static uintmax_t
+load_uint(const void *val, size_t size)
+{
+    switch (size) {
+    case 1: return *(uint8_t *)val;
+    case 2: return *(uint16_t *)val;
+    case 4: return *(uint32_t *)val;
+    case 8: return *(uint64_t *)val;
+    default: abort();
+    }
+}
+
+static krb5_error_code
+load_count(const void *val, const struct counted_info *counted,
+           size_t *count_out)
+{
+    const void *countptr = (const char *)val + counted->lenoff;
+
+    assert(sizeof(size_t) <= sizeof(uintmax_t));
+    if (counted->lensigned) {
+        intmax_t xlen = load_int(countptr, counted->lensize);
+        if (xlen < 0 || (uintmax_t)xlen > SIZE_MAX)
+            return EINVAL;
+        *count_out = xlen;
+    } else {
+        uintmax_t xlen = load_uint(countptr, counted->lensize);
+        if ((size_t)xlen != xlen || xlen > SIZE_MAX)
+            return EINVAL;
+        *count_out = xlen;
+    }
+    return 0;
+}
+
+static krb5_error_code
+store_int(intmax_t intval, size_t size, void *val)
+{
+    switch (size) {
+    case 1:
+        if ((int8_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(int8_t *)val = intval;
+        return 0;
+    case 2:
+        if ((int16_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(int16_t *)val = intval;
+        return 0;
+    case 4:
+        if ((int32_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(int32_t *)val = intval;
+        return 0;
+    case 8:
+        if ((int64_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(int64_t *)val = intval;
+        return 0;
+    default:
+        abort();
+    }
+}
+
+static krb5_error_code
+store_uint(uintmax_t intval, size_t size, void *val)
+{
+    switch (size) {
+    case 1:
+        if ((uint8_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(uint8_t *)val = intval;
+        return 0;
+    case 2:
+        if ((uint16_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(uint16_t *)val = intval;
+        return 0;
+    case 4:
+        if ((uint32_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(uint32_t *)val = intval;
+        return 0;
+    case 8:
+        if ((uint64_t)intval != intval)
+            return ASN1_OVERFLOW;
+        *(uint64_t *)val = intval;
+        return 0;
+    default:
+        abort();
+    }
+}
+
+/* Store a count value in an integer field of a structure.  If count is
+ * SIZE_MAX and the target is a signed field, store -1. */
+static krb5_error_code
+store_count(size_t count, const struct counted_info *counted, void *val)
+{
+    void *countptr = (char *)val + counted->lenoff;
+
+    if (counted->lensigned) {
+        if (count == SIZE_MAX)
+            return store_int(-1, counted->lensize, countptr);
+        else if ((intmax_t)count < 0)
+            return ASN1_OVERFLOW;
+        else
+            return store_int(count, counted->lensize, countptr);
+    } else
+        return store_uint(count, counted->lensize, countptr);
+}
+
+/* Split a DER encoding into tag and contents.  Insert the contents into buf,
+ * then return the length of the contents and the tag. */
+static krb5_error_code
+split_der(asn1buf *buf, uint8_t *const *der, size_t len, taginfo *tag_out)
+{
+    krb5_error_code ret;
+    const uint8_t *contents, *remainder;
+    size_t clen, rlen;
+
+    ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen);
+    if (ret)
+        return ret;
+    if (rlen != 0)
+        return ASN1_BAD_LENGTH;
+    insert_bytes(buf, contents, clen);
+    return 0;
+}
+
+/*
+ * Store the DER encoding given by t and asn1/len into the char * or
+ * uint8_t * pointed to by val.  Set *count_out to the length of the
+ * DER encoding.
+ */
+static krb5_error_code
+store_der(const taginfo *t, const uint8_t *asn1, size_t len, void *val,
+          size_t *count_out)
+{
+    uint8_t *der;
+    size_t der_len;
+
+    *count_out = 0;
+    der_len = t->tag_len + len;
+    der = malloc(der_len);
+    if (der == NULL)
+        return ENOMEM;
+    memcpy(der, asn1 - t->tag_len, der_len);
+    *(uint8_t **)val = der;
+    *count_out = der_len;
+    return 0;
+}
+
+static krb5_error_code
+encode_sequence(asn1buf *buf, const void *val, const struct seq_info *seq);
+static krb5_error_code
+encode_cntype(asn1buf *buf, const void *val, size_t len,
+              const struct cntype_info *c, taginfo *tag_out);
+
+/* Encode a value (contents only, no outer tag) according to a type, and return
+ * its encoded tag information. */
+static krb5_error_code
+encode_atype(asn1buf *buf, const void *val, const struct atype_info *a,
+             taginfo *tag_out)
+{
+    krb5_error_code ret;
+
+    if (val == NULL)
+        return ASN1_MISSING_FIELD;
+
+    switch (a->type) {
+    case atype_fn: {
+        const struct fn_info *fn = a->tinfo;
+        assert(fn->enc != NULL);
+        return fn->enc(buf, val, tag_out);
+    }
+    case atype_sequence:
+        assert(a->tinfo != NULL);
+        ret = encode_sequence(buf, val, a->tinfo);
+        if (ret)
+            return ret;
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = CONSTRUCTED;
+        tag_out->tagnum = ASN1_SEQUENCE;
+        break;
+    case atype_ptr: {
+        const struct ptr_info *ptr = a->tinfo;
+        assert(ptr->basetype != NULL);
+        return encode_atype(buf, LOADPTR(val, ptr), ptr->basetype, tag_out);
+    }
+    case atype_offset: {
+        const struct offset_info *off = a->tinfo;
+        assert(off->basetype != NULL);
+        return encode_atype(buf, (const char *)val + off->dataoff,
+                            off->basetype, tag_out);
+    }
+    case atype_optional: {
+        const struct optional_info *opt = a->tinfo;
+        assert(opt->is_present != NULL);
+        if (opt->is_present(val))
+            return encode_atype(buf, val, opt->basetype, tag_out);
+        else
+            return ASN1_OMITTED;
+    }
+    case atype_counted: {
+        const struct counted_info *counted = a->tinfo;
+        const void *dataptr = (const char *)val + counted->dataoff;
+        size_t count;
+        assert(counted->basetype != NULL);
+        ret = load_count(val, counted, &count);
+        if (ret)
+            return ret;
+        return encode_cntype(buf, dataptr, count, counted->basetype, tag_out);
+    }
+    case atype_nullterm_sequence_of:
+    case atype_nonempty_nullterm_sequence_of:
+        assert(a->tinfo != NULL);
+        ret = encode_nullterm_sequence_of(buf, val, a->tinfo,
+                                          a->type ==
+                                          atype_nullterm_sequence_of);
+        if (ret)
+            return ret;
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = CONSTRUCTED;
+        tag_out->tagnum = ASN1_SEQUENCE;
+        break;
+    case atype_tagged_thing: {
+        const struct tagged_info *tag = a->tinfo;
+        size_t oldcount = buf->count;
+        ret = encode_atype(buf, val, tag->basetype, tag_out);
+        if (ret)
+            return ret;
+        if (!tag->implicit) {
+            ret = make_tag(buf, tag_out, buf->count - oldcount);
+            if (ret)
+                return ret;
+            tag_out->construction = tag->construction;
+        }
+        tag_out->asn1class = tag->tagtype;
+        tag_out->tagnum = tag->tagval;
+        break;
+    }
+    case atype_bool:
+        k5_asn1_encode_bool(buf, load_int(val, a->size));
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = PRIMITIVE;
+        tag_out->tagnum = ASN1_BOOLEAN;
+        break;
+    case atype_int:
+        k5_asn1_encode_int(buf, load_int(val, a->size));
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = PRIMITIVE;
+        tag_out->tagnum = ASN1_INTEGER;
+        break;
+    case atype_uint:
+        k5_asn1_encode_uint(buf, load_uint(val, a->size));
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = PRIMITIVE;
+        tag_out->tagnum = ASN1_INTEGER;
+        break;
+    case atype_int_immediate: {
+        const struct immediate_info *imm = a->tinfo;
+        k5_asn1_encode_int(buf, imm->val);
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = PRIMITIVE;
+        tag_out->tagnum = ASN1_INTEGER;
+        break;
+    }
+    default:
+        assert(a->type > atype_min);
+        assert(a->type < atype_max);
+        abort();
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+encode_atype_and_tag(asn1buf *buf, const void *val, const struct atype_info *a)
+{
+    taginfo t;
+    krb5_error_code ret;
+    size_t oldcount = buf->count;
+
+    ret = encode_atype(buf, val, a, &t);
+    if (ret)
+        return ret;
+    ret = make_tag(buf, &t, buf->count - oldcount);
+    if (ret)
+        return ret;
+    return 0;
+}
+
+/*
+ * Encode an object and count according to a cntype_info structure.  val is a
+ * pointer to the object being encoded, which in most cases is itself a
+ * pointer (but is a union in the cntype_choice case).
+ */
+static krb5_error_code
+encode_cntype(asn1buf *buf, const void *val, size_t count,
+              const struct cntype_info *c, taginfo *tag_out)
+{
+    krb5_error_code ret;
+
+    switch (c->type) {
+    case cntype_string: {
+        const struct string_info *string = c->tinfo;
+        assert(string->enc != NULL);
+        ret = string->enc(buf, val, count);
+        if (ret)
+            return ret;
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = PRIMITIVE;
+        tag_out->tagnum = string->tagval;
+        break;
+    }
+    case cntype_der:
+        return split_der(buf, val, count, tag_out);
+    case cntype_seqof: {
+        const struct atype_info *a = c->tinfo;
+        const struct ptr_info *ptr = a->tinfo;
+        assert(a->type == atype_ptr);
+        val = LOADPTR(val, ptr);
+        ret = encode_sequence_of(buf, count, val, ptr->basetype);
+        if (ret)
+            return ret;
+        tag_out->asn1class = UNIVERSAL;
+        tag_out->construction = CONSTRUCTED;
+        tag_out->tagnum = ASN1_SEQUENCE;
+        break;
+    }
+    case cntype_choice: {
+        const struct choice_info *choice = c->tinfo;
+        if (count >= choice->n_options)
+            return ASN1_MISSING_FIELD;
+        return encode_atype(buf, val, choice->options[count], tag_out);
+    }
+
+    default:
+        assert(c->type > cntype_min);
+        assert(c->type < cntype_max);
+        abort();
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+encode_sequence(asn1buf *buf, const void *val, const struct seq_info *seq)
+{
+    krb5_error_code ret;
+    size_t i;
+
+    for (i = seq->n_fields; i > 0; i--) {
+        ret = encode_atype_and_tag(buf, val, seq->fields[i - 1]);
+        if (ret == ASN1_OMITTED)
+            continue;
+        else if (ret != 0)
+            return ret;
+    }
+    return 0;
+}
+
+static krb5_error_code
+encode_sequence_of(asn1buf *buf, size_t seqlen, const void *val,
+                   const struct atype_info *eltinfo)
+{
+    krb5_error_code ret;
+    size_t i;
+    const void *eltptr;
+
+    assert(eltinfo->size != 0);
+    for (i = seqlen; i > 0; i--) {
+        eltptr = (const char *)val + (i - 1) * eltinfo->size;
+        ret = encode_atype_and_tag(buf, eltptr, eltinfo);
+        if (ret)
+            return ret;
+    }
+    return 0;
+}
+
+/**** Functions for freeing C objects based on type info ****/
+
+static void free_atype_ptr(const struct atype_info *a, void *val);
+static void free_sequence(const struct seq_info *seq, void *val);
+static void free_sequence_of(const struct atype_info *eltinfo, void *val,
+                             size_t count);
+static void free_cntype(const struct cntype_info *a, void *val, size_t count);
+
+/*
+ * Free a C object according to a type description.  Do not free pointers at
+ * the first level; they may be referenced by other fields of a sequence, and
+ * will be freed by free_atype_ptr in a second pass.
+ */
+static void
+free_atype(const struct atype_info *a, void *val)
+{
+    switch (a->type) {
+    case atype_fn: {
+        const struct fn_info *fn = a->tinfo;
+        if (fn->free_func != NULL)
+            fn->free_func(val);
+        break;
+    }
+    case atype_sequence:
+        free_sequence(a->tinfo, val);
+        break;
+    case atype_ptr: {
+        const struct ptr_info *ptrinfo = a->tinfo;
+        void *ptr = LOADPTR(val, ptrinfo);
+        if (ptr != NULL) {
+            free_atype(ptrinfo->basetype, ptr);
+            free_atype_ptr(ptrinfo->basetype, ptr);
+        }
+        break;
+    }
+    case atype_offset: {
+        const struct offset_info *off = a->tinfo;
+        assert(off->basetype != NULL);
+        free_atype(off->basetype, (char *)val + off->dataoff);
+        break;
+    }
+    case atype_optional: {
+        const struct optional_info *opt = a->tinfo;
+        free_atype(opt->basetype, val);
+        break;
+    }
+    case atype_counted: {
+        const struct counted_info *counted = a->tinfo;
+        void *dataptr = (char *)val + counted->dataoff;
+        size_t count;
+        if (load_count(val, counted, &count) == 0)
+            free_cntype(counted->basetype, dataptr, count);
+        break;
+    }
+    case atype_nullterm_sequence_of:
+    case atype_nonempty_nullterm_sequence_of: {
+        size_t count = get_nullterm_sequence_len(val, a->tinfo);
+        free_sequence_of(a->tinfo, val, count);
+        break;
+    }
+    case atype_tagged_thing: {
+        const struct tagged_info *tag = a->tinfo;
+        free_atype(tag->basetype, val);
+        break;
+    }
+    case atype_bool:
+    case atype_int:
+    case atype_uint:
+    case atype_int_immediate:
+        break;
+    default:
+        abort();
+    }
+}
+
+static void
+free_atype_ptr(const struct atype_info *a, void *val)
+{
+    switch (a->type) {
+    case atype_fn:
+    case atype_sequence:
+    case atype_counted:
+    case atype_nullterm_sequence_of:
+    case atype_nonempty_nullterm_sequence_of:
+    case atype_bool:
+    case atype_int:
+    case atype_uint:
+    case atype_int_immediate:
+         break;
+    case atype_ptr: {
+        const struct ptr_info *ptrinfo = a->tinfo;
+        void *ptr = LOADPTR(val, ptrinfo);
+        free(ptr);
+        STOREPTR(NULL, ptrinfo, val);
+        break;
+    }
+    case atype_offset: {
+        const struct offset_info *off = a->tinfo;
+        assert(off->basetype != NULL);
+        free_atype_ptr(off->basetype, (char *)val + off->dataoff);
+        break;
+    }
+    case atype_optional: {
+        const struct optional_info *opt = a->tinfo;
+        free_atype_ptr(opt->basetype, val);
+        break;
+    }
+    case atype_tagged_thing: {
+        const struct tagged_info *tag = a->tinfo;
+        free_atype_ptr(tag->basetype, val);
+        break;
+    }
+    default:
+        abort();
+    }
+}
+
+static void
+free_cntype(const struct cntype_info *c, void *val, size_t count)
+{
+    switch (c->type) {
+    case cntype_string:
+    case cntype_der:
+        free(*(char **)val);
+        *(char **)val = NULL;
+        break;
+    case cntype_seqof: {
+        const struct atype_info *a = c->tinfo;
+        const struct ptr_info *ptrinfo = a->tinfo;
+        void *seqptr = LOADPTR(val, ptrinfo);
+        free_sequence_of(ptrinfo->basetype, seqptr, count);
+        free(seqptr);
+        STOREPTR(NULL, ptrinfo, val);
+        break;
+    }
+    case cntype_choice: {
+        const struct choice_info *choice = c->tinfo;
+        if (count < choice->n_options) {
+            free_atype(choice->options[count], val);
+            free_atype_ptr(choice->options[count], val);
+        }
+        break;
+    }
+    default:
+        abort();
+    }
+}
+
+static void
+free_sequence(const struct seq_info *seq, void *val)
+{
+    size_t i;
+
+    for (i = 0; i < seq->n_fields; i++)
+        free_atype(seq->fields[i], val);
+    for (i = 0; i < seq->n_fields; i++)
+        free_atype_ptr(seq->fields[i], val);
+}
+
+static void
+free_sequence_of(const struct atype_info *eltinfo, void *val, size_t count)
+{
+    void *eltptr;
+
+    assert(eltinfo->size != 0);
+    while (count-- > 0) {
+        eltptr = (char *)val + count * eltinfo->size;
+        free_atype(eltinfo, eltptr);
+        free_atype_ptr(eltinfo, eltptr);
+    }
+}
+
+/**** Functions for decoding objects based on type info ****/
+
+/* Return nonzero if t is an expected tag for an ASN.1 object of type a. */
+static int
+check_atype_tag(const struct atype_info *a, const taginfo *t)
+{
+    switch (a->type) {
+    case atype_fn: {
+        const struct fn_info *fn = a->tinfo;
+        assert(fn->check_tag != NULL);
+        return fn->check_tag(t);
+    }
+    case atype_sequence:
+    case atype_nullterm_sequence_of:
+    case atype_nonempty_nullterm_sequence_of:
+        return (t->asn1class == UNIVERSAL && t->construction == CONSTRUCTED &&
+                t->tagnum == ASN1_SEQUENCE);
+    case atype_ptr: {
+        const struct ptr_info *ptrinfo = a->tinfo;
+        return check_atype_tag(ptrinfo->basetype, t);
+    }
+    case atype_offset: {
+        const struct offset_info *off = a->tinfo;
+        return check_atype_tag(off->basetype, t);
+    }
+    case atype_optional: {
+        const struct optional_info *opt = a->tinfo;
+        return check_atype_tag(opt->basetype, t);
+    }
+    case atype_counted: {
+        const struct counted_info *counted = a->tinfo;
+        switch (counted->basetype->type) {
+        case cntype_string: {
+            const struct string_info *string = counted->basetype->tinfo;
+            return (t->asn1class == UNIVERSAL &&
+                    t->construction == PRIMITIVE &&
+                    t->tagnum == string->tagval);
+        }
+        case cntype_seqof:
+            return (t->asn1class == UNIVERSAL &&
+                    t->construction == CONSTRUCTED &&
+                    t->tagnum == ASN1_SEQUENCE);
+        case cntype_der:
+            /*
+             * We treat any tag as matching a stored DER encoding.  In some
+             * cases we know what the tag should be; in others, we truly want
+             * to accept any tag.  If it ever becomes an issue, we could add
+             * optional tag info to the type and check it here.
+             */
+            return 1;
+        case cntype_choice:
+            /*
+             * ASN.1 choices may or may not be extensible.  For now, we treat
+             * all choices as extensible and match any tag.  We should consider
+             * modeling whether choices are extensible before making the
+             * encoder visible to plugins.
+             */
+            return 1;
+        default:
+            abort();
+        }
+    }
+    case atype_tagged_thing: {
+        const struct tagged_info *tag = a->tinfo;
+        /* NOTE: Doesn't check construction bit for implicit tags. */
+        if (!tag->implicit && t->construction != tag->construction)
+            return 0;
+        return (t->asn1class == tag->tagtype && t->tagnum == tag->tagval);
+    }
+    case atype_bool:
+        return (t->asn1class == UNIVERSAL && t->construction == PRIMITIVE &&
+                t->tagnum == ASN1_BOOLEAN);
+    case atype_int:
+    case atype_uint:
+    case atype_int_immediate:
+        return (t->asn1class == UNIVERSAL && t->construction == PRIMITIVE &&
+                t->tagnum == ASN1_INTEGER);
+    default:
+        abort();
+    }
+}
+
+static krb5_error_code
+decode_cntype(const taginfo *t, const uint8_t *asn1, size_t len,
+              const struct cntype_info *c, void *val, size_t *count_out);
+static krb5_error_code
+decode_atype_to_ptr(const taginfo *t, const uint8_t *asn1, size_t len,
+                    const struct atype_info *basetype, void **ptr_out);
+static krb5_error_code
+decode_sequence(const uint8_t *asn1, size_t len, const struct seq_info *seq,
+                void *val);
+static krb5_error_code
+decode_sequence_of(const uint8_t *asn1, size_t len,
+                   const struct atype_info *elemtype, void **seq_out,
+                   size_t *count_out);
+
+/* Given the enclosing tag t, decode from asn1/len the contents of the ASN.1
+ * type specified by a, placing the result into val (caller-allocated). */
+static krb5_error_code
+decode_atype(const taginfo *t, const uint8_t *asn1, size_t len,
+             const struct atype_info *a, void *val)
+{
+    krb5_error_code ret;
+
+    switch (a->type) {
+    case atype_fn: {
+        const struct fn_info *fn = a->tinfo;
+        assert(fn->dec != NULL);
+        return fn->dec(t, asn1, len, val);
+    }
+    case atype_sequence:
+        return decode_sequence(asn1, len, a->tinfo, val);
+    case atype_ptr: {
+        const struct ptr_info *ptrinfo = a->tinfo;
+        void *ptr = LOADPTR(val, ptrinfo);
+        assert(ptrinfo->basetype != NULL);
+        if (ptr != NULL) {
+            /* Container was already allocated by a previous sequence field. */
+            return decode_atype(t, asn1, len, ptrinfo->basetype, ptr);
+        } else {
+            ret = decode_atype_to_ptr(t, asn1, len, ptrinfo->basetype, &ptr);
+            if (ret)
+                return ret;
+            STOREPTR(ptr, ptrinfo, val);
+            break;
+        }
+    }
+    case atype_offset: {
+        const struct offset_info *off = a->tinfo;
+        assert(off->basetype != NULL);
+        return decode_atype(t, asn1, len, off->basetype,
+                            (char *)val + off->dataoff);
+    }
+    case atype_optional: {
+        const struct optional_info *opt = a->tinfo;
+        return decode_atype(t, asn1, len, opt->basetype, val);
+    }
+    case atype_counted: {
+        const struct counted_info *counted = a->tinfo;
+        void *dataptr = (char *)val + counted->dataoff;
+        size_t count;
+        assert(counted->basetype != NULL);
+        ret = decode_cntype(t, asn1, len, counted->basetype, dataptr, &count);
+        if (ret)
+            return ret;
+        return store_count(count, counted, val);
+    }
+    case atype_tagged_thing: {
+        const struct tagged_info *tag = a->tinfo;
+        taginfo inner_tag;
+        const taginfo *tp = t;
+        const uint8_t *rem;
+        size_t rlen;
+        if (!tag->implicit) {
+            ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen);
+            if (ret)
+                return ret;
+            if (rlen)
+                return ASN1_BAD_LENGTH;
+            tp = &inner_tag;
+            if (!check_atype_tag(tag->basetype, tp))
+                return ASN1_BAD_ID;
+        }
+        return decode_atype(tp, asn1, len, tag->basetype, val);
+    }
+    case atype_bool: {
+        intmax_t intval;
+        ret = k5_asn1_decode_bool(asn1, len, &intval);
+        if (ret)
+            return ret;
+        return store_int(intval, a->size, val);
+    }
+    case atype_int: {
+        intmax_t intval;
+        ret = k5_asn1_decode_int(asn1, len, &intval);
+        if (ret)
+            return ret;
+        return store_int(intval, a->size, val);
+    }
+    case atype_uint: {
+        uintmax_t intval;
+        ret = k5_asn1_decode_uint(asn1, len, &intval);
+        if (ret)
+            return ret;
+        return store_uint(intval, a->size, val);
+    }
+    case atype_int_immediate: {
+        const struct immediate_info *imm = a->tinfo;
+        intmax_t intval;
+        ret = k5_asn1_decode_int(asn1, len, &intval);
+        if (ret)
+            return ret;
+        if (intval != imm->val && imm->err != 0)
+            return imm->err;
+        break;
+    }
+    default:
+        /* Null-terminated sequence types are handled in decode_atype_to_ptr,
+         * since they create variable-sized objects. */
+        assert(a->type != atype_nullterm_sequence_of);
+        assert(a->type != atype_nonempty_nullterm_sequence_of);
+        assert(a->type > atype_min);
+        assert(a->type < atype_max);
+        abort();
+    }
+    return 0;
+}
+
+/*
+ * Given the enclosing tag t, decode from asn1/len the contents of the
+ * ASN.1 type described by c, placing the counted result into val/count_out.
+ * If the resulting count should be -1 (for an unknown union distinguisher),
+ * set *count_out to SIZE_MAX.
+ */
+static krb5_error_code
+decode_cntype(const taginfo *t, const uint8_t *asn1, size_t len,
+              const struct cntype_info *c, void *val, size_t *count_out)
+{
+    krb5_error_code ret;
+
+    switch (c->type) {
+    case cntype_string: {
+        const struct string_info *string = c->tinfo;
+        assert(string->dec != NULL);
+        return string->dec(asn1, len, val, count_out);
+    }
+    case cntype_der:
+        return store_der(t, asn1, len, val, count_out);
+    case cntype_seqof: {
+        const struct atype_info *a = c->tinfo;
+        const struct ptr_info *ptrinfo = a->tinfo;
+        void *seq;
+        assert(a->type == atype_ptr);
+        ret = decode_sequence_of(asn1, len, ptrinfo->basetype, &seq,
+                                 count_out);
+        if (ret)
+            return ret;
+        STOREPTR(seq, ptrinfo, val);
+        break;
+    }
+    case cntype_choice: {
+        const struct choice_info *choice = c->tinfo;
+        size_t i;
+        for (i = 0; i < choice->n_options; i++) {
+            if (check_atype_tag(choice->options[i], t)) {
+                ret = decode_atype(t, asn1, len, choice->options[i], val);
+                if (ret)
+                    return ret;
+                *count_out = i;
+                return 0;
+            }
+        }
+        /* SIZE_MAX will be stored as -1 in the distinguisher.  If we start
+         * modeling non-extensible choices we should check that here. */
+        *count_out = SIZE_MAX;
+        break;
+    }
+    default:
+        assert(c->type > cntype_min);
+        assert(c->type < cntype_max);
+        abort();
+    }
+    return 0;
+}
+
+/* Add a null pointer to the end of a sequence.  ptr is consumed on success
+ * (to be replaced by *ptr_out), left alone on failure. */
+static krb5_error_code
+null_terminate(const struct atype_info *eltinfo, void *ptr, size_t count,
+               void **ptr_out)
+{
+    const struct ptr_info *ptrinfo = eltinfo->tinfo;
+    void *endptr;
+
+    assert(eltinfo->type == atype_ptr);
+    ptr = realloc(ptr, (count + 1) * eltinfo->size);
+    if (ptr == NULL)
+        return ENOMEM;
+    endptr = (char *)ptr + count * eltinfo->size;
+    STOREPTR(NULL, ptrinfo, endptr);
+    *ptr_out = ptr;
+    return 0;
+}
+
+static krb5_error_code
+decode_atype_to_ptr(const taginfo *t, const uint8_t *asn1, size_t len,
+                    const struct atype_info *a, void **ptr_out)
+{
+    krb5_error_code ret;
+    void *ptr;
+    size_t count;
+
+    *ptr_out = NULL;
+    switch (a->type) {
+    case atype_nullterm_sequence_of:
+    case atype_nonempty_nullterm_sequence_of:
+        ret = decode_sequence_of(asn1, len, a->tinfo, &ptr, &count);
+        if (ret)
+            return ret;
+        ret = null_terminate(a->tinfo, ptr, count, &ptr);
+        if (ret) {
+            free_sequence_of(a->tinfo, ptr, count);
+            return ret;
+        }
+        /* Historically we do not enforce non-emptiness of sequences when
+         * decoding, even when it is required by the ASN.1 type. */
+        break;
+    default:
+        ptr = calloc(a->size, 1);
+        if (ptr == NULL)
+            return ENOMEM;
+        ret = decode_atype(t, asn1, len, a, ptr);
+        if (ret) {
+            free(ptr);
+            return ret;
+        }
+        break;
+    }
+    *ptr_out = ptr;
+    return 0;
+}
+
+/* Initialize a C object when the corresponding ASN.1 type was omitted within a
+ * sequence.  If the ASN.1 type is not optional, return ASN1_MISSING_FIELD. */
+static krb5_error_code
+omit_atype(const struct atype_info *a, void *val)
+{
+    switch (a->type)
+    {
+    case atype_fn:
+    case atype_sequence:
+    case atype_nullterm_sequence_of:
+    case atype_nonempty_nullterm_sequence_of:
+    case atype_counted:
+    case atype_bool:
+    case atype_int:
+    case atype_uint:
+    case atype_int_immediate:
+        return ASN1_MISSING_FIELD;
+    case atype_ptr: {
+        const struct ptr_info *ptrinfo = a->tinfo;
+        return omit_atype(ptrinfo->basetype, val);
+    }
+    case atype_offset: {
+        const struct offset_info *off = a->tinfo;
+        return omit_atype(off->basetype, (char *)val + off->dataoff);
+    }
+    case atype_tagged_thing: {
+        const struct tagged_info *tag = a->tinfo;
+        return omit_atype(tag->basetype, val);
+    }
+    case atype_optional: {
+        const struct optional_info *opt = a->tinfo;
+        if (opt->init != NULL)
+            opt->init(val);
+        return 0;
+    }
+    default:
+        abort();
+    }
+}
+
+/* Decode an ASN.1 sequence into a C object. */
+static krb5_error_code
+decode_sequence(const uint8_t *asn1, size_t len, const struct seq_info *seq,
+                void *val)
+{
+    krb5_error_code ret;
+    const uint8_t *contents;
+    size_t i, j, clen;
+    taginfo t;
+
+    assert(seq->n_fields > 0);
+    for (i = 0; i < seq->n_fields; i++) {
+        if (len == 0)
+            break;
+        ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
+        if (ret)
+            goto error;
+        /*
+         * Find the applicable sequence field.  This logic is a little
+         * oversimplified; we could match an element to an optional extensible
+         * choice or optional stored-DER type when we ought to match a
+         * subsequent non-optional field.  But it's unwise and (hopefully) very
+         * rare for ASN.1 modules to require such precision.
+         */
+        for (; i < seq->n_fields; i++) {
+            if (check_atype_tag(seq->fields[i], &t))
+                break;
+            ret = omit_atype(seq->fields[i], val);
+            if (ret)
+                goto error;
+        }
+        /* We currently model all sequences as extensible.  We should consider
+         * changing this before making the encoder visible to plugins. */
+        if (i == seq->n_fields)
+            break;
+        ret = decode_atype(&t, contents, clen, seq->fields[i], val);
+        if (ret)
+            goto error;
+    }
+    /* Initialize any fields in the C object which were not accounted for in
+     * the sequence.  Error out if any of them aren't optional. */
+    for (; i < seq->n_fields; i++) {
+        ret = omit_atype(seq->fields[i], val);
+        if (ret)
+            goto error;
+    }
+    return 0;
+
+error:
+    /* Free what we've decoded so far.  Free pointers in a second pass in
+     * case multiple fields refer to the same pointer. */
+    for (j = 0; j < i; j++)
+        free_atype(seq->fields[j], val);
+    for (j = 0; j < i; j++)
+        free_atype_ptr(seq->fields[j], val);
+    return ret;
+}
+
+static krb5_error_code
+decode_sequence_of(const uint8_t *asn1, size_t len,
+                   const struct atype_info *elemtype, void **seq_out,
+                   size_t *count_out)
+{
+    krb5_error_code ret;
+    void *seq = NULL, *elem, *newseq;
+    const uint8_t *contents;
+    size_t clen, count = 0;
+    taginfo t;
+
+    *seq_out = NULL;
+    *count_out = 0;
+    while (len > 0) {
+        ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
+        if (ret)
+            goto error;
+        if (!check_atype_tag(elemtype, &t)) {
+            ret = ASN1_BAD_ID;
+            goto error;
+        }
+        newseq = realloc(seq, (count + 1) * elemtype->size);
+        if (newseq == NULL) {
+            ret = ENOMEM;
+            goto error;
+        }
+        seq = newseq;
+        elem = (char *)seq + count * elemtype->size;
+        memset(elem, 0, elemtype->size);
+        ret = decode_atype(&t, contents, clen, elemtype, elem);
+        if (ret)
+            goto error;
+        count++;
+    }
+    *seq_out = seq;
+    *count_out = count;
+    return 0;
+
+error:
+    free_sequence_of(elemtype, seq, count);
+    free(seq);
+    return ret;
+}
+
+/* These three entry points are only needed for the kdc_req_body hack and may
+ * go away at some point.  Define them here so we can use short names above. */
+
+krb5_error_code
+k5_asn1_encode_atype(asn1buf *buf, const void *val, const struct atype_info *a,
+                     taginfo *tag_out)
+{
+    return encode_atype(buf, val, a, tag_out);
+}
+
+krb5_error_code
+k5_asn1_decode_atype(const taginfo *t, const uint8_t *asn1, size_t len,
+                     const struct atype_info *a, void *val)
+{
+    return decode_atype(t, asn1, len, a, val);
+}
+
+krb5_error_code
+k5_asn1_full_encode(const void *rep, const struct atype_info *a,
+                    krb5_data **code_out)
+{
+    krb5_error_code ret;
+    asn1buf buf;
+    krb5_data *d;
+    uint8_t *bytes;
+
+    *code_out = NULL;
+
+    if (rep == NULL)
+        return ASN1_MISSING_FIELD;
+
+    /* Make a first pass over rep to count the encoding size. */
+    buf.ptr = NULL;
+    buf.count = 0;
+    ret = encode_atype_and_tag(&buf, rep, a);
+    if (ret)
+        return ret;
+
+    /* Allocate space for the encoding. */
+    bytes = malloc(buf.count + 1);
+    if (bytes == NULL)
+        return ENOMEM;
+    bytes[buf.count] = 0;
+
+    /* Make a second pass over rep to encode it.  buf.ptr moves backwards as we
+     * encode, and will always exactly return to the base. */
+    buf.ptr = bytes + buf.count;
+    buf.count = 0;
+    ret = encode_atype_and_tag(&buf, rep, a);
+    if (ret) {
+        free(bytes);
+        return ret;
+    }
+    assert(buf.ptr == bytes);
+
+    /* Create the output data object. */
+    *code_out = malloc(sizeof(*d));
+    if (*code_out == NULL) {
+        free(bytes);
+        return ENOMEM;
+    }
+    **code_out = make_data(bytes, buf.count);
+    return 0;
+}
+
+krb5_error_code
+k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a,
+                    void **retrep)
+{
+    krb5_error_code ret;
+    const uint8_t *contents, *remainder;
+    size_t clen, rlen;
+    taginfo t;
+
+    *retrep = NULL;
+    ret = get_tag((uint8_t *)code->data, code->length, &t, &contents,
+                  &clen, &remainder, &rlen);
+    if (ret)
+        return ret;
+    /* rlen should be 0, but we don't check it (and due to padding in
+     * non-length-preserving enctypes, it will sometimes be nonzero). */
+    if (!check_atype_tag(a, &t))
+        return ASN1_BAD_ID;
+    return decode_atype_to_ptr(&t, contents, clen, a, retrep);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/asn1_encode.h b/krb5-1.21.3/src/lib/krb5/asn.1/asn1_encode.h
new file mode 100644
index 00000000..118f5cad
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/asn1_encode.h
@@ -0,0 +1,577 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/asn.1/asn1_encode.h */
+/*
+ * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __ASN1_ENCODE_H__
+#define __ASN1_ENCODE_H__
+
+#include "k5-int.h"
+#include "krbasn1.h"
+#include <time.h>
+
+typedef struct asn1buf_st asn1buf;
+
+typedef struct {
+    asn1_class asn1class;
+    asn1_construction construction;
+    asn1_tagnum tagnum;
+
+    /* When decoding, stores the leading length of a tag.  Used by
+     * store_der(). */
+    size_t tag_len;
+} taginfo;
+
+/* These functions are referenced by encoder structures.  They handle the
+ * encoding of primitive ASN.1 types. */
+void k5_asn1_encode_bool(asn1buf *buf, intmax_t val);
+void k5_asn1_encode_int(asn1buf *buf, intmax_t val);
+void k5_asn1_encode_uint(asn1buf *buf, uintmax_t val);
+krb5_error_code k5_asn1_encode_bytestring(asn1buf *buf, uint8_t *const *val,
+                                          size_t len);
+krb5_error_code k5_asn1_encode_bitstring(asn1buf *buf, uint8_t *const *val,
+                                         size_t len);
+krb5_error_code k5_asn1_encode_generaltime(asn1buf *buf, time_t val);
+
+/* These functions are referenced by encoder structures.  They handle the
+ * decoding of primitive ASN.1 types. */
+krb5_error_code k5_asn1_decode_bool(const uint8_t *asn1, size_t len,
+                                    intmax_t *val);
+krb5_error_code k5_asn1_decode_int(const uint8_t *asn1, size_t len,
+                                   intmax_t *val);
+krb5_error_code k5_asn1_decode_uint(const uint8_t *asn1, size_t len,
+                                    uintmax_t *val);
+krb5_error_code k5_asn1_decode_generaltime(const uint8_t *asn1, size_t len,
+                                           time_t *time_out);
+krb5_error_code k5_asn1_decode_bytestring(const uint8_t *asn1, size_t len,
+                                          uint8_t **str_out, size_t *len_out);
+krb5_error_code k5_asn1_decode_bitstring(const uint8_t *asn1, size_t len,
+                                         uint8_t **bits_out, size_t *len_out);
+
+/*
+ * An atype_info structure specifies how to map a C object to an ASN.1 value.
+ *
+ * We wind up with a lot of load-time relocations being done, which is
+ * a bit annoying.  Be careful about "fixing" that at the cost of too
+ * much run-time performance.  It might work to have a master "module"
+ * descriptor with pointers to various arrays (type descriptors,
+ * strings, field descriptors, functions) most of which don't need
+ * relocation themselves, and replace most of the pointers with table
+ * indices.
+ *
+ * It's a work in progress.
+ */
+
+enum atype_type {
+    /* For bounds checking only.  By starting with 2, we guarantee that
+     * zero-initialized storage will be recognized as invalid. */
+    atype_min = 1,
+    /* Use a function table to handle encoding or decoding.  tinfo is a struct
+     * fn_info *. */
+    atype_fn,
+    /* C object is a pointer to the object to be encoded or decoded.  tinfo is
+     * a struct ptr_info *. */
+    atype_ptr,
+    /* C object to be encoded or decoded is at an offset from the original
+     * pointer.  tinfo is a struct offset_info *. */
+    atype_offset,
+    /*
+     * Indicates a sequence field which may or may not be present in the C
+     * object or ASN.1 sequence.  tinfo is a struct optional_info *.  Must be
+     * used within a sequence, although the optional type may be nested within
+     * offset, ptr, and/or tag types.
+     */
+    atype_optional,
+    /*
+     * C object contains an integer and another C object at specified offsets,
+     * to be combined and encoded or decoded as specified by a cntype_info
+     * structure.  tinfo is a struct counted_info *.
+     */
+    atype_counted,
+    /* Sequence.  tinfo is a struct seq_info *. */
+    atype_sequence,
+    /*
+     * Sequence-of, with pointer to base type descriptor, represented as a
+     * null-terminated array of pointers (and thus the "base" type descriptor
+     * is actually an atype_ptr node).  tinfo is a struct atype_info * giving
+     * the base type.
+     */
+    atype_nullterm_sequence_of,
+    atype_nonempty_nullterm_sequence_of,
+    /* Tagged version of another type.  tinfo is a struct tagged_info *. */
+    atype_tagged_thing,
+    /* Boolean value.  tinfo is NULL (size field determines C type width). */
+    atype_bool,
+    /* Signed or unsigned integer.  tinfo is NULL. */
+    atype_int,
+    atype_uint,
+    /*
+     * Integer value taken from the type info, not from the object being
+     * encoded.  tinfo is a struct immediate_info * giving the integer value
+     * and error code to return if a decoded object doesn't match it (or 0 if
+     * the value shouldn't be checked on decode).
+     */
+    atype_int_immediate,
+    /* Unused except for bounds checking.  */
+    atype_max
+};
+
+struct atype_info {
+    enum atype_type type;
+    size_t size;                /* Used for sequence-of processing */
+    const void *tinfo;          /* Points to type-specific structure */
+};
+
+struct fn_info {
+    krb5_error_code (*enc)(asn1buf *, const void *, taginfo *);
+    krb5_error_code (*dec)(const taginfo *, const uint8_t *, size_t, void *);
+    int (*check_tag)(const taginfo *);
+    void (*free_func)(void *);
+};
+
+struct ptr_info {
+    void *(*loadptr)(const void *);
+    void (*storeptr)(void *, void *);
+    const struct atype_info *basetype;
+};
+
+struct offset_info {
+    unsigned int dataoff : 9;
+    const struct atype_info *basetype;
+};
+
+struct optional_info {
+    int (*is_present)(const void *);
+    void (*init)(void *);
+    const struct atype_info *basetype;
+};
+
+struct counted_info {
+    unsigned int dataoff : 9;
+    unsigned int lenoff : 9;
+    unsigned int lensigned : 1;
+    unsigned int lensize : 5;
+    const struct cntype_info *basetype;
+};
+
+struct tagged_info {
+    unsigned int tagval : 16, tagtype : 8, construction : 6, implicit : 1;
+    const struct atype_info *basetype;
+};
+
+struct immediate_info {
+    intmax_t val;
+    krb5_error_code err;
+};
+
+/* A cntype_info structure specifies how to map a C object and count (length or
+ * union distinguisher) to an ASN.1 value. */
+
+enum cntype_type {
+    cntype_min = 1,
+
+    /*
+     * Apply an encoder function (contents only) and wrap it in a universal
+     * primitive tag.  The C object must be a char * or uint8_t *.  tinfo
+     * is a struct string_info *.
+     */
+    cntype_string,
+
+    /*
+     * The C object is a DER encoding (with tag), to be simply inserted on
+     * encode or stored on decode.  The C object must be a char * or unsigned
+     * char *.  tinfo is NULL.
+     */
+    cntype_der,
+
+    /* An ASN.1 sequence-of value, represtened in C as a counted array.  struct
+     * atype_info * giving the base type, which must be of type atype_ptr. */
+    cntype_seqof,
+
+    /* An ASN.1 choice, represented in C as a distinguisher and union.  tinfo
+     * is a struct choice_info *. */
+    cntype_choice,
+
+    cntype_max
+};
+
+struct cntype_info {
+    enum cntype_type type;
+    const void *tinfo;
+};
+
+struct string_info {
+    krb5_error_code (*enc)(asn1buf *, uint8_t *const *, size_t);
+    krb5_error_code (*dec)(const uint8_t *, size_t, uint8_t **, size_t *);
+    unsigned int tagval : 5;
+};
+
+struct choice_info {
+    const struct atype_info **options;
+    size_t n_options;
+};
+
+struct seq_info {
+    const struct atype_info **fields;
+    size_t n_fields;
+    /* Currently all sequences are assumed to be extensible. */
+};
+
+/*
+ * The various DEF*TYPE macros must:
+ *
+ * + Define a type named aux_type_##DESCNAME, for use in any types derived from
+ *   the type being defined.
+ *
+ * + Define an atype_info struct named k5_atype_##DESCNAME
+ *
+ * + Define a type-specific structure, referenced by the tinfo field
+ *   of the atype_info structure.
+ *
+ * + Define any extra stuff needed in the type descriptor, like
+ *   pointer-load functions.
+ *
+ * + Accept a following semicolon syntactically, to keep Emacs parsing
+ *   (and indentation calculating) code happy.
+ *
+ * Nothing else should directly define the atype_info structures.
+ */
+
+/* Define a type using a function table. */
+#define DEFFNTYPE(DESCNAME, CTYPENAME, ENCFN, DECFN, CHECKFN, FREEFN)   \
+    typedef CTYPENAME aux_type_##DESCNAME;                              \
+    static const struct fn_info aux_info_##DESCNAME = {                 \
+        ENCFN, DECFN, CHECKFN, FREEFN                                   \
+    };                                                                  \
+    const struct atype_info k5_atype_##DESCNAME = {                     \
+        atype_fn, sizeof(CTYPENAME), &aux_info_##DESCNAME               \
+    }
+/* A sequence, defined by the indicated series of types, and an optional
+ * function indicating which fields are not present. */
+#define DEFSEQTYPE(DESCNAME, CTYPENAME, FIELDS)                         \
+    typedef CTYPENAME aux_type_##DESCNAME;                              \
+    static const struct seq_info aux_seqinfo_##DESCNAME = {             \
+        FIELDS, sizeof(FIELDS)/sizeof(FIELDS[0])                        \
+    };                                                                  \
+    const struct atype_info k5_atype_##DESCNAME = {                     \
+        atype_sequence, sizeof(CTYPENAME), &aux_seqinfo_##DESCNAME      \
+    }
+/* A boolean type. */
+#define DEFBOOLTYPE(DESCNAME, CTYPENAME)                        \
+    typedef CTYPENAME aux_type_##DESCNAME;                      \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_bool, sizeof(CTYPENAME), NULL                     \
+    }
+/* Integer types.  */
+#define DEFINTTYPE(DESCNAME, CTYPENAME)                         \
+    typedef CTYPENAME aux_type_##DESCNAME;                      \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_int, sizeof(CTYPENAME), NULL                      \
+    }
+#define DEFUINTTYPE(DESCNAME, CTYPENAME)                        \
+    typedef CTYPENAME aux_type_##DESCNAME;                      \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_uint, sizeof(CTYPENAME), NULL                     \
+    }
+#define DEFINT_IMMEDIATE(DESCNAME, VAL, ERR)                    \
+    typedef int aux_type_##DESCNAME;                            \
+    static const struct immediate_info aux_info_##DESCNAME = {  \
+        VAL, ERR                                                \
+    };                                                          \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_int_immediate, 0, &aux_info_##DESCNAME            \
+    }
+
+/* Pointers to other types, to be encoded as those other types.  */
+#ifdef POINTERS_ARE_ALL_THE_SAME
+#define DEFPTRTYPE(DESCNAME,BASEDESCNAME)                       \
+    typedef aux_type_##BASEDESCNAME *aux_type_##DESCNAME;       \
+    static const struct ptr_info aux_info_##DESCNAME = {        \
+        NULL, NULL, &k5_atype_##BASEDESCNAME                    \
+    };                                                          \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_ptr, sizeof(aux_type_##DESCNAME),                 \
+        &aux_info_##DESCNAME                                    \
+    }
+#else
+#define DEFPTRTYPE(DESCNAME,BASEDESCNAME)                       \
+    typedef aux_type_##BASEDESCNAME *aux_type_##DESCNAME;       \
+    static void *                                               \
+    aux_loadptr_##DESCNAME(const void *p)                       \
+    {                                                           \
+        return *(aux_type_##DESCNAME *)p;                       \
+    }                                                           \
+    static void                                                 \
+    aux_storeptr_##DESCNAME(void *ptr, void *val)               \
+    {                                                           \
+        *(aux_type_##DESCNAME *)val = ptr;                      \
+    }                                                           \
+    static const struct ptr_info aux_info_##DESCNAME = {        \
+        aux_loadptr_##DESCNAME, aux_storeptr_##DESCNAME,        \
+        &k5_atype_##BASEDESCNAME                                \
+    };                                                          \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_ptr, sizeof(aux_type_##DESCNAME),                 \
+        &aux_info_##DESCNAME                                    \
+    }
+#endif
+#define DEFOFFSETTYPE(DESCNAME, STYPE, FIELDNAME, BASEDESC)     \
+    typedef STYPE aux_type_##DESCNAME;                          \
+    static const struct offset_info aux_info_##DESCNAME = {     \
+        OFFOF(STYPE, FIELDNAME, aux_type_##BASEDESC),           \
+        &k5_atype_##BASEDESC                                    \
+    };                                                          \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_offset, sizeof(aux_type_##DESCNAME),              \
+        &aux_info_##DESCNAME                                    \
+    }
+#define DEFCOUNTEDTYPE_base(DESCNAME, STYPE, DATAFIELD, COUNTFIELD, SIGNED, \
+                            CDESC)                                      \
+    typedef STYPE aux_type_##DESCNAME;                                  \
+    const struct counted_info aux_info_##DESCNAME = {                   \
+        OFFOF(STYPE, DATAFIELD, aux_ptrtype_##CDESC),                   \
+        OFFOF(STYPE, COUNTFIELD, aux_counttype_##CDESC),                \
+        SIGNED, sizeof(((STYPE*)0)->COUNTFIELD),                        \
+        &k5_cntype_##CDESC                                              \
+    };                                                                  \
+    const struct atype_info k5_atype_##DESCNAME = {                     \
+        atype_counted, sizeof(STYPE),                                   \
+        &aux_info_##DESCNAME                                            \
+    }
+#define DEFCOUNTEDTYPE(DESCNAME, STYPE, DATAFIELD, COUNTFIELD, CDESC) \
+    DEFCOUNTEDTYPE_base(DESCNAME, STYPE, DATAFIELD, COUNTFIELD, 0, CDESC)
+#define DEFCOUNTEDTYPE_SIGNED(DESCNAME, STYPE, DATAFIELD, COUNTFIELD, CDESC) \
+    DEFCOUNTEDTYPE_base(DESCNAME, STYPE, DATAFIELD, COUNTFIELD, 1, CDESC)
+
+/* Optional sequence fields.  The basic form allows arbitrary test and
+ * initializer functions to be used.  INIT may be null. */
+#define DEFOPTIONALTYPE(DESCNAME, PRESENT, INIT, BASEDESC)       \
+    typedef aux_type_##BASEDESC aux_type_##DESCNAME;             \
+    static const struct optional_info aux_info_##DESCNAME = {   \
+        PRESENT, INIT, &k5_atype_##BASEDESC                     \
+    };                                                          \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_optional, sizeof(aux_type_##DESCNAME),            \
+        &aux_info_##DESCNAME                                    \
+    }
+/* This form defines an is_present function for a zero-valued integer or null
+ * pointer of the base type's C type. */
+#define DEFOPTIONALZEROTYPE(DESCNAME, BASEDESC)                         \
+    static int                                                          \
+    aux_present_##DESCNAME(const void *p)                               \
+    {                                                                   \
+        return *(aux_type_##BASEDESC *)p != 0;                          \
+    }                                                                   \
+    DEFOPTIONALTYPE(DESCNAME, aux_present_##DESCNAME, NULL, BASEDESC)
+/* This form defines an is_present function for a null or empty null-terminated
+ * array of the base type's C type. */
+#define DEFOPTIONALEMPTYTYPE(DESCNAME, BASEDESC)                        \
+    static int                                                          \
+    aux_present_##DESCNAME(const void *p)                               \
+    {                                                                   \
+        const aux_type_##BASEDESC *val = p;                             \
+        return (*val != NULL && **val != NULL);                         \
+    }                                                                   \
+    DEFOPTIONALTYPE(DESCNAME, aux_present_##DESCNAME, NULL, BASEDESC)
+
+/*
+ * This encodes a pointer-to-pointer-to-thing where the passed-in
+ * value points to a null-terminated list of pointers to objects to be
+ * encoded, and encodes a (possibly empty) SEQUENCE OF these objects.
+ *
+ * BASEDESCNAME is a descriptor name for the pointer-to-thing
+ * type.
+ *
+ * When dealing with a structure containing a
+ * pointer-to-pointer-to-thing field, make a DEFPTRTYPE of this type,
+ * and use that type for the structure field.
+ */
+#define DEFNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME)                     \
+    typedef aux_type_##BASEDESCNAME aux_type_##DESCNAME;                \
+    const struct atype_info k5_atype_##DESCNAME = {                     \
+        atype_nullterm_sequence_of, sizeof(aux_type_##DESCNAME),        \
+        &k5_atype_##BASEDESCNAME                                        \
+    }
+#define DEFNONEMPTYNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME)     \
+    typedef aux_type_##BASEDESCNAME aux_type_##DESCNAME;        \
+    const struct atype_info k5_atype_##DESCNAME = {             \
+        atype_nonempty_nullterm_sequence_of,                    \
+        sizeof(aux_type_##DESCNAME),                            \
+        &k5_atype_##BASEDESCNAME                                \
+    }
+
+/* Objects with an explicit or implicit tag.  (Implicit tags will ignore the
+ * construction field.) */
+#define DEFTAGGEDTYPE(DESCNAME, CLASS, CONSTRUCTION, TAG, IMPLICIT, BASEDESC) \
+    typedef aux_type_##BASEDESC aux_type_##DESCNAME;                    \
+    static const struct tagged_info aux_info_##DESCNAME = {             \
+        TAG, CLASS, CONSTRUCTION, IMPLICIT, &k5_atype_##BASEDESC        \
+    };                                                                  \
+    const struct atype_info k5_atype_##DESCNAME = {                     \
+        atype_tagged_thing, sizeof(aux_type_##DESCNAME),                \
+        &aux_info_##DESCNAME                                            \
+    }
+/* Objects with an explicit APPLICATION tag added.  */
+#define DEFAPPTAGGEDTYPE(DESCNAME, TAG, BASEDESC)                       \
+    DEFTAGGEDTYPE(DESCNAME, APPLICATION, CONSTRUCTED, TAG, 0, BASEDESC)
+/* Object with a context-specific tag added */
+#define DEFCTAGGEDTYPE(DESCNAME, TAG, BASEDESC)                         \
+    DEFTAGGEDTYPE(DESCNAME, CONTEXT_SPECIFIC, CONSTRUCTED, TAG, 0, BASEDESC)
+#define DEFCTAGGEDTYPE_IMPLICIT(DESCNAME, TAG, BASEDESC)                \
+    DEFTAGGEDTYPE(DESCNAME, CONTEXT_SPECIFIC, CONSTRUCTED, TAG, 1, BASEDESC)
+
+/* Define an offset type with an explicit context tag wrapper (the usual case
+ * for an RFC 4120 sequence field). */
+#define DEFFIELD(NAME, STYPE, FIELDNAME, TAG, DESC)                     \
+    DEFOFFSETTYPE(NAME##_untagged, STYPE, FIELDNAME, DESC);             \
+    DEFCTAGGEDTYPE(NAME, TAG, NAME##_untagged)
+/* Define a counted type with an explicit context tag wrapper. */
+#define DEFCNFIELD(NAME, STYPE, DATAFIELD, LENFIELD, TAG, CDESC)        \
+    DEFCOUNTEDTYPE(NAME##_untagged, STYPE, DATAFIELD, LENFIELD, CDESC); \
+    DEFCTAGGEDTYPE(NAME, TAG, NAME##_untagged)
+/* Like DEFFIELD but with an implicit context tag. */
+#define DEFFIELD_IMPLICIT(NAME, STYPE, FIELDNAME, TAG, DESC)            \
+    DEFOFFSETTYPE(NAME##_untagged, STYPE, FIELDNAME, DESC);             \
+    DEFCTAGGEDTYPE_IMPLICIT(NAME, TAG, NAME##_untagged)
+
+/*
+ * DEFCOUNTED*TYPE macros must:
+ *
+ * + Define types named aux_ptrtype_##DESCNAME and aux_counttype_##DESCNAME, to
+ *   allow type checking when the counted type is referenced with structure
+ *   field offsets in DEFCOUNTEDTYPE.
+ *
+ * + Define a cntype_info struct named k5_cntype_##DESCNAME
+ *
+ * + Define a type-specific structure, referenced by the tinfo field of the
+ *   cntype_info structure.
+ *
+ * + Accept a following semicolon syntactically.
+ */
+
+#define DEFCOUNTEDSTRINGTYPE(DESCNAME, DTYPE, LTYPE, ENCFN, DECFN, TAGVAL) \
+    typedef DTYPE aux_ptrtype_##DESCNAME;                               \
+    typedef LTYPE aux_counttype_##DESCNAME;                             \
+    static const struct string_info aux_info_##DESCNAME = {             \
+        ENCFN, DECFN, TAGVAL                                            \
+    };                                                                  \
+    const struct cntype_info k5_cntype_##DESCNAME = {                   \
+        cntype_string, &aux_info_##DESCNAME                             \
+    }
+
+#define DEFCOUNTEDDERTYPE(DESCNAME, DTYPE, LTYPE)               \
+    typedef DTYPE aux_ptrtype_##DESCNAME;                       \
+    typedef LTYPE aux_counttype_##DESCNAME;                     \
+    const struct cntype_info k5_cntype_##DESCNAME = {           \
+        cntype_der, NULL                                        \
+    }
+
+#define DEFCOUNTEDSEQOFTYPE(DESCNAME, LTYPE, BASEDESC)          \
+    typedef aux_type_##BASEDESC aux_ptrtype_##DESCNAME;         \
+    typedef LTYPE aux_counttype_##DESCNAME;                     \
+    const struct cntype_info k5_cntype_##DESCNAME = {           \
+        cntype_seqof, &k5_atype_##BASEDESC                      \
+    }
+
+#define DEFCHOICETYPE(DESCNAME, UTYPE, DTYPE, FIELDS)           \
+    typedef UTYPE aux_ptrtype_##DESCNAME;                       \
+    typedef DTYPE aux_counttype_##DESCNAME;                     \
+    static const struct choice_info aux_info_##DESCNAME = {     \
+        FIELDS, sizeof(FIELDS) / sizeof(FIELDS[0])              \
+    };                                                          \
+    const struct cntype_info k5_cntype_##DESCNAME = {           \
+        cntype_choice, &aux_info_##DESCNAME                     \
+    }
+
+/*
+ * Declare an externally-defined type.  This is a hack we should do
+ * away with once we move to generating code from a script.  For now,
+ * this macro is unfortunately not compatible with the defining macros
+ * above, since you can't do the typedefs twice and we need the
+ * declarations to produce typedefs.  (We could eliminate the typedefs
+ * from the DEF* macros, but then every DEF* macro use, even the ones
+ * for internal type nodes we only use to build other types, would
+ * need an accompanying declaration which explicitly lists the
+ * type.)
+ */
+#define IMPORT_TYPE(DESCNAME, CTYPENAME)                        \
+    typedef CTYPENAME aux_type_##DESCNAME;                      \
+    extern const struct atype_info k5_atype_##DESCNAME
+
+/* Partially encode the contents of a type and return its tag information.
+ * Used only by kdc_req_body. */
+krb5_error_code
+k5_asn1_encode_atype(asn1buf *buf, const void *val, const struct atype_info *a,
+                     taginfo *tag_out);
+
+/* Decode the tag and contents of a type, storing the result in the
+ * caller-allocated C object val.  Used only by kdc_req_body. */
+krb5_error_code
+k5_asn1_decode_atype(const taginfo *t, const uint8_t *asn1, size_t len,
+                     const struct atype_info *a, void *val);
+
+/* Returns a completed encoding, with tag and in the correct byte order, in an
+ * allocated krb5_data. */
+extern krb5_error_code
+k5_asn1_full_encode(const void *rep, const struct atype_info *a,
+                    krb5_data **code_out);
+krb5_error_code
+k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a,
+                    void **rep_out);
+
+#define MAKE_ENCODER(FNAME, DESC)                                       \
+    krb5_error_code                                                     \
+    FNAME(const aux_type_##DESC *rep, krb5_data **code_out)             \
+    {                                                                   \
+        return k5_asn1_full_encode(rep, &k5_atype_##DESC, code_out);    \
+    }                                                                   \
+    extern int dummy /* gobble semicolon */
+
+#define MAKE_DECODER(FNAME, DESC)                                       \
+    krb5_error_code                                                     \
+    FNAME(const krb5_data *code, aux_type_##DESC **rep_out)             \
+    {                                                                   \
+        krb5_error_code ret;                                            \
+        void *rep;                                                      \
+        *rep_out = NULL;                                                \
+        ret = k5_asn1_full_decode(code, &k5_atype_##DESC, &rep);        \
+        if (ret)                                                        \
+            return ret;                                                 \
+        *rep_out = rep;                                                 \
+        return 0;                                                       \
+    }                                                                   \
+    extern int dummy /* gobble semicolon */
+
+#include <stddef.h>
+/*
+ * Ugly hack!
+ * Like "offsetof", but with type checking.
+ */
+#define WARN_IF_TYPE_MISMATCH(LVALUE, TYPE)     \
+    (sizeof(0 ? (TYPE *) 0 : &(LVALUE)))
+#define OFFOF(TYPE,FIELD,FTYPE)                                 \
+    (offsetof(TYPE, FIELD)                                      \
+     + 0 * WARN_IF_TYPE_MISMATCH(((TYPE*)0)->FIELD, FTYPE))
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c b/krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c
new file mode 100644
index 00000000..5378b5c2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c
@@ -0,0 +1,1759 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/asn.1/asn1_k_encode.c */
+/*
+ * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "asn1_encode.h"
+#include "k5-spake.h"
+
+DEFINT_IMMEDIATE(krb5_version, KVNO, KRB5KDC_ERR_BAD_PVNO);
+
+static int
+int32_not_minus1(const void *p)
+{
+    return *(int32_t *)p != -1;
+}
+
+static void
+init_int32_minus1(void *p)
+{
+    *(int32_t *)p = -1;
+}
+
+DEFBOOLTYPE(boolean, krb5_boolean);
+DEFINTTYPE(int32, int32_t);
+DEFPTRTYPE(int32_ptr, int32);
+DEFCOUNTEDSEQOFTYPE(cseqof_int32, int32_t, int32_ptr);
+DEFOPTIONALZEROTYPE(opt_int32, int32);
+DEFOPTIONALTYPE(opt_int32_minus1, int32_not_minus1, init_int32_minus1, int32);
+
+DEFUINTTYPE(uint, unsigned int);
+DEFUINTTYPE(octet, krb5_octet);
+DEFUINTTYPE(uint32, uint32_t);
+DEFOPTIONALZEROTYPE(opt_uint, uint);
+
+static int
+nonempty_data(const void *p)
+{
+    const krb5_data *val = p;
+    return (val->data != NULL && val->length != 0);
+}
+
+DEFCOUNTEDDERTYPE(der, char *, unsigned int);
+DEFCOUNTEDTYPE(der_data, krb5_data, data, length, der);
+DEFOPTIONALTYPE(opt_der_data, nonempty_data, NULL, der_data);
+
+DEFCOUNTEDSTRINGTYPE(octetstring, uint8_t *, unsigned int,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_OCTETSTRING);
+DEFCOUNTEDSTRINGTYPE(s_octetstring, char *, unsigned int,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_OCTETSTRING);
+DEFCOUNTEDTYPE(ostring_data, krb5_data, data, length, s_octetstring);
+DEFPTRTYPE(ostring_data_ptr, ostring_data);
+DEFOPTIONALTYPE(opt_ostring_data, nonempty_data, NULL, ostring_data);
+DEFOPTIONALZEROTYPE(opt_ostring_data_ptr, ostring_data_ptr);
+
+DEFCOUNTEDSTRINGTYPE(generalstring, char *, unsigned int,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_GENERALSTRING);
+DEFCOUNTEDSTRINGTYPE(u_generalstring, uint8_t *, unsigned int,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_GENERALSTRING);
+DEFCOUNTEDTYPE(gstring_data, krb5_data, data, length, generalstring);
+DEFOPTIONALTYPE(opt_gstring_data, nonempty_data, NULL, gstring_data);
+DEFPTRTYPE(gstring_data_ptr, gstring_data);
+DEFCOUNTEDSEQOFTYPE(cseqof_gstring_data, int32_t, gstring_data_ptr);
+
+DEFCOUNTEDSTRINGTYPE(utf8string, char *, unsigned int,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_UTF8STRING);
+DEFCOUNTEDTYPE(utf8_data, krb5_data, data, length, utf8string);
+DEFOPTIONALTYPE(opt_utf8_data, nonempty_data, NULL, utf8_data);
+DEFPTRTYPE(utf8_data_ptr, utf8_data);
+DEFNULLTERMSEQOFTYPE(seqof_utf8_data, utf8_data_ptr);
+
+DEFCOUNTEDSTRINGTYPE(object_identifier, char *, unsigned int,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_OBJECTIDENTIFIER);
+DEFCOUNTEDTYPE(oid_data, krb5_data, data, length, object_identifier);
+DEFPTRTYPE(oid_data_ptr, oid_data);
+
+DEFOFFSETTYPE(realm_of_principal_data, krb5_principal_data, realm,
+              gstring_data);
+DEFPTRTYPE(realm_of_principal, realm_of_principal_data);
+DEFOPTIONALZEROTYPE(opt_realm_of_principal, realm_of_principal);
+
+DEFFIELD(princname_0, krb5_principal_data, type, 0, int32);
+DEFCNFIELD(princname_1, krb5_principal_data, data, length, 1,
+           cseqof_gstring_data);
+static const struct atype_info *princname_fields[] = {
+    &k5_atype_princname_0, &k5_atype_princname_1
+};
+DEFSEQTYPE(principal_data, krb5_principal_data, princname_fields);
+DEFPTRTYPE(principal, principal_data);
+DEFOPTIONALZEROTYPE(opt_principal, principal);
+
+/*
+ * Define the seqno type, which is an ASN.1 integer represented in a uint32_t.
+ * When decoding, negative 32-bit numbers are accepted for interoperability
+ * with old implementations.
+ */
+static krb5_error_code
+encode_seqno(asn1buf *buf, const void *p, taginfo *rettag)
+{
+    uint32_t val = *(uint32_t *)p;
+    rettag->asn1class = UNIVERSAL;
+    rettag->construction = PRIMITIVE;
+    rettag->tagnum = ASN1_INTEGER;
+    k5_asn1_encode_uint(buf, val);
+    return 0;
+}
+static krb5_error_code
+decode_seqno(const taginfo *t, const uint8_t *asn1, size_t len, void *p)
+{
+    krb5_error_code ret;
+    intmax_t val;
+    ret = k5_asn1_decode_int(asn1, len, &val);
+    if (ret)
+        return ret;
+    if (val < INT32_MIN || val > 0xFFFFFFFF)
+        return ASN1_OVERFLOW;
+    /* Negative values will cast correctly to uint32_t. */
+    *(uint32_t *)p = val;
+    return 0;
+}
+static int
+check_seqno(const taginfo *t)
+{
+    return (t->asn1class == UNIVERSAL && t->construction == PRIMITIVE &&
+            t->tagnum == ASN1_INTEGER);
+}
+DEFFNTYPE(seqno, uint32_t, encode_seqno, decode_seqno, check_seqno, NULL);
+DEFOPTIONALZEROTYPE(opt_seqno, seqno);
+
+/* Define the kerberos_time type, which is an ASN.1 generaltime represented in
+ * a krb5_timestamp. */
+static krb5_error_code
+encode_kerberos_time(asn1buf *buf, const void *p, taginfo *rettag)
+{
+    time_t val = ts2tt(*(krb5_timestamp *)p);
+    rettag->asn1class = UNIVERSAL;
+    rettag->construction = PRIMITIVE;
+    rettag->tagnum = ASN1_GENERALTIME;
+    return k5_asn1_encode_generaltime(buf, val);
+}
+static krb5_error_code
+decode_kerberos_time(const taginfo *t, const uint8_t *asn1, size_t len,
+                     void *p)
+{
+    krb5_error_code ret;
+    time_t val;
+    ret = k5_asn1_decode_generaltime(asn1, len, &val);
+    if (ret)
+        return ret;
+    *(krb5_timestamp *)p = val;
+    return 0;
+}
+static int
+check_kerberos_time(const taginfo *t)
+{
+    return (t->asn1class == UNIVERSAL && t->construction == PRIMITIVE &&
+            t->tagnum == ASN1_GENERALTIME);
+}
+DEFFNTYPE(kerberos_time, krb5_timestamp, encode_kerberos_time,
+          decode_kerberos_time, check_kerberos_time, NULL);
+DEFOPTIONALZEROTYPE(opt_kerberos_time, kerberos_time);
+
+DEFFIELD(address_0, krb5_address, addrtype, 0, int32);
+DEFCNFIELD(address_1, krb5_address, contents, length, 1, octetstring);
+const static struct atype_info *address_fields[] = {
+    &k5_atype_address_0, &k5_atype_address_1
+};
+DEFSEQTYPE(address, krb5_address, address_fields);
+DEFPTRTYPE(address_ptr, address);
+DEFOPTIONALZEROTYPE(opt_address_ptr, address_ptr);
+
+DEFNULLTERMSEQOFTYPE(seqof_host_addresses, address_ptr);
+DEFPTRTYPE(ptr_seqof_host_addresses, seqof_host_addresses);
+DEFOPTIONALEMPTYTYPE(opt_ptr_seqof_host_addresses, ptr_seqof_host_addresses);
+
+/*
+ * krb5_kvno is defined as unsigned int, but historically (MIT krb5 through 1.6
+ * in the encoder, and through 1.10 in the decoder) we treat it as signed, in
+ * violation of RFC 4120.  kvno values large enough to be problematic are only
+ * likely to be seen with Windows read-only domain controllers, which overload
+ * the high 16-bits of kvno values for krbtgt principals.  Since Windows
+ * encodes kvnos as signed 32-bit values, for interoperability it's best if we
+ * do the same.
+ */
+DEFINTTYPE(kvno, krb5_kvno);
+DEFOPTIONALZEROTYPE(opt_kvno, kvno);
+
+DEFFIELD(enc_data_0, krb5_enc_data, enctype, 0, int32);
+DEFFIELD(enc_data_1, krb5_enc_data, kvno, 1, opt_kvno);
+DEFFIELD(enc_data_2, krb5_enc_data, ciphertext, 2, ostring_data);
+static const struct atype_info *encrypted_data_fields[] = {
+    &k5_atype_enc_data_0, &k5_atype_enc_data_1, &k5_atype_enc_data_2
+};
+DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields);
+static int
+nonempty_enc_data(const void *p)
+{
+    const krb5_enc_data *val = p;
+    return (val->ciphertext.data != NULL);
+}
+DEFOPTIONALTYPE(opt_encrypted_data, nonempty_enc_data, NULL, encrypted_data);
+
+/* Define the krb5_flags type, which is an ASN.1 bit string represented in a
+ * 32-bit integer. */
+static krb5_error_code
+encode_krb5_flags(asn1buf *buf, const void *p, taginfo *rettag)
+{
+    uint8_t cbuf[4], *cptr = cbuf;
+    store_32_be((uint32_t)*(const krb5_flags *)p, cbuf);
+    rettag->asn1class = UNIVERSAL;
+    rettag->construction = PRIMITIVE;
+    rettag->tagnum = ASN1_BITSTRING;
+    return k5_asn1_encode_bitstring(buf, &cptr, 4);
+}
+static krb5_error_code
+decode_krb5_flags(const taginfo *t, const uint8_t *asn1, size_t len, void *val)
+{
+    krb5_error_code ret;
+    size_t i, blen;
+    krb5_flags f = 0;
+    uint8_t *bits;
+    ret = k5_asn1_decode_bitstring(asn1, len, &bits, &blen);
+    if (ret)
+        return ret;
+    /* Copy up to 32 bits into f, starting at the most significant byte. */
+    for (i = 0; i < blen && i < 4; i++)
+        f |= bits[i] << (8 * (3 - i));
+    *(krb5_flags *)val = f;
+    free(bits);
+    return 0;
+}
+static int
+check_krb5_flags(const taginfo *t)
+{
+    return (t->asn1class == UNIVERSAL && t->construction == PRIMITIVE &&
+            t->tagnum == ASN1_BITSTRING);
+}
+DEFFNTYPE(krb5_flags, krb5_flags, encode_krb5_flags, decode_krb5_flags,
+          check_krb5_flags, NULL);
+DEFOPTIONALZEROTYPE(opt_krb5_flags, krb5_flags);
+
+DEFFIELD(authdata_0, krb5_authdata, ad_type, 0, int32);
+DEFCNFIELD(authdata_1, krb5_authdata, contents, length, 1, octetstring);
+static const struct atype_info *authdata_elt_fields[] = {
+    &k5_atype_authdata_0, &k5_atype_authdata_1
+};
+DEFSEQTYPE(authdata_elt, krb5_authdata, authdata_elt_fields);
+DEFPTRTYPE(authdata_elt_ptr, authdata_elt);
+DEFNONEMPTYNULLTERMSEQOFTYPE(auth_data, authdata_elt_ptr);
+DEFPTRTYPE(auth_data_ptr, auth_data);
+DEFOPTIONALEMPTYTYPE(opt_auth_data_ptr, auth_data_ptr);
+
+/* authdata_types retrieves just the types of authdata elements in an array. */
+DEFCTAGGEDTYPE(authdata_elt_type_0, 0, int32);
+static const struct atype_info *authdata_elt_type_fields[] = {
+    &k5_atype_authdata_elt_type_0
+};
+DEFSEQTYPE(authdata_elt_type, krb5_authdatatype, authdata_elt_type_fields);
+DEFPTRTYPE(ptr_authdata_elt_type, authdata_elt_type);
+DEFCOUNTEDSEQOFTYPE(cseqof_authdata_elt_type, unsigned int,
+                    ptr_authdata_elt_type);
+struct authdata_types {
+    krb5_authdatatype *types;
+    unsigned int ntypes;
+};
+DEFCOUNTEDTYPE(authdata_types, struct authdata_types, types, ntypes,
+               cseqof_authdata_elt_type);
+
+DEFFIELD(keyblock_0, krb5_keyblock, enctype, 0, int32);
+DEFCNFIELD(keyblock_1, krb5_keyblock, contents, length, 1, octetstring);
+static const struct atype_info *encryption_key_fields[] = {
+    &k5_atype_keyblock_0, &k5_atype_keyblock_1
+};
+DEFSEQTYPE(encryption_key, krb5_keyblock, encryption_key_fields);
+DEFPTRTYPE(ptr_encryption_key, encryption_key);
+DEFOPTIONALZEROTYPE(opt_ptr_encryption_key, ptr_encryption_key);
+
+DEFFIELD(checksum_0, krb5_checksum, checksum_type, 0, int32);
+DEFCNFIELD(checksum_1, krb5_checksum, contents, length, 1, octetstring);
+static const struct atype_info *checksum_fields[] = {
+    &k5_atype_checksum_0, &k5_atype_checksum_1
+};
+DEFSEQTYPE(checksum, krb5_checksum, checksum_fields);
+DEFPTRTYPE(checksum_ptr, checksum);
+DEFNULLTERMSEQOFTYPE(seqof_checksum, checksum_ptr);
+DEFPTRTYPE(ptr_seqof_checksum, seqof_checksum);
+DEFOPTIONALZEROTYPE(opt_checksum_ptr, checksum_ptr);
+
+/* Define the last_req_type type, which is an int32_t with some massaging on
+ * decode for backward compatibility. */
+static krb5_error_code
+encode_lr_type(asn1buf *buf, const void *p, taginfo *rettag)
+{
+    int32_t val = *(int32_t *)p;
+    rettag->asn1class = UNIVERSAL;
+    rettag->construction = PRIMITIVE;
+    rettag->tagnum = ASN1_INTEGER;
+    k5_asn1_encode_int(buf, val);
+    return 0;
+}
+static krb5_error_code
+decode_lr_type(const taginfo *t, const uint8_t *asn1, size_t len, void *p)
+{
+    krb5_error_code ret;
+    intmax_t val;
+    ret = k5_asn1_decode_int(asn1, len, &val);
+    if (ret)
+        return ret;
+    if (val > INT32_MAX || val < INT32_MIN)
+        return ASN1_OVERFLOW;
+    *(int32_t *)p = val;
+    return 0;
+}
+static int
+check_lr_type(const taginfo *t)
+{
+    return (t->asn1class == UNIVERSAL && t->construction == PRIMITIVE &&
+            t->tagnum == ASN1_INTEGER);
+}
+DEFFNTYPE(last_req_type, int32_t, encode_lr_type, decode_lr_type,
+          check_lr_type, NULL);
+
+DEFFIELD(last_req_0, krb5_last_req_entry, lr_type, 0, last_req_type);
+DEFFIELD(last_req_1, krb5_last_req_entry, value, 1, kerberos_time);
+static const struct atype_info *lr_fields[] = {
+    &k5_atype_last_req_0, &k5_atype_last_req_1
+};
+DEFSEQTYPE(last_req_ent, krb5_last_req_entry, lr_fields);
+
+DEFPTRTYPE(last_req_ent_ptr, last_req_ent);
+DEFNONEMPTYNULLTERMSEQOFTYPE(last_req, last_req_ent_ptr);
+DEFPTRTYPE(last_req_ptr, last_req);
+
+DEFCTAGGEDTYPE(ticket_0, 0, krb5_version);
+DEFFIELD(ticket_1, krb5_ticket, server, 1, realm_of_principal);
+DEFFIELD(ticket_2, krb5_ticket, server, 2, principal);
+DEFFIELD(ticket_3, krb5_ticket, enc_part, 3, encrypted_data);
+static const struct atype_info *ticket_fields[] = {
+    &k5_atype_ticket_0, &k5_atype_ticket_1, &k5_atype_ticket_2,
+    &k5_atype_ticket_3
+};
+DEFSEQTYPE(untagged_ticket, krb5_ticket, ticket_fields);
+DEFAPPTAGGEDTYPE(ticket, 1, untagged_ticket);
+
+/* First context tag is 1, not 0. */
+DEFFIELD(pa_data_1, krb5_pa_data, pa_type, 1, int32);
+DEFCNFIELD(pa_data_2, krb5_pa_data, contents, length, 2, octetstring);
+static const struct atype_info *pa_data_fields[] = {
+    &k5_atype_pa_data_1, &k5_atype_pa_data_2
+};
+DEFSEQTYPE(pa_data, krb5_pa_data, pa_data_fields);
+DEFPTRTYPE(pa_data_ptr, pa_data);
+
+DEFNULLTERMSEQOFTYPE(seqof_pa_data, pa_data_ptr);
+DEFPTRTYPE(ptr_seqof_pa_data, seqof_pa_data);
+DEFOPTIONALEMPTYTYPE(opt_ptr_seqof_pa_data, ptr_seqof_pa_data);
+
+DEFPTRTYPE(ticket_ptr, ticket);
+DEFNONEMPTYNULLTERMSEQOFTYPE(seqof_ticket,ticket_ptr);
+DEFPTRTYPE(ptr_seqof_ticket, seqof_ticket);
+DEFOPTIONALEMPTYTYPE(opt_ptr_seqof_ticket, ptr_seqof_ticket);
+
+static int
+is_enc_kdc_rep_start_set(const void *p)
+{
+    const krb5_enc_kdc_rep_part *val = p;
+    return (val->times.starttime != 0);
+}
+static void
+init_enc_kdc_rep_start(void *p)
+{
+    krb5_enc_kdc_rep_part *val = p;
+    val->times.starttime = val->times.authtime;
+}
+static int
+is_renewable_flag_set(const void *p)
+{
+    const krb5_enc_kdc_rep_part *val = p;
+    return (val->flags & TKT_FLG_RENEWABLE);
+}
+DEFFIELD(enc_kdc_rep_0, krb5_enc_kdc_rep_part, session, 0, ptr_encryption_key);
+DEFFIELD(enc_kdc_rep_1, krb5_enc_kdc_rep_part, last_req, 1, last_req_ptr);
+DEFFIELD(enc_kdc_rep_2, krb5_enc_kdc_rep_part, nonce, 2, int32);
+DEFFIELD(enc_kdc_rep_3, krb5_enc_kdc_rep_part, key_exp, 3, opt_kerberos_time);
+DEFFIELD(enc_kdc_rep_4, krb5_enc_kdc_rep_part, flags, 4, krb5_flags);
+DEFFIELD(enc_kdc_rep_5, krb5_enc_kdc_rep_part, times.authtime, 5,
+         kerberos_time);
+DEFFIELD(enc_kdc_rep_6_def, krb5_enc_kdc_rep_part, times.starttime, 6,
+         kerberos_time);
+DEFOPTIONALTYPE(enc_kdc_rep_6, is_enc_kdc_rep_start_set,
+                init_enc_kdc_rep_start, enc_kdc_rep_6_def);
+DEFFIELD(enc_kdc_rep_7, krb5_enc_kdc_rep_part, times.endtime, 7,
+         kerberos_time);
+DEFFIELD(enc_kdc_rep_8_def, krb5_enc_kdc_rep_part, times.renew_till, 8,
+         kerberos_time);
+DEFOPTIONALTYPE(enc_kdc_rep_8, is_renewable_flag_set, NULL, enc_kdc_rep_8_def);
+DEFFIELD(enc_kdc_rep_9, krb5_enc_kdc_rep_part, server, 9, realm_of_principal);
+DEFFIELD(enc_kdc_rep_10, krb5_enc_kdc_rep_part, server, 10, principal);
+DEFFIELD(enc_kdc_rep_11, krb5_enc_kdc_rep_part, caddrs, 11,
+         opt_ptr_seqof_host_addresses);
+DEFFIELD(enc_kdc_rep_12, krb5_enc_kdc_rep_part, enc_padata, 12,
+         opt_ptr_seqof_pa_data);
+static const struct atype_info *enc_kdc_rep_part_fields[] = {
+    &k5_atype_enc_kdc_rep_0, &k5_atype_enc_kdc_rep_1, &k5_atype_enc_kdc_rep_2,
+    &k5_atype_enc_kdc_rep_3, &k5_atype_enc_kdc_rep_4, &k5_atype_enc_kdc_rep_5,
+    &k5_atype_enc_kdc_rep_6, &k5_atype_enc_kdc_rep_7, &k5_atype_enc_kdc_rep_8,
+    &k5_atype_enc_kdc_rep_9, &k5_atype_enc_kdc_rep_10,
+    &k5_atype_enc_kdc_rep_11, &k5_atype_enc_kdc_rep_12
+};
+DEFSEQTYPE(enc_kdc_rep_part, krb5_enc_kdc_rep_part, enc_kdc_rep_part_fields);
+
+/*
+ * Yuck!  Eventually push this *up* above the encoder API and make the
+ * rest of the library put the realm name in one consistent place.  At
+ * the same time, might as well add the msg-type field and encode both
+ * AS-REQ and TGS-REQ through the same descriptor.
+ */
+typedef struct kdc_req_hack {
+    krb5_kdc_req v;
+    krb5_data server_realm;
+} kdc_req_hack;
+DEFFIELD(req_body_0, kdc_req_hack, v.kdc_options, 0, krb5_flags);
+DEFFIELD(req_body_1, kdc_req_hack, v.client, 1, opt_principal);
+DEFFIELD(req_body_2, kdc_req_hack, server_realm, 2, gstring_data);
+DEFFIELD(req_body_3, kdc_req_hack, v.server, 3, opt_principal);
+DEFFIELD(req_body_4, kdc_req_hack, v.from, 4, opt_kerberos_time);
+DEFFIELD(req_body_5, kdc_req_hack, v.till, 5, kerberos_time);
+DEFFIELD(req_body_6, kdc_req_hack, v.rtime, 6, opt_kerberos_time);
+DEFFIELD(req_body_7, kdc_req_hack, v.nonce, 7, int32);
+DEFCNFIELD(req_body_8, kdc_req_hack, v.ktype, v.nktypes, 8, cseqof_int32);
+DEFFIELD(req_body_9, kdc_req_hack, v.addresses, 9,
+         opt_ptr_seqof_host_addresses);
+DEFFIELD(req_body_10, kdc_req_hack, v.authorization_data, 10,
+         opt_encrypted_data);
+DEFFIELD(req_body_11, kdc_req_hack, v.second_ticket, 11, opt_ptr_seqof_ticket);
+static const struct atype_info *kdc_req_hack_fields[] = {
+    &k5_atype_req_body_0, &k5_atype_req_body_1, &k5_atype_req_body_2,
+    &k5_atype_req_body_3, &k5_atype_req_body_4, &k5_atype_req_body_5,
+    &k5_atype_req_body_6, &k5_atype_req_body_7, &k5_atype_req_body_8,
+    &k5_atype_req_body_9, &k5_atype_req_body_10, &k5_atype_req_body_11
+};
+DEFSEQTYPE(kdc_req_body_hack, kdc_req_hack, kdc_req_hack_fields);
+static krb5_error_code
+encode_kdc_req_body(asn1buf *buf, const void *p, taginfo *tag_out)
+{
+    const krb5_kdc_req *val = p;
+    kdc_req_hack h;
+    h.v = *val;
+    if (val->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) {
+        if (val->second_ticket != NULL && val->second_ticket[0] != NULL)
+            h.server_realm = val->second_ticket[0]->server->realm;
+        else
+            return ASN1_MISSING_FIELD;
+    } else if (val->server != NULL)
+        h.server_realm = val->server->realm;
+    else
+        return ASN1_MISSING_FIELD;
+    return k5_asn1_encode_atype(buf, &h, &k5_atype_kdc_req_body_hack, tag_out);
+}
+static void
+free_kdc_req_body(void *val)
+{
+    krb5_kdc_req *req = val;
+    krb5_free_principal(NULL, req->client);
+    krb5_free_principal(NULL, req->server);
+    free(req->ktype);
+    krb5_free_addresses(NULL, req->addresses);
+    free(req->authorization_data.ciphertext.data);
+    krb5_free_tickets(NULL, req->second_ticket);
+}
+static krb5_error_code
+decode_kdc_req_body(const taginfo *t, const uint8_t *asn1, size_t len,
+                    void *val)
+{
+    krb5_error_code ret;
+    kdc_req_hack h;
+    krb5_kdc_req *b = val;
+    memset(&h, 0, sizeof(h));
+    ret = k5_asn1_decode_atype(t, asn1, len, &k5_atype_kdc_req_body_hack, &h);
+    if (ret)
+        return ret;
+    b->kdc_options = h.v.kdc_options;
+    b->client = h.v.client;
+    b->server = h.v.server;
+    b->from = h.v.from;
+    b->till = h.v.till;
+    b->rtime = h.v.rtime;
+    b->nonce = h.v.nonce;
+    b->ktype = h.v.ktype;
+    b->nktypes = h.v.nktypes;
+    b->addresses = h.v.addresses;
+    b->authorization_data = h.v.authorization_data;
+    b->second_ticket = h.v.second_ticket;
+    if (b->client != NULL && b->server != NULL) {
+        ret = krb5int_copy_data_contents(NULL, &h.server_realm,
+                                         &b->client->realm);
+        if (ret) {
+            free_kdc_req_body(b);
+            free(h.server_realm.data);
+            return ret;
+        }
+        b->server->realm = h.server_realm;
+    } else if (b->client != NULL)
+        b->client->realm = h.server_realm;
+    else if (b->server != NULL)
+        b->server->realm = h.server_realm;
+    else
+        free(h.server_realm.data);
+    return 0;
+}
+static int
+check_kdc_req_body(const taginfo *t)
+{
+    return (t->asn1class == UNIVERSAL && t->construction == CONSTRUCTED &&
+            t->tagnum == ASN1_SEQUENCE);
+}
+DEFFNTYPE(kdc_req_body, krb5_kdc_req, encode_kdc_req_body, decode_kdc_req_body,
+          check_kdc_req_body, free_kdc_req_body);
+/* end ugly hack */
+
+DEFFIELD(transited_0, krb5_transited, tr_type, 0, octet);
+DEFFIELD(transited_1, krb5_transited, tr_contents, 1, ostring_data);
+static const struct atype_info *transited_fields[] = {
+    &k5_atype_transited_0, &k5_atype_transited_1
+};
+DEFSEQTYPE(transited, krb5_transited, transited_fields);
+
+static int
+is_safe_timestamp_set(const void *p)
+{
+    const krb5_safe *val = p;
+    return (val->timestamp != 0);
+}
+DEFFIELD(safe_body_0, krb5_safe, user_data, 0, ostring_data);
+DEFFIELD(safe_body_1, krb5_safe, timestamp, 1, opt_kerberos_time);
+DEFFIELD(safe_body_2_def, krb5_safe, usec, 2, int32);
+DEFOPTIONALTYPE(safe_body_2, is_safe_timestamp_set, NULL, safe_body_2_def);
+DEFFIELD(safe_body_3, krb5_safe, seq_number, 3, opt_seqno);
+DEFFIELD(safe_body_4, krb5_safe, s_address, 4, address_ptr);
+DEFFIELD(safe_body_5, krb5_safe, r_address, 5, opt_address_ptr);
+static const struct atype_info *safe_body_fields[] = {
+    &k5_atype_safe_body_0, &k5_atype_safe_body_1, &k5_atype_safe_body_2,
+    &k5_atype_safe_body_3, &k5_atype_safe_body_4, &k5_atype_safe_body_5
+};
+DEFSEQTYPE(safe_body, krb5_safe, safe_body_fields);
+
+DEFFIELD(cred_info_0, krb5_cred_info, session, 0, ptr_encryption_key);
+DEFFIELD(cred_info_1, krb5_cred_info, client, 1, opt_realm_of_principal);
+DEFFIELD(cred_info_2, krb5_cred_info, client, 2, opt_principal);
+DEFFIELD(cred_info_3, krb5_cred_info, flags, 3, opt_krb5_flags);
+DEFFIELD(cred_info_4, krb5_cred_info, times.authtime, 4, opt_kerberos_time);
+DEFFIELD(cred_info_5, krb5_cred_info, times.starttime, 5, opt_kerberos_time);
+DEFFIELD(cred_info_6, krb5_cred_info, times.endtime, 6, opt_kerberos_time);
+DEFFIELD(cred_info_7, krb5_cred_info, times.renew_till, 7, opt_kerberos_time);
+DEFFIELD(cred_info_8, krb5_cred_info, server, 8, opt_realm_of_principal);
+DEFFIELD(cred_info_9, krb5_cred_info, server, 9, opt_principal);
+DEFFIELD(cred_info_10, krb5_cred_info, caddrs, 10,
+         opt_ptr_seqof_host_addresses);
+static const struct atype_info *krb_cred_info_fields[] = {
+    &k5_atype_cred_info_0, &k5_atype_cred_info_1, &k5_atype_cred_info_2,
+    &k5_atype_cred_info_3, &k5_atype_cred_info_4, &k5_atype_cred_info_5,
+    &k5_atype_cred_info_6, &k5_atype_cred_info_7, &k5_atype_cred_info_8,
+    &k5_atype_cred_info_9, &k5_atype_cred_info_10
+};
+DEFSEQTYPE(cred_info, krb5_cred_info, krb_cred_info_fields);
+DEFPTRTYPE(cred_info_ptr, cred_info);
+DEFNULLTERMSEQOFTYPE(seqof_cred_info, cred_info_ptr);
+
+DEFPTRTYPE(ptrseqof_cred_info, seqof_cred_info);
+
+static int
+is_salt_present(const void *p)
+{
+    const krb5_etype_info_entry *val = p;
+    return (val->length != KRB5_ETYPE_NO_SALT);
+}
+static void
+init_no_salt(void *p)
+{
+    krb5_etype_info_entry *val = p;
+    val->length = KRB5_ETYPE_NO_SALT;
+}
+DEFFIELD(etype_info_0, krb5_etype_info_entry, etype, 0, int32);
+DEFCNFIELD(etype_info_1_def, krb5_etype_info_entry, salt, length, 1,
+           octetstring);
+DEFOPTIONALTYPE(etype_info_1, is_salt_present, init_no_salt, etype_info_1_def);
+static const struct atype_info *etype_info_entry_fields[] = {
+    &k5_atype_etype_info_0, &k5_atype_etype_info_1
+};
+DEFSEQTYPE(etype_info_entry, krb5_etype_info_entry, etype_info_entry_fields);
+
+/* First field is the same as etype-info. */
+DEFCNFIELD(etype_info2_1_def, krb5_etype_info_entry, salt, length, 1,
+           u_generalstring);
+DEFOPTIONALTYPE(etype_info2_1, is_salt_present, init_no_salt,
+                etype_info2_1_def);
+DEFFIELD(etype_info2_2, krb5_etype_info_entry, s2kparams, 2, opt_ostring_data);
+static const struct atype_info *etype_info2_entry_fields[] = {
+    &k5_atype_etype_info_0, &k5_atype_etype_info2_1, &k5_atype_etype_info2_2
+};
+DEFSEQTYPE(etype_info2_entry, krb5_etype_info_entry, etype_info2_entry_fields);
+
+DEFPTRTYPE(etype_info_entry_ptr, etype_info_entry);
+DEFNULLTERMSEQOFTYPE(etype_info, etype_info_entry_ptr);
+
+DEFPTRTYPE(etype_info2_entry_ptr, etype_info2_entry);
+DEFNULLTERMSEQOFTYPE(etype_info2, etype_info2_entry_ptr);
+
+DEFFIELD(sch_0, krb5_sam_challenge_2, sam_challenge_2_body, 0, der_data);
+DEFFIELD(sch_1, krb5_sam_challenge_2, sam_cksum, 1, ptr_seqof_checksum);
+static const struct atype_info *sam_challenge_2_fields[] = {
+    &k5_atype_sch_0, &k5_atype_sch_1
+};
+DEFSEQTYPE(sam_challenge_2, krb5_sam_challenge_2, sam_challenge_2_fields);
+
+DEFFIELD(schb_0, krb5_sam_challenge_2_body, sam_type, 0, int32);
+DEFFIELD(schb_1, krb5_sam_challenge_2_body, sam_flags, 1, krb5_flags);
+DEFFIELD(schb_2, krb5_sam_challenge_2_body, sam_type_name, 2,
+         opt_ostring_data);
+DEFFIELD(schb_3, krb5_sam_challenge_2_body, sam_track_id, 3, opt_ostring_data);
+DEFFIELD(schb_4, krb5_sam_challenge_2_body, sam_challenge_label, 4,
+         opt_ostring_data);
+DEFFIELD(schb_5, krb5_sam_challenge_2_body, sam_challenge, 5,
+         opt_ostring_data);
+DEFFIELD(schb_6, krb5_sam_challenge_2_body, sam_response_prompt, 6,
+         opt_ostring_data);
+DEFFIELD(schb_7, krb5_sam_challenge_2_body, sam_pk_for_sad, 7,
+         opt_ostring_data);
+DEFFIELD(schb_8, krb5_sam_challenge_2_body, sam_nonce, 8, int32);
+DEFFIELD(schb_9, krb5_sam_challenge_2_body, sam_etype, 9, int32);
+static const struct atype_info *sam_challenge_2_body_fields[] = {
+    &k5_atype_schb_0, &k5_atype_schb_1, &k5_atype_schb_2, &k5_atype_schb_3,
+    &k5_atype_schb_4, &k5_atype_schb_5, &k5_atype_schb_6, &k5_atype_schb_7,
+    &k5_atype_schb_8, &k5_atype_schb_9
+};
+DEFSEQTYPE(sam_challenge_2_body,krb5_sam_challenge_2_body,
+           sam_challenge_2_body_fields);
+
+DEFFIELD(esre_0, krb5_enc_sam_response_enc_2, sam_nonce, 0, int32);
+DEFFIELD(esre_1, krb5_enc_sam_response_enc_2, sam_sad, 1, opt_ostring_data);
+static const struct atype_info *enc_sam_response_enc_2_fields[] = {
+    &k5_atype_esre_0, &k5_atype_esre_1
+};
+DEFSEQTYPE(enc_sam_response_enc_2, krb5_enc_sam_response_enc_2,
+           enc_sam_response_enc_2_fields);
+
+DEFFIELD(sam_resp_0, krb5_sam_response_2, sam_type, 0, int32);
+DEFFIELD(sam_resp_1, krb5_sam_response_2, sam_flags, 1, krb5_flags);
+DEFFIELD(sam_resp_2, krb5_sam_response_2, sam_track_id, 2, opt_ostring_data);
+DEFFIELD(sam_resp_3, krb5_sam_response_2, sam_enc_nonce_or_sad, 3,
+         encrypted_data);
+DEFFIELD(sam_resp_4, krb5_sam_response_2, sam_nonce, 4, int32);
+static const struct atype_info *sam_response_2_fields[] = {
+    &k5_atype_sam_resp_0, &k5_atype_sam_resp_1, &k5_atype_sam_resp_2,
+    &k5_atype_sam_resp_3, &k5_atype_sam_resp_4
+};
+DEFSEQTYPE(sam_response_2, krb5_sam_response_2, sam_response_2_fields);
+
+DEFCTAGGEDTYPE(authenticator_0, 0, krb5_version);
+DEFFIELD(authenticator_1, krb5_authenticator, client, 1, realm_of_principal);
+DEFFIELD(authenticator_2, krb5_authenticator, client, 2, principal);
+DEFFIELD(authenticator_3, krb5_authenticator, checksum, 3, opt_checksum_ptr);
+DEFFIELD(authenticator_4, krb5_authenticator, cusec, 4, int32);
+DEFFIELD(authenticator_5, krb5_authenticator, ctime, 5, kerberos_time);
+DEFFIELD(authenticator_6, krb5_authenticator, subkey, 6,
+         opt_ptr_encryption_key);
+DEFFIELD(authenticator_7, krb5_authenticator, seq_number, 7, opt_seqno);
+DEFFIELD(authenticator_8, krb5_authenticator, authorization_data, 8,
+         opt_auth_data_ptr);
+static const struct atype_info *authenticator_fields[] = {
+    &k5_atype_authenticator_0, &k5_atype_authenticator_1,
+    &k5_atype_authenticator_2, &k5_atype_authenticator_3,
+    &k5_atype_authenticator_4, &k5_atype_authenticator_5,
+    &k5_atype_authenticator_6, &k5_atype_authenticator_7,
+    &k5_atype_authenticator_8
+};
+DEFSEQTYPE(untagged_authenticator, krb5_authenticator, authenticator_fields);
+DEFAPPTAGGEDTYPE(authenticator, 2, untagged_authenticator);
+
+DEFFIELD(enc_tkt_0, krb5_enc_tkt_part, flags, 0, krb5_flags);
+DEFFIELD(enc_tkt_1, krb5_enc_tkt_part, session, 1, ptr_encryption_key);
+DEFFIELD(enc_tkt_2, krb5_enc_tkt_part, client, 2, realm_of_principal);
+DEFFIELD(enc_tkt_3, krb5_enc_tkt_part, client, 3, principal);
+DEFFIELD(enc_tkt_4, krb5_enc_tkt_part, transited, 4, transited);
+DEFFIELD(enc_tkt_5, krb5_enc_tkt_part, times.authtime, 5, kerberos_time);
+DEFFIELD(enc_tkt_6, krb5_enc_tkt_part, times.starttime, 6, opt_kerberos_time);
+DEFFIELD(enc_tkt_7, krb5_enc_tkt_part, times.endtime, 7, kerberos_time);
+DEFFIELD(enc_tkt_8, krb5_enc_tkt_part, times.renew_till, 8, opt_kerberos_time);
+DEFFIELD(enc_tkt_9, krb5_enc_tkt_part, caddrs, 9,
+         opt_ptr_seqof_host_addresses);
+DEFFIELD(enc_tkt_10, krb5_enc_tkt_part, authorization_data, 10,
+         opt_auth_data_ptr);
+static const struct atype_info *enc_tkt_part_fields[] = {
+    &k5_atype_enc_tkt_0, &k5_atype_enc_tkt_1, &k5_atype_enc_tkt_2,
+    &k5_atype_enc_tkt_3, &k5_atype_enc_tkt_4, &k5_atype_enc_tkt_5,
+    &k5_atype_enc_tkt_6, &k5_atype_enc_tkt_7, &k5_atype_enc_tkt_8,
+    &k5_atype_enc_tkt_9, &k5_atype_enc_tkt_10
+};
+DEFSEQTYPE(untagged_enc_tkt_part, krb5_enc_tkt_part, enc_tkt_part_fields);
+DEFAPPTAGGEDTYPE(enc_tkt_part, 3, untagged_enc_tkt_part);
+
+DEFAPPTAGGEDTYPE(enc_as_rep_part, 25, enc_kdc_rep_part);
+DEFAPPTAGGEDTYPE(enc_tgs_rep_part, 26, enc_kdc_rep_part);
+
+DEFCTAGGEDTYPE(kdc_rep_0, 0, krb5_version);
+DEFFIELD(kdc_rep_1, krb5_kdc_rep, msg_type, 1, uint);
+DEFFIELD(kdc_rep_2, krb5_kdc_rep, padata, 2, opt_ptr_seqof_pa_data);
+DEFFIELD(kdc_rep_3, krb5_kdc_rep, client, 3, realm_of_principal);
+DEFFIELD(kdc_rep_4, krb5_kdc_rep, client, 4, principal);
+DEFFIELD(kdc_rep_5, krb5_kdc_rep, ticket, 5, ticket_ptr);
+DEFFIELD(kdc_rep_6, krb5_kdc_rep, enc_part, 6, encrypted_data);
+static const struct atype_info *kdc_rep_fields[] = {
+    &k5_atype_kdc_rep_0, &k5_atype_kdc_rep_1, &k5_atype_kdc_rep_2,
+    &k5_atype_kdc_rep_3, &k5_atype_kdc_rep_4, &k5_atype_kdc_rep_5,
+    &k5_atype_kdc_rep_6
+};
+DEFSEQTYPE(kdc_rep, krb5_kdc_rep, kdc_rep_fields);
+DEFAPPTAGGEDTYPE(as_rep, 11, kdc_rep);
+DEFAPPTAGGEDTYPE(tgs_rep, 13, kdc_rep);
+
+DEFINT_IMMEDIATE(ap_req_msg_type, ASN1_KRB_AP_REQ, 0);
+DEFCTAGGEDTYPE(ap_req_0, 0, krb5_version);
+DEFCTAGGEDTYPE(ap_req_1, 1, ap_req_msg_type);
+DEFFIELD(ap_req_2, krb5_ap_req, ap_options, 2, krb5_flags);
+DEFFIELD(ap_req_3, krb5_ap_req, ticket, 3, ticket_ptr);
+DEFFIELD(ap_req_4, krb5_ap_req, authenticator, 4, encrypted_data);
+static const struct atype_info *ap_req_fields[] = {
+    &k5_atype_ap_req_0, &k5_atype_ap_req_1, &k5_atype_ap_req_2,
+    &k5_atype_ap_req_3, &k5_atype_ap_req_4
+};
+DEFSEQTYPE(untagged_ap_req, krb5_ap_req, ap_req_fields);
+DEFAPPTAGGEDTYPE(ap_req, 14, untagged_ap_req);
+
+DEFINT_IMMEDIATE(ap_rep_msg_type, ASN1_KRB_AP_REP, 0);
+DEFCTAGGEDTYPE(ap_rep_0, 0, krb5_version);
+DEFCTAGGEDTYPE(ap_rep_1, 1, ap_rep_msg_type);
+DEFFIELD(ap_rep_2, krb5_ap_rep, enc_part, 2, encrypted_data);
+static const struct atype_info *ap_rep_fields[] = {
+    &k5_atype_ap_rep_0, &k5_atype_ap_rep_1, &k5_atype_ap_rep_2
+};
+DEFSEQTYPE(untagged_ap_rep, krb5_ap_rep, ap_rep_fields);
+DEFAPPTAGGEDTYPE(ap_rep, 15, untagged_ap_rep);
+
+DEFFIELD(ap_rep_enc_part_0, krb5_ap_rep_enc_part, ctime, 0, kerberos_time);
+DEFFIELD(ap_rep_enc_part_1, krb5_ap_rep_enc_part, cusec, 1, int32);
+DEFFIELD(ap_rep_enc_part_2, krb5_ap_rep_enc_part, subkey, 2,
+         opt_ptr_encryption_key);
+DEFFIELD(ap_rep_enc_part_3, krb5_ap_rep_enc_part, seq_number, 3, opt_seqno);
+static const struct atype_info *ap_rep_enc_part_fields[] = {
+    &k5_atype_ap_rep_enc_part_0, &k5_atype_ap_rep_enc_part_1,
+    &k5_atype_ap_rep_enc_part_2, &k5_atype_ap_rep_enc_part_3
+};
+DEFSEQTYPE(untagged_ap_rep_enc_part, krb5_ap_rep_enc_part,
+           ap_rep_enc_part_fields);
+DEFAPPTAGGEDTYPE(ap_rep_enc_part, 27, untagged_ap_rep_enc_part);
+
+/* First context tag is 1.  Fourth field is the encoding of the krb5_kdc_req
+ * structure as a KDC-REQ-BODY. */
+DEFCTAGGEDTYPE(kdc_req_1, 1, krb5_version);
+DEFFIELD(kdc_req_2, krb5_kdc_req, msg_type, 2, uint);
+DEFFIELD(kdc_req_3, krb5_kdc_req, padata, 3, opt_ptr_seqof_pa_data);
+DEFCTAGGEDTYPE(kdc_req_4, 4, kdc_req_body);
+static const struct atype_info *kdc_req_fields[] = {
+    &k5_atype_kdc_req_1, &k5_atype_kdc_req_2, &k5_atype_kdc_req_3,
+    &k5_atype_kdc_req_4
+};
+DEFSEQTYPE(kdc_req, krb5_kdc_req, kdc_req_fields);
+DEFAPPTAGGEDTYPE(as_req, 10, kdc_req);
+DEFAPPTAGGEDTYPE(tgs_req, 12, kdc_req);
+
+/* This is only needed because libkrb5 doesn't set msg_type when encoding
+ * krb5_kdc_reqs.  If we fix that, we can use the above types for encoding. */
+DEFINT_IMMEDIATE(as_req_msg_type, KRB5_AS_REQ, 0);
+DEFCTAGGEDTYPE(as_req_2, 2, as_req_msg_type);
+DEFINT_IMMEDIATE(tgs_req_msg_type, KRB5_TGS_REQ, 0);
+DEFCTAGGEDTYPE(tgs_req_2, 2, tgs_req_msg_type);
+static const struct atype_info *as_req_fields[] = {
+    &k5_atype_kdc_req_1, &k5_atype_as_req_2, &k5_atype_kdc_req_3,
+    &k5_atype_kdc_req_4
+};
+static const struct atype_info *tgs_req_fields[] = {
+    &k5_atype_kdc_req_1, &k5_atype_tgs_req_2, &k5_atype_kdc_req_3,
+    &k5_atype_kdc_req_4
+};
+DEFSEQTYPE(untagged_as_req, krb5_kdc_req, as_req_fields);
+DEFAPPTAGGEDTYPE(as_req_encode, 10, untagged_as_req);
+DEFSEQTYPE(untagged_tgs_req, krb5_kdc_req, tgs_req_fields);
+DEFAPPTAGGEDTYPE(tgs_req_encode, 12, untagged_tgs_req);
+
+DEFINT_IMMEDIATE(safe_msg_type, ASN1_KRB_SAFE, 0);
+DEFCTAGGEDTYPE(safe_0, 0, krb5_version);
+DEFCTAGGEDTYPE(safe_1, 1, safe_msg_type);
+DEFCTAGGEDTYPE(safe_2, 2, safe_body);
+DEFFIELD(safe_3, krb5_safe, checksum, 3, checksum_ptr);
+static const struct atype_info *safe_fields[] = {
+    &k5_atype_safe_0, &k5_atype_safe_1, &k5_atype_safe_2, &k5_atype_safe_3
+};
+DEFSEQTYPE(untagged_safe, krb5_safe, safe_fields);
+DEFAPPTAGGEDTYPE(safe, 20, untagged_safe);
+
+/* Hack to encode a KRB-SAFE with a pre-specified body encoding.  The integer-
+ * immediate fields are borrowed from krb5_safe_fields above. */
+DEFPTRTYPE(saved_safe_body_ptr, der_data);
+DEFOFFSETTYPE(safe_checksum_only, krb5_safe, checksum, checksum_ptr);
+DEFPTRTYPE(safe_checksum_only_ptr, safe_checksum_only);
+DEFFIELD(safe_with_body_2, struct krb5_safe_with_body, body, 2,
+         saved_safe_body_ptr);
+DEFFIELD(safe_with_body_3, struct krb5_safe_with_body, safe, 3,
+         safe_checksum_only_ptr);
+static const struct atype_info *safe_with_body_fields[] = {
+    &k5_atype_safe_0, &k5_atype_safe_1, &k5_atype_safe_with_body_2,
+    &k5_atype_safe_with_body_3
+};
+DEFSEQTYPE(untagged_safe_with_body, struct krb5_safe_with_body,
+           safe_with_body_fields);
+DEFAPPTAGGEDTYPE(safe_with_body, 20, untagged_safe_with_body);
+
+/* Third tag is [3] instead of [2]. */
+DEFINT_IMMEDIATE(priv_msg_type, ASN1_KRB_PRIV, 0);
+DEFCTAGGEDTYPE(priv_0, 0, krb5_version);
+DEFCTAGGEDTYPE(priv_1, 1, priv_msg_type);
+DEFFIELD(priv_3, krb5_priv, enc_part, 3, encrypted_data);
+static const struct atype_info *priv_fields[] = {
+    &k5_atype_priv_0, &k5_atype_priv_1, &k5_atype_priv_3
+};
+DEFSEQTYPE(untagged_priv, krb5_priv, priv_fields);
+DEFAPPTAGGEDTYPE(priv, 21, untagged_priv);
+
+static int
+is_priv_timestamp_set(const void *p)
+{
+    const krb5_priv_enc_part *val = p;
+    return (val->timestamp != 0);
+}
+DEFFIELD(priv_enc_part_0, krb5_priv_enc_part, user_data, 0, ostring_data);
+DEFFIELD(priv_enc_part_1, krb5_priv_enc_part, timestamp, 1, opt_kerberos_time);
+DEFFIELD(priv_enc_part_2_def, krb5_priv_enc_part, usec, 2, int32);
+DEFOPTIONALTYPE(priv_enc_part_2, is_priv_timestamp_set, NULL,
+                priv_enc_part_2_def);
+DEFFIELD(priv_enc_part_3, krb5_priv_enc_part, seq_number, 3, opt_seqno);
+DEFFIELD(priv_enc_part_4, krb5_priv_enc_part, s_address, 4, address_ptr);
+DEFFIELD(priv_enc_part_5, krb5_priv_enc_part, r_address, 5, opt_address_ptr);
+static const struct atype_info *priv_enc_part_fields[] = {
+    &k5_atype_priv_enc_part_0, &k5_atype_priv_enc_part_1,
+    &k5_atype_priv_enc_part_2, &k5_atype_priv_enc_part_3,
+    &k5_atype_priv_enc_part_4, &k5_atype_priv_enc_part_5
+};
+DEFSEQTYPE(untagged_priv_enc_part, krb5_priv_enc_part, priv_enc_part_fields);
+DEFAPPTAGGEDTYPE(priv_enc_part, 28, untagged_priv_enc_part);
+
+DEFINT_IMMEDIATE(cred_msg_type, ASN1_KRB_CRED, 0);
+DEFCTAGGEDTYPE(cred_0, 0, krb5_version);
+DEFCTAGGEDTYPE(cred_1, 1, cred_msg_type);
+DEFFIELD(cred_2, krb5_cred, tickets, 2, ptr_seqof_ticket);
+DEFFIELD(cred_3, krb5_cred, enc_part, 3, encrypted_data);
+static const struct atype_info *cred_fields[] = {
+    &k5_atype_cred_0, &k5_atype_cred_1, &k5_atype_cred_2, &k5_atype_cred_3
+};
+DEFSEQTYPE(untagged_cred, krb5_cred, cred_fields);
+DEFAPPTAGGEDTYPE(krb5_cred, 22, untagged_cred);
+
+static int
+is_cred_timestamp_set(const void *p)
+{
+    const krb5_cred_enc_part *val = p;
+    return (val->timestamp != 0);
+}
+DEFFIELD(enc_cred_part_0, krb5_cred_enc_part, ticket_info, 0,
+         ptrseqof_cred_info);
+DEFFIELD(enc_cred_part_1, krb5_cred_enc_part, nonce, 1, opt_int32);
+DEFFIELD(enc_cred_part_2, krb5_cred_enc_part, timestamp, 2, opt_kerberos_time);
+DEFFIELD(enc_cred_part_3_def, krb5_cred_enc_part, usec, 3, int32);
+DEFOPTIONALTYPE(enc_cred_part_3, is_cred_timestamp_set, NULL,
+                enc_cred_part_3_def);
+DEFFIELD(enc_cred_part_4, krb5_cred_enc_part, s_address, 4, opt_address_ptr);
+DEFFIELD(enc_cred_part_5, krb5_cred_enc_part, r_address, 5, opt_address_ptr);
+static const struct atype_info *enc_cred_part_fields[] = {
+    &k5_atype_enc_cred_part_0, &k5_atype_enc_cred_part_1,
+    &k5_atype_enc_cred_part_2, &k5_atype_enc_cred_part_3,
+    &k5_atype_enc_cred_part_4, &k5_atype_enc_cred_part_5
+};
+DEFSEQTYPE(untagged_enc_cred_part, krb5_cred_enc_part, enc_cred_part_fields);
+DEFAPPTAGGEDTYPE(enc_cred_part, 29, untagged_enc_cred_part);
+
+DEFINT_IMMEDIATE(error_msg_type, ASN1_KRB_ERROR, 0);
+DEFCTAGGEDTYPE(error_0, 0, krb5_version);
+DEFCTAGGEDTYPE(error_1, 1, error_msg_type);
+DEFFIELD(error_2, krb5_error, ctime, 2, opt_kerberos_time);
+DEFFIELD(error_3, krb5_error, cusec, 3, opt_int32);
+DEFFIELD(error_4, krb5_error, stime, 4, kerberos_time);
+DEFFIELD(error_5, krb5_error, susec, 5, int32);
+DEFFIELD(error_6, krb5_error, error, 6, uint32);
+DEFFIELD(error_7, krb5_error, client, 7, opt_realm_of_principal);
+DEFFIELD(error_8, krb5_error, client, 8, opt_principal);
+DEFFIELD(error_9, krb5_error, server, 9, realm_of_principal);
+DEFFIELD(error_10, krb5_error, server, 10, principal);
+DEFFIELD(error_11, krb5_error, text, 11, opt_gstring_data);
+DEFFIELD(error_12, krb5_error, e_data, 12, opt_ostring_data);
+static const struct atype_info *error_fields[] = {
+    &k5_atype_error_0, &k5_atype_error_1, &k5_atype_error_2, &k5_atype_error_3,
+    &k5_atype_error_4, &k5_atype_error_5, &k5_atype_error_6, &k5_atype_error_7,
+    &k5_atype_error_8, &k5_atype_error_9, &k5_atype_error_10,
+    &k5_atype_error_11, &k5_atype_error_12
+};
+DEFSEQTYPE(untagged_krb5_error, krb5_error, error_fields);
+DEFAPPTAGGEDTYPE(krb5_error, 30, untagged_krb5_error);
+
+DEFFIELD(pa_enc_ts_0, krb5_pa_enc_ts, patimestamp, 0, kerberos_time);
+DEFFIELD(pa_enc_ts_1, krb5_pa_enc_ts, pausec, 1, opt_int32);
+static const struct atype_info *pa_enc_ts_fields[] = {
+    &k5_atype_pa_enc_ts_0, &k5_atype_pa_enc_ts_1
+};
+DEFSEQTYPE(pa_enc_ts, krb5_pa_enc_ts, pa_enc_ts_fields);
+
+DEFFIELD(setpw_0, struct krb5_setpw_req, password, 0, ostring_data);
+DEFFIELD(setpw_1, struct krb5_setpw_req, target, 1, principal);
+DEFFIELD(setpw_2, struct krb5_setpw_req, target, 2, realm_of_principal);
+static const struct atype_info *setpw_req_fields[] = {
+    &k5_atype_setpw_0, &k5_atype_setpw_1, &k5_atype_setpw_2
+};
+DEFSEQTYPE(setpw_req, struct krb5_setpw_req, setpw_req_fields);
+
+/* [MS-SFU] Section 2.2.1. */
+DEFFIELD(pa_for_user_0, krb5_pa_for_user, user, 0, principal);
+DEFFIELD(pa_for_user_1, krb5_pa_for_user, user, 1, realm_of_principal);
+DEFFIELD(pa_for_user_2, krb5_pa_for_user, cksum, 2, checksum);
+DEFFIELD(pa_for_user_3, krb5_pa_for_user, auth_package, 3, gstring_data);
+static const struct atype_info *pa_for_user_fields[] = {
+    &k5_atype_pa_for_user_0, &k5_atype_pa_for_user_1, &k5_atype_pa_for_user_2,
+    &k5_atype_pa_for_user_3,
+};
+DEFSEQTYPE(pa_for_user, krb5_pa_for_user, pa_for_user_fields);
+
+/* [MS-SFU] Section 2.2.2. */
+/* The user principal name may be absent, but the realm is required. */
+static int
+is_s4u_principal_present(const void *p)
+{
+    krb5_const_principal val = *(krb5_const_principal *)p;
+    return (val->length != 0);
+}
+DEFOPTIONALTYPE(opt_s4u_principal, is_s4u_principal_present, NULL, principal);
+DEFFIELD(s4u_userid_0, krb5_s4u_userid, nonce, 0, int32);
+DEFFIELD(s4u_userid_1, krb5_s4u_userid, user, 1, opt_s4u_principal);
+DEFFIELD(s4u_userid_2, krb5_s4u_userid, user, 2, realm_of_principal);
+DEFFIELD(s4u_userid_3, krb5_s4u_userid, subject_cert, 3, opt_ostring_data);
+DEFFIELD(s4u_userid_4, krb5_s4u_userid, options, 4, opt_krb5_flags);
+static const struct atype_info *s4u_userid_fields[] = {
+    &k5_atype_s4u_userid_0, &k5_atype_s4u_userid_1, &k5_atype_s4u_userid_2,
+    &k5_atype_s4u_userid_3, &k5_atype_s4u_userid_4
+};
+DEFSEQTYPE(s4u_userid, krb5_s4u_userid, s4u_userid_fields);
+
+DEFFIELD(pa_s4u_x509_user_0, krb5_pa_s4u_x509_user, user_id, 0, s4u_userid);
+DEFFIELD(pa_s4u_x509_user_1, krb5_pa_s4u_x509_user, cksum, 1, checksum);
+static const struct atype_info *pa_s4u_x509_user_fields[] = {
+    &k5_atype_pa_s4u_x509_user_0, &k5_atype_pa_s4u_x509_user_1
+};
+DEFSEQTYPE(pa_s4u_x509_user, krb5_pa_s4u_x509_user, pa_s4u_x509_user_fields);
+
+DEFFIELD(pa_pac_req_0, krb5_pa_pac_req, include_pac, 0, boolean);
+static const struct atype_info *pa_pac_req_fields[] = {
+    &k5_atype_pa_pac_req_0
+};
+DEFSEQTYPE(pa_pac_req, krb5_pa_pac_req, pa_pac_req_fields);
+
+/* RFC 4537 */
+DEFCOUNTEDTYPE(etype_list, krb5_etype_list, etypes, length, cseqof_int32);
+
+/* draft-ietf-krb-wg-preauth-framework-09 */
+DEFFIELD(fast_armor_0, krb5_fast_armor, armor_type, 0, int32);
+DEFFIELD(fast_armor_1, krb5_fast_armor, armor_value, 1, ostring_data);
+static const struct atype_info *fast_armor_fields[] = {
+    &k5_atype_fast_armor_0, &k5_atype_fast_armor_1
+};
+DEFSEQTYPE(fast_armor, krb5_fast_armor, fast_armor_fields);
+DEFPTRTYPE(ptr_fast_armor, fast_armor);
+DEFOPTIONALZEROTYPE(opt_ptr_fast_armor, ptr_fast_armor);
+
+DEFFIELD(fast_armored_req_0, krb5_fast_armored_req, armor, 0,
+         opt_ptr_fast_armor);
+DEFFIELD(fast_armored_req_1, krb5_fast_armored_req, req_checksum, 1, checksum);
+DEFFIELD(fast_armored_req_2, krb5_fast_armored_req, enc_part, 2,
+         encrypted_data);
+static const struct atype_info *fast_armored_req_fields[] = {
+    &k5_atype_fast_armored_req_0, &k5_atype_fast_armored_req_1,
+    &k5_atype_fast_armored_req_2
+};
+DEFSEQTYPE(fast_armored_req, krb5_fast_armored_req, fast_armored_req_fields);
+
+/* This is a CHOICE type with only one choice (so far) and we're not using a
+ * distinguisher/union for it. */
+DEFTAGGEDTYPE(pa_fx_fast_request, CONTEXT_SPECIFIC, CONSTRUCTED, 0, 0,
+              fast_armored_req);
+
+DEFOFFSETTYPE(fast_req_padata, krb5_kdc_req, padata, ptr_seqof_pa_data);
+DEFPTRTYPE(ptr_fast_req_padata, fast_req_padata);
+DEFPTRTYPE(ptr_kdc_req_body, kdc_req_body);
+DEFFIELD(fast_req_0, krb5_fast_req, fast_options, 0, krb5_flags);
+DEFFIELD(fast_req_1, krb5_fast_req, req_body, 1, ptr_fast_req_padata);
+DEFFIELD(fast_req_2, krb5_fast_req, req_body, 2, ptr_kdc_req_body);
+static const struct atype_info *fast_req_fields[] = {
+    &k5_atype_fast_req_0, &k5_atype_fast_req_1, &k5_atype_fast_req_2
+};
+DEFSEQTYPE(fast_req, krb5_fast_req, fast_req_fields);
+
+DEFFIELD(fast_finished_0, krb5_fast_finished, timestamp, 0, kerberos_time);
+DEFFIELD(fast_finished_1, krb5_fast_finished, usec, 1, int32);
+DEFFIELD(fast_finished_2, krb5_fast_finished, client, 2, realm_of_principal);
+DEFFIELD(fast_finished_3, krb5_fast_finished, client, 3, principal);
+DEFFIELD(fast_finished_4, krb5_fast_finished, ticket_checksum, 4, checksum);
+static const struct atype_info *fast_finished_fields[] = {
+    &k5_atype_fast_finished_0, &k5_atype_fast_finished_1,
+    &k5_atype_fast_finished_2, &k5_atype_fast_finished_3,
+    &k5_atype_fast_finished_4
+};
+DEFSEQTYPE(fast_finished, krb5_fast_finished, fast_finished_fields);
+DEFPTRTYPE(ptr_fast_finished, fast_finished);
+DEFOPTIONALZEROTYPE(opt_ptr_fast_finished, ptr_fast_finished);
+
+DEFFIELD(fast_response_0, krb5_fast_response, padata, 0, ptr_seqof_pa_data);
+DEFFIELD(fast_response_1, krb5_fast_response, strengthen_key, 1,
+         opt_ptr_encryption_key);
+DEFFIELD(fast_response_2, krb5_fast_response, finished, 2,
+         opt_ptr_fast_finished);
+DEFFIELD(fast_response_3, krb5_fast_response, nonce, 3, int32);
+static const struct atype_info *fast_response_fields[] = {
+    &k5_atype_fast_response_0, &k5_atype_fast_response_1,
+    &k5_atype_fast_response_2, &k5_atype_fast_response_3
+};
+DEFSEQTYPE(fast_response, krb5_fast_response, fast_response_fields);
+
+DEFCTAGGEDTYPE(fast_rep_0, 0, encrypted_data);
+static const struct atype_info *fast_rep_fields[] = {
+    &k5_atype_fast_rep_0
+};
+DEFSEQTYPE(fast_rep, krb5_enc_data, fast_rep_fields);
+
+/* This is a CHOICE type with only one choice (so far) and we're not using a
+ * distinguisher/union for it. */
+DEFTAGGEDTYPE(pa_fx_fast_reply, CONTEXT_SPECIFIC, CONSTRUCTED, 0, 0,
+              fast_rep);
+
+DEFFIELD(ad_kdcissued_0, krb5_ad_kdcissued, ad_checksum, 0, checksum);
+DEFFIELD(ad_kdcissued_1, krb5_ad_kdcissued, i_principal, 1,
+         opt_realm_of_principal);
+DEFFIELD(ad_kdcissued_2, krb5_ad_kdcissued, i_principal, 2, opt_principal);
+DEFFIELD(ad_kdcissued_3, krb5_ad_kdcissued, elements, 3, auth_data_ptr);
+static const struct atype_info *ad_kdcissued_fields[] = {
+    &k5_atype_ad_kdcissued_0, &k5_atype_ad_kdcissued_1,
+    &k5_atype_ad_kdcissued_2, &k5_atype_ad_kdcissued_3
+};
+DEFSEQTYPE(ad_kdc_issued, krb5_ad_kdcissued, ad_kdcissued_fields);
+
+DEFCTAGGEDTYPE(princ_plus_realm_0, 0, principal_data);
+DEFCTAGGEDTYPE(princ_plus_realm_1, 1, realm_of_principal_data);
+static const struct atype_info *princ_plus_realm_fields[] = {
+    &k5_atype_princ_plus_realm_0, &k5_atype_princ_plus_realm_1
+};
+DEFSEQTYPE(princ_plus_realm_data, krb5_principal_data,
+           princ_plus_realm_fields);
+DEFPTRTYPE(princ_plus_realm, princ_plus_realm_data);
+DEFNULLTERMSEQOFTYPE(seqof_princ_plus_realm, princ_plus_realm);
+DEFPTRTYPE(ptr_seqof_princ_plus_realm, seqof_princ_plus_realm);
+DEFOPTIONALEMPTYTYPE(opt_ptr_seqof_princ_plus_realm,
+                     ptr_seqof_princ_plus_realm);
+
+/* First context tag is 1, not 0. */
+DEFFIELD(iakerb_header_1, krb5_iakerb_header, target_realm, 1, ostring_data);
+DEFFIELD(iakerb_header_2, krb5_iakerb_header, cookie, 2, opt_ostring_data_ptr);
+static const struct atype_info *iakerb_header_fields[] = {
+    &k5_atype_iakerb_header_1, &k5_atype_iakerb_header_2
+};
+DEFSEQTYPE(iakerb_header, krb5_iakerb_header, iakerb_header_fields);
+
+/* First context tag is 1, not 0. */
+DEFFIELD(iakerb_finished_0, krb5_iakerb_finished, checksum, 1, checksum);
+static const struct atype_info *iakerb_finished_fields[] = {
+    &k5_atype_iakerb_finished_0
+};
+DEFSEQTYPE(iakerb_finished, krb5_iakerb_finished, iakerb_finished_fields);
+
+/* Exported complete encoders -- these produce a krb5_data with
+   the encoding in the correct byte order.  */
+
+MAKE_ENCODER(encode_krb5_authenticator, authenticator);
+MAKE_DECODER(decode_krb5_authenticator, authenticator);
+MAKE_ENCODER(encode_krb5_ticket, ticket);
+MAKE_DECODER(decode_krb5_ticket, ticket);
+MAKE_ENCODER(encode_krb5_encryption_key, encryption_key);
+MAKE_DECODER(decode_krb5_encryption_key, encryption_key);
+MAKE_ENCODER(encode_krb5_enc_tkt_part, enc_tkt_part);
+MAKE_DECODER(decode_krb5_enc_tkt_part, enc_tkt_part);
+
+krb5_error_code KRB5_CALLCONV
+krb5_decode_ticket(const krb5_data *code, krb5_ticket **repptr)
+{
+    return decode_krb5_ticket(code, repptr);
+}
+
+/*
+ * For backwards compatibility, we encode both EncASRepPart and EncTGSRepPart
+ * with application tag 26.  On decode, we accept either app tag and set the
+ * msg_type field of the resulting structure.  This could be simplified and
+ * pushed up into libkrb5.
+ */
+MAKE_ENCODER(encode_krb5_enc_kdc_rep_part, enc_tgs_rep_part);
+krb5_error_code
+decode_krb5_enc_kdc_rep_part(const krb5_data *code,
+                             krb5_enc_kdc_rep_part **rep_out)
+{
+    krb5_error_code ret;
+    krb5_enc_kdc_rep_part *rep;
+    void *rep_ptr;
+    krb5_msgtype msg_type = KRB5_TGS_REP;
+
+    *rep_out = NULL;
+    ret = k5_asn1_full_decode(code, &k5_atype_enc_tgs_rep_part, &rep_ptr);
+    if (ret == ASN1_BAD_ID) {
+        msg_type = KRB5_AS_REP;
+        ret = k5_asn1_full_decode(code, &k5_atype_enc_as_rep_part, &rep_ptr);
+    }
+    if (ret)
+        return ret;
+    rep = rep_ptr;
+    rep->msg_type = msg_type;
+    *rep_out = rep;
+    return 0;
+}
+
+MAKE_ENCODER(encode_krb5_as_rep, as_rep);
+MAKE_DECODER(decode_krb5_as_rep, as_rep);
+MAKE_ENCODER(encode_krb5_tgs_rep, tgs_rep);
+MAKE_DECODER(decode_krb5_tgs_rep, tgs_rep);
+MAKE_ENCODER(encode_krb5_ap_req, ap_req);
+MAKE_DECODER(decode_krb5_ap_req, ap_req);
+MAKE_ENCODER(encode_krb5_ap_rep, ap_rep);
+MAKE_DECODER(decode_krb5_ap_rep, ap_rep);
+MAKE_ENCODER(encode_krb5_ap_rep_enc_part, ap_rep_enc_part);
+MAKE_DECODER(decode_krb5_ap_rep_enc_part, ap_rep_enc_part);
+MAKE_ENCODER(encode_krb5_as_req, as_req_encode);
+MAKE_DECODER(decode_krb5_as_req, as_req);
+MAKE_ENCODER(encode_krb5_tgs_req, tgs_req_encode);
+MAKE_DECODER(decode_krb5_tgs_req, tgs_req);
+MAKE_ENCODER(encode_krb5_kdc_req_body, kdc_req_body);
+MAKE_DECODER(decode_krb5_kdc_req_body, kdc_req_body);
+MAKE_ENCODER(encode_krb5_safe, safe);
+MAKE_DECODER(decode_krb5_safe, safe);
+
+/* encode_krb5_safe_with_body takes a saved KRB-SAFE-BODY encoding to avoid
+ * mismatches from re-encoding if the sender isn't quite DER-compliant. */
+MAKE_ENCODER(encode_krb5_safe_with_body, safe_with_body);
+
+/*
+ * decode_krb5_safe_with_body fully decodes a KRB-SAFE, but also returns
+ * the KRB-SAFE-BODY encoding.  This interface was designed for an earlier
+ * generation of decoder and should probably be re-thought.
+ */
+krb5_error_code
+decode_krb5_safe_with_body(const krb5_data *code, krb5_safe **rep_out,
+                           krb5_data **body_out)
+{
+    krb5_error_code ret;
+    void *swb_ptr, *safe_ptr;
+    struct krb5_safe_with_body *swb;
+    krb5_safe *safe;
+
+    ret = k5_asn1_full_decode(code, &k5_atype_safe_with_body, &swb_ptr);
+    if (ret)
+        return ret;
+    swb = swb_ptr;
+    ret = k5_asn1_full_decode(swb->body, &k5_atype_safe_body, &safe_ptr);
+    if (ret) {
+        krb5_free_safe(NULL, swb->safe);
+        krb5_free_data(NULL, swb->body);
+        free(swb);
+        return ret;
+    }
+    safe = safe_ptr;
+    safe->checksum = swb->safe->checksum;
+    free(swb->safe);
+    *rep_out = safe;
+    *body_out = swb->body;
+    free(swb);
+    return 0;
+}
+
+MAKE_ENCODER(encode_krb5_priv, priv);
+MAKE_DECODER(decode_krb5_priv, priv);
+MAKE_ENCODER(encode_krb5_enc_priv_part, priv_enc_part);
+MAKE_DECODER(decode_krb5_enc_priv_part, priv_enc_part);
+MAKE_ENCODER(encode_krb5_checksum, checksum);
+MAKE_DECODER(decode_krb5_checksum, checksum);
+
+MAKE_ENCODER(encode_krb5_cred, krb5_cred);
+MAKE_DECODER(decode_krb5_cred, krb5_cred);
+MAKE_ENCODER(encode_krb5_enc_cred_part, enc_cred_part);
+MAKE_DECODER(decode_krb5_enc_cred_part, enc_cred_part);
+MAKE_ENCODER(encode_krb5_error, krb5_error);
+MAKE_DECODER(decode_krb5_error, krb5_error);
+MAKE_ENCODER(encode_krb5_authdata, auth_data);
+MAKE_DECODER(decode_krb5_authdata, auth_data);
+MAKE_ENCODER(encode_krb5_etype_info, etype_info);
+MAKE_DECODER(decode_krb5_etype_info, etype_info);
+MAKE_ENCODER(encode_krb5_etype_info2, etype_info2);
+MAKE_DECODER(decode_krb5_etype_info2, etype_info2);
+MAKE_ENCODER(encode_krb5_enc_data, encrypted_data);
+MAKE_DECODER(decode_krb5_enc_data, encrypted_data);
+MAKE_ENCODER(encode_krb5_pa_enc_ts, pa_enc_ts);
+MAKE_DECODER(decode_krb5_pa_enc_ts, pa_enc_ts);
+MAKE_ENCODER(encode_krb5_padata_sequence, seqof_pa_data);
+MAKE_DECODER(decode_krb5_padata_sequence, seqof_pa_data);
+/* sam preauth additions */
+MAKE_ENCODER(encode_krb5_sam_challenge_2, sam_challenge_2);
+MAKE_DECODER(decode_krb5_sam_challenge_2, sam_challenge_2);
+MAKE_ENCODER(encode_krb5_sam_challenge_2_body, sam_challenge_2_body);
+MAKE_DECODER(decode_krb5_sam_challenge_2_body, sam_challenge_2_body);
+MAKE_ENCODER(encode_krb5_enc_sam_response_enc_2, enc_sam_response_enc_2);
+MAKE_DECODER(decode_krb5_enc_sam_response_enc_2, enc_sam_response_enc_2);
+MAKE_ENCODER(encode_krb5_sam_response_2, sam_response_2);
+MAKE_DECODER(decode_krb5_sam_response_2, sam_response_2);
+
+/* setpw_req has an odd decoder interface which should probably be
+ * normalized. */
+MAKE_ENCODER(encode_krb5_setpw_req, setpw_req);
+krb5_error_code
+decode_krb5_setpw_req(const krb5_data *code, krb5_data **password_out,
+                      krb5_principal *target_out)
+{
+    krb5_error_code ret;
+    void *req_ptr;
+    struct krb5_setpw_req *req;
+    krb5_data *data;
+
+    *password_out = NULL;
+    *target_out = NULL;
+    data = malloc(sizeof(*data));
+    if (data == NULL)
+        return ENOMEM;
+    ret = k5_asn1_full_decode(code, &k5_atype_setpw_req, &req_ptr);
+    if (ret) {
+        free(data);
+        return ret;
+    }
+    req = req_ptr;
+    *data = req->password;
+    *password_out = data;
+    *target_out = req->target;
+    return 0;
+}
+
+MAKE_ENCODER(encode_krb5_pa_for_user, pa_for_user);
+MAKE_DECODER(decode_krb5_pa_for_user, pa_for_user);
+MAKE_ENCODER(encode_krb5_s4u_userid, s4u_userid);
+MAKE_ENCODER(encode_krb5_pa_s4u_x509_user, pa_s4u_x509_user);
+MAKE_DECODER(decode_krb5_pa_s4u_x509_user, pa_s4u_x509_user);
+MAKE_ENCODER(encode_krb5_pa_pac_req, pa_pac_req);
+MAKE_DECODER(decode_krb5_pa_pac_req, pa_pac_req);
+MAKE_ENCODER(encode_krb5_etype_list, etype_list);
+MAKE_DECODER(decode_krb5_etype_list, etype_list);
+
+MAKE_ENCODER(encode_krb5_pa_fx_fast_request, pa_fx_fast_request);
+MAKE_DECODER(decode_krb5_pa_fx_fast_request, pa_fx_fast_request);
+MAKE_ENCODER(encode_krb5_fast_req, fast_req);
+MAKE_DECODER(decode_krb5_fast_req, fast_req);
+MAKE_ENCODER(encode_krb5_pa_fx_fast_reply, pa_fx_fast_reply);
+MAKE_DECODER(decode_krb5_pa_fx_fast_reply, pa_fx_fast_reply);
+MAKE_ENCODER(encode_krb5_fast_response, fast_response);
+MAKE_DECODER(decode_krb5_fast_response, fast_response);
+
+MAKE_ENCODER(encode_krb5_ad_kdcissued, ad_kdc_issued);
+MAKE_DECODER(decode_krb5_ad_kdcissued, ad_kdc_issued);
+MAKE_ENCODER(encode_krb5_iakerb_header, iakerb_header);
+MAKE_DECODER(decode_krb5_iakerb_header, iakerb_header);
+MAKE_ENCODER(encode_krb5_iakerb_finished, iakerb_finished);
+MAKE_DECODER(decode_krb5_iakerb_finished, iakerb_finished);
+
+krb5_error_code KRB5_CALLCONV
+krb5int_get_authdata_containee_types(krb5_context context,
+                                     const krb5_authdata *authdata,
+                                     unsigned int *num_out,
+                                     krb5_authdatatype **types_out)
+{
+    krb5_error_code ret;
+    struct authdata_types *atypes;
+    void *atypes_ptr;
+    krb5_data d = make_data(authdata->contents, authdata->length);
+
+    ret = k5_asn1_full_decode(&d, &k5_atype_authdata_types, &atypes_ptr);
+    if (ret)
+        return ret;
+    atypes = atypes_ptr;
+    *num_out = atypes->ntypes;
+    *types_out = atypes->types;
+    free(atypes);
+    return 0;
+}
+
+/* RFC 3280.  No context tags. */
+DEFOFFSETTYPE(algid_0, krb5_algorithm_identifier, algorithm, oid_data);
+DEFOFFSETTYPE(algid_1, krb5_algorithm_identifier, parameters, opt_der_data);
+static const struct atype_info *algorithm_identifier_fields[] = {
+    &k5_atype_algid_0, &k5_atype_algid_1
+};
+DEFSEQTYPE(algorithm_identifier, krb5_algorithm_identifier,
+           algorithm_identifier_fields);
+DEFPTRTYPE(ptr_algorithm_identifier, algorithm_identifier);
+DEFOPTIONALZEROTYPE(opt_ptr_algorithm_identifier, ptr_algorithm_identifier);
+DEFNULLTERMSEQOFTYPE(seqof_algorithm_identifier, ptr_algorithm_identifier);
+DEFPTRTYPE(ptr_seqof_algorithm_identifier, seqof_algorithm_identifier);
+DEFOPTIONALEMPTYTYPE(opt_ptr_seqof_algorithm_identifier,
+                     ptr_seqof_algorithm_identifier);
+
+/*
+ * PKINIT
+ */
+
+#ifndef DISABLE_PKINIT
+
+DEFCTAGGEDTYPE(kdf_alg_id_0, 0, oid_data);
+static const struct atype_info *kdf_alg_id_fields[] = {
+    &k5_atype_kdf_alg_id_0
+};
+DEFSEQTYPE(kdf_alg_id, krb5_data, kdf_alg_id_fields);
+DEFPTRTYPE(ptr_kdf_alg_id, kdf_alg_id);
+DEFNONEMPTYNULLTERMSEQOFTYPE(supported_kdfs, ptr_kdf_alg_id);
+DEFPTRTYPE(ptr_supported_kdfs, supported_kdfs);
+DEFOPTIONALZEROTYPE(opt_ptr_kdf_alg_id, ptr_kdf_alg_id);
+DEFOPTIONALZEROTYPE(opt_ptr_supported_kdfs, ptr_supported_kdfs);
+
+/* KRB5PrincipalName from RFC 4556 (*not* PrincipalName from RFC 4120) */
+DEFCTAGGEDTYPE(pkinit_princ_0, 0, realm_of_principal_data);
+DEFCTAGGEDTYPE(pkinit_princ_1, 1, principal_data);
+static const struct atype_info *pkinit_krb5_principal_name_fields[] = {
+    &k5_atype_pkinit_princ_0, &k5_atype_pkinit_princ_1
+};
+DEFSEQTYPE(pkinit_krb5_principal_name_data, krb5_principal_data,
+           pkinit_krb5_principal_name_fields);
+DEFPTRTYPE(pkinit_krb5_principal_name, pkinit_krb5_principal_name_data);
+
+/* SP80056A OtherInfo, for pkinit agility.  No context tag on first field. */
+DEFTAGGEDTYPE(pkinit_krb5_principal_name_wrapped, UNIVERSAL, PRIMITIVE,
+              ASN1_OCTETSTRING, 0, pkinit_krb5_principal_name);
+DEFOFFSETTYPE(oinfo_notag, krb5_sp80056a_other_info, algorithm_identifier,
+              algorithm_identifier);
+DEFFIELD(oinfo_0, krb5_sp80056a_other_info, party_u_info, 0,
+         pkinit_krb5_principal_name_wrapped);
+DEFFIELD(oinfo_1, krb5_sp80056a_other_info, party_v_info, 1,
+         pkinit_krb5_principal_name_wrapped);
+DEFFIELD(oinfo_2, krb5_sp80056a_other_info, supp_pub_info, 2, ostring_data);
+static const struct atype_info *sp80056a_other_info_fields[] = {
+    &k5_atype_oinfo_notag, &k5_atype_oinfo_0, &k5_atype_oinfo_1,
+    &k5_atype_oinfo_2
+};
+DEFSEQTYPE(sp80056a_other_info, krb5_sp80056a_other_info,
+           sp80056a_other_info_fields);
+
+/* For PkinitSuppPubInfo, for pkinit agility */
+DEFFIELD(supp_pub_0, krb5_pkinit_supp_pub_info, enctype, 0, int32);
+DEFFIELD(supp_pub_1, krb5_pkinit_supp_pub_info, as_req, 1, ostring_data);
+DEFFIELD(supp_pub_2, krb5_pkinit_supp_pub_info, pk_as_rep, 2, ostring_data);
+static const struct atype_info *pkinit_supp_pub_info_fields[] = {
+    &k5_atype_supp_pub_0, &k5_atype_supp_pub_1, &k5_atype_supp_pub_2
+};
+DEFSEQTYPE(pkinit_supp_pub_info, krb5_pkinit_supp_pub_info,
+           pkinit_supp_pub_info_fields);
+
+MAKE_ENCODER(encode_krb5_pkinit_supp_pub_info, pkinit_supp_pub_info);
+MAKE_ENCODER(encode_krb5_sp80056a_other_info, sp80056a_other_info);
+
+/* A krb5_checksum encoded as an OCTET STRING, for PKAuthenticator. */
+DEFCOUNTEDTYPE(ostring_checksum, krb5_checksum, contents, length, octetstring);
+
+DEFFIELD(pk_authenticator_0, krb5_pk_authenticator, cusec, 0, int32);
+DEFFIELD(pk_authenticator_1, krb5_pk_authenticator, ctime, 1, kerberos_time);
+DEFFIELD(pk_authenticator_2, krb5_pk_authenticator, nonce, 2, int32);
+DEFFIELD(pk_authenticator_3, krb5_pk_authenticator, paChecksum, 3,
+         ostring_checksum);
+DEFFIELD(pk_authenticator_4, krb5_pk_authenticator, freshnessToken, 4,
+         opt_ostring_data_ptr);
+static const struct atype_info *pk_authenticator_fields[] = {
+    &k5_atype_pk_authenticator_0, &k5_atype_pk_authenticator_1,
+    &k5_atype_pk_authenticator_2, &k5_atype_pk_authenticator_3,
+    &k5_atype_pk_authenticator_4
+};
+DEFSEQTYPE(pk_authenticator, krb5_pk_authenticator, pk_authenticator_fields);
+
+DEFCOUNTEDSTRINGTYPE(s_bitstring, char *, unsigned int,
+                     k5_asn1_encode_bitstring, k5_asn1_decode_bitstring,
+                     ASN1_BITSTRING);
+DEFCOUNTEDTYPE(bitstring_data, krb5_data, data, length, s_bitstring);
+
+DEFFIELD(auth_pack_0, krb5_auth_pack, pkAuthenticator, 0, pk_authenticator);
+DEFFIELD(auth_pack_1, krb5_auth_pack, clientPublicValue, 1, opt_der_data);
+DEFFIELD(auth_pack_2, krb5_auth_pack, supportedCMSTypes, 2,
+         opt_ptr_seqof_algorithm_identifier);
+DEFFIELD(auth_pack_3, krb5_auth_pack, clientDHNonce, 3, opt_ostring_data);
+DEFFIELD(auth_pack_4, krb5_auth_pack, supportedKDFs, 4,
+         opt_ptr_supported_kdfs);
+static const struct atype_info *auth_pack_fields[] = {
+    &k5_atype_auth_pack_0, &k5_atype_auth_pack_1, &k5_atype_auth_pack_2,
+    &k5_atype_auth_pack_3, &k5_atype_auth_pack_4
+};
+DEFSEQTYPE(auth_pack, krb5_auth_pack, auth_pack_fields);
+
+DEFFIELD_IMPLICIT(extprinc_0, krb5_external_principal_identifier,
+                  subjectName, 0, opt_ostring_data);
+DEFFIELD_IMPLICIT(extprinc_1, krb5_external_principal_identifier,
+                  issuerAndSerialNumber, 1, opt_ostring_data);
+DEFFIELD_IMPLICIT(extprinc_2, krb5_external_principal_identifier,
+                  subjectKeyIdentifier, 2, opt_ostring_data);
+static const struct atype_info *external_principal_identifier_fields[] = {
+    &k5_atype_extprinc_0, &k5_atype_extprinc_1, &k5_atype_extprinc_2
+};
+DEFSEQTYPE(external_principal_identifier, krb5_external_principal_identifier,
+           external_principal_identifier_fields);
+DEFPTRTYPE(external_principal_identifier_ptr, external_principal_identifier);
+
+DEFNULLTERMSEQOFTYPE(seqof_external_principal_identifier,
+                     external_principal_identifier_ptr);
+DEFPTRTYPE(ptr_seqof_external_principal_identifier,
+           seqof_external_principal_identifier);
+DEFOPTIONALZEROTYPE(opt_ptr_seqof_external_principal_identifier,
+                    ptr_seqof_external_principal_identifier);
+
+DEFFIELD_IMPLICIT(pa_pk_as_req_0, krb5_pa_pk_as_req, signedAuthPack, 0,
+                  ostring_data);
+DEFFIELD(pa_pk_as_req_1, krb5_pa_pk_as_req, trustedCertifiers, 1,
+         opt_ptr_seqof_external_principal_identifier);
+DEFFIELD_IMPLICIT(pa_pk_as_req_2, krb5_pa_pk_as_req, kdcPkId, 2,
+                  opt_ostring_data);
+static const struct atype_info *pa_pk_as_req_fields[] = {
+    &k5_atype_pa_pk_as_req_0, &k5_atype_pa_pk_as_req_1,
+    &k5_atype_pa_pk_as_req_2
+};
+DEFSEQTYPE(pa_pk_as_req, krb5_pa_pk_as_req, pa_pk_as_req_fields);
+
+DEFFIELD_IMPLICIT(dh_rep_info_0, krb5_dh_rep_info, dhSignedData, 0,
+                  ostring_data);
+DEFFIELD(dh_rep_info_1, krb5_dh_rep_info, serverDHNonce, 1, opt_ostring_data);
+DEFFIELD(dh_rep_info_2, krb5_dh_rep_info, kdfID, 2, opt_ptr_kdf_alg_id);
+static const struct atype_info *dh_rep_info_fields[] = {
+    &k5_atype_dh_rep_info_0, &k5_atype_dh_rep_info_1, &k5_atype_dh_rep_info_2
+};
+DEFSEQTYPE(dh_rep_info, krb5_dh_rep_info, dh_rep_info_fields);
+
+DEFFIELD(dh_key_0, krb5_kdc_dh_key_info, subjectPublicKey, 0, bitstring_data);
+DEFFIELD(dh_key_1, krb5_kdc_dh_key_info, nonce, 1, int32);
+DEFFIELD(dh_key_2, krb5_kdc_dh_key_info, dhKeyExpiration, 2,
+         opt_kerberos_time);
+static const struct atype_info *kdc_dh_key_info_fields[] = {
+    &k5_atype_dh_key_0, &k5_atype_dh_key_1, &k5_atype_dh_key_2
+};
+DEFSEQTYPE(kdc_dh_key_info, krb5_kdc_dh_key_info, kdc_dh_key_info_fields);
+
+DEFFIELD(reply_key_pack_0, krb5_reply_key_pack, replyKey, 0, encryption_key);
+DEFFIELD(reply_key_pack_1, krb5_reply_key_pack, asChecksum, 1, checksum);
+static const struct atype_info *reply_key_pack_fields[] = {
+    &k5_atype_reply_key_pack_0, &k5_atype_reply_key_pack_1
+};
+DEFSEQTYPE(reply_key_pack, krb5_reply_key_pack, reply_key_pack_fields);
+
+DEFCTAGGEDTYPE(pa_pk_as_rep_0, 0, dh_rep_info);
+DEFCTAGGEDTYPE_IMPLICIT(pa_pk_as_rep_1, 1, ostring_data);
+static const struct atype_info *pa_pk_as_rep_alternatives[] = {
+    &k5_atype_pa_pk_as_rep_0, &k5_atype_pa_pk_as_rep_1
+};
+DEFCHOICETYPE(pa_pk_as_rep_choice, union krb5_pa_pk_as_rep_choices,
+              enum krb5_pa_pk_as_rep_selection, pa_pk_as_rep_alternatives);
+DEFCOUNTEDTYPE_SIGNED(pa_pk_as_rep, krb5_pa_pk_as_rep, u, choice,
+                      pa_pk_as_rep_choice);
+
+MAKE_ENCODER(encode_krb5_pa_pk_as_req, pa_pk_as_req);
+MAKE_DECODER(decode_krb5_pa_pk_as_req, pa_pk_as_req);
+MAKE_ENCODER(encode_krb5_pa_pk_as_rep, pa_pk_as_rep);
+MAKE_DECODER(decode_krb5_pa_pk_as_rep, pa_pk_as_rep);
+MAKE_ENCODER(encode_krb5_auth_pack, auth_pack);
+MAKE_DECODER(decode_krb5_auth_pack, auth_pack);
+MAKE_ENCODER(encode_krb5_kdc_dh_key_info, kdc_dh_key_info);
+MAKE_DECODER(decode_krb5_kdc_dh_key_info, kdc_dh_key_info);
+MAKE_ENCODER(encode_krb5_reply_key_pack, reply_key_pack);
+MAKE_DECODER(decode_krb5_reply_key_pack, reply_key_pack);
+MAKE_ENCODER(encode_krb5_td_trusted_certifiers,
+             seqof_external_principal_identifier);
+MAKE_DECODER(decode_krb5_td_trusted_certifiers,
+             seqof_external_principal_identifier);
+MAKE_ENCODER(encode_krb5_td_dh_parameters, seqof_algorithm_identifier);
+MAKE_DECODER(decode_krb5_td_dh_parameters, seqof_algorithm_identifier);
+MAKE_DECODER(decode_krb5_principal_name, pkinit_krb5_principal_name_data);
+
+#else /* DISABLE_PKINIT */
+
+/* Stubs for exported pkinit encoder functions. */
+
+krb5_error_code
+encode_krb5_sp80056a_other_info(const krb5_sp80056a_other_info *rep,
+                                krb5_data **code)
+{
+    return EINVAL;
+}
+
+krb5_error_code
+encode_krb5_pkinit_supp_pub_info(const krb5_pkinit_supp_pub_info *rep,
+                                 krb5_data **code)
+{
+    return EINVAL;
+}
+
+#endif /* not DISABLE_PKINIT */
+
+DEFFIELD(typed_data_0, krb5_pa_data, pa_type, 0, int32);
+DEFCNFIELD(typed_data_1, krb5_pa_data, contents, length, 1, octetstring);
+static const struct atype_info *typed_data_fields[] = {
+    &k5_atype_typed_data_0, &k5_atype_typed_data_1
+};
+DEFSEQTYPE(typed_data, krb5_pa_data, typed_data_fields);
+DEFPTRTYPE(typed_data_ptr, typed_data);
+
+DEFNULLTERMSEQOFTYPE(seqof_typed_data, typed_data_ptr);
+MAKE_ENCODER(encode_krb5_typed_data, seqof_typed_data);
+MAKE_DECODER(decode_krb5_typed_data, seqof_typed_data);
+
+/* Definitions for OTP preauth (RFC 6560) */
+
+DEFFIELD_IMPLICIT(tokinfo_0, krb5_otp_tokeninfo, flags, 0, krb5_flags);
+DEFFIELD_IMPLICIT(tokinfo_1, krb5_otp_tokeninfo, vendor, 1, opt_utf8_data);
+DEFFIELD_IMPLICIT(tokinfo_2, krb5_otp_tokeninfo, challenge, 2,
+                  opt_ostring_data);
+DEFFIELD_IMPLICIT(tokinfo_3, krb5_otp_tokeninfo, length, 3, opt_int32_minus1);
+DEFFIELD_IMPLICIT(tokinfo_4, krb5_otp_tokeninfo, format, 4, opt_int32_minus1);
+DEFFIELD_IMPLICIT(tokinfo_5, krb5_otp_tokeninfo, token_id, 5,
+                  opt_ostring_data);
+DEFFIELD_IMPLICIT(tokinfo_6, krb5_otp_tokeninfo, alg_id, 6, opt_utf8_data);
+DEFFIELD_IMPLICIT(tokinfo_7, krb5_otp_tokeninfo, supported_hash_alg, 7,
+                  opt_ptr_seqof_algorithm_identifier);
+DEFFIELD_IMPLICIT(tokinfo_8, krb5_otp_tokeninfo, iteration_count, 8,
+                  opt_int32_minus1);
+static const struct atype_info *otp_tokeninfo_fields[] = {
+    &k5_atype_tokinfo_0, &k5_atype_tokinfo_1, &k5_atype_tokinfo_2,
+    &k5_atype_tokinfo_3, &k5_atype_tokinfo_4, &k5_atype_tokinfo_5,
+    &k5_atype_tokinfo_6, &k5_atype_tokinfo_7, &k5_atype_tokinfo_8
+};
+DEFSEQTYPE(otp_tokeninfo, krb5_otp_tokeninfo, otp_tokeninfo_fields);
+MAKE_ENCODER(encode_krb5_otp_tokeninfo, otp_tokeninfo);
+MAKE_DECODER(decode_krb5_otp_tokeninfo, otp_tokeninfo);
+
+DEFPTRTYPE(otp_tokeninfo_ptr, otp_tokeninfo);
+DEFNONEMPTYNULLTERMSEQOFTYPE(seqof_otp_tokeninfo, otp_tokeninfo_ptr);
+DEFPTRTYPE(ptr_seqof_otp_tokeninfo, seqof_otp_tokeninfo);
+
+DEFFIELD_IMPLICIT(otp_ch_0, krb5_pa_otp_challenge, nonce, 0, ostring_data);
+DEFFIELD_IMPLICIT(otp_ch_1, krb5_pa_otp_challenge, service, 1, opt_utf8_data);
+DEFFIELD_IMPLICIT(otp_ch_2, krb5_pa_otp_challenge, tokeninfo, 2,
+                  ptr_seqof_otp_tokeninfo);
+DEFFIELD_IMPLICIT(otp_ch_3, krb5_pa_otp_challenge, salt, 3, opt_gstring_data);
+DEFFIELD_IMPLICIT(otp_ch_4, krb5_pa_otp_challenge, s2kparams, 4,
+                  opt_ostring_data);
+static const struct atype_info *pa_otp_challenge_fields[] = {
+    &k5_atype_otp_ch_0, &k5_atype_otp_ch_1, &k5_atype_otp_ch_2,
+    &k5_atype_otp_ch_3, &k5_atype_otp_ch_4
+};
+DEFSEQTYPE(pa_otp_challenge, krb5_pa_otp_challenge, pa_otp_challenge_fields);
+MAKE_ENCODER(encode_krb5_pa_otp_challenge, pa_otp_challenge);
+MAKE_DECODER(decode_krb5_pa_otp_challenge, pa_otp_challenge);
+
+DEFFIELD_IMPLICIT(otp_req_0, krb5_pa_otp_req, flags, 0, krb5_flags);
+DEFFIELD_IMPLICIT(otp_req_1, krb5_pa_otp_req, nonce, 1, opt_ostring_data);
+DEFFIELD_IMPLICIT(otp_req_2, krb5_pa_otp_req, enc_data, 2, encrypted_data);
+DEFFIELD_IMPLICIT(otp_req_3, krb5_pa_otp_req, hash_alg, 3,
+                  opt_ptr_algorithm_identifier);
+DEFFIELD_IMPLICIT(otp_req_4, krb5_pa_otp_req, iteration_count, 4,
+                  opt_int32_minus1);
+DEFFIELD_IMPLICIT(otp_req_5, krb5_pa_otp_req, otp_value, 5, opt_ostring_data);
+DEFFIELD_IMPLICIT(otp_req_6, krb5_pa_otp_req, pin, 6, opt_utf8_data);
+DEFFIELD_IMPLICIT(otp_req_7, krb5_pa_otp_req, challenge, 7, opt_ostring_data);
+DEFFIELD_IMPLICIT(otp_req_8, krb5_pa_otp_req, time, 8, opt_kerberos_time);
+DEFFIELD_IMPLICIT(otp_req_9, krb5_pa_otp_req, counter, 9, opt_ostring_data);
+DEFFIELD_IMPLICIT(otp_req_10, krb5_pa_otp_req, format, 10, opt_int32_minus1);
+DEFFIELD_IMPLICIT(otp_req_11, krb5_pa_otp_req, token_id, 11, opt_ostring_data);
+DEFFIELD_IMPLICIT(otp_req_12, krb5_pa_otp_req, alg_id, 12, opt_utf8_data);
+DEFFIELD_IMPLICIT(otp_req_13, krb5_pa_otp_req, vendor, 13, opt_utf8_data);
+static const struct atype_info *pa_otp_req_fields[] = {
+    &k5_atype_otp_req_0, &k5_atype_otp_req_1, &k5_atype_otp_req_2,
+    &k5_atype_otp_req_3, &k5_atype_otp_req_4, &k5_atype_otp_req_5,
+    &k5_atype_otp_req_6, &k5_atype_otp_req_7, &k5_atype_otp_req_8,
+    &k5_atype_otp_req_9, &k5_atype_otp_req_10, &k5_atype_otp_req_11,
+    &k5_atype_otp_req_12, &k5_atype_otp_req_13
+};
+DEFSEQTYPE(pa_otp_req, krb5_pa_otp_req, pa_otp_req_fields);
+MAKE_ENCODER(encode_krb5_pa_otp_req, pa_otp_req);
+MAKE_DECODER(decode_krb5_pa_otp_req, pa_otp_req);
+
+DEFCTAGGEDTYPE_IMPLICIT(pa_otp_enc_req_0, 0, ostring_data);
+static const struct atype_info *pa_otp_enc_req_fields[] = {
+    &k5_atype_pa_otp_enc_req_0
+};
+DEFSEQTYPE(pa_otp_enc_req, krb5_data, pa_otp_enc_req_fields);
+MAKE_ENCODER(encode_krb5_pa_otp_enc_req, pa_otp_enc_req);
+MAKE_DECODER(decode_krb5_pa_otp_enc_req, pa_otp_enc_req);
+
+DEFFIELD(kkdcp_message_0, krb5_kkdcp_message,
+         kerb_message, 0, ostring_data);
+DEFFIELD(kkdcp_message_1, krb5_kkdcp_message,
+         target_domain, 1, opt_gstring_data);
+DEFFIELD(kkdcp_message_2, krb5_kkdcp_message,
+         dclocator_hint, 2, opt_int32);
+static const struct atype_info *kkdcp_message_fields[] = {
+    &k5_atype_kkdcp_message_0, &k5_atype_kkdcp_message_1,
+    &k5_atype_kkdcp_message_2
+};
+DEFSEQTYPE(kkdcp_message, krb5_kkdcp_message,
+           kkdcp_message_fields);
+MAKE_ENCODER(encode_krb5_kkdcp_message, kkdcp_message);
+MAKE_DECODER(decode_krb5_kkdcp_message, kkdcp_message);
+
+DEFFIELD(vmac_0, krb5_verifier_mac, princ, 0, opt_principal);
+DEFFIELD(vmac_1, krb5_verifier_mac, kvno, 1, opt_kvno);
+DEFFIELD(vmac_2, krb5_verifier_mac, enctype, 2, opt_int32);
+DEFFIELD(vmac_3, krb5_verifier_mac, checksum, 3, checksum);
+static const struct atype_info *vmac_fields[] = {
+    &k5_atype_vmac_0, &k5_atype_vmac_1, &k5_atype_vmac_2, &k5_atype_vmac_3
+};
+DEFSEQTYPE(vmac, krb5_verifier_mac, vmac_fields);
+DEFPTRTYPE(vmac_ptr, vmac);
+DEFOPTIONALZEROTYPE(opt_vmac_ptr, vmac_ptr);
+DEFNONEMPTYNULLTERMSEQOFTYPE(vmacs, vmac_ptr);
+DEFPTRTYPE(vmacs_ptr, vmacs);
+DEFOPTIONALEMPTYTYPE(opt_vmacs_ptr, vmacs_ptr);
+
+DEFFIELD(cammac_0, krb5_cammac, elements, 0, auth_data_ptr);
+DEFFIELD(cammac_1, krb5_cammac, kdc_verifier, 1, opt_vmac_ptr);
+DEFFIELD(cammac_2, krb5_cammac, svc_verifier, 2, opt_vmac_ptr);
+DEFFIELD(cammac_3, krb5_cammac, other_verifiers, 3, opt_vmacs_ptr);
+static const struct atype_info *cammac_fields[] = {
+    &k5_atype_cammac_0, &k5_atype_cammac_1, &k5_atype_cammac_2,
+    &k5_atype_cammac_3
+};
+DEFSEQTYPE(cammac, krb5_cammac, cammac_fields);
+
+MAKE_ENCODER(encode_krb5_cammac, cammac);
+MAKE_DECODER(decode_krb5_cammac, cammac);
+
+MAKE_ENCODER(encode_utf8_strings, seqof_utf8_data);
+MAKE_DECODER(decode_utf8_strings, seqof_utf8_data);
+
+/*
+ * SecureCookie ::= SEQUENCE {
+ *     time     INTEGER,
+ *     data     SEQUENCE OF PA-DATA,
+ *     ...
+ * }
+ */
+DEFINTTYPE(inttime, time_t);
+DEFOFFSETTYPE(secure_cookie_0, krb5_secure_cookie, time, inttime);
+DEFOFFSETTYPE(secure_cookie_1, krb5_secure_cookie, data, ptr_seqof_pa_data);
+static const struct atype_info *secure_cookie_fields[] = {
+    &k5_atype_secure_cookie_0, &k5_atype_secure_cookie_1
+};
+DEFSEQTYPE(secure_cookie, krb5_secure_cookie, secure_cookie_fields);
+MAKE_ENCODER(encode_krb5_secure_cookie, secure_cookie);
+MAKE_DECODER(decode_krb5_secure_cookie, secure_cookie);
+
+/*
+ * -- based on MS-KILE and MS-SFU
+ * PAC-OPTIONS-FLAGS ::= BIT STRING {
+ *     claims(0),
+ *     branch-aware(1),
+ *     forward-to-full-dc(2),
+ *     resource-based-constrained-delegation(3)
+ * }
+ *
+ * PA-PAC-OPTIONS ::= SEQUENCE {
+ *     flags [0] PAC-OPTIONS-FLAGS
+ * }
+ */
+DEFFIELD(pa_pac_options_0, krb5_pa_pac_options, options, 0, krb5_flags);
+static const struct atype_info *pa_pac_options_fields[] = {
+    &k5_atype_pa_pac_options_0
+};
+DEFSEQTYPE(pa_pac_options, krb5_pa_pac_options, pa_pac_options_fields);
+MAKE_ENCODER(encode_krb5_pa_pac_options, pa_pac_options);
+MAKE_DECODER(decode_krb5_pa_pac_options, pa_pac_options);
+
+
+DEFFIELD(spake_factor_0, krb5_spake_factor, type, 0, int32);
+DEFFIELD(spake_factor_1, krb5_spake_factor, data, 1, opt_ostring_data_ptr);
+static const struct atype_info *spake_factor_fields[] = {
+    &k5_atype_spake_factor_0, &k5_atype_spake_factor_1
+};
+DEFSEQTYPE(spake_factor, krb5_spake_factor, spake_factor_fields);
+DEFPTRTYPE(spake_factor_ptr, spake_factor);
+DEFNULLTERMSEQOFTYPE(seqof_spake_factor, spake_factor_ptr);
+DEFPTRTYPE(ptr_seqof_spake_factor, seqof_spake_factor);
+MAKE_ENCODER(encode_krb5_spake_factor, spake_factor);
+MAKE_DECODER(decode_krb5_spake_factor, spake_factor);
+
+DEFCNFIELD(spake_support_0, krb5_spake_support, groups, ngroups, 0,
+           cseqof_int32);
+static const struct atype_info *spake_support_fields[] = {
+    &k5_atype_spake_support_0
+};
+DEFSEQTYPE(spake_support, krb5_spake_support, spake_support_fields);
+
+DEFFIELD(spake_challenge_0, krb5_spake_challenge, group, 0, int32);
+DEFFIELD(spake_challenge_1, krb5_spake_challenge, pubkey, 1, ostring_data);
+DEFFIELD(spake_challenge_2, krb5_spake_challenge, factors, 2,
+         ptr_seqof_spake_factor);
+static const struct atype_info *spake_challenge_fields[] = {
+    &k5_atype_spake_challenge_0, &k5_atype_spake_challenge_1,
+    &k5_atype_spake_challenge_2
+};
+DEFSEQTYPE(spake_challenge, krb5_spake_challenge, spake_challenge_fields);
+
+DEFFIELD(spake_response_0, krb5_spake_response, pubkey, 0, ostring_data);
+DEFFIELD(spake_response_1, krb5_spake_response, factor, 1, encrypted_data);
+static const struct atype_info *spake_response_fields[] = {
+    &k5_atype_spake_response_0, &k5_atype_spake_response_1,
+};
+DEFSEQTYPE(spake_response, krb5_spake_response, spake_response_fields);
+
+DEFCTAGGEDTYPE(pa_spake_0, 0, spake_support);
+DEFCTAGGEDTYPE(pa_spake_1, 1, spake_challenge);
+DEFCTAGGEDTYPE(pa_spake_2, 2, spake_response);
+DEFCTAGGEDTYPE(pa_spake_3, 3, encrypted_data);
+static const struct atype_info *pa_spake_alternatives[] = {
+    &k5_atype_pa_spake_0, &k5_atype_pa_spake_1, &k5_atype_pa_spake_2,
+    &k5_atype_pa_spake_3
+};
+DEFCHOICETYPE(pa_spake_choice, union krb5_spake_message_choices,
+              enum krb5_spake_msgtype, pa_spake_alternatives);
+DEFCOUNTEDTYPE_SIGNED(pa_spake, krb5_pa_spake, u, choice, pa_spake_choice);
+MAKE_ENCODER(encode_krb5_pa_spake, pa_spake);
+MAKE_DECODER(decode_krb5_pa_spake, pa_spake);
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/deps b/krb5-1.21.3/src/lib/krb5/asn.1/deps
new file mode 100644
index 00000000..01d2d23a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/deps
@@ -0,0 +1,38 @@
+#
+# Generated makefile dependencies follow.
+#
+asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  asn1_encode.c asn1_encode.h krbasn1.h
+asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-spake.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h asn1_encode.h \
+  asn1_k_encode.c krbasn1.h
+ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h asn1_encode.h \
+  krbasn1.h ldap_key_seq.c
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/krbasn1.h b/krb5-1.21.3/src/lib/krb5/asn.1/krbasn1.h
new file mode 100644
index 00000000..59d7fd98
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/krbasn1.h
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef __KRBASN1_H__
+#define __KRBASN1_H__
+
+#include "k5-int.h"
+#include <stdio.h>
+#include <errno.h>
+#include <limits.h>             /* For INT_MAX */
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+typedef krb5_error_code asn1_error_code;
+
+typedef enum { PRIMITIVE = 0x00, CONSTRUCTED = 0x20 } asn1_construction;
+
+typedef enum { UNIVERSAL = 0x00, APPLICATION = 0x40,
+               CONTEXT_SPECIFIC = 0x80, PRIVATE = 0xC0 } asn1_class;
+
+typedef int asn1_tagnum;
+#define ASN1_TAGNUM_CEILING INT_MAX
+#define ASN1_TAGNUM_MAX (ASN1_TAGNUM_CEILING-1)
+
+/* This is Kerberos Version 5 */
+#define KVNO 5
+
+/* Universal Tag Numbers */
+#define ASN1_BOOLEAN            1
+#define ASN1_INTEGER            2
+#define ASN1_BITSTRING          3
+#define ASN1_OCTETSTRING        4
+#define ASN1_NULL               5
+#define ASN1_OBJECTIDENTIFIER   6
+#define ASN1_ENUMERATED         10
+#define ASN1_UTF8STRING         12
+#define ASN1_SEQUENCE           16
+#define ASN1_SET                17
+#define ASN1_PRINTABLESTRING    19
+#define ASN1_IA5STRING          22
+#define ASN1_UTCTIME            23
+#define ASN1_GENERALTIME        24
+#define ASN1_GENERALSTRING      27
+
+/* Kerberos Message Types */
+#define ASN1_KRB_AS_REQ         10
+#define ASN1_KRB_AS_REP         11
+#define ASN1_KRB_TGS_REQ        12
+#define ASN1_KRB_TGS_REP        13
+#define ASN1_KRB_AP_REQ         14
+#define ASN1_KRB_AP_REP         15
+#define ASN1_KRB_SAFE           20
+#define ASN1_KRB_PRIV           21
+#define ASN1_KRB_CRED           22
+#define ASN1_KRB_ERROR          30
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/asn.1/ldap_key_seq.c b/krb5-1.21.3/src/lib/krb5/asn.1/ldap_key_seq.c
new file mode 100644
index 00000000..9508bc34
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/asn.1/ldap_key_seq.c
@@ -0,0 +1,124 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* ... copyright ... */
+
+/*
+ * Novell key-format scheme:
+ *
+ * KrbKeySet ::= SEQUENCE {
+ * attribute-major-vno       [0] UInt16,
+ * attribute-minor-vno       [1] UInt16,
+ * kvno                      [2] UInt32,
+ * mkvno                     [3] UInt32 OPTIONAL,
+ * keys                      [4] SEQUENCE OF KrbKey,
+ * ...
+ * }
+ *
+ * KrbKey ::= SEQUENCE {
+ * salt      [0] KrbSalt OPTIONAL,
+ * key       [1] EncryptionKey,
+ * s2kparams [2] OCTET STRING OPTIONAL,
+ *  ...
+ * }
+ *
+ * KrbSalt ::= SEQUENCE {
+ * type      [0] Int32,
+ * salt      [1] OCTET STRING OPTIONAL
+ * }
+ *
+ * EncryptionKey ::= SEQUENCE {
+ * keytype   [0] Int32,
+ * keyvalue  [1] OCTET STRING
+ * }
+ *
+ */
+
+#include <k5-int.h>
+#include <kdb.h>
+
+#include "krbasn1.h"
+#include "asn1_encode.h"
+
+#ifdef ENABLE_LDAP
+
+/************************************************************************/
+/* Encode the Principal's keys                                          */
+/************************************************************************/
+
+/*
+ * Imports from asn1_k_encode.c.
+ * XXX Must be manually synchronized for now.
+ */
+IMPORT_TYPE(int32, int32_t);
+
+DEFINTTYPE(int16, int16_t);
+DEFINTTYPE(uint16, uint16_t);
+
+DEFCOUNTEDSTRINGTYPE(ui2_octetstring, uint8_t *, uint16_t,
+                     k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
+                     ASN1_OCTETSTRING);
+
+static int
+is_value_present(const void *p)
+{
+    const krb5_key_data *val = p;
+    return (val->key_data_length[1] != 0);
+}
+DEFCOUNTEDTYPE(krbsalt_salt, krb5_key_data, key_data_contents[1],
+               key_data_length[1], ui2_octetstring);
+DEFOPTIONALTYPE(krbsalt_salt_if_present, is_value_present, NULL, krbsalt_salt);
+DEFFIELD(krbsalt_0, krb5_key_data, key_data_type[1], 0, int16);
+DEFCTAGGEDTYPE(krbsalt_1, 1, krbsalt_salt_if_present);
+static const struct atype_info *krbsalt_fields[] = {
+    &k5_atype_krbsalt_0, &k5_atype_krbsalt_1
+};
+DEFSEQTYPE(krbsalt, krb5_key_data, krbsalt_fields);
+
+DEFFIELD(encryptionkey_0, krb5_key_data, key_data_type[0], 0, int16);
+DEFCNFIELD(encryptionkey_1, krb5_key_data, key_data_contents[0],
+           key_data_length[0], 1, ui2_octetstring);
+static const struct atype_info *encryptionkey_fields[] = {
+    &k5_atype_encryptionkey_0, &k5_atype_encryptionkey_1
+};
+DEFSEQTYPE(encryptionkey, krb5_key_data, encryptionkey_fields);
+
+static int
+is_salt_present(const void *p)
+{
+    const krb5_key_data *val = p;
+    return val->key_data_ver > 1;
+}
+static void
+no_salt(void *p)
+{
+    krb5_key_data *val = p;
+    val->key_data_ver = 1;
+}
+DEFOPTIONALTYPE(key_data_salt_if_present, is_salt_present, no_salt, krbsalt);
+DEFCTAGGEDTYPE(key_data_0, 0, key_data_salt_if_present);
+DEFCTAGGEDTYPE(key_data_1, 1, encryptionkey);
+static const struct atype_info *key_data_fields[] = {
+    &k5_atype_key_data_0, &k5_atype_key_data_1
+};
+DEFSEQTYPE(key_data, krb5_key_data, key_data_fields);
+DEFPTRTYPE(ptr_key_data, key_data);
+DEFCOUNTEDSEQOFTYPE(cseqof_key_data, int16_t, ptr_key_data);
+
+DEFINT_IMMEDIATE(one, 1, ASN1_BAD_FORMAT);
+DEFCTAGGEDTYPE(ldap_key_seq_0, 0, one);
+DEFCTAGGEDTYPE(ldap_key_seq_1, 1, one);
+DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, uint16);
+DEFFIELD(ldap_key_seq_3, ldap_seqof_key_data, mkvno, 3, int32);
+DEFCNFIELD(ldap_key_seq_4, ldap_seqof_key_data, key_data, n_key_data, 4,
+           cseqof_key_data);
+static const struct atype_info *ldap_key_seq_fields[] = {
+    &k5_atype_ldap_key_seq_0, &k5_atype_ldap_key_seq_1,
+    &k5_atype_ldap_key_seq_2, &k5_atype_ldap_key_seq_3,
+    &k5_atype_ldap_key_seq_4
+};
+DEFSEQTYPE(ldap_key_seq, ldap_seqof_key_data, ldap_key_seq_fields);
+
+/* Export a function to do the whole encoding.  */
+MAKE_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq);
+MAKE_DECODER(krb5int_ldap_decode_sequence_of_keys, ldap_key_seq);
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/Makefile.in b/krb5-1.21.3/src/lib/krb5/ccache/Makefile.in
new file mode 100644
index 00000000..2864e92b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/Makefile.in
@@ -0,0 +1,166 @@
+mydir=lib$(S)krb5$(S)ccache
+BUILDTOP=$(REL)..$(S)..$(S)..
+SUBDIRS = # ccapi
+WINSUBDIRS = ccapi
+##WIN32##DEFINES = -DUSE_CCAPI
+
+LOCALINCLUDES = -I$(srcdir)$(S)ccapi -I$(srcdir) -I.
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=ccache
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+##WIN32##MSLSA_OBJ = $(OUTPRE)cc_mslsa.$(OBJEXT)
+##WIN32##MSLSA_SRC = $(srcdir)/cc_mslsa.c
+
+##WIN32##!if 0
+KCMRPC_DEPS-osx = kcmrpc.h kcmrpc_types.h
+KCMRPC_OBJ-osx = kcmrpc.o
+KCMRPC_DEPS-no = # empty
+KCMRPC_OBJ-no = # empty
+
+KCMRPC_DEPS = $(KCMRPC_DEPS-@OSX@)
+KCMRPC_OBJ = $(KCMRPC_OBJ-@OSX@)
+##WIN32##!endif
+
+
+STLIBOBJS= \
+	ccapi_util.o \
+	ccbase.o \
+	cccopy.o \
+	cccursor.o \
+	ccdefault.o \
+	ccdefops.o \
+	ccmarshal.o \
+	ccselect.o \
+	ccselect_hostname.o \
+	ccselect_k5identity.o \
+	ccselect_realm.o \
+	cc_api_macos.o \
+	cc_dir.o \
+	cc_retr.o \
+	cc_file.o \
+	cc_kcm.o \
+	cc_memory.o \
+	cc_keyring.o \
+	ccfns.o \
+	$(KCMRPC_OBJ)
+
+OBJS=	$(OUTPRE)ccapi_util.$(OBJEXT) \
+	$(OUTPRE)ccbase.$(OBJEXT) \
+	$(OUTPRE)cccopy.$(OBJEXT) \
+	$(OUTPRE)cccursor.$(OBJEXT) \
+	$(OUTPRE)ccdefault.$(OBJEXT) \
+	$(OUTPRE)ccdefops.$(OBJEXT) \
+	$(OUTPRE)ccmarshal.$(OBJEXT) \
+	$(OUTPRE)ccselect.$(OBJEXT) \
+	$(OUTPRE)ccselect_hostname.$(OBJEXT) \
+	$(OUTPRE)ccselect_k5identity.$(OBJEXT) \
+	$(OUTPRE)ccselect_realm.$(OBJEXT) \
+	$(OUTPRE)cc_api_macos.$(OBJEXT) \
+	$(OUTPRE)cc_dir.$(OBJEXT) \
+	$(OUTPRE)cc_retr.$(OBJEXT) \
+	$(OUTPRE)cc_file.$(OBJEXT) \
+	$(OUTPRE)cc_kcm.$(OBJEXT) \
+	$(OUTPRE)cc_memory.$(OBJEXT) \
+	$(OUTPRE)cc_keyring.$(OBJEXT) \
+	$(OUTPRE)ccfns.$(OBJEXT) \
+	$(MSLSA_OBJ)
+
+SRCS=	$(srcdir)/ccapi_util.c \
+	$(srcdir)/ccbase.c \
+	$(srcdir)/cccopy.c \
+	$(srcdir)/cccursor.c \
+	$(srcdir)/ccdefault.c \
+	$(srcdir)/ccdefops.c \
+	$(srcdir)/ccmarshal.c \
+	$(srcdir)/ccselect.c \
+	$(srcdir)/ccselect_hostname.c \
+	$(srcdir)/ccselect_k5identity.c \
+	$(srcdir)/ccselect_realm.c \
+	$(srcdir)/cc_api_macos.c \
+	$(srcdir)/cc_dir.c \
+	$(srcdir)/cc_retr.c \
+	$(srcdir)/cc_file.c \
+	$(srcdir)/cc_kcm.c \
+	$(srcdir)/cc_memory.c \
+	$(srcdir)/cc_keyring.c \
+	$(srcdir)/ccfns.c \
+	$(MSLSA_SRC)
+
+EXTRADEPSRCS= \
+	$(srcdir)/t_cc.c \
+	$(srcdir)/t_cccol.c \
+	$(srcdir)/t_cccursor.c \
+	$(srcdir)/t_marshal.c
+
+##DOS##OBJS=$(OBJS) $(OUTPRE)ccfns.$(OBJEXT)
+
+all-unix: all-libobjs
+
+all-windows: subdirs $(OBJFILE)
+
+##DOS##subdirs: ccapi\$(OUTPRE)file.lst
+
+##DOS##ccapi\$(OUTPRE)file.lst:
+##DOS##	cd ccapi
+##DOS##	@echo Making in krb5\ccache\ccapi
+##DOS##	$(MAKE) -$(MFLAGS)
+##DOS##	cd ..
+
+##DOS##$(OBJFILE): $(OBJS) ccapi\$(OUTPRE)file.lst
+##DOS##	$(RM) $(OBJFILE)
+##WIN32##	$(LIBECHO) -p $(PREFIXDIR)\ $(OUTPRE)*.obj \
+##WIN32##		ccapi\$(OUTPRE)*.obj > $(OBJFILE)
+
+kcmrpc.h kcmrpc.c: kcmrpc.defs
+	mig -header kcmrpc.h -user kcmrpc.c -sheader /dev/null \
+		-server /dev/null -I$(srcdir) $(srcdir)/kcmrpc.defs
+
+clean-unix:: clean-libobjs
+
+clean-windows::
+	cd ccapi
+	@echo Making clean in krb5\ccache\ccapi
+	$(MAKE) -$(MFLAGS) clean
+	cd ..
+	@echo Making clean in krb5\ccache
+	$(RM) $(OBJFILE)
+
+T_CC_OBJS=t_cc.o
+
+t_cc: $(T_CC_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_cc $(T_CC_OBJS) $(KRB5_BASE_LIBS)
+
+T_CCCOL_OBJS = t_cccol.o
+t_cccol: $(T_CCCOL_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_CCCOL_OBJS) $(KRB5_BASE_LIBS)
+
+T_CCCURSOR_OBJS = t_cccursor.o
+t_cccursor: $(T_CCCURSOR_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_CCCURSOR_OBJS) $(KRB5_BASE_LIBS)
+
+T_MARSHAL_OBJS = t_marshal.o
+t_marshal: $(T_MARSHAL_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_MARSHAL_OBJS) $(KRB5_BASE_LIBS)
+
+check-unix: t_cc t_marshal
+	$(RUN_TEST) ./t_cc
+	$(RUN_TEST) ./t_marshal testcache
+
+check-pytests: t_cccursor t_cccol
+	$(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS)
+
+clean-unix::
+	$(RM) t_cc t_cc.o t_cccursor t_cccursor.o t_cccol t_cccol.o
+	$(RM) t_marshal t_marshal.o testcache kcmrpc.c kcmrpc.h
+
+depend: $(KCMRPC_DEPS)
+
+##WIN32##$(OUTPRE)cc_mslsa.$(OBJEXT): cc_mslsa.c $(top_srcdir)/include/k5-int.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS)
+
+cc_kcm.so cc_kcm.o: $(KCMRPC_DEPS)
+kcmrpc.so kcmrpc.o: kcmrpc.h kcmrpc_types.h
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc-int.h b/krb5-1.21.3/src/lib/krb5/ccache/cc-int.h
new file mode 100644
index 00000000..51c6df21
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc-int.h
@@ -0,0 +1,229 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc-int.h */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* This file contains constant and function declarations used in the
+ * file-based credential cache routines. */
+
+#ifndef __KRB5_CCACHE_H__
+#define __KRB5_CCACHE_H__
+
+#include "k5-int.h"
+
+struct _krb5_ccache {
+    krb5_magic magic;
+    const struct _krb5_cc_ops *ops;
+    krb5_pointer data;
+};
+
+krb5_error_code
+k5_cc_retrieve_cred_default(krb5_context, krb5_ccache, krb5_flags,
+                            krb5_creds *, krb5_creds *);
+
+krb5_boolean
+krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds);
+
+int
+krb5int_cc_initialize(void);
+
+void
+krb5int_cc_finalize(void);
+
+krb5_error_code
+k5_nonatomic_replace(krb5_context context, krb5_ccache ccache,
+                     krb5_principal princ, krb5_creds **creds);
+
+/*
+ * Cursor for iterating over ccache types
+ */
+struct krb5_cc_typecursor;
+typedef struct krb5_cc_typecursor *krb5_cc_typecursor;
+
+krb5_error_code
+krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *cursor);
+
+krb5_error_code
+krb5int_cc_typecursor_next(
+    krb5_context context,
+    krb5_cc_typecursor cursor,
+    const struct _krb5_cc_ops **ops);
+
+krb5_error_code
+krb5int_cc_typecursor_free(
+    krb5_context context,
+    krb5_cc_typecursor *cursor);
+
+/* reentrant mutex used by krb5_cc_* functions */
+typedef struct _k5_cc_mutex {
+    k5_mutex_t lock;
+    krb5_context owner;
+    krb5_int32 refcount;
+} k5_cc_mutex;
+
+#define K5_CC_MUTEX_PARTIAL_INITIALIZER         \
+    { K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 }
+
+krb5_error_code
+k5_cc_mutex_init(k5_cc_mutex *m);
+
+krb5_error_code
+k5_cc_mutex_finish_init(k5_cc_mutex *m);
+
+#define k5_cc_mutex_destroy(M)                  \
+    k5_mutex_destroy(&(M)->lock);
+
+void
+k5_cc_mutex_assert_locked(krb5_context context, k5_cc_mutex *m);
+
+void
+k5_cc_mutex_assert_unlocked(krb5_context context, k5_cc_mutex *m);
+
+void
+k5_cc_mutex_lock(krb5_context context, k5_cc_mutex *m);
+
+void
+k5_cc_mutex_unlock(krb5_context context, k5_cc_mutex *m);
+
+extern k5_cc_mutex krb5int_mcc_mutex;
+extern k5_cc_mutex krb5int_krcc_mutex;
+extern k5_cc_mutex krb5int_cc_file_mutex;
+
+extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
+(krb5_context context);
+
+extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
+(krb5_context context);
+
+krb5_error_code
+k5_cc_lock(krb5_context context, krb5_ccache ccache);
+
+krb5_error_code
+k5_cc_unlock(krb5_context context, krb5_ccache ccache);
+
+krb5_error_code
+k5_cccol_lock(krb5_context context);
+
+krb5_error_code
+k5_cccol_unlock(krb5_context context);
+
+void
+k5_cc_mutex_force_unlock(k5_cc_mutex *m);
+
+void
+k5_cccol_force_unlock(void);
+
+krb5_error_code
+krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id);
+
+krb5_error_code
+ccselect_hostname_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable);
+
+krb5_error_code
+ccselect_realm_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+
+krb5_error_code
+ccselect_k5identity_initvt(krb5_context context, int maj_ver, int min_ver,
+                           krb5_plugin_vtable vtable);
+
+krb5_error_code
+k5_unmarshal_cred(const unsigned char *data, size_t len, int version,
+                  krb5_creds *creds);
+
+krb5_error_code
+k5_unmarshal_princ(const unsigned char *data, size_t len, int version,
+                   krb5_principal *princ_out);
+
+void
+k5_marshal_cred(struct k5buf *buf, int version, krb5_creds *creds);
+
+void
+k5_marshal_mcred(struct k5buf *buf, krb5_creds *mcred);
+
+void
+k5_marshal_princ(struct k5buf *buf, int version, krb5_principal princ);
+
+krb5_error_code
+k5_kcm_primary_name(krb5_context context, char **name_out);
+
+/*
+ * Per-type ccache cursor.
+ */
+struct krb5_cc_ptcursor_s {
+    const struct _krb5_cc_ops *ops;
+    krb5_pointer data;
+};
+typedef struct krb5_cc_ptcursor_s *krb5_cc_ptcursor;
+
+struct _krb5_cc_ops {
+    krb5_magic magic;
+    char *prefix;
+    const char * (KRB5_CALLCONV *get_name)(krb5_context, krb5_ccache);
+    krb5_error_code (KRB5_CALLCONV *resolve)(krb5_context, krb5_ccache *,
+                                             const char *);
+    krb5_error_code (KRB5_CALLCONV *gen_new)(krb5_context, krb5_ccache *);
+    krb5_error_code (KRB5_CALLCONV *init)(krb5_context, krb5_ccache,
+                                          krb5_principal);
+    krb5_error_code (KRB5_CALLCONV *destroy)(krb5_context, krb5_ccache);
+    krb5_error_code (KRB5_CALLCONV *close)(krb5_context, krb5_ccache);
+    krb5_error_code (KRB5_CALLCONV *store)(krb5_context, krb5_ccache,
+                                           krb5_creds *);
+    krb5_error_code (KRB5_CALLCONV *retrieve)(krb5_context, krb5_ccache,
+                                              krb5_flags, krb5_creds *,
+                                              krb5_creds *);
+    krb5_error_code (KRB5_CALLCONV *get_princ)(krb5_context, krb5_ccache,
+                                               krb5_principal *);
+    krb5_error_code (KRB5_CALLCONV *get_first)(krb5_context, krb5_ccache,
+                                               krb5_cc_cursor *);
+    krb5_error_code (KRB5_CALLCONV *get_next)(krb5_context, krb5_ccache,
+                                              krb5_cc_cursor *, krb5_creds *);
+    krb5_error_code (KRB5_CALLCONV *end_get)(krb5_context, krb5_ccache,
+                                             krb5_cc_cursor *);
+    krb5_error_code (KRB5_CALLCONV *remove_cred)(krb5_context, krb5_ccache,
+                                                 krb5_flags, krb5_creds *);
+    krb5_error_code (KRB5_CALLCONV *set_flags)(krb5_context, krb5_ccache,
+                                               krb5_flags);
+    krb5_error_code (KRB5_CALLCONV *get_flags)(krb5_context, krb5_ccache,
+                                               krb5_flags *);
+    krb5_error_code (KRB5_CALLCONV *ptcursor_new)(krb5_context,
+                                                  krb5_cc_ptcursor *);
+    krb5_error_code (KRB5_CALLCONV *ptcursor_next)(krb5_context,
+                                                   krb5_cc_ptcursor,
+                                                   krb5_ccache *);
+    krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
+                                                   krb5_cc_ptcursor *);
+    krb5_error_code (KRB5_CALLCONV *replace)(krb5_context, krb5_ccache,
+                                             krb5_principal, krb5_creds **);
+    krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
+                                                krb5_timestamp *);
+    krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
+    krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
+    krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
+};
+
+extern const krb5_cc_ops *krb5_cc_dfl_ops;
+
+#endif /* __KRB5_CCACHE_H__ */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_api_macos.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_api_macos.c
new file mode 100644
index 00000000..34b1c350
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_api_macos.c
@@ -0,0 +1,727 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_api_macos.c - Native MacOS X ccache code */
+/*
+ * Copyright (C) 2022 United States Government as represented by the
+ * Secretary of the Navy.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This ccache module provides compatibility with the default native ccache
+ * type for macOS, by linking against the native Kerberos framework and calling
+ * the CCAPI stubs.  Due to workarounds for specific behaviors of the CCAPI
+ * stubs, this implementation is separate from the API ccache implementation
+ * used on Windows.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include "ccapi_util.h"
+#include <CredentialsCache.h>
+
+#ifdef USE_CCAPI_MACOS
+
+#include <sys/utsname.h>
+#include <xpc/xpc.h>
+
+const krb5_cc_ops krb5_api_macos_ops;
+
+struct api_macos_cache_data {
+    char *residual;
+    cc_context_t cc_context;
+    cc_ccache_t cache;
+};
+
+struct api_macos_ptcursor {
+    krb5_boolean first;
+    char *primary;
+    cc_context_t cc_context;
+    cc_ccache_iterator_t iter;
+};
+
+/* Map a CCAPI error code to a com_err code. */
+static krb5_error_code
+ccerr2mit(uint32_t err)
+{
+    switch (err) {
+    case ccNoError:
+        return 0;
+    case ccIteratorEnd:
+        return KRB5_CC_END;
+    case ccErrNoMem:
+        return ENOMEM;
+    case ccErrCCacheNotFound:
+        return KRB5_FCC_NOFILE;
+    default:
+        return KRB5_FCC_INTERNAL;
+    }
+}
+
+/* Construct a ccache handle for residual.  Use cc_context if it is not null,
+ * or initialize a new one if it is. */
+static krb5_error_code
+make_cache(const char *residual, cc_context_t cc_context,
+           krb5_ccache *ccache_out)
+{
+    krb5_ccache cache = NULL;
+    char *residual_copy = NULL;
+    struct api_macos_cache_data *data = NULL;
+    uint32_t err;
+
+    *ccache_out = NULL;
+
+    if (cc_context == NULL) {
+        err = cc_initialize(&cc_context, ccapi_version_max, NULL, NULL);
+        if (err != ccNoError)
+            return KRB5_FCC_INTERNAL;
+    }
+
+    cache = malloc(sizeof(*cache));
+    if (cache == NULL)
+        goto oom;
+
+    data = calloc(1, sizeof(*data));
+    if (data == NULL)
+        goto oom;
+
+    residual_copy = strdup(residual);
+    if (residual_copy == NULL)
+        goto oom;
+
+    data->residual = residual_copy;
+    data->cc_context = cc_context;
+    cache->ops = &krb5_api_macos_ops;
+    cache->data = data;
+    cache->magic = KV5M_CCACHE;
+    *ccache_out = cache;
+    return 0;
+
+oom:
+    free(cache);
+    free(data);
+    free(residual_copy);
+    if (cc_context)
+        cc_context_release(cc_context);
+    return ENOMEM;
+}
+
+static uint32_t
+open_cache(struct api_macos_cache_data *data)
+{
+    if (data->cache != NULL)
+        return ccNoError;
+    return cc_context_open_ccache(data->cc_context, data->residual,
+                                  &data->cache);
+}
+
+static const char *
+api_macos_get_name(krb5_context context, krb5_ccache ccache)
+{
+    struct api_macos_cache_data *data = ccache->data;
+
+    return data->residual;
+}
+
+/*
+ * We would like to use cc_context_get_default_ccache_name() for this, but that
+ * doesn't work on macOS if the default cache name is set by the environment or
+ * configuration.  So we have to do what the underlying macOS Heimdal API cache
+ * type does to fetch the primary name.
+ *
+ * For macOS 11 (Darwin 20) and later, implement just enough of the XCACHE
+ * protocol to fetch the primary UUID.  For earlier versions, query the KCM
+ * daemon.
+ */
+static krb5_error_code
+get_primary_name(krb5_context context, char **name_out)
+{
+    krb5_error_code ret;
+    xpc_connection_t conn = NULL;
+    xpc_object_t request = NULL, reply = NULL;
+    const uint8_t *uuid;
+    uint64_t flags = XPC_CONNECTION_MACH_SERVICE_PRIVILEGED;
+    char uuidstr[37], *end;
+    struct utsname un;
+    long release;
+
+    *name_out = NULL;
+
+    if (uname(&un) == 0) {
+        release = strtol(un.release, &end, 10);
+        if (end != un.release && release < 20) {
+            /* Query the KCM daemon for macOS 10 and earlier. */
+            ret = k5_kcm_primary_name(context, name_out);
+            goto cleanup;
+        }
+    }
+
+    conn = xpc_connection_create_mach_service("com.apple.GSSCred", NULL,
+                                              flags);
+    if (conn == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    xpc_connection_set_event_handler(conn, ^(xpc_object_t o){ ; });
+    xpc_connection_resume(conn);
+
+    request = xpc_dictionary_create(NULL, NULL, 0);
+    if (request == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    xpc_dictionary_set_string(request, "command", "default");
+    xpc_dictionary_set_string(request, "mech", "kHEIMTypeKerberos");
+
+    reply = xpc_connection_send_message_with_reply_sync(conn, request);
+    if (reply == NULL || xpc_get_type(reply) == XPC_TYPE_ERROR) {
+        ret = KRB5_CC_IO;
+        goto cleanup;
+    }
+
+    uuid = xpc_dictionary_get_uuid(reply, "default");
+    if (uuid == NULL) {
+        ret = KRB5_CC_IO;
+        goto cleanup;
+    }
+    uuid_unparse(uuid, uuidstr);
+
+    *name_out = strdup(uuidstr);
+    ret = (*name_out == NULL) ? ENOMEM : 0;
+
+cleanup:
+    if (request != NULL)
+        xpc_release(request);
+    if (reply != NULL)
+        xpc_release(reply);
+    if (conn != NULL)
+        xpc_release(conn);
+    return ret;
+}
+
+static krb5_error_code
+api_macos_resolve(krb5_context context, krb5_ccache *cache_out,
+                  const char *residual)
+{
+    krb5_error_code ret;
+    char *primary = NULL;
+
+    if (*residual == '\0') {
+        ret = get_primary_name(context, &primary);
+        if (ret)
+            return ret;
+        residual = primary;
+    }
+    ret = make_cache(residual, NULL, cache_out);
+    free(primary);
+    return ret;
+}
+
+static krb5_error_code
+api_macos_gen_new(krb5_context context, krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    uint32_t err;
+    cc_context_t cc_context = NULL;
+    cc_ccache_t cc_ccache = NULL;
+    cc_string_t cachename = NULL;
+    struct api_macos_cache_data *data;
+
+    *cache_out = NULL;
+
+    err = cc_initialize(&cc_context, ccapi_version_max, NULL, NULL);
+    if (err)
+        goto cleanup;
+
+    err = cc_context_create_new_ccache(cc_context, cc_credentials_v5, "",
+                                       &cc_ccache);
+    if (err)
+        goto cleanup;
+
+    err = cc_ccache_get_name(cc_ccache, &cachename);
+    if (err)
+        goto cleanup;
+
+    ret = make_cache(cachename->data, cc_context, cache_out);
+    cc_context = NULL;
+    if (!ret) {
+        data = (*cache_out)->data;
+        data->cache = cc_ccache;
+        cc_ccache = NULL;
+    }
+
+cleanup:
+    if (cc_context != NULL)
+        cc_context_release(cc_context);
+    if (cc_ccache != NULL)
+        cc_ccache_release(cc_ccache);
+    return err ? KRB5_FCC_INTERNAL : 0;
+}
+
+static krb5_error_code
+api_macos_initialize(krb5_context context, krb5_ccache cache,
+                     krb5_principal princ)
+{
+    krb5_error_code ret;
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+    char *princstr = NULL, *prefix_name = NULL;
+
+    /* Apple's cc_context_create_ccache() requires a name with type prefix. */
+    if (asprintf(&prefix_name, "API:%s", data->residual) < 0)
+        return ENOMEM;
+
+    ret = krb5_unparse_name(context, princ, &princstr);
+    if (ret) {
+        free(prefix_name);
+        return ret;
+    }
+
+    if (data->cache != NULL) {
+        cc_ccache_release(data->cache);
+        data->cache = NULL;
+    }
+
+    err = cc_context_create_ccache(data->cc_context, prefix_name,
+                                   cc_credentials_v5, princstr,
+                                   &data->cache);
+    krb5_free_unparsed_name(context, princstr);
+    free(prefix_name);
+    return ccerr2mit(err);
+}
+
+static krb5_error_code
+api_macos_close(krb5_context context, krb5_ccache cache)
+{
+    struct api_macos_cache_data *data = cache->data;
+
+    if (data->cache != NULL)
+        cc_ccache_release(data->cache);
+    cc_context_release(data->cc_context);
+    free(data->residual);
+    free(data);
+    free(cache);
+    return 0;
+}
+
+static krb5_error_code
+api_macos_destroy(krb5_context context, krb5_ccache cache)
+{
+    struct api_macos_cache_data *data = cache->data;
+
+    open_cache(data);
+    if (data->cache != NULL) {
+        cc_ccache_destroy(data->cache);
+        data->cache = NULL;
+    }
+    return api_macos_close(context, cache);
+}
+
+static krb5_error_code
+api_macos_store(krb5_context context, krb5_ccache cache, krb5_creds *creds)
+{
+    struct api_macos_cache_data *data = cache->data;
+    cc_credentials_union *c_un = NULL;
+    krb5_error_code ret;
+    uint32_t err;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    ret = k5_krb5_to_ccapi_creds(context, creds, &c_un);
+    if (ret)
+        return ret;
+    err = cc_ccache_store_credentials(data->cache, c_un);
+    k5_release_ccapi_cred(c_un);
+    return ccerr2mit(err);
+}
+
+static krb5_error_code
+api_macos_retrieve(krb5_context context, krb5_ccache cache,
+                   krb5_flags whichfields, krb5_creds *mcreds,
+                   krb5_creds *creds)
+{
+    return k5_cc_retrieve_cred_default(context, cache, whichfields,
+                                       mcreds, creds);
+}
+
+static krb5_error_code
+api_macos_get_princ(krb5_context context, krb5_ccache cache,
+                    krb5_principal *princ)
+{
+    struct api_macos_cache_data *data = cache->data;
+    krb5_error_code ret;
+    uint32_t err;
+    cc_string_t outprinc;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_ccache_get_principal(data->cache, cc_credentials_v5, &outprinc);
+    if (err)
+        return ccerr2mit(err);
+    ret = krb5_parse_name(context, outprinc->data, princ);
+    cc_string_release(outprinc);
+    return ret;
+}
+
+static krb5_error_code
+api_macos_start_seq_get(krb5_context context, krb5_ccache cache,
+                        krb5_cc_cursor *cursor)
+{
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+    cc_credentials_iterator_t iter;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_ccache_new_credentials_iterator(data->cache, &iter);
+    if (err)
+        return ccerr2mit(err);
+
+    *cursor = (krb5_cc_cursor)iter;
+    return 0;
+}
+
+static krb5_error_code
+api_macos_next_cred(krb5_context context, krb5_ccache cache,
+                    krb5_cc_cursor *cursor, krb5_creds *creds)
+{
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+    krb5_error_code ret;
+    cc_credentials_iterator_t iter = (cc_credentials_iterator_t) *cursor;
+    cc_credentials_t acreds;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_credentials_iterator_next(iter, &acreds);
+    if (!err) {
+        ret = k5_ccapi_to_krb5_creds(context, acreds->data, creds);
+        cc_credentials_release(acreds);
+    } else {
+        ret = ccerr2mit(err);
+    }
+    return ret;
+}
+
+static krb5_error_code
+api_macos_end_seq_get(krb5_context context, krb5_ccache cache,
+                      krb5_cc_cursor *cursor)
+{
+    cc_credentials_iterator_t iter = *cursor;
+
+    cc_credentials_iterator_release(iter);
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code
+api_macos_remove_cred(krb5_context context, krb5_ccache cache,
+                      krb5_flags flags, krb5_creds *creds)
+{
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+    krb5_error_code ret = 0;
+    cc_credentials_iterator_t iter = NULL;
+    cc_credentials_t acreds;
+    krb5_creds mcreds;
+    krb5_boolean match;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_ccache_new_credentials_iterator(data->cache, &iter);
+    if (err)
+        return ccerr2mit(err);
+
+    for (;;) {
+        err = cc_credentials_iterator_next(iter, &acreds);
+        if (err)
+            break;
+
+        ret = k5_ccapi_to_krb5_creds(context, acreds->data, &mcreds);
+        if (ret) {
+            cc_credentials_release(acreds);
+            break;
+        }
+
+        match = krb5int_cc_creds_match_request(context, flags, creds, &mcreds);
+        krb5_free_cred_contents(context, &mcreds);
+        if (match)
+            err = cc_ccache_remove_credentials(data->cache, acreds);
+        cc_credentials_release(acreds);
+        if (err)
+            break;
+    }
+
+    cc_credentials_iterator_release(iter);
+
+    if (ret)
+        return ret;
+    if (err != ccIteratorEnd)
+        return ccerr2mit(err);
+    return 0;
+}
+
+static krb5_error_code
+api_macos_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)
+{
+    return 0;
+}
+
+static krb5_error_code
+api_macos_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags)
+{
+    *flags = 0;
+    return 0;
+}
+
+static krb5_error_code
+api_macos_ptcursor_new(krb5_context context, krb5_cc_ptcursor *ptcursor_out)
+{
+    krb5_cc_ptcursor ptcursor = NULL;
+    struct api_macos_ptcursor *apt = NULL;
+
+    apt = malloc(sizeof(*apt));
+    if (apt == NULL)
+        return ENOMEM;
+    apt->first = TRUE;
+    apt->primary = NULL;
+    apt->cc_context = NULL;
+    apt->iter = NULL;
+
+    ptcursor = malloc(sizeof(*ptcursor));
+    if (ptcursor == NULL) {
+        free(apt);
+        return ENOMEM;
+    }
+
+    ptcursor->ops = &krb5_api_macos_ops;
+    ptcursor->data = apt;
+    *ptcursor_out = ptcursor;
+    return 0;
+}
+
+/* Create a cache object and open it to ensure that it exists in the
+ * collection.  If it does not, return success but set *cache_out to NULL. */
+static krb5_error_code
+make_open_cache(const char *residual, krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    krb5_ccache cache;
+    uint32_t err;
+
+    *cache_out = NULL;
+
+    ret = make_cache(residual, NULL, &cache);
+    if (ret)
+        return ret;
+
+    err = open_cache(cache->data);
+    if (err) {
+        api_macos_close(NULL, cache);
+        return (err == ccErrCCacheNotFound) ? 0 : ccerr2mit(err);
+    }
+
+    *cache_out = cache;
+    return 0;
+}
+
+static krb5_error_code
+api_macos_ptcursor_next(krb5_context context, krb5_cc_ptcursor ptcursor,
+                        krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    uint32_t err;
+    struct api_macos_ptcursor *apt = ptcursor->data;
+    const char *defname, *defresidual;
+    cc_ccache_t cache;
+    cc_string_t residual;
+    struct api_macos_cache_data *data;
+
+    *cache_out = NULL;
+
+    defname = krb5_cc_default_name(context);
+    if (defname == NULL || strncmp(defname, "API:", 4) != 0)
+        return 0;
+    defresidual = defname + 4;
+
+    /* If the default cache name is a subsidiary cache, yield that cache if it
+     * exists and stop. */
+    if (*defresidual != '\0') {
+        if (!apt->first)
+            return 0;
+        apt->first = FALSE;
+        return make_open_cache(defresidual, cache_out);
+    }
+
+    if (apt->first) {
+        apt->first = FALSE;
+
+        /* Prepare to iterate over the collection. */
+        err = cc_initialize(&apt->cc_context, ccapi_version_max, NULL, NULL);
+        if (err)
+            return KRB5_FCC_INTERNAL;
+        err = cc_context_new_ccache_iterator(apt->cc_context, &apt->iter);
+        if (err)
+            return KRB5_FCC_INTERNAL;
+
+        /* Yield the primary cache first if it exists. */
+        ret = get_primary_name(context, &apt->primary);
+        if (ret)
+            return ret;
+        ret = make_open_cache(apt->primary, cache_out);
+        if (ret || *cache_out != NULL)
+            return ret;
+    }
+
+    for (;;) {
+        err = cc_ccache_iterator_next(apt->iter, &cache);
+        if (err)
+            return (err == ccIteratorEnd) ? 0 : ccerr2mit(err);
+
+        err = cc_ccache_get_name(cache, &residual);
+        if (err) {
+            cc_ccache_release(cache);
+            return ccerr2mit(err);
+        }
+
+        /* Skip the primary cache since we yielded it first. */
+        if (strcmp(residual->data, apt->primary) != 0)
+            break;
+    }
+
+    ret = make_cache(residual->data, NULL, cache_out);
+    cc_string_release(residual);
+    if (ret) {
+        cc_ccache_release(cache);
+        return ret;
+    }
+    data = (*cache_out)->data;
+    data->cache = cache;
+    return 0;
+}
+
+static krb5_error_code
+api_macos_ptcursor_free(krb5_context context, krb5_cc_ptcursor *ptcursor)
+{
+    struct api_macos_ptcursor *apt = (*ptcursor)->data;
+
+    if (apt != NULL) {
+        if (apt->iter != NULL)
+            cc_ccache_iterator_release(apt->iter);
+        if (apt->cc_context != NULL)
+            cc_context_release(apt->cc_context);
+        free(apt->primary);
+        free(apt);
+    }
+
+    free(*ptcursor);
+    *ptcursor = NULL;
+
+    return 0;
+}
+
+static krb5_error_code
+api_macos_lock(krb5_context context, krb5_ccache cache)
+{
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_ccache_lock(data->cache, cc_lock_write, cc_lock_block);
+    return ccerr2mit(err);
+}
+
+static krb5_error_code
+api_macos_unlock(krb5_context context, krb5_ccache cache)
+{
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_ccache_unlock(data->cache);
+    return ccerr2mit(err);
+}
+
+static krb5_error_code
+api_macos_switch_to(krb5_context context, krb5_ccache cache)
+{
+    struct api_macos_cache_data *data = cache->data;
+    uint32_t err;
+
+    err = open_cache(data);
+    if (err)
+        return ccerr2mit(err);
+
+    err = cc_ccache_set_default(data->cache);
+    return ccerr2mit(err);
+}
+
+const krb5_cc_ops krb5_api_macos_ops = {
+    0,
+    "API",
+    api_macos_get_name,
+    api_macos_resolve,
+    api_macos_gen_new,
+    api_macos_initialize,
+    api_macos_destroy,
+    api_macos_close,
+    api_macos_store,
+    api_macos_retrieve,
+    api_macos_get_princ,
+    api_macos_start_seq_get,
+    api_macos_next_cred,
+    api_macos_end_seq_get,
+    api_macos_remove_cred,
+    api_macos_set_flags,
+    api_macos_get_flags,
+    api_macos_ptcursor_new,
+    api_macos_ptcursor_next,
+    api_macos_ptcursor_free,
+    NULL, /* move */
+    NULL, /* wasdefault */
+    api_macos_lock,
+    api_macos_unlock,
+    api_macos_switch_to,
+};
+
+#endif /* TARGET_OS_MAC */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c
new file mode 100644
index 00000000..1da40b51
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c
@@ -0,0 +1,771 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_dir.c - Directory-based credential cache collection */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This credential cache type represents a set of file-based caches with a
+ * switchable primary cache.  An alternate form of the type represents a
+ * subsidiary file cache within the directory.
+ *
+ * A cache name of the form DIR:dirname identifies a directory containing the
+ * cache set.  Resolving a name of this form results in dirname's primary
+ * cache.  If a context's default cache is of this form, the global cache
+ * collection will contain dirname's cache set, and new unique caches of type
+ * DIR will be created within dirname.
+ *
+ * A cache name of the form DIR::filepath represents a single cache within the
+ * directory.  Switching to a ccache of this type causes the directory's
+ * primary cache to be set to the named cache.
+ *
+ * Within the directory, cache names begin with 'tkt'.  The file "primary"
+ * contains a single line naming the primary cache.  The directory must already
+ * exist when the DIR ccache is resolved, but the primary file will be created
+ * automatically if it does not exist.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#if HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+/* This is Unix-only for now.  To work on Windows, we will need opendir/readdir
+ * replacements and possibly more flexible newline handling. */
+#ifndef _WIN32
+
+#include <dirent.h>
+
+extern const krb5_cc_ops krb5_dcc_ops;
+extern const krb5_cc_ops krb5_fcc_ops;
+
+/* Fields are not modified after creation, so no lock is necessary. */
+typedef struct dcc_data_st {
+    char *residual;             /* dirname or :filename */
+    krb5_ccache fcc;            /* File cache for actual cache ops */
+} dcc_data;
+
+static inline krb5_boolean
+filename_is_cache(const char *filename)
+{
+    return (strncmp(filename, "tkt", 3) == 0);
+}
+
+/* Compose the pathname of the primary file within a cache directory. */
+static inline krb5_error_code
+primary_pathname(const char *dirname, char **path_out)
+{
+    return k5_path_join(dirname, "primary", path_out);
+}
+
+/* Compose a residual string for a subsidiary path with the specified directory
+ * name and filename. */
+static krb5_error_code
+subsidiary_residual(const char *dirname, const char *filename, char **out)
+{
+    krb5_error_code ret;
+    char *path, *residual;
+
+    *out = NULL;
+    ret = k5_path_join(dirname, filename, &path);
+    if (ret)
+        return ret;
+    ret = asprintf(&residual, ":%s", path);
+    free(path);
+    if (ret < 0)
+        return ENOMEM;
+    *out = residual;
+    return 0;
+}
+
+static inline krb5_error_code
+split_path(krb5_context context, const char *path, char **dirname_out,
+           char **filename_out)
+{
+    krb5_error_code ret;
+    char *dirname, *filename;
+
+    *dirname_out = NULL;
+    *filename_out = NULL;
+    ret = k5_path_split(path, &dirname, &filename);
+    if (ret)
+        return ret;
+
+    if (*dirname == '\0') {
+        ret = KRB5_CC_BADNAME;
+        k5_setmsg(context, ret,
+                  _("Subsidiary cache path %s has no parent directory"), path);
+        goto error;
+    }
+    if (!filename_is_cache(filename)) {
+        ret = KRB5_CC_BADNAME;
+        k5_setmsg(context, ret,
+                  _("Subsidiary cache path %s filename does not begin with "
+                    "\"tkt\""), path);
+        goto error;
+    }
+
+    *dirname_out = dirname;
+    *filename_out = filename;
+    return 0;
+
+error:
+    free(dirname);
+    free(filename);
+    return ret;
+}
+
+/* Read the primary file and compose the residual string for the primary
+ * subsidiary cache file. */
+static krb5_error_code
+read_primary_file(krb5_context context, const char *primary_path,
+                  const char *dirname, char **residual_out)
+{
+    FILE *fp;
+    char buf[64], *ret;
+    size_t len;
+
+    *residual_out = NULL;
+
+    /* Open the file and read its first line. */
+    fp = fopen(primary_path, "r");
+    if (fp == NULL)
+        return ENOENT;
+    ret = fgets(buf, sizeof(buf), fp);
+    fclose(fp);
+    if (ret == NULL)
+        return KRB5_CC_IO;
+    len = strlen(buf);
+
+    /* Check if line is too long, doesn't look like a subsidiary cache
+     * filename, or isn't a single-component filename. */
+    if (buf[len - 1] != '\n' || !filename_is_cache(buf) ||
+        strchr(buf, '/') || strchr(buf, '\\')) {
+        k5_setmsg(context, KRB5_CC_FORMAT, _("%s contains invalid filename"),
+                  primary_path);
+        return KRB5_CC_FORMAT;
+    }
+    buf[len - 1] = '\0';
+
+    return subsidiary_residual(dirname, buf, residual_out);
+}
+
+/* Create or update the primary file with a line containing contents. */
+static krb5_error_code
+write_primary_file(const char *primary_path, const char *contents)
+{
+    krb5_error_code ret = KRB5_CC_IO;
+    char *newpath = NULL;
+    FILE *fp = NULL;
+    int fd = -1, status;
+
+    if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0)
+        return ENOMEM;
+    fd = mkstemp(newpath);
+    if (fd < 0)
+        goto cleanup;
+#ifdef HAVE_CHMOD
+    chmod(newpath, S_IRUSR | S_IWUSR);
+#endif
+    fp = fdopen(fd, "w");
+    if (fp == NULL)
+        goto cleanup;
+    fd = -1;
+    if (fprintf(fp, "%s\n", contents) < 0)
+        goto cleanup;
+    status = fclose(fp);
+    fp = NULL;
+    if (status == EOF)
+        goto cleanup;
+    fp = NULL;
+    if (rename(newpath, primary_path) != 0)
+        goto cleanup;
+    ret = 0;
+
+cleanup:
+    if (fd >= 0)
+        close(fd);
+    if (fp != NULL)
+        fclose(fp);
+    free(newpath);
+    return ret;
+}
+
+/* Verify or create a cache directory path. */
+static krb5_error_code
+verify_dir(krb5_context context, const char *dirname)
+{
+    struct stat st;
+
+    if (stat(dirname, &st) < 0) {
+        if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0)
+            return 0;
+        k5_setmsg(context, KRB5_FCC_NOFILE,
+                  _("Credential cache directory %s does not exist"),
+                  dirname);
+        return KRB5_FCC_NOFILE;
+    }
+    if (!S_ISDIR(st.st_mode)) {
+        k5_setmsg(context, KRB5_CC_FORMAT,
+                  _("Credential cache directory %s exists but is not a "
+                    "directory"), dirname);
+        return KRB5_CC_FORMAT;
+    }
+    return 0;
+}
+
+/*
+ * If the default ccache name for context is a directory collection, set
+ * *dirname_out to the directory name for that collection.  Otherwise set
+ * *dirname_out to NULL.
+ */
+static krb5_error_code
+get_context_default_dir(krb5_context context, char **dirname_out)
+{
+    const char *defname;
+    char *dirname;
+
+    *dirname_out = NULL;
+    defname = krb5_cc_default_name(context);
+    if (defname == NULL)
+        return 0;
+    if (strncmp(defname, "DIR:", 4) != 0 ||
+        defname[4] == ':' || defname[4] == '\0')
+        return 0;
+    dirname = strdup(defname + 4);
+    if (dirname == NULL)
+        return ENOMEM;
+    *dirname_out = dirname;
+    return 0;
+}
+
+/*
+ * If the default ccache name for context is a subsidiary file in a directory
+ * collection, set *subsidiary_out to the residual value.  Otherwise set
+ * *subsidiary_out to NULL.
+ */
+static krb5_error_code
+get_context_subsidiary_file(krb5_context context, char **subsidiary_out)
+{
+    const char *defname;
+    char *residual;
+
+    *subsidiary_out = NULL;
+    defname = krb5_cc_default_name(context);
+    if (defname == NULL || strncmp(defname, "DIR::", 5) != 0)
+        return 0;
+    residual = strdup(defname + 4);
+    if (residual == NULL)
+        return ENOMEM;
+    *subsidiary_out = residual;
+    return 0;
+}
+
+static const char * KRB5_CALLCONV
+dcc_get_name(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+
+    return data->residual;
+}
+
+/* Construct a cache object given a residual string and file ccache.  Take
+ * ownership of fcc on success. */
+static krb5_error_code
+make_cache(const char *residual, krb5_ccache fcc, krb5_ccache *cache_out)
+{
+    krb5_ccache cache = NULL;
+    dcc_data *data = NULL;
+    char *residual_copy = NULL;
+
+    cache = malloc(sizeof(*cache));
+    if (cache == NULL)
+        goto oom;
+    data = malloc(sizeof(*data));
+    if (data == NULL)
+        goto oom;
+    residual_copy = strdup(residual);
+    if (residual_copy == NULL)
+        goto oom;
+
+    data->residual = residual_copy;
+    data->fcc = fcc;
+    cache->ops = &krb5_dcc_ops;
+    cache->data = data;
+    cache->magic = KV5M_CCACHE;
+    *cache_out = cache;
+    return 0;
+
+oom:
+    free(cache);
+    free(data);
+    free(residual_copy);
+    return ENOMEM;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_resolve(krb5_context context, krb5_ccache *cache_out, const char *residual)
+{
+    krb5_error_code ret;
+    krb5_ccache fcc;
+    char *primary_path = NULL, *sresidual = NULL, *dirname, *filename;
+
+    *cache_out = NULL;
+
+    if (*residual == ':') {
+        /* This is a subsidiary cache within the directory. */
+        ret = split_path(context, residual + 1, &dirname, &filename);
+        if (ret)
+            return ret;
+
+        ret = verify_dir(context, dirname);
+        free(dirname);
+        free(filename);
+        if (ret)
+            return ret;
+    } else {
+        /* This is the directory itself; resolve to the primary cache. */
+        ret = verify_dir(context, residual);
+        if (ret)
+            return ret;
+
+        ret = primary_pathname(residual, &primary_path);
+        if (ret)
+            goto cleanup;
+
+        ret = read_primary_file(context, primary_path, residual, &sresidual);
+        if (ret == ENOENT) {
+            /* Create an initial primary file. */
+            ret = write_primary_file(primary_path, "tkt");
+            if (ret)
+                goto cleanup;
+            ret = subsidiary_residual(residual, "tkt", &sresidual);
+        }
+        if (ret)
+            goto cleanup;
+        residual = sresidual;
+    }
+
+    ret = krb5_fcc_ops.resolve(context, &fcc, residual + 1);
+    if (ret)
+        goto cleanup;
+    ret = make_cache(residual, fcc, cache_out);
+    if (ret)
+        krb5_fcc_ops.close(context, fcc);
+
+cleanup:
+    free(primary_path);
+    free(sresidual);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_gen_new(krb5_context context, krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    char *dirname = NULL, *template = NULL, *residual = NULL;
+    krb5_ccache fcc = NULL;
+
+    *cache_out = NULL;
+    ret = get_context_default_dir(context, &dirname);
+    if (ret)
+        return ret;
+    if (dirname == NULL) {
+        k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
+                  _("Can't create new subsidiary cache because default cache "
+                    "is not a directory collection"));
+        return KRB5_DCC_CANNOT_CREATE;
+    }
+    ret = verify_dir(context, dirname);
+    if (ret)
+        goto cleanup;
+    ret = k5_path_join(dirname, "tktXXXXXX", &template);
+    if (ret)
+        goto cleanup;
+    ret = krb5int_fcc_new_unique(context, template, &fcc);
+    if (ret)
+        goto cleanup;
+    if (asprintf(&residual, ":%s", template) < 0) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    ret = make_cache(residual, fcc, cache_out);
+    if (ret)
+        goto cleanup;
+    fcc = NULL;
+
+cleanup:
+    if (fcc != NULL)
+        krb5_fcc_ops.destroy(context, fcc);
+    free(dirname);
+    free(template);
+    free(residual);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_init(krb5_context context, krb5_ccache cache, krb5_principal princ)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.init(context, data->fcc, princ);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_destroy(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+    krb5_error_code ret;
+
+    ret = krb5_fcc_ops.destroy(context, data->fcc);
+    free(data->residual);
+    free(data);
+    free(cache);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_close(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+    krb5_error_code ret;
+
+    ret = krb5_fcc_ops.close(context, data->fcc);
+    free(data->residual);
+    free(data);
+    free(cache);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_store(krb5_context context, krb5_ccache cache, krb5_creds *creds)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.store(context, data->fcc, creds);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_retrieve(krb5_context context, krb5_ccache cache, krb5_flags flags,
+             krb5_creds *mcreds, krb5_creds *creds)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.retrieve(context, data->fcc, flags, mcreds,
+                                 creds);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_get_princ(krb5_context context, krb5_ccache cache,
+              krb5_principal *princ_out)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.get_princ(context, data->fcc, princ_out);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_get_first(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.get_first(context, data->fcc, cursor);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_get_next(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
+             krb5_creds *creds)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.get_next(context, data->fcc, cursor, creds);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_end_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.end_get(context, data->fcc, cursor);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                krb5_creds *creds)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.remove_cred(context, data->fcc, flags, creds);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.set_flags(context, data->fcc, flags);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags_out)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.get_flags(context, data->fcc, flags_out);
+}
+
+struct dcc_ptcursor_data {
+    char *primary;
+    char *dirname;
+    DIR *dir;
+    krb5_boolean first;
+};
+
+/* Construct a cursor, taking ownership of dirname, primary, and dir on
+ * success. */
+static krb5_error_code
+make_cursor(char *dirname, char *primary, DIR *dir,
+            krb5_cc_ptcursor *cursor_out)
+{
+    krb5_cc_ptcursor cursor;
+    struct dcc_ptcursor_data *data;
+
+    *cursor_out = NULL;
+
+    data = malloc(sizeof(*data));
+    if (data == NULL)
+        return ENOMEM;
+    cursor = malloc(sizeof(*cursor));
+    if (cursor == NULL) {
+        free(data);
+        return ENOMEM;
+    }
+
+    data->dirname = dirname;
+    data->primary = primary;
+    data->dir = dir;
+    data->first = TRUE;
+    cursor->ops = &krb5_dcc_ops;
+    cursor->data = data;
+    *cursor_out = cursor;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out)
+{
+    krb5_error_code ret;
+    char *dirname = NULL, *primary_path = NULL, *primary = NULL;
+    DIR *dir = NULL;
+
+    *cursor_out = NULL;
+
+    /* If the default cache is a subsidiary file, make a cursor with the
+     * specified file as the primary but with no directory collection. */
+    ret = get_context_subsidiary_file(context, &primary);
+    if (ret)
+        goto cleanup;
+    if (primary != NULL) {
+        ret = make_cursor(NULL, primary, NULL, cursor_out);
+        if (ret)
+            free(primary);
+        return ret;
+    }
+
+    /* Open the directory for the context's default cache. */
+    ret = get_context_default_dir(context, &dirname);
+    if (ret || dirname == NULL)
+        goto cleanup;
+    dir = opendir(dirname);
+    if (dir == NULL)
+        goto cleanup;
+
+    /* Fetch the primary cache name if possible. */
+    ret = primary_pathname(dirname, &primary_path);
+    if (ret)
+        goto cleanup;
+    ret = read_primary_file(context, primary_path, dirname, &primary);
+    if (ret)
+        krb5_clear_error_message(context);
+
+    ret = make_cursor(dirname, primary, dir, cursor_out);
+    if (ret)
+        goto cleanup;
+    dirname = primary = NULL;
+    dir = NULL;
+
+cleanup:
+    free(dirname);
+    free(primary_path);
+    free(primary);
+    if (dir)
+        closedir(dir);
+    /* Return an empty cursor if we fail for any reason. */
+    if (*cursor_out == NULL)
+        return make_cursor(NULL, NULL, NULL, cursor_out);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
+                  krb5_ccache *cache_out)
+{
+    struct dcc_ptcursor_data *data = cursor->data;
+    struct dirent *ent;
+    char *residual;
+    krb5_error_code ret;
+    struct stat sb;
+
+    *cache_out = NULL;
+
+    /* Return the primary or specified subsidiary cache if we haven't yet. */
+    if (data->first) {
+        data->first = FALSE;
+        if (data->primary != NULL && stat(data->primary + 1, &sb) == 0)
+            return dcc_resolve(context, cache_out, data->primary);
+    }
+
+    if (data->dir == NULL)      /* No directory collection */
+        return 0;
+
+    /* Look for the next filename of the correct form, without repeating the
+     * primary cache. */
+    while ((ent = readdir(data->dir)) != NULL) {
+        if (!filename_is_cache(ent->d_name))
+            continue;
+        ret = subsidiary_residual(data->dirname, ent->d_name, &residual);
+        if (ret)
+            return ret;
+        if (data->primary != NULL && strcmp(residual, data->primary) == 0) {
+            free(residual);
+            continue;
+        }
+        ret = dcc_resolve(context, cache_out, residual);
+        free(residual);
+        return ret;
+    }
+
+    /* We exhausted the directory without finding a cache to yield. */
+    closedir(data->dir);
+    data->dir = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    struct dcc_ptcursor_data *data = (*cursor)->data;
+
+    if (data->dir)
+        closedir(data->dir);
+    free(data->dirname);
+    free(data->primary);
+    free(data);
+    free(*cursor);
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_replace(krb5_context context, krb5_ccache cache, krb5_principal princ,
+            krb5_creds **creds)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.replace(context, data->fcc, princ, creds);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_lock(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.lock(context, data->fcc);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_unlock(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+
+    return krb5_fcc_ops.unlock(context, data->fcc);
+}
+
+static krb5_error_code KRB5_CALLCONV
+dcc_switch_to(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+    char *primary_path = NULL, *dirname = NULL, *filename = NULL;
+    krb5_error_code ret;
+
+    ret = split_path(context, data->residual + 1, &dirname, &filename);
+    if (ret)
+        return ret;
+
+    ret = primary_pathname(dirname, &primary_path);
+    if (ret)
+        goto cleanup;
+
+    ret = write_primary_file(primary_path, filename);
+
+cleanup:
+    free(primary_path);
+    free(dirname);
+    free(filename);
+    return ret;
+}
+
+const krb5_cc_ops krb5_dcc_ops = {
+    0,
+    "DIR",
+    dcc_get_name,
+    dcc_resolve,
+    dcc_gen_new,
+    dcc_init,
+    dcc_destroy,
+    dcc_close,
+    dcc_store,
+    dcc_retrieve,
+    dcc_get_princ,
+    dcc_get_first,
+    dcc_get_next,
+    dcc_end_get,
+    dcc_remove_cred,
+    dcc_set_flags,
+    dcc_get_flags,
+    dcc_ptcursor_new,
+    dcc_ptcursor_next,
+    dcc_ptcursor_free,
+    dcc_replace,
+    NULL, /* wasdefault */
+    dcc_lock,
+    dcc_unlock,
+    dcc_switch_to,
+};
+
+#endif /* not _WIN32 */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_file.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_file.c
new file mode 100644
index 00000000..c70a2827
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_file.c
@@ -0,0 +1,1479 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_file.c - File-based credential cache */
+/*
+ * Copyright 1990,1991,1992,1993,1994,2000,2004,2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Original stdio support copyright 1995 by Cygnus Support.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * A psuedo-BNF grammar for the FILE credential cache format is:
+ *
+ * file ::=
+ *   version (2 bytes; 05 01 for version 1 through 05 04 for version 4)
+ *   header [not present before version 4]
+ *   principal
+ *   credential1
+ *   credential2
+ *   ...
+ *
+ * header ::=
+ *   headerlen (16 bits)
+ *   header1tag (16 bits)
+ *   header1len (16 bits)
+ *   header1val (header1len bytes)
+ *
+ * See ccmarshal.c for the principal and credential formats.  Although versions
+ * 1 and 2 of the FILE format use native byte order for integer representations
+ * within principals and credentials, the integer fields in the grammar above
+ * are always in big-endian byte order.
+ *
+ * Only one header tag is currently defined.  The tag value is 1
+ * (FCC_TAG_DELTATIME), and its contents are two 32-bit integers giving the
+ * seconds and microseconds of the time offset of the KDC relative to the
+ * client.
+ *
+ * Each of the file ccache functions opens and closes the file whenever it
+ * needs to access it.
+ *
+ * This module depends on UNIX-like file descriptors, and UNIX-like behavior
+ * from the functions: open, close, read, write, lseek.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+
+#include <stdio.h>
+#include <errno.h>
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
+extern const krb5_cc_ops krb5_cc_file_ops;
+
+krb5_error_code krb5_change_cache(void);
+
+static krb5_error_code interpret_errno(krb5_context, int);
+
+/* The cache format version is a positive integer, represented in the cache
+ * file as a two-byte big endian number with 0x0500 added to it. */
+#define FVNO_BASE 0x0500
+
+#define FCC_TAG_DELTATIME       1
+
+#ifndef TKT_ROOT
+#ifdef MSDOS_FILESYSTEM
+#define TKT_ROOT "\\tkt"
+#else
+#define TKT_ROOT "/tmp/tkt"
+#endif
+#endif
+
+typedef struct fcc_data_st {
+    k5_cc_mutex lock;
+    char *filename;
+} fcc_data;
+
+/* Iterator over file caches.  */
+struct krb5_fcc_ptcursor_data {
+    krb5_boolean first;
+};
+
+/* Iterator over a cache. */
+typedef struct _krb5_fcc_cursor {
+    FILE *fp;
+    int version;
+} krb5_fcc_cursor;
+
+k5_cc_mutex krb5int_cc_file_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
+
+/* Add fname to the standard error message for ret. */
+static krb5_error_code
+set_errmsg_filename(krb5_context context, krb5_error_code ret,
+                    const char *fname)
+{
+    if (!ret)
+        return 0;
+    k5_setmsg(context, ret, "%s (filename: %s)", error_message(ret), fname);
+    return ret;
+}
+
+/* Get the size of the cache file as a size_t, or SIZE_MAX if it is too
+ * large to be represented as a size_t. */
+static krb5_error_code
+get_size(krb5_context context, FILE *fp, size_t *size_out)
+{
+    struct stat sb;
+
+    *size_out = 0;
+    if (fstat(fileno(fp), &sb) == -1)
+        return interpret_errno(context, errno);
+    if (sizeof(off_t) > sizeof(size_t) && sb.st_size > (off_t)SIZE_MAX)
+        *size_out = SIZE_MAX;
+    else
+        *size_out = sb.st_size;
+    return 0;
+}
+
+/* Read len bytes from fp, storing them in buf.  Return KRB5_CC_END
+ * if not enough bytes are present. */
+static krb5_error_code
+read_bytes(krb5_context context, FILE *fp, void *buf, size_t len)
+{
+    size_t nread;
+
+    nread = fread(buf, 1, len, fp);
+    if (nread < len)
+        return ferror(fp) ? errno : KRB5_CC_END;
+    return 0;
+}
+
+/* Load four bytes from the cache file.  Add them to buf (if set) and return
+ * their value as a 32-bit unsigned integer according to the file format. */
+static krb5_error_code
+read32(krb5_context context, FILE *fp, int version, struct k5buf *buf,
+       uint32_t *out)
+{
+    krb5_error_code ret;
+    char bytes[4];
+
+    ret = read_bytes(context, fp, bytes, 4);
+    if (ret)
+        return ret;
+    if (buf != NULL)
+        k5_buf_add_len(buf, bytes, 4);
+    *out = (version < 3) ? load_32_n(bytes) : load_32_be(bytes);
+    return 0;
+}
+
+/* Load two bytes from the cache file and return their value as a 16-bit
+ * unsigned integer according to the file format. */
+static krb5_error_code
+read16(krb5_context context, FILE *fp, int version, uint16_t *out)
+{
+    krb5_error_code ret;
+    char bytes[2];
+
+    ret = read_bytes(context, fp, bytes, 2);
+    if (ret)
+        return ret;
+    *out = (version < 3) ? load_16_n(bytes) : load_16_be(bytes);
+    return 0;
+}
+
+/* Read len bytes from the cache file and add them to buf. */
+static krb5_error_code
+load_bytes(krb5_context context, FILE *fp, size_t len, struct k5buf *buf)
+{
+    void *ptr;
+
+    ptr = k5_buf_get_space(buf, len);
+    return (ptr == NULL) ? KRB5_CC_NOMEM : read_bytes(context, fp, ptr, len);
+}
+
+/* Load a 32-bit length and data from the cache file into buf, but not more
+ * than maxsize bytes. */
+static krb5_error_code
+load_data(krb5_context context, FILE *fp, int version, size_t maxsize,
+          struct k5buf *buf)
+{
+    krb5_error_code ret;
+    uint32_t count;
+
+    ret = read32(context, fp, version, buf, &count);
+    if (ret)
+        return ret;
+    if (count > maxsize)
+        return KRB5_CC_FORMAT;
+    return load_bytes(context, fp, count, buf);
+}
+
+/* Load a marshalled principal from the cache file into buf, without
+ * unmarshalling it. */
+static krb5_error_code
+load_principal(krb5_context context, FILE *fp, int version, size_t maxsize,
+               struct k5buf *buf)
+{
+    krb5_error_code ret;
+    uint32_t count;
+
+    if (version > 1) {
+        ret = load_bytes(context, fp, 4, buf);
+        if (ret)
+            return ret;
+    }
+    ret = read32(context, fp, version, buf, &count);
+    if (ret)
+        return ret;
+    /* Add one for the realm (except in version 1 which already counts it). */
+    if (version != 1)
+        count++;
+    while (count-- > 0) {
+        ret = load_data(context, fp, version, maxsize, buf);
+        if (ret)
+            return ret;
+    }
+    return 0;
+}
+
+/* Load a marshalled credential from the cache file into buf, without
+ * unmarshalling it. */
+static krb5_error_code
+load_cred(krb5_context context, FILE *fp, int version, size_t maxsize,
+          struct k5buf *buf)
+{
+    krb5_error_code ret;
+    uint32_t count, i;
+
+    /* client and server */
+    ret = load_principal(context, fp, version, maxsize, buf);
+    if (ret)
+        return ret;
+    ret = load_principal(context, fp, version, maxsize, buf);
+    if (ret)
+        return ret;
+
+    /* keyblock (enctype, enctype again for version 3, length, value) */
+    ret = load_bytes(context, fp, (version == 3) ? 4 : 2, buf);
+    if (ret)
+        return ret;
+    ret = load_data(context, fp, version, maxsize, buf);
+    if (ret)
+        return ret;
+
+    /* times (4*4 bytes), is_skey (1 byte), ticket flags (4 bytes) */
+    ret = load_bytes(context, fp, 4 * 4 + 1 + 4, buf);
+    if (ret)
+        return ret;
+
+    /* addresses and authdata, both lists of {type, length, data} */
+    for (i = 0; i < 2; i++) {
+        ret = read32(context, fp, version, buf, &count);
+        if (ret)
+            return ret;
+        while (count-- > 0) {
+            ret = load_bytes(context, fp, 2, buf);
+            if (ret)
+                return ret;
+            ret = load_data(context, fp, version, maxsize, buf);
+            if (ret)
+                return ret;
+        }
+    }
+
+    /* ticket and second_ticket */
+    ret = load_data(context, fp, version, maxsize, buf);
+    if (ret)
+        return ret;
+    return load_data(context, fp, version, maxsize, buf);
+}
+
+static krb5_error_code
+read_principal(krb5_context context, FILE *fp, int version,
+               krb5_principal *princ)
+{
+    krb5_error_code ret;
+    struct k5buf buf;
+    size_t maxsize;
+
+    *princ = NULL;
+    k5_buf_init_dynamic(&buf);
+
+    /* Read the principal representation into memory. */
+    ret = get_size(context, fp, &maxsize);
+    if (ret)
+        goto cleanup;
+    ret = load_principal(context, fp, version, maxsize, &buf);
+    if (ret)
+        goto cleanup;
+    ret = k5_buf_status(&buf);
+    if (ret)
+        goto cleanup;
+
+    /* Unmarshal it from buf into princ. */
+    ret = k5_unmarshal_princ(buf.data, buf.len, version, princ);
+
+cleanup:
+    k5_buf_free(&buf);
+    return ret;
+}
+
+/*
+ * Open and lock an existing cache file.  If writable is true, open it for
+ * writing (with O_APPEND) and get an exclusive lock; otherwise open it for
+ * reading and get a shared lock.
+ */
+static krb5_error_code
+open_cache_file(krb5_context context, const char *filename,
+                krb5_boolean writable, FILE **fp_out)
+{
+    krb5_error_code ret;
+    int fd, flags, lockmode;
+    FILE *fp;
+
+    *fp_out = NULL;
+
+    flags = writable ? (O_RDWR | O_APPEND) : O_RDONLY;
+    fd = open(filename, flags | O_BINARY | O_CLOEXEC, 0600);
+    if (fd == -1)
+        return interpret_errno(context, errno);
+    set_cloexec_fd(fd);
+
+    lockmode = writable ? KRB5_LOCKMODE_EXCLUSIVE : KRB5_LOCKMODE_SHARED;
+    ret = krb5_lock_file(context, fd, lockmode);
+    if (ret) {
+        (void)close(fd);
+        return ret;
+    }
+
+    fp = fdopen(fd, writable ? "r+b" : "rb");
+    if (fp == NULL) {
+        (void)krb5_unlock_file(context, fd);
+        (void)close(fd);
+        return KRB5_CC_NOMEM;
+    }
+
+    *fp_out = fp;
+    return 0;
+}
+
+/* Unlock and close the cache file.  Do nothing if fp is NULL. */
+static krb5_error_code
+close_cache_file(krb5_context context, FILE *fp)
+{
+    int st;
+    krb5_error_code ret;
+
+    if (fp == NULL)
+        return 0;
+    ret = krb5_unlock_file(context, fileno(fp));
+    st = fclose(fp);
+    if (ret)
+        return ret;
+    return st ? interpret_errno(context, errno) : 0;
+}
+
+/* Read the cache file header.  Set time offsets in context from the header if
+ * appropriate.  Set *version_out to the cache file format version. */
+static krb5_error_code
+read_header(krb5_context context, FILE *fp, int *version_out)
+{
+    krb5_error_code ret;
+    krb5_os_context os_ctx = &context->os_context;
+    uint16_t fields_len, tag, flen;
+    uint32_t time_offset, usec_offset;
+    char i16buf[2];
+    int version;
+
+    *version_out = 0;
+
+    /* Get the file format version. */
+    ret = read_bytes(context, fp, i16buf, 2);
+    if (ret)
+        return KRB5_CC_FORMAT;
+    version = load_16_be(i16buf) - FVNO_BASE;
+    if (version < 1 || version > 4)
+        return KRB5_CCACHE_BADVNO;
+    *version_out = version;
+
+    /* Tagged header fields begin with version 4. */
+    if (version < 4)
+        return 0;
+
+    if (read16(context, fp, version, &fields_len))
+        return KRB5_CC_FORMAT;
+    while (fields_len) {
+        if (fields_len < 4 || read16(context, fp, version, &tag) ||
+            read16(context, fp, version, &flen) || flen > fields_len - 4)
+            return KRB5_CC_FORMAT;
+
+        switch (tag) {
+        case FCC_TAG_DELTATIME:
+            if (flen != 8 ||
+                read32(context, fp, version, NULL, &time_offset) ||
+                read32(context, fp, version, NULL, &usec_offset))
+                return KRB5_CC_FORMAT;
+
+            if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) ||
+                (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID))
+                break;
+
+            os_ctx->time_offset = time_offset;
+            os_ctx->usec_offset = usec_offset;
+            os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+                                KRB5_OS_TOFFSET_VALID);
+            break;
+
+        default:
+            if (flen && fseek(fp, flen, SEEK_CUR) != 0)
+                return KRB5_CC_FORMAT;
+            break;
+        }
+        fields_len -= (4 + flen);
+    }
+    return 0;
+}
+
+static void
+marshal_header(krb5_context context, struct k5buf *buf, krb5_principal princ)
+{
+    krb5_os_context os_ctx = &context->os_context;
+    int version = context->fcc_default_format - FVNO_BASE;
+    uint16_t fields_len;
+
+    version = context->fcc_default_format - FVNO_BASE;
+    k5_buf_add_uint16_be(buf, FVNO_BASE + version);
+    if (version >= 4) {
+        /* Add tagged header fields. */
+        fields_len = 0;
+        if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
+            fields_len += 12;
+        k5_buf_add_uint16_be(buf, fields_len);
+        if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+            /* Add time offset tag. */
+            k5_buf_add_uint16_be(buf, FCC_TAG_DELTATIME);
+            k5_buf_add_uint16_be(buf, 8);
+            k5_buf_add_uint32_be(buf, os_ctx->time_offset);
+            k5_buf_add_uint32_be(buf, os_ctx->usec_offset);
+        }
+    }
+    k5_marshal_princ(buf, version, princ);
+}
+
+/* Create or overwrite the cache file with a header and default principal. */
+static krb5_error_code KRB5_CALLCONV
+fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
+{
+    krb5_error_code ret;
+    fcc_data *data = id->data;
+    ssize_t nwritten;
+    int st, flags, fd = -1;
+    struct k5buf buf = EMPTY_K5BUF;
+    krb5_boolean file_locked = FALSE;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    unlink(data->filename);
+    flags = O_CREAT | O_EXCL | O_RDWR | O_BINARY | O_CLOEXEC;
+    fd = open(data->filename, flags, 0600);
+    if (fd == -1) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+    set_cloexec_fd(fd);
+
+#if defined(HAVE_FCHMOD) || defined(HAVE_CHMOD)
+#ifdef HAVE_FCHMOD
+    st = fchmod(fd, S_IRUSR | S_IWUSR);
+#else
+    st = chmod(data->filename, S_IRUSR | S_IWUSR);
+#endif
+    if (st == -1) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+#endif
+
+    ret = krb5_lock_file(context, fd, KRB5_LOCKMODE_EXCLUSIVE);
+    if (ret)
+        goto cleanup;
+    file_locked = TRUE;
+
+    /* Prepare the header and principal in buf. */
+    k5_buf_init_dynamic(&buf);
+    marshal_header(context, &buf, princ);
+    ret = k5_buf_status(&buf);
+    if (ret)
+        goto cleanup;
+
+    /* Write the header and principal. */
+    nwritten = write(fd, buf.data, buf.len);
+    if (nwritten == -1)
+        ret = interpret_errno(context, errno);
+    if ((size_t)nwritten != buf.len)
+        ret = KRB5_CC_IO;
+
+cleanup:
+    k5_buf_free(&buf);
+    if (file_locked)
+        krb5_unlock_file(context, fd);
+    if (fd != -1)
+        close(fd);
+    k5_cc_mutex_unlock(context, &data->lock);
+    krb5_change_cache();
+    return set_errmsg_filename(context, ret, data->filename);
+}
+
+/* Release an fcc_data object. */
+static void
+free_fccdata(krb5_context context, fcc_data *data)
+{
+    k5_cc_mutex_assert_unlocked(context, &data->lock);
+    free(data->filename);
+    k5_cc_mutex_destroy(&data->lock);
+    free(data);
+}
+
+/* Release the ccache handle. */
+static krb5_error_code KRB5_CALLCONV
+fcc_close(krb5_context context, krb5_ccache id)
+{
+    free_fccdata(context, id->data);
+    free(id);
+    return 0;
+}
+
+/* Destroy the cache file and release the handle. */
+static krb5_error_code KRB5_CALLCONV
+fcc_destroy(krb5_context context, krb5_ccache id)
+{
+    krb5_error_code ret = 0;
+    fcc_data *data = id->data;
+    int st, fd;
+    struct stat buf;
+    unsigned long i, size;
+    unsigned int wlen;
+    char zeros[BUFSIZ];
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    fd = open(data->filename, O_RDWR | O_BINARY | O_CLOEXEC, 0);
+    if (fd < 0) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+    set_cloexec_fd(fd);
+
+#ifdef MSDOS_FILESYSTEM
+    /*
+     * "Disgusting bit of UNIX trivia" - that's how the writers of NFS describe
+     * the ability of UNIX to still write to a file which has been unlinked.
+     * Naturally, the PC can't do this.  As a result, we have to delete the
+     * file after we wipe it clean, but that throws off all the error handling
+     * code.  So we have do the work ourselves.
+     */
+    st = fstat(fd, &buf);
+    if (st == -1) {
+        ret = interpret_errno(context, errno);
+        size = 0;               /* Nothing to wipe clean */
+    } else {
+        size = (unsigned long)buf.st_size;
+    }
+
+    memset(zeros, 0, BUFSIZ);
+    while (size > 0) {
+        wlen = (int)((size > BUFSIZ) ? BUFSIZ : size); /* How much to write */
+        i = write(fd, zeros, wlen);
+        if (i < 0) {
+            ret = interpret_errno(context, errno);
+            /* Don't jump to cleanup--we still want to delete the file. */
+            break;
+        }
+        size -= i;
+    }
+
+    (void)close(fd);
+
+    st = unlink(data->filename);
+    if (st < 0) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+
+#else /* MSDOS_FILESYSTEM */
+
+    st = unlink(data->filename);
+    if (st < 0) {
+        ret = interpret_errno(context, errno);
+        (void)close(fd);
+        goto cleanup;
+    }
+
+    st = fstat(fd, &buf);
+    if (st < 0) {
+        ret = interpret_errno(context, errno);
+        (void)close(fd);
+        goto cleanup;
+    }
+
+    /* XXX This may not be legal XXX */
+    size = (unsigned long)buf.st_size;
+    memset(zeros, 0, BUFSIZ);
+    for (i = 0; i < size / BUFSIZ; i++) {
+        if (write(fd, zeros, BUFSIZ) < 0) {
+            ret = interpret_errno(context, errno);
+            (void)close(fd);
+            goto cleanup;
+        }
+    }
+
+    wlen = size % BUFSIZ;
+    if (write(fd, zeros, wlen) < 0) {
+        ret = interpret_errno(context, errno);
+        (void)close(fd);
+        goto cleanup;
+    }
+
+    st = close(fd);
+
+    if (st)
+        ret = interpret_errno(context, errno);
+
+#endif /* MSDOS_FILESYSTEM */
+
+cleanup:
+    (void)set_errmsg_filename(context, ret, data->filename);
+    k5_cc_mutex_unlock(context, &data->lock);
+    free_fccdata(context, data);
+    free(id);
+
+    krb5_change_cache();
+    return ret;
+}
+
+extern const krb5_cc_ops krb5_fcc_ops;
+
+/* Create a file ccache handle for the pathname given by residual. */
+static krb5_error_code KRB5_CALLCONV
+fcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
+{
+    krb5_ccache lid;
+    krb5_error_code ret;
+    fcc_data *data;
+
+    data = malloc(sizeof(fcc_data));
+    if (data == NULL)
+        return KRB5_CC_NOMEM;
+    data->filename = strdup(residual);
+    if (data->filename == NULL) {
+        free(data);
+        return KRB5_CC_NOMEM;
+    }
+    ret = k5_cc_mutex_init(&data->lock);
+    if (ret) {
+        free(data->filename);
+        free(data);
+        return ret;
+    }
+
+    lid = malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL) {
+        free_fccdata(context, data);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->ops = &krb5_fcc_ops;
+    lid->data = data;
+    lid->magic = KV5M_CCACHE;
+
+    /* Other routines will get errors on open, and callers must expect them, if
+     * cache is non-existent/unusable. */
+    *id = lid;
+    return 0;
+}
+
+/* Prepare for a sequential iteration over the cache file. */
+static krb5_error_code KRB5_CALLCONV
+fcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krb5_fcc_cursor *fcursor = NULL;
+    krb5_error_code ret;
+    krb5_principal princ = NULL;
+    fcc_data *data = id->data;
+    FILE *fp = NULL;
+    int version;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    fcursor = malloc(sizeof(krb5_fcc_cursor));
+    if (fcursor == NULL) {
+        ret = KRB5_CC_NOMEM;
+        goto cleanup;
+    }
+
+    /* Open the cache file and read the header. */
+    ret = open_cache_file(context, data->filename, FALSE, &fp);
+    if (ret)
+        goto cleanup;
+    ret = read_header(context, fp, &version);
+    if (ret)
+        goto cleanup;
+
+    /* Read past the default client principal name. */
+    ret = read_principal(context, fp, version, &princ);
+    if (ret)
+        goto cleanup;
+
+    /* Drop the shared file lock but retain the file handle. */
+    (void)krb5_unlock_file(context, fileno(fp));
+    fcursor->fp = fp;
+    fp = NULL;
+    fcursor->version = version;
+    *cursor = (krb5_cc_cursor)fcursor;
+    fcursor = NULL;
+
+cleanup:
+    (void)close_cache_file(context, fp);
+    free(fcursor);
+    krb5_free_principal(context, princ);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return set_errmsg_filename(context, ret, data->filename);
+}
+
+/* Return true if cred is a removed entry (assuming that no legitimate cred
+ * entries will have authtime=-1 and endtime=0). */
+static inline krb5_boolean
+cred_removed(krb5_creds *c)
+{
+    return c->times.endtime == 0 && c->times.authtime == -1;
+}
+
+/* Get the next credential from the cache file. */
+static krb5_error_code KRB5_CALLCONV
+fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
+              krb5_creds *creds)
+{
+    krb5_error_code ret;
+    krb5_fcc_cursor *fcursor = *cursor;
+    fcc_data *data = id->data;
+    struct k5buf buf;
+    size_t maxsize;
+    krb5_boolean file_locked = FALSE;
+
+    memset(creds, 0, sizeof(*creds));
+    k5_cc_mutex_lock(context, &data->lock);
+    k5_buf_init_dynamic_zap(&buf);
+
+    ret = krb5_lock_file(context, fileno(fcursor->fp), KRB5_LOCKMODE_SHARED);
+    if (ret)
+        goto cleanup;
+    file_locked = TRUE;
+
+    for (;;) {
+        /* Load a marshalled cred into memory. */
+        ret = get_size(context, fcursor->fp, &maxsize);
+        if (ret)
+            goto cleanup;
+        ret = load_cred(context, fcursor->fp, fcursor->version, maxsize, &buf);
+        if (ret)
+            goto cleanup;
+        ret = k5_buf_status(&buf);
+        if (ret)
+            goto cleanup;
+
+        /* Unmarshal it from buf into creds. */
+        ret = k5_unmarshal_cred(buf.data, buf.len, fcursor->version, creds);
+        if (ret)
+            goto cleanup;
+
+        /* Keep going if this entry has been removed; otherwise stop. */
+        if (!cred_removed(creds))
+            break;
+
+        k5_buf_truncate(&buf, 0);
+        krb5_free_cred_contents(context, creds);
+    }
+
+cleanup:
+    if (file_locked)
+        (void)krb5_unlock_file(context, fileno(fcursor->fp));
+    k5_cc_mutex_unlock(context, &data->lock);
+    k5_buf_free(&buf);
+    return set_errmsg_filename(context, ret, data->filename);
+}
+
+/* Release an iteration cursor. */
+static krb5_error_code KRB5_CALLCONV
+fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krb5_fcc_cursor *fcursor = *cursor;
+
+    (void)fclose(fcursor->fp);
+    free(fcursor);
+    *cursor = NULL;
+    return 0;
+}
+
+/* Generate a unique file ccache using the given template (which will be
+ * modified to contain the actual name of the file). */
+krb5_error_code
+krb5int_fcc_new_unique(krb5_context context, char *template, krb5_ccache *id)
+{
+    krb5_ccache lid;
+    int fd;
+    krb5_error_code ret;
+    fcc_data *data;
+    char fcc_fvno[2];
+    int16_t fcc_flen = 0;
+    int errsave, cnt;
+
+    fd = mkstemp(template);
+    if (fd == -1)
+        return interpret_errno(context, errno);
+    set_cloexec_fd(fd);
+
+    /* Allocate memory */
+    data = malloc(sizeof(fcc_data));
+    if (data == NULL) {
+        close(fd);
+        unlink(template);
+        return KRB5_CC_NOMEM;
+    }
+
+    data->filename = strdup(template);
+    if (data->filename == NULL) {
+        free(data);
+        close(fd);
+        unlink(template);
+        return KRB5_CC_NOMEM;
+    }
+
+    ret = k5_cc_mutex_init(&data->lock);
+    if (ret) {
+        free(data->filename);
+        free(data);
+        close(fd);
+        unlink(template);
+        return ret;
+    }
+    k5_cc_mutex_lock(context, &data->lock);
+
+    /* Ignore user's umask, set mode = 0600 */
+#ifndef HAVE_FCHMOD
+#ifdef HAVE_CHMOD
+    chmod(data->filename, S_IRUSR | S_IWUSR);
+#endif
+#else
+    fchmod(fd, S_IRUSR | S_IWUSR);
+#endif
+    store_16_be(context->fcc_default_format, fcc_fvno);
+    cnt = write(fd, &fcc_fvno, 2);
+    if (cnt != 2) {
+        errsave = errno;
+        (void)close(fd);
+        (void)unlink(data->filename);
+        ret = (cnt == -1) ? interpret_errno(context, errsave) : KRB5_CC_IO;
+        goto err_out;
+    }
+    /* For version 4 we save a length for the rest of the header */
+    if (context->fcc_default_format == FVNO_BASE + 4) {
+        cnt = write(fd, &fcc_flen, sizeof(fcc_flen));
+        if (cnt != sizeof(fcc_flen)) {
+            errsave = errno;
+            (void)close(fd);
+            (void)unlink(data->filename);
+            ret = (cnt == -1) ? interpret_errno(context, errsave) : KRB5_CC_IO;
+            goto err_out;
+        }
+    }
+    if (close(fd) == -1) {
+        errsave = errno;
+        (void)unlink(data->filename);
+        ret = interpret_errno(context, errsave);
+        goto err_out;
+    }
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+    k5_cc_mutex_unlock(context, &data->lock);
+    lid = malloc(sizeof(*lid));
+    if (lid == NULL) {
+        free_fccdata(context, data);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->ops = &krb5_fcc_ops;
+    lid->data = data;
+    lid->magic = KV5M_CCACHE;
+
+    *id = lid;
+
+    krb5_change_cache();
+    return 0;
+
+err_out:
+    (void)set_errmsg_filename(context, ret, data->filename);
+    k5_cc_mutex_unlock(context, &data->lock);
+    k5_cc_mutex_destroy(&data->lock);
+    free(data->filename);
+    free(data);
+    return ret;
+}
+
+/*
+ * Create a new file cred cache whose name is guaranteed to be unique.  The
+ * name begins with the string TKT_ROOT (from fcc.h).  The cache file is not
+ * opened, but the new filename is reserved.
+ */
+static krb5_error_code KRB5_CALLCONV
+fcc_generate_new(krb5_context context, krb5_ccache *id)
+{
+    char scratch[sizeof(TKT_ROOT) + 7]; /* Room for XXXXXX and terminator */
+
+    (void)snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT);
+    return krb5int_fcc_new_unique(context, scratch, id);
+}
+
+/* Return an alias to the pathname of the cache file. */
+static const char * KRB5_CALLCONV
+fcc_get_name(krb5_context context, krb5_ccache id)
+{
+    return ((fcc_data *)id->data)->filename;
+}
+
+/* Retrieve a copy of the default principal, if the cache is initialized. */
+static krb5_error_code KRB5_CALLCONV
+fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
+{
+    krb5_error_code ret;
+    fcc_data *data = id->data;
+    FILE *fp = NULL;
+    int version;
+
+    k5_cc_mutex_lock(context, &data->lock);
+    ret = open_cache_file(context, data->filename, FALSE, &fp);
+    if (ret)
+        goto cleanup;
+    ret = read_header(context, fp, &version);
+    if (ret)
+        goto cleanup;
+    ret = read_principal(context, fp, version, princ);
+
+cleanup:
+    (void)close_cache_file(context, fp);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return set_errmsg_filename(context, ret, data->filename);
+}
+
+/* Search for a credential within the cache file. */
+static krb5_error_code KRB5_CALLCONV
+fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
+             krb5_creds *mcreds, krb5_creds *creds)
+{
+    krb5_error_code ret;
+
+    ret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds, creds);
+    return set_errmsg_filename(context, ret, ((fcc_data *)id->data)->filename);
+}
+
+/* Store a credential in the cache file. */
+static krb5_error_code KRB5_CALLCONV
+fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
+{
+    krb5_error_code ret, ret2;
+    fcc_data *data = id->data;
+    FILE *fp = NULL;
+    int version;
+    struct k5buf buf = EMPTY_K5BUF;
+    ssize_t nwritten;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    /* Open the cache file for O_APPEND writing. */
+    ret = open_cache_file(context, data->filename, TRUE, &fp);
+    if (ret)
+        goto cleanup;
+    ret = read_header(context, fp, &version);
+    if (ret)
+        goto cleanup;
+
+    /* Marshal the cred and write it to the file with a single append write. */
+    k5_buf_init_dynamic_zap(&buf);
+    k5_marshal_cred(&buf, version, creds);
+    ret = k5_buf_status(&buf);
+    if (ret)
+        goto cleanup;
+    nwritten = write(fileno(fp), buf.data, buf.len);
+    if (nwritten == -1)
+        ret = interpret_errno(context, errno);
+    if ((size_t)nwritten != buf.len)
+        ret = KRB5_CC_IO;
+
+    krb5_change_cache();
+
+cleanup:
+    k5_buf_free(&buf);
+    ret2 = close_cache_file(context, fp);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return set_errmsg_filename(context, ret ? ret : ret2, data->filename);
+}
+
+/*
+ * Overwrite cred in the ccache file with an entry that should not match any
+ * reasonable search.  Deletion is not guaranteed.  This method is originally
+ * from Heimdal, with the addition of setting authtime to -1.
+ */
+static krb5_error_code
+delete_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
+            krb5_creds *cred)
+{
+    krb5_error_code ret;
+    krb5_fcc_cursor *fcursor = *cursor;
+    fcc_data *data = cache->data;
+    struct k5buf expected = EMPTY_K5BUF, overwrite = EMPTY_K5BUF;
+    int fd = -1;
+    uint8_t *on_disk = NULL;
+    ssize_t rwret;
+    off_t start_offset;
+
+    k5_buf_init_dynamic_zap(&expected);
+    k5_buf_init_dynamic_zap(&overwrite);
+
+    /* Re-marshal cred to get its byte representation in the file. */
+    k5_marshal_cred(&expected, fcursor->version, cred);
+    ret = k5_buf_status(&expected);
+    if (ret)
+        goto cleanup;
+
+    /*
+     * Mark the cred expired so that it will be skipped over by any future
+     * match checks.  Heimdal only sets endtime, but we also set authtime to
+     * distinguish from gssproxy's creds.
+     */
+    cred->times.endtime = 0;
+    cred->times.authtime = -1;
+
+    /* For config entries, also change the realm so that other implementations
+     * won't match them. */
+    if (data_eq_string(cred->server->realm, "X-CACHECONF:"))
+        memcpy(cred->server->realm.data, "X-RMED-CONF:", 12);
+
+    k5_marshal_cred(&overwrite, fcursor->version, cred);
+    ret = k5_buf_status(&overwrite);
+    if (ret)
+        goto cleanup;
+
+    if (expected.len != overwrite.len) {
+        ret = KRB5_CC_FORMAT;
+        goto cleanup;
+    }
+
+    /* Get a non-O_APPEND handle to the raw file. */
+    fd = open(data->filename, O_RDWR | O_BINARY | O_CLOEXEC);
+    if (fd == -1) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+
+    start_offset = ftell(fcursor->fp);
+    if (start_offset == -1) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+    start_offset -= expected.len;
+
+    /* Read the bytes at the entry to be overwritten. */
+    if (lseek(fd, start_offset, SEEK_SET) == -1) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+    on_disk = k5alloc(expected.len, &ret);
+    if (ret != 0)
+        goto cleanup;
+    rwret = read(fd, on_disk, expected.len);
+    if (rwret < 0) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    } else if ((size_t)rwret != expected.len) {
+        ret = KRB5_CC_FORMAT;
+        goto cleanup;
+    }
+
+    /*
+     * If the bytes have changed, either someone else removed the same cred or
+     * the cache was reinitialized.  Either way the cred is no longer present,
+     * so return successfully.
+     */
+    if (memcmp(on_disk, expected.data, expected.len) != 0)
+        goto cleanup;
+
+    /* Write out the altered entry. */
+    if (lseek(fd, start_offset, SEEK_SET) == -1) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+    rwret = write(fd, overwrite.data, overwrite.len);
+    if (rwret < 0) {
+        ret = interpret_errno(context, errno);
+        goto cleanup;
+    }
+
+cleanup:
+    if (fd >= 0)
+        close(fd);
+    zapfree(on_disk, expected.len);
+    k5_buf_free(&expected);
+    k5_buf_free(&overwrite);
+    return ret;
+}
+
+/* Remove the given creds from the ccache file. */
+static krb5_error_code KRB5_CALLCONV
+fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                krb5_creds *creds)
+{
+    krb5_error_code ret;
+    krb5_cc_cursor cursor;
+    krb5_creds cur;
+
+    ret = krb5_cc_start_seq_get(context, cache, &cursor);
+    if (ret)
+        return ret;
+
+    for (;;) {
+        ret = krb5_cc_next_cred(context, cache, &cursor, &cur);
+        if (ret)
+            break;
+
+        if (krb5int_cc_creds_match_request(context, flags, creds, &cur))
+            ret = delete_cred(context, cache, &cursor, &cur);
+        krb5_free_cred_contents(context, &cur);
+        if (ret)
+            break;
+    }
+
+    krb5_cc_end_seq_get(context, cache, &cursor);
+    return (ret == KRB5_CC_END) ? 0 : ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+{
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
+{
+    *flags = 0;
+    return 0;
+}
+
+/* Prepare to iterate over the caches in the per-type collection. */
+static krb5_error_code KRB5_CALLCONV
+fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    krb5_cc_ptcursor n = NULL;
+    struct krb5_fcc_ptcursor_data *cdata = NULL;
+
+    *cursor = NULL;
+
+    n = malloc(sizeof(*n));
+    if (n == NULL)
+        return ENOMEM;
+    n->ops = &krb5_fcc_ops;
+    cdata = malloc(sizeof(*cdata));
+    if (cdata == NULL) {
+        free(n);
+        return ENOMEM;
+    }
+    cdata->first = TRUE;
+    n->data = cdata;
+    *cursor = n;
+    return 0;
+}
+
+/* Get the next cache in the per-type collection.  The FILE per-type collection
+ * contains only the context's default cache if it is a file cache. */
+static krb5_error_code KRB5_CALLCONV
+fcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
+                  krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    struct krb5_fcc_ptcursor_data *cdata = cursor->data;
+    const char *defname, *residual;
+    krb5_ccache cache;
+    struct stat sb;
+
+    *cache_out = NULL;
+    if (!cdata->first)
+        return 0;
+    cdata->first = FALSE;
+
+    defname = krb5_cc_default_name(context);
+    if (!defname)
+        return 0;
+
+    /* Check if the default has type FILE or no type; find the residual. */
+    if (strncmp(defname, "FILE:", 5) == 0)
+        residual = defname + 5;
+    else if (strchr(defname + 2, ':') == NULL)  /* Skip drive prefix if any. */
+        residual = defname;
+    else
+        return 0;
+
+    /* Don't yield a nonexistent default file cache. */
+    if (stat(residual, &sb) != 0)
+        return 0;
+
+    ret = krb5_cc_resolve(context, defname, &cache);
+    if (ret)
+        return set_errmsg_filename(context, ret, defname);
+    *cache_out = cache;
+    return 0;
+}
+
+/* Release a per-type collection iteration cursor. */
+static krb5_error_code KRB5_CALLCONV
+fcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    if (*cursor == NULL)
+        return 0;
+    free((*cursor)->data);
+    free(*cursor);
+    *cursor = NULL;
+    return 0;
+}
+
+/* Lock the cache handle against other threads.  (This does not lock the cache
+ * file against other processes.) */
+static krb5_error_code KRB5_CALLCONV
+fcc_lock(krb5_context context, krb5_ccache id)
+{
+    fcc_data *data = id->data;
+    k5_cc_mutex_lock(context, &data->lock);
+    return 0;
+}
+
+/* Unlock the cache handle. */
+static krb5_error_code KRB5_CALLCONV
+fcc_unlock(krb5_context context, krb5_ccache id)
+{
+    fcc_data *data = id->data;
+    k5_cc_mutex_unlock(context, &data->lock);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+fcc_replace(krb5_context context, krb5_ccache id, krb5_principal princ,
+            krb5_creds **creds)
+{
+    krb5_error_code ret;
+    fcc_data *data = id->data;
+    char *tmpname = NULL;
+    int i, st, fd = -1, version = context->fcc_default_format - FVNO_BASE;
+    ssize_t nwritten;
+    struct k5buf buf = EMPTY_K5BUF;
+    krb5_boolean tmpfile_exists = FALSE;
+
+    if (asprintf(&tmpname, "%s.XXXXXX", data->filename) < 0)
+        return ENOMEM;
+    fd = mkstemp(tmpname);
+    if (fd < 0)
+        goto errno_cleanup;
+    tmpfile_exists = TRUE;
+
+    k5_buf_init_dynamic_zap(&buf);
+    marshal_header(context, &buf, princ);
+    for (i = 0; creds[i] != NULL; i++)
+        k5_marshal_cred(&buf, version, creds[i]);
+    ret = k5_buf_status(&buf);
+    if (ret)
+        goto cleanup;
+
+    nwritten = write(fd, buf.data, buf.len);
+    if (nwritten == -1)
+        goto errno_cleanup;
+    if ((size_t)nwritten != buf.len) {
+        ret = KRB5_CC_IO;
+        goto cleanup;
+    }
+    st = close(fd);
+    fd = -1;
+    if (st != 0)
+        goto errno_cleanup;
+
+    st = rename(tmpname, data->filename);
+    if (st != 0)
+        goto errno_cleanup;
+    tmpfile_exists = FALSE;
+
+cleanup:
+    k5_buf_free(&buf);
+    if (fd != -1)
+        close(fd);
+    if (tmpfile_exists)
+        unlink(tmpname);
+    free(tmpname);
+    return ret;
+
+errno_cleanup:
+    ret = interpret_errno(context, errno);
+    goto cleanup;
+}
+
+/* Translate a system errno value to a Kerberos com_err code. */
+static krb5_error_code
+interpret_errno(krb5_context context, int errnum)
+{
+    krb5_error_code ret;
+
+    switch (errnum) {
+    case ENOENT:
+    case ENOTDIR:
+#ifdef ELOOP
+    case ELOOP:
+#endif
+#ifdef ENAMETOOLONG
+    case ENAMETOOLONG:
+#endif
+        ret = KRB5_FCC_NOFILE;
+        break;
+    case EPERM:
+    case EACCES:
+#ifdef EISDIR
+    case EISDIR:                /* Mac doesn't have EISDIR */
+#endif
+    case EROFS:
+        ret = KRB5_FCC_PERM;
+        break;
+    case EINVAL:
+    case EEXIST:
+    case EFAULT:
+    case EBADF:
+#ifdef EWOULDBLOCK
+    case EWOULDBLOCK:
+#endif
+        ret = KRB5_FCC_INTERNAL;
+        break;
+    /*
+     * The rest all map to KRB5_CC_IO.  These errnos are listed to
+     * document that they've been considered explicitly:
+     *
+     *  - EDQUOT
+     *  - ENOSPC
+     *  - EIO
+     *  - ENFILE
+     *  - EMFILE
+     *  - ENXIO
+     *  - EBUSY
+     *  - ETXTBSY
+     */
+    default:
+        ret = KRB5_CC_IO;
+        break;
+    }
+    return ret;
+}
+
+const krb5_cc_ops krb5_fcc_ops = {
+    0,
+    "FILE",
+    fcc_get_name,
+    fcc_resolve,
+    fcc_generate_new,
+    fcc_initialize,
+    fcc_destroy,
+    fcc_close,
+    fcc_store,
+    fcc_retrieve,
+    fcc_get_principal,
+    fcc_start_seq_get,
+    fcc_next_cred,
+    fcc_end_seq_get,
+    fcc_remove_cred,
+    fcc_set_flags,
+    fcc_get_flags,
+    fcc_ptcursor_new,
+    fcc_ptcursor_next,
+    fcc_ptcursor_free,
+    fcc_replace,
+    NULL, /* wasdefault */
+    fcc_lock,
+    fcc_unlock,
+    NULL, /* switch_to */
+};
+
+#if defined(_WIN32)
+/*
+ * krb5_change_cache should be called after the cache changes.
+ * A notification message is is posted out to all top level
+ * windows so that they may recheck the cache based on the
+ * changes made.  We register a unique message type with which
+ * we'll communicate to all other processes.
+ */
+
+krb5_error_code
+krb5_change_cache(void)
+{
+    PostMessage(HWND_BROADCAST, krb5_get_notification_message(), 0, 0);
+    return 0;
+}
+
+unsigned int KRB5_CALLCONV
+krb5_get_notification_message(void)
+{
+    static unsigned int message = 0;
+
+    if (message == 0)
+        message = RegisterWindowMessage(WM_KERBEROS5_CHANGED);
+
+    return message;
+}
+#else /* _WIN32 */
+
+krb5_error_code
+krb5_change_cache(void)
+{
+    return 0;
+}
+
+unsigned int
+krb5_get_notification_message(void)
+{
+    return 0;
+}
+
+#endif /* _WIN32 */
+
+const krb5_cc_ops krb5_cc_file_ops = {
+    0,
+    "FILE",
+    fcc_get_name,
+    fcc_resolve,
+    fcc_generate_new,
+    fcc_initialize,
+    fcc_destroy,
+    fcc_close,
+    fcc_store,
+    fcc_retrieve,
+    fcc_get_principal,
+    fcc_start_seq_get,
+    fcc_next_cred,
+    fcc_end_seq_get,
+    fcc_remove_cred,
+    fcc_set_flags,
+    fcc_get_flags,
+    fcc_ptcursor_new,
+    fcc_ptcursor_next,
+    fcc_ptcursor_free,
+    fcc_replace,
+    NULL, /* wasdefault */
+    fcc_lock,
+    fcc_unlock,
+    NULL, /* switch_to */
+};
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c
new file mode 100644
index 00000000..c93e7c78
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c
@@ -0,0 +1,1366 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_kcm.c - KCM cache type (client side) */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This cache type contacts a daemon for each cache operation, using Heimdal's
+ * KCM protocol.  On macOS, the preferred transport is Mach RPC; on other
+ * Unix-like platforms or if the daemon is not available via RPC, Unix domain
+ * sockets are used instead.
+ */
+
+#ifndef _WIN32
+#include "k5-int.h"
+#include "k5-input.h"
+#include "cc-int.h"
+#include "kcm.h"
+#include "../os/os-proto.h"
+#include <sys/socket.h>
+#include <sys/un.h>
+#ifdef __APPLE__
+#include <mach/mach.h>
+#include <servers/bootstrap.h>
+#include "kcmrpc.h"
+#endif
+
+#define MAX_REPLY_SIZE (10 * 1024 * 1024)
+
+const krb5_cc_ops krb5_kcm_ops;
+
+struct uuid_list {
+    unsigned char *uuidbytes;   /* all of the uuids concatenated together */
+    size_t count;
+    size_t pos;
+};
+
+struct cred_list {
+    krb5_creds *creds;
+    size_t count;
+    size_t pos;
+};
+
+struct kcm_cursor {
+    struct uuid_list *uuids;
+    struct cred_list *creds;
+};
+
+struct kcmio {
+    SOCKET fd;
+#ifdef __APPLE__
+    mach_port_t mport;
+#endif
+};
+
+/* This structure bundles together a KCM request and reply, to minimize how
+ * much we have to declare and clean up in each method. */
+struct kcmreq {
+    struct k5buf reqbuf;
+    struct k5input reply;
+    void *reply_mem;
+};
+#define EMPTY_KCMREQ { EMPTY_K5BUF }
+
+struct kcm_cache_data {
+    char *residual;             /* immutable; may be accessed without lock */
+    k5_cc_mutex lock;           /* protects io */
+    struct kcmio *io;
+};
+
+struct kcm_ptcursor {
+    char *residual;             /* primary or singleton subsidiary */
+    struct uuid_list *uuids;    /* NULL for singleton subsidiary */
+    struct kcmio *io;
+    krb5_boolean first;
+};
+
+/* Map EINVAL or KRB5_CC_FORMAT to KRB5_KCM_MALFORMED_REPLY; pass through all
+ * other codes. */
+static inline krb5_error_code
+map_invalid(krb5_error_code code)
+{
+    return (code == EINVAL || code == KRB5_CC_FORMAT) ?
+        KRB5_KCM_MALFORMED_REPLY : code;
+}
+
+/*
+ * Map an MIT krb5 KRB5_TC flag word to the equivalent Heimdal flag word.  Note
+ * that there is no MIT krb5 equivalent for Heimdal's KRB5_TC_DONT_MATCH_REALM
+ * (which is like KRB5_TC_MATCH_SRV_NAMEONLY but also applies to the client
+ * principal) and no Heimdal equivalent for MIT krb5's KRB5_TC_SUPPORTED_KTYPES
+ * (which matches against enctypes from the krb5_context rather than the
+ * matching cred).
+ */
+static inline krb5_flags
+map_tcflags(krb5_flags mitflags)
+{
+    krb5_flags heimflags = 0;
+
+    if (mitflags & KRB5_TC_MATCH_TIMES)
+        heimflags |= KCM_TC_MATCH_TIMES;
+    if (mitflags & KRB5_TC_MATCH_IS_SKEY)
+        heimflags |= KCM_TC_MATCH_IS_SKEY;
+    if (mitflags & KRB5_TC_MATCH_FLAGS)
+        heimflags |= KCM_TC_MATCH_FLAGS;
+    if (mitflags & KRB5_TC_MATCH_TIMES_EXACT)
+        heimflags |= KCM_TC_MATCH_TIMES_EXACT;
+    if (mitflags & KRB5_TC_MATCH_FLAGS_EXACT)
+        heimflags |= KCM_TC_MATCH_FLAGS_EXACT;
+    if (mitflags & KRB5_TC_MATCH_AUTHDATA)
+        heimflags |= KCM_TC_MATCH_AUTHDATA;
+    if (mitflags & KRB5_TC_MATCH_SRV_NAMEONLY)
+        heimflags |= KCM_TC_MATCH_SRV_NAMEONLY;
+    if (mitflags & KRB5_TC_MATCH_2ND_TKT)
+        heimflags |= KCM_TC_MATCH_2ND_TKT;
+    if (mitflags & KRB5_TC_MATCH_KTYPE)
+        heimflags |= KCM_TC_MATCH_KEYTYPE;
+    return heimflags;
+}
+
+/*
+ * Return true if code could indicate an unsupported operation.  Heimdal's KCM
+ * returns KRB5_FCC_INTERNAL.  sssd's KCM daemon (as of sssd 2.4) returns
+ * KRB5_CC_NO_SUPP if it recognizes the operation but does not implement it,
+ * and KRB5_CC_IO if it doesn't recognize the operation (which is unfortunate
+ * since it could also indicate a communication failure).
+ */
+static krb5_boolean
+unsupported_op_error(krb5_error_code code)
+{
+    return code == KRB5_FCC_INTERNAL || code == KRB5_CC_IO ||
+        code == KRB5_CC_NOSUPP;
+}
+
+/* Begin a request for the given opcode.  If cache is non-null, supply the
+ * cache name as a request parameter. */
+static void
+kcmreq_init(struct kcmreq *req, kcm_opcode opcode, krb5_ccache cache)
+{
+    unsigned char bytes[4];
+    const char *name;
+
+    memset(req, 0, sizeof(*req));
+
+    bytes[0] = KCM_PROTOCOL_VERSION_MAJOR;
+    bytes[1] = KCM_PROTOCOL_VERSION_MINOR;
+    store_16_be(opcode, bytes + 2);
+
+    k5_buf_init_dynamic(&req->reqbuf);
+    k5_buf_add_len(&req->reqbuf, bytes, 4);
+    if (cache != NULL) {
+        name = ((struct kcm_cache_data *)cache->data)->residual;
+        k5_buf_add_len(&req->reqbuf, name, strlen(name) + 1);
+    }
+}
+
+#ifdef __APPLE__
+
+/* The maximum length of an in-band request or reply as defined by the RPC
+ * protocol. */
+#define MAX_INBAND_SIZE 2048
+
+/* Connect or reconnect to the KCM daemon via Mach RPC, if possible. */
+static krb5_error_code
+kcmio_mach_connect(krb5_context context, struct kcmio *io)
+{
+    krb5_error_code ret;
+    kern_return_t st;
+    mach_port_t mport;
+    char *service;
+
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_KCM_MACH_SERVICE, NULL,
+                             DEFAULT_KCM_MACH_SERVICE, &service);
+    if (ret)
+        return ret;
+    if (strcmp(service, "-") == 0) {
+        profile_release_string(service);
+        return KRB5_KCM_NO_SERVER;
+    }
+
+    st = bootstrap_look_up(bootstrap_port, service, &mport);
+    profile_release_string(service);
+    if (st)
+        return KRB5_KCM_NO_SERVER;
+    if (io->mport != MACH_PORT_NULL)
+        mach_port_deallocate(mach_task_self(), io->mport);
+    io->mport = mport;
+    return 0;
+}
+
+/* Invoke the Mach RPC to get a reply from the KCM daemon. */
+static krb5_error_code
+kcmio_mach_call(krb5_context context, struct kcmio *io, void *data,
+                size_t len, void **reply_out, size_t *len_out)
+{
+    krb5_error_code ret;
+    size_t inband_req_len = 0, outband_req_len = 0, reply_len;
+    char *inband_req = NULL, *outband_req = NULL, *outband_reply, *copy;
+    char inband_reply[MAX_INBAND_SIZE];
+    mach_msg_type_number_t inband_reply_len, outband_reply_len;
+    const void *reply;
+    kern_return_t st;
+    int code;
+
+    *reply_out = NULL;
+    *len_out = 0;
+
+    /* Use the in-band or out-of-band request buffer depending on len. */
+    if (len <= MAX_INBAND_SIZE) {
+        inband_req = data;
+        inband_req_len = len;
+    } else {
+        outband_req = data;
+        outband_req_len = len;
+    }
+
+    st = k5_kcmrpc_call(io->mport, inband_req, inband_req_len, outband_req,
+                        outband_req_len, &code, inband_reply,
+                        &inband_reply_len, &outband_reply, &outband_reply_len);
+    if (st == MACH_SEND_INVALID_DEST) {
+        /* Get a new port and try again. */
+        st = kcmio_mach_connect(context, io);
+        if (st)
+            return KRB5_KCM_RPC_ERROR;
+        st = k5_kcmrpc_call(io->mport, inband_req, inband_req_len, outband_req,
+                            outband_req_len, &code, inband_reply,
+                            &inband_reply_len, &outband_reply,
+                            &outband_reply_len);
+    }
+    if (st)
+        return KRB5_KCM_RPC_ERROR;
+
+    if (code) {
+        ret = code;
+        goto cleanup;
+    }
+
+    /* The reply could be in the in-band or out-of-band reply buffer. */
+    reply = outband_reply_len ? outband_reply : inband_reply;
+    reply_len = outband_reply_len ? outband_reply_len : inband_reply_len;
+    copy = k5memdup(reply, reply_len, &ret);
+    if (copy == NULL)
+        goto cleanup;
+
+    *reply_out = copy;
+    *len_out = reply_len;
+
+cleanup:
+    if (outband_reply_len) {
+        vm_deallocate(mach_task_self(), (vm_address_t)outband_reply,
+                      outband_reply_len);
+    }
+    return ret;
+}
+
+/* Release any Mach RPC state within io. */
+static void
+kcmio_mach_close(struct kcmio *io)
+{
+    if (io->mport != MACH_PORT_NULL)
+        mach_port_deallocate(mach_task_self(), io->mport);
+}
+
+#else /* __APPLE__ */
+
+#define kcmio_mach_connect(context, io) EINVAL
+#define kcmio_mach_call(context, io, data, len, reply_out, len_out) EINVAL
+#define kcmio_mach_close(io)
+
+#endif
+
+/* Connect to the KCM daemon via a Unix domain socket. */
+static krb5_error_code
+kcmio_unix_socket_connect(krb5_context context, struct kcmio *io)
+{
+    krb5_error_code ret;
+    SOCKET fd = INVALID_SOCKET;
+    struct sockaddr_un addr;
+    char *path = NULL;
+
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_KCM_SOCKET, NULL,
+                             DEFAULT_KCM_SOCKET_PATH, &path);
+    if (ret)
+        goto cleanup;
+    if (strcmp(path, "-") == 0) {
+        ret = KRB5_KCM_NO_SERVER;
+        goto cleanup;
+    }
+
+    fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (fd == INVALID_SOCKET) {
+        ret = SOCKET_ERRNO;
+        goto cleanup;
+    }
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
+    if (SOCKET_CONNECT(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+        ret = (SOCKET_ERRNO == ENOENT) ? KRB5_KCM_NO_SERVER : SOCKET_ERRNO;
+        goto cleanup;
+    }
+
+    io->fd = fd;
+    fd = INVALID_SOCKET;
+
+cleanup:
+    if (fd != INVALID_SOCKET)
+        closesocket(fd);
+    profile_release_string(path);
+    return ret;
+}
+
+/* Write a KCM request: 4-byte big-endian length, then the marshalled
+ * request. */
+static krb5_error_code
+kcmio_unix_socket_write(krb5_context context, struct kcmio *io, void *request,
+                        size_t len)
+{
+    char lenbytes[4];
+    sg_buf sg[2];
+    int ret;
+    krb5_boolean reconnected = FALSE;
+
+    SG_SET(&sg[0], lenbytes, sizeof(lenbytes));
+    SG_SET(&sg[1], request, len);
+    store_32_be(len, lenbytes);
+
+    for (;;) {
+        ret = krb5int_net_writev(context, io->fd, sg, 2);
+        if (ret >= 0)
+            return 0;
+        ret = errno;
+        if (ret != EPIPE || reconnected)
+            return ret;
+
+        /*
+         * Try once to reconnect on an EPIPE, in case the server has an idle
+         * timeout (like sssd does) and we went too long between ccache
+         * operations.  Reconnecting might also help if the server was
+         * restarted for an upgrade--although the server must be designed to
+         * always listen for connections on the socket during upgrades, or a
+         * single reconnect attempt won't be robust.
+         */
+        close(io->fd);
+        ret = kcmio_unix_socket_connect(context, io);
+        if (ret)
+            return ret;
+        reconnected = TRUE;
+    }
+}
+
+/* Read a KCM reply: 4-byte big-endian length, 4-byte big-endian status code,
+ * then the marshalled reply. */
+static krb5_error_code
+kcmio_unix_socket_read(krb5_context context, struct kcmio *io,
+                       void **reply_out, size_t *len_out)
+{
+    krb5_error_code code;
+    char lenbytes[4], codebytes[4], *reply;
+    size_t len;
+    int st;
+
+    *reply_out = NULL;
+    *len_out = 0;
+
+    st = krb5_net_read(context, io->fd, lenbytes, 4);
+    if (st != 4)
+        return (st == -1) ? errno : KRB5_CC_IO;
+    len = load_32_be(lenbytes);
+    if (len > MAX_REPLY_SIZE)
+        return KRB5_KCM_REPLY_TOO_BIG;
+
+    st = krb5_net_read(context, io->fd, codebytes, 4);
+    if (st != 4)
+        return (st == -1) ? errno : KRB5_CC_IO;
+    code = load_32_be(codebytes);
+    if (code != 0)
+        return code;
+
+    reply = malloc(len);
+    if (reply == NULL)
+        return ENOMEM;
+    st = krb5_net_read(context, io->fd, reply, len);
+    if (st == -1 || (size_t)st != len) {
+        free(reply);
+        return (st < 0) ? errno : KRB5_CC_IO;
+    }
+
+    *reply_out = reply;
+    *len_out = len;
+    return 0;
+}
+
+static krb5_error_code
+kcmio_connect(krb5_context context, struct kcmio **io_out)
+{
+    krb5_error_code ret;
+    struct kcmio *io;
+
+    *io_out = NULL;
+    io = calloc(1, sizeof(*io));
+    if (io == NULL)
+        return ENOMEM;
+    io->fd = INVALID_SOCKET;
+
+    /* Try Mach RPC (macOS only), then fall back to Unix domain sockets */
+    ret = kcmio_mach_connect(context, io);
+    if (ret)
+        ret = kcmio_unix_socket_connect(context, io);
+    if (ret) {
+        free(io);
+        return ret;
+    }
+
+    *io_out = io;
+    return 0;
+}
+
+/* Check req->reqbuf for an error condition and return it.  Otherwise, send the
+ * request to the KCM daemon and get a response. */
+static krb5_error_code
+kcmio_call(krb5_context context, struct kcmio *io, struct kcmreq *req)
+{
+    krb5_error_code ret;
+    size_t reply_len = 0;
+
+    if (k5_buf_status(&req->reqbuf) != 0)
+        return ENOMEM;
+
+    if (io->fd != INVALID_SOCKET) {
+        ret = kcmio_unix_socket_write(context, io, req->reqbuf.data,
+                                      req->reqbuf.len);
+        if (ret)
+            return ret;
+        ret = kcmio_unix_socket_read(context, io, &req->reply_mem, &reply_len);
+        if (ret)
+            return ret;
+    } else {
+        /* We must be using Mach RPC. */
+        ret = kcmio_mach_call(context, io, req->reqbuf.data, req->reqbuf.len,
+                              &req->reply_mem, &reply_len);
+        if (ret)
+            return ret;
+    }
+
+    /* Read the status code from the marshalled reply. */
+    k5_input_init(&req->reply, req->reply_mem, reply_len);
+    ret = k5_input_get_uint32_be(&req->reply);
+    return req->reply.status ? KRB5_KCM_MALFORMED_REPLY : ret;
+}
+
+static void
+kcmio_close(struct kcmio *io)
+{
+    if (io != NULL) {
+        kcmio_mach_close(io);
+        if (io->fd != INVALID_SOCKET)
+            closesocket(io->fd);
+        free(io);
+    }
+}
+
+/* Fetch a zero-terminated name string from req->reply.  The returned pointer
+ * is an alias and must not be freed by the caller. */
+static krb5_error_code
+kcmreq_get_name(struct kcmreq *req, const char **name_out)
+{
+    const unsigned char *end;
+    struct k5input *in = &req->reply;
+
+    *name_out = NULL;
+    end = memchr(in->ptr, '\0', in->len);
+    if (end == NULL)
+        return KRB5_KCM_MALFORMED_REPLY;
+    *name_out = (const char *)in->ptr;
+    (void)k5_input_get_bytes(in, end + 1 - in->ptr);
+    return 0;
+}
+
+/* Fetch a UUID list from req->reply.  UUID lists are not delimited, so we
+ * consume the rest of the input. */
+static krb5_error_code
+kcmreq_get_uuid_list(struct kcmreq *req, struct uuid_list **uuids_out)
+{
+    struct uuid_list *uuids;
+
+    *uuids_out = NULL;
+
+    if (req->reply.len % KCM_UUID_LEN != 0)
+        return KRB5_KCM_MALFORMED_REPLY;
+
+    uuids = malloc(sizeof(*uuids));
+    if (uuids == NULL)
+        return ENOMEM;
+    uuids->count = req->reply.len / KCM_UUID_LEN;
+    uuids->pos = 0;
+
+    if (req->reply.len > 0) {
+        uuids->uuidbytes = malloc(req->reply.len);
+        if (uuids->uuidbytes == NULL) {
+            free(uuids);
+            return ENOMEM;
+        }
+        memcpy(uuids->uuidbytes, req->reply.ptr, req->reply.len);
+        (void)k5_input_get_bytes(&req->reply, req->reply.len);
+    } else {
+        uuids->uuidbytes = NULL;
+    }
+
+    *uuids_out = uuids;
+    return 0;
+}
+
+static void
+free_uuid_list(struct uuid_list *uuids)
+{
+    if (uuids != NULL)
+        free(uuids->uuidbytes);
+    free(uuids);
+}
+
+static void
+free_cred_list(struct cred_list *list)
+{
+    size_t i;
+
+    if (list == NULL)
+        return;
+
+    /* Creds are transferred to the caller as list->pos is incremented, so we
+     * can start freeing there. */
+    for (i = list->pos; i < list->count; i++)
+        krb5_free_cred_contents(NULL, &list->creds[i]);
+    free(list->creds);
+    free(list);
+}
+
+/* Fetch a cred list from req->reply. */
+static krb5_error_code
+kcmreq_get_cred_list(struct kcmreq *req, struct cred_list **creds_out)
+{
+    struct cred_list *list;
+    const unsigned char *data;
+    krb5_error_code ret = 0;
+    size_t count, len, i;
+
+    *creds_out = NULL;
+
+    /* Check a rough bound on the count to prevent very large allocations. */
+    count = k5_input_get_uint32_be(&req->reply);
+    if (count > req->reply.len / 4)
+        return KRB5_KCM_MALFORMED_REPLY;
+
+    list = malloc(sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+
+    list->creds = NULL;
+    list->count = count;
+    list->pos = 0;
+    list->creds = k5calloc(count, sizeof(*list->creds), &ret);
+    if (list->creds == NULL) {
+        free(list);
+        return ret;
+    }
+
+    for (i = 0; i < count; i++) {
+        len = k5_input_get_uint32_be(&req->reply);
+        data = k5_input_get_bytes(&req->reply, len);
+        if (data == NULL)
+            break;
+        ret = k5_unmarshal_cred(data, len, 4, &list->creds[i]);
+        if (ret)
+            break;
+    }
+    if (i < count) {
+        free_cred_list(list);
+        return (ret == ENOMEM) ? ENOMEM : KRB5_KCM_MALFORMED_REPLY;
+    }
+
+    *creds_out = list;
+    return 0;
+}
+
+static void
+kcmreq_free(struct kcmreq *req)
+{
+    k5_buf_free(&req->reqbuf);
+    free(req->reply_mem);
+}
+
+/* Create a krb5_ccache structure.  If io is NULL, make a new connection for
+ * the cache.  Otherwise, always take ownership of io. */
+static krb5_error_code
+make_cache(krb5_context context, const char *residual, struct kcmio *io,
+           krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    krb5_ccache cache = NULL;
+    struct kcm_cache_data *data = NULL;
+    char *residual_copy = NULL;
+
+    *cache_out = NULL;
+
+    if (io == NULL) {
+        ret = kcmio_connect(context, &io);
+        if (ret)
+            return ret;
+    }
+
+    cache = malloc(sizeof(*cache));
+    if (cache == NULL)
+        goto oom;
+    data = calloc(1, sizeof(*data));
+    if (data == NULL)
+        goto oom;
+    residual_copy = strdup(residual);
+    if (residual_copy == NULL)
+        goto oom;
+    if (k5_cc_mutex_init(&data->lock) != 0)
+        goto oom;
+
+    data->residual = residual_copy;
+    data->io = io;
+    cache->ops = &krb5_kcm_ops;
+    cache->data = data;
+    cache->magic = KV5M_CCACHE;
+    *cache_out = cache;
+    return 0;
+
+oom:
+    free(cache);
+    free(data);
+    free(residual_copy);
+    kcmio_close(io);
+    return ENOMEM;
+}
+
+/* Lock cache's I/O structure and use it to call the KCM daemon. */
+static krb5_error_code
+cache_call(krb5_context context, krb5_ccache cache, struct kcmreq *req)
+{
+    krb5_error_code ret;
+    struct kcm_cache_data *data = cache->data;
+
+    k5_cc_mutex_lock(context, &data->lock);
+    ret = kcmio_call(context, data->io, req);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return ret;
+}
+
+/* Try to propagate the KDC time offset from the cache to the krb5 context. */
+static void
+get_kdc_offset(krb5_context context, krb5_ccache cache)
+{
+    struct kcmreq req = EMPTY_KCMREQ;
+    int32_t time_offset;
+
+    kcmreq_init(&req, KCM_OP_GET_KDC_OFFSET, cache);
+    if (cache_call(context, cache, &req) != 0)
+        goto cleanup;
+    time_offset = k5_input_get_uint32_be(&req.reply);
+    if (req.reply.status)
+        goto cleanup;
+    context->os_context.time_offset = time_offset;
+    context->os_context.usec_offset = 0;
+    context->os_context.os_flags &= ~KRB5_OS_TOFFSET_TIME;
+    context->os_context.os_flags |= KRB5_OS_TOFFSET_VALID;
+
+cleanup:
+    kcmreq_free(&req);
+}
+
+/* Try to propagate the KDC offset from the krb5 context to the cache. */
+static void
+set_kdc_offset(krb5_context context, krb5_ccache cache)
+{
+    struct kcmreq req;
+
+    if (context->os_context.os_flags & KRB5_OS_TOFFSET_VALID) {
+        kcmreq_init(&req, KCM_OP_SET_KDC_OFFSET, cache);
+        k5_buf_add_uint32_be(&req.reqbuf, context->os_context.time_offset);
+        (void)cache_call(context, cache, &req);
+        kcmreq_free(&req);
+    }
+}
+
+static const char * KRB5_CALLCONV
+kcm_get_name(krb5_context context, krb5_ccache cache)
+{
+    return ((struct kcm_cache_data *)cache->data)->residual;
+}
+
+/* Fetch the primary name within the collection.  The result is only valid for
+ * the lifetime of req and should not be freed. */
+static krb5_error_code
+get_primary_name(krb5_context context, struct kcmreq *req, struct kcmio *io,
+                 const char **name_out)
+{
+    krb5_error_code ret;
+
+    *name_out = NULL;
+
+    kcmreq_init(req, KCM_OP_GET_DEFAULT_CACHE, NULL);
+    ret = kcmio_call(context, io, req);
+    if (ret)
+        return ret;
+    return kcmreq_get_name(req, name_out);
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_resolve(krb5_context context, krb5_ccache *cache_out, const char *residual)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    struct kcmio *io = NULL;
+    const char *defname = NULL;
+
+    *cache_out = NULL;
+
+    ret = kcmio_connect(context, &io);
+    if (ret)
+        goto cleanup;
+
+    if (*residual == '\0') {
+        ret = get_primary_name(context, &req, io, &defname);
+        if (ret)
+            goto cleanup;
+        residual = defname;
+    }
+
+    ret = make_cache(context, residual, io, cache_out);
+    io = NULL;
+
+cleanup:
+    kcmio_close(io);
+    kcmreq_free(&req);
+    return ret;
+}
+
+krb5_error_code
+k5_kcm_primary_name(krb5_context context, char **name_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    struct kcmio *io = NULL;
+    const char *name;
+
+    *name_out = NULL;
+
+    ret = kcmio_connect(context, &io);
+    if (ret)
+        goto cleanup;
+    ret = get_primary_name(context, &req, io, &name);
+    if (ret)
+        goto cleanup;
+    *name_out = strdup(name);
+    ret = (*name_out == NULL) ? ENOMEM : 0;
+
+cleanup:
+    kcmio_close(io);
+    kcmreq_free(&req);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_gen_new(krb5_context context, krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    struct kcmio *io = NULL;
+    const char *name;
+
+    *cache_out = NULL;
+
+    ret = kcmio_connect(context, &io);
+    if (ret)
+        goto cleanup;
+    kcmreq_init(&req, KCM_OP_GEN_NEW, NULL);
+    ret = kcmio_call(context, io, &req);
+    if (ret)
+        goto cleanup;
+    ret = kcmreq_get_name(&req, &name);
+    if (ret)
+        goto cleanup;
+    ret = make_cache(context, name, io, cache_out);
+    io = NULL;
+
+cleanup:
+    kcmreq_free(&req);
+    kcmio_close(io);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_initialize(krb5_context context, krb5_ccache cache, krb5_principal princ)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    kcmreq_init(&req, KCM_OP_INITIALIZE, cache);
+    k5_marshal_princ(&req.reqbuf, 4, princ);
+    ret = cache_call(context, cache, &req);
+    kcmreq_free(&req);
+    set_kdc_offset(context, cache);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_close(krb5_context context, krb5_ccache cache)
+{
+    struct kcm_cache_data *data = cache->data;
+
+    k5_cc_mutex_destroy(&data->lock);
+    kcmio_close(data->io);
+    free(data->residual);
+    free(data);
+    free(cache);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_destroy(krb5_context context, krb5_ccache cache)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    kcmreq_init(&req, KCM_OP_DESTROY, cache);
+    ret = cache_call(context, cache, &req);
+    kcmreq_free(&req);
+    (void)kcm_close(context, cache);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_store(krb5_context context, krb5_ccache cache, krb5_creds *cred)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    kcmreq_init(&req, KCM_OP_STORE, cache);
+    k5_marshal_cred(&req.reqbuf, 4, cred);
+    ret = cache_call(context, cache, &req);
+    kcmreq_free(&req);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_retrieve(krb5_context context, krb5_ccache cache, krb5_flags flags,
+             krb5_creds *mcred, krb5_creds *cred_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    krb5_creds cred;
+    krb5_enctype *enctypes = NULL;
+
+    memset(&cred, 0, sizeof(cred));
+
+    /* Include KCM_GC_CACHED in flags to prevent Heimdal's sssd from making a
+     * TGS request itself. */
+    kcmreq_init(&req, KCM_OP_RETRIEVE, cache);
+    k5_buf_add_uint32_be(&req.reqbuf, map_tcflags(flags) | KCM_GC_CACHED);
+    k5_marshal_mcred(&req.reqbuf, mcred);
+    ret = cache_call(context, cache, &req);
+
+    /* Fall back to iteration if the server does not support retrieval. */
+    if (unsupported_op_error(ret)) {
+        ret = k5_cc_retrieve_cred_default(context, cache, flags, mcred,
+                                          cred_out);
+        goto cleanup;
+    }
+    if (ret)
+        goto cleanup;
+
+    ret = k5_unmarshal_cred(req.reply.ptr, req.reply.len, 4, &cred);
+    if (ret)
+        goto cleanup;
+
+    /* In rare cases we might retrieve a credential with a session key this
+     * context can't support, in which case we must retry using iteration. */
+    if (flags & KRB5_TC_SUPPORTED_KTYPES) {
+        ret = krb5_get_tgs_ktypes(context, cred.server, &enctypes);
+        if (ret)
+            goto cleanup;
+        if (!k5_etypes_contains(enctypes, cred.keyblock.enctype)) {
+            ret = k5_cc_retrieve_cred_default(context, cache, flags, mcred,
+                                              cred_out);
+            goto cleanup;
+        }
+    }
+
+    *cred_out = cred;
+    memset(&cred, 0, sizeof(cred));
+
+cleanup:
+    kcmreq_free(&req);
+    krb5_free_cred_contents(context, &cred);
+    free(enctypes);
+    /* Heimdal's KCM returns KRB5_CC_END if no cred is found. */
+    return (ret == KRB5_CC_END) ? KRB5_CC_NOTFOUND : map_invalid(ret);
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_get_princ(krb5_context context, krb5_ccache cache,
+              krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+    struct kcm_cache_data *data = cache->data;
+
+    kcmreq_init(&req, KCM_OP_GET_PRINCIPAL, cache);
+    ret = cache_call(context, cache, &req);
+    /* Heimdal KCM can respond with code 0 and no principal. */
+    if (!ret && req.reply.len == 0)
+        ret = KRB5_FCC_NOFILE;
+    if (ret == KRB5_FCC_NOFILE) {
+        k5_setmsg(context, ret, _("Credentials cache 'KCM:%s' not found"),
+                  data->residual);
+    }
+
+    if (!ret)
+        ret = k5_unmarshal_princ(req.reply.ptr, req.reply.len, 4, princ_out);
+    kcmreq_free(&req);
+    return map_invalid(ret);
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_start_seq_get(krb5_context context, krb5_ccache cache,
+                  krb5_cc_cursor *cursor_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    struct uuid_list *uuids = NULL;
+    struct cred_list *creds = NULL;
+    struct kcm_cursor *cursor;
+
+    *cursor_out = NULL;
+
+    get_kdc_offset(context, cache);
+
+    kcmreq_init(&req, KCM_OP_GET_CRED_LIST, cache);
+    ret = cache_call(context, cache, &req);
+    if (ret == 0) {
+        /* GET_CRED_LIST is available. */
+        ret = kcmreq_get_cred_list(&req, &creds);
+        if (ret)
+            goto cleanup;
+    } else if (unsupported_op_error(ret)) {
+        /* Fall back to GET_CRED_UUID_LIST. */
+        kcmreq_free(&req);
+        kcmreq_init(&req, KCM_OP_GET_CRED_UUID_LIST, cache);
+        ret = cache_call(context, cache, &req);
+        if (ret)
+            goto cleanup;
+        ret = kcmreq_get_uuid_list(&req, &uuids);
+        if (ret)
+            goto cleanup;
+    } else {
+        goto cleanup;
+    }
+
+    cursor = k5alloc(sizeof(*cursor), &ret);
+    if (cursor == NULL)
+        goto cleanup;
+    cursor->uuids = uuids;
+    cursor->creds = creds;
+    *cursor_out = (krb5_cc_cursor)cursor;
+
+cleanup:
+    kcmreq_free(&req);
+    return ret;
+}
+
+static krb5_error_code
+next_cred_by_uuid(krb5_context context, krb5_ccache cache,
+                  struct uuid_list *uuids, krb5_creds *cred_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    memset(cred_out, 0, sizeof(*cred_out));
+
+    if (uuids->pos >= uuids->count)
+        return KRB5_CC_END;
+
+    kcmreq_init(&req, KCM_OP_GET_CRED_BY_UUID, cache);
+    k5_buf_add_len(&req.reqbuf, uuids->uuidbytes + (uuids->pos * KCM_UUID_LEN),
+                   KCM_UUID_LEN);
+    uuids->pos++;
+    ret = cache_call(context, cache, &req);
+    if (!ret)
+        ret = k5_unmarshal_cred(req.reply.ptr, req.reply.len, 4, cred_out);
+    kcmreq_free(&req);
+    return map_invalid(ret);
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_next_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
+              krb5_creds *cred_out)
+{
+    struct kcm_cursor *c = (struct kcm_cursor *)*cursor;
+    struct cred_list *list;
+
+    if (c->uuids != NULL)
+        return next_cred_by_uuid(context, cache, c->uuids, cred_out);
+
+    list = c->creds;
+    if (list->pos >= list->count)
+        return KRB5_CC_END;
+
+    /* Transfer memory ownership of one cred to the caller. */
+    *cred_out = list->creds[list->pos];
+    memset(&list->creds[list->pos], 0, sizeof(*list->creds));
+    list->pos++;
+
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_end_seq_get(krb5_context context, krb5_ccache cache,
+                krb5_cc_cursor *cursor)
+{
+    struct kcm_cursor *c = *cursor;
+
+    if (c == NULL)
+        return 0;
+    free_uuid_list(c->uuids);
+    free_cred_list(c->creds);
+    free(c);
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                krb5_creds *mcred)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    kcmreq_init(&req, KCM_OP_REMOVE_CRED, cache);
+    k5_buf_add_uint32_be(&req.reqbuf, map_tcflags(flags));
+    k5_marshal_mcred(&req.reqbuf, mcred);
+    ret = cache_call(context, cache, &req);
+    kcmreq_free(&req);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)
+{
+    /* We don't currently care about any flags for this type. */
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags_out)
+{
+    /* We don't currently have any operational flags for this type. */
+    *flags_out = 0;
+    return 0;
+}
+
+/* Construct a per-type cursor, always taking ownership of io and uuids. */
+static krb5_error_code
+make_ptcursor(const char *residual, struct uuid_list *uuids, struct kcmio *io,
+              krb5_cc_ptcursor *cursor_out)
+{
+    krb5_cc_ptcursor cursor = NULL;
+    struct kcm_ptcursor *data = NULL;
+    char *residual_copy = NULL;
+
+    *cursor_out = NULL;
+
+    if (residual != NULL) {
+        residual_copy = strdup(residual);
+        if (residual_copy == NULL)
+            goto oom;
+    }
+    cursor = malloc(sizeof(*cursor));
+    if (cursor == NULL)
+        goto oom;
+    data = malloc(sizeof(*data));
+    if (data == NULL)
+        goto oom;
+
+    data->residual = residual_copy;
+    data->uuids = uuids;
+    data->io = io;
+    data->first = TRUE;
+    cursor->ops = &krb5_kcm_ops;
+    cursor->data = data;
+    *cursor_out = cursor;
+    return 0;
+
+oom:
+    kcmio_close(io);
+    free_uuid_list(uuids);
+    free(residual_copy);
+    free(data);
+    free(cursor);
+    return ENOMEM;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    struct kcmio *io = NULL;
+    struct uuid_list *uuids = NULL;
+    const char *defname, *primary;
+
+    *cursor_out = NULL;
+
+    /* Don't try to use KCM for the cache collection unless the default cache
+     * name has the KCM type. */
+    defname = krb5_cc_default_name(context);
+    if (defname == NULL || strncmp(defname, "KCM:", 4) != 0)
+        return make_ptcursor(NULL, NULL, NULL, cursor_out);
+
+    ret = kcmio_connect(context, &io);
+    if (ret)
+        return ret;
+
+    /* If defname is a subsidiary cache, return a singleton cursor. */
+    if (strlen(defname) > 4)
+        return make_ptcursor(defname + 4, NULL, io, cursor_out);
+
+    kcmreq_init(&req, KCM_OP_GET_CACHE_UUID_LIST, NULL);
+    ret = kcmio_call(context, io, &req);
+    if (ret == KRB5_FCC_NOFILE) {
+        /* There are no accessible caches; return an empty cursor. */
+        ret = make_ptcursor(NULL, NULL, NULL, cursor_out);
+        goto cleanup;
+    }
+    if (ret)
+        goto cleanup;
+    ret = kcmreq_get_uuid_list(&req, &uuids);
+    if (ret)
+        goto cleanup;
+
+    kcmreq_free(&req);
+    kcmreq_init(&req, KCM_OP_GET_DEFAULT_CACHE, NULL);
+    ret = kcmio_call(context, io, &req);
+    if (ret)
+        goto cleanup;
+    ret = kcmreq_get_name(&req, &primary);
+    if (ret)
+        goto cleanup;
+
+    ret = make_ptcursor(primary, uuids, io, cursor_out);
+    uuids = NULL;
+    io = NULL;
+
+cleanup:
+    free_uuid_list(uuids);
+    kcmio_close(io);
+    kcmreq_free(&req);
+    return ret;
+}
+
+/* Return true if name is an initialized cache. */
+static krb5_boolean
+name_exists(krb5_context context, struct kcmio *io, const char *name)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    kcmreq_init(&req, KCM_OP_GET_PRINCIPAL, NULL);
+    k5_buf_add_len(&req.reqbuf, name, strlen(name) + 1);
+    ret = kcmio_call(context, io, &req);
+    kcmreq_free(&req);
+    return ret == 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
+                  krb5_ccache *cache_out)
+{
+    krb5_error_code ret = 0;
+    struct kcmreq req = EMPTY_KCMREQ;
+    struct kcm_ptcursor *data = cursor->data;
+    struct uuid_list *uuids;
+    const unsigned char *id;
+    const char *name;
+
+    *cache_out = NULL;
+
+    /* Return the primary or specified subsidiary cache if we haven't yet. */
+    if (data->first && data->residual != NULL) {
+        data->first = FALSE;
+        if (name_exists(context, data->io, data->residual))
+            return make_cache(context, data->residual, NULL, cache_out);
+    }
+
+    uuids = data->uuids;
+    if (uuids == NULL)
+        return 0;
+
+    while (uuids->pos < uuids->count) {
+        /* Get the name of the next cache. */
+        id = &uuids->uuidbytes[KCM_UUID_LEN * uuids->pos++];
+        kcmreq_free(&req);
+        kcmreq_init(&req, KCM_OP_GET_CACHE_BY_UUID, NULL);
+        k5_buf_add_len(&req.reqbuf, id, KCM_UUID_LEN);
+        ret = kcmio_call(context, data->io, &req);
+        /* Continue if the cache has been deleted. */
+        if (ret == KRB5_CC_END || ret == KRB5_FCC_NOFILE) {
+            ret = 0;
+            continue;
+        }
+        if (ret)
+            goto cleanup;
+        ret = kcmreq_get_name(&req, &name);
+        if (ret)
+            goto cleanup;
+
+        /* Don't yield the primary cache twice. */
+        if (strcmp(name, data->residual) == 0)
+            continue;
+
+        ret = make_cache(context, name, NULL, cache_out);
+        break;
+    }
+
+cleanup:
+    kcmreq_free(&req);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    struct kcm_ptcursor *data = (*cursor)->data;
+
+    free(data->residual);
+    free_uuid_list(data->uuids);
+    kcmio_close(data->io);
+    free(data);
+    free(*cursor);
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_replace(krb5_context context, krb5_ccache cache, krb5_principal princ,
+            krb5_creds **creds)
+{
+    krb5_error_code ret;
+    struct kcmreq req = EMPTY_KCMREQ;
+    size_t pos;
+    uint8_t *lenptr;
+    int ncreds, i;
+    krb5_os_context octx = &context->os_context;
+    int32_t offset;
+
+    kcmreq_init(&req, KCM_OP_REPLACE, cache);
+    offset = (octx->os_flags & KRB5_OS_TOFFSET_VALID) ? octx->time_offset : 0;
+    k5_buf_add_uint32_be(&req.reqbuf, offset);
+    k5_marshal_princ(&req.reqbuf, 4, princ);
+    for (ncreds = 0; creds[ncreds] != NULL; ncreds++);
+    k5_buf_add_uint32_be(&req.reqbuf, ncreds);
+    for (i = 0; creds[i] != NULL; i++) {
+        /* Store a dummy length, then fix it up after marshalling the cred. */
+        pos = req.reqbuf.len;
+        k5_buf_add_uint32_be(&req.reqbuf, 0);
+        k5_marshal_cred(&req.reqbuf, 4, creds[i]);
+        if (k5_buf_status(&req.reqbuf) == 0) {
+            lenptr = (uint8_t *)req.reqbuf.data + pos;
+            store_32_be(req.reqbuf.len - (pos + 4), lenptr);
+        }
+    }
+    ret = cache_call(context, cache, &req);
+    kcmreq_free(&req);
+
+    if (unsupported_op_error(ret))
+        return k5_nonatomic_replace(context, cache, princ, creds);
+
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_lock(krb5_context context, krb5_ccache cache)
+{
+    k5_cc_mutex_lock(context, &((struct kcm_cache_data *)cache->data)->lock);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_unlock(krb5_context context, krb5_ccache cache)
+{
+    k5_cc_mutex_unlock(context, &((struct kcm_cache_data *)cache->data)->lock);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+kcm_switch_to(krb5_context context, krb5_ccache cache)
+{
+    krb5_error_code ret;
+    struct kcmreq req;
+
+    kcmreq_init(&req, KCM_OP_SET_DEFAULT_CACHE, cache);
+    ret = cache_call(context, cache, &req);
+    kcmreq_free(&req);
+    return ret;
+}
+
+const krb5_cc_ops krb5_kcm_ops = {
+    0,
+    "KCM",
+    kcm_get_name,
+    kcm_resolve,
+    kcm_gen_new,
+    kcm_initialize,
+    kcm_destroy,
+    kcm_close,
+    kcm_store,
+    kcm_retrieve,
+    kcm_get_princ,
+    kcm_start_seq_get,
+    kcm_next_cred,
+    kcm_end_seq_get,
+    kcm_remove_cred,
+    kcm_set_flags,
+    kcm_get_flags,
+    kcm_ptcursor_new,
+    kcm_ptcursor_next,
+    kcm_ptcursor_free,
+    kcm_replace,
+    NULL, /* wasdefault */
+    kcm_lock,
+    kcm_unlock,
+    kcm_switch_to,
+};
+
+#endif /* not _WIN32 */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c
new file mode 100644
index 00000000..1dadeef6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c
@@ -0,0 +1,1749 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_keyring.c */
+/*
+ * Copyright (c) 2006
+ * The Regents of the University of Michigan
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+/*
+ * Copyright 1990,1991,1992,1993,1994,2000,2004 Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Original stdio support copyright 1995 by Cygnus Support.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This file implements a collection-enabled credential cache type where the
+ * credentials are stored in the Linux keyring facility.
+ *
+ * A residual of this type can have three forms:
+ *    anchor:collection:subsidiary
+ *    anchor:collection
+ *    collection
+ *
+ * The anchor name is "process", "thread", or "legacy" and determines where we
+ * search for keyring collections.  In the third form, the anchor name is
+ * presumed to be "legacy".  The anchor keyring for legacy caches is the
+ * session keyring.
+ *
+ * If the subsidiary name is present, the residual identifies a single cache
+ * within a collection.  Otherwise, the residual identifies the collection
+ * itself.  When a residual identifying a collection is resolved, the
+ * collection's primary key is looked up (or initialized, using the collection
+ * name as the subsidiary name), and the resulting cache's name will use the
+ * first name form and will identify the primary cache.
+ *
+ * Keyring collections are named "_krb_<collection>" and are linked from the
+ * anchor keyring.  The keys within a keyring collection are links to cache
+ * keyrings, plus a link to one user key named "krb_ccache:primary" which
+ * contains a serialized representation of the collection version (currently 1)
+ * and the primary name of the collection.
+ *
+ * Cache keyrings contain one user key per credential which contains a
+ * serialized representation of the credential.  There is also one user key
+ * named "__krb5_princ__" which contains a serialized representation of the
+ * cache's default principal.
+ *
+ * If the anchor name is "legacy", then the initial primary cache (the one
+ * named with the collection name) is also linked to the session keyring, and
+ * we look for a cache in that location when initializing the collection.  This
+ * extra link allows that cache to be visible to old versions of the KEYRING
+ * cache type, and allows us to see caches created by that code.
+ */
+
+#include "cc-int.h"
+
+#ifdef USE_KEYRING_CCACHE
+
+#include <errno.h>
+#include <keyutils.h>
+
+#ifdef DEBUG
+#define KRCC_DEBUG          1
+#endif
+
+#if KRCC_DEBUG
+void debug_print(char *fmt, ...);       /* prototype to silence warning */
+#include <syslog.h>
+#define DEBUG_PRINT(x) debug_print x
+void
+debug_print(char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+#ifdef DEBUG_STDERR
+    vfprintf(stderr, fmt, ap);
+#else
+    vsyslog(LOG_ERR, fmt, ap);
+#endif
+    va_end(ap);
+}
+#else
+#define DEBUG_PRINT(x)
+#endif
+
+/*
+ * We try to use the big_key key type for credentials except in legacy caches.
+ * We fall back to the user key type if the kernel does not support big_key.
+ * If the library doesn't support keyctl_get_persistent(), we don't even try
+ * big_key since the two features were added at the same time.
+ */
+#ifdef HAVE_PERSISTENT_KEYRING
+#define KRCC_CRED_KEY_TYPE "big_key"
+#else
+#define KRCC_CRED_KEY_TYPE "user"
+#endif
+
+/*
+ * We use the "user" key type for collection primary names, for cache principal
+ * names, and for credentials in legacy caches.
+ */
+#define KRCC_KEY_TYPE_USER "user"
+
+/*
+ * We create ccaches as separate keyrings
+ */
+#define KRCC_KEY_TYPE_KEYRING "keyring"
+
+/*
+ * Special name of the key within a ccache keyring
+ * holding principal information
+ */
+#define KRCC_SPEC_PRINC_KEYNAME "__krb5_princ__"
+
+/*
+ * Special name for the key to communicate the name(s)
+ * of credentials caches to be used for requests.
+ * This should currently contain a single name, but
+ * in the future may contain a list that may be
+ * intelligently chosen from.
+ */
+#define KRCC_SPEC_CCACHE_SET_KEYNAME "__krb5_cc_set__"
+
+/*
+ * This name identifies the key containing the name of the current primary
+ * cache within a collection.
+ */
+#define KRCC_COLLECTION_PRIMARY "krb_ccache:primary"
+
+/*
+ * If the library context does not specify a keyring collection, unique ccaches
+ * will be created within this collection.
+ */
+#define KRCC_DEFAULT_UNIQUE_COLLECTION "session:__krb5_unique__"
+
+/*
+ * Collection keyring names begin with this prefix.  We use a prefix so that a
+ * cache keyring with the collection name itself can be linked directly into
+ * the anchor, for legacy session keyring compatibility.
+ */
+#define KRCC_CCCOL_PREFIX "_krb_"
+
+/*
+ * For the "persistent" anchor type, we look up or create this fixed keyring
+ * name within the per-UID persistent keyring.
+ */
+#define KRCC_PERSISTENT_KEYRING_NAME "_krb"
+
+/*
+ * Name of the key holding time offsets for the individual cache
+ */
+#define KRCC_TIME_OFFSETS "__krb5_time_offsets__"
+
+/*
+ * Keyring name prefix and length of random name part
+ */
+#define KRCC_NAME_PREFIX "krb_ccache_"
+#define KRCC_NAME_RAND_CHARS 8
+
+#define KRCC_COLLECTION_VERSION 1
+
+#define KRCC_PERSISTENT_ANCHOR "persistent"
+#define KRCC_PROCESS_ANCHOR "process"
+#define KRCC_THREAD_ANCHOR "thread"
+#define KRCC_SESSION_ANCHOR "session"
+#define KRCC_USER_ANCHOR "user"
+#define KRCC_LEGACY_ANCHOR "legacy"
+
+typedef struct _krcc_cursor
+{
+    int numkeys;
+    int currkey;
+    key_serial_t princ_id;
+    key_serial_t offsets_id;
+    key_serial_t *keys;
+} *krcc_cursor;
+
+/*
+ * This represents a credentials cache "file"
+ * where cache_id is the keyring serial number for
+ * this credentials cache "file".  Each key
+ * in the keyring contains a separate key.
+ */
+typedef struct _krcc_data
+{
+    char *name;                 /* Name for this credentials cache */
+    k5_cc_mutex lock;           /* synchronization */
+    key_serial_t collection_id; /* collection containing this cache keyring */
+    key_serial_t cache_id;      /* keyring representing ccache */
+    key_serial_t princ_id;      /* key holding principal info */
+    krb5_boolean is_legacy_type;
+} krcc_data;
+
+/* Global mutex */
+k5_cc_mutex krb5int_krcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
+
+extern const krb5_cc_ops krb5_krcc_ops;
+
+static const char *KRB5_CALLCONV
+krcc_get_name(krb5_context context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV
+krcc_start_seq_get(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV
+krcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
+               krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV
+krcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV
+krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor);
+
+static krb5_error_code clear_cache_keyring(krb5_context context,
+                                           krb5_ccache id);
+
+static krb5_error_code make_krcc_data(const char *anchor_name,
+                                      const char *collection_name,
+                                      const char *subsidiary_name,
+                                      key_serial_t cache_id, key_serial_t
+                                      collection_id, krcc_data **datapp);
+
+static krb5_error_code save_principal(krb5_context context, krb5_ccache id,
+                                      krb5_principal princ);
+
+static krb5_error_code save_time_offsets(krb5_context context, krb5_ccache id,
+                                         int32_t time_offset,
+                                         int32_t usec_offset);
+
+static krb5_error_code get_time_offsets(krb5_context context, krb5_ccache id,
+                                        int32_t *time_offset,
+                                        int32_t *usec_offset);
+
+/* Note the following is a stub function for Linux */
+extern krb5_error_code krb5_change_cache(void);
+
+/*
+ * GET_PERSISTENT(uid) acquires the persistent keyring for uid, or falls back
+ * to the user keyring if uid matches the current effective uid.
+ */
+
+static key_serial_t
+get_persistent_fallback(uid_t uid)
+{
+    return (uid == geteuid()) ? KEY_SPEC_USER_KEYRING : -1;
+}
+
+#ifdef HAVE_PERSISTENT_KEYRING
+#define GET_PERSISTENT get_persistent_real
+static key_serial_t
+get_persistent_real(uid_t uid)
+{
+    key_serial_t key;
+
+    key = keyctl_get_persistent(uid, KEY_SPEC_PROCESS_KEYRING);
+    return (key == -1 && errno == ENOTSUP) ? get_persistent_fallback(uid) :
+        key;
+}
+#else
+#define GET_PERSISTENT get_persistent_fallback
+#endif
+
+/*
+ * If a process has no explicitly set session keyring, KEY_SPEC_SESSION_KEYRING
+ * will resolve to the user session keyring for ID lookup and reading, but in
+ * some kernel versions, writing to that special keyring will instead create a
+ * new empty session keyring for the process.  We do not want that; the keys we
+ * create would be invisible to other processes.  We can work around that
+ * behavior by explicitly writing to the user session keyring when it matches
+ * the session keyring.  This function returns the keyring we should write to
+ * for the session anchor.
+ */
+static key_serial_t
+session_write_anchor()
+{
+    key_serial_t s, u;
+
+    s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
+    u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
+    return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;
+}
+
+/*
+ * Find or create a keyring within parent with the given name.  If possess is
+ * nonzero, also make sure the key is linked from possess.  This is necessary
+ * to ensure that we have possession rights on the key when the parent is the
+ * user or persistent keyring.
+ */
+static krb5_error_code
+find_or_create_keyring(key_serial_t parent, key_serial_t possess,
+                       const char *name, key_serial_t *key_out)
+{
+    key_serial_t key;
+
+    *key_out = -1;
+    key = keyctl_search(parent, KRCC_KEY_TYPE_KEYRING, name, possess);
+    if (key == -1) {
+        if (possess != 0) {
+            key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, possess);
+            if (key == -1)
+                return errno;
+            if (keyctl_link(key, parent) == -1)
+                return errno;
+        } else {
+            key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, parent);
+            if (key == -1)
+                return errno;
+        }
+    }
+    *key_out = key;
+    return 0;
+}
+
+/* Parse a residual name into an anchor name, a collection name, and possibly a
+ * subsidiary name. */
+static krb5_error_code
+parse_residual(const char *residual, char **anchor_name_out,
+               char **collection_name_out, char **subsidiary_name_out)
+{
+    krb5_error_code ret;
+    char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
+    const char *sep;
+
+    *anchor_name_out = 0;
+    *collection_name_out = NULL;
+    *subsidiary_name_out = NULL;
+
+    /* Parse out the anchor name.  Use the legacy anchor if not present. */
+    sep = strchr(residual, ':');
+    if (sep == NULL) {
+        anchor_name = strdup(KRCC_LEGACY_ANCHOR);
+        if (anchor_name == NULL)
+            goto oom;
+    } else {
+        anchor_name = k5memdup0(residual, sep - residual, &ret);
+        if (anchor_name == NULL)
+            goto oom;
+        residual = sep + 1;
+    }
+
+    /* Parse out the collection and subsidiary name. */
+    sep = strchr(residual, ':');
+    if (sep == NULL) {
+        collection_name = strdup(residual);
+        if (collection_name == NULL)
+            goto oom;
+        subsidiary_name = NULL;
+    } else {
+        collection_name = k5memdup0(residual, sep - residual, &ret);
+        if (collection_name == NULL)
+            goto oom;
+        subsidiary_name = strdup(sep + 1);
+        if (subsidiary_name == NULL)
+            goto oom;
+    }
+
+    *anchor_name_out = anchor_name;
+    *collection_name_out = collection_name;
+    *subsidiary_name_out = subsidiary_name;
+    return 0;
+
+oom:
+    free(anchor_name);
+    free(collection_name);
+    free(subsidiary_name);
+    return ENOMEM;
+}
+
+/*
+ * Return true if residual identifies a subsidiary cache which should be linked
+ * into the anchor so it can be visible to old code.  This is the case if the
+ * residual has the legacy anchor and the subsidiary name matches the
+ * collection name.
+ */
+static krb5_boolean
+is_legacy_cache_name(const char *residual)
+{
+    const char *sep, *aname, *cname, *sname;
+    size_t alen, clen, legacy_len = sizeof(KRCC_LEGACY_ANCHOR) - 1;
+
+    /* Get pointers to the anchor, collection, and subsidiary names. */
+    aname = residual;
+    sep = strchr(residual, ':');
+    if (sep == NULL)
+        return FALSE;
+    alen = sep - aname;
+    cname = sep + 1;
+    sep = strchr(cname, ':');
+    if (sep == NULL)
+        return FALSE;
+    clen = sep - cname;
+    sname = sep + 1;
+
+    return alen == legacy_len && clen == strlen(sname) &&
+        strncmp(aname, KRCC_LEGACY_ANCHOR, alen) == 0 &&
+        strncmp(cname, sname, clen) == 0;
+}
+
+/* If the default cache name for context is a KEYRING cache, parse its residual
+ * string.  Otherwise set all outputs to NULL. */
+static krb5_error_code
+get_default(krb5_context context, char **anchor_name_out,
+            char **collection_name_out, char **subsidiary_name_out)
+{
+    const char *defname;
+
+    *anchor_name_out = *collection_name_out = *subsidiary_name_out = NULL;
+    defname = krb5_cc_default_name(context);
+    if (defname == NULL || strncmp(defname, "KEYRING:", 8) != 0)
+        return 0;
+    return parse_residual(defname + 8, anchor_name_out, collection_name_out,
+                          subsidiary_name_out);
+}
+
+/* Create a residual identifying a subsidiary cache. */
+static krb5_error_code
+make_subsidiary_residual(const char *anchor_name, const char *collection_name,
+                         const char *subsidiary_name, char **residual_out)
+{
+    if (asprintf(residual_out, "%s:%s:%s", anchor_name, collection_name,
+                 subsidiary_name) < 0) {
+        *residual_out = NULL;
+        return ENOMEM;
+    }
+    return 0;
+}
+
+/* Retrieve or create a keyring for collection_name within the anchor, and set
+ * *collection_id_out to its serial number. */
+static krb5_error_code
+get_collection(const char *anchor_name, const char *collection_name,
+               key_serial_t *collection_id_out)
+{
+    krb5_error_code ret;
+    key_serial_t persistent_id, anchor_id, possess_id = 0;
+    char *ckname, *cnend;
+    long uidnum;
+
+    *collection_id_out = 0;
+
+    if (strcmp(anchor_name, KRCC_PERSISTENT_ANCHOR) == 0) {
+        /*
+         * The collection name is a uid (or empty for the current effective
+         * uid), and we look up a fixed keyring name within the persistent
+         * keyring for that uid.  We link it to the process keyring to ensure
+         * that we have possession rights on the collection key.
+         */
+        if (*collection_name != '\0') {
+            errno = 0;
+            uidnum = strtol(collection_name, &cnend, 10);
+            if (errno || *cnend != '\0')
+                return KRB5_KCC_INVALID_UID;
+        } else {
+            uidnum = geteuid();
+        }
+        persistent_id = GET_PERSISTENT(uidnum);
+        if (persistent_id == -1)
+            return KRB5_KCC_INVALID_UID;
+        return find_or_create_keyring(persistent_id, KEY_SPEC_PROCESS_KEYRING,
+                                      KRCC_PERSISTENT_KEYRING_NAME,
+                                      collection_id_out);
+    }
+
+    if (strcmp(anchor_name, KRCC_PROCESS_ANCHOR) == 0) {
+        anchor_id = KEY_SPEC_PROCESS_KEYRING;
+    } else if (strcmp(anchor_name, KRCC_THREAD_ANCHOR) == 0) {
+        anchor_id = KEY_SPEC_THREAD_KEYRING;
+    } else if (strcmp(anchor_name, KRCC_SESSION_ANCHOR) == 0) {
+        anchor_id = session_write_anchor();
+    } else if (strcmp(anchor_name, KRCC_USER_ANCHOR) == 0) {
+        /* The user keyring does not confer possession, so we need to link the
+         * collection to the process keyring to maintain possession rights. */
+        anchor_id = KEY_SPEC_USER_KEYRING;
+        possess_id = KEY_SPEC_PROCESS_KEYRING;
+    } else if (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0) {
+        anchor_id = session_write_anchor();
+    } else {
+        return KRB5_KCC_INVALID_ANCHOR;
+    }
+
+    /* Look up the collection keyring name within the anchor keyring. */
+    if (asprintf(&ckname, "%s%s", KRCC_CCCOL_PREFIX, collection_name) == -1)
+        return ENOMEM;
+    ret = find_or_create_keyring(anchor_id, possess_id, ckname,
+                                 collection_id_out);
+    free(ckname);
+    return ret;
+}
+
+/* Store subsidiary_name into the primary index key for collection_id. */
+static krb5_error_code
+set_primary_name(krb5_context context, key_serial_t collection_id,
+                 const char *subsidiary_name)
+{
+    key_serial_t key;
+    uint32_t len = strlen(subsidiary_name), plen = 8 + len;
+    unsigned char *payload;
+
+    payload = malloc(plen);
+    if (payload == NULL)
+        return ENOMEM;
+    store_32_be(KRCC_COLLECTION_VERSION, payload);
+    store_32_be(len, payload + 4);
+    memcpy(payload + 8, subsidiary_name, len);
+    key = add_key(KRCC_KEY_TYPE_USER, KRCC_COLLECTION_PRIMARY,
+                  payload, plen, collection_id);
+    free(payload);
+    return (key == -1) ? errno : 0;
+}
+
+static krb5_error_code
+parse_index(krb5_context context, int32_t *version, char **primary,
+            const unsigned char *payload, size_t psize)
+{
+    krb5_error_code ret;
+    uint32_t len;
+
+    if (psize < 8)
+        return KRB5_CC_END;
+
+    *version = load_32_be(payload);
+    len = load_32_be(payload + 4);
+    if (len > psize - 8)
+        return KRB5_CC_END;
+    *primary = k5memdup0(payload + 8, len, &ret);
+    return (*primary == NULL) ? ret : 0;
+}
+
+/*
+ * Get or initialize the primary name within collection_id and set
+ * *subsidiary_out to its value.  If initializing a legacy collection, look
+ * for a legacy cache and add it to the collection.
+ */
+static krb5_error_code
+get_primary_name(krb5_context context, const char *anchor_name,
+                 const char *collection_name, key_serial_t collection_id,
+                 char **subsidiary_out)
+{
+    krb5_error_code ret;
+    key_serial_t primary_id, legacy;
+    void *payload = NULL;
+    int payloadlen;
+    int32_t version;
+    char *subsidiary_name = NULL;
+
+    *subsidiary_out = NULL;
+
+    primary_id = keyctl_search(collection_id, KRCC_KEY_TYPE_USER,
+                               KRCC_COLLECTION_PRIMARY, 0);
+    if (primary_id == -1) {
+        /* Initialize the primary key using the collection name.  We can't name
+         * a key with the empty string, so map that to an arbitrary string. */
+        subsidiary_name = strdup((*collection_name == '\0') ? "tkt" :
+                                 collection_name);
+        if (subsidiary_name == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        ret = set_primary_name(context, collection_id, subsidiary_name);
+        if (ret)
+            goto cleanup;
+
+        if (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0) {
+            /* Look for a cache created by old code.  If we find one, add it to
+             * the collection. */
+            legacy = keyctl_search(KEY_SPEC_SESSION_KEYRING,
+                                   KRCC_KEY_TYPE_KEYRING, subsidiary_name, 0);
+            if (legacy != -1 && keyctl_link(legacy, collection_id) == -1) {
+                ret = errno;
+                goto cleanup;
+            }
+        }
+    } else {
+        /* Read, parse, and free the primary key's payload. */
+        payloadlen = keyctl_read_alloc(primary_id, &payload);
+        if (payloadlen == -1) {
+            ret = errno;
+            goto cleanup;
+        }
+        ret = parse_index(context, &version, &subsidiary_name, payload,
+                          payloadlen);
+        if (ret)
+            goto cleanup;
+
+        if (version != KRCC_COLLECTION_VERSION) {
+            ret = KRB5_KCC_UNKNOWN_VERSION;
+            goto cleanup;
+        }
+    }
+
+    *subsidiary_out = subsidiary_name;
+    subsidiary_name = NULL;
+
+cleanup:
+    free(payload);
+    free(subsidiary_name);
+    return ret;
+}
+
+/*
+ * Create a keyring with a unique random name within collection_id.  Set
+ * *subsidiary to its name and *cache_id_out to its key serial number.
+ */
+static krb5_error_code
+unique_keyring(krb5_context context, key_serial_t collection_id,
+               char **subsidiary_out, key_serial_t *cache_id_out)
+{
+    key_serial_t key;
+    krb5_error_code ret;
+    char uniquename[sizeof(KRCC_NAME_PREFIX) + KRCC_NAME_RAND_CHARS];
+    int prefixlen = sizeof(KRCC_NAME_PREFIX) - 1;
+    int tries;
+
+    *subsidiary_out = NULL;
+    *cache_id_out = 0;
+
+    memcpy(uniquename, KRCC_NAME_PREFIX, sizeof(KRCC_NAME_PREFIX));
+    k5_cc_mutex_lock(context, &krb5int_krcc_mutex);
+
+    /* Loop until we successfully create a new ccache keyring with
+     * a unique name, or we get an error. Limit to 100 tries. */
+    tries = 100;
+    while (tries-- > 0) {
+        ret = krb5int_random_string(context, uniquename + prefixlen,
+                                    KRCC_NAME_RAND_CHARS);
+        if (ret)
+            goto cleanup;
+
+        key = keyctl_search(collection_id, KRCC_KEY_TYPE_KEYRING, uniquename,
+                            0);
+        if (key < 0) {
+            /* Name does not already exist.  Create it to reserve the name. */
+            key = add_key(KRCC_KEY_TYPE_KEYRING, uniquename, NULL, 0,
+                          collection_id);
+            if (key < 0) {
+                ret = errno;
+                goto cleanup;
+            }
+            break;
+        }
+    }
+
+    if (tries <= 0) {
+        ret = KRB5_CC_BADNAME;
+        goto cleanup;
+    }
+
+    *subsidiary_out = strdup(uniquename);
+    if (*subsidiary_out == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    *cache_id_out = key;
+    ret = 0;
+cleanup:
+    k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
+    return ret;
+}
+
+static krb5_error_code
+add_cred_key(const char *name, const void *payload, size_t plen,
+             key_serial_t cache_id, krb5_boolean legacy_type,
+             key_serial_t *key_out)
+{
+    key_serial_t key;
+
+    *key_out = -1;
+    if (!legacy_type) {
+        /* Try the preferred cred key type; fall back if no kernel support. */
+        key = add_key(KRCC_CRED_KEY_TYPE, name, payload, plen, cache_id);
+        if (key != -1) {
+            *key_out = key;
+            return 0;
+        } else if (errno != EINVAL && errno != ENODEV) {
+            return errno;
+        }
+    }
+    /* Use the user key type. */
+    key = add_key(KRCC_KEY_TYPE_USER, name, payload, plen, cache_id);
+    if (key == -1)
+        return errno;
+    *key_out = key;
+    return 0;
+}
+
+static void
+update_keyring_expiration(krb5_context context, krb5_ccache id)
+{
+    krcc_data *data = id->data;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_timestamp now, endtime = 0;
+    unsigned int timeout;
+
+    /*
+     * We have no way to know what is the actual timeout set on the keyring.
+     * We also cannot keep track of it in a local variable as another process
+     * can always modify the keyring independently, so just always enumerate
+     * all keys and find out the highest endtime time.
+     */
+
+    /* Find the maximum endtime of all creds in the cache. */
+    if (krcc_start_seq_get(context, id, &cursor) != 0)
+        return;
+    for (;;) {
+        if (krcc_next_cred(context, id, &cursor, &creds) != 0)
+            break;
+        if (ts_after(creds.times.endtime, endtime))
+            endtime = creds.times.endtime;
+        krb5_free_cred_contents(context, &creds);
+    }
+    (void)krcc_end_seq_get(context, id, &cursor);
+
+    if (endtime == 0)        /* No creds with end times */
+        return;
+
+    if (krb5_timeofday(context, &now) != 0)
+        return;
+
+    /* Setting the timeout to zero would reset the timeout, so we set it to one
+     * second instead if creds are already expired. */
+    timeout = ts_after(endtime, now) ? ts_interval(now, endtime) : 1;
+    (void)keyctl_set_timeout(data->cache_id, timeout);
+}
+
+/* Create or overwrite the cache keyring, and set the default principal. */
+static krb5_error_code KRB5_CALLCONV
+krcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
+{
+    krcc_data *data = (krcc_data *)id->data;
+    krb5_os_context os_ctx = &context->os_context;
+    krb5_error_code ret;
+    const char *cache_name, *p;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    ret = clear_cache_keyring(context, id);
+    if (ret)
+        goto out;
+
+    if (!data->cache_id) {
+        /* The key didn't exist at resolve time.  Check again and create the
+         * key if it still isn't there. */
+        p = strrchr(data->name, ':');
+        cache_name = (p != NULL) ? p + 1 : data->name;
+        ret = find_or_create_keyring(data->collection_id, 0, cache_name,
+                                     &data->cache_id);
+        if (ret)
+            goto out;
+    }
+
+    /* If this is the legacy cache in a legacy session collection, link it
+     * directly to the session keyring so that old code can see it. */
+    if (is_legacy_cache_name(data->name))
+        (void)keyctl_link(data->cache_id, session_write_anchor());
+
+    ret = save_principal(context, id, princ);
+
+    /* Save time offset if it is valid and this is not a legacy cache.  Legacy
+     * applications would fail to parse the new key in the cache keyring. */
+    if (!is_legacy_cache_name(data->name) &&
+        (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+        ret = save_time_offsets(context, id, os_ctx->time_offset,
+                                os_ctx->usec_offset);
+    }
+
+    if (ret == 0)
+        krb5_change_cache();
+
+out:
+    k5_cc_mutex_unlock(context, &data->lock);
+    return ret;
+}
+
+/* Release the ccache handle. */
+static krb5_error_code KRB5_CALLCONV
+krcc_close(krb5_context context, krb5_ccache id)
+{
+    krcc_data *data = id->data;
+
+    k5_cc_mutex_destroy(&data->lock);
+    free(data->name);
+    free(data);
+    free(id);
+    return 0;
+}
+
+/* Clear out a ccache keyring, unlinking all keys within it.  Call with the
+ * mutex locked. */
+static krb5_error_code
+clear_cache_keyring(krb5_context context, krb5_ccache id)
+{
+    krcc_data *data = id->data;
+    int res;
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+
+    DEBUG_PRINT(("clear_cache_keyring: cache_id %d, princ_id %d\n",
+                 data->cache_id, data->princ_id));
+
+    if (data->cache_id) {
+        res = keyctl_clear(data->cache_id);
+        if (res != 0)
+            return errno;
+    }
+    data->princ_id = 0;
+
+    return 0;
+}
+
+/* Destroy the cache keyring and release the handle. */
+static krb5_error_code KRB5_CALLCONV
+krcc_destroy(krb5_context context, krb5_ccache id)
+{
+    krb5_error_code ret = 0;
+    krcc_data *data = id->data;
+    int res;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    clear_cache_keyring(context, id);
+    if (data->cache_id) {
+        res = keyctl_unlink(data->cache_id, data->collection_id);
+        if (res < 0) {
+            ret = errno;
+            DEBUG_PRINT(("unlinking key %d from ring %d: %s", data->cache_id,
+                         data->collection_id, error_message(errno)));
+        }
+        /* If this is a legacy cache, unlink it from the session anchor. */
+        if (is_legacy_cache_name(data->name))
+            (void)keyctl_unlink(data->cache_id, session_write_anchor());
+    }
+
+    k5_cc_mutex_unlock(context, &data->lock);
+    k5_cc_mutex_destroy(&data->lock);
+    free(data->name);
+    free(data);
+    free(id);
+    krb5_change_cache();
+    return ret;
+}
+
+/* Create a cache handle for a cache ID. */
+static krb5_error_code
+make_cache(krb5_context context, key_serial_t collection_id,
+           key_serial_t cache_id, const char *anchor_name,
+           const char *collection_name, const char *subsidiary_name,
+           krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    krb5_os_context os_ctx = &context->os_context;
+    krb5_ccache ccache = NULL;
+    krcc_data *data;
+    key_serial_t pkey = 0;
+
+    /* Determine the key containing principal information, if present. */
+    pkey = keyctl_search(cache_id, KRCC_KEY_TYPE_USER, KRCC_SPEC_PRINC_KEYNAME,
+                         0);
+    if (pkey < 0)
+        pkey = 0;
+
+    ccache = malloc(sizeof(struct _krb5_ccache));
+    if (!ccache)
+        return ENOMEM;
+
+    ret = make_krcc_data(anchor_name, collection_name, subsidiary_name,
+                         cache_id, collection_id, &data);
+    if (ret) {
+        free(ccache);
+        return ret;
+    }
+
+    data->princ_id = pkey;
+    ccache->ops = &krb5_krcc_ops;
+    ccache->data = data;
+    ccache->magic = KV5M_CCACHE;
+    *cache_out = ccache;
+
+    /* Look up time offsets if necessary. */
+    if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
+        !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+        if (get_time_offsets(context, ccache, &os_ctx->time_offset,
+                             &os_ctx->usec_offset) == 0) {
+            os_ctx->os_flags &= ~KRB5_OS_TOFFSET_TIME;
+            os_ctx->os_flags |= KRB5_OS_TOFFSET_VALID;
+        }
+    }
+
+    return 0;
+}
+
+/* Create a keyring ccache handle for the given residual string. */
+static krb5_error_code KRB5_CALLCONV
+krcc_resolve(krb5_context context, krb5_ccache *id, const char *residual)
+{
+    krb5_error_code ret;
+    key_serial_t collection_id, cache_id;
+    char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
+
+    ret = parse_residual(residual, &anchor_name, &collection_name,
+                         &subsidiary_name);
+    if (ret)
+        goto cleanup;
+    ret = get_collection(anchor_name, collection_name, &collection_id);
+    if (ret)
+        goto cleanup;
+
+    if (subsidiary_name == NULL) {
+        /* Retrieve or initialize the primary name for the collection. */
+        ret = get_primary_name(context, anchor_name, collection_name,
+                               collection_id, &subsidiary_name);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Look up the cache keyring ID, if the cache is already initialized. */
+    cache_id = keyctl_search(collection_id, KRCC_KEY_TYPE_KEYRING,
+                             subsidiary_name, 0);
+    if (cache_id < 0)
+        cache_id = 0;
+
+    ret = make_cache(context, collection_id, cache_id, anchor_name,
+                     collection_name, subsidiary_name, id);
+    if (ret)
+        goto cleanup;
+
+cleanup:
+    free(anchor_name);
+    free(collection_name);
+    free(subsidiary_name);
+    return ret;
+}
+
+/* Prepare for a sequential iteration over the cache keyring. */
+static krb5_error_code KRB5_CALLCONV
+krcc_start_seq_get(krb5_context context, krb5_ccache id,
+                   krb5_cc_cursor *cursor)
+{
+    krcc_cursor krcursor;
+    krcc_data *data = id->data;
+    void *keys;
+    long size;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    if (!data->cache_id) {
+        k5_cc_mutex_unlock(context, &data->lock);
+        return KRB5_FCC_NOFILE;
+    }
+
+    size = keyctl_read_alloc(data->cache_id, &keys);
+    if (size == -1) {
+        DEBUG_PRINT(("Error getting from keyring: %s\n", strerror(errno)));
+        k5_cc_mutex_unlock(context, &data->lock);
+        return KRB5_CC_IO;
+    }
+
+    krcursor = calloc(1, sizeof(*krcursor));
+    if (krcursor == NULL) {
+        free(keys);
+        k5_cc_mutex_unlock(context, &data->lock);
+        return KRB5_CC_NOMEM;
+    }
+
+    krcursor->princ_id = data->princ_id;
+    krcursor->offsets_id = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER,
+                                         KRCC_TIME_OFFSETS, 0);
+    krcursor->numkeys = size / sizeof(key_serial_t);
+    krcursor->keys = keys;
+
+    k5_cc_mutex_unlock(context, &data->lock);
+    *cursor = krcursor;
+    return 0;
+}
+
+/* Get the next credential from the cache keyring. */
+static krb5_error_code KRB5_CALLCONV
+krcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
+               krb5_creds *creds)
+{
+    krcc_cursor krcursor;
+    krb5_error_code ret;
+    int psize;
+    void *payload = NULL;
+
+    memset(creds, 0, sizeof(krb5_creds));
+
+    /* The cursor has the entire list of keys. */
+    krcursor = *cursor;
+    if (krcursor == NULL)
+        return KRB5_CC_END;
+
+    while (krcursor->currkey < krcursor->numkeys) {
+        /* If we're pointing at the entry with the principal, or at the key
+         * with the time offsets, skip it. */
+        if (krcursor->keys[krcursor->currkey] == krcursor->princ_id ||
+            krcursor->keys[krcursor->currkey] == krcursor->offsets_id) {
+            krcursor->currkey++;
+            continue;
+        }
+
+        /* Read the key; the right size buffer will be allocated and
+         * returned. */
+        psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey],
+                                  &payload);
+        if (psize != -1) {
+            krcursor->currkey++;
+
+            /* Unmarshal the cred using the file ccache version 4 format. */
+            ret = k5_unmarshal_cred(payload, psize, 4, creds);
+            free(payload);
+            return ret;
+        } else if (errno != ENOKEY && errno != EACCES) {
+            DEBUG_PRINT(("Error reading key %d: %s\n",
+                         krcursor->keys[krcursor->currkey], strerror(errno)));
+            return KRB5_FCC_NOFILE;
+        }
+
+        /* The current key was unlinked, probably by a remove_cred call; move
+         * on to the next one. */
+        krcursor->currkey++;
+    }
+
+    /* No more keys in keyring. */
+    return KRB5_CC_END;
+}
+
+/* Release an iteration cursor. */
+static krb5_error_code KRB5_CALLCONV
+krcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krcc_cursor krcursor = *cursor;
+
+    if (krcursor != NULL) {
+        free(krcursor->keys);
+        free(krcursor);
+    }
+    *cursor = NULL;
+    return 0;
+}
+
+/* Create keyring data for a credential cache. */
+static krb5_error_code
+make_krcc_data(const char *anchor_name, const char *collection_name,
+               const char *subsidiary_name, key_serial_t cache_id,
+               key_serial_t collection_id, krcc_data **data_out)
+{
+    krb5_error_code ret;
+    krcc_data *data;
+
+    *data_out = NULL;
+
+    data = malloc(sizeof(krcc_data));
+    if (data == NULL)
+        return KRB5_CC_NOMEM;
+
+    ret = k5_cc_mutex_init(&data->lock);
+    if (ret) {
+        free(data);
+        return ret;
+    }
+
+    ret = make_subsidiary_residual(anchor_name, collection_name,
+                                   subsidiary_name, &data->name);
+    if (ret) {
+        k5_cc_mutex_destroy(&data->lock);
+        free(data);
+        return ret;
+    }
+    data->princ_id = 0;
+    data->cache_id = cache_id;
+    data->collection_id = collection_id;
+    data->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0);
+
+    *data_out = data;
+    return 0;
+}
+
+/* Create a new keyring cache with a unique name. */
+static krb5_error_code KRB5_CALLCONV
+krcc_generate_new(krb5_context context, krb5_ccache *id_out)
+{
+    krb5_ccache id = NULL;
+    krb5_error_code ret;
+    char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
+    char *new_subsidiary_name = NULL, *new_residual = NULL;
+    krcc_data *data;
+    key_serial_t collection_id;
+    key_serial_t cache_id = 0;
+
+    *id_out = NULL;
+
+    /* Determine the collection in which we will create the cache.*/
+    ret = get_default(context, &anchor_name, &collection_name,
+                      &subsidiary_name);
+    if (ret)
+        return ret;
+    if (anchor_name == NULL) {
+        ret = parse_residual(KRCC_DEFAULT_UNIQUE_COLLECTION, &anchor_name,
+                             &collection_name, &subsidiary_name);
+        if (ret)
+            return ret;
+    }
+    if (subsidiary_name != NULL) {
+        k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
+                  _("Can't create new subsidiary cache because default cache "
+                    "is already a subsidiary"));
+        ret = KRB5_DCC_CANNOT_CREATE;
+        goto cleanup;
+    }
+
+    /* Allocate memory */
+    id = malloc(sizeof(struct _krb5_ccache));
+    if (id == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    id->ops = &krb5_krcc_ops;
+
+    /* Make a unique keyring within the chosen collection. */
+    ret = get_collection(anchor_name, collection_name, &collection_id);
+    if (ret)
+        goto cleanup;
+    ret = unique_keyring(context, collection_id, &new_subsidiary_name,
+                         &cache_id);
+    if (ret)
+        goto cleanup;
+
+    ret = make_krcc_data(anchor_name, collection_name, new_subsidiary_name,
+                         cache_id, collection_id, &data);
+    if (ret)
+        goto cleanup;
+
+    id->data = data;
+    krb5_change_cache();
+
+cleanup:
+    free(anchor_name);
+    free(collection_name);
+    free(subsidiary_name);
+    free(new_subsidiary_name);
+    free(new_residual);
+    if (ret) {
+        free(id);
+        return ret;
+    }
+    *id_out = id;
+    return 0;
+}
+
+/* Return an alias to the residual string of the cache. */
+static const char *KRB5_CALLCONV
+krcc_get_name(krb5_context context, krb5_ccache id)
+{
+    return ((krcc_data *)id->data)->name;
+}
+
+/* Retrieve a copy of the default principal, if the cache is initialized. */
+static krb5_error_code KRB5_CALLCONV
+krcc_get_principal(krb5_context context, krb5_ccache id,
+                   krb5_principal *princ_out)
+{
+    krcc_data *data = id->data;
+    krb5_error_code ret;
+    void *payload = NULL;
+    int psize;
+
+    *princ_out = NULL;
+    k5_cc_mutex_lock(context, &data->lock);
+
+    if (!data->cache_id || !data->princ_id) {
+        ret = KRB5_FCC_NOFILE;
+        k5_setmsg(context, ret, _("Credentials cache keyring '%s' not found"),
+                  data->name);
+        goto errout;
+    }
+
+    psize = keyctl_read_alloc(data->princ_id, &payload);
+    if (psize == -1) {
+        DEBUG_PRINT(("Reading principal key %d: %s\n",
+                     data->princ_id, strerror(errno)));
+        ret = KRB5_CC_IO;
+        goto errout;
+    }
+
+    /* Unmarshal the principal using the file ccache version 4 format. */
+    ret = k5_unmarshal_princ(payload, psize, 4, princ_out);
+
+errout:
+    free(payload);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return ret;
+}
+
+/* Search for a credential within the cache keyring. */
+static krb5_error_code KRB5_CALLCONV
+krcc_retrieve(krb5_context context, krb5_ccache id,
+              krb5_flags whichfields, krb5_creds *mcreds,
+              krb5_creds *creds)
+{
+    return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+                                       creds);
+}
+
+/* Remove a credential from the cache keyring. */
+static krb5_error_code KRB5_CALLCONV
+krcc_remove_cred(krb5_context context, krb5_ccache cache,
+                 krb5_flags flags, krb5_creds *creds)
+{
+    krb5_error_code ret;
+    krcc_data *data = cache->data;
+    krb5_cc_cursor cursor;
+    krb5_creds c;
+    krcc_cursor krcursor;
+    key_serial_t key;
+    krb5_boolean match;
+
+    ret = krcc_start_seq_get(context, cache, &cursor);
+    if (ret)
+        return ret;
+
+    for (;;) {
+        ret = krcc_next_cred(context, cache, &cursor, &c);
+        if (ret)
+            break;
+        match = krb5int_cc_creds_match_request(context, flags, creds, &c);
+        krb5_free_cred_contents(context, &c);
+        if (match) {
+            krcursor = cursor;
+            key = krcursor->keys[krcursor->currkey - 1];
+            if (keyctl_unlink(key, data->cache_id) == -1) {
+                ret = errno;
+                break;
+            }
+        }
+    }
+
+    krcc_end_seq_get(context, cache, &cursor);
+    return (ret == KRB5_CC_END) ? 0 : ret;
+}
+
+/* Set flags on the cache.  (We don't care about any flags.) */
+static krb5_error_code KRB5_CALLCONV
+krcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+{
+    return 0;
+}
+
+/* Get the current operational flags (of which we have none) for the cache. */
+static krb5_error_code KRB5_CALLCONV
+krcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags_out)
+{
+    *flags_out = 0;
+    return 0;
+}
+
+/* Store a credential in the cache keyring. */
+static krb5_error_code KRB5_CALLCONV
+krcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
+{
+    krb5_error_code ret;
+    krcc_data *data = id->data;
+    struct k5buf buf = EMPTY_K5BUF;
+    char *keyname = NULL;
+    key_serial_t cred_key;
+    krb5_timestamp now;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    if (!data->cache_id) {
+        k5_cc_mutex_unlock(context, &data->lock);
+        return KRB5_FCC_NOFILE;
+    }
+
+    /* Get the service principal name and use it as the key name */
+    ret = krb5_unparse_name(context, creds->server, &keyname);
+    if (ret)
+        goto errout;
+
+    /* Serialize credential using the file ccache version 4 format. */
+    k5_buf_init_dynamic_zap(&buf);
+    k5_marshal_cred(&buf, 4, creds);
+    ret = k5_buf_status(&buf);
+    if (ret)
+        goto errout;
+
+    /* Add new key (credentials) into keyring */
+    DEBUG_PRINT(("krcc_store: adding new key '%s' to keyring %d\n",
+                 keyname, data->cache_id));
+    ret = add_cred_key(keyname, buf.data, buf.len, data->cache_id,
+                       data->is_legacy_type, &cred_key);
+    if (ret)
+        goto errout;
+
+    /* Set appropriate timeouts on cache keys. */
+    ret = krb5_timeofday(context, &now);
+    if (ret)
+        goto errout;
+
+    if (ts_after(creds->times.endtime, now)) {
+        (void)keyctl_set_timeout(cred_key,
+                                 ts_interval(now, creds->times.endtime));
+    }
+
+    update_keyring_expiration(context, id);
+
+errout:
+    k5_buf_free(&buf);
+    krb5_free_unparsed_name(context, keyname);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return ret;
+}
+
+/* Lock the cache handle against other threads.  (This does not lock the cache
+ * keyring against other processes.) */
+static krb5_error_code KRB5_CALLCONV
+krcc_lock(krb5_context context, krb5_ccache id)
+{
+    krcc_data *data = id->data;
+
+    k5_cc_mutex_lock(context, &data->lock);
+    return 0;
+}
+
+/* Unlock the cache handle. */
+static krb5_error_code KRB5_CALLCONV
+krcc_unlock(krb5_context context, krb5_ccache id)
+{
+    krcc_data *data = id->data;
+
+    k5_cc_mutex_unlock(context, &data->lock);
+    return 0;
+}
+
+static krb5_error_code
+save_principal(krb5_context context, krb5_ccache id, krb5_principal princ)
+{
+    krcc_data *data = id->data;
+    krb5_error_code ret;
+    struct k5buf buf;
+    key_serial_t newkey;
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+
+    /* Serialize princ using the file ccache version 4 format. */
+    k5_buf_init_dynamic(&buf);
+    k5_marshal_princ(&buf, 4, princ);
+    if (k5_buf_status(&buf) != 0)
+        return ENOMEM;
+
+    /* Add new key into keyring */
+#ifdef KRCC_DEBUG
+    {
+        krb5_error_code rc;
+        char *princname = NULL;
+        rc = krb5_unparse_name(context, princ, &princname);
+        DEBUG_PRINT(("save_principal: adding new key '%s' "
+                     "to keyring %d for principal '%s'\n",
+                     KRCC_SPEC_PRINC_KEYNAME, data->cache_id,
+                     rc ? "<unknown>" : princname));
+        if (rc == 0)
+            krb5_free_unparsed_name(context, princname);
+    }
+#endif
+    newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_PRINC_KEYNAME, buf.data,
+                     buf.len, data->cache_id);
+    if (newkey < 0) {
+        ret = errno;
+        DEBUG_PRINT(("Error adding principal key: %s\n", strerror(ret)));
+    } else {
+        data->princ_id = newkey;
+        ret = 0;
+    }
+
+    k5_buf_free(&buf);
+    return ret;
+}
+
+/* Add a key to the cache keyring containing the given time offsets. */
+static krb5_error_code
+save_time_offsets(krb5_context context, krb5_ccache id, int32_t time_offset,
+                  int32_t usec_offset)
+{
+    krcc_data *data = id->data;
+    key_serial_t newkey;
+    unsigned char payload[8];
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+
+    /* Prepare the payload. */
+    store_32_be(time_offset, payload);
+    store_32_be(usec_offset, payload + 4);
+
+    /* Add new key into keyring. */
+    newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS, payload, 8,
+                     data->cache_id);
+    if (newkey == -1)
+        return errno;
+    return 0;
+}
+
+/* Retrieve and parse the key in the cache keyring containing time offsets. */
+static krb5_error_code
+get_time_offsets(krb5_context context, krb5_ccache id, int32_t *time_offset,
+                 int32_t *usec_offset)
+{
+    krcc_data *data = id->data;
+    krb5_error_code ret = 0;
+    key_serial_t key;
+    void *payload = NULL;
+    int psize;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    if (!data->cache_id) {
+        ret = KRB5_FCC_NOFILE;
+        goto errout;
+    }
+
+    key = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER, KRCC_TIME_OFFSETS,
+                        0);
+    if (key == -1) {
+        ret = ENOENT;
+        goto errout;
+    }
+
+    psize = keyctl_read_alloc(key, &payload);
+    if (psize == -1) {
+        DEBUG_PRINT(("Reading time offsets key %d: %s\n",
+                     key, strerror(errno)));
+        ret = KRB5_CC_IO;
+        goto errout;
+    }
+
+    if (psize < 8) {
+        ret = KRB5_CC_END;
+        goto errout;
+    }
+    *time_offset = load_32_be(payload);
+    *usec_offset = load_32_be((char *)payload + 4);
+
+errout:
+    free(payload);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return ret;
+}
+
+struct krcc_ptcursor_data {
+    key_serial_t collection_id;
+    char *anchor_name;
+    char *collection_name;
+    char *subsidiary_name;
+    char *primary_name;
+    krb5_boolean first;
+    long num_keys;
+    long next_key;
+    key_serial_t *keys;
+};
+
+static krb5_error_code KRB5_CALLCONV
+krcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor_out)
+{
+    struct krcc_ptcursor_data *ptd;
+    krb5_cc_ptcursor cursor;
+    krb5_error_code ret;
+    void *keys;
+    long size;
+
+    *cursor_out = NULL;
+
+    cursor = k5alloc(sizeof(*cursor), &ret);
+    if (cursor == NULL)
+        return ENOMEM;
+    ptd = k5alloc(sizeof(*ptd), &ret);
+    if (ptd == NULL)
+        goto error;
+    cursor->ops = &krb5_krcc_ops;
+    cursor->data = ptd;
+    ptd->first = TRUE;
+
+    ret = get_default(context, &ptd->anchor_name, &ptd->collection_name,
+                      &ptd->subsidiary_name);
+    if (ret)
+        goto error;
+
+    /* If there is no default collection, return an empty cursor. */
+    if (ptd->anchor_name == NULL) {
+        *cursor_out = cursor;
+        return 0;
+    }
+
+    ret = get_collection(ptd->anchor_name, ptd->collection_name,
+                         &ptd->collection_id);
+    if (ret)
+        goto error;
+
+    if (ptd->subsidiary_name == NULL) {
+        ret = get_primary_name(context, ptd->anchor_name,
+                               ptd->collection_name, ptd->collection_id,
+                               &ptd->primary_name);
+        if (ret)
+            goto error;
+
+        size = keyctl_read_alloc(ptd->collection_id, &keys);
+        if (size == -1) {
+            ret = errno;
+            goto error;
+        }
+        ptd->keys = keys;
+        ptd->num_keys = size / sizeof(key_serial_t);
+    }
+
+    *cursor_out = cursor;
+    return 0;
+
+error:
+    krcc_ptcursor_free(context, &cursor);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor,
+                   krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    struct krcc_ptcursor_data *ptd = cursor->data;
+    key_serial_t key, cache_id = 0;
+    const char *first_name, *keytype, *sep, *subsidiary_name;
+    size_t keytypelen;
+    char *description = NULL;
+
+    *cache_out = NULL;
+
+    /* No keyring available */
+    if (ptd->collection_id == 0)
+        return 0;
+
+    if (ptd->first) {
+        /* Look for the primary cache for a collection cursor, or the
+         * subsidiary cache for a subsidiary cursor. */
+        ptd->first = FALSE;
+        first_name = (ptd->primary_name != NULL) ? ptd->primary_name :
+            ptd->subsidiary_name;
+        cache_id = keyctl_search(ptd->collection_id, KRCC_KEY_TYPE_KEYRING,
+                                 first_name, 0);
+        if (cache_id != -1) {
+            return make_cache(context, ptd->collection_id, cache_id,
+                              ptd->anchor_name, ptd->collection_name,
+                              first_name, cache_out);
+        }
+    }
+
+    /* A subsidiary cursor yields at most the first cache. */
+    if (ptd->subsidiary_name != NULL)
+        return 0;
+
+    keytype = KRCC_KEY_TYPE_KEYRING ";";
+    keytypelen = strlen(keytype);
+
+    for (; ptd->next_key < ptd->num_keys; ptd->next_key++) {
+        /* Free any previously retrieved key description. */
+        free(description);
+        description = NULL;
+
+        /*
+         * Get the key description, which should have the form:
+         *   typename;UID;GID;permissions;description
+         */
+        key = ptd->keys[ptd->next_key];
+        if (keyctl_describe_alloc(key, &description) < 0)
+            continue;
+        sep = strrchr(description, ';');
+        if (sep == NULL)
+            continue;
+        subsidiary_name = sep + 1;
+
+        /* Skip this key if it isn't a keyring. */
+        if (strncmp(description, keytype, keytypelen) != 0)
+            continue;
+
+        /* Don't repeat the primary cache. */
+        if (strcmp(subsidiary_name, ptd->primary_name) == 0)
+            continue;
+
+        /* We found a valid key */
+        ptd->next_key++;
+        ret = make_cache(context, ptd->collection_id, key, ptd->anchor_name,
+                         ptd->collection_name, subsidiary_name, cache_out);
+        free(description);
+        return ret;
+    }
+
+    free(description);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    struct krcc_ptcursor_data *ptd = (*cursor)->data;
+
+    if (ptd != NULL) {
+        free(ptd->anchor_name);
+        free(ptd->collection_name);
+        free(ptd->subsidiary_name);
+        free(ptd->primary_name);
+        free(ptd->keys);
+        free(ptd);
+    }
+    free(*cursor);
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krcc_switch_to(krb5_context context, krb5_ccache cache)
+{
+    krcc_data *data = cache->data;
+    krb5_error_code ret;
+    char *anchor_name = NULL, *collection_name = NULL, *subsidiary_name = NULL;
+    key_serial_t collection_id;
+
+    ret = parse_residual(data->name, &anchor_name, &collection_name,
+                         &subsidiary_name);
+    if (ret)
+        goto cleanup;
+    ret = get_collection(anchor_name, collection_name, &collection_id);
+    if (ret)
+        goto cleanup;
+    ret = set_primary_name(context, collection_id, subsidiary_name);
+
+cleanup:
+    free(anchor_name);
+    free(collection_name);
+    free(subsidiary_name);
+    return ret;
+}
+
+/*
+ * ccache implementation storing credentials in the Linux keyring facility
+ * The default is to put them at the session keyring level.
+ * If "KEYRING:process:" or "KEYRING:thread:" is specified, then they will
+ * be stored at the process or thread level respectively.
+ */
+const krb5_cc_ops krb5_krcc_ops = {
+    0,
+    "KEYRING",
+    krcc_get_name,
+    krcc_resolve,
+    krcc_generate_new,
+    krcc_initialize,
+    krcc_destroy,
+    krcc_close,
+    krcc_store,
+    krcc_retrieve,
+    krcc_get_principal,
+    krcc_start_seq_get,
+    krcc_next_cred,
+    krcc_end_seq_get,
+    krcc_remove_cred,
+    krcc_set_flags,
+    krcc_get_flags,        /* added after 1.4 release */
+    krcc_ptcursor_new,
+    krcc_ptcursor_next,
+    krcc_ptcursor_free,
+    NULL, /* move */
+    NULL, /* wasdefault */
+    krcc_lock,
+    krcc_unlock,
+    krcc_switch_to,
+};
+
+#else /* !USE_KEYRING_CCACHE */
+
+/*
+ * Export this, but it shouldn't be used.
+ */
+const krb5_cc_ops krb5_krcc_ops = {
+    0,
+    "KEYRING",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,                       /* added after 1.4 release */
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+};
+#endif  /* USE_KEYRING_CCACHE */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c
new file mode 100644
index 00000000..2df76ed4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c
@@ -0,0 +1,830 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_memory.c - Memory-based credential cache */
+/*
+ * Copyright 1990,1991,2000,2004,2008 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "cc-int.h"
+#include "../krb/int-proto.h"
+#include "k5-hashtab.h"
+#include <errno.h>
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_close
+(krb5_context, krb5_ccache id );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_destroy
+(krb5_context, krb5_ccache id );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_generate_new
+(krb5_context, krb5_ccache *id );
+
+static const char * KRB5_CALLCONV krb5_mcc_get_name
+(krb5_context, krb5_ccache id );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal
+(krb5_context, krb5_ccache id , krb5_principal *princ );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_initialize
+(krb5_context, krb5_ccache id , krb5_principal princ );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_next_cred
+(krb5_context,
+ krb5_ccache id ,
+ krb5_cc_cursor *cursor ,
+ krb5_creds *creds );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_resolve
+(krb5_context, krb5_ccache *id , const char *residual );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve
+(krb5_context,
+ krb5_ccache id ,
+ krb5_flags whichfields ,
+ krb5_creds *mcreds ,
+ krb5_creds *creds );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_store
+(krb5_context, krb5_ccache id , krb5_creds *creds );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_set_flags
+(krb5_context, krb5_ccache id , krb5_flags flags );
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_new
+(krb5_context, krb5_cc_ptcursor *);
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_next
+(krb5_context, krb5_cc_ptcursor, krb5_ccache *);
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_free
+(krb5_context, krb5_cc_ptcursor *);
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_lock
+(krb5_context context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_mcc_unlock
+(krb5_context context, krb5_ccache id);
+
+
+extern const krb5_cc_ops krb5_mcc_ops;
+extern krb5_error_code krb5_change_cache (void);
+
+#define KRB5_OK 0
+
+/* Individual credentials within a cache, in a linked list.  */
+typedef struct _krb5_mcc_link {
+    struct _krb5_mcc_link *next;
+    krb5_creds *creds;
+} krb5_mcc_link;
+
+/* Per-cache data header.  */
+typedef struct _krb5_mcc_data {
+    char *name;
+    k5_cc_mutex lock;
+    krb5_principal prin;
+    krb5_mcc_link *link;
+    krb5_mcc_link **tail;       /* Where to store next added cred */
+    /* Time offsets for clock-skewed clients.  */
+    krb5_int32 time_offset;
+    krb5_int32 usec_offset;
+    int refcount;               /* One for the table slot, one per handle */
+    int generation;             /* Incremented at each initialize */
+} krb5_mcc_data;
+
+/* Iterator over credentials in a memory cache. */
+struct mcc_cursor {
+    int generation;
+    krb5_mcc_link *next_link;
+};
+
+/* Iterator over memory caches.  */
+struct krb5_mcc_ptcursor_data {
+    krb5_boolean first;
+};
+
+k5_cc_mutex krb5int_mcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
+static struct k5_hashtab *mcc_hashtab = NULL;
+
+/* Ensure that mcc_hashtab is initialized.  Call with krb5int_mcc_mutex
+ * locked. */
+static krb5_error_code
+init_table(krb5_context context)
+{
+    krb5_error_code ret;
+    uint8_t seed[K5_HASH_SEED_LEN];
+    krb5_data d = make_data(seed, sizeof(seed));
+
+    if (mcc_hashtab != NULL)
+        return 0;
+    ret = krb5_c_random_make_octets(context, &d);
+    if (ret)
+        return ret;
+    return k5_hashtab_create(seed, 64, &mcc_hashtab);
+}
+
+/* Remove creds from d, invalidate any existing cursors, and unset the client
+ * principal.  The caller is responsible for locking. */
+static void
+empty_mcc_cache(krb5_context context, krb5_mcc_data *d)
+{
+    krb5_mcc_link *curr, *next;
+
+    for (curr = d->link; curr != NULL; curr = next) {
+        next = curr->next;
+        krb5_free_creds(context, curr->creds);
+        free(curr);
+    }
+    d->link = NULL;
+    d->tail = &d->link;
+    d->generation++;
+    krb5_free_principal(context, d->prin);
+    d->prin = NULL;
+}
+
+/* Remove all creds from d and initialize it with princ as the default client
+ * principal.  The caller is responsible for locking. */
+static krb5_error_code
+init_mcc_cache(krb5_context context, krb5_mcc_data *d, krb5_principal princ)
+{
+    krb5_os_context os_ctx = &context->os_context;
+
+    empty_mcc_cache(context, d);
+    if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+        /* Store client time offsets in the cache. */
+        d->time_offset = os_ctx->time_offset;
+        d->usec_offset = os_ctx->usec_offset;
+    }
+    return krb5_copy_principal(context, princ, &d->prin);
+}
+
+/* Add cred to d.  The caller is responsible for locking. */
+static krb5_error_code
+store_cred(krb5_context context, krb5_mcc_data *d, krb5_creds *cred)
+{
+    krb5_error_code ret;
+    krb5_mcc_link *new_node;
+
+    new_node = malloc(sizeof(*new_node));
+    if (new_node == NULL)
+        return ENOMEM;
+    new_node->next = NULL;
+    ret = krb5_copy_creds(context, cred, &new_node->creds);
+    if (ret) {
+        free(new_node);
+        return ret;
+    }
+
+    /* Place the new node at the tail of the list. */
+    *d->tail = new_node;
+    d->tail = &new_node->next;
+    return 0;
+}
+
+/*
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * Creates/refreshes the memory cred cache id.  If the cache exists, its
+ * contents are destroyed.
+ *
+ * Errors:
+ * system errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
+{
+    krb5_error_code ret;
+    krb5_mcc_data *d = id->data;
+
+    k5_cc_mutex_lock(context, &d->lock);
+    ret = init_mcc_cache(context, d, princ);
+    k5_cc_mutex_unlock(context, &d->lock);
+    if (ret == KRB5_OK)
+        krb5_change_cache();
+    return ret;
+}
+
+/*
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * Invalidates the id, and frees any resources associated with accessing
+ * the cache.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_close(krb5_context context, krb5_ccache id)
+{
+    krb5_mcc_data *d = id->data;
+    int count;
+
+    free(id);
+    k5_cc_mutex_lock(context, &d->lock);
+    count = --d->refcount;
+    k5_cc_mutex_unlock(context, &d->lock);
+    if (count == 0) {
+        /* This is the last active handle referencing d and d has been removed
+         * from the table, so we can release it. */
+        empty_mcc_cache(context, d);
+        free(d->name);
+        k5_cc_mutex_destroy(&d->lock);
+        free(d);
+    }
+    return KRB5_OK;
+}
+
+/*
+ * Effects:
+ * Destroys the contents of id. id is invalid after call.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_destroy(krb5_context context, krb5_ccache id)
+{
+    krb5_mcc_data *d = id->data;
+    krb5_boolean removed_from_table = FALSE;
+
+    /* Remove this node from the table if it is still present. */
+    k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
+    if (k5_hashtab_remove(mcc_hashtab, d->name, strlen(d->name)))
+        removed_from_table = TRUE;
+    k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+
+    /* Empty the cache and remove the reference for the table slot.  There will
+     * always be at least one reference left for the handle being destroyed. */
+    k5_cc_mutex_lock(context, &d->lock);
+    empty_mcc_cache(context, d);
+    if (removed_from_table)
+        d->refcount--;
+    k5_cc_mutex_unlock(context, &d->lock);
+
+    /* Invalidate the handle, possibly removing the last reference to d and
+     * freeing it. */
+    krb5_mcc_close(context, id);
+
+    krb5_change_cache ();
+    return KRB5_OK;
+}
+
+/*
+ * Requires:
+ * residual is a legal path name, and a null-terminated string
+ *
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * creates or accesses a memory-based cred cache that is referenced by
+ * residual.
+ *
+ * Returns:
+ * A filled in krb5_ccache structure "id".
+ *
+ * Errors:
+ * KRB5_CC_NOMEM - there was insufficient memory to allocate the
+ *              krb5_ccache.  id is undefined.
+ * system errors (mutex locks related)
+ */
+static krb5_error_code new_mcc_data (const char *, krb5_mcc_data **);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
+{
+    krb5_os_context os_ctx = &context->os_context;
+    krb5_ccache lid;
+    krb5_error_code err;
+    krb5_mcc_data *d;
+
+    k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
+    init_table(context);
+    d = k5_hashtab_get(mcc_hashtab, residual, strlen(residual));
+    if (d != NULL) {
+        k5_cc_mutex_lock(context, &d->lock);
+        d->refcount++;
+        k5_cc_mutex_unlock(context, &d->lock);
+    } else {
+        err = new_mcc_data(residual, &d);
+        if (err) {
+            k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+            return err;
+        }
+    }
+    k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+
+    lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL)
+        return KRB5_CC_NOMEM;
+
+    if ((context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) &&
+        !(os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)) {
+        /* Use the time offset from the cache entry */
+        os_ctx->time_offset = d->time_offset;
+        os_ctx->usec_offset = d->usec_offset;
+        os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+                            KRB5_OS_TOFFSET_VALID);
+    }
+
+    lid->ops = &krb5_mcc_ops;
+    lid->data = d;
+    *id = lid;
+    return KRB5_OK;
+}
+
+/*
+ * Effects:
+ * Prepares for a sequential search of the credentials cache.
+ * Returns a krb5_cc_cursor to be used with krb5_mcc_next_cred and
+ * krb5_mcc_end_seq_get.
+ *
+ * If the cache is modified between the time of this call and the time
+ * of the final krb5_mcc_end_seq_get, the results are undefined.
+ *
+ * Errors:
+ * KRB5_CC_NOMEM
+ * system errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id,
+                       krb5_cc_cursor *cursor)
+{
+    struct mcc_cursor *mcursor;
+    krb5_mcc_data *d;
+
+    mcursor = malloc(sizeof(*mcursor));
+    if (mcursor == NULL)
+        return KRB5_CC_NOMEM;
+    d = id->data;
+    k5_cc_mutex_lock(context, &d->lock);
+    mcursor->generation = d->generation;
+    mcursor->next_link = d->link;
+    k5_cc_mutex_unlock(context, &d->lock);
+    *cursor = mcursor;
+    return KRB5_OK;
+}
+
+/*
+ * Requires:
+ * cursor is a krb5_cc_cursor originally obtained from
+ * krb5_mcc_start_seq_get.
+ *
+ * Modifies:
+ * cursor, creds
+ *
+ * Effects:
+ * Fills in creds with the "next" credentals structure from the cache
+ * id.  The actual order the creds are returned in is arbitrary.
+ * Space is allocated for the variable length fields in the
+ * credentials structure, so the object returned must be passed to
+ * krb5_destroy_credential.
+ *
+ * The cursor is updated for the next call to krb5_mcc_next_cred.
+ *
+ * Errors:
+ * system errors
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_next_cred(krb5_context context, krb5_ccache id,
+                   krb5_cc_cursor *cursor, krb5_creds *creds)
+{
+    struct mcc_cursor *mcursor;
+    krb5_error_code retval;
+    krb5_mcc_data *d = id->data;
+
+    memset(creds, 0, sizeof(krb5_creds));
+    mcursor = *cursor;
+    if (mcursor->next_link == NULL)
+        return KRB5_CC_END;
+
+    /*
+     * Check the cursor generation against the cache generation in case the
+     * cache has been reinitialized or destroyed, freeing the pointer in the
+     * cursor.  Keep the cache locked while we copy the creds and advance the
+     * pointer, in case another thread reinitializes the cache after we check
+     * the generation.
+     */
+    k5_cc_mutex_lock(context, &d->lock);
+    if (mcursor->generation != d->generation) {
+        retval = KRB5_CC_END;
+        goto done;
+    }
+
+    /* Skip over removed creds. */
+    while (mcursor->next_link != NULL && mcursor->next_link->creds == NULL)
+        mcursor->next_link = mcursor->next_link->next;
+    if (mcursor->next_link == NULL) {
+        retval = KRB5_CC_END;
+        goto done;
+    }
+
+    retval = k5_copy_creds_contents(context, mcursor->next_link->creds, creds);
+    if (retval == 0)
+        mcursor->next_link = mcursor->next_link->next;
+
+done:
+    k5_cc_mutex_unlock(context, &d->lock);
+    return retval;
+}
+
+/*
+ * Requires:
+ * cursor is a krb5_cc_cursor originally obtained from
+ * krb5_mcc_start_seq_get.
+ *
+ * Modifies:
+ * id, cursor
+ *
+ * Effects:
+ * Finishes sequential processing of the memory credentials ccache id,
+ * and invalidates the cursor (it must never be used after this call).
+ */
+/* ARGSUSED */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    free(*cursor);
+    *cursor = NULL;
+    return KRB5_OK;
+}
+
+/*
+ * Utility routine: Creates the back-end data for a memory cache, and adds it
+ * to the global table.  Give the new object two references, one for the table
+ * slot and one for the caller's handle.
+ *
+ * Call with the global table lock held.
+ */
+static krb5_error_code
+new_mcc_data (const char *name, krb5_mcc_data **dataptr)
+{
+    krb5_error_code err;
+    krb5_mcc_data *d;
+
+    d = malloc(sizeof(krb5_mcc_data));
+    if (d == NULL)
+        return KRB5_CC_NOMEM;
+
+    err = k5_cc_mutex_init(&d->lock);
+    if (err) {
+        free(d);
+        return err;
+    }
+
+    d->name = strdup(name);
+    if (d->name == NULL) {
+        k5_cc_mutex_destroy(&d->lock);
+        free(d);
+        return KRB5_CC_NOMEM;
+    }
+    d->link = NULL;
+    d->tail = &d->link;
+    d->prin = NULL;
+    d->time_offset = 0;
+    d->usec_offset = 0;
+    d->refcount = 2;
+    d->generation = 0;
+
+    if (k5_hashtab_add(mcc_hashtab, d->name, strlen(d->name), d) != 0) {
+        free(d->name);
+        k5_cc_mutex_destroy(&d->lock);
+        free(d);
+        return KRB5_CC_NOMEM;
+    }
+
+    *dataptr = d;
+    return 0;
+}
+
+/*
+ * Effects:
+ * Creates a new memory cred cache whose name is guaranteed to be
+ * unique.  The name begins with the string TKT_ROOT (from mcc.h).
+ *
+ * Returns:
+ * The filled in krb5_ccache id.
+ *
+ * Errors:
+ * KRB5_CC_NOMEM - there was insufficient memory to allocate the
+ *              krb5_ccache.  id is undefined.
+ * system errors (from open, mutex locking)
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_generate_new (krb5_context context, krb5_ccache *id)
+{
+    krb5_ccache lid;
+    char uniquename[8];
+    krb5_error_code err;
+    krb5_mcc_data *d;
+
+    /* Allocate memory */
+    lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL)
+        return KRB5_CC_NOMEM;
+
+    lid->ops = &krb5_mcc_ops;
+
+    k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
+    init_table(context);
+
+    /* Check for uniqueness with mutex locked to avoid race conditions */
+    while (1) {
+        err = krb5int_random_string (context, uniquename, sizeof (uniquename));
+        if (err) {
+            k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+            free(lid);
+            return err;
+        }
+
+        if (k5_hashtab_get(mcc_hashtab, uniquename,
+                           strlen(uniquename)) == NULL)
+            break;
+    }
+
+    err = new_mcc_data(uniquename, &d);
+
+    k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+    if (err) {
+        free(lid);
+        return err;
+    }
+    lid->data = d;
+    *id = lid;
+    krb5_change_cache ();
+    return KRB5_OK;
+}
+
+/*
+ * Requires:
+ * id is a file credential cache
+ *
+ * Returns:
+ * A pointer to the name of the file cred cache id.
+ */
+const char * KRB5_CALLCONV
+krb5_mcc_get_name (krb5_context context, krb5_ccache id)
+{
+    return (char *) ((krb5_mcc_data *) id->data)->name;
+}
+
+/*
+ * Modifies:
+ * id, princ
+ *
+ * Effects:
+ * Retrieves the primary principal from id, as set with
+ * krb5_mcc_initialize.  The principal is returned is allocated
+ * storage that must be freed by the caller via krb5_free_principal.
+ *
+ * Errors:
+ * system errors
+ * ENOMEM
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
+{
+    krb5_error_code ret;
+    krb5_mcc_data *d = id->data;
+
+    *princ = NULL;
+    k5_cc_mutex_lock(context, &d->lock);
+    if (d->prin == NULL)
+        ret = KRB5_FCC_NOFILE;
+    else
+        ret = krb5_copy_principal(context, d->prin, princ);
+    k5_cc_mutex_unlock(context, &d->lock);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
+                  krb5_creds *mcreds, krb5_creds *creds)
+{
+    return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+                                       creds);
+}
+
+/*
+ * Modifies:
+ * the memory cache
+ *
+ * Effects:
+ * Remove the given creds from the ccache.
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                     krb5_creds *creds)
+{
+    krb5_mcc_data *data = (krb5_mcc_data *)cache->data;
+    krb5_mcc_link *l;
+
+    k5_cc_mutex_lock(context, &data->lock);
+
+    for (l = data->link; l != NULL; l = l->next) {
+        if (l->creds != NULL &&
+            krb5int_cc_creds_match_request(context, flags, creds, l->creds)) {
+            krb5_free_creds(context, l->creds);
+            l->creds = NULL;
+        }
+    }
+
+    k5_cc_mutex_unlock(context, &data->lock);
+    return 0;
+}
+
+
+/*
+ * Requires:
+ * id is a cred cache returned by krb5_mcc_resolve or
+ * krb5_mcc_generate_new.
+ *
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * Sets the operational flags of id to flags.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+{
+    return KRB5_OK;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
+{
+    *flags = 0;
+    return KRB5_OK;
+}
+
+/*
+ * Modifies:
+ * the memory cache
+ *
+ * Effects:
+ * Save away creds in the ccache.
+ *
+ * Errors:
+ * ENOMEM
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_mcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
+{
+    krb5_error_code ret;
+    krb5_mcc_data *d = id->data;
+
+    /* Place the new node at the tail of the list. */
+    k5_cc_mutex_lock(context, &d->lock);
+    ret = store_cred(context, d, creds);
+    k5_cc_mutex_unlock(context, &d->lock);
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_ptcursor_new(
+    krb5_context context,
+    krb5_cc_ptcursor *cursor)
+{
+    krb5_cc_ptcursor n = NULL;
+    struct krb5_mcc_ptcursor_data *cdata = NULL;
+
+    *cursor = NULL;
+
+    n = malloc(sizeof(*n));
+    if (n == NULL)
+        return ENOMEM;
+    n->ops = &krb5_mcc_ops;
+    cdata = malloc(sizeof(struct krb5_mcc_ptcursor_data));
+    if (cdata == NULL) {
+        free(n);
+        return ENOMEM;
+    }
+    n->data = cdata;
+    cdata->first = TRUE;
+    *cursor = n;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_ptcursor_next(
+    krb5_context context,
+    krb5_cc_ptcursor cursor,
+    krb5_ccache *ccache)
+{
+    struct krb5_mcc_ptcursor_data *cdata = NULL;
+    const char *defname;
+
+    *ccache = NULL;
+    cdata = cursor->data;
+    if (!cdata->first)
+        return 0;
+    cdata->first = FALSE;
+
+    defname = krb5_cc_default_name(context);
+    if (defname == NULL || strncmp(defname, "MEMORY:", 7) != 0)
+        return 0;
+
+    return krb5_cc_resolve(context, defname, ccache);
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_ptcursor_free(
+    krb5_context context,
+    krb5_cc_ptcursor *cursor)
+{
+    if (*cursor == NULL)
+        return 0;
+    if ((*cursor)->data != NULL)
+        free((*cursor)->data);
+    free(*cursor);
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_replace(krb5_context context, krb5_ccache id, krb5_principal princ,
+                 krb5_creds **creds)
+{
+    krb5_error_code ret;
+    krb5_mcc_data *d = id->data;
+    int i;
+
+    k5_cc_mutex_lock(context, &d->lock);
+    ret = init_mcc_cache(context, d, princ);
+    for (i = 0; !ret && creds[i] != NULL; i++)
+        ret = store_cred(context, d, creds[i]);
+    k5_cc_mutex_unlock(context, &d->lock);
+    if (!ret)
+        krb5_change_cache();
+    return ret;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_lock(krb5_context context, krb5_ccache id)
+{
+    krb5_mcc_data *data = (krb5_mcc_data *) id->data;
+
+    k5_cc_mutex_lock(context, &data->lock);
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_mcc_unlock(krb5_context context, krb5_ccache id)
+{
+    krb5_mcc_data *data = (krb5_mcc_data *) id->data;
+
+    k5_cc_mutex_unlock(context, &data->lock);
+    return 0;
+}
+
+const krb5_cc_ops krb5_mcc_ops = {
+    0,
+    "MEMORY",
+    krb5_mcc_get_name,
+    krb5_mcc_resolve,
+    krb5_mcc_generate_new,
+    krb5_mcc_initialize,
+    krb5_mcc_destroy,
+    krb5_mcc_close,
+    krb5_mcc_store,
+    krb5_mcc_retrieve,
+    krb5_mcc_get_principal,
+    krb5_mcc_start_seq_get,
+    krb5_mcc_next_cred,
+    krb5_mcc_end_seq_get,
+    krb5_mcc_remove_cred,
+    krb5_mcc_set_flags,
+    krb5_mcc_get_flags,
+    krb5_mcc_ptcursor_new,
+    krb5_mcc_ptcursor_next,
+    krb5_mcc_ptcursor_free,
+    krb5_mcc_replace,
+    NULL, /* wasdefault */
+    krb5_mcc_lock,
+    krb5_mcc_unlock,
+    NULL, /* switch_to */
+};
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_mslsa.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_mslsa.c
new file mode 100644
index 00000000..4931e6c1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_mslsa.c
@@ -0,0 +1,2212 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_mslsa.c */
+/*
+ * Copyright 2007 Secure Endpoints Inc.
+ *
+ * Copyright 2003,2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Copyright 2000 by Carnegie Mellon University
+ *
+ * All Rights Reserved
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted,
+ * provided that the above copyright notice appear in all copies and that
+ * both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of Carnegie Mellon
+ * University not be used in advertising or publicity pertaining to
+ * distribution of the software without specific, written prior
+ * permission.
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR
+ * ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Implementation of microsoft windows lsa credentials cache
+ */
+
+#ifdef _WIN32
+#define UNICODE
+#define _UNICODE
+
+#include <ntstatus.h>
+#define WIN32_NO_STATUS
+#include "k5-int.h"
+#include "com_err.h"
+#include "cc-int.h"
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <conio.h>
+#include <time.h>
+
+#define SECURITY_WIN32
+#include <security.h>
+#ifdef _WIN32_WINNT
+#undef _WIN32_WINNT
+#endif
+#define _WIN32_WINNT 0x0600
+#include <ntsecapi.h>
+
+
+#define MAX_MSG_SIZE 256
+#define MAX_MSPRINC_SIZE 1024
+
+/* THREAD SAFETY
+ * The function does_query_ticket_cache_ex2()
+ * contains static variables to cache the responses of the tests being
+ * performed.  There is no harm in the test being performed more than
+ * once since the result will always be the same.
+ */
+
+typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
+
+static VOID
+ShowWinError(LPSTR szAPI, DWORD dwError)
+{
+
+    // TODO - Write errors to event log so that scripts that don't
+    // check for errors will still get something in the event log
+
+    // This code is completely unsafe for use on non-English systems
+    // Any call to this function will result in the FormatMessage
+    // call failing and the program terminating.  This might have
+    // been acceptable when this code was part of ms2mit.exe as
+    // a standalone executable but it is not appropriate for a library
+
+#ifdef COMMENT
+    WCHAR szMsgBuf[MAX_MSG_SIZE];
+    DWORD dwRes;
+
+    printf("Error calling function %s: %lu\n", szAPI, dwError);
+
+    dwRes = FormatMessage (
+        FORMAT_MESSAGE_FROM_SYSTEM,
+        NULL,
+        dwError,
+        MAKELANGID (LANG_ENGLISH, SUBLANG_ENGLISH_US),
+        szMsgBuf,
+        MAX_MSG_SIZE,
+        NULL);
+    if (0 == dwRes) {
+        printf("FormatMessage failed with %d\n", GetLastError());
+        ExitProcess(EXIT_FAILURE);
+    }
+
+    printf("%S",szMsgBuf);
+#endif /* COMMENT */
+}
+
+static VOID
+ShowLsaError(LPSTR szAPI, NTSTATUS Status)
+{
+    //
+    // Convert the NTSTATUS to Winerror. Then call ShowWinError().
+    //
+    ShowWinError(szAPI, LsaNtStatusToWinError(Status));
+}
+
+static BOOL
+WINAPI
+UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen)
+{
+    CPINFO CodePageInfo;
+
+    GetCPInfo(CP_ACP, &CodePageInfo);
+
+    if (CodePageInfo.MaxCharSize > 1) {
+        // Only supporting non-Unicode strings
+        int reqLen = WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1,
+                                         NULL, 0, NULL, NULL);
+        if ( reqLen > nOutStringLen)
+        {
+            return FALSE;
+        } else {
+            if (WideCharToMultiByte(CP_ACP,
+                                    /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK,
+                                    (LPCWSTR) lpInputString, -1,
+                                    lpszOutputString,
+                                    nOutStringLen, NULL, NULL) == 0)
+                return FALSE;
+        }
+    }
+    else
+    {
+        // Looks like unicode, better translate it
+        if (WideCharToMultiByte(CP_ACP,
+                                /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK,
+                                (LPCWSTR) lpInputString, -1,
+                                lpszOutputString,
+                                nOutStringLen, NULL, NULL) == 0)
+            return FALSE;
+    }
+
+    return TRUE;
+}  // UnicodeToANSI
+
+static VOID
+WINAPI
+ANSIToUnicode(LPCSTR lpInputString, LPWSTR lpszOutputString, int nOutStringLen)
+{
+
+    CPINFO CodePageInfo;
+
+    GetCPInfo(CP_ACP, &CodePageInfo);
+
+    MultiByteToWideChar(CP_ACP, 0, lpInputString, -1,
+                        lpszOutputString, nOutStringLen);
+}  // ANSIToUnicode
+
+
+static void
+MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING * msprinc)
+{
+    char *aname = NULL;
+
+    if (!krb5_unparse_name(context, principal, &aname)) {
+        msprinc->Length = strlen(aname) * sizeof(WCHAR);
+        if ( msprinc->Length <= msprinc->MaximumLength )
+            ANSIToUnicode(aname, msprinc->Buffer, msprinc->MaximumLength);
+        else
+            msprinc->Length = 0;
+        krb5_free_unparsed_name(context,aname);
+    }
+}
+
+static BOOL
+UnicodeStringToMITPrinc(UNICODE_STRING *service, UNICODE_STRING *realm,
+                        krb5_context context, krb5_principal *principal)
+{
+    WCHAR princbuf[512];
+    WCHAR realmbuf[512];
+    char aname[512];
+
+    /* Convert the realm to a wchar string. */
+    realmbuf[0] = '\0';
+    wcsncpy(realmbuf, realm->Buffer, realm->Length / sizeof(WCHAR));
+    realmbuf[realm->Length / sizeof(WCHAR)] = 0;
+    /* Convert the principal components to a wchar string. */
+    princbuf[0]=0;
+    wcsncpy(princbuf, service->Buffer, service->Length/sizeof(WCHAR));
+    princbuf[service->Length/sizeof(WCHAR)]=0;
+    wcscat(princbuf, L"@");
+    wcscat(princbuf, realmbuf);
+    if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
+        if (krb5_parse_name(context, aname, principal) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+
+static BOOL
+KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context,
+                           krb5_principal *principal)
+{
+    WCHAR princbuf[512],tmpbuf[128];
+    char aname[512];
+    USHORT i;
+    princbuf[0]=0;
+    for (i=0;i<msprinc->NameCount;i++) {
+        wcsncpy(tmpbuf, msprinc->Names[i].Buffer,
+                msprinc->Names[i].Length/sizeof(WCHAR));
+        tmpbuf[msprinc->Names[i].Length/sizeof(WCHAR)]=0;
+        if (princbuf[0])
+            wcscat(princbuf, L"/");
+        wcscat(princbuf, tmpbuf);
+    }
+    wcscat(princbuf, L"@");
+    wcscat(princbuf, realm);
+    if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
+        if (krb5_parse_name(context, aname, principal) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+static time_t
+FileTimeToUnixTime(LARGE_INTEGER *ltime)
+{
+    FILETIME filetime, localfiletime;
+    SYSTEMTIME systime;
+    struct tm utime;
+    filetime.dwLowDateTime=ltime->LowPart;
+    filetime.dwHighDateTime=ltime->HighPart;
+    FileTimeToLocalFileTime(&filetime, &localfiletime);
+    FileTimeToSystemTime(&localfiletime, &systime);
+    utime.tm_sec=systime.wSecond;
+    utime.tm_min=systime.wMinute;
+    utime.tm_hour=systime.wHour;
+    utime.tm_mday=systime.wDay;
+    utime.tm_mon=systime.wMonth-1;
+    utime.tm_year=systime.wYear-1900;
+    utime.tm_isdst=-1;
+    return(mktime(&utime));
+}
+
+static void
+MSSessionKeyToMITKeyblock(KERB_CRYPTO_KEY *mskey, krb5_context context, krb5_keyblock *keyblock)
+{
+    krb5_keyblock tmpblock;
+    tmpblock.magic=KV5M_KEYBLOCK;
+    tmpblock.enctype=mskey->KeyType;
+    tmpblock.length=mskey->Length;
+    tmpblock.contents=mskey->Value;
+    krb5_copy_keyblock_contents(context, &tmpblock, keyblock);
+}
+
+static BOOL
+IsMSSessionKeyNull(KERB_CRYPTO_KEY *mskey)
+{
+    DWORD i;
+
+    if (mskey->KeyType == KERB_ETYPE_NULL)
+        return TRUE;
+
+    for ( i=0; i<mskey->Length; i++ ) {
+        if (mskey->Value[i])
+            return FALSE;
+    }
+
+    return TRUE;
+}
+
+static void
+MSFlagsToMITFlags(ULONG msflags, ULONG *mitflags)
+{
+    *mitflags=msflags;
+}
+
+static BOOL
+MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_data *ticket)
+{
+    krb5_data tmpdata, *newdata = 0;
+    krb5_error_code rc;
+
+    tmpdata.magic=KV5M_DATA;
+    tmpdata.length=msticket->EncodedTicketSize;
+    tmpdata.data=msticket->EncodedTicket;
+
+    // this is ugly and will break krb5_free_data()
+    // now that this is being done within the library it won't break krb5_free_data()
+    rc = krb5_copy_data(context, &tmpdata, &newdata);
+    if (rc)
+        return FALSE;
+
+    memcpy(ticket, newdata, sizeof(krb5_data));
+    free(newdata);
+    return TRUE;
+}
+
+static BOOL
+MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm,
+                krb5_context context, krb5_creds *creds)
+{
+    WCHAR wrealm[128];
+    ZeroMemory(creds, sizeof(krb5_creds));
+    creds->magic=KV5M_CREDS;
+
+    // construct Client Principal
+    wcsncpy(wrealm, ClientRealm.Buffer, ClientRealm.Length/sizeof(WCHAR));
+    wrealm[ClientRealm.Length/sizeof(WCHAR)]=0;
+    if (!KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client))
+        return FALSE;
+
+    // construct Service Principal
+    wcsncpy(wrealm, msticket->DomainName.Buffer,
+            msticket->DomainName.Length/sizeof(WCHAR));
+    wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0;
+    if (!KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server))
+        return FALSE;
+    MSSessionKeyToMITKeyblock(&msticket->SessionKey, context,
+                              &creds->keyblock);
+    MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags);
+    creds->times.starttime=FileTimeToUnixTime(&msticket->StartTime);
+    creds->times.endtime=FileTimeToUnixTime(&msticket->EndTime);
+    creds->times.renew_till=FileTimeToUnixTime(&msticket->RenewUntil);
+
+    creds->addresses = NULL;
+
+    return MSTicketToMITTicket(msticket, context, &creds->ticket);
+}
+
+/* CacheInfoEx2ToMITCred is used when we do not need the real ticket */
+static BOOL
+CacheInfoEx2ToMITCred(KERB_TICKET_CACHE_INFO_EX2 *info,
+                      krb5_context context, krb5_creds *creds)
+{
+    ZeroMemory(creds, sizeof(krb5_creds));
+    creds->magic=KV5M_CREDS;
+
+    // construct Client Principal
+    if (!UnicodeStringToMITPrinc(&info->ClientName, &info->ClientRealm,
+                                 context, &creds->client))
+        return FALSE;
+
+    // construct Service Principal
+    if (!UnicodeStringToMITPrinc(&info->ServerName, &info->ServerRealm,
+                                 context, &creds->server))
+        return FALSE;
+
+    creds->keyblock.magic = KV5M_KEYBLOCK;
+    creds->keyblock.enctype = info->SessionKeyType;
+    creds->ticket_flags = info->TicketFlags;
+    MSFlagsToMITFlags(info->TicketFlags, &creds->ticket_flags);
+    creds->times.starttime=FileTimeToUnixTime(&info->StartTime);
+    creds->times.endtime=FileTimeToUnixTime(&info->EndTime);
+    creds->times.renew_till=FileTimeToUnixTime(&info->RenewTime);
+
+    /* MS Tickets are addressless.  MIT requires an empty address
+     * not a NULL list of addresses.
+     */
+    creds->addresses = (krb5_address **)malloc(sizeof(krb5_address *));
+    if (creds->addresses == NULL)
+        return FALSE;
+    memset(creds->addresses, 0, sizeof(krb5_address *));
+
+    return TRUE;
+}
+
+static BOOL
+PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId)
+{
+    LSA_STRING Name;
+    NTSTATUS Status;
+
+    Status = LsaConnectUntrusted(
+        pLogonHandle
+    );
+
+    if (FAILED(Status))
+    {
+        ShowLsaError("LsaConnectUntrusted", Status);
+        return FALSE;
+    }
+
+    Name.Buffer = MICROSOFT_KERBEROS_NAME_A;
+    Name.Length = strlen(Name.Buffer);
+    Name.MaximumLength = Name.Length + 1;
+
+    Status = LsaLookupAuthenticationPackage(
+        *pLogonHandle,
+        &Name,
+        pPackageId
+    );
+
+    if (FAILED(Status))
+    {
+        ShowLsaError("LsaLookupAuthenticationPackage", Status);
+        return FALSE;
+    }
+
+    return TRUE;
+
+}
+
+/*
+ * This runtime check is only needed on Windows XP and Server 2003.
+ * It can safely be removed when we no longer wish to support any
+ * versions of those platforms.
+ */
+static BOOL
+does_query_ticket_cache_ex2 (void)
+{
+    static BOOL fChecked = FALSE;
+    static BOOL fEx2Response = FALSE;
+
+    if (!fChecked)
+    {
+        NTSTATUS Status = 0;
+        NTSTATUS SubStatus = 0;
+        HANDLE LogonHandle;
+        ULONG  PackageId;
+        ULONG RequestSize;
+        PKERB_QUERY_TKT_CACHE_REQUEST pCacheRequest = NULL;
+        PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pCacheResponse = NULL;
+        ULONG ResponseSize;
+
+        RequestSize = sizeof(*pCacheRequest) + 1;
+
+        if (!PackageConnectLookup(&LogonHandle, &PackageId))
+            return FALSE;
+
+        pCacheRequest = (PKERB_QUERY_TKT_CACHE_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+        if (!pCacheRequest) {
+            LsaDeregisterLogonProcess(LogonHandle);
+            return FALSE;
+        }
+
+        pCacheRequest->MessageType = KerbQueryTicketCacheEx2Message;
+        pCacheRequest->LogonId.LowPart = 0;
+        pCacheRequest->LogonId.HighPart = 0;
+
+        Status = LsaCallAuthenticationPackage( LogonHandle,
+                                               PackageId,
+                                               pCacheRequest,
+                                               RequestSize,
+                                               &pCacheResponse,
+                                               &ResponseSize,
+                                               &SubStatus
+        );
+
+        LocalFree(pCacheRequest);
+        LsaDeregisterLogonProcess(LogonHandle);
+
+        if (!(FAILED(Status) || FAILED(SubStatus))) {
+            LsaFreeReturnBuffer(pCacheResponse);
+            fEx2Response = TRUE;
+        }
+        fChecked = TRUE;
+    }
+
+    return fEx2Response;
+}
+
+static DWORD
+ConcatenateUnicodeStrings(UNICODE_STRING *pTarget, UNICODE_STRING Source1, UNICODE_STRING Source2)
+{
+    //
+    // The buffers for Source1 and Source2 cannot overlap pTarget's
+    // buffer.  Source1.Length + Source2.Length must be <= 0xFFFF,
+    // otherwise we overflow...
+    //
+
+    USHORT TotalSize = Source1.Length + Source2.Length;
+    PBYTE buffer = (PBYTE) pTarget->Buffer;
+
+    if (TotalSize > pTarget->MaximumLength)
+        return ERROR_INSUFFICIENT_BUFFER;
+
+    if ( pTarget->Buffer != Source1.Buffer )
+        memcpy(buffer, Source1.Buffer, Source1.Length);
+    memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
+
+    pTarget->Length = TotalSize;
+    return ERROR_SUCCESS;
+}
+
+static BOOL
+get_STRING_from_registry(HKEY hBaseKey, char * key, char * value, char * outbuf, DWORD  outlen)
+{
+    HKEY hKey;
+    DWORD dwCount;
+    LONG rc;
+
+    if (!outbuf || outlen == 0)
+        return FALSE;
+
+    rc = RegOpenKeyExA(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey);
+    if (rc)
+        return FALSE;
+
+    dwCount = outlen;
+    rc = RegQueryValueExA(hKey, value, 0, 0, (LPBYTE) outbuf, &dwCount);
+    RegCloseKey(hKey);
+
+    return rc?FALSE:TRUE;
+}
+
+static BOOL
+GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData)
+{
+    NTSTATUS Status = 0;
+    HANDLE  TokenHandle;
+    TOKEN_STATISTICS Stats;
+    DWORD   ReqLen;
+    BOOL    Success;
+
+    if (!ppSessionData)
+        return FALSE;
+    *ppSessionData = NULL;
+
+    Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
+    if ( !Success )
+        return FALSE;
+
+    Success = GetTokenInformation( TokenHandle, TokenStatistics, &Stats, sizeof(TOKEN_STATISTICS), &ReqLen );
+    CloseHandle( TokenHandle );
+    if ( !Success )
+        return FALSE;
+
+    Status = LsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData );
+    if ( FAILED(Status) || !ppSessionData )
+        return FALSE;
+
+    return TRUE;
+}
+
+static DWORD
+ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * outRequest, ULONG * outSize)
+{
+    DWORD Error;
+    UNICODE_STRING TargetPrefix;
+    USHORT TargetSize;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+
+    *outRequest = NULL;
+    *outSize = 0;
+
+    //
+    // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we
+    // can easily concatenate it later.
+    //
+
+    TargetPrefix.Buffer = L"krbtgt/";
+    TargetPrefix.Length = wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
+    TargetPrefix.MaximumLength = TargetPrefix.Length;
+
+    //
+    // We will need to concatenate the "krbtgt/" prefix and the
+    // Logon Session's DnsDomainName into our request's target name.
+    //
+    // Therefore, first compute the necessary buffer size for that.
+    //
+    // Note that we might theoretically have integer overflow.
+    //
+
+    TargetSize = TargetPrefix.Length + DomainName.Length;
+
+    //
+    // The ticket request buffer needs to be a single buffer.  That buffer
+    // needs to include the buffer for the target name.
+    //
+
+    RequestSize = sizeof(*pTicketRequest) + TargetSize;
+
+    //
+    // Allocate the request buffer and make sure it's zero-filled.
+    //
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return GetLastError();
+
+    //
+    // Concatenate the target prefix with the previous reponse's
+    // target domain.
+    //
+
+    pTicketRequest->TargetName.Length = 0;
+    pTicketRequest->TargetName.MaximumLength = TargetSize;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    Error = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
+                                      TargetPrefix,
+                                      DomainName);
+    *outRequest = pTicketRequest;
+    *outSize    = RequestSize;
+    return Error;
+}
+
+static BOOL
+PurgeAllTickets(HANDLE LogonHandle, ULONG  PackageId)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    KERB_PURGE_TKT_CACHE_REQUEST PurgeRequest;
+
+    PurgeRequest.MessageType = KerbPurgeTicketCacheMessage;
+    PurgeRequest.LogonId.LowPart = 0;
+    PurgeRequest.LogonId.HighPart = 0;
+    PurgeRequest.ServerName.Buffer = L"";
+    PurgeRequest.ServerName.Length = 0;
+    PurgeRequest.ServerName.MaximumLength = 0;
+    PurgeRequest.RealmName.Buffer = L"";
+    PurgeRequest.RealmName.Length = 0;
+    PurgeRequest.RealmName.MaximumLength = 0;
+    Status = LsaCallAuthenticationPackage(LogonHandle,
+                                          PackageId,
+                                          &PurgeRequest,
+                                          sizeof(PurgeRequest),
+                                          NULL,
+                                          NULL,
+                                          &SubStatus
+    );
+    if (FAILED(Status) || FAILED(SubStatus))
+        return FALSE;
+    return TRUE;
+}
+
+static BOOL
+PurgeTicketEx(HANDLE LogonHandle, ULONG  PackageId,
+              krb5_context context, krb5_flags flags, krb5_creds *cred)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    KERB_PURGE_TKT_CACHE_EX_REQUEST * pPurgeRequest;
+    DWORD dwRequestLen = sizeof(KERB_PURGE_TKT_CACHE_EX_REQUEST) + 4096;
+    char * cname = NULL, * crealm = NULL;
+    char * sname = NULL, * srealm = NULL;
+
+    if (krb5_unparse_name(context, cred->client, &cname))
+        return FALSE;
+
+    if (krb5_unparse_name(context, cred->server, &sname)) {
+        krb5_free_unparsed_name(context, cname);
+        return FALSE;
+    }
+
+    pPurgeRequest = malloc(dwRequestLen);
+    if ( pPurgeRequest == NULL )
+        return FALSE;
+    memset(pPurgeRequest, 0, dwRequestLen);
+
+    crealm = strrchr(cname, '@');
+    *crealm = '\0';
+    crealm++;
+
+    srealm = strrchr(sname, '@');
+    *srealm = '\0';
+    srealm++;
+
+    pPurgeRequest->MessageType = KerbPurgeTicketCacheExMessage;
+    pPurgeRequest->LogonId.LowPart = 0;
+    pPurgeRequest->LogonId.HighPart = 0;
+    pPurgeRequest->Flags = 0;
+    pPurgeRequest->TicketTemplate.ClientName.Buffer = (PWSTR)((CHAR *)pPurgeRequest + sizeof(KERB_PURGE_TKT_CACHE_EX_REQUEST));
+    pPurgeRequest->TicketTemplate.ClientName.Length = strlen(cname)*sizeof(WCHAR);
+    pPurgeRequest->TicketTemplate.ClientName.MaximumLength = 256;
+    ANSIToUnicode(cname, pPurgeRequest->TicketTemplate.ClientName.Buffer,
+                  pPurgeRequest->TicketTemplate.ClientName.MaximumLength);
+
+    pPurgeRequest->TicketTemplate.ClientRealm.Buffer = (PWSTR)(((CHAR *)pPurgeRequest)+sizeof(KERB_PURGE_TKT_CACHE_EX_REQUEST) + 512);
+    pPurgeRequest->TicketTemplate.ClientRealm.Length = strlen(crealm)*sizeof(WCHAR);
+    pPurgeRequest->TicketTemplate.ClientRealm.MaximumLength = 256;
+    ANSIToUnicode(crealm, pPurgeRequest->TicketTemplate.ClientRealm.Buffer,
+                  pPurgeRequest->TicketTemplate.ClientRealm.MaximumLength);
+
+    pPurgeRequest->TicketTemplate.ServerName.Buffer = (PWSTR)(((CHAR *)pPurgeRequest)+sizeof(KERB_PURGE_TKT_CACHE_EX_REQUEST) + 1024);
+    pPurgeRequest->TicketTemplate.ServerName.Length = strlen(sname)*sizeof(WCHAR);
+    pPurgeRequest->TicketTemplate.ServerName.MaximumLength = 256;
+    ANSIToUnicode(sname, pPurgeRequest->TicketTemplate.ServerName.Buffer,
+                  pPurgeRequest->TicketTemplate.ServerName.MaximumLength);
+
+    pPurgeRequest->TicketTemplate.ServerRealm.Buffer = (PWSTR)(((CHAR *)pPurgeRequest)+sizeof(KERB_PURGE_TKT_CACHE_EX_REQUEST) + 1536);
+    pPurgeRequest->TicketTemplate.ServerRealm.Length = strlen(srealm)*sizeof(WCHAR);
+    pPurgeRequest->TicketTemplate.ServerRealm.MaximumLength = 256;
+    ANSIToUnicode(srealm, pPurgeRequest->TicketTemplate.ServerRealm.Buffer,
+                  pPurgeRequest->TicketTemplate.ServerRealm.MaximumLength);
+
+    pPurgeRequest->TicketTemplate.StartTime;
+    pPurgeRequest->TicketTemplate.EndTime;
+    pPurgeRequest->TicketTemplate.RenewTime;
+    pPurgeRequest->TicketTemplate.EncryptionType = cred->keyblock.enctype;
+    pPurgeRequest->TicketTemplate.TicketFlags = flags;
+
+    Status = LsaCallAuthenticationPackage( LogonHandle,
+                                           PackageId,
+                                           pPurgeRequest,
+                                           dwRequestLen,
+                                           NULL,
+                                           NULL,
+                                           &SubStatus
+    );
+    free(pPurgeRequest);
+    krb5_free_unparsed_name(context,cname);
+    krb5_free_unparsed_name(context,sname);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+        return FALSE;
+    return TRUE;
+}
+
+static BOOL
+KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
+                  krb5_context context, krb5_creds *cred)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    KERB_SUBMIT_TKT_REQUEST * pSubmitRequest = NULL;
+    DWORD dwRequestLen;
+    krb5_auth_context auth_context = NULL;
+    krb5_keyblock * keyblock = 0;
+    krb5_replay_data replaydata;
+    krb5_data * krb_cred = 0;
+    krb5_error_code rc;
+    BOOL rv = FALSE;
+
+    if (krb5_auth_con_init(context, &auth_context)) {
+        return FALSE;
+    }
+
+    if (krb5_auth_con_setflags(context, auth_context,
+                               KRB5_AUTH_CONTEXT_RET_TIME)) {
+        return FALSE;
+    }
+
+    krb5_auth_con_getsendsubkey(context, auth_context, &keyblock);
+    if (keyblock == NULL)
+        krb5_auth_con_getkey(context, auth_context, &keyblock);
+
+    /* make up a key, any key, that can be used to generate the
+     * encrypted KRB_CRED pdu.  The Vista release LSA requires
+     * that an enctype other than NULL be used. */
+    if (keyblock == NULL) {
+        keyblock = (krb5_keyblock *)malloc(sizeof(krb5_keyblock));
+        if (keyblock == NULL)
+            return FALSE;
+        keyblock->enctype = ENCTYPE_ARCFOUR_HMAC;
+        keyblock->length = 16;
+        keyblock->contents = (krb5_octet *)malloc(16);
+        if (keyblock->contents == NULL)
+            goto cleanup;
+        keyblock->contents[0] = 0xde;
+        keyblock->contents[1] = 0xad;
+        keyblock->contents[2] = 0xbe;
+        keyblock->contents[3] = 0xef;
+        keyblock->contents[4] = 0xfe;
+        keyblock->contents[5] = 0xed;
+        keyblock->contents[6] = 0xf0;
+        keyblock->contents[7] = 0xd;
+        keyblock->contents[8] = 0xde;
+        keyblock->contents[9] = 0xad;
+        keyblock->contents[10] = 0xbe;
+        keyblock->contents[11] = 0xef;
+        keyblock->contents[12] = 0xfe;
+        keyblock->contents[13] = 0xed;
+        keyblock->contents[14] = 0xf0;
+        keyblock->contents[15] = 0xd;
+        krb5_auth_con_setsendsubkey(context, auth_context, keyblock);
+    }
+    rc = krb5_mk_1cred(context, auth_context, cred, &krb_cred, &replaydata);
+    if (rc)
+        goto cleanup;
+
+    dwRequestLen = sizeof(KERB_SUBMIT_TKT_REQUEST) + krb_cred->length + (keyblock ? keyblock->length : 0);
+
+    pSubmitRequest = (PKERB_SUBMIT_TKT_REQUEST)malloc(dwRequestLen);
+    if (pSubmitRequest == NULL)
+        goto cleanup;
+    memset(pSubmitRequest, 0, dwRequestLen);
+
+    pSubmitRequest->MessageType = KerbSubmitTicketMessage;
+    pSubmitRequest->LogonId.LowPart = 0;
+    pSubmitRequest->LogonId.HighPart = 0;
+    pSubmitRequest->Flags = 0;
+
+    if (keyblock) {
+        pSubmitRequest->Key.KeyType = keyblock->enctype;
+        pSubmitRequest->Key.Length = keyblock->length;
+        pSubmitRequest->Key.Offset = sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length;
+    } else {
+        pSubmitRequest->Key.KeyType = ENCTYPE_NULL;
+        pSubmitRequest->Key.Length = 0;
+        pSubmitRequest->Key.Offset = 0;
+    }
+    pSubmitRequest->KerbCredSize = krb_cred->length;
+    pSubmitRequest->KerbCredOffset = sizeof(KERB_SUBMIT_TKT_REQUEST);
+    memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST),
+           krb_cred->data, krb_cred->length);
+    if (keyblock)
+        memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length,
+               keyblock->contents, keyblock->length);
+    Status = LsaCallAuthenticationPackage( LogonHandle,
+                                           PackageId,
+                                           pSubmitRequest,
+                                           dwRequestLen,
+                                           NULL,
+                                           NULL,
+                                           &SubStatus
+    );
+
+    rv = (!FAILED(Status) && !FAILED(SubStatus));
+
+cleanup:
+    free(pSubmitRequest);
+    krb5_free_keyblock(context, keyblock);
+    krb5_free_data(context, krb_cred);
+    krb5_auth_con_free(context, auth_context);
+
+    return rv;
+}
+
+/*
+ * A simple function to determine if there is an exact match between two tickets
+ * We rely on the fact that the external tickets contain the raw Kerberos ticket.
+ * If the EncodedTicket fields match, the KERB_EXTERNAL_TICKETs must be the same.
+ */
+static BOOL
+KerbExternalTicketMatch( PKERB_EXTERNAL_TICKET one, PKERB_EXTERNAL_TICKET two )
+{
+    if ( one->EncodedTicketSize != two->EncodedTicketSize )
+        return FALSE;
+
+    if ( memcmp(one->EncodedTicket, two->EncodedTicket, one->EncodedTicketSize) )
+        return FALSE;
+
+    return TRUE;
+}
+
+krb5_boolean
+krb5_is_permitted_tgs_enctype(krb5_context context, krb5_const_principal princ, krb5_enctype etype)
+{
+    krb5_enctype *list, *ptr;
+    krb5_boolean ret;
+
+    if (krb5_get_tgs_ktypes(context, princ, &list))
+        return(0);
+
+    ret = 0;
+
+    for (ptr = list; *ptr; ptr++)
+        if (*ptr == etype)
+            ret = 1;
+
+    krb5_free_enctypes(context, list);
+
+    return(ret);
+}
+
+// to allow the purging of expired tickets from LSA cache.  This is necessary
+// to force the retrieval of new TGTs.  Microsoft does not appear to retrieve
+// new tickets when they expire.  Instead they continue to accept the expired
+// tickets.  This is safe to do because the LSA purges its cache when it
+// retrieves a new TGT (ms calls this renew) but not when it renews the TGT
+// (ms calls this refresh).
+// UAC-limited processes are not allowed to obtain a copy of the MSTGT
+// session key.  We used to check for UAC-limited processes and refuse all
+// access to the TGT, but this makes the MSLSA ccache completely unusable.
+// Instead we ought to just flag that the tgt session key is not valid.
+
+static BOOL
+GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNAL_TICKET **ticket, BOOL enforce_tgs_enctypes)
+{
+    //
+    // INVARIANTS:
+    //
+    //   (FAILED(Status) || FAILED(SubStatus)) ==> error
+    //   bIsLsaError ==> LsaCallAuthenticationPackage() error
+    //
+
+    BOOL bIsLsaError = FALSE;
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    DWORD   Error;
+
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG RequestSize;
+    ULONG ResponseSize;
+    int    purge_cache = 0;
+    int    ignore_cache = 0;
+    krb5_enctype *etype_list = NULL, *ptr = NULL, etype = 0;
+
+    memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST));
+    CacheRequest.MessageType = KerbRetrieveTicketMessage;
+    CacheRequest.LogonId.LowPart = 0;
+    CacheRequest.LogonId.HighPart = 0;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        &CacheRequest,
+        sizeof(CacheRequest),
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+    );
+
+    if (FAILED(Status))
+    {
+        // if the call to LsaCallAuthenticationPackage failed we cannot
+        // perform any queries most likely because the Kerberos package
+        // is not available or we do not have access
+        bIsLsaError = TRUE;
+        goto cleanup;
+    }
+
+    if (FAILED(SubStatus)) {
+        PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
+        BOOL    Success = FALSE;
+        OSVERSIONINFOEX verinfo;
+        int supported = 0;
+
+        // SubStatus 0x8009030E is not documented.  However, it appears
+        // to mean there is no TGT
+        if (SubStatus != 0x8009030E) {
+            bIsLsaError = TRUE;
+            goto cleanup;
+        }
+
+        verinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+        GetVersionEx((OSVERSIONINFO *)&verinfo);
+        supported = (verinfo.dwMajorVersion > 5) ||
+            (verinfo.dwMajorVersion == 5 && verinfo.dwMinorVersion >= 1);
+
+        // If we could not get a TGT from the cache we won't know what the
+        // Kerberos Domain should have been.  On Windows XP and 2003 Server
+        // we can extract it from the Security Logon Session Data.  However,
+        // the required fields are not supported on Windows 2000.  :(
+        if ( supported && GetSecurityLogonSessionData(&pSessionData) ) {
+            if ( pSessionData->DnsDomainName.Buffer ) {
+                Error = ConstructTicketRequest(pSessionData->DnsDomainName,
+                                               &pTicketRequest, &RequestSize);
+                LsaFreeReturnBuffer(pSessionData);
+                if ( Error )
+                    goto cleanup;
+            } else {
+                LsaFreeReturnBuffer(pSessionData);
+                bIsLsaError = TRUE;
+                goto cleanup;
+            }
+        } else {
+            CHAR  UserDnsDomain[256];
+            WCHAR UnicodeUserDnsDomain[256];
+            UNICODE_STRING wrapper;
+            if ( !get_STRING_from_registry(HKEY_CURRENT_USER,
+                                           "Volatile Environment",
+                                           "USERDNSDOMAIN",
+                                           UserDnsDomain,
+                                           sizeof(UserDnsDomain)
+                 ) )
+            {
+                goto cleanup;
+            }
+
+            ANSIToUnicode(UserDnsDomain,UnicodeUserDnsDomain,256);
+            wrapper.Buffer = UnicodeUserDnsDomain;
+            wrapper.Length = wcslen(UnicodeUserDnsDomain) * sizeof(WCHAR);
+            wrapper.MaximumLength = 256;
+
+            Error = ConstructTicketRequest(wrapper,
+                                           &pTicketRequest, &RequestSize);
+            if ( Error )
+                goto cleanup;
+        }
+    } else {
+        /* We have succeeded in obtaining a credential from the cache.
+         * Assuming the enctype is one that we support and the ticket
+         * has not expired and is not marked invalid we will use it.
+         * Otherwise, we must create a new ticket request and obtain
+         * a credential we can use.
+         */
+
+        /* Check Supported Enctypes */
+        if ( !enforce_tgs_enctypes ||
+             IsMSSessionKeyNull(&pTicketResponse->Ticket.SessionKey) ||
+             krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType) ) {
+            FILETIME Now, MinLife, EndTime, LocalEndTime;
+            __int64  temp;
+            // FILETIME is in units of 100 nano-seconds
+            // If obtained tickets are either expired or have a lifetime
+            // less than 20 minutes, retry ...
+            GetSystemTimeAsFileTime(&Now);
+            EndTime.dwLowDateTime=pTicketResponse->Ticket.EndTime.LowPart;
+            EndTime.dwHighDateTime=pTicketResponse->Ticket.EndTime.HighPart;
+            FileTimeToLocalFileTime(&EndTime, &LocalEndTime);
+            temp = Now.dwHighDateTime;
+            temp <<= 32;
+            temp = Now.dwLowDateTime;
+            temp += 1200 * 10000;
+            MinLife.dwHighDateTime = (DWORD)((temp >> 32) & 0xFFFFFFFF);
+            MinLife.dwLowDateTime = (DWORD)(temp & 0xFFFFFFFF);
+            if (CompareFileTime(&MinLife, &LocalEndTime) >= 0) {
+                purge_cache = 1;
+            }
+            if (pTicketResponse->Ticket.TicketFlags & KERB_TICKET_FLAGS_invalid) {
+                ignore_cache = 1;   // invalid, need to attempt a TGT request
+            }
+            goto cleanup;           // we have a valid ticket, all done
+        } else {
+            // not supported
+            ignore_cache = 1;
+        }
+
+        Error = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName,
+                                       &pTicketRequest, &RequestSize);
+        if ( Error ) {
+            goto cleanup;
+        }
+
+        //
+        // Free the previous response buffer so we can get the new response.
+        //
+
+        if ( pTicketResponse ) {
+            memset(pTicketResponse,0,sizeof(KERB_RETRIEVE_TKT_RESPONSE));
+            LsaFreeReturnBuffer(pTicketResponse);
+            pTicketResponse = NULL;
+        }
+
+        if ( purge_cache ) {
+            //
+            // Purge the existing tickets which we cannot use so new ones can
+            // be requested.  It is not possible to purge just the TGT.  All
+            // service tickets must be purged.
+            //
+            PurgeAllTickets(LogonHandle, PackageId);
+        }
+    }
+
+    //
+    // Initialize the request of the request.
+    //
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+    // Note: pTicketRequest->TargetName set up above
+    pTicketRequest->CacheOptions = ((ignore_cache || !purge_cache) ?
+                                    KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L);
+    pTicketRequest->TicketFlags = 0L;
+    pTicketRequest->EncryptionType = 0L;
+
+    Status = LsaCallAuthenticationPackage( LogonHandle,
+                                           PackageId,
+                                           pTicketRequest,
+                                           RequestSize,
+                                           &pTicketResponse,
+                                           &ResponseSize,
+                                           &SubStatus
+    );
+
+    if (FAILED(Status) || FAILED(SubStatus))
+    {
+        bIsLsaError = TRUE;
+        goto cleanup;
+    }
+
+    //
+    // Check to make sure the new tickets we received are of a type we support
+    //
+
+    /* Check Supported Enctypes */
+    if ( !enforce_tgs_enctypes ||
+         krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType) ) {
+        goto cleanup;       // we have a valid ticket, all done
+    }
+
+    if (krb5_get_tgs_ktypes(context, NULL, &etype_list)) {
+        /* No enctypes - nothing we can do. */
+        bIsLsaError = TRUE;
+        goto cleanup;
+    }
+
+    ptr = etype_list + 1;
+    etype = *etype_list;
+
+    while ( etype ) {
+        // Try once more but this time specify the Encryption Type
+        // (This will not store the retrieved tickets in the LSA cache unless
+        // 0 is supported.)
+        pTicketRequest->EncryptionType = etype;
+        pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_CACHE_TICKET;
+
+        if ( pTicketResponse ) {
+            memset(pTicketResponse,0,sizeof(KERB_RETRIEVE_TKT_RESPONSE));
+            LsaFreeReturnBuffer(pTicketResponse);
+            pTicketResponse = NULL;
+        }
+
+        Status = LsaCallAuthenticationPackage( LogonHandle,
+                                               PackageId,
+                                               pTicketRequest,
+                                               RequestSize,
+                                               &pTicketResponse,
+                                               &ResponseSize,
+                                               &SubStatus
+        );
+
+        if (FAILED(Status) || FAILED(SubStatus))
+        {
+            bIsLsaError = TRUE;
+            goto cleanup;
+        }
+
+        if ( pTicketResponse->Ticket.SessionKey.KeyType == etype &&
+             (!enforce_tgs_enctypes ||
+              krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType)) ) {
+            goto cleanup;       // we have a valid ticket, all done
+        }
+
+        if ( ptr ) {
+            etype = *ptr++;
+        } else {
+            etype = 0;
+        }
+    }
+
+cleanup:
+    if ( etype_list )
+        krb5_free_enctypes(context, etype_list);
+
+    if ( pTicketRequest )
+        LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+    {
+        if (bIsLsaError)
+        {
+            // XXX - Will be fixed later
+            if (FAILED(Status))
+                ShowLsaError("LsaCallAuthenticationPackage", Status);
+            if (FAILED(SubStatus))
+                ShowLsaError("LsaCallAuthenticationPackage", SubStatus);
+        }
+        else
+        {
+            ShowWinError("GetMSTGT", Status);
+        }
+
+        if (pTicketResponse) {
+            memset(pTicketResponse,0,sizeof(KERB_RETRIEVE_TKT_RESPONSE));
+            LsaFreeReturnBuffer(pTicketResponse);
+            pTicketResponse = NULL;
+        }
+        return(FALSE);
+    }
+
+    *ticket = &(pTicketResponse->Ticket);
+    return(TRUE);
+}
+
+static BOOL
+GetQueryTktCacheResponseEx(HANDLE LogonHandle, ULONG PackageId,
+                           PKERB_QUERY_TKT_CACHE_EX_RESPONSE * ppResponse)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_QUERY_TKT_CACHE_EX_RESPONSE pQueryResponse = NULL;
+    ULONG ResponseSize;
+
+    CacheRequest.MessageType = KerbQueryTicketCacheExMessage;
+    CacheRequest.LogonId.LowPart = 0;
+    CacheRequest.LogonId.HighPart = 0;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        &CacheRequest,
+        sizeof(CacheRequest),
+        &pQueryResponse,
+        &ResponseSize,
+        &SubStatus
+    );
+
+    if ( !(FAILED(Status) || FAILED(SubStatus)) ) {
+        *ppResponse = pQueryResponse;
+        return TRUE;
+    }
+
+    return FALSE;
+}
+
+static BOOL
+GetQueryTktCacheResponseEx2(HANDLE LogonHandle, ULONG PackageId,
+                            PKERB_QUERY_TKT_CACHE_EX2_RESPONSE * ppResponse)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pQueryResponse = NULL;
+    ULONG ResponseSize;
+
+    CacheRequest.MessageType = KerbQueryTicketCacheEx2Message;
+    CacheRequest.LogonId.LowPart = 0;
+    CacheRequest.LogonId.HighPart = 0;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        &CacheRequest,
+        sizeof(CacheRequest),
+        &pQueryResponse,
+        &ResponseSize,
+        &SubStatus
+    );
+
+    if ( !(FAILED(Status) || FAILED(SubStatus)) ) {
+        *ppResponse = pQueryResponse;
+        return TRUE;
+    }
+
+    return FALSE;
+}
+
+static BOOL
+GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId,
+                             krb5_context context, krb5_creds *creds,
+                             PKERB_EXTERNAL_TICKET *ticket)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG ResponseSize;
+
+    RequestSize = sizeof(*pTicketRequest) + MAX_MSPRINC_SIZE;
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return FALSE;
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+
+    pTicketRequest->TargetName.Length = 0;
+    pTicketRequest->TargetName.MaximumLength = MAX_MSPRINC_SIZE;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    MITPrincToMSPrinc(context, creds->server, &pTicketRequest->TargetName);
+    pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_CACHE_TICKET;
+    pTicketRequest->TicketFlags = creds->ticket_flags;
+    pTicketRequest->EncryptionType = creds->keyblock.enctype;
+
+    Status = LsaCallAuthenticationPackage( LogonHandle,
+                                           PackageId,
+                                           pTicketRequest,
+                                           RequestSize,
+                                           &pTicketResponse,
+                                           &ResponseSize,
+                                           &SubStatus
+    );
+
+    LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+        return(FALSE);
+
+    /* otherwise return ticket */
+    *ticket = &(pTicketResponse->Ticket);
+    return(TRUE);
+}
+
+static BOOL
+GetMSCacheTicketFromCacheInfoEx(HANDLE LogonHandle, ULONG PackageId,
+                                PKERB_TICKET_CACHE_INFO_EX tktinfo,
+                                PKERB_EXTERNAL_TICKET *ticket)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG ResponseSize;
+
+    RequestSize = sizeof(*pTicketRequest) + tktinfo->ServerName.Length;
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return FALSE;
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+    pTicketRequest->TargetName.Length = tktinfo->ServerName.Length;
+    pTicketRequest->TargetName.MaximumLength = tktinfo->ServerName.Length;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    memcpy(pTicketRequest->TargetName.Buffer,tktinfo->ServerName.Buffer, tktinfo->ServerName.Length);
+    pTicketRequest->CacheOptions = 0;
+    pTicketRequest->EncryptionType = tktinfo->EncryptionType;
+    pTicketRequest->TicketFlags = 0;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwardable )
+        pTicketRequest->TicketFlags |= KDC_OPT_FORWARDABLE;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwarded )
+        pTicketRequest->TicketFlags |= KDC_OPT_FORWARDED;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_proxiable )
+        pTicketRequest->TicketFlags |= KDC_OPT_PROXIABLE;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_renewable )
+        pTicketRequest->TicketFlags |= KDC_OPT_RENEWABLE;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        pTicketRequest,
+        RequestSize,
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+    );
+
+    LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+        return(FALSE);
+
+    /* otherwise return ticket */
+    *ticket = &(pTicketResponse->Ticket);
+
+    /* set the initial flag if we were attempting to retrieve one
+     * because Windows won't necessarily return the initial ticket
+     * to us.
+     */
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
+        (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
+
+    return(TRUE);
+}
+
+static BOOL
+GetMSCacheTicketFromCacheInfoEx2(HANDLE LogonHandle, ULONG PackageId,
+                                 PKERB_TICKET_CACHE_INFO_EX2 tktinfo,
+                                 PKERB_EXTERNAL_TICKET *ticket)
+{
+    NTSTATUS Status = 0;
+    NTSTATUS SubStatus = 0;
+    ULONG RequestSize;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG ResponseSize;
+
+    RequestSize = sizeof(*pTicketRequest) + tktinfo->ServerName.Length;
+
+    pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+    if (!pTicketRequest)
+        return FALSE;
+
+    pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+    pTicketRequest->LogonId.LowPart = 0;
+    pTicketRequest->LogonId.HighPart = 0;
+    pTicketRequest->TargetName.Length = tktinfo->ServerName.Length;
+    pTicketRequest->TargetName.MaximumLength = tktinfo->ServerName.Length;
+    pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+    memcpy(pTicketRequest->TargetName.Buffer,tktinfo->ServerName.Buffer, tktinfo->ServerName.Length);
+    pTicketRequest->CacheOptions = KERB_RETRIEVE_TICKET_CACHE_TICKET;
+    pTicketRequest->EncryptionType = tktinfo->SessionKeyType;
+    pTicketRequest->TicketFlags = 0;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwardable )
+        pTicketRequest->TicketFlags |= KDC_OPT_FORWARDABLE;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_forwarded )
+        pTicketRequest->TicketFlags |= KDC_OPT_FORWARDED;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_proxiable )
+        pTicketRequest->TicketFlags |= KDC_OPT_PROXIABLE;
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_renewable )
+        pTicketRequest->TicketFlags |= KDC_OPT_RENEWABLE;
+
+    Status = LsaCallAuthenticationPackage(
+        LogonHandle,
+        PackageId,
+        pTicketRequest,
+        RequestSize,
+        &pTicketResponse,
+        &ResponseSize,
+        &SubStatus
+    );
+
+    LocalFree(pTicketRequest);
+
+    if (FAILED(Status) || FAILED(SubStatus))
+        return(FALSE);
+
+    /* otherwise return ticket */
+    *ticket = &(pTicketResponse->Ticket);
+
+
+    /* set the initial flag if we were attempting to retrieve one
+     * because Windows won't necessarily return the initial ticket
+     * to us.
+     */
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
+        (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
+
+    return(TRUE);
+}
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_close
+(krb5_context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_destroy
+(krb5_context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_end_seq_get
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_generate_new
+(krb5_context, krb5_ccache *id);
+
+static const char * KRB5_CALLCONV krb5_lcc_get_name
+(krb5_context, krb5_ccache id);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_get_principal
+(krb5_context, krb5_ccache id, krb5_principal *princ);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_initialize
+(krb5_context, krb5_ccache id, krb5_principal princ);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_next_cred
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
+ krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_resolve
+(krb5_context, krb5_ccache *id, const char *residual);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_retrieve
+(krb5_context, krb5_ccache id, krb5_flags whichfields,
+ krb5_creds *mcreds, krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_start_seq_get
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_store
+(krb5_context, krb5_ccache id, krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_set_flags
+(krb5_context, krb5_ccache id, krb5_flags flags);
+
+static krb5_error_code KRB5_CALLCONV krb5_lcc_get_flags
+(krb5_context, krb5_ccache id, krb5_flags *flags);
+
+extern const krb5_cc_ops krb5_lcc_ops;
+
+krb5_error_code krb5_change_cache (void);
+
+krb5_boolean
+krb5int_cc_creds_match_request(krb5_context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds);
+
+#define KRB5_OK 0
+
+typedef struct _krb5_lcc_data {
+    HANDLE LogonHandle;
+    ULONG  PackageId;
+    char * cc_name;
+    krb5_principal princ;
+    krb5_flags flags;
+} krb5_lcc_data;
+
+typedef struct _krb5_lcc_cursor {
+    union {
+        PKERB_QUERY_TKT_CACHE_RESPONSE w2k;
+        PKERB_QUERY_TKT_CACHE_EX_RESPONSE xp;
+        PKERB_QUERY_TKT_CACHE_EX2_RESPONSE ex2;
+    } response;
+    unsigned int index;
+    PKERB_EXTERNAL_TICKET mstgt;
+} krb5_lcc_cursor;
+
+
+/*
+ * Requires:
+ * residual is ignored
+ *
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * Access the MS Kerberos LSA cache in the current logon session
+ * Ignore the residual.
+ *
+ * Returns:
+ * A filled in krb5_ccache structure "id".
+ *
+ * Errors:
+ * KRB5_CC_NOMEM - there was insufficient memory to allocate the
+ *
+ *              krb5_ccache.  id is undefined.
+ * permission errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
+{
+    krb5_ccache lid;
+    krb5_lcc_data *data;
+    HANDLE LogonHandle;
+    ULONG  PackageId, i;
+    PKERB_QUERY_TKT_CACHE_EX_RESPONSE pResponse;
+
+    if (!PackageConnectLookup(&LogonHandle, &PackageId))
+        return KRB5_FCC_NOFILE;
+
+    lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL) {
+        LsaDeregisterLogonProcess(LogonHandle);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->ops = &krb5_lcc_ops;
+
+    lid->data = (krb5_pointer) malloc(sizeof(krb5_lcc_data));
+    if (lid->data == NULL) {
+        free(lid);
+        LsaDeregisterLogonProcess(LogonHandle);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->magic = KV5M_CCACHE;
+    data = (krb5_lcc_data *)lid->data;
+    data->LogonHandle = LogonHandle;
+    data->PackageId = PackageId;
+    data->princ = NULL;
+    data->flags = 0;
+
+    data->cc_name = (char *)malloc(strlen(residual)+1);
+    if (data->cc_name == NULL) {
+        free(lid->data);
+        free(lid);
+        LsaDeregisterLogonProcess(LogonHandle);
+        return KRB5_CC_NOMEM;
+    }
+    strcpy(data->cc_name, residual);
+
+    /* If there are already tickets present, grab a client principal name. */
+    if (GetQueryTktCacheResponseEx(LogonHandle, PackageId, &pResponse)) {
+        /* Take the first client principal we find; they should all be the
+         * same anyway. */
+        for (i = 0; i < pResponse->CountOfTickets; i++) {
+            if (UnicodeStringToMITPrinc(&pResponse->Tickets[i].ClientName,
+                                        &pResponse->Tickets[i].ClientRealm,
+                                        context, &data->princ))
+                break;
+
+        }
+        LsaFreeReturnBuffer(pResponse);
+    }
+
+    /*
+     * other routines will get errors on open, and callers must expect them,
+     * if cache is non-existent/unusable
+     */
+    *id = lid;
+    return KRB5_OK;
+}
+
+/*
+ *  return success although we do not do anything
+ *  We should delete all tickets belonging to the specified principal
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags,
+                     krb5_creds *creds);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
+{
+    krb5_cc_cursor cursor;
+    krb5_error_code code;
+    krb5_creds cred;
+
+    code = krb5_cc_start_seq_get(context, id, &cursor);
+    if (code) {
+        if (code == KRB5_CC_NOTFOUND)
+            return KRB5_OK;
+        return code;
+    }
+
+    while ( !(code = krb5_cc_next_cred(context, id, &cursor, &cred)) )
+    {
+        if ( krb5_principal_compare(context, princ, cred.client) ) {
+            code = krb5_lcc_remove_cred(context, id, 0, &cred);
+        }
+        krb5_free_cred_contents(context, &cred);
+    }
+
+    if (code == KRB5_CC_END || code == KRB5_CC_NOTFOUND)
+    {
+        krb5_cc_end_seq_get(context, id, &cursor);
+        return KRB5_OK;
+    }
+    return code;
+}
+
+/*
+ * Modifies:
+ * id
+ *
+ * Effects:
+ * Closes the microsoft lsa cache, invalidates the id, and frees any resources
+ * associated with the cache.
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_close(krb5_context context, krb5_ccache id)
+{
+    int closeval = KRB5_OK;
+    krb5_lcc_data *data;
+
+    if (id) {
+        data = (krb5_lcc_data *) id->data;
+
+        if (data) {
+            LsaDeregisterLogonProcess(data->LogonHandle);
+            if (data->cc_name)
+                free(data->cc_name);
+            free(data);
+        }
+        free(id);
+    }
+    return closeval;
+}
+
+/*
+ * Effects:
+ * Destroys the contents of id.
+ *
+ * Errors:
+ * system errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_destroy(krb5_context context, krb5_ccache id)
+{
+    krb5_lcc_data *data;
+
+    if (id) {
+        data = (krb5_lcc_data *) id->data;
+
+        return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL;
+    }
+    return KRB5_FCC_INTERNAL;
+}
+
+/*
+ * Effects:
+ * Prepares for a sequential search of the credentials cache.
+ * Returns a krb5_cc_cursor to be used with krb5_lcc_next_cred and
+ * krb5_lcc_end_seq_get.
+ *
+ * If the cache is modified between the time of this call and the time
+ * of the final krb5_lcc_end_seq_get, the results are undefined.
+ *
+ * Errors:
+ * KRB5_CC_NOMEM
+ * KRB5_FCC_INTERNAL - system errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krb5_lcc_cursor *lcursor;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+
+    lcursor = (krb5_lcc_cursor *) malloc(sizeof(krb5_lcc_cursor));
+    if (lcursor == NULL) {
+        *cursor = 0;
+        return KRB5_CC_NOMEM;
+    }
+
+    /*
+     * obtain a tgt to refresh the ccache in case the ticket is expired
+     */
+    if (!GetMSTGT(context, data->LogonHandle, data->PackageId, &lcursor->mstgt, TRUE)) {
+        free(lcursor);
+        *cursor = 0;
+        return KRB5_CC_NOTFOUND;
+    }
+
+    if ( does_query_ticket_cache_ex2() ) {
+        if (!GetQueryTktCacheResponseEx2(data->LogonHandle, data->PackageId,
+                                         &lcursor->response.ex2)) {
+            LsaFreeReturnBuffer(lcursor->mstgt);
+            free(lcursor);
+            *cursor = 0;
+            return KRB5_FCC_INTERNAL;
+        }
+    } else
+        if (!GetQueryTktCacheResponseEx(data->LogonHandle, data->PackageId,
+                                        &lcursor->response.xp)) {
+            LsaFreeReturnBuffer(lcursor->mstgt);
+            free(lcursor);
+            *cursor = 0;
+            return KRB5_FCC_INTERNAL;
+        }
+    lcursor->index = 0;
+    *cursor = (krb5_cc_cursor) lcursor;
+    return KRB5_OK;
+}
+
+
+/*
+ * Requires:
+ * cursor is a krb5_cc_cursor originally obtained from
+ * krb5_lcc_start_seq_get.
+ *
+ * Modifies:
+ * cursor
+ *
+ * Effects:
+ * Fills in creds with the TGT obtained from the MS LSA
+ *
+ * The cursor is updated to indicate TGT retrieval
+ *
+ * Errors:
+ * KRB5_CC_END
+ * KRB5_FCC_INTERNAL - system errors
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)
+{
+    krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
+    krb5_lcc_data *data;
+    KERB_EXTERNAL_TICKET *msticket;
+    krb5_error_code  retval = KRB5_OK;
+
+    data = (krb5_lcc_data *)id->data;
+
+next_cred:
+    if ( does_query_ticket_cache_ex2() ) {
+        if ( lcursor->index >= lcursor->response.ex2->CountOfTickets ) {
+            if (retval == KRB5_OK)
+                return KRB5_CC_END;
+            else {
+                LsaFreeReturnBuffer(lcursor->mstgt);
+                LsaFreeReturnBuffer(lcursor->response.ex2);
+                free(*cursor);
+                *cursor = 0;
+                return retval;
+            }
+        }
+
+        if ( data->flags & KRB5_TC_NOTICKET ) {
+            if (!CacheInfoEx2ToMITCred( &lcursor->response.ex2->Tickets[lcursor->index++],
+                                        context, creds)) {
+                retval = KRB5_FCC_INTERNAL;
+                goto next_cred;
+            }
+            return KRB5_OK;
+        } else {
+            if (!GetMSCacheTicketFromCacheInfoEx2(data->LogonHandle,
+                                                  data->PackageId,
+                                                  &lcursor->response.ex2->Tickets[lcursor->index++],&msticket)) {
+                retval = KRB5_FCC_INTERNAL;
+                goto next_cred;
+            }
+        }
+    } else {
+        if (lcursor->index >= lcursor->response.xp->CountOfTickets) {
+            if (retval == KRB5_OK) {
+                return KRB5_CC_END;
+            } else {
+                LsaFreeReturnBuffer(lcursor->mstgt);
+                LsaFreeReturnBuffer(lcursor->response.xp);
+                free(*cursor);
+                *cursor = 0;
+                return retval;
+            }
+        }
+
+        if (!GetMSCacheTicketFromCacheInfoEx(data->LogonHandle,
+                                             data->PackageId,
+                                             &lcursor->response.xp->Tickets[lcursor->index++],
+                                             &msticket)) {
+            retval = KRB5_FCC_INTERNAL;
+            goto next_cred;
+        }
+    }
+
+    /* Don't return tickets with NULL Session Keys */
+    if ( IsMSSessionKeyNull(&msticket->SessionKey) ) {
+        LsaFreeReturnBuffer(msticket);
+        goto next_cred;
+    }
+
+    /* convert the ticket */
+    if ( does_query_ticket_cache_ex2() ) {
+        if (!MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds))
+            retval = KRB5_FCC_INTERNAL;
+    } else {
+        if (!MSCredToMITCred(msticket,
+                             lcursor->response.xp->Tickets[lcursor->index -
+                                 1].ClientRealm,
+                             context, creds))
+            retval = KRB5_FCC_INTERNAL;
+    }
+    LsaFreeReturnBuffer(msticket);
+    return retval;
+}
+
+/*
+ * Requires:
+ * cursor is a krb5_cc_cursor originally obtained from
+ * krb5_lcc_start_seq_get.
+ *
+ * Modifies:
+ * id, cursor
+ *
+ * Effects:
+ * Finishes sequential processing of the file credentials ccache id,
+ * and invalidates the cursor (it must never be used after this call).
+ */
+/* ARGSUSED */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+{
+    krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
+
+    if ( lcursor ) {
+        LsaFreeReturnBuffer(lcursor->mstgt);
+        if ( does_query_ticket_cache_ex2() )
+            LsaFreeReturnBuffer(lcursor->response.ex2);
+        else
+            LsaFreeReturnBuffer(lcursor->response.xp);
+        free(*cursor);
+    }
+    *cursor = 0;
+
+    return KRB5_OK;
+}
+
+
+/*
+ * Errors:
+ * KRB5_CC_READONLY - not supported
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
+{
+    return KRB5_CC_READONLY;
+}
+
+/*
+ * Requires:
+ * id is a ms lsa credential cache
+ *
+ * Returns:
+ *   The ccname specified during the krb5_lcc_resolve call
+ */
+static const char * KRB5_CALLCONV
+krb5_lcc_get_name (krb5_context context, krb5_ccache id)
+{
+
+    if ( !id )
+        return "";
+
+    return (char *) ((krb5_lcc_data *) id->data)->cc_name;
+}
+
+/*
+ * Modifies:
+ * id, princ
+ *
+ * Effects:
+ * Retrieves the primary principal from id, as set with
+ * krb5_lcc_initialize.  The principal is returned is allocated
+ * storage that must be freed by the caller via krb5_free_principal.
+ *
+ * Errors:
+ * system errors
+ * KRB5_CC_NOT_KTYPE
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
+{
+    PKERB_QUERY_TKT_CACHE_EX_RESPONSE pResponse;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    ULONG  i;
+
+    /* obtain principal */
+    if (data->princ)
+        return krb5_copy_principal(context, data->princ, princ);
+    else {
+        if (GetQueryTktCacheResponseEx(data->LogonHandle, data->PackageId,
+                                       &pResponse)) {
+            /* Take the first client principal we find; they should all be the
+             * same anyway. */
+            for (i = 0; i < pResponse->CountOfTickets; i++) {
+                if (UnicodeStringToMITPrinc(&pResponse->Tickets[i].ClientName,
+                                            &pResponse->Tickets[i].ClientRealm,
+                                            context, &data->princ))
+                    break;
+            }
+            LsaFreeReturnBuffer(pResponse);
+            if (data->princ)
+                return krb5_copy_principal(context, data->princ, princ);
+        }
+    }
+    return KRB5_CC_NOTFOUND;
+}
+
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
+                  krb5_creds *mcreds, krb5_creds *creds)
+{
+    krb5_error_code kret = KRB5_OK;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    KERB_EXTERNAL_TICKET *msticket = 0, *mstgt = 0, *mstmp = 0;
+    krb5_creds * mcreds_noflags = 0;
+    krb5_creds   fetchcreds;
+    PKERB_QUERY_TKT_CACHE_EX_RESPONSE pResponse = 0;
+    unsigned int i;
+
+    memset(&fetchcreds, 0, sizeof(krb5_creds));
+
+    /* first try to find out if we have an existing ticket which meets the requirements */
+    kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+                                       creds);
+    /* This sometimes returns a zero-length ticket; work around it. */
+    if ( !kret && creds->ticket.length > 0 )
+        return KRB5_OK;
+
+    /* if not, we must try to get a ticket without specifying any flags or etypes */
+    kret = krb5_copy_creds(context, mcreds, &mcreds_noflags);
+    if (kret)
+        goto cleanup;
+    mcreds_noflags->ticket_flags = 0;
+    mcreds_noflags->keyblock.enctype = 0;
+
+    if (!GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, mcreds_noflags, &msticket)) {
+        kret = KRB5_CC_NOTFOUND;
+        goto cleanup;
+    }
+
+    /* try again to find out if we have an existing ticket which meets the requirements */
+    kret = k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+                                       creds);
+    /* This sometimes returns a zero-length ticket; work around it. */
+    if ( !kret && creds->ticket.length > 0 )
+        goto cleanup;
+
+    /* if not, obtain a ticket using the request flags and enctype even though it may not
+     * be stored in the LSA cache for future use.
+     */
+    if ( msticket ) {
+        LsaFreeReturnBuffer(msticket);
+        msticket = 0;
+    }
+
+    if (!GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, mcreds, &msticket)) {
+        kret = KRB5_CC_NOTFOUND;
+        goto cleanup;
+    }
+
+    /* convert the ticket */
+    /*
+     * We can obtain the correct client realm for a ticket by walking the
+     * cache contents until we find the matching service ticket.
+     */
+
+    if (!GetQueryTktCacheResponseEx(data->LogonHandle, data->PackageId,
+        &pResponse)) {
+        kret = KRB5_FCC_INTERNAL;
+        goto cleanup;
+    }
+
+    for (i = 0; i < pResponse->CountOfTickets; i++) {
+        if (!GetMSCacheTicketFromCacheInfoEx(data->LogonHandle,
+                                             data->PackageId,
+                                             &pResponse->Tickets[i], &mstmp)) {
+            continue;
+        }
+
+        if (KerbExternalTicketMatch(msticket,mstmp))
+            break;
+
+        LsaFreeReturnBuffer(mstmp);
+        mstmp = 0;
+    }
+
+    if (!MSCredToMITCred(msticket, mstmp ?
+                         pResponse->Tickets[i].ClientRealm :
+                         msticket->DomainName, context, &fetchcreds)) {
+        LsaFreeReturnBuffer(pResponse);
+        kret = KRB5_FCC_INTERNAL;
+        goto cleanup;
+    }
+    LsaFreeReturnBuffer(pResponse);
+
+
+    /* check to see if this ticket matches the request using logic from
+     * k5_cc_retrieve_cred_default()
+     */
+    if ( krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds) ) {
+        *creds = fetchcreds;
+    } else {
+        krb5_free_cred_contents(context, &fetchcreds);
+        kret = KRB5_CC_NOTFOUND;
+    }
+
+cleanup:
+    if ( mstmp )
+        LsaFreeReturnBuffer(mstmp);
+    if ( mstgt )
+        LsaFreeReturnBuffer(mstgt);
+    if ( msticket )
+        LsaFreeReturnBuffer(msticket);
+    if ( mcreds_noflags )
+        krb5_free_creds(context, mcreds_noflags);
+    return kret;
+}
+
+
+/*
+ * We can't write to the MS LSA cache.  So we request the cache to obtain a ticket for the same
+ * principal in the hope that next time the application requires a ticket for the service it
+ * is attempt to store, the retrieved ticket will be good enough.
+ *
+ * Errors:
+ * KRB5_CC_READONLY - not supported
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
+{
+    krb5_error_code kret = KRB5_OK;
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    KERB_EXTERNAL_TICKET *msticket = 0, *msticket2 = 0;
+    krb5_creds * creds_noflags = 0;
+
+    if (krb5_is_config_principal(context, creds->server)) {
+        /* mslsa cannot store config creds, so we have to bail.
+         * The 'right' thing to do would be to return an appropriate error,
+         * but that would require modifying the calling code to check
+         * for that error and ignore it.
+         */
+        return KRB5_OK;
+    }
+
+    if (KerbSubmitTicket( data->LogonHandle, data->PackageId, context, creds ))
+        return KRB5_OK;
+
+    /* If not, lets try to obtain a matching ticket from the KDC */
+    if ( creds->ticket_flags != 0 && creds->keyblock.enctype != 0 ) {
+        /* if not, we must try to get a ticket without specifying any flags or etypes */
+        kret = krb5_copy_creds(context, creds, &creds_noflags);
+        if (kret == 0) {
+            creds_noflags->ticket_flags = 0;
+            creds_noflags->keyblock.enctype = 0;
+
+            GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, creds_noflags, &msticket2);
+            krb5_free_creds(context, creds_noflags);
+        }
+    }
+
+    GetMSCacheTicketFromMITCred(data->LogonHandle, data->PackageId, context, creds, &msticket);
+    if (msticket || msticket2) {
+        if (msticket)
+            LsaFreeReturnBuffer(msticket);
+        if (msticket2)
+            LsaFreeReturnBuffer(msticket2);
+        return KRB5_OK;
+    }
+    return KRB5_CC_READONLY;
+}
+
+/*
+ * Individual credentials can be implemented differently depending
+ * on the operating system version.  (undocumented.)
+ *
+ * Errors:
+ *    KRB5_CC_READONLY:
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags,
+                     krb5_creds *creds)
+{
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+
+    if (PurgeTicketEx(data->LogonHandle, data->PackageId, context, flags,
+                      creds))
+        return KRB5_OK;
+
+    return KRB5_CC_READONLY;
+}
+
+
+/*
+ * Effects:
+ *   Set
+ */
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
+{
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+
+    data->flags = flags;
+    return KRB5_OK;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
+{
+    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+
+    *flags = data->flags;
+    return KRB5_OK;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    krb5_cc_ptcursor new_cursor = (krb5_cc_ptcursor )malloc(sizeof(*new_cursor));
+    if (!new_cursor)
+        return ENOMEM;
+    new_cursor->ops = &krb5_lcc_ops;
+    new_cursor->data = (krb5_pointer)(1);
+    *cursor = new_cursor;
+    new_cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_ptcursor_next(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache)
+{
+    krb5_error_code code = 0;
+    *ccache = 0;
+    if (cursor->data == NULL)
+        return 0;
+
+    cursor->data = NULL;
+    if ((code = krb5_lcc_resolve(context, ccache, ""))) {
+        if (code != KRB5_FCC_NOFILE)
+            /* Note that we only want to return serious errors.
+             * Any non-zero return code will prevent the cccol iterator
+             * from advancing to the next ccache collection. */
+            return code;
+    }
+    return 0;
+}
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_ptcursor_free(krb5_context context, krb5_cc_ptcursor *cursor)
+{
+    if (*cursor) {
+        free(*cursor);
+        *cursor = NULL;
+    }
+    return 0;
+}
+
+const krb5_cc_ops krb5_lcc_ops = {
+    0,
+    "MSLSA",
+    krb5_lcc_get_name,
+    krb5_lcc_resolve,
+    krb5_lcc_generate_new,
+    krb5_lcc_initialize,
+    krb5_lcc_destroy,
+    krb5_lcc_close,
+    krb5_lcc_store,
+    krb5_lcc_retrieve,
+    krb5_lcc_get_principal,
+    krb5_lcc_start_seq_get,
+    krb5_lcc_next_cred,
+    krb5_lcc_end_seq_get,
+    krb5_lcc_remove_cred,
+    krb5_lcc_set_flags,
+    krb5_lcc_get_flags,
+    krb5_lcc_ptcursor_new,
+    krb5_lcc_ptcursor_next,
+    krb5_lcc_ptcursor_free,
+    NULL, /* move */
+    NULL, /* wasdefault */
+    NULL, /* lock */
+    NULL, /* unlock */
+    NULL, /* switch_to */
+};
+#endif /* _WIN32 */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cc_retr.c b/krb5-1.21.3/src/lib/krb5/ccache/cc_retr.c
new file mode 100644
index 00000000..4328b7d6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cc_retr.c
@@ -0,0 +1,276 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cc_retr.c */
+/*
+ * Copyright 1990,1991,1999,2007,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include "../krb/int-proto.h"
+
+#define KRB5_OK 0
+
+static int
+times_match_exact(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
+{
+    return (t1->authtime == t2->authtime &&
+            t1->starttime == t2->starttime &&
+            t1->endtime == t2->endtime &&
+            t1->renew_till == t2->renew_till);
+}
+
+static krb5_boolean
+times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
+{
+    if (t1->renew_till) {
+        if (ts_after(t1->renew_till, t2->renew_till))
+            return FALSE;               /* this one expires too late */
+    }
+    if (t1->endtime) {
+        if (ts_after(t1->endtime, t2->endtime))
+            return FALSE;               /* this one expires too late */
+    }
+    /* only care about expiration on a times_match */
+    return TRUE;
+}
+
+static krb5_boolean
+princs_match(krb5_context context, krb5_flags whichfields,
+             const krb5_creds *mcreds, const krb5_creds *creds)
+{
+    if (mcreds->client != NULL &&
+        !krb5_principal_compare(context, mcreds->client, creds->client))
+        return FALSE;
+    if (mcreds->server == NULL)
+        return TRUE;
+    if (whichfields & KRB5_TC_MATCH_SRV_NAMEONLY) {
+        return krb5_principal_compare_any_realm(context, mcreds->server,
+                                                creds->server);
+    } else {
+        return krb5_principal_compare(context, mcreds->server, creds->server);
+    }
+}
+
+static krb5_boolean
+authdata_match(krb5_authdata *const *mdata, krb5_authdata *const *data)
+{
+    const krb5_authdata *mdatap, *datap;
+
+    if (mdata == data)
+        return TRUE;
+
+    if (mdata == NULL)
+        return *data == NULL;
+
+    if (data == NULL)
+        return *mdata == NULL;
+
+    while ((mdatap = *mdata) && (datap = *data)) {
+        if ((mdatap->ad_type != datap->ad_type) ||
+            (mdatap->length != datap->length) ||
+            (memcmp ((char *)mdatap->contents,
+                     (char *)datap->contents, (unsigned) mdatap->length) != 0))
+            return FALSE;
+        mdata++;
+        data++;
+    }
+    return (*mdata == NULL) && (*data == NULL);
+}
+
+static krb5_boolean
+data_match(const krb5_data *data1, const krb5_data *data2)
+{
+    if (!data1) {
+        if (!data2)
+            return TRUE;
+        else
+            return FALSE;
+    }
+    if (!data2) return FALSE;
+
+    return data_eq(*data1, *data2) ? TRUE : FALSE;
+}
+
+static int
+pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes)
+{
+    int i;
+    for (i = 0; i < nktypes; i++)
+        if (my_ktype == ktypes[i])
+            return i;
+    return -1;
+}
+
+/*
+ * Effects:
+ * Searches the credentials cache for a credential matching mcreds,
+ * with the fields specified by whichfields.  If one if found, it is
+ * returned in creds, which should be freed by the caller with
+ * krb5_free_credentials().
+ *
+ * The fields are interpreted in the following way (all constants are
+ * preceded by KRB5_TC_).  MATCH_IS_SKEY requires the is_skey field to
+ * match exactly.  MATCH_TIMES requires the requested lifetime to be
+ * at least as great as that specified; MATCH_TIMES_EXACT requires the
+ * requested lifetime to be exactly that specified.  MATCH_FLAGS
+ * requires only the set bits in mcreds be set in creds;
+ * MATCH_FLAGS_EXACT requires all bits to match.
+ *
+ * Flag SUPPORTED_KTYPES means check all matching entries that have
+ * any supported enctype (according to tgs_enctypes) and return the one
+ * with the enctype listed earliest.  Return CC_NOT_KTYPE if a match
+ * is found *except* for having a supported enctype.
+ *
+ * Errors:
+ * system errors
+ * permission errors
+ * KRB5_CC_NOMEM
+ * KRB5_CC_NOT_KTYPE
+ */
+
+krb5_boolean
+krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields,
+                               krb5_creds *mcreds, krb5_creds *creds)
+{
+    krb5_boolean is_skey;
+
+    if (!princs_match(context, whichfields, mcreds, creds))
+        return FALSE;
+
+    /* Only match a user-to-user credential if explicitly asked for, since the
+     * ticket won't work as a regular service ticket. */
+    is_skey = (whichfields & KRB5_TC_MATCH_IS_SKEY) ? mcreds->is_skey : FALSE;
+    if (creds->is_skey != is_skey)
+        return FALSE;
+
+    if ((whichfields & KRB5_TC_MATCH_FLAGS_EXACT) &&
+        mcreds->ticket_flags != creds->ticket_flags)
+        return FALSE;
+    if ((whichfields & KRB5_TC_MATCH_FLAGS) &&
+        (creds->ticket_flags & mcreds->ticket_flags) != mcreds->ticket_flags)
+        return FALSE;
+
+    if ((whichfields & KRB5_TC_MATCH_TIMES_EXACT) &&
+        !times_match_exact(&mcreds->times, &creds->times))
+        return FALSE;
+    if ((whichfields & KRB5_TC_MATCH_TIMES) &&
+        !times_match(&mcreds->times, &creds->times))
+        return FALSE;
+
+    if ((whichfields & KRB5_TC_MATCH_AUTHDATA) &&
+        !authdata_match(mcreds->authdata, creds->authdata))
+        return FALSE;
+
+    if ((whichfields & KRB5_TC_MATCH_2ND_TKT) &&
+        !data_match(&mcreds->second_ticket, &creds->second_ticket))
+        return FALSE;
+
+    if ((whichfields & KRB5_TC_MATCH_KTYPE) &&
+        mcreds->keyblock.enctype != creds->keyblock.enctype)
+        return FALSE;
+
+    return TRUE;
+}
+
+static krb5_error_code
+krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id,
+                           krb5_flags whichfields, krb5_creds *mcreds,
+                           krb5_creds *creds, int nktypes, krb5_enctype *ktypes)
+{
+    /* This function could be considerably faster if it kept indexing */
+    /* information.. sounds like a "next version" idea to me. :-) */
+
+    krb5_cc_cursor cursor;
+    krb5_error_code kret;
+    krb5_error_code nomatch_err = KRB5_CC_NOTFOUND;
+    struct {
+        krb5_creds creds;
+        int pref;
+    } fetched, best;
+    int have_creds = 0;
+#define fetchcreds (fetched.creds)
+
+    kret = krb5_cc_start_seq_get(context, id, &cursor);
+    if (kret != KRB5_OK)
+        return kret;
+
+    while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) {
+        if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds))
+        {
+            if (ktypes) {
+                fetched.pref = pref (fetchcreds.keyblock.enctype,
+                                     nktypes, ktypes);
+                if (fetched.pref < 0)
+                    nomatch_err = KRB5_CC_NOT_KTYPE;
+                else if (!have_creds || fetched.pref < best.pref) {
+                    if (have_creds)
+                        krb5_free_cred_contents (context, &best.creds);
+                    else
+                        have_creds = 1;
+                    best = fetched;
+                    continue;
+                }
+            } else {
+                krb5_cc_end_seq_get(context, id, &cursor);
+                *creds = fetchcreds;
+                return KRB5_OK;
+            }
+        }
+
+        /* This one doesn't match */
+        krb5_free_cred_contents(context, &fetchcreds);
+    }
+
+    /* If we get here, a match wasn't found */
+    krb5_cc_end_seq_get(context, id, &cursor);
+    if (have_creds) {
+        *creds = best.creds;
+        return KRB5_OK;
+    } else
+        return nomatch_err;
+}
+
+krb5_error_code
+k5_cc_retrieve_cred_default(krb5_context context, krb5_ccache id,
+                            krb5_flags flags, krb5_creds *mcreds,
+                            krb5_creds *creds)
+{
+    krb5_enctype *ktypes;
+    int nktypes;
+    krb5_error_code ret;
+
+    if (flags & KRB5_TC_SUPPORTED_KTYPES) {
+        ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes);
+        if (ret)
+            return ret;
+        nktypes = k5_count_etypes (ktypes);
+
+        ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
+                                         nktypes, ktypes);
+        free (ktypes);
+        return ret;
+    } else {
+        return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
+                                          0, 0);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi/Makefile.in b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/Makefile.in
new file mode 100644
index 00000000..2e379e46
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/Makefile.in
@@ -0,0 +1,25 @@
+mydir=lib$(S)krb5$(S)ccache$(S)ccapi
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = $(WIN_INCLUDES)
+DEFINES= -DUSE_CCAPI
+
+##DOS##WIN_INCLUDES = -I$(top_srcdir)\windows\lib
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR = ccache\file
+##DOS##OBJFILE = $(OUTPRE)file.lst
+
+STLIBOBJS 	= \
+	stdcc.o \
+	winccld.o
+
+OBJS 	= $(OUTPRE)stdcc.$(OBJEXT) $(OUTPRE)winccld.$(OBJEXT)
+
+SRCS 	= $(srcdir)/stdcc.c $(srcdir)/winccld.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi/deps b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/deps
new file mode 100644
index 00000000..c3ef7d0d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/deps
@@ -0,0 +1,14 @@
+# 
+# Generated makefile dependencies follow.
+#
+stdcc.so stdcc.po $(OUTPRE)stdcc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h stdcc.c stdcc.h
+winccld.so winccld.po $(OUTPRE)winccld.$(OBJEXT): winccld.c
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi/stdcc.c b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/stdcc.c
new file mode 100644
index 00000000..427b3296
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/stdcc.c
@@ -0,0 +1,1020 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccapi/stdcc.c - ccache API support functions */
+/*
+ * Copyright 1998, 1999, 2006, 2008 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Written by Frank Dabek July 1998
+ * Updated by Jeffrey Altman June 2006
+ */
+
+#if defined(_WIN32) || defined(USE_CCAPI)
+
+#include "k5-int.h"
+#include "../cc-int.h"
+#include "../ccapi_util.h"
+#include "stdcc.h"
+#include "string.h"
+#include <stdio.h>
+
+#if defined(_WIN32)
+#include "winccld.h"
+#endif
+
+#ifndef CC_API_VER2
+#define CC_API_VER2
+#endif
+
+#ifdef DEBUG
+#if defined(_WIN32)
+#include <io.h>
+#define SHOW_DEBUG(buf)   MessageBox((HWND)NULL, (buf), "ccapi debug", MB_OK)
+#endif
+/* XXX need macintosh debugging statement if we want to debug */
+/* on the mac */
+#else
+#define SHOW_DEBUG(buf)
+#endif
+
+cc_context_t gCntrlBlock = NULL;
+cc_int32 gCCVersion = 0;
+
+/*
+ * declare our global object wanna-be
+ * must be installed in ccdefops.c
+ */
+
+krb5_cc_ops krb5_cc_stdcc_ops = {
+    0,
+    "API",
+    krb5_stdccv3_get_name,
+    krb5_stdccv3_resolve,
+    krb5_stdccv3_generate_new,
+    krb5_stdccv3_initialize,
+    krb5_stdccv3_destroy,
+    krb5_stdccv3_close,
+    krb5_stdccv3_store,
+    krb5_stdccv3_retrieve,
+    krb5_stdccv3_get_principal,
+    krb5_stdccv3_start_seq_get,
+    krb5_stdccv3_next_cred,
+    krb5_stdccv3_end_seq_get,
+    krb5_stdccv3_remove,
+    krb5_stdccv3_set_flags,
+    krb5_stdccv3_get_flags,
+    krb5_stdccv3_ptcursor_new,
+    krb5_stdccv3_ptcursor_next,
+    krb5_stdccv3_ptcursor_free,
+    NULL, /* move */
+    NULL, /* wasdefault */
+    krb5_stdccv3_lock,
+    krb5_stdccv3_unlock,
+    krb5_stdccv3_switch_to,
+};
+
+#if defined(_WIN32)
+/*
+ * cache_changed be called after the cache changes.
+ * A notification message is is posted out to all top level
+ * windows so that they may recheck the cache based on the
+ * changes made.  We register a unique message type with which
+ * we'll communicate to all other processes.
+ */
+static void cache_changed()
+{
+    static unsigned int message = 0;
+
+    if (message == 0)
+        message = RegisterWindowMessage(WM_KERBEROS5_CHANGED);
+
+    PostMessage(HWND_BROADCAST, message, 0, 0);
+}
+#else /* _WIN32 */
+
+static void cache_changed()
+{
+    return;
+}
+#endif /* _WIN32 */
+
+struct err_xlate
+{
+    int     cc_err;
+    krb5_error_code krb5_err;
+};
+
+static const struct err_xlate err_xlate_table[] =
+{
+    { ccIteratorEnd,                        KRB5_CC_END },
+    { ccErrBadParam,                        KRB5_FCC_INTERNAL },
+    { ccErrNoMem,                           KRB5_CC_NOMEM },
+    { ccErrInvalidContext,                  KRB5_FCC_NOFILE },
+    { ccErrInvalidCCache,                   KRB5_FCC_NOFILE },
+    { ccErrInvalidString,                   KRB5_FCC_INTERNAL },
+    { ccErrInvalidCredentials,              KRB5_FCC_INTERNAL },
+    { ccErrInvalidCCacheIterator,           KRB5_FCC_INTERNAL },
+    { ccErrInvalidCredentialsIterator,      KRB5_FCC_INTERNAL },
+    { ccErrInvalidLock,                     KRB5_FCC_INTERNAL },
+    { ccErrBadName,                         KRB5_CC_BADNAME },
+    { ccErrBadCredentialsVersion,           KRB5_FCC_INTERNAL },
+    { ccErrBadAPIVersion,                   KRB5_FCC_INTERNAL },
+    { ccErrContextLocked,                   KRB5_FCC_INTERNAL },
+    { ccErrContextUnlocked,                 KRB5_FCC_INTERNAL },
+    { ccErrCCacheLocked,                    KRB5_FCC_INTERNAL },
+    { ccErrCCacheUnlocked,                  KRB5_FCC_INTERNAL },
+    { ccErrBadLockType,                     KRB5_FCC_INTERNAL },
+    { ccErrNeverDefault,                    KRB5_FCC_INTERNAL },
+    { ccErrCredentialsNotFound,             KRB5_CC_NOTFOUND },
+    { ccErrCCacheNotFound,                  KRB5_FCC_NOFILE },
+    { ccErrContextNotFound,                 KRB5_FCC_NOFILE },
+    { ccErrServerUnavailable,               KRB5_CC_IO },
+    { ccErrServerInsecure,                  KRB5_CC_IO },
+    { ccErrServerCantBecomeUID,             KRB5_CC_IO },
+    { ccErrTimeOffsetNotSet,                KRB5_FCC_INTERNAL },
+    { ccErrBadInternalMessage,              KRB5_FCC_INTERNAL },
+    { ccErrNotImplemented,                  KRB5_FCC_INTERNAL },
+    { 0,                                    0 }
+};
+
+/* Note: cc_err_xlate is NOT idempotent.  Don't call it multiple times.  */
+static krb5_error_code cc_err_xlate(int err)
+{
+    const struct err_xlate *p;
+
+    if (err == ccNoError)
+        return 0;
+
+    for (p = err_xlate_table; p->cc_err; p++) {
+        if (err == p->cc_err)
+            return p->krb5_err;
+    }
+
+    return KRB5_FCC_INTERNAL;
+}
+
+
+static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context,
+                                               cc_ccache_t  in_ccache)
+{
+    krb5_error_code err = 0;
+
+    if (gCCVersion >= ccapi_version_5) {
+        krb5_os_context os_ctx = (krb5_os_context) &in_context->os_context;
+        cc_time_t time_offset = 0;
+
+        err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5,
+                                             &time_offset);
+
+        if (!err) {
+            os_ctx->time_offset = time_offset;
+            os_ctx->usec_offset = 0;
+            os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+                                KRB5_OS_TOFFSET_VALID);
+        }
+
+        if (err == ccErrTimeOffsetNotSet) {
+            err = 0;  /* okay if there is no time offset */
+        }
+    }
+
+    return err; /* Don't translate.  Callers will translate for us */
+}
+
+static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context,
+                                               cc_ccache_t  in_ccache)
+{
+    krb5_error_code err = 0;
+
+    if (gCCVersion >= ccapi_version_5) {
+        krb5_os_context os_ctx = (krb5_os_context) &in_context->os_context;
+
+        if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+            err = cc_ccache_set_kdc_time_offset (in_ccache,
+                                                 cc_credentials_v5,
+                                                 os_ctx->time_offset);
+        }
+    }
+
+    return err; /* Don't translate.  Callers will translate for us */
+}
+
+static krb5_error_code stdccv3_setup (krb5_context context,
+                                      stdccCacheDataPtr ccapi_data)
+{
+    krb5_error_code err = 0;
+
+    if (!err && !gCntrlBlock) {
+        err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
+    }
+
+    if (!err && ccapi_data && !ccapi_data->NamedCache) {
+        /* ccache has not been opened yet.  open it. */
+        err = cc_context_open_ccache (gCntrlBlock, ccapi_data->cache_name,
+                                      &ccapi_data->NamedCache);
+    }
+
+    if (!err && ccapi_data && ccapi_data->NamedCache) {
+        err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache);
+    }
+
+    return err; /* Don't translate.  Callers will translate for us */
+}
+
+/* krb5_stdcc_shutdown is exported; use the old name */
+void krb5_stdcc_shutdown()
+{
+    if (gCntrlBlock) { cc_context_release(gCntrlBlock); }
+    gCntrlBlock = NULL;
+    gCCVersion = 0;
+}
+
+/*
+ * -- generate_new --------------------------------
+ *
+ * create a new cache with a unique name, corresponds to creating a
+ * named cache initialize the API here if we have to.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id )
+{
+    krb5_error_code err = 0;
+    krb5_ccache newCache = NULL;
+    stdccCacheDataPtr ccapi_data = NULL;
+    cc_ccache_t ccache = NULL;
+    cc_string_t ccstring = NULL;
+    char *name = NULL;
+
+    if (!err) {
+        err = stdccv3_setup(context, NULL);
+    }
+
+    if (!err) {
+        newCache = (krb5_ccache) malloc (sizeof (*newCache));
+        if (!newCache) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
+        if (!ccapi_data) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "",
+                                            &ccache);
+    }
+
+    if (!err) {
+        err = stdccv3_set_timeoffset (context, ccache);
+    }
+
+    if (!err) {
+        err = cc_ccache_get_name (ccache, &ccstring);
+    }
+
+    if (!err) {
+        name = strdup (ccstring->data);
+        if (!name) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        ccapi_data->cache_name = name;
+        name = NULL; /* take ownership */
+
+        ccapi_data->NamedCache = ccache;
+        ccache = NULL; /* take ownership */
+
+        newCache->ops = &krb5_cc_stdcc_ops;
+        newCache->data = ccapi_data;
+        ccapi_data = NULL; /* take ownership */
+
+        /* return a pointer to the new cache */
+        *id = newCache;
+        newCache = NULL;
+    }
+
+    if (ccstring)   { cc_string_release (ccstring); }
+    if (name)       { free (name); }
+    if (ccache)     { cc_ccache_release (ccache); }
+    if (ccapi_data) { free (ccapi_data); }
+    if (newCache)   { free (newCache); }
+
+    return cc_err_xlate (err);
+}
+
+/*
+ * resolve
+ *
+ * create a new cache with the name stored in residual
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual )
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = NULL;
+    krb5_ccache ccache = NULL;
+    char *name = NULL;
+    cc_string_t defname = NULL;
+
+    if (id == NULL) { err = KRB5_CC_NOMEM; }
+
+    if (!err) {
+        err = stdccv3_setup (context, NULL);
+    }
+
+    if (!err) {
+        ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
+        if (!ccapi_data) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        ccache = (krb5_ccache ) malloc (sizeof (*ccache));
+        if (!ccache) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        if ((residual == NULL) || (strlen(residual) == 0)) {
+            err = cc_context_get_default_ccache_name(gCntrlBlock, &defname);
+            if (defname)
+                residual = defname->data;
+        }
+    }
+
+    if (!err) {
+        name = strdup (residual);
+        if (!name) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        err = cc_context_open_ccache (gCntrlBlock, residual,
+                                      &ccapi_data->NamedCache);
+        if (err == ccErrCCacheNotFound) {
+            ccapi_data->NamedCache = NULL;
+            err = 0; /* ccache just doesn't exist yet */
+        }
+    }
+
+    if (!err) {
+        ccapi_data->cache_name = name;
+        name = NULL; /* take ownership */
+
+        ccache->ops = &krb5_cc_stdcc_ops;
+        ccache->data = ccapi_data;
+        ccapi_data = NULL; /* take ownership */
+
+        *id = ccache;
+        ccache = NULL; /* take ownership */
+    }
+
+    if (ccache)     { free (ccache); }
+    if (ccapi_data) { free (ccapi_data); }
+    if (name)       { free (name); }
+    if (defname)    { cc_string_release(defname); }
+
+    return cc_err_xlate (err);
+}
+
+/*
+ * initialize
+ *
+ * initialize the cache, check to see if one already exists for this
+ * principal if not set our principal to this principal. This
+ * searching enables ticket sharing
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_initialize (krb5_context context,
+                         krb5_ccache id,
+                         krb5_principal princ)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    char *name = NULL;
+    cc_ccache_t ccache = NULL;
+
+    if (id == NULL) { err = KRB5_CC_NOMEM; }
+
+    if (!err) {
+        err = stdccv3_setup (context, NULL);
+    }
+
+    if (!err) {
+        err = krb5_unparse_name(context, princ, &name);
+    }
+
+    if (!err) {
+        err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name,
+                                        cc_credentials_v5, name,
+                                        &ccache);
+    }
+
+    if (!err) {
+        err = stdccv3_set_timeoffset (context, ccache);
+    }
+
+    if (!err) {
+        if (ccapi_data->NamedCache) {
+            err = cc_ccache_release (ccapi_data->NamedCache);
+        }
+        ccapi_data->NamedCache = ccache;
+        ccache = NULL; /* take ownership */
+        cache_changed ();
+    }
+
+    if (ccache) { cc_ccache_release (ccache); }
+    if (name  ) { krb5_free_unparsed_name(context, name); }
+
+    return cc_err_xlate(err);
+}
+
+/*
+ * store
+ *
+ * store some credentials in our cache
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_store (krb5_context context, krb5_ccache id, krb5_creds *creds )
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    cc_credentials_union *cred_union = NULL;
+
+    if (!err) {
+        err = stdccv3_setup (context, ccapi_data);
+    }
+
+    if (!err) {
+        /* copy the fields from the almost identical structures */
+        err = k5_krb5_to_ccapi_creds (context, creds, &cred_union);
+    }
+
+    if (!err) {
+        err = cc_ccache_store_credentials (ccapi_data->NamedCache, cred_union);
+    }
+
+    if (!err) {
+        cache_changed();
+    }
+
+    if (cred_union) { k5_release_ccapi_cred (cred_union); }
+
+    return cc_err_xlate (err);
+}
+
+/*
+ * start_seq_get
+ *
+ * begin an iterator call to get all of the credentials in the cache
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_start_seq_get (krb5_context context,
+                            krb5_ccache id,
+                            krb5_cc_cursor *cursor )
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    cc_credentials_iterator_t iterator = NULL;
+
+    if (!err) {
+        err = stdccv3_setup (context, ccapi_data);
+    }
+
+    if (!err) {
+        err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache,
+                                                 &iterator);
+    }
+
+    if (!err) {
+        *cursor = iterator;
+    }
+
+    return cc_err_xlate (err);
+}
+
+/*
+ * next cred
+ *
+ * - get the next credential in the cache as part of an iterator call
+ * - this maps to call to cc_seq_fetch_creds
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_next_cred (krb5_context context,
+                        krb5_ccache id,
+                        krb5_cc_cursor *cursor,
+                        krb5_creds *creds)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    cc_credentials_t credentials = NULL;
+    cc_credentials_iterator_t iterator = *cursor;
+
+    if (!iterator) { err = KRB5_CC_END; }
+
+    if (!err) {
+        err = stdccv3_setup (context, ccapi_data);
+    }
+
+    while (!err) {
+        err = cc_credentials_iterator_next (iterator, &credentials);
+
+        if (!err && (credentials->data->version == cc_credentials_v5)) {
+            err = k5_ccapi_to_krb5_creds (context, credentials->data, creds);
+            break;
+        }
+    }
+
+    if (credentials) { cc_credentials_release (credentials); }
+    if (err == ccIteratorEnd) {
+        cc_credentials_iterator_release (iterator);
+        *cursor = 0;
+    }
+
+    return cc_err_xlate (err);
+}
+
+
+/*
+ * retrieve
+ *
+ * - try to find a matching credential in the cache
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_retrieve (krb5_context context,
+                       krb5_ccache id,
+                       krb5_flags whichfields,
+                       krb5_creds *mcreds,
+                       krb5_creds *creds)
+{
+    return k5_cc_retrieve_cred_default(context, id, whichfields, mcreds,
+                                       creds);
+}
+
+/*
+ *  end seq
+ *
+ * just free up the storage associated with the cursor (if we can)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_end_seq_get (krb5_context context,
+                          krb5_ccache id,
+                          krb5_cc_cursor *cursor)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    cc_credentials_iterator_t iterator = *cursor;
+
+    if (!iterator) { return 0; }
+
+    if (!err) {
+        err = stdccv3_setup (context, ccapi_data);
+    }
+
+    if (!err) {
+        err = cc_credentials_iterator_release(iterator);
+    }
+
+    return cc_err_xlate(err);
+}
+
+/*
+ * close
+ *
+ * - free our pointers to the NC
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_close(krb5_context context,
+                   krb5_ccache id)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    if (!err) {
+        err = stdccv3_setup (context, NULL);
+    }
+
+    if (!err) {
+        if (ccapi_data) {
+            if (ccapi_data->cache_name) {
+                free (ccapi_data->cache_name);
+            }
+            if (ccapi_data->NamedCache) {
+                err = cc_ccache_release (ccapi_data->NamedCache);
+            }
+            free (ccapi_data);
+            id->data = NULL;
+        }
+        free (id);
+    }
+
+    return cc_err_xlate(err);
+}
+
+/*
+ * destroy
+ *
+ * - free our storage and the cache
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_destroy (krb5_context context,
+                      krb5_ccache id)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    if (!err) {
+        err = stdccv3_setup(context, ccapi_data);
+    }
+
+    if (!err) {
+        if (ccapi_data) {
+            if (ccapi_data->cache_name) {
+                free(ccapi_data->cache_name);
+            }
+            if (ccapi_data->NamedCache) {
+                /* destroy the named cache */
+                err = cc_ccache_destroy(ccapi_data->NamedCache);
+                if (err == ccErrCCacheNotFound) {
+                    err = 0; /* ccache maybe already destroyed */
+                }
+                cache_changed();
+            }
+            free(ccapi_data);
+            id->data = NULL;
+        }
+        free(id);
+    }
+
+    return cc_err_xlate(err);
+}
+
+/*
+ *  getname
+ *
+ * - return the name of the named cache
+ */
+const char * KRB5_CALLCONV
+krb5_stdccv3_get_name (krb5_context context,
+                       krb5_ccache id )
+{
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    if (!ccapi_data) {
+        return NULL;
+    } else {
+        return (ccapi_data->cache_name);
+    }
+}
+
+
+/* get_principal
+ *
+ * - return the principal associated with the named cache
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_get_principal (krb5_context context,
+                            krb5_ccache id ,
+                            krb5_principal *princ)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    cc_string_t name = NULL;
+
+    if (!err) {
+        err = stdccv3_setup(context, ccapi_data);
+    }
+
+    if (!err) {
+        err = cc_ccache_get_principal (ccapi_data->NamedCache, cc_credentials_v5, &name);
+    }
+
+    if (!err) {
+        err = krb5_parse_name (context, name->data, princ);
+    } else {
+        err = cc_err_xlate (err);
+    }
+
+    if (name) { cc_string_release (name); }
+
+    return err;
+}
+
+/*
+ * set_flags
+ *
+ * - currently a NOP since we don't store any flags in the NC
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_set_flags (krb5_context context,
+                        krb5_ccache id,
+                        krb5_flags flags)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    err = stdccv3_setup (context, ccapi_data);
+
+    return cc_err_xlate (err);
+}
+
+/*
+ * get_flags
+ *
+ * - currently a NOP since we don't store any flags in the NC
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_get_flags (krb5_context context,
+                        krb5_ccache id,
+                        krb5_flags *flags)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    err = stdccv3_setup (context, ccapi_data);
+
+    return cc_err_xlate (err);
+}
+
+/*
+ * remove
+ *
+ * - remove the specified credentials from the NC
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_remove (krb5_context context,
+                     krb5_ccache id,
+                     krb5_flags whichfields,
+                     krb5_creds *in_creds)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+    cc_credentials_iterator_t iterator = NULL;
+    int found = 0;
+
+    if (!err) {
+        err = stdccv3_setup(context, ccapi_data);
+    }
+
+
+    if (!err) {
+        err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache,
+                                                 &iterator);
+    }
+
+    while (!err && !found) {
+        cc_credentials_t credentials = NULL;
+
+        err = cc_credentials_iterator_next (iterator, &credentials);
+
+        if (!err && (credentials->data->version == cc_credentials_v5)) {
+            krb5_creds creds;
+
+            err = k5_ccapi_to_krb5_creds (context, credentials->data, &creds);
+
+            if (!err) {
+                found = krb5int_cc_creds_match_request(context,
+                                                       whichfields,
+                                                       in_creds,
+                                                       &creds);
+                krb5_free_cred_contents (context, &creds);
+            }
+
+            if (!err && found) {
+                err = cc_ccache_remove_credentials (ccapi_data->NamedCache, credentials);
+            }
+        }
+
+        if (credentials) { cc_credentials_release (credentials); }
+    }
+    if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; }
+
+    if (iterator) {
+        err = cc_credentials_iterator_release(iterator);
+    }
+
+    if (!err) {
+        cache_changed ();
+    }
+
+    return cc_err_xlate (err);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_ptcursor_new(krb5_context context,
+                          krb5_cc_ptcursor *cursor)
+{
+    krb5_error_code err = 0;
+    krb5_cc_ptcursor ptcursor = NULL;
+    cc_ccache_iterator_t iterator = NULL;
+
+    ptcursor = malloc(sizeof(*ptcursor));
+    if (ptcursor == NULL) {
+        err = ccErrNoMem;
+    }
+    else {
+        memset(ptcursor, 0, sizeof(*ptcursor));
+    }
+
+    if (!err) {
+        err = stdccv3_setup(context, NULL);
+    }
+    if (!err) {
+        ptcursor->ops = &krb5_cc_stdcc_ops;
+        err = cc_context_new_ccache_iterator(gCntrlBlock, &iterator);
+    }
+
+    if (!err) {
+        ptcursor->data = iterator;
+    }
+
+    if (err) {
+        if (ptcursor) { krb5_stdccv3_ptcursor_free(context, &ptcursor); }
+        // krb5_stdccv3_ptcursor_free sets ptcursor to NULL for us
+    }
+
+    *cursor = ptcursor;
+
+    return cc_err_xlate(err);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_ptcursor_next(
+    krb5_context context,
+    krb5_cc_ptcursor cursor,
+    krb5_ccache *ccache)
+{
+    krb5_error_code err = 0;
+    cc_ccache_iterator_t iterator = NULL;
+
+    krb5_ccache newCache = NULL;
+    stdccCacheDataPtr ccapi_data = NULL;
+    cc_ccache_t ccCache = NULL;
+    cc_string_t ccstring = NULL;
+    char *name = NULL;
+
+    if (!cursor || !cursor->data) {
+        err = ccErrInvalidContext;
+    }
+
+    *ccache = NULL;
+
+    if (!err) {
+        newCache = (krb5_ccache) malloc (sizeof (*newCache));
+        if (!newCache) { err = ccErrNoMem; }
+    }
+
+    if (!err) {
+        ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
+        if (!ccapi_data) { err = ccErrNoMem; }
+    }
+
+    if (!err) {
+        iterator = cursor->data;
+        err = cc_ccache_iterator_next(iterator, &ccCache);
+    }
+
+    if (!err) {
+        err = cc_ccache_get_name (ccCache, &ccstring);
+    }
+
+    if (!err) {
+        name = strdup (ccstring->data);
+        if (!name) { err = ccErrNoMem; }
+    }
+
+    if (!err) {
+        ccapi_data->cache_name = name;
+        name = NULL; /* take ownership */
+
+        ccapi_data->NamedCache = ccCache;
+        ccCache = NULL; /* take ownership */
+
+        newCache->ops = &krb5_cc_stdcc_ops;
+        newCache->data = ccapi_data;
+        ccapi_data = NULL; /* take ownership */
+
+        /* return a pointer to the new cache */
+        *ccache = newCache;
+        newCache = NULL;
+    }
+
+    if (name)       { free (name); }
+    if (ccstring)   { cc_string_release (ccstring); }
+    if (ccCache)    { cc_ccache_release (ccCache); }
+    if (ccapi_data) { free (ccapi_data); }
+    if (newCache)   { free (newCache); }
+
+    if (err == ccIteratorEnd) {
+        err = ccNoError;
+    }
+
+    return cc_err_xlate(err);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_ptcursor_free(
+    krb5_context context,
+    krb5_cc_ptcursor *cursor)
+{
+    if (*cursor != NULL) {
+        if ((*cursor)->data != NULL) {
+            cc_ccache_iterator_release((cc_ccache_iterator_t)((*cursor)->data));
+        }
+        free(*cursor);
+        *cursor = NULL;
+    }
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
+(krb5_context context, krb5_ccache id)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    if (!err) {
+        err = stdccv3_setup(context, ccapi_data);
+    }
+    if (!err) {
+        err = cc_ccache_lock(ccapi_data->NamedCache, cc_lock_write, cc_lock_block);
+    }
+    return cc_err_xlate(err);
+}
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock
+(krb5_context context, krb5_ccache id)
+{
+    krb5_error_code err = 0;
+    stdccCacheDataPtr ccapi_data = id->data;
+
+    if (!err) {
+        err = stdccv3_setup(context, ccapi_data);
+    }
+    if (!err) {
+        err = cc_ccache_unlock(ccapi_data->NamedCache);
+    }
+    return cc_err_xlate(err);
+}
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
+(krb5_context context)
+{
+    krb5_error_code err = 0;
+
+    if (!err && !gCntrlBlock) {
+        err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
+    }
+    if (!err) {
+        err = cc_context_lock(gCntrlBlock, cc_lock_write, cc_lock_block);
+    }
+    return cc_err_xlate(err);
+}
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
+(krb5_context context)
+{
+    krb5_error_code err = 0;
+
+    if (!err && !gCntrlBlock) {
+        err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
+    }
+    if (!err) {
+        err = cc_context_unlock(gCntrlBlock);
+    }
+    return cc_err_xlate(err);
+}
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_switch_to
+(krb5_context context, krb5_ccache id)
+{
+    krb5_error_code retval;
+    stdccCacheDataPtr ccapi_data = id->data;
+    int err;
+
+    retval = stdccv3_setup(context, ccapi_data);
+    if (retval)
+        return cc_err_xlate(retval);
+
+    err = cc_ccache_set_default(ccapi_data->NamedCache);
+    return cc_err_xlate(err);
+}
+
+#endif /* defined(_WIN32) || defined(USE_CCAPI) */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi/stdcc.h b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/stdcc.h
new file mode 100644
index 00000000..ef50445b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/stdcc.h
@@ -0,0 +1,108 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef __KRB5_STDCC_H__
+#define __KRB5_STDCC_H__
+
+#if defined(_WIN32) || defined(USE_CCAPI)
+
+#include "k5-int.h"     /* loads krb5.h */
+#include "../cc-int.h"
+
+#include <CredentialsCache.h>
+
+#define kStringLiteralLen 255
+
+/* globals to be exported */
+extern krb5_cc_ops krb5_cc_stdcc_ops;
+
+/*
+ * structure to stash in the cache's data field
+ */
+typedef struct _stdccCacheData {
+    char *cache_name;
+    cc_ccache_t NamedCache;
+} stdccCacheData, *stdccCacheDataPtr;
+
+
+/* function prototypes  */
+
+void krb5_stdcc_shutdown(void);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_close
+(krb5_context, krb5_ccache id );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_destroy
+(krb5_context, krb5_ccache id );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_end_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_generate_new
+(krb5_context, krb5_ccache *id );
+
+const char * KRB5_CALLCONV krb5_stdccv3_get_name
+(krb5_context, krb5_ccache id );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_principal
+(krb5_context, krb5_ccache id , krb5_principal *princ );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_initialize
+(krb5_context, krb5_ccache id , krb5_principal princ );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_next_cred
+(krb5_context,
+ krb5_ccache id ,
+ krb5_cc_cursor *cursor ,
+ krb5_creds *creds );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_resolve
+(krb5_context, krb5_ccache *id , const char *residual );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_retrieve
+(krb5_context,
+ krb5_ccache id ,
+ krb5_flags whichfields ,
+ krb5_creds *mcreds ,
+ krb5_creds *creds );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_start_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_store
+(krb5_context, krb5_ccache id , krb5_creds *creds );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_set_flags
+(krb5_context, krb5_ccache id , krb5_flags flags );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_flags
+(krb5_context, krb5_ccache id , krb5_flags *flags );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_remove
+(krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_new
+(krb5_context context, krb5_cc_ptcursor *cursor);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_next
+(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_free
+(krb5_context context, krb5_cc_ptcursor *cursor);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
+(krb5_context, krb5_ccache id);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock
+(krb5_context, krb5_ccache id);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
+(krb5_context context);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
+(krb5_context context);
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_switch_to
+(krb5_context context, krb5_ccache id);
+
+#endif /* defined(_WIN32) || defined(USE_CCAPI) */
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi/winccld.c b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/winccld.c
new file mode 100644
index 00000000..8b2e90c4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/winccld.c
@@ -0,0 +1,101 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#if defined(_WIN32)
+/*
+ * winccld.c --- routine for dynamically loading the ccache DLL if
+ * it's present.
+ */
+
+#include <windows.h>
+#include <stdio.h>
+#include "k5-int.h"
+#include "stdcc.h"
+
+/* from fcc-proto.h */
+extern const krb5_cc_ops krb5_fcc_ops;
+
+#define KRB5_WINCCLD_C_
+#include "winccld.h"
+
+static int krb5_win_ccdll_loaded = 0;
+
+extern void krb5_win_ccdll_load();
+extern int krb5_is_ccdll_loaded();
+
+/*
+ * return codes
+ */
+#define LF_OK           0
+#define LF_NODLL        1
+#define LF_NOFUNC       2
+
+#ifdef _WIN64
+#define KRBCC_DLL      "krbcc64.dll"
+#else
+#define KRBCC_DLL      "krbcc32.dll"
+#endif
+
+static int LoadFuncs(const char* dll_name, FUNC_INFO fi[],
+                     HINSTANCE* ph, int debug);
+
+static int LoadFuncs(const char* dll_name, FUNC_INFO fi[],
+                     HINSTANCE* ph, int debug)
+{
+    HINSTANCE h;
+    int i, n;
+    int error = 0;
+
+    if (ph) *ph = 0;
+
+    for (n = 0; fi[n].func_ptr_var; n++) {
+        *(fi[n].func_ptr_var) = 0;
+    }
+
+    if (!(h = LoadLibrary(dll_name))) {
+        /* Get error for source debugging purposes. */
+        error = (int)GetLastError();
+        return LF_NODLL;
+    }
+
+    if (debug)
+        printf("Loaded %s\n", dll_name);
+    for (i = 0; !error && (i < n); i++) {
+        void* p = (void*)GetProcAddress(h, fi[i].func_name);
+        if (!p) {
+            if (debug)
+                printf("Could not get function: %s\n", fi[i].func_name);
+            error = 1;
+        } else {
+            *(fi[i].func_ptr_var) = p;
+            if (debug)
+                printf("Loaded function %s at 0x%08X\n", fi[i].func_name, p);
+        }
+    }
+    if (error) {
+        for (i = 0; i < n; i++) {
+            *(fi[i].func_ptr_var) = 0;
+        }
+        FreeLibrary(h);
+        return LF_NOFUNC;
+    }
+    if (ph) *ph = h;
+    return LF_OK;
+}
+
+void krb5_win_ccdll_load(context)
+    krb5_context    context;
+{
+    krb5_cc_register(context, &krb5_fcc_ops, 0);
+    if (krb5_win_ccdll_loaded)
+        return;
+    if (LoadFuncs(KRBCC_DLL, krbcc_fi, 0, 0))
+        return;         /* Error, give up */
+    krb5_win_ccdll_loaded = 1;
+    krb5_cc_dfl_ops = &krb5_cc_stdcc_ops; /* Use stdcc! */
+}
+
+int krb5_is_ccdll_loaded()
+{
+    return krb5_win_ccdll_loaded;
+}
+
+#endif  /* Windows */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi/winccld.h b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/winccld.h
new file mode 100644
index 00000000..d617d4d2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi/winccld.h
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * winccld.h -- the dynamic loaded version of the ccache DLL
+ */
+
+
+#ifndef KRB5_WINCCLD_H_
+#define KRB5_WINCCLD_H_
+
+#include <CredentialsCache.h>
+
+typedef CCACHE_API cc_int32 (*FP_cc_initialize) (
+    cc_context_t*           outContext,
+    cc_int32                inVersion,
+    cc_int32*               outSupportedVersion,
+    char const**            outVendor);
+
+#ifdef KRB5_WINCCLD_C_
+typedef struct _FUNC_INFO {
+    void** func_ptr_var;
+    char* func_name;
+} FUNC_INFO;
+
+#define DECL_FUNC_PTR(x) FP_##x p##x
+#define MAKE_FUNC_INFO(x) { (void**) &p##x, #x }
+#define END_FUNC_INFO { 0, 0 }
+#else
+#define DECL_FUNC_PTR(x) extern FP_##x p##x
+#endif
+
+DECL_FUNC_PTR(cc_initialize);
+
+#ifdef KRB5_WINCCLD_C_
+FUNC_INFO krbcc_fi[] = {
+    MAKE_FUNC_INFO(cc_initialize),
+    END_FUNC_INFO
+};
+#undef MAKE_FUNC_INFO
+#undef END_FUNC_INFO
+#else
+
+#define cc_initialize pcc_initialize
+#endif
+
+#undef DECL_FUNC_PTR
+
+#endif /* KRB5_WINCCLD_H_ */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi_util.c b/krb5-1.21.3/src/lib/krb5/ccache/ccapi_util.c
new file mode 100644
index 00000000..b035c7ee
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi_util.c
@@ -0,0 +1,425 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccapi_util.c - conversion functions for CCAPI creds */
+/*
+ * Copyright (C) 2022 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "cc-int.h"
+#include "ccapi_util.h"
+
+#if defined(USE_CCAPI) || defined(USE_CCAPI_MACOS)
+
+static void
+free_cc_data_list(cc_data **list)
+{
+    size_t i;
+
+    for (i = 0; list != NULL && list[i] != NULL; i++) {
+        free(list[i]->data);
+        free(list[i]);
+    }
+    free(list);
+}
+
+static krb5_error_code
+cc_data_list_to_addresses(krb5_context context, cc_data **list,
+                          krb5_address ***addrs_out)
+{
+    krb5_error_code ret;
+    size_t count, i;
+    krb5_address **addrs = NULL;
+
+    *addrs_out = NULL;
+    if (list == NULL)
+        return 0;
+
+    for (count = 0; list[count]; count++);
+    addrs = k5calloc(count + 1, sizeof(*addrs), &ret);
+    if (addrs == NULL)
+        return ret;
+
+    for (i = 0; i < count; i++) {
+        addrs[i] = k5alloc(sizeof(*addrs[i]), &ret);
+        if (addrs[i] == NULL)
+            goto cleanup;
+
+        addrs[i]->contents = k5memdup(list[i]->data, list[i]->length, &ret);
+        if (addrs[i]->contents == NULL)
+            goto cleanup;
+        addrs[i]->length = list[i]->length;
+        addrs[i]->addrtype = list[i]->type;
+        addrs[i]->magic = KV5M_ADDRESS;
+    }
+
+    *addrs_out = addrs;
+    addrs = NULL;
+
+cleanup:
+    krb5_free_addresses(context, addrs);
+    return ret;
+}
+
+static krb5_error_code
+cc_data_list_to_authdata(krb5_context context, cc_data **list,
+                         krb5_authdata ***authdata_out)
+{
+    krb5_error_code ret;
+    size_t count, i;
+    krb5_authdata **authdata = NULL;
+
+    *authdata_out = NULL;
+    if (list == NULL)
+        return 0;
+
+    for (count = 0; list[count]; count++);
+    authdata = k5calloc(count + 1, sizeof(*authdata), &ret);
+    if (authdata == NULL)
+        return ret;
+
+    for (i = 0; i < count; i++) {
+        authdata[i] = k5alloc(sizeof(*authdata[i]), &ret);
+        if (authdata[i] == NULL)
+            goto cleanup;
+
+        authdata[i]->contents = k5memdup(list[i]->data, list[i]->length, &ret);
+        if (authdata[i]->contents == NULL)
+            goto cleanup;
+        authdata[i]->length = list[i]->length;
+        authdata[i]->ad_type = list[i]->type;
+        authdata[i]->magic = KV5M_AUTHDATA;
+    }
+
+    *authdata_out = authdata;
+    authdata = NULL;
+
+cleanup:
+    krb5_free_authdata(context, authdata);
+    return ret;
+}
+
+static krb5_error_code
+addresses_to_cc_data_list(krb5_context context, krb5_address **addrs,
+                          cc_data ***list_out)
+{
+    krb5_error_code ret;
+    size_t count, i;
+    cc_data **list = NULL;
+
+    *list_out = NULL;
+    if (addrs == NULL)
+        return 0;
+
+    for (count = 0; addrs[count]; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        return ret;
+
+    for (i = 0; i < count; i++) {
+        list[i] = k5alloc(sizeof(*list[i]), &ret);
+        if (list[i] == NULL)
+            goto cleanup;
+
+        list[i]->data = k5memdup(addrs[i]->contents, addrs[i]->length, &ret);
+        if (list[i]->data == NULL)
+            goto cleanup;
+        list[i]->length = addrs[i]->length;
+        list[i]->type = addrs[i]->addrtype;
+    }
+
+    *list_out = list;
+    list = NULL;
+
+cleanup:
+    free_cc_data_list(list);
+    return ret;
+}
+
+static krb5_error_code
+authdata_to_cc_data_list(krb5_context context, krb5_authdata **authdata,
+                         cc_data ***list_out)
+{
+    krb5_error_code ret;
+    size_t count, i;
+    cc_data **list = NULL;
+
+    *list_out = NULL;
+    if (authdata == NULL)
+        return 0;
+
+    for (count = 0; authdata[count]; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        return ret;
+
+    for (i = 0; i < count; i++) {
+        list[i] = k5alloc(sizeof(*list[i]), &ret);
+        if (list[i] == NULL)
+            goto cleanup;
+
+        list[i]->data = k5memdup(authdata[i]->contents, authdata[i]->length,
+                                 &ret);
+        if (list[i]->data == NULL)
+            goto cleanup;
+        list[i]->length = authdata[i]->length;
+        list[i]->type = authdata[i]->ad_type;
+    }
+
+    *list_out = list;
+    list = NULL;
+
+cleanup:
+    free_cc_data_list(list);
+    return ret;
+}
+
+krb5_error_code
+k5_ccapi_to_krb5_creds(krb5_context context,
+                       const cc_credentials_union *ccapi_cred,
+                       krb5_creds *cred_out)
+{
+    krb5_error_code ret;
+    cc_credentials_v5_t *cv5 = NULL;
+    krb5_principal client = NULL;
+    krb5_principal server = NULL;
+    char *ticket_data = NULL;
+    char *second_ticket_data = NULL;
+    uint8_t *keyblock_contents = NULL;
+    krb5_address **addresses = NULL;
+    krb5_authdata **authdata = NULL;
+
+    if (ccapi_cred->version != cc_credentials_v5)
+        return KRB5_CC_NOT_KTYPE;
+
+    cv5 = ccapi_cred->credentials.credentials_v5;
+
+    ret = krb5_parse_name(context, cv5->client, &client);
+    if (ret)
+        goto cleanup;
+    ret = krb5_parse_name(context, cv5->server, &server);
+    if (ret)
+        goto cleanup;
+
+    if (cv5->keyblock.length > 0) {
+        keyblock_contents = k5memdup(cv5->keyblock.data, cv5->keyblock.length,
+                                     &ret);
+        if (keyblock_contents == NULL)
+            goto cleanup;
+    }
+
+    if (cv5->ticket.length > 0) {
+        ticket_data = k5memdup(cv5->ticket.data, cv5->ticket.length, &ret);
+        if (ticket_data == NULL)
+            goto cleanup;
+    }
+
+    if (cv5->second_ticket.length > 0) {
+        second_ticket_data = k5memdup(cv5->second_ticket.data,
+                                      cv5->second_ticket.length, &ret);
+        if (second_ticket_data == NULL)
+            goto cleanup;
+    }
+
+    ret = cc_data_list_to_addresses(context, cv5->addresses, &addresses);
+    if (ret)
+        goto cleanup;
+
+    ret = cc_data_list_to_authdata(context, cv5->authdata, &authdata);
+    if (ret)
+        goto cleanup;
+
+    cred_out->client = client;
+    cred_out->server = server;
+    client = server = NULL;
+
+    cred_out->keyblock.magic = KV5M_KEYBLOCK;
+    cred_out->keyblock.enctype = cv5->keyblock.type;
+    cred_out->keyblock.length = cv5->keyblock.length;
+    cred_out->keyblock.contents = keyblock_contents;
+    keyblock_contents = NULL;
+
+    cred_out->times.authtime = cv5->authtime;
+    cred_out->times.starttime = cv5->starttime;
+    cred_out->times.endtime = cv5->endtime;
+    cred_out->times.renew_till = cv5->renew_till;
+    cred_out->is_skey = cv5->is_skey;
+    cred_out->ticket_flags = cv5->ticket_flags;
+
+    cred_out->ticket = make_data(ticket_data, cv5->ticket.length);
+    cred_out->second_ticket = make_data(second_ticket_data,
+                                        cv5->second_ticket.length);
+    ticket_data = second_ticket_data = NULL;
+
+    cred_out->addresses = addresses;
+    addresses = NULL;
+
+    cred_out->authdata = authdata;
+    authdata = NULL;
+
+    cred_out->magic = KV5M_CREDS;
+
+cleanup:
+    krb5_free_principal(context, client);
+    krb5_free_principal(context, server);
+    krb5_free_addresses(context, addresses);
+    krb5_free_authdata(context, authdata);
+    free(keyblock_contents);
+    free(ticket_data);
+    free(second_ticket_data);
+    return ret;
+}
+
+krb5_error_code
+k5_krb5_to_ccapi_creds(krb5_context context, krb5_creds *cred,
+                       cc_credentials_union **ccapi_cred_out)
+{
+    krb5_error_code ret;
+    cc_credentials_union *cred_union = NULL;
+    cc_credentials_v5_t *cv5 = NULL;
+    char *client = NULL, *server = NULL;
+    uint8_t *ticket_data = NULL, *second_ticket_data = NULL;
+    uint8_t *keyblock_data = NULL;
+    cc_data **addr_list = NULL, **authdata_list = NULL;
+
+    cred_union = k5alloc(sizeof(*cred_union), &ret);
+    if (cred_union == NULL)
+        goto cleanup;
+
+    cv5 = k5alloc(sizeof(*cv5), &ret);
+    if (cv5 == NULL)
+        goto cleanup;
+
+    ret = krb5_unparse_name(context, cred->client, &client);
+    if (ret)
+        goto cleanup;
+    ret = krb5_unparse_name(context, cred->server, &server);
+    if (ret)
+        goto cleanup;
+
+    if (cred->keyblock.length > 0) {
+        keyblock_data = k5memdup(cred->keyblock.contents,
+                                 cred->keyblock.length, &ret);
+        if (keyblock_data == NULL)
+            goto cleanup;
+    }
+
+    if (cred->ticket.length > 0) {
+        ticket_data = k5memdup0(cred->ticket.data, cred->ticket.length, &ret);
+        if (ticket_data == NULL)
+            goto cleanup;
+    }
+
+    if (cred->second_ticket.length > 0) {
+        second_ticket_data = k5memdup0(cred->second_ticket.data,
+                                       cred->second_ticket.length, &ret);
+        if (second_ticket_data == NULL)
+            goto cleanup;
+    }
+
+    ret = addresses_to_cc_data_list(context, cred->addresses, &addr_list);
+    if (ret)
+        goto cleanup;
+
+    ret = authdata_to_cc_data_list(context, cred->authdata, &authdata_list);
+    if (ret)
+        goto cleanup;
+
+    cv5->client = client;
+    cv5->server = server;
+    client = server = NULL;
+
+    cv5->keyblock.type = cred->keyblock.enctype;
+    cv5->keyblock.length = cred->keyblock.length;
+    cv5->keyblock.data = keyblock_data;
+    keyblock_data = NULL;
+
+    cv5->authtime = cred->times.authtime;
+    cv5->starttime = cred->times.starttime;
+    cv5->endtime = cred->times.endtime;
+    cv5->renew_till = cred->times.renew_till;
+    cv5->is_skey = cred->is_skey;
+    cv5->ticket_flags = cred->ticket_flags;
+
+    cv5->ticket.length = cred->ticket.length;
+    cv5->ticket.data = ticket_data;
+    cv5->second_ticket.length = cred->second_ticket.length;
+    cv5->second_ticket.data = second_ticket_data;
+    ticket_data = second_ticket_data = NULL;
+
+    cv5->addresses = addr_list;
+    addr_list = NULL;
+
+    cv5->authdata = authdata_list;
+    authdata_list = NULL;
+
+    cred_union->version = cc_credentials_v5;
+    cred_union->credentials.credentials_v5 = cv5;
+    cv5 = NULL;
+
+    *ccapi_cred_out = cred_union;
+    cred_union = NULL;
+
+cleanup:
+    free_cc_data_list(addr_list);
+    free_cc_data_list(authdata_list);
+    free(keyblock_data);
+    free(ticket_data);
+    free(second_ticket_data);
+    krb5_free_unparsed_name(context, client);
+    krb5_free_unparsed_name(context, server);
+    free(cv5);
+    free(cred_union);
+    return ret;
+}
+
+void
+k5_release_ccapi_cred(cc_credentials_union *ccapi_cred)
+{
+    cc_credentials_v5_t *cv5;
+
+    if (ccapi_cred == NULL)
+        return;
+    if (ccapi_cred->version != cc_credentials_v5)
+        return;
+    if (ccapi_cred->credentials.credentials_v5 == NULL)
+        return;
+
+    cv5 = ccapi_cred->credentials.credentials_v5;
+
+    free(cv5->client);
+    free(cv5->server);
+    free(cv5->keyblock.data);
+    free(cv5->ticket.data);
+    free(cv5->second_ticket.data);
+    free_cc_data_list(cv5->addresses);
+    free_cc_data_list(cv5->authdata);
+    free(cv5);
+    free(ccapi_cred);
+}
+
+#endif /* defined(USE_CCAPI) */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccapi_util.h b/krb5-1.21.3/src/lib/krb5/ccache/ccapi_util.h
new file mode 100644
index 00000000..6a866082
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccapi_util.h
@@ -0,0 +1,50 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccapi_util.c - conversion declarations for CCAPI creds */
+/*
+ * Copyright (C) 2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef CCAPI_UTIL_H
+#define CCAPI_UTIL_H
+
+#include <CredentialsCache.h>
+
+krb5_error_code
+k5_ccapi_to_krb5_creds(krb5_context context,
+                       const cc_credentials_union *ccapi_cred,
+                       krb5_creds *cred_out);
+
+krb5_error_code
+k5_krb5_to_ccapi_creds(krb5_context context, krb5_creds *cred,
+                       cc_credentials_union **ccapi_cred_out);
+
+void
+k5_release_ccapi_cred(cc_credentials_union *ccapi_cred);
+
+#endif /* CCAPI_UTIL_H */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccbase.c b/krb5-1.21.3/src/lib/krb5/ccache/ccbase.c
new file mode 100644
index 00000000..5a013208
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccbase.c
@@ -0,0 +1,638 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccbase.c - Registration functions for ccache */
+/*
+ * Copyright 1990,2004,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-thread.h"
+
+#include "fcc.h"
+#include "cc-int.h"
+
+struct krb5_cc_typelist {
+    const krb5_cc_ops *ops;
+    struct krb5_cc_typelist *next;
+};
+
+struct krb5_cc_typecursor {
+    struct krb5_cc_typelist *tptr;
+};
+/* typedef krb5_cc_typecursor in k5-int.h */
+
+extern const krb5_cc_ops krb5_mcc_ops;
+
+#define NEXT NULL
+
+#ifdef _WIN32
+extern const krb5_cc_ops krb5_lcc_ops;
+static struct krb5_cc_typelist cc_lcc_entry = { &krb5_lcc_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_lcc_entry
+#endif
+
+#ifdef USE_CCAPI
+extern const krb5_cc_ops krb5_cc_stdcc_ops;
+static struct krb5_cc_typelist cc_stdcc_entry = { &krb5_cc_stdcc_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_stdcc_entry
+#endif
+
+static struct krb5_cc_typelist cc_mcc_entry = { &krb5_mcc_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_mcc_entry
+
+#ifndef NO_FILE_CCACHE
+static struct krb5_cc_typelist cc_fcc_entry = { &krb5_cc_file_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_fcc_entry
+#endif
+
+#ifdef USE_KEYRING_CCACHE
+extern const krb5_cc_ops krb5_krcc_ops;
+static struct krb5_cc_typelist cc_krcc_entry = { &krb5_krcc_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_krcc_entry
+#endif /* USE_KEYRING_CCACHE */
+
+#ifndef _WIN32
+extern const krb5_cc_ops krb5_dcc_ops;
+static struct krb5_cc_typelist cc_dcc_entry = { &krb5_dcc_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_dcc_entry
+
+extern const krb5_cc_ops krb5_kcm_ops;
+static struct krb5_cc_typelist cc_kcm_entry = { &krb5_kcm_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_kcm_entry
+#endif /* not _WIN32 */
+
+#ifdef USE_CCAPI_MACOS
+extern const krb5_cc_ops krb5_api_macos_ops;
+static struct krb5_cc_typelist cc_macos_entry = { &krb5_api_macos_ops, NEXT };
+#undef NEXT
+#define NEXT &cc_macos_entry
+#endif /* USE_CCAPI_MACOS */
+
+#define INITIAL_TYPEHEAD (NEXT)
+static struct krb5_cc_typelist *cc_typehead = INITIAL_TYPEHEAD;
+static k5_mutex_t cc_typelist_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+
+/* mutex for krb5_cccol_[un]lock */
+static k5_cc_mutex cccol_lock = K5_CC_MUTEX_PARTIAL_INITIALIZER;
+
+static krb5_error_code
+krb5int_cc_getops(krb5_context, const char *, const krb5_cc_ops **);
+
+int
+krb5int_cc_initialize(void)
+{
+    int err;
+
+    err = k5_cc_mutex_finish_init(&cccol_lock);
+    if (err)
+        return err;
+    err = k5_cc_mutex_finish_init(&krb5int_mcc_mutex);
+    if (err)
+        return err;
+    err = k5_mutex_finish_init(&cc_typelist_lock);
+    if (err)
+        return err;
+#ifndef NO_FILE_CCACHE
+    err = k5_cc_mutex_finish_init(&krb5int_cc_file_mutex);
+    if (err)
+        return err;
+#endif
+#ifdef USE_KEYRING_CCACHE
+    err = k5_cc_mutex_finish_init(&krb5int_krcc_mutex);
+    if (err)
+        return err;
+#endif
+    return 0;
+}
+
+void
+krb5int_cc_finalize(void)
+{
+    struct krb5_cc_typelist *t, *t_next;
+    k5_cccol_force_unlock();
+    k5_cc_mutex_destroy(&cccol_lock);
+    k5_mutex_destroy(&cc_typelist_lock);
+#ifndef NO_FILE_CCACHE
+    k5_cc_mutex_destroy(&krb5int_cc_file_mutex);
+#endif
+    k5_cc_mutex_destroy(&krb5int_mcc_mutex);
+#ifdef USE_KEYRING_CCACHE
+    k5_cc_mutex_destroy(&krb5int_krcc_mutex);
+#endif
+    for (t = cc_typehead; t != INITIAL_TYPEHEAD; t = t_next) {
+        t_next = t->next;
+        free(t);
+    }
+}
+
+
+/*
+ * Register a new credentials cache type
+ * If override is set, replace any existing ccache with that type tag
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_register(krb5_context context, const krb5_cc_ops *ops,
+                 krb5_boolean override)
+{
+    struct krb5_cc_typelist *t;
+
+    k5_mutex_lock(&cc_typelist_lock);
+    for (t = cc_typehead;t && strcmp(t->ops->prefix,ops->prefix);t = t->next)
+        ;
+    if (t) {
+        if (override) {
+            t->ops = ops;
+            k5_mutex_unlock(&cc_typelist_lock);
+            return 0;
+        } else {
+            k5_mutex_unlock(&cc_typelist_lock);
+            return KRB5_CC_TYPE_EXISTS;
+        }
+    }
+    if (!(t = (struct krb5_cc_typelist *) malloc(sizeof(*t)))) {
+        k5_mutex_unlock(&cc_typelist_lock);
+        return ENOMEM;
+    }
+    t->next = cc_typehead;
+    t->ops = ops;
+    cc_typehead = t;
+    k5_mutex_unlock(&cc_typelist_lock);
+    return 0;
+}
+
+/*
+ * Resolve a credential cache name into a cred. cache object.
+ *
+ * The name is currently constrained to be of the form "type:residual";
+ *
+ * The "type" portion corresponds to one of the predefined credential
+ * cache types, while the "residual" portion is specific to the
+ * particular cache type.
+ */
+
+#include <ctype.h>
+krb5_error_code KRB5_CALLCONV
+krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
+{
+    char *pfx, *cp;
+    const char *resid;
+    unsigned int pfxlen;
+    krb5_error_code err;
+    const krb5_cc_ops *ops;
+
+    if (name == NULL)
+        return KRB5_CC_BADNAME;
+    pfx = NULL;
+    cp = strchr (name, ':');
+    if (!cp) {
+        if (krb5_cc_dfl_ops)
+            return (*krb5_cc_dfl_ops->resolve)(context, cache, name);
+        else
+            return KRB5_CC_BADNAME;
+    }
+
+    pfxlen = cp - name;
+
+    if ( pfxlen == 1 && isalpha((unsigned char) name[0]) ) {
+        /* We found a drive letter not a prefix - use FILE */
+        pfx = strdup("FILE");
+        if (!pfx)
+            return ENOMEM;
+
+        resid = name;
+    } else {
+        resid = name + pfxlen + 1;
+        pfx = k5memdup0(name, pfxlen, &err);
+        if (pfx == NULL)
+            return err;
+    }
+
+    *cache = (krb5_ccache) 0;
+
+    err = krb5int_cc_getops(context, pfx, &ops);
+    if (pfx != NULL)
+        free(pfx);
+    if (err)
+        return err;
+
+    return ops->resolve(context, cache, resid);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_dup(krb5_context context, krb5_ccache in, krb5_ccache *out)
+{
+    return in->ops->resolve(context, out, in->ops->get_name(context, in));
+}
+
+/*
+ * cc_getops
+ *
+ * Internal function to return the ops vector for a given ccache
+ * prefix string.
+ */
+static krb5_error_code
+krb5int_cc_getops(krb5_context context,
+                  const char *pfx,
+                  const krb5_cc_ops **ops)
+{
+    struct krb5_cc_typelist *tlist;
+
+    k5_mutex_lock(&cc_typelist_lock);
+    for (tlist = cc_typehead; tlist; tlist = tlist->next) {
+        if (strcmp (tlist->ops->prefix, pfx) == 0) {
+            *ops = tlist->ops;
+            k5_mutex_unlock(&cc_typelist_lock);
+            return 0;
+        }
+    }
+    k5_mutex_unlock(&cc_typelist_lock);
+    if (krb5_cc_dfl_ops && !strcmp (pfx, krb5_cc_dfl_ops->prefix)) {
+        *ops = krb5_cc_dfl_ops;
+        return 0;
+    }
+    return KRB5_CC_UNKNOWN_TYPE;
+}
+
+/*
+ * cc_new_unique
+ *
+ * Generate a new unique ccache, given a ccache type and a hint
+ * string.  Ignores the hint string for now.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_new_unique(
+    krb5_context context,
+    const char *type,
+    const char *hint,
+    krb5_ccache *id)
+{
+    const krb5_cc_ops *ops;
+    krb5_error_code err;
+
+    *id = NULL;
+
+    TRACE_CC_NEW_UNIQUE(context, type);
+    err = krb5int_cc_getops(context, type, &ops);
+    if (err)
+        return err;
+
+    return ops->gen_new(context, id);
+}
+
+/*
+ * cc_typecursor
+ *
+ * Note: to avoid copying the typelist at cursor creation time, among
+ * other things, we assume that the only additions ever occur to the
+ * typelist.
+ */
+krb5_error_code
+krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *t)
+{
+    krb5_cc_typecursor n = NULL;
+
+    *t = NULL;
+    n = malloc(sizeof(*n));
+    if (n == NULL)
+        return ENOMEM;
+
+    k5_mutex_lock(&cc_typelist_lock);
+    n->tptr = cc_typehead;
+    k5_mutex_unlock(&cc_typelist_lock);
+    *t = n;
+    return 0;
+}
+
+krb5_error_code
+krb5int_cc_typecursor_next(krb5_context context,
+                           krb5_cc_typecursor t,
+                           const krb5_cc_ops **ops)
+{
+    *ops = NULL;
+    if (t->tptr == NULL)
+        return 0;
+
+    k5_mutex_lock(&cc_typelist_lock);
+    *ops = t->tptr->ops;
+    t->tptr = t->tptr->next;
+    k5_mutex_unlock(&cc_typelist_lock);
+    return 0;
+}
+
+krb5_error_code
+krb5int_cc_typecursor_free(krb5_context context, krb5_cc_typecursor *t)
+{
+    free(*t);
+    *t = NULL;
+    return 0;
+}
+
+krb5_error_code
+k5_nonatomic_replace(krb5_context context, krb5_ccache ccache,
+                     krb5_principal princ, krb5_creds **creds)
+{
+    krb5_error_code ret;
+    int i;
+
+    ret = krb5_cc_initialize(context, ccache, princ);
+    for (i = 0; !ret && creds[i] != NULL; creds++)
+        ret = krb5_cc_store_cred(context, ccache, creds[i]);
+    return ret;
+}
+
+static krb5_error_code
+read_creds(krb5_context context, krb5_ccache ccache, krb5_creds ***creds_out)
+{
+    krb5_error_code ret;
+    krb5_cc_cursor cur = NULL;
+    krb5_creds **list = NULL, *cred = NULL, **newptr;
+    int i;
+
+    *creds_out = NULL;
+
+    ret = krb5_cc_start_seq_get(context, ccache, &cur);
+    if (ret)
+        goto cleanup;
+
+    /* Allocate one extra entry so that list remains valid for freeing after
+     * we add the next entry and before we reallocate it. */
+    list = k5calloc(2, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    i = 0;
+    for (;;) {
+        cred = k5alloc(sizeof(*cred), &ret);
+        if (cred == NULL)
+            goto cleanup;
+        ret = krb5_cc_next_cred(context, ccache, &cur, cred);
+        if (ret == KRB5_CC_END)
+            break;
+        if (ret)
+            goto cleanup;
+        list[i++] = cred;
+        list[i] = NULL;
+        cred = NULL;
+
+        newptr = realloc(list, (i + 2) * sizeof(*list));
+        if (newptr == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        list = newptr;
+        list[i + 1] = NULL;
+    }
+    ret = 0;
+
+    *creds_out = list;
+    list = NULL;
+
+cleanup:
+    if (cur != NULL)
+        (void)krb5_cc_end_seq_get(context, ccache, &cur);
+    krb5_free_tgt_creds(context, list);
+    free(cred);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst)
+{
+    krb5_error_code ret;
+    krb5_principal princ = NULL;
+    krb5_creds **creds = NULL;
+
+    TRACE_CC_MOVE(context, src, dst);
+
+    ret = krb5_cc_get_principal(context, src, &princ);
+    if (ret)
+        goto cleanup;
+
+    ret = read_creds(context, src, &creds);
+    if (ret)
+        goto cleanup;
+
+    if (dst->ops->replace == NULL)
+        ret = k5_nonatomic_replace(context, dst, princ, creds);
+    else
+        ret = dst->ops->replace(context, dst, princ, creds);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_cc_destroy(context, src);
+
+cleanup:
+    krb5_free_principal(context, princ);
+    krb5_free_tgt_creds(context, creds);
+    return ret;
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_cc_support_switch(krb5_context context, const char *type)
+{
+    const krb5_cc_ops *ops;
+    krb5_error_code err;
+
+    err = krb5int_cc_getops(context, type, &ops);
+    return (err ? FALSE : (ops->switch_to != NULL));
+}
+
+krb5_error_code
+k5_cc_mutex_init(k5_cc_mutex *m)
+{
+    krb5_error_code ret = 0;
+
+    ret = k5_mutex_init(&m->lock);
+    if (ret) return ret;
+    m->owner = NULL;
+    m->refcount = 0;
+
+    return ret;
+}
+
+krb5_error_code
+k5_cc_mutex_finish_init(k5_cc_mutex *m)
+{
+    krb5_error_code ret = 0;
+
+    ret = k5_mutex_finish_init(&m->lock);
+    if (ret) return ret;
+    m->owner = NULL;
+    m->refcount = 0;
+
+    return ret;
+}
+
+void
+k5_cc_mutex_assert_locked(krb5_context context, k5_cc_mutex *m)
+{
+#ifdef DEBUG_THREADS
+    assert(m->refcount > 0);
+    assert(m->owner == context);
+#endif
+    k5_assert_locked(&m->lock);
+}
+
+void
+k5_cc_mutex_assert_unlocked(krb5_context context, k5_cc_mutex *m)
+{
+#ifdef DEBUG_THREADS
+    assert(m->refcount == 0);
+    assert(m->owner == NULL);
+#endif
+    k5_assert_unlocked(&m->lock);
+}
+
+void
+k5_cc_mutex_lock(krb5_context context, k5_cc_mutex *m)
+{
+    /* not locked or already locked by another context */
+    if (m->owner != context) {
+        /* acquire lock, blocking until available */
+        k5_mutex_lock(&m->lock);
+        m->owner = context;
+        m->refcount = 1;
+    }
+    /* already locked by this context, just increase refcount */
+    else {
+        m->refcount++;
+    }
+}
+
+void
+k5_cc_mutex_unlock(krb5_context context, k5_cc_mutex *m)
+{
+    /* verify owner and sanity check refcount */
+    if ((m->owner != context) || (m->refcount < 1)) {
+        return;
+    }
+    /* decrement & unlock when count reaches zero */
+    m->refcount--;
+    if (m->refcount == 0) {
+        m->owner = NULL;
+        k5_mutex_unlock(&m->lock);
+    }
+}
+
+/* necessary to make reentrant locks play nice with krb5int_cc_finalize */
+void
+k5_cc_mutex_force_unlock(k5_cc_mutex *m)
+{
+    m->refcount = 0;
+    m->owner = NULL;
+    if (m->refcount > 0) {
+        k5_mutex_unlock(&m->lock);
+    }
+}
+
+/*
+ * holds on to all pertype global locks as well as typelist lock
+ */
+
+krb5_error_code
+k5_cccol_lock(krb5_context context)
+{
+    krb5_error_code ret = 0;
+
+    k5_cc_mutex_lock(context, &cccol_lock);
+    k5_mutex_lock(&cc_typelist_lock);
+    k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
+    k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
+#ifdef USE_KEYRING_CCACHE
+    k5_cc_mutex_lock(context, &krb5int_krcc_mutex);
+#endif
+#ifdef USE_CCAPI
+    ret = krb5_stdccv3_context_lock(context);
+    if (ret) {
+        k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_mutex_unlock(&cc_typelist_lock);
+        k5_cc_mutex_unlock(context, &cccol_lock);
+        return ret;
+    }
+#endif
+    k5_mutex_unlock(&cc_typelist_lock);
+    return ret;
+}
+
+krb5_error_code
+k5_cccol_unlock(krb5_context context)
+{
+    krb5_error_code ret = 0;
+
+    /* sanity check */
+    k5_cc_mutex_assert_locked(context, &cccol_lock);
+
+    k5_mutex_lock(&cc_typelist_lock);
+
+    /* unlock each type in the opposite order */
+#ifdef USE_CCAPI
+    krb5_stdccv3_context_unlock(context);
+#endif
+#ifdef USE_KEYRING_CCACHE
+    k5_cc_mutex_assert_locked(context, &krb5int_krcc_mutex);
+    k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
+#endif
+    k5_cc_mutex_assert_locked(context, &krb5int_mcc_mutex);
+    k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+    k5_cc_mutex_assert_locked(context, &krb5int_cc_file_mutex);
+    k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+    k5_mutex_assert_locked(&cc_typelist_lock);
+
+    k5_mutex_unlock(&cc_typelist_lock);
+    k5_cc_mutex_unlock(context, &cccol_lock);
+
+    return ret;
+}
+
+/* necessary to make reentrant locks play nice with krb5int_cc_finalize */
+void
+k5_cccol_force_unlock()
+{
+    /* sanity check */
+    if ((&cccol_lock)->refcount == 0) {
+        return;
+    }
+
+    k5_mutex_lock(&cc_typelist_lock);
+
+    /* unlock each type in the opposite order */
+#ifdef USE_KEYRING_CCACHE
+    k5_cc_mutex_force_unlock(&krb5int_krcc_mutex);
+#endif
+#ifdef USE_CCAPI
+    krb5_stdccv3_context_unlock(NULL);
+#endif
+    k5_cc_mutex_force_unlock(&krb5int_mcc_mutex);
+    k5_cc_mutex_force_unlock(&krb5int_cc_file_mutex);
+
+    k5_mutex_unlock(&cc_typelist_lock);
+    k5_cc_mutex_force_unlock(&cccol_lock);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cccopy.c b/krb5-1.21.3/src/lib/krb5/ccache/cccopy.c
new file mode 100644
index 00000000..d71d439d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cccopy.c
@@ -0,0 +1,37 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc)
+{
+    krb5_error_code code;
+    krb5_cc_cursor cur = 0;
+    krb5_creds creds;
+
+    if ((code = krb5_cc_start_seq_get(context, incc, &cur)))
+        goto cleanup;
+
+    while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) {
+        code = krb5_cc_store_cred(context, outcc, &creds);
+        krb5_free_cred_contents(context, &creds);
+        if (code)
+            goto cleanup;
+    }
+
+    if (code != KRB5_CC_END)
+        goto cleanup;
+
+    code = krb5_cc_end_seq_get(context, incc, &cur);
+    cur = 0;
+    if (code)
+        goto cleanup;
+
+    code = 0;
+
+cleanup:
+    /* If set then we are in an error pathway */
+    if (cur)
+        krb5_cc_end_seq_get(context, incc, &cur);
+
+    return(code);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/cccursor.c b/krb5-1.21.3/src/lib/krb5/ccache/cccursor.c
new file mode 100644
index 00000000..926873f2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/cccursor.c
@@ -0,0 +1,282 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/cccursor.c */
+/*
+ * Copyright 2006, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * cursor for sequential traversal of ccaches
+ */
+
+#include "cc-int.h"
+#include "../krb/int-proto.h"
+#include "../os/os-proto.h"
+
+#include <assert.h>
+
+struct _krb5_cccol_cursor {
+    krb5_cc_typecursor typecursor;
+    const krb5_cc_ops *ops;
+    krb5_cc_ptcursor ptcursor;
+};
+/* typedef of krb5_cccol_cursor is in krb5.h */
+
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_cursor_new(krb5_context context,
+                      krb5_cccol_cursor *cursor)
+{
+    krb5_error_code ret = 0;
+    krb5_cccol_cursor n = NULL;
+
+    *cursor = NULL;
+    n = malloc(sizeof(*n));
+    if (n == NULL)
+        return ENOMEM;
+
+    n->typecursor = NULL;
+    n->ptcursor = NULL;
+    n->ops = NULL;
+
+    ret = krb5int_cc_typecursor_new(context, &n->typecursor);
+    if (ret)
+        goto errout;
+
+    do {
+        /* Find first backend with ptcursor functionality. */
+        ret = krb5int_cc_typecursor_next(context, n->typecursor, &n->ops);
+        if (ret || n->ops == NULL)
+            goto errout;
+    } while (n->ops->ptcursor_new == NULL);
+
+    ret = n->ops->ptcursor_new(context, &n->ptcursor);
+    if (ret)
+        goto errout;
+
+errout:
+    if (ret) {
+        krb5_cccol_cursor_free(context, &n);
+    }
+    *cursor = n;
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_cursor_next(krb5_context context,
+                       krb5_cccol_cursor cursor,
+                       krb5_ccache *ccache_out)
+{
+    krb5_error_code ret = 0;
+    krb5_ccache ccache;
+
+    *ccache_out = NULL;
+
+    /* Are we out of backends? */
+    if (cursor->ops == NULL)
+        return 0;
+
+    while (1) {
+        ret = cursor->ops->ptcursor_next(context, cursor->ptcursor, &ccache);
+        if (ret)
+            return ret;
+        if (ccache != NULL) {
+            *ccache_out = ccache;
+            return 0;
+        }
+
+        ret = cursor->ops->ptcursor_free(context, &cursor->ptcursor);
+        if (ret)
+            return ret;
+
+        do {
+            /* Find next type with ptcursor functionality. */
+            ret = krb5int_cc_typecursor_next(context, cursor->typecursor,
+                                             &cursor->ops);
+            if (ret)
+                return ret;
+            if (cursor->ops == NULL)
+                return 0;
+        } while (cursor->ops->ptcursor_new == NULL);
+
+        ret = cursor->ops->ptcursor_new(context, &cursor->ptcursor);
+        if (ret)
+            return ret;
+    }
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_cursor_free(krb5_context context,
+                       krb5_cccol_cursor *cursor)
+{
+    krb5_cccol_cursor c = *cursor;
+
+    if (c == NULL)
+        return 0;
+
+    if (c->ptcursor != NULL)
+        c->ops->ptcursor_free(context, &c->ptcursor);
+    if (c->typecursor != NULL)
+        krb5int_cc_typecursor_free(context, &c->typecursor);
+    free(c);
+
+    *cursor = NULL;
+    return 0;
+}
+
+static krb5_error_code
+match_caches(krb5_context context, krb5_const_principal client,
+             krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    krb5_cccol_cursor cursor;
+    krb5_ccache cache = NULL;
+    krb5_principal princ;
+    krb5_boolean eq;
+
+    *cache_out = NULL;
+
+    ret = krb5_cccol_cursor_new(context, &cursor);
+    if (ret)
+        return ret;
+
+    while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
+           cache != NULL) {
+        ret = krb5_cc_get_principal(context, cache, &princ);
+        if (ret == 0) {
+            eq = krb5_principal_compare(context, princ, client);
+            krb5_free_principal(context, princ);
+            if (eq)
+                break;
+        }
+        krb5_cc_close(context, cache);
+    }
+    krb5_cccol_cursor_free(context, &cursor);
+
+    if (ret)
+        return ret;
+    if (cache == NULL)
+        return KRB5_CC_NOTFOUND;
+
+    *cache_out = cache;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_cache_match(krb5_context context, krb5_principal client,
+                    krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    struct canonprinc iter = { client, .subst_defrealm = TRUE };
+    krb5_const_principal canonprinc = NULL;
+    krb5_ccache cache = NULL;
+    char *name;
+
+    *cache_out = NULL;
+
+    while ((ret = k5_canonprinc(context, &iter, &canonprinc)) == 0 &&
+           canonprinc != NULL) {
+        ret = match_caches(context, canonprinc, &cache);
+        if (ret != KRB5_CC_NOTFOUND)
+            break;
+    }
+    free_canonprinc(&iter);
+
+    if (ret == 0 && canonprinc == NULL) {
+        ret = KRB5_CC_NOTFOUND;
+        if (krb5_unparse_name(context, client, &name) == 0) {
+            k5_setmsg(context, ret,
+                      _("Can't find client principal %s in cache collection"),
+                      name);
+            krb5_free_unparsed_name(context, name);
+        }
+    }
+
+    TRACE_CC_CACHE_MATCH(context, client, ret);
+    if (ret)
+        return ret;
+
+    *cache_out = cache;
+    return 0;
+}
+
+/* Store the error state for code from context into errsave, but only if code
+ * indicates an error and errsave is empty. */
+static void
+save_first_error(krb5_context context, krb5_error_code code,
+                 struct errinfo *errsave)
+{
+    if (code && code != KRB5_FCC_NOFILE && !errsave->code)
+        k5_save_ctx_error(context, code, errsave);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_have_content(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_cccol_cursor col_cursor;
+    krb5_ccache cache;
+    krb5_principal princ;
+    krb5_boolean found = FALSE;
+    struct errinfo errsave = EMPTY_ERRINFO;
+    const char *defname;
+
+    ret = krb5_cccol_cursor_new(context, &col_cursor);
+    save_first_error(context, ret, &errsave);
+    if (ret)
+        goto no_entries;
+
+    while (!found) {
+        ret = krb5_cccol_cursor_next(context, col_cursor, &cache);
+        save_first_error(context, ret, &errsave);
+        if (ret || cache == NULL)
+            break;
+        princ = NULL;
+        ret = krb5_cc_get_principal(context, cache, &princ);
+        save_first_error(context, ret, &errsave);
+        if (!ret)
+            found = TRUE;
+        krb5_free_principal(context, princ);
+        krb5_cc_close(context, cache);
+    }
+    krb5_cccol_cursor_free(context, &col_cursor);
+    if (found) {
+        k5_clear_error(&errsave);
+        return 0;
+    }
+
+no_entries:
+    if (errsave.code) {
+        /* Report the first error we encountered. */
+        ret = k5_restore_ctx_error(context, &errsave);
+        k5_wrapmsg(context, ret, KRB5_CC_NOTFOUND,
+                   _("No Kerberos credentials available"));
+    } else {
+        /* Report the default cache name. */
+        defname = krb5_cc_default_name(context);
+        if (defname != NULL) {
+            k5_setmsg(context, KRB5_CC_NOTFOUND,
+                      _("No Kerberos credentials available "
+                        "(default cache: %s)"), defname);
+        }
+    }
+    return KRB5_CC_NOTFOUND;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccdefault.c b/krb5-1.21.3/src/lib/krb5/ccache/ccdefault.c
new file mode 100644
index 00000000..1d3625c4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccdefault.c
@@ -0,0 +1,97 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccdefault.c - Find default credential cache */
+/*
+ * Copyright 1990, 2007, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#ifdef USE_LEASH
+static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL;
+static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
+#ifdef _WIN64
+#define LEASH_DLL "leashw64.dll"
+#else
+#define LEASH_DLL "leashw32.dll"
+#endif
+#endif
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_default(krb5_context context, krb5_ccache *ccache)
+{
+    const char *default_name;
+
+    if (!context || context->magic != KV5M_CONTEXT)
+        return KV5M_CONTEXT;
+
+    default_name = krb5_cc_default_name(context);
+    if (default_name == NULL) {
+        /* Could be a bogus context, or an allocation failure, or
+           other things.  Unfortunately the API doesn't allow us
+           to find out any specifics.  */
+        return KRB5_FCC_INTERNAL;
+    }
+
+    return krb5_cc_resolve(context, default_name, ccache);
+}
+
+/* This is the internal function which opens the default ccache.  On
+   platforms supporting the login library's automatic popup dialog to
+   get tickets, this function also updated the library's internal view
+   of the current principal associated with this cache.
+
+   All krb5 and GSS functions which need to open a cache to get a tgt
+   to obtain service tickets should call this function, not
+   krb5_cc_default().  */
+
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
+{
+    if (!context || context->magic != KV5M_CONTEXT) {
+        return KV5M_CONTEXT;
+    }
+
+#ifdef USE_LEASH
+    if ( hLeashDLL == INVALID_HANDLE_VALUE ) {
+        hLeashDLL = LoadLibrary(LEASH_DLL);
+        if ( hLeashDLL != INVALID_HANDLE_VALUE ) {
+            (FARPROC) pLeash_AcquireInitialTicketsIfNeeded =
+                GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
+        }
+    }
+
+    if ( pLeash_AcquireInitialTicketsIfNeeded ) {
+        char ccname[256]="";
+        pLeash_AcquireInitialTicketsIfNeeded(context, NULL, ccname, sizeof(ccname));
+        if (ccname[0]) {
+            char * ccdefname = krb5_cc_default_name (context);
+            if (!ccdefname || strcmp (ccdefname, ccname) != 0) {
+                krb5_cc_set_default_name (context, ccname);
+            }
+        }
+    }
+#endif
+
+    return krb5_cc_default (context, ccache);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccdefops.c b/krb5-1.21.3/src/lib/krb5/ccache/ccdefops.c
new file mode 100644
index 00000000..abe0c6d8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccdefops.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccdefops.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Default credentials cache determination.  This is a separate file
+ * so that the user can more easily override it. */
+
+#include "k5-int.h"
+
+#if defined(USE_CCAPI)
+
+/*
+ * Macs use the shared, memory based credentials cache
+ * Windows may also use the ccapi cache, but only if the Krbcc32.dll
+ * can be found; otherwise it falls back to using the old
+ * file-based ccache.
+ */
+#include "stdcc.h" /* from ccapi subdir */
+
+const krb5_cc_ops *krb5_cc_dfl_ops = &krb5_cc_stdcc_ops;
+
+#elif defined(NO_FILE_CCACHE)
+
+/* Note that this version isn't likely to work very well for multiple
+   processes.  It's mostly a placeholder so we can experiment with
+   building the NO_FILE_CCACHE code on UNIX.  */
+
+extern const krb5_cc_ops krb5_mcc_ops;
+const krb5_cc_ops *krb5_cc_dfl_ops = &krb5_mcc_ops;
+
+#else
+
+#include "fcc.h"
+const krb5_cc_ops *krb5_cc_dfl_ops = &krb5_cc_file_ops;
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccfns.c b/krb5-1.21.3/src/lib/krb5/ccache/ccfns.c
new file mode 100644
index 00000000..e0eb39a6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccfns.c
@@ -0,0 +1,320 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccfns.c - Dispatch methods for credentials cache code.*/
+/*
+ * Copyright 2000, 2007, 2008  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include "../krb/int-proto.h"
+
+const char * KRB5_CALLCONV
+krb5_cc_get_name(krb5_context context, krb5_ccache cache)
+{
+    return cache->ops->get_name(context, cache);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
+                      char **fullname_out)
+{
+    char *name;
+
+    *fullname_out = NULL;
+    if (asprintf(&name, "%s:%s", cache->ops->prefix,
+                 cache->ops->get_name(context, cache)) < 0)
+        return ENOMEM;
+    *fullname_out = name;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_gen_new(krb5_context context, krb5_ccache *cache)
+{
+    TRACE_CC_GEN_NEW(context, cache);
+    return (*cache)->ops->gen_new(context, cache);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_initialize(krb5_context context, krb5_ccache cache,
+                   krb5_principal principal)
+{
+    TRACE_CC_INIT(context, cache, principal);
+    return cache->ops->init(context, cache, principal);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_destroy(krb5_context context, krb5_ccache cache)
+{
+    TRACE_CC_DESTROY(context, cache);
+    return cache->ops->destroy(context, cache);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_close(krb5_context context, krb5_ccache cache)
+{
+    return cache->ops->close(context, cache);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_store_cred(krb5_context context, krb5_ccache cache,
+                   krb5_creds *creds)
+{
+    TRACE_CC_STORE(context, cache, creds);
+    return cache->ops->store(context, cache, creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache,
+                      krb5_flags flags, krb5_creds *mcreds,
+                      krb5_creds *creds)
+{
+    krb5_error_code ret;
+    krb5_data tmprealm;
+
+    ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
+    TRACE_CC_RETRIEVE(context, cache, mcreds, ret);
+    if (ret != KRB5_CC_NOTFOUND)
+        return ret;
+    if (mcreds->client == NULL || mcreds->server == NULL ||
+        !krb5_is_referral_realm(&mcreds->server->realm))
+        return ret;
+
+    /*
+     * Retry using client's realm if service has referral realm.
+     */
+    tmprealm = mcreds->server->realm;
+    mcreds->server->realm = mcreds->client->realm;
+    ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
+    TRACE_CC_RETRIEVE_REF(context, cache, mcreds, ret);
+    mcreds->server->realm = tmprealm;
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_principal(krb5_context context, krb5_ccache cache,
+                      krb5_principal *principal)
+{
+    return cache->ops->get_princ(context, cache, principal);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache,
+                      krb5_cc_cursor *cursor)
+{
+    return cache->ops->get_first(context, cache, cursor);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_next_cred(krb5_context context, krb5_ccache cache,
+                  krb5_cc_cursor *cursor, krb5_creds *creds)
+{
+    return cache->ops->get_next(context, cache, cursor, creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache,
+                    krb5_cc_cursor *cursor)
+{
+    return cache->ops->end_get(context, cache, cursor);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
+                    krb5_creds *creds)
+{
+    TRACE_CC_REMOVE(context, cache, creds);
+    return cache->ops->remove_cred(context, cache, flags, creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)
+{
+    return cache->ops->set_flags(context, cache, flags);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags)
+{
+    return cache->ops->get_flags(context, cache, flags);
+}
+
+const char * KRB5_CALLCONV
+krb5_cc_get_type(krb5_context context, krb5_ccache cache)
+{
+    return cache->ops->prefix;
+}
+
+krb5_error_code
+k5_cc_lock(krb5_context context, krb5_ccache ccache)
+{
+    return ccache->ops->lock(context, ccache);
+}
+
+krb5_error_code
+k5_cc_unlock(krb5_context context, krb5_ccache ccache)
+{
+    return ccache->ops->unlock(context, ccache);
+}
+
+static const char conf_realm[] = "X-CACHECONF:";
+static const char conf_name[] = "krb5_ccache_conf_data";
+
+krb5_error_code
+k5_build_conf_principals(krb5_context context, krb5_ccache id,
+                         krb5_const_principal principal,
+                         const char *name, krb5_creds *cred)
+{
+    krb5_principal client;
+    krb5_error_code ret;
+    char *pname = NULL;
+
+    memset(cred, 0, sizeof(*cred));
+
+    ret = krb5_cc_get_principal(context, id, &client);
+    if (ret)
+        return ret;
+
+    if (principal) {
+        ret = krb5_unparse_name(context, principal, &pname);
+        if (ret)
+            return ret;
+    }
+
+    ret = krb5_build_principal(context, &cred->server,
+                               sizeof(conf_realm) - 1, conf_realm,
+                               conf_name, name, pname, (char *)NULL);
+    krb5_free_unparsed_name(context, pname);
+    if (ret) {
+        krb5_free_principal(context, client);
+        return ret;
+    }
+    ret = krb5_copy_principal(context, client, &cred->client);
+    krb5_free_principal(context, client);
+    return ret;
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_is_config_principal(krb5_context context,
+                         krb5_const_principal principal)
+{
+    const krb5_data *realm = &principal->realm;
+
+    if (realm->length != sizeof(conf_realm) - 1 ||
+        memcmp(realm->data, conf_realm, sizeof(conf_realm) - 1) != 0)
+        return FALSE;
+
+    if (principal->length == 0 ||
+        principal->data[0].length != (sizeof(conf_name) - 1) ||
+        memcmp(principal->data[0].data, conf_name, sizeof(conf_name) - 1) != 0)
+        return FALSE;
+
+    return TRUE;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_config(krb5_context context, krb5_ccache id,
+                   krb5_const_principal principal,
+                   const char *key, krb5_data *data)
+{
+    krb5_error_code ret;
+    krb5_creds cred;
+    memset(&cred, 0, sizeof(cred));
+
+    TRACE_CC_SET_CONFIG(context, id, principal, key, data);
+
+    ret = k5_build_conf_principals(context, id, principal, key, &cred);
+    if (ret)
+        goto out;
+
+    if (data == NULL) {
+        ret = krb5_cc_remove_cred(context, id, 0, &cred);
+    } else {
+        ret = krb5int_copy_data_contents(context, data, &cred.ticket);
+        if (ret)
+            goto out;
+        ret = krb5_cc_store_cred(context, id, &cred);
+    }
+out:
+    krb5_free_cred_contents(context, &cred);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_config(krb5_context context, krb5_ccache id,
+                   krb5_const_principal principal,
+                   const char *key, krb5_data *data)
+{
+    krb5_creds mcred, cred;
+    krb5_error_code ret;
+
+    memset(&cred, 0, sizeof(cred));
+    memset(data, 0, sizeof(*data));
+
+    ret = k5_build_conf_principals(context, id, principal, key, &mcred);
+    if (ret)
+        goto out;
+
+    ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
+    if (ret)
+        goto out;
+
+    ret = krb5int_copy_data_contents(context, &cred.ticket, data);
+    if (ret)
+        goto out;
+
+    TRACE_CC_GET_CONFIG(context, id, principal, key, data);
+
+out:
+    krb5_free_cred_contents(context, &cred);
+    krb5_free_cred_contents(context, &mcred);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_switch(krb5_context context, krb5_ccache cache)
+{
+    if (cache->ops->switch_to == NULL)
+        return 0;
+    return cache->ops->switch_to(context, cache);
+}
+
+krb5_error_code
+k5_cc_store_primary_cred(krb5_context context, krb5_ccache cache,
+                         krb5_creds *creds)
+{
+    krb5_error_code ret;
+
+    /* Write a start realm if we're writing a TGT and the client realm isn't
+     * the same as the TGS realm. */
+    if (IS_TGS_PRINC(creds->server) &&
+        !data_eq(creds->client->realm, creds->server->data[1])) {
+        ret = krb5_cc_set_config(context, cache, NULL,
+                                 KRB5_CC_CONF_START_REALM,
+                                 &creds->server->data[1]);
+        if (ret)
+            return ret;
+    }
+
+    return krb5_cc_store_cred(context, cache, creds);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c b/krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c
new file mode 100644
index 00000000..ab284e72
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c
@@ -0,0 +1,570 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccmarshal.c - Functions for serializing creds */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements marshalling and unmarshalling of krb5 credentials and
+ * principals in versions 1 through 4 of the FILE ccache format.  Version 4 is
+ * also used for the KEYRING ccache type.
+ *
+ * The FILE credential cache format uses fixed 16-bit or 32-bit representations
+ * of integers.  In versions 1 and 2 these are in host byte order; in later
+ * versions they are in big-endian byte order.  Variable-length fields are
+ * represented with a 32-bit length followed by the field value.  There is no
+ * type tagging; field representations are simply concatenated together.
+ *
+ * A psuedo-BNF grammar for the credential and principal formats is:
+ *
+ * credential ::=
+ *   client (principal)
+ *   server (principal)
+ *   keyblock (keyblock)
+ *   authtime (32 bits)
+ *   starttime (32 bits)
+ *   endtime (32 bits)
+ *   renew_till (32 bits)
+ *   is_skey (1 byte, 0 or 1)
+ *   ticket_flags (32 bits)
+ *   addresses (addresses)
+ *   authdata (authdata)
+ *   ticket (data)
+ *   second_ticket (data)
+ *
+ * principal ::=
+ *   name type (32 bits) [omitted in version 1]
+ *   count of components (32 bits) [includes realm in version 1]
+ *   realm (data)
+ *   component1 (data)
+ *   component2 (data)
+ *   ...
+ *
+ * keyblock ::=
+ *   enctype (16 bits) [repeated twice in version 3; see below]
+ *   data
+ *
+ * addresses ::=
+ *   count (32 bits)
+ *   address1
+ *   address2
+ *   ...
+ *
+ * address ::=
+ *   addrtype (16 bits)
+ *   data
+ *
+ * authdata ::=
+ *   count (32 bits)
+ *   authdata1
+ *   authdata2
+ *   ...
+ *
+ * authdata ::=
+ *   ad_type (16 bits)
+ *   data
+ *
+ * data ::=
+ *   length (32 bits)
+ *   value (length bytes)
+ *
+ * When version 3 was current (before release 1.0), the keyblock had separate
+ * key type and enctype fields, and both were recorded.  At present we record
+ * the enctype field twice when writing the version 3 format and ignore the
+ * second value when reading it.
+ */
+
+#include "cc-int.h"
+#include "k5-input.h"
+
+/* Read a 16-bit integer in host byte order for versions 1 and 2, or in
+ * big-endian byte order for later versions.*/
+static uint16_t
+get16(struct k5input *in, int version)
+{
+    return (version < 3) ? k5_input_get_uint16_n(in) :
+        k5_input_get_uint16_be(in);
+}
+
+/* Read a 32-bit integer in host byte order for versions 1 and 2, or in
+ * big-endian byte order for later versions.*/
+static uint32_t
+get32(struct k5input *in, int version)
+{
+    return (version < 3) ? k5_input_get_uint32_n(in) :
+        k5_input_get_uint32_be(in);
+}
+
+/* Read a 32-bit length and make a copy of that many bytes.  Return NULL on
+ * error. */
+static void *
+get_len_bytes(struct k5input *in, int version, unsigned int *len_out)
+{
+    krb5_error_code ret;
+    unsigned int len = get32(in, version);
+    const void *bytes = k5_input_get_bytes(in, len);
+    void *copy;
+
+    *len_out = 0;
+    if (bytes == NULL)
+        return NULL;
+    copy = k5memdup0(bytes, len, &ret);
+    if (copy == NULL) {
+        k5_input_set_status(in, ret);
+        return NULL;
+    }
+    *len_out = len;
+    return copy;
+}
+
+/* Like get_len_bytes, but put the result in data. */
+static void
+get_data(struct k5input *in, int version, krb5_data *data)
+{
+    unsigned int len;
+    void *bytes = get_len_bytes(in, version, &len);
+
+    *data = (bytes == NULL) ? empty_data() : make_data(bytes, len);
+}
+
+static krb5_principal
+unmarshal_princ(struct k5input *in, int version)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    uint32_t i, ncomps;
+
+    princ = k5alloc(sizeof(krb5_principal_data), &ret);
+    if (princ == NULL) {
+        k5_input_set_status(in, ret);
+        return NULL;
+    }
+    princ->magic = KV5M_PRINCIPAL;
+    /* Version 1 does not store the principal name type, and counts the realm
+     * in the number of components. */
+    princ->type = (version == 1) ? KRB5_NT_UNKNOWN : get32(in, version);
+    ncomps = get32(in, version);
+    if (version == 1)
+        ncomps--;
+    if (ncomps > in->len) {     /* Sanity check to avoid large allocations */
+        ret = EINVAL;
+        goto error;
+    }
+    if (ncomps != 0) {
+        princ->data = k5calloc(ncomps, sizeof(krb5_data), &ret);
+        if (princ->data == NULL)
+            goto error;
+        princ->length = ncomps;
+    }
+    get_data(in, version, &princ->realm);
+    for (i = 0; i < ncomps; i++)
+        get_data(in, version, &princ->data[i]);
+    return princ;
+
+error:
+    k5_input_set_status(in, ret);
+    krb5_free_principal(NULL, princ);
+    return NULL;
+}
+
+static void
+unmarshal_keyblock(struct k5input *in, int version, krb5_keyblock *kb)
+{
+    memset(kb, 0, sizeof(*kb));
+    kb->magic = KV5M_KEYBLOCK;
+    /* enctypes can be negative, so sign-extend the 16-bit result. */
+    kb->enctype = (int16_t)get16(in, version);
+    /* Version 3 stores the enctype twice. */
+    if (version == 3)
+        (void)get16(in, version);
+    kb->contents = get_len_bytes(in, version, &kb->length);
+}
+
+static krb5_address *
+unmarshal_addr(struct k5input *in, int version)
+{
+    krb5_address *addr;
+
+    addr = calloc(1, sizeof(*addr));
+    if (addr == NULL) {
+        k5_input_set_status(in, ENOMEM);
+        return NULL;
+    }
+    addr->magic = KV5M_ADDRESS;
+    addr->addrtype = get16(in, version);
+    addr->contents = get_len_bytes(in, version, &addr->length);
+    return addr;
+}
+
+static krb5_address **
+unmarshal_addrs(struct k5input *in, int version)
+{
+    krb5_address **addrs;
+    size_t i, count;
+
+    count = get32(in, version);
+    if (count > in->len) {      /* Sanity check to avoid large allocations */
+        k5_input_set_status(in, EINVAL);
+        return NULL;
+    }
+    addrs = calloc(count + 1, sizeof(*addrs));
+    if (addrs == NULL) {
+        k5_input_set_status(in, ENOMEM);
+        return NULL;
+    }
+    for (i = 0; i < count; i++)
+        addrs[i] = unmarshal_addr(in, version);
+    return addrs;
+}
+
+static krb5_authdata *
+unmarshal_authdatum(struct k5input *in, int version)
+{
+    krb5_authdata *ad;
+
+    ad = calloc(1, sizeof(*ad));
+    if (ad == NULL) {
+        k5_input_set_status(in, ENOMEM);
+        return NULL;
+    }
+    ad->magic = KV5M_ADDRESS;
+    /* Authdata types can be negative, so sign-extend the get16 result. */
+    ad->ad_type = (int16_t)get16(in, version);
+    ad->contents = get_len_bytes(in, version, &ad->length);
+    return ad;
+}
+
+static krb5_authdata **
+unmarshal_authdata(struct k5input *in, int version)
+{
+    krb5_authdata **authdata;
+    size_t i, count;
+
+    count = get32(in, version);
+    if (count > in->len) {      /* Sanity check to avoid large allocations */
+        k5_input_set_status(in, EINVAL);
+        return NULL;
+    }
+    authdata = calloc(count + 1, sizeof(*authdata));
+    if (authdata == NULL) {
+        k5_input_set_status(in, ENOMEM);
+        return NULL;
+    }
+    for (i = 0; i < count; i++)
+        authdata[i] = unmarshal_authdatum(in, version);
+    return authdata;
+}
+
+/* Unmarshal a credential using the specified file ccache version (expressed as
+ * an integer from 1 to 4).  Does not check for trailing garbage. */
+krb5_error_code
+k5_unmarshal_cred(const unsigned char *data, size_t len, int version,
+                  krb5_creds *creds)
+{
+    struct k5input in;
+
+    k5_input_init(&in, data, len);
+    creds->client = unmarshal_princ(&in, version);
+    creds->server = unmarshal_princ(&in, version);
+    unmarshal_keyblock(&in, version, &creds->keyblock);
+    creds->times.authtime = get32(&in, version);
+    creds->times.starttime = get32(&in, version);
+    creds->times.endtime = get32(&in, version);
+    creds->times.renew_till = get32(&in, version);
+    creds->is_skey = k5_input_get_byte(&in);
+    creds->ticket_flags = get32(&in, version);
+    creds->addresses = unmarshal_addrs(&in, version);
+    creds->authdata = unmarshal_authdata(&in, version);
+    get_data(&in, version, &creds->ticket);
+    get_data(&in, version, &creds->second_ticket);
+    if (in.status) {
+        krb5_free_cred_contents(NULL, creds);
+        memset(creds, 0, sizeof(*creds));
+    }
+    return (in.status == EINVAL) ? KRB5_CC_FORMAT : in.status;
+}
+
+/* Unmarshal a principal using the specified file ccache version (expressed as
+ * an integer from 1 to 4).  Does not check for trailing garbage. */
+krb5_error_code
+k5_unmarshal_princ(const unsigned char *data, size_t len, int version,
+                   krb5_principal *princ_out)
+{
+    struct k5input in;
+    krb5_principal princ;
+
+    *princ_out = NULL;
+    k5_input_init(&in, data, len);
+    princ = unmarshal_princ(&in, version);
+    if (in.status)
+        krb5_free_principal(NULL, princ);
+    else
+        *princ_out = princ;
+    return (in.status == EINVAL) ? KRB5_CC_FORMAT : in.status;
+}
+
+/* Store a 16-bit integer in host byte order for versions 1 and 2, or in
+ * big-endian byte order for later versions.*/
+static void
+put16(struct k5buf *buf, int version, uint16_t num)
+{
+    char n[2];
+
+    if (version < 3)
+        store_16_n(num, n);
+    else
+        store_16_be(num, n);
+    k5_buf_add_len(buf, n, 2);
+}
+
+/* Store a 32-bit integer in host byte order for versions 1 and 2, or in
+ * big-endian byte order for later versions.*/
+static void
+put32(struct k5buf *buf, int version, uint32_t num)
+{
+    char n[4];
+
+    if (version < 3)
+        store_32_n(num, n);
+    else
+        store_32_be(num, n);
+    k5_buf_add_len(buf, n, 4);
+}
+
+static void
+put_len_bytes(struct k5buf *buf, int version, const void *bytes,
+              unsigned int len)
+{
+    put32(buf, version, len);
+    k5_buf_add_len(buf, bytes, len);
+}
+
+static void
+put_data(struct k5buf *buf, int version, krb5_data *data)
+{
+    put_len_bytes(buf, version, data->data, data->length);
+}
+
+void
+k5_marshal_princ(struct k5buf *buf, int version, krb5_principal princ)
+{
+    int32_t i, ncomps;
+
+    /* Version 1 does not store the principal name type, and counts the realm
+     * in the number of components. */
+    if (version != 1)
+        put32(buf, version, princ->type);
+    ncomps = princ->length + ((version == 1) ? 1 : 0);
+    put32(buf, version, ncomps);
+    put_data(buf, version, &princ->realm);
+    for (i = 0; i < princ->length; i++)
+        put_data(buf, version, &princ->data[i]);
+}
+
+static void
+marshal_keyblock(struct k5buf *buf, int version, krb5_keyblock *kb)
+{
+    put16(buf, version, kb->enctype);
+    /* Version 3 stores the enctype twice. */
+    if (version == 3)
+        put16(buf, version, kb->enctype);
+    put_len_bytes(buf, version, kb->contents, kb->length);
+}
+
+static void
+marshal_addrs(struct k5buf *buf, int version, krb5_address **addrs)
+{
+    size_t i, count;
+
+    for (count = 0; addrs != NULL && addrs[count] != NULL; count++);
+    put32(buf, version, count);
+    for (i = 0; i < count; i++) {
+        put16(buf, version, addrs[i]->addrtype);
+        put_len_bytes(buf, version, addrs[i]->contents, addrs[i]->length);
+    }
+}
+
+static void
+marshal_authdata(struct k5buf *buf, int version, krb5_authdata **authdata)
+{
+    size_t i, count;
+
+    for (count = 0; authdata != NULL && authdata[count] != NULL; count++);
+    put32(buf, version, count);
+    for (i = 0; i < count; i++) {
+        put16(buf, version, authdata[i]->ad_type);
+        put_len_bytes(buf, version, authdata[i]->contents,
+                      authdata[i]->length);
+    }
+}
+
+/* Marshal a credential using the specified file ccache version (expressed as
+ * an integer from 1 to 4). */
+void
+k5_marshal_cred(struct k5buf *buf, int version, krb5_creds *creds)
+{
+    char is_skey;
+
+    k5_marshal_princ(buf, version, creds->client);
+    k5_marshal_princ(buf, version, creds->server);
+    marshal_keyblock(buf, version, &creds->keyblock);
+    put32(buf, version, creds->times.authtime);
+    put32(buf, version, creds->times.starttime);
+    put32(buf, version, creds->times.endtime);
+    put32(buf, version, creds->times.renew_till);
+    is_skey = creds->is_skey;
+    k5_buf_add_len(buf, &is_skey, 1);
+    put32(buf, version, creds->ticket_flags);
+    marshal_addrs(buf, version, creds->addresses);
+    marshal_authdata(buf, version, creds->authdata);
+    put_data(buf, version, &creds->ticket);
+    put_data(buf, version, &creds->second_ticket);
+}
+
+#define SC_CLIENT_PRINCIPAL  0x0001
+#define SC_SERVER_PRINCIPAL  0x0002
+#define SC_SESSION_KEY       0x0004
+#define SC_TICKET            0x0008
+#define SC_SECOND_TICKET     0x0010
+#define SC_AUTHDATA          0x0020
+#define SC_ADDRESSES         0x0040
+
+/* Construct the header flags field for a matching credential for the Heimdal
+ * KCM format. */
+static uint32_t
+mcred_header(krb5_creds *mcred)
+{
+    uint32_t header = 0;
+
+    if (mcred->client != NULL)
+        header |= SC_CLIENT_PRINCIPAL;
+    if (mcred->server != NULL)
+        header |= SC_SERVER_PRINCIPAL;
+    if (mcred->keyblock.enctype != ENCTYPE_NULL)
+        header |= SC_SESSION_KEY;
+    if (mcred->ticket.length > 0)
+        header |= SC_TICKET;
+    if (mcred->second_ticket.length > 0)
+        header |= SC_SECOND_TICKET;
+    if (mcred->authdata != NULL && *mcred->authdata != NULL)
+        header |= SC_AUTHDATA;
+    if (mcred->addresses != NULL && *mcred->addresses != NULL)
+        header |= SC_ADDRESSES;
+    return header;
+}
+
+/*
+ * Marshal a matching credential in the Heimdal KCM format.  Matching
+ * credentials are used to identify an existing credential to retrieve or
+ * remove from a cache.
+ */
+void
+k5_marshal_mcred(struct k5buf *buf, krb5_creds *mcred)
+{
+    const int version = 4;      /* subfields use v4 file format */
+    uint32_t header;
+    char is_skey;
+
+    header = mcred_header(mcred);
+    put32(buf, version, header);
+    if (mcred->client != NULL)
+        k5_marshal_princ(buf, version, mcred->client);
+    if (mcred->server != NULL)
+        k5_marshal_princ(buf, version, mcred->server);
+    if (mcred->keyblock.enctype != ENCTYPE_NULL)
+        marshal_keyblock(buf, version, &mcred->keyblock);
+    put32(buf, version, mcred->times.authtime);
+    put32(buf, version, mcred->times.starttime);
+    put32(buf, version, mcred->times.endtime);
+    put32(buf, version, mcred->times.renew_till);
+    is_skey = mcred->is_skey;
+    k5_buf_add_len(buf, &is_skey, 1);
+    put32(buf, version, mcred->ticket_flags);
+    if (mcred->addresses != NULL && *mcred->addresses != NULL)
+        marshal_addrs(buf, version, mcred->addresses);
+    if (mcred->authdata != NULL && *mcred->authdata != NULL)
+        marshal_authdata(buf, version, mcred->authdata);
+    if (mcred->ticket.length > 0)
+        put_data(buf, version, &mcred->ticket);
+    if (mcred->second_ticket.length > 0)
+        put_data(buf, version, &mcred->second_ticket);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_marshal_credentials(krb5_context context, krb5_creds *in_creds,
+                         krb5_data **data_out)
+{
+    krb5_error_code ret;
+    krb5_data *data;
+    struct k5buf buf;
+
+    *data_out = NULL;
+
+    data = k5alloc(sizeof(krb5_data), &ret);
+    if (ret)
+        return ret;
+
+    k5_buf_init_dynamic(&buf);
+    k5_marshal_cred(&buf, 4, in_creds);
+
+    ret = k5_buf_status(&buf);
+    if (ret) {
+        free(data);
+        return ret;
+    }
+
+    /* Steal payload from buf. */
+    *data = make_data(buf.data, buf.len);
+    *data_out = data;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_unmarshal_credentials(krb5_context context, const krb5_data *data,
+                           krb5_creds **creds_out)
+{
+    krb5_error_code ret;
+    krb5_creds *creds;
+
+    *creds_out = NULL;
+
+    creds = k5alloc(sizeof(krb5_creds), &ret);
+    if (ret)
+        return ret;
+
+    ret = k5_unmarshal_cred((unsigned char *)data->data, data->length, 4,
+                            creds);
+    if (ret) {
+        free(creds);
+        return ret;
+    }
+
+    *creds_out = creds;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccselect.c b/krb5-1.21.3/src/lib/krb5/ccache/ccselect.c
new file mode 100644
index 00000000..dee4c461
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccselect.c
@@ -0,0 +1,204 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccselect.c - krb5_cc_select API and module loader */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include <krb5/ccselect_plugin.h>
+#include "../krb/int-proto.h"
+
+struct ccselect_module_handle {
+    struct krb5_ccselect_vtable_st vt;
+    krb5_ccselect_moddata data;
+    int priority;
+};
+
+static void
+free_handles(krb5_context context, struct ccselect_module_handle **handles)
+{
+    struct ccselect_module_handle *h, **hp;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.fini)
+            h->vt.fini(context, h->data);
+        free(h);
+    }
+    free(handles);
+}
+
+static krb5_error_code
+load_modules(krb5_context context)
+{
+    krb5_error_code ret;
+    struct ccselect_module_handle **list = NULL, *handle;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    size_t count;
+
+#ifndef _WIN32
+    ret = k5_plugin_register(context, PLUGIN_INTERFACE_CCSELECT, "k5identity",
+                             ccselect_k5identity_initvt);
+    if (ret != 0)
+        goto cleanup;
+#endif
+
+    ret = k5_plugin_register(context, PLUGIN_INTERFACE_CCSELECT, "realm",
+                             ccselect_realm_initvt);
+    if (ret != 0)
+        goto cleanup;
+
+    ret = k5_plugin_register(context, PLUGIN_INTERFACE_CCSELECT, "hostname",
+                             ccselect_hostname_initvt);
+    if (ret != 0)
+        goto cleanup;
+
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_CCSELECT, &modules);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* Initialize each module, ignoring ones that fail. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        handle = k5alloc(sizeof(*handle), &ret);
+        if (handle == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
+        if (ret != 0) {         /* Failed vtable init is non-fatal. */
+            TRACE_CCSELECT_VTINIT_FAIL(context, ret);
+            free(handle);
+            continue;
+        }
+        handle->data = NULL;
+        ret = handle->vt.init(context, &handle->data, &handle->priority);
+        if (ret != 0) {         /* Failed initialization is non-fatal. */
+            TRACE_CCSELECT_INIT_FAIL(context, handle->vt.name, ret);
+            free(handle);
+            continue;
+        }
+        list[count++] = handle;
+        list[count] = NULL;
+    }
+    list[count] = NULL;
+
+    ret = 0;
+    context->ccselect_handles = list;
+    list = NULL;
+
+cleanup:
+    k5_plugin_free_modules(context, modules);
+    free_handles(context, list);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_select(krb5_context context, krb5_principal server,
+               krb5_ccache *cache_out, krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    int priority;
+    struct ccselect_module_handle **hp, *h;
+    krb5_ccache cache;
+    krb5_principal princ;
+    krb5_principal srvcp = NULL;
+    char **fbrealms = NULL;
+
+    *cache_out = NULL;
+    *princ_out = NULL;
+
+    if (context->ccselect_handles == NULL) {
+        ret = load_modules(context);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Try to use the fallback host realm for the server if there is no
+     * authoritative realm. */
+    if (krb5_is_referral_realm(&server->realm) &&
+        server->type == KRB5_NT_SRV_HST && server->length == 2) {
+        ret = krb5_get_fallback_host_realm(context, &server->data[1],
+                                           &fbrealms);
+        /* Continue without realm if we failed due to no default realm. */
+        if (ret && ret != KRB5_CONFIG_NODEFREALM)
+            goto cleanup;
+        if (!ret) {
+            /* Make a copy with the first fallback realm. */
+            ret = krb5_copy_principal(context, server, &srvcp);
+            if (ret)
+                goto cleanup;
+            ret = krb5_set_principal_realm(context, srvcp, fbrealms[0]);
+            if (ret)
+                goto cleanup;
+            server = srvcp;
+        }
+    }
+
+    /* Consult authoritative modules first, then heuristic ones. */
+    for (priority = KRB5_CCSELECT_PRIORITY_AUTHORITATIVE;
+         priority >= KRB5_CCSELECT_PRIORITY_HEURISTIC; priority--) {
+        for (hp = context->ccselect_handles; *hp != NULL; hp++) {
+            h = *hp;
+            if (h->priority != priority)
+                continue;
+            ret = h->vt.choose(context, h->data, server, &cache, &princ);
+            if (ret == 0) {
+                TRACE_CCSELECT_MODCHOICE(context, h->vt.name, server, cache,
+                                         princ);
+                *cache_out = cache;
+                *princ_out = princ;
+                goto cleanup;
+            } else if (ret == KRB5_CC_NOTFOUND) {
+                TRACE_CCSELECT_MODNOTFOUND(context, h->vt.name, server, princ);
+                *princ_out = princ;
+                goto cleanup;
+            } else if (ret != KRB5_PLUGIN_NO_HANDLE) {
+                TRACE_CCSELECT_MODFAIL(context, h->vt.name, ret, server);
+                goto cleanup;
+            }
+        }
+    }
+
+    TRACE_CCSELECT_NOTFOUND(context, server);
+    ret = KRB5_CC_NOTFOUND;
+
+cleanup:
+    krb5_free_principal(context, srvcp);
+    krb5_free_host_realm(context, fbrealms);
+    return ret;
+}
+
+void
+k5_ccselect_free_context(krb5_context context)
+{
+    free_handles(context, context->ccselect_handles);
+    context->ccselect_handles = NULL;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c b/krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c
new file mode 100644
index 00000000..475cfaba
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c
@@ -0,0 +1,146 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccselect_hostname.c - hostname ccselect module */
+/*
+ * Copyright (C) 2017 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include <ctype.h>
+#include <krb5/ccselect_plugin.h>
+
+/* Swap a and b, using tmp as an intermediate. */
+#define SWAP(a, b, tmp)                         \
+    tmp = a;                                    \
+    a = b;                                      \
+    b = tmp;
+
+static krb5_error_code
+hostname_init(krb5_context context, krb5_ccselect_moddata *data_out,
+              int *priority_out)
+{
+    *data_out = NULL;
+    *priority_out = KRB5_CCSELECT_PRIORITY_HEURISTIC;
+    return 0;
+}
+
+static krb5_error_code
+hostname_choose(krb5_context context, krb5_ccselect_moddata data,
+                krb5_principal server, krb5_ccache *ccache_out,
+                krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    char *p, *host = NULL;
+    size_t hostlen;
+    krb5_cccol_cursor col_cursor;
+    krb5_ccache ccache, tmp_ccache, best_ccache = NULL;
+    krb5_principal princ, tmp_princ, best_princ = NULL;
+    krb5_data domain;
+
+    *ccache_out = NULL;
+    *princ_out = NULL;
+
+    if (server->type != KRB5_NT_SRV_HST || server->length < 2)
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Compute upper-case hostname. */
+    hostlen = server->data[1].length;
+    host = k5memdup0(server->data[1].data, hostlen, &ret);
+    if (host == NULL)
+        return ret;
+    for (p = host; *p != '\0'; p++) {
+        if (islower(*p))
+            *p = toupper(*p);
+    }
+
+    /* Scan the collection for a cache with a client principal whose realm is
+     * the longest tail of the server hostname. */
+    ret = krb5_cccol_cursor_new(context, &col_cursor);
+    if (ret)
+        goto done;
+
+    for (ret = krb5_cccol_cursor_next(context, col_cursor, &ccache);
+         ret == 0 && ccache != NULL;
+         ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {
+        ret = krb5_cc_get_principal(context, ccache, &princ);
+        if (ret) {
+            krb5_cc_close(context, ccache);
+            break;
+        }
+
+        /* Check for a longer match than we have. */
+        domain = make_data(host, hostlen);
+        while (best_princ == NULL ||
+               best_princ->realm.length < domain.length) {
+            if (data_eq(princ->realm, domain)) {
+                SWAP(best_ccache, ccache, tmp_ccache);
+                SWAP(best_princ, princ, tmp_princ);
+                break;
+            }
+
+            /* Try the next parent domain. */
+            p = memchr(domain.data, '.', domain.length);
+            if (p == NULL)
+                break;
+            domain = make_data(p + 1, hostlen - (p + 1 - host));
+        }
+
+        if (ccache != NULL)
+            krb5_cc_close(context, ccache);
+        krb5_free_principal(context, princ);
+    }
+
+    krb5_cccol_cursor_free(context, &col_cursor);
+
+    if (best_ccache != NULL) {
+        *ccache_out = best_ccache;
+        *princ_out = best_princ;
+    } else {
+        ret = KRB5_PLUGIN_NO_HANDLE;
+    }
+
+done:
+    free(host);
+    return ret;
+}
+
+krb5_error_code
+ccselect_hostname_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_ccselect_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_ccselect_vtable)vtable;
+    vt->name = "hostname";
+    vt->init = hostname_init;
+    vt->choose = hostname_choose;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c b/krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c
new file mode 100644
index 00000000..b2dbf8a0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c
@@ -0,0 +1,210 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccselect_k5identity.c - k5identity ccselect module */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include <krb5/ccselect_plugin.h>
+#include <ctype.h>
+
+#ifndef _WIN32
+
+#include <pwd.h>
+
+static krb5_error_code
+k5identity_init(krb5_context context, krb5_ccselect_moddata *data_out,
+                int *priority_out)
+{
+    *data_out = NULL;
+    *priority_out = KRB5_CCSELECT_PRIORITY_AUTHORITATIVE;
+    return 0;
+}
+
+/* Match data (folded to lowercase if fold_case is set) against pattern. */
+static krb5_boolean
+fnmatch_data(const char *pattern, krb5_data *data, krb5_boolean fold_case)
+{
+    krb5_error_code ret;
+    char *str, *p;
+    int res;
+
+    str = k5memdup0(data->data, data->length, &ret);
+    if (str == NULL)
+        return FALSE;
+
+    if (fold_case) {
+        for (p = str; *p != '\0'; p++) {
+            if (isupper((unsigned char)*p))
+                *p = tolower((unsigned char)*p);
+        }
+    }
+
+    res = fnmatch(pattern, str, 0);
+    free(str);
+    return (res == 0);
+}
+
+/* Return true if server satisfies the constraint given by name and value. */
+static krb5_boolean
+check_constraint(krb5_context context, const char *name, const char *value,
+                 krb5_principal server)
+{
+    if (strcmp(name, "realm") == 0) {
+        return fnmatch_data(value, &server->realm, FALSE);
+    } else if (strcmp(name, "service") == 0) {
+        return (server->type == KRB5_NT_SRV_HST && server->length >= 2 &&
+                fnmatch_data(value, &server->data[0], FALSE));
+    } else if (strcmp(name, "host") == 0) {
+        return (server->type == KRB5_NT_SRV_HST && server->length >= 2 &&
+                fnmatch_data(value, &server->data[1], TRUE));
+    }
+    /* Assume unrecognized constraints are critical. */
+    return FALSE;
+}
+
+/*
+ * If line begins with a valid principal and server matches the constraints
+ * listed afterwards, set *princ_out to the client principal described in line
+ * and return true.  Otherwise return false.  May destructively affect line.
+ */
+static krb5_boolean
+parse_line(krb5_context context, char *line, krb5_principal server,
+           krb5_principal *princ_out)
+{
+    const char *whitespace = " \t\r\n";
+    char *princ, *princ_end, *field, *field_end, *sep;
+
+    *princ_out = NULL;
+
+    /* Find the bounds of the principal. */
+    princ = line + strspn(line, whitespace);
+    if (*princ == '#')
+        return FALSE;
+    princ_end = princ + strcspn(princ, whitespace);
+    if (princ_end == princ)
+        return FALSE;
+
+    /* Check all constraints. */
+    field = princ_end + strspn(princ_end, whitespace);
+    while (*field != '\0') {
+        field_end = field + strcspn(field, whitespace);
+        if (*field_end != '\0')
+            *field_end++ = '\0';
+        sep = strchr(field, '=');
+        if (sep == NULL)        /* Malformed line. */
+            return FALSE;
+        *sep = '\0';
+        if (!check_constraint(context, field, sep + 1, server))
+            return FALSE;
+        field = field_end + strspn(field_end, whitespace);
+    }
+
+    *princ_end = '\0';
+    return (krb5_parse_name(context, princ, princ_out) == 0);
+}
+
+/* Determine the current user's homedir.  Allow HOME to override the result for
+ * non-secure profiles; otherwise, use the euid's homedir from passwd. */
+static char *
+get_homedir(krb5_context context)
+{
+    const char *homedir = NULL;
+    char pwbuf[BUFSIZ];
+    struct passwd pwx, *pwd;
+
+    if (!context->profile_secure)
+        homedir = secure_getenv("HOME");
+
+    if (homedir == NULL) {
+        if (k5_getpwuid_r(geteuid(), &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
+            return NULL;
+        homedir = pwd->pw_dir;
+    }
+
+    return strdup(homedir);
+}
+
+static krb5_error_code
+k5identity_choose(krb5_context context, krb5_ccselect_moddata data,
+                  krb5_principal server, krb5_ccache *cache_out,
+                  krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    krb5_principal princ = NULL;
+    char *filename, *homedir;
+    FILE *fp;
+    char buf[256];
+
+    *cache_out = NULL;
+    *princ_out = NULL;
+
+    /* Open the .k5identity file. */
+    homedir = get_homedir(context);
+    if (homedir == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    ret = k5_path_join(homedir, ".k5identity", &filename);
+    free(homedir);
+    if (ret)
+        return ret;
+    fp = fopen(filename, "r");
+    free(filename);
+    if (fp == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Look for a line with constraints matched by server. */
+    while (fgets(buf, sizeof(buf), fp) != NULL) {
+        if (parse_line(context, buf, server, &princ))
+            break;
+    }
+    fclose(fp);
+    if (princ == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Look for a ccache with the appropriate client principal.  If we don't
+     * find out, set *princ_out to indicate the desired client principal. */
+    ret = krb5_cc_cache_match(context, princ, cache_out);
+    if (ret == 0 || ret == KRB5_CC_NOTFOUND)
+        *princ_out = princ;
+    else
+        krb5_free_principal(context, princ);
+    return ret;
+}
+
+krb5_error_code
+ccselect_k5identity_initvt(krb5_context context, int maj_ver, int min_ver,
+                           krb5_plugin_vtable vtable)
+{
+    krb5_ccselect_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_ccselect_vtable)vtable;
+    vt->name = "k5identity";
+    vt->init = k5identity_init;
+    vt->choose = k5identity_choose;
+    return 0;
+}
+
+#endif /* not _WIN32 */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/ccselect_realm.c b/krb5-1.21.3/src/lib/krb5/ccache/ccselect_realm.c
new file mode 100644
index 00000000..3a4b4af1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/ccselect_realm.c
@@ -0,0 +1,95 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/ccselect_realm.c - realm ccselect module */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include <krb5/ccselect_plugin.h>
+
+static krb5_error_code
+realm_init(krb5_context context, krb5_ccselect_moddata *data_out,
+           int *priority_out)
+{
+    *data_out = NULL;
+    *priority_out = KRB5_CCSELECT_PRIORITY_HEURISTIC;
+    return 0;
+}
+
+static krb5_error_code
+realm_choose(krb5_context context, krb5_ccselect_moddata data,
+             krb5_principal server, krb5_ccache *cache_out,
+             krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    krb5_cccol_cursor cursor;
+    krb5_ccache cache;
+    krb5_principal princ;
+
+    *cache_out = NULL;
+    *princ_out = NULL;
+
+    if (krb5_is_referral_realm(&server->realm))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Scan the collection for a cache with a client principal in the same
+     * realm as the server principal. */
+    ret = krb5_cccol_cursor_new(context, &cursor);
+    if (ret)
+        return ret;
+    while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
+           cache != NULL) {
+        ret = krb5_cc_get_principal(context, cache, &princ);
+        if (ret == 0) {
+            if (data_eq(princ->realm, server->realm))
+                break;
+            krb5_free_principal(context, princ);
+        }
+        krb5_cc_close(context, cache);
+    }
+    krb5_cccol_cursor_free(context, &cursor);
+    if (ret)
+        return ret;
+
+    if (cache == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    *cache_out = cache;
+    *princ_out = princ;
+    return 0;
+}
+
+krb5_error_code
+ccselect_realm_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_ccselect_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_ccselect_vtable)vtable;
+    vt->name = "realm";
+    vt->init = realm_init;
+    vt->choose = realm_choose;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/deps b/krb5-1.21.3/src/lib/krb5/ccache/deps
new file mode 100644
index 00000000..6429e928
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/deps
@@ -0,0 +1,249 @@
+#
+# Generated makefile dependencies follow.
+#
+ccapi_util.so ccapi_util.po $(OUTPRE)ccapi_util.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h ccapi_util.c ccapi_util.h
+ccbase.so ccbase.po $(OUTPRE)ccbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h ccbase.c \
+  fcc.h
+cccopy.so cccopy.po $(OUTPRE)cccopy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cccopy.c
+cccursor.so cccursor.po $(OUTPRE)cccursor.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h cccursor.c
+ccdefault.so ccdefault.po $(OUTPRE)ccdefault.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ccdefault.c
+ccdefops.so ccdefops.po $(OUTPRE)ccdefops.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ccdefops.c fcc.h
+ccmarshal.so ccmarshal.po $(OUTPRE)ccmarshal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h ccmarshal.c
+ccselect.so ccselect.po $(OUTPRE)ccselect.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/ccselect_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h ccselect.c
+ccselect_hostname.so ccselect_hostname.po $(OUTPRE)ccselect_hostname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/ccselect_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h ccselect_hostname.c
+ccselect_k5identity.so ccselect_k5identity.po $(OUTPRE)ccselect_k5identity.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/ccselect_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h ccselect_k5identity.c
+ccselect_realm.so ccselect_realm.po $(OUTPRE)ccselect_realm.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/ccselect_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h ccselect_realm.c
+cc_api_macos.so cc_api_macos.po $(OUTPRE)cc_api_macos.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h cc_api_macos.c ccapi_util.h
+cc_dir.so cc_dir.po $(OUTPRE)cc_dir.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h cc_dir.c
+cc_retr.so cc_retr.po $(OUTPRE)cc_retr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h cc_retr.c
+cc_file.so cc_file.po $(OUTPRE)cc_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h cc_file.c
+cc_kcm.so cc_kcm.po $(OUTPRE)cc_kcm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kcm.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h cc_kcm.c
+cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h cc_memory.c
+cc_keyring.so cc_keyring.po $(OUTPRE)cc_keyring.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h cc_keyring.c
+ccfns.so ccfns.po $(OUTPRE)ccfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h ccfns.c
+t_cc.so t_cc.po $(OUTPRE)t_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h t_cc.c
+t_cccol.so t_cccol.po $(OUTPRE)t_cccol.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h t_cccol.c
+t_cccursor.so t_cccursor.po $(OUTPRE)t_cccursor.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_cccursor.c
+t_marshal.so t_marshal.po $(OUTPRE)t_marshal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cc-int.h t_marshal.c
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/fcc.h b/krb5-1.21.3/src/lib/krb5/ccache/fcc.h
new file mode 100644
index 00000000..b31c3a7a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/fcc.h
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/fcc.h */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * This file contains constant and function declarations used in the
+ * file-based credential cache routines.
+ */
+
+#ifndef __KRB5_FILE_CCACHE__
+#define __KRB5_FILE_CCACHE__
+
+extern const krb5_cc_ops krb5_cc_file_ops;
+
+krb5_error_code krb5int_fcc_new_unique(krb5_context context, char *template,
+                                       krb5_ccache *id);
+
+#endif /* __KRB5_FILE_CCACHE__ */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/kcmrpc.defs b/krb5-1.21.3/src/lib/krb5/ccache/kcmrpc.defs
new file mode 100644
index 00000000..997bae6d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/kcmrpc.defs
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <mach/std_types.defs>
+#include <mach/mach_types.defs>
+
+type k5_kcm_inband_msg = array [ * : 2048 ] of char;
+type k5_kcm_outband_msg = array [] of char;
+
+import "kcmrpc_types.h";
+
+subsystem mheim_ipc 1;
+userprefix k5_kcmrpc_;
+serverprefix k5_kcmrpc_server_;
+
+routine call(
+                                server_port     : mach_port_t;
+                ServerAuditToken client_creds   : audit_token_t;
+                sreplyport      reply_port      : mach_port_make_send_once_t;
+                in              requestin       : k5_kcm_inband_msg;
+                in              requestout      : k5_kcm_outband_msg;
+                out             returnvalue     : int;
+                out             replyin         : k5_kcm_inband_msg;
+                out             replyout        : k5_kcm_outband_msg, dealloc);
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/kcmrpc_types.h b/krb5-1.21.3/src/lib/krb5/ccache/kcmrpc_types.h
new file mode 100644
index 00000000..f43b41e5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/kcmrpc_types.h
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/kcmrpc_types.h - KCM RPC type definitions */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef KCMRPC_H
+#define KCMRPC_H
+
+typedef char k5_kcm_inband_msg[2048];
+typedef char *k5_kcm_outband_msg;
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/scc.h b/krb5-1.21.3/src/lib/krb5/ccache/scc.h
new file mode 100644
index 00000000..6c23614b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/scc.h
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/scc.h */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * This file contains constant and function declarations used in the
+ * file-based credential cache routines.
+ */
+
+#ifndef __KRB5_FILE_CCACHE__
+#define __KRB5_FILE_CCACHE__
+
+#include "k5-int.h"
+#include <stdio.h>
+
+#define KRB5_OK 0
+
+#define KRB5_SCC_MAXLEN 100
+
+/*
+ * SCC version 2 contains type information for principals.  SCC
+ * version 1 does not.  The code will accept either, and depending on
+ * what KRB5_SCC_DEFAULT_FVNO is set to, it will create version 1 or
+ * version 2 SCC caches.
+ *
+ */
+
+#define KRB5_SCC_FVNO_1   0x0501        /* krb v5, scc v1 */
+#define KRB5_SCC_FVNO_2   0x0502        /* krb v5, scc v2 */
+#define KRB5_SCC_FVNO_3   0x0503        /* krb v5, scc v3 */
+#define KRB5_SCC_FVNO_4   0x0504        /* krb v5, scc v4 */
+
+#define SCC_OPEN_AND_ERASE      1
+#define SCC_OPEN_RDWR           2
+#define SCC_OPEN_RDONLY         3
+
+/* Credential file header tags.
+ * The header tags are constructed as:
+ *     krb5_ui_2       tag
+ *     krb5_ui_2       len
+ *     krb5_octet      data[len]
+ * This format allows for older versions of the fcc processing code to skip
+ * past unrecognized tag formats.
+ */
+#define SCC_TAG_DELTATIME       1
+
+#ifndef TKT_ROOT
+#define TKT_ROOT "/tmp/tkt"
+#endif
+
+typedef struct _krb5_scc_data {
+    char *filename;
+    FILE *file;
+    krb5_flags flags;
+    char stdio_buffer[BUFSIZ];
+    int version;
+} krb5_scc_data;
+
+/* An off_t can be arbitrarily complex */
+typedef struct _krb5_scc_cursor {
+    long pos;
+} krb5_scc_cursor;
+
+/* DO NOT ADD ANYTHING AFTER THIS #endif */
+#endif /* __KRB5_FILE_CCACHE__ */
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_cc.c b/krb5-1.21.3/src/lib/krb5/ccache/t_cc.c
new file mode 100644
index 00000000..edd22094
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_cc.c
@@ -0,0 +1,660 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_cc.c */
+/*
+ * Copyright 2000 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "cc-int.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "autoconf.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include "com_err.h"
+
+#define KRB5_OK 0
+
+krb5_creds test_creds, test_creds2;
+
+int debug=0;
+
+static void
+init_structs(void)
+{
+    static int add=0x12345;
+
+    static krb5_address addr;
+
+    static krb5_address *addrs[] = {
+        &addr,
+        0,
+    };
+
+    addr.magic = KV5M_ADDRESS;
+    addr.addrtype = ADDRTYPE_INET;
+    addr.length = 4;
+    addr.contents = (krb5_octet *) &add;
+
+    test_creds.magic = KV5M_CREDS;
+    test_creds.client = NULL;
+    test_creds.server = NULL;
+
+    test_creds.keyblock.magic = KV5M_KEYBLOCK;
+    test_creds.keyblock.contents = 0;
+    test_creds.keyblock.enctype = 1;
+    test_creds.keyblock.length = 1;
+    test_creds.keyblock.contents = (unsigned char *) "1";
+    test_creds.times.authtime = 1111;
+    test_creds.times.starttime = 2222;
+    test_creds.times.endtime = 3333;
+    test_creds.times.renew_till = 4444;
+    test_creds.is_skey = 1;
+    test_creds.ticket_flags = 5555;
+    test_creds.addresses = addrs;
+
+#define SET_TICKET(ent, str) {ent.magic = KV5M_DATA; ent.length = sizeof(str); ent.data = str;}
+    SET_TICKET(test_creds.ticket, "This is ticket 1");
+    SET_TICKET(test_creds.second_ticket, "This is ticket 2");
+    test_creds.authdata = NULL;
+}
+
+static krb5_error_code
+init_test_cred(krb5_context context)
+{
+    krb5_error_code kret;
+    unsigned int i;
+    krb5_authdata *a;
+#define REALM "REALM"
+    kret = krb5_build_principal(context, &test_creds.client, sizeof(REALM), REALM,
+                                "client-comp1", "client-comp2", NULL);
+    if(kret)
+        return kret;
+
+    kret = krb5_build_principal(context, &test_creds.server, sizeof(REALM), REALM,
+                                "server-comp1", "server-comp2", NULL);
+    if(kret) {
+        krb5_free_principal(context, test_creds.client);
+        test_creds.client = 0;
+        goto cleanup;
+    }
+
+    test_creds.authdata = malloc (3 * sizeof(krb5_authdata *));
+    if (!test_creds.authdata) {
+        kret = ENOMEM;
+        goto cleanup;
+    }
+
+    for (i = 0 ; i <= 2 ; i++) {
+        test_creds.authdata[i] = 0;
+    }
+    a = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+    if(!a) {
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->magic = KV5M_AUTHDATA;
+    a->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+    a->contents = (krb5_octet * ) malloc(1);
+    if(!a->contents) {
+        free(a);
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->contents[0]=5;
+    a->length = 1;
+    test_creds.authdata[0] = a;
+
+    a = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+    if(!a) {
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->magic = KV5M_AUTHDATA;
+    a->ad_type = KRB5_AUTHDATA_KDC_ISSUED;
+    a->contents = (krb5_octet * ) malloc(2);
+    if(!a->contents) {
+        free(a);
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->contents[0]=4;
+    a->contents[1]=6;
+    a->length = 2;
+    test_creds.authdata[1] = a;
+
+    memcpy(&test_creds2, &test_creds, sizeof(test_creds));
+    kret = krb5_build_principal(context, &test_creds2.server, sizeof(REALM),
+                                REALM, "server-comp1", "server-comp3", NULL);
+
+cleanup:
+    if(kret) {
+        if (test_creds.client) {
+            krb5_free_principal(context, test_creds.client);
+            test_creds.client = 0;
+        }
+        if (test_creds.server) {
+            krb5_free_principal(context, test_creds.server);
+            test_creds.server = 0;
+
+        }
+        if (test_creds.authdata) {
+            krb5_free_authdata(context, test_creds.authdata);
+            test_creds.authdata = 0;
+        }
+    }
+
+    return kret;
+}
+
+static void
+free_test_cred(krb5_context context)
+{
+    krb5_free_principal(context, test_creds.client);
+
+    krb5_free_principal(context, test_creds.server);
+    krb5_free_principal(context, test_creds2.server);
+
+    if(test_creds.authdata) {
+        krb5_free_authdata(context, test_creds.authdata);
+        test_creds.authdata = 0;
+    }
+}
+
+#define CHECK(kret,msg)                                 \
+    if (kret != KRB5_OK) {                              \
+        com_err(msg, kret, "");                         \
+        fflush(stderr);                                 \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
+
+#define CHECK_STR(str,msg)                              \
+    if (str == 0) {                                     \
+        com_err(msg, kret, "");                         \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
+
+#define CHECK_BOOL(expr,errstr,msg)                     \
+    if (expr) {                                         \
+        fprintf(stderr, "%s %s\n", msg, errstr);        \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
+
+#define CHECK_FAIL(experr, kret, msg)           \
+    if (experr != kret) { CHECK(kret, msg);}
+
+static void
+check_num_entries(krb5_context context, krb5_ccache cache, int expected,
+                  unsigned linenum)
+{
+    krb5_error_code ret;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    int count = 0;
+
+    ret = krb5_cc_start_seq_get(context, cache, &cursor);
+    if (ret != 0) {
+        com_err("", ret, "(on line %d) - krb5_cc_start_seq_get", linenum);
+        fflush(stderr);
+        exit(1);
+    }
+
+    while (1) {
+        ret = krb5_cc_next_cred(context, cache, &cursor, &creds);
+        if (ret)
+            break;
+
+        count++;
+        krb5_free_cred_contents(context, &creds);
+    }
+    krb5_cc_end_seq_get(context, cache, &cursor);
+    if (ret != KRB5_CC_END) {
+        CHECK(ret, "counting entries in ccache");
+    }
+
+    if (count != expected) {
+        com_err("", KRB5_FCC_INTERNAL,
+                "(on line %d) - count didn't match (expected %d, got %d)",
+                linenum, expected, count);
+        fflush(stderr);
+        exit(1);
+    }
+}
+
+static void
+cc_test(krb5_context context, const char *name, krb5_flags flags)
+{
+    krb5_ccache id, id2;
+    krb5_creds creds;
+    krb5_error_code kret;
+    krb5_cc_cursor cursor;
+    krb5_principal tmp;
+    krb5_flags matchflags = KRB5_TC_MATCH_IS_SKEY;
+
+    const char *c_name;
+    char newcache[300];
+    char *save_type;
+
+    kret = init_test_cred(context);
+    CHECK(kret, "init_creds");
+
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolve");
+    kret = krb5_cc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+
+    c_name = krb5_cc_get_name(context, id);
+    CHECK_STR(c_name, "get_name");
+
+    c_name = krb5_cc_get_type(context, id);
+    CHECK_STR(c_name, "get_type");
+    save_type=strdup(c_name);
+    CHECK_STR(save_type, "copying type");
+
+    kret = krb5_cc_store_cred(context, id, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_cc_get_principal(context, id, &tmp);
+    CHECK(kret, "get_principal");
+
+    CHECK_BOOL(krb5_realm_compare(context, tmp, test_creds.client) != TRUE,
+               "realms do not match", "realm_compare");
+
+
+    CHECK_BOOL(krb5_principal_compare(context, tmp, test_creds.client) != TRUE,
+               "principals do not match", "principal_compare");
+
+    krb5_free_principal(context, tmp);
+
+    kret = krb5_cc_set_flags (context, id, flags);
+    CHECK(kret, "set_flags");
+
+    kret = krb5_cc_start_seq_get(context, id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = 0;
+    while (kret != KRB5_CC_END) {
+        if(debug) printf("Calling next_cred\n");
+        kret = krb5_cc_next_cred(context, id, &cursor, &creds);
+        if(kret == KRB5_CC_END) {
+            if(debug) printf("next_cred: ok at end\n");
+        }
+        else {
+            CHECK(kret, "next_cred");
+            krb5_free_cred_contents(context, &creds);
+        }
+
+    }
+    kret = krb5_cc_end_seq_get(context, id, &cursor);
+    CHECK(kret, "end_seq_get");
+
+    kret = krb5_cc_close(context, id);
+    CHECK(kret, "close");
+
+
+    /* ------------------------------------------------- */
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolve2");
+
+    {
+        /* Copy the cache test*/
+        snprintf(newcache, sizeof(newcache), "%s.new", name);
+        kret = krb5_cc_resolve(context, newcache, &id2);
+        CHECK(kret, "resolve of new cache");
+
+        /* This should fail as the new creds are not initialized */
+        kret = krb5_cc_copy_creds(context, id, id2);
+        CHECK_FAIL(KRB5_FCC_NOFILE, kret, "copy_creds");
+
+        kret = krb5_cc_initialize(context, id2, test_creds.client);
+        CHECK(kret, "initialize of id2");
+
+        kret = krb5_cc_copy_creds(context, id, id2);
+        CHECK(kret, "copy_creds");
+
+        kret = krb5_cc_destroy(context, id2);
+        CHECK(kret, "destroy new cache");
+    }
+
+    /* Destroy the first cache */
+    kret = krb5_cc_destroy(context, id);
+    CHECK(kret, "destroy");
+
+    /* ----------------------------------------------------- */
+    /* Tests the generate new code */
+    kret = krb5_cc_new_unique(context, save_type,
+                              NULL, &id2);
+    CHECK(kret, "new_unique");
+
+    kret = krb5_cc_initialize(context, id2, test_creds.client);
+    CHECK(kret, "initialize");
+
+    kret = krb5_cc_store_cred(context, id2, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_cc_destroy(context, id2);
+    CHECK(kret, "destroy id2");
+
+    /* ----------------------------------------------------- */
+    /* Test credential removal */
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolving for remove");
+
+    kret = krb5_cc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize for remove");
+    check_num_entries(context, id, 0, __LINE__);
+
+    kret = krb5_cc_store_cred(context, id, &test_creds);
+    CHECK(kret, "store for remove (first pass)");
+    check_num_entries(context, id, 1, __LINE__); /* 1 */
+
+    kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds);
+    CHECK(kret, "removing credential (first pass)");
+    check_num_entries(context, id, 0, __LINE__); /* empty */
+
+    kret = krb5_cc_store_cred(context, id, &test_creds);
+    CHECK(kret, "first store for remove (second pass)");
+    check_num_entries(context, id, 1, __LINE__); /* 1 */
+
+    kret = krb5_cc_store_cred(context, id, &test_creds2);
+    CHECK(kret, "second store for remove (second pass)");
+    check_num_entries(context, id, 2, __LINE__); /* 1, 2 */
+
+    kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds2);
+    CHECK(kret, "first remove (second pass)");
+    check_num_entries(context, id, 1, __LINE__); /* 1 */
+
+    kret = krb5_cc_store_cred(context, id, &test_creds2);
+    CHECK(kret, "third store for remove (second pass)");
+    check_num_entries(context, id, 2, __LINE__); /* 1, 2 */
+
+    kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds);
+    CHECK(kret, "second remove (second pass)");
+    check_num_entries(context, id, 1, __LINE__); /* 2 */
+
+    kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds2);
+    CHECK(kret, "third remove (second pass)");
+    check_num_entries(context, id, 0, __LINE__); /* empty */
+
+    kret = krb5_cc_destroy(context, id);
+    CHECK(kret, "destruction for remove");
+
+    /* Test removal with iteration. */
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolving for remove-iter");
+
+    kret = krb5_cc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize for remove-iter");
+
+    kret = krb5_cc_store_cred(context, id, &test_creds);
+    CHECK(kret, "first store for remove-iter");
+
+    kret = krb5_cc_store_cred(context, id, &test_creds2);
+    CHECK(kret, "second store for remove-iter");
+
+    kret = krb5_cc_start_seq_get(context, id, &cursor);
+    CHECK(kret, "start_seq_get for remove-iter");
+
+    kret = krb5_cc_remove_cred(context, id, matchflags, &test_creds);
+    CHECK(kret, "remove for remove-iter");
+
+    while (1) {
+        /* The removed credential may or may not be present in the cache -
+         * either behavior is technically correct. */
+        kret = krb5_cc_next_cred(context, id, &cursor, &creds);
+        if (kret == KRB5_CC_END)
+            break;
+        CHECK(kret, "next_cred for remove-iter: %s");
+
+        CHECK(creds.times.endtime == 0, "no-lifetime cred");
+
+        krb5_free_cred_contents(context, &creds);
+    }
+
+    kret = krb5_cc_end_seq_get(context, id, &cursor);
+    CHECK(kret, "end_seq_get for remove-iter");
+
+    kret = krb5_cc_destroy(context, id);
+    CHECK(kret, "destruction for remove-iter");
+
+    free(save_type);
+    free_test_cred(context);
+}
+
+/*
+ * Checks if a credential type is registered with the library
+ */
+static int
+check_registered(krb5_context context, const char *prefix)
+{
+    char name[300];
+    krb5_error_code kret;
+    krb5_ccache id;
+
+    snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid());
+
+    kret = krb5_cc_resolve(context, name, &id);
+    if(kret != KRB5_OK) {
+        if(kret == KRB5_CC_UNKNOWN_TYPE)
+            return 0;
+        com_err("Checking on credential type", kret, "%s", prefix);
+        fflush(stderr);
+        return 0;
+    }
+
+    kret = krb5_cc_close(context, id);
+    if(kret != KRB5_OK) {
+        com_err("Checking on credential type - closing", kret, "%s", prefix);
+        fflush(stderr);
+    }
+
+    return 1;
+}
+
+
+static void
+do_test(krb5_context context, const char *prefix)
+{
+    char name[300];
+
+    snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid());
+    printf("Starting test on %s\n", name);
+    cc_test (context, name, 0);
+    cc_test (context, name, !0);
+    printf("Test on %s passed\n", name);
+}
+
+static void
+test_misc(krb5_context context)
+{
+    /* Tests for certain error returns */
+    krb5_error_code       kret;
+    krb5_ccache id;
+    const krb5_cc_ops *ops_save;
+
+    fprintf(stderr, "Testing miscellaneous error conditions\n");
+
+    kret = krb5_cc_resolve(context, "unknown_method_ep:/tmp/name", &id);
+    if (kret != KRB5_CC_UNKNOWN_TYPE) {
+        CHECK(kret, "resolve unknown type");
+    }
+
+    /* Test for not specifying a cache type with no defaults */
+    ops_save = krb5_cc_dfl_ops;
+    krb5_cc_dfl_ops = 0;
+
+    kret = krb5_cc_resolve(context, "/tmp/e", &id);
+    if (kret != KRB5_CC_BADNAME) {
+        CHECK(kret, "resolve no builtin type");
+    }
+
+    krb5_cc_dfl_ops = ops_save;
+
+}
+
+/*
+ * Regression tests for #8202.  Because memory ccaches share objects between
+ * different handles to the same cache and between iterators and caches,
+ * historically there have been some bugs when those objects are released.
+ */
+static void
+test_memory_concurrent(krb5_context context)
+{
+    krb5_error_code kret;
+    krb5_ccache id1, id2;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+
+    /* Create two handles to the same memory ccache and destroy them. */
+    kret = krb5_cc_resolve(context, "MEMORY:x", &id1);
+    CHECK(kret, "resolve 1");
+    kret = krb5_cc_resolve(context, "MEMORY:x", &id2);
+    CHECK(kret, "resolve 2");
+    kret = krb5_cc_destroy(context, id1);
+    CHECK(kret, "destroy 1");
+    kret = krb5_cc_destroy(context, id2);
+    CHECK(kret, "destroy 2");
+
+    kret = init_test_cred(context);
+    CHECK(kret, "init_creds");
+
+    /* Reinitialize the cache after creating an iterator for it, and verify
+     * that the iterator ends gracefully. */
+    kret = krb5_cc_resolve(context, "MEMORY:x", &id1);
+    CHECK(kret, "resolve");
+    kret = krb5_cc_initialize(context, id1, test_creds.client);
+    CHECK(kret, "initialize");
+    kret = krb5_cc_store_cred(context, id1, &test_creds);
+    CHECK(kret, "store");
+    kret = krb5_cc_start_seq_get(context, id1, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = krb5_cc_initialize(context, id1, test_creds.client);
+    CHECK(kret, "initialize again");
+    kret = krb5_cc_next_cred(context, id1, &cursor, &creds);
+    CHECK_BOOL(kret != KRB5_CC_END, "iterator should end", "next_cred");
+    kret = krb5_cc_end_seq_get(context, id1, &cursor);
+    CHECK(kret, "end_seq_get");
+    kret = krb5_cc_destroy(context, id1);
+    CHECK(kret, "destroy");
+
+    free_test_cred(context);
+}
+
+/* Check that order is preserved during iteration.  Not all cache types have
+ * this property. */
+static void
+test_order(krb5_context context, const char *name)
+{
+    krb5_error_code kret;
+    krb5_ccache id;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+
+    kret = init_test_cred(context);
+    CHECK(kret, "init_creds");
+
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolve");
+    kret = krb5_cc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+    kret = krb5_cc_store_cred(context, id, &test_creds);
+    CHECK(kret, "store 1");
+    kret = krb5_cc_store_cred(context, id, &test_creds2);
+    CHECK(kret, "store 2");
+
+    kret = krb5_cc_start_seq_get(context, id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = krb5_cc_next_cred(context, id, &cursor, &creds);
+    CHECK(kret, "next_cred 1");
+    CHECK_BOOL(krb5_principal_compare(context, creds.server,
+                                      test_creds.server) != TRUE,
+               "first cred does not match", "principal_compare");
+    krb5_free_cred_contents(context, &creds);
+
+    kret = krb5_cc_next_cred(context, id, &cursor, &creds);
+    CHECK(kret, "next_cred 2");
+    CHECK_BOOL(krb5_principal_compare(context, creds.server,
+                                      test_creds2.server) != TRUE,
+               "second cred does not match", "principal_compare");
+    krb5_free_cred_contents(context, &creds);
+
+    krb5_cc_end_seq_get(context, id, &cursor);
+    krb5_cc_close(context, id);
+    free_test_cred(context);
+}
+
+extern const krb5_cc_ops krb5_mcc_ops;
+extern const krb5_cc_ops krb5_fcc_ops;
+
+int
+main(void)
+{
+    krb5_context context;
+    krb5_error_code     kret;
+
+    if ((kret = krb5_init_context(&context))) {
+        printf("Couldn't initialize krb5 library: %s\n",
+               error_message(kret));
+        exit(1);
+    }
+
+    kret = krb5_cc_register(context, &krb5_mcc_ops,0);
+    if(kret && kret != KRB5_CC_TYPE_EXISTS) {
+        CHECK(kret, "register_mem");
+    }
+
+    kret = krb5_cc_register(context, &krb5_fcc_ops,0);
+    if(kret && kret != KRB5_CC_TYPE_EXISTS) {
+        CHECK(kret, "register_mem");
+    }
+
+    /* Registering a second time tests for error return */
+    kret = krb5_cc_register(context, &krb5_fcc_ops,0);
+    if(kret != KRB5_CC_TYPE_EXISTS) {
+        CHECK(kret, "register_mem");
+    }
+
+    /* Registering with override should work */
+    kret = krb5_cc_register(context, &krb5_fcc_ops,1);
+    CHECK(kret, "register_mem override");
+
+    init_structs();
+
+    test_misc(context);
+    do_test(context, "");
+
+    if (check_registered(context, "KEYRING:process:"))
+        do_test(context, "KEYRING:process:");
+    else
+        printf("Skipping KEYRING: test - unregistered type\n");
+
+    do_test(context, "MEMORY:");
+    do_test(context, "FILE:");
+
+    test_memory_concurrent(context);
+
+    test_order(context, "MEMORY:order");
+
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_cccol.c b/krb5-1.21.3/src/lib/krb5/ccache/t_cccol.c
new file mode 100644
index 00000000..741f955d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_cccol.c
@@ -0,0 +1,363 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_cccol.py - Test ccache collection via API */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <krb5.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+static krb5_context ctx;
+
+/* Check that code is 0.  Display an error message first if it is not. */
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code != 0) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+    }
+    assert(code == 0);
+}
+
+/* Construct a list of the names of each credential cache in the collection. */
+static void
+get_collection_names(char ***list_out, size_t *count_out)
+{
+    krb5_cccol_cursor cursor;
+    krb5_ccache cache;
+    char **list = NULL;
+    size_t count = 0;
+    char *name;
+
+    check(krb5_cccol_cursor_new(ctx, &cursor));
+    while (1) {
+        check(krb5_cccol_cursor_next(ctx, cursor, &cache));
+        if (cache == NULL)
+            break;
+        check(krb5_cc_get_full_name(ctx, cache, &name));
+        krb5_cc_close(ctx, cache);
+        list = realloc(list, (count + 1) * sizeof(*list));
+        assert(list != NULL);
+        list[count++] = name;
+    }
+    krb5_cccol_cursor_free(ctx, &cursor);
+    *list_out = list;
+    *count_out = count;
+}
+
+/* Return true if list contains name. */
+static krb5_boolean
+in_list(char **list, size_t count, const char *name)
+{
+    size_t i;
+
+    for (i = 0; i < count; i++) {
+        if (strcmp(list[i], name) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Release the memory for a list of credential cache names. */
+static void
+free_list(char **list, size_t count)
+{
+    size_t i;
+
+    for (i = 0; i < count; i++)
+        krb5_free_string(ctx, list[i]);
+    free(list);
+}
+
+/*
+ * Check that the cache names within the current collection begin with first
+ * (unless first is NULL), that the other elements match the remaining
+ * arguments in some order.  others must be the number of additional cache
+ * names.
+ */
+static void
+check_collection(const char *first, size_t others, ...)
+{
+    va_list ap;
+    char **list;
+    size_t count, i;
+    const char *name;
+
+    get_collection_names(&list, &count);
+    if (first != NULL) {
+        assert(strcmp(first, list[0]) == 0);
+        assert(count == others + 1);
+    } else {
+        assert(count == others);
+    }
+    va_start(ap, others);
+    for (i = 0; i < others; i++) {
+        name = va_arg(ap, const char *);
+        assert(in_list(list, count, name));
+    }
+    va_end(ap);
+    free_list(list, count);
+}
+
+/* Check that the name of cache matches expected_name. */
+static void
+check_name(krb5_ccache cache, const char *expected_name)
+{
+    char *name;
+
+    check(krb5_cc_get_full_name(ctx, cache, &name));
+    assert(strcmp(name, expected_name) == 0);
+    krb5_free_string(ctx, name);
+}
+
+/* Check that when collection_name is resolved, the resulting cache's name
+ * matches expected_name. */
+static void
+check_primary_name(const char *collection_name, const char *expected_name)
+{
+    krb5_ccache cache;
+
+    check(krb5_cc_resolve(ctx, collection_name, &cache));
+    check_name(cache, expected_name);
+    krb5_cc_close(ctx, cache);
+}
+
+/* Check that when name is resolved, the resulting cache's principal matches
+ * expected_princ, or has no principal if expected_princ is NULL. */
+static void
+check_princ(const char *name, krb5_principal expected_princ)
+{
+    krb5_ccache cache;
+    krb5_principal princ;
+
+    check(krb5_cc_resolve(ctx, name, &cache));
+    if (expected_princ != NULL) {
+        check(krb5_cc_get_principal(ctx, cache, &princ));
+        assert(krb5_principal_compare(ctx, princ, expected_princ));
+        krb5_free_principal(ctx, princ);
+    } else {
+        assert(krb5_cc_get_principal(ctx, cache, &princ) != 0);
+    }
+    krb5_cc_close(ctx, cache);
+}
+
+/* Check that krb5_cc_cache_match on princ returns a cache whose name matches
+ * expected_name, or that the match fails if expected_name is NULL. */
+static void
+check_match(krb5_principal princ, const char *expected_name)
+{
+    krb5_ccache cache;
+
+    if (expected_name != NULL) {
+        check(krb5_cc_cache_match(ctx, princ, &cache));
+        check_name(cache, expected_name);
+        krb5_cc_close(ctx, cache);
+    } else {
+        assert(krb5_cc_cache_match(ctx, princ, &cache) != 0);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_ccache ccinitial, ccu1, ccu2;
+    krb5_principal princ1, princ2, princ3;
+    const char *collection_name, *typename;
+    char *initial_primary_name, *unique1_name, *unique2_name;
+
+    /*
+     * Get the collection name from the command line.  This is a ccache name
+     * with collection semantics, like DIR:/path/to/directory.  This test
+     * program assumes that the collection is empty to start with.
+     */
+    assert(argc == 2);
+    collection_name = argv[1];
+
+    /*
+     * Set the default ccache for the context to be the collection name, so the
+     * library can find the collection.
+     */
+    check(krb5_init_context(&ctx));
+    check(krb5_cc_set_default_name(ctx, collection_name));
+
+    /*
+     * Resolve the collection name.  Since the collection is empty, this should
+     * generate a subsidiary name of an uninitialized cache.  Getting the name
+     * of the resulting cache should give us the subsidiary name, not the
+     * collection name.  This resulting subsidiary name should be consistent if
+     * we resolve the collection name again, and the collection should still be
+     * empty since we haven't initialized the cache.
+     */
+    check(krb5_cc_resolve(ctx, collection_name, &ccinitial));
+    check(krb5_cc_get_full_name(ctx, ccinitial, &initial_primary_name));
+    assert(strcmp(initial_primary_name, collection_name) != 0);
+    check_primary_name(collection_name, initial_primary_name);
+    check_collection(NULL, 0);
+    check_princ(collection_name, NULL);
+    check_princ(initial_primary_name, NULL);
+
+    /*
+     * Before initializing the primary ccache, generate and initialize two
+     * unique caches of the collection's type.  Check that the cache names
+     * resolve to the generated caches and appear in the collection.  (They
+     * might appear before being initialized; that's not currently considered
+     * important).  The primary cache for the collection should remain as the
+     * uninitialized cache from the previous step.
+     */
+    typename = krb5_cc_get_type(ctx, ccinitial);
+    check(krb5_cc_new_unique(ctx, typename, NULL, &ccu1));
+    check(krb5_cc_get_full_name(ctx, ccu1, &unique1_name));
+    check(krb5_parse_name(ctx, "princ1@X", &princ1));
+    check(krb5_cc_initialize(ctx, ccu1, princ1));
+    check_princ(unique1_name, princ1);
+    check_match(princ1, unique1_name);
+    check_collection(NULL, 1, unique1_name);
+    check(krb5_cc_new_unique(ctx, typename, NULL, &ccu2));
+    check(krb5_cc_get_full_name(ctx, ccu2, &unique2_name));
+    check(krb5_parse_name(ctx, "princ2@X", &princ2));
+    check(krb5_cc_initialize(ctx, ccu2, princ2));
+    check_princ(unique2_name, princ2);
+    check_match(princ1, unique1_name);
+    check_match(princ2, unique2_name);
+    check_collection(NULL, 2, unique1_name, unique2_name);
+    assert(strcmp(unique1_name, initial_primary_name) != 0);
+    assert(strcmp(unique1_name, collection_name) != 0);
+    assert(strcmp(unique2_name, initial_primary_name) != 0);
+    assert(strcmp(unique2_name, collection_name) != 0);
+    assert(strcmp(unique2_name, unique1_name) != 0);
+    check_primary_name(collection_name, initial_primary_name);
+
+    /*
+     * Initialize the initial primary cache.  Make sure it didn't change names,
+     * that the previously retrieved name and the collection name both resolve
+     * to the initialized cache, and that it now appears first in the
+     * collection.
+     */
+    check(krb5_parse_name(ctx, "princ3@X", &princ3));
+    check(krb5_cc_initialize(ctx, ccinitial, princ3));
+    check_name(ccinitial, initial_primary_name);
+    check_princ(initial_primary_name, princ3);
+    check_princ(collection_name, princ3);
+    check_match(princ3, initial_primary_name);
+    check_collection(initial_primary_name, 2, unique1_name, unique2_name);
+
+    /*
+     * Switch the primary cache to each cache we have open.  One each switch,
+     * check the primary name, check that the collection resolves to the
+     * expected cache, and check that the new primary name appears first in the
+     * collection.
+     */
+    check(krb5_cc_switch(ctx, ccu1));
+    check_primary_name(collection_name, unique1_name);
+    check_princ(collection_name, princ1);
+    check_collection(unique1_name, 2, initial_primary_name, unique2_name);
+    check(krb5_cc_switch(ctx, ccu2));
+    check_primary_name(collection_name, unique2_name);
+    check_princ(collection_name, princ2);
+    check_collection(unique2_name, 2, initial_primary_name, unique1_name);
+    check(krb5_cc_switch(ctx, ccinitial));
+    check_primary_name(collection_name, initial_primary_name);
+    check_princ(collection_name, princ3);
+    check_collection(initial_primary_name, 2, unique1_name, unique2_name);
+
+    /*
+     * Temporarily set the context default ccache to a subsidiary name, and
+     * check that iterating over the collection yields that subsidiary cache
+     * and no others.
+     */
+    check(krb5_cc_set_default_name(ctx, unique1_name));
+    check_collection(unique1_name, 0);
+    check(krb5_cc_set_default_name(ctx, collection_name));
+
+    /*
+     * Destroy the primary cache.  Make sure this causes both the initial
+     * primary name and the collection name to resolve to an uninitialized
+     * cache.  Make sure the primary name doesn't change and doesn't appear in
+     * the collection any more.
+     */
+    check(krb5_cc_destroy(ctx, ccinitial));
+    check_princ(initial_primary_name, NULL);
+    check_princ(collection_name, NULL);
+    check_primary_name(collection_name, initial_primary_name);
+    check_match(princ1, unique1_name);
+    check_match(princ2, unique2_name);
+    check_match(princ3, NULL);
+    check_collection(NULL, 2, unique1_name, unique2_name);
+
+    /*
+     * Switch to the first unique cache after destroying the primary cache.
+     * Check that the collection name resolves to this cache and that the new
+     * primary name appears first in the collection.
+     */
+    check(krb5_cc_switch(ctx, ccu1));
+    check_primary_name(collection_name, unique1_name);
+    check_princ(collection_name, princ1);
+    check_collection(unique1_name, 1, unique2_name);
+
+    /*
+     * Destroy the second unique cache (which is not the current primary),
+     * check that it is on longer initialized, and check that it no longer
+     * appears in the collection.  Check that destroying the non-primary cache
+     * doesn't affect the primary name.
+     */
+    check(krb5_cc_destroy(ctx, ccu2));
+    check_princ(unique2_name, NULL);
+    check_match(princ2, NULL);
+    check_collection(unique1_name, 0);
+    check_primary_name(collection_name, unique1_name);
+    check_match(princ1, unique1_name);
+    check_princ(collection_name, princ1);
+
+    /*
+     * Destroy the first unique cache.  Check that the collection is empty and
+     * still has the same primary name.
+     */
+    check(krb5_cc_destroy(ctx, ccu1));
+    check_princ(unique1_name, NULL);
+    check_princ(collection_name, NULL);
+    check_primary_name(collection_name, unique1_name);
+    check_match(princ1, NULL);
+    check_collection(NULL, 0);
+
+    krb5_free_string(ctx, initial_primary_name);
+    krb5_free_string(ctx, unique1_name);
+    krb5_free_string(ctx, unique2_name);
+    krb5_free_principal(ctx, princ1);
+    krb5_free_principal(ctx, princ2);
+    krb5_free_principal(ctx, princ3);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_cccol.py b/krb5-1.21.3/src/lib/krb5/ccache/t_cccol.py
new file mode 100755
index 00000000..7dfe05b1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_cccol.py
@@ -0,0 +1,125 @@
+from k5test import *
+
+realm = K5Realm(create_kdb=False)
+
+keyctl = which('keyctl')
+out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1)
+test_keyring = (keyctl is not None and
+                'Unknown credential cache type' not in out)
+if not test_keyring:
+    skipped('keyring collection tests', 'keyring support not built')
+
+# Run the collection test program against each collection-enabled type.
+realm.run(['./t_cccol', 'DIR:' + os.path.join(realm.testdir, 'cc')])
+if test_keyring:
+    def cleanup_keyring(anchor, name):
+        out = realm.run(['keyctl', 'list', anchor])
+        if ('keyring: ' + name + '\n') in out:
+            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
+            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
+
+    # Use the test directory as the collection name to avoid colliding
+    # with other build trees.
+    cname = realm.testdir
+    col_ringname = '_krb_' + cname
+
+    # Remove any keys left behind by previous failed test runs.
+    cleanup_keyring('@s', cname)
+    cleanup_keyring('@s', col_ringname)
+    cleanup_keyring('@u', col_ringname)
+
+    # Run test program over each subtype, cleaning up as we go.  Don't
+    # test the persistent subtype, since it supports only one
+    # collection and might be in actual use.
+    realm.run(['./t_cccol', 'KEYRING:' + cname])
+    cleanup_keyring('@s', col_ringname)
+    realm.run(['./t_cccol', 'KEYRING:legacy:' + cname])
+    cleanup_keyring('@s', col_ringname)
+    realm.run(['./t_cccol', 'KEYRING:session:' + cname])
+    cleanup_keyring('@s', col_ringname)
+    realm.run(['./t_cccol', 'KEYRING:user:' + cname])
+    cleanup_keyring('@u', col_ringname)
+    realm.run(['./t_cccol', 'KEYRING:process:abcd'])
+    realm.run(['./t_cccol', 'KEYRING:thread:abcd'])
+
+realm.stop()
+
+# Test cursor semantics using real ccaches.
+realm = K5Realm(create_host=False)
+
+realm.addprinc('alice', password('alice'))
+realm.addprinc('bob', password('bob'))
+
+ccdir = os.path.join(realm.testdir, 'cc')
+dccname = 'DIR:%s' % ccdir
+duser = 'DIR::%s/tkt1' % ccdir
+dalice = 'DIR::%s/tkt2' % ccdir
+dbob = 'DIR::%s/tkt3' % ccdir
+dnoent = 'DIR::%s/noent' % ccdir
+realm.kinit('user', password('user'), flags=['-c', duser])
+realm.kinit('alice', password('alice'), flags=['-c', dalice])
+realm.kinit('bob', password('bob'), flags=['-c', dbob])
+
+if test_keyring:
+    cleanup_keyring('@s', col_ringname)
+    krccname = 'KEYRING:session:' + cname
+    kruser = '%s:tkt1' % krccname
+    kralice = '%s:tkt2' % krccname
+    krbob = '%s:tkt3' % krccname
+    krnoent = '%s:noent' % krccname
+    realm.kinit('user', password('user'), flags=['-c', kruser])
+    realm.kinit('alice', password('alice'), flags=['-c', kralice])
+    realm.kinit('bob', password('bob'), flags=['-c', krbob])
+
+def cursor_test(testname, args, expected):
+    outlines = realm.run(['./t_cccursor'] + args).splitlines()
+    outlines.sort()
+    expected.sort()
+    if outlines != expected:
+        fail('Output not expected for %s\n' % testname +
+             'Expected output:\n\n' + '\n'.join(expected) + '\n\n' +
+             'Actual output:\n\n' + '\n'.join(outlines))
+
+mark('FILE cursor')
+fccname = 'FILE:%s' % realm.ccache
+cursor_test('file-default', [], [fccname])
+cursor_test('file-default2', [realm.ccache], [fccname])
+cursor_test('file-default3', [fccname], [fccname])
+
+mark('DIR cursor')
+cursor_test('dir', [dccname], [duser, dalice, dbob])
+cursor_test('dir-subsidiary', [duser], [duser])
+cursor_test('dir-nofile', [dnoent], [])
+
+if test_keyring:
+    mark('KEYRING cursor')
+    cursor_test('keyring', [krccname], [kruser, kralice, krbob])
+    cursor_test('keyring-subsidiary', [kruser], [kruser])
+    cursor_test('keyring-noent', [krnoent], [])
+
+mark('MEMORY cursor')
+mfoo = 'MEMORY:foo'
+mbar = 'MEMORY:bar'
+cursor_test('filemem', [fccname, mfoo], [fccname])
+cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob])
+cursor_test('mem', [mfoo, mbar], [mfoo])
+if test_keyring:
+    cursor_test('keyringmem', [krccname, mfoo], [kruser, kralice, krbob])
+
+# Test krb5_cccol_have_content.
+mark('krb5_cccol_have_content')
+realm.run(['./t_cccursor', dccname, 'CONTENT'])
+realm.run(['./t_cccursor', fccname, 'CONTENT'])
+realm.run(['./t_cccursor', realm.ccache, 'CONTENT'])
+realm.run(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
+if test_keyring:
+    realm.run(['./t_cccursor', krccname, 'CONTENT'])
+    cleanup_keyring('@s', col_ringname)
+
+# Make sure FILE doesn't yield a nonexistent default cache.
+mark('FILE nonexistent')
+realm.run([kdestroy])
+cursor_test('noexist', [], [])
+realm.run(['./t_cccursor', fccname, 'CONTENT'], expected_code=1)
+
+success('Renewing credentials')
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_cccursor.c b/krb5-1.21.3/src/lib/krb5/ccache/t_cccursor.c
new file mode 100644
index 00000000..96ca3aee
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_cccursor.c
@@ -0,0 +1,81 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_cccursor.c - Simple test harness for cccol API */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Displays a list of caches returned by the cccol cursor.  The first argument,
+ * if given, is set to the default cache name for the context before iterating.
+ * Any remaining arguments are resolved as caches and kept open during the
+ * iteration.  If the argument "CONTENT" is given as one of the cache names,
+ * immediately exit with status 0 if the collection contains credentials and 1
+ * if it does not.
+ */
+
+#include "k5-int.h"
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context ctx;
+    krb5_cccol_cursor cursor;
+    krb5_ccache cache, hold[64];
+    int i;
+    char *name;
+
+    assert(krb5_init_context(&ctx) == 0);
+    if (argc > 1)
+        assert(krb5_cc_set_default_name(ctx, argv[1]) == 0);
+
+    if (argc > 2) {
+        assert(argc < 60);
+        for (i = 2; i < argc; i++) {
+            if (strcmp(argv[i], "CONTENT") == 0) {
+                ret = krb5_cccol_have_content(ctx);
+                krb5_free_context(ctx);
+                return ret != 0;
+            }
+            assert(krb5_cc_resolve(ctx, argv[i], &hold[i - 2]) == 0);
+        }
+    }
+
+    assert(krb5_cccol_cursor_new(ctx, &cursor) == 0);
+    while (1) {
+        assert(krb5_cccol_cursor_next(ctx, cursor, &cache) == 0);
+        if (cache == NULL)
+            break;
+        assert(krb5_cc_get_full_name(ctx, cache, &name) == 0);
+        printf("%s\n", name);
+        krb5_free_string(ctx, name);
+        krb5_cc_close(ctx, cache);
+    }
+    assert(krb5_cccol_cursor_free(ctx, &cursor) == 0);
+
+    for (i = 2; i < argc; i++)
+        krb5_cc_close(ctx, hold[i - 2]);
+
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_marshal.c b/krb5-1.21.3/src/lib/krb5/ccache/t_marshal.c
new file mode 100644
index 00000000..96e0931a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_marshal.c
@@ -0,0 +1,420 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_marshal.c - test program for cred marshalling */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "cc-int.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <arpa/inet.h>
+#include <fcntl.h>
+
+/*
+ * Versions 1 and 2 of the ccache format use native byte order representations
+ * of integers.  The test data below is from a little-endian platform.  Skip
+ * those tests on big-endian platforms by starting at version 3.
+ */
+#ifdef K5_BE
+#define FIRST_VERSION 3
+#else
+#define FIRST_VERSION 1
+#endif
+
+/* Each test contains the expected binary representation of a credential cache
+ * divided into the header, the default principal, and two credentials. */
+const struct test {
+    size_t headerlen;
+    const unsigned char header[256];
+    size_t princlen;
+    const unsigned char princ[256];
+    size_t cred1len;
+    const unsigned char cred1[256];
+    size_t cred2len;
+    const unsigned char cred2[256];
+} tests[4] = {
+    {
+        /* Version 1 header */
+        2,
+        "\x05\x01",
+        /* Version 1 principal */
+        33,
+        "\x02\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54\x45\x53\x54\x2E"
+        "\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63\x6C\x69\x65\x6E"
+        "\x74",
+        /* Version 1 cred 1 */
+        165,
+        "\x02\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54\x45\x53\x54\x2E"
+        "\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63\x6C\x69\x65\x6E"
+        "\x74\x03\x00\x00\x00\x0B\x00\x00\x00\x45\x58\x41\x4D\x50\x4C\x45"
+        "\x2E\x43\x4F\x4D\x04\x00\x00\x00\x74\x65\x73\x74\x04\x00\x00\x00"
+        "\x68\x6F\x73\x74\x11\x00\x10\x00\x00\x00\x00\x01\x02\x03\x04\x05"
+        "\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x0B\x00\x00\x00\xDE\x00"
+        "\x00\x00\x05\x0D\x00\x00\x00\xCA\x9A\x3B\x00\x00\x00\x80\x40\x01"
+        "\x00\x00\x00\x02\x00\x04\x00\x00\x00\x0A\x00\x00\x01\x02\x00\x00"
+        "\x00\x00\x02\x0A\x00\x00\x00\x73\x69\x67\x6E\x74\x69\x63\x6B\x65"
+        "\x74\x9C\xFF\x00\x00\x00\x00\x06\x00\x00\x00\x74\x69\x63\x6B\x65"
+        "\x74\x00\x00\x00\x00",
+        /* Version 1 cred 2 */
+        113,
+        "\x02\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54\x45\x53\x54\x2E"
+        "\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63\x6C\x69\x65\x6E"
+        "\x74\x01\x00\x00\x00\x00\x00\x00\x00\x17\x00\x10\x00\x00\x00\x0F"
+        "\x0E\x0D\x0C\x0B\x0A\x09\x08\x07\x06\x05\x04\x03\x02\x01\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00"
+        "\x74\x69\x63\x6B\x65\x74\x07\x00\x00\x00\x32\x74\x69\x63\x6B\x65"
+        "\x74"
+    },
+    {
+        /* Version 2 header */
+        2,
+        "\x05\x02",
+        /* Version 2 principal */
+        37,
+        "\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74",
+        /* Version 2 cred 1 */
+        173,
+        "\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x01\x00\x00\x00\x02\x00\x00\x00\x0B\x00\x00"
+        "\x00\x45\x58\x41\x4D\x50\x4C\x45\x2E\x43\x4F\x4D\x04\x00\x00\x00"
+        "\x74\x65\x73\x74\x04\x00\x00\x00\x68\x6F\x73\x74\x11\x00\x10\x00"
+        "\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D"
+        "\x0E\x0F\x0B\x00\x00\x00\xDE\x00\x00\x00\x05\x0D\x00\x00\x00\xCA"
+        "\x9A\x3B\x00\x00\x00\x80\x40\x01\x00\x00\x00\x02\x00\x04\x00\x00"
+        "\x00\x0A\x00\x00\x01\x02\x00\x00\x00\x00\x02\x0A\x00\x00\x00\x73"
+        "\x69\x67\x6E\x74\x69\x63\x6B\x65\x74\x9C\xFF\x00\x00\x00\x00\x06"
+        "\x00\x00\x00\x74\x69\x63\x6B\x65\x74\x00\x00\x00\x00",
+        /* Version 2 cred 2 */
+        121,
+        "\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x0A\x00\x00\x00\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x17\x00\x10\x00\x00\x00\x0F\x0E\x0D\x0C\x0B\x0A\x09\x08\x07"
+        "\x06\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x06\x00\x00\x00\x74\x69\x63\x6B\x65\x74\x07\x00"
+        "\x00\x00\x32\x74\x69\x63\x6B\x65\x74"
+    },
+    {
+        /* Version 3 header */
+        2,
+        "\x05\x03",
+        /* Version 3 principal */
+        37,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74",
+        /* Version 3 cred 1 */
+        175,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
+        "\x0B\x45\x58\x41\x4D\x50\x4C\x45\x2E\x43\x4F\x4D\x00\x00\x00\x04"
+        "\x74\x65\x73\x74\x00\x00\x00\x04\x68\x6F\x73\x74\x00\x11\x00\x11"
+        "\x00\x00\x00\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B"
+        "\x0C\x0D\x0E\x0F\x00\x00\x00\x0B\x00\x00\x00\xDE\x00\x00\x0D\x05"
+        "\x3B\x9A\xCA\x00\x00\x40\x80\x00\x00\x00\x00\x00\x01\x00\x02\x00"
+        "\x00\x00\x04\x0A\x00\x00\x01\x00\x00\x00\x02\x02\x00\x00\x00\x00"
+        "\x0A\x73\x69\x67\x6E\x74\x69\x63\x6B\x65\x74\xFF\x9C\x00\x00\x00"
+        "\x00\x00\x00\x00\x06\x74\x69\x63\x6B\x65\x74\x00\x00\x00\x00",
+        /* Version 3 cred 2 */
+        123,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x17\x00\x17\x00\x00\x00\x10\x0F\x0E\x0D\x0C\x0B\x0A\x09"
+        "\x08\x07\x06\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x74\x69\x63\x6B\x65\x74"
+        "\x00\x00\x00\x07\x32\x74\x69\x63\x6B\x65\x74"
+    },
+    {
+        /* Version 4 header */
+        16,
+        "\x05\x04\x00\x0C\x00\x01\x00\x08\x00\x00\x01\x2C\x00\x00\xD4\x31",
+        /* Version 4 principal */
+        37,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74",
+        /* Version 4 cred 1 */
+        173,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
+        "\x0B\x45\x58\x41\x4D\x50\x4C\x45\x2E\x43\x4F\x4D\x00\x00\x00\x04"
+        "\x74\x65\x73\x74\x00\x00\x00\x04\x68\x6F\x73\x74\x00\x11\x00\x00"
+        "\x00\x10\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D"
+        "\x0E\x0F\x00\x00\x00\x0B\x00\x00\x00\xDE\x00\x00\x0D\x05\x3B\x9A"
+        "\xCA\x00\x00\x40\x80\x00\x00\x00\x00\x00\x01\x00\x02\x00\x00\x00"
+        "\x04\x0A\x00\x00\x01\x00\x00\x00\x02\x02\x00\x00\x00\x00\x0A\x73"
+        "\x69\x67\x6E\x74\x69\x63\x6B\x65\x74\xFF\x9C\x00\x00\x00\x00\x00"
+        "\x00\x00\x06\x74\x69\x63\x6B\x65\x74\x00\x00\x00\x00",
+        /* Version 4 cred 2 */
+        121,
+        "\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0B\x4B\x52\x42\x54"
+        "\x45\x53\x54\x2E\x43\x4F\x4D\x00\x00\x00\x0A\x74\x65\x73\x74\x63"
+        "\x6C\x69\x65\x6E\x74\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x17\x00\x00\x00\x10\x0F\x0E\x0D\x0C\x0B\x0A\x09\x08\x07"
+        "\x06\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00"
+        "\x00\x00\x00\x00\x00\x00\x00\x06\x74\x69\x63\x6B\x65\x74\x00\x00"
+        "\x00\x07\x32\x74\x69\x63\x6B\x65\x74"
+    }
+};
+
+static void
+verify_princ(krb5_principal p)
+{
+    assert(p->length == 1);
+    assert(data_eq_string(p->realm, "KRBTEST.COM"));
+    assert(data_eq_string(p->data[0], "testclient"));
+}
+
+static void
+verify_cred1(const krb5_creds *c)
+{
+    uint32_t ipaddr = ntohl(0x0A000001);
+
+    verify_princ(c->client);
+    assert(c->server->length == 2);
+    assert(data_eq_string(c->server->realm, "EXAMPLE.COM"));
+    assert(data_eq_string(c->server->data[0], "test"));
+    assert(data_eq_string(c->server->data[1], "host"));
+    assert(c->keyblock.enctype == ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+    assert(c->keyblock.length == 16);
+    assert(memcmp(c->keyblock.contents,
+                  "\x0\x1\x2\x3\x4\x5\x6\x7\x8\x9\xA\xB\xC\xD\xE\xF",
+                  16) == 0);
+    assert(c->times.authtime == 11);
+    assert(c->times.starttime == 222);
+    assert(c->times.endtime == 3333);
+    assert(c->times.renew_till == 1000000000);
+    assert(c->is_skey == FALSE);
+    assert(c->ticket_flags == (TKT_FLG_FORWARDABLE | TKT_FLG_RENEWABLE));
+    assert(c->addresses != NULL && c->addresses[0] != NULL);
+    assert(c->addresses[0]->addrtype == ADDRTYPE_INET);
+    assert(c->addresses[0]->length == 4);
+    assert(memcmp(c->addresses[0]->contents, &ipaddr, 4) == 0);
+    assert(c->addresses[1] == NULL);
+    assert(c->authdata != NULL && c->authdata[0] != NULL);
+    assert(c->authdata[0]->ad_type == KRB5_AUTHDATA_SIGNTICKET);
+    assert(c->authdata[0]->length == 10);
+    assert(memcmp(c->authdata[0]->contents, "signticket", 10) == 0);
+    assert(c->authdata[1] != NULL);
+    assert(c->authdata[1]->ad_type == -100);
+    assert(c->authdata[1]->length == 0);
+    assert(c->authdata[2] == NULL);
+    assert(data_eq_string(c->ticket, "ticket"));
+    assert(c->second_ticket.length == 0);
+}
+
+static void
+verify_cred2(const krb5_creds *c)
+{
+    verify_princ(c->client);
+    assert(c->server->length == 0);
+    assert(c->server->realm.length == 0);
+    assert(c->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC);
+    assert(c->keyblock.length == 16);
+    assert(memcmp(c->keyblock.contents,
+                  "\xF\xE\xD\xC\xB\xA\x9\x8\x7\x6\x5\x4\x3\x2\x1\x0",
+                  16) == 0);
+    assert(c->times.authtime == 0);
+    assert(c->times.starttime == 0);
+    assert(c->times.endtime == 0);
+    assert(c->times.renew_till == 0);
+    assert(c->is_skey == TRUE);
+    assert(c->ticket_flags == 0);
+    assert(c->addresses == NULL || c->addresses[0] == NULL);
+    assert(c->authdata == NULL || c->authdata[0] == NULL);
+    assert(data_eq_string(c->ticket, "ticket"));
+    assert(data_eq_string(c->second_ticket, "2ticket"));
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_ccache cache;
+    krb5_principal princ;
+    krb5_creds cred1, cred2, *alloc_cred;
+    krb5_cc_cursor cursor;
+    const char *filename;
+    char *ccname, filebuf[256];
+    int version, fd;
+    const struct test *t;
+    struct k5buf buf;
+    krb5_data ser_data, *alloc_data;
+
+    if (argc != 2)
+        abort();
+    filename = argv[1];
+    if (asprintf(&ccname, "FILE:%s", filename) == -1)
+        abort();
+
+    if (krb5_init_context(&context) != 0)
+        abort();
+
+    /* Test public functions for unmarshalling and marshalling. */
+    ser_data = make_data((char *)tests[3].cred1, tests[3].cred1len);
+    if (krb5_unmarshal_credentials(context, &ser_data, &alloc_cred) != 0)
+        abort();
+    verify_cred1(alloc_cred);
+    if (krb5_marshal_credentials(context, alloc_cred, &alloc_data) != 0)
+        abort();
+    assert(alloc_data->length == tests[3].cred1len);
+    assert(memcmp(tests[3].cred1, alloc_data->data, alloc_data->length) == 0);
+    krb5_free_data(context, alloc_data);
+    krb5_free_creds(context, alloc_cred);
+
+    for (version = FIRST_VERSION; version <= 4; version++) {
+        t = &tests[version - 1];
+
+        /* Test principal unmarshalling and marshalling. */
+        if (k5_unmarshal_princ(t->princ, t->princlen, version, &princ) != 0)
+            abort();
+        verify_princ(princ);
+        k5_buf_init_dynamic(&buf);
+        k5_marshal_princ(&buf, version, princ);
+        assert(buf.len == t->princlen);
+        assert(memcmp(t->princ, buf.data, buf.len) == 0);
+        k5_buf_free(&buf);
+
+        /* Test cred1 unmarshalling and marshalling. */
+        if (k5_unmarshal_cred(t->cred1, t->cred1len, version, &cred1) != 0)
+            abort();
+        verify_cred1(&cred1);
+        k5_buf_init_dynamic(&buf);
+        k5_marshal_cred(&buf, version, &cred1);
+        assert(buf.len == t->cred1len);
+        assert(memcmp(t->cred1, buf.data, buf.len) == 0);
+        k5_buf_free(&buf);
+
+        /* Test cred2 unmarshalling and marshalling. */
+        if (k5_unmarshal_cred(t->cred2, t->cred2len, version, &cred2) != 0)
+            abort();
+        verify_cred2(&cred2);
+        k5_buf_init_dynamic(&buf);
+        k5_marshal_cred(&buf, version, &cred2);
+        assert(buf.len == t->cred2len);
+        assert(memcmp(t->cred2, buf.data, buf.len) == 0);
+        k5_buf_free(&buf);
+
+        /* Write a ccache containing the principal and creds.  Use the same
+         * time offset as the version 4 test data used. */
+        context->fcc_default_format = 0x0500 + version;
+        context->os_context.time_offset = 300;
+        context->os_context.usec_offset = 54321;
+        context->os_context.os_flags = KRB5_OS_TOFFSET_VALID;
+        if (krb5_cc_resolve(context, ccname, &cache) != 0)
+            abort();
+        if (krb5_cc_initialize(context, cache, princ) != 0)
+            abort();
+        if (krb5_cc_store_cred(context, cache, &cred1) != 0)
+            abort();
+        if (krb5_cc_store_cred(context, cache, &cred2) != 0)
+            abort();
+        if (krb5_cc_close(context, cache) != 0)
+            abort();
+
+        /* Verify the cache representation against the test data. */
+        fd = open(filename, O_RDONLY);
+        if (fd == -1)
+            abort();
+        if (read(fd, filebuf, t->headerlen) != (ssize_t)t->headerlen)
+            abort();
+        assert(memcmp(filebuf, t->header, t->headerlen) == 0);
+        if (read(fd, filebuf, t->princlen) != (ssize_t)t->princlen)
+            abort();
+        assert(memcmp(filebuf, t->princ, t->princlen) == 0);
+        if (read(fd, filebuf, t->cred1len) != (ssize_t)t->cred1len)
+            abort();
+        assert(memcmp(filebuf, t->cred1, t->cred1len) == 0);
+        if (read(fd, filebuf, t->cred2len) != (ssize_t)t->cred2len)
+            abort();
+        assert(memcmp(filebuf, t->cred2, t->cred2len) == 0);
+        close(fd);
+
+        krb5_free_principal(context, princ);
+        krb5_free_cred_contents(context, &cred1);
+        krb5_free_cred_contents(context, &cred2);
+
+        /* Write a cache containing the test data. */
+        fd = open(filename, O_CREAT|O_TRUNC|O_RDWR, 0700);
+        if (fd == -1)
+            abort();
+        if (write(fd, t->header, t->headerlen) != (ssize_t)t->headerlen)
+            abort();
+        if (write(fd, t->princ, t->princlen) != (ssize_t)t->princlen)
+            abort();
+        if (write(fd, t->cred1, t->cred1len) != (ssize_t)t->cred1len)
+            abort();
+        if (write(fd, t->cred2, t->cred2len) != (ssize_t)t->cred2len)
+            abort();
+        close(fd);
+
+        /* Read the cache and verify that it matches. */
+        if (krb5_cc_resolve(context, ccname, &cache) != 0)
+            abort();
+        if (krb5_cc_get_principal(context, cache, &princ) != 0)
+            abort();
+        /* Not every version stores the time offset, but at least it shouldn't
+         * have changed from when we set it before. */
+        assert(context->os_context.time_offset == 300);
+        assert(context->os_context.usec_offset == 54321);
+        verify_princ(princ);
+        if (krb5_cc_start_seq_get(context, cache, &cursor) != 0)
+            abort();
+        if (krb5_cc_next_cred(context, cache, &cursor, &cred1) != 0)
+            abort();
+        verify_cred1(&cred1);
+        krb5_free_cred_contents(context, &cred1);
+        if (krb5_cc_next_cred(context, cache, &cursor, &cred2) != 0)
+            abort();
+        verify_cred2(&cred2);
+        krb5_free_cred_contents(context, &cred2);
+        if (krb5_cc_next_cred(context, cache, &cursor, &cred2) != KRB5_CC_END)
+            abort();
+        if (krb5_cc_end_seq_get(context, cache, &cursor) != 0)
+            abort();
+        if (krb5_cc_close(context, cache) != 0)
+            abort();
+        krb5_free_principal(context, princ);
+    }
+
+    (void)unlink(filename);
+    free(ccname);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_memory.c b/krb5-1.21.3/src/lib/krb5/ccache/t_memory.c
new file mode 100644
index 00000000..6d103a00
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_memory.c
@@ -0,0 +1,138 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_memory.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "mcc.h"
+
+krb5_data client1 = {
+#define DATA "client1-comp1"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_data client2 = {
+#define DATA "client1-comp2"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_data server1 = {
+#define DATA "server1-comp1"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_data server2 = {
+#define DATA "server1-comp2"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_creds test_creds = {
+    NULL,
+    NULL,
+    {
+        1,
+        1,
+        (unsigned char *) "1"
+    },
+    {
+        1111,
+        2222,
+        3333,
+        4444
+    },
+    1,
+    5555,
+    {
+#define TICKET "This is ticket 1"
+        sizeof(TICKET),
+        TICKET,
+#undef TICKET
+    },
+    {
+#define TICKET "This is ticket 2"
+        sizeof(TICKET),
+        TICKET,
+#undef TICKET
+    },
+};
+
+void
+init_test_cred()
+{
+    test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.client[0] = &client1;
+    test_creds.client[1] = &client2;
+    test_creds.client[2] = NULL;
+
+    test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.server[0] = &server1;
+    test_creds.server[1] = &server2;
+    test_creds.server[2] = NULL;
+}
+
+#define CHECK(kret,msg)                         \
+    if (kret != KRB5_OK) {                      \
+        printf("%s returned %d\n", msg, kret);  \
+    };
+
+void
+mcc_test()
+{
+    krb5_ccache id;
+    krb5_creds creds;
+    krb5_error_code kret;
+    krb5_cc_cursor cursor;
+
+    init_test_cred();
+
+    kret = krb5_mcc_resolve(context, &id, "/tmp/tkt_test");
+    CHECK(kret, "resolve");
+    kret = krb5_mcc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+    kret = krb5_mcc_store(context, id, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_mcc_start_seq_get(context, id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = 0;
+    while (kret != KRB5_CC_END) {
+        printf("Calling next_cred\n");
+        kret = krb5_mcc_next_cred(context, id, &cursor, &creds);
+        CHECK(kret, "next_cred");
+    }
+    kret = krb5_mcc_end_seq_get(context, id, &cursor);
+    CHECK(kret, "end_seq_get");
+
+    kret = krb5_mcc_destroy(context, id);
+    CHECK(kret, "destroy");
+    kret = krb5_mcc_close(context, id);
+    CHECK(kret, "close");
+}
diff --git a/krb5-1.21.3/src/lib/krb5/ccache/t_stdio.c b/krb5-1.21.3/src/lib/krb5/ccache/t_stdio.c
new file mode 100644
index 00000000..15185e30
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/ccache/t_stdio.c
@@ -0,0 +1,168 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/ccache/t_stdio.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "scc.h"
+
+krb5_data client1 = {
+#define DATA "client1-comp1"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_data client2 = {
+#define DATA "client1-comp2"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_data server1 = {
+#define DATA "server1-comp1"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+krb5_data server2 = {
+#define DATA "server1-comp2"
+    sizeof(DATA),
+    DATA,
+#undef DATA
+};
+
+int x = 0x12345;
+krb5_address addr = {
+    ADDRTYPE_INET,
+    4,
+    (krb5_octet *) &x,
+};
+
+krb5_address *addrs[] = {
+    &addr,
+    0,
+};
+
+krb5_creds test_creds = {
+    NULL,
+    NULL,
+    {
+        1,
+        1,
+        (unsigned char *) "1"
+    },
+    {
+        1111,
+        2222,
+        3333,
+        4444,
+    },
+    1,
+    5555,
+    addrs,
+    {
+#define TICKET "This is ticket 1"
+        sizeof(TICKET),
+        TICKET,
+#undef TICKET
+    },
+    {
+#define TICKET "This is ticket 2"
+        sizeof(TICKET),
+        TICKET,
+#undef TICKET
+    },
+};
+
+void
+init_test_cred()
+{
+    test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.client[0] = &client1;
+    test_creds.client[1] = &client2;
+    test_creds.client[2] = NULL;
+
+    test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.server[0] = &server1;
+    test_creds.server[1] = &server2;
+    test_creds.server[2] = NULL;
+}
+
+#define CHECK(kret,msg)                         \
+    if (kret != KRB5_OK) {                      \
+        com_err(msg, kret, "");                 \
+    } else printf("%s went ok\n", msg);
+
+int flags = 0;
+void
+scc_test()
+{
+    krb5_ccache id;
+    krb5_creds creds;
+    krb5_error_code kret;
+    krb5_cc_cursor cursor;
+
+    init_test_cred();
+
+    kret = krb5_scc_resolve(context, &id, "/tmp/tkt_test");
+    CHECK(kret, "resolve");
+    kret = krb5_scc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+    kret = krb5_scc_store(id, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_scc_set_flags (id, flags);
+    CHECK(kret, "set_flags");
+    kret = krb5_scc_start_seq_get(id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = 0;
+    while (kret != KRB5_CC_END) {
+        printf("Calling next_cred\n");
+        kret = krb5_scc_next_cred(id, &cursor, &creds);
+        CHECK(kret, "next_cred");
+    }
+    kret = krb5_scc_end_seq_get(id, &cursor);
+    CHECK(kret, "end_seq_get");
+
+    kret = krb5_scc_close(id);
+    CHECK(kret, "close");
+
+
+    kret = krb5_scc_resolve(&id, "/tmp/tkt_test");
+    CHECK(kret, "resolve");
+    kret = krb5_scc_destroy(id);
+    CHECK(kret, "destroy");
+}
+
+int remove (s) char*s; { return unlink(s); }
+int main () {
+    initialize_krb5_error_table ();
+    init_test_cred ();
+    scc_test ();
+    flags = !flags;
+    scc_test ();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/deps b/krb5-1.21.3/src/lib/krb5/deps
new file mode 100644
index 00000000..6fb333d9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/deps
@@ -0,0 +1,16 @@
+#
+# Generated makefile dependencies follow.
+#
+krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/ccache/cc-int.h $(srcdir)/keytab/kt-int.h \
+  $(srcdir)/os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  krb5_libinit.c krb5_libinit.h
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/Makefile.in b/krb5-1.21.3/src/lib/krb5/error_tables/Makefile.in
new file mode 100644
index 00000000..4e0591ef
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/Makefile.in
@@ -0,0 +1,63 @@
+mydir=lib$(S)krb5$(S)error_tables
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=error_tables
+##DOS##OBJFILE=..\$(OUTPRE)err_tbls.lst
+
+THDRDIR=$(BUILDTOP)$(S)include
+EHDRDIR=$(BUILDTOP)$(S)include
+ETDIR=$(top_srcdir)$(S)util$(S)et
+
+STLIBOBJS= asn1_err.o kdb5_err.o krb5_err.o k5e1_err.o \
+      kv5m_err.o krb524_err.o
+
+HDRS= asn1_err.h kdb5_err.h krb5_err.h k5e1_err.h kv5m_err.h krb524_err.h
+OBJS= $(OUTPRE)asn1_err.$(OBJEXT) $(OUTPRE)kdb5_err.$(OBJEXT) \
+      $(OUTPRE)krb5_err.$(OBJEXT) $(OUTPRE)k5e1_err.$(OBJEXT) \
+      $(OUTPRE)kv5m_err.$(OBJEXT) $(OUTPRE)krb524_err.$(OBJEXT)
+ETSRCS= asn1_err.c kdb5_err.c krb5_err.c k5e1_err.c kv5m_err.c krb524_err.c
+SRCS= asn1_err.c kdb5_err.c krb5_err.c k5e1_err.c kv5m_err.c krb524_err.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+all-libobjs: $(HDRS)
+
+includes: $(HDRS)
+
+awk-windows:
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=asn1_err.h asn1_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=kdb5_err.h kdb5_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=krb5_err.h krb5_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=k5e1_err.h k5e1_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=kv5m_err.h kv5m_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=krb524_err.h krb524_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=asn1_err.c asn1_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=kdb5_err.c kdb5_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=krb5_err.c krb5_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=k5e1_err.c k5e1_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=kv5m_err.c kv5m_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=krb524_err.c krb524_err.et
+	if exist asn1_err.h copy asn1_err.h "$(EHDRDIR)"
+	if exist kdb5_err.h copy kdb5_err.h "$(EHDRDIR)"
+	if exist krb5_err.h copy krb5_err.h "$(EHDRDIR)"
+	if exist k5e1_err.h copy k5e1_err.h "$(EHDRDIR)"
+	if exist kv5m_err.h copy kv5m_err.h "$(EHDRDIR)"
+	if exist krb524_err.h copy krb524_err.h "$(EHDRDIR)"
+
+#
+# dependencies for traditional makes
+#
+$(OUTPRE)asn1_err.$(OBJEXT): asn1_err.c
+$(OUTPRE)kdb5_err.$(OBJEXT): kdb5_err.c
+$(OUTPRE)krb5_err.$(OBJEXT): krb5_err.c
+$(OUTPRE)k5e1_err.$(OBJEXT): k5e1_err.c
+$(OUTPRE)kv5m_err.$(OBJEXT): kv5m_err.c
+$(OUTPRE)krb524_err.$(OBJEXT): krb524_err.c
+
+clean-unix:: clean-libobjs
+	$(RM) $(HDRS) $(ETSRCS)
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/asn1_err.et b/krb5-1.21.3/src/lib/krb5/error_tables/asn1_err.et
new file mode 100644
index 00000000..a448bb59
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/asn1_err.et
@@ -0,0 +1,16 @@
+error_table asn1
+error_code ASN1_BAD_TIMEFORMAT, "ASN.1 failed call to system time library"
+error_code ASN1_MISSING_FIELD, "ASN.1 structure is missing a required field"
+error_code ASN1_MISPLACED_FIELD, "ASN.1 unexpected field number"
+error_code ASN1_TYPE_MISMATCH, "ASN.1 type numbers are inconsistent"
+error_code ASN1_OVERFLOW, "ASN.1 value too large"
+error_code ASN1_OVERRUN, "ASN.1 encoding ended unexpectedly"
+error_code ASN1_BAD_ID, "ASN.1 identifier doesn't match expected value"
+error_code ASN1_BAD_LENGTH, "ASN.1 length doesn't match expected value"
+error_code ASN1_BAD_FORMAT, "ASN.1 badly-formatted encoding"
+error_code ASN1_PARSE_ERROR, "ASN.1 parse error"
+error_code ASN1_BAD_GMTIME, "ASN.1 bad return from gmtime"
+error_code ASN1_INDEF, "ASN.1 indefinite encoding"
+error_code ASN1_MISSING_EOC, "ASN.1 missing expected EOC"
+error_code ASN1_OMITTED, "ASN.1 object omitted in sequence"
+end
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/deps b/krb5-1.21.3/src/lib/krb5/error_tables/deps
new file mode 100644
index 00000000..48dbd129
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+asn1_err.so asn1_err.po $(OUTPRE)asn1_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) asn1_err.c
+kdb5_err.so kdb5_err.po $(OUTPRE)kdb5_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) kdb5_err.c
+krb5_err.so krb5_err.po $(OUTPRE)krb5_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) krb5_err.c
+k5e1_err.so k5e1_err.po $(OUTPRE)k5e1_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) k5e1_err.c
+kv5m_err.so kv5m_err.po $(OUTPRE)kv5m_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) kv5m_err.c
+krb524_err.so krb524_err.po $(OUTPRE)krb524_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) krb524_err.c
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/init_ets.c b/krb5-1.21.3/src/lib/krb5/error_tables/init_ets.c
new file mode 100644
index 00000000..e5e50c7e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/init_ets.c
@@ -0,0 +1,48 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/error_tables/init_ets.c - Initialize krb5 library error tables */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+void
+krb5_init_ets (krb5_context context)
+{
+    static int inited = 0;
+
+    if (inited == 0) {
+        initialize_krb5_error_table();
+        initialize_k5e1_error_table();
+        initialize_kv5m_error_table();
+        initialize_kdb5_error_table();
+        initialize_asn1_error_table();
+        initialize_k524_error_table();
+        inited++;
+    }
+}
+
+void
+krb5_free_ets (krb5_context context)
+{
+}
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/k5e1_err.et b/krb5-1.21.3/src/lib/krb5/error_tables/k5e1_err.et
new file mode 100644
index 00000000..593d63ea
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/k5e1_err.et
@@ -0,0 +1,47 @@
+#
+# lib/krb5/error_tables/k5e1_err.et
+#
+# Copyright 2010 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+#
+# The Kerberos v5 library error code expansion table (#1).
+# This table exists to hold new libkrb5 error codes since the
+# original krb5 error table is full.
+#
+error_table k5e1
+
+error_code KRB5_PLUGIN_VER_NOTSUPP, "Plugin does not support interface version"
+error_code KRB5_PLUGIN_BAD_MODULE_SPEC, "Invalid module specifier"
+error_code KRB5_PLUGIN_NAME_NOTFOUND, "Plugin module name not found"
+error_code KRB5KDC_ERR_DISCARD, "The KDC should discard this request"
+error_code KRB5_DCC_CANNOT_CREATE, "Can't create new subsidiary cache"
+error_code KRB5_KCC_INVALID_ANCHOR, "Invalid keyring anchor name"
+error_code KRB5_KCC_UNKNOWN_VERSION, "Unknown keyring collection version"
+error_code KRB5_KCC_INVALID_UID, "Invalid UID in persistent keyring name"
+error_code KRB5_KCM_MALFORMED_REPLY, "Malformed reply from KCM daemon"
+error_code KRB5_KCM_RPC_ERROR, "Mach RPC error communicating with KCM daemon"
+error_code KRB5_KCM_REPLY_TOO_BIG, "KCM daemon reply too big"
+error_code KRB5_KCM_NO_SERVER, "No KCM server found"
+error_code KRB5_CERTAUTH_HWAUTH, "Authorize and set hw-authent ticket flag"
+error_code KRB5_CERTAUTH_HWAUTH_PASS, "Set hw-authent ticket flag but do not authorize"
+end
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/kdb5_err.et b/krb5-1.21.3/src/lib/krb5/error_tables/kdb5_err.et
new file mode 100644
index 00000000..1b08ec1a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/kdb5_err.et
@@ -0,0 +1,89 @@
+#
+# lib/krb5/error_tables/kdb5_err.et
+#
+# Copyright 1990, 2008 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+#
+# The Kerberos v5 database library error code table.
+#
+error_table kdb5
+
+ec KRB5_KDB_RCSID,	"$Id$"
+# /* From the server side routines */
+ec KRB5_KDB_INUSE,		"Entry already exists in database"
+ec KRB5_KDB_UK_SERROR,		"Database store error"
+ec KRB5_KDB_UK_RERROR,		"Database read error"
+ec KRB5_KDB_UNAUTH,		"Insufficient access to perform requested operation"
+# KRB5_KDB_DATA isn't really an error, but...
+ec KRB5_KDB_NOENTRY,		"No such entry in the database"
+
+ec KRB5_KDB_ILL_WILDCARD,	"Illegal use of wildcard"
+
+ec KRB5_KDB_DB_INUSE,		"Database is locked or in use--try again later"
+
+ec KRB5_KDB_DB_CHANGED,		"Database was modified during read"
+
+ec KRB5_KDB_TRUNCATED_RECORD,	"Database record is incomplete or corrupted"
+ec KRB5_KDB_RECURSIVELOCK,	"Attempt to lock database twice"
+ec KRB5_KDB_NOTLOCKED,		"Attempt to unlock database when not locked"
+ec KRB5_KDB_BADLOCKMODE,	"Invalid kdb lock mode"
+ec KRB5_KDB_DBNOTINITED,	"Database has not been initialized"
+ec KRB5_KDB_DBINITED,		"Database has already been initialized"
+
+ec KRB5_KDB_ILLDIRECTION,	"Bad direction for converting keys"
+
+ec KRB5_KDB_NOMASTERKEY,	"Cannot find master key record in database"
+ec KRB5_KDB_BADMASTERKEY,	"Master key does not match database"
+ec KRB5_KDB_INVALIDKEYSIZE,	"Key size in database is invalid"
+ec KRB5_KDB_CANTREAD_STORED,	"Cannot find/read stored master key"
+ec KRB5_KDB_BADSTORED_MKEY,	"Stored master key is corrupted"
+ec KRB5_KDB_NOACTMASTERKEY,	"Cannot find active master key"
+ec KRB5_KDB_KVNONOMATCH,	"KVNO of new master key does not match expected value"
+ec KRB5_KDB_STORED_MKEY_NOTCURRENT,	"Stored master key is not current"
+
+ec KRB5_KDB_CANTLOCK_DB,	"Insufficient access to lock database"
+
+ec KRB5_KDB_DB_CORRUPT,		"Database format error"
+ec KRB5_KDB_BAD_VERSION,	"Unsupported version in database entry"
+
+ec KRB5_KDB_BAD_SALTTYPE,	"Unsupported salt type"
+ec KRB5_KDB_BAD_ENCTYPE,	"Unsupported encryption type"
+ec KRB5_KDB_BAD_CREATEFLAGS,	"Bad database creation flags"
+ec KRB5_KDB_NO_PERMITTED_KEY,	"No matching key in entry having a permitted enctype"
+ec KRB5_KDB_NO_MATCHING_KEY,	"No matching key in entry"
+ec KRB5_KDB_DBTYPE_NOTFOUND,	"Unable to find requested database type"
+ec KRB5_KDB_DBTYPE_NOSUP,	"Database type not supported"
+ec KRB5_KDB_DBTYPE_INIT,	"Database library failed to initialize"
+ec KRB5_KDB_SERVER_INTERNAL_ERR,   "Server error"
+ec KRB5_KDB_ACCESS_ERROR,       "Unable to access Kerberos database"
+ec KRB5_KDB_INTERNAL_ERROR,     "Kerberos database internal error"
+ec KRB5_KDB_CONSTRAINT_VIOLATION,  "Kerberos database constraints violated"
+ec KRB5_LOG_CONV,		"Update log conversion error"
+ec KRB5_LOG_UNSTABLE,		"Update log is unstable"
+ec KRB5_LOG_CORRUPT,		"Update log is corrupt"
+ec KRB5_LOG_ERROR,		"Generic update log error"
+ec KRB5_KDB_DBTYPE_MISMATCH,    "Database module does not match KDC version"
+ec KRB5_KDB_POLICY_REF,		"Policy is in use"
+ec KRB5_KDB_STRINGS_TOOLONG,    "Too much string mapping data"
+
+end
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/krb524_err.et b/krb5-1.21.3/src/lib/krb5/error_tables/krb524_err.et
new file mode 100644
index 00000000..5a4a004c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/krb524_err.et
@@ -0,0 +1,34 @@
+# Copyright 1994 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+# 
+
+error_table k524
+
+error_code KRB524_BADKEY, "Cannot convert V5 keyblock"
+error_code KRB524_BADADDR, "Cannot convert V5 address information"
+error_code KRB524_BADPRINC, "Cannot convert V5 principal"
+error_code KRB524_BADREALM, "V5 realm name longer than V4 maximum"
+error_code KRB524_V4ERR, "Kerberos V4 error"
+error_code KRB524_ENCFULL, "Encoding too large"
+error_code KRB524_DECEMPTY, "Decoding out of data"
+error_code KRB524_NOTRESP, "Service not responding"
+error_code KRB524_KRB4_DISABLED,	"Kerberos version 4 support is disabled"
+
+end
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/krb5_err.et b/krb5-1.21.3/src/lib/krb5/error_tables/krb5_err.et
new file mode 100644
index 00000000..74a576a7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/krb5_err.et
@@ -0,0 +1,356 @@
+#
+# lib/krb5/error_tables/krb5_err.et
+#
+# Copyright 1989,1990,1991,2007 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+#
+# The Kerberos v5 library error code table.
+# Protocol error codes are ERROR_TABLE_BASE_krb5 + the protocol error
+# code number; other error codes start at ERROR_TABLE_BASE_krb5 + 128.
+#
+error_table krb5
+
+
+#
+# Note: the first 128 error codes are hard-coded and must match the error
+# numbers defined in the Kerberos protocol specification, RFC-1510 or
+# its successors.
+#
+
+# vv 0
+error_code KRB5KDC_ERR_NONE,		"No error"
+error_code KRB5KDC_ERR_NAME_EXP,	"Client's entry in database has expired"
+error_code KRB5KDC_ERR_SERVICE_EXP,	"Server's entry in database has expired"
+error_code KRB5KDC_ERR_BAD_PVNO,	"Requested protocol version not supported"
+error_code KRB5KDC_ERR_C_OLD_MAST_KVNO,	"Client's key is encrypted in an old master key"
+error_code KRB5KDC_ERR_S_OLD_MAST_KVNO,	"Server's key is encrypted in an old master key"
+error_code KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "Client not found in Kerberos database"
+error_code KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "Server not found in Kerberos database"
+error_code KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "Principal has multiple entries in Kerberos database"
+error_code KRB5KDC_ERR_NULL_KEY,	"Client or server has a null key"
+error_code KRB5KDC_ERR_CANNOT_POSTDATE,	"Ticket is ineligible for postdating"
+error_code KRB5KDC_ERR_NEVER_VALID,	"Requested effective lifetime is negative or too short"
+error_code KRB5KDC_ERR_POLICY,		"KDC policy rejects request"
+error_code KRB5KDC_ERR_BADOPTION,	"KDC can't fulfill requested option"
+error_code KRB5KDC_ERR_ETYPE_NOSUPP,	"KDC has no support for encryption type"
+error_code KRB5KDC_ERR_SUMTYPE_NOSUPP,	"KDC has no support for checksum type"
+error_code KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KDC has no support for padata type"
+error_code KRB5KDC_ERR_TRTYPE_NOSUPP,	"KDC has no support for transited type"
+error_code KRB5KDC_ERR_CLIENT_REVOKED,	"Client's credentials have been revoked"
+error_code KRB5KDC_ERR_SERVICE_REVOKED,	"Credentials for server have been revoked"
+error_code KRB5KDC_ERR_TGT_REVOKED,	"TGT has been revoked"
+error_code KRB5KDC_ERR_CLIENT_NOTYET,	"Client not yet valid - try again later"
+error_code KRB5KDC_ERR_SERVICE_NOTYET,	"Server not yet valid - try again later"
+error_code KRB5KDC_ERR_KEY_EXP,  	"Password has expired"
+error_code KRB5KDC_ERR_PREAUTH_FAILED,  "Preauthentication failed"
+# ^^ 24
+error_code KRB5KDC_ERR_PREAUTH_REQUIRED, "Additional pre-authentication required"
+error_code KRB5KDC_ERR_SERVER_NOMATCH,	"Requested server and ticket don't match"
+error_code KRB5KDC_ERR_MUST_USE_USER2USER,  "Server principal valid for user2user only"
+error_code KRB5KDC_ERR_PATH_NOT_ACCEPTED,   "KDC policy rejects transited path"
+error_code KRB5KDC_ERR_SVC_UNAVAILABLE, "A service is not available that is required to process the request"
+error_code KRB5PLACEHOLD_30,		"KRB5 error code 30"
+# vv 31
+error_code KRB5KRB_AP_ERR_BAD_INTEGRITY, "Decrypt integrity check failed"
+error_code KRB5KRB_AP_ERR_TKT_EXPIRED,	"Ticket expired"
+error_code KRB5KRB_AP_ERR_TKT_NYV,	"Ticket not yet valid"
+error_code KRB5KRB_AP_ERR_REPEAT,	"Request is a replay"
+error_code KRB5KRB_AP_ERR_NOT_US,	"The ticket isn't for us"
+error_code KRB5KRB_AP_ERR_BADMATCH,	"Ticket/authenticator don't match"
+error_code KRB5KRB_AP_ERR_SKEW,	"Clock skew too great"
+error_code KRB5KRB_AP_ERR_BADADDR,	"Incorrect net address"
+error_code KRB5KRB_AP_ERR_BADVERSION,	"Protocol version mismatch"
+error_code KRB5KRB_AP_ERR_MSG_TYPE,	"Invalid message type"
+error_code KRB5KRB_AP_ERR_MODIFIED,	"Message stream modified"
+error_code KRB5KRB_AP_ERR_BADORDER,	"Message out of order"
+error_code KRB5KRB_AP_ERR_ILL_CR_TKT, "Illegal cross-realm ticket"
+error_code KRB5KRB_AP_ERR_BADKEYVER,	"Key version is not available"
+error_code KRB5KRB_AP_ERR_NOKEY,	"Service key not available"
+error_code KRB5KRB_AP_ERR_MUT_FAIL,	"Mutual authentication failed"
+error_code KRB5KRB_AP_ERR_BADDIRECTION,	"Incorrect message direction"
+error_code KRB5KRB_AP_ERR_METHOD,	"Alternative authentication method required"
+error_code KRB5KRB_AP_ERR_BADSEQ,	"Incorrect sequence number in message"
+error_code KRB5KRB_AP_ERR_INAPP_CKSUM,	"Inappropriate type of checksum in message"
+#^^ 50
+error_code KRB5KRB_AP_PATH_NOT_ACCEPTED,	"Policy rejects transited path"
+error_code KRB5KRB_ERR_RESPONSE_TOO_BIG,	"Response too big for UDP, retry with TCP"
+error_code KRB5PLACEHOLD_53,	"KRB5 error code 53"
+error_code KRB5PLACEHOLD_54,	"KRB5 error code 54"
+error_code KRB5PLACEHOLD_55,	"KRB5 error code 55"
+error_code KRB5PLACEHOLD_56,	"KRB5 error code 56"
+error_code KRB5PLACEHOLD_57,	"KRB5 error code 57"
+error_code KRB5PLACEHOLD_58,	"KRB5 error code 58"
+error_code KRB5PLACEHOLD_59,	"KRB5 error code 59"
+error_code KRB5KRB_ERR_GENERIC,	"Generic error (see e-text)"
+error_code KRB5KRB_ERR_FIELD_TOOLONG,	"Field is too long for this implementation"
+error_code KRB5KDC_ERR_CLIENT_NOT_TRUSTED,		"Client not trusted"
+error_code KRB5KDC_ERR_KDC_NOT_TRUSTED,			"KDC not trusted"
+error_code KRB5KDC_ERR_INVALID_SIG,			"Invalid signature"
+error_code KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED,	"Key parameters not accepted"
+error_code KRB5KDC_ERR_CERTIFICATE_MISMATCH,		"Certificate mismatch"
+error_code KRB5KRB_AP_ERR_NO_TGT,			"No ticket granting ticket"
+error_code KRB5KDC_ERR_WRONG_REALM,			"Realm not local to KDC"
+error_code KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED,	"User to user required"
+error_code KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE,		"Can't verify certificate"
+error_code KRB5KDC_ERR_INVALID_CERTIFICATE,		"Invalid certificate"
+error_code KRB5KDC_ERR_REVOKED_CERTIFICATE,		"Revoked certificate"
+error_code KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN,	"Revocation status unknown"
+error_code KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE,	"Revocation status unavailable"
+error_code KRB5KDC_ERR_CLIENT_NAME_MISMATCH,		"Client name mismatch"
+error_code KRB5KDC_ERR_KDC_NAME_MISMATCH,		"KDC name mismatch"
+error_code KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE,	"Inconsistent key purpose"
+error_code KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED,	"Digest in certificate not accepted"
+error_code KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED,	"Checksum must be included"
+error_code KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED,	"Digest in signed-data not accepted"
+error_code KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED,	"Public key encryption not supported"
+error_code KRB5PLACEHOLD_82,	"KRB5 error code 82"
+error_code KRB5PLACEHOLD_83,	"KRB5 error code 83"
+error_code KRB5PLACEHOLD_84,	"KRB5 error code 84"
+error_code KRB5KRB_AP_ERR_IAKERB_KDC_NOT_FOUND,         "The IAKERB proxy could not find a KDC"
+error_code KRB5KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE,	"The KDC did not respond to the IAKERB proxy"
+error_code KRB5PLACEHOLD_87,	"KRB5 error code 87"
+error_code KRB5PLACEHOLD_88,	"KRB5 error code 88"
+error_code KRB5PLACEHOLD_89,	"KRB5 error code 89"
+error_code KRB5KDC_ERR_PREAUTH_EXPIRED,			"Preauthentication expired"
+error_code KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED,	"More preauthentication data is required"
+error_code KRB5PLACEHOLD_92,	"KRB5 error code 92"
+error_code KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION, "An unsupported critical FAST option was requested"
+error_code KRB5PLACEHOLD_94,	"KRB5 error code 94"
+error_code KRB5PLACEHOLD_95,	"KRB5 error code 95"
+error_code KRB5PLACEHOLD_96,	"KRB5 error code 96"
+error_code KRB5PLACEHOLD_97,	"KRB5 error code 97"
+error_code KRB5PLACEHOLD_98,	"KRB5 error code 98"
+error_code KRB5PLACEHOLD_99,	"KRB5 error code 99"
+error_code KRB5KDC_ERR_NO_ACCEPTABLE_KDF,		"No acceptable KDF offered"
+error_code KRB5PLACEHOLD_101,	"KRB5 error code 101"
+error_code KRB5PLACEHOLD_102,	"KRB5 error code 102"
+error_code KRB5PLACEHOLD_103,	"KRB5 error code 103"
+error_code KRB5PLACEHOLD_104,	"KRB5 error code 104"
+error_code KRB5PLACEHOLD_105,	"KRB5 error code 105"
+error_code KRB5PLACEHOLD_106,	"KRB5 error code 106"
+error_code KRB5PLACEHOLD_107,	"KRB5 error code 107"
+error_code KRB5PLACEHOLD_108,	"KRB5 error code 108"
+error_code KRB5PLACEHOLD_109,	"KRB5 error code 109"
+error_code KRB5PLACEHOLD_110,	"KRB5 error code 110"
+error_code KRB5PLACEHOLD_111,	"KRB5 error code 111"
+error_code KRB5PLACEHOLD_112,	"KRB5 error code 112"
+error_code KRB5PLACEHOLD_113,	"KRB5 error code 113"
+error_code KRB5PLACEHOLD_114,	"KRB5 error code 114"
+error_code KRB5PLACEHOLD_115,	"KRB5 error code 115"
+error_code KRB5PLACEHOLD_116,	"KRB5 error code 116"
+error_code KRB5PLACEHOLD_117,	"KRB5 error code 117"
+error_code KRB5PLACEHOLD_118,	"KRB5 error code 118"
+error_code KRB5PLACEHOLD_119,	"KRB5 error code 119"
+error_code KRB5PLACEHOLD_120,	"KRB5 error code 120"
+error_code KRB5PLACEHOLD_121,	"KRB5 error code 121"
+error_code KRB5PLACEHOLD_122,	"KRB5 error code 122"
+error_code KRB5PLACEHOLD_123,	"KRB5 error code 123"
+error_code KRB5PLACEHOLD_124,	"KRB5 error code 124"
+error_code KRB5PLACEHOLD_125,	"KRB5 error code 125"
+error_code KRB5PLACEHOLD_126,	"KRB5 error code 126"
+error_code KRB5PLACEHOLD_127,	"KRB5 error code 127"
+
+error_code KRB5_ERR_RCSID,	"$Id$"
+
+error_code KRB5_LIBOS_BADLOCKFLAG,	"Invalid flag for file lock mode"
+error_code KRB5_LIBOS_CANTREADPWD,	"Cannot read password"
+error_code KRB5_LIBOS_BADPWDMATCH,	"Password mismatch"
+error_code KRB5_LIBOS_PWDINTR,		"Password read interrupted"
+
+error_code KRB5_PARSE_ILLCHAR,		"Illegal character in component name"
+error_code KRB5_PARSE_MALFORMED,	"Malformed representation of principal"
+
+error_code KRB5_CONFIG_CANTOPEN,	"Can't open/find Kerberos configuration file"
+error_code KRB5_CONFIG_BADFORMAT,	"Improper format of Kerberos configuration file"
+error_code KRB5_CONFIG_NOTENUFSPACE,	"Insufficient space to return complete information"
+
+error_code KRB5_BADMSGTYPE,		"Invalid message type specified for encoding"
+
+error_code KRB5_CC_BADNAME,		"Credential cache name malformed"
+error_code KRB5_CC_UNKNOWN_TYPE,	"Unknown credential cache type" 
+error_code KRB5_CC_NOTFOUND,		"Matching credential not found"
+error_code KRB5_CC_END,			"End of credential cache reached"
+
+error_code KRB5_NO_TKT_SUPPLIED,	"Request did not supply a ticket"
+
+error_code KRB5KRB_AP_WRONG_PRINC,		"Wrong principal in request"
+error_code KRB5KRB_AP_ERR_TKT_INVALID,	"Ticket has invalid flag set"
+
+error_code KRB5_PRINC_NOMATCH,		"Requested principal and ticket don't match"
+error_code KRB5_KDCREP_MODIFIED,	"KDC reply did not match expectations"
+error_code KRB5_KDCREP_SKEW,		"Clock skew too great in KDC reply"
+error_code KRB5_IN_TKT_REALM_MISMATCH,	"Client/server realm mismatch in initial ticket request"
+
+error_code KRB5_PROG_ETYPE_NOSUPP,	"Program lacks support for encryption type"
+error_code KRB5_PROG_KEYTYPE_NOSUPP,	"Program lacks support for key type"
+error_code KRB5_WRONG_ETYPE,		"Requested encryption type not used in message"
+error_code KRB5_PROG_SUMTYPE_NOSUPP,	"Program lacks support for checksum type"
+
+error_code KRB5_REALM_UNKNOWN,		"Cannot find KDC for requested realm"
+error_code KRB5_SERVICE_UNKNOWN,	"Kerberos service unknown"
+error_code KRB5_KDC_UNREACH,		"Cannot contact any KDC for requested realm"
+error_code KRB5_NO_LOCALNAME,		"No local name found for principal name"
+
+error_code KRB5_MUTUAL_FAILED,		"Mutual authentication failed"
+
+# some of these should be combined/supplanted by system codes
+
+error_code KRB5_RC_TYPE_EXISTS,		"Replay cache type is already registered"
+error_code KRB5_RC_MALLOC,		"No more memory to allocate (in replay cache code)"
+error_code KRB5_RC_TYPE_NOTFOUND,	"Replay cache type is unknown"
+error_code KRB5_RC_UNKNOWN,		"Generic unknown RC error"
+error_code KRB5_RC_REPLAY,		"Message is a replay"
+error_code KRB5_RC_IO,			"Replay cache I/O operation failed"
+error_code KRB5_RC_NOIO,		"Replay cache type does not support non-volatile storage"
+error_code KRB5_RC_PARSE,		"Replay cache name parse/format error"
+
+error_code KRB5_RC_IO_EOF,		"End-of-file on replay cache I/O"
+error_code KRB5_RC_IO_MALLOC,		"No more memory to allocate (in replay cache I/O code)"
+error_code KRB5_RC_IO_PERM,		"Permission denied in replay cache code"
+error_code KRB5_RC_IO_IO,		"I/O error in replay cache i/o code"
+error_code KRB5_RC_IO_UNKNOWN,		"Generic unknown RC/IO error"
+error_code KRB5_RC_IO_SPACE,		"Insufficient system space to store replay information"
+
+error_code KRB5_TRANS_CANTOPEN,		"Can't open/find realm translation file"
+error_code KRB5_TRANS_BADFORMAT,	"Improper format of realm translation file"
+
+error_code KRB5_LNAME_CANTOPEN,		"Can't open/find lname translation database"
+error_code KRB5_LNAME_NOTRANS,		"No translation available for requested principal"
+error_code KRB5_LNAME_BADFORMAT,	"Improper format of translation database entry"
+
+error_code KRB5_CRYPTO_INTERNAL,	"Cryptosystem internal error"
+
+error_code KRB5_KT_BADNAME,		"Key table name malformed"
+error_code KRB5_KT_UNKNOWN_TYPE,	"Unknown Key table type" 
+error_code KRB5_KT_NOTFOUND,		"Key table entry not found"
+error_code KRB5_KT_END,			"End of key table reached"
+error_code KRB5_KT_NOWRITE,		"Cannot write to specified key table"
+error_code KRB5_KT_IOERR,		"Error writing to key table"
+
+error_code KRB5_NO_TKT_IN_RLM,		"Cannot find ticket for requested realm"
+error_code KRB5DES_BAD_KEYPAR,		"DES key has bad parity"
+error_code KRB5DES_WEAK_KEY,		"DES key is a weak key"
+
+error_code KRB5_BAD_ENCTYPE,		"Bad encryption type"
+error_code KRB5_BAD_KEYSIZE,		"Key size is incompatible with encryption type"
+error_code KRB5_BAD_MSIZE,		"Message size is incompatible with encryption type"
+
+error_code KRB5_CC_TYPE_EXISTS,		"Credentials cache type is already registered."
+error_code KRB5_KT_TYPE_EXISTS,		"Key table type is already registered."
+
+error_code KRB5_CC_IO,			"Credentials cache I/O operation failed"
+error_code KRB5_FCC_PERM,		"Credentials cache permissions incorrect"
+error_code KRB5_FCC_NOFILE,		"No credentials cache found"
+error_code KRB5_FCC_INTERNAL,		"Internal credentials cache error"
+error_code KRB5_CC_WRITE,		"Error writing to credentials cache"
+error_code KRB5_CC_NOMEM,		"No more memory to allocate (in credentials cache code)"
+error_code KRB5_CC_FORMAT,		"Bad format in credentials cache"
+error_code KRB5_CC_NOT_KTYPE,		"No credentials found with supported encryption types"
+
+# errors for dual tgt library calls
+error_code KRB5_INVALID_FLAGS,		"Invalid KDC option combination (library internal error)"
+error_code KRB5_NO_2ND_TKT,		"Request missing second ticket"
+
+error_code KRB5_NOCREDS_SUPPLIED,	"No credentials supplied to library routine"
+
+# errors for sendauth (and recvauth)
+
+error_code KRB5_SENDAUTH_BADAUTHVERS,	"Bad sendauth version was sent"
+error_code KRB5_SENDAUTH_BADAPPLVERS,	"Bad application version was sent (via sendauth)"
+error_code KRB5_SENDAUTH_BADRESPONSE,	"Bad response (during sendauth exchange)"
+error_code KRB5_SENDAUTH_REJECTED,	"Server rejected authentication (during sendauth exchange)"
+
+# errors for preauthentication
+
+error_code KRB5_PREAUTH_BAD_TYPE,	"Unsupported preauthentication type"
+error_code KRB5_PREAUTH_NO_KEY,		"Required preauthentication key not supplied"
+error_code KRB5_PREAUTH_FAILED,		"Generic preauthentication failure"
+
+# version number errors
+
+error_code KRB5_RCACHE_BADVNO,	"Unsupported replay cache format version number"
+error_code KRB5_CCACHE_BADVNO,	"Unsupported credentials cache format version number"
+error_code KRB5_KEYTAB_BADVNO,	"Unsupported key table format version number"
+
+#
+#
+
+error_code KRB5_PROG_ATYPE_NOSUPP,	"Program lacks support for address type"
+error_code KRB5_RC_REQUIRED,	"Message replay detection requires rcache parameter"
+error_code KRB5_ERR_BAD_HOSTNAME,	"Hostname cannot be canonicalized"
+error_code KRB5_ERR_HOST_REALM_UNKNOWN,	"Cannot determine realm for host"
+error_code KRB5_SNAME_UNSUPP_NAMETYPE,	"Conversion to service principal undefined for name type"
+
+error_code KRB5KRB_AP_ERR_V4_REPLY, "Initial Ticket response appears to be Version 4 error"
+error_code KRB5_REALM_CANT_RESOLVE,	"Cannot resolve network address for KDC in requested realm"
+error_code KRB5_TKT_NOT_FORWARDABLE,	"Requesting ticket can't get forwardable tickets"
+error_code KRB5_FWD_BAD_PRINCIPAL, "Bad principal name while trying to forward credentials"
+
+error_code KRB5_GET_IN_TKT_LOOP,  "Looping detected inside krb5_get_in_tkt"
+error_code KRB5_CONFIG_NODEFREALM,	"Configuration file does not specify default realm"
+
+error_code KRB5_SAM_UNSUPPORTED,  "Bad SAM flags in obtain_sam_padata"
+error_code KRB5_SAM_INVALID_ETYPE,	"Invalid encryption type in SAM challenge"
+error_code KRB5_SAM_NO_CHECKSUM,	"Missing checksum in SAM challenge"
+error_code KRB5_SAM_BAD_CHECKSUM,	"Bad checksum in SAM challenge"
+error_code KRB5_KT_NAME_TOOLONG,	"Keytab name too long"
+error_code KRB5_KT_KVNONOTFOUND,	"Key version number for principal in key table is incorrect"
+error_code KRB5_APPL_EXPIRED,	"This application has expired"
+error_code KRB5_LIB_EXPIRED,	"This Krb5 library has expired"
+
+error_code KRB5_CHPW_PWDNULL,		"New password cannot be zero length"
+error_code KRB5_CHPW_FAIL,		"Password change failed"
+error_code KRB5_KT_FORMAT,		"Bad format in keytab"
+
+error_code KRB5_NOPERM_ETYPE,	"Encryption type not permitted"
+error_code KRB5_CONFIG_ETYPE_NOSUPP,	"No supported encryption types (config file error?)"
+error_code KRB5_OBSOLETE_FN,	"Program called an obsolete, deleted function"
+
+# translated versions of getaddrinfo errors
+error_code KRB5_EAI_FAIL,	"unknown getaddrinfo failure"
+error_code KRB5_EAI_NODATA,	"no data available for host/domain name"
+error_code KRB5_EAI_NONAME,	"host/domain name not found"
+error_code KRB5_EAI_SERVICE,	"service name unknown"
+
+error_code KRB5_ERR_NUMERIC_REALM, "Cannot determine realm for numeric host address"
+
+error_code KRB5_ERR_BAD_S2K_PARAMS, "Invalid key generation parameters from KDC"
+
+error_code KRB5_ERR_NO_SERVICE,	"service not available"
+
+error_code KRB5_CC_READONLY,    "Ccache function not supported: read-only ccache type"
+error_code KRB5_CC_NOSUPP,      "Ccache function not supported: not implemented"
+
+error_code KRB5_DELTAT_BADFORMAT,	"Invalid format of Kerberos lifetime or clock skew string"
+
+error_code KRB5_PLUGIN_NO_HANDLE,	"Supplied data not handled by this plugin"
+error_code KRB5_PLUGIN_OP_NOTSUPP,  "Plugin does not support the operation"
+
+error_code KRB5_ERR_INVALID_UTF8,	"Invalid UTF-8 string"
+error_code KRB5_ERR_FAST_REQUIRED, "FAST protected pre-authentication required but not supported by KDC"
+
+error_code KRB5_LOCAL_ADDR_REQUIRED,  "Auth context must contain local address"
+error_code KRB5_REMOTE_ADDR_REQUIRED, "Auth context must contain remote address"
+
+error_code KRB5_TRACE_NOSUPP, "Tracing unsupported"
+end
diff --git a/krb5-1.21.3/src/lib/krb5/error_tables/kv5m_err.et b/krb5-1.21.3/src/lib/krb5/error_tables/kv5m_err.et
new file mode 100644
index 00000000..6259adab
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/error_tables/kv5m_err.et
@@ -0,0 +1,93 @@
+#
+# src/lib/krb5/kv5m_err.et
+#
+# Copyright 1994 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+# 
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+# 
+#
+# The Kerberos v5 magic numbers errorcode table
+
+error_table kv5m
+
+error_code KV5M_NONE,		"Kerberos V5 magic number table"
+error_code KV5M_PRINCIPAL,	"Bad magic number for krb5_principal structure"
+error_code KV5M_DATA,		"Bad magic number for krb5_data structure"
+error_code KV5M_KEYBLOCK,	"Bad magic number for krb5_keyblock structure"
+error_code KV5M_CHECKSUM,	"Bad magic number for krb5_checksum structure"
+error_code KV5M_ENCRYPT_BLOCK,	"Bad magic number for krb5_encrypt_block structure"
+error_code KV5M_ENC_DATA,	"Bad magic number for krb5_enc_data structure"
+error_code KV5M_CRYPTOSYSTEM_ENTRY,	"Bad magic number for krb5_cryptosystem_entry structure"
+error_code KV5M_CS_TABLE_ENTRY,	"Bad magic number for krb5_cs_table_entry structure"
+error_code KV5M_CHECKSUM_ENTRY,	"Bad magic number for krb5_checksum_entry structure"
+
+error_code KV5M_AUTHDATA,	"Bad magic number for krb5_authdata structure"
+error_code KV5M_TRANSITED,	"Bad magic number for krb5_transited structure"
+error_code KV5M_ENC_TKT_PART,	"Bad magic number for krb5_enc_tkt_part structure"
+error_code KV5M_TICKET,		"Bad magic number for krb5_ticket structure"
+error_code KV5M_AUTHENTICATOR,	"Bad magic number for krb5_authenticator structure"
+error_code KV5M_TKT_AUTHENT,	"Bad magic number for krb5_tkt_authent structure"
+error_code KV5M_CREDS,		"Bad magic number for krb5_creds structure"
+error_code KV5M_LAST_REQ_ENTRY,	"Bad magic number for krb5_last_req_entry structure"
+error_code KV5M_PA_DATA,		"Bad magic number for krb5_pa_data structure"
+error_code KV5M_KDC_REQ,		"Bad magic number for krb5_kdc_req structure"
+error_code KV5M_ENC_KDC_REP_PART, "Bad magic number for krb5_enc_kdc_rep_part structure"
+error_code KV5M_KDC_REP,		"Bad magic number for krb5_kdc_rep structure"
+error_code KV5M_ERROR,		"Bad magic number for krb5_error structure"
+error_code KV5M_AP_REQ,		"Bad magic number for krb5_ap_req structure"
+error_code KV5M_AP_REP,		"Bad magic number for krb5_ap_rep structure"
+error_code KV5M_AP_REP_ENC_PART,	"Bad magic number for krb5_ap_rep_enc_part structure"
+error_code KV5M_RESPONSE,	"Bad magic number for krb5_response structure"
+error_code KV5M_SAFE,		"Bad magic number for krb5_safe structure"
+error_code KV5M_PRIV,		"Bad magic number for krb5_priv structure"
+error_code KV5M_PRIV_ENC_PART,	"Bad magic number for krb5_priv_enc_part structure"
+error_code KV5M_CRED,		"Bad magic number for krb5_cred structure"
+error_code KV5M_CRED_INFO,	"Bad magic number for krb5_cred_info structure"
+error_code KV5M_CRED_ENC_PART,	"Bad magic number for krb5_cred_enc_part structure"
+error_code KV5M_PWD_DATA,	"Bad magic number for krb5_pwd_data structure"
+error_code KV5M_ADDRESS,	"Bad magic number for krb5_address structure"
+error_code KV5M_KEYTAB_ENTRY,	"Bad magic number for krb5_keytab_entry structure"
+error_code KV5M_CONTEXT,	"Bad magic number for krb5_context structure"
+error_code KV5M_OS_CONTEXT,	"Bad magic number for krb5_os_context structure"
+error_code KV5M_ALT_METHOD,	"Bad magic number for krb5_alt_method structure"
+error_code KV5M_ETYPE_INFO_ENTRY, "Bad magic number for krb5_etype_info_entry structure"
+error_code KV5M_DB_CONTEXT,	"Bad magic number for krb5_db_context structure"
+error_code KV5M_AUTH_CONTEXT,	"Bad magic number for krb5_auth_context structure"
+error_code KV5M_KEYTAB,		"Bad magic number for krb5_keytab structure"
+error_code KV5M_RCACHE,		"Bad magic number for krb5_rcache structure"
+error_code KV5M_CCACHE,		"Bad magic number for krb5_ccache structure"
+error_code KV5M_PREAUTH_OPS,	"Bad magic number for krb5_preauth_ops"
+error_code KV5M_SAM_CHALLENGE,	"Bad magic number for krb5_sam_challenge"
+error_code KV5M_SAM_CHALLENGE_2,	"Bad magic number for krb5_sam_challenge_2"
+error_code KV5M_SAM_KEY,	"Bad magic number for krb5_sam_key"
+error_code KV5M_ENC_SAM_RESPONSE_ENC,	"Bad magic number for krb5_enc_sam_response_enc"
+error_code KV5M_ENC_SAM_RESPONSE_ENC_2,	"Bad magic number for krb5_enc_sam_response_enc"
+error_code KV5M_SAM_RESPONSE,	"Bad magic number for krb5_sam_response"
+error_code KV5M_SAM_RESPONSE_2,	"Bad magic number for krb5_sam_response 2"
+error_code KV5M_PREDICTED_SAM_RESPONSE,	"Bad magic number for krb5_predicted_sam_response"
+error_code KV5M_PASSWD_PHRASE_ELEMENT,	"Bad magic number for passwd_phrase_element"
+error_code KV5M_GSS_OID,	"Bad magic number for GSSAPI OID"
+error_code KV5M_GSS_QUEUE,	"Bad magic number for GSSAPI QUEUE"
+error_code KV5M_FAST_ARMORED_REQ, "Bad magic number for fast armored request"
+error_code KV5M_FAST_REQ, "Bad magic number for FAST request"
+error_code KV5M_FAST_RESPONSE, "Bad magic number for FAST response"
+error_code KV5M_AUTHDATA_CONTEXT,  "Bad magic number for krb5_authdata_context"
+end
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/Makefile.in b/krb5-1.21.3/src/lib/krb5/keytab/Makefile.in
new file mode 100644
index 00000000..4621bf71
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/Makefile.in
@@ -0,0 +1,69 @@
+mydir=lib$(S)krb5$(S)keytab
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=keytab
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+STLIBOBJS= \
+	ktadd.o		\
+	ktbase.o	\
+	ktdefault.o	\
+	ktfr_entry.o	\
+	ktremove.o	\
+	ktfns.o		\
+	kt_file.o	\
+	kt_memory.o	\
+	read_servi.o
+
+OBJS=	\
+	$(OUTPRE)ktadd.$(OBJEXT)		\
+	$(OUTPRE)ktbase.$(OBJEXT)	\
+	$(OUTPRE)ktdefault.$(OBJEXT)	\
+	$(OUTPRE)ktfr_entry.$(OBJEXT)	\
+	$(OUTPRE)ktremove.$(OBJEXT)	\
+	$(OUTPRE)ktfns.$(OBJEXT)	\
+	$(OUTPRE)kt_file.$(OBJEXT)	\
+	$(OUTPRE)kt_memory.$(OBJEXT)	\
+	$(OUTPRE)read_servi.$(OBJEXT)
+
+SRCS=	\
+	$(srcdir)/ktadd.c	\
+	$(srcdir)/ktbase.c	\
+	$(srcdir)/ktdefault.c	\
+	$(srcdir)/ktfr_entry.c	\
+	$(srcdir)/ktremove.c	\
+	$(srcdir)/ktfns.c	\
+	$(srcdir)/kt_file.c	\
+	$(srcdir)/kt_memory.c	\
+	$(srcdir)/read_servi.c
+
+EXTRADEPSRCS= \
+	$(srcdir)/t_keytab.c 
+
+all-windows: $(OBJFILE)
+
+##DOS$(OBJFILE): $(OBJS)
+##DOS	$(RM) $(OBJFILE)
+##WIN32##	$(LIBECHO) -p $(PREFIXDIR)\ $(OUTPRE)*.obj > $(OBJFILE)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+check-unix: t_keytab
+	$(RUN_TEST) ./t_keytab
+
+T_KEYTAB_OBJS = t_keytab.o
+t_keytab: $(T_KEYTAB_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_KEYTAB_OBJS) $(KRB5_BASE_LIBS)
+
+clean-unix::
+	$(RM) t_keytab t_keytab.o
+
+clean-windows::
+	@echo Making clean in krb5\keytab
+	$(RM) $(OBJFILE)
+
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/deps b/krb5-1.21.3/src/lib/krb5/keytab/deps
new file mode 100644
index 00000000..8ae40759
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/deps
@@ -0,0 +1,113 @@
+#
+# Generated makefile dependencies follow.
+#
+ktadd.so ktadd.po $(OUTPRE)ktadd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktadd.c
+ktbase.so ktbase.po $(OUTPRE)ktbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kt-int.h ktbase.c
+ktdefault.so ktdefault.po $(OUTPRE)ktdefault.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ktdefault.c
+ktfr_entry.so ktfr_entry.po $(OUTPRE)ktfr_entry.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ktfr_entry.c
+ktremove.so ktremove.po $(OUTPRE)ktremove.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ktremove.c
+ktfns.so ktfns.po $(OUTPRE)ktfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h \
+  $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ktfns.c
+kt_file.so kt_file.po $(OUTPRE)kt_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kt_file.c
+kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kt-int.h kt_memory.c
+read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  read_servi.c
+t_keytab.so t_keytab.po $(OUTPRE)t_keytab.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_keytab.c
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/kt-int.h b/krb5-1.21.3/src/lib/krb5/keytab/kt-int.h
new file mode 100644
index 00000000..b55118e2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/kt-int.h
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/kt-int.h */
+/*
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * This file contains constant and function declarations used in the
+ * file-based credential cache routines.
+ */
+
+#ifndef __KRB5_KEYTAB_INT_H__
+#define __KRB5_KEYTAB_INT_H__
+
+
+int krb5int_kt_initialize(void);
+
+void krb5int_kt_finalize(void);
+
+int krb5int_mkt_initialize(void);
+
+void krb5int_mkt_finalize(void);
+
+extern const krb5_kt_ops krb5_kt_dfl_ops;
+
+#endif /* __KRB5_KEYTAB_INT_H__ */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/kt_file.c b/krb5-1.21.3/src/lib/krb5/keytab/kt_file.c
new file mode 100644
index 00000000..e510211f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/kt_file.c
@@ -0,0 +1,1382 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/kt_file.c */
+/*
+ * Copyright 1990,1991,1995,2007,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) Hewlett-Packard Company 1991
+ * Released to the Massachusetts Institute of Technology for inclusion
+ * in the Kerberos source code distribution.
+ *
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+#include "../os/os-proto.h"
+#include <stdio.h>
+
+/*
+ * Information needed by internal routines of the file-based ticket
+ * cache implementation.
+ */
+
+
+/*
+ * Constants
+ */
+
+#define KRB5_KT_VNO_1   0x0501  /* krb v5, keytab version 1 (DCE compat) */
+#define KRB5_KT_VNO     0x0502  /* krb v5, keytab version 2 (standard)  */
+
+#define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO
+
+/*
+ * Types
+ */
+typedef struct _krb5_ktfile_data {
+    char *name;                 /* Name of the file */
+    FILE *openf;                /* open file, if any. */
+    char iobuf[BUFSIZ];         /* so we can zap it later */
+    int version;                /* Version number of keytab */
+    unsigned int iter_count;    /* Number of active iterators */
+    long start_offset;          /* Starting offset after version */
+    k5_mutex_t lock;            /* Protect openf, version */
+} krb5_ktfile_data;
+
+/*
+ * Some limitations:
+ *
+ * If the file OPENF is left open between calls, we have an iterator
+ * active, and OPENF is opened in read-only mode.  So, no changes
+ * can be made via that handle.
+ *
+ * An advisory file lock is used while the file is open.  Thus,
+ * multiple handles on the same underlying file cannot be used without
+ * disrupting the locking in effect.
+ *
+ * The start_offset field is only valid if the file is open.  It will
+ * almost certainly always be the same constant.  It's used so that
+ * if an iterator is active, and we start another one, we don't have
+ * to seek back to the start and re-read the version number to set
+ * the position for the iterator.
+ */
+
+/*
+ * Macros
+ */
+#define KTPRIVATE(id) ((krb5_ktfile_data *)(id)->data)
+#define KTFILENAME(id) (((krb5_ktfile_data *)(id)->data)->name)
+#define KTFILEP(id) (((krb5_ktfile_data *)(id)->data)->openf)
+#define KTFILEBUFP(id) (((krb5_ktfile_data *)(id)->data)->iobuf)
+#define KTVERSION(id) (((krb5_ktfile_data *)(id)->data)->version)
+#define KTITERS(id) (((krb5_ktfile_data *)(id)->data)->iter_count)
+#define KTSTARTOFF(id) (((krb5_ktfile_data *)(id)->data)->start_offset)
+#define KTLOCK(id) k5_mutex_lock(&((krb5_ktfile_data *)(id)->data)->lock)
+#define KTUNLOCK(id) k5_mutex_unlock(&((krb5_ktfile_data *)(id)->data)->lock)
+#define KTCHECKLOCK(id) k5_mutex_assert_locked(&((krb5_ktfile_data *)(id)->data)->lock)
+
+extern const struct _krb5_kt_ops krb5_ktf_ops;
+extern const struct _krb5_kt_ops krb5_ktf_writable_ops;
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_resolve(krb5_context, const char *, krb5_keytab *);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_get_name(krb5_context, krb5_keytab, char *, unsigned int);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_close(krb5_context, krb5_keytab);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_get_entry(krb5_context, krb5_keytab, krb5_const_principal,
+                      krb5_kvno, krb5_enctype, krb5_keytab_entry *);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *,
+                     krb5_kt_cursor *);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
+
+/* routines to be included on extended version (write routines) */
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_add(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_remove(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+static krb5_error_code
+krb5_ktfileint_openr(krb5_context, krb5_keytab);
+
+static krb5_error_code
+krb5_ktfileint_openw(krb5_context, krb5_keytab);
+
+static krb5_error_code
+krb5_ktfileint_close(krb5_context, krb5_keytab);
+
+static krb5_error_code
+krb5_ktfileint_read_entry(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+static krb5_error_code
+krb5_ktfileint_write_entry(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+static krb5_error_code
+krb5_ktfileint_delete_entry(krb5_context, krb5_keytab, krb5_int32);
+
+static krb5_error_code
+krb5_ktfileint_internal_read_entry(krb5_context, krb5_keytab,
+                                   krb5_keytab_entry *, krb5_int32 *);
+
+static krb5_error_code
+krb5_ktfileint_size_entry(krb5_context, krb5_keytab_entry *, krb5_int32 *);
+
+static krb5_error_code
+krb5_ktfileint_find_slot(krb5_context, krb5_keytab, krb5_int32 *,
+                         krb5_int32 *);
+
+
+/*
+ * This is an implementation specific resolver.  It returns a keytab id
+ * initialized with file keytab routines.
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_resolve(krb5_context context, const char *name,
+                    krb5_keytab *id_out)
+{
+    krb5_ktfile_data *data = NULL;
+    krb5_error_code err = ENOMEM;
+    krb5_keytab id;
+
+    *id_out = NULL;
+
+    id = calloc(1, sizeof(*id));
+    if (id == NULL)
+        return ENOMEM;
+
+    id->ops = &krb5_ktf_ops;
+    data = calloc(1, sizeof(krb5_ktfile_data));
+    if (data == NULL)
+        goto cleanup;
+
+    data->name = strdup(name);
+    if (data->name == NULL)
+        goto cleanup;
+
+    err = k5_mutex_init(&data->lock);
+    if (err)
+        goto cleanup;
+
+    data->openf = 0;
+    data->version = 0;
+    data->iter_count = 0;
+
+    id->data = (krb5_pointer) data;
+    id->magic = KV5M_KEYTAB;
+    *id_out = id;
+    return 0;
+cleanup:
+    if (data)
+        free(data->name);
+    free(data);
+    free(id);
+    return err;
+}
+
+
+/*
+ * "Close" a file-based keytab and invalidate the id.  This means
+ * free memory hidden in the structures.
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_close(krb5_context context, krb5_keytab id)
+/*
+ * This routine is responsible for freeing all memory allocated
+ * for this keytab.  There are no system resources that need
+ * to be freed nor are there any open files.
+ *
+ * This routine should undo anything done by krb5_ktfile_resolve().
+ */
+{
+    free(KTFILENAME(id));
+    zap(KTFILEBUFP(id), BUFSIZ);
+    k5_mutex_destroy(&((krb5_ktfile_data *)id->data)->lock);
+    free(id->data);
+    id->ops = 0;
+    free(id);
+    return (0);
+}
+
+/* Return true if k1 is more recent than k2, applying wraparound heuristics. */
+static krb5_boolean
+more_recent(const krb5_keytab_entry *k1, const krb5_keytab_entry *k2)
+{
+    /*
+     * If a small kvno was written at the same time or later than a large kvno,
+     * the kvno probably wrapped at some boundary, so consider the small kvno
+     * more recent.  Wraparound can happen due to pre-1.14 keytab file format
+     * limitations (8-bit kvno storage), pre-1.14 kadmin protocol limitations
+     * (8-bit kvno marshalling), or KDB limitations (16-bit kvno storage).
+     */
+    if (!ts_after(k2->timestamp, k1->timestamp) &&
+        k1->vno < 128 && k2->vno > 240)
+        return TRUE;
+    if (!ts_after(k1->timestamp, k2->timestamp) &&
+        k1->vno > 240 && k2->vno < 128)
+        return FALSE;
+
+    /* Otherwise do a simple version comparison. */
+    return k1->vno > k2->vno;
+}
+
+/*
+ * This is the get_entry routine for the file based keytab implementation.
+ * It opens the keytab file, and either retrieves the entry or returns
+ * an error.
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
+                      krb5_const_principal principal, krb5_kvno kvno,
+                      krb5_enctype enctype, krb5_keytab_entry *entry)
+{
+    krb5_keytab_entry cur_entry, new_entry;
+    krb5_error_code kerror = 0;
+    int found_wrong_kvno = 0;
+    int was_open;
+    char *princname;
+
+    KTLOCK(id);
+
+    if (KTFILEP(id) != NULL) {
+        was_open = 1;
+
+        if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) {
+            KTUNLOCK(id);
+            return errno;
+        }
+    } else {
+        was_open = 0;
+
+        /* Open the keyfile for reading */
+        if ((kerror = krb5_ktfileint_openr(context, id))) {
+            KTUNLOCK(id);
+            return(kerror);
+        }
+    }
+
+    /*
+     * For efficiency and simplicity, we'll use a while true that
+     * is exited with a break statement.
+     */
+    cur_entry.principal = 0;
+    cur_entry.vno = 0;
+    cur_entry.key.contents = 0;
+
+    while (TRUE) {
+        if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry)))
+            break;
+
+        /* by the time this loop exits, it must either free cur_entry,
+           and copy new_entry there, or free new_entry.  Otherwise, it
+           leaks. */
+
+        /* if the principal isn't the one requested, free new_entry
+           and continue to the next. */
+
+        if (!krb5_principal_compare(context, principal, new_entry.principal)) {
+            krb5_kt_free_entry(context, &new_entry);
+            continue;
+        }
+
+        /* If the enctype is not ignored and doesn't match, free new_entry and
+           continue to the next. */
+        if (enctype != IGNORE_ENCTYPE && enctype != new_entry.key.enctype) {
+            krb5_kt_free_entry(context, &new_entry);
+            continue;
+        }
+
+        if (kvno == IGNORE_VNO || new_entry.vno == IGNORE_VNO) {
+            /* If this entry is more recent (or the first match), free the
+             * current and keep the new.  Otherwise, free the new. */
+            if (cur_entry.principal == NULL ||
+                more_recent(&new_entry, &cur_entry)) {
+                krb5_kt_free_entry(context, &cur_entry);
+                cur_entry = new_entry;
+            } else {
+                krb5_kt_free_entry(context, &new_entry);
+            }
+        } else {
+            /*
+             * If this kvno matches exactly, free the current, keep the new,
+             * and break out.  If it matches the low 8 bits of the desired
+             * kvno, remember the first match (because the recorded kvno may
+             * have been truncated due to pre-1.14 keytab format or kadmin
+             * protocol limitations) but keep looking for an exact match.
+             * Otherwise, remember that we were here so we can return the right
+             * error, and free the new.
+             */
+            if (new_entry.vno == kvno) {
+                krb5_kt_free_entry(context, &cur_entry);
+                cur_entry = new_entry;
+                if (new_entry.vno == kvno)
+                    break;
+            } else if (new_entry.vno == (kvno & 0xff) &&
+                       cur_entry.principal == NULL) {
+                cur_entry = new_entry;
+            } else {
+                found_wrong_kvno++;
+                krb5_kt_free_entry(context, &new_entry);
+            }
+        }
+    }
+
+    if (kerror == KRB5_KT_END) {
+        if (cur_entry.principal)
+            kerror = 0;
+        else if (found_wrong_kvno)
+            kerror = KRB5_KT_KVNONOTFOUND;
+        else {
+            kerror = KRB5_KT_NOTFOUND;
+            if (krb5_unparse_name(context, principal, &princname) == 0) {
+                k5_setmsg(context, kerror,
+                          _("No key table entry found for %s"), princname);
+                free(princname);
+            }
+        }
+    }
+    if (kerror) {
+        if (was_open == 0)
+            (void) krb5_ktfileint_close(context, id);
+        KTUNLOCK(id);
+        krb5_kt_free_entry(context, &cur_entry);
+        return kerror;
+    }
+    if (was_open == 0 && (kerror = krb5_ktfileint_close(context, id)) != 0) {
+        KTUNLOCK(id);
+        krb5_kt_free_entry(context, &cur_entry);
+        return kerror;
+    }
+    KTUNLOCK(id);
+    *entry = cur_entry;
+    return 0;
+}
+
+/*
+ * Get the name of the file containing a file-based keytab.
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
+/*
+ * This routine returns the name of the name of the file associated with
+ * this file-based keytab.  name is zeroed and the filename is truncated
+ * to fit in name if necessary.  The name is prefixed with PREFIX:, so that
+ * trt will happen if the name is passed back to resolve.
+ */
+{
+    int result;
+
+    memset(name, 0, len);
+    result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id));
+    if (SNPRINTF_OVERFLOW(result, len))
+        return(KRB5_KT_NAME_TOOLONG);
+    return(0);
+}
+
+/*
+ * krb5_ktfile_start_seq_get()
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp)
+{
+    krb5_error_code retval;
+    long *fileoff;
+
+    KTLOCK(id);
+
+    if (KTITERS(id) == 0) {
+        if ((retval = krb5_ktfileint_openr(context, id))) {
+            KTUNLOCK(id);
+            return retval;
+        }
+    }
+
+    if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
+        if (KTITERS(id) == 0)
+            krb5_ktfileint_close(context, id);
+        KTUNLOCK(id);
+        return ENOMEM;
+    }
+    *fileoff = KTSTARTOFF(id);
+    *cursorp = (krb5_kt_cursor)fileoff;
+    KTITERS(id)++;
+    if (KTITERS(id) == 0) {
+        /* Wrapped?!  */
+        KTITERS(id)--;
+        KTUNLOCK(id);
+        k5_setmsg(context, KRB5_KT_IOERR, "Too many keytab iterators active");
+        return KRB5_KT_IOERR;   /* XXX */
+    }
+    KTUNLOCK(id);
+
+    return 0;
+}
+
+/*
+ * krb5_ktfile_get_next()
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+{
+    long *fileoff = (long *)*cursor;
+    krb5_keytab_entry cur_entry;
+    krb5_error_code kerror;
+
+    KTLOCK(id);
+    if (KTFILEP(id) == NULL) {
+        KTUNLOCK(id);
+        return KRB5_KT_IOERR;
+    }
+    if (fseek(KTFILEP(id), *fileoff, 0) == -1) {
+        KTUNLOCK(id);
+        return KRB5_KT_END;
+    }
+    if ((kerror = krb5_ktfileint_read_entry(context, id, &cur_entry))) {
+        KTUNLOCK(id);
+        return kerror;
+    }
+    *fileoff = ftell(KTFILEP(id));
+    *entry = cur_entry;
+    KTUNLOCK(id);
+    return 0;
+}
+
+/*
+ * krb5_ktfile_end_get()
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
+{
+    krb5_error_code kerror;
+
+    free(*cursor);
+    KTLOCK(id);
+    KTITERS(id)--;
+    if (KTFILEP(id) != NULL && KTITERS(id) == 0)
+        kerror = krb5_ktfileint_close(context, id);
+    else
+        kerror = 0;
+    KTUNLOCK(id);
+    return kerror;
+}
+
+/*
+ * krb5_ktfile_add()
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    krb5_error_code retval;
+
+    KTLOCK(id);
+    if (KTFILEP(id)) {
+        /* Iterator(s) active -- no changes.  */
+        KTUNLOCK(id);
+        k5_setmsg(context, KRB5_KT_IOERR,
+                  _("Cannot change keytab with keytab iterators active"));
+        return KRB5_KT_IOERR;   /* XXX */
+    }
+    if ((retval = krb5_ktfileint_openw(context, id))) {
+        KTUNLOCK(id);
+        return retval;
+    }
+    if (fseek(KTFILEP(id), 0, 2) == -1) {
+        KTUNLOCK(id);
+        return KRB5_KT_END;
+    }
+    retval = krb5_ktfileint_write_entry(context, id, entry);
+    krb5_ktfileint_close(context, id);
+    KTUNLOCK(id);
+    return retval;
+}
+
+/*
+ * krb5_ktfile_remove()
+ */
+
+static krb5_error_code KRB5_CALLCONV
+krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    krb5_keytab_entry   cur_entry;
+    krb5_error_code     kerror;
+    krb5_int32          delete_point;
+
+    KTLOCK(id);
+    if (KTFILEP(id)) {
+        /* Iterator(s) active -- no changes.  */
+        KTUNLOCK(id);
+        k5_setmsg(context, KRB5_KT_IOERR,
+                  _("Cannot change keytab with keytab iterators active"));
+        return KRB5_KT_IOERR;   /* XXX */
+    }
+
+    if ((kerror = krb5_ktfileint_openw(context, id))) {
+        KTUNLOCK(id);
+        return kerror;
+    }
+
+    /*
+     * For efficiency and simplicity, we'll use a while true that
+     * is exited with a break statement.
+     */
+    while (TRUE) {
+        if ((kerror = krb5_ktfileint_internal_read_entry(context, id,
+                                                         &cur_entry,
+                                                         &delete_point)))
+            break;
+
+        if ((entry->vno == cur_entry.vno) &&
+            (entry->key.enctype == cur_entry.key.enctype) &&
+            krb5_principal_compare(context, entry->principal, cur_entry.principal)) {
+            /* found a match */
+            krb5_kt_free_entry(context, &cur_entry);
+            break;
+        }
+        krb5_kt_free_entry(context, &cur_entry);
+    }
+
+    if (kerror == KRB5_KT_END)
+        kerror = KRB5_KT_NOTFOUND;
+
+    if (kerror) {
+        (void) krb5_ktfileint_close(context, id);
+        KTUNLOCK(id);
+        return kerror;
+    }
+
+    kerror = krb5_ktfileint_delete_entry(context, id, delete_point);
+
+    if (kerror) {
+        (void) krb5_ktfileint_close(context, id);
+    } else {
+        kerror = krb5_ktfileint_close(context, id);
+    }
+    KTUNLOCK(id);
+    return kerror;
+}
+
+/*
+ * krb5_ktf_ops
+ */
+
+const struct _krb5_kt_ops krb5_ktf_ops = {
+    0,
+    "FILE",     /* Prefix -- this string should not appear anywhere else! */
+    krb5_ktfile_resolve,
+    krb5_ktfile_get_name,
+    krb5_ktfile_close,
+    krb5_ktfile_get_entry,
+    krb5_ktfile_start_seq_get,
+    krb5_ktfile_get_next,
+    krb5_ktfile_end_get,
+    krb5_ktfile_add,
+    krb5_ktfile_remove
+};
+
+/*
+ * krb5_ktf_writable_ops -- this is the same as krb5_ktf_ops except for the
+ * prefix.  WRFILE should no longer be needed, but is effectively aliased to
+ * FILE for compatibility.
+ */
+
+const struct _krb5_kt_ops krb5_ktf_writable_ops = {
+    0,
+    "WRFILE",   /* Prefix -- this string should not appear anywhere else! */
+    krb5_ktfile_resolve,
+    krb5_ktfile_get_name,
+    krb5_ktfile_close,
+    krb5_ktfile_get_entry,
+    krb5_ktfile_start_seq_get,
+    krb5_ktfile_get_next,
+    krb5_ktfile_end_get,
+    krb5_ktfile_add,
+    krb5_ktfile_remove
+};
+
+/*
+ * krb5_kt_dfl_ops
+ */
+
+const krb5_kt_ops krb5_kt_dfl_ops = {
+    0,
+    "FILE",     /* Prefix -- this string should not appear anywhere else! */
+    krb5_ktfile_resolve,
+    krb5_ktfile_get_name,
+    krb5_ktfile_close,
+    krb5_ktfile_get_entry,
+    krb5_ktfile_start_seq_get,
+    krb5_ktfile_get_next,
+    krb5_ktfile_end_get,
+    0,
+    0
+};
+
+/* Formerly lib/krb5/keytab/file/ktf_util.c */
+
+/*
+ * This function contains utilities for the file based implementation of
+ * the keytab.  There are no public functions in this file.
+ *
+ * This file is the only one that has knowledge of the format of a
+ * keytab file.
+ *
+ * The format is as follows:
+ *
+ * <file format vno>
+ * <record length>
+ * principal timestamp vno key
+ * <record length>
+ * principal timestamp vno key
+ * ....
+ *
+ * A length field (sizeof(krb5_int32)) exists between entries.  When this
+ * length is positive it indicates an active entry, when negative a hole.
+ * The length indicates the size of the block in the file (this may be
+ * larger than the size of the next record, since we are using a first
+ * fit algorithm for re-using holes and the first fit may be larger than
+ * the entry we are writing).  Another (compatible) implementation could
+ * break up holes when allocating them to smaller entries to minimize
+ * wasted space.  (Such an implementation should also coalesce adjacent
+ * holes to reduce fragmentation).  This implementation does neither.
+ *
+ * There are no separators between fields of an entry.
+ * A principal is a length-encoded array of length-encoded strings.  The
+ * length is a krb5_int16 in each case.  The specific format, then, is
+ * multiple entries concatenated with no separators.  An entry has this
+ * exact format:
+ *
+ * sizeof(krb5_int16) bytes for number of components in the principal;
+ * then, each component listed in ordser.
+ * For each component, sizeof(krb5_int16) bytes for the number of bytes
+ * in the component, followed by the component.
+ * sizeof(krb5_int32) for the principal type (for KEYTAB V2 and higher)
+ * sizeof(krb5_int32) bytes for the timestamp
+ * sizeof(krb5_octet) bytes for the key version number
+ * sizeof(krb5_int16) bytes for the enctype
+ * sizeof(krb5_int16) bytes for the key length, followed by the key
+ */
+
+#ifndef SEEK_SET
+#define SEEK_SET 0
+#define SEEK_CUR 1
+#endif
+
+typedef krb5_int16  krb5_kt_vno;
+
+#define krb5_kt_default_vno ((krb5_kt_vno)KRB5_KT_DEFAULT_VNO)
+
+static krb5_error_code
+krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
+{
+    krb5_error_code kerror;
+    krb5_kt_vno kt_vno;
+    int writevno = 0;
+
+    KTCHECKLOCK(id);
+    errno = 0;
+    KTFILEP(id) = fopen(KTFILENAME(id),
+                        (mode == KRB5_LOCKMODE_EXCLUSIVE) ? "rb+" : "rb");
+    if (!KTFILEP(id)) {
+        if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) {
+            /* try making it first time around */
+            k5_create_secure_file(context, KTFILENAME(id));
+            errno = 0;
+            KTFILEP(id) = fopen(KTFILENAME(id), "rb+");
+            if (!KTFILEP(id))
+                goto report_errno;
+            writevno = 1;
+        } else {
+        report_errno:
+            switch (errno) {
+            case 0:
+                /* XXX */
+                return EMFILE;
+            case ENOENT:
+                k5_setmsg(context, ENOENT,
+                          _("Key table file '%s' not found"), KTFILENAME(id));
+                return ENOENT;
+            default:
+                return errno;
+            }
+        }
+    }
+    set_cloexec_file(KTFILEP(id));
+    if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) {
+        (void) fclose(KTFILEP(id));
+        KTFILEP(id) = 0;
+        return kerror;
+    }
+    /* assume ANSI or BSD-style stdio */
+    setbuf(KTFILEP(id), KTFILEBUFP(id));
+
+    /* get the vno and verify it */
+    if (writevno) {
+        kt_vno = htons(krb5_kt_default_vno);
+        KTVERSION(id) = krb5_kt_default_vno;
+        if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
+            kerror = errno;
+            (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
+            (void) fclose(KTFILEP(id));
+            KTFILEP(id) = 0;
+            return kerror;
+        }
+    } else {
+        /* gotta verify it instead... */
+        if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
+            if (feof(KTFILEP(id)))
+                kerror = KRB5_KEYTAB_BADVNO;
+            else
+                kerror = errno;
+            (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
+            (void) fclose(KTFILEP(id));
+            KTFILEP(id) = 0;
+            return kerror;
+        }
+        kt_vno = KTVERSION(id) = ntohs(kt_vno);
+        if ((kt_vno != KRB5_KT_VNO) &&
+            (kt_vno != KRB5_KT_VNO_1)) {
+            (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
+            (void) fclose(KTFILEP(id));
+            KTFILEP(id) = 0;
+            return KRB5_KEYTAB_BADVNO;
+        }
+    }
+    KTSTARTOFF(id) = ftell(KTFILEP(id));
+    return 0;
+}
+
+static krb5_error_code
+krb5_ktfileint_openr(krb5_context context, krb5_keytab id)
+{
+    return krb5_ktfileint_open(context, id, KRB5_LOCKMODE_SHARED);
+}
+
+static krb5_error_code
+krb5_ktfileint_openw(krb5_context context, krb5_keytab id)
+{
+    return krb5_ktfileint_open(context, id, KRB5_LOCKMODE_EXCLUSIVE);
+}
+
+static krb5_error_code
+krb5_ktfileint_close(krb5_context context, krb5_keytab id)
+{
+    krb5_error_code kerror;
+
+    KTCHECKLOCK(id);
+    if (!KTFILEP(id))
+        return 0;
+    kerror = krb5_unlock_file(context, fileno(KTFILEP(id)));
+    (void) fclose(KTFILEP(id));
+    KTFILEP(id) = 0;
+    return kerror;
+}
+
+static krb5_error_code
+krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 delete_point)
+{
+    krb5_int32  size;
+    krb5_int32  len;
+    char        iobuf[BUFSIZ];
+
+    KTCHECKLOCK(id);
+    if (fseek(KTFILEP(id), delete_point, SEEK_SET)) {
+        return errno;
+    }
+    if (!fread(&size, sizeof(size), 1, KTFILEP(id))) {
+        return KRB5_KT_END;
+    }
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        size = ntohl(size);
+
+    if (size > 0) {
+        krb5_int32 minus_size = -size;
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            minus_size = htonl(minus_size);
+
+        if (fseek(KTFILEP(id), delete_point, SEEK_SET)) {
+            return errno;
+        }
+
+        if (!fwrite(&minus_size, sizeof(minus_size), 1, KTFILEP(id))) {
+            return KRB5_KT_IOERR;
+        }
+
+        if (size < BUFSIZ) {
+            len = size;
+        } else {
+            len = BUFSIZ;
+        }
+
+        memset(iobuf, 0, (size_t) len);
+        while (size > 0) {
+            if (!fwrite(iobuf, 1, (size_t) len, KTFILEP(id))) {
+                return KRB5_KT_IOERR;
+            }
+            size -= len;
+            if (size < len) {
+                len = size;
+            }
+        }
+
+        return k5_sync_disk_file(context, KTFILEP(id));
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *ret_entry, krb5_int32 *delete_point)
+{
+    krb5_octet vno;
+    krb5_int16 count;
+    unsigned int u_count, u_princ_size;
+    krb5_int16 enctype;
+    krb5_int16 princ_size;
+    int i;
+    krb5_int32 size;
+    krb5_int32 start_pos, pos;
+    krb5_error_code error;
+    char        *tmpdata;
+    krb5_data   *princ;
+    uint32_t    vno32;
+
+    KTCHECKLOCK(id);
+    memset(ret_entry, 0, sizeof(krb5_keytab_entry));
+    ret_entry->magic = KV5M_KEYTAB_ENTRY;
+
+    /* fseek to synchronise buffered I/O on the key table. */
+
+    if (fseek(KTFILEP(id), 0L, SEEK_CUR) < 0)
+    {
+        return errno;
+    }
+
+    do {
+        *delete_point = ftell(KTFILEP(id));
+        if (!fread(&size, sizeof(size), 1, KTFILEP(id))) {
+            return KRB5_KT_END;
+        }
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            size = ntohl(size);
+
+        if (size < 0) {
+            if (size == INT32_MIN)  /* INT32_MIN inverts to itself. */
+                return KRB5_KT_FORMAT;
+            if (fseek(KTFILEP(id), -size, SEEK_CUR)) {
+                return errno;
+            }
+        }
+    } while (size < 0);
+
+    if (size == 0) {
+        return KRB5_KT_END;
+    }
+
+    start_pos = ftell(KTFILEP(id));
+
+    /* deal with guts of parsing... */
+
+    /* first, int16 with #princ components */
+    if (!fread(&count, sizeof(count), 1, KTFILEP(id)))
+        return KRB5_KT_END;
+    if (KTVERSION(id) == KRB5_KT_VNO_1) {
+        count -= 1;         /* V1 includes the realm in the count */
+    } else {
+        count = ntohs(count);
+    }
+    if (!count || (count < 0))
+        return KRB5_KT_END;
+    ret_entry->principal = (krb5_principal)malloc(sizeof(krb5_principal_data));
+    if (!ret_entry->principal)
+        return ENOMEM;
+
+    u_count = count;
+    ret_entry->principal->magic = KV5M_PRINCIPAL;
+    ret_entry->principal->length = u_count;
+    ret_entry->principal->data = (krb5_data *)
+        calloc(u_count, sizeof(krb5_data));
+    if (!ret_entry->principal->data) {
+        free(ret_entry->principal);
+        ret_entry->principal = 0;
+        return ENOMEM;
+    }
+
+    /* Now, get the realm data */
+    if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        princ_size = ntohs(princ_size);
+    if (!princ_size || (princ_size < 0)) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    u_princ_size = princ_size;
+
+    ret_entry->principal->realm.length = u_princ_size;
+    tmpdata = malloc(u_princ_size+1);
+    if (!tmpdata) {
+        error = ENOMEM;
+        goto fail;
+    }
+    if (fread(tmpdata, 1, u_princ_size, KTFILEP(id)) != (size_t) princ_size) {
+        free(tmpdata);
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    tmpdata[princ_size] = 0;    /* Some things might be expecting null */
+                                /* termination...  ``Be conservative in */
+                                /* what you send out'' */
+    ret_entry->principal->realm.data = tmpdata;
+
+    for (i = 0; i < count; i++) {
+        princ = &ret_entry->principal->data[i];
+        if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
+        }
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            princ_size = ntohs(princ_size);
+        if (!princ_size || (princ_size < 0)) {
+            error = KRB5_KT_END;
+            goto fail;
+        }
+
+        u_princ_size = princ_size;
+        princ->length = u_princ_size;
+        princ->data = malloc(u_princ_size+1);
+        if (!princ->data) {
+            error = ENOMEM;
+            goto fail;
+        }
+        if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
+        }
+        princ->data[princ_size] = 0; /* Null terminate */
+    }
+
+    /* read in the principal type, if we can get it */
+    if (KTVERSION(id) != KRB5_KT_VNO_1) {
+        if (!fread(&ret_entry->principal->type,
+                   sizeof(ret_entry->principal->type), 1, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
+        }
+        ret_entry->principal->type = ntohl(ret_entry->principal->type);
+    }
+
+    /* read in the timestamp */
+    if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        ret_entry->timestamp = ntohl(ret_entry->timestamp);
+
+    /* read in the version number */
+    if (!fread(&vno, sizeof(vno), 1, KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    ret_entry->vno = (krb5_kvno)vno;
+
+    /* key type */
+    if (!fread(&enctype, sizeof(enctype), 1, KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        enctype = ntohs(enctype);
+    ret_entry->key.enctype = (krb5_enctype)enctype;
+
+    /* key contents */
+    ret_entry->key.magic = KV5M_KEYBLOCK;
+
+    if (!fread(&count, sizeof(count), 1, KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        count = ntohs(count);
+    if (!count || (count < 0)) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+
+    u_count = count;
+    ret_entry->key.length = u_count;
+
+    ret_entry->key.contents = (krb5_octet *)malloc(u_count);
+    if (!ret_entry->key.contents) {
+        error = ENOMEM;
+        goto fail;
+    }
+    if (!fread(ret_entry->key.contents, sizeof(krb5_octet), count,
+               KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
+    }
+
+    /* Check for a 32-bit kvno extension if four or more bytes remain. */
+    pos = ftell(KTFILEP(id));
+    if (pos - start_pos + 4 <= size) {
+        if (!fread(&vno32, sizeof(vno32), 1, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
+        }
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            vno32 = ntohl(vno32);
+        /* If the value is 0, the bytes are just zero-fill. */
+        if (vno32)
+            ret_entry->vno = vno32;
+    }
+
+    /*
+     * Reposition file pointer to the next inter-record length field.
+     */
+    if (fseek(KTFILEP(id), start_pos + size, SEEK_SET) == -1) {
+        error = errno;
+        goto fail;
+    }
+
+    return 0;
+fail:
+
+    for (i = 0; i < ret_entry->principal->length; i++)
+        free(ret_entry->principal->data[i].data);
+    free(ret_entry->principal->data);
+    ret_entry->principal->data = 0;
+    free(ret_entry->principal);
+    ret_entry->principal = 0;
+    return error;
+}
+
+static krb5_error_code
+krb5_ktfileint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entryp)
+{
+    krb5_int32 delete_point;
+
+    return krb5_ktfileint_internal_read_entry(context, id, entryp, &delete_point);
+}
+
+static krb5_error_code
+krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    krb5_octet vno;
+    krb5_data *princ;
+    krb5_int16 count, size, enctype;
+    krb5_error_code retval = 0;
+    krb5_timestamp timestamp;
+    krb5_int32  princ_type;
+    krb5_int32  size_needed;
+    krb5_int32  commit_point = -1;
+    uint32_t    vno32;
+    int         i;
+
+    KTCHECKLOCK(id);
+    retval = krb5_ktfileint_size_entry(context, entry, &size_needed);
+    if (retval)
+        return retval;
+    retval = krb5_ktfileint_find_slot(context, id, &size_needed, &commit_point);
+    if (retval)
+        return retval;
+
+    /* fseek to synchronise buffered I/O on the key table. */
+    /* XXX Without the weird setbuf crock, can we get rid of this now?  */
+    if (fseek(KTFILEP(id), 0L, SEEK_CUR) < 0)
+    {
+        return errno;
+    }
+
+    if (KTVERSION(id) == KRB5_KT_VNO_1) {
+        count = (krb5_int16)entry->principal->length + 1;
+    } else {
+        count = htons((u_short)entry->principal->length);
+    }
+
+    if (!fwrite(&count, sizeof(count), 1, KTFILEP(id))) {
+    abend:
+        return KRB5_KT_IOERR;
+    }
+    size = entry->principal->realm.length;
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        size = htons(size);
+    if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
+        goto abend;
+    }
+    if (!fwrite(entry->principal->realm.data, sizeof(char),
+                entry->principal->realm.length, KTFILEP(id))) {
+        goto abend;
+    }
+
+    count = (krb5_int16)entry->principal->length;
+    for (i = 0; i < count; i++) {
+        princ = &entry->principal->data[i];
+        size = princ->length;
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            size = htons(size);
+        if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
+            goto abend;
+        }
+        if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) {
+            goto abend;
+        }
+    }
+
+    /*
+     * Write out the principal type
+     */
+    if (KTVERSION(id) != KRB5_KT_VNO_1) {
+        princ_type = htonl(entry->principal->type);
+        if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) {
+            goto abend;
+        }
+    }
+
+    /*
+     * Fill in the time of day the entry was written to the keytab.
+     */
+    if (krb5_timeofday(context, &entry->timestamp)) {
+        entry->timestamp = 0;
+    }
+    if (KTVERSION(id) == KRB5_KT_VNO_1)
+        timestamp = entry->timestamp;
+    else
+        timestamp = htonl(entry->timestamp);
+    if (!fwrite(&timestamp, sizeof(timestamp), 1, KTFILEP(id))) {
+        goto abend;
+    }
+
+    /* key version number */
+    vno = (krb5_octet)entry->vno;
+    if (!fwrite(&vno, sizeof(vno), 1, KTFILEP(id))) {
+        goto abend;
+    }
+    /* key type */
+    if (KTVERSION(id) == KRB5_KT_VNO_1)
+        enctype = entry->key.enctype;
+    else
+        enctype = htons(entry->key.enctype);
+    if (!fwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) {
+        goto abend;
+    }
+    /* key length */
+    if (KTVERSION(id) == KRB5_KT_VNO_1)
+        size = entry->key.length;
+    else
+        size = htons(entry->key.length);
+    if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
+        goto abend;
+    }
+    if (!fwrite(entry->key.contents, sizeof(krb5_octet),
+                entry->key.length, KTFILEP(id))) {
+        goto abend;
+    }
+
+    /* 32-bit key version number */
+    vno32 = entry->vno;
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        vno32 = htonl(vno32);
+    if (!fwrite(&vno32, sizeof(vno32), 1, KTFILEP(id)))
+        goto abend;
+
+    if (fflush(KTFILEP(id)))
+        goto abend;
+
+    retval = k5_sync_disk_file(context, KTFILEP(id));
+
+    if (retval) {
+        return retval;
+    }
+
+    if (fseek(KTFILEP(id), commit_point, SEEK_SET)) {
+        return errno;
+    }
+    if (KTVERSION(id) != KRB5_KT_VNO_1)
+        size_needed = htonl(size_needed);
+    if (!fwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) {
+        goto abend;
+    }
+    if (fflush(KTFILEP(id)))
+        goto abend;
+    retval = k5_sync_disk_file(context, KTFILEP(id));
+
+    return retval;
+}
+
+/*
+ * Determine the size needed for a file entry for the given
+ * keytab entry.
+ */
+static krb5_error_code
+krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_int32 *size_needed)
+{
+    krb5_int16 count;
+    krb5_int32 total_size, i;
+    krb5_error_code retval = 0;
+
+    count = (krb5_int16)entry->principal->length;
+
+    total_size = sizeof(count);
+    total_size += entry->principal->realm.length + sizeof(krb5_int16);
+
+    for (i = 0; i < count; i++)
+        total_size += entry->principal->data[i].length + sizeof(krb5_int16);
+
+    total_size += sizeof(entry->principal->type);
+    total_size += sizeof(entry->timestamp);
+    total_size += sizeof(krb5_octet);
+    total_size += sizeof(krb5_int16);
+    total_size += sizeof(krb5_int16) + entry->key.length;
+    total_size += sizeof(uint32_t);
+
+    *size_needed = total_size;
+    return retval;
+}
+
+/*
+ * Find and reserve a slot in the file for an entry of the needed size.
+ * The commit point will be set to the position in the file where the
+ * the length (sizeof(krb5_int32) bytes) of this node should be written
+ * when committing the write.  The file position left as a result of this
+ * call is the position where the actual data should be written.
+ *
+ * The size_needed argument may be adjusted if we find a hole that is
+ * larger than the size needed.  (Recall that size_needed will be used
+ * to commit the write, but that this field must indicate the size of the
+ * block in the file rather than the size of the actual entry)
+ */
+static krb5_error_code
+krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_needed, krb5_int32 *commit_point_ptr)
+{
+    FILE *fp;
+    krb5_int32 size, zero_point, commit_point;
+    krb5_kt_vno kt_vno;
+
+    KTCHECKLOCK(id);
+    fp = KTFILEP(id);
+    /* Skip over file version number. */
+    if (fseek(fp, 0, SEEK_SET))
+        return errno;
+    if (!fread(&kt_vno, sizeof(kt_vno), 1, fp))
+        return errno;
+
+    for (;;) {
+        commit_point = ftell(fp);
+        if (commit_point == -1)
+            return errno;
+        if (!fread(&size, sizeof(size), 1, fp)) {
+            /* Hit the end of file, reserve this slot. */
+            /* Necessary to avoid a later fseek failing on Solaris 10. */
+            if (fseek(fp, 0, SEEK_CUR))
+                return errno;
+            /* htonl(0) is 0, so no need to worry about byte order */
+            size = 0;
+            if (!fwrite(&size, sizeof(size), 1, fp))
+                return errno;
+            break;
+        }
+
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            size = ntohl(size);
+
+        if (size > 0) {
+            /* Non-empty record; seek past it. */
+            if (fseek(fp, size, SEEK_CUR))
+                return errno;
+        } else if (size < 0) {
+            /* Empty record; use if it's big enough, seek past otherwise. */
+            if (size == INT32_MIN)  /* INT32_MIN inverts to itself. */
+                return KRB5_KT_FORMAT;
+            size = -size;
+            if (size >= *size_needed) {
+                *size_needed = size;
+                break;
+            } else {
+                if (fseek(fp, size, SEEK_CUR))
+                    return errno;
+            }
+        } else {
+            /* Empty record at end of file; use it. */
+            /* Ensure the new record will be followed by another 0. */
+            zero_point = ftell(fp);
+            if (zero_point == -1)
+                return errno;
+            if (fseek(fp, *size_needed, SEEK_CUR))
+                return errno;
+            /* htonl(0) is 0, so no need to worry about byte order */
+            if (!fwrite(&size, sizeof(size), 1, fp))
+                return errno;
+            if (fseek(fp, zero_point, SEEK_SET))
+                return errno;
+            break;
+        }
+    }
+
+    *commit_point_ptr = commit_point;
+    return 0;
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c b/krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c
new file mode 100644
index 00000000..c0eb6e5d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c
@@ -0,0 +1,637 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/kt_memory.c */
+/*
+ * Copyright 2007 by Secure Endpoints Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include "kt-int.h"
+#include <stdio.h>
+
+#ifndef LEAN_CLIENT
+
+#define HEIMDAL_COMPATIBLE
+
+/*
+ * Information needed by internal routines of the file-based ticket
+ * cache implementation.
+ */
+
+
+/*
+ * Constants
+ */
+
+/*
+ * Types
+ */
+/* From krb5.h:
+ * typedef struct krb5_keytab_entry_st {
+ *    krb5_magic magic;
+ *    krb5_principal principal;    principal of this key
+ *    krb5_timestamp timestamp;    time entry written to keytable
+ *    krb5_kvno vno;               key version number
+ *    krb5_keyblock key;           the secret key
+ *} krb5_keytab_entry;
+ */
+
+/* Individual key entries within a table, in a linked list */
+typedef struct _krb5_mkt_link {
+    struct _krb5_mkt_link *next;
+    krb5_keytab_entry *entry;
+} krb5_mkt_link, *krb5_mkt_cursor;
+
+/* Per-keytab data header */
+typedef struct _krb5_mkt_data {
+    char               *name;           /* Name of the keytab */
+    k5_mutex_t          lock;           /* Thread-safety - all but link */
+    krb5_int32          refcount;
+    krb5_mkt_cursor     link;
+} krb5_mkt_data;
+
+/* List of memory key tables */
+typedef struct _krb5_mkt_list_node {
+    struct _krb5_mkt_list_node *next;
+    krb5_keytab keytab;
+} krb5_mkt_list_node;
+
+/* Iterator over memory key tables */
+typedef struct _krb5_mkt_ptcursor_data {
+    struct _krb5_mkt_list_node *cur;
+} krb5_mkt_ptcursor_data;
+
+/*
+ * Globals
+ */
+static krb5_mkt_list_node * krb5int_mkt_list = NULL;
+static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+
+/*
+ * Macros
+ */
+#define KTLOCK(id) k5_mutex_lock(&(((krb5_mkt_data *)(id)->data)->lock))
+#define KTUNLOCK(id) k5_mutex_unlock(&(((krb5_mkt_data *)(id)->data)->lock))
+#define KTCHECKLOCK(id) k5_mutex_assert_locked(&(((krb5_mkt_data *)(id)->data)->lock))
+
+#define KTGLOCK k5_mutex_lock(&krb5int_mkt_mutex)
+#define KTGUNLOCK k5_mutex_unlock(&krb5int_mkt_mutex)
+#define KTGCHECKLOCK k5_mutex_assert_locked(&krb5int_mkt_mutex)
+
+#define KTLINK(id) (((krb5_mkt_data *)(id)->data)->link)
+#define KTREFCNT(id) (((krb5_mkt_data *)(id)->data)->refcount)
+#define KTNAME(id) (((krb5_mkt_data *)(id)->data)->name)
+
+extern const struct _krb5_kt_ops krb5_mkt_ops;
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_resolve(krb5_context, const char *, krb5_keytab *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_name(krb5_context, krb5_keytab, char *, unsigned int);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_close(krb5_context, krb5_keytab);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_entry(krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno,
+                   krb5_enctype, krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_start_seq_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_next(krb5_context, krb5_keytab, krb5_keytab_entry *,
+                  krb5_kt_cursor *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_end_get(krb5_context, krb5_keytab, krb5_kt_cursor *);
+
+/* routines to be included on extended version (write routines) */
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_add(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_remove(krb5_context, krb5_keytab, krb5_keytab_entry *);
+
+int
+krb5int_mkt_initialize(void)
+{
+    return k5_mutex_finish_init(&krb5int_mkt_mutex);
+}
+
+void
+krb5int_mkt_finalize(void)
+{
+    krb5_mkt_list_node *node, *next_node;
+    krb5_mkt_cursor cursor, next_cursor;
+
+    k5_mutex_destroy(&krb5int_mkt_mutex);
+
+    for (node = krb5int_mkt_list; node; node = next_node) {
+        next_node = node->next;
+
+        /* destroy the contents of node->keytab */
+        free(KTNAME(node->keytab));
+
+        /* free the keytab entries */
+        for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
+            next_cursor = cursor->next;
+            /* the call to krb5_kt_free_entry uses a NULL in place of the
+             * krb5_context since we know that the context isn't used by
+             * krb5_kt_free_entry or krb5_free_principal. */
+            krb5_kt_free_entry(NULL, cursor->entry);
+            free(cursor->entry);
+            free(cursor);
+        }
+
+        /* destroy the lock */
+        k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock));
+
+        /* free the private data */
+        free(node->keytab->data);
+
+        /* and the keytab */
+        free(node->keytab);
+
+        /* and finally the node */
+        free(node);
+    }
+}
+
+static krb5_error_code
+create_list_node(const char *name, krb5_mkt_list_node **listp)
+{
+    krb5_mkt_list_node *list;
+    krb5_mkt_data *data = NULL;
+    krb5_error_code err;
+
+    *listp = NULL;
+
+    list = calloc(1, sizeof(krb5_mkt_list_node));
+    if (list == NULL) {
+        err = ENOMEM;
+        goto cleanup;
+    }
+
+    list->keytab = calloc(1, sizeof(struct _krb5_kt));
+    if (list->keytab == NULL) {
+        err = ENOMEM;
+        goto cleanup;
+    }
+    list->keytab->ops = &krb5_mkt_ops;
+
+    data = calloc(1, sizeof(krb5_mkt_data));
+    if (data == NULL) {
+        err = ENOMEM;
+        goto cleanup;
+    }
+    data->link = NULL;
+    data->refcount = 0;
+
+    data->name = strdup(name);
+    if (data->name == NULL) {
+        err = ENOMEM;
+        goto cleanup;
+    }
+
+    err = k5_mutex_init(&data->lock);
+    if (err)
+        goto cleanup;
+
+    list->keytab->data = data;
+    list->keytab->magic = KV5M_KEYTAB;
+    list->next = NULL;
+    *listp = list;
+    return 0;
+
+cleanup:
+    /* data->lock was initialized last, so no need to destroy. */
+    if (data)
+        free(data->name);
+    free(data);
+    if (list)
+        free(list->keytab);
+    free(list);
+    return err;
+}
+
+/*
+ * This is an implementation specific resolver.  It returns a keytab
+ * initialized with memory keytab routines.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id)
+{
+    krb5_mkt_list_node *list;
+    krb5_error_code err = 0;
+
+    *id = NULL;
+
+    /* First determine if a memory keytab of this name already exists */
+    KTGLOCK;
+
+    for (list = krb5int_mkt_list; list; list = list->next) {
+        if (strcmp(name,KTNAME(list->keytab)) == 0)
+            break;
+    }
+
+    if (!list) {
+        /* We will now create the new key table with the specified name.
+         * We do not drop the global lock, therefore the name will indeed
+         * be unique when we add it.
+         */
+        err = create_list_node(name, &list);
+        if (err)
+            goto done;
+        list->next = krb5int_mkt_list;
+        krb5int_mkt_list = list;
+    }
+
+    /* Increment the reference count on the keytab we found or created. */
+    KTLOCK(list->keytab);
+    KTREFCNT(list->keytab)++;
+    KTUNLOCK(list->keytab);
+    *id = list->keytab;
+done:
+    KTGUNLOCK;
+    return err;
+}
+
+
+/*
+ * "Close" a memory-based keytab.  This is effectively a no-op.
+ * We check to see if the keytab exists and that is about it.
+ * Closing a file keytab does not destroy the contents.  Closing
+ * a memory keytab shouldn't either.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_close(krb5_context context, krb5_keytab id)
+{
+    krb5_mkt_list_node **listp;
+#ifdef HEIMDAL_COMPATIBLE
+    krb5_mkt_list_node *node;
+    krb5_mkt_data * data;
+#endif
+    krb5_error_code err = 0;
+
+    /* First determine if a memory keytab of this name already exists */
+    KTGLOCK;
+
+    for (listp = &krb5int_mkt_list; *listp; listp = &((*listp)->next))
+    {
+        if (id == (*listp)->keytab) {
+            /* Found */
+            break;
+        }
+    }
+
+    if (*listp == NULL) {
+        /* The specified keytab could not be found */
+        err = KRB5_KT_NOTFOUND;
+        goto done;
+    }
+
+    /* reduce the refcount and return */
+    KTLOCK(id);
+    KTREFCNT(id)--;
+    KTUNLOCK(id);
+
+#ifdef HEIMDAL_COMPATIBLE
+    /* In Heimdal if the refcount hits 0, the MEMORY keytab is
+     * destroyed since there is no krb5_kt_destroy function.
+     * There is no need to lock the entry while performing
+     * these operations as the refcount will be 0 and we are
+     * holding the global lock.
+     */
+    data = (krb5_mkt_data *)id->data;
+    if (data->refcount == 0) {
+        krb5_mkt_cursor cursor, next_cursor;
+
+        node = *listp;
+        *listp = node->next;
+
+        /* destroy the contents of node->keytab (aka id) */
+        free(data->name);
+
+        /* free the keytab entries */
+        for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
+            next_cursor = cursor->next;
+
+            krb5_kt_free_entry(context, cursor->entry);
+            free(cursor->entry);
+            free(cursor);
+        }
+
+        /* destroy the lock */
+        k5_mutex_destroy(&(data->lock));
+
+        /* free the private data */
+        free(data);
+
+        /* and the keytab */
+        free(node->keytab);
+
+        /* and finally the node */
+        free(node);
+    }
+#endif /* HEIMDAL_COMPATIBLE */
+
+done:
+    KTGUNLOCK;
+    return(err);
+}
+
+/*
+ * This is the get_entry routine for the memory based keytab implementation.
+ * It either retrieves the entry or returns an error.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
+                   krb5_const_principal principal, krb5_kvno kvno,
+                   krb5_enctype enctype, krb5_keytab_entry *out_entry)
+{
+    krb5_mkt_cursor   cursor;
+    krb5_keytab_entry *entry, *match = NULL;
+    krb5_error_code err = 0;
+    int found_wrong_kvno = 0;
+    krb5_boolean similar = 0;
+
+    KTLOCK(id);
+
+    for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) {
+        entry = cursor->entry;
+
+        /* if the principal isn't the one requested, continue to the next. */
+
+        if (!krb5_principal_compare(context, principal, entry->principal))
+            continue;
+
+        /* if the enctype is not ignored and doesn't match,
+           and continue to the next */
+        if (enctype != IGNORE_ENCTYPE) {
+            if ((err = krb5_c_enctype_compare(context, enctype,
+                                              entry->key.enctype,
+                                              &similar))) {
+                /* we can't determine the enctype of the entry */
+                continue;
+            }
+
+            if (!similar)
+                continue;
+        }
+
+        if (kvno == IGNORE_VNO || entry->vno == IGNORE_VNO) {
+            if (match == NULL)
+                match = entry;
+            else if (entry->vno > match->vno)
+                match = entry;
+        } else {
+            if (entry->vno == kvno) {
+                match = entry;
+                break;
+            } else {
+                found_wrong_kvno++;
+            }
+        }
+    }
+
+    /* if we found an entry that matches, ... */
+    if (match) {
+        out_entry->magic = match->magic;
+        out_entry->timestamp = match->timestamp;
+        out_entry->vno = match->vno;
+        out_entry->key = match->key;
+        err = krb5_copy_keyblock_contents(context, &(match->key),
+                                          &(out_entry->key));
+        /*
+         * Coerce the enctype of the output keyblock in case we
+         * got an inexact match on the enctype.
+         */
+        if(enctype != IGNORE_ENCTYPE)
+            out_entry->key.enctype = enctype;
+        if(!err) {
+            err = krb5_copy_principal(context,
+                                      match->principal,
+                                      &(out_entry->principal));
+        }
+    } else {
+        if (!err)
+            err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND;
+    }
+
+    KTUNLOCK(id);
+    return(err);
+}
+
+/*
+ * Get the name of the memory-based keytab.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
+{
+    int result;
+
+    memset(name, 0, len);
+    result = snprintf(name, len, "%s:%s", id->ops->prefix, KTNAME(id));
+    if (SNPRINTF_OVERFLOW(result, len))
+        return(KRB5_KT_NAME_TOOLONG);
+    return(0);
+}
+
+/*
+ * krb5_mkt_start_seq_get()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp)
+{
+    KTLOCK(id);
+    *cursorp = (krb5_kt_cursor)KTLINK(id);
+    KTUNLOCK(id);
+
+    return(0);
+}
+
+/*
+ * krb5_mkt_get_next()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+{
+    krb5_mkt_cursor mkt_cursor = (krb5_mkt_cursor)*cursor;
+    krb5_error_code err = 0;
+
+    KTLOCK(id);
+
+    if (mkt_cursor == NULL) {
+        KTUNLOCK(id);
+        return KRB5_KT_END;
+    }
+
+    entry->magic = mkt_cursor->entry->magic;
+    entry->timestamp = mkt_cursor->entry->timestamp;
+    entry->vno = mkt_cursor->entry->vno;
+    entry->key = mkt_cursor->entry->key;
+    err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key),
+                                      &(entry->key));
+    if (!err)
+        err = krb5_copy_principal(context, mkt_cursor->entry->principal,
+                                  &(entry->principal));
+    if (!err)
+        *cursor = (krb5_kt_cursor *)mkt_cursor->next;
+    KTUNLOCK(id);
+    return(err);
+}
+
+/*
+ * krb5_mkt_end_get()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
+{
+    *cursor = NULL;
+    return(0);
+}
+
+
+/*
+ * krb5_mkt_add()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    krb5_error_code err = 0;
+    krb5_mkt_cursor cursor;
+
+    KTLOCK(id);
+
+    cursor = (krb5_mkt_cursor)malloc(sizeof(krb5_mkt_link));
+    if (cursor == NULL) {
+        err = ENOMEM;
+        goto done;
+    }
+    cursor->entry = (krb5_keytab_entry *)malloc(sizeof(krb5_keytab_entry));
+    if (cursor->entry == NULL) {
+        free(cursor);
+        err = ENOMEM;
+        goto done;
+    }
+    cursor->entry->magic = entry->magic;
+    cursor->entry->timestamp = entry->timestamp;
+    cursor->entry->vno = entry->vno;
+    err = krb5_copy_keyblock_contents(context, &(entry->key),
+                                      &(cursor->entry->key));
+    if (err) {
+        free(cursor->entry);
+        free(cursor);
+        goto done;
+    }
+
+    err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));
+    if (err) {
+        krb5_free_keyblock_contents(context, &(cursor->entry->key));
+        free(cursor->entry);
+        free(cursor);
+        goto done;
+    }
+
+    if (KTLINK(id) == NULL) {
+        cursor->next = NULL;
+        KTLINK(id) = cursor;
+    } else {
+        cursor->next = KTLINK(id);
+        KTLINK(id) = cursor;
+    }
+
+done:
+    KTUNLOCK(id);
+    return err;
+}
+
+/*
+ * krb5_mkt_remove()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    krb5_mkt_cursor *pcursor, next;
+    krb5_error_code err = 0;
+
+    KTLOCK(id);
+
+    if ( KTLINK(id) == NULL ) {
+        err = KRB5_KT_NOTFOUND;
+        goto done;
+    }
+
+    for ( pcursor = &KTLINK(id); *pcursor; pcursor = &(*pcursor)->next ) {
+        if ( (*pcursor)->entry->vno == entry->vno &&
+             (*pcursor)->entry->key.enctype == entry->key.enctype &&
+             krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal))
+            break;
+    }
+
+    if (!*pcursor) {
+        err = KRB5_KT_NOTFOUND;
+        goto done;
+    }
+
+    krb5_kt_free_entry(context, (*pcursor)->entry);
+    free((*pcursor)->entry);
+    next = (*pcursor)->next;
+    free(*pcursor);
+    (*pcursor) = next;
+
+done:
+    KTUNLOCK(id);
+    return err;
+}
+
+
+/*
+ * krb5_mkt_ops
+ */
+
+const struct _krb5_kt_ops krb5_mkt_ops = {
+    0,
+    "MEMORY",   /* Prefix -- this string should not appear anywhere else! */
+    krb5_mkt_resolve,
+    krb5_mkt_get_name,
+    krb5_mkt_close,
+    krb5_mkt_get_entry,
+    krb5_mkt_start_seq_get,
+    krb5_mkt_get_next,
+    krb5_mkt_end_get,
+    krb5_mkt_add,
+    krb5_mkt_remove
+};
+
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/ktadd.c b/krb5-1.21.3/src/lib/krb5/keytab/ktadd.c
new file mode 100644
index 00000000..71f47e7f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/ktadd.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/ktadd.c */
+/*
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#ifndef LEAN_CLIENT
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    if (id->ops->add)
+        return (*id->ops->add)(context, id, entry);
+    else
+        return KRB5_KT_NOWRITE;
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/ktbase.c b/krb5-1.21.3/src/lib/krb5/keytab/ktbase.c
new file mode 100644
index 00000000..9010b6e6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/ktbase.c
@@ -0,0 +1,221 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/ktbase.c - Registration functions for keytab */
+/*
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 2007 by Secure Endpoints Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include "k5-thread.h"
+#include "kt-int.h"
+
+#ifndef LEAN_CLIENT
+
+extern const krb5_kt_ops krb5_ktf_ops;
+extern const krb5_kt_ops krb5_ktf_writable_ops;
+extern const krb5_kt_ops krb5_mkt_ops;
+
+struct krb5_kt_typelist {
+    const krb5_kt_ops *ops;
+    const struct krb5_kt_typelist *next;
+};
+const static struct krb5_kt_typelist krb5_kt_typelist_memory = {
+    &krb5_mkt_ops,
+    NULL
+};
+const static struct krb5_kt_typelist krb5_kt_typelist_wrfile  = {
+    &krb5_ktf_writable_ops,
+    &krb5_kt_typelist_memory
+};
+const static struct krb5_kt_typelist krb5_kt_typelist_file  = {
+    &krb5_ktf_ops,
+    &krb5_kt_typelist_wrfile
+};
+
+static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_file;
+/* Lock for protecting the type list.  */
+static k5_mutex_t kt_typehead_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+
+int krb5int_kt_initialize(void)
+{
+    int err;
+
+    err = k5_mutex_finish_init(&kt_typehead_lock);
+    if (err)
+        goto done;
+    err = krb5int_mkt_initialize();
+    if (err)
+        goto done;
+
+done:
+    return(err);
+}
+
+void
+krb5int_kt_finalize(void)
+{
+    const struct krb5_kt_typelist *t, *t_next;
+
+    k5_mutex_destroy(&kt_typehead_lock);
+    for (t = kt_typehead; t != &krb5_kt_typelist_file; t = t_next) {
+        t_next = t->next;
+        free((struct krb5_kt_typelist *)t);
+    }
+
+    krb5int_mkt_finalize();
+}
+
+
+/*
+ * Register a new key table type
+ * don't replace if it already exists; return an error instead.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_register(krb5_context context, const krb5_kt_ops *ops)
+{
+    const struct krb5_kt_typelist *t;
+    struct krb5_kt_typelist *newt;
+
+    k5_mutex_lock(&kt_typehead_lock);
+    for (t = kt_typehead; t && strcmp(t->ops->prefix,ops->prefix);t = t->next)
+        ;
+    if (t) {
+        k5_mutex_unlock(&kt_typehead_lock);
+        return KRB5_KT_TYPE_EXISTS;
+    }
+    if (!(newt = (struct krb5_kt_typelist *) malloc(sizeof(*t)))) {
+        k5_mutex_unlock(&kt_typehead_lock);
+        return ENOMEM;
+    }
+    newt->next = kt_typehead;
+    newt->ops = ops;
+    kt_typehead = newt;
+    k5_mutex_unlock(&kt_typehead_lock);
+    return 0;
+}
+
+/*
+ * Resolve a key table name into a keytab object.
+ *
+ * The name is currently constrained to be of the form "type:residual";
+ *
+ * The "type" portion corresponds to one of the registered key table
+ * types, while the "residual" portion is specific to the
+ * particular keytab type.
+ */
+
+#include <ctype.h>
+krb5_error_code KRB5_CALLCONV
+krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
+{
+    const struct krb5_kt_typelist *tlist;
+    char *pfx = NULL;
+    unsigned int pfxlen;
+    const char *cp, *resid;
+    krb5_error_code err = 0;
+    krb5_keytab id;
+
+    *ktid = NULL;
+
+    cp = strchr (name, ':');
+    if (!cp)
+        return (*krb5_kt_dfl_ops.resolve)(context, name, ktid);
+
+    pfxlen = cp - name;
+
+    if ( pfxlen == 1 && isalpha((unsigned char) name[0]) ) {
+        /* We found a drive letter not a prefix - use FILE */
+        pfx = strdup("FILE");
+        if (!pfx)
+            return ENOMEM;
+
+        resid = name;
+    } else if (name[0] == '/') {
+        pfx = strdup("FILE");
+        if (!pfx)
+            return ENOMEM;
+        resid = name;
+    } else {
+        resid = name + pfxlen + 1;
+        pfx = k5memdup0(name, pfxlen, &err);
+        if (pfx == NULL)
+            return err;
+    }
+
+    *ktid = (krb5_keytab) 0;
+
+    k5_mutex_lock(&kt_typehead_lock);
+    tlist = kt_typehead;
+    /* Don't need to hold the lock, since entries are never modified
+       or removed once they're in the list.  Just need to protect
+       access to the list head variable itself.  */
+    k5_mutex_unlock(&kt_typehead_lock);
+    for (; tlist; tlist = tlist->next) {
+        if (strcmp (tlist->ops->prefix, pfx) == 0) {
+            err = (*tlist->ops->resolve)(context, resid, &id);
+            if (!err)
+                *ktid = id;
+            goto cleanup;
+        }
+    }
+    err = KRB5_KT_UNKNOWN_TYPE;
+
+cleanup:
+    free(pfx);
+    return err;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_dup(krb5_context context, krb5_keytab in, krb5_keytab *out)
+{
+    krb5_error_code err;
+    char name[BUFSIZ];
+
+    err = in->ops->get_name(context, in, name, sizeof(name));
+    return err ? err : krb5_kt_resolve(context, name, out);
+}
+
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/ktdefault.c b/krb5-1.21.3/src/lib/krb5/keytab/ktdefault.c
new file mode 100644
index 00000000..482d52ad
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/ktdefault.c
@@ -0,0 +1,62 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/ktdefault.c */
+/*
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Get a default keytab.
+ */
+
+#include "k5-int.h"
+#include "../os/os-proto.h"
+#include <stdio.h>
+
+#ifndef LEAN_CLIENT
+krb5_error_code KRB5_CALLCONV
+krb5_kt_default(krb5_context context, krb5_keytab *id)
+{
+    char defname[BUFSIZ];
+    krb5_error_code retval;
+
+    if ((retval = krb5_kt_default_name(context, defname, sizeof(defname))))
+        return retval;
+    return krb5_kt_resolve(context, defname, id);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_client_default(krb5_context context, krb5_keytab *keytab_out)
+{
+    krb5_error_code ret;
+    char *name;
+
+    ret = k5_kt_client_default_name(context, &name);
+    if (ret)
+        return ret;
+    ret = krb5_kt_resolve(context, name, keytab_out);
+    free(name);
+    return ret;
+}
+
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/ktfns.c b/krb5-1.21.3/src/lib/krb5/keytab/ktfns.c
new file mode 100644
index 00000000..d6658b35
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/ktfns.c
@@ -0,0 +1,214 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/ktfns.c */
+/*
+ * Copyright 2001,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Dispatch methods for keytab code.
+ */
+
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+#include "../krb/int-proto.h"
+#include "../os/os-proto.h"
+
+const char * KRB5_CALLCONV
+krb5_kt_get_type (krb5_context context, krb5_keytab keytab)
+{
+    return keytab->ops->prefix;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
+                 unsigned int namelen)
+{
+    return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_close(krb5_context context, krb5_keytab keytab)
+{
+    return krb5_x((keytab)->ops->close,(context, keytab));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+                  krb5_const_principal principal, krb5_kvno vno,
+                  krb5_enctype enctype, krb5_keytab_entry *entry)
+{
+    krb5_error_code err;
+    krb5_principal_data princ_data;
+
+    if (krb5_is_referral_realm(&principal->realm)) {
+        char *realm;
+        princ_data = *principal;
+        principal = &princ_data;
+        err = krb5_get_default_realm(context, &realm);
+        if (err)
+            return err;
+        princ_data.realm.data = realm;
+        princ_data.realm.length = strlen(realm);
+    }
+    err = krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype,
+                                     entry));
+    TRACE_KT_GET_ENTRY(context, keytab, principal, vno, enctype, err);
+    if (principal == &princ_data)
+        krb5_free_default_realm(context, princ_data.realm.data);
+    return err;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
+                      krb5_kt_cursor *cursor)
+{
+    return krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
+                   krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+{
+    return krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
+                    krb5_kt_cursor *cursor)
+{
+    return krb5_x((keytab)->ops->end_get,(context, keytab, cursor));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_have_content(krb5_context context, krb5_keytab keytab)
+{
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    krb5_error_code ret;
+    char name[1024];
+
+    /* If the keytab is not iterable, assume that it has content. */
+    if (keytab->ops->start_seq_get == NULL)
+        return 0;
+
+    /* See if we can get at least one entry via iteration. */
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+	goto no_entries;
+    ret = krb5_kt_next_entry(context, keytab, &entry, &cursor);
+    krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret)
+	goto no_entries;
+    krb5_kt_free_entry(context, &entry);
+    return 0;
+
+no_entries:
+    if (krb5_kt_get_name(context, keytab, name, sizeof(name)) == 0) {
+        k5_setmsg(context, KRB5_KT_NOTFOUND,
+                  _("Keytab %s is nonexistent or empty"), name);
+    }
+    return KRB5_KT_NOTFOUND;
+}
+
+static krb5_error_code
+match_entries(krb5_context context, krb5_keytab keytab,
+              krb5_const_principal mprinc)
+{
+    krb5_error_code ret;
+    krb5_keytab_entry ent;
+    krb5_kt_cursor cursor;
+    krb5_boolean match;
+
+    /* Scan the keytab for host-based entries matching accprinc. */
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+        return ret;
+    while ((ret = krb5_kt_next_entry(context, keytab, &ent, &cursor)) == 0) {
+        match = krb5_sname_match(context, mprinc, ent.principal);
+        (void)krb5_free_keytab_entry_contents(context, &ent);
+        if (match)
+            break;
+    }
+    (void)krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret && ret != KRB5_KT_END)
+        return ret;
+    return match ? 0 : KRB5_KT_NOTFOUND;
+}
+
+krb5_error_code
+k5_kt_have_match(krb5_context context, krb5_keytab keytab,
+                 krb5_principal mprinc)
+{
+    krb5_error_code ret;
+    struct canonprinc iter = { mprinc, .no_hostrealm = TRUE };
+    krb5_const_principal canonprinc = NULL;
+
+    /* Don't try to canonicalize if we're going to ignore hostnames. */
+    if (k5_sname_wildcard_host(context, mprinc))
+        return match_entries(context, keytab, mprinc);
+
+    while ((ret = k5_canonprinc(context, &iter, &canonprinc)) == 0 &&
+           canonprinc != NULL) {
+        ret = match_entries(context, keytab, canonprinc);
+        if (ret != KRB5_KT_NOTFOUND)
+            break;
+    }
+    free_canonprinc(&iter);
+    return (ret == 0 && canonprinc == NULL) ? KRB5_KT_NOTFOUND : ret;
+}
+
+/*
+ * In a couple of places we need to get a principal name from a keytab: when
+ * verifying credentials against a keytab, and when querying the name of a
+ * default GSS acceptor cred.  Keytabs do not have the concept of a default
+ * principal like ccaches do, so for now we just return the first principal
+ * listed in the keytab, or an error if it's not iterable.  In the future we
+ * could consider elevating this to a public API and giving keytab types an
+ * operation to return a default principal, and maybe extending the file format
+ * and tools to support it.  Returns KRB5_KT_NOTFOUND if the keytab is empty
+ * or non-iterable.
+ */
+krb5_error_code
+k5_kt_get_principal(krb5_context context, krb5_keytab keytab,
+                    krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry kte;
+
+    *princ_out = NULL;
+    if (keytab->ops->start_seq_get == NULL)
+        return KRB5_KT_NOTFOUND;
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+        return ret;
+    ret = krb5_kt_next_entry(context, keytab, &kte, &cursor);
+    (void)krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret)
+        return (ret == KRB5_KT_END) ? KRB5_KT_NOTFOUND : ret;
+    ret = krb5_copy_principal(context, kte.principal, princ_out);
+    krb5_kt_free_entry(context, &kte);
+    return ret;
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/ktfr_entry.c b/krb5-1.21.3/src/lib/krb5/keytab/ktfr_entry.c
new file mode 100644
index 00000000..c0048407
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/ktfr_entry.c
@@ -0,0 +1,50 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/ktfr_entry.c */
+/*
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_free_keytab_entry_contents (krb5_context context, krb5_keytab_entry *entry)
+{
+    if (!entry)
+        return 0;
+
+    krb5_free_principal(context, entry->principal);
+    if (entry->key.contents) {
+        zap((char *)entry->key.contents, entry->key.length);
+        free(entry->key.contents);
+    }
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *entry)
+{
+    return krb5_free_keytab_entry_contents (context, entry);
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/ktremove.c b/krb5-1.21.3/src/lib/krb5/keytab/ktremove.c
new file mode 100644
index 00000000..da6a4dff
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/ktremove.c
@@ -0,0 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/ktremove.c */
+/*
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+    if (id->ops->remove)
+        return (*id->ops->remove)(context, id, entry);
+    else
+        return KRB5_KT_NOWRITE;
+}
+#endif /* LEAN_CLIENT  */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/read_servi.c b/krb5-1.21.3/src/lib/krb5/keytab/read_servi.c
new file mode 100644
index 00000000..5d5edffc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/read_servi.c
@@ -0,0 +1,84 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/read_servi.c */
+/*
+ * Copyright 1990,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This routine is designed to be passed to krb5_rd_req.
+ * It is a convenience function that reads a key out of a keytab.
+ * It handles all of the opening and closing of the keytab
+ * internally.
+ */
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+
+#define KSUCCESS 0
+
+/*
+ * effects: If keyprocarg is not NULL, it is taken to be the name of a
+ *      keytab.  Otherwise, the default keytab will be used.  This
+ *      routine opens the keytab and finds the principal associated with
+ *      principal, vno, and enctype and returns the resulting key in *key
+ *      or returning an error code if it is not found.
+ * returns: Either KSUCCESS or error code.
+ * errors: error code if not found or keyprocarg is invalid.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock **key)
+{
+    krb5_error_code kerror = KSUCCESS;
+    char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */
+    krb5_keytab id;
+    krb5_keytab_entry entry;
+
+    /*
+     * Get the name of the file that we should use.
+     */
+    if (!keyprocarg) {
+        if ((kerror = krb5_kt_default_name(context, (char *)keytabname,
+                                           sizeof(keytabname) - 1))!= KSUCCESS)
+            return (kerror);
+    } else {
+        memset(keytabname, 0, sizeof(keytabname));
+        (void) strncpy(keytabname, (char *)keyprocarg,
+                       sizeof(keytabname) - 1);
+    }
+
+    if ((kerror = krb5_kt_resolve(context, (char *)keytabname, &id)))
+        return (kerror);
+
+    kerror = krb5_kt_get_entry(context, id, principal, vno, enctype, &entry);
+    krb5_kt_close(context, id);
+
+    if (kerror)
+        return(kerror);
+
+    krb5_copy_keyblock(context, &entry.key, key);
+
+    krb5_kt_free_entry(context, &entry);
+
+    return (KSUCCESS);
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/keytab/t_keytab.c b/krb5-1.21.3/src/lib/krb5/keytab/t_keytab.c
new file mode 100644
index 00000000..aa5153c9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/keytab/t_keytab.c
@@ -0,0 +1,445 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/keytab/t_keytab.c - Tests for keytab interface */
+/*
+ * Copyright (C) 2007 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "autoconf.h"
+#include <stdio.h>
+#include <errno.h>
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+
+
+int debug=0;
+
+extern const krb5_kt_ops krb5_ktf_writable_ops;
+
+#define KRB5_OK 0
+
+#define CHECK_ERR(kret,err,msg)                         \
+    if (kret != err) {                                  \
+        com_err(msg, kret, "");                         \
+        fflush(stderr);                                 \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
+
+#define CHECK(kret,msg) CHECK_ERR(kret, 0, msg)
+
+#define CHECK_STR(str,msg)                              \
+    if (str == 0) {                                     \
+        com_err(msg, kret, "");                         \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
+
+static void
+test_misc(krb5_context context)
+{
+    /* Tests for certain error returns */
+    krb5_error_code       kret;
+    krb5_keytab ktid;
+    char defname[BUFSIZ];
+    char *name;
+
+    fprintf(stderr, "Testing miscellaneous error conditions\n");
+
+    kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid);
+    CHECK_ERR(kret, KRB5_KT_UNKNOWN_TYPE, "resolve unknown type");
+
+    /* Test length limits on krb5_kt_default_name */
+    kret = krb5_kt_default_name(context, defname, sizeof(defname));
+    CHECK(kret, "krb5_kt_default_name error");
+
+    /* Now allocate space - without the null... */
+    name = malloc(strlen(defname));
+    if(!name) {
+        fprintf(stderr, "Out of memory in testing\n");
+        exit(1);
+    }
+    kret = krb5_kt_default_name(context, name, strlen(defname));
+    free(name);
+    CHECK_ERR(kret, KRB5_CONFIG_NOTENUFSPACE, "krb5_kt_default_name limited");
+}
+
+static void
+kt_test(krb5_context context, const char *name)
+{
+    krb5_error_code kret;
+    krb5_keytab kt;
+    const char *type;
+    char buf[BUFSIZ];
+    char *p;
+    krb5_keytab_entry kent, kent2;
+    krb5_principal princ;
+    krb5_kt_cursor cursor, cursor2;
+    int cnt;
+    krb5_enctype e1 = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        e2 = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
+
+    kret = krb5_kt_resolve(context, name, &kt);
+    CHECK(kret, "resolve");
+
+    type = krb5_kt_get_type(context, kt);
+    CHECK_STR(type, "getting kt type");
+    printf("  Type is: %s\n", type);
+
+    kret = krb5_kt_get_name(context, kt, buf, sizeof(buf));
+    CHECK(kret, "get_name");
+    printf("  Name is: %s\n", buf);
+
+    /* Check that length checks fail */
+    /* The buffer is allocated too small - to allow for valgrind test of
+       overflows
+    */
+    p = malloc(strlen(buf));
+    kret = krb5_kt_get_name(context, kt, p, 1);
+    CHECK_ERR(kret, KRB5_KT_NAME_TOOLONG, "get_name - size 1");
+
+
+    kret = krb5_kt_get_name(context, kt, p, strlen(buf));
+    CHECK_ERR(kret, KRB5_KT_NAME_TOOLONG, "get_name");
+    free(p);
+
+    /* Try to lookup unknown principal - when keytab does not exist*/
+    kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+    /* This will return ENOENT for FILE because the file doesn't exist,
+     * so accept that or KRB5_KT_NOTFOUND. */
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
+    if (kret != ENOENT) {
+        CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Getting non-existent entry");
+    }
+
+    kret = krb5_kt_have_content(context, kt);
+    CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Checking for keytab content (empty)");
+
+
+    /* ===================   Add entries to keytab ================= */
+    /*
+     * Add the following for this principal
+     * enctype e1, kvno 1, key = "1"
+     * enctype e2, kvno 1, key = "1"
+     * enctype e1, kvno 2, key = "2"
+     */
+    memset(&kent, 0, sizeof(kent));
+    kent.magic = KV5M_KEYTAB_ENTRY;
+    kent.principal = princ;
+    kent.timestamp = 327689;
+    kent.vno = 1;
+    kent.key.magic = KV5M_KEYBLOCK;
+    kent.key.enctype = e1;
+    kent.key.length = 1;
+    kent.key.contents = (krb5_octet *) "1";
+
+
+    kret = krb5_kt_add_entry(context, kt, &kent);
+    CHECK(kret, "Adding initial entry");
+
+    kent.key.enctype = e2;
+    kret = krb5_kt_add_entry(context, kt, &kent);
+    CHECK(kret, "Adding second entry");
+
+    kent.key.enctype = e1;
+    kent.vno = 2;
+    kent.key.contents = (krb5_octet *) "2";
+    kret = krb5_kt_add_entry(context, kt, &kent);
+    CHECK(kret, "Adding third entry");
+
+    /* Free memory */
+    krb5_free_principal(context, princ);
+
+    /* ==============   Test iterating over contents of keytab ========= */
+
+    kret = krb5_kt_have_content(context, kt);
+    CHECK(kret, "Checking for keytab content (full)");
+
+    kret = krb5_kt_start_seq_get(context, kt, &cursor);
+    CHECK(kret, "Start sequence get");
+
+
+    memset(&kent, 0, sizeof(kent));
+    cnt = 0;
+    while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) {
+        if(((kent.vno != 1) && (kent.vno != 2)) ||
+           ((kent.key.enctype != e1) && (kent.key.enctype != e2)) ||
+           (kent.key.length != 1) ||
+           (kent.key.contents[0] != kent.vno +'0')) {
+            fprintf(stderr, "Error in read contents\n");
+            exit(1);
+        }
+
+        if((kent.magic != KV5M_KEYTAB_ENTRY) ||
+           (kent.key.magic != KV5M_KEYBLOCK)) {
+            fprintf(stderr, "Magic number in sequence not proper\n");
+            exit(1);
+        }
+
+        cnt++;
+        krb5_free_keytab_entry_contents(context, &kent);
+    }
+    CHECK_ERR(kret, KRB5_KT_END, "getting next entry");
+
+    if(cnt != 3) {
+        fprintf(stderr, "Mismatch in number of entries in keytab");
+    }
+
+    kret = krb5_kt_end_seq_get(context, kt, &cursor);
+    CHECK(kret, "End sequence get");
+
+
+    /* ==========================   get_entry tests ============== */
+
+    /* Try to lookup unknown principal  - now that keytab exists*/
+    kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
+    CHECK_ERR(kret, KRB5_KT_NOTFOUND, "Getting nonexistent entry");
+
+    krb5_free_principal(context, princ);
+
+    /* Try to lookup known principal */
+    kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we did not specify an enctype or kvno */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        ((kent.vno != 1) && (kent.vno != 2)) ||
+        ((kent.key.enctype != e1) && (kent.key.enctype != e2)) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+        exit(1);
+    }
+
+    krb5_free_keytab_entry_contents(context, &kent);
+
+    /* Try to lookup a specific enctype - but unspecified kvno - should give
+     * max kvno
+     */
+    kret = krb5_kt_get_entry(context, kt, princ, 0, e1, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we did specified an enctype */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 2) || (kent.key.enctype != e1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+
+        exit(1);
+
+    }
+
+    krb5_free_keytab_entry_contents(context, &kent);
+
+    /* Try to lookup unspecified enctype, but a specified kvno */
+
+    kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we did not specify a kvno */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 2) || (kent.key.enctype != e1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+
+        exit(1);
+
+    }
+
+    krb5_free_keytab_entry_contents(context, &kent);
+
+
+
+    /* Try to lookup specified enctype and kvno */
+
+    kret = krb5_kt_get_entry(context, kt, princ, 1, e1, &kent);
+    CHECK(kret, "looking up principal");
+
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 1) || (kent.key.enctype != e1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+
+        exit(1);
+
+    }
+
+    krb5_free_keytab_entry_contents(context, &kent);
+
+
+    /* Try lookup with active iterators.  */
+    kret = krb5_kt_start_seq_get(context, kt, &cursor);
+    CHECK(kret, "Start sequence get(2)");
+    kret = krb5_kt_start_seq_get(context, kt, &cursor2);
+    CHECK(kret, "Start sequence get(3)");
+    kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
+    CHECK(kret, "getting next entry(2)");
+    krb5_free_keytab_entry_contents(context, &kent);
+    kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
+    CHECK(kret, "getting next entry(3)");
+    kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
+    CHECK(kret, "getting next entry(4)");
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2);
+    CHECK(kret, "looking up principal(2)");
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
+    CHECK(kret, "getting next entry(5)");
+    if (!krb5_principal_compare(context, kent.principal, kent2.principal)) {
+        fprintf(stderr, "iterators not in sync\n");
+        exit(1);
+    }
+    krb5_free_keytab_entry_contents(context, &kent);
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
+    CHECK(kret, "getting next entry(6)");
+    kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
+    CHECK(kret, "getting next entry(7)");
+    krb5_free_keytab_entry_contents(context, &kent);
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_end_seq_get(context, kt, &cursor);
+    CHECK(kret, "ending sequence get(1)");
+    kret = krb5_kt_end_seq_get(context, kt, &cursor2);
+    CHECK(kret, "ending sequence get(2)");
+
+    /* Try to lookup specified enctype and kvno  - that does not exist*/
+
+    kret = krb5_kt_get_entry(context, kt, princ, 3, e1, &kent);
+    CHECK_ERR(kret, KRB5_KT_KVNONOTFOUND,
+              "looking up specific principal, kvno, enctype");
+
+    krb5_free_principal(context, princ);
+
+
+    /* =========================   krb5_kt_remove_entry =========== */
+    /* Lookup the keytab entry w/ 2 kvno - and delete version 2 -
+       ensure gone */
+    kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, e1, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we are looking for max(kvno) and enc=e1 */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 2) || (kent.key.enctype != e1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+
+        exit(1);
+
+    }
+
+    /* Delete it */
+    kret = krb5_kt_remove_entry(context, kt, &kent);
+    CHECK(kret, "Removing entry");
+
+    krb5_free_keytab_entry_contents(context, &kent);
+    /* And ensure gone */
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, e1, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 1) || (kent.key.enctype != e1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Delete principal check failed\n");
+
+        exit(1);
+
+    }
+    krb5_free_keytab_entry_contents(context, &kent);
+
+    krb5_free_principal(context, princ);
+
+    /* =======================  Finally close =======================  */
+
+    kret = krb5_kt_close(context, kt);
+    CHECK(kret, "close");
+
+}
+
+static void
+do_test(krb5_context context, const char *prefix, krb5_boolean delete)
+{
+    char *name, *filename;
+
+    if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) {
+        perror("asprintf");
+        exit(1);
+    }
+    if (asprintf(&name, "%s%s", prefix, filename) < 0) {
+        perror("asprintf");
+        exit(1);
+    }
+    printf("Starting test on %s\n", name);
+    kt_test(context, name);
+    printf("Test on %s passed\n", name);
+    if(delete)
+        unlink(filename);
+    free(filename);
+    free(name);
+
+}
+
+int
+main(void)
+{
+    krb5_context context;
+    krb5_error_code kret;
+
+
+    if ((kret = krb5_init_context(&context))) {
+        printf("Couldn't initialize krb5 library: %s\n",
+               error_message(kret));
+        exit(1);
+    }
+
+    /* All keytab types are registered by default -- test for
+       redundant error */
+    kret = krb5_kt_register(context, &krb5_ktf_writable_ops);
+    CHECK_ERR(kret, KRB5_KT_TYPE_EXISTS, "register ktf_writable");
+
+    test_misc(context);
+    do_test(context, "WRFILE:", FALSE);
+    do_test(context, "MEMORY:", TRUE);
+
+    krb5_free_context(context);
+    return 0;
+
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/Makefile.in b/krb5-1.21.3/src/lib/krb5/krb/Makefile.in
new file mode 100644
index 00000000..e4b560fb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/Makefile.in
@@ -0,0 +1,550 @@
+mydir=lib$(S)krb5$(S)krb
+BUILDTOP=$(REL)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/../os -I$(top_srcdir)
+DEFINES=-DLIBDIR=\"$(KRB5_LIBDIR)\" -DDYNOBJEXT=\"$(DYNOBJEXT)\"
+
+# Like RUN_TEST, but use t_krb5.conf from this directory.
+RUN_TEST_LOCAL_CONF=$(RUN_SETUP) KRB5_CONFIG=$(srcdir)/t_krb5.conf LC_ALL=C \
+	$(VALGRIND)
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=krb
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+STLIBOBJS= \
+	addr_comp.o	\
+	addr_order.o	\
+	addr_srch.o	\
+	allow_weak.o	\
+	appdefault.o	\
+	ai_authdata.o   \
+	auth_con.o	\
+	cammac_util.o	\
+	authdata.o	\
+	authdata_exp.o	\
+	authdata_enc.o	\
+	authdata_dec.o	\
+	bld_pr_ext.o	\
+	bld_princ.o	\
+	chk_trans.o	\
+	chpw.o		\
+	conv_creds.o	\
+	conv_princ.o	\
+	copy_addrs.o	\
+	copy_auth.o	\
+	copy_athctr.o	\
+	copy_cksum.o    \
+	copy_creds.o	\
+	copy_data.o	\
+	copy_key.o	\
+	copy_princ.o	\
+	copy_tick.o	\
+	cp_key_cnt.o	\
+	decode_kdc.o	\
+	decrypt_tk.o	\
+	deltat.o	\
+        enc_helper.o	\
+        enc_keyhelper.o	\
+	encode_kdc.o	\
+	encrypt_tk.o	\
+	etype_list.o	\
+	fast.o \
+	fwd_tgt.o	\
+	gc_via_tkt.o	\
+	gen_seqnum.o	\
+	gen_subkey.o	\
+	gen_save_subkey.o	\
+	get_creds.o	\
+	get_etype_info.o \
+	get_in_tkt.o	\
+	gic_keytab.o	\
+	gic_opt.o	\
+	gic_pwd.o	\
+	in_tkt_sky.o	\
+	init_ctx.o	\
+	copy_ctx.o	\
+	init_keyblock.o \
+	kdc_rep_dc.o	\
+	kerrs.o		\
+	kfree.o		\
+	libdef_parse.o	\
+	mk_cred.o	\
+	mk_error.o	\
+	mk_priv.o	\
+	mk_rep.o	\
+	mk_req.o	\
+	mk_req_ext.o	\
+	mk_safe.o	\
+	pac.o		\
+	pac_sign.o	\
+	padata.o	\
+	parse.o		\
+	parse_host_string.o	\
+	plugin.o	\
+	pr_to_salt.o	\
+	preauth2.o	\
+	preauth_ec.o	\
+	preauth_encts.o	\
+	preauth_otp.o	\
+	preauth_pkinit.o	\
+	preauth_sam2.o	\
+	princ_comp.o	\
+	privsafe.o	\
+	random_str.o	\
+	rd_cred.o	\
+	rd_error.o	\
+	rd_priv.o	\
+	rd_rep.o	\
+	rd_req.o	\
+	rd_req_dec.o	\
+	rd_safe.o	\
+	recvauth.o	\
+	response_items.o	\
+	s4u_creds.o	\
+	sendauth.o	\
+	send_tgs.o	\
+	ser_actx.o	\
+	ser_adata.o	\
+	ser_addr.o	\
+	ser_auth.o	\
+	ser_cksum.o	\
+	ser_ctx.o	\
+	ser_key.o	\
+	ser_princ.o	\
+	serialize.o	\
+	set_realm.o	\
+	sname_match.o	\
+	srv_dec_tkt.o	\
+	srv_rcache.o	\
+	str_conv.o	\
+	tgtname.o	\
+	unparse.o	\
+	val_renew.o	\
+	valid_times.o	\
+	vfy_increds.o	\
+	vic_opt.o	\
+	walk_rtree.o
+
+OBJS=	$(OUTPRE)addr_comp.$(OBJEXT)	\
+	$(OUTPRE)addr_order.$(OBJEXT)	\
+	$(OUTPRE)addr_srch.$(OBJEXT)	\
+	$(OUTPRE)allow_weak.$(OBJEXT)	\
+	$(OUTPRE)appdefault.$(OBJEXT)	\
+	$(OUTPRE)ai_authdata.$(OBJEXT)  \
+	$(OUTPRE)auth_con.$(OBJEXT)	\
+	$(OUTPRE)cammac_util.$(OBJEXT)	\
+	$(OUTPRE)authdata.$(OBJEXT)	\
+	$(OUTPRE)authdata_exp.$(OBJEXT)	\
+	$(OUTPRE)authdata_enc.$(OBJEXT)	\
+	$(OUTPRE)authdata_dec.$(OBJEXT)	\
+	$(OUTPRE)bld_pr_ext.$(OBJEXT)	\
+	$(OUTPRE)bld_princ.$(OBJEXT)	\
+	$(OUTPRE)chk_trans.$(OBJEXT)	\
+	$(OUTPRE)chpw.$(OBJEXT)		\
+	$(OUTPRE)conv_creds.$(OBJEXT)	\
+	$(OUTPRE)conv_princ.$(OBJEXT)	\
+	$(OUTPRE)copy_addrs.$(OBJEXT)	\
+	$(OUTPRE)copy_auth.$(OBJEXT)	\
+	$(OUTPRE)copy_athctr.$(OBJEXT)	\
+	$(OUTPRE)copy_cksum.$(OBJEXT)    \
+	$(OUTPRE)copy_creds.$(OBJEXT)	\
+	$(OUTPRE)copy_data.$(OBJEXT)	\
+	$(OUTPRE)copy_key.$(OBJEXT)	\
+	$(OUTPRE)copy_princ.$(OBJEXT)	\
+	$(OUTPRE)copy_tick.$(OBJEXT)	\
+	$(OUTPRE)cp_key_cnt.$(OBJEXT)	\
+	$(OUTPRE)decode_kdc.$(OBJEXT)	\
+	$(OUTPRE)decrypt_tk.$(OBJEXT)	\
+	$(OUTPRE)deltat.$(OBJEXT)	\
+        $(OUTPRE)enc_helper.$(OBJEXT)	\
+        $(OUTPRE)enc_keyhelper.$(OBJEXT)	\
+	$(OUTPRE)encode_kdc.$(OBJEXT)	\
+	$(OUTPRE)encrypt_tk.$(OBJEXT)	\
+	$(OUTPRE)etype_list.$(OBJEXT)	\
+	$(OUTPRE)fast.$(OBJEXT) \
+	$(OUTPRE)fwd_tgt.$(OBJEXT)	\
+	$(OUTPRE)gc_via_tkt.$(OBJEXT)	\
+	$(OUTPRE)gen_seqnum.$(OBJEXT)	\
+	$(OUTPRE)gen_subkey.$(OBJEXT)	\
+	$(OUTPRE)gen_save_subkey.$(OBJEXT)	\
+	$(OUTPRE)get_creds.$(OBJEXT)	\
+	$(OUTPRE)get_etype_info.$(OBJEXT) \
+	$(OUTPRE)get_in_tkt.$(OBJEXT)	\
+	$(OUTPRE)gic_keytab.$(OBJEXT)	\
+	$(OUTPRE)gic_opt.$(OBJEXT)	\
+	$(OUTPRE)gic_pwd.$(OBJEXT)	\
+	$(OUTPRE)in_tkt_sky.$(OBJEXT)	\
+	$(OUTPRE)init_ctx.$(OBJEXT)	\
+	$(OUTPRE)copy_ctx.$(OBJEXT)	\
+	$(OUTPRE)init_keyblock.$(OBJEXT) \
+	$(OUTPRE)kdc_rep_dc.$(OBJEXT)	\
+	$(OUTPRE)kerrs.$(OBJEXT)	\
+	$(OUTPRE)kfree.$(OBJEXT)	\
+	$(OUTPRE)libdef_parse.$(OBJEXT)	\
+	$(OUTPRE)mk_cred.$(OBJEXT)	\
+	$(OUTPRE)mk_error.$(OBJEXT)	\
+	$(OUTPRE)mk_priv.$(OBJEXT)	\
+	$(OUTPRE)mk_rep.$(OBJEXT)	\
+	$(OUTPRE)mk_req.$(OBJEXT)	\
+	$(OUTPRE)mk_req_ext.$(OBJEXT)	\
+	$(OUTPRE)mk_safe.$(OBJEXT)	\
+	$(OUTPRE)pac.$(OBJEXT)		\
+	$(OUTPRE)pac_sign.$(OBJEXT)	\
+	$(OUTPRE)padata.$(OBJEXT)	\
+	$(OUTPRE)parse.$(OBJEXT)	\
+	$(OUTPRE)parse_host_string.$(OBJEXT)	\
+	$(OUTPRE)plugin.$(OBJEXT)	\
+	$(OUTPRE)pr_to_salt.$(OBJEXT)	\
+	$(OUTPRE)preauth2.$(OBJEXT)	\
+	$(OUTPRE)preauth_ec.$(OBJEXT)	\
+	$(OUTPRE)preauth_encts.$(OBJEXT)	\
+	$(OUTPRE)preauth_otp.$(OBJEXT)	\
+	$(OUTPRE)preauth_pkinit.$(OBJEXT)	\
+	$(OUTPRE)preauth_sam2.$(OBJEXT)	\
+	$(OUTPRE)princ_comp.$(OBJEXT)	\
+	$(OUTPRE)privsafe.$(OBJEXT)	\
+	$(OUTPRE)random_str.$(OBJEXT)	\
+	$(OUTPRE)rd_cred.$(OBJEXT)	\
+	$(OUTPRE)rd_error.$(OBJEXT)	\
+	$(OUTPRE)rd_priv.$(OBJEXT)	\
+	$(OUTPRE)rd_rep.$(OBJEXT)	\
+	$(OUTPRE)rd_req.$(OBJEXT)	\
+	$(OUTPRE)rd_req_dec.$(OBJEXT)	\
+	$(OUTPRE)rd_safe.$(OBJEXT)	\
+	$(OUTPRE)recvauth.$(OBJEXT)	\
+	$(OUTPRE)response_items.$(OBJEXT)	\
+	$(OUTPRE)s4u_creds.$(OBJEXT)	\
+	$(OUTPRE)sendauth.$(OBJEXT)	\
+	$(OUTPRE)send_tgs.$(OBJEXT)	\
+	$(OUTPRE)ser_actx.$(OBJEXT)	\
+	$(OUTPRE)ser_adata.$(OBJEXT)	\
+	$(OUTPRE)ser_addr.$(OBJEXT)	\
+	$(OUTPRE)ser_auth.$(OBJEXT)	\
+	$(OUTPRE)ser_cksum.$(OBJEXT)	\
+	$(OUTPRE)ser_ctx.$(OBJEXT)	\
+	$(OUTPRE)ser_key.$(OBJEXT)	\
+	$(OUTPRE)ser_princ.$(OBJEXT)	\
+	$(OUTPRE)serialize.$(OBJEXT)	\
+	$(OUTPRE)set_realm.$(OBJEXT)	\
+	$(OUTPRE)sname_match.$(OBJEXT)	\
+	$(OUTPRE)srv_dec_tkt.$(OBJEXT)	\
+	$(OUTPRE)srv_rcache.$(OBJEXT)	\
+	$(OUTPRE)str_conv.$(OBJEXT)	\
+	$(OUTPRE)tgtname.$(OBJEXT)	\
+	$(OUTPRE)unparse.$(OBJEXT)	\
+	$(OUTPRE)val_renew.$(OBJEXT)	\
+	$(OUTPRE)valid_times.$(OBJEXT)	\
+	$(OUTPRE)vfy_increds.$(OBJEXT)	\
+	$(OUTPRE)vic_opt.$(OBJEXT)	\
+	$(OUTPRE)walk_rtree.$(OBJEXT)
+
+SRCS=	$(srcdir)/addr_comp.c	\
+	$(srcdir)/addr_order.c	\
+	$(srcdir)/addr_srch.c	\
+	$(srcdir)/appdefault.c	\
+	$(srcdir)/auth_con.c	\
+	$(srcdir)/cammac_util.c	\
+	$(srcdir)/ai_authdata.c \
+	$(srcdir)/authdata.c	\
+	$(srcdir)/authdata_exp.c	\
+	$(srcdir)/authdata_enc.c	\
+	$(srcdir)/authdata_dec.c	\
+	$(srcdir)/bld_pr_ext.c	\
+	$(srcdir)/bld_princ.c	\
+	$(srcdir)/brand.c	\
+	$(srcdir)/chk_trans.c	\
+	$(srcdir)/chpw.c	\
+	$(srcdir)/conv_creds.c	\
+	$(srcdir)/conv_princ.c	\
+	$(srcdir)/copy_addrs.c	\
+	$(srcdir)/copy_auth.c	\
+	$(srcdir)/copy_athctr.c	\
+	$(srcdir)/copy_cksum.c   \
+	$(srcdir)/copy_creds.c	\
+	$(srcdir)/copy_data.c	\
+	$(srcdir)/copy_key.c	\
+	$(srcdir)/copy_princ.c	\
+	$(srcdir)/copy_tick.c	\
+	$(srcdir)/cp_key_cnt.c	\
+	$(srcdir)/decode_kdc.c	\
+	$(srcdir)/decrypt_tk.c	\
+	$(srcdir)/deltat.c	\
+	$(srcdir)/enc_helper.c	\
+	$(srcdir)/enc_keyhelper.c	\
+	$(srcdir)/encode_kdc.c	\
+	$(srcdir)/encrypt_tk.c	\
+	$(srcdir)/etype_list.c	\
+	$(srcdir)/fast.c \
+	$(srcdir)/fwd_tgt.c	\
+	$(srcdir)/gc_via_tkt.c	\
+	$(srcdir)/gen_seqnum.c	\
+	$(srcdir)/gen_subkey.c	\
+	$(srcdir)/gen_save_subkey.c	\
+	$(srcdir)/get_creds.c	\
+	$(srcdir)/get_etype_info.c \
+	$(srcdir)/get_in_tkt.c	\
+	$(srcdir)/gic_keytab.c	\
+	$(srcdir)/gic_opt.c	\
+	$(srcdir)/gic_pwd.c	\
+	$(srcdir)/in_tkt_sky.c	\
+	$(srcdir)/init_ctx.c	\
+	$(srcdir)/copy_ctx.c	\
+	$(srcdir)/init_keyblock.c \
+	$(srcdir)/kdc_rep_dc.c	\
+	$(srcdir)/kerrs.c	\
+	$(srcdir)/kfree.c	\
+	$(srcdir)/libdef_parse.c \
+	$(srcdir)/mk_cred.c	\
+	$(srcdir)/mk_error.c	\
+	$(srcdir)/mk_priv.c	\
+	$(srcdir)/mk_rep.c	\
+	$(srcdir)/mk_req.c	\
+	$(srcdir)/mk_req_ext.c	\
+	$(srcdir)/mk_safe.c	\
+	$(srcdir)/pac.c		\
+	$(srcdir)/pac_sign.c	\
+	$(srcdir)/padata.c	\
+	$(srcdir)/parse.c	\
+	$(srcdir)/parse_host_string.c	\
+	$(srcdir)/plugin.c	\
+	$(srcdir)/pr_to_salt.c	\
+	$(srcdir)/preauth2.c	\
+	$(srcdir)/preauth_ec.c	\
+	$(srcdir)/preauth_encts.c	\
+	$(srcdir)/preauth_otp.c	\
+	$(srcdir)/preauth_pkinit.c	\
+	$(srcdir)/preauth_sam2.c	\
+	$(srcdir)/princ_comp.c	\
+	$(srcdir)/privsafe.c	\
+	$(srcdir)/random_str.c	\
+	$(srcdir)/rd_cred.c	\
+	$(srcdir)/rd_error.c	\
+	$(srcdir)/rd_priv.c	\
+	$(srcdir)/rd_rep.c	\
+	$(srcdir)/rd_req.c	\
+	$(srcdir)/rd_req_dec.c	\
+	$(srcdir)/rd_safe.c	\
+	$(srcdir)/recvauth.c	\
+	$(srcdir)/response_items.c	\
+	$(srcdir)/s4u_creds.c	\
+	$(srcdir)/sendauth.c	\
+	$(srcdir)/send_tgs.c	\
+	$(srcdir)/ser_actx.c	\
+	$(srcdir)/ser_adata.c	\
+	$(srcdir)/ser_addr.c	\
+	$(srcdir)/ser_auth.c	\
+	$(srcdir)/ser_cksum.c	\
+	$(srcdir)/ser_ctx.c	\
+	$(srcdir)/ser_key.c	\
+	$(srcdir)/ser_princ.c	\
+	$(srcdir)/serialize.c	\
+	$(srcdir)/set_realm.c	\
+	$(srcdir)/sname_match.c	\
+	$(srcdir)/srv_dec_tkt.c	\
+	$(srcdir)/srv_rcache.c	\
+	$(srcdir)/str_conv.c	\
+	$(srcdir)/t_ad_fx_armor.c \
+	$(srcdir)/tgtname.c	\
+	$(srcdir)/unparse.c	\
+	$(srcdir)/val_renew.c	\
+	$(srcdir)/valid_times.c	\
+	$(srcdir)/vfy_increds.c \
+	$(srcdir)/vic_opt.c	\
+	$(srcdir)/walk_rtree.c	\
+	$(srcdir)/t_walk_rtree.c \
+	$(srcdir)/t_kerb.c	\
+	$(srcdir)/t_ser.c	\
+	$(srcdir)/t_deltat.c	\
+	$(srcdir)/t_expand.c	\
+	$(srcdir)/t_get_etype_info.c \
+	$(srcdir)/t_pac.c	\
+	$(srcdir)/t_parse_host_string.c	\
+	$(srcdir)/t_princ.c	\
+	$(srcdir)/t_etypes.c    \
+	$(srcdir)/t_expire_warn.c \
+	$(srcdir)/t_authdata.c	\
+	$(srcdir)/t_cc_config.c	\
+	$(srcdir)/t_copy_context.c \
+	$(srcdir)/t_in_ccache.c	\
+	$(srcdir)/t_response_items.c \
+	$(srcdir)/t_sname_match.c \
+	$(srcdir)/t_valid_times.c \
+	$(srcdir)/t_vfy_increds.c
+
+# Someday, when we have a "maintainer mode", do this right:
+BISON=bison
+BISONFLAGS= # -v -> .output; -d -> .h
+DELTAT_DEP=@MAINT@ x-deltat.y
+##WIN32##DELTAT_DEP=
+
+$(srcdir)/deltat.c : $(DELTAT_DEP)
+	(cd $(srcdir) && $(BISON) $(BISONFLAGS) -o deltat.c x-deltat.y)
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+COMERRLIB=$(TOPLIBD)/libcom_err.a
+
+T_WALK_RTREE_OBJS= t_walk_rtree.o
+
+T_KERB_OBJS= t_kerb.o conv_princ.o unparse.o set_realm.o str_conv.o
+
+T_SER_OBJS= t_ser.o ser_actx.o ser_adata.o ser_addr.o ser_auth.o ser_cksum.o \
+	ser_ctx.o ser_key.o ser_princ.o serialize.o authdata.o pac.o \
+	pac_sign.o ai_authdata.o authdata_exp.o copy_data.o etype_list.o
+
+T_DELTAT_OBJS= t_deltat.o deltat.o
+
+T_PAC_OBJS= t_pac.o pac.o pac_sign.o copy_data.o
+
+T_PRINC_OBJS= t_princ.o
+
+T_ETYPES_OBJS= t_etypes.o init_ctx.o etype_list.o plugin.o
+
+T_PARSE_HOST_STRING_OBJS= t_parse_host_string.o parse_host_string.o
+
+t_walk_rtree: $(T_WALK_RTREE_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_walk_rtree $(T_WALK_RTREE_OBJS) $(KRB5_BASE_LIBS)
+t_ad_fx_armor: t_ad_fx_armor.o
+	$(CC_LINK) -o $@ t_ad_fx_armor.o $(KRB5_BASE_LIBS)
+
+t_authdata: t_authdata.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_authdata.o $(KRB5_BASE_LIBS)
+
+t_kerb: $(T_KERB_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_kerb $(T_KERB_OBJS) $(KRB5_BASE_LIBS)
+
+t_ser: $(T_SER_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_ser $(T_SER_OBJS) $(KRB5_BASE_LIBS)
+
+t_deltat : $(T_DELTAT_OBJS) $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o t_deltat $(T_DELTAT_OBJS) $(SUPPORT_LIB)
+
+T_EXPAND_OBJS=t_expand.o
+t_expand.o : t_expand.c
+t_expand : $(T_EXPAND_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_expand $(T_EXPAND_OBJS) $(KRB5_BASE_LIBS)
+
+t_pac: $(T_PAC_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_pac $(T_PAC_OBJS) $(KRB5_BASE_LIBS)
+
+t_princ: $(T_PRINC_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_princ $(T_PRINC_OBJS) $(KRB5_BASE_LIBS)
+
+t_etypes: $(T_ETYPES_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_etypes $(T_ETYPES_OBJS) $(KRB5_BASE_LIBS)
+
+t_parse_host_string: $(T_PARSE_HOST_STRING_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ $(T_PARSE_HOST_STRING_OBJS) $(CMOCKA_LIBS) \
+		$(KRB5_BASE_LIBS)
+
+t_expire_warn: t_expire_warn.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_expire_warn.o $(KRB5_BASE_LIBS)
+
+t_vfy_increds: t_vfy_increds.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_vfy_increds.o $(KRB5_BASE_LIBS)
+
+t_in_ccache: t_in_ccache.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_in_ccache.o $(KRB5_BASE_LIBS)
+
+t_cc_config: t_cc_config.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_cc_config.o $(KRB5_BASE_LIBS)
+
+t_copy_context: t_copy_context.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_copy_context.o $(KRB5_BASE_LIBS)
+
+t_response_items: t_response_items.o response_items.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_response_items.o response_items.o $(KRB5_BASE_LIBS)
+
+t_sname_match: t_sname_match.o sname_match.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_sname_match.o sname_match.o $(KRB5_BASE_LIBS)
+
+t_valid_times: t_valid_times.o valid_times.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_valid_times.o valid_times.o $(KRB5_BASE_LIBS)
+
+t_get_etype_info: t_get_etype_info.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_get_etype_info.o $(KRB5_BASE_LIBS)
+
+TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata t_pac \
+	t_in_ccache t_cc_config t_copy_context t_princ t_etypes t_vfy_increds \
+	t_response_items t_sname_match t_valid_times t_get_etype_info
+
+check-unix: $(TEST_PROGS) runenv.sh
+	$(RUN_TEST_LOCAL_CONF) ./t_kerb \
+		parse_name tytso \
+		parse_name tytso@SHAZAAM \
+		parse_name tytso/root@VEGGIE.COM \
+		parse_name tytso/tuber/carrot@VEGGIE.COM \
+		parse_name tytso/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t \
+		parse_name tytso/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t@FOO \
+		parse_name tytso\\\\0/\\0@B\\n\\t\\\\GAG \
+		parse_name tytso/\\n/\\b\\t@B\\0hacky-test \
+		parse_name \\/slash/\\@atsign/octa\\/thorpe@\\/slash\\@at\\/sign \
+		name_type host/www.krb5.test@KRB5.TEST \
+		name_type krbtg/KRB5.TEST@KRB5.TEST \
+		name_type krbtgt/KRB5.TEST@KRB5.TEST \
+		name_type WELLKNOWN/ANONYMOUS@KRB5.TEST \
+		425_conv_principal rcmd e40-po ATHENA.MIT.EDU \
+		425_conv_principal rcmd mit ATHENA.MIT.EDU \
+		425_conv_principal rcmd lithium ATHENA.MIT.EDU \
+		425_conv_principal rcmd tweedledumb CYGNUS.COM \
+		425_conv_principal rcmd uunet UU.NET \
+		425_conv_principal zephyr zephyr ATHENA.MIT.EDU \
+		425_conv_principal kadmin ATHENA.MIT.EDU ATHENA.MIT.EDU \
+		524_conv_principal host/e40-po.mit.edu@ATHENA.MIT.EDU \
+		524_conv_principal host/foobar.stanford.edu@stanford.edu \
+		set_realm marc@MIT.EDU CYGNUS.COM \
+		> test.out
+	cmp test.out $(srcdir)/t_ref_kerb.out
+	$(RM) test.out
+	$(RUN_TEST) ./t_ser
+	$(RUN_TEST) ./t_deltat
+	$(RUN_TEST) sh $(srcdir)/transit-tests
+	$(RUN_TEST_LOCAL_CONF) sh $(srcdir)/walktree-tests
+	$(RUN_TEST) ./t_authdata
+	$(RUN_TEST) ./t_pac
+	$(RUN_TEST) ./t_princ
+	$(RUN_TEST) ./t_etypes
+	$(RUN_TEST) ./t_response_items
+	$(RUN_TEST) ./t_copy_context
+	$(RUN_TEST) ./t_sname_match
+	$(RUN_TEST) ./t_valid_times
+
+check-pytests: t_expire_warn t_get_etype_info t_vfy_increds
+	$(RUNPYTEST) $(srcdir)/t_expire_warn.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_vfy_increds.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_in_ccache_patypes.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_get_etype_info.py $(PYTESTFLAGS)
+
+check-cmocka: t_parse_host_string
+	$(RUN_TEST) ./t_parse_host_string > /dev/null
+
+clean:
+	$(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \
+		$(OUTPRE)t_kerb$(EXEEXT) $(OUTPRE)t_kerb.$(OBJEXT)	\
+		$(OUTPRE)t_ser$(EXEEXT) $(OUTPRE)t_ser.$(OBJEXT)	\
+		$(OUTPRE)t_deltat$(EXEEXT) $(OUTPRE)t_deltat.$(OBJEXT) \
+		$(OUTPRE)t_expand$(EXEEXT) $(OUTPRE)t_expand.$(OBJEXT)  \
+	$(OUTPRE)t_expire_warn$(EXEEXT) $(OUTPRE)t_expire_warn.$(OBJEXT)  \
+		$(OUTPRE)t_etypes$(EXEEXT) $(OUTPRE)t_etypes.$(OBJEXT)	\
+		$(OUTPRE)t_pac$(EXEEXT) $(OUTPRE)t_pac.$(OBJEXT)	\
+		$(OUTPRE)t_princ$(EXEEXT) $(OUTPRE)t_princ.$(OBJEXT)	\
+	$(OUTPRE)t_authdata$(EXEEXT) $(OUTPRE)t_authdata.$(OBJEXT)	\
+	$(OUTPRE)t_cc_config$(EXEEXT) $(OUTPRE)t_cc_config.$(OBJEXT)	\
+	$(OUTPRE)t_copy_context$(EXEEXT) $(OUTPRE)t_copy_context.$(OBJEXT) \
+	$(OUTPRE)t_in_ccache$(EXEEXT) $(OUTPRE)t_in_ccache.$(OBJEXT)	\
+	$(OUTPRE)t_ad_fx_armor$(EXEEXT) $(OUTPRE)t_ad_fx_armor.$(OBJEXT) \
+	$(OUTPRE)t_vfy_increds$(EXEEXT) $(OUTPRE)t_vfy_increds.$(OBJEXT) \
+	$(OUTPRE)t_response_items$(EXEEXT) \
+	$(OUTPRE)t_response_items.$(OBJEXT) \
+	$(OUTPRE)t_sname_match$(EXEEXT) $(OUTPRE)t_sname_match.$(OBJEXT) \
+	$(OUTPRE)t_valid_times$(EXEEXT) $(OUTPRE)t_valid_times.$(OBJEXT) \
+	$(OUTPRE)t_get_etype_info$(EXEEXT) \
+	$(OUTPRE)t_get_etype_info.$(OBJEXT) \
+	$(OUTPRE)t_parse_host_string$(EXEEXT) \
+	$(OUTPRE)t_parse_host_string.$(OBJEXT)
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/krb/addr_comp.c b/krb5-1.21.3/src/lib/krb5/krb/addr_comp.c
new file mode 100644
index 00000000..12177e6e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/addr_comp.c
@@ -0,0 +1,45 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/addr_comp.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * If the two addresses are the same, return TRUE, else return FALSE
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2)
+{
+    if (addr1->addrtype != addr2->addrtype)
+        return(FALSE);
+
+    if (addr1->length != addr2->length)
+        return(FALSE);
+    if (memcmp((char *)addr1->contents, (char *)addr2->contents,
+               addr1->length))
+        return FALSE;
+    else
+        return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/addr_order.c b/krb5-1.21.3/src/lib/krb5/krb/addr_order.c
new file mode 100644
index 00000000..39c9e1e6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/addr_order.c
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/addr_order.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#ifndef min
+#define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+/*
+ * Return an ordering on two addresses:  0 if the same,
+ * < 0 if first is less than 2nd, > 0 if first is greater than 2nd.
+ */
+int KRB5_CALLCONV
+krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_address *addr2)
+{
+    int dir;
+    int i;
+    const int minlen = min(addr1->length, addr2->length);
+
+    if (addr1->addrtype != addr2->addrtype)
+        return(FALSE);
+
+    dir = addr1->length - addr2->length;
+
+
+    for (i = 0; i < minlen; i++) {
+        if ((unsigned char) addr1->contents[i] <
+            (unsigned char) addr2->contents[i])
+            return -1;
+        else if ((unsigned char) addr1->contents[i] >
+                 (unsigned char) addr2->contents[i])
+            return 1;
+    }
+    /* compared equal so far...which is longer? */
+    return dir;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/addr_srch.c b/krb5-1.21.3/src/lib/krb5/krb/addr_srch.c
new file mode 100644
index 00000000..113c5209
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/addr_srch.c
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/addr_srch.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+static unsigned int
+address_count(krb5_address *const *addrlist)
+{
+    unsigned int i;
+
+    if (addrlist == NULL)
+        return 0;
+
+    for (i = 0; addrlist[i]; i++)
+        ;
+
+    return i;
+}
+
+/*
+ * if addr is listed in addrlist, or addrlist is null, return TRUE.
+ * if not listed, return FALSE
+ */
+krb5_boolean
+krb5_address_search(krb5_context context, const krb5_address *addr, krb5_address *const *addrlist)
+{
+    /*
+     * Treat an address list containing only a NetBIOS address
+     * as empty, because we presently have no way of associating
+     * a client with its NetBIOS address.
+     */
+    if (address_count(addrlist) == 1 &&
+        addrlist[0]->addrtype == ADDRTYPE_NETBIOS)
+        return TRUE;
+    if (!addrlist)
+        return TRUE;
+    for (; *addrlist; addrlist++) {
+        if (krb5_address_compare(context, addr, *addrlist))
+            return TRUE;
+    }
+    return FALSE;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c b/krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c
new file mode 100644
index 00000000..4ac28ff8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c
@@ -0,0 +1,341 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* src/lib/krb5/krb/ai_authdata.c - auth-indicator authdata module */
+/*
+ * Copyright (C) 2016 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "authdata.h"
+#include "auth_con.h"
+#include "int-proto.h"
+
+struct authind_context {
+    krb5_data **indicators;
+};
+
+static krb5_error_code
+authind_init(krb5_context kcontext, void **plugin_context)
+{
+    *plugin_context = NULL;
+    return 0;
+}
+
+static void
+authind_flags(krb5_context kcontext, void *plugin_context,
+              krb5_authdatatype ad_type, krb5_flags *flags)
+{
+    *flags = AD_CAMMAC_PROTECTED;
+}
+
+static krb5_error_code
+authind_request_init(krb5_context kcontext, krb5_authdata_context context,
+                     void *plugin_context, void **request_context)
+{
+    krb5_error_code ret = 0;
+    struct authind_context *aictx;
+
+    *request_context = NULL;
+
+    aictx = k5alloc(sizeof(*aictx), &ret);
+    if (aictx == NULL)
+        return ret;
+    aictx->indicators = NULL;
+    *request_context = aictx;
+    return ret;
+}
+
+static krb5_error_code
+authind_import_authdata(krb5_context kcontext, krb5_authdata_context context,
+                        void *plugin_context, void *request_context,
+                        krb5_authdata **authdata, krb5_boolean kdc_issued,
+                        krb5_const_principal kdc_issuer)
+{
+    struct authind_context *aictx = request_context;
+    krb5_error_code ret = 0;
+    krb5_data **indps = NULL;
+    int i;
+
+    for (i = 0; authdata != NULL && authdata[i] != NULL; i++) {
+        ret = k5_authind_decode(authdata[i], &indps);
+        if (ret)
+            goto cleanup;
+    }
+
+    if (indps != NULL && *indps != NULL) {
+        aictx->indicators = indps;
+        indps = NULL;
+    }
+
+cleanup:
+    k5_free_data_ptr_list(indps);
+    return ret;
+}
+
+static void
+authind_request_fini(krb5_context kcontext, krb5_authdata_context context,
+                     void *plugin_context, void *request_context)
+{
+    struct authind_context *aictx = request_context;
+
+    if (aictx != NULL) {
+        k5_free_data_ptr_list(aictx->indicators);
+        free(aictx);
+    }
+}
+
+/* This is a non-URI "local attribute" that is implementation defined. */
+static krb5_data authind_attr = {
+    KV5M_DATA,
+    sizeof("auth-indicators") - 1,
+    "auth-indicators"
+};
+
+static krb5_error_code
+authind_get_attribute_types(krb5_context kcontext,
+                            krb5_authdata_context context,
+                            void *plugin_context, void *request_context,
+                            krb5_data **out_attrs)
+{
+    struct authind_context *aictx = request_context;
+    krb5_error_code ret;
+    krb5_data *attrs;
+
+    *out_attrs = NULL;
+
+    if (aictx->indicators == NULL || *aictx->indicators == NULL)
+        return ENOENT;
+
+    attrs = k5calloc(2, sizeof(*attrs), &ret);
+    if (attrs == NULL)
+        return ENOMEM;
+
+    ret = krb5int_copy_data_contents(kcontext, &authind_attr, &attrs[0]);
+    if (ret)
+        goto cleanup;
+
+    attrs[1].data = NULL;
+    attrs[1].length = 0;
+
+    *out_attrs = attrs;
+    attrs = NULL;
+
+cleanup:
+    krb5int_free_data_list(kcontext, attrs);
+    return ret;
+}
+
+static krb5_error_code
+authind_get_attribute(krb5_context kcontext, krb5_authdata_context context,
+                      void *plugin_context, void *request_context,
+                      const krb5_data *attribute, krb5_boolean *authenticated,
+                      krb5_boolean *complete, krb5_data *value,
+                      krb5_data *display_value, int *more)
+{
+    struct authind_context *aictx = request_context;
+    krb5_error_code ret;
+    int ind;
+
+    if (!data_eq(*attribute, authind_attr))
+        return ENOENT;
+
+    /* *more will be -1 on the first call, or the next index on subsequent
+     * calls. */
+    ind = (*more < 0) ? 0 : *more;
+    if (aictx->indicators == NULL || aictx->indicators[ind] == NULL)
+        return ENOENT;
+
+    ret = krb5int_copy_data_contents(kcontext, aictx->indicators[ind], value);
+    if (ret)
+        return ret;
+
+    /* Set *more to the next index, or to 0 if there are no more. */
+    *more = (aictx->indicators[ind + 1] == NULL) ? 0 : ind + 1;
+
+    /* Indicators are delivered in a CAMMAC verified outside of this module,
+     * so these are authenticated values. */
+    *authenticated = TRUE;
+    *complete = TRUE;
+
+    return ret;
+}
+
+static krb5_error_code
+authind_set_attribute(krb5_context kcontext, krb5_authdata_context context,
+                      void *plugin_context, void *request_context,
+                      krb5_boolean complete, const krb5_data *attribute,
+                      const krb5_data *value)
+{
+    /* Indicators are imported from ticket authdata, not set by this module. */
+    if (!data_eq(*attribute, authind_attr))
+        return ENOENT;
+
+    return EPERM;
+}
+
+static krb5_error_code
+authind_size(krb5_context kcontext, krb5_authdata_context context,
+             void *plugin_context, void *request_context, size_t *sizep)
+{
+    struct authind_context *aictx = request_context;
+    int i;
+
+    /* Add the indicator count. */
+    *sizep += sizeof(int32_t);
+
+    /* Add each indicator's length and value. */
+    for (i = 0; aictx->indicators != NULL && aictx->indicators[i] != NULL; i++)
+        *sizep += sizeof(int32_t) + aictx->indicators[i]->length;
+
+    return 0;
+}
+
+static krb5_error_code
+authind_externalize(krb5_context kcontext, krb5_authdata_context context,
+                    void *plugin_context, void *request_context,
+                    uint8_t **buffer, size_t *lenremain)
+{
+    struct authind_context *aictx = request_context;
+    krb5_error_code ret = 0;
+    uint8_t *bp = *buffer;
+    size_t remain = *lenremain;
+    int i, count;
+
+    if (aictx->indicators == NULL)
+        return krb5_ser_pack_int32(0, buffer, lenremain);
+
+    /* Serialize the indicator count. */
+    for (count = 0; aictx->indicators[count] != NULL; count++);
+    ret = krb5_ser_pack_int32(count, &bp, &remain);
+    if (ret)
+        return ret;
+
+    for (i = 0; aictx->indicators[i] != NULL; i++) {
+        /* Serialize the length and indicator value. */
+        ret = krb5_ser_pack_int32(aictx->indicators[i]->length, &bp, &remain);
+        if (ret)
+            return ret;
+        ret = krb5_ser_pack_bytes((uint8_t *)aictx->indicators[i]->data,
+                                  aictx->indicators[i]->length, &bp, &remain);
+        if (ret)
+            return ret;
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    return ret;
+}
+
+
+static krb5_error_code
+authind_internalize(krb5_context kcontext, krb5_authdata_context context,
+                    void *plugin_context, void *request_context,
+                    uint8_t **buffer, size_t *lenremain)
+{
+    struct authind_context *aictx = request_context;
+    krb5_error_code ret;
+    int32_t count, len, i;
+    uint8_t *bp = *buffer;
+    size_t remain = *lenremain;
+    krb5_data **inds = NULL;
+
+    /* Get the count. */
+    ret = krb5_ser_unpack_int32(&count, &bp, &remain);
+    if (ret)
+        return ret;
+
+    if (count < 0 || (size_t)count > remain)
+        return ERANGE;
+
+    if (count > 0) {
+        inds = k5calloc(count + 1, sizeof(*inds), &ret);
+        if (inds == NULL)
+            return errno;
+    }
+
+    for (i = 0; i < count; i++) {
+        /* Get the length. */
+        ret = krb5_ser_unpack_int32(&len, &bp, &remain);
+        if (ret)
+            goto cleanup;
+        if (len < 0 || (size_t)len > remain) {
+            ret = ERANGE;
+            goto cleanup;
+        }
+
+        /* Get the indicator. */
+        inds[i] = k5alloc(sizeof(*inds[i]), &ret);
+        if (inds[i] == NULL)
+            goto cleanup;
+        ret = alloc_data(inds[i], len);
+        if (ret)
+            goto cleanup;
+        ret = krb5_ser_unpack_bytes((uint8_t *)inds[i]->data, len, &bp,
+                                    &remain);
+        if (ret)
+            goto cleanup;
+    }
+
+    k5_free_data_ptr_list(aictx->indicators);
+    aictx->indicators = inds;
+    inds = NULL;
+
+    *buffer = bp;
+    *lenremain = remain;
+
+cleanup:
+    k5_free_data_ptr_list(inds);
+    return ret;
+}
+
+static krb5_authdatatype authind_ad_types[] = {
+    KRB5_AUTHDATA_AUTH_INDICATOR, 0
+};
+
+krb5plugin_authdata_client_ftable_v0 k5_authind_ad_client_ftable = {
+    "authentication-indicators",
+    authind_ad_types,
+    authind_init,
+    NULL, /* fini */
+    authind_flags,
+    authind_request_init,
+    authind_request_fini,
+    authind_get_attribute_types,
+    authind_get_attribute,
+    authind_set_attribute,
+    NULL, /* delete_attribute_proc */
+    NULL, /* export_authdata */
+    authind_import_authdata,
+    NULL, /* export_internal */
+    NULL, /* free_internal */
+    NULL, /* verify */
+    authind_size,
+    authind_externalize,
+    authind_internalize,
+    NULL /* authind_copy */
+};
diff --git a/krb5-1.21.3/src/lib/krb5/krb/allow_weak.c b/krb5-1.21.3/src/lib/krb5/krb/allow_weak.c
new file mode 100644
index 00000000..1c887375
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/allow_weak.c
@@ -0,0 +1,34 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/allow_weak.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable)
+{
+    context->allow_weak_crypto = (enable != FALSE);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/appdefault.c b/krb5-1.21.3/src/lib/krb5/krb/appdefault.c
new file mode 100644
index 00000000..3f7dc237
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/appdefault.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * appdefault - routines designed to be called from applications to
+ *               handle the [appdefaults] profile section
+ */
+
+#include "k5-int.h"
+
+
+
+/*xxx Duplicating this is annoying; try to work on a better way.*/
+static const char *const conf_yes[] = {
+    "y", "yes", "true", "t", "1", "on",
+    0,
+};
+
+static const char *const conf_no[] = {
+    "n", "no", "false", "nil", "0", "off",
+    0,
+};
+
+static int
+conf_boolean(char *s)
+{
+    const char * const *p;
+    for(p=conf_yes; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 1;
+    }
+    for(p=conf_no; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 0;
+    }
+    /* Default to "no" */
+    return 0;
+}
+
+static krb5_error_code
+appdefault_get(krb5_context context, const char *appname, const krb5_data *realm, const char *option, char **ret_value)
+{
+    profile_t profile;
+    const char *names[5];
+    char **nameval = NULL;
+    krb5_error_code retval;
+    const char * realmstr =  realm?realm->data:NULL;
+
+    *ret_value = NULL;
+
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
+
+    profile = context->profile;
+
+    /*
+     * Try number one:
+     *
+     * [appdefaults]
+     *      app = {
+     *              SOME.REALM = {
+     *                      option = <boolean>
+     *              }
+     *      }
+     */
+
+    names[0] = "appdefaults";
+    names[1] = appname;
+
+    if (realmstr) {
+        names[2] = realmstr;
+        names[3] = option;
+        names[4] = 0;
+        retval = profile_get_values(profile, names, &nameval);
+        if (retval == 0 && nameval && nameval[0]) {
+            *ret_value = strdup(nameval[0]);
+            goto goodbye;
+        }
+    }
+
+    /*
+     * Try number two:
+     *
+     * [appdefaults]
+     *      app = {
+     *              option = <boolean>
+     *      }
+     */
+
+    names[2] = option;
+    names[3] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0]) {
+        *ret_value = strdup(nameval[0]);
+        goto goodbye;
+    }
+
+    /*
+     * Try number three:
+     *
+     * [appdefaults]
+     *      realm = {
+     *              option = <boolean>
+     */
+
+    if (realmstr) {
+        names[1] = realmstr;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &nameval);
+        if (retval == 0 && nameval && nameval[0]) {
+            *ret_value = strdup(nameval[0]);
+            goto goodbye;
+        }
+    }
+
+    /*
+     * Try number four:
+     *
+     * [appdefaults]
+     *      option = <boolean>
+     */
+
+    names[1] = option;
+    names[2] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0]) {
+        *ret_value = strdup(nameval[0]);
+    } else {
+        return retval;
+    }
+
+goodbye:
+    if (nameval) {
+        char **cpp;
+        for (cpp = nameval; *cpp; cpp++)
+            free(*cpp);
+        free(nameval);
+    }
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_appdefault_boolean(krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = appdefault_get(context, appname, realm, option, &string);
+
+    if (! retval && string) {
+        *ret_value = conf_boolean(string);
+        free(string);
+    } else
+        *ret_value = default_value;
+}
+
+void KRB5_CALLCONV
+krb5_appdefault_string(krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char **ret_value)
+{
+    krb5_error_code retval;
+    char *string;
+
+    retval = appdefault_get(context, appname, realm, option, &string);
+
+    if (! retval && string) {
+        *ret_value = string;
+    } else {
+        *ret_value = strdup(default_value);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/auth_con.c b/krb5-1.21.3/src/lib/krb5/krb/auth_con.c
new file mode 100644
index 00000000..91d8e26a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/auth_con.c
@@ -0,0 +1,445 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/auth_con.c */
+/*
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context)
+{
+    *auth_context =
+        (krb5_auth_context)calloc(1, sizeof(struct _krb5_auth_context));
+    if (!*auth_context)
+        return ENOMEM;
+
+    /* Default flags, do time not seq */
+    (*auth_context)->auth_context_flags =
+        KRB5_AUTH_CONTEXT_DO_TIME |  KRB5_AUTH_CONN_INITIALIZED;
+
+    (*auth_context)->checksum_func = NULL;
+    (*auth_context)->checksum_func_data = NULL;
+    (*auth_context)->negotiated_etype = ENCTYPE_NULL;
+    (*auth_context)->magic = KV5M_AUTH_CONTEXT;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context)
+{
+    if (auth_context == NULL)
+        return 0;
+    if (auth_context->local_addr)
+        krb5_free_address(context, auth_context->local_addr);
+    if (auth_context->remote_addr)
+        krb5_free_address(context, auth_context->remote_addr);
+    if (auth_context->local_port)
+        krb5_free_address(context, auth_context->local_port);
+    if (auth_context->remote_port)
+        krb5_free_address(context, auth_context->remote_port);
+    if (auth_context->authentp)
+        krb5_free_authenticator(context, auth_context->authentp);
+    if (auth_context->key)
+        krb5_k_free_key(context, auth_context->key);
+    if (auth_context->send_subkey)
+        krb5_k_free_key(context, auth_context->send_subkey);
+    if (auth_context->recv_subkey)
+        krb5_k_free_key(context, auth_context->recv_subkey);
+    zapfree(auth_context->cstate.data, auth_context->cstate.length);
+    if (auth_context->rcache)
+        k5_rc_close(context, auth_context->rcache);
+    if (auth_context->permitted_etypes)
+        free(auth_context->permitted_etypes);
+    if (auth_context->ad_context)
+        krb5_authdata_context_free(context, auth_context->ad_context);
+    k5_memrcache_free(context, auth_context->memrcache);
+    free(auth_context);
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr)
+{
+    krb5_error_code     retval;
+
+    /* Free old addresses */
+    if (auth_context->local_addr)
+        (void) krb5_free_address(context, auth_context->local_addr);
+    if (auth_context->remote_addr)
+        (void) krb5_free_address(context, auth_context->remote_addr);
+
+    retval = 0;
+    if (local_addr)
+        retval = krb5_copy_addr(context,
+                                local_addr,
+                                &auth_context->local_addr);
+    else
+        auth_context->local_addr = NULL;
+
+    if (!retval && remote_addr)
+        retval = krb5_copy_addr(context,
+                                remote_addr,
+                                &auth_context->remote_addr);
+    else
+        auth_context->remote_addr = NULL;
+
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr)
+{
+    krb5_error_code     retval;
+
+    retval = 0;
+    if (local_addr && auth_context->local_addr) {
+        retval = krb5_copy_addr(context,
+                                auth_context->local_addr,
+                                local_addr);
+    }
+    if (!retval && (remote_addr) && auth_context->remote_addr) {
+        retval = krb5_copy_addr(context,
+                                auth_context->remote_addr,
+                                remote_addr);
+    }
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port)
+{
+    krb5_error_code     retval;
+
+    /* Free old addresses */
+    if (auth_context->local_port)
+        (void) krb5_free_address(context, auth_context->local_port);
+    if (auth_context->remote_port)
+        (void) krb5_free_address(context, auth_context->remote_port);
+
+    retval = 0;
+    if (local_port)
+        retval = krb5_copy_addr(context,
+                                local_port,
+                                &auth_context->local_port);
+    else
+        auth_context->local_port = NULL;
+
+    if (!retval && remote_port)
+        retval = krb5_copy_addr(context,
+                                remote_port,
+                                &auth_context->remote_port);
+    else
+        auth_context->remote_port = NULL;
+
+    return retval;
+}
+
+
+/*
+ * This function overloads the keyblock field. It is only useful prior to
+ * a krb5_rd_req_decode() call for user to user authentication where the
+ * server has the key and needs to use it to decrypt the incoming request.
+ * Once decrypted this key is no longer necessary and is then overwritten
+ * with the session key sent by the client.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)
+{
+    if (auth_context->key)
+        krb5_k_free_key(context, auth_context->key);
+    return(krb5_k_create_key(context, keyblock, &(auth_context->key)));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+{
+    if (auth_context->key)
+        return krb5_k_key_keyblock(context, auth_context->key, keyblock);
+    *keyblock = NULL;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey_k(krb5_context context, krb5_auth_context auth_context,
+                       krb5_key *key)
+{
+    krb5_k_reference_key(context, auth_context->key);
+    *key = auth_context->key;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+{
+    return krb5_auth_con_getsendsubkey(context, auth_context, keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
+{
+    return krb5_auth_con_getrecvsubkey(context, auth_context, keyblock);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
+{
+    if (ac->send_subkey != NULL)
+        krb5_k_free_key(ctx, ac->send_subkey);
+    ac->send_subkey = NULL;
+    if (keyblock !=NULL)
+        return krb5_k_create_key(ctx, keyblock, &ac->send_subkey);
+    else
+        return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setsendsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key key)
+{
+    krb5_k_free_key(ctx, ac->send_subkey);
+    ac->send_subkey = key;
+    krb5_k_reference_key(ctx, key);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
+{
+    if (ac->recv_subkey != NULL)
+        krb5_k_free_key(ctx, ac->recv_subkey);
+    ac->recv_subkey = NULL;
+    if (keyblock != NULL)
+        return krb5_k_create_key(ctx, keyblock, &ac->recv_subkey);
+    else
+        return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrecvsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key key)
+{
+    krb5_k_free_key(ctx, ac->recv_subkey);
+    ac->recv_subkey = key;
+    krb5_k_reference_key(ctx, key);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
+{
+    if (ac->send_subkey != NULL)
+        return krb5_k_key_keyblock(ctx, ac->send_subkey, keyblock);
+    *keyblock = NULL;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key *key)
+{
+    krb5_k_reference_key(ctx, ac->send_subkey);
+    *key = ac->send_subkey;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
+{
+    if (ac->recv_subkey != NULL)
+        return krb5_k_key_keyblock(ctx, ac->recv_subkey, keyblock);
+    *keyblock = NULL;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key *key)
+{
+    krb5_k_reference_key(ctx, ac->recv_subkey);
+    *key = ac->recv_subkey;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_req_cksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype)
+{
+    auth_context->req_cksumtype = cksumtype;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_set_safe_cksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype)
+{
+    auth_context->safe_cksumtype = cksumtype;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 *seqnumber)
+{
+    *seqnumber = auth_context->local_seq_number;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 *seqnumber)
+{
+    *seqnumber = auth_context->remote_seq_number;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)
+{
+    if (auth_context->key == NULL)
+        return EINVAL;
+    return krb5_c_init_state(context, &auth_context->key->keyblock,
+                             KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
+                             &auth_context->cstate);
+}
+
+krb5_error_code
+krb5_auth_con_setivector(krb5_context context, krb5_auth_context auth_context, krb5_pointer ivector)
+{
+    /*
+     * This function was part of the pre-1.2.2 API.  Because it aliased the
+     * caller's memory into auth_context, and doesn't provide the size of the
+     * cipher state, it's inconvenient to support now, so return an error.
+     */
+    return EINVAL;
+}
+
+krb5_error_code
+krb5_auth_con_getivector(krb5_context context, krb5_auth_context auth_context, krb5_pointer *ivector)
+{
+    *ivector = auth_context->cstate.data;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 flags)
+{
+    auth_context->auth_context_flags = flags;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 *flags)
+{
+    *flags = auth_context->auth_context_flags;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache)
+{
+    auth_context->rcache = rcache;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache)
+{
+    *rcache = auth_context->rcache;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_setpermetypes(krb5_context context,
+                            krb5_auth_context auth_context,
+                            const krb5_enctype *permetypes)
+{
+    krb5_enctype *newpe;
+    krb5_error_code ret;
+
+    ret = k5_copy_etypes(permetypes, &newpe);
+    if (ret != 0)
+        return ret;
+
+    free(auth_context->permitted_etypes);
+    auth_context->permitted_etypes = newpe;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_getpermetypes(krb5_context context,
+                            krb5_auth_context auth_context,
+                            krb5_enctype **permetypes)
+{
+    *permetypes = NULL;
+    if (auth_context->permitted_etypes == NULL)
+        return 0;
+    return k5_copy_etypes(auth_context->permitted_etypes, permetypes);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_checksum_func( krb5_context context,
+                                 krb5_auth_context  auth_context,
+                                 krb5_mk_req_checksum_func func,
+                                 void *data)
+{
+    auth_context->checksum_func = func;
+    auth_context->checksum_func_data = data;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_get_checksum_func( krb5_context context,
+                                 krb5_auth_context auth_context,
+                                 krb5_mk_req_checksum_func *func,
+                                 void **data)
+{
+    *func = auth_context->checksum_func;
+    *data = auth_context->checksum_func_data;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_get_subkey_enctype(krb5_context context,
+                                 krb5_auth_context auth_context,
+                                 krb5_enctype *etype)
+{
+    *etype = auth_context->negotiated_etype;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_get_authdata_context(krb5_context context,
+                                   krb5_auth_context auth_context,
+                                   krb5_authdata_context *ad_context)
+{
+    *ad_context = auth_context->ad_context;
+    return 0;
+}
+
+krb5_error_code
+krb5_auth_con_set_authdata_context(krb5_context context,
+                                   krb5_auth_context auth_context,
+                                   krb5_authdata_context ad_context)
+{
+    auth_context->ad_context = ad_context;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/auth_con.h b/krb5-1.21.3/src/lib/krb5/krb/auth_con.h
new file mode 100644
index 00000000..a010ae40
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/auth_con.h
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#ifndef KRB5_AUTH_CONTEXT
+#define KRB5_AUTH_CONTEXT
+
+#include "../rcache/memrcache.h"
+
+struct _krb5_auth_context {
+    krb5_magic          magic;
+    krb5_address      * remote_addr;
+    krb5_address      * remote_port;
+    krb5_address      * local_addr;
+    krb5_address      * local_port;
+    krb5_key            key;
+    krb5_key            send_subkey;
+    krb5_key            recv_subkey;
+
+    krb5_int32          auth_context_flags;
+    krb5_ui_4           remote_seq_number;
+    krb5_ui_4           local_seq_number;
+    krb5_authenticator *authentp;               /* mk_req, rd_req, mk_rep, ...*/
+    krb5_cksumtype      req_cksumtype;          /* mk_safe, ... */
+    krb5_cksumtype      safe_cksumtype;         /* mk_safe, ... */
+    krb5_data           cstate;                 /* mk_priv, rd_priv only */
+    krb5_rcache         rcache;
+    k5_memrcache        memrcache;
+    krb5_enctype      * permitted_etypes;       /* rd_req */
+    krb5_mk_req_checksum_func checksum_func;
+    void *checksum_func_data;
+    krb5_enctype        negotiated_etype;
+    krb5_authdata_context   ad_context;
+};
+
+
+/* Internal auth_context_flags */
+#define KRB5_AUTH_CONN_INITIALIZED      0x00010000
+#define KRB5_AUTH_CONN_USED_W_MK_REQ    0x00020000
+#define KRB5_AUTH_CONN_USED_W_RD_REQ    0x00040000
+#define KRB5_AUTH_CONN_SANE_SEQ         0x00080000
+#define KRB5_AUTH_CONN_HEIMDAL_SEQ      0x00100000
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/krb/authdata.c b/krb5-1.21.3/src/lib/krb5/krb/authdata.c
new file mode 100644
index 00000000..a9023b0a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/authdata.c
@@ -0,0 +1,1286 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.  All
+ * Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include "k5-int.h"
+#include "authdata.h"
+#include "auth_con.h"
+#include "int-proto.h"
+
+/* Loosely based on preauth2.c */
+
+#define IS_PRIMARY_INSTANCE(_module) ((_module)->client_req_init != NULL)
+
+static const char *objdirs[] = {
+#if TARGET_OS_MAC
+    KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR,
+#endif
+    LIBDIR "/krb5/plugins/authdata",
+    NULL
+}; /* should be a list */
+
+/* Internal authdata systems */
+static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = {
+    &k5_mspac_ad_client_ftable,
+    &k5_authind_ad_client_ftable,
+    NULL
+};
+
+static inline int
+k5_ad_module_count(krb5plugin_authdata_client_ftable_v0 *table)
+{
+    int i;
+
+    if (table->ad_type_list == NULL)
+        return 0;
+
+    for (i = 0; table->ad_type_list[i]; i++)
+        ;
+
+    return i;
+}
+
+static krb5_error_code
+k5_ad_init_modules(krb5_context kcontext,
+                   krb5_authdata_context context,
+                   krb5plugin_authdata_client_ftable_v0 *table,
+                   int *module_count)
+{
+    int j, k = *module_count;
+    krb5_error_code code;
+    void *plugin_context = NULL;
+    void **rcpp = NULL;
+
+    if (table->ad_type_list == NULL) {
+#ifdef DEBUG
+        fprintf(stderr, "warning: module \"%s\" does not advertise "
+                "any AD types\n", table->name);
+#endif
+        return ENOENT;
+    }
+
+    if (table->init == NULL)
+        return ENOSYS;
+
+    code = (*table->init)(kcontext, &plugin_context);
+    if (code != 0) {
+#ifdef DEBUG
+        fprintf(stderr, "warning: skipping module \"%s\" which "
+                "failed to initialize\n", table->name);
+#endif
+        return code;
+    }
+
+    for (j = 0; table->ad_type_list[j] != 0; j++) {
+        context->modules[k].ad_type = table->ad_type_list[j];
+        context->modules[k].plugin_context = plugin_context;
+        if (j == 0)
+            context->modules[k].client_fini = table->fini;
+        else
+            context->modules[k].client_fini = NULL;
+        context->modules[k].ftable = table;
+        context->modules[k].name = table->name;
+        if (table->flags != NULL) {
+            (*table->flags)(kcontext, plugin_context,
+                            context->modules[k].ad_type,
+                            &context->modules[k].flags);
+        } else {
+            context->modules[k].flags = 0;
+        }
+        context->modules[k].request_context = NULL;
+        if (j == 0) {
+            context->modules[k].client_req_init = table->request_init;
+            context->modules[k].client_req_fini = table->request_fini;
+            rcpp = &context->modules[k].request_context;
+
+            /* For now, single request per context. That may change */
+            code = (*table->request_init)(kcontext,
+                                          context,
+                                          plugin_context,
+                                          rcpp);
+            if ((code != 0 && code != ENOMEM) &&
+                (context->modules[k].flags & AD_INFORMATIONAL))
+                code = 0;
+            if (code != 0)
+                break;
+        } else {
+            context->modules[k].client_req_init = NULL;
+            context->modules[k].client_req_fini = NULL;
+        }
+        context->modules[k].request_context_pp = rcpp;
+
+#ifdef DEBUG
+        fprintf(stderr, "init module \"%s\", ad_type %d, flags %08x\n",
+                context->modules[k].name,
+                context->modules[k].ad_type,
+                context->modules[k].flags);
+#endif
+        k++;
+    }
+    *module_count = k;
+
+    return code;
+}
+
+/*
+ * Determine size of to-be-externalized authdata context, for
+ * modules that match given flags mask. Note that this size
+ * does not include the magic identifier/trailer.
+ */
+static krb5_error_code
+k5_ad_size(krb5_context kcontext,
+           krb5_authdata_context context,
+           krb5_flags flags,
+           size_t *sizep)
+{
+    int i;
+    krb5_error_code code = 0;
+
+    *sizep += sizeof(krb5_int32); /* count */
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+        size_t size;
+
+        if ((module->flags & flags) == 0)
+            continue;
+
+        /* externalize request context for the first instance only */
+        if (!IS_PRIMARY_INSTANCE(module))
+            continue;
+
+        if (module->ftable->size == NULL)
+            continue;
+
+        assert(module->ftable->externalize != NULL);
+
+        size = sizeof(krb5_int32) /* namelen */ + strlen(module->name);
+
+        code = (*module->ftable->size)(kcontext,
+                                       context,
+                                       module->plugin_context,
+                                       *(module->request_context_pp),
+                                       &size);
+        if (code != 0)
+            break;
+
+        *sizep += size;
+    }
+
+    return code;
+}
+
+/*
+ * Externalize authdata context, for modules that match given flags
+ * mask. Note that the magic identifier/trailer is not included.
+ */
+static krb5_error_code
+k5_ad_externalize(krb5_context kcontext,
+                  krb5_authdata_context context,
+                  krb5_flags flags,
+                  krb5_octet **buffer,
+                  size_t *lenremain)
+{
+    int i;
+    krb5_error_code code;
+    krb5_int32 ad_count = 0;
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* placeholder for count */
+    code = krb5_ser_pack_int32(0, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+        size_t namelen;
+
+        if ((module->flags & flags) == 0)
+            continue;
+
+        /* externalize request context for the first instance only */
+        if (!IS_PRIMARY_INSTANCE(module))
+            continue;
+
+        if (module->ftable->externalize == NULL)
+            continue;
+
+        /*
+         * We use the module name rather than the authdata type, because
+         * there may be multiple modules for a particular authdata type.
+         */
+        namelen = strlen(module->name);
+
+        code = krb5_ser_pack_int32((krb5_int32)namelen, &bp, &remain);
+        if (code != 0)
+            break;
+
+        code = krb5_ser_pack_bytes((krb5_octet *)module->name,
+                                   namelen, &bp, &remain);
+        if (code != 0)
+            break;
+
+        code = (*module->ftable->externalize)(kcontext,
+                                              context,
+                                              module->plugin_context,
+                                              *(module->request_context_pp),
+                                              &bp,
+                                              &remain);
+        if (code != 0)
+            break;
+
+        ad_count++;
+    }
+
+    if (code == 0) {
+        /* store actual count */
+        krb5_ser_pack_int32(ad_count, buffer, lenremain);
+
+        *buffer = bp;
+        *lenremain = remain;
+    }
+
+    return code;
+}
+
+/*
+ * Find authdata module for authdata type that matches flag mask
+ */
+static struct _krb5_authdata_context_module *
+k5_ad_find_module(krb5_context kcontext,
+                  krb5_authdata_context context,
+                  krb5_flags flags,
+                  const krb5_data *name)
+{
+    int i;
+    struct _krb5_authdata_context_module *ret = NULL;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+
+        if ((module->flags & flags) == 0)
+            continue;
+
+        /* internalize request context for the first instance only */
+        if (!IS_PRIMARY_INSTANCE(module))
+            continue;
+
+        /* check for name match */
+        if (!data_eq_string(*name, module->name))
+            continue;
+
+        ret = module;
+        break;
+    }
+
+    return ret;
+}
+
+/*
+ * In-place internalize authdata context, for modules that match given
+ * flags mask. The magic identifier/trailer is not expected by this.
+ */
+static krb5_error_code
+k5_ad_internalize(krb5_context kcontext,
+                  krb5_authdata_context context,
+                  krb5_flags flags,
+                  krb5_octet **buffer,
+                  size_t *lenremain)
+{
+    krb5_error_code code = 0;
+    krb5_int32 i, count;
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    code = krb5_ser_unpack_int32(&count, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    for (i = 0; i < count; i++) {
+        struct _krb5_authdata_context_module *module;
+        krb5_int32 namelen;
+        krb5_data name;
+
+        code = krb5_ser_unpack_int32(&namelen, &bp, &remain);
+        if (code != 0)
+            break;
+
+        if (remain < (size_t)namelen) {
+            code = ENOMEM;
+            break;
+        }
+
+        name.length = namelen;
+        name.data = (char *)bp;
+
+        module = k5_ad_find_module(kcontext, context, flags, &name);
+        if (module == NULL || module->ftable->internalize == NULL) {
+            code = EINVAL;
+            break;
+        }
+
+        bp += namelen;
+        remain -= namelen;
+
+        code = (*module->ftable->internalize)(kcontext,
+                                              context,
+                                              module->plugin_context,
+                                              *(module->request_context_pp),
+                                              &bp,
+                                              &remain);
+        if (code != 0)
+            break;
+    }
+
+    if (code == 0) {
+        *buffer = bp;
+        *lenremain = remain;
+    }
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_context_init(krb5_context kcontext,
+                           krb5_authdata_context *pcontext)
+{
+    int n_modules, n_tables, i, k;
+    void **tables = NULL;
+    krb5plugin_authdata_client_ftable_v0 *table;
+    krb5_authdata_context context = NULL;
+    int internal_count = 0;
+    struct plugin_dir_handle plugins;
+    krb5_error_code code;
+
+    *pcontext = NULL;
+    memset(&plugins, 0, sizeof(plugins));
+
+    n_modules = 0;
+    for (n_tables = 0; authdata_systems[n_tables] != NULL; n_tables++) {
+        n_modules += k5_ad_module_count(authdata_systems[n_tables]);
+    }
+    internal_count = n_tables;
+
+    if (PLUGIN_DIR_OPEN(&plugins) == 0 &&
+        krb5int_open_plugin_dirs(objdirs, NULL,
+                                 &plugins,
+                                 &kcontext->err) == 0 &&
+        krb5int_get_plugin_dir_data(&plugins,
+                                    "authdata_client_0",
+                                    &tables,
+                                    &kcontext->err) == 0 &&
+        tables != NULL)
+    {
+        for (; tables[n_tables - internal_count] != NULL; n_tables++) {
+            table = tables[n_tables - internal_count];
+            n_modules += k5_ad_module_count(table);
+        }
+    }
+
+    context = calloc(1, sizeof(*context));
+    if (context == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+    context->magic = KV5M_AUTHDATA_CONTEXT;
+    context->modules = calloc(n_modules, sizeof(context->modules[0]));
+    if (context->modules == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+    context->n_modules = n_modules;
+
+    /* fill in the structure */
+    for (i = 0, k = 0, code = 0; i < n_tables - internal_count; i++) {
+        code = k5_ad_init_modules(kcontext, context, tables[i], &k);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    for (i = 0; i < internal_count; i++) {
+        code = k5_ad_init_modules(kcontext, context, authdata_systems[i], &k);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    context->plugins = plugins;
+
+cleanup:
+    if (tables != NULL)
+        krb5int_free_plugin_dir_data(tables);
+
+    if (code != 0) {
+        krb5int_close_plugin_dirs(&plugins);
+        krb5_authdata_context_free(kcontext, context);
+    } else {
+        /* plugins is owned by context now */
+        *pcontext = context;
+    }
+
+    return code;
+}
+
+void KRB5_CALLCONV
+krb5_authdata_context_free(krb5_context kcontext,
+                           krb5_authdata_context context)
+{
+    int i;
+
+    if (context == NULL)
+        return;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+
+        if (module->client_req_fini != NULL &&
+            module->request_context != NULL)
+            (*module->client_req_fini)(kcontext,
+                                       context,
+                                       module->plugin_context,
+                                       module->request_context);
+
+        if (module->client_fini != NULL)
+            (*module->client_fini)(kcontext, module->plugin_context);
+
+        memset(module, 0, sizeof(*module));
+    }
+
+    if (context->modules != NULL) {
+        free(context->modules);
+        context->modules = NULL;
+    }
+    krb5int_close_plugin_dirs(&context->plugins);
+    zapfree(context, sizeof(*context));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_import_attributes(krb5_context kcontext,
+                                krb5_authdata_context context,
+                                krb5_flags usage,
+                                const krb5_data *attrs)
+{
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = (krb5_octet *)attrs->data;
+    remain = attrs->length;
+
+    return k5_ad_internalize(kcontext, context, usage, &bp, &remain);
+}
+
+/* Return 0 with *kdc_issued_authdata == NULL on verification failure. */
+static krb5_error_code
+k5_get_kdc_issued_authdata(krb5_context kcontext,
+                           const krb5_ap_req *ap_req,
+                           krb5_principal *kdc_issuer,
+                           krb5_authdata ***kdc_issued_authdata)
+{
+    krb5_error_code code;
+    krb5_authdata **authdata;
+    krb5_authdata **ticket_authdata;
+
+    *kdc_issuer = NULL;
+    *kdc_issued_authdata = NULL;
+
+    ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
+
+    code = krb5_find_authdata(kcontext, ticket_authdata, NULL,
+                              KRB5_AUTHDATA_KDC_ISSUED, &authdata);
+    if (code != 0 || authdata == NULL)
+        return code;
+
+    /*
+     * Note: a module must still implement a verify_authdata
+     * method, even it is a NOOP that simply records the value
+     * of the kdc_issued_flag.
+     */
+    code = krb5_verify_authdata_kdc_issued(kcontext,
+                                           ap_req->ticket->enc_part2->session,
+                                           authdata[0],
+                                           kdc_issuer,
+                                           kdc_issued_authdata);
+
+    if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY ||
+        code == KRB5KRB_AP_ERR_INAPP_CKSUM ||
+        code == KRB5_BAD_ENCTYPE || code == KRB5_BAD_MSIZE)
+        code = 0;
+
+    krb5_free_authdata(kcontext, authdata);
+
+    return code;
+}
+
+/* Decode and verify each CAMMAC and collect the resulting authdata,
+ * ignoring those that failed verification. */
+static krb5_error_code
+extract_cammacs(krb5_context kcontext, krb5_authdata **cammacs,
+                const krb5_keyblock *key, krb5_authdata ***ad_out)
+{
+    krb5_error_code ret = 0;
+    krb5_authdata **list = NULL, **elements = NULL, **new_list;
+    size_t i, n_elements, count = 0;
+
+    *ad_out = NULL;
+
+    for (i = 0; cammacs != NULL && cammacs[i] != NULL; i++) {
+        ret = k5_unwrap_cammac_svc(kcontext, cammacs[i], key, &elements);
+        if (ret && ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+            goto cleanup;
+        ret = 0;
+        if (elements == NULL)
+            continue;
+
+        /* Add the verified elements to list and free the container array. */
+        for (n_elements = 0; elements[n_elements] != NULL; n_elements++);
+        new_list = realloc(list, (count + n_elements + 1) * sizeof(*list));
+        if (new_list == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        list = new_list;
+        memcpy(list + count, elements, n_elements * sizeof(*list));
+        count += n_elements;
+        list[count] = NULL;
+        free(elements);
+        elements = NULL;
+    }
+
+    *ad_out = list;
+    list = NULL;
+
+cleanup:
+    krb5_free_authdata(kcontext, list);
+    krb5_free_authdata(kcontext, elements);
+    return ret;
+}
+
+/* Retrieve verified CAMMAC contained elements. */
+static krb5_error_code
+get_cammac_authdata(krb5_context kcontext, const krb5_ap_req *ap_req,
+                    const krb5_keyblock *key, krb5_authdata ***elems_out)
+{
+    krb5_error_code ret = 0;
+    krb5_authdata **ticket_authdata, **cammacs, **elements;
+
+    *elems_out = NULL;
+
+    ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
+    ret = krb5_find_authdata(kcontext, ticket_authdata, NULL,
+                             KRB5_AUTHDATA_CAMMAC, &cammacs);
+    if (ret || cammacs == NULL)
+        return ret;
+
+    ret = extract_cammacs(kcontext, cammacs, key, &elements);
+    if (!ret)
+        *elems_out = elements;
+
+    krb5_free_authdata(kcontext, cammacs);
+    return ret;
+}
+
+krb5_error_code
+krb5int_authdata_verify(krb5_context kcontext,
+                        krb5_authdata_context context,
+                        krb5_flags usage,
+                        const krb5_auth_context *auth_context,
+                        const krb5_keyblock *key,
+                        const krb5_ap_req *ap_req)
+{
+    int i;
+    krb5_error_code code = 0;
+    krb5_authdata **authen_authdata;
+    krb5_authdata **ticket_authdata;
+    krb5_principal kdc_issuer = NULL;
+    krb5_authdata **kdc_issued_authdata = NULL;
+    krb5_authdata **cammac_authdata = NULL;
+
+    authen_authdata = (*auth_context)->authentp->authorization_data;
+    ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
+
+    code = k5_get_kdc_issued_authdata(kcontext, ap_req, &kdc_issuer,
+                                      &kdc_issued_authdata);
+    if (code)
+        goto cleanup;
+
+    code = get_cammac_authdata(kcontext, ap_req, key, &cammac_authdata);
+    if (code)
+        goto cleanup;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+        krb5_authdata **authdata = NULL;
+        krb5_boolean kdc_issued_flag = FALSE;
+
+        if ((module->flags & usage) == 0)
+            continue;
+
+        if (module->ftable->import_authdata == NULL)
+            continue;
+
+        if (kdc_issued_authdata != NULL &&
+            (module->flags & AD_USAGE_KDC_ISSUED)) {
+            code = krb5_find_authdata(kcontext, kdc_issued_authdata, NULL,
+                                      module->ad_type, &authdata);
+            if (code != 0)
+                break;
+
+            kdc_issued_flag = TRUE;
+        }
+
+        if (cammac_authdata != NULL && (module->flags & AD_CAMMAC_PROTECTED)) {
+            code = krb5_find_authdata(kcontext, cammac_authdata, NULL,
+                                      module->ad_type, &authdata);
+            if (code)
+                break;
+
+            kdc_issued_flag = TRUE;
+        }
+
+        if (authdata == NULL) {
+            krb5_boolean ticket_usage = FALSE;
+            krb5_boolean authen_usage = FALSE;
+
+            /*
+             * Determine which authdata sources to interrogate based on the
+             * module's usage. This is important if the authdata is signed
+             * by the KDC with the TGT key (as the user can forge that in
+             * the AP-REQ).
+             */
+            if (module->flags & (AD_USAGE_AS_REQ | AD_USAGE_TGS_REQ))
+                ticket_usage = TRUE;
+            if (module->flags & AD_USAGE_AP_REQ)
+                authen_usage = TRUE;
+
+            code = krb5_find_authdata(kcontext,
+                                      ticket_usage ? ticket_authdata : NULL,
+                                      authen_usage ? authen_authdata : NULL,
+                                      module->ad_type, &authdata);
+            if (code != 0)
+                break;
+        }
+
+        if (authdata == NULL)
+            continue;
+
+        assert(authdata[0] != NULL);
+
+        code = (*module->ftable->import_authdata)(kcontext,
+                                                  context,
+                                                  module->plugin_context,
+                                                  *(module->request_context_pp),
+                                                  authdata,
+                                                  kdc_issued_flag,
+                                                  kdc_issuer);
+        if (code == 0 && module->ftable->verify != NULL) {
+            code = (*module->ftable->verify)(kcontext,
+                                             context,
+                                             module->plugin_context,
+                                             *(module->request_context_pp),
+                                             auth_context,
+                                             key,
+                                             ap_req);
+        }
+        if (code != 0 && (module->flags & AD_INFORMATIONAL))
+            code = 0;
+        krb5_free_authdata(kcontext, authdata);
+        if (code != 0)
+            break;
+    }
+
+cleanup:
+    krb5_free_principal(kcontext, kdc_issuer);
+    krb5_free_authdata(kcontext, kdc_issued_authdata);
+    krb5_free_authdata(kcontext, cammac_authdata);
+
+    return code;
+}
+
+static krb5_error_code
+k5_merge_data_list(krb5_data **dst, krb5_data *src, unsigned int *len)
+{
+    unsigned int i;
+    krb5_data *d;
+
+    if (src == NULL)
+        return 0;
+
+    for (i = 0; src[i].data != NULL; i++)
+        ;
+
+    d = realloc(*dst, (*len + i + 1) * sizeof(krb5_data));
+    if (d == NULL)
+        return ENOMEM;
+
+    memcpy(&d[*len], src, i * sizeof(krb5_data));
+
+    *len += i;
+
+    d[*len].data = NULL;
+    d[*len].length = 0;
+
+    *dst = d;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_get_attribute_types(krb5_context kcontext,
+                                  krb5_authdata_context context,
+                                  krb5_data **out_attrs)
+{
+    int i;
+    krb5_error_code code = 0;
+    krb5_data *attrs = NULL;
+    unsigned int attrs_len = 0;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+        krb5_data *attrs2 = NULL;
+
+        if (module->ftable->get_attribute_types == NULL)
+            continue;
+
+        if ((*module->ftable->get_attribute_types)(kcontext,
+                                                   context,
+                                                   module->plugin_context,
+                                                   *(module->request_context_pp),
+                                                   &attrs2))
+            continue;
+
+        code = k5_merge_data_list(&attrs, attrs2, &attrs_len);
+        if (code != 0) {
+            krb5int_free_data_list(kcontext, attrs2);
+            break;
+        }
+        if (attrs2 != NULL)
+            free(attrs2);
+    }
+
+    if (code != 0) {
+        krb5int_free_data_list(kcontext, attrs);
+        attrs = NULL;
+    }
+
+    *out_attrs = attrs;
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_get_attribute(krb5_context kcontext,
+                            krb5_authdata_context context,
+                            const krb5_data *attribute,
+                            krb5_boolean *authenticated,
+                            krb5_boolean *complete,
+                            krb5_data *value,
+                            krb5_data *display_value,
+                            int *more)
+{
+    int i;
+    krb5_error_code code = ENOENT;
+
+    *authenticated = FALSE;
+    *complete = FALSE;
+
+    value->data = NULL;
+    value->length = 0;
+
+    display_value->data = NULL;
+    display_value->length = 0;
+
+    /*
+     * NB at present a module is presumed to be authoritative for
+     * an attribute; not sure how to federate "more" across module
+     * yet
+     */
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+
+        if (module->ftable->get_attribute == NULL)
+            continue;
+
+        code = (*module->ftable->get_attribute)(kcontext,
+                                                context,
+                                                module->plugin_context,
+                                                *(module->request_context_pp),
+                                                attribute,
+                                                authenticated,
+                                                complete,
+                                                value,
+                                                display_value,
+                                                more);
+        if (code == 0)
+            break;
+    }
+
+    if (code != 0)
+        *more = 0;
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_set_attribute(krb5_context kcontext,
+                            krb5_authdata_context context,
+                            krb5_boolean complete,
+                            const krb5_data *attribute,
+                            const krb5_data *value)
+{
+    int i;
+    krb5_error_code code = 0;
+    int found = 0;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+
+        if (module->ftable->set_attribute == NULL)
+            continue;
+
+        code = (*module->ftable->set_attribute)(kcontext,
+                                                context,
+                                                module->plugin_context,
+                                                *(module->request_context_pp),
+                                                complete,
+                                                attribute,
+                                                value);
+        if (code == ENOENT)
+            code = 0;
+        else if (code == 0)
+            found++;
+        else
+            break;
+    }
+
+    if (code == 0 && found == 0)
+        code = ENOENT;
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_delete_attribute(krb5_context kcontext,
+                               krb5_authdata_context context,
+                               const krb5_data *attribute)
+{
+    int i;
+    krb5_error_code code = ENOENT;
+    int found = 0;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+
+        if (module->ftable->delete_attribute == NULL)
+            continue;
+
+        code = (*module->ftable->delete_attribute)(kcontext,
+                                                   context,
+                                                   module->plugin_context,
+                                                   *(module->request_context_pp),
+                                                   attribute);
+        if (code == ENOENT)
+            code = 0;
+        else if (code == 0)
+            found++;
+        else
+            break;
+    }
+
+    if (code == 0 && found == 0)
+        code = ENOENT;
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_attributes(krb5_context kcontext,
+                                krb5_authdata_context context,
+                                krb5_flags flags,
+                                krb5_data **attrsp)
+{
+    krb5_error_code code;
+    size_t required = 0;
+    krb5_octet *bp;
+    size_t remain;
+    krb5_data *attrs;
+
+    code = k5_ad_size(kcontext, context, AD_USAGE_MASK, &required);
+    if (code != 0)
+        return code;
+
+    attrs = malloc(sizeof(*attrs));
+    if (attrs == NULL)
+        return ENOMEM;
+
+    attrs->magic = KV5M_DATA;
+    attrs->length = 0;
+    attrs->data = malloc(required);
+    if (attrs->data == NULL) {
+        free(attrs);
+        return ENOMEM;
+    }
+
+    bp = (krb5_octet *)attrs->data;
+    remain = required;
+
+    code = k5_ad_externalize(kcontext, context, AD_USAGE_MASK, &bp, &remain);
+    if (code != 0) {
+        krb5_free_data(kcontext, attrs);
+        return code;
+    }
+
+    attrs->length = (bp - (krb5_octet *)attrs->data);
+
+    *attrsp = attrs;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_internal(krb5_context kcontext,
+                              krb5_authdata_context context,
+                              krb5_boolean restrict_authenticated,
+                              const char *module_name,
+                              void **ptr)
+{
+    krb5_error_code code;
+    krb5_data name;
+    struct _krb5_authdata_context_module *module;
+
+    *ptr = NULL;
+
+    name = make_data((char *)module_name, strlen(module_name));
+    module = k5_ad_find_module(kcontext, context, AD_USAGE_MASK, &name);
+    if (module == NULL)
+        return ENOENT;
+
+    if (module->ftable->export_internal == NULL)
+        return ENOENT;
+
+    code = (*module->ftable->export_internal)(kcontext,
+                                              context,
+                                              module->plugin_context,
+                                              *(module->request_context_pp),
+                                              restrict_authenticated,
+                                              ptr);
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_free_internal(krb5_context kcontext,
+                            krb5_authdata_context context,
+                            const char *module_name,
+                            void *ptr)
+{
+    krb5_data name;
+    struct _krb5_authdata_context_module *module;
+
+    name = make_data((char *)module_name, strlen(module_name));
+    module = k5_ad_find_module(kcontext, context, AD_USAGE_MASK, &name);
+    if (module == NULL)
+        return ENOENT;
+
+    if (module->ftable->free_internal == NULL)
+        return ENOENT;
+
+    (*module->ftable->free_internal)(kcontext,
+                                     context,
+                                     module->plugin_context,
+                                     *(module->request_context_pp),
+                                     ptr);
+
+    return 0;
+}
+
+static krb5_error_code
+k5_copy_ad_module_data(krb5_context kcontext,
+                       krb5_authdata_context context,
+                       struct _krb5_authdata_context_module *src_module,
+                       krb5_authdata_context dst)
+{
+    int i;
+    krb5_error_code code;
+    struct _krb5_authdata_context_module *dst_module = NULL;
+
+    for (i = 0; i < dst->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &dst->modules[i];
+
+        if (module->ftable == src_module->ftable) {
+            /* XXX is this safe to assume these pointers are interned? */
+            dst_module = module;
+            break;
+        }
+    }
+
+    if (dst_module == NULL)
+        return ENOENT;
+
+    /* copy request context for the first instance only */
+    if (!IS_PRIMARY_INSTANCE(dst_module))
+        return 0;
+
+    assert(strcmp(dst_module->name, src_module->name) == 0);
+
+    /* If copy is unimplemented, externalize/internalize */
+    if (src_module->ftable->copy == NULL) {
+        size_t size = 0, remain;
+        krb5_octet *contents, *bp;
+
+        assert(src_module->ftable->size != NULL);
+        assert(src_module->ftable->externalize != NULL);
+        assert(dst_module->ftable->internalize != NULL);
+
+        code = (*src_module->ftable->size)(kcontext,
+                                           context,
+                                           src_module->plugin_context,
+                                           src_module->request_context,
+                                           &size);
+        if (code != 0)
+            return code;
+
+        contents = malloc(size);
+        if (contents == NULL)
+            return ENOMEM;
+
+        bp = contents;
+        remain = size;
+
+        code = (*src_module->ftable->externalize)(kcontext,
+                                                  context,
+                                                  src_module->plugin_context,
+                                                  *(src_module->request_context_pp),
+                                                  &bp,
+                                                  &remain);
+        if (code != 0) {
+            free(contents);
+            return code;
+        }
+
+        remain = (bp - contents);
+        bp = contents;
+
+        code = (*dst_module->ftable->internalize)(kcontext,
+                                                  context,
+                                                  dst_module->plugin_context,
+                                                  *(dst_module->request_context_pp),
+                                                  &bp,
+                                                  &remain);
+        if (code != 0) {
+            free(contents);
+            return code;
+        }
+
+        free(contents);
+    } else {
+        assert(src_module->request_context_pp == &src_module->request_context);
+        assert(dst_module->request_context_pp == &dst_module->request_context);
+
+        code = (*src_module->ftable->copy)(kcontext,
+                                           context,
+                                           src_module->plugin_context,
+                                           src_module->request_context,
+                                           dst_module->plugin_context,
+                                           dst_module->request_context);
+    }
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_context_copy(krb5_context kcontext,
+                           krb5_authdata_context src,
+                           krb5_authdata_context *pdst)
+{
+    int i;
+    krb5_error_code code;
+    krb5_authdata_context dst;
+
+    /* XXX we need to init a new context because we can't copy plugins */
+    code = krb5_authdata_context_init(kcontext, &dst);
+    if (code != 0)
+        return code;
+
+    for (i = 0; i < src->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &src->modules[i];
+
+        code = k5_copy_ad_module_data(kcontext, src, module, dst);
+        if (code != 0)
+            break;
+    }
+
+    if (code != 0) {
+        krb5_authdata_context_free(kcontext, dst);
+        return code;
+    }
+
+    *pdst = dst;
+
+    return 0;
+}
+
+/*
+ * Calculate size of to-be-externalized authdata context.
+ */
+krb5_error_code
+k5_size_authdata_context(krb5_context kcontext, krb5_authdata_context context,
+                         size_t *sizep)
+{
+    krb5_error_code code;
+
+    code = k5_ad_size(kcontext, context, AD_USAGE_MASK, sizep);
+    if (code != 0)
+        return code;
+
+    *sizep += 2 * sizeof(krb5_int32); /* identifier/trailer */
+
+    return 0;
+}
+
+/*
+ * Externalize an authdata context.
+ */
+krb5_error_code
+k5_externalize_authdata_context(krb5_context kcontext,
+                                krb5_authdata_context context,
+                                krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code code;
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Our identifier */
+    code = krb5_ser_pack_int32(KV5M_AUTHDATA_CONTEXT, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    /* The actual context data */
+    code = k5_ad_externalize(kcontext, context, AD_USAGE_MASK,
+                             &bp, &remain);
+    if (code != 0)
+        return code;
+
+    /* Our trailer */
+    code = krb5_ser_pack_int32(KV5M_AUTHDATA_CONTEXT, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    *buffer = bp;
+    *lenremain = remain;
+
+    return 0;
+}
+
+/*
+ * Internalize an authdata context.
+ */
+krb5_error_code
+k5_internalize_authdata_context(krb5_context kcontext,
+                                krb5_authdata_context *ptr,
+                                krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code code;
+    krb5_authdata_context context;
+    krb5_int32 ibuf;
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    if (ibuf != KV5M_AUTHDATA_CONTEXT)
+        return EINVAL;
+
+    code = krb5_authdata_context_init(kcontext, &context);
+    if (code != 0)
+        return code;
+
+    code = k5_ad_internalize(kcontext, context, AD_USAGE_MASK,
+                             &bp, &remain);
+    if (code != 0) {
+        krb5_authdata_context_free(kcontext, context);
+        return code;
+    }
+
+    code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    if (ibuf != KV5M_AUTHDATA_CONTEXT) {
+        krb5_authdata_context_free(kcontext, context);
+        return EINVAL;
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    *ptr = context;
+
+    return 0;
+}
+
+krb5_error_code
+krb5int_copy_authdatum(krb5_context context,
+                       const krb5_authdata *inad, krb5_authdata **outad)
+{
+    krb5_authdata *tmpad;
+
+    if (!(tmpad = (krb5_authdata *)malloc(sizeof(*tmpad))))
+        return ENOMEM;
+    *tmpad = *inad;
+    if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) {
+        free(tmpad);
+        return ENOMEM;
+    }
+    memcpy(tmpad->contents, inad->contents, inad->length);
+    *outad = tmpad;
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_authdata(krb5_context context, krb5_authdata **val)
+{
+    krb5_authdata **temp;
+
+    if (val == NULL)
+        return;
+    for (temp = val; *temp; temp++) {
+        free((*temp)->contents);
+        free(*temp);
+    }
+    free(val);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/authdata.h b/krb5-1.21.3/src/lib/krb5/krb/authdata.h
new file mode 100644
index 00000000..296cc496
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/authdata.h
@@ -0,0 +1,104 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/authdata.h */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KRB_AUTHDATA_H
+
+#define KRB_AUTHDATA_H
+
+#include <k5-int.h>
+#include "k5-utf8.h"
+
+
+/* authdata.c */
+krb5_error_code
+krb5int_authdata_verify(krb5_context context,
+                        krb5_authdata_context,
+                        krb5_flags usage,
+                        const krb5_auth_context *auth_context,
+                        const krb5_keyblock *key,
+                        const krb5_ap_req *ap_req);
+
+/* PAC */
+/*
+ * A PAC consists of a sequence of PAC_INFO_BUFFERs, preceded by
+ * a PACTYPE header. Decoding the contents of the buffers is left
+ * to the application (notwithstanding signature verification).
+ */
+
+struct k5_pac_buffer {
+    uint32_t type;
+    uint32_t size;
+    uint64_t offset;
+};
+
+struct krb5_pac_data {
+    krb5_data data;     /* PAC data (including uninitialised header) */
+    krb5_boolean verified;
+    uint32_t nbuffers;
+    uint32_t version;
+    struct k5_pac_buffer *buffers;
+};
+
+
+
+#define PAC_ALIGNMENT               8
+#define PACTYPE_LENGTH              8U
+#define PAC_SIGNATURE_DATA_LENGTH   4U
+#define PAC_CLIENT_INFO_LENGTH      10U
+#define PAC_INFO_BUFFER_LENGTH  16
+
+#define NT_TIME_EPOCH               11644473600LL
+
+extern krb5plugin_authdata_client_ftable_v0 k5_mspac_ad_client_ftable;
+extern krb5plugin_authdata_client_ftable_v0 k5_s4u2proxy_ad_client_ftable;
+extern krb5plugin_authdata_client_ftable_v0 k5_authind_ad_client_ftable;
+
+krb5_error_code
+k5_pac_locate_buffer(krb5_context context,
+                     const krb5_pac pac,
+                     krb5_ui_4 type,
+                     krb5_data *data);
+
+krb5_error_code
+k5_pac_validate_client(krb5_context context,
+                       const krb5_pac pac,
+                       krb5_timestamp authtime,
+                       krb5_const_principal principal,
+                       krb5_boolean with_realm);
+
+krb5_error_code
+k5_pac_add_buffer(krb5_context context,
+                  krb5_pac pac,
+                  krb5_ui_4 type,
+                  const krb5_data *data,
+                  krb5_boolean zerofill,
+                  krb5_data *out_data);
+
+krb5_error_code
+k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, uint64_t *ntTime);
+
+
+#endif /* !KRB_AUTHDATA_H */
diff --git a/krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c b/krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c
new file mode 100644
index 00000000..0d1c1c4d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c
@@ -0,0 +1,296 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/authdata_dec.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_decode_authdata_container(krb5_context context,
+                               krb5_authdatatype type,
+                               const krb5_authdata *container,
+                               krb5_authdata ***authdata)
+{
+    krb5_error_code code;
+    krb5_data data;
+
+    *authdata = NULL;
+
+    if ((container->ad_type & AD_TYPE_FIELD_TYPE_MASK) != type)
+        return EINVAL;
+
+    data.length = container->length;
+    data.data = (char *)container->contents;
+
+    code = decode_krb5_authdata(&data, authdata);
+    if (code)
+        return code;
+
+    return 0;
+}
+
+struct find_authdata_context {
+    krb5_authdata **out;
+    size_t space;
+    size_t length;
+};
+
+static krb5_error_code
+grow_find_authdata(krb5_context context, struct find_authdata_context *fctx,
+                   krb5_authdata *elem)
+{
+    krb5_error_code retval = 0;
+    if (fctx->length == fctx->space) {
+        krb5_authdata **new;
+        if (fctx->space >= 256) {
+            k5_setmsg(context, ERANGE,
+                      "More than 256 authdata matched a query");
+            return ERANGE;
+        }
+        new       = realloc(fctx->out,
+                            sizeof (krb5_authdata *)*(2*fctx->space+1));
+        if (new == NULL)
+            return ENOMEM;
+        fctx->out = new;
+        fctx->space *=2;
+    }
+    fctx->out[fctx->length+1] = NULL;
+    retval = krb5int_copy_authdatum(context, elem,
+                                    &fctx->out[fctx->length]);
+    if (retval == 0)
+        fctx->length++;
+    return retval;
+}
+
+static krb5_error_code
+find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat,
+                krb5_authdatatype ad_type, struct find_authdata_context *fctx,
+                int from_ap_req)
+{
+    int i = 0;
+    krb5_error_code retval = 0;
+
+    for (i = 0; in_authdat[i] && retval == 0; i++) {
+        krb5_authdata *ad = in_authdat[i];
+        krb5_authdata **decoded_container;
+
+        switch (ad->ad_type) {
+        case KRB5_AUTHDATA_IF_RELEVANT:
+            if (retval == 0)
+                retval = krb5_decode_authdata_container(context,
+                                                        ad->ad_type,
+                                                        ad,
+                                                        &decoded_container);
+            if (retval == 0) {
+                retval = find_authdata_1(context,
+                                         decoded_container,
+                                         ad_type,
+                                         fctx,
+                                         from_ap_req);
+                krb5_free_authdata(context, decoded_container);
+            }
+            break;
+        case KRB5_AUTHDATA_SIGNTICKET:
+        case KRB5_AUTHDATA_KDC_ISSUED:
+        case KRB5_AUTHDATA_WIN2K_PAC:
+        case KRB5_AUTHDATA_CAMMAC:
+        case KRB5_AUTHDATA_AUTH_INDICATOR:
+            if (from_ap_req)
+                continue;
+        default:
+            if (ad->ad_type == ad_type && retval == 0)
+                retval = grow_find_authdata(context, fctx, ad);
+            break;
+        }
+    }
+
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_find_authdata(krb5_context context,
+                   krb5_authdata *const *ticket_authdata,
+                   krb5_authdata *const *ap_req_authdata,
+                   krb5_authdatatype ad_type, krb5_authdata ***results)
+{
+    krb5_error_code retval = 0;
+    struct find_authdata_context fctx;
+    fctx.length = 0;
+    fctx.space = 2;
+    fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *));
+    *results = NULL;
+    if (fctx.out == NULL)
+        return ENOMEM;
+    if (ticket_authdata)
+        retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx, 0);
+    if ((retval==0) && ap_req_authdata)
+        retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx, 1);
+    if ((retval== 0) && fctx.length)
+        *results = fctx.out;
+    else krb5_free_authdata(context, fctx.out);
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_verify_authdata_kdc_issued(krb5_context context,
+                                const krb5_keyblock *key,
+                                const krb5_authdata *ad_kdcissued,
+                                krb5_principal *issuer,
+                                krb5_authdata ***authdata)
+{
+    krb5_error_code code;
+    krb5_ad_kdcissued *ad_kdci;
+    krb5_data data, *data2;
+    krb5_boolean valid = FALSE;
+
+    if ((ad_kdcissued->ad_type & AD_TYPE_FIELD_TYPE_MASK) !=
+        KRB5_AUTHDATA_KDC_ISSUED)
+        return EINVAL;
+
+    if (issuer != NULL)
+        *issuer = NULL;
+    if (authdata != NULL)
+        *authdata = NULL;
+
+    data.length = ad_kdcissued->length;
+    data.data = (char *)ad_kdcissued->contents;
+
+    code = decode_krb5_ad_kdcissued(&data, &ad_kdci);
+    if (code != 0)
+        return code;
+
+    if (!krb5_c_is_keyed_cksum(ad_kdci->ad_checksum.checksum_type)) {
+        krb5_free_ad_kdcissued(context, ad_kdci);
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+    }
+
+    code = encode_krb5_authdata(ad_kdci->elements, &data2);
+    if (code != 0) {
+        krb5_free_ad_kdcissued(context, ad_kdci);
+        return code;
+    }
+
+    code = krb5_c_verify_checksum(context, key,
+                                  KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM,
+                                  data2, &ad_kdci->ad_checksum, &valid);
+    if (code != 0) {
+        krb5_free_ad_kdcissued(context, ad_kdci);
+        krb5_free_data(context, data2);
+        return code;
+    }
+
+    krb5_free_data(context, data2);
+
+    if (valid == FALSE) {
+        krb5_free_ad_kdcissued(context, ad_kdci);
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+    }
+
+    if (issuer != NULL) {
+        *issuer = ad_kdci->i_principal;
+        ad_kdci->i_principal = NULL;
+    }
+
+    if (authdata != NULL) {
+        *authdata = ad_kdci->elements;
+        ad_kdci->elements = NULL;
+    }
+
+    krb5_free_ad_kdcissued(context, ad_kdci);
+
+    return 0;
+}
+
+/*
+ * Decode authentication indicator strings from authdata and return as an
+ * allocated array of krb5_data pointers.  The caller must initialize
+ * *indicators to NULL for the first call, and successive calls will reallocate
+ * and append to the indicators array.
+ */
+krb5_error_code
+k5_authind_decode(const krb5_authdata *ad, krb5_data ***indicators)
+{
+    krb5_error_code ret = 0;
+    krb5_data der_ad, **strdata = NULL, **ai_list = *indicators;
+    size_t count, scount;
+
+    if (ad == NULL || ad->ad_type != KRB5_AUTHDATA_AUTH_INDICATOR)
+        goto cleanup;
+
+    /* Count existing auth indicators. */
+    for (count = 0; ai_list != NULL && ai_list[count] != NULL; count++);
+
+    der_ad = make_data(ad->contents, ad->length);
+    ret = decode_utf8_strings(&der_ad, &strdata);
+    if (ret)
+        return ret;
+
+    /* Count new auth indicators. */
+    for (scount = 0; strdata[scount] != NULL; scount++);
+
+    ai_list = realloc(ai_list, (count + scount + 1) * sizeof(*ai_list));
+    if (ai_list == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    *indicators = ai_list;
+
+    /* Steal decoder-allocated pointers and free the container array. */
+    memcpy(ai_list + count, strdata, scount * sizeof(*strdata));
+    ai_list[count + scount] = NULL;
+    free(strdata);
+    strdata = NULL;
+
+cleanup:
+    k5_free_data_ptr_list(strdata);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/authdata_enc.c b/krb5-1.21.3/src/lib/krb5/krb/authdata_enc.c
new file mode 100644
index 00000000..3f7b3897
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/authdata_enc.c
@@ -0,0 +1,146 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/authdata_enc.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_encode_authdata_container(krb5_context context,
+                               krb5_authdatatype type,
+                               krb5_authdata *const*authdata,
+                               krb5_authdata ***container)
+{
+    krb5_error_code code;
+    krb5_data *data;
+    krb5_authdata ad_datum;
+    krb5_authdata *ad_data[2];
+
+    *container = NULL;
+
+    code = encode_krb5_authdata((krb5_authdata * const *)authdata, &data);
+    if (code)
+        return code;
+
+    ad_datum.ad_type = type & AD_TYPE_FIELD_TYPE_MASK;
+    ad_datum.length = data->length;
+    ad_datum.contents = (unsigned char *)data->data;
+
+    ad_data[0] = &ad_datum;
+    ad_data[1] = NULL;
+
+    code = krb5_copy_authdata(context, ad_data, container);
+
+    krb5_free_data(context, data);
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_make_authdata_kdc_issued(krb5_context context,
+                              const krb5_keyblock *key,
+                              krb5_const_principal issuer,
+                              krb5_authdata *const *authdata,
+                              krb5_authdata ***ad_kdcissued)
+{
+    krb5_error_code code;
+    krb5_ad_kdcissued ad_kdci;
+    krb5_data *data;
+    krb5_cksumtype cksumtype;
+    krb5_authdata ad_datum;
+    krb5_authdata *ad_data[2];
+
+    *ad_kdcissued = NULL;
+
+    ad_kdci.ad_checksum.contents = NULL;
+    ad_kdci.i_principal = (krb5_principal)issuer;
+    ad_kdci.elements = (krb5_authdata **)authdata;
+
+    code = krb5int_c_mandatory_cksumtype(context, key->enctype,
+                                         &cksumtype);
+    if (code != 0)
+        return code;
+
+    if (!krb5_c_is_keyed_cksum(cksumtype))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+
+    code = encode_krb5_authdata(ad_kdci.elements, &data);
+    if (code != 0)
+        return code;
+
+    code = krb5_c_make_checksum(context, cksumtype,
+                                key, KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM,
+                                data, &ad_kdci.ad_checksum);
+    if (code != 0) {
+        krb5_free_data(context, data);
+        return code;
+    }
+
+    krb5_free_data(context, data);
+
+    code = encode_krb5_ad_kdcissued(&ad_kdci, &data);
+    if (code != 0)
+        return code;
+
+    ad_datum.ad_type = KRB5_AUTHDATA_KDC_ISSUED;
+    ad_datum.length = data->length;
+    ad_datum.contents = (unsigned char *)data->data;
+
+    ad_data[0] = &ad_datum;
+    ad_data[1] = NULL;
+
+    code = krb5_copy_authdata(context, ad_data, ad_kdcissued);
+
+    krb5_free_data(context, data);
+    krb5_free_checksum_contents(context, &ad_kdci.ad_checksum);
+
+    return code;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c b/krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c
new file mode 100644
index 00000000..22758190
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c
@@ -0,0 +1,95 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.  All
+ * Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * krb5_authdata_export_authdata()
+ */
+
+#include "k5-int.h"
+#include "authdata.h"
+#include "auth_con.h"
+#include "int-proto.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_export_authdata(krb5_context kcontext,
+                              krb5_authdata_context context,
+                              krb5_flags flags,
+                              krb5_authdata ***pauthdata)
+{
+    int i;
+    krb5_error_code code = 0;
+    krb5_authdata **authdata = NULL;
+    unsigned int len = 0;
+
+    *pauthdata = NULL;
+
+    for (i = 0; i < context->n_modules; i++) {
+        struct _krb5_authdata_context_module *module = &context->modules[i];
+        krb5_authdata **authdata2 = NULL;
+        int j;
+
+        if ((module->flags & flags) == 0)
+            continue;
+
+        if (module->ftable->export_authdata == NULL)
+            continue;
+
+        code = (*module->ftable->export_authdata)(kcontext,
+                                                  context,
+                                                  module->plugin_context,
+                                                  *(module->request_context_pp),
+                                                  flags,
+                                                  &authdata2);
+        if (code == ENOENT)
+            code = 0;
+        else if (code != 0)
+            break;
+
+        if (authdata2 == NULL)
+            continue;
+
+        for (j = 0; authdata2[j] != NULL; j++)
+            ;
+
+        authdata = realloc(authdata, (len + j + 1) * sizeof(krb5_authdata *));
+        if (authdata == NULL)
+            return ENOMEM;
+
+        memcpy(&authdata[len], authdata2, j * sizeof(krb5_authdata *));
+        free(authdata2);
+
+        len += j;
+    }
+
+    if (authdata != NULL)
+        authdata[len] = NULL;
+
+    if (code != 0) {
+        krb5_free_authdata(kcontext, authdata);
+        return code;
+    }
+
+    *pauthdata = authdata;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c b/krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c
new file mode 100644
index 00000000..4da6f9fb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/bld_pr_ext.c */
+/*
+ * Copyright 1991, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Build a principal from a list of lengths and strings
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+#include <stdarg.h>
+
+krb5_error_code KRB5_CALLCONV_C
+krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
+                         unsigned int rlen, const char * realm, ...)
+{
+    va_list ap;
+    int i, count = 0;
+    krb5_data *princ_data;
+    krb5_principal princ_ret;
+    krb5_data tmpdata;
+
+    va_start(ap, realm);
+    /* count up */
+    while (va_arg(ap, int) != 0) {
+        (void)va_arg(ap, char *);               /* pass one up */
+        count++;
+    }
+    va_end(ap);
+
+    /* we do a 2-pass to avoid the need to guess on allocation needs
+       cf. bld_princ.c */
+    /* get space for array */
+    princ_data = (krb5_data *) malloc(sizeof(krb5_data) * count);
+    if (!princ_data)
+        return ENOMEM;
+    princ_ret = (krb5_principal) malloc(sizeof(krb5_principal_data));
+    if (!princ_ret) {
+        free(princ_data);
+        return ENOMEM;
+    }
+    princ_ret->data = princ_data;
+    princ_ret->length = count;
+    tmpdata.length = rlen;
+    tmpdata.data = (char *) realm;
+    if (krb5int_copy_data_contents_add0(context, &tmpdata, &princ_ret->realm) != 0) {
+        free(princ_data);
+        free(princ_ret);
+        return ENOMEM;
+    }
+
+    /* process rest of components */
+    va_start(ap, realm);
+    for (i = 0; i < count; i++) {
+        tmpdata.length = va_arg(ap, unsigned int);
+        tmpdata.data = va_arg(ap, char *);
+        if (krb5int_copy_data_contents_add0(context, &tmpdata,
+                                            &princ_data[i]) != 0)
+            goto free_out;
+    }
+    va_end(ap);
+    *princ = princ_ret;
+    princ_ret->type = k5_infer_principal_type(princ_ret);
+    return 0;
+
+free_out:
+    while (--i >= 0)
+        free(princ_data[i].data);
+    free(princ_data);
+    free(princ_ret->realm.data);
+    free(princ_ret);
+    va_end(ap);
+    return ENOMEM;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/bld_princ.c b/krb5-1.21.3/src/lib/krb5/krb/bld_princ.c
new file mode 100644
index 00000000..ff8265ac
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/bld_princ.c
@@ -0,0 +1,182 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/bld_princ.c - Build a principal from a list of strings */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_int32
+k5_infer_principal_type(krb5_principal princ)
+{
+    /* RFC 4120 section 7.3 */
+    if (princ->length == 2 && data_eq_string(princ->data[0], KRB5_TGS_NAME))
+        return KRB5_NT_SRV_INST;
+
+    /* RFC 6111 section 3.1 */
+    if (princ->length >= 2 &&
+        data_eq_string(princ->data[0], KRB5_WELLKNOWN_NAMESTR))
+        return KRB5_NT_WELLKNOWN;
+
+    return KRB5_NT_PRINCIPAL;
+}
+
+static krb5_error_code
+build_principal_va(krb5_context context, krb5_principal princ,
+                   unsigned int rlen, const char *realm, va_list ap)
+{
+    krb5_error_code retval = 0;
+    char *r = NULL;
+    krb5_data *data = NULL;
+    krb5_int32 count = 0;
+    krb5_int32 size = 2;  /* initial guess at needed space */
+    char *component = NULL;
+
+    data = malloc(size * sizeof(krb5_data));
+    if (!data) { retval = ENOMEM; }
+
+    if (!retval)
+        r = k5memdup0(realm, rlen, &retval);
+
+    while (!retval && (component = va_arg(ap, char *))) {
+        if (count == size) {
+            krb5_data *new_data = NULL;
+
+            size *= 2;
+            new_data = realloc(data, size * sizeof(krb5_data));
+            if (new_data) {
+                data = new_data;
+            } else {
+                retval = ENOMEM;
+            }
+        }
+
+        if (!retval) {
+            data[count].length = strlen(component);
+            data[count].data = strdup(component);
+            if (!data[count].data) { retval = ENOMEM; }
+            count++;
+        }
+    }
+
+    if (!retval) {
+        princ->magic = KV5M_PRINCIPAL;
+        princ->realm = make_data(r, rlen);
+        princ->data = data;
+        princ->length = count;
+        princ->type = k5_infer_principal_type(princ);
+        r = NULL;    /* take ownership */
+        data = NULL; /* take ownership */
+    }
+
+    if (data) {
+        while (--count >= 0) {
+            free(data[count].data);
+        }
+        free(data);
+    }
+    free(r);
+
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_build_principal_va(krb5_context context,
+                        krb5_principal princ,
+                        unsigned int rlen,
+                        const char *realm,
+                        va_list ap)
+{
+    return build_principal_va(context, princ, rlen, realm, ap);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_build_principal_alloc_va(krb5_context context,
+                              krb5_principal *princ,
+                              unsigned int rlen,
+                              const char *realm,
+                              va_list ap)
+{
+    krb5_error_code retval = 0;
+    krb5_principal p;
+
+    p = malloc(sizeof(krb5_principal_data));
+    if (p == NULL)
+        return ENOMEM;
+
+    retval = build_principal_va(context, p, rlen, realm, ap);
+    if (retval) {
+        free(p);
+        return retval;
+    }
+
+    *princ = p;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV_C
+krb5_build_principal(krb5_context context,
+                     krb5_principal * princ,
+                     unsigned int rlen,
+                     const char * realm, ...)
+{
+    krb5_error_code retval = 0;
+    va_list ap;
+
+    va_start(ap, realm);
+    retval = krb5_build_principal_alloc_va(context, princ, rlen, realm, ap);
+    va_end(ap);
+
+    return retval;
+}
+
+/*Anonymous and well known principals*/
+static const char anon_realm_str[] = KRB5_ANONYMOUS_REALMSTR;
+static const krb5_data anon_realm_data = {
+    KV5M_DATA, sizeof(anon_realm_str) - 1, (char *) anon_realm_str
+};
+static const char wellknown_str[] = KRB5_WELLKNOWN_NAMESTR;
+static const char anon_str[] = KRB5_ANONYMOUS_PRINCSTR;
+static const krb5_data anon_princ_data[] = {
+    { KV5M_DATA, sizeof(wellknown_str) - 1, (char *) wellknown_str },
+    { KV5M_DATA, sizeof(anon_str) - 1, (char *) anon_str }
+};
+
+const krb5_principal_data anon_princ = {
+    KV5M_PRINCIPAL,
+    { KV5M_DATA, sizeof(anon_realm_str) - 1, (char *) anon_realm_str },
+    (krb5_data *) anon_princ_data, 2, KRB5_NT_WELLKNOWN
+};
+
+const krb5_data * KRB5_CALLCONV
+krb5_anonymous_realm()
+{
+    return &anon_realm_data;
+}
+
+krb5_const_principal KRB5_CALLCONV
+krb5_anonymous_principal()
+{
+    return &anon_princ;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/brand.c b/krb5-1.21.3/src/lib/krb5/krb/brand.c
new file mode 100644
index 00000000..60662d5b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/brand.c
@@ -0,0 +1,72 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/brand.c */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This file is used to put a "release brand" on a Krb5 library before
+ * it is released via some release engineering process.  This gives us
+ * an easy way to tell where a binary came from.
+ *
+ * It depends on patchlevel.h for the master version stamp info.
+ */
+
+/* Format: "KRB5_BRAND: <cvs_tag> <release_name> <date>" */
+
+#include "patchlevel.h"
+
+#define XSTR(x) #x
+#define STR(x) XSTR(x)
+
+#ifdef KRB5_RELTAG
+#define RELTAG KRB5_RELTAG
+#else
+#define RELTAG "[untagged]"
+#endif
+
+#define MAJOR_MINOR STR(KRB5_MAJOR_RELEASE) "." STR(KRB5_MINOR_RELEASE)
+
+#if KRB5_PATCHLEVEL != 0
+#define MAYBE_PATCH "." STR(KRB5_PATCHLEVEL)
+#else
+#define MAYBE_PATCH ""
+#endif
+
+#ifdef KRB5_RELTAIL
+#define RELTAIL "-" KRB5_RELTAIL
+#else
+#define RELTAIL ""
+#endif
+
+#define RELNAME MAJOR_MINOR MAYBE_PATCH RELTAIL
+
+#ifdef KRB5_RELDATE
+#define RELDATE KRB5_RELDATE
+#else
+#define RELDATE "[date unknown]"
+#endif
+
+#define BRANDSTR RELTAG " " RELNAME " " RELDATE
+
+char krb5_brand[] = "KRB5_BRAND: " BRANDSTR;
diff --git a/krb5-1.21.3/src/lib/krb5/krb/cammac_util.c b/krb5-1.21.3/src/lib/krb5/krb/cammac_util.c
new file mode 100644
index 00000000..ab9da05a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/cammac_util.c
@@ -0,0 +1,86 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* cammac_util.c - CAMMAC related functions */
+/*
+ * Copyright (C) 2016 by Red Hat, Inc.
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+/* Return 0 if cammac's service verifier is valid for server_key. */
+static krb5_error_code
+check_svcver(krb5_context context, const krb5_cammac *cammac,
+             const krb5_keyblock *server_key)
+{
+    krb5_error_code ret;
+    krb5_boolean valid = FALSE;
+    krb5_verifier_mac *ver = cammac->svc_verifier;
+    krb5_data *der_authdata = NULL;
+
+    if (ver == NULL)
+        return EINVAL;
+
+    ret = encode_krb5_authdata(cammac->elements, &der_authdata);
+    if (ret)
+        return ret;
+
+    ret = krb5_c_verify_checksum(context, server_key, KRB5_KEYUSAGE_CAMMAC,
+                                 der_authdata, &ver->checksum, &valid);
+    if (!ret && !valid)
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+    krb5_free_data(context, der_authdata);
+    return ret;
+}
+
+/* Decode and verify CAMMAC authdata using the svc verifier,
+ * and return the contents as an allocated array of authdata pointers. */
+krb5_error_code
+k5_unwrap_cammac_svc(krb5_context context, const krb5_authdata *ad,
+                     const krb5_keyblock *key, krb5_authdata ***adata_out)
+{
+    krb5_data ad_data;
+    krb5_error_code ret;
+    krb5_cammac *cammac = NULL;
+
+    *adata_out = NULL;
+
+    ad_data = make_data(ad->contents, ad->length);
+    ret = decode_krb5_cammac(&ad_data, &cammac);
+    if (ret)
+        return ret;
+
+    ret = check_svcver(context, cammac, key);
+    if (!ret) {
+        *adata_out = cammac->elements;
+        cammac->elements = NULL;
+    }
+
+    k5_free_cammac(context, cammac);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/chk_trans.c b/krb5-1.21.3/src/lib/krb5/krb/chk_trans.c
new file mode 100644
index 00000000..36c6845b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/chk_trans.c
@@ -0,0 +1,438 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/chk_trans.c */
+/*
+ * Copyright 2001, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <stdarg.h>
+
+#if defined (TEST) || defined (TEST2)
+# undef DEBUG
+# define DEBUG
+#endif
+
+#ifdef DEBUG
+#define verbose krb5int_chk_trans_verbose
+static int verbose = 0;
+# define Tprintf(ARGS) if (verbose) printf ARGS
+#else
+# define Tprintf(ARGS) (void)(0)
+#endif
+
+#define MAXLEN 512
+
+static krb5_error_code
+process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data,
+                       const krb5_data *n1, const krb5_data *n2) {
+    unsigned int len1, len2, i;
+    char *p1, *p2;
+
+    Tprintf (("process_intermediates(%.*s,%.*s)\n",
+              (int) n1->length, n1->data, (int) n2->length, n2->data));
+
+    len1 = n1->length;
+    len2 = n2->length;
+
+    Tprintf (("(walking intermediates now)\n"));
+    /* Simplify...  */
+    if (len1 > len2) {
+        const krb5_data *p;
+        int tmp = len1;
+        len1 = len2;
+        len2 = tmp;
+        p = n1;
+        n1 = n2;
+        n2 = p;
+    }
+    /* Okay, now len1 is always shorter or equal.  */
+    if (len1 == len2) {
+        if (memcmp (n1->data, n2->data, len1)) {
+            Tprintf (("equal length but different strings in path: '%.*s' '%.*s'\n",
+                      (int) n1->length, n1->data, (int) n2->length, n2->data));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        Tprintf (("(end intermediates)\n"));
+        return 0;
+    }
+    /* Now len1 is always shorter.  */
+    if (len1 == 0)
+        /* Shouldn't be possible.  Internal error?  */
+        return KRB5KRB_AP_ERR_ILL_CR_TKT;
+    p1 = n1->data;
+    p2 = n2->data;
+    if (p1[0] == '/') {
+        /* X.500 style names, with common prefix.  */
+        if (p2[0] != '/') {
+            Tprintf (("mixed name formats in path: x500='%.*s' domain='%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        if (memcmp (p1, p2, len1)) {
+            Tprintf (("x500 names with different prefixes '%.*s' '%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        for (i = len1 + 1; i < len2; i++)
+            if (p2[i] == '/') {
+                krb5_data d;
+                krb5_error_code r;
+
+                d.data = p2;
+                d.length = i;
+                r = (*fn) (&d, data);
+                if (r)
+                    return r;
+            }
+    } else {
+        /* Domain style names, with common suffix.  */
+        if (p2[0] == '/') {
+            Tprintf (("mixed name formats in path: domain='%.*s' x500='%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        if (memcmp (p1, p2 + (len2 - len1), len1)) {
+            Tprintf (("domain names with different suffixes '%.*s' '%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        for (i = len2 - len1 - 1; i > 0; i--) {
+            Tprintf (("looking at '%.*s'\n", (int) (len2 - i), p2+i));
+            if (p2[i-1] == '.') {
+                krb5_data d;
+                krb5_error_code r;
+
+                d.data = p2+i;
+                d.length = len2 - i;
+                r = (*fn) (&d, data);
+                if (r)
+                    return r;
+            }
+        }
+    }
+    Tprintf (("(end intermediates)\n"));
+    return 0;
+}
+
+static krb5_error_code
+maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz)
+{
+    if (buf->length == 0)
+        return 0;
+    if (buf->data[0] == '/') {
+        if (last->length + buf->length > bufsiz) {
+            Tprintf (("too big: last=%d cur=%d max=%d\n", last->length, buf->length, bufsiz));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        memmove (buf->data+last->length, buf->data, buf->length);
+        memcpy (buf->data, last->data, last->length);
+        buf->length += last->length;
+    } else if (buf->data[buf->length-1] == '.') {
+        /* We can ignore the case where the previous component was
+           empty; the strcat will be a no-op.  It should probably
+           be an error case, but let's be flexible.  */
+        if (last->length+buf->length > bufsiz) {
+            Tprintf (("too big\n"));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        memcpy (buf->data + buf->length, last->data, last->length);
+        buf->length += last->length;
+    }
+    /* Otherwise, do nothing.  */
+    return 0;
+}
+
+/* The input strings cannot contain any \0 bytes, according to the
+   spec, but our API is such that they may not be \0 terminated
+   either.  Thus we keep on treating them as krb5_data objects instead
+   of C strings.  */
+static krb5_error_code
+foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data,
+               const krb5_data *crealm, const krb5_data *srealm,
+               const krb5_data *transit)
+{
+    char buf[MAXLEN], last[MAXLEN];
+    char *p, *bufp;
+    int next_lit, intermediates, l;
+    krb5_data this_component;
+    krb5_error_code r;
+    krb5_data last_component;
+
+    /* Invariants:
+       - last_component points to last[]
+       - this_component points to buf[]
+       - last_component has length of last
+       - this_component has length of buf when calling out
+       Keep these consistent, and we should be okay.  */
+
+    next_lit = 0;
+    intermediates = 0;
+    memset (buf, 0, sizeof (buf));
+
+    this_component.data = buf;
+    last_component.data = last;
+    last_component.length = 0;
+
+#define print_data(fmt,d) Tprintf((fmt,(int)(d)->length,(d)->data))
+    print_data ("client realm: %.*s\n", crealm);
+    print_data ("server realm: %.*s\n", srealm);
+    print_data ("transit enc.: %.*s\n", transit);
+
+    if (transit->length == 0) {
+        Tprintf (("no other realms transited\n"));
+        return 0;
+    }
+
+    bufp = buf;
+    for (p = transit->data, l = transit->length; l; p++, l--) {
+        if (next_lit) {
+            *bufp++ = *p;
+            if (bufp == buf+sizeof(buf))
+                return KRB5KRB_AP_ERR_ILL_CR_TKT;
+            next_lit = 0;
+        } else if (*p == '\\') {
+            next_lit = 1;
+        } else if (*p == ',') {
+            if (bufp != buf) {
+                this_component.length = bufp - buf;
+                r = maybe_join (&last_component, &this_component, sizeof(buf));
+                if (r)
+                    return r;
+                r = (*fn) (&this_component, data);
+                if (r)
+                    return r;
+                if (intermediates) {
+                    if (p == transit->data)
+                        r = process_intermediates (fn, data,
+                                                   &this_component, crealm);
+                    else {
+                        r = process_intermediates (fn, data, &this_component,
+                                                   &last_component);
+                    }
+                    if (r)
+                        return r;
+                }
+                intermediates = 0;
+                memcpy (last, buf, sizeof (buf));
+                last_component.length = this_component.length;
+                memset (buf, 0, sizeof (buf));
+                bufp = buf;
+            } else {
+                intermediates = 1;
+                if (p == transit->data) {
+                    if (crealm->length >= MAXLEN)
+                        return KRB5KRB_AP_ERR_ILL_CR_TKT;
+                    if (crealm->length > 0)
+                        memcpy (last, crealm->data, crealm->length);
+                    last[crealm->length] = '\0';
+                    last_component.length = crealm->length;
+                }
+            }
+        } else if (*p == ' ' && bufp == buf) {
+            /* This next component stands alone, even if it has a
+               trailing dot or leading slash.  */
+            memset (last, 0, sizeof (last));
+            last_component.length = 0;
+        } else {
+            /* Not a special character; literal.  */
+            *bufp++ = *p;
+            if (bufp == buf+sizeof(buf))
+                return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+    }
+    /* At end.  Must be normal state.  */
+    if (next_lit)
+        Tprintf (("ending in next-char-literal state\n"));
+    /* Process trailing element or comma.  */
+    if (bufp == buf) {
+        /* Trailing comma.  */
+        r = process_intermediates (fn, data, &last_component, srealm);
+    } else {
+        /* Trailing component.  */
+        this_component.length = bufp - buf;
+        r = maybe_join (&last_component, &this_component, sizeof(buf));
+        if (r)
+            return r;
+        r = (*fn) (&this_component, data);
+        if (r)
+            return r;
+        if (intermediates)
+            r = process_intermediates (fn, data, &this_component,
+                                       &last_component);
+    }
+    if (r != 0)
+        return r;
+    return 0;
+}
+
+struct check_data {
+    krb5_context ctx;
+    krb5_principal *tgs;
+};
+
+static krb5_error_code
+check_realm_in_list (krb5_data *realm, void *data)
+{
+    struct check_data *cdata = data;
+    int i;
+
+    Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data));
+    for (i = 0; cdata->tgs[i]; i++) {
+        if (data_eq (cdata->tgs[i]->realm, *realm))
+            return 0;
+    }
+    Tprintf (("BAD!\n"));
+    return KRB5KRB_AP_ERR_ILL_CR_TKT;
+}
+
+krb5_error_code
+krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in,
+                           const krb5_data *crealm, const krb5_data *srealm)
+{
+    krb5_data trans;
+    struct check_data cdata;
+    krb5_error_code r;
+    const krb5_data *anonymous;
+
+    trans.length = trans_in->length;
+    trans.data = (char *) trans_in->data;
+    if (trans.length && (trans.data[trans.length-1] == '\0'))
+        trans.length--;
+
+    Tprintf (("krb5_check_transited_list(trans=\"%.*s\", crealm=\"%.*s\", srealm=\"%.*s\")\n",
+              (int) trans.length, trans.data,
+              (int) crealm->length, crealm->data,
+              (int) srealm->length, srealm->data));
+    if (trans.length == 0)
+        return 0;
+    anonymous = krb5_anonymous_realm();
+    if (crealm->length == anonymous->length &&
+        (memcmp(crealm->data, anonymous->data, anonymous->length) == 0))
+        return 0; /* Nothing to check for anonymous */
+
+    r = krb5_walk_realm_tree (ctx, crealm, srealm, &cdata.tgs,
+                              KRB5_REALM_BRANCH_CHAR);
+    if (r) {
+        Tprintf (("error %ld\n", (long) r));
+        return r;
+    }
+#ifdef DEBUG /* avoid compiler warning about 'd' unused */
+    {
+        int i;
+        Tprintf (("tgs list = {\n"));
+        for (i = 0; cdata.tgs[i]; i++) {
+            char *name;
+            r = krb5_unparse_name (ctx, cdata.tgs[i], &name);
+            Tprintf (("\t'%s'\n", name));
+            free (name);
+        }
+        Tprintf (("}\n"));
+    }
+#endif
+    cdata.ctx = ctx;
+    r = foreach_realm (check_realm_in_list, &cdata, crealm, srealm, &trans);
+    krb5_free_realm_tree (ctx, cdata.tgs);
+    return r;
+}
+
+#ifdef TEST
+
+static krb5_error_code
+print_a_realm (krb5_data *realm, void *data)
+{
+    printf ("%.*s\n", (int) realm->length, realm->data);
+    return 0;
+}
+
+int main (int argc, char *argv[]) {
+    const char *me;
+    krb5_data crealm, srealm, transit;
+    krb5_error_code r;
+    int expand_only = 0;
+
+    me = strrchr (argv[0], '/');
+    me = me ? me+1 : argv[0];
+
+    while (argc > 3 && argv[1][0] == '-') {
+        if (!strcmp ("-v", argv[1]))
+            verbose++, argc--, argv++;
+        else if (!strcmp ("-x", argv[1]))
+            expand_only++, argc--, argv++;
+        else
+            goto usage;
+    }
+
+    if (argc != 4) {
+    usage:
+        printf ("usage: %s [-v] [-x] clientRealm serverRealm transitEncoding\n",
+                me);
+        return 1;
+    }
+
+    crealm.data = argv[1];
+    crealm.length = strlen(argv[1]);
+    srealm.data = argv[2];
+    srealm.length = strlen(argv[2]);
+    transit.data = argv[3];
+    transit.length = strlen(argv[3]);
+
+    if (expand_only) {
+
+        printf ("client realm: %s\n", argv[1]);
+        printf ("server realm: %s\n", argv[2]);
+        printf ("transit enc.: %s\n", argv[3]);
+
+        if (argv[3][0] == 0) {
+            printf ("no other realms transited\n");
+            return 0;
+        }
+
+        r = foreach_realm (print_a_realm, NULL, &crealm, &srealm, &transit);
+        if (r)
+            printf ("--> returned error %ld\n", (long) r);
+        return r != 0;
+
+    } else {
+
+        /* Actually check the values against the supplied krb5.conf file.  */
+        krb5_context ctx;
+        r = krb5_init_context (&ctx);
+        if (r) {
+            com_err (me, r, "initializing krb5 context");
+            return 1;
+        }
+        r = krb5_check_transited_list (ctx, &transit, &crealm, &srealm);
+        if (r == KRB5KRB_AP_ERR_ILL_CR_TKT) {
+            printf ("NO\n");
+        } else if (r == 0) {
+            printf ("YES\n");
+        } else {
+            printf ("kablooey!\n");
+            com_err (me, r, "checking transited-realm list");
+            return 1;
+        }
+        return 0;
+    }
+}
+
+#endif /* TEST */
diff --git a/krb5-1.21.3/src/lib/krb5/krb/chpw.c b/krb5-1.21.3/src/lib/krb5/krb/chpw.c
new file mode 100644
index 00000000..aca39459
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/chpw.c
@@ -0,0 +1,510 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc.
+*/
+
+#include "k5-int.h"
+#include "k5-unicode.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+
+krb5_error_code
+krb5int_mk_chpw_req(krb5_context context,
+                    krb5_auth_context auth_context,
+                    krb5_data *ap_req,
+                    const char *passwd,
+                    krb5_data *packet)
+{
+    krb5_error_code ret = 0;
+    krb5_data clearpw;
+    krb5_data cipherpw;
+    krb5_replay_data replay;
+    char *ptr;
+
+    cipherpw.data = NULL;
+
+    if ((ret = krb5_auth_con_setflags(context, auth_context,
+                                      KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
+        goto cleanup;
+
+    clearpw = string2data((char *)passwd);
+
+    if ((ret = krb5_mk_priv(context, auth_context,
+                            &clearpw, &cipherpw, &replay)))
+        goto cleanup;
+
+    packet->length = 6 + ap_req->length + cipherpw.length;
+    packet->data = (char *) malloc(packet->length);
+    if (packet->data == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    ptr = packet->data;
+
+    /* length */
+
+    store_16_be(packet->length, ptr);
+    ptr += 2;
+
+    /* version == 0x0001 big-endian */
+
+    *ptr++ = 0;
+    *ptr++ = 1;
+
+    /* ap_req length, big-endian */
+
+    store_16_be(ap_req->length, ptr);
+    ptr += 2;
+
+    /* ap-req data */
+
+    memcpy(ptr, ap_req->data, ap_req->length);
+    ptr += ap_req->length;
+
+    /* krb-priv of password */
+
+    memcpy(ptr, cipherpw.data, cipherpw.length);
+
+cleanup:
+    if (cipherpw.data != NULL)  /* allocated by krb5_mk_priv */
+        free(cipherpw.data);
+
+    return(ret);
+}
+
+/* Decode error_packet as a KRB-ERROR message and retrieve its e-data into
+ * *edata_out. */
+static krb5_error_code
+get_error_edata(krb5_context context, const krb5_data *error_packet,
+                krb5_data **edata_out)
+{
+    krb5_error_code ret;
+    krb5_error *krberror = NULL;
+
+    *edata_out = NULL;
+
+    ret = krb5_rd_error(context, error_packet, &krberror);
+    if (ret)
+        return ret;
+
+    if (krberror->e_data.data == NULL) {
+        /* Return a krb5 error code based on the error number. */
+        ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code)krberror->error;
+        goto cleanup;
+    }
+
+    ret = krb5_copy_data(context, &krberror->e_data, edata_out);
+
+cleanup:
+    krb5_free_error(context, krberror);
+    return ret;
+}
+
+/* Decode a reply to produce the clear-text output. */
+static krb5_error_code
+get_clear_result(krb5_context context, krb5_auth_context auth_context,
+                 const krb5_data *packet, krb5_data **clear_out,
+                 krb5_boolean *is_error_out)
+{
+    krb5_error_code ret;
+    char *ptr, *end = packet->data + packet->length;
+    unsigned int plen, vno, aplen;
+    krb5_data ap_rep, cipher, error;
+    krb5_ap_rep_enc_part *ap_rep_enc;
+    krb5_replay_data replay;
+    krb5_key send_subkey = NULL;
+    krb5_data clear = empty_data();
+
+    *clear_out = NULL;
+    *is_error_out = FALSE;
+
+    /* Check for an unframed KRB-ERROR (expected for RFC 3244 requests; also
+     * received from MS AD for version 1 requests). */
+    if (krb5_is_krb_error(packet)) {
+        *is_error_out = TRUE;
+        return get_error_edata(context, packet, clear_out);
+    }
+
+    if (packet->length < 6)
+        return KRB5KRB_AP_ERR_MODIFIED;
+
+    /* Decode and verify the length. */
+    ptr = packet->data;
+    plen = (*ptr++ & 0xff);
+    plen = (plen << 8) | (*ptr++ & 0xff);
+    if (plen != packet->length)
+        return KRB5KRB_AP_ERR_MODIFIED;
+
+    /* Decode and verify the version number. */
+    vno = (*ptr++ & 0xff);
+    vno = (vno << 8) | (*ptr++ & 0xff);
+    if (vno != 1 && vno != 0xff80)
+        return KRB5KDC_ERR_BAD_PVNO;
+
+    /* Decode and check the AP-REP length. */
+    aplen = (*ptr++ & 0xff);
+    aplen = (aplen << 8) | (*ptr++ & 0xff);
+    if (aplen > end - ptr)
+        return KRB5KRB_AP_ERR_MODIFIED;
+
+    /* A zero-length AP-REQ indicates a framed KRB-ERROR response.  (Expected
+     * for protocol version 1; specified but unusual for RFC 3244 requests.) */
+    if (aplen == 0) {
+        *is_error_out = TRUE;
+        error = make_data(ptr, end - ptr);
+        return get_error_edata(context, &error, clear_out);
+    }
+
+    /* We have an AP-REP.  Save send_subkey to later smash recv_subkey. */
+    ret = krb5_auth_con_getsendsubkey_k(context, auth_context, &send_subkey);
+    if (ret)
+        return ret;
+
+    /* Verify the AP-REP. */
+    ap_rep = make_data(ptr, aplen);
+    ptr += ap_rep.length;
+    ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+    if (ret)
+        goto cleanup;
+    krb5_free_ap_rep_enc_part(context, ap_rep_enc);
+
+    /* Smash recv_subkey to be send_subkey, per spec. */
+    ret = krb5_auth_con_setrecvsubkey_k(context, auth_context, send_subkey);
+    if (ret)
+        goto cleanup;
+
+    /* Extract and decrypt the result. */
+    cipher = make_data(ptr, end - ptr);
+    ret = krb5_rd_priv(context, auth_context, &cipher, &clear, &replay);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_copy_data(context, &clear, clear_out);
+    if (ret)
+        goto cleanup;
+    *is_error_out = FALSE;
+
+cleanup:
+    krb5_k_free_key(context, send_subkey);
+    krb5_free_data_contents(context, &clear);
+    return ret;
+}
+
+krb5_error_code
+krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
+                    krb5_data *packet, int *result_code_out,
+                    krb5_data *result_data_out)
+{
+    krb5_error_code ret;
+    krb5_data result_data, *clear = NULL;
+    krb5_boolean is_error;
+    char *ptr;
+    int result_code;
+
+    *result_code_out = 0;
+    *result_data_out = empty_data();
+
+    ret = get_clear_result(context, auth_context, packet, &clear, &is_error);
+    if (ret)
+        return ret;
+
+    if (clear->length < 2) {
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
+    }
+
+    /* Decode and check the result code. */
+    ptr = clear->data;
+    result_code = (*ptr++ & 0xff);
+    result_code = (result_code << 8) | (*ptr++ & 0xff);
+    if (result_code < KRB5_KPASSWD_SUCCESS ||
+        result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED) {
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
+    }
+
+    /* Successful replies must not come from errors. */
+    if (is_error && result_code == KRB5_KPASSWD_SUCCESS) {
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
+    }
+
+    result_data = make_data(ptr, clear->data + clear->length - ptr);
+    ret = krb5int_copy_data_contents(context, &result_data, result_data_out);
+    if (ret)
+        goto cleanup;
+    *result_code_out = result_code;
+
+cleanup:
+    krb5_free_data(context, clear);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_chpw_result_code_string(krb5_context context, int result_code,
+                             char **code_string)
+{
+    switch (result_code) {
+    case KRB5_KPASSWD_MALFORMED:
+        *code_string = _("Malformed request error");
+        break;
+    case KRB5_KPASSWD_HARDERROR:
+        *code_string = _("Server error");
+        break;
+    case KRB5_KPASSWD_AUTHERROR:
+        *code_string = _("Authentication error");
+        break;
+    case KRB5_KPASSWD_SOFTERROR:
+        *code_string = _("Password change rejected");
+        break;
+    case KRB5_KPASSWD_ACCESSDENIED:
+        *code_string = _("Access denied");
+        break;
+    case KRB5_KPASSWD_BAD_VERSION:
+        *code_string = _("Wrong protocol version");
+        break;
+    case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
+        *code_string = _("Initial password required");
+        break;
+    case 0:
+        *code_string = _("Success");
+        break;
+    default:
+        *code_string = _("Password change failed");
+        break;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+krb5int_mk_setpw_req(krb5_context context,
+                     krb5_auth_context auth_context,
+                     krb5_data *ap_req,
+                     krb5_principal targprinc,
+                     const char *passwd,
+                     krb5_data *packet)
+{
+    krb5_error_code ret;
+    krb5_data   cipherpw;
+    krb5_data   *encoded_setpw;
+    struct krb5_setpw_req req;
+
+    char *ptr;
+
+    cipherpw.data = NULL;
+    cipherpw.length = 0;
+
+    if ((ret = krb5_auth_con_setflags(context, auth_context,
+                                      KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
+        return(ret);
+
+    req.target = targprinc;
+    req.password = string2data((char *)passwd);
+    ret = encode_krb5_setpw_req(&req, &encoded_setpw);
+    if (ret) {
+        return ret;
+    }
+
+    if ((ret = krb5_mk_priv(context, auth_context, encoded_setpw, &cipherpw, NULL)) != 0) {
+        krb5_free_data(context, encoded_setpw);
+        return(ret);
+    }
+    krb5_free_data(context, encoded_setpw);
+
+
+    packet->length = 6 + ap_req->length + cipherpw.length;
+    packet->data = (char *) malloc(packet->length);
+    if (packet->data  == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    ptr = packet->data;
+    /*
+    ** build the packet -
+    */
+    /* put in the length */
+    store_16_be(packet->length, ptr);
+    ptr += 2;
+    /* put in the version */
+    *ptr++ = (char)0xff;
+    *ptr++ = (char)0x80;
+    /* the ap_req length is big endian */
+    store_16_be(ap_req->length, ptr);
+    ptr += 2;
+    /* put in the request data */
+    memcpy(ptr, ap_req->data, ap_req->length);
+    ptr += ap_req->length;
+    /*
+    ** put in the "private" password data -
+    */
+    memcpy(ptr, cipherpw.data, cipherpw.length);
+    ret = 0;
+cleanup:
+    if (cipherpw.data)
+        krb5_free_data_contents(context, &cipherpw);
+    if ((ret != 0) && packet->data) {
+        free(packet->data);
+        packet->data = NULL;
+    }
+    return ret;
+}
+
+/*
+ * Active Directory policy information is communicated in the result string
+ * field as a packed 30-byte sequence, starting with two zero bytes (so that
+ * the string appears as zero-length when interpreted as UTF-8).  The bytes
+ * correspond to the fields in the following structure, with each field in
+ * big-endian byte order.
+ */
+struct ad_policy_info {
+    uint16_t zero_bytes;
+    uint32_t min_length_password;
+    uint32_t password_history;
+    uint32_t password_properties; /* see defines below */
+    uint64_t expire;              /* in seconds * 10,000,000 */
+    uint64_t min_passwordage;     /* in seconds * 10,000,000 */
+};
+
+#define AD_POLICY_INFO_LENGTH      30
+#define AD_POLICY_TIME_TO_DAYS     (86400ULL * 10000000ULL)
+
+#define AD_POLICY_COMPLEX          0x00000001
+#define AD_POLICY_NO_ANON_CHANGE   0x00000002
+#define AD_POLICY_NO_CLEAR_CHANGE  0x00000004
+#define AD_POLICY_LOCKOUT_ADMINS   0x00000008
+#define AD_POLICY_STORE_CLEARTEXT  0x00000010
+#define AD_POLICY_REFUSE_CHANGE    0x00000020
+
+/* If buf already contains one or more sentences, add spaces to separate them
+ * from the next sentence. */
+static void
+add_spaces(struct k5buf *buf)
+{
+    if (buf->len > 0)
+        k5_buf_add(buf, "  ");
+}
+
+static krb5_error_code
+decode_ad_policy_info(const krb5_data *data, char **msg_out)
+{
+    struct ad_policy_info policy;
+    uint64_t password_days;
+    const char *p;
+    struct k5buf buf;
+    char *msg;
+
+    *msg_out = NULL;
+    if (data->length != AD_POLICY_INFO_LENGTH)
+        return 0;
+
+    p = data->data;
+    policy.zero_bytes = load_16_be(p);
+    p += 2;
+
+    /* first two bytes are zeros */
+    if (policy.zero_bytes != 0)
+        return 0;
+
+    /* Read in the rest of structure */
+    policy.min_length_password = load_32_be(p);
+    p += 4;
+    policy.password_history = load_32_be(p);
+    p += 4;
+    policy.password_properties = load_32_be(p);
+    p += 4;
+    policy.expire = load_64_be(p);
+    p += 8;
+    policy.min_passwordage = load_64_be(p);
+    p += 8;
+
+    /* Check that we processed exactly the expected number of bytes. */
+    assert(p == data->data + AD_POLICY_INFO_LENGTH);
+
+    k5_buf_init_dynamic(&buf);
+
+    /*
+     * Update src/tests/misc/test_chpw_message.c if changing these strings!
+     */
+
+    if (policy.password_properties & AD_POLICY_COMPLEX) {
+        k5_buf_add(&buf, _("The password must include numbers or symbols.  "
+                           "Don't include any part of your name in the "
+                           "password."));
+    }
+    if (policy.min_length_password > 0) {
+        add_spaces(&buf);
+        k5_buf_add_fmt(&buf, ngettext("The password must contain at least %d "
+                                      "character.",
+                                      "The password must contain at least %d "
+                                      "characters.",
+                                      policy.min_length_password),
+                       policy.min_length_password);
+    }
+    if (policy.password_history) {
+        add_spaces(&buf);
+        k5_buf_add_fmt(&buf, ngettext("The password must be different from "
+                                      "the previous password.",
+                                      "The password must be different from "
+                                      "the previous %d passwords.",
+                                      policy.password_history),
+                       policy.password_history);
+    }
+    if (policy.min_passwordage) {
+        password_days = policy.min_passwordage / AD_POLICY_TIME_TO_DAYS;
+        if (password_days == 0)
+            password_days = 1;
+        add_spaces(&buf);
+        k5_buf_add_fmt(&buf, ngettext("The password can only be changed once "
+                                      "a day.",
+                                      "The password can only be changed every "
+                                      "%d days.", (int)password_days),
+                       (int)password_days);
+    }
+
+    msg = k5_buf_cstring(&buf);
+    if (msg == NULL)
+        return ENOMEM;
+    if (*msg != '\0')
+        *msg_out = msg;
+    else
+        free(msg);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_chpw_message(krb5_context context, const krb5_data *server_string,
+                  char **message_out)
+{
+    krb5_error_code ret;
+    char *msg;
+
+    *message_out = NULL;
+
+    /* If server_string contains an AD password policy, construct a message
+     * based on that. */
+    ret = decode_ad_policy_info(server_string, &msg);
+    if (ret == 0 && msg != NULL) {
+        *message_out = msg;
+        return 0;
+    }
+
+    /* If server_string contains a valid UTF-8 string, return that. */
+    if (server_string->length > 0 &&
+        memchr(server_string->data, 0, server_string->length) == NULL &&
+        k5_utf8_validate(server_string)) {
+        *message_out = k5memdup0(server_string->data, server_string->length,
+                                 &ret);
+        return (*message_out == NULL) ? ENOMEM : 0;
+    }
+
+    /* server_string appears invalid, so try to be helpful. */
+    msg = strdup(_("Try a more complex password, or contact your "
+                   "administrator."));
+    if (msg == NULL)
+        return ENOMEM;
+
+    *message_out = msg;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/conv_creds.c b/krb5-1.21.3/src/lib/krb5/krb/conv_creds.c
new file mode 100644
index 00000000..6f460881
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/conv_creds.c
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
+                       struct credentials *v4creds)
+{
+    return KRB524_KRB4_DISABLED;
+}
+
+/* These may be needed for object-level backwards compatibility on Mac
+   OS and UNIX, but Windows should be okay.  */
+#ifndef _WIN32
+#undef krb524_convert_creds_kdc
+#undef krb524_init_ets
+
+/* Declarations ahead of the definitions will suppress some gcc
+   warnings.  */
+void KRB5_CALLCONV krb524_init_ets (void);
+krb5_error_code KRB5_CALLCONV
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
+                         struct credentials *v4creds);
+
+krb5_error_code KRB5_CALLCONV
+krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
+                         struct credentials *v4creds)
+{
+    return KRB524_KRB4_DISABLED;
+}
+
+void KRB5_CALLCONV krb524_init_ets ()
+{
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/krb/conv_princ.c b/krb5-1.21.3/src/lib/krb5/krb/conv_princ.c
new file mode 100644
index 00000000..9601bb47
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/conv_princ.c
@@ -0,0 +1,361 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/conv_princ.c */
+/*
+ * Copyright 1992 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Build a principal from a V4 specification, or separate a V5
+ * principal into name, instance, and realm.
+ *
+ * NOTE: This is highly site specific, and is only really necessary
+ * for sites who need to convert from V4 to V5.  It is used by both
+ * the KDC and the kdb5_convert program.  Since its use is highly
+ * specialized, the necessary information is just going to be
+ * hard-coded in this file.
+ */
+
+#include "k5-int.h"
+#include <string.h>
+#include <ctype.h>
+
+/* The maximum sizes for V4 aname, realm, sname, and instance +1 */
+/* Taken from krb.h */
+#define         ANAME_SZ        40
+#define         REALM_SZ        40
+#define         SNAME_SZ        40
+#define         INST_SZ         40
+
+struct krb_convert {
+    char                *v4_str;
+    char                *v5_str;
+    unsigned int        flags : 8;
+    unsigned int        len : 8;
+};
+
+#define DO_REALM_CONVERSION 0x00000001
+
+/*
+ * Kadmin doesn't do realm conversion because it's currently
+ * kadmin/REALM.NAME.  Zephyr doesn't because it's just zephyr/zephyr.
+ *
+ * "Realm conversion" is a bit of a misnomer; really, the v5 name is
+ * using a FQDN or something that looks like it, where the v4 name is
+ * just using the first label.  Sometimes that second principal name
+ * component is a hostname, sometimes the realm name, sometimes it's
+ * neither.
+ *
+ * This list should probably be more configurable, and more than
+ * likely on a per-realm basis, so locally-defined services can be
+ * added, or not.
+ */
+static const struct krb_convert sconv_list[] = {
+    /* Realm conversion, Change service name */
+#define RC(V5NAME,V4NAME) { V5NAME, V4NAME, DO_REALM_CONVERSION, sizeof(V5NAME)-1 }
+    /* Realm conversion */
+#define R(NAME)         { NAME, NAME, DO_REALM_CONVERSION, sizeof(NAME)-1 }
+    /* No Realm conversion */
+#define NR(NAME)        { NAME, NAME, 0, sizeof(NAME)-1 }
+
+    NR("kadmin"),
+    RC("rcmd", "host"),
+    R("discuss"),
+    R("rvdsrv"),
+    R("sample"),
+    R("olc"),
+    R("pop"),
+    R("sis"),
+    R("rfs"),
+    R("imap"),
+    R("ftp"),
+    R("ecat"),
+    R("daemon"),
+    R("gnats"),
+    R("moira"),
+    R("prms"),
+    R("mandarin"),
+    R("register"),
+    R("changepw"),
+    R("sms"),
+    R("afpserver"),
+    R("gdss"),
+    R("news"),
+    R("abs"),
+    R("nfs"),
+    R("tftp"),
+    NR("zephyr"),
+    R("http"),
+    R("khttp"),
+    R("pgpsigner"),
+    R("irc"),
+    R("mandarin-agent"),
+    R("write"),
+    R("palladium"),
+    {0, 0, 0, 0},
+#undef R
+#undef RC
+#undef NR
+};
+
+/*
+ * char *strnchr(s, c, n)
+ *   char *s;
+ *   char c;
+ *   unsigned int n;
+ *
+ * returns a pointer to the first occurrence of character c in the
+ * string s, or a NULL pointer if c does not occur in in the string;
+ * however, at most the first n characters will be considered.
+ *
+ * This falls in the "should have been in the ANSI C library"
+ * category. :-)
+ */
+static char *
+strnchr(char *s, int c, unsigned int n)
+{
+    if (n < 1)
+        return 0;
+
+    while (n-- && *s) {
+        if (*s == c)
+            return s;
+        s++;
+    }
+    return 0;
+}
+
+
+/* XXX This calls for a new error code */
+#define KRB5_INVALID_PRINCIPAL KRB5_LNAME_BADFORMAT
+
+krb5_error_code KRB5_CALLCONV
+krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
+                        char *name, char *inst, char *realm)
+{
+    const struct krb_convert *p;
+    const krb5_data *compo;
+    char *c, *tmp_realm, *tmp_prealm;
+    unsigned int tmp_realm_len;
+    int retval;
+
+    if (context->profile == 0)
+        return KRB5_CONFIG_CANTOPEN;
+
+    *name = *inst = '\0';
+    switch (princ->length) {
+    case 2:
+        /* Check if this principal is listed in the table */
+        compo = &princ->data[0];
+        p = sconv_list;
+        while (p->v4_str) {
+            if (p->len == compo->length
+                && memcmp(p->v5_str, compo->data, compo->length) == 0) {
+                /*
+                 * It is, so set the new name now, and chop off
+                 * instance's domain name if requested.
+                 */
+                if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ)
+                    return KRB5_INVALID_PRINCIPAL;
+                if (p->flags & DO_REALM_CONVERSION) {
+                    compo = &princ->data[1];
+                    c = strnchr(compo->data, '.', compo->length);
+                    if (!c || (c - compo->data) >= INST_SZ - 1)
+                        return KRB5_INVALID_PRINCIPAL;
+                    memcpy(inst, compo->data, (size_t) (c - compo->data));
+                    inst[c - compo->data] = '\0';
+                }
+                break;
+            }
+            p++;
+        }
+        /* If inst isn't set, the service isn't listed in the table, */
+        /* so just copy it. */
+        if (*inst == '\0') {
+            compo = &princ->data[1];
+            if (compo->length >= INST_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            if (compo->length > 0)
+                memcpy(inst, compo->data, compo->length);
+            inst[compo->length] = '\0';
+        }
+        /* fall through */
+    case 1:
+        /* name may have been set above; otherwise, just copy it */
+        if (*name == '\0') {
+            compo = &princ->data[0];
+            if (compo->length >= ANAME_SZ)
+                return KRB5_INVALID_PRINCIPAL;
+            if (compo->length > 0)
+                memcpy(name, compo->data, compo->length);
+            name[compo->length] = '\0';
+        }
+        break;
+    default:
+        return KRB5_INVALID_PRINCIPAL;
+    }
+
+    compo = &princ->realm;
+
+    tmp_prealm = malloc(compo->length + 1);
+    if (tmp_prealm == NULL)
+        return ENOMEM;
+    strncpy(tmp_prealm, compo->data, compo->length);
+    tmp_prealm[compo->length] = '\0';
+
+    /* Ask for v4_realm corresponding to
+       krb5 principal realm from krb5.conf realms stanza */
+
+    retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
+                                tmp_prealm, KRB5_CONF_V4_REALM, 0,
+                                &tmp_realm);
+    free(tmp_prealm);
+    if (retval) {
+        return retval;
+    } else {
+        if (tmp_realm == 0) {
+            if (compo->length > REALM_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            strncpy(realm, compo->data, compo->length);
+            realm[compo->length] = '\0';
+        } else {
+            tmp_realm_len =  strlen(tmp_realm);
+            if (tmp_realm_len > REALM_SZ - 1) {
+                profile_release_string(tmp_realm);
+                return KRB5_INVALID_PRINCIPAL;
+            }
+            strncpy(realm, tmp_realm, tmp_realm_len);
+            realm[tmp_realm_len] = '\0';
+            profile_release_string(tmp_realm);
+        }
+    }
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_425_conv_principal(krb5_context context, const char *name,
+                        const char *instance, const char *realm,
+                        krb5_principal *princ)
+{
+    const struct krb_convert *p;
+    char buf[256];             /* V4 instances are limited to 40 characters */
+    krb5_error_code retval;
+    char *domain, *cp;
+    char **full_name = 0;
+    const char *names[5], *names2[2];
+    void*      iterator = NULL;
+    char** v4realms = NULL;
+    char* realm_name = NULL;
+    char* dummy_value = NULL;
+
+    /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm
+       To do that, iterate over all the realms in the config file, looking for a matching
+       v4_realm line */
+    names2 [0] = KRB5_CONF_REALMS;
+    names2 [1] = NULL;
+    retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator);
+    while (retval == 0) {
+        retval = profile_iterator (&iterator, &realm_name, &dummy_value);
+        if ((retval == 0) && (realm_name != NULL)) {
+            names [0] = KRB5_CONF_REALMS;
+            names [1] = realm_name;
+            names [2] = KRB5_CONF_V4_REALM;
+            names [3] = NULL;
+
+            retval = profile_get_values (context -> profile, names, &v4realms);
+            if ((retval == 0) && (v4realms != NULL) && (v4realms [0] != NULL) && (strcmp (v4realms [0], realm) == 0)) {
+                realm = realm_name;
+                break;
+            } else if (retval == PROF_NO_RELATION) {
+                /* If it's not found, just keep going */
+                retval = 0;
+            }
+        } else if ((retval == 0) && (realm_name == NULL)) {
+            break;
+        }
+        if (v4realms != NULL) {
+            profile_free_list(v4realms);
+            v4realms = NULL;
+        }
+        if (realm_name != NULL) {
+            profile_release_string (realm_name);
+            realm_name = NULL;
+        }
+        if (dummy_value != NULL) {
+            profile_release_string (dummy_value);
+            dummy_value = NULL;
+        }
+    }
+
+    if (instance) {
+        if (instance[0] == '\0') {
+            instance = 0;
+            goto not_service;
+        }
+        p = sconv_list;
+        while (1) {
+            if (!p->v4_str)
+                goto not_service;
+            if (!strcmp(p->v4_str, name))
+                break;
+            p++;
+        }
+        name = p->v5_str;
+        if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) {
+            names[0] = KRB5_CONF_REALMS;
+            names[1] = realm;
+            names[2] = KRB5_CONF_V4_INSTANCE_CONVERT;
+            names[3] = instance;
+            names[4] = 0;
+            retval = profile_get_values(context->profile, names, &full_name);
+            if (retval == 0 && full_name && full_name[0]) {
+                instance = full_name[0];
+            } else {
+                strncpy(buf, instance, sizeof(buf));
+                buf[sizeof(buf) - 1] = '\0';
+                retval = krb5_get_realm_domain(context, realm, &domain);
+                if (retval)
+                    goto cleanup;
+                if (domain) {
+                    for (cp = domain; *cp; cp++)
+                        if (isupper((unsigned char) (*cp)))
+                            *cp = tolower((unsigned char) *cp);
+                    strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
+                    strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
+                    free(domain);
+                }
+                instance = buf;
+            }
+        }
+    }
+
+not_service:
+    retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
+                                  instance, NULL);
+cleanup:
+    if (iterator) profile_iterator_free (&iterator);
+    if (full_name) profile_free_list(full_name);
+    if (v4realms) profile_free_list(v4realms);
+    if (realm_name) profile_release_string (realm_name);
+    if (dummy_value) profile_release_string (dummy_value);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c b/krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c
new file mode 100644
index 00000000..9c9bc7ba
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_addrs.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **outad)
+{
+    krb5_address *tmpad;
+
+    if (!(tmpad = (krb5_address *)malloc(sizeof(*tmpad))))
+        return ENOMEM;
+    *tmpad = *inad;
+    if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) {
+        free(tmpad);
+        return ENOMEM;
+    }
+    memcpy(tmpad->contents, inad->contents, inad->length);
+    *outad = tmpad;
+    return 0;
+}
+
+/*
+ * Copy an address array, with fresh allocation.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_address ***outaddr)
+{
+    krb5_error_code retval;
+    krb5_address ** tempaddr;
+    unsigned int nelems = 0;
+
+    if (!inaddr) {
+        *outaddr = 0;
+        return 0;
+    }
+
+    while (inaddr[nelems]) nelems++;
+
+    /* one more for a null terminated list */
+    if (!(tempaddr = (krb5_address **) calloc(nelems+1, sizeof(*tempaddr))))
+        return ENOMEM;
+
+    for (nelems = 0; inaddr[nelems]; nelems++) {
+        retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
+        if (retval) {
+            krb5_free_addresses(context, tempaddr);
+            return retval;
+        }
+    }
+
+    *outaddr = tempaddr;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c b/krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c
new file mode 100644
index 00000000..9cc7b4c6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_athctr.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+
+#ifndef LEAN_CLIENT
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom,
+                        krb5_authenticator **authto)
+{
+    krb5_error_code retval;
+    krb5_authenticator *tempto;
+
+    if (!(tempto = (krb5_authenticator *)malloc(sizeof(*tempto))))
+        return ENOMEM;
+    *tempto = *authfrom;
+
+    retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
+    if (retval) {
+        free(tempto);
+        return retval;
+    }
+
+    if (authfrom->checksum &&
+        (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
+        krb5_free_principal(context, tempto->client);
+        free(tempto);
+        return retval;
+    }
+
+    if (authfrom->subkey) {
+        retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
+        if (retval) {
+            krb5_free_checksum(context, tempto->checksum);
+            krb5_free_principal(context, tempto->client);
+            free(tempto);
+            return retval;
+        }
+    }
+
+    if (authfrom->authorization_data) {
+        retval = krb5_copy_authdata(context, authfrom->authorization_data,
+                                    &tempto->authorization_data);
+        if (retval) {
+            krb5_free_keyblock(context, tempto->subkey);
+            krb5_free_checksum(context, tempto->checksum);
+            krb5_free_principal(context, tempto->client);
+            free(tempto);
+            return retval;
+        }
+    }
+
+    *authto = tempto;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context,
+                               krb5_authenticator **authenticator)
+{
+    return (krb5_copy_authenticator(context, auth_context->authentp,
+                                    authenticator));
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_auth.c b/krb5-1.21.3/src/lib/krb5/krb/copy_auth.c
new file mode 100644
index 00000000..ffb7ee9c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_auth.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_auth.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * Copy an authdata array, with fresh allocation.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_merge_authdata(krb5_context context,
+                    krb5_authdata *const *inauthdat1,
+                    krb5_authdata * const *inauthdat2,
+                    krb5_authdata ***outauthdat)
+{
+    krb5_error_code retval;
+    krb5_authdata ** tempauthdat;
+    unsigned int nelems = 0, nelems2 = 0;
+
+    *outauthdat = NULL;
+    if (!inauthdat1 && !inauthdat2) {
+        *outauthdat = 0;
+        return 0;
+    }
+
+    if (inauthdat1)
+        while (inauthdat1[nelems]) nelems++;
+    if (inauthdat2)
+        while (inauthdat2[nelems2]) nelems2++;
+
+    /* one more for a null terminated list */
+    if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1,
+                                                  sizeof(*tempauthdat))))
+        return ENOMEM;
+
+    if (inauthdat1) {
+        for (nelems = 0; inauthdat1[nelems]; nelems++) {
+            retval = krb5int_copy_authdatum(context, inauthdat1[nelems],
+                                            &tempauthdat[nelems]);
+            if (retval) {
+                krb5_free_authdata(context, tempauthdat);
+                return retval;
+            }
+        }
+    }
+
+    if (inauthdat2) {
+        for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
+            retval = krb5int_copy_authdatum(context, inauthdat2[nelems2],
+                                            &tempauthdat[nelems++]);
+            if (retval) {
+                krb5_free_authdata(context, tempauthdat);
+                return retval;
+            }
+        }
+    }
+
+    *outauthdat = tempauthdat;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_authdata(krb5_context context,
+                   krb5_authdata *const *in_authdat, krb5_authdata ***out)
+{
+    return krb5_merge_authdata(context, in_authdat, NULL, out);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_cksum.c b/krb5-1.21.3/src/lib/krb5/krb/copy_cksum.c
new file mode 100644
index 00000000..90b677b4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_cksum.c
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_cksum.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_checksum(krb5_context context, const krb5_checksum *ckfrom, krb5_checksum **ckto)
+{
+    krb5_checksum *tempto;
+
+    if (!(tempto = (krb5_checksum *)malloc(sizeof(*tempto))))
+        return ENOMEM;
+    *tempto = *ckfrom;
+
+    if (!(tempto->contents = (krb5_octet *)malloc(tempto->length))) {
+        free(tempto);
+        return ENOMEM;
+    }
+    memcpy(tempto->contents, ckfrom->contents, ckfrom->length);
+
+    *ckto = tempto;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_creds.c b/krb5-1.21.3/src/lib/krb5/krb/copy_creds.c
new file mode 100644
index 00000000..1de56dc4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_creds.c
@@ -0,0 +1,114 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_creds.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * Copy credentials, allocating fresh storage where needed.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **outcred)
+{
+    krb5_creds *tempcred;
+    krb5_error_code retval;
+
+    if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred))))
+        return ENOMEM;
+
+    retval = k5_copy_creds_contents(context, incred, tempcred);
+    if (retval)
+        free(tempcred);
+    else
+        *outcred = tempcred;
+    return retval;
+}
+
+/*
+ * Copy contents of input credentials structure to supplied
+ * destination, allocating storage for indirect fields as needed.  On
+ * success, the output is a deep copy of the input.  On error, the
+ * output structure is garbage and its contents should be ignored.
+ */
+krb5_error_code
+k5_copy_creds_contents(krb5_context context, const krb5_creds *incred,
+                       krb5_creds *tempcred)
+{
+    krb5_error_code retval;
+    krb5_data *scratch;
+
+    *tempcred = *incred;
+    retval = krb5_copy_principal(context, incred->client, &tempcred->client);
+    if (retval)
+        goto cleanlast;
+    retval = krb5_copy_principal(context, incred->server, &tempcred->server);
+    if (retval)
+        goto cleanclient;
+    retval = krb5_copy_keyblock_contents(context, &incred->keyblock,
+                                         &tempcred->keyblock);
+    if (retval)
+        goto cleanserver;
+    retval = krb5_copy_addresses(context, incred->addresses, &tempcred->addresses);
+    if (retval)
+        goto cleanblock;
+    retval = krb5_copy_data(context, &incred->ticket, &scratch);
+    if (retval)
+        goto cleanaddrs;
+    tempcred->ticket = *scratch;
+    free(scratch);
+    retval = krb5_copy_data(context, &incred->second_ticket, &scratch);
+    if (retval)
+        goto clearticket;
+
+    tempcred->second_ticket = *scratch;
+    free(scratch);
+
+    retval = krb5_copy_authdata(context, incred->authdata,&tempcred->authdata);
+    if (retval)
+        goto clearsecondticket;
+
+    return 0;
+
+clearsecondticket:
+    memset(tempcred->second_ticket.data,0,tempcred->second_ticket.length);
+    free(tempcred->second_ticket.data);
+clearticket:
+    memset(tempcred->ticket.data,0,tempcred->ticket.length);
+    free(tempcred->ticket.data);
+cleanaddrs:
+    krb5_free_addresses(context, tempcred->addresses);
+cleanblock:
+    free(tempcred->keyblock.contents);
+cleanserver:
+    krb5_free_principal(context, tempcred->server);
+cleanclient:
+    krb5_free_principal(context, tempcred->client);
+cleanlast:
+    /* Do not free tempcred - we did not allocate it - its contents are
+       garbage - but we should not free it */
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c b/krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c
new file mode 100644
index 00000000..121f5d41
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c
@@ -0,0 +1,123 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_ctx.c */
+/*
+ * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008, 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include <ctype.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)
+{
+    krb5_error_code ret;
+    krb5_context nctx;
+
+    *nctx_out = NULL;
+    if (ctx == NULL)
+        return EINVAL;          /* XXX */
+
+    nctx = malloc(sizeof(*nctx));
+    if (nctx == NULL)
+        return ENOMEM;
+
+    *nctx = *ctx;
+
+    nctx->tgs_etypes = NULL;
+    nctx->default_realm = NULL;
+    nctx->profile = NULL;
+    nctx->dal_handle = NULL;
+    nctx->prompt_types = NULL;
+    nctx->preauth_context = NULL;
+    nctx->ccselect_handles = NULL;
+    nctx->localauth_handles = NULL;
+    nctx->hostrealm_handles = NULL;
+    nctx->tls = NULL;
+    nctx->kdblog_context = NULL;
+    nctx->trace_callback = NULL;
+    nctx->trace_callback_data = NULL;
+    nctx->err_fmt = NULL;
+    if (ctx->err_fmt != NULL)
+        nctx->err_fmt = strdup(ctx->err_fmt);   /* It's OK if this fails */
+    nctx->plugin_base_dir = NULL;
+    nctx->os_context.default_ccname = NULL;
+
+    memset(&nctx->libkrb5_plugins, 0, sizeof(nctx->libkrb5_plugins));
+    memset(&nctx->err, 0, sizeof(nctx->err));
+    memset(&nctx->plugins, 0, sizeof(nctx->plugins));
+
+    ret = k5_copy_etypes(ctx->tgs_etypes, &nctx->tgs_etypes);
+    if (ret)
+        goto errout;
+
+    if (ctx->os_context.default_ccname != NULL) {
+        nctx->os_context.default_ccname =
+            strdup(ctx->os_context.default_ccname);
+        if (nctx->os_context.default_ccname == NULL) {
+            ret = ENOMEM;
+            goto errout;
+        }
+    }
+    ret = krb5_get_profile(ctx, &nctx->profile);
+    if (ret)
+        goto errout;
+    nctx->plugin_base_dir = strdup(ctx->plugin_base_dir);
+    if (nctx->plugin_base_dir == NULL) {
+        ret = ENOMEM;
+        goto errout;
+    }
+
+errout:
+    if (ret) {
+        krb5_free_context(nctx);
+    } else {
+        *nctx_out = nctx;
+    }
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_data.c b/krb5-1.21.3/src/lib/krb5/krb/copy_data.c
new file mode 100644
index 00000000..9969e042
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_data.c
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_data.c */
+/*
+ * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * krb5_copy_data()
+ */
+
+#include "k5-int.h"
+
+/*
+ * Copy a data structure, with fresh allocation.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdata)
+{
+    krb5_data *tempdata;
+    krb5_error_code retval;
+
+    if (!indata) {
+        *outdata = 0;
+        return 0;
+    }
+
+    if (!(tempdata = (krb5_data *)malloc(sizeof(*tempdata))))
+        return ENOMEM;
+
+    retval = krb5int_copy_data_contents(context, indata, tempdata);
+    if (retval) {
+        free(tempdata);
+        return retval;
+    }
+
+    *outdata = tempdata;
+    return 0;
+}
+
+krb5_error_code
+krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_data *outdata)
+{
+    if (!indata) {
+        return EINVAL;
+    }
+
+    outdata->length = indata->length;
+    if (outdata->length) {
+        if (!(outdata->data = malloc(outdata->length))) {
+            return ENOMEM;
+        }
+        memcpy(outdata->data, indata->data, outdata->length);
+    } else
+        outdata->data = 0;
+    outdata->magic = KV5M_DATA;
+
+    return 0;
+}
+
+/* As above, but add an (uncounted) extra byte at the end to
+   null-terminate the data so it can be used as a standard C
+   string.  */
+krb5_error_code
+krb5int_copy_data_contents_add0(krb5_context context, const krb5_data *indata, krb5_data *outdata)
+{
+    if (!indata)
+        return EINVAL;
+    outdata->length = indata->length;
+    if (!(outdata->data = malloc(outdata->length + 1)))
+        return ENOMEM;
+    if (outdata->length)
+        memcpy(outdata->data, indata->data, outdata->length);
+    outdata->data[outdata->length] = 0;
+    outdata->magic = KV5M_DATA;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_key.c b/krb5-1.21.3/src/lib/krb5/krb/copy_key.c
new file mode 100644
index 00000000..26d9b7d5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_key.c
@@ -0,0 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_key.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/* Copy a keyblock, including alloc'ed storage. */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_keyblock(krb5_context context, const krb5_keyblock *from,
+                   krb5_keyblock **to)
+{
+    return krb5int_c_copy_keyblock(context, from, to);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_princ.c b/krb5-1.21.3/src/lib/krb5/krb/copy_princ.c
new file mode 100644
index 00000000..81b33812
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_princ.c
@@ -0,0 +1,74 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_princ.c */
+/*
+ * Copyright 1990, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * Copy a principal structure, with fresh allocation.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)
+{
+    krb5_principal tempprinc;
+    krb5_int32 i;
+
+    tempprinc = (krb5_principal)malloc(sizeof(krb5_principal_data));
+
+    if (tempprinc == 0)
+        return ENOMEM;
+
+    *tempprinc = *inprinc;
+
+    tempprinc->data = malloc(inprinc->length * sizeof(krb5_data));
+
+    if (tempprinc->data == 0) {
+        free(tempprinc);
+        return ENOMEM;
+    }
+
+    for (i = 0; i < inprinc->length; i++) {
+        if (krb5int_copy_data_contents(context, &inprinc->data[i],
+                                       &tempprinc->data[i]) != 0) {
+            while (--i >= 0)
+                free(tempprinc->data[i].data);
+            free (tempprinc->data);
+            free (tempprinc);
+            return ENOMEM;
+        }
+    }
+
+    if (krb5int_copy_data_contents_add0(context, &inprinc->realm,
+                                        &tempprinc->realm) != 0) {
+        for (i = 0; i < inprinc->length; i++)
+            free(tempprinc->data[i].data);
+        free(tempprinc->data);
+        free(tempprinc);
+        return ENOMEM;
+    }
+
+    *outprinc = tempprinc;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/copy_tick.c b/krb5-1.21.3/src/lib/krb5/krb/copy_tick.c
new file mode 100644
index 00000000..660d977b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/copy_tick.c
@@ -0,0 +1,122 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/copy_tick.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+static krb5_error_code
+copy_enc_tkt_part(krb5_context context, const krb5_enc_tkt_part *partfrom,
+                  krb5_enc_tkt_part **partto)
+{
+    krb5_error_code retval;
+    krb5_enc_tkt_part *tempto;
+
+    if (!(tempto = (krb5_enc_tkt_part *)malloc(sizeof(*tempto))))
+        return ENOMEM;
+    *tempto = *partfrom;
+    retval = krb5_copy_keyblock(context, partfrom->session,
+                                &tempto->session);
+    if (retval) {
+        free(tempto);
+        return retval;
+    }
+    retval = krb5_copy_principal(context, partfrom->client, &tempto->client);
+    if (retval) {
+        krb5_free_keyblock(context, tempto->session);
+        free(tempto);
+        return retval;
+    }
+    tempto->transited = partfrom->transited;
+    if (tempto->transited.tr_contents.length == 0) {
+        tempto->transited.tr_contents.data = 0;
+    } else {
+        tempto->transited.tr_contents.data =
+            k5memdup(partfrom->transited.tr_contents.data,
+                     partfrom->transited.tr_contents.length, &retval);
+        if (!tempto->transited.tr_contents.data) {
+            krb5_free_principal(context, tempto->client);
+            krb5_free_keyblock(context, tempto->session);
+            free(tempto);
+            return ENOMEM;
+        }
+    }
+
+    retval = krb5_copy_addresses(context, partfrom->caddrs, &tempto->caddrs);
+    if (retval) {
+        free(tempto->transited.tr_contents.data);
+        krb5_free_principal(context, tempto->client);
+        krb5_free_keyblock(context, tempto->session);
+        free(tempto);
+        return retval;
+    }
+    if (partfrom->authorization_data) {
+        retval = krb5_copy_authdata(context, partfrom->authorization_data,
+                                    &tempto->authorization_data);
+        if (retval) {
+            krb5_free_addresses(context, tempto->caddrs);
+            free(tempto->transited.tr_contents.data);
+            krb5_free_principal(context, tempto->client);
+            krb5_free_keyblock(context, tempto->session);
+            free(tempto);
+            return retval;
+        }
+    }
+    *partto = tempto;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **pto)
+{
+    krb5_error_code retval;
+    krb5_ticket *tempto;
+    krb5_data *scratch;
+
+    if (!(tempto = (krb5_ticket *)malloc(sizeof(*tempto))))
+        return ENOMEM;
+    *tempto = *from;
+    retval = krb5_copy_principal(context, from->server, &tempto->server);
+    if (retval) {
+        free(tempto);
+        return retval;
+    }
+    retval = krb5_copy_data(context, &from->enc_part.ciphertext, &scratch);
+    if (retval) {
+        krb5_free_principal(context, tempto->server);
+        free(tempto);
+        return retval;
+    }
+    tempto->enc_part.ciphertext = *scratch;
+    free(scratch);
+    retval = copy_enc_tkt_part(context, from->enc_part2, &tempto->enc_part2);
+    if (retval) {
+        free(tempto->enc_part.ciphertext.data);
+        krb5_free_principal(context, tempto->server);
+        free(tempto);
+        return retval;
+    }
+    *pto = tempto;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/cp_key_cnt.c b/krb5-1.21.3/src/lib/krb5/krb/cp_key_cnt.c
new file mode 100644
index 00000000..18cb0f21
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/cp_key_cnt.c
@@ -0,0 +1,36 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/cp_key_cnt.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * Copy a keyblock, including alloc'ed storage.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to)
+{
+    return krb5int_c_copy_keyblock_contents(context, from, to);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/decode_kdc.c b/krb5-1.21.3/src/lib/krb5/krb/decode_kdc.c
new file mode 100644
index 00000000..a1593a2a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/decode_kdc.c
@@ -0,0 +1,86 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/decode_kdc.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "fast.h"
+
+/*
+  Takes a KDC_REP message and decrypts encrypted part using etype and
+  *key, putting result in *rep.
+  dec_rep->client,ticket,session,last_req,server,caddrs
+  are all set to allocated storage which should be freed by the caller
+  when finished with the response.
+
+  If the response isn't a KDC_REP (tgs or as), it returns an error from
+  the decoding routines.
+
+  returns errors from encryption routines, system errors
+*/
+
+krb5_error_code
+krb5int_decode_tgs_rep(krb5_context context,
+                       struct krb5int_fast_request_state *fast_state,
+                       krb5_data *enc_rep, const krb5_keyblock *key,
+                       krb5_keyusage usage, krb5_kdc_rep **dec_rep_out)
+{
+    krb5_error_code retval;
+    krb5_kdc_rep *dec_rep = NULL;
+    krb5_keyblock *strengthen_key = NULL, tgs_key;
+
+    tgs_key.contents = NULL;
+    if (krb5_is_as_rep(enc_rep))
+        retval = decode_krb5_as_rep(enc_rep, &dec_rep);
+    else if (krb5_is_tgs_rep(enc_rep))
+        retval = decode_krb5_tgs_rep(enc_rep, &dec_rep);
+    else
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
+    if (retval)
+        goto cleanup;
+
+    retval = krb5int_fast_process_response(context, fast_state, dec_rep,
+                                           &strengthen_key);
+    if (retval == KRB5_ERR_FAST_REQUIRED)
+        retval = 0;
+    else if (retval)
+        goto cleanup;
+    retval = krb5int_fast_reply_key(context, strengthen_key, key, &tgs_key);
+    if (retval)
+        goto cleanup;
+
+    retval = krb5_kdc_rep_decrypt_proc(context, &tgs_key, &usage, dec_rep);
+    if (retval)
+        goto cleanup;
+
+    *dec_rep_out = dec_rep;
+    dec_rep = NULL;
+
+cleanup:
+    krb5_free_kdc_rep(context, dec_rep);
+    krb5_free_keyblock(context, strengthen_key);
+    krb5_free_keyblock_contents(context, &tgs_key);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c b/krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c
new file mode 100644
index 00000000..e848554e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c
@@ -0,0 +1,71 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/decrypt_tk.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+  Decrypts dec_ticket->enc_part
+  using *srv_key, and places result in dec_ticket->enc_part2.
+  The storage of dec_ticket->enc_part2 will be allocated before return.
+
+  returns errors from encryption routines, system errors
+
+*/
+
+krb5_error_code KRB5_CALLCONV
+krb5_decrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key,
+                      krb5_ticket *ticket)
+{
+    krb5_enc_tkt_part *dec_tkt_part;
+    krb5_data scratch;
+    krb5_error_code retval;
+
+    if (!krb5_c_valid_enctype(ticket->enc_part.enctype))
+        return KRB5_PROG_ETYPE_NOSUPP;
+
+    if (!krb5_is_permitted_enctype(context, ticket->enc_part.enctype))
+        return KRB5_NOPERM_ETYPE;
+
+    scratch.length = ticket->enc_part.ciphertext.length;
+    if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length)))
+        return(ENOMEM);
+
+    /* call the encryption routine */
+    if ((retval = krb5_c_decrypt(context, srv_key,
+                                 KRB5_KEYUSAGE_KDC_REP_TICKET, 0,
+                                 &ticket->enc_part, &scratch))) {
+        free(scratch.data);
+        return retval;
+    }
+
+    /*  now decode the decrypted stuff */
+    retval = decode_krb5_enc_tkt_part(&scratch, &dec_tkt_part);
+    if (!retval) {
+        ticket->enc_part2 = dec_tkt_part;
+    }
+    zapfree(scratch.data, scratch.length);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/deltat.c b/krb5-1.21.3/src/lib/krb5/krb/deltat.c
new file mode 100644
index 00000000..59ba5b19
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/deltat.c
@@ -0,0 +1,1697 @@
+/* A Bison parser, made by GNU Bison 3.0.4.  */
+
+/* Bison implementation for Yacc-like parsers in C
+
+   Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+/* As a special exception, you may create a larger work that contains
+   part or all of the Bison parser skeleton and distribute that work
+   under terms of your choice, so long as that work isn't itself a
+   parser generator using the skeleton or a modified version thereof
+   as a parser skeleton.  Alternatively, if you modify or redistribute
+   the parser skeleton itself, you may (at your option) remove this
+   special exception, which will cause the skeleton and the resulting
+   Bison output files to be licensed under the GNU General Public
+   License without this special exception.
+
+   This special exception was added by the Free Software Foundation in
+   version 2.2 of Bison.  */
+
+/* C LALR(1) parser skeleton written by Richard Stallman, by
+   simplifying the original so-called "semantic" parser.  */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+   infringing on user name space.  This should be done even for local
+   variables, as they might otherwise be expanded by user macros.
+   There are some unavoidable exceptions within include files to
+   define necessary library symbols; they are noted "INFRINGES ON
+   USER NAME SPACE" below.  */
+
+/* Identify Bison output.  */
+#define YYBISON 1
+
+/* Bison version.  */
+#define YYBISON_VERSION "3.0.4"
+
+/* Skeleton name.  */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers.  */
+#define YYPURE 1
+
+/* Push parsers.  */
+#define YYPUSH 0
+
+/* Pull parsers.  */
+#define YYPULL 1
+
+
+
+
+/* Copy the first part of user declarations.  */
+#line 38 "x-deltat.y" /* yacc.c:339  */
+
+
+/*
+ * GCC optimizer will detect a variable used without being set in a YYERROR
+ * path.  As this is generated code, suppress the complaint.
+ */
+#ifdef __GNUC__
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wuninitialized"
+#endif
+
+#include "k5-int.h"
+#include <ctype.h>
+
+struct param {
+    krb5_int32 delta;
+    char *p;
+};
+
+#define MAX_TIME KRB5_INT32_MAX
+#define MIN_TIME KRB5_INT32_MIN
+
+#define DAY (24 * 3600)
+#define HOUR 3600
+
+#define MAX_DAY (MAX_TIME / DAY)
+#define MIN_DAY (MIN_TIME / DAY)
+#define MAX_HOUR (MAX_TIME / HOUR)
+#define MIN_HOUR (MIN_TIME / HOUR)
+#define MAX_MIN (MAX_TIME / 60)
+#define MIN_MIN (MIN_TIME / 60)
+
+/* An explanation of the tests being performed.
+   We do not want to overflow a 32 bit integer with out manipulations,
+   even for testing for overflow. Therefore we rely on the following:
+
+   The lex parser will not return a number > MAX_TIME (which is out 32
+   bit limit).
+
+   Therefore, seconds (s) will require
+       MIN_TIME < s < MAX_TIME
+
+   For subsequent tests, the logic is as follows:
+
+      If A < MAX_TIME and  B < MAX_TIME
+
+      If we want to test if A+B < MAX_TIME, there are two cases
+        if (A > 0)
+         then A + B < MAX_TIME if B < MAX_TIME - A
+	else A + B < MAX_TIME  always.
+
+      if we want to test if MIN_TIME < A + B
+          if A > 0 - then nothing to test
+          otherwise, we test if MIN_TIME - A < B.
+
+   We of course are testing for:
+          MIN_TIME < A + B < MAX_TIME
+*/
+
+
+#define DAY_NOT_OK(d) (d) > MAX_DAY || (d) < MIN_DAY
+#define HOUR_NOT_OK(h) (h) > MAX_HOUR || (h) < MIN_HOUR
+#define MIN_NOT_OK(m) (m) > MAX_MIN || (m) < MIN_MIN
+#define SUM_OK(a, b) (((a) > 0) ? ( (b) <= MAX_TIME - (a)) : (MIN_TIME - (a) <= (b)))
+#define DO_SUM(res, a, b) if (!SUM_OK((a), (b))) YYERROR; \
+                          res = (a) + (b)
+
+
+#define OUT_D tmv->delta
+#define DO(D,H,M,S) \
+ { \
+     /* Overflow testing - this does not handle negative values well.. */ \
+     if (DAY_NOT_OK(D) || HOUR_NOT_OK(H) || MIN_NOT_OK(M)) YYERROR; \
+     OUT_D = D * DAY; \
+     DO_SUM(OUT_D, OUT_D, H * HOUR); \
+     DO_SUM(OUT_D, OUT_D, M * 60); \
+     DO_SUM(OUT_D, OUT_D, S); \
+ }
+
+static int mylex(int *intp, struct param *tmv);
+#undef yylex
+#define yylex(U, P)    mylex (&(U)->val, (P))
+
+#undef yyerror
+#define yyerror(tmv, msg)
+
+static int yyparse(struct param *);
+
+
+#line 156 "deltat.c" /* yacc.c:339  */
+
+# ifndef YY_NULLPTR
+#  if defined __cplusplus && 201103L <= __cplusplus
+#   define YY_NULLPTR nullptr
+#  else
+#   define YY_NULLPTR 0
+#  endif
+# endif
+
+/* Enabling verbose error messages.  */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+
+/* Debug traces.  */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+#if YYDEBUG
+extern int yydebug;
+#endif
+
+/* Token type.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+  enum yytokentype
+  {
+    tok_NUM = 258,
+    tok_LONGNUM = 259,
+    tok_OVERFLOW = 260,
+    tok_WS = 261
+  };
+#endif
+
+/* Value type.  */
+#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
+
+union YYSTYPE
+{
+#line 128 "x-deltat.y" /* yacc.c:355  */
+int val;
+
+#line 203 "deltat.c" /* yacc.c:355  */
+};
+
+typedef union YYSTYPE YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
+# define YYSTYPE_IS_DECLARED 1
+#endif
+
+
+
+int yyparse (struct param *tmv);
+
+
+
+/* Copy the second part of user declarations.  */
+
+#line 219 "deltat.c" /* yacc.c:358  */
+
+#ifdef short
+# undef short
+#endif
+
+#ifdef YYTYPE_UINT8
+typedef YYTYPE_UINT8 yytype_uint8;
+#else
+typedef unsigned char yytype_uint8;
+#endif
+
+#ifdef YYTYPE_INT8
+typedef YYTYPE_INT8 yytype_int8;
+#else
+typedef signed char yytype_int8;
+#endif
+
+#ifdef YYTYPE_UINT16
+typedef YYTYPE_UINT16 yytype_uint16;
+#else
+typedef unsigned short int yytype_uint16;
+#endif
+
+#ifdef YYTYPE_INT16
+typedef YYTYPE_INT16 yytype_int16;
+#else
+typedef short int yytype_int16;
+#endif
+
+#ifndef YYSIZE_T
+# ifdef __SIZE_TYPE__
+#  define YYSIZE_T __SIZE_TYPE__
+# elif defined size_t
+#  define YYSIZE_T size_t
+# elif ! defined YYSIZE_T
+#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYSIZE_T size_t
+# else
+#  define YYSIZE_T unsigned int
+# endif
+#endif
+
+#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
+
+#ifndef YY_
+# if defined YYENABLE_NLS && YYENABLE_NLS
+#  if ENABLE_NLS
+#   include <libintl.h> /* INFRINGES ON USER NAME SPACE */
+#   define YY_(Msgid) dgettext ("bison-runtime", Msgid)
+#  endif
+# endif
+# ifndef YY_
+#  define YY_(Msgid) Msgid
+# endif
+#endif
+
+#ifndef YY_ATTRIBUTE
+# if (defined __GNUC__                                               \
+      && (2 < __GNUC__ || (__GNUC__ == 2 && 96 <= __GNUC_MINOR__)))  \
+     || defined __SUNPRO_C && 0x5110 <= __SUNPRO_C
+#  define YY_ATTRIBUTE(Spec) __attribute__(Spec)
+# else
+#  define YY_ATTRIBUTE(Spec) /* empty */
+# endif
+#endif
+
+#ifndef YY_ATTRIBUTE_PURE
+# define YY_ATTRIBUTE_PURE   YY_ATTRIBUTE ((__pure__))
+#endif
+
+#ifndef YY_ATTRIBUTE_UNUSED
+# define YY_ATTRIBUTE_UNUSED YY_ATTRIBUTE ((__unused__))
+#endif
+
+#if !defined _Noreturn \
+     && (!defined __STDC_VERSION__ || __STDC_VERSION__ < 201112)
+# if defined _MSC_VER && 1200 <= _MSC_VER
+#  define _Noreturn __declspec (noreturn)
+# else
+#  define _Noreturn YY_ATTRIBUTE ((__noreturn__))
+# endif
+#endif
+
+/* Suppress unused-variable warnings by "using" E.  */
+#if ! defined lint || defined __GNUC__
+# define YYUSE(E) ((void) (E))
+#else
+# define YYUSE(E) /* empty */
+#endif
+
+#if defined __GNUC__ && 407 <= __GNUC__ * 100 + __GNUC_MINOR__
+/* Suppress an incorrect diagnostic about yylval being uninitialized.  */
+# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \
+    _Pragma ("GCC diagnostic push") \
+    _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")\
+    _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
+# define YY_IGNORE_MAYBE_UNINITIALIZED_END \
+    _Pragma ("GCC diagnostic pop")
+#else
+# define YY_INITIAL_VALUE(Value) Value
+#endif
+#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+# define YY_IGNORE_MAYBE_UNINITIALIZED_END
+#endif
+#ifndef YY_INITIAL_VALUE
+# define YY_INITIAL_VALUE(Value) /* Nothing. */
+#endif
+
+
+#if ! defined yyoverflow || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols.  */
+
+# ifdef YYSTACK_USE_ALLOCA
+#  if YYSTACK_USE_ALLOCA
+#   ifdef __GNUC__
+#    define YYSTACK_ALLOC __builtin_alloca
+#   elif defined __BUILTIN_VA_ARG_INCR
+#    include <alloca.h> /* INFRINGES ON USER NAME SPACE */
+#   elif defined _AIX
+#    define YYSTACK_ALLOC __alloca
+#   elif defined _MSC_VER
+#    include <malloc.h> /* INFRINGES ON USER NAME SPACE */
+#    define alloca _alloca
+#   else
+#    define YYSTACK_ALLOC alloca
+#    if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS
+#     include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+      /* Use EXIT_SUCCESS as a witness for stdlib.h.  */
+#     ifndef EXIT_SUCCESS
+#      define EXIT_SUCCESS 0
+#     endif
+#    endif
+#   endif
+#  endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+   /* Pacify GCC's 'empty if-body' warning.  */
+#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
+#  ifndef YYSTACK_ALLOC_MAXIMUM
+    /* The OS might guarantee only one guard page at the bottom of the stack,
+       and a page size can be as small as 4096 bytes.  So we cannot safely
+       invoke alloca (N) if N exceeds 4096.  Use a slightly smaller number
+       to allow for a few compiler-allocated temporary stack slots.  */
+#   define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
+#  endif
+# else
+#  define YYSTACK_ALLOC YYMALLOC
+#  define YYSTACK_FREE YYFREE
+#  ifndef YYSTACK_ALLOC_MAXIMUM
+#   define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
+#  endif
+#  if (defined __cplusplus && ! defined EXIT_SUCCESS \
+       && ! ((defined YYMALLOC || defined malloc) \
+             && (defined YYFREE || defined free)))
+#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#   ifndef EXIT_SUCCESS
+#    define EXIT_SUCCESS 0
+#   endif
+#  endif
+#  ifndef YYMALLOC
+#   define YYMALLOC malloc
+#   if ! defined malloc && ! defined EXIT_SUCCESS
+void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
+#   endif
+#  endif
+#  ifndef YYFREE
+#   define YYFREE free
+#   if ! defined free && ! defined EXIT_SUCCESS
+void free (void *); /* INFRINGES ON USER NAME SPACE */
+#   endif
+#  endif
+# endif
+#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
+
+
+#if (! defined yyoverflow \
+     && (! defined __cplusplus \
+         || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member.  */
+union yyalloc
+{
+  yytype_int16 yyss_alloc;
+  YYSTYPE yyvs_alloc;
+};
+
+/* The size of the maximum gap between one aligned stack and the next.  */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+   N elements.  */
+# define YYSTACK_BYTES(N) \
+     ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
+      + YYSTACK_GAP_MAXIMUM)
+
+# define YYCOPY_NEEDED 1
+
+/* Relocate STACK from its old location to the new one.  The
+   local variables YYSIZE and YYSTACKSIZE give the old and new number of
+   elements in the stack, and YYPTR gives the new location of the
+   stack.  Advance YYPTR to a properly aligned location for the next
+   stack.  */
+# define YYSTACK_RELOCATE(Stack_alloc, Stack)                           \
+    do                                                                  \
+      {                                                                 \
+        YYSIZE_T yynewbytes;                                            \
+        YYCOPY (&yyptr->Stack_alloc, Stack, yysize);                    \
+        Stack = &yyptr->Stack_alloc;                                    \
+        yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+        yyptr += yynewbytes / sizeof (*yyptr);                          \
+      }                                                                 \
+    while (0)
+
+#endif
+
+#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
+/* Copy COUNT objects from SRC to DST.  The source and destination do
+   not overlap.  */
+# ifndef YYCOPY
+#  if defined __GNUC__ && 1 < __GNUC__
+#   define YYCOPY(Dst, Src, Count) \
+      __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
+#  else
+#   define YYCOPY(Dst, Src, Count)              \
+      do                                        \
+        {                                       \
+          YYSIZE_T yyi;                         \
+          for (yyi = 0; yyi < (Count); yyi++)   \
+            (Dst)[yyi] = (Src)[yyi];            \
+        }                                       \
+      while (0)
+#  endif
+# endif
+#endif /* !YYCOPY_NEEDED */
+
+/* YYFINAL -- State number of the termination state.  */
+#define YYFINAL  6
+/* YYLAST -- Last index in YYTABLE.  */
+#define YYLAST   37
+
+/* YYNTOKENS -- Number of terminals.  */
+#define YYNTOKENS  13
+/* YYNNTS -- Number of nonterminals.  */
+#define YYNNTS  10
+/* YYNRULES -- Number of rules.  */
+#define YYNRULES  24
+/* YYNSTATES -- Number of states.  */
+#define YYNSTATES  42
+
+/* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned
+   by yylex, with out-of-bounds checking.  */
+#define YYUNDEFTOK  2
+#define YYMAXUTOK   261
+
+#define YYTRANSLATE(YYX)                                                \
+  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM
+   as returned by yylex, without out-of-bounds checking.  */
+static const yytype_uint8 yytranslate[] =
+{
+       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     6,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     7,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       8,     2,     2,     2,     9,     2,     2,     2,     2,    10,
+       2,     2,     2,     2,     2,    11,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
+       5,    12
+};
+
+#if YYDEBUG
+  /* YYRLINE[YYN] -- Source line where rule number YYN was defined.  */
+static const yytype_uint8 yyrline[] =
+{
+       0,   142,   142,   143,   143,   144,   144,   145,   145,   146,
+     147,   149,   150,   151,   152,   153,   154,   155,   156,   161,
+     162,   165,   166,   169,   170
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE || 0
+/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+   First, the terminals, then, starting at YYNTOKENS, nonterminals.  */
+static const char *const yytname[] =
+{
+  "$end", "error", "$undefined", "tok_NUM", "tok_LONGNUM", "tok_OVERFLOW",
+  "'-'", "':'", "'d'", "'h'", "'m'", "'s'", "tok_WS", "$accept", "start",
+  "posnum", "num", "ws", "wsnum", "deltat", "opt_hms", "opt_ms", "opt_s", YY_NULLPTR
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[NUM] -- (External) token number corresponding to the
+   (internal) symbol number NUM (which must be that of a token).  */
+static const yytype_uint16 yytoknum[] =
+{
+       0,   256,   257,   258,   259,   260,    45,    58,   100,   104,
+     109,   115,   261
+};
+# endif
+
+#define YYPACT_NINF -16
+
+#define yypact_value_is_default(Yystate) \
+  (!!((Yystate) == (-16)))
+
+#define YYTABLE_NINF -1
+
+#define yytable_value_is_error(Yytable_value) \
+  0
+
+  /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+     STATE-NUM.  */
+static const yytype_int8 yypact[] =
+{
+     -10,   -16,    14,     7,    -2,   -16,   -16,   -16,   -16,   -16,
+      21,   -16,   -16,    13,    25,   -10,   -10,   -10,   -16,   -16,
+      22,    23,     7,    12,   -16,   -16,   -16,    16,   -16,     8,
+     -16,    28,    29,   -10,   -10,   -16,    26,   -16,   -16,   -16,
+      32,   -16
+};
+
+  /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
+     Performed when YYTABLE does not specify something else to do.  Zero
+     means the default is an error.  */
+static const yytype_uint8 yydefact[] =
+{
+       7,     8,     0,     0,    18,     2,     1,     3,     4,    10,
+       0,     5,     9,     0,     0,     7,     7,     7,    14,     6,
+       0,    17,    23,     0,    11,    19,    21,     0,    12,     0,
+      13,     0,     0,     7,     7,    24,     0,    16,    20,    22,
+       0,    15
+};
+
+  /* YYPGOTO[NTERM-NUM].  */
+static const yytype_int8 yypgoto[] =
+{
+     -16,   -16,    27,   -16,    36,     0,   -16,   -16,   -15,   -14
+};
+
+  /* YYDEFGOTO[NTERM-NUM].  */
+static const yytype_int8 yydefgoto[] =
+{
+      -1,     2,    11,    12,    22,    27,     5,    24,    25,    26
+};
+
+  /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM.  If
+     positive, shift that token.  If negative, reduce the rule whose
+     number is the opposite.  If YYTABLE_NINF, syntax error.  */
+static const yytype_uint8 yytable[] =
+{
+       4,    28,     1,    30,    13,    14,    15,    16,    17,    18,
+       7,     8,     9,    10,     6,    23,    20,    29,    38,    35,
+      39,    33,    34,    35,     7,     8,    34,    35,    21,    31,
+      32,    36,    37,    40,    29,    41,     3,    19
+};
+
+static const yytype_uint8 yycheck[] =
+{
+       0,    16,    12,    17,     6,     7,     8,     9,    10,    11,
+       3,     4,     5,     6,     0,    15,     3,    17,    33,    11,
+      34,     9,    10,    11,     3,     4,    10,    11,     3,     7,
+       7,     3,     3,     7,    34,     3,     0,    10
+};
+
+  /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+     symbol of state STATE-NUM.  */
+static const yytype_uint8 yystos[] =
+{
+       0,    12,    14,    17,    18,    19,     0,     3,     4,     5,
+       6,    15,    16,     6,     7,     8,     9,    10,    11,    15,
+       3,     3,    17,    18,    20,    21,    22,    18,    21,    18,
+      22,     7,     7,     9,    10,    11,     3,     3,    21,    22,
+       7,     3
+};
+
+  /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+static const yytype_uint8 yyr1[] =
+{
+       0,    13,    14,    15,    15,    16,    16,    17,    17,    18,
+      18,    19,    19,    19,    19,    19,    19,    19,    19,    20,
+      20,    21,    21,    22,    22
+};
+
+  /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN.  */
+static const yytype_uint8 yyr2[] =
+{
+       0,     2,     1,     1,     1,     1,     2,     0,     1,     2,
+       2,     3,     3,     3,     2,     7,     5,     3,     1,     1,
+       3,     1,     3,     1,     2
+};
+
+
+#define yyerrok         (yyerrstatus = 0)
+#define yyclearin       (yychar = YYEMPTY)
+#define YYEMPTY         (-2)
+#define YYEOF           0
+
+#define YYACCEPT        goto yyacceptlab
+#define YYABORT         goto yyabortlab
+#define YYERROR         goto yyerrorlab
+
+
+#define YYRECOVERING()  (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value)                                  \
+do                                                              \
+  if (yychar == YYEMPTY)                                        \
+    {                                                           \
+      yychar = (Token);                                         \
+      yylval = (Value);                                         \
+      YYPOPSTACK (yylen);                                       \
+      yystate = *yyssp;                                         \
+      goto yybackup;                                            \
+    }                                                           \
+  else                                                          \
+    {                                                           \
+      yyerror (tmv, YY_("syntax error: cannot back up")); \
+      YYERROR;                                                  \
+    }                                                           \
+while (0)
+
+/* Error token number */
+#define YYTERROR        1
+#define YYERRCODE       256
+
+
+
+/* Enable debugging if requested.  */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args)                        \
+do {                                            \
+  if (yydebug)                                  \
+    YYFPRINTF Args;                             \
+} while (0)
+
+/* This macro is provided for backward compatibility. */
+#ifndef YY_LOCATION_PRINT
+# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+#endif
+
+
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)                    \
+do {                                                                      \
+  if (yydebug)                                                            \
+    {                                                                     \
+      YYFPRINTF (stderr, "%s ", Title);                                   \
+      yy_symbol_print (stderr,                                            \
+                  Type, Value, tmv); \
+      YYFPRINTF (stderr, "\n");                                           \
+    }                                                                     \
+} while (0)
+
+
+/*----------------------------------------.
+| Print this symbol's value on YYOUTPUT.  |
+`----------------------------------------*/
+
+static void
+yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, struct param *tmv)
+{
+  FILE *yyo = yyoutput;
+  YYUSE (yyo);
+  YYUSE (tmv);
+  if (!yyvaluep)
+    return;
+# ifdef YYPRINT
+  if (yytype < YYNTOKENS)
+    YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# endif
+  YYUSE (yytype);
+}
+
+
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+static void
+yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, struct param *tmv)
+{
+  YYFPRINTF (yyoutput, "%s %s (",
+             yytype < YYNTOKENS ? "token" : "nterm", yytname[yytype]);
+
+  yy_symbol_value_print (yyoutput, yytype, yyvaluep, tmv);
+  YYFPRINTF (yyoutput, ")");
+}
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (included).                                                   |
+`------------------------------------------------------------------*/
+
+static void
+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
+{
+  YYFPRINTF (stderr, "Stack now");
+  for (; yybottom <= yytop; yybottom++)
+    {
+      int yybot = *yybottom;
+      YYFPRINTF (stderr, " %d", yybot);
+    }
+  YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top)                            \
+do {                                                            \
+  if (yydebug)                                                  \
+    yy_stack_print ((Bottom), (Top));                           \
+} while (0)
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced.  |
+`------------------------------------------------*/
+
+static void
+yy_reduce_print (yytype_int16 *yyssp, YYSTYPE *yyvsp, int yyrule, struct param *tmv)
+{
+  unsigned long int yylno = yyrline[yyrule];
+  int yynrhs = yyr2[yyrule];
+  int yyi;
+  YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
+             yyrule - 1, yylno);
+  /* The symbols being reduced.  */
+  for (yyi = 0; yyi < yynrhs; yyi++)
+    {
+      YYFPRINTF (stderr, "   $%d = ", yyi + 1);
+      yy_symbol_print (stderr,
+                       yystos[yyssp[yyi + 1 - yynrhs]],
+                       &(yyvsp[(yyi + 1) - (yynrhs)])
+                                              , tmv);
+      YYFPRINTF (stderr, "\n");
+    }
+}
+
+# define YY_REDUCE_PRINT(Rule)          \
+do {                                    \
+  if (yydebug)                          \
+    yy_reduce_print (yyssp, yyvsp, Rule, tmv); \
+} while (0)
+
+/* Nonzero means print parse trace.  It is left uninitialized so that
+   multiple parsers can coexist.  */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks.  */
+#ifndef YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+   if the built-in stack extension method is used).
+
+   Do not make this value too large; the results are undefined if
+   YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
+   evaluated with infinite-precision integer arithmetic.  */
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+#  if defined __GLIBC__ && defined _STRING_H
+#   define yystrlen strlen
+#  else
+/* Return the length of YYSTR.  */
+static YYSIZE_T
+yystrlen (const char *yystr)
+{
+  YYSIZE_T yylen;
+  for (yylen = 0; yystr[yylen]; yylen++)
+    continue;
+  return yylen;
+}
+#  endif
+# endif
+
+# ifndef yystpcpy
+#  if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
+#   define yystpcpy stpcpy
+#  else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+   YYDEST.  */
+static char *
+yystpcpy (char *yydest, const char *yysrc)
+{
+  char *yyd = yydest;
+  const char *yys = yysrc;
+
+  while ((*yyd++ = *yys++) != '\0')
+    continue;
+
+  return yyd - 1;
+}
+#  endif
+# endif
+
+# ifndef yytnamerr
+/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
+   quotes and backslashes, so that it's suitable for yyerror.  The
+   heuristic is that double-quoting is unnecessary unless the string
+   contains an apostrophe, a comma, or backslash (other than
+   backslash-backslash).  YYSTR is taken from yytname.  If YYRES is
+   null, do not copy; instead, return the length of what the result
+   would have been.  */
+static YYSIZE_T
+yytnamerr (char *yyres, const char *yystr)
+{
+  if (*yystr == '"')
+    {
+      YYSIZE_T yyn = 0;
+      char const *yyp = yystr;
+
+      for (;;)
+        switch (*++yyp)
+          {
+          case '\'':
+          case ',':
+            goto do_not_strip_quotes;
+
+          case '\\':
+            if (*++yyp != '\\')
+              goto do_not_strip_quotes;
+            /* Fall through.  */
+          default:
+            if (yyres)
+              yyres[yyn] = *yyp;
+            yyn++;
+            break;
+
+          case '"':
+            if (yyres)
+              yyres[yyn] = '\0';
+            return yyn;
+          }
+    do_not_strip_quotes: ;
+    }
+
+  if (! yyres)
+    return yystrlen (yystr);
+
+  return yystpcpy (yyres, yystr) - yyres;
+}
+# endif
+
+/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message
+   about the unexpected token YYTOKEN for the state stack whose top is
+   YYSSP.
+
+   Return 0 if *YYMSG was successfully written.  Return 1 if *YYMSG is
+   not large enough to hold the message.  In that case, also set
+   *YYMSG_ALLOC to the required number of bytes.  Return 2 if the
+   required number of bytes is too large to store.  */
+static int
+yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
+                yytype_int16 *yyssp, int yytoken)
+{
+  YYSIZE_T yysize0 = yytnamerr (YY_NULLPTR, yytname[yytoken]);
+  YYSIZE_T yysize = yysize0;
+  enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
+  /* Internationalized format string. */
+  const char *yyformat = YY_NULLPTR;
+  /* Arguments of yyformat. */
+  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
+  /* Number of reported tokens (one for the "unexpected", one per
+     "expected"). */
+  int yycount = 0;
+
+  /* There are many possibilities here to consider:
+     - If this state is a consistent state with a default action, then
+       the only way this function was invoked is if the default action
+       is an error action.  In that case, don't check for expected
+       tokens because there are none.
+     - The only way there can be no lookahead present (in yychar) is if
+       this state is a consistent state with a default action.  Thus,
+       detecting the absence of a lookahead is sufficient to determine
+       that there is no unexpected or expected token to report.  In that
+       case, just report a simple "syntax error".
+     - Don't assume there isn't a lookahead just because this state is a
+       consistent state with a default action.  There might have been a
+       previous inconsistent state, consistent state with a non-default
+       action, or user semantic action that manipulated yychar.
+     - Of course, the expected token list depends on states to have
+       correct lookahead information, and it depends on the parser not
+       to perform extra reductions after fetching a lookahead from the
+       scanner and before detecting a syntax error.  Thus, state merging
+       (from LALR or IELR) and default reductions corrupt the expected
+       token list.  However, the list is correct for canonical LR with
+       one exception: it will still contain any token that will not be
+       accepted due to an error action in a later state.
+  */
+  if (yytoken != YYEMPTY)
+    {
+      int yyn = yypact[*yyssp];
+      yyarg[yycount++] = yytname[yytoken];
+      if (!yypact_value_is_default (yyn))
+        {
+          /* Start YYX at -YYN if negative to avoid negative indexes in
+             YYCHECK.  In other words, skip the first -YYN actions for
+             this state because they are default actions.  */
+          int yyxbegin = yyn < 0 ? -yyn : 0;
+          /* Stay within bounds of both yycheck and yytname.  */
+          int yychecklim = YYLAST - yyn + 1;
+          int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
+          int yyx;
+
+          for (yyx = yyxbegin; yyx < yyxend; ++yyx)
+            if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR
+                && !yytable_value_is_error (yytable[yyx + yyn]))
+              {
+                if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
+                  {
+                    yycount = 1;
+                    yysize = yysize0;
+                    break;
+                  }
+                yyarg[yycount++] = yytname[yyx];
+                {
+                  YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]);
+                  if (! (yysize <= yysize1
+                         && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
+                    return 2;
+                  yysize = yysize1;
+                }
+              }
+        }
+    }
+
+  switch (yycount)
+    {
+# define YYCASE_(N, S)                      \
+      case N:                               \
+        yyformat = S;                       \
+      break
+      YYCASE_(0, YY_("syntax error"));
+      YYCASE_(1, YY_("syntax error, unexpected %s"));
+      YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s"));
+      YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s"));
+      YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s"));
+      YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"));
+# undef YYCASE_
+    }
+
+  {
+    YYSIZE_T yysize1 = yysize + yystrlen (yyformat);
+    if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
+      return 2;
+    yysize = yysize1;
+  }
+
+  if (*yymsg_alloc < yysize)
+    {
+      *yymsg_alloc = 2 * yysize;
+      if (! (yysize <= *yymsg_alloc
+             && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
+        *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
+      return 1;
+    }
+
+  /* Avoid sprintf, as that infringes on the user's name space.
+     Don't have undefined behavior even if the translation
+     produced a string with the wrong number of "%s"s.  */
+  {
+    char *yyp = *yymsg;
+    int yyi = 0;
+    while ((*yyp = *yyformat) != '\0')
+      if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount)
+        {
+          yyp += yytnamerr (yyp, yyarg[yyi++]);
+          yyformat += 2;
+        }
+      else
+        {
+          yyp++;
+          yyformat++;
+        }
+  }
+  return 0;
+}
+#endif /* YYERROR_VERBOSE */
+
+/*-----------------------------------------------.
+| Release the memory associated to this symbol.  |
+`-----------------------------------------------*/
+
+static void
+yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, struct param *tmv)
+{
+  YYUSE (yyvaluep);
+  YYUSE (tmv);
+  if (!yymsg)
+    yymsg = "Deleting";
+  YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
+
+  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+  YYUSE (yytype);
+  YY_IGNORE_MAYBE_UNINITIALIZED_END
+}
+
+
+
+
+/*----------.
+| yyparse.  |
+`----------*/
+
+int
+yyparse (struct param *tmv)
+{
+/* The lookahead symbol.  */
+int yychar;
+
+
+/* The semantic value of the lookahead symbol.  */
+/* Default value used for initialization, for pacifying older GCCs
+   or non-GCC compilers.  */
+YY_INITIAL_VALUE (static YYSTYPE yyval_default;)
+YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default);
+
+    /* Number of syntax errors so far.  */
+    int yynerrs;
+
+    int yystate;
+    /* Number of tokens to shift before error messages enabled.  */
+    int yyerrstatus;
+
+    /* The stacks and their tools:
+       'yyss': related to states.
+       'yyvs': related to semantic values.
+
+       Refer to the stacks through separate pointers, to allow yyoverflow
+       to reallocate them elsewhere.  */
+
+    /* The state stack.  */
+    yytype_int16 yyssa[YYINITDEPTH];
+    yytype_int16 *yyss;
+    yytype_int16 *yyssp;
+
+    /* The semantic value stack.  */
+    YYSTYPE yyvsa[YYINITDEPTH];
+    YYSTYPE *yyvs;
+    YYSTYPE *yyvsp;
+
+    YYSIZE_T yystacksize;
+
+  int yyn;
+  int yyresult;
+  /* Lookahead token as an internal (translated) token number.  */
+  int yytoken = 0;
+  /* The variables used to return semantic value and location from the
+     action routines.  */
+  YYSTYPE yyval;
+
+#if YYERROR_VERBOSE
+  /* Buffer for error messages, and its allocated size.  */
+  char yymsgbuf[128];
+  char *yymsg = yymsgbuf;
+  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
+
+  /* The number of symbols on the RHS of the reduced rule.
+     Keep to zero when no symbol should be popped.  */
+  int yylen = 0;
+
+  yyssp = yyss = yyssa;
+  yyvsp = yyvs = yyvsa;
+  yystacksize = YYINITDEPTH;
+
+  YYDPRINTF ((stderr, "Starting parse\n"));
+
+  yystate = 0;
+  yyerrstatus = 0;
+  yynerrs = 0;
+  yychar = YYEMPTY; /* Cause a token to be read.  */
+  goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate.  |
+`------------------------------------------------------------*/
+ yynewstate:
+  /* In all cases, when you get here, the value and location stacks
+     have just been pushed.  So pushing a state here evens the stacks.  */
+  yyssp++;
+
+ yysetstate:
+  *yyssp = yystate;
+
+  if (yyss + yystacksize - 1 <= yyssp)
+    {
+      /* Get the current used size of the three stacks, in elements.  */
+      YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+      {
+        /* Give user a chance to reallocate the stack.  Use copies of
+           these so that the &'s don't force the real ones into
+           memory.  */
+        YYSTYPE *yyvs1 = yyvs;
+        yytype_int16 *yyss1 = yyss;
+
+        /* Each stack pointer address is followed by the size of the
+           data in use in that stack, in bytes.  This used to be a
+           conditional around just the two extra args, but that might
+           be undefined if yyoverflow is a macro.  */
+        yyoverflow (YY_("memory exhausted"),
+                    &yyss1, yysize * sizeof (*yyssp),
+                    &yyvs1, yysize * sizeof (*yyvsp),
+                    &yystacksize);
+
+        yyss = yyss1;
+        yyvs = yyvs1;
+      }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+      goto yyexhaustedlab;
+# else
+      /* Extend the stack our own way.  */
+      if (YYMAXDEPTH <= yystacksize)
+        goto yyexhaustedlab;
+      yystacksize *= 2;
+      if (YYMAXDEPTH < yystacksize)
+        yystacksize = YYMAXDEPTH;
+
+      {
+        yytype_int16 *yyss1 = yyss;
+        union yyalloc *yyptr =
+          (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+        if (! yyptr)
+          goto yyexhaustedlab;
+        YYSTACK_RELOCATE (yyss_alloc, yyss);
+        YYSTACK_RELOCATE (yyvs_alloc, yyvs);
+#  undef YYSTACK_RELOCATE
+        if (yyss1 != yyssa)
+          YYSTACK_FREE (yyss1);
+      }
+# endif
+#endif /* no yyoverflow */
+
+      yyssp = yyss + yysize - 1;
+      yyvsp = yyvs + yysize - 1;
+
+      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+                  (unsigned long int) yystacksize));
+
+      if (yyss + yystacksize - 1 <= yyssp)
+        YYABORT;
+    }
+
+  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+  if (yystate == YYFINAL)
+    YYACCEPT;
+
+  goto yybackup;
+
+/*-----------.
+| yybackup.  |
+`-----------*/
+yybackup:
+
+  /* Do appropriate processing given the current state.  Read a
+     lookahead token if we need one and don't already have one.  */
+
+  /* First try to decide what to do without reference to lookahead token.  */
+  yyn = yypact[yystate];
+  if (yypact_value_is_default (yyn))
+    goto yydefault;
+
+  /* Not known => get a lookahead token if don't already have one.  */
+
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
+  if (yychar == YYEMPTY)
+    {
+      YYDPRINTF ((stderr, "Reading a token: "));
+      yychar = yylex (&yylval, tmv);
+    }
+
+  if (yychar <= YYEOF)
+    {
+      yychar = yytoken = YYEOF;
+      YYDPRINTF ((stderr, "Now at end of input.\n"));
+    }
+  else
+    {
+      yytoken = YYTRANSLATE (yychar);
+      YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
+    }
+
+  /* If the proper action on seeing token YYTOKEN is to reduce or to
+     detect an error, take that action.  */
+  yyn += yytoken;
+  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+    goto yydefault;
+  yyn = yytable[yyn];
+  if (yyn <= 0)
+    {
+      if (yytable_value_is_error (yyn))
+        goto yyerrlab;
+      yyn = -yyn;
+      goto yyreduce;
+    }
+
+  /* Count tokens shifted since error; after three, turn off error
+     status.  */
+  if (yyerrstatus)
+    yyerrstatus--;
+
+  /* Shift the lookahead token.  */
+  YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
+
+  /* Discard the shifted token.  */
+  yychar = YYEMPTY;
+
+  yystate = yyn;
+  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+  *++yyvsp = yylval;
+  YY_IGNORE_MAYBE_UNINITIALIZED_END
+
+  goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state.  |
+`-----------------------------------------------------------*/
+yydefault:
+  yyn = yydefact[yystate];
+  if (yyn == 0)
+    goto yyerrlab;
+  goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction.  |
+`-----------------------------*/
+yyreduce:
+  /* yyn is the number of a rule to reduce with.  */
+  yylen = yyr2[yyn];
+
+  /* If YYLEN is nonzero, implement the default value of the action:
+     '$$ = $1'.
+
+     Otherwise, the following line sets YYVAL to garbage.
+     This behavior is undocumented and Bison
+     users should not rely upon it.  Assigning to YYVAL
+     unconditionally makes the parser a bit smaller, and it avoids a
+     GCC warning that YYVAL may be used uninitialized.  */
+  yyval = yyvsp[1-yylen];
+
+
+  YY_REDUCE_PRINT (yyn);
+  switch (yyn)
+    {
+        case 6:
+#line 144 "x-deltat.y" /* yacc.c:1646  */
+    { (yyval.val) = - (yyvsp[0].val); }
+#line 1317 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 9:
+#line 146 "x-deltat.y" /* yacc.c:1646  */
+    { (yyval.val) = (yyvsp[0].val); }
+#line 1323 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 10:
+#line 147 "x-deltat.y" /* yacc.c:1646  */
+    { YYERROR; }
+#line 1329 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 11:
+#line 149 "x-deltat.y" /* yacc.c:1646  */
+    { DO ((yyvsp[-2].val),  0,  0, (yyvsp[0].val)); }
+#line 1335 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 12:
+#line 150 "x-deltat.y" /* yacc.c:1646  */
+    { DO ( 0, (yyvsp[-2].val),  0, (yyvsp[0].val)); }
+#line 1341 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 13:
+#line 151 "x-deltat.y" /* yacc.c:1646  */
+    { DO ( 0,  0, (yyvsp[-2].val), (yyvsp[0].val)); }
+#line 1347 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 14:
+#line 152 "x-deltat.y" /* yacc.c:1646  */
+    { DO ( 0,  0,  0, (yyvsp[-1].val)); }
+#line 1353 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 15:
+#line 153 "x-deltat.y" /* yacc.c:1646  */
+    { DO ((yyvsp[-6].val), (yyvsp[-4].val), (yyvsp[-2].val), (yyvsp[0].val)); }
+#line 1359 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 16:
+#line 154 "x-deltat.y" /* yacc.c:1646  */
+    { DO ( 0, (yyvsp[-4].val), (yyvsp[-2].val), (yyvsp[0].val)); }
+#line 1365 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 17:
+#line 155 "x-deltat.y" /* yacc.c:1646  */
+    { DO ( 0, (yyvsp[-2].val), (yyvsp[0].val),  0); }
+#line 1371 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 18:
+#line 156 "x-deltat.y" /* yacc.c:1646  */
+    { DO ( 0,  0,  0, (yyvsp[0].val)); }
+#line 1377 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 20:
+#line 162 "x-deltat.y" /* yacc.c:1646  */
+    { if (HOUR_NOT_OK((yyvsp[-2].val))) YYERROR;
+	                                  DO_SUM((yyval.val), (yyvsp[-2].val) * 3600, (yyvsp[0].val)); }
+#line 1384 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 22:
+#line 166 "x-deltat.y" /* yacc.c:1646  */
+    { if (MIN_NOT_OK((yyvsp[-2].val))) YYERROR;
+	                                  DO_SUM((yyval.val), (yyvsp[-2].val) * 60, (yyvsp[0].val)); }
+#line 1391 "deltat.c" /* yacc.c:1646  */
+    break;
+
+  case 23:
+#line 169 "x-deltat.y" /* yacc.c:1646  */
+    { (yyval.val) = 0; }
+#line 1397 "deltat.c" /* yacc.c:1646  */
+    break;
+
+
+#line 1401 "deltat.c" /* yacc.c:1646  */
+      default: break;
+    }
+  /* User semantic actions sometimes alter yychar, and that requires
+     that yytoken be updated with the new translation.  We take the
+     approach of translating immediately before every use of yytoken.
+     One alternative is translating here after every semantic action,
+     but that translation would be missed if the semantic action invokes
+     YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
+     if it invokes YYBACKUP.  In the case of YYABORT or YYACCEPT, an
+     incorrect destructor might then be invoked immediately.  In the
+     case of YYERROR or YYBACKUP, subsequent parser actions might lead
+     to an incorrect destructor call or verbose syntax error message
+     before the lookahead is translated.  */
+  YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
+
+  YYPOPSTACK (yylen);
+  yylen = 0;
+  YY_STACK_PRINT (yyss, yyssp);
+
+  *++yyvsp = yyval;
+
+  /* Now 'shift' the result of the reduction.  Determine what state
+     that goes to, based on the state we popped back to and the rule
+     number reduced by.  */
+
+  yyn = yyr1[yyn];
+
+  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+    yystate = yytable[yystate];
+  else
+    yystate = yydefgoto[yyn - YYNTOKENS];
+
+  goto yynewstate;
+
+
+/*--------------------------------------.
+| yyerrlab -- here on detecting error.  |
+`--------------------------------------*/
+yyerrlab:
+  /* Make sure we have latest lookahead translation.  See comments at
+     user semantic actions for why this is necessary.  */
+  yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar);
+
+  /* If not already recovering from an error, report this error.  */
+  if (!yyerrstatus)
+    {
+      ++yynerrs;
+#if ! YYERROR_VERBOSE
+      yyerror (tmv, YY_("syntax error"));
+#else
+# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \
+                                        yyssp, yytoken)
+      {
+        char const *yymsgp = YY_("syntax error");
+        int yysyntax_error_status;
+        yysyntax_error_status = YYSYNTAX_ERROR;
+        if (yysyntax_error_status == 0)
+          yymsgp = yymsg;
+        else if (yysyntax_error_status == 1)
+          {
+            if (yymsg != yymsgbuf)
+              YYSTACK_FREE (yymsg);
+            yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc);
+            if (!yymsg)
+              {
+                yymsg = yymsgbuf;
+                yymsg_alloc = sizeof yymsgbuf;
+                yysyntax_error_status = 2;
+              }
+            else
+              {
+                yysyntax_error_status = YYSYNTAX_ERROR;
+                yymsgp = yymsg;
+              }
+          }
+        yyerror (tmv, yymsgp);
+        if (yysyntax_error_status == 2)
+          goto yyexhaustedlab;
+      }
+# undef YYSYNTAX_ERROR
+#endif
+    }
+
+
+
+  if (yyerrstatus == 3)
+    {
+      /* If just tried and failed to reuse lookahead token after an
+         error, discard it.  */
+
+      if (yychar <= YYEOF)
+        {
+          /* Return failure if at end of input.  */
+          if (yychar == YYEOF)
+            YYABORT;
+        }
+      else
+        {
+          yydestruct ("Error: discarding",
+                      yytoken, &yylval, tmv);
+          yychar = YYEMPTY;
+        }
+    }
+
+  /* Else will try to reuse lookahead token after shifting the error
+     token.  */
+  goto yyerrlab1;
+
+
+/*---------------------------------------------------.
+| yyerrorlab -- error raised explicitly by YYERROR.  |
+`---------------------------------------------------*/
+yyerrorlab:
+
+  /* Pacify compilers like GCC when the user code never invokes
+     YYERROR and the label yyerrorlab therefore never appears in user
+     code.  */
+  if (/*CONSTCOND*/ 0)
+     goto yyerrorlab;
+
+  /* Do not reclaim the symbols of the rule whose action triggered
+     this YYERROR.  */
+  YYPOPSTACK (yylen);
+  yylen = 0;
+  YY_STACK_PRINT (yyss, yyssp);
+  yystate = *yyssp;
+  goto yyerrlab1;
+
+
+/*-------------------------------------------------------------.
+| yyerrlab1 -- common code for both syntax error and YYERROR.  |
+`-------------------------------------------------------------*/
+yyerrlab1:
+  yyerrstatus = 3;      /* Each real token shifted decrements this.  */
+
+  for (;;)
+    {
+      yyn = yypact[yystate];
+      if (!yypact_value_is_default (yyn))
+        {
+          yyn += YYTERROR;
+          if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+            {
+              yyn = yytable[yyn];
+              if (0 < yyn)
+                break;
+            }
+        }
+
+      /* Pop the current state because it cannot handle the error token.  */
+      if (yyssp == yyss)
+        YYABORT;
+
+
+      yydestruct ("Error: popping",
+                  yystos[yystate], yyvsp, tmv);
+      YYPOPSTACK (1);
+      yystate = *yyssp;
+      YY_STACK_PRINT (yyss, yyssp);
+    }
+
+  YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
+  *++yyvsp = yylval;
+  YY_IGNORE_MAYBE_UNINITIALIZED_END
+
+
+  /* Shift the error token.  */
+  YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here.  |
+`-------------------------------------*/
+yyacceptlab:
+  yyresult = 0;
+  goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here.  |
+`-----------------------------------*/
+yyabortlab:
+  yyresult = 1;
+  goto yyreturn;
+
+#if !defined yyoverflow || YYERROR_VERBOSE
+/*-------------------------------------------------.
+| yyexhaustedlab -- memory exhaustion comes here.  |
+`-------------------------------------------------*/
+yyexhaustedlab:
+  yyerror (tmv, YY_("memory exhausted"));
+  yyresult = 2;
+  /* Fall through.  */
+#endif
+
+yyreturn:
+  if (yychar != YYEMPTY)
+    {
+      /* Make sure we have latest lookahead translation.  See comments at
+         user semantic actions for why this is necessary.  */
+      yytoken = YYTRANSLATE (yychar);
+      yydestruct ("Cleanup: discarding lookahead",
+                  yytoken, &yylval, tmv);
+    }
+  /* Do not reclaim the symbols of the rule whose action triggered
+     this YYABORT or YYACCEPT.  */
+  YYPOPSTACK (yylen);
+  YY_STACK_PRINT (yyss, yyssp);
+  while (yyssp != yyss)
+    {
+      yydestruct ("Cleanup: popping",
+                  yystos[*yyssp], yyvsp, tmv);
+      YYPOPSTACK (1);
+    }
+#ifndef yyoverflow
+  if (yyss != yyssa)
+    YYSTACK_FREE (yyss);
+#endif
+#if YYERROR_VERBOSE
+  if (yymsg != yymsgbuf)
+    YYSTACK_FREE (yymsg);
+#endif
+  return yyresult;
+}
+#line 172 "x-deltat.y" /* yacc.c:1906  */
+
+
+#ifdef __GNUC__
+#pragma GCC diagnostic pop
+#endif
+
+static int
+mylex(int *intp, struct param *tmv)
+{
+    int num, c;
+#define P (tmv->p)
+    char *orig_p = P;
+
+#ifdef isascii
+    if (!isascii (*P))
+	return 0;
+#endif
+    switch (c = *P++) {
+    case '-':
+    case ':':
+    case 'd':
+    case 'h':
+    case 'm':
+    case 's':
+	return c;
+    case '0':
+    case '1':
+    case '2':
+    case '3':
+    case '4':
+    case '5':
+    case '6':
+    case '7':
+    case '8':
+    case '9':
+	/* XXX assumes ASCII */
+	num = c - '0';
+	while (isdigit ((int) *P)) {
+	    if (num > MAX_TIME / 10)
+	      return tok_OVERFLOW;
+	    num *= 10;
+	    if (num > MAX_TIME - (*P - '0'))
+	      return tok_OVERFLOW;
+	    num += *P++ - '0';
+	}
+	*intp = num;
+	return (P - orig_p > 2) ? tok_LONGNUM : tok_NUM;
+    case ' ':
+    case '\t':
+    case '\n':
+	while (isspace ((int) *P))
+	    P++;
+	return tok_WS;
+    default:
+	return YYEOF;
+    }
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_deltat(char *string, krb5_deltat *deltatp)
+{
+    struct param p;
+    p.delta = 0;
+    p.p = string;
+    if (yyparse (&p))
+	return KRB5_DELTAT_BADFORMAT;
+    *deltatp = p.delta;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/deps b/krb5-1.21.3/src/lib/krb5/krb/deps
new file mode 100644
index 00000000..6ea570c5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/deps
@@ -0,0 +1,1452 @@
+#
+# Generated makefile dependencies follow.
+#
+addr_comp.so addr_comp.po $(OUTPRE)addr_comp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  addr_comp.c
+addr_order.so addr_order.po $(OUTPRE)addr_order.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  addr_order.c
+addr_srch.so addr_srch.po $(OUTPRE)addr_srch.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  addr_srch.c
+appdefault.so appdefault.po $(OUTPRE)appdefault.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  appdefault.c
+auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.c auth_con.h \
+  int-proto.h
+cammac_util.so cammac_util.po $(OUTPRE)cammac_util.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cammac_util.c
+ai_authdata.so ai_authdata.po $(OUTPRE)ai_authdata.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ai_authdata.c auth_con.h authdata.h int-proto.h
+authdata.so authdata.po $(OUTPRE)authdata.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h authdata.c authdata.h int-proto.h
+authdata_exp.so authdata_exp.po $(OUTPRE)authdata_exp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h authdata.h authdata_exp.c int-proto.h
+authdata_enc.so authdata_enc.po $(OUTPRE)authdata_enc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  authdata_enc.c
+authdata_dec.so authdata_dec.po $(OUTPRE)authdata_dec.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  authdata_dec.c int-proto.h
+bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  bld_pr_ext.c int-proto.h
+bld_princ.so bld_princ.po $(OUTPRE)bld_princ.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  bld_princ.c int-proto.h
+brand.so brand.po $(OUTPRE)brand.$(OBJEXT): $(top_srcdir)/patchlevel.h \
+  brand.c
+chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  chk_trans.c
+chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-unicode.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h chpw.c int-proto.h
+conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  conv_creds.c
+conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  conv_princ.c
+copy_addrs.so copy_addrs.po $(OUTPRE)copy_addrs.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_addrs.c
+copy_auth.so copy_auth.po $(OUTPRE)copy_auth.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_auth.c int-proto.h
+copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h copy_athctr.c
+copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_cksum.c
+copy_creds.so copy_creds.po $(OUTPRE)copy_creds.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_creds.c int-proto.h
+copy_data.so copy_data.po $(OUTPRE)copy_data.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_data.c
+copy_key.so copy_key.po $(OUTPRE)copy_key.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_key.c
+copy_princ.so copy_princ.po $(OUTPRE)copy_princ.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_princ.c
+copy_tick.so copy_tick.po $(OUTPRE)copy_tick.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_tick.c
+cp_key_cnt.so cp_key_cnt.po $(OUTPRE)cp_key_cnt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cp_key_cnt.c
+decode_kdc.so decode_kdc.po $(OUTPRE)decode_kdc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  decode_kdc.c fast.h int-proto.h
+decrypt_tk.so decrypt_tk.po $(OUTPRE)decrypt_tk.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  decrypt_tk.c
+deltat.so deltat.po $(OUTPRE)deltat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h deltat.c
+enc_helper.so enc_helper.po $(OUTPRE)enc_helper.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  enc_helper.c
+enc_keyhelper.so enc_keyhelper.po $(OUTPRE)enc_keyhelper.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  enc_keyhelper.c int-proto.h
+encode_kdc.so encode_kdc.po $(OUTPRE)encode_kdc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  encode_kdc.c
+encrypt_tk.so encrypt_tk.po $(OUTPRE)encrypt_tk.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  encrypt_tk.c
+etype_list.so etype_list.po $(OUTPRE)etype_list.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  etype_list.c int-proto.h
+fast.so fast.po $(OUTPRE)fast.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fast.c fast.h \
+  int-proto.h
+fwd_tgt.so fwd_tgt.po $(OUTPRE)fwd_tgt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fwd_tgt.c int-proto.h
+gc_via_tkt.so gc_via_tkt.po $(OUTPRE)gc_via_tkt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  fast.h gc_via_tkt.c int-proto.h
+gen_seqnum.so gen_seqnum.po $(OUTPRE)gen_seqnum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  gen_seqnum.c
+gen_subkey.so gen_subkey.po $(OUTPRE)gen_subkey.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  gen_subkey.c
+gen_save_subkey.so gen_save_subkey.po $(OUTPRE)gen_save_subkey.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h gen_save_subkey.c \
+  int-proto.h
+get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  fast.h get_creds.c int-proto.h
+get_etype_info.so get_etype_info.po $(OUTPRE)get_etype_info.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fast.h get_etype_info.c \
+  init_creds_ctx.h int-proto.h
+get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fast.h get_in_tkt.c \
+  init_creds_ctx.h int-proto.h
+gic_keytab.so gic_keytab.po $(OUTPRE)gic_keytab.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gic_keytab.c init_creds_ctx.h \
+  int-proto.h
+gic_opt.so gic_opt.po $(OUTPRE)gic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  gic_opt.c int-proto.h
+gic_pwd.so gic_pwd.po $(OUTPRE)gic_pwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  gic_pwd.c init_creds_ctx.h int-proto.h
+in_tkt_sky.so in_tkt_sky.po $(OUTPRE)in_tkt_sky.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  in_tkt_sky.c int-proto.h
+init_ctx.so init_ctx.po $(OUTPRE)init_ctx.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb5_libinit.h $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/patchlevel.h \
+  brand.c init_ctx.c int-proto.h
+copy_ctx.so copy_ctx.po $(OUTPRE)copy_ctx.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  copy_ctx.c int-proto.h
+init_keyblock.so init_keyblock.po $(OUTPRE)init_keyblock.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  init_keyblock.c
+kdc_rep_dc.so kdc_rep_dc.po $(OUTPRE)kdc_rep_dc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdc_rep_dc.c
+kerrs.so kerrs.po $(OUTPRE)kerrs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h kerrs.c
+kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kfree.c
+libdef_parse.so libdef_parse.po $(OUTPRE)libdef_parse.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h libdef_parse.c
+mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h mk_cred.c
+mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  mk_error.c
+mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h mk_priv.c
+mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h mk_rep.c
+mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h mk_req.c
+mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
+  mk_req_ext.c
+mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h mk_safe.c
+pac.so pac.po $(OUTPRE)pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h authdata.h int-proto.h \
+  pac.c
+pac_sign.so pac_sign.po $(OUTPRE)pac_sign.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h authdata.h int-proto.h \
+  pac_sign.c
+padata.so padata.po $(OUTPRE)padata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h padata.c
+parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h parse.c
+parse_host_string.so parse_host_string.po $(OUTPRE)parse_host_string.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  parse_host_string.c
+plugin.so plugin.po $(OUTPRE)plugin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h plugin.c
+pr_to_salt.so pr_to_salt.po $(OUTPRE)pr_to_salt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pr_to_salt.c
+preauth2.so preauth2.po $(OUTPRE)preauth2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  fast.h init_creds_ctx.h int-proto.h preauth2.c
+preauth_ec.so preauth_ec.po $(OUTPRE)preauth_ec.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h preauth_ec.c
+preauth_encts.so preauth_encts.po $(OUTPRE)preauth_encts.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  init_creds_ctx.h int-proto.h preauth_encts.c
+preauth_otp.so preauth_otp.po $(OUTPRE)preauth_otp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h preauth_otp.c
+preauth_pkinit.so preauth_pkinit.po $(OUTPRE)preauth_pkinit.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h init_creds_ctx.h \
+  int-proto.h preauth_pkinit.c
+preauth_sam2.so preauth_sam2.po $(OUTPRE)preauth_sam2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  init_creds_ctx.h int-proto.h preauth_sam2.c
+princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-unicode.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  princ_comp.c
+privsafe.so privsafe.po $(OUTPRE)privsafe.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
+  privsafe.c
+random_str.so random_str.po $(OUTPRE)random_str.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  random_str.c
+rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h rd_cred.c
+rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  rd_error.c
+rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h rd_priv.c
+rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h rd_rep.c
+rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h rd_req.c
+rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h authdata.h int-proto.h rd_req_dec.c
+rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h int-proto.h rd_safe.c
+recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h recvauth.c
+response_items.so response_items.po $(OUTPRE)response_items.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h response_items.c
+s4u_creds.so s4u_creds.po $(OUTPRE)s4u_creds.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h s4u_creds.c
+sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h sendauth.c
+send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  fast.h int-proto.h send_tgs.c
+ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h int-proto.h \
+  ser_actx.c
+ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h ser_adata.c
+ser_addr.so ser_addr.po $(OUTPRE)ser_addr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h ser_addr.c
+ser_auth.so ser_auth.po $(OUTPRE)ser_auth.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h ser_auth.c
+ser_cksum.so ser_cksum.po $(OUTPRE)ser_cksum.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h ser_cksum.c
+ser_ctx.so ser_ctx.po $(OUTPRE)ser_ctx.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h ser_ctx.c
+ser_key.so ser_key.po $(OUTPRE)ser_key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h ser_key.c
+ser_princ.so ser_princ.po $(OUTPRE)ser_princ.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h ser_princ.c
+serialize.so serialize.po $(OUTPRE)serialize.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  serialize.c
+set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  set_realm.c
+sname_match.so sname_match.po $(OUTPRE)sname_match.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h sname_match.c
+srv_dec_tkt.so srv_dec_tkt.po $(OUTPRE)srv_dec_tkt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  srv_dec_tkt.c
+srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  srv_rcache.c
+str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h str_conv.c
+t_ad_fx_armor.so t_ad_fx_armor.po $(OUTPRE)t_ad_fx_armor.$(OBJEXT): \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) t_ad_fx_armor.c
+tgtname.so tgtname.po $(OUTPRE)tgtname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h tgtname.c
+unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h unparse.c
+val_renew.so val_renew.po $(OUTPRE)val_renew.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h val_renew.c
+valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h valid_times.c
+vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h vfy_increds.c
+vic_opt.so vic_opt.po $(OUTPRE)vic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h vic_opt.c
+walk_rtree.so walk_rtree.po $(OUTPRE)walk_rtree.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h walk_rtree.c
+t_walk_rtree.so t_walk_rtree.po $(OUTPRE)t_walk_rtree.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_walk_rtree.c
+t_kerb.so t_kerb.po $(OUTPRE)t_kerb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_kerb.c
+t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../rcache/memrcache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  auth_con.h t_ser.c
+t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_deltat.c
+t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  chk_trans.c t_expand.c
+t_get_etype_info.so t_get_etype_info.po $(OUTPRE)t_get_etype_info.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  t_get_etype_info.c
+t_pac.so t_pac.po $(OUTPRE)t_pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_pac.c
+t_parse_host_string.so t_parse_host_string.po $(OUTPRE)t_parse_host_string.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-cmocka.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_parse_host_string.c
+t_princ.so t_princ.po $(OUTPRE)t_princ.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_princ.c
+t_etypes.so t_etypes.po $(OUTPRE)t_etypes.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_etypes.c
+t_expire_warn.so t_expire_warn.po $(OUTPRE)t_expire_warn.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_expire_warn.c
+t_authdata.so t_authdata.po $(OUTPRE)t_authdata.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_authdata.c
+t_cc_config.so t_cc_config.po $(OUTPRE)t_cc_config.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h t_cc_config.c
+t_copy_context.so t_copy_context.po $(OUTPRE)t_copy_context.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_copy_context.c
+t_in_ccache.so t_in_ccache.po $(OUTPRE)t_in_ccache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_in_ccache.c
+t_response_items.so t_response_items.po $(OUTPRE)t_response_items.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h t_response_items.c
+t_sname_match.so t_sname_match.po $(OUTPRE)t_sname_match.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_sname_match.c
+t_valid_times.so t_valid_times.po $(OUTPRE)t_valid_times.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h t_valid_times.c
+t_vfy_increds.so t_vfy_increds.po $(OUTPRE)t_vfy_increds.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_vfy_increds.c
diff --git a/krb5-1.21.3/src/lib/krb5/krb/enc_helper.c b/krb5-1.21.3/src/lib/krb5/krb/enc_helper.c
new file mode 100644
index 00000000..b9bf94c2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/enc_helper.c
@@ -0,0 +1,53 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/enc_helper.c */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code
+krb5_encrypt_helper(krb5_context context,
+                    const krb5_keyblock *key, krb5_keyusage usage,
+                    const krb5_data *plain, krb5_enc_data *cipher)
+{
+    krb5_error_code ret;
+    size_t enclen;
+
+    if ((ret = krb5_c_encrypt_length(context, key->enctype, plain->length,
+                                     &enclen)))
+        return(ret);
+
+    cipher->ciphertext.length = enclen;
+    if ((cipher->ciphertext.data = (char *) malloc(enclen)) == NULL)
+        return(ENOMEM);
+    ret = krb5_c_encrypt(context, key, usage, 0, plain, cipher);
+    if (ret) {
+        free(cipher->ciphertext.data);
+        cipher->ciphertext.data = NULL;
+    }
+
+    return(ret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/enc_keyhelper.c b/krb5-1.21.3/src/lib/krb5/krb/enc_keyhelper.c
new file mode 100644
index 00000000..6878b252
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/enc_keyhelper.c
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/enc_keyhelper.c */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
+                     const krb5_data *plain, krb5_enc_data *cipher)
+{
+    krb5_enctype enctype;
+    krb5_error_code ret;
+    size_t enclen;
+
+    enctype = krb5_k_key_enctype(context, key);
+    ret = krb5_c_encrypt_length(context, enctype, plain->length, &enclen);
+    if (ret != 0)
+        return ret;
+
+    cipher->ciphertext.length = enclen;
+    cipher->ciphertext.data = malloc(enclen);
+    if (cipher->ciphertext.data == NULL)
+        return ENOMEM;
+    ret = krb5_k_encrypt(context, key, usage, 0, plain, cipher);
+    if (ret) {
+        free(cipher->ciphertext.data);
+        cipher->ciphertext.data = NULL;
+    }
+
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/encode_kdc.c b/krb5-1.21.3/src/lib/krb5/krb/encode_kdc.c
new file mode 100644
index 00000000..e4907da1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/encode_kdc.c
@@ -0,0 +1,125 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/encode_kdc.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+  Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep,
+  using message type type and encryption key client_key and encryption type
+  etype.
+
+  The string *enc_rep will be allocated before formatting; the caller should
+  free when finished.
+
+  returns system errors
+
+  dec_rep->enc_part.ciphertext is allocated and filled in.
+*/
+/* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
+   stuff... */
+krb5_error_code
+krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type,
+                    const krb5_enc_kdc_rep_part *encpart,
+                    int using_subkey, const krb5_keyblock *client_key,
+                    krb5_kdc_rep *dec_rep, krb5_data **enc_rep)
+{
+    krb5_data *scratch;
+    krb5_error_code retval;
+    krb5_enc_kdc_rep_part tmp_encpart;
+    krb5_keyusage usage;
+
+    if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype))
+        return KRB5_PROG_ETYPE_NOSUPP;
+
+    switch (type) {
+    case KRB5_AS_REP:
+        usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
+        break;
+    case KRB5_TGS_REP:
+        if (using_subkey)
+            usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY;
+        else
+            usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY;
+        break;
+    default:
+        return KRB5_BADMSGTYPE;
+    }
+
+    /*
+     * We don't want to modify encpart, but we need to be able to pass
+     * in the message type to the encoder, so it can set the ASN.1
+     * type correct.
+     *
+     * Although note that it may be doing nothing with the message
+     * type, to be compatible with old versions of Kerberos that always
+     * encode this as a TGS_REP regardly of what it really should be;
+     * also note that the reason why we are passing it in a structure
+     * instead of as an argument to encode_krb5_enc_kdc_rep_part (the
+     * way we should) is for compatibility with the ISODE version of
+     * this function.  Ah, compatibility....
+     */
+    tmp_encpart = *encpart;
+    tmp_encpart.msg_type = type;
+    retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch);
+    if (retval) {
+        return retval;
+    }
+    memset(&tmp_encpart, 0, sizeof(tmp_encpart));
+
+#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
+        krb5_free_data(context, scratch); }
+
+    retval = krb5_encrypt_helper(context, client_key, usage, scratch,
+                                 &dec_rep->enc_part);
+
+#define cleanup_encpart() {                                     \
+        (void) memset(dec_rep->enc_part.ciphertext.data, 0,     \
+                      dec_rep->enc_part.ciphertext.length);     \
+        free(dec_rep->enc_part.ciphertext.data);                \
+        dec_rep->enc_part.ciphertext.length = 0;                \
+        dec_rep->enc_part.ciphertext.data = 0;}
+
+    cleanup_scratch();
+
+    if (retval)
+        return(retval);
+
+    /* now it's ready to be encoded for the wire! */
+
+    switch (type) {
+    case KRB5_AS_REP:
+        retval = encode_krb5_as_rep(dec_rep, enc_rep);
+        break;
+    case KRB5_TGS_REP:
+        retval = encode_krb5_tgs_rep(dec_rep, enc_rep);
+        break;
+    }
+
+    if (retval)
+        cleanup_encpart();
+
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/encrypt_tk.c b/krb5-1.21.3/src/lib/krb5/krb/encrypt_tk.c
new file mode 100644
index 00000000..13a774f0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/encrypt_tk.c
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/encrypt_tk.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+  Takes unencrypted dec_ticket & dec_tkt_part, encrypts with
+  dec_ticket->enc_part.etype
+  using *srv_key, and places result in dec_ticket->enc_part.
+  The string dec_ticket->enc_part.ciphertext will be allocated before
+  formatting.
+
+  returns errors from encryption routines, system errors
+
+  enc_part->ciphertext.data allocated & filled in with encrypted stuff
+*/
+
+krb5_error_code
+krb5_encrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key,
+                      krb5_ticket *dec_ticket)
+{
+    krb5_data *scratch;
+    krb5_error_code retval;
+    krb5_enc_tkt_part *dec_tkt_part = dec_ticket->enc_part2;
+
+    /*  start by encoding the to-be-encrypted part. */
+    if ((retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch))) {
+        return retval;
+    }
+
+#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
+        krb5_free_data(context, scratch); }
+
+    /* call the encryption routine */
+    retval = krb5_encrypt_helper(context, srv_key,
+                                 KRB5_KEYUSAGE_KDC_REP_TICKET, scratch,
+                                 &dec_ticket->enc_part);
+
+    cleanup_scratch();
+
+    return(retval);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/etype_list.c b/krb5-1.21.3/src/lib/krb5/krb/etype_list.c
new file mode 100644
index 00000000..71f664f0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/etype_list.c
@@ -0,0 +1,70 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/etype_list.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Helper functions related to zero-terminated lists of enctypes.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+size_t
+k5_count_etypes(const krb5_enctype *list)
+{
+    size_t count;
+
+    for (count = 0; list[count]; count++);
+    return count;
+}
+
+/* Copy the zero-terminated enctype list old_list into *new_list. */
+krb5_error_code
+k5_copy_etypes(const krb5_enctype *old_list, krb5_enctype **new_list)
+{
+    size_t count;
+    krb5_enctype *list;
+
+    *new_list = NULL;
+    if (old_list == NULL)
+        return 0;
+    count = k5_count_etypes(old_list);
+    list = malloc(sizeof(krb5_enctype) * (count + 1));
+    if (list == NULL)
+        return ENOMEM;
+    memcpy(list, old_list, sizeof(krb5_enctype) * (count + 1));
+    *new_list = list;
+    return 0;
+}
+
+krb5_boolean
+k5_etypes_contains(const krb5_enctype *list, krb5_enctype etype)
+{
+    size_t i;
+
+    for (i = 0; list[i] && list[i] != etype; i++);
+    return (list[i] == etype);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/fast.c b/krb5-1.21.3/src/lib/krb5/krb/fast.c
new file mode 100644
index 00000000..62c9f084
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/fast.c
@@ -0,0 +1,689 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/fast.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+#include "int-proto.h"
+
+/*
+ * It is possible to support sending a request that includes both a FAST and
+ * normal version.  This would complicate the pre-authentication logic
+ * significantly.  You would need to maintain two contexts, one for FAST and
+ * one for normal use.  In adition, you would need to manage the security
+ * issues surrounding downgrades.  However trying FAST at all requires an armor
+ * key.  Generally in obtaining the armor key, the client learns enough to know
+ * that FAST is supported.  If not, the client can see FAST in the
+ * preauth_required error's padata and retry with FAST.  So, this
+ * implementation does not support FAST+normal.
+ *
+ * We store the outer version of the request to use.  The caller stores the
+ * inner version.  We handle the encoding of the request body (and request) and
+ * provide encoded request bodies for the caller to use as these may be used
+ * for checksums.  In the AS case we also evaluate whether to continue a
+ * conversation as one of the important questions there is the presence of a
+ * cookie.
+ */
+#include "fast.h"
+#include "int-proto.h"
+
+static krb5_error_code
+fast_armor_ap_request(krb5_context context,
+                      struct krb5int_fast_request_state *state,
+                      krb5_ccache ccache, krb5_principal target_principal)
+{
+    krb5_error_code retval = 0;
+    krb5_creds creds, *out_creds = NULL;
+    krb5_auth_context authcontext = NULL;
+    krb5_data encoded_authenticator;
+    krb5_fast_armor *armor = NULL;
+    krb5_keyblock *subkey = NULL, *armor_key = NULL;
+
+    encoded_authenticator.data = NULL;
+    memset(&creds, 0, sizeof(creds));
+    creds.server = target_principal;
+    retval = krb5_cc_get_principal(context, ccache, &creds.client);
+    if (retval == 0)
+        retval = krb5_get_credentials(context, 0, ccache,  &creds, &out_creds);
+    if (retval == 0) {
+        TRACE_FAST_ARMOR_CCACHE_KEY(context, &out_creds->keyblock);
+        retval = krb5_mk_req_extended(context, &authcontext,
+                                      AP_OPTS_USE_SUBKEY, NULL /*data*/,
+                                      out_creds, &encoded_authenticator);
+    }
+    if (retval == 0)
+        retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey);
+    if (retval == 0)
+        retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
+                                      &out_creds->keyblock, "ticketarmor",
+                                      &armor_key);
+    if (retval == 0) {
+        TRACE_FAST_ARMOR_KEY(context, armor_key);
+        armor = calloc(1, sizeof(krb5_fast_armor));
+        if (armor == NULL)
+            retval = ENOMEM;
+    }
+    if (retval == 0) {
+        armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST;
+        armor->armor_value = encoded_authenticator;
+        encoded_authenticator.data = NULL;
+        encoded_authenticator.length = 0;
+        state->armor = armor;
+        armor = NULL;
+        state->armor_key = armor_key;
+        armor_key = NULL;
+    }
+    krb5_free_keyblock(context, armor_key);
+    krb5_free_keyblock(context, subkey);
+    if (out_creds)
+        krb5_free_creds(context, out_creds);
+    /* target_principal is owned by caller. */
+    creds.server = NULL;
+    krb5_free_cred_contents(context, &creds);
+    if (encoded_authenticator.data)
+        krb5_free_data_contents(context, &encoded_authenticator);
+    krb5_auth_con_free(context, authcontext);
+    return retval;
+}
+
+krb5_error_code
+krb5int_fast_tgs_armor(krb5_context context,
+                       struct krb5int_fast_request_state *state,
+                       krb5_keyblock *subkey, krb5_keyblock *session_key,
+                       krb5_ccache ccache, krb5_data *target_realm)
+{
+    krb5_principal target_principal = NULL;
+    krb5_keyblock *existing_armor = NULL;
+    krb5_error_code retval = 0;
+
+    if (ccache) {
+        retval = krb5int_tgtname(context, target_realm, target_realm,
+                                 &target_principal);
+        if (retval == 0)
+            retval = fast_armor_ap_request(context, state, ccache,
+                                           target_principal);
+        if (retval == 0) {
+            existing_armor = state->armor_key;
+            state->armor_key = NULL;
+            retval = krb5_c_fx_cf2_simple(context, existing_armor,
+                                          "explicitarmor", subkey,
+                                          "tgsarmor", &state->armor_key);
+        }
+    } else {
+        retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
+                                      session_key, "ticketarmor",
+                                      &state->armor_key);
+    }
+    if (target_principal)
+        krb5_free_principal(context, target_principal);
+    krb5_free_keyblock(context, existing_armor);
+    return retval;
+}
+
+krb5_error_code
+krb5int_fast_prep_req_body(krb5_context context,
+                           struct krb5int_fast_request_state *state,
+                           krb5_kdc_req *request,
+                           krb5_data **encoded_request_body)
+{
+    krb5_error_code retval = 0;
+    krb5_data *local_encoded_request_body = NULL;
+
+    assert(state != NULL);
+    *encoded_request_body = NULL;
+    if (state->armor_key == NULL)
+        return encode_krb5_kdc_req_body(request, encoded_request_body);
+    state->fast_outer_request = *request;
+    state->fast_outer_request.padata = NULL;
+    if (retval == 0)
+        retval = encode_krb5_kdc_req_body(&state->fast_outer_request,
+                                          &local_encoded_request_body);
+    if (retval == 0) {
+        *encoded_request_body = local_encoded_request_body;
+        local_encoded_request_body = NULL;
+    }
+    if (local_encoded_request_body != NULL)
+        krb5_free_data(context, local_encoded_request_body);
+    return retval;
+}
+
+krb5_error_code
+krb5int_fast_as_armor(krb5_context context,
+                      struct krb5int_fast_request_state *state,
+                      krb5_get_init_creds_opt *opt, krb5_kdc_req *request)
+{
+    krb5_error_code retval = 0;
+    krb5_ccache ccache = NULL;
+    krb5_principal target_principal = NULL;
+    krb5_data *target_realm;
+    const char *ccname = k5_gic_opt_get_fast_ccache_name(opt);
+    krb5_flags fast_flags;
+
+    krb5_clear_error_message(context);
+    target_realm = &request->server->realm;
+    if (ccname != NULL) {
+        TRACE_FAST_ARMOR_CCACHE(context, ccname);
+        state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL;
+        retval = krb5_cc_resolve(context, ccname, &ccache);
+        if (retval == 0) {
+            retval = krb5int_tgtname(context, target_realm, target_realm,
+                                     &target_principal);
+        }
+        if (retval == 0) {
+            krb5_data config_data;
+            config_data.data = NULL;
+            retval = krb5_cc_get_config(context, ccache, target_principal,
+                                        KRB5_CC_CONF_FAST_AVAIL, &config_data);
+            if ((retval == 0) && config_data.data) {
+                TRACE_FAST_CCACHE_CONFIG(context);
+                state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
+            }
+            krb5_free_data_contents(context, &config_data);
+            retval = 0;
+        }
+        fast_flags = k5_gic_opt_get_fast_flags(opt);
+        if (fast_flags & KRB5_FAST_REQUIRED) {
+            TRACE_FAST_REQUIRED(context);
+            state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
+        }
+        if (retval == 0 && (state->fast_state_flags & KRB5INT_FAST_DO_FAST)) {
+            retval = fast_armor_ap_request(context, state, ccache,
+                                           target_principal);
+        }
+        if (retval != 0) {
+            k5_prependmsg(context, retval,
+                          _("Error constructing AP-REQ armor"));
+        }
+    }
+    if (ccache)
+        krb5_cc_close(context, ccache);
+    if (target_principal)
+        krb5_free_principal(context, target_principal);
+    return retval;
+}
+
+/*
+ * Construct a list of outer request padata for a TGS request.  Since we do
+ * FAST TGS even when we don't have reason to believe the KDC supports FAST,
+ * the outer padata has to contain duplicates of the inner padata (such as
+ * S4U2Self padata) as well as the PA-TGS-REQ and PA-FX-FAST padata.  The
+ * caller must free *out_padata with free() as it is not a deep copy.
+ */
+static krb5_error_code
+make_tgs_outer_padata(krb5_pa_data *tgs, krb5_pa_data *fast,
+                      krb5_pa_data **other, krb5_pa_data ***out_padata)
+{
+    krb5_pa_data **pa_list;
+    size_t i;
+
+    *out_padata = NULL;
+    for (i = 0; other[i] != NULL; i++);
+    pa_list = calloc(i + 3, sizeof(*pa_list));
+    if (pa_list == NULL)
+        return ENOMEM;
+    pa_list[0] = tgs;
+    pa_list[1] = fast;
+    for (i = 0; other[i] != NULL; i++)
+        pa_list[i + 2] = other[i];
+    *out_padata = pa_list;
+    return 0;
+}
+
+krb5_error_code
+krb5int_fast_prep_req(krb5_context context,
+                      struct krb5int_fast_request_state *state,
+                      krb5_kdc_req *request,
+                      const krb5_data *to_be_checksummed,
+                      kdc_req_encoder_proc encoder,
+                      krb5_data **encoded_request)
+{
+    krb5_error_code retval = 0;
+    krb5_pa_data *pa_array[2], **pa_tgs_array = NULL;
+    krb5_pa_data pa[2];
+    krb5_fast_req fast_req;
+    krb5_pa_data *tgs = NULL;
+    krb5_fast_armored_req *armored_req = NULL;
+    krb5_data *encoded_fast_req = NULL;
+    krb5_data *encoded_armored_req = NULL;
+    krb5_data *local_encoded_result = NULL;
+    int i, j;
+
+    assert(state != NULL);
+    assert(state->fast_outer_request.padata == NULL);
+    memset(pa_array, 0, sizeof(pa_array));
+    if (state->armor_key == NULL) {
+        return encoder(request, encoded_request);
+    }
+
+    TRACE_FAST_ENCODE(context);
+    state->nonce = request->nonce;
+    fast_req.req_body = request;
+    if (fast_req.req_body->padata == NULL) {
+        fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
+        if (fast_req.req_body->padata == NULL)
+            retval = ENOMEM;
+    }
+    fast_req.fast_options = state->fast_options;
+    if (retval == 0
+        && (tgs = krb5int_find_pa_data(context, fast_req.req_body->padata,
+                                       KRB5_PADATA_AP_REQ)) != NULL) {
+        krb5_pa_data **paptr = &fast_req.req_body->padata[0];
+        for (i = 0, j = 0; paptr[j] != NULL; j++) {
+            if (paptr[j]->pa_type == KRB5_PADATA_AP_REQ)
+                paptr[j] = NULL;
+            else
+                paptr[i++] = paptr[j];
+        }
+        paptr[i] = NULL;
+    }
+    if (retval == 0)
+        retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
+    if (retval == 0) {
+        armored_req = calloc(1, sizeof(krb5_fast_armored_req));
+        if (armored_req == NULL)
+            retval = ENOMEM;
+    }
+    if (retval == 0)
+        armored_req->armor = state->armor;
+    if (retval ==0)
+        retval = krb5_c_make_checksum(context, 0, state->armor_key,
+                                      KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
+                                      to_be_checksummed,
+                                      &armored_req->req_checksum);
+    if (retval == 0)
+        retval = krb5_encrypt_helper(context, state->armor_key,
+                                     KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req,
+                                     &armored_req->enc_part);
+    if (retval == 0)
+        retval = encode_krb5_pa_fx_fast_request(armored_req,
+                                                &encoded_armored_req);
+    if (retval == 0) {
+        pa[0].pa_type = KRB5_PADATA_FX_FAST;
+        pa[0].contents = (unsigned char *) encoded_armored_req->data;
+        pa[0].length = encoded_armored_req->length;
+        if (tgs) {
+            retval = make_tgs_outer_padata(tgs, pa, request->padata,
+                                           &pa_tgs_array);
+            state->fast_outer_request.padata = pa_tgs_array;
+        } else {
+            pa_array[0] = &pa[0];
+            state->fast_outer_request.padata = pa_array;
+        }
+    }
+    if (retval == 0)
+        retval = encoder(&state->fast_outer_request, &local_encoded_result);
+    if (retval == 0) {
+        *encoded_request = local_encoded_result;
+        local_encoded_result = NULL;
+    }
+    if (encoded_armored_req)
+        krb5_free_data(context, encoded_armored_req);
+    if (armored_req) {
+        armored_req->armor = NULL; /*owned by state*/
+        krb5_free_fast_armored_req(context, armored_req);
+    }
+    if (encoded_fast_req)
+        krb5_free_data(context, encoded_fast_req);
+    if (local_encoded_result)
+        krb5_free_data(context, local_encoded_result);
+    if (tgs) {
+        free(tgs->contents);
+        free(tgs);
+    }
+    state->fast_outer_request.padata = NULL;
+    free(pa_tgs_array);
+    return retval;
+}
+
+static krb5_error_code
+decrypt_fast_reply(krb5_context context,
+                   struct krb5int_fast_request_state *state,
+                   krb5_pa_data **in_padata,
+                   krb5_fast_response **response)
+{
+    krb5_error_code retval = 0;
+    krb5_data scratch;
+    krb5_enc_data *encrypted_response = NULL;
+    krb5_pa_data *fx_reply = NULL;
+    krb5_fast_response *local_resp = NULL;
+
+    assert(state != NULL);
+    assert(state->armor_key);
+    fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST);
+    if (fx_reply == NULL)
+        retval = KRB5_ERR_FAST_REQUIRED;
+    TRACE_FAST_DECODE(context);
+    if (retval == 0) {
+        scratch.data = (char *) fx_reply->contents;
+        scratch.length = fx_reply->length;
+        retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response);
+    }
+    scratch.data = NULL;
+    if (retval == 0) {
+        scratch.data = malloc(encrypted_response->ciphertext.length);
+        if (scratch.data == NULL)
+            retval = ENOMEM;
+        scratch.length = encrypted_response->ciphertext.length;
+    }
+    if (retval == 0)
+        retval = krb5_c_decrypt(context, state->armor_key,
+                                KRB5_KEYUSAGE_FAST_REP, NULL,
+                                encrypted_response, &scratch);
+    if (retval != 0)
+        k5_prependmsg(context, retval, _("Failed to decrypt FAST reply"));
+    if (retval == 0)
+        retval = decode_krb5_fast_response(&scratch, &local_resp);
+    if (retval == 0) {
+        if (local_resp->nonce != state->nonce) {
+            retval = KRB5_KDCREP_MODIFIED;
+            k5_setmsg(context, retval, _("nonce modified in FAST response: "
+                                         "KDC response modified"));
+        }
+    }
+    if (retval == 0) {
+        *response = local_resp;
+        local_resp = NULL;
+    }
+    if (scratch.data)
+        free(scratch.data);
+    if (encrypted_response)
+        krb5_free_enc_data(context, encrypted_response);
+    if (local_resp)
+        krb5_free_fast_response(context, local_resp);
+    return retval;
+}
+
+/*
+ * If state contains an armor key and *err_replyptr contains a FAST error,
+ * decode it and set *err_replyptr to the inner error and *out_padata to the
+ * padata in the FAST response.  Otherwise, leave *err_replyptr alone and set
+ * *out_padata to the error e_data decoded as pa-data or typed-data, or to NULL
+ * if it doesn't decode as either.  In either case, set *retry to indicate
+ * whether the client should try to make a follow-up request.
+ */
+krb5_error_code
+krb5int_fast_process_error(krb5_context context,
+                           struct krb5int_fast_request_state *state,
+                           krb5_error **err_replyptr,
+                           krb5_pa_data ***out_padata,
+                           krb5_boolean *retry)
+{
+    krb5_error_code retval = 0;
+    krb5_error *err_reply = *err_replyptr;
+    krb5_pa_data *fx_error_pa;
+    krb5_pa_data **result = NULL;
+    krb5_data scratch = empty_data();
+    krb5_error *fx_error = NULL;
+    krb5_fast_response *fast_response = NULL;
+
+    if (out_padata)
+        *out_padata = NULL;
+    if (retry)
+        *retry = 0;
+
+    if (state->armor_key) {
+        retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
+        if (retval == 0)
+            retval = decrypt_fast_reply(context, state, result,
+                                        &fast_response);
+        if (retval) {
+            /*
+             * This can happen if the KDC does not understand FAST. We don't
+             * expect that, but treating it as the fatal error indicated by the
+             * KDC seems reasonable.
+             */
+            if (retry != NULL)
+                *retry = 0;
+            krb5_free_pa_data(context, result);
+            return 0;
+        }
+        if (retval == 0) {
+            fx_error_pa = krb5int_find_pa_data(context, fast_response->padata,
+                                               KRB5_PADATA_FX_ERROR);
+            if (fx_error_pa == NULL) {
+                k5_setmsg(context, KRB5KDC_ERR_PREAUTH_FAILED,
+                          _("Expecting FX_ERROR pa-data inside FAST "
+                            "container"));
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            }
+        }
+        if (retval == 0) {
+            scratch = make_data(fx_error_pa->contents, fx_error_pa->length);
+            retval = decode_krb5_error(&scratch, &fx_error);
+        }
+        if (retval == 0) {
+            krb5_free_error(context, err_reply);
+            *err_replyptr = fx_error;
+            fx_error = NULL;
+            if (out_padata) {
+                *out_padata = fast_response->padata;
+                fast_response->padata = NULL;
+            }
+            /*
+             * If there is more than the fx_error padata, then we want
+             * to retry the error if a cookie is present
+             */
+            if (retry != NULL) {
+                *retry = (*out_padata)[1] != NULL;
+                if (krb5int_find_pa_data(context, *out_padata,
+                                         KRB5_PADATA_FX_COOKIE) == NULL)
+                    *retry = 0;
+            }
+        }
+    } else { /*not FAST*/
+        /* Possibly retry if there's any e_data to process. */
+        if (retry)
+            *retry = (err_reply->e_data.length > 0);
+        /* Try to decode e_data as pa-data or typed-data for out_padata. */
+        if (out_padata) {
+            retval = decode_krb5_padata_sequence(&err_reply->e_data,
+                                                 out_padata);
+            if (retval != 0) {
+                (void)decode_krb5_typed_data(&err_reply->e_data, out_padata);
+                retval = 0;
+            }
+        }
+    }
+    krb5_free_pa_data(context, result);
+    krb5_free_fast_response(context, fast_response);
+    if (fx_error)
+        krb5_free_error(context, fx_error);
+    return retval;
+}
+
+
+krb5_error_code
+krb5int_fast_process_response(krb5_context context,
+                              struct krb5int_fast_request_state *state,
+                              krb5_kdc_rep *resp,
+                              krb5_keyblock **strengthen_key)
+{
+    krb5_error_code retval = 0;
+    krb5_fast_response *fast_response = NULL;
+    krb5_data *encoded_ticket = NULL;
+    krb5_boolean cksum_valid;
+
+    krb5_clear_error_message(context);
+    *strengthen_key = NULL;
+    if (state->armor_key == 0)
+        return 0;
+    retval = decrypt_fast_reply(context, state, resp->padata,
+                                &fast_response);
+    if (retval == 0) {
+        if (fast_response->finished == 0) {
+            retval = KRB5_KDCREP_MODIFIED;
+            k5_setmsg(context, retval,
+                      _("FAST response missing finish message in KDC reply"));
+        }
+    }
+    if (retval == 0)
+        retval = encode_krb5_ticket(resp->ticket, &encoded_ticket);
+    if (retval == 0)
+        retval = krb5_c_verify_checksum(context, state->armor_key,
+                                        KRB5_KEYUSAGE_FAST_FINISHED,
+                                        encoded_ticket,
+                                        &fast_response->finished->ticket_checksum,
+                                        &cksum_valid);
+    if (retval == 0 && cksum_valid == 0) {
+        retval = KRB5_KDCREP_MODIFIED;
+        k5_setmsg(context, retval, _("Ticket modified in KDC reply"));
+    }
+    if (retval == 0) {
+        krb5_free_principal(context, resp->client);
+        resp->client = fast_response->finished->client;
+        fast_response->finished->client = NULL;
+        *strengthen_key = fast_response->strengthen_key;
+        fast_response->strengthen_key = NULL;
+        krb5_free_pa_data(context, resp->padata);
+        resp->padata = fast_response->padata;
+        fast_response->padata = NULL;
+    }
+    if (fast_response)
+        krb5_free_fast_response(context, fast_response);
+    if (encoded_ticket)
+        krb5_free_data(context, encoded_ticket);
+    return retval;
+}
+
+krb5_error_code
+krb5int_fast_reply_key(krb5_context context,
+                       const krb5_keyblock *strengthen_key,
+                       const krb5_keyblock *existing_key,
+                       krb5_keyblock *out_key)
+{
+    krb5_keyblock *key = NULL;
+    krb5_error_code retval = 0;
+    krb5_free_keyblock_contents(context, out_key);
+    if (strengthen_key) {
+        retval = krb5_c_fx_cf2_simple(context, (krb5_keyblock *)strengthen_key,
+                                      "strengthenkey",
+                                      (krb5_keyblock *)existing_key,
+                                      "replykey", &key);
+        if (retval == 0) {
+            TRACE_FAST_REPLY_KEY(context, key);
+            *out_key = *key;
+            free(key);
+        }
+    } else {
+        retval = krb5_copy_keyblock_contents(context, existing_key, out_key);
+    }
+    return retval;
+}
+
+
+krb5_error_code
+krb5int_fast_make_state(krb5_context context,
+                        struct krb5int_fast_request_state **state)
+{
+    struct krb5int_fast_request_state *local_state ;
+
+    local_state = malloc(sizeof *local_state);
+    if (local_state == NULL)
+        return ENOMEM;
+    memset(local_state, 0, sizeof(*local_state));
+    *state = local_state;
+    return 0;
+}
+
+void
+krb5int_fast_free_state(krb5_context context,
+                        struct krb5int_fast_request_state *state)
+{
+    if (state == NULL)
+        return;
+    /*We are responsible for none of the store in the fast_outer_req*/
+    krb5_free_keyblock(context, state->armor_key);
+    krb5_free_fast_armor(context, state->armor);
+    free(state);
+}
+
+/*
+ * Implement FAST negotiation as specified in RFC 6806 section 11.  If
+ * the encrypted part of rep sets the enc-pa-rep flag, look for and
+ * verify a PA-REQ-ENC-PA-REP entry in the encrypted padata.  If a
+ * PA-FX-FAST entry is also present in the encrypted padata, set
+ * *fast_avail to true.  This will result in a fast_avail config entry
+ * being written to the credential cache, if an output ccache was
+ * specified using krb5_get_init_creds_opt_set_out_ccache().  That
+ * entry will be detected in the armor ccache by
+ * krb5int_fast_as_armor(), allowing us to use FAST without a
+ * round-trip for the KDC to indicate support, and without a downgrade
+ * attack.
+ */
+krb5_error_code
+krb5int_fast_verify_nego(krb5_context context,
+                         struct krb5int_fast_request_state *state,
+                         krb5_kdc_rep *rep, krb5_data *request,
+                         krb5_keyblock *decrypting_key,
+                         krb5_boolean *fast_avail)
+{
+    krb5_error_code retval = 0;
+    krb5_checksum *checksum = NULL;
+    krb5_pa_data *pa;
+    krb5_data scratch;
+    krb5_boolean valid;
+
+    *fast_avail = FALSE;
+    if (rep->enc_part2->flags& TKT_FLG_ENC_PA_REP) {
+        pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
+                                  KRB5_ENCPADATA_REQ_ENC_PA_REP);
+        if (pa == NULL)
+            retval = KRB5_KDCREP_MODIFIED;
+        else {
+            scratch.data = (char *) pa->contents;
+            scratch.length = pa->length;
+        }
+        if (retval == 0)
+            retval = decode_krb5_checksum(&scratch, &checksum);
+        if (retval == 0)
+            retval = krb5_c_verify_checksum(context, decrypting_key,
+                                            KRB5_KEYUSAGE_AS_REQ,
+                                            request, checksum, &valid);
+        if (retval == 0 &&valid == 0)
+            retval = KRB5_KDCREP_MODIFIED;
+        if (retval == 0) {
+            pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
+                                      KRB5_PADATA_FX_FAST);
+            *fast_avail = (pa != NULL);
+        }
+    }
+    TRACE_FAST_NEGO(context, *fast_avail);
+    if (checksum)
+        krb5_free_checksum(context, checksum);
+    return retval;
+}
+
+krb5_boolean
+k5_upgrade_to_fast_p(krb5_context context,
+                     struct krb5int_fast_request_state *state,
+                     krb5_pa_data **padata)
+{
+    if (state->armor_key != NULL)
+        return FALSE; /* Already using FAST. */
+    if (!(state->fast_state_flags & KRB5INT_FAST_ARMOR_AVAIL))
+        return FALSE;
+    if (krb5int_find_pa_data(context, padata, KRB5_PADATA_FX_FAST) != NULL)
+        return TRUE;
+    return FALSE;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/fast.h b/krb5-1.21.3/src/lib/krb5/krb/fast.h
new file mode 100644
index 00000000..7156ea20
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/fast.h
@@ -0,0 +1,114 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/fast.h */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KRB_FAST_H
+
+#define KRB_FAST_H
+
+#include <k5-int.h>
+
+struct krb5int_fast_request_state {
+    krb5_kdc_req fast_outer_request;
+    krb5_keyblock *armor_key; /*non-null means fast is in use*/
+    krb5_fast_armor *armor;
+    krb5_ui_4 fast_state_flags;
+    krb5_ui_4 fast_options;
+    krb5_int32 nonce;
+};
+
+#define KRB5INT_FAST_DO_FAST     (1l<<0)  /* Perform FAST */
+#define KRB5INT_FAST_ARMOR_AVAIL (1l<<1)
+
+krb5_error_code
+krb5int_fast_prep_req_body(krb5_context context,
+                           struct krb5int_fast_request_state *state,
+                           krb5_kdc_req *request,
+                           krb5_data **encoded_req_body);
+
+typedef krb5_error_code (*kdc_req_encoder_proc)(const krb5_kdc_req *,
+                                                krb5_data **);
+
+krb5_error_code
+krb5int_fast_prep_req(krb5_context context,
+                      struct krb5int_fast_request_state *state,
+                      krb5_kdc_req *request,
+                      const krb5_data *to_be_checksummed,
+                      kdc_req_encoder_proc encoder,
+                      krb5_data **encoded_request);
+
+krb5_error_code
+krb5int_fast_process_error(krb5_context context,
+                           struct krb5int_fast_request_state *state,
+                           krb5_error **err_replyptr,
+                           krb5_pa_data ***out_padata,
+                           krb5_boolean *retry);
+
+krb5_error_code
+krb5int_fast_process_response(krb5_context context,
+                              struct krb5int_fast_request_state *state,
+                              krb5_kdc_rep *resp,
+                              krb5_keyblock **strengthen_key);
+
+krb5_error_code
+krb5int_fast_make_state(krb5_context context,
+                        struct krb5int_fast_request_state **state);
+
+void
+krb5int_fast_free_state(krb5_context context,
+                        struct krb5int_fast_request_state *state);
+
+krb5_error_code
+krb5int_fast_as_armor(krb5_context context,
+                      struct krb5int_fast_request_state *state,
+                      krb5_get_init_creds_opt *opt, krb5_kdc_req *request);
+
+krb5_error_code
+krb5int_fast_reply_key(krb5_context context,
+                       const krb5_keyblock *strengthen_key,
+                       const krb5_keyblock *existing_key, krb5_keyblock *output_key);
+
+
+krb5_error_code
+krb5int_fast_verify_nego(krb5_context context,
+                         struct krb5int_fast_request_state *state,
+                         krb5_kdc_rep *rep, krb5_data *request,
+                         krb5_keyblock *decrypting_key,
+                         krb5_boolean *fast_avail);
+
+krb5_boolean
+k5_upgrade_to_fast_p(krb5_context context,
+                     struct krb5int_fast_request_state *state,
+                     krb5_pa_data **padata);
+
+krb5_error_code
+krb5int_fast_tgs_armor(krb5_context context,
+                       struct krb5int_fast_request_state *state,
+                       krb5_keyblock *subkey,
+                       krb5_keyblock *session_key,
+                       krb5_ccache ccache,
+                       krb5_data *target_realm);
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c b/krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c
new file mode 100644
index 00000000..87f63b6b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c
@@ -0,0 +1,186 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/fwd_tgt.c Definition of krb5_fwd_tgt_creds() routine */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include "int-proto.h"
+#include "os-proto.h"
+
+/* helper function: convert flags to necessary KDC options */
+#define flags2options(flags) (flags & KDC_TKT_COMMON_MASK)
+
+/* Get a TGT for use at the remote host */
+krb5_error_code KRB5_CALLCONV
+krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context,
+                   const char *rhost, krb5_principal client,
+                   krb5_principal server, krb5_ccache cc, int forwardable,
+                   krb5_data *outbuf)
+/* Should forwarded TGT also be forwardable? */
+{
+    krb5_replay_data replaydata;
+    krb5_data * scratch = 0;
+    krb5_address **addrs = NULL;
+    krb5_error_code retval;
+    krb5_creds creds, tgt;
+    krb5_creds *pcreds;
+    krb5_flags kdcoptions;
+    krb5_ccache defcc = NULL;
+    char *def_rhost = NULL;
+    krb5_enctype enctype = 0;
+    krb5_keyblock *session_key;
+    krb5_boolean old_use_conf_ktypes = context->use_conf_ktypes;
+
+    memset(&creds, 0, sizeof(creds));
+    memset(&tgt, 0, sizeof(creds));
+
+    if (cc == 0) {
+        if ((retval = krb5int_cc_default(context, &defcc)))
+            goto errout;
+        cc = defcc;
+    }
+    retval = krb5_auth_con_getkey (context, auth_context, &session_key);
+    if (retval)
+        goto errout;
+    if (session_key) {
+        enctype = session_key->enctype;
+        krb5_free_keyblock (context, session_key);
+        session_key = NULL;
+    } else if (server) { /* must server be non-NULL when rhost is given? */
+        /* Try getting credentials to see what the remote side supports.
+           Not bulletproof, just a heuristic.  */
+        krb5_creds in, *out = 0;
+        memset (&in, 0, sizeof(in));
+
+        retval = krb5_copy_principal (context, server, &in.server);
+        if (retval)
+            goto punt;
+        retval = krb5_copy_principal (context, client, &in.client);
+        if (retval)
+            goto punt;
+        retval = krb5_get_credentials (context, 0, cc, &in, &out);
+        if (retval)
+            goto punt;
+        /* Got the credentials.  Okay, now record the enctype and
+           throw them away.  */
+        enctype = out->keyblock.enctype;
+        krb5_free_creds (context, out);
+    punt:
+        krb5_free_cred_contents (context, &in);
+    }
+
+    if ((retval = krb5_copy_principal(context, client, &creds.client)))
+        goto errout;
+
+    retval = krb5int_tgtname(context, &client->realm, &client->realm,
+                             &creds.server);
+    if (retval)
+        goto errout;
+
+    /* fetch tgt directly from cache */
+    context->use_conf_ktypes = 1;
+    retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
+                                    &creds, &tgt);
+    context->use_conf_ktypes = old_use_conf_ktypes;
+    if (retval)
+        goto errout;
+
+    /* tgt->client must be equal to creds.client */
+    if (!krb5_principal_compare(context, tgt.client, creds.client)) {
+        retval = KRB5_PRINC_NOMATCH;
+        goto errout;
+    }
+
+    if (!tgt.ticket.length) {
+        retval = KRB5_NO_TKT_SUPPLIED;
+        goto errout;
+    }
+
+    if (tgt.addresses && *tgt.addresses) {
+        if (rhost == NULL) {
+            if (server->type != KRB5_NT_SRV_HST) {
+                retval = KRB5_FWD_BAD_PRINCIPAL;
+                goto errout;
+            }
+
+            if (server->length < 2){
+                retval = KRB5_CC_BADNAME;
+                goto errout;
+            }
+
+            def_rhost = k5memdup0(server->data[1].data, server->data[1].length,
+                                  &retval);
+            if (def_rhost == NULL)
+                goto errout;
+            rhost = def_rhost;
+        }
+
+        retval = k5_os_hostaddr(context, rhost, &addrs);
+        if (retval)
+            goto errout;
+    }
+
+    creds.keyblock.enctype = enctype;
+    creds.times = tgt.times;
+    creds.times.starttime = 0;
+    kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED;
+
+    if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
+        kdcoptions &= ~(KDC_OPT_FORWARDABLE);
+
+    if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+                                        addrs, &creds, &pcreds))) {
+        if (enctype) {
+            creds.keyblock.enctype = 0;
+            if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+                                                addrs, &creds, &pcreds)))
+                goto errout;
+        }
+        else goto errout;
+    }
+    retval = krb5_mk_1cred(context, auth_context, pcreds,
+                           &scratch, &replaydata);
+    krb5_free_creds(context, pcreds);
+
+    if (retval) {
+        if (scratch)
+            krb5_free_data(context, scratch);
+    } else {
+        *outbuf = *scratch;
+        free(scratch);
+    }
+
+errout:
+    if (addrs)
+        krb5_free_addresses(context, addrs);
+    if (defcc)
+        krb5_cc_close(context, defcc);
+    free(def_rhost);
+    krb5_free_cred_contents(context, &creds);
+    krb5_free_cred_contents(context, &tgt);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gc_via_tkt.c b/krb5-1.21.3/src/lib/krb5/krb/gc_via_tkt.c
new file mode 100644
index 00000000..f8a256b2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gc_via_tkt.c
@@ -0,0 +1,420 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/gc_via_tkt.c */
+/*
+ * Copyright 1990,1991,2007-2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Given a tkt, and a target cred, get it.
+ * Assumes that the kdc_rep has been decrypted.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "fast.h"
+
+static krb5_error_code
+kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep,
+             krb5_address *const *address, krb5_boolean is_skey,
+             krb5_data *psectkt, krb5_creds **ppcreds)
+{
+    krb5_error_code retval;
+    krb5_data *pdata;
+
+    if ((*ppcreds = (krb5_creds *)calloc(1,sizeof(krb5_creds))) == NULL) {
+        return ENOMEM;
+    }
+
+    if ((retval = krb5_copy_principal(context, pkdcrep->client,
+                                      &(*ppcreds)->client)))
+        goto cleanup;
+
+    if ((retval = krb5_copy_principal(context, pkdcrep->enc_part2->server,
+                                      &(*ppcreds)->server)))
+        goto cleanup;
+
+    if ((retval = krb5_copy_keyblock_contents(context,
+                                              pkdcrep->enc_part2->session,
+                                              &(*ppcreds)->keyblock)))
+        goto cleanup;
+    TRACE_TGS_REPLY(context, (*ppcreds)->client, (*ppcreds)->server,
+                    &(*ppcreds)->keyblock);
+
+    if ((retval = krb5_copy_data(context, psectkt, &pdata)))
+        goto cleanup_keyblock;
+    (*ppcreds)->second_ticket = *pdata;
+    free(pdata);
+
+    (*ppcreds)->ticket_flags = pkdcrep->enc_part2->flags;
+    (*ppcreds)->times = pkdcrep->enc_part2->times;
+    (*ppcreds)->magic = KV5M_CREDS;
+
+    (*ppcreds)->authdata = NULL;                        /* not used */
+    (*ppcreds)->is_skey = is_skey;
+
+    if (pkdcrep->enc_part2->caddrs) {
+        if ((retval = krb5_copy_addresses(context, pkdcrep->enc_part2->caddrs,
+                                          &(*ppcreds)->addresses)))
+            goto cleanup_keyblock;
+    } else {
+        /* no addresses in the list means we got what we had */
+        if ((retval = krb5_copy_addresses(context, address,
+                                          &(*ppcreds)->addresses)))
+            goto cleanup_keyblock;
+    }
+
+    if ((retval = encode_krb5_ticket(pkdcrep->ticket, &pdata)))
+        goto cleanup_keyblock;
+
+    (*ppcreds)->ticket = *pdata;
+    free(pdata);
+    return 0;
+
+cleanup_keyblock:
+    krb5_free_keyblock_contents(context, &(*ppcreds)->keyblock);
+
+cleanup:
+    free (*ppcreds);
+    *ppcreds = NULL;
+    return retval;
+}
+
+static krb5_error_code
+check_reply_server(krb5_context context, krb5_flags kdcoptions,
+                   krb5_creds *in_cred, krb5_kdc_rep *dec_rep)
+{
+
+    if (!krb5_principal_compare(context, dec_rep->ticket->server,
+                                dec_rep->enc_part2->server))
+        return KRB5_KDCREP_MODIFIED;
+
+    /* Reply is self-consistent. */
+
+    if (krb5_principal_compare(context, dec_rep->ticket->server,
+                               in_cred->server))
+        return 0;
+
+    /* Server in reply differs from what we requested. */
+
+    if (kdcoptions & KDC_OPT_CANONICALIZE) {
+        /* in_cred server differs from ticket returned, but ticket
+           returned is consistent and we requested canonicalization. */
+
+        TRACE_CHECK_REPLY_SERVER_DIFFERS(context, in_cred->server,
+                                         dec_rep->enc_part2->server);
+        return 0;
+    }
+
+    /* We didn't request canonicalization. */
+
+    if (!IS_TGS_PRINC(in_cred->server) ||
+        !IS_TGS_PRINC(dec_rep->ticket->server)) {
+        /* Canonicalization not requested, and not a TGS referral. */
+        return KRB5_KDCREP_MODIFIED;
+    }
+    return 0;
+}
+
+/* Return true if a TGS credential is for the client's local realm. */
+static inline int
+tgt_is_local_realm(krb5_creds *tgt)
+{
+    return (tgt->server->length == 2
+            && data_eq_string(tgt->server->data[0], KRB5_TGS_NAME)
+            && data_eq(tgt->server->data[1], tgt->client->realm)
+            && data_eq(tgt->server->realm, tgt->client->realm));
+}
+
+krb5_error_code
+krb5_get_cred_via_tkt(krb5_context context, krb5_creds *tkt,
+                      krb5_flags kdcoptions, krb5_address *const *address,
+                      krb5_creds *in_cred, krb5_creds **out_cred)
+{
+    return krb5_get_cred_via_tkt_ext (context, tkt,
+                                      kdcoptions, address,
+                                      NULL, in_cred, NULL, NULL,
+                                      NULL, NULL, out_cred, NULL);
+}
+
+krb5_error_code
+krb5int_process_tgs_reply(krb5_context context,
+                          struct krb5int_fast_request_state *fast_state,
+                          krb5_data *response_data,
+                          krb5_creds *tkt,
+                          krb5_flags kdcoptions,
+                          krb5_address *const *address,
+                          krb5_pa_data **in_padata,
+                          krb5_creds *in_cred,
+                          krb5_timestamp timestamp,
+                          krb5_int32 nonce,
+                          krb5_keyblock *subkey,
+                          krb5_pa_data ***out_padata,
+                          krb5_pa_data ***out_enc_padata,
+                          krb5_creds **out_cred)
+{
+    krb5_error_code retval;
+    krb5_kdc_rep *dec_rep = NULL;
+    krb5_error *err_reply = NULL;
+    krb5_boolean s4u2self, is_skey;
+
+    s4u2self = krb5int_find_pa_data(context, in_padata,
+                                    KRB5_PADATA_S4U_X509_USER) ||
+        krb5int_find_pa_data(context, in_padata,
+                             KRB5_PADATA_FOR_USER);
+
+    if (krb5_is_krb_error(response_data)) {
+        retval = decode_krb5_error(response_data, &err_reply);
+        if (retval != 0)
+            goto cleanup;
+        retval = krb5int_fast_process_error(context, fast_state,
+                                            &err_reply, NULL, NULL);
+        if (retval)
+            goto cleanup;
+        retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5;
+        if (err_reply->text.length > 0) {
+            switch (err_reply->error) {
+            case KRB_ERR_GENERIC:
+                k5_setmsg(context, retval,
+                          _("KDC returned error string: %.*s"),
+                          err_reply->text.length, err_reply->text.data);
+                break;
+            case KDC_ERR_S_PRINCIPAL_UNKNOWN:
+            {
+                char *s_name;
+                if (err_reply->server &&
+                    krb5_unparse_name(context, err_reply->server, &s_name) == 0) {
+                    k5_setmsg(context, retval,
+                              _("Server %s not found in Kerberos database"),
+                              s_name);
+                    krb5_free_unparsed_name(context, s_name);
+                } else
+                    /* In case there's a stale S_PRINCIPAL_UNKNOWN
+                       report already noted.  */
+                    krb5_clear_error_message(context);
+            }
+            break;
+            }
+        }
+        krb5_free_error(context, err_reply);
+        goto cleanup;
+    } else if (!krb5_is_tgs_rep(response_data)) {
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
+        goto cleanup;
+    }
+
+    /* Unfortunately, Heimdal at least up through 1.2  encrypts using
+       the session key not the subsession key.  So we try both. */
+    retval = krb5int_decode_tgs_rep(context, fast_state, response_data, subkey,
+                                    KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY,
+                                    &dec_rep);
+    if (retval) {
+        TRACE_TGS_REPLY_DECODE_SESSION(context, &tkt->keyblock);
+        if ((krb5int_decode_tgs_rep(context, fast_state, response_data,
+                                    &tkt->keyblock,
+                                    KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0)
+            retval = 0;
+        else
+            goto cleanup;
+    }
+
+    if (dec_rep->msg_type != KRB5_TGS_REP) {
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
+        goto cleanup;
+    }
+
+    /*
+     * Don't trust the ok-as-delegate flag from foreign KDCs unless the
+     * cross-realm TGT also had the ok-as-delegate flag set.
+     */
+    if (!tgt_is_local_realm(tkt)
+        && !(tkt->ticket_flags & TKT_FLG_OK_AS_DELEGATE))
+        dec_rep->enc_part2->flags &= ~TKT_FLG_OK_AS_DELEGATE;
+
+    /* make sure the response hasn't been tampered with..... */
+    retval = 0;
+
+    if (s4u2self && !IS_TGS_PRINC(dec_rep->ticket->server)) {
+        /* Final hop, check whether KDC supports S4U2Self */
+        if (krb5_principal_compare(context, dec_rep->client, in_cred->server))
+            retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+    } else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0 ||
+               IS_TGS_PRINC(dec_rep->ticket->server)) {
+        /*
+         * For constrained delegation this check must be performed by caller,
+         * as we can't decrypt the evidence ticket.  However, if it is a
+         * referral the client should match the TGT client like normal.
+         */
+        if (!krb5_principal_compare(context, dec_rep->client, tkt->client))
+            retval = KRB5_KDCREP_MODIFIED;
+    }
+
+    if (retval == 0)
+        retval = check_reply_server(context, kdcoptions, in_cred, dec_rep);
+
+    if (dec_rep->enc_part2->nonce != nonce)
+        retval = KRB5_KDCREP_MODIFIED;
+
+    if ((kdcoptions & KDC_OPT_POSTDATED) &&
+        (in_cred->times.starttime != 0) &&
+        (in_cred->times.starttime != dec_rep->enc_part2->times.starttime))
+        retval = KRB5_KDCREP_MODIFIED;
+
+    if ((in_cred->times.endtime != 0) &&
+        ts_after(dec_rep->enc_part2->times.endtime, in_cred->times.endtime))
+        retval = KRB5_KDCREP_MODIFIED;
+
+    if ((kdcoptions & KDC_OPT_RENEWABLE) &&
+        (in_cred->times.renew_till != 0) &&
+        ts_after(dec_rep->enc_part2->times.renew_till,
+                 in_cred->times.renew_till))
+        retval = KRB5_KDCREP_MODIFIED;
+
+    if ((kdcoptions & KDC_OPT_RENEWABLE_OK) &&
+        (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
+        (in_cred->times.endtime != 0) &&
+        ts_after(dec_rep->enc_part2->times.renew_till, in_cred->times.endtime))
+        retval = KRB5_KDCREP_MODIFIED;
+
+    if (retval != 0)
+        goto cleanup;
+
+    if (!in_cred->times.starttime &&
+        !ts_within(dec_rep->enc_part2->times.starttime, timestamp,
+                   context->clockskew)) {
+        retval = KRB5_KDCREP_SKEW;
+        goto cleanup;
+    }
+
+    if (out_padata != NULL) {
+        *out_padata = dec_rep->padata;
+        dec_rep->padata = NULL;
+    }
+    if (out_enc_padata != NULL) {
+        *out_enc_padata = dec_rep->enc_part2->enc_padata;
+        dec_rep->enc_part2->enc_padata = NULL;
+    }
+
+    is_skey = (kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY);
+    retval = kdcrep2creds(context, dec_rep, address, is_skey,
+                          &in_cred->second_ticket, out_cred);
+    if (retval != 0)
+        goto cleanup;
+
+cleanup:
+    if (dec_rep != NULL) {
+        memset(dec_rep->enc_part2->session->contents, 0,
+               dec_rep->enc_part2->session->length);
+        krb5_free_kdc_rep(context, dec_rep);
+    }
+
+    return retval;
+}
+
+krb5_error_code
+krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
+                          krb5_flags kdcoptions, krb5_address *const *address,
+                          krb5_pa_data **in_padata, krb5_creds *in_cred,
+                          k5_pacb_fn pacb_fn, void *pacb_data,
+                          krb5_pa_data ***out_padata,
+                          krb5_pa_data ***out_enc_padata,
+                          krb5_creds **out_cred, krb5_keyblock **out_subkey)
+{
+    krb5_error_code retval;
+    krb5_data request_data;
+    krb5_data response_data;
+    krb5_timestamp timestamp;
+    krb5_int32 nonce;
+    krb5_keyblock *subkey = NULL;
+    int tcp_only = 0, use_primary = 0;
+    struct krb5int_fast_request_state *fast_state = NULL;
+
+    request_data.data = NULL;
+    request_data.length = 0;
+    response_data.data = NULL;
+    response_data.length = 0;
+
+    retval = krb5int_fast_make_state(context, &fast_state);
+    if (retval)
+        goto cleanup;
+
+    TRACE_GET_CRED_VIA_TKT_EXT(context, in_cred->server, tkt->server,
+                               kdcoptions);
+
+    retval = k5_make_tgs_req(context, fast_state, tkt, kdcoptions, address,
+                             in_padata, in_cred, pacb_fn, pacb_data,
+                             &request_data, &timestamp, &nonce, &subkey);
+    if (retval != 0)
+        goto cleanup;
+
+send_again:
+    use_primary = 0;
+    retval = krb5_sendto_kdc(context, &request_data, &in_cred->server->realm,
+                             &response_data, &use_primary, tcp_only);
+    if (retval == 0) {
+        if (krb5_is_krb_error(&response_data)) {
+            if (!tcp_only) {
+                krb5_error *err_reply;
+                retval = decode_krb5_error(&response_data, &err_reply);
+                if (retval != 0)
+                    goto cleanup;
+                retval = krb5int_fast_process_error(context, fast_state,
+                                                    &err_reply, NULL, NULL);
+                if (retval)
+                    goto cleanup;
+                if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
+                    tcp_only = 1;
+                    krb5_free_error(context, err_reply);
+                    krb5_free_data_contents(context, &response_data);
+                    goto send_again;
+                }
+                krb5_free_error(context, err_reply);
+            }
+        }
+    } else
+        goto cleanup;
+
+    retval = krb5int_process_tgs_reply(context, fast_state, &response_data,
+                                       tkt, kdcoptions, address,
+                                       in_padata, in_cred,
+                                       timestamp, nonce, subkey,
+                                       out_padata,
+                                       out_enc_padata, out_cred);
+    if (retval != 0)
+        goto cleanup;
+
+cleanup:
+    krb5int_fast_free_state(context, fast_state);
+    TRACE_GET_CRED_VIA_TKT_EXT_RETURN(context, retval);
+
+    krb5_free_data_contents(context, &request_data);
+    krb5_free_data_contents(context, &response_data);
+
+    if (subkey != NULL) {
+        if (retval == 0 && out_subkey != NULL)
+            *out_subkey = subkey;
+        else
+            krb5_free_keyblock(context, subkey);
+    }
+
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gen_save_subkey.c b/krb5-1.21.3/src/lib/krb5/krb/gen_save_subkey.c
new file mode 100644
index 00000000..d027271b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gen_save_subkey.c
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/gen_save_subkey.c */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+krb5_error_code
+k5_generate_and_save_subkey(krb5_context context,
+                            krb5_auth_context auth_context,
+                            krb5_keyblock *keyblock, krb5_enctype enctype)
+{
+    krb5_error_code retval;
+    krb5_keyblock *kb = NULL;
+
+    retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
+    if (retval)
+        return retval;
+    retval = krb5_auth_con_setsendsubkey(context, auth_context, kb);
+    if (retval)
+        goto cleanup;
+    retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb);
+    if (retval)
+        goto cleanup;
+
+cleanup:
+    if (retval) {
+        (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
+        (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
+    }
+    krb5_free_keyblock(context, kb);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gen_seqnum.c b/krb5-1.21.3/src/lib/krb5/krb/gen_seqnum.c
new file mode 100644
index 00000000..74855c7c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gen_seqnum.c
@@ -0,0 +1,63 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/gen_seqnum.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Routine to automatically generate a starting sequence number.
+ * We do this by getting a random key and encrypting something with it,
+ * then taking the output and slicing it up.
+ */
+
+#include "k5-int.h"
+
+#ifndef MIN
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+krb5_error_code
+krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui_4 *seqno)
+{
+    krb5_data seed;
+    krb5_error_code retval;
+
+    seed.length = sizeof(*seqno);
+    seed.data = (char *) seqno;
+    retval = krb5_c_random_make_octets(context, &seed);
+    if (retval)
+        return retval;
+    /*
+     * Work around implementation incompatibilities by not generating
+     * initial sequence numbers greater than 2^30.  Previous MIT
+     * implementations use signed sequence numbers, so initial
+     * sequence numbers 2^31 to 2^32-1 inclusive will be rejected.
+     * Letting the maximum initial sequence number be 2^30-1 allows
+     * for about 2^30 messages to be sent before wrapping into
+     * "negative" numbers.
+     */
+    *seqno &= 0x3fffffff;
+    if (*seqno == 0)
+        *seqno = 1;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c b/krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c
new file mode 100644
index 00000000..fe6fdecf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/gen_subkey.c - Generate a subsession key based on input key */
+/*
+ * Copyright 1991, 2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code
+krb5_generate_subkey_extended(krb5_context context,
+                              const krb5_keyblock *key,
+                              krb5_enctype enctype,
+                              krb5_keyblock **subkey)
+{
+    krb5_error_code retval;
+    krb5_keyblock *keyblock;
+
+    *subkey = NULL;
+
+    keyblock = malloc(sizeof(krb5_keyblock));
+    if (!keyblock)
+        return ENOMEM;
+
+    retval = krb5_c_make_random_key(context, enctype, keyblock);
+    if (retval) {
+        free(*subkey);
+        return retval;
+    }
+
+    *subkey = keyblock;
+    return 0;
+}
+
+krb5_error_code
+krb5_generate_subkey(krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey)
+{
+    return krb5_generate_subkey_extended(context, key, key->enctype, subkey);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/get_creds.c b/krb5-1.21.3/src/lib/krb5/krb/get_creds.c
new file mode 100644
index 00000000..698c04ef
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/get_creds.c
@@ -0,0 +1,1353 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/get_creds.c */
+/*
+ * Copyright 1990, 2008, 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Attempts to use the credentials cache or TGS exchange to get an additional
+ * ticket for the client identified by in_creds->client, the server identified
+ * by in_creds->server, with options options, expiration date specified in
+ * in_creds->times.endtime (0 means as long as possible), session key type
+ * specified in in_creds->keyblock.enctype (if non-zero)
+ *
+ * Any returned ticket and intermediate ticket-granting tickets are stored in
+ * ccache.
+ *
+ * Returns errors from encryption routines, system errors.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "os-proto.h"
+#include "fast.h"
+
+/*
+ * Set *mcreds and *fields to a matching credential and field set for
+ * use with krb5_cc_retrieve_cred, based on a set of input credentials
+ * and options.  The fields of *mcreds will be aliased to the fields
+ * of in_creds, so the contents of *mcreds should not be freed.
+ */
+static krb5_error_code
+construct_matching_creds(krb5_context context, krb5_flags options,
+                         krb5_creds *in_creds, krb5_creds *mcreds,
+                         krb5_flags *fields)
+{
+    if (!in_creds || !in_creds->server || !in_creds->client)
+        return EINVAL;
+
+    memset(mcreds, 0, sizeof(krb5_creds));
+    mcreds->magic = KV5M_CREDS;
+    if (in_creds->times.endtime != 0) {
+        mcreds->times.endtime = in_creds->times.endtime;
+    } else {
+        krb5_error_code retval;
+        retval = krb5_timeofday(context, &mcreds->times.endtime);
+        if (retval != 0) return retval;
+    }
+    mcreds->keyblock = in_creds->keyblock;
+    mcreds->authdata = in_creds->authdata;
+    mcreds->server = in_creds->server;
+    mcreds->client = in_creds->client;
+
+    *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
+        | KRB5_TC_MATCH_AUTHDATA
+        | KRB5_TC_SUPPORTED_KTYPES;
+    if (mcreds->keyblock.enctype) {
+        krb5_enctype *ktypes;
+        krb5_error_code ret;
+        int i;
+
+        *fields |= KRB5_TC_MATCH_KTYPE;
+        ret = krb5_get_tgs_ktypes(context, mcreds->server, &ktypes);
+        for (i = 0; ktypes[i]; i++)
+            if (ktypes[i] == mcreds->keyblock.enctype)
+                break;
+        if (ktypes[i] == 0)
+            ret = KRB5_CC_NOT_KTYPE;
+        free (ktypes);
+        if (ret)
+            return ret;
+    }
+    if (options & (KRB5_GC_USER_USER | KRB5_GC_CONSTRAINED_DELEGATION)) {
+        /* also match on identical 2nd tkt and tkt encrypted in a
+           session key */
+        *fields |= KRB5_TC_MATCH_2ND_TKT;
+        if (options & KRB5_GC_USER_USER) {
+            *fields |= KRB5_TC_MATCH_IS_SKEY;
+            mcreds->is_skey = TRUE;
+        }
+        mcreds->second_ticket = in_creds->second_ticket;
+        if (!in_creds->second_ticket.length)
+            return KRB5_NO_2ND_TKT;
+    }
+
+    /* For S4U2Proxy requests we don't know the impersonated client in this
+     * API, but matching against the second ticket is good enough. */
+    if (options & KRB5_GC_CONSTRAINED_DELEGATION)
+        mcreds->client = NULL;
+
+    return 0;
+}
+
+/* Simple wrapper around krb5_cc_retrieve_cred which allocates the result
+ * container. */
+static krb5_error_code
+cache_get(krb5_context context, krb5_ccache ccache, krb5_flags flags,
+          krb5_creds *in_creds, krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_creds *creds;
+
+    *out_creds = NULL;
+
+    creds = malloc(sizeof(*creds));
+    if (creds == NULL)
+        return ENOMEM;
+
+    code = krb5_cc_retrieve_cred(context, ccache, flags, in_creds, creds);
+    if (code != 0) {
+        free(creds);
+        return code;
+    }
+
+    *out_creds = creds;
+    return 0;
+}
+
+krb5_error_code
+k5_get_cached_cred(krb5_context context, krb5_flags options,
+                   krb5_ccache ccache, krb5_creds *in_creds,
+                   krb5_creds **creds_out)
+{
+    krb5_error_code code;
+    krb5_creds mcreds;
+    krb5_flags fields;
+
+    *creds_out = NULL;
+
+    code = construct_matching_creds(context, options, in_creds,
+                                    &mcreds, &fields);
+    if (code)
+        return code;
+
+    return cache_get(context, ccache, fields, &mcreds, creds_out);
+}
+
+/*
+ * krb5_tkt_creds_step() is implemented using a tail call style.  Every
+ * begin_*, step_*, or *_request function is responsible for returning an
+ * error, generating the next request, or delegating to another function using
+ * a tail call.
+ *
+ * The process is divided up into states which govern how the next input token
+ * should be interpreted.  Each state has a "begin_<state>" function to set up
+ * the context fields related to the state, a "step_<state>" function to
+ * process a reply and update the related context fields, and possibly a
+ * "<state>_request" function (invoked by the begin_ and step_ functions) to
+ * generate the next request.  If it's time to advance to another state, any of
+ * the three functions can make a tail call to begin_<nextstate> to do so.
+ *
+ * The general process is as follows:
+ *   1. Get a TGT for the service principal's realm (STATE_GET_TGT).
+ *   2. Make one or more referrals queries (STATE_REFERRALS).
+ *   3. In some cases, get a TGT for the fallback realm (STATE_GET_TGT again).
+ *   4. In some cases, make a non-referral query (STATE_NON_REFERRAL).
+ *
+ * STATE_GET_TGT can precede either STATE_REFERRALS or STATE_NON_REFERRAL.  The
+ * getting_tgt_for field in the context keeps track of what state we will go to
+ * after successfully obtaining the TGT, and the end_get_tgt() function
+ * advances to the proper next state.
+ *
+ * If fallback DNS canonicalization is in use, the process can be repeated a
+ * second time for the second server principal canonicalization candidate.
+ */
+
+enum state {
+    STATE_BEGIN,                /* Initial step (no input token) */
+    STATE_GET_TGT,              /* Getting TGT for service realm */
+    STATE_GET_TGT_OFFPATH,      /* Getting TGT via off-path referrals */
+    STATE_REFERRALS,            /* Retrieving service ticket or referral */
+    STATE_NON_REFERRAL,         /* Non-referral service ticket request */
+    STATE_COMPLETE              /* Creds ready for retrieval */
+};
+
+struct _krb5_tkt_creds_context {
+    enum state state;           /* What we should do with the next reply */
+    enum state getting_tgt_for; /* STATE_REFERRALS or STATE_NON_REFERRAL */
+
+    /* The following fields are set up at initialization time. */
+    krb5_creds *in_creds;       /* Creds requested by caller */
+    krb5_principal client;      /* Caller-requested client principal (alias) */
+    krb5_principal server;      /* Server principal (alias) */
+    krb5_principal req_server;  /* Caller-requested server principal */
+    krb5_ccache ccache;         /* Caller-provided ccache */
+    krb5_data start_realm;      /* Realm of starting TGT in ccache */
+    krb5_flags req_options;     /* Caller-requested KRB5_GC_* options */
+    krb5_flags req_kdcopt;      /* Caller-requested options as KDC options */
+    krb5_authdata **authdata;   /* Caller-requested authdata */
+    struct canonprinc iter;     /* Iterator over canonicalized server princs */
+    krb5_boolean referral_req;  /* Server initially contained referral realm */
+
+    /* The following fields are used in multiple steps. */
+    krb5_creds *cur_tgt;        /* TGT to be used for next query */
+    krb5_data *realms_seen;     /* For loop detection */
+
+    /* The following fields track state between request and reply. */
+    krb5_principal tgt_princ;   /* Storage for TGT principal */
+    krb5_creds tgt_in_creds;    /* Container for TGT matching creds */
+    krb5_creds *tgs_in_creds;   /* Input credentials of request (alias) */
+    krb5_timestamp timestamp;   /* Timestamp of request */
+    krb5_int32 nonce;           /* Nonce of request */
+    int kdcopt;                 /* KDC options of request */
+    krb5_keyblock *subkey;      /* subkey of request */
+    krb5_data previous_request; /* Encoded request (for TCP retransmission) */
+    struct krb5int_fast_request_state *fast_state;
+
+    /* The following fields are used when acquiring foreign TGTs. */
+    krb5_data *realm_path;      /* Path from client to server realm */
+    const krb5_data *last_realm;/* Last realm in realm_path */
+    const krb5_data *cur_realm; /* Position of cur_tgt in realm_path  */
+    const krb5_data *next_realm;/* Current target realm in realm_path */
+    unsigned int offpath_count; /* Offpath requests made */
+
+    /* The following fields are used during the referrals loop. */
+    unsigned int referral_count;/* Referral requests made */
+
+    /* The following fields are used within a _step call to avoid
+     * passing them as parameters everywhere. */
+    krb5_creds *reply_creds;    /* Creds from TGS reply */
+    krb5_error_code reply_code; /* Error status from TGS reply */
+    krb5_data *caller_out;      /* Caller's out parameter */
+    krb5_data *caller_realm;    /* Caller's realm parameter */
+    unsigned int *caller_flags; /* Caller's flags parameter */
+};
+
+/* Convert ticket flags to necessary KDC options */
+#define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK)
+
+static krb5_error_code
+begin_get_tgt(krb5_context context, krb5_tkt_creds_context ctx);
+
+/*
+ * Fill in the caller out, realm, and flags output variables.  out is filled in
+ * with ctx->previous_request, which the caller should set, and realm is filled
+ * in with the realm of ctx->cur_tgt.
+ */
+static krb5_error_code
+set_caller_request(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    const krb5_data *req = &ctx->previous_request;
+    const krb5_data *realm = &ctx->cur_tgt->server->data[1];
+    krb5_data out_copy = empty_data(), realm_copy = empty_data();
+
+    code = krb5int_copy_data_contents(context, req, &out_copy);
+    if (code != 0)
+        goto cleanup;
+    code = krb5int_copy_data_contents(context, realm, &realm_copy);
+    if (code != 0)
+        goto cleanup;
+
+    *ctx->caller_out = out_copy;
+    *ctx->caller_realm = realm_copy;
+    *ctx->caller_flags = KRB5_TKT_CREDS_STEP_FLAG_CONTINUE;
+    return 0;
+
+cleanup:
+    krb5_free_data_contents(context, &out_copy);
+    krb5_free_data_contents(context, &realm_copy);
+    return code;
+}
+
+/*
+ * Set up the request given by ctx->tgs_in_creds, using ctx->cur_tgt.  KDC
+ * options for the requests are determined by ctx->cur_tgt->ticket_flags and
+ * extra_options.
+ */
+static krb5_error_code
+make_request(krb5_context context, krb5_tkt_creds_context ctx,
+             int extra_options)
+{
+    krb5_error_code code;
+    krb5_data request = empty_data();
+
+    ctx->kdcopt = extra_options | FLAGS2OPTS(ctx->cur_tgt->ticket_flags);
+
+    /* XXX This check belongs in gc_via_tgt.c or nowhere. */
+    if (!krb5_c_valid_enctype(ctx->cur_tgt->keyblock.enctype))
+        return KRB5_PROG_ETYPE_NOSUPP;
+
+    /* Create a new FAST state structure to store this request's armor key. */
+    krb5int_fast_free_state(context, ctx->fast_state);
+    ctx->fast_state = NULL;
+    code = krb5int_fast_make_state(context, &ctx->fast_state);
+    if (code)
+        return code;
+
+    krb5_free_keyblock(context, ctx->subkey);
+    ctx->subkey = NULL;
+    code = k5_make_tgs_req(context, ctx->fast_state, ctx->cur_tgt, ctx->kdcopt,
+                           ctx->cur_tgt->addresses, NULL, ctx->tgs_in_creds,
+                           NULL, NULL, &request, &ctx->timestamp, &ctx->nonce,
+                           &ctx->subkey);
+    if (code != 0)
+        return code;
+
+    krb5_free_data_contents(context, &ctx->previous_request);
+    ctx->previous_request = request;
+    return set_caller_request(context, ctx);
+}
+
+/* Set up a request for a TGT for realm, using ctx->cur_tgt. */
+static krb5_error_code
+make_request_for_tgt(krb5_context context, krb5_tkt_creds_context ctx,
+                     const krb5_data *realm)
+{
+    krb5_error_code code;
+
+    /* Construct the principal krbtgt/<realm>@<cur-tgt-realm>. */
+    krb5_free_principal(context, ctx->tgt_princ);
+    ctx->tgt_princ = NULL;
+    code = krb5int_tgtname(context, realm, &ctx->cur_tgt->server->data[1],
+                           &ctx->tgt_princ);
+    if (code != 0)
+        return code;
+
+    TRACE_TKT_CREDS_TGT_REQ(context, ctx->tgt_princ, ctx->cur_tgt->server);
+
+    /* Construct input creds using ctx->tgt_in_creds as a container. */
+    memset(&ctx->tgt_in_creds, 0, sizeof(ctx->tgt_in_creds));
+    ctx->tgt_in_creds.client = ctx->client;
+    ctx->tgt_in_creds.server = ctx->tgt_princ;
+
+    /* Make a request for the above creds with no extra options. */
+    ctx->tgs_in_creds = &ctx->tgt_in_creds;
+    code = make_request(context, ctx, 0);
+    return code;
+}
+
+/* Set up a request for the desired service principal, using ctx->cur_tgt.
+ * Optionally allow the answer to be a referral. */
+static krb5_error_code
+make_request_for_service(krb5_context context, krb5_tkt_creds_context ctx,
+                         krb5_boolean referral)
+{
+    krb5_error_code code;
+    int extra_options;
+
+    TRACE_TKT_CREDS_SERVICE_REQ(context, ctx->server, referral);
+
+    /* Include the caller-specified KDC options in service requests. */
+    extra_options = ctx->req_kdcopt;
+
+    /* Automatically set the enc-tkt-in-skey flag for user-to-user requests. */
+    if (ctx->in_creds->second_ticket.length != 0)
+        extra_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+
+    /* Set the canonicalize flag for referral requests. */
+    if (referral)
+        extra_options |= KDC_OPT_CANONICALIZE;
+
+    /*
+     * Use the profile enctypes for referral requests, since we might get back
+     * a TGT.  We'll ask again with context enctypes if we get the actual
+     * service ticket and it's not consistent with the context enctypes.
+     */
+    if (referral)
+        context->use_conf_ktypes = TRUE;
+    ctx->tgs_in_creds = ctx->in_creds;
+    code = make_request(context, ctx, extra_options);
+    if (referral)
+        context->use_conf_ktypes = FALSE;
+    return code;
+}
+
+/* Decode and decrypt a TGS reply, and set the reply_code or reply_creds field
+ * of ctx with the result.  Also handle too-big errors. */
+static krb5_error_code
+get_creds_from_tgs_reply(krb5_context context, krb5_tkt_creds_context ctx,
+                         krb5_data *reply)
+{
+    krb5_error_code code;
+
+    krb5_free_creds(context, ctx->reply_creds);
+    ctx->reply_creds = NULL;
+    code = krb5int_process_tgs_reply(context, ctx->fast_state,
+                                     reply, ctx->cur_tgt, ctx->kdcopt,
+                                     ctx->cur_tgt->addresses, NULL,
+                                     ctx->tgs_in_creds, ctx->timestamp,
+                                     ctx->nonce, ctx->subkey, NULL, NULL,
+                                     &ctx->reply_creds);
+    if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG) {
+        /* Instruct the caller to re-send the request with TCP. */
+        code = set_caller_request(context, ctx);
+        if (code != 0)
+            return code;
+        return KRB5KRB_ERR_RESPONSE_TOO_BIG;
+    }
+
+    /* Depending on our state, we may or may not be able to handle an error.
+     * For now, store it in the context and return success. */
+    TRACE_TKT_CREDS_RESPONSE_CODE(context, code);
+    ctx->reply_code = code;
+    return 0;
+}
+
+/* Add realm to ctx->realms_seen so that we can avoid revisiting it later. */
+static krb5_error_code
+remember_realm(krb5_context context, krb5_tkt_creds_context ctx,
+               const krb5_data *realm)
+{
+    size_t len = 0;
+    krb5_data *new_list;
+
+    if (ctx->realms_seen != NULL) {
+        for (len = 0; ctx->realms_seen[len].data != NULL; len++);
+    }
+    new_list = realloc(ctx->realms_seen, (len + 2) * sizeof(krb5_data));
+    if (new_list == NULL)
+        return ENOMEM;
+    ctx->realms_seen = new_list;
+    new_list[len] = empty_data();
+    new_list[len + 1] = empty_data();
+    return krb5int_copy_data_contents(context, realm, &new_list[len]);
+}
+
+/* Return TRUE if realm appears to ctx->realms_seen. */
+static krb5_boolean
+seen_realm_before(krb5_context context, krb5_tkt_creds_context ctx,
+                  const krb5_data *realm)
+{
+    size_t i;
+
+    if (ctx->realms_seen != NULL) {
+        for (i = 0; ctx->realms_seen[i].data != NULL; i++) {
+            if (data_eq(ctx->realms_seen[i], *realm))
+                return TRUE;
+        }
+    }
+    return FALSE;
+}
+
+/***** STATE_COMPLETE *****/
+
+/* Check and cache the desired credential when we receive it.  Expects the
+ * received credential to be in ctx->reply_creds. */
+static krb5_error_code
+complete(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    TRACE_TKT_CREDS_COMPLETE(context, ctx->reply_creds->server);
+
+    /* Put the requested server principal in the output creds. */
+    krb5_free_principal(context, ctx->reply_creds->server);
+    ctx->reply_creds->server = ctx->req_server;
+    ctx->req_server = NULL;
+
+    /* Note the authdata we asked for in the output creds. */
+    ctx->reply_creds->authdata = ctx->authdata;
+    ctx->authdata = NULL;
+
+    if (!(ctx->req_options & KRB5_GC_NO_STORE)) {
+        /* Try to cache the credential. */
+        (void) krb5_cc_store_cred(context, ctx->ccache, ctx->reply_creds);
+    }
+
+    ctx->state = STATE_COMPLETE;
+    return 0;
+}
+
+/***** STATE_NON_REFERRAL *****/
+
+/* Process the response to a non-referral request. */
+static krb5_error_code
+step_non_referral(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    /* No fallbacks if we didn't get a successful reply. */
+    if (ctx->reply_code)
+        return ctx->reply_code;
+
+    return complete(context, ctx);
+}
+
+/* Make a non-referrals request for the desired service ticket. */
+static krb5_error_code
+begin_non_referral(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    ctx->state = STATE_NON_REFERRAL;
+    return make_request_for_service(context, ctx, FALSE);
+}
+
+/***** STATE_REFERRALS *****/
+
+/* Possibly try a non-referral request after a referral request failure.
+ * Expects ctx->reply_code to be set to the error from a referral request. */
+static krb5_error_code
+try_fallback(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    char **hrealms;
+
+    /* Only fall back if our error was from the first referral request. */
+    if (ctx->referral_count > 1)
+        return ctx->reply_code;
+
+    /* If the request used a specified realm, make a non-referral request to
+     * that realm (in case it's a KDC which rejects KDC_OPT_CANONICALIZE). */
+    if (!ctx->referral_req)
+        return begin_non_referral(context, ctx);
+
+    if (ctx->server->length < 2) {
+        /* We need a type/host format principal to find a fallback realm. */
+        return KRB5_ERR_HOST_REALM_UNKNOWN;
+    }
+
+    /* We expect this to give exactly one answer (XXX clean up interface). */
+    code = krb5_get_fallback_host_realm(context, &ctx->server->data[1],
+                                        &hrealms);
+    if (code != 0)
+        return code;
+
+    /* If the fallback realm isn't any different, use the existing TGT. */
+    if (data_eq_string(ctx->server->realm, hrealms[0])) {
+        krb5_free_host_realm(context, hrealms);
+        return begin_non_referral(context, ctx);
+    }
+
+    /* Rewrite server->realm to be the fallback realm. */
+    krb5_free_data_contents(context, &ctx->server->realm);
+    ctx->server->realm = string2data(hrealms[0]);
+    free(hrealms);
+    TRACE_TKT_CREDS_FALLBACK(context, &ctx->server->realm);
+
+    /* Obtain a TGT for the new service realm. */
+    ctx->getting_tgt_for = STATE_NON_REFERRAL;
+    return begin_get_tgt(context, ctx);
+}
+
+/* Return true if context contains app-provided TGS enctypes and enctype is not
+ * one of them. */
+static krb5_boolean
+wrong_enctype(krb5_context context, krb5_enctype enctype)
+{
+    size_t i;
+
+    if (context->tgs_etypes == NULL)
+        return FALSE;
+    for (i = 0; context->tgs_etypes[i] != 0; i++) {
+        if (enctype == context->tgs_etypes[i])
+            return FALSE;
+    }
+    return TRUE;
+}
+
+/* Advance the referral request loop. */
+static krb5_error_code
+step_referrals(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    const krb5_data *referral_realm;
+
+    /* Possibly try a non-referral fallback request on error. */
+    if (ctx->reply_code != 0)
+        return try_fallback(context, ctx);
+
+    /* Check if we got the ticket we asked for.  Allow the KDC to canonicalize
+     * the realm. */
+    if (krb5_principal_compare_any_realm(context, ctx->reply_creds->server,
+                                         ctx->server)) {
+        /* We didn't necessarily ask for it with the right enctypes.  Try a
+         * non-referral request if so. */
+        if (wrong_enctype(context, ctx->reply_creds->keyblock.enctype)) {
+            TRACE_TKT_CREDS_WRONG_ENCTYPE(context);
+            return begin_non_referral(context, ctx);
+        }
+
+        return complete(context, ctx);
+    }
+
+    /* Old versions of Active Directory can rewrite the server name instead of
+     * returning a referral.  Try a non-referral query if we see this. */
+    if (!IS_TGS_PRINC(ctx->reply_creds->server)) {
+        TRACE_TKT_CREDS_NON_TGT(context, ctx->reply_creds->server);
+        return begin_non_referral(context, ctx);
+    }
+
+    /* Active Directory may return a TGT to the local realm.  Try a
+     * non-referral query if we see this. */
+    referral_realm = &ctx->reply_creds->server->data[1];
+    if (data_eq(*referral_realm, ctx->cur_tgt->server->data[1])) {
+        TRACE_TKT_CREDS_SAME_REALM_TGT(context, referral_realm);
+        return begin_non_referral(context, ctx);
+    }
+
+    if (ctx->referral_count == 1) {
+        /* The authdata in this TGT will be copied into subsequent TGTs or the
+         * final credentials, so we don't need to request it again. */
+        krb5_free_authdata(context, ctx->in_creds->authdata);
+        ctx->in_creds->authdata = NULL;
+    }
+
+    /* Give up if we've gotten too many referral TGTs. */
+    if (ctx->referral_count++ >= KRB5_REFERRAL_MAXHOPS)
+        return KRB5_KDC_UNREACH;
+
+    /* Check for referral loops. */
+    if (seen_realm_before(context, ctx, referral_realm))
+        return KRB5_KDC_UNREACH;
+    code = remember_realm(context, ctx, referral_realm);
+    if (code != 0)
+        return code;
+
+    /* Use the referral TGT for the next request. */
+    krb5_free_creds(context, ctx->cur_tgt);
+    ctx->cur_tgt = ctx->reply_creds;
+    ctx->reply_creds = NULL;
+    TRACE_TKT_CREDS_REFERRAL(context, ctx->cur_tgt->server);
+
+    /* Rewrite the server realm to be the referral realm. */
+    krb5_free_data_contents(context, &ctx->server->realm);
+    code = krb5int_copy_data_contents(context, referral_realm,
+                                      &ctx->server->realm);
+    if (code != 0)
+        return code;
+
+    /* Generate the next referral request. */
+    return make_request_for_service(context, ctx, TRUE);
+}
+
+/*
+ * Begin the referrals request loop.  Expects ctx->cur_tgt to be a TGT for
+ * ctx->realm->server.
+ */
+static krb5_error_code
+begin_referrals(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    ctx->state = STATE_REFERRALS;
+    ctx->referral_count = 1;
+
+    /* Empty out the realms-seen list for loop checking. */
+    krb5int_free_data_list(context, ctx->realms_seen);
+    ctx->realms_seen = NULL;
+
+    /* Generate the first referral request. */
+    return make_request_for_service(context, ctx, TRUE);
+}
+
+/***** STATE_GET_TGT_OFFPATH *****/
+
+/*
+ * Foreign TGT acquisition can happen either before the referrals loop, if the
+ * service principal had an explicitly specified foreign realm, or after it
+ * fails, if we wind up using the fallback realm.  end_get_tgt() advances to
+ * the appropriate state depending on which we were doing.
+ */
+static krb5_error_code
+end_get_tgt(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    if (ctx->getting_tgt_for == STATE_REFERRALS)
+        return begin_referrals(context, ctx);
+    else
+        return begin_non_referral(context, ctx);
+}
+
+/*
+ * We enter STATE_GET_TGT_OFFPATH from STATE_GET_TGT if we receive, from one of
+ * the KDCs in the expected path, a TGT for a realm not in the path.  This may
+ * happen if the KDC has a different idea of the expected path than we do.  If
+ * it happens, we repeatedly ask the KDC of the TGT we have for a destination
+ * realm TGT, until we get it, fail, or give up.
+ */
+
+/* Advance the process of chasing off-path TGTs. */
+static krb5_error_code
+step_get_tgt_offpath(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    const krb5_data *tgt_realm;
+
+    /* We have no fallback if the last request failed, so just give up. */
+    if (ctx->reply_code != 0)
+        return ctx->reply_code;
+
+    /* Verify that we got a TGT. */
+    if (!IS_TGS_PRINC(ctx->reply_creds->server))
+        return KRB5_KDCREP_MODIFIED;
+
+    /* Use this tgt for the next request. */
+    krb5_free_creds(context, ctx->cur_tgt);
+    ctx->cur_tgt = ctx->reply_creds;
+    ctx->reply_creds = NULL;
+
+    /* Check if we've seen this realm before, and remember it. */
+    tgt_realm = &ctx->cur_tgt->server->data[1];
+    if (seen_realm_before(context, ctx, tgt_realm))
+        return KRB5_KDC_UNREACH;
+    code = remember_realm(context, ctx, tgt_realm);
+    if (code != 0)
+        return code;
+
+    if (data_eq(*tgt_realm, ctx->server->realm)) {
+        /* We received the server realm TGT we asked for. */
+        TRACE_TKT_CREDS_TARGET_TGT_OFFPATH(context, ctx->cur_tgt->server);
+        return end_get_tgt(context, ctx);
+    } else if (ctx->offpath_count++ >= KRB5_REFERRAL_MAXHOPS) {
+        /* Time to give up. */
+        return KRB5_KDCREP_MODIFIED;
+    }
+
+    return make_request_for_tgt(context, ctx, &ctx->server->realm);
+}
+
+/* Begin chasing off-path referrals, starting from ctx->cur_tgt. */
+static krb5_error_code
+begin_get_tgt_offpath(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    ctx->state = STATE_GET_TGT_OFFPATH;
+    ctx->offpath_count = 1;
+    return make_request_for_tgt(context, ctx, &ctx->server->realm);
+}
+
+/***** STATE_GET_TGT *****/
+
+/*
+ * To obtain a foreign TGT, we first construct a path of realms R1..Rn between
+ * the local realm and the target realm, using k5_client_realm_path().  Usually
+ * this path is based on the domain hierarchy, but it may be altered by
+ * configuration.
+ *
+ * We begin with cur_realm set to the local realm (R1) and next_realm set to
+ * the target realm (Rn).  At each step, we check to see if we have a cached
+ * TGT for next_realm; if not, we ask cur_realm to give us a TGT for
+ * next_realm.  If that fails, we decrement next_realm until we get a
+ * successful answer or reach cur_realm--in which case we've gotten as far as
+ * we can, and have to give up.  If we do get back a TGT, it may or may not be
+ * for the realm we asked for, so we search for it in the path.  The realm of
+ * the TGT we get back becomes cur_realm, and next_realm is reset to the target
+ * realm.  Overall, this is an O(n^2) process in the length of the path, but
+ * the path length will generally be short and the process will usually end
+ * much faster than the worst case.
+ *
+ * In some cases we may get back a TGT for a realm not in the path.  In that
+ * case we enter STATE_GET_TGT_OFFPATH.
+ */
+
+/*
+ * Point *tgt_out at an allocated credentials structure containing a
+ * cross-realm TGT for realm retrieved from ctx->ccache.  Accept any issuing
+ * realm (i.e. match only the service principal name).  If the TGT is not found
+ * in the cache, return successfully but set *tgt_out to NULL.
+ */
+static krb5_error_code
+get_cached_tgt(krb5_context context, krb5_tkt_creds_context ctx,
+               const krb5_data *realm, krb5_creds **tgt_out)
+{
+    krb5_creds mcreds;
+    krb5_error_code code;
+    krb5_principal tgtname = NULL;
+    krb5_flags flags = KRB5_TC_SUPPORTED_KTYPES | KRB5_TC_MATCH_SRV_NAMEONLY |
+        KRB5_TC_MATCH_TIMES;
+    krb5_timestamp now;
+
+    *tgt_out = NULL;
+
+    code = krb5_timeofday(context, &now);
+    if (code != 0)
+        return code;
+
+    /* Construct the TGT principal name (the realm part doesn't matter). */
+    code = krb5int_tgtname(context, realm, realm, &tgtname);
+    if (code != 0)
+        return code;
+
+    /* Construct a matching cred for the ccache query.  Look for unexpired
+     * entries since there could be more than one. */
+    memset(&mcreds, 0, sizeof(mcreds));
+    mcreds.client = ctx->client;
+    mcreds.server = tgtname;
+    mcreds.times.endtime = now;
+
+    /* Fetch the TGT credential. */
+    context->use_conf_ktypes = TRUE;
+    code = cache_get(context, ctx->ccache, flags, &mcreds, tgt_out);
+    context->use_conf_ktypes = FALSE;
+    krb5_free_principal(context, tgtname);
+    return (code == KRB5_CC_NOTFOUND || code != KRB5_CC_NOT_KTYPE) ? 0 : code;
+}
+
+/* Point *tgt_out at an allocated credentials structure containing the local
+ * TGT retrieved from ctx->ccache. */
+static krb5_error_code
+get_cached_local_tgt(krb5_context context, krb5_tkt_creds_context ctx,
+                     krb5_creds **tgt_out)
+{
+    krb5_creds mcreds;
+    krb5_error_code code;
+    krb5_principal tgtname = NULL;
+    krb5_flags flags = KRB5_TC_SUPPORTED_KTYPES;
+    krb5_timestamp now;
+    krb5_creds *tgt;
+
+    *tgt_out = NULL;
+
+    code = krb5_timeofday(context, &now);
+    if (code != 0)
+        return code;
+
+    /* Construct the principal name. */
+    code = krb5int_tgtname(context, &ctx->start_realm, &ctx->start_realm,
+                           &tgtname);
+    if (code != 0)
+        return code;
+
+    /* Construct a matching cred for the ccache query. */
+    memset(&mcreds, 0, sizeof(mcreds));
+    mcreds.client = ctx->client;
+    mcreds.server = tgtname;
+
+    /* Fetch the TGT credential. */
+    context->use_conf_ktypes = TRUE;
+    code = cache_get(context, ctx->ccache, flags, &mcreds, &tgt);
+    context->use_conf_ktypes = FALSE;
+    krb5_free_principal(context, tgtname);
+    if (code)
+        return code;
+
+    /* Check if the TGT is expired before bothering the KDC with it. */
+    if (ts_after(now, tgt->times.endtime)) {
+        krb5_free_creds(context, tgt);
+        return KRB5KRB_AP_ERR_TKT_EXPIRED;
+    }
+
+    *tgt_out = tgt;
+    return 0;
+}
+
+/* Initialize the realm path fields for getting a TGT for
+ * ctx->server->realm. */
+static krb5_error_code
+init_realm_path(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_data *realm_path;
+    size_t nrealms;
+
+    /* Get the client realm path and count its length. */
+    code = k5_client_realm_path(context, &ctx->start_realm,
+                                &ctx->server->realm, &realm_path);
+    if (code != 0)
+        return code;
+    for (nrealms = 0; realm_path[nrealms].data != NULL; nrealms++);
+    assert(nrealms > 1);
+
+    /* Initialize the realm path fields in ctx. */
+    krb5int_free_data_list(context, ctx->realm_path);
+    ctx->realm_path = realm_path;
+    ctx->last_realm = realm_path + nrealms - 1;
+    ctx->cur_realm = realm_path;
+    ctx->next_realm = ctx->last_realm;
+    return 0;
+}
+
+/* Find realm within the portion of ctx->realm_path following
+ * ctx->cur_realm.  Return NULL if it is not found. */
+static const krb5_data *
+find_realm_in_path(krb5_context context, krb5_tkt_creds_context ctx,
+                   const krb5_data *realm)
+{
+    const krb5_data *r;
+
+    for (r = ctx->cur_realm + 1; r->data != NULL; r++) {
+        if (data_eq(*r, *realm))
+            return r;
+    }
+    return NULL;
+}
+
+/*
+ * Generate the next request in the path traversal.  If a cached TGT for the
+ * target realm appeared in the ccache since we started the TGT acquisition
+ * process, this function may invoke end_get_tgt().
+ */
+static krb5_error_code
+get_tgt_request(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_creds *cached_tgt;
+
+    while (1) {
+        /* Check if we have a cached TGT for the target realm. */
+        code = get_cached_tgt(context, ctx, ctx->next_realm, &cached_tgt);
+        if (code != 0)
+            return code;
+        if (cached_tgt != NULL) {
+            /* Advance the current realm and keep going. */
+            TRACE_TKT_CREDS_CACHED_INTERMEDIATE_TGT(context, cached_tgt);
+            krb5_free_creds(context, ctx->cur_tgt);
+            ctx->cur_tgt = cached_tgt;
+            if (ctx->next_realm == ctx->last_realm)
+                return end_get_tgt(context, ctx);
+            ctx->cur_realm = ctx->next_realm;
+            ctx->next_realm = ctx->last_realm;
+            continue;
+        }
+
+        return make_request_for_tgt(context, ctx, ctx->next_realm);
+    }
+}
+
+/* Process a TGS reply and advance the path traversal to get a foreign TGT. */
+static krb5_error_code
+step_get_tgt(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    const krb5_data *tgt_realm, *path_realm;
+
+    if (ctx->reply_code != 0) {
+        /* The last request failed.  Try the next-closest realm to
+         * ctx->cur_realm. */
+        ctx->next_realm--;
+        if (ctx->next_realm == ctx->cur_realm) {
+            /* We've tried all the realms we could and couldn't progress beyond
+             * ctx->cur_realm, so it's time to give up. */
+            return ctx->reply_code;
+        }
+        TRACE_TKT_CREDS_CLOSER_REALM(context, ctx->next_realm);
+    } else {
+        /* Verify that we got a TGT. */
+        if (!IS_TGS_PRINC(ctx->reply_creds->server))
+            return KRB5_KDCREP_MODIFIED;
+
+        /* Use this tgt for the next request regardless of what it is. */
+        krb5_free_creds(context, ctx->cur_tgt);
+        ctx->cur_tgt = ctx->reply_creds;
+        ctx->reply_creds = NULL;
+
+        /* Remember that we saw this realm. */
+        tgt_realm = &ctx->cur_tgt->server->data[1];
+        code = remember_realm(context, ctx, tgt_realm);
+        if (code != 0)
+            return code;
+
+        /* See where we wound up on the path (or off it). */
+        path_realm = find_realm_in_path(context, ctx, tgt_realm);
+        if (path_realm != NULL) {
+            /* Only cache the TGT if we asked for it, to avoid duplicates. */
+            if (path_realm == ctx->next_realm)
+                (void)krb5_cc_store_cred(context, ctx->ccache, ctx->cur_tgt);
+            if (path_realm == ctx->last_realm) {
+                /* We received a TGT for the target realm. */
+                TRACE_TKT_CREDS_TARGET_TGT(context, ctx->cur_tgt->server);
+                return end_get_tgt(context, ctx);
+            } else if (path_realm != NULL) {
+                /* We still have further to go; advance the traversal. */
+                TRACE_TKT_CREDS_ADVANCE(context, tgt_realm);
+                ctx->cur_realm = path_realm;
+                ctx->next_realm = ctx->last_realm;
+            }
+        } else if (data_eq(*tgt_realm, ctx->start_realm)) {
+            /* We were referred back to the local realm, which is bad. */
+            return KRB5_KDCREP_MODIFIED;
+        } else {
+            /* We went off the path; start the off-path chase. */
+            TRACE_TKT_CREDS_OFFPATH(context, tgt_realm);
+            return begin_get_tgt_offpath(context, ctx);
+        }
+    }
+
+    /* Generate the next request in the path traversal. */
+    return get_tgt_request(context, ctx);
+}
+
+/*
+ * Begin the process of getting a foreign TGT, either for the explicitly
+ * specified server realm or for the fallback realm.  Expects that
+ * ctx->server->realm is the realm of the desired TGT, and that
+ * ctx->getting_tgt_for is the state we should advance to after we have the
+ * desired TGT.
+ */
+static krb5_error_code
+begin_get_tgt(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_creds *cached_tgt;
+    krb5_boolean is_local_service;
+
+    ctx->state = STATE_GET_TGT;
+
+    is_local_service = data_eq(ctx->start_realm, ctx->server->realm);
+    if (!is_local_service) {
+        /* See if we have a cached TGT for the server realm. */
+        code = get_cached_tgt(context, ctx, &ctx->server->realm, &cached_tgt);
+        if (code != 0)
+            return code;
+        if (cached_tgt != NULL) {
+            TRACE_TKT_CREDS_CACHED_SERVICE_TGT(context, cached_tgt);
+            krb5_free_creds(context, ctx->cur_tgt);
+            ctx->cur_tgt = cached_tgt;
+            return end_get_tgt(context, ctx);
+        }
+    }
+
+    /* Start with the local tgt. */
+    krb5_free_creds(context, ctx->cur_tgt);
+    ctx->cur_tgt = NULL;
+    code = get_cached_local_tgt(context, ctx, &ctx->cur_tgt);
+    if (code != 0)
+        return code;
+    TRACE_TKT_CREDS_LOCAL_TGT(context, ctx->cur_tgt);
+
+    if (is_local_service)
+        return end_get_tgt(context, ctx);
+
+    /* Initialize the realm path. */
+    code = init_realm_path(context, ctx);
+    if (code != 0)
+        return code;
+
+    /* Empty out the realms-seen list for loop checking. */
+    krb5int_free_data_list(context, ctx->realms_seen);
+    ctx->realms_seen = NULL;
+
+    /* Generate the first request. */
+    return get_tgt_request(context, ctx);
+}
+
+/***** STATE_BEGIN *****/
+
+/*
+ * Look for the desired credentials in the cache, if possible.  If we find
+ * them, put them in ctx->reply_creds and advance the state to STATE_COMPLETE.
+ * Return successfully even if creds are not found, unless the caller only
+ * wanted cached creds.
+ */
+static krb5_error_code
+check_cache(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_creds req_in_creds;
+
+    /* Check the cache for the originally requested server principal. */
+    req_in_creds = *ctx->in_creds;
+    req_in_creds.server = ctx->req_server;
+    code = k5_get_cached_cred(context, ctx->req_options, ctx->ccache,
+                              &req_in_creds, &ctx->reply_creds);
+    if (code == 0) {
+        ctx->state = STATE_COMPLETE;
+        return 0;
+    }
+
+    /* Stop on unexpected cache errors. */
+    if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE)
+        return code;
+
+    /* Stop if the caller only wanted cached creds. */
+    if (ctx->req_options & KRB5_GC_CACHED)
+        return code;
+
+    return 0;
+}
+
+/* Decide where to begin the acquisition process. */
+static krb5_error_code
+begin(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+
+    /* If the server realm is unspecified, start with the TGT realm. */
+    ctx->referral_req = krb5_is_referral_realm(&ctx->server->realm);
+    if (ctx->referral_req) {
+        krb5_free_data_contents(context, &ctx->server->realm);
+        code = krb5int_copy_data_contents(context, &ctx->start_realm,
+                                          &ctx->server->realm);
+        TRACE_TKT_CREDS_REFERRAL_REALM(context, ctx->server);
+        if (code != 0)
+            return code;
+    }
+
+    /* Obtain a TGT for the service realm. */
+    ctx->getting_tgt_for = STATE_REFERRALS;
+    return begin_get_tgt(context, ctx);
+}
+
+/***** API functions *****/
+
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache,
+                    krb5_creds *in_creds, krb5_flags options,
+                    krb5_tkt_creds_context *pctx)
+{
+    krb5_error_code code;
+    krb5_tkt_creds_context ctx = NULL;
+    krb5_const_principal canonprinc;
+
+    TRACE_TKT_CREDS(context, in_creds, ccache);
+    ctx = k5alloc(sizeof(*ctx), &code);
+    if (ctx == NULL)
+        goto cleanup;
+
+    ctx->req_options = options;
+    ctx->req_kdcopt = 0;
+    if (options & KRB5_GC_CANONICALIZE)
+        ctx->req_kdcopt |= KDC_OPT_CANONICALIZE;
+    if (options & KRB5_GC_FORWARDABLE)
+        ctx->req_kdcopt |= KDC_OPT_FORWARDABLE;
+    if (options & KRB5_GC_NO_TRANSIT_CHECK)
+        ctx->req_kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
+
+    ctx->state = STATE_BEGIN;
+
+    /* Copy the matching cred so we can modify it.  Steal the copy of the
+     * service principal name to remember the original request server. */
+    code = krb5_copy_creds(context, in_creds, &ctx->in_creds);
+    if (code != 0)
+        goto cleanup;
+    ctx->req_server = ctx->in_creds->server;
+    ctx->in_creds->server = NULL;
+
+    /* Get the first canonicalization candidate for the requested server. */
+    ctx->iter.princ = ctx->req_server;
+
+    code = k5_canonprinc(context, &ctx->iter, &canonprinc);
+    if (code == 0 && canonprinc == NULL)
+        code = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    if (code != 0)
+        goto cleanup;
+    code = krb5_copy_principal(context, canonprinc, &ctx->in_creds->server);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->client = ctx->in_creds->client;
+    ctx->server = ctx->in_creds->server;
+    code = krb5_cc_dup(context, ccache, &ctx->ccache);
+    if (code != 0)
+        goto cleanup;
+
+    /* Get the start realm from the cache config, defaulting to the client
+     * realm. */
+    code = krb5_cc_get_config(context, ccache, NULL, "start_realm",
+                              &ctx->start_realm);
+    if (code != 0) {
+        code = krb5int_copy_data_contents(context, &ctx->client->realm,
+                                          &ctx->start_realm);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5_copy_authdata(context, in_creds->authdata, &ctx->authdata);
+    if (code != 0)
+        goto cleanup;
+
+    *pctx = ctx;
+    ctx = NULL;
+
+cleanup:
+    krb5_tkt_creds_free(context, ctx);
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx,
+                         krb5_creds *creds)
+{
+    if (ctx->state != STATE_COMPLETE)
+        return KRB5_NO_TKT_SUPPLIED;
+    return k5_copy_creds_contents(context, ctx->reply_creds, creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_get_times(krb5_context context, krb5_tkt_creds_context ctx,
+                         krb5_ticket_times *times)
+{
+    if (ctx->state != STATE_COMPLETE)
+        return KRB5_NO_TKT_SUPPLIED;
+    *times = ctx->reply_creds->times;
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_tkt_creds_free(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    if (ctx == NULL)
+        return;
+    krb5int_fast_free_state(context, ctx->fast_state);
+    krb5_free_creds(context, ctx->in_creds);
+    free_canonprinc(&ctx->iter);
+    krb5_cc_close(context, ctx->ccache);
+    krb5_free_data_contents(context, &ctx->start_realm);
+    krb5_free_principal(context, ctx->req_server);
+    krb5_free_authdata(context, ctx->authdata);
+    krb5_free_creds(context, ctx->cur_tgt);
+    krb5int_free_data_list(context, ctx->realms_seen);
+    krb5_free_principal(context, ctx->tgt_princ);
+    krb5_free_keyblock(context, ctx->subkey);
+    krb5_free_data_contents(context, &ctx->previous_request);
+    krb5int_free_data_list(context, ctx->realm_path);
+    krb5_free_creds(context, ctx->reply_creds);
+    free(ctx);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_data request = empty_data(), reply = empty_data();
+    krb5_data realm = empty_data();
+    unsigned int flags = 0;
+    int tcp_only = 0, use_primary;
+
+    for (;;) {
+        /* Get the next request and realm.  Turn on TCP if necessary. */
+        code = krb5_tkt_creds_step(context, ctx, &reply, &request, &realm,
+                                   &flags);
+        if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !tcp_only) {
+            TRACE_TKT_CREDS_RETRY_TCP(context);
+            tcp_only = 1;
+        } else if (code != 0 || !(flags & KRB5_TKT_CREDS_STEP_FLAG_CONTINUE))
+            break;
+        krb5_free_data_contents(context, &reply);
+
+        /* Send it to a KDC for the appropriate realm. */
+        use_primary = 0;
+        code = krb5_sendto_kdc(context, &request, &realm,
+                               &reply, &use_primary, tcp_only);
+        if (code != 0)
+            break;
+
+        krb5_free_data_contents(context, &request);
+        krb5_free_data_contents(context, &realm);
+    }
+
+    krb5_free_data_contents(context, &request);
+    krb5_free_data_contents(context, &reply);
+    krb5_free_data_contents(context, &realm);
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_tkt_creds_step(krb5_context context, krb5_tkt_creds_context ctx,
+                    krb5_data *in, krb5_data *out, krb5_data *realm,
+                    unsigned int *flags)
+{
+    krb5_error_code code;
+    krb5_boolean no_input = (in == NULL || in->length == 0);
+    krb5_const_principal canonprinc;
+
+    *out = empty_data();
+    *realm = empty_data();
+    *flags = 0;
+
+    /* We should receive an empty input on the first step only, and should not
+     * get called after completion. */
+    if (no_input != (ctx->state == STATE_BEGIN) ||
+        ctx->state == STATE_COMPLETE)
+        return EINVAL;
+
+    if (ctx->state == STATE_BEGIN) {
+        code = check_cache(context, ctx);
+        if (code != 0 || ctx->state == STATE_COMPLETE)
+            return code;
+    }
+
+    ctx->caller_out = out;
+    ctx->caller_realm = realm;
+    ctx->caller_flags = flags;
+
+    if (!no_input) {
+        /* Convert the input token into a credential and store it in ctx. */
+        code = get_creds_from_tgs_reply(context, ctx, in);
+        if (code != 0)
+            return code;
+    }
+
+    if (ctx->state == STATE_BEGIN)
+        code = begin(context, ctx);
+    else if (ctx->state == STATE_GET_TGT)
+        code = step_get_tgt(context, ctx);
+    else if (ctx->state == STATE_GET_TGT_OFFPATH)
+        code = step_get_tgt_offpath(context, ctx);
+    else if (ctx->state == STATE_REFERRALS)
+        code = step_referrals(context, ctx);
+    else if (ctx->state == STATE_NON_REFERRAL)
+        code = step_non_referral(context, ctx);
+    else
+        code = EINVAL;
+
+    /* Terminate on success or most errors. */
+    if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+        return code;
+
+    /* Restart with the next server principal canonicalization candidate. */
+    code = k5_canonprinc(context, &ctx->iter, &canonprinc);
+    if (code)
+        return code;
+    if (canonprinc == NULL)
+        return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    krb5_free_principal(context, ctx->in_creds->server);
+    code = krb5_copy_principal(context, canonprinc, &ctx->in_creds->server);
+    ctx->server = ctx->in_creds->server;
+    return begin(context, ctx);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials(krb5_context context, krb5_flags options,
+                     krb5_ccache ccache, krb5_creds *in_creds,
+                     krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_creds *ncreds = NULL;
+    krb5_tkt_creds_context ctx = NULL;
+
+    *out_creds = NULL;
+
+    /* If S4U2Proxy is requested, use the synchronous implementation in
+     * s4u_creds.c. */
+    if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
+        return k5_get_proxy_cred_from_kdc(context, options, ccache, in_creds,
+                                          out_creds);
+    }
+
+    /* Allocate a container. */
+    ncreds = k5alloc(sizeof(*ncreds), &code);
+    if (ncreds == NULL)
+        goto cleanup;
+
+    /* Make and execute a krb5_tkt_creds context to get the credential. */
+    code = krb5_tkt_creds_init(context, ccache, in_creds, options, &ctx);
+    if (code != 0)
+        goto cleanup;
+    code = krb5_tkt_creds_get(context, ctx);
+    if (code != 0)
+        goto cleanup;
+    code = krb5_tkt_creds_get_creds(context, ctx, ncreds);
+    if (code != 0)
+        goto cleanup;
+
+    *out_creds = ncreds;
+    ncreds = NULL;
+
+cleanup:
+    krb5_free_creds(context, ncreds);
+    krb5_tkt_creds_free(context, ctx);
+    return code;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/get_etype_info.c b/krb5-1.21.3/src/lib/krb5/krb/get_etype_info.c
new file mode 100644
index 00000000..1a75b9fc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/get_etype_info.c
@@ -0,0 +1,180 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/get_etype_salt_s2kp.c - Retrieve enctype, salt and s2kparams */
+/*
+ * Copyright (C) 2017 by Cloudera, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "fast.h"
+#include "init_creds_ctx.h"
+
+/* Extract etype info from the error message pkt into icc, if it is a
+ * PREAUTH_REQUIRED error.  Otherwise return the protocol error code. */
+static krb5_error_code
+get_from_error(krb5_context context, krb5_data *pkt,
+               krb5_init_creds_context icc)
+{
+    krb5_error *error = NULL;
+    krb5_pa_data **padata = NULL;
+    krb5_error_code ret;
+
+    ret = decode_krb5_error(pkt, &error);
+    if (ret)
+        return ret;
+    ret = krb5int_fast_process_error(context, icc->fast_state, &error, &padata,
+                                     NULL);
+    if (ret)
+        goto cleanup;
+    if (error->error != KDC_ERR_PREAUTH_REQUIRED) {
+        ret = ERROR_TABLE_BASE_krb5 + error->error;
+        goto cleanup;
+    }
+    ret = k5_get_etype_info(context, icc, padata);
+
+cleanup:
+    krb5_free_pa_data(context, padata);
+    krb5_free_error(context, error);
+    return ret;
+}
+
+/* Extract etype info from the AS reply pkt into icc. */
+static krb5_error_code
+get_from_reply(krb5_context context, krb5_data *pkt,
+               krb5_init_creds_context icc)
+{
+    krb5_kdc_rep *asrep = NULL;
+    krb5_error_code ret;
+    krb5_keyblock *strengthen_key = NULL;
+
+    ret = decode_krb5_as_rep(pkt, &asrep);
+    if (ret)
+        return ret;
+    ret = krb5int_fast_process_response(context, icc->fast_state, asrep,
+                                        &strengthen_key);
+    if (ret)
+        goto cleanup;
+    ret = k5_get_etype_info(context, icc, asrep->padata);
+
+cleanup:
+    krb5_free_kdc_rep(context, asrep);
+    krb5_free_keyblock(context, strengthen_key);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_etype_info(krb5_context context, krb5_principal principal,
+                    krb5_get_init_creds_opt *opt, krb5_enctype *enctype_out,
+                    krb5_data *salt_out, krb5_data *s2kparams_out)
+{
+    krb5_init_creds_context icc = NULL;
+    krb5_data reply = empty_data(), req = empty_data(), realm = empty_data();
+    krb5_data salt = empty_data(), s2kparams = empty_data();
+    unsigned int flags;
+    int primary, tcp_only;
+    krb5_error_code ret;
+
+    *enctype_out = ENCTYPE_NULL;
+    *salt_out = empty_data();
+    *s2kparams_out = empty_data();
+
+    /* Create an initial creds context and get the initial request packet. */
+    ret = krb5_init_creds_init(context, principal, NULL, NULL, 0, opt, &icc);
+    if (ret)
+        goto cleanup;
+    ret = krb5_init_creds_step(context, icc, &reply, &req, &realm, &flags);
+    if (ret)
+        goto cleanup;
+    if (flags != KRB5_INIT_CREDS_STEP_FLAG_CONTINUE) {
+        ret = KRB5KRB_AP_ERR_MSG_TYPE;
+        goto cleanup;
+    }
+
+    /* Send the packet (possibly once with UDP and again with TCP). */
+    tcp_only = 0;
+    for (;;) {
+        primary = 0;
+        ret = krb5_sendto_kdc(context, &req, &realm, &reply, &primary,
+                              tcp_only);
+        if (ret)
+            goto cleanup;
+
+        icc->etype = ENCTYPE_NULL;
+        if (krb5_is_krb_error(&reply)) {
+            ret = get_from_error(context, &reply, icc);
+            if (ret) {
+                if (!tcp_only && ret == KRB5KRB_ERR_RESPONSE_TOO_BIG) {
+                    tcp_only = 1;
+                    krb5_free_data_contents(context, &reply);
+                    continue;
+                }
+                goto cleanup;
+            }
+        } else if (krb5_is_as_rep(&reply)) {
+            ret = get_from_reply(context, &reply, icc);
+            if (ret)
+                goto cleanup;
+        } else {
+            ret = KRB5KRB_AP_ERR_MSG_TYPE;
+            goto cleanup;
+        }
+        break;
+    }
+
+    /* If we found no etype-info, return successfully with all null values. */
+    if (icc->etype == ENCTYPE_NULL)
+        goto cleanup;
+
+    if (icc->default_salt)
+        ret = krb5_principal2salt(context, principal, &salt);
+    else if (icc->salt.length > 0)
+        ret = krb5int_copy_data_contents(context, &icc->salt, &salt);
+    if (ret)
+        goto cleanup;
+
+    if (icc->s2kparams.length > 0) {
+        ret = krb5int_copy_data_contents(context, &icc->s2kparams, &s2kparams);
+        if (ret)
+            goto cleanup;
+    }
+
+    *salt_out = salt;
+    *s2kparams_out = s2kparams;
+    *enctype_out = icc->etype;
+    salt = empty_data();
+    s2kparams = empty_data();
+
+cleanup:
+    krb5_free_data_contents(context, &req);
+    krb5_free_data_contents(context, &reply);
+    krb5_free_data_contents(context, &realm);
+    krb5_free_data_contents(context, &salt);
+    krb5_free_data_contents(context, &s2kparams);
+    krb5_init_creds_free(context, icc);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c b/krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c
new file mode 100644
index 00000000..ea089f0f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c
@@ -0,0 +1,2095 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/get_in_tkt.c */
+/*
+ * Copyright 1990,1991, 2003, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "os-proto.h"
+#include "fast.h"
+#include "init_creds_ctx.h"
+
+/* some typedef's for the function args to make things look a bit cleaner */
+
+static krb5_error_code make_preauth_list (krb5_context,
+                                          krb5_preauthtype *,
+                                          int, krb5_pa_data ***);
+static krb5_error_code sort_krb5_padata_sequence(krb5_context context,
+                                                 krb5_data *realm,
+                                                 krb5_pa_data **padata);
+
+/*
+ * Decrypt the AS reply in ctx, populating ctx->reply->enc_part2.  If
+ * strengthen_key is not null, combine it with the reply key as specified in
+ * RFC 6113 section 5.4.3.  Place the key used in *key_out.
+ */
+static krb5_error_code
+decrypt_as_reply(krb5_context context, krb5_init_creds_context ctx,
+                 const krb5_keyblock *strengthen_key, krb5_keyblock *key_out)
+{
+    krb5_error_code ret;
+    krb5_keyblock key;
+    krb5_responder_fn responder;
+    void *responder_data;
+
+    memset(key_out, 0, sizeof(*key_out));
+    memset(&key, 0, sizeof(key));
+
+    if (ctx->as_key.length) {
+        /* The reply key was computed or replaced during preauth processing;
+         * try it. */
+        TRACE_INIT_CREDS_AS_KEY_PREAUTH(context, &ctx->as_key);
+        ret = krb5int_fast_reply_key(context, strengthen_key, &ctx->as_key,
+                                     &key);
+        if (ret)
+            return ret;
+        ret = krb5_kdc_rep_decrypt_proc(context, &key, NULL, ctx->reply);
+        if (!ret) {
+            *key_out = key;
+            return 0;
+        }
+        krb5_free_keyblock_contents(context, &key);
+        TRACE_INIT_CREDS_PREAUTH_DECRYPT_FAIL(context, ret);
+
+        /*
+         * For two reasons, we fall back to trying or retrying the gak_fct if
+         * this fails:
+         *
+         * 1. The KDC might encrypt the reply using a different enctype than
+         *    the AS key we computed during preauth.
+         *
+         * 2. For 1.1.1 and prior KDC's, when SAM is used with USE_SAD_AS_KEY,
+         *    the AS-REP is encrypted in the client long-term key instead of
+         *    the SAD.
+         *
+         * The gak_fct for krb5_get_init_creds_with_password() caches the
+         * password, so this fallback does not result in a second password
+         * prompt.
+         */
+    } else {
+        /*
+         * No AS key was computed during preauth processing, perhaps because
+         * preauth was not used.  If the caller supplied a responder callback,
+         * possibly invoke it before calling the gak_fct for real.
+         */
+        k5_gic_opt_get_responder(ctx->opt, &responder, &responder_data);
+        if (responder != NULL) {
+            /* Indicate a need for the AS key by calling the gak_fct with a
+             * NULL as_key. */
+            ret = ctx->gak_fct(context, ctx->request->client, ctx->etype, NULL,
+                               NULL, NULL, NULL, NULL, ctx->gak_data,
+                               ctx->rctx.items);
+            if (ret)
+                return ret;
+
+            /* If that produced a responder question, invoke the responder. */
+            if (!k5_response_items_empty(ctx->rctx.items)) {
+                ret = (*responder)(context, responder_data, &ctx->rctx);
+                if (ret)
+                    return ret;
+            }
+        }
+    }
+
+    /* Compute or re-compute the AS key, prompting for the password if
+     * necessary. */
+    TRACE_INIT_CREDS_GAK(context, &ctx->salt, &ctx->s2kparams);
+    ret = ctx->gak_fct(context, ctx->request->client,
+                       ctx->reply->enc_part.enctype, ctx->prompter,
+                       ctx->prompter_data, &ctx->salt, &ctx->s2kparams,
+                       &ctx->as_key, ctx->gak_data, ctx->rctx.items);
+    if (ret)
+        return ret;
+    TRACE_INIT_CREDS_AS_KEY_GAK(context, &ctx->as_key);
+
+    ret = krb5int_fast_reply_key(context, strengthen_key, &ctx->as_key, &key);
+    if (ret)
+        return ret;
+    ret = krb5_kdc_rep_decrypt_proc(context, &key, NULL, ctx->reply);
+    if (ret) {
+        krb5_free_keyblock_contents(context, &key);
+        return ret;
+    }
+
+    *key_out = key;
+    return 0;
+}
+
+/**
+ * Fully anonymous replies include a pa_pkinit_kx padata type including the KDC
+ * contribution key.  This routine confirms that the session key is of the
+ * right form for fully anonymous requests.  It is here rather than in the
+ * preauth code because the session key cannot be verified until the AS reply
+ * is decrypted and the preauth code all runs before the AS reply is decrypted.
+ */
+static krb5_error_code
+verify_anonymous( krb5_context context, krb5_kdc_req *request,
+                  krb5_kdc_rep *reply, krb5_keyblock *as_key)
+{
+    krb5_error_code ret = 0;
+    krb5_pa_data *pa;
+    krb5_data scratch;
+    krb5_keyblock *kdc_key = NULL, *expected = NULL;
+    krb5_enc_data *enc = NULL;
+    krb5_keyblock *session = reply->enc_part2->session;
+
+    if (!krb5_principal_compare_any_realm(context, request->client,
+                                          krb5_anonymous_principal()))
+        return 0; /* Only applies to fully anonymous */
+    pa = krb5int_find_pa_data(context, reply->padata, KRB5_PADATA_PKINIT_KX);
+    if (pa == NULL)
+        goto verification_error;
+    scratch.length = pa->length;
+    scratch.data = (char *) pa->contents;
+    ret = decode_krb5_enc_data( &scratch, &enc);
+    if (ret)
+        goto cleanup;
+    scratch.data = k5alloc(enc->ciphertext.length, &ret);
+    if (ret)
+        goto cleanup;
+    scratch.length = enc->ciphertext.length;
+    ret = krb5_c_decrypt(context, as_key, KRB5_KEYUSAGE_PA_PKINIT_KX,
+                         NULL /*cipherstate*/, enc, &scratch);
+    if (ret) {
+        free(scratch.data);
+        goto cleanup;
+    }
+    ret = decode_krb5_encryption_key( &scratch, &kdc_key);
+    zap(scratch.data, scratch.length);
+    free(scratch.data);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_fx_cf2_simple(context, kdc_key, "PKINIT",
+                               as_key, "KEYEXCHANGE", &expected);
+    if (ret)
+        goto cleanup;
+    if ((expected->enctype != session->enctype) ||
+        (expected->length != session->length) ||
+        (memcmp(expected->contents, session->contents, expected->length) != 0))
+        goto verification_error;
+cleanup:
+    if (kdc_key)
+        krb5_free_keyblock(context, kdc_key);
+    if (expected)
+        krb5_free_keyblock(context, expected);
+    if (enc)
+        krb5_free_enc_data(context, enc);
+    return ret;
+verification_error:
+    ret = KRB5_KDCREP_MODIFIED;
+    k5_setmsg(context, ret,
+              _("Reply has wrong form of session key for anonymous request"));
+    goto cleanup;
+}
+
+static krb5_error_code
+verify_as_reply(krb5_context            context,
+                krb5_timestamp          time_now,
+                krb5_kdc_req            *request,
+                krb5_kdc_rep            *as_reply)
+{
+    krb5_error_code             retval;
+    int                         canon_req;
+    int                         canon_ok;
+    krb5_timestamp              time_offset;
+
+    /* check the contents for sanity: */
+    if (!as_reply->enc_part2->times.starttime)
+        as_reply->enc_part2->times.starttime =
+            as_reply->enc_part2->times.authtime;
+
+    /*
+     * We only allow the AS-REP server name to be changed if the
+     * caller set the canonicalize flag (or requested an enterprise
+     * principal) and we requested (and received) a TGT.
+     */
+    canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
+        request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL ||
+        (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS);
+    if (canon_req) {
+        canon_ok = IS_TGS_PRINC(request->server) &&
+            IS_TGS_PRINC(as_reply->enc_part2->server);
+    } else
+        canon_ok = 0;
+
+    if ((!canon_ok &&
+         !krb5_principal_compare(context, as_reply->enc_part2->server, request->server))
+        || (!canon_req && !krb5_principal_compare(context, as_reply->client, request->client))
+        || !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server)
+        || (request->nonce != as_reply->enc_part2->nonce)
+        /* XXX check for extraneous flags */
+        /* XXX || (!krb5_addresses_compare(context, addrs, as_reply->enc_part2->caddrs)) */
+        || ((request->kdc_options & KDC_OPT_POSTDATED) &&
+            (request->from != 0) &&
+            (request->from != as_reply->enc_part2->times.starttime))
+        || ((request->till != 0) &&
+            ts_after(as_reply->enc_part2->times.endtime, request->till))
+        || ((request->kdc_options & KDC_OPT_RENEWABLE) &&
+            (request->rtime != 0) &&
+            ts_after(as_reply->enc_part2->times.renew_till, request->rtime))
+        || ((request->kdc_options & KDC_OPT_RENEWABLE_OK) &&
+            !(request->kdc_options & KDC_OPT_RENEWABLE) &&
+            (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) &&
+            (request->till != 0) &&
+            ts_after(as_reply->enc_part2->times.renew_till, request->till))
+    ) {
+        return KRB5_KDCREP_MODIFIED;
+    }
+
+    if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) {
+        time_offset = ts_delta(as_reply->enc_part2->times.authtime, time_now);
+        retval = krb5_set_time_offsets(context, time_offset, 0);
+        if (retval)
+            return retval;
+    } else {
+        if ((request->from == 0) &&
+            !ts_within(as_reply->enc_part2->times.starttime, time_now,
+                       context->clockskew))
+            return (KRB5_KDCREP_SKEW);
+    }
+    return 0;
+}
+
+static krb5_error_code
+stash_as_reply(krb5_context             context,
+               krb5_kdc_rep             *as_reply,
+               krb5_creds *             creds,
+               krb5_ccache              ccache)
+{
+    krb5_error_code             retval;
+    krb5_data *                 packet;
+    krb5_principal              client;
+    krb5_principal              server;
+
+    client = NULL;
+    server = NULL;
+
+    if (!creds->client)
+        if ((retval = krb5_copy_principal(context, as_reply->client, &client)))
+            goto cleanup;
+
+    if (!creds->server)
+        if ((retval = krb5_copy_principal(context, as_reply->enc_part2->server,
+                                          &server)))
+            goto cleanup;
+
+    /* fill in the credentials */
+    if ((retval = krb5_copy_keyblock_contents(context,
+                                              as_reply->enc_part2->session,
+                                              &creds->keyblock)))
+        goto cleanup;
+
+    creds->times = as_reply->enc_part2->times;
+    creds->is_skey = FALSE;             /* this is an AS_REQ, so cannot
+                                           be encrypted in skey */
+    creds->ticket_flags = as_reply->enc_part2->flags;
+    if ((retval = krb5_copy_addresses(context, as_reply->enc_part2->caddrs,
+                                      &creds->addresses)))
+        goto cleanup;
+
+    creds->second_ticket.length = 0;
+    creds->second_ticket.data = 0;
+
+    if ((retval = encode_krb5_ticket(as_reply->ticket, &packet)))
+        goto cleanup;
+
+    creds->ticket = *packet;
+    free(packet);
+
+    /* store it in the ccache! */
+    if (ccache)
+        if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+            goto cleanup;
+
+    if (!creds->client)
+        creds->client = client;
+    if (!creds->server)
+        creds->server = server;
+
+cleanup:
+    if (retval) {
+        if (client)
+            krb5_free_principal(context, client);
+        if (server)
+            krb5_free_principal(context, server);
+        if (creds->keyblock.contents) {
+            memset(creds->keyblock.contents, 0,
+                   creds->keyblock.length);
+            free(creds->keyblock.contents);
+            creds->keyblock.contents = 0;
+            creds->keyblock.length = 0;
+        }
+        if (creds->ticket.data) {
+            free(creds->ticket.data);
+            creds->ticket.data = 0;
+        }
+        if (creds->addresses) {
+            krb5_free_addresses(context, creds->addresses);
+            creds->addresses = 0;
+        }
+    }
+    return (retval);
+}
+
+static krb5_error_code
+make_preauth_list(krb5_context  context,
+                  krb5_preauthtype *    ptypes,
+                  int                   nptypes,
+                  krb5_pa_data ***      ret_list)
+{
+    krb5_preauthtype *          ptypep;
+    krb5_pa_data **             preauthp;
+    int                         i;
+
+    if (nptypes < 0) {
+        for (nptypes=0, ptypep = ptypes; *ptypep; ptypep++, nptypes++)
+            ;
+    }
+
+    /* allocate space for a NULL to terminate the list */
+
+    if ((preauthp =
+         (krb5_pa_data **) malloc((nptypes+1)*sizeof(krb5_pa_data *))) == NULL)
+        return(ENOMEM);
+
+    for (i=0; i<nptypes; i++) {
+        if ((preauthp[i] =
+             (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) {
+            for (; i>=0; i--)
+                free(preauthp[i]);
+            free(preauthp);
+            return (ENOMEM);
+        }
+        preauthp[i]->magic = KV5M_PA_DATA;
+        preauthp[i]->pa_type = ptypes[i];
+        preauthp[i]->length = 0;
+        preauthp[i]->contents = 0;
+    }
+
+    /* fill in the terminating NULL */
+
+    preauthp[nptypes] = NULL;
+
+    *ret_list = preauthp;
+    return 0;
+}
+
+#define MAX_IN_TKT_LOOPS 16
+
+/* Sort a pa_data sequence so that types named in the "preferred_preauth_types"
+ * libdefaults entry are listed before any others. */
+static krb5_error_code
+sort_krb5_padata_sequence(krb5_context context, krb5_data *realm,
+                          krb5_pa_data **padata)
+{
+    int i, j, base;
+    krb5_error_code ret;
+    const char *p;
+    long l;
+    char *q, *preauth_types = NULL;
+    krb5_pa_data *tmp;
+    int need_free_string = 1;
+
+    if ((padata == NULL) || (padata[0] == NULL)) {
+        return 0;
+    }
+
+    ret = krb5int_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES,
+                                    &preauth_types);
+    if ((ret != 0) || (preauth_types == NULL)) {
+        /* Try to use PKINIT first. */
+        preauth_types = "17, 16, 15, 14";
+        need_free_string = 0;
+    }
+
+#ifdef DEBUG
+    fprintf (stderr, "preauth data types before sorting:");
+    for (i = 0; padata[i]; i++) {
+        fprintf (stderr, " %d", padata[i]->pa_type);
+    }
+    fprintf (stderr, "\n");
+#endif
+
+    base = 0;
+    for (p = preauth_types; *p != '\0';) {
+        /* skip whitespace to find an entry */
+        p += strspn(p, ", ");
+        if (*p != '\0') {
+            /* see if we can extract a number */
+            l = strtol(p, &q, 10);
+            if ((q != NULL) && (q > p)) {
+                /* got a valid number; search for a matching entry */
+                for (i = base; padata[i] != NULL; i++) {
+                    /* bubble the matching entry to the front of the list */
+                    if (padata[i]->pa_type == l) {
+                        tmp = padata[i];
+                        for (j = i; j > base; j--)
+                            padata[j] = padata[j - 1];
+                        padata[base] = tmp;
+                        base++;
+                        break;
+                    }
+                }
+                p = q;
+            } else {
+                break;
+            }
+        }
+    }
+    if (need_free_string)
+        free(preauth_types);
+
+#ifdef DEBUG
+    fprintf (stderr, "preauth data types after sorting:");
+    for (i = 0; padata[i]; i++)
+        fprintf (stderr, " %d", padata[i]->pa_type);
+    fprintf (stderr, "\n");
+#endif
+
+    return 0;
+}
+
+static krb5_error_code
+build_in_tkt_name(krb5_context context,
+                  const char *in_tkt_service,
+                  krb5_const_principal client,
+                  krb5_principal *server_out)
+{
+    krb5_error_code ret;
+    krb5_principal server = NULL;
+
+    *server_out = NULL;
+
+    if (in_tkt_service) {
+        ret = krb5_parse_name_flags(context, in_tkt_service,
+                                    KRB5_PRINCIPAL_PARSE_IGNORE_REALM,
+                                    &server);
+        if (ret)
+            return ret;
+        krb5_free_data_contents(context, &server->realm);
+        ret = krb5int_copy_data_contents(context, &client->realm,
+                                         &server->realm);
+        if (ret) {
+            krb5_free_principal(context, server);
+            return ret;
+        }
+    } else {
+        ret = krb5_build_principal_ext(context, &server,
+                                       client->realm.length,
+                                       client->realm.data,
+                                       KRB5_TGS_NAME_SIZE,
+                                       KRB5_TGS_NAME,
+                                       client->realm.length,
+                                       client->realm.data,
+                                       0);
+        if (ret)
+            return ret;
+    }
+
+    *server_out = server;
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_init_creds_free(krb5_context context,
+                     krb5_init_creds_context ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    k5_response_items_free(ctx->rctx.items);
+    free(ctx->in_tkt_service);
+    zapfree(ctx->gakpw.storage.data, ctx->gakpw.storage.length);
+    k5_preauth_request_context_fini(context, ctx);
+    krb5_free_error(context, ctx->err_reply);
+    krb5_free_pa_data(context, ctx->err_padata);
+    krb5_free_cred_contents(context, &ctx->cred);
+    krb5_free_kdc_req(context, ctx->request);
+    krb5_free_kdc_rep(context, ctx->reply);
+    krb5_free_data(context, ctx->outer_request_body);
+    krb5_free_data(context, ctx->inner_request_body);
+    krb5_free_data(context, ctx->encoded_previous_request);
+    krb5int_fast_free_state(context, ctx->fast_state);
+    krb5_free_pa_data(context, ctx->optimistic_padata);
+    krb5_free_pa_data(context, ctx->method_padata);
+    krb5_free_pa_data(context, ctx->more_padata);
+    krb5_free_data_contents(context, &ctx->salt);
+    krb5_free_data_contents(context, &ctx->s2kparams);
+    krb5_free_keyblock_contents(context, &ctx->as_key);
+    k5_json_release(ctx->cc_config_in);
+    k5_json_release(ctx->cc_config_out);
+    free(ctx);
+}
+
+krb5_error_code
+k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
+                  int *use_primary)
+{
+    krb5_error_code code;
+    krb5_data request;
+    krb5_data reply;
+    krb5_data realm;
+    unsigned int flags = 0;
+    int tcp_only = 0, primary = *use_primary;
+
+    request.length = 0;
+    request.data = NULL;
+    reply.length = 0;
+    reply.data = NULL;
+    realm.length = 0;
+    realm.data = NULL;
+
+    for (;;) {
+        code = krb5_init_creds_step(context,
+                                    ctx,
+                                    &reply,
+                                    &request,
+                                    &realm,
+                                    &flags);
+        if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !tcp_only) {
+            TRACE_INIT_CREDS_RETRY_TCP(context);
+            tcp_only = 1;
+        } else if (code != 0 || !(flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE))
+            break;
+
+        krb5_free_data_contents(context, &reply);
+
+        primary = *use_primary;
+        code = krb5_sendto_kdc(context, &request, &realm,
+                               &reply, &primary, tcp_only);
+        if (code != 0)
+            break;
+
+        krb5_free_data_contents(context, &request);
+        krb5_free_data_contents(context, &realm);
+    }
+
+    krb5_free_data_contents(context, &request);
+    krb5_free_data_contents(context, &reply);
+    krb5_free_data_contents(context, &realm);
+
+    *use_primary = primary;
+    return code;
+}
+
+/* Heimdal API */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get(krb5_context context,
+                    krb5_init_creds_context ctx)
+{
+    int use_primary = 0;
+
+    return k5_init_creds_get(context, ctx, &use_primary);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_creds(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_creds *creds)
+{
+    if (!ctx->complete)
+        return KRB5_NO_TKT_SUPPLIED;
+
+    return k5_copy_creds_contents(context, &ctx->cred, creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_times(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_ticket_times *times)
+{
+    if (!ctx->complete)
+        return KRB5_NO_TKT_SUPPLIED;
+
+    *times = ctx->cred.times;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_error(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_error **error)
+{
+    krb5_error_code code;
+    krb5_error *ret = NULL;
+
+    *error = NULL;
+
+    if (ctx->err_reply == NULL)
+        return 0;
+
+    ret = k5alloc(sizeof(*ret), &code);
+    if (code != 0)
+        goto cleanup;
+
+    ret->magic = KV5M_ERROR;
+    ret->ctime = ctx->err_reply->ctime;
+    ret->cusec = ctx->err_reply->cusec;
+    ret->susec = ctx->err_reply->susec;
+    ret->stime = ctx->err_reply->stime;
+    ret->error = ctx->err_reply->error;
+
+    if (ctx->err_reply->client != NULL) {
+        code = krb5_copy_principal(context, ctx->err_reply->client,
+                                   &ret->client);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5_copy_principal(context, ctx->err_reply->server, &ret->server);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_copy_data_contents(context, &ctx->err_reply->text,
+                                      &ret->text);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_copy_data_contents(context, &ctx->err_reply->e_data,
+                                      &ret->e_data);
+    if (code != 0)
+        goto cleanup;
+
+    *error = ret;
+
+cleanup:
+    if (code != 0)
+        krb5_free_error(context, ret);
+
+    return code;
+}
+
+/* Return the current time, possibly using the offset from a previously
+ * received preauth-required error. */
+krb5_error_code
+k5_init_creds_current_time(krb5_context context, krb5_init_creds_context ctx,
+                           krb5_boolean allow_unauth, krb5_timestamp *time_out,
+                           krb5_int32 *usec_out)
+{
+    if (ctx->pa_offset_state != NO_OFFSET &&
+        (allow_unauth || ctx->pa_offset_state == AUTH_OFFSET) &&
+        (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME)) {
+        /* Use the offset we got from a preauth-required error. */
+        return k5_time_with_offset(ctx->pa_offset, ctx->pa_offset_usec,
+                                   time_out, usec_out);
+    } else {
+        /* Use the time offset from the context, or no offset. */
+        return krb5_us_timeofday(context, time_out, usec_out);
+    }
+}
+
+/* Set the timestamps for ctx->request based on the desired lifetimes. */
+static krb5_error_code
+set_request_times(krb5_context context, krb5_init_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_timestamp from, now;
+    krb5_int32 now_ms;
+
+    code = k5_init_creds_current_time(context, ctx, TRUE, &now, &now_ms);
+    if (code != 0)
+        return code;
+
+    /* Omit request start time unless the caller explicitly asked for one. */
+    from = ts_incr(now, ctx->start_time);
+    if (ctx->start_time != 0)
+        ctx->request->from = from;
+
+    ctx->request->till = ts_incr(from, ctx->tkt_life);
+
+    if (ctx->renew_life > 0) {
+        /* Don't ask for a smaller renewable time than the lifetime. */
+        ctx->request->rtime = ts_incr(from, ctx->renew_life);
+        if (ts_after(ctx->request->till, ctx->request->rtime))
+            ctx->request->rtime = ctx->request->till;
+        ctx->request->kdc_options &= ~KDC_OPT_RENEWABLE_OK;
+    } else {
+        ctx->request->rtime = 0;
+    }
+
+    return 0;
+}
+
+static void
+read_allowed_preauth_type(krb5_context context, krb5_init_creds_context ctx)
+{
+    krb5_error_code ret;
+    krb5_data config;
+    char *tmp, *p;
+    krb5_ccache in_ccache = k5_gic_opt_get_in_ccache(ctx->opt);
+
+    ctx->allowed_preauth_type = KRB5_PADATA_NONE;
+    if (in_ccache == NULL)
+        return;
+    memset(&config, 0, sizeof(config));
+    if (krb5_cc_get_config(context, in_ccache, ctx->request->server,
+                           KRB5_CC_CONF_PA_TYPE, &config) != 0)
+        return;
+    tmp = k5memdup0(config.data, config.length, &ret);
+    krb5_free_data_contents(context, &config);
+    if (tmp == NULL)
+        return;
+    ctx->allowed_preauth_type = strtol(tmp, &p, 10);
+    if (p == NULL || *p != '\0')
+        ctx->allowed_preauth_type = KRB5_PADATA_NONE;
+    free(tmp);
+}
+
+/* Return true if encrypted timestamp is disabled for realm. */
+static krb5_boolean
+encts_disabled(profile_t profile, const krb5_data *realm)
+{
+    krb5_error_code ret;
+    char *realmstr;
+    int bval;
+
+    realmstr = k5memdup0(realm->data, realm->length, &ret);
+    if (realmstr == NULL)
+        return FALSE;
+    ret = profile_get_boolean(profile, KRB5_CONF_REALMS, realmstr,
+                              KRB5_CONF_DISABLE_ENCRYPTED_TIMESTAMP, FALSE,
+                              &bval);
+    free(realmstr);
+    return (ret == 0) ? bval : FALSE;
+}
+
+/**
+ * Throw away any pre-authentication realm state and begin with a
+ * unauthenticated or optimistically authenticated request.  If fast_upgrade is
+ * set, use FAST for this request.
+ */
+static krb5_error_code
+restart_init_creds_loop(krb5_context context, krb5_init_creds_context ctx,
+                        krb5_boolean fast_upgrade)
+{
+    krb5_error_code code = 0;
+
+    krb5_free_pa_data(context, ctx->optimistic_padata);
+    krb5_free_pa_data(context, ctx->method_padata);
+    krb5_free_pa_data(context, ctx->more_padata);
+    krb5_free_pa_data(context, ctx->err_padata);
+    krb5_free_error(context, ctx->err_reply);
+    ctx->optimistic_padata = ctx->method_padata = ctx->more_padata = NULL;
+    ctx->err_padata = NULL;
+    ctx->err_reply = NULL;
+    ctx->selected_preauth_type = KRB5_PADATA_NONE;
+
+    krb5int_fast_free_state(context, ctx->fast_state);
+    ctx->fast_state = NULL;
+    code = krb5int_fast_make_state(context, &ctx->fast_state);
+    if (code != 0)
+        goto cleanup;
+    if (fast_upgrade)
+        ctx->fast_state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
+
+    k5_preauth_request_context_fini(context, ctx);
+    k5_preauth_request_context_init(context, ctx);
+    krb5_free_data(context, ctx->outer_request_body);
+    ctx->outer_request_body = NULL;
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) {
+        code = make_preauth_list(context, ctx->opt->preauth_list,
+                                 ctx->opt->preauth_list_length,
+                                 &ctx->optimistic_padata);
+        if (code)
+            goto cleanup;
+    }
+
+    /* Never set encts_disabled back to false, so it can't be circumvented with
+     * client realm referrals. */
+    if (encts_disabled(context->profile, &ctx->request->client->realm))
+        ctx->encts_disabled = TRUE;
+
+    krb5_free_principal(context, ctx->request->server);
+    ctx->request->server = NULL;
+
+    code = build_in_tkt_name(context, ctx->in_tkt_service,
+                             ctx->request->client,
+                             &ctx->request->server);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_fast_as_armor(context, ctx->fast_state, ctx->opt,
+                                 ctx->request);
+    if (code != 0)
+        goto cleanup;
+    /* give the preauth plugins a chance to prep the request body */
+    k5_preauth_prepare_request(context, ctx->opt, ctx->request);
+
+    code = krb5int_fast_prep_req_body(context, ctx->fast_state,
+                                      ctx->request,
+                                      &ctx->outer_request_body);
+    if (code != 0)
+        goto cleanup;
+
+    /* Read the allowed preauth type for this server principal from the input
+     * ccache, if the application supplied one. */
+    read_allowed_preauth_type(context, ctx);
+
+cleanup:
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_init(krb5_context context,
+                     krb5_principal client,
+                     krb5_prompter_fct prompter,
+                     void *data,
+                     krb5_deltat start_time,
+                     krb5_get_init_creds_opt *opt,
+                     krb5_init_creds_context *pctx)
+{
+    krb5_error_code code;
+    krb5_init_creds_context ctx;
+    int tmp;
+    char *str = NULL;
+
+    TRACE_INIT_CREDS(context, client);
+
+    ctx = k5alloc(sizeof(*ctx), &code);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->request = k5alloc(sizeof(krb5_kdc_req), &code);
+    if (code != 0)
+        goto cleanup;
+    ctx->info_pa_permitted = TRUE;
+    code = krb5_copy_principal(context, client, &ctx->request->client);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->prompter = prompter;
+    ctx->prompter_data = data;
+    ctx->gak_fct = krb5_get_as_key_password;
+    ctx->gak_data = &ctx->gakpw;
+
+    ctx->start_time = start_time;
+
+    if (opt == NULL) {
+        ctx->opt = &ctx->opt_storage;
+        krb5_get_init_creds_opt_init(ctx->opt);
+    } else {
+        ctx->opt = opt;
+    }
+
+    code = k5_response_items_new(&ctx->rctx.items);
+    if (code != 0)
+        goto cleanup;
+
+    /* Initialise request parameters as per krb5_get_init_creds() */
+    ctx->request->kdc_options = context->kdc_default_options;
+
+    /* forwardable */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
+        tmp = ctx->opt->forwardable;
+    else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                        KRB5_CONF_FORWARDABLE, &tmp) == 0)
+        ;
+    else
+        tmp = 0;
+    if (tmp)
+        ctx->request->kdc_options |= KDC_OPT_FORWARDABLE;
+
+    /* proxiable */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
+        tmp = ctx->opt->proxiable;
+    else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                        KRB5_CONF_PROXIABLE, &tmp) == 0)
+        ;
+    else
+        tmp = 0;
+    if (tmp)
+        ctx->request->kdc_options |= KDC_OPT_PROXIABLE;
+
+    /* canonicalize */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)
+        tmp = 1;
+    else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                        KRB5_CONF_CANONICALIZE, &tmp) == 0)
+        ;
+    else
+        tmp = 0;
+    if (tmp)
+        ctx->request->kdc_options |= KDC_OPT_CANONICALIZE;
+
+    /* allow_postdate */
+    if (ctx->start_time > 0)
+        ctx->request->kdc_options |= KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED;
+
+    /* ticket lifetime */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
+        ctx->tkt_life = ctx->opt->tkt_life;
+    else if (krb5int_libdefault_string(context, &ctx->request->client->realm,
+                                       KRB5_CONF_TICKET_LIFETIME, &str) == 0) {
+        code = krb5_string_to_deltat(str, &ctx->tkt_life);
+        if (code != 0)
+            goto cleanup;
+        free(str);
+        str = NULL;
+    } else
+        ctx->tkt_life = 24 * 60 * 60; /* previously hardcoded in kinit */
+
+    /* renewable lifetime */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
+        ctx->renew_life = ctx->opt->renew_life;
+    else if (krb5int_libdefault_string(context, &ctx->request->client->realm,
+                                       KRB5_CONF_RENEW_LIFETIME, &str) == 0) {
+        code = krb5_string_to_deltat(str, &ctx->renew_life);
+        if (code != 0)
+            goto cleanup;
+        free(str);
+        str = NULL;
+    } else
+        ctx->renew_life = 0;
+
+    if (ctx->renew_life > 0)
+        ctx->request->kdc_options |= KDC_OPT_RENEWABLE;
+
+    /* enctypes */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
+        ctx->request->ktype =
+            k5memdup(ctx->opt->etype_list,
+                     ctx->opt->etype_list_length * sizeof(krb5_enctype),
+                     &code);
+        if (code != 0)
+            goto cleanup;
+        ctx->request->nktypes = ctx->opt->etype_list_length;
+    } else if (krb5_get_default_in_tkt_ktypes(context,
+                                              &ctx->request->ktype) == 0) {
+        ctx->request->nktypes = k5_count_etypes(ctx->request->ktype);
+    } else {
+        /* there isn't any useful default here. */
+        code = KRB5_CONFIG_ETYPE_NOSUPP;
+        goto cleanup;
+    }
+
+    /*
+     * Set a default enctype for optimistic preauth.  If we're not doing
+     * optimistic preauth, this should ordinarily get overwritten when we
+     * process the etype-info2 of the preauth-required error.
+     */
+    if (ctx->request->nktypes > 0)
+        ctx->etype = ctx->request->ktype[0];
+
+    /* addresses */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) {
+        code = krb5_copy_addresses(context, ctx->opt->address_list,
+                                   &ctx->request->addresses);
+        if (code != 0)
+            goto cleanup;
+    } else if (krb5int_libdefault_boolean(context, &ctx->request->client->realm,
+                                          KRB5_CONF_NOADDRESSES, &tmp) != 0
+               || tmp) {
+        ctx->request->addresses = NULL;
+    } else {
+        code = krb5_os_localaddr(context, &ctx->request->addresses);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_SALT) {
+        code = krb5int_copy_data_contents(context, ctx->opt->salt, &ctx->salt);
+        if (code != 0)
+            goto cleanup;
+        ctx->default_salt = FALSE;
+    } else {
+        ctx->salt = empty_data();
+        ctx->default_salt = TRUE;
+    }
+
+    /* Anonymous. */
+    if (ctx->opt->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS) {
+        ctx->request->kdc_options |= KDC_OPT_REQUEST_ANONYMOUS;
+        /* Remap @REALM to WELLKNOWN/ANONYMOUS@REALM. */
+        if (client->length == 1 && client->data[0].length ==0) {
+            krb5_principal new_client;
+            code = krb5_build_principal_ext(context, &new_client,
+                                            client->realm.length,
+                                            client->realm.data,
+                                            strlen(KRB5_WELLKNOWN_NAMESTR),
+                                            KRB5_WELLKNOWN_NAMESTR,
+                                            strlen(KRB5_ANONYMOUS_PRINCSTR),
+                                            KRB5_ANONYMOUS_PRINCSTR,
+                                            0);
+            if (code)
+                goto cleanup;
+            krb5_free_principal(context, ctx->request->client);
+            ctx->request->client = new_client;
+            ctx->request->client->type = KRB5_NT_WELLKNOWN;
+        }
+    }
+    /* We will also handle anonymous if the input principal is the anonymous
+     * principal. */
+    if (krb5_principal_compare_any_realm(context, ctx->request->client,
+                                         krb5_anonymous_principal())) {
+        ctx->request->kdc_options |= KDC_OPT_REQUEST_ANONYMOUS;
+        ctx->request->client->type = KRB5_NT_WELLKNOWN;
+    }
+
+    *pctx = ctx;
+    ctx = NULL;
+
+cleanup:
+    krb5_init_creds_free(context, ctx);
+    free(str);
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_service(krb5_context context,
+                            krb5_init_creds_context ctx,
+                            const char *service)
+{
+    char *s;
+
+    TRACE_INIT_CREDS_SERVICE(context, service);
+
+    s = strdup(service);
+    if (s == NULL)
+        return ENOMEM;
+
+    free(ctx->in_tkt_service);
+    ctx->in_tkt_service = s;
+
+    return restart_init_creds_loop(context, ctx, FALSE);
+}
+
+static krb5_error_code
+init_creds_validate_reply(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_data *reply)
+{
+    krb5_error_code code;
+    krb5_error *error = NULL;
+    krb5_kdc_rep *as_reply = NULL;
+
+    krb5_free_error(context, ctx->err_reply);
+    ctx->err_reply = NULL;
+
+    krb5_free_kdc_rep(context, ctx->reply);
+    ctx->reply = NULL;
+
+    if (krb5_is_krb_error(reply)) {
+        code = decode_krb5_error(reply, &error);
+        if (code != 0)
+            return code;
+
+        assert(error != NULL);
+
+        TRACE_INIT_CREDS_ERROR_REPLY(context,
+                                     error->error + ERROR_TABLE_BASE_krb5);
+        if (error->error == KRB_ERR_RESPONSE_TOO_BIG) {
+            krb5_free_error(context, error);
+            return KRB5KRB_ERR_RESPONSE_TOO_BIG;
+        } else {
+            ctx->err_reply = error;
+            return 0;
+        }
+    }
+
+    /*
+     * Check to make sure it isn't a V4 reply.
+     */
+    if (reply->length != 0 && !krb5_is_as_rep(reply)) {
+/* these are in <kerberosIV/prot.h> as well but it isn't worth including. */
+#define V4_KRB_PROT_VERSION     4
+#define V4_AUTH_MSG_ERR_REPLY   (5<<1)
+        /* check here for V4 reply */
+        unsigned int t_switch;
+
+        /* From v4 g_in_tkt.c: This used to be
+           switch (pkt_msg_type(rpkt) & ~1) {
+           but SCO 3.2v4 cc compiled that incorrectly.  */
+        t_switch = reply->data[1];
+        t_switch &= ~1;
+
+        if (t_switch == V4_AUTH_MSG_ERR_REPLY
+            && reply->data[0] == V4_KRB_PROT_VERSION) {
+            code = KRB5KRB_AP_ERR_V4_REPLY;
+        } else {
+            code = KRB5KRB_AP_ERR_MSG_TYPE;
+        }
+        return code;
+    }
+
+    /* It must be a KRB_AS_REP message, or an bad returned packet */
+    code = decode_krb5_as_rep(reply, &as_reply);
+    if (code != 0)
+        return code;
+
+    if (as_reply->msg_type != KRB5_AS_REP) {
+        krb5_free_kdc_rep(context, as_reply);
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+    }
+
+    ctx->reply = as_reply;
+
+    return 0;
+}
+
+static krb5_error_code
+save_selected_preauth_type(krb5_context context, krb5_ccache ccache,
+                           krb5_init_creds_context ctx)
+{
+    krb5_data config_data;
+    char *tmp;
+    krb5_error_code code;
+
+    if (ctx->selected_preauth_type == KRB5_PADATA_NONE)
+        return 0;
+    if (asprintf(&tmp, "%ld", (long)ctx->selected_preauth_type) < 0)
+        return ENOMEM;
+    config_data = string2data(tmp);
+    code = krb5_cc_set_config(context, ccache, ctx->cred.server,
+                              KRB5_CC_CONF_PA_TYPE, &config_data);
+    free(tmp);
+    return code;
+}
+
+static krb5_error_code
+clear_cc_config_out_data(krb5_context context, krb5_init_creds_context ctx)
+{
+    k5_json_release(ctx->cc_config_out);
+    ctx->cc_config_out = NULL;
+    return k5_json_object_create(&ctx->cc_config_out);
+}
+
+static krb5_error_code
+read_cc_config_in_data(krb5_context context, krb5_init_creds_context ctx)
+{
+    k5_json_value val;
+    krb5_data config;
+    char *encoded;
+    krb5_error_code code;
+    krb5_ccache in_ccache = k5_gic_opt_get_in_ccache(ctx->opt);
+
+    k5_json_release(ctx->cc_config_in);
+    ctx->cc_config_in = NULL;
+
+    if (in_ccache == NULL)
+        return 0;
+
+    memset(&config, 0, sizeof(config));
+    code = krb5_cc_get_config(context, in_ccache, ctx->request->server,
+                              KRB5_CC_CONF_PA_CONFIG_DATA, &config);
+    if (code)
+        return code;
+
+    encoded = k5memdup0(config.data, config.length, &code);
+    krb5_free_data_contents(context, &config);
+    if (encoded == NULL)
+        return ENOMEM;
+
+    code = k5_json_decode(encoded, &val);
+    free(encoded);
+    if (code)
+        return code;
+    if (k5_json_get_tid(val) != K5_JSON_TID_OBJECT) {
+        k5_json_release(val);
+        return EINVAL;
+    }
+    ctx->cc_config_in = val;
+    return 0;
+}
+
+static krb5_error_code
+save_cc_config_out_data(krb5_context context, krb5_ccache ccache,
+                        krb5_init_creds_context ctx)
+{
+    krb5_data config;
+    char *encoded;
+    krb5_error_code code;
+
+    if (ctx->cc_config_out == NULL ||
+        k5_json_object_count(ctx->cc_config_out) == 0)
+        return 0;
+    code = k5_json_encode(ctx->cc_config_out, &encoded);
+    if (code)
+        return code;
+    config = string2data(encoded);
+    code = krb5_cc_set_config(context, ccache, ctx->cred.server,
+                              KRB5_CC_CONF_PA_CONFIG_DATA, &config);
+    free(encoded);
+    return code;
+}
+
+/* Add a KERB-PA-PAC-REQUEST pa-data item if the gic options require one. */
+static krb5_error_code
+maybe_add_pac_request(krb5_context context, krb5_init_creds_context ctx)
+{
+    krb5_error_code code;
+    krb5_pa_pac_req pac_req;
+    krb5_data *encoded;
+    int val;
+
+    val = k5_gic_opt_pac_request(ctx->opt);
+    if (val == -1)
+        return 0;
+
+    pac_req.include_pac = val;
+    code = encode_krb5_pa_pac_req(&pac_req, &encoded);
+    if (code)
+        return code;
+    code = k5_add_pa_data_from_data(&ctx->request->padata,
+                                    KRB5_PADATA_PAC_REQUEST, encoded);
+    krb5_free_data(context, encoded);
+    return code;
+}
+
+static krb5_error_code
+init_creds_step_request(krb5_context context,
+                        krb5_init_creds_context ctx,
+                        krb5_data *out)
+{
+    krb5_error_code code;
+    krb5_preauthtype pa_type;
+    krb5_data copy;
+    struct errinfo save = EMPTY_ERRINFO;
+    uint32_t rcode = (ctx->err_reply == NULL) ? 0 : ctx->err_reply->error;
+
+    if (ctx->loopcount >= MAX_IN_TKT_LOOPS) {
+        code = KRB5_GET_IN_TKT_LOOP;
+        goto cleanup;
+    }
+
+    /* RFC 6113 requires a new nonce for the inner request on each try. */
+    code = k5_generate_nonce(context, &ctx->request->nonce);
+    if (code != 0)
+        goto cleanup;
+
+    /* Reset the request timestamps, possibly adjusting to the KDC time. */
+    code = set_request_times(context, ctx);
+    if (code != 0)
+        goto cleanup;
+
+    krb5_free_data(context, ctx->inner_request_body);
+    ctx->inner_request_body = NULL;
+    code = encode_krb5_kdc_req_body(ctx->request, &ctx->inner_request_body);
+    if (code)
+        goto cleanup;
+
+    /*
+     * Read cached preauth configuration data for this server principal from
+     * the in_ccache, if the application supplied one, and delete any that was
+     * stored by a previous (clearly failed) module.
+     */
+    read_cc_config_in_data(context, ctx);
+    clear_cc_config_out_data(context, ctx);
+
+    ctx->request->padata = NULL;
+    if (ctx->optimistic_padata != NULL) {
+        /* Our first attempt, using an optimistic padata list. */
+        TRACE_INIT_CREDS_PREAUTH_OPTIMISTIC(context);
+        code = k5_preauth(context, ctx, ctx->optimistic_padata, TRUE,
+                          &ctx->request->padata, &ctx->selected_preauth_type);
+        krb5_free_pa_data(context, ctx->optimistic_padata);
+        ctx->optimistic_padata = NULL;
+        if (code) {
+            /* Make an unauthenticated request. */
+            krb5_clear_error_message(context);
+            code = 0;
+        }
+    } if (ctx->more_padata != NULL) {
+        /* Continuing after KDC_ERR_MORE_PREAUTH_DATA_REQUIRED. */
+        TRACE_INIT_CREDS_PREAUTH_MORE(context, ctx->selected_preauth_type);
+        code = k5_preauth(context, ctx, ctx->more_padata, TRUE,
+                          &ctx->request->padata, &pa_type);
+    } else if (rcode == KDC_ERR_PREAUTH_FAILED) {
+        /* Report the KDC-side failure code if we can't try another mech. */
+        code = KRB5KDC_ERR_PREAUTH_FAILED;
+    } else if (rcode && rcode != KDC_ERR_PREAUTH_REQUIRED) {
+        /* Retrying after an error (possibly mechanism-specific), using error
+         * padata to figure out what to change. */
+        TRACE_INIT_CREDS_PREAUTH_TRYAGAIN(context, ctx->err_reply->error,
+                                          ctx->selected_preauth_type);
+        code = k5_preauth_tryagain(context, ctx, ctx->selected_preauth_type,
+                                   ctx->err_reply, ctx->err_padata,
+                                   &ctx->request->padata);
+        if (code) {
+            krb5_clear_error_message(context);
+            code = ctx->err_reply->error + ERROR_TABLE_BASE_krb5;
+        }
+    }
+    /* Don't continue after a keyboard interrupt. */
+    if (code == KRB5_LIBOS_PWDINTR)
+        goto cleanup;
+    /* Don't continue if fallback is disabled. */
+    if (code && ctx->fallback_disabled)
+        goto cleanup;
+    if (code) {
+        /* See if we can try a different preauth mech before giving up. */
+        k5_save_ctx_error(context, code, &save);
+        ctx->selected_preauth_type = KRB5_PADATA_NONE;
+    }
+
+    if (ctx->request->padata == NULL && ctx->method_padata != NULL) {
+        /* Retrying after KDC_ERR_PREAUTH_REQUIRED, or trying again with a
+         * different mechanism after a failure. */
+        TRACE_INIT_CREDS_PREAUTH(context);
+        code = k5_preauth(context, ctx, ctx->method_padata, TRUE,
+                          &ctx->request->padata, &ctx->selected_preauth_type);
+        if (code) {
+            if (save.code != 0)
+                code = k5_restore_ctx_error(context, &save);
+            goto cleanup;
+        }
+    }
+    if (ctx->request->padata == NULL)
+        TRACE_INIT_CREDS_PREAUTH_NONE(context);
+
+    /* Remember when we sent this request (after any preauth delay). */
+    ctx->request_time = time(NULL);
+
+    if (ctx->encoded_previous_request != NULL) {
+        krb5_free_data(context, ctx->encoded_previous_request);
+        ctx->encoded_previous_request = NULL;
+    }
+    if (ctx->info_pa_permitted) {
+        code = k5_add_empty_pa_data(&ctx->request->padata,
+                                    KRB5_PADATA_AS_FRESHNESS);
+        if (code)
+            goto cleanup;
+        code = k5_add_empty_pa_data(&ctx->request->padata,
+                                    KRB5_ENCPADATA_REQ_ENC_PA_REP);
+    }
+    if (code)
+        goto cleanup;
+
+    if (ctx->subject_cert != NULL) {
+        code = krb5int_copy_data_contents(context, ctx->subject_cert, &copy);
+        if (code)
+            goto cleanup;
+        code = k5_add_pa_data_from_data(&ctx->request->padata,
+                                        KRB5_PADATA_S4U_X509_USER, &copy);
+        krb5_free_data_contents(context, &copy);
+        if (code)
+            goto cleanup;
+    }
+
+    code = maybe_add_pac_request(context, ctx);
+    if (code)
+        goto cleanup;
+
+    code = krb5int_fast_prep_req(context, ctx->fast_state,
+                                 ctx->request, ctx->outer_request_body,
+                                 encode_krb5_as_req,
+                                 &ctx->encoded_previous_request);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_copy_data_contents(context,
+                                      ctx->encoded_previous_request,
+                                      out);
+    if (code != 0)
+        goto cleanup;
+
+cleanup:
+    krb5_free_pa_data(context, ctx->request->padata);
+    ctx->request->padata = NULL;
+    k5_clear_error(&save);
+    return code;
+}
+
+/* Ensure that the reply enctype was among the requested enctypes. */
+static krb5_error_code
+check_reply_enctype(krb5_init_creds_context ctx)
+{
+    int i;
+
+    for (i = 0; i < ctx->request->nktypes; i++) {
+        if (ctx->request->ktype[i] == ctx->reply->enc_part.enctype)
+            return 0;
+    }
+    return KRB5_CONFIG_ETYPE_NOSUPP;
+}
+
+/* Note the difference between the KDC's time, as reported to us in a
+ * preauth-required error, and the current time. */
+static void
+note_req_timestamp(krb5_context context, krb5_init_creds_context ctx,
+                   krb5_timestamp kdc_time, krb5_int32 kdc_usec)
+{
+    krb5_timestamp now;
+    krb5_int32 usec;
+
+    if (k5_time_with_offset(0, 0, &now, &usec) != 0)
+        return;
+    ctx->pa_offset = ts_delta(kdc_time, now);
+    ctx->pa_offset_usec = kdc_usec - usec;
+    ctx->pa_offset_state = (ctx->fast_state->armor_key != NULL) ?
+        AUTH_OFFSET : UNAUTH_OFFSET;
+}
+
+/*
+ * Determine whether err is a client referral to another realm, given the
+ * previously requested client principal name.
+ *
+ * RFC 6806 Section 7 requires that KDCs return the referral realm in an error
+ * type WRONG_REALM, but Microsoft Windows Server 2003 (and possibly others)
+ * return the realm in a PRINCIPAL_UNKNOWN message.
+ */
+static krb5_boolean
+is_referral(krb5_context context, krb5_error *err, krb5_principal client)
+{
+    if (err->error != KDC_ERR_WRONG_REALM &&
+        err->error != KDC_ERR_C_PRINCIPAL_UNKNOWN)
+        return FALSE;
+    if (err->client == NULL)
+        return FALSE;
+    return !krb5_realm_compare(context, err->client, client);
+}
+
+/* Transfer error padata to method data in ctx and sort it according to
+ * configuration. */
+static krb5_error_code
+accept_method_data(krb5_context context, krb5_init_creds_context ctx)
+{
+    krb5_free_pa_data(context, ctx->method_padata);
+    ctx->method_padata = ctx->err_padata;
+    ctx->err_padata = NULL;
+    return sort_krb5_padata_sequence(context, &ctx->request->client->realm,
+                                     ctx->method_padata);
+}
+
+/* Return the password expiry time indicated by enc_part2.  Set *is_last_req
+ * if the information came from a last_req value. */
+static void
+get_expiry_times(krb5_enc_kdc_rep_part *enc_part2, krb5_timestamp *pw_exp,
+                 krb5_timestamp *acct_exp, krb5_boolean *is_last_req)
+{
+    krb5_last_req_entry **last_req;
+    krb5_int32 lr_type;
+
+    *pw_exp = 0;
+    *acct_exp = 0;
+    *is_last_req = FALSE;
+
+    /* Look for last-req entries for password or account expiration. */
+    if (enc_part2->last_req) {
+        for (last_req = enc_part2->last_req; *last_req; last_req++) {
+            lr_type = (*last_req)->lr_type;
+            if (lr_type == KRB5_LRQ_ALL_PW_EXPTIME ||
+                lr_type == KRB5_LRQ_ONE_PW_EXPTIME) {
+                *is_last_req = TRUE;
+                *pw_exp = (*last_req)->value;
+            } else if (lr_type == KRB5_LRQ_ALL_ACCT_EXPTIME ||
+                       lr_type == KRB5_LRQ_ONE_ACCT_EXPTIME) {
+                *is_last_req = TRUE;
+                *acct_exp = (*last_req)->value;
+            }
+        }
+    }
+
+    /* If we didn't find any, use the ambiguous key_exp field. */
+    if (*is_last_req == FALSE)
+        *pw_exp = enc_part2->key_exp;
+}
+
+/*
+ * Send an appropriate warning prompter if as_reply indicates that the password
+ * is going to expire soon.  If an expire callback was provided, use that
+ * instead.
+ */
+static void
+warn_pw_expiry(krb5_context context, krb5_get_init_creds_opt *options,
+               krb5_prompter_fct prompter, void *data,
+               const char *in_tkt_service, krb5_kdc_rep *as_reply)
+{
+    krb5_error_code ret;
+    krb5_expire_callback_func expire_cb;
+    void *expire_data;
+    krb5_timestamp pw_exp, acct_exp, now;
+    krb5_boolean is_last_req;
+    uint32_t interval;
+    char ts[256], banner[1024];
+
+    if (as_reply == NULL || as_reply->enc_part2 == NULL)
+        return;
+
+    get_expiry_times(as_reply->enc_part2, &pw_exp, &acct_exp, &is_last_req);
+
+    k5_gic_opt_get_expire_cb(options, &expire_cb, &expire_data);
+    if (expire_cb != NULL) {
+        /* Invoke the expire callback and don't send prompter warnings. */
+        (*expire_cb)(context, expire_data, pw_exp, acct_exp, is_last_req);
+        return;
+    }
+
+    /* Don't warn if no password expiry value was sent. */
+    if (pw_exp == 0)
+        return;
+
+    /* Don't warn if the password is being changed. */
+    if (in_tkt_service && strcmp(in_tkt_service, "kadmin/changepw") == 0)
+        return;
+
+    /*
+     * If the expiry time came from a last_req field, assume the KDC wants us
+     * to warn.  Otherwise, warn only if the expiry time is less than a week
+     * from now.
+     */
+    ret = krb5_timeofday(context, &now);
+    if (ret != 0)
+        return;
+    interval = ts_interval(now, pw_exp);
+    if (!is_last_req && (!interval || interval > 7 * 24 * 60 * 60))
+        return;
+
+    if (!prompter)
+        return;
+
+    ret = krb5_timestamp_to_string(pw_exp, ts, sizeof(ts));
+    if (ret != 0)
+        return;
+
+    if (interval < 3600) {
+        snprintf(banner, sizeof(banner),
+                 _("Warning: Your password will expire in less than one hour "
+                   "on %s"), ts);
+    } else if (interval < 86400 * 2) {
+        snprintf(banner, sizeof(banner),
+                 _("Warning: Your password will expire in %d hour%s on %s"),
+                 interval / 3600, interval < 7200 ? "" : "s", ts);
+    } else {
+        snprintf(banner, sizeof(banner),
+                 _("Warning: Your password will expire in %d days on %s"),
+                 interval / 86400, ts);
+    }
+
+    /* PROMPTER_INVOCATION */
+    (*prompter)(context, data, 0, banner, 0, 0);
+}
+
+/* Display a warning via the prompter if a deprecated enctype was used for
+ * either the reply key or the session key. */
+static void
+warn_deprecated(krb5_context context, krb5_init_creds_context ctx,
+                krb5_enctype as_key_enctype)
+{
+    krb5_enctype etype;
+    char encbuf[128], banner[256];
+
+    if (ctx->prompter == NULL)
+        return;
+
+    if (krb5int_c_deprecated_enctype(as_key_enctype))
+        etype = as_key_enctype;
+    else if (krb5int_c_deprecated_enctype(ctx->cred.keyblock.enctype))
+        etype = ctx->cred.keyblock.enctype;
+    else
+        return;
+
+    if (krb5_enctype_to_name(etype, FALSE, encbuf, sizeof(encbuf)) != 0)
+        return;
+    snprintf(banner, sizeof(banner),
+             _("Warning: encryption type %s used for authentication is "
+               "deprecated and will be disabled"), encbuf);
+
+    /* PROMPTER_INVOCATION */
+    (*ctx->prompter)(context, ctx->prompter_data, NULL, banner, 0, NULL);
+}
+
+/*
+ * If ctx specifies an output ccache, create or refresh it (atomically, if
+ * possible) with the obtained credential and any appropriate ccache
+ * configuration.
+ */
+static krb5_error_code
+write_out_ccache(krb5_context context, krb5_init_creds_context ctx,
+                 krb5_boolean fast_avail)
+{
+    krb5_error_code ret;
+    krb5_ccache out_ccache = k5_gic_opt_get_out_ccache(ctx->opt);
+    krb5_ccache mcc = NULL;
+    krb5_data yes = string2data("yes");
+
+    if (out_ccache == NULL)
+        return 0;
+
+    ret = krb5_cc_new_unique(context, "MEMORY", NULL, &mcc);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_cc_initialize(context, mcc, ctx->cred.client);
+    if (ret)
+        goto cleanup;
+
+    if (fast_avail) {
+        ret = krb5_cc_set_config(context, mcc, ctx->cred.server,
+                                 KRB5_CC_CONF_FAST_AVAIL, &yes);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = save_selected_preauth_type(context, mcc, ctx);
+    if (ret)
+        goto cleanup;
+
+    ret = save_cc_config_out_data(context, mcc, ctx);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_cc_store_primary_cred(context, mcc, &ctx->cred);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_cc_move(context, mcc, out_ccache);
+    if (ret)
+        goto cleanup;
+    mcc = NULL;
+
+cleanup:
+    if (mcc != NULL)
+        krb5_cc_destroy(context, mcc);
+    return ret;
+}
+
+static krb5_error_code
+init_creds_step_reply(krb5_context context,
+                      krb5_init_creds_context ctx,
+                      krb5_data *in)
+{
+    krb5_error_code code;
+    krb5_pa_data **kdc_padata = NULL;
+    krb5_preauthtype kdc_pa_type;
+    krb5_boolean retry = FALSE;
+    int canon_flag = 0;
+    uint32_t reply_code;
+    krb5_keyblock *strengthen_key = NULL;
+    krb5_keyblock encrypting_key;
+    krb5_boolean fast_avail;
+
+    encrypting_key.length = 0;
+    encrypting_key.contents = NULL;
+
+    /* process previous KDC response */
+    code = init_creds_validate_reply(context, ctx, in);
+    if (code != 0)
+        goto cleanup;
+
+    /* per referrals draft, enterprise principals imply canonicalization */
+    canon_flag = ((ctx->request->kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
+        ctx->request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
+
+    if (ctx->err_reply != NULL) {
+        krb5_free_pa_data(context, ctx->more_padata);
+        krb5_free_pa_data(context, ctx->err_padata);
+        ctx->more_padata = ctx->err_padata = NULL;
+        code = krb5int_fast_process_error(context, ctx->fast_state,
+                                          &ctx->err_reply, &ctx->err_padata,
+                                          &retry);
+        if (code != 0)
+            goto cleanup;
+        reply_code = ctx->err_reply->error;
+        if (!ctx->restarted &&
+            k5_upgrade_to_fast_p(context, ctx->fast_state, ctx->err_padata)) {
+            /* Retry with FAST after discovering that the KDC supports
+             * it.  (FAST negotiation usually avoids this restart.) */
+            TRACE_FAST_PADATA_UPGRADE(context);
+            ctx->restarted = TRUE;
+            code = restart_init_creds_loop(context, ctx, TRUE);
+        } else if (!ctx->restarted && reply_code == KDC_ERR_PREAUTH_FAILED &&
+                   ctx->selected_preauth_type == KRB5_PADATA_NONE) {
+            /* The KDC didn't like our informational padata (probably a pre-1.7
+             * MIT krb5 KDC).  Retry without it. */
+            ctx->info_pa_permitted = FALSE;
+            ctx->restarted = TRUE;
+            code = restart_init_creds_loop(context, ctx, FALSE);
+        } else if (reply_code == KDC_ERR_PREAUTH_EXPIRED) {
+            /* We sent an expired KDC cookie.  Start over, allowing another
+             * FAST upgrade. */
+            ctx->restarted = FALSE;
+            code = restart_init_creds_loop(context, ctx, FALSE);
+        } else if (ctx->identify_realm &&
+                   (reply_code == KDC_ERR_PREAUTH_REQUIRED ||
+                    reply_code == KDC_ERR_KEY_EXP)) {
+            /* The client exists in this realm; we can stop. */
+            ctx->complete = TRUE;
+            goto cleanup;
+        } else if (reply_code == KDC_ERR_PREAUTH_REQUIRED && retry) {
+            note_req_timestamp(context, ctx, ctx->err_reply->stime,
+                               ctx->err_reply->susec);
+            code = accept_method_data(context, ctx);
+        } else if (reply_code == KDC_ERR_PREAUTH_FAILED && retry) {
+            note_req_timestamp(context, ctx, ctx->err_reply->stime,
+                               ctx->err_reply->susec);
+            /* Don't try again with the mechanism that failed. */
+            code = k5_preauth_note_failed(ctx, ctx->selected_preauth_type);
+            if (code)
+                goto cleanup;
+            ctx->selected_preauth_type = KRB5_PADATA_NONE;
+            /* Accept or update method data if the KDC sent it. */
+            if (ctx->err_padata != NULL)
+                code = accept_method_data(context, ctx);
+        } else if (reply_code == KDC_ERR_MORE_PREAUTH_DATA_REQUIRED && retry) {
+            ctx->more_padata = ctx->err_padata;
+            ctx->err_padata = NULL;
+        } else if (canon_flag && is_referral(context, ctx->err_reply,
+                                             ctx->request->client)) {
+            TRACE_INIT_CREDS_REFERRAL(context, &ctx->err_reply->client->realm);
+            /* Rewrite request.client with realm from error reply */
+            krb5_free_data_contents(context, &ctx->request->client->realm);
+            code = krb5int_copy_data_contents(context,
+                                              &ctx->err_reply->client->realm,
+                                              &ctx->request->client->realm);
+            if (code != 0)
+                goto cleanup;
+            /* Reset per-realm negotiation state. */
+            ctx->restarted = FALSE;
+            ctx->info_pa_permitted = TRUE;
+            code = restart_init_creds_loop(context, ctx, FALSE);
+        } else {
+            if (retry && ctx->selected_preauth_type != KRB5_PADATA_NONE) {
+                code = 0;
+            } else {
+                /* error + no hints (or no preauth mech) = give up */
+                code = (krb5_error_code)reply_code + ERROR_TABLE_BASE_krb5;
+            }
+        }
+
+        /* Return error code, or continue with next iteration */
+        goto cleanup;
+    }
+
+    /* We have a response. Process it. */
+    assert(ctx->reply != NULL);
+
+    /* Check for replies (likely forged) with unasked-for enctypes. */
+    code = check_reply_enctype(ctx);
+    if (code != 0)
+        goto cleanup;
+
+    /* process any preauth data in the as_reply */
+    code = krb5int_fast_process_response(context, ctx->fast_state,
+                                         ctx->reply, &strengthen_key);
+    if (code != 0)
+        goto cleanup;
+
+    if (ctx->identify_realm) {
+        /* Just getting a reply means the client exists in this realm. */
+        ctx->complete = TRUE;
+        goto cleanup;
+    }
+
+    code = sort_krb5_padata_sequence(context, &ctx->request->client->realm,
+                                     ctx->reply->padata);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->etype = ctx->reply->enc_part.enctype;
+
+    /* Process the final reply padata.  Don't restrict the preauth types or
+     * record a selected preauth type. */
+    ctx->allowed_preauth_type = KRB5_PADATA_NONE;
+    code = k5_preauth(context, ctx, ctx->reply->padata, FALSE, &kdc_padata,
+                      &kdc_pa_type);
+    if (code != 0)
+        goto cleanup;
+
+    /*
+     * If we haven't gotten a salt from another source yet, set up one
+     * corresponding to the client principal returned by the KDC.  We
+     * could get the same effect by passing local_as_reply->client to
+     * gak_fct below, but that would put the canonicalized client name
+     * in the prompt, which raises issues of needing to sanitize
+     * unprintable characters.  So for now we just let it affect the
+     * salt.  local_as_reply->client will be checked later on in
+     * verify_as_reply.
+     */
+    if (ctx->default_salt) {
+        code = krb5_principal2salt(context, ctx->reply->client, &ctx->salt);
+        TRACE_INIT_CREDS_SALT_PRINC(context, &ctx->salt);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = decrypt_as_reply(context, ctx, strengthen_key, &encrypting_key);
+    if (code)
+        goto cleanup;
+    TRACE_INIT_CREDS_DECRYPTED_REPLY(context, ctx->reply->enc_part2->session);
+
+    code = krb5int_fast_verify_nego(context, ctx->fast_state,
+                                    ctx->reply, ctx->encoded_previous_request,
+                                    &encrypting_key, &fast_avail);
+    if (code)
+        goto cleanup;
+    code = verify_as_reply(context, ctx->request_time,
+                           ctx->request, ctx->reply);
+    if (code != 0)
+        goto cleanup;
+    code = verify_anonymous(context, ctx->request, ctx->reply,
+                            &ctx->as_key);
+    if (code)
+        goto cleanup;
+
+    code = stash_as_reply(context, ctx->reply, &ctx->cred, NULL);
+    if (code != 0)
+        goto cleanup;
+    code = write_out_ccache(context, ctx, fast_avail);
+    if (code)
+        k5_prependmsg(context, code, _("Failed to store credentials"));
+
+    k5_preauth_request_context_fini(context, ctx);
+
+    /* success */
+    ctx->complete = TRUE;
+    warn_pw_expiry(context, ctx->opt, ctx->prompter, ctx->prompter_data,
+                   ctx->in_tkt_service, ctx->reply);
+    warn_deprecated(context, ctx, encrypting_key.enctype);
+
+cleanup:
+    krb5_free_pa_data(context, kdc_padata);
+    krb5_free_keyblock(context, strengthen_key);
+    krb5_free_keyblock_contents(context, &encrypting_key);
+
+    return code;
+}
+
+/*
+ * Do next step of credentials acquisition.
+ *
+ * On success returns 0 or KRB5KRB_ERR_RESPONSE_TOO_BIG if the request
+ * should be sent with TCP.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_step(krb5_context context,
+                     krb5_init_creds_context ctx,
+                     krb5_data *in,
+                     krb5_data *out,
+                     krb5_data *realm,
+                     unsigned int *flags)
+{
+    krb5_error_code code, code2;
+
+    *flags = 0;
+
+    out->data = NULL;
+    out->length = 0;
+
+    realm->data = NULL;
+    realm->length = 0;
+
+    if (ctx->complete)
+        return EINVAL;
+
+    code = k5_preauth_check_context(context, ctx);
+    if (code)
+        return code;
+
+    if (in->length != 0) {
+        code = init_creds_step_reply(context, ctx, in);
+        if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG) {
+            code2 = krb5int_copy_data_contents(context,
+                                               ctx->encoded_previous_request,
+                                               out);
+            if (code2 != 0) {
+                code = code2;
+                goto cleanup;
+            }
+            goto copy_realm;
+        }
+        if (code != 0 || ctx->complete)
+            goto cleanup;
+    } else {
+        code = restart_init_creds_loop(context, ctx, FALSE);
+        if (code)
+            goto cleanup;
+    }
+
+    code = init_creds_step_request(context, ctx, out);
+    if (code != 0)
+        goto cleanup;
+
+    /* Only a new request increments the loop count, not a TCP retry */
+    ctx->loopcount++;
+
+copy_realm:
+    assert(ctx->request->server != NULL);
+
+    code2 = krb5int_copy_data_contents(context,
+                                       &ctx->request->server->realm,
+                                       realm);
+    if (code2 != 0) {
+        code = code2;
+        goto cleanup;
+    }
+
+cleanup:
+    if (code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) {
+        char *client_name;
+
+        /* See if we can produce a more detailed error message */
+        code2 = krb5_unparse_name(context, ctx->request->client, &client_name);
+        if (code2 == 0) {
+            k5_setmsg(context, code,
+                      _("Client '%s' not found in Kerberos database"),
+                      client_name);
+            krb5_free_unparsed_name(context, client_name);
+        }
+    }
+
+    *flags = ctx->complete ? 0 : KRB5_INIT_CREDS_STEP_FLAG_CONTINUE;
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+k5_get_init_creds(krb5_context context, krb5_creds *creds,
+                  krb5_principal client, krb5_prompter_fct prompter,
+                  void *prompter_data, krb5_deltat start_time,
+                  const char *in_tkt_service, krb5_get_init_creds_opt *options,
+                  get_as_key_fn gak_fct, void *gak_data, int *use_primary,
+                  krb5_kdc_rep **as_reply)
+{
+    krb5_error_code code;
+    krb5_init_creds_context ctx = NULL;
+
+    code = krb5_init_creds_init(context,
+                                client,
+                                prompter,
+                                prompter_data,
+                                start_time,
+                                options,
+                                &ctx);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->gak_fct = gak_fct;
+    ctx->gak_data = gak_data;
+
+    if (in_tkt_service) {
+        code = krb5_init_creds_set_service(context, ctx, in_tkt_service);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = k5_init_creds_get(context, ctx, use_primary);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_init_creds_get_creds(context, ctx, creds);
+    if (code != 0)
+        goto cleanup;
+
+    if (as_reply != NULL) {
+        *as_reply = ctx->reply;
+        ctx->reply = NULL;
+    }
+
+cleanup:
+    krb5_init_creds_free(context, ctx);
+
+    return code;
+}
+
+krb5_error_code
+k5_identify_realm(krb5_context context, krb5_principal client,
+                  const krb5_data *subject_cert, krb5_principal *client_out)
+{
+    krb5_error_code ret;
+    krb5_get_init_creds_opt *opts = NULL;
+    krb5_init_creds_context ctx = NULL;
+    int use_primary = 0;
+
+    *client_out = NULL;
+
+    ret = krb5_get_init_creds_opt_alloc(context, &opts);
+    if (ret)
+        goto cleanup;
+    krb5_get_init_creds_opt_set_tkt_life(opts, 15);
+    krb5_get_init_creds_opt_set_renew_life(opts, 0);
+    krb5_get_init_creds_opt_set_forwardable(opts, 0);
+    krb5_get_init_creds_opt_set_proxiable(opts, 0);
+    krb5_get_init_creds_opt_set_canonicalize(opts, 1);
+
+    ret = krb5_init_creds_init(context, client, NULL, NULL, 0, opts, &ctx);
+    if (ret)
+        goto cleanup;
+
+    ctx->identify_realm = TRUE;
+    ctx->subject_cert = subject_cert;
+
+    ret = k5_init_creds_get(context, ctx, &use_primary);
+    if (ret)
+        goto cleanup;
+
+    TRACE_INIT_CREDS_IDENTIFIED_REALM(context, &ctx->request->client->realm);
+    ret = krb5_copy_principal(context, ctx->request->client, client_out);
+
+cleanup:
+    krb5_get_init_creds_opt_free(context, opts);
+    krb5_init_creds_free(context, ctx);
+    return ret;
+}
+
+krb5_error_code
+k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
+                    krb5_flags options, krb5_address *const *addrs,
+                    krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types,
+                    krb5_creds *creds)
+{
+    int i;
+    krb5_timestamp starttime;
+    krb5_deltat lifetime;
+    krb5_get_init_creds_opt *opt;
+    krb5_error_code retval;
+
+    *out = NULL;
+    retval = krb5_get_init_creds_opt_alloc(context, &opt);
+    if (retval)
+        return(retval);
+
+    if (addrs)
+        krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
+    if (ktypes) {
+        i = k5_count_etypes(ktypes);
+        if (i)
+            krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
+    }
+    if (pre_auth_types) {
+        for (i=0; pre_auth_types[i]; i++);
+        if (i)
+            krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
+    }
+    if (options&KDC_OPT_FORWARDABLE)
+        krb5_get_init_creds_opt_set_forwardable(opt, 1);
+    else krb5_get_init_creds_opt_set_forwardable(opt, 0);
+    if (options&KDC_OPT_PROXIABLE)
+        krb5_get_init_creds_opt_set_proxiable(opt, 1);
+    else krb5_get_init_creds_opt_set_proxiable(opt, 0);
+    if (creds && creds->times.endtime) {
+        retval = krb5_timeofday(context, &starttime);
+        if (retval)
+            goto cleanup;
+        if (creds->times.starttime) starttime = creds->times.starttime;
+        lifetime = ts_delta(creds->times.endtime, starttime);
+        krb5_get_init_creds_opt_set_tkt_life(opt, lifetime);
+    }
+    *out = opt;
+    return 0;
+
+cleanup:
+    krb5_get_init_creds_opt_free(context, opt);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c b/krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c
new file mode 100644
index 00000000..f9baabbf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c
@@ -0,0 +1,395 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/gic_keytab.c */
+/*
+ * Copyright (C) 2002, 2003, 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "os-proto.h"
+#include "init_creds_ctx.h"
+
+static krb5_error_code
+get_as_key_keytab(krb5_context context,
+                  krb5_principal client,
+                  krb5_enctype etype,
+                  krb5_prompter_fct prompter,
+                  void *prompter_data,
+                  krb5_data *salt,
+                  krb5_data *params,
+                  krb5_keyblock *as_key,
+                  void *gak_data,
+                  k5_response_items *ritems)
+{
+    krb5_keytab keytab = (krb5_keytab) gak_data;
+    krb5_error_code ret;
+    krb5_keytab_entry kt_ent;
+
+    /* We don't need the password from the responder to create the AS key. */
+    if (as_key == NULL)
+        return 0;
+
+    /* if there's already a key of the correct etype, we're done.
+       if the etype is wrong, free the existing key, and make
+       a new one. */
+
+    if (as_key->length) {
+        if (as_key->enctype == etype)
+            return(0);
+
+        krb5_free_keyblock_contents(context, as_key);
+        as_key->length = 0;
+    }
+
+    if (!krb5_c_valid_enctype(etype))
+        return(KRB5_PROG_ETYPE_NOSUPP);
+
+    if ((ret = krb5_kt_get_entry(context, keytab, client,
+                                 0, /* don't have vno available */
+                                 etype, &kt_ent)))
+        return(ret);
+
+    /* Steal the keyblock from kt_ent for the caller. */
+    *as_key = kt_ent.key;
+    memset(&kt_ent.key, 0, sizeof(kt_ent.key));
+
+    (void) krb5_kt_free_entry(context, &kt_ent);
+
+    return 0;
+}
+
+/* Return the list of etypes available for client in keytab. */
+static krb5_error_code
+lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
+                         krb5_const_principal client,
+                         krb5_enctype **etypes_out)
+{
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry entry;
+    krb5_enctype *p, *etypes = NULL, etype;
+    krb5_kvno max_kvno = 0, vno;
+    krb5_error_code ret;
+    krb5_boolean match;
+    size_t count = 0;
+
+    *etypes_out = NULL;
+
+    if (keytab->ops->start_seq_get == NULL)
+        return EINVAL;
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret != 0)
+        return ret;
+
+    while (!(ret = krb5_kt_next_entry(context, keytab, &entry, &cursor))) {
+        /* Extract what we need from the entry and free it. */
+        etype = entry.key.enctype;
+        vno = entry.vno;
+        match = krb5_principal_compare(context, entry.principal, client);
+        krb5_free_keytab_entry_contents(context, &entry);
+
+        /* Filter out old or non-matching entries and invalid enctypes. */
+        if (vno < max_kvno || !match || !krb5_c_valid_enctype(etype))
+            continue;
+
+        /* Update max_kvno and reset the list if we find a newer kvno. */
+        if (vno > max_kvno) {
+            max_kvno = vno;
+            free(etypes);
+            etypes = NULL;
+            count = 0;
+        }
+
+        /* Leave room for the terminator and possibly a second entry. */
+        p = realloc(etypes, (count + 3) * sizeof(*etypes));
+        if (p == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        etypes = p;
+        etypes[count++] = etype;
+        etypes[count] = 0;
+    }
+    if (ret != KRB5_KT_END)
+        goto cleanup;
+    ret = 0;
+
+    *etypes_out = etypes;
+    etypes = NULL;
+
+cleanup:
+    krb5_kt_end_seq_get(context, keytab, &cursor);
+    free(etypes);
+    return ret;
+}
+
+/* Move the entries in keytab_list (zero-terminated) to the front of req_list
+ * (of length req_len), preserving order otherwise. */
+static krb5_error_code
+sort_enctypes(krb5_enctype *req_list, int req_len, krb5_enctype *keytab_list)
+{
+    krb5_enctype *save_list;
+    int save_pos, req_pos, i;
+
+    save_list = malloc(req_len * sizeof(*save_list));
+    if (save_list == NULL)
+        return ENOMEM;
+
+    /* Sort req_list entries into the front of req_list or into save_list. */
+    req_pos = save_pos = 0;
+    for (i = 0; i < req_len; i++) {
+        if (k5_etypes_contains(keytab_list, req_list[i]))
+            req_list[req_pos++] = req_list[i];
+        else
+            save_list[save_pos++] = req_list[i];
+    }
+
+    /* Put the entries we saved back in at the end, in order. */
+    for (i = 0; i < save_pos; i++)
+        req_list[req_pos++] = save_list[i];
+    assert(req_pos == req_len);
+
+    free(save_list);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_keytab(krb5_context context,
+                           krb5_init_creds_context ctx,
+                           krb5_keytab keytab)
+{
+    krb5_enctype *etype_list = NULL;
+    krb5_error_code ret;
+    struct canonprinc iter = { ctx->request->client, .subst_defrealm = TRUE };
+    krb5_const_principal canonprinc;
+    krb5_principal copy;
+    char *name;
+
+    ctx->gak_fct = get_as_key_keytab;
+    ctx->gak_data = keytab;
+
+    /* We may be authenticating as a host-based principal.  If so, look for
+     * each canonicalization candidate in the keytab. */
+    while ((ret = k5_canonprinc(context, &iter, &canonprinc)) == 0 &&
+           canonprinc != NULL) {
+        ret = lookup_etypes_for_keytab(context, keytab, canonprinc,
+                                       &etype_list);
+        if (ret || etype_list != NULL)
+            break;
+    }
+    if (!ret && canonprinc != NULL) {
+        /* Authenticate as the principal we found in the keytab. */
+        ret = krb5_copy_principal(context, canonprinc, &copy);
+        if (!ret) {
+            krb5_free_principal(context, ctx->request->client);
+            ctx->request->client = copy;
+        }
+    }
+    free_canonprinc(&iter);
+    if (ret) {
+        TRACE_INIT_CREDS_KEYTAB_LOOKUP_FAILED(context, ret);
+        free(etype_list);
+        return 0;
+    }
+    TRACE_INIT_CREDS_KEYTAB_LOOKUP(context, ctx->request->client, etype_list);
+
+    /* Error out if we have no keys for the client principal. */
+    if (etype_list == NULL) {
+        ret = krb5_unparse_name(context, ctx->request->client, &name);
+        if (ret == 0) {
+            k5_setmsg(context, KRB5_KT_NOTFOUND,
+                      _("Keytab contains no suitable keys for %s"), name);
+        }
+        krb5_free_unparsed_name(context, name);
+        return KRB5_KT_NOTFOUND;
+    }
+
+    /* Sort the request enctypes so the ones in the keytab appear first. */
+    ret = sort_enctypes(ctx->request->ktype, ctx->request->nktypes,
+                        etype_list);
+    free(etype_list);
+    return ret;
+}
+
+static krb5_error_code
+get_init_creds_keytab(krb5_context context, krb5_creds *creds,
+                      krb5_principal client, krb5_keytab keytab,
+                      krb5_deltat start_time, const char *in_tkt_service,
+                      krb5_get_init_creds_opt *options, int *use_primary)
+{
+    krb5_error_code ret;
+    krb5_init_creds_context ctx = NULL;
+
+    ret = krb5_init_creds_init(context, client, NULL, NULL, start_time,
+                               options, &ctx);
+    if (ret != 0)
+        goto cleanup;
+
+    if (in_tkt_service) {
+        ret = krb5_init_creds_set_service(context, ctx, in_tkt_service);
+        if (ret != 0)
+            goto cleanup;
+    }
+
+    ret = krb5_init_creds_set_keytab(context, ctx, keytab);
+    if (ret != 0)
+        goto cleanup;
+
+    ret = k5_init_creds_get(context, ctx, use_primary);
+    if (ret != 0)
+        goto cleanup;
+
+    ret = krb5_init_creds_get_creds(context, ctx, creds);
+    if (ret != 0)
+        goto cleanup;
+
+cleanup:
+    krb5_init_creds_free(context, ctx);
+
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_keytab(krb5_context context,
+                           krb5_creds *creds,
+                           krb5_principal client,
+                           krb5_keytab arg_keytab,
+                           krb5_deltat start_time,
+                           const char *in_tkt_service,
+                           krb5_get_init_creds_opt *options)
+{
+    krb5_error_code ret;
+    int use_primary;
+    krb5_keytab keytab;
+    struct errinfo errsave = EMPTY_ERRINFO;
+
+    if (arg_keytab == NULL) {
+        if ((ret = krb5_kt_default(context, &keytab)))
+            return ret;
+    } else {
+        keytab = arg_keytab;
+    }
+
+    use_primary = 0;
+
+    /* first try: get the requested tkt from any kdc */
+
+    ret = get_init_creds_keytab(context, creds, client, keytab, start_time,
+                                in_tkt_service, options, &use_primary);
+
+    /* check for success */
+
+    if (ret == 0)
+        goto cleanup;
+
+    /* If all the kdc's are unavailable fail */
+
+    if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
+        goto cleanup;
+
+    /* If the reply did not come from the primary kdc, try again with
+     * the primary kdc. */
+
+    if (!use_primary) {
+        use_primary = 1;
+
+        k5_save_ctx_error(context, ret, &errsave);
+        ret = get_init_creds_keytab(context, creds, client, keytab,
+                                    start_time, in_tkt_service, options,
+                                    &use_primary);
+        if (ret == 0)
+            goto cleanup;
+
+        /* If the primary is unreachable, return the error from the replica we
+         * were able to contact. */
+        if (ret == KRB5_KDC_UNREACH || ret == KRB5_REALM_CANT_RESOLVE ||
+            ret == KRB5_REALM_UNKNOWN)
+            ret = k5_restore_ctx_error(context, &errsave);
+    }
+
+    /* at this point, we have a response from the primary.  Since we don't
+       do any prompting or changing for keytabs, that's it. */
+
+cleanup:
+    if (arg_keytab == NULL)
+        krb5_kt_close(context, keytab);
+    k5_clear_error(&errsave);
+
+    return(ret);
+}
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
+                            krb5_address *const *addrs, krb5_enctype *ktypes,
+                            krb5_preauthtype *pre_auth_types,
+                            krb5_keytab arg_keytab, krb5_ccache ccache,
+                            krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+    krb5_error_code retval;
+    krb5_get_init_creds_opt *opts;
+    char * server = NULL;
+    krb5_keytab keytab;
+    krb5_principal client_princ, server_princ;
+    int use_primary = 0;
+
+    retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+                                 pre_auth_types, creds);
+    if (retval)
+        return retval;
+
+    if (arg_keytab == NULL) {
+        retval = krb5_kt_default(context, &keytab);
+        if (retval)
+            goto cleanup;
+    }
+    else keytab = arg_keytab;
+
+    retval = krb5_unparse_name( context, creds->server, &server);
+    if (retval)
+        goto cleanup;
+    server_princ = creds->server;
+    client_princ = creds->client;
+    retval = k5_get_init_creds(context, creds, creds->client,
+                               krb5_prompter_posix,  NULL, 0, server, opts,
+                               get_as_key_keytab, (void *)keytab, &use_primary,
+                               ret_as_reply);
+    krb5_free_unparsed_name( context, server);
+    if (retval) {
+        goto cleanup;
+    }
+    krb5_free_principal(context, creds->server);
+    krb5_free_principal(context, creds->client);
+    creds->client = client_princ;
+    creds->server = server_princ;
+
+    /* store it in the ccache! */
+    if (ccache)
+        if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+            goto cleanup;
+cleanup:
+    krb5_get_init_creds_opt_free(context, opts);
+    if (arg_keytab == NULL)
+        krb5_kt_close(context, keytab);
+    return retval;
+}
+
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gic_opt.c b/krb5-1.21.3/src/lib/krb5/krb/gic_opt.c
new file mode 100644
index 00000000..11f0b719
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gic_opt.c
@@ -0,0 +1,500 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+#include "int-proto.h"
+#include <krb5/clpreauth_plugin.h>
+
+#define GIC_OPT_EXTENDED      0x80000000
+#define GIC_OPT_SHALLOW_COPY  0x40000000
+
+#define DEFAULT_FLAGS KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
+
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#endif
+
+/* Match struct packing of krb5_get_init_creds_opt on macOS. */
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(push,2)
+#endif
+struct extended_options {
+    krb5_get_init_creds_opt opt;
+    int num_preauth_data;
+    krb5_gic_opt_pa_data *preauth_data;
+    char *fast_ccache_name;
+    krb5_ccache in_ccache;
+    krb5_ccache out_ccache;
+    krb5_flags fast_flags;
+    krb5_expire_callback_func expire_cb;
+    void *expire_data;
+    krb5_responder_fn responder;
+    void *responder_data;
+    int pac_request;            /* -1 unset, 0 false, 1 true */
+};
+#if defined(__APPLE__) && (defined(__ppc__) || defined(__ppc64__) || defined(__i386__) || defined(__x86_64__))
+#pragma pack(pop)
+#endif
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
+{
+    opt->flags = DEFAULT_FLAGS;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
+                                     krb5_deltat tkt_life)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
+    opt->tkt_life = tkt_life;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt,
+                                       krb5_deltat renew_life)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
+    opt->renew_life = renew_life;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt,
+                                        int forwardable)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
+    opt->forwardable = forwardable;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt,
+                                      int proxiable)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
+    opt->proxiable = proxiable;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt,
+                                         int canonicalize)
+{
+    if (canonicalize)
+        opt->flags |= KRB5_GET_INIT_CREDS_OPT_CANONICALIZE;
+    else
+        opt->flags &= ~(KRB5_GET_INIT_CREDS_OPT_CANONICALIZE);
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_anonymous (krb5_get_init_creds_opt *opt,
+                                       int anonymous)
+{
+    if (anonymous)
+        opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
+    else opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
+    opt->etype_list = etype_list;
+    opt->etype_list_length = etype_list_length;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
+                                         krb5_address **addresses)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
+    opt->address_list = addresses;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+                                         krb5_preauthtype *preauth_list,
+                                         int preauth_list_length)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
+    opt->preauth_list = preauth_list;
+    opt->preauth_list_length = preauth_list_length;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt)
+{
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
+    opt->salt = salt;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_set_change_password_prompt(
+    krb5_get_init_creds_opt *opt, int prompt)
+{
+    if (prompt)
+        opt->flags |= KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
+    else
+        opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_alloc(krb5_context context,
+                              krb5_get_init_creds_opt **opt)
+{
+    struct extended_options *opte;
+
+    if (opt == NULL)
+        return EINVAL;
+    *opt = NULL;
+
+    /* Return an extended structure cast as a krb5_get_init_creds_opt. */
+    opte = calloc(1, sizeof(*opte));
+    if (opte == NULL)
+        return ENOMEM;
+    opte->opt.flags = DEFAULT_FLAGS | GIC_OPT_EXTENDED;
+    opte->pac_request = -1;
+    *opt = (krb5_get_init_creds_opt *)opte;
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_free(krb5_context context,
+                             krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+    int i;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return;
+    assert(!(opt->flags & GIC_OPT_SHALLOW_COPY));
+    for (i = 0; i < opte->num_preauth_data; i++) {
+        free(opte->preauth_data[i].attr);
+        free(opte->preauth_data[i].value);
+    }
+    free(opte->preauth_data);
+    free(opte->fast_ccache_name);
+    free(opte);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_pa(krb5_context context,
+                               krb5_get_init_creds_opt *opt,
+                               const char *attr,
+                               const char *value)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+    krb5_gic_opt_pa_data *t, *pa;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    assert(!(opt->flags & GIC_OPT_SHALLOW_COPY));
+
+    /* Allocate space for another option. */
+    t = realloc(opte->preauth_data, (opte->num_preauth_data + 1) * sizeof(*t));
+    if (t == NULL)
+        return ENOMEM;
+    opte->preauth_data = t;
+
+    /* Copy the option into the new slot. */
+    pa = &opte->preauth_data[opte->num_preauth_data];
+    pa->attr = strdup(attr);
+    if (pa->attr == NULL)
+        return ENOMEM;
+    pa->value = strdup(value);
+    if (pa->value == NULL) {
+        free(pa->attr);
+        return ENOMEM;
+    }
+    opte->num_preauth_data++;
+
+    /* Give preauth modules a chance to look at the option now. */
+    return krb5_preauth_supply_preauth_data(context, opt, attr, value);
+}
+
+/*
+ * This function allows a preauth plugin to obtain preauth
+ * options.  The preauth_data returned from this function
+ * should be freed by calling krb5_get_init_creds_opt_free_pa().
+ *
+ * The 'opt' pointer supplied to this function must have been
+ * obtained using krb5_get_init_creds_opt_alloc()
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_pa(krb5_context context,
+                               krb5_get_init_creds_opt *opt,
+                               int *num_preauth_data,
+                               krb5_gic_opt_pa_data **preauth_data)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+    krb5_gic_opt_pa_data *p = NULL;
+    int i;
+
+    if (num_preauth_data == NULL || preauth_data == NULL)
+        return EINVAL;
+    *num_preauth_data = 0;
+    *preauth_data = NULL;
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+
+    if (opte->num_preauth_data == 0)
+        return 0;
+
+    p = calloc(opte->num_preauth_data, sizeof(*p));
+    if (p == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < opte->num_preauth_data; i++) {
+        p[i].attr = strdup(opte->preauth_data[i].attr);
+        p[i].value = strdup(opte->preauth_data[i].value);
+        if (p[i].attr == NULL || p[i].value == NULL)
+            goto cleanup;
+    }
+    *num_preauth_data = i;
+    *preauth_data = p;
+    return 0;
+
+cleanup:
+    krb5_get_init_creds_opt_free_pa(context, opte->num_preauth_data, p);
+    return ENOMEM;
+}
+
+/*
+ * This function frees the preauth_data that was returned by
+ * krb5_get_init_creds_opt_get_pa().
+ */
+void KRB5_CALLCONV
+krb5_get_init_creds_opt_free_pa(krb5_context context, int num_preauth_data,
+                                krb5_gic_opt_pa_data *preauth_data)
+{
+    int i;
+
+    if (num_preauth_data <= 0 || preauth_data == NULL)
+        return;
+
+    for (i = 0; i < num_preauth_data; i++) {
+        free(preauth_data[i].attr);
+        free(preauth_data[i].value);
+    }
+    free(preauth_data);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context,
+                                             krb5_get_init_creds_opt *opt,
+                                             const char *ccache_name)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    assert(!(opt->flags & GIC_OPT_SHALLOW_COPY));
+    free(opte->fast_ccache_name);
+    opte->fast_ccache_name = strdup(ccache_name);
+    if (opte->fast_ccache_name == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_ccache(krb5_context context,
+                                        krb5_get_init_creds_opt *opt,
+                                        krb5_ccache ccache)
+{
+    krb5_error_code ret;
+    char *name;
+
+    ret = krb5_cc_get_full_name(context, ccache, &name);
+    if (ret)
+        return ret;
+    ret = krb5_get_init_creds_opt_set_fast_ccache_name(context, opt, name);
+    free(name);
+    return ret;
+}
+
+const char *
+k5_gic_opt_get_fast_ccache_name(krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return NULL;
+    return opte->fast_ccache_name;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_in_ccache(krb5_context context,
+                                      krb5_get_init_creds_opt *opt,
+                                      krb5_ccache ccache)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    opte->in_ccache = ccache;
+    return 0;
+}
+
+krb5_ccache
+k5_gic_opt_get_in_ccache(krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return NULL;
+    return opte->in_ccache;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_out_ccache(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_ccache ccache)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    opte->out_ccache = ccache;
+    return 0;
+}
+
+krb5_ccache
+k5_gic_opt_get_out_ccache(krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return NULL;
+    return opte->out_ccache;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags flags)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    opte->fast_flags = flags;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags *out_flags)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (out_flags == NULL)
+        return EINVAL;
+    *out_flags = 0;
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    *out_flags = opte->fast_flags;
+    return 0;
+}
+
+krb5_flags
+k5_gic_opt_get_fast_flags(krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return 0;
+    return opte->fast_flags;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_expire_callback(krb5_context context,
+                                            krb5_get_init_creds_opt *opt,
+                                            krb5_expire_callback_func cb,
+                                            void *data)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    opte->expire_cb = cb;
+    opte->expire_data = data;
+    return 0;
+}
+
+void
+k5_gic_opt_get_expire_cb(krb5_get_init_creds_opt *opt,
+                         krb5_expire_callback_func *cb_out, void **data_out)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    *cb_out = NULL;
+    *data_out = NULL;
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return;
+    *cb_out = opte->expire_cb;
+    *data_out = opte->expire_data;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_responder(krb5_context context,
+                                      krb5_get_init_creds_opt *opt,
+                                      krb5_responder_fn responder, void *data)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    opte->responder = responder;
+    opte->responder_data = data;
+    return 0;
+}
+
+void
+k5_gic_opt_get_responder(krb5_get_init_creds_opt *opt,
+                         krb5_responder_fn *responder_out, void **data_out)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    *responder_out = NULL;
+    *data_out = NULL;
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return;
+    *responder_out = opte->responder;
+    *data_out = opte->responder_data;
+}
+
+krb5_get_init_creds_opt *
+k5_gic_opt_shallow_copy(krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte;
+
+    opte = calloc(1, sizeof(*opte));
+    if (opt == NULL)
+        opte->opt.flags = DEFAULT_FLAGS;
+    else if (opt->flags & GIC_OPT_EXTENDED)
+        *opte = *(struct extended_options *)opt;
+    else
+        opte->opt = *opt;
+    opte->opt.flags |= GIC_OPT_SHALLOW_COPY;
+    return (krb5_get_init_creds_opt *)opte;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_pac_request(krb5_context context,
+                                        krb5_get_init_creds_opt *opt,
+                                        krb5_boolean req_pac)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return EINVAL;
+    opte->pac_request = !!req_pac;
+    return 0;
+}
+
+int
+k5_gic_opt_pac_request(krb5_get_init_creds_opt *opt)
+{
+    struct extended_options *opte = (struct extended_options *)opt;
+
+    if (opt == NULL || !(opt->flags & GIC_OPT_EXTENDED))
+        return -1;
+    return opte->pac_request;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/gic_pwd.c b/krb5-1.21.3/src/lib/krb5/krb/gic_pwd.c
new file mode 100644
index 00000000..9a3d5988
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/gic_pwd.c
@@ -0,0 +1,473 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+#include "com_err.h"
+#include "init_creds_ctx.h"
+#include "int-proto.h"
+#include "os-proto.h"
+
+krb5_error_code
+krb5_get_as_key_password(krb5_context context,
+                         krb5_principal client,
+                         krb5_enctype etype,
+                         krb5_prompter_fct prompter,
+                         void *prompter_data,
+                         krb5_data *salt,
+                         krb5_data *params,
+                         krb5_keyblock *as_key,
+                         void *gak_data,
+                         k5_response_items *ritems)
+{
+    struct gak_password *gp = gak_data;
+    krb5_error_code ret;
+    krb5_data defsalt;
+    char *clientstr;
+    char promptstr[1024], pwbuf[1024];
+    krb5_data pw;
+    krb5_prompt prompt;
+    krb5_prompt_type prompt_type;
+    const char *rpass;
+
+    /* If we need to get the AS key via the responder, ask for it. */
+    if (as_key == NULL) {
+        if (gp->password != NULL)
+            return 0;
+
+        return k5_response_items_ask_question(ritems,
+                                              KRB5_RESPONDER_QUESTION_PASSWORD,
+                                              "");
+    }
+
+    /* If there's already a key of the correct etype, we're done.
+       If the etype is wrong, free the existing key, and make
+       a new one.
+
+       XXX This was the old behavior, and was wrong in hw preauth
+       cases.  Is this new behavior -- always asking -- correct in all
+       cases?  */
+
+    if (as_key->length) {
+        if (as_key->enctype != etype) {
+            krb5_free_keyblock_contents (context, as_key);
+            as_key->length = 0;
+        }
+    }
+
+    if (gp->password == NULL) {
+        /* Check the responder for the password. */
+        rpass = k5_response_items_get_answer(ritems,
+                                             KRB5_RESPONDER_QUESTION_PASSWORD);
+        if (rpass != NULL) {
+            ret = alloc_data(&gp->storage, strlen(rpass));
+            if (ret)
+                return ret;
+            memcpy(gp->storage.data, rpass, strlen(rpass));
+            gp->password = &gp->storage;
+        }
+    }
+
+    if (gp->password == NULL) {
+        if (prompter == NULL)
+            return(EIO);
+
+        if ((ret = krb5_unparse_name(context, client, &clientstr)))
+            return(ret);
+
+        snprintf(promptstr, sizeof(promptstr), _("Password for %s"),
+                 clientstr);
+        free(clientstr);
+
+        pw = make_data(pwbuf, sizeof(pwbuf));
+        prompt.prompt = promptstr;
+        prompt.hidden = 1;
+        prompt.reply = &pw;
+        prompt_type = KRB5_PROMPT_TYPE_PASSWORD;
+
+        /* PROMPTER_INVOCATION */
+        k5_set_prompt_types(context, &prompt_type);
+        ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt);
+        k5_set_prompt_types(context, 0);
+        if (ret)
+            return(ret);
+
+        ret = krb5int_copy_data_contents(context, &pw, &gp->storage);
+        zap(pw.data, pw.length);
+        if (ret)
+            return ret;
+        gp->password = &gp->storage;
+    }
+
+    if (salt == NULL) {
+        if ((ret = krb5_principal2salt(context, client, &defsalt)))
+            return(ret);
+
+        salt = &defsalt;
+    } else {
+        defsalt.length = 0;
+    }
+
+    ret = krb5_c_string_to_key_with_params(context, etype, gp->password, salt,
+                                           params->data?params:NULL, as_key);
+
+    if (defsalt.length)
+        free(defsalt.data);
+
+    return(ret);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_password(krb5_context context,
+                             krb5_init_creds_context ctx,
+                             const char *password)
+{
+    char *s;
+
+    s = strdup(password);
+    if (s == NULL)
+        return ENOMEM;
+
+    zapfree(ctx->gakpw.storage.data, ctx->gakpw.storage.length);
+    ctx->gakpw.storage = string2data(s);
+    ctx->gakpw.password = &ctx->gakpw.storage;
+    ctx->gak_fct = krb5_get_as_key_password;
+    ctx->gak_data = &ctx->gakpw;
+    return 0;
+}
+
+/*
+ * Create a temporary options structure for getting a kadmin/changepw ticket,
+ * based on the appplication-specified options.  Propagate all application
+ * options which affect preauthentication, but not options which affect the
+ * resulting ticket or how it is stored.  Set lifetime and flags appropriate
+ * for a ticket which we will use immediately and then discard.
+ *
+ * The caller should free the result with free().
+ */
+static krb5_error_code
+make_chpw_options(krb5_context context, krb5_get_init_creds_opt *in,
+                  krb5_get_init_creds_opt **out)
+{
+    krb5_get_init_creds_opt *opt;
+
+    *out = NULL;
+    opt = k5_gic_opt_shallow_copy(in);
+    if (opt == NULL)
+        return ENOMEM;
+
+    /* Get a non-forwardable, non-proxiable, short-lifetime ticket. */
+    krb5_get_init_creds_opt_set_tkt_life(opt, 5 * 60);
+    krb5_get_init_creds_opt_set_renew_life(opt, 0);
+    krb5_get_init_creds_opt_set_forwardable(opt, 0);
+    krb5_get_init_creds_opt_set_proxiable(opt, 0);
+
+    /* Unset options which should only apply to the actual ticket. */
+    opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
+    opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
+
+    /* The output ccache should only be used for the actual ticket. */
+    krb5_get_init_creds_opt_set_out_ccache(context, opt, NULL);
+
+    *out = opt;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_password(krb5_context context,
+                             krb5_creds *creds,
+                             krb5_principal client,
+                             const char *password,
+                             krb5_prompter_fct prompter,
+                             void *data,
+                             krb5_deltat start_time,
+                             const char *in_tkt_service,
+                             krb5_get_init_creds_opt *options)
+{
+    krb5_error_code ret;
+    int use_primary;
+    krb5_kdc_rep *as_reply;
+    int tries;
+    krb5_creds chpw_creds;
+    krb5_get_init_creds_opt *chpw_opts = NULL;
+    struct gak_password gakpw;
+    krb5_data pw0, pw1;
+    char banner[1024], pw0array[1024], pw1array[1024];
+    krb5_prompt prompt[2];
+    krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
+    struct errinfo errsave = EMPTY_ERRINFO;
+    char *message;
+
+    use_primary = 0;
+    as_reply = NULL;
+    memset(&chpw_creds, 0, sizeof(chpw_creds));
+    memset(&gakpw, 0, sizeof(gakpw));
+
+    if (password != NULL) {
+        pw0 = string2data((char *)password);
+        gakpw.password = &pw0;
+    }
+
+    /* first try: get the requested tkt from any kdc */
+
+    ret = k5_get_init_creds(context, creds, client, prompter, data, start_time,
+                            in_tkt_service, options, krb5_get_as_key_password,
+                            &gakpw, &use_primary, &as_reply);
+
+    /* check for success */
+
+    if (ret == 0)
+        goto cleanup;
+
+    /* If all the kdc's are unavailable, or if the error was due to a
+       user interrupt, fail */
+
+    if (ret == KRB5_KDC_UNREACH || ret == KRB5_REALM_CANT_RESOLVE ||
+        ret == KRB5_LIBOS_PWDINTR || ret == KRB5_LIBOS_CANTREADPWD)
+        goto cleanup;
+
+    /* If the reply did not come from the primary kdc, try again with
+     * the primary kdc. */
+
+    if (!use_primary) {
+        TRACE_GIC_PWD_PRIMARY(context);
+        use_primary = 1;
+
+        k5_save_ctx_error(context, ret, &errsave);
+        if (as_reply) {
+            krb5_free_kdc_rep( context, as_reply);
+            as_reply = NULL;
+        }
+        ret = k5_get_init_creds(context, creds, client, prompter, data,
+                                start_time, in_tkt_service, options,
+                                krb5_get_as_key_password, &gakpw, &use_primary,
+                                &as_reply);
+
+        if (ret == 0)
+            goto cleanup;
+
+        /* If the primary is unreachable, return the error from the replica we
+         * were able to contact and reset the use_primary flag. */
+        if (ret == KRB5_KDC_UNREACH || ret == KRB5_REALM_CANT_RESOLVE ||
+            ret == KRB5_REALM_UNKNOWN) {
+            ret = k5_restore_ctx_error(context, &errsave);
+            use_primary = 0;
+        }
+    }
+
+    /* at this point, we have an error from the primary.  if the error
+       is not password expired, or if it is but there's no prompter,
+       return this error */
+
+    if ((ret != KRB5KDC_ERR_KEY_EXP) ||
+        (prompter == NULL))
+        goto cleanup;
+
+    /* historically the default has been to prompt for password change.
+     * if the change password prompt option has not been set, we continue
+     * to prompt.  Prompting is only disabled if the option has been set
+     * and the value has been set to false.
+     */
+    if (options && !(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
+        goto cleanup;
+    TRACE_GIC_PWD_EXPIRED(context);
+
+    /* ok, we have an expired password.  Give the user a few chances
+       to change it */
+
+    ret = make_chpw_options(context, options, &chpw_opts);
+    if (ret)
+        goto cleanup;
+    ret = k5_get_init_creds(context, &chpw_creds, client, prompter, data,
+                            start_time, "kadmin/changepw", chpw_opts,
+                            krb5_get_as_key_password, &gakpw, &use_primary,
+                            NULL);
+    if (ret)
+        goto cleanup;
+
+    pw0.data = pw0array;
+    pw0.data[0] = '\0';
+    pw0.length = sizeof(pw0array);
+    prompt[0].prompt = _("Enter new password");
+    prompt[0].hidden = 1;
+    prompt[0].reply = &pw0;
+    prompt_types[0] = KRB5_PROMPT_TYPE_NEW_PASSWORD;
+
+    pw1.data = pw1array;
+    pw1.data[0] = '\0';
+    pw1.length = sizeof(pw1array);
+    prompt[1].prompt = _("Enter it again");
+    prompt[1].hidden = 1;
+    prompt[1].reply = &pw1;
+    prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
+
+    strlcpy(banner, _("Password expired.  You must change it now."),
+            sizeof(banner));
+
+    for (tries = 3; tries; tries--) {
+        TRACE_GIC_PWD_CHANGEPW(context, tries);
+        pw0.length = sizeof(pw0array);
+        pw1.length = sizeof(pw1array);
+
+        /* PROMPTER_INVOCATION */
+        k5_set_prompt_types(context, prompt_types);
+        ret = (*prompter)(context, data, 0, banner,
+                          sizeof(prompt)/sizeof(prompt[0]), prompt);
+        k5_set_prompt_types(context, 0);
+        if (ret)
+            goto cleanup;
+
+        if (strcmp(pw0.data, pw1.data) != 0) {
+            ret = KRB5_LIBOS_BADPWDMATCH;
+            snprintf(banner, sizeof(banner),
+                     _("%s.  Please try again."), error_message(ret));
+        } else if (pw0.length == 0) {
+            ret = KRB5_CHPW_PWDNULL;
+            snprintf(banner, sizeof(banner),
+                     _("%s.  Please try again."), error_message(ret));
+        } else {
+            int result_code;
+            krb5_data code_string;
+            krb5_data result_string;
+
+            if ((ret = krb5_change_password(context, &chpw_creds, pw0array,
+                                            &result_code, &code_string,
+                                            &result_string)))
+                goto cleanup;
+
+            /* the change succeeded.  go on */
+
+            if (result_code == 0) {
+                free(code_string.data);
+                free(result_string.data);
+                break;
+            }
+
+            /* set this in case the retry loop falls through */
+
+            ret = KRB5_CHPW_FAIL;
+
+            if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(code_string.data);
+                free(result_string.data);
+                goto cleanup;
+            }
+
+            /* the error was soft, so try again */
+
+            if (krb5_chpw_message(context, &result_string, &message) != 0)
+                message = NULL;
+
+            /* 100 is I happen to know that no code_string will be longer
+               than 100 chars */
+
+            if (message != NULL && strlen(message) > (sizeof(banner) - 100))
+                message[sizeof(banner) - 100] = '\0';
+
+            snprintf(banner, sizeof(banner),
+                     _("%.*s%s%s.  Please try again.\n"),
+                     (int) code_string.length, code_string.data,
+                     message ? ": " : "", message ? message : "");
+
+            free(message);
+            free(code_string.data);
+            free(result_string.data);
+        }
+    }
+
+    if (ret)
+        goto cleanup;
+
+    /* The password change was successful.  Get an initial ticket from the
+     * primary.  This is the last try.  The return from this is final. */
+
+    TRACE_GIC_PWD_CHANGED(context);
+    gakpw.password = &pw0;
+    ret = k5_get_init_creds(context, creds, client, prompter, data,
+                            start_time, in_tkt_service, options,
+                            krb5_get_as_key_password, &gakpw, &use_primary,
+                            &as_reply);
+    if (ret)
+        goto cleanup;
+
+cleanup:
+    free(chpw_opts);
+    zapfree(gakpw.storage.data, gakpw.storage.length);
+    memset(pw0array, 0, sizeof(pw0array));
+    memset(pw1array, 0, sizeof(pw1array));
+    krb5_free_cred_contents(context, &chpw_creds);
+    if (as_reply)
+        krb5_free_kdc_rep(context, as_reply);
+    k5_clear_error(&errsave);
+
+    return(ret);
+}
+
+/*
+  Rewrites get_in_tkt in terms of newer get_init_creds API.
+  Attempts to get an initial ticket for creds->client to use server
+  creds->server, (realm is taken from creds->client), with options
+  options, and using creds->times.starttime, creds->times.endtime,
+  creds->times.renew_till as from, till, and rtime.
+  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+
+  If addrs is non-NULL, it is used for the addresses requested.  If it is
+  null, the system standard addresses are used.
+
+  If password is non-NULL, it is converted using the cryptosystem entry
+  point for a string conversion routine, seeded with the client's name.
+  If password is passed as NULL, the password is read from the terminal,
+  and then converted into a key.
+
+  A successful call will place the ticket in the credentials cache ccache.
+
+  returns system errors, encryption errors
+*/
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
+                              krb5_address *const *addrs, krb5_enctype *ktypes,
+                              krb5_preauthtype *pre_auth_types,
+                              const char *password, krb5_ccache ccache,
+                              krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+    krb5_error_code retval;
+    struct gak_password gakpw;
+    krb5_data pw;
+    char * server;
+    krb5_principal server_princ, client_princ;
+    int use_primary = 0;
+    krb5_get_init_creds_opt *opts = NULL;
+
+    memset(&gakpw, 0, sizeof(gakpw));
+    if (password != NULL) {
+        pw = string2data((char *)password);
+        gakpw.password = &pw;
+    }
+    retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+                                 pre_auth_types, creds);
+    if (retval)
+        return (retval);
+    retval = krb5_unparse_name( context, creds->server, &server);
+    if (retval) {
+        krb5_get_init_creds_opt_free(context, opts);
+        return (retval);
+    }
+    server_princ = creds->server;
+    client_princ = creds->client;
+    retval = k5_get_init_creds(context, creds, creds->client,
+                               krb5_prompter_posix, NULL, 0, server, opts,
+                               krb5_get_as_key_password, &gakpw, &use_primary,
+                               ret_as_reply);
+    krb5_free_unparsed_name( context, server);
+    krb5_get_init_creds_opt_free(context, opts);
+    zapfree(gakpw.storage.data, gakpw.storage.length);
+    if (retval) {
+        return (retval);
+    }
+    krb5_free_principal( context, creds->server);
+    krb5_free_principal( context, creds->client);
+    creds->client = client_princ;
+    creds->server = server_princ;
+    /* store it in the ccache! */
+    if (ccache)
+        if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+            return (retval);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/in_tkt_sky.c b/krb5-1.21.3/src/lib/krb5/krb/in_tkt_sky.c
new file mode 100644
index 00000000..55c951a9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/in_tkt_sky.c
@@ -0,0 +1,120 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/in_tkt_sky.c */
+/*
+ * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/* Copy the caller-provided keyblock into the AS keyblock. */
+static krb5_error_code
+get_as_key_skey(krb5_context context, krb5_principal client,
+                krb5_enctype etype, krb5_prompter_fct prompter,
+                void *prompter_data, krb5_data *salt, krb5_data *params,
+                krb5_keyblock *as_key, void *gak_data,
+                k5_response_items *ritems)
+{
+    const krb5_keyblock *key = gak_data;
+
+    if (!krb5_c_valid_enctype(etype))
+        return(KRB5_PROG_ETYPE_NOSUPP);
+    if (as_key->length)
+        krb5_free_keyblock_contents(context, as_key);
+    return krb5int_c_copy_keyblock_contents(context, key, as_key);
+}
+
+/*
+  Similar to krb5_get_in_tkt_with_password.
+
+  Attempts to get an initial ticket for creds->client to use server
+  creds->server, (realm is taken from creds->client), with options
+  options, and using creds->times.starttime, creds->times.endtime,
+  creds->times.renew_till as from, till, and rtime.
+  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+
+  If addrs is non-NULL, it is used for the addresses requested.  If it is
+  null, the system standard addresses are used.
+
+  If keyblock is NULL, an appropriate key for creds->client is retrieved from
+  the system key store (e.g. /etc/krb5.keytab).  If keyblock is non-NULL, it
+  is used as the decryption key.
+
+  A successful call will place the ticket in the credentials cache ccache.
+
+  returns system errors, encryption errors
+
+*/
+krb5_error_code KRB5_CALLCONV
+krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
+                          krb5_address *const *addrs, krb5_enctype *ktypes,
+                          krb5_preauthtype *pre_auth_types,
+                          const krb5_keyblock *key, krb5_ccache ccache,
+                          krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+{
+    krb5_error_code retval;
+    char *server;
+    krb5_principal server_princ, client_princ;
+    int use_primary = 0;
+    krb5_get_init_creds_opt *opts = NULL;
+
+    retval = k5_populate_gic_opt(context, &opts, options, addrs, ktypes,
+                                 pre_auth_types, creds);
+    if (retval)
+        return retval;
+
+    retval = krb5_get_init_creds_opt_set_out_ccache(context, opts, ccache);
+    if (retval)
+        goto cleanup;
+
+#ifndef LEAN_CLIENT
+    if (key == NULL) {
+        retval = krb5_get_init_creds_keytab(context, creds, creds->client,
+                                            NULL /* keytab */,
+                                            creds->times.starttime,
+                                            NULL /* in_tkt_service */,
+                                            opts);
+        goto cleanup;
+    }
+#endif /* LEAN_CLIENT */
+
+    retval = krb5_unparse_name(context, creds->server, &server);
+    if (retval)
+        goto cleanup;
+    server_princ = creds->server;
+    client_princ = creds->client;
+    retval = k5_get_init_creds(context, creds, creds->client,
+                               krb5_prompter_posix, NULL, 0, server, opts,
+                               get_as_key_skey, (void *)key, &use_primary,
+                               ret_as_reply);
+    krb5_free_unparsed_name(context, server);
+    if (retval)
+        goto cleanup;
+    krb5_free_principal( context, creds->server);
+    krb5_free_principal( context, creds->client);
+    creds->client = client_princ;
+    creds->server = server_princ;
+cleanup:
+    krb5_get_init_creds_opt_free(context, opts);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/init_creds_ctx.h b/krb5-1.21.3/src/lib/krb5/krb/init_creds_ctx.h
new file mode 100644
index 00000000..17d55dd7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/init_creds_ctx.h
@@ -0,0 +1,92 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#ifndef KRB5_INIT_CREDS_CONTEXT
+#define KRB5_INIT_CREDS_CONTEXT 1
+
+#include "k5-json.h"
+#include "int-proto.h"
+
+typedef struct krb5_preauth_req_context_st *krb5_preauth_req_context;
+
+struct krb5_responder_context_st {
+    k5_response_items *items;
+};
+
+struct gak_password {
+    krb5_data storage;
+    const krb5_data *password;
+};
+
+struct _krb5_init_creds_context {
+    krb5_get_init_creds_opt *opt;
+    krb5_get_init_creds_opt opt_storage;
+    krb5_boolean identify_realm;
+    const krb5_data *subject_cert;
+    krb5_principal keytab_princ;
+    char *in_tkt_service;
+    krb5_prompter_fct prompter;
+    void *prompter_data;
+    get_as_key_fn gak_fct;
+    void *gak_data;
+    krb5_timestamp request_time;
+    krb5_deltat start_time;
+    krb5_deltat tkt_life;
+    krb5_deltat renew_life;
+    krb5_boolean complete;
+    unsigned int loopcount;
+    struct gak_password gakpw;
+    krb5_error *err_reply;
+    krb5_pa_data **err_padata;
+    krb5_creds cred;
+    krb5_kdc_req *request;
+    krb5_kdc_rep *reply;
+    /**
+     * Stores the outer request body in order to feed into FAST for
+     * checksumming.  This is maintained even if FAST is not used. This is not
+     * used for preauth: that requires the inner request body.  For AS-only
+     * FAST it would be better for krb5int_fast_prep_req() to simply generate
+     * this.  However for TGS FAST, the client needs to supply the
+     * to_be_checksummed data. Whether this should be refactored should be
+     * revisited as TGS fast is integrated.
+     */
+    krb5_data *outer_request_body;
+    krb5_data *inner_request_body; /**< For preauth */
+    krb5_data *encoded_previous_request;
+    struct krb5int_fast_request_state *fast_state;
+    krb5_pa_data **optimistic_padata; /* from gic options */
+    krb5_pa_data **method_padata; /* from PREAUTH_REQUIRED or PREAUTH_FAILED */
+    krb5_pa_data **more_padata; /* from MORE_PREAUTH_DATA_REQUIRED */
+    krb5_boolean default_salt;
+    krb5_data salt;
+    krb5_data s2kparams;
+    krb5_keyblock as_key;
+    krb5_enctype etype;
+    krb5_boolean info_pa_permitted;
+    krb5_boolean restarted;
+    krb5_boolean fallback_disabled;
+    krb5_boolean encts_disabled;
+    struct krb5_responder_context_st rctx;
+    krb5_preauthtype selected_preauth_type;
+    krb5_preauthtype allowed_preauth_type;
+    k5_json_object cc_config_in;
+    k5_json_object cc_config_out;
+    /* Discovered offset of server time during preauth */
+    krb5_timestamp pa_offset;
+    krb5_int32 pa_offset_usec;
+    enum { NO_OFFSET = 0, UNAUTH_OFFSET, AUTH_OFFSET } pa_offset_state;
+    krb5_preauth_req_context preauth_reqctx;
+};
+
+krb5_error_code
+krb5_get_as_key_password(krb5_context context,
+                         krb5_principal client,
+                         krb5_enctype etype,
+                         krb5_prompter_fct prompter,
+                         void *prompter_data,
+                         krb5_data *salt,
+                         krb5_data *params,
+                         krb5_keyblock *as_key,
+                         void *gak_data,
+                         k5_response_items *ritems);
+
+#endif /* !KRB5_INIT_CREDS_CONTEXT */
diff --git a/krb5-1.21.3/src/lib/krb5/krb/init_ctx.c b/krb5-1.21.3/src/lib/krb5/krb/init_ctx.c
new file mode 100644
index 00000000..a6c2bbeb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/init_ctx.c
@@ -0,0 +1,596 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/init_ctx.c */
+/*
+ * Copyright 1994,1999,2000, 2002, 2003, 2007, 2008, 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "os-proto.h"
+#include <ctype.h>
+#include "brand.c"
+#include "../krb5_libinit.h"
+
+static krb5_enctype default_enctype_list[] = {
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC,
+    0
+};
+
+#if (defined(_WIN32))
+extern krb5_error_code krb5_vercheck();
+extern void krb5_win_ccdll_load(krb5_context context);
+#endif
+
+#define DEFAULT_CLOCKSKEW  300 /* 5 min */
+
+static krb5_error_code
+get_integer(krb5_context ctx, const char *name, int def_val, int *int_out)
+{
+    krb5_error_code retval;
+
+    retval = profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                                 name, NULL, def_val, int_out);
+    if (retval)
+        TRACE_PROFILE_ERR(ctx, name, KRB5_CONF_LIBDEFAULTS, retval);
+    return retval;
+}
+
+static krb5_error_code
+get_boolean(krb5_context ctx, const char *name, int def_val, int *boolean_out)
+{
+    krb5_error_code retval;
+
+    retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                                 name, NULL, def_val, boolean_out);
+    if (retval)
+        TRACE_PROFILE_ERR(ctx, name, KRB5_CONF_LIBDEFAULTS, retval);
+    return retval;
+}
+
+static krb5_error_code
+get_tristate(krb5_context ctx, const char *name, const char *third_option,
+             int third_option_val, int def_val, int *val_out)
+{
+    krb5_error_code retval;
+    char *str;
+    int match;
+
+    retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS, name,
+                                 NULL, def_val, val_out);
+    if (retval != PROF_BAD_BOOLEAN)
+        return retval;
+    retval = profile_get_string(ctx->profile, KRB5_CONF_LIBDEFAULTS, name,
+                                NULL, NULL, &str);
+    if (retval)
+        return retval;
+    match = (strcasecmp(third_option, str) == 0);
+    free(str);
+    if (!match)
+        return EINVAL;
+    *val_out = third_option_val;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_context(krb5_context *context)
+{
+    /*
+     * This is rather silly, but should improve our chances of
+     * retaining the krb5_brand array in the final linked library,
+     * better than a static variable that's unreferenced after
+     * optimization, or even a non-static symbol that's not exported
+     * from the library nor referenced from anywhere else in the
+     * library.
+     *
+     * If someday we grow an API to actually return the string, we can
+     * get rid of this silliness.
+     */
+    int my_zero = (krb5_brand[0] == 0);
+
+    return krb5_init_context_profile(NULL, my_zero, context);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_secure_context(krb5_context *context)
+{
+    return krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_SECURE, context);
+}
+
+krb5_error_code
+krb5int_init_context_kdc(krb5_context *context)
+{
+    return krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, context);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_context_profile(profile_t profile, krb5_flags flags,
+                          krb5_context *context_out)
+{
+    krb5_context ctx = 0;
+    krb5_error_code retval;
+    int tmp;
+    char *plugin_dir = NULL;
+
+    /* Verify some assumptions.  If the assumptions hold and the
+       compiler is optimizing, this should result in no code being
+       executed.  If we're guessing "unsigned long long" instead
+       of using uint64_t, the possibility does exist that we're
+       wrong.  */
+    {
+        uint64_t i64;
+        assert(sizeof(i64) == 8);
+        i64 = 0, i64--, i64 >>= 62;
+        assert(i64 == 3);
+        i64 = 1, i64 <<= 31, i64 <<= 31, i64 <<= 1;
+        assert(i64 != 0);
+        i64 <<= 1;
+        assert(i64 == 0);
+    }
+
+    retval = krb5int_initialize_library();
+    if (retval)
+        return retval;
+
+#if (defined(_WIN32))
+    /*
+     * Load the krbcc32.dll if necessary.  We do this here so that
+     * we know to use API: later on during initialization.
+     * The context being NULL is ok.
+     */
+    krb5_win_ccdll_load(ctx);
+
+    /*
+     * krb5_vercheck() is defined in win_glue.c, and this is
+     * where we handle the timebomb and version server checks.
+     */
+    retval = krb5_vercheck();
+    if (retval)
+        return retval;
+#endif
+
+    *context_out = NULL;
+
+    ctx = calloc(1, sizeof(struct _krb5_context));
+    if (!ctx)
+        return ENOMEM;
+    ctx->magic = KV5M_CONTEXT;
+
+    ctx->profile_secure = (flags & KRB5_INIT_CONTEXT_SECURE) != 0;
+
+    retval = k5_os_init_context(ctx, profile, flags);
+    if (retval)
+        goto cleanup;
+
+    ctx->trace_callback = NULL;
+#ifndef DISABLE_TRACING
+    if (!ctx->profile_secure)
+        k5_init_trace(ctx);
+#endif
+
+    retval = get_boolean(ctx, KRB5_CONF_ALLOW_WEAK_CRYPTO, 0, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->allow_weak_crypto = tmp;
+
+    retval = get_boolean(ctx, KRB5_CONF_ALLOW_DES3, 0, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->allow_des3 = tmp;
+
+    retval = get_boolean(ctx, KRB5_CONF_ALLOW_RC4, 0, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->allow_rc4 = tmp;
+
+    retval = get_boolean(ctx, KRB5_CONF_IGNORE_ACCEPTOR_HOSTNAME, 0, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->ignore_acceptor_hostname = tmp;
+
+    retval = get_boolean(ctx, KRB5_CONF_ENFORCE_OK_AS_DELEGATE, 0, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->enforce_ok_as_delegate = tmp;
+
+    retval = get_tristate(ctx, KRB5_CONF_DNS_CANONICALIZE_HOSTNAME, "fallback",
+                          CANONHOST_FALLBACK, 1, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->dns_canonicalize_hostname = tmp;
+
+    ctx->default_realm = 0;
+    get_integer(ctx, KRB5_CONF_CLOCKSKEW, DEFAULT_CLOCKSKEW, &tmp);
+    ctx->clockskew = tmp;
+
+    get_integer(ctx, KRB5_CONF_KDC_DEFAULT_OPTIONS, KDC_OPT_RENEWABLE_OK,
+                &tmp);
+    ctx->kdc_default_options = tmp;
+#define DEFAULT_KDC_TIMESYNC 1
+    get_integer(ctx, KRB5_CONF_KDC_TIMESYNC, DEFAULT_KDC_TIMESYNC, &tmp);
+    ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
+
+    retval = profile_get_string(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                                KRB5_CONF_PLUGIN_BASE_DIR, 0,
+                                DEFAULT_PLUGIN_BASE_DIR, &plugin_dir);
+    if (!retval)
+        retval = k5_expand_path_tokens(ctx, plugin_dir, &ctx->plugin_base_dir);
+    if (retval) {
+        TRACE_PROFILE_ERR(ctx, KRB5_CONF_PLUGIN_BASE_DIR,
+                          KRB5_CONF_LIBDEFAULTS, retval);
+        goto cleanup;
+    }
+
+    /*
+     * We use a default file credentials cache of 3.  See
+     * lib/krb5/krb/ccache/file/fcc.h for a description of the
+     * credentials cache types.
+     *
+     * Note: DCE 1.0.3a only supports a cache type of 1
+     *      DCE 1.1 supports a cache type of 2.
+     */
+#define DEFAULT_CCACHE_TYPE 4
+    get_integer(ctx, KRB5_CONF_CCACHE_TYPE, DEFAULT_CCACHE_TYPE, &tmp);
+    ctx->fcc_default_format = tmp + 0x0500;
+    ctx->prompt_types = 0;
+    ctx->use_conf_ktypes = 0;
+    ctx->udp_pref_limit = -1;
+
+    /* It's OK if this fails */
+    (void)profile_get_string(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_ERR_FMT, NULL, NULL, &ctx->err_fmt);
+    *context_out = ctx;
+    ctx = NULL;
+
+cleanup:
+    profile_release_string(plugin_dir);
+    krb5_free_context(ctx);
+    return retval;
+}
+
+void KRB5_CALLCONV
+krb5_free_context(krb5_context ctx)
+{
+    if (ctx == NULL)
+        return;
+    k5_os_free_context(ctx);
+
+    free(ctx->tgs_etypes);
+    ctx->tgs_etypes = NULL;
+    free(ctx->default_realm);
+    ctx->default_realm = 0;
+
+    krb5_clear_error_message(ctx);
+    free(ctx->err_fmt);
+
+#ifndef DISABLE_TRACING
+    if (ctx->trace_callback)
+        ctx->trace_callback(ctx, NULL, ctx->trace_callback_data);
+#endif
+
+    k5_ccselect_free_context(ctx);
+    k5_hostrealm_free_context(ctx);
+    k5_localauth_free_context(ctx);
+    k5_plugin_free_context(ctx);
+    free(ctx->plugin_base_dir);
+    free(ctx->tls);
+
+    ctx->magic = 0;
+    free(ctx);
+}
+
+/*
+ * Set the desired default ktypes, making sure they are valid.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype *etypes)
+{
+    krb5_error_code code;
+    krb5_enctype *list;
+    size_t src, dst;
+
+    if (etypes) {
+        /* Empty list passed in. */
+        if (etypes[0] == 0)
+            return EINVAL;
+        code = k5_copy_etypes(etypes, &list);
+        if (code)
+            return code;
+
+        /* Filter list in place to exclude invalid and (optionally) weak
+         * enctypes. */
+        for (src = dst = 0; list[src]; src++) {
+            if (!krb5_c_valid_enctype(list[src]))
+                continue;
+            if (!context->allow_weak_crypto
+                && krb5int_c_weak_enctype(list[src]))
+                continue;
+            list[dst++] = list[src];
+        }
+        list[dst] = 0;          /* Zero-terminate. */
+        if (dst == 0) {
+            free(list);
+            return KRB5_CONFIG_ETYPE_NOSUPP;
+        }
+    } else {
+        list = NULL;
+    }
+
+    free(context->tgs_etypes);
+    context->tgs_etypes = list;
+    return 0;
+}
+
+/* Old name for above function.  This is not a public API, but Samba (as of
+ * 2021-02-12) uses this name if it finds it in the library. */
+krb5_error_code
+krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes);
+
+krb5_error_code
+krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes)
+{
+    return krb5_set_default_tgs_enctypes(context, etypes);
+}
+
+/*
+ * Add etype to, or remove etype from, the zero-terminated list *list_ptr,
+ * reallocating if the list size changes.  Filter out weak enctypes if
+ * allow_weak is false.  If memory allocation fails, set *list_ptr to NULL and
+ * do nothing for subsequent operations.
+ */
+static void
+mod_list(krb5_enctype etype, krb5_boolean add, krb5_boolean allow_weak,
+         krb5_enctype **list_ptr)
+{
+    size_t i;
+    krb5_enctype *list = *list_ptr;
+
+    /* Stop now if a previous allocation failed or the enctype is filtered. */
+    if (list == NULL || (!allow_weak && krb5int_c_weak_enctype(etype)))
+        return;
+    if (add) {
+        /* Count entries; do nothing if etype is a duplicate. */
+        for (i = 0; list[i] != 0; i++) {
+            if (list[i] == etype)
+                return;
+        }
+        /* Make room for the new entry and add it. */
+        list = realloc(list, (i + 2) * sizeof(krb5_enctype));
+        if (list != NULL) {
+            list[i] = etype;
+            list[i + 1] = 0;
+        }
+    } else {
+        /* Look for etype in the list. */
+        for (i = 0; list[i] != 0; i++) {
+            if (list[i] != etype)
+                continue;
+            /* Perform removal. */
+            for (; list[i + 1] != 0; i++)
+                list[i] = list[i + 1];
+            list[i] = 0;
+            list = realloc(list, (i + 1) * sizeof(krb5_enctype));
+            break;
+        }
+    }
+    /* Update *list_ptr, freeing the old value if realloc failed. */
+    if (list == NULL)
+        free(*list_ptr);
+    *list_ptr = list;
+}
+
+/*
+ * Set *result to a zero-terminated list of enctypes resulting from
+ * parsing profstr.  profstr may be modified during parsing.
+ */
+krb5_error_code
+krb5int_parse_enctype_list(krb5_context context, const char *profkey,
+                           char *profstr, krb5_enctype *default_list,
+                           krb5_enctype **result)
+{
+    char *token, *delim = " \t\r\n,", *save = NULL;
+    krb5_boolean sel, weak = context->allow_weak_crypto;
+    krb5_enctype etype, *list;
+    unsigned int i;
+
+    *result = NULL;
+
+    /* Set up an empty list.  Allocation failure is detected at the end. */
+    list = malloc(sizeof(krb5_enctype));
+    if (list != NULL)
+        list[0] = 0;
+
+    /* Walk through the words in profstr. */
+    for (token = strtok_r(profstr, delim, &save); token;
+         token = strtok_r(NULL, delim, &save)) {
+        /* Determine if we are adding or removing enctypes. */
+        sel = TRUE;
+        if (*token == '+' || *token == '-')
+            sel = (*token++ == '+');
+
+        if (strcasecmp(token, "DEFAULT") == 0) {
+            /* Set all enctypes in the default list. */
+            for (i = 0; default_list[i]; i++)
+                mod_list(default_list[i], sel, weak, &list);
+        } else if (strcasecmp(token, "des3") == 0) {
+            mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list);
+        } else if (strcasecmp(token, "aes") == 0) {
+            mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, &list);
+            mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list);
+            mod_list(ENCTYPE_AES256_CTS_HMAC_SHA384_192, sel, weak, &list);
+            mod_list(ENCTYPE_AES128_CTS_HMAC_SHA256_128, sel, weak, &list);
+        } else if (strcasecmp(token, "rc4") == 0) {
+            mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list);
+        } else if (strcasecmp(token, "camellia") == 0) {
+            mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list);
+            mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list);
+        } else if (krb5_string_to_enctype(token, &etype) == 0) {
+            /* Set a specific enctype. */
+            mod_list(etype, sel, weak, &list);
+        } else {
+            TRACE_ENCTYPE_LIST_UNKNOWN(context, profkey, token);
+        }
+    }
+
+    if (list == NULL)
+        return ENOMEM;
+    if (list[0] == ENCTYPE_NULL) {
+        free(list);
+        return KRB5_CONFIG_ETYPE_NOSUPP;
+    }
+    *result = list;
+    return 0;
+}
+
+krb5_error_code
+krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes)
+{
+    krb5_error_code ret;
+    char *profstr = NULL;
+    const char *profkey;
+
+    *ktypes = NULL;
+
+    profkey = KRB5_CONF_DEFAULT_TKT_ENCTYPES;
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             profkey, NULL, NULL, &profstr);
+    if (ret)
+        return ret;
+    if (profstr == NULL) {
+        profkey = KRB5_CONF_PERMITTED_ENCTYPES;
+        ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                 profkey, NULL, "DEFAULT", &profstr);
+        if (ret)
+            return ret;
+    }
+
+    ret = krb5int_parse_enctype_list(context, profkey, profstr,
+                                     default_enctype_list, ktypes);
+    profile_release_string(profstr);
+    return ret;
+}
+
+void
+KRB5_CALLCONV
+krb5_free_enctypes(krb5_context context, krb5_enctype *val)
+{
+    free (val);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ,
+                    krb5_enctype **ktypes)
+{
+    krb5_error_code ret;
+    char *profstr = NULL;
+    const char *profkey;
+
+    *ktypes = NULL;
+
+    /* Use only profile configuration when use_conf_ktypes is set. */
+    if (!context->use_conf_ktypes && context->tgs_etypes != NULL)
+        return k5_copy_etypes(context->tgs_etypes, ktypes);
+
+    profkey = KRB5_CONF_DEFAULT_TGS_ENCTYPES;
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             profkey, NULL, NULL, &profstr);
+    if (ret)
+        return ret;
+    if (profstr == NULL) {
+        profkey = KRB5_CONF_PERMITTED_ENCTYPES;
+        ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                 profkey, NULL, "DEFAULT", &profstr);
+        if (ret)
+            return ret;
+    }
+
+    ret = krb5int_parse_enctype_list(context, profkey, profstr,
+                                     default_enctype_list, ktypes);
+    profile_release_string(profstr);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)
+{
+    krb5_error_code ret;
+    char *profstr = NULL;
+    const char *profkey;
+
+    *ktypes = NULL;
+
+    if (context->tgs_etypes != NULL)
+        return k5_copy_etypes(context->tgs_etypes, ktypes);
+
+    profkey = KRB5_CONF_PERMITTED_ENCTYPES;
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             profkey, NULL, "DEFAULT", &profstr);
+    if (ret)
+        return ret;
+
+    ret = krb5int_parse_enctype_list(context, profkey, profstr,
+                                     default_enctype_list, ktypes);
+    profile_release_string(profstr);
+    return ret;
+}
+
+krb5_boolean
+krb5_is_permitted_enctype(krb5_context context, krb5_enctype etype)
+{
+    krb5_enctype *list;
+    krb5_boolean ret;
+
+    if (krb5_get_permitted_enctypes(context, &list))
+        return FALSE;
+    ret = k5_etypes_contains(list, etype);
+    krb5_free_enctypes(context, list);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/init_keyblock.c b/krb5-1.21.3/src/lib/krb5/krb/init_keyblock.c
new file mode 100644
index 00000000..7e24cbde
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/init_keyblock.c
@@ -0,0 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/init_keyblock.c - Set up an empty keyblock */
+/*
+ * Copyright (C) 2002 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <assert.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_keyblock(krb5_context context, krb5_enctype enctype,
+                   size_t length, krb5_keyblock **out)
+{
+    return krb5int_c_init_keyblock(context, enctype, length, out);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/int-proto.h b/krb5-1.21.3/src/lib/krb5/krb/int-proto.h
new file mode 100644
index 00000000..b62f9049
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/int-proto.h
@@ -0,0 +1,401 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/int-proto.h - Prototypes for libkrb5 internal functions */
+/*
+ * Copyright 1990,1991 the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef KRB5_INT_FUNC_PROTO__
+#define KRB5_INT_FUNC_PROTO__
+
+struct krb5int_fast_request_state;
+
+typedef struct k5_response_items_st k5_response_items;
+
+typedef krb5_error_code
+(*get_as_key_fn)(krb5_context, krb5_principal, krb5_enctype, krb5_prompter_fct,
+                 void *prompter_data, krb5_data *salt, krb5_data *s2kparams,
+                 krb5_keyblock *as_key, void *gak_data,
+                 k5_response_items *ritems);
+
+krb5_error_code
+krb5int_tgtname(krb5_context context, const krb5_data *, const krb5_data *,
+                krb5_principal *);
+
+krb5_error_code
+krb5int_libdefault_boolean(krb5_context, const krb5_data *, const char *,
+                           int *);
+krb5_error_code
+krb5int_libdefault_string(krb5_context context, const krb5_data *realm,
+                          const char *option, char **ret_value);
+
+
+krb5_error_code krb5_ser_authdata_init (krb5_context);
+krb5_error_code krb5_ser_address_init (krb5_context);
+krb5_error_code krb5_ser_authenticator_init (krb5_context);
+krb5_error_code krb5_ser_checksum_init (krb5_context);
+krb5_error_code krb5_ser_keyblock_init (krb5_context);
+krb5_error_code krb5_ser_principal_init (krb5_context);
+krb5_error_code krb5_ser_authdata_context_init (krb5_context);
+
+krb5_error_code
+krb5_preauth_supply_preauth_data(krb5_context context,
+                                 krb5_get_init_creds_opt *opt,
+                                 const char *attr, const char *value);
+
+krb5_error_code
+clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+                                     int min_ver, krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
+                                     int min_ver, krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver,
+                     krb5_plugin_vtable vtable);
+
+krb5_error_code
+k5_get_cached_cred(krb5_context context, krb5_flags options,
+                   krb5_ccache ccache, krb5_creds *in_creds,
+                   krb5_creds **creds_out);
+
+#define IS_TGS_PRINC(p) ((p)->length == 2 &&                            \
+                         data_eq_string((p)->data[0], KRB5_TGS_NAME))
+
+typedef krb5_error_code
+(*k5_pacb_fn)(krb5_context context, krb5_keyblock *subkey, krb5_kdc_req *req,
+              void *arg);
+
+krb5_error_code
+krb5_get_cred_via_tkt_ext(krb5_context context, krb5_creds *tkt,
+                          krb5_flags kdcoptions, krb5_address *const *address,
+                          krb5_pa_data **in_padata, krb5_creds *in_cred,
+                          k5_pacb_fn pacb_fn, void *pacb_data,
+                          krb5_pa_data ***out_padata,
+                          krb5_pa_data ***enc_padata, krb5_creds **out_cred,
+                          krb5_keyblock **out_subkey);
+
+krb5_error_code
+k5_generate_nonce(krb5_context context, int32_t *out);
+
+krb5_error_code
+k5_make_tgs_req(krb5_context context, struct krb5int_fast_request_state *,
+                krb5_creds *tkt, krb5_flags kdcoptions,
+                krb5_address *const *address, krb5_pa_data **in_padata,
+                krb5_creds *in_cred, k5_pacb_fn pacb_fn, void *pacb_data,
+                krb5_data *req_asn1_out, krb5_timestamp *timestamp_out,
+                krb5_int32 *nonce_out, krb5_keyblock **subkey_out);
+
+krb5_error_code
+krb5int_process_tgs_reply(krb5_context context,
+                          struct krb5int_fast_request_state *,
+                          krb5_data *response_data,
+                          krb5_creds *tkt,
+                          krb5_flags kdcoptions,
+                          krb5_address *const *address,
+                          krb5_pa_data **in_padata,
+                          krb5_creds *in_cred,
+                          krb5_timestamp timestamp,
+                          krb5_int32 nonce,
+                          krb5_keyblock *subkey,
+                          krb5_pa_data ***out_padata,
+                          krb5_pa_data ***out_enc_padata,
+                          krb5_creds **out_cred);
+
+/* The subkey field is an output parameter; if a
+ * tgs-rep is received then the subkey will be filled
+ * in with the subkey needed to decrypt the TGS
+ * response. Otherwise it will be set to null.
+ */
+krb5_error_code krb5int_decode_tgs_rep(krb5_context,
+                                       struct krb5int_fast_request_state *,
+                                       krb5_data *,
+                                       const krb5_keyblock *, krb5_keyusage,
+                                       krb5_kdc_rep ** );
+
+krb5_error_code
+krb5int_validate_times(krb5_context, krb5_ticket_times *);
+
+krb5_error_code
+krb5int_copy_authdatum(krb5_context, const krb5_authdata *, krb5_authdata **);
+
+/* Set replay data fields in rdata and caller_rdata according to the flags in
+ * authcon. */
+krb5_error_code
+k5_privsafe_gen_rdata(krb5_context context, krb5_auth_context authcon,
+                      krb5_replay_data *rdata, krb5_replay_data *caller_rdata);
+
+/*
+ * Set *local_out and *remote_out to addresses based on authcon.  The resulting
+ * pointers should not be freed, but addresses may be placed into *lstorage and
+ * *rstorage which the caller must free, even on error.
+ */
+krb5_error_code
+k5_privsafe_gen_addrs(krb5_context context, krb5_auth_context authcon,
+                      krb5_address *lstorage, krb5_address *rstorage,
+                      krb5_address **local_out, krb5_address **remote_out);
+
+/*
+ * If the DO_TIME flag is set in authcon, store a replay record in a memory
+ * replay cache (initializing one if necessary).  Either enc or cksum must be
+ * non-null.  If rdata is not null, also check that its timestamp is within
+ * clock skew.
+ */
+krb5_error_code
+k5_privsafe_check_replay(krb5_context context, krb5_auth_context authcon,
+                         const krb5_replay_data *rdata,
+                         const krb5_enc_data *enc, const krb5_checksum *cksum);
+
+krb5_boolean
+k5_privsafe_check_seqnum(krb5_context ctx, krb5_auth_context ac,
+                         krb5_ui_4 in_seq);
+
+krb5_error_code
+k5_privsafe_check_addrs(krb5_context context, krb5_auth_context ac,
+                        krb5_address *msg_s_addr, krb5_address *msg_r_addr);
+
+krb5_error_code
+krb5int_mk_chpw_req(krb5_context context, krb5_auth_context auth_context,
+                    krb5_data *ap_req, const char *passwd, krb5_data *packet);
+
+krb5_error_code
+krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
+                    krb5_data *packet, int *result_code,
+                    krb5_data *result_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_chpw_result_code_string(krb5_context context, int result_code,
+                             char **result_codestr);
+
+krb5_error_code
+krb5int_mk_setpw_req(krb5_context context, krb5_auth_context auth_context,
+                     krb5_data *ap_req, krb5_principal targetprinc,
+                     const char *passwd, krb5_data *packet);
+
+void
+k5_ccselect_free_context(krb5_context context);
+
+krb5_error_code
+k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx,
+                  int *use_primary);
+
+krb5_error_code
+k5_init_creds_current_time(krb5_context context, krb5_init_creds_context ctx,
+                           krb5_boolean allow_unauth, krb5_timestamp *time_out,
+                           krb5_int32 *usec_out);
+
+krb5_error_code
+k5_preauth(krb5_context context, krb5_init_creds_context ctx,
+           krb5_pa_data **in_padata, krb5_boolean must_preauth,
+           krb5_pa_data ***padata_out, krb5_preauthtype *pa_type_out);
+
+krb5_error_code
+k5_preauth_tryagain(krb5_context context, krb5_init_creds_context ctx,
+                    krb5_preauthtype pa_type, krb5_error *err,
+                    krb5_pa_data **err_padata, krb5_pa_data ***padata_out);
+
+void
+k5_init_preauth_context(krb5_context context);
+
+void
+k5_free_preauth_context(krb5_context context);
+
+krb5_error_code
+k5_preauth_note_failed(krb5_init_creds_context ctx, krb5_preauthtype pa_type);
+
+void
+k5_preauth_prepare_request(krb5_context context, krb5_get_init_creds_opt *opt,
+                           krb5_kdc_req *request);
+
+void
+k5_preauth_request_context_init(krb5_context context,
+                                krb5_init_creds_context ctx);
+
+void
+k5_preauth_request_context_fini(krb5_context context,
+                                krb5_init_creds_context ctx);
+
+krb5_error_code
+k5_preauth_check_context(krb5_context context, krb5_init_creds_context ctx);
+
+krb5_error_code
+k5_response_items_new(k5_response_items **ri_out);
+
+void
+k5_response_items_free(k5_response_items *ri);
+
+void
+k5_response_items_reset(k5_response_items *ri);
+
+krb5_boolean
+k5_response_items_empty(const k5_response_items *ri);
+
+const char * const *
+k5_response_items_list_questions(const k5_response_items *ri);
+
+krb5_error_code
+k5_response_items_ask_question(k5_response_items *ri, const char *question,
+                               const char *challenge);
+
+const char *
+k5_response_items_get_challenge(const k5_response_items *ri,
+                                const char *question);
+
+krb5_error_code
+k5_response_items_set_answer(k5_response_items *ri, const char *question,
+                             const char *answer);
+
+const char *
+k5_response_items_get_answer(const k5_response_items *ri,
+                             const char *question);
+
+/* Save code and its extended message (if any) in out. */
+void
+k5_save_ctx_error(krb5_context ctx, krb5_error_code code, struct errinfo *out);
+
+/* Return the code from in and restore its extended message (if any). */
+krb5_error_code
+k5_restore_ctx_error(krb5_context ctx, struct errinfo *in);
+
+krb5_error_code
+k5_encrypt_keyhelper(krb5_context context, krb5_key key,
+                     krb5_keyusage keyusage, const krb5_data *plain,
+                     krb5_enc_data *cipher);
+
+krb5_error_code KRB5_CALLCONV
+k5_get_init_creds(krb5_context context, krb5_creds *creds,
+                  krb5_principal client, krb5_prompter_fct prompter,
+                  void *prompter_data, krb5_deltat start_time,
+                  const char *in_tkt_service, krb5_get_init_creds_opt *options,
+                  get_as_key_fn gak, void *gak_data, int *primary,
+                  krb5_kdc_rep **as_reply);
+
+/*
+ * Make AS requests with the canonicalize flag set, stopping when we get a
+ * message indicating which realm the client principal is in.  Set *client_out
+ * to a copy of client with the canonical realm.  If subject_cert is non-null,
+ * include PA_S4U_X509_USER pa-data with the subject certificate each request.
+ * (See [MS-SFU] 3.1.5.1.1.1 and 3.1.5.1.1.2.)
+ */
+krb5_error_code
+k5_identify_realm(krb5_context context, krb5_principal client,
+                  const krb5_data *subject_cert, krb5_principal *client_out);
+
+krb5_error_code
+k5_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **opt,
+                    krb5_flags options, krb5_address *const *addrs,
+                    krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types,
+                    krb5_creds *creds);
+
+krb5_error_code
+k5_copy_creds_contents(krb5_context, const krb5_creds *, krb5_creds *);
+
+krb5_error_code
+k5_build_conf_principals(krb5_context context, krb5_ccache id,
+                         krb5_const_principal principal, const char *name,
+                         krb5_creds *cred);
+
+krb5_error_code
+k5_generate_and_save_subkey(krb5_context context,
+                            krb5_auth_context auth_context,
+                            krb5_keyblock *keyblock, krb5_enctype enctype);
+
+krb5_error_code
+k5_client_realm_path(krb5_context context, const krb5_data *client,
+                     const krb5_data *server, krb5_data **rpath_out);
+
+size_t
+k5_count_etypes(const krb5_enctype *list);
+
+krb5_error_code
+k5_copy_etypes(const krb5_enctype *old_list, krb5_enctype **new_list);
+
+krb5_ccache
+k5_gic_opt_get_in_ccache(krb5_get_init_creds_opt *opt);
+
+krb5_ccache
+k5_gic_opt_get_out_ccache(krb5_get_init_creds_opt *opt);
+
+const char *
+k5_gic_opt_get_fast_ccache_name(krb5_get_init_creds_opt *opt);
+
+krb5_flags
+k5_gic_opt_get_fast_flags(krb5_get_init_creds_opt *opt);
+
+void
+k5_gic_opt_get_expire_cb(krb5_get_init_creds_opt *opt,
+                         krb5_expire_callback_func *cb_out, void **data_out);
+
+void
+k5_gic_opt_get_responder(krb5_get_init_creds_opt *opt,
+                         krb5_responder_fn *responder_out, void **data_out);
+
+/*
+ * Make a shallow copy of opt, with all pointer fields aliased, or NULL on an
+ * out-of-memory failure.  The caller must free the result with free, and must
+ * not use it with the following functions:
+ *
+ *     krb5_get_init_creds_opt_free
+ *     krb5_get_init_creds_opt_set_pa
+ *     krb5_get_init_creds_opt_set_fast_ccache
+ *     krb5_get_init_creds_opt_set_fast_ccache_name
+ */
+krb5_get_init_creds_opt *
+k5_gic_opt_shallow_copy(krb5_get_init_creds_opt *opt);
+
+/* Return -1 if no PAC request option was specified, or the option value as a
+ * boolean (0 or 1). */
+int
+k5_gic_opt_pac_request(krb5_get_init_creds_opt *opt);
+
+krb5_error_code
+k5_get_etype_info(krb5_context context, krb5_init_creds_context ctx,
+                  krb5_pa_data **padata);
+
+/*
+ * Make an S4U2Proxy (constrained delegation) request.  in_creds->client is the
+ * impersonator principal, and in_creds->second_ticket is the evidence
+ * ticket.
+ */
+krb5_error_code
+k5_get_proxy_cred_from_kdc(krb5_context context, krb5_flags options,
+                           krb5_ccache ccache, krb5_creds *in_creds,
+                           krb5_creds **out_creds);
+
+/* Return true if mprinc will match any hostname in a host-based principal name
+ * (possibly due to ignore_acceptor_hostname) with krb5_sname_match(). */
+krb5_boolean
+k5_sname_wildcard_host(krb5_context context, krb5_const_principal mprinc);
+
+/* Guess the appropriate name-type for a principal based on the name. */
+krb5_int32
+k5_infer_principal_type(krb5_principal princ);
+
+krb5_boolean
+k5_pac_should_have_ticket_signature(krb5_const_principal sprinc);
+
+#endif /* KRB5_INT_FUNC_PROTO__ */
diff --git a/krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c b/krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c
new file mode 100644
index 00000000..0aedcb7a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/kdc_rep_dc.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * Decrypt the encrypted portion of the KDC_REP message, using the key
+ * passed.
+ *
+ */
+
+/*ARGSUSED*/
+krb5_error_code
+krb5_kdc_rep_decrypt_proc(krb5_context context, const krb5_keyblock *key, krb5_const_pointer decryptarg, krb5_kdc_rep *dec_rep)
+{
+    krb5_error_code retval;
+    krb5_data scratch;
+    krb5_enc_kdc_rep_part *local_encpart;
+    krb5_keyusage usage;
+
+    if (decryptarg) {
+        usage = *(const krb5_keyusage *) decryptarg;
+    } else {
+        usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
+    }
+
+    /* set up scratch decrypt/decode area */
+
+    scratch.length = dec_rep->enc_part.ciphertext.length;
+    if (!(scratch.data = malloc(dec_rep->enc_part.ciphertext.length))) {
+        return(ENOMEM);
+    }
+
+    /*dec_rep->enc_part.enctype;*/
+
+    if ((retval = krb5_c_decrypt(context, key, usage, 0, &dec_rep->enc_part,
+                                 &scratch))) {
+        free(scratch.data);
+        return(retval);
+    }
+
+#define clean_scratch() {memset(scratch.data, 0, scratch.length);       \
+        free(scratch.data);}
+
+    /* and do the decode */
+    retval = decode_krb5_enc_kdc_rep_part(&scratch, &local_encpart);
+    clean_scratch();
+    if (retval)
+        return retval;
+
+    dec_rep->enc_part2 = local_encpart;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/kerrs.c b/krb5-1.21.3/src/lib/krb5/krb/kerrs.c
new file mode 100644
index 00000000..0e816792
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/kerrs.c
@@ -0,0 +1,252 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/kerrs.c - Error message functions */
+/*
+ * Copyright 2006 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+#ifdef DEBUG
+static int error_message_debug = 0;
+#ifndef ERROR_MESSAGE_DEBUG
+#define ERROR_MESSAGE_DEBUG() (error_message_debug != 0)
+#endif
+#endif
+
+void KRB5_CALLCONV_C
+krb5_set_error_message(krb5_context ctx, krb5_error_code code,
+                       const char *fmt, ...)
+{
+    va_list args;
+
+    if (ctx == NULL)
+        return;
+    va_start(args, fmt);
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG()) {
+        fprintf(stderr,
+                "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n",
+                ctx, &ctx->err, (long)code);
+    }
+#endif
+    k5_vset_error(&ctx->err, code, fmt, args);
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG())
+        fprintf(stderr, "->%s\n", ctx->err.msg);
+#endif
+    va_end(args);
+}
+
+void KRB5_CALLCONV
+krb5_vset_error_message(krb5_context ctx, krb5_error_code code,
+                        const char *fmt, va_list args)
+{
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG()) {
+        fprintf(stderr, "krb5_vset_error_message(ctx=%p, code=%ld, ...)\n",
+                ctx, (long)code);
+    }
+#endif
+    if (ctx == NULL)
+        return;
+    k5_vset_error(&ctx->err, code, fmt, args);
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG())
+        fprintf(stderr, "->%s\n", ctx->err.msg);
+#endif
+}
+
+void KRB5_CALLCONV
+krb5_prepend_error_message(krb5_context ctx, krb5_error_code code,
+                           const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    krb5_vwrap_error_message(ctx, code, code, fmt, ap);
+    va_end(ap);
+}
+
+void KRB5_CALLCONV
+krb5_vprepend_error_message(krb5_context ctx, krb5_error_code code,
+                            const char *fmt, va_list ap)
+{
+    krb5_wrap_error_message(ctx, code, code, fmt, ap);
+}
+
+void KRB5_CALLCONV
+krb5_wrap_error_message(krb5_context ctx, krb5_error_code old_code,
+                        krb5_error_code code, const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    krb5_vwrap_error_message(ctx, old_code, code, fmt, ap);
+    va_end(ap);
+}
+
+void KRB5_CALLCONV
+krb5_vwrap_error_message(krb5_context ctx, krb5_error_code old_code,
+                         krb5_error_code code, const char *fmt, va_list ap)
+{
+    const char *prev_msg;
+    char *prepend;
+
+    if (ctx == NULL || vasprintf(&prepend, fmt, ap) < 0)
+        return;
+    prev_msg = k5_get_error(&ctx->err, old_code);
+    k5_set_error(&ctx->err, code, "%s: %s", prepend, prev_msg);
+    k5_free_error(&ctx->err, prev_msg);
+    free(prepend);
+}
+
+/* Set the error message state of dest_ctx to that of src_ctx. */
+void KRB5_CALLCONV
+krb5_copy_error_message(krb5_context dest_ctx, krb5_context src_ctx)
+{
+    if (dest_ctx == src_ctx)
+        return;
+    if (src_ctx->err.msg != NULL) {
+        k5_set_error(&dest_ctx->err, src_ctx->err.code, "%s",
+                     src_ctx->err.msg);
+    } else {
+        k5_clear_error(&dest_ctx->err);
+    }
+}
+
+/* Re-format msg using the format string err_fmt.  Return an allocated result,
+ * or NULL if err_fmt is NULL or on allocation failure. */
+static char *
+err_fmt_fmt(const char *err_fmt, long code, const char *msg)
+{
+    struct k5buf buf;
+    const char *p, *s;
+
+    if (err_fmt == NULL)
+        return NULL;
+
+    k5_buf_init_dynamic(&buf);
+
+    s = err_fmt;
+    while ((p = strchr(s, '%')) != NULL) {
+        k5_buf_add_len(&buf, s, p - s);
+        s = p;
+        if (p[1] == '\0')
+            break;
+        else if (p[1] == 'M')
+            k5_buf_add(&buf, msg);
+        else if (p[1] == 'C')
+            k5_buf_add_fmt(&buf, "%ld", code);
+        else if (p[1] == '%')
+            k5_buf_add(&buf, "%");
+        else
+            k5_buf_add_fmt(&buf, "%%%c", p[1]);
+        s += 2;
+    }
+    k5_buf_add(&buf, s);        /* Remainder after last token */
+    return k5_buf_cstring(&buf);
+}
+
+const char * KRB5_CALLCONV
+krb5_get_error_message(krb5_context ctx, krb5_error_code code)
+{
+    const char *std, *custom;
+
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG())
+        fprintf(stderr, "krb5_get_error_message(%p, %ld)\n", ctx, (long)code);
+#endif
+    if (ctx == NULL)
+        return error_message(code);
+
+    std = k5_get_error(&ctx->err, code);
+    custom = err_fmt_fmt(ctx->err_fmt, code, std);
+    if (custom != NULL) {
+        free((char *)std);
+        return custom;
+    }
+    return std;
+}
+
+void KRB5_CALLCONV
+krb5_free_error_message(krb5_context ctx, const char *msg)
+{
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG())
+        fprintf(stderr, "krb5_free_error_message(%p, %p)\n", ctx, msg);
+#endif
+    if (ctx == NULL)
+        return;
+    k5_free_error(&ctx->err, msg);
+}
+
+void KRB5_CALLCONV
+krb5_clear_error_message(krb5_context ctx)
+{
+#ifdef DEBUG
+    if (ERROR_MESSAGE_DEBUG())
+        fprintf(stderr, "krb5_clear_error_message(%p)\n", ctx);
+#endif
+    if (ctx == NULL)
+        return;
+    k5_clear_error(&ctx->err);
+}
+
+void
+k5_save_ctx_error(krb5_context ctx, krb5_error_code code, struct errinfo *out)
+{
+    out->code = code;
+    out->msg = NULL;
+    if (ctx != NULL && ctx->err.code == code) {
+        out->msg = ctx->err.msg;
+        ctx->err.code = 0;
+        ctx->err.msg = NULL;
+    }
+}
+
+krb5_error_code
+k5_restore_ctx_error(krb5_context ctx, struct errinfo *in)
+{
+    krb5_error_code code = in->code;
+
+    if (ctx != NULL) {
+        k5_clear_error(&ctx->err);
+        ctx->err.code = in->code;
+        ctx->err.msg = in->msg;
+        in->msg = NULL;
+    } else {
+        k5_clear_error(in);
+    }
+    return code;
+}
+
+/* If ctx contains an extended error message for oldcode, change it to be an
+ * extended error message for newcode. */
+void
+k5_change_error_message_code(krb5_context ctx, krb5_error_code oldcode,
+                             krb5_error_code newcode)
+{
+    if (ctx != NULL && ctx->err.msg != NULL && ctx->err.code == oldcode)
+        ctx->err.code = newcode;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/kfree.c b/krb5-1.21.3/src/lib/krb5/krb/kfree.c
new file mode 100644
index 00000000..b4503d26
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/kfree.c
@@ -0,0 +1,916 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/kfree.c */
+/*
+ * Copyright 1990-1998, 2009 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-spake.h"
+#include <assert.h>
+
+void KRB5_CALLCONV
+krb5_free_address(krb5_context context, krb5_address *val)
+{
+    if (val == NULL)
+        return;
+    free(val->contents);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_addresses(krb5_context context, krb5_address **val)
+{
+    krb5_address **temp;
+
+    if (val == NULL)
+        return;
+    for (temp = val; *temp; temp++) {
+        free((*temp)->contents);
+        free(*temp);
+    }
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_ap_rep(krb5_context context, krb5_ap_rep *val)
+{
+    if (val == NULL)
+        return;
+    free(val->enc_part.ciphertext.data);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_ap_req(krb5_context context, krb5_ap_req *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_ticket(context, val->ticket);
+    free(val->authenticator.ciphertext.data);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_keyblock(context, val->subkey);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_checksum(context, val->checksum);
+    val->checksum = 0;
+    krb5_free_principal(context, val->client);
+    val->client = 0;
+    krb5_free_keyblock(context, val->subkey);
+    val->subkey = 0;
+    krb5_free_authdata(context, val->authorization_data);
+    val->authorization_data = 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_authenticator(krb5_context context, krb5_authenticator *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_authenticator_contents(context, val);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_checksum(krb5_context context, krb5_checksum *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_checksum_contents(context, val);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_checksum_contents(krb5_context context, krb5_checksum *val)
+{
+    if (val == NULL)
+        return;
+    free(val->contents);
+    val->contents = NULL;
+    val->length = 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_cred(krb5_context context, krb5_cred *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_tickets(context, val->tickets);
+    free(val->enc_part.ciphertext.data);
+    free(val);
+}
+
+/*
+ * krb5_free_cred_contents zeros out the session key, and then frees
+ * the credentials structures
+ */
+
+void KRB5_CALLCONV
+krb5_free_cred_contents(krb5_context context, krb5_creds *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_principal(context, val->client);
+    val->client = 0;
+    krb5_free_principal(context, val->server);
+    val->server = 0;
+    krb5_free_keyblock_contents(context, &val->keyblock);
+    free(val->ticket.data);
+    val->ticket.data = 0;
+    free(val->second_ticket.data);
+    val->second_ticket.data = 0;
+    krb5_free_addresses(context, val->addresses);
+    val->addresses = 0;
+    krb5_free_authdata(context, val->authdata);
+    val->authdata = 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_cred_enc_part(krb5_context context, krb5_cred_enc_part *val)
+{
+    krb5_cred_info **temp;
+
+    if (val == NULL)
+        return;
+    krb5_free_address(context, val->r_address);
+    val->r_address = 0;
+    krb5_free_address(context, val->s_address);
+    val->s_address = 0;
+
+    if (val->ticket_info) {
+        for (temp = val->ticket_info; *temp; temp++) {
+            krb5_free_keyblock(context, (*temp)->session);
+            krb5_free_principal(context, (*temp)->client);
+            krb5_free_principal(context, (*temp)->server);
+            krb5_free_addresses(context, (*temp)->caddrs);
+            free(*temp);
+        }
+        free(val->ticket_info);
+        val->ticket_info = 0;
+    }
+}
+
+
+void KRB5_CALLCONV
+krb5_free_creds(krb5_context context, krb5_creds *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_cred_contents(context, val);
+    free(val);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_data(krb5_context context, krb5_data *val)
+{
+    if (val == NULL)
+        return;
+    free(val->data);
+    free(val);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_octet_data(krb5_context context, krb5_octet_data *val)
+{
+    if (val == NULL)
+        return;
+    free(val->data);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_data_contents(krb5_context context, krb5_data *val)
+{
+    if (val == NULL)
+        return;
+    free(val->data);
+    val->data = NULL;
+    val->length = 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_enc_data(krb5_context context, krb5_enc_data *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_data_contents(context, &val->ciphertext);
+    free(val);
+}
+
+void krb5_free_etype_info(krb5_context context, krb5_etype_info info)
+{
+    int i;
+
+    if (info == NULL)
+        return;
+    for (i=0; info[i] != NULL; i++) {
+        free(info[i]->salt);
+        krb5_free_data_contents(context, &info[i]->s2kparams);
+        free(info[i]);
+    }
+    free(info);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_enc_kdc_rep_part(krb5_context context, krb5_enc_kdc_rep_part *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_keyblock(context, val->session);
+    krb5_free_last_req(context, val->last_req);
+    krb5_free_principal(context, val->server);
+    krb5_free_addresses(context, val->caddrs);
+    krb5_free_pa_data(context, val->enc_padata);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_enc_tkt_part(krb5_context context, krb5_enc_tkt_part *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_keyblock(context, val->session);
+    krb5_free_principal(context, val->client);
+    free(val->transited.tr_contents.data);
+    krb5_free_addresses(context, val->caddrs);
+    krb5_free_authdata(context, val->authorization_data);
+    free(val);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_error(krb5_context context, krb5_error *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_principal(context, val->client);
+    krb5_free_principal(context, val->server);
+    free(val->text.data);
+    free(val->e_data.data);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_pa_data(context, val->padata);
+    krb5_free_principal(context, val->client);
+    krb5_free_ticket(context, val->ticket);
+    free(val->enc_part.ciphertext.data);
+    krb5_free_enc_kdc_rep_part(context, val->enc_part2);
+    free(val);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_pa_data(context, val->padata);
+    krb5_free_principal(context, val->client);
+    krb5_free_principal(context, val->server);
+    free(val->ktype);
+    krb5_free_addresses(context, val->addresses);
+    free(val->authorization_data.ciphertext.data);
+    krb5_free_authdata(context, val->unenc_authdata);
+    krb5_free_tickets(context, val->second_ticket);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
+{
+    krb5int_c_free_keyblock_contents (context, key);
+}
+
+void KRB5_CALLCONV
+krb5_free_keyblock(krb5_context context, krb5_keyblock *val)
+{
+    krb5int_c_free_keyblock (context, val);
+}
+
+
+
+void KRB5_CALLCONV
+krb5_free_last_req(krb5_context context, krb5_last_req_entry **val)
+{
+    krb5_last_req_entry **temp;
+
+    if (val == NULL)
+        return;
+    for (temp = val; *temp; temp++)
+        free(*temp);
+    free(val);
+}
+
+void
+k5_zapfree_pa_data(krb5_pa_data **val)
+{
+    krb5_pa_data **pa;
+
+    if (val == NULL)
+        return;
+    for (pa = val; *pa != NULL; pa++) {
+        zapfree((*pa)->contents, (*pa)->length);
+        zapfree(*pa, sizeof(**pa));
+    }
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_pa_data(krb5_context context, krb5_pa_data **val)
+{
+    krb5_pa_data **temp;
+
+    if (val == NULL)
+        return;
+    for (temp = val; *temp; temp++) {
+        free((*temp)->contents);
+        free(*temp);
+    }
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_principal(krb5_context context, krb5_principal val)
+{
+    krb5_int32 i;
+
+    if (!val)
+        return;
+
+    if (val->data) {
+        i = val->length;
+        while(--i >= 0)
+            free(val->data[i].data);
+        free(val->data);
+    }
+    free(val->realm.data);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_priv(krb5_context context, krb5_priv *val)
+{
+    if (val == NULL)
+        return;
+    free(val->enc_part.ciphertext.data);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_priv_enc_part(krb5_context context, krb5_priv_enc_part *val)
+{
+    if (val == NULL)
+        return;
+    free(val->user_data.data);
+    krb5_free_address(context, val->r_address);
+    krb5_free_address(context, val->s_address);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_safe(krb5_context context, krb5_safe *val)
+{
+    if (val == NULL)
+        return;
+    free(val->user_data.data);
+    krb5_free_address(context, val->r_address);
+    krb5_free_address(context, val->s_address);
+    krb5_free_checksum(context, val->checksum);
+    free(val);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_ticket(krb5_context context, krb5_ticket *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_principal(context, val->server);
+    free(val->enc_part.ciphertext.data);
+    krb5_free_enc_tkt_part(context, val->enc_part2);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_tickets(krb5_context context, krb5_ticket **val)
+{
+    krb5_ticket **temp;
+
+    if (val == NULL)
+        return;
+    for (temp = val; *temp; temp++)
+        krb5_free_ticket(context, *temp);
+    free(val);
+}
+
+
+void KRB5_CALLCONV
+krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts)
+{
+    krb5_creds **tgtpp;
+    if (tgts == NULL)
+        return;
+    for (tgtpp = tgts; *tgtpp; tgtpp++)
+        krb5_free_creds(context, *tgtpp);
+    free(tgts);
+}
+
+void KRB5_CALLCONV
+krb5_free_tkt_authent(krb5_context context, krb5_tkt_authent *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_ticket(context, val->ticket);
+    krb5_free_authenticator(context, val->authenticator);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_unparsed_name(krb5_context context, char *val)
+{
+    if (val != NULL)
+        free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_string(krb5_context context, char *val)
+{
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2(krb5_context ctx, krb5_sam_challenge_2 *sc2)
+{
+    if (!sc2)
+        return;
+    krb5_free_sam_challenge_2_contents(ctx, sc2);
+    free(sc2);
+}
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_contents(krb5_context ctx,
+                                   krb5_sam_challenge_2 *sc2)
+{
+    krb5_checksum **cksump;
+
+    if (!sc2)
+        return;
+    if (sc2->sam_challenge_2_body.data)
+        krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body);
+    if (sc2->sam_cksum) {
+        cksump = sc2->sam_cksum;
+        while (*cksump) {
+            krb5_free_checksum(ctx, *cksump);
+            cksump++;
+        }
+        free(sc2->sam_cksum);
+        sc2->sam_cksum = 0;
+    }
+}
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_body(krb5_context ctx,
+                               krb5_sam_challenge_2_body *sc2)
+{
+    if (!sc2)
+        return;
+    krb5_free_sam_challenge_2_body_contents(ctx, sc2);
+    free(sc2);
+}
+
+void KRB5_CALLCONV
+krb5_free_sam_challenge_2_body_contents(krb5_context ctx,
+                                        krb5_sam_challenge_2_body *sc2)
+{
+    if (!sc2)
+        return;
+    if (sc2->sam_type_name.data)
+        krb5_free_data_contents(ctx, &sc2->sam_type_name);
+    if (sc2->sam_track_id.data)
+        krb5_free_data_contents(ctx, &sc2->sam_track_id);
+    if (sc2->sam_challenge_label.data)
+        krb5_free_data_contents(ctx, &sc2->sam_challenge_label);
+    if (sc2->sam_challenge.data)
+        krb5_free_data_contents(ctx, &sc2->sam_challenge);
+    if (sc2->sam_response_prompt.data)
+        krb5_free_data_contents(ctx, &sc2->sam_response_prompt);
+    if (sc2->sam_pk_for_sad.data)
+        krb5_free_data_contents(ctx, &sc2->sam_pk_for_sad);
+}
+
+void KRB5_CALLCONV
+krb5_free_sam_response_2(krb5_context ctx, krb5_sam_response_2 *sr2)
+{
+    if (!sr2)
+        return;
+    krb5_free_sam_response_2_contents(ctx, sr2);
+    free(sr2);
+}
+
+void KRB5_CALLCONV
+krb5_free_sam_response_2_contents(krb5_context ctx, krb5_sam_response_2 *sr2)
+{
+    if (!sr2)
+        return;
+    if (sr2->sam_track_id.data)
+        krb5_free_data_contents(ctx, &sr2->sam_track_id);
+    if (sr2->sam_enc_nonce_or_sad.ciphertext.data)
+        krb5_free_data_contents(ctx, &sr2->sam_enc_nonce_or_sad.ciphertext);
+}
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_2(krb5_context ctx,
+                                 krb5_enc_sam_response_enc_2 *esre2)
+{
+    if (!esre2)
+        return;
+    krb5_free_enc_sam_response_enc_2_contents(ctx, esre2);
+    free(esre2);
+}
+
+void KRB5_CALLCONV
+krb5_free_enc_sam_response_enc_2_contents(krb5_context ctx,
+                                          krb5_enc_sam_response_enc_2 *esre2)
+{
+    if (!esre2)
+        return;
+    if (esre2->sam_sad.data)
+        krb5_free_data_contents(ctx, &esre2->sam_sad);
+}
+
+void KRB5_CALLCONV
+krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts *pa_enc_ts)
+{
+    if (!pa_enc_ts)
+        return;
+    free(pa_enc_ts);
+}
+
+void KRB5_CALLCONV
+krb5_free_pa_for_user(krb5_context context, krb5_pa_for_user *req)
+{
+    if (req == NULL)
+        return;
+    krb5_free_principal(context, req->user);
+    req->user = NULL;
+    krb5_free_checksum_contents(context, &req->cksum);
+    krb5_free_data_contents(context, &req->auth_package);
+    free(req);
+}
+
+void KRB5_CALLCONV
+krb5_free_s4u_userid_contents(krb5_context context, krb5_s4u_userid *user_id)
+{
+    if (user_id == NULL)
+        return;
+    user_id->nonce = 0;
+    krb5_free_principal(context, user_id->user);
+    user_id->user = NULL;
+    krb5_free_data_contents(context, &user_id->subject_cert);
+    user_id->subject_cert.length = 0;
+    user_id->subject_cert.data = NULL;
+    user_id->options = 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_pa_s4u_x509_user(krb5_context context, krb5_pa_s4u_x509_user *req)
+{
+    if (req == NULL)
+        return;
+    krb5_free_s4u_userid_contents(context, &req->user_id);
+    krb5_free_checksum_contents(context, &req->cksum);
+    free(req);
+}
+
+void KRB5_CALLCONV
+krb5_free_pa_pac_req(krb5_context context,
+                     krb5_pa_pac_req *req)
+{
+    free(req);
+}
+
+void KRB5_CALLCONV
+krb5_free_fast_req(krb5_context context, krb5_fast_req *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_kdc_req(context, val->req_body);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_fast_armor(krb5_context context, krb5_fast_armor *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_data_contents(context, &val->armor_value);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_fast_response(krb5_context context, krb5_fast_response *val)
+{
+    if (!val)
+        return;
+    krb5_free_pa_data(context, val->padata);
+    krb5_free_fast_finished(context, val->finished);
+    krb5_free_keyblock(context, val->strengthen_key);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_fast_finished(krb5_context context, krb5_fast_finished *val)
+{
+    if (!val)
+        return;
+    krb5_free_principal(context, val->client);
+    krb5_free_checksum_contents(context, &val->ticket_checksum);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_fast_armored_req(krb5_context context, krb5_fast_armored_req *val)
+{
+    if (val == NULL)
+        return;
+    if (val->armor)
+        krb5_free_fast_armor(context, val->armor);
+    krb5_free_data_contents(context, &val->enc_part.ciphertext);
+    if (val->req_checksum.contents)
+        krb5_free_checksum_contents(context, &val->req_checksum);
+    free(val);
+}
+
+void
+k5_free_data_ptr_list(krb5_data **list)
+{
+    int i;
+
+    for (i = 0; list != NULL && list[i] != NULL; i++)
+        krb5_free_data(NULL, list[i]);
+    free(list);
+}
+
+void KRB5_CALLCONV
+krb5int_free_data_list(krb5_context context, krb5_data *data)
+{
+    int i;
+
+    if (data == NULL)
+        return;
+
+    for (i = 0; data[i].data != NULL; i++)
+        free(data[i].data);
+
+    free(data);
+}
+
+void KRB5_CALLCONV
+krb5_free_ad_kdcissued(krb5_context context, krb5_ad_kdcissued *val)
+{
+    if (val == NULL)
+        return;
+
+    krb5_free_checksum_contents(context, &val->ad_checksum);
+    krb5_free_principal(context, val->i_principal);
+    krb5_free_authdata(context, val->elements);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_iakerb_header(krb5_context context, krb5_iakerb_header *val)
+{
+    if (val == NULL)
+        return ;
+
+    krb5_free_data_contents(context, &val->target_realm);
+    krb5_free_data(context, val->cookie);
+    free(val);
+}
+
+void KRB5_CALLCONV
+krb5_free_iakerb_finished(krb5_context context, krb5_iakerb_finished *val)
+{
+    if (val == NULL)
+        return ;
+
+    krb5_free_checksum_contents(context, &val->checksum);
+    free(val);
+}
+
+void
+k5_free_algorithm_identifier(krb5_context context,
+                             krb5_algorithm_identifier *val)
+{
+    if (val == NULL)
+        return;
+    free(val->algorithm.data);
+    free(val->parameters.data);
+    free(val);
+}
+
+void
+k5_free_otp_tokeninfo(krb5_context context, krb5_otp_tokeninfo *val)
+{
+    krb5_algorithm_identifier **alg;
+
+    if (val == NULL)
+        return;
+    free(val->vendor.data);
+    free(val->challenge.data);
+    free(val->token_id.data);
+    free(val->alg_id.data);
+    for (alg = val->supported_hash_alg; alg != NULL && *alg != NULL; alg++)
+        k5_free_algorithm_identifier(context, *alg);
+    free(val->supported_hash_alg);
+    free(val);
+}
+
+void
+k5_free_pa_otp_challenge(krb5_context context, krb5_pa_otp_challenge *val)
+{
+    krb5_otp_tokeninfo **ti;
+
+    if (val == NULL)
+        return;
+    free(val->nonce.data);
+    free(val->service.data);
+    for (ti = val->tokeninfo; *ti != NULL; ti++)
+        k5_free_otp_tokeninfo(context, *ti);
+    free(val->tokeninfo);
+    free(val->salt.data);
+    free(val->s2kparams.data);
+    free(val);
+}
+
+void
+k5_free_pa_otp_req(krb5_context context, krb5_pa_otp_req *val)
+{
+    if (val == NULL)
+        return;
+    val->flags = 0;
+    free(val->nonce.data);
+    free(val->enc_data.ciphertext.data);
+    if (val->hash_alg != NULL)
+        k5_free_algorithm_identifier(context, val->hash_alg);
+    free(val->otp_value.data);
+    free(val->pin.data);
+    free(val->challenge.data);
+    free(val->counter.data);
+    free(val->token_id.data);
+    free(val->alg_id.data);
+    free(val->vendor.data);
+    free(val);
+}
+
+void
+k5_free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val)
+{
+    if (val == NULL)
+        return;
+    free(val->target_domain.data);
+    free(val->kerb_message.data);
+    free(val);
+}
+
+static void
+free_vmac(krb5_context context, krb5_verifier_mac *val)
+{
+    if (val == NULL)
+        return;
+    krb5_free_principal(context, val->princ);
+    krb5_free_checksum_contents(context, &val->checksum);
+    free(val);
+}
+
+void
+k5_free_cammac(krb5_context context, krb5_cammac *val)
+{
+    krb5_verifier_mac **vp;
+
+    if (val == NULL)
+        return;
+    krb5_free_authdata(context, val->elements);
+    free_vmac(context, val->kdc_verifier);
+    free_vmac(context, val->svc_verifier);
+    for (vp = val->other_verifiers; vp != NULL && *vp != NULL; vp++)
+        free_vmac(context, *vp);
+    free(val->other_verifiers);
+    free(val);
+}
+
+void
+k5_free_secure_cookie(krb5_context context, krb5_secure_cookie *val)
+{
+    if (val == NULL)
+        return;
+    k5_zapfree_pa_data(val->data);
+    free(val);
+}
+
+void
+k5_free_spake_factor(krb5_context context, krb5_spake_factor *val)
+{
+    if (val == NULL)
+        return;
+    if (val->data != NULL)
+        zapfree(val->data->data, val->data->length);
+    free(val->data);
+    free(val);
+}
+
+void
+k5_free_pa_spake(krb5_context context, krb5_pa_spake *val)
+{
+    krb5_spake_factor **f;
+
+    if (val == NULL)
+        return;
+    switch (val->choice) {
+    case SPAKE_MSGTYPE_SUPPORT:
+        free(val->u.support.groups);
+        break;
+    case SPAKE_MSGTYPE_CHALLENGE:
+        krb5_free_data_contents(context, &val->u.challenge.pubkey);
+        for (f = val->u.challenge.factors; f != NULL && *f != NULL; f++)
+            k5_free_spake_factor(context, *f);
+        free(val->u.challenge.factors);
+        break;
+    case SPAKE_MSGTYPE_RESPONSE:
+        krb5_free_data_contents(context, &val->u.response.pubkey);
+        krb5_free_data_contents(context, &val->u.response.factor.ciphertext);
+        break;
+    case SPAKE_MSGTYPE_ENCDATA:
+        krb5_free_data_contents(context, &val->u.encdata.ciphertext);
+        break;
+    default:
+        break;
+    }
+    free(val);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c b/krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c
new file mode 100644
index 00000000..05b912dd
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c
@@ -0,0 +1,152 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/libdef_parse.c */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5int_libdefault_string()
+ * krb5int_libdefault_boolean()
+ *
+ */
+#include "k5-int.h"
+#include "int-proto.h"
+/* For _krb5_conf_boolean prototype */
+#include "os-proto.h"
+
+static const char *const conf_yes[] = {
+    "y", "yes", "true", "t", "1", "on",
+    0,
+};
+
+static const char *const conf_no[] = {
+    "n", "no", "false", "nil", "0", "off",
+    0,
+};
+
+int
+_krb5_conf_boolean(const char *s)
+{
+    const char *const *p;
+
+    for(p=conf_yes; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 1;
+    }
+
+    for(p=conf_no; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 0;
+    }
+
+    /* Default to "no" */
+    return 0;
+}
+
+krb5_error_code
+krb5int_libdefault_string(krb5_context context, const krb5_data *realm,
+                          const char *option, char **ret_value)
+{
+    profile_t profile;
+    const char *names[5];
+    char **nameval = NULL;
+    krb5_error_code retval;
+    char realmstr[1024];
+
+    if (realm->length > sizeof(realmstr)-1)
+        return(EINVAL);
+
+    strncpy(realmstr, realm->data, realm->length);
+    realmstr[realm->length] = '\0';
+
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
+
+    profile = context->profile;
+
+    names[0] = KRB5_CONF_LIBDEFAULTS;
+
+    /*
+     * Try number one:
+     *
+     * [libdefaults]
+     *          REALM = {
+     *                  option = <boolean>
+     *          }
+     */
+
+    names[1] = realmstr;
+    names[2] = option;
+    names[3] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0])
+        goto goodbye;
+
+
+    /*
+     * Try number two:
+     *
+     * [libdefaults]
+     *          option = <boolean>
+     */
+
+    names[1] = option;
+    names[2] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0])
+        goto goodbye;
+
+goodbye:
+    if (!nameval)
+        return(ENOENT);
+
+    if (!nameval[0]) {
+        retval = ENOENT;
+    } else {
+        *ret_value = strdup(nameval[0]);
+        if (!*ret_value)
+            retval = ENOMEM;
+    }
+
+    profile_free_list(nameval);
+
+    return retval;
+}
+
+krb5_error_code
+krb5int_libdefault_boolean(krb5_context context, const krb5_data *realm,
+                           const char *option, int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = krb5int_libdefault_string(context, realm, option, &string);
+
+    if (retval)
+        return(retval);
+
+    *ret_value = _krb5_conf_boolean(string);
+    free(string);
+
+    return(0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_cred.c b/krb5-1.21.3/src/lib/krb5/krb/mk_cred.c
new file mode 100644
index 00000000..c0d7b381
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_cred.c
@@ -0,0 +1,231 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_cred.c - definition of krb5_mk_ncred(), krb5_mk_1cred() */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/* Encrypt the enc_part of krb5_cred.  key may be NULL to use the unencrypted
+ * KRB-CRED form (RFC 6448). */
+static krb5_error_code
+encrypt_credencpart(krb5_context context, krb5_cred_enc_part *encpart,
+                    krb5_key key, krb5_enc_data *encdata_out)
+{
+    krb5_error_code ret;
+    krb5_data *der_enccred;
+
+    /* Start by encoding to-be-encrypted part of the message. */
+    ret = encode_krb5_enc_cred_part(encpart, &der_enccred);
+    if (ret)
+        return ret;
+
+    if (key == NULL) {
+        /* Just copy the encoded data to the ciphertext area. */
+        encdata_out->enctype = ENCTYPE_NULL;
+        encdata_out->ciphertext = *der_enccred;
+        free(der_enccred);
+        return 0;
+    }
+
+    ret = k5_encrypt_keyhelper(context, key, KRB5_KEYUSAGE_KRB_CRED_ENCPART,
+                               der_enccred, encdata_out);
+
+    zapfreedata(der_enccred);
+    return ret;
+}
+
+/*
+ * Marshal a KRB-CRED message into der_out, encrypted with key (or unencrypted
+ * if key is NULL).  Store the ciphertext in enc_out.  Use the timestamp and
+ * sequence number from rdata and the addresses from local_addr and remote_addr
+ * (either of which may be NULL).  der_out and enc_out should be freed by the
+ * caller when finished.
+ */
+static krb5_error_code
+create_krbcred(krb5_context context, krb5_creds **creds, krb5_key key,
+               const krb5_replay_data *rdata, krb5_address *local_addr,
+               krb5_address *remote_addr, krb5_data **der_out,
+               krb5_enc_data *enc_out)
+{
+    krb5_error_code ret;
+    krb5_cred_enc_part credenc;
+    krb5_cred cred;
+    krb5_ticket **tickets = NULL;
+    krb5_cred_info **ticket_info = NULL, *tinfos = NULL;
+    krb5_enc_data enc;
+    size_t i, ncreds;
+
+    *der_out = NULL;
+    memset(enc_out, 0, sizeof(*enc_out));
+    memset(&enc, 0, sizeof(enc));
+
+    for (ncreds = 0; creds[ncreds] != NULL; ncreds++);
+
+    tickets = k5calloc(ncreds + 1, sizeof(*tickets), &ret);
+    if (tickets == NULL)
+        goto cleanup;
+
+    ticket_info = k5calloc(ncreds + 1, sizeof(*ticket_info), &ret);
+    if (ticket_info == NULL)
+        goto cleanup;
+
+    tinfos = k5calloc(ncreds, sizeof(*tinfos), &ret);
+    if (tinfos == NULL)
+        goto cleanup;
+
+    /* For each credential in the list, decode the ticket and create a cred
+     * info structure using alias pointers. */
+    for (i = 0; i < ncreds; i++) {
+        ret = decode_krb5_ticket(&creds[i]->ticket, &tickets[i]);
+        if (ret)
+            goto cleanup;
+
+        tinfos[i].magic = KV5M_CRED_INFO;
+        tinfos[i].times = creds[i]->times;
+        tinfos[i].flags = creds[i]->ticket_flags;
+        tinfos[i].session = &creds[i]->keyblock;
+        tinfos[i].client = creds[i]->client;
+        tinfos[i].server = creds[i]->server;
+        tinfos[i].caddrs = creds[i]->addresses;
+        ticket_info[i] = &tinfos[i];
+    }
+
+    /* Encrypt the credential encrypted part. */
+    credenc.magic = KV5M_CRED_ENC_PART;
+    credenc.s_address = local_addr;
+    credenc.r_address = remote_addr;
+    credenc.nonce = rdata->seq;
+    credenc.usec = rdata->usec;
+    credenc.timestamp = rdata->timestamp;
+    credenc.ticket_info = ticket_info;
+    ret = encrypt_credencpart(context, &credenc, key, &enc);
+    if (ret)
+        goto cleanup;
+
+    /* Encode the KRB-CRED message. */
+    cred.magic = KV5M_CRED;
+    cred.tickets = tickets;
+    cred.enc_part = enc;
+    ret = encode_krb5_cred(&cred, der_out);
+    if (ret)
+        goto cleanup;
+
+    *enc_out = enc;
+    memset(&enc, 0, sizeof(enc));
+
+cleanup:
+    krb5_free_tickets(context, tickets);
+    krb5_free_data_contents(context, &enc.ciphertext);
+    free(tinfos);
+    free(ticket_info);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_ncred(krb5_context context, krb5_auth_context authcon,
+              krb5_creds **creds, krb5_data **der_out,
+              krb5_replay_data *rdata_out)
+{
+    krb5_error_code ret;
+    krb5_key key;
+    krb5_replay_data rdata;
+    krb5_data *der_krbcred = NULL;
+    krb5_enc_data enc;
+    krb5_address *local_addr, *remote_addr, lstorage, rstorage;
+
+    *der_out = NULL;
+    memset(&enc, 0, sizeof(enc));
+    memset(&lstorage, 0, sizeof(lstorage));
+    memset(&rstorage, 0, sizeof(rstorage));
+
+    if (creds == NULL)
+        return KRB5KRB_AP_ERR_BADADDR;
+
+    ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
+    if (ret)
+        goto cleanup;
+    /* Historically we always set the timestamp, so keep doing that. */
+    if (rdata.timestamp == 0) {
+        ret = krb5_us_timeofday(context, &rdata.timestamp, &rdata.usec);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
+                                &local_addr, &remote_addr);
+    if (ret)
+        goto cleanup;
+
+    key = (authcon->send_subkey != NULL) ? authcon->send_subkey : authcon->key;
+    ret = create_krbcred(context, creds, key, &rdata, local_addr, remote_addr,
+                         &der_krbcred, &enc);
+    if (ret)
+        goto cleanup;
+
+    if (key != NULL) {
+        ret = k5_privsafe_check_replay(context, authcon, NULL, &enc, NULL);
+        if (ret)
+            goto cleanup;
+    }
+
+    *der_out = der_krbcred;
+    der_krbcred = NULL;
+    if ((authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
+        (authcon->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        authcon->local_seq_number++;
+
+cleanup:
+    krb5_free_data_contents(context, &enc.ciphertext);
+    free(lstorage.contents);
+    free(rstorage.contents);
+    zapfreedata(der_krbcred);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_1cred(krb5_context context, krb5_auth_context authcon,
+              krb5_creds *creds, krb5_data **der_out,
+              krb5_replay_data *rdata_out)
+{
+    krb5_error_code retval;
+    krb5_creds **list;
+
+    list = calloc(2, sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+
+    list[0] = creds;
+    list[1] = NULL;
+    retval = krb5_mk_ncred(context, authcon, list, der_out, rdata_out);
+    free(list);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_error.c b/krb5-1.21.3/src/lib/krb5/krb/mk_error.c
new file mode 100644
index 00000000..d1acd028
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_error.c
@@ -0,0 +1,49 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_error.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+  formats the error structure *dec_err into an error buffer *enc_err.
+
+  The error buffer storage is allocated, and should be freed by the
+  caller when finished.
+
+  returns system errors
+*/
+krb5_error_code KRB5_CALLCONV
+krb5_mk_error(krb5_context context, const krb5_error *dec_err,
+              krb5_data *enc_err)
+{
+    krb5_error_code retval;
+    krb5_data *new_enc_err;
+
+    if ((retval = encode_krb5_error(dec_err, &new_enc_err)))
+        return(retval);
+    *enc_err = *new_enc_err;
+    free(new_enc_err);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_priv.c b/krb5-1.21.3/src/lib/krb5/krb/mk_priv.c
new file mode 100644
index 00000000..b537a2ca
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_priv.c
@@ -0,0 +1,155 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_priv.c - definition of krb5_mk_priv() */
+/*
+ * Copyright 1990,1991,2019 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+ * Marshal a KRB-PRIV message into der_out, encrypted with key.  Store the
+ * ciphertext in enc_out.  Use the timestamp and sequence number from rdata and
+ * the addresses from local_addr and remote_addr (the second of which may be
+ * NULL).  der_out and enc_out should be freed by the caller when finished.
+ */
+static krb5_error_code
+create_krbpriv(krb5_context context, const krb5_data *userdata,
+               krb5_key key, const krb5_replay_data *rdata,
+               krb5_address *local_addr, krb5_address *remote_addr,
+               krb5_data *cstate, krb5_data *der_out, krb5_enc_data *enc_out)
+{
+    krb5_enctype enctype = krb5_k_key_enctype(context, key);
+    krb5_error_code ret;
+    krb5_priv privmsg;
+    krb5_priv_enc_part encpart;
+    krb5_data *der_encpart = NULL, *der_krbpriv;
+    size_t enclen;
+
+    memset(&privmsg, 0, sizeof(privmsg));
+    privmsg.enc_part.kvno = 0;
+    privmsg.enc_part.enctype = enctype;
+    encpart.user_data = *userdata;
+    encpart.s_address = local_addr;
+    encpart.r_address = remote_addr;
+    encpart.timestamp = rdata->timestamp;
+    encpart.usec = rdata->usec;
+    encpart.seq_number = rdata->seq;
+
+    /* Start by encoding the to-be-encrypted part of the message. */
+    ret = encode_krb5_enc_priv_part(&encpart, &der_encpart);
+    if (ret)
+        return ret;
+
+    /* put together an eblock for this encryption */
+    ret = krb5_c_encrypt_length(context, enctype, der_encpart->length,
+                                &enclen);
+    if (ret)
+        goto cleanup;
+
+    ret = alloc_data(&privmsg.enc_part.ciphertext, enclen);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_k_encrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
+                         (cstate->length > 0) ? cstate : NULL, der_encpart,
+                         &privmsg.enc_part);
+    if (ret)
+        goto cleanup;
+
+    ret = encode_krb5_priv(&privmsg, &der_krbpriv);
+    if (ret)
+        goto cleanup;
+
+    *der_out = *der_krbpriv;
+    free(der_krbpriv);
+
+    *enc_out = privmsg.enc_part;
+    memset(&privmsg.enc_part, 0, sizeof(privmsg.enc_part));
+
+cleanup:
+    zapfree(privmsg.enc_part.ciphertext.data,
+            privmsg.enc_part.ciphertext.length);
+    zapfreedata(der_encpart);
+    return ret;
+}
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_priv(krb5_context context, krb5_auth_context authcon,
+             const krb5_data *userdata, krb5_data *der_out,
+             krb5_replay_data *rdata_out)
+{
+    krb5_error_code ret;
+    krb5_key key;
+    krb5_replay_data rdata;
+    krb5_data der_krbpriv = empty_data();
+    krb5_enc_data enc;
+    krb5_address *local_addr, *remote_addr, lstorage, rstorage;
+
+    *der_out = empty_data();
+    memset(&enc, 0, sizeof(enc));
+    memset(&lstorage, 0, sizeof(lstorage));
+    memset(&rstorage, 0, sizeof(rstorage));
+    if (!authcon->local_addr)
+        return KRB5_LOCAL_ADDR_REQUIRED;
+
+    ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
+                                &local_addr, &remote_addr);
+    if (ret)
+        goto cleanup;
+
+    key = (authcon->send_subkey != NULL) ? authcon->send_subkey : authcon->key;
+    ret = create_krbpriv(context, userdata, key, &rdata, local_addr,
+                         remote_addr, &authcon->cstate, &der_krbpriv, &enc);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_check_replay(context, authcon, NULL, &enc, NULL);
+    if (ret)
+        goto cleanup;
+
+    *der_out = der_krbpriv;
+    der_krbpriv = empty_data();
+    if ((authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
+        (authcon->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        authcon->local_seq_number++;
+
+cleanup:
+    krb5_free_data_contents(context, &der_krbpriv);
+    zapfree(enc.ciphertext.data, enc.ciphertext.length);
+    free(lstorage.contents);
+    free(rstorage.contents);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_rep.c b/krb5-1.21.3/src/lib/krb5/krb/mk_rep.c
new file mode 100644
index 00000000..dd7a7d91
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_rep.c
@@ -0,0 +1,152 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_rep.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+  Formats a KRB_AP_REP message into outbuf.
+
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
+
+  returns system errors
+*/
+
+static krb5_error_code
+k5_mk_rep(krb5_context context, krb5_auth_context auth_context,
+          krb5_data *outbuf, int dce_style)
+{
+    krb5_error_code       retval;
+    krb5_ap_rep_enc_part  repl;
+    krb5_ap_rep           reply;
+    krb5_data           * scratch;
+    krb5_data           * toutbuf;
+
+    /* Make the reply */
+    if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (auth_context->local_seq_number == 0)) {
+        if ((retval = krb5_generate_seq_number(context,
+                                               &auth_context->key->keyblock,
+                                               &auth_context->local_seq_number)))
+            return(retval);
+    }
+
+    if (dce_style) {
+        krb5_us_timeofday(context, &repl.ctime, &repl.cusec);
+    } else {
+        repl.ctime = auth_context->authentp->ctime;
+        repl.cusec = auth_context->authentp->cusec;
+    }
+
+    if (dce_style)
+        repl.subkey = NULL;
+    else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
+        assert(auth_context->negotiated_etype != ENCTYPE_NULL);
+
+        retval = k5_generate_and_save_subkey(context, auth_context,
+                                             &auth_context->key->keyblock,
+                                             auth_context->negotiated_etype);
+        if (retval)
+            return retval;
+        repl.subkey = &auth_context->send_subkey->keyblock;
+    } else
+        repl.subkey = auth_context->authentp->subkey;
+
+    if (dce_style)
+        repl.seq_number = auth_context->remote_seq_number;
+    else
+        repl.seq_number = auth_context->local_seq_number;
+
+    TRACE_MK_REP(context, repl.ctime, repl.cusec, repl.subkey,
+                 repl.seq_number);
+
+    /* encode it before encrypting */
+    if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
+        return retval;
+
+    if ((retval = k5_encrypt_keyhelper(context, auth_context->key,
+                                       KRB5_KEYUSAGE_AP_REP_ENCPART, scratch,
+                                       &reply.enc_part)))
+        goto cleanup_scratch;
+
+    if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
+        *outbuf = *toutbuf;
+        free(toutbuf);
+    }
+
+    memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
+    free(reply.enc_part.ciphertext.data);
+    reply.enc_part.ciphertext.length = 0;
+    reply.enc_part.ciphertext.data = 0;
+
+cleanup_scratch:
+    memset(scratch->data, 0, scratch->length);
+    krb5_free_data(context, scratch);
+
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)
+{
+    return k5_mk_rep(context, auth_context, outbuf, 0);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_rep_dce(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)
+{
+    return k5_mk_rep(context, auth_context, outbuf, 1);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_req.c b/krb5-1.21.3/src/lib/krb5/krb/mk_req.c
new file mode 100644
index 00000000..162c05b5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_req.c
@@ -0,0 +1,89 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_req.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+
+/*
+  Formats a KRB_AP_REQ message into outbuf.
+
+  server specifies the principal of the server to receive the message; if
+  credentials are not present in the credentials cache for this server, the
+  TGS request with default parameters is used in an attempt to obtain
+  such credentials, and they are stored in ccache.
+
+  kdc_options specifies the options requested for the
+  ap_req_options specifies the KRB_AP_REQ options desired.
+
+  checksum specifies the checksum to be used in the authenticator.
+
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
+
+  returns system errors
+*/
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
+            krb5_flags ap_req_options, const char *service,
+            const char *hostname, krb5_data *in_data, krb5_ccache ccache,
+            krb5_data *outbuf)
+{
+    krb5_error_code       retval;
+    krb5_principal        server;
+    krb5_creds          * credsp;
+    krb5_creds            creds;
+
+    retval = krb5_sname_to_principal(context, hostname, service,
+                                     KRB5_NT_SRV_HST, &server);
+    if (retval)
+        return retval;
+
+    /* obtain ticket & session key */
+    memset(&creds, 0, sizeof(creds));
+    if ((retval = krb5_copy_principal(context, server, &creds.server)))
+        goto cleanup_princ;
+
+    if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)))
+        goto cleanup_creds;
+
+    if ((retval = krb5_get_credentials(context, 0,
+                                       ccache, &creds, &credsp)))
+        goto cleanup_creds;
+
+    retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
+                                  in_data, credsp, outbuf);
+
+    krb5_free_creds(context, credsp);
+
+cleanup_creds:
+    krb5_free_cred_contents(context, &creds);
+
+cleanup_princ:
+    krb5_free_principal(context, server);
+
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_req_ext.c b/krb5-1.21.3/src/lib/krb5/krb/mk_req_ext.c
new file mode 100644
index 00000000..08504860
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_req_ext.c
@@ -0,0 +1,400 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_req_ext.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * krb5_mk_req_extended()
+ */
+
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+  Formats a KRB_AP_REQ message into outbuf, with more complete options than
+  krb_mk_req.
+
+  outbuf, ap_req_options, checksum, and ccache are used in the
+  same fashion as for krb5_mk_req.
+
+  creds is used to supply the credentials (ticket and session key) needed
+  to form the request.
+
+  if creds->ticket has no data (length == 0), then a ticket is obtained
+  from either the cache or the TGS, passing creds to krb5_get_credentials().
+  kdc_options specifies the options requested for the ticket to be used.
+  If a ticket with appropriate flags is not found in the cache, then these
+  options are passed on in a request to an appropriate KDC.
+
+  ap_req_options specifies the KRB_AP_REQ options desired.
+
+  if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket
+  must contain the appropriate ENC-TKT-IN-SKEY ticket.
+
+  checksum specifies the checksum to be used in the authenticator.
+
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
+
+  On an error return, the credentials pointed to by creds might have been
+  augmented with additional fields from the obtained credentials; the entire
+  credentials should be released by calling krb5_free_creds().
+
+  returns system errors
+*/
+
+static krb5_error_code
+make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes,
+                 krb5_enctype tkt_enctype, krb5_boolean client_aware_cb,
+                 krb5_authdata ***authdata_out);
+
+static krb5_error_code
+generate_authenticator(krb5_context,
+                       krb5_authenticator *, krb5_principal,
+                       krb5_checksum *, krb5_key,
+                       krb5_ui_4, krb5_authdata **,
+                       krb5_authdata_context ad_context,
+                       krb5_enctype *desired_etypes,
+                       krb5_enctype tkt_enctype);
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
+                     krb5_flags ap_req_options, krb5_data *in_data,
+                     krb5_creds *in_creds, krb5_data *outbuf)
+{
+    krb5_error_code       retval;
+    krb5_checksum         checksum;
+    krb5_checksum         *checksump = 0;
+    krb5_auth_context     new_auth_context;
+    krb5_enctype          *desired_etypes = NULL;
+
+    krb5_ap_req request;
+    krb5_data *scratch = 0;
+    krb5_data *toutbuf;
+
+    request.ap_options = ap_req_options & AP_OPTS_WIRE_MASK;
+    request.authenticator.ciphertext.data = NULL;
+    request.ticket = 0;
+
+    if (!in_creds->ticket.length)
+        return(KRB5_NO_TKT_SUPPLIED);
+
+    if ((ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) &&
+        !(ap_req_options & AP_OPTS_MUTUAL_REQUIRED))
+        return(EINVAL);
+
+    /* we need a native ticket */
+    if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket)))
+        return(retval);
+
+    /* verify that the ticket is not expired */
+    if ((retval = krb5int_validate_times(context, &in_creds->times)) != 0)
+        goto cleanup;
+
+    /* generate auth_context if needed */
+    if (*auth_context == NULL) {
+        if ((retval = krb5_auth_con_init(context, &new_auth_context)))
+            goto cleanup;
+        *auth_context = new_auth_context;
+    }
+
+    if ((*auth_context)->key != NULL) {
+        krb5_k_free_key(context, (*auth_context)->key);
+        (*auth_context)->key = NULL;
+    }
+
+    /* set auth context keyblock */
+    if ((retval = krb5_k_create_key(context, &in_creds->keyblock,
+                                    &((*auth_context)->key))))
+        goto cleanup;
+
+    /* generate seq number if needed */
+    if ((((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+         || ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        && ((*auth_context)->local_seq_number == 0)) {
+        if ((retval = krb5_generate_seq_number(context, &in_creds->keyblock,
+                                               &(*auth_context)->local_seq_number)))
+            goto cleanup;
+    }
+
+    /* generate subkey if needed */
+    if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
+        retval = k5_generate_and_save_subkey(context, *auth_context,
+                                             &in_creds->keyblock,
+                                             in_creds->keyblock.enctype);
+        if (retval)
+            goto cleanup;
+    }
+
+
+    if (!in_data && (*auth_context)->checksum_func) {
+        retval = (*auth_context)->checksum_func( context,
+                                                 *auth_context,
+                                                 (*auth_context)->checksum_func_data,
+                                                 &in_data);
+        if (retval)
+            goto cleanup;
+    }
+
+    if (in_data) {
+        if ((*auth_context)->req_cksumtype == 0x8003) {
+            /* XXX Special hack for GSSAPI */
+            checksum.checksum_type = 0x8003;
+            checksum.length = in_data->length;
+            checksum.contents = (krb5_octet *) in_data->data;
+        } else {
+            retval = krb5_k_make_checksum(context, 0, (*auth_context)->key,
+                                          KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+                                          in_data, &checksum);
+            if (retval)
+                goto cleanup_cksum;
+        }
+        checksump = &checksum;
+    }
+
+    /* Generate authenticator */
+    if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof(
+                                                                      krb5_authenticator))) == NULL) {
+        retval = ENOMEM;
+        goto cleanup_cksum;
+    }
+
+    if (ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) {
+        if ((*auth_context)->permitted_etypes == NULL) {
+            retval = krb5_get_tgs_ktypes(context, in_creds->server, &desired_etypes);
+            if (retval)
+                goto cleanup_cksum;
+        } else
+            desired_etypes = (*auth_context)->permitted_etypes;
+    }
+
+    TRACE_MK_REQ(context, in_creds, (*auth_context)->local_seq_number,
+                 (*auth_context)->send_subkey, &in_creds->keyblock);
+    if ((retval = generate_authenticator(context,
+                                         (*auth_context)->authentp,
+                                         in_creds->client, checksump,
+                                         (*auth_context)->send_subkey,
+                                         (*auth_context)->local_seq_number,
+                                         in_creds->authdata,
+                                         (*auth_context)->ad_context,
+                                         desired_etypes,
+                                         in_creds->keyblock.enctype)))
+        goto cleanup_cksum;
+
+    /* encode the authenticator */
+    if ((retval = encode_krb5_authenticator((*auth_context)->authentp,
+                                            &scratch)))
+        goto cleanup_cksum;
+
+    /* call the encryption routine */
+    if ((retval = krb5_encrypt_helper(context, &in_creds->keyblock,
+                                      KRB5_KEYUSAGE_AP_REQ_AUTH,
+                                      scratch, &request.authenticator)))
+        goto cleanup_cksum;
+
+    if ((retval = encode_krb5_ap_req(&request, &toutbuf)))
+        goto cleanup_cksum;
+    *outbuf = *toutbuf;
+
+    free(toutbuf);
+
+cleanup_cksum:
+    /* Null out these fields, to prevent pointer sharing problems;
+     * they were supplied by the caller
+     */
+    if ((*auth_context)->authentp != NULL) {
+        (*auth_context)->authentp->client = NULL;
+        (*auth_context)->authentp->checksum = NULL;
+    }
+    if (checksump && checksump->checksum_type != 0x8003)
+        free(checksump->contents);
+
+cleanup:
+    if (desired_etypes &&
+        desired_etypes != (*auth_context)->permitted_etypes)
+        free(desired_etypes);
+    if (request.ticket)
+        krb5_free_ticket(context, request.ticket);
+    if (request.authenticator.ciphertext.data) {
+        (void) memset(request.authenticator.ciphertext.data, 0,
+                      request.authenticator.ciphertext.length);
+        free(request.authenticator.ciphertext.data);
+    }
+    if (scratch) {
+        memset(scratch->data, 0, scratch->length);
+        free(scratch->data);
+        free(scratch);
+    }
+    return retval;
+}
+
+static krb5_error_code
+generate_authenticator(krb5_context context, krb5_authenticator *authent,
+                       krb5_principal client, krb5_checksum *cksum,
+                       krb5_key key, krb5_ui_4 seq_number,
+                       krb5_authdata **authorization,
+                       krb5_authdata_context ad_context,
+                       krb5_enctype *desired_etypes,
+                       krb5_enctype tkt_enctype)
+{
+    krb5_error_code retval;
+    krb5_authdata **ext_authdata = NULL, **ap_authdata, **combined;
+    int client_aware_cb;
+
+    authent->client = client;
+    authent->checksum = cksum;
+    if (key) {
+        retval = krb5_k_key_keyblock(context, key, &authent->subkey);
+        if (retval)
+            return retval;
+    } else
+        authent->subkey = 0;
+    authent->seq_number = seq_number;
+    authent->authorization_data = NULL;
+
+    if (ad_context != NULL) {
+        retval = krb5_authdata_export_authdata(context,
+                                               ad_context,
+                                               AD_USAGE_AP_REQ,
+                                               &ext_authdata);
+        if (retval)
+            return retval;
+    }
+
+    if (authorization != NULL || ext_authdata != NULL) {
+        retval = krb5_merge_authdata(context,
+                                     authorization,
+                                     ext_authdata,
+                                     &authent->authorization_data);
+        if (retval) {
+            krb5_free_authdata(context, ext_authdata);
+            return retval;
+        }
+        krb5_free_authdata(context, ext_authdata);
+    }
+
+    retval = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                 KRB5_CONF_CLIENT_AWARE_GSS_BINDINGS, NULL,
+                                 FALSE, &client_aware_cb);
+    if (retval)
+        return retval;
+
+    /* Add etype negotiation or channel-binding awareness authdata to the
+     * front, if appropriate. */
+    retval = make_ap_authdata(context, desired_etypes, tkt_enctype,
+                              client_aware_cb, &ap_authdata);
+    if (retval)
+        return retval;
+    if (ap_authdata != NULL) {
+        retval = krb5_merge_authdata(context, ap_authdata,
+                                     authent->authorization_data, &combined);
+        krb5_free_authdata(context, ap_authdata);
+        if (retval)
+            return retval;
+        krb5_free_authdata(context, authent->authorization_data);
+        authent->authorization_data = combined;
+    }
+
+    return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec));
+}
+
+/* Set *out to a DER-encoded RFC 4537 etype list, or to NULL if no etype list
+ * should be sent. */
+static krb5_error_code
+make_etype_list(krb5_context context, krb5_enctype *desired_enctypes,
+                krb5_enctype tkt_enctype, krb5_data **out)
+{
+    krb5_etype_list etlist;
+    int count;
+
+    *out = NULL;
+
+    /* Only send a list if we prefer another enctype to tkt_enctype. */
+    if (desired_enctypes == NULL || desired_enctypes[0] == tkt_enctype)
+        return 0;
+
+    /* Count elements of desired_etypes, stopping at tkt_enctypes if present.
+     * (Per RFC 4537, it must be the last option if it is included.) */
+    for (count = 0; desired_enctypes[count] != ENCTYPE_NULL; count++) {
+        if (count > 0 && desired_enctypes[count - 1] == tkt_enctype)
+            break;
+    }
+
+    etlist.etypes = desired_enctypes;
+    etlist.length = count;
+    return encode_krb5_etype_list(&etlist, out);
+}
+
+/* Set *authdata_out to appropriate authenticator authdata for the request,
+ * encoded in a single AD_IF_RELEVANT element. */
+static krb5_error_code
+make_ap_authdata(krb5_context context, krb5_enctype *desired_enctypes,
+                 krb5_enctype tkt_enctype, krb5_boolean client_aware_cb,
+                 krb5_authdata ***authdata_out)
+{
+    krb5_error_code ret;
+    krb5_authdata etypes_ad, flags_ad, *list[3];
+    krb5_data *der_etypes = NULL;
+    size_t count = 0;
+    uint8_t flagbuf[4];
+    const uint32_t KERB_AP_OPTIONS_CBT = 0x4000;
+
+    *authdata_out = NULL;
+
+    /* Include an ETYPE_NEGOTIATION element if appropriate. */
+    ret = make_etype_list(context, desired_enctypes, tkt_enctype, &der_etypes);
+    if (ret)
+        goto cleanup;
+    if (der_etypes != NULL) {
+        etypes_ad.magic = KV5M_AUTHDATA;
+        etypes_ad.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION;
+        etypes_ad.length = der_etypes->length;
+        etypes_ad.contents = (uint8_t *)der_etypes->data;
+        list[count++] = &etypes_ad;
+    }
+
+    /* Include an AP_OPTIONS element if the CBT flag is configured. */
+    if (client_aware_cb != 0) {
+        store_32_le(KERB_AP_OPTIONS_CBT, flagbuf);
+        flags_ad.magic = KV5M_AUTHDATA;
+        flags_ad.ad_type = KRB5_AUTHDATA_AP_OPTIONS;
+        flags_ad.length = 4;
+        flags_ad.contents = flagbuf;
+        list[count++] = &flags_ad;
+    }
+
+    if (count > 0) {
+        list[count] = NULL;
+        ret = krb5_encode_authdata_container(context,
+                                             KRB5_AUTHDATA_IF_RELEVANT,
+                                             list, authdata_out);
+    }
+
+cleanup:
+    krb5_free_data(context, der_etypes);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/mk_safe.c b/krb5-1.21.3/src/lib/krb5/krb/mk_safe.c
new file mode 100644
index 00000000..151a06e6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/mk_safe.c
@@ -0,0 +1,174 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/mk_safe.c - definition of krb5_mk_safe() */
+/*
+ * Copyright 1990,1991,2019 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+ * Marshal a KRB-SAFE message into der_out, with a keyed checksum of type
+ * sumtype.  Store the checksum in cksum_out.  Use the timestamp and sequence
+ * number from rdata and the addresses from local_addr and remote_addr (the
+ * second of which may be NULL).  der_out and cksum_out should be freed by the
+ * caller when finished.
+ */
+static krb5_error_code
+create_krbsafe(krb5_context context, const krb5_data *userdata, krb5_key key,
+               const krb5_replay_data *rdata, krb5_address *local_addr,
+               krb5_address *remote_addr, krb5_cksumtype sumtype,
+               krb5_data *der_out, krb5_checksum *cksum_out)
+{
+    krb5_error_code ret;
+    krb5_safe safemsg;
+    krb5_octet zero_octet = 0;
+    krb5_checksum safe_checksum;
+    krb5_data *der_krbsafe;
+
+    if (sumtype && !krb5_c_valid_cksumtype(sumtype))
+        return KRB5_PROG_SUMTYPE_NOSUPP;
+    if (sumtype && !krb5_c_is_keyed_cksum(sumtype))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
+
+    safemsg.user_data = *userdata;
+    safemsg.s_address = local_addr;
+    safemsg.r_address = remote_addr;
+    safemsg.timestamp = rdata->timestamp;
+    safemsg.usec = rdata->usec;
+    safemsg.seq_number = rdata->seq;
+
+    /* Encode the message with a zero-length zero-type checksum. */
+    safe_checksum.length = 0;
+    safe_checksum.checksum_type = 0;
+    safe_checksum.contents = &zero_octet;
+    safemsg.checksum = &safe_checksum;
+    ret = encode_krb5_safe(&safemsg, &der_krbsafe);
+    if (ret)
+        return ret;
+
+    /* Checksum the encoding. */
+    ret = krb5_k_make_checksum(context, sumtype, key,
+                               KRB5_KEYUSAGE_KRB_SAFE_CKSUM, der_krbsafe,
+                               &safe_checksum);
+    zapfreedata(der_krbsafe);
+    if (ret)
+        return ret;
+
+    /* Encode the message again with the real checksum. */
+    safemsg.checksum = &safe_checksum;
+    ret = encode_krb5_safe(&safemsg, &der_krbsafe);
+    if (ret) {
+        krb5_free_checksum_contents(context, &safe_checksum);
+        return ret;
+    }
+
+    *der_out = *der_krbsafe;
+    free(der_krbsafe);
+    *cksum_out = safe_checksum;
+    return 0;
+}
+
+/* Return the checksum type for the KRB-SAFE message, or 0 to use the enctype's
+ * mandatory checksum. */
+static krb5_cksumtype
+safe_cksumtype(krb5_context context, krb5_auth_context auth_context,
+               krb5_enctype enctype)
+{
+    krb5_error_code ret;
+    unsigned int nsumtypes, i;
+    krb5_cksumtype *sumtypes;
+
+    /* Use the auth context's safe_cksumtype if it is valid for the enctype.
+     * Otherwise return 0 for the mandatory checksum. */
+    ret = krb5_c_keyed_checksum_types(context, enctype, &nsumtypes, &sumtypes);
+    if (ret != 0)
+        return 0;
+    for (i = 0; i < nsumtypes; i++) {
+        if (auth_context->safe_cksumtype == sumtypes[i])
+            break;
+    }
+    krb5_free_cksumtypes(context, sumtypes);
+    return (i == nsumtypes) ? 0 : auth_context->safe_cksumtype;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_mk_safe(krb5_context context, krb5_auth_context authcon,
+             const krb5_data *userdata, krb5_data *der_out,
+             krb5_replay_data *rdata_out)
+{
+    krb5_error_code ret;
+    krb5_key key;
+    krb5_replay_data rdata;
+    krb5_data der_krbsafe = empty_data();
+    krb5_checksum cksum;
+    krb5_address *local_addr, *remote_addr, lstorage, rstorage;
+    krb5_cksumtype sumtype;
+
+    *der_out = empty_data();
+    memset(&cksum, 0, sizeof(cksum));
+    memset(&lstorage, 0, sizeof(lstorage));
+    memset(&rstorage, 0, sizeof(rstorage));
+    if (authcon->local_addr == NULL)
+        return KRB5_LOCAL_ADDR_REQUIRED;
+
+    ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
+                                &local_addr, &remote_addr);
+    if (ret)
+        goto cleanup;
+
+    key = (authcon->send_subkey != NULL) ? authcon->send_subkey : authcon->key;
+    sumtype = safe_cksumtype(context, authcon, key->keyblock.enctype);
+    ret = create_krbsafe(context, userdata, key, &rdata, local_addr,
+                         remote_addr, sumtype, &der_krbsafe, &cksum);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_check_replay(context, authcon, NULL, NULL, &cksum);
+    if (ret)
+        goto cleanup;
+
+    *der_out = der_krbsafe;
+    der_krbsafe = empty_data();
+    if ((authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
+        (authcon->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        authcon->local_seq_number++;
+
+cleanup:
+    krb5_free_data_contents(context, &der_krbsafe);
+    krb5_free_checksum_contents(context, &cksum);
+    free(lstorage.contents);
+    free(rstorage.contents);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/pac.c b/krb5-1.21.3/src/lib/krb5/krb/pac.c
new file mode 100644
index 00000000..5d1fdf1b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/pac.c
@@ -0,0 +1,1279 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/pac.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "authdata.h"
+#include "k5-input.h"
+
+#define MAX_BUFFERS 4096
+
+/*
+ * Add a buffer containing data to pac's metadata and encoding.  If zerofill is
+ * true, data->data must be NULL and the buffer will be zero-filled with length
+ * data->length.
+ */
+krb5_error_code
+k5_pac_add_buffer(krb5_context context, krb5_pac pac, uint32_t type,
+                  const krb5_data *data, krb5_boolean zerofill,
+                  krb5_data *data_out)
+{
+    struct k5_pac_buffer *nbufs;
+    size_t header_len, i, pad = 0;
+    char *ndata, *bufdata;
+
+    assert((data->data == NULL) == zerofill);
+
+    /* Check for an existing buffer of this type. */
+    if (k5_pac_locate_buffer(context, pac, type, NULL) == 0)
+        return EEXIST;
+
+    if (pac->nbuffers >= MAX_BUFFERS)
+        return ERANGE;
+    nbufs = realloc(pac->buffers, (pac->nbuffers + 1) * sizeof(*pac->buffers));
+    if (nbufs == NULL)
+        return ENOMEM;
+    pac->buffers = nbufs;
+
+    header_len = PACTYPE_LENGTH + pac->nbuffers * PAC_INFO_BUFFER_LENGTH;
+
+    if (data->length % PAC_ALIGNMENT)
+        pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT);
+    ndata = realloc(pac->data.data,
+                    pac->data.length + PAC_INFO_BUFFER_LENGTH +
+                    data->length + pad);
+    if (ndata == NULL)
+        return ENOMEM;
+    pac->data.data = ndata;
+
+    /* Update the offsets of existing buffers. */
+    for (i = 0; i < pac->nbuffers; i++)
+        pac->buffers[i].offset += PAC_INFO_BUFFER_LENGTH;
+
+    /* Make room for the new buffer's metadata. */
+    memmove(pac->data.data + header_len + PAC_INFO_BUFFER_LENGTH,
+            pac->data.data + header_len,
+            pac->data.length - header_len);
+    memset(pac->data.data + header_len, 0, PAC_INFO_BUFFER_LENGTH);
+
+    /* Initialize the new buffer. */
+    pac->buffers[i].type = type;
+    pac->buffers[i].size = data->length;
+    pac->buffers[i].offset = pac->data.length + PAC_INFO_BUFFER_LENGTH;
+    assert((pac->buffers[i].offset % PAC_ALIGNMENT) == 0);
+
+    /* Copy in new PAC data and zero padding bytes. */
+    bufdata = pac->data.data + pac->buffers[i].offset;
+    if (zerofill)
+        memset(bufdata, 0, data->length);
+    else
+        memcpy(bufdata, data->data, data->length);
+    memset(bufdata + data->length, 0, pad);
+
+    pac->nbuffers++;
+    pac->data.length += PAC_INFO_BUFFER_LENGTH + data->length + pad;
+
+    if (data_out != NULL)
+        *data_out = make_data(bufdata, data->length);
+
+    pac->verified = FALSE;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_add_buffer(krb5_context context, krb5_pac pac, uint32_t type,
+                    const krb5_data *data)
+{
+    return k5_pac_add_buffer(context, pac, type, data, FALSE, NULL);
+}
+
+/*
+ * Free a PAC
+ */
+void KRB5_CALLCONV
+krb5_pac_free(krb5_context context, krb5_pac pac)
+{
+    if (pac != NULL) {
+        zapfree(pac->data.data, pac->data.length);
+        free(pac->buffers);
+        zapfree(pac, sizeof(*pac));
+    }
+}
+
+krb5_error_code
+k5_pac_locate_buffer(krb5_context context, const krb5_pac pac, uint32_t type,
+                     krb5_data *data_out)
+{
+    struct k5_pac_buffer *buffer = NULL;
+    size_t i;
+
+    if (pac == NULL)
+        return EINVAL;
+
+    for (i = 0; i < pac->nbuffers; i++) {
+        if (pac->buffers[i].type == type) {
+            if (buffer == NULL)
+                buffer = &pac->buffers[i];
+            else
+                return EINVAL;
+        }
+    }
+
+    if (buffer == NULL)
+        return ENOENT;
+
+    assert(buffer->offset < pac->data.length);
+    assert(buffer->size <= pac->data.length - buffer->offset);
+
+    if (data_out != NULL)
+        *data_out = make_data(pac->data.data + buffer->offset, buffer->size);
+
+    return 0;
+}
+
+/*
+ * Find a buffer and copy data into output
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_buffer(krb5_context context, krb5_pac pac, uint32_t type,
+                    krb5_data *data_out)
+{
+    krb5_data d;
+    krb5_error_code ret;
+
+    ret = k5_pac_locate_buffer(context, pac, type, &d);
+    if (ret)
+        return ret;
+
+    data_out->data = k5memdup(d.data, d.length, &ret);
+    if (data_out->data == NULL)
+        return ret;
+    data_out->length = d.length;
+    return 0;
+}
+
+/*
+ * Return an array of the types of data in the PAC
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len_out,
+                   uint32_t **types_out)
+{
+    size_t i;
+
+    *types_out = calloc(pac->nbuffers, sizeof(*types_out));
+    if (*types_out == NULL)
+        return ENOMEM;
+
+    *len_out = pac->nbuffers;
+
+    for (i = 0; i < pac->nbuffers; i++)
+        (*types_out)[i] = pac->buffers[i].type;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_init(krb5_context context, krb5_pac *pac_out)
+{
+    krb5_error_code ret;
+    krb5_pac pac;
+
+    *pac_out = NULL;
+
+    pac = malloc(sizeof(*pac));
+    if (pac == NULL)
+        return ENOMEM;
+
+    pac->nbuffers = 0;
+    pac->buffers = NULL;
+    pac->version = 0;
+
+    pac->data.length = PACTYPE_LENGTH;
+    pac->data.data = k5alloc(pac->data.length, &ret);
+    if (pac->data.data == NULL) {
+        free(pac);
+        return ret;
+    }
+
+    pac->verified = FALSE;
+
+    *pac_out = pac;
+    return 0;
+}
+
+static krb5_error_code
+copy_pac(krb5_context context, krb5_pac src, krb5_pac *dst_out)
+{
+    krb5_error_code ret;
+    krb5_pac pac;
+
+    *dst_out = NULL;
+
+    pac = k5alloc(sizeof(*pac), &ret);
+    if (pac == NULL)
+        goto fail;
+
+    pac->buffers = k5memdup(src->buffers,
+                            src->nbuffers * sizeof(*pac->buffers), &ret);
+    if (pac->buffers == NULL)
+        goto fail;
+
+    ret = krb5int_copy_data_contents(context, &src->data, &pac->data);
+    if (ret)
+        goto fail;
+
+    pac->nbuffers = src->nbuffers;
+    pac->version = src->version;
+    pac->verified = src->verified;
+
+    *dst_out = pac;
+    return 0;
+
+fail:
+    krb5_pac_free(context, pac);
+    return ret;
+}
+
+/* Parse the supplied data into an allocated PAC. */
+krb5_error_code KRB5_CALLCONV
+krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
+               krb5_pac *ppac)
+{
+    krb5_error_code ret;
+    size_t i;
+    krb5_pac pac;
+    size_t header_len;
+    uint32_t nbuffers, version;
+    struct k5input in;
+    char *ndata;
+
+    *ppac = NULL;
+
+    k5_input_init(&in, ptr, len);
+
+    nbuffers = k5_input_get_uint32_le(&in);
+    version = k5_input_get_uint32_le(&in);
+    if (in.status || version != 0)
+        return EINVAL;
+
+    if (nbuffers < 1 || nbuffers > MAX_BUFFERS)
+        return ERANGE;
+
+    header_len = PACTYPE_LENGTH + (nbuffers * PAC_INFO_BUFFER_LENGTH);
+    if (len < header_len)
+        return ERANGE;
+
+    ret = krb5_pac_init(context, &pac);
+    if (ret)
+        return ret;
+
+    pac->buffers = k5calloc(nbuffers, sizeof(*pac->buffers), &ret);
+    if (ret)
+        goto fail;
+
+    pac->nbuffers = nbuffers;
+    pac->version = version;
+
+    for (i = 0; i < nbuffers; i++) {
+        struct k5_pac_buffer *buffer = &pac->buffers[i];
+
+        buffer->type = k5_input_get_uint32_le(&in);
+        buffer->size = k5_input_get_uint32_le(&in);
+        buffer->offset = k5_input_get_uint64_le(&in);
+
+        if (in.status || buffer->offset % PAC_ALIGNMENT) {
+            ret = EINVAL;
+            goto fail;
+        }
+        if (buffer->offset < header_len || buffer->offset > len ||
+            buffer->size > len - buffer->offset) {
+            ret = ERANGE;
+            goto fail;
+        }
+    }
+
+    ndata = realloc(pac->data.data, len);
+    if (ndata == NULL) {
+        krb5_pac_free(context, pac);
+        return ENOMEM;
+    }
+    pac->data.data = ndata;
+    memcpy(ndata, ptr, len);
+
+    pac->data.length = len;
+
+    *ppac = pac;
+
+    return 0;
+
+fail:
+    krb5_pac_free(context, pac);
+    return ret;
+}
+
+static krb5_error_code
+k5_time_to_seconds_since_1970(uint64_t ntTime, krb5_timestamp *elapsedSeconds)
+{
+    uint64_t abstime = ntTime / 10000000 - NT_TIME_EPOCH;
+
+    if (abstime > UINT32_MAX)
+        return ERANGE;
+    *elapsedSeconds = abstime;
+    return 0;
+}
+
+krb5_error_code
+k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, uint64_t *ntTime)
+{
+    *ntTime = (uint32_t)elapsedSeconds;
+    *ntTime += NT_TIME_EPOCH;
+    *ntTime *= 10000000;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_get_client_info(krb5_context context, const krb5_pac pac,
+                         krb5_timestamp *authtime_out, char **princname_out)
+{
+    krb5_error_code ret;
+    krb5_data client_info;
+    char *pac_princname;
+    unsigned char *p;
+    krb5_timestamp pac_authtime;
+    uint16_t pac_princname_length;
+    uint64_t pac_nt_authtime;
+
+    if (authtime_out != NULL)
+        *authtime_out = 0;
+    *princname_out = NULL;
+
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
+                               &client_info);
+    if (ret)
+        return ret;
+
+    if (client_info.length < PAC_CLIENT_INFO_LENGTH)
+        return ERANGE;
+
+    p = (unsigned char *)client_info.data;
+    pac_nt_authtime = load_64_le(p);
+    p += 8;
+    pac_princname_length = load_16_le(p);
+    p += 2;
+
+    ret = k5_time_to_seconds_since_1970(pac_nt_authtime, &pac_authtime);
+    if (ret)
+        return ret;
+
+    if (client_info.length < PAC_CLIENT_INFO_LENGTH + pac_princname_length ||
+        pac_princname_length % 2)
+        return ERANGE;
+
+    ret = k5_utf16le_to_utf8(p, pac_princname_length, &pac_princname);
+    if (ret)
+        return ret;
+
+    if (authtime_out != NULL)
+        *authtime_out = pac_authtime;
+    *princname_out = pac_princname;
+
+    return 0;
+}
+
+krb5_error_code
+k5_pac_validate_client(krb5_context context, const krb5_pac pac,
+                       krb5_timestamp authtime, krb5_const_principal principal,
+                       krb5_boolean with_realm)
+{
+    krb5_error_code ret;
+    char *pac_princname, *princname;
+    krb5_timestamp pac_authtime;
+    int flags = 0;
+
+    ret = krb5_pac_get_client_info(context, pac, &pac_authtime,
+                                   &pac_princname);
+    if (ret)
+        return ret;
+
+    flags = KRB5_PRINCIPAL_UNPARSE_DISPLAY;
+    if (!with_realm)
+        flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
+
+    ret = krb5_unparse_name_flags(context, principal, flags, &princname);
+    if (ret) {
+        free(pac_princname);
+        return ret;
+    }
+
+    if (pac_authtime != authtime || strcmp(pac_princname, princname) != 0)
+        ret = KRB5KRB_AP_WRONG_PRINC;
+
+    free(pac_princname);
+    krb5_free_unparsed_name(context, princname);
+
+    return ret;
+}
+
+/* Zero out the signature in a copy of the PAC data. */
+static krb5_error_code
+zero_signature(krb5_context context, const krb5_pac pac, uint32_t type,
+               krb5_data *data)
+{
+    struct k5_pac_buffer *buffer = NULL;
+    size_t i;
+
+    assert(type == KRB5_PAC_SERVER_CHECKSUM ||
+           type == KRB5_PAC_PRIVSVR_CHECKSUM ||
+           type == KRB5_PAC_FULL_CHECKSUM);
+    assert(data->length >= pac->data.length);
+
+    for (i = 0; i < pac->nbuffers; i++) {
+        if (pac->buffers[i].type == type) {
+            buffer = &pac->buffers[i];
+            break;
+        }
+    }
+
+    if (buffer == NULL)
+        return ENOENT;
+
+    if (buffer->size < PAC_SIGNATURE_DATA_LENGTH)
+        return KRB5_BAD_MSIZE;
+    if (buffer->size > pac->data.length ||
+        buffer->offset > pac->data.length - buffer->size)
+        return ERANGE;
+
+    /* Within the copy, zero out the data portion of the checksum only. */
+    memset(data->data + buffer->offset + PAC_SIGNATURE_DATA_LENGTH, 0,
+           buffer->size - PAC_SIGNATURE_DATA_LENGTH);
+
+    return 0;
+}
+
+static krb5_error_code
+verify_checksum(krb5_context context, const krb5_pac pac, uint32_t buffer_type,
+                const krb5_keyblock *key, krb5_keyusage usage,
+                const krb5_data *data)
+{
+    krb5_error_code ret;
+    krb5_data buffer;
+    krb5_cksumtype cksumtype;
+    krb5_checksum checksum;
+    krb5_boolean valid;
+    size_t cksumlen;
+
+    ret = k5_pac_locate_buffer(context, pac, buffer_type, &buffer);
+    if (ret)
+        return ret;
+    if (buffer.length < PAC_SIGNATURE_DATA_LENGTH)
+        return KRB5_BAD_MSIZE;
+
+    cksumtype = load_32_le(buffer.data);
+    if (buffer_type == KRB5_PAC_SERVER_CHECKSUM && cksumtype == CKSUMTYPE_SHA1)
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+    if (!krb5_c_is_keyed_cksum(cksumtype))
+        return KRB5KRB_ERR_GENERIC;
+
+    /* There may be an RODCIdentifier trailer (see [MS-PAC] 2.8), so look up
+     * the length of the checksum by its type. */
+    ret = krb5_c_checksum_length(context, cksumtype, &cksumlen);
+    if (ret)
+        return ret;
+    if (cksumlen > buffer.length - PAC_SIGNATURE_DATA_LENGTH)
+        return KRB5_BAD_MSIZE;
+    checksum.checksum_type = cksumtype;
+    checksum.length = cksumlen;
+    checksum.contents = (uint8_t *)buffer.data + PAC_SIGNATURE_DATA_LENGTH;
+
+    ret = krb5_c_verify_checksum(context, key, usage, data, &checksum, &valid);
+    return ret ? ret : (valid ? 0 : KRB5KRB_AP_ERR_MODIFIED);
+}
+
+static krb5_error_code
+verify_pac_checksums(krb5_context context, const krb5_pac pac,
+                     krb5_boolean expect_full_checksum,
+                     const krb5_keyblock *server, const krb5_keyblock *privsvr)
+{
+    krb5_error_code ret;
+    krb5_data copy, server_checksum;
+
+    /* Make a copy of the PAC with zeroed out server and privsvr checksums. */
+    ret = krb5int_copy_data_contents(context, &pac->data, &copy);
+    if (ret)
+        return ret;
+
+    ret = zero_signature(context, pac, KRB5_PAC_SERVER_CHECKSUM, &copy);
+    if (ret)
+        goto cleanup;
+    ret = zero_signature(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM, &copy);
+    if (ret)
+        goto cleanup;
+
+    if (server != NULL) {
+        /* Verify the server checksum over the PAC copy. */
+        ret = verify_checksum(context, pac, KRB5_PAC_SERVER_CHECKSUM, server,
+                              KRB5_KEYUSAGE_APP_DATA_CKSUM, &copy);
+    }
+
+    if (privsvr != NULL && expect_full_checksum) {
+        /* Zero the full checksum buffer in the copy and verify the full
+         * checksum over the copy with all three checksums zeroed. */
+        ret = zero_signature(context, pac, KRB5_PAC_FULL_CHECKSUM, &copy);
+        if (ret)
+            goto cleanup;
+        ret = verify_checksum(context, pac, KRB5_PAC_FULL_CHECKSUM, privsvr,
+                              KRB5_KEYUSAGE_APP_DATA_CKSUM, &copy);
+        if (ret)
+            goto cleanup;
+    }
+
+    if (privsvr != NULL) {
+        /* Verify the privsvr checksum over the server checksum. */
+        ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                                   &server_checksum);
+        if (ret)
+            return ret;
+        if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
+            return KRB5_BAD_MSIZE;
+        server_checksum.data += PAC_SIGNATURE_DATA_LENGTH;
+        server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
+
+        ret = verify_checksum(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM, privsvr,
+                              KRB5_KEYUSAGE_APP_DATA_CKSUM, &server_checksum);
+        if (ret)
+            goto cleanup;
+    }
+
+    pac->verified = TRUE;
+
+cleanup:
+    free(copy.data);
+    return ret;
+}
+
+/* Per MS-PAC 2.8.3, tickets encrypted to TGS and password change principals
+ * should not have ticket signatures. */
+krb5_boolean
+k5_pac_should_have_ticket_signature(krb5_const_principal sprinc)
+{
+    if (IS_TGS_PRINC(sprinc))
+        return FALSE;
+    if (sprinc->length == 2 && data_eq_string(sprinc->data[0], "kadmin") &&
+        data_eq_string(sprinc->data[1], "changepw"))
+        return FALSE;
+    return TRUE;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt,
+                       krb5_const_principal server_princ,
+                       const krb5_keyblock *server,
+                       const krb5_keyblock *privsvr, krb5_pac *pac_out)
+{
+    krb5_error_code ret;
+    krb5_pac pac = NULL;
+    krb5_data *recoded_tkt = NULL;
+    krb5_authdata **authdata = enc_tkt->authorization_data;
+    krb5_authdata *orig, **ifrel = NULL, **recoded_ifrel = NULL;
+    uint8_t z = 0;
+    krb5_authdata zpac = { KV5M_AUTHDATA, KRB5_AUTHDATA_WIN2K_PAC, 1, &z };
+    krb5_boolean is_service_tkt;
+    size_t i, j;
+
+    *pac_out = NULL;
+
+    if (authdata == NULL)
+        return 0;
+
+    /*
+     * Find the position of the PAC in the ticket authdata.  ifrel will be the
+     * decoded AD-IF-RELEVANT container at position i containing a PAC, and j
+     * will be the offset within the container.
+     */
+    for (i = 0; authdata[i] != NULL; i++) {
+        if (authdata[i]->ad_type != KRB5_AUTHDATA_IF_RELEVANT)
+            continue;
+
+        ret = krb5_decode_authdata_container(context,
+                                             KRB5_AUTHDATA_IF_RELEVANT,
+                                             authdata[i], &ifrel);
+        if (ret)
+            goto cleanup;
+
+        for (j = 0; ifrel[j] != NULL; j++) {
+            if (ifrel[j]->ad_type == KRB5_AUTHDATA_WIN2K_PAC)
+                break;
+        }
+        if (ifrel[j] != NULL)
+            break;
+
+        krb5_free_authdata(context, ifrel);
+        ifrel = NULL;
+    }
+
+    /* Stop and return successfully if we didn't find a PAC. */
+    if (authdata[i] == NULL) {
+        ret = 0;
+        goto cleanup;
+    }
+
+    ret = krb5_pac_parse(context, ifrel[j]->contents, ifrel[j]->length, &pac);
+    if (ret)
+        goto cleanup;
+
+    is_service_tkt = k5_pac_should_have_ticket_signature(server_princ);
+    if (privsvr != NULL && is_service_tkt) {
+        /* To check the PAC ticket signatures, re-encode the ticket with the
+         * PAC contents replaced by a single zero. */
+        orig = ifrel[j];
+        ifrel[j] = &zpac;
+        ret = krb5_encode_authdata_container(context,
+                                             KRB5_AUTHDATA_IF_RELEVANT,
+                                             ifrel, &recoded_ifrel);
+        ifrel[j] = orig;
+        if (ret)
+            goto cleanup;
+        orig = authdata[i];
+        authdata[i] = recoded_ifrel[0];
+        ret = encode_krb5_enc_tkt_part(enc_tkt, &recoded_tkt);
+        authdata[i] = orig;
+        if (ret)
+            goto cleanup;
+
+        ret = verify_checksum(context, pac, KRB5_PAC_TICKET_CHECKSUM, privsvr,
+                              KRB5_KEYUSAGE_APP_DATA_CKSUM, recoded_tkt);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = verify_pac_checksums(context, pac, is_service_tkt, server, privsvr);
+    if (ret)
+        goto cleanup;
+
+    *pac_out = pac;
+    pac = NULL;
+
+cleanup:
+    krb5_pac_free(context, pac);
+    krb5_free_data(context, recoded_tkt);
+    krb5_free_authdata(context, ifrel);
+    krb5_free_authdata(context, recoded_ifrel);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_verify(krb5_context context,
+                const krb5_pac pac,
+                krb5_timestamp authtime,
+                krb5_const_principal principal,
+                const krb5_keyblock *server,
+                const krb5_keyblock *privsvr)
+{
+    return krb5_pac_verify_ext(context, pac, authtime, principal, server,
+                               privsvr, FALSE);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_verify_ext(krb5_context context,
+                    const krb5_pac pac,
+                    krb5_timestamp authtime,
+                    krb5_const_principal principal,
+                    const krb5_keyblock *server,
+                    const krb5_keyblock *privsvr,
+                    krb5_boolean with_realm)
+{
+    krb5_error_code ret;
+
+    if (server != NULL || privsvr != NULL) {
+        ret = verify_pac_checksums(context, pac, FALSE, server, privsvr);
+        if (ret)
+            return ret;
+    }
+
+    if (principal != NULL) {
+        ret = k5_pac_validate_client(context, pac, authtime,
+                                     principal, with_realm);
+        if (ret)
+            return ret;
+    }
+
+    return 0;
+}
+
+/*
+ * PAC auth data attribute backend
+ */
+struct mspac_context {
+    krb5_pac pac;
+};
+
+static krb5_error_code
+mspac_init(krb5_context context, void **plugin_context)
+{
+    *plugin_context = NULL;
+    return 0;
+}
+
+static void
+mspac_flags(krb5_context context, void *plugin_context,
+            krb5_authdatatype ad_type, krb5_flags *flags)
+{
+    *flags = AD_USAGE_TGS_REQ;
+}
+
+static void
+mspac_fini(krb5_context context, void *plugin_context)
+{
+    return;
+}
+
+static krb5_error_code
+mspac_request_init(krb5_context context, krb5_authdata_context actx,
+                   void *plugin_context, void **request_context)
+{
+    struct mspac_context *pacctx;
+
+    pacctx = malloc(sizeof(*pacctx));
+    if (pacctx == NULL)
+        return ENOMEM;
+
+    pacctx->pac = NULL;
+
+    *request_context = pacctx;
+
+    return 0;
+}
+
+static krb5_error_code
+mspac_import_authdata(krb5_context context, krb5_authdata_context actx,
+                      void *plugin_context, void *request_context,
+                      krb5_authdata **authdata, krb5_boolean kdc_issued,
+                      krb5_const_principal kdc_issuer)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+
+    if (kdc_issued)
+        return EINVAL;
+
+    if (pacctx->pac != NULL) {
+        krb5_pac_free(context, pacctx->pac);
+        pacctx->pac = NULL;
+    }
+
+    assert(authdata[0] != NULL);
+    assert((authdata[0]->ad_type & AD_TYPE_FIELD_TYPE_MASK) ==
+           KRB5_AUTHDATA_WIN2K_PAC);
+
+    return krb5_pac_parse(context, authdata[0]->contents, authdata[0]->length,
+                          &pacctx->pac);
+}
+
+static krb5_error_code
+mspac_export_authdata(krb5_context context, krb5_authdata_context actx,
+                      void *plugin_context, void *request_context,
+                      krb5_flags usage, krb5_authdata ***authdata_out)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    krb5_error_code code;
+    krb5_authdata **authdata;
+    krb5_data data;
+
+    if (pacctx->pac == NULL)
+        return 0;
+
+    authdata = calloc(2, sizeof(krb5_authdata *));
+    if (authdata == NULL)
+        return ENOMEM;
+
+    authdata[0] = calloc(1, sizeof(krb5_authdata));
+    if (authdata[0] == NULL) {
+        free(authdata);
+        return ENOMEM;
+    }
+    authdata[1] = NULL;
+
+    code = krb5int_copy_data_contents(context, &pacctx->pac->data, &data);
+    if (code != 0) {
+        krb5_free_authdata(context, authdata);
+        return code;
+    }
+
+    authdata[0]->magic = KV5M_AUTHDATA;
+    authdata[0]->ad_type = KRB5_AUTHDATA_WIN2K_PAC;
+    authdata[0]->length = data.length;
+    authdata[0]->contents = (krb5_octet *)data.data;
+
+    authdata[1] = NULL;
+
+    *authdata_out = authdata;
+
+    return 0;
+}
+
+static krb5_error_code
+mspac_verify(krb5_context context, krb5_authdata_context actx,
+             void *plugin_context, void *request_context,
+             const krb5_auth_context *auth_context, const krb5_keyblock *key,
+             const krb5_ap_req *req)
+{
+    krb5_error_code ret;
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+
+    if (pacctx->pac == NULL)
+        return EINVAL;
+
+    ret = krb5_pac_verify(context, pacctx->pac,
+                          req->ticket->enc_part2->times.authtime,
+                          req->ticket->enc_part2->client, key, NULL);
+    if (ret)
+        TRACE_MSPAC_VERIFY_FAIL(context, ret);
+
+    /*
+     * If the above verification failed, don't fail the whole authentication,
+     * just don't mark the PAC as verified.  A checksum mismatch can occur if
+     * the PAC was copied from a cross-realm TGT by an ignorant KDC, and Apple
+     * macOS Server Open Directory (as of 10.6) generates PACs with no server
+     * checksum at all.
+     */
+    return 0;
+}
+
+static void
+mspac_request_fini(krb5_context context, krb5_authdata_context actx,
+                   void *plugin_context, void *request_context)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+
+    if (pacctx != NULL) {
+        krb5_pac_free(context, pacctx->pac);
+        free(pacctx);
+    }
+}
+
+#define STRLENOF(x) (sizeof((x)) - 1)
+
+static struct {
+    uint32_t type;
+    krb5_data attribute;
+} mspac_attribute_types[] = {
+    { (uint32_t)-1,             { KV5M_DATA, STRLENOF("urn:mspac:"),
+                                  "urn:mspac:" } },
+    { KRB5_PAC_LOGON_INFO,       { KV5M_DATA,
+                                   STRLENOF("urn:mspac:logon-info"),
+                                   "urn:mspac:logon-info" } },
+    { KRB5_PAC_CREDENTIALS_INFO, { KV5M_DATA,
+                                   STRLENOF("urn:mspac:credentials-info"),
+                                   "urn:mspac:credentials-info" } },
+    { KRB5_PAC_SERVER_CHECKSUM,  { KV5M_DATA,
+                                   STRLENOF("urn:mspac:server-checksum"),
+                                   "urn:mspac:server-checksum" } },
+    { KRB5_PAC_PRIVSVR_CHECKSUM, { KV5M_DATA,
+                                   STRLENOF("urn:mspac:privsvr-checksum"),
+                                   "urn:mspac:privsvr-checksum" } },
+    { KRB5_PAC_CLIENT_INFO,      { KV5M_DATA,
+                                   STRLENOF("urn:mspac:client-info"),
+                                   "urn:mspac:client-info" } },
+    { KRB5_PAC_DELEGATION_INFO,  { KV5M_DATA,
+                                   STRLENOF("urn:mspac:delegation-info"),
+                                   "urn:mspac:delegation-info" } },
+    { KRB5_PAC_UPN_DNS_INFO,     { KV5M_DATA,
+                                   STRLENOF("urn:mspac:upn-dns-info"),
+                                   "urn:mspac:upn-dns-info" } },
+};
+
+#define MSPAC_ATTRIBUTE_COUNT   (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0]))
+
+static krb5_error_code
+mspac_type2attr(uint32_t type, krb5_data *attr)
+{
+    unsigned int i;
+
+    for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) {
+        if (mspac_attribute_types[i].type == type) {
+            *attr = mspac_attribute_types[i].attribute;
+            return 0;
+        }
+    }
+
+    return ENOENT;
+}
+
+static krb5_error_code
+mspac_attr2type(const krb5_data *attr, uint32_t *type)
+{
+    unsigned int i;
+
+    for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) {
+        if (attr->length == mspac_attribute_types[i].attribute.length &&
+            strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) {
+            *type = mspac_attribute_types[i].type;
+            return 0;
+        }
+    }
+
+    if (attr->length > STRLENOF("urn:mspac:") &&
+        strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0)
+    {
+        char *p = &attr->data[STRLENOF("urn:mspac:")];
+        char *endptr;
+
+        *type = strtoul(p, &endptr, 10);
+        if (*type != 0 && *endptr == '\0')
+            return 0;
+    }
+
+    return ENOENT;
+}
+
+static krb5_error_code
+mspac_get_attribute_types(krb5_context context, krb5_authdata_context actx,
+                          void *plugin_context, void *request_context,
+                          krb5_data **attrs_out)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    unsigned int i, j;
+    krb5_data *attrs;
+    krb5_error_code ret;
+
+    if (pacctx->pac == NULL)
+        return ENOENT;
+
+    attrs = calloc(1 + pacctx->pac->nbuffers + 1, sizeof(krb5_data));
+    if (attrs == NULL)
+        return ENOMEM;
+
+    j = 0;
+
+    /* The entire PAC */
+    ret = krb5int_copy_data_contents(context,
+                                     &mspac_attribute_types[0].attribute,
+                                     &attrs[j++]);
+    if (ret)
+        goto fail;
+
+    /* PAC buffers */
+    for (i = 0; i < pacctx->pac->nbuffers; i++) {
+        krb5_data attr;
+
+        ret = mspac_type2attr(pacctx->pac->buffers[i].type, &attr);
+        if (!ret) {
+            ret = krb5int_copy_data_contents(context, &attr, &attrs[j++]);
+            if (ret)
+                goto fail;
+        } else {
+            int length;
+
+            length = asprintf(&attrs[j].data, "urn:mspac:%d",
+                              pacctx->pac->buffers[i].type);
+            if (length < 0) {
+                ret = ENOMEM;
+                goto fail;
+            }
+            attrs[j++].length = length;
+        }
+    }
+    attrs[j].data = NULL;
+    attrs[j].length = 0;
+
+    *attrs_out = attrs;
+
+    return 0;
+
+fail:
+    krb5int_free_data_list(context, attrs);
+    return ret;
+}
+
+static krb5_error_code
+mspac_get_attribute(krb5_context context, krb5_authdata_context actx,
+                    void *plugin_context, void *request_context,
+                    const krb5_data *attribute, krb5_boolean *authenticated,
+                    krb5_boolean *complete, krb5_data *value,
+                    krb5_data *display_value, int *more)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    krb5_error_code ret;
+    uint32_t type;
+
+    if (display_value != NULL) {
+        display_value->data = NULL;
+        display_value->length = 0;
+    }
+
+    if (*more != -1 || pacctx->pac == NULL)
+        return ENOENT;
+
+    /* If it didn't verify, pretend it didn't exist. */
+    if (!pacctx->pac->verified) {
+        TRACE_MSPAC_DISCARD_UNVERF(context);
+        return ENOENT;
+    }
+
+    ret = mspac_attr2type(attribute, &type);
+    if (ret)
+        return ret;
+
+    /* -1 is a magic type that refers to the entire PAC */
+    if (type == (uint32_t)-1) {
+        if (value != NULL)
+            ret = krb5int_copy_data_contents(context, &pacctx->pac->data,
+                                             value);
+        else
+            ret = 0;
+    } else {
+        if (value != NULL)
+            ret = krb5_pac_get_buffer(context, pacctx->pac, type, value);
+        else
+            ret = k5_pac_locate_buffer(context, pacctx->pac, type, NULL);
+    }
+    if (!ret) {
+        *authenticated = pacctx->pac->verified;
+        *complete = TRUE;
+    }
+
+    *more = 0;
+
+    return ret;
+}
+
+static krb5_error_code
+mspac_set_attribute(krb5_context context, krb5_authdata_context actx,
+                    void *plugin_context, void *request_context,
+                    krb5_boolean complete, const krb5_data *attribute,
+                    const krb5_data *value)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    krb5_error_code ret;
+    uint32_t type;
+
+    if (pacctx->pac == NULL)
+        return ENOENT;
+
+    ret = mspac_attr2type(attribute, &type);
+    if (ret)
+        return ret;
+
+    /* -1 is a magic type that refers to the entire PAC */
+    if (type == (uint32_t)-1) {
+        krb5_pac newpac;
+
+        ret = krb5_pac_parse(context, value->data, value->length, &newpac);
+        if (ret)
+            return ret;
+
+        krb5_pac_free(context, pacctx->pac);
+        pacctx->pac = newpac;
+    } else {
+        ret = krb5_pac_add_buffer(context, pacctx->pac, type, value);
+    }
+
+    return ret;
+}
+
+static krb5_error_code
+mspac_export_internal(krb5_context context, krb5_authdata_context actx,
+                      void *plugin_context, void *request_context,
+                      krb5_boolean restrict_authenticated, void **ptr)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    krb5_error_code ret;
+    krb5_pac pac;
+
+    *ptr = NULL;
+
+    if (pacctx->pac == NULL)
+        return ENOENT;
+
+    if (restrict_authenticated && (pacctx->pac->verified) == FALSE)
+        return ENOENT;
+
+    ret = krb5_pac_parse(context, pacctx->pac->data.data,
+                         pacctx->pac->data.length, &pac);
+    if (!ret) {
+        pac->verified = pacctx->pac->verified;
+        *ptr = pac;
+    }
+
+    return ret;
+}
+
+static void
+mspac_free_internal(krb5_context context, krb5_authdata_context actx,
+                    void *plugin_context, void *request_context, void *ptr)
+{
+    if (ptr != NULL)
+        krb5_pac_free(context, (krb5_pac)ptr);
+
+    return;
+}
+
+static krb5_error_code
+mspac_size(krb5_context context, krb5_authdata_context actx,
+           void *plugin_context, void *request_context, size_t *sizep)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+
+    *sizep += sizeof(int32_t);
+
+    if (pacctx->pac != NULL)
+        *sizep += pacctx->pac->data.length;
+
+    *sizep += sizeof(int32_t);
+
+    return 0;
+}
+
+static krb5_error_code
+mspac_externalize(krb5_context context, krb5_authdata_context actx,
+                  void *plugin_context, void *request_context,
+                  krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code ret = 0;
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    size_t required = 0;
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    if (pacctx->pac != NULL) {
+        mspac_size(context, actx, plugin_context, request_context, &required);
+
+        if (required <= remain) {
+            krb5_ser_pack_int32(pacctx->pac->data.length, &bp, &remain);
+            krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data,
+                                (size_t)pacctx->pac->data.length,
+                                &bp, &remain);
+            krb5_ser_pack_int32(pacctx->pac->verified, &bp, &remain);
+        } else {
+            ret = ENOMEM;
+        }
+    } else {
+        krb5_ser_pack_int32(0, &bp, &remain); /* length */
+        krb5_ser_pack_int32(0, &bp, &remain); /* verified */
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+
+    return ret;
+}
+
+static krb5_error_code
+mspac_internalize(krb5_context context, krb5_authdata_context actx,
+                  void *plugin_context, void *request_context,
+                  krb5_octet **buffer, size_t *lenremain)
+{
+    struct mspac_context *pacctx = (struct mspac_context *)request_context;
+    krb5_error_code ret;
+    int32_t ibuf;
+    uint8_t *bp;
+    size_t remain;
+    krb5_pac pac = NULL;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* length */
+    ret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+    if (ret)
+        return ret;
+
+    if (ibuf != 0) {
+        ret = krb5_pac_parse(context, bp, ibuf, &pac);
+        if (ret)
+            return ret;
+
+        bp += ibuf;
+        remain -= ibuf;
+    }
+
+    /* verified */
+    ret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+    if (ret) {
+        krb5_pac_free(context, pac);
+        return ret;
+    }
+
+    if (pac != NULL)
+        pac->verified = (ibuf != 0);
+
+    if (pacctx->pac != NULL)
+        krb5_pac_free(context, pacctx->pac);
+
+    pacctx->pac = pac;
+
+    *buffer = bp;
+    *lenremain = remain;
+
+    return 0;
+}
+
+static krb5_error_code
+mspac_copy(krb5_context context, krb5_authdata_context actx,
+           void *plugin_context, void *request_context,
+           void *dst_plugin_context, void *dst_request_context)
+{
+    struct mspac_context *srcctx = (struct mspac_context *)request_context;
+    struct mspac_context *dstctx = (struct mspac_context *)dst_request_context;
+    krb5_error_code ret = 0;
+
+    assert(dstctx != NULL);
+    assert(dstctx->pac == NULL);
+
+    if (srcctx->pac != NULL)
+        ret = copy_pac(context, srcctx->pac, &dstctx->pac);
+
+    return ret;
+}
+
+static krb5_authdatatype mspac_ad_types[] = { KRB5_AUTHDATA_WIN2K_PAC, 0 };
+
+krb5plugin_authdata_client_ftable_v0 k5_mspac_ad_client_ftable = {
+    "mspac",
+    mspac_ad_types,
+    mspac_init,
+    mspac_fini,
+    mspac_flags,
+    mspac_request_init,
+    mspac_request_fini,
+    mspac_get_attribute_types,
+    mspac_get_attribute,
+    mspac_set_attribute,
+    NULL, /* delete_attribute_proc */
+    mspac_export_authdata,
+    mspac_import_authdata,
+    mspac_export_internal,
+    mspac_free_internal,
+    mspac_verify,
+    mspac_size,
+    mspac_externalize,
+    mspac_internalize,
+    mspac_copy
+};
diff --git a/krb5-1.21.3/src/lib/krb5/krb/pac_sign.c b/krb5-1.21.3/src/lib/krb5/krb/pac_sign.c
new file mode 100644
index 00000000..36e1bf03
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/pac_sign.c
@@ -0,0 +1,425 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/pac_sign.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "authdata.h"
+
+/* draft-brezak-win2k-krb-authz-00 */
+
+static krb5_error_code
+insert_client_info(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+                   krb5_const_principal principal, krb5_boolean with_realm)
+{
+    krb5_error_code ret;
+    krb5_data client_info;
+    char *princ_name_utf8 = NULL;
+    uint8_t *princ_name_utf16 = NULL, *p;
+    size_t princ_name_utf16_len = 0;
+    uint64_t nt_authtime;
+    int flags = 0;
+
+    /* If we already have a CLIENT_INFO buffer, then just validate it */
+    if (k5_pac_locate_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
+                             &client_info) == 0) {
+        return k5_pac_validate_client(context, pac, authtime, principal,
+                                      with_realm);
+    }
+
+    if (!with_realm) {
+        flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
+    } else if (principal->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+        /* Avoid quoting the first @ sign for enterprise name with realm. */
+        flags |= KRB5_PRINCIPAL_UNPARSE_DISPLAY;
+    }
+
+    ret = krb5_unparse_name_flags(context, principal, flags, &princ_name_utf8);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_utf8_to_utf16le(princ_name_utf8, &princ_name_utf16,
+                             &princ_name_utf16_len);
+    if (ret)
+        goto cleanup;
+
+    client_info.length = PAC_CLIENT_INFO_LENGTH + princ_name_utf16_len;
+    client_info.data = NULL;
+
+    ret = k5_pac_add_buffer(context, pac, KRB5_PAC_CLIENT_INFO,
+                            &client_info, TRUE, &client_info);
+    if (ret)
+        goto cleanup;
+
+    p = (uint8_t *)client_info.data;
+
+    /* copy in authtime converted to a 64-bit NT time */
+    k5_seconds_since_1970_to_time(authtime, &nt_authtime);
+    store_64_le(nt_authtime, p);
+    p += 8;
+
+    /* copy in number of UTF-16 bytes in principal name */
+    store_16_le(princ_name_utf16_len, p);
+    p += 2;
+
+    /* copy in principal name */
+    memcpy(p, princ_name_utf16, princ_name_utf16_len);
+
+cleanup:
+    if (princ_name_utf16 != NULL)
+        free(princ_name_utf16);
+    krb5_free_unparsed_name(context, princ_name_utf8);
+
+    return ret;
+}
+
+static krb5_error_code
+insert_checksum(krb5_context context, krb5_pac pac, krb5_ui_4 type,
+                const krb5_keyblock *key, krb5_cksumtype *cksumtype)
+{
+    krb5_error_code ret;
+    size_t len;
+    krb5_data cksumdata;
+
+    ret = krb5int_c_mandatory_cksumtype(context, key->enctype, cksumtype);
+    if (ret)
+        return ret;
+
+    ret = krb5_c_checksum_length(context, *cksumtype, &len);
+    if (ret)
+        return ret;
+
+    ret = k5_pac_locate_buffer(context, pac, type, &cksumdata);
+    if (!ret) {
+        /*
+         * If we're resigning PAC, make sure we can fit checksum
+         * into existing buffer
+         */
+        if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len)
+            return ERANGE;
+
+        memset(cksumdata.data, 0, cksumdata.length);
+    } else {
+        /* Add a zero filled buffer */
+        cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len;
+        cksumdata.data = NULL;
+
+        ret = k5_pac_add_buffer(context, pac, type, &cksumdata, TRUE,
+                                &cksumdata);
+        if (ret)
+            return ret;
+    }
+
+    /* Encode checksum type into buffer */
+    store_32_le((krb5_ui_4)*cksumtype, cksumdata.data);
+
+    return 0;
+}
+
+/* in-place encoding of PAC header */
+static krb5_error_code
+encode_header(krb5_context context, krb5_pac pac)
+{
+    size_t i;
+    unsigned char *p;
+    size_t header_len;
+
+    header_len = PACTYPE_LENGTH + (pac->nbuffers * PAC_INFO_BUFFER_LENGTH);
+    assert(pac->data.length >= header_len);
+
+    p = (uint8_t *)pac->data.data;
+
+    store_32_le(pac->nbuffers, p);
+    p += 4;
+    store_32_le(pac->version, p);
+    p += 4;
+
+    for (i = 0; i < pac->nbuffers; i++) {
+        struct k5_pac_buffer *buffer = &pac->buffers[i];
+
+        store_32_le(buffer->type, p);
+        p += 4;
+        store_32_le(buffer->size, p);
+        p += 4;
+        store_64_le(buffer->offset, p);
+        p += 8;
+
+        assert((buffer->offset % PAC_ALIGNMENT) == 0);
+        assert(buffer->size < pac->data.length);
+        assert(buffer->offset <= pac->data.length - buffer->size);
+        assert(buffer->offset >= header_len);
+
+        if (buffer->offset % PAC_ALIGNMENT ||
+            buffer->size > pac->data.length ||
+            buffer->offset > pac->data.length - buffer->size ||
+            buffer->offset < header_len)
+            return ERANGE;
+    }
+
+    return 0;
+}
+
+/* Find the buffer of type buftype in pac and write within it a checksum of
+ * type cksumtype over data.  Set *cksum_out to the checksum. */
+static krb5_error_code
+compute_pac_checksum(krb5_context context, krb5_pac pac, uint32_t buftype,
+                     const krb5_keyblock *key, krb5_cksumtype cksumtype,
+                     const krb5_data *data, krb5_data *cksum_out)
+{
+    krb5_error_code ret;
+    krb5_data buf;
+    krb5_crypto_iov iov[2];
+
+    ret = k5_pac_locate_buffer(context, pac, buftype, &buf);
+    if (ret)
+        return ret;
+
+    assert(buf.length > PAC_SIGNATURE_DATA_LENGTH);
+    *cksum_out = make_data(buf.data + PAC_SIGNATURE_DATA_LENGTH,
+                           buf.length - PAC_SIGNATURE_DATA_LENGTH);
+    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[0].data = *data;
+    iov[1].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+    iov[1].data = *cksum_out;
+    return krb5_c_make_checksum_iov(context, cksumtype, key,
+                                    KRB5_KEYUSAGE_APP_DATA_CKSUM, iov, 2);
+}
+
+static krb5_error_code
+sign_pac(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+         krb5_const_principal principal, const krb5_keyblock *server_key,
+         const krb5_keyblock *privsvr_key, krb5_boolean with_realm,
+         krb5_boolean is_service_tkt, krb5_data *data)
+{
+    krb5_error_code ret;
+    krb5_data full_cksum, server_cksum, privsvr_cksum;
+    krb5_cksumtype server_cksumtype, privsvr_cksumtype;
+
+    data->length = 0;
+    data->data = NULL;
+
+    if (principal != NULL) {
+        ret = insert_client_info(context, pac, authtime, principal,
+                                 with_realm);
+        if (ret)
+            return ret;
+    }
+
+    /* Create zeroed buffers for all checksums. */
+    ret = insert_checksum(context, pac, KRB5_PAC_SERVER_CHECKSUM, server_key,
+                          &server_cksumtype);
+    if (ret)
+        return ret;
+    ret = insert_checksum(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM, privsvr_key,
+                          &privsvr_cksumtype);
+    if (ret)
+        return ret;
+    if (is_service_tkt) {
+        ret = insert_checksum(context, pac, KRB5_PAC_FULL_CHECKSUM,
+                              privsvr_key, &privsvr_cksumtype);
+        if (ret)
+            return ret;
+    }
+
+    /* Encode the PAC header so that the checksums will include it. */
+    ret = encode_header(context, pac);
+    if (ret)
+        return ret;
+
+    if (is_service_tkt) {
+        /* Generate a full KDC checksum over the whole PAC. */
+        ret = compute_pac_checksum(context, pac, KRB5_PAC_FULL_CHECKSUM,
+                                   privsvr_key, privsvr_cksumtype,
+                                   &pac->data, &full_cksum);
+        if (ret)
+            return ret;
+    }
+
+    /* Generate the server checksum over the whole PAC, including the full KDC
+     * checksum if we added one. */
+    ret = compute_pac_checksum(context, pac, KRB5_PAC_SERVER_CHECKSUM,
+                               server_key, server_cksumtype, &pac->data,
+                               &server_cksum);
+    if (ret)
+        return ret;
+
+    /* Generate the privsvr checksum over the server checksum buffer. */
+    ret = compute_pac_checksum(context, pac, KRB5_PAC_PRIVSVR_CHECKSUM,
+                               privsvr_key, privsvr_cksumtype, &server_cksum,
+                               &privsvr_cksum);
+    if (ret)
+        return ret;
+
+    data->data = k5memdup(pac->data.data, pac->data.length, &ret);
+    if (data->data == NULL)
+        return ret;
+    data->length = pac->data.length;
+
+    memset(pac->data.data, 0,
+           PACTYPE_LENGTH + (pac->nbuffers * PAC_INFO_BUFFER_LENGTH));
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+              krb5_const_principal principal, const krb5_keyblock *server_key,
+              const krb5_keyblock *privsvr_key, krb5_data *data)
+{
+    return sign_pac(context, pac, authtime, principal, server_key,
+                    privsvr_key, FALSE, FALSE, data);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_pac_sign_ext(krb5_context context, krb5_pac pac, krb5_timestamp authtime,
+                  krb5_const_principal principal,
+                  const krb5_keyblock *server_key,
+                  const krb5_keyblock *privsvr_key, krb5_boolean with_realm,
+                  krb5_data *data)
+{
+    return sign_pac(context, pac, authtime, principal, server_key, privsvr_key,
+                    with_realm, FALSE, data);
+}
+
+/* Add a signature over der_enc_tkt in privsvr to pac.  der_enc_tkt should be
+ * encoded with a dummy PAC authdata element containing a single zero byte. */
+static krb5_error_code
+add_ticket_signature(krb5_context context, const krb5_pac pac,
+                     krb5_data *der_enc_tkt, const krb5_keyblock *privsvr)
+{
+    krb5_error_code ret;
+    krb5_data ticket_cksum;
+    krb5_cksumtype ticket_cksumtype;
+    krb5_crypto_iov iov[2];
+
+    /* Create zeroed buffer for checksum. */
+    ret = insert_checksum(context, pac, KRB5_PAC_TICKET_CHECKSUM, privsvr,
+                          &ticket_cksumtype);
+    if (ret)
+        return ret;
+
+    ret = k5_pac_locate_buffer(context, pac, KRB5_PAC_TICKET_CHECKSUM,
+                               &ticket_cksum);
+    if (ret)
+        return ret;
+
+    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[0].data = *der_enc_tkt;
+    iov[1].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
+    iov[1].data = make_data(ticket_cksum.data + PAC_SIGNATURE_DATA_LENGTH,
+                            ticket_cksum.length - PAC_SIGNATURE_DATA_LENGTH);
+    ret = krb5_c_make_checksum_iov(context, ticket_cksumtype, privsvr,
+                                   KRB5_KEYUSAGE_APP_DATA_CKSUM, iov, 2);
+    if (ret)
+        return ret;
+
+    store_32_le(ticket_cksumtype, ticket_cksum.data);
+    return 0;
+}
+
+/* Set *out to an AD-IF-RELEVANT authdata element containing a PAC authdata
+ * element with contents pac_data. */
+static krb5_error_code
+encode_pac_ad(krb5_context context, krb5_data *pac_data, krb5_authdata **out)
+{
+    krb5_error_code ret;
+    krb5_authdata *container[2], **encoded_container = NULL;
+    krb5_authdata pac_ad = { KV5M_AUTHDATA, KRB5_AUTHDATA_WIN2K_PAC };
+    uint8_t z = 0;
+
+    pac_ad.contents = (pac_data != NULL) ? (uint8_t *)pac_data->data : &z;
+    pac_ad.length = (pac_data != NULL) ? pac_data->length : 1;
+    container[0] = &pac_ad;
+    container[1] = NULL;
+
+    ret = krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT,
+                                         container, &encoded_container);
+    if (ret)
+        return ret;
+
+    *out = encoded_container[0];
+    free(encoded_container);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kdc_sign_ticket(krb5_context context, krb5_enc_tkt_part *enc_tkt,
+                     const krb5_pac pac, krb5_const_principal server_princ,
+                     krb5_const_principal client_princ,
+                     const krb5_keyblock *server, const krb5_keyblock *privsvr,
+                     krb5_boolean with_realm)
+{
+    krb5_error_code ret;
+    krb5_data *der_enc_tkt = NULL, pac_data = empty_data();
+    krb5_authdata **list, *pac_ad;
+    krb5_boolean is_service_tkt;
+    size_t count;
+
+    /* Reallocate space for another authdata element in enc_tkt. */
+    list = enc_tkt->authorization_data;
+    for (count = 0; list != NULL && list[count] != NULL; count++);
+    list = realloc(enc_tkt->authorization_data, (count + 2) * sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    list[count] = NULL;
+    enc_tkt->authorization_data = list;
+
+    /* Create a dummy PAC for ticket signing and make it the first element. */
+    ret = encode_pac_ad(context, NULL, &pac_ad);
+    if (ret)
+        goto cleanup;
+    memmove(list + 1, list, (count + 1) * sizeof(*list));
+    list[0] = pac_ad;
+
+    is_service_tkt = k5_pac_should_have_ticket_signature(server_princ);
+    if (is_service_tkt) {
+        ret = encode_krb5_enc_tkt_part(enc_tkt, &der_enc_tkt);
+        if (ret)
+            goto cleanup;
+
+        assert(privsvr != NULL);
+        ret = add_ticket_signature(context, pac, der_enc_tkt, privsvr);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = sign_pac(context, pac, enc_tkt->times.authtime, client_princ, server,
+                   privsvr, with_realm, is_service_tkt, &pac_data);
+    if (ret)
+        goto cleanup;
+
+    /* Replace the dummy PAC with the signed real one. */
+    ret = encode_pac_ad(context, &pac_data, &pac_ad);
+    if (ret)
+        goto cleanup;
+    free(list[0]->contents);
+    free(list[0]);
+    list[0] = pac_ad;
+
+cleanup:
+    krb5_free_data(context, der_enc_tkt);
+    krb5_free_data_contents(context, &pac_data);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/padata.c b/krb5-1.21.3/src/lib/krb5/krb/padata.c
new file mode 100644
index 00000000..b307f8b2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/padata.c
@@ -0,0 +1,127 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/padata.c - utility functions for krb5_pa_data lists */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+krb5_pa_data *
+krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *pa_list,
+                     krb5_preauthtype pa_type)
+{
+    krb5_pa_data *const *pa;
+
+    for (pa = pa_list; pa != NULL && *pa != NULL; pa++) {
+        if ((*pa)->pa_type == pa_type)
+            return *pa;
+    }
+    return NULL;
+}
+
+krb5_error_code
+k5_alloc_pa_data(krb5_preauthtype pa_type, size_t len, krb5_pa_data **out)
+{
+    krb5_pa_data *pa;
+    uint8_t *buf = NULL;
+
+    *out = NULL;
+    if (len > 0) {
+        buf = malloc(len);
+        if (buf == NULL)
+            return ENOMEM;
+    }
+    pa = malloc(sizeof(*pa));
+    if (pa == NULL) {
+        free(buf);
+        return ENOMEM;
+    }
+    pa->magic = KV5M_PA_DATA;
+    pa->pa_type = pa_type;
+    pa->length = len;
+    pa->contents = buf;
+    *out = pa;
+    return 0;
+}
+
+void
+k5_free_pa_data_element(krb5_pa_data *pa)
+{
+    if (pa != NULL) {
+        free(pa->contents);
+        free(pa);
+    }
+}
+
+krb5_error_code
+k5_add_pa_data_element(krb5_pa_data ***list, krb5_pa_data **pa)
+{
+    size_t count;
+    krb5_pa_data **newlist;
+
+    for (count = 0; *list != NULL && (*list)[count] != NULL; count++);
+
+    newlist = realloc(*list, (count + 2) * sizeof(*newlist));
+    if (newlist == NULL)
+        return ENOMEM;
+    newlist[count] = *pa;
+    newlist[count + 1] = NULL;
+    *pa = NULL;
+    *list = newlist;
+    return 0;
+}
+
+krb5_error_code
+k5_add_pa_data_from_data(krb5_pa_data ***list, krb5_preauthtype pa_type,
+                         krb5_data *data)
+{
+    krb5_error_code ret;
+    krb5_pa_data *pa;
+
+    ret = k5_alloc_pa_data(pa_type, 0, &pa);
+    if (ret)
+        return ret;
+    pa->contents = (uint8_t *)data->data;
+    pa->length = data->length;
+    ret = k5_add_pa_data_element(list, &pa);
+    if (ret) {
+        free(pa);
+        return ret;
+    }
+    *data = empty_data();
+    return 0;
+}
+
+krb5_error_code
+k5_add_empty_pa_data(krb5_pa_data ***list, krb5_preauthtype pa_type)
+{
+    krb5_data empty = empty_data();
+
+    return k5_add_pa_data_from_data(list, pa_type, &empty);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/parse.c b/krb5-1.21.3/src/lib/krb5/krb/parse.c
new file mode 100644
index 00000000..953389b6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/parse.c
@@ -0,0 +1,238 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/parse.c - Parse strings into krb5_principals */
+/*
+ * Copyright 1990,1991,2008,2012 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * Scan name and allocate a shell principal with enough space in each field.
+ * If enterprise is true, use enterprise principal parsing rules.  Return
+ * KRB5_PARSE_MALFORMED if name is malformed.  Set *has_realm_out according to
+ * whether name contains a realm separator.
+ */
+static krb5_error_code
+allocate_princ(krb5_context context, const char *name, krb5_boolean enterprise,
+               krb5_principal *princ_out, krb5_boolean *has_realm_out)
+{
+    krb5_error_code ret;
+    const char *p;
+    krb5_boolean first_at = TRUE;
+    krb5_principal princ = NULL;
+    krb5_data *cur_data, *new_comps;
+    krb5_int32 i;
+
+    *princ_out = NULL;
+    *has_realm_out = FALSE;
+
+    /* Allocate a starting principal with one component. */
+    princ = k5alloc(sizeof(*princ), &ret);
+    if (princ == NULL)
+        goto cleanup;
+    princ->data = k5alloc(sizeof(*princ->data), &ret);
+    if (princ->data == NULL)
+        goto cleanup;
+    princ->realm = empty_data();
+    princ->data[0] = empty_data();
+    princ->length = 1;
+
+    cur_data = &princ->data[0];
+    for (p = name; *p != '\0'; p++) {
+        if (*p == '/' && !enterprise) {
+            /* Component separator (for non-enterprise principals).  We
+             * shouldn't see this in the realm name. */
+            if (cur_data == &princ->realm) {
+                ret = KRB5_PARSE_MALFORMED;
+                goto cleanup;
+            }
+            new_comps = realloc(princ->data,
+                                (princ->length + 1) * sizeof(*princ->data));
+            if (new_comps == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+            princ->data = new_comps;
+            princ->length++;
+            cur_data = &princ->data[princ->length - 1];
+            *cur_data = empty_data();
+        } else if (*p == '@' && (!enterprise || !first_at)) {
+            /* Realm separator.  In enterprise principals, the first one of
+             * these we see is part of the component. */
+            if (cur_data == &princ->realm) {
+                ret = KRB5_PARSE_MALFORMED;
+                goto cleanup;
+            }
+            cur_data = &princ->realm;
+        } else {
+            /* Component or realm character, possibly quoted.  Make note if
+             * we're seeing the first '@' in an enterprise principal. */
+            cur_data->length++;
+            if (*p == '@' && enterprise)
+                first_at = FALSE;
+            if (*p == '\\') {
+                /* Quote character can't be the last character of the name. */
+                if (*++p == '\0') {
+                    ret = KRB5_PARSE_MALFORMED;
+                    goto cleanup;
+                }
+            }
+        }
+    }
+
+    /* Allocate space for each component and the realm, with space for null
+     * terminators on each field. */
+    for (i = 0; i < princ->length; i++) {
+        princ->data[i].data = k5alloc(princ->data[i].length + 1, &ret);
+        if (princ->data[i].data == NULL)
+            goto cleanup;
+    }
+    princ->realm.data = k5alloc(princ->realm.length + 1, &ret);
+    if (princ->realm.data == NULL)
+        goto cleanup;
+
+    *princ_out = princ;
+    *has_realm_out = (cur_data == &princ->realm);
+    princ = NULL;
+cleanup:
+    krb5_free_principal(context, princ);
+    return ret;
+}
+
+/*
+ * Parse name into princ, assuming that name is correctly formed and that all
+ * principal fields are allocated to the correct length with zero-filled memory
+ * (so we get null-terminated fields without any extra work).  If enterprise is
+ * true, use enterprise principal parsing rules.
+ */
+static void
+parse_name_into_princ(const char *name, krb5_boolean enterprise,
+                      krb5_principal princ)
+{
+    const char *p;
+    char c;
+    krb5_boolean first_at = TRUE;
+    krb5_data *cur_data = princ->data;
+    unsigned int pos = 0;
+
+    for (p = name; *p != '\0'; p++) {
+        if (*p == '/' && !enterprise) {
+            /* Advance to the next component. */
+            assert(pos == cur_data->length);
+            assert(cur_data != &princ->realm);
+            assert(cur_data - princ->data + 1 < princ->length);
+            cur_data++;
+            pos = 0;
+        } else if (*p == '@' && (!enterprise || !first_at)) {
+            /* Advance to the realm. */
+            assert(pos == cur_data->length);
+            cur_data = &princ->realm;
+            pos = 0;
+        } else {
+            /* Add to the current component or to the realm. */
+            if (*p == '@' && enterprise)
+                first_at = FALSE;
+            c = *p;
+            if (c == '\\') {
+                c = *++p;
+                if (c == 'n')
+                    c = '\n';
+                else if (c == 't')
+                    c = '\t';
+                else if (c == 'b')
+                    c = '\b';
+                else if (c == '0')
+                    c = '\0';
+            }
+            assert(pos < cur_data->length);
+            cur_data->data[pos++] = c;
+        }
+    }
+    assert(pos == cur_data->length);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_parse_name_flags(krb5_context context, const char *name,
+                      int flags, krb5_principal *principal_out)
+{
+    krb5_error_code ret;
+    krb5_principal princ = NULL;
+    char *default_realm;
+    krb5_boolean has_realm;
+    krb5_boolean enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
+    krb5_boolean require_realm = (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM);
+    krb5_boolean no_realm = (flags & KRB5_PRINCIPAL_PARSE_NO_REALM);
+    krb5_boolean ignore_realm = (flags & KRB5_PRINCIPAL_PARSE_IGNORE_REALM);
+    krb5_boolean no_def_realm = (flags & KRB5_PRINCIPAL_PARSE_NO_DEF_REALM);
+
+    *principal_out = NULL;
+
+    ret = allocate_princ(context, name, enterprise, &princ, &has_realm);
+    if (ret)
+        goto cleanup;
+    parse_name_into_princ(name, enterprise, princ);
+
+    /* If a realm was not included, use the default realm, unless flags
+     * indicate otherwise. */
+    if (!has_realm) {
+        if (require_realm) {
+            ret = KRB5_PARSE_MALFORMED;
+            k5_setmsg(context, ret,
+                      _("Principal %s is missing required realm"), name);
+            goto cleanup;
+        }
+        if (!no_realm && !ignore_realm && !no_def_realm) {
+            ret = krb5_get_default_realm(context, &default_realm);
+            if (ret)
+                goto cleanup;
+            krb5_free_data_contents(context, &princ->realm);
+            princ->realm = string2data(default_realm);
+        }
+    } else if (no_realm) {
+        ret = KRB5_PARSE_MALFORMED;
+        k5_setmsg(context, ret, _("Principal %s has realm present"), name);
+        goto cleanup;
+    } else if (ignore_realm) {
+        krb5_free_data_contents(context, &princ->realm);
+        princ->realm = empty_data();
+    }
+
+    princ->type = (enterprise) ? KRB5_NT_ENTERPRISE_PRINCIPAL :
+        k5_infer_principal_type(princ);
+
+    princ->magic = KV5M_PRINCIPAL;
+    *principal_out = princ;
+    princ = NULL;
+
+cleanup:
+    krb5_free_principal(context, princ);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_parse_name(krb5_context context, const char *name,
+                krb5_principal *principal_out)
+{
+    return krb5_parse_name_flags(context, name, 0, principal_out);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/parse_host_string.c b/krb5-1.21.3/src/lib/krb5/krb/parse_host_string.c
new file mode 100644
index 00000000..ff6b0452
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/parse_host_string.c
@@ -0,0 +1,124 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/parse_host_string.c - Parse host strings into host and port */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include <ctype.h>
+
+/* Return true if s is composed solely of digits. */
+krb5_boolean
+k5_is_string_numeric(const char *s)
+{
+    if (*s == '\0')
+        return FALSE;
+
+    for (; *s != '\0'; s++) {
+        if (!isdigit(*s))
+            return FALSE;
+    }
+
+    return TRUE;
+}
+
+/*
+ * Parse a string containing a host specifier. The expected format for the
+ * string is:
+ *
+ * host[:port] or port
+ *
+ * host and port are optional, though one must be present.  host may have
+ * brackets around it for IPv6 addresses.
+ *
+ * Arguments:
+ * address - The address string that should be parsed.
+ * default_port - The default port to use if no port is found.
+ * host_out - An output pointer for the parsed host, or NULL if no host was
+ * specified or an error occurred.  Must be freed.
+ * port_out - An output pointer for the parsed port.  Will be 0 on error.
+ *
+ * Returns 0 on success, otherwise an error.
+ */
+krb5_error_code
+k5_parse_host_string(const char *address, int default_port, char **host_out,
+                     int *port_out)
+{
+    krb5_error_code ret;
+    int port_num;
+    const char *p, *host = NULL, *port = NULL;
+    char *endptr, *hostname = NULL;
+    size_t hostlen = 0;
+    unsigned long l;
+
+    *host_out = NULL;
+    *port_out = 0;
+
+    if (address == NULL || *address == '\0' || *address == ':')
+        return EINVAL;
+    if (default_port < 0 || default_port > 65535)
+        return EINVAL;
+
+    /* Find the bounds of the host string and the start of the port string. */
+    if (k5_is_string_numeric(address)) {
+        port = address;
+    } else if (*address == '[' && (p = strchr(address, ']')) != NULL) {
+        host = address + 1;
+        hostlen = p - host;
+        if (*(p + 1) == ':')
+            port = p + 2;
+    } else {
+        host = address;
+        hostlen = strcspn(host, " \t:");
+        if (host[hostlen] == ':')
+            port = host + hostlen + 1;
+    }
+
+    /* Parse the port number, or use the default port. */
+    if (port != NULL) {
+        errno = 0;
+        l = strtoul(port, &endptr, 10);
+        if (errno || endptr == port || *endptr != '\0' || l > 65535)
+            return EINVAL;
+        port_num = l;
+    } else {
+        port_num = default_port;
+    }
+
+    /* Copy the host if it was specified. */
+    if (host != NULL) {
+        hostname = k5memdup0(host, hostlen, &ret);
+        if (hostname == NULL)
+            return ENOMEM;
+    }
+
+    *host_out = hostname;
+    *port_out = port_num;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/plugin.c b/krb5-1.21.3/src/lib/krb5/krb/plugin.c
new file mode 100644
index 00000000..3bb7a38d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/plugin.c
@@ -0,0 +1,511 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/plugin.c - Plugin framework functions */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * A plugin_mapping structure maps a module name to a built-in or dynamic
+ * module.  modname is always present; the other three fields can be in four
+ * different states:
+ *
+ * - If dyn_path and dyn_handle are null but module is set, the mapping is to a
+ *   built-in module.
+ * - If dyn_path is set but dyn_handle and module are null, the mapping is to a
+ *   dynamic module which hasn't been loaded yet.
+ * - If all three fields are set, the mapping is to a dynamic module which has
+ *   been loaded and is ready to use.
+ * - If all three fields are null, the mapping is to a dynamic module which
+ *   failed to load and should be ignored.
+ */
+struct plugin_mapping {
+    char *modname;
+    char *dyn_path;
+    struct plugin_file_handle *dyn_handle;
+    krb5_plugin_initvt_fn module;
+};
+
+const char *interface_names[] = {
+    "pwqual",
+    "kadm5_hook",
+    "clpreauth",
+    "kdcpreauth",
+    "ccselect",
+    "localauth",
+    "hostrealm",
+    "audit",
+    "tls",
+    "kdcauthdata",
+    "certauth",
+    "kadm5_auth",
+    "kdcpolicy",
+};
+
+/* Return the context's interface structure for id, or NULL if invalid. */
+static inline struct plugin_interface *
+get_interface(krb5_context context, int id)
+{
+    if (context == NULL || id < 0 || id >= PLUGIN_NUM_INTERFACES)
+        return NULL;
+    return &context->plugins[id];
+}
+
+/* Release the memory associated with the mapping list entry map. */
+static void
+free_plugin_mapping(struct plugin_mapping *map)
+{
+    if (map == NULL)
+        return;
+    free(map->modname);
+    free(map->dyn_path);
+    if (map->dyn_handle != NULL)
+        krb5int_close_plugin(map->dyn_handle);
+    free(map);
+}
+
+static void
+free_mapping_list(struct plugin_mapping **list)
+{
+    struct plugin_mapping **mp;
+
+    for (mp = list; mp != NULL && *mp != NULL; mp++)
+        free_plugin_mapping(*mp);
+    free(list);
+}
+
+/* Construct a plugin mapping object.  path may be NULL (for a built-in
+ * module), or may be relative to the plugin base directory. */
+static krb5_error_code
+make_plugin_mapping(krb5_context context, const char *name, size_t namelen,
+                    const char *path, krb5_plugin_initvt_fn module,
+                    struct plugin_mapping **map_out)
+{
+    krb5_error_code ret;
+    struct plugin_mapping *map = NULL;
+
+    /* Create the mapping entry. */
+    map = k5alloc(sizeof(*map), &ret);
+    if (map == NULL)
+        return ret;
+
+    map->modname = k5memdup0(name, namelen, &ret);
+    if (map->modname == NULL)
+        goto oom;
+    if (path != NULL) {
+        if (k5_path_join(context->plugin_base_dir, path, &map->dyn_path))
+            goto oom;
+    }
+    map->module = module;
+    *map_out = map;
+    return 0;
+
+oom:
+    free_plugin_mapping(map);
+    return ENOMEM;
+}
+
+/*
+ * Register a mapping from modname to either dyn_path (for an auto-registered
+ * dynamic module) or to module (for a builtin module).  dyn_path may be
+ * relative to the plugin base directory.
+ */
+static krb5_error_code
+register_module(krb5_context context, struct plugin_interface *interface,
+                const char *modname, const char *dyn_path,
+                krb5_plugin_initvt_fn module)
+{
+    struct plugin_mapping **list;
+    size_t count;
+
+    /* Allocate list space for another element and a terminator. */
+    list = interface->modules;
+    for (count = 0; list != NULL && list[count] != NULL; count++);
+    list = realloc(interface->modules, (count + 2) * sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    list[count] = list[count + 1] = NULL;
+    interface->modules = list;
+
+    /* Create a new mapping structure and add it to the list. */
+    return make_plugin_mapping(context, modname, strlen(modname), dyn_path,
+                               module, &list[count]);
+}
+
+/* Parse a profile module string of the form "modname:modpath" into a mapping
+ * entry. */
+static krb5_error_code
+parse_modstr(krb5_context context, const char *modstr,
+             struct plugin_mapping **map_out)
+{
+    const char *sep;
+
+    *map_out = NULL;
+
+    sep = strchr(modstr, ':');
+    if (sep == NULL) {
+        k5_setmsg(context, KRB5_PLUGIN_BAD_MODULE_SPEC,
+                  _("Invalid module specifier %s"), modstr);
+        return KRB5_PLUGIN_BAD_MODULE_SPEC;
+    }
+
+    return make_plugin_mapping(context, modstr, sep - modstr, sep + 1, NULL,
+                               map_out);
+}
+
+/* Return true if value is found in list. */
+static krb5_boolean
+find_in_list(char **list, const char *value)
+{
+    for (; *list != NULL; list++) {
+        if (strcmp(*list, value) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Get the list of values for the profile variable varname in the section for
+ * interface id, or NULL if no values are set. */
+static krb5_error_code
+get_profile_var(krb5_context context, int id, const char *varname, char ***out)
+{
+    krb5_error_code ret;
+    const char *path[4];
+
+    *out = NULL;
+    path[0] = KRB5_CONF_PLUGINS;
+    path[1] = interface_names[id];
+    path[2] = varname;
+    path[3] = NULL;
+    ret = profile_get_values(context->profile, path, out);
+    return (ret == PROF_NO_RELATION) ? 0 : ret;
+}
+
+/* Expand *list_inout to contain the mappings from modstrs, followed by the
+ * existing built-in module mappings. */
+static krb5_error_code
+make_full_list(krb5_context context, char **modstrs,
+               struct plugin_mapping ***list_inout)
+{
+    krb5_error_code ret = 0;
+    size_t count, pos, i, j;
+    struct plugin_mapping **list, **mp;
+    char **mod;
+
+    /* Allocate space for all of the modules plus a null terminator. */
+    for (count = 0; modstrs[count] != NULL; count++);
+    for (mp = *list_inout; mp != NULL && *mp != NULL; mp++, count++);
+    list = calloc(count + 1, sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+
+    /* Parse each profile module entry and store it in the list. */
+    for (mod = modstrs, pos = 0; *mod != NULL; mod++, pos++) {
+        ret = parse_modstr(context, *mod, &list[pos]);
+        if (ret != 0) {
+            free_mapping_list(list);
+            return ret;
+        }
+    }
+
+    /* Cannibalize the old list of built-in modules. */
+    for (mp = *list_inout; mp != NULL && *mp != NULL; mp++, pos++)
+        list[pos] = *mp;
+    assert(pos == count);
+
+    /* Filter out duplicates, preferring earlier entries to later ones. */
+    for (i = 0, pos = 0; i < count; i++) {
+        for (j = 0; j < pos; j++) {
+            if (strcmp(list[i]->modname, list[j]->modname) == 0) {
+                free_plugin_mapping(list[i]);
+                break;
+            }
+        }
+        if (j == pos)
+            list[pos++] = list[i];
+    }
+    list[pos] = NULL;
+
+    free(*list_inout);
+    *list_inout = list;
+    return 0;
+}
+
+/* Remove any entries from list which match values in disabled. */
+static void
+remove_disabled_modules(struct plugin_mapping **list, char **disable)
+{
+    struct plugin_mapping **in, **out;
+
+    out = list;
+    for (in = list; *in != NULL; in++) {
+        if (find_in_list(disable, (*in)->modname))
+            free_plugin_mapping(*in);
+        else
+            *out++ = *in;
+    }
+    *out = NULL;
+}
+
+/* Modify list to include only the entries matching strings in enable, in
+ * the order they are listed there. */
+static void
+filter_enabled_modules(struct plugin_mapping **list, char **enable)
+{
+    size_t count, i, pos = 0;
+    struct plugin_mapping *tmp;
+
+    /* Count the number of existing entries. */
+    for (count = 0; list[count] != NULL; count++);
+
+    /* For each string in enable, look for a matching module. */
+    for (; *enable != NULL; enable++) {
+        for (i = pos; i < count; i++) {
+            if (strcmp(list[i]->modname, *enable) == 0) {
+                /* Swap the matching module into the next result position. */
+                tmp = list[pos];
+                list[pos++] = list[i];
+                list[i] = tmp;
+                break;
+            }
+        }
+    }
+
+    /* Free all mappings which didn't match and terminate the list. */
+    for (i = pos; i < count; i++)
+        free_plugin_mapping(list[i]);
+    list[pos] = NULL;
+}
+
+/* Ensure that a plugin interface is configured.  id must be valid. */
+static krb5_error_code
+configure_interface(krb5_context context, int id)
+{
+    krb5_error_code ret;
+    struct plugin_interface *interface = &context->plugins[id];
+    char **modstrs = NULL, **enable = NULL, **disable = NULL;
+
+    if (interface->configured)
+        return 0;
+
+    /* Detect consistency errors when plugin interfaces are added. */
+    assert(sizeof(interface_names) / sizeof(*interface_names) ==
+           PLUGIN_NUM_INTERFACES);
+
+    /* Get profile variables for this interface. */
+    ret = get_profile_var(context, id, KRB5_CONF_MODULE, &modstrs);
+    if (ret)
+        goto cleanup;
+    ret = get_profile_var(context, id, KRB5_CONF_DISABLE, &disable);
+    if (ret)
+        goto cleanup;
+    ret = get_profile_var(context, id, KRB5_CONF_ENABLE_ONLY, &enable);
+    if (ret)
+        goto cleanup;
+
+    /* Create the full list of dynamic and built-in modules. */
+    if (modstrs != NULL) {
+        ret = make_full_list(context, modstrs, &interface->modules);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Remove disabled modules. */
+    if (disable != NULL)
+        remove_disabled_modules(interface->modules, disable);
+
+    /* Filter and re-order the list according to enable-modules. */
+    if (enable != NULL)
+        filter_enabled_modules(interface->modules, enable);
+
+cleanup:
+    profile_free_list(modstrs);
+    profile_free_list(enable);
+    profile_free_list(disable);
+    return ret;
+}
+
+/* If map is for a dynamic module which hasn't been loaded yet, attempt to load
+ * it.  Only try to load a module once. */
+static void
+load_if_needed(krb5_context context, struct plugin_mapping *map,
+               const char *iname)
+{
+    krb5_error_code ret;
+    char *symname = NULL;
+    struct plugin_file_handle *handle = NULL;
+    void (*initvt_fn)();
+
+    if (map->module != NULL || map->dyn_path == NULL)
+        return;
+    if (asprintf(&symname, "%s_%s_initvt", iname, map->modname) < 0)
+        return;
+
+    ret = krb5int_open_plugin(map->dyn_path, &handle, &context->err);
+    if (ret) {
+        TRACE_PLUGIN_LOAD_FAIL(context, map->modname, ret);
+        goto err;
+    }
+
+    ret = krb5int_get_plugin_func(handle, symname, &initvt_fn, &context->err);
+    if (ret) {
+        TRACE_PLUGIN_LOOKUP_FAIL(context, map->modname, ret);
+        goto err;
+    }
+
+    free(symname);
+    map->dyn_handle = handle;
+    map->module = (krb5_plugin_initvt_fn)initvt_fn;
+    return;
+
+err:
+    /* Clean up, and also null out map->dyn_path so we don't try again. */
+    if (handle != NULL)
+        krb5int_close_plugin(handle);
+    free(symname);
+    free(map->dyn_path);
+    map->dyn_path = NULL;
+}
+
+krb5_error_code
+k5_plugin_load(krb5_context context, int interface_id, const char *modname,
+               krb5_plugin_initvt_fn *module)
+{
+    krb5_error_code ret;
+    struct plugin_interface *interface = get_interface(context, interface_id);
+    struct plugin_mapping **mp, *map;
+
+    if (interface == NULL)
+        return EINVAL;
+    ret = configure_interface(context, interface_id);
+    if (ret != 0)
+        return ret;
+    for (mp = interface->modules; mp != NULL && *mp != NULL; mp++) {
+        map = *mp;
+        if (strcmp(map->modname, modname) == 0) {
+            load_if_needed(context, map, interface_names[interface_id]);
+            if (map->module != NULL) {
+                *module = map->module;
+                return 0;
+            }
+            break;
+        }
+    }
+    k5_setmsg(context, KRB5_PLUGIN_NAME_NOTFOUND,
+              _("Could not find %s plugin module named '%s'"),
+              interface_names[interface_id], modname);
+    return KRB5_PLUGIN_NAME_NOTFOUND;
+}
+
+krb5_error_code
+k5_plugin_load_all(krb5_context context, int interface_id,
+                   krb5_plugin_initvt_fn **modules)
+{
+    krb5_error_code ret;
+    struct plugin_interface *interface = get_interface(context, interface_id);
+    struct plugin_mapping **mp, *map;
+    krb5_plugin_initvt_fn *list;
+    size_t count;
+
+    if (interface == NULL)
+        return EINVAL;
+    ret = configure_interface(context, interface_id);
+    if (ret != 0)
+        return ret;
+
+    /* Count the modules and allocate a list to hold them. */
+    mp = interface->modules;
+    for (count = 0; mp != NULL && mp[count] != NULL; count++);
+    list = calloc(count + 1, sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+
+    /* Place each module's initvt function into list. */
+    count = 0;
+    for (mp = interface->modules; mp != NULL && *mp != NULL; mp++) {
+        map = *mp;
+        load_if_needed(context, map, interface_names[interface_id]);
+        if (map->module != NULL)
+            list[count++] = map->module;
+    }
+
+    *modules = list;
+    return 0;
+}
+
+void
+k5_plugin_free_modules(krb5_context context, krb5_plugin_initvt_fn *modules)
+{
+    free(modules);
+}
+
+krb5_error_code
+k5_plugin_register(krb5_context context, int interface_id, const char *modname,
+                   krb5_plugin_initvt_fn module)
+{
+    struct plugin_interface *interface = get_interface(context, interface_id);
+
+    if (interface == NULL)
+        return EINVAL;
+
+    /* Disallow registering plugins after load.  We may need to reconsider
+     * this, but it simplifies the design. */
+    if (interface->configured)
+        return EINVAL;
+
+    return register_module(context, interface, modname, NULL, module);
+}
+
+krb5_error_code
+k5_plugin_register_dyn(krb5_context context, int interface_id,
+                       const char *modname, const char *modsubdir)
+{
+    krb5_error_code ret;
+    struct plugin_interface *interface = get_interface(context, interface_id);
+    char *fname, *path;
+
+    /* Disallow registering plugins after load. */
+    if (interface == NULL || interface->configured)
+        return EINVAL;
+
+    if (asprintf(&fname, "%s%s", modname, PLUGIN_EXT) < 0)
+        return ENOMEM;
+    ret = k5_path_join(modsubdir, fname, &path);
+    free(fname);
+    if (ret)
+        return ret;
+    ret = register_module(context, interface, modname, path, NULL);
+    free(path);
+    return ret;
+}
+
+void
+k5_plugin_free_context(krb5_context context)
+{
+    int i;
+
+    for (i = 0; i < PLUGIN_NUM_INTERFACES; i++)
+        free_mapping_list(context->plugins[i].modules);
+    memset(context->plugins, 0, sizeof(context->plugins));
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/pr_to_salt.c b/krb5-1.21.3/src/lib/krb5/krb/pr_to_salt.c
new file mode 100644
index 00000000..7bcb6276
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/pr_to_salt.c
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/pr_to_salt.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+static krb5_error_code
+principal2salt_internal(krb5_context, krb5_const_principal,
+                        krb5_data *ret, int);
+
+/*
+ * Convert a krb5_principal into the default salt for that principal.
+ */
+static krb5_error_code
+principal2salt_internal(krb5_context context, krb5_const_principal pr,
+                        krb5_data *ret, int use_realm)
+{
+    unsigned int size = 0, offset=0;
+    krb5_int32 i;
+
+    *ret = empty_data();
+    if (pr == NULL)
+        return 0;
+
+    if (use_realm)
+        size += pr->realm.length;
+
+    for (i = 0; i < pr->length; i++)
+        size += pr->data[i].length;
+
+    if (alloc_data(ret, size))
+        return ENOMEM;
+
+    if (use_realm) {
+        offset = pr->realm.length;
+        if (offset > 0)
+            memcpy(ret->data, pr->realm.data, offset);
+    }
+
+    for (i = 0; i < pr->length; i++) {
+        if (pr->data[i].length > 0)
+            memcpy(&ret->data[offset], pr->data[i].data, pr->data[i].length);
+        offset += pr->data[i].length;
+    }
+    return 0;
+}
+
+krb5_error_code
+krb5_principal2salt(krb5_context context, krb5_const_principal pr,
+                    krb5_data *ret)
+{
+    return principal2salt_internal(context, pr, ret, 1);
+}
+
+krb5_error_code
+krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr,
+                            krb5_data *ret)
+{
+    return principal2salt_internal(context, pr, ret, 0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/preauth2.c b/krb5-1.21.3/src/lib/krb5/krb/preauth2.c
new file mode 100644
index 00000000..32f35b76
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/preauth2.c
@@ -0,0 +1,1068 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1995, 2003, 2008, 2012 by the Massachusetts Institute of Technology.  All
+ * Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ * This file contains routines for establishing, verifying, and any other
+ * necessary functions, for utilizing the pre-authentication field of the
+ * kerberos kdc request, with various hardware/software verification devices.
+ */
+
+#include "k5-int.h"
+#include "k5-json.h"
+#include "osconf.h"
+#include <krb5/clpreauth_plugin.h>
+#include "int-proto.h"
+#include "os-proto.h"
+#include "fast.h"
+#include "init_creds_ctx.h"
+
+#if !defined(_WIN32)
+#include <unistd.h>
+#endif
+
+typedef struct {
+    struct krb5_clpreauth_vtable_st vt;
+    krb5_clpreauth_moddata data;
+} *clpreauth_handle;
+
+struct krb5_preauth_context_st {
+    clpreauth_handle *handles;
+};
+
+struct krb5_preauth_req_context_st {
+    krb5_context orig_context;
+    krb5_preauthtype *failed;
+    krb5_clpreauth_modreq *modreqs;
+};
+
+/* Release the memory used by a list of handles. */
+static void
+free_handles(krb5_context context, clpreauth_handle *handles)
+{
+    clpreauth_handle *hp, h;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.fini != NULL)
+            h->vt.fini(context, h->data);
+        free(h);
+    }
+    free(handles);
+}
+
+/* Return an index into handles which can process pa_type, or -1 if none is
+ * found found. */
+static int
+search_module_list(clpreauth_handle *handles, krb5_preauthtype pa_type)
+{
+    clpreauth_handle h;
+    int i, j;
+
+    for (i = 0; handles[i] != NULL; i++) {
+        h = handles[i];
+        for (j = 0; h->vt.pa_type_list[j] != 0; j++) {
+            if (h->vt.pa_type_list[j] == pa_type)
+                return i;
+        }
+    }
+    return -1;
+}
+
+/* Find the handle which can process pa_type, or NULL if none is found.  On
+ * success, set *modreq_out to the corresponding per-request module data. */
+static clpreauth_handle
+find_module(krb5_context context, krb5_init_creds_context ctx,
+            krb5_preauthtype pa_type, krb5_clpreauth_modreq *modreq_out)
+{
+    krb5_preauth_context pctx = context->preauth_context;
+    krb5_preauth_req_context reqctx = ctx->preauth_reqctx;
+    int i;
+
+    *modreq_out = NULL;
+    if (pctx == NULL || reqctx == NULL)
+        return NULL;
+
+    i = search_module_list(pctx->handles, pa_type);
+    if (i == -1)
+        return NULL;
+
+    *modreq_out = reqctx->modreqs[i];
+    return pctx->handles[i];
+}
+
+/* Initialize the preauth state for a krb5 context. */
+void
+k5_init_preauth_context(krb5_context context)
+{
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    clpreauth_handle *list = NULL, h;
+    int i;
+    size_t count;
+    krb5_preauthtype *tp;
+
+    /* Only do this once for each krb5_context */
+    if (context->preauth_context != NULL)
+        return;
+
+    /* Auto-register built-in modules. */
+    k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "pkinit",
+                           "preauth");
+    k5_plugin_register_dyn(context, PLUGIN_INTERFACE_CLPREAUTH, "spake",
+                           "preauth");
+    k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH,
+                       "encrypted_challenge",
+                       clpreauth_encrypted_challenge_initvt);
+    k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH,
+                       "encrypted_timestamp",
+                       clpreauth_encrypted_timestamp_initvt);
+    k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH, "sam2",
+                       clpreauth_sam2_initvt);
+    k5_plugin_register(context, PLUGIN_INTERFACE_CLPREAUTH, "otp",
+                       clpreauth_otp_initvt);
+
+    /* Get all available clpreauth vtables. */
+    if (k5_plugin_load_all(context, PLUGIN_INTERFACE_CLPREAUTH, &modules))
+        return;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = calloc(count + 1, sizeof(*list));
+    if (list == NULL)
+        goto cleanup;
+
+    /* Create a handle for each module we can successfully initialize. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        h = calloc(1, sizeof(*h));
+        if (h == NULL)
+            goto cleanup;
+
+        /* Initialize the handle vtable. */
+        if ((*mod)(context, 1, 1, (krb5_plugin_vtable)&h->vt) != 0) {
+            free(h);
+            continue;
+        }
+
+        /* Check for a preauth type conflict with an existing module. */
+        for (tp = h->vt.pa_type_list; *tp != 0; tp++) {
+            i = search_module_list(list, *tp);
+            if (i != -1) {
+                TRACE_PREAUTH_CONFLICT(context, h->vt.name, list[i]->vt.name,
+                                       *tp);
+                break;
+            }
+        }
+        if (*tp != 0)
+            continue;
+
+        /* Initialize the module data. */
+        h->data = NULL;
+        if (h->vt.init != NULL && h->vt.init(context, &h->data) != 0) {
+            free(h);
+            continue;
+        }
+        list[count++] = h;
+        list[count] = NULL;
+    }
+    list[count] = NULL;
+
+    /* Place the constructed preauth context into the krb5 context. */
+    context->preauth_context = malloc(sizeof(*context->preauth_context));
+    if (context->preauth_context == NULL)
+        goto cleanup;
+    context->preauth_context->handles = list;
+    list = NULL;
+
+cleanup:
+    k5_plugin_free_modules(context, modules);
+    free_handles(context, list);
+}
+
+/* Add pa_type to the list of types which has previously failed. */
+krb5_error_code
+k5_preauth_note_failed(krb5_init_creds_context ctx, krb5_preauthtype pa_type)
+{
+    krb5_preauth_req_context reqctx = ctx->preauth_reqctx;
+    krb5_preauthtype *newptr;
+    size_t i;
+
+    for (i = 0; reqctx->failed != NULL && reqctx->failed[i] != 0; i++);
+    newptr = realloc(reqctx->failed, (i + 2) * sizeof(*newptr));
+    if (newptr == NULL)
+        return ENOMEM;
+    reqctx->failed = newptr;
+    reqctx->failed[i] = pa_type;
+    reqctx->failed[i + 1] = 0;
+    return 0;
+}
+
+/* Free the per-krb5_context preauth_context. This means clearing any
+ * plugin-specific context which may have been created, and then
+ * freeing the context itself. */
+void
+k5_free_preauth_context(krb5_context context)
+{
+    krb5_preauth_context pctx = context->preauth_context;
+
+    if (pctx == NULL)
+        return;
+    free_handles(context, pctx->handles);
+    free(pctx);
+    context->preauth_context = NULL;
+}
+
+/* Initialize the per-AS-REQ context. This means calling the client_req_init
+ * function to give the plugin a chance to allocate a per-request context. */
+void
+k5_preauth_request_context_init(krb5_context context,
+                                krb5_init_creds_context ctx)
+{
+    krb5_preauth_context pctx = context->preauth_context;
+    clpreauth_handle h;
+    krb5_preauth_req_context reqctx;
+    size_t count, i;
+
+    if (pctx == NULL) {
+        k5_init_preauth_context(context);
+        pctx = context->preauth_context;
+        if (pctx == NULL)
+            return;
+    }
+
+    reqctx = calloc(1, sizeof(*reqctx));
+    if (reqctx == NULL)
+        return;
+    reqctx->orig_context = context;
+
+    /* Create an array of per-request module data objects corresponding to the
+     * preauth context's array of handles. */
+    for (count = 0; pctx->handles[count] != NULL; count++);
+    reqctx->modreqs = calloc(count, sizeof(*reqctx->modreqs));
+    if (reqctx->modreqs == NULL) {
+        free(reqctx);
+        return;
+    }
+    for (i = 0; i < count; i++) {
+        h = pctx->handles[i];
+        if (h->vt.request_init != NULL)
+            h->vt.request_init(context, h->data, &reqctx->modreqs[i]);
+    }
+    ctx->preauth_reqctx = reqctx;
+}
+
+/* Free the per-AS-REQ context. This means clearing any request-specific
+ * context which the plugin may have created. */
+void
+k5_preauth_request_context_fini(krb5_context context,
+                                krb5_init_creds_context ctx)
+{
+    krb5_preauth_context pctx = context->preauth_context;
+    krb5_preauth_req_context reqctx = ctx->preauth_reqctx;
+    size_t i;
+    clpreauth_handle h;
+
+    if (reqctx == NULL)
+        return;
+    if (reqctx->orig_context == context && pctx != NULL) {
+        for (i = 0; pctx->handles[i] != NULL; i++) {
+            h = pctx->handles[i];
+            if (reqctx->modreqs[i] != NULL && h->vt.request_fini != NULL)
+                h->vt.request_fini(context, h->data, reqctx->modreqs[i]);
+        }
+    } else {
+        TRACE_PREAUTH_WRONG_CONTEXT(context);
+    }
+    free(reqctx->modreqs);
+    free(reqctx->failed);
+    free(reqctx);
+    ctx->preauth_reqctx = NULL;
+}
+
+krb5_error_code
+k5_preauth_check_context(krb5_context context, krb5_init_creds_context ctx)
+{
+    krb5_preauth_req_context reqctx = ctx->preauth_reqctx;
+
+    if (reqctx != NULL && reqctx->orig_context != context) {
+        k5_setmsg(context, EINVAL,
+                  _("krb5_init_creds calls must use same library context"));
+        return EINVAL;
+    }
+    return 0;
+}
+
+/* Return 1 if pa_type is a real preauthentication mechanism according to the
+ * module h.  Return 0 if it is not. */
+static int
+clpreauth_is_real(krb5_context context, clpreauth_handle h,
+                  krb5_preauthtype pa_type)
+{
+    if (h->vt.flags == NULL)
+        return 1;
+    return (h->vt.flags(context, pa_type) & PA_REAL) != 0;
+}
+
+static krb5_error_code
+clpreauth_prep_questions(krb5_context context, clpreauth_handle h,
+                         krb5_clpreauth_modreq modreq,
+                         krb5_get_init_creds_opt *opt,
+                         krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                         krb5_kdc_req *req, krb5_data *req_body,
+                         krb5_data *prev_req, krb5_pa_data *pa_data)
+{
+    if (h->vt.prep_questions == NULL)
+        return 0;
+    return h->vt.prep_questions(context, h->data, modreq, opt, cb, rock, req,
+                                req_body, prev_req, pa_data);
+}
+
+static krb5_error_code
+clpreauth_process(krb5_context context, clpreauth_handle h,
+                  krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+                  krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                  krb5_kdc_req *req, krb5_data *req_body, krb5_data *prev_req,
+                  krb5_pa_data *pa_data, krb5_prompter_fct prompter,
+                  void *prompter_data, krb5_pa_data ***pa_data_out)
+{
+    return h->vt.process(context, h->data, modreq, opt, cb, rock, req,
+                         req_body, prev_req, pa_data, prompter, prompter_data,
+                         pa_data_out);
+}
+
+static krb5_error_code
+clpreauth_tryagain(krb5_context context, clpreauth_handle h,
+                   krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+                   krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                   krb5_kdc_req *req, krb5_data *req_body, krb5_data *prev_req,
+                   krb5_preauthtype pa_type, krb5_error *error,
+                   krb5_pa_data **error_padata, krb5_prompter_fct prompter,
+                   void *prompter_data, krb5_pa_data ***pa_data_out)
+{
+    if (h->vt.tryagain == NULL)
+        return 0;
+    return h->vt.tryagain(context, h->data, modreq, opt, cb, rock, req,
+                          req_body, prev_req, pa_type, error, error_padata,
+                          prompter, prompter_data, pa_data_out);
+}
+
+static krb5_error_code
+clpreauth_gic_opts(krb5_context context, clpreauth_handle h,
+                   krb5_get_init_creds_opt *opt, const char *attr,
+                   const char *value)
+{
+    if (h->vt.gic_opts == NULL)
+        return 0;
+    return h->vt.gic_opts(context, h->data, opt, attr, value);
+}
+
+/* Add the named encryption type to the existing list of ktypes. */
+static void
+grow_ktypes(krb5_enctype **out_ktypes, int *out_nktypes, krb5_enctype ktype)
+{
+    int i;
+    krb5_enctype *ktypes;
+
+    for (i = 0; i < *out_nktypes; i++) {
+        if ((*out_ktypes)[i] == ktype)
+            return;
+    }
+    ktypes = realloc(*out_ktypes, (*out_nktypes + 2) * sizeof(ktype));
+    if (ktypes != NULL) {
+        *out_ktypes = ktypes;
+        ktypes[(*out_nktypes)++] = ktype;
+        ktypes[*out_nktypes] = 0;
+    }
+}
+
+/* Add a list of new pa_data items to an existing list. */
+static int
+grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size,
+             krb5_pa_data **addition, int num_addition)
+{
+    krb5_pa_data **pa_list;
+    int i;
+
+    /* Allocate space for new entries and a null terminator. */
+    pa_list = realloc(*out_pa_list, (*out_pa_list_size + num_addition + 1) *
+                      sizeof(*pa_list));
+    if (pa_list == NULL)
+        return ENOMEM;
+    *out_pa_list = pa_list;
+    for (i = 0; i < num_addition; i++)
+        pa_list[(*out_pa_list_size)++] = addition[i];
+    pa_list[*out_pa_list_size] = NULL;
+    return 0;
+}
+
+static krb5_enctype
+get_etype(krb5_context context, krb5_clpreauth_rock rock)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+
+    if (ctx->reply != NULL)
+        return ctx->reply->enc_part.enctype;
+    return ctx->etype;
+}
+
+static krb5_keyblock *
+fast_armor(krb5_context context, krb5_clpreauth_rock rock)
+{
+    return ((krb5_init_creds_context)rock)->fast_state->armor_key;
+}
+
+static krb5_error_code
+get_as_key(krb5_context context, krb5_clpreauth_rock rock,
+           krb5_keyblock **keyblock)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+    krb5_error_code ret;
+    krb5_data *salt;
+
+    if (ctx->as_key.length == 0) {
+        salt = ctx->default_salt ? NULL : &ctx->salt;
+        ret = ctx->gak_fct(context, ctx->request->client, ctx->etype,
+                           ctx->prompter, ctx->prompter_data, salt,
+                           &ctx->s2kparams, &ctx->as_key, ctx->gak_data,
+                           ctx->rctx.items);
+        if (ret)
+            return ret;
+    }
+    *keyblock = &ctx->as_key;
+    return 0;
+}
+
+static krb5_error_code
+set_as_key(krb5_context context, krb5_clpreauth_rock rock,
+           const krb5_keyblock *keyblock)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+
+    krb5_free_keyblock_contents(context, &ctx->as_key);
+    return krb5_copy_keyblock_contents(context, keyblock, &ctx->as_key);
+}
+
+static krb5_error_code
+get_preauth_time(krb5_context context, krb5_clpreauth_rock rock,
+                 krb5_boolean allow_unauth_time, krb5_timestamp *time_out,
+                 krb5_int32 *usec_out)
+{
+    return k5_init_creds_current_time(context, (krb5_init_creds_context)rock,
+                                      allow_unauth_time, time_out, usec_out);
+}
+
+static krb5_error_code
+responder_ask_question(krb5_context context, krb5_clpreauth_rock rock,
+                       const char *question, const char *challenge)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+
+    /* Force plugins to use need_as_key(). */
+    if (strcmp(KRB5_RESPONDER_QUESTION_PASSWORD, question) == 0)
+        return EINVAL;
+    return k5_response_items_ask_question(ctx->rctx.items, question,
+                                          challenge);
+}
+
+static const char *
+responder_get_answer(krb5_context context, krb5_clpreauth_rock rock,
+                     const char *question)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+
+    /* Don't let plugins get the raw password. */
+    if (strcmp(KRB5_RESPONDER_QUESTION_PASSWORD, question) == 0)
+        return NULL;
+    return k5_response_items_get_answer(ctx->rctx.items, question);
+}
+
+static void
+need_as_key(krb5_context context, krb5_clpreauth_rock rock)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+
+    /* Calling gac_fct() with NULL as_key indicates desire for the AS key. */
+    ctx->gak_fct(context, ctx->request->client, ctx->etype, NULL, NULL, NULL,
+                 NULL, NULL, ctx->gak_data, ctx->rctx.items);
+}
+
+static const char *
+get_cc_config(krb5_context context, krb5_clpreauth_rock rock, const char *key)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+    k5_json_value value;
+
+    if (ctx->cc_config_in == NULL)
+        return NULL;
+
+    value = k5_json_object_get(ctx->cc_config_in, key);
+    if (value == NULL)
+        return NULL;
+
+    if (k5_json_get_tid(value) != K5_JSON_TID_STRING)
+        return NULL;
+
+    return k5_json_string_utf8(value);
+}
+
+static krb5_error_code
+set_cc_config(krb5_context context, krb5_clpreauth_rock rock,
+              const char *key, const char *data)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+    krb5_error_code ret;
+    k5_json_string str;
+
+    if (ctx->cc_config_out == NULL)
+        return ENOENT;
+
+    ret = k5_json_string_create(data, &str);
+    if (ret)
+        return ret;
+
+    ret = k5_json_object_set(ctx->cc_config_out, key, str);
+    k5_json_release(str);
+    return ret;
+}
+
+static void
+disable_fallback(krb5_context context, krb5_clpreauth_rock rock)
+{
+    ((krb5_init_creds_context)rock)->fallback_disabled = TRUE;
+}
+
+static struct krb5_clpreauth_callbacks_st callbacks = {
+    3,
+    get_etype,
+    fast_armor,
+    get_as_key,
+    set_as_key,
+    get_preauth_time,
+    responder_ask_question,
+    responder_get_answer,
+    need_as_key,
+    get_cc_config,
+    set_cc_config,
+    disable_fallback
+};
+
+/* Tweak the request body, for now adding any enctypes which the module claims
+ * to add support for to the list, but in the future perhaps doing more
+ * involved things. */
+void
+k5_preauth_prepare_request(krb5_context context, krb5_get_init_creds_opt *opt,
+                           krb5_kdc_req *req)
+{
+    krb5_preauth_context pctx = context->preauth_context;
+    clpreauth_handle *hp, h;
+    krb5_enctype *ep;
+
+    if (pctx == NULL)
+        return;
+    /* Don't modify the enctype list if it's specified in the gic opts. */
+    if (opt != NULL && (opt->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST))
+        return;
+    for (hp = pctx->handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.enctype_list == NULL)
+            continue;
+        for (ep = h->vt.enctype_list; *ep != ENCTYPE_NULL; ep++)
+            grow_ktypes(&req->ktype, &req->nktypes, *ep);
+    }
+}
+
+const char * const * KRB5_CALLCONV
+krb5_responder_list_questions(krb5_context ctx, krb5_responder_context rctx)
+{
+    return k5_response_items_list_questions(rctx->items);
+}
+
+const char * KRB5_CALLCONV
+krb5_responder_get_challenge(krb5_context ctx, krb5_responder_context rctx,
+                             const char *question)
+{
+    if (rctx == NULL)
+        return NULL;
+
+    return k5_response_items_get_challenge(rctx->items, question);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_responder_set_answer(krb5_context ctx, krb5_responder_context rctx,
+                          const char *question, const char *answer)
+{
+    if (rctx == NULL)
+        return EINVAL;
+
+    return k5_response_items_set_answer(rctx->items, question, answer);
+}
+
+/* Return true if pa_type matches the specific preauth type allowed for this
+ * authentication, or if there is no specific allowed type. */
+static inline krb5_boolean
+pa_type_allowed(krb5_init_creds_context ctx, krb5_preauthtype pa_type)
+{
+    return ctx->allowed_preauth_type == KRB5_PADATA_NONE ||
+        pa_type == ctx->allowed_preauth_type;
+}
+
+/* Return true if pa_type previously failed during this authentication. */
+static krb5_boolean
+previously_failed(krb5_init_creds_context ctx, krb5_preauthtype pa_type)
+{
+    krb5_preauth_req_context reqctx = ctx->preauth_reqctx;
+    size_t i;
+
+    for (i = 0; reqctx->failed != NULL && reqctx->failed[i] != 0; i++) {
+        if (reqctx->failed[i] == pa_type)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+/* Allow clpreauth modules to process in_pa_list and produce output padata. */
+static krb5_error_code
+process_pa_data(krb5_context context, krb5_init_creds_context ctx,
+                krb5_pa_data **in_pa_list, krb5_boolean must_preauth,
+                krb5_pa_data ***out_pa_list, int *out_pa_list_size,
+                krb5_preauthtype *out_type)
+{
+    struct errinfo save = EMPTY_ERRINFO;
+    krb5_pa_data *pa, **pa_ptr, **mod_pa;
+    krb5_error_code ret = 0;
+    krb5_clpreauth_modreq modreq;
+    clpreauth_handle h;
+    int real, i;
+
+    /* Process all informational padata types, then the first real preauth type
+     * we succeed on. */
+    for (real = 0; real <= 1; real++) {
+        for (pa_ptr = in_pa_list; *pa_ptr != NULL; pa_ptr++) {
+            pa = *pa_ptr;
+            /* Restrict real mechanisms to the chosen one if we have one. */
+            if (real && !pa_type_allowed(ctx, pa->pa_type))
+                continue;
+            h = find_module(context, ctx, pa->pa_type, &modreq);
+            if (h == NULL)
+                continue;
+            /* Make sure this type is for the current pass. */
+            if (clpreauth_is_real(context, h, pa->pa_type) != real)
+                continue;
+            /* Don't try a real mechanism again after failure. */
+            if (real && previously_failed(ctx, pa->pa_type))
+                continue;
+            mod_pa = NULL;
+            ret = clpreauth_process(context, h, modreq, ctx->opt, &callbacks,
+                                    (krb5_clpreauth_rock)ctx, ctx->request,
+                                    ctx->inner_request_body,
+                                    ctx->encoded_previous_request, pa,
+                                    ctx->prompter, ctx->prompter_data,
+                                    &mod_pa);
+            TRACE_PREAUTH_PROCESS(context, h->vt.name, pa->pa_type, real,
+                                  ret);
+            if (mod_pa != NULL) {
+                for (i = 0; mod_pa[i] != NULL; i++);
+                ret = grow_pa_list(out_pa_list, out_pa_list_size, mod_pa, i);
+                if (ret) {
+                    krb5_free_pa_data(context, mod_pa);
+                    goto cleanup;
+                }
+                free(mod_pa);
+            }
+            /* Don't continue to try mechanisms after a keyboard interrupt. */
+            if (ret == KRB5_LIBOS_PWDINTR)
+                goto cleanup;
+            if (ret == 0 && real) {
+                /* Stop now and record which real padata type we answered. */
+                *out_type = pa->pa_type;
+                goto cleanup;
+            } else if (real && save.code == 0) {
+                /* Save the first error we get from a real preauth type. */
+                k5_save_ctx_error(context, ret, &save);
+            }
+            if (real && ret) {
+                /* Don't try this mechanism again for this authentication. */
+                ret = k5_preauth_note_failed(ctx, pa->pa_type);
+                if (ret)
+                    goto cleanup;
+            }
+        }
+    }
+
+    if (must_preauth) {
+        /* No real preauth types succeeded and we needed to preauthenticate. */
+        if (save.code != 0) {
+            ret = k5_restore_ctx_error(context, &save);
+            k5_wrapmsg(context, ret, KRB5_PREAUTH_FAILED,
+                       _("Pre-authentication failed"));
+        }
+        ret = KRB5_PREAUTH_FAILED;
+    }
+
+cleanup:
+    k5_clear_error(&save);
+    return ret;
+}
+
+static inline krb5_data
+padata2data(krb5_pa_data p)
+{
+    krb5_data d;
+    d.magic = KV5M_DATA;
+    d.length = p.length;
+    d.data = (char *) p.contents;
+    return d;
+}
+
+/* Set salt in rock based on pw-salt or afs3-salt elements in padata. */
+static krb5_error_code
+get_salt(krb5_context context, krb5_init_creds_context ctx,
+         krb5_pa_data **padata)
+{
+    krb5_error_code ret;
+    krb5_pa_data *pa;
+    krb5_data d;
+    const char *p;
+
+    /* Look for a pw-salt or afs3-salt element. */
+    pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_PW_SALT);
+    if (pa == NULL)
+        pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_AFS3_SALT);
+    if (pa == NULL)
+        return 0;
+
+    /* Set ctx->salt based on the element we found. */
+    krb5_free_data_contents(context, &ctx->salt);
+    d = padata2data(*pa);
+    ret = krb5int_copy_data_contents(context, &d, &ctx->salt);
+    if (ret)
+        return ret;
+
+    /* Adjust the salt if we got it from an afs3-salt element. */
+    if (pa->pa_type == KRB5_PADATA_AFS3_SALT) {
+        /* Work around a (possible) old Heimdal KDC foible. */
+        p = memchr(ctx->salt.data, '@', ctx->salt.length);
+        if (p != NULL)
+            ctx->salt.length = p - ctx->salt.data;
+        /* Tolerate extra null in MIT KDC afs3-salt value. */
+        if (ctx->salt.length > 0 &&
+            ctx->salt.data[ctx->salt.length - 1] == '\0')
+            ctx->salt.length--;
+        /* Set an s2kparams value to indicate AFS string-to-key. */
+        krb5_free_data_contents(context, &ctx->s2kparams);
+        ret = alloc_data(&ctx->s2kparams, 1);
+        if (ret)
+            return ret;
+        ctx->s2kparams.data[0] = '\1';
+    }
+
+    ctx->default_salt = FALSE;
+    TRACE_PREAUTH_SALT(context, &ctx->salt, pa->pa_type);
+    return 0;
+}
+
+/* Set etype info parameters in rock based on padata. */
+krb5_error_code
+k5_get_etype_info(krb5_context context, krb5_init_creds_context ctx,
+                  krb5_pa_data **padata)
+{
+    krb5_error_code ret = 0;
+    krb5_pa_data *pa;
+    krb5_data d;
+    krb5_etype_info etype_info = NULL, e;
+    krb5_etype_info_entry *entry;
+    krb5_boolean valid_found;
+    int i;
+
+    /* Find an etype-info2 or etype-info element in padata. */
+    pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_ETYPE_INFO2);
+    if (pa != NULL) {
+        d = padata2data(*pa);
+        (void)decode_krb5_etype_info2(&d, &etype_info);
+    } else {
+        pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_ETYPE_INFO);
+        if (pa != NULL) {
+            d = padata2data(*pa);
+            (void)decode_krb5_etype_info(&d, &etype_info);
+        }
+    }
+
+    /* Fall back to pw-salt/afs3-salt if no etype-info element is present. */
+    if (etype_info == NULL)
+        return get_salt(context, ctx, padata);
+
+    /* Search entries in order of the request's enctype preference. */
+    entry = NULL;
+    valid_found = FALSE;
+    for (i = 0; i < ctx->request->nktypes && entry == NULL; i++) {
+        for (e = etype_info; *e != NULL && entry == NULL; e++) {
+            if ((*e)->etype == ctx->request->ktype[i])
+                entry = *e;
+            if (krb5_c_valid_enctype((*e)->etype))
+                valid_found = TRUE;
+        }
+    }
+    if (entry == NULL) {
+        ret = (valid_found) ? KRB5_CONFIG_ETYPE_NOSUPP :
+            KRB5_PROG_ETYPE_NOSUPP;
+        goto cleanup;
+    }
+
+    /* Set etype/salt/s2kparams fields based on the entry we selected. */
+    ctx->etype = entry->etype;
+    krb5_free_data_contents(context, &ctx->salt);
+    if (entry->length != KRB5_ETYPE_NO_SALT) {
+        ctx->salt = make_data(entry->salt, entry->length);
+        entry->salt = NULL;
+        ctx->default_salt = FALSE;
+    } else {
+        ctx->salt = empty_data();
+        ctx->default_salt = TRUE;
+    }
+    krb5_free_data_contents(context, &ctx->s2kparams);
+    ctx->s2kparams = entry->s2kparams;
+    entry->s2kparams = empty_data();
+    TRACE_PREAUTH_ETYPE_INFO(context, ctx->etype, &ctx->salt, &ctx->s2kparams);
+
+cleanup:
+    krb5_free_etype_info(context, etype_info);
+    return ret;
+}
+
+/* Look for an fx-cookie element in in_padata and add it to out_pa_list. */
+static krb5_error_code
+copy_cookie(krb5_context context, krb5_pa_data **in_padata,
+            krb5_pa_data ***out_pa_list, int *out_pa_list_size)
+{
+    krb5_error_code ret;
+    krb5_pa_data *cookie, *pa = NULL;
+
+    cookie = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_COOKIE);
+    if (cookie == NULL)
+        return 0;
+    TRACE_PREAUTH_COOKIE(context, cookie->length, cookie->contents);
+    pa = k5alloc(sizeof(*pa), &ret);
+    if (pa == NULL)
+        return ret;
+    *pa = *cookie;
+    pa->contents = k5memdup(cookie->contents, cookie->length, &ret);
+    if (pa->contents == NULL)
+        goto error;
+    ret = grow_pa_list(out_pa_list, out_pa_list_size, &pa, 1);
+    if (ret)
+        goto error;
+    return 0;
+
+error:
+    free(pa->contents);
+    free(pa);
+    return ENOMEM;
+}
+
+/*
+ * If the module for pa_type can adjust its AS_REQ data using the contents of
+ * err and err_padata, return 0 with *padata_out set to a padata list for the
+ * next request.  If it's the sort of correction which requires that we ask the
+ * user another question, we let the calling application deal with it.
+ */
+krb5_error_code
+k5_preauth_tryagain(krb5_context context, krb5_init_creds_context ctx,
+                    krb5_preauthtype pa_type, krb5_error *err,
+                    krb5_pa_data **err_padata, krb5_pa_data ***padata_out)
+{
+    krb5_error_code ret;
+    krb5_pa_data **mod_pa;
+    krb5_clpreauth_modreq modreq;
+    clpreauth_handle h;
+    int count;
+
+    *padata_out = NULL;
+
+    TRACE_PREAUTH_TRYAGAIN_INPUT(context, pa_type, err_padata);
+
+    h = find_module(context, ctx, pa_type, &modreq);
+    if (h == NULL)
+        return KRB5KRB_ERR_GENERIC;
+    mod_pa = NULL;
+    ret = clpreauth_tryagain(context, h, modreq, ctx->opt, &callbacks,
+                             (krb5_clpreauth_rock)ctx, ctx->request,
+                             ctx->inner_request_body,
+                             ctx->encoded_previous_request, pa_type, err,
+                             err_padata, ctx->prompter, ctx->prompter_data,
+                             &mod_pa);
+    TRACE_PREAUTH_TRYAGAIN(context, h->vt.name, pa_type, ret);
+    if (!ret && mod_pa == NULL)
+        ret = KRB5KRB_ERR_GENERIC;
+    if (ret) {
+        k5_preauth_note_failed(ctx, pa_type);
+        return ret;
+    }
+
+    for (count = 0; mod_pa[count] != NULL; count++);
+    ret = copy_cookie(context, err_padata, &mod_pa, &count);
+    if (ret) {
+        krb5_free_pa_data(context, mod_pa);
+        return ret;
+    }
+
+    TRACE_PREAUTH_TRYAGAIN_OUTPUT(context, mod_pa);
+    *padata_out = mod_pa;
+    return 0;
+}
+
+/* Compile the set of response items for in_padata by invoke each module's
+ * prep_questions method. */
+static krb5_error_code
+fill_response_items(krb5_context context, krb5_init_creds_context ctx,
+                    krb5_pa_data **in_padata)
+{
+    krb5_error_code ret;
+    krb5_pa_data *pa;
+    krb5_clpreauth_modreq modreq;
+    clpreauth_handle h;
+    int i;
+
+    k5_response_items_reset(ctx->rctx.items);
+    for (i = 0; in_padata[i] != NULL; i++) {
+        pa = in_padata[i];
+        if (!pa_type_allowed(ctx, pa->pa_type))
+            continue;
+        h = find_module(context, ctx, pa->pa_type, &modreq);
+        if (h == NULL)
+            continue;
+        ret = clpreauth_prep_questions(context, h, modreq, ctx->opt,
+                                       &callbacks, (krb5_clpreauth_rock)ctx,
+                                       ctx->request, ctx->inner_request_body,
+                                       ctx->encoded_previous_request, pa);
+        if (ret)
+            return ret;
+    }
+    return 0;
+}
+
+krb5_error_code
+k5_preauth(krb5_context context, krb5_init_creds_context ctx,
+           krb5_pa_data **in_padata, krb5_boolean must_preauth,
+           krb5_pa_data ***padata_out, krb5_preauthtype *pa_type_out)
+{
+    int out_pa_list_size = 0;
+    krb5_pa_data **out_pa_list = NULL;
+    krb5_error_code ret;
+    krb5_responder_fn responder;
+    void *responder_data;
+
+    *padata_out = NULL;
+    *pa_type_out = KRB5_PADATA_NONE;
+
+    /* We should never invoke preauth modules when identifying the realm. */
+    if (in_padata == NULL || ctx->identify_realm)
+        return 0;
+
+    TRACE_PREAUTH_INPUT(context, in_padata);
+
+    /* Scan the padata list and process etype-info or salt elements. */
+    ret = k5_get_etype_info(context, ctx, in_padata);
+    if (ret)
+        return ret;
+
+    /* Copy the cookie if there is one. */
+    ret = copy_cookie(context, in_padata, &out_pa_list, &out_pa_list_size);
+    if (ret)
+        goto error;
+
+    /* If we can't initialize the preauth context, stop with what we have. */
+    k5_init_preauth_context(context);
+    if (context->preauth_context == NULL) {
+        *padata_out = out_pa_list;
+        out_pa_list = NULL;
+        goto error;
+    }
+
+    /* Get a list of response items for in_padata from the preauth modules. */
+    ret = fill_response_items(context, ctx, in_padata);
+    if (ret)
+        goto error;
+
+    /* Call the responder to answer response items. */
+    k5_gic_opt_get_responder(ctx->opt, &responder, &responder_data);
+    if (responder != NULL && !k5_response_items_empty(ctx->rctx.items)) {
+        ret = (*responder)(context, responder_data, &ctx->rctx);
+        if (ret)
+            goto error;
+    }
+
+    ret = process_pa_data(context, ctx, in_padata, must_preauth,
+                          &out_pa_list, &out_pa_list_size, pa_type_out);
+    if (ret)
+        goto error;
+
+    TRACE_PREAUTH_OUTPUT(context, out_pa_list);
+    *padata_out = out_pa_list;
+    return 0;
+
+error:
+    krb5_free_pa_data(context, out_pa_list);
+    return ret;
+}
+
+/*
+ * Give all the preauth plugins a look at the preauth option which
+ * has just been set
+ */
+krb5_error_code
+krb5_preauth_supply_preauth_data(krb5_context context,
+                                 krb5_get_init_creds_opt *opt,
+                                 const char *attr, const char *value)
+{
+    krb5_preauth_context pctx = context->preauth_context;
+    clpreauth_handle *hp, h;
+    krb5_error_code ret;
+
+    if (pctx == NULL) {
+        k5_init_preauth_context(context);
+        pctx = context->preauth_context;
+        if (pctx == NULL) {
+            k5_setmsg(context, EINVAL,
+                      _("Unable to initialize preauth context"));
+            return EINVAL;
+        }
+    }
+
+    /*
+     * Go down the list of preauth modules, and supply them with the
+     * attribute/value pair.
+     */
+    for (hp = pctx->handles; *hp != NULL; hp++) {
+        h = *hp;
+        ret = clpreauth_gic_opts(context, h, opt, attr, value);
+        if (ret) {
+            k5_prependmsg(context, ret, _("Preauth module %s"), h->vt.name);
+            return ret;
+        }
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c b/krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c
new file mode 100644
index 00000000..75aab770
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/preauth_ec.c - Encrypted Challenge clpreauth module */
+/*
+ * Copyright (C) 2009, 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Implement Encrypted Challenge fast factor from
+ * draft-ietf-krb-wg-preauth-framework
+ */
+
+#include <k5-int.h>
+#include <krb5/clpreauth_plugin.h>
+#include "int-proto.h"
+
+static krb5_error_code
+ec_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
+                  krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+                  krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                  krb5_kdc_req *request, krb5_data *encoded_request_body,
+                  krb5_data *encoded_previous_request, krb5_pa_data *pa_data)
+{
+    cb->need_as_key(context, rock);
+    return 0;
+}
+
+static krb5_error_code
+ec_process(krb5_context context, krb5_clpreauth_moddata moddata,
+           krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+           krb5_clpreauth_callbacks cb,
+           krb5_clpreauth_rock rock, krb5_kdc_req *request,
+           krb5_data *encoded_request_body,
+           krb5_data *encoded_previous_request, krb5_pa_data *padata,
+           krb5_prompter_fct prompter, void *prompter_data,
+           krb5_pa_data ***out_padata)
+{
+    krb5_error_code retval = 0;
+    krb5_keyblock *challenge_key = NULL, *armor_key, *as_key;
+
+    armor_key = cb->fast_armor(context, rock);
+    if (armor_key == NULL)
+        return ENOENT;
+    retval = cb->get_as_key(context, rock, &as_key);
+    if (retval == 0 && padata->length) {
+        krb5_enc_data *enc = NULL;
+        krb5_data scratch;
+        scratch.length = padata->length;
+        scratch.data = (char *) padata->contents;
+        retval = krb5_c_fx_cf2_simple(context,armor_key, "kdcchallengearmor",
+                                      as_key, "challengelongterm",
+                                      &challenge_key);
+        if (retval == 0)
+            retval = decode_krb5_enc_data(&scratch, &enc);
+        scratch.data = NULL;
+        if (retval == 0) {
+            scratch.data = malloc(enc->ciphertext.length);
+            scratch.length = enc->ciphertext.length;
+            if (scratch.data == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0)
+            retval = krb5_c_decrypt(context, challenge_key,
+                                    KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
+                                    enc, &scratch);
+        /*
+         * Per draft 11 of the preauth framework, the client MAY but is not
+         * required to actually check the timestamp from the KDC other than to
+         * confirm it decrypts. This code does not perform that check.
+         */
+        if (scratch.data)
+            krb5_free_data_contents(context, &scratch);
+        /* If we had a callback to assert that the KDC is verified, we would
+         * call it here. */
+        if (enc)
+            krb5_free_enc_data(context, enc);
+    } else if (retval == 0) { /*No padata; we send*/
+        krb5_enc_data enc;
+        krb5_pa_data **pa = NULL;
+        krb5_data *encoded_ts = NULL;
+        krb5_pa_enc_ts ts;
+        enc.ciphertext.data = NULL;
+        /* Use the timestamp from the preauth-required error if possible.
+         * This time should always be secured by the FAST channel. */
+        retval = cb->get_preauth_time(context, rock, FALSE, &ts.patimestamp,
+                                      &ts.pausec);
+        if (retval == 0)
+            retval = encode_krb5_pa_enc_ts(&ts, &encoded_ts);
+        if (retval == 0)
+            retval = krb5_c_fx_cf2_simple(context,
+                                          armor_key, "clientchallengearmor",
+                                          as_key, "challengelongterm",
+                                          &challenge_key);
+        if (retval == 0)
+            retval = krb5_encrypt_helper(context, challenge_key,
+                                         KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
+                                         encoded_ts, &enc);
+        if (encoded_ts)
+            krb5_free_data(context, encoded_ts);
+        encoded_ts = NULL;
+        if (retval == 0) {
+            retval = encode_krb5_enc_data(&enc, &encoded_ts);
+            krb5_free_data_contents(context, &enc.ciphertext);
+        }
+        if (retval == 0) {
+            pa = calloc(2, sizeof(krb5_pa_data *));
+            if (pa == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0) {
+            pa[0] = calloc(1, sizeof(krb5_pa_data));
+            if (pa[0] == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0) {
+            pa[0]->length = encoded_ts->length;
+            pa[0]->contents = (unsigned char *) encoded_ts->data;
+            pa[0]->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
+            encoded_ts->data = NULL;
+            *out_padata = pa;
+            pa = NULL;
+            cb->disable_fallback(context, rock);
+        }
+        free(pa);
+        krb5_free_data(context, encoded_ts);
+    }
+    if (challenge_key)
+        krb5_free_keyblock(context, challenge_key);
+    return retval;
+}
+
+
+static krb5_preauthtype ec_types[] = {
+    KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
+
+krb5_error_code
+clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+                                     int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "encrypted_challenge";
+    vt->pa_type_list = ec_types;
+    vt->prep_questions = ec_prep_questions;
+    vt->process = ec_process;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/preauth_encts.c b/krb5-1.21.3/src/lib/krb5/krb/preauth_encts.c
new file mode 100644
index 00000000..34570198
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/preauth_encts.c
@@ -0,0 +1,151 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/preauth_encts.c - Encrypted timestamp clpreauth module */
+/*
+ * Copyright 1995, 2003, 2008, 2011 by the Massachusetts Institute of Technology.  All
+ * Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include <k5-int.h>
+#include <krb5/clpreauth_plugin.h>
+#include "int-proto.h"
+#include "init_creds_ctx.h"
+
+static krb5_error_code
+encts_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
+                     krb5_clpreauth_modreq modreq,
+                     krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb,
+                     krb5_clpreauth_rock rock, krb5_kdc_req *request,
+                     krb5_data *encoded_request_body,
+                     krb5_data *encoded_previous_request,
+                     krb5_pa_data *pa_data)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+
+    if (!ctx->encts_disabled)
+        cb->need_as_key(context, rock);
+    return 0;
+}
+
+static krb5_error_code
+encts_process(krb5_context context, krb5_clpreauth_moddata moddata,
+              krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+              krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+              krb5_kdc_req *request, krb5_data *encoded_request_body,
+              krb5_data *encoded_previous_request, krb5_pa_data *padata,
+              krb5_prompter_fct prompter, void *prompter_data,
+              krb5_pa_data ***out_padata)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+    krb5_error_code ret;
+    krb5_pa_enc_ts pa_enc;
+    krb5_data *ts = NULL, *enc_ts = NULL;
+    krb5_enc_data enc_data;
+    krb5_pa_data **pa = NULL;
+    krb5_keyblock *as_key;
+
+    enc_data.ciphertext = empty_data();
+
+    if (ctx->encts_disabled) {
+        TRACE_PREAUTH_ENC_TS_DISABLED(context);
+        k5_setmsg(context, KRB5_PREAUTH_FAILED,
+                  _("Encrypted timestamp is disabled"));
+        return KRB5_PREAUTH_FAILED;
+    }
+
+    ret = cb->get_as_key(context, rock, &as_key);
+    if (ret)
+        goto cleanup;
+    TRACE_PREAUTH_ENC_TS_KEY_GAK(context, as_key);
+
+    /*
+     * Try and use the timestamp of the preauth request, even if it's
+     * unauthenticated.  We could be fooled into making a preauth response for
+     * a future time, but that has no security consequences other than the
+     * KDC's audit logs.  If kdc_timesync is not configured, then this will
+     * just use local time.
+     */
+    ret = cb->get_preauth_time(context, rock, TRUE, &pa_enc.patimestamp,
+                               &pa_enc.pausec);
+    if (ret)
+        goto cleanup;
+
+    ret = encode_krb5_pa_enc_ts(&pa_enc, &ts);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_encrypt_helper(context, as_key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS,
+                              ts, &enc_data);
+    if (ret)
+        goto cleanup;
+    TRACE_PREAUTH_ENC_TS(context, pa_enc.patimestamp, pa_enc.pausec,
+                         ts, &enc_data.ciphertext);
+
+    ret = encode_krb5_enc_data(&enc_data, &enc_ts);
+    if (ret)
+        goto cleanup;
+
+    pa = k5calloc(2, sizeof(krb5_pa_data *), &ret);
+    if (pa == NULL)
+        goto cleanup;
+
+    pa[0] = k5alloc(sizeof(krb5_pa_data), &ret);
+    if (pa[0] == NULL)
+        goto cleanup;
+
+    pa[0]->magic = KV5M_PA_DATA;
+    pa[0]->pa_type = KRB5_PADATA_ENC_TIMESTAMP;
+    pa[0]->length = enc_ts->length;
+    pa[0]->contents = (krb5_octet *) enc_ts->data;
+    enc_ts->data = NULL;
+    pa[1] = NULL;
+    *out_padata = pa;
+    pa = NULL;
+
+    cb->disable_fallback(context, rock);
+
+cleanup:
+    krb5_free_data(context, ts);
+    krb5_free_data(context, enc_ts);
+    free(enc_data.ciphertext.data);
+    free(pa);
+    return ret;
+}
+
+static krb5_preauthtype encts_pa_types[] = {
+    KRB5_PADATA_ENC_TIMESTAMP, 0};
+
+krb5_error_code
+clpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
+                                     int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "encrypted_timestamp";
+    vt->pa_type_list = encts_pa_types;
+    vt->prep_questions = encts_prep_questions;
+    vt->process = encts_process;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c b/krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c
new file mode 100644
index 00000000..38eaf426
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c
@@ -0,0 +1,1265 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/preauth_otp.c - OTP clpreauth module */
+/*
+ * Copyright 2011 NORDUnet A/S.  All rights reserved.
+ * Copyright 2011 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-json.h"
+#include "int-proto.h"
+#include "os-proto.h"
+
+#include <krb5/clpreauth_plugin.h>
+#include <ctype.h>
+
+static krb5_preauthtype otp_client_supported_pa_types[] =
+    { KRB5_PADATA_OTP_CHALLENGE, 0 };
+
+/* Frees a tokeninfo. */
+static void
+free_tokeninfo(krb5_responder_otp_tokeninfo *ti)
+{
+    if (ti == NULL)
+        return;
+
+    free(ti->alg_id);
+    free(ti->challenge);
+    free(ti->token_id);
+    free(ti->vendor);
+    free(ti);
+}
+
+/* Converts a property of a json object into a char*. */
+static krb5_error_code
+codec_value_to_string(k5_json_object obj, const char *key, char **string)
+{
+    k5_json_value val;
+    char *str;
+
+    val = k5_json_object_get(obj, key);
+    if (val == NULL)
+        return ENOENT;
+
+    if (k5_json_get_tid(val) != K5_JSON_TID_STRING)
+        return EINVAL;
+
+    str = strdup(k5_json_string_utf8(val));
+    if (str == NULL)
+        return ENOMEM;
+
+    *string = str;
+    return 0;
+}
+
+/* Converts a property of a json object into a krb5_data struct. */
+static krb5_error_code
+codec_value_to_data(k5_json_object obj, const char *key, krb5_data *data)
+{
+    krb5_error_code retval;
+    char *tmp;
+
+    retval = codec_value_to_string(obj, key, &tmp);
+    if (retval != 0)
+        return retval;
+
+    *data = string2data(tmp);
+    return 0;
+}
+
+/* Converts a krb5_data struct into a property of a JSON object. */
+static krb5_error_code
+codec_data_to_value(krb5_data *data, k5_json_object obj, const char *key)
+{
+    krb5_error_code retval;
+    k5_json_string str;
+
+    if (data->data == NULL)
+        return 0;
+
+    retval = k5_json_string_create_len(data->data, data->length, &str);
+    if (retval)
+        return retval;
+
+    retval = k5_json_object_set(obj, key, str);
+    k5_json_release(str);
+    return retval;
+}
+
+/* Converts a property of a json object into a krb5_int32. */
+static krb5_error_code
+codec_value_to_int32(k5_json_object obj, const char *key, krb5_int32 *int32)
+{
+    k5_json_value val;
+
+    val = k5_json_object_get(obj, key);
+    if (val == NULL)
+        return ENOENT;
+
+    if (k5_json_get_tid(val) != K5_JSON_TID_NUMBER)
+        return EINVAL;
+
+    *int32 = k5_json_number_value(val);
+    return 0;
+}
+
+/* Converts a krb5_int32 into a property of a JSON object. */
+static krb5_error_code
+codec_int32_to_value(krb5_int32 int32, k5_json_object obj, const char *key)
+{
+    krb5_error_code retval;
+    k5_json_number num;
+
+    if (int32 == -1)
+        return 0;
+
+    retval = k5_json_number_create(int32, &num);
+    if (retval)
+        return retval;
+
+    retval = k5_json_object_set(obj, key, num);
+    k5_json_release(num);
+    return retval;
+}
+
+/* Converts a krb5_otp_tokeninfo into a JSON object. */
+static krb5_error_code
+codec_encode_tokeninfo(krb5_otp_tokeninfo *ti, k5_json_object *out)
+{
+    krb5_error_code retval;
+    k5_json_object obj;
+    krb5_flags flags;
+
+    retval = k5_json_object_create(&obj);
+    if (retval != 0)
+        goto error;
+
+    flags = KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN;
+    if (ti->flags & KRB5_OTP_FLAG_COLLECT_PIN) {
+        flags |= KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN;
+        if (ti->flags & KRB5_OTP_FLAG_SEPARATE_PIN)
+            flags |= KRB5_RESPONDER_OTP_FLAGS_NEXTOTP;
+    }
+    if (ti->flags & KRB5_OTP_FLAG_NEXTOTP)
+        flags |= KRB5_RESPONDER_OTP_FLAGS_NEXTOTP;
+
+    retval = codec_int32_to_value(flags, obj, "flags");
+    if (retval != 0)
+        goto error;
+
+    retval = codec_data_to_value(&ti->vendor, obj, "vendor");
+    if (retval != 0)
+        goto error;
+
+    retval = codec_data_to_value(&ti->challenge, obj, "challenge");
+    if (retval != 0)
+        goto error;
+
+    retval = codec_int32_to_value(ti->length, obj, "length");
+    if (retval != 0)
+        goto error;
+
+    if (ti->format != KRB5_OTP_FORMAT_BASE64 &&
+        ti->format != KRB5_OTP_FORMAT_BINARY) {
+        retval = codec_int32_to_value(ti->format, obj, "format");
+        if (retval != 0)
+            goto error;
+    }
+
+    retval = codec_data_to_value(&ti->token_id, obj, "tokenID");
+    if (retval != 0)
+        goto error;
+
+    retval = codec_data_to_value(&ti->alg_id, obj, "algID");
+    if (retval != 0)
+        goto error;
+
+    *out = obj;
+    return 0;
+
+error:
+    k5_json_release(obj);
+    return retval;
+}
+
+/* Converts a krb5_pa_otp_challenge into a JSON object. */
+static krb5_error_code
+codec_encode_challenge(krb5_context ctx, krb5_pa_otp_challenge *chl,
+                       char **json)
+{
+    k5_json_object obj = NULL, tmp = NULL;
+    k5_json_string str = NULL;
+    k5_json_array arr = NULL;
+    krb5_error_code retval;
+    int i;
+
+    retval = k5_json_object_create(&obj);
+    if (retval != 0)
+        goto cleanup;
+
+    if (chl->service.data) {
+        retval = k5_json_string_create_len(chl->service.data,
+                                           chl->service.length, &str);
+        if (retval != 0)
+            goto cleanup;
+        retval = k5_json_object_set(obj, "service", str);
+        k5_json_release(str);
+        if (retval != 0)
+            goto cleanup;
+    }
+
+    retval = k5_json_array_create(&arr);
+    if (retval != 0)
+        goto cleanup;
+
+    for (i = 0; chl->tokeninfo[i] != NULL ; i++) {
+        retval = codec_encode_tokeninfo(chl->tokeninfo[i], &tmp);
+        if (retval != 0)
+            goto cleanup;
+
+        retval = k5_json_array_add(arr, tmp);
+        k5_json_release(tmp);
+        if (retval != 0)
+            goto cleanup;
+    }
+
+    retval = k5_json_object_set(obj, "tokenInfo", arr);
+    if (retval != 0)
+        goto cleanup;
+
+    retval = k5_json_encode(obj, json);
+    if (retval)
+        goto cleanup;
+
+cleanup:
+    k5_json_release(arr);
+    k5_json_release(obj);
+    return retval;
+}
+
+/* Converts a JSON object into a krb5_responder_otp_tokeninfo. */
+static krb5_responder_otp_tokeninfo *
+codec_decode_tokeninfo(k5_json_object obj)
+{
+    krb5_responder_otp_tokeninfo *ti = NULL;
+    krb5_error_code retval;
+
+    ti = calloc(1, sizeof(krb5_responder_otp_tokeninfo));
+    if (ti == NULL)
+        goto error;
+
+    retval = codec_value_to_int32(obj, "flags", &ti->flags);
+    if (retval != 0)
+        goto error;
+
+    retval = codec_value_to_string(obj, "vendor", &ti->vendor);
+    if (retval != 0 && retval != ENOENT)
+        goto error;
+
+    retval = codec_value_to_string(obj, "challenge", &ti->challenge);
+    if (retval != 0 && retval != ENOENT)
+        goto error;
+
+    retval = codec_value_to_int32(obj, "length", &ti->length);
+    if (retval == ENOENT)
+        ti->length = -1;
+    else if (retval != 0)
+        goto error;
+
+    retval = codec_value_to_int32(obj, "format", &ti->format);
+    if (retval == ENOENT)
+        ti->format = -1;
+    else if (retval != 0)
+        goto error;
+
+    retval = codec_value_to_string(obj, "tokenID", &ti->token_id);
+    if (retval != 0 && retval != ENOENT)
+        goto error;
+
+    retval = codec_value_to_string(obj, "algID", &ti->alg_id);
+    if (retval != 0 && retval != ENOENT)
+        goto error;
+
+    return ti;
+
+error:
+    free_tokeninfo(ti);
+    return NULL;
+}
+
+/* Converts a JSON object into a krb5_responder_otp_challenge. */
+static krb5_responder_otp_challenge *
+codec_decode_challenge(krb5_context ctx, const char *json)
+{
+    krb5_responder_otp_challenge *chl = NULL;
+    k5_json_value obj = NULL, arr = NULL, tmp = NULL;
+    krb5_error_code retval;
+    size_t i;
+
+    retval = k5_json_decode(json, &obj);
+    if (retval != 0)
+        goto error;
+
+    if (k5_json_get_tid(obj) != K5_JSON_TID_OBJECT)
+        goto error;
+
+    arr = k5_json_object_get(obj, "tokenInfo");
+    if (arr == NULL)
+        goto error;
+
+    if (k5_json_get_tid(arr) != K5_JSON_TID_ARRAY)
+        goto error;
+
+    chl = calloc(1, sizeof(krb5_responder_otp_challenge));
+    if (chl == NULL)
+        goto error;
+
+    chl->tokeninfo = calloc(k5_json_array_length(arr) + 1,
+                            sizeof(krb5_responder_otp_tokeninfo*));
+    if (chl->tokeninfo == NULL)
+        goto error;
+
+    retval = codec_value_to_string(obj, "service", &chl->service);
+    if (retval != 0 && retval != ENOENT)
+        goto error;
+
+    for (i = 0; i < k5_json_array_length(arr); i++) {
+        tmp = k5_json_array_get(arr, i);
+        if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)
+            goto error;
+
+        chl->tokeninfo[i] = codec_decode_tokeninfo(tmp);
+        if (chl->tokeninfo[i] == NULL)
+            goto error;
+    }
+
+    k5_json_release(obj);
+    return chl;
+
+error:
+    if (chl != NULL) {
+        for (i = 0; chl->tokeninfo != NULL && chl->tokeninfo[i] != NULL; i++)
+            free_tokeninfo(chl->tokeninfo[i]);
+        free(chl->tokeninfo);
+        free(chl);
+    }
+    k5_json_release(obj);
+    return NULL;
+}
+
+/* Decode the responder answer into a tokeninfo, a value and a pin. */
+static krb5_error_code
+codec_decode_answer(krb5_context context, const char *answer,
+                    krb5_otp_tokeninfo **tis, krb5_otp_tokeninfo **ti,
+                    krb5_data *value, krb5_data *pin)
+{
+    krb5_error_code retval;
+    k5_json_value val = NULL;
+    krb5_int32 indx, i;
+    krb5_data tmp;
+
+    if (answer == NULL)
+        return EBADMSG;
+
+    retval = k5_json_decode(answer, &val);
+    if (retval != 0)
+        goto cleanup;
+
+    if (k5_json_get_tid(val) != K5_JSON_TID_OBJECT)
+        goto cleanup;
+
+    retval = codec_value_to_int32(val, "tokeninfo", &indx);
+    if (retval != 0)
+        goto cleanup;
+
+    for (i = 0; tis[i] != NULL; i++) {
+        if (i == indx) {
+            retval = codec_value_to_data(val, "value", &tmp);
+            if (retval != 0 && retval != ENOENT)
+                goto cleanup;
+
+            retval = codec_value_to_data(val, "pin", pin);
+            if (retval != 0 && retval != ENOENT) {
+                krb5_free_data_contents(context, &tmp);
+                goto cleanup;
+            }
+
+            *value = tmp;
+            *ti = tis[i];
+            retval = 0;
+            goto cleanup;
+        }
+    }
+    retval = EINVAL;
+
+cleanup:
+    k5_json_release(val);
+    return retval;
+}
+
+/* Takes the nonce from the challenge and encrypts it into the request. */
+static krb5_error_code
+encrypt_nonce(krb5_context ctx, krb5_keyblock *key,
+              const krb5_pa_otp_challenge *chl, krb5_pa_otp_req *req)
+{
+    krb5_error_code retval;
+    krb5_enc_data encdata;
+    krb5_data *er;
+
+    /* Encode the nonce. */
+    retval = encode_krb5_pa_otp_enc_req(&chl->nonce, &er);
+    if (retval != 0)
+        return retval;
+
+    /* Do the encryption. */
+    retval = krb5_encrypt_helper(ctx, key, KRB5_KEYUSAGE_PA_OTP_REQUEST,
+                                 er, &encdata);
+    krb5_free_data(ctx, er);
+    if (retval != 0)
+        return retval;
+
+    req->enc_data = encdata;
+    return 0;
+}
+
+/* Checks to see if the user-supplied otp value matches the length and format
+ * of the supplied tokeninfo. */
+static int
+otpvalue_matches_tokeninfo(const char *otpvalue, krb5_otp_tokeninfo *ti)
+{
+    int (*table[])(int c) = { isdigit, isxdigit, isalnum };
+
+    if (otpvalue == NULL || ti == NULL)
+        return 0;
+
+    if (ti->length >= 0 && strlen(otpvalue) != (size_t)ti->length)
+        return 0;
+
+    if (ti->format >= 0 && ti->format < 3) {
+        while (*otpvalue) {
+            if (!(*table[ti->format])((unsigned char)*otpvalue++))
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+/* Performs a prompt and saves the response in the out parameter. */
+static krb5_error_code
+doprompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data,
+         const char *banner, const char *prompttxt, char *out, size_t len)
+{
+    krb5_prompt prompt;
+    krb5_data prompt_reply;
+    krb5_error_code retval;
+    krb5_prompt_type prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+
+    if (prompttxt == NULL || out == NULL)
+        return EINVAL;
+
+    memset(out, 0, len);
+
+    prompt_reply = make_data(out, len);
+    prompt.reply = &prompt_reply;
+    prompt.prompt = (char *)prompttxt;
+    prompt.hidden = 1;
+
+    /* PROMPTER_INVOCATION */
+    k5_set_prompt_types(context, &prompt_type);
+    retval = (*prompter)(context, prompter_data, NULL, banner, 1, &prompt);
+    k5_set_prompt_types(context, NULL);
+    if (retval != 0)
+        return retval;
+
+    return 0;
+}
+
+/* Forces the user to choose a single tokeninfo via prompting. */
+static krb5_error_code
+prompt_for_tokeninfo(krb5_context context, krb5_prompter_fct prompter,
+                     void *prompter_data, krb5_otp_tokeninfo **tis,
+                     krb5_otp_tokeninfo **out_ti)
+{
+    char response[1024], *prompt;
+    krb5_otp_tokeninfo *ti = NULL;
+    krb5_error_code retval = 0;
+    struct k5buf buf;
+    int i = 0, j = 0;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add(&buf, _("Please choose from the following:\n"));
+    for (i = 0; tis[i] != NULL; i++) {
+        k5_buf_add_fmt(&buf, "\t%d. %s ", i + 1, _("Vendor:"));
+        k5_buf_add_len(&buf, tis[i]->vendor.data, tis[i]->vendor.length);
+        k5_buf_add(&buf, "\n");
+    }
+    prompt = k5_buf_cstring(&buf);
+    if (prompt == NULL)
+        return ENOMEM;
+
+    do {
+        retval = doprompt(context, prompter, prompter_data, prompt,
+                          _("Enter #"), response, sizeof(response));
+        if (retval != 0)
+            goto cleanup;
+
+        errno = 0;
+        j = strtol(response, NULL, 0);
+        if (errno != 0) {
+            retval = errno;
+            goto cleanup;
+        }
+        if (j < 1 || j > i)
+            continue;
+
+        ti = tis[--j];
+    } while (ti == NULL);
+
+    *out_ti = ti;
+
+cleanup:
+    k5_buf_free(&buf);
+    return retval;
+}
+
+/* Builds a challenge string from the given tokeninfo. */
+static krb5_error_code
+make_challenge(const krb5_otp_tokeninfo *ti, char **challenge)
+{
+    if (challenge == NULL)
+        return EINVAL;
+
+    *challenge = NULL;
+
+    if (ti == NULL || ti->challenge.data == NULL)
+        return 0;
+
+    if (asprintf(challenge, "%s %.*s\n",
+                 _("OTP Challenge:"),
+                 ti->challenge.length,
+                 ti->challenge.data) < 0)
+        return ENOMEM;
+
+    return 0;
+}
+
+/* Determines if a pin is required. If it is, it will be prompted for. */
+static inline krb5_error_code
+collect_pin(krb5_context context, krb5_prompter_fct prompter,
+            void *prompter_data, const krb5_otp_tokeninfo *ti,
+            krb5_data *out_pin)
+{
+    krb5_error_code retval;
+    char otppin[1024];
+    krb5_flags collect;
+    krb5_data pin;
+
+    /* If no PIN will be collected, don't prompt. */
+    collect = ti->flags & (KRB5_OTP_FLAG_COLLECT_PIN |
+                           KRB5_OTP_FLAG_SEPARATE_PIN);
+    if (collect == 0) {
+        *out_pin = empty_data();
+        return 0;
+    }
+
+    /* Collect the PIN. */
+    retval = doprompt(context, prompter, prompter_data, NULL,
+                      _("OTP Token PIN"), otppin, sizeof(otppin));
+    if (retval != 0)
+        return retval;
+
+    /* Set the PIN. */
+    pin = make_data(strdup(otppin), strlen(otppin));
+    if (pin.data == NULL)
+        return ENOMEM;
+
+    *out_pin = pin;
+    return 0;
+}
+
+/* Builds a request using the specified tokeninfo, value and pin. */
+static krb5_error_code
+make_request(krb5_context ctx, krb5_otp_tokeninfo *ti, const krb5_data *value,
+             const krb5_data *pin, krb5_pa_otp_req **out_req)
+{
+    krb5_pa_otp_req *req = NULL;
+    krb5_error_code retval = 0;
+
+    if (ti == NULL)
+        return 0;
+
+    if (ti->format == KRB5_OTP_FORMAT_BASE64)
+        return ENOTSUP;
+
+    req = calloc(1, sizeof(krb5_pa_otp_req));
+    if (req == NULL)
+        return ENOMEM;
+
+    req->flags = ti->flags & KRB5_OTP_FLAG_NEXTOTP;
+
+    retval = krb5int_copy_data_contents(ctx, &ti->vendor, &req->vendor);
+    if (retval != 0)
+        goto error;
+
+    req->format = ti->format;
+
+    retval = krb5int_copy_data_contents(ctx, &ti->token_id, &req->token_id);
+    if (retval != 0)
+        goto error;
+
+    retval = krb5int_copy_data_contents(ctx, &ti->alg_id, &req->alg_id);
+    if (retval != 0)
+        goto error;
+
+    retval = krb5int_copy_data_contents(ctx, value, &req->otp_value);
+    if (retval != 0)
+        goto error;
+
+    if (ti->flags & KRB5_OTP_FLAG_COLLECT_PIN) {
+        if (ti->flags & KRB5_OTP_FLAG_SEPARATE_PIN) {
+            if (pin == NULL || pin->data == NULL) {
+                retval = EINVAL; /* No pin found! */
+                goto error;
+            }
+
+            retval = krb5int_copy_data_contents(ctx, pin, &req->pin);
+            if (retval != 0)
+                goto error;
+        } else if (pin != NULL && pin->data != NULL) {
+            krb5_free_data_contents(ctx, &req->otp_value);
+            retval = asprintf(&req->otp_value.data, "%.*s%.*s",
+                              pin->length, pin->data,
+                              value->length, value->data);
+            if (retval < 0) {
+                retval = ENOMEM;
+                req->otp_value = empty_data();
+                goto error;
+            }
+            req->otp_value.length = req->pin.length + req->otp_value.length;
+        } /* Otherwise, the responder has already combined them. */
+    }
+
+    *out_req = req;
+    return 0;
+
+error:
+    k5_free_pa_otp_req(ctx, req);
+    return retval;
+}
+
+/*
+ * Filters a set of tokeninfos given an otp value.  If the set is reduced to
+ * a single tokeninfo, it will be set in out_ti.  Otherwise, a new shallow copy
+ * will be allocated in out_filtered.
+ */
+static inline krb5_error_code
+filter_tokeninfos(krb5_context context, const char *otpvalue,
+                  krb5_otp_tokeninfo **tis,
+                  krb5_otp_tokeninfo ***out_filtered,
+                  krb5_otp_tokeninfo **out_ti)
+{
+    krb5_otp_tokeninfo **filtered;
+    size_t i = 0, j = 0;
+
+    while (tis[i] != NULL)
+        i++;
+
+    filtered = calloc(i + 1, sizeof(const krb5_otp_tokeninfo *));
+    if (filtered == NULL)
+        return ENOMEM;
+
+    /* Make a list of tokeninfos that match the value. */
+    for (i = 0, j = 0; tis[i] != NULL; i++) {
+        if (otpvalue_matches_tokeninfo(otpvalue, tis[i]))
+            filtered[j++] = tis[i];
+    }
+
+    /* It is an error if we have no matching tokeninfos. */
+    if (filtered[0] == NULL) {
+        free(filtered);
+        k5_setmsg(context, KRB5_PREAUTH_FAILED,
+                  _("OTP value doesn't match any token formats"));
+        return KRB5_PREAUTH_FAILED; /* We have no supported tokeninfos. */
+    }
+
+    /* Otherwise, if we have just one tokeninfo, choose it. */
+    if (filtered[1] == NULL) {
+        *out_ti = filtered[0];
+        *out_filtered = NULL;
+        free(filtered);
+        return 0;
+    }
+
+    /* Otherwise, we'll return the remaining list. */
+    *out_ti = NULL;
+    *out_filtered = filtered;
+    return 0;
+}
+
+/* Outputs the selected tokeninfo and possibly a value and pin.
+ * Prompting may occur. */
+static krb5_error_code
+prompt_for_token(krb5_context context, krb5_prompter_fct prompter,
+                 void *prompter_data, krb5_otp_tokeninfo **tis,
+                 krb5_otp_tokeninfo **out_ti, krb5_data *out_value,
+                 krb5_data *out_pin)
+{
+    krb5_otp_tokeninfo **filtered = NULL;
+    krb5_otp_tokeninfo *ti = NULL;
+    krb5_error_code retval;
+    int i, challengers = 0;
+    char *challenge = NULL;
+    char otpvalue[1024];
+    krb5_data value, pin;
+
+    memset(otpvalue, 0, sizeof(otpvalue));
+
+    if (tis == NULL || tis[0] == NULL || out_ti == NULL)
+        return EINVAL;
+
+    /* Count how many challenges we have. */
+    for (i = 0; tis[i] != NULL; i++) {
+        if (tis[i]->challenge.data != NULL)
+            challengers++;
+    }
+
+    /* If we have only one tokeninfo as input, choose it. */
+    if (i == 1)
+        ti = tis[0];
+
+    /* Setup our challenge, if present. */
+    if (challengers > 0) {
+        /* If we have multiple tokeninfos still, choose now. */
+        if (ti == NULL) {
+            retval = prompt_for_tokeninfo(context, prompter, prompter_data,
+                                          tis, &ti);
+            if (retval != 0)
+                return retval;
+        }
+
+        /* Create the challenge prompt. */
+        retval = make_challenge(ti, &challenge);
+        if (retval != 0)
+            return retval;
+    }
+
+    /* Prompt for token value. */
+    retval = doprompt(context, prompter, prompter_data, challenge,
+                      _("Enter OTP Token Value"), otpvalue, sizeof(otpvalue));
+    free(challenge);
+    if (retval != 0)
+        return retval;
+
+    if (ti == NULL) {
+        /* Filter out tokeninfos that don't match our token value. */
+        retval = filter_tokeninfos(context, otpvalue, tis, &filtered, &ti);
+        if (retval != 0)
+            return retval;
+
+        /* If we still don't have a single tokeninfo, choose now. */
+        if (filtered != NULL) {
+            retval = prompt_for_tokeninfo(context, prompter, prompter_data,
+                                          filtered, &ti);
+            free(filtered);
+            if (retval != 0)
+                return retval;
+        }
+    }
+
+    assert(ti != NULL);
+
+    /* Set the value. */
+    value = make_data(strdup(otpvalue), strlen(otpvalue));
+    if (value.data == NULL)
+        return ENOMEM;
+
+    /* Collect the PIN, if necessary. */
+    retval = collect_pin(context, prompter, prompter_data, ti, &pin);
+    if (retval != 0) {
+        krb5_free_data_contents(context, &value);
+        return retval;
+    }
+
+    *out_value = value;
+    *out_pin = pin;
+    *out_ti = ti;
+    return 0;
+}
+
+/* Encode the OTP request into a krb5_pa_data buffer. */
+static krb5_error_code
+set_pa_data(const krb5_pa_otp_req *req, krb5_pa_data ***pa_data_out)
+{
+    krb5_pa_data **out = NULL;
+    krb5_data *tmp;
+
+    /* Allocate the preauth data array and one item. */
+    out = calloc(2, sizeof(krb5_pa_data *));
+    if (out == NULL)
+        goto error;
+    out[0] = calloc(1, sizeof(krb5_pa_data));
+    out[1] = NULL;
+    if (out[0] == NULL)
+        goto error;
+
+    /* Encode our request into the preauth data item. */
+    memset(out[0], 0, sizeof(krb5_pa_data));
+    out[0]->pa_type = KRB5_PADATA_OTP_REQUEST;
+    if (encode_krb5_pa_otp_req(req, &tmp) != 0)
+        goto error;
+    out[0]->contents = (krb5_octet *)tmp->data;
+    out[0]->length = tmp->length;
+    free(tmp);
+
+    *pa_data_out = out;
+    return 0;
+
+error:
+    if (out != NULL) {
+        free(out[0]);
+        free(out);
+    }
+    return ENOMEM;
+}
+
+/* Tests krb5_data to see if it is printable. */
+static krb5_boolean
+is_printable_string(const krb5_data *data)
+{
+    unsigned int i;
+
+    if (data == NULL)
+        return FALSE;
+
+    for (i = 0; i < data->length; i++) {
+        if (!isprint((unsigned char)data->data[i]))
+            return FALSE;
+    }
+
+    return TRUE;
+}
+
+/* Returns TRUE when the given tokeninfo contains the subset of features we
+ * support. */
+static krb5_boolean
+is_tokeninfo_supported(krb5_otp_tokeninfo *ti)
+{
+    krb5_flags supported_flags = KRB5_OTP_FLAG_COLLECT_PIN |
+                                 KRB5_OTP_FLAG_NO_COLLECT_PIN |
+                                 KRB5_OTP_FLAG_SEPARATE_PIN;
+
+    /* Flags we don't support... */
+    if (ti->flags & ~supported_flags)
+        return FALSE;
+
+    /* We don't currently support hashing. */
+    if (ti->supported_hash_alg != NULL || ti->iteration_count >= 0)
+        return FALSE;
+
+    /* Remove tokeninfos with invalid vendor strings. */
+    if (!is_printable_string(&ti->vendor))
+        return FALSE;
+
+    /* Remove tokeninfos with non-printable challenges. */
+    if (!is_printable_string(&ti->challenge))
+        return FALSE;
+
+    /* We don't currently support base64. */
+    if (ti->format == KRB5_OTP_FORMAT_BASE64)
+        return FALSE;
+
+    return TRUE;
+}
+
+/* Removes unsupported tokeninfos. Returns an error if no tokeninfos remain. */
+static krb5_error_code
+filter_supported_tokeninfos(krb5_context context, krb5_otp_tokeninfo **tis)
+{
+    size_t i, j;
+
+    /* Filter out any tokeninfos we don't support. */
+    for (i = 0, j = 0; tis[i] != NULL; i++) {
+        if (!is_tokeninfo_supported(tis[i]))
+            k5_free_otp_tokeninfo(context, tis[i]);
+        else
+            tis[j++] = tis[i];
+    }
+
+    /* Terminate the array. */
+    tis[j] = NULL;
+
+    if (tis[0] != NULL)
+        return 0;
+
+    k5_setmsg(context, KRB5_PREAUTH_FAILED, _("No supported tokens"));
+    return KRB5_PREAUTH_FAILED; /* We have no supported tokeninfos. */
+}
+
+/*
+ * Try to find tokeninfos which match configuration data recorded in the input
+ * ccache, and if exactly one is found, drop the rest.
+ */
+static krb5_error_code
+filter_config_tokeninfos(krb5_context context,
+                         krb5_clpreauth_callbacks cb,
+                         krb5_clpreauth_rock rock,
+                         krb5_otp_tokeninfo **tis)
+{
+    krb5_otp_tokeninfo *match = NULL;
+    size_t i, j;
+    const char *vendor, *alg_id, *token_id;
+
+    /* Pull up what we know about the token we want to use. */
+    vendor = cb->get_cc_config(context, rock, "vendor");
+    alg_id = cb->get_cc_config(context, rock, "algID");
+    token_id = cb->get_cc_config(context, rock, "tokenID");
+
+    /* Look for a single matching entry. */
+    for (i = 0; tis[i] != NULL; i++) {
+        if (vendor != NULL && tis[i]->vendor.length > 0 &&
+            !data_eq_string(tis[i]->vendor, vendor))
+            continue;
+        if (alg_id != NULL && tis[i]->alg_id.length > 0 &&
+            !data_eq_string(tis[i]->alg_id, alg_id))
+            continue;
+        if (token_id != NULL && tis[i]->token_id.length > 0 &&
+            !data_eq_string(tis[i]->token_id, token_id))
+            continue;
+        /* Oh, we already had a matching entry. More than one -> no change. */
+        if (match != NULL)
+            return 0;
+        match = tis[i];
+    }
+
+    /* No matching entry -> no change. */
+    if (match == NULL)
+        return 0;
+
+    /* Prune out everything except the best match. */
+    for (i = 0, j = 0; tis[i] != NULL; i++) {
+        if (tis[i] != match)
+            k5_free_otp_tokeninfo(context, tis[i]);
+        else
+            tis[j++] = tis[i];
+    }
+    tis[j] = NULL;
+
+    return 0;
+}
+
+static void
+otp_client_request_init(krb5_context context, krb5_clpreauth_moddata moddata,
+                        krb5_clpreauth_modreq *modreq_out)
+{
+    *modreq_out = calloc(1, sizeof(krb5_pa_otp_challenge *));
+}
+
+static krb5_error_code
+otp_client_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
+                          krb5_clpreauth_modreq modreq,
+                          krb5_get_init_creds_opt *opt,
+                          krb5_clpreauth_callbacks cb,
+                          krb5_clpreauth_rock rock, krb5_kdc_req *request,
+                          krb5_data *encoded_request_body,
+                          krb5_data *encoded_previous_request,
+                          krb5_pa_data *pa_data)
+{
+    krb5_pa_otp_challenge *chl;
+    krb5_error_code retval;
+    krb5_data tmp;
+    char *json;
+
+    if (modreq == NULL)
+        return ENOMEM;
+
+    /* Decode the challenge. */
+    tmp = make_data(pa_data->contents, pa_data->length);
+    retval = decode_krb5_pa_otp_challenge(&tmp,
+                                          (krb5_pa_otp_challenge **)modreq);
+    if (retval != 0)
+        return retval;
+    chl = *(krb5_pa_otp_challenge **)modreq;
+
+    /* Remove unsupported tokeninfos. */
+    retval = filter_supported_tokeninfos(context, chl->tokeninfo);
+    if (retval != 0)
+        return retval;
+
+    /* Remove tokeninfos that don't match the recorded description, if that
+     * results in there being only one that does. */
+    retval = filter_config_tokeninfos(context, cb, rock, chl->tokeninfo);
+    if (retval != 0)
+        return retval;
+
+    /* Make the JSON representation. */
+    retval = codec_encode_challenge(context, chl, &json);
+    if (retval != 0)
+        return retval;
+
+    /* Ask the question. */
+    retval = cb->ask_responder_question(context, rock,
+                                        KRB5_RESPONDER_QUESTION_OTP,
+                                        json);
+    free(json);
+    return retval;
+}
+
+/*
+ * Save the vendor, algID, and tokenID values for the selected token to the
+ * out_ccache, so that later we can try to use them to select the right one
+ * without having ot ask the user.
+ */
+static void
+save_config_tokeninfo(krb5_context context,
+                      krb5_clpreauth_callbacks cb,
+                      krb5_clpreauth_rock rock,
+                      krb5_otp_tokeninfo *ti)
+{
+    char *tmp;
+    if (ti->vendor.length > 0 &&
+        asprintf(&tmp, "%.*s", ti->vendor.length, ti->vendor.data) >= 0) {
+        cb->set_cc_config(context, rock, "vendor", tmp);
+        free(tmp);
+    }
+    if (ti->alg_id.length > 0 &&
+        asprintf(&tmp, "%.*s", ti->alg_id.length, ti->alg_id.data) >= 0) {
+        cb->set_cc_config(context, rock, "algID", tmp);
+        free(tmp);
+    }
+    if (ti->token_id.length > 0 &&
+        asprintf(&tmp, "%.*s", ti->token_id.length, ti->token_id.data) >= 0) {
+        cb->set_cc_config(context, rock, "tokenID", tmp);
+        free(tmp);
+    }
+}
+
+static krb5_error_code
+otp_client_process(krb5_context context, krb5_clpreauth_moddata moddata,
+                   krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+                   krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                   krb5_kdc_req *request, krb5_data *encoded_request_body,
+                   krb5_data *encoded_previous_request, krb5_pa_data *pa_data,
+                   krb5_prompter_fct prompter, void *prompter_data,
+                   krb5_pa_data ***pa_data_out)
+{
+    krb5_pa_otp_challenge *chl = NULL;
+    krb5_otp_tokeninfo *ti = NULL;
+    krb5_keyblock *as_key = NULL;
+    krb5_pa_otp_req *req = NULL;
+    krb5_error_code retval = 0;
+    krb5_data value, pin;
+    const char *answer;
+
+    if (modreq == NULL)
+        return ENOMEM;
+    chl = *(krb5_pa_otp_challenge **)modreq;
+
+    *pa_data_out = NULL;
+
+    /* Get FAST armor key. */
+    as_key = cb->fast_armor(context, rock);
+    if (as_key == NULL)
+        return ENOENT;
+
+    /* Attempt to get token selection from the responder. */
+    pin = empty_data();
+    value = empty_data();
+    answer = cb->get_responder_answer(context, rock,
+                                      KRB5_RESPONDER_QUESTION_OTP);
+    retval = codec_decode_answer(context, answer, chl->tokeninfo, &ti, &value,
+                                 &pin);
+    if (retval != 0) {
+        /* If the responder doesn't have a token selection,
+         * we need to select the token via prompting. */
+        retval = prompt_for_token(context, prompter, prompter_data,
+                                  chl->tokeninfo, &ti, &value, &pin);
+        if (retval != 0)
+            goto error;
+    }
+
+    /* Make the request. */
+    retval = make_request(context, ti, &value, &pin, &req);
+    if (retval != 0)
+        goto error;
+
+    /* Save information about the token which was used. */
+    save_config_tokeninfo(context, cb, rock, ti);
+
+    /* Encrypt the challenge's nonce and set it in the request. */
+    retval = encrypt_nonce(context, as_key, chl, req);
+    if (retval != 0)
+        goto error;
+
+    /* Use FAST armor key as response key. */
+    retval = cb->set_as_key(context, rock, as_key);
+    if (retval != 0)
+        goto error;
+
+    /* Encode the request into the pa_data output. */
+    retval = set_pa_data(req, pa_data_out);
+    if (retval != 0)
+        goto error;
+    cb->disable_fallback(context, rock);
+
+error:
+    krb5_free_data_contents(context, &value);
+    krb5_free_data_contents(context, &pin);
+    k5_free_pa_otp_req(context, req);
+    return retval;
+}
+
+static void
+otp_client_request_fini(krb5_context context, krb5_clpreauth_moddata moddata,
+                        krb5_clpreauth_modreq modreq)
+{
+    if (modreq == NULL)
+        return;
+
+    k5_free_pa_otp_challenge(context, *(krb5_pa_otp_challenge **)modreq);
+    free(modreq);
+}
+
+krb5_error_code
+clpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver,
+                     krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "otp";
+    vt->pa_type_list = otp_client_supported_pa_types;
+    vt->request_init = otp_client_request_init;
+    vt->prep_questions = otp_client_prep_questions;
+    vt->process = otp_client_process;
+    vt->request_fini = otp_client_request_fini;
+    vt->gic_opts = NULL;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_responder_otp_get_challenge(krb5_context ctx,
+                                 krb5_responder_context rctx,
+                                 krb5_responder_otp_challenge **chl)
+{
+    const char *answer;
+    krb5_responder_otp_challenge *challenge;
+
+    answer = krb5_responder_get_challenge(ctx, rctx,
+                                          KRB5_RESPONDER_QUESTION_OTP);
+    if (answer == NULL) {
+        *chl = NULL;
+        return 0;
+    }
+
+    challenge = codec_decode_challenge(ctx, answer);
+    if (challenge == NULL)
+        return ENOMEM;
+
+    *chl = challenge;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_responder_otp_set_answer(krb5_context ctx, krb5_responder_context rctx,
+                              size_t ti, const char *value, const char *pin)
+{
+    krb5_error_code retval;
+    k5_json_object obj = NULL;
+    k5_json_number num;
+    k5_json_string str;
+    char *tmp;
+
+    retval = k5_json_object_create(&obj);
+    if (retval != 0)
+        goto error;
+
+    retval = k5_json_number_create(ti, &num);
+    if (retval != 0)
+        goto error;
+
+    retval = k5_json_object_set(obj, "tokeninfo", num);
+    k5_json_release(num);
+    if (retval != 0)
+        goto error;
+
+    if (value != NULL) {
+        retval = k5_json_string_create(value, &str);
+        if (retval != 0)
+            goto error;
+
+        retval = k5_json_object_set(obj, "value", str);
+        k5_json_release(str);
+        if (retval != 0)
+            goto error;
+    }
+
+    if (pin != NULL) {
+        retval = k5_json_string_create(pin, &str);
+        if (retval != 0)
+            goto error;
+
+        retval = k5_json_object_set(obj, "pin", str);
+        k5_json_release(str);
+        if (retval != 0)
+            goto error;
+    }
+
+    retval = k5_json_encode(obj, &tmp);
+    if (retval != 0)
+        goto error;
+    k5_json_release(obj);
+
+    retval = krb5_responder_set_answer(ctx, rctx, KRB5_RESPONDER_QUESTION_OTP,
+                                       tmp);
+    free(tmp);
+    return retval;
+
+error:
+    k5_json_release(obj);
+    return retval;
+}
+
+void KRB5_CALLCONV
+krb5_responder_otp_challenge_free(krb5_context ctx,
+                                  krb5_responder_context rctx,
+                                  krb5_responder_otp_challenge *chl)
+{
+    size_t i;
+
+    if (chl == NULL)
+        return;
+
+    for (i = 0; chl->tokeninfo[i]; i++)
+        free_tokeninfo(chl->tokeninfo[i]);
+    free(chl->service);
+    free(chl->tokeninfo);
+    free(chl);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c b/krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c
new file mode 100644
index 00000000..02810f2b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c
@@ -0,0 +1,204 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/preauth_pkinit.c - PKINIT clpreauth helpers */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file defines libkrb5 APIs for manipulating PKINIT responder questions
+ * and answers.  The main body of the PKINIT clpreauth module is in the
+ * plugins/preauth/pkinit directory.
+ */
+
+#include "k5-int.h"
+#include "k5-json.h"
+#include "int-proto.h"
+#include "init_creds_ctx.h"
+
+struct get_one_challenge_data {
+    krb5_responder_pkinit_identity **identities;
+    krb5_error_code err;
+};
+
+static void
+get_one_challenge(void *arg, const char *key, k5_json_value val)
+{
+    struct get_one_challenge_data *data;
+    unsigned long token_flags;
+    int i;
+
+    data = arg;
+    if (data->err != 0)
+        return;
+    if (k5_json_get_tid(val) != K5_JSON_TID_NUMBER) {
+        data->err = EINVAL;
+        return;
+    }
+
+    token_flags = k5_json_number_value(val);
+    /* Find the slot for this entry. */
+    for (i = 0; data->identities[i] != NULL; i++)
+        continue;
+    /* Set the identity (a copy of the key) and the token flags. */
+    data->identities[i] = k5alloc(sizeof(*data->identities[i]), &data->err);
+    if (data->identities[i] == NULL)
+        return;
+    data->identities[i]->identity = strdup(key);
+    if (data->identities[i]->identity == NULL) {
+        data->err = ENOMEM;
+        return;
+    }
+    data->identities[i]->token_flags = token_flags;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_responder_pkinit_get_challenge(krb5_context ctx,
+                                    krb5_responder_context rctx,
+                                    krb5_responder_pkinit_challenge **chl_out)
+{
+    const char *challenge;
+    k5_json_value j;
+    struct get_one_challenge_data get_one_challenge_data;
+    krb5_responder_pkinit_challenge *chl = NULL;
+    unsigned int n_ids;
+    krb5_error_code ret;
+
+    *chl_out = NULL;
+    challenge = krb5_responder_get_challenge(ctx, rctx,
+                                             KRB5_RESPONDER_QUESTION_PKINIT);
+    if (challenge == NULL)
+       return 0;
+
+    ret = k5_json_decode(challenge, &j);
+    if (ret != 0)
+        return ret;
+
+    /* Create the returned object. */
+    chl = k5alloc(sizeof(*chl), &ret);
+    if (chl == NULL)
+        goto failed;
+
+    /* Create the list of identities. */
+    n_ids = k5_json_object_count(j);
+    chl->identities = k5calloc(n_ids + 1, sizeof(chl->identities[0]), &ret);
+    if (chl->identities == NULL)
+        goto failed;
+
+    /* Populate the object with identities. */
+    memset(&get_one_challenge_data, 0, sizeof(get_one_challenge_data));
+    get_one_challenge_data.identities = chl->identities;
+    k5_json_object_iterate(j, get_one_challenge, &get_one_challenge_data);
+    if (get_one_challenge_data.err != 0) {
+        ret = get_one_challenge_data.err;
+        goto failed;
+    }
+
+    /* All done. */
+    k5_json_release(j);
+    *chl_out = chl;
+    return 0;
+
+failed:
+    k5_json_release(j);
+    krb5_responder_pkinit_challenge_free(ctx, rctx, chl);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_responder_pkinit_set_answer(krb5_context ctx, krb5_responder_context rctx,
+                                 const char *identity, const char *pin)
+{
+    char *answer = NULL;
+    const char *old_answer;
+    k5_json_value answers = NULL;
+    k5_json_string jpin = NULL;
+    krb5_error_code ret = ENOMEM;
+
+    /* If there's an answer already set, we're adding/removing a value. */
+    old_answer = k5_response_items_get_answer(rctx->items,
+                                              KRB5_RESPONDER_QUESTION_PKINIT);
+
+    /* If we're removing a value, and we have no values, we're done. */
+    if (old_answer == NULL && pin == NULL)
+        return 0;
+
+    /* Decode the old answers. */
+    if (old_answer == NULL)
+        old_answer = "{}";
+    ret = k5_json_decode(old_answer, &answers);
+    if (ret != 0)
+        goto cleanup;
+
+    if (k5_json_get_tid(answers) != K5_JSON_TID_OBJECT) {
+        ret = EINVAL;
+        goto cleanup;
+    }
+
+    /* Create and add the new pin string, if we're adding a value. */
+    if (pin != NULL) {
+        ret = k5_json_string_create(pin, &jpin);
+        if (ret != 0)
+            goto cleanup;
+        ret = k5_json_object_set(answers, identity, jpin);
+        if (ret != 0)
+            goto cleanup;
+    } else {
+        ret = k5_json_object_set(answers, identity, NULL);
+        if (ret != 0)
+            goto cleanup;
+    }
+
+    /* Encode and we're done. */
+    ret = k5_json_encode(answers, &answer);
+    if (ret != 0)
+        goto cleanup;
+
+    ret = krb5_responder_set_answer(ctx, rctx, KRB5_RESPONDER_QUESTION_PKINIT,
+                                    answer);
+
+cleanup:
+    k5_json_release(jpin);
+    k5_json_release(answers);
+    free(answer);
+    return ret;
+}
+
+void KRB5_CALLCONV
+krb5_responder_pkinit_challenge_free(krb5_context ctx,
+                                     krb5_responder_context rctx,
+                                     krb5_responder_pkinit_challenge *chl)
+{
+   unsigned int i;
+
+   if (chl == NULL)
+       return;
+   for (i = 0; chl->identities != NULL && chl->identities[i] != NULL; i++) {
+       free(chl->identities[i]->identity);
+       free(chl->identities[i]);
+   }
+   free(chl->identities);
+   free(chl);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/preauth_sam2.c b/krb5-1.21.3/src/lib/krb5/krb/preauth_sam2.c
new file mode 100644
index 00000000..fda86bee
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/preauth_sam2.c
@@ -0,0 +1,397 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/preauth_sam2.c - SAM-2 clpreauth module */
+/*
+ * Copyright 1995, 2003, 2008, 2012 by the Massachusetts Institute of Technology.  All
+ * Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include <k5-int.h>
+#include <krb5/clpreauth_plugin.h>
+#include "int-proto.h"
+#include "os-proto.h"
+#include "init_creds_ctx.h"
+
+/* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
+
+#define SAMDATA(kdata, str, maxsize)                                    \
+    (int)((kdata.length)?                                               \
+          ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))):   \
+          strlen(str)),                                                 \
+        (kdata.length)?                                                 \
+        ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
+static char *
+sam_challenge_banner(krb5_int32 sam_type)
+{
+    char *label;
+
+    switch (sam_type) {
+    case PA_SAM_TYPE_ENIGMA:    /* Enigma Logic */
+        label = _("Challenge for Enigma Logic mechanism");
+        break;
+    case PA_SAM_TYPE_DIGI_PATH: /*  Digital Pathways */
+    case PA_SAM_TYPE_DIGI_PATH_HEX: /*  Digital Pathways */
+        label = _("Challenge for Digital Pathways mechanism");
+        break;
+    case PA_SAM_TYPE_ACTIVCARD_DEC: /*  Digital Pathways */
+    case PA_SAM_TYPE_ACTIVCARD_HEX: /*  Digital Pathways */
+        label = _("Challenge for Activcard mechanism");
+        break;
+    case PA_SAM_TYPE_SKEY_K0:   /*  S/key where  KDC has key 0 */
+        label = _("Challenge for Enhanced S/Key mechanism");
+        break;
+    case PA_SAM_TYPE_SKEY:      /*  Traditional S/Key */
+        label = _("Challenge for Traditional S/Key mechanism");
+        break;
+    case PA_SAM_TYPE_SECURID:   /*  Security Dynamics */
+        label = _("Challenge for Security Dynamics mechanism");
+        break;
+    case PA_SAM_TYPE_SECURID_PREDICT:   /* predictive Security Dynamics */
+        label = _("Challenge for Security Dynamics mechanism");
+        break;
+    default:
+        label = _("Challenge from authentication server");
+        break;
+    }
+
+    return(label);
+}
+
+static krb5_error_code
+sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
+             krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+             krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+             krb5_kdc_req *request, krb5_data *encoded_request_body,
+             krb5_data *encoded_previous_request, krb5_pa_data *padata,
+             krb5_prompter_fct prompter, void *prompter_data,
+             krb5_pa_data ***out_padata)
+{
+    krb5_init_creds_context ctx = (krb5_init_creds_context)rock;
+    krb5_error_code retval;
+    krb5_sam_challenge_2 *sc2 = NULL;
+    krb5_sam_challenge_2_body *sc2b = NULL;
+    krb5_data tmp_data;
+    krb5_data response_data;
+    char name[100], banner[100], prompt[100], response[100];
+    krb5_prompt kprompt;
+    krb5_prompt_type prompt_type;
+    krb5_data defsalt, *salt;
+    krb5_checksum **cksum;
+    krb5_data *scratch = NULL;
+    krb5_boolean valid_cksum = 0;
+    krb5_enc_sam_response_enc_2 enc_sam_response_enc_2;
+    krb5_sam_response_2 sr2;
+    size_t ciph_len;
+    krb5_pa_data **sam_padata;
+
+    if (prompter == NULL)
+        return KRB5_LIBOS_CANTREADPWD;
+
+    tmp_data.length = padata->length;
+    tmp_data.data = (char *)padata->contents;
+
+    if ((retval = decode_krb5_sam_challenge_2(&tmp_data, &sc2)))
+        return(retval);
+
+    retval = decode_krb5_sam_challenge_2_body(&sc2->sam_challenge_2_body, &sc2b);
+
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        return(retval);
+    }
+
+    if (!sc2->sam_cksum || ! *sc2->sam_cksum) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(KRB5_SAM_NO_CHECKSUM);
+    }
+
+    if (sc2b->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(KRB5_SAM_UNSUPPORTED);
+    }
+
+    if (!krb5_c_valid_enctype(sc2b->sam_etype)) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(KRB5_SAM_INVALID_ETYPE);
+    }
+
+    /* All of the above error checks are KDC-specific, that is, they     */
+    /* assume a failure in the KDC reply.  By returning anything other   */
+    /* than KRB5_KDC_UNREACH, KRB5_PREAUTH_FAILED,               */
+    /* KRB5_LIBOS_PWDINTR, or KRB5_REALM_CANT_RESOLVE, the client will   */
+    /* most likely go on to try the AS_REQ against master KDC            */
+
+    if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
+        /* We will need the password to obtain the key used for */
+        /* the checksum, and encryption of the sam_response.    */
+        /* Go ahead and get it now, preserving the ordering of  */
+        /* prompts for the user.                                */
+
+        salt = ctx->default_salt ? NULL : &ctx->salt;
+        retval = ctx->gak_fct(context, request->client, sc2b->sam_etype,
+                              prompter, prompter_data, salt, &ctx->s2kparams,
+                              &ctx->as_key, ctx->gak_data, ctx->rctx.items);
+        if (retval) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+    }
+
+    snprintf(name, sizeof(name), "%.*s",
+             SAMDATA(sc2b->sam_type_name, _("SAM Authentication"),
+                     sizeof(name) - 1));
+
+    snprintf(banner, sizeof(banner), "%.*s",
+             SAMDATA(sc2b->sam_challenge_label,
+                     sam_challenge_banner(sc2b->sam_type),
+                     sizeof(banner)-1));
+
+    snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s",
+             sc2b->sam_challenge.length?"Challenge is [":"",
+             SAMDATA(sc2b->sam_challenge, "", 20),
+             sc2b->sam_challenge.length?"], ":"",
+             SAMDATA(sc2b->sam_response_prompt, "passcode", 55));
+
+    response_data.data = response;
+    response_data.length = sizeof(response);
+    kprompt.prompt = prompt;
+    kprompt.hidden = 1;
+    kprompt.reply = &response_data;
+
+    prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+    k5_set_prompt_types(context, &prompt_type);
+
+    if ((retval = ((*prompter)(context, prompter_data, name,
+                               banner, 1, &kprompt)))) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        k5_set_prompt_types(context, NULL);
+        return(retval);
+    }
+
+    k5_set_prompt_types(context, NULL);
+
+    /* Generate salt used by string_to_key() */
+    if (ctx->default_salt) {
+        if ((retval =
+             krb5_principal2salt(context, request->client, &defsalt))) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+        salt = &defsalt;
+    } else {
+        salt = &ctx->salt;
+        defsalt.length = 0;
+    }
+
+    /* Get encryption key to be used for checksum and sam_response */
+    if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
+        /* Retain as_key from above gak_fct call. */
+        if (defsalt.length)
+            free(defsalt.data);
+
+        if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
+            /*
+             * If no flags are set, the protocol calls for us to combine the
+             * initial reply key with the SAD, using a method which is only
+             * specified for DES and 3DES enctypes.  We no longer support this
+             * case.
+             */
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(KRB5_SAM_UNSUPPORTED);
+        }
+    } else {
+        /* as_key = string_to_key(SAD) */
+
+        if (ctx->as_key.length) {
+            krb5_free_keyblock_contents(context, &ctx->as_key);
+            ctx->as_key.length = 0;
+        }
+
+        /* generate a key using the supplied password */
+        retval = krb5_c_string_to_key(context, sc2b->sam_etype,
+                                      &response_data, salt, &ctx->as_key);
+
+        if (defsalt.length)
+            free(defsalt.data);
+
+        if (retval) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+    }
+
+    /* Now we have a key, verify the checksum on the sam_challenge */
+
+    cksum = sc2->sam_cksum;
+
+    for (; *cksum; cksum++) {
+        if (!krb5_c_is_keyed_cksum((*cksum)->checksum_type))
+            continue;
+        /* Check this cksum */
+        retval = krb5_c_verify_checksum(context, &ctx->as_key,
+                                        KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
+                                        &sc2->sam_challenge_2_body,
+                                        *cksum, &valid_cksum);
+        if (retval) {
+            krb5_free_data(context, scratch);
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+        if (valid_cksum)
+            break;
+    }
+
+    if (!valid_cksum) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        /*
+         * Note: We return AP_ERR_BAD_INTEGRITY so upper-level applications
+         * can interpret that as "password incorrect", which is probably
+         * the best error we can return in this situation.
+         */
+        return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
+    }
+
+    /* fill in enc_sam_response_enc_2 */
+    enc_sam_response_enc_2.magic = KV5M_ENC_SAM_RESPONSE_ENC_2;
+    enc_sam_response_enc_2.sam_nonce = sc2b->sam_nonce;
+    if (sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
+        enc_sam_response_enc_2.sam_sad = response_data;
+    } else {
+        enc_sam_response_enc_2.sam_sad.data = NULL;
+        enc_sam_response_enc_2.sam_sad.length = 0;
+    }
+
+    /* encode and encrypt enc_sam_response_enc_2 with as_key */
+    retval = encode_krb5_enc_sam_response_enc_2(&enc_sam_response_enc_2,
+                                                &scratch);
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(retval);
+    }
+
+    /* Fill in sam_response_2 */
+    memset(&sr2, 0, sizeof(sr2));
+    sr2.sam_type = sc2b->sam_type;
+    sr2.sam_flags = sc2b->sam_flags;
+    sr2.sam_track_id = sc2b->sam_track_id;
+    sr2.sam_nonce = sc2b->sam_nonce;
+
+    /* Now take care of sr2.sam_enc_nonce_or_sad by encrypting encoded   */
+    /* enc_sam_response_enc_2 from above */
+
+    retval = krb5_c_encrypt_length(context, ctx->as_key.enctype,
+                                   scratch->length, &ciph_len);
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5_free_data(context, scratch);
+        return(retval);
+    }
+    sr2.sam_enc_nonce_or_sad.ciphertext.length = ciph_len;
+
+    sr2.sam_enc_nonce_or_sad.ciphertext.data =
+        (char *)malloc(sr2.sam_enc_nonce_or_sad.ciphertext.length);
+
+    if (!sr2.sam_enc_nonce_or_sad.ciphertext.data) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5_free_data(context, scratch);
+        return(ENOMEM);
+    }
+
+    retval = krb5_c_encrypt(context, &ctx->as_key,
+                            KRB5_KEYUSAGE_PA_SAM_RESPONSE, NULL, scratch,
+                            &sr2.sam_enc_nonce_or_sad);
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5_free_data(context, scratch);
+        krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
+        return(retval);
+    }
+    krb5_free_data(context, scratch);
+    scratch = NULL;
+
+    /* Encode the sam_response_2 */
+    retval = encode_krb5_sam_response_2(&sr2, &scratch);
+    krb5_free_sam_challenge_2(context, sc2);
+    krb5_free_sam_challenge_2_body(context, sc2b);
+    krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
+
+    if (retval) {
+        return (retval);
+    }
+
+    /* Almost there, just need to make padata !  */
+    sam_padata = malloc(2 * sizeof(*sam_padata));
+    if (sam_padata == NULL) {
+        krb5_free_data(context, scratch);
+        return(ENOMEM);
+    }
+    sam_padata[0] = malloc(sizeof(krb5_pa_data));
+    if (sam_padata[0] == NULL) {
+        krb5_free_data(context, scratch);
+        free(sam_padata);
+        return(ENOMEM);
+    }
+
+    sam_padata[0]->magic = KV5M_PA_DATA;
+    sam_padata[0]->pa_type = KRB5_PADATA_SAM_RESPONSE_2;
+    sam_padata[0]->length = scratch->length;
+    sam_padata[0]->contents = (krb5_octet *) scratch->data;
+    free(scratch);
+    sam_padata[1] = NULL;
+
+    *out_padata = sam_padata;
+    cb->disable_fallback(context, rock);
+
+    return(0);
+}
+
+static krb5_preauthtype sam2_pa_types[] = {
+    KRB5_PADATA_SAM_CHALLENGE_2, 0};
+
+krb5_error_code
+clpreauth_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "sam2";
+    vt->pa_type_list = sam2_pa_types;
+    vt->process = sam2_process;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/princ_comp.c b/krb5-1.21.3/src/lib/krb5/krb/princ_comp.c
new file mode 100644
index 00000000..a6936107
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/princ_comp.c
@@ -0,0 +1,167 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/princ_comp.c - Compare two principals for equality */
+/*
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-unicode.h"
+
+static krb5_boolean
+realm_compare_flags(krb5_context context,
+                    krb5_const_principal princ1,
+                    krb5_const_principal princ2,
+                    int flags)
+{
+    const krb5_data *realm1 = &princ1->realm;
+    const krb5_data *realm2 = &princ2->realm;
+
+    if (realm1->length != realm2->length)
+        return FALSE;
+    if (realm1->length == 0)
+        return TRUE;
+
+    return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ?
+        (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) :
+        (memcmp(realm1->data, realm2->data, realm2->length) == 0);
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
+{
+    return realm_compare_flags(context, princ1, princ2, 0);
+}
+
+static krb5_error_code
+upn_to_principal(krb5_context context,
+                 krb5_const_principal princ,
+                 krb5_principal *upn)
+{
+    char *unparsed_name;
+    krb5_error_code code;
+
+    code = krb5_unparse_name_flags(context, princ,
+                                   KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                   &unparsed_name);
+    if (code) {
+        *upn = NULL;
+        return code;
+    }
+
+    code = krb5_parse_name(context, unparsed_name, upn);
+
+    free(unparsed_name);
+
+    return code;
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare_flags(krb5_context context,
+                             krb5_const_principal princ1,
+                             krb5_const_principal princ2,
+                             int flags)
+{
+    krb5_int32 i;
+    unsigned int utf8 = (flags & KRB5_PRINCIPAL_COMPARE_UTF8) != 0;
+    unsigned int casefold = (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) != 0;
+    krb5_principal upn1 = NULL;
+    krb5_principal upn2 = NULL;
+    krb5_boolean ret = FALSE;
+
+    if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
+        /* Treat UPNs as if they were real principals */
+        if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+            if (upn_to_principal(context, princ1, &upn1) == 0)
+                princ1 = upn1;
+        }
+        if (princ2->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+            if (upn_to_principal(context, princ2, &upn2) == 0)
+                princ2 = upn2;
+        }
+    }
+
+    if (princ1->length != princ2->length)
+        goto out;
+
+    if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 &&
+        !realm_compare_flags(context, princ1, princ2, flags))
+        goto out;
+
+    for (i = 0; i < princ1->length; i++) {
+        const krb5_data *p1 = &princ1->data[i];
+        const krb5_data *p2 = &princ2->data[i];
+        krb5_boolean eq;
+
+        if (casefold) {
+            if (utf8)
+                eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0);
+            else
+                eq = (p1->length == p2->length
+                      && strncasecmp(p1->data, p2->data, p2->length) == 0);
+        } else
+            eq = data_eq(*p1, *p2);
+
+        if (!eq)
+            goto out;
+    }
+
+    ret = TRUE;
+
+out:
+    if (upn1 != NULL)
+        krb5_free_principal(context, upn1);
+    if (upn2 != NULL)
+        krb5_free_principal(context, upn2);
+
+    return ret;
+}
+
+krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
+{
+    /*
+     * Check for a match with KRB5_REFERRAL_REALM.  Currently this relies
+     * on that string constant being zero-length.  (Unlike principal realm
+     * names, KRB5_REFERRAL_REALM is known to be a string.)
+     */
+    assert(strlen(KRB5_REFERRAL_REALM)==0);
+    if (r->length==0)
+        return TRUE;
+    else
+        return FALSE;
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare(krb5_context context,
+                       krb5_const_principal princ1,
+                       krb5_const_principal princ2)
+{
+    return krb5_principal_compare_flags(context, princ1, princ2, 0);
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_principal_compare_any_realm(krb5_context context,
+                                 krb5_const_principal princ1,
+                                 krb5_const_principal princ2)
+{
+    return krb5_principal_compare_flags(context, princ1, princ2, KRB5_PRINCIPAL_COMPARE_IGNORE_REALM);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/privsafe.c b/krb5-1.21.3/src/lib/krb5/krb/privsafe.c
new file mode 100644
index 00000000..9ba41dd4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/privsafe.c
@@ -0,0 +1,382 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/privsafe.c - Shared logic for KRB-SAFE and KRB-PRIV messages */
+/*
+ * Copyright (C) 2011,2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+krb5_error_code
+k5_privsafe_gen_rdata(krb5_context context, krb5_auth_context authcon,
+                      krb5_replay_data *rdata, krb5_replay_data *caller_rdata)
+{
+    krb5_error_code ret;
+    krb5_int32 flags = authcon->auth_context_flags;
+    krb5_boolean do_time = !!(flags & KRB5_AUTH_CONTEXT_DO_TIME);
+    krb5_boolean do_sequence = !!(flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    krb5_boolean ret_time = !!(flags & KRB5_AUTH_CONTEXT_RET_TIME);
+    krb5_boolean ret_sequence = !!(flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE);
+
+    memset(rdata, 0, sizeof(*rdata));
+    if ((ret_time || ret_sequence) && caller_rdata == NULL)
+        return KRB5_RC_REQUIRED;
+
+    if (do_time || ret_time) {
+        ret = krb5_us_timeofday(context, &rdata->timestamp, &rdata->usec);
+        if (ret)
+            return ret;
+        if (ret_time) {
+            caller_rdata->timestamp = rdata->timestamp;
+            caller_rdata->usec = rdata->usec;
+        }
+    }
+    if (do_sequence || ret_sequence) {
+        rdata->seq = authcon->local_seq_number;
+        if (ret_sequence)
+            caller_rdata->seq = rdata->seq;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+k5_privsafe_gen_addrs(krb5_context context, krb5_auth_context authcon,
+                      krb5_address *lstorage, krb5_address *rstorage,
+                      krb5_address **local_out, krb5_address **remote_out)
+{
+    krb5_error_code ret;
+
+    *local_out = NULL;
+    *remote_out = NULL;
+
+    if (authcon->local_addr != NULL) {
+        if (authcon->local_port != NULL) {
+            ret = krb5_make_fulladdr(context, authcon->local_addr,
+                                     authcon->local_port, lstorage);
+            if (ret)
+                return ret;
+            *local_out = lstorage;
+        } else {
+            *local_out = authcon->local_addr;
+        }
+    }
+
+    if (authcon->remote_addr != NULL) {
+        if (authcon->remote_port != NULL) {
+            ret = krb5_make_fulladdr(context, authcon->remote_addr,
+                                     authcon->remote_port, rstorage);
+            if (ret)
+                return ret;
+            *remote_out = rstorage;
+        } else {
+            *remote_out = authcon->remote_addr;
+        }
+    }
+
+    return 0;
+}
+
+krb5_error_code
+k5_privsafe_check_replay(krb5_context context, krb5_auth_context authcon,
+                         const krb5_replay_data *rdata,
+                         const krb5_enc_data *enc, const krb5_checksum *cksum)
+{
+    krb5_error_code ret;
+    krb5_data tag;
+
+    assert(enc != NULL || cksum != NULL);
+
+    if (!(authcon->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME))
+        return 0;
+
+    if (rdata != NULL) {
+        ret = krb5_check_clockskew(context, rdata->timestamp);
+        if (ret)
+            return ret;
+    }
+
+    if (enc != NULL) {
+        ret = k5_rc_tag_from_ciphertext(context, enc, &tag);
+        if (ret)
+            return ret;
+    } else {
+        tag = make_data(cksum->contents, cksum->length);
+    }
+
+    if (authcon->memrcache == NULL) {
+        ret = k5_memrcache_create(context, &authcon->memrcache);
+        if (ret)
+            return ret;
+    }
+
+    return k5_memrcache_store(context, authcon->memrcache, &tag);
+}
+
+/*
+ * k5_privsafe_check_seqnum
+ *
+ * We use a somewhat complex heuristic for validating received
+ * sequence numbers.  We must accommodate both our older
+ * implementation, which sends negative sequence numbers, and the
+ * broken Heimdal implementation (at least as of 0.5.2), which
+ * violates X.690 BER for integer encodings.  The requirement of
+ * handling negative sequence numbers removes one of easier means of
+ * detecting a Heimdal implementation, so we resort to this mess
+ * here.
+ *
+ * X.690 BER (and consequently DER, which are the required encoding
+ * rules in RFC1510) encode all integer types as signed integers.
+ * This means that the MSB being set on the first octet of the
+ * contents of the encoding indicates a negative value.  Heimdal does
+ * not prepend the required zero octet to unsigned integer encodings
+ * which would otherwise have the MSB of the first octet of their
+ * encodings set.
+ *
+ * Our ASN.1 library implements a special decoder for sequence
+ * numbers, accepting both negative and positive 32-bit numbers but
+ * mapping them both into the space of positive unsigned 32-bit
+ * numbers in the obvious bit-pattern-preserving way.  This maintains
+ * compatibility with our older implementations.  This also means that
+ * encodings emitted by Heimdal are ambiguous.
+ *
+ * Heimdal counter value        received uint32 value
+ *
+ * 0x00000080                   0xFFFFFF80
+ * 0x000000FF                   0xFFFFFFFF
+ * 0x00008000                   0xFFFF8000
+ * 0x0000FFFF                   0xFFFFFFFF
+ * 0x00800000                   0xFF800000
+ * 0x00FFFFFF                   0xFFFFFFFF
+ * 0xFF800000                   0xFF800000
+ * 0xFFFFFFFF                   0xFFFFFFFF
+ *
+ * We use two auth_context flags, SANE_SEQ and HEIMDAL_SEQ, which are
+ * only set after we can unambiguously determine the sanity of the
+ * sending implementation.  Once one of these flags is set, we accept
+ * only the sequence numbers appropriate to the remote implementation
+ * type.  We can make the determination in two different ways.  The
+ * first is to note the receipt of a "negative" sequence number when a
+ * "positive" one was expected.  The second is to note the receipt of
+ * a sequence number that wraps through "zero" in a weird way.  The
+ * latter corresponds to the receipt of an initial sequence number in
+ * the ambiguous range.
+ *
+ * There are 2^7 + 2^15 + 2^23 + 2^23 = 16810112 total ambiguous
+ * initial Heimdal counter values, but we receive them as one of 2^23
+ * possible values.  There is a ~1/256 chance of a Heimdal
+ * implementation sending an initial sequence number in the ambiguous
+ * range.
+ *
+ * We have to do special treatment when receiving sequence numbers
+ * between 0xFF800000..0xFFFFFFFF, or when wrapping through zero
+ * weirdly (due to ambiguous initial sequence number).  If we are
+ * expecting a value corresponding to an ambiguous Heimdal counter
+ * value, and we receive an exact match, we can mark the remote end as
+ * sane.
+ */
+
+static krb5_boolean
+chk_heimdal_seqnum(krb5_ui_4 exp_seq, krb5_ui_4 in_seq)
+{
+    if (( exp_seq & 0xFF800000) == 0x00800000
+        && (in_seq & 0xFF800000) == 0xFF800000
+        && (in_seq & 0x00FFFFFF) == exp_seq)
+        return 1;
+    else if ((  exp_seq & 0xFFFF8000) == 0x00008000
+             && (in_seq & 0xFFFF8000) == 0xFFFF8000
+             && (in_seq & 0x0000FFFF) == exp_seq)
+        return 1;
+    else if ((  exp_seq & 0xFFFFFF80) == 0x00000080
+             && (in_seq & 0xFFFFFF80) == 0xFFFFFF80
+             && (in_seq & 0x000000FF) == exp_seq)
+        return 1;
+    else
+        return 0;
+}
+
+krb5_boolean
+k5_privsafe_check_seqnum(krb5_context ctx, krb5_auth_context ac,
+                         krb5_ui_4 in_seq)
+{
+    krb5_ui_4 exp_seq;
+
+    exp_seq = ac->remote_seq_number;
+
+    /*
+     * If sender is known to be sane, accept _only_ exact matches.
+     */
+    if (ac->auth_context_flags & KRB5_AUTH_CONN_SANE_SEQ)
+        return in_seq == exp_seq;
+
+    /*
+     * If sender is not known to be sane, first check the ambiguous
+     * range of received values, 0xFF800000..0xFFFFFFFF.
+     */
+    if ((in_seq & 0xFF800000) == 0xFF800000) {
+        /*
+         * If expected sequence number is in the range
+         * 0xFF800000..0xFFFFFFFF, then we can't make any
+         * determinations about the sanity of the sending
+         * implementation.
+         */
+        if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq)
+            return 1;
+        /*
+         * If sender is not known for certain to be a broken Heimdal
+         * implementation, check for exact match.
+         */
+        if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)
+            && in_seq == exp_seq)
+            return 1;
+        /*
+         * Now apply hairy algorithm for matching sequence numbers
+         * sent by broken Heimdal implementations.  If it matches, we
+         * know for certain it's a broken Heimdal sender.
+         */
+        if (chk_heimdal_seqnum(exp_seq, in_seq)) {
+            ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+            return 1;
+        }
+        return 0;
+    }
+
+    /*
+     * Received value not in the ambiguous range?  If the _expected_
+     * value is in the range of ambiguous Hemidal counter values, and
+     * it matches the received value, sender is known to be sane.
+     */
+    if (in_seq == exp_seq) {
+        if ((   exp_seq & 0xFFFFFF80) == 0x00000080
+            || (exp_seq & 0xFFFF8000) == 0x00008000
+            || (exp_seq & 0xFF800000) == 0x00800000)
+            ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ;
+        return 1;
+    }
+
+    /*
+     * Magic wraparound for the case where the initial sequence number
+     * is in the ambiguous range.  This means that the sender's
+     * counter is at a different count than ours, so we correct ours,
+     * and mark the sender as being a broken Heimdal implementation.
+     */
+    if (exp_seq == 0
+        && !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) {
+        switch (in_seq) {
+        case 0x100:
+        case 0x10000:
+        case 0x1000000:
+            ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+            exp_seq = in_seq;
+            return 1;
+        default:
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/*
+ * Verify the sender and receiver addresses from a KRB-SAFE or KRB-PRIV message
+ * against the auth context.  msg_r_addr may be NULL, but msg_s_addr must not
+ * be.  The auth context's remote addr must be set.
+ */
+krb5_error_code
+k5_privsafe_check_addrs(krb5_context context, krb5_auth_context ac,
+                        krb5_address *msg_s_addr, krb5_address *msg_r_addr)
+{
+    krb5_error_code ret = 0;
+    krb5_address **our_addrs = NULL;
+    const krb5_address *local_addr, *remote_addr;
+    krb5_address local_fulladdr, remote_fulladdr;
+
+    local_fulladdr.contents = remote_fulladdr.contents = NULL;
+
+    /* Determine the remote comparison address. */
+    if (ac->remote_addr != NULL) {
+        if (ac->remote_port != NULL) {
+            ret = krb5_make_fulladdr(context, ac->remote_addr, ac->remote_port,
+                                     &remote_fulladdr);
+            if (ret)
+                goto cleanup;
+            remote_addr = &remote_fulladdr;
+        } else
+            remote_addr = ac->remote_addr;
+    } else
+        remote_addr = NULL;
+
+    /* Determine the local comparison address (possibly NULL). */
+    if (ac->local_addr != NULL) {
+        if (ac->local_port != NULL) {
+            ret = krb5_make_fulladdr(context, ac->local_addr, ac->local_port,
+                                     &local_fulladdr);
+            if (ret)
+                goto cleanup;
+            local_addr = &local_fulladdr;
+        } else
+            local_addr = ac->local_addr;
+    } else
+        local_addr = NULL;
+
+    /* Check the remote address against the message's sender address. */
+    if (remote_addr != NULL &&
+        !krb5_address_compare(context, remote_addr, msg_s_addr)) {
+        ret = KRB5KRB_AP_ERR_BADADDR;
+        goto cleanup;
+    }
+
+    /* Receiver address is optional; only check it if supplied. */
+    if (msg_r_addr == NULL)
+        goto cleanup;
+
+    /* Check the message's receiver address against the local address, or
+     * against all local addresses if no specific local address is set. */
+    if (local_addr != NULL) {
+        if (!krb5_address_compare(context, local_addr, msg_r_addr)) {
+            ret = KRB5KRB_AP_ERR_BADADDR;
+            goto cleanup;
+        }
+    } else {
+        ret = krb5_os_localaddr(context, &our_addrs);
+        if (ret)
+            goto cleanup;
+
+        if (!krb5_address_search(context, msg_r_addr, our_addrs)) {
+            ret = KRB5KRB_AP_ERR_BADADDR;
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    free(local_fulladdr.contents);
+    free(remote_fulladdr.contents);
+    krb5_free_addresses(context, our_addrs);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/random_str.c b/krb5-1.21.3/src/lib/krb5/krb/random_str.c
new file mode 100644
index 00000000..e31430cc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/random_str.c
@@ -0,0 +1,68 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/random_str.c - Definition of krb5int_random_string() */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+/* Utility routine: Creates a readable random string in a fixed size buffer. */
+krb5_error_code
+krb5int_random_string(krb5_context context, char *string, unsigned int length)
+{
+    static const unsigned char charlist[] =
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+    krb5_error_code err = 0;
+    unsigned char *bytes = NULL;
+    unsigned int bytecount = length - 1;
+
+    if (!err) {
+        bytes = malloc (bytecount);
+        if (bytes == NULL) { err = ENOMEM; }
+    }
+
+    if (!err) {
+        krb5_data data;
+        data.length = bytecount;
+        data.data = (char *) bytes;
+        err = krb5_c_random_make_octets (context, &data);
+    }
+
+    if (!err) {
+        unsigned int i;
+        for (i = 0; i < bytecount; i++) {
+            string [i] = charlist[bytes[i] % (sizeof (charlist) - 1)];
+        }
+        string[length - 1] = '\0';
+    }
+
+    if (bytes != NULL) { free (bytes); }
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_cred.c b/krb5-1.21.3/src/lib/krb5/krb/rd_cred.c
new file mode 100644
index 00000000..d89a98ae
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_cred.c
@@ -0,0 +1,204 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_cred.c - definition of krb5_rd_cred() */
+/*
+ * Copyright 1994-2009,2014 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+ * Decrypt and decode the enc_part of a krb5_cred using the receiving subkey or
+ * the session key of authcon.  If neither key is present, ctext->ciphertext is
+ * assumed to be unencrypted plain text (RFC 6448).
+ */
+static krb5_error_code
+decrypt_encpart(krb5_context context, krb5_enc_data *ctext,
+                krb5_auth_context authcon, krb5_cred_enc_part **encpart_out)
+{
+    krb5_error_code ret;
+    krb5_data plain = empty_data();
+    krb5_boolean decrypted = FALSE;
+
+    *encpart_out = NULL;
+
+    if (authcon->recv_subkey == NULL && authcon->key == NULL)
+        return decode_krb5_enc_cred_part(&ctext->ciphertext, encpart_out);
+
+    ret = alloc_data(&plain, ctext->ciphertext.length);
+    if (ret)
+        return ret;
+    if (authcon->recv_subkey != NULL) {
+        ret = krb5_k_decrypt(context, authcon->recv_subkey,
+                             KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0, ctext, &plain);
+        decrypted = (ret == 0);
+    }
+    if (!decrypted && authcon->key != NULL) {
+        ret = krb5_k_decrypt(context, authcon->key,
+                             KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0, ctext, &plain);
+        decrypted = (ret == 0);
+    }
+    if (decrypted)
+        ret = decode_krb5_enc_cred_part(&plain, encpart_out);
+    zapfree(plain.data, plain.length);
+    return ret;
+}
+
+/* Produce a list of credentials from a KRB-CRED message and its enc_part. */
+static krb5_error_code
+make_cred_list(krb5_context context, krb5_cred *krbcred,
+               krb5_cred_enc_part *encpart, krb5_creds ***creds_out)
+{
+    krb5_error_code ret = 0;
+    krb5_creds **list = NULL;
+    krb5_cred_info *info;
+    krb5_data *ticket_data;
+    size_t i, count;
+
+    *creds_out = NULL;
+
+    /* Allocate the list of creds. */
+    for (count = 0; krbcred->tickets[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* For each credential, create a structure in the list of credentials and
+     * copy the information. */
+    for (i = 0; i < count; i++) {
+        list[i] = k5alloc(sizeof(*list[i]), &ret);
+        if (list[i] == NULL)
+            goto cleanup;
+
+        info = encpart->ticket_info[i];
+        ret = krb5_copy_principal(context, info->client, &list[i]->client);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5_copy_principal(context, info->server, &list[i]->server);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5_copy_keyblock_contents(context, info->session,
+                                          &list[i]->keyblock);
+        if (ret)
+            goto cleanup;
+
+        ret = krb5_copy_addresses(context, info->caddrs, &list[i]->addresses);
+        if (ret)
+            goto cleanup;
+
+        ret = encode_krb5_ticket(krbcred->tickets[i], &ticket_data);
+        if (ret)
+            goto cleanup;
+        list[i]->ticket = *ticket_data;
+        free(ticket_data);
+
+        list[i]->is_skey = FALSE;
+        list[i]->magic = KV5M_CREDS;
+        list[i]->times = info->times;
+        list[i]->ticket_flags = info->flags;
+        list[i]->authdata = NULL;
+        list[i]->second_ticket = empty_data();
+    }
+
+    *creds_out = list;
+    list = NULL;
+
+cleanup:
+    krb5_free_tgt_creds(context, list);
+    return ret;
+}
+
+/* Validate a KRB-CRED message in creddata, and return a list of forwarded
+ * credentials along with replay cache information. */
+krb5_error_code KRB5_CALLCONV
+krb5_rd_cred(krb5_context context, krb5_auth_context authcon,
+             krb5_data *creddata, krb5_creds ***creds_out,
+             krb5_replay_data *replaydata_out)
+{
+    krb5_error_code ret = 0;
+    krb5_creds **credlist = NULL;
+    krb5_cred *krbcred = NULL;
+    krb5_cred_enc_part *encpart = NULL;
+    krb5_replay_data rdata;
+    const krb5_int32 flags = authcon->auth_context_flags;
+
+    *creds_out = NULL;
+
+    if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
+         (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        replaydata_out == NULL)
+        return KRB5_RC_REQUIRED;
+
+    ret = decode_krb5_cred(creddata, &krbcred);
+    if (ret)
+        goto cleanup;
+
+    ret = decrypt_encpart(context, &krbcred->enc_part, authcon, &encpart);
+    if (ret)
+        goto cleanup;
+
+    ret = make_cred_list(context, krbcred, encpart, &credlist);
+    if (ret)
+        goto cleanup;
+
+    if (authcon->recv_subkey != NULL || authcon->key != NULL) {
+        rdata.timestamp = encpart->timestamp;
+        ret = k5_privsafe_check_replay(context, authcon, &rdata,
+                                       &krbcred->enc_part, NULL);
+        if (ret)
+            goto cleanup;
+    }
+
+    if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+        if (authcon->remote_seq_number != (uint32_t)encpart->nonce) {
+            ret = KRB5KRB_AP_ERR_BADORDER;
+            goto cleanup;
+        }
+        authcon->remote_seq_number++;
+    }
+
+    *creds_out = credlist;
+    credlist = NULL;
+    if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
+        (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        replaydata_out->timestamp = encpart->timestamp;
+        replaydata_out->usec = encpart->usec;
+        replaydata_out->seq = encpart->nonce;
+    }
+
+cleanup:
+    krb5_free_tgt_creds(context, credlist);
+    krb5_free_cred(context, krbcred);
+    krb5_free_cred_enc_part(context, encpart);
+    free(encpart);              /* krb5_free_cred_enc_part doesn't do this */
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_error.c b/krb5-1.21.3/src/lib/krb5/krb/rd_error.c
new file mode 100644
index 00000000..dbb6798c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_error.c
@@ -0,0 +1,44 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_error.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * Parse an error message from enc_errbuf and return an allocated structure
+ * containing the error message.  Upon return, dec_error will point to
+ * allocated storage which the caller should free when finished.
+ *
+ * Returns system errors.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_error(krb5_context context, const krb5_data *enc_errbuf,
+              krb5_error **dec_error)
+{
+    if (!krb5_is_krb_error(enc_errbuf))
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+    return(decode_krb5_error(enc_errbuf, dec_error));
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_priv.c b/krb5-1.21.3/src/lib/krb5/krb/rd_priv.c
new file mode 100644
index 00000000..29a97465
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_priv.c
@@ -0,0 +1,150 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_priv.c - krb5_rd_priv() */
+/*
+ * Copyright 1990,1991,2007,2019 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+ * Unmarshal a KRB-PRIV message from der_krbpriv, placing the confidential user
+ * data in *userdata_out, ciphertext in *enc_out, and replay data in
+ * *rdata_out.  The caller should free *userdata_out and *enc_out when
+ * finished.
+ */
+static krb5_error_code
+read_krbpriv(krb5_context context, krb5_auth_context authcon,
+             const krb5_data *der_krbpriv, const krb5_key key,
+             krb5_replay_data *rdata_out, krb5_data *userdata_out,
+             krb5_enc_data *enc_out)
+{
+    krb5_error_code ret;
+    krb5_priv *privmsg = NULL;
+    krb5_data plaintext = empty_data();
+    krb5_priv_enc_part *encpart = NULL;
+    krb5_data *cstate;
+
+    if (!krb5_is_krb_priv(der_krbpriv))
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+
+    /* decode private message */
+    ret = decode_krb5_priv(der_krbpriv, &privmsg);
+    if (ret)
+        return ret;
+
+    ret = alloc_data(&plaintext, privmsg->enc_part.ciphertext.length);
+    if (ret)
+        goto cleanup;
+
+    cstate = (authcon->cstate.length > 0) ? &authcon->cstate : NULL;
+    ret = krb5_k_decrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART, cstate,
+                         &privmsg->enc_part, &plaintext);
+    if (ret)
+        goto cleanup;
+
+    ret = decode_krb5_enc_priv_part(&plaintext, &encpart);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_check_addrs(context, authcon, encpart->s_address,
+                                  encpart->r_address);
+    if (ret)
+        goto cleanup;
+
+    rdata_out->timestamp = encpart->timestamp;
+    rdata_out->usec = encpart->usec;
+    rdata_out->seq = encpart->seq_number;
+
+    *userdata_out = encpart->user_data;
+    encpart->user_data.data = NULL;
+
+    *enc_out = privmsg->enc_part;
+    memset(&privmsg->enc_part, 0, sizeof(privmsg->enc_part));
+
+cleanup:
+    krb5_free_priv_enc_part(context, encpart);
+    krb5_free_priv(context, privmsg);
+    zapfree(plaintext.data, plaintext.length);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_priv(krb5_context context, krb5_auth_context authcon,
+             const krb5_data *inbuf, krb5_data *userdata_out,
+             krb5_replay_data *rdata_out)
+{
+    krb5_error_code ret;
+    krb5_key key;
+    krb5_replay_data rdata;
+    krb5_enc_data enc;
+    krb5_data userdata = empty_data();
+    const krb5_int32 flags = authcon->auth_context_flags;
+
+    *userdata_out = empty_data();
+    memset(&enc, 0, sizeof(enc));
+
+    if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
+         (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && rdata_out == NULL)
+        return KRB5_RC_REQUIRED;
+
+    key = (authcon->recv_subkey != NULL) ? authcon->recv_subkey : authcon->key;
+    memset(&rdata, 0, sizeof(rdata));
+    ret = read_krbpriv(context, authcon, inbuf, key, &rdata, &userdata, &enc);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_check_replay(context, authcon, &rdata, &enc, NULL);
+    if (ret)
+        goto cleanup;
+
+    if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+        if (!k5_privsafe_check_seqnum(context, authcon, rdata.seq)) {
+            ret = KRB5KRB_AP_ERR_BADORDER;
+            goto cleanup;
+        }
+        authcon->remote_seq_number++;
+    }
+
+    if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
+        (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        rdata_out->timestamp = rdata.timestamp;
+        rdata_out->usec = rdata.usec;
+        rdata_out->seq = rdata.seq;
+    }
+
+    *userdata_out = userdata;
+    userdata = empty_data();
+
+cleanup:
+    krb5_free_data_contents(context, &enc.ciphertext);
+    krb5_free_data_contents(context, &userdata);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_rep.c b/krb5-1.21.3/src/lib/krb5/krb/rd_rep.c
new file mode 100644
index 00000000..1ace4ca1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_rep.c
@@ -0,0 +1,204 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_rep.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2006-2008, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+
+/*
+ *  Parses a KRB_AP_REP message, returning its contents.
+ *
+ *  repl is filled in with with a pointer to allocated memory containing
+ * the fields from the encrypted response.
+ *
+ *  the key in kblock is used to decrypt the message.
+ *
+ *  returns system errors, encryption errors, replay errors
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_rep(krb5_context context, krb5_auth_context auth_context,
+            const krb5_data *inbuf, krb5_ap_rep_enc_part **repl)
+{
+    krb5_error_code       retval;
+    krb5_ap_rep          *reply = NULL;
+    krb5_ap_rep_enc_part *enc = NULL;
+    krb5_data             scratch;
+
+    *repl = NULL;
+
+    if (!krb5_is_ap_rep(inbuf))
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+
+    /* Decode inbuf. */
+    retval = decode_krb5_ap_rep(inbuf, &reply);
+    if (retval)
+        return retval;
+
+    /* Put together an eblock for this encryption. */
+    scratch.length = reply->enc_part.ciphertext.length;
+    scratch.data = malloc(scratch.length);
+    if (scratch.data == NULL) {
+        retval = ENOMEM;
+        goto clean_scratch;
+    }
+
+    retval = krb5_k_decrypt(context, auth_context->key,
+                            KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
+                            &reply->enc_part, &scratch);
+    if (retval)
+        goto clean_scratch;
+
+    /* Now decode the decrypted stuff. */
+    retval = decode_krb5_ap_rep_enc_part(&scratch, &enc);
+    if (retval)
+        goto clean_scratch;
+
+    /* Check reply fields. */
+    if ((enc->ctime != auth_context->authentp->ctime)
+        || (enc->cusec != auth_context->authentp->cusec)) {
+        retval = KRB5_MUTUAL_FAILED;
+        goto clean_scratch;
+    }
+
+    /* Set auth subkey. */
+    if (enc->subkey) {
+        retval = krb5_auth_con_setrecvsubkey(context, auth_context,
+                                             enc->subkey);
+        if (retval)
+            goto clean_scratch;
+        retval = krb5_auth_con_setsendsubkey(context, auth_context,
+                                             enc->subkey);
+        if (retval) {
+            (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
+            goto clean_scratch;
+        }
+        /* Not used for anything yet. */
+        auth_context->negotiated_etype = enc->subkey->enctype;
+    }
+
+    /* Get remote sequence number. */
+    auth_context->remote_seq_number = enc->seq_number;
+
+    TRACE_RD_REP(context, enc->ctime, enc->cusec, enc->subkey,
+                 enc->seq_number);
+
+    *repl = enc;
+    enc = NULL;
+
+clean_scratch:
+    if (scratch.data)
+        memset(scratch.data, 0, scratch.length);
+    free(scratch.data);
+    krb5_free_ap_rep(context, reply);
+    krb5_free_ap_rep_enc_part(context, enc);
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context,
+                const krb5_data *inbuf, krb5_ui_4 *nonce)
+{
+    krb5_error_code       retval;
+    krb5_ap_rep         * reply;
+    krb5_data             scratch;
+    krb5_ap_rep_enc_part *repl = NULL;
+
+    if (!krb5_is_ap_rep(inbuf))
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+
+    /* decode it */
+
+    if ((retval = decode_krb5_ap_rep(inbuf, &reply)))
+        return retval;
+
+    /* put together an eblock for this encryption */
+
+    scratch.length = reply->enc_part.ciphertext.length;
+    if (!(scratch.data = malloc(scratch.length))) {
+        krb5_free_ap_rep(context, reply);
+        return(ENOMEM);
+    }
+
+    if ((retval = krb5_k_decrypt(context, auth_context->key,
+                                 KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
+                                 &reply->enc_part, &scratch)))
+        goto clean_scratch;
+
+    /* now decode the decrypted stuff */
+    retval = decode_krb5_ap_rep_enc_part(&scratch, &repl);
+    if (retval)
+        goto clean_scratch;
+
+    *nonce = repl->seq_number;
+    if (*nonce != auth_context->local_seq_number) {
+        retval = KRB5_MUTUAL_FAILED;
+        goto clean_scratch;
+    }
+
+    /* Must be NULL to prevent echoing for client AP-REP */
+    if (repl->subkey != NULL) {
+        retval = KRB5_MUTUAL_FAILED;
+        goto clean_scratch;
+    }
+
+    TRACE_RD_REP_DCE(context, repl->ctime, repl->cusec, repl->seq_number);
+
+clean_scratch:
+    memset(scratch.data, 0, scratch.length);
+
+    if (repl != NULL)
+        krb5_free_ap_rep_enc_part(context, repl);
+    krb5_free_ap_rep(context, reply);
+    free(scratch.data);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_req.c b/krb5-1.21.3/src/lib/krb5/krb/rd_req.c
new file mode 100644
index 00000000..c0fc9793
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_req.c
@@ -0,0 +1,109 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_req.c */
+/*
+ * Copyright 1990,1991, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+
+/*
+ *  Parses a KRB_AP_REQ message, returning its contents.
+ *
+ *  server specifies the expected server's name for the ticket.
+ *
+ *  keyproc specifies a procedure to generate a decryption key for the
+ *  ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
+ *  used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
+ *  if it is non-NULL, it specifies a parameter name from which to retrieve the
+ *  decryption key.  If fetchfrom is NULL, then the default key store is
+ *  consulted.
+ *
+ *  returns system errors, encryption errors, replay errors
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
+            const krb5_data *inbuf, krb5_const_principal server,
+            krb5_keytab keytab, krb5_flags *ap_req_options,
+            krb5_ticket **ticket)
+{
+    krb5_error_code       retval;
+    krb5_ap_req         * request;
+    krb5_auth_context     new_auth_context;
+    krb5_keytab           new_keytab = NULL;
+
+    if (!krb5_is_ap_req(inbuf))
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+#ifndef LEAN_CLIENT
+    if ((retval = decode_krb5_ap_req(inbuf, &request))) {
+        switch (retval) {
+        case KRB5_BADMSGTYPE:
+            return KRB5KRB_AP_ERR_BADVERSION;
+        default:
+            return(retval);
+        }
+    }
+#endif /* LEAN_CLIENT */
+
+    /* Get an auth context if necessary. */
+    new_auth_context = NULL;
+    if (*auth_context == NULL) {
+        if ((retval = krb5_auth_con_init(context, &new_auth_context)))
+            goto cleanup_request;
+        *auth_context = new_auth_context;
+    }
+
+
+#ifndef LEAN_CLIENT
+    /* Get a keytab if necessary. */
+    if (keytab == NULL) {
+        if ((retval = krb5_kt_default(context, &new_keytab)))
+            goto cleanup_auth_context;
+        keytab = new_keytab;
+    }
+#endif /* LEAN_CLIENT */
+
+    retval = krb5_rd_req_decoded(context, auth_context, request, server,
+                                 keytab, ap_req_options, NULL);
+    if (!retval && ticket != NULL) {
+        /* Steal the ticket pointer for the caller. */
+        *ticket = request->ticket;
+        request->ticket = NULL;
+    }
+
+#ifndef LEAN_CLIENT
+    if (new_keytab != NULL)
+        (void) krb5_kt_close(context, new_keytab);
+#endif /* LEAN_CLIENT */
+
+cleanup_auth_context:
+    if (new_auth_context && retval) {
+        krb5_auth_con_free(context, new_auth_context);
+        *auth_context = NULL;
+    }
+
+cleanup_request:
+    krb5_free_ap_req(context, request);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c b/krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c
new file mode 100644
index 00000000..f37a3602
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c
@@ -0,0 +1,976 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_req_dec.c */
+/*
+ * Copyright (c) 1994 CyberSAFE Corporation.
+ * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * Neither M.I.T., the Open Computing Security Group, nor
+ * CyberSAFE Corporation make any representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * krb5_rd_req_decoded()
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+#include "authdata.h"
+#include "int-proto.h"
+#include "os-proto.h"
+
+/*
+ * essentially the same as krb_rd_req, but uses a decoded AP_REQ as
+ * the input rather than an encoded input.
+ */
+/*
+ *  Parses a KRB_AP_REQ message, returning its contents.
+ *
+ *  server specifies the expected server's name for the ticket; if NULL, then
+ *  any server will be accepted if the key can be found, and the caller should
+ *  verify that the principal is something it trusts. With the exception of the
+ *  kdb keytab, the ticket's server field need not match the name passed in for
+ *  server. All that is required is that the ticket be encrypted with a key
+ *  from the keytab associated with the specified server principal. This
+ *  permits the KDC to have a set of aliases for the server without keeping
+ *  this information consistent with the server. So, when server is non-null,
+ *  the principal expected by the application needs to be consistent with the
+ *  local keytab, but not with the informational name in the ticket.
+ *
+ *  rcache specifies a replay detection cache used to store authenticators and
+ *  server names
+ *
+ *  keyproc specifies a procedure to generate a decryption key for the
+ *  ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
+ *  used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
+ *  if it is non-NULL, it specifies a parameter name from which to retrieve the
+ *  decryption key.  If fetchfrom is NULL, then the default key store is
+ *  consulted.
+ *
+ *  authdat is set to point at allocated storage structures; the caller
+ *  should free them when finished.
+ *
+ *  returns system errors, encryption errors, replay errors
+ */
+
+static krb5_error_code
+decrypt_authenticator(krb5_context, const krb5_ap_req *,
+                      krb5_authenticator **, int);
+static krb5_error_code
+decode_etype_list(krb5_context context,
+                  const krb5_authenticator *authp,
+                  krb5_enctype **desired_etypes,
+                  int *desired_etypes_len);
+static krb5_error_code
+negotiate_etype(krb5_context context,
+                const krb5_enctype *desired_etypes,
+                int desired_etypes_len,
+                int mandatory_etypes_index,
+                const krb5_enctype *permitted_etypes,
+                int permitted_etypes_len,
+                krb5_enctype *negotiated_etype);
+
+/* Unparse the specified server principal (which may be NULL) and the ticket
+ * server principal. */
+static krb5_error_code
+unparse_princs(krb5_context context, krb5_const_principal server,
+               krb5_const_principal tkt_server, char **sname_out,
+               char **tsname_out)
+{
+    krb5_error_code ret;
+    char *sname = NULL, *tsname;
+
+    *sname_out = *tsname_out = NULL;
+    if (server != NULL) {
+        ret = krb5_unparse_name(context, server, &sname);
+        if (ret)
+            return ret;
+    }
+    ret = krb5_unparse_name(context, tkt_server, &tsname);
+    if (ret) {
+        krb5_free_unparsed_name(context, sname);
+        return ret;
+    }
+    *sname_out = sname;
+    *tsname_out = tsname;
+    return 0;
+}
+
+/* Return a helpful code and error when we cannot look up the keytab entry for
+ * an explicit server principal using the ticket's kvno and enctype. */
+static krb5_error_code
+keytab_fetch_error(krb5_context context, krb5_error_code code,
+                   krb5_const_principal princ,
+                   krb5_const_principal tkt_server, krb5_kvno tkt_kvno,
+                   krb5_boolean explicit_server)
+{
+    krb5_error_code ret;
+    char *sname = NULL, *tsname = NULL;
+
+    if (code == ENOENT || code == EPERM || code == EACCES) {
+        k5_change_error_message_code(context, code, KRB5KRB_AP_ERR_NOKEY);
+        return KRB5KRB_AP_ERR_NOKEY;
+    }
+
+    if (code == KRB5_KT_NOTFOUND) {
+        ret = explicit_server ? KRB5KRB_AP_ERR_NOKEY : KRB5KRB_AP_ERR_NOT_US;
+        k5_change_error_message_code(context, code, ret);
+        return ret;
+    }
+
+    if (code != KRB5_KT_KVNONOTFOUND)
+        return code;
+
+    assert(princ != NULL);
+    ret = unparse_princs(context, princ, tkt_server, &sname, &tsname);
+    if (ret)
+        return ret;
+    if (krb5_principal_compare(context, princ, tkt_server)) {
+        ret = KRB5KRB_AP_ERR_BADKEYVER;
+        k5_setmsg(context, ret, _("Cannot find key for %s kvno %d in keytab"),
+                  sname, (int)tkt_kvno);
+    } else {
+        ret = KRB5KRB_AP_ERR_NOT_US;
+        k5_setmsg(context, ret,
+                  _("Cannot find key for %s kvno %d in keytab (request ticket "
+                    "server %s)"), sname, (int)tkt_kvno, tsname);
+    }
+    krb5_free_unparsed_name(context, sname);
+    krb5_free_unparsed_name(context, tsname);
+    return ret;
+}
+
+/* Return a helpful code and error when ticket decryption fails using the key
+ * for an explicit server principal. */
+static krb5_error_code
+integrity_error(krb5_context context, krb5_const_principal server,
+                krb5_const_principal tkt_server)
+{
+    krb5_error_code ret;
+    char *sname = NULL, *tsname = NULL;
+
+    assert(server != NULL);
+    ret = unparse_princs(context, server, tkt_server, &sname, &tsname);
+    if (ret)
+        return ret;
+
+    ret = krb5_principal_compare(context, server, tkt_server) ?
+        KRB5KRB_AP_ERR_BAD_INTEGRITY : KRB5KRB_AP_ERR_NOT_US;
+    k5_setmsg(context, ret,
+              _("Cannot decrypt ticket for %s using keytab key for %s"),
+              tsname, sname);
+    krb5_free_unparsed_name(context, sname);
+    krb5_free_unparsed_name(context, tsname);
+    return ret;
+}
+
+/* Return a helpful code and error when we cannot iterate over the keytab and
+ * the specified server does not match the ticket server. */
+static krb5_error_code
+nomatch_error(krb5_context context, krb5_const_principal server,
+              krb5_const_principal tkt_server)
+{
+    krb5_error_code ret;
+    char *sname = NULL, *tsname = NULL;
+
+    assert(server != NULL);
+    ret = unparse_princs(context, server, tkt_server, &sname, &tsname);
+    if (ret)
+        return ret;
+
+    k5_setmsg(context, KRB5KRB_AP_ERR_NOT_US,
+              _("Server principal %s does not match request ticket server %s"),
+              sname, tsname);
+    krb5_free_unparsed_name(context, sname);
+    krb5_free_unparsed_name(context, tsname);
+    return KRB5KRB_AP_ERR_NOT_US;
+}
+
+/* Return a helpful error code and message when we fail to find a key after
+ * iterating over the keytab. */
+static krb5_error_code
+iteration_error(krb5_context context, krb5_const_principal server,
+                krb5_const_principal tkt_server, krb5_kvno tkt_kvno,
+                krb5_enctype tkt_etype, krb5_boolean tkt_server_mismatch,
+                krb5_boolean found_server_match, krb5_boolean found_tkt_server,
+                krb5_boolean found_kvno, krb5_boolean found_higher_kvno,
+                krb5_boolean found_enctype)
+{
+    krb5_error_code ret;
+    char *sname = NULL, *tsname = NULL, encname[128];
+
+    ret = unparse_princs(context, server, tkt_server, &sname, &tsname);
+    if (ret)
+        return ret;
+    if (krb5_enctype_to_name(tkt_etype, TRUE, encname, sizeof(encname)) != 0)
+        (void)snprintf(encname, sizeof(encname), "%d", (int)tkt_etype);
+
+    if (!found_server_match) {
+        ret = KRB5KRB_AP_ERR_NOKEY;
+        if (sname == NULL)  {
+            k5_setmsg(context, ret, _("No keys in keytab"));
+        } else {
+            k5_setmsg(context, ret,
+                      _("Server principal %s does not match any keys in "
+                        "keytab"), sname);
+        }
+    } else if (tkt_server_mismatch) {
+        assert(sname != NULL);  /* Null server princ would match anything. */
+        ret = KRB5KRB_AP_ERR_NOT_US;
+        k5_setmsg(context, ret,
+                  _("Request ticket server %s found in keytab but does not "
+                    "match server principal %s"), tsname, sname);
+    } else if (!found_tkt_server) {
+        ret = KRB5KRB_AP_ERR_NOT_US;
+        k5_setmsg(context, ret,
+                  _("Request ticket server %s not found in keytab (ticket "
+                    "kvno %d)"), tsname, (int)tkt_kvno);
+    } else if (!found_kvno) {
+        ret = KRB5KRB_AP_ERR_BADKEYVER;
+        if (found_higher_kvno) {
+            k5_setmsg(context, ret,
+                      _("Request ticket server %s kvno %d not found in "
+                        "keytab; ticket is likely out of date"),
+                      tsname, (int)tkt_kvno);
+        } else {
+            k5_setmsg(context, ret,
+                      _("Request ticket server %s kvno %d not found in "
+                        "keytab; keytab is likely out of date"),
+                      tsname, (int)tkt_kvno);
+        }
+    } else if (!found_enctype) {
+        /* There's no defined error for having the key version but not the
+         * enctype. */
+        ret = KRB5KRB_AP_ERR_BADKEYVER;
+        k5_setmsg(context, ret,
+                  _("Request ticket server %s kvno %d found in keytab but not "
+                    "with enctype %s"), tsname, (int)tkt_kvno, encname);
+    } else {
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        k5_setmsg(context, ret,
+                  _("Request ticket server %s kvno %d enctype %s found in "
+                    "keytab but cannot decrypt ticket"),
+                  tsname, (int)tkt_kvno, encname);
+    }
+
+    krb5_free_unparsed_name(context, sname);
+    krb5_free_unparsed_name(context, tsname);
+    return ret;
+}
+
+/* Return true if princ might match multiple principals. */
+static inline krb5_boolean
+is_matching(krb5_context context, krb5_const_principal princ)
+{
+    if (princ == NULL)
+        return TRUE;
+    return (princ->type == KRB5_NT_SRV_HST && princ->length == 2
+            && (princ->realm.length == 0 || princ->data[1].length == 0 ||
+                context->ignore_acceptor_hostname));
+}
+
+/* Decrypt the ticket in req using the key in ent. */
+static krb5_error_code
+try_one_entry(krb5_context context, const krb5_ap_req *req,
+              krb5_keytab_entry *ent, krb5_keyblock *keyblock_out)
+{
+    krb5_error_code ret;
+    krb5_principal tmp = NULL;
+
+    /* Try decrypting the ticket with this entry's key. */
+    ret = krb5_decrypt_tkt_part(context, &ent->key, req->ticket);
+    if (ret)
+        return ret;
+
+    /* Make a copy of the principal for the ticket server field. */
+    ret = krb5_copy_principal(context, ent->principal, &tmp);
+    if (ret)
+        return ret;
+
+    /* Make a copy of the decrypting key if requested by the caller. */
+    if (keyblock_out != NULL) {
+        ret = krb5_copy_keyblock_contents(context, &ent->key, keyblock_out);
+        if (ret) {
+            krb5_free_principal(context, tmp);
+            return ret;
+        }
+    }
+
+    /* Make req->ticket->server indicate the actual server principal. */
+    krb5_free_principal(context, req->ticket->server);
+    req->ticket->server = tmp;
+
+    return 0;
+}
+
+/* Decrypt the ticket in req using a principal looked up from keytab.
+ * explicit_server should be true if this is the only usable principal. */
+static krb5_error_code
+try_one_princ(krb5_context context, const krb5_ap_req *req,
+              krb5_const_principal princ, krb5_keytab keytab,
+              krb5_boolean explicit_server, krb5_keyblock *keyblock_out)
+{
+    krb5_error_code ret;
+    krb5_keytab_entry ent;
+    krb5_kvno tkt_kvno = req->ticket->enc_part.kvno;
+    krb5_enctype tkt_etype = req->ticket->enc_part.enctype;
+    krb5_principal tkt_server = req->ticket->server;
+
+    ret = krb5_kt_get_entry(context, keytab, princ, tkt_kvno, tkt_etype, &ent);
+    if (ret) {
+        return keytab_fetch_error(context, ret, princ, tkt_server, tkt_kvno,
+                                  explicit_server);
+    }
+    ret = try_one_entry(context, req, &ent, keyblock_out);
+    if (ret == 0)
+        TRACE_RD_REQ_DECRYPT_SPECIFIC(context, ent.principal, &ent.key);
+    (void)krb5_free_keytab_entry_contents(context, &ent);
+    if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+        return integrity_error(context, princ, req->ticket->server);
+    return ret;
+}
+
+/*
+ * Decrypt the ticket in req using an entry in keytab matching server (if
+ * given).  Set req->ticket->server to the principal of the keytab entry used.
+ * Store the decrypting key in *keyblock_out if it is not NULL.
+ */
+static krb5_error_code
+decrypt_try_server(krb5_context context, const krb5_ap_req *req,
+                   krb5_const_principal server, krb5_keytab keytab,
+                   krb5_keyblock *keyblock_out)
+{
+    krb5_error_code ret;
+    krb5_keytab_entry ent;
+    krb5_kt_cursor cursor;
+    krb5_principal tkt_server = req->ticket->server;
+    krb5_kvno tkt_kvno = req->ticket->enc_part.kvno;
+    krb5_enctype tkt_etype = req->ticket->enc_part.enctype;
+    krb5_boolean similar_enctype;
+    krb5_boolean tkt_server_mismatch = FALSE, found_server_match = FALSE;
+    krb5_boolean found_tkt_server = FALSE, found_enctype = FALSE;
+    krb5_boolean found_kvno = FALSE, found_higher_kvno = FALSE;
+
+#ifdef LEAN_CLIENT
+    return KRB5KRB_AP_WRONG_PRINC;
+#else
+    /* If we have an explicit server principal, try just that one. */
+    if (!is_matching(context, server)) {
+        return try_one_princ(context, req, server, keytab, TRUE,
+                             keyblock_out);
+    }
+
+    if (keytab->ops->start_seq_get == NULL) {
+        /* We can't iterate over the keytab.  Try the principal asserted by the
+         * client if it's allowed by the server parameter. */
+        if (!krb5_sname_match(context, server, tkt_server))
+            return nomatch_error(context, server, tkt_server);
+        return try_one_princ(context, req, tkt_server, keytab, FALSE,
+                             keyblock_out);
+    }
+
+    /* Scan all keys in the keytab, in case the ticket server is an alias for
+     * one of the principals in the keytab. */
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret) {
+        k5_change_error_message_code(context, ret, KRB5KRB_AP_ERR_NOKEY);
+        return KRB5KRB_AP_ERR_NOKEY;
+    }
+    while ((ret = krb5_kt_next_entry(context, keytab, &ent, &cursor)) == 0) {
+        /* Only try keys which match the server principal. */
+        if (!krb5_sname_match(context, server, ent.principal)) {
+            if (krb5_principal_compare(context, ent.principal, tkt_server))
+                tkt_server_mismatch = TRUE;
+            (void)krb5_free_keytab_entry_contents(context, &ent);
+            continue;
+        }
+        found_server_match = TRUE;
+
+        if (krb5_c_enctype_compare(context, ent.key.enctype, tkt_etype,
+                                   &similar_enctype) != 0)
+            similar_enctype = FALSE;
+
+        if (krb5_principal_compare(context, ent.principal, tkt_server)) {
+            found_tkt_server = TRUE;
+            if (ent.vno == tkt_kvno) {
+                found_kvno = TRUE;
+                if (similar_enctype)
+                    found_enctype = TRUE;
+            } else if (ent.vno > tkt_kvno) {
+                found_higher_kvno = TRUE;
+            }
+        }
+
+        /* Only try keys with similar enctypes to the ticket enctype. */
+        if (similar_enctype) {
+            /* Coerce inexact matches to the request enctype. */
+            ent.key.enctype = tkt_etype;
+            if (try_one_entry(context, req, &ent, keyblock_out) == 0) {
+                TRACE_RD_REQ_DECRYPT_ANY(context, ent.principal, &ent.key);
+                (void)krb5_free_keytab_entry_contents(context, &ent);
+                break;
+            }
+        }
+
+        (void)krb5_free_keytab_entry_contents(context, &ent);
+    }
+
+    (void)krb5_kt_end_seq_get(context, keytab, &cursor);
+
+    if (ret != KRB5_KT_END)
+        return ret;
+    return iteration_error(context, server, tkt_server, tkt_kvno, tkt_etype,
+                           tkt_server_mismatch, found_server_match,
+                           found_tkt_server, found_kvno, found_higher_kvno,
+                           found_enctype);
+#endif /* LEAN_CLIENT */
+}
+
+static krb5_error_code
+decrypt_ticket(krb5_context context, const krb5_ap_req *req,
+               krb5_const_principal server, krb5_keytab keytab,
+               krb5_keyblock *keyblock_out)
+{
+    krb5_error_code ret, dret = 0;
+    struct canonprinc iter = { server, .no_hostrealm = TRUE };
+    krb5_const_principal canonprinc;
+
+    /* Don't try to canonicalize if we're going to ignore hostnames. */
+    if (k5_sname_wildcard_host(context, server))
+        return decrypt_try_server(context, req, server, keytab, keyblock_out);
+
+    /* Try each canonicalization candidate for server.  If they all fail,
+     * return the error from the last attempt. */
+    while ((ret = k5_canonprinc(context, &iter, &canonprinc)) == 0 &&
+           canonprinc != NULL) {
+        dret = decrypt_try_server(context, req, canonprinc, keytab,
+                                  keyblock_out);
+        /* Only continue if we found no keytab entries matching canonprinc. */
+        if (dret != KRB5KRB_AP_ERR_NOKEY)
+            break;
+    }
+    free_canonprinc(&iter);
+    return (ret != 0) ? ret : dret;
+}
+
+static krb5_error_code
+rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
+                   const krb5_ap_req *req, krb5_const_principal server,
+                   krb5_keytab keytab, krb5_flags *ap_req_options,
+                   krb5_ticket **ticket, int check_valid_flag)
+{
+    krb5_error_code       retval = 0;
+    krb5_enctype         *desired_etypes = NULL;
+    int                   desired_etypes_len = 0;
+    int                   rfc4537_etypes_len = 0;
+    krb5_enctype         *permitted_etypes = NULL;
+    int                   permitted_etypes_len = 0;
+    krb5_keyblock         decrypt_key;
+
+    decrypt_key.enctype = ENCTYPE_NULL;
+    decrypt_key.contents = NULL;
+    req->ticket->enc_part2 = NULL;
+
+    /* if (req->ap_options & AP_OPTS_USE_SESSION_KEY)
+       do we need special processing here ?     */
+
+    /* decrypt the ticket */
+    if ((*auth_context)->key) { /* User to User authentication */
+        if ((retval = krb5_decrypt_tkt_part(context,
+                                            &(*auth_context)->key->keyblock,
+                                            req->ticket)))
+            goto cleanup;
+        if (check_valid_flag) {
+            decrypt_key = (*auth_context)->key->keyblock;
+            (*auth_context)->key->keyblock.contents = NULL;
+        }
+        krb5_k_free_key(context, (*auth_context)->key);
+        (*auth_context)->key = NULL;
+        if (server == NULL)
+            server = req->ticket->server;
+    } else {
+        retval = decrypt_ticket(context, req, server, keytab,
+                                check_valid_flag ? &decrypt_key : NULL);
+        if (retval) {
+            TRACE_RD_REQ_DECRYPT_FAIL(context, retval);
+            goto cleanup;
+        }
+        /* decrypt_ticket placed the principal of the keytab key in
+         * req->ticket->server; always use this for later steps. */
+        server = req->ticket->server;
+    }
+    TRACE_RD_REQ_TICKET(context, req->ticket->enc_part2->client,
+                        req->ticket->server, req->ticket->enc_part2->session);
+
+    /* XXX this is an evil hack.  check_valid_flag is set iff the call
+       is not from inside the kdc.  we can use this to determine which
+       key usage to use */
+#ifndef LEAN_CLIENT
+    if ((retval = decrypt_authenticator(context, req,
+                                        &((*auth_context)->authentp),
+                                        check_valid_flag)))
+        goto cleanup;
+#endif
+    if (!krb5_principal_compare(context, (*auth_context)->authentp->client,
+                                req->ticket->enc_part2->client)) {
+        retval = KRB5KRB_AP_ERR_BADMATCH;
+        goto cleanup;
+    }
+
+    if ((*auth_context)->remote_addr &&
+        !krb5_address_search(context, (*auth_context)->remote_addr,
+                             req->ticket->enc_part2->caddrs)) {
+        retval = KRB5KRB_AP_ERR_BADADDR;
+        goto cleanup;
+    }
+
+    /* Get an rcache if necessary. */
+    if (((*auth_context)->rcache == NULL) &&
+        ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)) {
+        retval = k5_rc_default(context, &(*auth_context)->rcache);
+        if (retval)
+            goto cleanup;
+    }
+    /* okay, now check cross-realm policy */
+
+#if defined(_SINGLE_HOP_ONLY)
+
+    /* Single hop cross-realm tickets only */
+
+    {
+        krb5_transited *trans = &(req->ticket->enc_part2->transited);
+
+        /* If the transited list is empty, then we have at most one hop */
+        if (trans->tr_contents.length > 0 && trans->tr_contents.data[0])
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+    }
+
+#elif defined(_NO_CROSS_REALM)
+
+    /* No cross-realm tickets */
+
+    {
+        char            * lrealm;
+        krb5_data       * realm;
+        krb5_transited  * trans;
+
+        realm = &req->ticket->enc_part2->client->realm;
+        trans = &(req->ticket->enc_part2->transited);
+
+        /*
+         * If the transited list is empty, then we have at most one hop
+         * So we also have to check that the client's realm is the local one
+         */
+        krb5_get_default_realm(context, &lrealm);
+        if ((trans->tr_contents.length > 0 && trans->tr_contents.data[0]) ||
+            !data_eq_string(*realm, lrealm)) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        free(lrealm);
+    }
+
+#else
+
+    /* Hierarchical Cross-Realm */
+
+    {
+        krb5_data      * realm;
+        krb5_transited * trans;
+        krb5_flags       flags;
+
+        realm = &req->ticket->enc_part2->client->realm;
+        trans = &(req->ticket->enc_part2->transited);
+        flags = req->ticket->enc_part2->flags;
+
+        /*
+         * If the transited list is not empty and the KDC hasn't checked it,
+         * then check that all realms transited are within the hierarchy
+         * between the client's realm and the local realm.
+         */
+        if (!(flags & TKT_FLG_TRANSIT_POLICY_CHECKED) &&
+            trans->tr_contents.length > 0 && trans->tr_contents.data[0]) {
+            retval = krb5_check_transited_list(context, &(trans->tr_contents),
+                                               realm, &server->realm);
+        }
+    }
+
+#endif
+
+    if (retval)  goto cleanup;
+
+    /* only check rcache if sender has provided one---some services
+       may not be able to use replay caches (such as datagram servers) */
+
+    if ((*auth_context)->rcache != NULL) {
+        retval = k5_rc_store(context, (*auth_context)->rcache,
+                             &req->authenticator);
+        if (retval)
+            goto cleanup;
+    }
+
+    retval = krb5int_validate_times(context, &req->ticket->enc_part2->times);
+    if (retval != 0)
+        goto cleanup;
+
+    if ((retval = krb5_check_clockskew(context, (*auth_context)->authentp->ctime)))
+        goto cleanup;
+
+    if (check_valid_flag) {
+        if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) {
+            retval = KRB5KRB_AP_ERR_TKT_INVALID;
+            goto cleanup;
+        }
+
+        if ((retval = krb5_authdata_context_init(context,
+                                                 &(*auth_context)->ad_context)))
+            goto cleanup;
+        if ((retval = krb5int_authdata_verify(context,
+                                              (*auth_context)->ad_context,
+                                              AD_USAGE_MASK,
+                                              auth_context,
+                                              &decrypt_key,
+                                              req)))
+            goto cleanup;
+    }
+
+    /* read RFC 4537 etype list from sender */
+    retval = decode_etype_list(context,
+                               (*auth_context)->authentp,
+                               &desired_etypes,
+                               &rfc4537_etypes_len);
+    if (retval != 0)
+        goto cleanup;
+
+    if (desired_etypes == NULL)
+        desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype));
+    else
+        desired_etypes = (krb5_enctype *)realloc(desired_etypes,
+                                                 (rfc4537_etypes_len + 4) *
+                                                 sizeof(krb5_enctype));
+    if (desired_etypes == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    desired_etypes_len = rfc4537_etypes_len;
+
+    /*
+     * RFC 4537:
+     *
+     *   If the EtypeList is present and the server prefers an enctype from
+     *   the client's enctype list over that of the AP-REQ authenticator
+     *   subkey (if that is present) or the service ticket session key, the
+     *   server MUST create a subkey using that enctype.  This negotiated
+     *   subkey is sent in the subkey field of AP-REP message, and it is then
+     *   used as the protocol key or base key [RFC3961] for subsequent
+     *   communication.
+     *
+     *   If the enctype of the ticket session key is included in the enctype
+     *   list sent by the client, it SHOULD be the last on the list;
+     *   otherwise, this enctype MUST NOT be negotiated if it was not included
+     *   in the list.
+     *
+     * The second paragraph does appear to contradict the first with respect
+     * to whether it is legal to negotiate the ticket session key type if it
+     * is absent in the EtypeList. A literal reading suggests that we can use
+     * the AP-REQ subkey enctype. Also a client has no way of distinguishing
+     * a server that does not RFC 4537 from one that has chosen the same
+     * enctype as the ticket session key for the acceptor subkey, surely.
+     */
+
+    if ((*auth_context)->authentp->subkey != NULL) {
+        desired_etypes[desired_etypes_len++] = (*auth_context)->authentp->subkey->enctype;
+    }
+    desired_etypes[desired_etypes_len++] = req->ticket->enc_part2->session->enctype;
+    desired_etypes[desired_etypes_len] = ENCTYPE_NULL;
+
+    if (((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_PERMIT_ALL) == 0) {
+        if ((*auth_context)->permitted_etypes != NULL) {
+            permitted_etypes = (*auth_context)->permitted_etypes;
+        } else {
+            retval = krb5_get_permitted_enctypes(context, &permitted_etypes);
+            if (retval != 0)
+                goto cleanup;
+        }
+        permitted_etypes_len = k5_count_etypes(permitted_etypes);
+    } else {
+        permitted_etypes = NULL;
+        permitted_etypes_len = 0;
+    }
+
+    /* check if the various etypes are permitted */
+    retval = negotiate_etype(context,
+                             desired_etypes, desired_etypes_len,
+                             rfc4537_etypes_len,
+                             permitted_etypes, permitted_etypes_len,
+                             &(*auth_context)->negotiated_etype);
+    if (retval != 0)
+        goto cleanup;
+    TRACE_RD_REQ_NEGOTIATED_ETYPE(context, (*auth_context)->negotiated_etype);
+
+    assert((*auth_context)->negotiated_etype != ENCTYPE_NULL);
+
+    (*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number;
+    if ((*auth_context)->authentp->subkey) {
+        TRACE_RD_REQ_SUBKEY(context, (*auth_context)->authentp->subkey);
+        if ((retval = krb5_k_create_key(context,
+                                        (*auth_context)->authentp->subkey,
+                                        &((*auth_context)->recv_subkey))))
+            goto cleanup;
+        retval = krb5_k_create_key(context, (*auth_context)->authentp->subkey,
+                                   &((*auth_context)->send_subkey));
+        if (retval) {
+            krb5_k_free_key(context, (*auth_context)->recv_subkey);
+            (*auth_context)->recv_subkey = NULL;
+            goto cleanup;
+        }
+    } else {
+        (*auth_context)->recv_subkey = 0;
+        (*auth_context)->send_subkey = 0;
+    }
+
+    if ((retval = krb5_k_create_key(context, req->ticket->enc_part2->session,
+                                    &((*auth_context)->key))))
+        goto cleanup;
+
+    /*
+     * If not AP_OPTS_MUTUAL_REQUIRED then and sequence numbers are used
+     * then the default sequence number is the one's complement of the
+     * sequence number sent ot us.
+     */
+    if ((!(req->ap_options & AP_OPTS_MUTUAL_REQUIRED)) &&
+        (*auth_context)->remote_seq_number) {
+        (*auth_context)->local_seq_number ^=
+            (*auth_context)->remote_seq_number;
+    }
+
+    if (ticket)
+        if ((retval = krb5_copy_ticket(context, req->ticket, ticket)))
+            goto cleanup;
+    if (ap_req_options) {
+        *ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK;
+        if (rfc4537_etypes_len != 0)
+            *ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION;
+        if ((*auth_context)->negotiated_etype !=
+            krb5_k_key_enctype(context, (*auth_context)->key))
+            *ap_req_options |= AP_OPTS_USE_SUBKEY;
+    }
+
+    retval = 0;
+
+cleanup:
+    if (desired_etypes != NULL)
+        free(desired_etypes);
+    if (permitted_etypes != NULL &&
+        permitted_etypes != (*auth_context)->permitted_etypes)
+        free(permitted_etypes);
+    if (check_valid_flag)
+        krb5_free_keyblock_contents(context, &decrypt_key);
+
+    return retval;
+}
+
+krb5_error_code
+krb5_rd_req_decoded(krb5_context context, krb5_auth_context *auth_context,
+                    const krb5_ap_req *req, krb5_const_principal server,
+                    krb5_keytab keytab, krb5_flags *ap_req_options,
+                    krb5_ticket **ticket)
+{
+    krb5_error_code retval;
+    retval = rd_req_decoded_opt(context, auth_context,
+                                req, server, keytab,
+                                ap_req_options, ticket,
+                                1); /* check_valid_flag */
+    return retval;
+}
+
+krb5_error_code
+krb5_rd_req_decoded_anyflag(krb5_context context,
+                            krb5_auth_context *auth_context,
+                            const krb5_ap_req *req,
+                            krb5_const_principal server, krb5_keytab keytab,
+                            krb5_flags *ap_req_options, krb5_ticket **ticket)
+{
+    krb5_error_code retval;
+    retval = rd_req_decoded_opt(context, auth_context,
+                                req, server, keytab,
+                                ap_req_options, ticket,
+                                0); /* don't check_valid_flag */
+    return retval;
+}
+
+#ifndef LEAN_CLIENT
+static krb5_error_code
+decrypt_authenticator(krb5_context context, const krb5_ap_req *request,
+                      krb5_authenticator **authpp, int is_ap_req)
+{
+    krb5_authenticator *local_auth;
+    krb5_error_code retval;
+    krb5_data scratch;
+    krb5_keyblock *sesskey;
+
+    sesskey = request->ticket->enc_part2->session;
+
+    scratch.length = request->authenticator.ciphertext.length;
+    if (!(scratch.data = malloc(scratch.length)))
+        return(ENOMEM);
+
+    if ((retval = krb5_c_decrypt(context, sesskey,
+                                 is_ap_req?KRB5_KEYUSAGE_AP_REQ_AUTH:
+                                 KRB5_KEYUSAGE_TGS_REQ_AUTH, 0,
+                                 &request->authenticator, &scratch))) {
+        free(scratch.data);
+        return(retval);
+    }
+
+#define clean_scratch() {memset(scratch.data, 0, scratch.length);       \
+        free(scratch.data);}
+
+    /*  now decode the decrypted stuff */
+    if (!(retval = decode_krb5_authenticator(&scratch, &local_auth)))
+        *authpp = local_auth;
+
+    clean_scratch();
+    return retval;
+}
+#endif
+
+static krb5_error_code
+negotiate_etype(krb5_context context,
+                const krb5_enctype *desired_etypes,
+                int desired_etypes_len,
+                int mandatory_etypes_index,
+                const krb5_enctype *permitted_etypes,
+                int permitted_etypes_len,
+                krb5_enctype *negotiated_etype)
+{
+    int i, j;
+
+    *negotiated_etype = ENCTYPE_NULL;
+
+    /* mandatory segment of desired_etypes must be permitted */
+    for (i = mandatory_etypes_index; i < desired_etypes_len; i++) {
+        krb5_boolean permitted = FALSE;
+
+        for (j = 0; j < permitted_etypes_len; j++) {
+            if (desired_etypes[i] == permitted_etypes[j]) {
+                permitted = TRUE;
+                break;
+            }
+        }
+
+        if (permitted == FALSE) {
+            char enctype_name[30];
+
+            if (krb5_enctype_to_name(desired_etypes[i], FALSE, enctype_name,
+                                     sizeof(enctype_name)) == 0)
+                k5_setmsg(context, KRB5_NOPERM_ETYPE,
+                          _("Encryption type %s not permitted"), enctype_name);
+            return KRB5_NOPERM_ETYPE;
+        }
+    }
+
+    /*
+     * permitted_etypes is ordered from most to least preferred;
+     * find first desired_etype that matches.
+     */
+    for (j = 0; j < permitted_etypes_len; j++) {
+        for (i = 0; i < desired_etypes_len; i++) {
+            if (desired_etypes[i] == permitted_etypes[j]) {
+                *negotiated_etype = permitted_etypes[j];
+                return 0;
+            }
+        }
+    }
+
+    /*NOTREACHED*/
+    return KRB5_NOPERM_ETYPE;
+}
+
+static krb5_error_code
+decode_etype_list(krb5_context context,
+                  const krb5_authenticator *authp,
+                  krb5_enctype **desired_etypes,
+                  int *desired_etypes_len)
+{
+    krb5_error_code code;
+    krb5_authdata **ad_if_relevant = NULL;
+    krb5_authdata *etype_adata = NULL;
+    krb5_etype_list *etype_list = NULL;
+    int i, j;
+    krb5_data data;
+
+    *desired_etypes = NULL;
+
+    if (authp->authorization_data == NULL)
+        return 0;
+
+    /*
+     * RFC 4537 says that ETYPE_NEGOTIATION auth data should be wrapped
+     * in AD_IF_RELEVANT, but we handle the case where it is mandatory.
+     */
+    for (i = 0; authp->authorization_data[i] != NULL; i++) {
+        switch (authp->authorization_data[i]->ad_type) {
+        case KRB5_AUTHDATA_IF_RELEVANT:
+            code = krb5_decode_authdata_container(context,
+                                                  KRB5_AUTHDATA_IF_RELEVANT,
+                                                  authp->authorization_data[i],
+                                                  &ad_if_relevant);
+            if (code != 0)
+                continue;
+
+            for (j = 0; ad_if_relevant[j] != NULL; j++) {
+                if (ad_if_relevant[j]->ad_type == KRB5_AUTHDATA_ETYPE_NEGOTIATION) {
+                    etype_adata = ad_if_relevant[j];
+                    break;
+                }
+            }
+            if (etype_adata == NULL) {
+                krb5_free_authdata(context, ad_if_relevant);
+                ad_if_relevant = NULL;
+            }
+            break;
+        case KRB5_AUTHDATA_ETYPE_NEGOTIATION:
+            etype_adata = authp->authorization_data[i];
+            break;
+        default:
+            break;
+        }
+        if (etype_adata != NULL)
+            break;
+    }
+
+    if (etype_adata == NULL)
+        return 0;
+
+    data.data = (char *)etype_adata->contents;
+    data.length = etype_adata->length;
+
+    code = decode_krb5_etype_list(&data, &etype_list);
+    if (code == 0) {
+        *desired_etypes = etype_list->etypes;
+        *desired_etypes_len = etype_list->length;
+        free(etype_list);
+    }
+
+    if (ad_if_relevant != NULL)
+        krb5_free_authdata(context, ad_if_relevant);
+
+    return code;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/rd_safe.c b/krb5-1.21.3/src/lib/krb5/krb/rd_safe.c
new file mode 100644
index 00000000..6e5c97aa
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/rd_safe.c
@@ -0,0 +1,178 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/rd_safe.c - krb5_rd_safe() */
+/*
+ * Copyright 1990,1991,2007,2008,2019 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+/*
+ * Unmarshal a KRB-SAFE message from der_krbsafe, placing the
+ * integrity-protected user data in *userdata_out, replay data in *rdata_out,
+ * and checksum in *cksum_out.  The caller should free *userdata_out and
+ * *cksum_out when finished.
+ */
+static krb5_error_code
+read_krbsafe(krb5_context context, krb5_auth_context ac,
+             const krb5_data *der_krbsafe, krb5_key key,
+             krb5_replay_data *rdata_out, krb5_data *userdata_out,
+             krb5_checksum **cksum_out)
+{
+    krb5_error_code ret;
+    krb5_safe *krbsafe;
+    krb5_data *safe_body = NULL, *der_zerosafe = NULL;
+    krb5_checksum zero_cksum, *safe_cksum = NULL;
+    krb5_octet zero_octet = 0;
+    krb5_boolean valid;
+    struct krb5_safe_with_body swb;
+
+    *userdata_out = empty_data();
+    *cksum_out = NULL;
+    if (!krb5_is_krb_safe(der_krbsafe))
+        return KRB5KRB_AP_ERR_MSG_TYPE;
+
+    ret = decode_krb5_safe_with_body(der_krbsafe, &krbsafe, &safe_body);
+    if (ret)
+        return ret;
+
+    if (!krb5_c_valid_cksumtype(krbsafe->checksum->checksum_type)) {
+        ret = KRB5_PROG_SUMTYPE_NOSUPP;
+        goto cleanup;
+    }
+    if (!krb5_c_is_coll_proof_cksum(krbsafe->checksum->checksum_type) ||
+        !krb5_c_is_keyed_cksum(krbsafe->checksum->checksum_type)) {
+        ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        goto cleanup;
+    }
+
+    ret = k5_privsafe_check_addrs(context, ac, krbsafe->s_address,
+                                  krbsafe->r_address);
+    if (ret)
+        goto cleanup;
+
+    /* Regenerate the KRB-SAFE message without the checksum.  Save the message
+     * checksum to verify. */
+    safe_cksum = krbsafe->checksum;
+    zero_cksum.length = 0;
+    zero_cksum.checksum_type = 0;
+    zero_cksum.contents = &zero_octet;
+    krbsafe->checksum = &zero_cksum;
+    swb.body = safe_body;
+    swb.safe = krbsafe;
+    ret = encode_krb5_safe_with_body(&swb, &der_zerosafe);
+    krbsafe->checksum = NULL;
+    if (ret)
+        goto cleanup;
+
+    /* Verify the checksum over the re-encoded message. */
+    ret = krb5_k_verify_checksum(context, key, KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+                                 der_zerosafe, safe_cksum, &valid);
+    if (!valid) {
+        /* Checksum over only the KRB-SAFE-BODY as specified in RFC 1510. */
+        ret = krb5_k_verify_checksum(context, key,
+                                     KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+                                     safe_body, safe_cksum, &valid);
+        if (!valid) {
+            ret = KRB5KRB_AP_ERR_MODIFIED;
+            goto cleanup;
+        }
+    }
+
+    rdata_out->timestamp = krbsafe->timestamp;
+    rdata_out->usec = krbsafe->usec;
+    rdata_out->seq = krbsafe->seq_number;
+
+    *userdata_out = krbsafe->user_data;
+    krbsafe->user_data.data = NULL;
+
+    *cksum_out = safe_cksum;
+    safe_cksum = NULL;
+
+cleanup:
+    zapfreedata(der_zerosafe);
+    krb5_free_data(context, safe_body);
+    krb5_free_safe(context, krbsafe);
+    krb5_free_checksum(context, safe_cksum);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_rd_safe(krb5_context context, krb5_auth_context authcon,
+             const krb5_data *inbuf, krb5_data *userdata_out,
+             krb5_replay_data *rdata_out)
+{
+    krb5_error_code ret;
+    krb5_key key;
+    krb5_replay_data rdata;
+    krb5_data userdata = empty_data();
+    krb5_checksum *cksum;
+    const krb5_int32 flags = authcon->auth_context_flags;
+
+    *userdata_out = empty_data();
+
+    if (((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
+         (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && rdata_out == NULL)
+        return KRB5_RC_REQUIRED;
+
+    key = (authcon->recv_subkey != NULL) ? authcon->recv_subkey : authcon->key;
+    memset(&rdata, 0, sizeof(rdata));
+    ret = read_krbsafe(context, authcon, inbuf, key, &rdata, &userdata,
+                       &cksum);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_privsafe_check_replay(context, authcon, &rdata, NULL, cksum);
+    if (ret)
+        goto cleanup;
+
+    if (flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+        if (!k5_privsafe_check_seqnum(context, authcon, rdata.seq)) {
+            ret = KRB5KRB_AP_ERR_BADORDER;
+            goto cleanup;
+        }
+        authcon->remote_seq_number++;
+    }
+
+    if ((flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
+        (flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        rdata_out->timestamp = rdata.timestamp;
+        rdata_out->usec = rdata.usec;
+        rdata_out->seq = rdata.seq;
+    }
+
+    *userdata_out = userdata;
+    userdata = empty_data();
+
+cleanup:
+    krb5_free_data_contents(context, &userdata);
+    krb5_free_checksum(context, cksum);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/recvauth.c b/krb5-1.21.3/src/lib/krb5/krb/recvauth.c
new file mode 100644
index 00000000..f784fa37
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/recvauth.c
@@ -0,0 +1,240 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/recvauth.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * convenience sendauth/recvauth functions
+ */
+
+#include "k5-int.h"
+#include "auth_con.h"
+#include "com_err.h"
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+static const char sendauth_version[] = "KRB5_SENDAUTH_V1.0";
+
+static krb5_error_code
+recvauth_common(krb5_context context,
+                krb5_auth_context * auth_context,
+                /* IN */
+                krb5_pointer fd,
+                char *appl_version,
+                krb5_principal server,
+                krb5_int32 flags,
+                krb5_keytab keytab,
+                /* OUT */
+                krb5_ticket ** ticket,
+                krb5_data *version)
+{
+    krb5_auth_context     new_auth_context;
+    krb5_flags            ap_option = 0;
+    krb5_error_code       retval, problem;
+    krb5_data             inbuf;
+    krb5_data             outbuf;
+    krb5_rcache           rcache = 0;
+    krb5_octet            response;
+    krb5_data             d;
+    int                   need_error_free = 0;
+    int                   local_rcache = 0, local_authcon = 0;
+
+    /*
+     * Zero out problem variable.  If problem is set at the end of
+     * the initial version negotiation section, it means that we
+     * need to send an error code back to the client application
+     * and exit.
+     */
+    problem = 0;
+    response = 0;
+
+    if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) {
+        /*
+         * First read the sendauth version string and check it.
+         */
+        if ((retval = krb5_read_message(context, fd, &inbuf)))
+            return(retval);
+        d = make_data((char *)sendauth_version, strlen(sendauth_version) + 1);
+        if (!data_eq(inbuf, d)) {
+            problem = KRB5_SENDAUTH_BADAUTHVERS;
+            response = 1;
+        }
+        free(inbuf.data);
+    }
+    if (flags & KRB5_RECVAUTH_BADAUTHVERS) {
+        problem = KRB5_SENDAUTH_BADAUTHVERS;
+        response = 1;
+    }
+
+    /*
+     * Do the same thing for the application version string.
+     */
+    if ((retval = krb5_read_message(context, fd, &inbuf)))
+        return(retval);
+    if (appl_version != NULL && !problem) {
+        d = make_data(appl_version, strlen(appl_version) + 1);
+        if (!data_eq(inbuf, d)) {
+            problem = KRB5_SENDAUTH_BADAPPLVERS;
+            response = 2;
+        }
+    }
+    if (version && !problem)
+        *version = inbuf;
+    else
+        free(inbuf.data);
+
+    /*
+     * Now we actually write the response.  If the response is non-zero,
+     * exit with a return value of problem
+     */
+    if ((krb5_net_write(context, *((int *)fd), (char *)&response, 1)) < 0) {
+        return(problem); /* We'll return the top-level problem */
+    }
+    if (problem)
+        return(problem);
+
+    /* We are clear of errors here */
+
+    /*
+     * Now, let's read the AP_REQ message and decode it
+     */
+    if ((retval = krb5_read_message(context, fd, &inbuf)))
+        return retval;
+
+    if (*auth_context == NULL) {
+        problem = krb5_auth_con_init(context, &new_auth_context);
+        *auth_context = new_auth_context;
+        local_authcon = 1;
+    }
+    krb5_auth_con_getrcache(context, *auth_context, &rcache);
+    if ((!problem) && rcache == NULL) {
+        problem = k5_rc_default(context, &rcache);
+        if (!problem)
+            problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
+        local_rcache = 1;
+    }
+    if (!problem) {
+        problem = krb5_rd_req(context, auth_context, &inbuf, server,
+                              keytab, &ap_option, ticket);
+        free(inbuf.data);
+    }
+
+    /*
+     * If there was a problem, send back a krb5_error message,
+     * preceded by the length of the krb5_error message.  If
+     * everything's ok, send back 0 for the length.
+     */
+    if (problem) {
+        krb5_error      error;
+        const   char *message;
+
+        memset(&error, 0, sizeof(error));
+        krb5_us_timeofday(context, &error.stime, &error.susec);
+        if(server)
+            error.server = server;
+        else {
+            /* If this fails - ie. ENOMEM we are hosed
+               we cannot even send the error if we wanted to... */
+            (void) krb5_parse_name(context, "????", &error.server);
+            need_error_free = 1;
+        }
+
+        error.error = problem - ERROR_TABLE_BASE_krb5;
+        if (error.error > 127)
+            error.error = KRB_ERR_GENERIC;
+        message = error_message(problem);
+        error.text.length  = strlen(message) + 1;
+        error.text.data = strdup(message);
+        if (!error.text.data) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        if ((retval = krb5_mk_error(context, &error, &outbuf))) {
+            free(error.text.data);
+            goto cleanup;
+        }
+        free(error.text.data);
+        if(need_error_free)
+            krb5_free_principal(context, error.server);
+
+    } else {
+        outbuf.length = 0;
+        outbuf.data = 0;
+    }
+
+    retval = krb5_write_message(context, fd, &outbuf);
+    if (outbuf.data) {
+        free(outbuf.data);
+        /* We sent back an error, we need cleanup then return */
+        retval = problem;
+        goto cleanup;
+    }
+    if (retval)
+        goto cleanup;
+
+    /* Here lies the mutual authentication stuff... */
+    if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
+        if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
+            return(retval);
+        }
+        retval = krb5_write_message(context, fd, &outbuf);
+        free(outbuf.data);
+    }
+
+cleanup:;
+    if (retval) {
+        if (local_authcon) {
+            krb5_auth_con_free(context, *auth_context);
+        } else if (local_rcache && rcache != NULL) {
+            k5_rc_close(context, rcache);
+            krb5_auth_con_setrcache(context, *auth_context, NULL);
+        }
+    }
+    return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, char *appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket)
+{
+    return recvauth_common (context, auth_context, fd, appl_version,
+                            server, flags, keytab, ticket, 0);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_recvauth_version(krb5_context context,
+                      krb5_auth_context *auth_context,
+                      /* IN */
+                      krb5_pointer fd,
+                      krb5_principal server,
+                      krb5_int32 flags,
+                      krb5_keytab keytab,
+                      /* OUT */
+                      krb5_ticket **ticket,
+                      krb5_data *version)
+{
+    return recvauth_common (context, auth_context, fd, 0,
+                            server, flags, keytab, ticket, version);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/response_items.c b/krb5-1.21.3/src/lib/krb5/krb/response_items.c
new file mode 100644
index 00000000..606d4f34
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/response_items.c
@@ -0,0 +1,224 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/response_items.c - Response items */
+/*
+ * Copyright 2012 Red Hat, Inc.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of Red Hat not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original Red Hat software.
+ * Red Hat makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+struct k5_response_items_st {
+    size_t count;
+    char **questions;
+    char **challenges;
+    char **answers;
+};
+
+krb5_error_code
+k5_response_items_new(k5_response_items **ri_out)
+{
+    *ri_out = calloc(1, sizeof(**ri_out));
+    return (*ri_out == NULL) ? ENOMEM : 0;
+}
+
+void
+k5_response_items_free(k5_response_items *ri)
+{
+    k5_response_items_reset(ri);
+    free(ri);
+}
+
+void
+k5_response_items_reset(k5_response_items *ri)
+{
+    size_t i;
+
+    if (ri == NULL)
+        return;
+
+    for (i = 0; i < ri->count; i++)
+        free(ri->questions[i]);
+    free(ri->questions);
+    ri->questions = NULL;
+
+    for (i = 0; i < ri->count; i++)
+        zapfreestr(ri->challenges[i]);
+    free(ri->challenges);
+    ri->challenges = NULL;
+
+    for (i = 0; i < ri->count; i++)
+        zapfreestr(ri->answers[i]);
+    free(ri->answers);
+    ri->answers = NULL;
+
+    ri->count = 0;
+}
+
+krb5_boolean
+k5_response_items_empty(const k5_response_items *ri)
+{
+    return ri == NULL ? TRUE : ri->count == 0;
+}
+
+const char * const *
+k5_response_items_list_questions(const k5_response_items *ri)
+{
+    if (ri == NULL)
+        return NULL;
+    return (const char * const *)ri->questions;
+}
+
+static ssize_t
+find_question(const k5_response_items *ri, const char *question)
+{
+    size_t i;
+
+    if (ri == NULL)
+        return -1;
+
+    for (i = 0; i < ri->count; i++) {
+        if (strcmp(ri->questions[i], question) == 0)
+            return i;
+    }
+
+    return -1;
+}
+
+static krb5_error_code
+push_question(k5_response_items *ri, const char *question,
+              const char *challenge)
+{
+    char **tmp;
+    size_t size;
+
+    if (ri == NULL)
+        return EINVAL;
+
+    size = sizeof(char *) * (ri->count + 2);
+    tmp = realloc(ri->questions, size);
+    if (tmp == NULL)
+        return ENOMEM;
+    ri->questions = tmp;
+    ri->questions[ri->count] = NULL;
+    ri->questions[ri->count + 1] = NULL;
+
+    tmp = realloc(ri->challenges, size);
+    if (tmp == NULL)
+        return ENOMEM;
+    ri->challenges = tmp;
+    ri->challenges[ri->count] = NULL;
+    ri->challenges[ri->count + 1] = NULL;
+
+    tmp = realloc(ri->answers, size);
+    if (tmp == NULL)
+        return ENOMEM;
+    ri->answers = tmp;
+    ri->answers[ri->count] = NULL;
+    ri->answers[ri->count + 1] = NULL;
+
+    ri->questions[ri->count] = strdup(question);
+    if (ri->questions[ri->count] == NULL)
+        return ENOMEM;
+
+    if (challenge != NULL) {
+        ri->challenges[ri->count] = strdup(challenge);
+        if (ri->challenges[ri->count] == NULL) {
+            free(ri->questions[ri->count]);
+            ri->questions[ri->count] = NULL;
+            return ENOMEM;
+        }
+    }
+
+    ri->count++;
+    return 0;
+}
+
+krb5_error_code
+k5_response_items_ask_question(k5_response_items *ri, const char *question,
+                               const char *challenge)
+{
+    ssize_t i;
+    char *tmp = NULL;
+
+    i = find_question(ri, question);
+    if (i < 0)
+        return push_question(ri, question, challenge);
+
+    if (challenge != NULL) {
+        tmp = strdup(challenge);
+        if (tmp == NULL)
+            return ENOMEM;
+    }
+
+    zapfreestr(ri->challenges[i]);
+    ri->challenges[i] = tmp;
+    return 0;
+}
+
+const char *
+k5_response_items_get_challenge(const k5_response_items *ri,
+                                const char *question)
+{
+    ssize_t i;
+
+    i = find_question(ri, question);
+    if (i < 0)
+        return NULL;
+
+    return ri->challenges[i];
+}
+
+krb5_error_code
+k5_response_items_set_answer(k5_response_items *ri, const char *question,
+                             const char *answer)
+{
+    char *tmp = NULL;
+    ssize_t i;
+
+    i = find_question(ri, question);
+    if (i < 0)
+        return EINVAL;
+
+    if (answer != NULL) {
+        tmp = strdup(answer);
+        if (tmp == NULL)
+            return ENOMEM;
+    }
+
+    zapfreestr(ri->answers[i]);
+    ri->answers[i] = tmp;
+    return 0;
+}
+
+const char *
+k5_response_items_get_answer(const k5_response_items *ri,
+                             const char *question)
+{
+    ssize_t i;
+
+    i = find_question(ri, question);
+    if (i < 0)
+        return NULL;
+
+    return ri->answers[i];
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c b/krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c
new file mode 100644
index 00000000..44d113e7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c
@@ -0,0 +1,1263 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/s4u_creds.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "os-proto.h"
+
+/* Convert ticket flags to necessary KDC options */
+#define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK)
+
+/*
+ * Implements S4U2Self, by which a service can request a ticket to
+ * itself on behalf of an arbitrary principal.
+ */
+
+static krb5_error_code
+s4u_identify_user(krb5_context context,
+                  krb5_creds *in_creds,
+                  krb5_data *subject_cert,
+                  krb5_principal *canon_user)
+{
+    krb5_principal_data client;
+    krb5_data empty_name = empty_data();
+
+    *canon_user = NULL;
+
+    if (in_creds->client == NULL && subject_cert == NULL) {
+        return EINVAL;
+    }
+
+    if (in_creds->client != NULL &&
+        in_creds->client->type != KRB5_NT_ENTERPRISE_PRINCIPAL) {
+        int anonymous;
+
+        anonymous = krb5_principal_compare(context, in_creds->client,
+                                           krb5_anonymous_principal());
+
+        return krb5_copy_principal(context,
+                                   anonymous ? in_creds->server
+                                   : in_creds->client,
+                                   canon_user);
+    }
+
+    if (in_creds->client != NULL) {
+        client = *in_creds->client;
+        client.realm = in_creds->server->realm;
+
+        /* Don't send subject_cert if we have an enterprise principal. */
+        return k5_identify_realm(context, &client, NULL, canon_user);
+    }
+
+    client.magic = KV5M_PRINCIPAL;
+    client.realm = in_creds->server->realm;
+
+    /*
+     * Windows clients send the certificate subject as the client name.
+     * However, Windows KDC seem to be happy with an empty string as long as
+     * the name-type is NT-X500-PRINCIPAL.
+     */
+    client.data = &empty_name;
+    client.length = 1;
+    client.type = KRB5_NT_X500_PRINCIPAL;
+
+    return k5_identify_realm(context, &client, subject_cert, canon_user);
+}
+
+static krb5_error_code
+make_pa_for_user_checksum(krb5_context context,
+                          krb5_keyblock *key,
+                          krb5_pa_for_user *req,
+                          krb5_checksum *cksum)
+{
+    krb5_error_code code;
+    int i;
+    char *p;
+    krb5_data data;
+
+    data.length = 4;
+    for (i = 0; i < req->user->length; i++)
+        data.length += req->user->data[i].length;
+    data.length += req->user->realm.length;
+    data.length += req->auth_package.length;
+
+    p = data.data = malloc(data.length);
+    if (data.data == NULL)
+        return ENOMEM;
+
+    p[0] = (req->user->type >> 0) & 0xFF;
+    p[1] = (req->user->type >> 8) & 0xFF;
+    p[2] = (req->user->type >> 16) & 0xFF;
+    p[3] = (req->user->type >> 24) & 0xFF;
+    p += 4;
+
+    for (i = 0; i < req->user->length; i++) {
+        if (req->user->data[i].length > 0)
+            memcpy(p, req->user->data[i].data, req->user->data[i].length);
+        p += req->user->data[i].length;
+    }
+
+    if (req->user->realm.length > 0)
+        memcpy(p, req->user->realm.data, req->user->realm.length);
+    p += req->user->realm.length;
+
+    if (req->auth_package.length > 0)
+        memcpy(p, req->auth_package.data, req->auth_package.length);
+
+    /* Per spec, use hmac-md5 checksum regardless of key type. */
+    code = krb5_c_make_checksum(context, CKSUMTYPE_HMAC_MD5_ARCFOUR, key,
+                                KRB5_KEYUSAGE_APP_DATA_CKSUM, &data,
+                                cksum);
+
+    free(data.data);
+
+    return code;
+}
+
+static krb5_error_code
+build_pa_for_user(krb5_context context,
+                  krb5_creds *tgt,
+                  krb5_s4u_userid *userid,
+                  krb5_pa_data **out_padata)
+{
+    krb5_error_code code;
+    krb5_pa_data *padata;
+    krb5_pa_for_user for_user;
+    krb5_data *for_user_data = NULL;
+    char package[] = "Kerberos";
+
+    if (userid->user == NULL)
+        return EINVAL;
+
+    memset(&for_user, 0, sizeof(for_user));
+    for_user.user = userid->user;
+    for_user.auth_package.data = package;
+    for_user.auth_package.length = sizeof(package) - 1;
+
+    code = make_pa_for_user_checksum(context, &tgt->keyblock,
+                                     &for_user, &for_user.cksum);
+    if (code != 0)
+        goto cleanup;
+
+    code = encode_krb5_pa_for_user(&for_user, &for_user_data);
+    if (code != 0)
+        goto cleanup;
+
+    padata = malloc(sizeof(*padata));
+    if (padata == NULL) {
+        code = ENOMEM;
+        goto cleanup;
+    }
+
+    padata->magic = KV5M_PA_DATA;
+    padata->pa_type = KRB5_PADATA_FOR_USER;
+    padata->length = for_user_data->length;
+    padata->contents = (krb5_octet *)for_user_data->data;
+
+    free(for_user_data);
+    for_user_data = NULL;
+
+    *out_padata = padata;
+
+cleanup:
+    if (for_user.cksum.contents != NULL)
+        krb5_free_checksum_contents(context, &for_user.cksum);
+    krb5_free_data(context, for_user_data);
+
+    return code;
+}
+
+/*
+ * This function is invoked by krb5int_make_tgs_request_ext() just before the
+ * request is encoded; it gives us access to the nonce and subkey without
+ * requiring them to be generated by the caller.
+ */
+static krb5_error_code
+build_pa_s4u_x509_user(krb5_context context,
+                       krb5_keyblock *subkey,
+                       krb5_kdc_req *tgsreq,
+                       void *gcvt_data)
+{
+    krb5_error_code code;
+    krb5_pa_s4u_x509_user *s4u_user = (krb5_pa_s4u_x509_user *)gcvt_data;
+    krb5_data *data = NULL;
+    krb5_cksumtype cksumtype;
+    int i;
+
+    assert(s4u_user->cksum.contents == NULL);
+
+    s4u_user->user_id.nonce = tgsreq->nonce;
+
+    code = encode_krb5_s4u_userid(&s4u_user->user_id, &data);
+    if (code != 0)
+        goto cleanup;
+
+    /* [MS-SFU] 2.2.2: unusual to say the least, but enc_padata secures it */
+    if (subkey->enctype == ENCTYPE_ARCFOUR_HMAC ||
+        subkey->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        cksumtype = CKSUMTYPE_RSA_MD4;
+    } else {
+        code = krb5int_c_mandatory_cksumtype(context, subkey->enctype,
+                                             &cksumtype);
+    }
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_c_make_checksum(context, cksumtype, subkey,
+                                KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST, data,
+                                &s4u_user->cksum);
+    if (code != 0)
+        goto cleanup;
+
+    krb5_free_data(context, data);
+    data = NULL;
+
+    code = encode_krb5_pa_s4u_x509_user(s4u_user, &data);
+    if (code != 0)
+        goto cleanup;
+
+    /* Find the empty PA-S4U-X509-USER element placed in the TGS request padata
+     * by krb5_get_self_cred_from_kdc() and replace it with the encoding. */
+    assert(tgsreq->padata != NULL);
+    for (i = 0; tgsreq->padata[i] != NULL; i++) {
+        if (tgsreq->padata[i]->pa_type == KRB5_PADATA_S4U_X509_USER)
+            break;
+    }
+    assert(tgsreq->padata[i] != NULL);
+    free(tgsreq->padata[i]->contents);
+    tgsreq->padata[i]->length = data->length;
+    tgsreq->padata[i]->contents = (krb5_octet *)data->data;
+    free(data);
+    data = NULL;
+
+cleanup:
+    if (code != 0 && s4u_user->cksum.contents != NULL) {
+        krb5_free_checksum_contents(context, &s4u_user->cksum);
+        s4u_user->cksum.contents = NULL;
+    }
+    krb5_free_data(context, data);
+
+    return code;
+}
+
+/*
+ * Validate the S4U2Self padata in the KDC reply.  If update_req_user is true
+ * and the KDC sent S4U-X509-USER padata, replace req_s4u_user->user_id.user
+ * with the checksum-protected client name from the KDC.  If update_req_user is
+ * false, verify that the client name has not changed.
+ */
+static krb5_error_code
+verify_s4u2self_reply(krb5_context context,
+                      krb5_keyblock *subkey,
+                      krb5_pa_s4u_x509_user *req_s4u_user,
+                      krb5_pa_data **rep_padata,
+                      krb5_pa_data **enc_padata,
+                      krb5_boolean update_req_user)
+{
+    krb5_error_code code;
+    krb5_pa_data *rep_s4u_padata, *enc_s4u_padata;
+    krb5_pa_s4u_x509_user *rep_s4u_user = NULL;
+    krb5_data data, *datap = NULL;
+    krb5_keyusage usage;
+    krb5_boolean valid;
+    krb5_boolean not_newer;
+
+    assert(req_s4u_user != NULL);
+
+    switch (subkey->enctype) {
+    case ENCTYPE_DES3_CBC_SHA1:
+    case ENCTYPE_DES3_CBC_RAW:
+    case ENCTYPE_ARCFOUR_HMAC:
+    case ENCTYPE_ARCFOUR_HMAC_EXP :
+        not_newer = TRUE;
+        break;
+    default:
+        not_newer = FALSE;
+        break;
+    }
+
+    enc_s4u_padata = krb5int_find_pa_data(context,
+                                          enc_padata,
+                                          KRB5_PADATA_S4U_X509_USER);
+
+    rep_s4u_padata = krb5int_find_pa_data(context,
+                                          rep_padata,
+                                          KRB5_PADATA_S4U_X509_USER);
+    if (rep_s4u_padata == NULL)
+        return (enc_s4u_padata != NULL) ? KRB5_KDCREP_MODIFIED : 0;
+
+    data.length = rep_s4u_padata->length;
+    data.data = (char *)rep_s4u_padata->contents;
+
+    code = decode_krb5_pa_s4u_x509_user(&data, &rep_s4u_user);
+    if (code != 0)
+        goto cleanup;
+
+    if (rep_s4u_user->user_id.nonce != req_s4u_user->user_id.nonce) {
+        code = KRB5_KDCREP_MODIFIED;
+        goto cleanup;
+    }
+
+    code = encode_krb5_s4u_userid(&rep_s4u_user->user_id, &datap);
+    if (code != 0)
+        goto cleanup;
+
+    if (rep_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE)
+        usage = KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY;
+    else
+        usage = KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST;
+
+    code = krb5_c_verify_checksum(context, subkey, usage, datap,
+                                  &rep_s4u_user->cksum, &valid);
+    if (code != 0)
+        goto cleanup;
+    if (valid == FALSE) {
+        code = KRB5_KDCREP_MODIFIED;
+        goto cleanup;
+    }
+
+    if (rep_s4u_user->user_id.user == NULL ||
+        rep_s4u_user->user_id.user->length == 0) {
+        code = KRB5_KDCREP_MODIFIED;
+        goto cleanup;
+    }
+
+    if (update_req_user) {
+        krb5_free_principal(context, req_s4u_user->user_id.user);
+        code = krb5_copy_principal(context, rep_s4u_user->user_id.user,
+                                   &req_s4u_user->user_id.user);
+        if (code != 0)
+            goto cleanup;
+    } else if (!krb5_principal_compare(context, rep_s4u_user->user_id.user,
+                                       req_s4u_user->user_id.user)) {
+        code = KRB5_KDCREP_MODIFIED;
+        goto cleanup;
+    }
+
+    /*
+     * KDCs that support KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE also return
+     * S4U enc_padata for older (pre-AES) encryption types only.
+     */
+    if (not_newer) {
+        if (enc_s4u_padata == NULL) {
+            if (rep_s4u_user->user_id.options &
+                KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) {
+                code = KRB5_KDCREP_MODIFIED;
+                goto cleanup;
+            }
+        } else {
+            if (enc_s4u_padata->length !=
+                req_s4u_user->cksum.length + rep_s4u_user->cksum.length) {
+                code = KRB5_KDCREP_MODIFIED;
+                goto cleanup;
+            }
+            if (memcmp(enc_s4u_padata->contents,
+                       req_s4u_user->cksum.contents,
+                       req_s4u_user->cksum.length) ||
+                memcmp(&enc_s4u_padata->contents[req_s4u_user->cksum.length],
+                       rep_s4u_user->cksum.contents,
+                       rep_s4u_user->cksum.length)) {
+                code = KRB5_KDCREP_MODIFIED;
+                goto cleanup;
+            }
+        }
+    } else if (!krb5_c_is_keyed_cksum(rep_s4u_user->cksum.checksum_type)) {
+        code = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        goto cleanup;
+    }
+
+cleanup:
+    krb5_free_pa_s4u_x509_user(context, rep_s4u_user);
+    krb5_free_data(context, datap);
+
+    return code;
+}
+
+/* Unparse princ and re-parse it as an enterprise principal. */
+static krb5_error_code
+convert_to_enterprise(krb5_context context, krb5_principal princ,
+                      krb5_principal *eprinc_out)
+{
+    krb5_error_code code;
+    char *str;
+
+    *eprinc_out = NULL;
+    code = krb5_unparse_name(context, princ, &str);
+    if (code != 0)
+        return code;
+    code = krb5_parse_name_flags(context, str,
+                                 KRB5_PRINCIPAL_PARSE_ENTERPRISE |
+                                 KRB5_PRINCIPAL_PARSE_IGNORE_REALM,
+                                 eprinc_out);
+    krb5_free_unparsed_name(context, str);
+    return code;
+}
+
+static krb5_error_code
+krb5_get_self_cred_from_kdc(krb5_context context,
+                            krb5_flags options,
+                            krb5_ccache ccache,
+                            krb5_creds *in_creds,
+                            krb5_data *subject_cert,
+                            krb5_data *user_realm,
+                            krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_principal tgs = NULL, eprinc = NULL;
+    krb5_principal_data sprinc;
+    krb5_creds tgtq, s4u_creds, *tgt = NULL, *tgtptr;
+    krb5_creds *referral_tgts[KRB5_REFERRAL_MAXHOPS];
+    krb5_pa_s4u_x509_user s4u_user;
+    int referral_count = 0, i;
+    krb5_flags kdcopt;
+
+    memset(&tgtq, 0, sizeof(tgtq));
+    memset(referral_tgts, 0, sizeof(referral_tgts));
+    *out_creds = NULL;
+
+    memset(&s4u_user, 0, sizeof(s4u_user));
+
+    if (in_creds->client != NULL && in_creds->client->length > 0) {
+        if (in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+            code = krb5_build_principal_ext(context,
+                                            &s4u_user.user_id.user,
+                                            user_realm->length,
+                                            user_realm->data,
+                                            in_creds->client->data[0].length,
+                                            in_creds->client->data[0].data,
+                                            0);
+            if (code != 0)
+                goto cleanup;
+            s4u_user.user_id.user->type = KRB5_NT_ENTERPRISE_PRINCIPAL;
+        } else {
+            code = krb5_copy_principal(context,
+                                       in_creds->client,
+                                       &s4u_user.user_id.user);
+            if (code != 0)
+                goto cleanup;
+        }
+    } else {
+        code = krb5_build_principal_ext(context, &s4u_user.user_id.user,
+                                        user_realm->length, user_realm->data,
+                                        0);
+        if (code != 0)
+            goto cleanup;
+    }
+    if (subject_cert != NULL)
+        s4u_user.user_id.subject_cert = *subject_cert;
+    s4u_user.user_id.options = KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE;
+
+    /* First, acquire a TGT to the user's realm. */
+    code = krb5int_tgtname(context, user_realm, &in_creds->server->realm,
+                           &tgs);
+    if (code != 0)
+        goto cleanup;
+
+    tgtq.client = in_creds->server;
+    tgtq.server = tgs;
+
+    code = krb5_get_credentials(context, options, ccache, &tgtq, &tgt);
+    if (code != 0)
+        goto cleanup;
+
+    tgtptr = tgt;
+
+    /* Convert the server principal to an enterprise principal, for use with
+     * foreign realms. */
+    code = convert_to_enterprise(context, in_creds->server, &eprinc);
+    if (code != 0)
+        goto cleanup;
+
+    /* Make a shallow copy of in_creds with client pointing to the server
+     * principal.  We will set s4u_creds.server for each request. */
+    s4u_creds = *in_creds;
+    s4u_creds.client = in_creds->server;
+
+    /* Then, walk back the referral path to S4U2Self for user */
+    kdcopt = 0;
+    if (options & KRB5_GC_CANONICALIZE)
+        kdcopt |= KDC_OPT_CANONICALIZE;
+    if (options & KRB5_GC_FORWARDABLE)
+        kdcopt |= KDC_OPT_FORWARDABLE;
+    if (options & KRB5_GC_NO_TRANSIT_CHECK)
+        kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
+
+    for (referral_count = 0;
+         referral_count < KRB5_REFERRAL_MAXHOPS;
+         referral_count++)
+    {
+        krb5_pa_data **in_padata = NULL;
+        krb5_pa_data **out_padata = NULL;
+        krb5_pa_data **enc_padata = NULL;
+        krb5_keyblock *subkey = NULL;
+
+        in_padata = k5calloc(3, sizeof(krb5_pa_data *), &code);
+        if (in_padata == NULL)
+            goto cleanup;
+
+        in_padata[0] = k5alloc(sizeof(krb5_pa_data), &code);
+        if (in_padata[0] == NULL) {
+            krb5_free_pa_data(context, in_padata);
+            goto cleanup;
+        }
+
+        in_padata[0]->magic = KV5M_PA_DATA;
+        in_padata[0]->pa_type = KRB5_PADATA_S4U_X509_USER;
+        in_padata[0]->length = 0;
+        in_padata[0]->contents = NULL;
+
+        if (s4u_user.user_id.user != NULL && s4u_user.user_id.user->length) {
+            code = build_pa_for_user(context, tgtptr, &s4u_user.user_id,
+                                     &in_padata[1]);
+            /*
+             * If we couldn't compute the hmac-md5 checksum, send only the
+             * KRB5_PADATA_S4U_X509_USER; this will still work against modern
+             * Windows and MIT KDCs.
+             */
+            if (code == KRB5_CRYPTO_INTERNAL)
+                code = 0;
+            if (code != 0) {
+                krb5_free_pa_data(context, in_padata);
+                goto cleanup;
+            }
+        }
+
+        if (data_eq(tgtptr->server->data[1], in_creds->server->realm)) {
+            /* When asking the server realm, use the real principal. */
+            s4u_creds.server = in_creds->server;
+        } else {
+            /* When asking a foreign realm, use the enterprise principal, with
+             * the realm set to the TGS realm. */
+            sprinc = *eprinc;
+            sprinc.realm = tgtptr->server->data[1];
+            s4u_creds.server = &sprinc;
+        }
+
+        code = krb5_get_cred_via_tkt_ext(context, tgtptr,
+                                         KDC_OPT_CANONICALIZE |
+                                         FLAGS2OPTS(tgtptr->ticket_flags) |
+                                         kdcopt,
+                                         tgtptr->addresses,
+                                         in_padata, &s4u_creds,
+                                         build_pa_s4u_x509_user, &s4u_user,
+                                         &out_padata, &enc_padata,
+                                         out_creds, &subkey);
+        if (code != 0) {
+            krb5_free_checksum_contents(context, &s4u_user.cksum);
+            krb5_free_pa_data(context, in_padata);
+            goto cleanup;
+        }
+
+        /* Update s4u_user.user_id.user if this is the initial request to the
+         * client realm; otherwise verify that it doesn't change. */
+        code = verify_s4u2self_reply(context, subkey, &s4u_user, out_padata,
+                                     enc_padata, referral_count == 0);
+
+        krb5_free_checksum_contents(context, &s4u_user.cksum);
+        krb5_free_pa_data(context, in_padata);
+        krb5_free_pa_data(context, out_padata);
+        krb5_free_pa_data(context, enc_padata);
+        krb5_free_keyblock(context, subkey);
+
+        if (code != 0)
+            goto cleanup;
+
+        /* The authdata in this referral TGT will be copied into the final
+         * credentials, so we don't need to request it again. */
+        s4u_creds.authdata = NULL;
+
+        /* Only include a cert in the initial request to the client realm. */
+        s4u_user.user_id.subject_cert = empty_data();
+
+        if (krb5_principal_compare_any_realm(context, in_creds->server,
+                                             (*out_creds)->server)) {
+            /* Verify that the unprotected client name in the reply matches the
+             * checksum-protected one from the client realm's KDC padata. */
+            if (!krb5_principal_compare(context, (*out_creds)->client,
+                                        s4u_user.user_id.user))
+                code = KRB5_KDCREP_MODIFIED;
+            goto cleanup;
+        } else if (IS_TGS_PRINC((*out_creds)->server)) {
+            krb5_data *r1 = &tgtptr->server->data[1];
+            krb5_data *r2 = &(*out_creds)->server->data[1];
+
+            if (data_eq(*r1, *r2)) {
+                krb5_free_creds(context, *out_creds);
+                *out_creds = NULL;
+                code = KRB5_ERR_HOST_REALM_UNKNOWN;
+                break;
+            }
+            for (i = 0; i < referral_count; i++) {
+                if (krb5_principal_compare(context,
+                                           (*out_creds)->server,
+                                           referral_tgts[i]->server)) {
+                    code = KRB5_KDC_UNREACH;
+                    goto cleanup;
+                }
+            }
+
+            tgtptr = *out_creds;
+            referral_tgts[referral_count] = *out_creds;
+            *out_creds = NULL;
+        } else {
+            krb5_free_creds(context, *out_creds);
+            *out_creds = NULL;
+            code = KRB5KRB_AP_WRONG_PRINC; /* XXX */
+            break;
+        }
+    }
+
+cleanup:
+    for (i = 0; i < KRB5_REFERRAL_MAXHOPS; i++) {
+        if (referral_tgts[i] != NULL)
+            krb5_free_creds(context, referral_tgts[i]);
+    }
+    krb5_free_principal(context, tgs);
+    krb5_free_principal(context, eprinc);
+    krb5_free_creds(context, tgt);
+    krb5_free_principal(context, s4u_user.user_id.user);
+    krb5_free_checksum_contents(context, &s4u_user.cksum);
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
+                              krb5_ccache ccache, krb5_creds *in_creds,
+                              krb5_data *subject_cert,
+                              krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_principal realm = NULL;
+
+    *out_creds = NULL;
+
+    if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    if (in_creds->client != NULL) {
+        /* Uncanonicalised check */
+        code = krb5_get_credentials(context, options | KRB5_GC_CACHED,
+                                    ccache, in_creds, out_creds);
+        if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) ||
+            (options & KRB5_GC_CACHED))
+            goto cleanup;
+    } else if (options & KRB5_GC_CACHED) {
+        /* Fail immediately, since we can't check the cache by certificate. */
+        code = KRB5_CC_NOTFOUND;
+        goto cleanup;
+    }
+
+    code = s4u_identify_user(context, in_creds, subject_cert, &realm);
+    if (code != 0)
+        goto cleanup;
+
+    if (in_creds->client != NULL &&
+        in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+        /* Post-canonicalisation check for enterprise principals */
+        krb5_creds mcreds = *in_creds;
+        mcreds.client = realm;
+        code = krb5_get_credentials(context, options | KRB5_GC_CACHED,
+                                    ccache, &mcreds, out_creds);
+        if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE)
+            goto cleanup;
+    }
+
+    code = krb5_get_self_cred_from_kdc(context, options, ccache, in_creds,
+                                       subject_cert, &realm->realm, out_creds);
+    if (code != 0)
+        goto cleanup;
+
+    assert(*out_creds != NULL);
+
+    /* If we canonicalized the client name or discovered it using subject_cert,
+     * check if we had cached credentials and return them if found. */
+    if (in_creds->client == NULL ||
+        !krb5_principal_compare(context, in_creds->client,
+                                (*out_creds)->client)) {
+        krb5_creds *old_creds;
+        krb5_creds mcreds = *in_creds;
+        mcreds.client = (*out_creds)->client;
+        code = krb5_get_credentials(context, options | KRB5_GC_CACHED, ccache,
+                                    &mcreds, &old_creds);
+        if (code == 0) {
+            krb5_free_creds(context, *out_creds);
+            *out_creds = old_creds;
+            options |= KRB5_GC_NO_STORE;
+        } else if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) {
+            goto cleanup;
+        }
+    }
+
+    /* Note the authdata we asked for in the output creds. */
+    code = krb5_copy_authdata(context, in_creds->authdata,
+                              &(*out_creds)->authdata);
+    if (code)
+        goto cleanup;
+
+    if ((options & KRB5_GC_NO_STORE) == 0) {
+        code = krb5_cc_store_cred(context, ccache, *out_creds);
+        if (code != 0)
+            goto cleanup;
+    }
+
+cleanup:
+    if (code != 0 && *out_creds != NULL) {
+        krb5_free_creds(context, *out_creds);
+        *out_creds = NULL;
+    }
+
+    krb5_free_principal(context, realm);
+
+    return code;
+}
+
+static krb5_error_code
+check_rbcd_support(krb5_context context, krb5_pa_data **padata)
+{
+    krb5_error_code code;
+    krb5_pa_data *pa;
+    krb5_pa_pac_options *pac_options;
+    krb5_data der_pac_options;
+
+    pa = krb5int_find_pa_data(context, padata, KRB5_PADATA_PAC_OPTIONS);
+    if (pa == NULL)
+        return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+
+    der_pac_options = make_data(pa->contents, pa->length);
+    code = decode_krb5_pa_pac_options(&der_pac_options, &pac_options);
+    if (code)
+        return code;
+
+    if (!(pac_options->options & KRB5_PA_PAC_OPTIONS_RBCD))
+        code = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+
+    free(pac_options);
+    return code;
+}
+
+static krb5_error_code
+add_rbcd_padata(krb5_context context, krb5_pa_data ***in_padata)
+{
+    krb5_error_code code;
+    krb5_pa_pac_options pac_options;
+    krb5_data *der_pac_options = NULL;
+
+    memset(&pac_options, 0, sizeof(pac_options));
+    pac_options.options |= KRB5_PA_PAC_OPTIONS_RBCD;
+
+    code = encode_krb5_pa_pac_options(&pac_options, &der_pac_options);
+    if (code)
+        return code;
+
+    code = k5_add_pa_data_from_data(in_padata, KRB5_PADATA_PAC_OPTIONS,
+                                    der_pac_options);
+    krb5_free_data(context, der_pac_options);
+    return code;
+}
+
+/* Set *tgt_out to a local TGT for the client realm retrieved from ccache. */
+static krb5_error_code
+get_client_tgt(krb5_context context, krb5_flags options, krb5_ccache ccache,
+               krb5_principal client, krb5_creds **tgt_out)
+{
+    krb5_error_code code;
+    krb5_principal tgs;
+    krb5_creds mcreds;
+
+    *tgt_out = NULL;
+
+    code = krb5int_tgtname(context, &client->realm, &client->realm, &tgs);
+    if (code)
+        return code;
+
+    memset(&mcreds, 0, sizeof(mcreds));
+    mcreds.client = client;
+    mcreds.server = tgs;
+    code = krb5_get_credentials(context, options, ccache, &mcreds, tgt_out);
+    krb5_free_principal(context, tgs);
+    return code;
+}
+
+/*
+ * Copy req_server to *out_server.  If req_server has the referral realm, set
+ * the realm of *out_server to realm.  Otherwise the S4U2Proxy request will
+ * fail unless the specified realm is the same as the TGT (or an alias to it).
+ */
+static krb5_error_code
+normalize_server_princ(krb5_context context, const krb5_data *realm,
+                       krb5_principal req_server, krb5_principal *out_server)
+{
+    krb5_error_code code;
+    krb5_principal server;
+
+    *out_server = NULL;
+
+    code = krb5_copy_principal(context, req_server, &server);
+    if (code)
+        return code;
+
+    if (krb5_is_referral_realm(&server->realm)) {
+        krb5_free_data_contents(context, &server->realm);
+        code = krb5int_copy_data_contents(context, realm, &server->realm);
+        if (code) {
+            krb5_free_principal(context, server);
+            return code;
+        }
+    }
+
+    *out_server = server;
+    return 0;
+}
+
+/* Return an error if server is present in referral_list. */
+static krb5_error_code
+check_referral_path(krb5_context context, krb5_principal server,
+                    krb5_creds **referral_list, int referral_count)
+{
+    int i;
+
+    for (i = 0; i < referral_count; i++) {
+        if (krb5_principal_compare(context, server, referral_list[i]->server))
+            return KRB5_KDC_UNREACH;
+    }
+    return 0;
+}
+
+/*
+ * Make TGS requests for in_creds using *tgt_inout, following referrals until
+ * the requested service ticket is issued.  Replace *tgt_inout with the final
+ * TGT used, or free it and set it to NULL on error.  Place the final creds
+ * received in *creds_out.
+ */
+static krb5_error_code
+chase_referrals(krb5_context context, krb5_creds *in_creds, krb5_flags kdcopt,
+                krb5_creds **tgt_inout, krb5_creds **creds_out)
+{
+    krb5_error_code code;
+    krb5_creds *referral_tgts[KRB5_REFERRAL_MAXHOPS] = { NULL };
+    krb5_creds mcreds, *tgt, *tkt = NULL;
+    krb5_principal_data server;
+    int referral_count = 0, i;
+
+    tgt = *tgt_inout;
+    *tgt_inout = NULL;
+    *creds_out = NULL;
+
+    mcreds = *in_creds;
+    server = *in_creds->server;
+    mcreds.server = &server;
+
+    for (referral_count = 0; referral_count < KRB5_REFERRAL_MAXHOPS;
+         referral_count++) {
+        code = krb5_get_cred_via_tkt(context, tgt, kdcopt, tgt->addresses,
+                                     &mcreds, &tkt);
+        if (code)
+            goto cleanup;
+
+        if (krb5_principal_compare_any_realm(context, mcreds.server,
+                                             tkt->server)) {
+            *creds_out = tkt;
+            *tgt_inout = tgt;
+            tkt = tgt = NULL;
+            goto cleanup;
+        }
+
+        if (!IS_TGS_PRINC(tkt->server)) {
+            code = KRB5KRB_AP_WRONG_PRINC;
+            goto cleanup;
+        }
+
+        if (data_eq(tgt->server->data[1], tkt->server->data[1])) {
+            code = KRB5_ERR_HOST_REALM_UNKNOWN;
+            goto cleanup;
+        }
+
+        code = check_referral_path(context, tkt->server, referral_tgts,
+                                   referral_count);
+        if (code)
+            goto cleanup;
+
+        referral_tgts[referral_count] = tgt;
+        tgt = tkt;
+        tkt = NULL;
+        server.realm = tgt->server->data[1];
+    }
+
+    /* Max hop count exceeded. */
+    code = KRB5_KDCREP_MODIFIED;
+
+cleanup:
+    for (i = 0; i < KRB5_REFERRAL_MAXHOPS; i++)
+        krb5_free_creds(context, referral_tgts[i]);
+    krb5_free_creds(context, tkt);
+    krb5_free_creds(context, tgt);
+    return code;
+}
+
+/*
+ * Make non-S4U2Proxy TGS requests for in_creds using *tgt_inout, following
+ * referrals until the requested service ticket is returned.  Discard the
+ * service ticket, but replace *tgt_inout with the final referral TGT.
+ */
+static krb5_error_code
+get_tgt_to_target_realm(krb5_context context, krb5_creds *in_creds,
+                        krb5_flags req_kdcopt, krb5_creds **tgt_inout)
+{
+    krb5_error_code code;
+    krb5_flags kdcopt;
+    krb5_creds mcreds, *out;
+
+    mcreds = *in_creds;
+    mcreds.second_ticket = empty_data();
+    kdcopt = FLAGS2OPTS((*tgt_inout)->ticket_flags) | req_kdcopt;
+
+    code = chase_referrals(context, &mcreds, kdcopt, tgt_inout, &out);
+    krb5_free_creds(context, out);
+
+    return code;
+}
+
+/*
+ * Make TGS requests for a cross-TGT to realm using *tgt_inout, following
+ * alternate TGS replies until the requested TGT is issued.  Replace *tgt_inout
+ * with the result.  Do nothing if *tgt_inout is already a cross-TGT for realm.
+ */
+static krb5_error_code
+get_target_realm_proxy_tgt(krb5_context context, const krb5_data *realm,
+                           krb5_flags req_kdcopt, krb5_creds **tgt_inout)
+{
+    krb5_error_code code;
+    krb5_creds mcreds, *out;
+    krb5_principal tgs;
+    krb5_flags flags;
+
+    if (data_eq(*realm, (*tgt_inout)->server->data[1]))
+        return 0;
+
+    code = krb5int_tgtname(context, realm, &(*tgt_inout)->server->data[1],
+                           &tgs);
+    if (code)
+        return code;
+
+    memset(&mcreds, 0, sizeof(mcreds));
+    mcreds.client = (*tgt_inout)->client;
+    mcreds.server = tgs;
+    flags = req_kdcopt | FLAGS2OPTS((*tgt_inout)->ticket_flags);
+
+    code = chase_referrals(context, &mcreds, flags, tgt_inout, &out);
+    krb5_free_principal(context, tgs);
+    if (code)
+        return code;
+
+    krb5_free_creds(context, *tgt_inout);
+    *tgt_inout = out;
+
+    return 0;
+}
+
+static krb5_error_code
+get_proxy_cred_from_kdc(krb5_context context, krb5_flags options,
+                        krb5_ccache ccache, krb5_creds *in_creds,
+                        krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_flags flags, req_kdcopt = 0;
+    krb5_principal server = NULL;
+    krb5_pa_data **in_padata = NULL;
+    krb5_pa_data **enc_padata = NULL;
+    krb5_creds mcreds, *tgt = NULL, *tkt = NULL;
+
+    *out_creds = NULL;
+
+    if (in_creds->second_ticket.length == 0 ||
+        (options & KRB5_GC_CONSTRAINED_DELEGATION) == 0)
+        return EINVAL;
+
+    options &= ~KRB5_GC_CONSTRAINED_DELEGATION;
+
+    code = get_client_tgt(context, options, ccache, in_creds->client, &tgt);
+    if (code)
+        goto cleanup;
+
+    code = normalize_server_princ(context, &in_creds->client->realm,
+                                  in_creds->server, &server);
+    if (code)
+        goto cleanup;
+
+    code = add_rbcd_padata(context, &in_padata);
+    if (code)
+        goto cleanup;
+
+    if (options & KRB5_GC_CANONICALIZE)
+        req_kdcopt |= KDC_OPT_CANONICALIZE;
+    if (options & KRB5_GC_FORWARDABLE)
+        req_kdcopt |= KDC_OPT_FORWARDABLE;
+    if (options & KRB5_GC_NO_TRANSIT_CHECK)
+        req_kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
+
+    mcreds = *in_creds;
+    mcreds.server = server;
+
+    flags = req_kdcopt | FLAGS2OPTS(tgt->ticket_flags) |
+        KDC_OPT_CNAME_IN_ADDL_TKT | KDC_OPT_CANONICALIZE;
+    code = krb5_get_cred_via_tkt_ext(context, tgt, flags, tgt->addresses,
+                                     in_padata, &mcreds, NULL, NULL, NULL,
+                                     &enc_padata, &tkt, NULL);
+
+    /*
+     * If the server principal name included a foreign realm which wasn't an
+     * alias for the local realm, the KDC won't be able to decrypt the TGT.
+     * Windows KDCs will return a BAD_INTEGRITY error in this case, while MIT
+     * KDCs will return S_PRINCIPAL_UNKNOWN.  We cannot distinguish the latter
+     * error from the service principal actually being unknown in the realm,
+     * but set a comprehensible error message for the BAD_INTEGRITY error.
+     */
+    if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY &&
+        !krb5_realm_compare(context, in_creds->client, server)) {
+        k5_setmsg(context, code, _("Realm specified but S4U2Proxy must use "
+                                   "referral realm"));
+    }
+
+    if (code)
+        goto cleanup;
+
+    if (!krb5_principal_compare_any_realm(context, server, tkt->server)) {
+        /* Make sure we got a referral. */
+        if (!IS_TGS_PRINC(tkt->server)) {
+            code = KRB5KRB_AP_WRONG_PRINC;
+            goto cleanup;
+        }
+
+        /* The authdata in this referral TGT will be copied into the final
+         * credentials, so we don't need to request it again. */
+        mcreds.authdata = NULL;
+
+        /*
+         * Make sure the KDC supports S4U and resource-based constrained
+         * delegation; otherwise we might have gotten a regular TGT referral
+         * rather than a proxy TGT referral.
+         */
+        code = check_rbcd_support(context, enc_padata);
+        if (code)
+            goto cleanup;
+
+        krb5_free_pa_data(context, enc_padata);
+        enc_padata = NULL;
+
+        /*
+         * Replace tgt with a regular (not proxy) TGT to the target realm, by
+         * making a normal TGS request and following referrals.  Per [MS-SFU]
+         * 3.1.5.2.2, we need this TGT to make the final TGS request.
+         */
+        code = get_tgt_to_target_realm(context, &mcreds, req_kdcopt, &tgt);
+        if (code)
+            goto cleanup;
+
+        /*
+         * Replace tkt with a proxy TGT (meaning, one obtained using the
+         * referral TGT we got from the first S4U2Proxy request) to the target
+         * realm, if it isn't already one.
+         */
+        code = get_target_realm_proxy_tgt(context, &tgt->server->data[1],
+                                          req_kdcopt, &tkt);
+        if (code)
+            goto cleanup;
+
+        krb5_free_data_contents(context, &server->realm);
+        code = krb5int_copy_data_contents(context, &tgt->server->data[1],
+                                          &server->realm);
+        if (code)
+            goto cleanup;
+
+        /* Make an S4U2Proxy request to the target realm using the regular TGT,
+         * with the proxy TGT as the evidence ticket. */
+        mcreds.second_ticket = tkt->ticket;
+        tkt->ticket = empty_data();
+        krb5_free_creds(context, tkt);
+        tkt = NULL;
+        flags = req_kdcopt | FLAGS2OPTS(tgt->ticket_flags) |
+            KDC_OPT_CNAME_IN_ADDL_TKT | KDC_OPT_CANONICALIZE;
+        code = krb5_get_cred_via_tkt_ext(context, tgt, flags, tgt->addresses,
+                                         in_padata, &mcreds, NULL, NULL, NULL,
+                                         &enc_padata, &tkt, NULL);
+        free(mcreds.second_ticket.data);
+        if (code)
+            goto cleanup;
+
+        code = check_rbcd_support(context, enc_padata);
+        if (code)
+            goto cleanup;
+
+        if (!krb5_principal_compare(context, server, tkt->server)) {
+            code = KRB5KRB_AP_WRONG_PRINC;
+            goto cleanup;
+        }
+
+        /* Put the original evidence ticket in the output creds. */
+        krb5_free_data_contents(context, &tkt->second_ticket);
+        code = krb5int_copy_data_contents(context, &in_creds->second_ticket,
+                                          &tkt->second_ticket);
+        if (code)
+            goto cleanup;
+    }
+
+    /* Note the authdata we asked for in the output creds. */
+    code = krb5_copy_authdata(context, in_creds->authdata, &tkt->authdata);
+    if (code)
+        goto cleanup;
+
+    *out_creds = tkt;
+    tkt = NULL;
+
+cleanup:
+    krb5_free_creds(context, tgt);
+    krb5_free_creds(context, tkt);
+    krb5_free_principal(context, server);
+    krb5_free_pa_data(context, in_padata);
+    krb5_free_pa_data(context, enc_padata);
+    return code;
+}
+
+krb5_error_code
+k5_get_proxy_cred_from_kdc(krb5_context context, krb5_flags options,
+                           krb5_ccache ccache, krb5_creds *in_creds,
+                           krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_const_principal canonprinc;
+    krb5_creds copy, *creds;
+    struct canonprinc iter = { in_creds->server, .no_hostrealm = TRUE };
+
+    *out_creds = NULL;
+
+    code = k5_get_cached_cred(context, options, ccache, in_creds, out_creds);
+    if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) ||
+        options & KRB5_GC_CACHED)
+        return code;
+
+    copy = *in_creds;
+    while ((code = k5_canonprinc(context, &iter, &canonprinc)) == 0 &&
+           canonprinc != NULL) {
+        copy.server = (krb5_principal)canonprinc;
+        code = get_proxy_cred_from_kdc(context, options, ccache, &copy,
+                                       &creds);
+        if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+            break;
+    }
+    if (!code && canonprinc == NULL)
+        code = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+    free_canonprinc(&iter);
+    if (code)
+        return code;
+
+    krb5_free_principal(context, creds->server);
+    creds->server = NULL;
+    code = krb5_copy_principal(context, in_creds->server, &creds->server);
+    if (code) {
+        krb5_free_creds(context, creds);
+        return code;
+    }
+
+    if (!(options & KRB5_GC_NO_STORE))
+        (void)krb5_cc_store_cred(context, ccache, creds);
+
+    *out_creds = creds;
+    return 0;
+}
+
+/*
+ * Exported API for constrained delegation (S4U2Proxy).
+ *
+ * This is preferable to using krb5_get_credentials directly because
+ * it can perform some additional checks.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_for_proxy(krb5_context context,
+                               krb5_flags options,
+                               krb5_ccache ccache,
+                               krb5_creds *in_creds,
+                               krb5_ticket *evidence_tkt,
+                               krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_data *evidence_tkt_data = NULL;
+    krb5_creds s4u_creds;
+
+    *out_creds = NULL;
+
+    if (in_creds == NULL || in_creds->client == NULL || evidence_tkt == NULL) {
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    /*
+     * Caller should have set in_creds->client to match evidence
+     * ticket client.  If we can, verify it before issuing the request.
+     */
+    if (evidence_tkt->enc_part2 != NULL &&
+        !krb5_principal_compare(context, evidence_tkt->enc_part2->client,
+                                in_creds->client)) {
+        code = EINVAL;
+        goto cleanup;
+    }
+
+    code = encode_krb5_ticket(evidence_tkt, &evidence_tkt_data);
+    if (code != 0)
+        goto cleanup;
+
+    s4u_creds = *in_creds;
+    s4u_creds.client = evidence_tkt->server;
+    s4u_creds.second_ticket = *evidence_tkt_data;
+
+    code = k5_get_proxy_cred_from_kdc(context,
+                                      options | KRB5_GC_CONSTRAINED_DELEGATION,
+                                      ccache, &s4u_creds, out_creds);
+    if (code != 0)
+        goto cleanup;
+
+    /*
+     * Check client name because we couldn't compare that inside
+     * krb5_get_credentials() (enc_part2 is unavailable in clear)
+     */
+    if (!krb5_principal_compare(context, in_creds->client,
+                                (*out_creds)->client)) {
+        code = KRB5_KDCREP_MODIFIED;
+        goto cleanup;
+    }
+
+cleanup:
+    if (*out_creds != NULL && code != 0) {
+        krb5_free_creds(context, *out_creds);
+        *out_creds = NULL;
+    }
+    if (evidence_tkt_data != NULL)
+        krb5_free_data(context, evidence_tkt_data);
+
+    return code;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/send_tgs.c b/krb5-1.21.3/src/lib/krb5/krb/send_tgs.c
new file mode 100644
index 00000000..7a11864f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/send_tgs.c
@@ -0,0 +1,300 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/send_tgs.c - Construct a TGS request */
+/*
+ * Copyright 1990,1991,2009,2013 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "fast.h"
+
+/* Choose a random nonce for an AS or TGS request. */
+krb5_error_code
+k5_generate_nonce(krb5_context context, int32_t *out)
+{
+    krb5_error_code ret;
+    unsigned char random_buf[4];
+    krb5_data random_data = make_data(random_buf, 4);
+
+    *out = 0;
+
+    /* We and Heimdal incorrectly encode nonces as signed, so make sure we use
+     * a non-negative value to avoid interoperability issues. */
+    ret = krb5_c_random_make_octets(context, &random_data);
+    if (ret)
+        return ret;
+    *out = 0x7FFFFFFF & load_32_n(random_buf);
+    return 0;
+}
+
+/* Construct an AP-REQ message for a TGS request. */
+static krb5_error_code
+tgs_construct_ap_req(krb5_context context, krb5_data *checksum_data,
+                     krb5_creds *tgt, krb5_keyblock *subkey,
+                     krb5_data **ap_req_asn1_out)
+{
+    krb5_error_code ret;
+    krb5_checksum checksum;
+    krb5_authenticator authent;
+    krb5_ap_req ap_req;
+    krb5_data *authent_asn1 = NULL;
+    krb5_ticket *ticket = NULL;
+    krb5_enc_data authent_enc;
+
+    *ap_req_asn1_out = NULL;
+    memset(&checksum, 0, sizeof(checksum));
+    memset(&ap_req, 0, sizeof(ap_req));
+    memset(&authent_enc, 0, sizeof(authent_enc));
+
+    /* Generate checksum. */
+    ret = krb5_c_make_checksum(context, 0, &tgt->keyblock,
+                               KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, checksum_data,
+                               &checksum);
+    if (ret)
+        goto cleanup;
+
+    /* Construct, encode, and encrypt an authenticator. */
+    authent.subkey = subkey;
+    authent.seq_number = 0;
+    authent.checksum = &checksum;
+    authent.client = tgt->client;
+    authent.authorization_data = tgt->authdata;
+    ret = krb5_us_timeofday(context, &authent.ctime, &authent.cusec);
+    if (ret)
+        goto cleanup;
+    ret = encode_krb5_authenticator(&authent, &authent_asn1);
+    if (ret)
+        goto cleanup;
+    ret = krb5_encrypt_helper(context, &tgt->keyblock,
+                              KRB5_KEYUSAGE_TGS_REQ_AUTH, authent_asn1,
+                              &authent_enc);
+    if (ret)
+        goto cleanup;
+
+    ret = decode_krb5_ticket(&tgt->ticket, &ticket);
+    if (ret)
+        goto cleanup;
+
+    /* Encode the AP-REQ. */
+    ap_req.authenticator = authent_enc;
+    ap_req.ticket = ticket;
+    ret = encode_krb5_ap_req(&ap_req, ap_req_asn1_out);
+
+cleanup:
+    free(checksum.contents);
+    krb5_free_ticket(context, ticket);
+    krb5_free_data_contents(context, &authent_enc.ciphertext);
+    if (authent_asn1 != NULL)
+        zapfree(authent_asn1->data, authent_asn1->length);
+    free(authent_asn1);
+    return ret;
+}
+
+/*
+ * Construct a TGS request and return its ASN.1 encoding as well as the
+ * timestamp, nonce, and subkey used.  The pacb_fn callback allows the caller
+ * to amend the request padata after the nonce and subkey are determined.
+ */
+krb5_error_code
+k5_make_tgs_req(krb5_context context,
+                struct krb5int_fast_request_state *fast_state,
+                krb5_creds *tgt, krb5_flags kdcoptions,
+                krb5_address *const *addrs, krb5_pa_data **in_padata,
+                krb5_creds *desired, k5_pacb_fn pacb_fn, void *pacb_data,
+                krb5_data *req_asn1_out, krb5_timestamp *timestamp_out,
+                krb5_int32 *nonce_out, krb5_keyblock **subkey_out)
+{
+    krb5_error_code ret;
+    krb5_kdc_req req;
+    krb5_data *authdata_asn1 = NULL, *req_body_asn1 = NULL;
+    krb5_data *ap_req_asn1 = NULL, *tgs_req_asn1 = NULL;
+    krb5_ticket *sec_ticket = NULL;
+    krb5_ticket *sec_ticket_arr[2];
+    krb5_timestamp time_now;
+    krb5_pa_data **padata = NULL, *pa;
+    krb5_keyblock *subkey = NULL;
+    krb5_enc_data authdata_enc;
+    krb5_enctype enctypes[2], *defenctypes = NULL;
+    size_t count, i;
+
+    *req_asn1_out = empty_data();
+    *timestamp_out = 0;
+    *nonce_out = 0;
+    *subkey_out = NULL;
+    memset(&req, 0, sizeof(req));
+    memset(&authdata_enc, 0, sizeof(authdata_enc));
+
+    /* tgt's client principal must match the desired client principal. */
+    if (!krb5_principal_compare(context, tgt->client, desired->client))
+        return KRB5_PRINC_NOMATCH;
+
+    /* tgt must be an actual credential, not a template. */
+    if (!tgt->ticket.length)
+        return KRB5_NO_TKT_SUPPLIED;
+
+    req.kdc_options = kdcoptions;
+    req.server = desired->server;
+    req.from = desired->times.starttime;
+    req.till = desired->times.endtime ? desired->times.endtime :
+        tgt->times.endtime;
+    req.rtime = desired->times.renew_till;
+    ret = k5_generate_nonce(context, &req.nonce);
+    if (ret)
+        return ret;
+    *nonce_out = req.nonce;
+    ret = krb5_timeofday(context, &time_now);
+    if (ret)
+        return ret;
+    *timestamp_out = time_now;
+
+    req.addresses = (krb5_address **)addrs;
+
+    /* Generate subkey. */
+    ret = krb5_generate_subkey(context, &tgt->keyblock, &subkey);
+    if (ret)
+        return ret;
+    TRACE_SEND_TGS_SUBKEY(context, subkey);
+
+    ret = krb5int_fast_tgs_armor(context, fast_state, subkey, &tgt->keyblock,
+                                 NULL, NULL);
+    if (ret)
+        goto cleanup;
+
+    if (desired->authdata != NULL) {
+        ret = encode_krb5_authdata(desired->authdata, &authdata_asn1);
+        if (ret)
+            goto cleanup;
+        ret = krb5_encrypt_helper(context, subkey,
+                                  KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+                                  authdata_asn1, &authdata_enc);
+        if (ret)
+            goto cleanup;
+        req.authorization_data = authdata_enc;
+    }
+
+    if (desired->keyblock.enctype != ENCTYPE_NULL) {
+        if (!krb5_c_valid_enctype(desired->keyblock.enctype)) {
+            ret = KRB5_PROG_ETYPE_NOSUPP;
+            goto cleanup;
+        }
+        enctypes[0] = desired->keyblock.enctype;
+        enctypes[1] = ENCTYPE_NULL;
+        req.ktype = enctypes;
+        req.nktypes = 1;
+    } else {
+        /* Get the default TGS enctypes. */
+        ret = krb5_get_tgs_ktypes(context, desired->server, &defenctypes);
+        if (ret)
+            goto cleanup;
+        for (count = 0; defenctypes[count]; count++);
+        req.ktype = defenctypes;
+        req.nktypes = count;
+    }
+    TRACE_SEND_TGS_ETYPES(context, req.ktype);
+
+    if (kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) {
+        if (desired->second_ticket.length == 0) {
+            ret = KRB5_NO_2ND_TKT;
+            goto cleanup;
+        }
+        ret = decode_krb5_ticket(&desired->second_ticket, &sec_ticket);
+        if (ret)
+            goto cleanup;
+        sec_ticket_arr[0] = sec_ticket;
+        sec_ticket_arr[1] = NULL;
+        req.second_ticket = sec_ticket_arr;
+    }
+
+    /* Encode the request body. */
+    ret = krb5int_fast_prep_req_body(context, fast_state, &req,
+                                     &req_body_asn1);
+    if (ret)
+        goto cleanup;
+
+    ret = tgs_construct_ap_req(context, req_body_asn1, tgt, subkey,
+                               &ap_req_asn1);
+    if (ret)
+        goto cleanup;
+
+    for (count = 0; in_padata != NULL && in_padata[count] != NULL; count++);
+
+    /* Construct a padata array for the request, beginning with the ap-req. */
+    padata = k5calloc(count + 2, sizeof(krb5_pa_data *), &ret);
+    if (padata == NULL)
+        goto cleanup;
+    padata[0] = k5alloc(sizeof(krb5_pa_data), &ret);
+    if (padata[0] == NULL)
+        goto cleanup;
+    padata[0]->pa_type = KRB5_PADATA_AP_REQ;
+    padata[0]->contents = k5memdup(ap_req_asn1->data, ap_req_asn1->length,
+                                   &ret);
+    if (padata[0] == NULL)
+        goto cleanup;
+    padata[0]->length = ap_req_asn1->length;
+
+    /* Append copies of any other supplied padata. */
+    for (i = 0; in_padata != NULL && in_padata[i] != NULL; i++) {
+        pa = k5alloc(sizeof(krb5_pa_data), &ret);
+        if (pa == NULL)
+            goto cleanup;
+        pa->pa_type = in_padata[i]->pa_type;
+        pa->length = in_padata[i]->length;
+        pa->contents = k5memdup(in_padata[i]->contents, in_padata[i]->length,
+                                &ret);
+        if (pa->contents == NULL) {
+            free(pa);
+            goto cleanup;
+        }
+        padata[i + 1] = pa;
+    }
+    req.padata = padata;
+
+    if (pacb_fn != NULL) {
+        ret = (*pacb_fn)(context, subkey, &req, pacb_data);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Encode the TGS-REQ.  Discard the krb5_data container. */
+    ret = krb5int_fast_prep_req(context, fast_state, &req, ap_req_asn1,
+                                encode_krb5_tgs_req, &tgs_req_asn1);
+    if (ret)
+        goto cleanup;
+    *req_asn1_out = *tgs_req_asn1;
+    free(tgs_req_asn1);
+    tgs_req_asn1 = NULL;
+
+    *subkey_out = subkey;
+    subkey = NULL;
+
+cleanup:
+    krb5_free_data(context, authdata_asn1);
+    krb5_free_data(context, req_body_asn1);
+    krb5_free_data(context, ap_req_asn1);
+    krb5_free_pa_data(context, padata);
+    krb5_free_ticket(context, sec_ticket);
+    krb5_free_data_contents(context, &authdata_enc.ciphertext);
+    krb5_free_keyblock(context, subkey);
+    free(defenctypes);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/sendauth.c b/krb5-1.21.3/src/lib/krb5/krb/sendauth.c
new file mode 100644
index 00000000..9e73294e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/sendauth.c
@@ -0,0 +1,206 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/sendauth.c */
+/*
+ * Copyright 1991, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include "com_err.h"
+#include "auth_con.h"
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+static const char sendauth_version[] = "KRB5_SENDAUTH_V1.0";
+
+krb5_error_code KRB5_CALLCONV
+krb5_sendauth(krb5_context context, krb5_auth_context *auth_context,
+              krb5_pointer fd, char *appl_version, krb5_principal client,
+              krb5_principal server, krb5_flags ap_req_options,
+              krb5_data *in_data, krb5_creds *in_creds, krb5_ccache ccache,
+              krb5_error **error, krb5_ap_rep_enc_part **rep_result,
+              krb5_creds **out_creds)
+{
+    krb5_octet          result;
+    krb5_creds          creds;
+    krb5_creds           * credsp = NULL;
+    krb5_creds           * credspout = NULL;
+    krb5_error_code     retval = 0;
+    krb5_data           inbuf, outbuf[2];
+    int                 len;
+    krb5_ccache         use_ccache = 0;
+
+    if (error)
+        *error = 0;
+
+    /*
+     * First, send over the length of the sendauth version string;
+     * then, we send over the sendauth version.  Next, we send
+     * over the length of the application version strings followed
+     * by the string itself.
+     */
+    outbuf[0].length = strlen(sendauth_version) + 1;
+    outbuf[0].data = (char *) sendauth_version;
+    outbuf[1].length = strlen(appl_version) + 1;
+    outbuf[1].data = appl_version;
+    if ((retval = k5_write_messages(context, fd, outbuf, 2)))
+        return(retval);
+    /*
+     * Now, read back a byte: 0 means no error, 1 means bad sendauth
+     * version, 2 means bad application version
+     */
+    if ((len = krb5_net_read(context, *((int *) fd), (char *)&result, 1)) != 1)
+        return((len < 0) ? errno : ECONNABORTED);
+    if (result == 1)
+        return(KRB5_SENDAUTH_BADAUTHVERS);
+    else if (result == 2)
+        return(KRB5_SENDAUTH_BADAPPLVERS);
+    else if (result != 0)
+        return(KRB5_SENDAUTH_BADRESPONSE);
+    /*
+     * We're finished with the initial negotiations; let's get and
+     * send over the authentication header.  (The AP_REQ message)
+     */
+
+    /*
+     * If no credentials were provided, try getting it from the
+     * credentials cache.
+     */
+    memset(&creds, 0, sizeof(creds));
+
+    /*
+     * See if we need to access the credentials cache
+     */
+    if (!in_creds || !in_creds->ticket.length) {
+        if (ccache)
+            use_ccache = ccache;
+        else if ((retval = krb5int_cc_default(context, &use_ccache)))
+            goto error_return;
+    }
+    if (!in_creds) {
+        if ((retval = krb5_copy_principal(context, server,
+                                          &creds.server)))
+            goto error_return;
+        if (client)
+            retval = krb5_copy_principal(context, client,
+                                         &creds.client);
+        else
+            retval = krb5_cc_get_principal(context, use_ccache,
+                                           &creds.client);
+        if (retval)
+            goto error_return;
+        /* creds.times.endtime = 0; -- memset 0 takes care of this
+           zero means "as long as possible" */
+        /* creds.keyblock.enctype = 0; -- as well as this.
+           zero means no session enctype
+           preference */
+        in_creds = &creds;
+    }
+    if (!in_creds->ticket.length) {
+        if ((retval = krb5_get_credentials(context, 0,
+                                           use_ccache, in_creds, &credsp)))
+            goto error_return;
+        credspout = credsp;
+    } else {
+        credsp = in_creds;
+    }
+
+    outbuf[0].data = NULL;      /* Coverity is confused otherwise */
+    if ((retval = krb5_mk_req_extended(context, auth_context,
+                                       ap_req_options, in_data, credsp,
+                                       &outbuf[0])))
+        goto error_return;
+
+    /*
+     * First write the length of the AP_REQ message, then write
+     * the message itself.
+     */
+    retval = krb5_write_message(context, fd, &outbuf[0]);
+    free(outbuf[0].data);
+    if (retval)
+        goto error_return;
+
+    /*
+     * Now, read back a message.  If it was a null message (the
+     * length was zero) then there was no error.  If not, we the
+     * authentication was rejected, and we need to return the
+     * error structure.
+     */
+    if ((retval = krb5_read_message(context, fd, &inbuf)))
+        goto error_return;
+
+    if (inbuf.length) {
+        if (error) {
+            if ((retval = krb5_rd_error(context, &inbuf, error))) {
+                free(inbuf.data);
+                goto error_return;
+            }
+        }
+        retval = KRB5_SENDAUTH_REJECTED;
+        free(inbuf.data);
+        goto error_return;
+    }
+
+    /*
+     * If we asked for mutual authentication, we should now get a
+     * length field, followed by a AP_REP message
+     */
+    if ((ap_req_options & AP_OPTS_MUTUAL_REQUIRED)) {
+        krb5_ap_rep_enc_part    *repl = 0;
+
+        if ((retval = krb5_read_message(context, fd, &inbuf)))
+            goto error_return;
+
+        if ((retval = krb5_rd_rep(context, *auth_context, &inbuf,
+                                  &repl))) {
+            if (repl)
+                krb5_free_ap_rep_enc_part(context, repl);
+            free(inbuf.data);
+            goto error_return;
+        }
+
+        free(inbuf.data);
+        /*
+         * If the user wants to look at the AP_REP message,
+         * copy it for him
+         */
+        if (rep_result)
+            *rep_result = repl;
+        else
+            krb5_free_ap_rep_enc_part(context, repl);
+    }
+    retval = 0;         /* Normal return */
+    if (out_creds) {
+        *out_creds = credsp;
+        credspout = NULL;
+    }
+
+error_return:
+    krb5_free_cred_contents(context, &creds);
+    if (credspout != NULL)
+        krb5_free_creds(context, credspout);
+    if (!ccache && use_ccache)
+        krb5_cc_close(context, use_ccache);
+    return(retval);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_actx.c b/krb5-1.21.3/src/lib/krb5/krb/ser_actx.c
new file mode 100644
index 00000000..6de35a14
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_actx.c
@@ -0,0 +1,397 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_actx.c - Serialize krb5_auth_context structure */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+#include "auth_con.h"
+
+#define TOKEN_RADDR     950916
+#define TOKEN_RPORT     950917
+#define TOKEN_LADDR     950918
+#define TOKEN_LPORT     950919
+#define TOKEN_KEYBLOCK  950920
+#define TOKEN_LSKBLOCK  950921
+#define TOKEN_RSKBLOCK  950922
+
+krb5_error_code
+k5_size_auth_context(krb5_auth_context auth_context, size_t *sizep)
+{
+    krb5_error_code     kret;
+    size_t              required;
+
+    /*
+     * krb5_auth_context requires at minimum:
+     *  krb5_int32              for KV5M_AUTH_CONTEXT
+     *  krb5_int32              for auth_context_flags
+     *  krb5_int32              for remote_seq_number
+     *  krb5_int32              for local_seq_number
+     *  krb5_int32              for req_cksumtype
+     *  krb5_int32              for safe_cksumtype
+     *  krb5_int32              for size of i_vector
+     *  krb5_int32              for KV5M_AUTH_CONTEXT
+     */
+    kret = EINVAL;
+    if (auth_context != NULL) {
+        kret = 0;
+
+        required = auth_context->cstate.length;
+        required += sizeof(krb5_int32)*8;
+
+        /* Calculate size required by remote_addr, if appropriate */
+        if (!kret && auth_context->remote_addr) {
+            kret = k5_size_address(auth_context->remote_addr, &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by remote_port, if appropriate */
+        if (!kret && auth_context->remote_port) {
+            kret = k5_size_address(auth_context->remote_port, &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by local_addr, if appropriate */
+        if (!kret && auth_context->local_addr) {
+            kret = k5_size_address(auth_context->local_addr, &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by local_port, if appropriate */
+        if (!kret && auth_context->local_port) {
+            kret = k5_size_address(auth_context->local_port, &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by key, if appropriate */
+        if (!kret && auth_context->key) {
+            kret = k5_size_keyblock(&auth_context->key->keyblock, &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by send_subkey, if appropriate */
+        if (!kret && auth_context->send_subkey) {
+            kret = k5_size_keyblock(&auth_context->send_subkey->keyblock,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by recv_subkey, if appropriate */
+        if (!kret && auth_context->recv_subkey) {
+            kret = k5_size_keyblock(&auth_context->recv_subkey->keyblock,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by authentp, if appropriate */
+        if (!kret && auth_context->authentp)
+            kret = k5_size_authenticator(auth_context->authentp, &required);
+
+    }
+    if (!kret)
+        *sizep += required;
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_auth_context(krb5_auth_context auth_context,
+                            krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (auth_context != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_auth_context(auth_context, &required) &&
+            required <= remain) {
+
+            /* Write fixed portion */
+            (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
+            (void) krb5_ser_pack_int32(auth_context->auth_context_flags,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32(auth_context->remote_seq_number,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32(auth_context->local_seq_number,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
+                                       &bp, &remain);
+
+            /* Write the cipher state */
+            (void) krb5_ser_pack_int32(auth_context->cstate.length, &bp,
+                                       &remain);
+            (void) krb5_ser_pack_bytes((krb5_octet *)auth_context->cstate.data,
+                                       auth_context->cstate.length,
+                                       &bp, &remain);
+
+            kret = 0;
+
+            /* Now handle remote_addr, if appropriate */
+            if (!kret && auth_context->remote_addr) {
+                (void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
+                kret = k5_externalize_address(auth_context->remote_addr,
+                                              &bp, &remain);
+            }
+
+            /* Now handle remote_port, if appropriate */
+            if (!kret && auth_context->remote_port) {
+                (void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
+                kret = k5_externalize_address(auth_context->remote_addr,
+                                              &bp, &remain);
+            }
+
+            /* Now handle local_addr, if appropriate */
+            if (!kret && auth_context->local_addr) {
+                (void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
+                kret = k5_externalize_address(auth_context->local_addr,
+                                              &bp, &remain);
+            }
+
+            /* Now handle local_port, if appropriate */
+            if (!kret && auth_context->local_port) {
+                (void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
+                kret = k5_externalize_address(auth_context->local_addr,
+                                              &bp, &remain);
+            }
+
+            /* Now handle keyblock, if appropriate */
+            if (!kret && auth_context->key) {
+                (void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
+                kret = k5_externalize_keyblock(&auth_context->key->keyblock,
+                                               &bp, &remain);
+            }
+
+            /* Now handle subkey, if appropriate */
+            if (!kret && auth_context->send_subkey) {
+                (void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
+                kret = k5_externalize_keyblock(&auth_context->
+                                               send_subkey->keyblock,
+                                               &bp, &remain);
+            }
+
+            /* Now handle subkey, if appropriate */
+            if (!kret && auth_context->recv_subkey) {
+                (void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
+                kret = k5_externalize_keyblock(&auth_context->
+                                               recv_subkey->keyblock,
+                                               &bp, &remain);
+            }
+
+            /* Now handle authentp, if appropriate */
+            if (!kret && auth_context->authentp)
+                kret = k5_externalize_authenticator(auth_context->authentp,
+                                                    &bp, &remain);
+
+            /*
+             * If we were successful, write trailer then update the pointer and
+             * remaining length;
+             */
+            if (!kret) {
+                /* Write our trailer */
+                (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
+    }
+    return(kret);
+}
+
+/* Internalize a keyblock and convert it to a key. */
+static krb5_error_code
+intern_key(krb5_key *key, krb5_octet **bp, size_t *sp)
+{
+    krb5_keyblock *keyblock;
+    krb5_error_code ret;
+
+    ret = k5_internalize_keyblock(&keyblock, bp, sp);
+    if (ret != 0)
+        return ret;
+    ret = krb5_k_create_key(NULL, keyblock, key);
+    krb5_free_keyblock(NULL, keyblock);
+    return ret;
+}
+
+krb5_error_code
+k5_internalize_auth_context(krb5_auth_context *argp,
+                            krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_auth_context   auth_context;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    krb5_int32          cstate_len;
+    krb5_int32          tag;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_AUTH_CONTEXT) {
+        kret = ENOMEM;
+
+        /* Get memory for the auth_context */
+        if ((remain >= (5*sizeof(krb5_int32))) &&
+            (auth_context = (krb5_auth_context)
+             calloc(1, sizeof(struct _krb5_auth_context)))) {
+
+            /* Get auth_context_flags */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->auth_context_flags = ibuf;
+
+            /* Get remote_seq_number */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->remote_seq_number = ibuf;
+
+            /* Get local_seq_number */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->local_seq_number = ibuf;
+
+            /* Get req_cksumtype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->req_cksumtype = (krb5_cksumtype) ibuf;
+
+            /* Get safe_cksumtype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->safe_cksumtype = (krb5_cksumtype) ibuf;
+
+            /* Get length of cstate */
+            (void) krb5_ser_unpack_int32(&cstate_len, &bp, &remain);
+
+            if (cstate_len) {
+                kret = alloc_data(&auth_context->cstate, cstate_len);
+                if (!kret) {
+                    kret = krb5_ser_unpack_bytes((krb5_octet *)
+                                                 auth_context->cstate.data,
+                                                 cstate_len, &bp, &remain);
+                }
+            }
+            else
+                kret = 0;
+
+            /* Peek at next token */
+            tag = 0;
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+
+            /* This is the remote_addr */
+            if (!kret && (tag == TOKEN_RADDR)) {
+                if (!(kret = k5_internalize_address(&auth_context->remote_addr,
+                                                    &bp, &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the remote_port */
+            if (!kret && (tag == TOKEN_RPORT)) {
+                if (!(kret = k5_internalize_address(&auth_context->remote_port,
+                                                    &bp, &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the local_addr */
+            if (!kret && (tag == TOKEN_LADDR)) {
+                if (!(kret = k5_internalize_address(&auth_context->local_addr,
+                                                    &bp, &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the local_port */
+            if (!kret && (tag == TOKEN_LPORT)) {
+                if (!(kret = k5_internalize_address(&auth_context->local_port,
+                                                    &bp, &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the keyblock */
+            if (!kret && (tag == TOKEN_KEYBLOCK)) {
+                if (!(kret = intern_key(&auth_context->key, &bp, &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the send_subkey */
+            if (!kret && (tag == TOKEN_LSKBLOCK)) {
+                if (!(kret = intern_key(&auth_context->send_subkey,
+                                        &bp, &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the recv_subkey */
+            if (!kret) {
+                if (tag == TOKEN_RSKBLOCK) {
+                    kret = intern_key(&auth_context->recv_subkey,
+                                      &bp, &remain);
+                }
+                else {
+                    /*
+                     * We read the next tag, but it's not of any use here, so
+                     * we effectively 'unget' it here.
+                     */
+                    bp -= sizeof(krb5_int32);
+                    remain += sizeof(krb5_int32);
+                }
+            }
+
+            /* Now find the authentp */
+            if (!kret) {
+                kret = k5_internalize_authenticator(&auth_context->authentp,
+                                                    &bp, &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            /* Finally, find the trailer */
+            if (!kret) {
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                if (!kret && (ibuf != KV5M_AUTH_CONTEXT))
+                    kret = EINVAL;
+            }
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+                auth_context->magic = KV5M_AUTH_CONTEXT;
+                *argp = auth_context;
+            }
+            else
+                krb5_auth_con_free(NULL, auth_context);
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_adata.c b/krb5-1.21.3/src/lib/krb5/krb/ser_adata.c
new file mode 100644
index 00000000..2c0094df
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_adata.c
@@ -0,0 +1,153 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_adata.c - Serialize krb5_authdata structure */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_size_authdata(krb5_authdata *authdata, size_t *sizep)
+{
+    krb5_error_code     kret;
+
+    /*
+     * krb5_authdata requires:
+     *  krb5_int32              for KV5M_AUTHDATA
+     *  krb5_int32              for ad_type
+     *  krb5_int32              for length
+     *  authdata->length        for contents
+     *  krb5_int32              for KV5M_AUTHDATA
+     */
+    kret = EINVAL;
+    if (authdata != NULL) {
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) authdata->length);
+        kret = 0;
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_authdata(krb5_authdata *authdata,
+                        krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (authdata != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_authdata(authdata, &required) && required <= remain) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
+
+            /* Our ad_type */
+            (void) krb5_ser_pack_int32((krb5_int32) authdata->ad_type,
+                                       &bp, &remain);
+
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) authdata->length,
+                                       &bp, &remain);
+
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(authdata->contents,
+                                       (size_t) authdata->length,
+                                       &bp, &remain);
+
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_internalize_authdata(krb5_authdata **argp,
+                        krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_authdata       *authdata;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_AUTHDATA) {
+        kret = ENOMEM;
+
+        /* Get a authdata */
+        if ((remain >= (2*sizeof(krb5_int32))) &&
+            (authdata = (krb5_authdata *) calloc(1, sizeof(krb5_authdata)))) {
+
+            /* Get the ad_type */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authdata->ad_type = (krb5_authdatatype) ibuf;
+
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authdata->length = (int) ibuf;
+
+            /* Get the string */
+            if ((authdata->contents = (krb5_octet *)
+                 malloc((size_t) (ibuf))) &&
+                !(kret = krb5_ser_unpack_bytes(authdata->contents,
+                                               (size_t) ibuf,
+                                               &bp, &remain))) {
+                if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+                    ibuf = 0;
+                if (ibuf == KV5M_AUTHDATA) {
+                    authdata->magic = KV5M_AUTHDATA;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    *argp = authdata;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (authdata->contents)
+                    free(authdata->contents);
+                free(authdata);
+            }
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_addr.c b/krb5-1.21.3/src/lib/krb5/krb/ser_addr.c
new file mode 100644
index 00000000..52aa6f2a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_addr.c
@@ -0,0 +1,157 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_addr.c - Serialize krb5_address structure */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_size_address(krb5_address *address, size_t *sizep)
+{
+    krb5_error_code     kret;
+
+    /*
+     * krb5_address requires:
+     *  krb5_int32              for KV5M_ADDRESS
+     *  krb5_int32              for addrtype
+     *  krb5_int32              for length
+     *  address->length         for contents
+     *  krb5_int32              for KV5M_ADDRESS
+     */
+    kret = EINVAL;
+    if (address != NULL) {
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) address->length);
+        kret = 0;
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_address(krb5_address *address,
+                       krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (address != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_address(address, &required) && required <= remain) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
+
+            /* Our addrtype */
+            (void) krb5_ser_pack_int32((krb5_int32) address->addrtype,
+                                       &bp, &remain);
+
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) address->length,
+                                       &bp, &remain);
+
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(address->contents,
+                                       (size_t) address->length,
+                                       &bp, &remain);
+
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
+
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_internalize_address(krb5_address **argp,
+                       krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_address        *address;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_ADDRESS) {
+        kret = ENOMEM;
+
+        /* Get a address */
+        if ((remain >= (2*sizeof(krb5_int32))) &&
+            (address = (krb5_address *) calloc(1, sizeof(krb5_address)))) {
+
+            address->magic = KV5M_ADDRESS;
+
+            /* Get the addrtype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            address->addrtype = (krb5_addrtype) ibuf;
+
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            address->length = (int) ibuf;
+
+            /* Get the string */
+            if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) &&
+                !(kret = krb5_ser_unpack_bytes(address->contents,
+                                               (size_t) ibuf,
+                                               &bp, &remain))) {
+                /* Get the trailer */
+                if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+                    ibuf = 0;
+
+                if (!kret && (ibuf == KV5M_ADDRESS)) {
+                    address->magic = KV5M_ADDRESS;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    *argp = address;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (address->contents)
+                    free(address->contents);
+                free(address);
+            }
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_auth.c b/krb5-1.21.3/src/lib/krb5/krb/ser_auth.c
new file mode 100644
index 00000000..f835a793
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_auth.c
@@ -0,0 +1,262 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_auth.c - Serialize krb5_authenticator structure */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef LEAN_CLIENT
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_size_authenticator(krb5_authenticator *authenticator, size_t *sizep)
+{
+    krb5_error_code     kret;
+    size_t              required;
+
+    /*
+     * krb5_authenticator requires at minimum:
+     *  krb5_int32              for KV5M_AUTHENTICATOR
+     *  krb5_int32              for seconds
+     *  krb5_int32              for cusec
+     *  krb5_int32              for seq_number
+     *  krb5_int32              for number in authorization_data array.
+     *  krb5_int32              for KV5M_AUTHENTICATOR
+     */
+    kret = EINVAL;
+    if (authenticator != NULL) {
+        required = sizeof(krb5_int32)*6;
+
+        /* Calculate size required by client, if appropriate */
+        if (authenticator->client)
+            kret = k5_size_principal(authenticator->client, &required);
+        else
+            kret = 0;
+
+        /* Calculate size required by checksum, if appropriate */
+        if (!kret && authenticator->checksum)
+            kret = k5_size_checksum(authenticator->checksum, &required);
+
+        /* Calculate size required by subkey, if appropriate */
+        if (!kret && authenticator->subkey)
+            kret = k5_size_keyblock(authenticator->subkey, &required);
+
+        /* Calculate size required by authorization_data, if appropriate */
+        if (!kret && authenticator->authorization_data) {
+            int i;
+
+            for (i=0; !kret && authenticator->authorization_data[i]; i++) {
+                kret = k5_size_authdata(authenticator->authorization_data[i],
+                                        &required);
+            }
+        }
+    }
+    if (!kret)
+        *sizep += required;
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_authenticator(krb5_authenticator *authenticator,
+                             krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    int                 i;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (authenticator != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_authenticator(authenticator, &required) &&
+            required <= remain) {
+            /* First write our magic number */
+            (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
+
+            /* Now ctime */
+            (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
+                                       &bp, &remain);
+
+            /* Now cusec */
+            (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
+                                       &bp, &remain);
+
+            /* Now seq_number */
+            (void) krb5_ser_pack_int32(authenticator->seq_number,
+                                       &bp, &remain);
+
+            /* Now handle client, if appropriate */
+            if (authenticator->client)
+                kret = k5_externalize_principal(authenticator->client,
+                                                &bp, &remain);
+            else
+                kret = 0;
+
+            /* Now handle checksum, if appropriate */
+            if (!kret && authenticator->checksum)
+                kret = k5_externalize_checksum(authenticator->checksum,
+                                               &bp, &remain);
+
+            /* Now handle subkey, if appropriate */
+            if (!kret && authenticator->subkey)
+                kret = k5_externalize_keyblock(authenticator->subkey,
+                                               &bp, &remain);
+
+            /* Now handle authorization_data, if appropriate */
+            if (!kret) {
+                if (authenticator->authorization_data)
+                    for (i=0; authenticator->authorization_data[i]; i++);
+                else
+                    i = 0;
+                (void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);
+
+                /* Now pound out the authorization_data */
+                if (authenticator->authorization_data) {
+                    for (i=0; !kret && authenticator->authorization_data[i];
+                         i++)
+                        kret = k5_externalize_authdata(authenticator->
+                                                       authorization_data[i],
+                                                       &bp, &remain);
+                }
+            }
+
+            /*
+             * If we were successful, write trailer then update the pointer and
+             * remaining length;
+             */
+            if (!kret) {
+                /* Write our trailer */
+                (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_internalize_authenticator(krb5_authenticator **argp,
+                             krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_authenticator  *authenticator;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    int                 i;
+    krb5_int32          nadata;
+    size_t              len;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_AUTHENTICATOR) {
+        kret = ENOMEM;
+
+        /* Get memory for the authenticator */
+        if ((remain >= (3*sizeof(krb5_int32))) &&
+            (authenticator = (krb5_authenticator *)
+             calloc(1, sizeof(krb5_authenticator)))) {
+
+            /* Get ctime */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authenticator->ctime = (krb5_timestamp) ibuf;
+
+            /* Get cusec */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authenticator->cusec = ibuf;
+
+            /* Get seq_number */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authenticator->seq_number = ibuf;
+
+            kret = 0;
+
+            /* Attempt to read in the client */
+            kret = k5_internalize_principal(&authenticator->client,
+                                            &bp, &remain);
+            if (kret == EINVAL)
+                kret = 0;
+
+            /* Attempt to read in the checksum */
+            if (!kret) {
+                kret = k5_internalize_checksum(&authenticator->checksum,
+                                               &bp, &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            /* Attempt to read in the subkey */
+            if (!kret) {
+                kret = k5_internalize_keyblock(&authenticator->subkey,
+                                               &bp, &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            /* Attempt to read in the authorization data count */
+            if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
+                nadata = ibuf;
+                len = (size_t) (nadata + 1);
+
+                /* Get memory for the authorization data pointers */
+                if ((authenticator->authorization_data = (krb5_authdata **)
+                     calloc(len, sizeof(krb5_authdata *)))) {
+                    for (i=0; !kret && (i<nadata); i++) {
+                        kret = k5_internalize_authdata(&authenticator->
+                                                       authorization_data[i],
+                                                       &bp, &remain);
+                    }
+
+                    /* Finally, find the trailer */
+                    if (!kret) {
+                        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                        if (!kret && (ibuf == KV5M_AUTHENTICATOR))
+                            authenticator->magic = KV5M_AUTHENTICATOR;
+                        else
+                            kret = EINVAL;
+                    }
+                }
+            }
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+                *argp = authenticator;
+            }
+            else
+                krb5_free_authenticator(NULL, authenticator);
+        }
+    }
+    return(kret);
+}
+
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c b/krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c
new file mode 100644
index 00000000..de8cb2b9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c
@@ -0,0 +1,155 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_cksum.c - Serialize krb5_checksum structure */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_size_checksum(krb5_checksum *checksum, size_t *sizep)
+{
+    krb5_error_code     kret;
+
+    /*
+     * krb5_checksum requires:
+     *  krb5_int32              for KV5M_CHECKSUM
+     *  krb5_int32              for checksum_type
+     *  krb5_int32              for length
+     *  krb5_int32              for KV5M_CHECKSUM
+     *  checksum->length        for contents
+     */
+    kret = EINVAL;
+    if (checksum != NULL) {
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) checksum->length);
+        kret = 0;
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_checksum(krb5_checksum *checksum,
+                        krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (checksum != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_checksum(checksum, &required) && required <= remain) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
+
+            /* Our checksum_type */
+            (void) krb5_ser_pack_int32((krb5_int32) checksum->checksum_type,
+                                       &bp, &remain);
+
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) checksum->length,
+                                       &bp, &remain);
+
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(checksum->contents,
+                                       (size_t) checksum->length,
+                                       &bp, &remain);
+
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
+
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_internalize_checksum(krb5_checksum **argp,
+                        krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_checksum       *checksum;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_CHECKSUM) {
+        kret = ENOMEM;
+
+        /* Get a checksum */
+        if ((remain >= (2*sizeof(krb5_int32))) &&
+            (checksum = (krb5_checksum *) calloc(1, sizeof(krb5_checksum)))) {
+            /* Get the checksum_type */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            checksum->checksum_type = (krb5_cksumtype) ibuf;
+
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            checksum->length = (int) ibuf;
+
+            /* Get the string */
+            if (!ibuf ||
+                ((checksum->contents = (krb5_octet *)
+                  malloc((size_t) (ibuf))) &&
+                 !(kret = krb5_ser_unpack_bytes(checksum->contents,
+                                                (size_t) ibuf,
+                                                &bp, &remain)))) {
+
+                /* Get the trailer */
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                if (!kret && (ibuf == KV5M_CHECKSUM)) {
+                    checksum->magic = KV5M_CHECKSUM;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    *argp = checksum;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (checksum->contents)
+                    free(checksum->contents);
+                free(checksum);
+            }
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c b/krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c
new file mode 100644
index 00000000..da3582f9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c
@@ -0,0 +1,433 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_ctx.c - Serialize krb5_context structure */
+/*
+ * Copyright 1995, 2007, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code profile_ser_size(krb5_context, profile_t, size_t *);
+krb5_error_code profile_ser_externalize(krb5_context, profile_t,
+                                        krb5_octet **, size_t *);
+krb5_error_code profile_ser_internalize(krb5_context, profile_t *,
+                                        krb5_octet **, size_t *);
+
+static krb5_error_code size_oscontext(krb5_os_context os_ctx, size_t *sizep);
+static krb5_error_code externalize_oscontext(krb5_os_context os_ctx,
+                                             krb5_octet **buffer,
+                                             size_t *lenremain);
+static krb5_error_code internalize_oscontext(krb5_os_context *argp,
+                                             krb5_octet **buffer,
+                                             size_t *lenremain);
+
+static inline unsigned int
+etypes_len(krb5_enctype *list)
+{
+    return (list == NULL) ? 0 : k5_count_etypes(list);
+}
+
+krb5_error_code
+k5_size_context(krb5_context context, size_t *sizep)
+{
+    krb5_error_code     kret;
+    size_t              required;
+
+    /*
+     * The KRB5 context itself requires:
+     *  krb5_int32                      for KV5M_CONTEXT
+     *  krb5_int32                      for sizeof(default_realm)
+     *  strlen(default_realm)           for default_realm.
+     *  krb5_int32                      for n_tgs_etypes*sizeof(krb5_int32)
+     *  nktypes*sizeof(krb5_int32)      for tgs_etypes.
+     *  krb5_int32                      for clockskew
+     *  krb5_int32                      for kdc_default_options
+     *  krb5_int32                      for library_options
+     *  krb5_int32                      for profile_secure
+     *  krb5_int32                      for fcc_default_format
+     *    <>                            for os_context
+     *    <>                            for profile
+     *  krb5_int32                      for trailer.
+     */
+    kret = EINVAL;
+    if (context != NULL) {
+        /* Calculate base length */
+        required = (9 * sizeof(krb5_int32) +
+                    (etypes_len(context->tgs_etypes) * sizeof(krb5_int32)));
+
+        if (context->default_realm)
+            required += strlen(context->default_realm);
+
+        /* Calculate size required by os_context, if appropriate */
+        kret = size_oscontext(&context->os_context, &required);
+
+        /* Calculate size required by profile, if appropriate */
+        if (!kret && context->profile)
+            kret = profile_ser_size(NULL, context->profile, &required);
+    }
+    if (!kret)
+        *sizep += required;
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_context(krb5_context context,
+                       krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    unsigned int        i;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    if (!context)
+        return (EINVAL);
+    if (context->magic != KV5M_CONTEXT)
+        return (KV5M_CONTEXT);
+
+    if ((kret = k5_size_context(context, &required)))
+        return (kret);
+
+    if (required > remain)
+        return (ENOMEM);
+
+    /* First write our magic number */
+    kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now sizeof default realm */
+    kret = krb5_ser_pack_int32((context->default_realm) ?
+                               (krb5_int32) strlen(context->default_realm) : 0,
+                               &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now default_realm bytes */
+    if (context->default_realm) {
+        kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm,
+                                   strlen(context->default_realm),
+                                   &bp, &remain);
+        if (kret)
+            return (kret);
+    }
+
+    /* Now number of default ktypes */
+    kret = krb5_ser_pack_int32(etypes_len(context->tgs_etypes), &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now serialize ktypes */
+    if (context->tgs_etypes) {
+        for (i = 0; context->tgs_etypes[i]; i++) {
+            kret = krb5_ser_pack_int32(context->tgs_etypes[i], &bp, &remain);
+            if (kret)
+                return (kret);
+        }
+    }
+
+    /* Now allowable clockskew */
+    kret = krb5_ser_pack_int32((krb5_int32) context->clockskew,
+                               &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now kdc_default_options */
+    kret = krb5_ser_pack_int32((krb5_int32) context->kdc_default_options,
+                               &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now library_options */
+    kret = krb5_ser_pack_int32((krb5_int32) context->library_options,
+                               &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now profile_secure */
+    kret = krb5_ser_pack_int32((krb5_int32) context->profile_secure,
+                               &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now fcc_default_format */
+    kret = krb5_ser_pack_int32((krb5_int32) context->fcc_default_format,
+                               &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Now handle os_context, if appropriate */
+    kret = externalize_oscontext(&context->os_context, &bp, &remain);
+    if (kret)
+        return (kret);
+
+    /* Finally, handle profile, if appropriate */
+    if (context->profile != NULL) {
+        kret = profile_ser_externalize(NULL, context->profile, &bp, &remain);
+        if (kret)
+            return (kret);
+    }
+
+    /*
+     * If we were successful, write trailer then update the pointer and
+     * remaining length;
+     */
+    kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
+    if (kret)
+        return (kret);
+
+    *buffer = bp;
+    *lenremain = remain;
+
+    return (0);
+}
+
+krb5_error_code
+k5_internalize_context(krb5_context *argp,
+                       krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_context        context;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    unsigned int        i, count;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Read our magic number */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        return (EINVAL);
+
+    if (ibuf != KV5M_CONTEXT)
+        return (EINVAL);
+
+    /* Get memory for the context */
+    context = (krb5_context) calloc(1, sizeof(struct _krb5_context));
+    if (!context)
+        return (ENOMEM);
+
+    /* Get the size of the default realm */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+
+    if (ibuf) {
+        context->default_realm = (char *) malloc((size_t) ibuf+1);
+        if (!context->default_realm) {
+            kret = ENOMEM;
+            goto cleanup;
+        }
+
+        kret = krb5_ser_unpack_bytes((krb5_octet *) context->default_realm,
+                                     (size_t) ibuf, &bp, &remain);
+        if (kret)
+            goto cleanup;
+
+        context->default_realm[ibuf] = '\0';
+    }
+
+    /* Get the tgs_etypes */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+    count = ibuf;
+    if (count > 0) {
+        context->tgs_etypes = calloc(count + 1, sizeof(krb5_enctype));
+        if (!context->tgs_etypes) {
+            kret = ENOMEM;
+            goto cleanup;
+        }
+        for (i = 0; i < count; i++) {
+            if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+                goto cleanup;
+            context->tgs_etypes[i] = ibuf;
+        }
+        context->tgs_etypes[count] = 0;
+    } else
+        context->tgs_etypes = NULL;
+
+    /* Allowable clockskew */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+    context->clockskew = (krb5_deltat) ibuf;
+
+    /* kdc_default_options */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+    context->kdc_default_options = (krb5_flags) ibuf;
+
+    /* library_options */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+    context->library_options = (krb5_flags) ibuf;
+
+    /* profile_secure */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+    context->profile_secure = (krb5_boolean) ibuf;
+
+    /* fcc_default_format */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+    context->fcc_default_format = (int) ibuf;
+
+    /* Attempt to read in the os_context.  It's an array now, but
+       we still treat it in most places as a separate object with
+       a pointer.  */
+    {
+        krb5_os_context osp = 0;
+        kret = internalize_oscontext(&osp, &bp, &remain);
+        if (kret && (kret != EINVAL) && (kret != ENOENT))
+            goto cleanup;
+        /* Put the newly allocated data into the krb5_context
+           structure where we're really keeping it these days.  */
+        if (osp)
+            context->os_context = *osp;
+        free(osp);
+    }
+
+    /* Attempt to read in the profile */
+    kret = profile_ser_internalize(NULL, &context->profile, &bp, &remain);
+    if (kret && (kret != EINVAL) && (kret != ENOENT))
+        goto cleanup;
+
+    /* Finally, find the trailer */
+    if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+        goto cleanup;
+
+    if (ibuf != KV5M_CONTEXT) {
+        kret = EINVAL;
+        goto cleanup;
+    }
+
+    context->magic = KV5M_CONTEXT;
+    *buffer = bp;
+    *lenremain = remain;
+    *argp = context;
+
+    return 0;
+
+cleanup:
+    if (context)
+        krb5_free_context(context);
+    return(kret);
+}
+
+krb5_error_code
+size_oscontext(krb5_os_context os_ctx, size_t *sizep)
+{
+    /*
+     * We need five 32-bit integers:
+     *  two for header and trailer
+     *  one each for time_offset, usec_offset and os_flags
+     */
+    *sizep += (5*sizeof(krb5_int32));
+    return(0);
+}
+
+krb5_error_code
+externalize_oscontext(krb5_os_context os_ctx,
+                      krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (os_ctx != NULL) {
+        kret = ENOMEM;
+        if (!size_oscontext(os_ctx, &required) && required <= remain) {
+            (void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain);
+            (void) krb5_ser_pack_int32(os_ctx->time_offset, &bp, &remain);
+            (void) krb5_ser_pack_int32(os_ctx->usec_offset, &bp, &remain);
+            (void) krb5_ser_pack_int32(os_ctx->os_flags, &bp, &remain);
+            (void) krb5_ser_pack_int32(KV5M_OS_CONTEXT, &bp, &remain);
+
+            /* Handle any other OS context here */
+            kret = 0;
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
+    }
+    return(kret);
+}
+
+static krb5_error_code
+internalize_oscontext(krb5_os_context *argp,
+                      krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_os_context     os_ctx;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    os_ctx = (krb5_os_context) NULL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_OS_CONTEXT) {
+        kret = ENOMEM;
+
+        /* Get memory for the context */
+        if ((os_ctx = (krb5_os_context)
+             calloc(1, sizeof(struct _krb5_os_context))) &&
+            (remain >= 4*sizeof(krb5_int32))) {
+            os_ctx->magic = KV5M_OS_CONTEXT;
+
+            /* Read out our context */
+            (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
+            (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain);
+            (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain);
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+
+            if (ibuf == KV5M_OS_CONTEXT) {
+                os_ctx->magic = KV5M_OS_CONTEXT;
+                kret = 0;
+                *buffer = bp;
+                *lenremain = remain;
+            } else
+                kret = EINVAL;
+        }
+    }
+    if (!kret) {
+        *argp = os_ctx;
+    }
+    else {
+        if (os_ctx)
+            free(os_ctx);
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_key.c b/krb5-1.21.3/src/lib/krb5/krb/ser_key.c
new file mode 100644
index 00000000..7a294d68
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_key.c
@@ -0,0 +1,148 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_key.c - Serialize krb5_keyblock structure */
+/*
+ * Copyright 1995, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_size_keyblock(krb5_keyblock *keyblock, size_t *sizep)
+{
+    krb5_error_code     kret;
+
+    /*
+     * krb5_keyblock requires:
+     *  krb5_int32                      for KV5M_KEYBLOCK
+     *  krb5_int32                      for enctype
+     *  krb5_int32                      for length
+     *  keyblock->length                for contents
+     *  krb5_int32                      for KV5M_KEYBLOCK
+     */
+    kret = EINVAL;
+    if (keyblock != NULL) {
+        *sizep += 4 * sizeof(krb5_int32) + keyblock->length;
+        kret = 0;
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_keyblock(krb5_keyblock *keyblock,
+                        krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (keyblock != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_keyblock(keyblock, &required) && required <= remain) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
+
+            /* Our enctype */
+            (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype,
+                                       &bp, &remain);
+
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) keyblock->length,
+                                       &bp, &remain);
+
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(keyblock->contents,
+                                       (size_t) keyblock->length,
+                                       &bp, &remain);
+
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
+
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_internalize_keyblock(krb5_keyblock **argp,
+                        krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_keyblock       *keyblock;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
+        ibuf = 0;
+    if (ibuf == KV5M_KEYBLOCK) {
+        kret = ENOMEM;
+
+        /* Get a keyblock */
+        if ((remain >= (3*sizeof(krb5_int32))) &&
+            (keyblock = (krb5_keyblock *) calloc(1, sizeof(krb5_keyblock)))) {
+            /* Get the enctype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            keyblock->enctype = (krb5_enctype) ibuf;
+
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            keyblock->length = (int) ibuf;
+
+            /* Get the string */
+            if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&&
+                !(kret = krb5_ser_unpack_bytes(keyblock->contents,
+                                               (size_t) ibuf,
+                                               &bp, &remain))) {
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                if (!kret && (ibuf == KV5M_KEYBLOCK)) {
+                    kret = 0;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    keyblock->magic = KV5M_KEYBLOCK;
+                    *argp = keyblock;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (keyblock->contents)
+                    free(keyblock->contents);
+                free(keyblock);
+            }
+        }
+    }
+    return(kret);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/ser_princ.c b/krb5-1.21.3/src/lib/krb5/krb/ser_princ.c
new file mode 100644
index 00000000..fc564997
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/ser_princ.c
@@ -0,0 +1,138 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/ser_princ.c - Serialize krb5_principal structure */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+k5_size_principal(krb5_principal principal, size_t *sizep)
+{
+    krb5_error_code     kret;
+    char                *fname;
+
+    /*
+     * krb5_principal requires:
+     *  krb5_int32                      for KV5M_PRINCIPAL
+     *  krb5_int32                      for flattened name size
+     *  strlen(name)                    for name.
+     *  krb5_int32                      for KV5M_PRINCIPAL
+     */
+    kret = EINVAL;
+    if (principal != NULL &&
+        !(kret = krb5_unparse_name(NULL, principal, &fname))) {
+        *sizep += (3*sizeof(krb5_int32)) + strlen(fname);
+        free(fname);
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_externalize_principal(krb5_principal principal,
+                         krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *fname;
+
+    required = 0;
+    bp = *buffer;
+    remain = *lenremain;
+    kret = EINVAL;
+    if (principal != NULL) {
+        kret = ENOMEM;
+        if (!k5_size_principal(principal, &required) && required <= remain) {
+            if (!(kret = krb5_unparse_name(NULL, principal, &fname))) {
+
+                (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
+                (void) krb5_ser_pack_int32((krb5_int32) strlen(fname),
+                                           &bp, &remain);
+                (void) krb5_ser_pack_bytes((krb5_octet *) fname,
+                                           strlen(fname), &bp, &remain);
+                (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
+
+                free(fname);
+            }
+        }
+    }
+    return(kret);
+}
+
+krb5_error_code
+k5_internalize_principal(krb5_principal *argp,
+                         krb5_octet **buffer, size_t *lenremain)
+{
+    krb5_error_code     kret;
+    krb5_principal      principal = NULL;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *tmpname = NULL;
+
+    *argp = NULL;
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Read our magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_PRINCIPAL)
+        return EINVAL;
+
+    /* Read the principal name */
+    kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+    if (kret)
+        return kret;
+    tmpname = malloc(ibuf + 1);
+    kret = krb5_ser_unpack_bytes((krb5_octet *) tmpname, (size_t) ibuf,
+                                 &bp, &remain);
+    if (kret)
+        goto cleanup;
+    tmpname[ibuf] = '\0';
+
+    /* Parse the name to a principal structure */
+    kret = krb5_parse_name_flags(NULL, tmpname,
+                                 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
+                                 &principal);
+    if (kret)
+        goto cleanup;
+
+    /* Read the trailing magic number */
+    if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_PRINCIPAL) {
+        kret = EINVAL;
+        goto cleanup;
+    }
+
+    *buffer = bp;
+    *lenremain = remain;
+    *argp = principal;
+cleanup:
+    if (kret)
+        krb5_free_principal(NULL, principal);
+    free(tmpname);
+    return kret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/serialize.c b/krb5-1.21.3/src/lib/krb5/krb/serialize.c
new file mode 100644
index 00000000..8934cf15
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/serialize.c
@@ -0,0 +1,125 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/serialize.c - Base serialization routines */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * krb5_ser_pack_int32()        - Pack a 4-byte integer if space is available.
+ *                                Update buffer pointer and remaining space.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int32(krb5_int32 iarg, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= sizeof(krb5_int32)) {
+        store_32_be(iarg, *bufp);
+        *bufp += sizeof(krb5_int32);
+        *remainp -= sizeof(krb5_int32);
+        return(0);
+    }
+    else
+        return(ENOMEM);
+}
+
+/*
+ * krb5_ser_pack_int64()        - Pack an 8-byte integer if space is available.
+ *                                Update buffer pointer and remaining space.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_int64(int64_t iarg, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= sizeof(int64_t)) {
+        store_64_be(iarg, (unsigned char *)*bufp);
+        *bufp += sizeof(int64_t);
+        *remainp -= sizeof(int64_t);
+        return(0);
+    }
+    else
+        return(ENOMEM);
+}
+
+/*
+ * krb5_ser_pack_bytes()        - Pack a string of bytes.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_pack_bytes(krb5_octet *ostring, size_t osize, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= osize) {
+        memcpy(*bufp, ostring, osize);
+        *bufp += osize;
+        *remainp -= osize;
+        return(0);
+    }
+    else
+        return(ENOMEM);
+}
+
+/*
+ * krb5_ser_unpack_int32()      - Unpack a 4-byte integer if it's there.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int32(krb5_int32 *intp, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= sizeof(krb5_int32)) {
+        *intp = load_32_be(*bufp);
+        *bufp += sizeof(krb5_int32);
+        *remainp -= sizeof(krb5_int32);
+        return(0);
+    }
+    else
+        return(ENOMEM);
+}
+
+/*
+ * krb5_ser_unpack_int64()      - Unpack an 8-byte integer if it's there.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_int64(int64_t *intp, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= sizeof(int64_t)) {
+        *intp = load_64_be((unsigned char *)*bufp);
+        *bufp += sizeof(int64_t);
+        *remainp -= sizeof(int64_t);
+        return(0);
+    }
+    else
+        return(ENOMEM);
+}
+
+/*
+ * krb5_ser_unpack_bytes()      - Unpack a byte string if it's there.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_ser_unpack_bytes(krb5_octet *istring, size_t isize, krb5_octet **bufp, size_t *remainp)
+{
+    if (*remainp >= isize) {
+        memcpy(istring, *bufp, isize);
+        *bufp += isize;
+        *remainp -= isize;
+        return(0);
+    }
+    else
+        return(ENOMEM);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/set_realm.c b/krb5-1.21.3/src/lib/krb5/krb/set_realm.c
new file mode 100644
index 00000000..9697ff6e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/set_realm.c
@@ -0,0 +1,48 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/set_realm.c */
+/*
+ * Copyright 1997 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_principal_realm(krb5_context context, krb5_principal principal,
+                         const char *realm)
+{
+    size_t  length;
+    char    *newrealm;
+
+    if (!realm)
+        return EINVAL;
+
+    length = strlen(realm);
+    newrealm = strdup(realm);
+    if (!newrealm)
+        return ENOMEM;
+
+    free(principal->realm.data);
+    principal->realm = make_data(newrealm, length);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/sname_match.c b/krb5-1.21.3/src/lib/krb5/krb/sname_match.c
new file mode 100644
index 00000000..55a4b7dc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/sname_match.c
@@ -0,0 +1,70 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/sname_match.c - krb5_sname_match API function */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_boolean KRB5_CALLCONV
+krb5_sname_match(krb5_context context, krb5_const_principal matching,
+                 krb5_const_principal princ)
+{
+    if (matching == NULL)
+        return TRUE;
+
+    if (matching->type != KRB5_NT_SRV_HST || matching->length != 2)
+        return krb5_principal_compare(context, matching, princ);
+
+    if (princ->length != 2)
+        return FALSE;
+
+    /* Check the realm if present in matching. */
+    if (matching->realm.length != 0 && !data_eq(matching->realm, princ->realm))
+        return FALSE;
+
+    /* Check the service name (must be present in matching). */
+    if (!data_eq(matching->data[0], princ->data[0]))
+        return FALSE;
+
+    /* Check the hostname if present in matching and not ignored. */
+    if (matching->data[1].length != 0 && !context->ignore_acceptor_hostname &&
+        !data_eq(matching->data[1], princ->data[1]))
+        return FALSE;
+
+    /* All elements match. */
+    return TRUE;
+}
+
+krb5_boolean
+k5_sname_wildcard_host(krb5_context context, krb5_const_principal mprinc)
+{
+    if (mprinc == NULL)
+        return TRUE;
+
+    if (mprinc->type != KRB5_NT_SRV_HST || mprinc->length != 2)
+        return FALSE;
+
+    return context->ignore_acceptor_hostname || mprinc->data[1].length == 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/srv_dec_tkt.c b/krb5-1.21.3/src/lib/krb5/krb/srv_dec_tkt.c
new file mode 100644
index 00000000..6c922523
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/srv_dec_tkt.c
@@ -0,0 +1,140 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/srv_dec_tkt.c */
+/*
+ * Copyright 2006, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Server decrypt ticket via keytab or keyblock.
+ *
+ * Different from krb5_rd_req_decoded. (krb5/src/lib/krb5/krb/rd_req_dec.c)
+ *   - No krb5_principal_compare or KRB5KRB_AP_ERR_BADMATCH error.
+ *   - No replay cache processing.
+ *   - No skew checking or KRB5KRB_AP_ERR_SKEW error.
+ *   - No address checking or KRB5KRB_AP_ERR_BADADDR error.
+ *   - No time validation.
+ *   - No permitted enctype validation or KRB5_NOPERM_ETYPE error.
+ *   - Does not free ticket->enc_part2 on error.
+ */
+
+#include <k5-int.h>
+
+#ifndef LEAN_CLIENT
+static krb5_error_code
+decrypt_ticket_keyblock(krb5_context context, const krb5_keyblock *key,
+                        krb5_ticket *ticket)
+{
+    krb5_error_code retval;
+    krb5_data *realm;
+    krb5_transited *trans;
+
+    retval = krb5_decrypt_tkt_part(context, key, ticket);
+    if (retval)
+        goto done;
+
+    trans = &ticket->enc_part2->transited;
+    realm = &ticket->enc_part2->client->realm;
+    if (trans->tr_contents.data && *trans->tr_contents.data) {
+        retval = krb5_check_transited_list(context, &trans->tr_contents,
+                                           realm, &ticket->server->realm);
+        goto done;
+    }
+
+    if (ticket->enc_part2->flags & TKT_FLG_INVALID) {   /* ie, KDC_OPT_POSTDATED */
+        retval = KRB5KRB_AP_ERR_TKT_INVALID;
+        goto done;
+    }
+
+done:
+    return retval;
+}
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_server_decrypt_ticket_keytab(krb5_context context,
+                                  const krb5_keytab keytab,
+                                  krb5_ticket *ticket)
+{
+    krb5_error_code       retval;
+    krb5_keytab_entry     ktent;
+
+    if (keytab->ops->start_seq_get == NULL) {
+        retval = krb5_kt_get_entry(context, keytab,
+                                   ticket->server,
+                                   ticket->enc_part.kvno,
+                                   ticket->enc_part.enctype, &ktent);
+        if (retval == 0) {
+            retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
+
+            (void) krb5_free_keytab_entry_contents(context, &ktent);
+        }
+    } else {
+        krb5_error_code code;
+        krb5_kt_cursor cursor;
+
+        retval = krb5_kt_start_seq_get(context, keytab, &cursor);
+        if (retval != 0)
+            goto map_error;
+
+        retval = KRB5_KT_NOTFOUND;
+        while ((code = krb5_kt_next_entry(context, keytab,
+                                          &ktent, &cursor)) == 0) {
+            if (ktent.key.enctype != ticket->enc_part.enctype) {
+                (void) krb5_free_keytab_entry_contents(context, &ktent);
+                continue;
+            }
+
+            retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
+            if (retval == 0) {
+                krb5_principal tmp;
+
+                retval = krb5_copy_principal(context, ktent.principal, &tmp);
+                if (retval == 0) {
+                    krb5_free_principal(context, ticket->server);
+                    ticket->server = tmp;
+                }
+                (void) krb5_free_keytab_entry_contents(context, &ktent);
+                break;
+            }
+            (void) krb5_free_keytab_entry_contents(context, &ktent);
+        }
+
+        code = krb5_kt_end_seq_get(context, keytab, &cursor);
+        if (code != 0)
+            retval = code;
+    }
+
+map_error:
+    switch (retval) {
+    case KRB5_KT_KVNONOTFOUND:
+    case KRB5_KT_NOTFOUND:
+    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+        retval = KRB5KRB_AP_WRONG_PRINC;
+        break;
+    default:
+        break;
+    }
+
+    return retval;
+}
+#endif /* LEAN_CLIENT */
diff --git a/krb5-1.21.3/src/lib/krb5/krb/srv_rcache.c b/krb5-1.21.3/src/lib/krb5/krb/srv_rcache.c
new file mode 100644
index 00000000..64a270e6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/srv_rcache.c
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/srv_rcache.c - Acquire default replay cache for a server */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <ctype.h>
+#include <stdio.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
+                       krb5_rcache *rcptr)
+{
+    /*
+     * This function used to compose a name based on the first component of the
+     * server principal, but now ignores the piece argument and resolves the
+     * default replay cache.
+     */
+    return k5_rc_default(context, rcptr);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/str_conv.c b/krb5-1.21.3/src/lib/krb5/krb/str_conv.c
new file mode 100644
index 00000000..c8421a8c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/str_conv.c
@@ -0,0 +1,319 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/str_conv.c - Convert between strings and krb5 data types */
+/*
+ * Copyright 1995, 1999, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Table of contents:
+ *
+ * String decoding:
+ * ----------------
+ * krb5_string_to_salttype()    - Convert string to salttype (krb5_int32)
+ * krb5_string_to_timestamp()   - Convert string to krb5_timestamp.
+ * krb5_string_to_deltat()      - Convert string to krb5_deltat.
+ *
+ * String encoding:
+ * ----------------
+ * krb5_salttype_to_string()    - Convert salttype (krb5_int32) to string.
+ * krb5_timestamp_to_string()   - Convert krb5_timestamp to string.
+ * krb5_timestamp_to_sfstring() - Convert krb5_timestamp to short filled string
+ * krb5_deltat_to_string()      - Convert krb5_deltat to string.
+ */
+
+#include "k5-int.h"
+#include <ctype.h>
+
+/* Salt type conversions */
+
+/*
+ * Local data structures.
+ */
+struct salttype_lookup_entry {
+    krb5_int32          stt_enctype;            /* Salt type number */
+    const char *        stt_name;               /* Salt type name */
+};
+
+/*
+ * Lookup tables.
+ */
+
+#include "kdb.h"
+static const struct salttype_lookup_entry salttype_table[] = {
+    { KRB5_KDB_SALTTYPE_NORMAL,     "normal"     },
+    { KRB5_KDB_SALTTYPE_NOREALM,    "norealm",   },
+    { KRB5_KDB_SALTTYPE_ONLYREALM,  "onlyrealm", },
+    { KRB5_KDB_SALTTYPE_SPECIAL,    "special",   },
+};
+static const int salttype_table_nents = sizeof(salttype_table)/
+    sizeof(salttype_table[0]);
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_salttype(char *string, krb5_int32 *salttypep)
+{
+    int i;
+    int found;
+
+    found = 0;
+    for (i=0; i<salttype_table_nents; i++) {
+        if (!strcasecmp(string, salttype_table[i].stt_name)) {
+            found = 1;
+            *salttypep = salttype_table[i].stt_enctype;
+            break;
+        }
+    }
+    return((found) ? 0 : EINVAL);
+}
+
+/*
+ * Internal datatype to string routines.
+ *
+ * These routines return 0 for success, EINVAL for invalid parameter, ENOMEM
+ * if the supplied buffer/length will not contain the output.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen)
+{
+    int i;
+    const char *out;
+
+    out = (char *) NULL;
+    for (i=0; i<salttype_table_nents; i++) {
+        if (salttype ==  salttype_table[i].stt_enctype) {
+            out = salttype_table[i].stt_name;
+            break;
+        }
+    }
+    if (out) {
+        if (strlcpy(buffer, out, buflen) >= buflen)
+            return(ENOMEM);
+        return(0);
+    }
+    else
+        return(EINVAL);
+}
+
+/* (absolute) time conversions */
+
+#ifdef HAVE_STRPTIME
+#ifdef NEED_STRPTIME_PROTO
+extern char *strptime (const char *, const char *,
+                       struct tm *)
+#ifdef __cplusplus
+    throw()
+#endif
+    ;
+#endif
+#else /* HAVE_STRPTIME */
+#undef strptime
+#define strptime my_strptime
+static char *strptime (const char *, const char *, struct tm *);
+#endif
+
+#ifndef HAVE_LOCALTIME_R
+static inline struct tm *
+localtime_r(const time_t *t, struct tm *buf)
+{
+    struct tm *tm = localtime(t);
+    if (tm == NULL)
+        return NULL;
+    *buf = *tm;
+    return buf;
+}
+#endif
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_timestamp(char *string, krb5_timestamp *timestampp)
+{
+    int i;
+    struct tm timebuf, timebuf2;
+    time_t now, ret_time;
+    char *s;
+    static const char * const atime_format_table[] = {
+        "%Y%m%d%H%M%S",         /* yyyymmddhhmmss               */
+        "%Y.%m.%d.%H.%M.%S",    /* yyyy.mm.dd.hh.mm.ss          */
+        "%y%m%d%H%M%S",         /* yymmddhhmmss                 */
+        "%y.%m.%d.%H.%M.%S",    /* yy.mm.dd.hh.mm.ss            */
+        "%y%m%d%H%M",           /* yymmddhhmm                   */
+        "%H%M%S",               /* hhmmss                       */
+        "%H%M",                 /* hhmm                         */
+        "%T",                   /* hh:mm:ss                     */
+        "%R",                   /* hh:mm                        */
+        /* The following not really supported unless native strptime present */
+        "%x:%X",                /* locale-dependent short format */
+        "%d-%b-%Y:%T",          /* dd-month-yyyy:hh:mm:ss       */
+        "%d-%b-%Y:%R"           /* dd-month-yyyy:hh:mm          */
+    };
+    static const int atime_format_table_nents =
+        sizeof(atime_format_table)/sizeof(atime_format_table[0]);
+
+
+    now = time((time_t *) NULL);
+    if (localtime_r(&now, &timebuf2) == NULL)
+        return EINVAL;
+    for (i=0; i<atime_format_table_nents; i++) {
+        /* We reset every time throughout the loop as the manual page
+         * indicated that no guarantees are made as to preserving timebuf
+         * when parsing fails
+         */
+        timebuf = timebuf2;
+        if ((s = strptime(string, atime_format_table[i], &timebuf))
+            && (s != string)) {
+            /* See if at end of buffer - otherwise partial processing */
+            while(*s != 0 && isspace((int) *s)) s++;
+            if (*s != 0)
+                continue;
+            if (timebuf.tm_year <= 0)
+                continue;       /* clearly confused */
+            ret_time = mktime(&timebuf);
+            if (ret_time == (time_t) -1)
+                continue;       /* clearly confused */
+            *timestampp = (krb5_timestamp) ret_time;
+            return 0;
+        }
+    }
+    return(EINVAL);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen)
+{
+    size_t ret;
+    time_t timestamp2 = ts2tt(timestamp);
+    struct tm tmbuf;
+    const char *fmt = "%c"; /* This is to get around gcc -Wall warning that
+                               the year returned might be two digits */
+
+    if (localtime_r(&timestamp2, &tmbuf) == NULL)
+        return(ENOMEM);
+    ret = strftime(buffer, buflen, fmt, &tmbuf);
+    if (ret == 0 || ret == buflen)
+        return(ENOMEM);
+    return(0);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen, char *pad)
+{
+    struct tm   *tmp;
+    size_t i;
+    size_t      ndone;
+    time_t timestamp2 = ts2tt(timestamp);
+    struct tm tmbuf;
+
+    static const char * const sftime_format_table[] = {
+        "%c",                   /* Default locale-dependent date and time */
+        "%d %b %Y %T",          /* dd mon yyyy hh:mm:ss                 */
+        "%x %X",                /* locale-dependent short format        */
+        "%x %T",                /* locale-dependent date + hh:mm:ss     */
+        "%x %R",                /* locale-dependent date + hh:mm        */
+        "%Y-%m-%dT%H:%M:%S",    /* ISO 8601 date + time                 */
+        "%Y-%m-%dT%H:%M",       /* ISO 8601 date + hh:mm                */
+        "%Y%m%d%H%M%S",         /* ISO 8601 date + time, basic          */
+        "%Y%m%d%H%M"            /* ISO 8601 date + hh:mm, basic         */
+    };
+    static const unsigned int sftime_format_table_nents =
+        sizeof(sftime_format_table)/sizeof(sftime_format_table[0]);
+
+    tmp = localtime_r(&timestamp2, &tmbuf);
+    if (tmp == NULL)
+        return errno;
+    ndone = 0;
+    for (i=0; i<sftime_format_table_nents; i++) {
+        if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp)))
+            break;
+    }
+    if (ndone && pad) {
+        for (i=ndone; i<buflen-1; i++)
+            buffer[i] = *pad;
+        buffer[buflen-1] = '\0';
+    }
+    return((ndone) ? 0 : ENOMEM);
+}
+
+/* relative time (delta-t) conversions */
+
+/* string->deltat is in deltat.y */
+
+krb5_error_code KRB5_CALLCONV
+krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen)
+{
+    int                 days, hours, minutes, seconds;
+    krb5_deltat         dt;
+
+    days = (int) (deltat / (24*3600L));
+    dt = deltat % (24*3600L);
+    hours = (int) (dt / 3600);
+    dt %= 3600;
+    minutes = (int) (dt / 60);
+    seconds = (int) (dt % 60);
+
+    if (days == 0)
+        snprintf(buffer, buflen, "%d:%02d:%02d", hours, minutes, seconds);
+    else if (hours || minutes || seconds)
+        snprintf(buffer, buflen, "%d %s %02d:%02d:%02d", days,
+                 (days > 1) ? "days" : "day",
+                 hours, minutes, seconds);
+    else
+        snprintf(buffer, buflen, "%d %s", days,
+                 (days > 1) ? "days" : "day");
+    return 0;
+}
+
+#undef __P
+#define __P(X) X
+
+#ifndef HAVE_STRPTIME
+#undef _CurrentTimeLocale
+#define _CurrentTimeLocale (&dummy_locale_info)
+
+struct dummy_locale_info_t {
+    char d_t_fmt[15];
+    char t_fmt_ampm[12];
+    char t_fmt[9];
+    char d_fmt[9];
+    char day[7][10];
+    char abday[7][4];
+    char mon[12][10];
+    char abmon[12][4];
+    char am_pm[2][3];
+};
+static const struct dummy_locale_info_t dummy_locale_info = {
+    "%a %b %d %X %Y",           /* %c */
+    "%I:%M:%S %p",              /* %r */
+    "%H:%M:%S",                 /* %X */
+    "%m/%d/%y",                 /* %x */
+    { "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday",
+      "Saturday" },
+    { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" },
+    { "January", "February", "March", "April", "May", "June",
+      "July", "August", "September", "October", "November", "December" },
+    { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+      "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" },
+    { "AM", "PM" },
+};
+#undef  TM_YEAR_BASE
+#define TM_YEAR_BASE 1900
+
+#include "strptime.c"
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/krb/strptime.c b/krb5-1.21.3/src/lib/krb5/krb/strptime.c
new file mode 100644
index 00000000..22813f56
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/strptime.c
@@ -0,0 +1,386 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/* lib/krb5/krb/strptime.c */
+/*
+ * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code was contributed to The NetBSD Foundation by Klaus Klein.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *        This product includes software developed by the NetBSD
+ *        Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+__RCSID("$NetBSD: strptime.c,v 1.18 1999/04/29 02:58:30 tv Exp $");
+#endif
+
+#include <ctype.h>
+#include <string.h>
+#include <time.h>
+
+#undef _ctloc
+#define _ctloc(x)		_CurrentTimeLocale->x
+
+/*
+ * We do not implement alternate representations. However, we always
+ * check whether a given modifier is allowed for a certain conversion.
+ */
+#define ALT_E			0x01
+#define ALT_O			0x02
+#define	LEGAL_ALT(x)		{ if (alt_format & ~(x)) return (0); }
+
+
+static	int conv_num __P((const char **, int *, int, int));
+
+
+static char *
+strptime(buf, fmt, tm)
+	const char *buf, *fmt;
+	struct tm *tm;
+{
+	char c;
+	const char *bp;
+	size_t len = 0;
+	int alt_format, i, split_year = 0;
+
+	bp = buf;
+
+	while ((c = *fmt) != '\0') {
+		/* Clear `alternate' modifier prior to new conversion. */
+		alt_format = 0;
+
+		/* Eat up white-space. */
+		if (isspace(c)) {
+			while (isspace(*bp))
+				bp++;
+
+			fmt++;
+			continue;
+		}
+
+		if ((c = *fmt++) != '%')
+			goto literal;
+
+
+again:		switch (c = *fmt++) {
+		case '%':	/* "%%" is converted to "%". */
+literal:
+			if (c != *bp++)
+				return (0);
+			break;
+
+		/*
+		 * "Alternative" modifiers. Just set the appropriate flag
+		 * and start over again.
+		 */
+		case 'E':	/* "%E?" alternative conversion modifier. */
+			LEGAL_ALT(0);
+			alt_format |= ALT_E;
+			goto again;
+
+		case 'O':	/* "%O?" alternative conversion modifier. */
+			LEGAL_ALT(0);
+			alt_format |= ALT_O;
+			goto again;
+
+		/*
+		 * "Complex" conversion rules, implemented through recursion.
+		 */
+		case 'c':	/* Date and time, using the locale's format. */
+			LEGAL_ALT(ALT_E);
+			if (!(bp = strptime(bp, _ctloc(d_t_fmt), tm)))
+				return (0);
+			break;
+
+		case 'D':	/* The date as "%m/%d/%y". */
+			LEGAL_ALT(0);
+			if (!(bp = strptime(bp, "%m/%d/%y", tm)))
+				return (0);
+			break;
+
+		case 'R':	/* The time as "%H:%M". */
+			LEGAL_ALT(0);
+			if (!(bp = strptime(bp, "%H:%M", tm)))
+				return (0);
+			break;
+
+		case 'r':	/* The time in 12-hour clock representation. */
+			LEGAL_ALT(0);
+			if (!(bp = strptime(bp, _ctloc(t_fmt_ampm), tm)))
+				return (0);
+			break;
+
+		case 'T':	/* The time as "%H:%M:%S". */
+			LEGAL_ALT(0);
+			if (!(bp = strptime(bp, "%H:%M:%S", tm)))
+				return (0);
+			break;
+
+		case 'X':	/* The time, using the locale's format. */
+			LEGAL_ALT(ALT_E);
+			if (!(bp = strptime(bp, _ctloc(t_fmt), tm)))
+				return (0);
+			break;
+
+		case 'x':	/* The date, using the locale's format. */
+			LEGAL_ALT(ALT_E);
+			if (!(bp = strptime(bp, _ctloc(d_fmt), tm)))
+				return (0);
+			break;
+
+		/*
+		 * "Elementary" conversion rules.
+		 */
+		case 'A':	/* The day of week, using the locale's form. */
+		case 'a':
+			LEGAL_ALT(0);
+			for (i = 0; i < 7; i++) {
+				/* Full name. */
+				len = strlen(_ctloc(day[i]));
+				if (strncasecmp(_ctloc(day[i]), bp, len) == 0)
+					break;
+
+				/* Abbreviated name. */
+				len = strlen(_ctloc(abday[i]));
+				if (strncasecmp(_ctloc(abday[i]), bp, len) == 0)
+					break;
+			}
+
+			/* Nothing matched. */
+			if (i == 7)
+				return (0);
+
+			tm->tm_wday = i;
+			bp += len;
+			break;
+
+		case 'B':	/* The month, using the locale's form. */
+		case 'b':
+		case 'h':
+			LEGAL_ALT(0);
+			for (i = 0; i < 12; i++) {
+				/* Full name. */
+				len = strlen(_ctloc(mon[i]));
+				if (strncasecmp(_ctloc(mon[i]), bp, len) == 0)
+					break;
+
+				/* Abbreviated name. */
+				len = strlen(_ctloc(abmon[i]));
+				if (strncasecmp(_ctloc(abmon[i]), bp, len) == 0)
+					break;
+			}
+
+			/* Nothing matched. */
+			if (i == 12)
+				return (0);
+
+			tm->tm_mon = i;
+			bp += len;
+			break;
+
+		case 'C':	/* The century number. */
+			LEGAL_ALT(ALT_E);
+			if (!(conv_num(&bp, &i, 0, 99)))
+				return (0);
+
+			if (split_year) {
+				tm->tm_year = (tm->tm_year % 100) + (i * 100);
+			} else {
+				tm->tm_year = i * 100;
+				split_year = 1;
+			}
+			break;
+
+		case 'd':	/* The day of month. */
+		case 'e':
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &tm->tm_mday, 1, 31)))
+				return (0);
+			break;
+
+		case 'k':	/* The hour (24-hour clock representation). */
+			LEGAL_ALT(0);
+			/* FALLTHROUGH */
+		case 'H':
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &tm->tm_hour, 0, 23)))
+				return (0);
+			break;
+
+		case 'l':	/* The hour (12-hour clock representation). */
+			LEGAL_ALT(0);
+			/* FALLTHROUGH */
+		case 'I':
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &tm->tm_hour, 1, 12)))
+				return (0);
+			if (tm->tm_hour == 12)
+				tm->tm_hour = 0;
+			break;
+
+		case 'j':	/* The day of year. */
+			LEGAL_ALT(0);
+			if (!(conv_num(&bp, &i, 1, 366)))
+				return (0);
+			tm->tm_yday = i - 1;
+			break;
+
+		case 'M':	/* The minute. */
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &tm->tm_min, 0, 59)))
+				return (0);
+			break;
+
+		case 'm':	/* The month. */
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &i, 1, 12)))
+				return (0);
+			tm->tm_mon = i - 1;
+			break;
+
+		case 'p':	/* The locale's equivalent of AM/PM. */
+			LEGAL_ALT(0);
+			/* AM? */
+			if (strcasecmp(_ctloc(am_pm[0]), bp) == 0) {
+				if (tm->tm_hour > 11)
+					return (0);
+
+				bp += strlen(_ctloc(am_pm[0]));
+				break;
+			}
+			/* PM? */
+			else if (strcasecmp(_ctloc(am_pm[1]), bp) == 0) {
+				if (tm->tm_hour > 11)
+					return (0);
+
+				tm->tm_hour += 12;
+				bp += strlen(_ctloc(am_pm[1]));
+				break;
+			}
+
+			/* Nothing matched. */
+			return (0);
+
+		case 'S':	/* The seconds. */
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &tm->tm_sec, 0, 61)))
+				return (0);
+			break;
+
+		case 'U':	/* The week of year, beginning on sunday. */
+		case 'W':	/* The week of year, beginning on monday. */
+			LEGAL_ALT(ALT_O);
+			/*
+			 * XXX This is bogus, as we can not assume any valid
+			 * information present in the tm structure at this
+			 * point to calculate a real value, so just check the
+			 * range for now.
+			 */
+			 if (!(conv_num(&bp, &i, 0, 53)))
+				return (0);
+			 break;
+
+		case 'w':	/* The day of week, beginning on sunday. */
+			LEGAL_ALT(ALT_O);
+			if (!(conv_num(&bp, &tm->tm_wday, 0, 6)))
+				return (0);
+			break;
+
+		case 'Y':	/* The year. */
+			LEGAL_ALT(ALT_E);
+			if (!(conv_num(&bp, &i, 0, 9999)))
+				return (0);
+
+			tm->tm_year = i - TM_YEAR_BASE;
+			break;
+
+		case 'y':	/* The year within 100 years of the epoch. */
+			LEGAL_ALT(ALT_E | ALT_O);
+			if (!(conv_num(&bp, &i, 0, 99)))
+				return (0);
+
+			if (split_year) {
+				tm->tm_year = ((tm->tm_year / 100) * 100) + i;
+				break;
+			}
+			split_year = 1;
+			if (i <= 68)
+				tm->tm_year = i + 2000 - TM_YEAR_BASE;
+			else
+				tm->tm_year = i + 1900 - TM_YEAR_BASE;
+			break;
+
+		/*
+		 * Miscellaneous conversions.
+		 */
+		case 'n':	/* Any kind of white-space. */
+		case 't':
+			LEGAL_ALT(0);
+			while (isspace(*bp))
+				bp++;
+			break;
+
+
+		default:	/* Unknown/unsupported conversion. */
+			return (0);
+		}
+
+
+	}
+
+	/* LINTED functional specification */
+	return ((char *)bp);
+}
+
+
+static int
+conv_num(buf, dest, llim, ulim)
+	const char **buf;
+	int *dest;
+	int llim, ulim;
+{
+	int result = 0;
+
+	/* The limit also determines the number of valid digits. */
+	int rulim = ulim;
+
+	if (**buf < '0' || **buf > '9')
+		return (0);
+
+	do {
+		result *= 10;
+		result += *(*buf)++ - '0';
+		rulim /= 10;
+	} while ((result * 10 <= ulim) && rulim && **buf >= '0' && **buf <= '9');
+
+	if (result < llim || result > ulim)
+		return (0);
+
+	*dest = result;
+	return (1);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_ad_fx_armor.c b/krb5-1.21.3/src/lib/krb5/krb/t_ad_fx_armor.c
new file mode 100644
index 00000000..73dbb3a6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_ad_fx_armor.c
@@ -0,0 +1,37 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <memory.h>
+#include <stdio.h>
+#include <krb5/krb5.h>
+
+#define test(x) do {retval = (x);                                       \
+        if(retval != 0) {                                               \
+            const char *errmsg = krb5_get_error_message(context, retval); \
+            fprintf(stderr, "Error message: %s\n", errmsg);             \
+            abort(); }                                                  \
+    } while(0);
+
+krb5_authdata ad_fx_armor = {0, KRB5_AUTHDATA_FX_ARMOR, 1, ""};
+krb5_authdata *array[] = {&ad_fx_armor, NULL};
+
+
+int main( int argc, char **argv)
+{
+    krb5_context context;
+    krb5_ccache ccache = NULL;
+    krb5_creds creds, *out_creds = NULL;
+    krb5_error_code retval = 0;
+    test(krb5_init_context(&context));
+    memset(&creds, 0, sizeof(creds));
+    creds.authdata = array;
+    test(krb5_cc_default(context, &ccache));
+    test(krb5_cc_get_principal(context, ccache, &creds.client));
+    test(krb5_parse_name(context, argv[1], &creds.server));
+    test(krb5_get_credentials(context, 0, ccache, &creds, &out_creds));
+    test(krb5_cc_destroy(context, ccache));
+    test(krb5_cc_default(context, &ccache));
+    test(krb5_cc_initialize(context, ccache, out_creds->client));
+    test(krb5_cc_store_cred(context, ccache, out_creds));
+    test(krb5_cc_close(context,ccache));
+    return 0;
+
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_authdata.c b/krb5-1.21.3/src/lib/krb5/krb/t_authdata.c
new file mode 100644
index 00000000..dd834b9b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_authdata.c
@@ -0,0 +1,113 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_authdata.c - Test authorization data search */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+#include <krb5.h>
+#include <assert.h>
+#include <memory.h>
+
+krb5_authdata ad1 = {
+    KV5M_AUTHDATA,
+    22,
+    4,
+    (unsigned char *) "abcd"};
+krb5_authdata ad2 = {
+    KV5M_AUTHDATA,
+    23,
+    5,
+    (unsigned char *) "abcde"
+};
+
+krb5_authdata ad3= {
+    KV5M_AUTHDATA,
+    22,
+    3,
+    (unsigned char *) "ab"
+};
+/* We want three results in the return from krb5_find_authdata so it has to
+ * grow its list.  */
+krb5_authdata ad4 = {
+    KV5M_AUTHDATA,
+    22,
+    5,
+    (unsigned char *)"abcd"
+};
+
+krb5_authdata *adseq1[] = {&ad1, &ad2, &ad4, NULL};
+
+krb5_authdata *adseq2[] = {&ad3, NULL};
+
+krb5_keyblock key = {
+    KV5M_KEYBLOCK,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    16,
+    (unsigned char *)"1234567890ABCDEF"
+};
+
+static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) {
+    assert(adc1->ad_type == adc2->ad_type);
+    assert(adc1->length == adc2->length);
+    assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0);
+}
+
+int
+main()
+{
+    krb5_context context;
+    krb5_authdata **results;
+    krb5_authdata *container[2];
+    krb5_authdata **container_out;
+    krb5_authdata **kdci;
+
+    assert(krb5_init_context(&context) == 0);
+    assert(krb5_merge_authdata(context, adseq1, adseq2, &results) == 0);
+    compare_authdata(results[0], &ad1);
+    compare_authdata( results[1], &ad2);
+    compare_authdata(results[2], &ad4);
+    compare_authdata( results[3], &ad3);
+    assert(results[4] == NULL);
+    krb5_free_authdata(context, results);
+    container[0] = &ad3;
+    container[1] = NULL;
+    assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0);
+    assert(krb5_find_authdata(context, adseq1, container_out, 22,
+                              &results) == 0);
+    compare_authdata(&ad1, results[0]);
+    compare_authdata( results[1], &ad4);
+    compare_authdata( results[2], &ad3);
+    assert( results[3] == NULL);
+    krb5_free_authdata(context, container_out);
+    assert(krb5_make_authdata_kdc_issued(context, &key, NULL, results, &kdci) == 0);
+    assert(krb5_verify_authdata_kdc_issued(context, &key, kdci[0], NULL, &container_out) == 0);
+    compare_authdata(container_out[0], results[0]);
+    compare_authdata(container_out[1], results[1]);
+    compare_authdata(container_out[2], results[2]);
+    krb5_free_authdata(context, kdci);
+    krb5_free_authdata(context, results);
+    krb5_free_authdata(context, container_out);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_cc_config.c b/krb5-1.21.3/src/lib/krb5/krb/t_cc_config.c
new file mode 100644
index 00000000..c2546d7a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_cc_config.c
@@ -0,0 +1,163 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* t_cc_config.c: read and write configuration items in ccaches */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * A test helper which either reads or writes a configuration setting from or
+ * to a credential cache, optionally for a specified server principal name.
+ */
+
+#include <k5-int.h>
+#include "int-proto.h"
+
+static void
+bail_on_err(krb5_context context, const char *msg, krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(context, code);
+        printf("%s: %s\n", msg, errmsg);
+        krb5_free_error_message(context, errmsg);
+        exit(1);
+    }
+}
+
+/*
+ * The default unset code path depends on the underlying ccache implementation
+ * knowing how to remove a credential, which most types don't actually support,
+ * so we have to jump through some hoops to ensure that when we set a value for
+ * a key, it'll be the only value for that key that'll be found later.  The
+ * ccache portions of libkrb5 will currently duplicate some of the actual
+ * tickets.
+ */
+static void
+unset_config(krb5_context context, krb5_ccache ccache,
+             krb5_principal server, const char *key)
+{
+    krb5_ccache tmp1, tmp2;
+    krb5_cc_cursor cursor;
+    krb5_creds mcreds, creds;
+
+    memset(&mcreds, 0, sizeof(mcreds));
+    memset(&creds, 0, sizeof(creds));
+    bail_on_err(context, "Error while deriving configuration principal names",
+                k5_build_conf_principals(context, ccache, server, key,
+                                         &mcreds));
+    bail_on_err(context, "Error resolving first in-memory ccache",
+                krb5_cc_resolve(context, "MEMORY:tmp1", &tmp1));
+    bail_on_err(context, "Error initializing first in-memory ccache",
+                krb5_cc_initialize(context, tmp1, mcreds.client));
+    bail_on_err(context, "Error resolving second in-memory ccache",
+                krb5_cc_resolve(context, "MEMORY:tmp2", &tmp2));
+    bail_on_err(context, "Error initializing second in-memory ccache",
+                krb5_cc_initialize(context, tmp2, mcreds.client));
+    bail_on_err(context, "Error copying credentials to first in-memory ccache",
+                krb5_cc_copy_creds(context, ccache, tmp1));
+    bail_on_err(context, "Error starting traversal of first in-memory ccache",
+                krb5_cc_start_seq_get(context, tmp1, &cursor));
+    while (krb5_cc_next_cred(context, tmp1, &cursor, &creds) == 0) {
+        if (!krb5_is_config_principal(context, creds.server) ||
+            !krb5_principal_compare(context, mcreds.server, creds.server) ||
+            !krb5_principal_compare(context, mcreds.client, creds.client)) {
+            bail_on_err(context,
+                        "Error storing non-config item to in-memory ccache",
+                        krb5_cc_store_cred(context, tmp2, &creds));
+        }
+        krb5_free_cred_contents(context, &creds);
+    }
+    bail_on_err(context, "Error ending traversal of first in-memory ccache",
+                krb5_cc_end_seq_get(context, tmp1, &cursor));
+    bail_on_err(context, "Error clearing ccache",
+                krb5_cc_initialize(context, ccache, mcreds.client));
+    bail_on_err(context, "Error storing creds to the ccache",
+                krb5_cc_copy_creds(context, tmp2, ccache));
+    bail_on_err(context, "Error cleaning up first in-memory ccache",
+                krb5_cc_destroy(context, tmp1));
+    bail_on_err(context, "Error cleaning up second in-memory ccache",
+                krb5_cc_destroy(context, tmp2));
+    krb5_free_principal(context, mcreds.client);
+    krb5_free_principal(context, mcreds.server);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_principal server;
+    krb5_ccache ccache;
+    krb5_data data;
+    krb5_error_code ret;
+    char *perr;
+    int c;
+    unsigned int i;
+
+    bail_on_err(NULL, "Error initializing Kerberos library",
+                krb5_init_context(&context));
+    bail_on_err(context, "Error getting location of default ccache",
+                krb5_cc_default(context, &ccache));
+    server = NULL;
+    while ((c = getopt(argc, argv, "p:")) != -1) {
+        switch (c) {
+        case 'p':
+            if (asprintf(&perr, "Error parsing principal name \"%s\"",
+                         optarg) < 0)
+                abort();
+            bail_on_err(context, perr,
+                        krb5_parse_name(context, optarg, &server));
+            free(perr);
+            break;
+        }
+    }
+    if (argc - optind < 1 || argc - optind > 2) {
+        fprintf(stderr, "Usage: %s [-p principal] key [value]\n", argv[0]);
+        return 1;
+    }
+    memset(&data, 0, sizeof(data));
+    if (argc - optind == 2) {
+        unset_config(context, ccache, server, argv[optind]);
+        data = string2data(argv[optind + 1]);
+        bail_on_err(context, "Error adding configuration data to ccache",
+                    krb5_cc_set_config(context, ccache, server, argv[optind],
+                                       &data));
+    } else {
+        ret = krb5_cc_get_config(context, ccache, server, argv[optind], &data);
+        if (ret == 0) {
+            for (i = 0; i < data.length; i++)
+                putc((unsigned int)data.data[i], stdout);
+            krb5_free_data_contents(context, &data);
+        }
+    }
+    krb5_free_principal(context, server);
+    krb5_cc_close(context, ccache);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_copy_context.c b/krb5-1.21.3/src/lib/krb5/krb/t_copy_context.c
new file mode 100644
index 00000000..0a5f2a38
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_copy_context.c
@@ -0,0 +1,157 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_copy_context.C - Test program for krb5_copy_context */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+
+static void
+trace(krb5_context ctx, const krb5_trace_info *info, void *data)
+{
+}
+
+static void
+check(int cond)
+{
+    if (!cond)
+        abort();
+}
+
+static void
+compare_string(const char *str1, const char *str2)
+{
+    check((str1 == NULL) == (str2 == NULL));
+    if (str1 != NULL)
+        check(strcmp(str1, str2) == 0);
+}
+
+static void
+compare_etypes(krb5_enctype *list1, krb5_enctype *list2)
+{
+    check((list1 == NULL) == (list2 == NULL));
+    if (list1 == NULL)
+        return;
+    while (*list1 != ENCTYPE_NULL && *list1 == *list2)
+        list1++, list2++;
+    check(*list1 == *list2);
+}
+
+/* Check that the context c is a valid copy of the reference context r. */
+static void
+check_context(krb5_context c, krb5_context r)
+{
+    int i;
+
+    /* Check fields which should have been propagated from r. */
+    compare_etypes(c->tgs_etypes, r->tgs_etypes);
+    check(c->os_context.time_offset == r->os_context.time_offset);
+    check(c->os_context.usec_offset == r->os_context.usec_offset);
+    check(c->os_context.os_flags == r->os_context.os_flags);
+    compare_string(c->os_context.default_ccname, r->os_context.default_ccname);
+    check(c->clockskew == r->clockskew);
+    check(c->kdc_default_options == r->kdc_default_options);
+    check(c->library_options == r->library_options);
+    check(c->profile_secure == r->profile_secure);
+    check(c->fcc_default_format == r->fcc_default_format);
+    check(c->udp_pref_limit == r->udp_pref_limit);
+    check(c->use_conf_ktypes == r->use_conf_ktypes);
+    check(c->allow_weak_crypto == r->allow_weak_crypto);
+    check(c->ignore_acceptor_hostname == r->ignore_acceptor_hostname);
+    check(c->enforce_ok_as_delegate == r->enforce_ok_as_delegate);
+    check(c->dns_canonicalize_hostname == r->dns_canonicalize_hostname);
+    compare_string(c->plugin_base_dir, r->plugin_base_dir);
+
+    /* Check fields which don't propagate. */
+    check(c->dal_handle == NULL);
+    check(c->prompt_types == NULL);
+    check(c->libkrb5_plugins.files == NULL);
+    check(c->preauth_context == NULL);
+    check(c->ccselect_handles == NULL);
+    check(c->localauth_handles == NULL);
+    check(c->hostrealm_handles == NULL);
+    check(c->err.code == 0);
+    check(c->err.msg == NULL);
+    check(c->kdblog_context == NULL);
+    check(c->trace_callback == NULL);
+    check(c->trace_callback_data == NULL);
+    for (i = 0; i < PLUGIN_NUM_INTERFACES; i++) {
+        check(c->plugins[i].modules == NULL);
+        check(!c->plugins[i].configured);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context ctx, ctx2;
+    krb5_plugin_initvt_fn *mods;
+    const krb5_enctype etypes[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+                                    ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 };
+    krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD };
+
+    /* Copy a default context and verify the result. */
+    check(krb5_init_context(&ctx) == 0);
+    check(krb5_copy_context(ctx, &ctx2) == 0);
+    check_context(ctx2, ctx);
+    krb5_free_context(ctx2);
+
+    /* Set non-default values for all of the propagated fields in ctx. */
+    ctx->allow_weak_crypto = TRUE;
+    check(krb5_set_default_tgs_enctypes(ctx, etypes) == 0);
+    check(krb5_set_debugging_time(ctx, 1234, 5678) == 0);
+    check(krb5_cc_set_default_name(ctx, "defccname") == 0);
+    check(krb5_set_default_realm(ctx, "defrealm") == 0);
+    ctx->clockskew = 18;
+    ctx->kdc_default_options = KDC_OPT_FORWARDABLE;
+    ctx->library_options = 0;
+    ctx->profile_secure = TRUE;
+    ctx->udp_pref_limit = 2345;
+    ctx->use_conf_ktypes = TRUE;
+    ctx->ignore_acceptor_hostname = TRUE;
+    ctx->enforce_ok_as_delegate = TRUE;
+    ctx->dns_canonicalize_hostname = CANONHOST_FALSE;
+    free(ctx->plugin_base_dir);
+    check((ctx->plugin_base_dir = strdup("/a/b/c/d")) != NULL);
+
+    /* Also set some of the non-propagated fields. */
+    ctx->prompt_types = ptypes;
+    check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &mods) == 0);
+    k5_plugin_free_modules(ctx, mods);
+    k5_setmsg(ctx, ENOMEM, "nooooooooo");
+    krb5_set_trace_callback(ctx, trace, ctx);
+
+    /* Copy the intentionally messy context and verify the result. */
+    check(krb5_copy_context(ctx, &ctx2) == 0);
+    check_context(ctx2, ctx);
+    krb5_free_context(ctx2);
+
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_deltat.c b/krb5-1.21.3/src/lib/krb5/krb/t_deltat.c
new file mode 100644
index 00000000..e519ee80
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_deltat.c
@@ -0,0 +1,157 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_deltat.c */
+/*
+ * Copyright 1999 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+int
+main (void)
+{
+    struct {
+        char *string;
+        krb5_deltat expected;
+        int is_error;
+#define GOOD(STR,VAL) { STR, VAL, 0 }
+#define BAD(STR) { STR, 0, 1 }
+#define DAY (24 * 3600)
+#define HOUR 3600
+#ifdef MIN
+#undef MIN
+#endif
+#define MIN 60
+    } values[] = {
+        /* d-h-m-s patterns */
+        GOOD ("3d", 3*DAY),
+        GOOD ("3h", 3*HOUR),
+        GOOD ("3m", 3*MIN),
+        GOOD ("3s", 3),
+        BAD ("3dd"),
+        GOOD ("3d4m    42s", 3 * DAY + 4 * MIN + 42),
+        GOOD ("3d-1h", 3 * DAY - 1 * HOUR),
+        GOOD ("3d -1h", 3 * DAY - HOUR),
+        GOOD ("3d4h5m6s", 3 * DAY + 4 * HOUR + 5 * MIN + 6),
+        BAD ("3d4m5h"),
+        GOOD ("12345s", 12345),
+        GOOD ("1m 12345s", MIN + 12345),
+        GOOD ("1m12345s", MIN + 12345),
+        GOOD ("3d 0m", 3 * DAY),
+        GOOD ("3d 0m  ", 3 * DAY),
+        GOOD ("3d \n\t 0m  ", 3 * DAY),
+        /* colon patterns */
+        GOOD ("42-13:42:47", 42 * DAY + 13 * HOUR + 42 * MIN + 47),
+        BAD ("3: 4"),
+        BAD ("13:0003"),
+        GOOD ("12:34", 12 * HOUR + 34 * MIN),
+        GOOD ("1:02:03", 1 * HOUR + 2 * MIN + 3),
+        BAD ("3:-4"),
+        /* XX We might want to require exactly two digits after a colon?  */
+        GOOD ("3:4", 3 * HOUR + 4 * MIN),
+        /* misc */
+        GOOD ("42", 42),
+        BAD ("1-2"),
+        /* Test overflow limitations */
+        GOOD ("2147483647s", 2147483647),
+        BAD ("2147483648s"),
+        GOOD ("24855d", 24855 * DAY),
+        BAD ("24856d"),
+        BAD ("24855d 100000000h"),
+        GOOD ("24855d 3h", 24855 * DAY + 3 * HOUR),
+        BAD ("24855d 4h"),
+        GOOD ("24855d 11647s", 24855 * DAY + 11647),
+        BAD ("24855d 11648s"),
+        GOOD ("24855d 194m 7s", 24855 * DAY + 194 * MIN + 7),
+        BAD ("24855d 194m 8s"),
+        BAD ("24855d 195m"),
+        BAD ("24855d 19500000000m"),
+        GOOD ("24855d 3h 14m 7s", 24855 * DAY + 3 * HOUR + 14 * MIN + 7),
+        BAD ("24855d 3h 14m 8s"),
+        GOOD ("596523h", 596523 * HOUR),
+        BAD ("596524h"),
+        GOOD ("596523h 847s", 596523 * HOUR + 847),
+        BAD ("596523h 848s"),
+        GOOD ("596523h 14m 7s", 596523 * HOUR + 14 * MIN + 7),
+        BAD ("596523h 14m 8s"),
+        GOOD ("35791394m", 35791394 * MIN),
+        GOOD ("35791394m7s", 35791394 * MIN + 7),
+        BAD ("35791394m8s"),
+        /* Test underflow */
+        GOOD ("-2147483647s", -2147483647),
+        /* This should be valid, but isn't */
+        /*BAD ("-2147483648s"),*/
+        GOOD ("-24855d", -24855 * DAY),
+        BAD ("-24856d"),
+        BAD ("-24855d -100000000h"),
+        GOOD ("-24855d -3h", -24855 * DAY - 3 * HOUR),
+        BAD ("-24855d -4h"),
+        GOOD ("-24855d -11647s", -24855 * DAY - 11647),
+        BAD ("-24855d -11649s"),
+        GOOD ("-24855d -194m -7s", -24855 * DAY - 194 * MIN - 7),
+        BAD ("-24855d -194m -9s"),
+        BAD ("-24855d -195m"),
+        BAD ("-24855d -19500000000m"),
+        GOOD ("-24855d -3h -14m -7s", -24855 * DAY - 3 * HOUR - 14 * MIN - 7),
+        BAD ("-24855d -3h -14m -9s"),
+        GOOD ("-596523h", -596523 * HOUR),
+        BAD ("-596524h"),
+        GOOD ("-596523h -847s", -596523 * HOUR - 847),
+        GOOD ("-596523h -848s", -596523 * HOUR - 848),
+        BAD ("-596523h -849s"),
+        GOOD ("-596523h -14m -8s", -596523 * HOUR - 14 * MIN - 8),
+        BAD ("-596523h -14m -9s"),
+        GOOD ("-35791394m", -35791394 * MIN),
+        GOOD ("-35791394m7s", -35791394 * MIN + 7),
+        BAD ("-35791394m-9s"),
+
+    };
+    int fail = 0;
+    size_t i;
+
+    for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) {
+        krb5_deltat result;
+        krb5_error_code code;
+
+        code = krb5_string_to_deltat (values[i].string, &result);
+        if (code && !values[i].is_error) {
+            fprintf (stderr, "unexpected error for `%s'\n", values[i].string);
+            fail++;
+        } else if (!code && values[i].is_error) {
+            fprintf (stderr, "expected but didn't get error for `%s'\n",
+                     values[i].string);
+            fail++;
+        } else if (code && values[i].is_error) {
+            /* do nothing */
+        } else if (result != values[i].expected) {
+            fprintf (stderr, "got %ld instead of expected %ld for `%s'\n",
+                     (long) result, (long) values[i].expected,
+                     values[i].string);
+            fail++;
+        }
+    }
+    if (fail == 0)
+        printf ("Passed all %d tests.\n", (int)i);
+    else
+        printf ("Failed %d of %d tests.\n", fail, (int)i);
+    return fail;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_etypes.c b/krb5-1.21.3/src/lib/krb5/krb/t_etypes.c
new file mode 100644
index 00000000..90c9f626
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_etypes.c
@@ -0,0 +1,230 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_etypes.c - test program for krb5int_parse_enctype_list */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include "com_err.h"
+
+static struct {
+    const char *str;
+    krb5_enctype defaults[64];
+    krb5_enctype expected_noweak[64];
+    krb5_enctype expected[64];
+    krb5_error_code expected_err_noweak;
+    krb5_error_code expected_err_weak;
+} tests[] = {
+    /* Single non-weak enctype */
+    { "aes128-cts-hmac-sha1-96",
+      { 0 },
+      { ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
+      { ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
+      0, 0
+    },
+    /* Default set with enctypes removed */
+    { "default -aes128-cts -des-hmac-sha1",
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
+      0, 0
+    },
+    /* Family followed by enctype */
+    { "aes des3-cbc-sha1-kd",
+      { 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        ENCTYPE_DES3_CBC_SHA1, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        ENCTYPE_DES3_CBC_SHA1, 0 },
+      0, 0
+    },
+    /* Family with enctype removed */
+    { "camellia -camellia256-cts-cmac",
+      { 0 },
+      { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 },
+      { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }
+    },
+    /* Default set with family added and enctype removed */
+    { "DEFAULT +aes -arcfour-hmac-md5",
+      { ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES3_CBC_SHA1, 0 },
+      { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128, 0 },
+      { ENCTYPE_DES3_CBC_SHA1,
+        ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+        0 },
+      0, 0
+    },
+    /* Default set with families removed and enctypes added (one redundant) */
+    { "DEFAULT -des3 rc4-hmac rc4-hmac-exp",
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_DES3_CBC_SHA1, ENCTYPE_ARCFOUR_HMAC, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_ARCFOUR_HMAC, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC_EXP, 0 },
+      0, 0
+    },
+    /* Default set with family moved to front */
+    { "des3 +DEFAULT",
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+        ENCTYPE_DES3_CBC_SHA1, 0 },
+      { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
+      { ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+        ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
+      0, 0
+    },
+    /* Two families with default set removed (exotic case), enctype added */
+    { "aes +rc4 -DEFaulT des3-hmac-sha1",
+      { ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_DES3_CBC_SHA1,
+        ENCTYPE_ARCFOUR_HMAC, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+        ENCTYPE_AES128_CTS_HMAC_SHA256_128, ENCTYPE_DES3_CBC_SHA1, 0 },
+      0, 0
+    },
+    /* Test krb5_set_default_in_tkt_ktypes */
+    { NULL,
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
+      { ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 },
+      0, 0
+    },
+    /* Should get KRB5_CONFIG_ETYPE_NOSUPP if app-provided list has no strong
+     * enctypes and allow_weak_crypto=false. */
+    { NULL,
+      { ENCTYPE_ARCFOUR_HMAC_EXP, 0 },
+      { 0 },
+      { ENCTYPE_ARCFOUR_HMAC_EXP, 0 },
+      KRB5_CONFIG_ETYPE_NOSUPP, 0
+    },
+    /* Should get EINVAL if app provides an empty list. */
+    { NULL,
+      { 0 },
+      { 0 },
+      { 0 },
+      EINVAL, EINVAL
+    }
+};
+
+static void
+show_enctypes(krb5_context ctx, krb5_enctype *list)
+{
+    unsigned int i;
+
+    for (i = 0; list[i]; i++) {
+        fprintf(stderr, "%d", (int) list[i]);
+        if (list[i + 1])
+            fprintf(stderr, " ");
+    }
+    fprintf(stderr, "\n");
+}
+
+static void
+compare(krb5_context ctx, krb5_enctype *result, krb5_enctype *expected,
+        const char *profstr, krb5_boolean weak)
+{
+    unsigned int i;
+
+    if (!result)
+        return;
+    for (i = 0; result[i]; i++) {
+        if (result[i] != expected[i])
+            break;
+    }
+    if (!result[i] && !expected[i]) /* Success! */
+        return;
+    if (profstr != NULL)
+        fprintf(stderr, "Unexpected result while parsing: %s\n", profstr);
+    fprintf(stderr, "Expected: ");
+    show_enctypes(ctx, expected);
+    fprintf(stderr, "Result: ");
+    show_enctypes(ctx, result);
+    fprintf(stderr, "allow_weak_crypto was %s\n", weak ? "true" : "false");
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context ctx;
+    krb5_error_code ret, expected_err;
+    krb5_enctype *list;
+    krb5_boolean weak;
+    unsigned int i;
+    char *copy;
+
+    ret = krb5_init_context(&ctx);
+    if (ret) {
+        com_err("krb5_init_context", ret, "");
+        return 2;
+    }
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        for (weak = FALSE; weak <= TRUE; weak++) {
+            ctx->allow_weak_crypto = weak;
+            if (weak)
+                expected_err = tests[i].expected_err_weak;
+            else
+                expected_err = tests[i].expected_err_noweak;
+
+            if (tests[i].str != NULL) {
+                copy = strdup(tests[i].str);
+                ret = krb5int_parse_enctype_list(ctx, "", copy,
+                                                 tests[i].defaults, &list);
+                if (ret != expected_err) {
+                    com_err("krb5int_parse_enctype_list", ret, "");
+                    return 2;
+                }
+            } else {
+                /* No string; test the filtering on the set_default_etype_var
+                 * instead. */
+                copy = NULL;
+                list = NULL;
+                ret = krb5_set_default_tgs_enctypes(ctx, tests[i].defaults);
+                if (ret != expected_err) {
+                    com_err("krb5_set_default_in_tkt_ktypes", ret, "");
+                    return 2;
+                }
+            }
+            if (!expected_err) {
+                compare(ctx, tests[i].str ? list : ctx->tgs_etypes,
+                        (weak) ? tests[i].expected : tests[i].expected_noweak,
+                        tests[i].str, weak);
+            }
+            free(copy);
+            free(list);
+            if (!tests[i].str)
+                krb5_set_default_tgs_enctypes(ctx, NULL);
+        }
+    }
+
+    krb5_free_context(ctx);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_expand.c b/krb5-1.21.3/src/lib/krb5/krb/t_expand.c
new file mode 100644
index 00000000..b108e4bb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_expand.c
@@ -0,0 +1,3 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#define TEST
+#include "chk_trans.c"
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_expire_warn.c b/krb5-1.21.3/src/lib/krb5/krb/t_expire_warn.c
new file mode 100644
index 00000000..dc8dc8fb
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_expire_warn.c
@@ -0,0 +1,106 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_expire_warn.c - Test harness for password expiry warnings */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+static int exp_dummy, prompt_dummy;
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0)
+        abort();
+}
+
+static krb5_error_code
+prompter_cb(krb5_context ctx, void *data, const char *name,
+            const char *banner, int num_prompts, krb5_prompt prompts[])
+{
+    /* Not expecting any actual prompts, only banners. */
+    assert(num_prompts == 0);
+    assert(banner != NULL);
+    printf("Prompter: %s\n", banner);
+    return 0;
+}
+
+static void
+expire_cb(krb5_context ctx, void *data, krb5_timestamp password_expiration,
+          krb5_timestamp account_expiration, krb5_boolean is_last_req)
+{
+    printf("password_expiration = %ld\n", (long)password_expiration);
+    printf("account_expiration = %ld\n", (long)account_expiration);
+    printf("is_last_req = %d\n", (int)is_last_req);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context ctx;
+    krb5_init_creds_context icctx;
+    krb5_get_init_creds_opt *opt;
+    char *user, *password, *service = NULL;
+    krb5_boolean use_cb, stepwise;
+    krb5_principal client;
+    krb5_creds creds;
+
+    if (argc < 5) {
+        fprintf(stderr, "Usage: %s username password {1|0} {1|0} [service]\n",
+                argv[0]);
+        return 1;
+    }
+    user = argv[1];
+    password = argv[2];
+    use_cb = atoi(argv[3]);
+    stepwise = atoi(argv[4]);
+    if (argc >= 6)
+        service = argv[5];
+
+    check(krb5_init_context(&ctx));
+    check(krb5_get_init_creds_opt_alloc(ctx, &opt));
+    if (use_cb) {
+        check(krb5_get_init_creds_opt_set_expire_callback(ctx, opt, expire_cb,
+                                                          &exp_dummy));
+    }
+    check(krb5_parse_name(ctx, user, &client));
+    if (stepwise) {
+        check(krb5_init_creds_init(ctx, client, prompter_cb, &prompt_dummy, 0,
+                                   opt, &icctx));
+        krb5_init_creds_set_password(ctx, icctx, password);
+        if (service != NULL)
+            check(krb5_init_creds_set_service(ctx, icctx, service));
+        check(krb5_init_creds_get(ctx, icctx));
+        krb5_init_creds_free(ctx, icctx);
+    } else {
+        check(krb5_get_init_creds_password(ctx, &creds, client, password,
+                                           prompter_cb, &prompt_dummy, 0,
+                                           service, opt));
+        krb5_free_cred_contents(ctx, &creds);
+    }
+    krb5_get_init_creds_opt_free(ctx, opt);
+    krb5_free_principal(ctx, client);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_expire_warn.py b/krb5-1.21.3/src/lib/krb5/krb/t_expire_warn.py
new file mode 100755
index 00000000..e163cc7e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_expire_warn.py
@@ -0,0 +1,68 @@
+# Copyright (C) 2010 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+# Create a bare-bones KDC.
+realm = K5Realm(create_user=False, create_host=False)
+
+# Create principals with various password expirations.
+realm.run([kadminl, 'addprinc', '-pw', 'pass', 'noexpire'])
+realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '30 minutes',
+           'minutes'])
+realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '12 hours',
+           'hours'])
+realm.run([kadminl, 'addprinc', '-pw', 'pass', '-pwexpire', '3 days', 'days'])
+
+# Check for expected prompter warnings when no expire callback is used.
+output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '0', '0'])
+if output:
+    fail('Unexpected output for noexpire')
+realm.run(['./t_expire_warn', 'minutes', 'pass', '0', '0'],
+          expected_msg=' less than one hour on ')
+realm.run(['./t_expire_warn', 'hours', 'pass', '0', '0'],
+          expected_msg=' hours on ')
+realm.run(['./t_expire_warn', 'days', 'pass', '0', '0'],
+          expected_msg=' days on ')
+# Try one case with the stepwise interface.
+realm.run(['./t_expire_warn', 'days', 'pass', '0', '1'],
+          expected_msg=' days on ')
+
+# Check for expected expire callback behavior.  These tests are
+# carefully agnostic about whether the KDC supports last_req fields,
+# and could be made more specific if last_req support is added.
+output = realm.run(['./t_expire_warn', 'noexpire', 'pass', '1', '0'])
+if 'password_expiration = 0\n' not in output or \
+        'account_expiration = 0\n' not in output or \
+        'is_last_req = ' not in output:
+    fail('Expected callback output not seen for noexpire')
+output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '0'])
+if 'password_expiration = ' not in output or \
+        'password_expiration = 0\n' in output:
+    fail('Expected non-zero password expiration not seen for days')
+# Try one case with the stepwise interface.
+output = realm.run(['./t_expire_warn', 'days', 'pass', '1', '1'])
+if 'password_expiration = ' not in output or \
+        'password_expiration = 0\n' in output:
+    fail('Expected non-zero password expiration not seen for days')
+
+success('Password expiration warning tests')
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_get_etype_info.c b/krb5-1.21.3/src/lib/krb5/krb/t_get_etype_info.c
new file mode 100644
index 00000000..041c3499
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_get_etype_info.c
@@ -0,0 +1,110 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_get_etype_info.c - test harness for krb5_get_etype_info() */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+#include "k5-hex.h"
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_principal princ;
+    krb5_get_init_creds_opt *opt = NULL;
+    krb5_enctype *etypes = NULL, *newptr, etype;
+    krb5_data salt, s2kparams;
+    const char *armor_ccache = NULL, *msg;
+    char buf[128], *hex;
+    int c, netypes = 0;
+
+    while ((c = getopt(argc, argv, "e:T:")) != -1) {
+        switch (c) {
+        case 'e':
+            newptr = realloc(etypes, (netypes + 1) * sizeof(*etypes));
+            assert(newptr != NULL);
+            etypes = newptr;
+            ret = krb5_string_to_enctype(optarg, &etypes[netypes]);
+            assert(!ret);
+            netypes++;
+            break;
+        case 'T':
+            armor_ccache = optarg;
+            break;
+        }
+    }
+    assert(argc == optind + 1);
+
+    ret = krb5_init_context(&context);
+    assert(!ret);
+    ret = krb5_parse_name(context, argv[optind], &princ);
+    assert(!ret);
+    if (netypes > 0 || armor_ccache != NULL) {
+        ret = krb5_get_init_creds_opt_alloc(context, &opt);
+        assert(!ret);
+        if (netypes > 0)
+            krb5_get_init_creds_opt_set_etype_list(opt, etypes, netypes);
+        if (armor_ccache != NULL) {
+            ret = krb5_get_init_creds_opt_set_fast_ccache_name(context, opt,
+                                                               armor_ccache);
+            assert(!ret);
+        }
+    }
+    ret = krb5_get_etype_info(context, princ, opt, &etype, &salt, &s2kparams);
+    if (ret) {
+        msg = krb5_get_error_message(context, ret);
+        fprintf(stderr, "%s\n", msg);
+        krb5_free_error_message(context, msg);
+        exit(1);
+    } else if (etype == ENCTYPE_NULL) {
+        printf("no etype-info\n");
+    } else {
+        ret = krb5_enctype_to_name(etype, TRUE, buf, sizeof(buf));
+        assert(!ret);
+        printf("etype: %s\n", buf);
+        printf("salt: %.*s\n", (int)salt.length, salt.data);
+        if (s2kparams.length > 0) {
+            ret = k5_hex_encode(s2kparams.data, s2kparams.length, TRUE, &hex);
+            assert(!ret);
+            printf("s2kparams: %s\n", hex);
+            free(hex);
+        }
+    }
+
+    krb5_free_data_contents(context, &salt);
+    krb5_free_data_contents(context, &s2kparams);
+    krb5_free_principal(context, princ);
+    krb5_get_init_creds_opt_free(context, opt);
+    krb5_free_context(context);
+    free(etypes);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_get_etype_info.py b/krb5-1.21.3/src/lib/krb5/krb/t_get_etype_info.py
new file mode 100644
index 00000000..3c916859
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_get_etype_info.py
@@ -0,0 +1,56 @@
+from k5test import *
+
+conf = {'libdefaults': {'allow_weak_crypto': 'true'}}
+realm = K5Realm(create_host=False, krb5_conf=conf)
+
+realm.run([kadminl, 'ank', '-pw', 'pw', '+preauth', 'puser'])
+realm.run([kadminl, 'ank', '-nokey', 'nokey'])
+realm.run([kadminl, 'ank', '-nokey', '+preauth', 'pnokey'])
+realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp'])
+realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth',
+           'pexp'])
+
+# Extract the explicit salt values from the database.
+out = realm.run([kdb5_util, 'tabdump', 'keyinfo'])
+salt_dict = {f[0]: f[5] for f in [l.split('\t') for l in out.splitlines()]}
+exp_salt = bytes.fromhex(salt_dict['exp@KRBTEST.COM']).decode('ascii')
+pexp_salt = bytes.fromhex(salt_dict['pexp@KRBTEST.COM']).decode('ascii')
+
+# Test an error reply (other than PREAUTH_REQUIRED).
+out = realm.run(['./t_get_etype_info', 'notfound'], expected_code=1,
+                expected_msg='Client not found in Kerberos database')
+
+# Test with default salt and no specific options, with and without
+# preauth.  (Our KDC always sends an explicit salt, so unfortunately
+# we aren't really testing client handling of the default salt.)
+realm.run(['./t_get_etype_info', 'user'],
+          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n')
+realm.run(['./t_get_etype_info', 'puser'],
+          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n')
+
+# Test with a specified request enctype.
+msg = 'etype: aes128-cts\nsalt: KRBTEST.COMuser\n'
+realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'user'],
+          expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMuser\n')
+realm.run(['./t_get_etype_info', '-e', 'aes128-cts', 'puser'],
+          expected_msg='etype: aes128-cts\nsalt: KRBTEST.COMpuser\n')
+
+# Test with FAST.
+msg = 'etype: aes256-cts\nsalt: KRBTEST.COMuser\n'
+realm.run(['./t_get_etype_info', '-T', realm.ccache, 'user'],
+          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMuser\n')
+realm.run(['./t_get_etype_info', '-T', realm.ccache, 'puser'],
+          expected_msg='etype: aes256-cts\nsalt: KRBTEST.COMpuser\n')
+
+# Test with no available etype-info.
+realm.run(['./t_get_etype_info', 'nokey'], expected_code=1,
+          expected_msg='KDC has no support for encryption type')
+realm.run(['./t_get_etype_info', 'pnokey'], expected_msg='no etype-info')
+
+# Test with explicit salt.
+realm.run(['./t_get_etype_info', 'exp'],
+          expected_msg='etype: aes256-cts\nsalt: ' + exp_salt + '\n')
+realm.run(['./t_get_etype_info', 'pexp'],
+          expected_msg='etype: aes256-cts\nsalt: ' + pexp_salt + '\n')
+
+success('krb5_get_etype_info() tests')
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_in_ccache.c b/krb5-1.21.3/src/lib/krb5/krb/t_in_ccache.c
new file mode 100644
index 00000000..3f157a48
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_in_ccache.c
@@ -0,0 +1,149 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* t_in_ccache.c: get creds while using input and/or armor ccaches */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * A test helper that exercises the input-ccache option, potentially in
+ * combination with armor-ccache options.
+ */
+
+#include "k5-int.h"
+
+static void
+bail_on_err(krb5_context context, const char *msg, krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(context, code);
+        printf("%s: %s\n", msg, errmsg);
+        krb5_free_error_message(context, errmsg);
+        exit(1);
+    }
+}
+
+static krb5_error_code
+prompter_cb(krb5_context ctx, void *data, const char *name,
+            const char *banner, int num_prompts, krb5_prompt prompts[])
+{
+    /* Not expecting any actual prompts. */
+    if (num_prompts != 0) {
+        printf("too many prompts passed to prompter callback (%d), failing\n",
+               num_prompts);
+        exit(1);
+    }
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context ctx;
+    krb5_ccache in_ccache, out_ccache, armor_ccache;
+    krb5_get_init_creds_opt *opt;
+    char *user, *password, *armor_ccname = NULL, *in_ccname = NULL, *perr;
+    const char *err;
+    krb5_principal client;
+    krb5_creds creds;
+    krb5_flags fast_flags;
+    krb5_error_code ret;
+    int c;
+
+    while ((c = getopt(argc, argv, "I:A:")) != -1) {
+        switch (c) {
+        case 'A':
+            armor_ccname = optarg;
+            break;
+        case 'I':
+            in_ccname = optarg;
+            break;
+        }
+    }
+    if (argc - optind < 2) {
+        fprintf(stderr, "Usage: %s [-A armor_ccache] [-I in_ccache] "
+                "username password\n", argv[0]);
+        return 1;
+    }
+    user = argv[optind];
+    password = argv[optind + 1];
+
+    bail_on_err(NULL, "Error initializing Kerberos", krb5_init_context(&ctx));
+    bail_on_err(ctx, "Error allocating space for get_init_creds options",
+                krb5_get_init_creds_opt_alloc(ctx, &opt));
+    if (in_ccname != NULL) {
+        bail_on_err(ctx, "Error resolving input ccache",
+                    krb5_cc_resolve(ctx, in_ccname, &in_ccache));
+        bail_on_err(ctx, "Error setting input_ccache option",
+                    krb5_get_init_creds_opt_set_in_ccache(ctx, opt,
+                                                          in_ccache));
+    } else {
+        in_ccache = NULL;
+    }
+    if (armor_ccname != NULL) {
+        bail_on_err(ctx, "Error resolving armor ccache",
+                    krb5_cc_resolve(ctx, armor_ccname, &armor_ccache));
+        bail_on_err(ctx, "Error setting fast_ccache option",
+                    krb5_get_init_creds_opt_set_fast_ccache(ctx, opt,
+                                                            armor_ccache));
+        fast_flags = KRB5_FAST_REQUIRED;
+        bail_on_err(ctx, "Error setting option to force use of FAST",
+                    krb5_get_init_creds_opt_set_fast_flags(ctx, opt,
+                                                           fast_flags));
+    } else {
+        armor_ccache = NULL;
+    }
+    bail_on_err(ctx, "Error resolving output (default) ccache",
+                krb5_cc_default(ctx, &out_ccache));
+    bail_on_err(ctx, "Error setting output ccache option",
+                krb5_get_init_creds_opt_set_out_ccache(ctx, opt, out_ccache));
+    if (asprintf(&perr, "Error parsing principal name \"%s\"", user) < 0)
+        abort();
+    bail_on_err(ctx, perr, krb5_parse_name(ctx, user, &client));
+    ret = krb5_get_init_creds_password(ctx, &creds, client, password,
+                                       prompter_cb, NULL, 0, NULL, opt);
+    if (ret) {
+        err = krb5_get_error_message(ctx, ret);
+        printf("%s\n", err);
+        krb5_free_error_message(ctx, err);
+    } else {
+        krb5_free_cred_contents(ctx, &creds);
+    }
+    krb5_get_init_creds_opt_free(ctx, opt);
+    krb5_free_principal(ctx, client);
+    krb5_cc_close(ctx, out_ccache);
+    if (armor_ccache != NULL)
+        krb5_cc_close(ctx, armor_ccache);
+    if (in_ccache != NULL)
+        krb5_cc_close(ctx, in_ccache);
+    krb5_free_context(ctx);
+    free(perr);
+    return ret ? (ret - KRB5KDC_ERR_NONE) : 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_in_ccache_patypes.py b/krb5-1.21.3/src/lib/krb5/krb/t_in_ccache_patypes.py
new file mode 100755
index 00000000..b2812688
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_in_ccache_patypes.py
@@ -0,0 +1,84 @@
+# Copyright (C) 2010,2012 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+# Create a bare-bones KDC.
+realm = K5Realm(create_user=False, create_host=False)
+
+# Create principals with various password expirations.
+realm.run([kadminl, 'addprinc', '-pw', 'pass', 'nopreauth'])
+realm.run([kadminl, 'addprinc', '-pw', 'pass', '+requires_preauth', 'preauth'])
+
+# Check that we can get creds without preauth without an in_ccache.  This is
+# the default behavior for kinit.
+realm.run(['./t_in_ccache', 'nopreauth', 'pass'])
+
+# Check that we can get creds with preauth without an in_ccache.  This is the
+# default behavior for kinit.
+realm.run(['./t_in_ccache', 'preauth', 'pass'])
+
+# Check that we can get creds while supplying a now-populated input ccache that
+# doesn't contain any relevant configuration.
+realm.run(['./t_in_ccache', 'nopreauth', 'pass'])
+realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass'])
+
+# Check that we can get creds while supplying a now-populated input ccache.
+realm.run(['./t_in_ccache', 'preauth', 'pass'])
+realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass'])
+
+# Check that we can't get creds while specifying patypes that aren't available
+# in a FAST tunnel while using a FAST tunnel.  Expect the client-end
+# preauth-failed error.
+realm.run(['./t_in_ccache', 'nopreauth', 'pass'])
+realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '2'])
+realm.run(['./t_in_ccache', '-A', realm.ccache, '-I', realm.ccache,
+           'preauth', 'pass'], expected_code=210)
+
+# Check that we can't get creds while specifying patypes that are only
+# available in a FAST tunnel while not using a FAST tunnel.  Expect the
+# client-end preauth-failed error.
+realm.run(['./t_in_ccache', 'nopreauth', 'pass'])
+realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '138'])
+realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass'],
+          expected_code=210)
+
+# Check that we can get creds using FAST, and that we end up using
+# encrypted_challenge when we do.
+realm.run(['./t_in_ccache', 'preauth', 'pass'])
+realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '138'])
+realm.run(['./t_in_ccache', '-A', realm.ccache, 'preauth', 'pass'])
+output = realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type'])
+# We should have selected and used encrypted_challenge.
+if output != '138':
+    fail('Unexpected pa_type value in out_ccache: "%s"' % output)
+
+# Check that we can get creds while specifying the right patypes.
+realm.run(['./t_in_ccache', 'nopreauth', 'pass'])
+realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type', '2'])
+realm.run(['./t_in_ccache', '-I', realm.ccache, 'preauth', 'pass'])
+output = realm.run(['./t_cc_config', '-p', realm.krbtgt_princ, 'pa_type'])
+# We should have selected and used encrypted_timestamp.
+if output != '2':
+    fail('Unexpected pa_type value in out_ccache')
+
+success('input ccache pa_type tests')
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_kerb.c b/krb5-1.21.3/src/lib/krb5/krb/t_kerb.c
new file mode 100644
index 00000000..e8c42ab5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_kerb.c
@@ -0,0 +1,248 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * This driver routine is used to test many of the standard Kerberos library
+ * routines.
+ */
+
+#include "autoconf.h"
+#include "k5-int.h"
+#include <time.h>
+
+#include "com_err.h"
+
+void test_string_to_timestamp (krb5_context, char *);
+void test_425_conv_principal (krb5_context, char *, char*, char *);
+void test_524_conv_principal (krb5_context, char *);
+void test_parse_name (krb5_context, const char *);
+void test_name_type (krb5_context, const char *);
+void test_set_realm (krb5_context, const char *, const char *);
+void usage (char *);
+
+void
+test_string_to_timestamp(krb5_context ctx, char *ktime)
+{
+    krb5_timestamp      timestamp;
+    time_t              t;
+    krb5_error_code     retval;
+
+    retval = krb5_string_to_timestamp(ktime, &timestamp);
+    if (retval) {
+        com_err("krb5_string_to_timestamp", retval, 0);
+        return;
+    }
+    t = ts2tt(timestamp);
+    printf("Parsed time was %s", ctime(&t));
+}
+
+void
+test_425_conv_principal(krb5_context ctx, char *name, char *inst, char *realm)
+{
+    krb5_error_code     retval;
+    krb5_principal      princ;
+    char                *out_name;
+
+    retval = krb5_425_conv_principal(ctx, name, inst, realm, &princ);
+    if (retval) {
+        com_err("krb5_425_conv_principal", retval, 0);
+        return;
+    }
+    retval = krb5_unparse_name(ctx, princ, &out_name);
+    if (retval) {
+        com_err("krb5_unparse_name", retval, 0);
+        return;
+    }
+    printf("425_converted principal(%s, %s, %s): '%s'\n",
+           name, inst, realm, out_name);
+    free(out_name);
+    krb5_free_principal(ctx, princ);
+}
+
+void
+test_524_conv_principal(krb5_context ctx, char *name)
+{
+    krb5_principal princ = 0;
+    krb5_error_code retval;
+#define ANAME_SZ 40
+#define INST_SZ  40
+#define REALM_SZ  40
+    char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1];
+
+    aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+        com_err("krb5_parse_name", retval, 0);
+        goto fail;
+    }
+    retval = krb5_524_conv_principal(ctx, princ, aname, inst, realm);
+    if (retval) {
+        com_err("krb5_524_conv_principal", retval, 0);
+        goto fail;
+    }
+    printf("524_converted_principal(%s): '%s' '%s' '%s'\n",
+           name, aname, inst, realm);
+fail:
+    if (princ)
+        krb5_free_principal (ctx, princ);
+}
+
+void
+test_parse_name(krb5_context ctx, const char *name)
+{
+    krb5_error_code retval;
+    krb5_principal  princ = 0, princ2 = 0;
+    char            *outname = 0;
+
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+        com_err("krb5_parse_name", retval, 0);
+        goto fail;
+    }
+    retval = krb5_copy_principal(ctx, princ, &princ2);
+    if (retval) {
+        com_err("krb5_copy_principal", retval, 0);
+        goto fail;
+    }
+    retval = krb5_unparse_name(ctx, princ2, &outname);
+    if (retval) {
+        com_err("krb5_unparse_name", retval, 0);
+        goto fail;
+    }
+    printf("parsed (and unparsed) principal(%s): ", name);
+    if (strcmp(name, outname) == 0)
+        printf("MATCH\n");
+    else
+        printf("'%s'\n", outname);
+fail:
+    if (outname)
+        free(outname);
+    if (princ)
+        krb5_free_principal(ctx, princ);
+    if (princ2)
+        krb5_free_principal(ctx, princ2);
+}
+
+void
+test_name_type(krb5_context ctx, const char *name)
+{
+    krb5_error_code retval;
+    krb5_principal  princ = 0;
+
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+        com_err("krb5_parse_name", retval, 0);
+        return;
+    }
+    printf("name_type principal(%s): %d\n", name, krb5_princ_type(ctx, princ));
+    krb5_free_principal(ctx, princ);
+}
+
+void
+test_set_realm(krb5_context ctx, const char *name, const char *realm)
+{
+    krb5_error_code retval;
+    krb5_principal  princ = 0;
+    char            *outname = 0;
+
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+        com_err("krb5_parse_name", retval, 0);
+        goto fail;
+    }
+    retval = krb5_set_principal_realm(ctx, princ, realm);
+    if (retval) {
+        com_err("krb5_set_principal_realm", retval, 0);
+        goto fail;
+    }
+    retval = krb5_unparse_name(ctx, princ, &outname);
+    if (retval) {
+        com_err("krb5_unparse_name", retval, 0);
+        goto fail;
+    }
+    printf("old principal: %s, modified principal: %s\n", name,
+           outname);
+fail:
+    if (outname)
+        free(outname);
+    if (princ)
+        krb5_free_principal(ctx, princ);
+}
+
+void
+usage(char *progname)
+{
+    fprintf(stderr, "%s: Usage: %s 425_conv_principal <name> <inst> <realm>\n",
+            progname, progname);
+    fprintf(stderr, "\t%s 524_conv_principal <name>\n", progname);
+    fprintf(stderr, "\t%s parse_name <name>\n", progname);
+    fprintf(stderr, "\t%s name_type <name>\n", progname);
+    fprintf(stderr, "\t%s set_realm <name> <realm>\n", progname);
+    fprintf(stderr, "\t%s string_to_timestamp <time>\n", progname);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context ctx;
+    krb5_error_code retval;
+    char *progname;
+    char *name, *inst, *realm;
+
+    retval = krb5_init_context(&ctx);
+    if (retval) {
+        fprintf(stderr, "krb5_init_context returned error %ld\n",
+                (long) retval);
+        exit(1);
+    }
+    progname = argv[0];
+
+    /* Parse arguments. */
+    argc--; argv++;
+    while (argc) {
+        if (strcmp(*argv, "425_conv_principal") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            argc--; argv++;
+            if (!argc) usage(progname);
+            inst = *argv;
+            argc--; argv++;
+            if (!argc) usage(progname);
+            realm = *argv;
+            test_425_conv_principal(ctx, name, inst, realm);
+        } else if (strcmp(*argv, "parse_name") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            test_parse_name(ctx, name);
+        } else if (strcmp(*argv, "name_type") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            test_name_type(ctx, name);
+        } else if (strcmp(*argv, "set_realm") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            argc--; argv++;
+            if (!argc) usage(progname);
+            realm = *argv;
+            test_set_realm(ctx, name, realm);
+        } else if (strcmp(*argv, "string_to_timestamp") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            test_string_to_timestamp(ctx, *argv);
+        } else if (strcmp(*argv, "524_conv_principal") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            test_524_conv_principal(ctx, *argv);
+        }
+        else
+            usage(progname);
+        argc--; argv++;
+    }
+
+    krb5_free_context(ctx);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_krb5.conf b/krb5-1.21.3/src/lib/krb5/krb/t_krb5.conf
new file mode 100644
index 00000000..a851fbd3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_krb5.conf
@@ -0,0 +1,53 @@
+[libdefaults]
+	ticket_lifetime = 600
+	default_realm = ATHENA.MIT.EDU
+
+[realms]
+	ATHENA.MIT.EDU = {
+		kdc = KERBEROS-2.MIT.EDU:88
+		kdc = KERBEROS.MIT.EDU
+		kdc = KERBEROS-1.MIT.EDU
+		primary_kdc = KERBEROS.MIT.EDU
+		admin_server = KERBEROS.MIT.EDU
+		default_domain = MIT.EDU
+		v4_instance_convert = {
+			mit = mit.edu
+			lithium = lithium.lcs.mit.edu
+		}
+	}
+	CYGNUS.COM = {
+		kdc = KERBEROS-1.CYGNUS.COM
+		kdc = KERBEROS.CYGNUS.COM
+		admin_server = KERBEROS.MIT.EDU
+	}
+	stanford.edu = {
+		v4_realm = IR.STANFORD.EDU
+	}
+	LONGNAMES.COM = {
+		v4_realm = SOME-REALLY-LONG-REALM-NAME-V4-CANNOT-HANDLE.COM
+	}
+
+[capaths]
+	/COM/HP/APOLLO/FOO = {
+		/COM/DEC/CRL = /COM/DEC
+		/COM/DEC/CRL = /COM
+		/COM/DEC/CRL = /COM/HP
+		/COM/DEC/CRL = /COM/HP/APOLLO
+	}
+	ATHENA.MIT.EDU = {
+		KERBEROS.COM = .
+	}
+	LCS.MIT.EDU = {
+		KERBEROS.COM = ATHENA.MIT.EDU
+		ATHENA.MIT.EDU = .
+		KABLOOEY.KERBEROS.COM = ATHENA.MIT.EDU
+		KABLOOEY.KERBEROS.COM = KERBEROS.COM
+	}
+
+[domain_realm]
+	.mit.edu = ATHENA.MIT.EDU
+	mit.edu = ATHENA.MIT.EDU
+	.media.mit.edu = MEDIA-LAB.MIT.EDU
+	media.mit.edu = MEDIA-LAB.MIT.EDU
+	.ucsc.edu = CATS.UCSC.EDU
+
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_pac.c b/krb5-1.21.3/src/lib/krb5/krb/t_pac.c
new file mode 100644
index 00000000..81f1642a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_pac.c
@@ -0,0 +1,1151 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+#define U(x) (uint8_t *)x
+
+/*
+ * This PAC and keys are copied (with permission) from Samba torture
+ * regression test suite, they where created by Andrew Bartlet.
+ */
+
+static const unsigned char saved_pac[] = {
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
+    0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+    0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+    0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
+    0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
+    0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
+    0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+    0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
+    0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+    0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
+    0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+    0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+    0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
+    0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
+    0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+    0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
+    0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
+    0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
+    0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
+    0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
+    0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
+};
+
+static unsigned int type_1_length = 472;
+
+static const krb5_keyblock kdc_keyblock = {
+    0, ENCTYPE_ARCFOUR_HMAC,
+    16, U("\xB2\x86\x75\x71\x48\xAF\x7F\xD2\x52\xC5\x36\x03\xA1\x50\xB7\xE7")
+};
+
+static const krb5_keyblock member_keyblock = {
+    0, ENCTYPE_ARCFOUR_HMAC,
+    16, U("\xD2\x17\xFA\xEA\xE5\xE6\xB5\xF9\x5C\xCC\x94\x07\x7A\xB8\xA5\xFC")
+};
+
+static time_t authtime = 1120440609;
+static const char *user = "w2003final$@WIN2K3.THINKER.LOCAL";
+
+/* The S4U2Self PACs below were collected by debugging krb5-mit code on
+ * Linux, talking with a Windows 2008 KDC server over the network. */
+
+static const unsigned char s4u_pac_regular[] = {
+    0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
+    0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
+    0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+    0x48, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+    0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+    0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+    0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
+    0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
+    0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
+    0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+    0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
+    0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x89, 0xa1, 0x25, 0xd0, 0x59, 0xd4, 0x01,
+    0x0a, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
+    0x38, 0x00, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
+    0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+    0x10, 0x00, 0x00, 0x00, 0x88, 0x1d, 0x40, 0x84,
+    0x7a, 0x01, 0x7c, 0x80, 0x74, 0xe3, 0x6a, 0x6b,
+    0x76, 0xff, 0xff, 0xff, 0x1a, 0x1d, 0x97, 0xd2,
+    0x39, 0xf4, 0xb8, 0xb2, 0x53, 0xae, 0x77, 0xdb,
+    0x6c, 0x02, 0xd4, 0x3d, 0x00, 0x00, 0x00, 0x00
+};
+
+static const unsigned char s4u_pac_enterprise[] = {
+    0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
+    0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0a, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00,
+    0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
+    0x18, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+    0x50, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x60, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+    0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+    0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+    0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
+    0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
+    0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
+    0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+    0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
+    0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
+    0x80, 0xe1, 0x9b, 0xe2, 0xe0, 0x59, 0xd4, 0x01,
+    0x12, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
+    0x38, 0x00, 0x75, 0x00, 0x40, 0x00, 0x61, 0x00,
+    0x62, 0x00, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
+    0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+    0x10, 0x00, 0x00, 0x00, 0xfb, 0xe5, 0x03, 0x12,
+    0x13, 0x00, 0x6c, 0x8e, 0x81, 0x97, 0x09, 0xea,
+    0x76, 0xff, 0xff, 0xff, 0xba, 0xcd, 0x3a, 0xbc,
+    0x67, 0x61, 0x16, 0x9f, 0xb8, 0x96, 0xbc, 0xe1,
+    0xbe, 0x34, 0xe1, 0x77, 0x00, 0x00, 0x00, 0x00
+};
+
+static const unsigned char s4u_pac_xrealm[] = {
+    0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
+    0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0a, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00,
+    0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
+    0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+    0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x68, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+    0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+    0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+    0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
+    0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
+    0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
+    0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+    0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
+    0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
+    0x80, 0xa8, 0x60, 0x1b, 0x2b, 0x5a, 0xd4, 0x01,
+    0x1c, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
+    0x38, 0x00, 0x75, 0x00, 0x40, 0x00, 0x41, 0x00,
+    0x43, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x2e, 0x00,
+    0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
+    0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
+    0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+    0x10, 0x00, 0x00, 0x00, 0x11, 0x27, 0x3a, 0xa5,
+    0x41, 0x84, 0x87, 0xdf, 0xc6, 0xd7, 0x29, 0x26,
+    0x76, 0xff, 0xff, 0xff, 0xba, 0x7c, 0x7a, 0x84,
+    0xd2, 0x2b, 0x9c, 0x58, 0xed, 0x2f, 0xdf, 0x23,
+    0x09, 0x15, 0x05, 0x6b, 0x00, 0x00, 0x00, 0x00
+};
+
+static const unsigned char s4u_pac_ent_xrealm[] = {
+    0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x00,
+    0x58, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0a, 0x00, 0x00, 0x00, 0x2e, 0x00, 0x00, 0x00,
+    0xf8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
+    0x28, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x06, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
+    0x60, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x70, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+    0x90, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xc9, 0x36, 0xfd, 0x57,
+    0x5b, 0x59, 0xd4, 0x01, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0x0a, 0x00, 0x0a, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x0a, 0x00,
+    0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x76, 0x04, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+    0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x08, 0x00,
+    0x20, 0x00, 0x02, 0x00, 0x08, 0x00, 0x0a, 0x00,
+    0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x10, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x01, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x03, 0x00, 0x00, 0x00, 0x57, 0x00, 0x44, 0x00,
+    0x43, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+    0x74, 0xa0, 0x8d, 0x00, 0x3f, 0xa5, 0xc2, 0xe9,
+    0x60, 0x91, 0xe1, 0x22, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x87, 0x39, 0x5b, 0x4f, 0x5a, 0xd4, 0x01,
+    0x24, 0x00, 0x77, 0x00, 0x32, 0x00, 0x6b, 0x00,
+    0x38, 0x00, 0x75, 0x00, 0x40, 0x00, 0x61, 0x00,
+    0x62, 0x00, 0x63, 0x00, 0x40, 0x00, 0x41, 0x00,
+    0x43, 0x00, 0x4d, 0x00, 0x45, 0x00, 0x2e, 0x00,
+    0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00, 0x00, 0x00,
+    0x12, 0x00, 0x10, 0x00, 0x10, 0x00, 0x28, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x77, 0x00, 0x32, 0x00, 0x6b, 0x00, 0x38, 0x00,
+    0x75, 0x00, 0x40, 0x00, 0x61, 0x00, 0x62, 0x00,
+    0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x41, 0x00, 0x43, 0x00, 0x4d, 0x00, 0x45, 0x00,
+    0x2e, 0x00, 0x43, 0x00, 0x4f, 0x00, 0x4d, 0x00,
+    0x10, 0x00, 0x00, 0x00, 0xa3, 0x5d, 0xc5, 0xfe,
+    0x80, 0x6b, 0x62, 0x0c, 0xb1, 0x2f, 0x43, 0xa2,
+    0x76, 0xff, 0xff, 0xff, 0x95, 0x40, 0x76, 0xe4,
+    0x0a, 0x0a, 0xb9, 0xe7, 0x93, 0x0f, 0x05, 0xf8,
+    0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00
+};
+
+static const unsigned char fuzz1[] = {
+    0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
+    0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5
+};
+
+static const unsigned char fuzz2[] = {
+    0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
+    0x20, 0x20
+};
+
+static const char *s4u_principal = "w2k8u@ACME.COM";
+static const char *s4u_enterprise = "w2k8u@abc@ACME.COM";
+
+static const krb5_keyblock s4u_srv_key = {
+    0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    32, U("\x14\xDF\xB5\xB2\xCD\xB4\x2C\x88\x94\xDA\x2F\xA8\x82\xE9\x72\x9F"
+          "\x4A\x4D\xC7\x4B\xA0\x2A\x24\x2C\xC6\xA8\xD7\x10\x79\xB9\xAD\x9A")
+};
+
+static const krb5_keyblock s4u_tgt_srv_key = {
+    0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    32, U("\x42\x0C\x39\xC5\x1A\x17\x54\x04\x45\x1F\x95\x6B\x8C\x58\xE0\xF4"
+          "\x1B\xCA\x66\x9A\x64\x47\x95\xCA\x6E\x3A\xD5\x5A\x3B\x91\x8C\x9F")
+};
+
+static size_t s4u_logon_info_buffer_len = 416;
+
+struct pac_and_info {
+    time_t authtime;
+    krb5_boolean is_enterprise;
+    krb5_boolean is_xrealm;
+    const unsigned char *data;
+    size_t length;
+};
+
+static const struct pac_and_info s4u_pacs[] = {
+    { 1538430362, 0, 0, s4u_pac_regular, sizeof(s4u_pac_regular) },
+    { 1538437551, 1, 0, s4u_pac_enterprise, sizeof(s4u_pac_enterprise) },
+    { 1538469429, 0, 1, s4u_pac_xrealm, sizeof(s4u_pac_xrealm) },
+    { 1538484998, 1, 1, s4u_pac_ent_xrealm, sizeof(s4u_pac_ent_xrealm) },
+    { 0, 0, 0, NULL, 0 }
+};
+
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+static void err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+    __attribute__((__format__(__printf__, 3, 0)));
+#endif
+
+static void
+err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+{
+    va_list ap;
+    char *msg;
+    const char *errmsg = NULL;
+
+    va_start(ap, fmt);
+    if (vasprintf(&msg, fmt, ap) < 0)
+        exit(1);
+    va_end(ap);
+    if (ctx && code)
+        errmsg = krb5_get_error_message(ctx, code);
+    if (errmsg)
+        fprintf(stderr, "t_pac: %s: %s\n", msg, errmsg);
+    else
+        fprintf(stderr, "t_pac: %s\n", msg);
+    exit(1);
+}
+
+static void
+check_pac(krb5_context context, int index, const unsigned char *pdata,
+          size_t plen, time_t auth_time, krb5_principal p,
+          size_t type_one_buffer_length, krb5_boolean with_realm,
+          const krb5_keyblock *server_key, const krb5_keyblock *kdc_key)
+{
+    krb5_error_code ret;
+    const krb5_keyblock *kdc_sign_key;
+    krb5_data data;
+    krb5_pac pac;
+
+    /* If we don't have the KDC key (S4U cases), just use another key as we'd
+     * skip the KDC signature when verifying. */
+    kdc_sign_key = (kdc_key == NULL) ? &kdc_keyblock : kdc_key;
+
+    ret = krb5_pac_parse(context, pdata, plen, &pac);
+    if (ret)
+        err(context, ret, "[pac: %d] krb5_pac_parse", index);
+
+    ret = krb5_pac_verify_ext(context, pac, auth_time, p, server_key, kdc_key,
+                              with_realm);
+    if (ret)
+        err(context, ret, "[pac: %d] krb5_pac_verify_ext", index);
+
+    ret = krb5_pac_sign_ext(context, pac, auth_time, p, server_key,
+                            kdc_sign_key, with_realm, &data);
+    if (ret)
+        err(context, ret, "[pac: %d] krb5_pac_sign_ext", index);
+
+    krb5_pac_free(context, pac);
+
+    ret = krb5_pac_parse(context, data.data, data.length, &pac);
+    krb5_free_data_contents(context, &data);
+    if (ret)
+        err(context, ret, "[pac: %d] krb5_pac_parse 2", index);
+
+    ret = krb5_pac_verify_ext(context, pac, auth_time, p, server_key, kdc_key,
+                              with_realm);
+    if (ret)
+        err(context, ret, "[pac: %d] krb5_pac_verify_ext 2", index);
+
+    /* make a copy and try to reproduce it */
+    {
+        uint32_t *list;
+        size_t len, i;
+        krb5_pac pac2;
+
+        ret = krb5_pac_init(context, &pac2);
+        if (ret)
+            err(context, ret, "[pac: %d] krb5_pac_init", index);
+
+        /* our two user buffer plus the three "system" buffers */
+        ret = krb5_pac_get_types(context, pac, &len, &list);
+        if (ret)
+            err(context, ret, "[pac: %d] krb5_pac_get_types", index);
+
+        for (i = 0; i < len; i++) {
+            /* skip server_cksum, privsvr_cksum, and logon_name */
+            if (list[i] == 6 || list[i] == 7 || list[i] == 10)
+                continue;
+
+            ret = krb5_pac_get_buffer(context, pac, list[i], &data);
+            if (ret)
+                err(context, ret, "[pac: %d] krb5_pac_get_buffer", index);
+
+            if (list[i] == 1) {
+                if (type_one_buffer_length != data.length) {
+                    err(context, 0, "[pac: %d] type 1 have wrong length: %lu",
+                        index, (unsigned long)data.length);
+                }
+            } else if (list[i] != 12) {
+                err(context, 0, "[pac: %d] unknown type %lu",
+                    index, (unsigned long)list[i]);
+            }
+
+            ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
+            if (ret)
+                err(context, ret, "[pac: %d] krb5_pac_add_buffer", index);
+            krb5_free_data_contents(context, &data);
+        }
+        free(list);
+
+        ret = krb5_pac_sign_ext(context, pac2, auth_time, p, server_key,
+                                kdc_sign_key, with_realm, &data);
+        if (ret)
+            err(context, ret, "[pac: %d] krb5_pac_sign_ext 4", index);
+
+        krb5_pac_free(context, pac2);
+
+        ret = krb5_pac_parse(context, data.data, data.length, &pac2);
+        if (ret)
+            err(context, ret, "[pac: %d] krb5_pac_parse 4", index);
+
+        ret = krb5_pac_verify_ext(context, pac2, auth_time, p, server_key,
+                                  kdc_key, with_realm);
+        if (ret)
+            err(context, ret, "[pac: %d] krb5_pac_verify_ext 4", index);
+
+        krb5_free_data_contents(context, &data);
+
+        krb5_pac_free(context, pac2);
+    }
+
+    krb5_pac_free(context, pac);
+}
+
+static const krb5_keyblock ticket_sig_krbtgt_key = {
+    0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    32, U("\x03\x73\x81\xEC\x43\x96\x7B\xC2\xAC\x3D\xF5\x2A\xAE\x95\xA6\x8E"
+          "\xBE\x24\x58\xDB\xCE\x52\x28\x20\xAF\x5E\xB7\x04\xA2\x22\x71\x4F")
+};
+
+static const krb5_keyblock ticket_sig_server_key = {
+    0, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    32, U("\x11\x4A\x84\xE3\x14\x8F\xAA\xB1\xFA\x7B\x53\x51\xB2\x8A\xC2\xF1"
+          "\xFD\x19\x6D\x61\xE0\xF3\xF2\x3E\x1F\xDB\xD3\xC1\x79\x7D\xC1\xEE")
+};
+
+/* A ticket issued by an Active Directory KDC (Windows Server 2022), containing
+ * a PAC with a full checksum. */
+static const krb5_data ticket_data = {
+    .length = 1307, .data =
+    "\x61\x82\x05\x17\x30\x82\x05\x13\xA0\x03\x02\x01\x05\xA1\x0F\x1B"
+    "\x0D\x57\x32\x30\x32\x32\x2D\x4C\x37\x2E\x42\x41\x53\x45\xA2\x2A"
+    "\x30\x28\xA0\x03\x02\x01\x01\xA1\x21\x30\x1F\x1B\x04\x63\x69\x66"
+    "\x73\x1B\x17\x77\x32\x30\x32\x32\x2D\x31\x31\x38\x2E\x77\x32\x30"
+    "\x32\x32\x2D\x6C\x37\x2E\x62\x61\x73\x65\xA3\x82\x04\xCD\x30\x82"
+    "\x04\xC9\xA0\x03\x02\x01\x12\xA1\x03\x02\x01\x05\xA2\x82\x04\xBB"
+    "\x04\x82\x04\xB7\x44\x5C\x7B\x5A\x3F\x2E\xA3\x50\x34\xDE\xB0\x69"
+    "\x23\x2D\x47\x89\x2C\xC0\xA3\xF9\xDD\x70\xAA\xA5\x1E\xFE\x74\xE5"
+    "\x19\xA2\x4F\x65\x6C\x9E\x00\xB4\x60\x00\x7C\x0C\x29\x43\x31\x99"
+    "\x77\x02\x73\xED\xB9\x40\xF5\xD2\xD1\xC9\x20\x0F\xE3\x38\xF9\xCC"
+    "\x5E\x2A\xBD\x1F\x91\x66\x1A\xD8\x2A\x80\x3C\x2C\x00\x3C\x1E\xC9"
+    "\x2A\x29\x19\x19\x96\x18\x54\x03\x97\x8F\x1D\x5F\xDB\xE9\x66\x68"
+    "\xCD\xB1\xD5\x00\x35\x69\x49\x45\xF1\x6A\x78\x7B\x37\x71\x87\x14"
+    "\x1C\x98\x4D\x69\xCB\x1B\xD8\xF5\xA3\xD8\x53\x4A\x75\x76\x62\xBA"
+    "\x6C\x3F\xEA\x8B\x97\x21\xCA\x8A\x46\x4B\x38\xDA\x09\x9F\x5A\xC8"
+    "\x38\xFF\x34\x97\x5B\xA2\xE5\xBA\xC9\x87\x17\xD8\x08\x05\x7A\x83"
+    "\x04\xD6\x02\x8E\x9B\x18\xB6\x40\x1A\xF7\x47\x25\x24\x3E\x37\x1E"
+    "\xF6\xC1\x3A\x1F\xCA\xB3\x43\x5A\xAE\x94\x83\x31\xAF\xFB\xEE\xED"
+    "\x46\x71\xEF\xE2\x37\x37\x15\xFE\x1B\x0B\x9E\xF8\x3E\x0C\x43\x96"
+    "\xB6\x0A\x04\x78\xF8\x5E\xAA\x33\x1F\xE2\x07\x5A\x8D\xC4\x4E\x32"
+    "\x6D\xD6\xA0\xC5\xEA\x3D\x12\x59\xD4\x41\x40\x4E\xA1\xD8\xBE\xED"
+    "\x17\xCB\x68\xCC\x59\xCB\x53\xB2\x0E\x58\x8A\xA9\x33\x7F\x6F\x2B"
+    "\x37\x89\x08\x44\xBA\xC7\x67\x17\xBB\x91\xF7\xC3\x0F\x00\xF8\xAA"
+    "\xA1\x33\xA6\x08\x47\xCA\xFA\xE8\x49\x27\x45\x46\xF1\xC1\xC3\x5F"
+    "\xE2\x45\x0A\x7D\x64\x52\x8C\x2E\xE1\xDE\xFF\xB2\x64\xEC\x69\x98"
+    "\x15\xDF\x9E\xB1\xEB\xD6\x9D\x08\x06\x4E\x73\xC1\x0B\x71\x21\x05"
+    "\x9E\xBC\xA2\x17\xCF\xB3\x70\xF4\xEF\xB8\x69\xA9\x94\x27\xFD\x5E"
+    "\x72\xB1\x2D\xD2\x20\x1B\x57\x80\xAB\x38\x97\xCF\x22\x68\x4F\xB8"
+    "\xB7\x17\x53\x25\x67\x0B\xED\xD1\x58\x20\x0D\x45\xF9\x09\xFA\xE7"
+    "\x61\x3E\xDB\xC2\x59\x7B\x3A\x3B\x59\x81\x51\xAA\xA4\x81\xF4\x96"
+    "\x3B\xE1\x6F\x6F\xF4\x8E\x68\x9E\xBA\x1E\x0F\xF2\x44\x68\x11\xFC"
+    "\x2B\x5F\xBE\xF2\xEA\x07\x80\xB9\xCA\x9E\x41\xBD\x2F\x81\xF5\x11"
+    "\x2A\x12\xF3\x4F\xD6\x12\x16\x0F\x21\x90\xF1\xD3\x1E\xF1\xA4\x94"
+    "\x46\xEA\x30\xF3\x84\x06\xC1\xA4\x51\xFC\x43\x35\xBD\xEF\x4D\x89"
+    "\x1D\xA5\x44\xB2\x69\xC4\x0F\xBF\x86\x01\x08\x44\x77\xD5\xB4\xB7"
+    "\x5C\x3F\xA7\xD4\x2F\x39\x73\x85\x88\xEE\xB1\x64\x1D\x80\x6C\xEE"
+    "\x6E\x31\x90\x92\x0D\xA1\xB7\xC4\x5C\xCC\xEE\x91\xC8\xCB\x11\x2D"
+    "\x4A\x1A\x7D\x43\x8F\xEB\x60\x09\xED\x1B\x07\x58\xBE\xBC\xBD\x29"
+    "\xF3\xB3\xA3\x4F\xC5\x8A\x30\x33\xB9\xA9\x9F\x43\x08\x27\x15\xC4"
+    "\x9C\x5D\x8E\xBD\x5C\x05\xC6\x05\x9C\x87\x60\x08\x1E\xE2\x52\xB8"
+    "\x45\x8D\x28\xB6\x2C\x15\x46\x74\x9F\x0E\xAA\x6B\x70\x3A\x2A\x55"
+    "\x45\x26\xB2\x58\x4D\x35\xA6\xF1\x96\xBE\x60\xB2\x71\x7B\xF8\x54"
+    "\xB9\x90\x21\x8E\xB9\x0F\x35\x98\x5E\x88\xEB\x1A\x53\xB4\x59\x7F"
+    "\xAF\x69\x1C\x61\x67\xF4\xF6\xBD\xAC\x24\xCD\xB7\xA9\x67\xE8\xA1"
+    "\x83\x85\x5F\x11\x74\x1F\xF7\x4C\x78\x36\xEF\x50\x74\x88\x58\x4B"
+    "\x1A\x9F\x84\x9A\x9A\x05\x92\xEC\x1D\xD5\xF3\xC4\x95\x51\x28\xE2"
+    "\x3F\x32\x87\xB2\xFD\x21\x27\x66\xE4\x6B\x85\x2F\xDC\x7B\xC0\x22"
+    "\xEB\x7A\x94\x20\x5A\x7B\xD3\x7A\xB9\x5B\xF8\x1A\x5A\x84\x4E\xA1"
+    "\x73\x41\x53\xD2\x60\xF7\x7C\xEE\x68\x59\x85\x80\xFC\x3D\x70\x4B"
+    "\x04\x32\xE7\xF2\xFD\xBD\xB3\xD9\x21\xE2\x37\x56\xA2\x16\xCC\xDE"
+    "\x8A\xD3\xBC\x71\xEF\x58\x19\x0E\x45\x8A\x5B\x53\xD6\x77\x30\x6A"
+    "\xA7\xF8\x68\x06\x4E\x07\xCA\xCE\x30\xD7\x35\xAB\x1A\xC7\x18\xD4"
+    "\xC6\x2F\x1A\xFF\xE9\x7A\x94\x0B\x76\x5E\x7E\x29\x0C\xE6\xD3\x3B"
+    "\x5B\x44\x96\xA8\xF1\x29\x23\x95\xD9\x79\xB3\x39\xFC\x76\xED\xE1"
+    "\x1E\x67\x4E\xF7\xE8\x7B\x7A\x12\x9E\xD8\x4B\x35\x09\x0A\xF2\xC1"
+    "\x63\x5B\xEE\xFD\x2A\xC2\xA6\x66\x30\x3C\x1F\x95\xAF\x65\x22\x95"
+    "\x14\x1D\xF5\xD5\xDC\x38\x79\x35\x1C\xCD\x24\x47\xE0\xFD\x08\xC8"
+    "\xF4\x15\x55\x9F\xD9\xC7\xAC\x3F\x67\xB3\x4F\xEB\x26\x7C\x8E\xD6"
+    "\x74\xB3\x0A\xCD\xE7\xFA\xBE\x7E\xA3\x3E\xEC\x61\x50\x77\x52\x56"
+    "\xCF\x90\x5D\x48\xFB\xD4\x2C\x6C\x61\x8B\xDD\x2B\xF5\x92\x1F\x30"
+    "\xBF\x3F\x80\x0D\x31\xDB\xB2\x0B\x7D\x84\xE3\xA6\x42\x7F\x00\x38"
+    "\x44\x02\xC5\xB8\xD9\x58\x29\x9D\x68\x5C\x32\x8B\x76\xAE\xED\x15"
+    "\xF9\x7C\xAE\x7B\xB6\x8E\xD6\x54\x24\xFF\xFA\x87\x05\xEF\x15\x08"
+    "\x5E\x4B\x21\xA2\x2F\x49\xE7\x0F\xC3\xD0\xB9\x49\x22\xEF\xD5\xCA"
+    "\xB2\x11\xF2\x17\xB6\x77\x24\x68\x76\xB2\x07\xF8\x0A\x73\xDD\x65"
+    "\x9C\x75\x64\xF7\xA1\xC6\x23\x08\x84\x72\x3E\x54\x2E\xEB\x9B\x40"
+    "\xA6\x83\x87\xEB\xB5\x00\x40\x4F\xE1\x72\x2A\x59\x3A\x06\x60\x29"
+    "\x7E\x25\x2F\xD8\x80\x40\x8C\x59\xCA\xCF\x8E\x44\xE4\x2D\x84\x7E"
+    "\xCB\xFD\x1E\x3B\xD5\xFF\x9A\xB9\x66\x93\x6D\x5E\xC8\xB7\x13\x26"
+    "\xD6\x38\x1B\x2B\xE1\x87\x96\x05\xD5\xF3\xAB\x68\xF7\x12\x62\x2C"
+    "\x58\xC1\xC9\x85\x3C\x72\xF1\x26\xEE\xC0\x09\x5F\x1D\x4B\xAC\x01"
+    "\x41\xC8\x12\xF8\xF3\x93\x43\x41\xFF\xEC\x0B\x80\xE2\xEE\x20\x85"
+    "\x25\xCD\x6C\x30\x8C\x0D\x24\x2E\xBA\x19\xEA\x28\x7F\xCF\xD5\x10"
+    "\x5C\xE9\xB2\x9D\x5F\x16\xE4\xC0\xF3\xCC\xD9\x68\x4A\x05\x08\x70"
+    "\x17\x26\xC8\x5C\x4A\xBF\x94\x6A\x0E\xD5\xDA\x67\x47\x4B\xAF\x44"
+    "\xE3\x94\xAA\x05\xDB\xA2\x49\x74\xFA\x5C\x69\xAB\x44\xB7\xF7\xBA"
+    "\xAE\x7A\x23\x87\xEB\x54\x7E\x80\xF1\x5B\x60\xA5\x93\xE5\xD4\x24"
+    "\x84\xF7\x0A\x16\x10\xBE\xE9\x4D\xD8\x6B\x15\x40\x5D\x74\xDA\x1B"
+    "\xFF\x2E\x4D\x17\x9D\x35\xF7\x0D\xCF\x66\x38\x0D\x8A\xE4\xDD\x6B"
+    "\xE1\x0F\x1F\xBD\xFD\x4F\x30\x37\x3F\x96\xB4\x92\x54\xD3\x9A\x7A"
+    "\xD1\x5B\x5B\xA9\x54\x16\xE6\x24\xAB\xD4\x23\x39\x7D\xD2\xC7\x09"
+    "\xFA\xD4\x86\x55\x4D\x60\xC2\x87\x67\x6B\xE6"
+};
+
+static void
+test_pac_ticket_signature(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_ticket *ticket;
+    krb5_principal cprinc, sprinc;
+    krb5_authdata **authdata1, **authdata2;
+    krb5_pac pac, pac2, pac3;
+    uint32_t *list;
+    size_t len, i;
+    krb5_data data;
+
+    ret = krb5_decode_ticket(&ticket_data, &ticket);
+    if (ret)
+        err(context, ret, "while decoding ticket");
+
+    ret = krb5_decrypt_tkt_part(context, &ticket_sig_server_key, ticket);
+    if (ret)
+        err(context, ret, "while decrypting ticket");
+
+    ret = krb5_parse_name(context, "administrator@W2022-L7.BASE", &cprinc);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_parse_name(context,
+                          "cifs/w2022-118.w2022-l7.base@W2022-L7.BASE",
+                          &sprinc);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_kdc_verify_ticket(context, ticket->enc_part2, sprinc,
+                                 &ticket_sig_server_key,
+                                 &ticket_sig_krbtgt_key, &pac);
+    if (ret)
+        err(context, ret, "while verifying ticket");
+
+    /* In this test, the server is also the client. */
+    ret = krb5_pac_verify(context, pac, ticket->enc_part2->times.authtime,
+                          cprinc, NULL, NULL);
+    if (ret)
+        err(context, ret, "while verifying PAC client info");
+
+    /* We know there is only a PAC in this test's ticket. */
+    authdata1 = ticket->enc_part2->authorization_data;
+    ticket->enc_part2->authorization_data = NULL;
+
+    ret = krb5_kdc_sign_ticket(context, ticket->enc_part2, pac, sprinc,
+                               cprinc, &ticket_sig_server_key,
+                               &ticket_sig_krbtgt_key, FALSE);
+    if (ret)
+        err(context, ret, "while signing ticket");
+
+    authdata2 = ticket->enc_part2->authorization_data;
+    assert(authdata2 != NULL);
+    assert(authdata2[1] == NULL);
+
+    assert(authdata1[0]->length == authdata2[0]->length);
+    assert(memcmp(authdata1[0]->contents, authdata2[0]->contents,
+                  authdata1[0]->length) == 0);
+
+    /* Test adding signatures to a new PAC. */
+    ret = krb5_pac_init(context, &pac2);
+    if (ret)
+        err(context, ret, "krb5_pac_init");
+
+    ret = krb5_pac_get_types(context, pac, &len, &list);
+    if (ret)
+        err(context, ret, "krb5_pac_get_types");
+
+    for (i = 0; i < len; i++) {
+        /* Skip server_cksum, privsvr_cksum, and ticket_cksum. */
+        if (list[i] == 6 || list[i] == 7 || list[i] == 16)
+            continue;
+
+        ret = krb5_pac_get_buffer(context, pac, list[i], &data);
+        if (ret)
+            err(context, ret, "krb5_pac_get_buffer");
+
+        ret = krb5_pac_add_buffer(context, pac2, list[i], &data);
+        if (ret)
+            err(context, ret, "krb5_pac_add_buffer");
+
+        krb5_free_data_contents(context, &data);
+    }
+    free(list);
+
+    krb5_free_authdata(context, authdata1);
+    krb5_free_authdata(context, ticket->enc_part2->authorization_data);
+    ticket->enc_part2->authorization_data = NULL;
+
+    ret = krb5_kdc_sign_ticket(context, ticket->enc_part2, pac2, sprinc, NULL,
+                               &ticket_sig_server_key, &ticket_sig_krbtgt_key,
+                               FALSE);
+    if (ret)
+        err(context, ret, "while signing ticket");
+
+    /* We can't compare the data since the order of the buffers may differ. */
+    ret = krb5_kdc_verify_ticket(context, ticket->enc_part2, sprinc,
+                                 &ticket_sig_server_key,
+                                 &ticket_sig_krbtgt_key, &pac3);
+    if (ret)
+        err(context, ret, "while verifying ticket");
+
+    krb5_pac_free(context, pac);
+    krb5_pac_free(context, pac2);
+    krb5_pac_free(context, pac3);
+    krb5_free_principal(context, cprinc);
+    krb5_free_principal(context, sprinc);
+    krb5_free_ticket(context, ticket);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_pac pac;
+    krb5_data data;
+    krb5_principal p;
+
+    ret = krb5_init_context(&context);
+    if (ret)
+        err(NULL, 0, "krb5_init_contex");
+
+    test_pac_ticket_signature(context);
+
+    ret = krb5_set_default_realm(context, "WIN2K3.THINKER.LOCAL");
+    if (ret)
+        err(context, ret, "krb5_set_default_realm");
+
+    ret = krb5_parse_name(context, user, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    /* Check a pre-saved PAC. */
+    check_pac(context, -1, saved_pac, sizeof(saved_pac), authtime, p,
+              type_1_length, 0, &member_keyblock, &kdc_keyblock);
+
+    /* Check S4U2Self PACs. */
+    {
+        krb5_principal sp;
+        krb5_principal sep;
+        const struct pac_and_info *pi;
+
+        ret = krb5_parse_name(context, s4u_principal, &sp);
+        if (ret)
+            err(context, ret, "krb5_parse_name");
+
+        ret = krb5_parse_name_flags(context, s4u_enterprise,
+                                    KRB5_PRINCIPAL_PARSE_ENTERPRISE, &sep);
+        if (ret)
+            err(context, ret, "krb5_parse_name_flags");
+
+        for (pi = s4u_pacs; pi->data != NULL; pi++) {
+            check_pac(context, pi - s4u_pacs, pi->data, pi->length,
+                      pi->authtime, pi->is_enterprise ? sep : sp,
+                      s4u_logon_info_buffer_len, pi->is_xrealm,
+                      pi->is_xrealm ? &s4u_tgt_srv_key : &s4u_srv_key, NULL);
+        }
+
+        krb5_free_principal(context, sp);
+        krb5_free_principal(context, sep);
+    }
+
+    /* Check problematic PACs found by fuzzing. */
+    ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac);
+    if (!ret)
+        err(context, ret, "krb5_pac_parse should have failed");
+    ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac);
+    if (!ret)
+        err(context, ret, "krb5_pac_parse should have failed");
+
+    /*
+     * Test empty free
+     */
+
+    ret = krb5_pac_init(context, &pac);
+    if (ret)
+        err(context, ret, "krb5_pac_init");
+    krb5_pac_free(context, pac);
+
+    /*
+     * Test add remove buffer
+     */
+
+    ret = krb5_pac_init(context, &pac);
+    if (ret)
+        err(context, ret, "krb5_pac_init");
+
+    {
+        const krb5_data cdata = { 0, 2, "\x00\x01" } ;
+
+        ret = krb5_pac_add_buffer(context, pac, 1, &cdata);
+        if (ret)
+            err(context, ret, "krb5_pac_add_buffer");
+    }
+    {
+        ret = krb5_pac_get_buffer(context, pac, 1, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_get_buffer");
+        if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
+            err(context, 0, "krb5_pac_get_buffer data not the same");
+        krb5_free_data_contents(context, &data);
+    }
+
+    {
+        const krb5_data cdata = { 0, 2, "\x02\x00" } ;
+
+        ret = krb5_pac_add_buffer(context, pac, 2, &cdata);
+        if (ret)
+            err(context, ret, "krb5_pac_add_buffer");
+    }
+    {
+        ret = krb5_pac_get_buffer(context, pac, 1, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_get_buffer");
+        if (data.length != 2 || memcmp(data.data, "\x00\x01", 2) != 0)
+            err(context, 0, "krb5_pac_get_buffer data not the same");
+        krb5_free_data_contents(context, &data);
+        /* */
+        ret = krb5_pac_get_buffer(context, pac, 2, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_get_buffer");
+        if (data.length != 2 || memcmp(data.data, "\x02\x00", 2) != 0)
+            err(context, 0, "krb5_pac_get_buffer data not the same");
+        krb5_free_data_contents(context, &data);
+    }
+
+    ret = krb5_pac_sign(context, pac, authtime, p,
+                        &member_keyblock, &kdc_keyblock, &data);
+    if (ret)
+        err(context, ret, "krb5_pac_sign");
+
+    krb5_pac_free(context, pac);
+
+    ret = krb5_pac_parse(context, data.data, data.length, &pac);
+    krb5_free_data_contents(context, &data);
+    if (ret)
+        err(context, ret, "krb5_pac_parse 3");
+
+    ret = krb5_pac_verify(context, pac, authtime, p,
+                          &member_keyblock, &kdc_keyblock);
+    if (ret)
+        err(context, ret, "krb5_pac_verify 3");
+
+    {
+        uint32_t *list;
+        size_t len;
+
+        /* our two user buffer plus the three "system" buffers */
+        ret = krb5_pac_get_types(context, pac, &len, &list);
+        if (ret)
+            err(context, ret, "krb5_pac_get_types");
+        if (len != 5)
+            err(context, 0, "list wrong length");
+        free(list);
+    }
+
+    {
+        krb5_principal ep, np;
+
+        ret = krb5_parse_name_flags(context, user,
+                                    KRB5_PRINCIPAL_PARSE_ENTERPRISE, &ep);
+        if (ret)
+            err(context, ret, "krb5_parse_name_flags");
+
+        ret = krb5_copy_principal(context, ep, &np);
+        if (ret)
+            err(context, ret, "krb5_copy_principal");
+        np->type = KRB5_NT_MS_PRINCIPAL;
+
+        /* Try to verify as enterprise. */
+        ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
+                              &kdc_keyblock);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify should have failed");
+
+        ret = krb5_pac_sign(context, pac, authtime, ep, &member_keyblock,
+                            &kdc_keyblock, &data);
+        if (!ret)
+            err(context, ret, "krb5_pac_sign should have failed");
+
+        /* Try to verify with realm. */
+        ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
+                                  &kdc_keyblock, TRUE);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify_ext with realm should fail");
+
+        /* Currently we can't re-sign the PAC with realm (although that could
+         * be useful), only sign a new one. */
+        ret = krb5_pac_sign_ext(context, pac, authtime, p, &member_keyblock,
+                                &kdc_keyblock, TRUE, &data);
+        if (!ret)
+            err(context, ret, "krb5_pac_sign_ext with realm should fail");
+
+        krb5_pac_free(context, pac);
+
+        /* Test enterprise. */
+        ret = krb5_pac_init(context, &pac);
+        if (ret)
+            err(context, ret, "krb5_pac_init");
+
+        ret = krb5_pac_sign(context, pac, authtime, ep, &member_keyblock,
+                            &kdc_keyblock, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_sign enterprise failed");
+
+        krb5_pac_free(context, pac);
+
+        ret = krb5_pac_parse(context, data.data, data.length, &pac);
+        krb5_free_data_contents(context, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_parse failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
+                              &kdc_keyblock);
+        if (ret)
+            err(context, ret, "krb5_pac_verify enterprise failed");
+
+        /* Also verify enterprise as KRB5_NT_MS_PRINCIPAL. */
+        ret = krb5_pac_verify(context, pac, authtime, np, &member_keyblock,
+                              &kdc_keyblock);
+        if (ret)
+            err(context, ret, "krb5_pac_verify enterprise as nt-ms failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
+                              &kdc_keyblock);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify should have failed");
+
+        krb5_pac_free(context, pac);
+
+        /* Test nt-ms-principal. */
+        ret = krb5_pac_init(context, &pac);
+        if (ret)
+            err(context, ret, "krb5_pac_init");
+
+        ret = krb5_pac_sign(context, pac, authtime, np, &member_keyblock,
+                            &kdc_keyblock, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_sign enterprise failed");
+
+        krb5_pac_free(context, pac);
+
+        ret = krb5_pac_parse(context, data.data, data.length, &pac);
+        krb5_free_data_contents(context, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_parse failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, np, &member_keyblock,
+                              &kdc_keyblock);
+        if (ret)
+            err(context, ret, "krb5_pac_verify enterprise failed");
+
+        /* Also verify as enterprise principal. */
+        ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
+                              &kdc_keyblock);
+        if (ret)
+            err(context, ret, "krb5_pac_verify nt-ms as enterprise failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
+                              &kdc_keyblock);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify should have failed");
+
+        krb5_pac_free(context, pac);
+
+        /* Test with realm. */
+        ret = krb5_pac_init(context, &pac);
+        if (ret)
+            err(context, ret, "krb5_pac_init");
+
+        ret = krb5_pac_sign_ext(context, pac, authtime, p, &member_keyblock,
+                                &kdc_keyblock, TRUE, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_sign_ext with realm failed");
+
+        krb5_pac_free(context, pac);
+
+        ret = krb5_pac_parse(context, data.data, data.length, &pac);
+        krb5_free_data_contents(context, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_parse failed");
+
+        ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
+                                  &kdc_keyblock, TRUE);
+        if (ret)
+            err(context, ret, "krb5_pac_verify_ext with realm failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
+                              &kdc_keyblock);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify should have failed");
+
+        krb5_pac_free(context, pac);
+
+        /* Test enterprise with realm. */
+        ret = krb5_pac_init(context, &pac);
+        if (ret)
+            err(context, ret, "krb5_pac_init");
+
+        ret = krb5_pac_sign_ext(context, pac, authtime, ep, &member_keyblock,
+                                &kdc_keyblock, TRUE, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_sign_ext ent with realm failed");
+
+        krb5_pac_free(context, pac);
+
+        ret = krb5_pac_parse(context, data.data, data.length, &pac);
+        krb5_free_data_contents(context, &data);
+        if (ret)
+            err(context, ret, "krb5_pac_parse failed");
+
+        ret = krb5_pac_verify_ext(context, pac, authtime, ep, &member_keyblock,
+                                  &kdc_keyblock, TRUE);
+        if (ret)
+            err(context, ret, "krb5_pac_verify_ext ent with realm failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, p, &member_keyblock,
+                              &kdc_keyblock);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify should have failed");
+
+        ret = krb5_pac_verify(context, pac, authtime, ep, &member_keyblock,
+                              &kdc_keyblock);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify should have failed");
+
+        ret = krb5_pac_verify_ext(context, pac, authtime, p, &member_keyblock,
+                                  &kdc_keyblock, TRUE);
+        if (!ret)
+            err(context, ret, "krb5_pac_verify_ext should have failed");
+
+        krb5_free_principal(context, ep);
+        krb5_free_principal(context, np);
+    }
+
+    krb5_pac_free(context, pac);
+
+    krb5_free_principal(context, p);
+    krb5_free_context(context);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_parse_host_string.c b/krb5-1.21.3/src/lib/krb5/krb/t_parse_host_string.c
new file mode 100644
index 00000000..e9c6f1c0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_parse_host_string.c
@@ -0,0 +1,247 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_parse_host_string.c - k5_parse_host_string() unit tests */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-cmocka.h"
+
+/* Call k5_parse_host_string() and check the result against the expected code,
+ * hostname, and port. */
+static void
+call_k5_parse_host_string(const char *host, int default_port,
+                          krb5_error_code e_code, const char *e_host,
+                          int e_port)
+{
+    krb5_error_code code;
+    char *host_out = NULL;
+    int port_out = -1;
+
+    code = k5_parse_host_string(host, default_port, &host_out, &port_out);
+
+    assert_int_equal(code, e_code);
+
+    /* Only check the port if the function was expected to be successful. */
+    if (!e_code)
+        assert_int_equal(port_out, e_port);
+
+    /* If the expected code is a failure then host_out should be NULL. */
+    if (e_code != 0 || e_host == NULL)
+        assert_null(host_out);
+    else
+        assert_string_equal(e_host, host_out);
+
+    free(host_out);
+}
+
+/* k5_parse_host_string() tests */
+
+static void
+test_named_host_only(void **state)
+{
+    call_k5_parse_host_string("test.example", 50, 0, "test.example", 50);
+}
+
+static void
+test_named_host_w_port(void **state)
+{
+    call_k5_parse_host_string("test.example:75", 0, 0, "test.example", 75);
+}
+
+static void
+test_ipv4_only(void **state)
+{
+    call_k5_parse_host_string("192.168.1.1", 100, 0, "192.168.1.1", 100);
+}
+
+static void
+test_ipv4_w_port(void **state)
+{
+    call_k5_parse_host_string("192.168.1.1:150", 0, 0, "192.168.1.1", 150);
+}
+
+static void
+test_ipv6_only(void **state)
+{
+    call_k5_parse_host_string("[BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE]", 200,
+                              0, "BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE",
+                              200);
+}
+
+static void
+test_ipv6_w_port(void **state)
+{
+    call_k5_parse_host_string("[BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE]:250",
+                              0, 0, "BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE",
+                              250);
+}
+
+static void
+test_ipv6_w_zone(void **state)
+{
+    call_k5_parse_host_string("[BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE%eth0]",
+                              275, 0,
+                              "BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE%eth0",
+                              275);
+}
+
+static void
+test_invalid_ipv6(void **state)
+{
+    call_k5_parse_host_string("BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE", 1,
+                              EINVAL, NULL, 0);
+}
+
+static void
+test_no_host_port(void **state)
+{
+    call_k5_parse_host_string(":300", 0, EINVAL, NULL, 300);
+}
+
+static void
+test_port_only(void **state)
+{
+    call_k5_parse_host_string("350", 0, 0, NULL, 350);
+}
+
+static void
+test_null_host(void **state)
+{
+    call_k5_parse_host_string(NULL, 400, EINVAL, NULL, 400);
+}
+
+static void
+test_empty_host(void **state)
+{
+    call_k5_parse_host_string("", 450, EINVAL, NULL, 450);
+}
+
+static void
+test_port_out_of_range(void **state)
+{
+    call_k5_parse_host_string("70000", 1, EINVAL, NULL, 0);
+}
+
+static void
+test_port_invalid_characters(void **state)
+{
+    call_k5_parse_host_string("test.example:F101", 1, EINVAL, NULL, 0);
+}
+
+static void
+test_invalid_default_port(void **state)
+{
+    call_k5_parse_host_string("test.example", 70000, EINVAL, NULL, 0);
+}
+
+/* k5_is_string_numeric() tests */
+
+static void
+test_numeric_single_digit(void **state)
+{
+    assert_true(k5_is_string_numeric("0"));
+}
+
+static void
+test_numeric_all_digits(void **state)
+{
+    assert_true(k5_is_string_numeric("0123456789"));
+}
+
+static void
+test_numeric_alpha(void **state)
+{
+    assert_false(k5_is_string_numeric("012345F6789"));
+}
+
+static void
+test_numeric_period(void **state)
+{
+    assert_false(k5_is_string_numeric("123.456"));
+}
+
+static void
+test_numeric_negative(void **state)
+{
+    assert_false(k5_is_string_numeric("-123"));
+}
+
+static void
+test_numeric_empty(void **state)
+{
+    assert_false(k5_is_string_numeric(""));
+}
+
+static void
+test_numeric_whitespace(void **state)
+{
+    assert_false(k5_is_string_numeric("123 456"));
+}
+
+int
+main(void)
+{
+    int ret;
+
+    const struct CMUnitTest k5_parse_host_string_tests[] = {
+        cmocka_unit_test(test_named_host_only),
+        cmocka_unit_test(test_named_host_w_port),
+        cmocka_unit_test(test_ipv4_only),
+        cmocka_unit_test(test_ipv4_w_port),
+        cmocka_unit_test(test_ipv6_only),
+        cmocka_unit_test(test_ipv6_w_port),
+        cmocka_unit_test(test_ipv6_w_zone),
+        cmocka_unit_test(test_invalid_ipv6),
+        cmocka_unit_test(test_no_host_port),
+        cmocka_unit_test(test_port_only),
+        cmocka_unit_test(test_null_host),
+        cmocka_unit_test(test_empty_host),
+        cmocka_unit_test(test_port_out_of_range),
+        cmocka_unit_test(test_port_invalid_characters),
+        cmocka_unit_test(test_invalid_default_port)
+    };
+
+    const struct CMUnitTest k5_is_string_numeric_tests[] = {
+        cmocka_unit_test(test_numeric_single_digit),
+        cmocka_unit_test(test_numeric_all_digits),
+        cmocka_unit_test(test_numeric_alpha),
+        cmocka_unit_test(test_numeric_period),
+        cmocka_unit_test(test_numeric_negative),
+        cmocka_unit_test(test_numeric_empty),
+        cmocka_unit_test(test_numeric_whitespace)
+    };
+
+    ret = cmocka_run_group_tests_name("k5_parse_host_string",
+                                      k5_parse_host_string_tests, NULL, NULL);
+    ret += cmocka_run_group_tests_name("k5_is_string_numeric",
+                                       k5_is_string_numeric_tests, NULL, NULL);
+
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_princ.c b/krb5-1.21.3/src/lib/krb5/krb/t_princ.c
new file mode 100644
index 00000000..78ca1789
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_princ.c
@@ -0,0 +1,404 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+/*
+ * Check that a closed cc still keeps it data and that it's no longer
+ * there when it's destroyed.
+ */
+
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+static void err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+    __attribute__((__format__(__printf__, 3, 0)));
+#endif
+
+static void
+err(krb5_context ctx, krb5_error_code code, const char *fmt, ...)
+{
+    va_list ap;
+    char *msg;
+    const char *errmsg = NULL;
+
+    va_start(ap, fmt);
+    if (vasprintf(&msg, fmt, ap) < 0)
+        exit(1);
+    va_end(ap);
+    if (ctx && code)
+        errmsg = krb5_get_error_message(ctx, code);
+    if (errmsg)
+        fprintf(stderr, "t_princ: %s: %s\n", msg, errmsg);
+    else
+        fprintf(stderr, "t_princ: %s\n", msg);
+    exit(1);
+}
+
+static void
+test_princ(krb5_context context)
+{
+    const char *princ = "lha@SU.SE";
+    const char *princ_short = "lha";
+    const char *noquote;
+    krb5_error_code ret;
+    char *princ_unparsed;
+    char *princ_reformed = NULL;
+    const char *realm;
+
+    krb5_principal p, p2;
+
+    ret = krb5_parse_name(context, princ, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_unparse_name(context, p, &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (strcmp(princ, princ_unparsed)) {
+        err(context, 0, "%s != %s", princ, princ_unparsed);
+    }
+
+    free(princ_unparsed);
+
+    ret = krb5_unparse_name_flags(context, p,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (strcmp(princ_short, princ_unparsed))
+        err(context, 0, "%s != %s", princ_short, princ_unparsed);
+    free(princ_unparsed);
+
+    realm = p->realm.data;
+
+    asprintf(&princ_reformed, "%s@%s", princ_short, realm);
+
+    ret = krb5_parse_name(context, princ_reformed, &p2);
+    free(princ_reformed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (!krb5_principal_compare(context, p, p2)) {
+        err(context, 0, "p != p2");
+    }
+
+    krb5_free_principal(context, p2);
+
+    ret = krb5_set_default_realm(context, "SU.SE");
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_unparse_name_flags(context, p,
+                                  KRB5_PRINCIPAL_UNPARSE_SHORT,
+                                  &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (strcmp(princ_short, princ_unparsed))
+        err(context, 0, "'%s' != '%s'", princ_short, princ_unparsed);
+    free(princ_unparsed);
+
+    ret = krb5_parse_name(context, princ_short, &p2);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (!krb5_principal_compare(context, p, p2))
+        err(context, 0, "p != p2");
+    krb5_free_principal(context, p2);
+
+    ret = krb5_unparse_name(context, p, &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (strcmp(princ, princ_unparsed))
+        err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+    free(princ_unparsed);
+
+    ret = krb5_set_default_realm(context, "SAMBA.ORG");
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_parse_name(context, princ_short, &p2);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (krb5_principal_compare(context, p, p2))
+        err(context, 0, "p == p2");
+
+    if (!krb5_principal_compare_any_realm(context, p, p2))
+        err(context, 0, "(ignoring realms) p != p2");
+
+    ret = krb5_unparse_name(context, p2, &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (strcmp(princ, princ_unparsed) == 0)
+        err(context, 0, "%s == %s", princ, princ_unparsed);
+    free(princ_unparsed);
+
+    krb5_free_principal(context, p2);
+
+    ret = krb5_parse_name(context, princ, &p2);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (!krb5_principal_compare(context, p, p2))
+        err(context, 0, "p != p2");
+
+    ret = krb5_unparse_name(context, p2, &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (strcmp(princ, princ_unparsed))
+        err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+    free(princ_unparsed);
+
+    krb5_free_principal(context, p2);
+
+    ret = krb5_unparse_name_flags(context, p,
+                                  KRB5_PRINCIPAL_UNPARSE_SHORT,
+                                  &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name_short");
+
+    if (strcmp(princ, princ_unparsed) != 0)
+        err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+    free(princ_unparsed);
+
+    ret = krb5_unparse_name(context, p, &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name_short");
+
+    if (strcmp(princ, princ_unparsed))
+        err(context, 0, "'%s' != '%s'", princ, princ_unparsed);
+    free(princ_unparsed);
+
+    ret = krb5_parse_name_flags(context, princ,
+                                KRB5_PRINCIPAL_PARSE_NO_REALM,
+                                &p2);
+    if (!ret)
+        err(context, ret, "Should have failed to parse %s a "
+            "short name", princ);
+
+    ret = krb5_parse_name_flags(context, princ_short,
+                                KRB5_PRINCIPAL_PARSE_NO_REALM,
+                                &p2);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_unparse_name_flags(context, p2,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &princ_unparsed);
+    krb5_free_principal(context, p2);
+    if (ret)
+        err(context, ret, "krb5_unparse_name_norealm");
+
+    if (strcmp(princ_short, princ_unparsed))
+        err(context, 0, "'%s' != '%s'", princ_short, princ_unparsed);
+    free(princ_unparsed);
+
+    ret = krb5_parse_name_flags(context, princ_short,
+                                KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
+                                &p2);
+    if (!ret)
+        err(context, ret, "Should have failed to parse %s "
+            "because it lacked a realm", princ_short);
+
+    ret = krb5_parse_name_flags(context, princ,
+                                KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
+                                &p2);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    if (!krb5_principal_compare(context, p, p2))
+        err(context, 0, "p != p2");
+
+    ret = krb5_unparse_name_flags(context, p2,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &princ_unparsed);
+    krb5_free_principal(context, p2);
+    if (ret)
+        err(context, ret, "krb5_unparse_name_norealm");
+
+    if (strcmp(princ_short, princ_unparsed))
+        err(context, 0, "'%s' != '%s'", princ_short, princ_unparsed);
+    free(princ_unparsed);
+
+    krb5_free_principal(context, p);
+
+    /* test quoting */
+
+    princ = "test\\/principal@SU.SE";
+    noquote = "test/principal@SU.SE";
+
+    ret = krb5_parse_name_flags(context, princ, 0, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_unparse_name_flags(context, p, 0, &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name_flags");
+
+    if (strcmp(princ, princ_unparsed))
+        err(context, 0, "q '%s' != '%s'", princ, princ_unparsed);
+    free(princ_unparsed);
+
+    ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+                                  &princ_unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name_flags");
+
+    if (strcmp(noquote, princ_unparsed))
+        err(context, 0, "nq '%s' != '%s'", noquote, princ_unparsed);
+    free(princ_unparsed);
+
+    krb5_free_principal(context, p);
+}
+
+static void
+test_enterprise(krb5_context context)
+{
+    krb5_error_code ret;
+    char *unparsed;
+    krb5_principal p;
+
+    ret = krb5_set_default_realm(context, "SAMBA.ORG");
+    if (ret)
+        err(context, ret, "krb5_parse_name");
+
+    ret = krb5_parse_name_flags(context, "lha@su.se@WIN.SU.SE",
+                                KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name_flags");
+
+    ret = krb5_unparse_name(context, p, &unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name");
+
+    krb5_free_principal(context, p);
+
+    if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
+        err(context, 0, "enterprise name failed 1");
+    free(unparsed);
+
+    /*
+     *
+     */
+
+    ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE",
+                                KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name_flags");
+
+    ret = krb5_unparse_name(context, p, &unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name");
+
+    krb5_free_principal(context, p);
+    if (strcmp(unparsed, "lha\\@su.se\\@WIN.SU.SE@SAMBA.ORG") != 0)
+        err(context, 0, "enterprise name failed 2: %s", unparsed);
+    free(unparsed);
+
+    /*
+     *
+     */
+
+    ret = krb5_parse_name_flags(context, "lha\\@su.se@WIN.SU.SE", 0, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name_flags");
+
+    ret = krb5_unparse_name(context, p, &unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name");
+
+    krb5_free_principal(context, p);
+    if (strcmp(unparsed, "lha\\@su.se@WIN.SU.SE") != 0)
+        err(context, 0, "enterprise name failed 3");
+    free(unparsed);
+
+    /*
+     *
+     */
+
+    ret = krb5_parse_name_flags(context, "lha@su.se",
+                                KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name_flags");
+
+    ret = krb5_unparse_name(context, p, &unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name");
+
+    krb5_free_principal(context, p);
+    if (strcmp(unparsed, "lha\\@su.se@SAMBA.ORG") != 0)
+        err(context, 0, "enterprise name failed 2: %s", unparsed);
+    free(unparsed);
+
+
+    ret = krb5_parse_name_flags(context, "lukeh@ntdev.padl.com",
+                                KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p);
+    if (ret)
+        err(context, ret, "krb5_parse_name_flags");
+
+    ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &unparsed);
+    if (ret)
+        err(context, ret, "krb5_unparse_name");
+
+    krb5_free_principal(context, p);
+    if (strcmp(unparsed, "lukeh@ntdev.padl.com") != 0)
+        err(context, 0, "enterprise name failed 4: %s", unparsed);
+    free(unparsed);
+}
+
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_error_code ret;
+
+    ret = krb5_init_context(&context);
+    if (ret)
+        err(NULL, 0, "krb5_init_context failed: %d", ret);
+
+    test_princ(context);
+
+    test_enterprise(context);
+
+    krb5_free_context(context);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_ref_kerb.out b/krb5-1.21.3/src/lib/krb5/krb/t_ref_kerb.out
new file mode 100644
index 00000000..8daff9ef
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_ref_kerb.out
@@ -0,0 +1,23 @@
+parsed (and unparsed) principal(tytso): 'tytso@ATHENA.MIT.EDU'
+parsed (and unparsed) principal(tytso@SHAZAAM): MATCH
+parsed (and unparsed) principal(tytso/root@VEGGIE.COM): MATCH
+parsed (and unparsed) principal(tytso/tuber/carrot@VEGGIE.COM): MATCH
+parsed (and unparsed) principal(tytso/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t): 'tytso/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t@ATHENA.MIT.EDU'
+parsed (and unparsed) principal(tytso/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t@FOO): MATCH
+parsed (and unparsed) principal(tytso\\0/\0@B\n\t\\GAG): MATCH
+parsed (and unparsed) principal(tytso/\n/\b\t@B\0hacky-test): MATCH
+parsed (and unparsed) principal(\/slash/\@atsign/octa\/thorpe@\/slash\@at\/sign): MATCH
+name_type principal(host/www.krb5.test@KRB5.TEST): 1
+name_type principal(krbtg/KRB5.TEST@KRB5.TEST): 1
+name_type principal(krbtgt/KRB5.TEST@KRB5.TEST): 2
+name_type principal(WELLKNOWN/ANONYMOUS@KRB5.TEST): 11
+425_converted principal(rcmd, e40-po, ATHENA.MIT.EDU): 'host/e40-po.mit.edu@ATHENA.MIT.EDU'
+425_converted principal(rcmd, mit, ATHENA.MIT.EDU): 'host/mit.edu@ATHENA.MIT.EDU'
+425_converted principal(rcmd, lithium, ATHENA.MIT.EDU): 'host/lithium.lcs.mit.edu@ATHENA.MIT.EDU'
+425_converted principal(rcmd, tweedledumb, CYGNUS.COM): 'host/tweedledumb.cygnus.com@CYGNUS.COM'
+425_converted principal(rcmd, uunet, UU.NET): 'host/uunet.uu.net@UU.NET'
+425_converted principal(zephyr, zephyr, ATHENA.MIT.EDU): 'zephyr/zephyr@ATHENA.MIT.EDU'
+425_converted principal(kadmin, ATHENA.MIT.EDU, ATHENA.MIT.EDU): 'kadmin/ATHENA.MIT.EDU@ATHENA.MIT.EDU'
+524_converted_principal(host/e40-po.mit.edu@ATHENA.MIT.EDU): 'rcmd' 'e40-po' 'ATHENA.MIT.EDU'
+524_converted_principal(host/foobar.stanford.edu@stanford.edu): 'rcmd' 'foobar' 'IR.STANFORD.EDU'
+old principal: marc@MIT.EDU, modified principal: marc@CYGNUS.COM
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_response_items.c b/krb5-1.21.3/src/lib/krb5/krb/t_response_items.c
new file mode 100644
index 00000000..0deb9292
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_response_items.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_response_set.c - Test krb5_response_set */
+/*
+ * Copyright 2012 Red Hat, Inc.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of Red Hat not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original Red Hat software.
+ * Red Hat makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+
+#include "int-proto.h"
+
+#define TEST_STR1 "test1"
+#define TEST_STR2 "test2"
+
+static void
+check_pred(int predicate)
+{
+    if (!predicate)
+        abort();
+}
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("t_response_items", code, NULL);
+        abort();
+    }
+}
+
+static int
+nstrcmp(const char *a, const char *b)
+{
+    if (a == NULL && b == NULL)
+        return 0;
+    else if (a == NULL)
+        return -1;
+    else if (b == NULL)
+        return 1;
+
+    return strcmp(a, b);
+}
+
+int
+main()
+{
+    k5_response_items *ri;
+
+    check(k5_response_items_new(&ri));
+    check_pred(k5_response_items_empty(ri));
+
+    check(k5_response_items_ask_question(ri, TEST_STR1, TEST_STR1));
+    check(k5_response_items_ask_question(ri, TEST_STR2, NULL));
+    check_pred(nstrcmp(k5_response_items_get_challenge(ri, TEST_STR1),
+                       TEST_STR1) == 0);
+    check_pred(nstrcmp(k5_response_items_get_challenge(ri, TEST_STR2),
+                       NULL) == 0);
+    check_pred(!k5_response_items_empty(ri));
+
+    k5_response_items_reset(ri);
+    check_pred(k5_response_items_empty(ri));
+    check_pred(k5_response_items_get_challenge(ri, TEST_STR1) == NULL);
+    check_pred(k5_response_items_get_challenge(ri, TEST_STR2) == NULL);
+
+    check(k5_response_items_ask_question(ri, TEST_STR1, TEST_STR1));
+    check_pred(nstrcmp(k5_response_items_get_challenge(ri, TEST_STR1),
+                       TEST_STR1) == 0);
+    check(k5_response_items_set_answer(ri, TEST_STR1, TEST_STR1));
+    check_pred(nstrcmp(k5_response_items_get_answer(ri, TEST_STR1),
+                       TEST_STR1) == 0);
+
+    k5_response_items_free(ri);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_ser.c b/krb5-1.21.3/src/lib/krb5/krb/t_ser.c
new file mode 100644
index 00000000..d6746b74
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_ser.c
@@ -0,0 +1,347 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_ser.c - Test serialization */
+/*
+ * Copyright 1995, 2019 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "auth_con.h"
+
+#include <ctype.h>
+
+static const char stuff[]="You can't take a pointer to a function and convert \
+it to a pointer to char; ANSI doesn't say it'll work, and in fact on the HPPA \
+you can lose some bits of the function pointer, and get a pointer that you \
+can't safely dereference.  This test file used to make this mistake, often.";
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("t_ser", code, NULL);
+        abort();
+    }
+}
+
+static void *
+ealloc(size_t size)
+{
+    void *ptr = calloc(1, size);
+
+    if (ptr == NULL)
+        abort();
+    return ptr;
+}
+
+static void
+ser_context(krb5_context ctx)
+{
+    uint8_t *erep, *erep2, *bp;
+    size_t elen = 0, elen2 = 0, blen;
+    krb5_context ctx2;
+
+    check(k5_size_context(ctx, &elen));
+    erep = ealloc(elen);
+
+    bp = erep;
+    blen = elen;
+    check(k5_externalize_context(ctx, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    bp = erep;
+    blen = elen;
+    check(k5_internalize_context(&ctx2, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    check(k5_size_context(ctx2, &elen2));
+    assert(elen2 == elen);
+    erep2 = ealloc(elen2);
+
+    bp = erep2;
+    blen = elen2;
+    check(k5_externalize_context(ctx2, &bp, &blen));
+    assert(bp == erep2 + elen2 && blen == 0);
+    assert(memcmp(erep, erep2, elen) == 0);
+
+    free(erep);
+    free(erep2);
+    krb5_free_context(ctx2);
+}
+
+static void
+ser_auth_context(krb5_auth_context actx)
+{
+    uint8_t *erep, *erep2, *bp;
+    size_t elen = 0, elen2 = 0, blen;
+    krb5_auth_context actx2;
+
+    check(k5_size_auth_context(actx, &elen));
+    erep = ealloc(elen);
+
+    bp = erep;
+    blen = elen;
+    check(k5_externalize_auth_context(actx, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    bp = erep;
+    blen = elen;
+    check(k5_internalize_auth_context(&actx2, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    check(k5_size_auth_context(actx2, &elen2));
+    assert(elen2 == elen);
+    erep2 = ealloc(elen2);
+
+    bp = erep2;
+    blen = elen2;
+    check(k5_externalize_auth_context(actx2, &bp, &blen));
+    assert(bp == erep2 + elen2 && blen == 0);
+    assert(memcmp(erep, erep2, elen) == 0);
+
+    free(erep);
+    free(erep2);
+    krb5_auth_con_free(NULL, actx2);
+}
+
+static void
+ser_principal(krb5_principal princ)
+{
+    uint8_t *erep, *erep2, *bp;
+    size_t elen = 0, elen2 = 0, blen;
+    krb5_principal princ2;
+
+    check(k5_size_principal(princ, &elen));
+    erep = ealloc(elen);
+
+    bp = erep;
+    blen = elen;
+    check(k5_externalize_principal(princ, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    bp = erep;
+    blen = elen;
+    check(k5_internalize_principal(&princ2, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    check(k5_size_principal(princ2, &elen2));
+    assert(elen2 == elen);
+    erep2 = ealloc(elen2);
+
+    bp = erep2;
+    blen = elen2;
+    check(k5_externalize_principal(princ2, &bp, &blen));
+    assert(bp == erep2 + elen2 && blen == 0);
+    assert(memcmp(erep, erep2, elen) == 0);
+
+    free(erep);
+    free(erep2);
+    krb5_free_principal(NULL, princ2);
+}
+
+static void
+ser_checksum(krb5_checksum *cksum)
+{
+    uint8_t *erep, *erep2, *bp;
+    size_t elen = 0, elen2 = 0, blen;
+    krb5_checksum *cksum2;
+
+    check(k5_size_checksum(cksum, &elen));
+    erep = ealloc(elen);
+
+    bp = erep;
+    blen = elen;
+    check(k5_externalize_checksum(cksum, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    bp = erep;
+    blen = elen;
+    check(k5_internalize_checksum(&cksum2, &bp, &blen));
+    assert(bp == erep + elen && blen == 0);
+
+    check(k5_size_checksum(cksum2, &elen2));
+    assert(elen2 == elen);
+    erep2 = ealloc(elen2);
+
+    bp = erep2;
+    blen = elen2;
+    check(k5_externalize_checksum(cksum2, &bp, &blen));
+    assert(bp == erep2 + elen2 && blen == 0);
+    assert(memcmp(erep, erep2, elen) == 0);
+
+    free(erep);
+    free(erep2);
+    krb5_free_checksum(NULL, cksum2);
+}
+
+static void
+ser_context_test()
+{
+    krb5_context context;
+    profile_t sprofile;
+
+    check(krb5_init_context(&context));
+
+    sprofile = context->profile;
+    context->profile = NULL;
+    ser_context(context);
+
+    context->profile = sprofile;
+    ser_context(context);
+
+    check(krb5_set_default_realm(context, "this.is.a.test"));
+    ser_context(context);
+
+    krb5_free_context(context);
+}
+
+static void
+ser_acontext_test()
+{
+    krb5_auth_context   actx;
+    krb5_address        local_address;
+    krb5_address        remote_address;
+    krb5_octet          laddr_bytes[16];
+    krb5_octet          raddr_bytes[16];
+    krb5_keyblock       ukeyblock;
+    krb5_octet          keydata[8];
+    krb5_authenticator  aent;
+    char                clname[128];
+    krb5_authdata       *adatalist[3];
+    krb5_authdata       adataent;
+
+    check(krb5_auth_con_init(NULL, &actx));
+    ser_auth_context(actx);
+
+    memset(&local_address, 0, sizeof(local_address));
+    memset(&remote_address, 0, sizeof(remote_address));
+    memset(laddr_bytes, 0, sizeof(laddr_bytes));
+    memset(raddr_bytes, 0, sizeof(raddr_bytes));
+    local_address.addrtype = ADDRTYPE_INET;
+    local_address.length = sizeof(laddr_bytes);
+    local_address.contents = laddr_bytes;
+    laddr_bytes[0] = 6;
+    laddr_bytes[1] = 2;
+    laddr_bytes[2] = 69;
+    laddr_bytes[3] = 16;
+    laddr_bytes[4] = 1;
+    laddr_bytes[5] = 0;
+    laddr_bytes[6] = 0;
+    laddr_bytes[7] = 127;
+    remote_address.addrtype = ADDRTYPE_INET;
+    remote_address.length = sizeof(raddr_bytes);
+    remote_address.contents = raddr_bytes;
+    raddr_bytes[0] = 6;
+    raddr_bytes[1] = 2;
+    raddr_bytes[2] = 70;
+    raddr_bytes[3] = 16;
+    raddr_bytes[4] = 1;
+    raddr_bytes[5] = 0;
+    raddr_bytes[6] = 0;
+    raddr_bytes[7] = 127;
+    check(krb5_auth_con_setaddrs(NULL, actx, &local_address, &remote_address));
+    check(krb5_auth_con_setports(NULL, actx, &local_address, &remote_address));
+    ser_auth_context(actx);
+
+    memset(&ukeyblock, 0, sizeof(ukeyblock));
+    memset(keydata, 0, sizeof(keydata));
+    ukeyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128;
+    ukeyblock.length = sizeof(keydata);
+    ukeyblock.contents = keydata;
+    keydata[0] = 0xde;
+    keydata[1] = 0xad;
+    keydata[2] = 0xbe;
+    keydata[3] = 0xef;
+    keydata[4] = 0xfe;
+    keydata[5] = 0xed;
+    keydata[6] = 0xf0;
+    keydata[7] = 0xd;
+    check(krb5_auth_con_setuseruserkey(NULL, actx, &ukeyblock));
+    ser_auth_context(actx);
+
+    check(krb5_auth_con_initivector(NULL, actx));
+    ser_auth_context(actx);
+
+    memset(&aent, 0, sizeof(aent));
+    aent.magic = KV5M_AUTHENTICATOR;
+    snprintf(clname, sizeof(clname),
+             "help/me/%d@this.is.a.test", (int)getpid());
+    actx->authentp = &aent;
+    check(krb5_parse_name(NULL, clname, &aent.client));
+    ser_auth_context(actx);
+
+    adataent.magic = KV5M_AUTHDATA;
+    adataent.ad_type = 123;
+    adataent.length = 128;
+    adataent.contents = (uint8_t *)stuff;
+    adatalist[0] = &adataent;
+    adatalist[1] = &adataent;
+    adatalist[2] = NULL;
+    aent.authorization_data = adatalist;
+    ser_auth_context(actx);
+
+    krb5_free_principal(NULL, aent.client);
+    actx->authentp = NULL;
+    krb5_auth_con_free(NULL, actx);
+}
+
+static void
+ser_princ_test()
+{
+    krb5_principal      princ;
+    char                pname[1024];
+
+    snprintf(pname, sizeof(pname),
+             "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test",
+             (int) getpid());
+    check(krb5_parse_name(NULL, pname, &princ));
+    ser_principal(princ);
+    krb5_free_principal(NULL, princ);
+}
+
+static void
+ser_cksum_test()
+{
+    krb5_checksum       checksum;
+    krb5_octet          ckdata[24];
+
+    memset(&checksum, 0, sizeof(krb5_checksum));
+    checksum.magic = KV5M_CHECKSUM;
+    ser_checksum(&checksum);
+
+    checksum.checksum_type = 123;
+    checksum.length = sizeof(ckdata);
+    checksum.contents = ckdata;
+    memcpy(ckdata, &stuff, sizeof(ckdata));
+    ser_checksum(&checksum);
+}
+
+int
+main(int argc, char **argv)
+{
+    ser_context_test();
+    ser_acontext_test();
+    ser_princ_test();
+    ser_cksum_test();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_sname_match.c b/krb5-1.21.3/src/lib/krb5/krb/t_sname_match.c
new file mode 100644
index 00000000..021b720d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_sname_match.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_sname_match.c - Unit tests for krb5_sname_match() */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+struct test {
+    const char *matchstr;
+    const char *princstr;
+    krb5_boolean result;
+    krb5_boolean ignore_acceptor_hostname;
+    krb5_boolean non_host_nametype;
+} tests[] = {
+    /* If matching is NULL, the result is true for any princ. */
+    { NULL, "a/b@R", TRUE },
+
+    /* If matching does not have two components or does not have name type
+     * KRB5_NT_SRV_HOST, the result is a direct comparison. */
+    { "a@R", "a@R", TRUE },
+    { "a@R", "b@R", FALSE },
+    { "a/@R", "a/@R", TRUE, FALSE, TRUE },
+    { "a/@R", "a/b@R", FALSE, FALSE, TRUE },
+    { "a/b@", "a/b@", TRUE, FALSE, TRUE },
+    { "a/b@", "a/b@R", FALSE, FALSE, TRUE },
+    { "a/b/@R", "a/b/@R", TRUE },
+    { "a/b/@R", "a/b/c@R", FALSE },
+
+    /* The number of components must match. */
+    { "a/b@R", "a@R", FALSE },
+    { "a/b@R", "a/b/@R", FALSE },
+    { "a/b@R", "a/b/c@R", FALSE },
+
+    /* If matching's realm is empty, any realm in princ is permitted. */
+    { "a/b@", "a/b@", TRUE },
+    { "a/b@", "a/b@R", TRUE },
+    { "a/b@R", "a/b@R", TRUE },
+    { "a/b@R", "a/b@S", FALSE },
+
+    /* matching's first component must match princ's (even if empty). */
+    { "/b@R", "/b@R", TRUE },
+    { "/b@R", "a/b@R", FALSE },
+
+    /* If matching's second component is empty, any second component in princ
+     * is permitted. */
+    { "a/@R", "a/@R", TRUE },
+    { "a/@R", "a/b@R", TRUE },
+
+    /* If ignore_acceptor_hostname is set, any second component in princ is
+     * permitted, even if there is a different second component in matching. */
+    { "a/b@R", "a/c@R", TRUE, TRUE },
+    { "a/b@R", "c/b@R", FALSE, TRUE },
+};
+
+int
+main()
+{
+    size_t i;
+    struct test *t;
+    krb5_principal matching, princ;
+    krb5_context ctx;
+
+    if (krb5_init_context(&ctx) != 0)
+        abort();
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        t = &tests[i];
+
+        if (t->matchstr != NULL) {
+            if (krb5_parse_name(ctx, t->matchstr, &matching) != 0)
+                abort();
+            if (t->non_host_nametype)
+                matching->type = KRB5_NT_PRINCIPAL;
+            else
+                matching->type = KRB5_NT_SRV_HST;
+        } else {
+            matching = NULL;
+        }
+        if (krb5_parse_name(ctx, t->princstr, &princ) != 0)
+            abort();
+
+        ctx->ignore_acceptor_hostname = t->ignore_acceptor_hostname;
+        if (krb5_sname_match(ctx, matching, princ) != t->result)
+            abort();
+
+        krb5_free_principal(ctx, matching);
+        krb5_free_principal(ctx, princ);
+    }
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_valid_times.c b/krb5-1.21.3/src/lib/krb5/krb/t_valid_times.c
new file mode 100644
index 00000000..e4b5f1bc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_valid_times.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_valid_times.c - test program for krb5int_validate_times() */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+#define BOUNDARY (uint32_t)INT32_MIN
+
+int
+main()
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_ticket_times times = { 0, 0, 0, 0 };
+
+    ret = krb5_init_context(&context);
+    assert(!ret);
+
+    /* Current time is within authtime and end time. */
+    ret = krb5_set_debugging_time(context, 1000, 0);
+    times.authtime = 500;
+    times.endtime = 1500;
+    ret = krb5int_validate_times(context, &times);
+    assert(!ret);
+
+    /* Current time is before starttime, but within clock skew. */
+    times.starttime = 1100;
+    ret = krb5int_validate_times(context, &times);
+    assert(!ret);
+
+    /* Current time is before starttime by more than clock skew. */
+    times.starttime = 1400;
+    ret = krb5int_validate_times(context, &times);
+    assert(ret == KRB5KRB_AP_ERR_TKT_NYV);
+
+    /* Current time is after end time, but within clock skew. */
+    times.starttime = 500;
+    times.endtime = 800;
+    ret = krb5int_validate_times(context, &times);
+    assert(!ret);
+
+    /* Current time is after end time by more than clock skew. */
+    times.endtime = 600;
+    ret = krb5int_validate_times(context, &times);
+    assert(ret == KRB5KRB_AP_ERR_TKT_EXPIRED);
+
+    /* Current time is within starttime and endtime; current time and
+     * endtime are across y2038 boundary. */
+    ret = krb5_set_debugging_time(context, BOUNDARY - 100, 0);
+    assert(!ret);
+    times.starttime = BOUNDARY - 200;
+    times.endtime = BOUNDARY + 500;
+    ret = krb5int_validate_times(context, &times);
+    assert(!ret);
+
+    /* Current time is before starttime, but by less than clock skew. */
+    times.starttime = BOUNDARY + 100;
+    ret = krb5int_validate_times(context, &times);
+    assert(!ret);
+
+    /* Current time is before starttime by more than clock skew. */
+    times.starttime = BOUNDARY + 250;
+    ret = krb5int_validate_times(context, &times);
+    assert(ret == KRB5KRB_AP_ERR_TKT_NYV);
+
+    /* Current time is after endtime, but by less than clock skew. */
+    ret = krb5_set_debugging_time(context, BOUNDARY + 100, 0);
+    assert(!ret);
+    times.starttime = BOUNDARY - 1000;
+    times.endtime = BOUNDARY - 100;
+    ret = krb5int_validate_times(context, &times);
+    assert(!ret);
+
+    /* Current time is after endtime by more than clock skew. */
+    times.endtime = BOUNDARY - 300;
+    ret = krb5int_validate_times(context, &times);
+    assert(ret == KRB5KRB_AP_ERR_TKT_EXPIRED);
+
+    krb5_free_context(context);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_vfy_increds.c b/krb5-1.21.3/src/lib/krb5/krb/t_vfy_increds.c
new file mode 100644
index 00000000..00a6b034
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_vfy_increds.c
@@ -0,0 +1,84 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/t_vfy_increds.c - test program for krb5_verify_init_creds */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This program is intended to be run from t_vfy_increds.py.  It retrieves the
+ * first non-config credential from the default ccache and verifies it against
+ * the default keytab, exiting with status 0 on successful verification and 1
+ * on unsuccessful verification.
+ */
+
+#include "k5-int.h"
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("t_vfy_increds", code, NULL);
+        abort();
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_ccache ccache;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_principal princ = NULL;
+    krb5_verify_init_creds_opt opt;
+
+    check(krb5_init_context(&context));
+
+    krb5_verify_init_creds_opt_init(&opt);
+    argv++;
+    if (*argv != NULL && strcmp(*argv, "-n") == 0) {
+        argv++;
+        krb5_verify_init_creds_opt_set_ap_req_nofail(&opt, TRUE);
+    }
+    if (*argv != NULL)
+        check(krb5_parse_name(context, *argv, &princ));
+
+    /* Fetch the first non-config credential from the default ccache. */
+    check(krb5_cc_default(context, &ccache));
+    check(krb5_cc_start_seq_get(context, ccache, &cursor));
+    for (;;) {
+        check(krb5_cc_next_cred(context, ccache, &cursor, &creds));
+        if (!krb5_is_config_principal(context, creds.server))
+            break;
+        krb5_free_cred_contents(context, &creds);
+    }
+    check(krb5_cc_end_seq_get(context, ccache, &cursor));
+    check(krb5_cc_close(context, ccache));
+
+    ret = krb5_verify_init_creds(context, &creds, princ, NULL, NULL, &opt);
+    krb5_free_cred_contents(context, &creds);
+    krb5_free_principal(context, princ);
+    krb5_free_context(context);
+    return ret ? 1 : 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_vfy_increds.py b/krb5-1.21.3/src/lib/krb5/krb/t_vfy_increds.py
new file mode 100755
index 00000000..ae422a9c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_vfy_increds.py
@@ -0,0 +1,107 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+realm = K5Realm()
+
+# Verify the default test realm credentials with the default keytab.
+mark('default keytab')
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'])
+
+# Verify after updating the keytab (so the keytab contains an outdated
+# version 1 key followed by an up-to-date version 2 key).
+mark('updated keytab')
+realm.run([kadminl, 'ktadd', realm.host_princ])
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'])
+
+# Bump the host key without updating the keytab and make sure that
+# verification fails as we expect it to.
+mark('outdated keytab')
+realm.run([kadminl, 'change_password', '-randkey', realm.host_princ])
+realm.run(['./t_vfy_increds'], expected_code=1)
+realm.run(['./t_vfy_increds', '-n'], expected_code=1)
+
+# Simulate a system where the hostname has changed and the keytab
+# contains host service principals with a hostname that no longer
+# matches.  Verify after updating the keytab with a host service
+# principal that has hostname that doesn't match the host running the
+# test.  Verify should succeed, with or without nofail.
+mark('hostname mismatch')
+realm.run([kadminl, 'addprinc', '-randkey', 'host/wrong.hostname'])
+realm.run([kadminl, 'ktadd', 'host/wrong.hostname'])
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'])
+
+# Remove the keytab and verify again.  This should succeed if nofail
+# is not set, and fail if it is set.
+mark('no keytab')
+os.remove(realm.keytab)
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'], expected_code=1)
+
+# Create an empty keytab file and verify again.  This simulates a
+# system where an admin ran "touch krb5.keytab" to work around a
+# Solaris Kerberos bug where krb5_kt_default() fails if the keytab
+# file doesn't exist.  Verification should succeed in nofail is not
+# set.  (An empty keytab file appears as corrupt to keytab calls,
+# causing a KRB5_KEYTAB_BADVNO error, so any tightening of the
+# krb5_verify_init_creds semantics needs to take this into account.)
+mark('empty keytab')
+open(realm.keytab, 'w').close()
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'], expected_code=1)
+os.remove(realm.keytab)
+
+# Add an NFS service principal to keytab.  Verify should ignore it by
+# default (succeeding unless nofail is set), but should verify with it
+# when it is specifically requested.
+mark('keytab with NFS principal')
+realm.run([kadminl, 'addprinc', '-randkey', realm.nfs_princ])
+realm.run([kadminl, 'ktadd', realm.nfs_princ])
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'], expected_code=1)
+realm.run(['./t_vfy_increds', realm.nfs_princ])
+realm.run(['./t_vfy_increds', '-n', realm.nfs_princ])
+
+# Invalidating the NFS keys in the keytab.  We should get the same
+# results with the default principal argument, but verification should
+# now fail if we request it specifically.
+mark('keytab with outdated NFS principal')
+realm.run([kadminl, 'change_password', '-randkey', realm.nfs_princ])
+realm.run(['./t_vfy_increds'])
+realm.run(['./t_vfy_increds', '-n'], expected_code=1)
+realm.run(['./t_vfy_increds', realm.nfs_princ], expected_code=1)
+realm.run(['./t_vfy_increds', '-n', realm.nfs_princ], expected_code=1)
+
+# Spot-check that verify_ap_req_nofail works equivalently to the
+# programmatic nofail option.
+mark('verify_ap_req_nofail')
+realm.stop()
+conf = {'libdefaults': {'verify_ap_req_nofail': 'true'}}
+realm = K5Realm(krb5_conf=conf)
+os.remove(realm.keytab)
+realm.run(['./t_vfy_increds'], expected_code=1)
+
+success('krb5_verify_init_creds tests')
diff --git a/krb5-1.21.3/src/lib/krb5/krb/t_walk_rtree.c b/krb5-1.21.3/src/lib/krb5/krb/t_walk_rtree.c
new file mode 100644
index 00000000..09e71af0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/t_walk_rtree.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * t_walk_rtree.c --- test krb5_walk_realm_tree
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+#include "com_err.h"
+
+int
+main(int argc, char **argv)
+{
+    krb5_data client, server;
+    char    realm_branch_char = '.';
+    krb5_principal *tree, *p;
+    char *name;
+    krb5_error_code retval;
+    krb5_context context;
+
+    krb5_init_context(&context);
+
+    if (argc < 3 || argc > 4) {
+        fprintf(stderr,
+                "Usage: %s client-realm server-realm [sep_char]\n",
+                argv[0]);
+        exit(99);
+    }
+    client.data = argv[1];
+    client.length = strlen(client.data);
+
+    server.data = argv[2];
+    server.length = strlen(server.data);
+
+    if (argc == 4)
+        realm_branch_char = argv[3][0];
+
+    retval = krb5_walk_realm_tree(context, &client, &server, &tree,
+                                  realm_branch_char);
+    if (retval) {
+        com_err("krb5_walk_realm_tree", retval, " ");
+        exit(1);
+    }
+
+    for (p = tree; *p; p++) {
+        retval = krb5_unparse_name(context, *p, &name);
+        if (retval) {
+            com_err("krb5_unprase_name", retval, " ");
+            exit(2);
+        }
+        printf("%s\n", name);
+        free(name);
+    }
+
+    krb5_free_realm_tree(context, tree);
+    krb5_free_context(context);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/tgtname.c b/krb5-1.21.3/src/lib/krb5/krb/tgtname.c
new file mode 100644
index 00000000..6fc2fae9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/tgtname.c
@@ -0,0 +1,37 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/tgtname.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+krb5_error_code
+krb5int_tgtname(krb5_context context, const krb5_data *server, const krb5_data *client, krb5_principal *tgtprinc)
+{
+    return krb5_build_principal_ext(context, tgtprinc,
+                                    client->length, client->data,
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    server->length, server->data, 0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/transit-tests b/krb5-1.21.3/src/lib/krb5/krb/transit-tests
new file mode 100755
index 00000000..dc5fab68
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/transit-tests
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. ./runenv.sh
+
+# Test the chk_trans.c code.
+# BUG: Currently only tests expansion, not validation.
+
+trap "echo Failed. ; exit 1" 0
+
+check='echo Running test "($1) ($2) ($3)" ... ; ./t_expand -x >tmpout1 "$@" || exit 1 ; grep -v : <tmpout1 >tmpout2 && sort <tmpout2 >tmpout1 && echo Got: `cat tmpout1` && (for i in $expected ; do echo $i ; done) | sort > tmpout2 && echo Exp: `cat tmpout2` && echo "" && cmp >/dev/null 2>&1 tmpout1 tmpout2 || exit 1'
+checkerror='echo Running test "($1) ($2) ($3)", expecting error ... ; if ./t_expand -x >tmpout1 "$@" ; then echo Error was expected, but not reported. ; exit 1; else echo Expected error found. ; echo ""; fi'
+
+#
+# Note: Expected realm expansion order is not important; program output
+# and expected values will each be sorted before comparison.
+#
+
+set ATHENA.MIT.EDU HACK.FOOBAR.COM ,EDU,BLORT.COM,COM,
+expected="MIT.EDU EDU BLORT.COM COM FOOBAR.COM"
+eval $check
+
+set ATHENA.MIT.EDU EDU ,
+expected="MIT.EDU"
+eval $check
+
+set EDU ATHENA.MIT.EDU ,
+expected="MIT.EDU"
+eval $check
+
+set x x "/COM,/HP,/APOLLO, /COM/DEC"
+expected="/COM /COM/HP /COM/HP/APOLLO /COM/DEC"
+eval $check
+
+set x x EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.
+expected="EDU MIT.EDU ATHENA.MIT.EDU WASHINGTON.EDU CS.WASHINGTON.EDU"
+eval $check
+
+set ATHENA.MIT.EDU /COM/HP/APOLLO ,EDU,/COM,
+eval $checkerror
+
+set ATHENA.MIT.EDU /COM/HP/APOLLO ",EDU, /COM,"
+expected="EDU MIT.EDU /COM /COM/HP"
+eval $check
+
+set ATHENA.MIT.EDU CS.CMU.EDU ,EDU,
+expected="EDU MIT.EDU CMU.EDU"
+eval $check
+
+set XYZZY.ATHENA.MIT.EDU XYZZY.CS.CMU.EDU ,EDU,
+expected="EDU MIT.EDU ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU"
+eval $check
+
+rm tmpout1 tmpout2
+trap "" 0
+echo Success.
+exit 0
diff --git a/krb5-1.21.3/src/lib/krb5/krb/unparse.c b/krb5-1.21.3/src/lib/krb5/krb/unparse.c
new file mode 100644
index 00000000..76b1894a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/unparse.c
@@ -0,0 +1,251 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/unparse.c */
+/*
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5_unparse_name() routine
+ *
+ * Rewritten by Theodore Ts'o to properly unparse principal names
+ * which have the component or realm separator as part of one of their
+ * components.
+ */
+
+
+#include "k5-int.h"
+#include <stdio.h>
+
+/*
+ * converts the multi-part principal format used in the protocols to a
+ * single-string representation of the name.
+ *
+ * The name returned is in allocated storage and should be freed by
+ * the caller when finished.
+ *
+ * Conventions: / is used to separate components; @ is used to
+ * separate the realm from the rest of the name.  If '/', '@', or '\0'
+ * appear in any the component, they will be representing using
+ * backslash encoding.  ("\/", "\@", or '\0', respectively)
+ *
+ * returns error
+ *      KRB_PARSE_MALFORMED     principal is invalid (does not contain
+ *                              at least 2 components)
+ * also returns system errors
+ *      ENOMEM                  unable to allocate memory for string
+ */
+
+#define REALM_SEP       '@'
+#define COMPONENT_SEP   '/'
+
+static int
+component_length_quoted(const krb5_data *src, int flags)
+{
+    const char *cp = src->data;
+    int length = src->length;
+    int j;
+    int size = length;
+
+    if ((flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) == 0) {
+        int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) &&
+            !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT);
+
+        for (j = 0; j < length; j++,cp++)
+            if ((!no_realm && *cp == REALM_SEP) ||
+                *cp == COMPONENT_SEP ||
+                *cp == '\0' || *cp == '\\' || *cp == '\t' ||
+                *cp == '\n' || *cp == '\b')
+                size++;
+    }
+
+    return size;
+}
+
+static int
+copy_component_quoting(char *dest, const krb5_data *src, int flags)
+{
+    int j;
+    const char *cp = src->data;
+    char *q = dest;
+    int length = src->length;
+
+    if (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) {
+        if (src->length > 0)
+            memcpy(dest, src->data, src->length);
+        return src->length;
+    }
+
+    for (j=0; j < length; j++,cp++) {
+        int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) &&
+            !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT);
+
+        switch (*cp) {
+        case REALM_SEP:
+            if (no_realm) {
+                *q++ = *cp;
+                break;
+            }
+        case COMPONENT_SEP:
+        case '\\':
+            *q++ = '\\';
+            *q++ = *cp;
+            break;
+        case '\t':
+            *q++ = '\\';
+            *q++ = 't';
+            break;
+        case '\n':
+            *q++ = '\\';
+            *q++ = 'n';
+            break;
+        case '\b':
+            *q++ = '\\';
+            *q++ = 'b';
+            break;
+        case '\0':
+            *q++ = '\\';
+            *q++ = '0';
+            break;
+        default:
+            *q++ = *cp;
+        }
+    }
+    return q - dest;
+}
+
+static krb5_error_code
+k5_unparse_name(krb5_context context, krb5_const_principal principal,
+                int flags, char **name, unsigned int *size)
+{
+    char *q;
+    krb5_int32 i;
+    unsigned int totalsize = 0;
+    char *default_realm = NULL;
+    krb5_error_code ret = 0;
+
+    if (!principal || !name)
+        return KRB5_PARSE_MALFORMED;
+
+    if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) {
+        /* omit realm if local realm */
+        krb5_principal_data p;
+
+        ret = krb5_get_default_realm(context, &default_realm);
+        if (ret != 0)
+            goto cleanup;
+
+        p.realm = string2data(default_realm);
+
+        if (krb5_realm_compare(context, &p, principal))
+            flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
+    }
+
+    if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) {
+        totalsize += component_length_quoted(&principal->realm, flags);
+        totalsize++;            /* This is for the separator */
+    }
+
+    for (i = 0; i < principal->length; i++) {
+        totalsize += component_length_quoted(&principal->data[i], flags);
+        totalsize++;    /* This is for the separator */
+    }
+    if (principal->length == 0)
+        totalsize++;
+
+    /*
+     * Allocate space for the ascii string; if space has been
+     * provided, use it, realloc'ing it if necessary.
+     *
+     * We need only n-1 separators for n components, but we need
+     * an extra byte for the NUL at the end.
+     */
+    if (size) {
+        if (*name && (*size < totalsize)) {
+            *name = realloc(*name, totalsize);
+        } else {
+            *name = malloc(totalsize);
+        }
+        *size = totalsize;
+    } else {
+        *name = malloc(totalsize);
+    }
+
+    if (!*name) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    q = *name;
+
+    for (i = 0; i < principal->length; i++) {
+        q += copy_component_quoting(q, &principal->data[i], flags);
+        *q++ = COMPONENT_SEP;
+    }
+
+    if (i > 0)
+        q--;                /* Back up last component separator */
+    if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) {
+        *q++ = REALM_SEP;
+        q += copy_component_quoting(q, &principal->realm, flags);
+    }
+    *q++ = '\0';
+
+cleanup:
+    if (default_realm != NULL)
+        krb5_free_default_realm(context, default_realm);
+
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name(krb5_context context, krb5_const_principal principal,
+                  char **name)
+{
+    if (name != NULL)                      /* name == NULL will return error from _ext */
+        *name = NULL;
+
+    return k5_unparse_name(context, principal, 0, name, NULL);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal,
+                      char **name, unsigned int *size)
+{
+    return k5_unparse_name(context, principal, 0, name, size);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
+                        int flags, char **name)
+{
+    if (name != NULL)
+        *name = NULL;
+    return k5_unparse_name(context, principal, flags, name, NULL);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal,
+                            int flags, char **name, unsigned int *size)
+{
+    return k5_unparse_name(context, principal, flags, name, size);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/val_renew.c b/krb5-1.21.3/src/lib/krb5/krb/val_renew.c
new file mode 100644
index 00000000..8550674a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/val_renew.c
@@ -0,0 +1,197 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/val_renew.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Implements the following APIs:
+ *
+ *   krb5_get_credentials_validate
+ *   krb5_get_credentials_renew
+ *   krb5_get_validated_creds
+ *   krb5_get_renewed_creds
+ *
+ * The first two are old but not formally deprecated; the latter two are newer.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * Get a validated or renewed credential matching in_creds, by retrieving a
+ * matching credential from ccache and renewing or validating it with the
+ * credential's realm's KDC.  kdcopt specifies whether to validate or renew.
+ * The result is placed in *out_creds.
+ */
+static krb5_error_code
+get_new_creds(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
+              krb5_flags kdcopt, krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_creds old_creds, *new_creds = NULL;
+
+    *out_creds = NULL;
+
+    /* Retrieve an existing cached credential matching in_creds. */
+    code = krb5_cc_retrieve_cred(context, ccache, KRB5_TC_SUPPORTED_KTYPES,
+                                 in_creds, &old_creds);
+    if (code != 0)
+        return code;
+
+    /* Use KDC options from old credential as well as requested options. */
+    kdcopt |= (old_creds.ticket_flags & KDC_TKT_COMMON_MASK);
+
+    /* Use the old credential to get a new credential from the KDC. */
+    code = krb5_get_cred_via_tkt(context, &old_creds, kdcopt,
+                                 old_creds.addresses, in_creds, &new_creds);
+    krb5_free_cred_contents(context, &old_creds);
+    if (code != 0)
+        return code;
+
+    *out_creds = new_creds;
+    return code;
+}
+
+/*
+ * Core of the older pair of APIs: get a validated or renewed credential
+ * matching in_creds and reinitialize ccache so that it contains only the new
+ * credential.
+ */
+static krb5_error_code
+gc_valrenew(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds,
+            krb5_flags kdcopt, krb5_creds **out_creds)
+{
+    krb5_error_code code;
+    krb5_creds *new_creds = NULL;
+    krb5_principal default_princ = NULL;
+
+    /* Get the validated or renewed credential. */
+    code = get_new_creds(context, ccache, in_creds, kdcopt, &new_creds);
+    if (code != 0)
+        goto cleanup;
+
+    /* Reinitialize the cache without changing its default principal. */
+    code = krb5_cc_get_principal(context, ccache, &default_princ);
+    if (code != 0)
+        goto cleanup;
+    code = krb5_cc_initialize(context, ccache, default_princ);
+    if (code != 0)
+        goto cleanup;
+
+    /* Store the validated or renewed cred in the now-empty cache. */
+    code = krb5_cc_store_cred(context, ccache, new_creds);
+    if (code != 0)
+        goto cleanup;
+
+    *out_creds = new_creds;
+    new_creds = NULL;
+
+cleanup:
+    krb5_free_principal(context, default_princ);
+    krb5_free_creds(context, new_creds);
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_validate(krb5_context context, krb5_flags options,
+                              krb5_ccache ccache, krb5_creds *in_creds,
+                              krb5_creds **out_creds)
+{
+    return gc_valrenew(context, ccache, in_creds, KDC_OPT_VALIDATE, out_creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_credentials_renew(krb5_context context, krb5_flags options,
+                           krb5_ccache ccache, krb5_creds *in_creds,
+                           krb5_creds **out_creds)
+{
+    return gc_valrenew(context, ccache, in_creds, KDC_OPT_RENEW, out_creds);
+}
+
+/*
+ * Core of the newer pair of APIs: get new credentials for in_tkt_service
+ * (defaults to the TGT of the client's realm) and store them into *out_creds.
+ */
+static krb5_error_code
+get_valrenewed_creds(krb5_context context, krb5_creds *out_creds,
+                     krb5_principal client, krb5_ccache ccache,
+                     const char *in_tkt_service, int kdcopt)
+{
+    krb5_error_code code;
+    krb5_creds in_creds, *new_creds;
+    krb5_principal server = NULL;
+
+    if (in_tkt_service != NULL) {
+        /* Parse in_tkt_service, but use the client's realm. */
+        code = krb5_parse_name(context, in_tkt_service, &server);
+        if (code != 0)
+            goto cleanup;
+        krb5_free_data_contents(context, &server->realm);
+        code = krb5int_copy_data_contents(context, &client->realm,
+                                          &server->realm);
+        if (code != 0)
+            goto cleanup;
+    } else {
+        /* Use the TGT name for the client's realm. */
+        code = krb5int_tgtname(context, &client->realm, &client->realm,
+                               &server);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    memset(&in_creds, 0, sizeof(krb5_creds));
+    in_creds.client = client;
+    in_creds.server = server;
+
+    /* Get the validated or renewed credential from the KDC. */
+    code = get_new_creds(context, ccache, &in_creds, kdcopt, &new_creds);
+    if (code != 0)
+        goto cleanup;
+
+    /* Fill in *out_creds and free the unwanted new_creds container. */
+    *out_creds = *new_creds;
+    free(new_creds);
+
+cleanup:
+    krb5_free_principal(context, server);
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_validated_creds(krb5_context context, krb5_creds *creds,
+                         krb5_principal client, krb5_ccache ccache,
+                         const char *in_tkt_service)
+{
+    return get_valrenewed_creds(context, creds, client, ccache,
+                                in_tkt_service, KDC_OPT_VALIDATE);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_renewed_creds(krb5_context context, krb5_creds *creds,
+                       krb5_principal client, krb5_ccache ccache,
+                       const char *in_tkt_service)
+{
+    return get_valrenewed_creds(context, creds, client, ccache,
+                                in_tkt_service, KDC_OPT_RENEW);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/valid_times.c b/krb5-1.21.3/src/lib/krb5/krb/valid_times.c
new file mode 100644
index 00000000..294761a8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/valid_times.c
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/valid_times.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * This is an internal routine which validates the krb5_timestamps
+ * field in a krb5_ticket.
+ */
+
+krb5_error_code
+krb5int_validate_times(krb5_context context, krb5_ticket_times *times)
+{
+    krb5_timestamp          currenttime, starttime;
+    krb5_error_code         retval;
+
+    if ((retval = krb5_timeofday(context, &currenttime)))
+        return retval;
+
+    /* if starttime is not in ticket, then treat it as authtime */
+    if (times->starttime != 0)
+        starttime = times->starttime;
+    else
+        starttime = times->authtime;
+
+    if (ts_after(starttime, ts_incr(currenttime, context->clockskew)))
+        return KRB5KRB_AP_ERR_TKT_NYV;  /* ticket not yet valid */
+
+    if (ts_after(currenttime, ts_incr(times->endtime, context->clockskew)))
+        return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c b/krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c
new file mode 100644
index 00000000..b4878ba3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c
@@ -0,0 +1,321 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/vfy_increds.c - Verify initial credentials with keytab */
+/*
+ * Copyright (C) 1998, 2011, 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/* Return true if configuration demands that a keytab be present.  (By default
+ * verification will be skipped if no keytab exists.) */
+static krb5_boolean
+nofail(krb5_context context, krb5_verify_init_creds_opt *options,
+       krb5_creds *creds)
+{
+    int val;
+
+    if (options &&
+        (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL))
+        return (options->ap_req_nofail != 0);
+    if (krb5int_libdefault_boolean(context, &creds->client->realm,
+                                   KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
+                                   &val) == 0)
+        return (val != 0);
+    return FALSE;
+}
+
+static krb5_error_code
+copy_creds_except(krb5_context context, krb5_ccache incc,
+                  krb5_ccache outcc, krb5_principal princ)
+{
+    krb5_error_code ret, ret2;
+    krb5_cc_cursor cur = NULL;
+    krb5_creds creds;
+
+    ret = krb5_cc_start_seq_get(context, incc, &cur);
+    if (ret)
+        return ret;
+
+    while (!(ret = krb5_cc_next_cred(context, incc, &cur, &creds))) {
+        if (!krb5_principal_compare(context, princ, creds.server))
+            ret = krb5_cc_store_cred(context, outcc, &creds);
+        krb5_free_cred_contents(context, &creds);
+        if (ret)
+            break;
+    }
+
+    ret2 = krb5_cc_end_seq_get(context, incc, &cur);
+    return (ret == KRB5_CC_END) ? ret2 : ret;
+}
+
+static krb5_error_code
+get_vfy_cred(krb5_context context, krb5_creds *creds, krb5_principal server,
+             krb5_keytab keytab, krb5_ccache *ccache_arg)
+{
+    krb5_error_code ret;
+    krb5_ccache ccache = NULL, retcc = NULL;
+    krb5_creds in_creds, *out_creds = NULL;
+    krb5_auth_context authcon = NULL;
+    krb5_data ap_req = empty_data();
+
+    /* If the creds are for the server principal, we're set, just do a mk_req.
+     * Otherwise, do a get_credentials first. */
+    if (krb5_principal_compare(context, server, creds->server)) {
+        /* Make an ap-req. */
+        ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds, &ap_req);
+        if (ret)
+            goto cleanup;
+    } else {
+        /*
+         * This is unclean, but it's the easiest way without ripping the
+         * library into very small pieces.  store the client's initial cred
+         * in a memory ccache, then call the library.  Later, we'll copy
+         * everything except the initial cred into the ccache we return to
+         * the user.  A clean implementation would involve library
+         * internals with a coherent idea of "in" and "out".
+         */
+
+        /* Insert the initial cred into the ccache. */
+        ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache);
+        if (ret)
+            goto cleanup;
+        ret = krb5_cc_initialize(context, ccache, creds->client);
+        if (ret)
+            goto cleanup;
+        ret = krb5_cc_store_cred(context, ccache, creds);
+        if (ret)
+            goto cleanup;
+
+        /* Get credentials with get_creds. */
+        memset(&in_creds, 0, sizeof(in_creds));
+        in_creds.client = creds->client;
+        in_creds.server = server;
+        ret = krb5_timeofday(context, &in_creds.times.endtime);
+        if (ret)
+            goto cleanup;
+        in_creds.times.endtime = ts_incr(in_creds.times.endtime, 5 * 60);
+        ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds);
+        if (ret)
+            goto cleanup;
+
+        /* Make an ap-req. */
+        ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds,
+                                   &ap_req);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Wipe the auth context created by mk_req. */
+    if (authcon) {
+        krb5_auth_con_free(context, authcon);
+        authcon = NULL;
+    }
+
+    /* Build an auth context that won't bother with replay checks -- it's
+     * not as if we're going to mount a replay attack on ourselves here. */
+    ret = krb5_auth_con_init(context, &authcon);
+    if (ret)
+        goto cleanup;
+    ret = krb5_auth_con_setflags(context, authcon, 0);
+    if (ret)
+        goto cleanup;
+
+    /* Verify the ap_req. */
+    ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab, NULL, NULL);
+    if (ret)
+        goto cleanup;
+
+    /* If we get this far, then the verification succeeded.  We can
+     * still fail if the library stuff here fails, but that's it. */
+    if (ccache_arg != NULL && ccache != NULL) {
+        if (*ccache_arg == NULL) {
+            ret = krb5_cc_resolve(context, "MEMORY:rd_req2", &retcc);
+            if (ret)
+                goto cleanup;
+            ret = krb5_cc_initialize(context, retcc, creds->client);
+            if (ret)
+                goto cleanup;
+            ret = copy_creds_except(context, ccache, retcc, creds->server);
+            if (ret)
+                goto cleanup;
+            *ccache_arg = retcc;
+            retcc = NULL;
+        } else {
+            ret = copy_creds_except(context, ccache, *ccache_arg, server);
+        }
+    }
+
+cleanup:
+    if (retcc != NULL)
+        krb5_cc_destroy(context, retcc);
+    if (ccache != NULL)
+        krb5_cc_destroy(context, ccache);
+    krb5_free_creds(context, out_creds);
+    krb5_auth_con_free(context, authcon);
+    krb5_free_data_contents(context, &ap_req);
+    return ret;
+}
+
+/* Free the principals in plist and plist itself. */
+static void
+free_princ_list(krb5_context context, krb5_principal *plist)
+{
+    size_t i;
+
+    if (plist == NULL)
+        return;
+    for (i = 0; plist[i] != NULL; i++)
+        krb5_free_principal(context, plist[i]);
+    free(plist);
+}
+
+/* Add princ to plist if it isn't already there. */
+static krb5_error_code
+add_princ_list(krb5_context context, krb5_const_principal princ,
+               krb5_principal **plist)
+{
+    size_t i;
+    krb5_principal *newlist;
+
+    /* Check if princ is already in plist, and count the elements. */
+    for (i = 0; (*plist) != NULL && (*plist)[i] != NULL; i++) {
+        if (krb5_principal_compare(context, princ, (*plist)[i]))
+            return 0;
+    }
+
+    newlist = realloc(*plist, (i + 2) * sizeof(*newlist));
+    if (newlist == NULL)
+        return ENOMEM;
+    *plist = newlist;
+    newlist[i] = newlist[i + 1] = NULL; /* terminate the list */
+    return krb5_copy_principal(context, princ, &newlist[i]);
+}
+
+/* Return a list of all unique host service princs in keytab. */
+static krb5_error_code
+get_host_princs_from_keytab(krb5_context context, krb5_keytab keytab,
+                            krb5_principal **princ_list_out)
+{
+    krb5_error_code ret;
+    krb5_kt_cursor cursor;
+    krb5_keytab_entry kte;
+    krb5_principal *plist = NULL, p;
+
+    *princ_list_out = NULL;
+
+    ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+    if (ret)
+        goto cleanup;
+
+    while ((ret = krb5_kt_next_entry(context, keytab, &kte, &cursor)) == 0) {
+        p = kte.principal;
+        if (p->length == 2 && data_eq_string(p->data[0], "host"))
+            ret = add_princ_list(context, p, &plist);
+        krb5_kt_free_entry(context, &kte);
+        if (ret)
+            break;
+    }
+    (void)krb5_kt_end_seq_get(context, keytab, &cursor);
+    if (ret == KRB5_KT_END)
+        ret = 0;
+    if (ret)
+        goto cleanup;
+
+    *princ_list_out = plist;
+    plist = NULL;
+
+cleanup:
+    free_princ_list(context, plist);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_verify_init_creds(krb5_context context, krb5_creds *creds,
+                       krb5_principal server, krb5_keytab keytab,
+                       krb5_ccache *ccache,
+                       krb5_verify_init_creds_opt *options)
+{
+    krb5_error_code ret;
+    krb5_principal *host_princs = NULL;
+    krb5_keytab defkeytab = NULL;
+    krb5_keytab_entry kte;
+    krb5_boolean have_keys = FALSE;
+    size_t i;
+
+    if (keytab == NULL) {
+        ret = krb5_kt_default(context, &defkeytab);
+        if (ret)
+            goto cleanup;
+        keytab = defkeytab;
+    }
+
+    if (server != NULL) {
+        /* Check if server exists in keytab first. */
+        ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte);
+        if (ret)
+            goto cleanup;
+        krb5_kt_free_entry(context, &kte);
+        have_keys = TRUE;
+        ret = get_vfy_cred(context, creds, server, keytab, ccache);
+    } else {
+        /* Try using the host service principals from the keytab. */
+        if (keytab->ops->start_seq_get == NULL) {
+            ret = EINVAL;
+            goto cleanup;
+        }
+        ret = get_host_princs_from_keytab(context, keytab, &host_princs);
+        if (ret)
+            goto cleanup;
+        if (host_princs == NULL) {
+            ret = KRB5_KT_NOTFOUND;
+            goto cleanup;
+        }
+        have_keys = TRUE;
+
+        /* Try all host principals until one succeeds or they all fail. */
+        for (i = 0; host_princs[i] != NULL; i++) {
+            ret = get_vfy_cred(context, creds, host_princs[i], keytab, ccache);
+            if (ret == 0)
+                break;
+        }
+    }
+
+cleanup:
+    /* If we have no key to verify with, pretend to succeed unless
+     * configuration directs otherwise. */
+    if (!have_keys && !nofail(context, options, creds))
+        ret = 0;
+
+    if (defkeytab != NULL)
+        krb5_kt_close(context, defkeytab);
+    free_princ_list(context, host_princs);
+
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/vic_opt.c b/krb5-1.21.3/src/lib/krb5/krb/vic_opt.c
new file mode 100644
index 00000000..dfe21e05
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/vic_opt.c
@@ -0,0 +1,15 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+
+void KRB5_CALLCONV
+krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *opt)
+{
+    opt->flags = 0;
+}
+
+void KRB5_CALLCONV
+krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *opt, int ap_req_nofail)
+{
+    opt->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
+    opt->ap_req_nofail = ap_req_nofail;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c b/krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c
new file mode 100644
index 00000000..bb5ca085
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c
@@ -0,0 +1,626 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/krb/walk_rtree.c */
+/*
+ * Copyright 1990,1991,2008,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5_walk_realm_tree()
+ * krb5_free_realm_tree()
+ *
+ * internal function, used by krb5_get_cred_from_kdc()
+ */
+
+#include "k5-int.h"
+#include "int-proto.h"
+
+/*
+ * Structure to help with finding the common suffix between client and
+ * server realm during hierarchical traversal.
+ */
+struct hstate {
+    char *str;
+    size_t len;
+    char *tail;
+    char *dot;
+};
+
+static krb5_error_code
+rtree_capath_tree(krb5_context context,
+                  const krb5_data *client,
+                  const krb5_data *server,
+                  char **vals,
+                  krb5_principal **tree);
+
+static krb5_error_code
+rtree_capath_vals(krb5_context context,
+                  const krb5_data *client,
+                  const krb5_data *server,
+                  char ***vals);
+
+static krb5_error_code
+rtree_hier_tree(krb5_context context,
+                const krb5_data *client,
+                const krb5_data *server,
+                krb5_principal **rettree,
+                int sep);
+
+static krb5_error_code
+rtree_hier_realms(krb5_context context,
+                  const krb5_data *client,
+                  const krb5_data *server,
+                  krb5_data **realms,
+                  size_t *nrealms,
+                  int sep);
+
+static void
+free_realmlist(krb5_context context,
+               krb5_data *realms,
+               size_t nrealms);
+
+static krb5_error_code
+rtree_hier_tweens(krb5_context context,
+                  struct hstate *realm,
+                  krb5_data **tweens,
+                  size_t *ntweens,
+                  int dotail,
+                  int sep);
+
+static void
+adjtail(struct hstate *c, struct hstate *s, int sep);
+
+static void
+comtail(struct hstate *c, struct hstate *s, int sep);
+
+krb5_error_code
+krb5_walk_realm_tree( krb5_context context,
+                      const krb5_data *client,
+                      const krb5_data *server,
+                      krb5_principal **tree,
+                      int realm_sep)
+{
+    krb5_error_code retval = 0;
+    char **capvals;
+
+    if (client->data == NULL || server->data == NULL)
+        return KRB5_NO_TKT_IN_RLM;
+
+    if (data_eq(*client, *server))
+        return KRB5_NO_TKT_IN_RLM;
+    retval = rtree_capath_vals(context, client, server, &capvals);
+    if (retval)
+        return retval;
+
+    if (capvals != NULL) {
+        retval = rtree_capath_tree(context, client, server, capvals, tree);
+        return retval;
+    }
+
+    retval = rtree_hier_tree(context, client, server, tree, realm_sep);
+    return retval;
+}
+
+krb5_error_code
+k5_client_realm_path(krb5_context context, const krb5_data *client,
+                     const krb5_data *server, krb5_data **rpath_out)
+{
+    krb5_error_code retval;
+    char **capvals = NULL;
+    size_t i;
+    krb5_data *rpath = NULL, d;
+
+    retval = rtree_capath_vals(context, client, server, &capvals);
+    if (retval)
+        return retval;
+
+    /* A capaths value of "." means no intermediates. */
+    if (capvals != NULL && capvals[0] != NULL && *capvals[0] == '.') {
+        profile_free_list(capvals);
+        capvals = NULL;
+    }
+
+    /* Count capaths (if any) and allocate space.  Leave room for the client
+     * realm, server realm, and terminator. */
+    for (i = 0; capvals != NULL && capvals[i] != NULL; i++);
+    rpath = calloc(i + 3, sizeof(*rpath));
+    if (rpath == NULL)
+        return ENOMEM;
+
+    /* Populate rpath with the client realm, capaths, and server realm. */
+    retval = krb5int_copy_data_contents(context, client, &rpath[0]);
+    if (retval)
+        goto cleanup;
+    for (i = 0; capvals != NULL && capvals[i] != NULL; i++) {
+        d = make_data(capvals[i], strcspn(capvals[i], "\t "));
+        retval = krb5int_copy_data_contents(context, &d, &rpath[i + 1]);
+        if (retval)
+            goto cleanup;
+    }
+    retval = krb5int_copy_data_contents(context, server, &rpath[i + 1]);
+    if (retval)
+        goto cleanup;
+
+    /* Terminate rpath and return it. */
+    rpath[i + 2] = empty_data();
+    *rpath_out = rpath;
+    rpath = NULL;
+
+cleanup:
+    profile_free_list(capvals);
+    krb5int_free_data_list(context, rpath);
+    return retval;
+}
+
+/* ANL - Modified to allow Configurable Authentication Paths.
+ * This modification removes the restriction on the choice of realm
+ * names, i.e. they nolonger have to be hierarchical. This
+ * is allowed by RFC 1510: "If a hierarchical organization is not used
+ * it may be necessary to consult some database in order to construct
+ * an authentication path between realms."  The database is contained
+ * in the [capaths] section of the krb5.conf file.
+ * Client to server paths are defined. There are n**2 possible
+ * entries, but only those entries which are needed by the client
+ * or server need be present in its krb5.conf file. (n entries or 2*n
+ * entries if the same krb5.conf is used for clients and servers)
+ *
+ * for example: ESnet will be running a KDC which will share
+ * inter-realm keys with its many organizations which include among
+ * other ANL, NERSC and PNL. Each of these organizations wants to
+ * use its DNS name in the realm, ANL.GOV. In addition ANL wants
+ * to authenticatite to HAL.COM via a K5.MOON and K5.JUPITER
+ * A [capaths] section of the krb5.conf file for the ANL.GOV clients
+ * and servers would look like:
+ *
+ * [capaths]
+ * ANL.GOV = {
+ *              NERSC.GOV = ES.NET
+ *              PNL.GOV = ES.NET
+ *              ES.NET = .
+ *              HAL.COM = K5.MOON
+ *              HAL.COM = K5.JUPITER
+ * }
+ * NERSC.GOV = {
+ *              ANL.GOV = ES.NET
+ * }
+ * PNL.GOV = {
+ *              ANL.GOV = ES.NET
+ * }
+ * ES.NET = {
+ *              ANL.GOV = .
+ * }
+ * HAL.COM = {
+ *              ANL.GOV = K5.JUPITER
+ *              ANL.GOV = K5.MOON
+ * }
+ *
+ * In the above a "." is used to mean directly connected since the
+ * the profile routines cannot handle a null entry.
+ *
+ * If no client-to-server path is found, the default hierarchical path
+ * is still generated.
+ *
+ * This version of the Configurable Authentication Path modification
+ * differs from the previous versions prior to K5 beta 5 in that
+ * the profile routines are used, and the explicit path from client's
+ * realm to server's realm must be given. The modifications will work
+ * together.
+ * DEE - 5/23/95
+ */
+
+/*
+ * Build a tree given a set of profile values retrieved by
+ * walk_rtree_capath_vals().
+ */
+static krb5_error_code
+rtree_capath_tree(krb5_context context,
+                  const krb5_data *client,
+                  const krb5_data *server,
+                  char **vals,
+                  krb5_principal **rettree)
+{
+    krb5_error_code retval = 0;
+    unsigned int nvals, nlinks, nprincs, i;
+    krb5_data srcrealm, dstrealm;
+    krb5_principal *tree, *pprinc;
+
+    *rettree = NULL;
+    tree = pprinc = NULL;
+    for (nvals = 0; vals[nvals] != NULL; nvals++)
+        ;
+    if (vals[0] != NULL && *vals[0] == '.') {
+        nlinks = 0;
+    } else {
+        nlinks = nvals;
+    }
+    nprincs = nlinks + 2;
+    tree = calloc(nprincs + 1, sizeof(krb5_principal));
+    if (tree == NULL) {
+        retval = ENOMEM;
+        goto error;
+    }
+    for (i = 0; i < nprincs + 1; i++)
+        tree[i] = NULL;
+    /* Invariant: PPRINC points one past end of list. */
+    pprinc = &tree[0];
+    /* Local TGS name */
+    retval = krb5int_tgtname(context, client, client, pprinc++);
+    if (retval) goto error;
+    srcrealm = *client;
+    for (i = 0; i < nlinks; i++) {
+        dstrealm.data = vals[i];
+        dstrealm.length = strcspn(vals[i], "\t ");
+        retval = krb5int_tgtname(context, &dstrealm, &srcrealm, pprinc++);
+        if (retval) goto error;
+        srcrealm = dstrealm;
+    }
+    retval = krb5int_tgtname(context, server, &srcrealm, pprinc++);
+    if (retval) goto error;
+    *rettree = tree;
+
+error:
+    profile_free_list(vals);
+    if (retval) {
+        while (pprinc != NULL && pprinc > &tree[0]) {
+            /* krb5_free_principal() correctly handles null input */
+            krb5_free_principal(context, *--pprinc);
+            *pprinc = NULL;
+        }
+        free(tree);
+    }
+    return retval;
+}
+
+/*
+ * Get realm list from "capaths" section of the profile.  Deliberately
+ * returns success but leaves VALS null if profile_get_values() fails
+ * by not finding anything.
+ */
+static krb5_error_code
+rtree_capath_vals(krb5_context context,
+                  const krb5_data *client,
+                  const krb5_data *server,
+                  char ***vals)
+{
+    krb5_error_code retval = 0;
+    /* null-terminated realm names */
+    char *clientz = NULL, *serverz = NULL;
+    const char *key[4];
+
+    *vals = NULL;
+
+    clientz = k5memdup0(client->data, client->length, &retval);
+    if (clientz == NULL)
+        goto error;
+
+    serverz = k5memdup0(server->data, server->length, &retval);
+    if (serverz == NULL)
+        goto error;
+
+    key[0] = "capaths";
+    key[1] = clientz;
+    key[2] = serverz;
+    key[3] = NULL;
+    retval = profile_get_values(context->profile, key, vals);
+    switch (retval) {
+    case PROF_NO_SECTION:
+    case PROF_NO_RELATION:
+        /*
+         * Not found; don't return an error.
+         */
+        retval = 0;
+        break;
+    default:
+        break;
+    }
+error:
+    free(clientz);
+    free(serverz);
+    return retval;
+}
+
+/*
+ * Build tree by hierarchical traversal.
+ */
+static krb5_error_code
+rtree_hier_tree(krb5_context context,
+                const krb5_data *client,
+                const krb5_data *server,
+                krb5_principal **rettree,
+                int sep)
+{
+    krb5_error_code retval;
+    krb5_data *realms;
+    const krb5_data *dstrealm, *srcrealm;
+    krb5_principal *tree, *pprinc;
+    size_t nrealms, nprincs, i;
+
+    *rettree = NULL;
+    retval = rtree_hier_realms(context, client, server,
+                               &realms, &nrealms, sep);
+    if (retval)
+        return retval;
+    nprincs = nrealms;
+    pprinc = tree = calloc(nprincs + 1, sizeof(krb5_principal));
+    if (tree == NULL) {
+        retval = ENOMEM;
+        goto error;
+    }
+    for (i = 0; i < nrealms; i++)
+        tree[i] = NULL;
+    srcrealm = client;
+    for (i = 0; i < nrealms; i++) {
+        dstrealm = &realms[i];
+        retval = krb5int_tgtname(context, dstrealm, srcrealm, pprinc++);
+        if (retval) goto error;
+        srcrealm = dstrealm;
+    }
+    *rettree = tree;
+    free_realmlist(context, realms, nrealms);
+    return 0;
+error:
+    while (pprinc != NULL && pprinc > tree) {
+        krb5_free_principal(context, *--pprinc);
+        *pprinc = NULL;
+    }
+    free_realmlist(context, realms, nrealms);
+    free(tree);
+    return retval;
+}
+
+/*
+ * Construct list of realms between client and server.
+ */
+static krb5_error_code
+rtree_hier_realms(krb5_context context,
+                  const krb5_data *client,
+                  const krb5_data *server,
+                  krb5_data **realms,
+                  size_t *nrealms,
+                  int sep)
+{
+    krb5_error_code retval;
+    struct hstate c, s;
+    krb5_data *ctweens = NULL, *stweens = NULL, *twp, *r, *rp;
+    size_t nctween, nstween;
+
+    *realms = NULL;
+    *nrealms = 0;
+
+    r = rp = NULL;
+    c.str = client->data;
+    c.len = client->length;
+    c.dot = c.tail = NULL;
+    s.str = server->data;
+    s.len = server->length;
+    s.dot = s.tail = NULL;
+
+    comtail(&c, &s, sep);
+    adjtail(&c, &s, sep);
+
+    retval = rtree_hier_tweens(context, &c, &ctweens, &nctween, 1, sep);
+    if (retval) goto error;
+    retval = rtree_hier_tweens(context, &s, &stweens, &nstween, 0, sep);
+    if (retval) goto error;
+
+    rp = r = calloc(nctween + nstween, sizeof(krb5_data));
+    if (r == NULL) {
+        retval = ENOMEM;
+        goto error;
+    }
+    /* Copy client realm "tweens" forward. */
+    for (twp = ctweens; twp < &ctweens[nctween]; twp++) {
+        retval = krb5int_copy_data_contents(context, twp, rp);
+        if (retval) goto error;
+        rp++;
+    }
+    /* Copy server realm "tweens" backward. */
+    for (twp = &stweens[nstween]; twp-- > stweens;) {
+        retval = krb5int_copy_data_contents(context, twp, rp);
+        if (retval) goto error;
+        rp++;
+    }
+error:
+    free(ctweens);
+    free(stweens);
+    if (retval) {
+        free_realmlist(context, r, rp - r);
+        return retval;
+    }
+    *realms = r;
+    *nrealms = rp - r;
+    return 0;
+}
+
+static void
+free_realmlist(krb5_context context,
+               krb5_data *realms,
+               size_t nrealms)
+{
+    size_t i;
+
+    for (i = 0; i < nrealms; i++)
+        krb5_free_data_contents(context, &realms[i]);
+    free(realms);
+}
+
+/*
+ * Build a list of realms between a given realm and the common
+ * suffix.  The original realm is included, but the "tail" is only
+ * included if DOTAIL is true.
+ *
+ * Warning: This function intentionally aliases memory.  Caller must
+ * make copies as needed and not call krb5_free_data_contents, etc.
+ */
+static krb5_error_code
+rtree_hier_tweens(krb5_context context,
+                  struct hstate *realm,
+                  krb5_data **tweens,
+                  size_t *ntweens,
+                  int dotail,
+                  int sep)
+{
+    char *p, *r, *rtail, *lp;
+    size_t rlen, n;
+    krb5_data *tws, *ntws;
+
+    r = realm->str;
+    rlen = realm->len;
+    rtail = realm->tail;
+    *tweens = ntws = tws = NULL;
+    *ntweens = n = 0;
+
+    for (lp = p = r; p < &r[rlen]; p++) {
+        if (*p != sep && &p[1] != &r[rlen])
+            continue;
+        if (lp == rtail && !dotail)
+            break;
+        ntws = realloc(tws, (n + 1) * sizeof(krb5_data));
+        if (ntws == NULL) {
+            free(tws);
+            return ENOMEM;
+        }
+        tws = ntws;
+        tws[n].data = lp;
+        tws[n].length = &r[rlen] - lp;
+        n++;
+        if (lp == rtail)
+            break;
+        lp = &p[1];
+    }
+    *tweens = tws;
+    *ntweens = n;
+    return 0;
+}
+
+/*
+ * Adjust suffixes that each starts at the beginning of a component,
+ * to avoid the problem where "BC.EXAMPLE.COM" is erroneously reported
+ * as a parent of "ABC.EXAMPLE.COM".
+ */
+static void
+adjtail(struct hstate *c, struct hstate *s, int sep)
+{
+    int cfull, sfull;
+    char *cp, *sp;
+
+    cp = c->tail;
+    sp = s->tail;
+    if (cp == NULL || sp == NULL)
+        return;
+    /*
+     * Is it a full component?  Yes, if it's the beginning of the
+     * string or there's a separator to the left.
+     *
+     * The index of -1 is valid because it only gets evaluated if the
+     * pointer is not at the beginning of the string.
+     */
+    cfull = (cp == c->str || cp[-1] == sep);
+    sfull = (sp == s->str || sp[-1] == sep);
+    /*
+     * If they're both full components, we're done.
+     */
+    if (cfull && sfull) {
+        return;
+    } else if (c->dot != NULL && s->dot != NULL) {
+        cp = c->dot + 1;
+        sp = s->dot + 1;
+        /*
+         * Out of bounds? Can only happen if there are trailing dots.
+         */
+        if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) {
+            cp = sp = NULL;
+        }
+    } else {
+        cp = sp = NULL;
+    }
+    c->tail = cp;
+    s->tail = sp;
+}
+
+/*
+ * Find common suffix of C and S.
+ *
+ * C->TAIL and S->TAIL will point to the respective suffixes.  C->DOT
+ * and S->DOT will point to the nearest instances of SEP to the right
+ * of the start of each suffix.  Caller must initialize TAIL and DOT
+ * pointers to null.
+ */
+static void
+comtail(struct hstate *c, struct hstate *s, int sep)
+{
+    char *cp, *sp, *cdot, *sdot;
+
+    if (c->len == 0 || s->len == 0)
+        return;
+
+    cdot = sdot = NULL;
+    /*
+     * ANSI/ISO C allows a pointer one past the end but not one
+     * before the beginning of an array.
+     */
+    cp = &c->str[c->len];
+    sp = &s->str[s->len];
+    /*
+     * Set CP and SP to point to the common suffix of each string.
+     * When we run into separators (dots, unless someone has a X.500
+     * style realm), keep pointers to the latest pair.
+     */
+    while (cp > c->str && sp > s->str) {
+        if (*--cp != *--sp) {
+            /*
+             * Didn't match, so most recent match is one byte to the
+             * right (or not at all).
+             */
+            cp++;
+            sp++;
+            break;
+        }
+        /*
+         * Keep track of matching dots.
+         */
+        if (*cp == sep) {
+            cdot = cp;
+            sdot = sp;
+        }
+    }
+    /* No match found at all. */
+    if (cp == &c->str[c->len])
+        return;
+    c->tail = cp;
+    s->tail = sp;
+    c->dot = cdot;
+    s->dot = sdot;
+}
+
+void
+krb5_free_realm_tree(krb5_context context, krb5_principal *realms)
+{
+    krb5_principal *nrealms = realms;
+    if (realms == NULL)
+        return;
+    while (*nrealms) {
+        krb5_free_principal(context, *nrealms);
+        nrealms++;
+    }
+    free(realms);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb/walktree-tests b/krb5-1.21.3/src/lib/krb5/krb/walktree-tests
new file mode 100644
index 00000000..f316d80c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/walktree-tests
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+. ./runenv.sh
+
+# Test the walk_rtree.c code.
+#
+
+#error: wanted
+#got tgt list:
+check='echo Running walk_rtree test $1 $2 ... ; ans=`./t_walk_rtree $1 $2 | sed -e s,krbtgt/,,g`; ans=`echo $ans`; echo Got TGT list: "$ans" ; if test "$3" != "$ans" ; then err=1; echo ERROR: wanted "$3"; fi; echo ""'
+
+err=0
+
+set ATHENA.MIT.EDU HACK.EXAMPLE.COM "ATHENA.MIT.EDU@ATHENA.MIT.EDU MIT.EDU@ATHENA.MIT.EDU EDU@MIT.EDU COM@EDU EXAMPLE.COM@COM HACK.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set ATHENA.MIT.EDU CSAIL.MIT.EDU "ATHENA.MIT.EDU@ATHENA.MIT.EDU MIT.EDU@ATHENA.MIT.EDU CSAIL.MIT.EDU@MIT.EDU"
+eval $check
+
+set FOO.EXAMPLE.COM BAR.EXAMPLE.COM "FOO.EXAMPLE.COM@FOO.EXAMPLE.COM EXAMPLE.COM@FOO.EXAMPLE.COM BAR.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set FOZ.EXAMPLE.COM BAZ.EXAMPLE.COM "FOZ.EXAMPLE.COM@FOZ.EXAMPLE.COM EXAMPLE.COM@FOZ.EXAMPLE.COM BAZ.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set FOZ.EXAMPLE.COM BOZ.EXAMPLE.COM "FOZ.EXAMPLE.COM@FOZ.EXAMPLE.COM EXAMPLE.COM@FOZ.EXAMPLE.COM BOZ.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set FOZ.EXAMPLE.COM OZ.EXAMPLE.COM "FOZ.EXAMPLE.COM@FOZ.EXAMPLE.COM EXAMPLE.COM@FOZ.EXAMPLE.COM OZ.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set OZ.EXAMPLE.COM FOZ.EXAMPLE.COM "OZ.EXAMPLE.COM@OZ.EXAMPLE.COM EXAMPLE.COM@OZ.EXAMPLE.COM FOZ.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set A.FOZ.EXAMPLE.COM A.OZ.EXAMPLE.COM "A.FOZ.EXAMPLE.COM@A.FOZ.EXAMPLE.COM FOZ.EXAMPLE.COM@A.FOZ.EXAMPLE.COM EXAMPLE.COM@FOZ.EXAMPLE.COM OZ.EXAMPLE.COM@EXAMPLE.COM A.OZ.EXAMPLE.COM@OZ.EXAMPLE.COM"
+eval $check
+
+set A.OZ.EXAMPLE.COM A.FOZ.EXAMPLE.COM "A.OZ.EXAMPLE.COM@A.OZ.EXAMPLE.COM OZ.EXAMPLE.COM@A.OZ.EXAMPLE.COM EXAMPLE.COM@OZ.EXAMPLE.COM FOZ.EXAMPLE.COM@EXAMPLE.COM A.FOZ.EXAMPLE.COM@FOZ.EXAMPLE.COM"
+eval $check
+
+set A.FOZ.EXAMPLE.COM A.BOZ.EXAMPLE.COM "A.FOZ.EXAMPLE.COM@A.FOZ.EXAMPLE.COM FOZ.EXAMPLE.COM@A.FOZ.EXAMPLE.COM EXAMPLE.COM@FOZ.EXAMPLE.COM BOZ.EXAMPLE.COM@EXAMPLE.COM A.BOZ.EXAMPLE.COM@BOZ.EXAMPLE.COM"
+eval $check
+
+set A.BOZ.EXAMPLE.COM A.FOZ.EXAMPLE.COM "A.BOZ.EXAMPLE.COM@A.BOZ.EXAMPLE.COM BOZ.EXAMPLE.COM@A.BOZ.EXAMPLE.COM EXAMPLE.COM@BOZ.EXAMPLE.COM FOZ.EXAMPLE.COM@EXAMPLE.COM A.FOZ.EXAMPLE.COM@FOZ.EXAMPLE.COM"
+eval $check
+
+set A.FOZ.EXAMPLE.COM OZ.EXAMPLE.COM "A.FOZ.EXAMPLE.COM@A.FOZ.EXAMPLE.COM FOZ.EXAMPLE.COM@A.FOZ.EXAMPLE.COM EXAMPLE.COM@FOZ.EXAMPLE.COM OZ.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set OZ.EXAMPLE.COM A.FOZ.EXAMPLE.COM "OZ.EXAMPLE.COM@OZ.EXAMPLE.COM EXAMPLE.COM@OZ.EXAMPLE.COM FOZ.EXAMPLE.COM@EXAMPLE.COM A.FOZ.EXAMPLE.COM@FOZ.EXAMPLE.COM"
+eval $check
+
+#set EXAMPLE.COM EXAMPLE.COM "EXAMPLE.COM@EXAMPLE.COM"
+set EXAMPLE.COM EXAMPLE.COM ""
+echo Next test should return a cannot-find-ticket error...
+eval $check
+
+set A.B B.B "A.B@A.B B@A.B B.B@B"
+eval $check
+
+set AB.B B.B "AB.B@AB.B B@AB.B B.B@B"
+eval $check
+
+set A.B BA.B "A.B@A.B B@A.B BA.B@B"
+eval $check
+
+set EXAMPLE.COM A.EXAMPLE.COM "EXAMPLE.COM@EXAMPLE.COM A.EXAMPLE.COM@EXAMPLE.COM"
+eval $check
+
+set A.EXAMPLE.COM EXAMPLE.COM "A.EXAMPLE.COM@A.EXAMPLE.COM EXAMPLE.COM@A.EXAMPLE.COM"
+eval $check
+
+echo CAPATH test
+set ATHENA.MIT.EDU KERBEROS.COM "ATHENA.MIT.EDU@ATHENA.MIT.EDU KERBEROS.COM@ATHENA.MIT.EDU"
+eval $check
+
+echo CAPATH test
+set LCS.MIT.EDU KABLOOEY.KERBEROS.COM "LCS.MIT.EDU@LCS.MIT.EDU ATHENA.MIT.EDU@LCS.MIT.EDU KERBEROS.COM@ATHENA.MIT.EDU KABLOOEY.KERBEROS.COM@KERBEROS.COM"
+eval $check
+
+exit $err
diff --git a/krb5-1.21.3/src/lib/krb5/krb/x-deltat.y b/krb5-1.21.3/src/lib/krb5/krb/x-deltat.y
new file mode 100644
index 00000000..34cdf969
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb/x-deltat.y
@@ -0,0 +1,240 @@
+/*
+ * lib/krb5/krb/deltat.y
+ *
+ * Copyright 1999 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * krb5_string_to_deltat()
+ */
+
+/* For a clean, thread-safe interface, we must use the "pure parser"
+   facility of GNU Bison.  Unfortunately, standard YACC has no such
+   option.  */
+
+/* N.B.: For simplicity in dealing with the distribution, the
+   Makefile.in listing for deltat.c does *not* normally list this
+   file.  If you change this file, tweak the Makefile so it'll rebuild
+   deltat.c, or do it manually.  */
+%{
+
+/*
+ * GCC optimizer will detect a variable used without being set in a YYERROR
+ * path.  As this is generated code, suppress the complaint.
+ */
+#ifdef __GNUC__
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wuninitialized"
+#endif
+
+#include "k5-int.h"
+#include <ctype.h>
+
+struct param {
+    krb5_int32 delta;
+    char *p;
+};
+
+#define MAX_TIME KRB5_INT32_MAX
+#define MIN_TIME KRB5_INT32_MIN
+
+#define DAY (24 * 3600)
+#define HOUR 3600
+
+#define MAX_DAY (MAX_TIME / DAY)
+#define MIN_DAY (MIN_TIME / DAY)
+#define MAX_HOUR (MAX_TIME / HOUR)
+#define MIN_HOUR (MIN_TIME / HOUR)
+#define MAX_MIN (MAX_TIME / 60)
+#define MIN_MIN (MIN_TIME / 60)
+
+/* An explanation of the tests being performed.
+   We do not want to overflow a 32 bit integer with out manipulations,
+   even for testing for overflow. Therefore we rely on the following:
+
+   The lex parser will not return a number > MAX_TIME (which is out 32
+   bit limit).
+
+   Therefore, seconds (s) will require
+       MIN_TIME < s < MAX_TIME
+
+   For subsequent tests, the logic is as follows:
+
+      If A < MAX_TIME and  B < MAX_TIME
+
+      If we want to test if A+B < MAX_TIME, there are two cases
+        if (A > 0)
+         then A + B < MAX_TIME if B < MAX_TIME - A
+	else A + B < MAX_TIME  always.
+
+      if we want to test if MIN_TIME < A + B
+          if A > 0 - then nothing to test
+          otherwise, we test if MIN_TIME - A < B.
+
+   We of course are testing for:
+          MIN_TIME < A + B < MAX_TIME
+*/
+
+
+#define DAY_NOT_OK(d) (d) > MAX_DAY || (d) < MIN_DAY
+#define HOUR_NOT_OK(h) (h) > MAX_HOUR || (h) < MIN_HOUR
+#define MIN_NOT_OK(m) (m) > MAX_MIN || (m) < MIN_MIN
+#define SUM_OK(a, b) (((a) > 0) ? ( (b) <= MAX_TIME - (a)) : (MIN_TIME - (a) <= (b)))
+#define DO_SUM(res, a, b) if (!SUM_OK((a), (b))) YYERROR; \
+                          res = (a) + (b)
+
+
+#define OUT_D tmv->delta
+#define DO(D,H,M,S) \
+ { \
+     /* Overflow testing - this does not handle negative values well.. */ \
+     if (DAY_NOT_OK(D) || HOUR_NOT_OK(H) || MIN_NOT_OK(M)) YYERROR; \
+     OUT_D = D * DAY; \
+     DO_SUM(OUT_D, OUT_D, H * HOUR); \
+     DO_SUM(OUT_D, OUT_D, M * 60); \
+     DO_SUM(OUT_D, OUT_D, S); \
+ }
+
+static int mylex(int *intp, struct param *tmv);
+#undef yylex
+#define yylex(U, P)    mylex (&(U)->val, (P))
+
+#undef yyerror
+#define yyerror(tmv, msg)
+
+static int yyparse(struct param *);
+
+%}
+
+%union {int val;}
+%parse-param {struct param *tmv}
+%lex-param {struct param *tmv}
+%define api.pure
+
+%token <val> tok_NUM tok_LONGNUM tok_OVERFLOW
+%token '-' ':' 'd' 'h' 'm' 's' tok_WS
+
+%type <val> num opt_hms opt_ms opt_s wsnum posnum
+
+%start start
+
+%%
+
+start: deltat;
+posnum: tok_NUM | tok_LONGNUM ;
+num: posnum | '-' posnum { $$ = - $2; } ;
+ws: /* nothing */ | tok_WS ;
+wsnum: ws num { $$ = $2; }
+        | ws tok_OVERFLOW { YYERROR; };
+deltat:
+	  wsnum 'd' opt_hms                          { DO ($1,  0,  0, $3); }
+	| wsnum 'h' opt_ms                           { DO ( 0, $1,  0, $3); }
+	| wsnum 'm' opt_s                            { DO ( 0,  0, $1, $3); }
+	| wsnum 's'                                  { DO ( 0,  0,  0, $1); }
+	| wsnum '-' tok_NUM ':' tok_NUM ':' tok_NUM  { DO ($1, $3, $5, $7); }
+	| wsnum ':' tok_NUM ':' tok_NUM              { DO ( 0, $1, $3, $5); }
+	| wsnum ':' tok_NUM                          { DO ( 0, $1, $3,  0); }
+	| wsnum                                      { DO ( 0,  0,  0, $1); }
+	                                             /* default to 's' */
+	;
+
+opt_hms:
+	  opt_ms
+	  | wsnum 'h' opt_ms		{ if (HOUR_NOT_OK($1)) YYERROR;
+	                                  DO_SUM($$, $1 * 3600, $3); }; 
+opt_ms:
+	  opt_s
+	| wsnum 'm' opt_s		{ if (MIN_NOT_OK($1)) YYERROR;
+	                                  DO_SUM($$, $1 * 60, $3); }; 
+opt_s:
+	  ws				{ $$ = 0; }
+	| wsnum 's' ;
+
+%%
+
+#ifdef __GNUC__
+#pragma GCC diagnostic pop
+#endif
+
+static int
+mylex(int *intp, struct param *tmv)
+{
+    int num, c;
+#define P (tmv->p)
+    char *orig_p = P;
+
+#ifdef isascii
+    if (!isascii (*P))
+	return 0;
+#endif
+    switch (c = *P++) {
+    case '-':
+    case ':':
+    case 'd':
+    case 'h':
+    case 'm':
+    case 's':
+	return c;
+    case '0':
+    case '1':
+    case '2':
+    case '3':
+    case '4':
+    case '5':
+    case '6':
+    case '7':
+    case '8':
+    case '9':
+	/* XXX assumes ASCII */
+	num = c - '0';
+	while (isdigit ((int) *P)) {
+	    if (num > MAX_TIME / 10)
+	      return tok_OVERFLOW;
+	    num *= 10;
+	    if (num > MAX_TIME - (*P - '0'))
+	      return tok_OVERFLOW;
+	    num += *P++ - '0';
+	}
+	*intp = num;
+	return (P - orig_p > 2) ? tok_LONGNUM : tok_NUM;
+    case ' ':
+    case '\t':
+    case '\n':
+	while (isspace ((int) *P))
+	    P++;
+	return tok_WS;
+    default:
+	return YYEOF;
+    }
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_string_to_deltat(char *string, krb5_deltat *deltatp)
+{
+    struct param p;
+    p.delta = 0;
+    p.p = string;
+    if (yyparse (&p))
+	return KRB5_DELTAT_BADFORMAT;
+    *deltatp = p.delta;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb5_libinit.c b/krb5-1.21.3/src/lib/krb5/krb5_libinit.c
new file mode 100644
index 00000000..bcfe2a2a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb5_libinit.c
@@ -0,0 +1,106 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#include "k5-int.h"
+
+#if defined(_WIN32) || defined(USE_CCAPI)
+#include "stdcc.h"
+#endif
+
+#include "krb5_libinit.h"
+#include "k5-platform.h"
+#include "cc-int.h"
+#include "kt-int.h"
+#include "os-proto.h"
+
+/*
+ * Initialize the Kerberos v5 library.
+ */
+
+MAKE_INIT_FUNCTION(krb5int_lib_init);
+MAKE_FINI_FUNCTION(krb5int_lib_fini);
+
+/* Possibly load-time initialization -- mutexes, etc.  */
+int krb5int_lib_init(void)
+{
+    int err;
+
+    k5_set_error_info_callout_fn(error_message);
+
+#ifdef SHOW_INITFINI_FUNCS
+    printf("krb5int_lib_init\n");
+#endif
+
+    add_error_table(&et_krb5_error_table);
+    add_error_table(&et_k5e1_error_table);
+    add_error_table(&et_kv5m_error_table);
+    add_error_table(&et_kdb5_error_table);
+    add_error_table(&et_asn1_error_table);
+    add_error_table(&et_k524_error_table);
+
+    bindtextdomain(KRB5_TEXTDOMAIN, LOCALEDIR);
+
+#ifndef LEAN_CLIENT
+    err = krb5int_kt_initialize();
+    if (err)
+        return err;
+#endif /* LEAN_CLIENT */
+    err = krb5int_cc_initialize();
+    if (err)
+        return err;
+    err = k5_mutex_finish_init(&krb5int_us_time_mutex);
+    if (err)
+        return err;
+
+    return 0;
+}
+
+/* Always-delayed initialization -- error table linkage, etc.  */
+krb5_error_code krb5int_initialize_library (void)
+{
+    return CALL_INIT_FUNCTION(krb5int_lib_init);
+}
+
+/*
+ * Clean up the Kerberos v5 library state
+ */
+
+void krb5int_lib_fini(void)
+{
+    if (!INITIALIZER_RAN(krb5int_lib_init) || PROGRAM_EXITING()) {
+#ifdef SHOW_INITFINI_FUNCS
+        printf("krb5int_lib_fini: skipping\n");
+#endif
+        return;
+    }
+
+#ifdef SHOW_INITFINI_FUNCS
+    printf("krb5int_lib_fini\n");
+#endif
+
+    k5_mutex_destroy(&krb5int_us_time_mutex);
+
+    krb5int_cc_finalize();
+#ifndef LEAN_CLIENT
+    krb5int_kt_finalize();
+#endif /* LEAN_CLIENT */
+
+#if defined(_WIN32) || defined(USE_CCAPI)
+    krb5_stdcc_shutdown();
+#endif
+
+    remove_error_table(&et_krb5_error_table);
+    remove_error_table(&et_k5e1_error_table);
+    remove_error_table(&et_kv5m_error_table);
+    remove_error_table(&et_kdb5_error_table);
+    remove_error_table(&et_asn1_error_table);
+    remove_error_table(&et_k524_error_table);
+
+    k5_set_error_info_callout_fn(NULL);
+}
+
+/* Still exists because it went into the export list on Windows.  But
+   since the above function should be invoked at unload time, we don't
+   actually want to do anything here.  */
+void krb5int_cleanup_library (void)
+{
+}
diff --git a/krb5-1.21.3/src/lib/krb5/krb5_libinit.h b/krb5-1.21.3/src/lib/krb5/krb5_libinit.h
new file mode 100644
index 00000000..ff8e5d6f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/krb5_libinit.h
@@ -0,0 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef KRB5_LIBINIT_H
+#define KRB5_LIBINIT_H
+
+#include "krb5.h"
+
+krb5_error_code krb5int_initialize_library (void);
+void krb5int_cleanup_library (void);
+
+#endif /* KRB5_LIBINIT_H */
diff --git a/krb5-1.21.3/src/lib/krb5/libkrb5.exports b/krb5-1.21.3/src/lib/krb5/libkrb5.exports
new file mode 100644
index 00000000..4c50e935
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/libkrb5.exports
@@ -0,0 +1,655 @@
+_krb5_conf_boolean
+decode_krb5_ad_kdcissued
+decode_krb5_ap_rep
+decode_krb5_ap_rep_enc_part
+decode_krb5_ap_req
+decode_krb5_as_rep
+decode_krb5_as_req
+decode_krb5_authdata
+decode_krb5_authenticator
+decode_krb5_cammac
+decode_krb5_cred
+decode_krb5_enc_cred_part
+decode_krb5_enc_data
+decode_krb5_enc_kdc_rep_part
+decode_krb5_enc_priv_part
+decode_krb5_enc_sam_response_enc_2
+decode_krb5_enc_tkt_part
+decode_krb5_encryption_key
+decode_krb5_error
+decode_krb5_etype_info
+decode_krb5_etype_info2
+decode_krb5_fast_req
+decode_krb5_fast_response
+decode_krb5_iakerb_finished
+decode_krb5_iakerb_header
+decode_krb5_kdc_req_body
+decode_krb5_otp_tokeninfo
+decode_krb5_kkdcp_message
+decode_krb5_pa_enc_ts
+decode_krb5_pa_for_user
+decode_krb5_pa_fx_fast_reply
+decode_krb5_pa_fx_fast_request
+decode_krb5_pa_otp_challenge
+decode_krb5_pa_otp_req
+decode_krb5_pa_otp_enc_req
+decode_krb5_pa_pac_options
+decode_krb5_pa_pac_req
+decode_krb5_pa_s4u_x509_user
+decode_krb5_pa_spake
+decode_krb5_padata_sequence
+decode_krb5_priv
+decode_krb5_safe
+decode_krb5_sam_challenge_2
+decode_krb5_sam_challenge_2_body
+decode_krb5_sam_response_2
+decode_krb5_secure_cookie
+decode_krb5_setpw_req
+decode_krb5_spake_factor
+decode_krb5_tgs_rep
+decode_krb5_tgs_req
+decode_krb5_ticket
+decode_krb5_typed_data
+decode_utf8_strings
+encode_krb5_ad_kdcissued
+encode_krb5_ap_rep
+encode_krb5_ap_rep_enc_part
+encode_krb5_ap_req
+encode_krb5_as_rep
+encode_krb5_as_req
+encode_krb5_authdata
+encode_krb5_authenticator
+encode_krb5_cammac
+encode_krb5_checksum
+encode_krb5_cred
+encode_krb5_enc_cred_part
+encode_krb5_enc_data
+encode_krb5_enc_kdc_rep_part
+encode_krb5_enc_priv_part
+encode_krb5_enc_sam_response_enc_2
+encode_krb5_enc_tkt_part
+encode_krb5_encryption_key
+encode_krb5_error
+encode_krb5_etype_info
+encode_krb5_etype_info2
+encode_krb5_fast_response
+encode_krb5_iakerb_finished
+encode_krb5_iakerb_header
+encode_krb5_kdc_req_body
+encode_krb5_otp_tokeninfo
+encode_krb5_kkdcp_message
+encode_krb5_pa_enc_ts
+encode_krb5_pa_for_user
+encode_krb5_pa_fx_fast_reply
+encode_krb5_pa_otp_challenge
+encode_krb5_pa_otp_req
+encode_krb5_pa_otp_enc_req
+encode_krb5_pa_pac_options
+encode_krb5_pa_s4u_x509_user
+encode_krb5_pa_spake
+encode_krb5_padata_sequence
+encode_krb5_pkinit_supp_pub_info
+encode_krb5_priv
+encode_krb5_s4u_userid
+encode_krb5_safe
+encode_krb5_sam_challenge_2
+encode_krb5_sam_challenge_2_body
+encode_krb5_sam_response_2
+encode_krb5_secure_cookie
+encode_krb5_sp80056a_other_info
+encode_krb5_spake_factor
+encode_krb5_tgs_rep
+encode_krb5_tgs_req
+encode_krb5_ticket
+encode_krb5_typed_data
+encode_utf8_strings
+et_asn1_error_table
+et_k524_error_table
+et_kdb5_error_table
+et_krb5_error_table
+et_kv5m_error_table
+et_prof_error_table
+initialize_asn1_error_table
+initialize_k524_error_table
+initialize_kdb5_error_table
+initialize_krb5_error_table
+initialize_k5e1_error_table
+initialize_kv5m_error_table
+initialize_prof_error_table
+k5_add_empty_pa_data
+k5_add_pa_data_element
+k5_add_pa_data_from_data
+k5_alloc_pa_data
+k5_authind_decode
+k5_build_conf_principals
+k5_cc_store_primary_cred
+k5_ccselect_free_context
+k5_change_error_message_code
+k5_etypes_contains
+k5_expand_path_tokens
+k5_expand_path_tokens_extra
+k5_externalize_auth_context
+k5_externalize_authdata
+k5_externalize_authdata_context
+k5_externalize_context
+k5_externalize_keyblock
+k5_externalize_principal
+k5_free_algorithm_identifier
+k5_free_cammac
+k5_free_data_ptr_list
+k5_free_otp_tokeninfo
+k5_free_kkdcp_message
+k5_free_pa_data_element
+k5_free_pa_otp_challenge
+k5_free_pa_otp_req
+k5_free_secure_cookie
+k5_free_pa_spake
+k5_free_serverlist
+k5_free_spake_factor
+k5_hostrealm_free_context
+k5_init_trace
+k5_internalize_auth_context
+k5_internalize_authdata
+k5_internalize_authdata_context
+k5_internalize_context
+k5_internalize_keyblock
+k5_internalize_principal
+k5_is_string_numeric
+k5_kt_get_principal
+k5_kt_have_match
+k5_localauth_free_context
+k5_locate_kdc
+k5_marshal_cred
+k5_marshal_princ
+k5_os_free_context
+k5_os_init_context
+k5_parse_host_string
+k5_plugin_free_modules
+k5_plugin_load
+k5_plugin_load_all
+k5_plugin_register
+k5_plugin_register_dyn
+k5_rc_close
+k5_rc_get_name
+k5_rc_resolve
+k5_rc_store
+k5_size_auth_context
+k5_size_authdata
+k5_size_authdata_context
+k5_size_context
+k5_size_keyblock
+k5_size_principal
+k5_sname_compare
+k5_unmarshal_cred
+k5_unmarshal_princ
+k5_unwrap_cammac_svc
+k5_zapfree_pa_data
+krb524_convert_creds_kdc
+krb524_init_ets
+krb5_425_conv_principal
+krb5_524_conv_principal
+krb5_524_convert_creds
+krb5_address_compare
+krb5_address_order
+krb5_address_search
+krb5_allow_weak_crypto
+krb5_aname_to_localname
+krb5_anonymous_principal
+krb5_anonymous_realm
+krb5_appdefault_boolean
+krb5_appdefault_string
+krb5_auth_con_free
+krb5_auth_con_genaddrs
+krb5_auth_con_get_checksum_func
+krb5_auth_con_get_authdata_context
+krb5_auth_con_getaddrs
+krb5_auth_con_getauthenticator
+krb5_auth_con_getflags
+krb5_auth_con_getivector
+krb5_auth_con_getkey
+krb5_auth_con_getkey_k
+krb5_auth_con_getlocalseqnumber
+krb5_auth_con_getlocalsubkey
+krb5_auth_con_getpermetypes
+krb5_auth_con_getrcache
+krb5_auth_con_getrecvsubkey
+krb5_auth_con_getrecvsubkey_k
+krb5_auth_con_getremoteseqnumber
+krb5_auth_con_getremotesubkey
+krb5_auth_con_getsendsubkey
+krb5_auth_con_getsendsubkey_k
+krb5_auth_con_init
+krb5_auth_con_initivector
+krb5_auth_con_set_authdata_context
+krb5_auth_con_set_checksum_func
+krb5_auth_con_set_req_cksumtype
+krb5_auth_con_set_safe_cksumtype
+krb5_auth_con_setaddrs
+krb5_auth_con_setflags
+krb5_auth_con_setivector
+krb5_auth_con_setpermetypes
+krb5_auth_con_setports
+krb5_auth_con_setrcache
+krb5_auth_con_setrecvsubkey
+krb5_auth_con_setrecvsubkey_k
+krb5_auth_con_setsendsubkey
+krb5_auth_con_setsendsubkey_k
+krb5_auth_con_setuseruserkey
+krb5_authdata_context_copy
+krb5_authdata_context_free
+krb5_authdata_context_init
+krb5_authdata_delete_attribute
+krb5_authdata_get_attribute_types
+krb5_authdata_get_attribute
+krb5_authdata_set_attribute
+krb5_authdata_export_attributes
+krb5_authdata_export_authdata
+krb5_authdata_export_internal
+krb5_authdata_free_internal
+krb5_authdata_import_attributes
+krb5_build_principal
+krb5_build_principal_alloc_va
+krb5_build_principal_ext
+krb5_build_principal_va
+krb5_cc_cache_match
+krb5_cc_close
+krb5_cc_copy_creds
+krb5_cc_default
+krb5_cc_default_name
+krb5_cc_destroy
+krb5_cc_dfl_ops
+krb5_cc_dup
+krb5_cc_end_seq_get
+krb5_cc_file_ops
+krb5_cc_gen_new
+krb5_cc_get_config
+krb5_cc_get_full_name
+krb5_cc_get_name
+krb5_cc_get_principal
+krb5_cc_get_type
+krb5_cc_move
+krb5_cc_initialize
+krb5_cc_new_unique
+krb5_cc_next_cred
+krb5_cc_register
+krb5_cc_remove_cred
+krb5_cc_resolve
+krb5_cc_retrieve_cred
+krb5_cc_select
+krb5_cc_set_config
+krb5_cc_set_default_name
+krb5_cc_set_flags
+krb5_cc_start_seq_get
+krb5_cc_store_cred
+krb5_cc_support_switch
+krb5_cc_switch
+krb5_cccol_cursor_free
+krb5_cccol_cursor_new
+krb5_cccol_cursor_next
+krb5_cccol_have_content
+krb5_change_cache
+krb5_change_password
+krb5_check_clockskew
+krb5_check_transited_list
+krb5_chpw_message
+krb5_chpw_result_code_string
+krb5_clear_error_message
+krb5_copy_addr
+krb5_copy_addresses
+krb5_copy_authdata
+krb5_copy_authenticator
+krb5_copy_checksum
+krb5_copy_context
+krb5_copy_creds
+krb5_copy_data
+krb5_copy_error_message
+krb5_copy_keyblock
+krb5_copy_keyblock_contents
+krb5_copy_principal
+krb5_copy_ticket
+krb5_crypto_us_timeofday
+krb5_decode_authdata_container
+krb5_decode_ticket
+krb5_decrypt_tkt_part
+krb5_deltat_to_string
+krb5_encode_authdata_container
+krb5_encode_kdc_rep
+krb5_encrypt_helper
+krb5_encrypt_tkt_part
+krb5_expand_hostname
+krb5_fcc_ops
+krb5_find_authdata
+krb5_free_ad_kdcissued
+krb5_free_address
+krb5_free_addresses
+krb5_free_ap_rep
+krb5_free_ap_rep_enc_part
+krb5_free_ap_req
+krb5_free_authdata
+krb5_free_authenticator
+krb5_free_authenticator_contents
+krb5_free_checksum
+krb5_free_checksum_contents
+krb5_free_config_files
+krb5_free_context
+krb5_free_cred
+krb5_free_cred_contents
+krb5_free_cred_enc_part
+krb5_free_creds
+krb5_free_data
+krb5_free_data_contents
+krb5_free_default_realm
+krb5_free_enc_data
+krb5_free_enc_kdc_rep_part
+krb5_free_enc_sam_response_enc_2
+krb5_free_enc_sam_response_enc_2_contents
+krb5_free_enc_tkt_part
+krb5_free_enctypes
+krb5_free_error
+krb5_free_error_message
+krb5_free_etype_info
+krb5_free_fast_armored_req
+krb5_free_fast_req
+krb5_free_fast_response
+krb5_free_host_realm
+krb5_free_iakerb_finished
+krb5_free_iakerb_header
+krb5_free_kdc_rep
+krb5_free_kdc_req
+krb5_free_keyblock
+krb5_free_keyblock_contents
+krb5_free_keytab_entry_contents
+krb5_free_last_req
+krb5_free_octet_data
+krb5_free_pa_data
+krb5_free_pa_enc_ts
+krb5_free_pa_for_user
+krb5_free_pa_pac_req
+krb5_free_pa_s4u_x509_user
+krb5_free_principal
+krb5_free_priv
+krb5_free_priv_enc_part
+krb5_free_realm_tree
+krb5_free_safe
+krb5_free_sam_challenge_2
+krb5_free_sam_challenge_2_body
+krb5_free_sam_challenge_2_body_contents
+krb5_free_sam_challenge_2_contents
+krb5_free_sam_response_2
+krb5_free_sam_response_2_contents
+krb5_free_string
+krb5_free_tgt_creds
+krb5_free_ticket
+krb5_free_tickets
+krb5_free_tkt_authent
+krb5_free_unparsed_name
+krb5_fwd_tgt_creds
+krb5_gen_portaddr
+krb5_gen_replay_name
+krb5_generate_seq_number
+krb5_generate_subkey
+krb5_get_cred_via_tkt
+krb5_get_credentials
+krb5_get_credentials_for_proxy
+krb5_get_credentials_for_user
+krb5_get_credentials_renew
+krb5_get_credentials_validate
+krb5_get_default_config_files
+krb5_get_default_in_tkt_ktypes
+krb5_get_default_realm
+krb5_get_error_message
+krb5_get_etype_info
+krb5_get_fallback_host_realm
+krb5_get_host_realm
+krb5_get_in_tkt_with_keytab
+krb5_get_in_tkt_with_password
+krb5_get_in_tkt_with_skey
+krb5_get_init_creds_keytab
+krb5_get_init_creds_opt_alloc
+krb5_get_init_creds_opt_free
+krb5_get_init_creds_opt_free_pa
+krb5_get_init_creds_opt_get_fast_flags
+krb5_get_init_creds_opt_get_pa
+krb5_get_init_creds_opt_init
+krb5_get_init_creds_opt_set_address_list
+krb5_get_init_creds_opt_set_anonymous
+krb5_get_init_creds_opt_set_canonicalize
+krb5_get_init_creds_opt_set_change_password_prompt
+krb5_get_init_creds_opt_set_etype_list
+krb5_get_init_creds_opt_set_expire_callback
+krb5_get_init_creds_opt_set_fast_ccache
+krb5_get_init_creds_opt_set_fast_ccache_name
+krb5_get_init_creds_opt_set_fast_flags
+krb5_get_init_creds_opt_set_forwardable
+krb5_get_init_creds_opt_set_in_ccache
+krb5_get_init_creds_opt_set_out_ccache
+krb5_get_init_creds_opt_set_pa
+krb5_get_init_creds_opt_set_pac_request
+krb5_get_init_creds_opt_set_preauth_list
+krb5_get_init_creds_opt_set_proxiable
+krb5_get_init_creds_opt_set_renew_life
+krb5_get_init_creds_opt_set_responder
+krb5_get_init_creds_opt_set_salt
+krb5_get_init_creds_opt_set_tkt_life
+krb5_get_init_creds_password
+krb5_get_notification_message
+krb5_get_permitted_enctypes
+krb5_get_profile
+krb5_get_prompt_types
+krb5_get_realm_domain
+krb5_get_renewed_creds
+krb5_get_server_rcache
+krb5_get_tgs_ktypes
+krb5_get_time_offsets
+krb5_get_validated_creds
+krb5_init_context
+krb5_init_context_profile
+krb5_init_creds_free
+krb5_init_creds_get
+krb5_init_creds_get_creds
+krb5_init_creds_get_error
+krb5_init_creds_get_times
+krb5_init_creds_init
+krb5_init_creds_set_keytab
+krb5_init_creds_set_password
+krb5_init_creds_set_service
+krb5_init_creds_step
+krb5_init_keyblock
+krb5_init_secure_context
+krb5_is_config_principal
+krb5_is_permitted_enctype
+krb5_is_referral_realm
+krb5_is_thread_safe
+krb5_kdc_rep_decrypt_proc
+krb5_kdc_sign_ticket
+krb5_kdc_verify_ticket
+krb5_kt_add_entry
+krb5_kt_client_default
+krb5_kt_close
+krb5_kt_default
+krb5_kt_default_name
+krb5_kt_dfl_ops
+krb5_kt_dup
+krb5_kt_end_seq_get
+krb5_kt_free_entry
+krb5_kt_get_entry
+krb5_kt_get_name
+krb5_kt_get_type
+krb5_kt_have_content
+krb5_kt_next_entry
+krb5_kt_read_service_key
+krb5_kt_register
+krb5_kt_remove_entry
+krb5_kt_resolve
+krb5_kt_start_seq_get
+krb5_ktf_ops
+krb5_ktf_writable_ops
+krb5_kuserok
+krb5_lock_file
+krb5_make_authdata_kdc_issued
+krb5_make_full_ipaddr
+krb5_make_fulladdr
+krb5_marshal_credentials
+krb5_mcc_ops
+krb5_merge_authdata
+krb5_mk_1cred
+krb5_mk_error
+krb5_mk_ncred
+krb5_mk_priv
+krb5_mk_rep
+krb5_mk_rep_dce
+krb5_mk_req
+krb5_mk_req_extended
+krb5_mk_safe
+krb5_net_read
+krb5_net_write
+krb5_os_localaddr
+krb5_overridekeyname
+krb5_pac_add_buffer
+krb5_pac_free
+krb5_pac_get_buffer
+krb5_pac_get_types
+krb5_pac_init
+krb5_pac_parse
+krb5_pac_sign
+krb5_pac_sign_ext
+krb5_pac_verify
+krb5_pac_verify_ext
+krb5_pac_get_client_info
+krb5_parse_name
+krb5_parse_name_flags
+krb5_prepend_error_message
+krb5_principal2salt
+krb5_principal2salt_norealm
+krb5_principal_compare
+krb5_principal_compare_any_realm
+krb5_principal_compare_flags
+krb5_prompter_posix
+krb5_rc_default
+krb5_rc_destroy
+krb5_rc_get_lifespan
+krb5_rc_initialize
+krb5_rd_cred
+krb5_rd_error
+krb5_rd_priv
+krb5_rd_rep
+krb5_rd_rep_dce
+krb5_rd_req
+krb5_rd_req_decoded
+krb5_rd_req_decoded_anyflag
+krb5_rd_safe
+krb5_read_message
+krb5_read_password
+krb5_realm_compare
+krb5_recvauth
+krb5_recvauth_version
+krb5_responder_get_challenge
+krb5_responder_list_questions
+krb5_responder_set_answer
+krb5_responder_otp_get_challenge
+krb5_responder_otp_set_answer
+krb5_responder_otp_challenge_free
+krb5_responder_pkinit_get_challenge
+krb5_responder_pkinit_set_answer
+krb5_responder_pkinit_challenge_free
+krb5_salttype_to_string
+krb5_sendauth
+krb5_sendto_kdc
+krb5_ser_pack_bytes
+krb5_ser_pack_int32
+krb5_ser_pack_int64
+krb5_ser_unpack_bytes
+krb5_ser_unpack_int32
+krb5_ser_unpack_int64
+krb5_server_decrypt_ticket_keytab
+krb5_set_config_files
+krb5_set_debugging_time
+krb5_set_default_realm
+krb5_set_default_tgs_enctypes
+krb5_set_default_tgs_ktypes
+krb5_set_error_message
+krb5_set_password
+krb5_set_password_using_ccache
+krb5_set_principal_realm
+krb5_set_real_time
+krb5_set_kdc_send_hook
+krb5_set_kdc_recv_hook
+krb5_set_time_offsets
+krb5_set_trace_callback
+krb5_set_trace_filename
+krb5_sname_match
+krb5_sname_to_principal
+krb5_string_to_deltat
+krb5_string_to_salttype
+krb5_string_to_timestamp
+krb5int_tgtname
+krb5_tkt_creds_free
+krb5_tkt_creds_get
+krb5_tkt_creds_get_creds
+krb5_tkt_creds_get_times
+krb5_tkt_creds_init
+krb5_tkt_creds_step
+krb5_timeofday
+krb5_timestamp_to_sfstring
+krb5_timestamp_to_string
+krb5_unlock_file
+krb5_unmarshal_credentials
+krb5_unpack_full_ipaddr
+krb5_unparse_name
+krb5_unparse_name_ext
+krb5_unparse_name_flags
+krb5_unparse_name_flags_ext
+krb5_us_timeofday
+krb5_use_natural_time
+krb5_verify_authdata_kdc_issued
+krb5_verify_init_creds
+krb5_verify_init_creds_opt_init
+krb5_verify_init_creds_opt_set_ap_req_nofail
+krb5_vprepend_error_message
+krb5_vset_error_message
+krb5_vwrap_error_message
+krb5_walk_realm_tree
+krb5_wrap_error_message
+krb5_write_message
+krb5int_accessor
+krb5int_cc_default
+krb5int_cleanup_library
+krb5int_copy_data_contents
+krb5int_copy_data_contents_add0
+krb5int_find_pa_data
+krb5int_foreach_localaddr
+krb5int_free_data_list
+krb5int_get_authdata_containee_types
+krb5int_init_context_kdc
+krb5int_initialize_library
+krb5int_parse_enctype_list
+krb5int_random_string
+krb5int_trace
+profile_abandon
+profile_add_relation
+profile_clear_relation
+profile_flush
+profile_flush_to_buffer
+profile_flush_to_file
+profile_free_buffer
+profile_free_list
+profile_get_boolean
+profile_get_integer
+profile_get_relation_names
+profile_get_string
+profile_get_subsection_names
+profile_get_values
+profile_init
+profile_init_flags
+profile_init_path
+profile_init_vtable
+profile_iterator
+profile_iterator_create
+profile_iterator_free
+profile_release
+profile_release_string
+profile_rename_section
+profile_ser_externalize
+profile_ser_internalize
+profile_ser_size
+profile_update_relation
diff --git a/krb5-1.21.3/src/lib/krb5/os/Makefile.in b/krb5-1.21.3/src/lib/krb5/os/Makefile.in
new file mode 100644
index 00000000..f523a5ac
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/Makefile.in
@@ -0,0 +1,267 @@
+mydir=lib$(S)krb5$(S)os
+BUILDTOP=$(REL)..$(S)..$(S)..
+DEFINES=-DLIBDIR=\"$(KRB5_LIBDIR)\" -DBINDIR=\"$(CLIENT_BINDIR)\" \
+	-DSBINDIR=\"$(ADMIN_BINDIR)\"
+LOCALINCLUDES= -I$(top_srcdir)/util/profile
+
+# Like RUN_TEST, but use td_krb5.conf from this directory.
+RUN_TEST_LOCAL_CONF=$(RUN_SETUP) KRB5_CONFIG=$(srcdir)/td_krb5.conf LC_ALL=C \
+	$(VALGRIND)
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=os
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+STLIBOBJS= \
+	accessor.o	\
+	c_ustime.o	\
+	ccdefname.o	\
+	changepw.o	\
+	dnsglue.o	\
+	dnssrv.o	\
+	expand_path.o	\
+	full_ipadr.o	\
+	gen_port.o	\
+	genaddrs.o	\
+	gen_rname.o	\
+	hostaddr.o	\
+	hostrealm.o	\
+	hostrealm_dns.o \
+	hostrealm_domain.o \
+	hostrealm_profile.o \
+	hostrealm_registry.o \
+	init_os_ctx.o	\
+	krbfileio.o	\
+	ktdefname.o	\
+	mk_faddr.o	\
+	localaddr.o	\
+	localauth.o	\
+	localauth_an2ln.o \
+	localauth_k5login.o \
+	localauth_names.o \
+	localauth_rule.o \
+	locate_kdc.o	\
+	lock_file.o	\
+	net_read.o	\
+	net_write.o	\
+	port2ip.o	\
+	prompter.o	\
+	read_msg.o	\
+	read_pwd.o	\
+	realm_dom.o	\
+	sendto_kdc.o	\
+	sn2princ.o	\
+        thread_safe.o   \
+	timeofday.o	\
+	toffset.o	\
+	trace.o		\
+	unlck_file.o	\
+	ustime.o	\
+	write_msg.o
+
+OBJS= \
+	$(OUTPRE)accessor.$(OBJEXT)	\
+	$(OUTPRE)c_ustime.$(OBJEXT)	\
+	$(OUTPRE)ccdefname.$(OBJEXT)	\
+	$(OUTPRE)changepw.$(OBJEXT)	\
+	$(OUTPRE)dnsglue.$(OBJEXT)	\
+	$(OUTPRE)dnssrv.$(OBJEXT)	\
+	$(OUTPRE)expand_path.$(OBJEXT)	\
+	$(OUTPRE)full_ipadr.$(OBJEXT)	\
+	$(OUTPRE)gen_port.$(OBJEXT)	\
+	$(OUTPRE)genaddrs.$(OBJEXT)	\
+	$(OUTPRE)gen_rname.$(OBJEXT)	\
+	$(OUTPRE)hostaddr.$(OBJEXT)	\
+	$(OUTPRE)hostrealm.$(OBJEXT)	\
+	$(OUTPRE)hostrealm_dns.$(OBJEXT) \
+	$(OUTPRE)hostrealm_domain.$(OBJEXT) \
+	$(OUTPRE)hostrealm_profile.$(OBJEXT) \
+	$(OUTPRE)hostrealm_registry.$(OBJEXT) \
+	$(OUTPRE)init_os_ctx.$(OBJEXT)	\
+	$(OUTPRE)krbfileio.$(OBJEXT)	\
+	$(OUTPRE)ktdefname.$(OBJEXT)	\
+	$(OUTPRE)mk_faddr.$(OBJEXT)	\
+	$(OUTPRE)localaddr.$(OBJEXT)	\
+	$(OUTPRE)localauth.$(OBJEXT)	\
+	$(OUTPRE)localauth_an2ln.$(OBJEXT) \
+	$(OUTPRE)localauth_k5login.$(OBJEXT) \
+	$(OUTPRE)localauth_names.$(OBJEXT) \
+	$(OUTPRE)localauth_rule.$(OBJEXT) \
+	$(OUTPRE)locate_kdc.$(OBJEXT)	\
+	$(OUTPRE)lock_file.$(OBJEXT)	\
+	$(OUTPRE)net_read.$(OBJEXT)	\
+	$(OUTPRE)net_write.$(OBJEXT)	\
+	$(OUTPRE)port2ip.$(OBJEXT)	\
+	$(OUTPRE)prompter.$(OBJEXT)	\
+	$(OUTPRE)read_msg.$(OBJEXT)	\
+	$(OUTPRE)read_pwd.$(OBJEXT)	\
+	$(OUTPRE)realm_dom.$(OBJEXT)	\
+	$(OUTPRE)sendto_kdc.$(OBJEXT)	\
+	$(OUTPRE)sn2princ.$(OBJEXT)	\
+        $(OUTPRE)thread_safe.$(OBJEXT)  \
+	$(OUTPRE)timeofday.$(OBJEXT)	\
+	$(OUTPRE)toffset.$(OBJEXT)	\
+	$(OUTPRE)trace.$(OBJEXT)	\
+	$(OUTPRE)unlck_file.$(OBJEXT)	\
+	$(OUTPRE)ustime.$(OBJEXT)	\
+	$(OUTPRE)write_msg.$(OBJEXT)
+
+SRCS= \
+	$(srcdir)/accessor.c    \
+	$(srcdir)/c_ustime.c	\
+	$(srcdir)/ccdefname.c	\
+	$(srcdir)/changepw.c	\
+	$(srcdir)/dnsglue.c	\
+	$(srcdir)/dnssrv.c	\
+	$(srcdir)/expand_path.c	\
+	$(srcdir)/full_ipadr.c	\
+	$(srcdir)/gen_port.c	\
+	$(srcdir)/genaddrs.c	\
+	$(srcdir)/gen_rname.c	\
+	$(srcdir)/hostaddr.c	\
+	$(srcdir)/hostrealm.c	\
+	$(srcdir)/hostrealm_dns.c \
+	$(srcdir)/hostrealm_domain.c \
+	$(srcdir)/hostrealm_profile.c \
+	$(srcdir)/hostrealm_registry.c \
+	$(srcdir)/init_os_ctx.c	\
+	$(srcdir)/krbfileio.c	\
+	$(srcdir)/ktdefname.c	\
+	$(srcdir)/mk_faddr.c	\
+	$(srcdir)/localaddr.c	\
+	$(srcdir)/localauth.c	\
+	$(srcdir)/localauth_an2ln.c \
+	$(srcdir)/localauth_k5login.c \
+	$(srcdir)/localauth_names.c \
+	$(srcdir)/localauth_rule.c \
+	$(srcdir)/locate_kdc.c	\
+	$(srcdir)/lock_file.c	\
+	$(srcdir)/net_read.c	\
+	$(srcdir)/net_write.c	\
+	$(srcdir)/prompter.c	\
+	$(srcdir)/read_msg.c	\
+	$(srcdir)/read_pwd.c	\
+	$(srcdir)/realm_dom.c	\
+	$(srcdir)/port2ip.c	\
+	$(srcdir)/sendto_kdc.c	\
+	$(srcdir)/sn2princ.c	\
+        $(srcdir)/thread_safe.c \
+	$(srcdir)/timeofday.c	\
+	$(srcdir)/toffset.c	\
+	$(srcdir)/trace.c	\
+	$(srcdir)/unlck_file.c	\
+	$(srcdir)/ustime.c	\
+	$(srcdir)/write_msg.c
+
+EXTRADEPSRCS = \
+	t_expand_path.c t_gifconf.c t_locate_kdc.c t_std_conf.c t_trace.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+shared:
+	mkdir shared
+
+TEST_PROGS= t_std_conf t_locate_kdc t_trace t_expand_path
+
+T_STD_CONF_OBJS= t_std_conf.o 
+
+T_TRACE_OBJS = t_trace.o
+
+t_std_conf: $(T_STD_CONF_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_std_conf $(T_STD_CONF_OBJS) $(KRB5_BASE_LIBS)
+
+t_localaddr: localaddr.c
+	$(CC_LINK) $(ALL_CFLAGS) -DTEST -o t_localaddr $(srcdir)/localaddr.c $(KRB5_BASE_LIBS) $(LIBS)
+
+t_locate_kdc: t_locate_kdc.o
+	$(CC_LINK) $(ALL_CFLAGS) -o t_locate_kdc t_locate_kdc.o \
+		$(KRB5_BASE_LIBS)
+t_locate_kdc.o: t_locate_kdc.c locate_kdc.c dnssrv.c dnsglue.c
+$(OUTPRE)t_locate_kdc.exe: $(OUTPRE)t_locate_kdc.obj \
+		$(KLIB) $(PLIB) $(CLIB) $(SLIB)
+	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib
+
+t_trace: $(T_TRACE_OBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_trace $(T_TRACE_OBJS) $(KRB5_BASE_LIBS)
+
+t_expand_path: t_expand_path.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_expand_path.o $(KRB5_BASE_LIBS)
+
+LCLINT=lclint
+LCLINTOPTS= -warnposix \
+	-usedef +charintliteral +ignoresigns -predboolint +boolint \
+	-exportlocal -retvalint \
+	+mod-uncon +modinternalstrict +modfilesys
+lclint-localaddr: localaddr.c
+	$(LCLINT) $(LCLINTOPTS) $(CPPFLAGS) $(LOCALINCLUDES) $(DEFS) \
+		-DTEST $(srcdir)/localaddr.c
+
+check-unix: check-unix-stdconf check-unix-locate check-unix-trace \
+	check-unix-expand check-unix-uri
+
+check-unix-stdconf: t_std_conf
+	$(RUN_TEST_LOCAL_CONF) ./t_std_conf  -d -s NEW.DEFAULT.REALM -d \
+		-D DEFAULT_REALM.TST -r bad.idea -r itar.bad.idea \
+		-r really.BAD.IDEA. -r clipper.bad.idea -r KeYEsCrOW.BaD.IDea \
+		-r pgp.good.idea -r no_domain > test.out
+	cmp test.out $(srcdir)/ref_std_conf.out
+	$(RM) test.out
+
+# The following can be overriden on the make command line if needed:
+LOCREALM = ATHENA.MIT.EDU
+SRVNAME = _kerberos._udp.athena.mit.edu.
+DIGPAT = '^_kerberos.*srv'
+NSPAT = '^_kerberos.*service'
+DIG = @DIG@
+NSLOOKUP = @NSLOOKUP@
+
+check-unix-locate: t_locate_kdc
+	if [ "$(OFFLINE)" = no ]; then \
+	    if $(DIG) $(SRVNAME) srv | grep -i $(DIGPAT) || \
+		$(NSLOOKUP) -q=srv $(SRVNAME) | grep -i $(NSPAT); then \
+		$(RUN_TEST) ./t_locate_kdc $(LOCREALM); \
+	    else \
+		echo '*** WARNING: skipped t_locate_kdc test: known DNS name not found'; \
+		echo 'Skipped t_locate_kdc test: known DNS name not found' >> $(SKIPTESTS); \
+	    fi; \
+	else \
+		echo '*** WARNING: skipped t_locate_kdc test: OFFLINE'; \
+		echo 'Skipped t_locate_kdc test: OFFLINE' >> $(SKIPTESTS); \
+	fi
+
+ASAN = @ASAN@
+check-unix-uri: t_locate_kdc
+	if [ $(HAVE_RESOLV_WRAPPER) = 0 ]; then \
+	    echo '*** WARNING: skipped t_discover_uri.py due to not using resolv_wrapper'; \
+	    echo 'Skipped URI discovery tests: resolv_wrapper 1.1.5 not found' >> $(SKIPTESTS); \
+	elif [ $(ASAN) = yes ]; then \
+	    echo '*** Skipping URI discovery tests: resolv_wrapper is incompatible with asan'; \
+	    echo 'Skipped URI discovery tests: incompatible with asan' >> $(SKIPTESTS); \
+	else \
+	    $(RUNPYTEST) $(srcdir)/t_discover_uri.py $(PYTESTFLAGS); \
+	fi
+
+check-unix-trace: t_trace
+	rm -f t_trace.out
+	KRB5_TRACE=t_trace.out ; export KRB5_TRACE ; \
+	$(RUN_TEST) ./t_trace
+	sed -e 's/^[^:]*: //' t_trace.out | cmp - $(srcdir)/t_trace.ref
+	rm -f t_trace.out
+
+check-unix-expand: t_expand_path
+	$(RUN_TEST) ./t_expand_path '%{null}' ''
+	$(RUN_TEST) ./t_expand_path ' %{BINDIR}%{LIBDIR} ' \
+		' $(CLIENT_BINDIR)$(KRB5_LIBDIR) '
+	$(RUN_TEST) ./t_expand_path \
+		'the %{animal}%{s} on the %{place}%{s}' \
+		'the frogs on the pads'
+
+clean:
+	$(RM) $(TEST_PROGS) test.out t_std_conf.o t_locate_kdc.o t_trace.o
+	$(RM) t_expand_path.o
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/os/accessor.c b/krb5-1.21.3/src/lib/krb5/os/accessor.c
new file mode 100644
index 00000000..12a39a2a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/accessor.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/accessor.c */
+/*
+ * Copyright 1990, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include "../krb/int-proto.h"
+
+/* If this trick gets used elsewhere, move it to k5-platform.h.  */
+#ifndef DESIGNATED_INITIALIZERS
+/* ANSI/ISO C 1999 supports this...  */
+#if __STDC_VERSION__ >= 199901L                       \
+    /* ...as does GCC, since version 2.something.  */ \
+    || (!defined __cplusplus && __GNUC__ >= 3)
+#define DESIGNATED_INITIALIZERS 1
+#else
+#define DESIGNATED_INITIALIZERS 0
+#endif
+#endif
+
+krb5_error_code KRB5_CALLCONV
+krb5int_accessor(krb5int_access *internals, krb5_int32 version)
+{
+    if (version == KRB5INT_ACCESS_VERSION) {
+#if DESIGNATED_INITIALIZERS
+#define S(FIELD, VAL)   .FIELD = VAL
+#if defined __GNUC__ && __STDC_VERSION__ < 199901L
+        __extension__
+#endif
+            static const krb5int_access internals_temp = {
+#else
+#define S(FIELD, VAL)   internals_temp.FIELD = VAL
+            krb5int_access internals_temp;
+#endif
+            S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
+
+#ifndef LEAN_CLIENT
+#define SC(FIELD, VAL)  S(FIELD, VAL)
+#else /* disable */
+#define SC(FIELD, VAL)  S(FIELD, 0)
+#endif
+            SC (ser_pack_int64, krb5_ser_pack_int64),
+            SC (ser_unpack_int64, krb5_ser_unpack_int64),
+#undef SC
+
+#ifdef ENABLE_LDAP
+#define SC(FIELD, VAL)  S(FIELD, VAL)
+#else
+#define SC(FIELD, VAL)  S(FIELD, 0)
+#endif
+            SC (asn1_ldap_encode_sequence_of_keys, krb5int_ldap_encode_sequence_of_keys),
+            SC (asn1_ldap_decode_sequence_of_keys, krb5int_ldap_decode_sequence_of_keys),
+#undef SC
+
+#ifndef DISABLE_PKINIT
+#define SC(FIELD, VAL)  S(FIELD, VAL)
+#else /* disable */
+#define SC(FIELD, VAL)  S(FIELD, 0)
+#endif
+            SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req),
+            SC (encode_krb5_pa_pk_as_rep, encode_krb5_pa_pk_as_rep),
+            SC (encode_krb5_auth_pack, encode_krb5_auth_pack),
+            SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info),
+            SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack),
+            SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers),
+            SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters),
+            SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req),
+            SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep),
+            SC (decode_krb5_auth_pack, decode_krb5_auth_pack),
+            SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info),
+            SC (decode_krb5_principal_name, decode_krb5_principal_name),
+            SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack),
+            SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers),
+            SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
+            SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),
+            SC (free_kdc_req, krb5_free_kdc_req),
+            SC (set_prompt_types, k5_set_prompt_types),
+#undef SC
+
+#if DESIGNATED_INITIALIZERS
+        };
+#else
+        0;
+#endif
+        *internals = internals_temp;
+        return 0;
+    }
+    return KRB5_OBSOLETE_FN;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/c_ustime.c b/krb5-1.21.3/src/lib/krb5/os/c_ustime.c
new file mode 100644
index 00000000..f69f2ea4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/c_ustime.c
@@ -0,0 +1,129 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/c_ustime.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-thread.h"
+
+k5_mutex_t krb5int_us_time_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+
+struct time_now {
+    krb5_timestamp sec;
+    krb5_int32 usec;
+};
+
+#if defined(_WIN32)
+
+/* Microsoft Windows NT and 95   (32bit)  */
+/* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */
+
+#include <time.h>
+#include <sys/timeb.h>
+#include <string.h>
+
+static krb5_error_code
+get_time_now(struct time_now *n)
+{
+    struct _timeb timeptr;
+    _ftime(&timeptr);
+    n->sec = timeptr.time;
+    n->usec = timeptr.millitm * 1000;
+    return 0;
+}
+
+#else
+
+/* Everybody else is UNIX, right?  POSIX 1996 doesn't give us
+   gettimeofday, but what real OS doesn't?  */
+
+static krb5_error_code
+get_time_now(struct time_now *n)
+{
+    struct timeval tv;
+
+    if (gettimeofday(&tv, (struct timezone *)0) == -1)
+        return errno;
+
+    n->sec = tv.tv_sec;
+    n->usec = tv.tv_usec;
+    return 0;
+}
+
+#endif
+
+static struct time_now last_time;
+
+krb5_error_code
+krb5_crypto_us_timeofday(krb5_timestamp *seconds, krb5_int32 *microseconds)
+{
+    struct time_now now;
+    krb5_error_code err;
+
+    now.sec = now.usec = 0;
+    err = get_time_now(&now);
+    if (err)
+        return err;
+
+    /* It would probably be more efficient to remove this mutex and use
+       thread-local storage for last_time.  But that could result in
+       different threads getting the same value for time, which may be
+       a technical violation of spec. */
+
+    k5_mutex_lock(&krb5int_us_time_mutex);
+    /* Just guessing: If the number of seconds hasn't changed, yet the
+       microseconds are moving backwards, we probably just got a third
+       instance of returning the same clock value from the system, so
+       the saved value was artificially incremented.
+
+       On Windows, where we get millisecond accuracy currently, that's
+       quite likely.  On UNIX, it appears that we always get new
+       microsecond values, so this case should never trigger.  */
+
+    /* Check for case where previously usec rollover caused bump in sec,
+       putting now.sec in the past.  But don't just use '<' because we
+       need to properly handle the case where the administrator intentionally
+       adjusted time backwards. */
+    if (now.sec == ts_incr(last_time.sec, -1) ||
+        (now.sec == last_time.sec && !ts_after(last_time.usec, now.usec))) {
+        /* Correct 'now' to be exactly one microsecond later than 'last_time'.
+           Note that _because_ we perform this hack, 'now' may be _earlier_
+           than 'last_time', even though the system time is monotonically
+           increasing. */
+
+        now.sec = last_time.sec;
+        now.usec = ts_incr(last_time.usec, 1);
+        if (now.usec >= 1000000) {
+            now.sec = ts_incr(now.sec, 1);
+            now.usec = 0;
+        }
+    }
+    last_time.sec = now.sec;    /* Remember for next time */
+    last_time.usec = now.usec;
+    k5_mutex_unlock(&krb5int_us_time_mutex);
+
+    *seconds = now.sec;
+    *microseconds = now.usec;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/ccdefname.c b/krb5-1.21.3/src/lib/krb5/os/ccdefname.c
new file mode 100644
index 00000000..0bf2787f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/ccdefname.c
@@ -0,0 +1,320 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/ccdefname.c - Return default credential cache name */
+/*
+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#define NEED_WINDOWS
+#include "k5-int.h"
+#include "../ccache/cc-int.h"
+#include "os-proto.h"
+#include <stdio.h>
+
+#if defined(_WIN32)
+static int get_from_registry_indirect(char *name_buf, int name_size)
+{
+    /* If the RegKRB5CCNAME variable is set, it will point to
+     * the registry key that has the name of the cache to use.
+     * The Gradient PC-DCE sets the registry key
+     * [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME]
+     * to point at the cache file name (including the FILE: prefix).
+     * By indirecting with the RegKRB5CCNAME entry in kerberos.ini,
+     * we can accommodate other versions that might set a registry
+     * variable.
+     */
+    char newkey[256];
+
+    LONG name_buf_size;
+    HKEY hkey;
+    int found = 0;
+    char *cp;
+
+    newkey[0] = 0;
+    GetPrivateProfileString(INI_FILES, "RegKRB5CCNAME", "",
+                            newkey, sizeof(newkey), KERBEROS_INI);
+    if (!newkey[0])
+        return 0;
+
+    newkey[sizeof(newkey)-1] = 0;
+    cp = strrchr(newkey,'\\');
+    if (cp) {
+        *cp = '\0'; /* split the string */
+        cp++;
+    } else
+        cp = "";
+
+    if (RegOpenKeyEx(HKEY_CURRENT_USER, newkey, 0,
+                     KEY_QUERY_VALUE, &hkey) != ERROR_SUCCESS)
+        return 0;
+
+    name_buf_size = name_size;
+    if (RegQueryValueEx(hkey, cp, 0, 0,
+                        name_buf, &name_buf_size) != ERROR_SUCCESS)
+    {
+        RegCloseKey(hkey);
+        return 0;
+    }
+
+    RegCloseKey(hkey);
+    return 1;
+}
+
+static const char *key_path = "Software\\MIT\\Kerberos5";
+static const char *value_name = "ccname";
+static int
+set_to_registry(
+    HKEY hBaseKey,
+    const char *name_buf
+)
+{
+    HRESULT result;
+    HKEY hKey;
+
+    if ((result = RegCreateKeyEx(hBaseKey, key_path, 0, NULL,
+                                 REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL,
+                                 &hKey, NULL)) != ERROR_SUCCESS) {
+        return 0;
+    }
+    if (RegSetValueEx(hKey, value_name, 0, REG_SZ, name_buf,
+                      strlen(name_buf)+1) != ERROR_SUCCESS) {
+        RegCloseKey(hKey);
+        return 0;
+    }
+    RegCloseKey(hKey);
+    return 1;
+}
+
+
+/*
+ * get_from_registry
+ *
+ * This will find the ccname in the registry.  Returns 0 on error, non-zero
+ * on success.
+ */
+
+static int
+get_from_registry(
+    HKEY hBaseKey,
+    char *name_buf,
+    int name_size
+)
+{
+    HKEY hKey;
+    DWORD name_buf_size = (DWORD)name_size;
+
+    if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE,
+                     &hKey) != ERROR_SUCCESS)
+        return 0;
+    if (RegQueryValueEx(hKey, value_name, 0, 0,
+                        name_buf, &name_buf_size) != ERROR_SUCCESS)
+    {
+        RegCloseKey(hKey);
+        return 0;
+    }
+    RegCloseKey(hKey);
+    return 1;
+}
+
+#define APPEND_KRB5CC "\\krb5cc"
+
+static int
+try_dir(
+    char* dir,
+    char* buffer,
+    int buf_len
+)
+{
+    struct _stat s;
+    if (!dir)
+        return 0;
+    if (_stat(dir, &s))
+        return 0;
+    if (!(s.st_mode & _S_IFDIR))
+        return 0;
+    if (buffer != dir) {
+        strncpy(buffer, dir, buf_len);
+        buffer[buf_len-1]='\0';
+    }
+    strncat(buffer, APPEND_KRB5CC, buf_len-strlen(buffer));
+    buffer[buf_len-1] = '\0';
+    return 1;
+}
+
+static krb5_error_code
+get_from_os_buffer(char *name_buf, unsigned int name_size)
+{
+    char *prefix = krb5_cc_dfl_ops->prefix;
+    unsigned int size;
+    char *p;
+    DWORD gle;
+
+    SetLastError(0);
+    GetEnvironmentVariable(KRB5_ENV_CCNAME, name_buf, name_size);
+    gle = GetLastError();
+    if (gle == 0)
+        return 0;
+    else if (gle != ERROR_ENVVAR_NOT_FOUND)
+        return ENOMEM;
+
+    if (get_from_registry(HKEY_CURRENT_USER,
+                          name_buf, name_size) != 0)
+        return 0;
+
+    if (get_from_registry(HKEY_LOCAL_MACHINE,
+                          name_buf, name_size) != 0)
+        return 0;
+
+    if (get_from_registry_indirect(name_buf, name_size) != 0)
+        return 0;
+
+    strncpy(name_buf, prefix, name_size - 1);
+    name_buf[name_size - 1] = 0;
+    size = name_size - strlen(prefix);
+    if (size > 0)
+        strcat(name_buf, ":");
+    size--;
+    p = name_buf + name_size - size;
+    if (!strcmp(prefix, "API")) {
+        strncpy(p, "krb5cc", size);
+    } else if (!strcmp(prefix, "FILE") || !strcmp(prefix, "STDIO")) {
+        if (!try_dir(getenv("TEMP"), p, size) &&
+            !try_dir(getenv("TMP"), p, size))
+        {
+            unsigned int len = GetWindowsDirectory(p, size);
+            name_buf[name_size - 1] = 0;
+            if (len < size - sizeof(APPEND_KRB5CC))
+                strcat(p, APPEND_KRB5CC);
+        }
+    } else {
+        strncpy(p, "default_cache_name", size);
+    }
+    name_buf[name_size - 1] = 0;
+    return 0;
+}
+
+static void
+get_from_os(krb5_context context)
+{
+    krb5_error_code err;
+    char buf[1024];
+
+    if (get_from_os_buffer(buf, sizeof(buf)) == 0)
+        context->os_context.default_ccname = strdup(buf);
+}
+
+#else /* not _WIN32 */
+
+static void
+get_from_os(krb5_context context)
+{
+    (void)k5_expand_path_tokens(context, DEFCCNAME,
+                                &context->os_context.default_ccname);
+}
+
+#endif /* not _WIN32 */
+
+#if defined(_WIN32)
+static void
+set_for_os(const char *name)
+{
+    set_to_registry(HKEY_CURRENT_USER, name);
+}
+#else
+static void
+set_for_os(const char *name)
+{
+    /* No implementation at present. */
+}
+#endif
+
+/*
+ * Set the default ccache name for all processes for the current user
+ * (and the current context)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_user_set_default_name(krb5_context context, const char *name)
+{
+    krb5_error_code err;
+
+    err = krb5_cc_set_default_name(context, name);
+    if (err)
+        return err;
+    set_for_os(name);
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_default_name(krb5_context context, const char *name)
+{
+    krb5_os_context os_ctx;
+    char *new_ccname = NULL;
+
+    if (!context || context->magic != KV5M_CONTEXT)
+        return KV5M_CONTEXT;
+
+    if (name != NULL) {
+        new_ccname = strdup(name);
+        if (new_ccname == NULL)
+            return ENOMEM;
+    }
+
+    /* Free the old ccname and store the new one. */
+    os_ctx = &context->os_context;
+    free(os_ctx->default_ccname);
+    os_ctx->default_ccname = new_ccname;
+    return 0;
+}
+
+
+const char * KRB5_CALLCONV
+krb5_cc_default_name(krb5_context context)
+{
+    krb5_os_context os_ctx;
+    char *profstr, *envstr;
+
+    if (!context || context->magic != KV5M_CONTEXT)
+        return NULL;
+
+    os_ctx = &context->os_context;
+    if (os_ctx->default_ccname != NULL)
+        return os_ctx->default_ccname;
+
+    /* Try the environment variable first. */
+    envstr = secure_getenv(KRB5_ENV_CCNAME);
+    if (envstr != NULL) {
+        os_ctx->default_ccname = strdup(envstr);
+        return os_ctx->default_ccname;
+    }
+
+    if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_DEFAULT_CCACHE_NAME, NULL, NULL,
+                           &profstr) == 0 && profstr != NULL) {
+        (void)k5_expand_path_tokens(context, profstr, &os_ctx->default_ccname);
+        profile_release_string(profstr);
+        return os_ctx->default_ccname;
+    }
+
+    /* Fall back on the default ccache name for the OS. */
+    get_from_os(context);
+    return os_ctx->default_ccname;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/changepw.c b/krb5-1.21.3/src/lib/krb5/os/changepw.c
new file mode 100644
index 00000000..c5923258
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/changepw.c
@@ -0,0 +1,379 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/changepw.c */
+/*
+ * Copyright 1990,1999,2001,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5_set_password - Implements set password per RFC 3244
+ * Added by Paul W. Nelson, Thursby Software Systems, Inc.
+ * Modified by Todd Stecher, Isilon Systems, to use krb1.4 socket
+ *  infrastructure
+ */
+
+#include "k5-int.h"
+#include "fake-addrinfo.h"
+#include "os-proto.h"
+#include "../krb/auth_con.h"
+#include "../krb/int-proto.h"
+
+#include <stdio.h>
+#include <errno.h>
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+struct sendto_callback_context {
+    krb5_context        context;
+    krb5_auth_context   auth_context;
+    krb5_principal      set_password_for;
+    const char          *newpw;
+    krb5_data           ap_req;
+    krb5_ui_4           remote_seq_num, local_seq_num;
+};
+
+/*
+ * Wrapper function for the two backends
+ */
+
+static krb5_error_code
+locate_kpasswd(krb5_context context, const krb5_data *realm,
+               struct serverlist *serverlist)
+{
+    krb5_error_code code;
+
+    code = k5_locate_server(context, realm, serverlist, locate_service_kpasswd,
+                            FALSE);
+    if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
+        code = k5_locate_server(context, realm, serverlist,
+                                locate_service_kadmin, TRUE);
+        if (!code) {
+            /* Success with admin_server but now we need to change the port
+             * number to use DEFAULT_KPASSWD_PORT and the transport. */
+            size_t i;
+            for (i = 0; i < serverlist->nservers; i++) {
+                struct server_entry *s = &serverlist->servers[i];
+
+                if (s->transport == TCP)
+                    s->transport = TCP_OR_UDP;
+                if (s->hostname != NULL)
+                    s->port = DEFAULT_KPASSWD_PORT;
+                else if (s->family == AF_INET)
+                    ss2sin(&s->addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
+                else if (s->family == AF_INET6)
+                    ss2sin6(&s->addr)->sin6_port = htons(DEFAULT_KPASSWD_PORT);
+            }
+        }
+    }
+    return (code);
+}
+
+
+/**
+ * This routine is used for a callback in sendto_kdc.c code. Simply
+ * put, we need the client addr to build the krb_priv portion of the
+ * password request.
+ */
+
+
+static void
+kpasswd_sendto_msg_cleanup(void *data, krb5_data *message)
+{
+    struct sendto_callback_context *ctx = data;
+
+    krb5_free_data_contents(ctx->context, message);
+}
+
+
+static int
+kpasswd_sendto_msg_callback(SOCKET fd, void *data, krb5_data *message)
+{
+    krb5_error_code                     code = 0;
+    struct sockaddr_storage             local_addr;
+    krb5_address                        local_kaddr;
+    struct sendto_callback_context      *ctx = data;
+    GETSOCKNAME_ARG3_TYPE               addrlen;
+    krb5_data                           output;
+
+    memset (message, 0, sizeof(krb5_data));
+
+    /*
+     * We need the local addr from the connection socket
+     */
+    addrlen = sizeof(local_addr);
+
+    if (getsockname(fd, ss2sa(&local_addr), &addrlen) < 0) {
+        code = SOCKET_ERRNO;
+        goto cleanup;
+    }
+
+    /* some brain-dead OS's don't return useful information from
+     * the getsockname call.  Namely, windows and solaris.  */
+
+    if (local_addr.ss_family == AF_INET &&
+        ss2sin(&local_addr)->sin_addr.s_addr != 0) {
+        local_kaddr.addrtype = ADDRTYPE_INET;
+        local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr);
+        local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr;
+    } else if (local_addr.ss_family == AF_INET6 &&
+               memcmp(ss2sin6(&local_addr)->sin6_addr.s6_addr,
+                      in6addr_any.s6_addr, sizeof(in6addr_any.s6_addr)) != 0) {
+        local_kaddr.addrtype = ADDRTYPE_INET6;
+        local_kaddr.length = sizeof(ss2sin6(&local_addr)->sin6_addr);
+        local_kaddr.contents = (krb5_octet *) &ss2sin6(&local_addr)->sin6_addr;
+    } else {
+        krb5_address **addrs;
+
+        code = krb5_os_localaddr(ctx->context, &addrs);
+        if (code)
+            goto cleanup;
+
+        local_kaddr.magic = addrs[0]->magic;
+        local_kaddr.addrtype = addrs[0]->addrtype;
+        local_kaddr.length = addrs[0]->length;
+        local_kaddr.contents = k5memdup(addrs[0]->contents, addrs[0]->length,
+                                        &code);
+        krb5_free_addresses(ctx->context, addrs);
+        if (local_kaddr.contents == NULL)
+            goto cleanup;
+    }
+
+
+    /*
+     * TBD:  Does this tamper w/ the auth context in such a way
+     * to break us?  Yes - provide 1 per conn-state / host...
+     */
+
+
+    if ((code = krb5_auth_con_setaddrs(ctx->context, ctx->auth_context,
+                                       &local_kaddr, NULL)))
+        goto cleanup;
+
+    ctx->auth_context->remote_seq_number = ctx->remote_seq_num;
+    ctx->auth_context->local_seq_number = ctx->local_seq_num;
+
+    if (ctx->set_password_for)
+        code = krb5int_mk_setpw_req(ctx->context,
+                                    ctx->auth_context,
+                                    &ctx->ap_req,
+                                    ctx->set_password_for,
+                                    ctx->newpw,
+                                    &output);
+    else
+        code = krb5int_mk_chpw_req(ctx->context,
+                                   ctx->auth_context,
+                                   &ctx->ap_req,
+                                   ctx->newpw,
+                                   &output);
+    if (code)
+        goto cleanup;
+
+    message->length = output.length;
+    message->data = output.data;
+
+cleanup:
+    return code;
+}
+
+
+/*
+** The logic for setting and changing a password is mostly the same
+** change_set_password handles both cases
+**      if set_password_for is NULL, then a password change is performed,
+**  otherwise, the password is set for the principal indicated in set_password_for
+*/
+static krb5_error_code
+change_set_password(krb5_context context,
+                    krb5_creds *creds,
+                    const char *newpw,
+                    krb5_principal set_password_for,
+                    int *result_code,
+                    krb5_data *result_code_string,
+                    krb5_data *result_string)
+{
+    krb5_data                   chpw_rep;
+    GETSOCKNAME_ARG3_TYPE       addrlen;
+    krb5_error_code             code = 0;
+    char                        *code_string;
+    int                         local_result_code;
+
+    struct sendto_callback_context  callback_ctx;
+    struct sendto_callback_info callback_info;
+    struct sockaddr_storage     remote_addr;
+    struct serverlist           sl = SERVERLIST_INIT;
+
+    memset(&chpw_rep, 0, sizeof(krb5_data));
+    memset( &callback_ctx, 0, sizeof(struct sendto_callback_context));
+    callback_ctx.context = context;
+    callback_ctx.newpw = newpw;
+    callback_ctx.set_password_for = set_password_for;
+
+    if ((code = krb5_auth_con_init(callback_ctx.context,
+                                   &callback_ctx.auth_context)))
+        goto cleanup;
+
+    if ((code = krb5_mk_req_extended(callback_ctx.context,
+                                     &callback_ctx.auth_context,
+                                     AP_OPTS_USE_SUBKEY,
+                                     NULL,
+                                     creds,
+                                     &callback_ctx.ap_req)))
+        goto cleanup;
+
+    callback_ctx.remote_seq_num = callback_ctx.auth_context->remote_seq_number;
+    callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number;
+
+    code = locate_kpasswd(callback_ctx.context, &creds->server->realm, &sl);
+    if (code)
+        goto cleanup;
+
+    addrlen = sizeof(remote_addr);
+
+    callback_info.data = &callback_ctx;
+    callback_info.pfn_callback = kpasswd_sendto_msg_callback;
+    callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
+    krb5_free_data_contents(callback_ctx.context, &chpw_rep);
+
+    /* UDP retransmits may be seen as replays.  Only try UDP after other
+     * transports fail completely. */
+    code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm,
+                     &sl, NO_UDP, &callback_info, &chpw_rep,
+                     ss2sa(&remote_addr), &addrlen, NULL, NULL, NULL);
+    if (code == KRB5_KDC_UNREACH) {
+        code = k5_sendto(callback_ctx.context, NULL, &creds->server->realm,
+                         &sl, ONLY_UDP, &callback_info, &chpw_rep,
+                         ss2sa(&remote_addr), &addrlen, NULL, NULL, NULL);
+    }
+    if (code)
+        goto cleanup;
+
+    code = krb5int_rd_chpw_rep(callback_ctx.context,
+                               callback_ctx.auth_context,
+                               &chpw_rep, &local_result_code,
+                               result_string);
+
+    if (code)
+        goto cleanup;
+
+    if (result_code)
+        *result_code = local_result_code;
+
+    if (result_code_string) {
+        code = krb5_chpw_result_code_string(callback_ctx.context,
+                                            local_result_code,
+                                            &code_string);
+        if (code)
+            goto cleanup;
+
+        result_code_string->length = strlen(code_string);
+        result_code_string->data = malloc(result_code_string->length);
+        if (result_code_string->data == NULL) {
+            code = ENOMEM;
+            goto cleanup;
+        }
+        strncpy(result_code_string->data, code_string, result_code_string->length);
+    }
+
+cleanup:
+    if (callback_ctx.auth_context != NULL)
+        krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context);
+
+    k5_free_serverlist(&sl);
+    krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req);
+    krb5_free_data_contents(callback_ctx.context, &chpw_rep);
+
+    return(code);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_change_password(krb5_context context,
+                     krb5_creds *creds,
+                     const char *newpw,
+                     int *result_code,
+                     krb5_data *result_code_string,
+                     krb5_data *result_string)
+{
+    return change_set_password(context, creds, newpw, NULL,
+                               result_code, result_code_string, result_string );
+}
+
+/*
+ * krb5_set_password - Implements set password per RFC 3244
+ *
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_password(krb5_context context,
+                  krb5_creds *creds,
+                  const char *newpw,
+                  krb5_principal change_password_for,
+                  int *result_code,
+                  krb5_data *result_code_string,
+                  krb5_data *result_string
+)
+{
+    return change_set_password(context, creds, newpw, change_password_for,
+                               result_code, result_code_string, result_string );
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_password_using_ccache(krb5_context context,
+                               krb5_ccache ccache,
+                               const char *newpw,
+                               krb5_principal change_password_for,
+                               int *result_code,
+                               krb5_data *result_code_string,
+                               krb5_data *result_string
+)
+{
+    krb5_creds          creds;
+    krb5_creds          *credsp;
+    krb5_error_code     code;
+
+    /*
+    ** get the proper creds for use with krb5_set_password -
+    */
+    memset (&creds, 0, sizeof(creds));
+    /*
+    ** first get the principal for the password service -
+    */
+    code = krb5_cc_get_principal (context, ccache, &creds.client);
+    if (!code) {
+        code = krb5_build_principal(context, &creds.server,
+                                    change_password_for->realm.length,
+                                    change_password_for->realm.data,
+                                    "kadmin", "changepw", NULL);
+        if (!code) {
+            code = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
+            if (!code) {
+                code = krb5_set_password(context, credsp, newpw, change_password_for,
+                                         result_code, result_code_string,
+                                         result_string);
+                krb5_free_creds(context, credsp);
+            }
+        }
+        krb5_free_cred_contents(context, &creds);
+    }
+    return code;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/deps b/krb5-1.21.3/src/lib/krb5/os/deps
new file mode 100644
index 00000000..aed7792a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/deps
@@ -0,0 +1,570 @@
+#
+# Generated makefile dependencies follow.
+#
+accessor.so accessor.po $(OUTPRE)accessor.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  accessor.c os-proto.h
+c_ustime.so c_ustime.po $(OUTPRE)c_ustime.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  c_ustime.c
+ccdefname.so ccdefname.po $(OUTPRE)ccdefname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../ccache/cc-int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ccdefname.c os-proto.h
+changepw.so changepw.po $(OUTPRE)changepw.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb/auth_con.h $(srcdir)/../krb/int-proto.h \
+  $(srcdir)/../rcache/memrcache.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h changepw.c os-proto.h
+dnsglue.so dnsglue.po $(OUTPRE)dnsglue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  dnsglue.c dnsglue.h os-proto.h
+dnssrv.so dnssrv.po $(OUTPRE)dnssrv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  dnsglue.h dnssrv.c os-proto.h
+expand_path.so expand_path.po $(OUTPRE)expand_path.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h expand_path.c \
+  os-proto.h
+full_ipadr.so full_ipadr.po $(OUTPRE)full_ipadr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h full_ipadr.c os-proto.h
+gen_port.so gen_port.po $(OUTPRE)gen_port.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gen_port.c os-proto.h
+genaddrs.so genaddrs.po $(OUTPRE)genaddrs.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h genaddrs.c os-proto.h
+gen_rname.so gen_rname.po $(OUTPRE)gen_rname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gen_rname.c os-proto.h
+hostaddr.so hostaddr.po $(OUTPRE)hostaddr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h hostaddr.c os-proto.h
+hostrealm.so hostrealm.po $(OUTPRE)hostrealm.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hostrealm.c os-proto.h
+hostrealm_dns.so hostrealm_dns.po $(OUTPRE)hostrealm_dns.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hostrealm_dns.c os-proto.h
+hostrealm_domain.so hostrealm_domain.po $(OUTPRE)hostrealm_domain.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hostrealm_domain.c os-proto.h
+hostrealm_profile.so hostrealm_profile.po $(OUTPRE)hostrealm_profile.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hostrealm_profile.c os-proto.h
+hostrealm_registry.so hostrealm_registry.po $(OUTPRE)hostrealm_registry.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/hostrealm_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hostrealm_registry.c os-proto.h
+init_os_ctx.so init_os_ctx.po $(OUTPRE)init_os_ctx.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb/int-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/util/profile/prof_int.h init_os_ctx.c \
+  os-proto.h
+krbfileio.so krbfileio.po $(OUTPRE)krbfileio.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h krbfileio.c os-proto.h
+ktdefname.so ktdefname.po $(OUTPRE)ktdefname.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktdefname.c os-proto.h
+mk_faddr.so mk_faddr.po $(OUTPRE)mk_faddr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h mk_faddr.c os-proto.h
+localaddr.so localaddr.po $(OUTPRE)localaddr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/foreachaddr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h localaddr.c os-proto.h
+localauth.so localauth.po $(OUTPRE)localauth.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/localauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  localauth.c os-proto.h
+localauth_an2ln.so localauth_an2ln.po $(OUTPRE)localauth_an2ln.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/localauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  localauth_an2ln.c os-proto.h
+localauth_k5login.so localauth_k5login.po $(OUTPRE)localauth_k5login.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/localauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  localauth_k5login.c os-proto.h
+localauth_names.so localauth_names.po $(OUTPRE)localauth_names.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/localauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  localauth_names.c os-proto.h
+localauth_rule.so localauth_rule.po $(OUTPRE)localauth_rule.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/localauth_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  localauth_rule.c os-proto.h
+locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h locate_kdc.c os-proto.h
+lock_file.so lock_file.po $(OUTPRE)lock_file.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  lock_file.c
+net_read.so net_read.po $(OUTPRE)net_read.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  net_read.c
+net_write.so net_write.po $(OUTPRE)net_write.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h net_write.c os-proto.h
+prompter.so prompter.po $(OUTPRE)prompter.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h os-proto.h prompter.c
+read_msg.so read_msg.po $(OUTPRE)read_msg.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  read_msg.c
+read_pwd.so read_pwd.po $(OUTPRE)read_pwd.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  read_pwd.c
+realm_dom.so realm_dom.po $(OUTPRE)realm_dom.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  realm_dom.c
+port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h port2ip.c
+sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-tls.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h sendto_kdc.c
+sn2princ.so sn2princ.po $(OUTPRE)sn2princ.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h os-proto.h sn2princ.c
+thread_safe.so thread_safe.po $(OUTPRE)thread_safe.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  thread_safe.c
+timeofday.so timeofday.po $(OUTPRE)timeofday.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  timeofday.c
+toffset.so toffset.po $(OUTPRE)toffset.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h toffset.c
+trace.so trace.po $(OUTPRE)trace.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h trace.c
+unlck_file.so unlck_file.po $(OUTPRE)unlck_file.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  unlck_file.c
+ustime.so ustime.po $(OUTPRE)ustime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h ustime.c
+write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h os-proto.h write_msg.c
+t_expand_path.so t_expand_path.po $(OUTPRE)t_expand_path.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h os-proto.h t_expand_path.c
+t_gifconf.so t_gifconf.po $(OUTPRE)t_gifconf.$(OBJEXT): \
+  t_gifconf.c
+t_locate_kdc.so t_locate_kdc.po $(OUTPRE)t_locate_kdc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dnsglue.c dnsglue.h \
+  dnssrv.c locate_kdc.c os-proto.h t_locate_kdc.c
+t_std_conf.so t_std_conf.po $(OUTPRE)t_std_conf.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h os-proto.h t_std_conf.c
+t_trace.so t_trace.po $(OUTPRE)t_trace.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h t_trace.c
diff --git a/krb5-1.21.3/src/lib/krb5/os/dnsglue.c b/krb5-1.21.3/src/lib/krb5/os/dnsglue.c
new file mode 100644
index 00000000..668a7a69
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/dnsglue.c
@@ -0,0 +1,513 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/dnsglue.c */
+/*
+ * Copyright 2004, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+#ifdef KRB5_DNS_LOOKUP
+
+#ifndef _WIN32
+
+#include "dnsglue.h"
+#ifdef __APPLE__
+#include <dns.h>
+#endif
+
+/*
+ * Only use res_ninit() if there's also a res_ndestroy(), to avoid
+ * memory leaks (Linux & Solaris) and outright corruption (AIX 4.x,
+ * 5.x).  While we're at it, make sure res_nsearch() is there too.
+ *
+ * In any case, it is probable that platforms having broken
+ * res_ninit() will have thread safety hacks for res_init() and _res.
+ */
+
+/*
+ * Opaque handle
+ */
+struct krb5int_dns_state {
+    int nclass;
+    int ntype;
+    void *ansp;
+    int anslen;
+    int ansmax;
+#if HAVE_NS_INITPARSE
+    int cur_ans;
+    ns_msg msg;
+#else
+    unsigned char *ptr;
+    unsigned short nanswers;
+#endif
+};
+
+#if !HAVE_NS_INITPARSE
+static int initparse(struct krb5int_dns_state *);
+#endif
+
+/*
+ * Define macros to use the best available DNS search functions.  INIT_HANDLE()
+ * returns true if handle initialization is successful, false if it is not.
+ * SEARCH() returns the length of the response or -1 on error.
+ * PRIMARY_DOMAIN() returns the first search domain in allocated memory.
+ * DECLARE_HANDLE() must be used last in the declaration list since it may
+ * evaluate to nothing.
+ */
+
+#if defined(__APPLE__)
+
+/* Use the macOS interfaces dns_open, dns_search, and dns_free. */
+#define DECLARE_HANDLE(h) dns_handle_t h
+#define INIT_HANDLE(h) ((h = dns_open(NULL)) != NULL)
+#define SEARCH(h, n, c, t, a, l) dns_search(h, n, c, t, a, l, NULL, NULL)
+#define PRIMARY_DOMAIN(h) dns_search_list_domain(h, 0)
+#define DESTROY_HANDLE(h) dns_free(h)
+
+#elif HAVE_RES_NINIT && HAVE_RES_NSEARCH
+
+/* Use res_ninit, res_nsearch, and res_ndestroy or res_nclose. */
+#define DECLARE_HANDLE(h) struct __res_state h
+#define INIT_HANDLE(h) (memset(&h, 0, sizeof(h)), res_ninit(&h) == 0)
+#define SEARCH(h, n, c, t, a, l) res_nsearch(&h, n, c, t, a, l)
+#define PRIMARY_DOMAIN(h) ((h.dnsrch[0] == NULL) ? NULL : strdup(h.dnsrch[0]))
+#if HAVE_RES_NDESTROY
+#define DESTROY_HANDLE(h) res_ndestroy(&h)
+#else
+#define DESTROY_HANDLE(h) res_nclose(&h)
+#endif
+
+#else
+
+/* Use res_init and res_search. */
+#define DECLARE_HANDLE(h)
+#define INIT_HANDLE(h) (res_init() == 0)
+#define SEARCH(h, n, c, t, a, l) res_search(n, c, t, a, l)
+#define PRIMARY_DOMAIN(h) \
+    ((_res.defdname == NULL) ? NULL : strdup(_res.defdname))
+#define DESTROY_HANDLE(h)
+
+#endif
+
+/*
+ * krb5int_dns_init()
+ *
+ * Initialize an opaque handle.  Do name lookup and initial parsing of
+ * reply, skipping question section.  Prepare to iterate over answer
+ * section.  Returns -1 on error, 0 on success.
+ */
+int
+krb5int_dns_init(struct krb5int_dns_state **dsp,
+                 char *host, int nclass, int ntype)
+{
+    struct krb5int_dns_state *ds;
+    int len, ret;
+    size_t nextincr, maxincr;
+    unsigned char *p;
+    DECLARE_HANDLE(h);
+
+    *dsp = ds = malloc(sizeof(*ds));
+    if (ds == NULL)
+        return -1;
+
+    ret = -1;
+    ds->nclass = nclass;
+    ds->ntype = ntype;
+    ds->ansp = NULL;
+    ds->anslen = 0;
+    ds->ansmax = 0;
+    nextincr = 4096;
+    maxincr = INT_MAX;
+
+#if HAVE_NS_INITPARSE
+    ds->cur_ans = 0;
+#endif
+
+    if (!INIT_HANDLE(h))
+        return -1;
+
+    do {
+        p = (ds->ansp == NULL)
+            ? malloc(nextincr) : realloc(ds->ansp, nextincr);
+
+        if (p == NULL) {
+            ret = -1;
+            goto errout;
+        }
+        ds->ansp = p;
+        ds->ansmax = nextincr;
+
+        len = SEARCH(h, host, ds->nclass, ds->ntype, ds->ansp, ds->ansmax);
+        if ((size_t) len > maxincr) {
+            ret = -1;
+            goto errout;
+        }
+        while (nextincr < (size_t) len)
+            nextincr *= 2;
+        if (len < 0 || nextincr > maxincr) {
+            ret = -1;
+            goto errout;
+        }
+    } while (len > ds->ansmax);
+
+    ds->anslen = len;
+#if HAVE_NS_INITPARSE
+    ret = ns_initparse(ds->ansp, ds->anslen, &ds->msg);
+#else
+    ret = initparse(ds);
+#endif
+    if (ret < 0)
+        goto errout;
+
+    ret = 0;
+
+errout:
+    DESTROY_HANDLE(h);
+    if (ret < 0) {
+        if (ds->ansp != NULL) {
+            free(ds->ansp);
+            ds->ansp = NULL;
+        }
+    }
+
+    return ret;
+}
+
+#if HAVE_NS_INITPARSE
+/*
+ * krb5int_dns_nextans - get next matching answer record
+ *
+ * Sets pp to NULL if no more records.  Returns -1 on error, 0 on
+ * success.
+ */
+int
+krb5int_dns_nextans(struct krb5int_dns_state *ds,
+                    const unsigned char **pp, int *lenp)
+{
+    int len;
+    ns_rr rr;
+
+    *pp = NULL;
+    *lenp = 0;
+    while (ds->cur_ans < ns_msg_count(ds->msg, ns_s_an)) {
+        len = ns_parserr(&ds->msg, ns_s_an, ds->cur_ans, &rr);
+        if (len < 0)
+            return -1;
+        ds->cur_ans++;
+        if (ds->nclass == (int)ns_rr_class(rr)
+            && ds->ntype == (int)ns_rr_type(rr)) {
+            *pp = ns_rr_rdata(rr);
+            *lenp = ns_rr_rdlen(rr);
+            return 0;
+        }
+    }
+    return 0;
+}
+#endif
+
+/*
+ * krb5int_dns_expand - wrapper for dn_expand()
+ */
+int
+krb5int_dns_expand(struct krb5int_dns_state *ds, const unsigned char *p,
+                   char *buf, int len)
+{
+
+#if HAVE_NS_NAME_UNCOMPRESS
+    return ns_name_uncompress(ds->ansp,
+                              (unsigned char *)ds->ansp + ds->anslen,
+                              p, buf, (size_t)len);
+#else
+    return dn_expand(ds->ansp,
+                     (unsigned char *)ds->ansp + ds->anslen,
+                     p, buf, len);
+#endif
+}
+
+/*
+ * Free stuff.
+ */
+void
+krb5int_dns_fini(struct krb5int_dns_state *ds)
+{
+    if (ds == NULL)
+        return;
+    if (ds->ansp != NULL)
+        free(ds->ansp);
+    free(ds);
+}
+
+/*
+ * Compat routines for BIND 4
+ */
+#if !HAVE_NS_INITPARSE
+
+/*
+ * initparse
+ *
+ * Skip header and question section of reply.  Set a pointer to the
+ * beginning of the answer section, and prepare to iterate over
+ * answer records.
+ */
+static int
+initparse(struct krb5int_dns_state *ds)
+{
+    HEADER *hdr;
+    unsigned char *p;
+    unsigned short nqueries, nanswers;
+    int len;
+#if !HAVE_DN_SKIPNAME
+    char host[MAXDNAME];
+#endif
+
+    if ((size_t) ds->anslen < sizeof(HEADER))
+        return -1;
+
+    hdr = (HEADER *)ds->ansp;
+    p = ds->ansp;
+    nqueries = ntohs((unsigned short)hdr->qdcount);
+    nanswers = ntohs((unsigned short)hdr->ancount);
+    p += sizeof(HEADER);
+
+    /*
+     * Skip query records.
+     */
+    while (nqueries--) {
+#if HAVE_DN_SKIPNAME
+        len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen);
+#else
+        len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen,
+                        p, host, sizeof(host));
+#endif
+        if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len + 4))
+            return -1;
+        p += len + 4;
+    }
+    ds->ptr = p;
+    ds->nanswers = nanswers;
+    return 0;
+}
+
+/*
+ * krb5int_dns_nextans() - get next answer record
+ *
+ * Sets pp to NULL if no more records.
+ */
+int
+krb5int_dns_nextans(struct krb5int_dns_state *ds,
+                    const unsigned char **pp, int *lenp)
+{
+    int len;
+    unsigned char *p;
+    unsigned short ntype, nclass, rdlen;
+#if !HAVE_DN_SKIPNAME
+    char host[MAXDNAME];
+#endif
+
+    *pp = NULL;
+    *lenp = 0;
+    p = ds->ptr;
+
+    while (ds->nanswers--) {
+#if HAVE_DN_SKIPNAME
+        len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen);
+#else
+        len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen,
+                        p, host, sizeof(host));
+#endif
+        if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len))
+            return -1;
+        p += len;
+        SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, ntype, out);
+        /* Also skip 4 bytes of TTL */
+        SAFE_GETUINT16(ds->ansp, ds->anslen, p, 6, nclass, out);
+        SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, rdlen, out);
+
+        if (!INCR_OK(ds->ansp, ds->anslen, p, rdlen))
+            return -1;
+        if (rdlen > INT_MAX)
+            return -1;
+        if (nclass == ds->nclass && ntype == ds->ntype) {
+            *pp = p;
+            *lenp = rdlen;
+            ds->ptr = p + rdlen;
+            return 0;
+        }
+        p += rdlen;
+    }
+    return 0;
+out:
+    return -1;
+}
+
+#endif /* !HAVE_NS_INITPARSE */
+#endif /* not _WIN32 */
+
+/* Construct a DNS label of the form "prefix[.name.]".  name may be NULL. */
+static char *
+txt_lookup_name(const char *prefix, const char *name)
+{
+    struct k5buf buf;
+
+    k5_buf_init_dynamic(&buf);
+
+    if (name == NULL || name[0] == '\0') {
+        k5_buf_add(&buf, prefix);
+    } else {
+        k5_buf_add_fmt(&buf, "%s.%s", prefix, name);
+
+        /*
+         * Realm names don't (normally) end with ".", but if the query doesn't
+         * end with "." and doesn't get an answer as is, the resolv code will
+         * try appending the local domain.  Since the realm names are
+         * absolutes, let's stop that.
+         *
+         * But only if a name has been specified.  If we are performing a
+         * search on the prefix alone then the intention is to allow the local
+         * domain or domain search lists to be expanded.
+         */
+
+        if (buf.len > 0 && ((char *)buf.data)[buf.len - 1] != '.')
+            k5_buf_add(&buf, ".");
+    }
+
+    return k5_buf_cstring(&buf);
+}
+
+/*
+ * Try to look up a TXT record pointing to a Kerberos realm
+ */
+
+#ifdef _WIN32
+
+#include <windns.h>
+
+krb5_error_code
+k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
+                    char **realm)
+{
+    krb5_error_code ret = 0;
+    char *txtname = NULL;
+    PDNS_RECORD rr = NULL;
+    DNS_STATUS st;
+
+    *realm = NULL;
+
+    txtname = txt_lookup_name(prefix, name);
+    if (txtname == NULL)
+        return ENOMEM;
+
+    st = DnsQuery_UTF8(txtname, DNS_TYPE_TEXT, DNS_QUERY_STANDARD, NULL,
+                       &rr, NULL);
+    if (st != ERROR_SUCCESS || rr == NULL) {
+        TRACE_TXT_LOOKUP_NOTFOUND(context, txtname);
+        ret = KRB5_ERR_HOST_REALM_UNKNOWN;
+        goto cleanup;
+    }
+
+    *realm = strdup(rr->Data.TXT.pStringArray[0]);
+    if (*realm == NULL)
+        ret = ENOMEM;
+    TRACE_TXT_LOOKUP_SUCCESS(context, txtname, *realm);
+
+cleanup:
+    free(txtname);
+    if (rr != NULL)
+        DnsRecordListFree(rr, DnsFreeRecordList);
+    return ret;
+}
+
+char *
+k5_primary_domain()
+{
+    return NULL;
+}
+
+#else /* _WIN32 */
+
+krb5_error_code
+k5_try_realm_txt_rr(krb5_context context, const char *prefix, const char *name,
+                    char **realm)
+{
+    krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN;
+    const unsigned char *p, *base;
+    char *txtname = NULL;
+    int ret, rdlen, len;
+    struct krb5int_dns_state *ds = NULL;
+
+    /*
+     * Form our query, and send it via DNS
+     */
+
+    txtname = txt_lookup_name(prefix, name);
+    if (txtname == NULL)
+        return ENOMEM;
+    ret = krb5int_dns_init(&ds, txtname, C_IN, T_TXT);
+    if (ret < 0) {
+        TRACE_TXT_LOOKUP_NOTFOUND(context, txtname);
+        goto errout;
+    }
+
+    ret = krb5int_dns_nextans(ds, &base, &rdlen);
+    if (ret < 0 || base == NULL)
+        goto errout;
+
+    p = base;
+    if (!INCR_OK(base, rdlen, p, 1))
+        goto errout;
+    len = *p++;
+    *realm = malloc((size_t)len + 1);
+    if (*realm == NULL) {
+        retval = ENOMEM;
+        goto errout;
+    }
+    strncpy(*realm, (const char *)p, (size_t)len);
+    (*realm)[len] = '\0';
+    /* Avoid a common error. */
+    if ( (*realm)[len-1] == '.' )
+        (*realm)[len-1] = '\0';
+    retval = 0;
+    TRACE_TXT_LOOKUP_SUCCESS(context, txtname, *realm);
+
+errout:
+    krb5int_dns_fini(ds);
+    free(txtname);
+    return retval;
+}
+
+char *
+k5_primary_domain()
+{
+    char *domain;
+    DECLARE_HANDLE(h);
+
+    if (!INIT_HANDLE(h))
+        return NULL;
+    domain = PRIMARY_DOMAIN(h);
+    DESTROY_HANDLE(h);
+    return domain;
+}
+
+#endif /* not _WIN32 */
+#endif /* KRB5_DNS_LOOKUP */
diff --git a/krb5-1.21.3/src/lib/krb5/os/dnsglue.h b/krb5-1.21.3/src/lib/krb5/os/dnsglue.h
new file mode 100644
index 00000000..9e987352
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/dnsglue.h
@@ -0,0 +1,156 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/dnsglue.h */
+/*
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Glue layer for DNS resolver, to make parsing of replies easier
+ * whether we are using BIND 4, 8, or 9.  This header is not used on
+ * Windows.
+ */
+
+/*
+ * BIND 4 doesn't have the ns_initparse() API, so we need to do some
+ * manual parsing via the HEADER struct.  BIND 8 does have
+ * ns_initparse(), but has enums for the various protocol constants
+ * rather than the BIND 4 macros.  BIND 9 (at least on macOS 10.3)
+ * appears to disable res_nsearch() if BIND_8_COMPAT is defined
+ * (which is necessary to obtain the HEADER struct).
+ *
+ * We use ns_initparse() if available at all, and never define
+ * BIND_8_COMPAT.  If there is no ns_initparse(), we do manual parsing
+ * by using the HEADER struct.
+ */
+
+#ifndef KRB5_DNSGLUE_H
+#define KRB5_DNSGLUE_H
+
+#include "autoconf.h"
+#ifdef KRB5_DNS_LOOKUP
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#include <netdb.h>
+
+#if HAVE_SYS_PARAM_H
+#include <sys/param.h>          /* for MAXHOSTNAMELEN */
+#endif
+
+#ifndef MAXDNAME
+
+#ifdef NS_MAXDNAME
+#define MAXDNAME NS_MAXDNAME
+#else
+#ifdef MAXLABEL
+#define MAXDNAME (16 * MAXLABEL)
+#else
+#define MAXDNAME (16 * MAXHOSTNAMELEN)
+#endif
+#endif
+
+#endif
+
+#if HAVE_NS_INITPARSE
+/*
+ * Solaris 7 has ns_rr_cl rather than ns_rr_class.
+ */
+#if !defined(ns_rr_class) && defined(ns_rr_cl)
+#define ns_rr_class ns_rr_cl
+#endif
+#endif
+
+#if HAVE_RES_NSEARCH
+/*
+ * Some BIND 8 / BIND 9 implementations disable the BIND 4 style
+ * constants.
+ */
+#ifndef C_IN
+#define C_IN ns_c_in
+#endif
+#ifndef T_SRV
+#define T_SRV ns_t_srv
+#endif
+#ifndef T_TXT
+#define T_TXT ns_t_txt
+#endif
+
+#else  /* !HAVE_RES_NSEARCH */
+
+/*
+ * Some BIND implementations might be old enough to lack these.
+ */
+#ifndef T_TXT
+#define T_TXT 15
+#endif
+#ifndef T_SRV
+#define T_SRV 33
+#endif
+
+#endif /* HAVE_RES_NSEARCH */
+
+#ifndef T_URI
+#define T_URI 256
+#endif
+
+/*
+ * INCR_OK
+ *
+ * Given moving pointer PTR offset from BASE, return true if adding
+ * INCR to PTR doesn't move it PTR than MAX bytes from BASE.
+ */
+#define INCR_OK(base, max, ptr, incr)                           \
+    ((incr) <= (max) - ((const unsigned char *)(ptr)            \
+                        - (const unsigned char *)(base)))
+
+/*
+ * SAFE_GETUINT16
+ *
+ * Given PTR offset from BASE, if at least INCR bytes are safe to
+ * read, get network byte order uint16 into S, and increment PTR.  On
+ * failure, goto LABEL.
+ */
+
+#define SAFE_GETUINT16(base, max, ptr, incr, s, label)  \
+    do {                                                \
+        if (!INCR_OK(base, max, ptr, incr)) goto label; \
+        (s) = (unsigned short)(ptr)[0] << 8             \
+            | (unsigned short)(ptr)[1];                 \
+        (ptr) += (incr);                                \
+    } while (0)
+
+struct krb5int_dns_state;
+
+int krb5int_dns_init(struct krb5int_dns_state **, char *, int, int);
+int krb5int_dns_nextans(struct krb5int_dns_state *,
+                        const unsigned char **, int *);
+int krb5int_dns_expand(struct krb5int_dns_state *,
+                       const unsigned char *, char *, int);
+void krb5int_dns_fini(struct krb5int_dns_state *);
+
+#endif /* KRB5_DNS_LOOKUP */
+#endif /* !defined(KRB5_DNSGLUE_H) */
diff --git a/krb5-1.21.3/src/lib/krb5/os/dnssrv.c b/krb5-1.21.3/src/lib/krb5/os/dnssrv.c
new file mode 100644
index 00000000..62d6d137
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/dnssrv.c
@@ -0,0 +1,327 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/dnssrv.c - Perform DNS SRV queries */
+/*
+ * Copyright 1990,2000,2001,2002,2003 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#ifdef KRB5_DNS_LOOKUP
+#include "k5-int.h"
+#include "os-proto.h"
+
+/*
+ * Lookup a KDC via DNS SRV records
+ */
+
+void
+krb5int_free_srv_dns_data (struct srv_dns_entry *p)
+{
+    struct srv_dns_entry *next;
+    while (p) {
+        next = p->next;
+        free(p->host);
+        free(p);
+        p = next;
+    }
+}
+
+/* Construct a DNS label of the form "service.[protocol.]realm.".  protocol may
+ * be NULL. */
+static char *
+make_lookup_name(const krb5_data *realm, const char *service,
+                 const char *protocol)
+{
+    struct k5buf buf;
+
+    if (memchr(realm->data, 0, realm->length))
+        return NULL;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_fmt(&buf, "%s.", service);
+    if (protocol != NULL)
+        k5_buf_add_fmt(&buf, "%s.", protocol);
+    k5_buf_add_len(&buf, realm->data, realm->length);
+
+    /*
+     * Realm names don't (normally) end with ".", but if the query doesn't end
+     * with "." and doesn't get an answer as is, the resolv code will try
+     * appending the local domain.  Since the realm names are absolutes, let's
+     * stop that.
+     */
+
+    if (buf.len > 0 && ((char *)buf.data)[buf.len - 1] != '.')
+        k5_buf_add(&buf, ".");
+
+    return k5_buf_cstring(&buf);
+}
+
+/* Insert new into the list *head, ordering by priority.  Weight is not
+ * currently used. */
+static void
+place_srv_entry(struct srv_dns_entry **head, struct srv_dns_entry *new)
+{
+    struct srv_dns_entry *entry;
+
+    if (*head == NULL || (*head)->priority > new->priority) {
+        new->next = *head;
+        *head = new;
+        return;
+    }
+
+    for (entry = *head; entry != NULL; entry = entry->next) {
+        /*
+         * Insert an entry into the next spot if there is no next entry (we're
+         * at the end), or if the next entry has a higher priority (lower
+         * priorities are preferred).
+         */
+        if (entry->next == NULL || entry->next->priority > new->priority) {
+            new->next = entry->next;
+            entry->next = new;
+            break;
+        }
+    }
+}
+
+#ifdef _WIN32
+
+#include <windns.h>
+
+krb5_error_code
+k5_make_uri_query(krb5_context context, const krb5_data *realm,
+                  const char *service, struct srv_dns_entry **answers)
+{
+    /* Windows does not currently support the URI record type or make it
+     * possible to query for a record type it does not have support for. */
+    *answers = NULL;
+    return 0;
+}
+
+krb5_error_code
+krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
+                             const char *service, const char *protocol,
+                             struct srv_dns_entry **answers)
+{
+    char *name = NULL;
+    DNS_STATUS st;
+    PDNS_RECORD records, rr;
+    struct srv_dns_entry *head = NULL, *srv = NULL;
+
+    *answers = NULL;
+
+    name = make_lookup_name(realm, service, protocol);
+    if (name == NULL)
+        return 0;
+
+    TRACE_DNS_SRV_SEND(context, name);
+
+    st = DnsQuery_UTF8(name, DNS_TYPE_SRV, DNS_QUERY_STANDARD, NULL, &records,
+                       NULL);
+    if (st != ERROR_SUCCESS)
+        return 0;
+
+    for (rr = records; rr != NULL; rr = rr->pNext) {
+        if (rr->wType != DNS_TYPE_SRV)
+            continue;
+
+        srv = malloc(sizeof(struct srv_dns_entry));
+        if (srv == NULL)
+            goto cleanup;
+
+        srv->priority = rr->Data.SRV.wPriority;
+        srv->weight = rr->Data.SRV.wWeight;
+        srv->port = rr->Data.SRV.wPort;
+        /* Make sure the name looks fully qualified to the resolver. */
+        if (asprintf(&srv->host, "%s.", rr->Data.SRV.pNameTarget) < 0) {
+            free(srv);
+            goto cleanup;
+        }
+
+        TRACE_DNS_SRV_ANS(context, srv->host, srv->port, srv->priority,
+                          srv->weight);
+        place_srv_entry(&head, srv);
+    }
+
+cleanup:
+    free(name);
+    if (records != NULL)
+        DnsRecordListFree(records, DnsFreeRecordList);
+    *answers = head;
+    return 0;
+}
+
+#else /* _WIN32 */
+
+#include "dnsglue.h"
+
+/* Query the URI RR, collecting weight, priority, and target. */
+krb5_error_code
+k5_make_uri_query(krb5_context context, const krb5_data *realm,
+                  const char *service, struct srv_dns_entry **answers)
+{
+    const unsigned char *p = NULL, *base = NULL;
+    char *name = NULL;
+    int size, ret, rdlen;
+    unsigned short priority, weight;
+    struct krb5int_dns_state *ds = NULL;
+    struct srv_dns_entry *head = NULL, *uri = NULL;
+
+    *answers = NULL;
+
+    /* Construct service.realm. */
+    name = make_lookup_name(realm, service, NULL);
+    if (name == NULL)
+        return 0;
+
+    TRACE_DNS_URI_SEND(context, name);
+
+    size = krb5int_dns_init(&ds, name, C_IN, T_URI);
+    if (size < 0)
+        goto out;
+
+    for (;;) {
+        ret = krb5int_dns_nextans(ds, &base, &rdlen);
+        if (ret < 0 || base == NULL)
+            goto out;
+
+        p = base;
+
+        SAFE_GETUINT16(base, rdlen, p, 2, priority, out);
+        SAFE_GETUINT16(base, rdlen, p, 2, weight, out);
+
+        uri = k5alloc(sizeof(*uri), &ret);
+        if (uri == NULL)
+            goto out;
+
+        uri->priority = priority;
+        uri->weight = weight;
+        /* rdlen - 4 bytes remain after the priority and weight. */
+        uri->host = k5memdup0(p, rdlen - 4, &ret);
+        if (uri->host == NULL) {
+            free(uri);
+            goto out;
+        }
+
+        TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight);
+        place_srv_entry(&head, uri);
+    }
+
+out:
+    krb5int_dns_fini(ds);
+    free(name);
+    *answers = head;
+    return 0;
+}
+
+/*
+ * Do DNS SRV query, return results in *answers.
+ *
+ * Make a best effort to return all the data we can.  On memory or decoding
+ * errors, just return what we've got.  Always return 0, currently.
+ */
+
+krb5_error_code
+krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
+                             const char *service, const char *protocol,
+                             struct srv_dns_entry **answers)
+{
+    const unsigned char *p = NULL, *base = NULL;
+    char *name = NULL, host[MAXDNAME];
+    int size, ret, rdlen, nlen;
+    unsigned short priority, weight, port;
+    struct krb5int_dns_state *ds = NULL;
+    struct srv_dns_entry *head = NULL, *srv = NULL;
+
+    /*
+     * First off, build a query of the form:
+     *
+     * service.protocol.realm
+     *
+     * which will most likely be something like:
+     *
+     * _kerberos._udp.REALM
+     *
+     */
+
+    name = make_lookup_name(realm, service, protocol);
+    if (name == NULL)
+        return 0;
+
+    TRACE_DNS_SRV_SEND(context, name);
+
+    size = krb5int_dns_init(&ds, name, C_IN, T_SRV);
+    if (size < 0)
+        goto out;
+
+    for (;;) {
+        ret = krb5int_dns_nextans(ds, &base, &rdlen);
+        if (ret < 0 || base == NULL)
+            goto out;
+
+        p = base;
+
+        SAFE_GETUINT16(base, rdlen, p, 2, priority, out);
+        SAFE_GETUINT16(base, rdlen, p, 2, weight, out);
+        SAFE_GETUINT16(base, rdlen, p, 2, port, out);
+
+        /*
+         * RFC 2782 says the target is never compressed in the reply;
+         * do we believe that?  We need to flatten it anyway, though.
+         */
+        nlen = krb5int_dns_expand(ds, p, host, sizeof(host));
+        if (nlen < 0 || !INCR_OK(base, rdlen, p, nlen))
+            goto out;
+
+        /*
+         * We got everything!  Insert it into our list, but make sure
+         * it's in the right order.  Right now we don't do anything
+         * with the weight field
+         */
+
+        srv = malloc(sizeof(struct srv_dns_entry));
+        if (srv == NULL)
+            goto out;
+
+        srv->priority = priority;
+        srv->weight = weight;
+        srv->port = port;
+        /* The returned names are fully qualified.  Don't let the
+         * local resolver code do domain search path stuff. */
+        if (asprintf(&srv->host, "%s.", host) < 0) {
+            free(srv);
+            goto out;
+        }
+
+        TRACE_DNS_SRV_ANS(context, srv->host, srv->port, srv->priority,
+                          srv->weight);
+        place_srv_entry(&head, srv);
+    }
+
+out:
+    krb5int_dns_fini(ds);
+    free(name);
+    *answers = head;
+    return 0;
+}
+
+#endif /* not _WIN32 */
+#endif /* KRB5_DNS_LOOKUP */
diff --git a/krb5-1.21.3/src/lib/krb5/os/expand_path.c b/krb5-1.21.3/src/lib/krb5/os/expand_path.c
new file mode 100644
index 00000000..5cbccf08
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/expand_path.c
@@ -0,0 +1,544 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/expand_path.c - Parameterized path expansion facility */
+/*
+ * Copyright (c) 2009, Secure Endpoints Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+typedef int PTYPE;
+
+#ifdef _WIN32
+#include <shlobj.h>
+#include <sddl.h>
+
+/*
+ * Expand a %{TEMP} token
+ *
+ * The %{TEMP} token expands to the temporary path for the current
+ * user as returned by GetTempPath().
+ *
+ * @note: Since the GetTempPath() function relies on the TMP or TEMP
+ * environment variables, this function will failover to the system
+ * temporary directory until the user profile is loaded.  In addition,
+ * the returned path may or may not exist.
+ */
+static krb5_error_code
+expand_temp_folder(krb5_context context, PTYPE param, const char *postfix,
+                   char **ret)
+{
+    TCHAR tpath[MAX_PATH];
+    size_t len;
+
+    if (!GetTempPath(sizeof(tpath) / sizeof(tpath[0]), tpath)) {
+        k5_setmsg(context, EINVAL, "Failed to get temporary path (GLE=%d)",
+                  GetLastError());
+        return EINVAL;
+    }
+
+    len = strlen(tpath);
+
+    if (len > 0 && tpath[len - 1] == '\\')
+        tpath[len - 1] = '\0';
+
+    *ret = strdup(tpath);
+
+    if (*ret == NULL)
+        return ENOMEM;
+
+    return 0;
+}
+
+/*
+ * Expand a %{BINDIR} token
+ *
+ * This is also used to expand a few other tokens on Windows, since
+ * most of the executable binaries end up in the same directory.  The
+ * "bin" directory is considered to be the directory in which the
+ * krb5.dll is located.
+ */
+static krb5_error_code
+expand_bin_dir(krb5_context context, PTYPE param, const char *postfix,
+               char **ret)
+{
+    TCHAR path[MAX_PATH];
+    TCHAR *lastSlash;
+    DWORD nc;
+
+    nc = GetModuleFileName(get_lib_instance(), path,
+                           sizeof(path) / sizeof(path[0]));
+    if (nc == 0 ||
+        nc == sizeof(path) / sizeof(path[0])) {
+        return EINVAL;
+    }
+
+    lastSlash = strrchr(path, '\\');
+    if (lastSlash != NULL) {
+        TCHAR *fslash = strrchr(lastSlash, '/');
+
+        if (fslash != NULL)
+            lastSlash = fslash;
+
+        *lastSlash = '\0';
+    }
+
+    if (postfix) {
+        if (strlcat(path, postfix, sizeof(path) / sizeof(path[0])) >=
+            sizeof(path) / sizeof(path[0]))
+            return EINVAL;
+    }
+
+    *ret = strdup(path);
+    if (*ret == NULL)
+        return ENOMEM;
+
+    return 0;
+}
+
+/*
+ *  Expand a %{USERID} token
+ *
+ *  The %{USERID} token expands to the string representation of the
+ *  user's SID.  The user account that will be used is the account
+ *  corresponding to the current thread's security token.  This means
+ *  that:
+ *
+ *  - If the current thread token has the anonymous impersonation
+ *    level, the call will fail.
+ *
+ *  - If the current thread is impersonating a token at
+ *    SecurityIdentification level the call will fail.
+ *
+ */
+static krb5_error_code
+expand_userid(krb5_context context, PTYPE param, const char *postfix,
+              char **ret)
+{
+    int rv = EINVAL;
+    HANDLE hThread = NULL;
+    HANDLE hToken = NULL;
+    PTOKEN_OWNER pOwner = NULL;
+    DWORD len = 0;
+    LPTSTR strSid = NULL;
+
+    hThread = GetCurrentThread();
+
+    if (!OpenThreadToken(hThread, TOKEN_QUERY,
+                         FALSE, /* Open the thread token as the
+                                   current thread user. */
+                         &hToken)) {
+
+        DWORD le = GetLastError();
+
+        if (le == ERROR_NO_TOKEN) {
+            HANDLE hProcess = GetCurrentProcess();
+
+            le = 0;
+            if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
+                le = GetLastError();
+        }
+
+        if (le != 0) {
+            k5_setmsg(context, rv, "Can't open thread token (GLE=%d)", le);
+            goto cleanup;
+        }
+    }
+
+    if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &len)) {
+        if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+            k5_setmsg(context, rv,
+                      "Unexpected error reading token information (GLE=%d)",
+                      GetLastError());
+            goto cleanup;
+        }
+
+        if (len == 0) {
+            k5_setmsg(context, rv,
+                      "GetTokenInformation() returned truncated buffer");
+            goto cleanup;
+        }
+
+        pOwner = malloc(len);
+        if (pOwner == NULL) {
+            rv = ENOMEM;
+            goto cleanup;
+        }
+    } else {
+        k5_setmsg(context, rv,
+                  "GetTokenInformation() returned truncated buffer");
+        goto cleanup;
+    }
+
+    if (!GetTokenInformation(hToken, TokenOwner, pOwner, len, &len)) {
+        k5_setmsg(context, rv,
+                  "GetTokenInformation() failed.  GLE=%d", GetLastError());
+        goto cleanup;
+    }
+
+    if (!ConvertSidToStringSid(pOwner->Owner, &strSid)) {
+        k5_setmsg(context, rv,
+                  "Can't convert SID to string.  GLE=%d", GetLastError());
+        goto cleanup;
+    }
+
+    *ret = strdup(strSid);
+    if (*ret == NULL) {
+        rv = ENOMEM;
+        goto cleanup;
+    }
+
+    rv = 0;
+
+cleanup:
+    if (hToken != NULL)
+        CloseHandle(hToken);
+
+    if (pOwner != NULL)
+        free(pOwner);
+
+    if (strSid != NULL)
+        LocalFree(strSid);
+
+    return rv;
+}
+
+/*
+ * Expand a folder identified by a CSIDL
+ */
+static krb5_error_code
+expand_csidl(krb5_context context, PTYPE folder, const char *postfix,
+             char **ret)
+{
+    TCHAR path[MAX_PATH];
+    size_t len;
+
+    if (SHGetFolderPath(NULL, folder, NULL, SHGFP_TYPE_CURRENT,
+                        path) != S_OK) {
+        k5_setmsg(context, EINVAL, "Unable to determine folder path");
+        return EINVAL;
+    }
+
+    len = strlen(path);
+
+    if (len > 0 && path[len - 1] == '\\')
+        path[len - 1] = '\0';
+
+    if (postfix &&
+        strlcat(path, postfix, sizeof(path) / sizeof(path[0])) >=
+        sizeof(path)/sizeof(path[0]))
+        return ENOMEM;
+
+    *ret = strdup(path);
+    if (*ret == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+#else /* not _WIN32 */
+#include <pwd.h>
+
+static krb5_error_code
+expand_path(krb5_context context, PTYPE param, const char *postfix, char **ret)
+{
+    *ret = strdup(postfix);
+    if (*ret == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+static krb5_error_code
+expand_temp_folder(krb5_context context, PTYPE param, const char *postfix,
+                   char **ret)
+{
+    const char *p = NULL;
+
+    if (context == NULL || !context->profile_secure)
+        p = secure_getenv("TMPDIR");
+    *ret = strdup((p != NULL) ? p : "/tmp");
+    if (*ret == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+static krb5_error_code
+expand_userid(krb5_context context, PTYPE param, const char *postfix,
+              char **str)
+{
+    if (asprintf(str, "%lu", (unsigned long)getuid()) < 0)
+        return ENOMEM;
+    return 0;
+}
+
+static krb5_error_code
+expand_euid(krb5_context context, PTYPE param, const char *postfix, char **str)
+{
+    if (asprintf(str, "%lu", (unsigned long)geteuid()) < 0)
+        return ENOMEM;
+    return 0;
+}
+
+static krb5_error_code
+expand_username(krb5_context context, PTYPE param, const char *postfix,
+                char **str)
+{
+    uid_t euid = geteuid();
+    struct passwd *pw, pwx;
+    char pwbuf[BUFSIZ];
+
+    if (k5_getpwuid_r(euid, &pwx, pwbuf, sizeof(pwbuf), &pw) != 0) {
+        k5_setmsg(context, ENOENT, _("Can't find username for uid %lu"),
+                  (unsigned long)euid);
+        return ENOENT;
+    }
+    *str = strdup(pw->pw_name);
+    if (*str == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+#endif /* not _WIN32 */
+
+/*
+ * Expand an extra token
+ */
+static krb5_error_code
+expand_extra_token(krb5_context context, const char *value, char **ret)
+{
+    *ret = strdup(value);
+    if (*ret == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+/*
+ * Expand a %{null} token
+ *
+ * The expansion of a %{null} token is always the empty string.
+ */
+static krb5_error_code
+expand_null(krb5_context context, PTYPE param, const char *postfix, char **ret)
+{
+    *ret = strdup("");
+    if (*ret == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+static const struct {
+    const char *tok;
+    PTYPE param;
+    const char *postfix;
+    int (*exp_func)(krb5_context, PTYPE, const char *, char **);
+} tokens[] = {
+#ifdef _WIN32
+    /* Roaming application data (for current user) */
+    {"APPDATA", CSIDL_APPDATA, NULL, expand_csidl},
+    /* Application data (all users) */
+    {"COMMON_APPDATA", CSIDL_COMMON_APPDATA, NULL, expand_csidl},
+    /* Local application data (for current user) */
+    {"LOCAL_APPDATA", CSIDL_LOCAL_APPDATA, NULL, expand_csidl},
+    /* Windows System folder (e.g. %WINDIR%\System32) */
+    {"SYSTEM", CSIDL_SYSTEM, NULL, expand_csidl},
+    /* Windows folder */
+    {"WINDOWS", CSIDL_WINDOWS, NULL, expand_csidl},
+    /* Per user MIT krb5 configuration file directory */
+    {"USERCONFIG", CSIDL_APPDATA, "\\MIT\\Kerberos5",
+     expand_csidl},
+    /* Common MIT krb5 configuration file directory */
+    {"COMMONCONFIG", CSIDL_COMMON_APPDATA, "\\MIT\\Kerberos5",
+     expand_csidl},
+    {"LIBDIR", 0, NULL, expand_bin_dir},
+    {"BINDIR", 0, NULL, expand_bin_dir},
+    {"SBINDIR", 0, NULL, expand_bin_dir},
+    {"euid", 0, NULL, expand_userid},
+#else
+    {"LIBDIR", 0, LIBDIR, expand_path},
+    {"BINDIR", 0, BINDIR, expand_path},
+    {"SBINDIR", 0, SBINDIR, expand_path},
+    {"euid", 0, NULL, expand_euid},
+    {"username", 0, NULL, expand_username},
+#endif
+    {"TEMP", 0, NULL, expand_temp_folder},
+    {"USERID", 0, NULL, expand_userid},
+    {"uid", 0, NULL, expand_userid},
+    {"null", 0, NULL, expand_null}
+};
+
+static krb5_error_code
+expand_token(krb5_context context, const char *token, const char *token_end,
+             char **extra_tokens, char **ret)
+{
+    size_t i;
+    char **p;
+
+    *ret = NULL;
+
+    if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' ||
+        token_end - token <= 2) {
+        k5_setmsg(context, EINVAL, _("Invalid token"));
+        return EINVAL;
+    }
+
+    for (p = extra_tokens; p != NULL && *p != NULL; p += 2) {
+        if (strncmp(token + 2, *p, (token_end - token) - 2) == 0)
+            return expand_extra_token(context, p[1], ret);
+    }
+
+    for (i = 0; i < sizeof(tokens) / sizeof(tokens[0]); i++) {
+        if (!strncmp(token + 2, tokens[i].tok, (token_end - token) - 2)) {
+            return tokens[i].exp_func(context, tokens[i].param,
+                                      tokens[i].postfix, ret);
+        }
+    }
+
+    k5_setmsg(context, EINVAL, _("Invalid token"));
+    return EINVAL;
+}
+
+/*
+ * Expand tokens in path_in to produce *path_out.  The caller should free
+ * *path_out with free().
+ */
+krb5_error_code
+k5_expand_path_tokens(krb5_context context, const char *path_in,
+                      char **path_out)
+{
+    return k5_expand_path_tokens_extra(context, path_in, path_out, NULL);
+}
+
+static void
+free_extra_tokens(char **extra_tokens)
+{
+    char **p;
+
+    for (p = extra_tokens; p != NULL && *p != NULL; p++)
+        free(*p);
+    free(extra_tokens);
+}
+
+/*
+ * Expand tokens in path_in to produce *path_out.  Arguments after path_out are
+ * pairs of extra token names and replacement values, terminated by a NULL.
+ * The caller should free *path_out with free().
+ */
+krb5_error_code
+k5_expand_path_tokens_extra(krb5_context context, const char *path_in,
+                            char **path_out, ...)
+{
+    krb5_error_code ret;
+    struct k5buf buf;
+    char *tok_begin, *tok_end, *tok_val, **extra_tokens = NULL, *path;
+    const char *path_left;
+    size_t nargs = 0, i;
+    va_list ap;
+
+    *path_out = NULL;
+
+    k5_buf_init_dynamic(&buf);
+
+    /* Count extra tokens. */
+    va_start(ap, path_out);
+    while (va_arg(ap, const char *) != NULL)
+        nargs++;
+    va_end(ap);
+    if (nargs % 2 != 0)
+        return EINVAL;
+
+    /* Get extra tokens. */
+    if (nargs > 0) {
+        extra_tokens = k5calloc(nargs + 1, sizeof(char *), &ret);
+        if (extra_tokens == NULL)
+            goto cleanup;
+        va_start(ap, path_out);
+        for (i = 0; i < nargs; i++) {
+            extra_tokens[i] = strdup(va_arg(ap, const char *));
+            if (extra_tokens[i] == NULL) {
+                ret = ENOMEM;
+                va_end(ap);
+                goto cleanup;
+            }
+        }
+        va_end(ap);
+    }
+
+    path_left = path_in;
+    while (TRUE) {
+        /* Find the next token in path_left and add the literal text up to it.
+         * If there are no more tokens, we can finish up. */
+        tok_begin = strstr(path_left, "%{");
+        if (tok_begin == NULL) {
+            k5_buf_add(&buf, path_left);
+            break;
+        }
+        k5_buf_add_len(&buf, path_left, tok_begin - path_left);
+
+        /* Find the end of this token. */
+        tok_end = strchr(tok_begin, '}');
+        if (tok_end == NULL) {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("variable missing }"));
+            goto cleanup;
+        }
+
+        /* Expand this token and add its value. */
+        ret = expand_token(context, tok_begin, tok_end, extra_tokens,
+                           &tok_val);
+        if (ret)
+            goto cleanup;
+        k5_buf_add(&buf, tok_val);
+        free(tok_val);
+        path_left = tok_end + 1;
+    }
+
+    path = k5_buf_cstring(&buf);
+    if (path == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+#ifdef _WIN32
+    /* Also deal with slashes. */
+    {
+        char *p;
+        for (p = path; *p != '\0'; p++) {
+            if (*p == '/')
+                *p = '\\';
+        }
+    }
+#endif
+    *path_out = path;
+    memset(&buf, 0, sizeof(buf));
+    ret = 0;
+
+cleanup:
+    k5_buf_free(&buf);
+    free_extra_tokens(extra_tokens);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/full_ipadr.c b/krb5-1.21.3/src/lib/krb5/os/full_ipadr.c
new file mode 100644
index 00000000..61fc74b6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/full_ipadr.c
@@ -0,0 +1,83 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/full_ipadr.c - Generate full address from IP addr and port */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#ifdef HAVE_NETINET_IN_H
+
+#include "os-proto.h"
+
+krb5_error_code
+krb5_make_full_ipaddr(krb5_context context, krb5_int32 adr,
+                      /*krb5_int16*/int port, krb5_address **outaddr)
+{
+    unsigned long smushaddr = (unsigned long) adr; /* already in net order */
+    unsigned short smushport = (unsigned short) port; /* ditto */
+    krb5_address *retaddr;
+    krb5_octet *marshal;
+    krb5_addrtype temptype;
+    krb5_int32 templength;
+
+    if (!(retaddr = (krb5_address *)malloc(sizeof(*retaddr)))) {
+        return ENOMEM;
+    }
+    retaddr->magic = KV5M_ADDRESS;
+    retaddr->addrtype = ADDRTYPE_ADDRPORT;
+    retaddr->length = sizeof(smushaddr)+ sizeof(smushport) +
+        2*sizeof(temptype) + 2*sizeof(templength);
+
+    if (!(retaddr->contents = (krb5_octet *)malloc(retaddr->length))) {
+        free(retaddr);
+        return ENOMEM;
+    }
+    marshal = retaddr->contents;
+
+    temptype = htons(ADDRTYPE_INET);
+    (void) memcpy(marshal, &temptype, sizeof(temptype));
+    marshal += sizeof(temptype);
+
+    templength = htonl(sizeof(smushaddr));
+    (void) memcpy(marshal, &templength, sizeof(templength));
+    marshal += sizeof(templength);
+
+    (void) memcpy(marshal, &smushaddr, sizeof(smushaddr));
+    marshal += sizeof(smushaddr);
+
+    temptype = htons(ADDRTYPE_IPPORT);
+    (void) memcpy(marshal, &temptype, sizeof(temptype));
+    marshal += sizeof(temptype);
+
+    templength = htonl(sizeof(smushport));
+    (void) memcpy(marshal, &templength, sizeof(templength));
+    marshal += sizeof(templength);
+
+    (void) memcpy(marshal, &smushport, sizeof(smushport));
+    marshal += sizeof(smushport);
+
+    *outaddr = retaddr;
+    return 0;
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/os/gen_port.c b/krb5-1.21.3/src/lib/krb5/os/gen_port.c
new file mode 100644
index 00000000..f51d12f6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/gen_port.c
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/gen_port.c - Generate full address from IP address and port */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+krb5_error_code
+krb5_gen_portaddr(krb5_context context, const krb5_address *addr, krb5_const_pointer ptr, krb5_address **outaddr)
+{
+#ifdef HAVE_NETINET_IN_H
+    krb5_int32 adr;
+    krb5_int16 port;
+
+    if (addr->addrtype != ADDRTYPE_INET)
+        return KRB5_PROG_ATYPE_NOSUPP;
+    port = *(const krb5_int16 *)ptr;
+
+    memcpy(&adr, addr->contents, sizeof(adr));
+    return krb5_make_full_ipaddr(context, adr, port, outaddr);
+#else
+    return KRB5_PROG_ATYPE_NOSUPP;
+#endif
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/gen_rname.c b/krb5-1.21.3/src/lib/krb5/os/gen_rname.c
new file mode 100644
index 00000000..9dae0435
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/gen_rname.c
@@ -0,0 +1,53 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/gen_rname.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Take a port-style address and unique string, and return
+ * a replay cache tag string.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+krb5_error_code
+krb5_gen_replay_name(krb5_context context, const krb5_address *address, const char *uniq, char **string)
+{
+    char * tmp;
+    unsigned int i;
+    unsigned int len;
+
+    len = strlen(uniq) + (address->length * 2) + 1;
+    if ((*string = malloc(len)) == NULL)
+        return ENOMEM;
+
+    snprintf(*string, len, "%s", uniq);
+    tmp = *string + strlen(uniq);
+    for (i = 0; i < address->length; i++) {
+        snprintf(tmp, len - (tmp-*string), "%.2x", address->contents[i] & 0xff);
+        tmp += 2;
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/genaddrs.c b/krb5-1.21.3/src/lib/krb5/os/genaddrs.c
new file mode 100644
index 00000000..c818fdb6
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/genaddrs.c
@@ -0,0 +1,125 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/genaddrs.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+#if !defined(_WINSOCKAPI_)
+#include <netinet/in.h>
+#endif
+
+struct addrpair {
+    krb5_address addr, port;
+};
+
+#define SET(TARG, THING, TYPE)                  \
+    ((TARG).contents = (krb5_octet *) &(THING), \
+     (TARG).length = sizeof (THING),            \
+     (TARG).addrtype = (TYPE))
+
+static void *cvtaddr (struct sockaddr_storage *a, struct addrpair *ap)
+{
+    switch (ss2sa(a)->sa_family) {
+    case AF_INET:
+        SET (ap->port, ss2sin(a)->sin_port, ADDRTYPE_IPPORT);
+        SET (ap->addr, ss2sin(a)->sin_addr, ADDRTYPE_INET);
+        return a;
+    case AF_INET6:
+        SET (ap->port, ss2sin6(a)->sin6_port, ADDRTYPE_IPPORT);
+        if (IN6_IS_ADDR_V4MAPPED (&ss2sin6(a)->sin6_addr)) {
+            ap->addr.addrtype = ADDRTYPE_INET;
+            ap->addr.contents = 12 + (krb5_octet *) &ss2sin6(a)->sin6_addr;
+            ap->addr.length = 4;
+        } else
+            SET (ap->addr, ss2sin6(a)->sin6_addr, ADDRTYPE_INET6);
+        return a;
+    default:
+        return 0;
+    }
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int infd, int flags)
+{
+    krb5_error_code       retval;
+    krb5_address        * laddr;
+    krb5_address        * lport;
+    krb5_address        * raddr;
+    krb5_address        * rport;
+    SOCKET              fd = (SOCKET) infd;
+    struct addrpair laddrs, raddrs;
+
+#ifdef HAVE_NETINET_IN_H
+    struct sockaddr_storage lsaddr, rsaddr;
+    GETSOCKNAME_ARG3_TYPE ssize;
+
+    ssize = sizeof(struct sockaddr_storage);
+    if ((flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) ||
+        (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR)) {
+        retval = getsockname(fd, ss2sa(&lsaddr), &ssize);
+        if (retval)
+            return retval;
+
+        if (cvtaddr (&lsaddr, &laddrs)) {
+            laddr = &laddrs.addr;
+            if (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR)
+                lport = &laddrs.port;
+            else
+                lport = 0;
+        } else
+            return KRB5_PROG_ATYPE_NOSUPP;
+    } else {
+        laddr = NULL;
+        lport = NULL;
+    }
+
+    ssize = sizeof(struct sockaddr_storage);
+    if ((flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) ||
+        (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR)) {
+        retval = getpeername(fd, ss2sa(&rsaddr), &ssize);
+        if (retval)
+            return errno;
+
+        if (cvtaddr (&rsaddr, &raddrs)) {
+            raddr = &raddrs.addr;
+            if (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)
+                rport = &raddrs.port;
+            else
+                rport = 0;
+        } else
+            return KRB5_PROG_ATYPE_NOSUPP;
+    } else {
+        raddr = NULL;
+        rport = NULL;
+    }
+
+    if (!(retval = krb5_auth_con_setaddrs(context, auth_context, laddr, raddr)))
+        return (krb5_auth_con_setports(context, auth_context, lport, rport));
+    return retval;
+#else
+    return KRB5_PROG_ATYPE_NOSUPP;
+#endif
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/hostaddr.c b/krb5-1.21.3/src/lib/krb5/os/hostaddr.c
new file mode 100644
index 00000000..129a4adc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/hostaddr.c
@@ -0,0 +1,128 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/hostaddr.c - Return list of krb5 addresses for a hostname */
+/*
+ * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+#include "fake-addrinfo.h"
+
+krb5_error_code
+k5_os_hostaddr(krb5_context context, const char *name,
+               krb5_address ***ret_addrs)
+{
+    krb5_error_code     retval;
+    krb5_address        **addrs = NULL;
+    int                 i, j, r;
+    struct addrinfo hints, *ai = NULL, *aip;
+
+    if (!name)
+        return KRB5_ERR_BAD_HOSTNAME;
+
+    memset (&hints, 0, sizeof (hints));
+    hints.ai_flags = AI_NUMERICHOST | AI_ADDRCONFIG;
+    /* We don't care what kind at this point, really, but without
+       this, we can get back multiple sockaddrs per address, for
+       SOCK_DGRAM, SOCK_STREAM, and SOCK_RAW.  I haven't checked if
+       that's what the spec indicates.  */
+    hints.ai_socktype = SOCK_DGRAM;
+
+    r = getaddrinfo (name, 0, &hints, &ai);
+    if (r && AI_NUMERICHOST != 0) {
+        hints.ai_flags &= ~AI_NUMERICHOST;
+        r = getaddrinfo (name, 0, &hints, &ai);
+    }
+    if (r)
+        return KRB5_ERR_BAD_HOSTNAME;
+
+    for (i = 0, aip = ai; aip; aip = aip->ai_next) {
+        switch (aip->ai_addr->sa_family) {
+        case AF_INET:
+        case AF_INET6:
+            i++;
+        default:
+            /* Ignore addresses of unknown families.  */
+            ;
+        }
+    }
+
+    addrs = k5calloc(i + 1, sizeof(*addrs), &retval);
+    if (addrs == NULL)
+        goto errout;
+
+    for (j = 0; j < i + 1; j++)
+        addrs[j] = 0;
+
+    for (i = 0, aip = ai; aip; aip = aip->ai_next) {
+        void *ptr;
+        size_t addrlen;
+        int atype;
+
+        switch (aip->ai_addr->sa_family) {
+        case AF_INET:
+            addrlen = sizeof (struct in_addr);
+            ptr = &sa2sin(aip->ai_addr)->sin_addr;
+            atype = ADDRTYPE_INET;
+            break;
+        case AF_INET6:
+            addrlen = sizeof (struct in6_addr);
+            ptr = &sa2sin6(aip->ai_addr)->sin6_addr;
+            atype = ADDRTYPE_INET6;
+            break;
+        default:
+            continue;
+        }
+        addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
+        if (!addrs[i]) {
+            retval = ENOMEM;
+            goto errout;
+        }
+        addrs[i]->magic = KV5M_ADDRESS;
+        addrs[i]->addrtype = atype;
+        addrs[i]->length = addrlen;
+        addrs[i]->contents = k5memdup(ptr, addrlen, &retval);
+        if (addrs[i]->contents == NULL)
+            goto errout;
+        i++;
+    }
+
+    *ret_addrs = addrs;
+    if (ai)
+        freeaddrinfo(ai);
+    return 0;
+
+errout:
+    if (addrs) {
+        for (i = 0; addrs[i]; i++) {
+            free (addrs[i]->contents);
+            free (addrs[i]);
+        }
+        krb5_free_addresses(context, addrs);
+    }
+    if (ai)
+        freeaddrinfo(ai);
+    return retval;
+
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/hostrealm.c b/krb5-1.21.3/src/lib/krb5/os/hostrealm.c
new file mode 100644
index 00000000..fcab360e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/hostrealm.c
@@ -0,0 +1,547 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/hostrealm.c - realm-of-host and default-realm APIs */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include "fake-addrinfo.h"
+#include <krb5/hostrealm_plugin.h>
+#include <ctype.h>
+
+#if defined(_WIN32) && !defined(__CYGWIN32__)
+#ifndef EAFNOSUPPORT
+#define EAFNOSUPPORT WSAEAFNOSUPPORT
+#endif
+#endif
+
+struct hostrealm_module_handle {
+    struct krb5_hostrealm_vtable_st vt;
+    krb5_hostrealm_moddata data;
+};
+
+/* Release a list of hostrealm module handles. */
+static void
+free_handles(krb5_context context, struct hostrealm_module_handle **handles)
+{
+    struct hostrealm_module_handle *h, **hp;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.fini != NULL)
+            h->vt.fini(context, h->data);
+        free(h);
+    }
+    free(handles);
+}
+
+/* Get the registered hostrealm modules including all built-in modules, in the
+ * proper order. */
+static krb5_error_code
+get_modules(krb5_context context, krb5_plugin_initvt_fn **modules_out)
+{
+    krb5_error_code ret;
+    const int intf = PLUGIN_INTERFACE_HOSTREALM;
+
+    *modules_out = NULL;
+
+    /* Register built-in modules. */
+    ret = k5_plugin_register(context, intf, "registry",
+                             hostrealm_registry_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "profile",
+                             hostrealm_profile_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "dns", hostrealm_dns_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "domain", hostrealm_domain_initvt);
+    if (ret)
+        return ret;
+
+    return k5_plugin_load_all(context, intf, modules_out);
+}
+
+/* Initialize context->hostrealm_handles with a list of module handles. */
+static krb5_error_code
+load_hostrealm_modules(krb5_context context)
+{
+    krb5_error_code ret;
+    struct hostrealm_module_handle **list = NULL, *handle;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    size_t count;
+
+    ret = get_modules(context, &modules);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = k5alloc((count + 1) * sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* Initialize each module, ignoring ones that fail. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        handle = k5alloc(sizeof(*handle), &ret);
+        if (handle == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
+        if (ret != 0) {
+            TRACE_HOSTREALM_VTINIT_FAIL(context, ret);
+            free(handle);
+            continue;
+        }
+
+        handle->data = NULL;
+        if (handle->vt.init != NULL) {
+            ret = handle->vt.init(context, &handle->data);
+            if (ret != 0) {
+                TRACE_HOSTREALM_INIT_FAIL(context, handle->vt.name, ret);
+                free(handle);
+                continue;
+            }
+        }
+        list[count++] = handle;
+        list[count] = NULL;
+    }
+    list[count] = NULL;
+
+    ret = 0;
+    context->hostrealm_handles = list;
+    list = NULL;
+
+cleanup:
+    k5_plugin_free_modules(context, modules);
+    free_handles(context, list);
+    return ret;
+}
+
+/* Invoke a module's host_realm method, if it has one. */
+static krb5_error_code
+host_realm(krb5_context context, struct hostrealm_module_handle *h,
+          const char *host, char ***realms_out)
+{
+    if (h->vt.host_realm == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    return h->vt.host_realm(context, h->data, host, realms_out);
+}
+
+/* Invoke a module's fallback_realm method, if it has one. */
+static krb5_error_code
+fallback_realm(krb5_context context, struct hostrealm_module_handle *h,
+               const char *host, char ***realms_out)
+{
+    if (h->vt.fallback_realm == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    return h->vt.fallback_realm(context, h->data, host, realms_out);
+}
+
+/* Invoke a module's default_realm method, if it has one. */
+static krb5_error_code
+default_realm(krb5_context context, struct hostrealm_module_handle *h,
+              char ***realms_out)
+{
+    if (h->vt.default_realm == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    return h->vt.default_realm(context, h->data, realms_out);
+}
+
+/* Invoke a module's free_list method. */
+static void
+free_list(krb5_context context, struct hostrealm_module_handle *h,
+          char **list)
+{
+    h->vt.free_list(context, h->data, list);
+}
+
+/* Copy a null-terminated list of strings. */
+static krb5_error_code
+copy_list(char **in, char ***out)
+{
+    size_t count, i;
+    char **list;
+
+    *out = NULL;
+    for (count = 0; in[count] != NULL; count++);
+    list = calloc(count + 1, sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    for (i = 0; i < count; i++) {
+        list[i] = strdup(in[i]);
+        if (list[i] == NULL) {
+            krb5_free_host_realm(NULL, list);
+            return ENOMEM;
+        }
+    }
+    *out = list;
+    return 0;
+}
+
+static krb5_error_code
+translate_gai_error(int num)
+{
+    switch (num) {
+#ifdef EAI_ADDRFAMILY
+    case EAI_ADDRFAMILY:
+        return EAFNOSUPPORT;
+#endif
+    case EAI_AGAIN:
+        return EAGAIN;
+    case EAI_BADFLAGS:
+        return EINVAL;
+    case EAI_FAIL:
+        return KRB5_EAI_FAIL;
+    case EAI_FAMILY:
+        return EAFNOSUPPORT;
+    case EAI_MEMORY:
+        return ENOMEM;
+#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
+    case EAI_NODATA:
+        return KRB5_EAI_NODATA;
+#endif
+    case EAI_NONAME:
+        return KRB5_EAI_NONAME;
+#if defined(EAI_OVERFLOW)
+    case EAI_OVERFLOW:
+        return EINVAL;          /* XXX */
+#endif
+    case EAI_SERVICE:
+        return KRB5_EAI_SERVICE;
+    case EAI_SOCKTYPE:
+        return EINVAL;
+#ifdef EAI_SYSTEM
+    case EAI_SYSTEM:
+        return errno;
+#endif
+    }
+    abort();
+    return -1;
+}
+
+/* Get the canonical form of the local host name, using forward
+ * canonicalization only. */
+krb5_error_code
+krb5int_get_fq_local_hostname(char **hostname_out)
+{
+    struct addrinfo *ai, hints;
+    char buf[MAXHOSTNAMELEN];
+    int err;
+
+    *hostname_out = NULL;
+
+    if (gethostname(buf, sizeof(buf)) == -1)
+        return SOCKET_ERRNO;
+
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
+    err = getaddrinfo(buf, NULL, &hints, &ai);
+    if (err)
+        return translate_gai_error(err);
+    if (ai->ai_canonname == NULL) {
+        freeaddrinfo(ai);
+        return KRB5_EAI_FAIL;
+    }
+    *hostname_out = strdup(ai->ai_canonname);
+    freeaddrinfo(ai);
+    return (*hostname_out == NULL) ? ENOMEM : 0;
+}
+
+static krb5_error_code
+clean_hostname(krb5_context context, const char *host, char **cleanname_out)
+{
+    char *p, *cleanname;
+    krb5_error_code ret;
+    size_t l;
+
+    *cleanname_out = NULL;
+
+    if (host != NULL) {
+        cleanname = strdup(host);
+        if (cleanname == NULL)
+            return ENOMEM;
+    } else {
+        ret = krb5int_get_fq_local_hostname(&cleanname);
+        if (ret)
+            return ret;
+    }
+
+    /* Fold to lowercase. */
+    for (p = cleanname; *p; p++) {
+        if (isupper((unsigned char)*p))
+            *p = tolower((unsigned char)*p);
+    }
+
+    /* Strip off trailing dot. */
+    l = strlen(cleanname);
+    if (l > 0 && cleanname[l - 1] == '.')
+        cleanname[l - 1] = '\0';
+
+    *cleanname_out = cleanname;
+    return 0;
+}
+
+/* Return true if name appears to be an IPv4 or IPv6 address. */
+krb5_boolean
+k5_is_numeric_address(const char *name)
+{
+    int ndots = 0;
+    const char *p;
+
+    /* If name contains only numbers and three dots, consider it to be an IPv4
+     * address. */
+    if (strspn(name, "01234567890.") == strlen(name)) {
+        for (p = name; *p; p++) {
+            if (*p == '.')
+                ndots++;
+        }
+        if (ndots == 3)
+            return TRUE;
+    }
+
+    /* If name contains a colon, consider it to be an IPv6 address. */
+    if (strchr(name, ':') != NULL)
+        return TRUE;
+
+    return FALSE;
+}
+
+/* Construct a one-element realm list containing a copy of realm. */
+krb5_error_code
+k5_make_realmlist(const char *realm, char ***realms_out)
+{
+    char **realms;
+
+    *realms_out = NULL;
+    realms = calloc(2, sizeof(*realms));
+    if (realms == NULL)
+        return ENOMEM;
+    realms[0] = strdup(realm);
+    if (realms[0] == NULL) {
+        free(realms);
+        return ENOMEM;
+    }
+    *realms_out = realms;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_host_realm(krb5_context context, const char *host, char ***realms_out)
+{
+    krb5_error_code ret;
+    struct hostrealm_module_handle **hp;
+    char **realms, *cleanname = NULL;
+
+    *realms_out = NULL;
+
+    if (context->hostrealm_handles == NULL) {
+        ret = load_hostrealm_modules(context);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = clean_hostname(context, host, &cleanname);
+    if (ret)
+        goto cleanup;
+
+    /* Give each module a chance to determine the host's realms. */
+    for (hp = context->hostrealm_handles; *hp != NULL; hp++) {
+        ret = host_realm(context, *hp, cleanname, &realms);
+        if (ret == 0) {
+            ret = copy_list(realms, realms_out);
+            free_list(context, *hp, realms);
+            goto cleanup;
+        } else if (ret != KRB5_PLUGIN_NO_HANDLE) {
+            goto cleanup;
+        }
+    }
+
+    /* Return a list containing the "referral realm" (an empty realm), as a
+     * cue to try referrals. */
+    ret = k5_make_realmlist(KRB5_REFERRAL_REALM, realms_out);
+
+cleanup:
+    free(cleanname);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata,
+                             char ***realms_out)
+{
+    krb5_error_code ret;
+    struct hostrealm_module_handle **hp;
+    char **realms, *defrealm, *host, *cleanname = NULL;
+
+    *realms_out = NULL;
+
+    /* Convert hdata into a string and clean it. */
+    host = k5memdup0(hdata->data, hdata->length, &ret);
+    if (host == NULL)
+        goto cleanup;
+    ret = clean_hostname(context, host, &cleanname);
+    free(host);
+    if (ret)
+        goto cleanup;
+
+    if (context->hostrealm_handles == NULL) {
+        ret = load_hostrealm_modules(context);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Give each module a chance to determine the fallback realms. */
+    for (hp = context->hostrealm_handles; *hp != NULL; hp++) {
+        ret = fallback_realm(context, *hp, cleanname, &realms);
+        if (ret == 0) {
+            ret = copy_list(realms, realms_out);
+            free_list(context, *hp, realms);
+            goto cleanup;
+        } else if (ret != KRB5_PLUGIN_NO_HANDLE) {
+            goto cleanup;
+        }
+    }
+
+    /* Return a list containing the default realm. */
+    ret = krb5_get_default_realm(context, &defrealm);
+    if (ret)
+        goto cleanup;
+    ret = k5_make_realmlist(defrealm, realms_out);
+    krb5_free_default_realm(context, defrealm);
+
+cleanup:
+    free(cleanname);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_free_host_realm(krb5_context context, char *const *list)
+{
+    char *const *p;
+
+    for (p = list; p != NULL && *p != NULL; p++)
+        free(*p);
+    free((char **)list);
+    return 0;
+}
+
+/* Get the system default realm using hostrealm modules. */
+static krb5_error_code
+get_default_realm(krb5_context context, char **realm_out)
+{
+    krb5_error_code ret;
+    struct hostrealm_module_handle **hp;
+    char **realms;
+
+    *realm_out = NULL;
+    if (context->hostrealm_handles == NULL) {
+        ret = load_hostrealm_modules(context);
+        if (ret)
+            return ret;
+    }
+
+    /* Give each module a chance to determine the default realm. */
+    for (hp = context->hostrealm_handles; *hp != NULL; hp++) {
+        ret = default_realm(context, *hp, &realms);
+        if (ret == 0) {
+            if (*realms == NULL) {
+                ret = KRB5_CONFIG_NODEFREALM;
+            } else {
+                *realm_out = strdup(realms[0]);
+                if (*realm_out == NULL)
+                    ret = ENOMEM;
+            }
+            free_list(context, *hp, realms);
+            return ret;
+        } else if (ret != KRB5_PLUGIN_NO_HANDLE) {
+            return ret;
+        }
+    }
+
+    return KRB5_CONFIG_NODEFREALM;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_default_realm(krb5_context context, char **realm_out)
+{
+    krb5_error_code ret;
+
+    *realm_out = NULL;
+
+    if (context == NULL || context->magic != KV5M_CONTEXT)
+        return KV5M_CONTEXT;
+
+    if (context->default_realm == NULL) {
+        ret = get_default_realm(context, &context->default_realm);
+        if (ret)
+            return ret;
+    }
+    *realm_out = strdup(context->default_realm);
+    return (*realm_out == NULL) ? ENOMEM : 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_default_realm(krb5_context context, const char *realm)
+{
+    if (context == NULL || context->magic != KV5M_CONTEXT)
+        return KV5M_CONTEXT;
+
+    if (context->default_realm != NULL) {
+        free(context->default_realm);
+        context->default_realm = NULL;
+    }
+
+    /* Allow the caller to clear the default realm setting by passing NULL. */
+    if (realm != NULL) {
+        context->default_realm = strdup(realm);
+        if (context->default_realm == NULL)
+            return ENOMEM;
+    }
+
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5_free_default_realm(krb5_context context, char *realm)
+{
+    free(realm);
+}
+
+void
+k5_hostrealm_free_context(krb5_context context)
+{
+    free_handles(context, context->hostrealm_handles);
+    context->hostrealm_handles = NULL;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/hostrealm_dns.c b/krb5-1.21.3/src/lib/krb5/os/hostrealm_dns.c
new file mode 100644
index 00000000..a55a12c1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/hostrealm_dns.c
@@ -0,0 +1,143 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/hostream_dns.c - dns hostrealm module */
+/*
+ * Copyright (C) 1990,1991,2002,2008,2009,2013 by the Massachusetts Institute
+ * of Technology.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements the built-in dns module for the hostrealm interface,
+ * which uses TXT records in the DNS to determine the default realm or the
+ * fallback realm of a host.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/hostrealm_plugin.h>
+
+#ifdef KRB5_DNS_LOOKUP
+
+/* Try a _kerberos TXT lookup for fqdn and each parent domain; return the
+ * resulting realm (caller must free) or NULL. */
+static char *
+txt_lookup(krb5_context context, const char *fqdn)
+{
+    char *realm;
+
+    while (fqdn != NULL && *fqdn != '\0') {
+        if (k5_try_realm_txt_rr(context, "_kerberos", fqdn, &realm) == 0)
+            return realm;
+        fqdn = strchr(fqdn, '.');
+        if (fqdn != NULL)
+            fqdn++;
+    }
+    return NULL;
+}
+
+static krb5_error_code
+dns_fallback_realm(krb5_context context, krb5_hostrealm_moddata data,
+                   const char *host, char ***realms_out)
+{
+    krb5_error_code ret;
+    char *realm;
+
+    *realms_out = NULL;
+    if (!_krb5_use_dns_realm(context) || k5_is_numeric_address(host))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Try a TXT record lookup for each component of host. */
+    realm = txt_lookup(context, host);
+    if (realm == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    ret = k5_make_realmlist(realm, realms_out);
+    free(realm);
+    return ret;
+}
+
+static krb5_error_code
+dns_default_realm(krb5_context context, krb5_hostrealm_moddata data,
+                  char ***realms_out)
+{
+    krb5_error_code ret;
+    char *localhost, *realm;
+
+    *realms_out = NULL;
+    if (!_krb5_use_dns_realm(context))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    ret = krb5int_get_fq_local_hostname(&localhost);
+    if (ret)
+        return ret;
+
+    /* If we don't find a TXT record for localhost or any parent, look for a
+     * global record. */
+    realm = txt_lookup(context, localhost);
+    free(localhost);
+    if (realm == NULL)
+        (void)k5_try_realm_txt_rr(context, "_kerberos", NULL, &realm);
+
+    if (realm == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    ret = k5_make_realmlist(realm, realms_out);
+    free(realm);
+    return ret;
+}
+
+static void
+dns_free_realmlist(krb5_context context, krb5_hostrealm_moddata data,
+                   char **list)
+{
+    krb5_free_host_realm(context, list);
+}
+
+krb5_error_code
+hostrealm_dns_initvt(krb5_context context, int maj_ver, int min_ver,
+                     krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt = (krb5_hostrealm_vtable)vtable;
+
+    vt->name = "dns";
+    vt->fallback_realm = dns_fallback_realm;
+    vt->default_realm = dns_default_realm;
+    vt->free_list = dns_free_realmlist;
+    return 0;
+}
+
+#else /* KRB5_DNS_LOOKUP */
+
+krb5_error_code
+hostrealm_dns_initvt(krb5_context context, int maj_ver, int min_ver,
+                     krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt = (krb5_hostrealm_vtable)vtable;
+
+    vt->name = "dns";
+    return 0;
+}
+
+#endif /* KRB5_DNS_LOOKUP */
diff --git a/krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c b/krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c
new file mode 100644
index 00000000..c3d31c70
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c
@@ -0,0 +1,128 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/hostream_domain.c - domain hostrealm module */
+/*
+ * Copyright (C) 1990,1991,2002,2008,2009,2013 by the Massachusetts Institute
+ * of Technology.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements the built-in domain module for the hostrealm interface,
+ * which uses domain-based heuristics to determine the fallback realm of a
+ * host.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/hostrealm_plugin.h>
+#include <ctype.h>
+
+static krb5_error_code
+domain_fallback_realm(krb5_context context, krb5_hostrealm_moddata data,
+                      const char *host, char ***realms_out)
+{
+    krb5_error_code ret;
+    struct serverlist slist;
+    krb5_data drealm;
+    char *uhost = NULL, *p;
+    const char *suffix, *dot;
+    int limit;
+
+    *realms_out = NULL;
+
+    /* These heuristics don't apply to address literals. */
+    if (k5_is_numeric_address(host))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Make an uppercase copy of host. */
+    uhost = strdup(host);
+    if (uhost == NULL)
+        return ENOMEM;
+    for (p = uhost; *p != '\0'; p++) {
+        if (islower((unsigned char)*p))
+            *p = toupper((unsigned char)*p);
+    }
+
+    /*
+     * Try searching domain suffixes as realms.  This heuristic is turned off
+     * by default.  If DNS lookups for KDCs are enabled (as they are by
+     * default), an attacker could control which domain component is used as
+     * the realm for a host.
+     *
+     * A realm_try_domains value of -1 (the default) means not to search at
+     * all, a value of 0 means to try only the full domain itself, 1 means to
+     * also try the parent domain, etc..  We will stop searching when we reach
+     * a suffix with only one label.
+     */
+    ret = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit);
+    if (ret)
+        goto cleanup;
+    suffix = uhost;
+    while (limit-- >= 0 && (dot = strchr(suffix, '.')) != NULL) {
+        drealm = string2data((char *)suffix);
+        if (k5_locate_kdc(context, &drealm, &slist, FALSE, FALSE) == 0) {
+            k5_free_serverlist(&slist);
+            ret = k5_make_realmlist(suffix, realms_out);
+            goto cleanup;
+        }
+        suffix = dot + 1;
+    }
+
+    /*
+     * If that didn't succeed, use the upper-cased parent domain of the
+     * hostname, regardless of whether we can actually look it up as a realm.
+     */
+    dot = strchr(uhost, '.');
+    if (dot != NULL)
+        ret = k5_make_realmlist(dot + 1, realms_out);
+    else
+        ret = KRB5_PLUGIN_NO_HANDLE;
+
+cleanup:
+    free(uhost);
+    return ret;
+}
+
+static void
+domain_free_realmlist(krb5_context context, krb5_hostrealm_moddata data,
+                       char **list)
+{
+    krb5_free_host_realm(context, list);
+}
+
+krb5_error_code
+hostrealm_domain_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt = (krb5_hostrealm_vtable)vtable;
+
+    vt->name = "domain";
+    vt->fallback_realm = domain_fallback_realm;
+    vt->free_list = domain_free_realmlist;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/hostrealm_profile.c b/krb5-1.21.3/src/lib/krb5/os/hostrealm_profile.c
new file mode 100644
index 00000000..6b99c05b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/hostrealm_profile.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/hostream_profile.c - profile hostrealm module */
+/*
+ * Copyright (C) 1990,1991,2002,2008,2009,2013 by the Massachusetts Institute
+ * of Technology.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements the built-in profile module for the hostrealm
+ * interface, which uses profile configuration to determine the local default
+ * realm or the authoritative realm of a host.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/hostrealm_plugin.h>
+
+/*
+ * Search progressively shorter suffixes of host in the [domain_realms] section
+ * of the profile to find the realm.  For example, given a host a.b.c, try to
+ * match a.b.c, then .b.c, then b.c, then .c, then c.  If we don't find a
+ * match, return success but set *realm_out to NULL.
+ */
+static krb5_error_code
+profile_host_realm(krb5_context context, krb5_hostrealm_moddata data,
+                   const char *host, char ***realms_out)
+{
+    krb5_error_code ret;
+    const char *p;
+    char *prof_realm;
+
+    *realms_out = NULL;
+
+    /* Don't look up IP addresses in [domain_realms]. */
+    if (k5_is_numeric_address(host))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Look for the host and each suffix in the [domain_realms] section. */
+    for (p = host; p != NULL; p = (*p == '.') ? p + 1 : strchr(p, '.')) {
+        ret = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, p,
+                                 NULL, NULL, &prof_realm);
+        if (ret)
+            return ret;
+        if (prof_realm != NULL) {
+            ret = k5_make_realmlist(prof_realm, realms_out);
+            profile_release_string(prof_realm);
+            return ret;
+        }
+    }
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* Look up the default_realm variable in the [libdefaults] section of the
+ * profile. */
+static krb5_error_code
+profile_default_realm(krb5_context context, krb5_hostrealm_moddata data,
+                      char ***realms_out)
+{
+    krb5_error_code ret;
+    char *prof_realm;
+
+    *realms_out = NULL;
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_DEFAULT_REALM, NULL, NULL, &prof_realm);
+    if (ret)
+        return ret;
+    if (prof_realm == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    ret = k5_make_realmlist(prof_realm, realms_out);
+    profile_release_string(prof_realm);
+    return ret;
+}
+
+static void
+profile_free_realmlist(krb5_context context, krb5_hostrealm_moddata data,
+                       char **list)
+{
+    krb5_free_host_realm(context, list);
+}
+
+krb5_error_code
+hostrealm_profile_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt = (krb5_hostrealm_vtable)vtable;
+
+    vt->name = "profile";
+    vt->host_realm = profile_host_realm;
+    vt->default_realm = profile_default_realm;
+    vt->free_list = profile_free_realmlist;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/hostrealm_registry.c b/krb5-1.21.3/src/lib/krb5/os/hostrealm_registry.c
new file mode 100644
index 00000000..a5c64364
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/hostrealm_registry.c
@@ -0,0 +1,135 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/hostream_registry.c - registry hostrealm module */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute
+ * of Technology.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements the built-in registry module for the hostrealm
+ * interface, which uses Windows registry configuration to determine the
+ * local default realm.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/hostrealm_plugin.h>
+
+#ifdef _WIN32
+/*
+ * Look up a default_realm entry starting from the given base key.
+ * The output *buf_out will be non-NULL if an entry was found; the
+ * caller is responsible for freeing *pbuffer.
+ *
+ * On success, return 0 and set *str_out to the default realm to be
+ * used.  Return KRB5_PLUGIN_NO_HANDLE if the registry key does not
+ * exist, or another code if it cannot be read.
+ */
+static krb5_error_code
+get_from_registry(HKEY hBaseKey, char **str_out)
+{
+    DWORD bsize = 0;
+    LONG rc;
+    krb5_error_code ret;
+    char *str = NULL;
+    const char *path = "Software\\MIT\\Kerberos5";
+    const char *value = "default_realm";
+
+    *str_out = NULL;
+
+    /* Call with zero size to determine the amount of storage needed. */
+    rc = RegGetValue(hBaseKey, path, value, RRF_RT_REG_SZ, NULL, str,
+                     &bsize);
+    if (rc == ERROR_FILE_NOT_FOUND)
+        return KRB5_PLUGIN_NO_HANDLE;
+    if (FAILED(rc) || bsize <= 0)
+        return EIO;
+    str = malloc(bsize);
+    if (str == NULL)
+        return ENOMEM;
+    rc = RegGetValue(hBaseKey, path, value, RRF_RT_REG_SZ, NULL, str,
+                     &bsize);
+    if (FAILED(rc)) {
+        ret = EIO;
+        goto cleanup;
+    }
+
+    ret = 0;
+    *str_out = str;
+    str = NULL;
+cleanup:
+    free(str);
+    return ret;
+}
+
+/* Look up the default_realm variable in the
+ * {HKLM,HKCU}\Software\MIT\Kerberos5\default_realm registry values. */
+static krb5_error_code
+registry_default_realm(krb5_context context, krb5_hostrealm_moddata data,
+                       char ***realms_out)
+{
+    krb5_error_code ret;
+    char *prof_realm;
+
+    *realms_out = NULL;
+    ret = get_from_registry(HKEY_LOCAL_MACHINE, &prof_realm);
+    if (ret == KRB5_PLUGIN_NO_HANDLE)
+        ret = get_from_registry(HKEY_CURRENT_USER, &prof_realm);
+    if (ret)
+        return ret;
+    ret = k5_make_realmlist(prof_realm, realms_out);
+    free(prof_realm);
+    return ret;
+}
+#else /* _WIN32 */
+static krb5_error_code
+registry_default_realm(krb5_context context, krb5_hostrealm_moddata data,
+                       char ***realms_out)
+{
+        return KRB5_PLUGIN_NO_HANDLE;
+}
+#endif /* _WIN32 */
+
+static void
+registry_free_realmlist(krb5_context context, krb5_hostrealm_moddata data,
+                       char **list)
+{
+    krb5_free_host_realm(context, list);
+}
+
+krb5_error_code
+hostrealm_registry_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt = (krb5_hostrealm_vtable)vtable;
+
+    vt->name = "registry";
+    vt->default_realm = registry_default_realm;
+    vt->free_list = registry_free_realmlist;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c b/krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c
new file mode 100644
index 00000000..2be266f1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c
@@ -0,0 +1,519 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/init_os_ctx.c */
+/*
+ * Copyright 1994, 2007, 2008, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#define NEED_WINDOWS
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include "../krb/int-proto.h"
+#include "prof_int.h"        /* XXX for profile_copy, not public yet */
+
+#if defined(_WIN32)
+#include <winsock.h>
+#include <Shlobj.h>
+
+static krb5_error_code
+get_from_windows_dir(
+    char **pname
+)
+{
+    UINT size = GetWindowsDirectory(0, 0);
+    *pname = malloc(size + strlen(DEFAULT_PROFILE_FILENAME) + 2);
+    if (*pname) {
+        GetWindowsDirectory(*pname, size);
+        strcat(*pname, "\\");
+        strcat(*pname, DEFAULT_PROFILE_FILENAME);
+        return 0;
+    } else {
+        return KRB5_CONFIG_CANTOPEN;
+    }
+}
+
+static krb5_error_code
+get_from_module_dir(
+    char **pname
+)
+{
+    const DWORD size = 1024; /* fixed buffer */
+    int found = 0;
+    char *p = NULL;
+    char *name = NULL;
+    struct _stat s;
+
+    *pname = 0;
+
+    name = malloc(size);
+    if (!name)
+        return ENOMEM;
+
+#ifdef _WIN64
+    if (!GetModuleFileName(GetModuleHandle("krb5_64"), name, size))
+#else
+    if (!GetModuleFileName(GetModuleHandle("krb5_32"), name, size))
+#endif
+        goto cleanup;
+
+    p = name + strlen(name);
+    while ((p >= name) && (*p != '\\') && (*p != '/')) p--;
+    if (p < name)
+        goto cleanup;
+    p++;
+    strncpy(p, DEFAULT_PROFILE_FILENAME, size - (p - name));
+    name[size - 1] = 0;
+    found = !_stat(name, &s);
+
+cleanup:
+    if (found)
+        *pname = name;
+    else
+        free(name);
+    return 0;
+}
+
+/*
+ * get_from_registry
+ *
+ * This will find a profile in the registry.  *pbuffer != 0 if we
+ * found something.  Make sure to free(*pbuffer) when done.  It will
+ * return an error code if there is an error the user should know
+ * about.  We maintain the invariant: return value != 0 =>
+ * *pbuffer == 0.
+ */
+static krb5_error_code
+get_from_registry(
+    char** pbuffer,
+    HKEY hBaseKey
+)
+{
+    HKEY hKey = 0;
+    LONG rc = 0;
+    DWORD size = 0;
+    krb5_error_code retval = 0;
+    const char *key_path = "Software\\MIT\\Kerberos5";
+    const char *value_name = "config";
+
+    assert(pbuffer != NULL);
+    *pbuffer = NULL;
+
+    if ((rc = RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE,
+                           &hKey)) != ERROR_SUCCESS) {
+        /* not a real error */
+        goto cleanup;
+    }
+    rc = RegQueryValueEx(hKey, value_name, 0, 0, 0, &size);
+    if ((rc != ERROR_SUCCESS) &&  (rc != ERROR_MORE_DATA)) {
+        /* not a real error */
+        goto cleanup;
+    }
+    *pbuffer = malloc(size);
+    if (!*pbuffer) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    if ((rc = RegQueryValueEx(hKey, value_name, 0, 0, *pbuffer, &size)) !=
+        ERROR_SUCCESS) {
+        /*
+         * Let's not call it a real error in case it disappears, but
+         * we need to free so that we say we did not find anything.
+         */
+        free(*pbuffer);
+        *pbuffer = 0;
+        goto cleanup;
+    }
+cleanup:
+    if (hKey)
+        RegCloseKey(hKey);
+    if (retval && *pbuffer) {
+        free(*pbuffer);
+        /* Let's say we did not find anything: */
+        *pbuffer = 0;
+    }
+    return retval;
+}
+
+/*
+ * get_from_known_folder
+ *
+ * This will find a profile in the specified known folder (e.g. CSIDL_APPDATA).
+ * *pbuffer != 0 if we found something.  Make sure to free(*pbuffer) when done.
+ * It will return an error code if there is an error the user should know
+ * about.  We maintain the invariant: return value != 0 =>
+ * *pbuffer == 0.
+ */
+static krb5_error_code
+get_from_known_folder(
+    int folderId,
+    char** pbuffer
+)
+{
+    char szPath[MAX_PATH];
+    const char * software_suffix = "\\MIT\\Kerberos5";
+    krb5_error_code retval = 0;
+    size_t size;
+    struct _stat s;
+
+    assert(pbuffer);
+    *pbuffer = NULL;
+
+    if (SUCCEEDED(SHGetFolderPath(NULL,
+                                  folderId /*|CSIDL_FLAG_CREATE*/,
+                                  NULL,
+                                  SHGFP_TYPE_CURRENT,
+                                  szPath))) {
+        size = strlen(software_suffix) + strlen("\\" DEFAULT_PROFILE_FILENAME) + strlen(szPath);
+        if ((size + 1) >= sizeof(szPath)) {
+            goto cleanup;
+        }
+        strlcat(szPath, software_suffix, sizeof(szPath));
+        strlcat(szPath, "\\", sizeof(szPath));
+        strlcat(szPath, DEFAULT_PROFILE_FILENAME, sizeof(szPath));
+    } else {
+        /* Might want to deliberate a bit better why we failed.
+            But for the time being this is not an error */
+        goto cleanup;
+    }
+
+    if (_stat(szPath, &s)) {
+        goto cleanup;
+    }
+
+    *pbuffer = malloc(size + 1);
+    if (!*pbuffer) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    strlcpy (*pbuffer, szPath, size + 1);
+
+cleanup:
+    if (retval && *pbuffer) {
+        free(*pbuffer);
+        /* Let's say we did not find anything: */
+        *pbuffer = 0;
+    }
+    return retval;
+}
+
+#endif /* _WIN32 */
+
+static void
+free_filespecs(profile_filespec_t *files)
+{
+    char **cp;
+
+    if (files == 0)
+        return;
+
+    for (cp = files; *cp; cp++)
+        free(*cp);
+    free(files);
+}
+
+/* This function is needed by KfM's KerberosPreferences API
+ * because it needs to be able to specify "secure" */
+static krb5_error_code
+os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
+{
+    profile_filespec_t* files;
+#if defined(_WIN32)
+    krb5_error_code retval = 0;
+    char *name = 0;
+
+    if (!secure) {
+        char *env = secure_getenv("KRB5_CONFIG");
+        if (env) {
+            name = strdup(env);
+            if (!name) return ENOMEM;
+        }
+    }
+    if (!name && !secure) {
+        /* HKCU */
+        retval = get_from_registry(&name, HKEY_CURRENT_USER);
+        if (retval) return retval;
+    }
+    if (!name) {
+        /* HKLM */
+        retval = get_from_registry(&name, HKEY_LOCAL_MACHINE);
+        if (retval) return retval;
+    }
+
+    if (!name && !secure) {
+        retval = get_from_known_folder(CSIDL_APPDATA, &name);
+        if (retval) return retval;
+    }
+
+    if (!name) {
+        retval = get_from_known_folder(CSIDL_COMMON_APPDATA, &name);
+        if (retval) return retval;
+    }
+
+    if (!name && !secure) {
+        /* module dir */
+        retval = get_from_module_dir(&name);
+        if (retval) return retval;
+    }
+    if (!name) {
+        /* windows dir */
+        retval = get_from_windows_dir(&name);
+    }
+    if (retval)
+        return retval;
+    if (!name)
+        return KRB5_CONFIG_CANTOPEN; /* should never happen */
+
+    files = malloc(2 * sizeof(char *));
+    if (!files)
+        return ENOMEM;
+    files[0] = name;
+    files[1] = 0;
+#else /* !_WIN32 */
+    char* filepath = 0;
+    int n_entries, i;
+    unsigned int ent_len;
+    const char *s, *t;
+
+    if (secure) {
+        filepath = DEFAULT_SECURE_PROFILE_PATH;
+    } else {
+        filepath = secure_getenv("KRB5_CONFIG");
+        if (!filepath) filepath = DEFAULT_PROFILE_PATH;
+    }
+
+    /* count the distinct filename components */
+    for(s = filepath, n_entries = 1; *s; s++) {
+        if (*s == ':')
+            n_entries++;
+    }
+
+    /* the array is NULL terminated */
+    files = (char**) malloc((n_entries+1) * sizeof(char*));
+    if (files == 0)
+        return ENOMEM;
+
+    /* measure, copy, and skip each one */
+    for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) {
+        ent_len = t-s;
+        files[i] = (char*) malloc(ent_len + 1);
+        if (files[i] == 0) {
+            /* if malloc fails, free the ones that worked */
+            while(--i >= 0) free(files[i]);
+            free(files);
+            return ENOMEM;
+        }
+        strncpy(files[i], s, ent_len);
+        files[i][ent_len] = 0;
+        if (*t == 0) {
+            i++;
+            break;
+        }
+    }
+    /* cap the array */
+    files[i] = 0;
+#endif /* !_WIN32 */
+    *pfiles = (profile_filespec_t *)files;
+    return 0;
+}
+
+static krb5_error_code
+add_kdc_config_file(profile_filespec_t **pfiles)
+{
+    char *file = NULL;
+    size_t count = 0;
+    profile_filespec_t *newfiles;
+
+    file = secure_getenv(KDC_PROFILE_ENV);
+    if (file == NULL)
+        file = DEFAULT_KDC_PROFILE;
+
+    for (count = 0; (*pfiles)[count]; count++)
+        ;
+    count += 2;
+    newfiles = malloc(count * sizeof(*newfiles));
+    if (newfiles == NULL)
+        return ENOMEM;
+    memcpy(newfiles + 1, *pfiles, (count-1) * sizeof(*newfiles));
+    newfiles[0] = strdup(file);
+    if (newfiles[0] == NULL) {
+        int e = ENOMEM;
+        free(newfiles);
+        return e;
+    }
+    free(*pfiles);
+    *pfiles = newfiles;
+    return 0;
+}
+
+
+/* Set the profile paths in the context.  If secure is set to TRUE
+   then do not include user paths (from environment variables, etc).
+   If kdc is TRUE, include kdc.conf from wherever we expect to find
+   it.  */
+static krb5_error_code
+os_init_paths(krb5_context ctx, krb5_boolean kdc)
+{
+    krb5_error_code    retval = 0;
+    profile_filespec_t *files = 0;
+    krb5_boolean secure = ctx->profile_secure;
+
+    retval = os_get_default_config_files(&files, secure);
+
+    if (retval == 0 && kdc)
+        retval = add_kdc_config_file(&files);
+
+    if (!retval) {
+        retval = profile_init_flags((const_profile_filespec_t *) files,
+                                    PROFILE_INIT_ALLOW_MODULE, &ctx->profile);
+
+        /* If none of the filenames can be opened, use an empty profile. */
+        if (retval == ENOENT)
+            retval = profile_init(NULL, &ctx->profile);
+    }
+
+    if (files)
+        free_filespecs(files);
+
+    if (retval)
+        ctx->profile = 0;
+
+    if (retval == ENOENT)
+        return KRB5_CONFIG_CANTOPEN;
+
+    if ((retval == PROF_SECTION_NOTOP) ||
+        (retval == PROF_SECTION_SYNTAX) ||
+        (retval == PROF_RELATION_SYNTAX) ||
+        (retval == PROF_EXTRA_CBRACE) ||
+        (retval == PROF_MISSING_OBRACE))
+        return KRB5_CONFIG_BADFORMAT;
+
+    return retval;
+}
+
+krb5_error_code
+k5_os_init_context(krb5_context ctx, profile_t profile, krb5_flags flags)
+{
+    krb5_os_context os_ctx;
+    krb5_error_code    retval = 0;
+#ifdef _WIN32
+    WORD wVersionRequested;
+    WSADATA wsaData;
+#endif /* _WIN32 */
+
+    os_ctx = &ctx->os_context;
+    os_ctx->magic = KV5M_OS_CONTEXT;
+    os_ctx->time_offset = 0;
+    os_ctx->usec_offset = 0;
+    os_ctx->os_flags = 0;
+    os_ctx->default_ccname = 0;
+
+    PLUGIN_DIR_INIT(&ctx->libkrb5_plugins);
+    ctx->preauth_context = NULL;
+
+    /* Use the profile we were handed, or create one from config files. */
+    if (profile)
+        retval = profile_copy(profile, &ctx->profile);
+    else
+        retval = os_init_paths(ctx, (flags & KRB5_INIT_CONTEXT_KDC) != 0);
+    if (retval)
+        return retval;
+
+#ifdef _WIN32
+    /* We initialize winsock to version 1.1 but
+     * we do not care if we succeed or fail.
+     */
+    wVersionRequested = 0x0101;
+    WSAStartup (wVersionRequested, &wsaData);
+#endif /* _WIN32 */
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_profile (krb5_context ctx, profile_t *profile)
+{
+    return profile_copy (ctx->profile, profile);
+}
+
+krb5_error_code
+krb5_set_config_files(krb5_context ctx, const char **filenames)
+{
+    krb5_error_code retval = 0;
+    profile_t    profile;
+
+    retval = profile_init_flags(filenames, PROFILE_INIT_ALLOW_MODULE,
+                                &profile);
+    if (retval)
+        return retval;
+
+    if (ctx->profile)
+        profile_release(ctx->profile);
+    ctx->profile = profile;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_default_config_files(char ***pfilenames)
+{
+    if (!pfilenames)
+        return EINVAL;
+    return os_get_default_config_files(pfilenames, FALSE);
+}
+
+void KRB5_CALLCONV
+krb5_free_config_files(char **filenames)
+{
+    free_filespecs(filenames);
+}
+
+void
+k5_os_free_context(krb5_context ctx)
+{
+    krb5_os_context os_ctx;
+
+    os_ctx = &ctx->os_context;
+
+    if (os_ctx->default_ccname) {
+        free(os_ctx->default_ccname);
+        os_ctx->default_ccname = 0;
+    }
+
+    os_ctx->magic = 0;
+
+    if (ctx->profile) {
+        profile_release(ctx->profile);
+        ctx->profile = 0;
+    }
+
+    if (ctx->preauth_context) {
+        k5_free_preauth_context(ctx);
+        ctx->preauth_context = NULL;
+    }
+    krb5int_close_plugin_dirs (&ctx->libkrb5_plugins);
+
+#ifdef _WIN32
+    WSACleanup();
+#endif /* _WIN32 */
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/krbfileio.c b/krb5-1.21.3/src/lib/krb5/os/krbfileio.c
new file mode 100644
index 00000000..41cd40fc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/krbfileio.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/krbfileio.c */
+/*
+ * Copyright (c) Hewlett-Packard Company 1991
+ * Released to the Massachusetts Institute of Technology for inclusion
+ * in the Kerberos source code distribution.
+ *
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef MODULE_VERSION_ID
+static char *VersionID = "@(#)krbfileio.c       2 - 08/22/91";
+#endif
+
+
+#include "k5-int.h"
+#include "os-proto.h"
+#ifdef HAVE_SYS_FILE_H
+#include <sys/file.h>
+#endif
+#include <fcntl.h>
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#ifdef apollo
+#   define OPEN_MODE_NOT_TRUSTWORTHY
+#endif
+
+krb5_error_code
+k5_create_secure_file(krb5_context context, const char *pathname)
+{
+    int fd;
+
+    /*
+     * Create the file with access restricted to the owner
+     */
+    fd = THREEPARAMOPEN(pathname, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
+
+#ifdef OPEN_MODE_NOT_TRUSTWORTHY
+    /*
+     * Some systems that support default acl inheritance do not
+     * apply ownership information from the process - force the file
+     * to have the proper info.
+     */
+    if (fd > -1) {
+        uid_t   uid;
+        gid_t   gid;
+
+        uid = getuid();
+        gid = getgid();
+
+        fchown(fd, uid, gid);
+
+        fchmod(fd, 0600);
+    }
+#endif /* OPEN_MODE_NOT_TRUSTWORTHY */
+
+    if (fd > -1) {
+        close(fd);
+        return 0;
+    } else {
+        return errno;
+    }
+}
+
+krb5_error_code
+k5_sync_disk_file(krb5_context context, FILE *fp)
+{
+    fflush(fp);
+#if !defined(MSDOS_FILESYSTEM)
+    if (fsync(fileno(fp))) {
+        return errno;
+    }
+#endif
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/ktdefname.c b/krb5-1.21.3/src/lib/krb5/os/ktdefname.c
new file mode 100644
index 00000000..fbe4e98b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/ktdefname.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/ktdefname.c - Return default keytab name */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#define NEED_WINDOWS
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+/* this is a an exceedinly gross thing. */
+char *krb5_overridekeyname = NULL;
+
+static krb5_error_code
+kt_default_name(krb5_context context, char **name_out)
+{
+    krb5_error_code ret;
+    char *str;
+
+    if (krb5_overridekeyname != NULL) {
+        *name_out = strdup(krb5_overridekeyname);
+        return (*name_out == NULL) ? ENOMEM : 0;
+    } else if (context->profile_secure == FALSE &&
+               (str = secure_getenv("KRB5_KTNAME")) != NULL) {
+        *name_out = strdup(str);
+        return (*name_out == NULL) ? ENOMEM : 0;
+    } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                  KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, NULL,
+                                  &str) == 0 && str != NULL) {
+        ret = k5_expand_path_tokens(context, str, name_out);
+        profile_release_string(str);
+        return ret;
+    } else {
+        return k5_expand_path_tokens(context, DEFKTNAME, name_out);
+    }
+}
+
+krb5_error_code
+k5_kt_client_default_name(krb5_context context, char **name_out)
+{
+    krb5_error_code ret;
+    char *str;
+
+    if (context->profile_secure == FALSE &&
+        (str = secure_getenv("KRB5_CLIENT_KTNAME")) != NULL) {
+        *name_out = strdup(str);
+        return (*name_out == NULL) ? ENOMEM : 0;
+    } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                  KRB5_CONF_DEFAULT_CLIENT_KEYTAB_NAME, NULL,
+                                  NULL, &str) == 0 && str != NULL) {
+        ret = k5_expand_path_tokens(context, str, name_out);
+        profile_release_string(str);
+        return ret;
+    } else {
+        return k5_expand_path_tokens(context, DEFCKTNAME, name_out);
+    }
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_default_name(krb5_context context, char *name, int name_size)
+{
+    krb5_error_code ret;
+    unsigned int namesize = (name_size < 0 ? 0 : name_size);
+    char *ktname;
+
+    ret = kt_default_name(context, &ktname);
+    if (ret)
+        return ret;
+    if (strlcpy(name, ktname, namesize) >= namesize)
+        ret = KRB5_CONFIG_NOTENUFSPACE;
+    free(ktname);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/localaddr.c b/krb5-1.21.3/src/lib/krb5/os/localaddr.c
new file mode 100644
index 00000000..92d765f4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/localaddr.c
@@ -0,0 +1,1542 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/localaddr.c */
+/*
+ * Copyright 1990,1991,2000,2001,2002,2004,2007,2008 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Return the protocol addresses supported by this host.
+ * Exports from this file:
+ *   krb5int_foreach_localaddr (does callbacks)
+ *   krb5_os_localaddr (doesn't include krb5.conf extra_addresses)
+ *
+ * XNS support is untested, but "Should just work".  (Hah!)
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+#if !defined(_WIN32)
+
+/* needed for solaris, harmless elsewhere... */
+#define BSD_COMP
+#include <sys/ioctl.h>
+#include <sys/time.h>
+#include <errno.h>
+#include <stddef.h>
+#include <ctype.h>
+
+#if defined(TEST) || defined(DEBUG)
+# include "fake-addrinfo.h"
+#endif
+
+#include "foreachaddr.h"
+
+/* Note: foreach_localaddr is exported from the library through
+   krb5int_accessor, for the KDC to use.
+
+   This function iterates over all the addresses it can find for the
+   local system, in one or two passes.  In each pass, and between the
+   two, it can invoke callback functions supplied by the caller.  The
+   two passes should operate on the same information, though not
+   necessarily in the same order each time.  Duplicate and local
+   addresses should be eliminated.  Storage passed to callback
+   functions should not be assumed to be valid after foreach_localaddr
+   returns.
+
+   The int return value is an errno value (XXX or krb5_error_code
+   returned for a socket error) if something internal to
+   foreach_localaddr fails.  If one of the callback functions wants to
+   indicate an error, it should store something via the 'data' handle.
+   If any callback function returns a non-zero value,
+   foreach_localaddr will clean up and return immediately.
+
+   Multiple definitions are provided below, dependent on various
+   system facilities for extracting the necessary information.  */
+
+/* Now, on to the implementations, and heaps of debugging code.  */
+
+#ifdef TEST
+# define Tprintf(X) printf X
+# define Tperror(X) perror(X)
+#else
+# define Tprintf(X) (void) X
+# define Tperror(X) (void)(X)
+#endif
+
+/*
+ * The SIOCGIF* ioctls require a socket.
+ * It doesn't matter *what* kind of socket they use, but it has to be
+ * a socket.
+ *
+ * Of course, you can't just ask the kernel for a socket of arbitrary
+ * type; you have to ask for one with a valid type.
+ *
+ */
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#ifndef USE_AF
+#define USE_AF AF_INET
+#define USE_TYPE SOCK_DGRAM
+#define USE_PROTO 0
+#endif
+#endif
+
+#ifdef KRB5_USE_NS
+#include <netns/ns.h>
+#ifndef USE_AF
+#define USE_AF AF_NS
+#define USE_TYPE SOCK_DGRAM
+#define USE_PROTO 0             /* guess */
+#endif
+#endif
+/*
+ * Add more address families here.
+ */
+
+
+#if defined(__linux__) && !defined(HAVE_IFADDRS_H)
+#define LINUX_IPV6_HACK
+#endif
+
+#include <errno.h>
+
+/*
+ * Return all the protocol addresses of this host.
+ *
+ * We could kludge up something to return all addresses, assuming that
+ * they're valid kerberos protocol addresses, but we wouldn't know the
+ * real size of the sockaddr or know which part of it was actually the
+ * host part.
+ *
+ * This uses the SIOCGIFCONF, SIOCGIFFLAGS, and SIOCGIFADDR ioctl's.
+ */
+
+/*
+ * BSD 4.4 defines the size of an ifreq to be
+ * max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len
+ * However, under earlier systems, sa_len isn't present, so the size is
+ * just sizeof(struct ifreq).
+ */
+#ifdef HAVE_SA_LEN
+#ifndef max
+#define max(a,b) ((a) > (b) ? (a) : (b))
+#endif
+#define ifreq_size(i) max(sizeof(struct ifreq),                         \
+                          sizeof((i).ifr_name)+(i).ifr_addr.sa_len)
+#else
+#define ifreq_size(i) sizeof(struct ifreq)
+#endif /* HAVE_SA_LEN*/
+
+#if defined(DEBUG) || defined(TEST)
+#include <netinet/in.h>
+#include <net/if.h>
+
+#include "socket-utils.h"
+#include "fake-addrinfo.h"
+
+void printaddr (struct sockaddr *);
+
+void
+printaddr(struct sockaddr *sa)
+/*@modifies fileSystem@*/
+{
+    char buf[NI_MAXHOST];
+    int err;
+
+    printf ("%p ", (void *) sa);
+    err = getnameinfo (sa, sa_socklen (sa), buf, sizeof (buf), 0, 0,
+                       NI_NUMERICHOST);
+    if (err)
+        printf ("<getnameinfo error %d: %s> family=%d",
+                err, gai_strerror (err),
+                sa->sa_family);
+    else
+        printf ("%s", buf);
+}
+#endif
+
+static int
+is_loopback_address(struct sockaddr *sa)
+{
+    switch (sa->sa_family) {
+    case AF_INET: {
+        struct sockaddr_in *s4 = sa2sin(sa);
+        return s4->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
+    }
+    case AF_INET6: {
+        struct sockaddr_in6 *s6 = sa2sin6(sa);
+        return IN6_IS_ADDR_LOOPBACK(&s6->sin6_addr);
+    }
+    default:
+        return 0;
+    }
+}
+
+#ifdef HAVE_IFADDRS_H
+#include <ifaddrs.h>
+
+#ifdef DEBUG
+void
+printifaddr(struct ifaddrs *ifp)
+{
+    printf ("%p={\n", ifp);
+/*  printf ("\tnext=%p\n", ifp->ifa_next); */
+    printf ("\tname=%s\n", ifp->ifa_name);
+    printf ("\tflags=");
+    {
+        int ch, flags = ifp->ifa_flags;
+        printf ("%x", flags);
+        ch = '<';
+#define X(F) if (flags & IFF_##F) { printf ("%c%s", ch, #F); flags &= ~IFF_##F; ch = ','; }
+        X (UP); X (BROADCAST); X (DEBUG); X (LOOPBACK); X (POINTOPOINT);
+        X (NOTRAILERS); X (RUNNING); X (NOARP); X (PROMISC); X (ALLMULTI);
+#ifdef IFF_OACTIVE
+        X (OACTIVE);
+#endif
+#ifdef IFF_SIMPLE
+        X (SIMPLEX);
+#endif
+        X (MULTICAST);
+        printf (">");
+#undef X
+    }
+    if (ifp->ifa_addr)
+        printf ("\n\taddr="), printaddr (ifp->ifa_addr);
+    if (ifp->ifa_netmask)
+        printf ("\n\tnetmask="), printaddr (ifp->ifa_netmask);
+    if (ifp->ifa_broadaddr)
+        printf ("\n\tbroadaddr="), printaddr (ifp->ifa_broadaddr);
+    if (ifp->ifa_dstaddr)
+        printf ("\n\tdstaddr="), printaddr (ifp->ifa_dstaddr);
+    if (ifp->ifa_data)
+        printf ("\n\tdata=%p", ifp->ifa_data);
+    printf ("\n}\n");
+}
+#endif /* DEBUG */
+
+#include <string.h>
+#include <stdlib.h>
+
+static int
+addr_eq (struct sockaddr *s1, struct sockaddr *s2)
+{
+    if (s1->sa_family != s2->sa_family)
+        return 0;
+    switch (s1->sa_family) {
+    case AF_INET:
+        return !memcmp(&sa2sin(s1)->sin_addr, &sa2sin(s2)->sin_addr,
+                       sizeof(sa2sin(s1)->sin_addr));
+    case AF_INET6:
+        return !memcmp(&sa2sin6(s1)->sin6_addr, &sa2sin6(s2)->sin6_addr,
+                       sizeof(sa2sin6(s1)->sin6_addr));
+    default:
+        /* Err on side of duplicate listings.  */
+        return 0;
+    }
+}
+#endif
+
+#ifndef HAVE_IFADDRS_H
+/*@-usereleased@*/ /* lclint doesn't understand realloc */
+static /*@null@*/ void *
+grow_or_free (/*@only@*/ void *ptr, size_t newsize)
+/*@*/
+{
+    void *newptr;
+    newptr = realloc (ptr, newsize);
+    if (newptr == NULL && newsize != 0) {
+        free (ptr);             /* lclint complains but this is right */
+        return NULL;
+    }
+    return newptr;
+}
+/*@=usereleased@*/
+
+static int
+get_ifconf (int s, size_t *lenp, /*@out@*/ char *buf)
+/*@modifies *buf,*lenp@*/
+{
+    int ret;
+    struct ifconf ifc;
+
+    /*@+matchanyintegral@*/
+    ifc.ifc_len = *lenp;
+    /*@=matchanyintegral@*/
+    ifc.ifc_buf = buf;
+    memset(buf, 0, *lenp);
+    /*@-moduncon@*/
+    ret = ioctl (s, SIOCGIFCONF, (char *)&ifc);
+    /*@=moduncon@*/
+    /*@+matchanyintegral@*/
+    *lenp = ifc.ifc_len;
+    /*@=matchanyintegral@*/
+    return ret;
+}
+
+/* Solaris uses SIOCGLIFCONF to return struct lifconf which is just
+   an extended version of struct ifconf.
+
+   HP-UX 11 also appears to have SIOCGLIFCONF, but uses struct
+   if_laddrconf, and struct if_laddrreq to be used with
+   SIOCGLIFADDR.  */
+#if defined(SIOCGLIFCONF) && defined(HAVE_STRUCT_LIFCONF)
+static int
+get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
+/*@modifies *buf,*lenp@*/
+{
+    int ret;
+    struct lifconf lifc;
+
+    lifc.lifc_family = af;
+    lifc.lifc_flags = 0;
+    /*@+matchanyintegral@*/
+    lifc.lifc_len = *lenp;
+    /*@=matchanyintegral@*/
+    lifc.lifc_buf = buf;
+    memset(buf, 0, *lenp);
+    /*@-moduncon@*/
+    ret = ioctl (s, SIOCGLIFCONF, (char *)&lifc);
+    if (ret)
+        Tperror ("SIOCGLIFCONF");
+    /*@=moduncon@*/
+    /*@+matchanyintegral@*/
+    *lenp = lifc.lifc_len;
+    /*@=matchanyintegral@*/
+    return ret;
+}
+#endif
+#if defined(SIOCGLIFCONF) && defined(HAVE_STRUCT_IF_LADDRCONF) && 0
+/* I'm not sure if this is needed or if net/if.h will pull it in.  */
+/* #include <net/if6.h> */
+static int
+get_if_laddrconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
+/*@modifies *buf,*lenp@*/
+{
+    int ret;
+    struct if_laddrconf iflc;
+
+    /*@+matchanyintegral@*/
+    iflc.iflc_len = *lenp;
+    /*@=matchanyintegral@*/
+    iflc.iflc_buf = buf;
+    memset(buf, 0, *lenp);
+    /*@-moduncon@*/
+    ret = ioctl (s, SIOCGLIFCONF, (char *)&iflc);
+    if (ret)
+        Tperror ("SIOCGLIFCONF");
+    /*@=moduncon@*/
+    /*@+matchanyintegral@*/
+    *lenp = iflc.iflc_len;
+    /*@=matchanyintegral@*/
+    return ret;
+}
+#endif
+#endif /* ! HAVE_IFADDRS_H */
+
+#ifdef LINUX_IPV6_HACK
+#include <stdio.h>
+/* Read IPv6 addresses out of /proc/net/if_inet6, since there isn't
+   (currently) any ioctl to return them.  */
+struct linux_ipv6_addr_list {
+    struct sockaddr_in6 addr;
+    struct linux_ipv6_addr_list *next;
+};
+static struct linux_ipv6_addr_list *
+get_linux_ipv6_addrs ()
+{
+    struct linux_ipv6_addr_list *lst = 0;
+    FILE *f;
+
+    /* _PATH_PROCNET_IFINET6 */
+    f = fopen("/proc/net/if_inet6", "r");
+    if (f) {
+        char ifname[21];
+        unsigned int idx, pfxlen, scope, dadstat;
+        struct in6_addr a6;
+        struct linux_ipv6_addr_list *nw;
+        int i;
+        unsigned int addrbyte[16];
+
+        set_cloexec_file(f);
+        while (fscanf(f,
+                      "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x"
+                      " %2x %2x %2x %2x %20s\n",
+                      &addrbyte[0], &addrbyte[1], &addrbyte[2], &addrbyte[3],
+                      &addrbyte[4], &addrbyte[5], &addrbyte[6], &addrbyte[7],
+                      &addrbyte[8], &addrbyte[9], &addrbyte[10], &addrbyte[11],
+                      &addrbyte[12], &addrbyte[13], &addrbyte[14],
+                      &addrbyte[15],
+                      &idx, &pfxlen, &scope, &dadstat, ifname) != EOF) {
+            for (i = 0; i < 16; i++)
+                a6.s6_addr[i] = addrbyte[i];
+            if (scope != 0)
+                continue;
+            nw = calloc (1, sizeof (struct linux_ipv6_addr_list));
+            if (nw == 0)
+                continue;
+            nw->addr.sin6_addr = a6;
+            nw->addr.sin6_family = AF_INET6;
+            /* Ignore other fields, we don't actually use them here.  */
+            nw->next = lst;
+            lst = nw;
+        }
+        fclose (f);
+    }
+    return lst;
+}
+#endif
+
+/* Return value is errno if internal stuff failed, otherwise zero,
+   even in the case where a called function terminated the iteration.
+
+   If one of the callback functions wants to pass back an error
+   indication, it should do it via some field pointed to by the DATA
+   argument.  */
+
+#ifdef HAVE_IFADDRS_H
+
+int
+foreach_localaddr (/*@null@*/ void *data,
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
+#if defined(DEBUG) || defined(TEST)
+/*@modifies fileSystem@*/
+#endif
+{
+    struct ifaddrs *ifp_head, *ifp, *ifp2;
+    int match;
+
+    if (getifaddrs (&ifp_head) < 0)
+        return errno;
+    for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) {
+#ifdef DEBUG
+        printifaddr (ifp);
+#endif
+        if ((ifp->ifa_flags & IFF_UP) == 0)
+            continue;
+        if (ifp->ifa_addr == NULL) {
+            /* Can't use an interface without an address.  Linux
+               apparently does this sometimes.  [RT ticket 1770 from
+               Maurice Massar, also Debian bug 206851, shows the
+               problem with a PPP link on a newer kernel than I'm
+               running.]
+
+               Pretend it's not up, so the second pass will skip
+               it.  */
+            ifp->ifa_flags &= ~IFF_UP;
+            continue;
+        }
+        if (is_loopback_address(ifp->ifa_addr)) {
+            /* Pretend it's not up, so the second pass will skip
+               it.  */
+            ifp->ifa_flags &= ~IFF_UP;
+            continue;
+        }
+        /* If this address is a duplicate, punt.  */
+        match = 0;
+        for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
+            if ((ifp2->ifa_flags & IFF_UP) == 0)
+                continue;
+            if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
+                match = 1;
+                ifp->ifa_flags &= ~IFF_UP;
+                break;
+            }
+        }
+        if (match)
+            continue;
+        if ((*pass1fn) (data, ifp->ifa_addr))
+            goto punt;
+    }
+    if (betweenfn && (*betweenfn)(data))
+        goto punt;
+    if (pass2fn)
+        for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) {
+            if (ifp->ifa_flags & IFF_UP)
+                if ((*pass2fn) (data, ifp->ifa_addr))
+                    goto punt;
+        }
+punt:
+    freeifaddrs (ifp_head);
+    return 0;
+}
+
+#elif defined (SIOCGLIFNUM) && defined(HAVE_STRUCT_LIFCONF) /* Solaris 8 and later; Sol 7? */
+
+int
+foreach_localaddr (/*@null@*/ void *data,
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
+#if defined(DEBUG) || defined(TEST)
+/*@modifies fileSystem@*/
+#endif
+{
+    /* Okay, this is kind of odd.  We have to use each of the address
+       families we care about, because with an AF_INET socket, extra
+       interfaces like hme0:1 that have only AF_INET6 addresses will
+       cause errors.  Similarly, if hme0 has more AF_INET addresses
+       than AF_INET6 addresses, we won't be able to retrieve all of
+       the AF_INET addresses if we use an AF_INET6 socket.  Since
+       neither family is guaranteed to have the greater number of
+       addresses, we should use both.
+
+       If it weren't for this little quirk, we could use one socket of
+       any type, and ask for addresses of all types.  At least, it
+       seems to work that way.  */
+
+    static const int afs[] = { AF_INET, AF_NS, AF_INET6 };
+#define N_AFS (sizeof (afs) / sizeof (afs[0]))
+    struct {
+        int af;
+        int sock;
+        void *buf;
+        size_t buf_size;
+        struct lifnum lifnum;
+    } afp[N_AFS];
+    int code, i, j;
+    int retval = 0, afidx;
+    krb5_error_code sock_err = 0;
+    struct lifreq *lifr, lifreq, *lifr2;
+
+#define FOREACH_AF() for (afidx = 0; afidx < N_AFS; afidx++)
+#define P (afp[afidx])
+
+    /* init */
+    FOREACH_AF () {
+        P.af = afs[afidx];
+        P.sock = -1;
+        P.buf = 0;
+    }
+
+    /* first pass: get raw data, discard uninteresting addresses, callback */
+    FOREACH_AF () {
+        Tprintf (("trying af %d...\n", P.af));
+        P.sock = socket (P.af, USE_TYPE, USE_PROTO);
+        if (P.sock < 0) {
+            sock_err = SOCKET_ERROR;
+            Tperror ("socket");
+            continue;
+        }
+        set_cloexec_fd(P.sock);
+
+        P.lifnum.lifn_family = P.af;
+        P.lifnum.lifn_flags = 0;
+        P.lifnum.lifn_count = 0;
+        code = ioctl (P.sock, SIOCGLIFNUM, &P.lifnum);
+        if (code) {
+            Tperror ("ioctl(SIOCGLIFNUM)");
+            retval = errno;
+            goto punt;
+        }
+
+        P.buf_size = P.lifnum.lifn_count * sizeof (struct lifreq) * 2;
+        P.buf = malloc (P.buf_size);
+        if (P.buf == NULL) {
+            retval = ENOMEM;
+            goto punt;
+        }
+
+        code = get_lifconf (P.af, P.sock, &P.buf_size, P.buf);
+        if (code < 0) {
+            retval = errno;
+            goto punt;
+        }
+
+        for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+            lifr = (struct lifreq *)((caddr_t) P.buf+i);
+
+            strncpy(lifreq.lifr_name, lifr->lifr_name,
+                    sizeof (lifreq.lifr_name));
+            Tprintf (("interface %s\n", lifreq.lifr_name));
+            /*@-moduncon@*/ /* ioctl unknown to lclint */
+            if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) {
+                Tperror ("ioctl(SIOCGLIFFLAGS)");
+            skip:
+                /* mark for next pass */
+                lifr->lifr_name[0] = '\0';
+                continue;
+            }
+            /*@=moduncon@*/
+
+            /* None of the current callers want loopback addresses.  */
+            if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
+                Tprintf (("  loopback\n"));
+                goto skip;
+            }
+            /* Ignore interfaces that are down.  */
+            if ((lifreq.lifr_flags & IFF_UP) == 0) {
+                Tprintf (("  down\n"));
+                goto skip;
+            }
+
+            /* Make sure we didn't process this address already.  */
+            for (j = 0; j < i; j += sizeof (*lifr2)) {
+                lifr2 = (struct lifreq *)((caddr_t) P.buf+j);
+                if (lifr2->lifr_name[0] == '\0')
+                    continue;
+                if (lifr2->lifr_addr.ss_family == lifr->lifr_addr.ss_family
+                    /* Compare address info.  If this isn't good enough --
+                       i.e., if random padding bytes turn out to differ
+                       when the addresses are the same -- then we'll have
+                       to do it on a per address family basis.  */
+                    && !memcmp (&lifr2->lifr_addr, &lifr->lifr_addr,
+                                sizeof (*lifr))) {
+                    Tprintf (("  duplicate addr\n"));
+                    goto skip;
+                }
+            }
+
+            /*@-moduncon@*/
+            if ((*pass1fn) (data, ss2sa (&lifr->lifr_addr)))
+                goto punt;
+            /*@=moduncon@*/
+        }
+    }
+
+    /* Did we actually get any working sockets?  */
+    FOREACH_AF ()
+        if (P.sock != -1)
+            goto have_working_socket;
+    retval = sock_err;
+    goto punt;
+have_working_socket:
+
+    /*@-moduncon@*/
+    if (betweenfn != NULL && (*betweenfn)(data))
+        goto punt;
+    /*@=moduncon@*/
+
+    if (pass2fn)
+        FOREACH_AF ()
+            if (P.sock >= 0) {
+                for (i = 0; i + sizeof (*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+                    lifr = (struct lifreq *)((caddr_t) P.buf+i);
+
+                    if (lifr->lifr_name[0] == '\0')
+                        /* Marked in first pass to be ignored.  */
+                        continue;
+
+                    /*@-moduncon@*/
+                    if ((*pass2fn) (data, ss2sa (&lifr->lifr_addr)))
+                        goto punt;
+                    /*@=moduncon@*/
+                }
+            }
+punt:
+    FOREACH_AF () {
+        /*@-moduncon@*/
+        closesocket(P.sock);
+        /*@=moduncon@*/
+        free (P.buf);
+    }
+
+    return retval;
+}
+
+#elif defined (SIOCGLIFNUM) && defined(HAVE_STRUCT_IF_LADDRCONF) && 0 /* HP-UX 11 support being debugged */
+
+int
+foreach_localaddr (/*@null@*/ void *data,
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
+#if defined(DEBUG) || defined(TEST)
+/*@modifies fileSystem@*/
+#endif
+{
+    /* Okay, this is kind of odd.  We have to use each of the address
+       families we care about, because with an AF_INET socket, extra
+       interfaces like hme0:1 that have only AF_INET6 addresses will
+       cause errors.  Similarly, if hme0 has more AF_INET addresses
+       than AF_INET6 addresses, we won't be able to retrieve all of
+       the AF_INET addresses if we use an AF_INET6 socket.  Since
+       neither family is guaranteed to have the greater number of
+       addresses, we should use both.
+
+       If it weren't for this little quirk, we could use one socket of
+       any type, and ask for addresses of all types.  At least, it
+       seems to work that way.  */
+
+    static const int afs[] = { AF_INET, AF_NS, AF_INET6 };
+#define N_AFS (sizeof (afs) / sizeof (afs[0]))
+    struct {
+        int af;
+        int sock;
+        void *buf;
+        size_t buf_size;
+        int if_num;
+    } afp[N_AFS];
+    int code, i, j;
+    int retval = 0, afidx;
+    krb5_error_code sock_err = 0;
+    struct if_laddrreq *lifr, lifreq, *lifr2;
+
+#define FOREACH_AF() for (afidx = 0; afidx < N_AFS; afidx++)
+#define P (afp[afidx])
+
+    /* init */
+    FOREACH_AF () {
+        P.af = afs[afidx];
+        P.sock = -1;
+        P.buf = 0;
+    }
+
+    /* first pass: get raw data, discard uninteresting addresses, callback */
+    FOREACH_AF () {
+        Tprintf (("trying af %d...\n", P.af));
+        P.sock = socket (P.af, USE_TYPE, USE_PROTO);
+        if (P.sock < 0) {
+            sock_err = SOCKET_ERROR;
+            Tperror ("socket");
+            continue;
+        }
+        set_cloexec_fd(P.sock);
+
+        code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num);
+        if (code) {
+            Tperror ("ioctl(SIOCGLIFNUM)");
+            retval = errno;
+            goto punt;
+        }
+
+        P.buf_size = P.if_num * sizeof (struct if_laddrreq) * 2;
+        P.buf = malloc (P.buf_size);
+        if (P.buf == NULL) {
+            retval = ENOMEM;
+            goto punt;
+        }
+
+        code = get_if_laddrconf (P.af, P.sock, &P.buf_size, P.buf);
+        if (code < 0) {
+            retval = errno;
+            goto punt;
+        }
+
+        for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+            lifr = (struct if_laddrreq *)((caddr_t) P.buf+i);
+
+            strncpy(lifreq.iflr_name, lifr->iflr_name,
+                    sizeof (lifreq.iflr_name));
+            Tprintf (("interface %s\n", lifreq.iflr_name));
+            /*@-moduncon@*/ /* ioctl unknown to lclint */
+            if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) {
+                Tperror ("ioctl(SIOCGLIFFLAGS)");
+            skip:
+                /* mark for next pass */
+                lifr->iflr_name[0] = '\0';
+                continue;
+            }
+            /*@=moduncon@*/
+
+            /* None of the current callers want loopback addresses.  */
+            if (is_loopback_address(&lifr->iflr_addr)) {
+                Tprintf (("  loopback\n"));
+                goto skip;
+            }
+            /* Ignore interfaces that are down.  */
+            if ((lifreq.iflr_flags & IFF_UP) == 0) {
+                Tprintf (("  down\n"));
+                goto skip;
+            }
+
+            /* Make sure we didn't process this address already.  */
+            for (j = 0; j < i; j += sizeof (*lifr2)) {
+                lifr2 = (struct if_laddrreq *)((caddr_t) P.buf+j);
+                if (lifr2->iflr_name[0] == '\0')
+                    continue;
+                if (lifr2->iflr_addr.sa_family == lifr->iflr_addr.sa_family
+                    /* Compare address info.  If this isn't good enough --
+                       i.e., if random padding bytes turn out to differ
+                       when the addresses are the same -- then we'll have
+                       to do it on a per address family basis.  */
+                    && !memcmp (&lifr2->iflr_addr, &lifr->iflr_addr,
+                                sizeof (*lifr))) {
+                    Tprintf (("  duplicate addr\n"));
+                    goto skip;
+                }
+            }
+
+            /*@-moduncon@*/
+            if ((*pass1fn) (data, ss2sa (&lifr->iflr_addr)))
+                goto punt;
+            /*@=moduncon@*/
+        }
+    }
+
+    /* Did we actually get any working sockets?  */
+    FOREACH_AF ()
+        if (P.sock != -1)
+            goto have_working_socket;
+    retval = sock_err;
+    goto punt;
+have_working_socket:
+
+    /*@-moduncon@*/
+    if (betweenfn != NULL && (*betweenfn)(data))
+        goto punt;
+    /*@=moduncon@*/
+
+    if (pass2fn)
+        FOREACH_AF ()
+            if (P.sock >= 0) {
+                for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+                    lifr = (struct if_laddrreq *)((caddr_t) P.buf+i);
+
+                    if (lifr->iflr_name[0] == '\0')
+                        /* Marked in first pass to be ignored.  */
+                        continue;
+
+                    /*@-moduncon@*/
+                    if ((*pass2fn) (data, ss2sa (&lifr->iflr_addr)))
+                        goto punt;
+                    /*@=moduncon@*/
+                }
+            }
+punt:
+    FOREACH_AF () {
+        /*@-moduncon@*/
+        closesocket(P.sock);
+        /*@=moduncon@*/
+        free (P.buf);
+    }
+
+    return retval;
+}
+
+#else /* not defined (SIOCGLIFNUM) */
+
+#define SLOP (sizeof (struct ifreq) + 128)
+
+static int
+get_ifreq_array(char **bufp, size_t *np, int s)
+{
+    int code;
+    int est_if_count = 8;
+    size_t est_ifreq_size;
+    char *buf = 0;
+    size_t current_buf_size = 0, size, n;
+#ifdef SIOCGSIZIFCONF
+    int ifconfsize = -1;
+#endif
+#ifdef SIOCGIFNUM
+    int numifs = -1;
+#endif
+
+    *bufp = NULL;
+    *np = 0;
+
+    /* At least on NetBSD, an ifreq can hold an IPv4 address, but
+       isn't big enough for an IPv6 or ethernet address.  So add a
+       little more space.  */
+    est_ifreq_size = sizeof (struct ifreq) + 8;
+#ifdef SIOCGSIZIFCONF
+    code = ioctl (s, SIOCGSIZIFCONF, &ifconfsize);
+    if (!code) {
+        current_buf_size = ifconfsize;
+        est_if_count = ifconfsize / est_ifreq_size;
+    }
+#elif defined (SIOCGIFNUM)
+    code = ioctl (s, SIOCGIFNUM, &numifs);
+    if (!code && numifs > 0)
+        est_if_count = numifs;
+#endif
+    if (current_buf_size == 0)
+        current_buf_size = est_ifreq_size * est_if_count + SLOP;
+    buf = malloc (current_buf_size);
+    if (buf == NULL)
+        return ENOMEM;
+
+ask_again:
+    size = current_buf_size;
+    code = get_ifconf (s, &size, buf);
+    if (code < 0) {
+        code = errno;
+        free (buf);
+        return code;
+    }
+    /* Test that the buffer was big enough that another ifreq could've
+       fit easily, if the OS wanted to provide one.  That seems to be
+       the only indication we get, complicated by the fact that the
+       associated address may make the required storage a little
+       bigger than the size of an ifreq.  */
+    if (current_buf_size - size < SLOP
+#ifdef SIOCGSIZIFCONF
+        /* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's
+           trust the value it returns.  */
+        && ifconfsize <= 0
+#elif defined (SIOCGIFNUM)
+        && numifs <= 0
+#endif
+        /* And we need *some* sort of bounds.  */
+        && current_buf_size <= 100000
+    ) {
+        size_t new_size;
+
+        est_if_count *= 2;
+        new_size = est_ifreq_size * est_if_count + SLOP;
+        buf = grow_or_free (buf, new_size);
+        if (buf == 0)
+            return ENOMEM;
+        current_buf_size = new_size;
+        goto ask_again;
+    }
+
+    n = size;
+    if (n > current_buf_size)
+        n = current_buf_size;
+
+    *bufp = buf;
+    *np = n;
+    return 0;
+}
+
+int
+foreach_localaddr (/*@null@*/ void *data,
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
+#if defined(DEBUG) || defined(TEST)
+/*@modifies fileSystem@*/
+#endif
+{
+    struct ifreq *ifr, ifreq, *ifr2;
+    int s;
+    char *buf = 0;
+    size_t n, i, j;
+    int retval = 0;
+#ifdef LINUX_IPV6_HACK
+    struct linux_ipv6_addr_list *linux_ipv6_addrs = get_linux_ipv6_addrs ();
+    struct linux_ipv6_addr_list *lx_v6;
+#endif
+
+    s = socket (USE_AF, USE_TYPE, USE_PROTO);
+    if (s < 0)
+        return SOCKET_ERRNO;
+    set_cloexec_fd(s);
+
+    retval = get_ifreq_array(&buf, &n, s);
+    if (retval) {
+        /*@-moduncon@*/ /* close() unknown to lclint */
+        closesocket(s);
+        /*@=moduncon@*/
+        return retval;
+    }
+
+    /* Note: Apparently some systems put the size (used or wanted?)
+       into the start of the buffer, just none that I'm actually
+       using.  Fix this when there's such a test system available.
+       The Samba mailing list archives mention that NTP looks for the
+       size on these systems: *-fujitsu-uxp* *-ncr-sysv4*
+       *-univel-sysv*.  */
+    for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) {
+        ifr = (struct ifreq *)((caddr_t) buf+i);
+        /* In case ifreq_size is more than sizeof().  */
+        if (i + ifreq_size(*ifr) > n)
+            break;
+
+        strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
+        Tprintf (("interface %s\n", ifreq.ifr_name));
+        /*@-moduncon@*/ /* ioctl unknown to lclint */
+        if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
+        skip:
+            /* mark for next pass */
+            ifr->ifr_name[0] = '\0';
+            continue;
+        }
+        /*@=moduncon@*/
+
+        /* None of the current callers want loopback addresses.  */
+        if (is_loopback_address(&ifreq.ifr_addr)) {
+            Tprintf (("  loopback\n"));
+            goto skip;
+        }
+        /* Ignore interfaces that are down.  */
+        if ((ifreq.ifr_flags & IFF_UP) == 0) {
+            Tprintf (("  down\n"));
+            goto skip;
+        }
+
+        /* Make sure we didn't process this address already.  */
+        for (j = 0; j < i; j += ifreq_size(*ifr2)) {
+            ifr2 = (struct ifreq *)((caddr_t) buf+j);
+            if (ifr2->ifr_name[0] == '\0')
+                continue;
+            if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family
+                && ifreq_size (*ifr) == ifreq_size (*ifr2)
+                /* Compare address info.  If this isn't good enough --
+                   i.e., if random padding bytes turn out to differ
+                   when the addresses are the same -- then we'll have
+                   to do it on a per address family basis.  */
+                && !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data,
+                            (ifreq_size (*ifr)
+                             - offsetof (struct ifreq, ifr_addr.sa_data)))) {
+                Tprintf (("  duplicate addr\n"));
+                goto skip;
+            }
+        }
+
+        /*@-moduncon@*/
+        if ((*pass1fn) (data, &ifr->ifr_addr))
+            goto punt;
+        /*@=moduncon@*/
+    }
+
+#ifdef LINUX_IPV6_HACK
+    for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next)
+        if ((*pass1fn) (data, (struct sockaddr *) &lx_v6->addr))
+            goto punt;
+#endif
+
+    /*@-moduncon@*/
+    if (betweenfn != NULL && (*betweenfn)(data))
+        goto punt;
+    /*@=moduncon@*/
+
+    if (pass2fn) {
+        for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) {
+            ifr = (struct ifreq *)((caddr_t) buf+i);
+
+            if (ifr->ifr_name[0] == '\0')
+                /* Marked in first pass to be ignored.  */
+                continue;
+
+            /*@-moduncon@*/
+            if ((*pass2fn) (data, &ifr->ifr_addr))
+                goto punt;
+            /*@=moduncon@*/
+        }
+#ifdef LINUX_IPV6_HACK
+        for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next)
+            if ((*pass2fn) (data, (struct sockaddr *) &lx_v6->addr))
+                goto punt;
+#endif
+    }
+punt:
+    /*@-moduncon@*/
+    closesocket(s);
+    /*@=moduncon@*/
+    free (buf);
+#ifdef LINUX_IPV6_HACK
+    while (linux_ipv6_addrs) {
+        lx_v6 = linux_ipv6_addrs->next;
+        free (linux_ipv6_addrs);
+        linux_ipv6_addrs = lx_v6;
+    }
+#endif
+
+    return retval;
+}
+
+#endif /* not HAVE_IFADDRS_H and not SIOCGLIFNUM */
+
+static krb5_error_code
+get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile);
+
+#ifdef TEST
+
+static int print_addr (/*@unused@*/ void *dataptr, struct sockaddr *sa)
+/*@modifies fileSystem@*/
+{
+    char hostbuf[NI_MAXHOST];
+    int err;
+    socklen_t len;
+
+    printf ("  --> family %2d ", sa->sa_family);
+    len = sa_socklen (sa);
+    err = getnameinfo (sa, len, hostbuf, (socklen_t) sizeof (hostbuf),
+                       (char *) NULL, 0, NI_NUMERICHOST);
+    if (err) {
+        int e = errno;
+        printf ("<getnameinfo error %d: %s>\n", err, gai_strerror (err));
+        if (err == EAI_SYSTEM)
+            printf ("\t\t<errno is %d: %s>\n", e, strerror(e));
+    } else
+        printf ("addr %s\n", hostbuf);
+    return 0;
+}
+
+int main ()
+{
+    int r;
+
+    (void) setvbuf (stdout, (char *)NULL, _IONBF, 0);
+    r = foreach_localaddr (0, print_addr, NULL, NULL);
+    printf ("return value = %d\n", r);
+    return 0;
+}
+
+#else /* not TESTing */
+
+struct localaddr_data {
+    int count, mem_err, cur_idx, cur_size;
+    krb5_address **addr_temp;
+};
+
+static int
+count_addrs (void *P_data, struct sockaddr *a)
+/*@*/
+{
+    struct localaddr_data *data = P_data;
+    switch (a->sa_family) {
+    case AF_INET:
+    case AF_INET6:
+#ifdef KRB5_USE_NS
+    case AF_XNS:
+#endif
+        data->count++;
+        break;
+    default:
+        break;
+    }
+    return 0;
+}
+
+static int
+allocate (void *P_data)
+/*@*/
+{
+    struct localaddr_data *data = P_data;
+    int i;
+    void *n;
+
+    n = realloc (data->addr_temp,
+                 (1 + data->count + data->cur_idx) * sizeof (krb5_address *));
+    if (n == 0) {
+        data->mem_err++;
+        return 1;
+    }
+    data->addr_temp = n;
+    data->cur_size = 1 + data->count + data->cur_idx;
+    for (i = data->cur_idx; i <= data->count + data->cur_idx; i++)
+        data->addr_temp[i] = 0;
+    return 0;
+}
+
+static /*@null@*/ krb5_address *
+make_addr (int type, size_t length, const void *contents)
+/*@*/
+{
+    krb5_address *a;
+    void *data;
+
+    data = malloc (length);
+    if (data == NULL)
+        return NULL;
+    a = malloc (sizeof (krb5_address));
+    if (a == NULL) {
+        free (data);
+        return NULL;
+    }
+    memcpy (data, contents, length);
+    a->magic = KV5M_ADDRESS;
+    a->addrtype = type;
+    a->length = length;
+    a->contents = data;
+    return a;
+}
+
+static int
+add_addr (void *P_data, struct sockaddr *a)
+/*@modifies *P_data@*/
+{
+    struct localaddr_data *data = P_data;
+    /*@null@*/ krb5_address *address = 0;
+
+    switch (a->sa_family) {
+#ifdef HAVE_NETINET_IN_H
+    case AF_INET:
+        address = make_addr (ADDRTYPE_INET, sizeof (struct in_addr),
+                             &sa2sin(a)->sin_addr);
+        if (address == NULL)
+            data->mem_err++;
+        break;
+
+    case AF_INET6:
+    {
+        const struct sockaddr_in6 *in = sa2sin6(a);
+
+        if (IN6_IS_ADDR_LINKLOCAL (&in->sin6_addr))
+            break;
+
+        address = make_addr (ADDRTYPE_INET6, sizeof (struct in6_addr),
+                             &in->sin6_addr);
+        if (address == NULL)
+            data->mem_err++;
+        break;
+    }
+#endif /* netinet/in.h */
+
+#ifdef KRB5_USE_NS
+    case AF_XNS:
+        address = make_addr (ADDRTYPE_XNS, sizeof (struct ns_addr),
+                             &((const struct sockaddr_ns *)a)->sns_addr);
+        if (address == NULL)
+            data->mem_err++;
+        break;
+#endif
+
+#ifdef AF_LINK
+        /* Some BSD-based systems (e.g. NetBSD 1.5) and AIX will
+           include the ethernet address, but we don't want that, at
+           least for now.  */
+    case AF_LINK:
+        break;
+#endif
+        /*
+         * Add more address families here..
+         */
+    default:
+        break;
+    }
+#ifdef __LCLINT__
+    /* Redundant but unconditional store un-confuses lclint.  */
+    data->addr_temp[data->cur_idx] = address;
+#endif
+    if (address) {
+        data->addr_temp[data->cur_idx++] = address;
+    }
+
+    return data->mem_err;
+}
+
+static krb5_error_code
+krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap)
+{
+    krb5_error_code err;
+    static const char *const profile_name[] = {
+        KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0
+    };
+    char **values;
+    char **iter;
+    krb5_address **newaddrs;
+
+#ifdef DEBUG
+    fprintf (stderr, "looking up extra_addresses foo\n");
+#endif
+
+    err = profile_get_values (context->profile, profile_name, &values);
+    /* Ignore all errors for now?  */
+    if (err)
+        return 0;
+
+    for (iter = values; *iter; iter++) {
+        char *cp = *iter, *next, *current;
+        int i, count;
+
+#ifdef DEBUG
+        fprintf (stderr, "  found line: '%s'\n", cp);
+#endif
+
+        for (cp = *iter, next = 0; *cp; cp = next) {
+            while (isspace ((int) *cp) || *cp == ',')
+                cp++;
+            if (*cp == 0)
+                break;
+            /* Start of an address.  */
+#ifdef DEBUG
+            fprintf (stderr, "    addr found in '%s'\n", cp);
+#endif
+            current = cp;
+            while (*cp != 0 && !isspace((int) *cp) && *cp != ',')
+                cp++;
+            if (*cp != 0) {
+                next = cp + 1;
+                *cp = 0;
+            } else
+                next = cp;
+            /* Got a single address, process it.  */
+#ifdef DEBUG
+            fprintf (stderr, "    processing '%s'\n", current);
+#endif
+            newaddrs = 0;
+            err = k5_os_hostaddr (context, current, &newaddrs);
+            if (err)
+                continue;
+            for (i = 0; newaddrs[i]; i++) {
+#ifdef DEBUG
+                fprintf (stderr, "    %d: family %d", i,
+                         newaddrs[i]->addrtype);
+                fprintf (stderr, "\n");
+#endif
+            }
+            count = i;
+#ifdef DEBUG
+            fprintf (stderr, "    %d addresses\n", count);
+#endif
+            if (datap->cur_idx + count >= datap->cur_size) {
+                krb5_address **bigger;
+                bigger = realloc (datap->addr_temp,
+                                  sizeof (krb5_address *) * (datap->cur_idx + count));
+                if (bigger) {
+                    datap->addr_temp = bigger;
+                    datap->cur_size = datap->cur_idx + count;
+                }
+            }
+            for (i = 0; i < count; i++) {
+                if (datap->cur_idx < datap->cur_size)
+                    datap->addr_temp[datap->cur_idx++] = newaddrs[i];
+                else
+                    free (newaddrs[i]->contents), free (newaddrs[i]);
+            }
+            free (newaddrs);
+        }
+    }
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_os_localaddr(krb5_context context, krb5_address ***addr)
+{
+    return get_localaddrs(context, addr, 1);
+}
+
+static krb5_error_code
+get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile)
+{
+    struct localaddr_data data = { 0 };
+    int r;
+
+    /* Ignore errors for now. */
+    if (use_profile)
+        (void)krb5_os_localaddr_profile (context, &data);
+
+    r = foreach_localaddr (&data, count_addrs, allocate, add_addr);
+    if (r != 0) {
+        int i;
+        if (data.addr_temp) {
+            for (i = 0; i < data.count; i++)
+                free (data.addr_temp[i]);
+            free (data.addr_temp);
+        }
+        if (data.mem_err)
+            return ENOMEM;
+        else
+            return r;
+    }
+
+    data.cur_idx++; /* null termination */
+    if (data.mem_err)
+        return ENOMEM;
+    else if (data.cur_idx == data.count)
+        *addr = data.addr_temp;
+    else {
+        /* This can easily happen if we have IPv6 link-local
+           addresses.  Just shorten the array.  */
+        *addr = (krb5_address **) realloc (data.addr_temp,
+                                           (sizeof (krb5_address *)
+                                            * data.cur_idx));
+        if (*addr == 0)
+            /* Okay, shortening failed, but the original should still
+               be intact.  */
+            *addr = data.addr_temp;
+    }
+
+#ifdef DEBUG
+    {
+        int j;
+        fprintf (stderr, "addresses:\n");
+        for (j = 0; addr[0][j]; j++) {
+            struct sockaddr_storage ss;
+            int err2;
+            char namebuf[NI_MAXHOST];
+            void *addrp = 0;
+
+            fprintf (stderr, "%2d: ", j);
+            fprintf (stderr, "addrtype %2d, length %2d", addr[0][j]->addrtype,
+                     addr[0][j]->length);
+            memset (&ss, 0, sizeof (ss));
+            switch (addr[0][j]->addrtype) {
+            case ADDRTYPE_INET:
+            {
+                struct sockaddr_in *sinp = ss2sin (&ss);
+                sinp->sin_family = AF_INET;
+                addrp = &sinp->sin_addr;
+                break;
+            }
+            case ADDRTYPE_INET6:
+            {
+                struct sockaddr_in6 *sin6p = ss2sin6 (&ss);
+                sin6p->sin6_family = AF_INET6;
+                addrp = &sin6p->sin6_addr;
+                break;
+            }
+            default:
+                ss2sa(&ss)->sa_family = 0;
+                break;
+            }
+            if (addrp)
+                memcpy (addrp, addr[0][j]->contents, addr[0][j]->length);
+            err2 = getnameinfo (ss2sa(&ss), sa_socklen (ss2sa (&ss)),
+                                namebuf, sizeof (namebuf), 0, 0,
+                                NI_NUMERICHOST);
+            if (err2 == 0)
+                fprintf (stderr, ": addr %s\n", namebuf);
+            else
+                fprintf (stderr, ": getnameinfo error %d\n", err2);
+        }
+    }
+#endif
+
+    return 0;
+}
+
+#endif /* not TESTing */
+
+#else /* Windows/Mac version */
+
+/*
+ * Hold on to your lunch!  Backup kludge method of obtaining your
+ * local IP address, courtesy of Windows Socket Network Programming,
+ * by Robert Quinn
+ */
+#if defined(_WIN32)
+static struct hostent *local_addr_fallback_kludge()
+{
+    static struct hostent   host;
+    static SOCKADDR_IN      addr;
+    static char *           ip_ptrs[2];
+    SOCKET                  sock;
+    int                     size = sizeof(SOCKADDR);
+    int                     err;
+
+    sock = socket(AF_INET, SOCK_DGRAM, 0);
+    if (sock == INVALID_SOCKET)
+        return NULL;
+    set_cloexec_fd(sock);
+
+    /* connect to arbitrary port and address (NOT loopback) */
+    addr.sin_family = AF_INET;
+    addr.sin_port = htons(IPPORT_ECHO);
+    addr.sin_addr.s_addr = inet_addr("204.137.220.51");
+
+    err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR));
+    if (err == SOCKET_ERROR)
+        return NULL;
+
+    err = getsockname(sock, (LPSOCKADDR) &addr, (int *) size);
+    if (err == SOCKET_ERROR)
+        return NULL;
+
+    closesocket(sock);
+
+    host.h_name = 0;
+    host.h_aliases = 0;
+    host.h_addrtype = AF_INET;
+    host.h_length = 4;
+    host.h_addr_list = ip_ptrs;
+    ip_ptrs[0] = (char *) &addr.sin_addr.s_addr;
+    ip_ptrs[1] = NULL;
+
+    return &host;
+}
+#endif
+
+/* No ioctls in winsock so we just assume there is only one networking
+ * card per machine, so gethostent is good enough.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_os_localaddr (krb5_context context, krb5_address ***addr) {
+    char host[64];                              /* Name of local machine */
+    struct hostent *hostrec;
+    int err, count, i;
+    krb5_address ** paddr;
+
+    *addr = 0;
+    paddr = 0;
+    err = 0;
+
+    if (gethostname (host, sizeof(host))) {
+        err = SOCKET_ERRNO;
+    }
+
+    if (!err) {
+        hostrec = gethostbyname (host);
+        if (hostrec == NULL) {
+            err = SOCKET_ERRNO;
+        }
+    }
+
+    if (err) {
+        hostrec = local_addr_fallback_kludge();
+        if (!hostrec)
+            return err;
+        else
+            err = 0;  /* otherwise we will die at cleanup */
+    }
+
+    for (count = 0; hostrec->h_addr_list[count]; count++);
+
+
+    paddr = (krb5_address **)calloc(count+1, sizeof(krb5_address *));
+    if (!paddr) {
+        err = ENOMEM;
+        goto cleanup;
+    }
+
+    for (i = 0; i < count; i++) {
+        paddr[i] = (krb5_address *)malloc(sizeof(krb5_address));
+        if (paddr[i] == NULL) {
+            err = ENOMEM;
+            goto cleanup;
+        }
+
+        paddr[i]->magic = KV5M_ADDRESS;
+        paddr[i]->addrtype = hostrec->h_addrtype;
+        paddr[i]->length = hostrec->h_length;
+        paddr[i]->contents = (unsigned char *)malloc(paddr[i]->length);
+        if (!paddr[i]->contents) {
+            err = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(paddr[i]->contents,
+               hostrec->h_addr_list[i],
+               paddr[i]->length);
+    }
+
+cleanup:
+    if (err) {
+        if (paddr) {
+            for (i = 0; i < count; i++)
+            {
+                if (paddr[i]) {
+                    if (paddr[i]->contents)
+                        free(paddr[i]->contents);
+                    free(paddr[i]);
+                }
+            }
+            free(paddr);
+        }
+    }
+    else
+        *addr = paddr;
+
+    return(err);
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/os/localauth.c b/krb5-1.21.3/src/lib/krb5/os/localauth.c
new file mode 100644
index 00000000..8e1a3a3f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/localauth.c
@@ -0,0 +1,443 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/localauth.c - Authorize access to local accounts */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/localauth_plugin.h>
+
+struct localauth_module_handle {
+    struct krb5_localauth_vtable_st vt;
+    krb5_localauth_moddata data;
+};
+
+static krb5_error_code
+localauth_auth_to_local_initvt(krb5_context context, int maj_ver, int min_ver,
+                               krb5_plugin_vtable vtable);
+static krb5_error_code
+localauth_default_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable);
+
+/* Release a list of localauth module handles. */
+static void
+free_handles(krb5_context context, struct localauth_module_handle **handles)
+{
+    struct localauth_module_handle *h, **hp;
+
+    if (handles == NULL)
+        return;
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        if (h->vt.fini != NULL)
+            h->vt.fini(context, h->data);
+        free(h);
+    }
+    free(handles);
+}
+
+/* Find a localauth module whose an2ln_types contains a match for type. */
+static struct localauth_module_handle *
+find_typed_module(struct localauth_module_handle **handles, const char *type)
+{
+    struct localauth_module_handle **hp, *h;
+    const char **tp;
+
+    for (hp = handles; *hp != NULL; hp++) {
+        h = *hp;
+        for (tp = h->vt.an2ln_types; tp != NULL && *tp != NULL; tp++) {
+            if (strcmp(*tp, type) == 0)
+                return h;
+        }
+    }
+    return NULL;
+}
+
+/* Generate a trace log and return 1 if the an2ln_types of handle conflicts
+ * with any of the handles in list.  Return 0 otherwise. */
+static int
+check_conflict(krb5_context context, struct localauth_module_handle **list,
+               struct localauth_module_handle *handle)
+{
+    struct localauth_module_handle *conflict;
+    const char **tp;
+
+    for (tp = handle->vt.an2ln_types; tp != NULL && *tp != NULL; tp++) {
+        conflict = find_typed_module(list, *tp);
+        if (conflict != NULL) {
+            TRACE_LOCALAUTH_INIT_CONFLICT(context, *tp, handle->vt.name,
+                                          conflict->vt.name);
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/* Get the registered localauth modules including all built-in modules, in the
+ * proper order. */
+static krb5_error_code
+get_modules(krb5_context context, krb5_plugin_initvt_fn **modules_out)
+{
+    krb5_error_code ret;
+    const int intf = PLUGIN_INTERFACE_LOCALAUTH;
+
+    *modules_out = NULL;
+
+    /* Register built-in modules. */
+    ret = k5_plugin_register(context, intf, "default",
+                             localauth_default_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "rule", localauth_rule_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "names", localauth_names_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "auth_to_local",
+                             localauth_auth_to_local_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "k5login",
+                             localauth_k5login_initvt);
+    if (ret)
+        return ret;
+    ret = k5_plugin_register(context, intf, "an2ln", localauth_an2ln_initvt);
+    if (ret)
+        return ret;
+
+    ret = k5_plugin_load_all(context, intf, modules_out);
+    if (ret)
+        return ret;
+
+    return 0;
+}
+
+/* Initialize context->localauth_handles with a list of module handles. */
+static krb5_error_code
+load_localauth_modules(krb5_context context)
+{
+    krb5_error_code ret;
+    struct localauth_module_handle **list = NULL, *handle;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    size_t count;
+
+    ret = get_modules(context, &modules);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Allocate a large enough list of handles. */
+    for (count = 0; modules[count] != NULL; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* Initialize each module, ignoring ones that fail. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        handle = k5alloc(sizeof(*handle), &ret);
+        if (handle == NULL)
+            goto cleanup;
+        ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
+        if (ret != 0) {
+            TRACE_LOCALAUTH_VTINIT_FAIL(context, ret);
+            free(handle);
+            continue;
+        }
+
+        if (check_conflict(context, list, handle))
+            continue;
+
+        handle->data = NULL;
+        if (handle->vt.init != NULL) {
+            ret = handle->vt.init(context, &handle->data);
+            if (ret != 0) {
+                TRACE_LOCALAUTH_INIT_FAIL(context, handle->vt.name, ret);
+                free(handle);
+                continue;
+            }
+        }
+        list[count++] = handle;
+        list[count] = NULL;
+    }
+    list[count] = NULL;
+
+    ret = 0;
+    context->localauth_handles = list;
+    list = NULL;
+
+cleanup:
+    k5_plugin_free_modules(context, modules);
+    free_handles(context, list);
+    return ret;
+}
+
+/* Invoke a module's userok method, if it has one. */
+static krb5_error_code
+userok(krb5_context context, struct localauth_module_handle *h,
+       krb5_const_principal aname, const char *lname)
+{
+    if (h->vt.userok == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+    return h->vt.userok(context, h->data, aname, lname);
+}
+
+/* Invoke a module's an2ln method, if it has one. */
+static krb5_error_code
+an2ln(krb5_context context, struct localauth_module_handle *h,
+      const char *type, const char *residual, krb5_const_principal aname,
+      char **lname_out)
+{
+    if (h->vt.an2ln == NULL)
+        return KRB5_LNAME_NOTRANS;
+    return h->vt.an2ln(context, h->data, type, residual, aname, lname_out);
+}
+
+/* Invoke a module's free_string method. */
+static void
+free_lname(krb5_context context, struct localauth_module_handle *h, char *str)
+{
+    h->vt.free_string(context, h->data, str);
+}
+
+/* Parse a TYPE or TYPE:residual string into its components. */
+static krb5_error_code
+parse_mapping_value(const char *value, char **type_out, char **residual_out)
+{
+    krb5_error_code ret;
+    const char *p;
+    char *type, *residual;
+
+    *type_out = NULL;
+    *residual_out = NULL;
+    p = strchr(value, ':');
+    if (p == NULL) {
+        type = strdup(value);
+        if (type == NULL)
+            return ENOMEM;
+        residual = NULL;
+    } else {
+        type = k5memdup0(value, p - value, &ret);
+        if (type == NULL)
+            return ret;
+        residual = strdup(p + 1);
+        if (residual == NULL) {
+            free(type);
+            return ENOMEM;
+        }
+    }
+    *type_out = type;
+    *residual_out = residual;
+    return 0;
+}
+
+/* Apply the default an2ln method, which translates name@defaultrealm or
+ * name/defaultrealm@defaultrealm to name. */
+static krb5_error_code
+an2ln_default(krb5_context context, krb5_localauth_moddata data,
+              const char *type, const char *residual,
+              krb5_const_principal aname, char **lname_out)
+{
+    krb5_error_code ret;
+    char *def_realm;
+
+    *lname_out = NULL;
+
+    ret = krb5_get_default_realm(context, &def_realm);
+    if (ret)
+        return KRB5_LNAME_NOTRANS;
+
+    if (!data_eq_string(aname->realm, def_realm)) {
+        ret = KRB5_LNAME_NOTRANS;
+    } else if (aname->length == 2) {
+        /* Allow a second component if it is the local realm. */
+        if (!data_eq_string(aname->data[1], def_realm))
+            ret = KRB5_LNAME_NOTRANS;
+    } else if (aname->length != 1) {
+        ret = KRB5_LNAME_NOTRANS;
+    }
+    free(def_realm);
+    if (ret)
+        return ret;
+
+    *lname_out = k5memdup0(aname->data[0].data, aname->data[0].length, &ret);
+    return ret;
+}
+
+/*
+ * Perform aname-to-lname translation using the auth_to_local values in the
+ * default realm's profile section.  If no values exist, fall back to the
+ * default method.
+ */
+static krb5_error_code
+an2ln_auth_to_local(krb5_context context, krb5_localauth_moddata data,
+                    const char *type_arg, const char *residual_arg,
+                    krb5_const_principal aname, char **lname_out)
+{
+    krb5_error_code ret;
+    struct localauth_module_handle *h;
+    char *realm = NULL, **mapping_values = NULL, *type, *residual, *lname;
+    const char *hierarchy[4];
+    size_t i;
+
+    *lname_out = NULL;
+
+    /* Fetch the profile values for realms-><defaultrealm>->auth_to_local. */
+    ret = krb5_get_default_realm(context, &realm);
+    if (ret)
+        return KRB5_LNAME_NOTRANS;
+    hierarchy[0] = KRB5_CONF_REALMS;
+    hierarchy[1] = realm;
+    hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL;
+    hierarchy[3] = NULL;
+    ret = profile_get_values(context->profile, hierarchy, &mapping_values);
+    if (ret) {
+        /* Use default method if there are no auth_to_local values. */
+        ret = an2ln_default(context, data, NULL, NULL, aname, lname_out);
+        goto cleanup;
+    }
+
+    ret = KRB5_LNAME_NOTRANS;
+    for (i = 0; mapping_values[i] != NULL && ret == KRB5_LNAME_NOTRANS; i++) {
+        ret = parse_mapping_value(mapping_values[i], &type, &residual);
+        if (ret)
+            goto cleanup;
+        h = find_typed_module(context->localauth_handles, type);
+        if (h != NULL) {
+            ret = an2ln(context, h, type, residual, aname, &lname);
+            if (ret == 0) {
+                *lname_out = strdup(lname);
+                if (*lname_out == NULL)
+                    ret = ENOMEM;
+                free_lname(context, h, lname);
+            }
+        } else {
+            ret = KRB5_CONFIG_BADFORMAT;
+        }
+        free(type);
+        free(residual);
+    }
+
+cleanup:
+    free(realm);
+    profile_free_list(mapping_values);
+    return ret;
+}
+
+static void
+freestr(krb5_context context, krb5_localauth_moddata data, char *str)
+{
+    free(str);
+}
+
+static krb5_error_code
+localauth_auth_to_local_initvt(krb5_context context, int maj_ver, int min_ver,
+                               krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+
+    vt->name = "auth_to_local";
+    vt->an2ln = an2ln_auth_to_local;
+    vt->free_string = freestr;
+    return 0;
+}
+
+static krb5_error_code
+localauth_default_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+    static const char *types[] = { "DEFAULT", NULL };
+
+    vt->name = "default";
+    vt->an2ln_types = types;
+    vt->an2ln = an2ln_default;
+    vt->free_string = freestr;
+    return 0;
+}
+
+krb5_boolean KRB5_CALLCONV
+krb5_kuserok(krb5_context context, krb5_principal aname, const char *lname)
+{
+    krb5_error_code ret;
+    struct localauth_module_handle **hp;
+    krb5_boolean accepted = FALSE;
+
+    if (context->localauth_handles == NULL && load_localauth_modules(context))
+        return FALSE;
+
+    /* If any module denies access, return false immediately.  Otherwise,
+     * consult all modules and return true if one of them allows access. */
+    for (hp = context->localauth_handles; *hp != NULL; hp++) {
+        ret = userok(context, *hp, aname, lname);
+        if (ret == 0)
+            accepted = TRUE;
+        else if (ret != KRB5_PLUGIN_NO_HANDLE)
+            return FALSE;
+    }
+    return accepted;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_aname_to_localname(krb5_context context, krb5_const_principal aname,
+                        int lnsize, char *lname_out)
+{
+    krb5_error_code ret;
+    struct localauth_module_handle **hp;
+    char *lname;
+    size_t sz;
+
+    if (context->localauth_handles == NULL) {
+        ret = load_localauth_modules(context);
+        if (ret)
+            return ret;
+    }
+
+    for (hp = context->localauth_handles; *hp != NULL; hp++) {
+        if ((*hp)->vt.an2ln_types != NULL)
+            continue;
+        ret = an2ln(context, *hp, NULL, NULL, aname, &lname);
+        if (ret == 0) {
+            sz = strlcpy(lname_out, lname, lnsize);
+            free_lname(context, *hp, lname);
+            return sz >= (size_t)lnsize ? KRB5_CONFIG_NOTENUFSPACE : 0;
+        } else if (ret != KRB5_LNAME_NOTRANS) {
+            return ret;
+        }
+    }
+    return KRB5_LNAME_NOTRANS;
+}
+
+void
+k5_localauth_free_context(krb5_context context)
+{
+    free_handles(context, context->localauth_handles);
+    context->localauth_handles = NULL;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/localauth_an2ln.c b/krb5-1.21.3/src/lib/krb5/os/localauth_an2ln.c
new file mode 100644
index 00000000..0d296677
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/localauth_an2ln.c
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/localauth_an2ln.c - an2ln localauth module */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.  All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/localauth_plugin.h>
+
+#define MAX_USERNAME 65
+
+static krb5_error_code
+an2ln_userok(krb5_context context, krb5_localauth_moddata data,
+             krb5_const_principal aname, const char *lname)
+{
+    krb5_error_code ret;
+    char kuser[MAX_USERNAME];
+
+    ret = krb5_aname_to_localname(context, aname, sizeof(kuser), kuser);
+    return (ret == 0 && strcmp(kuser, lname) == 0) ? 0 : KRB5_PLUGIN_NO_HANDLE;
+}
+
+krb5_error_code
+localauth_an2ln_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+
+    vt->name = "an2ln";
+    vt->userok = an2ln_userok;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c b/krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c
new file mode 100644
index 00000000..27dfca0b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c
@@ -0,0 +1,183 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/localauth_k5login.c - k5login localauth module */
+/*
+ * Copyright (C) 1990,1993,2007,2013 by the Massachusetts Institute
+ * of Technology.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/localauth_plugin.h>
+
+#if !defined(_WIN32)            /* Not yet for Windows */
+#include <pwd.h>
+
+#if defined(__APPLE__) && defined(__MACH__)
+#include <hfs/hfs_mount.h>
+#define FILE_OWNER_OK(UID)  ((UID) == 0 || (UID) == UNKNOWNUID)
+#else
+#define FILE_OWNER_OK(UID)  ((UID) == 0)
+#endif
+
+/*
+ * Find the k5login filename for luser, either in the user's homedir or in a
+ * configured directory under the username.
+ */
+static krb5_error_code
+get_k5login_filename(krb5_context context, const char *lname,
+                     const char *homedir, char **filename_out)
+{
+    krb5_error_code ret;
+    char *dir, *filename;
+
+    *filename_out = NULL;
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_K5LOGIN_DIRECTORY, NULL, NULL, &dir);
+    if (ret != 0)
+        return ret;
+
+    if (dir == NULL) {
+        /* Look in the user's homedir. */
+        if (asprintf(&filename, "%s/.k5login", homedir) < 0)
+            return ENOMEM;
+    } else {
+        /* Look in the configured directory. */
+        if (asprintf(&filename, "%s/%s", dir, lname) < 0)
+            ret = ENOMEM;
+        profile_release_string(dir);
+        if (ret)
+            return ret;
+    }
+    *filename_out = filename;
+    return 0;
+}
+
+/* Determine whether aname is authorized to log in as lname according to the
+ * user's k5login file. */
+static krb5_error_code
+userok_k5login(krb5_context context, krb5_localauth_moddata data,
+               krb5_const_principal aname, const char *lname)
+{
+    krb5_error_code ret;
+    int authoritative = TRUE, gobble;
+    char *filename = NULL, *princname = NULL;
+    char *newline, linebuf[BUFSIZ], pwbuf[BUFSIZ];
+    struct stat sbuf;
+    struct passwd pwx, *pwd;
+    FILE *fp = NULL;
+
+    ret = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_K5LOGIN_AUTHORITATIVE, NULL, TRUE,
+                              &authoritative);
+    if (ret)
+        goto cleanup;
+
+    /* Get the local user's .k5login filename. */
+    ret = k5_getpwnam_r(lname, &pwx, pwbuf, sizeof(pwbuf), &pwd);
+    if (ret) {
+        ret = EPERM;
+        goto cleanup;
+    }
+    ret = get_k5login_filename(context, lname, pwd->pw_dir, &filename);
+    if (ret)
+        goto cleanup;
+
+    if (access(filename, F_OK) != 0) {
+        ret = KRB5_PLUGIN_NO_HANDLE;
+        goto cleanup;
+    }
+
+    ret = krb5_unparse_name(context, aname, &princname);
+    if (ret)
+        goto cleanup;
+
+    fp = fopen(filename, "r");
+    if (fp == NULL) {
+        ret = errno;
+        goto cleanup;
+    }
+    set_cloexec_file(fp);
+
+    /* For security reasons, the .k5login file must be owned either by
+     * the user or by root. */
+    if (fstat(fileno(fp), &sbuf)) {
+        ret = errno;
+        goto cleanup;
+    }
+    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
+        ret = EPERM;
+        goto cleanup;
+    }
+
+    /* Check each line. */
+    while (fgets(linebuf, sizeof(linebuf), fp) != NULL) {
+        newline = strrchr(linebuf, '\n');
+        if (newline != NULL)
+            *newline = '\0';
+        if (strcmp(linebuf, princname) == 0) {
+            ret = 0;
+            goto cleanup;
+        }
+        /* Clean up the rest of the line if necessary. */
+        if (newline == NULL)
+            while ((gobble = getc(fp)) != EOF && gobble != '\n');
+    }
+
+    /* We didn't find it. */
+    ret = EPERM;
+
+cleanup:
+    free(princname);
+    free(filename);
+    if (fp != NULL)
+        fclose(fp);
+    /* If k5login files are non-authoritative, never reject. */
+    return (!authoritative && ret) ? KRB5_PLUGIN_NO_HANDLE : ret;
+}
+
+#else /* _WIN32 */
+
+static krb5_error_code
+userok_k5login(krb5_context context, krb5_localauth_moddata data,
+               krb5_const_principal aname, const char *lname)
+{
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+#endif
+
+krb5_error_code
+localauth_k5login_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+
+    vt->name = "k5login";
+    vt->userok = userok_k5login;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/localauth_names.c b/krb5-1.21.3/src/lib/krb5/os/localauth_names.c
new file mode 100644
index 00000000..53ec2d93
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/localauth_names.c
@@ -0,0 +1,102 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/localauth_names.c - names localauth module */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/localauth_plugin.h>
+
+static krb5_error_code
+an2ln_names(krb5_context context, krb5_localauth_moddata data,
+            const char *type, const char *residual, krb5_const_principal aname,
+            char **lname_out)
+{
+    krb5_error_code ret;
+    char *realm = NULL, *pname = NULL, **mapping_values = NULL;
+    const char *hierarchy[5];
+    size_t count;
+
+    *lname_out = NULL;
+
+    /*
+     * Fetch the profile values for realms-><defaultrealm>->
+     * auth_to_local_names-><princname>.  Use the principal name without realm;
+     * this is problematic in many multiple-realm environments, but is how
+     * we've historically done it.
+     */
+    ret = krb5_get_default_realm(context, &realm);
+    if (ret)
+        return KRB5_LNAME_NOTRANS;
+    ret = krb5_unparse_name_flags(context, aname,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM, &pname);
+    if (ret)
+        goto cleanup;
+    hierarchy[0] = KRB5_CONF_REALMS;
+    hierarchy[1] = realm;
+    hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES;
+    hierarchy[3] = pname;
+    hierarchy[4] = NULL;
+    ret = profile_get_values(context->profile, hierarchy, &mapping_values);
+    if (ret) {
+        ret = KRB5_LNAME_NOTRANS;
+        goto cleanup;
+    }
+
+    /* We found one or more explicit mappings.  Use the last one. */
+    for (count = 0; mapping_values[count] != NULL; count++);
+    *lname_out = strdup(mapping_values[count - 1]);
+    if (*lname_out == NULL)
+        ret = ENOMEM;
+
+cleanup:
+    free(realm);
+    free(pname);
+    profile_free_list(mapping_values);
+    return ret;
+}
+
+static void
+freestr(krb5_context context, krb5_localauth_moddata data, char *str)
+{
+    free(str);
+}
+
+krb5_error_code
+localauth_names_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+
+    vt->name = "names";
+    vt->an2ln = an2ln_names;
+    vt->free_string = freestr;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/localauth_rule.c b/krb5-1.21.3/src/lib/krb5/os/localauth_rule.c
new file mode 100644
index 00000000..05685763
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/localauth_rule.c
@@ -0,0 +1,335 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/localauth_rule.c - rule localauth module */
+/*
+ * Copyright (C) 1990,1991,2007,2008,2013 by the Massachusetts
+ * Institute of Technology.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This module implements the RULE type for auth_to_local processing.
+ *
+ * There are three parts to each rule.  The first part, if present, determines
+ * the selection string.  If this is not present, the selection string defaults
+ * to the unparsed principal name without realm (which can be dangerous in
+ * multi-realm environments, but is our historical behavior).  The selection
+ * string syntax is:
+ *
+ *     "[" <ncomps> ":" <format> "]"
+ *
+ *         <ncomps> is the number of expected components for this rule.  If the
+ *         principal does not have this many components, then this rule does
+ *         not apply.
+ *
+ *         <format> determines the selection string.  Within <format>, $0 will
+ *         be substituted with the principal's realm, $1 with its first
+ *         component, $2 with its second component, and so forth.
+ *
+ * The second part is an optional regular expression surrounded by parentheses.
+ * If present, the rule will only apply if the selection string matches the
+ * regular expression.  At present, the regular expression may not contain a
+ * ')' character.
+ *
+ * The third part is a sequence of zero or more transformation rules, using
+ * the syntax:
+ *
+ *     "s/" <regexp> "/" <text> "/" ["g"]
+ *
+ * No substitutions are allowed within <text>.  A "g" indicates that the
+ * substitution should be performed globally; otherwise it will be performed at
+ * most once.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include <krb5/localauth_plugin.h>
+#include <ctype.h>
+
+#ifdef HAVE_REGEX_H
+#include <regex.h>
+
+/* Process the match portion of a rule and update *contextp.  Return
+ * KRB5_LNAME_NOTRANS if selstring doesn't match the regexp. */
+static krb5_error_code
+aname_do_match(const char *selstring, const char **contextp)
+{
+    krb5_error_code ret;
+    const char *startp, *endp;
+    char *regstr;
+    regex_t re;
+    regmatch_t m;
+
+    /* If no regexp is present, leave *contextp alone and return success. */
+    if (**contextp != '(')
+        return 0;
+
+    /* Find the end of the regexp and make a copy of it. */
+    startp = *contextp + 1;
+    endp = strchr(startp, ')');
+    if (endp == NULL)
+        return KRB5_CONFIG_BADFORMAT;
+    regstr = k5memdup0(startp, endp - startp, &ret);
+    if (regstr == NULL)
+        return ret;
+
+    /* Perform the match. */
+    ret = (regcomp(&re, regstr, REG_EXTENDED) == 0 &&
+           regexec(&re, selstring, 1, &m, 0) == 0 &&
+           m.rm_so == 0 && (size_t)m.rm_eo == strlen(selstring)) ? 0 :
+        KRB5_LNAME_NOTRANS;
+    regfree(&re);
+    free(regstr);
+    *contextp = endp + 1;
+    return ret;
+}
+
+/* Replace regular expression matches of regstr with repl in instr, producing
+ * *outstr.  If doall is true, replace all matches for regstr. */
+static krb5_error_code
+do_replacement(const char *regstr, const char *repl, krb5_boolean doall,
+               const char *instr, char **outstr)
+{
+    struct k5buf buf;
+    regex_t re;
+    regmatch_t m;
+
+    *outstr = NULL;
+    if (regcomp(&re, regstr, REG_EXTENDED))
+        return KRB5_LNAME_NOTRANS;
+    k5_buf_init_dynamic(&buf);
+    while (regexec(&re, instr, 1, &m, 0) == 0) {
+        k5_buf_add_len(&buf, instr, m.rm_so);
+        k5_buf_add(&buf, repl);
+        instr += m.rm_eo;
+        if (!doall)
+            break;
+    }
+    regfree(&re);
+    k5_buf_add(&buf, instr);
+    *outstr = k5_buf_cstring(&buf);
+    return (*outstr == NULL) ? ENOMEM : 0;
+}
+
+/*
+ * Perform any substitutions specified by *contextp, and advance *contextp past
+ * the substitution expressions.  Place the result of the substitutions in
+ * *result.
+ */
+static krb5_error_code
+aname_replacer(const char *string, const char **contextp, char **result)
+{
+    krb5_error_code ret = 0;
+    const char *cp, *ep, *tp;
+    char *newstr, *rule = NULL, *repl = NULL, *current = NULL;
+    krb5_boolean doglobal;
+
+    *result = NULL;
+
+    current = strdup(string);
+    if (current == NULL)
+        return ENOMEM;
+
+    /* Iterate over replacement expressions, updating current for each one. */
+    cp = *contextp;
+    while (*cp != '\0') {
+        /* Skip leading whitespace */
+        while (isspace((unsigned char)*cp))
+            cp++;
+
+        /* Find the separators for an s/rule/repl/ expression. */
+        if (!(cp[0] == 's' && cp[1] == '/' && (ep = strchr(cp + 2, '/')) &&
+              (tp = strchr(ep + 1, '/')))) {
+            ret = KRB5_CONFIG_BADFORMAT;
+            goto cleanup;
+        }
+
+        /* Copy the rule and replacement strings. */
+        free(rule);
+        rule = k5memdup0(cp + 2, ep - (cp + 2), &ret);
+        if (rule == NULL)
+            goto cleanup;
+        free(repl);
+        repl = k5memdup0(ep + 1, tp - (ep + 1), &ret);
+        if (repl == NULL)
+            goto cleanup;
+
+        /* Advance past expression and check for trailing "g". */
+        cp = tp + 1;
+        doglobal = (*cp == 'g');
+        if (doglobal)
+            cp++;
+
+        ret = do_replacement(rule, repl, doglobal, current, &newstr);
+        if (ret)
+            goto cleanup;
+        free(current);
+        current = newstr;
+    }
+    *result = current;
+    current = NULL;
+
+cleanup:
+    free(current);
+    free(repl);
+    free(rule);
+    return ret;
+}
+
+/*
+ * Compute selection string for RULE rules.  Advance *contextp to the string
+ * position after the selstring part if present, and set *result to the
+ * selection string.
+ */
+static krb5_error_code
+aname_get_selstring(krb5_context context, krb5_const_principal aname,
+                    const char **contextp, char **selstring_out)
+{
+    const char *current;
+    char *end;
+    long num_comps, ind;
+    const krb5_data *datap;
+    struct k5buf selstring;
+    size_t nlit;
+
+    *selstring_out = NULL;
+    if (**contextp != '[') {
+        /*
+         * No selstring part; use the principal name without realm.  This is
+         * problematic in many multiple-realm environments, but is how we've
+         * historically done it.
+         */
+        return krb5_unparse_name_flags(context, aname,
+                                       KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                       selstring_out);
+    }
+
+    /* Advance past the '[' and read the number of components. */
+    current = *contextp + 1;
+    errno = 0;
+    num_comps = strtol(current, &end, 10);
+    if (errno != 0 || num_comps < 0 || *end != ':')
+        return KRB5_CONFIG_BADFORMAT;
+    current = end;
+    if (num_comps != aname->length)
+        return KRB5_LNAME_NOTRANS;
+    current++;
+
+    k5_buf_init_dynamic(&selstring);
+    while (TRUE) {
+        /* Copy in literal characters up to the next $ or ]. */
+        nlit = strcspn(current, "$]");
+        k5_buf_add_len(&selstring, current, nlit);
+        current += nlit;
+        if (*current != '$')
+            break;
+
+        /* Expand $ substitution to a principal component. */
+        errno = 0;
+        ind = strtol(current + 1, &end, 10);
+        if (errno || ind > num_comps)
+            break;
+        current = end;
+        datap = ind > 0 ? &aname->data[ind - 1] : &aname->realm;
+        k5_buf_add_len(&selstring, datap->data, datap->length);
+    }
+
+    /* Check that we hit a ']' and not the end of the string. */
+    if (*current != ']') {
+        k5_buf_free(&selstring);
+        return KRB5_CONFIG_BADFORMAT;
+    }
+
+    *selstring_out = k5_buf_cstring(&selstring);
+    if (*selstring_out == NULL)
+        return ENOMEM;
+    *contextp = current + 1;
+    return 0;
+}
+
+static krb5_error_code
+an2ln_rule(krb5_context context, krb5_localauth_moddata data, const char *type,
+           const char *rule, krb5_const_principal aname, char **lname_out)
+{
+    krb5_error_code ret;
+    const char *current;
+    char *selstring = NULL;
+
+    *lname_out = NULL;
+    if (rule == NULL)
+        return KRB5_CONFIG_BADFORMAT;
+
+    /* Compute the selection string. */
+    current = rule;
+    ret = aname_get_selstring(context, aname, &current, &selstring);
+    if (ret)
+        return ret;
+
+    /* Check the selection string against the regexp, if present. */
+    if (*current == '(') {
+        ret = aname_do_match(selstring, &current);
+        if (ret)
+            goto cleanup;
+    }
+
+    /* Perform the substitution. */
+    ret = aname_replacer(selstring, &current, lname_out);
+
+cleanup:
+    free(selstring);
+    return ret;
+}
+
+#else /* HAVE_REGEX_H */
+
+static krb5_error_code
+an2ln_rule(krb5_context context, krb5_localauth_moddata data, const char *type,
+           const char *rule, krb5_const_principal aname, char **lname_out)
+{
+    return KRB5_LNAME_NOTRANS;
+}
+
+#endif
+
+static void
+freestr(krb5_context context, krb5_localauth_moddata data, char *str)
+{
+    free(str);
+}
+
+krb5_error_code
+localauth_rule_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+    static const char *types[] = { "RULE", NULL };
+
+    vt->name = "rule";
+    vt->an2ln_types = types;
+    vt->an2ln = an2ln_rule;
+    vt->free_string = freestr;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/locate_kdc.c b/krb5-1.21.3/src/lib/krb5/os/locate_kdc.c
new file mode 100644
index 00000000..edca5ac7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/locate_kdc.c
@@ -0,0 +1,852 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/locate_kdc.c - Get addresses for realm KDCs and other servers */
+/*
+ * Copyright 1990,2000,2001,2002,2003,2004,2006,2008 Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "fake-addrinfo.h"
+#include "os-proto.h"
+
+#ifdef KRB5_DNS_LOOKUP
+
+#define DEFAULT_LOOKUP_KDC 1
+#if KRB5_DNS_LOOKUP_REALM
+#define DEFAULT_LOOKUP_REALM 1
+#else
+#define DEFAULT_LOOKUP_REALM 0
+#endif
+#define DEFAULT_URI_LOOKUP TRUE
+
+static int
+maybe_use_dns (krb5_context context, const char *name, int defalt)
+{
+    krb5_error_code code;
+    char * value = NULL;
+    int use_dns = 0;
+
+    code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                              name, 0, 0, &value);
+    if (value == 0 && code == 0) {
+        code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                  KRB5_CONF_DNS_FALLBACK, 0, 0, &value);
+    }
+    if (code)
+        return defalt;
+
+    if (value == 0)
+        return defalt;
+
+    use_dns = _krb5_conf_boolean(value);
+    profile_release_string(value);
+    return use_dns;
+}
+
+static krb5_boolean
+use_dns_uri(krb5_context ctx)
+{
+    krb5_error_code ret;
+    int use;
+
+    ret = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_DNS_URI_LOOKUP, NULL,
+                              DEFAULT_URI_LOOKUP, &use);
+    return ret ? DEFAULT_URI_LOOKUP : use;
+}
+
+int
+_krb5_use_dns_kdc(krb5_context context)
+{
+    return maybe_use_dns(context, KRB5_CONF_DNS_LOOKUP_KDC,
+                         DEFAULT_LOOKUP_KDC);
+}
+
+int
+_krb5_use_dns_realm(krb5_context context)
+{
+    return maybe_use_dns(context, KRB5_CONF_DNS_LOOKUP_REALM,
+                         DEFAULT_LOOKUP_REALM);
+}
+
+#endif /* KRB5_DNS_LOOKUP */
+
+/* Free up everything pointed to by the serverlist structure, but don't
+ * free the structure itself. */
+void
+k5_free_serverlist (struct serverlist *list)
+{
+    size_t i;
+
+    for (i = 0; i < list->nservers; i++) {
+        free(list->servers[i].hostname);
+        free(list->servers[i].uri_path);
+    }
+    free(list->servers);
+    list->servers = NULL;
+    list->nservers = 0;
+}
+
+#include <stdarg.h>
+static inline void
+Tprintf(const char *fmt, ...)
+{
+#ifdef TEST
+    va_list ap;
+    va_start(ap, fmt);
+    vfprintf(stderr, fmt, ap);
+    va_end(ap);
+#endif
+}
+
+/* Make room for a new server entry in list and return a pointer to the new
+ * entry.  (Do not increment list->nservers.) */
+static struct server_entry *
+new_server_entry(struct serverlist *list)
+{
+    struct server_entry *newservers, *entry;
+    size_t newspace = (list->nservers + 1) * sizeof(struct server_entry);
+
+    newservers = realloc(list->servers, newspace);
+    if (newservers == NULL)
+        return NULL;
+    list->servers = newservers;
+    entry = &newservers[list->nservers];
+    memset(entry, 0, sizeof(*entry));
+    entry->primary = -1;
+    return entry;
+}
+
+/* Add an address entry to list. */
+static int
+add_addr_to_list(struct serverlist *list, k5_transport transport, int family,
+                 size_t addrlen, struct sockaddr *addr)
+{
+    struct server_entry *entry;
+
+    entry = new_server_entry(list);
+    if (entry == NULL)
+        return ENOMEM;
+    entry->transport = transport;
+    entry->family = family;
+    entry->hostname = NULL;
+    entry->uri_path = NULL;
+    entry->addrlen = addrlen;
+    memcpy(&entry->addr, addr, addrlen);
+    list->nservers++;
+    return 0;
+}
+
+/* Add a hostname entry to list. */
+static int
+add_host_to_list(struct serverlist *list, const char *hostname, int port,
+                 k5_transport transport, int family, const char *uri_path,
+                 int primary)
+{
+    struct server_entry *entry;
+
+    entry = new_server_entry(list);
+    if (entry == NULL)
+        return ENOMEM;
+    entry->transport = transport;
+    entry->family = family;
+    entry->hostname = strdup(hostname);
+    if (entry->hostname == NULL)
+        goto oom;
+    if (uri_path != NULL) {
+        entry->uri_path = strdup(uri_path);
+        if (entry->uri_path == NULL)
+            goto oom;
+    }
+    entry->port = port;
+    entry->primary = primary;
+    list->nservers++;
+    return 0;
+oom:
+    free(entry->hostname);
+    entry->hostname = NULL;
+    return ENOMEM;
+}
+
+static void
+parse_uri_if_https(const char *host_or_uri, k5_transport *transport,
+                   const char **host, const char **uri_path)
+{
+    char *cp;
+
+    if (strncmp(host_or_uri, "https://", 8) == 0) {
+        *transport = HTTPS;
+        *host = host_or_uri + 8;
+
+        cp = strchr(*host, '/');
+        if (cp != NULL) {
+            *cp = '\0';
+            *uri_path = cp + 1;
+        }
+    }
+}
+
+/* Return true if server is identical to an entry in list. */
+static krb5_boolean
+server_list_contains(struct serverlist *list, struct server_entry *server)
+{
+    struct server_entry *ent;
+
+    for (ent = list->servers; ent < list->servers + list->nservers; ent++) {
+        if (server->hostname != NULL && ent->hostname != NULL &&
+            strcmp(server->hostname, ent->hostname) == 0)
+            return TRUE;
+        if (server->hostname == NULL && ent->hostname == NULL &&
+            server->addrlen == ent->addrlen &&
+            memcmp(&server->addr, &ent->addr, server->addrlen) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+static krb5_error_code
+locate_srv_conf_1(krb5_context context, const krb5_data *realm,
+                  const char * name, struct serverlist *serverlist,
+                  k5_transport transport, int udpport)
+{
+    const char *realm_srv_names[4];
+    char **hostlist = NULL, *realmstr = NULL, *host = NULL;
+    const char *hostspec;
+    krb5_error_code code;
+    int i, default_port;
+
+    Tprintf("looking in krb5.conf for realm %s entry %s; ports %d,%d\n",
+            realm->data, name, udpport);
+
+    realmstr = k5memdup0(realm->data, realm->length, &code);
+    if (realmstr == NULL)
+        goto cleanup;
+
+    realm_srv_names[0] = KRB5_CONF_REALMS;
+    realm_srv_names[1] = realmstr;
+    realm_srv_names[2] = name;
+    realm_srv_names[3] = 0;
+    code = profile_get_values(context->profile, realm_srv_names, &hostlist);
+    if (code == PROF_NO_RELATION && strcmp(name, KRB5_CONF_PRIMARY_KDC) == 0) {
+        realm_srv_names[2] = KRB5_CONF_MASTER_KDC;
+        code = profile_get_values(context->profile, realm_srv_names,
+                                  &hostlist);
+    }
+    if (code) {
+        Tprintf("config file lookup failed: %s\n", error_message(code));
+        if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
+            code = 0;
+        goto cleanup;
+    }
+
+    for (i = 0; hostlist[i]; i++) {
+        int port_num;
+        k5_transport this_transport = transport;
+        const char *uri_path = NULL;
+
+        hostspec = hostlist[i];
+        Tprintf("entry %d is '%s'\n", i, hostspec);
+
+        parse_uri_if_https(hostspec, &this_transport, &hostspec, &uri_path);
+
+        default_port = (this_transport == HTTPS) ? 443 : udpport;
+        code = k5_parse_host_string(hostspec, default_port, &host, &port_num);
+        if (code == 0 && host == NULL)
+            code = EINVAL;
+        if (code)
+            goto cleanup;
+
+        code = add_host_to_list(serverlist, host, port_num, this_transport,
+                                AF_UNSPEC, uri_path, -1);
+        if (code)
+            goto cleanup;
+
+        free(host);
+        host = NULL;
+    }
+
+cleanup:
+    free(realmstr);
+    free(host);
+    profile_free_list(hostlist);
+    return code;
+}
+
+#ifdef TEST
+static krb5_error_code
+krb5_locate_srv_conf(krb5_context context, const krb5_data *realm,
+                     const char *name, struct serverlist *al, int udpport)
+{
+    krb5_error_code ret;
+
+    ret = locate_srv_conf_1(context, realm, name, al, TCP_OR_UDP, udpport);
+    if (ret)
+        return ret;
+    if (al->nservers == 0)        /* Couldn't resolve any KDC names */
+        return KRB5_REALM_CANT_RESOLVE;
+    return 0;
+}
+#endif
+
+#ifdef KRB5_DNS_LOOKUP
+static krb5_error_code
+locate_srv_dns_1(krb5_context context, const krb5_data *realm,
+                 const char *service, const char *protocol,
+                 struct serverlist *serverlist)
+{
+    struct srv_dns_entry *head = NULL, *entry = NULL;
+    krb5_error_code code = 0;
+    k5_transport transport;
+
+    code = krb5int_make_srv_query_realm(context, realm, service, protocol,
+                                        &head);
+    if (code)
+        return 0;
+
+    if (head == NULL)
+        return 0;
+
+    /* Check for the "." case indicating no support.  */
+    if (head->next == NULL && head->host[0] == '\0') {
+        code = KRB5_ERR_NO_SERVICE;
+        goto cleanup;
+    }
+
+    for (entry = head; entry != NULL; entry = entry->next) {
+        transport = (strcmp(protocol, "_tcp") == 0) ? TCP : UDP;
+        code = add_host_to_list(serverlist, entry->host, entry->port,
+                                transport, AF_UNSPEC, NULL, -1);
+        if (code)
+            goto cleanup;
+    }
+
+cleanup:
+    krb5int_free_srv_dns_data(head);
+    return code;
+}
+#endif
+
+#include <krb5/locate_plugin.h>
+
+#if TARGET_OS_MAC
+static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR,
+                                 LIBDIR "/krb5/plugins/libkrb5",
+                                 NULL }; /* should be a list */
+#else
+static const char *objdirs[] = { LIBDIR "/krb5/plugins/libkrb5", NULL };
+#endif
+
+struct module_callback_data {
+    int out_of_mem;
+    struct serverlist *list;
+};
+
+static int
+module_callback(void *cbdata, int socktype, struct sockaddr *sa)
+{
+    struct module_callback_data *d = cbdata;
+    size_t addrlen;
+    k5_transport transport;
+
+    if (socktype != SOCK_STREAM && socktype != SOCK_DGRAM)
+        return 0;
+    if (sa->sa_family == AF_INET)
+        addrlen = sizeof(struct sockaddr_in);
+    else if (sa->sa_family == AF_INET6)
+        addrlen = sizeof(struct sockaddr_in6);
+    else
+        return 0;
+    transport = (socktype == SOCK_STREAM) ? TCP : UDP;
+    if (add_addr_to_list(d->list, transport, sa->sa_family, addrlen,
+                         sa) != 0) {
+        /* Assumes only error is ENOMEM.  */
+        d->out_of_mem = 1;
+        return 1;
+    }
+    return 0;
+}
+
+static krb5_error_code
+module_locate_server(krb5_context ctx, const krb5_data *realm,
+                     struct serverlist *serverlist,
+                     enum locate_service_type svc, k5_transport transport)
+{
+    struct krb5plugin_service_locate_result *res = NULL;
+    krb5_error_code code;
+    struct krb5plugin_service_locate_ftable *vtbl = NULL;
+    void **ptrs;
+    char *realmz;               /* NUL-terminated realm */
+    int socktype, i;
+    struct module_callback_data cbdata = { 0, };
+    const char *msg;
+
+    Tprintf("in module_locate_server\n");
+    cbdata.list = serverlist;
+    if (!PLUGIN_DIR_OPEN(&ctx->libkrb5_plugins)) {
+
+        code = krb5int_open_plugin_dirs(objdirs, NULL, &ctx->libkrb5_plugins,
+                                        &ctx->err);
+        if (code)
+            return KRB5_PLUGIN_NO_HANDLE;
+    }
+
+    code = krb5int_get_plugin_dir_data(&ctx->libkrb5_plugins,
+                                       "service_locator", &ptrs, &ctx->err);
+    if (code) {
+        Tprintf("error looking up plugin symbols: %s\n",
+                (msg = krb5_get_error_message(ctx, code)));
+        krb5_free_error_message(ctx, msg);
+        return KRB5_PLUGIN_NO_HANDLE;
+    }
+
+    if (realm->length >= UINT_MAX) {
+        krb5int_free_plugin_dir_data(ptrs);
+        return ENOMEM;
+    }
+    realmz = k5memdup0(realm->data, realm->length, &code);
+    if (realmz == NULL) {
+        krb5int_free_plugin_dir_data(ptrs);
+        return code;
+    }
+    for (i = 0; ptrs[i]; i++) {
+        void *blob;
+
+        vtbl = ptrs[i];
+        Tprintf("element %d is %p\n", i, ptrs[i]);
+
+        /* For now, don't keep the plugin data alive.  For long-lived
+         * contexts, it may be desirable to change that later. */
+        code = vtbl->init(ctx, &blob);
+        if (code)
+            continue;
+
+        socktype = (transport == TCP) ? SOCK_STREAM : SOCK_DGRAM;
+        code = vtbl->lookup(blob, svc, realmz, socktype, AF_UNSPEC,
+                            module_callback, &cbdata);
+        /* Also ask for TCP addresses if we got UDP addresses and want both. */
+        if (code == 0 && transport == TCP_OR_UDP) {
+            code = vtbl->lookup(blob, svc, realmz, SOCK_STREAM, AF_UNSPEC,
+                                module_callback, &cbdata);
+            if (code == KRB5_PLUGIN_NO_HANDLE)
+                code = 0;
+        }
+        vtbl->fini(blob);
+        if (code == KRB5_PLUGIN_NO_HANDLE) {
+            /* Module passes, keep going.  */
+            /* XXX */
+            Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)"
+                    "\n");
+            continue;
+        }
+        if (code != 0) {
+            /* Module encountered an actual error.  */
+            Tprintf("plugin lookup routine returned error %d: %s\n",
+                    code, error_message(code));
+            free(realmz);
+            krb5int_free_plugin_dir_data(ptrs);
+            return code;
+        }
+        break;
+    }
+    if (ptrs[i] == NULL) {
+        Tprintf("ran off end of plugin list\n");
+        free(realmz);
+        krb5int_free_plugin_dir_data(ptrs);
+        return KRB5_PLUGIN_NO_HANDLE;
+    }
+    Tprintf("stopped with plugin #%d, res=%p\n", i, res);
+
+    /* Got something back, yippee.  */
+    Tprintf("now have %lu addrs in list %p\n",
+            (unsigned long)serverlist->nservers, serverlist);
+    free(realmz);
+    krb5int_free_plugin_dir_data(ptrs);
+    return 0;
+}
+
+static krb5_error_code
+prof_locate_server(krb5_context context, const krb5_data *realm,
+                   struct serverlist *serverlist, enum locate_service_type svc,
+                   k5_transport transport)
+{
+    const char *profname;
+    int dflport = 0;
+    struct servent *serv;
+
+    switch (svc) {
+    case locate_service_kdc:
+        profname = KRB5_CONF_KDC;
+        /* We used to use /etc/services for these, but enough systems have old,
+         * crufty, wrong settings that this is probably better. */
+    kdc_ports:
+        dflport = KRB5_DEFAULT_PORT;
+        break;
+    case locate_service_primary_kdc:
+        profname = KRB5_CONF_PRIMARY_KDC;
+        goto kdc_ports;
+    case locate_service_kadmin:
+        profname = KRB5_CONF_ADMIN_SERVER;
+        dflport = DEFAULT_KADM5_PORT;
+        break;
+    case locate_service_krb524:
+        profname = KRB5_CONF_KRB524_SERVER;
+        serv = getservbyname("krb524", "udp");
+        dflport = serv ? serv->s_port : 4444;
+        break;
+    case locate_service_kpasswd:
+        profname = KRB5_CONF_KPASSWD_SERVER;
+        dflport = DEFAULT_KPASSWD_PORT;
+        break;
+    default:
+        return EBUSY;           /* XXX */
+    }
+
+    return locate_srv_conf_1(context, realm, profname, serverlist, transport,
+                             dflport);
+}
+
+#ifdef KRB5_DNS_LOOKUP
+
+/*
+ * Parse the initial part of the URI, first confirming the scheme name.  Get
+ * the transport, flags (indicating primary status), and host.  The host is
+ * either an address or hostname with an optional port, or an HTTPS URL.
+ * The format is krb5srv:flags:udp|tcp|kkdcp:host
+ *
+ * Return a NULL *host_out if there are any problems parsing the URI.
+ */
+static void
+parse_uri_fields(const char *uri, k5_transport *transport_out,
+                 const char **host_out, int *primary_out)
+
+{
+    k5_transport transport;
+    int primary = FALSE;
+
+    *transport_out = 0;
+    *host_out = NULL;
+    *primary_out = -1;
+
+    /* Confirm the scheme name. */
+    if (strncasecmp(uri, "krb5srv", 7) != 0)
+        return;
+
+    uri += 7;
+    if (*uri != ':')
+        return;
+
+    uri++;
+    if (*uri == '\0')
+        return;
+
+    /* Check the flags field for supported flags. */
+    for (; *uri != ':' && *uri != '\0'; uri++) {
+        if (*uri == 'm' || *uri == 'M')
+            primary = TRUE;
+    }
+    if (*uri != ':')
+        return;
+
+    /* Look for the transport type. */
+    uri++;
+    if (strncasecmp(uri, "udp", 3) == 0) {
+        transport = UDP;
+        uri += 3;
+    } else if (strncasecmp(uri, "tcp", 3) == 0) {
+        transport = TCP;
+        uri += 3;
+    } else if (strncasecmp(uri, "kkdcp", 5) == 0) {
+        /* Currently the only MS-KKDCP transport type is HTTPS. */
+        transport = HTTPS;
+        uri += 5;
+    } else {
+        return;
+    }
+
+    if (*uri != ':')
+        return;
+
+    /* The rest of the URI is the host (with optional port) or URI. */
+    *host_out = uri + 1;
+    *transport_out = transport;
+    *primary_out = primary;
+}
+
+/*
+ * Collect a list of servers from DNS URI records, for the requested service
+ * and transport type.  Problematic entries are skipped.
+ */
+static krb5_error_code
+locate_uri(krb5_context context, const krb5_data *realm,
+           const char *req_service, struct serverlist *serverlist,
+           k5_transport req_transport, int default_port,
+           krb5_boolean primary_only)
+{
+    krb5_error_code ret;
+    k5_transport transport, host_trans;
+    struct srv_dns_entry *answers, *entry;
+    char *host;
+    const char *host_field, *path;
+    int port, def_port, primary;
+
+    ret = k5_make_uri_query(context, realm, req_service, &answers);
+    if (ret || answers == NULL)
+        return ret;
+
+    for (entry = answers; entry != NULL; entry = entry->next) {
+        def_port = default_port;
+        path = NULL;
+
+        parse_uri_fields(entry->host, &transport, &host_field, &primary);
+        if (host_field == NULL)
+            continue;
+
+        /* TCP_OR_UDP allows entries of any transport type; otherwise
+         * we're asking for a match. */
+        if (req_transport != TCP_OR_UDP && req_transport != transport)
+            continue;
+
+        /* Process a MS-KKDCP target. */
+        if (transport == HTTPS) {
+            host_trans = 0;
+            def_port = 443;
+            parse_uri_if_https(host_field, &host_trans, &host_field, &path);
+            if (host_trans != HTTPS)
+                continue;
+        }
+
+        ret = k5_parse_host_string(host_field, def_port, &host, &port);
+        if (ret == ENOMEM)
+            break;
+
+        if (ret || host == NULL) {
+            ret = 0;
+            continue;
+        }
+
+        ret = add_host_to_list(serverlist, host, port, transport, AF_UNSPEC,
+                               path, primary);
+        free(host);
+        if (ret)
+            break;
+    }
+
+    krb5int_free_srv_dns_data(answers);
+    return ret;
+}
+
+static krb5_error_code
+dns_locate_server_uri(krb5_context context, const krb5_data *realm,
+                      struct serverlist *serverlist,
+                      enum locate_service_type svc, k5_transport transport)
+{
+    krb5_error_code ret;
+    char *svcname;
+    int def_port;
+    krb5_boolean find_primary = FALSE;
+
+    if (!_krb5_use_dns_kdc(context) || !use_dns_uri(context))
+        return 0;
+
+    switch (svc) {
+    case locate_service_primary_kdc:
+        find_primary = TRUE;
+        /* Fall through */
+    case locate_service_kdc:
+        svcname = "_kerberos";
+        def_port = 88;
+        break;
+    case locate_service_kadmin:
+        svcname = "_kerberos-adm";
+        def_port = 749;
+        break;
+    case locate_service_kpasswd:
+        svcname = "_kpasswd";
+        def_port = 464;
+        break;
+    default:
+        return 0;
+    }
+
+    ret = locate_uri(context, realm, svcname, serverlist, transport, def_port,
+                     find_primary);
+
+    if (serverlist->nservers == 0)
+        TRACE_DNS_URI_NOTFOUND(context);
+
+    return ret;
+}
+
+static krb5_error_code
+dns_locate_server_srv(krb5_context context, const krb5_data *realm,
+                      struct serverlist *serverlist,
+                      enum locate_service_type svc, k5_transport transport)
+{
+    const char *dnsname;
+    int use_dns = _krb5_use_dns_kdc(context);
+    krb5_error_code code;
+
+    if (!use_dns)
+        return 0;
+
+    switch (svc) {
+    case locate_service_kdc:
+        dnsname = "_kerberos";
+        break;
+    case locate_service_primary_kdc:
+        dnsname = "_kerberos-master";
+        break;
+    case locate_service_kadmin:
+        dnsname = "_kerberos-adm";
+        break;
+    case locate_service_krb524:
+        dnsname = "_krb524";
+        break;
+    case locate_service_kpasswd:
+        dnsname = "_kpasswd";
+        break;
+    default:
+        return 0;
+    }
+
+    code = 0;
+    if (transport == UDP || transport == TCP_OR_UDP)
+        code = locate_srv_dns_1(context, realm, dnsname, "_udp", serverlist);
+
+    if ((transport == TCP || transport == TCP_OR_UDP) && code == 0)
+        code = locate_srv_dns_1(context, realm, dnsname, "_tcp", serverlist);
+
+    if (serverlist->nservers == 0)
+        TRACE_DNS_SRV_NOTFOUND(context);
+
+    return code;
+}
+#endif /* KRB5_DNS_LOOKUP */
+
+/*
+ * Try all of the server location methods in sequence.  transport must be
+ * TCP_OR_UDP, TCP, or UDP.  It is applied to hostname entries in the profile
+ * and affects whether we query modules or DNS for UDP or TCP or both, but does
+ * not restrict a method from returning entries of other transports.
+ */
+static krb5_error_code
+locate_server(krb5_context context, const krb5_data *realm,
+              struct serverlist *serverlist, enum locate_service_type svc,
+              k5_transport transport)
+{
+    krb5_error_code ret;
+    struct serverlist list = SERVERLIST_INIT;
+
+    *serverlist = list;
+
+    /* Try modules.  If a module returns 0 but leaves the list empty, return an
+     * empty list. */
+    ret = module_locate_server(context, realm, &list, svc, transport);
+    if (ret != KRB5_PLUGIN_NO_HANDLE)
+        goto done;
+
+    /* Try the profile.  Fall back to DNS if it returns an empty list. */
+    ret = prof_locate_server(context, realm, &list, svc, transport);
+    if (ret)
+        goto done;
+
+#ifdef KRB5_DNS_LOOKUP
+    if (list.nservers == 0) {
+        ret = dns_locate_server_uri(context, realm, &list, svc, transport);
+        if (ret)
+            goto done;
+    }
+
+    if (list.nservers == 0)
+        ret = dns_locate_server_srv(context, realm, &list, svc, transport);
+#endif
+
+done:
+    if (ret) {
+        k5_free_serverlist(&list);
+        return ret;
+    }
+    *serverlist = list;
+    return 0;
+}
+
+/*
+ * Wrapper function for the various backends
+ */
+
+krb5_error_code
+k5_locate_server(krb5_context context, const krb5_data *realm,
+                 struct serverlist *serverlist, enum locate_service_type svc,
+                 krb5_boolean no_udp)
+{
+    krb5_error_code ret;
+    k5_transport transport = no_udp ? TCP : TCP_OR_UDP;
+
+    memset(serverlist, 0, sizeof(*serverlist));
+    if (realm == NULL || realm->data == NULL || realm->data[0] == 0) {
+        k5_setmsg(context, KRB5_REALM_CANT_RESOLVE,
+                  "Cannot find KDC for invalid realm name \"\"");
+        return KRB5_REALM_CANT_RESOLVE;
+    }
+
+    ret = locate_server(context, realm, serverlist, svc, transport);
+    if (ret)
+        return ret;
+
+    if (serverlist->nservers == 0) {
+        k5_free_serverlist(serverlist);
+        k5_setmsg(context, KRB5_REALM_UNKNOWN,
+                  _("Cannot find KDC for realm \"%.*s\""),
+                  realm->length, realm->data);
+        return KRB5_REALM_UNKNOWN;
+    }
+    return 0;
+}
+
+krb5_error_code
+k5_locate_kdc(krb5_context context, const krb5_data *realm,
+              struct serverlist *serverlist, krb5_boolean get_primaries,
+              krb5_boolean no_udp)
+{
+    enum locate_service_type stype;
+
+    stype = get_primaries ? locate_service_primary_kdc : locate_service_kdc;
+    return k5_locate_server(context, realm, serverlist, stype, no_udp);
+}
+
+krb5_boolean
+k5_kdc_is_primary(krb5_context context, const krb5_data *realm,
+                  struct server_entry *server)
+{
+    struct serverlist list;
+    krb5_boolean found;
+
+    if (server->primary != -1)
+        return server->primary;
+
+    if (locate_server(context, realm, &list, locate_service_primary_kdc,
+                      server->transport) != 0)
+        return FALSE;
+    found = server_list_contains(&list, server);
+    k5_free_serverlist(&list);
+    return found;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/lock_file.c b/krb5-1.21.3/src/lib/krb5/os/lock_file.c
new file mode 100644
index 00000000..79817b36
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/lock_file.c
@@ -0,0 +1,182 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/lock_file.c */
+/*
+ * Copyright 1990, 1998 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+
+#if !defined(_WIN32)
+
+/* Unix version...  */
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <errno.h>
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#if defined(HAVE_FCNTL_H) && defined(F_SETLKW) && defined(F_RDLCK)
+#define POSIX_FILE_LOCKS
+
+/*
+ * Gnu libc bug 20251, fixed in 2.28, breaks OFD lock support on
+ * 32-bit platforms.  Work around this bug by explicitly using the
+ * fcntl64 system call and struct flock64.
+ */
+#if defined(__linux__) && __WORDSIZE == 32
+#include <sys/syscall.h>
+#ifdef SYS_fcntl64
+#define USE_FCNTL64
+#endif
+#endif
+#ifdef USE_FCNTL64
+/* Use the fcntl64 system call and struct flock64.  (Gnu libc does not
+ * define a fcntl64() function, so we must use syscall().) */
+#define fcntl(fd, cmd, arg) syscall(SYS_fcntl64, fd, cmd, arg)
+typedef struct flock64 fcntl_lock_st;
+#else
+/* Use regular fcntl() and struct flock. */
+typedef struct flock fcntl_lock_st;
+#endif
+
+#endif /* defined(HAVE_FCNTL_H) && defined(F_SETLKW) && defined(F_RDLCK) */
+
+#ifdef HAVE_FLOCK
+#ifndef sysvimp
+#include <sys/file.h>
+#endif
+#else
+#ifndef LOCK_SH
+#define LOCK_SH 0
+#define LOCK_EX 0
+#define LOCK_UN 0
+#endif
+#endif
+
+#ifdef POSIX_FILE_LOCKS
+/*
+ * Try to use OFD locks where available (e.g. Linux 3.15 and later).  OFD locks
+ * contend with regular POSIX file locks, but are owned by the open file
+ * description instead of the process, which is much better for thread safety.
+ * Fall back to regular POSIX locks on EINVAL in case we are running with an
+ * older kernel than we were built with.
+ */
+static int
+ofdlock(int fd, int cmd, fcntl_lock_st *lock_arg)
+{
+#ifdef F_OFD_SETLKW
+    int st, ofdcmd;
+
+    assert(cmd == F_SETLKW || cmd == F_SETLK);
+    ofdcmd = (cmd == F_SETLKW) ? F_OFD_SETLKW : F_OFD_SETLK;
+    st = fcntl(fd, ofdcmd, lock_arg);
+    if (st == 0 || errno != EINVAL)
+        return st;
+#endif
+    return fcntl(fd, cmd, lock_arg);
+}
+#endif /* POSIX_FILE_LOCKS */
+
+/*ARGSUSED*/
+krb5_error_code
+krb5_lock_file(krb5_context context, int fd, int mode)
+{
+    int                 lock_flag = -1;
+    krb5_error_code     retval = 0;
+#ifdef POSIX_FILE_LOCKS
+    int lock_cmd = F_SETLKW;
+    fcntl_lock_st lock_arg = { 0 };
+#endif
+
+    switch (mode & ~KRB5_LOCKMODE_DONTBLOCK) {
+    case KRB5_LOCKMODE_SHARED:
+#ifdef POSIX_FILE_LOCKS
+        lock_arg.l_type = F_RDLCK;
+#endif
+        lock_flag = LOCK_SH;
+        break;
+    case KRB5_LOCKMODE_EXCLUSIVE:
+#ifdef POSIX_FILE_LOCKS
+        lock_arg.l_type = F_WRLCK;
+#endif
+        lock_flag = LOCK_EX;
+        break;
+    case KRB5_LOCKMODE_UNLOCK:
+#ifdef POSIX_FILE_LOCKS
+        lock_arg.l_type = F_UNLCK;
+#endif
+        lock_flag = LOCK_UN;
+        break;
+    }
+
+    if (lock_flag == -1)
+        return(KRB5_LIBOS_BADLOCKFLAG);
+
+    if (mode & KRB5_LOCKMODE_DONTBLOCK) {
+#ifdef POSIX_FILE_LOCKS
+        lock_cmd = F_SETLK;
+#endif
+#ifdef HAVE_FLOCK
+        lock_flag |= LOCK_NB;
+#endif
+    }
+
+#ifdef POSIX_FILE_LOCKS
+    lock_arg.l_whence = 0;
+    lock_arg.l_start = 0;
+    lock_arg.l_len = 0;
+    if (ofdlock(fd, lock_cmd, &lock_arg) == -1) {
+        if (errno == EACCES || errno == EAGAIN) /* see POSIX/IEEE 1003.1-1988,
+                                                   6.5.2.4 */
+            return(EAGAIN);
+        if (errno != EINVAL)    /* Fall back to flock if we get EINVAL */
+            return(errno);
+        retval = errno;
+    } else
+        return 0;           /* We succeeded.  Yay. */
+#endif
+
+#ifdef HAVE_FLOCK
+    if (flock(fd, lock_flag) == -1)
+        retval = errno;
+#endif
+
+    return retval;
+}
+#else   /* Windows or Macintosh */
+
+krb5_error_code
+krb5_lock_file(context, fd, mode)
+    krb5_context context;
+    int fd;
+    int mode;
+{
+    return 0;
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/os/mk_faddr.c b/krb5-1.21.3/src/lib/krb5/os/mk_faddr.c
new file mode 100644
index 00000000..c7a6ddd5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/mk_faddr.c
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/mk_faddr.c - Generate full address from IP addr and port */
+/*
+ * Copyright 1995, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#ifdef HAVE_NETINET_IN_H
+
+#include "os-proto.h"
+#if !defined(_WINSOCKAPI_)
+
+#include <netinet/in.h>
+#endif
+
+krb5_error_code
+krb5_make_fulladdr(krb5_context context, krb5_address *kaddr,
+                   krb5_address *kport, krb5_address *raddr)
+{
+    krb5_octet *marshal;
+    krb5_int32 tmp32;
+    krb5_int16 tmp16;
+
+    if (kaddr == NULL || kport == NULL)
+        return EINVAL;
+
+    raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32));
+    if (!(raddr->contents = (krb5_octet *)malloc(raddr->length)))
+        return ENOMEM;
+
+    raddr->addrtype = ADDRTYPE_ADDRPORT;
+    marshal = raddr->contents;
+
+    tmp16 = kaddr->addrtype;
+    *marshal++ = 0x00;
+    *marshal++ = 0x00;
+    store_16_le(tmp16, marshal);
+    marshal += 2;
+
+    tmp32 = kaddr->length;
+    store_32_le(tmp32, marshal);
+    marshal += 4;
+
+    (void) memcpy(marshal, kaddr->contents, kaddr->length);
+    marshal += kaddr->length;
+
+    tmp16 = kport->addrtype;
+    *marshal++ = 0x00;
+    *marshal++ = 0x00;
+    store_16_le(tmp16, marshal);
+    marshal += 2;
+
+    tmp32 = kport->length;
+    store_32_le(tmp32, marshal);
+    marshal += 4;
+
+    (void) memcpy(marshal, kport->contents, kport->length);
+    marshal += kport->length;
+    return 0;
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/os/net_read.c b/krb5-1.21.3/src/lib/krb5/os/net_read.c
new file mode 100644
index 00000000..64a46226
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/net_read.c
@@ -0,0 +1,64 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/net_read.c */
+/*
+ * Copyright 1987, 1988, 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * krb5_net_read() reads from the file descriptor "fd" to the buffer
+ * "buf", until either 1) "len" bytes have been read or 2) cannot
+ * read anymore from "fd".  It returns the number of bytes read
+ * or a read() error.  (The calling interface is identical to
+ * read(2).)
+ *
+ * XXX must not use non-blocking I/O
+ */
+
+int
+krb5_net_read(krb5_context context, int fd, char *buf, int len)
+{
+    int cc, len2 = 0;
+
+    do {
+        cc = SOCKET_READ((SOCKET)fd, buf, len);
+        if (cc < 0) {
+            if (SOCKET_ERRNO == SOCKET_EINTR)
+                continue;
+
+            /* XXX this interface sucks! */
+            errno = SOCKET_ERRNO;
+
+            return(cc);          /* errno is already set */
+        }
+        else if (cc == 0) {
+            return(len2);
+        } else {
+            buf += cc;
+            len2 += cc;
+            len -= cc;
+        }
+    } while (len > 0);
+    return(len2);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/net_write.c b/krb5-1.21.3/src/lib/krb5/os/net_write.c
new file mode 100644
index 00000000..cc8c309d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/net_write.c
@@ -0,0 +1,81 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/net_write.c */
+/*
+ * Copyright 1987, 1988, 1990, 2009 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+/*
+ * krb5_net_write() writes "len" bytes from "buf" to the file
+ * descriptor "fd".  It returns the number of bytes written or
+ * a write() error.  (The calling interface is identical to
+ * write(2).)
+ *
+ * XXX must not use non-blocking I/O
+ */
+
+int
+krb5_net_write(krb5_context context, int fd, const char *buf, int len)
+{
+    sg_buf sg;
+    SG_SET(&sg, buf, len);
+    return krb5int_net_writev(context, fd, &sg, 1);
+}
+
+int
+krb5int_net_writev(krb5_context context, int fd, sg_buf *sgp, int nsg)
+{
+    ssize_t cc, len = 0;
+    SOCKET_WRITEV_TEMP tmp;
+
+    while (nsg > 0) {
+        /* Skip any empty data blocks.  */
+        if (SG_LEN(sgp) == 0) {
+            sgp++, nsg--;
+            continue;
+        }
+        cc = SOCKET_WRITEV((SOCKET)fd, sgp, nsg, tmp);
+        if (cc < 0) {
+            if (SOCKET_ERRNO == SOCKET_EINTR)
+                continue;
+
+            /* XXX this interface sucks! */
+            errno = SOCKET_ERRNO;
+            return -1;
+        }
+        len += cc;
+        while (cc > 0) {
+            if ((unsigned)cc < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, (unsigned)cc);
+                cc = 0;
+            } else {
+                cc -= SG_LEN(sgp);
+                sgp++, nsg--;
+                assert(nsg > 0 || cc == 0);
+            }
+        }
+    }
+    return len;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/os-proto.h b/krb5-1.21.3/src/lib/krb5/os/os-proto.h
new file mode 100644
index 00000000..91d2791c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/os-proto.h
@@ -0,0 +1,255 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/os-proto.h */
+/*
+ * Copyright 1990,1991,2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * LIBOS internal function prototypes.
+ */
+
+#ifndef KRB5_LIBOS_INT_PROTO__
+#define KRB5_LIBOS_INT_PROTO__
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+#include <krb5/locate_plugin.h>
+
+typedef enum {
+    TCP_OR_UDP = 0,
+    TCP,
+    UDP,
+    HTTPS,
+} k5_transport;
+
+typedef enum {
+    UDP_FIRST = 0,
+    UDP_LAST,
+    NO_UDP,
+    ONLY_UDP
+} k5_transport_strategy;
+
+/* A single server hostname or address. */
+struct server_entry {
+    char *hostname;             /* NULL -> use addrlen/addr instead */
+    int port;                   /* Used only if hostname set */
+    k5_transport transport;     /* May be 0 for UDP/TCP if hostname set */
+    char *uri_path;             /* Used only if transport is HTTPS */
+    int family;                 /* May be 0 (aka AF_UNSPEC) if hostname set */
+    int primary;                /* True, false, or -1 for unknown. */
+    size_t addrlen;
+    struct sockaddr_storage addr;
+};
+
+/* A list of server hostnames/addresses. */
+struct serverlist {
+    struct server_entry *servers;
+    size_t nservers;
+};
+#define SERVERLIST_INIT { NULL, 0 }
+
+struct remote_address {
+    k5_transport transport;
+    int family;
+    socklen_t len;
+    struct sockaddr_storage saddr;
+};
+
+struct sendto_callback_info {
+    int (*pfn_callback)(SOCKET fd, void *data, krb5_data *message);
+    void (*pfn_cleanup)(void *data, krb5_data *message);
+    void *data;
+};
+
+/*
+ * Initialize with all zeros except for princ.  Set no_hostrealm to disable
+ * host-to-realm lookup, which ordinarily happens during fallback processing
+ * after canonicalizing the host part.  Set subst_defrealm to substitute the
+ * default realm for the referral realm after realm lookup.  Do not set both
+ * flags.  Free with free_canonprinc() when done.
+ *
+ * no_hostrealm only applies if fallback processing is in use
+ * (dns_canonicalize_hostname = fallback).  It will not remove the realm if
+ * krb5_sname_to_principal() already canonicalized the hostname and looked up a
+ * realm.  subst_defrealm applies whether or not fallback processing is in use.
+ */
+struct canonprinc {
+    krb5_const_principal princ;
+    krb5_boolean no_hostrealm;
+    krb5_boolean subst_defrealm;
+    int step;
+    char *canonhost;
+    char *realm;
+    krb5_principal_data copy;
+    krb5_data components[2];
+};
+
+/* Yield one or two candidate canonical principal names for iter, then NULL.
+ * Output names are valid for one iteration and must not be freed. */
+krb5_error_code k5_canonprinc(krb5_context context, struct canonprinc *iter,
+                              krb5_const_principal *princ_out);
+
+static inline void
+free_canonprinc(struct canonprinc *iter)
+{
+    free(iter->canonhost);
+    free(iter->realm);
+}
+
+krb5_error_code k5_expand_hostname(krb5_context context, const char *host,
+                                   krb5_boolean is_fallback,
+                                   char **canonhost_out);
+
+krb5_error_code k5_locate_server(krb5_context, const krb5_data *realm,
+                                 struct serverlist *serverlist,
+                                 enum locate_service_type svc,
+                                 krb5_boolean no_udp);
+
+krb5_error_code k5_locate_kdc(krb5_context context, const krb5_data *realm,
+                              struct serverlist *serverlist,
+                              krb5_boolean get_primaries, krb5_boolean no_udp);
+
+krb5_boolean k5_kdc_is_primary(krb5_context context, const krb5_data *realm,
+                               struct server_entry *server);
+
+void k5_free_serverlist(struct serverlist *);
+
+#ifdef HAVE_NETINET_IN_H
+krb5_error_code krb5_unpack_full_ipaddr(krb5_context,
+                                        const krb5_address *,
+                                        krb5_int32 *,
+                                        krb5_int16 *);
+
+krb5_error_code krb5_make_full_ipaddr(krb5_context,
+                                      krb5_int32,
+                                      int,   /* unsigned short promotes to signed int */
+                                      krb5_address **);
+
+#endif /* HAVE_NETINET_IN_H */
+
+struct srv_dns_entry {
+    struct srv_dns_entry *next;
+    int priority;
+    int weight;
+    unsigned short port;
+    char *host;
+};
+
+krb5_error_code
+krb5int_make_srv_query_realm(krb5_context context, const krb5_data *realm,
+                             const char *service, const char *protocol,
+                             struct srv_dns_entry **answers);
+
+void krb5int_free_srv_dns_data(struct srv_dns_entry *);
+
+krb5_error_code
+k5_make_uri_query(krb5_context context, const krb5_data *realm,
+                  const char *service, struct srv_dns_entry **answers);
+
+krb5_error_code k5_try_realm_txt_rr(krb5_context context, const char *prefix,
+                                    const char *name, char **realm);
+
+char *k5_primary_domain(void);
+
+int _krb5_use_dns_realm (krb5_context);
+int _krb5_use_dns_kdc (krb5_context);
+int _krb5_conf_boolean (const char *);
+
+krb5_error_code k5_sendto(krb5_context context, const krb5_data *message,
+                          const krb5_data *realm,
+                          const struct serverlist *addrs,
+                          k5_transport_strategy strategy,
+                          struct sendto_callback_info *callback_info,
+                          krb5_data *reply, struct sockaddr *remoteaddr,
+                          socklen_t *remoteaddrlen, int *server_used,
+                          int (*msg_handler)(krb5_context, const krb5_data *,
+                                             void *),
+                          void *msg_handler_data);
+
+krb5_error_code krb5int_get_fq_local_hostname(char **);
+
+/* The io vector is *not* const here, unlike writev()!  */
+int krb5int_net_writev (krb5_context, int, sg_buf *, int);
+
+int k5_getcurtime(struct timeval *tvp);
+
+krb5_error_code k5_expand_path_tokens(krb5_context context,
+                                      const char *path_in, char **path_out);
+krb5_error_code k5_expand_path_tokens_extra(krb5_context context,
+                                            const char *path_in,
+                                            char **path_out, ...);
+
+krb5_error_code k5_create_secure_file(krb5_context, const char * pathname);
+krb5_error_code k5_sync_disk_file(krb5_context, FILE *fp);
+krb5_error_code k5_os_init_context(krb5_context context, profile_t profile,
+                                   krb5_flags flags);
+void k5_os_free_context(krb5_context);
+krb5_error_code k5_os_hostaddr(krb5_context, const char *, krb5_address ***);
+krb5_error_code k5_time_with_offset(krb5_timestamp offset,
+                                    krb5_int32 offset_usec,
+                                    krb5_timestamp *time_out,
+                                    krb5_int32 *usec_out);
+void k5_set_prompt_types(krb5_context, krb5_prompt_type *);
+krb5_boolean k5_is_numeric_address(const char *name);
+krb5_error_code k5_make_realmlist(const char *realm, char ***realms_out);
+krb5_error_code k5_kt_client_default_name(krb5_context context,
+                                          char **name_out);
+krb5_error_code k5_write_messages(krb5_context, krb5_pointer, krb5_data *,
+                                  int);
+void k5_init_trace(krb5_context context);
+
+#include "k5-thread.h"
+extern k5_mutex_t krb5int_us_time_mutex;
+
+extern unsigned int krb5_max_skdc_timeout;
+extern unsigned int krb5_skdc_timeout_shift;
+extern unsigned int krb5_skdc_timeout_1;
+
+void k5_hostrealm_free_context(krb5_context);
+krb5_error_code hostrealm_profile_initvt(krb5_context context, int maj_ver,
+                                         int min_ver,
+                                         krb5_plugin_vtable vtable);
+krb5_error_code hostrealm_registry_initvt(krb5_context context, int maj_ver,
+                                          int min_ver,
+                                          krb5_plugin_vtable vtable);
+krb5_error_code hostrealm_dns_initvt(krb5_context context, int maj_ver,
+                                     int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code hostrealm_domain_initvt(krb5_context context, int maj_ver,
+                                        int min_ver,
+                                        krb5_plugin_vtable vtable);
+
+void k5_localauth_free_context(krb5_context);
+krb5_error_code localauth_names_initvt(krb5_context context, int maj_ver,
+                                       int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code localauth_rule_initvt(krb5_context context, int maj_ver,
+                                      int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code localauth_k5login_initvt(krb5_context context, int maj_ver,
+                                         int min_ver,
+                                         krb5_plugin_vtable vtable);
+krb5_error_code localauth_an2ln_initvt(krb5_context context, int maj_ver,
+                                       int min_ver, krb5_plugin_vtable vtable);
+
+#endif /* KRB5_LIBOS_INT_PROTO__ */
diff --git a/krb5-1.21.3/src/lib/krb5/os/port2ip.c b/krb5-1.21.3/src/lib/krb5/os/port2ip.c
new file mode 100644
index 00000000..94c0430f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/port2ip.c
@@ -0,0 +1,81 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/port2ip.c - Split full address into IP address and port */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include "os-proto.h"
+
+krb5_error_code
+krb5_unpack_full_ipaddr(krb5_context context, const krb5_address *inaddr, krb5_int32 *adr, krb5_int16 *port)
+{
+    unsigned long smushaddr;
+    unsigned short smushport;
+    krb5_octet *marshal;
+    krb5_addrtype temptype;
+    krb5_ui_4 templength;
+
+    if (inaddr->addrtype != ADDRTYPE_ADDRPORT)
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    if (inaddr->length != sizeof(smushaddr)+ sizeof(smushport) +
+        2*sizeof(temptype) + 2*sizeof(templength))
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    marshal = inaddr->contents;
+
+    (void) memcpy(&temptype, marshal, sizeof(temptype));
+    marshal += sizeof(temptype);
+    if (temptype != htons(ADDRTYPE_INET))
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    (void) memcpy(&templength, marshal, sizeof(templength));
+    marshal += sizeof(templength);
+    if (templength != htonl(sizeof(smushaddr)))
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    (void) memcpy(&smushaddr, marshal, sizeof(smushaddr));
+    /* leave in net order */
+    marshal += sizeof(smushaddr);
+
+    (void) memcpy(&temptype, marshal, sizeof(temptype));
+    marshal += sizeof(temptype);
+    if (temptype != htons(ADDRTYPE_IPPORT))
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    (void) memcpy(&templength, marshal, sizeof(templength));
+    marshal += sizeof(templength);
+    if (templength != htonl(sizeof(smushport)))
+        return KRB5_PROG_ATYPE_NOSUPP;
+
+    (void) memcpy(&smushport, marshal, sizeof(smushport));
+    /* leave in net order */
+
+    *adr = (krb5_int32) smushaddr;
+    *port = (krb5_int16) smushport;
+    return 0;
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/os/prompter.c b/krb5-1.21.3/src/lib/krb5/os/prompter.c
new file mode 100644
index 00000000..53a26ed0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/prompter.c
@@ -0,0 +1,331 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+#include "os-proto.h"
+#if !defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__))
+#include <stdio.h>
+#include <errno.h>
+#include <signal.h>
+#include <limits.h>
+/* Is vxworks broken w.r.t. termios? --tlyu */
+#ifdef __vxworks
+#define ECHO_PASSWORD
+#endif
+
+#include <termios.h>
+
+#ifdef POSIX_SIGNALS
+typedef struct sigaction osiginfo;
+#else
+typedef struct void (*osiginfo)();
+#endif
+
+static void     catch_signals(osiginfo *);
+static void     restore_signals(osiginfo *);
+static void     intrfunc(int sig);
+
+static krb5_error_code  setup_tty(FILE*, int, struct termios *, osiginfo *);
+static krb5_error_code  restore_tty(FILE*, struct termios *, osiginfo *);
+
+static volatile int got_int;    /* should be sig_atomic_t */
+
+krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix(
+    krb5_context        context,
+    void                *data,
+    const char          *name,
+    const char          *banner,
+    int                 num_prompts,
+    krb5_prompt         prompts[])
+{
+    int         fd, i, scratchchar;
+    FILE        *fp;
+    char        *retp;
+    krb5_error_code     errcode;
+    struct termios saveparm;
+    osiginfo osigint;
+
+    errcode = KRB5_LIBOS_CANTREADPWD;
+
+    if (name) {
+        fputs(name, stdout);
+        fputs("\n", stdout);
+    }
+    if (banner) {
+        fputs(banner, stdout);
+        fputs("\n", stdout);
+    }
+
+    /*
+     * Get a non-buffered stream on stdin.
+     */
+    fp = NULL;
+    fd = dup(STDIN_FILENO);
+    if (fd < 0)
+        return KRB5_LIBOS_CANTREADPWD;
+    set_cloexec_fd(fd);
+    fp = fdopen(fd, "r");
+    if (fp == NULL)
+        goto cleanup;
+    if (setvbuf(fp, NULL, _IONBF, 0))
+        goto cleanup;
+
+    for (i = 0; i < num_prompts; i++) {
+        errcode = KRB5_LIBOS_CANTREADPWD;
+        /* fgets() takes int, but krb5_data.length is unsigned. */
+        if (prompts[i].reply->length > INT_MAX)
+            goto cleanup;
+
+        errcode = setup_tty(fp, prompts[i].hidden, &saveparm, &osigint);
+        if (errcode)
+            break;
+
+        /* put out the prompt */
+        (void)fputs(prompts[i].prompt, stdout);
+        (void)fputs(": ", stdout);
+        (void)fflush(stdout);
+        (void)memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+
+        got_int = 0;
+        retp = fgets(prompts[i].reply->data, (int)prompts[i].reply->length,
+                     fp);
+        if (prompts[i].hidden)
+            putchar('\n');
+        if (retp == NULL) {
+            if (got_int)
+                errcode = KRB5_LIBOS_PWDINTR;
+            else
+                errcode = KRB5_LIBOS_CANTREADPWD;
+            restore_tty(fp, &saveparm, &osigint);
+            break;
+        }
+
+        /* replace newline with null */
+        retp = strchr(prompts[i].reply->data, '\n');
+        if (retp != NULL)
+            *retp = '\0';
+        else {
+            /* flush rest of input line */
+            do {
+                scratchchar = getc(fp);
+            } while (scratchchar != EOF && scratchchar != '\n');
+        }
+
+        errcode = restore_tty(fp, &saveparm, &osigint);
+        if (errcode)
+            break;
+        prompts[i].reply->length = strlen(prompts[i].reply->data);
+    }
+cleanup:
+    if (fp != NULL)
+        fclose(fp);
+    else if (fd >= 0)
+        close(fd);
+
+    return errcode;
+}
+
+static void
+intrfunc(int sig)
+{
+    got_int = 1;
+}
+
+static void
+catch_signals(osiginfo *osigint)
+{
+#ifdef POSIX_SIGNALS
+    struct sigaction sa;
+
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = 0;
+    sa.sa_handler = intrfunc;
+    sigaction(SIGINT, &sa, osigint);
+#else
+    *osigint = signal(SIGINT, intrfunc);
+#endif
+}
+
+static void
+restore_signals(osiginfo *osigint)
+{
+#ifdef POSIX_SIGNALS
+    sigaction(SIGINT, osigint, NULL);
+#else
+    signal(SIGINT, *osigint);
+#endif
+}
+
+static krb5_error_code
+setup_tty(FILE *fp, int hidden, struct termios *saveparm, osiginfo *osigint)
+{
+    krb5_error_code     ret;
+    int                 fd;
+    struct termios      tparm;
+
+    ret = KRB5_LIBOS_CANTREADPWD;
+    catch_signals(osigint);
+    fd = fileno(fp);
+    do {
+        if (!isatty(fd)) {
+            ret = 0;
+            break;
+        }
+        if (tcgetattr(fd, &tparm) < 0)
+            break;
+        *saveparm = tparm;
+#ifndef ECHO_PASSWORD
+        if (hidden)
+            tparm.c_lflag &= ~(ECHO|ECHONL);
+#endif
+        tparm.c_lflag |= ISIG|ICANON;
+        if (tcsetattr(STDIN_FILENO, TCSANOW, &tparm) < 0)
+            break;
+        ret = 0;
+    } while (0);
+    /* If we're losing, restore signal handlers. */
+    if (ret)
+        restore_signals(osigint);
+    return ret;
+}
+
+static krb5_error_code
+restore_tty(FILE* fp, struct termios *saveparm, osiginfo *osigint)
+{
+    int ret, fd;
+
+    ret = 0;
+    fd = fileno(fp);
+    if (isatty(fd)) {
+        ret = tcsetattr(fd, TCSANOW, saveparm);
+        if (ret < 0)
+            ret = KRB5_LIBOS_CANTREADPWD;
+        else
+            ret = 0;
+    }
+    restore_signals(osigint);
+    return ret;
+}
+
+#else /* non-Cygwin Windows, or Mac */
+
+#if defined(_WIN32)
+
+#include <io.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix(krb5_context context,
+                    void *data,
+                    const char *name,
+                    const char *banner,
+                    int num_prompts,
+                    krb5_prompt prompts[])
+{
+    HANDLE              handle;
+    DWORD               old_mode, new_mode;
+    char                *ptr;
+    int                 scratchchar;
+    krb5_error_code     errcode = 0;
+    int                 i;
+
+    handle = GetStdHandle(STD_INPUT_HANDLE);
+    if (handle == INVALID_HANDLE_VALUE)
+        return ENOTTY;
+    if (!GetConsoleMode(handle, &old_mode))
+        return ENOTTY;
+
+    new_mode = old_mode;
+    new_mode |=  ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT );
+    new_mode &= ~( ENABLE_ECHO_INPUT );
+
+    if (!SetConsoleMode(handle, new_mode))
+        return ENOTTY;
+
+    if (!SetConsoleMode(handle, old_mode))
+        return ENOTTY;
+
+    if (name) {
+        fputs(name, stdout);
+        fputs("\n", stdout);
+    }
+
+    if (banner) {
+        fputs(banner, stdout);
+        fputs("\n", stdout);
+    }
+
+    for (i = 0; i < num_prompts; i++) {
+        if (prompts[i].hidden) {
+            if (!SetConsoleMode(handle, new_mode)) {
+                errcode = ENOTTY;
+                goto cleanup;
+            }
+        }
+
+        fputs(prompts[i].prompt,stdout);
+        fputs(": ", stdout);
+        fflush(stdout);
+        memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+
+        if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin)
+            == NULL) {
+            if (prompts[i].hidden)
+                putchar('\n');
+            errcode = KRB5_LIBOS_CANTREADPWD;
+            goto cleanup;
+        }
+        if (prompts[i].hidden)
+            putchar('\n');
+        /* fgets always null-terminates the returned string */
+
+        /* replace newline with null */
+        if ((ptr = strchr(prompts[i].reply->data, '\n')))
+            *ptr = '\0';
+        else /* flush rest of input line */
+            do {
+                scratchchar = getchar();
+            } while (scratchchar != EOF && scratchchar != '\n');
+
+        prompts[i].reply->length = strlen(prompts[i].reply->data);
+
+        if (!SetConsoleMode(handle, old_mode)) {
+            errcode = ENOTTY;
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    if (errcode) {
+        for (i = 0; i < num_prompts; i++) {
+            memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+        }
+    }
+    return errcode;
+}
+
+#else /* !_WIN32 */
+
+krb5_error_code KRB5_CALLCONV
+krb5_prompter_posix(krb5_context context,
+                    void *data,
+                    const char *name,
+                    const char *banner,
+                    int num_prompts,
+                    krb5_prompt prompts[])
+{
+    return(EINVAL);
+}
+#endif /* !_WIN32 */
+#endif /* Windows or Mac */
+
+void
+k5_set_prompt_types(krb5_context context, krb5_prompt_type *types)
+{
+    context->prompt_types = types;
+}
+
+krb5_prompt_type*
+KRB5_CALLCONV
+krb5_get_prompt_types(krb5_context context)
+{
+    return context->prompt_types;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/read_msg.c b/krb5-1.21.3/src/lib/krb5/os/read_msg.c
new file mode 100644
index 00000000..6c80d53b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/read_msg.c
@@ -0,0 +1,62 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/read_msg.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <errno.h>
+
+krb5_error_code
+krb5_read_message(krb5_context context, krb5_pointer fdp, krb5_data *inbuf)
+{
+    krb5_int32      len;
+    int             len2, ilen;
+    char            *buf = NULL;
+    int             fd = *( (int *) fdp);
+
+    *inbuf = empty_data();
+
+    if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4)
+        return((len2 < 0) ? errno : ECONNABORTED);
+    len = ntohl(len);
+
+    if ((len & VALID_UINT_BITS) != (krb5_ui_4) len)  /* Overflow size_t??? */
+        return ENOMEM;
+
+    ilen = (int)len;
+    if (ilen) {
+        /*
+         * We may want to include a sanity check here someday....
+         */
+        if (!(buf = malloc(ilen))) {
+            return(ENOMEM);
+        }
+        if ((len2 = krb5_net_read(context, fd, buf, ilen)) != ilen) {
+            free(buf);
+            return((len2 < 0) ? errno : ECONNABORTED);
+        }
+    }
+    *inbuf = make_data(buf, ilen);
+    return(0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/read_pwd.c b/krb5-1.21.3/src/lib/krb5/os/read_pwd.c
new file mode 100644
index 00000000..4a5337f3
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/read_pwd.c
@@ -0,0 +1,295 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/read_pwd.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#if !defined(_WIN32)
+#define DEFINED_KRB5_READ_PASSWORD
+#include <stdio.h>
+#include <errno.h>
+#include <signal.h>
+#include <setjmp.h>
+
+#ifndef ECHO_PASSWORD
+#include <termios.h>
+#endif /* ECHO_PASSWORD */
+
+krb5_error_code
+krb5_read_password(krb5_context context,
+                   const char *prompt, const char *prompt2,
+                   char *return_pwd, unsigned int *size_return)
+{
+    krb5_data reply_data, verify_data = empty_data();
+    krb5_prompt k5prompt, vprompt;
+    krb5_error_code retval;
+
+    /* *size_return is the space available in the return buffer on input. */
+    reply_data = make_data(return_pwd, *size_return);
+    k5prompt.prompt = (char *)prompt;
+    k5prompt.hidden = 1;
+    k5prompt.reply = &reply_data;
+    retval = krb5_prompter_posix(NULL, NULL, NULL, NULL, 1, &k5prompt);
+    if (retval || prompt2 == NULL)
+        goto done;
+
+    retval = alloc_data(&verify_data, *size_return);
+    if (retval)
+        goto done;
+    vprompt.prompt = (char *)prompt2;
+    vprompt.hidden = 1;
+    vprompt.reply = &verify_data;
+    retval = krb5_prompter_posix(NULL, NULL, NULL, NULL, 1, &vprompt);
+    if (retval)
+        goto done;
+    if (strncmp(return_pwd, verify_data.data, *size_return) != 0)
+        retval = KRB5_LIBOS_BADPWDMATCH;
+
+done:
+    zapfree(verify_data.data, verify_data.length);
+    if (!retval)
+        *size_return = k5prompt.reply->length;
+    else
+        zap(return_pwd, *size_return);
+    return retval;
+}
+#endif
+
+#if defined(_WIN32)
+#define DEFINED_KRB5_READ_PASSWORD
+
+#include <io.h>
+
+typedef struct {
+    char *pwd_prompt;
+    char *pwd_prompt2;
+    char *pwd_return_pwd;
+    int  *pwd_size_return;
+} pwd_params;
+
+void
+center_dialog(HWND hwnd)
+{
+    int scrwidth, scrheight;
+    int dlgwidth, dlgheight;
+    RECT r;
+    HDC hdc;
+
+    if (hwnd == NULL)
+        return;
+
+    GetWindowRect(hwnd, &r);
+    dlgwidth = r.right  - r.left;
+    dlgheight = r.bottom - r.top ;
+    hdc = GetDC(NULL);
+    scrwidth = GetDeviceCaps(hdc, HORZRES);
+    scrheight = GetDeviceCaps(hdc, VERTRES);
+    ReleaseDC(NULL, hdc);
+    r.left = (scrwidth - dlgwidth) / 2;
+    r.top  = (scrheight - dlgheight) / 2;
+    MoveWindow(hwnd, r.left, r.top, dlgwidth, dlgheight, TRUE);
+}
+
+#ifdef _WIN32
+static krb5_error_code
+read_console_password(krb5_context        context,
+                      const char          * prompt,
+                      const char          * prompt2,
+                      char                * password,
+                      int                 * pwsize)
+{
+    HANDLE              handle;
+    DWORD               old_mode, new_mode;
+    char                *tmpstr = 0;
+    char                *ptr;
+    int                 scratchchar;
+    krb5_error_code     errcode = 0;
+
+    handle = GetStdHandle(STD_INPUT_HANDLE);
+    if (handle == INVALID_HANDLE_VALUE)
+        return ENOTTY;
+    if (!GetConsoleMode(handle, &old_mode))
+        return ENOTTY;
+
+    new_mode = old_mode;
+    new_mode |=  ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT );
+    new_mode &= ~( ENABLE_ECHO_INPUT );
+
+    if (!SetConsoleMode(handle, new_mode))
+        return ENOTTY;
+
+    (void) fputs(prompt, stdout);
+    (void) fflush(stdout);
+    (void) memset(password, 0, *pwsize);
+
+    if (fgets(password, *pwsize, stdin) == NULL) {
+        (void) putchar('\n');
+        errcode = KRB5_LIBOS_CANTREADPWD;
+        goto cleanup;
+    }
+    (void) putchar('\n');
+
+    if ((ptr = strchr(password, '\n')))
+        *ptr = '\0';
+    else /* need to flush */
+        do {
+            scratchchar = getchar();
+        } while (scratchchar != EOF && scratchchar != '\n');
+
+    if (prompt2) {
+        if (! (tmpstr = (char *)malloc(*pwsize))) {
+            errcode = ENOMEM;
+            goto cleanup;
+        }
+        (void) fputs(prompt2, stdout);
+        (void) fflush(stdout);
+        if (fgets(tmpstr, *pwsize, stdin) == NULL) {
+            (void) putchar('\n');
+            errcode = KRB5_LIBOS_CANTREADPWD;
+            goto cleanup;
+        }
+        (void) putchar('\n');
+
+        if ((ptr = strchr(tmpstr, '\n')))
+            *ptr = '\0';
+        else /* need to flush */
+            do {
+                scratchchar = getchar();
+            } while (scratchchar != EOF && scratchchar != '\n');
+
+        if (strncmp(password, tmpstr, *pwsize)) {
+            errcode = KRB5_LIBOS_BADPWDMATCH;
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    (void) SetConsoleMode(handle, old_mode);
+    if (tmpstr) {
+        (void) memset(tmpstr, 0, *pwsize);
+        (void) free(tmpstr);
+    }
+    if (errcode)
+        (void) memset(password, 0, *pwsize);
+    else
+        *pwsize = strlen(password);
+    return errcode;
+}
+#endif
+
+static int CALLBACK
+read_pwd_proc(HWND hdlg, UINT msg, WPARAM wParam, LPARAM lParam)
+{
+    pwd_params *dp;
+
+    switch(msg) {
+    case WM_INITDIALOG:
+        dp = (pwd_params *) lParam;
+        SetWindowLongPtr(hdlg, DWLP_USER, lParam);
+        SetDlgItemText(hdlg, ID_READ_PWD_PROMPT, dp->pwd_prompt);
+        SetDlgItemText(hdlg, ID_READ_PWD_PROMPT2, dp->pwd_prompt2);
+        SetDlgItemText(hdlg, ID_READ_PWD_PWD, "");
+        center_dialog(hdlg);
+        return TRUE;
+
+    case WM_COMMAND:
+        dp = (pwd_params *) GetWindowLongPtr(hdlg, DWLP_USER);
+        switch (wParam) {
+        case IDOK:
+            *(dp->pwd_size_return) =
+                GetDlgItemText(hdlg, ID_READ_PWD_PWD,
+                               dp->pwd_return_pwd, *(dp->pwd_size_return));
+            EndDialog(hdlg, TRUE);
+            break;
+
+        case IDCANCEL:
+            memset(dp->pwd_return_pwd, 0 , *(dp->pwd_size_return));
+            *(dp->pwd_size_return) = 0;
+            EndDialog(hdlg, FALSE);
+            break;
+        }
+        return TRUE;
+
+    default:
+        return FALSE;
+    }
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_read_password(context, prompt, prompt2, return_pwd, size_return)
+    krb5_context context;
+    const char *prompt;
+    const char *prompt2;
+    char *return_pwd;
+    int *size_return;
+{
+    DLGPROC dlgproc;
+    HINSTANCE hinst;
+    pwd_params dps;
+    int rc;
+
+#ifdef _WIN32
+    if (_isatty(_fileno(stdin)))
+        return(read_console_password
+               (context, prompt, prompt2, return_pwd, size_return));
+#endif
+
+    dps.pwd_prompt = prompt;
+    dps.pwd_prompt2 = prompt2;
+    dps.pwd_return_pwd = return_pwd;
+    dps.pwd_size_return = size_return;
+
+    hinst = get_lib_instance();
+#ifdef _WIN32
+    dlgproc = read_pwd_proc;
+#else
+    dlgproc = (FARPROC) MakeProcInstance(read_pwd_proc, hinst);
+#endif
+    rc = DialogBoxParam(hinst, MAKEINTRESOURCE(ID_READ_PWD_DIALOG), 0,
+                        dlgproc, (LPARAM) &dps);
+#ifndef _WIN32
+    FreeProcInstance ((FARPROC) dlgproc);
+#endif
+    return 0;
+}
+#endif
+
+#ifndef DEFINED_KRB5_READ_PASSWORD
+#define DEFINED_KRB5_READ_PASSWORD
+/*
+ * Don't expect to be called, just define it for sanity and the linker.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_read_password(context, prompt, prompt2, return_pwd, size_return)
+    krb5_context context;
+    const char *prompt;
+    const char *prompt2;
+    char *return_pwd;
+    int *size_return;
+{
+    *size_return = 0;
+    return KRB5_LIBOS_CANTREADPWD;
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/os/realm_dom.c b/krb5-1.21.3/src/lib/krb5/os/realm_dom.c
new file mode 100644
index 00000000..08e35d49
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/realm_dom.c
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/realm_dom.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Determines the proper domain name for a realm.  This is mainly so that
+ * a krb4 principal can be converted properly into a krb5 principal.
+ * Currently, the same style of mapping file used in krb4.
+ *
+ * If realm is NULL, this function will assume the default realm
+ * of the local host.
+ *
+ * The returned domain is allocated, and must be freed by the caller.
+ *
+ * This was hacked together from krb5_get_host_realm().
+ */
+
+#include "k5-int.h"
+#include <ctype.h>
+#include <stdio.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_realm_domain(krb5_context context, const char *realm, char **domain)
+{
+    krb5_error_code retval;
+    char *temp_domain = 0;
+
+    retval = profile_get_string(context->profile, KRB5_CONF_REALMS, realm,
+                                KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain);
+    if (!retval && temp_domain)
+    {
+        *domain = strdup(temp_domain);
+        if (!*domain) {
+            retval = ENOMEM;
+        }
+        profile_release_string(temp_domain);
+    }
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/ref_std_conf.out b/krb5-1.21.3/src/lib/krb5/os/ref_std_conf.out
new file mode 100644
index 00000000..1e8f5fb9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/ref_std_conf.out
@@ -0,0 +1,11 @@
+krb5_get_default_realm() returned 'DEFAULT.REALM.TST'
+krb5_set_default_realm(NEW.DEFAULT.REALM)
+krb5_get_default_realm() returned 'NEW.DEFAULT.REALM'
+krb5_get_realm_domain(DEFAULT_REALM.TST) returned 'MIT.EDU'
+krb_get_host_realm(bad.idea) returned: 'US.GOV'
+krb_get_host_realm(itar.bad.idea) returned: 'NSA.GOV'
+krb_get_host_realm(really.BAD.IDEA.) returned: 'NSA.GOV'
+krb_get_host_realm(clipper.bad.idea) returned: 'NIST.GOV'
+krb_get_host_realm(KeYEsCrOW.BaD.IDea) returned: 'NSA.GOV'
+krb_get_host_realm(pgp.good.idea) returned: ''
+krb_get_host_realm(no_domain) returned: ''
diff --git a/krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c b/krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c
new file mode 100644
index 00000000..0f4bf23a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c
@@ -0,0 +1,1613 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/sendto_kdc.c */
+/*
+ * Copyright 1990,1991,2001,2002,2004,2005,2007,2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * MS-KKDCP implementation Copyright 2013,2014 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Send packet to KDC for realm; wait for response, retransmitting
+ * as necessary. */
+
+#include "k5-int.h"
+#include "k5-tls.h"
+#include "fake-addrinfo.h"
+
+#include "os-proto.h"
+
+#if defined(HAVE_POLL_H)
+#include <poll.h>
+#define USE_POLL
+#define MAX_POLLFDS 1024
+#elif defined(HAVE_SYS_SELECT_H)
+#include <sys/select.h>
+#endif
+
+#ifndef _WIN32
+/* For FIONBIO.  */
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_FILIO_H
+#include <sys/filio.h>
+#endif
+#endif
+
+#define MAX_PASS                    3
+#define DEFAULT_UDP_PREF_LIMIT   1465
+#define HARD_UDP_LIMIT          32700 /* could probably do 64K-epsilon ? */
+#define PORT_LENGTH                 6 /* decimal repr of UINT16_MAX */
+
+/* Select state flags.  */
+#define SSF_READ 0x01
+#define SSF_WRITE 0x02
+#define SSF_EXCEPTION 0x04
+
+typedef int64_t time_ms;
+
+/* This can be pretty large, so should not be stack-allocated. */
+struct select_state {
+#ifdef USE_POLL
+    struct pollfd fds[MAX_POLLFDS];
+#else
+    int max;
+    fd_set rfds, wfds, xfds;
+#endif
+    int nfds;
+};
+
+/* connection states */
+enum conn_states { INITIALIZING, CONNECTING, WRITING, READING, FAILED };
+struct incoming_message {
+    size_t bufsizebytes_read;
+    size_t bufsize;
+    size_t pos;
+    char *buf;
+    unsigned char bufsizebytes[4];
+    size_t n_left;
+};
+
+struct outgoing_message {
+    sg_buf sgbuf[2];
+    sg_buf *sgp;
+    int sg_count;
+    unsigned char msg_len_buf[4];
+};
+
+struct conn_state;
+typedef krb5_boolean fd_handler_fn(krb5_context context,
+                                   const krb5_data *realm,
+                                   struct conn_state *conn,
+                                   struct select_state *selstate);
+
+struct conn_state {
+    SOCKET fd;
+    enum conn_states state;
+    fd_handler_fn *service_connect;
+    fd_handler_fn *service_write;
+    fd_handler_fn *service_read;
+    struct remote_address addr;
+    struct incoming_message in;
+    struct outgoing_message out;
+    krb5_data callback_buffer;
+    size_t server_index;
+    struct conn_state *next;
+    time_ms endtime;
+    krb5_boolean defer;
+    struct {
+        const char *uri_path;
+        const char *servername;
+        char port[PORT_LENGTH];
+        char *https_request;
+        k5_tls_handle tls;
+    } http;
+};
+
+/* Set up context->tls.  On allocation failure, return ENOMEM.  On plugin load
+ * failure, set context->tls to point to a nulled vtable and return 0. */
+static krb5_error_code
+init_tls_vtable(krb5_context context)
+{
+    krb5_plugin_initvt_fn initfn;
+    krb5_error_code ret;
+
+    if (context->tls != NULL)
+        return 0;
+
+    context->tls = calloc(1, sizeof(*context->tls));
+    if (context->tls == NULL)
+        return ENOMEM;
+
+    /* Attempt to load the module; just let it stay nulled out on failure. */
+    k5_plugin_register_dyn(context, PLUGIN_INTERFACE_TLS, "k5tls", "tls");
+    ret = k5_plugin_load(context, PLUGIN_INTERFACE_TLS, "k5tls", &initfn);
+    if (!ret)
+        (*initfn)(context, 0, 0, (krb5_plugin_vtable)context->tls);
+    else
+        TRACE_SENDTO_KDC_K5TLS_LOAD_ERROR(context, ret);
+
+    return 0;
+}
+
+/* Get current time in milliseconds. */
+static krb5_error_code
+get_curtime_ms(time_ms *time_out)
+{
+    struct timeval tv;
+
+    *time_out = 0;
+
+    if (gettimeofday(&tv, 0))
+        return errno;
+    *time_out = (time_ms)tv.tv_sec * 1000 + tv.tv_usec / 1000;
+    return 0;
+}
+
+static void
+free_http_tls_data(krb5_context context, struct conn_state *state)
+{
+    if (state->http.tls != NULL)
+        context->tls->free_handle(context, state->http.tls);
+    state->http.tls = NULL;
+    free(state->http.https_request);
+    state->http.https_request = NULL;
+}
+
+#ifdef USE_POLL
+
+/* Find a pollfd in selstate by fd, or abort if we can't find it. */
+static inline struct pollfd *
+find_pollfd(struct select_state *selstate, int fd)
+{
+    int i;
+
+    for (i = 0; i < selstate->nfds; i++) {
+        if (selstate->fds[i].fd == fd)
+            return &selstate->fds[i];
+    }
+    abort();
+}
+
+static void
+cm_init_selstate(struct select_state *selstate)
+{
+    selstate->nfds = 0;
+}
+
+static krb5_boolean
+cm_add_fd(struct select_state *selstate, int fd)
+{
+    if (selstate->nfds >= MAX_POLLFDS)
+        return FALSE;
+    selstate->fds[selstate->nfds].fd = fd;
+    selstate->fds[selstate->nfds].events = 0;
+    selstate->nfds++;
+    return TRUE;
+}
+
+static void
+cm_remove_fd(struct select_state *selstate, int fd)
+{
+    struct pollfd *pfd = find_pollfd(selstate, fd);
+
+    *pfd = selstate->fds[selstate->nfds - 1];
+    selstate->nfds--;
+}
+
+/* Poll for reading (and not writing) on fd the next time we poll. */
+static void
+cm_read(struct select_state *selstate, int fd)
+{
+    find_pollfd(selstate, fd)->events = POLLIN;
+}
+
+/* Poll for writing (and not reading) on fd the next time we poll. */
+static void
+cm_write(struct select_state *selstate, int fd)
+{
+    find_pollfd(selstate, fd)->events = POLLOUT;
+}
+
+/* Get the output events for fd in the form of ssflags. */
+static unsigned int
+cm_get_ssflags(struct select_state *selstate, int fd)
+{
+    struct pollfd *pfd = find_pollfd(selstate, fd);
+
+    /*
+     * macOS sets POLLHUP without POLLOUT on connection error.  Catch this as
+     * well as other error events such as POLLNVAL, but only if POLLIN and
+     * POLLOUT aren't set, as we can get POLLHUP along with POLLIN with TCP
+     * data still to be read.
+     */
+    if (pfd->revents != 0 && !(pfd->revents & (POLLIN | POLLOUT)))
+        return SSF_EXCEPTION;
+
+    return ((pfd->revents & POLLIN) ? SSF_READ : 0) |
+        ((pfd->revents & POLLOUT) ? SSF_WRITE : 0) |
+        ((pfd->revents & POLLERR) ? SSF_EXCEPTION : 0);
+}
+
+#else /* not USE_POLL */
+
+static void
+cm_init_selstate(struct select_state *selstate)
+{
+    selstate->nfds = 0;
+    selstate->max = 0;
+    FD_ZERO(&selstate->rfds);
+    FD_ZERO(&selstate->wfds);
+    FD_ZERO(&selstate->xfds);
+}
+
+static krb5_boolean
+cm_add_fd(struct select_state *selstate, int fd)
+{
+#ifndef _WIN32  /* On Windows FD_SETSIZE is a count, not a max value. */
+    if (fd >= FD_SETSIZE)
+        return FALSE;
+#endif
+    FD_SET(fd, &selstate->xfds);
+    if (selstate->max <= fd)
+        selstate->max = fd + 1;
+    selstate->nfds++;
+    return TRUE;
+}
+
+static void
+cm_remove_fd(struct select_state *selstate, int fd)
+{
+    FD_CLR(fd, &selstate->rfds);
+    FD_CLR(fd, &selstate->wfds);
+    FD_CLR(fd, &selstate->xfds);
+    if (selstate->max == fd + 1) {
+        while (selstate->max > 0 &&
+               !FD_ISSET(selstate->max - 1, &selstate->rfds) &&
+               !FD_ISSET(selstate->max - 1, &selstate->wfds) &&
+               !FD_ISSET(selstate->max - 1, &selstate->xfds))
+            selstate->max--;
+    }
+    selstate->nfds--;
+}
+
+/* Select for reading (and not writing) on fd the next time we select. */
+static void
+cm_read(struct select_state *selstate, int fd)
+{
+    FD_SET(fd, &selstate->rfds);
+    FD_CLR(fd, &selstate->wfds);
+}
+
+/* Select for writing (and not reading) on fd the next time we select. */
+static void
+cm_write(struct select_state *selstate, int fd)
+{
+    FD_CLR(fd, &selstate->rfds);
+    FD_SET(fd, &selstate->wfds);
+}
+
+/* Get the events for fd from selstate after a select. */
+static unsigned int
+cm_get_ssflags(struct select_state *selstate, int fd)
+{
+    return (FD_ISSET(fd, &selstate->rfds) ? SSF_READ : 0) |
+        (FD_ISSET(fd, &selstate->wfds) ? SSF_WRITE : 0) |
+        (FD_ISSET(fd, &selstate->xfds) ? SSF_EXCEPTION : 0);
+}
+
+#endif /* not USE_POLL */
+
+static krb5_error_code
+cm_select_or_poll(const struct select_state *in, time_ms endtime,
+                  struct select_state *out, int *sret)
+{
+#ifndef USE_POLL
+    struct timeval tv;
+#endif
+    krb5_error_code retval;
+    time_ms curtime, interval;
+
+    retval = get_curtime_ms(&curtime);
+    if (retval != 0)
+        return retval;
+    interval = (curtime < endtime) ? endtime - curtime : 0;
+
+    /* We don't need a separate copy of the selstate for poll, but use one for
+     * consistency with how we use select. */
+    *out = *in;
+
+#ifdef USE_POLL
+    *sret = poll(out->fds, out->nfds, interval);
+#else
+    tv.tv_sec = interval / 1000;
+    tv.tv_usec = interval % 1000 * 1000;
+    *sret = select(out->max, &out->rfds, &out->wfds, &out->xfds, &tv);
+#endif
+
+    return (*sret < 0) ? SOCKET_ERRNO : 0;
+}
+
+static int
+socktype_for_transport(k5_transport transport)
+{
+    switch (transport) {
+    case UDP:
+        return SOCK_DGRAM;
+    case TCP:
+    case HTTPS:
+        return SOCK_STREAM;
+    default:
+        return 0;
+    }
+}
+
+static int
+check_for_svc_unavailable (krb5_context context,
+                           const krb5_data *reply,
+                           void *msg_handler_data)
+{
+    krb5_error_code *retval = (krb5_error_code *)msg_handler_data;
+
+    *retval = 0;
+
+    if (krb5_is_krb_error(reply)) {
+        krb5_error *err_reply;
+
+        if (decode_krb5_error(reply, &err_reply) == 0) {
+            *retval = err_reply->error;
+            krb5_free_error(context, err_reply);
+
+            /* Returning 0 means continue to next KDC */
+            return (*retval != KDC_ERR_SVC_UNAVAILABLE);
+        }
+    }
+
+    return 1;
+}
+
+void KRB5_CALLCONV
+krb5_set_kdc_send_hook(krb5_context context, krb5_pre_send_fn send_hook,
+                       void *data)
+{
+    context->kdc_send_hook = send_hook;
+    context->kdc_send_hook_data = data;
+}
+
+void KRB5_CALLCONV
+krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook,
+                       void *data)
+{
+    context->kdc_recv_hook = recv_hook;
+    context->kdc_recv_hook_data = data;
+}
+
+/*
+ * send the formatted request 'message' to a KDC for realm 'realm' and
+ * return the response (if any) in 'reply'.
+ *
+ * If the message is sent and a response is received, 0 is returned,
+ * otherwise an error code is returned.
+ *
+ * The storage for 'reply' is allocated and should be freed by the caller
+ * when finished.
+ */
+
+krb5_error_code
+krb5_sendto_kdc(krb5_context context, const krb5_data *message,
+                const krb5_data *realm, krb5_data *reply_out, int *use_primary,
+                int no_udp)
+{
+    krb5_error_code retval, oldret, err;
+    struct serverlist servers;
+    int server_used;
+    k5_transport_strategy strategy;
+    krb5_data reply = empty_data(), *hook_message = NULL, *hook_reply = NULL;
+
+    *reply_out = empty_data();
+
+    /*
+     * find KDC location(s) for realm
+     */
+
+    /*
+     * BUG: This code won't return "interesting" errors (e.g., out of mem,
+     * bad config file) from locate_kdc.  KRB5_REALM_CANT_RESOLVE can be
+     * ignored from one query of two, but if only one query is done, or
+     * both return that error, it should be returned to the caller.  Also,
+     * "interesting" errors (not KRB5_KDC_UNREACH) from sendto_{udp,tcp}
+     * should probably be returned as well.
+     */
+
+    TRACE_SENDTO_KDC(context, message->length, realm, *use_primary, no_udp);
+
+    if (!no_udp && context->udp_pref_limit < 0) {
+        int tmp;
+        retval = profile_get_integer(context->profile,
+                                     KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0,
+                                     DEFAULT_UDP_PREF_LIMIT, &tmp);
+        if (retval)
+            return retval;
+        if (tmp < 0)
+            tmp = DEFAULT_UDP_PREF_LIMIT;
+        else if (tmp > HARD_UDP_LIMIT)
+            /* In the unlikely case that a *really* big value is
+               given, let 'em use as big as we think we can
+               support.  */
+            tmp = HARD_UDP_LIMIT;
+        context->udp_pref_limit = tmp;
+    }
+
+    if (no_udp)
+        strategy = NO_UDP;
+    else if (message->length <= (unsigned int) context->udp_pref_limit)
+        strategy = UDP_FIRST;
+    else
+        strategy = UDP_LAST;
+
+    retval = k5_locate_kdc(context, realm, &servers, *use_primary, no_udp);
+    if (retval)
+        return retval;
+
+    if (context->kdc_send_hook != NULL) {
+        retval = context->kdc_send_hook(context, context->kdc_send_hook_data,
+                                        realm, message, &hook_message,
+                                        &hook_reply);
+        if (retval)
+            goto cleanup;
+
+        if (hook_reply != NULL) {
+            *reply_out = *hook_reply;
+            free(hook_reply);
+            goto cleanup;
+        }
+
+        if (hook_message != NULL)
+            message = hook_message;
+    }
+
+    err = 0;
+    retval = k5_sendto(context, message, realm, &servers, strategy, NULL,
+                       &reply, NULL, NULL, &server_used,
+                       check_for_svc_unavailable, &err);
+    if (retval == KRB5_KDC_UNREACH) {
+        if (err == KDC_ERR_SVC_UNAVAILABLE) {
+            retval = KRB5KDC_ERR_SVC_UNAVAILABLE;
+        } else {
+            k5_setmsg(context, retval,
+                      _("Cannot contact any KDC for realm '%.*s'"),
+                      realm->length, realm->data);
+        }
+    }
+
+    if (context->kdc_recv_hook != NULL) {
+        oldret = retval;
+        retval = context->kdc_recv_hook(context, context->kdc_recv_hook_data,
+                                        retval, realm, message, &reply,
+                                        &hook_reply);
+        if (oldret && !retval) {
+            /*
+             * The hook must set a reply if it overrides an error from
+             * k5_sendto().  Treat this reply as coming from the primary
+             * KDC.
+             */
+            assert(hook_reply != NULL);
+            *use_primary = 1;
+        }
+    }
+    if (retval)
+        goto cleanup;
+
+    if (hook_reply != NULL) {
+        *reply_out = *hook_reply;
+        free(hook_reply);
+    } else {
+        *reply_out = reply;
+        reply = empty_data();
+    }
+
+    /* Set use_primary to 1 if we ended up talking to a primary when we didn't
+     * explicitly request to. */
+    if (*use_primary == 0) {
+        *use_primary = k5_kdc_is_primary(context, realm,
+                                         &servers.servers[server_used]);
+        TRACE_SENDTO_KDC_PRIMARY(context, *use_primary);
+    }
+
+cleanup:
+    krb5_free_data(context, hook_message);
+    krb5_free_data_contents(context, &reply);
+    k5_free_serverlist(&servers);
+    return retval;
+}
+
+/*
+ * Notes:
+ *
+ * Getting "connection refused" on a connected UDP socket causes
+ * select to indicate write capability on UNIX, but only shows up
+ * as an exception on Windows.  (I don't think any UNIX system flags
+ * the error as an exception.)  So we check for both, or make it
+ * system-specific.
+ *
+ * Always watch for responses from *any* of the servers.  Eventually
+ * fix the UDP code to do the same.
+ *
+ * To do:
+ * - TCP NOPUSH/CORK socket options?
+ * - error codes that don't suck
+ * - getsockopt(SO_ERROR) to check connect status
+ * - handle error RESPONSE_TOO_BIG from UDP server and use TCP
+ *   connections already in progress
+ */
+
+static fd_handler_fn service_tcp_connect;
+static fd_handler_fn service_tcp_write;
+static fd_handler_fn service_tcp_read;
+static fd_handler_fn service_udp_read;
+static fd_handler_fn service_https_write;
+static fd_handler_fn service_https_read;
+
+static krb5_error_code
+make_proxy_request(struct conn_state *state, const krb5_data *realm,
+                   const krb5_data *message, char **req_out, size_t *len_out)
+{
+    krb5_kkdcp_message pm;
+    krb5_data *encoded_pm = NULL;
+    struct k5buf buf;
+    const char *uri_path;
+    krb5_error_code ret;
+
+    *req_out = NULL;
+    *len_out = 0;
+
+    /*
+     * Stuff the message length in at the front of the kerb_message field
+     * before encoding.  The proxied messages are actually the payload we'd
+     * be sending and receiving if we were using plain TCP.
+     */
+    memset(&pm, 0, sizeof(pm));
+    ret = alloc_data(&pm.kerb_message, message->length + 4);
+    if (ret != 0)
+        goto cleanup;
+    store_32_be(message->length, pm.kerb_message.data);
+    memcpy(pm.kerb_message.data + 4, message->data, message->length);
+    pm.target_domain = *realm;
+    ret = encode_krb5_kkdcp_message(&pm, &encoded_pm);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Build the request to transmit: the headers + the proxy message. */
+    k5_buf_init_dynamic(&buf);
+    uri_path = (state->http.uri_path != NULL) ? state->http.uri_path : "";
+    k5_buf_add_fmt(&buf, "POST /%s HTTP/1.0\r\n", uri_path);
+    k5_buf_add_fmt(&buf, "Host: %s:%s\r\n", state->http.servername,
+                   state->http.port);
+    k5_buf_add(&buf, "Cache-Control: no-cache\r\n");
+    k5_buf_add(&buf, "Pragma: no-cache\r\n");
+    k5_buf_add(&buf, "User-Agent: kerberos/1.0\r\n");
+    k5_buf_add(&buf, "Content-type: application/kerberos\r\n");
+    k5_buf_add_fmt(&buf, "Content-Length: %d\r\n\r\n", encoded_pm->length);
+    k5_buf_add_len(&buf, encoded_pm->data, encoded_pm->length);
+    if (k5_buf_status(&buf) != 0) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    *req_out = buf.data;
+    *len_out = buf.len;
+
+cleanup:
+    krb5_free_data_contents(NULL, &pm.kerb_message);
+    krb5_free_data(NULL, encoded_pm);
+    return ret;
+}
+
+/* Set up the actual message we will send across the underlying transport to
+ * communicate the payload message, using one or both of state->out.sgbuf. */
+static krb5_error_code
+set_transport_message(struct conn_state *state, const krb5_data *realm,
+                      const krb5_data *message)
+{
+    struct outgoing_message *out = &state->out;
+    char *req = NULL;
+    size_t reqlen;
+    krb5_error_code ret;
+
+    if (message == NULL || message->length == 0)
+        return 0;
+
+    if (state->addr.transport == TCP) {
+        store_32_be(message->length, out->msg_len_buf);
+        SG_SET(&out->sgbuf[0], out->msg_len_buf, 4);
+        SG_SET(&out->sgbuf[1], message->data, message->length);
+        out->sg_count = 2;
+        return 0;
+    } else if (state->addr.transport == HTTPS) {
+        ret = make_proxy_request(state, realm, message, &req, &reqlen);
+        if (ret != 0)
+            return ret;
+        SG_SET(&state->out.sgbuf[0], req, reqlen);
+        SG_SET(&state->out.sgbuf[1], 0, 0);
+        state->out.sg_count = 1;
+        free(state->http.https_request);
+        state->http.https_request = req;
+        return 0;
+    } else {
+        SG_SET(&out->sgbuf[0], message->data, message->length);
+        SG_SET(&out->sgbuf[1], NULL, 0);
+        out->sg_count = 1;
+        return 0;
+    }
+}
+
+static krb5_error_code
+add_connection(struct conn_state **conns, k5_transport transport,
+               krb5_boolean defer, struct addrinfo *ai, size_t server_index,
+               const krb5_data *realm, const char *hostname,
+               const char *port, const char *uri_path, char **udpbufp)
+{
+    struct conn_state *state, **tailptr;
+
+    state = calloc(1, sizeof(*state));
+    if (state == NULL)
+        return ENOMEM;
+    state->state = INITIALIZING;
+    state->out.sgp = state->out.sgbuf;
+    state->addr.transport = transport;
+    state->addr.family = ai->ai_family;
+    state->addr.len = ai->ai_addrlen;
+    memcpy(&state->addr.saddr, ai->ai_addr, ai->ai_addrlen);
+    state->defer = defer;
+    state->fd = INVALID_SOCKET;
+    state->server_index = server_index;
+    SG_SET(&state->out.sgbuf[1], NULL, 0);
+    if (transport == TCP) {
+        state->service_connect = service_tcp_connect;
+        state->service_write = service_tcp_write;
+        state->service_read = service_tcp_read;
+    } else if (transport == HTTPS) {
+        assert(hostname != NULL && port != NULL);
+        state->service_connect = service_tcp_connect;
+        state->service_write = service_https_write;
+        state->service_read = service_https_read;
+        state->http.uri_path = uri_path;
+        state->http.servername = hostname;
+        strlcpy(state->http.port, port, PORT_LENGTH);
+    } else {
+        state->service_connect = NULL;
+        state->service_write = NULL;
+        state->service_read = service_udp_read;
+
+        if (*udpbufp == NULL) {
+            *udpbufp = malloc(MAX_DGRAM_SIZE);
+            if (*udpbufp == NULL) {
+                free(state);
+                return ENOMEM;
+            }
+        }
+        state->in.buf = *udpbufp;
+        state->in.bufsize = MAX_DGRAM_SIZE;
+    }
+
+    /* Chain the new state onto the tail of the list. */
+    for (tailptr = conns; *tailptr != NULL; tailptr = &(*tailptr)->next);
+    *tailptr = state;
+
+    return 0;
+}
+
+static int
+translate_ai_error (int err)
+{
+    switch (err) {
+    case 0:
+        return 0;
+    case EAI_BADFLAGS:
+    case EAI_FAMILY:
+    case EAI_SOCKTYPE:
+    case EAI_SERVICE:
+        /* All of these indicate bad inputs to getaddrinfo.  */
+        return EINVAL;
+    case EAI_AGAIN:
+        /* Translate to standard errno code.  */
+        return EAGAIN;
+    case EAI_MEMORY:
+        /* Translate to standard errno code.  */
+        return ENOMEM;
+#ifdef EAI_ADDRFAMILY
+    case EAI_ADDRFAMILY:
+#endif
+#if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
+    case EAI_NODATA:
+#endif
+    case EAI_NONAME:
+        /* Name not known or no address data, but no error.  Do
+           nothing more.  */
+        return 0;
+#ifdef EAI_OVERFLOW
+    case EAI_OVERFLOW:
+        /* An argument buffer overflowed.  */
+        return EINVAL;          /* XXX */
+#endif
+#ifdef EAI_SYSTEM
+    case EAI_SYSTEM:
+        /* System error, obviously.  */
+        return errno;
+#endif
+    default:
+        /* An error code we haven't handled?  */
+        return EINVAL;
+    }
+}
+
+/*
+ * Resolve the entry in servers with index ind, adding connections to the list
+ * *conns.  Connections are added for each of socktype1 and (if not zero)
+ * socktype2.  message and udpbufp are used to initialize the connections; see
+ * add_connection above.  If no addresses are available for an entry but no
+ * internal name resolution failure occurs, return 0 without adding any new
+ * connections.
+ */
+static krb5_error_code
+resolve_server(krb5_context context, const krb5_data *realm,
+               const struct serverlist *servers, size_t ind,
+               k5_transport_strategy strategy, const krb5_data *message,
+               char **udpbufp, struct conn_state **conns)
+{
+    krb5_error_code retval;
+    struct server_entry *entry = &servers->servers[ind];
+    k5_transport transport;
+    struct addrinfo *addrs, *a, hint, ai;
+    krb5_boolean defer = FALSE;
+    int err, result;
+    char portbuf[PORT_LENGTH];
+
+    /* Skip entries excluded by the strategy. */
+    if (strategy == NO_UDP && entry->transport == UDP)
+        return 0;
+    if (strategy == ONLY_UDP && entry->transport != UDP &&
+        entry->transport != TCP_OR_UDP)
+        return 0;
+
+    transport = (strategy == UDP_FIRST || strategy == ONLY_UDP) ? UDP : TCP;
+    if (entry->hostname == NULL) {
+        /* Added by a module, so transport is either TCP or UDP. */
+        ai.ai_socktype = socktype_for_transport(entry->transport);
+        ai.ai_family = entry->family;
+        ai.ai_addrlen = entry->addrlen;
+        ai.ai_addr = (struct sockaddr *)&entry->addr;
+        defer = (entry->transport != transport);
+        return add_connection(conns, entry->transport, defer, &ai, ind, realm,
+                              NULL, NULL, entry->uri_path, udpbufp);
+    }
+
+    /* If the entry has a specified transport, use it, but possibly defer the
+     * addresses we add based on the strategy. */
+    if (entry->transport != TCP_OR_UDP) {
+        transport = entry->transport;
+        defer = (entry->transport == TCP && strategy == UDP_FIRST) ||
+            (entry->transport == UDP && strategy == UDP_LAST);
+    }
+
+    memset(&hint, 0, sizeof(hint));
+    hint.ai_family = entry->family;
+    hint.ai_socktype = socktype_for_transport(transport);
+    hint.ai_flags = AI_ADDRCONFIG;
+#ifdef AI_NUMERICSERV
+    hint.ai_flags |= AI_NUMERICSERV;
+#endif
+    result = snprintf(portbuf, sizeof(portbuf), "%d", entry->port);
+    if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
+        return EINVAL;
+    TRACE_SENDTO_KDC_RESOLVING(context, entry->hostname);
+    err = getaddrinfo(entry->hostname, portbuf, &hint, &addrs);
+    if (err)
+        return translate_ai_error(err);
+
+    /* Add each address with the specified or preferred transport. */
+    retval = 0;
+    for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
+        retval = add_connection(conns, transport, defer, a, ind, realm,
+                                entry->hostname, portbuf, entry->uri_path,
+                                udpbufp);
+    }
+
+    /* For TCP_OR_UDP entries, add each address again with the non-preferred
+     * transport, if there is one.  Flag these as deferred. */
+    if (retval == 0 && entry->transport == TCP_OR_UDP &&
+        (strategy == UDP_FIRST || strategy == UDP_LAST)) {
+        transport = (strategy == UDP_FIRST) ? TCP : UDP;
+        for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
+            a->ai_socktype = socktype_for_transport(transport);
+            retval = add_connection(conns, transport, TRUE, a, ind, realm,
+                                    entry->hostname, portbuf,
+                                    entry->uri_path, udpbufp);
+        }
+    }
+    freeaddrinfo(addrs);
+    return retval;
+}
+
+static int
+start_connection(krb5_context context, struct conn_state *state,
+                 const krb5_data *message, struct select_state *selstate,
+                 const krb5_data *realm,
+                 struct sendto_callback_info *callback_info)
+{
+    int fd, e, type;
+    static const int one = 1;
+    static const struct linger lopt = { 0, 0 };
+
+    type = socktype_for_transport(state->addr.transport);
+    fd = socket(state->addr.family, type, 0);
+    if (fd == INVALID_SOCKET)
+        return -1;              /* try other hosts */
+    set_cloexec_fd(fd);
+    /* Make it non-blocking.  */
+    ioctlsocket(fd, FIONBIO, (const void *) &one);
+    if (state->addr.transport == TCP) {
+        setsockopt(fd, SOL_SOCKET, SO_LINGER, &lopt, sizeof(lopt));
+        TRACE_SENDTO_KDC_TCP_CONNECT(context, &state->addr);
+    }
+
+    /* Start connecting to KDC.  */
+    e = SOCKET_CONNECT(fd, (struct sockaddr *)&state->addr.saddr,
+                       state->addr.len);
+    if (e != 0) {
+        /*
+         * This is the path that should be followed for non-blocking
+         * connections.
+         */
+        if (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == EWOULDBLOCK) {
+            state->state = CONNECTING;
+            state->fd = fd;
+        } else {
+            (void) closesocket(fd);
+            state->state = FAILED;
+            return -2;
+        }
+    } else {
+        /*
+         * Connect returned zero even though we made it non-blocking.  This
+         * happens normally for UDP sockets, and can perhaps also happen for
+         * TCP sockets connecting to localhost.
+         */
+        state->state = WRITING;
+        state->fd = fd;
+    }
+
+    /*
+     * Here's where KPASSWD callback gets the socket information it needs for
+     * a kpasswd request
+     */
+    if (callback_info) {
+
+        e = callback_info->pfn_callback(state->fd, callback_info->data,
+                                        &state->callback_buffer);
+        if (e != 0) {
+            (void) closesocket(fd);
+            state->fd = INVALID_SOCKET;
+            state->state = FAILED;
+            return -3;
+        }
+
+        message = &state->callback_buffer;
+    }
+
+    e = set_transport_message(state, realm, message);
+    if (e != 0) {
+        TRACE_SENDTO_KDC_ERROR_SET_MESSAGE(context, &state->addr, e);
+        (void) closesocket(state->fd);
+        state->fd = INVALID_SOCKET;
+        state->state = FAILED;
+        return -4;
+    }
+
+    if (state->addr.transport == UDP) {
+        /* Send it now.  */
+        ssize_t ret;
+        sg_buf *sg = &state->out.sgbuf[0];
+
+        TRACE_SENDTO_KDC_UDP_SEND_INITIAL(context, &state->addr);
+        ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0);
+        if (ret < 0 || (size_t) ret != SG_LEN(sg)) {
+            TRACE_SENDTO_KDC_UDP_ERROR_SEND_INITIAL(context, &state->addr,
+                                                    SOCKET_ERRNO);
+            (void) closesocket(state->fd);
+            state->fd = INVALID_SOCKET;
+            state->state = FAILED;
+            return -5;
+        } else {
+            state->state = READING;
+        }
+    }
+
+    if (!cm_add_fd(selstate, state->fd)) {
+        (void) closesocket(state->fd);
+        state->fd = INVALID_SOCKET;
+        state->state = FAILED;
+        return -1;
+    }
+    if (state->state == CONNECTING || state->state == WRITING)
+        cm_write(selstate, state->fd);
+    else
+        cm_read(selstate, state->fd);
+
+    return 0;
+}
+
+/* Return 0 if we sent something, non-0 otherwise.
+   If 0 is returned, the caller should delay waiting for a response.
+   Otherwise, the caller should immediately move on to process the
+   next connection.  */
+static int
+maybe_send(krb5_context context, struct conn_state *conn,
+           const krb5_data *message, struct select_state *selstate,
+           const krb5_data *realm,
+           struct sendto_callback_info *callback_info)
+{
+    sg_buf *sg;
+    ssize_t ret;
+
+    if (conn->state == INITIALIZING) {
+        return start_connection(context, conn, message, selstate,
+                                realm, callback_info);
+    }
+
+    /* Did we already shut down this channel?  */
+    if (conn->state == FAILED) {
+        return -1;
+    }
+
+    if (conn->addr.transport != UDP) {
+        /* The select callback will handle flushing any data we
+           haven't written yet, and we only write it once.  */
+        return -1;
+    }
+
+    /* UDP - retransmit after a previous attempt timed out. */
+    sg = &conn->out.sgbuf[0];
+    TRACE_SENDTO_KDC_UDP_SEND_RETRY(context, &conn->addr);
+    ret = send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0);
+    if (ret < 0 || (size_t) ret != SG_LEN(sg)) {
+        TRACE_SENDTO_KDC_UDP_ERROR_SEND_RETRY(context, &conn->addr,
+                                              SOCKET_ERRNO);
+        /* Keep connection alive, we'll try again next pass.
+
+           Is this likely to catch any errors we didn't get from the
+           select callbacks?  */
+        return -1;
+    }
+    /* Yay, it worked.  */
+    return 0;
+}
+
+static void
+kill_conn(krb5_context context, struct conn_state *conn,
+          struct select_state *selstate)
+{
+    free_http_tls_data(context, conn);
+
+    if (socktype_for_transport(conn->addr.transport) == SOCK_STREAM)
+        TRACE_SENDTO_KDC_TCP_DISCONNECT(context, &conn->addr);
+    cm_remove_fd(selstate, conn->fd);
+
+    closesocket(conn->fd);
+    conn->fd = INVALID_SOCKET;
+    conn->state = FAILED;
+}
+
+/* Check socket for error.  */
+static int
+get_so_error(int fd)
+{
+    int e, sockerr;
+    socklen_t sockerrlen;
+
+    sockerr = 0;
+    sockerrlen = sizeof(sockerr);
+    e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen);
+    if (e != 0) {
+        /* What to do now?  */
+        e = SOCKET_ERRNO;
+        return e;
+    }
+    return sockerr;
+}
+
+/* Perform next step in sending.  Return true on usable data. */
+static krb5_boolean
+service_dispatch(krb5_context context, const krb5_data *realm,
+                 struct conn_state *conn, struct select_state *selstate,
+                 int ssflags)
+{
+    /* Check for a socket exception. */
+    if (ssflags & SSF_EXCEPTION) {
+        kill_conn(context, conn, selstate);
+        return FALSE;
+    }
+
+    switch (conn->state) {
+    case CONNECTING:
+        assert(conn->service_connect != NULL);
+        return conn->service_connect(context, realm, conn, selstate);
+    case WRITING:
+        assert(conn->service_write != NULL);
+        return conn->service_write(context, realm, conn, selstate);
+    case READING:
+        assert(conn->service_read != NULL);
+        return conn->service_read(context, realm, conn, selstate);
+    default:
+        abort();
+    }
+}
+
+/* Initialize TCP transport. */
+static krb5_boolean
+service_tcp_connect(krb5_context context, const krb5_data *realm,
+                    struct conn_state *conn, struct select_state *selstate)
+{
+    /* Check whether the connection succeeded. */
+    int e = get_so_error(conn->fd);
+
+    if (e) {
+        TRACE_SENDTO_KDC_TCP_ERROR_CONNECT(context, &conn->addr, e);
+        kill_conn(context, conn, selstate);
+        return FALSE;
+    }
+
+    conn->state = WRITING;
+
+    /* Record this connection's timeout for service_fds. */
+    if (get_curtime_ms(&conn->endtime) == 0)
+        conn->endtime += 10000;
+
+    return conn->service_write(context, realm, conn, selstate);
+}
+
+/* Sets conn->state to READING when done. */
+static krb5_boolean
+service_tcp_write(krb5_context context, const krb5_data *realm,
+                  struct conn_state *conn, struct select_state *selstate)
+{
+    ssize_t nwritten;
+    SOCKET_WRITEV_TEMP tmp;
+
+    TRACE_SENDTO_KDC_TCP_SEND(context, &conn->addr);
+    nwritten = SOCKET_WRITEV(conn->fd, conn->out.sgp, conn->out.sg_count, tmp);
+    if (nwritten < 0) {
+        TRACE_SENDTO_KDC_TCP_ERROR_SEND(context, &conn->addr, SOCKET_ERRNO);
+        kill_conn(context, conn, selstate);
+        return FALSE;
+    }
+    while (nwritten) {
+        sg_buf *sgp = conn->out.sgp;
+        if ((size_t)nwritten < SG_LEN(sgp)) {
+            SG_ADVANCE(sgp, (size_t)nwritten);
+            nwritten = 0;
+        } else {
+            nwritten -= SG_LEN(sgp);
+            conn->out.sgp++;
+            conn->out.sg_count--;
+        }
+    }
+    if (conn->out.sg_count == 0) {
+        /* Done writing, switch to reading. */
+        cm_read(selstate, conn->fd);
+        conn->state = READING;
+    }
+    return FALSE;
+}
+
+/* Return true on usable data. */
+static krb5_boolean
+service_tcp_read(krb5_context context, const krb5_data *realm,
+                 struct conn_state *conn, struct select_state *selstate)
+{
+    ssize_t nread;
+    int e = 0;
+    struct incoming_message *in = &conn->in;
+
+    if (in->bufsizebytes_read == 4) {
+        /* Reading data.  */
+        nread = SOCKET_READ(conn->fd, &in->buf[in->pos], in->n_left);
+        if (nread <= 0) {
+            e = nread ? SOCKET_ERRNO : ECONNRESET;
+            TRACE_SENDTO_KDC_TCP_ERROR_RECV(context, &conn->addr, e);
+            kill_conn(context, conn, selstate);
+            return FALSE;
+        }
+        in->n_left -= nread;
+        in->pos += nread;
+        if (in->n_left <= 0)
+            return TRUE;
+    } else {
+        /* Reading length.  */
+        nread = SOCKET_READ(conn->fd, in->bufsizebytes + in->bufsizebytes_read,
+                            4 - in->bufsizebytes_read);
+        if (nread <= 0) {
+            e = nread ? SOCKET_ERRNO : ECONNRESET;
+            TRACE_SENDTO_KDC_TCP_ERROR_RECV_LEN(context, &conn->addr, e);
+            kill_conn(context, conn, selstate);
+            return FALSE;
+        }
+        in->bufsizebytes_read += nread;
+        if (in->bufsizebytes_read == 4) {
+            unsigned long len = load_32_be(in->bufsizebytes);
+            /* Arbitrary 1M cap.  */
+            if (len > 1 * 1024 * 1024) {
+                kill_conn(context, conn, selstate);
+                return FALSE;
+            }
+            in->bufsize = in->n_left = len;
+            in->pos = 0;
+            in->buf = malloc(len);
+            if (in->buf == NULL) {
+                kill_conn(context, conn, selstate);
+                return FALSE;
+            }
+        }
+    }
+    return FALSE;
+}
+
+/* Process events on a UDP socket.  Return true if we get a reply. */
+static krb5_boolean
+service_udp_read(krb5_context context, const krb5_data *realm,
+                 struct conn_state *conn, struct select_state *selstate)
+{
+    int nread;
+
+    nread = recv(conn->fd, conn->in.buf, conn->in.bufsize, 0);
+    if (nread < 0) {
+        TRACE_SENDTO_KDC_UDP_ERROR_RECV(context, &conn->addr, SOCKET_ERRNO);
+        kill_conn(context, conn, selstate);
+        return FALSE;
+    }
+    conn->in.pos = nread;
+    return TRUE;
+}
+
+/* Set up conn->http.tls.  Return true on success. */
+static krb5_boolean
+setup_tls(krb5_context context, const krb5_data *realm,
+          struct conn_state *conn, struct select_state *selstate)
+{
+    krb5_error_code ret;
+    krb5_boolean ok = FALSE;
+    char **anchors = NULL, *realmstr = NULL;
+    const char *names[4];
+
+    if (init_tls_vtable(context) != 0 || context->tls->setup == NULL)
+        return FALSE;
+
+    realmstr = k5memdup0(realm->data, realm->length, &ret);
+    if (realmstr == NULL)
+        goto cleanup;
+
+    /* Load the configured anchors. */
+    names[0] = KRB5_CONF_REALMS;
+    names[1] = realmstr;
+    names[2] = KRB5_CONF_HTTP_ANCHORS;
+    names[3] = NULL;
+    ret = profile_get_values(context->profile, names, &anchors);
+    if (ret != 0 && ret != PROF_NO_RELATION)
+        goto cleanup;
+
+    if (context->tls->setup(context, conn->fd, conn->http.servername, anchors,
+                            &conn->http.tls) != 0) {
+        TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(context, &conn->addr);
+        goto cleanup;
+    }
+
+    ok = TRUE;
+
+cleanup:
+    free(realmstr);
+    profile_free_list(anchors);
+    return ok;
+}
+
+/* Set conn->state to READING when done; otherwise, call a cm_set_. */
+static krb5_boolean
+service_https_write(krb5_context context, const krb5_data *realm,
+                    struct conn_state *conn, struct select_state *selstate)
+{
+    k5_tls_status st;
+
+    /* If this is our first time in here, set up the SSL context. */
+    if (conn->http.tls == NULL && !setup_tls(context, realm, conn, selstate)) {
+        kill_conn(context, conn, selstate);
+        return FALSE;
+    }
+
+    /* Try to transmit our request to the server. */
+    st = context->tls->write(context, conn->http.tls, SG_BUF(conn->out.sgp),
+                             SG_LEN(conn->out.sgbuf));
+    if (st == DONE) {
+        TRACE_SENDTO_KDC_HTTPS_SEND(context, &conn->addr);
+        cm_read(selstate, conn->fd);
+        conn->state = READING;
+    } else if (st == WANT_READ) {
+        cm_read(selstate, conn->fd);
+    } else if (st == WANT_WRITE) {
+        cm_write(selstate, conn->fd);
+    } else if (st == ERROR_TLS) {
+        TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(context, &conn->addr);
+        kill_conn(context, conn, selstate);
+    }
+
+    return FALSE;
+}
+
+/* Return true on finished data.  Call a cm_read/write function and return
+ * false if the TLS layer needs it.  Kill the connection on error. */
+static krb5_boolean
+https_read_bytes(krb5_context context, struct conn_state *conn,
+                 struct select_state *selstate)
+{
+    size_t bufsize, nread;
+    k5_tls_status st;
+    char *tmp;
+    struct incoming_message *in = &conn->in;
+
+    for (;;) {
+        if (in->buf == NULL || in->bufsize - in->pos < 1024) {
+            bufsize = in->bufsize ? in->bufsize * 2 : 8192;
+            if (bufsize > 1024 * 1024) {
+                kill_conn(context, conn, selstate);
+                return FALSE;
+            }
+            tmp = realloc(in->buf, bufsize);
+            if (tmp == NULL) {
+                kill_conn(context, conn, selstate);
+                return FALSE;
+            }
+            in->buf = tmp;
+            in->bufsize = bufsize;
+        }
+
+        st = context->tls->read(context, conn->http.tls, &in->buf[in->pos],
+                                in->bufsize - in->pos - 1, &nread);
+        if (st != DATA_READ)
+            break;
+
+        in->pos += nread;
+        in->buf[in->pos] = '\0';
+    }
+
+    if (st == DONE)
+        return TRUE;
+
+    if (st == WANT_READ) {
+        cm_read(selstate, conn->fd);
+    } else if (st == WANT_WRITE) {
+        cm_write(selstate, conn->fd);
+    } else if (st == ERROR_TLS) {
+        TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(context, &conn->addr);
+        kill_conn(context, conn, selstate);
+    }
+    return FALSE;
+}
+
+/* Return true on readable, valid KKDCPP data. */
+static krb5_boolean
+service_https_read(krb5_context context, const krb5_data *realm,
+                   struct conn_state *conn, struct select_state *selstate)
+{
+    krb5_kkdcp_message *pm = NULL;
+    krb5_data buf;
+    const char *rep;
+    struct incoming_message *in = &conn->in;
+
+    /* Read data through the encryption layer. */
+    if (!https_read_bytes(context, conn, selstate))
+        return FALSE;
+
+    /* Find the beginning of the response body. */
+    rep = strstr(in->buf, "\r\n\r\n");
+    if (rep == NULL)
+        goto kill_conn;
+    rep += 4;
+
+    /* Decode the response. */
+    buf = make_data((char *)rep, in->pos - (rep - in->buf));
+    if (decode_krb5_kkdcp_message(&buf, &pm) != 0)
+        goto kill_conn;
+
+    /* Check and discard the message length at the front of the kerb_message
+     * field after decoding.  If it's wrong or missing, something broke. */
+    if (pm->kerb_message.length < 4 ||
+        load_32_be(pm->kerb_message.data) != pm->kerb_message.length - 4) {
+        goto kill_conn;
+    }
+
+    /* Replace all of the content that we read back with just the message. */
+    memcpy(in->buf, pm->kerb_message.data + 4, pm->kerb_message.length - 4);
+    in->pos = pm->kerb_message.length - 4;
+    k5_free_kkdcp_message(context, pm);
+
+    return TRUE;
+
+kill_conn:
+    TRACE_SENDTO_KDC_HTTPS_ERROR(context, in->buf);
+    k5_free_kkdcp_message(context, pm);
+    kill_conn(context, conn, selstate);
+    return FALSE;
+}
+
+/* Return the maximum of endtime and the endtime fields of all currently active
+ * TCP connections. */
+static time_ms
+get_endtime(time_ms endtime, struct conn_state *conns)
+{
+    struct conn_state *state;
+
+    for (state = conns; state != NULL; state = state->next) {
+        if ((state->state == READING || state->state == WRITING) &&
+            state->endtime > endtime)
+            endtime = state->endtime;
+    }
+    return endtime;
+}
+
+static krb5_boolean
+service_fds(krb5_context context, struct select_state *selstate,
+            time_ms interval, struct conn_state *conns,
+            struct select_state *seltemp, const krb5_data *realm,
+            int (*msg_handler)(krb5_context, const krb5_data *, void *),
+            void *msg_handler_data, struct conn_state **winner_out)
+{
+    int e, selret = 0;
+    time_ms endtime;
+    struct conn_state *state;
+
+    *winner_out = NULL;
+
+    e = get_curtime_ms(&endtime);
+    if (e)
+        return TRUE;
+    endtime += interval;
+
+    e = 0;
+    while (selstate->nfds > 0) {
+        e = cm_select_or_poll(selstate, get_endtime(endtime, conns),
+                              seltemp, &selret);
+        if (e == EINTR)
+            continue;
+        if (e != 0)
+            break;
+
+        if (selret == 0)
+            /* Timeout, return to caller.  */
+            return FALSE;
+
+        /* Got something on a socket, process it.  */
+        for (state = conns; state != NULL; state = state->next) {
+            int ssflags;
+
+            if (state->fd == INVALID_SOCKET)
+                continue;
+            ssflags = cm_get_ssflags(seltemp, state->fd);
+            if (!ssflags)
+                continue;
+
+            if (service_dispatch(context, realm, state, selstate, ssflags)) {
+                int stop = 1;
+
+                if (msg_handler != NULL) {
+                    krb5_data reply = make_data(state->in.buf, state->in.pos);
+
+                    stop = (msg_handler(context, &reply, msg_handler_data) != 0);
+                }
+
+                if (stop) {
+                    *winner_out = state;
+                    return TRUE;
+                }
+            }
+        }
+    }
+    if (e != 0)
+        return TRUE;
+    return FALSE;
+}
+
+/*
+ * Current worst-case timeout behavior:
+ *
+ * First pass, 1s per udp or tcp server, plus 2s at end.
+ * Second pass, 1s per udp server, plus 4s.
+ * Third pass, 1s per udp server, plus 8s.
+ * Fourth => 16s, etc.
+ *
+ * Restated:
+ * Per UDP server, 1s per pass.
+ * Per TCP server, 1s.
+ * Backoff delay, 2**(P+1) - 2, where P is total number of passes.
+ *
+ * Total = 2**(P+1) + U*P + T - 2.
+ *
+ * If P=3, Total = 3*U + T + 14.
+ * If P=4, Total = 4*U + T + 30.
+ *
+ * Note that if you try to reach two ports on one server, it counts as two.
+ *
+ * There is one exception to the above rules.  Whenever a TCP connection is
+ * established, we wait up to ten seconds for it to finish or fail before
+ * moving on.  This reduces network traffic significantly in a TCP environment.
+ */
+
+krb5_error_code
+k5_sendto(krb5_context context, const krb5_data *message,
+          const krb5_data *realm, const struct serverlist *servers,
+          k5_transport_strategy strategy,
+          struct sendto_callback_info* callback_info, krb5_data *reply,
+          struct sockaddr *remoteaddr, socklen_t *remoteaddrlen,
+          int *server_used,
+          /* return 0 -> keep going, 1 -> quit */
+          int (*msg_handler)(krb5_context, const krb5_data *, void *),
+          void *msg_handler_data)
+{
+    int pass;
+    time_ms delay;
+    krb5_error_code retval;
+    struct conn_state *conns = NULL, *state, **tailptr, *next, *winner;
+    size_t s;
+    struct select_state *sel_state = NULL, *seltemp;
+    char *udpbuf = NULL;
+    krb5_boolean done = FALSE;
+
+    *reply = empty_data();
+
+    /* One for use here, listing all our fds in use, and one for
+     * temporary use in service_fds, for the fds of interest.  */
+    sel_state = malloc(2 * sizeof(*sel_state));
+    if (sel_state == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    seltemp = &sel_state[1];
+    cm_init_selstate(sel_state);
+
+    /* First pass: resolve server hosts, communicate with resulting addresses
+     * of the preferred transport, and wait 1s for an answer from each. */
+    for (s = 0; s < servers->nservers && !done; s++) {
+        /* Find the current tail pointer. */
+        for (tailptr = &conns; *tailptr != NULL; tailptr = &(*tailptr)->next);
+        retval = resolve_server(context, realm, servers, s, strategy, message,
+                                &udpbuf, &conns);
+        if (retval)
+            goto cleanup;
+        for (state = *tailptr; state != NULL && !done; state = state->next) {
+            /* Contact each new connection, deferring those which use the
+             * non-preferred RFC 4120 transport. */
+            if (state->defer)
+                continue;
+            if (maybe_send(context, state, message, sel_state, realm,
+                           callback_info))
+                continue;
+            done = service_fds(context, sel_state, 1000, conns, seltemp,
+                               realm, msg_handler, msg_handler_data, &winner);
+        }
+    }
+
+    /* Complete the first pass by contacting servers of the non-preferred RFC
+     * 4120 transport (if given), waiting 1s for an answer from each. */
+    for (state = conns; state != NULL && !done; state = state->next) {
+        if (!state->defer)
+            continue;
+        if (maybe_send(context, state, message, sel_state, realm,
+                       callback_info))
+            continue;
+        done = service_fds(context, sel_state, 1000, conns, seltemp,
+                           realm, msg_handler, msg_handler_data, &winner);
+    }
+
+    /* Wait for two seconds at the end of the first pass. */
+    if (!done) {
+        done = service_fds(context, sel_state, 2000, conns, seltemp,
+                           realm, msg_handler, msg_handler_data, &winner);
+    }
+
+    /* Make remaining passes over all of the connections. */
+    delay = 4000;
+    for (pass = 1; pass < MAX_PASS && !done; pass++) {
+        for (state = conns; state != NULL && !done; state = state->next) {
+            if (maybe_send(context, state, message, sel_state, realm,
+                           callback_info))
+                continue;
+            done = service_fds(context, sel_state, 1000, conns, seltemp,
+                               realm, msg_handler, msg_handler_data, &winner);
+            if (sel_state->nfds == 0)
+                break;
+        }
+        /* Wait for the delay backoff at the end of this pass. */
+        if (!done) {
+            done = service_fds(context, sel_state, delay, conns, seltemp,
+                               realm, msg_handler, msg_handler_data, &winner);
+        }
+        if (sel_state->nfds == 0)
+            break;
+        delay *= 2;
+    }
+
+    if (sel_state->nfds == 0 || !done || winner == NULL) {
+        retval = KRB5_KDC_UNREACH;
+        goto cleanup;
+    }
+    /* Success!  */
+    *reply = make_data(winner->in.buf, winner->in.pos);
+    retval = 0;
+    winner->in.buf = NULL;
+    if (server_used != NULL)
+        *server_used = winner->server_index;
+    if (remoteaddr != NULL && remoteaddrlen != 0 && *remoteaddrlen > 0)
+        (void)getpeername(winner->fd, remoteaddr, remoteaddrlen);
+    TRACE_SENDTO_KDC_RESPONSE(context, reply->length, &winner->addr);
+
+cleanup:
+    for (state = conns; state != NULL; state = next) {
+        next = state->next;
+        if (state->fd != INVALID_SOCKET) {
+            if (socktype_for_transport(state->addr.transport) == SOCK_STREAM)
+                TRACE_SENDTO_KDC_TCP_DISCONNECT(context, &state->addr);
+            closesocket(state->fd);
+            free_http_tls_data(context, state);
+        }
+        if (state->in.buf != udpbuf)
+            free(state->in.buf);
+        if (callback_info) {
+            callback_info->pfn_cleanup(callback_info->data,
+                                       &state->callback_buffer);
+        }
+        free(state);
+    }
+
+    if (reply->data != udpbuf)
+        free(udpbuf);
+    free(sel_state);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/sn2princ.c b/krb5-1.21.3/src/lib/krb5/os/sn2princ.c
new file mode 100644
index 00000000..3a20e909
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/sn2princ.c
@@ -0,0 +1,380 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/sn2princ.c */
+/*
+ * Copyright 1991,2002 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Convert a hostname and service name to a principal in the "standard"
+ * form. */
+
+#include "k5-int.h"
+#include "os-proto.h"
+#include "fake-addrinfo.h"
+#include <ctype.h>
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#if !defined(DEFAULT_RDNS_LOOKUP)
+#define DEFAULT_RDNS_LOOKUP 1
+#endif
+
+static krb5_boolean
+use_reverse_dns(krb5_context context)
+{
+    krb5_error_code ret;
+    int value;
+
+    ret = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
+                              KRB5_CONF_RDNS, NULL, DEFAULT_RDNS_LOOKUP,
+                              &value);
+    if (ret)
+        return DEFAULT_RDNS_LOOKUP;
+
+    return value;
+}
+
+/* Append a domain suffix to host and return the result in allocated memory.
+ * Return NULL if no suffix is configured or on failure. */
+static char *
+qualify_shortname(krb5_context context, const char *host)
+{
+    krb5_error_code ret;
+    char *fqdn = NULL, *prof_domain = NULL, *os_domain = NULL;
+    const char *domain;
+
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_QUALIFY_SHORTNAME, NULL, NULL,
+                             &prof_domain);
+    if (ret)
+        return NULL;
+
+#ifdef KRB5_DNS_LOOKUP
+    if (prof_domain == NULL)
+        os_domain = k5_primary_domain();
+#endif
+
+    domain = (prof_domain != NULL) ? prof_domain : os_domain;
+    if (domain != NULL && *domain != '\0') {
+        if (asprintf(&fqdn, "%s.%s", host, domain) < 0)
+            fqdn = NULL;
+    }
+
+    profile_release_string(prof_domain);
+    free(os_domain);
+    return fqdn;
+}
+
+static krb5_error_code
+expand_hostname(krb5_context context, const char *host, krb5_boolean use_dns,
+                char **canonhost_out)
+{
+    struct addrinfo *ai = NULL, hint;
+    char namebuf[NI_MAXHOST], *qualified = NULL, *copy, *p;
+    int err;
+    const char *canonhost;
+
+    *canonhost_out = NULL;
+
+    canonhost = host;
+    if (use_dns) {
+        /* Try a forward lookup of the hostname. */
+        memset(&hint, 0, sizeof(hint));
+        hint.ai_flags = AI_CANONNAME;
+        err = getaddrinfo(host, 0, &hint, &ai);
+        if (err == EAI_MEMORY)
+            goto cleanup;
+        if (!err && ai->ai_canonname != NULL)
+            canonhost = ai->ai_canonname;
+
+        if (!err && use_reverse_dns(context)) {
+            /* Try a reverse lookup of the address. */
+            err = getnameinfo(ai->ai_addr, ai->ai_addrlen, namebuf,
+                              sizeof(namebuf), NULL, 0, NI_NAMEREQD);
+            if (err == EAI_MEMORY)
+                goto cleanup;
+            if (!err)
+                canonhost = namebuf;
+        }
+    }
+
+    /* If we didn't use DNS and the name is just one component, try to add a
+     * domain suffix. */
+    if (canonhost == host && strchr(host, '.') == NULL) {
+        qualified = qualify_shortname(context, host);
+        if (qualified != NULL)
+            canonhost = qualified;
+    }
+
+    copy = strdup(canonhost);
+    if (copy == NULL)
+        goto cleanup;
+
+    /* Convert the hostname to lower case. */
+    for (p = copy; *p != '\0'; p++) {
+        if (isupper((unsigned char)*p))
+            *p = tolower((unsigned char)*p);
+    }
+
+    /* Remove any trailing dot. */
+    if (copy[0] != '\0') {
+        p = copy + strlen(copy) - 1;
+        if (*p == '.')
+            *p = '\0';
+    }
+
+    *canonhost_out = copy;
+
+cleanup:
+    /* We only return success or ENOMEM. */
+    if (ai != NULL)
+        freeaddrinfo(ai);
+    free(qualified);
+    return (*canonhost_out == NULL) ? ENOMEM : 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_expand_hostname(krb5_context context, const char *host,
+                     char **canonhost_out)
+{
+    int use_dns = (context->dns_canonicalize_hostname == CANONHOST_TRUE);
+
+    return expand_hostname(context, host, use_dns, canonhost_out);
+}
+
+/* Split data into hostname and trailer (:port or :instance).  Trailers are
+ * used in MSSQLSvc principals. */
+static void
+split_trailer(const krb5_data *data, krb5_data *host, krb5_data *trailer)
+{
+    char *p = memchr(data->data, ':', data->length);
+    unsigned int tlen = (p == NULL) ? 0 : data->length - (p - data->data);
+
+    /* Make sure we have a single colon followed by one or more characters.  An
+     * IPv6 address will have more than one colon, so don't accept that. */
+    if (p == NULL || tlen == 1 || memchr(p + 1, ':', tlen - 1) != NULL) {
+        *host = *data;
+        *trailer = make_data("", 0);
+    } else {
+        *host = make_data(data->data, p - data->data);
+        *trailer = make_data(p, tlen);
+    }
+}
+
+static krb5_error_code
+canonicalize_princ(krb5_context context, struct canonprinc *iter,
+                   krb5_boolean use_dns, krb5_const_principal *princ_out)
+{
+    krb5_error_code ret;
+    krb5_data host, trailer;
+    char *hostname = NULL, *canonhost = NULL, *combined = NULL;
+    char **hrealms = NULL;
+
+    *princ_out = NULL;
+
+    assert(iter->princ->length == 2);
+    split_trailer(&iter->princ->data[1], &host, &trailer);
+
+    hostname = k5memdup0(host.data, host.length, &ret);
+    if (hostname == NULL)
+        goto cleanup;
+
+    if (iter->princ->type == KRB5_NT_SRV_HST) {
+        /* Expand the hostname with or without DNS as specified. */
+        ret = expand_hostname(context, hostname, use_dns, &canonhost);
+        if (ret)
+            goto cleanup;
+    } else {
+        canonhost = strdup(hostname);
+        if (canonhost == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+    }
+
+    /* Add the trailer to the expanded hostname. */
+    if (asprintf(&combined, "%s%.*s", canonhost,
+                 trailer.length, trailer.data) < 0) {
+        combined = NULL;
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    /* Don't yield the same host part twice. */
+    if (iter->canonhost != NULL && strcmp(iter->canonhost, combined) == 0)
+        goto cleanup;
+
+    free(iter->canonhost);
+    iter->canonhost = combined;
+    combined = NULL;
+
+    /* If the realm is unknown, look up the realm of the expanded hostname. */
+    if (iter->princ->realm.length == 0 && !iter->no_hostrealm) {
+        ret = krb5_get_host_realm(context, canonhost, &hrealms);
+        if (ret)
+            goto cleanup;
+        if (hrealms[0] == NULL) {
+            ret = KRB5_ERR_HOST_REALM_UNKNOWN;
+            goto cleanup;
+        }
+        free(iter->realm);
+        if (*hrealms[0] == '\0' && iter->subst_defrealm) {
+            ret = krb5_get_default_realm(context, &iter->realm);
+            if (ret)
+                goto cleanup;
+        } else {
+            iter->realm = strdup(hrealms[0]);
+            if (iter->realm == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        }
+    }
+
+    iter->copy = *iter->princ;
+    if (iter->realm != NULL)
+        iter->copy.realm = string2data(iter->realm);
+    iter->components[0] = iter->princ->data[0];
+    iter->components[1] = string2data(iter->canonhost);
+    iter->copy.data = iter->components;
+    *princ_out = &iter->copy;
+
+cleanup:
+    free(hostname);
+    free(canonhost);
+    free(combined);
+    krb5_free_host_realm(context, hrealms);
+    return ret;
+}
+
+krb5_error_code
+k5_canonprinc(krb5_context context, struct canonprinc *iter,
+              krb5_const_principal *princ_out)
+{
+    krb5_error_code ret;
+    int step = ++iter->step;
+
+    *princ_out = NULL;
+
+    /* If the hostname isn't from krb5_sname_to_principal(), the input
+     * principal is canonical. */
+    if (iter->princ->type != KRB5_NT_SRV_HST || iter->princ->length != 2 ||
+        iter->princ->data[1].length == 0) {
+        *princ_out = (step == 1) ? iter->princ : NULL;
+        return 0;
+    }
+
+    /* If we're not doing fallback, the hostname is canonical, but we may need
+     * to substitute the default realm. */
+    if (context->dns_canonicalize_hostname != CANONHOST_FALLBACK) {
+        if (step > 1)
+            return 0;
+        iter->copy = *iter->princ;
+        if (iter->subst_defrealm && iter->copy.realm.length == 0) {
+            ret = krb5_get_default_realm(context, &iter->realm);
+            if (ret)
+                return ret;
+            iter->copy = *iter->princ;
+            iter->copy.realm = string2data(iter->realm);
+        }
+        *princ_out = &iter->copy;
+        return 0;
+    }
+
+    /* Canonicalize without DNS at step 1, with DNS at step 2. */
+    if (step > 2)
+        return 0;
+    return canonicalize_princ(context, iter, step == 2, princ_out);
+}
+
+krb5_boolean
+k5_sname_compare(krb5_context context, krb5_const_principal sname,
+                 krb5_const_principal princ)
+{
+    krb5_error_code ret;
+    struct canonprinc iter = { sname, .subst_defrealm = TRUE };
+    krb5_const_principal canonprinc = NULL;
+    krb5_boolean match = FALSE;
+
+    while ((ret = k5_canonprinc(context, &iter, &canonprinc)) == 0 &&
+           canonprinc != NULL) {
+        if (krb5_principal_compare(context, canonprinc, princ)) {
+            match = TRUE;
+            break;
+        }
+    }
+    free_canonprinc(&iter);
+    return match;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_sname_to_principal(krb5_context context, const char *hostname,
+                        const char *sname, krb5_int32 type,
+                        krb5_principal *princ_out)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    krb5_const_principal cprinc;
+    krb5_boolean use_dns;
+    char localname[MAXHOSTNAMELEN];
+    struct canonprinc iter = { NULL };
+
+    *princ_out = NULL;
+
+    if (type != KRB5_NT_UNKNOWN && type != KRB5_NT_SRV_HST)
+        return KRB5_SNAME_UNSUPP_NAMETYPE;
+
+    /* If hostname is NULL, use the local hostname. */
+    if (hostname == NULL) {
+        if (gethostname(localname, MAXHOSTNAMELEN) != 0)
+            return SOCKET_ERRNO;
+        hostname = localname;
+    }
+
+    /* If sname is NULL, use "host". */
+    if (sname == NULL)
+        sname = "host";
+
+    /* Build an initial principal with what we have. */
+    ret = krb5_build_principal(context, &princ, 0, KRB5_REFERRAL_REALM,
+                               sname, hostname, (char *)NULL);
+    if (ret)
+        return ret;
+    princ->type = type;
+
+    if (type == KRB5_NT_SRV_HST &&
+        context->dns_canonicalize_hostname == CANONHOST_FALLBACK) {
+        /* Delay canonicalization and realm lookup until use. */
+        *princ_out = princ;
+        return 0;
+    }
+
+    use_dns = (context->dns_canonicalize_hostname == CANONHOST_TRUE);
+    iter.princ = princ;
+    ret = canonicalize_princ(context, &iter, use_dns, &cprinc);
+    if (!ret)
+        ret = krb5_copy_principal(context, cprinc, princ_out);
+    free_canonprinc(&iter);
+    krb5_free_principal(context, princ);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_an_to_ln.c b/krb5-1.21.3/src/lib/krb5/os/t_an_to_ln.c
new file mode 100644
index 00000000..b9c63acc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_an_to_ln.c
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "krb5.h"
+
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code     kret = 0;
+    krb5_context        kcontext;
+    krb5_principal      principal;
+    char                *programname;
+    int                 i;
+    char                sbuf[1024];
+
+    programname = argv[0];
+    krb5_init_context(&kcontext);
+    for (i=1; i < argc; i++) {
+        if (!(kret = krb5_parse_name(kcontext, argv[i], &principal))) {
+            if (!(kret = krb5_aname_to_localname(kcontext,
+                                                 principal,
+                                                 1024,
+                                                 sbuf))) {
+                printf("%s: aname_to_lname maps %s -> <%s>\n",
+                       programname, argv[i], sbuf);
+            }
+            else {
+                printf("%s: aname to lname returns %s for %s\n", programname,
+                       error_message(kret), argv[i]);
+            }
+            krb5_free_principal(kcontext, principal);
+        }
+        else {
+            printf("%s: parse_name returns %s\n", programname,
+                   error_message(kret));
+        }
+        if (kret)
+            break;
+    }
+    krb5_free_context(kcontext);
+    return((kret) ? 1 : 0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_discover_uri.py b/krb5-1.21.3/src/lib/krb5/os/t_discover_uri.py
new file mode 100644
index 00000000..87bac179
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_discover_uri.py
@@ -0,0 +1,46 @@
+from k5test import *
+
+entries = ('URI _kerberos.TEST krb5srv::kkdcp:https://kdc1 1 1\n',
+           'URI _kerberos.TEST krb5srv::kkdcp:https://kdc3:300/path 3 1\n',
+           'URI _kerberos.TEST krb5srv:m:kkdcp:https://kdc2/path 2 1\n',
+           'URI _kerberos.TEST KRB5SRV:xMz:UDP:KDC4 4 1\n',
+           'URI _kerberos.TEST krb5srv:xyz:tcp:192.168.1.6 6 1\n',
+           'URI _kerberos.TEST krb5srv::tcp:kdc5:500 5 1\n',
+           'URI _kerberos.TEST krb5srv::tcp:[dead:beef:cafe:7]:700 7 1\n',
+           'URI _kerberos.TEST bogustag:m:kkdcp:https://bogus 8 1\n',
+           'URI _kerberos.TEST krb5srv:m:bogustrans:https://bogus 10 1\n',
+           'URI _kerberos.TEST krb5srv:m:kkdcp:bogus 11 1\n',
+           'URI _kerberos.TEST krb5srv:m:bogusnotrans 12 1\n')
+
+expected = ('7 servers:',
+            '0: h:kdc1 t:https p:443 m:0 P:',
+            '1: h:kdc2 t:https p:443 m:1 P:path',
+            '2: h:kdc3 t:https p:300 m:0 P:path',
+            '3: h:KDC4 t:udp p:88 m:1 P:',
+            '4: h:kdc5 t:tcp p:500 m:0 P:',
+            '5: h:192.168.1.6 t:tcp p:88 m:0 P:',
+            '6: h:dead:beef:cafe:7 t:tcp p:700 m:0 P:')
+
+conf = {'libdefaults': {'dns_lookup_kdc' : 'true'}}
+
+realm = K5Realm(create_kdb=False, krb5_conf=conf)
+
+hosts_filename = os.path.join(realm.testdir, 'resolv_hosts')
+f = open(hosts_filename, 'w')
+for line in entries:
+    f.write(line)
+f.close()
+
+realm.env['LD_PRELOAD'] = 'libresolv_wrapper.so'
+realm.env['RESOLV_WRAPPER_HOSTS'] = hosts_filename
+
+out = realm.run(['./t_locate_kdc', 'TEST'], env=realm.env)
+l = out.splitlines()
+
+j = 0
+for i in range(4, 12):
+    if l[i].strip() != expected[j]:
+        fail('URI answers do not match')
+    j += 1
+
+success('uri discovery tests')
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_expand_path.c b/krb5-1.21.3/src/lib/krb5/os/t_expand_path.c
new file mode 100644
index 00000000..5f63577a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_expand_path.c
@@ -0,0 +1,18 @@
+#include "k5-int.h"
+#include "os-proto.h"
+
+int
+main(int argc, char **argv)
+{
+    char *path;
+
+    if (k5_expand_path_tokens_extra(NULL, argv[1], &path, "animal", "frog",
+				    "place", "pad", "s", "s", NULL) != 0)
+	return 2;
+    if (argc == 2)
+	printf("%s\n", path);
+    else if (strcmp(path, argv[2]) != 0)
+	return 1;
+    free(path);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_gifconf.c b/krb5-1.21.3/src/lib/krb5/os/t_gifconf.c
new file mode 100644
index 00000000..786efa48
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_gifconf.c
@@ -0,0 +1,137 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* SIOCGIFCONF:
+
+   The behavior of this ioctl varies across systems.
+
+   The "largest gap" values are the largest number of bytes I've seen
+   left unused at the end of the supplied buffer when there were more
+   entries to return.  These values may of coures be dependent on the
+   configurations of the particular systems I was testing with.
+
+   NetBSD 1.5-alpha: The returned ifc_len is the desired amount of
+   space, always.  The returned list may be truncated if there isn't
+   enough room; no overrun.  Largest gap: 43.  (NetBSD now has
+   getifaddrs.)
+
+   BSD/OS 4.0.1 (courtesy djm): The returned ifc_len is equal to or
+   less than the supplied ifc_len.  Sometimes the entire buffer is
+   used; sometimes N-1 bytes; occasionally, the buffer must have quite
+   a bit of extra room before the next structure will be added.
+   Largest gap: 39.
+
+   Solaris 7,8: Return EINVAL if the buffer space is too small for all
+   the data to be returned, including ifc_len==0.  Solaris is the only
+   system I've found so far that actually returns an error.  No gap.
+   However, SIOCGIFNUM may be used to query the number of interfaces.
+
+   Linux 2.2.12 (RH 6.1 dist, x86): The buffer is filled in with as
+   many entries as will fit, and the size used is returned in ifc_len.
+   The list is truncated if needed, with no indication.  Largest gap: 31.
+
+   IRIX 6.5: The buffer is filled in with as many entries as will fit
+   in N-1 bytes, and the size used is returned in ifc_len.  Providing
+   exactly the desired number of bytes is inadequate; the buffer must
+   be *bigger* than needed.  (E.g., 32->0, 33->32.)  The returned
+   ifc_len is always less than the supplied one.  Largest gap: 32.
+
+   AIX 4.3.3: Sometimes the returned ifc_len is bigger than the
+   supplied one, but it may not be big enough for *all* the
+   interfaces.  Sometimes it's smaller than the supplied value, even
+   if the returned list is truncated.  The list is filled in with as
+   many entries as will fit; no overrun.  Largest gap: 143.
+
+   Older AIX: We're told by W. David Shambroom <DShambroom@gte.com> in
+   PR krb5-kdc/919 that older versions of AIX have a bug in the
+   SIOCGIFCONF ioctl which can cause them to overrun the supplied
+   buffer.  However, we don't yet have details as to which version,
+   whether the overrun amount was bounded (e.g., one ifreq's worth) or
+   not, whether it's a real buffer overrun or someone assuming it was
+   because ifc_len was increased, etc.  Once we've got details, we can
+   try to work around the problem.
+
+   Digital UNIX 4.0F: If input ifc_len is zero, return an ifc_len
+   that's big enough to include all entries.  (Actually, on our
+   system, it appears to be larger than that by 32.)  If input ifc_len
+   is nonzero, fill in as many entries as will fit, and set ifc_len
+   accordingly.  (Tested only with INIT of zero.)
+
+   So... if the returned ifc_len is bigger than the supplied one,
+   we'll need at least that much space -- but possibly more -- to hold
+   all the results.  If the returned value is smaller or the same, we
+   may still need more space.
+
+   Using this ioctl is going to be messy.  Let's just hope that
+   getifaddrs() catches on quickly....  */
+
+#include <errno.h>
+#include <stdio.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <net/if.h>
+#include <netinet/in.h>
+
+#if (defined(sun) || defined(__sun__)) && !defined(SIOCGIFCONF)
+/* Sun puts socket ioctls in another file.  */
+#include <sys/sockio.h>
+#endif
+
+#define INIT 0xc3
+
+int
+main(void)
+{
+    char buffer[2048];
+    int i, sock, t, olen = -9, omod = -9;
+    struct ifconf ifc;
+    int gap = -1, lastgap = -1;
+
+    sock = socket (AF_INET, SOCK_DGRAM, 0);
+    if (sock < 0) {
+        perror ("socket");
+        exit (1);
+    }
+    printf ("sizeof(struct if_req)=%d\n", sizeof (struct ifreq));
+    for (t = 0; t < sizeof (buffer); t++) {
+        ifc.ifc_len = t;
+        ifc.ifc_buf = buffer;
+        memset (buffer, INIT, sizeof (buffer));
+        i = ioctl (sock, SIOCGIFCONF, (char *) &ifc);
+        if (i < 0) {
+            /* Solaris returns "Invalid argument" if the buffer is too
+               small.  AIX and Linux return no error indication.  */
+            int e = errno;
+            snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t);
+            errno = e;
+            perror (buffer);
+            if (e == EINVAL)
+                continue;
+            fprintf (stderr, "exiting on unexpected error\n");
+            exit (1);
+        }
+        i = sizeof (buffer) - 1;
+        while (buffer[i] == ((char)INIT) && i >= 0)
+            i--;
+        if (omod != i) {
+            /* Okay... the gap computed on the *last* iteration is the
+               largest for that particular size of returned data.
+               Save it, and then start computing gaps for the next
+               bigger size of returned data.  If we never get anything
+               bigger back, we discard the newer value and only keep
+               LASTGAP because all we care about is how much slop we
+               need to "prove" that there really weren't any more
+               entries to be returned.  */
+            if (gap > lastgap)
+                lastgap = gap;
+        }
+        gap = t - i - 1;
+        if (olen != ifc.ifc_len || omod != i) {
+            printf ("ifc_len in = %4d, ifc_len out = %4d, last mod = %4d\n",
+                    t, ifc.ifc_len, i);
+            olen = ifc.ifc_len;
+            omod = i;
+        }
+    }
+    printf ("finished at ifc_len %d\n", t);
+    printf ("largest gap = %d\n", lastgap);
+    exit (0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_kuserok.c b/krb5-1.21.3/src/lib/krb5/os/t_kuserok.c
new file mode 100644
index 00000000..eabbfc75
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_kuserok.c
@@ -0,0 +1,54 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/t_kuserok.c - Test harness for krb5_kuserok */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <krb5.h>
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_principal principal;
+    krb5_boolean ok;
+    char *progname;
+
+    progname = argv[0];
+    if (argc != 3) {
+        fprintf(stderr, "Usage: %s principal localuser\n", progname);
+        return 1;
+    }
+    krb5_init_context(&context);
+    ret = krb5_parse_name(context, argv[1], &principal);
+    if (ret) {
+        com_err(progname, ret, "while parsing principal name");
+        return 1;
+    }
+    ok = krb5_kuserok(context, principal, argv[2]);
+    printf("krb5_kuserok returns %s\n", ok ? "true" : "false");
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_locate_kdc.c b/krb5-1.21.3/src/lib/krb5/os/t_locate_kdc.c
new file mode 100644
index 00000000..6da28eb2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_locate_kdc.c
@@ -0,0 +1,143 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-platform.h"
+#include "port-sockets.h"
+#include <sys/types.h>
+#include <com_err.h>
+
+#define TEST
+#include "fake-addrinfo.h"
+#include "dnsglue.c"
+#include "dnssrv.c"
+#include "locate_kdc.c"
+
+enum {
+    LOOKUP_CONF = 3,
+    LOOKUP_DNS,
+    LOOKUP_WHATEVER
+} how = LOOKUP_WHATEVER;
+
+const char *prog;
+
+struct serverlist sl;
+
+static void
+kfatal (krb5_error_code err)
+{
+    com_err (prog, err, "- exiting");
+    exit (1);
+}
+
+static const char *
+ttypename (k5_transport ttype)
+{
+    static char buf[20];
+    switch (ttype) {
+    case TCP_OR_UDP:
+        return "tcp or udp";
+    case TCP:
+        return "tcp";
+    case UDP:
+        return "udp";
+    case HTTPS:
+        return "https";
+    default:
+        snprintf(buf, sizeof(buf), "?%d", ttype);
+        return buf;
+    }
+}
+
+static void
+print_addrs (void)
+{
+    size_t i;
+    int err;
+
+    printf("%d servers:\n", (int)sl.nservers);
+    for (i = 0; i < sl.nservers; i++) {
+        struct server_entry *entry = &sl.servers[i];
+        char hostbuf[NI_MAXHOST], srvbuf[NI_MAXSERV];
+
+        if (entry->hostname != NULL) {
+            printf("%d: h:%s t:%s p:%d m:%d P:%s\n", (int)i,
+                   entry->hostname, ttypename(entry->transport),
+                   entry->port, entry->primary,
+                   entry->uri_path ? entry->uri_path : "");
+            continue;
+        }
+        err = getnameinfo((struct sockaddr *)&entry->addr, entry->addrlen,
+                          hostbuf, sizeof(hostbuf), srvbuf, sizeof(srvbuf),
+                          NI_NUMERICHOST | NI_NUMERICSERV);
+        if (err) {
+            printf("%2d: getnameinfo returns error %d=%s\n", (int)i, err,
+                   gai_strerror(err));
+        } else {
+            printf("%2d: address %s\t%s\tport %s\n", (int)i, hostbuf,
+                   ttypename(entry->transport), srvbuf);
+        }
+    }
+}
+
+int
+main (int argc, char *argv[])
+{
+    char *p, *realmname;
+    krb5_data realm;
+    krb5_context ctx;
+    krb5_error_code err;
+    int primary = 0;
+
+    p = strrchr (argv[0], '/');
+    if (p)
+        prog = p+1;
+    else
+        prog = argv[0];
+
+    switch (argc) {
+    case 2:
+        /* foo $realm */
+        realmname = argv[1];
+        break;
+    case 3:
+        if (!strcmp (argv[1], "-c"))
+            how = LOOKUP_CONF;
+        else if (!strcmp (argv[1], "-d"))
+            how = LOOKUP_DNS;
+        else if (!strcmp (argv[1], "-m"))
+            primary = 1;
+        else
+            goto usage;
+        realmname = argv[2];
+        break;
+    default:
+    usage:
+        fprintf (stderr, "%s: usage: %s [-c | -d | -m] realm\n", prog, prog);
+        return 1;
+    }
+
+    err = krb5_init_context (&ctx);
+    if (err)
+        kfatal (err);
+
+    realm.data = realmname;
+    realm.length = strlen (realmname);
+
+    switch (how) {
+    case LOOKUP_CONF:
+        err = krb5_locate_srv_conf(ctx, &realm, "kdc", &sl, htons(88));
+        break;
+
+    case LOOKUP_DNS:
+        err = locate_srv_dns_1(ctx, &realm, "_kerberos", "_udp", &sl);
+        break;
+
+    case LOOKUP_WHATEVER:
+        err = k5_locate_kdc(ctx, &realm, &sl, primary, FALSE);
+        break;
+    }
+    if (err) kfatal (err);
+    print_addrs();
+
+    k5_free_serverlist(&sl);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_std_conf.c b/krb5-1.21.3/src/lib/krb5/os/t_std_conf.c
new file mode 100644
index 00000000..70525249
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_std_conf.c
@@ -0,0 +1,224 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * t_std_conf.c --- This program tests standard Krb5 routines which pull
+ *      values from the krb5 config file(s).
+ */
+
+#include "k5-int.h"
+#include "fake-addrinfo.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os-proto.h"
+
+static void
+test_get_default_realm(krb5_context ctx)
+{
+    char    *realm;
+    krb5_error_code retval;
+
+    retval = krb5_get_default_realm(ctx, &realm);
+    if (retval) {
+        com_err("krb5_get_default_realm", retval, 0);
+        return;
+    }
+    printf("krb5_get_default_realm() returned '%s'\n", realm);
+    free(realm);
+}
+
+static void
+test_set_default_realm(krb5_context ctx, char *realm)
+{
+    krb5_error_code retval;
+
+    retval = krb5_set_default_realm(ctx, realm);
+    if (retval) {
+        com_err("krb5_set_default_realm", retval, 0);
+        return;
+    }
+    printf("krb5_set_default_realm(%s)\n", realm);
+}
+
+static void
+test_get_default_ccname(krb5_context ctx)
+{
+    const char      *ccname;
+
+    ccname = krb5_cc_default_name(ctx);
+    if (ccname)
+        printf("krb5_cc_default_name() returned '%s'\n", ccname);
+    else
+        printf("krb5_cc_default_name() returned NULL\n");
+}
+
+static void
+test_set_default_ccname(krb5_context ctx, char *ccname)
+{
+    krb5_error_code retval;
+
+    retval = krb5_cc_set_default_name(ctx, ccname);
+    if (retval) {
+        com_err("krb5_set_default_ccname", retval, 0);
+        return;
+    }
+    printf("krb5_set_default_ccname(%s)\n", ccname);
+}
+
+static void
+test_locate_kdc(krb5_context ctx, char *realm)
+{
+    struct serverlist servers;
+    size_t i;
+    int get_primaries = FALSE;
+    krb5_data rlm;
+    krb5_error_code retval;
+
+    rlm.data = realm;
+    rlm.length = strlen(realm);
+    retval = k5_locate_kdc(ctx, &rlm, &servers, get_primaries, FALSE);
+    if (retval) {
+        com_err("krb5_locate_kdc", retval, 0);
+        return;
+    }
+    printf("krb_locate_kdc(%s) returned:", realm);
+    for (i = 0; i < servers.nservers; i++) {
+        struct server_entry *entry = &servers.servers[i];
+        if (entry->hostname) {
+            printf(" host:%s/%d", entry->hostname, entry->port);
+            continue;
+        }
+        switch (entry->family) {
+        case AF_INET:
+        {
+            struct sockaddr_in *s_sin = (struct sockaddr_in *)&entry->addr;
+            printf(" inet:%s/%d", inet_ntoa(s_sin->sin_addr),
+                   ntohs(s_sin->sin_port));
+        }
+        break;
+        case AF_INET6:
+        {
+            struct sockaddr_in6 *s_sin6 = (struct sockaddr_in6 *)&entry->addr;
+            int j;
+            printf(" inet6");
+            for (j = 0; j < 8; j++)
+                printf(":%x",
+                       (s_sin6->sin6_addr.s6_addr[2*j] * 256
+                        + s_sin6->sin6_addr.s6_addr[2*j+1]));
+            printf("/%d", ntohs(s_sin6->sin6_port));
+            break;
+        }
+        default:
+            printf(" unknown-af-%d", entry->family);
+            break;
+        }
+    }
+    k5_free_serverlist(&servers);
+    printf("\n");
+}
+
+static void
+test_get_host_realm(krb5_context ctx, char *host)
+{
+    char **realms, **cpp;
+    krb5_error_code retval;
+
+    retval = krb5_get_host_realm(ctx, host, &realms);
+    if (retval) {
+        com_err("krb5_get_host_realm", retval, 0);
+        return;
+    }
+    printf("krb_get_host_realm(%s) returned:", host);
+    if (realms == 0) {
+        printf(" (null)\n");
+        return;
+    }
+    if (realms[0] == 0) {
+        printf(" (none)\n");
+        free(realms);
+        return;
+    }
+    for (cpp = realms; *cpp; cpp++) {
+        printf(" '%s'", *cpp);
+        free(*cpp);
+    }
+    free(realms);
+    printf("\n");
+}
+
+static void
+test_get_realm_domain(krb5_context ctx, char *realm)
+{
+    krb5_error_code retval;
+    char    *domain;
+
+    retval = krb5_get_realm_domain(ctx, realm, &domain);
+    if (retval) {
+        com_err("krb5_get_realm_domain", retval, 0);
+        return;
+    }
+    printf("krb5_get_realm_domain(%s) returned '%s'\n", realm, domain);
+    free(domain);
+}
+
+static void
+usage(char *progname)
+{
+    fprintf(stderr, "%s: Usage: %s [-dc] [-k realm] [-r host] [-C ccname] [-D realm]\n",
+            progname, progname);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    int     c;
+    krb5_context    ctx;
+    krb5_error_code retval;
+    extern char *optarg;
+
+    retval = krb5_init_context(&ctx);
+    if (retval) {
+        fprintf(stderr, "krb5_init_context returned error %u\n",
+                retval);
+        exit(1);
+    }
+
+    while ((c = getopt(argc, argv, "cdr:C:D:l:s:")) != -1) {
+        switch (c) {
+        case 'c':           /* Get default ccname */
+            test_get_default_ccname(ctx);
+            break;
+        case 'd': /* Get default realm */
+            test_get_default_realm(ctx);
+            break;
+        case 'l':
+            test_locate_kdc(ctx, optarg);
+            break;
+        case 'r':
+            test_get_host_realm(ctx, optarg);
+            break;
+        case 's':
+            test_set_default_realm(ctx, optarg);
+            break;
+        case 'C':
+            test_set_default_ccname(ctx, optarg);
+            break;
+        case 'D':
+            test_get_realm_domain(ctx, optarg);
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+
+    krb5_free_context(ctx);
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_trace.c b/krb5-1.21.3/src/lib/krb5/os/t_trace.c
new file mode 100644
index 00000000..10ba8d0a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_trace.c
@@ -0,0 +1,245 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/t_trace.c - Test harness for trace.c */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "port-sockets.h"
+#include "os-proto.h"
+#include <com_err.h>
+
+const char *prog;
+
+static void
+kfatal (krb5_error_code err)
+{
+    com_err (prog, err, "- exiting");
+    exit (1);
+}
+
+int
+main (int argc, char *argv[])
+{
+    char *p;
+    krb5_context ctx;
+    krb5_error_code err;
+    int i = -1;
+    long ln = -2;
+    size_t s = 0;
+    char *str = "example.data";
+    krb5_octet *oct = (krb5_octet *) str;
+    unsigned int oct_length = strlen(str);
+    struct remote_address ra;
+    struct sockaddr_in *addr_in;
+    krb5_data data;
+    struct krb5_key_st key;
+    krb5_checksum checksum;
+    krb5_principal_data principal_data, principal_data2;
+    krb5_principal princ = &principal_data;
+    krb5_pa_data padata, padata2, **padatap;
+    krb5_enctype enctypes[4] = {
+        ENCTYPE_DES3_CBC_SHA, ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_UNKNOWN,
+        ENCTYPE_NULL};
+    krb5_ccache ccache;
+    krb5_keytab keytab;
+    krb5_creds creds;
+
+    p = strrchr (argv[0], '/');
+    if (p)
+        prog = p+1;
+    else
+        prog = argv[0];
+
+    if (argc != 1) {
+        fprintf (stderr, "%s: usage: %s\n", prog, prog);
+        return 1;
+    }
+
+    err = krb5_init_context (&ctx);
+    if (err)
+        kfatal (err);
+
+    krb5int_trace(NULL, NULL);
+    TRACE(ctx, "simple format");
+
+    TRACE(ctx, "int, in decimal: {int}", i);
+    TRACE(ctx, "long, in decimal: {long}", ln);
+
+    TRACE(ctx, "const char *, display as C string: {str}", str);
+    s = strlen(str);
+    TRACE(ctx, "size_t and const char *, as a counted string: {lenstr}",
+          s, str);
+    TRACE(ctx, "size_t and const char *, as a counted string: {lenstr}",
+          1, NULL);
+    TRACE(ctx, "size_t and const char *, as hex bytes: {hexlenstr}",
+          s, str);
+    TRACE(ctx, "size_t and const char *, as hex bytes: {hexlenstr}",
+          1, NULL);
+    TRACE(ctx, "size_t and const char *, as four-character hex hash: "
+          "{hashlenstr}", s, str);
+    TRACE(ctx, "size_t and const char *, as four-character hex hash: "
+          "{hashlenstr}", 1, NULL);
+
+    ra.transport = TCP;
+    addr_in = (struct sockaddr_in *)&ra.saddr;
+    addr_in->sin_family = AF_INET;
+    addr_in->sin_addr.s_addr = INADDR_ANY;
+    addr_in->sin_port = htons(88);
+    ra.len = sizeof(struct sockaddr_in);
+    ra.family = AF_INET;
+    TRACE(ctx, "struct remote_address *, show socket type, address, port: "
+          "{raddr}", &ra);
+    ra.transport = UDP;
+    TRACE(ctx, "struct remote_address *, show socket type, address, port: "
+          "{raddr}", &ra);
+    ra.transport = 1234;
+    addr_in->sin_family = AF_UNSPEC;
+    ra.family = AF_UNSPEC;
+    TRACE(ctx, "struct remote_address *, show socket type, address, port: "
+          "{raddr}", &ra);
+    ra.family = 5678;
+    TRACE(ctx, "struct remote_address *, show socket type, address, port: "
+          "{raddr}", &ra);
+
+    data.magic = 0;
+    data.length = strlen(str);
+    data.data = str;
+    TRACE(ctx, "krb5_data *, display as counted string: {data}", &data);
+    TRACE(ctx, "krb5_data *, display as counted string: {data}", NULL);
+    TRACE(ctx, "krb5_data *, display as hex bytes: {hexdata}", &data);
+    TRACE(ctx, "krb5_data *, display as hex bytes: {hexdata}", NULL);
+
+    TRACE(ctx, "int, display as number/errorstring: {errno}", ENOENT);
+    TRACE(ctx, "krb5_error_code, display as number/errorstring: {kerr}", 0);
+
+    key.keyblock.magic = 0;
+    key.keyblock.enctype = ENCTYPE_UNKNOWN;
+    key.keyblock.length = strlen(str);
+    key.keyblock.contents = (krb5_octet *)str;
+    key.refcount = 0;
+    key.derived = NULL;
+    key.cache = NULL;
+    TRACE(ctx, "const krb5_keyblock *, display enctype and hash of key: "
+          "{keyblock}", &key.keyblock);
+    TRACE(ctx, "const krb5_keyblock *, display enctype and hash of key: "
+          "{keyblock}", NULL);
+    TRACE(ctx, "krb5_key, display enctype and hash of key: {key}", &key);
+    TRACE(ctx, "krb5_key, display enctype and hash of key: {key}", NULL);
+
+    checksum.magic = 0;
+    checksum.checksum_type = -1;
+    checksum.length = oct_length;
+    checksum.contents = oct;
+    TRACE(ctx, "const krb5_checksum *, display cksumtype and hex checksum: "
+          "{cksum}", &checksum);
+
+    principal_data.magic = 0;
+    principal_data.realm.magic = 0;
+    principal_data.realm.data = "ATHENA.MIT.EDU";
+    principal_data.realm.length = strlen(principal_data.realm.data);
+    principal_data.data = &data;
+    principal_data.length = 0;
+    principal_data.type = KRB5_NT_UNKNOWN;
+    TRACE(ctx, "krb5_principal, unparse and display: {princ}", princ);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_UNKNOWN);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_PRINCIPAL);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_INST);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_HST);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SRV_XHST);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_UID);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_X500_PRINCIPAL);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_SMTP_NAME);
+    TRACE(ctx, "int, krb5_principal type: {ptype}",
+          KRB5_NT_ENTERPRISE_PRINCIPAL);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_WELLKNOWN);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", KRB5_NT_MS_PRINCIPAL);
+    TRACE(ctx, "int, krb5_principal type: {ptype}",
+          KRB5_NT_MS_PRINCIPAL_AND_ID);
+    TRACE(ctx, "int, krb5_principal type: {ptype}",
+          KRB5_NT_ENT_PRINCIPAL_AND_ID);
+    TRACE(ctx, "int, krb5_principal type: {ptype}", -1);
+
+    padatap = malloc(sizeof(krb5_pa_data *) * 3);
+    padatap[0] = &padata;
+    padatap[1] = &padata2;
+    padatap[2] = NULL;
+    padata.magic = 0;
+    padata.pa_type = KRB5_PADATA_NONE;
+    padata.length = oct_length;
+    padata.contents = oct;
+    padata2 = padata;
+    padata.pa_type = KRB5_PADATA_PW_SALT;
+    TRACE(ctx, "krb5_pa_data **, display list of padata type numbers: "
+          "{patypes}", padatap);
+    TRACE(ctx, "krb5_pa_data **, display list of padata type numbers: "
+          "{patypes}", NULL);
+    free(padatap);
+    padatap = NULL;
+
+    TRACE(ctx, "krb5_enctype, display shortest name of enctype: {etype}",
+          ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+    TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", enctypes);
+    TRACE(ctx, "krb5_enctype *, display list of enctypes: {etypes}", NULL);
+
+    err = krb5_cc_resolve(ctx, "FILE:/path/to/ccache", &ccache);
+    TRACE(ctx, "krb5_ccache, display type:name: {ccache}", ccache);
+    krb5_cc_close(ctx, ccache);
+
+    err = krb5_kt_resolve(ctx, "FILE:/etc/krb5.keytab", &keytab);
+    TRACE(ctx, "krb5_keytab, display name: {keytab}", keytab);
+    krb5_kt_close(ctx, keytab);
+
+    creds.magic = 0;
+    creds.client = &principal_data;
+    memcpy(&principal_data2, &principal_data, sizeof(principal_data));
+    principal_data2.realm.data = "ZEUS.MIT.EDU";
+    principal_data2.realm.length = strlen(principal_data2.realm.data);
+    creds.server = &principal_data2;
+    memcpy(&creds.keyblock, &key.keyblock, sizeof(creds.keyblock));
+    creds.times.authtime = 0;
+    creds.times.starttime = 1;
+    creds.times.endtime = 2;
+    creds.times.renew_till = 3;
+    creds.is_skey = FALSE;
+    creds.ticket_flags = 0;
+    creds.addresses = NULL;
+    creds.ticket.magic = 0;
+    creds.ticket.length = strlen(str);
+    creds.ticket.data = str;
+    creds.second_ticket.magic = 0;
+    creds.second_ticket.length = strlen(str);
+    creds.second_ticket.data = str;
+    creds.authdata = NULL;
+    TRACE(ctx, "krb5_creds *, display clientprinc -> serverprinc: {creds}",
+          &creds);
+
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/t_trace.ref b/krb5-1.21.3/src/lib/krb5/os/t_trace.ref
new file mode 100644
index 00000000..044a6699
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/t_trace.ref
@@ -0,0 +1,48 @@
+simple format
+int, in decimal: -1
+long, in decimal: -2
+const char *, display as C string: example.data
+size_t and const char *, as a counted string: example.data
+size_t and const char *, as a counted string: (null)
+size_t and const char *, as hex bytes: 6578616D706C652E64617461
+size_t and const char *, as hex bytes: (null)
+size_t and const char *, as four-character hex hash: 7B9A
+size_t and const char *, as four-character hex hash: (null)
+struct remote_address *, show socket type, address, port: stream 0.0.0.0:88
+struct remote_address *, show socket type, address, port: dgram 0.0.0.0:88
+struct remote_address *, show socket type, address, port: transport1234 AF_UNSPEC
+struct remote_address *, show socket type, address, port: transport1234 af5678
+krb5_data *, display as counted string: example.data
+krb5_data *, display as counted string: (null)
+krb5_data *, display as hex bytes: 6578616D706C652E64617461
+krb5_data *, display as hex bytes: (null)
+int, display as number/errorstring: 2/No such file or directory
+krb5_error_code, display as number/errorstring: 0/Success
+const krb5_keyblock *, display enctype and hash of key: 511/7B9A
+const krb5_keyblock *, display enctype and hash of key: (null)
+krb5_key, display enctype and hash of key: 511/7B9A
+krb5_key, display enctype and hash of key: (null)
+const krb5_checksum *, display cksumtype and hex checksum: -1/6578616D706C652E64617461
+krb5_principal, unparse and display: @ATHENA.MIT.EDU
+int, krb5_principal type: unknown
+int, krb5_principal type: principal
+int, krb5_principal type: service instance
+int, krb5_principal type: service with host as instance
+int, krb5_principal type: service with host as components
+int, krb5_principal type: unique ID
+int, krb5_principal type: X.509
+int, krb5_principal type: SMTP email
+int, krb5_principal type: Windows 2000 UPN
+int, krb5_principal type: well-known
+int, krb5_principal type: Windows 2000 UPN and SID
+int, krb5_principal type: NT 4 style name
+int, krb5_principal type: NT 4 style name and SID
+int, krb5_principal type: ?
+krb5_pa_data **, display list of padata type numbers: PA-PW-SALT (3), 0
+krb5_pa_data **, display list of padata type numbers: (empty)
+krb5_enctype, display shortest name of enctype: aes128-cts
+krb5_enctype *, display list of enctypes: 5, rc4-hmac-exp, 511
+krb5_enctype *, display list of enctypes: (empty)
+krb5_ccache, display type:name: FILE:/path/to/ccache
+krb5_keytab, display name: FILE:/etc/krb5.keytab
+krb5_creds *, display clientprinc -> serverprinc: @ATHENA.MIT.EDU -> @ZEUS.MIT.EDU
diff --git a/krb5-1.21.3/src/lib/krb5/os/td_krb5.conf b/krb5-1.21.3/src/lib/krb5/os/td_krb5.conf
new file mode 100644
index 00000000..edf03536
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/td_krb5.conf
@@ -0,0 +1,19 @@
+[libdefaults]
+	default_realm = DEFAULT.REALM.TST
+
+[realms]
+	DEFAULT_REALM.TST = {
+		kdc = FIRST.KDC.HOST
+		kdc = SECOND.KDC.HOST:88
+		admin_server = FIRST.KDC.HOST
+		default_domain = MIT.EDU
+	}
+	IGGY.ORG = {
+		kdc = KERBEROS.IGGY.ORG
+		kdc = KERBEROS-B.IGGY.ORG
+	}
+
+[domain_realm]
+	bad.idea = US.GOV
+	.bad.idea = NSA.GOV
+	clipper.bad.idea = NIST.GOV
diff --git a/krb5-1.21.3/src/lib/krb5/os/thread_safe.c b/krb5-1.21.3/src/lib/krb5/os/thread_safe.c
new file mode 100644
index 00000000..5ac7341c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/thread_safe.c
@@ -0,0 +1,37 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/thread_safe.c */
+/*
+ * Copyright 2005 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+krb5_boolean KRB5_CALLCONV
+krb5_is_thread_safe(void)
+{
+#if defined(ENABLE_THREADS)
+    return 1;
+#else
+    return 0;
+#endif
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/timeofday.c b/krb5-1.21.3/src/lib/krb5/os/timeofday.c
new file mode 100644
index 00000000..82fde925
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/timeofday.c
@@ -0,0 +1,67 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/timeofday.c */
+/*
+ * Copyright 1990, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+#include <time.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5_timeofday(krb5_context context, krb5_timestamp *timeret)
+{
+    krb5_os_context os_ctx;
+    time_t tval;
+
+    if (context == NULL)
+        return EINVAL;
+
+    os_ctx = &context->os_context;
+    if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) {
+        *timeret = os_ctx->time_offset;
+        return 0;
+    }
+    tval = time(0);
+    if (tval == (time_t) -1)
+        return (krb5_error_code) errno;
+    if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
+        tval += os_ctx->time_offset;
+    *timeret = tval;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_check_clockskew(krb5_context context, krb5_timestamp date)
+{
+    krb5_timestamp currenttime;
+    krb5_error_code retval;
+
+    retval = krb5_timeofday(context, &currenttime);
+    if (retval)
+        return retval;
+    if (!ts_within(date, currenttime, context->clockskew))
+        return KRB5KRB_AP_ERR_SKEW;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/toffset.c b/krb5-1.21.3/src/lib/krb5/os/toffset.c
new file mode 100644
index 00000000..4bbcdde5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/toffset.c
@@ -0,0 +1,119 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/toffset.c - Manipulate time offset fields in os context */
+/*
+ * Copyright 1995, 2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+
+/*
+ * This routine takes the "real time" as input, and sets the time
+ * offset field in the context structure so that the krb5 time
+ * routines will return the correct time as corrected by difference
+ * between the system time and the "real time" as passed to this
+ * routine
+ *
+ * If the real time microseconds are given as -1 the caller doesn't
+ * know the microseconds value so the usec offset is always zero.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
+{
+    krb5_os_context os_ctx = &context->os_context;
+    krb5_timestamp sec;
+    krb5_int32 usec;
+    krb5_error_code retval;
+
+    retval = krb5_crypto_us_timeofday(&sec, &usec);
+    if (retval)
+        return retval;
+
+    os_ctx->time_offset = ts_delta(seconds, sec);
+    os_ctx->usec_offset = (microseconds > -1) ? microseconds - usec : 0;
+
+    os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+                        KRB5_OS_TOFFSET_VALID);
+    return 0;
+}
+
+/*
+ * This routine sets the krb5 time routines so that they will return
+ * the seconds and microseconds value as input to this function.  This
+ * is useful for running the krb5 routines through test suites
+ */
+krb5_error_code
+krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
+{
+    krb5_os_context os_ctx = &context->os_context;
+
+    os_ctx->time_offset = seconds;
+    os_ctx->usec_offset = microseconds;
+    os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_VALID) |
+                        KRB5_OS_TOFFSET_TIME);
+    return 0;
+}
+
+/*
+ * This routine turns off the time correction fields, so that the krb5
+ * routines return the "natural" time.
+ */
+krb5_error_code
+krb5_use_natural_time(krb5_context context)
+{
+    krb5_os_context os_ctx = &context->os_context;
+
+    os_ctx->os_flags &= ~(KRB5_OS_TOFFSET_VALID|KRB5_OS_TOFFSET_TIME);
+
+    return 0;
+}
+
+/*
+ * This routine returns the current time offsets in use.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32 *microseconds)
+{
+    krb5_os_context os_ctx = &context->os_context;
+
+    if (seconds)
+        *seconds = os_ctx->time_offset;
+    if (microseconds)
+        *microseconds = os_ctx->usec_offset;
+    return 0;
+}
+
+
+/*
+ * This routine sets the time offsets directly.
+ */
+krb5_error_code
+krb5_set_time_offsets(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
+{
+    krb5_os_context os_ctx = &context->os_context;
+
+    os_ctx->time_offset = seconds;
+    os_ctx->usec_offset = microseconds;
+    os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+                        KRB5_OS_TOFFSET_VALID);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/trace.c b/krb5-1.21.3/src/lib/krb5/os/trace.c
new file mode 100644
index 00000000..4cbbbb27
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/trace.c
@@ -0,0 +1,489 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/trace.c - krb5int_trace implementation */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5int_trace is defined in k5-trace.h as a macro or static inline
+ * function, and is called like so:
+ *
+ *   void krb5int_trace(krb5_context context, const char *fmt, ...)
+ *
+ * Arguments may or may not be evaluated, so don't pass argument
+ * expressions with side effects.  Tracing support and calls can be
+ * explicitly compiled out with DISABLE_TRACING, but compile-time
+ * support is enabled by default.  Tracing calls use a custom
+ * formatter supporting the following format specifications:
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+#ifndef DISABLE_TRACING
+
+static void subfmt(krb5_context context, struct k5buf *buf,
+                   const char *fmt, ...);
+
+static krb5_boolean
+buf_is_printable(const char *p, size_t len)
+{
+    size_t i;
+
+    for (i = 0; i < len; i++) {
+        if (p[i] < 32 || p[i] > 126)
+            break;
+    }
+    return i == len;
+}
+
+static void
+buf_add_printable_len(struct k5buf *buf, const char *p, size_t len)
+{
+    char text[5];
+    size_t i;
+
+    if (buf_is_printable(p, len)) {
+        k5_buf_add_len(buf, p, len);
+    } else {
+        for (i = 0; i < len; i++) {
+            if (buf_is_printable(p + i, 1)) {
+                k5_buf_add_len(buf, p + i, 1);
+            } else {
+                snprintf(text, sizeof(text), "\\x%02x",
+                         (unsigned)(p[i] & 0xff));
+                k5_buf_add_len(buf, text, 4);
+            }
+        }
+    }
+}
+
+static void
+buf_add_printable(struct k5buf *buf, const char *p)
+{
+    buf_add_printable_len(buf, p, strlen(p));
+}
+
+/* Return a four-byte hex string from the first two bytes of a SHA-1 hash of a
+ * byte array.  Return NULL on failure. */
+static char *
+hash_bytes(krb5_context context, const void *ptr, size_t len)
+{
+    krb5_checksum cksum;
+    krb5_data d = make_data((void *) ptr, len);
+    char *s = NULL;
+
+    if (krb5_k_make_checksum(context, CKSUMTYPE_SHA1, NULL, 0, &d,
+                             &cksum) != 0)
+        return NULL;
+    if (cksum.length >= 2)
+        (void) asprintf(&s, "%02X%02X", cksum.contents[0], cksum.contents[1]);
+    krb5_free_checksum_contents(context, &cksum);
+    return s;
+}
+
+static char *
+principal_type_string(krb5_int32 type)
+{
+    switch (type) {
+    case KRB5_NT_UNKNOWN: return "unknown";
+    case KRB5_NT_PRINCIPAL: return "principal";
+    case KRB5_NT_SRV_INST: return "service instance";
+    case KRB5_NT_SRV_HST: return "service with host as instance";
+    case KRB5_NT_SRV_XHST: return "service with host as components";
+    case KRB5_NT_UID: return "unique ID";
+    case KRB5_NT_X500_PRINCIPAL: return "X.509";
+    case KRB5_NT_SMTP_NAME: return "SMTP email";
+    case KRB5_NT_ENTERPRISE_PRINCIPAL: return "Windows 2000 UPN";
+    case KRB5_NT_WELLKNOWN: return "well-known";
+    case KRB5_NT_MS_PRINCIPAL: return "Windows 2000 UPN and SID";
+    case KRB5_NT_MS_PRINCIPAL_AND_ID: return "NT 4 style name";
+    case KRB5_NT_ENT_PRINCIPAL_AND_ID: return "NT 4 style name and SID";
+    default: return "?";
+    }
+}
+
+static char *
+padata_type_string(krb5_preauthtype type)
+{
+    switch (type) {
+    case KRB5_PADATA_TGS_REQ: return "PA-TGS-REQ";
+    case KRB5_PADATA_ENC_TIMESTAMP: return "PA-ENC-TIMESTAMP";
+    case KRB5_PADATA_PW_SALT: return "PA-PW-SALT";
+    case KRB5_PADATA_ENC_UNIX_TIME: return "PA-ENC-UNIX-TIME";
+    case KRB5_PADATA_ENC_SANDIA_SECURID: return "PA-SANDIA-SECUREID";
+    case KRB5_PADATA_SESAME: return "PA-SESAME";
+    case KRB5_PADATA_OSF_DCE: return "PA-OSF-DCE";
+    case KRB5_CYBERSAFE_SECUREID: return "PA-CYBERSAFE-SECUREID";
+    case KRB5_PADATA_AFS3_SALT: return "PA-AFS3-SALT";
+    case KRB5_PADATA_ETYPE_INFO: return "PA-ETYPE-INFO";
+    case KRB5_PADATA_SAM_CHALLENGE: return "PA-SAM-CHALLENGE";
+    case KRB5_PADATA_SAM_RESPONSE: return "PA-SAM-RESPONSE";
+    case KRB5_PADATA_PK_AS_REQ_OLD: return "PA-PK-AS-REQ_OLD";
+    case KRB5_PADATA_PK_AS_REP_OLD: return "PA-PK-AS-REP_OLD";
+    case KRB5_PADATA_PK_AS_REQ: return "PA-PK-AS-REQ";
+    case KRB5_PADATA_PK_AS_REP: return "PA-PK-AS-REP";
+    case KRB5_PADATA_ETYPE_INFO2: return "PA-ETYPE-INFO2";
+    case KRB5_PADATA_SVR_REFERRAL_INFO: return "PA-SVR-REFERRAL-INFO";
+    case KRB5_PADATA_SAM_REDIRECT: return "PA-SAM-REDIRECT";
+    case KRB5_PADATA_GET_FROM_TYPED_DATA: return "PA-GET-FROM-TYPED-DATA";
+    case KRB5_PADATA_SAM_CHALLENGE_2: return "PA-SAM-CHALLENGE2";
+    case KRB5_PADATA_SAM_RESPONSE_2: return "PA-SAM-RESPONSE2";
+    case KRB5_PADATA_PAC_REQUEST: return "PA-PAC-REQUEST";
+    case KRB5_PADATA_FOR_USER: return "PA-FOR_USER";
+    case KRB5_PADATA_S4U_X509_USER: return "PA-FOR-X509-USER";
+    case KRB5_PADATA_AS_CHECKSUM: return "PA-AS-CHECKSUM";
+    case KRB5_PADATA_FX_COOKIE: return "PA-FX-COOKIE";
+    case KRB5_PADATA_FX_FAST: return "PA-FX-FAST";
+    case KRB5_PADATA_FX_ERROR: return "PA-FX-ERROR";
+    case KRB5_PADATA_ENCRYPTED_CHALLENGE: return "PA-ENCRYPTED-CHALLENGE";
+    case KRB5_PADATA_OTP_CHALLENGE: return "PA-OTP-CHALLENGE";
+    case KRB5_PADATA_OTP_REQUEST: return "PA-OTP-REQUEST";
+    case KRB5_PADATA_OTP_PIN_CHANGE: return "PA-OTP-PIN-CHANGE";
+    case KRB5_PADATA_PKINIT_KX: return "PA-PKINIT-KX";
+    case KRB5_ENCPADATA_REQ_ENC_PA_REP: return "PA-REQ-ENC-PA-REP";
+    case KRB5_PADATA_AS_FRESHNESS: return "PA_AS_FRESHNESS";
+    case KRB5_PADATA_SPAKE: return "PA-SPAKE";
+    case KRB5_PADATA_REDHAT_IDP_OAUTH2: return "PA-REDHAT-IDP-OAUTH2";
+    case KRB5_PADATA_REDHAT_PASSKEY: return "PA-REDHAT-PASSKEY";
+    default: return NULL;
+    }
+}
+
+static char *
+trace_format(krb5_context context, const char *fmt, va_list ap)
+{
+    struct k5buf buf;
+    krb5_error_code kerr;
+    size_t len, i;
+    int err;
+    struct remote_address *ra;
+    const krb5_data *d;
+    krb5_data data;
+    char addrbuf[NI_MAXHOST], portbuf[NI_MAXSERV], tmpbuf[200], *str;
+    const char *p;
+    krb5_const_principal princ;
+    const krb5_keyblock *keyblock;
+    krb5_key key;
+    const krb5_checksum *cksum;
+    krb5_pa_data **padata;
+    krb5_preauthtype pa_type;
+    const char *name;
+    krb5_ccache ccache;
+    krb5_keytab keytab;
+    krb5_creds *creds;
+    krb5_enctype *etypes, etype;
+
+    k5_buf_init_dynamic(&buf);
+    while (TRUE) {
+        /* Advance to the next word in braces. */
+        len = strcspn(fmt, "{");
+        k5_buf_add_len(&buf, fmt, len);
+        if (fmt[len] == '\0')
+            break;
+        fmt += len + 1;
+        len = strcspn(fmt, "}");
+        if (fmt[len] == '\0' || len > sizeof(tmpbuf) - 1)
+            break;
+        memcpy(tmpbuf, fmt, len);
+        tmpbuf[len] = '\0';
+        fmt += len + 1;
+
+        /* Process the format word. */
+        if (strcmp(tmpbuf, "int") == 0) {
+            k5_buf_add_fmt(&buf, "%d", va_arg(ap, int));
+        } else if (strcmp(tmpbuf, "long") == 0) {
+            k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));
+        } else if (strcmp(tmpbuf, "str") == 0) {
+            p = va_arg(ap, const char *);
+            buf_add_printable(&buf, (p == NULL) ? "(null)" : p);
+        } else if (strcmp(tmpbuf, "lenstr") == 0) {
+            len = va_arg(ap, size_t);
+            p = va_arg(ap, const char *);
+            if (p == NULL && len != 0)
+                k5_buf_add(&buf, "(null)");
+            else if (p != NULL)
+                buf_add_printable_len(&buf, p, len);
+        } else if (strcmp(tmpbuf, "hexlenstr") == 0) {
+            len = va_arg(ap, size_t);
+            p = va_arg(ap, const char *);
+            if (p == NULL && len != 0)
+                k5_buf_add(&buf, "(null)");
+            else {
+                for (i = 0; i < len; i++)
+                    k5_buf_add_fmt(&buf, "%02X", (unsigned char)p[i]);
+            }
+        } else if (strcmp(tmpbuf, "hashlenstr") == 0) {
+            len = va_arg(ap, size_t);
+            p = va_arg(ap, const char *);
+            if (p == NULL && len != 0)
+                k5_buf_add(&buf, "(null)");
+            else {
+                str = hash_bytes(context, p, len);
+                if (str != NULL)
+                    k5_buf_add(&buf, str);
+                free(str);
+            }
+        } else if (strcmp(tmpbuf, "raddr") == 0) {
+            ra = va_arg(ap, struct remote_address *);
+            if (ra->transport == UDP)
+                k5_buf_add(&buf, "dgram");
+            else if (ra->transport == TCP)
+                k5_buf_add(&buf, "stream");
+            else if (ra->transport == HTTPS)
+                k5_buf_add(&buf, "https");
+            else
+                k5_buf_add_fmt(&buf, "transport%d", ra->transport);
+
+            if (getnameinfo((struct sockaddr *)&ra->saddr, ra->len,
+                            addrbuf, sizeof(addrbuf), portbuf, sizeof(portbuf),
+                            NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+                if (ra->family == AF_UNSPEC)
+                    k5_buf_add(&buf, " AF_UNSPEC");
+                else
+                    k5_buf_add_fmt(&buf, " af%d", ra->family);
+            } else
+                k5_buf_add_fmt(&buf, " %s:%s", addrbuf, portbuf);
+        } else if (strcmp(tmpbuf, "data") == 0) {
+            d = va_arg(ap, krb5_data *);
+            if (d == NULL || (d->length != 0 && d->data == NULL))
+                k5_buf_add(&buf, "(null)");
+            else
+                buf_add_printable_len(&buf, d->data, d->length);
+        } else if (strcmp(tmpbuf, "hexdata") == 0) {
+            d = va_arg(ap, krb5_data *);
+            if (d == NULL)
+                k5_buf_add(&buf, "(null)");
+            else
+                subfmt(context, &buf, "{hexlenstr}", d->length, d->data);
+        } else if (strcmp(tmpbuf, "errno") == 0) {
+            err = va_arg(ap, int);
+            k5_buf_add_fmt(&buf, "%d", err);
+            if (strerror_r(err, tmpbuf, sizeof(tmpbuf)) == 0)
+                k5_buf_add_fmt(&buf, "/%s", tmpbuf);
+        } else if (strcmp(tmpbuf, "kerr") == 0) {
+            kerr = va_arg(ap, krb5_error_code);
+            p = krb5_get_error_message(context, kerr);
+            k5_buf_add_fmt(&buf, "%ld/%s", (long)kerr, kerr ? p : "Success");
+            krb5_free_error_message(context, p);
+        } else if (strcmp(tmpbuf, "keyblock") == 0) {
+            keyblock = va_arg(ap, const krb5_keyblock *);
+            if (keyblock == NULL)
+                k5_buf_add(&buf, "(null)");
+            else {
+                subfmt(context, &buf, "{etype}/{hashlenstr}",
+                       keyblock->enctype, keyblock->length,
+                       keyblock->contents);
+            }
+        } else if (strcmp(tmpbuf, "key") == 0) {
+            key = va_arg(ap, krb5_key);
+            if (key == NULL)
+                k5_buf_add(&buf, "(null)");
+            else
+                subfmt(context, &buf, "{keyblock}", &key->keyblock);
+        } else if (strcmp(tmpbuf, "cksum") == 0) {
+            cksum = va_arg(ap, const krb5_checksum *);
+            data = make_data(cksum->contents, cksum->length);
+            subfmt(context, &buf, "{int}/{hexdata}",
+                   (int) cksum->checksum_type, &data);
+        } else if (strcmp(tmpbuf, "princ") == 0) {
+            princ = va_arg(ap, krb5_principal);
+            if (krb5_unparse_name(context, princ, &str) == 0) {
+                k5_buf_add(&buf, str);
+                krb5_free_unparsed_name(context, str);
+            }
+        } else if (strcmp(tmpbuf, "ptype") == 0) {
+            p = principal_type_string(va_arg(ap, krb5_int32));
+            k5_buf_add(&buf, p);
+        } else if (strcmp(tmpbuf, "patypes") == 0) {
+            padata = va_arg(ap, krb5_pa_data **);
+            if (padata == NULL || *padata == NULL)
+                k5_buf_add(&buf, "(empty)");
+            for (; padata != NULL && *padata != NULL; padata++) {
+                pa_type = (*padata)->pa_type;
+                name = padata_type_string(pa_type);
+                if (name != NULL)
+                    k5_buf_add_fmt(&buf, "%s (%d)", name, (int)pa_type);
+                else
+                    k5_buf_add_fmt(&buf, "%d", (int)pa_type);
+
+                if (*(padata + 1) != NULL)
+                    k5_buf_add(&buf, ", ");
+            }
+        } else if (strcmp(tmpbuf, "patype") == 0) {
+            pa_type = va_arg(ap, krb5_preauthtype);
+            name = padata_type_string(pa_type);
+            if (name != NULL)
+                k5_buf_add_fmt(&buf, "%s (%d)", name, (int)pa_type);
+            else
+                k5_buf_add_fmt(&buf, "%d", (int)pa_type);
+        } else if (strcmp(tmpbuf, "etype") == 0) {
+            etype = va_arg(ap, krb5_enctype);
+            if (krb5_enctype_to_name(etype, TRUE, tmpbuf, sizeof(tmpbuf)) == 0)
+                k5_buf_add(&buf, tmpbuf);
+            else
+                k5_buf_add_fmt(&buf, "%d", (int)etype);
+        } else if (strcmp(tmpbuf, "etypes") == 0) {
+            etypes = va_arg(ap, krb5_enctype *);
+            if (etypes == NULL || *etypes == 0)
+                k5_buf_add(&buf, "(empty)");
+            for (; etypes != NULL && *etypes != 0; etypes++) {
+                subfmt(context, &buf, "{etype}", *etypes);
+                if (*(etypes + 1) != 0)
+                    k5_buf_add(&buf, ", ");
+            }
+        } else if (strcmp(tmpbuf, "ccache") == 0) {
+            ccache = va_arg(ap, krb5_ccache);
+            k5_buf_add(&buf, krb5_cc_get_type(context, ccache));
+            k5_buf_add(&buf, ":");
+            k5_buf_add(&buf, krb5_cc_get_name(context, ccache));
+        } else if (strcmp(tmpbuf, "keytab") == 0) {
+            keytab = va_arg(ap, krb5_keytab);
+            if (krb5_kt_get_name(context, keytab, tmpbuf, sizeof(tmpbuf)) == 0)
+                k5_buf_add(&buf, tmpbuf);
+        } else if (strcmp(tmpbuf, "creds") == 0) {
+            creds = va_arg(ap, krb5_creds *);
+            subfmt(context, &buf, "{princ} -> {princ}",
+                   creds->client, creds->server);
+        }
+    }
+    return k5_buf_cstring(&buf);
+}
+
+/* Allows trace_format formatters to be represented in terms of other
+ * formatters. */
+static void
+subfmt(krb5_context context, struct k5buf *buf, const char *fmt, ...)
+{
+    va_list ap;
+    char *str;
+
+    va_start(ap, fmt);
+    str = trace_format(context, fmt, ap);
+    if (str != NULL)
+        k5_buf_add(buf, str);
+    free(str);
+    va_end(ap);
+}
+
+void
+k5_init_trace(krb5_context context)
+{
+    const char *filename;
+
+    filename = secure_getenv("KRB5_TRACE");
+    if (filename)
+        (void) krb5_set_trace_filename(context, filename);
+}
+
+void
+krb5int_trace(krb5_context context, const char *fmt, ...)
+{
+    va_list ap;
+    krb5_trace_info info;
+    char *str = NULL, *msg = NULL;
+    krb5_timestamp sec;
+    krb5_int32 usec;
+
+    if (context == NULL || context->trace_callback == NULL)
+        return;
+    va_start(ap, fmt);
+    str = trace_format(context, fmt, ap);
+    if (str == NULL)
+        goto cleanup;
+    if (krb5_crypto_us_timeofday(&sec, &usec) != 0)
+        goto cleanup;
+    if (asprintf(&msg, "[%d] %u.%06d: %s\n", (int)getpid(),
+                 (unsigned int)sec, (int)usec, str) < 0)
+        goto cleanup;
+    info.message = msg;
+    context->trace_callback(context, &info, context->trace_callback_data);
+cleanup:
+    free(str);
+    free(msg);
+    va_end(ap);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_trace_callback(krb5_context context, krb5_trace_callback fn,
+                        void *cb_data)
+{
+    /* Allow the old callback to destroy its data if necessary. */
+    if (context->trace_callback != NULL)
+        context->trace_callback(context, NULL, context->trace_callback_data);
+    context->trace_callback = fn;
+    context->trace_callback_data = cb_data;
+    return 0;
+}
+
+static void KRB5_CALLCONV
+file_trace_cb(krb5_context context, const krb5_trace_info *info, void *data)
+{
+    int *fd = data;
+
+    if (info == NULL) {
+        /* Null info means destroy the callback data. */
+        close(*fd);
+        free(fd);
+        return;
+    }
+
+    (void) write(*fd, info->message, strlen(info->message));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_trace_filename(krb5_context context, const char *filename)
+{
+    int *fd;
+
+    /* Create callback data containing a file descriptor. */
+    fd = malloc(sizeof(*fd));
+    if (fd == NULL)
+        return ENOMEM;
+    *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
+    if (*fd == -1) {
+        free(fd);
+        return errno;
+    }
+
+    return krb5_set_trace_callback(context, file_trace_cb, fd);
+}
+
+#else /* DISABLE_TRACING */
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_trace_callback(krb5_context context, krb5_trace_callback fn,
+                        void *cb_data)
+{
+    if (fn == NULL)
+        return 0;
+    return KRB5_TRACE_NOSUPP;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_set_trace_filename(krb5_context context, const char *filename)
+{
+    return KRB5_TRACE_NOSUPP;
+}
+
+#endif /* DISABLE_TRACING */
diff --git a/krb5-1.21.3/src/lib/krb5/os/unlck_file.c b/krb5-1.21.3/src/lib/krb5/os/unlck_file.c
new file mode 100644
index 00000000..7d69fc78
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/unlck_file.c
@@ -0,0 +1,34 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/unlck_file.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <stdio.h>
+
+krb5_error_code
+krb5_unlock_file(krb5_context context, int fd)
+{
+    return krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/ustime.c b/krb5-1.21.3/src/lib/krb5/os/ustime.c
new file mode 100644
index 00000000..a80fdf68
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/ustime.c
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/ustime.c */
+/*
+ * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5_crypto_us_timeofday() does all of the real work; however, we
+ * handle the time offset adjustment here, since this is context
+ * specific, and the crypto version of this call doesn't have access
+ * to the context variable.  Fortunately the only user of
+ * krb5_crypto_us_timeofday in the crypto library doesn't require that
+ * this time adjustment be done.
+ */
+
+#include "k5-int.h"
+#include "os-proto.h"
+
+krb5_error_code
+k5_time_with_offset(krb5_timestamp offset, krb5_int32 offset_usec,
+                    krb5_timestamp *time_out, krb5_int32 *usec_out)
+{
+    krb5_timestamp sec;
+    krb5_int32 usec;
+    krb5_error_code retval;
+
+    retval = krb5_crypto_us_timeofday(&sec, &usec);
+    if (retval)
+        return retval;
+    usec += offset_usec;
+    if (usec > 1000000) {
+        usec -= 1000000;
+        sec = ts_incr(sec, 1);
+    }
+    if (usec < 0) {
+        usec += 1000000;
+        sec = ts_incr(sec, -1);
+    }
+    sec = ts_incr(sec, offset);
+
+    *time_out = sec;
+    *usec_out = usec;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_us_timeofday(krb5_context context, krb5_timestamp *seconds,
+                  krb5_int32 *microseconds)
+{
+    krb5_os_context os_ctx = &context->os_context;
+
+    if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) {
+        *seconds = os_ctx->time_offset;
+        *microseconds = os_ctx->usec_offset;
+        return 0;
+    } else if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+        return k5_time_with_offset(os_ctx->time_offset, os_ctx->usec_offset,
+                                   seconds, microseconds);
+    } else {
+        return krb5_crypto_us_timeofday(seconds, microseconds);
+    }
+}
diff --git a/krb5-1.21.3/src/lib/krb5/os/write_msg.c b/krb5-1.21.3/src/lib/krb5/os/write_msg.c
new file mode 100644
index 00000000..a9d6050b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/os/write_msg.c
@@ -0,0 +1,76 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/os/write_msg.c - convenience sendauh/recvauth functions */
+/*
+ * Copyright 1991, 2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <errno.h>
+#include "os-proto.h"
+
+/*
+ * Try to write a series of messages with as few write(v) system calls
+ * as possible, to avoid Nagle/DelayedAck problems.  Cheating here a
+ * little -- I know the only cases we have at the moment will send one
+ * or two messages in a call.  Sending more will work, but not as
+ * efficiently.
+ */
+krb5_error_code
+k5_write_messages(krb5_context context, krb5_pointer fdp, krb5_data *outbuf,
+                  int nbufs)
+{
+    int fd = *( (int *) fdp);
+
+    while (nbufs) {
+        int nbufs1;
+        sg_buf sg[4];
+        krb5_int32 len[2];
+
+        if (nbufs > 1)
+            nbufs1 = 2;
+        else
+            nbufs1 = 1;
+        len[0] = htonl(outbuf[0].length);
+        SG_SET(&sg[0], &len[0], 4);
+        SG_SET(&sg[1], outbuf[0].length ? outbuf[0].data : NULL,
+               outbuf[0].length);
+        if (nbufs1 == 2) {
+            len[1] = htonl(outbuf[1].length);
+            SG_SET(&sg[2], &len[1], 4);
+            SG_SET(&sg[3], outbuf[1].length ? outbuf[1].data : NULL,
+                   outbuf[1].length);
+        }
+        if (krb5int_net_writev(context, fd, sg, nbufs1 * 2) < 0) {
+            return errno;
+        }
+        outbuf += nbufs1;
+        nbufs -= nbufs1;
+    }
+    return(0);
+}
+
+krb5_error_code
+krb5_write_message(krb5_context context, krb5_pointer fdp, krb5_data *outbuf)
+{
+    return k5_write_messages(context, fdp, outbuf, 1);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/posix/Makefile.in b/krb5-1.21.3/src/lib/krb5/posix/Makefile.in
new file mode 100644
index 00000000..dc24c420
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/posix/Makefile.in
@@ -0,0 +1,15 @@
+mydir=posix
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=posix
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+STLIBOBJS= # empty... @LIBOBJS@
+OBJS = # empty... @LIBOBJS@
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+##WIN32##LIBOBJS = $(OUTPRE)syslog.obj
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/krb5/posix/syslog.c b/krb5-1.21.3/src/lib/krb5/posix/syslog.c
new file mode 100644
index 00000000..418e811d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/posix/syslog.c
@@ -0,0 +1,11 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#if defined(_WIN32)
+/* Windows doesn't have the concept of a system log, so just
+** do nothing here.
+*/
+void
+syslog(int pri, const char *fmt, ...)
+{
+    return;
+}
+#endif
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/Makefile.in b/krb5-1.21.3/src/lib/krb5/rcache/Makefile.in
new file mode 100644
index 00000000..88749138
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/Makefile.in
@@ -0,0 +1,52 @@
+mydir=lib$(S)krb5$(S)rcache
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=rcache
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+STLIBOBJS = \
+	memrcache.o	\
+	rc_base.o	\
+	rc_dfl.o 	\
+	rc_file2.o	\
+	rc_none.o
+
+OBJS=	\
+	$(OUTPRE)memrcache.$(OBJEXT)	\
+	$(OUTPRE)rc_base.$(OBJEXT)	\
+	$(OUTPRE)rc_dfl.$(OBJEXT) 	\
+	$(OUTPRE)rc_file2.$(OBJEXT) 	\
+	$(OUTPRE)rc_none.$(OBJEXT)
+
+SRCS=	\
+	$(srcdir)/memrcache.c	\
+	$(srcdir)/rc_base.c	\
+	$(srcdir)/rc_dfl.c 	\
+	$(srcdir)/rc_file2.c 	\
+	$(srcdir)/rc_none.c	\
+	$(srcdir)/t_memrcache.c	\
+	$(srcdir)/t_rcfile2.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+t_memrcache: t_memrcache.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_memrcache.o $(KRB5_BASE_LIBS)
+
+t_rcfile2: t_rcfile2.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_rcfile2.o $(KRB5_BASE_LIBS)
+
+check-unix: t_memrcache t_rcfile2
+	$(RUN_TEST) ./t_memrcache
+	$(RUN_TEST) ./t_rcfile2 testrcache expiry 10000
+	$(RUN_TEST) ./t_rcfile2 testrcache concurrent 10 1000
+	$(RUN_TEST) ./t_rcfile2 testrcache race 10 100
+
+clean-unix::
+	$(RM) t_memrcache.o t_memrcache t_rcfile2.o t_rcfile2 testrcache
+
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/RELEASE b/krb5-1.21.3/src/lib/krb5/rcache/RELEASE
new file mode 100644
index 00000000..21a46247
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/RELEASE
@@ -0,0 +1,17 @@
+Text of Mr. Bernstein's release:
+
+"I" henceforth refers to Daniel J. Bernstein.
+
+"rcshar" henceforth refers to the attached document, as sent from Daniel
+J. Bernstein to Project Athena on 11 March 1990
+
+I am the author of and sole copyright holder upon rcshar.
+
+I hereby waive copyright upon rcshar.  rcshar is hereby public domain.
+
+I hereby also waive copyright upon any works that are (1) derived from
+rcshar and (2) prepared between 11 March 1990 and 1 January 1991.
+
+Daniel J. Bernstein
+
+<signature>, dated 7 July 1990
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/deps b/krb5-1.21.3/src/lib/krb5/rcache/deps
new file mode 100644
index 00000000..b7646109
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/deps
@@ -0,0 +1,81 @@
+#
+# Generated makefile dependencies follow.
+#
+memrcache.so memrcache.po $(OUTPRE)memrcache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  memrcache.c memrcache.h
+rc_base.so rc_base.po $(OUTPRE)rc_base.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_base.c
+rc_dfl.so rc_dfl.po $(OUTPRE)rc_dfl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_dfl.c
+rc_file2.so rc_file2.po $(OUTPRE)rc_file2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_file2.c
+rc_none.so rc_none.po $(OUTPRE)rc_none.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_none.c
+t_memrcache.so t_memrcache.po $(OUTPRE)t_memrcache.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  memrcache.c memrcache.h t_memrcache.c
+t_rcfile2.so t_rcfile2.po $(OUTPRE)t_rcfile2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hashtab.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_file2.c \
+  t_rcfile2.c
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/memrcache.c b/krb5-1.21.3/src/lib/krb5/rcache/memrcache.c
new file mode 100644
index 00000000..90f855af
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/memrcache.c
@@ -0,0 +1,165 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/memrcache.c - in-memory replay cache implementation */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-queue.h"
+#include "k5-hashtab.h"
+#include "memrcache.h"
+
+struct entry {
+    K5_TAILQ_ENTRY(entry) links;
+    krb5_timestamp timestamp;
+    krb5_data tag;
+};
+
+K5_LIST_HEAD(entry_list, entry);
+K5_TAILQ_HEAD(entry_queue, entry);
+
+struct k5_memrcache_st {
+    struct k5_hashtab *hash_table;
+    struct entry_queue expiration_queue;
+};
+
+static krb5_error_code
+insert_entry(krb5_context context, k5_memrcache mrc, const krb5_data *tag,
+             krb5_timestamp now)
+{
+    krb5_error_code ret;
+    struct entry *entry = NULL;
+
+    entry = calloc(1, sizeof(*entry));
+    if (entry == NULL)
+        return ENOMEM;
+    entry->timestamp = now;
+
+    ret = krb5int_copy_data_contents(context, tag, &entry->tag);
+    if (ret)
+        goto error;
+
+    ret = k5_hashtab_add(mrc->hash_table, entry->tag.data, entry->tag.length,
+                         entry);
+    if (ret)
+        goto error;
+    K5_TAILQ_INSERT_TAIL(&mrc->expiration_queue, entry, links);
+
+    return 0;
+
+error:
+    if (entry != NULL) {
+        krb5_free_data_contents(context, &entry->tag);
+        free(entry);
+    }
+    return ret;
+}
+
+
+/* Remove entry from its hash bucket and the expiration queue, and free it. */
+static void
+discard_entry(krb5_context context, k5_memrcache mrc, struct entry *entry)
+{
+    k5_hashtab_remove(mrc->hash_table, entry->tag.data, entry->tag.length);
+    K5_TAILQ_REMOVE(&mrc->expiration_queue, entry, links);
+    krb5_free_data_contents(context, &entry->tag);
+    free(entry);
+}
+
+/* Initialize the lookaside cache structures and randomize the hash seed. */
+krb5_error_code
+k5_memrcache_create(krb5_context context, k5_memrcache *mrc_out)
+{
+    krb5_error_code ret;
+    k5_memrcache mrc;
+    uint8_t seed[K5_HASH_SEED_LEN];
+    krb5_data seed_data = make_data(seed, sizeof(seed));
+
+    *mrc_out = NULL;
+
+    ret = krb5_c_random_make_octets(context, &seed_data);
+    if (ret)
+        return ret;
+
+    mrc = calloc(1, sizeof(*mrc));
+    if (mrc == NULL)
+        return ENOMEM;
+    ret = k5_hashtab_create(seed, 64, &mrc->hash_table);
+    if (ret) {
+        free(mrc);
+        return ret;
+    }
+    K5_TAILQ_INIT(&mrc->expiration_queue);
+
+    *mrc_out = mrc;
+    return 0;
+}
+
+krb5_error_code
+k5_memrcache_store(krb5_context context, k5_memrcache mrc,
+                   const krb5_data *tag)
+{
+    krb5_error_code ret;
+    krb5_timestamp now;
+    struct entry *e, *next;
+
+    ret = krb5_timeofday(context, &now);
+    if (ret)
+        return ret;
+
+    /* Check if we already have a matching entry. */
+    e = k5_hashtab_get(mrc->hash_table, tag->data, tag->length);
+    if (e != NULL)
+        return KRB5KRB_AP_ERR_REPEAT;
+
+    /* Discard stale entries. */
+    K5_TAILQ_FOREACH_SAFE(e, &mrc->expiration_queue, links, next) {
+        if (!ts_after(now, ts_incr(e->timestamp, context->clockskew)))
+            break;
+        discard_entry(context, mrc, e);
+    }
+
+    /* Add the new entry. */
+    return insert_entry(context, mrc, tag, now);
+}
+
+/* Free all entries in the lookaside cache. */
+void
+k5_memrcache_free(krb5_context context, k5_memrcache mrc)
+{
+    struct entry *e, *next;
+
+    if (mrc == NULL)
+        return;
+    K5_TAILQ_FOREACH_SAFE(e, &mrc->expiration_queue, links, next) {
+        discard_entry(context, mrc, e);
+    }
+    k5_hashtab_free(mrc->hash_table);
+    free(mrc);
+}
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/memrcache.h b/krb5-1.21.3/src/lib/krb5/rcache/memrcache.h
new file mode 100644
index 00000000..02ef7300
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/memrcache.h
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/memrcache.h - declarations for in-memory replay cache */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef MEMRCACHE_H
+#define MEMRCACHE_H
+
+typedef struct k5_memrcache_st *k5_memrcache;
+
+krb5_error_code k5_memrcache_create(krb5_context context,
+                                    k5_memrcache *mrc_out);
+
+krb5_error_code k5_memrcache_store(krb5_context context, k5_memrcache mrc,
+                                   const krb5_data *tag);
+
+void k5_memrcache_free(krb5_context context, k5_memrcache mrc);
+
+#endif /* MEMRCACHE_H */
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/rc-int.h b/krb5-1.21.3/src/lib/krb5/rcache/rc-int.h
new file mode 100644
index 00000000..3cc43c79
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/rc-int.h
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/rc-int.h */
+/*
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* This file contains constant and function declarations used in the
+ * file-based replay cache routines. */
+
+#ifndef RC_INT_H
+#define RC_INT_H
+
+typedef struct {
+    const char *type;
+    krb5_error_code (*resolve)(krb5_context context, const char *residual,
+                               void **rcdata_out);
+    void (*close)(krb5_context context, void *rcdata);
+    krb5_error_code (*store)(krb5_context, void *rcdata, const krb5_data *tag);
+} krb5_rc_ops;
+
+struct krb5_rc_st {
+    krb5_magic magic;
+    const krb5_rc_ops *ops;
+    char *name;
+    void *data;
+};
+
+extern const krb5_rc_ops k5_rc_dfl_ops;
+extern const krb5_rc_ops k5_rc_file2_ops;
+extern const krb5_rc_ops k5_rc_none_ops;
+
+/* Check and store a replay record in an open (but not locked) file descriptor,
+ * using the file2 format.  fd is assumed to be at offset 0. */
+krb5_error_code k5_rcfile2_store(krb5_context context, int fd,
+                                 const krb5_data *tag_data);
+
+#endif /* RC_INT_H */
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/rc_base.c b/krb5-1.21.3/src/lib/krb5/rcache/rc_base.c
new file mode 100644
index 00000000..f9a48231
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/rc_base.c
@@ -0,0 +1,200 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/rc_base.c */
+/*
+ * This file of the Kerberos V5 software is derived from public-domain code
+ * contributed by Daniel J. Bernstein, <brnstnd@acf10.nyu.edu>.
+ *
+ */
+
+/*
+ * Base "glue" functions for the replay cache.
+ */
+
+#include "k5-int.h"
+#include "rc-int.h"
+#include "k5-thread.h"
+#include "../os/os-proto.h"
+
+struct typelist {
+    const krb5_rc_ops *ops;
+    struct typelist *next;
+};
+static struct typelist none = { &k5_rc_none_ops, 0 };
+static struct typelist file2 = { &k5_rc_file2_ops, &none };
+static struct typelist dfl = { &k5_rc_dfl_ops, &file2 };
+static struct typelist *typehead = &dfl;
+
+krb5_error_code
+k5_rc_default(krb5_context context, krb5_rcache *rc_out)
+{
+    krb5_error_code ret;
+    const char *val;
+    char *profstr, *rcname;
+
+    *rc_out = NULL;
+
+    /* If KRB5RCACHENAME is set in the environment, resolve it. */
+    val = secure_getenv("KRB5RCACHENAME");
+    if (val != NULL)
+        return k5_rc_resolve(context, val, rc_out);
+
+    /* If KRB5RCACHETYPE is set in the environment, resolve it with an empty
+     * residual (primarily to support KRB5RCACHETYPE=none). */
+    val = secure_getenv("KRB5RCACHETYPE");
+    if (val != NULL) {
+        if (asprintf(&rcname, "%s:", val) < 0)
+            return ENOMEM;
+        ret = k5_rc_resolve(context, rcname, rc_out);
+        free(rcname);
+        return ret;
+    }
+
+    /* If [libdefaults] default_rcache_name is set, expand path tokens in the
+     * value and resolve it. */
+    if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                           KRB5_CONF_DEFAULT_RCACHE_NAME, NULL, NULL,
+                           &profstr) == 0 && profstr != NULL) {
+        ret = k5_expand_path_tokens(context, profstr, &rcname);
+        profile_release_string(profstr);
+        if (ret)
+            return ret;
+        ret = k5_rc_resolve(context, rcname, rc_out);
+        free(rcname);
+        return ret;
+    }
+
+    /* Resolve the default type with no residual. */
+    return k5_rc_resolve(context, "dfl:", rc_out);
+}
+
+
+krb5_error_code
+k5_rc_resolve(krb5_context context, const char *name, krb5_rcache *rc_out)
+{
+    krb5_error_code ret;
+    struct typelist *t;
+    const char *sep;
+    size_t len;
+    krb5_rcache rc = NULL;
+
+    *rc_out = NULL;
+
+    sep = strchr(name, ':');
+    if (sep == NULL)
+        return KRB5_RC_PARSE;
+    len = sep - name;
+
+    for (t = typehead; t != NULL; t = t->next) {
+        if (strncmp(t->ops->type, name, len) == 0 && t->ops->type[len] == '\0')
+            break;
+    }
+    if (t == NULL)
+        return KRB5_RC_TYPE_NOTFOUND;
+
+    rc = k5alloc(sizeof(*rc), &ret);
+    if (rc == NULL)
+        goto error;
+    rc->name = strdup(name);
+    if (rc->name == NULL) {
+        ret = ENOMEM;
+        goto error;
+    }
+    ret = t->ops->resolve(context, sep + 1, &rc->data);
+    if (ret)
+        goto error;
+    rc->ops = t->ops;
+    rc->magic = KV5M_RCACHE;
+
+    *rc_out = rc;
+    return 0;
+
+error:
+    if (rc != NULL) {
+        free(rc->name);
+        free(rc);
+    }
+    return ret;
+}
+
+void
+k5_rc_close(krb5_context context, krb5_rcache rc)
+{
+    rc->ops->close(context, rc->data);
+    free(rc->name);
+    free(rc);
+}
+
+krb5_error_code
+k5_rc_store(krb5_context context, krb5_rcache rc,
+            const krb5_enc_data *authenticator)
+{
+    krb5_error_code ret;
+    krb5_data tag;
+
+    ret = k5_rc_tag_from_ciphertext(context, authenticator, &tag);
+    if (ret)
+        return ret;
+    return rc->ops->store(context, rc->data, &tag);
+}
+
+const char *
+k5_rc_get_name(krb5_context context, krb5_rcache rc)
+{
+    return rc->name;
+}
+
+krb5_error_code
+k5_rc_tag_from_ciphertext(krb5_context context, const krb5_enc_data *enc,
+                          krb5_data *tag_out)
+{
+    krb5_error_code ret;
+    const krb5_data *cdata = &enc->ciphertext;
+    unsigned int len;
+
+    *tag_out = empty_data();
+
+    ret = krb5_c_crypto_length(context, enc->enctype,
+                               KRB5_CRYPTO_TYPE_CHECKSUM, &len);
+    if (ret)
+        return ret;
+    if (cdata->length < len)
+        return EINVAL;
+    *tag_out = make_data(cdata->data + cdata->length - len, len);
+    return 0;
+}
+
+/*
+ * Stub functions for former internal replay cache functions used by OpenSSL
+ * (despite the lack of prototypes) before the OpenSSL 1.1 release.
+ */
+
+krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *);
+krb5_error_code KRB5_CALLCONV krb5_rc_destroy(krb5_context, krb5_rcache);
+krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan(krb5_context, krb5_rcache,
+                                                   krb5_deltat *);
+krb5_error_code KRB5_CALLCONV krb5_rc_initialize(krb5_context, krb5_rcache,
+                                                 krb5_deltat);
+
+krb5_error_code
+krb5_rc_default(krb5_context context, krb5_rcache *rc)
+{
+    return EINVAL;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_destroy(krb5_context context, krb5_rcache rc)
+{
+    return EINVAL;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_get_lifespan(krb5_context context, krb5_rcache rc, krb5_deltat *span)
+{
+    return EINVAL;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_rc_initialize(krb5_context context, krb5_rcache rc, krb5_deltat span)
+{
+    return EINVAL;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/rc_dfl.c b/krb5-1.21.3/src/lib/krb5/rcache/rc_dfl.c
new file mode 100644
index 00000000..9c5182ad
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/rc_dfl.c
@@ -0,0 +1,164 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/rc_dfl.c - default replay cache type */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The dfl rcache type is a wrapper around the file2 rcache type, selecting a
+ * filename and (on Unix-like systems) applying open() safety appropriate for
+ * using a shared temporary directory.
+ */
+
+#include "k5-int.h"
+#include "rc-int.h"
+#ifdef _WIN32
+#include "../os/os-proto.h"
+#else
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
+#ifdef _WIN32
+
+static krb5_error_code
+open_file(krb5_context context, int *fd_out)
+{
+    krb5_error_code ret;
+    char *fname;
+    const char *dir;
+
+    *fd_out = -1;
+
+    dir = getenv("KRB5RCACHEDIR");
+    if (dir != NULL) {
+        if (asprintf(&fname, "%s\\krb5.rcache2") < 0)
+            return ENOMEM;
+    } else {
+        ret = k5_expand_path_tokens(context, "%{LOCAL_APPDATA}\\krb5.rcache2",
+                                    &fname);
+        if (ret)
+            return ret;
+    }
+
+    *fd_out = open(fname, O_CREAT | O_RDWR | O_BINARY, 0600);
+    ret = (*fd_out < 0) ? errno : 0;
+    if (ret) {
+        k5_setmsg(context, ret, "%s (filename: %s)",
+                  error_message(ret), fname);
+    }
+    free(fname);
+    return ret;
+}
+
+#else /* _WIN32 */
+
+static krb5_error_code
+open_file(krb5_context context, int *fd_out)
+{
+    krb5_error_code ret;
+    int fd = -1;
+    char *fname = NULL;
+    const char *dir;
+    struct stat statbuf;
+    uid_t euid = geteuid();
+
+    *fd_out = -1;
+
+    dir = secure_getenv("KRB5RCACHEDIR");
+    if (dir == NULL) {
+        dir = secure_getenv("TMPDIR");
+        if (dir == NULL)
+            dir = RCTMPDIR;
+    }
+    if (asprintf(&fname, "%s/krb5_%lu.rcache2", dir, (unsigned long)euid) < 0)
+        return ENOMEM;
+
+    fd = open(fname, O_CREAT | O_RDWR | O_NOFOLLOW, 0600);
+    if (fd < 0) {
+        ret = errno;
+        k5_setmsg(context, ret, "%s (filename: %s)",
+                  error_message(ret), fname);
+        goto cleanup;
+    }
+
+    if (fstat(fd, &statbuf) < 0 || statbuf.st_uid != euid) {
+        ret = EIO;
+        k5_setmsg(context, ret, "Replay cache file %s is not owned by uid %lu",
+                  fname, (unsigned long)euid);
+        goto cleanup;
+    }
+
+    *fd_out = fd;
+    fd = -1;
+    ret = 0;
+
+cleanup:
+    if (fd != -1)
+        close(fd);
+    free(fname);
+    return ret;
+}
+
+#endif /* not _WIN32 */
+
+static krb5_error_code
+dfl_resolve(krb5_context context, const char *residual, void **rcdata_out)
+{
+    *rcdata_out = NULL;
+    return 0;
+}
+
+static void
+dfl_close(krb5_context context, void *rcdata)
+{
+}
+
+static krb5_error_code
+dfl_store(krb5_context context, void *rcdata, const krb5_data *tag)
+{
+    krb5_error_code ret;
+    int fd;
+
+    ret = open_file(context, &fd);
+    if (ret)
+        return ret;
+
+    ret = k5_rcfile2_store(context, fd, tag);
+    close(fd);
+    return ret;
+}
+
+const krb5_rc_ops k5_rc_dfl_ops =
+{
+    "dfl",
+    dfl_resolve,
+    dfl_close,
+    dfl_store
+};
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/rc_file2.c b/krb5-1.21.3/src/lib/krb5/rcache/rc_file2.c
new file mode 100644
index 00000000..32407760
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/rc_file2.c
@@ -0,0 +1,266 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/rc_file2.c - file-based replay cache, version 2 */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-hashtab.h"
+#include "rc-int.h"
+#ifndef _WIN32
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
+#define MAX_SIZE INT32_MAX
+#define TAG_LEN 12
+#define RECORD_LEN (TAG_LEN + 4)
+#define FIRST_TABLE_RECORDS 1023
+
+/* Return the offset and number of records in the next table.  *offset should
+ * initially be -1. */
+static inline krb5_error_code
+next_table(off_t *offset, off_t *nrecords)
+{
+    if (*offset == -1) {
+        *offset = K5_HASH_SEED_LEN;
+        *nrecords = FIRST_TABLE_RECORDS;
+    } else if (*offset == K5_HASH_SEED_LEN) {
+        *offset += *nrecords * RECORD_LEN;
+        *nrecords = (FIRST_TABLE_RECORDS + 1) * 2;
+    } else {
+        *offset += *nrecords * RECORD_LEN;
+        *nrecords *= 2;
+    }
+
+    /* Make sure the next table fits within the maximum file size. */
+    if (*nrecords > MAX_SIZE / RECORD_LEN)
+        return EOVERFLOW;
+    if (*offset > MAX_SIZE - (*nrecords * RECORD_LEN))
+        return EOVERFLOW;
+
+    return 0;
+}
+
+/* Read up to two records from fd at offset, and parse them out into tags and
+ * timestamps.  Place the number of records read in *nread. */
+static krb5_error_code
+read_records(int fd, off_t offset, uint8_t tag1_out[TAG_LEN],
+             uint32_t *timestamp1_out, uint8_t tag2_out[TAG_LEN],
+             uint32_t *timestamp2_out, int *nread)
+{
+    uint8_t buf[RECORD_LEN * 2];
+    ssize_t st;
+
+    *nread = 0;
+
+    st = lseek(fd, offset, SEEK_SET);
+    if (st == -1)
+        return errno;
+    st = read(fd, buf, RECORD_LEN * 2);
+    if (st == -1)
+        return errno;
+
+    if (st >= RECORD_LEN) {
+        memcpy(tag1_out, buf, TAG_LEN);
+        *timestamp1_out = load_32_be(buf + TAG_LEN);
+        *nread = 1;
+    }
+    if (st == RECORD_LEN * 2) {
+        memcpy(tag2_out, buf + RECORD_LEN, TAG_LEN);
+        *timestamp2_out = load_32_be(buf + RECORD_LEN + TAG_LEN);
+        *nread = 2;
+    }
+    return 0;
+}
+
+/* Write one record to fd at offset, marshalling the tag and timestamp. */
+static krb5_error_code
+write_record(int fd, off_t offset, const uint8_t tag[TAG_LEN],
+             uint32_t timestamp)
+{
+    uint8_t record[RECORD_LEN];
+    ssize_t st;
+
+    memcpy(record, tag, TAG_LEN);
+    store_32_be(timestamp, record + TAG_LEN);
+
+    st = lseek(fd, offset, SEEK_SET);
+    if (st == -1)
+        return errno;
+    st = write(fd, record, RECORD_LEN);
+    if (st == -1)
+        return errno;
+    if (st != RECORD_LEN) /* Unexpected for a regular file */
+        return EIO;
+
+    return 0;
+}
+
+/* Return true if timestamp is expired, for the current timestamp (now) and
+ * allowable clock skew. */
+static inline krb5_boolean
+expired(uint32_t timestamp, uint32_t now, uint32_t skew)
+{
+    return ts_after(now, ts_incr(timestamp, skew));
+}
+
+/* Check and store a record into an open and locked file.  fd is assumed to be
+ * at offset 0. */
+static krb5_error_code
+store(krb5_context context, int fd, const uint8_t tag[TAG_LEN], uint32_t now,
+      uint32_t skew)
+{
+    krb5_error_code ret;
+    krb5_data d;
+    off_t table_offset = -1, nrecords = 0, avail_offset = -1, record_offset;
+    ssize_t st;
+    int ind, nread;
+    uint8_t seed[K5_HASH_SEED_LEN], r1tag[TAG_LEN], r2tag[TAG_LEN];
+    uint32_t r1stamp, r2stamp;
+
+    /* Read or generate the hash seed. */
+    st = read(fd, seed, sizeof(seed));
+    if (st < 0)
+        return errno;
+    if ((size_t)st < sizeof(seed)) {
+        d = make_data(seed, sizeof(seed));
+        ret = krb5_c_random_make_octets(context, &d);
+        if (ret)
+            return ret;
+        st = write(fd, seed, sizeof(seed));
+        if (st < 0)
+            return errno;
+        if ((size_t)st != sizeof(seed))
+            return EIO;
+    }
+
+    for (;;) {
+        ret = next_table(&table_offset, &nrecords);
+        if (ret)
+            return ret;
+
+        ind = k5_siphash24(tag, TAG_LEN, seed) % nrecords;
+        record_offset = table_offset + ind * RECORD_LEN;
+
+        ret = read_records(fd, record_offset, r1tag, &r1stamp, r2tag, &r2stamp,
+                           &nread);
+        if (ret)
+            return ret;
+
+        if ((nread >= 1 && r1stamp && memcmp(r1tag, tag, TAG_LEN) == 0) ||
+            (nread == 2 && r2stamp && memcmp(r2tag, tag, TAG_LEN) == 0))
+            return KRB5KRB_AP_ERR_REPEAT;
+
+        /* Make note of the first record available for writing (empty, beyond
+         * the end of the file, or expired). */
+        if (avail_offset == -1) {
+            if (nread == 0 || !r1stamp || expired(r1stamp, now, skew))
+                avail_offset = record_offset;
+            else if (nread == 1 || !r2stamp || expired(r2stamp, now, skew))
+                avail_offset = record_offset + RECORD_LEN;
+        }
+
+        /* Stop searching if we encountered an empty record or one beyond the
+         * end of the file, as tag would have been written there previously. */
+        if (nread < 2 || !r1stamp || !r2stamp)
+            return write_record(fd, avail_offset, tag, now);
+
+        /* Use a different hash seed for the next table we search. */
+        seed[0]++;
+    }
+}
+
+krb5_error_code
+k5_rcfile2_store(krb5_context context, int fd, const krb5_data *tag_data)
+{
+    krb5_error_code ret;
+    krb5_timestamp now;
+    uint8_t tagbuf[TAG_LEN], *tag;
+
+    ret = krb5_timeofday(context, &now);
+    if (ret)
+        return ret;
+
+    /* Extract a tag from the authenticator checksum. */
+    if (tag_data->length >= TAG_LEN) {
+        tag = (uint8_t *)tag_data->data;
+    } else {
+        memcpy(tagbuf, tag_data->data, tag_data->length);
+        memset(tagbuf + tag_data->length, 0, TAG_LEN - tag_data->length);
+        tag = tagbuf;
+    }
+
+    ret = krb5_lock_file(context, fd, KRB5_LOCKMODE_EXCLUSIVE);
+    if (ret)
+        return ret;
+    ret = store(context, fd, tag, now, context->clockskew);
+    (void)krb5_unlock_file(NULL, fd);
+    return ret;
+}
+
+static krb5_error_code
+file2_resolve(krb5_context context, const char *residual, void **rcdata_out)
+{
+    *rcdata_out = strdup(residual);
+    return (*rcdata_out == NULL) ? ENOMEM : 0;
+}
+
+static void
+file2_close(krb5_context context, void *rcdata)
+{
+    free(rcdata);
+}
+
+static krb5_error_code
+file2_store(krb5_context context, void *rcdata, const krb5_data *tag)
+{
+    krb5_error_code ret;
+    const char *filename = rcdata;
+    int fd;
+
+    fd = open(filename, O_CREAT | O_RDWR | O_BINARY, 0600);
+    if (fd < 0) {
+        ret = errno;
+        k5_setmsg(context, ret, "%s (filename: %s)", error_message(ret),
+                  filename);
+        return ret;
+    }
+    ret = k5_rcfile2_store(context, fd, tag);
+    close(fd);
+    return ret;
+}
+
+const krb5_rc_ops k5_rc_file2_ops =
+{
+    "file2",
+    file2_resolve,
+    file2_close,
+    file2_store
+};
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/rc_none.c b/krb5-1.21.3/src/lib/krb5/rcache/rc_none.c
new file mode 100644
index 00000000..07820178
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/rc_none.c
@@ -0,0 +1,58 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/rc_none.c */
+/*
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * replay cache no-op implementation
+ */
+
+#include "k5-int.h"
+#include "rc-int.h"
+
+static krb5_error_code
+none_resolve(krb5_context ctx, const char *residual, void **rcdata_out)
+{
+    *rcdata_out = NULL;
+    return 0;
+}
+
+static void
+none_close(krb5_context ctx, void *rcdata)
+{
+}
+
+static krb5_error_code
+none_store(krb5_context ctx, void *rcdata, const krb5_data *tag)
+{
+    return 0;
+}
+
+const krb5_rc_ops k5_rc_none_ops = {
+    "none",
+    none_resolve,
+    none_close,
+    none_store
+};
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/t_memrcache.c b/krb5-1.21.3/src/lib/krb5/rcache/t_memrcache.c
new file mode 100644
index 00000000..6f212b0e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/t_memrcache.c
@@ -0,0 +1,82 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/t_memrcache.c - memory replay cache tests */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "memrcache.c"
+
+int
+main()
+{
+    krb5_error_code ret;
+    krb5_context context;
+    k5_memrcache mrc;
+    int i;
+    uint8_t tag[4];
+    krb5_data tag_data = make_data(tag, 4);
+    struct entry *e;
+
+    ret = krb5_init_context(&context);
+    assert(ret == 0);
+
+    /* Store a thousand unique tags, then verify that they all appear as
+     * replays. */
+    ret = k5_memrcache_create(context, &mrc);
+    assert(ret == 0);
+    for (i = 0; i < 1000; i++) {
+        store_32_be(i, tag);
+        ret = k5_memrcache_store(context, mrc, &tag_data);
+        assert(ret == 0);
+    }
+    for (i = 0; i < 1000; i++) {
+        store_32_be(i, tag);
+        ret = k5_memrcache_store(context, mrc, &tag_data);
+        assert(ret == KRB5KRB_AP_ERR_REPEAT);
+    }
+    k5_memrcache_free(context, mrc);
+
+    /* Store a thousand unique tags, each spaced out so that previous entries
+     * appear as expired.  Verify that the expiration queue has one entry. */
+    ret = k5_memrcache_create(context, &mrc);
+    assert(ret == 0);
+    context->clockskew = 100;
+    for (i = 1; i < 1000; i++) {
+        krb5_set_debugging_time(context, i * 200, 0);
+        store_32_be(i, tag);
+        ret = k5_memrcache_store(context, mrc, &tag_data);
+        assert(ret == 0);
+    }
+    e = K5_TAILQ_FIRST(&mrc->expiration_queue);
+    assert(e != NULL && K5_TAILQ_NEXT(e, links) == NULL);
+    k5_memrcache_free(context, mrc);
+
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/rcache/t_rcfile2.c b/krb5-1.21.3/src/lib/krb5/rcache/t_rcfile2.c
new file mode 100644
index 00000000..7b8bb554
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/rcache/t_rcfile2.c
@@ -0,0 +1,209 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/krb5/rcache/t_rcfile2.c - rcache file version 2 tests */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage:
+ *
+ *   t_rcfile2 <filename> expiry <nreps>
+ *     store <nreps> records spaced far enough apart that all records appear
+ *     expired; verify that the file size doesn't increase beyond one table.
+ *
+ *   t_rcfile2 <filename> concurrent <nprocesses> <nreps>
+ *     spawn <nprocesses> subprocesses, each of which stores <nreps> unique
+ *     tags.  As each process completes, the master process tests that the
+ *     records stored by the subprocess appears as replays.
+ *
+ *   t_rcfile2 <filename> race <nprocesses> <nreps>
+ *     spawn <nprocesses> subprocesses, each of which tries to store the same
+ *     tag and reports success or failure.  The master process verifies that
+ *     exactly one subprocess succeeds.  Repeat <reps> times.
+ */
+
+#include "rc_file2.c"
+#include <sys/wait.h>
+#include <sys/time.h>
+
+krb5_context ctx;
+
+static krb5_error_code
+test_store(const char *filename, uint8_t *tag, krb5_timestamp timestamp,
+           const uint32_t clockskew)
+{
+    krb5_data tag_data = make_data(tag, TAG_LEN);
+
+    ctx->clockskew = clockskew;
+    (void)krb5_set_debugging_time(ctx, timestamp, 0);
+    return file2_store(ctx, (void *)filename, &tag_data);
+}
+
+/* Store a sequence of unique tags, with timestamps far enough apart that all
+ * previous records appear expired.  Verify that we only use one table. */
+static void
+expiry_test(const char *filename, int reps)
+{
+    krb5_error_code ret;
+    struct stat statbuf;
+    uint8_t tag[TAG_LEN] = { 0 }, seed[K5_HASH_SEED_LEN] = { 0 }, data[4];
+    uint32_t timestamp;
+    const uint32_t clockskew = 5, start = 1000;
+    uint64_t hashval;
+    int i, st;
+
+    assert((uint32_t)reps < (UINT32_MAX - start) / clockskew / 2);
+    for (i = 0, timestamp = start; i < reps; i++, timestamp += clockskew * 2) {
+        store_32_be(i, data);
+        hashval = k5_siphash24(data, 4, seed);
+        store_64_be(hashval, tag);
+
+        ret = test_store(filename, tag, timestamp, clockskew);
+        assert(ret == 0);
+
+        /* Since we increment timestamp enough to expire every record between
+         * each call, we should never create a second hash table. */
+        st = stat(filename, &statbuf);
+        assert(st == 0);
+        assert(statbuf.st_size <= (FIRST_TABLE_RECORDS + 1) * RECORD_LEN);
+    }
+}
+
+/* Store a sequence of unique tags with the same timestamp.  Exit with failure
+ * if any store operation doesn't succeed or fail as given by expect_fail. */
+static void
+store_records(const char *filename, int id, int reps, int expect_fail)
+{
+    krb5_error_code ret;
+    uint8_t tag[TAG_LEN] = { 0 };
+    int i;
+
+    store_32_be(id, tag);
+    for (i = 0; i < reps; i++) {
+        store_32_be(i, tag + 4);
+        ret = test_store(filename, tag, 1000, 100);
+        if (ret != (expect_fail ? KRB5KRB_AP_ERR_REPEAT : 0)) {
+            fprintf(stderr, "store %d %d %sfail\n", id, i,
+                    expect_fail ? "didn't " : "");
+            _exit(1);
+        }
+    }
+}
+
+/* Spawn multiple child processes, each storing a sequence of unique tags.
+ * After each process completes, verify that its tags appear as replays. */
+static void
+concurrency_test(const char *filename, int nchildren, int reps)
+{
+    pid_t *pids, pid;
+    int i, nprocs, status;
+
+    pids = calloc(nchildren, sizeof(*pids));
+    assert(pids != NULL);
+    for (i = 0; i < nchildren; i++) {
+        pids[i] = fork();
+        assert(pids[i] != -1);
+        if (pids[i] == 0) {
+            store_records(filename, i, reps, 0);
+            _exit(0);
+        }
+    }
+    for (nprocs = nchildren; nprocs > 0; nprocs--) {
+        pid = wait(&status);
+        assert(pid != -1 && WIFEXITED(status) && WEXITSTATUS(status) == 0);
+        for (i = 0; i < nchildren; i++) {
+            if (pids[i] == pid)
+                store_records(filename, i, reps, 1);
+        }
+    }
+    free(pids);
+}
+
+/* Spawn multiple child processes, all trying to store the same tag.  Verify
+ * that only one of the processes succeeded.  Repeat reps times. */
+static void
+race_test(const char *filename, int nchildren, int reps)
+{
+    int i, j, status, nsuccess;
+    uint8_t tag[TAG_LEN] = { 0 };
+    pid_t pid;
+
+    for (i = 0; i < reps; i++) {
+        store_32_be(i, tag);
+        for (j = 0; j < nchildren; j++) {
+            pid = fork();
+            assert(pid != -1);
+            if (pid == 0)
+                _exit(test_store(filename, tag, 1000, 100) != 0);
+        }
+
+        nsuccess = 0;
+        for (j = 0; j < nchildren; j++) {
+            pid = wait(&status);
+            assert(pid != -1);
+            if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
+                nsuccess++;
+        }
+        assert(nsuccess == 1);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *filename, *cmd;
+
+    argv++;
+    assert(*argv != NULL);
+
+    if (krb5_init_context(&ctx) != 0)
+        abort();
+
+    assert(*argv != NULL);
+    filename = *argv++;
+    unlink(filename);
+
+    assert(*argv != NULL);
+    cmd = *argv++;
+    if (strcmp(cmd, "expiry") == 0) {
+        assert(argv[0] != NULL);
+        expiry_test(filename, atoi(argv[0]));
+    } else if (strcmp(cmd, "concurrent") == 0) {
+        assert(argv[0] != NULL && argv[1] != NULL);
+        concurrency_test(filename, atoi(argv[0]), atoi(argv[1]));
+    } else if (strcmp(cmd, "race") == 0) {
+        assert(argv[0] != NULL && argv[1] != NULL);
+        race_test(filename, atoi(argv[0]), atoi(argv[1]));
+    } else {
+        abort();
+    }
+
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/CompositionExclusions.txt b/krb5-1.21.3/src/lib/krb5/unicode/CompositionExclusions.txt
new file mode 100644
index 00000000..f48693f0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/CompositionExclusions.txt
@@ -0,0 +1,176 @@
+# CompositionExclusions-3.2.0.txt
+# Date: 2002-03-19,23:30:28 GMT [MD]
+#
+# This file lists the characters from the UAX #15 Composition Exclusion Table.
+#
+# The format of the comments in this file has been updated since the last version,
+# CompositionExclusions-3.txt. The only substantive change to this file between that
+# version and this one is the addition of U+2ADC FORKING.
+#
+# For more information, see
+# https://www.unicode.org/unicode/reports/tr15/#Primary Exclusion List Table
+# ================================================
+
+# (1) Script Specifics
+# This list of characters cannot be derived from the UnicodeData file.
+# ================================================
+
+0958    #  DEVANAGARI LETTER QA
+0959    #  DEVANAGARI LETTER KHHA
+095A    #  DEVANAGARI LETTER GHHA
+095B    #  DEVANAGARI LETTER ZA
+095C    #  DEVANAGARI LETTER DDDHA
+095D    #  DEVANAGARI LETTER RHA
+095E    #  DEVANAGARI LETTER FA
+095F    #  DEVANAGARI LETTER YYA
+09DC    #  BENGALI LETTER RRA
+09DD    #  BENGALI LETTER RHA
+09DF    #  BENGALI LETTER YYA
+0A33    #  GURMUKHI LETTER LLA
+0A36    #  GURMUKHI LETTER SHA
+0A59    #  GURMUKHI LETTER KHHA
+0A5A    #  GURMUKHI LETTER GHHA
+0A5B    #  GURMUKHI LETTER ZA
+0A5E    #  GURMUKHI LETTER FA
+0B5C    #  ORIYA LETTER RRA
+0B5D    #  ORIYA LETTER RHA
+0F43    #  TIBETAN LETTER GHA
+0F4D    #  TIBETAN LETTER DDHA
+0F52    #  TIBETAN LETTER DHA
+0F57    #  TIBETAN LETTER BHA
+0F5C    #  TIBETAN LETTER DZHA
+0F69    #  TIBETAN LETTER KSSA
+0F76    #  TIBETAN VOWEL SIGN VOCALIC R
+0F78    #  TIBETAN VOWEL SIGN VOCALIC L
+0F93    #  TIBETAN SUBJOINED LETTER GHA
+0F9D    #  TIBETAN SUBJOINED LETTER DDHA
+0FA2    #  TIBETAN SUBJOINED LETTER DHA
+0FA7    #  TIBETAN SUBJOINED LETTER BHA
+0FAC    #  TIBETAN SUBJOINED LETTER DZHA
+0FB9    #  TIBETAN SUBJOINED LETTER KSSA
+FB1D    #  HEBREW LETTER YOD WITH HIRIQ
+FB1F    #  HEBREW LIGATURE YIDDISH YOD YOD PATAH
+FB2A    #  HEBREW LETTER SHIN WITH SHIN DOT
+FB2B    #  HEBREW LETTER SHIN WITH SIN DOT
+FB2C    #  HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT
+FB2D    #  HEBREW LETTER SHIN WITH DAGESH AND SIN DOT
+FB2E    #  HEBREW LETTER ALEF WITH PATAH
+FB2F    #  HEBREW LETTER ALEF WITH QAMATS
+FB30    #  HEBREW LETTER ALEF WITH MAPIQ
+FB31    #  HEBREW LETTER BET WITH DAGESH
+FB32    #  HEBREW LETTER GIMEL WITH DAGESH
+FB33    #  HEBREW LETTER DALET WITH DAGESH
+FB34    #  HEBREW LETTER HE WITH MAPIQ
+FB35    #  HEBREW LETTER VAV WITH DAGESH
+FB36    #  HEBREW LETTER ZAYIN WITH DAGESH
+FB38    #  HEBREW LETTER TET WITH DAGESH
+FB39    #  HEBREW LETTER YOD WITH DAGESH
+FB3A    #  HEBREW LETTER FINAL KAF WITH DAGESH
+FB3B    #  HEBREW LETTER KAF WITH DAGESH
+FB3C    #  HEBREW LETTER LAMED WITH DAGESH
+FB3E    #  HEBREW LETTER MEM WITH DAGESH
+FB40    #  HEBREW LETTER NUN WITH DAGESH
+FB41    #  HEBREW LETTER SAMEKH WITH DAGESH
+FB43    #  HEBREW LETTER FINAL PE WITH DAGESH
+FB44    #  HEBREW LETTER PE WITH DAGESH
+FB46    #  HEBREW LETTER TSADI WITH DAGESH
+FB47    #  HEBREW LETTER QOF WITH DAGESH
+FB48    #  HEBREW LETTER RESH WITH DAGESH
+FB49    #  HEBREW LETTER SHIN WITH DAGESH
+FB4A    #  HEBREW LETTER TAV WITH DAGESH
+FB4B    #  HEBREW LETTER VAV WITH HOLAM
+FB4C    #  HEBREW LETTER BET WITH RAFE
+FB4D    #  HEBREW LETTER KAF WITH RAFE
+FB4E    #  HEBREW LETTER PE WITH RAFE
+
+# Total code points: 67
+
+# ================================================
+# (2) Post Composition Version precomposed characters
+# These characters cannot be derived solely from the UnicodeData.txt file
+# in this version of Unicode.
+# ================================================
+
+2ADC    #  FORKING
+1D15E   #  MUSICAL SYMBOL HALF NOTE
+1D15F   #  MUSICAL SYMBOL QUARTER NOTE
+1D160   #  MUSICAL SYMBOL EIGHTH NOTE
+1D161   #  MUSICAL SYMBOL SIXTEENTH NOTE
+1D162   #  MUSICAL SYMBOL THIRTY-SECOND NOTE
+1D163   #  MUSICAL SYMBOL SIXTY-FOURTH NOTE
+1D164   #  MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE
+1D1BB   #  MUSICAL SYMBOL MINIMA
+1D1BC   #  MUSICAL SYMBOL MINIMA BLACK
+1D1BD   #  MUSICAL SYMBOL SEMIMINIMA WHITE
+1D1BE   #  MUSICAL SYMBOL SEMIMINIMA BLACK
+1D1BF   #  MUSICAL SYMBOL FUSA WHITE
+1D1C0   #  MUSICAL SYMBOL FUSA BLACK
+
+# Total code points: 14
+
+# ================================================
+# (3) Singleton Decompositions
+# These characters can be derived from the UnicodeData file
+# by including all characters whose canonical decomposition
+# consists of a single character.
+# These characters are simply quoted here for reference.
+# ================================================
+
+# 0340..0341       [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK
+# 0343                 COMBINING GREEK KORONIS
+# 0374                 GREEK NUMERAL SIGN
+# 037E                 GREEK QUESTION MARK
+# 0387                 GREEK ANO TELEIA
+# 1F71                 GREEK SMALL LETTER ALPHA WITH OXIA
+# 1F73                 GREEK SMALL LETTER EPSILON WITH OXIA
+# 1F75                 GREEK SMALL LETTER ETA WITH OXIA
+# 1F77                 GREEK SMALL LETTER IOTA WITH OXIA
+# 1F79                 GREEK SMALL LETTER OMICRON WITH OXIA
+# 1F7B                 GREEK SMALL LETTER UPSILON WITH OXIA
+# 1F7D                 GREEK SMALL LETTER OMEGA WITH OXIA
+# 1FBB                 GREEK CAPITAL LETTER ALPHA WITH OXIA
+# 1FBE                 GREEK PROSGEGRAMMENI
+# 1FC9                 GREEK CAPITAL LETTER EPSILON WITH OXIA
+# 1FCB                 GREEK CAPITAL LETTER ETA WITH OXIA
+# 1FD3                 GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA
+# 1FDB                 GREEK CAPITAL LETTER IOTA WITH OXIA
+# 1FE3                 GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA
+# 1FEB                 GREEK CAPITAL LETTER UPSILON WITH OXIA
+# 1FEE..1FEF       [2] GREEK DIALYTIKA AND OXIA..GREEK VARIA
+# 1FF9                 GREEK CAPITAL LETTER OMICRON WITH OXIA
+# 1FFB                 GREEK CAPITAL LETTER OMEGA WITH OXIA
+# 1FFD                 GREEK OXIA
+# 2000..2001       [2] EN QUAD..EM QUAD
+# 2126                 OHM SIGN
+# 212A..212B       [2] KELVIN SIGN..ANGSTROM SIGN
+# 2329                 LEFT-POINTING ANGLE BRACKET
+# 232A                 RIGHT-POINTING ANGLE BRACKET
+# F900..FA0D     [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D
+# FA10                 CJK COMPATIBILITY IDEOGRAPH-FA10
+# FA12                 CJK COMPATIBILITY IDEOGRAPH-FA12
+# FA15..FA1E      [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E
+# FA20                 CJK COMPATIBILITY IDEOGRAPH-FA20
+# FA22                 CJK COMPATIBILITY IDEOGRAPH-FA22
+# FA25..FA26       [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26
+# FA2A..FA2D       [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D
+# FA30..FA6A      [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A
+# 2F800..2FA1D   [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D
+
+# Total code points: 924
+
+# ================================================
+# (4) Non-Starter Decompositions
+# These characters can be derived from the UnicodeData file
+# by including all characters whose canonical decomposition consists
+# of a sequence of characters, the first of which has a non-zero
+# combining class.
+# These characters are simply quoted here for reference.
+# ================================================
+
+# 0344                 COMBINING GREEK DIALYTIKA TONOS
+# 0F73                 TIBETAN VOWEL SIGN II
+# 0F75                 TIBETAN VOWEL SIGN UU
+# 0F81                 TIBETAN VOWEL SIGN REVERSED II
+
+# Total code points: 4
+
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/Makefile.in b/krb5-1.21.3/src/lib/krb5/unicode/Makefile.in
new file mode 100644
index 00000000..d7dc0f5f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/Makefile.in
@@ -0,0 +1,65 @@
+mydir=lib$(S)krb5$(S)unicode
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+##DOS##BUILDTOP = ..\..\..
+##DOS##PREFIXDIR=unicode
+##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
+
+XXDIR = $(srcdir)/ucdata/
+XXHEADERS = ucdata.h uctable.h
+XXSRCS  = ucdata.c ucgendat.c
+
+STLIBOBJS= \
+	ucdata.o	\
+	ucstr.o		
+
+OBJS= \
+	$(OUTPRE)ucdata.$(OBJEXT)	\
+	$(OUTPRE)ucstr.$(OBJEXT)	
+
+SRCS= \
+	$(srcdir)/ucstr.c	
+
+EXTRADEPSRCS = 
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+
+shared:
+	mkdir shared
+
+uctable.h: $(XXDIR)/uctable.h
+
+$(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c $(srcdir)/UnicodeData.txt $(srcdir)/CompositionExclusions.txt
+	$(MAKE) ucgendat
+	./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt
+
+ucgendat: ucgendat.o
+	$(CC_LINK) $(ALL_CFLAGS) -o ucgendat ucgendat.o $(LIBS)
+
+##DOS##!if 0
+.links :
+	@for i in $(XXSRCS) $(XXHEADERS); do \
+		$(RM) $$i ; \
+		ii=`find $(srcdir) -name $$i` ; \
+		$(LN_S) $$ii . ; \
+	done
+	touch .links
+##DOS##!endif
+##DOS##.links:
+##DOS##		$(CP) $(srcdir)\ucdata\ucdata.h ucdata.h
+##DOS##		$(CP) $(srcdir)\ucdata\ucdata.c ucdata.c
+##DOS##		$(CP) $(srcdir)\ucdata\ucgendat.c ucgendat.c
+##DOS##		$(CP) $(srcdir)\ucdata\uctable.h uctable.h
+##DOS##		$(CP) nul .links
+
+$(XXSRCS) $(XXHEADERS) : .links
+
+clean:
+	$(RM) *.dat .links $(XXHEADERS) $(XXSRCS) ucgendat
+
+depend: .links
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/UCD-Terms b/krb5-1.21.3/src/lib/krb5/unicode/UCD-Terms
new file mode 100644
index 00000000..3800dfa8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/UCD-Terms
@@ -0,0 +1,29 @@
+UCD Terms of Use (https://www.unicode.org/Public/UNIDATA/UCD.html)
+
+Disclaimer
+
+The Unicode Character Database is provided as is by Unicode, Inc.
+No claims are made as to fitness for any particular purpose. No
+warranties of any kind are expressed or implied. The recipient
+agrees to determine applicability of information provided. If this
+file has been purchased on magnetic or optical media from Unicode,
+Inc., the sole remedy for any claim will be exchange of defective
+media within 90 days of receipt.
+
+This disclaimer is applicable for all other data files accompanying
+the Unicode Character Database, some of which have been compiled
+by the Unicode Consortium, and some of which have been supplied by
+other sources.
+
+Limitations on Rights to Redistribute This Data
+
+Recipient is granted the right to make copies in any form for
+internal distribution and to freely use the information supplied
+in the creation of products supporting the Unicode (TM) Standard.
+The files in the Unicode Character Database can be redistributed
+to third parties or other organizations (whether for profit or not)
+as long as this notice and the disclaimer notice are retained.
+Information can be extracted from these files and used in documentation
+or programs, as long as there is an accompanying notice indicating
+the source.
+
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/UnicodeData.txt b/krb5-1.21.3/src/lib/krb5/unicode/UnicodeData.txt
new file mode 100644
index 00000000..125a6920
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/UnicodeData.txt
@@ -0,0 +1,13874 @@
+0000;<control>;Cc;0;BN;;;;;N;NULL;;;;
+0001;<control>;Cc;0;BN;;;;;N;START OF HEADING;;;;
+0002;<control>;Cc;0;BN;;;;;N;START OF TEXT;;;;
+0003;<control>;Cc;0;BN;;;;;N;END OF TEXT;;;;
+0004;<control>;Cc;0;BN;;;;;N;END OF TRANSMISSION;;;;
+0005;<control>;Cc;0;BN;;;;;N;ENQUIRY;;;;
+0006;<control>;Cc;0;BN;;;;;N;ACKNOWLEDGE;;;;
+0007;<control>;Cc;0;BN;;;;;N;BELL;;;;
+0008;<control>;Cc;0;BN;;;;;N;BACKSPACE;;;;
+0009;<control>;Cc;0;S;;;;;N;CHARACTER TABULATION;;;;
+000A;<control>;Cc;0;B;;;;;N;LINE FEED (LF);;;;
+000B;<control>;Cc;0;S;;;;;N;LINE TABULATION;;;;
+000C;<control>;Cc;0;WS;;;;;N;FORM FEED (FF);;;;
+000D;<control>;Cc;0;B;;;;;N;CARRIAGE RETURN (CR);;;;
+000E;<control>;Cc;0;BN;;;;;N;SHIFT OUT;;;;
+000F;<control>;Cc;0;BN;;;;;N;SHIFT IN;;;;
+0010;<control>;Cc;0;BN;;;;;N;DATA LINK ESCAPE;;;;
+0011;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL ONE;;;;
+0012;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL TWO;;;;
+0013;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL THREE;;;;
+0014;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL FOUR;;;;
+0015;<control>;Cc;0;BN;;;;;N;NEGATIVE ACKNOWLEDGE;;;;
+0016;<control>;Cc;0;BN;;;;;N;SYNCHRONOUS IDLE;;;;
+0017;<control>;Cc;0;BN;;;;;N;END OF TRANSMISSION BLOCK;;;;
+0018;<control>;Cc;0;BN;;;;;N;CANCEL;;;;
+0019;<control>;Cc;0;BN;;;;;N;END OF MEDIUM;;;;
+001A;<control>;Cc;0;BN;;;;;N;SUBSTITUTE;;;;
+001B;<control>;Cc;0;BN;;;;;N;ESCAPE;;;;
+001C;<control>;Cc;0;B;;;;;N;INFORMATION SEPARATOR FOUR;;;;
+001D;<control>;Cc;0;B;;;;;N;INFORMATION SEPARATOR THREE;;;;
+001E;<control>;Cc;0;B;;;;;N;INFORMATION SEPARATOR TWO;;;;
+001F;<control>;Cc;0;S;;;;;N;INFORMATION SEPARATOR ONE;;;;
+0020;SPACE;Zs;0;WS;;;;;N;;;;;
+0021;EXCLAMATION MARK;Po;0;ON;;;;;N;;;;;
+0022;QUOTATION MARK;Po;0;ON;;;;;N;;;;;
+0023;NUMBER SIGN;Po;0;ET;;;;;N;;;;;
+0024;DOLLAR SIGN;Sc;0;ET;;;;;N;;;;;
+0025;PERCENT SIGN;Po;0;ET;;;;;N;;;;;
+0026;AMPERSAND;Po;0;ON;;;;;N;;;;;
+0027;APOSTROPHE;Po;0;ON;;;;;N;APOSTROPHE-QUOTE;;;;
+0028;LEFT PARENTHESIS;Ps;0;ON;;;;;Y;OPENING PARENTHESIS;;;;
+0029;RIGHT PARENTHESIS;Pe;0;ON;;;;;Y;CLOSING PARENTHESIS;;;;
+002A;ASTERISK;Po;0;ON;;;;;N;;;;;
+002B;PLUS SIGN;Sm;0;ET;;;;;N;;;;;
+002C;COMMA;Po;0;CS;;;;;N;;;;;
+002D;HYPHEN-MINUS;Pd;0;ET;;;;;N;;;;;
+002E;FULL STOP;Po;0;CS;;;;;N;PERIOD;;;;
+002F;SOLIDUS;Po;0;ES;;;;;N;SLASH;;;;
+0030;DIGIT ZERO;Nd;0;EN;;0;0;0;N;;;;;
+0031;DIGIT ONE;Nd;0;EN;;1;1;1;N;;;;;
+0032;DIGIT TWO;Nd;0;EN;;2;2;2;N;;;;;
+0033;DIGIT THREE;Nd;0;EN;;3;3;3;N;;;;;
+0034;DIGIT FOUR;Nd;0;EN;;4;4;4;N;;;;;
+0035;DIGIT FIVE;Nd;0;EN;;5;5;5;N;;;;;
+0036;DIGIT SIX;Nd;0;EN;;6;6;6;N;;;;;
+0037;DIGIT SEVEN;Nd;0;EN;;7;7;7;N;;;;;
+0038;DIGIT EIGHT;Nd;0;EN;;8;8;8;N;;;;;
+0039;DIGIT NINE;Nd;0;EN;;9;9;9;N;;;;;
+003A;COLON;Po;0;CS;;;;;N;;;;;
+003B;SEMICOLON;Po;0;ON;;;;;N;;;;;
+003C;LESS-THAN SIGN;Sm;0;ON;;;;;Y;;;;;
+003D;EQUALS SIGN;Sm;0;ON;;;;;N;;;;;
+003E;GREATER-THAN SIGN;Sm;0;ON;;;;;Y;;;;;
+003F;QUESTION MARK;Po;0;ON;;;;;N;;;;;
+0040;COMMERCIAL AT;Po;0;ON;;;;;N;;;;;
+0041;LATIN CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0061;
+0042;LATIN CAPITAL LETTER B;Lu;0;L;;;;;N;;;;0062;
+0043;LATIN CAPITAL LETTER C;Lu;0;L;;;;;N;;;;0063;
+0044;LATIN CAPITAL LETTER D;Lu;0;L;;;;;N;;;;0064;
+0045;LATIN CAPITAL LETTER E;Lu;0;L;;;;;N;;;;0065;
+0046;LATIN CAPITAL LETTER F;Lu;0;L;;;;;N;;;;0066;
+0047;LATIN CAPITAL LETTER G;Lu;0;L;;;;;N;;;;0067;
+0048;LATIN CAPITAL LETTER H;Lu;0;L;;;;;N;;;;0068;
+0049;LATIN CAPITAL LETTER I;Lu;0;L;;;;;N;;;;0069;
+004A;LATIN CAPITAL LETTER J;Lu;0;L;;;;;N;;;;006A;
+004B;LATIN CAPITAL LETTER K;Lu;0;L;;;;;N;;;;006B;
+004C;LATIN CAPITAL LETTER L;Lu;0;L;;;;;N;;;;006C;
+004D;LATIN CAPITAL LETTER M;Lu;0;L;;;;;N;;;;006D;
+004E;LATIN CAPITAL LETTER N;Lu;0;L;;;;;N;;;;006E;
+004F;LATIN CAPITAL LETTER O;Lu;0;L;;;;;N;;;;006F;
+0050;LATIN CAPITAL LETTER P;Lu;0;L;;;;;N;;;;0070;
+0051;LATIN CAPITAL LETTER Q;Lu;0;L;;;;;N;;;;0071;
+0052;LATIN CAPITAL LETTER R;Lu;0;L;;;;;N;;;;0072;
+0053;LATIN CAPITAL LETTER S;Lu;0;L;;;;;N;;;;0073;
+0054;LATIN CAPITAL LETTER T;Lu;0;L;;;;;N;;;;0074;
+0055;LATIN CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0075;
+0056;LATIN CAPITAL LETTER V;Lu;0;L;;;;;N;;;;0076;
+0057;LATIN CAPITAL LETTER W;Lu;0;L;;;;;N;;;;0077;
+0058;LATIN CAPITAL LETTER X;Lu;0;L;;;;;N;;;;0078;
+0059;LATIN CAPITAL LETTER Y;Lu;0;L;;;;;N;;;;0079;
+005A;LATIN CAPITAL LETTER Z;Lu;0;L;;;;;N;;;;007A;
+005B;LEFT SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING SQUARE BRACKET;;;;
+005C;REVERSE SOLIDUS;Po;0;ON;;;;;N;BACKSLASH;;;;
+005D;RIGHT SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING SQUARE BRACKET;;;;
+005E;CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;SPACING CIRCUMFLEX;;;;
+005F;LOW LINE;Pc;0;ON;;;;;N;SPACING UNDERSCORE;;;;
+0060;GRAVE ACCENT;Sk;0;ON;;;;;N;SPACING GRAVE;;;;
+0061;LATIN SMALL LETTER A;Ll;0;L;;;;;N;;;0041;;0041
+0062;LATIN SMALL LETTER B;Ll;0;L;;;;;N;;;0042;;0042
+0063;LATIN SMALL LETTER C;Ll;0;L;;;;;N;;;0043;;0043
+0064;LATIN SMALL LETTER D;Ll;0;L;;;;;N;;;0044;;0044
+0065;LATIN SMALL LETTER E;Ll;0;L;;;;;N;;;0045;;0045
+0066;LATIN SMALL LETTER F;Ll;0;L;;;;;N;;;0046;;0046
+0067;LATIN SMALL LETTER G;Ll;0;L;;;;;N;;;0047;;0047
+0068;LATIN SMALL LETTER H;Ll;0;L;;;;;N;;;0048;;0048
+0069;LATIN SMALL LETTER I;Ll;0;L;;;;;N;;;0049;;0049
+006A;LATIN SMALL LETTER J;Ll;0;L;;;;;N;;;004A;;004A
+006B;LATIN SMALL LETTER K;Ll;0;L;;;;;N;;;004B;;004B
+006C;LATIN SMALL LETTER L;Ll;0;L;;;;;N;;;004C;;004C
+006D;LATIN SMALL LETTER M;Ll;0;L;;;;;N;;;004D;;004D
+006E;LATIN SMALL LETTER N;Ll;0;L;;;;;N;;;004E;;004E
+006F;LATIN SMALL LETTER O;Ll;0;L;;;;;N;;;004F;;004F
+0070;LATIN SMALL LETTER P;Ll;0;L;;;;;N;;;0050;;0050
+0071;LATIN SMALL LETTER Q;Ll;0;L;;;;;N;;;0051;;0051
+0072;LATIN SMALL LETTER R;Ll;0;L;;;;;N;;;0052;;0052
+0073;LATIN SMALL LETTER S;Ll;0;L;;;;;N;;;0053;;0053
+0074;LATIN SMALL LETTER T;Ll;0;L;;;;;N;;;0054;;0054
+0075;LATIN SMALL LETTER U;Ll;0;L;;;;;N;;;0055;;0055
+0076;LATIN SMALL LETTER V;Ll;0;L;;;;;N;;;0056;;0056
+0077;LATIN SMALL LETTER W;Ll;0;L;;;;;N;;;0057;;0057
+0078;LATIN SMALL LETTER X;Ll;0;L;;;;;N;;;0058;;0058
+0079;LATIN SMALL LETTER Y;Ll;0;L;;;;;N;;;0059;;0059
+007A;LATIN SMALL LETTER Z;Ll;0;L;;;;;N;;;005A;;005A
+007B;LEFT CURLY BRACKET;Ps;0;ON;;;;;Y;OPENING CURLY BRACKET;;;;
+007C;VERTICAL LINE;Sm;0;ON;;;;;N;VERTICAL BAR;;;;
+007D;RIGHT CURLY BRACKET;Pe;0;ON;;;;;Y;CLOSING CURLY BRACKET;;;;
+007E;TILDE;Sm;0;ON;;;;;N;;;;;
+007F;<control>;Cc;0;BN;;;;;N;DELETE;;;;
+0080;<control>;Cc;0;BN;;;;;N;;;;;
+0081;<control>;Cc;0;BN;;;;;N;;;;;
+0082;<control>;Cc;0;BN;;;;;N;BREAK PERMITTED HERE;;;;
+0083;<control>;Cc;0;BN;;;;;N;NO BREAK HERE;;;;
+0084;<control>;Cc;0;BN;;;;;N;;;;;
+0085;<control>;Cc;0;B;;;;;N;NEXT LINE (NEL);;;;
+0086;<control>;Cc;0;BN;;;;;N;START OF SELECTED AREA;;;;
+0087;<control>;Cc;0;BN;;;;;N;END OF SELECTED AREA;;;;
+0088;<control>;Cc;0;BN;;;;;N;CHARACTER TABULATION SET;;;;
+0089;<control>;Cc;0;BN;;;;;N;CHARACTER TABULATION WITH JUSTIFICATION;;;;
+008A;<control>;Cc;0;BN;;;;;N;LINE TABULATION SET;;;;
+008B;<control>;Cc;0;BN;;;;;N;PARTIAL LINE FORWARD;;;;
+008C;<control>;Cc;0;BN;;;;;N;PARTIAL LINE BACKWARD;;;;
+008D;<control>;Cc;0;BN;;;;;N;REVERSE LINE FEED;;;;
+008E;<control>;Cc;0;BN;;;;;N;SINGLE SHIFT TWO;;;;
+008F;<control>;Cc;0;BN;;;;;N;SINGLE SHIFT THREE;;;;
+0090;<control>;Cc;0;BN;;;;;N;DEVICE CONTROL STRING;;;;
+0091;<control>;Cc;0;BN;;;;;N;PRIVATE USE ONE;;;;
+0092;<control>;Cc;0;BN;;;;;N;PRIVATE USE TWO;;;;
+0093;<control>;Cc;0;BN;;;;;N;SET TRANSMIT STATE;;;;
+0094;<control>;Cc;0;BN;;;;;N;CANCEL CHARACTER;;;;
+0095;<control>;Cc;0;BN;;;;;N;MESSAGE WAITING;;;;
+0096;<control>;Cc;0;BN;;;;;N;START OF GUARDED AREA;;;;
+0097;<control>;Cc;0;BN;;;;;N;END OF GUARDED AREA;;;;
+0098;<control>;Cc;0;BN;;;;;N;START OF STRING;;;;
+0099;<control>;Cc;0;BN;;;;;N;;;;;
+009A;<control>;Cc;0;BN;;;;;N;SINGLE CHARACTER INTRODUCER;;;;
+009B;<control>;Cc;0;BN;;;;;N;CONTROL SEQUENCE INTRODUCER;;;;
+009C;<control>;Cc;0;BN;;;;;N;STRING TERMINATOR;;;;
+009D;<control>;Cc;0;BN;;;;;N;OPERATING SYSTEM COMMAND;;;;
+009E;<control>;Cc;0;BN;;;;;N;PRIVACY MESSAGE;;;;
+009F;<control>;Cc;0;BN;;;;;N;APPLICATION PROGRAM COMMAND;;;;
+00A0;NO-BREAK SPACE;Zs;0;CS;<noBreak> 0020;;;;N;NON-BREAKING SPACE;;;;
+00A1;INVERTED EXCLAMATION MARK;Po;0;ON;;;;;N;;;;;
+00A2;CENT SIGN;Sc;0;ET;;;;;N;;;;;
+00A3;POUND SIGN;Sc;0;ET;;;;;N;;;;;
+00A4;CURRENCY SIGN;Sc;0;ET;;;;;N;;;;;
+00A5;YEN SIGN;Sc;0;ET;;;;;N;;;;;
+00A6;BROKEN BAR;So;0;ON;;;;;N;BROKEN VERTICAL BAR;;;;
+00A7;SECTION SIGN;So;0;ON;;;;;N;;;;;
+00A8;DIAERESIS;Sk;0;ON;<compat> 0020 0308;;;;N;SPACING DIAERESIS;;;;
+00A9;COPYRIGHT SIGN;So;0;ON;;;;;N;;;;;
+00AA;FEMININE ORDINAL INDICATOR;Ll;0;L;<super> 0061;;;;N;;;;;
+00AB;LEFT-POINTING DOUBLE ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING GUILLEMET;*;;;
+00AC;NOT SIGN;Sm;0;ON;;;;;N;;;;;
+00AD;SOFT HYPHEN;Pd;0;ON;;;;;N;;;;;
+00AE;REGISTERED SIGN;So;0;ON;;;;;N;REGISTERED TRADE MARK SIGN;;;;
+00AF;MACRON;Sk;0;ON;<compat> 0020 0304;;;;N;SPACING MACRON;;;;
+00B0;DEGREE SIGN;So;0;ET;;;;;N;;;;;
+00B1;PLUS-MINUS SIGN;Sm;0;ET;;;;;N;PLUS-OR-MINUS SIGN;;;;
+00B2;SUPERSCRIPT TWO;No;0;EN;<super> 0032;2;2;2;N;SUPERSCRIPT DIGIT TWO;;;;
+00B3;SUPERSCRIPT THREE;No;0;EN;<super> 0033;3;3;3;N;SUPERSCRIPT DIGIT THREE;;;;
+00B4;ACUTE ACCENT;Sk;0;ON;<compat> 0020 0301;;;;N;SPACING ACUTE;;;;
+00B5;MICRO SIGN;Ll;0;L;<compat> 03BC;;;;N;;;039C;;039C
+00B6;PILCROW SIGN;So;0;ON;;;;;N;PARAGRAPH SIGN;;;;
+00B7;MIDDLE DOT;Po;0;ON;;;;;N;;;;;
+00B8;CEDILLA;Sk;0;ON;<compat> 0020 0327;;;;N;SPACING CEDILLA;;;;
+00B9;SUPERSCRIPT ONE;No;0;EN;<super> 0031;1;1;1;N;SUPERSCRIPT DIGIT ONE;;;;
+00BA;MASCULINE ORDINAL INDICATOR;Ll;0;L;<super> 006F;;;;N;;;;;
+00BB;RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING GUILLEMET;*;;;
+00BC;VULGAR FRACTION ONE QUARTER;No;0;ON;<fraction> 0031 2044 0034;;;1/4;N;FRACTION ONE QUARTER;;;;
+00BD;VULGAR FRACTION ONE HALF;No;0;ON;<fraction> 0031 2044 0032;;;1/2;N;FRACTION ONE HALF;;;;
+00BE;VULGAR FRACTION THREE QUARTERS;No;0;ON;<fraction> 0033 2044 0034;;;3/4;N;FRACTION THREE QUARTERS;;;;
+00BF;INVERTED QUESTION MARK;Po;0;ON;;;;;N;;;;;
+00C0;LATIN CAPITAL LETTER A WITH GRAVE;Lu;0;L;0041 0300;;;;N;LATIN CAPITAL LETTER A GRAVE;;;00E0;
+00C1;LATIN CAPITAL LETTER A WITH ACUTE;Lu;0;L;0041 0301;;;;N;LATIN CAPITAL LETTER A ACUTE;;;00E1;
+00C2;LATIN CAPITAL LETTER A WITH CIRCUMFLEX;Lu;0;L;0041 0302;;;;N;LATIN CAPITAL LETTER A CIRCUMFLEX;;;00E2;
+00C3;LATIN CAPITAL LETTER A WITH TILDE;Lu;0;L;0041 0303;;;;N;LATIN CAPITAL LETTER A TILDE;;;00E3;
+00C4;LATIN CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0041 0308;;;;N;LATIN CAPITAL LETTER A DIAERESIS;;;00E4;
+00C5;LATIN CAPITAL LETTER A WITH RING ABOVE;Lu;0;L;0041 030A;;;;N;LATIN CAPITAL LETTER A RING;;;00E5;
+00C6;LATIN CAPITAL LETTER AE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER A E;ash *;;00E6;
+00C7;LATIN CAPITAL LETTER C WITH CEDILLA;Lu;0;L;0043 0327;;;;N;LATIN CAPITAL LETTER C CEDILLA;;;00E7;
+00C8;LATIN CAPITAL LETTER E WITH GRAVE;Lu;0;L;0045 0300;;;;N;LATIN CAPITAL LETTER E GRAVE;;;00E8;
+00C9;LATIN CAPITAL LETTER E WITH ACUTE;Lu;0;L;0045 0301;;;;N;LATIN CAPITAL LETTER E ACUTE;;;00E9;
+00CA;LATIN CAPITAL LETTER E WITH CIRCUMFLEX;Lu;0;L;0045 0302;;;;N;LATIN CAPITAL LETTER E CIRCUMFLEX;;;00EA;
+00CB;LATIN CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;0045 0308;;;;N;LATIN CAPITAL LETTER E DIAERESIS;;;00EB;
+00CC;LATIN CAPITAL LETTER I WITH GRAVE;Lu;0;L;0049 0300;;;;N;LATIN CAPITAL LETTER I GRAVE;;;00EC;
+00CD;LATIN CAPITAL LETTER I WITH ACUTE;Lu;0;L;0049 0301;;;;N;LATIN CAPITAL LETTER I ACUTE;;;00ED;
+00CE;LATIN CAPITAL LETTER I WITH CIRCUMFLEX;Lu;0;L;0049 0302;;;;N;LATIN CAPITAL LETTER I CIRCUMFLEX;;;00EE;
+00CF;LATIN CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0049 0308;;;;N;LATIN CAPITAL LETTER I DIAERESIS;;;00EF;
+00D0;LATIN CAPITAL LETTER ETH;Lu;0;L;;;;;N;;Icelandic;;00F0;
+00D1;LATIN CAPITAL LETTER N WITH TILDE;Lu;0;L;004E 0303;;;;N;LATIN CAPITAL LETTER N TILDE;;;00F1;
+00D2;LATIN CAPITAL LETTER O WITH GRAVE;Lu;0;L;004F 0300;;;;N;LATIN CAPITAL LETTER O GRAVE;;;00F2;
+00D3;LATIN CAPITAL LETTER O WITH ACUTE;Lu;0;L;004F 0301;;;;N;LATIN CAPITAL LETTER O ACUTE;;;00F3;
+00D4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX;Lu;0;L;004F 0302;;;;N;LATIN CAPITAL LETTER O CIRCUMFLEX;;;00F4;
+00D5;LATIN CAPITAL LETTER O WITH TILDE;Lu;0;L;004F 0303;;;;N;LATIN CAPITAL LETTER O TILDE;;;00F5;
+00D6;LATIN CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;004F 0308;;;;N;LATIN CAPITAL LETTER O DIAERESIS;;;00F6;
+00D7;MULTIPLICATION SIGN;Sm;0;ON;;;;;N;;;;;
+00D8;LATIN CAPITAL LETTER O WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O SLASH;;;00F8;
+00D9;LATIN CAPITAL LETTER U WITH GRAVE;Lu;0;L;0055 0300;;;;N;LATIN CAPITAL LETTER U GRAVE;;;00F9;
+00DA;LATIN CAPITAL LETTER U WITH ACUTE;Lu;0;L;0055 0301;;;;N;LATIN CAPITAL LETTER U ACUTE;;;00FA;
+00DB;LATIN CAPITAL LETTER U WITH CIRCUMFLEX;Lu;0;L;0055 0302;;;;N;LATIN CAPITAL LETTER U CIRCUMFLEX;;;00FB;
+00DC;LATIN CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0055 0308;;;;N;LATIN CAPITAL LETTER U DIAERESIS;;;00FC;
+00DD;LATIN CAPITAL LETTER Y WITH ACUTE;Lu;0;L;0059 0301;;;;N;LATIN CAPITAL LETTER Y ACUTE;;;00FD;
+00DE;LATIN CAPITAL LETTER THORN;Lu;0;L;;;;;N;;Icelandic;;00FE;
+00DF;LATIN SMALL LETTER SHARP S;Ll;0;L;;;;;N;;German;;;
+00E0;LATIN SMALL LETTER A WITH GRAVE;Ll;0;L;0061 0300;;;;N;LATIN SMALL LETTER A GRAVE;;00C0;;00C0
+00E1;LATIN SMALL LETTER A WITH ACUTE;Ll;0;L;0061 0301;;;;N;LATIN SMALL LETTER A ACUTE;;00C1;;00C1
+00E2;LATIN SMALL LETTER A WITH CIRCUMFLEX;Ll;0;L;0061 0302;;;;N;LATIN SMALL LETTER A CIRCUMFLEX;;00C2;;00C2
+00E3;LATIN SMALL LETTER A WITH TILDE;Ll;0;L;0061 0303;;;;N;LATIN SMALL LETTER A TILDE;;00C3;;00C3
+00E4;LATIN SMALL LETTER A WITH DIAERESIS;Ll;0;L;0061 0308;;;;N;LATIN SMALL LETTER A DIAERESIS;;00C4;;00C4
+00E5;LATIN SMALL LETTER A WITH RING ABOVE;Ll;0;L;0061 030A;;;;N;LATIN SMALL LETTER A RING;;00C5;;00C5
+00E6;LATIN SMALL LETTER AE;Ll;0;L;;;;;N;LATIN SMALL LETTER A E;ash *;00C6;;00C6
+00E7;LATIN SMALL LETTER C WITH CEDILLA;Ll;0;L;0063 0327;;;;N;LATIN SMALL LETTER C CEDILLA;;00C7;;00C7
+00E8;LATIN SMALL LETTER E WITH GRAVE;Ll;0;L;0065 0300;;;;N;LATIN SMALL LETTER E GRAVE;;00C8;;00C8
+00E9;LATIN SMALL LETTER E WITH ACUTE;Ll;0;L;0065 0301;;;;N;LATIN SMALL LETTER E ACUTE;;00C9;;00C9
+00EA;LATIN SMALL LETTER E WITH CIRCUMFLEX;Ll;0;L;0065 0302;;;;N;LATIN SMALL LETTER E CIRCUMFLEX;;00CA;;00CA
+00EB;LATIN SMALL LETTER E WITH DIAERESIS;Ll;0;L;0065 0308;;;;N;LATIN SMALL LETTER E DIAERESIS;;00CB;;00CB
+00EC;LATIN SMALL LETTER I WITH GRAVE;Ll;0;L;0069 0300;;;;N;LATIN SMALL LETTER I GRAVE;;00CC;;00CC
+00ED;LATIN SMALL LETTER I WITH ACUTE;Ll;0;L;0069 0301;;;;N;LATIN SMALL LETTER I ACUTE;;00CD;;00CD
+00EE;LATIN SMALL LETTER I WITH CIRCUMFLEX;Ll;0;L;0069 0302;;;;N;LATIN SMALL LETTER I CIRCUMFLEX;;00CE;;00CE
+00EF;LATIN SMALL LETTER I WITH DIAERESIS;Ll;0;L;0069 0308;;;;N;LATIN SMALL LETTER I DIAERESIS;;00CF;;00CF
+00F0;LATIN SMALL LETTER ETH;Ll;0;L;;;;;N;;Icelandic;00D0;;00D0
+00F1;LATIN SMALL LETTER N WITH TILDE;Ll;0;L;006E 0303;;;;N;LATIN SMALL LETTER N TILDE;;00D1;;00D1
+00F2;LATIN SMALL LETTER O WITH GRAVE;Ll;0;L;006F 0300;;;;N;LATIN SMALL LETTER O GRAVE;;00D2;;00D2
+00F3;LATIN SMALL LETTER O WITH ACUTE;Ll;0;L;006F 0301;;;;N;LATIN SMALL LETTER O ACUTE;;00D3;;00D3
+00F4;LATIN SMALL LETTER O WITH CIRCUMFLEX;Ll;0;L;006F 0302;;;;N;LATIN SMALL LETTER O CIRCUMFLEX;;00D4;;00D4
+00F5;LATIN SMALL LETTER O WITH TILDE;Ll;0;L;006F 0303;;;;N;LATIN SMALL LETTER O TILDE;;00D5;;00D5
+00F6;LATIN SMALL LETTER O WITH DIAERESIS;Ll;0;L;006F 0308;;;;N;LATIN SMALL LETTER O DIAERESIS;;00D6;;00D6
+00F7;DIVISION SIGN;Sm;0;ON;;;;;N;;;;;
+00F8;LATIN SMALL LETTER O WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER O SLASH;;00D8;;00D8
+00F9;LATIN SMALL LETTER U WITH GRAVE;Ll;0;L;0075 0300;;;;N;LATIN SMALL LETTER U GRAVE;;00D9;;00D9
+00FA;LATIN SMALL LETTER U WITH ACUTE;Ll;0;L;0075 0301;;;;N;LATIN SMALL LETTER U ACUTE;;00DA;;00DA
+00FB;LATIN SMALL LETTER U WITH CIRCUMFLEX;Ll;0;L;0075 0302;;;;N;LATIN SMALL LETTER U CIRCUMFLEX;;00DB;;00DB
+00FC;LATIN SMALL LETTER U WITH DIAERESIS;Ll;0;L;0075 0308;;;;N;LATIN SMALL LETTER U DIAERESIS;;00DC;;00DC
+00FD;LATIN SMALL LETTER Y WITH ACUTE;Ll;0;L;0079 0301;;;;N;LATIN SMALL LETTER Y ACUTE;;00DD;;00DD
+00FE;LATIN SMALL LETTER THORN;Ll;0;L;;;;;N;;Icelandic;00DE;;00DE
+00FF;LATIN SMALL LETTER Y WITH DIAERESIS;Ll;0;L;0079 0308;;;;N;LATIN SMALL LETTER Y DIAERESIS;;0178;;0178
+0100;LATIN CAPITAL LETTER A WITH MACRON;Lu;0;L;0041 0304;;;;N;LATIN CAPITAL LETTER A MACRON;;;0101;
+0101;LATIN SMALL LETTER A WITH MACRON;Ll;0;L;0061 0304;;;;N;LATIN SMALL LETTER A MACRON;;0100;;0100
+0102;LATIN CAPITAL LETTER A WITH BREVE;Lu;0;L;0041 0306;;;;N;LATIN CAPITAL LETTER A BREVE;;;0103;
+0103;LATIN SMALL LETTER A WITH BREVE;Ll;0;L;0061 0306;;;;N;LATIN SMALL LETTER A BREVE;;0102;;0102
+0104;LATIN CAPITAL LETTER A WITH OGONEK;Lu;0;L;0041 0328;;;;N;LATIN CAPITAL LETTER A OGONEK;;;0105;
+0105;LATIN SMALL LETTER A WITH OGONEK;Ll;0;L;0061 0328;;;;N;LATIN SMALL LETTER A OGONEK;;0104;;0104
+0106;LATIN CAPITAL LETTER C WITH ACUTE;Lu;0;L;0043 0301;;;;N;LATIN CAPITAL LETTER C ACUTE;;;0107;
+0107;LATIN SMALL LETTER C WITH ACUTE;Ll;0;L;0063 0301;;;;N;LATIN SMALL LETTER C ACUTE;;0106;;0106
+0108;LATIN CAPITAL LETTER C WITH CIRCUMFLEX;Lu;0;L;0043 0302;;;;N;LATIN CAPITAL LETTER C CIRCUMFLEX;;;0109;
+0109;LATIN SMALL LETTER C WITH CIRCUMFLEX;Ll;0;L;0063 0302;;;;N;LATIN SMALL LETTER C CIRCUMFLEX;;0108;;0108
+010A;LATIN CAPITAL LETTER C WITH DOT ABOVE;Lu;0;L;0043 0307;;;;N;LATIN CAPITAL LETTER C DOT;;;010B;
+010B;LATIN SMALL LETTER C WITH DOT ABOVE;Ll;0;L;0063 0307;;;;N;LATIN SMALL LETTER C DOT;;010A;;010A
+010C;LATIN CAPITAL LETTER C WITH CARON;Lu;0;L;0043 030C;;;;N;LATIN CAPITAL LETTER C HACEK;;;010D;
+010D;LATIN SMALL LETTER C WITH CARON;Ll;0;L;0063 030C;;;;N;LATIN SMALL LETTER C HACEK;;010C;;010C
+010E;LATIN CAPITAL LETTER D WITH CARON;Lu;0;L;0044 030C;;;;N;LATIN CAPITAL LETTER D HACEK;;;010F;
+010F;LATIN SMALL LETTER D WITH CARON;Ll;0;L;0064 030C;;;;N;LATIN SMALL LETTER D HACEK;;010E;;010E
+0110;LATIN CAPITAL LETTER D WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D BAR;;;0111;
+0111;LATIN SMALL LETTER D WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER D BAR;;0110;;0110
+0112;LATIN CAPITAL LETTER E WITH MACRON;Lu;0;L;0045 0304;;;;N;LATIN CAPITAL LETTER E MACRON;;;0113;
+0113;LATIN SMALL LETTER E WITH MACRON;Ll;0;L;0065 0304;;;;N;LATIN SMALL LETTER E MACRON;;0112;;0112
+0114;LATIN CAPITAL LETTER E WITH BREVE;Lu;0;L;0045 0306;;;;N;LATIN CAPITAL LETTER E BREVE;;;0115;
+0115;LATIN SMALL LETTER E WITH BREVE;Ll;0;L;0065 0306;;;;N;LATIN SMALL LETTER E BREVE;;0114;;0114
+0116;LATIN CAPITAL LETTER E WITH DOT ABOVE;Lu;0;L;0045 0307;;;;N;LATIN CAPITAL LETTER E DOT;;;0117;
+0117;LATIN SMALL LETTER E WITH DOT ABOVE;Ll;0;L;0065 0307;;;;N;LATIN SMALL LETTER E DOT;;0116;;0116
+0118;LATIN CAPITAL LETTER E WITH OGONEK;Lu;0;L;0045 0328;;;;N;LATIN CAPITAL LETTER E OGONEK;;;0119;
+0119;LATIN SMALL LETTER E WITH OGONEK;Ll;0;L;0065 0328;;;;N;LATIN SMALL LETTER E OGONEK;;0118;;0118
+011A;LATIN CAPITAL LETTER E WITH CARON;Lu;0;L;0045 030C;;;;N;LATIN CAPITAL LETTER E HACEK;;;011B;
+011B;LATIN SMALL LETTER E WITH CARON;Ll;0;L;0065 030C;;;;N;LATIN SMALL LETTER E HACEK;;011A;;011A
+011C;LATIN CAPITAL LETTER G WITH CIRCUMFLEX;Lu;0;L;0047 0302;;;;N;LATIN CAPITAL LETTER G CIRCUMFLEX;;;011D;
+011D;LATIN SMALL LETTER G WITH CIRCUMFLEX;Ll;0;L;0067 0302;;;;N;LATIN SMALL LETTER G CIRCUMFLEX;;011C;;011C
+011E;LATIN CAPITAL LETTER G WITH BREVE;Lu;0;L;0047 0306;;;;N;LATIN CAPITAL LETTER G BREVE;;;011F;
+011F;LATIN SMALL LETTER G WITH BREVE;Ll;0;L;0067 0306;;;;N;LATIN SMALL LETTER G BREVE;;011E;;011E
+0120;LATIN CAPITAL LETTER G WITH DOT ABOVE;Lu;0;L;0047 0307;;;;N;LATIN CAPITAL LETTER G DOT;;;0121;
+0121;LATIN SMALL LETTER G WITH DOT ABOVE;Ll;0;L;0067 0307;;;;N;LATIN SMALL LETTER G DOT;;0120;;0120
+0122;LATIN CAPITAL LETTER G WITH CEDILLA;Lu;0;L;0047 0327;;;;N;LATIN CAPITAL LETTER G CEDILLA;;;0123;
+0123;LATIN SMALL LETTER G WITH CEDILLA;Ll;0;L;0067 0327;;;;N;LATIN SMALL LETTER G CEDILLA;;0122;;0122
+0124;LATIN CAPITAL LETTER H WITH CIRCUMFLEX;Lu;0;L;0048 0302;;;;N;LATIN CAPITAL LETTER H CIRCUMFLEX;;;0125;
+0125;LATIN SMALL LETTER H WITH CIRCUMFLEX;Ll;0;L;0068 0302;;;;N;LATIN SMALL LETTER H CIRCUMFLEX;;0124;;0124
+0126;LATIN CAPITAL LETTER H WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER H BAR;;;0127;
+0127;LATIN SMALL LETTER H WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER H BAR;;0126;;0126
+0128;LATIN CAPITAL LETTER I WITH TILDE;Lu;0;L;0049 0303;;;;N;LATIN CAPITAL LETTER I TILDE;;;0129;
+0129;LATIN SMALL LETTER I WITH TILDE;Ll;0;L;0069 0303;;;;N;LATIN SMALL LETTER I TILDE;;0128;;0128
+012A;LATIN CAPITAL LETTER I WITH MACRON;Lu;0;L;0049 0304;;;;N;LATIN CAPITAL LETTER I MACRON;;;012B;
+012B;LATIN SMALL LETTER I WITH MACRON;Ll;0;L;0069 0304;;;;N;LATIN SMALL LETTER I MACRON;;012A;;012A
+012C;LATIN CAPITAL LETTER I WITH BREVE;Lu;0;L;0049 0306;;;;N;LATIN CAPITAL LETTER I BREVE;;;012D;
+012D;LATIN SMALL LETTER I WITH BREVE;Ll;0;L;0069 0306;;;;N;LATIN SMALL LETTER I BREVE;;012C;;012C
+012E;LATIN CAPITAL LETTER I WITH OGONEK;Lu;0;L;0049 0328;;;;N;LATIN CAPITAL LETTER I OGONEK;;;012F;
+012F;LATIN SMALL LETTER I WITH OGONEK;Ll;0;L;0069 0328;;;;N;LATIN SMALL LETTER I OGONEK;;012E;;012E
+0130;LATIN CAPITAL LETTER I WITH DOT ABOVE;Lu;0;L;0049 0307;;;;N;LATIN CAPITAL LETTER I DOT;;;0069;
+0131;LATIN SMALL LETTER DOTLESS I;Ll;0;L;;;;;N;;;0049;;0049
+0132;LATIN CAPITAL LIGATURE IJ;Lu;0;L;<compat> 0049 004A;;;;N;LATIN CAPITAL LETTER I J;;;0133;
+0133;LATIN SMALL LIGATURE IJ;Ll;0;L;<compat> 0069 006A;;;;N;LATIN SMALL LETTER I J;;0132;;0132
+0134;LATIN CAPITAL LETTER J WITH CIRCUMFLEX;Lu;0;L;004A 0302;;;;N;LATIN CAPITAL LETTER J CIRCUMFLEX;;;0135;
+0135;LATIN SMALL LETTER J WITH CIRCUMFLEX;Ll;0;L;006A 0302;;;;N;LATIN SMALL LETTER J CIRCUMFLEX;;0134;;0134
+0136;LATIN CAPITAL LETTER K WITH CEDILLA;Lu;0;L;004B 0327;;;;N;LATIN CAPITAL LETTER K CEDILLA;;;0137;
+0137;LATIN SMALL LETTER K WITH CEDILLA;Ll;0;L;006B 0327;;;;N;LATIN SMALL LETTER K CEDILLA;;0136;;0136
+0138;LATIN SMALL LETTER KRA;Ll;0;L;;;;;N;;Greenlandic;;;
+0139;LATIN CAPITAL LETTER L WITH ACUTE;Lu;0;L;004C 0301;;;;N;LATIN CAPITAL LETTER L ACUTE;;;013A;
+013A;LATIN SMALL LETTER L WITH ACUTE;Ll;0;L;006C 0301;;;;N;LATIN SMALL LETTER L ACUTE;;0139;;0139
+013B;LATIN CAPITAL LETTER L WITH CEDILLA;Lu;0;L;004C 0327;;;;N;LATIN CAPITAL LETTER L CEDILLA;;;013C;
+013C;LATIN SMALL LETTER L WITH CEDILLA;Ll;0;L;006C 0327;;;;N;LATIN SMALL LETTER L CEDILLA;;013B;;013B
+013D;LATIN CAPITAL LETTER L WITH CARON;Lu;0;L;004C 030C;;;;N;LATIN CAPITAL LETTER L HACEK;;;013E;
+013E;LATIN SMALL LETTER L WITH CARON;Ll;0;L;006C 030C;;;;N;LATIN SMALL LETTER L HACEK;;013D;;013D
+013F;LATIN CAPITAL LETTER L WITH MIDDLE DOT;Lu;0;L;<compat> 004C 00B7;;;;N;;;;0140;
+0140;LATIN SMALL LETTER L WITH MIDDLE DOT;Ll;0;L;<compat> 006C 00B7;;;;N;;;013F;;013F
+0141;LATIN CAPITAL LETTER L WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER L SLASH;;;0142;
+0142;LATIN SMALL LETTER L WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER L SLASH;;0141;;0141
+0143;LATIN CAPITAL LETTER N WITH ACUTE;Lu;0;L;004E 0301;;;;N;LATIN CAPITAL LETTER N ACUTE;;;0144;
+0144;LATIN SMALL LETTER N WITH ACUTE;Ll;0;L;006E 0301;;;;N;LATIN SMALL LETTER N ACUTE;;0143;;0143
+0145;LATIN CAPITAL LETTER N WITH CEDILLA;Lu;0;L;004E 0327;;;;N;LATIN CAPITAL LETTER N CEDILLA;;;0146;
+0146;LATIN SMALL LETTER N WITH CEDILLA;Ll;0;L;006E 0327;;;;N;LATIN SMALL LETTER N CEDILLA;;0145;;0145
+0147;LATIN CAPITAL LETTER N WITH CARON;Lu;0;L;004E 030C;;;;N;LATIN CAPITAL LETTER N HACEK;;;0148;
+0148;LATIN SMALL LETTER N WITH CARON;Ll;0;L;006E 030C;;;;N;LATIN SMALL LETTER N HACEK;;0147;;0147
+0149;LATIN SMALL LETTER N PRECEDED BY APOSTROPHE;Ll;0;L;<compat> 02BC 006E;;;;N;LATIN SMALL LETTER APOSTROPHE N;;;;
+014A;LATIN CAPITAL LETTER ENG;Lu;0;L;;;;;N;;Sami;;014B;
+014B;LATIN SMALL LETTER ENG;Ll;0;L;;;;;N;;Sami;014A;;014A
+014C;LATIN CAPITAL LETTER O WITH MACRON;Lu;0;L;004F 0304;;;;N;LATIN CAPITAL LETTER O MACRON;;;014D;
+014D;LATIN SMALL LETTER O WITH MACRON;Ll;0;L;006F 0304;;;;N;LATIN SMALL LETTER O MACRON;;014C;;014C
+014E;LATIN CAPITAL LETTER O WITH BREVE;Lu;0;L;004F 0306;;;;N;LATIN CAPITAL LETTER O BREVE;;;014F;
+014F;LATIN SMALL LETTER O WITH BREVE;Ll;0;L;006F 0306;;;;N;LATIN SMALL LETTER O BREVE;;014E;;014E
+0150;LATIN CAPITAL LETTER O WITH DOUBLE ACUTE;Lu;0;L;004F 030B;;;;N;LATIN CAPITAL LETTER O DOUBLE ACUTE;;;0151;
+0151;LATIN SMALL LETTER O WITH DOUBLE ACUTE;Ll;0;L;006F 030B;;;;N;LATIN SMALL LETTER O DOUBLE ACUTE;;0150;;0150
+0152;LATIN CAPITAL LIGATURE OE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O E;;;0153;
+0153;LATIN SMALL LIGATURE OE;Ll;0;L;;;;;N;LATIN SMALL LETTER O E;;0152;;0152
+0154;LATIN CAPITAL LETTER R WITH ACUTE;Lu;0;L;0052 0301;;;;N;LATIN CAPITAL LETTER R ACUTE;;;0155;
+0155;LATIN SMALL LETTER R WITH ACUTE;Ll;0;L;0072 0301;;;;N;LATIN SMALL LETTER R ACUTE;;0154;;0154
+0156;LATIN CAPITAL LETTER R WITH CEDILLA;Lu;0;L;0052 0327;;;;N;LATIN CAPITAL LETTER R CEDILLA;;;0157;
+0157;LATIN SMALL LETTER R WITH CEDILLA;Ll;0;L;0072 0327;;;;N;LATIN SMALL LETTER R CEDILLA;;0156;;0156
+0158;LATIN CAPITAL LETTER R WITH CARON;Lu;0;L;0052 030C;;;;N;LATIN CAPITAL LETTER R HACEK;;;0159;
+0159;LATIN SMALL LETTER R WITH CARON;Ll;0;L;0072 030C;;;;N;LATIN SMALL LETTER R HACEK;;0158;;0158
+015A;LATIN CAPITAL LETTER S WITH ACUTE;Lu;0;L;0053 0301;;;;N;LATIN CAPITAL LETTER S ACUTE;;;015B;
+015B;LATIN SMALL LETTER S WITH ACUTE;Ll;0;L;0073 0301;;;;N;LATIN SMALL LETTER S ACUTE;;015A;;015A
+015C;LATIN CAPITAL LETTER S WITH CIRCUMFLEX;Lu;0;L;0053 0302;;;;N;LATIN CAPITAL LETTER S CIRCUMFLEX;;;015D;
+015D;LATIN SMALL LETTER S WITH CIRCUMFLEX;Ll;0;L;0073 0302;;;;N;LATIN SMALL LETTER S CIRCUMFLEX;;015C;;015C
+015E;LATIN CAPITAL LETTER S WITH CEDILLA;Lu;0;L;0053 0327;;;;N;LATIN CAPITAL LETTER S CEDILLA;*;;015F;
+015F;LATIN SMALL LETTER S WITH CEDILLA;Ll;0;L;0073 0327;;;;N;LATIN SMALL LETTER S CEDILLA;*;015E;;015E
+0160;LATIN CAPITAL LETTER S WITH CARON;Lu;0;L;0053 030C;;;;N;LATIN CAPITAL LETTER S HACEK;;;0161;
+0161;LATIN SMALL LETTER S WITH CARON;Ll;0;L;0073 030C;;;;N;LATIN SMALL LETTER S HACEK;;0160;;0160
+0162;LATIN CAPITAL LETTER T WITH CEDILLA;Lu;0;L;0054 0327;;;;N;LATIN CAPITAL LETTER T CEDILLA;*;;0163;
+0163;LATIN SMALL LETTER T WITH CEDILLA;Ll;0;L;0074 0327;;;;N;LATIN SMALL LETTER T CEDILLA;*;0162;;0162
+0164;LATIN CAPITAL LETTER T WITH CARON;Lu;0;L;0054 030C;;;;N;LATIN CAPITAL LETTER T HACEK;;;0165;
+0165;LATIN SMALL LETTER T WITH CARON;Ll;0;L;0074 030C;;;;N;LATIN SMALL LETTER T HACEK;;0164;;0164
+0166;LATIN CAPITAL LETTER T WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T BAR;;;0167;
+0167;LATIN SMALL LETTER T WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER T BAR;;0166;;0166
+0168;LATIN CAPITAL LETTER U WITH TILDE;Lu;0;L;0055 0303;;;;N;LATIN CAPITAL LETTER U TILDE;;;0169;
+0169;LATIN SMALL LETTER U WITH TILDE;Ll;0;L;0075 0303;;;;N;LATIN SMALL LETTER U TILDE;;0168;;0168
+016A;LATIN CAPITAL LETTER U WITH MACRON;Lu;0;L;0055 0304;;;;N;LATIN CAPITAL LETTER U MACRON;;;016B;
+016B;LATIN SMALL LETTER U WITH MACRON;Ll;0;L;0075 0304;;;;N;LATIN SMALL LETTER U MACRON;;016A;;016A
+016C;LATIN CAPITAL LETTER U WITH BREVE;Lu;0;L;0055 0306;;;;N;LATIN CAPITAL LETTER U BREVE;;;016D;
+016D;LATIN SMALL LETTER U WITH BREVE;Ll;0;L;0075 0306;;;;N;LATIN SMALL LETTER U BREVE;;016C;;016C
+016E;LATIN CAPITAL LETTER U WITH RING ABOVE;Lu;0;L;0055 030A;;;;N;LATIN CAPITAL LETTER U RING;;;016F;
+016F;LATIN SMALL LETTER U WITH RING ABOVE;Ll;0;L;0075 030A;;;;N;LATIN SMALL LETTER U RING;;016E;;016E
+0170;LATIN CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0055 030B;;;;N;LATIN CAPITAL LETTER U DOUBLE ACUTE;;;0171;
+0171;LATIN SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0075 030B;;;;N;LATIN SMALL LETTER U DOUBLE ACUTE;;0170;;0170
+0172;LATIN CAPITAL LETTER U WITH OGONEK;Lu;0;L;0055 0328;;;;N;LATIN CAPITAL LETTER U OGONEK;;;0173;
+0173;LATIN SMALL LETTER U WITH OGONEK;Ll;0;L;0075 0328;;;;N;LATIN SMALL LETTER U OGONEK;;0172;;0172
+0174;LATIN CAPITAL LETTER W WITH CIRCUMFLEX;Lu;0;L;0057 0302;;;;N;LATIN CAPITAL LETTER W CIRCUMFLEX;;;0175;
+0175;LATIN SMALL LETTER W WITH CIRCUMFLEX;Ll;0;L;0077 0302;;;;N;LATIN SMALL LETTER W CIRCUMFLEX;;0174;;0174
+0176;LATIN CAPITAL LETTER Y WITH CIRCUMFLEX;Lu;0;L;0059 0302;;;;N;LATIN CAPITAL LETTER Y CIRCUMFLEX;;;0177;
+0177;LATIN SMALL LETTER Y WITH CIRCUMFLEX;Ll;0;L;0079 0302;;;;N;LATIN SMALL LETTER Y CIRCUMFLEX;;0176;;0176
+0178;LATIN CAPITAL LETTER Y WITH DIAERESIS;Lu;0;L;0059 0308;;;;N;LATIN CAPITAL LETTER Y DIAERESIS;;;00FF;
+0179;LATIN CAPITAL LETTER Z WITH ACUTE;Lu;0;L;005A 0301;;;;N;LATIN CAPITAL LETTER Z ACUTE;;;017A;
+017A;LATIN SMALL LETTER Z WITH ACUTE;Ll;0;L;007A 0301;;;;N;LATIN SMALL LETTER Z ACUTE;;0179;;0179
+017B;LATIN CAPITAL LETTER Z WITH DOT ABOVE;Lu;0;L;005A 0307;;;;N;LATIN CAPITAL LETTER Z DOT;;;017C;
+017C;LATIN SMALL LETTER Z WITH DOT ABOVE;Ll;0;L;007A 0307;;;;N;LATIN SMALL LETTER Z DOT;;017B;;017B
+017D;LATIN CAPITAL LETTER Z WITH CARON;Lu;0;L;005A 030C;;;;N;LATIN CAPITAL LETTER Z HACEK;;;017E;
+017E;LATIN SMALL LETTER Z WITH CARON;Ll;0;L;007A 030C;;;;N;LATIN SMALL LETTER Z HACEK;;017D;;017D
+017F;LATIN SMALL LETTER LONG S;Ll;0;L;<compat> 0073;;;;N;;;0053;;0053
+0180;LATIN SMALL LETTER B WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER B BAR;;;;
+0181;LATIN CAPITAL LETTER B WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B HOOK;;;0253;
+0182;LATIN CAPITAL LETTER B WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B TOPBAR;;;0183;
+0183;LATIN SMALL LETTER B WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER B TOPBAR;;0182;;0182
+0184;LATIN CAPITAL LETTER TONE SIX;Lu;0;L;;;;;N;;;;0185;
+0185;LATIN SMALL LETTER TONE SIX;Ll;0;L;;;;;N;;;0184;;0184
+0186;LATIN CAPITAL LETTER OPEN O;Lu;0;L;;;;;N;;;;0254;
+0187;LATIN CAPITAL LETTER C WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER C HOOK;;;0188;
+0188;LATIN SMALL LETTER C WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER C HOOK;;0187;;0187
+0189;LATIN CAPITAL LETTER AFRICAN D;Lu;0;L;;;;;N;;*;;0256;
+018A;LATIN CAPITAL LETTER D WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D HOOK;;;0257;
+018B;LATIN CAPITAL LETTER D WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D TOPBAR;;;018C;
+018C;LATIN SMALL LETTER D WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER D TOPBAR;;018B;;018B
+018D;LATIN SMALL LETTER TURNED DELTA;Ll;0;L;;;;;N;;;;;
+018E;LATIN CAPITAL LETTER REVERSED E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER TURNED E;;;01DD;
+018F;LATIN CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;0259;
+0190;LATIN CAPITAL LETTER OPEN E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER EPSILON;;;025B;
+0191;LATIN CAPITAL LETTER F WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER F HOOK;;;0192;
+0192;LATIN SMALL LETTER F WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT F;;0191;;0191
+0193;LATIN CAPITAL LETTER G WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G HOOK;;;0260;
+0194;LATIN CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;0263;
+0195;LATIN SMALL LETTER HV;Ll;0;L;;;;;N;LATIN SMALL LETTER H V;hwair;01F6;;01F6
+0196;LATIN CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;0269;
+0197;LATIN CAPITAL LETTER I WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED I;;;0268;
+0198;LATIN CAPITAL LETTER K WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER K HOOK;;;0199;
+0199;LATIN SMALL LETTER K WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER K HOOK;;0198;;0198
+019A;LATIN SMALL LETTER L WITH BAR;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED L;;;;
+019B;LATIN SMALL LETTER LAMBDA WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED LAMBDA;;;;
+019C;LATIN CAPITAL LETTER TURNED M;Lu;0;L;;;;;N;;;;026F;
+019D;LATIN CAPITAL LETTER N WITH LEFT HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER N HOOK;;;0272;
+019E;LATIN SMALL LETTER N WITH LONG RIGHT LEG;Ll;0;L;;;;;N;;;0220;;0220
+019F;LATIN CAPITAL LETTER O WITH MIDDLE TILDE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED O;*;;0275;
+01A0;LATIN CAPITAL LETTER O WITH HORN;Lu;0;L;004F 031B;;;;N;LATIN CAPITAL LETTER O HORN;;;01A1;
+01A1;LATIN SMALL LETTER O WITH HORN;Ll;0;L;006F 031B;;;;N;LATIN SMALL LETTER O HORN;;01A0;;01A0
+01A2;LATIN CAPITAL LETTER OI;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O I;gha;;01A3;
+01A3;LATIN SMALL LETTER OI;Ll;0;L;;;;;N;LATIN SMALL LETTER O I;gha;01A2;;01A2
+01A4;LATIN CAPITAL LETTER P WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER P HOOK;;;01A5;
+01A5;LATIN SMALL LETTER P WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER P HOOK;;01A4;;01A4
+01A6;LATIN LETTER YR;Lu;0;L;;;;;N;LATIN LETTER Y R;*;;0280;
+01A7;LATIN CAPITAL LETTER TONE TWO;Lu;0;L;;;;;N;;;;01A8;
+01A8;LATIN SMALL LETTER TONE TWO;Ll;0;L;;;;;N;;;01A7;;01A7
+01A9;LATIN CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;0283;
+01AA;LATIN LETTER REVERSED ESH LOOP;Ll;0;L;;;;;N;;;;;
+01AB;LATIN SMALL LETTER T WITH PALATAL HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T PALATAL HOOK;;;;
+01AC;LATIN CAPITAL LETTER T WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T HOOK;;;01AD;
+01AD;LATIN SMALL LETTER T WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T HOOK;;01AC;;01AC
+01AE;LATIN CAPITAL LETTER T WITH RETROFLEX HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T RETROFLEX HOOK;;;0288;
+01AF;LATIN CAPITAL LETTER U WITH HORN;Lu;0;L;0055 031B;;;;N;LATIN CAPITAL LETTER U HORN;;;01B0;
+01B0;LATIN SMALL LETTER U WITH HORN;Ll;0;L;0075 031B;;;;N;LATIN SMALL LETTER U HORN;;01AF;;01AF
+01B1;LATIN CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;028A;
+01B2;LATIN CAPITAL LETTER V WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER SCRIPT V;;;028B;
+01B3;LATIN CAPITAL LETTER Y WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Y HOOK;;;01B4;
+01B4;LATIN SMALL LETTER Y WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Y HOOK;;01B3;;01B3
+01B5;LATIN CAPITAL LETTER Z WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Z BAR;;;01B6;
+01B6;LATIN SMALL LETTER Z WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER Z BAR;;01B5;;01B5
+01B7;LATIN CAPITAL LETTER EZH;Lu;0;L;;;;;N;LATIN CAPITAL LETTER YOGH;;;0292;
+01B8;LATIN CAPITAL LETTER EZH REVERSED;Lu;0;L;;;;;N;LATIN CAPITAL LETTER REVERSED YOGH;;;01B9;
+01B9;LATIN SMALL LETTER EZH REVERSED;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED YOGH;;01B8;;01B8
+01BA;LATIN SMALL LETTER EZH WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH WITH TAIL;;;;
+01BB;LATIN LETTER TWO WITH STROKE;Lo;0;L;;;;;N;LATIN LETTER TWO BAR;;;;
+01BC;LATIN CAPITAL LETTER TONE FIVE;Lu;0;L;;;;;N;;;;01BD;
+01BD;LATIN SMALL LETTER TONE FIVE;Ll;0;L;;;;;N;;;01BC;;01BC
+01BE;LATIN LETTER INVERTED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER INVERTED GLOTTAL STOP BAR;;;;
+01BF;LATIN LETTER WYNN;Ll;0;L;;;;;N;;;01F7;;01F7
+01C0;LATIN LETTER DENTAL CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE;;;;
+01C1;LATIN LETTER LATERAL CLICK;Lo;0;L;;;;;N;LATIN LETTER DOUBLE PIPE;;;;
+01C2;LATIN LETTER ALVEOLAR CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE DOUBLE BAR;;;;
+01C3;LATIN LETTER RETROFLEX CLICK;Lo;0;L;;;;;N;LATIN LETTER EXCLAMATION MARK;;;;
+01C4;LATIN CAPITAL LETTER DZ WITH CARON;Lu;0;L;<compat> 0044 017D;;;;N;LATIN CAPITAL LETTER D Z HACEK;;;01C6;01C5
+01C5;LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON;Lt;0;L;<compat> 0044 017E;;;;N;LATIN LETTER CAPITAL D SMALL Z HACEK;;01C4;01C6;
+01C6;LATIN SMALL LETTER DZ WITH CARON;Ll;0;L;<compat> 0064 017E;;;;N;LATIN SMALL LETTER D Z HACEK;;01C4;;01C5
+01C7;LATIN CAPITAL LETTER LJ;Lu;0;L;<compat> 004C 004A;;;;N;LATIN CAPITAL LETTER L J;;;01C9;01C8
+01C8;LATIN CAPITAL LETTER L WITH SMALL LETTER J;Lt;0;L;<compat> 004C 006A;;;;N;LATIN LETTER CAPITAL L SMALL J;;01C7;01C9;
+01C9;LATIN SMALL LETTER LJ;Ll;0;L;<compat> 006C 006A;;;;N;LATIN SMALL LETTER L J;;01C7;;01C8
+01CA;LATIN CAPITAL LETTER NJ;Lu;0;L;<compat> 004E 004A;;;;N;LATIN CAPITAL LETTER N J;;;01CC;01CB
+01CB;LATIN CAPITAL LETTER N WITH SMALL LETTER J;Lt;0;L;<compat> 004E 006A;;;;N;LATIN LETTER CAPITAL N SMALL J;;01CA;01CC;
+01CC;LATIN SMALL LETTER NJ;Ll;0;L;<compat> 006E 006A;;;;N;LATIN SMALL LETTER N J;;01CA;;01CB
+01CD;LATIN CAPITAL LETTER A WITH CARON;Lu;0;L;0041 030C;;;;N;LATIN CAPITAL LETTER A HACEK;;;01CE;
+01CE;LATIN SMALL LETTER A WITH CARON;Ll;0;L;0061 030C;;;;N;LATIN SMALL LETTER A HACEK;;01CD;;01CD
+01CF;LATIN CAPITAL LETTER I WITH CARON;Lu;0;L;0049 030C;;;;N;LATIN CAPITAL LETTER I HACEK;;;01D0;
+01D0;LATIN SMALL LETTER I WITH CARON;Ll;0;L;0069 030C;;;;N;LATIN SMALL LETTER I HACEK;;01CF;;01CF
+01D1;LATIN CAPITAL LETTER O WITH CARON;Lu;0;L;004F 030C;;;;N;LATIN CAPITAL LETTER O HACEK;;;01D2;
+01D2;LATIN SMALL LETTER O WITH CARON;Ll;0;L;006F 030C;;;;N;LATIN SMALL LETTER O HACEK;;01D1;;01D1
+01D3;LATIN CAPITAL LETTER U WITH CARON;Lu;0;L;0055 030C;;;;N;LATIN CAPITAL LETTER U HACEK;;;01D4;
+01D4;LATIN SMALL LETTER U WITH CARON;Ll;0;L;0075 030C;;;;N;LATIN SMALL LETTER U HACEK;;01D3;;01D3
+01D5;LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON;Lu;0;L;00DC 0304;;;;N;LATIN CAPITAL LETTER U DIAERESIS MACRON;;;01D6;
+01D6;LATIN SMALL LETTER U WITH DIAERESIS AND MACRON;Ll;0;L;00FC 0304;;;;N;LATIN SMALL LETTER U DIAERESIS MACRON;;01D5;;01D5
+01D7;LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE;Lu;0;L;00DC 0301;;;;N;LATIN CAPITAL LETTER U DIAERESIS ACUTE;;;01D8;
+01D8;LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE;Ll;0;L;00FC 0301;;;;N;LATIN SMALL LETTER U DIAERESIS ACUTE;;01D7;;01D7
+01D9;LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON;Lu;0;L;00DC 030C;;;;N;LATIN CAPITAL LETTER U DIAERESIS HACEK;;;01DA;
+01DA;LATIN SMALL LETTER U WITH DIAERESIS AND CARON;Ll;0;L;00FC 030C;;;;N;LATIN SMALL LETTER U DIAERESIS HACEK;;01D9;;01D9
+01DB;LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE;Lu;0;L;00DC 0300;;;;N;LATIN CAPITAL LETTER U DIAERESIS GRAVE;;;01DC;
+01DC;LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE;Ll;0;L;00FC 0300;;;;N;LATIN SMALL LETTER U DIAERESIS GRAVE;;01DB;;01DB
+01DD;LATIN SMALL LETTER TURNED E;Ll;0;L;;;;;N;;;018E;;018E
+01DE;LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON;Lu;0;L;00C4 0304;;;;N;LATIN CAPITAL LETTER A DIAERESIS MACRON;;;01DF;
+01DF;LATIN SMALL LETTER A WITH DIAERESIS AND MACRON;Ll;0;L;00E4 0304;;;;N;LATIN SMALL LETTER A DIAERESIS MACRON;;01DE;;01DE
+01E0;LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON;Lu;0;L;0226 0304;;;;N;LATIN CAPITAL LETTER A DOT MACRON;;;01E1;
+01E1;LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON;Ll;0;L;0227 0304;;;;N;LATIN SMALL LETTER A DOT MACRON;;01E0;;01E0
+01E2;LATIN CAPITAL LETTER AE WITH MACRON;Lu;0;L;00C6 0304;;;;N;LATIN CAPITAL LETTER A E MACRON;ash *;;01E3;
+01E3;LATIN SMALL LETTER AE WITH MACRON;Ll;0;L;00E6 0304;;;;N;LATIN SMALL LETTER A E MACRON;ash *;01E2;;01E2
+01E4;LATIN CAPITAL LETTER G WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G BAR;;;01E5;
+01E5;LATIN SMALL LETTER G WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER G BAR;;01E4;;01E4
+01E6;LATIN CAPITAL LETTER G WITH CARON;Lu;0;L;0047 030C;;;;N;LATIN CAPITAL LETTER G HACEK;;;01E7;
+01E7;LATIN SMALL LETTER G WITH CARON;Ll;0;L;0067 030C;;;;N;LATIN SMALL LETTER G HACEK;;01E6;;01E6
+01E8;LATIN CAPITAL LETTER K WITH CARON;Lu;0;L;004B 030C;;;;N;LATIN CAPITAL LETTER K HACEK;;;01E9;
+01E9;LATIN SMALL LETTER K WITH CARON;Ll;0;L;006B 030C;;;;N;LATIN SMALL LETTER K HACEK;;01E8;;01E8
+01EA;LATIN CAPITAL LETTER O WITH OGONEK;Lu;0;L;004F 0328;;;;N;LATIN CAPITAL LETTER O OGONEK;;;01EB;
+01EB;LATIN SMALL LETTER O WITH OGONEK;Ll;0;L;006F 0328;;;;N;LATIN SMALL LETTER O OGONEK;;01EA;;01EA
+01EC;LATIN CAPITAL LETTER O WITH OGONEK AND MACRON;Lu;0;L;01EA 0304;;;;N;LATIN CAPITAL LETTER O OGONEK MACRON;;;01ED;
+01ED;LATIN SMALL LETTER O WITH OGONEK AND MACRON;Ll;0;L;01EB 0304;;;;N;LATIN SMALL LETTER O OGONEK MACRON;;01EC;;01EC
+01EE;LATIN CAPITAL LETTER EZH WITH CARON;Lu;0;L;01B7 030C;;;;N;LATIN CAPITAL LETTER YOGH HACEK;;;01EF;
+01EF;LATIN SMALL LETTER EZH WITH CARON;Ll;0;L;0292 030C;;;;N;LATIN SMALL LETTER YOGH HACEK;;01EE;;01EE
+01F0;LATIN SMALL LETTER J WITH CARON;Ll;0;L;006A 030C;;;;N;LATIN SMALL LETTER J HACEK;;;;
+01F1;LATIN CAPITAL LETTER DZ;Lu;0;L;<compat> 0044 005A;;;;N;;;;01F3;01F2
+01F2;LATIN CAPITAL LETTER D WITH SMALL LETTER Z;Lt;0;L;<compat> 0044 007A;;;;N;;;01F1;01F3;
+01F3;LATIN SMALL LETTER DZ;Ll;0;L;<compat> 0064 007A;;;;N;;;01F1;;01F2
+01F4;LATIN CAPITAL LETTER G WITH ACUTE;Lu;0;L;0047 0301;;;;N;;;;01F5;
+01F5;LATIN SMALL LETTER G WITH ACUTE;Ll;0;L;0067 0301;;;;N;;;01F4;;01F4
+01F6;LATIN CAPITAL LETTER HWAIR;Lu;0;L;;;;;N;;;;0195;
+01F7;LATIN CAPITAL LETTER WYNN;Lu;0;L;;;;;N;;;;01BF;
+01F8;LATIN CAPITAL LETTER N WITH GRAVE;Lu;0;L;004E 0300;;;;N;;;;01F9;
+01F9;LATIN SMALL LETTER N WITH GRAVE;Ll;0;L;006E 0300;;;;N;;;01F8;;01F8
+01FA;LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE;Lu;0;L;00C5 0301;;;;N;;;;01FB;
+01FB;LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE;Ll;0;L;00E5 0301;;;;N;;;01FA;;01FA
+01FC;LATIN CAPITAL LETTER AE WITH ACUTE;Lu;0;L;00C6 0301;;;;N;;ash *;;01FD;
+01FD;LATIN SMALL LETTER AE WITH ACUTE;Ll;0;L;00E6 0301;;;;N;;ash *;01FC;;01FC
+01FE;LATIN CAPITAL LETTER O WITH STROKE AND ACUTE;Lu;0;L;00D8 0301;;;;N;;;;01FF;
+01FF;LATIN SMALL LETTER O WITH STROKE AND ACUTE;Ll;0;L;00F8 0301;;;;N;;;01FE;;01FE
+0200;LATIN CAPITAL LETTER A WITH DOUBLE GRAVE;Lu;0;L;0041 030F;;;;N;;;;0201;
+0201;LATIN SMALL LETTER A WITH DOUBLE GRAVE;Ll;0;L;0061 030F;;;;N;;;0200;;0200
+0202;LATIN CAPITAL LETTER A WITH INVERTED BREVE;Lu;0;L;0041 0311;;;;N;;;;0203;
+0203;LATIN SMALL LETTER A WITH INVERTED BREVE;Ll;0;L;0061 0311;;;;N;;;0202;;0202
+0204;LATIN CAPITAL LETTER E WITH DOUBLE GRAVE;Lu;0;L;0045 030F;;;;N;;;;0205;
+0205;LATIN SMALL LETTER E WITH DOUBLE GRAVE;Ll;0;L;0065 030F;;;;N;;;0204;;0204
+0206;LATIN CAPITAL LETTER E WITH INVERTED BREVE;Lu;0;L;0045 0311;;;;N;;;;0207;
+0207;LATIN SMALL LETTER E WITH INVERTED BREVE;Ll;0;L;0065 0311;;;;N;;;0206;;0206
+0208;LATIN CAPITAL LETTER I WITH DOUBLE GRAVE;Lu;0;L;0049 030F;;;;N;;;;0209;
+0209;LATIN SMALL LETTER I WITH DOUBLE GRAVE;Ll;0;L;0069 030F;;;;N;;;0208;;0208
+020A;LATIN CAPITAL LETTER I WITH INVERTED BREVE;Lu;0;L;0049 0311;;;;N;;;;020B;
+020B;LATIN SMALL LETTER I WITH INVERTED BREVE;Ll;0;L;0069 0311;;;;N;;;020A;;020A
+020C;LATIN CAPITAL LETTER O WITH DOUBLE GRAVE;Lu;0;L;004F 030F;;;;N;;;;020D;
+020D;LATIN SMALL LETTER O WITH DOUBLE GRAVE;Ll;0;L;006F 030F;;;;N;;;020C;;020C
+020E;LATIN CAPITAL LETTER O WITH INVERTED BREVE;Lu;0;L;004F 0311;;;;N;;;;020F;
+020F;LATIN SMALL LETTER O WITH INVERTED BREVE;Ll;0;L;006F 0311;;;;N;;;020E;;020E
+0210;LATIN CAPITAL LETTER R WITH DOUBLE GRAVE;Lu;0;L;0052 030F;;;;N;;;;0211;
+0211;LATIN SMALL LETTER R WITH DOUBLE GRAVE;Ll;0;L;0072 030F;;;;N;;;0210;;0210
+0212;LATIN CAPITAL LETTER R WITH INVERTED BREVE;Lu;0;L;0052 0311;;;;N;;;;0213;
+0213;LATIN SMALL LETTER R WITH INVERTED BREVE;Ll;0;L;0072 0311;;;;N;;;0212;;0212
+0214;LATIN CAPITAL LETTER U WITH DOUBLE GRAVE;Lu;0;L;0055 030F;;;;N;;;;0215;
+0215;LATIN SMALL LETTER U WITH DOUBLE GRAVE;Ll;0;L;0075 030F;;;;N;;;0214;;0214
+0216;LATIN CAPITAL LETTER U WITH INVERTED BREVE;Lu;0;L;0055 0311;;;;N;;;;0217;
+0217;LATIN SMALL LETTER U WITH INVERTED BREVE;Ll;0;L;0075 0311;;;;N;;;0216;;0216
+0218;LATIN CAPITAL LETTER S WITH COMMA BELOW;Lu;0;L;0053 0326;;;;N;;*;;0219;
+0219;LATIN SMALL LETTER S WITH COMMA BELOW;Ll;0;L;0073 0326;;;;N;;*;0218;;0218
+021A;LATIN CAPITAL LETTER T WITH COMMA BELOW;Lu;0;L;0054 0326;;;;N;;*;;021B;
+021B;LATIN SMALL LETTER T WITH COMMA BELOW;Ll;0;L;0074 0326;;;;N;;*;021A;;021A
+021C;LATIN CAPITAL LETTER YOGH;Lu;0;L;;;;;N;;;;021D;
+021D;LATIN SMALL LETTER YOGH;Ll;0;L;;;;;N;;;021C;;021C
+021E;LATIN CAPITAL LETTER H WITH CARON;Lu;0;L;0048 030C;;;;N;;;;021F;
+021F;LATIN SMALL LETTER H WITH CARON;Ll;0;L;0068 030C;;;;N;;;021E;;021E
+0220;LATIN CAPITAL LETTER N WITH LONG RIGHT LEG;Lu;0;L;;;;;N;;;;019E;
+0222;LATIN CAPITAL LETTER OU;Lu;0;L;;;;;N;;;;0223;
+0223;LATIN SMALL LETTER OU;Ll;0;L;;;;;N;;;0222;;0222
+0224;LATIN CAPITAL LETTER Z WITH HOOK;Lu;0;L;;;;;N;;;;0225;
+0225;LATIN SMALL LETTER Z WITH HOOK;Ll;0;L;;;;;N;;;0224;;0224
+0226;LATIN CAPITAL LETTER A WITH DOT ABOVE;Lu;0;L;0041 0307;;;;N;;;;0227;
+0227;LATIN SMALL LETTER A WITH DOT ABOVE;Ll;0;L;0061 0307;;;;N;;;0226;;0226
+0228;LATIN CAPITAL LETTER E WITH CEDILLA;Lu;0;L;0045 0327;;;;N;;;;0229;
+0229;LATIN SMALL LETTER E WITH CEDILLA;Ll;0;L;0065 0327;;;;N;;;0228;;0228
+022A;LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON;Lu;0;L;00D6 0304;;;;N;;;;022B;
+022B;LATIN SMALL LETTER O WITH DIAERESIS AND MACRON;Ll;0;L;00F6 0304;;;;N;;;022A;;022A
+022C;LATIN CAPITAL LETTER O WITH TILDE AND MACRON;Lu;0;L;00D5 0304;;;;N;;;;022D;
+022D;LATIN SMALL LETTER O WITH TILDE AND MACRON;Ll;0;L;00F5 0304;;;;N;;;022C;;022C
+022E;LATIN CAPITAL LETTER O WITH DOT ABOVE;Lu;0;L;004F 0307;;;;N;;;;022F;
+022F;LATIN SMALL LETTER O WITH DOT ABOVE;Ll;0;L;006F 0307;;;;N;;;022E;;022E
+0230;LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON;Lu;0;L;022E 0304;;;;N;;;;0231;
+0231;LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON;Ll;0;L;022F 0304;;;;N;;;0230;;0230
+0232;LATIN CAPITAL LETTER Y WITH MACRON;Lu;0;L;0059 0304;;;;N;;;;0233;
+0233;LATIN SMALL LETTER Y WITH MACRON;Ll;0;L;0079 0304;;;;N;;;0232;;0232
+0250;LATIN SMALL LETTER TURNED A;Ll;0;L;;;;;N;;;;;
+0251;LATIN SMALL LETTER ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT A;;;;
+0252;LATIN SMALL LETTER TURNED ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED SCRIPT A;;;;
+0253;LATIN SMALL LETTER B WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER B HOOK;;0181;;0181
+0254;LATIN SMALL LETTER OPEN O;Ll;0;L;;;;;N;;;0186;;0186
+0255;LATIN SMALL LETTER C WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER C CURL;;;;
+0256;LATIN SMALL LETTER D WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER D RETROFLEX HOOK;;0189;;0189
+0257;LATIN SMALL LETTER D WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER D HOOK;;018A;;018A
+0258;LATIN SMALL LETTER REVERSED E;Ll;0;L;;;;;N;;;;;
+0259;LATIN SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;018F;;018F
+025A;LATIN SMALL LETTER SCHWA WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCHWA HOOK;;;;
+025B;LATIN SMALL LETTER OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER EPSILON;;0190;;0190
+025C;LATIN SMALL LETTER REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON;;;;
+025D;LATIN SMALL LETTER REVERSED OPEN E WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON HOOK;;;;
+025E;LATIN SMALL LETTER CLOSED REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED REVERSED EPSILON;;;;
+025F;LATIN SMALL LETTER DOTLESS J WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR;;;;
+0260;LATIN SMALL LETTER G WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER G HOOK;;0193;;0193
+0261;LATIN SMALL LETTER SCRIPT G;Ll;0;L;;;;;N;;;;;
+0262;LATIN LETTER SMALL CAPITAL G;Ll;0;L;;;;;N;;;;;
+0263;LATIN SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0194;;0194
+0264;LATIN SMALL LETTER RAMS HORN;Ll;0;L;;;;;N;LATIN SMALL LETTER BABY GAMMA;;;;
+0265;LATIN SMALL LETTER TURNED H;Ll;0;L;;;;;N;;;;;
+0266;LATIN SMALL LETTER H WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER H HOOK;;;;
+0267;LATIN SMALL LETTER HENG WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER HENG HOOK;;;;
+0268;LATIN SMALL LETTER I WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED I;;0197;;0197
+0269;LATIN SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0196;;0196
+026A;LATIN LETTER SMALL CAPITAL I;Ll;0;L;;;;;N;;;;;
+026B;LATIN SMALL LETTER L WITH MIDDLE TILDE;Ll;0;L;;;;;N;;;;;
+026C;LATIN SMALL LETTER L WITH BELT;Ll;0;L;;;;;N;LATIN SMALL LETTER L BELT;;;;
+026D;LATIN SMALL LETTER L WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER L RETROFLEX HOOK;;;;
+026E;LATIN SMALL LETTER LEZH;Ll;0;L;;;;;N;LATIN SMALL LETTER L YOGH;;;;
+026F;LATIN SMALL LETTER TURNED M;Ll;0;L;;;;;N;;;019C;;019C
+0270;LATIN SMALL LETTER TURNED M WITH LONG LEG;Ll;0;L;;;;;N;;;;;
+0271;LATIN SMALL LETTER M WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER M HOOK;;;;
+0272;LATIN SMALL LETTER N WITH LEFT HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N HOOK;;019D;;019D
+0273;LATIN SMALL LETTER N WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N RETROFLEX HOOK;;;;
+0274;LATIN LETTER SMALL CAPITAL N;Ll;0;L;;;;;N;;;;;
+0275;LATIN SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;019F;;019F
+0276;LATIN LETTER SMALL CAPITAL OE;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL O E;;;;
+0277;LATIN SMALL LETTER CLOSED OMEGA;Ll;0;L;;;;;N;;;;;
+0278;LATIN SMALL LETTER PHI;Ll;0;L;;;;;N;;;;;
+0279;LATIN SMALL LETTER TURNED R;Ll;0;L;;;;;N;;;;;
+027A;LATIN SMALL LETTER TURNED R WITH LONG LEG;Ll;0;L;;;;;N;;;;;
+027B;LATIN SMALL LETTER TURNED R WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED R HOOK;;;;
+027C;LATIN SMALL LETTER R WITH LONG LEG;Ll;0;L;;;;;N;;;;;
+027D;LATIN SMALL LETTER R WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER R HOOK;;;;
+027E;LATIN SMALL LETTER R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER FISHHOOK R;;;;
+027F;LATIN SMALL LETTER REVERSED R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED FISHHOOK R;;;;
+0280;LATIN LETTER SMALL CAPITAL R;Ll;0;L;;;;;N;;*;01A6;;01A6
+0281;LATIN LETTER SMALL CAPITAL INVERTED R;Ll;0;L;;;;;N;;;;;
+0282;LATIN SMALL LETTER S WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER S HOOK;;;;
+0283;LATIN SMALL LETTER ESH;Ll;0;L;;;;;N;;;01A9;;01A9
+0284;LATIN SMALL LETTER DOTLESS J WITH STROKE AND HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR HOOK;;;;
+0285;LATIN SMALL LETTER SQUAT REVERSED ESH;Ll;0;L;;;;;N;;;;;
+0286;LATIN SMALL LETTER ESH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER ESH CURL;;;;
+0287;LATIN SMALL LETTER TURNED T;Ll;0;L;;;;;N;;;;;
+0288;LATIN SMALL LETTER T WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T RETROFLEX HOOK;;01AE;;01AE
+0289;LATIN SMALL LETTER U BAR;Ll;0;L;;;;;N;;;;;
+028A;LATIN SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;01B1;;01B1
+028B;LATIN SMALL LETTER V WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT V;;01B2;;01B2
+028C;LATIN SMALL LETTER TURNED V;Ll;0;L;;;;;N;;;;;
+028D;LATIN SMALL LETTER TURNED W;Ll;0;L;;;;;N;;;;;
+028E;LATIN SMALL LETTER TURNED Y;Ll;0;L;;;;;N;;;;;
+028F;LATIN LETTER SMALL CAPITAL Y;Ll;0;L;;;;;N;;;;;
+0290;LATIN SMALL LETTER Z WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Z RETROFLEX HOOK;;;;
+0291;LATIN SMALL LETTER Z WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER Z CURL;;;;
+0292;LATIN SMALL LETTER EZH;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH;;01B7;;01B7
+0293;LATIN SMALL LETTER EZH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH CURL;;;;
+0294;LATIN LETTER GLOTTAL STOP;Ll;0;L;;;;;N;;;;;
+0295;LATIN LETTER PHARYNGEAL VOICED FRICATIVE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP;;;;
+0296;LATIN LETTER INVERTED GLOTTAL STOP;Ll;0;L;;;;;N;;;;;
+0297;LATIN LETTER STRETCHED C;Ll;0;L;;;;;N;;;;;
+0298;LATIN LETTER BILABIAL CLICK;Ll;0;L;;;;;N;LATIN LETTER BULLSEYE;;;;
+0299;LATIN LETTER SMALL CAPITAL B;Ll;0;L;;;;;N;;;;;
+029A;LATIN SMALL LETTER CLOSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED EPSILON;;;;
+029B;LATIN LETTER SMALL CAPITAL G WITH HOOK;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL G HOOK;;;;
+029C;LATIN LETTER SMALL CAPITAL H;Ll;0;L;;;;;N;;;;;
+029D;LATIN SMALL LETTER J WITH CROSSED-TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER CROSSED-TAIL J;;;;
+029E;LATIN SMALL LETTER TURNED K;Ll;0;L;;;;;N;;;;;
+029F;LATIN LETTER SMALL CAPITAL L;Ll;0;L;;;;;N;;;;;
+02A0;LATIN SMALL LETTER Q WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Q HOOK;;;;
+02A1;LATIN LETTER GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER GLOTTAL STOP BAR;;;;
+02A2;LATIN LETTER REVERSED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP BAR;;;;
+02A3;LATIN SMALL LETTER DZ DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z;;;;
+02A4;LATIN SMALL LETTER DEZH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D YOGH;;;;
+02A5;LATIN SMALL LETTER DZ DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z CURL;;;;
+02A6;LATIN SMALL LETTER TS DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T S;;;;
+02A7;LATIN SMALL LETTER TESH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T ESH;;;;
+02A8;LATIN SMALL LETTER TC DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER T C CURL;;;;
+02A9;LATIN SMALL LETTER FENG DIGRAPH;Ll;0;L;;;;;N;;;;;
+02AA;LATIN SMALL LETTER LS DIGRAPH;Ll;0;L;;;;;N;;;;;
+02AB;LATIN SMALL LETTER LZ DIGRAPH;Ll;0;L;;;;;N;;;;;
+02AC;LATIN LETTER BILABIAL PERCUSSIVE;Ll;0;L;;;;;N;;;;;
+02AD;LATIN LETTER BIDENTAL PERCUSSIVE;Ll;0;L;;;;;N;;;;;
+02B0;MODIFIER LETTER SMALL H;Lm;0;L;<super> 0068;;;;N;;;;;
+02B1;MODIFIER LETTER SMALL H WITH HOOK;Lm;0;L;<super> 0266;;;;N;MODIFIER LETTER SMALL H HOOK;;;;
+02B2;MODIFIER LETTER SMALL J;Lm;0;L;<super> 006A;;;;N;;;;;
+02B3;MODIFIER LETTER SMALL R;Lm;0;L;<super> 0072;;;;N;;;;;
+02B4;MODIFIER LETTER SMALL TURNED R;Lm;0;L;<super> 0279;;;;N;;;;;
+02B5;MODIFIER LETTER SMALL TURNED R WITH HOOK;Lm;0;L;<super> 027B;;;;N;MODIFIER LETTER SMALL TURNED R HOOK;;;;
+02B6;MODIFIER LETTER SMALL CAPITAL INVERTED R;Lm;0;L;<super> 0281;;;;N;;;;;
+02B7;MODIFIER LETTER SMALL W;Lm;0;L;<super> 0077;;;;N;;;;;
+02B8;MODIFIER LETTER SMALL Y;Lm;0;L;<super> 0079;;;;N;;;;;
+02B9;MODIFIER LETTER PRIME;Sk;0;ON;;;;;N;;;;;
+02BA;MODIFIER LETTER DOUBLE PRIME;Sk;0;ON;;;;;N;;;;;
+02BB;MODIFIER LETTER TURNED COMMA;Lm;0;L;;;;;N;;;;;
+02BC;MODIFIER LETTER APOSTROPHE;Lm;0;L;;;;;N;;;;;
+02BD;MODIFIER LETTER REVERSED COMMA;Lm;0;L;;;;;N;;;;;
+02BE;MODIFIER LETTER RIGHT HALF RING;Lm;0;L;;;;;N;;;;;
+02BF;MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;;
+02C0;MODIFIER LETTER GLOTTAL STOP;Lm;0;L;;;;;N;;;;;
+02C1;MODIFIER LETTER REVERSED GLOTTAL STOP;Lm;0;L;;;;;N;;;;;
+02C2;MODIFIER LETTER LEFT ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C3;MODIFIER LETTER RIGHT ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C4;MODIFIER LETTER UP ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C5;MODIFIER LETTER DOWN ARROWHEAD;Sk;0;ON;;;;;N;;;;;
+02C6;MODIFIER LETTER CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER CIRCUMFLEX;;;;
+02C7;CARON;Sk;0;ON;;;;;N;MODIFIER LETTER HACEK;Mandarin Chinese third tone;;;
+02C8;MODIFIER LETTER VERTICAL LINE;Sk;0;ON;;;;;N;;;;;
+02C9;MODIFIER LETTER MACRON;Sk;0;ON;;;;;N;;Mandarin Chinese first tone;;;
+02CA;MODIFIER LETTER ACUTE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER ACUTE;Mandarin Chinese second tone;;;
+02CB;MODIFIER LETTER GRAVE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER GRAVE;Mandarin Chinese fourth tone;;;
+02CC;MODIFIER LETTER LOW VERTICAL LINE;Sk;0;ON;;;;;N;;;;;
+02CD;MODIFIER LETTER LOW MACRON;Sk;0;ON;;;;;N;;;;;
+02CE;MODIFIER LETTER LOW GRAVE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER LOW GRAVE;;;;
+02CF;MODIFIER LETTER LOW ACUTE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER LOW ACUTE;;;;
+02D0;MODIFIER LETTER TRIANGULAR COLON;Lm;0;L;;;;;N;;;;;
+02D1;MODIFIER LETTER HALF TRIANGULAR COLON;Lm;0;L;;;;;N;;;;;
+02D2;MODIFIER LETTER CENTRED RIGHT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED RIGHT HALF RING;;;;
+02D3;MODIFIER LETTER CENTRED LEFT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED LEFT HALF RING;;;;
+02D4;MODIFIER LETTER UP TACK;Sk;0;ON;;;;;N;;;;;
+02D5;MODIFIER LETTER DOWN TACK;Sk;0;ON;;;;;N;;;;;
+02D6;MODIFIER LETTER PLUS SIGN;Sk;0;ON;;;;;N;;;;;
+02D7;MODIFIER LETTER MINUS SIGN;Sk;0;ON;;;;;N;;;;;
+02D8;BREVE;Sk;0;ON;<compat> 0020 0306;;;;N;SPACING BREVE;;;;
+02D9;DOT ABOVE;Sk;0;ON;<compat> 0020 0307;;;;N;SPACING DOT ABOVE;Mandarin Chinese light tone;;;
+02DA;RING ABOVE;Sk;0;ON;<compat> 0020 030A;;;;N;SPACING RING ABOVE;;;;
+02DB;OGONEK;Sk;0;ON;<compat> 0020 0328;;;;N;SPACING OGONEK;;;;
+02DC;SMALL TILDE;Sk;0;ON;<compat> 0020 0303;;;;N;SPACING TILDE;;;;
+02DD;DOUBLE ACUTE ACCENT;Sk;0;ON;<compat> 0020 030B;;;;N;SPACING DOUBLE ACUTE;;;;
+02DE;MODIFIER LETTER RHOTIC HOOK;Sk;0;ON;;;;;N;;;;;
+02DF;MODIFIER LETTER CROSS ACCENT;Sk;0;ON;;;;;N;;;;;
+02E0;MODIFIER LETTER SMALL GAMMA;Lm;0;L;<super> 0263;;;;N;;;;;
+02E1;MODIFIER LETTER SMALL L;Lm;0;L;<super> 006C;;;;N;;;;;
+02E2;MODIFIER LETTER SMALL S;Lm;0;L;<super> 0073;;;;N;;;;;
+02E3;MODIFIER LETTER SMALL X;Lm;0;L;<super> 0078;;;;N;;;;;
+02E4;MODIFIER LETTER SMALL REVERSED GLOTTAL STOP;Lm;0;L;<super> 0295;;;;N;;;;;
+02E5;MODIFIER LETTER EXTRA-HIGH TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E6;MODIFIER LETTER HIGH TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E7;MODIFIER LETTER MID TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E8;MODIFIER LETTER LOW TONE BAR;Sk;0;ON;;;;;N;;;;;
+02E9;MODIFIER LETTER EXTRA-LOW TONE BAR;Sk;0;ON;;;;;N;;;;;
+02EA;MODIFIER LETTER YIN DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;;
+02EB;MODIFIER LETTER YANG DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;;
+02EC;MODIFIER LETTER VOICING;Sk;0;ON;;;;;N;;;;;
+02ED;MODIFIER LETTER UNASPIRATED;Sk;0;ON;;;;;N;;;;;
+02EE;MODIFIER LETTER DOUBLE APOSTROPHE;Lm;0;L;;;;;N;;;;;
+0300;COMBINING GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING GRAVE;Varia;;;
+0301;COMBINING ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING ACUTE;Oxia, Tonos;;;
+0302;COMBINING CIRCUMFLEX ACCENT;Mn;230;NSM;;;;;N;NON-SPACING CIRCUMFLEX;;;;
+0303;COMBINING TILDE;Mn;230;NSM;;;;;N;NON-SPACING TILDE;;;;
+0304;COMBINING MACRON;Mn;230;NSM;;;;;N;NON-SPACING MACRON;;;;
+0305;COMBINING OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING OVERSCORE;;;;
+0306;COMBINING BREVE;Mn;230;NSM;;;;;N;NON-SPACING BREVE;Vrachy;;;
+0307;COMBINING DOT ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOT ABOVE;;;;
+0308;COMBINING DIAERESIS;Mn;230;NSM;;;;;N;NON-SPACING DIAERESIS;Dialytika;;;
+0309;COMBINING HOOK ABOVE;Mn;230;NSM;;;;;N;NON-SPACING HOOK ABOVE;;;;
+030A;COMBINING RING ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RING ABOVE;;;;
+030B;COMBINING DOUBLE ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE ACUTE;;;;
+030C;COMBINING CARON;Mn;230;NSM;;;;;N;NON-SPACING HACEK;;;;
+030D;COMBINING VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL LINE ABOVE;;;;
+030E;COMBINING DOUBLE VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE VERTICAL LINE ABOVE;;;;
+030F;COMBINING DOUBLE GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE GRAVE;;;;
+0310;COMBINING CANDRABINDU;Mn;230;NSM;;;;;N;NON-SPACING CANDRABINDU;;;;
+0311;COMBINING INVERTED BREVE;Mn;230;NSM;;;;;N;NON-SPACING INVERTED BREVE;;;;
+0312;COMBINING TURNED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING TURNED COMMA ABOVE;;;;
+0313;COMBINING COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING COMMA ABOVE;Psili;;;
+0314;COMBINING REVERSED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING REVERSED COMMA ABOVE;Dasia;;;
+0315;COMBINING COMMA ABOVE RIGHT;Mn;232;NSM;;;;;N;NON-SPACING COMMA ABOVE RIGHT;;;;
+0316;COMBINING GRAVE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING GRAVE BELOW;;;;
+0317;COMBINING ACUTE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING ACUTE BELOW;;;;
+0318;COMBINING LEFT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT TACK BELOW;;;;
+0319;COMBINING RIGHT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT TACK BELOW;;;;
+031A;COMBINING LEFT ANGLE ABOVE;Mn;232;NSM;;;;;N;NON-SPACING LEFT ANGLE ABOVE;;;;
+031B;COMBINING HORN;Mn;216;NSM;;;;;N;NON-SPACING HORN;;;;
+031C;COMBINING LEFT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT HALF RING BELOW;;;;
+031D;COMBINING UP TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING UP TACK BELOW;;;;
+031E;COMBINING DOWN TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOWN TACK BELOW;;;;
+031F;COMBINING PLUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING PLUS SIGN BELOW;;;;
+0320;COMBINING MINUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING MINUS SIGN BELOW;;;;
+0321;COMBINING PALATALIZED HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING PALATALIZED HOOK BELOW;;;;
+0322;COMBINING RETROFLEX HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING RETROFLEX HOOK BELOW;;;;
+0323;COMBINING DOT BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOT BELOW;;;;
+0324;COMBINING DIAERESIS BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE DOT BELOW;;;;
+0325;COMBINING RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RING BELOW;;;;
+0326;COMBINING COMMA BELOW;Mn;220;NSM;;;;;N;NON-SPACING COMMA BELOW;;;;
+0327;COMBINING CEDILLA;Mn;202;NSM;;;;;N;NON-SPACING CEDILLA;;;;
+0328;COMBINING OGONEK;Mn;202;NSM;;;;;N;NON-SPACING OGONEK;;;;
+0329;COMBINING VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;NON-SPACING VERTICAL LINE BELOW;;;;
+032A;COMBINING BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BRIDGE BELOW;;;;
+032B;COMBINING INVERTED DOUBLE ARCH BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED DOUBLE ARCH BELOW;;;;
+032C;COMBINING CARON BELOW;Mn;220;NSM;;;;;N;NON-SPACING HACEK BELOW;;;;
+032D;COMBINING CIRCUMFLEX ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING CIRCUMFLEX BELOW;;;;
+032E;COMBINING BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BREVE BELOW;;;;
+032F;COMBINING INVERTED BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BREVE BELOW;;;;
+0330;COMBINING TILDE BELOW;Mn;220;NSM;;;;;N;NON-SPACING TILDE BELOW;;;;
+0331;COMBINING MACRON BELOW;Mn;220;NSM;;;;;N;NON-SPACING MACRON BELOW;;;;
+0332;COMBINING LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING UNDERSCORE;;;;
+0333;COMBINING DOUBLE LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE UNDERSCORE;;;;
+0334;COMBINING TILDE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING TILDE OVERLAY;;;;
+0335;COMBINING SHORT STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT BAR OVERLAY;;;;
+0336;COMBINING LONG STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG BAR OVERLAY;;;;
+0337;COMBINING SHORT SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT SLASH OVERLAY;;;;
+0338;COMBINING LONG SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG SLASH OVERLAY;;;;
+0339;COMBINING RIGHT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT HALF RING BELOW;;;;
+033A;COMBINING INVERTED BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BRIDGE BELOW;;;;
+033B;COMBINING SQUARE BELOW;Mn;220;NSM;;;;;N;NON-SPACING SQUARE BELOW;;;;
+033C;COMBINING SEAGULL BELOW;Mn;220;NSM;;;;;N;NON-SPACING SEAGULL BELOW;;;;
+033D;COMBINING X ABOVE;Mn;230;NSM;;;;;N;NON-SPACING X ABOVE;;;;
+033E;COMBINING VERTICAL TILDE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL TILDE;;;;
+033F;COMBINING DOUBLE OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE OVERSCORE;;;;
+0340;COMBINING GRAVE TONE MARK;Mn;230;NSM;0300;;;;N;NON-SPACING GRAVE TONE MARK;Vietnamese;;;
+0341;COMBINING ACUTE TONE MARK;Mn;230;NSM;0301;;;;N;NON-SPACING ACUTE TONE MARK;Vietnamese;;;
+0342;COMBINING GREEK PERISPOMENI;Mn;230;NSM;;;;;N;;;;;
+0343;COMBINING GREEK KORONIS;Mn;230;NSM;0313;;;;N;;;;;
+0344;COMBINING GREEK DIALYTIKA TONOS;Mn;230;NSM;0308 0301;;;;N;GREEK NON-SPACING DIAERESIS TONOS;;;;
+0345;COMBINING GREEK YPOGEGRAMMENI;Mn;240;NSM;;;;;N;GREEK NON-SPACING IOTA BELOW;;0399;;0399
+0346;COMBINING BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;;
+0347;COMBINING EQUALS SIGN BELOW;Mn;220;NSM;;;;;N;;;;;
+0348;COMBINING DOUBLE VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;;;;;
+0349;COMBINING LEFT ANGLE BELOW;Mn;220;NSM;;;;;N;;;;;
+034A;COMBINING NOT TILDE ABOVE;Mn;230;NSM;;;;;N;;;;;
+034B;COMBINING HOMOTHETIC ABOVE;Mn;230;NSM;;;;;N;;;;;
+034C;COMBINING ALMOST EQUAL TO ABOVE;Mn;230;NSM;;;;;N;;;;;
+034D;COMBINING LEFT RIGHT ARROW BELOW;Mn;220;NSM;;;;;N;;;;;
+034E;COMBINING UPWARDS ARROW BELOW;Mn;220;NSM;;;;;N;;;;;
+034F;COMBINING GRAPHEME JOINER;Mn;0;NSM;;;;;N;;;;;
+0360;COMBINING DOUBLE TILDE;Mn;234;NSM;;;;;N;;;;;
+0361;COMBINING DOUBLE INVERTED BREVE;Mn;234;NSM;;;;;N;;;;;
+0362;COMBINING DOUBLE RIGHTWARDS ARROW BELOW;Mn;233;NSM;;;;;N;;;;;
+0363;COMBINING LATIN SMALL LETTER A;Mn;230;NSM;;;;;N;;;;;
+0364;COMBINING LATIN SMALL LETTER E;Mn;230;NSM;;;;;N;;;;;
+0365;COMBINING LATIN SMALL LETTER I;Mn;230;NSM;;;;;N;;;;;
+0366;COMBINING LATIN SMALL LETTER O;Mn;230;NSM;;;;;N;;;;;
+0367;COMBINING LATIN SMALL LETTER U;Mn;230;NSM;;;;;N;;;;;
+0368;COMBINING LATIN SMALL LETTER C;Mn;230;NSM;;;;;N;;;;;
+0369;COMBINING LATIN SMALL LETTER D;Mn;230;NSM;;;;;N;;;;;
+036A;COMBINING LATIN SMALL LETTER H;Mn;230;NSM;;;;;N;;;;;
+036B;COMBINING LATIN SMALL LETTER M;Mn;230;NSM;;;;;N;;;;;
+036C;COMBINING LATIN SMALL LETTER R;Mn;230;NSM;;;;;N;;;;;
+036D;COMBINING LATIN SMALL LETTER T;Mn;230;NSM;;;;;N;;;;;
+036E;COMBINING LATIN SMALL LETTER V;Mn;230;NSM;;;;;N;;;;;
+036F;COMBINING LATIN SMALL LETTER X;Mn;230;NSM;;;;;N;;;;;
+0374;GREEK NUMERAL SIGN;Sk;0;ON;02B9;;;;N;GREEK UPPER NUMERAL SIGN;Dexia keraia;;;
+0375;GREEK LOWER NUMERAL SIGN;Sk;0;ON;;;;;N;;Aristeri keraia;;;
+037A;GREEK YPOGEGRAMMENI;Lm;0;L;<compat> 0020 0345;;;;N;GREEK SPACING IOTA BELOW;;;;
+037E;GREEK QUESTION MARK;Po;0;ON;003B;;;;N;;Erotimatiko;;;
+0384;GREEK TONOS;Sk;0;ON;<compat> 0020 0301;;;;N;GREEK SPACING TONOS;;;;
+0385;GREEK DIALYTIKA TONOS;Sk;0;ON;00A8 0301;;;;N;GREEK SPACING DIAERESIS TONOS;;;;
+0386;GREEK CAPITAL LETTER ALPHA WITH TONOS;Lu;0;L;0391 0301;;;;N;GREEK CAPITAL LETTER ALPHA TONOS;;;03AC;
+0387;GREEK ANO TELEIA;Po;0;ON;00B7;;;;N;;;;;
+0388;GREEK CAPITAL LETTER EPSILON WITH TONOS;Lu;0;L;0395 0301;;;;N;GREEK CAPITAL LETTER EPSILON TONOS;;;03AD;
+0389;GREEK CAPITAL LETTER ETA WITH TONOS;Lu;0;L;0397 0301;;;;N;GREEK CAPITAL LETTER ETA TONOS;;;03AE;
+038A;GREEK CAPITAL LETTER IOTA WITH TONOS;Lu;0;L;0399 0301;;;;N;GREEK CAPITAL LETTER IOTA TONOS;;;03AF;
+038C;GREEK CAPITAL LETTER OMICRON WITH TONOS;Lu;0;L;039F 0301;;;;N;GREEK CAPITAL LETTER OMICRON TONOS;;;03CC;
+038E;GREEK CAPITAL LETTER UPSILON WITH TONOS;Lu;0;L;03A5 0301;;;;N;GREEK CAPITAL LETTER UPSILON TONOS;;;03CD;
+038F;GREEK CAPITAL LETTER OMEGA WITH TONOS;Lu;0;L;03A9 0301;;;;N;GREEK CAPITAL LETTER OMEGA TONOS;;;03CE;
+0390;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS;Ll;0;L;03CA 0301;;;;N;GREEK SMALL LETTER IOTA DIAERESIS TONOS;;;;
+0391;GREEK CAPITAL LETTER ALPHA;Lu;0;L;;;;;N;;;;03B1;
+0392;GREEK CAPITAL LETTER BETA;Lu;0;L;;;;;N;;;;03B2;
+0393;GREEK CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;03B3;
+0394;GREEK CAPITAL LETTER DELTA;Lu;0;L;;;;;N;;;;03B4;
+0395;GREEK CAPITAL LETTER EPSILON;Lu;0;L;;;;;N;;;;03B5;
+0396;GREEK CAPITAL LETTER ZETA;Lu;0;L;;;;;N;;;;03B6;
+0397;GREEK CAPITAL LETTER ETA;Lu;0;L;;;;;N;;;;03B7;
+0398;GREEK CAPITAL LETTER THETA;Lu;0;L;;;;;N;;;;03B8;
+0399;GREEK CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;03B9;
+039A;GREEK CAPITAL LETTER KAPPA;Lu;0;L;;;;;N;;;;03BA;
+039B;GREEK CAPITAL LETTER LAMDA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER LAMBDA;;;03BB;
+039C;GREEK CAPITAL LETTER MU;Lu;0;L;;;;;N;;;;03BC;
+039D;GREEK CAPITAL LETTER NU;Lu;0;L;;;;;N;;;;03BD;
+039E;GREEK CAPITAL LETTER XI;Lu;0;L;;;;;N;;;;03BE;
+039F;GREEK CAPITAL LETTER OMICRON;Lu;0;L;;;;;N;;;;03BF;
+03A0;GREEK CAPITAL LETTER PI;Lu;0;L;;;;;N;;;;03C0;
+03A1;GREEK CAPITAL LETTER RHO;Lu;0;L;;;;;N;;;;03C1;
+03A3;GREEK CAPITAL LETTER SIGMA;Lu;0;L;;;;;N;;;;03C3;
+03A4;GREEK CAPITAL LETTER TAU;Lu;0;L;;;;;N;;;;03C4;
+03A5;GREEK CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;03C5;
+03A6;GREEK CAPITAL LETTER PHI;Lu;0;L;;;;;N;;;;03C6;
+03A7;GREEK CAPITAL LETTER CHI;Lu;0;L;;;;;N;;;;03C7;
+03A8;GREEK CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;03C8;
+03A9;GREEK CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;03C9;
+03AA;GREEK CAPITAL LETTER IOTA WITH DIALYTIKA;Lu;0;L;0399 0308;;;;N;GREEK CAPITAL LETTER IOTA DIAERESIS;;;03CA;
+03AB;GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA;Lu;0;L;03A5 0308;;;;N;GREEK CAPITAL LETTER UPSILON DIAERESIS;;;03CB;
+03AC;GREEK SMALL LETTER ALPHA WITH TONOS;Ll;0;L;03B1 0301;;;;N;GREEK SMALL LETTER ALPHA TONOS;;0386;;0386
+03AD;GREEK SMALL LETTER EPSILON WITH TONOS;Ll;0;L;03B5 0301;;;;N;GREEK SMALL LETTER EPSILON TONOS;;0388;;0388
+03AE;GREEK SMALL LETTER ETA WITH TONOS;Ll;0;L;03B7 0301;;;;N;GREEK SMALL LETTER ETA TONOS;;0389;;0389
+03AF;GREEK SMALL LETTER IOTA WITH TONOS;Ll;0;L;03B9 0301;;;;N;GREEK SMALL LETTER IOTA TONOS;;038A;;038A
+03B0;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS;Ll;0;L;03CB 0301;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS TONOS;;;;
+03B1;GREEK SMALL LETTER ALPHA;Ll;0;L;;;;;N;;;0391;;0391
+03B2;GREEK SMALL LETTER BETA;Ll;0;L;;;;;N;;;0392;;0392
+03B3;GREEK SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0393;;0393
+03B4;GREEK SMALL LETTER DELTA;Ll;0;L;;;;;N;;;0394;;0394
+03B5;GREEK SMALL LETTER EPSILON;Ll;0;L;;;;;N;;;0395;;0395
+03B6;GREEK SMALL LETTER ZETA;Ll;0;L;;;;;N;;;0396;;0396
+03B7;GREEK SMALL LETTER ETA;Ll;0;L;;;;;N;;;0397;;0397
+03B8;GREEK SMALL LETTER THETA;Ll;0;L;;;;;N;;;0398;;0398
+03B9;GREEK SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0399;;0399
+03BA;GREEK SMALL LETTER KAPPA;Ll;0;L;;;;;N;;;039A;;039A
+03BB;GREEK SMALL LETTER LAMDA;Ll;0;L;;;;;N;GREEK SMALL LETTER LAMBDA;;039B;;039B
+03BC;GREEK SMALL LETTER MU;Ll;0;L;;;;;N;;;039C;;039C
+03BD;GREEK SMALL LETTER NU;Ll;0;L;;;;;N;;;039D;;039D
+03BE;GREEK SMALL LETTER XI;Ll;0;L;;;;;N;;;039E;;039E
+03BF;GREEK SMALL LETTER OMICRON;Ll;0;L;;;;;N;;;039F;;039F
+03C0;GREEK SMALL LETTER PI;Ll;0;L;;;;;N;;;03A0;;03A0
+03C1;GREEK SMALL LETTER RHO;Ll;0;L;;;;;N;;;03A1;;03A1
+03C2;GREEK SMALL LETTER FINAL SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3
+03C3;GREEK SMALL LETTER SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3
+03C4;GREEK SMALL LETTER TAU;Ll;0;L;;;;;N;;;03A4;;03A4
+03C5;GREEK SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;03A5;;03A5
+03C6;GREEK SMALL LETTER PHI;Ll;0;L;;;;;N;;;03A6;;03A6
+03C7;GREEK SMALL LETTER CHI;Ll;0;L;;;;;N;;;03A7;;03A7
+03C8;GREEK SMALL LETTER PSI;Ll;0;L;;;;;N;;;03A8;;03A8
+03C9;GREEK SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;03A9;;03A9
+03CA;GREEK SMALL LETTER IOTA WITH DIALYTIKA;Ll;0;L;03B9 0308;;;;N;GREEK SMALL LETTER IOTA DIAERESIS;;03AA;;03AA
+03CB;GREEK SMALL LETTER UPSILON WITH DIALYTIKA;Ll;0;L;03C5 0308;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS;;03AB;;03AB
+03CC;GREEK SMALL LETTER OMICRON WITH TONOS;Ll;0;L;03BF 0301;;;;N;GREEK SMALL LETTER OMICRON TONOS;;038C;;038C
+03CD;GREEK SMALL LETTER UPSILON WITH TONOS;Ll;0;L;03C5 0301;;;;N;GREEK SMALL LETTER UPSILON TONOS;;038E;;038E
+03CE;GREEK SMALL LETTER OMEGA WITH TONOS;Ll;0;L;03C9 0301;;;;N;GREEK SMALL LETTER OMEGA TONOS;;038F;;038F
+03D0;GREEK BETA SYMBOL;Ll;0;L;<compat> 03B2;;;;N;GREEK SMALL LETTER CURLED BETA;;0392;;0392
+03D1;GREEK THETA SYMBOL;Ll;0;L;<compat> 03B8;;;;N;GREEK SMALL LETTER SCRIPT THETA;;0398;;0398
+03D2;GREEK UPSILON WITH HOOK SYMBOL;Lu;0;L;<compat> 03A5;;;;N;GREEK CAPITAL LETTER UPSILON HOOK;;;;
+03D3;GREEK UPSILON WITH ACUTE AND HOOK SYMBOL;Lu;0;L;03D2 0301;;;;N;GREEK CAPITAL LETTER UPSILON HOOK TONOS;;;;
+03D4;GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL;Lu;0;L;03D2 0308;;;;N;GREEK CAPITAL LETTER UPSILON HOOK DIAERESIS;;;;
+03D5;GREEK PHI SYMBOL;Ll;0;L;<compat> 03C6;;;;N;GREEK SMALL LETTER SCRIPT PHI;;03A6;;03A6
+03D6;GREEK PI SYMBOL;Ll;0;L;<compat> 03C0;;;;N;GREEK SMALL LETTER OMEGA PI;;03A0;;03A0
+03D7;GREEK KAI SYMBOL;Ll;0;L;;;;;N;;;;;
+03D8;GREEK LETTER ARCHAIC KOPPA;Lu;0;L;;;;;N;;*;;03D9;
+03D9;GREEK SMALL LETTER ARCHAIC KOPPA;Ll;0;L;;;;;N;;*;03D8;;03D8
+03DA;GREEK LETTER STIGMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER STIGMA;;;03DB;
+03DB;GREEK SMALL LETTER STIGMA;Ll;0;L;;;;;N;;;03DA;;03DA
+03DC;GREEK LETTER DIGAMMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DIGAMMA;;;03DD;
+03DD;GREEK SMALL LETTER DIGAMMA;Ll;0;L;;;;;N;;;03DC;;03DC
+03DE;GREEK LETTER KOPPA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KOPPA;;;03DF;
+03DF;GREEK SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;03DE;;03DE
+03E0;GREEK LETTER SAMPI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SAMPI;;;03E1;
+03E1;GREEK SMALL LETTER SAMPI;Ll;0;L;;;;;N;;;03E0;;03E0
+03E2;COPTIC CAPITAL LETTER SHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHEI;;;03E3;
+03E3;COPTIC SMALL LETTER SHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER SHEI;;03E2;;03E2
+03E4;COPTIC CAPITAL LETTER FEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER FEI;;;03E5;
+03E5;COPTIC SMALL LETTER FEI;Ll;0;L;;;;;N;GREEK SMALL LETTER FEI;;03E4;;03E4
+03E6;COPTIC CAPITAL LETTER KHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KHEI;;;03E7;
+03E7;COPTIC SMALL LETTER KHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER KHEI;;03E6;;03E6
+03E8;COPTIC CAPITAL LETTER HORI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER HORI;;;03E9;
+03E9;COPTIC SMALL LETTER HORI;Ll;0;L;;;;;N;GREEK SMALL LETTER HORI;;03E8;;03E8
+03EA;COPTIC CAPITAL LETTER GANGIA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER GANGIA;;;03EB;
+03EB;COPTIC SMALL LETTER GANGIA;Ll;0;L;;;;;N;GREEK SMALL LETTER GANGIA;;03EA;;03EA
+03EC;COPTIC CAPITAL LETTER SHIMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHIMA;;;03ED;
+03ED;COPTIC SMALL LETTER SHIMA;Ll;0;L;;;;;N;GREEK SMALL LETTER SHIMA;;03EC;;03EC
+03EE;COPTIC CAPITAL LETTER DEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DEI;;;03EF;
+03EF;COPTIC SMALL LETTER DEI;Ll;0;L;;;;;N;GREEK SMALL LETTER DEI;;03EE;;03EE
+03F0;GREEK KAPPA SYMBOL;Ll;0;L;<compat> 03BA;;;;N;GREEK SMALL LETTER SCRIPT KAPPA;;039A;;039A
+03F1;GREEK RHO SYMBOL;Ll;0;L;<compat> 03C1;;;;N;GREEK SMALL LETTER TAILED RHO;;03A1;;03A1
+03F2;GREEK LUNATE SIGMA SYMBOL;Ll;0;L;<compat> 03C2;;;;N;GREEK SMALL LETTER LUNATE SIGMA;;03A3;;03A3
+03F3;GREEK LETTER YOT;Ll;0;L;;;;;N;;;;;
+03F4;GREEK CAPITAL THETA SYMBOL;Lu;0;L;<compat> 0398;;;;N;;;;03B8;
+03F5;GREEK LUNATE EPSILON SYMBOL;Ll;0;L;<compat> 03B5;;;;N;;;0395;;0395
+03F6;GREEK REVERSED LUNATE EPSILON SYMBOL;Sm;0;ON;;;;;N;;;;;
+0400;CYRILLIC CAPITAL LETTER IE WITH GRAVE;Lu;0;L;0415 0300;;;;N;;;;0450;
+0401;CYRILLIC CAPITAL LETTER IO;Lu;0;L;0415 0308;;;;N;;;;0451;
+0402;CYRILLIC CAPITAL LETTER DJE;Lu;0;L;;;;;N;;Serbocroatian;;0452;
+0403;CYRILLIC CAPITAL LETTER GJE;Lu;0;L;0413 0301;;;;N;;;;0453;
+0404;CYRILLIC CAPITAL LETTER UKRAINIAN IE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER E;;;0454;
+0405;CYRILLIC CAPITAL LETTER DZE;Lu;0;L;;;;;N;;;;0455;
+0406;CYRILLIC CAPITAL LETTER BYELORUSSIAN-UKRAINIAN I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER I;;;0456;
+0407;CYRILLIC CAPITAL LETTER YI;Lu;0;L;0406 0308;;;;N;;Ukrainian;;0457;
+0408;CYRILLIC CAPITAL LETTER JE;Lu;0;L;;;;;N;;;;0458;
+0409;CYRILLIC CAPITAL LETTER LJE;Lu;0;L;;;;;N;;;;0459;
+040A;CYRILLIC CAPITAL LETTER NJE;Lu;0;L;;;;;N;;;;045A;
+040B;CYRILLIC CAPITAL LETTER TSHE;Lu;0;L;;;;;N;;Serbocroatian;;045B;
+040C;CYRILLIC CAPITAL LETTER KJE;Lu;0;L;041A 0301;;;;N;;;;045C;
+040D;CYRILLIC CAPITAL LETTER I WITH GRAVE;Lu;0;L;0418 0300;;;;N;;;;045D;
+040E;CYRILLIC CAPITAL LETTER SHORT U;Lu;0;L;0423 0306;;;;N;;Byelorussian;;045E;
+040F;CYRILLIC CAPITAL LETTER DZHE;Lu;0;L;;;;;N;;;;045F;
+0410;CYRILLIC CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0430;
+0411;CYRILLIC CAPITAL LETTER BE;Lu;0;L;;;;;N;;;;0431;
+0412;CYRILLIC CAPITAL LETTER VE;Lu;0;L;;;;;N;;;;0432;
+0413;CYRILLIC CAPITAL LETTER GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE;;;0433;
+0414;CYRILLIC CAPITAL LETTER DE;Lu;0;L;;;;;N;;;;0434;
+0415;CYRILLIC CAPITAL LETTER IE;Lu;0;L;;;;;N;;;;0435;
+0416;CYRILLIC CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;0436;
+0417;CYRILLIC CAPITAL LETTER ZE;Lu;0;L;;;;;N;;;;0437;
+0418;CYRILLIC CAPITAL LETTER I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER II;;;0438;
+0419;CYRILLIC CAPITAL LETTER SHORT I;Lu;0;L;0418 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT II;;;0439;
+041A;CYRILLIC CAPITAL LETTER KA;Lu;0;L;;;;;N;;;;043A;
+041B;CYRILLIC CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;043B;
+041C;CYRILLIC CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;043C;
+041D;CYRILLIC CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;043D;
+041E;CYRILLIC CAPITAL LETTER O;Lu;0;L;;;;;N;;;;043E;
+041F;CYRILLIC CAPITAL LETTER PE;Lu;0;L;;;;;N;;;;043F;
+0420;CYRILLIC CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;0440;
+0421;CYRILLIC CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;0441;
+0422;CYRILLIC CAPITAL LETTER TE;Lu;0;L;;;;;N;;;;0442;
+0423;CYRILLIC CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0443;
+0424;CYRILLIC CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;0444;
+0425;CYRILLIC CAPITAL LETTER HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA;;;0445;
+0426;CYRILLIC CAPITAL LETTER TSE;Lu;0;L;;;;;N;;;;0446;
+0427;CYRILLIC CAPITAL LETTER CHE;Lu;0;L;;;;;N;;;;0447;
+0428;CYRILLIC CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0448;
+0429;CYRILLIC CAPITAL LETTER SHCHA;Lu;0;L;;;;;N;;;;0449;
+042A;CYRILLIC CAPITAL LETTER HARD SIGN;Lu;0;L;;;;;N;;;;044A;
+042B;CYRILLIC CAPITAL LETTER YERU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER YERI;;;044B;
+042C;CYRILLIC CAPITAL LETTER SOFT SIGN;Lu;0;L;;;;;N;;;;044C;
+042D;CYRILLIC CAPITAL LETTER E;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED E;;;044D;
+042E;CYRILLIC CAPITAL LETTER YU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IU;;;044E;
+042F;CYRILLIC CAPITAL LETTER YA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IA;;;044F;
+0430;CYRILLIC SMALL LETTER A;Ll;0;L;;;;;N;;;0410;;0410
+0431;CYRILLIC SMALL LETTER BE;Ll;0;L;;;;;N;;;0411;;0411
+0432;CYRILLIC SMALL LETTER VE;Ll;0;L;;;;;N;;;0412;;0412
+0433;CYRILLIC SMALL LETTER GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE;;0413;;0413
+0434;CYRILLIC SMALL LETTER DE;Ll;0;L;;;;;N;;;0414;;0414
+0435;CYRILLIC SMALL LETTER IE;Ll;0;L;;;;;N;;;0415;;0415
+0436;CYRILLIC SMALL LETTER ZHE;Ll;0;L;;;;;N;;;0416;;0416
+0437;CYRILLIC SMALL LETTER ZE;Ll;0;L;;;;;N;;;0417;;0417
+0438;CYRILLIC SMALL LETTER I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER II;;0418;;0418
+0439;CYRILLIC SMALL LETTER SHORT I;Ll;0;L;0438 0306;;;;N;CYRILLIC SMALL LETTER SHORT II;;0419;;0419
+043A;CYRILLIC SMALL LETTER KA;Ll;0;L;;;;;N;;;041A;;041A
+043B;CYRILLIC SMALL LETTER EL;Ll;0;L;;;;;N;;;041B;;041B
+043C;CYRILLIC SMALL LETTER EM;Ll;0;L;;;;;N;;;041C;;041C
+043D;CYRILLIC SMALL LETTER EN;Ll;0;L;;;;;N;;;041D;;041D
+043E;CYRILLIC SMALL LETTER O;Ll;0;L;;;;;N;;;041E;;041E
+043F;CYRILLIC SMALL LETTER PE;Ll;0;L;;;;;N;;;041F;;041F
+0440;CYRILLIC SMALL LETTER ER;Ll;0;L;;;;;N;;;0420;;0420
+0441;CYRILLIC SMALL LETTER ES;Ll;0;L;;;;;N;;;0421;;0421
+0442;CYRILLIC SMALL LETTER TE;Ll;0;L;;;;;N;;;0422;;0422
+0443;CYRILLIC SMALL LETTER U;Ll;0;L;;;;;N;;;0423;;0423
+0444;CYRILLIC SMALL LETTER EF;Ll;0;L;;;;;N;;;0424;;0424
+0445;CYRILLIC SMALL LETTER HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA;;0425;;0425
+0446;CYRILLIC SMALL LETTER TSE;Ll;0;L;;;;;N;;;0426;;0426
+0447;CYRILLIC SMALL LETTER CHE;Ll;0;L;;;;;N;;;0427;;0427
+0448;CYRILLIC SMALL LETTER SHA;Ll;0;L;;;;;N;;;0428;;0428
+0449;CYRILLIC SMALL LETTER SHCHA;Ll;0;L;;;;;N;;;0429;;0429
+044A;CYRILLIC SMALL LETTER HARD SIGN;Ll;0;L;;;;;N;;;042A;;042A
+044B;CYRILLIC SMALL LETTER YERU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER YERI;;042B;;042B
+044C;CYRILLIC SMALL LETTER SOFT SIGN;Ll;0;L;;;;;N;;;042C;;042C
+044D;CYRILLIC SMALL LETTER E;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED E;;042D;;042D
+044E;CYRILLIC SMALL LETTER YU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IU;;042E;;042E
+044F;CYRILLIC SMALL LETTER YA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IA;;042F;;042F
+0450;CYRILLIC SMALL LETTER IE WITH GRAVE;Ll;0;L;0435 0300;;;;N;;;0400;;0400
+0451;CYRILLIC SMALL LETTER IO;Ll;0;L;0435 0308;;;;N;;;0401;;0401
+0452;CYRILLIC SMALL LETTER DJE;Ll;0;L;;;;;N;;Serbocroatian;0402;;0402
+0453;CYRILLIC SMALL LETTER GJE;Ll;0;L;0433 0301;;;;N;;;0403;;0403
+0454;CYRILLIC SMALL LETTER UKRAINIAN IE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER E;;0404;;0404
+0455;CYRILLIC SMALL LETTER DZE;Ll;0;L;;;;;N;;;0405;;0405
+0456;CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER I;;0406;;0406
+0457;CYRILLIC SMALL LETTER YI;Ll;0;L;0456 0308;;;;N;;Ukrainian;0407;;0407
+0458;CYRILLIC SMALL LETTER JE;Ll;0;L;;;;;N;;;0408;;0408
+0459;CYRILLIC SMALL LETTER LJE;Ll;0;L;;;;;N;;;0409;;0409
+045A;CYRILLIC SMALL LETTER NJE;Ll;0;L;;;;;N;;;040A;;040A
+045B;CYRILLIC SMALL LETTER TSHE;Ll;0;L;;;;;N;;Serbocroatian;040B;;040B
+045C;CYRILLIC SMALL LETTER KJE;Ll;0;L;043A 0301;;;;N;;;040C;;040C
+045D;CYRILLIC SMALL LETTER I WITH GRAVE;Ll;0;L;0438 0300;;;;N;;;040D;;040D
+045E;CYRILLIC SMALL LETTER SHORT U;Ll;0;L;0443 0306;;;;N;;Byelorussian;040E;;040E
+045F;CYRILLIC SMALL LETTER DZHE;Ll;0;L;;;;;N;;;040F;;040F
+0460;CYRILLIC CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;0461;
+0461;CYRILLIC SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;0460;;0460
+0462;CYRILLIC CAPITAL LETTER YAT;Lu;0;L;;;;;N;;;;0463;
+0463;CYRILLIC SMALL LETTER YAT;Ll;0;L;;;;;N;;;0462;;0462
+0464;CYRILLIC CAPITAL LETTER IOTIFIED E;Lu;0;L;;;;;N;;;;0465;
+0465;CYRILLIC SMALL LETTER IOTIFIED E;Ll;0;L;;;;;N;;;0464;;0464
+0466;CYRILLIC CAPITAL LETTER LITTLE YUS;Lu;0;L;;;;;N;;;;0467;
+0467;CYRILLIC SMALL LETTER LITTLE YUS;Ll;0;L;;;;;N;;;0466;;0466
+0468;CYRILLIC CAPITAL LETTER IOTIFIED LITTLE YUS;Lu;0;L;;;;;N;;;;0469;
+0469;CYRILLIC SMALL LETTER IOTIFIED LITTLE YUS;Ll;0;L;;;;;N;;;0468;;0468
+046A;CYRILLIC CAPITAL LETTER BIG YUS;Lu;0;L;;;;;N;;;;046B;
+046B;CYRILLIC SMALL LETTER BIG YUS;Ll;0;L;;;;;N;;;046A;;046A
+046C;CYRILLIC CAPITAL LETTER IOTIFIED BIG YUS;Lu;0;L;;;;;N;;;;046D;
+046D;CYRILLIC SMALL LETTER IOTIFIED BIG YUS;Ll;0;L;;;;;N;;;046C;;046C
+046E;CYRILLIC CAPITAL LETTER KSI;Lu;0;L;;;;;N;;;;046F;
+046F;CYRILLIC SMALL LETTER KSI;Ll;0;L;;;;;N;;;046E;;046E
+0470;CYRILLIC CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;0471;
+0471;CYRILLIC SMALL LETTER PSI;Ll;0;L;;;;;N;;;0470;;0470
+0472;CYRILLIC CAPITAL LETTER FITA;Lu;0;L;;;;;N;;;;0473;
+0473;CYRILLIC SMALL LETTER FITA;Ll;0;L;;;;;N;;;0472;;0472
+0474;CYRILLIC CAPITAL LETTER IZHITSA;Lu;0;L;;;;;N;;;;0475;
+0475;CYRILLIC SMALL LETTER IZHITSA;Ll;0;L;;;;;N;;;0474;;0474
+0476;CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Lu;0;L;0474 030F;;;;N;CYRILLIC CAPITAL LETTER IZHITSA DOUBLE GRAVE;;;0477;
+0477;CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Ll;0;L;0475 030F;;;;N;CYRILLIC SMALL LETTER IZHITSA DOUBLE GRAVE;;0476;;0476
+0478;CYRILLIC CAPITAL LETTER UK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER UK DIGRAPH;;;0479;
+0479;CYRILLIC SMALL LETTER UK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER UK DIGRAPH;;0478;;0478
+047A;CYRILLIC CAPITAL LETTER ROUND OMEGA;Lu;0;L;;;;;N;;;;047B;
+047B;CYRILLIC SMALL LETTER ROUND OMEGA;Ll;0;L;;;;;N;;;047A;;047A
+047C;CYRILLIC CAPITAL LETTER OMEGA WITH TITLO;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER OMEGA TITLO;;;047D;
+047D;CYRILLIC SMALL LETTER OMEGA WITH TITLO;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER OMEGA TITLO;;047C;;047C
+047E;CYRILLIC CAPITAL LETTER OT;Lu;0;L;;;;;N;;;;047F;
+047F;CYRILLIC SMALL LETTER OT;Ll;0;L;;;;;N;;;047E;;047E
+0480;CYRILLIC CAPITAL LETTER KOPPA;Lu;0;L;;;;;N;;;;0481;
+0481;CYRILLIC SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;0480;;0480
+0482;CYRILLIC THOUSANDS SIGN;So;0;L;;;;;N;;;;;
+0483;COMBINING CYRILLIC TITLO;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING TITLO;;;;
+0484;COMBINING CYRILLIC PALATALIZATION;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PALATALIZATION;;;;
+0485;COMBINING CYRILLIC DASIA PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING DASIA PNEUMATA;;;;
+0486;COMBINING CYRILLIC PSILI PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PSILI PNEUMATA;;;;
+0488;COMBINING CYRILLIC HUNDRED THOUSANDS SIGN;Me;0;NSM;;;;;N;;;;;
+0489;COMBINING CYRILLIC MILLIONS SIGN;Me;0;NSM;;;;;N;;;;;
+048A;CYRILLIC CAPITAL LETTER SHORT I WITH TAIL;Lu;0;L;;;;;N;;;;048B;
+048B;CYRILLIC SMALL LETTER SHORT I WITH TAIL;Ll;0;L;;;;;N;;;048A;;048A
+048C;CYRILLIC CAPITAL LETTER SEMISOFT SIGN;Lu;0;L;;;;;N;;;;048D;
+048D;CYRILLIC SMALL LETTER SEMISOFT SIGN;Ll;0;L;;;;;N;;;048C;;048C
+048E;CYRILLIC CAPITAL LETTER ER WITH TICK;Lu;0;L;;;;;N;;;;048F;
+048F;CYRILLIC SMALL LETTER ER WITH TICK;Ll;0;L;;;;;N;;;048E;;048E
+0490;CYRILLIC CAPITAL LETTER GHE WITH UPTURN;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE WITH UPTURN;;;0491;
+0491;CYRILLIC SMALL LETTER GHE WITH UPTURN;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE WITH UPTURN;;0490;;0490
+0492;CYRILLIC CAPITAL LETTER GHE WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE BAR;;;0493;
+0493;CYRILLIC SMALL LETTER GHE WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE BAR;;0492;;0492
+0494;CYRILLIC CAPITAL LETTER GHE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE HOOK;;;0495;
+0495;CYRILLIC SMALL LETTER GHE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE HOOK;;0494;;0494
+0496;CYRILLIC CAPITAL LETTER ZHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZHE WITH RIGHT DESCENDER;;;0497;
+0497;CYRILLIC SMALL LETTER ZHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZHE WITH RIGHT DESCENDER;;0496;;0496
+0498;CYRILLIC CAPITAL LETTER ZE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZE CEDILLA;;;0499;
+0499;CYRILLIC SMALL LETTER ZE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZE CEDILLA;;0498;;0498
+049A;CYRILLIC CAPITAL LETTER KA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA WITH RIGHT DESCENDER;;;049B;
+049B;CYRILLIC SMALL LETTER KA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA WITH RIGHT DESCENDER;;049A;;049A
+049C;CYRILLIC CAPITAL LETTER KA WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA VERTICAL BAR;;;049D;
+049D;CYRILLIC SMALL LETTER KA WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA VERTICAL BAR;;049C;;049C
+049E;CYRILLIC CAPITAL LETTER KA WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA BAR;;;049F;
+049F;CYRILLIC SMALL LETTER KA WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA BAR;;049E;;049E
+04A0;CYRILLIC CAPITAL LETTER BASHKIR KA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED GE KA;;;04A1;
+04A1;CYRILLIC SMALL LETTER BASHKIR KA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED GE KA;;04A0;;04A0
+04A2;CYRILLIC CAPITAL LETTER EN WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN WITH RIGHT DESCENDER;;;04A3;
+04A3;CYRILLIC SMALL LETTER EN WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN WITH RIGHT DESCENDER;;04A2;;04A2
+04A4;CYRILLIC CAPITAL LIGATURE EN GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN GE;;;04A5;
+04A5;CYRILLIC SMALL LIGATURE EN GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN GE;;04A4;;04A4
+04A6;CYRILLIC CAPITAL LETTER PE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER PE HOOK;Abkhasian;;04A7;
+04A7;CYRILLIC SMALL LETTER PE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER PE HOOK;Abkhasian;04A6;;04A6
+04A8;CYRILLIC CAPITAL LETTER ABKHASIAN HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER O HOOK;;;04A9;
+04A9;CYRILLIC SMALL LETTER ABKHASIAN HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER O HOOK;;04A8;;04A8
+04AA;CYRILLIC CAPITAL LETTER ES WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ES CEDILLA;;;04AB;
+04AB;CYRILLIC SMALL LETTER ES WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ES CEDILLA;;04AA;;04AA
+04AC;CYRILLIC CAPITAL LETTER TE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE WITH RIGHT DESCENDER;;;04AD;
+04AD;CYRILLIC SMALL LETTER TE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE WITH RIGHT DESCENDER;;04AC;;04AC
+04AE;CYRILLIC CAPITAL LETTER STRAIGHT U;Lu;0;L;;;;;N;;;;04AF;
+04AF;CYRILLIC SMALL LETTER STRAIGHT U;Ll;0;L;;;;;N;;;04AE;;04AE
+04B0;CYRILLIC CAPITAL LETTER STRAIGHT U WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER STRAIGHT U BAR;;;04B1;
+04B1;CYRILLIC SMALL LETTER STRAIGHT U WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER STRAIGHT U BAR;;04B0;;04B0
+04B2;CYRILLIC CAPITAL LETTER HA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA WITH RIGHT DESCENDER;;;04B3;
+04B3;CYRILLIC SMALL LETTER HA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA WITH RIGHT DESCENDER;;04B2;;04B2
+04B4;CYRILLIC CAPITAL LIGATURE TE TSE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE TSE;Abkhasian;;04B5;
+04B5;CYRILLIC SMALL LIGATURE TE TSE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE TSE;Abkhasian;04B4;;04B4
+04B6;CYRILLIC CAPITAL LETTER CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH RIGHT DESCENDER;;;04B7;
+04B7;CYRILLIC SMALL LETTER CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH RIGHT DESCENDER;;04B6;;04B6
+04B8;CYRILLIC CAPITAL LETTER CHE WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE VERTICAL BAR;;;04B9;
+04B9;CYRILLIC SMALL LETTER CHE WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE VERTICAL BAR;;04B8;;04B8
+04BA;CYRILLIC CAPITAL LETTER SHHA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER H;;;04BB;
+04BB;CYRILLIC SMALL LETTER SHHA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER H;;04BA;;04BA
+04BC;CYRILLIC CAPITAL LETTER ABKHASIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK;;;04BD;
+04BD;CYRILLIC SMALL LETTER ABKHASIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK;;04BC;;04BC
+04BE;CYRILLIC CAPITAL LETTER ABKHASIAN CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK OGONEK;;;04BF;
+04BF;CYRILLIC SMALL LETTER ABKHASIAN CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK OGONEK;;04BE;;04BE
+04C0;CYRILLIC LETTER PALOCHKA;Lu;0;L;;;;;N;CYRILLIC LETTER I;;;;
+04C1;CYRILLIC CAPITAL LETTER ZHE WITH BREVE;Lu;0;L;0416 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT ZHE;;;04C2;
+04C2;CYRILLIC SMALL LETTER ZHE WITH BREVE;Ll;0;L;0436 0306;;;;N;CYRILLIC SMALL LETTER SHORT ZHE;;04C1;;04C1
+04C3;CYRILLIC CAPITAL LETTER KA WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA HOOK;;;04C4;
+04C4;CYRILLIC SMALL LETTER KA WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA HOOK;;04C3;;04C3
+04C5;CYRILLIC CAPITAL LETTER EL WITH TAIL;Lu;0;L;;;;;N;;;;04C6;
+04C6;CYRILLIC SMALL LETTER EL WITH TAIL;Ll;0;L;;;;;N;;;04C5;;04C5
+04C7;CYRILLIC CAPITAL LETTER EN WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN HOOK;;;04C8;
+04C8;CYRILLIC SMALL LETTER EN WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN HOOK;;04C7;;04C7
+04C9;CYRILLIC CAPITAL LETTER EN WITH TAIL;Lu;0;L;;;;;N;;;;04CA;
+04CA;CYRILLIC SMALL LETTER EN WITH TAIL;Ll;0;L;;;;;N;;;04C9;;04C9
+04CB;CYRILLIC CAPITAL LETTER KHAKASSIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH LEFT DESCENDER;;;04CC;
+04CC;CYRILLIC SMALL LETTER KHAKASSIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH LEFT DESCENDER;;04CB;;04CB
+04CD;CYRILLIC CAPITAL LETTER EM WITH TAIL;Lu;0;L;;;;;N;;;;04CE;
+04CE;CYRILLIC SMALL LETTER EM WITH TAIL;Ll;0;L;;;;;N;;;04CD;;04CD
+04D0;CYRILLIC CAPITAL LETTER A WITH BREVE;Lu;0;L;0410 0306;;;;N;;;;04D1;
+04D1;CYRILLIC SMALL LETTER A WITH BREVE;Ll;0;L;0430 0306;;;;N;;;04D0;;04D0
+04D2;CYRILLIC CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0410 0308;;;;N;;;;04D3;
+04D3;CYRILLIC SMALL LETTER A WITH DIAERESIS;Ll;0;L;0430 0308;;;;N;;;04D2;;04D2
+04D4;CYRILLIC CAPITAL LIGATURE A IE;Lu;0;L;;;;;N;;;;04D5;
+04D5;CYRILLIC SMALL LIGATURE A IE;Ll;0;L;;;;;N;;;04D4;;04D4
+04D6;CYRILLIC CAPITAL LETTER IE WITH BREVE;Lu;0;L;0415 0306;;;;N;;;;04D7;
+04D7;CYRILLIC SMALL LETTER IE WITH BREVE;Ll;0;L;0435 0306;;;;N;;;04D6;;04D6
+04D8;CYRILLIC CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;04D9;
+04D9;CYRILLIC SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;04D8;;04D8
+04DA;CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS;Lu;0;L;04D8 0308;;;;N;;;;04DB;
+04DB;CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS;Ll;0;L;04D9 0308;;;;N;;;04DA;;04DA
+04DC;CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS;Lu;0;L;0416 0308;;;;N;;;;04DD;
+04DD;CYRILLIC SMALL LETTER ZHE WITH DIAERESIS;Ll;0;L;0436 0308;;;;N;;;04DC;;04DC
+04DE;CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS;Lu;0;L;0417 0308;;;;N;;;;04DF;
+04DF;CYRILLIC SMALL LETTER ZE WITH DIAERESIS;Ll;0;L;0437 0308;;;;N;;;04DE;;04DE
+04E0;CYRILLIC CAPITAL LETTER ABKHASIAN DZE;Lu;0;L;;;;;N;;;;04E1;
+04E1;CYRILLIC SMALL LETTER ABKHASIAN DZE;Ll;0;L;;;;;N;;;04E0;;04E0
+04E2;CYRILLIC CAPITAL LETTER I WITH MACRON;Lu;0;L;0418 0304;;;;N;;;;04E3;
+04E3;CYRILLIC SMALL LETTER I WITH MACRON;Ll;0;L;0438 0304;;;;N;;;04E2;;04E2
+04E4;CYRILLIC CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0418 0308;;;;N;;;;04E5;
+04E5;CYRILLIC SMALL LETTER I WITH DIAERESIS;Ll;0;L;0438 0308;;;;N;;;04E4;;04E4
+04E6;CYRILLIC CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;041E 0308;;;;N;;;;04E7;
+04E7;CYRILLIC SMALL LETTER O WITH DIAERESIS;Ll;0;L;043E 0308;;;;N;;;04E6;;04E6
+04E8;CYRILLIC CAPITAL LETTER BARRED O;Lu;0;L;;;;;N;;;;04E9;
+04E9;CYRILLIC SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;04E8;;04E8
+04EA;CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS;Lu;0;L;04E8 0308;;;;N;;;;04EB;
+04EB;CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS;Ll;0;L;04E9 0308;;;;N;;;04EA;;04EA
+04EC;CYRILLIC CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;042D 0308;;;;N;;;;04ED;
+04ED;CYRILLIC SMALL LETTER E WITH DIAERESIS;Ll;0;L;044D 0308;;;;N;;;04EC;;04EC
+04EE;CYRILLIC CAPITAL LETTER U WITH MACRON;Lu;0;L;0423 0304;;;;N;;;;04EF;
+04EF;CYRILLIC SMALL LETTER U WITH MACRON;Ll;0;L;0443 0304;;;;N;;;04EE;;04EE
+04F0;CYRILLIC CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0423 0308;;;;N;;;;04F1;
+04F1;CYRILLIC SMALL LETTER U WITH DIAERESIS;Ll;0;L;0443 0308;;;;N;;;04F0;;04F0
+04F2;CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0423 030B;;;;N;;;;04F3;
+04F3;CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0443 030B;;;;N;;;04F2;;04F2
+04F4;CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS;Lu;0;L;0427 0308;;;;N;;;;04F5;
+04F5;CYRILLIC SMALL LETTER CHE WITH DIAERESIS;Ll;0;L;0447 0308;;;;N;;;04F4;;04F4
+04F8;CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS;Lu;0;L;042B 0308;;;;N;;;;04F9;
+04F9;CYRILLIC SMALL LETTER YERU WITH DIAERESIS;Ll;0;L;044B 0308;;;;N;;;04F8;;04F8
+0500;CYRILLIC CAPITAL LETTER KOMI DE;Lu;0;L;;;;;N;;;;0501;
+0501;CYRILLIC SMALL LETTER KOMI DE;Ll;0;L;;;;;N;;;0500;;0500
+0502;CYRILLIC CAPITAL LETTER KOMI DJE;Lu;0;L;;;;;N;;;;0503;
+0503;CYRILLIC SMALL LETTER KOMI DJE;Ll;0;L;;;;;N;;;0502;;0502
+0504;CYRILLIC CAPITAL LETTER KOMI ZJE;Lu;0;L;;;;;N;;;;0505;
+0505;CYRILLIC SMALL LETTER KOMI ZJE;Ll;0;L;;;;;N;;;0504;;0504
+0506;CYRILLIC CAPITAL LETTER KOMI DZJE;Lu;0;L;;;;;N;;;;0507;
+0507;CYRILLIC SMALL LETTER KOMI DZJE;Ll;0;L;;;;;N;;;0506;;0506
+0508;CYRILLIC CAPITAL LETTER KOMI LJE;Lu;0;L;;;;;N;;;;0509;
+0509;CYRILLIC SMALL LETTER KOMI LJE;Ll;0;L;;;;;N;;;0508;;0508
+050A;CYRILLIC CAPITAL LETTER KOMI NJE;Lu;0;L;;;;;N;;;;050B;
+050B;CYRILLIC SMALL LETTER KOMI NJE;Ll;0;L;;;;;N;;;050A;;050A
+050C;CYRILLIC CAPITAL LETTER KOMI SJE;Lu;0;L;;;;;N;;;;050D;
+050D;CYRILLIC SMALL LETTER KOMI SJE;Ll;0;L;;;;;N;;;050C;;050C
+050E;CYRILLIC CAPITAL LETTER KOMI TJE;Lu;0;L;;;;;N;;;;050F;
+050F;CYRILLIC SMALL LETTER KOMI TJE;Ll;0;L;;;;;N;;;050E;;050E
+0531;ARMENIAN CAPITAL LETTER AYB;Lu;0;L;;;;;N;;;;0561;
+0532;ARMENIAN CAPITAL LETTER BEN;Lu;0;L;;;;;N;;;;0562;
+0533;ARMENIAN CAPITAL LETTER GIM;Lu;0;L;;;;;N;;;;0563;
+0534;ARMENIAN CAPITAL LETTER DA;Lu;0;L;;;;;N;;;;0564;
+0535;ARMENIAN CAPITAL LETTER ECH;Lu;0;L;;;;;N;;;;0565;
+0536;ARMENIAN CAPITAL LETTER ZA;Lu;0;L;;;;;N;;;;0566;
+0537;ARMENIAN CAPITAL LETTER EH;Lu;0;L;;;;;N;;;;0567;
+0538;ARMENIAN CAPITAL LETTER ET;Lu;0;L;;;;;N;;;;0568;
+0539;ARMENIAN CAPITAL LETTER TO;Lu;0;L;;;;;N;;;;0569;
+053A;ARMENIAN CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;056A;
+053B;ARMENIAN CAPITAL LETTER INI;Lu;0;L;;;;;N;;;;056B;
+053C;ARMENIAN CAPITAL LETTER LIWN;Lu;0;L;;;;;N;;;;056C;
+053D;ARMENIAN CAPITAL LETTER XEH;Lu;0;L;;;;;N;;;;056D;
+053E;ARMENIAN CAPITAL LETTER CA;Lu;0;L;;;;;N;;;;056E;
+053F;ARMENIAN CAPITAL LETTER KEN;Lu;0;L;;;;;N;;;;056F;
+0540;ARMENIAN CAPITAL LETTER HO;Lu;0;L;;;;;N;;;;0570;
+0541;ARMENIAN CAPITAL LETTER JA;Lu;0;L;;;;;N;;;;0571;
+0542;ARMENIAN CAPITAL LETTER GHAD;Lu;0;L;;;;;N;ARMENIAN CAPITAL LETTER LAD;;;0572;
+0543;ARMENIAN CAPITAL LETTER CHEH;Lu;0;L;;;;;N;;;;0573;
+0544;ARMENIAN CAPITAL LETTER MEN;Lu;0;L;;;;;N;;;;0574;
+0545;ARMENIAN CAPITAL LETTER YI;Lu;0;L;;;;;N;;;;0575;
+0546;ARMENIAN CAPITAL LETTER NOW;Lu;0;L;;;;;N;;;;0576;
+0547;ARMENIAN CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0577;
+0548;ARMENIAN CAPITAL LETTER VO;Lu;0;L;;;;;N;;;;0578;
+0549;ARMENIAN CAPITAL LETTER CHA;Lu;0;L;;;;;N;;;;0579;
+054A;ARMENIAN CAPITAL LETTER PEH;Lu;0;L;;;;;N;;;;057A;
+054B;ARMENIAN CAPITAL LETTER JHEH;Lu;0;L;;;;;N;;;;057B;
+054C;ARMENIAN CAPITAL LETTER RA;Lu;0;L;;;;;N;;;;057C;
+054D;ARMENIAN CAPITAL LETTER SEH;Lu;0;L;;;;;N;;;;057D;
+054E;ARMENIAN CAPITAL LETTER VEW;Lu;0;L;;;;;N;;;;057E;
+054F;ARMENIAN CAPITAL LETTER TIWN;Lu;0;L;;;;;N;;;;057F;
+0550;ARMENIAN CAPITAL LETTER REH;Lu;0;L;;;;;N;;;;0580;
+0551;ARMENIAN CAPITAL LETTER CO;Lu;0;L;;;;;N;;;;0581;
+0552;ARMENIAN CAPITAL LETTER YIWN;Lu;0;L;;;;;N;;;;0582;
+0553;ARMENIAN CAPITAL LETTER PIWR;Lu;0;L;;;;;N;;;;0583;
+0554;ARMENIAN CAPITAL LETTER KEH;Lu;0;L;;;;;N;;;;0584;
+0555;ARMENIAN CAPITAL LETTER OH;Lu;0;L;;;;;N;;;;0585;
+0556;ARMENIAN CAPITAL LETTER FEH;Lu;0;L;;;;;N;;;;0586;
+0559;ARMENIAN MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;;
+055A;ARMENIAN APOSTROPHE;Po;0;L;;;;;N;ARMENIAN MODIFIER LETTER RIGHT HALF RING;;;;
+055B;ARMENIAN EMPHASIS MARK;Po;0;L;;;;;N;;;;;
+055C;ARMENIAN EXCLAMATION MARK;Po;0;L;;;;;N;;;;;
+055D;ARMENIAN COMMA;Po;0;L;;;;;N;;;;;
+055E;ARMENIAN QUESTION MARK;Po;0;L;;;;;N;;;;;
+055F;ARMENIAN ABBREVIATION MARK;Po;0;L;;;;;N;;;;;
+0561;ARMENIAN SMALL LETTER AYB;Ll;0;L;;;;;N;;;0531;;0531
+0562;ARMENIAN SMALL LETTER BEN;Ll;0;L;;;;;N;;;0532;;0532
+0563;ARMENIAN SMALL LETTER GIM;Ll;0;L;;;;;N;;;0533;;0533
+0564;ARMENIAN SMALL LETTER DA;Ll;0;L;;;;;N;;;0534;;0534
+0565;ARMENIAN SMALL LETTER ECH;Ll;0;L;;;;;N;;;0535;;0535
+0566;ARMENIAN SMALL LETTER ZA;Ll;0;L;;;;;N;;;0536;;0536
+0567;ARMENIAN SMALL LETTER EH;Ll;0;L;;;;;N;;;0537;;0537
+0568;ARMENIAN SMALL LETTER ET;Ll;0;L;;;;;N;;;0538;;0538
+0569;ARMENIAN SMALL LETTER TO;Ll;0;L;;;;;N;;;0539;;0539
+056A;ARMENIAN SMALL LETTER ZHE;Ll;0;L;;;;;N;;;053A;;053A
+056B;ARMENIAN SMALL LETTER INI;Ll;0;L;;;;;N;;;053B;;053B
+056C;ARMENIAN SMALL LETTER LIWN;Ll;0;L;;;;;N;;;053C;;053C
+056D;ARMENIAN SMALL LETTER XEH;Ll;0;L;;;;;N;;;053D;;053D
+056E;ARMENIAN SMALL LETTER CA;Ll;0;L;;;;;N;;;053E;;053E
+056F;ARMENIAN SMALL LETTER KEN;Ll;0;L;;;;;N;;;053F;;053F
+0570;ARMENIAN SMALL LETTER HO;Ll;0;L;;;;;N;;;0540;;0540
+0571;ARMENIAN SMALL LETTER JA;Ll;0;L;;;;;N;;;0541;;0541
+0572;ARMENIAN SMALL LETTER GHAD;Ll;0;L;;;;;N;ARMENIAN SMALL LETTER LAD;;0542;;0542
+0573;ARMENIAN SMALL LETTER CHEH;Ll;0;L;;;;;N;;;0543;;0543
+0574;ARMENIAN SMALL LETTER MEN;Ll;0;L;;;;;N;;;0544;;0544
+0575;ARMENIAN SMALL LETTER YI;Ll;0;L;;;;;N;;;0545;;0545
+0576;ARMENIAN SMALL LETTER NOW;Ll;0;L;;;;;N;;;0546;;0546
+0577;ARMENIAN SMALL LETTER SHA;Ll;0;L;;;;;N;;;0547;;0547
+0578;ARMENIAN SMALL LETTER VO;Ll;0;L;;;;;N;;;0548;;0548
+0579;ARMENIAN SMALL LETTER CHA;Ll;0;L;;;;;N;;;0549;;0549
+057A;ARMENIAN SMALL LETTER PEH;Ll;0;L;;;;;N;;;054A;;054A
+057B;ARMENIAN SMALL LETTER JHEH;Ll;0;L;;;;;N;;;054B;;054B
+057C;ARMENIAN SMALL LETTER RA;Ll;0;L;;;;;N;;;054C;;054C
+057D;ARMENIAN SMALL LETTER SEH;Ll;0;L;;;;;N;;;054D;;054D
+057E;ARMENIAN SMALL LETTER VEW;Ll;0;L;;;;;N;;;054E;;054E
+057F;ARMENIAN SMALL LETTER TIWN;Ll;0;L;;;;;N;;;054F;;054F
+0580;ARMENIAN SMALL LETTER REH;Ll;0;L;;;;;N;;;0550;;0550
+0581;ARMENIAN SMALL LETTER CO;Ll;0;L;;;;;N;;;0551;;0551
+0582;ARMENIAN SMALL LETTER YIWN;Ll;0;L;;;;;N;;;0552;;0552
+0583;ARMENIAN SMALL LETTER PIWR;Ll;0;L;;;;;N;;;0553;;0553
+0584;ARMENIAN SMALL LETTER KEH;Ll;0;L;;;;;N;;;0554;;0554
+0585;ARMENIAN SMALL LETTER OH;Ll;0;L;;;;;N;;;0555;;0555
+0586;ARMENIAN SMALL LETTER FEH;Ll;0;L;;;;;N;;;0556;;0556
+0587;ARMENIAN SMALL LIGATURE ECH YIWN;Ll;0;L;<compat> 0565 0582;;;;N;;;;;
+0589;ARMENIAN FULL STOP;Po;0;L;;;;;N;ARMENIAN PERIOD;;;;
+058A;ARMENIAN HYPHEN;Pd;0;ON;;;;;N;;;;;
+0591;HEBREW ACCENT ETNAHTA;Mn;220;NSM;;;;;N;;;;;
+0592;HEBREW ACCENT SEGOL;Mn;230;NSM;;;;;N;;;;;
+0593;HEBREW ACCENT SHALSHELET;Mn;230;NSM;;;;;N;;;;;
+0594;HEBREW ACCENT ZAQEF QATAN;Mn;230;NSM;;;;;N;;;;;
+0595;HEBREW ACCENT ZAQEF GADOL;Mn;230;NSM;;;;;N;;;;;
+0596;HEBREW ACCENT TIPEHA;Mn;220;NSM;;;;;N;;*;;;
+0597;HEBREW ACCENT REVIA;Mn;230;NSM;;;;;N;;;;;
+0598;HEBREW ACCENT ZARQA;Mn;230;NSM;;;;;N;;*;;;
+0599;HEBREW ACCENT PASHTA;Mn;230;NSM;;;;;N;;;;;
+059A;HEBREW ACCENT YETIV;Mn;222;NSM;;;;;N;;;;;
+059B;HEBREW ACCENT TEVIR;Mn;220;NSM;;;;;N;;;;;
+059C;HEBREW ACCENT GERESH;Mn;230;NSM;;;;;N;;;;;
+059D;HEBREW ACCENT GERESH MUQDAM;Mn;230;NSM;;;;;N;;;;;
+059E;HEBREW ACCENT GERSHAYIM;Mn;230;NSM;;;;;N;;;;;
+059F;HEBREW ACCENT QARNEY PARA;Mn;230;NSM;;;;;N;;;;;
+05A0;HEBREW ACCENT TELISHA GEDOLA;Mn;230;NSM;;;;;N;;;;;
+05A1;HEBREW ACCENT PAZER;Mn;230;NSM;;;;;N;;;;;
+05A3;HEBREW ACCENT MUNAH;Mn;220;NSM;;;;;N;;;;;
+05A4;HEBREW ACCENT MAHAPAKH;Mn;220;NSM;;;;;N;;;;;
+05A5;HEBREW ACCENT MERKHA;Mn;220;NSM;;;;;N;;*;;;
+05A6;HEBREW ACCENT MERKHA KEFULA;Mn;220;NSM;;;;;N;;;;;
+05A7;HEBREW ACCENT DARGA;Mn;220;NSM;;;;;N;;;;;
+05A8;HEBREW ACCENT QADMA;Mn;230;NSM;;;;;N;;*;;;
+05A9;HEBREW ACCENT TELISHA QETANA;Mn;230;NSM;;;;;N;;;;;
+05AA;HEBREW ACCENT YERAH BEN YOMO;Mn;220;NSM;;;;;N;;*;;;
+05AB;HEBREW ACCENT OLE;Mn;230;NSM;;;;;N;;;;;
+05AC;HEBREW ACCENT ILUY;Mn;230;NSM;;;;;N;;;;;
+05AD;HEBREW ACCENT DEHI;Mn;222;NSM;;;;;N;;;;;
+05AE;HEBREW ACCENT ZINOR;Mn;228;NSM;;;;;N;;;;;
+05AF;HEBREW MARK MASORA CIRCLE;Mn;230;NSM;;;;;N;;;;;
+05B0;HEBREW POINT SHEVA;Mn;10;NSM;;;;;N;;;;;
+05B1;HEBREW POINT HATAF SEGOL;Mn;11;NSM;;;;;N;;;;;
+05B2;HEBREW POINT HATAF PATAH;Mn;12;NSM;;;;;N;;;;;
+05B3;HEBREW POINT HATAF QAMATS;Mn;13;NSM;;;;;N;;;;;
+05B4;HEBREW POINT HIRIQ;Mn;14;NSM;;;;;N;;;;;
+05B5;HEBREW POINT TSERE;Mn;15;NSM;;;;;N;;;;;
+05B6;HEBREW POINT SEGOL;Mn;16;NSM;;;;;N;;;;;
+05B7;HEBREW POINT PATAH;Mn;17;NSM;;;;;N;;;;;
+05B8;HEBREW POINT QAMATS;Mn;18;NSM;;;;;N;;;;;
+05B9;HEBREW POINT HOLAM;Mn;19;NSM;;;;;N;;;;;
+05BB;HEBREW POINT QUBUTS;Mn;20;NSM;;;;;N;;;;;
+05BC;HEBREW POINT DAGESH OR MAPIQ;Mn;21;NSM;;;;;N;HEBREW POINT DAGESH;or shuruq;;;
+05BD;HEBREW POINT METEG;Mn;22;NSM;;;;;N;;*;;;
+05BE;HEBREW PUNCTUATION MAQAF;Po;0;R;;;;;N;;;;;
+05BF;HEBREW POINT RAFE;Mn;23;NSM;;;;;N;;;;;
+05C0;HEBREW PUNCTUATION PASEQ;Po;0;R;;;;;N;HEBREW POINT PASEQ;*;;;
+05C1;HEBREW POINT SHIN DOT;Mn;24;NSM;;;;;N;;;;;
+05C2;HEBREW POINT SIN DOT;Mn;25;NSM;;;;;N;;;;;
+05C3;HEBREW PUNCTUATION SOF PASUQ;Po;0;R;;;;;N;;*;;;
+05C4;HEBREW MARK UPPER DOT;Mn;230;NSM;;;;;N;;;;;
+05D0;HEBREW LETTER ALEF;Lo;0;R;;;;;N;;;;;
+05D1;HEBREW LETTER BET;Lo;0;R;;;;;N;;;;;
+05D2;HEBREW LETTER GIMEL;Lo;0;R;;;;;N;;;;;
+05D3;HEBREW LETTER DALET;Lo;0;R;;;;;N;;;;;
+05D4;HEBREW LETTER HE;Lo;0;R;;;;;N;;;;;
+05D5;HEBREW LETTER VAV;Lo;0;R;;;;;N;;;;;
+05D6;HEBREW LETTER ZAYIN;Lo;0;R;;;;;N;;;;;
+05D7;HEBREW LETTER HET;Lo;0;R;;;;;N;;;;;
+05D8;HEBREW LETTER TET;Lo;0;R;;;;;N;;;;;
+05D9;HEBREW LETTER YOD;Lo;0;R;;;;;N;;;;;
+05DA;HEBREW LETTER FINAL KAF;Lo;0;R;;;;;N;;;;;
+05DB;HEBREW LETTER KAF;Lo;0;R;;;;;N;;;;;
+05DC;HEBREW LETTER LAMED;Lo;0;R;;;;;N;;;;;
+05DD;HEBREW LETTER FINAL MEM;Lo;0;R;;;;;N;;;;;
+05DE;HEBREW LETTER MEM;Lo;0;R;;;;;N;;;;;
+05DF;HEBREW LETTER FINAL NUN;Lo;0;R;;;;;N;;;;;
+05E0;HEBREW LETTER NUN;Lo;0;R;;;;;N;;;;;
+05E1;HEBREW LETTER SAMEKH;Lo;0;R;;;;;N;;;;;
+05E2;HEBREW LETTER AYIN;Lo;0;R;;;;;N;;;;;
+05E3;HEBREW LETTER FINAL PE;Lo;0;R;;;;;N;;;;;
+05E4;HEBREW LETTER PE;Lo;0;R;;;;;N;;;;;
+05E5;HEBREW LETTER FINAL TSADI;Lo;0;R;;;;;N;;;;;
+05E6;HEBREW LETTER TSADI;Lo;0;R;;;;;N;;;;;
+05E7;HEBREW LETTER QOF;Lo;0;R;;;;;N;;;;;
+05E8;HEBREW LETTER RESH;Lo;0;R;;;;;N;;;;;
+05E9;HEBREW LETTER SHIN;Lo;0;R;;;;;N;;;;;
+05EA;HEBREW LETTER TAV;Lo;0;R;;;;;N;;;;;
+05F0;HEBREW LIGATURE YIDDISH DOUBLE VAV;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE VAV;;;;
+05F1;HEBREW LIGATURE YIDDISH VAV YOD;Lo;0;R;;;;;N;HEBREW LETTER VAV YOD;;;;
+05F2;HEBREW LIGATURE YIDDISH DOUBLE YOD;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE YOD;;;;
+05F3;HEBREW PUNCTUATION GERESH;Po;0;R;;;;;N;;;;;
+05F4;HEBREW PUNCTUATION GERSHAYIM;Po;0;R;;;;;N;;;;;
+060C;ARABIC COMMA;Po;0;CS;;;;;N;;;;;
+061B;ARABIC SEMICOLON;Po;0;AL;;;;;N;;;;;
+061F;ARABIC QUESTION MARK;Po;0;AL;;;;;N;;;;;
+0621;ARABIC LETTER HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH;;;;
+0622;ARABIC LETTER ALEF WITH MADDA ABOVE;Lo;0;AL;0627 0653;;;;N;ARABIC LETTER MADDAH ON ALEF;;;;
+0623;ARABIC LETTER ALEF WITH HAMZA ABOVE;Lo;0;AL;0627 0654;;;;N;ARABIC LETTER HAMZAH ON ALEF;;;;
+0624;ARABIC LETTER WAW WITH HAMZA ABOVE;Lo;0;AL;0648 0654;;;;N;ARABIC LETTER HAMZAH ON WAW;;;;
+0625;ARABIC LETTER ALEF WITH HAMZA BELOW;Lo;0;AL;0627 0655;;;;N;ARABIC LETTER HAMZAH UNDER ALEF;;;;
+0626;ARABIC LETTER YEH WITH HAMZA ABOVE;Lo;0;AL;064A 0654;;;;N;ARABIC LETTER HAMZAH ON YA;;;;
+0627;ARABIC LETTER ALEF;Lo;0;AL;;;;;N;;;;;
+0628;ARABIC LETTER BEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA;;;;
+0629;ARABIC LETTER TEH MARBUTA;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH;;;;
+062A;ARABIC LETTER TEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA;;;;
+062B;ARABIC LETTER THEH;Lo;0;AL;;;;;N;ARABIC LETTER THAA;;;;
+062C;ARABIC LETTER JEEM;Lo;0;AL;;;;;N;;;;;
+062D;ARABIC LETTER HAH;Lo;0;AL;;;;;N;ARABIC LETTER HAA;;;;
+062E;ARABIC LETTER KHAH;Lo;0;AL;;;;;N;ARABIC LETTER KHAA;;;;
+062F;ARABIC LETTER DAL;Lo;0;AL;;;;;N;;;;;
+0630;ARABIC LETTER THAL;Lo;0;AL;;;;;N;;;;;
+0631;ARABIC LETTER REH;Lo;0;AL;;;;;N;ARABIC LETTER RA;;;;
+0632;ARABIC LETTER ZAIN;Lo;0;AL;;;;;N;;;;;
+0633;ARABIC LETTER SEEN;Lo;0;AL;;;;;N;;;;;
+0634;ARABIC LETTER SHEEN;Lo;0;AL;;;;;N;;;;;
+0635;ARABIC LETTER SAD;Lo;0;AL;;;;;N;;;;;
+0636;ARABIC LETTER DAD;Lo;0;AL;;;;;N;;;;;
+0637;ARABIC LETTER TAH;Lo;0;AL;;;;;N;;;;;
+0638;ARABIC LETTER ZAH;Lo;0;AL;;;;;N;ARABIC LETTER DHAH;;;;
+0639;ARABIC LETTER AIN;Lo;0;AL;;;;;N;;;;;
+063A;ARABIC LETTER GHAIN;Lo;0;AL;;;;;N;;;;;
+0640;ARABIC TATWEEL;Lm;0;AL;;;;;N;;;;;
+0641;ARABIC LETTER FEH;Lo;0;AL;;;;;N;ARABIC LETTER FA;;;;
+0642;ARABIC LETTER QAF;Lo;0;AL;;;;;N;;;;;
+0643;ARABIC LETTER KAF;Lo;0;AL;;;;;N;ARABIC LETTER CAF;;;;
+0644;ARABIC LETTER LAM;Lo;0;AL;;;;;N;;;;;
+0645;ARABIC LETTER MEEM;Lo;0;AL;;;;;N;;;;;
+0646;ARABIC LETTER NOON;Lo;0;AL;;;;;N;;;;;
+0647;ARABIC LETTER HEH;Lo;0;AL;;;;;N;ARABIC LETTER HA;;;;
+0648;ARABIC LETTER WAW;Lo;0;AL;;;;;N;;;;;
+0649;ARABIC LETTER ALEF MAKSURA;Lo;0;AL;;;;;N;ARABIC LETTER ALEF MAQSURAH;;;;
+064A;ARABIC LETTER YEH;Lo;0;AL;;;;;N;ARABIC LETTER YA;;;;
+064B;ARABIC FATHATAN;Mn;27;NSM;;;;;N;;;;;
+064C;ARABIC DAMMATAN;Mn;28;NSM;;;;;N;;;;;
+064D;ARABIC KASRATAN;Mn;29;NSM;;;;;N;;;;;
+064E;ARABIC FATHA;Mn;30;NSM;;;;;N;ARABIC FATHAH;;;;
+064F;ARABIC DAMMA;Mn;31;NSM;;;;;N;ARABIC DAMMAH;;;;
+0650;ARABIC KASRA;Mn;32;NSM;;;;;N;ARABIC KASRAH;;;;
+0651;ARABIC SHADDA;Mn;33;NSM;;;;;N;ARABIC SHADDAH;;;;
+0652;ARABIC SUKUN;Mn;34;NSM;;;;;N;;;;;
+0653;ARABIC MADDAH ABOVE;Mn;230;NSM;;;;;N;;;;;
+0654;ARABIC HAMZA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0655;ARABIC HAMZA BELOW;Mn;220;NSM;;;;;N;;;;;
+0660;ARABIC-INDIC DIGIT ZERO;Nd;0;AN;;0;0;0;N;;;;;
+0661;ARABIC-INDIC DIGIT ONE;Nd;0;AN;;1;1;1;N;;;;;
+0662;ARABIC-INDIC DIGIT TWO;Nd;0;AN;;2;2;2;N;;;;;
+0663;ARABIC-INDIC DIGIT THREE;Nd;0;AN;;3;3;3;N;;;;;
+0664;ARABIC-INDIC DIGIT FOUR;Nd;0;AN;;4;4;4;N;;;;;
+0665;ARABIC-INDIC DIGIT FIVE;Nd;0;AN;;5;5;5;N;;;;;
+0666;ARABIC-INDIC DIGIT SIX;Nd;0;AN;;6;6;6;N;;;;;
+0667;ARABIC-INDIC DIGIT SEVEN;Nd;0;AN;;7;7;7;N;;;;;
+0668;ARABIC-INDIC DIGIT EIGHT;Nd;0;AN;;8;8;8;N;;;;;
+0669;ARABIC-INDIC DIGIT NINE;Nd;0;AN;;9;9;9;N;;;;;
+066A;ARABIC PERCENT SIGN;Po;0;ET;;;;;N;;;;;
+066B;ARABIC DECIMAL SEPARATOR;Po;0;AN;;;;;N;;;;;
+066C;ARABIC THOUSANDS SEPARATOR;Po;0;AN;;;;;N;;;;;
+066D;ARABIC FIVE POINTED STAR;Po;0;AL;;;;;N;;;;;
+066E;ARABIC LETTER DOTLESS BEH;Lo;0;AL;;;;;N;;;;;
+066F;ARABIC LETTER DOTLESS QAF;Lo;0;AL;;;;;N;;;;;
+0670;ARABIC LETTER SUPERSCRIPT ALEF;Mn;35;NSM;;;;;N;ARABIC ALEF ABOVE;;;;
+0671;ARABIC LETTER ALEF WASLA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAT WASL ON ALEF;;;;
+0672;ARABIC LETTER ALEF WITH WAVY HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH ON ALEF;;;;
+0673;ARABIC LETTER ALEF WITH WAVY HAMZA BELOW;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH UNDER ALEF;;;;
+0674;ARABIC LETTER HIGH HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HIGH HAMZAH;;;;
+0675;ARABIC LETTER HIGH HAMZA ALEF;Lo;0;AL;<compat> 0627 0674;;;;N;ARABIC LETTER HIGH HAMZAH ALEF;;;;
+0676;ARABIC LETTER HIGH HAMZA WAW;Lo;0;AL;<compat> 0648 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW;;;;
+0677;ARABIC LETTER U WITH HAMZA ABOVE;Lo;0;AL;<compat> 06C7 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW WITH DAMMAH;;;;
+0678;ARABIC LETTER HIGH HAMZA YEH;Lo;0;AL;<compat> 064A 0674;;;;N;ARABIC LETTER HIGH HAMZAH YA;;;;
+0679;ARABIC LETTER TTEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH SMALL TAH;;;;
+067A;ARABIC LETTER TTEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH TWO DOTS VERTICAL ABOVE;;;;
+067B;ARABIC LETTER BEEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH TWO DOTS VERTICAL BELOW;;;;
+067C;ARABIC LETTER TEH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH RING;;;;
+067D;ARABIC LETTER TEH WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS ABOVE DOWNWARD;;;;
+067E;ARABIC LETTER PEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS BELOW;;;;
+067F;ARABIC LETTER TEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH FOUR DOTS ABOVE;;;;
+0680;ARABIC LETTER BEHEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH FOUR DOTS BELOW;;;;
+0681;ARABIC LETTER HAH WITH HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH ON HAA;;;;
+0682;ARABIC LETTER HAH WITH TWO DOTS VERTICAL ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH TWO DOTS VERTICAL ABOVE;;;;
+0683;ARABIC LETTER NYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS;;;;
+0684;ARABIC LETTER DYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS VERTICAL;;;;
+0685;ARABIC LETTER HAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH THREE DOTS ABOVE;;;;
+0686;ARABIC LETTER TCHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE THREE DOTS DOWNWARD;;;;
+0687;ARABIC LETTER TCHEHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE FOUR DOTS;;;;
+0688;ARABIC LETTER DDAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH SMALL TAH;;;;
+0689;ARABIC LETTER DAL WITH RING;Lo;0;AL;;;;;N;;;;;
+068A;ARABIC LETTER DAL WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+068B;ARABIC LETTER DAL WITH DOT BELOW AND SMALL TAH;Lo;0;AL;;;;;N;;;;;
+068C;ARABIC LETTER DAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS ABOVE;;;;
+068D;ARABIC LETTER DDAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS BELOW;;;;
+068E;ARABIC LETTER DUL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE;;;;
+068F;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARD;;;;
+0690;ARABIC LETTER DAL WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+0691;ARABIC LETTER RREH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL TAH;;;;
+0692;ARABIC LETTER REH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V;;;;
+0693;ARABIC LETTER REH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH RING;;;;
+0694;ARABIC LETTER REH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW;;;;
+0695;ARABIC LETTER REH WITH SMALL V BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V BELOW;;;;
+0696;ARABIC LETTER REH WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW AND DOT ABOVE;;;;
+0697;ARABIC LETTER REH WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH TWO DOTS ABOVE;;;;
+0698;ARABIC LETTER JEH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH THREE DOTS ABOVE;;;;
+0699;ARABIC LETTER REH WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH FOUR DOTS ABOVE;;;;
+069A;ARABIC LETTER SEEN WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+069B;ARABIC LETTER SEEN WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+069C;ARABIC LETTER SEEN WITH THREE DOTS BELOW AND THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+069D;ARABIC LETTER SAD WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+069E;ARABIC LETTER SAD WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+069F;ARABIC LETTER TAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06A0;ARABIC LETTER AIN WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06A1;ARABIC LETTER DOTLESS FEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS FA;;;;
+06A2;ARABIC LETTER FEH WITH DOT MOVED BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT MOVED BELOW;;;;
+06A3;ARABIC LETTER FEH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT BELOW;;;;
+06A4;ARABIC LETTER VEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS ABOVE;;;;
+06A5;ARABIC LETTER FEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS BELOW;;;;
+06A6;ARABIC LETTER PEHEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH FOUR DOTS ABOVE;;;;
+06A7;ARABIC LETTER QAF WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06A8;ARABIC LETTER QAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06A9;ARABIC LETTER KEHEH;Lo;0;AL;;;;;N;ARABIC LETTER OPEN CAF;;;;
+06AA;ARABIC LETTER SWASH KAF;Lo;0;AL;;;;;N;ARABIC LETTER SWASH CAF;;;;
+06AB;ARABIC LETTER KAF WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH RING;;;;
+06AC;ARABIC LETTER KAF WITH DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH DOT ABOVE;;;;
+06AD;ARABIC LETTER NG;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS ABOVE;;;;
+06AE;ARABIC LETTER KAF WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS BELOW;;;;
+06AF;ARABIC LETTER GAF;Lo;0;AL;;;;;N;;*;;;
+06B0;ARABIC LETTER GAF WITH RING;Lo;0;AL;;;;;N;;;;;
+06B1;ARABIC LETTER NGOEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS ABOVE;;;;
+06B2;ARABIC LETTER GAF WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+06B3;ARABIC LETTER GUEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS VERTICAL BELOW;;;;
+06B4;ARABIC LETTER GAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06B5;ARABIC LETTER LAM WITH SMALL V;Lo;0;AL;;;;;N;;;;;
+06B6;ARABIC LETTER LAM WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06B7;ARABIC LETTER LAM WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06B8;ARABIC LETTER LAM WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;;
+06B9;ARABIC LETTER NOON WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06BA;ARABIC LETTER NOON GHUNNA;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON;;;;
+06BB;ARABIC LETTER RNOON;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON WITH SMALL TAH;;;;
+06BC;ARABIC LETTER NOON WITH RING;Lo;0;AL;;;;;N;;;;;
+06BD;ARABIC LETTER NOON WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06BE;ARABIC LETTER HEH DOACHASHMEE;Lo;0;AL;;;;;N;ARABIC LETTER KNOTTED HA;;;;
+06BF;ARABIC LETTER TCHEH WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06C0;ARABIC LETTER HEH WITH YEH ABOVE;Lo;0;AL;06D5 0654;;;;N;ARABIC LETTER HAMZAH ON HA;;;;
+06C1;ARABIC LETTER HEH GOAL;Lo;0;AL;;;;;N;ARABIC LETTER HA GOAL;;;;
+06C2;ARABIC LETTER HEH GOAL WITH HAMZA ABOVE;Lo;0;AL;06C1 0654;;;;N;ARABIC LETTER HAMZAH ON HA GOAL;;;;
+06C3;ARABIC LETTER TEH MARBUTA GOAL;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH GOAL;;;;
+06C4;ARABIC LETTER WAW WITH RING;Lo;0;AL;;;;;N;;;;;
+06C5;ARABIC LETTER KIRGHIZ OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH BAR;;;;
+06C6;ARABIC LETTER OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH SMALL V;;;;
+06C7;ARABIC LETTER U;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH DAMMAH;;;;
+06C8;ARABIC LETTER YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH ALEF ABOVE;;;;
+06C9;ARABIC LETTER KIRGHIZ YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH INVERTED SMALL V;;;;
+06CA;ARABIC LETTER WAW WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;;;;;
+06CB;ARABIC LETTER VE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH THREE DOTS ABOVE;;;;
+06CC;ARABIC LETTER FARSI YEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS YA;;;;
+06CD;ARABIC LETTER YEH WITH TAIL;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TAIL;;;;
+06CE;ARABIC LETTER YEH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH SMALL V;;;;
+06CF;ARABIC LETTER WAW WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;;
+06D0;ARABIC LETTER E;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TWO DOTS VERTICAL BELOW;*;;;
+06D1;ARABIC LETTER YEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH THREE DOTS BELOW;;;;
+06D2;ARABIC LETTER YEH BARREE;Lo;0;AL;;;;;N;ARABIC LETTER YA BARREE;;;;
+06D3;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE;Lo;0;AL;06D2 0654;;;;N;ARABIC LETTER HAMZAH ON YA BARREE;;;;
+06D4;ARABIC FULL STOP;Po;0;AL;;;;;N;ARABIC PERIOD;;;;
+06D5;ARABIC LETTER AE;Lo;0;AL;;;;;N;;;;;
+06D6;ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;;
+06D7;ARABIC SMALL HIGH LIGATURE QAF WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;;
+06D8;ARABIC SMALL HIGH MEEM INITIAL FORM;Mn;230;NSM;;;;;N;;;;;
+06D9;ARABIC SMALL HIGH LAM ALEF;Mn;230;NSM;;;;;N;;;;;
+06DA;ARABIC SMALL HIGH JEEM;Mn;230;NSM;;;;;N;;;;;
+06DB;ARABIC SMALL HIGH THREE DOTS;Mn;230;NSM;;;;;N;;;;;
+06DC;ARABIC SMALL HIGH SEEN;Mn;230;NSM;;;;;N;;;;;
+06DD;ARABIC END OF AYAH;Cf;0;AL;;;;;N;;;;;
+06DE;ARABIC START OF RUB EL HIZB;Me;0;NSM;;;;;N;;;;;
+06DF;ARABIC SMALL HIGH ROUNDED ZERO;Mn;230;NSM;;;;;N;;;;;
+06E0;ARABIC SMALL HIGH UPRIGHT RECTANGULAR ZERO;Mn;230;NSM;;;;;N;;;;;
+06E1;ARABIC SMALL HIGH DOTLESS HEAD OF KHAH;Mn;230;NSM;;;;;N;;;;;
+06E2;ARABIC SMALL HIGH MEEM ISOLATED FORM;Mn;230;NSM;;;;;N;;;;;
+06E3;ARABIC SMALL LOW SEEN;Mn;220;NSM;;;;;N;;;;;
+06E4;ARABIC SMALL HIGH MADDA;Mn;230;NSM;;;;;N;;;;;
+06E5;ARABIC SMALL WAW;Lm;0;AL;;;;;N;;;;;
+06E6;ARABIC SMALL YEH;Lm;0;AL;;;;;N;;;;;
+06E7;ARABIC SMALL HIGH YEH;Mn;230;NSM;;;;;N;;;;;
+06E8;ARABIC SMALL HIGH NOON;Mn;230;NSM;;;;;N;;;;;
+06E9;ARABIC PLACE OF SAJDAH;So;0;ON;;;;;N;;;;;
+06EA;ARABIC EMPTY CENTRE LOW STOP;Mn;220;NSM;;;;;N;;;;;
+06EB;ARABIC EMPTY CENTRE HIGH STOP;Mn;230;NSM;;;;;N;;;;;
+06EC;ARABIC ROUNDED HIGH STOP WITH FILLED CENTRE;Mn;230;NSM;;;;;N;;;;;
+06ED;ARABIC SMALL LOW MEEM;Mn;220;NSM;;;;;N;;;;;
+06F0;EXTENDED ARABIC-INDIC DIGIT ZERO;Nd;0;EN;;0;0;0;N;EASTERN ARABIC-INDIC DIGIT ZERO;;;;
+06F1;EXTENDED ARABIC-INDIC DIGIT ONE;Nd;0;EN;;1;1;1;N;EASTERN ARABIC-INDIC DIGIT ONE;;;;
+06F2;EXTENDED ARABIC-INDIC DIGIT TWO;Nd;0;EN;;2;2;2;N;EASTERN ARABIC-INDIC DIGIT TWO;;;;
+06F3;EXTENDED ARABIC-INDIC DIGIT THREE;Nd;0;EN;;3;3;3;N;EASTERN ARABIC-INDIC DIGIT THREE;;;;
+06F4;EXTENDED ARABIC-INDIC DIGIT FOUR;Nd;0;EN;;4;4;4;N;EASTERN ARABIC-INDIC DIGIT FOUR;;;;
+06F5;EXTENDED ARABIC-INDIC DIGIT FIVE;Nd;0;EN;;5;5;5;N;EASTERN ARABIC-INDIC DIGIT FIVE;;;;
+06F6;EXTENDED ARABIC-INDIC DIGIT SIX;Nd;0;EN;;6;6;6;N;EASTERN ARABIC-INDIC DIGIT SIX;;;;
+06F7;EXTENDED ARABIC-INDIC DIGIT SEVEN;Nd;0;EN;;7;7;7;N;EASTERN ARABIC-INDIC DIGIT SEVEN;;;;
+06F8;EXTENDED ARABIC-INDIC DIGIT EIGHT;Nd;0;EN;;8;8;8;N;EASTERN ARABIC-INDIC DIGIT EIGHT;;;;
+06F9;EXTENDED ARABIC-INDIC DIGIT NINE;Nd;0;EN;;9;9;9;N;EASTERN ARABIC-INDIC DIGIT NINE;;;;
+06FA;ARABIC LETTER SHEEN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06FB;ARABIC LETTER DAD WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06FC;ARABIC LETTER GHAIN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;;
+06FD;ARABIC SIGN SINDHI AMPERSAND;So;0;AL;;;;;N;;;;;
+06FE;ARABIC SIGN SINDHI POSTPOSITION MEN;So;0;AL;;;;;N;;;;;
+0700;SYRIAC END OF PARAGRAPH;Po;0;AL;;;;;N;;;;;
+0701;SYRIAC SUPRALINEAR FULL STOP;Po;0;AL;;;;;N;;;;;
+0702;SYRIAC SUBLINEAR FULL STOP;Po;0;AL;;;;;N;;;;;
+0703;SYRIAC SUPRALINEAR COLON;Po;0;AL;;;;;N;;;;;
+0704;SYRIAC SUBLINEAR COLON;Po;0;AL;;;;;N;;;;;
+0705;SYRIAC HORIZONTAL COLON;Po;0;AL;;;;;N;;;;;
+0706;SYRIAC COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;;
+0707;SYRIAC COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;;
+0708;SYRIAC SUPRALINEAR COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;;
+0709;SYRIAC SUBLINEAR COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;;
+070A;SYRIAC CONTRACTION;Po;0;AL;;;;;N;;;;;
+070B;SYRIAC HARKLEAN OBELUS;Po;0;AL;;;;;N;;;;;
+070C;SYRIAC HARKLEAN METOBELUS;Po;0;AL;;;;;N;;;;;
+070D;SYRIAC HARKLEAN ASTERISCUS;Po;0;AL;;;;;N;;;;;
+070F;SYRIAC ABBREVIATION MARK;Cf;0;BN;;;;;N;;;;;
+0710;SYRIAC LETTER ALAPH;Lo;0;AL;;;;;N;;;;;
+0711;SYRIAC LETTER SUPERSCRIPT ALAPH;Mn;36;NSM;;;;;N;;;;;
+0712;SYRIAC LETTER BETH;Lo;0;AL;;;;;N;;;;;
+0713;SYRIAC LETTER GAMAL;Lo;0;AL;;;;;N;;;;;
+0714;SYRIAC LETTER GAMAL GARSHUNI;Lo;0;AL;;;;;N;;;;;
+0715;SYRIAC LETTER DALATH;Lo;0;AL;;;;;N;;;;;
+0716;SYRIAC LETTER DOTLESS DALATH RISH;Lo;0;AL;;;;;N;;;;;
+0717;SYRIAC LETTER HE;Lo;0;AL;;;;;N;;;;;
+0718;SYRIAC LETTER WAW;Lo;0;AL;;;;;N;;;;;
+0719;SYRIAC LETTER ZAIN;Lo;0;AL;;;;;N;;;;;
+071A;SYRIAC LETTER HETH;Lo;0;AL;;;;;N;;;;;
+071B;SYRIAC LETTER TETH;Lo;0;AL;;;;;N;;;;;
+071C;SYRIAC LETTER TETH GARSHUNI;Lo;0;AL;;;;;N;;;;;
+071D;SYRIAC LETTER YUDH;Lo;0;AL;;;;;N;;;;;
+071E;SYRIAC LETTER YUDH HE;Lo;0;AL;;;;;N;;;;;
+071F;SYRIAC LETTER KAPH;Lo;0;AL;;;;;N;;;;;
+0720;SYRIAC LETTER LAMADH;Lo;0;AL;;;;;N;;;;;
+0721;SYRIAC LETTER MIM;Lo;0;AL;;;;;N;;;;;
+0722;SYRIAC LETTER NUN;Lo;0;AL;;;;;N;;;;;
+0723;SYRIAC LETTER SEMKATH;Lo;0;AL;;;;;N;;;;;
+0724;SYRIAC LETTER FINAL SEMKATH;Lo;0;AL;;;;;N;;;;;
+0725;SYRIAC LETTER E;Lo;0;AL;;;;;N;;;;;
+0726;SYRIAC LETTER PE;Lo;0;AL;;;;;N;;;;;
+0727;SYRIAC LETTER REVERSED PE;Lo;0;AL;;;;;N;;;;;
+0728;SYRIAC LETTER SADHE;Lo;0;AL;;;;;N;;;;;
+0729;SYRIAC LETTER QAPH;Lo;0;AL;;;;;N;;;;;
+072A;SYRIAC LETTER RISH;Lo;0;AL;;;;;N;;;;;
+072B;SYRIAC LETTER SHIN;Lo;0;AL;;;;;N;;;;;
+072C;SYRIAC LETTER TAW;Lo;0;AL;;;;;N;;;;;
+0730;SYRIAC PTHAHA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0731;SYRIAC PTHAHA BELOW;Mn;220;NSM;;;;;N;;;;;
+0732;SYRIAC PTHAHA DOTTED;Mn;230;NSM;;;;;N;;;;;
+0733;SYRIAC ZQAPHA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0734;SYRIAC ZQAPHA BELOW;Mn;220;NSM;;;;;N;;;;;
+0735;SYRIAC ZQAPHA DOTTED;Mn;230;NSM;;;;;N;;;;;
+0736;SYRIAC RBASA ABOVE;Mn;230;NSM;;;;;N;;;;;
+0737;SYRIAC RBASA BELOW;Mn;220;NSM;;;;;N;;;;;
+0738;SYRIAC DOTTED ZLAMA HORIZONTAL;Mn;220;NSM;;;;;N;;;;;
+0739;SYRIAC DOTTED ZLAMA ANGULAR;Mn;220;NSM;;;;;N;;;;;
+073A;SYRIAC HBASA ABOVE;Mn;230;NSM;;;;;N;;;;;
+073B;SYRIAC HBASA BELOW;Mn;220;NSM;;;;;N;;;;;
+073C;SYRIAC HBASA-ESASA DOTTED;Mn;220;NSM;;;;;N;;;;;
+073D;SYRIAC ESASA ABOVE;Mn;230;NSM;;;;;N;;;;;
+073E;SYRIAC ESASA BELOW;Mn;220;NSM;;;;;N;;;;;
+073F;SYRIAC RWAHA;Mn;230;NSM;;;;;N;;;;;
+0740;SYRIAC FEMININE DOT;Mn;230;NSM;;;;;N;;;;;
+0741;SYRIAC QUSHSHAYA;Mn;230;NSM;;;;;N;;;;;
+0742;SYRIAC RUKKAKHA;Mn;220;NSM;;;;;N;;;;;
+0743;SYRIAC TWO VERTICAL DOTS ABOVE;Mn;230;NSM;;;;;N;;;;;
+0744;SYRIAC TWO VERTICAL DOTS BELOW;Mn;220;NSM;;;;;N;;;;;
+0745;SYRIAC THREE DOTS ABOVE;Mn;230;NSM;;;;;N;;;;;
+0746;SYRIAC THREE DOTS BELOW;Mn;220;NSM;;;;;N;;;;;
+0747;SYRIAC OBLIQUE LINE ABOVE;Mn;230;NSM;;;;;N;;;;;
+0748;SYRIAC OBLIQUE LINE BELOW;Mn;220;NSM;;;;;N;;;;;
+0749;SYRIAC MUSIC;Mn;230;NSM;;;;;N;;;;;
+074A;SYRIAC BARREKH;Mn;230;NSM;;;;;N;;;;;
+0780;THAANA LETTER HAA;Lo;0;AL;;;;;N;;;;;
+0781;THAANA LETTER SHAVIYANI;Lo;0;AL;;;;;N;;;;;
+0782;THAANA LETTER NOONU;Lo;0;AL;;;;;N;;;;;
+0783;THAANA LETTER RAA;Lo;0;AL;;;;;N;;;;;
+0784;THAANA LETTER BAA;Lo;0;AL;;;;;N;;;;;
+0785;THAANA LETTER LHAVIYANI;Lo;0;AL;;;;;N;;;;;
+0786;THAANA LETTER KAAFU;Lo;0;AL;;;;;N;;;;;
+0787;THAANA LETTER ALIFU;Lo;0;AL;;;;;N;;;;;
+0788;THAANA LETTER VAAVU;Lo;0;AL;;;;;N;;;;;
+0789;THAANA LETTER MEEMU;Lo;0;AL;;;;;N;;;;;
+078A;THAANA LETTER FAAFU;Lo;0;AL;;;;;N;;;;;
+078B;THAANA LETTER DHAALU;Lo;0;AL;;;;;N;;;;;
+078C;THAANA LETTER THAA;Lo;0;AL;;;;;N;;;;;
+078D;THAANA LETTER LAAMU;Lo;0;AL;;;;;N;;;;;
+078E;THAANA LETTER GAAFU;Lo;0;AL;;;;;N;;;;;
+078F;THAANA LETTER GNAVIYANI;Lo;0;AL;;;;;N;;;;;
+0790;THAANA LETTER SEENU;Lo;0;AL;;;;;N;;;;;
+0791;THAANA LETTER DAVIYANI;Lo;0;AL;;;;;N;;;;;
+0792;THAANA LETTER ZAVIYANI;Lo;0;AL;;;;;N;;;;;
+0793;THAANA LETTER TAVIYANI;Lo;0;AL;;;;;N;;;;;
+0794;THAANA LETTER YAA;Lo;0;AL;;;;;N;;;;;
+0795;THAANA LETTER PAVIYANI;Lo;0;AL;;;;;N;;;;;
+0796;THAANA LETTER JAVIYANI;Lo;0;AL;;;;;N;;;;;
+0797;THAANA LETTER CHAVIYANI;Lo;0;AL;;;;;N;;;;;
+0798;THAANA LETTER TTAA;Lo;0;AL;;;;;N;;;;;
+0799;THAANA LETTER HHAA;Lo;0;AL;;;;;N;;;;;
+079A;THAANA LETTER KHAA;Lo;0;AL;;;;;N;;;;;
+079B;THAANA LETTER THAALU;Lo;0;AL;;;;;N;;;;;
+079C;THAANA LETTER ZAA;Lo;0;AL;;;;;N;;;;;
+079D;THAANA LETTER SHEENU;Lo;0;AL;;;;;N;;;;;
+079E;THAANA LETTER SAADHU;Lo;0;AL;;;;;N;;;;;
+079F;THAANA LETTER DAADHU;Lo;0;AL;;;;;N;;;;;
+07A0;THAANA LETTER TO;Lo;0;AL;;;;;N;;;;;
+07A1;THAANA LETTER ZO;Lo;0;AL;;;;;N;;;;;
+07A2;THAANA LETTER AINU;Lo;0;AL;;;;;N;;;;;
+07A3;THAANA LETTER GHAINU;Lo;0;AL;;;;;N;;;;;
+07A4;THAANA LETTER QAAFU;Lo;0;AL;;;;;N;;;;;
+07A5;THAANA LETTER WAAVU;Lo;0;AL;;;;;N;;;;;
+07A6;THAANA ABAFILI;Mn;0;NSM;;;;;N;;;;;
+07A7;THAANA AABAAFILI;Mn;0;NSM;;;;;N;;;;;
+07A8;THAANA IBIFILI;Mn;0;NSM;;;;;N;;;;;
+07A9;THAANA EEBEEFILI;Mn;0;NSM;;;;;N;;;;;
+07AA;THAANA UBUFILI;Mn;0;NSM;;;;;N;;;;;
+07AB;THAANA OOBOOFILI;Mn;0;NSM;;;;;N;;;;;
+07AC;THAANA EBEFILI;Mn;0;NSM;;;;;N;;;;;
+07AD;THAANA EYBEYFILI;Mn;0;NSM;;;;;N;;;;;
+07AE;THAANA OBOFILI;Mn;0;NSM;;;;;N;;;;;
+07AF;THAANA OABOAFILI;Mn;0;NSM;;;;;N;;;;;
+07B0;THAANA SUKUN;Mn;0;NSM;;;;;N;;;;;
+07B1;THAANA LETTER NAA;Lo;0;AL;;;;;N;;;;;
+0901;DEVANAGARI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0902;DEVANAGARI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+0903;DEVANAGARI SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0905;DEVANAGARI LETTER A;Lo;0;L;;;;;N;;;;;
+0906;DEVANAGARI LETTER AA;Lo;0;L;;;;;N;;;;;
+0907;DEVANAGARI LETTER I;Lo;0;L;;;;;N;;;;;
+0908;DEVANAGARI LETTER II;Lo;0;L;;;;;N;;;;;
+0909;DEVANAGARI LETTER U;Lo;0;L;;;;;N;;;;;
+090A;DEVANAGARI LETTER UU;Lo;0;L;;;;;N;;;;;
+090B;DEVANAGARI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+090C;DEVANAGARI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+090D;DEVANAGARI LETTER CANDRA E;Lo;0;L;;;;;N;;;;;
+090E;DEVANAGARI LETTER SHORT E;Lo;0;L;;;;;N;;;;;
+090F;DEVANAGARI LETTER E;Lo;0;L;;;;;N;;;;;
+0910;DEVANAGARI LETTER AI;Lo;0;L;;;;;N;;;;;
+0911;DEVANAGARI LETTER CANDRA O;Lo;0;L;;;;;N;;;;;
+0912;DEVANAGARI LETTER SHORT O;Lo;0;L;;;;;N;;;;;
+0913;DEVANAGARI LETTER O;Lo;0;L;;;;;N;;;;;
+0914;DEVANAGARI LETTER AU;Lo;0;L;;;;;N;;;;;
+0915;DEVANAGARI LETTER KA;Lo;0;L;;;;;N;;;;;
+0916;DEVANAGARI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0917;DEVANAGARI LETTER GA;Lo;0;L;;;;;N;;;;;
+0918;DEVANAGARI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0919;DEVANAGARI LETTER NGA;Lo;0;L;;;;;N;;;;;
+091A;DEVANAGARI LETTER CA;Lo;0;L;;;;;N;;;;;
+091B;DEVANAGARI LETTER CHA;Lo;0;L;;;;;N;;;;;
+091C;DEVANAGARI LETTER JA;Lo;0;L;;;;;N;;;;;
+091D;DEVANAGARI LETTER JHA;Lo;0;L;;;;;N;;;;;
+091E;DEVANAGARI LETTER NYA;Lo;0;L;;;;;N;;;;;
+091F;DEVANAGARI LETTER TTA;Lo;0;L;;;;;N;;;;;
+0920;DEVANAGARI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0921;DEVANAGARI LETTER DDA;Lo;0;L;;;;;N;;;;;
+0922;DEVANAGARI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0923;DEVANAGARI LETTER NNA;Lo;0;L;;;;;N;;;;;
+0924;DEVANAGARI LETTER TA;Lo;0;L;;;;;N;;;;;
+0925;DEVANAGARI LETTER THA;Lo;0;L;;;;;N;;;;;
+0926;DEVANAGARI LETTER DA;Lo;0;L;;;;;N;;;;;
+0927;DEVANAGARI LETTER DHA;Lo;0;L;;;;;N;;;;;
+0928;DEVANAGARI LETTER NA;Lo;0;L;;;;;N;;;;;
+0929;DEVANAGARI LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;;
+092A;DEVANAGARI LETTER PA;Lo;0;L;;;;;N;;;;;
+092B;DEVANAGARI LETTER PHA;Lo;0;L;;;;;N;;;;;
+092C;DEVANAGARI LETTER BA;Lo;0;L;;;;;N;;;;;
+092D;DEVANAGARI LETTER BHA;Lo;0;L;;;;;N;;;;;
+092E;DEVANAGARI LETTER MA;Lo;0;L;;;;;N;;;;;
+092F;DEVANAGARI LETTER YA;Lo;0;L;;;;;N;;;;;
+0930;DEVANAGARI LETTER RA;Lo;0;L;;;;;N;;;;;
+0931;DEVANAGARI LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;;
+0932;DEVANAGARI LETTER LA;Lo;0;L;;;;;N;;;;;
+0933;DEVANAGARI LETTER LLA;Lo;0;L;;;;;N;;;;;
+0934;DEVANAGARI LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;;
+0935;DEVANAGARI LETTER VA;Lo;0;L;;;;;N;;;;;
+0936;DEVANAGARI LETTER SHA;Lo;0;L;;;;;N;;;;;
+0937;DEVANAGARI LETTER SSA;Lo;0;L;;;;;N;;;;;
+0938;DEVANAGARI LETTER SA;Lo;0;L;;;;;N;;;;;
+0939;DEVANAGARI LETTER HA;Lo;0;L;;;;;N;;;;;
+093C;DEVANAGARI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+093D;DEVANAGARI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;;
+093E;DEVANAGARI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+093F;DEVANAGARI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0940;DEVANAGARI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0941;DEVANAGARI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0942;DEVANAGARI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0943;DEVANAGARI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0944;DEVANAGARI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;;
+0945;DEVANAGARI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;;
+0946;DEVANAGARI VOWEL SIGN SHORT E;Mn;0;NSM;;;;;N;;;;;
+0947;DEVANAGARI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0948;DEVANAGARI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+0949;DEVANAGARI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;;
+094A;DEVANAGARI VOWEL SIGN SHORT O;Mc;0;L;;;;;N;;;;;
+094B;DEVANAGARI VOWEL SIGN O;Mc;0;L;;;;;N;;;;;
+094C;DEVANAGARI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;;
+094D;DEVANAGARI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0950;DEVANAGARI OM;Lo;0;L;;;;;N;;;;;
+0951;DEVANAGARI STRESS SIGN UDATTA;Mn;230;NSM;;;;;N;;;;;
+0952;DEVANAGARI STRESS SIGN ANUDATTA;Mn;220;NSM;;;;;N;;;;;
+0953;DEVANAGARI GRAVE ACCENT;Mn;230;NSM;;;;;N;;;;;
+0954;DEVANAGARI ACUTE ACCENT;Mn;230;NSM;;;;;N;;;;;
+0958;DEVANAGARI LETTER QA;Lo;0;L;0915 093C;;;;N;;;;;
+0959;DEVANAGARI LETTER KHHA;Lo;0;L;0916 093C;;;;N;;;;;
+095A;DEVANAGARI LETTER GHHA;Lo;0;L;0917 093C;;;;N;;;;;
+095B;DEVANAGARI LETTER ZA;Lo;0;L;091C 093C;;;;N;;;;;
+095C;DEVANAGARI LETTER DDDHA;Lo;0;L;0921 093C;;;;N;;;;;
+095D;DEVANAGARI LETTER RHA;Lo;0;L;0922 093C;;;;N;;;;;
+095E;DEVANAGARI LETTER FA;Lo;0;L;092B 093C;;;;N;;;;;
+095F;DEVANAGARI LETTER YYA;Lo;0;L;092F 093C;;;;N;;;;;
+0960;DEVANAGARI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0961;DEVANAGARI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0962;DEVANAGARI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;;
+0963;DEVANAGARI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;;
+0964;DEVANAGARI DANDA;Po;0;L;;;;;N;;;;;
+0965;DEVANAGARI DOUBLE DANDA;Po;0;L;;;;;N;;;;;
+0966;DEVANAGARI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0967;DEVANAGARI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0968;DEVANAGARI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0969;DEVANAGARI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+096A;DEVANAGARI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+096B;DEVANAGARI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+096C;DEVANAGARI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+096D;DEVANAGARI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+096E;DEVANAGARI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+096F;DEVANAGARI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0970;DEVANAGARI ABBREVIATION SIGN;Po;0;L;;;;;N;;;;;
+0981;BENGALI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0982;BENGALI SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0983;BENGALI SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0985;BENGALI LETTER A;Lo;0;L;;;;;N;;;;;
+0986;BENGALI LETTER AA;Lo;0;L;;;;;N;;;;;
+0987;BENGALI LETTER I;Lo;0;L;;;;;N;;;;;
+0988;BENGALI LETTER II;Lo;0;L;;;;;N;;;;;
+0989;BENGALI LETTER U;Lo;0;L;;;;;N;;;;;
+098A;BENGALI LETTER UU;Lo;0;L;;;;;N;;;;;
+098B;BENGALI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+098C;BENGALI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+098F;BENGALI LETTER E;Lo;0;L;;;;;N;;;;;
+0990;BENGALI LETTER AI;Lo;0;L;;;;;N;;;;;
+0993;BENGALI LETTER O;Lo;0;L;;;;;N;;;;;
+0994;BENGALI LETTER AU;Lo;0;L;;;;;N;;;;;
+0995;BENGALI LETTER KA;Lo;0;L;;;;;N;;;;;
+0996;BENGALI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0997;BENGALI LETTER GA;Lo;0;L;;;;;N;;;;;
+0998;BENGALI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0999;BENGALI LETTER NGA;Lo;0;L;;;;;N;;;;;
+099A;BENGALI LETTER CA;Lo;0;L;;;;;N;;;;;
+099B;BENGALI LETTER CHA;Lo;0;L;;;;;N;;;;;
+099C;BENGALI LETTER JA;Lo;0;L;;;;;N;;;;;
+099D;BENGALI LETTER JHA;Lo;0;L;;;;;N;;;;;
+099E;BENGALI LETTER NYA;Lo;0;L;;;;;N;;;;;
+099F;BENGALI LETTER TTA;Lo;0;L;;;;;N;;;;;
+09A0;BENGALI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+09A1;BENGALI LETTER DDA;Lo;0;L;;;;;N;;;;;
+09A2;BENGALI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+09A3;BENGALI LETTER NNA;Lo;0;L;;;;;N;;;;;
+09A4;BENGALI LETTER TA;Lo;0;L;;;;;N;;;;;
+09A5;BENGALI LETTER THA;Lo;0;L;;;;;N;;;;;
+09A6;BENGALI LETTER DA;Lo;0;L;;;;;N;;;;;
+09A7;BENGALI LETTER DHA;Lo;0;L;;;;;N;;;;;
+09A8;BENGALI LETTER NA;Lo;0;L;;;;;N;;;;;
+09AA;BENGALI LETTER PA;Lo;0;L;;;;;N;;;;;
+09AB;BENGALI LETTER PHA;Lo;0;L;;;;;N;;;;;
+09AC;BENGALI LETTER BA;Lo;0;L;;;;;N;;;;;
+09AD;BENGALI LETTER BHA;Lo;0;L;;;;;N;;;;;
+09AE;BENGALI LETTER MA;Lo;0;L;;;;;N;;;;;
+09AF;BENGALI LETTER YA;Lo;0;L;;;;;N;;;;;
+09B0;BENGALI LETTER RA;Lo;0;L;;;;;N;;;;;
+09B2;BENGALI LETTER LA;Lo;0;L;;;;;N;;;;;
+09B6;BENGALI LETTER SHA;Lo;0;L;;;;;N;;;;;
+09B7;BENGALI LETTER SSA;Lo;0;L;;;;;N;;;;;
+09B8;BENGALI LETTER SA;Lo;0;L;;;;;N;;;;;
+09B9;BENGALI LETTER HA;Lo;0;L;;;;;N;;;;;
+09BC;BENGALI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+09BE;BENGALI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+09BF;BENGALI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+09C0;BENGALI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+09C1;BENGALI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+09C2;BENGALI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+09C3;BENGALI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+09C4;BENGALI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;;
+09C7;BENGALI VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+09C8;BENGALI VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+09CB;BENGALI VOWEL SIGN O;Mc;0;L;09C7 09BE;;;;N;;;;;
+09CC;BENGALI VOWEL SIGN AU;Mc;0;L;09C7 09D7;;;;N;;;;;
+09CD;BENGALI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+09D7;BENGALI AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+09DC;BENGALI LETTER RRA;Lo;0;L;09A1 09BC;;;;N;;;;;
+09DD;BENGALI LETTER RHA;Lo;0;L;09A2 09BC;;;;N;;;;;
+09DF;BENGALI LETTER YYA;Lo;0;L;09AF 09BC;;;;N;;;;;
+09E0;BENGALI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+09E1;BENGALI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+09E2;BENGALI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;;
+09E3;BENGALI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;;
+09E6;BENGALI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+09E7;BENGALI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+09E8;BENGALI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+09E9;BENGALI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+09EA;BENGALI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+09EB;BENGALI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+09EC;BENGALI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+09ED;BENGALI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+09EE;BENGALI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+09EF;BENGALI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+09F0;BENGALI LETTER RA WITH MIDDLE DIAGONAL;Lo;0;L;;;;;N;;Assamese;;;
+09F1;BENGALI LETTER RA WITH LOWER DIAGONAL;Lo;0;L;;;;;N;BENGALI LETTER VA WITH LOWER DIAGONAL;Assamese;;;
+09F2;BENGALI RUPEE MARK;Sc;0;ET;;;;;N;;;;;
+09F3;BENGALI RUPEE SIGN;Sc;0;ET;;;;;N;;;;;
+09F4;BENGALI CURRENCY NUMERATOR ONE;No;0;L;;;;1;N;;;;;
+09F5;BENGALI CURRENCY NUMERATOR TWO;No;0;L;;;;2;N;;;;;
+09F6;BENGALI CURRENCY NUMERATOR THREE;No;0;L;;;;3;N;;;;;
+09F7;BENGALI CURRENCY NUMERATOR FOUR;No;0;L;;;;4;N;;;;;
+09F8;BENGALI CURRENCY NUMERATOR ONE LESS THAN THE DENOMINATOR;No;0;L;;;;;N;;;;;
+09F9;BENGALI CURRENCY DENOMINATOR SIXTEEN;No;0;L;;;;16;N;;;;;
+09FA;BENGALI ISSHAR;So;0;L;;;;;N;;;;;
+0A02;GURMUKHI SIGN BINDI;Mn;0;NSM;;;;;N;;;;;
+0A05;GURMUKHI LETTER A;Lo;0;L;;;;;N;;;;;
+0A06;GURMUKHI LETTER AA;Lo;0;L;;;;;N;;;;;
+0A07;GURMUKHI LETTER I;Lo;0;L;;;;;N;;;;;
+0A08;GURMUKHI LETTER II;Lo;0;L;;;;;N;;;;;
+0A09;GURMUKHI LETTER U;Lo;0;L;;;;;N;;;;;
+0A0A;GURMUKHI LETTER UU;Lo;0;L;;;;;N;;;;;
+0A0F;GURMUKHI LETTER EE;Lo;0;L;;;;;N;;;;;
+0A10;GURMUKHI LETTER AI;Lo;0;L;;;;;N;;;;;
+0A13;GURMUKHI LETTER OO;Lo;0;L;;;;;N;;;;;
+0A14;GURMUKHI LETTER AU;Lo;0;L;;;;;N;;;;;
+0A15;GURMUKHI LETTER KA;Lo;0;L;;;;;N;;;;;
+0A16;GURMUKHI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0A17;GURMUKHI LETTER GA;Lo;0;L;;;;;N;;;;;
+0A18;GURMUKHI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0A19;GURMUKHI LETTER NGA;Lo;0;L;;;;;N;;;;;
+0A1A;GURMUKHI LETTER CA;Lo;0;L;;;;;N;;;;;
+0A1B;GURMUKHI LETTER CHA;Lo;0;L;;;;;N;;;;;
+0A1C;GURMUKHI LETTER JA;Lo;0;L;;;;;N;;;;;
+0A1D;GURMUKHI LETTER JHA;Lo;0;L;;;;;N;;;;;
+0A1E;GURMUKHI LETTER NYA;Lo;0;L;;;;;N;;;;;
+0A1F;GURMUKHI LETTER TTA;Lo;0;L;;;;;N;;;;;
+0A20;GURMUKHI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0A21;GURMUKHI LETTER DDA;Lo;0;L;;;;;N;;;;;
+0A22;GURMUKHI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0A23;GURMUKHI LETTER NNA;Lo;0;L;;;;;N;;;;;
+0A24;GURMUKHI LETTER TA;Lo;0;L;;;;;N;;;;;
+0A25;GURMUKHI LETTER THA;Lo;0;L;;;;;N;;;;;
+0A26;GURMUKHI LETTER DA;Lo;0;L;;;;;N;;;;;
+0A27;GURMUKHI LETTER DHA;Lo;0;L;;;;;N;;;;;
+0A28;GURMUKHI LETTER NA;Lo;0;L;;;;;N;;;;;
+0A2A;GURMUKHI LETTER PA;Lo;0;L;;;;;N;;;;;
+0A2B;GURMUKHI LETTER PHA;Lo;0;L;;;;;N;;;;;
+0A2C;GURMUKHI LETTER BA;Lo;0;L;;;;;N;;;;;
+0A2D;GURMUKHI LETTER BHA;Lo;0;L;;;;;N;;;;;
+0A2E;GURMUKHI LETTER MA;Lo;0;L;;;;;N;;;;;
+0A2F;GURMUKHI LETTER YA;Lo;0;L;;;;;N;;;;;
+0A30;GURMUKHI LETTER RA;Lo;0;L;;;;;N;;;;;
+0A32;GURMUKHI LETTER LA;Lo;0;L;;;;;N;;;;;
+0A33;GURMUKHI LETTER LLA;Lo;0;L;0A32 0A3C;;;;N;;;;;
+0A35;GURMUKHI LETTER VA;Lo;0;L;;;;;N;;;;;
+0A36;GURMUKHI LETTER SHA;Lo;0;L;0A38 0A3C;;;;N;;;;;
+0A38;GURMUKHI LETTER SA;Lo;0;L;;;;;N;;;;;
+0A39;GURMUKHI LETTER HA;Lo;0;L;;;;;N;;;;;
+0A3C;GURMUKHI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+0A3E;GURMUKHI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0A3F;GURMUKHI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0A40;GURMUKHI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0A41;GURMUKHI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0A42;GURMUKHI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0A47;GURMUKHI VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;;
+0A48;GURMUKHI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+0A4B;GURMUKHI VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;;
+0A4C;GURMUKHI VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;;
+0A4D;GURMUKHI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0A59;GURMUKHI LETTER KHHA;Lo;0;L;0A16 0A3C;;;;N;;;;;
+0A5A;GURMUKHI LETTER GHHA;Lo;0;L;0A17 0A3C;;;;N;;;;;
+0A5B;GURMUKHI LETTER ZA;Lo;0;L;0A1C 0A3C;;;;N;;;;;
+0A5C;GURMUKHI LETTER RRA;Lo;0;L;;;;;N;;;;;
+0A5E;GURMUKHI LETTER FA;Lo;0;L;0A2B 0A3C;;;;N;;;;;
+0A66;GURMUKHI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0A67;GURMUKHI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0A68;GURMUKHI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0A69;GURMUKHI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0A6A;GURMUKHI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0A6B;GURMUKHI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0A6C;GURMUKHI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0A6D;GURMUKHI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0A6E;GURMUKHI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0A6F;GURMUKHI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0A70;GURMUKHI TIPPI;Mn;0;NSM;;;;;N;;;;;
+0A71;GURMUKHI ADDAK;Mn;0;NSM;;;;;N;;;;;
+0A72;GURMUKHI IRI;Lo;0;L;;;;;N;;;;;
+0A73;GURMUKHI URA;Lo;0;L;;;;;N;;;;;
+0A74;GURMUKHI EK ONKAR;Lo;0;L;;;;;N;;;;;
+0A81;GUJARATI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0A82;GUJARATI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+0A83;GUJARATI SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0A85;GUJARATI LETTER A;Lo;0;L;;;;;N;;;;;
+0A86;GUJARATI LETTER AA;Lo;0;L;;;;;N;;;;;
+0A87;GUJARATI LETTER I;Lo;0;L;;;;;N;;;;;
+0A88;GUJARATI LETTER II;Lo;0;L;;;;;N;;;;;
+0A89;GUJARATI LETTER U;Lo;0;L;;;;;N;;;;;
+0A8A;GUJARATI LETTER UU;Lo;0;L;;;;;N;;;;;
+0A8B;GUJARATI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0A8D;GUJARATI VOWEL CANDRA E;Lo;0;L;;;;;N;;;;;
+0A8F;GUJARATI LETTER E;Lo;0;L;;;;;N;;;;;
+0A90;GUJARATI LETTER AI;Lo;0;L;;;;;N;;;;;
+0A91;GUJARATI VOWEL CANDRA O;Lo;0;L;;;;;N;;;;;
+0A93;GUJARATI LETTER O;Lo;0;L;;;;;N;;;;;
+0A94;GUJARATI LETTER AU;Lo;0;L;;;;;N;;;;;
+0A95;GUJARATI LETTER KA;Lo;0;L;;;;;N;;;;;
+0A96;GUJARATI LETTER KHA;Lo;0;L;;;;;N;;;;;
+0A97;GUJARATI LETTER GA;Lo;0;L;;;;;N;;;;;
+0A98;GUJARATI LETTER GHA;Lo;0;L;;;;;N;;;;;
+0A99;GUJARATI LETTER NGA;Lo;0;L;;;;;N;;;;;
+0A9A;GUJARATI LETTER CA;Lo;0;L;;;;;N;;;;;
+0A9B;GUJARATI LETTER CHA;Lo;0;L;;;;;N;;;;;
+0A9C;GUJARATI LETTER JA;Lo;0;L;;;;;N;;;;;
+0A9D;GUJARATI LETTER JHA;Lo;0;L;;;;;N;;;;;
+0A9E;GUJARATI LETTER NYA;Lo;0;L;;;;;N;;;;;
+0A9F;GUJARATI LETTER TTA;Lo;0;L;;;;;N;;;;;
+0AA0;GUJARATI LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0AA1;GUJARATI LETTER DDA;Lo;0;L;;;;;N;;;;;
+0AA2;GUJARATI LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0AA3;GUJARATI LETTER NNA;Lo;0;L;;;;;N;;;;;
+0AA4;GUJARATI LETTER TA;Lo;0;L;;;;;N;;;;;
+0AA5;GUJARATI LETTER THA;Lo;0;L;;;;;N;;;;;
+0AA6;GUJARATI LETTER DA;Lo;0;L;;;;;N;;;;;
+0AA7;GUJARATI LETTER DHA;Lo;0;L;;;;;N;;;;;
+0AA8;GUJARATI LETTER NA;Lo;0;L;;;;;N;;;;;
+0AAA;GUJARATI LETTER PA;Lo;0;L;;;;;N;;;;;
+0AAB;GUJARATI LETTER PHA;Lo;0;L;;;;;N;;;;;
+0AAC;GUJARATI LETTER BA;Lo;0;L;;;;;N;;;;;
+0AAD;GUJARATI LETTER BHA;Lo;0;L;;;;;N;;;;;
+0AAE;GUJARATI LETTER MA;Lo;0;L;;;;;N;;;;;
+0AAF;GUJARATI LETTER YA;Lo;0;L;;;;;N;;;;;
+0AB0;GUJARATI LETTER RA;Lo;0;L;;;;;N;;;;;
+0AB2;GUJARATI LETTER LA;Lo;0;L;;;;;N;;;;;
+0AB3;GUJARATI LETTER LLA;Lo;0;L;;;;;N;;;;;
+0AB5;GUJARATI LETTER VA;Lo;0;L;;;;;N;;;;;
+0AB6;GUJARATI LETTER SHA;Lo;0;L;;;;;N;;;;;
+0AB7;GUJARATI LETTER SSA;Lo;0;L;;;;;N;;;;;
+0AB8;GUJARATI LETTER SA;Lo;0;L;;;;;N;;;;;
+0AB9;GUJARATI LETTER HA;Lo;0;L;;;;;N;;;;;
+0ABC;GUJARATI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+0ABD;GUJARATI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;;
+0ABE;GUJARATI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0ABF;GUJARATI VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0AC0;GUJARATI VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0AC1;GUJARATI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0AC2;GUJARATI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0AC3;GUJARATI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0AC4;GUJARATI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;;
+0AC5;GUJARATI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;;
+0AC7;GUJARATI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0AC8;GUJARATI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+0AC9;GUJARATI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;;
+0ACB;GUJARATI VOWEL SIGN O;Mc;0;L;;;;;N;;;;;
+0ACC;GUJARATI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;;
+0ACD;GUJARATI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0AD0;GUJARATI OM;Lo;0;L;;;;;N;;;;;
+0AE0;GUJARATI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0AE6;GUJARATI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0AE7;GUJARATI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0AE8;GUJARATI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0AE9;GUJARATI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0AEA;GUJARATI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0AEB;GUJARATI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0AEC;GUJARATI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0AED;GUJARATI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0AEE;GUJARATI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0AEF;GUJARATI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0B01;ORIYA SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;;
+0B02;ORIYA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0B03;ORIYA SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0B05;ORIYA LETTER A;Lo;0;L;;;;;N;;;;;
+0B06;ORIYA LETTER AA;Lo;0;L;;;;;N;;;;;
+0B07;ORIYA LETTER I;Lo;0;L;;;;;N;;;;;
+0B08;ORIYA LETTER II;Lo;0;L;;;;;N;;;;;
+0B09;ORIYA LETTER U;Lo;0;L;;;;;N;;;;;
+0B0A;ORIYA LETTER UU;Lo;0;L;;;;;N;;;;;
+0B0B;ORIYA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0B0C;ORIYA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0B0F;ORIYA LETTER E;Lo;0;L;;;;;N;;;;;
+0B10;ORIYA LETTER AI;Lo;0;L;;;;;N;;;;;
+0B13;ORIYA LETTER O;Lo;0;L;;;;;N;;;;;
+0B14;ORIYA LETTER AU;Lo;0;L;;;;;N;;;;;
+0B15;ORIYA LETTER KA;Lo;0;L;;;;;N;;;;;
+0B16;ORIYA LETTER KHA;Lo;0;L;;;;;N;;;;;
+0B17;ORIYA LETTER GA;Lo;0;L;;;;;N;;;;;
+0B18;ORIYA LETTER GHA;Lo;0;L;;;;;N;;;;;
+0B19;ORIYA LETTER NGA;Lo;0;L;;;;;N;;;;;
+0B1A;ORIYA LETTER CA;Lo;0;L;;;;;N;;;;;
+0B1B;ORIYA LETTER CHA;Lo;0;L;;;;;N;;;;;
+0B1C;ORIYA LETTER JA;Lo;0;L;;;;;N;;;;;
+0B1D;ORIYA LETTER JHA;Lo;0;L;;;;;N;;;;;
+0B1E;ORIYA LETTER NYA;Lo;0;L;;;;;N;;;;;
+0B1F;ORIYA LETTER TTA;Lo;0;L;;;;;N;;;;;
+0B20;ORIYA LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0B21;ORIYA LETTER DDA;Lo;0;L;;;;;N;;;;;
+0B22;ORIYA LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0B23;ORIYA LETTER NNA;Lo;0;L;;;;;N;;;;;
+0B24;ORIYA LETTER TA;Lo;0;L;;;;;N;;;;;
+0B25;ORIYA LETTER THA;Lo;0;L;;;;;N;;;;;
+0B26;ORIYA LETTER DA;Lo;0;L;;;;;N;;;;;
+0B27;ORIYA LETTER DHA;Lo;0;L;;;;;N;;;;;
+0B28;ORIYA LETTER NA;Lo;0;L;;;;;N;;;;;
+0B2A;ORIYA LETTER PA;Lo;0;L;;;;;N;;;;;
+0B2B;ORIYA LETTER PHA;Lo;0;L;;;;;N;;;;;
+0B2C;ORIYA LETTER BA;Lo;0;L;;;;;N;;;;;
+0B2D;ORIYA LETTER BHA;Lo;0;L;;;;;N;;;;;
+0B2E;ORIYA LETTER MA;Lo;0;L;;;;;N;;;;;
+0B2F;ORIYA LETTER YA;Lo;0;L;;;;;N;;;;;
+0B30;ORIYA LETTER RA;Lo;0;L;;;;;N;;;;;
+0B32;ORIYA LETTER LA;Lo;0;L;;;;;N;;;;;
+0B33;ORIYA LETTER LLA;Lo;0;L;;;;;N;;;;;
+0B36;ORIYA LETTER SHA;Lo;0;L;;;;;N;;;;;
+0B37;ORIYA LETTER SSA;Lo;0;L;;;;;N;;;;;
+0B38;ORIYA LETTER SA;Lo;0;L;;;;;N;;;;;
+0B39;ORIYA LETTER HA;Lo;0;L;;;;;N;;;;;
+0B3C;ORIYA SIGN NUKTA;Mn;7;NSM;;;;;N;;;;;
+0B3D;ORIYA SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;;
+0B3E;ORIYA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0B3F;ORIYA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0B40;ORIYA VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0B41;ORIYA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0B42;ORIYA VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0B43;ORIYA VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0B47;ORIYA VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+0B48;ORIYA VOWEL SIGN AI;Mc;0;L;0B47 0B56;;;;N;;;;;
+0B4B;ORIYA VOWEL SIGN O;Mc;0;L;0B47 0B3E;;;;N;;;;;
+0B4C;ORIYA VOWEL SIGN AU;Mc;0;L;0B47 0B57;;;;N;;;;;
+0B4D;ORIYA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0B56;ORIYA AI LENGTH MARK;Mn;0;NSM;;;;;N;;;;;
+0B57;ORIYA AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0B5C;ORIYA LETTER RRA;Lo;0;L;0B21 0B3C;;;;N;;;;;
+0B5D;ORIYA LETTER RHA;Lo;0;L;0B22 0B3C;;;;N;;;;;
+0B5F;ORIYA LETTER YYA;Lo;0;L;;;;;N;;;;;
+0B60;ORIYA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0B61;ORIYA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0B66;ORIYA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0B67;ORIYA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0B68;ORIYA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0B69;ORIYA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0B6A;ORIYA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0B6B;ORIYA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0B6C;ORIYA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0B6D;ORIYA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0B6E;ORIYA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0B6F;ORIYA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0B70;ORIYA ISSHAR;So;0;L;;;;;N;;;;;
+0B82;TAMIL SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+0B83;TAMIL SIGN VISARGA;Lo;0;L;;;;;N;;;;;
+0B85;TAMIL LETTER A;Lo;0;L;;;;;N;;;;;
+0B86;TAMIL LETTER AA;Lo;0;L;;;;;N;;;;;
+0B87;TAMIL LETTER I;Lo;0;L;;;;;N;;;;;
+0B88;TAMIL LETTER II;Lo;0;L;;;;;N;;;;;
+0B89;TAMIL LETTER U;Lo;0;L;;;;;N;;;;;
+0B8A;TAMIL LETTER UU;Lo;0;L;;;;;N;;;;;
+0B8E;TAMIL LETTER E;Lo;0;L;;;;;N;;;;;
+0B8F;TAMIL LETTER EE;Lo;0;L;;;;;N;;;;;
+0B90;TAMIL LETTER AI;Lo;0;L;;;;;N;;;;;
+0B92;TAMIL LETTER O;Lo;0;L;;;;;N;;;;;
+0B93;TAMIL LETTER OO;Lo;0;L;;;;;N;;;;;
+0B94;TAMIL LETTER AU;Lo;0;L;0B92 0BD7;;;;N;;;;;
+0B95;TAMIL LETTER KA;Lo;0;L;;;;;N;;;;;
+0B99;TAMIL LETTER NGA;Lo;0;L;;;;;N;;;;;
+0B9A;TAMIL LETTER CA;Lo;0;L;;;;;N;;;;;
+0B9C;TAMIL LETTER JA;Lo;0;L;;;;;N;;;;;
+0B9E;TAMIL LETTER NYA;Lo;0;L;;;;;N;;;;;
+0B9F;TAMIL LETTER TTA;Lo;0;L;;;;;N;;;;;
+0BA3;TAMIL LETTER NNA;Lo;0;L;;;;;N;;;;;
+0BA4;TAMIL LETTER TA;Lo;0;L;;;;;N;;;;;
+0BA8;TAMIL LETTER NA;Lo;0;L;;;;;N;;;;;
+0BA9;TAMIL LETTER NNNA;Lo;0;L;;;;;N;;;;;
+0BAA;TAMIL LETTER PA;Lo;0;L;;;;;N;;;;;
+0BAE;TAMIL LETTER MA;Lo;0;L;;;;;N;;;;;
+0BAF;TAMIL LETTER YA;Lo;0;L;;;;;N;;;;;
+0BB0;TAMIL LETTER RA;Lo;0;L;;;;;N;;;;;
+0BB1;TAMIL LETTER RRA;Lo;0;L;;;;;N;;;;;
+0BB2;TAMIL LETTER LA;Lo;0;L;;;;;N;;;;;
+0BB3;TAMIL LETTER LLA;Lo;0;L;;;;;N;;;;;
+0BB4;TAMIL LETTER LLLA;Lo;0;L;;;;;N;;;;;
+0BB5;TAMIL LETTER VA;Lo;0;L;;;;;N;;;;;
+0BB7;TAMIL LETTER SSA;Lo;0;L;;;;;N;;;;;
+0BB8;TAMIL LETTER SA;Lo;0;L;;;;;N;;;;;
+0BB9;TAMIL LETTER HA;Lo;0;L;;;;;N;;;;;
+0BBE;TAMIL VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0BBF;TAMIL VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0BC0;TAMIL VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+0BC1;TAMIL VOWEL SIGN U;Mc;0;L;;;;;N;;;;;
+0BC2;TAMIL VOWEL SIGN UU;Mc;0;L;;;;;N;;;;;
+0BC6;TAMIL VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+0BC7;TAMIL VOWEL SIGN EE;Mc;0;L;;;;;N;;;;;
+0BC8;TAMIL VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+0BCA;TAMIL VOWEL SIGN O;Mc;0;L;0BC6 0BBE;;;;N;;;;;
+0BCB;TAMIL VOWEL SIGN OO;Mc;0;L;0BC7 0BBE;;;;N;;;;;
+0BCC;TAMIL VOWEL SIGN AU;Mc;0;L;0BC6 0BD7;;;;N;;;;;
+0BCD;TAMIL SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0BD7;TAMIL AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0BE7;TAMIL DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0BE8;TAMIL DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0BE9;TAMIL DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0BEA;TAMIL DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0BEB;TAMIL DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0BEC;TAMIL DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0BED;TAMIL DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0BEE;TAMIL DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0BEF;TAMIL DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0BF0;TAMIL NUMBER TEN;No;0;L;;;;10;N;;;;;
+0BF1;TAMIL NUMBER ONE HUNDRED;No;0;L;;;;100;N;;;;;
+0BF2;TAMIL NUMBER ONE THOUSAND;No;0;L;;;;1000;N;;;;;
+0C01;TELUGU SIGN CANDRABINDU;Mc;0;L;;;;;N;;;;;
+0C02;TELUGU SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0C03;TELUGU SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0C05;TELUGU LETTER A;Lo;0;L;;;;;N;;;;;
+0C06;TELUGU LETTER AA;Lo;0;L;;;;;N;;;;;
+0C07;TELUGU LETTER I;Lo;0;L;;;;;N;;;;;
+0C08;TELUGU LETTER II;Lo;0;L;;;;;N;;;;;
+0C09;TELUGU LETTER U;Lo;0;L;;;;;N;;;;;
+0C0A;TELUGU LETTER UU;Lo;0;L;;;;;N;;;;;
+0C0B;TELUGU LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0C0C;TELUGU LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0C0E;TELUGU LETTER E;Lo;0;L;;;;;N;;;;;
+0C0F;TELUGU LETTER EE;Lo;0;L;;;;;N;;;;;
+0C10;TELUGU LETTER AI;Lo;0;L;;;;;N;;;;;
+0C12;TELUGU LETTER O;Lo;0;L;;;;;N;;;;;
+0C13;TELUGU LETTER OO;Lo;0;L;;;;;N;;;;;
+0C14;TELUGU LETTER AU;Lo;0;L;;;;;N;;;;;
+0C15;TELUGU LETTER KA;Lo;0;L;;;;;N;;;;;
+0C16;TELUGU LETTER KHA;Lo;0;L;;;;;N;;;;;
+0C17;TELUGU LETTER GA;Lo;0;L;;;;;N;;;;;
+0C18;TELUGU LETTER GHA;Lo;0;L;;;;;N;;;;;
+0C19;TELUGU LETTER NGA;Lo;0;L;;;;;N;;;;;
+0C1A;TELUGU LETTER CA;Lo;0;L;;;;;N;;;;;
+0C1B;TELUGU LETTER CHA;Lo;0;L;;;;;N;;;;;
+0C1C;TELUGU LETTER JA;Lo;0;L;;;;;N;;;;;
+0C1D;TELUGU LETTER JHA;Lo;0;L;;;;;N;;;;;
+0C1E;TELUGU LETTER NYA;Lo;0;L;;;;;N;;;;;
+0C1F;TELUGU LETTER TTA;Lo;0;L;;;;;N;;;;;
+0C20;TELUGU LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0C21;TELUGU LETTER DDA;Lo;0;L;;;;;N;;;;;
+0C22;TELUGU LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0C23;TELUGU LETTER NNA;Lo;0;L;;;;;N;;;;;
+0C24;TELUGU LETTER TA;Lo;0;L;;;;;N;;;;;
+0C25;TELUGU LETTER THA;Lo;0;L;;;;;N;;;;;
+0C26;TELUGU LETTER DA;Lo;0;L;;;;;N;;;;;
+0C27;TELUGU LETTER DHA;Lo;0;L;;;;;N;;;;;
+0C28;TELUGU LETTER NA;Lo;0;L;;;;;N;;;;;
+0C2A;TELUGU LETTER PA;Lo;0;L;;;;;N;;;;;
+0C2B;TELUGU LETTER PHA;Lo;0;L;;;;;N;;;;;
+0C2C;TELUGU LETTER BA;Lo;0;L;;;;;N;;;;;
+0C2D;TELUGU LETTER BHA;Lo;0;L;;;;;N;;;;;
+0C2E;TELUGU LETTER MA;Lo;0;L;;;;;N;;;;;
+0C2F;TELUGU LETTER YA;Lo;0;L;;;;;N;;;;;
+0C30;TELUGU LETTER RA;Lo;0;L;;;;;N;;;;;
+0C31;TELUGU LETTER RRA;Lo;0;L;;;;;N;;;;;
+0C32;TELUGU LETTER LA;Lo;0;L;;;;;N;;;;;
+0C33;TELUGU LETTER LLA;Lo;0;L;;;;;N;;;;;
+0C35;TELUGU LETTER VA;Lo;0;L;;;;;N;;;;;
+0C36;TELUGU LETTER SHA;Lo;0;L;;;;;N;;;;;
+0C37;TELUGU LETTER SSA;Lo;0;L;;;;;N;;;;;
+0C38;TELUGU LETTER SA;Lo;0;L;;;;;N;;;;;
+0C39;TELUGU LETTER HA;Lo;0;L;;;;;N;;;;;
+0C3E;TELUGU VOWEL SIGN AA;Mn;0;NSM;;;;;N;;;;;
+0C3F;TELUGU VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0C40;TELUGU VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+0C41;TELUGU VOWEL SIGN U;Mc;0;L;;;;;N;;;;;
+0C42;TELUGU VOWEL SIGN UU;Mc;0;L;;;;;N;;;;;
+0C43;TELUGU VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;;
+0C44;TELUGU VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;;
+0C46;TELUGU VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0C47;TELUGU VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;;
+0C48;TELUGU VOWEL SIGN AI;Mn;0;NSM;0C46 0C56;;;;N;;;;;
+0C4A;TELUGU VOWEL SIGN O;Mn;0;NSM;;;;;N;;;;;
+0C4B;TELUGU VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;;
+0C4C;TELUGU VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;;
+0C4D;TELUGU SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0C55;TELUGU LENGTH MARK;Mn;84;NSM;;;;;N;;;;;
+0C56;TELUGU AI LENGTH MARK;Mn;91;NSM;;;;;N;;;;;
+0C60;TELUGU LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0C61;TELUGU LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0C66;TELUGU DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0C67;TELUGU DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0C68;TELUGU DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0C69;TELUGU DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0C6A;TELUGU DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0C6B;TELUGU DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0C6C;TELUGU DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0C6D;TELUGU DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0C6E;TELUGU DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0C6F;TELUGU DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0C82;KANNADA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0C83;KANNADA SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0C85;KANNADA LETTER A;Lo;0;L;;;;;N;;;;;
+0C86;KANNADA LETTER AA;Lo;0;L;;;;;N;;;;;
+0C87;KANNADA LETTER I;Lo;0;L;;;;;N;;;;;
+0C88;KANNADA LETTER II;Lo;0;L;;;;;N;;;;;
+0C89;KANNADA LETTER U;Lo;0;L;;;;;N;;;;;
+0C8A;KANNADA LETTER UU;Lo;0;L;;;;;N;;;;;
+0C8B;KANNADA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0C8C;KANNADA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0C8E;KANNADA LETTER E;Lo;0;L;;;;;N;;;;;
+0C8F;KANNADA LETTER EE;Lo;0;L;;;;;N;;;;;
+0C90;KANNADA LETTER AI;Lo;0;L;;;;;N;;;;;
+0C92;KANNADA LETTER O;Lo;0;L;;;;;N;;;;;
+0C93;KANNADA LETTER OO;Lo;0;L;;;;;N;;;;;
+0C94;KANNADA LETTER AU;Lo;0;L;;;;;N;;;;;
+0C95;KANNADA LETTER KA;Lo;0;L;;;;;N;;;;;
+0C96;KANNADA LETTER KHA;Lo;0;L;;;;;N;;;;;
+0C97;KANNADA LETTER GA;Lo;0;L;;;;;N;;;;;
+0C98;KANNADA LETTER GHA;Lo;0;L;;;;;N;;;;;
+0C99;KANNADA LETTER NGA;Lo;0;L;;;;;N;;;;;
+0C9A;KANNADA LETTER CA;Lo;0;L;;;;;N;;;;;
+0C9B;KANNADA LETTER CHA;Lo;0;L;;;;;N;;;;;
+0C9C;KANNADA LETTER JA;Lo;0;L;;;;;N;;;;;
+0C9D;KANNADA LETTER JHA;Lo;0;L;;;;;N;;;;;
+0C9E;KANNADA LETTER NYA;Lo;0;L;;;;;N;;;;;
+0C9F;KANNADA LETTER TTA;Lo;0;L;;;;;N;;;;;
+0CA0;KANNADA LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0CA1;KANNADA LETTER DDA;Lo;0;L;;;;;N;;;;;
+0CA2;KANNADA LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0CA3;KANNADA LETTER NNA;Lo;0;L;;;;;N;;;;;
+0CA4;KANNADA LETTER TA;Lo;0;L;;;;;N;;;;;
+0CA5;KANNADA LETTER THA;Lo;0;L;;;;;N;;;;;
+0CA6;KANNADA LETTER DA;Lo;0;L;;;;;N;;;;;
+0CA7;KANNADA LETTER DHA;Lo;0;L;;;;;N;;;;;
+0CA8;KANNADA LETTER NA;Lo;0;L;;;;;N;;;;;
+0CAA;KANNADA LETTER PA;Lo;0;L;;;;;N;;;;;
+0CAB;KANNADA LETTER PHA;Lo;0;L;;;;;N;;;;;
+0CAC;KANNADA LETTER BA;Lo;0;L;;;;;N;;;;;
+0CAD;KANNADA LETTER BHA;Lo;0;L;;;;;N;;;;;
+0CAE;KANNADA LETTER MA;Lo;0;L;;;;;N;;;;;
+0CAF;KANNADA LETTER YA;Lo;0;L;;;;;N;;;;;
+0CB0;KANNADA LETTER RA;Lo;0;L;;;;;N;;;;;
+0CB1;KANNADA LETTER RRA;Lo;0;L;;;;;N;;;;;
+0CB2;KANNADA LETTER LA;Lo;0;L;;;;;N;;;;;
+0CB3;KANNADA LETTER LLA;Lo;0;L;;;;;N;;;;;
+0CB5;KANNADA LETTER VA;Lo;0;L;;;;;N;;;;;
+0CB6;KANNADA LETTER SHA;Lo;0;L;;;;;N;;;;;
+0CB7;KANNADA LETTER SSA;Lo;0;L;;;;;N;;;;;
+0CB8;KANNADA LETTER SA;Lo;0;L;;;;;N;;;;;
+0CB9;KANNADA LETTER HA;Lo;0;L;;;;;N;;;;;
+0CBE;KANNADA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0CBF;KANNADA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0CC0;KANNADA VOWEL SIGN II;Mc;0;L;0CBF 0CD5;;;;N;;;;;
+0CC1;KANNADA VOWEL SIGN U;Mc;0;L;;;;;N;;;;;
+0CC2;KANNADA VOWEL SIGN UU;Mc;0;L;;;;;N;;;;;
+0CC3;KANNADA VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;;
+0CC4;KANNADA VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;;
+0CC6;KANNADA VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;;
+0CC7;KANNADA VOWEL SIGN EE;Mc;0;L;0CC6 0CD5;;;;N;;;;;
+0CC8;KANNADA VOWEL SIGN AI;Mc;0;L;0CC6 0CD6;;;;N;;;;;
+0CCA;KANNADA VOWEL SIGN O;Mc;0;L;0CC6 0CC2;;;;N;;;;;
+0CCB;KANNADA VOWEL SIGN OO;Mc;0;L;0CCA 0CD5;;;;N;;;;;
+0CCC;KANNADA VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;;
+0CCD;KANNADA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0CD5;KANNADA LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0CD6;KANNADA AI LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0CDE;KANNADA LETTER FA;Lo;0;L;;;;;N;;;;;
+0CE0;KANNADA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0CE1;KANNADA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0CE6;KANNADA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0CE7;KANNADA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0CE8;KANNADA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0CE9;KANNADA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0CEA;KANNADA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0CEB;KANNADA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0CEC;KANNADA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0CED;KANNADA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0CEE;KANNADA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0CEF;KANNADA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0D02;MALAYALAM SIGN ANUSVARA;Mc;0;L;;;;;N;;;;;
+0D03;MALAYALAM SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+0D05;MALAYALAM LETTER A;Lo;0;L;;;;;N;;;;;
+0D06;MALAYALAM LETTER AA;Lo;0;L;;;;;N;;;;;
+0D07;MALAYALAM LETTER I;Lo;0;L;;;;;N;;;;;
+0D08;MALAYALAM LETTER II;Lo;0;L;;;;;N;;;;;
+0D09;MALAYALAM LETTER U;Lo;0;L;;;;;N;;;;;
+0D0A;MALAYALAM LETTER UU;Lo;0;L;;;;;N;;;;;
+0D0B;MALAYALAM LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+0D0C;MALAYALAM LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+0D0E;MALAYALAM LETTER E;Lo;0;L;;;;;N;;;;;
+0D0F;MALAYALAM LETTER EE;Lo;0;L;;;;;N;;;;;
+0D10;MALAYALAM LETTER AI;Lo;0;L;;;;;N;;;;;
+0D12;MALAYALAM LETTER O;Lo;0;L;;;;;N;;;;;
+0D13;MALAYALAM LETTER OO;Lo;0;L;;;;;N;;;;;
+0D14;MALAYALAM LETTER AU;Lo;0;L;;;;;N;;;;;
+0D15;MALAYALAM LETTER KA;Lo;0;L;;;;;N;;;;;
+0D16;MALAYALAM LETTER KHA;Lo;0;L;;;;;N;;;;;
+0D17;MALAYALAM LETTER GA;Lo;0;L;;;;;N;;;;;
+0D18;MALAYALAM LETTER GHA;Lo;0;L;;;;;N;;;;;
+0D19;MALAYALAM LETTER NGA;Lo;0;L;;;;;N;;;;;
+0D1A;MALAYALAM LETTER CA;Lo;0;L;;;;;N;;;;;
+0D1B;MALAYALAM LETTER CHA;Lo;0;L;;;;;N;;;;;
+0D1C;MALAYALAM LETTER JA;Lo;0;L;;;;;N;;;;;
+0D1D;MALAYALAM LETTER JHA;Lo;0;L;;;;;N;;;;;
+0D1E;MALAYALAM LETTER NYA;Lo;0;L;;;;;N;;;;;
+0D1F;MALAYALAM LETTER TTA;Lo;0;L;;;;;N;;;;;
+0D20;MALAYALAM LETTER TTHA;Lo;0;L;;;;;N;;;;;
+0D21;MALAYALAM LETTER DDA;Lo;0;L;;;;;N;;;;;
+0D22;MALAYALAM LETTER DDHA;Lo;0;L;;;;;N;;;;;
+0D23;MALAYALAM LETTER NNA;Lo;0;L;;;;;N;;;;;
+0D24;MALAYALAM LETTER TA;Lo;0;L;;;;;N;;;;;
+0D25;MALAYALAM LETTER THA;Lo;0;L;;;;;N;;;;;
+0D26;MALAYALAM LETTER DA;Lo;0;L;;;;;N;;;;;
+0D27;MALAYALAM LETTER DHA;Lo;0;L;;;;;N;;;;;
+0D28;MALAYALAM LETTER NA;Lo;0;L;;;;;N;;;;;
+0D2A;MALAYALAM LETTER PA;Lo;0;L;;;;;N;;;;;
+0D2B;MALAYALAM LETTER PHA;Lo;0;L;;;;;N;;;;;
+0D2C;MALAYALAM LETTER BA;Lo;0;L;;;;;N;;;;;
+0D2D;MALAYALAM LETTER BHA;Lo;0;L;;;;;N;;;;;
+0D2E;MALAYALAM LETTER MA;Lo;0;L;;;;;N;;;;;
+0D2F;MALAYALAM LETTER YA;Lo;0;L;;;;;N;;;;;
+0D30;MALAYALAM LETTER RA;Lo;0;L;;;;;N;;;;;
+0D31;MALAYALAM LETTER RRA;Lo;0;L;;;;;N;;;;;
+0D32;MALAYALAM LETTER LA;Lo;0;L;;;;;N;;;;;
+0D33;MALAYALAM LETTER LLA;Lo;0;L;;;;;N;;;;;
+0D34;MALAYALAM LETTER LLLA;Lo;0;L;;;;;N;;;;;
+0D35;MALAYALAM LETTER VA;Lo;0;L;;;;;N;;;;;
+0D36;MALAYALAM LETTER SHA;Lo;0;L;;;;;N;;;;;
+0D37;MALAYALAM LETTER SSA;Lo;0;L;;;;;N;;;;;
+0D38;MALAYALAM LETTER SA;Lo;0;L;;;;;N;;;;;
+0D39;MALAYALAM LETTER HA;Lo;0;L;;;;;N;;;;;
+0D3E;MALAYALAM VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+0D3F;MALAYALAM VOWEL SIGN I;Mc;0;L;;;;;N;;;;;
+0D40;MALAYALAM VOWEL SIGN II;Mc;0;L;;;;;N;;;;;
+0D41;MALAYALAM VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+0D42;MALAYALAM VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+0D43;MALAYALAM VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;;
+0D46;MALAYALAM VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+0D47;MALAYALAM VOWEL SIGN EE;Mc;0;L;;;;;N;;;;;
+0D48;MALAYALAM VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+0D4A;MALAYALAM VOWEL SIGN O;Mc;0;L;0D46 0D3E;;;;N;;;;;
+0D4B;MALAYALAM VOWEL SIGN OO;Mc;0;L;0D47 0D3E;;;;N;;;;;
+0D4C;MALAYALAM VOWEL SIGN AU;Mc;0;L;0D46 0D57;;;;N;;;;;
+0D4D;MALAYALAM SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+0D57;MALAYALAM AU LENGTH MARK;Mc;0;L;;;;;N;;;;;
+0D60;MALAYALAM LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+0D61;MALAYALAM LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+0D66;MALAYALAM DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0D67;MALAYALAM DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0D68;MALAYALAM DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0D69;MALAYALAM DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0D6A;MALAYALAM DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0D6B;MALAYALAM DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0D6C;MALAYALAM DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0D6D;MALAYALAM DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0D6E;MALAYALAM DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0D6F;MALAYALAM DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0D82;SINHALA SIGN ANUSVARAYA;Mc;0;L;;;;;N;;;;;
+0D83;SINHALA SIGN VISARGAYA;Mc;0;L;;;;;N;;;;;
+0D85;SINHALA LETTER AYANNA;Lo;0;L;;;;;N;;;;;
+0D86;SINHALA LETTER AAYANNA;Lo;0;L;;;;;N;;;;;
+0D87;SINHALA LETTER AEYANNA;Lo;0;L;;;;;N;;;;;
+0D88;SINHALA LETTER AEEYANNA;Lo;0;L;;;;;N;;;;;
+0D89;SINHALA LETTER IYANNA;Lo;0;L;;;;;N;;;;;
+0D8A;SINHALA LETTER IIYANNA;Lo;0;L;;;;;N;;;;;
+0D8B;SINHALA LETTER UYANNA;Lo;0;L;;;;;N;;;;;
+0D8C;SINHALA LETTER UUYANNA;Lo;0;L;;;;;N;;;;;
+0D8D;SINHALA LETTER IRUYANNA;Lo;0;L;;;;;N;;;;;
+0D8E;SINHALA LETTER IRUUYANNA;Lo;0;L;;;;;N;;;;;
+0D8F;SINHALA LETTER ILUYANNA;Lo;0;L;;;;;N;;;;;
+0D90;SINHALA LETTER ILUUYANNA;Lo;0;L;;;;;N;;;;;
+0D91;SINHALA LETTER EYANNA;Lo;0;L;;;;;N;;;;;
+0D92;SINHALA LETTER EEYANNA;Lo;0;L;;;;;N;;;;;
+0D93;SINHALA LETTER AIYANNA;Lo;0;L;;;;;N;;;;;
+0D94;SINHALA LETTER OYANNA;Lo;0;L;;;;;N;;;;;
+0D95;SINHALA LETTER OOYANNA;Lo;0;L;;;;;N;;;;;
+0D96;SINHALA LETTER AUYANNA;Lo;0;L;;;;;N;;;;;
+0D9A;SINHALA LETTER ALPAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;;
+0D9B;SINHALA LETTER MAHAAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;;
+0D9C;SINHALA LETTER ALPAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;;
+0D9D;SINHALA LETTER MAHAAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;;
+0D9E;SINHALA LETTER KANTAJA NAASIKYAYA;Lo;0;L;;;;;N;;;;;
+0D9F;SINHALA LETTER SANYAKA GAYANNA;Lo;0;L;;;;;N;;;;;
+0DA0;SINHALA LETTER ALPAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;;
+0DA1;SINHALA LETTER MAHAAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;;
+0DA2;SINHALA LETTER ALPAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;;
+0DA3;SINHALA LETTER MAHAAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;;
+0DA4;SINHALA LETTER TAALUJA NAASIKYAYA;Lo;0;L;;;;;N;;;;;
+0DA5;SINHALA LETTER TAALUJA SANYOOGA NAAKSIKYAYA;Lo;0;L;;;;;N;;;;;
+0DA6;SINHALA LETTER SANYAKA JAYANNA;Lo;0;L;;;;;N;;;;;
+0DA7;SINHALA LETTER ALPAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;;
+0DA8;SINHALA LETTER MAHAAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;;
+0DA9;SINHALA LETTER ALPAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;;
+0DAA;SINHALA LETTER MAHAAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;;
+0DAB;SINHALA LETTER MUURDHAJA NAYANNA;Lo;0;L;;;;;N;;;;;
+0DAC;SINHALA LETTER SANYAKA DDAYANNA;Lo;0;L;;;;;N;;;;;
+0DAD;SINHALA LETTER ALPAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;;
+0DAE;SINHALA LETTER MAHAAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;;
+0DAF;SINHALA LETTER ALPAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;;
+0DB0;SINHALA LETTER MAHAAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;;
+0DB1;SINHALA LETTER DANTAJA NAYANNA;Lo;0;L;;;;;N;;;;;
+0DB3;SINHALA LETTER SANYAKA DAYANNA;Lo;0;L;;;;;N;;;;;
+0DB4;SINHALA LETTER ALPAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;;
+0DB5;SINHALA LETTER MAHAAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;;
+0DB6;SINHALA LETTER ALPAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;;
+0DB7;SINHALA LETTER MAHAAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;;
+0DB8;SINHALA LETTER MAYANNA;Lo;0;L;;;;;N;;;;;
+0DB9;SINHALA LETTER AMBA BAYANNA;Lo;0;L;;;;;N;;;;;
+0DBA;SINHALA LETTER YAYANNA;Lo;0;L;;;;;N;;;;;
+0DBB;SINHALA LETTER RAYANNA;Lo;0;L;;;;;N;;;;;
+0DBD;SINHALA LETTER DANTAJA LAYANNA;Lo;0;L;;;;;N;;;;;
+0DC0;SINHALA LETTER VAYANNA;Lo;0;L;;;;;N;;;;;
+0DC1;SINHALA LETTER TAALUJA SAYANNA;Lo;0;L;;;;;N;;;;;
+0DC2;SINHALA LETTER MUURDHAJA SAYANNA;Lo;0;L;;;;;N;;;;;
+0DC3;SINHALA LETTER DANTAJA SAYANNA;Lo;0;L;;;;;N;;;;;
+0DC4;SINHALA LETTER HAYANNA;Lo;0;L;;;;;N;;;;;
+0DC5;SINHALA LETTER MUURDHAJA LAYANNA;Lo;0;L;;;;;N;;;;;
+0DC6;SINHALA LETTER FAYANNA;Lo;0;L;;;;;N;;;;;
+0DCA;SINHALA SIGN AL-LAKUNA;Mn;9;NSM;;;;;N;;;;;
+0DCF;SINHALA VOWEL SIGN AELA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD0;SINHALA VOWEL SIGN KETTI AEDA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD1;SINHALA VOWEL SIGN DIGA AEDA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD2;SINHALA VOWEL SIGN KETTI IS-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD3;SINHALA VOWEL SIGN DIGA IS-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD4;SINHALA VOWEL SIGN KETTI PAA-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD6;SINHALA VOWEL SIGN DIGA PAA-PILLA;Mn;0;NSM;;;;;N;;;;;
+0DD8;SINHALA VOWEL SIGN GAETTA-PILLA;Mc;0;L;;;;;N;;;;;
+0DD9;SINHALA VOWEL SIGN KOMBUVA;Mc;0;L;;;;;N;;;;;
+0DDA;SINHALA VOWEL SIGN DIGA KOMBUVA;Mc;0;L;0DD9 0DCA;;;;N;;;;;
+0DDB;SINHALA VOWEL SIGN KOMBU DEKA;Mc;0;L;;;;;N;;;;;
+0DDC;SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA;Mc;0;L;0DD9 0DCF;;;;N;;;;;
+0DDD;SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA;Mc;0;L;0DDC 0DCA;;;;N;;;;;
+0DDE;SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA;Mc;0;L;0DD9 0DDF;;;;N;;;;;
+0DDF;SINHALA VOWEL SIGN GAYANUKITTA;Mc;0;L;;;;;N;;;;;
+0DF2;SINHALA VOWEL SIGN DIGA GAETTA-PILLA;Mc;0;L;;;;;N;;;;;
+0DF3;SINHALA VOWEL SIGN DIGA GAYANUKITTA;Mc;0;L;;;;;N;;;;;
+0DF4;SINHALA PUNCTUATION KUNDDALIYA;Po;0;L;;;;;N;;;;;
+0E01;THAI CHARACTER KO KAI;Lo;0;L;;;;;N;THAI LETTER KO KAI;;;;
+0E02;THAI CHARACTER KHO KHAI;Lo;0;L;;;;;N;THAI LETTER KHO KHAI;;;;
+0E03;THAI CHARACTER KHO KHUAT;Lo;0;L;;;;;N;THAI LETTER KHO KHUAT;;;;
+0E04;THAI CHARACTER KHO KHWAI;Lo;0;L;;;;;N;THAI LETTER KHO KHWAI;;;;
+0E05;THAI CHARACTER KHO KHON;Lo;0;L;;;;;N;THAI LETTER KHO KHON;;;;
+0E06;THAI CHARACTER KHO RAKHANG;Lo;0;L;;;;;N;THAI LETTER KHO RAKHANG;;;;
+0E07;THAI CHARACTER NGO NGU;Lo;0;L;;;;;N;THAI LETTER NGO NGU;;;;
+0E08;THAI CHARACTER CHO CHAN;Lo;0;L;;;;;N;THAI LETTER CHO CHAN;;;;
+0E09;THAI CHARACTER CHO CHING;Lo;0;L;;;;;N;THAI LETTER CHO CHING;;;;
+0E0A;THAI CHARACTER CHO CHANG;Lo;0;L;;;;;N;THAI LETTER CHO CHANG;;;;
+0E0B;THAI CHARACTER SO SO;Lo;0;L;;;;;N;THAI LETTER SO SO;;;;
+0E0C;THAI CHARACTER CHO CHOE;Lo;0;L;;;;;N;THAI LETTER CHO CHOE;;;;
+0E0D;THAI CHARACTER YO YING;Lo;0;L;;;;;N;THAI LETTER YO YING;;;;
+0E0E;THAI CHARACTER DO CHADA;Lo;0;L;;;;;N;THAI LETTER DO CHADA;;;;
+0E0F;THAI CHARACTER TO PATAK;Lo;0;L;;;;;N;THAI LETTER TO PATAK;;;;
+0E10;THAI CHARACTER THO THAN;Lo;0;L;;;;;N;THAI LETTER THO THAN;;;;
+0E11;THAI CHARACTER THO NANGMONTHO;Lo;0;L;;;;;N;THAI LETTER THO NANGMONTHO;;;;
+0E12;THAI CHARACTER THO PHUTHAO;Lo;0;L;;;;;N;THAI LETTER THO PHUTHAO;;;;
+0E13;THAI CHARACTER NO NEN;Lo;0;L;;;;;N;THAI LETTER NO NEN;;;;
+0E14;THAI CHARACTER DO DEK;Lo;0;L;;;;;N;THAI LETTER DO DEK;;;;
+0E15;THAI CHARACTER TO TAO;Lo;0;L;;;;;N;THAI LETTER TO TAO;;;;
+0E16;THAI CHARACTER THO THUNG;Lo;0;L;;;;;N;THAI LETTER THO THUNG;;;;
+0E17;THAI CHARACTER THO THAHAN;Lo;0;L;;;;;N;THAI LETTER THO THAHAN;;;;
+0E18;THAI CHARACTER THO THONG;Lo;0;L;;;;;N;THAI LETTER THO THONG;;;;
+0E19;THAI CHARACTER NO NU;Lo;0;L;;;;;N;THAI LETTER NO NU;;;;
+0E1A;THAI CHARACTER BO BAIMAI;Lo;0;L;;;;;N;THAI LETTER BO BAIMAI;;;;
+0E1B;THAI CHARACTER PO PLA;Lo;0;L;;;;;N;THAI LETTER PO PLA;;;;
+0E1C;THAI CHARACTER PHO PHUNG;Lo;0;L;;;;;N;THAI LETTER PHO PHUNG;;;;
+0E1D;THAI CHARACTER FO FA;Lo;0;L;;;;;N;THAI LETTER FO FA;;;;
+0E1E;THAI CHARACTER PHO PHAN;Lo;0;L;;;;;N;THAI LETTER PHO PHAN;;;;
+0E1F;THAI CHARACTER FO FAN;Lo;0;L;;;;;N;THAI LETTER FO FAN;;;;
+0E20;THAI CHARACTER PHO SAMPHAO;Lo;0;L;;;;;N;THAI LETTER PHO SAMPHAO;;;;
+0E21;THAI CHARACTER MO MA;Lo;0;L;;;;;N;THAI LETTER MO MA;;;;
+0E22;THAI CHARACTER YO YAK;Lo;0;L;;;;;N;THAI LETTER YO YAK;;;;
+0E23;THAI CHARACTER RO RUA;Lo;0;L;;;;;N;THAI LETTER RO RUA;;;;
+0E24;THAI CHARACTER RU;Lo;0;L;;;;;N;THAI LETTER RU;;;;
+0E25;THAI CHARACTER LO LING;Lo;0;L;;;;;N;THAI LETTER LO LING;;;;
+0E26;THAI CHARACTER LU;Lo;0;L;;;;;N;THAI LETTER LU;;;;
+0E27;THAI CHARACTER WO WAEN;Lo;0;L;;;;;N;THAI LETTER WO WAEN;;;;
+0E28;THAI CHARACTER SO SALA;Lo;0;L;;;;;N;THAI LETTER SO SALA;;;;
+0E29;THAI CHARACTER SO RUSI;Lo;0;L;;;;;N;THAI LETTER SO RUSI;;;;
+0E2A;THAI CHARACTER SO SUA;Lo;0;L;;;;;N;THAI LETTER SO SUA;;;;
+0E2B;THAI CHARACTER HO HIP;Lo;0;L;;;;;N;THAI LETTER HO HIP;;;;
+0E2C;THAI CHARACTER LO CHULA;Lo;0;L;;;;;N;THAI LETTER LO CHULA;;;;
+0E2D;THAI CHARACTER O ANG;Lo;0;L;;;;;N;THAI LETTER O ANG;;;;
+0E2E;THAI CHARACTER HO NOKHUK;Lo;0;L;;;;;N;THAI LETTER HO NOK HUK;;;;
+0E2F;THAI CHARACTER PAIYANNOI;Lo;0;L;;;;;N;THAI PAI YAN NOI;paiyan noi;;;
+0E30;THAI CHARACTER SARA A;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA A;;;;
+0E31;THAI CHARACTER MAI HAN-AKAT;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI HAN-AKAT;;;;
+0E32;THAI CHARACTER SARA AA;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AA;;;;
+0E33;THAI CHARACTER SARA AM;Lo;0;L;<compat> 0E4D 0E32;;;;N;THAI VOWEL SIGN SARA AM;;;;
+0E34;THAI CHARACTER SARA I;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA I;;;;
+0E35;THAI CHARACTER SARA II;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA II;;;;
+0E36;THAI CHARACTER SARA UE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UE;;;;
+0E37;THAI CHARACTER SARA UEE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UEE;sara uue;;;
+0E38;THAI CHARACTER SARA U;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA U;;;;
+0E39;THAI CHARACTER SARA UU;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA UU;;;;
+0E3A;THAI CHARACTER PHINTHU;Mn;9;NSM;;;;;N;THAI VOWEL SIGN PHINTHU;;;;
+0E3F;THAI CURRENCY SYMBOL BAHT;Sc;0;ET;;;;;N;THAI BAHT SIGN;;;;
+0E40;THAI CHARACTER SARA E;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA E;;;;
+0E41;THAI CHARACTER SARA AE;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AE;;;;
+0E42;THAI CHARACTER SARA O;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA O;;;;
+0E43;THAI CHARACTER SARA AI MAIMUAN;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MUAN;sara ai mai muan;;;
+0E44;THAI CHARACTER SARA AI MAIMALAI;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MALAI;sara ai mai malai;;;
+0E45;THAI CHARACTER LAKKHANGYAO;Lo;0;L;;;;;N;THAI LAK KHANG YAO;lakkhang yao;;;
+0E46;THAI CHARACTER MAIYAMOK;Lm;0;L;;;;;N;THAI MAI YAMOK;mai yamok;;;
+0E47;THAI CHARACTER MAITAIKHU;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI TAI KHU;mai taikhu;;;
+0E48;THAI CHARACTER MAI EK;Mn;107;NSM;;;;;N;THAI TONE MAI EK;;;;
+0E49;THAI CHARACTER MAI THO;Mn;107;NSM;;;;;N;THAI TONE MAI THO;;;;
+0E4A;THAI CHARACTER MAI TRI;Mn;107;NSM;;;;;N;THAI TONE MAI TRI;;;;
+0E4B;THAI CHARACTER MAI CHATTAWA;Mn;107;NSM;;;;;N;THAI TONE MAI CHATTAWA;;;;
+0E4C;THAI CHARACTER THANTHAKHAT;Mn;0;NSM;;;;;N;THAI THANTHAKHAT;;;;
+0E4D;THAI CHARACTER NIKHAHIT;Mn;0;NSM;;;;;N;THAI NIKKHAHIT;nikkhahit;;;
+0E4E;THAI CHARACTER YAMAKKAN;Mn;0;NSM;;;;;N;THAI YAMAKKAN;;;;
+0E4F;THAI CHARACTER FONGMAN;Po;0;L;;;;;N;THAI FONGMAN;;;;
+0E50;THAI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0E51;THAI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0E52;THAI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0E53;THAI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0E54;THAI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0E55;THAI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0E56;THAI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0E57;THAI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0E58;THAI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0E59;THAI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0E5A;THAI CHARACTER ANGKHANKHU;Po;0;L;;;;;N;THAI ANGKHANKHU;;;;
+0E5B;THAI CHARACTER KHOMUT;Po;0;L;;;;;N;THAI KHOMUT;;;;
+0E81;LAO LETTER KO;Lo;0;L;;;;;N;;;;;
+0E82;LAO LETTER KHO SUNG;Lo;0;L;;;;;N;;;;;
+0E84;LAO LETTER KHO TAM;Lo;0;L;;;;;N;;;;;
+0E87;LAO LETTER NGO;Lo;0;L;;;;;N;;;;;
+0E88;LAO LETTER CO;Lo;0;L;;;;;N;;;;;
+0E8A;LAO LETTER SO TAM;Lo;0;L;;;;;N;;;;;
+0E8D;LAO LETTER NYO;Lo;0;L;;;;;N;;;;;
+0E94;LAO LETTER DO;Lo;0;L;;;;;N;;;;;
+0E95;LAO LETTER TO;Lo;0;L;;;;;N;;;;;
+0E96;LAO LETTER THO SUNG;Lo;0;L;;;;;N;;;;;
+0E97;LAO LETTER THO TAM;Lo;0;L;;;;;N;;;;;
+0E99;LAO LETTER NO;Lo;0;L;;;;;N;;;;;
+0E9A;LAO LETTER BO;Lo;0;L;;;;;N;;;;;
+0E9B;LAO LETTER PO;Lo;0;L;;;;;N;;;;;
+0E9C;LAO LETTER PHO SUNG;Lo;0;L;;;;;N;;;;;
+0E9D;LAO LETTER FO TAM;Lo;0;L;;;;;N;;;;;
+0E9E;LAO LETTER PHO TAM;Lo;0;L;;;;;N;;;;;
+0E9F;LAO LETTER FO SUNG;Lo;0;L;;;;;N;;;;;
+0EA1;LAO LETTER MO;Lo;0;L;;;;;N;;;;;
+0EA2;LAO LETTER YO;Lo;0;L;;;;;N;;;;;
+0EA3;LAO LETTER LO LING;Lo;0;L;;;;;N;;;;;
+0EA5;LAO LETTER LO LOOT;Lo;0;L;;;;;N;;;;;
+0EA7;LAO LETTER WO;Lo;0;L;;;;;N;;;;;
+0EAA;LAO LETTER SO SUNG;Lo;0;L;;;;;N;;;;;
+0EAB;LAO LETTER HO SUNG;Lo;0;L;;;;;N;;;;;
+0EAD;LAO LETTER O;Lo;0;L;;;;;N;;;;;
+0EAE;LAO LETTER HO TAM;Lo;0;L;;;;;N;;;;;
+0EAF;LAO ELLIPSIS;Lo;0;L;;;;;N;;;;;
+0EB0;LAO VOWEL SIGN A;Lo;0;L;;;;;N;;;;;
+0EB1;LAO VOWEL SIGN MAI KAN;Mn;0;NSM;;;;;N;;;;;
+0EB2;LAO VOWEL SIGN AA;Lo;0;L;;;;;N;;;;;
+0EB3;LAO VOWEL SIGN AM;Lo;0;L;<compat> 0ECD 0EB2;;;;N;;;;;
+0EB4;LAO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+0EB5;LAO VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+0EB6;LAO VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;;
+0EB7;LAO VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;;
+0EB8;LAO VOWEL SIGN U;Mn;118;NSM;;;;;N;;;;;
+0EB9;LAO VOWEL SIGN UU;Mn;118;NSM;;;;;N;;;;;
+0EBB;LAO VOWEL SIGN MAI KON;Mn;0;NSM;;;;;N;;;;;
+0EBC;LAO SEMIVOWEL SIGN LO;Mn;0;NSM;;;;;N;;;;;
+0EBD;LAO SEMIVOWEL SIGN NYO;Lo;0;L;;;;;N;;;;;
+0EC0;LAO VOWEL SIGN E;Lo;0;L;;;;;N;;;;;
+0EC1;LAO VOWEL SIGN EI;Lo;0;L;;;;;N;;;;;
+0EC2;LAO VOWEL SIGN O;Lo;0;L;;;;;N;;;;;
+0EC3;LAO VOWEL SIGN AY;Lo;0;L;;;;;N;;;;;
+0EC4;LAO VOWEL SIGN AI;Lo;0;L;;;;;N;;;;;
+0EC6;LAO KO LA;Lm;0;L;;;;;N;;;;;
+0EC8;LAO TONE MAI EK;Mn;122;NSM;;;;;N;;;;;
+0EC9;LAO TONE MAI THO;Mn;122;NSM;;;;;N;;;;;
+0ECA;LAO TONE MAI TI;Mn;122;NSM;;;;;N;;;;;
+0ECB;LAO TONE MAI CATAWA;Mn;122;NSM;;;;;N;;;;;
+0ECC;LAO CANCELLATION MARK;Mn;0;NSM;;;;;N;;;;;
+0ECD;LAO NIGGAHITA;Mn;0;NSM;;;;;N;;;;;
+0ED0;LAO DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0ED1;LAO DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0ED2;LAO DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0ED3;LAO DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0ED4;LAO DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0ED5;LAO DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0ED6;LAO DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0ED7;LAO DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0ED8;LAO DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0ED9;LAO DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0EDC;LAO HO NO;Lo;0;L;<compat> 0EAB 0E99;;;;N;;;;;
+0EDD;LAO HO MO;Lo;0;L;<compat> 0EAB 0EA1;;;;N;;;;;
+0F00;TIBETAN SYLLABLE OM;Lo;0;L;;;;;N;;;;;
+0F01;TIBETAN MARK GTER YIG MGO TRUNCATED A;So;0;L;;;;;N;;ter yik go a thung;;;
+0F02;TIBETAN MARK GTER YIG MGO -UM RNAM BCAD MA;So;0;L;;;;;N;;ter yik go wum nam chey ma;;;
+0F03;TIBETAN MARK GTER YIG MGO -UM GTER TSHEG MA;So;0;L;;;;;N;;ter yik go wum ter tsek ma;;;
+0F04;TIBETAN MARK INITIAL YIG MGO MDUN MA;Po;0;L;;;;;N;TIBETAN SINGLE ORNAMENT;yik go dun ma;;;
+0F05;TIBETAN MARK CLOSING YIG MGO SGAB MA;Po;0;L;;;;;N;;yik go kab ma;;;
+0F06;TIBETAN MARK CARET YIG MGO PHUR SHAD MA;Po;0;L;;;;;N;;yik go pur shey ma;;;
+0F07;TIBETAN MARK YIG MGO TSHEG SHAD MA;Po;0;L;;;;;N;;yik go tsek shey ma;;;
+0F08;TIBETAN MARK SBRUL SHAD;Po;0;L;;;;;N;TIBETAN RGYANSHAD;drul shey;;;
+0F09;TIBETAN MARK BSKUR YIG MGO;Po;0;L;;;;;N;;kur yik go;;;
+0F0A;TIBETAN MARK BKA- SHOG YIG MGO;Po;0;L;;;;;N;;ka sho yik go;;;
+0F0B;TIBETAN MARK INTERSYLLABIC TSHEG;Po;0;L;;;;;N;TIBETAN TSEG;tsek;;;
+0F0C;TIBETAN MARK DELIMITER TSHEG BSTAR;Po;0;L;<noBreak> 0F0B;;;;N;;tsek tar;;;
+0F0D;TIBETAN MARK SHAD;Po;0;L;;;;;N;TIBETAN SHAD;shey;;;
+0F0E;TIBETAN MARK NYIS SHAD;Po;0;L;;;;;N;TIBETAN DOUBLE SHAD;nyi shey;;;
+0F0F;TIBETAN MARK TSHEG SHAD;Po;0;L;;;;;N;;tsek shey;;;
+0F10;TIBETAN MARK NYIS TSHEG SHAD;Po;0;L;;;;;N;;nyi tsek shey;;;
+0F11;TIBETAN MARK RIN CHEN SPUNGS SHAD;Po;0;L;;;;;N;TIBETAN RINCHANPHUNGSHAD;rinchen pung shey;;;
+0F12;TIBETAN MARK RGYA GRAM SHAD;Po;0;L;;;;;N;;gya tram shey;;;
+0F13;TIBETAN MARK CARET -DZUD RTAGS ME LONG CAN;So;0;L;;;;;N;;dzu ta me long chen;;;
+0F14;TIBETAN MARK GTER TSHEG;So;0;L;;;;;N;TIBETAN COMMA;ter tsek;;;
+0F15;TIBETAN LOGOTYPE SIGN CHAD RTAGS;So;0;L;;;;;N;;che ta;;;
+0F16;TIBETAN LOGOTYPE SIGN LHAG RTAGS;So;0;L;;;;;N;;hlak ta;;;
+0F17;TIBETAN ASTROLOGICAL SIGN SGRA GCAN -CHAR RTAGS;So;0;L;;;;;N;;trachen char ta;;;
+0F18;TIBETAN ASTROLOGICAL SIGN -KHYUD PA;Mn;220;NSM;;;;;N;;kyu pa;;;
+0F19;TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS;Mn;220;NSM;;;;;N;;dong tsu;;;
+0F1A;TIBETAN SIGN RDEL DKAR GCIG;So;0;L;;;;;N;;deka chig;;;
+0F1B;TIBETAN SIGN RDEL DKAR GNYIS;So;0;L;;;;;N;;deka nyi;;;
+0F1C;TIBETAN SIGN RDEL DKAR GSUM;So;0;L;;;;;N;;deka sum;;;
+0F1D;TIBETAN SIGN RDEL NAG GCIG;So;0;L;;;;;N;;dena chig;;;
+0F1E;TIBETAN SIGN RDEL NAG GNYIS;So;0;L;;;;;N;;dena nyi;;;
+0F1F;TIBETAN SIGN RDEL DKAR RDEL NAG;So;0;L;;;;;N;;deka dena;;;
+0F20;TIBETAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+0F21;TIBETAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+0F22;TIBETAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+0F23;TIBETAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+0F24;TIBETAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+0F25;TIBETAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+0F26;TIBETAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+0F27;TIBETAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+0F28;TIBETAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+0F29;TIBETAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+0F2A;TIBETAN DIGIT HALF ONE;No;0;L;;;;1/2;N;;;;;
+0F2B;TIBETAN DIGIT HALF TWO;No;0;L;;;;3/2;N;;;;;
+0F2C;TIBETAN DIGIT HALF THREE;No;0;L;;;;5/2;N;;;;;
+0F2D;TIBETAN DIGIT HALF FOUR;No;0;L;;;;7/2;N;;;;;
+0F2E;TIBETAN DIGIT HALF FIVE;No;0;L;;;;9/2;N;;;;;
+0F2F;TIBETAN DIGIT HALF SIX;No;0;L;;;;11/2;N;;;;;
+0F30;TIBETAN DIGIT HALF SEVEN;No;0;L;;;;13/2;N;;;;;
+0F31;TIBETAN DIGIT HALF EIGHT;No;0;L;;;;15/2;N;;;;;
+0F32;TIBETAN DIGIT HALF NINE;No;0;L;;;;17/2;N;;;;;
+0F33;TIBETAN DIGIT HALF ZERO;No;0;L;;;;-1/2;N;;;;;
+0F34;TIBETAN MARK BSDUS RTAGS;So;0;L;;;;;N;;du ta;;;
+0F35;TIBETAN MARK NGAS BZUNG NYI ZLA;Mn;220;NSM;;;;;N;TIBETAN HONORIFIC UNDER RING;nge zung nyi da;;;
+0F36;TIBETAN MARK CARET -DZUD RTAGS BZHI MIG CAN;So;0;L;;;;;N;;dzu ta shi mig chen;;;
+0F37;TIBETAN MARK NGAS BZUNG SGOR RTAGS;Mn;220;NSM;;;;;N;TIBETAN UNDER RING;nge zung gor ta;;;
+0F38;TIBETAN MARK CHE MGO;So;0;L;;;;;N;;che go;;;
+0F39;TIBETAN MARK TSA -PHRU;Mn;216;NSM;;;;;N;TIBETAN LENITION MARK;tsa tru;;;
+0F3A;TIBETAN MARK GUG RTAGS GYON;Ps;0;ON;;;;;N;;gug ta yun;;;
+0F3B;TIBETAN MARK GUG RTAGS GYAS;Pe;0;ON;;;;;N;;gug ta ye;;;
+0F3C;TIBETAN MARK ANG KHANG GYON;Ps;0;ON;;;;;N;TIBETAN LEFT BRACE;ang kang yun;;;
+0F3D;TIBETAN MARK ANG KHANG GYAS;Pe;0;ON;;;;;N;TIBETAN RIGHT BRACE;ang kang ye;;;
+0F3E;TIBETAN SIGN YAR TSHES;Mc;0;L;;;;;N;;yar tse;;;
+0F3F;TIBETAN SIGN MAR TSHES;Mc;0;L;;;;;N;;mar tse;;;
+0F40;TIBETAN LETTER KA;Lo;0;L;;;;;N;;;;;
+0F41;TIBETAN LETTER KHA;Lo;0;L;;;;;N;;;;;
+0F42;TIBETAN LETTER GA;Lo;0;L;;;;;N;;;;;
+0F43;TIBETAN LETTER GHA;Lo;0;L;0F42 0FB7;;;;N;;;;;
+0F44;TIBETAN LETTER NGA;Lo;0;L;;;;;N;;;;;
+0F45;TIBETAN LETTER CA;Lo;0;L;;;;;N;;;;;
+0F46;TIBETAN LETTER CHA;Lo;0;L;;;;;N;;;;;
+0F47;TIBETAN LETTER JA;Lo;0;L;;;;;N;;;;;
+0F49;TIBETAN LETTER NYA;Lo;0;L;;;;;N;;;;;
+0F4A;TIBETAN LETTER TTA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED TA;;;;
+0F4B;TIBETAN LETTER TTHA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED THA;;;;
+0F4C;TIBETAN LETTER DDA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED DA;;;;
+0F4D;TIBETAN LETTER DDHA;Lo;0;L;0F4C 0FB7;;;;N;;;;;
+0F4E;TIBETAN LETTER NNA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED NA;;;;
+0F4F;TIBETAN LETTER TA;Lo;0;L;;;;;N;;;;;
+0F50;TIBETAN LETTER THA;Lo;0;L;;;;;N;;;;;
+0F51;TIBETAN LETTER DA;Lo;0;L;;;;;N;;;;;
+0F52;TIBETAN LETTER DHA;Lo;0;L;0F51 0FB7;;;;N;;;;;
+0F53;TIBETAN LETTER NA;Lo;0;L;;;;;N;;;;;
+0F54;TIBETAN LETTER PA;Lo;0;L;;;;;N;;;;;
+0F55;TIBETAN LETTER PHA;Lo;0;L;;;;;N;;;;;
+0F56;TIBETAN LETTER BA;Lo;0;L;;;;;N;;;;;
+0F57;TIBETAN LETTER BHA;Lo;0;L;0F56 0FB7;;;;N;;;;;
+0F58;TIBETAN LETTER MA;Lo;0;L;;;;;N;;;;;
+0F59;TIBETAN LETTER TSA;Lo;0;L;;;;;N;;;;;
+0F5A;TIBETAN LETTER TSHA;Lo;0;L;;;;;N;;;;;
+0F5B;TIBETAN LETTER DZA;Lo;0;L;;;;;N;;;;;
+0F5C;TIBETAN LETTER DZHA;Lo;0;L;0F5B 0FB7;;;;N;;;;;
+0F5D;TIBETAN LETTER WA;Lo;0;L;;;;;N;;;;;
+0F5E;TIBETAN LETTER ZHA;Lo;0;L;;;;;N;;;;;
+0F5F;TIBETAN LETTER ZA;Lo;0;L;;;;;N;;;;;
+0F60;TIBETAN LETTER -A;Lo;0;L;;;;;N;TIBETAN LETTER AA;;;;
+0F61;TIBETAN LETTER YA;Lo;0;L;;;;;N;;;;;
+0F62;TIBETAN LETTER RA;Lo;0;L;;;;;N;;*;;;
+0F63;TIBETAN LETTER LA;Lo;0;L;;;;;N;;;;;
+0F64;TIBETAN LETTER SHA;Lo;0;L;;;;;N;;;;;
+0F65;TIBETAN LETTER SSA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED SHA;;;;
+0F66;TIBETAN LETTER SA;Lo;0;L;;;;;N;;;;;
+0F67;TIBETAN LETTER HA;Lo;0;L;;;;;N;;;;;
+0F68;TIBETAN LETTER A;Lo;0;L;;;;;N;;;;;
+0F69;TIBETAN LETTER KSSA;Lo;0;L;0F40 0FB5;;;;N;;;;;
+0F6A;TIBETAN LETTER FIXED-FORM RA;Lo;0;L;;;;;N;;*;;;
+0F71;TIBETAN VOWEL SIGN AA;Mn;129;NSM;;;;;N;;;;;
+0F72;TIBETAN VOWEL SIGN I;Mn;130;NSM;;;;;N;;;;;
+0F73;TIBETAN VOWEL SIGN II;Mn;0;NSM;0F71 0F72;;;;N;;;;;
+0F74;TIBETAN VOWEL SIGN U;Mn;132;NSM;;;;;N;;;;;
+0F75;TIBETAN VOWEL SIGN UU;Mn;0;NSM;0F71 0F74;;;;N;;;;;
+0F76;TIBETAN VOWEL SIGN VOCALIC R;Mn;0;NSM;0FB2 0F80;;;;N;;;;;
+0F77;TIBETAN VOWEL SIGN VOCALIC RR;Mn;0;NSM;<compat> 0FB2 0F81;;;;N;;;;;
+0F78;TIBETAN VOWEL SIGN VOCALIC L;Mn;0;NSM;0FB3 0F80;;;;N;;;;;
+0F79;TIBETAN VOWEL SIGN VOCALIC LL;Mn;0;NSM;<compat> 0FB3 0F81;;;;N;;;;;
+0F7A;TIBETAN VOWEL SIGN E;Mn;130;NSM;;;;;N;;;;;
+0F7B;TIBETAN VOWEL SIGN EE;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AI;;;;
+0F7C;TIBETAN VOWEL SIGN O;Mn;130;NSM;;;;;N;;;;;
+0F7D;TIBETAN VOWEL SIGN OO;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AU;;;;
+0F7E;TIBETAN SIGN RJES SU NGA RO;Mn;0;NSM;;;;;N;TIBETAN ANUSVARA;je su nga ro;;;
+0F7F;TIBETAN SIGN RNAM BCAD;Mc;0;L;;;;;N;TIBETAN VISARGA;nam chey;;;
+0F80;TIBETAN VOWEL SIGN REVERSED I;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN SHORT I;;;;
+0F81;TIBETAN VOWEL SIGN REVERSED II;Mn;0;NSM;0F71 0F80;;;;N;;;;;
+0F82;TIBETAN SIGN NYI ZLA NAA DA;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU WITH ORNAMENT;nyi da na da;;;
+0F83;TIBETAN SIGN SNA LDAN;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU;nan de;;;
+0F84;TIBETAN MARK HALANTA;Mn;9;NSM;;;;;N;TIBETAN VIRAMA;;;;
+0F85;TIBETAN MARK PALUTA;Po;0;L;;;;;N;TIBETAN CHUCHENYIGE;;;;
+0F86;TIBETAN SIGN LCI RTAGS;Mn;230;NSM;;;;;N;;ji ta;;;
+0F87;TIBETAN SIGN YANG RTAGS;Mn;230;NSM;;;;;N;;yang ta;;;
+0F88;TIBETAN SIGN LCE TSA CAN;Lo;0;L;;;;;N;;che tsa chen;;;
+0F89;TIBETAN SIGN MCHU CAN;Lo;0;L;;;;;N;;chu chen;;;
+0F8A;TIBETAN SIGN GRU CAN RGYINGS;Lo;0;L;;;;;N;;tru chen ging;;;
+0F8B;TIBETAN SIGN GRU MED RGYINGS;Lo;0;L;;;;;N;;tru me ging;;;
+0F90;TIBETAN SUBJOINED LETTER KA;Mn;0;NSM;;;;;N;;;;;
+0F91;TIBETAN SUBJOINED LETTER KHA;Mn;0;NSM;;;;;N;;;;;
+0F92;TIBETAN SUBJOINED LETTER GA;Mn;0;NSM;;;;;N;;;;;
+0F93;TIBETAN SUBJOINED LETTER GHA;Mn;0;NSM;0F92 0FB7;;;;N;;;;;
+0F94;TIBETAN SUBJOINED LETTER NGA;Mn;0;NSM;;;;;N;;;;;
+0F95;TIBETAN SUBJOINED LETTER CA;Mn;0;NSM;;;;;N;;;;;
+0F96;TIBETAN SUBJOINED LETTER CHA;Mn;0;NSM;;;;;N;;;;;
+0F97;TIBETAN SUBJOINED LETTER JA;Mn;0;NSM;;;;;N;;;;;
+0F99;TIBETAN SUBJOINED LETTER NYA;Mn;0;NSM;;;;;N;;;;;
+0F9A;TIBETAN SUBJOINED LETTER TTA;Mn;0;NSM;;;;;N;;;;;
+0F9B;TIBETAN SUBJOINED LETTER TTHA;Mn;0;NSM;;;;;N;;;;;
+0F9C;TIBETAN SUBJOINED LETTER DDA;Mn;0;NSM;;;;;N;;;;;
+0F9D;TIBETAN SUBJOINED LETTER DDHA;Mn;0;NSM;0F9C 0FB7;;;;N;;;;;
+0F9E;TIBETAN SUBJOINED LETTER NNA;Mn;0;NSM;;;;;N;;;;;
+0F9F;TIBETAN SUBJOINED LETTER TA;Mn;0;NSM;;;;;N;;;;;
+0FA0;TIBETAN SUBJOINED LETTER THA;Mn;0;NSM;;;;;N;;;;;
+0FA1;TIBETAN SUBJOINED LETTER DA;Mn;0;NSM;;;;;N;;;;;
+0FA2;TIBETAN SUBJOINED LETTER DHA;Mn;0;NSM;0FA1 0FB7;;;;N;;;;;
+0FA3;TIBETAN SUBJOINED LETTER NA;Mn;0;NSM;;;;;N;;;;;
+0FA4;TIBETAN SUBJOINED LETTER PA;Mn;0;NSM;;;;;N;;;;;
+0FA5;TIBETAN SUBJOINED LETTER PHA;Mn;0;NSM;;;;;N;;;;;
+0FA6;TIBETAN SUBJOINED LETTER BA;Mn;0;NSM;;;;;N;;;;;
+0FA7;TIBETAN SUBJOINED LETTER BHA;Mn;0;NSM;0FA6 0FB7;;;;N;;;;;
+0FA8;TIBETAN SUBJOINED LETTER MA;Mn;0;NSM;;;;;N;;;;;
+0FA9;TIBETAN SUBJOINED LETTER TSA;Mn;0;NSM;;;;;N;;;;;
+0FAA;TIBETAN SUBJOINED LETTER TSHA;Mn;0;NSM;;;;;N;;;;;
+0FAB;TIBETAN SUBJOINED LETTER DZA;Mn;0;NSM;;;;;N;;;;;
+0FAC;TIBETAN SUBJOINED LETTER DZHA;Mn;0;NSM;0FAB 0FB7;;;;N;;;;;
+0FAD;TIBETAN SUBJOINED LETTER WA;Mn;0;NSM;;;;;N;;*;;;
+0FAE;TIBETAN SUBJOINED LETTER ZHA;Mn;0;NSM;;;;;N;;;;;
+0FAF;TIBETAN SUBJOINED LETTER ZA;Mn;0;NSM;;;;;N;;;;;
+0FB0;TIBETAN SUBJOINED LETTER -A;Mn;0;NSM;;;;;N;;;;;
+0FB1;TIBETAN SUBJOINED LETTER YA;Mn;0;NSM;;;;;N;;*;;;
+0FB2;TIBETAN SUBJOINED LETTER RA;Mn;0;NSM;;;;;N;;*;;;
+0FB3;TIBETAN SUBJOINED LETTER LA;Mn;0;NSM;;;;;N;;;;;
+0FB4;TIBETAN SUBJOINED LETTER SHA;Mn;0;NSM;;;;;N;;;;;
+0FB5;TIBETAN SUBJOINED LETTER SSA;Mn;0;NSM;;;;;N;;;;;
+0FB6;TIBETAN SUBJOINED LETTER SA;Mn;0;NSM;;;;;N;;;;;
+0FB7;TIBETAN SUBJOINED LETTER HA;Mn;0;NSM;;;;;N;;;;;
+0FB8;TIBETAN SUBJOINED LETTER A;Mn;0;NSM;;;;;N;;;;;
+0FB9;TIBETAN SUBJOINED LETTER KSSA;Mn;0;NSM;0F90 0FB5;;;;N;;;;;
+0FBA;TIBETAN SUBJOINED LETTER FIXED-FORM WA;Mn;0;NSM;;;;;N;;*;;;
+0FBB;TIBETAN SUBJOINED LETTER FIXED-FORM YA;Mn;0;NSM;;;;;N;;*;;;
+0FBC;TIBETAN SUBJOINED LETTER FIXED-FORM RA;Mn;0;NSM;;;;;N;;*;;;
+0FBE;TIBETAN KU RU KHA;So;0;L;;;;;N;;kuruka;;;
+0FBF;TIBETAN KU RU KHA BZHI MIG CAN;So;0;L;;;;;N;;kuruka shi mik chen;;;
+0FC0;TIBETAN CANTILLATION SIGN HEAVY BEAT;So;0;L;;;;;N;;;;;
+0FC1;TIBETAN CANTILLATION SIGN LIGHT BEAT;So;0;L;;;;;N;;;;;
+0FC2;TIBETAN CANTILLATION SIGN CANG TE-U;So;0;L;;;;;N;;chang tyu;;;
+0FC3;TIBETAN CANTILLATION SIGN SBUB -CHAL;So;0;L;;;;;N;;bub chey;;;
+0FC4;TIBETAN SYMBOL DRIL BU;So;0;L;;;;;N;;drilbu;;;
+0FC5;TIBETAN SYMBOL RDO RJE;So;0;L;;;;;N;;dorje;;;
+0FC6;TIBETAN SYMBOL PADMA GDAN;Mn;220;NSM;;;;;N;;pema den;;;
+0FC7;TIBETAN SYMBOL RDO RJE RGYA GRAM;So;0;L;;;;;N;;dorje gya dram;;;
+0FC8;TIBETAN SYMBOL PHUR PA;So;0;L;;;;;N;;phurba;;;
+0FC9;TIBETAN SYMBOL NOR BU;So;0;L;;;;;N;;norbu;;;
+0FCA;TIBETAN SYMBOL NOR BU NYIS -KHYIL;So;0;L;;;;;N;;norbu nyi khyi;;;
+0FCB;TIBETAN SYMBOL NOR BU GSUM -KHYIL;So;0;L;;;;;N;;norbu sum khyi;;;
+0FCC;TIBETAN SYMBOL NOR BU BZHI -KHYIL;So;0;L;;;;;N;;norbu shi khyi;;;
+0FCF;TIBETAN SIGN RDEL NAG GSUM;So;0;L;;;;;N;;dena sum;;;
+1000;MYANMAR LETTER KA;Lo;0;L;;;;;N;;;;;
+1001;MYANMAR LETTER KHA;Lo;0;L;;;;;N;;;;;
+1002;MYANMAR LETTER GA;Lo;0;L;;;;;N;;;;;
+1003;MYANMAR LETTER GHA;Lo;0;L;;;;;N;;;;;
+1004;MYANMAR LETTER NGA;Lo;0;L;;;;;N;;;;;
+1005;MYANMAR LETTER CA;Lo;0;L;;;;;N;;;;;
+1006;MYANMAR LETTER CHA;Lo;0;L;;;;;N;;;;;
+1007;MYANMAR LETTER JA;Lo;0;L;;;;;N;;;;;
+1008;MYANMAR LETTER JHA;Lo;0;L;;;;;N;;;;;
+1009;MYANMAR LETTER NYA;Lo;0;L;;;;;N;;;;;
+100A;MYANMAR LETTER NNYA;Lo;0;L;;;;;N;;;;;
+100B;MYANMAR LETTER TTA;Lo;0;L;;;;;N;;;;;
+100C;MYANMAR LETTER TTHA;Lo;0;L;;;;;N;;;;;
+100D;MYANMAR LETTER DDA;Lo;0;L;;;;;N;;;;;
+100E;MYANMAR LETTER DDHA;Lo;0;L;;;;;N;;;;;
+100F;MYANMAR LETTER NNA;Lo;0;L;;;;;N;;;;;
+1010;MYANMAR LETTER TA;Lo;0;L;;;;;N;;;;;
+1011;MYANMAR LETTER THA;Lo;0;L;;;;;N;;;;;
+1012;MYANMAR LETTER DA;Lo;0;L;;;;;N;;;;;
+1013;MYANMAR LETTER DHA;Lo;0;L;;;;;N;;;;;
+1014;MYANMAR LETTER NA;Lo;0;L;;;;;N;;;;;
+1015;MYANMAR LETTER PA;Lo;0;L;;;;;N;;;;;
+1016;MYANMAR LETTER PHA;Lo;0;L;;;;;N;;;;;
+1017;MYANMAR LETTER BA;Lo;0;L;;;;;N;;;;;
+1018;MYANMAR LETTER BHA;Lo;0;L;;;;;N;;;;;
+1019;MYANMAR LETTER MA;Lo;0;L;;;;;N;;;;;
+101A;MYANMAR LETTER YA;Lo;0;L;;;;;N;;;;;
+101B;MYANMAR LETTER RA;Lo;0;L;;;;;N;;;;;
+101C;MYANMAR LETTER LA;Lo;0;L;;;;;N;;;;;
+101D;MYANMAR LETTER WA;Lo;0;L;;;;;N;;;;;
+101E;MYANMAR LETTER SA;Lo;0;L;;;;;N;;;;;
+101F;MYANMAR LETTER HA;Lo;0;L;;;;;N;;;;;
+1020;MYANMAR LETTER LLA;Lo;0;L;;;;;N;;;;;
+1021;MYANMAR LETTER A;Lo;0;L;;;;;N;;;;;
+1023;MYANMAR LETTER I;Lo;0;L;;;;;N;;;;;
+1024;MYANMAR LETTER II;Lo;0;L;;;;;N;;;;;
+1025;MYANMAR LETTER U;Lo;0;L;;;;;N;;;;;
+1026;MYANMAR LETTER UU;Lo;0;L;1025 102E;;;;N;;;;;
+1027;MYANMAR LETTER E;Lo;0;L;;;;;N;;;;;
+1029;MYANMAR LETTER O;Lo;0;L;;;;;N;;;;;
+102A;MYANMAR LETTER AU;Lo;0;L;;;;;N;;;;;
+102C;MYANMAR VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+102D;MYANMAR VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+102E;MYANMAR VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+102F;MYANMAR VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1030;MYANMAR VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+1031;MYANMAR VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+1032;MYANMAR VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;;
+1036;MYANMAR SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;;
+1037;MYANMAR SIGN DOT BELOW;Mn;7;NSM;;;;;N;;;;;
+1038;MYANMAR SIGN VISARGA;Mc;0;L;;;;;N;;;;;
+1039;MYANMAR SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+1040;MYANMAR DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+1041;MYANMAR DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+1042;MYANMAR DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+1043;MYANMAR DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+1044;MYANMAR DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+1045;MYANMAR DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+1046;MYANMAR DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+1047;MYANMAR DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+1048;MYANMAR DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+1049;MYANMAR DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+104A;MYANMAR SIGN LITTLE SECTION;Po;0;L;;;;;N;;;;;
+104B;MYANMAR SIGN SECTION;Po;0;L;;;;;N;;;;;
+104C;MYANMAR SYMBOL LOCATIVE;Po;0;L;;;;;N;;;;;
+104D;MYANMAR SYMBOL COMPLETED;Po;0;L;;;;;N;;;;;
+104E;MYANMAR SYMBOL AFOREMENTIONED;Po;0;L;;;;;N;;;;;
+104F;MYANMAR SYMBOL GENITIVE;Po;0;L;;;;;N;;;;;
+1050;MYANMAR LETTER SHA;Lo;0;L;;;;;N;;;;;
+1051;MYANMAR LETTER SSA;Lo;0;L;;;;;N;;;;;
+1052;MYANMAR LETTER VOCALIC R;Lo;0;L;;;;;N;;;;;
+1053;MYANMAR LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;;
+1054;MYANMAR LETTER VOCALIC L;Lo;0;L;;;;;N;;;;;
+1055;MYANMAR LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;;
+1056;MYANMAR VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;;
+1057;MYANMAR VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;;
+1058;MYANMAR VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;;
+1059;MYANMAR VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;;
+10A0;GEORGIAN CAPITAL LETTER AN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A1;GEORGIAN CAPITAL LETTER BAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A2;GEORGIAN CAPITAL LETTER GAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A3;GEORGIAN CAPITAL LETTER DON;Lu;0;L;;;;;N;;Khutsuri;;;
+10A4;GEORGIAN CAPITAL LETTER EN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A5;GEORGIAN CAPITAL LETTER VIN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A6;GEORGIAN CAPITAL LETTER ZEN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A7;GEORGIAN CAPITAL LETTER TAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A8;GEORGIAN CAPITAL LETTER IN;Lu;0;L;;;;;N;;Khutsuri;;;
+10A9;GEORGIAN CAPITAL LETTER KAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10AA;GEORGIAN CAPITAL LETTER LAS;Lu;0;L;;;;;N;;Khutsuri;;;
+10AB;GEORGIAN CAPITAL LETTER MAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10AC;GEORGIAN CAPITAL LETTER NAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10AD;GEORGIAN CAPITAL LETTER ON;Lu;0;L;;;;;N;;Khutsuri;;;
+10AE;GEORGIAN CAPITAL LETTER PAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10AF;GEORGIAN CAPITAL LETTER ZHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B0;GEORGIAN CAPITAL LETTER RAE;Lu;0;L;;;;;N;;Khutsuri;;;
+10B1;GEORGIAN CAPITAL LETTER SAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B2;GEORGIAN CAPITAL LETTER TAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B3;GEORGIAN CAPITAL LETTER UN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B4;GEORGIAN CAPITAL LETTER PHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B5;GEORGIAN CAPITAL LETTER KHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B6;GEORGIAN CAPITAL LETTER GHAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B7;GEORGIAN CAPITAL LETTER QAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10B8;GEORGIAN CAPITAL LETTER SHIN;Lu;0;L;;;;;N;;Khutsuri;;;
+10B9;GEORGIAN CAPITAL LETTER CHIN;Lu;0;L;;;;;N;;Khutsuri;;;
+10BA;GEORGIAN CAPITAL LETTER CAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10BB;GEORGIAN CAPITAL LETTER JIL;Lu;0;L;;;;;N;;Khutsuri;;;
+10BC;GEORGIAN CAPITAL LETTER CIL;Lu;0;L;;;;;N;;Khutsuri;;;
+10BD;GEORGIAN CAPITAL LETTER CHAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10BE;GEORGIAN CAPITAL LETTER XAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10BF;GEORGIAN CAPITAL LETTER JHAN;Lu;0;L;;;;;N;;Khutsuri;;;
+10C0;GEORGIAN CAPITAL LETTER HAE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C1;GEORGIAN CAPITAL LETTER HE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C2;GEORGIAN CAPITAL LETTER HIE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C3;GEORGIAN CAPITAL LETTER WE;Lu;0;L;;;;;N;;Khutsuri;;;
+10C4;GEORGIAN CAPITAL LETTER HAR;Lu;0;L;;;;;N;;Khutsuri;;;
+10C5;GEORGIAN CAPITAL LETTER HOE;Lu;0;L;;;;;N;;Khutsuri;;;
+10D0;GEORGIAN LETTER AN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER AN;;;;
+10D1;GEORGIAN LETTER BAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER BAN;;;;
+10D2;GEORGIAN LETTER GAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GAN;;;;
+10D3;GEORGIAN LETTER DON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER DON;;;;
+10D4;GEORGIAN LETTER EN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER EN;;;;
+10D5;GEORGIAN LETTER VIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER VIN;;;;
+10D6;GEORGIAN LETTER ZEN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZEN;;;;
+10D7;GEORGIAN LETTER TAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAN;;;;
+10D8;GEORGIAN LETTER IN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER IN;;;;
+10D9;GEORGIAN LETTER KAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KAN;;;;
+10DA;GEORGIAN LETTER LAS;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER LAS;;;;
+10DB;GEORGIAN LETTER MAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER MAN;;;;
+10DC;GEORGIAN LETTER NAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER NAR;;;;
+10DD;GEORGIAN LETTER ON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ON;;;;
+10DE;GEORGIAN LETTER PAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PAR;;;;
+10DF;GEORGIAN LETTER ZHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZHAR;;;;
+10E0;GEORGIAN LETTER RAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER RAE;;;;
+10E1;GEORGIAN LETTER SAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SAN;;;;
+10E2;GEORGIAN LETTER TAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAR;;;;
+10E3;GEORGIAN LETTER UN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER UN;;;;
+10E4;GEORGIAN LETTER PHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PHAR;;;;
+10E5;GEORGIAN LETTER KHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KHAR;;;;
+10E6;GEORGIAN LETTER GHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GHAN;;;;
+10E7;GEORGIAN LETTER QAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER QAR;;;;
+10E8;GEORGIAN LETTER SHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SHIN;;;;
+10E9;GEORGIAN LETTER CHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHIN;;;;
+10EA;GEORGIAN LETTER CAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CAN;;;;
+10EB;GEORGIAN LETTER JIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JIL;;;;
+10EC;GEORGIAN LETTER CIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CIL;;;;
+10ED;GEORGIAN LETTER CHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHAR;;;;
+10EE;GEORGIAN LETTER XAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER XAN;;;;
+10EF;GEORGIAN LETTER JHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JHAN;;;;
+10F0;GEORGIAN LETTER HAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAE;;;;
+10F1;GEORGIAN LETTER HE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HE;;;;
+10F2;GEORGIAN LETTER HIE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HIE;;;;
+10F3;GEORGIAN LETTER WE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER WE;;;;
+10F4;GEORGIAN LETTER HAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAR;;;;
+10F5;GEORGIAN LETTER HOE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HOE;;;;
+10F6;GEORGIAN LETTER FI;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER FI;;;;
+10F7;GEORGIAN LETTER YN;Lo;0;L;;;;;N;;;;;
+10F8;GEORGIAN LETTER ELIFI;Lo;0;L;;;;;N;;;;;
+10FB;GEORGIAN PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;;
+1100;HANGUL CHOSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;;
+1101;HANGUL CHOSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;;
+1102;HANGUL CHOSEONG NIEUN;Lo;0;L;;;;;N;;n *;;;
+1103;HANGUL CHOSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;;
+1104;HANGUL CHOSEONG SSANGTIKEUT;Lo;0;L;;;;;N;;dd *;;;
+1105;HANGUL CHOSEONG RIEUL;Lo;0;L;;;;;N;;r *;;;
+1106;HANGUL CHOSEONG MIEUM;Lo;0;L;;;;;N;;m *;;;
+1107;HANGUL CHOSEONG PIEUP;Lo;0;L;;;;;N;;b *;;;
+1108;HANGUL CHOSEONG SSANGPIEUP;Lo;0;L;;;;;N;;bb *;;;
+1109;HANGUL CHOSEONG SIOS;Lo;0;L;;;;;N;;s *;;;
+110A;HANGUL CHOSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;;
+110B;HANGUL CHOSEONG IEUNG;Lo;0;L;;;;;N;;;;;
+110C;HANGUL CHOSEONG CIEUC;Lo;0;L;;;;;N;;j *;;;
+110D;HANGUL CHOSEONG SSANGCIEUC;Lo;0;L;;;;;N;;jj *;;;
+110E;HANGUL CHOSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;;
+110F;HANGUL CHOSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;;
+1110;HANGUL CHOSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;;
+1111;HANGUL CHOSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;;
+1112;HANGUL CHOSEONG HIEUH;Lo;0;L;;;;;N;;h *;;;
+1113;HANGUL CHOSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;;
+1114;HANGUL CHOSEONG SSANGNIEUN;Lo;0;L;;;;;N;;;;;
+1115;HANGUL CHOSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;;
+1116;HANGUL CHOSEONG NIEUN-PIEUP;Lo;0;L;;;;;N;;;;;
+1117;HANGUL CHOSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;;
+1118;HANGUL CHOSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;;
+1119;HANGUL CHOSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;;
+111A;HANGUL CHOSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;;;;
+111B;HANGUL CHOSEONG KAPYEOUNRIEUL;Lo;0;L;;;;;N;;;;;
+111C;HANGUL CHOSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;;
+111D;HANGUL CHOSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;;
+111E;HANGUL CHOSEONG PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;;
+111F;HANGUL CHOSEONG PIEUP-NIEUN;Lo;0;L;;;;;N;;;;;
+1120;HANGUL CHOSEONG PIEUP-TIKEUT;Lo;0;L;;;;;N;;;;;
+1121;HANGUL CHOSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;;;;
+1122;HANGUL CHOSEONG PIEUP-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+1123;HANGUL CHOSEONG PIEUP-SIOS-TIKEUT;Lo;0;L;;;;;N;;;;;
+1124;HANGUL CHOSEONG PIEUP-SIOS-PIEUP;Lo;0;L;;;;;N;;;;;
+1125;HANGUL CHOSEONG PIEUP-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+1126;HANGUL CHOSEONG PIEUP-SIOS-CIEUC;Lo;0;L;;;;;N;;;;;
+1127;HANGUL CHOSEONG PIEUP-CIEUC;Lo;0;L;;;;;N;;;;;
+1128;HANGUL CHOSEONG PIEUP-CHIEUCH;Lo;0;L;;;;;N;;;;;
+1129;HANGUL CHOSEONG PIEUP-THIEUTH;Lo;0;L;;;;;N;;;;;
+112A;HANGUL CHOSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;;
+112B;HANGUL CHOSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;;
+112C;HANGUL CHOSEONG KAPYEOUNSSANGPIEUP;Lo;0;L;;;;;N;;;;;
+112D;HANGUL CHOSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+112E;HANGUL CHOSEONG SIOS-NIEUN;Lo;0;L;;;;;N;;;;;
+112F;HANGUL CHOSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;;
+1130;HANGUL CHOSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;;
+1131;HANGUL CHOSEONG SIOS-MIEUM;Lo;0;L;;;;;N;;;;;
+1132;HANGUL CHOSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;;
+1133;HANGUL CHOSEONG SIOS-PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;;
+1134;HANGUL CHOSEONG SIOS-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+1135;HANGUL CHOSEONG SIOS-IEUNG;Lo;0;L;;;;;N;;;;;
+1136;HANGUL CHOSEONG SIOS-CIEUC;Lo;0;L;;;;;N;;;;;
+1137;HANGUL CHOSEONG SIOS-CHIEUCH;Lo;0;L;;;;;N;;;;;
+1138;HANGUL CHOSEONG SIOS-KHIEUKH;Lo;0;L;;;;;N;;;;;
+1139;HANGUL CHOSEONG SIOS-THIEUTH;Lo;0;L;;;;;N;;;;;
+113A;HANGUL CHOSEONG SIOS-PHIEUPH;Lo;0;L;;;;;N;;;;;
+113B;HANGUL CHOSEONG SIOS-HIEUH;Lo;0;L;;;;;N;;;;;
+113C;HANGUL CHOSEONG CHITUEUMSIOS;Lo;0;L;;;;;N;;;;;
+113D;HANGUL CHOSEONG CHITUEUMSSANGSIOS;Lo;0;L;;;;;N;;;;;
+113E;HANGUL CHOSEONG CEONGCHIEUMSIOS;Lo;0;L;;;;;N;;;;;
+113F;HANGUL CHOSEONG CEONGCHIEUMSSANGSIOS;Lo;0;L;;;;;N;;;;;
+1140;HANGUL CHOSEONG PANSIOS;Lo;0;L;;;;;N;;;;;
+1141;HANGUL CHOSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;;
+1142;HANGUL CHOSEONG IEUNG-TIKEUT;Lo;0;L;;;;;N;;;;;
+1143;HANGUL CHOSEONG IEUNG-MIEUM;Lo;0;L;;;;;N;;;;;
+1144;HANGUL CHOSEONG IEUNG-PIEUP;Lo;0;L;;;;;N;;;;;
+1145;HANGUL CHOSEONG IEUNG-SIOS;Lo;0;L;;;;;N;;;;;
+1146;HANGUL CHOSEONG IEUNG-PANSIOS;Lo;0;L;;;;;N;;;;;
+1147;HANGUL CHOSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;;
+1148;HANGUL CHOSEONG IEUNG-CIEUC;Lo;0;L;;;;;N;;;;;
+1149;HANGUL CHOSEONG IEUNG-CHIEUCH;Lo;0;L;;;;;N;;;;;
+114A;HANGUL CHOSEONG IEUNG-THIEUTH;Lo;0;L;;;;;N;;;;;
+114B;HANGUL CHOSEONG IEUNG-PHIEUPH;Lo;0;L;;;;;N;;;;;
+114C;HANGUL CHOSEONG YESIEUNG;Lo;0;L;;;;;N;;;;;
+114D;HANGUL CHOSEONG CIEUC-IEUNG;Lo;0;L;;;;;N;;;;;
+114E;HANGUL CHOSEONG CHITUEUMCIEUC;Lo;0;L;;;;;N;;;;;
+114F;HANGUL CHOSEONG CHITUEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;;
+1150;HANGUL CHOSEONG CEONGCHIEUMCIEUC;Lo;0;L;;;;;N;;;;;
+1151;HANGUL CHOSEONG CEONGCHIEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;;
+1152;HANGUL CHOSEONG CHIEUCH-KHIEUKH;Lo;0;L;;;;;N;;;;;
+1153;HANGUL CHOSEONG CHIEUCH-HIEUH;Lo;0;L;;;;;N;;;;;
+1154;HANGUL CHOSEONG CHITUEUMCHIEUCH;Lo;0;L;;;;;N;;;;;
+1155;HANGUL CHOSEONG CEONGCHIEUMCHIEUCH;Lo;0;L;;;;;N;;;;;
+1156;HANGUL CHOSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;;
+1157;HANGUL CHOSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;;
+1158;HANGUL CHOSEONG SSANGHIEUH;Lo;0;L;;;;;N;;;;;
+1159;HANGUL CHOSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;;
+115F;HANGUL CHOSEONG FILLER;Lo;0;L;;;;;N;;;;;
+1160;HANGUL JUNGSEONG FILLER;Lo;0;L;;;;;N;;;;;
+1161;HANGUL JUNGSEONG A;Lo;0;L;;;;;N;;;;;
+1162;HANGUL JUNGSEONG AE;Lo;0;L;;;;;N;;;;;
+1163;HANGUL JUNGSEONG YA;Lo;0;L;;;;;N;;;;;
+1164;HANGUL JUNGSEONG YAE;Lo;0;L;;;;;N;;;;;
+1165;HANGUL JUNGSEONG EO;Lo;0;L;;;;;N;;;;;
+1166;HANGUL JUNGSEONG E;Lo;0;L;;;;;N;;;;;
+1167;HANGUL JUNGSEONG YEO;Lo;0;L;;;;;N;;;;;
+1168;HANGUL JUNGSEONG YE;Lo;0;L;;;;;N;;;;;
+1169;HANGUL JUNGSEONG O;Lo;0;L;;;;;N;;;;;
+116A;HANGUL JUNGSEONG WA;Lo;0;L;;;;;N;;;;;
+116B;HANGUL JUNGSEONG WAE;Lo;0;L;;;;;N;;;;;
+116C;HANGUL JUNGSEONG OE;Lo;0;L;;;;;N;;;;;
+116D;HANGUL JUNGSEONG YO;Lo;0;L;;;;;N;;;;;
+116E;HANGUL JUNGSEONG U;Lo;0;L;;;;;N;;;;;
+116F;HANGUL JUNGSEONG WEO;Lo;0;L;;;;;N;;;;;
+1170;HANGUL JUNGSEONG WE;Lo;0;L;;;;;N;;;;;
+1171;HANGUL JUNGSEONG WI;Lo;0;L;;;;;N;;;;;
+1172;HANGUL JUNGSEONG YU;Lo;0;L;;;;;N;;;;;
+1173;HANGUL JUNGSEONG EU;Lo;0;L;;;;;N;;;;;
+1174;HANGUL JUNGSEONG YI;Lo;0;L;;;;;N;;;;;
+1175;HANGUL JUNGSEONG I;Lo;0;L;;;;;N;;;;;
+1176;HANGUL JUNGSEONG A-O;Lo;0;L;;;;;N;;;;;
+1177;HANGUL JUNGSEONG A-U;Lo;0;L;;;;;N;;;;;
+1178;HANGUL JUNGSEONG YA-O;Lo;0;L;;;;;N;;;;;
+1179;HANGUL JUNGSEONG YA-YO;Lo;0;L;;;;;N;;;;;
+117A;HANGUL JUNGSEONG EO-O;Lo;0;L;;;;;N;;;;;
+117B;HANGUL JUNGSEONG EO-U;Lo;0;L;;;;;N;;;;;
+117C;HANGUL JUNGSEONG EO-EU;Lo;0;L;;;;;N;;;;;
+117D;HANGUL JUNGSEONG YEO-O;Lo;0;L;;;;;N;;;;;
+117E;HANGUL JUNGSEONG YEO-U;Lo;0;L;;;;;N;;;;;
+117F;HANGUL JUNGSEONG O-EO;Lo;0;L;;;;;N;;;;;
+1180;HANGUL JUNGSEONG O-E;Lo;0;L;;;;;N;;;;;
+1181;HANGUL JUNGSEONG O-YE;Lo;0;L;;;;;N;;;;;
+1182;HANGUL JUNGSEONG O-O;Lo;0;L;;;;;N;;;;;
+1183;HANGUL JUNGSEONG O-U;Lo;0;L;;;;;N;;;;;
+1184;HANGUL JUNGSEONG YO-YA;Lo;0;L;;;;;N;;;;;
+1185;HANGUL JUNGSEONG YO-YAE;Lo;0;L;;;;;N;;;;;
+1186;HANGUL JUNGSEONG YO-YEO;Lo;0;L;;;;;N;;;;;
+1187;HANGUL JUNGSEONG YO-O;Lo;0;L;;;;;N;;;;;
+1188;HANGUL JUNGSEONG YO-I;Lo;0;L;;;;;N;;;;;
+1189;HANGUL JUNGSEONG U-A;Lo;0;L;;;;;N;;;;;
+118A;HANGUL JUNGSEONG U-AE;Lo;0;L;;;;;N;;;;;
+118B;HANGUL JUNGSEONG U-EO-EU;Lo;0;L;;;;;N;;;;;
+118C;HANGUL JUNGSEONG U-YE;Lo;0;L;;;;;N;;;;;
+118D;HANGUL JUNGSEONG U-U;Lo;0;L;;;;;N;;;;;
+118E;HANGUL JUNGSEONG YU-A;Lo;0;L;;;;;N;;;;;
+118F;HANGUL JUNGSEONG YU-EO;Lo;0;L;;;;;N;;;;;
+1190;HANGUL JUNGSEONG YU-E;Lo;0;L;;;;;N;;;;;
+1191;HANGUL JUNGSEONG YU-YEO;Lo;0;L;;;;;N;;;;;
+1192;HANGUL JUNGSEONG YU-YE;Lo;0;L;;;;;N;;;;;
+1193;HANGUL JUNGSEONG YU-U;Lo;0;L;;;;;N;;;;;
+1194;HANGUL JUNGSEONG YU-I;Lo;0;L;;;;;N;;;;;
+1195;HANGUL JUNGSEONG EU-U;Lo;0;L;;;;;N;;;;;
+1196;HANGUL JUNGSEONG EU-EU;Lo;0;L;;;;;N;;;;;
+1197;HANGUL JUNGSEONG YI-U;Lo;0;L;;;;;N;;;;;
+1198;HANGUL JUNGSEONG I-A;Lo;0;L;;;;;N;;;;;
+1199;HANGUL JUNGSEONG I-YA;Lo;0;L;;;;;N;;;;;
+119A;HANGUL JUNGSEONG I-O;Lo;0;L;;;;;N;;;;;
+119B;HANGUL JUNGSEONG I-U;Lo;0;L;;;;;N;;;;;
+119C;HANGUL JUNGSEONG I-EU;Lo;0;L;;;;;N;;;;;
+119D;HANGUL JUNGSEONG I-ARAEA;Lo;0;L;;;;;N;;;;;
+119E;HANGUL JUNGSEONG ARAEA;Lo;0;L;;;;;N;;;;;
+119F;HANGUL JUNGSEONG ARAEA-EO;Lo;0;L;;;;;N;;;;;
+11A0;HANGUL JUNGSEONG ARAEA-U;Lo;0;L;;;;;N;;;;;
+11A1;HANGUL JUNGSEONG ARAEA-I;Lo;0;L;;;;;N;;;;;
+11A2;HANGUL JUNGSEONG SSANGARAEA;Lo;0;L;;;;;N;;;;;
+11A8;HANGUL JONGSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;;
+11A9;HANGUL JONGSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;;
+11AA;HANGUL JONGSEONG KIYEOK-SIOS;Lo;0;L;;;;;N;;gs *;;;
+11AB;HANGUL JONGSEONG NIEUN;Lo;0;L;;;;;N;;n *;;;
+11AC;HANGUL JONGSEONG NIEUN-CIEUC;Lo;0;L;;;;;N;;nj *;;;
+11AD;HANGUL JONGSEONG NIEUN-HIEUH;Lo;0;L;;;;;N;;nh *;;;
+11AE;HANGUL JONGSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;;
+11AF;HANGUL JONGSEONG RIEUL;Lo;0;L;;;;;N;;l *;;;
+11B0;HANGUL JONGSEONG RIEUL-KIYEOK;Lo;0;L;;;;;N;;lg *;;;
+11B1;HANGUL JONGSEONG RIEUL-MIEUM;Lo;0;L;;;;;N;;lm *;;;
+11B2;HANGUL JONGSEONG RIEUL-PIEUP;Lo;0;L;;;;;N;;lb *;;;
+11B3;HANGUL JONGSEONG RIEUL-SIOS;Lo;0;L;;;;;N;;ls *;;;
+11B4;HANGUL JONGSEONG RIEUL-THIEUTH;Lo;0;L;;;;;N;;lt *;;;
+11B5;HANGUL JONGSEONG RIEUL-PHIEUPH;Lo;0;L;;;;;N;;lp *;;;
+11B6;HANGUL JONGSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;lh *;;;
+11B7;HANGUL JONGSEONG MIEUM;Lo;0;L;;;;;N;;m *;;;
+11B8;HANGUL JONGSEONG PIEUP;Lo;0;L;;;;;N;;b *;;;
+11B9;HANGUL JONGSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;bs *;;;
+11BA;HANGUL JONGSEONG SIOS;Lo;0;L;;;;;N;;s *;;;
+11BB;HANGUL JONGSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;;
+11BC;HANGUL JONGSEONG IEUNG;Lo;0;L;;;;;N;;ng *;;;
+11BD;HANGUL JONGSEONG CIEUC;Lo;0;L;;;;;N;;j *;;;
+11BE;HANGUL JONGSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;;
+11BF;HANGUL JONGSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;;
+11C0;HANGUL JONGSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;;
+11C1;HANGUL JONGSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;;
+11C2;HANGUL JONGSEONG HIEUH;Lo;0;L;;;;;N;;h *;;;
+11C3;HANGUL JONGSEONG KIYEOK-RIEUL;Lo;0;L;;;;;N;;;;;
+11C4;HANGUL JONGSEONG KIYEOK-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+11C5;HANGUL JONGSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;;
+11C6;HANGUL JONGSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;;
+11C7;HANGUL JONGSEONG NIEUN-SIOS;Lo;0;L;;;;;N;;;;;
+11C8;HANGUL JONGSEONG NIEUN-PANSIOS;Lo;0;L;;;;;N;;;;;
+11C9;HANGUL JONGSEONG NIEUN-THIEUTH;Lo;0;L;;;;;N;;;;;
+11CA;HANGUL JONGSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;;
+11CB;HANGUL JONGSEONG TIKEUT-RIEUL;Lo;0;L;;;;;N;;;;;
+11CC;HANGUL JONGSEONG RIEUL-KIYEOK-SIOS;Lo;0;L;;;;;N;;;;;
+11CD;HANGUL JONGSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;;
+11CE;HANGUL JONGSEONG RIEUL-TIKEUT;Lo;0;L;;;;;N;;;;;
+11CF;HANGUL JONGSEONG RIEUL-TIKEUT-HIEUH;Lo;0;L;;;;;N;;;;;
+11D0;HANGUL JONGSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;;
+11D1;HANGUL JONGSEONG RIEUL-MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;;
+11D2;HANGUL JONGSEONG RIEUL-MIEUM-SIOS;Lo;0;L;;;;;N;;;;;
+11D3;HANGUL JONGSEONG RIEUL-PIEUP-SIOS;Lo;0;L;;;;;N;;;;;
+11D4;HANGUL JONGSEONG RIEUL-PIEUP-HIEUH;Lo;0;L;;;;;N;;;;;
+11D5;HANGUL JONGSEONG RIEUL-KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;;
+11D6;HANGUL JONGSEONG RIEUL-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+11D7;HANGUL JONGSEONG RIEUL-PANSIOS;Lo;0;L;;;;;N;;;;;
+11D8;HANGUL JONGSEONG RIEUL-KHIEUKH;Lo;0;L;;;;;N;;;;;
+11D9;HANGUL JONGSEONG RIEUL-YEORINHIEUH;Lo;0;L;;;;;N;;;;;
+11DA;HANGUL JONGSEONG MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;;
+11DB;HANGUL JONGSEONG MIEUM-RIEUL;Lo;0;L;;;;;N;;;;;
+11DC;HANGUL JONGSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;;
+11DD;HANGUL JONGSEONG MIEUM-SIOS;Lo;0;L;;;;;N;;;;;
+11DE;HANGUL JONGSEONG MIEUM-SSANGSIOS;Lo;0;L;;;;;N;;;;;
+11DF;HANGUL JONGSEONG MIEUM-PANSIOS;Lo;0;L;;;;;N;;;;;
+11E0;HANGUL JONGSEONG MIEUM-CHIEUCH;Lo;0;L;;;;;N;;;;;
+11E1;HANGUL JONGSEONG MIEUM-HIEUH;Lo;0;L;;;;;N;;;;;
+11E2;HANGUL JONGSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;;
+11E3;HANGUL JONGSEONG PIEUP-RIEUL;Lo;0;L;;;;;N;;;;;
+11E4;HANGUL JONGSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;;
+11E5;HANGUL JONGSEONG PIEUP-HIEUH;Lo;0;L;;;;;N;;;;;
+11E6;HANGUL JONGSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;;
+11E7;HANGUL JONGSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;;
+11E8;HANGUL JONGSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;;
+11E9;HANGUL JONGSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;;
+11EA;HANGUL JONGSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;;
+11EB;HANGUL JONGSEONG PANSIOS;Lo;0;L;;;;;N;;;;;
+11EC;HANGUL JONGSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;;
+11ED;HANGUL JONGSEONG IEUNG-SSANGKIYEOK;Lo;0;L;;;;;N;;;;;
+11EE;HANGUL JONGSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;;
+11EF;HANGUL JONGSEONG IEUNG-KHIEUKH;Lo;0;L;;;;;N;;;;;
+11F0;HANGUL JONGSEONG YESIEUNG;Lo;0;L;;;;;N;;;;;
+11F1;HANGUL JONGSEONG YESIEUNG-SIOS;Lo;0;L;;;;;N;;;;;
+11F2;HANGUL JONGSEONG YESIEUNG-PANSIOS;Lo;0;L;;;;;N;;;;;
+11F3;HANGUL JONGSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;;
+11F4;HANGUL JONGSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;;
+11F5;HANGUL JONGSEONG HIEUH-NIEUN;Lo;0;L;;;;;N;;;;;
+11F6;HANGUL JONGSEONG HIEUH-RIEUL;Lo;0;L;;;;;N;;;;;
+11F7;HANGUL JONGSEONG HIEUH-MIEUM;Lo;0;L;;;;;N;;;;;
+11F8;HANGUL JONGSEONG HIEUH-PIEUP;Lo;0;L;;;;;N;;;;;
+11F9;HANGUL JONGSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;;
+1200;ETHIOPIC SYLLABLE HA;Lo;0;L;;;;;N;;;;;
+1201;ETHIOPIC SYLLABLE HU;Lo;0;L;;;;;N;;;;;
+1202;ETHIOPIC SYLLABLE HI;Lo;0;L;;;;;N;;;;;
+1203;ETHIOPIC SYLLABLE HAA;Lo;0;L;;;;;N;;;;;
+1204;ETHIOPIC SYLLABLE HEE;Lo;0;L;;;;;N;;;;;
+1205;ETHIOPIC SYLLABLE HE;Lo;0;L;;;;;N;;;;;
+1206;ETHIOPIC SYLLABLE HO;Lo;0;L;;;;;N;;;;;
+1208;ETHIOPIC SYLLABLE LA;Lo;0;L;;;;;N;;;;;
+1209;ETHIOPIC SYLLABLE LU;Lo;0;L;;;;;N;;;;;
+120A;ETHIOPIC SYLLABLE LI;Lo;0;L;;;;;N;;;;;
+120B;ETHIOPIC SYLLABLE LAA;Lo;0;L;;;;;N;;;;;
+120C;ETHIOPIC SYLLABLE LEE;Lo;0;L;;;;;N;;;;;
+120D;ETHIOPIC SYLLABLE LE;Lo;0;L;;;;;N;;;;;
+120E;ETHIOPIC SYLLABLE LO;Lo;0;L;;;;;N;;;;;
+120F;ETHIOPIC SYLLABLE LWA;Lo;0;L;;;;;N;;;;;
+1210;ETHIOPIC SYLLABLE HHA;Lo;0;L;;;;;N;;;;;
+1211;ETHIOPIC SYLLABLE HHU;Lo;0;L;;;;;N;;;;;
+1212;ETHIOPIC SYLLABLE HHI;Lo;0;L;;;;;N;;;;;
+1213;ETHIOPIC SYLLABLE HHAA;Lo;0;L;;;;;N;;;;;
+1214;ETHIOPIC SYLLABLE HHEE;Lo;0;L;;;;;N;;;;;
+1215;ETHIOPIC SYLLABLE HHE;Lo;0;L;;;;;N;;;;;
+1216;ETHIOPIC SYLLABLE HHO;Lo;0;L;;;;;N;;;;;
+1217;ETHIOPIC SYLLABLE HHWA;Lo;0;L;;;;;N;;;;;
+1218;ETHIOPIC SYLLABLE MA;Lo;0;L;;;;;N;;;;;
+1219;ETHIOPIC SYLLABLE MU;Lo;0;L;;;;;N;;;;;
+121A;ETHIOPIC SYLLABLE MI;Lo;0;L;;;;;N;;;;;
+121B;ETHIOPIC SYLLABLE MAA;Lo;0;L;;;;;N;;;;;
+121C;ETHIOPIC SYLLABLE MEE;Lo;0;L;;;;;N;;;;;
+121D;ETHIOPIC SYLLABLE ME;Lo;0;L;;;;;N;;;;;
+121E;ETHIOPIC SYLLABLE MO;Lo;0;L;;;;;N;;;;;
+121F;ETHIOPIC SYLLABLE MWA;Lo;0;L;;;;;N;;;;;
+1220;ETHIOPIC SYLLABLE SZA;Lo;0;L;;;;;N;;;;;
+1221;ETHIOPIC SYLLABLE SZU;Lo;0;L;;;;;N;;;;;
+1222;ETHIOPIC SYLLABLE SZI;Lo;0;L;;;;;N;;;;;
+1223;ETHIOPIC SYLLABLE SZAA;Lo;0;L;;;;;N;;;;;
+1224;ETHIOPIC SYLLABLE SZEE;Lo;0;L;;;;;N;;;;;
+1225;ETHIOPIC SYLLABLE SZE;Lo;0;L;;;;;N;;;;;
+1226;ETHIOPIC SYLLABLE SZO;Lo;0;L;;;;;N;;;;;
+1227;ETHIOPIC SYLLABLE SZWA;Lo;0;L;;;;;N;;;;;
+1228;ETHIOPIC SYLLABLE RA;Lo;0;L;;;;;N;;;;;
+1229;ETHIOPIC SYLLABLE RU;Lo;0;L;;;;;N;;;;;
+122A;ETHIOPIC SYLLABLE RI;Lo;0;L;;;;;N;;;;;
+122B;ETHIOPIC SYLLABLE RAA;Lo;0;L;;;;;N;;;;;
+122C;ETHIOPIC SYLLABLE REE;Lo;0;L;;;;;N;;;;;
+122D;ETHIOPIC SYLLABLE RE;Lo;0;L;;;;;N;;;;;
+122E;ETHIOPIC SYLLABLE RO;Lo;0;L;;;;;N;;;;;
+122F;ETHIOPIC SYLLABLE RWA;Lo;0;L;;;;;N;;;;;
+1230;ETHIOPIC SYLLABLE SA;Lo;0;L;;;;;N;;;;;
+1231;ETHIOPIC SYLLABLE SU;Lo;0;L;;;;;N;;;;;
+1232;ETHIOPIC SYLLABLE SI;Lo;0;L;;;;;N;;;;;
+1233;ETHIOPIC SYLLABLE SAA;Lo;0;L;;;;;N;;;;;
+1234;ETHIOPIC SYLLABLE SEE;Lo;0;L;;;;;N;;;;;
+1235;ETHIOPIC SYLLABLE SE;Lo;0;L;;;;;N;;;;;
+1236;ETHIOPIC SYLLABLE SO;Lo;0;L;;;;;N;;;;;
+1237;ETHIOPIC SYLLABLE SWA;Lo;0;L;;;;;N;;;;;
+1238;ETHIOPIC SYLLABLE SHA;Lo;0;L;;;;;N;;;;;
+1239;ETHIOPIC SYLLABLE SHU;Lo;0;L;;;;;N;;;;;
+123A;ETHIOPIC SYLLABLE SHI;Lo;0;L;;;;;N;;;;;
+123B;ETHIOPIC SYLLABLE SHAA;Lo;0;L;;;;;N;;;;;
+123C;ETHIOPIC SYLLABLE SHEE;Lo;0;L;;;;;N;;;;;
+123D;ETHIOPIC SYLLABLE SHE;Lo;0;L;;;;;N;;;;;
+123E;ETHIOPIC SYLLABLE SHO;Lo;0;L;;;;;N;;;;;
+123F;ETHIOPIC SYLLABLE SHWA;Lo;0;L;;;;;N;;;;;
+1240;ETHIOPIC SYLLABLE QA;Lo;0;L;;;;;N;;;;;
+1241;ETHIOPIC SYLLABLE QU;Lo;0;L;;;;;N;;;;;
+1242;ETHIOPIC SYLLABLE QI;Lo;0;L;;;;;N;;;;;
+1243;ETHIOPIC SYLLABLE QAA;Lo;0;L;;;;;N;;;;;
+1244;ETHIOPIC SYLLABLE QEE;Lo;0;L;;;;;N;;;;;
+1245;ETHIOPIC SYLLABLE QE;Lo;0;L;;;;;N;;;;;
+1246;ETHIOPIC SYLLABLE QO;Lo;0;L;;;;;N;;;;;
+1248;ETHIOPIC SYLLABLE QWA;Lo;0;L;;;;;N;;;;;
+124A;ETHIOPIC SYLLABLE QWI;Lo;0;L;;;;;N;;;;;
+124B;ETHIOPIC SYLLABLE QWAA;Lo;0;L;;;;;N;;;;;
+124C;ETHIOPIC SYLLABLE QWEE;Lo;0;L;;;;;N;;;;;
+124D;ETHIOPIC SYLLABLE QWE;Lo;0;L;;;;;N;;;;;
+1250;ETHIOPIC SYLLABLE QHA;Lo;0;L;;;;;N;;;;;
+1251;ETHIOPIC SYLLABLE QHU;Lo;0;L;;;;;N;;;;;
+1252;ETHIOPIC SYLLABLE QHI;Lo;0;L;;;;;N;;;;;
+1253;ETHIOPIC SYLLABLE QHAA;Lo;0;L;;;;;N;;;;;
+1254;ETHIOPIC SYLLABLE QHEE;Lo;0;L;;;;;N;;;;;
+1255;ETHIOPIC SYLLABLE QHE;Lo;0;L;;;;;N;;;;;
+1256;ETHIOPIC SYLLABLE QHO;Lo;0;L;;;;;N;;;;;
+1258;ETHIOPIC SYLLABLE QHWA;Lo;0;L;;;;;N;;;;;
+125A;ETHIOPIC SYLLABLE QHWI;Lo;0;L;;;;;N;;;;;
+125B;ETHIOPIC SYLLABLE QHWAA;Lo;0;L;;;;;N;;;;;
+125C;ETHIOPIC SYLLABLE QHWEE;Lo;0;L;;;;;N;;;;;
+125D;ETHIOPIC SYLLABLE QHWE;Lo;0;L;;;;;N;;;;;
+1260;ETHIOPIC SYLLABLE BA;Lo;0;L;;;;;N;;;;;
+1261;ETHIOPIC SYLLABLE BU;Lo;0;L;;;;;N;;;;;
+1262;ETHIOPIC SYLLABLE BI;Lo;0;L;;;;;N;;;;;
+1263;ETHIOPIC SYLLABLE BAA;Lo;0;L;;;;;N;;;;;
+1264;ETHIOPIC SYLLABLE BEE;Lo;0;L;;;;;N;;;;;
+1265;ETHIOPIC SYLLABLE BE;Lo;0;L;;;;;N;;;;;
+1266;ETHIOPIC SYLLABLE BO;Lo;0;L;;;;;N;;;;;
+1267;ETHIOPIC SYLLABLE BWA;Lo;0;L;;;;;N;;;;;
+1268;ETHIOPIC SYLLABLE VA;Lo;0;L;;;;;N;;;;;
+1269;ETHIOPIC SYLLABLE VU;Lo;0;L;;;;;N;;;;;
+126A;ETHIOPIC SYLLABLE VI;Lo;0;L;;;;;N;;;;;
+126B;ETHIOPIC SYLLABLE VAA;Lo;0;L;;;;;N;;;;;
+126C;ETHIOPIC SYLLABLE VEE;Lo;0;L;;;;;N;;;;;
+126D;ETHIOPIC SYLLABLE VE;Lo;0;L;;;;;N;;;;;
+126E;ETHIOPIC SYLLABLE VO;Lo;0;L;;;;;N;;;;;
+126F;ETHIOPIC SYLLABLE VWA;Lo;0;L;;;;;N;;;;;
+1270;ETHIOPIC SYLLABLE TA;Lo;0;L;;;;;N;;;;;
+1271;ETHIOPIC SYLLABLE TU;Lo;0;L;;;;;N;;;;;
+1272;ETHIOPIC SYLLABLE TI;Lo;0;L;;;;;N;;;;;
+1273;ETHIOPIC SYLLABLE TAA;Lo;0;L;;;;;N;;;;;
+1274;ETHIOPIC SYLLABLE TEE;Lo;0;L;;;;;N;;;;;
+1275;ETHIOPIC SYLLABLE TE;Lo;0;L;;;;;N;;;;;
+1276;ETHIOPIC SYLLABLE TO;Lo;0;L;;;;;N;;;;;
+1277;ETHIOPIC SYLLABLE TWA;Lo;0;L;;;;;N;;;;;
+1278;ETHIOPIC SYLLABLE CA;Lo;0;L;;;;;N;;;;;
+1279;ETHIOPIC SYLLABLE CU;Lo;0;L;;;;;N;;;;;
+127A;ETHIOPIC SYLLABLE CI;Lo;0;L;;;;;N;;;;;
+127B;ETHIOPIC SYLLABLE CAA;Lo;0;L;;;;;N;;;;;
+127C;ETHIOPIC SYLLABLE CEE;Lo;0;L;;;;;N;;;;;
+127D;ETHIOPIC SYLLABLE CE;Lo;0;L;;;;;N;;;;;
+127E;ETHIOPIC SYLLABLE CO;Lo;0;L;;;;;N;;;;;
+127F;ETHIOPIC SYLLABLE CWA;Lo;0;L;;;;;N;;;;;
+1280;ETHIOPIC SYLLABLE XA;Lo;0;L;;;;;N;;;;;
+1281;ETHIOPIC SYLLABLE XU;Lo;0;L;;;;;N;;;;;
+1282;ETHIOPIC SYLLABLE XI;Lo;0;L;;;;;N;;;;;
+1283;ETHIOPIC SYLLABLE XAA;Lo;0;L;;;;;N;;;;;
+1284;ETHIOPIC SYLLABLE XEE;Lo;0;L;;;;;N;;;;;
+1285;ETHIOPIC SYLLABLE XE;Lo;0;L;;;;;N;;;;;
+1286;ETHIOPIC SYLLABLE XO;Lo;0;L;;;;;N;;;;;
+1288;ETHIOPIC SYLLABLE XWA;Lo;0;L;;;;;N;;;;;
+128A;ETHIOPIC SYLLABLE XWI;Lo;0;L;;;;;N;;;;;
+128B;ETHIOPIC SYLLABLE XWAA;Lo;0;L;;;;;N;;;;;
+128C;ETHIOPIC SYLLABLE XWEE;Lo;0;L;;;;;N;;;;;
+128D;ETHIOPIC SYLLABLE XWE;Lo;0;L;;;;;N;;;;;
+1290;ETHIOPIC SYLLABLE NA;Lo;0;L;;;;;N;;;;;
+1291;ETHIOPIC SYLLABLE NU;Lo;0;L;;;;;N;;;;;
+1292;ETHIOPIC SYLLABLE NI;Lo;0;L;;;;;N;;;;;
+1293;ETHIOPIC SYLLABLE NAA;Lo;0;L;;;;;N;;;;;
+1294;ETHIOPIC SYLLABLE NEE;Lo;0;L;;;;;N;;;;;
+1295;ETHIOPIC SYLLABLE NE;Lo;0;L;;;;;N;;;;;
+1296;ETHIOPIC SYLLABLE NO;Lo;0;L;;;;;N;;;;;
+1297;ETHIOPIC SYLLABLE NWA;Lo;0;L;;;;;N;;;;;
+1298;ETHIOPIC SYLLABLE NYA;Lo;0;L;;;;;N;;;;;
+1299;ETHIOPIC SYLLABLE NYU;Lo;0;L;;;;;N;;;;;
+129A;ETHIOPIC SYLLABLE NYI;Lo;0;L;;;;;N;;;;;
+129B;ETHIOPIC SYLLABLE NYAA;Lo;0;L;;;;;N;;;;;
+129C;ETHIOPIC SYLLABLE NYEE;Lo;0;L;;;;;N;;;;;
+129D;ETHIOPIC SYLLABLE NYE;Lo;0;L;;;;;N;;;;;
+129E;ETHIOPIC SYLLABLE NYO;Lo;0;L;;;;;N;;;;;
+129F;ETHIOPIC SYLLABLE NYWA;Lo;0;L;;;;;N;;;;;
+12A0;ETHIOPIC SYLLABLE GLOTTAL A;Lo;0;L;;;;;N;;;;;
+12A1;ETHIOPIC SYLLABLE GLOTTAL U;Lo;0;L;;;;;N;;;;;
+12A2;ETHIOPIC SYLLABLE GLOTTAL I;Lo;0;L;;;;;N;;;;;
+12A3;ETHIOPIC SYLLABLE GLOTTAL AA;Lo;0;L;;;;;N;;;;;
+12A4;ETHIOPIC SYLLABLE GLOTTAL EE;Lo;0;L;;;;;N;;;;;
+12A5;ETHIOPIC SYLLABLE GLOTTAL E;Lo;0;L;;;;;N;;;;;
+12A6;ETHIOPIC SYLLABLE GLOTTAL O;Lo;0;L;;;;;N;;;;;
+12A7;ETHIOPIC SYLLABLE GLOTTAL WA;Lo;0;L;;;;;N;;;;;
+12A8;ETHIOPIC SYLLABLE KA;Lo;0;L;;;;;N;;;;;
+12A9;ETHIOPIC SYLLABLE KU;Lo;0;L;;;;;N;;;;;
+12AA;ETHIOPIC SYLLABLE KI;Lo;0;L;;;;;N;;;;;
+12AB;ETHIOPIC SYLLABLE KAA;Lo;0;L;;;;;N;;;;;
+12AC;ETHIOPIC SYLLABLE KEE;Lo;0;L;;;;;N;;;;;
+12AD;ETHIOPIC SYLLABLE KE;Lo;0;L;;;;;N;;;;;
+12AE;ETHIOPIC SYLLABLE KO;Lo;0;L;;;;;N;;;;;
+12B0;ETHIOPIC SYLLABLE KWA;Lo;0;L;;;;;N;;;;;
+12B2;ETHIOPIC SYLLABLE KWI;Lo;0;L;;;;;N;;;;;
+12B3;ETHIOPIC SYLLABLE KWAA;Lo;0;L;;;;;N;;;;;
+12B4;ETHIOPIC SYLLABLE KWEE;Lo;0;L;;;;;N;;;;;
+12B5;ETHIOPIC SYLLABLE KWE;Lo;0;L;;;;;N;;;;;
+12B8;ETHIOPIC SYLLABLE KXA;Lo;0;L;;;;;N;;;;;
+12B9;ETHIOPIC SYLLABLE KXU;Lo;0;L;;;;;N;;;;;
+12BA;ETHIOPIC SYLLABLE KXI;Lo;0;L;;;;;N;;;;;
+12BB;ETHIOPIC SYLLABLE KXAA;Lo;0;L;;;;;N;;;;;
+12BC;ETHIOPIC SYLLABLE KXEE;Lo;0;L;;;;;N;;;;;
+12BD;ETHIOPIC SYLLABLE KXE;Lo;0;L;;;;;N;;;;;
+12BE;ETHIOPIC SYLLABLE KXO;Lo;0;L;;;;;N;;;;;
+12C0;ETHIOPIC SYLLABLE KXWA;Lo;0;L;;;;;N;;;;;
+12C2;ETHIOPIC SYLLABLE KXWI;Lo;0;L;;;;;N;;;;;
+12C3;ETHIOPIC SYLLABLE KXWAA;Lo;0;L;;;;;N;;;;;
+12C4;ETHIOPIC SYLLABLE KXWEE;Lo;0;L;;;;;N;;;;;
+12C5;ETHIOPIC SYLLABLE KXWE;Lo;0;L;;;;;N;;;;;
+12C8;ETHIOPIC SYLLABLE WA;Lo;0;L;;;;;N;;;;;
+12C9;ETHIOPIC SYLLABLE WU;Lo;0;L;;;;;N;;;;;
+12CA;ETHIOPIC SYLLABLE WI;Lo;0;L;;;;;N;;;;;
+12CB;ETHIOPIC SYLLABLE WAA;Lo;0;L;;;;;N;;;;;
+12CC;ETHIOPIC SYLLABLE WEE;Lo;0;L;;;;;N;;;;;
+12CD;ETHIOPIC SYLLABLE WE;Lo;0;L;;;;;N;;;;;
+12CE;ETHIOPIC SYLLABLE WO;Lo;0;L;;;;;N;;;;;
+12D0;ETHIOPIC SYLLABLE PHARYNGEAL A;Lo;0;L;;;;;N;;;;;
+12D1;ETHIOPIC SYLLABLE PHARYNGEAL U;Lo;0;L;;;;;N;;;;;
+12D2;ETHIOPIC SYLLABLE PHARYNGEAL I;Lo;0;L;;;;;N;;;;;
+12D3;ETHIOPIC SYLLABLE PHARYNGEAL AA;Lo;0;L;;;;;N;;;;;
+12D4;ETHIOPIC SYLLABLE PHARYNGEAL EE;Lo;0;L;;;;;N;;;;;
+12D5;ETHIOPIC SYLLABLE PHARYNGEAL E;Lo;0;L;;;;;N;;;;;
+12D6;ETHIOPIC SYLLABLE PHARYNGEAL O;Lo;0;L;;;;;N;;;;;
+12D8;ETHIOPIC SYLLABLE ZA;Lo;0;L;;;;;N;;;;;
+12D9;ETHIOPIC SYLLABLE ZU;Lo;0;L;;;;;N;;;;;
+12DA;ETHIOPIC SYLLABLE ZI;Lo;0;L;;;;;N;;;;;
+12DB;ETHIOPIC SYLLABLE ZAA;Lo;0;L;;;;;N;;;;;
+12DC;ETHIOPIC SYLLABLE ZEE;Lo;0;L;;;;;N;;;;;
+12DD;ETHIOPIC SYLLABLE ZE;Lo;0;L;;;;;N;;;;;
+12DE;ETHIOPIC SYLLABLE ZO;Lo;0;L;;;;;N;;;;;
+12DF;ETHIOPIC SYLLABLE ZWA;Lo;0;L;;;;;N;;;;;
+12E0;ETHIOPIC SYLLABLE ZHA;Lo;0;L;;;;;N;;;;;
+12E1;ETHIOPIC SYLLABLE ZHU;Lo;0;L;;;;;N;;;;;
+12E2;ETHIOPIC SYLLABLE ZHI;Lo;0;L;;;;;N;;;;;
+12E3;ETHIOPIC SYLLABLE ZHAA;Lo;0;L;;;;;N;;;;;
+12E4;ETHIOPIC SYLLABLE ZHEE;Lo;0;L;;;;;N;;;;;
+12E5;ETHIOPIC SYLLABLE ZHE;Lo;0;L;;;;;N;;;;;
+12E6;ETHIOPIC SYLLABLE ZHO;Lo;0;L;;;;;N;;;;;
+12E7;ETHIOPIC SYLLABLE ZHWA;Lo;0;L;;;;;N;;;;;
+12E8;ETHIOPIC SYLLABLE YA;Lo;0;L;;;;;N;;;;;
+12E9;ETHIOPIC SYLLABLE YU;Lo;0;L;;;;;N;;;;;
+12EA;ETHIOPIC SYLLABLE YI;Lo;0;L;;;;;N;;;;;
+12EB;ETHIOPIC SYLLABLE YAA;Lo;0;L;;;;;N;;;;;
+12EC;ETHIOPIC SYLLABLE YEE;Lo;0;L;;;;;N;;;;;
+12ED;ETHIOPIC SYLLABLE YE;Lo;0;L;;;;;N;;;;;
+12EE;ETHIOPIC SYLLABLE YO;Lo;0;L;;;;;N;;;;;
+12F0;ETHIOPIC SYLLABLE DA;Lo;0;L;;;;;N;;;;;
+12F1;ETHIOPIC SYLLABLE DU;Lo;0;L;;;;;N;;;;;
+12F2;ETHIOPIC SYLLABLE DI;Lo;0;L;;;;;N;;;;;
+12F3;ETHIOPIC SYLLABLE DAA;Lo;0;L;;;;;N;;;;;
+12F4;ETHIOPIC SYLLABLE DEE;Lo;0;L;;;;;N;;;;;
+12F5;ETHIOPIC SYLLABLE DE;Lo;0;L;;;;;N;;;;;
+12F6;ETHIOPIC SYLLABLE DO;Lo;0;L;;;;;N;;;;;
+12F7;ETHIOPIC SYLLABLE DWA;Lo;0;L;;;;;N;;;;;
+12F8;ETHIOPIC SYLLABLE DDA;Lo;0;L;;;;;N;;;;;
+12F9;ETHIOPIC SYLLABLE DDU;Lo;0;L;;;;;N;;;;;
+12FA;ETHIOPIC SYLLABLE DDI;Lo;0;L;;;;;N;;;;;
+12FB;ETHIOPIC SYLLABLE DDAA;Lo;0;L;;;;;N;;;;;
+12FC;ETHIOPIC SYLLABLE DDEE;Lo;0;L;;;;;N;;;;;
+12FD;ETHIOPIC SYLLABLE DDE;Lo;0;L;;;;;N;;;;;
+12FE;ETHIOPIC SYLLABLE DDO;Lo;0;L;;;;;N;;;;;
+12FF;ETHIOPIC SYLLABLE DDWA;Lo;0;L;;;;;N;;;;;
+1300;ETHIOPIC SYLLABLE JA;Lo;0;L;;;;;N;;;;;
+1301;ETHIOPIC SYLLABLE JU;Lo;0;L;;;;;N;;;;;
+1302;ETHIOPIC SYLLABLE JI;Lo;0;L;;;;;N;;;;;
+1303;ETHIOPIC SYLLABLE JAA;Lo;0;L;;;;;N;;;;;
+1304;ETHIOPIC SYLLABLE JEE;Lo;0;L;;;;;N;;;;;
+1305;ETHIOPIC SYLLABLE JE;Lo;0;L;;;;;N;;;;;
+1306;ETHIOPIC SYLLABLE JO;Lo;0;L;;;;;N;;;;;
+1307;ETHIOPIC SYLLABLE JWA;Lo;0;L;;;;;N;;;;;
+1308;ETHIOPIC SYLLABLE GA;Lo;0;L;;;;;N;;;;;
+1309;ETHIOPIC SYLLABLE GU;Lo;0;L;;;;;N;;;;;
+130A;ETHIOPIC SYLLABLE GI;Lo;0;L;;;;;N;;;;;
+130B;ETHIOPIC SYLLABLE GAA;Lo;0;L;;;;;N;;;;;
+130C;ETHIOPIC SYLLABLE GEE;Lo;0;L;;;;;N;;;;;
+130D;ETHIOPIC SYLLABLE GE;Lo;0;L;;;;;N;;;;;
+130E;ETHIOPIC SYLLABLE GO;Lo;0;L;;;;;N;;;;;
+1310;ETHIOPIC SYLLABLE GWA;Lo;0;L;;;;;N;;;;;
+1312;ETHIOPIC SYLLABLE GWI;Lo;0;L;;;;;N;;;;;
+1313;ETHIOPIC SYLLABLE GWAA;Lo;0;L;;;;;N;;;;;
+1314;ETHIOPIC SYLLABLE GWEE;Lo;0;L;;;;;N;;;;;
+1315;ETHIOPIC SYLLABLE GWE;Lo;0;L;;;;;N;;;;;
+1318;ETHIOPIC SYLLABLE GGA;Lo;0;L;;;;;N;;;;;
+1319;ETHIOPIC SYLLABLE GGU;Lo;0;L;;;;;N;;;;;
+131A;ETHIOPIC SYLLABLE GGI;Lo;0;L;;;;;N;;;;;
+131B;ETHIOPIC SYLLABLE GGAA;Lo;0;L;;;;;N;;;;;
+131C;ETHIOPIC SYLLABLE GGEE;Lo;0;L;;;;;N;;;;;
+131D;ETHIOPIC SYLLABLE GGE;Lo;0;L;;;;;N;;;;;
+131E;ETHIOPIC SYLLABLE GGO;Lo;0;L;;;;;N;;;;;
+1320;ETHIOPIC SYLLABLE THA;Lo;0;L;;;;;N;;;;;
+1321;ETHIOPIC SYLLABLE THU;Lo;0;L;;;;;N;;;;;
+1322;ETHIOPIC SYLLABLE THI;Lo;0;L;;;;;N;;;;;
+1323;ETHIOPIC SYLLABLE THAA;Lo;0;L;;;;;N;;;;;
+1324;ETHIOPIC SYLLABLE THEE;Lo;0;L;;;;;N;;;;;
+1325;ETHIOPIC SYLLABLE THE;Lo;0;L;;;;;N;;;;;
+1326;ETHIOPIC SYLLABLE THO;Lo;0;L;;;;;N;;;;;
+1327;ETHIOPIC SYLLABLE THWA;Lo;0;L;;;;;N;;;;;
+1328;ETHIOPIC SYLLABLE CHA;Lo;0;L;;;;;N;;;;;
+1329;ETHIOPIC SYLLABLE CHU;Lo;0;L;;;;;N;;;;;
+132A;ETHIOPIC SYLLABLE CHI;Lo;0;L;;;;;N;;;;;
+132B;ETHIOPIC SYLLABLE CHAA;Lo;0;L;;;;;N;;;;;
+132C;ETHIOPIC SYLLABLE CHEE;Lo;0;L;;;;;N;;;;;
+132D;ETHIOPIC SYLLABLE CHE;Lo;0;L;;;;;N;;;;;
+132E;ETHIOPIC SYLLABLE CHO;Lo;0;L;;;;;N;;;;;
+132F;ETHIOPIC SYLLABLE CHWA;Lo;0;L;;;;;N;;;;;
+1330;ETHIOPIC SYLLABLE PHA;Lo;0;L;;;;;N;;;;;
+1331;ETHIOPIC SYLLABLE PHU;Lo;0;L;;;;;N;;;;;
+1332;ETHIOPIC SYLLABLE PHI;Lo;0;L;;;;;N;;;;;
+1333;ETHIOPIC SYLLABLE PHAA;Lo;0;L;;;;;N;;;;;
+1334;ETHIOPIC SYLLABLE PHEE;Lo;0;L;;;;;N;;;;;
+1335;ETHIOPIC SYLLABLE PHE;Lo;0;L;;;;;N;;;;;
+1336;ETHIOPIC SYLLABLE PHO;Lo;0;L;;;;;N;;;;;
+1337;ETHIOPIC SYLLABLE PHWA;Lo;0;L;;;;;N;;;;;
+1338;ETHIOPIC SYLLABLE TSA;Lo;0;L;;;;;N;;;;;
+1339;ETHIOPIC SYLLABLE TSU;Lo;0;L;;;;;N;;;;;
+133A;ETHIOPIC SYLLABLE TSI;Lo;0;L;;;;;N;;;;;
+133B;ETHIOPIC SYLLABLE TSAA;Lo;0;L;;;;;N;;;;;
+133C;ETHIOPIC SYLLABLE TSEE;Lo;0;L;;;;;N;;;;;
+133D;ETHIOPIC SYLLABLE TSE;Lo;0;L;;;;;N;;;;;
+133E;ETHIOPIC SYLLABLE TSO;Lo;0;L;;;;;N;;;;;
+133F;ETHIOPIC SYLLABLE TSWA;Lo;0;L;;;;;N;;;;;
+1340;ETHIOPIC SYLLABLE TZA;Lo;0;L;;;;;N;;;;;
+1341;ETHIOPIC SYLLABLE TZU;Lo;0;L;;;;;N;;;;;
+1342;ETHIOPIC SYLLABLE TZI;Lo;0;L;;;;;N;;;;;
+1343;ETHIOPIC SYLLABLE TZAA;Lo;0;L;;;;;N;;;;;
+1344;ETHIOPIC SYLLABLE TZEE;Lo;0;L;;;;;N;;;;;
+1345;ETHIOPIC SYLLABLE TZE;Lo;0;L;;;;;N;;;;;
+1346;ETHIOPIC SYLLABLE TZO;Lo;0;L;;;;;N;;;;;
+1348;ETHIOPIC SYLLABLE FA;Lo;0;L;;;;;N;;;;;
+1349;ETHIOPIC SYLLABLE FU;Lo;0;L;;;;;N;;;;;
+134A;ETHIOPIC SYLLABLE FI;Lo;0;L;;;;;N;;;;;
+134B;ETHIOPIC SYLLABLE FAA;Lo;0;L;;;;;N;;;;;
+134C;ETHIOPIC SYLLABLE FEE;Lo;0;L;;;;;N;;;;;
+134D;ETHIOPIC SYLLABLE FE;Lo;0;L;;;;;N;;;;;
+134E;ETHIOPIC SYLLABLE FO;Lo;0;L;;;;;N;;;;;
+134F;ETHIOPIC SYLLABLE FWA;Lo;0;L;;;;;N;;;;;
+1350;ETHIOPIC SYLLABLE PA;Lo;0;L;;;;;N;;;;;
+1351;ETHIOPIC SYLLABLE PU;Lo;0;L;;;;;N;;;;;
+1352;ETHIOPIC SYLLABLE PI;Lo;0;L;;;;;N;;;;;
+1353;ETHIOPIC SYLLABLE PAA;Lo;0;L;;;;;N;;;;;
+1354;ETHIOPIC SYLLABLE PEE;Lo;0;L;;;;;N;;;;;
+1355;ETHIOPIC SYLLABLE PE;Lo;0;L;;;;;N;;;;;
+1356;ETHIOPIC SYLLABLE PO;Lo;0;L;;;;;N;;;;;
+1357;ETHIOPIC SYLLABLE PWA;Lo;0;L;;;;;N;;;;;
+1358;ETHIOPIC SYLLABLE RYA;Lo;0;L;;;;;N;;;;;
+1359;ETHIOPIC SYLLABLE MYA;Lo;0;L;;;;;N;;;;;
+135A;ETHIOPIC SYLLABLE FYA;Lo;0;L;;;;;N;;;;;
+1361;ETHIOPIC WORDSPACE;Po;0;L;;;;;N;;;;;
+1362;ETHIOPIC FULL STOP;Po;0;L;;;;;N;;;;;
+1363;ETHIOPIC COMMA;Po;0;L;;;;;N;;;;;
+1364;ETHIOPIC SEMICOLON;Po;0;L;;;;;N;;;;;
+1365;ETHIOPIC COLON;Po;0;L;;;;;N;;;;;
+1366;ETHIOPIC PREFACE COLON;Po;0;L;;;;;N;;;;;
+1367;ETHIOPIC QUESTION MARK;Po;0;L;;;;;N;;;;;
+1368;ETHIOPIC PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;;
+1369;ETHIOPIC DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+136A;ETHIOPIC DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+136B;ETHIOPIC DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+136C;ETHIOPIC DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+136D;ETHIOPIC DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+136E;ETHIOPIC DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+136F;ETHIOPIC DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+1370;ETHIOPIC DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+1371;ETHIOPIC DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+1372;ETHIOPIC NUMBER TEN;No;0;L;;;;10;N;;;;;
+1373;ETHIOPIC NUMBER TWENTY;No;0;L;;;;20;N;;;;;
+1374;ETHIOPIC NUMBER THIRTY;No;0;L;;;;30;N;;;;;
+1375;ETHIOPIC NUMBER FORTY;No;0;L;;;;40;N;;;;;
+1376;ETHIOPIC NUMBER FIFTY;No;0;L;;;;50;N;;;;;
+1377;ETHIOPIC NUMBER SIXTY;No;0;L;;;;60;N;;;;;
+1378;ETHIOPIC NUMBER SEVENTY;No;0;L;;;;70;N;;;;;
+1379;ETHIOPIC NUMBER EIGHTY;No;0;L;;;;80;N;;;;;
+137A;ETHIOPIC NUMBER NINETY;No;0;L;;;;90;N;;;;;
+137B;ETHIOPIC NUMBER HUNDRED;No;0;L;;;;100;N;;;;;
+137C;ETHIOPIC NUMBER TEN THOUSAND;No;0;L;;;;10000;N;;;;;
+13A0;CHEROKEE LETTER A;Lo;0;L;;;;;N;;;;;
+13A1;CHEROKEE LETTER E;Lo;0;L;;;;;N;;;;;
+13A2;CHEROKEE LETTER I;Lo;0;L;;;;;N;;;;;
+13A3;CHEROKEE LETTER O;Lo;0;L;;;;;N;;;;;
+13A4;CHEROKEE LETTER U;Lo;0;L;;;;;N;;;;;
+13A5;CHEROKEE LETTER V;Lo;0;L;;;;;N;;;;;
+13A6;CHEROKEE LETTER GA;Lo;0;L;;;;;N;;;;;
+13A7;CHEROKEE LETTER KA;Lo;0;L;;;;;N;;;;;
+13A8;CHEROKEE LETTER GE;Lo;0;L;;;;;N;;;;;
+13A9;CHEROKEE LETTER GI;Lo;0;L;;;;;N;;;;;
+13AA;CHEROKEE LETTER GO;Lo;0;L;;;;;N;;;;;
+13AB;CHEROKEE LETTER GU;Lo;0;L;;;;;N;;;;;
+13AC;CHEROKEE LETTER GV;Lo;0;L;;;;;N;;;;;
+13AD;CHEROKEE LETTER HA;Lo;0;L;;;;;N;;;;;
+13AE;CHEROKEE LETTER HE;Lo;0;L;;;;;N;;;;;
+13AF;CHEROKEE LETTER HI;Lo;0;L;;;;;N;;;;;
+13B0;CHEROKEE LETTER HO;Lo;0;L;;;;;N;;;;;
+13B1;CHEROKEE LETTER HU;Lo;0;L;;;;;N;;;;;
+13B2;CHEROKEE LETTER HV;Lo;0;L;;;;;N;;;;;
+13B3;CHEROKEE LETTER LA;Lo;0;L;;;;;N;;;;;
+13B4;CHEROKEE LETTER LE;Lo;0;L;;;;;N;;;;;
+13B5;CHEROKEE LETTER LI;Lo;0;L;;;;;N;;;;;
+13B6;CHEROKEE LETTER LO;Lo;0;L;;;;;N;;;;;
+13B7;CHEROKEE LETTER LU;Lo;0;L;;;;;N;;;;;
+13B8;CHEROKEE LETTER LV;Lo;0;L;;;;;N;;;;;
+13B9;CHEROKEE LETTER MA;Lo;0;L;;;;;N;;;;;
+13BA;CHEROKEE LETTER ME;Lo;0;L;;;;;N;;;;;
+13BB;CHEROKEE LETTER MI;Lo;0;L;;;;;N;;;;;
+13BC;CHEROKEE LETTER MO;Lo;0;L;;;;;N;;;;;
+13BD;CHEROKEE LETTER MU;Lo;0;L;;;;;N;;;;;
+13BE;CHEROKEE LETTER NA;Lo;0;L;;;;;N;;;;;
+13BF;CHEROKEE LETTER HNA;Lo;0;L;;;;;N;;;;;
+13C0;CHEROKEE LETTER NAH;Lo;0;L;;;;;N;;;;;
+13C1;CHEROKEE LETTER NE;Lo;0;L;;;;;N;;;;;
+13C2;CHEROKEE LETTER NI;Lo;0;L;;;;;N;;;;;
+13C3;CHEROKEE LETTER NO;Lo;0;L;;;;;N;;;;;
+13C4;CHEROKEE LETTER NU;Lo;0;L;;;;;N;;;;;
+13C5;CHEROKEE LETTER NV;Lo;0;L;;;;;N;;;;;
+13C6;CHEROKEE LETTER QUA;Lo;0;L;;;;;N;;;;;
+13C7;CHEROKEE LETTER QUE;Lo;0;L;;;;;N;;;;;
+13C8;CHEROKEE LETTER QUI;Lo;0;L;;;;;N;;;;;
+13C9;CHEROKEE LETTER QUO;Lo;0;L;;;;;N;;;;;
+13CA;CHEROKEE LETTER QUU;Lo;0;L;;;;;N;;;;;
+13CB;CHEROKEE LETTER QUV;Lo;0;L;;;;;N;;;;;
+13CC;CHEROKEE LETTER SA;Lo;0;L;;;;;N;;;;;
+13CD;CHEROKEE LETTER S;Lo;0;L;;;;;N;;;;;
+13CE;CHEROKEE LETTER SE;Lo;0;L;;;;;N;;;;;
+13CF;CHEROKEE LETTER SI;Lo;0;L;;;;;N;;;;;
+13D0;CHEROKEE LETTER SO;Lo;0;L;;;;;N;;;;;
+13D1;CHEROKEE LETTER SU;Lo;0;L;;;;;N;;;;;
+13D2;CHEROKEE LETTER SV;Lo;0;L;;;;;N;;;;;
+13D3;CHEROKEE LETTER DA;Lo;0;L;;;;;N;;;;;
+13D4;CHEROKEE LETTER TA;Lo;0;L;;;;;N;;;;;
+13D5;CHEROKEE LETTER DE;Lo;0;L;;;;;N;;;;;
+13D6;CHEROKEE LETTER TE;Lo;0;L;;;;;N;;;;;
+13D7;CHEROKEE LETTER DI;Lo;0;L;;;;;N;;;;;
+13D8;CHEROKEE LETTER TI;Lo;0;L;;;;;N;;;;;
+13D9;CHEROKEE LETTER DO;Lo;0;L;;;;;N;;;;;
+13DA;CHEROKEE LETTER DU;Lo;0;L;;;;;N;;;;;
+13DB;CHEROKEE LETTER DV;Lo;0;L;;;;;N;;;;;
+13DC;CHEROKEE LETTER DLA;Lo;0;L;;;;;N;;;;;
+13DD;CHEROKEE LETTER TLA;Lo;0;L;;;;;N;;;;;
+13DE;CHEROKEE LETTER TLE;Lo;0;L;;;;;N;;;;;
+13DF;CHEROKEE LETTER TLI;Lo;0;L;;;;;N;;;;;
+13E0;CHEROKEE LETTER TLO;Lo;0;L;;;;;N;;;;;
+13E1;CHEROKEE LETTER TLU;Lo;0;L;;;;;N;;;;;
+13E2;CHEROKEE LETTER TLV;Lo;0;L;;;;;N;;;;;
+13E3;CHEROKEE LETTER TSA;Lo;0;L;;;;;N;;;;;
+13E4;CHEROKEE LETTER TSE;Lo;0;L;;;;;N;;;;;
+13E5;CHEROKEE LETTER TSI;Lo;0;L;;;;;N;;;;;
+13E6;CHEROKEE LETTER TSO;Lo;0;L;;;;;N;;;;;
+13E7;CHEROKEE LETTER TSU;Lo;0;L;;;;;N;;;;;
+13E8;CHEROKEE LETTER TSV;Lo;0;L;;;;;N;;;;;
+13E9;CHEROKEE LETTER WA;Lo;0;L;;;;;N;;;;;
+13EA;CHEROKEE LETTER WE;Lo;0;L;;;;;N;;;;;
+13EB;CHEROKEE LETTER WI;Lo;0;L;;;;;N;;;;;
+13EC;CHEROKEE LETTER WO;Lo;0;L;;;;;N;;;;;
+13ED;CHEROKEE LETTER WU;Lo;0;L;;;;;N;;;;;
+13EE;CHEROKEE LETTER WV;Lo;0;L;;;;;N;;;;;
+13EF;CHEROKEE LETTER YA;Lo;0;L;;;;;N;;;;;
+13F0;CHEROKEE LETTER YE;Lo;0;L;;;;;N;;;;;
+13F1;CHEROKEE LETTER YI;Lo;0;L;;;;;N;;;;;
+13F2;CHEROKEE LETTER YO;Lo;0;L;;;;;N;;;;;
+13F3;CHEROKEE LETTER YU;Lo;0;L;;;;;N;;;;;
+13F4;CHEROKEE LETTER YV;Lo;0;L;;;;;N;;;;;
+1401;CANADIAN SYLLABICS E;Lo;0;L;;;;;N;;;;;
+1402;CANADIAN SYLLABICS AAI;Lo;0;L;;;;;N;;;;;
+1403;CANADIAN SYLLABICS I;Lo;0;L;;;;;N;;;;;
+1404;CANADIAN SYLLABICS II;Lo;0;L;;;;;N;;;;;
+1405;CANADIAN SYLLABICS O;Lo;0;L;;;;;N;;;;;
+1406;CANADIAN SYLLABICS OO;Lo;0;L;;;;;N;;;;;
+1407;CANADIAN SYLLABICS Y-CREE OO;Lo;0;L;;;;;N;;;;;
+1408;CANADIAN SYLLABICS CARRIER EE;Lo;0;L;;;;;N;;;;;
+1409;CANADIAN SYLLABICS CARRIER I;Lo;0;L;;;;;N;;;;;
+140A;CANADIAN SYLLABICS A;Lo;0;L;;;;;N;;;;;
+140B;CANADIAN SYLLABICS AA;Lo;0;L;;;;;N;;;;;
+140C;CANADIAN SYLLABICS WE;Lo;0;L;;;;;N;;;;;
+140D;CANADIAN SYLLABICS WEST-CREE WE;Lo;0;L;;;;;N;;;;;
+140E;CANADIAN SYLLABICS WI;Lo;0;L;;;;;N;;;;;
+140F;CANADIAN SYLLABICS WEST-CREE WI;Lo;0;L;;;;;N;;;;;
+1410;CANADIAN SYLLABICS WII;Lo;0;L;;;;;N;;;;;
+1411;CANADIAN SYLLABICS WEST-CREE WII;Lo;0;L;;;;;N;;;;;
+1412;CANADIAN SYLLABICS WO;Lo;0;L;;;;;N;;;;;
+1413;CANADIAN SYLLABICS WEST-CREE WO;Lo;0;L;;;;;N;;;;;
+1414;CANADIAN SYLLABICS WOO;Lo;0;L;;;;;N;;;;;
+1415;CANADIAN SYLLABICS WEST-CREE WOO;Lo;0;L;;;;;N;;;;;
+1416;CANADIAN SYLLABICS NASKAPI WOO;Lo;0;L;;;;;N;;;;;
+1417;CANADIAN SYLLABICS WA;Lo;0;L;;;;;N;;;;;
+1418;CANADIAN SYLLABICS WEST-CREE WA;Lo;0;L;;;;;N;;;;;
+1419;CANADIAN SYLLABICS WAA;Lo;0;L;;;;;N;;;;;
+141A;CANADIAN SYLLABICS WEST-CREE WAA;Lo;0;L;;;;;N;;;;;
+141B;CANADIAN SYLLABICS NASKAPI WAA;Lo;0;L;;;;;N;;;;;
+141C;CANADIAN SYLLABICS AI;Lo;0;L;;;;;N;;;;;
+141D;CANADIAN SYLLABICS Y-CREE W;Lo;0;L;;;;;N;;;;;
+141E;CANADIAN SYLLABICS GLOTTAL STOP;Lo;0;L;;;;;N;;;;;
+141F;CANADIAN SYLLABICS FINAL ACUTE;Lo;0;L;;;;;N;;;;;
+1420;CANADIAN SYLLABICS FINAL GRAVE;Lo;0;L;;;;;N;;;;;
+1421;CANADIAN SYLLABICS FINAL BOTTOM HALF RING;Lo;0;L;;;;;N;;;;;
+1422;CANADIAN SYLLABICS FINAL TOP HALF RING;Lo;0;L;;;;;N;;;;;
+1423;CANADIAN SYLLABICS FINAL RIGHT HALF RING;Lo;0;L;;;;;N;;;;;
+1424;CANADIAN SYLLABICS FINAL RING;Lo;0;L;;;;;N;;;;;
+1425;CANADIAN SYLLABICS FINAL DOUBLE ACUTE;Lo;0;L;;;;;N;;;;;
+1426;CANADIAN SYLLABICS FINAL DOUBLE SHORT VERTICAL STROKES;Lo;0;L;;;;;N;;;;;
+1427;CANADIAN SYLLABICS FINAL MIDDLE DOT;Lo;0;L;;;;;N;;;;;
+1428;CANADIAN SYLLABICS FINAL SHORT HORIZONTAL STROKE;Lo;0;L;;;;;N;;;;;
+1429;CANADIAN SYLLABICS FINAL PLUS;Lo;0;L;;;;;N;;;;;
+142A;CANADIAN SYLLABICS FINAL DOWN TACK;Lo;0;L;;;;;N;;;;;
+142B;CANADIAN SYLLABICS EN;Lo;0;L;;;;;N;;;;;
+142C;CANADIAN SYLLABICS IN;Lo;0;L;;;;;N;;;;;
+142D;CANADIAN SYLLABICS ON;Lo;0;L;;;;;N;;;;;
+142E;CANADIAN SYLLABICS AN;Lo;0;L;;;;;N;;;;;
+142F;CANADIAN SYLLABICS PE;Lo;0;L;;;;;N;;;;;
+1430;CANADIAN SYLLABICS PAAI;Lo;0;L;;;;;N;;;;;
+1431;CANADIAN SYLLABICS PI;Lo;0;L;;;;;N;;;;;
+1432;CANADIAN SYLLABICS PII;Lo;0;L;;;;;N;;;;;
+1433;CANADIAN SYLLABICS PO;Lo;0;L;;;;;N;;;;;
+1434;CANADIAN SYLLABICS POO;Lo;0;L;;;;;N;;;;;
+1435;CANADIAN SYLLABICS Y-CREE POO;Lo;0;L;;;;;N;;;;;
+1436;CANADIAN SYLLABICS CARRIER HEE;Lo;0;L;;;;;N;;;;;
+1437;CANADIAN SYLLABICS CARRIER HI;Lo;0;L;;;;;N;;;;;
+1438;CANADIAN SYLLABICS PA;Lo;0;L;;;;;N;;;;;
+1439;CANADIAN SYLLABICS PAA;Lo;0;L;;;;;N;;;;;
+143A;CANADIAN SYLLABICS PWE;Lo;0;L;;;;;N;;;;;
+143B;CANADIAN SYLLABICS WEST-CREE PWE;Lo;0;L;;;;;N;;;;;
+143C;CANADIAN SYLLABICS PWI;Lo;0;L;;;;;N;;;;;
+143D;CANADIAN SYLLABICS WEST-CREE PWI;Lo;0;L;;;;;N;;;;;
+143E;CANADIAN SYLLABICS PWII;Lo;0;L;;;;;N;;;;;
+143F;CANADIAN SYLLABICS WEST-CREE PWII;Lo;0;L;;;;;N;;;;;
+1440;CANADIAN SYLLABICS PWO;Lo;0;L;;;;;N;;;;;
+1441;CANADIAN SYLLABICS WEST-CREE PWO;Lo;0;L;;;;;N;;;;;
+1442;CANADIAN SYLLABICS PWOO;Lo;0;L;;;;;N;;;;;
+1443;CANADIAN SYLLABICS WEST-CREE PWOO;Lo;0;L;;;;;N;;;;;
+1444;CANADIAN SYLLABICS PWA;Lo;0;L;;;;;N;;;;;
+1445;CANADIAN SYLLABICS WEST-CREE PWA;Lo;0;L;;;;;N;;;;;
+1446;CANADIAN SYLLABICS PWAA;Lo;0;L;;;;;N;;;;;
+1447;CANADIAN SYLLABICS WEST-CREE PWAA;Lo;0;L;;;;;N;;;;;
+1448;CANADIAN SYLLABICS Y-CREE PWAA;Lo;0;L;;;;;N;;;;;
+1449;CANADIAN SYLLABICS P;Lo;0;L;;;;;N;;;;;
+144A;CANADIAN SYLLABICS WEST-CREE P;Lo;0;L;;;;;N;;;;;
+144B;CANADIAN SYLLABICS CARRIER H;Lo;0;L;;;;;N;;;;;
+144C;CANADIAN SYLLABICS TE;Lo;0;L;;;;;N;;;;;
+144D;CANADIAN SYLLABICS TAAI;Lo;0;L;;;;;N;;;;;
+144E;CANADIAN SYLLABICS TI;Lo;0;L;;;;;N;;;;;
+144F;CANADIAN SYLLABICS TII;Lo;0;L;;;;;N;;;;;
+1450;CANADIAN SYLLABICS TO;Lo;0;L;;;;;N;;;;;
+1451;CANADIAN SYLLABICS TOO;Lo;0;L;;;;;N;;;;;
+1452;CANADIAN SYLLABICS Y-CREE TOO;Lo;0;L;;;;;N;;;;;
+1453;CANADIAN SYLLABICS CARRIER DEE;Lo;0;L;;;;;N;;;;;
+1454;CANADIAN SYLLABICS CARRIER DI;Lo;0;L;;;;;N;;;;;
+1455;CANADIAN SYLLABICS TA;Lo;0;L;;;;;N;;;;;
+1456;CANADIAN SYLLABICS TAA;Lo;0;L;;;;;N;;;;;
+1457;CANADIAN SYLLABICS TWE;Lo;0;L;;;;;N;;;;;
+1458;CANADIAN SYLLABICS WEST-CREE TWE;Lo;0;L;;;;;N;;;;;
+1459;CANADIAN SYLLABICS TWI;Lo;0;L;;;;;N;;;;;
+145A;CANADIAN SYLLABICS WEST-CREE TWI;Lo;0;L;;;;;N;;;;;
+145B;CANADIAN SYLLABICS TWII;Lo;0;L;;;;;N;;;;;
+145C;CANADIAN SYLLABICS WEST-CREE TWII;Lo;0;L;;;;;N;;;;;
+145D;CANADIAN SYLLABICS TWO;Lo;0;L;;;;;N;;;;;
+145E;CANADIAN SYLLABICS WEST-CREE TWO;Lo;0;L;;;;;N;;;;;
+145F;CANADIAN SYLLABICS TWOO;Lo;0;L;;;;;N;;;;;
+1460;CANADIAN SYLLABICS WEST-CREE TWOO;Lo;0;L;;;;;N;;;;;
+1461;CANADIAN SYLLABICS TWA;Lo;0;L;;;;;N;;;;;
+1462;CANADIAN SYLLABICS WEST-CREE TWA;Lo;0;L;;;;;N;;;;;
+1463;CANADIAN SYLLABICS TWAA;Lo;0;L;;;;;N;;;;;
+1464;CANADIAN SYLLABICS WEST-CREE TWAA;Lo;0;L;;;;;N;;;;;
+1465;CANADIAN SYLLABICS NASKAPI TWAA;Lo;0;L;;;;;N;;;;;
+1466;CANADIAN SYLLABICS T;Lo;0;L;;;;;N;;;;;
+1467;CANADIAN SYLLABICS TTE;Lo;0;L;;;;;N;;;;;
+1468;CANADIAN SYLLABICS TTI;Lo;0;L;;;;;N;;;;;
+1469;CANADIAN SYLLABICS TTO;Lo;0;L;;;;;N;;;;;
+146A;CANADIAN SYLLABICS TTA;Lo;0;L;;;;;N;;;;;
+146B;CANADIAN SYLLABICS KE;Lo;0;L;;;;;N;;;;;
+146C;CANADIAN SYLLABICS KAAI;Lo;0;L;;;;;N;;;;;
+146D;CANADIAN SYLLABICS KI;Lo;0;L;;;;;N;;;;;
+146E;CANADIAN SYLLABICS KII;Lo;0;L;;;;;N;;;;;
+146F;CANADIAN SYLLABICS KO;Lo;0;L;;;;;N;;;;;
+1470;CANADIAN SYLLABICS KOO;Lo;0;L;;;;;N;;;;;
+1471;CANADIAN SYLLABICS Y-CREE KOO;Lo;0;L;;;;;N;;;;;
+1472;CANADIAN SYLLABICS KA;Lo;0;L;;;;;N;;;;;
+1473;CANADIAN SYLLABICS KAA;Lo;0;L;;;;;N;;;;;
+1474;CANADIAN SYLLABICS KWE;Lo;0;L;;;;;N;;;;;
+1475;CANADIAN SYLLABICS WEST-CREE KWE;Lo;0;L;;;;;N;;;;;
+1476;CANADIAN SYLLABICS KWI;Lo;0;L;;;;;N;;;;;
+1477;CANADIAN SYLLABICS WEST-CREE KWI;Lo;0;L;;;;;N;;;;;
+1478;CANADIAN SYLLABICS KWII;Lo;0;L;;;;;N;;;;;
+1479;CANADIAN SYLLABICS WEST-CREE KWII;Lo;0;L;;;;;N;;;;;
+147A;CANADIAN SYLLABICS KWO;Lo;0;L;;;;;N;;;;;
+147B;CANADIAN SYLLABICS WEST-CREE KWO;Lo;0;L;;;;;N;;;;;
+147C;CANADIAN SYLLABICS KWOO;Lo;0;L;;;;;N;;;;;
+147D;CANADIAN SYLLABICS WEST-CREE KWOO;Lo;0;L;;;;;N;;;;;
+147E;CANADIAN SYLLABICS KWA;Lo;0;L;;;;;N;;;;;
+147F;CANADIAN SYLLABICS WEST-CREE KWA;Lo;0;L;;;;;N;;;;;
+1480;CANADIAN SYLLABICS KWAA;Lo;0;L;;;;;N;;;;;
+1481;CANADIAN SYLLABICS WEST-CREE KWAA;Lo;0;L;;;;;N;;;;;
+1482;CANADIAN SYLLABICS NASKAPI KWAA;Lo;0;L;;;;;N;;;;;
+1483;CANADIAN SYLLABICS K;Lo;0;L;;;;;N;;;;;
+1484;CANADIAN SYLLABICS KW;Lo;0;L;;;;;N;;;;;
+1485;CANADIAN SYLLABICS SOUTH-SLAVEY KEH;Lo;0;L;;;;;N;;;;;
+1486;CANADIAN SYLLABICS SOUTH-SLAVEY KIH;Lo;0;L;;;;;N;;;;;
+1487;CANADIAN SYLLABICS SOUTH-SLAVEY KOH;Lo;0;L;;;;;N;;;;;
+1488;CANADIAN SYLLABICS SOUTH-SLAVEY KAH;Lo;0;L;;;;;N;;;;;
+1489;CANADIAN SYLLABICS CE;Lo;0;L;;;;;N;;;;;
+148A;CANADIAN SYLLABICS CAAI;Lo;0;L;;;;;N;;;;;
+148B;CANADIAN SYLLABICS CI;Lo;0;L;;;;;N;;;;;
+148C;CANADIAN SYLLABICS CII;Lo;0;L;;;;;N;;;;;
+148D;CANADIAN SYLLABICS CO;Lo;0;L;;;;;N;;;;;
+148E;CANADIAN SYLLABICS COO;Lo;0;L;;;;;N;;;;;
+148F;CANADIAN SYLLABICS Y-CREE COO;Lo;0;L;;;;;N;;;;;
+1490;CANADIAN SYLLABICS CA;Lo;0;L;;;;;N;;;;;
+1491;CANADIAN SYLLABICS CAA;Lo;0;L;;;;;N;;;;;
+1492;CANADIAN SYLLABICS CWE;Lo;0;L;;;;;N;;;;;
+1493;CANADIAN SYLLABICS WEST-CREE CWE;Lo;0;L;;;;;N;;;;;
+1494;CANADIAN SYLLABICS CWI;Lo;0;L;;;;;N;;;;;
+1495;CANADIAN SYLLABICS WEST-CREE CWI;Lo;0;L;;;;;N;;;;;
+1496;CANADIAN SYLLABICS CWII;Lo;0;L;;;;;N;;;;;
+1497;CANADIAN SYLLABICS WEST-CREE CWII;Lo;0;L;;;;;N;;;;;
+1498;CANADIAN SYLLABICS CWO;Lo;0;L;;;;;N;;;;;
+1499;CANADIAN SYLLABICS WEST-CREE CWO;Lo;0;L;;;;;N;;;;;
+149A;CANADIAN SYLLABICS CWOO;Lo;0;L;;;;;N;;;;;
+149B;CANADIAN SYLLABICS WEST-CREE CWOO;Lo;0;L;;;;;N;;;;;
+149C;CANADIAN SYLLABICS CWA;Lo;0;L;;;;;N;;;;;
+149D;CANADIAN SYLLABICS WEST-CREE CWA;Lo;0;L;;;;;N;;;;;
+149E;CANADIAN SYLLABICS CWAA;Lo;0;L;;;;;N;;;;;
+149F;CANADIAN SYLLABICS WEST-CREE CWAA;Lo;0;L;;;;;N;;;;;
+14A0;CANADIAN SYLLABICS NASKAPI CWAA;Lo;0;L;;;;;N;;;;;
+14A1;CANADIAN SYLLABICS C;Lo;0;L;;;;;N;;;;;
+14A2;CANADIAN SYLLABICS SAYISI TH;Lo;0;L;;;;;N;;;;;
+14A3;CANADIAN SYLLABICS ME;Lo;0;L;;;;;N;;;;;
+14A4;CANADIAN SYLLABICS MAAI;Lo;0;L;;;;;N;;;;;
+14A5;CANADIAN SYLLABICS MI;Lo;0;L;;;;;N;;;;;
+14A6;CANADIAN SYLLABICS MII;Lo;0;L;;;;;N;;;;;
+14A7;CANADIAN SYLLABICS MO;Lo;0;L;;;;;N;;;;;
+14A8;CANADIAN SYLLABICS MOO;Lo;0;L;;;;;N;;;;;
+14A9;CANADIAN SYLLABICS Y-CREE MOO;Lo;0;L;;;;;N;;;;;
+14AA;CANADIAN SYLLABICS MA;Lo;0;L;;;;;N;;;;;
+14AB;CANADIAN SYLLABICS MAA;Lo;0;L;;;;;N;;;;;
+14AC;CANADIAN SYLLABICS MWE;Lo;0;L;;;;;N;;;;;
+14AD;CANADIAN SYLLABICS WEST-CREE MWE;Lo;0;L;;;;;N;;;;;
+14AE;CANADIAN SYLLABICS MWI;Lo;0;L;;;;;N;;;;;
+14AF;CANADIAN SYLLABICS WEST-CREE MWI;Lo;0;L;;;;;N;;;;;
+14B0;CANADIAN SYLLABICS MWII;Lo;0;L;;;;;N;;;;;
+14B1;CANADIAN SYLLABICS WEST-CREE MWII;Lo;0;L;;;;;N;;;;;
+14B2;CANADIAN SYLLABICS MWO;Lo;0;L;;;;;N;;;;;
+14B3;CANADIAN SYLLABICS WEST-CREE MWO;Lo;0;L;;;;;N;;;;;
+14B4;CANADIAN SYLLABICS MWOO;Lo;0;L;;;;;N;;;;;
+14B5;CANADIAN SYLLABICS WEST-CREE MWOO;Lo;0;L;;;;;N;;;;;
+14B6;CANADIAN SYLLABICS MWA;Lo;0;L;;;;;N;;;;;
+14B7;CANADIAN SYLLABICS WEST-CREE MWA;Lo;0;L;;;;;N;;;;;
+14B8;CANADIAN SYLLABICS MWAA;Lo;0;L;;;;;N;;;;;
+14B9;CANADIAN SYLLABICS WEST-CREE MWAA;Lo;0;L;;;;;N;;;;;
+14BA;CANADIAN SYLLABICS NASKAPI MWAA;Lo;0;L;;;;;N;;;;;
+14BB;CANADIAN SYLLABICS M;Lo;0;L;;;;;N;;;;;
+14BC;CANADIAN SYLLABICS WEST-CREE M;Lo;0;L;;;;;N;;;;;
+14BD;CANADIAN SYLLABICS MH;Lo;0;L;;;;;N;;;;;
+14BE;CANADIAN SYLLABICS ATHAPASCAN M;Lo;0;L;;;;;N;;;;;
+14BF;CANADIAN SYLLABICS SAYISI M;Lo;0;L;;;;;N;;;;;
+14C0;CANADIAN SYLLABICS NE;Lo;0;L;;;;;N;;;;;
+14C1;CANADIAN SYLLABICS NAAI;Lo;0;L;;;;;N;;;;;
+14C2;CANADIAN SYLLABICS NI;Lo;0;L;;;;;N;;;;;
+14C3;CANADIAN SYLLABICS NII;Lo;0;L;;;;;N;;;;;
+14C4;CANADIAN SYLLABICS NO;Lo;0;L;;;;;N;;;;;
+14C5;CANADIAN SYLLABICS NOO;Lo;0;L;;;;;N;;;;;
+14C6;CANADIAN SYLLABICS Y-CREE NOO;Lo;0;L;;;;;N;;;;;
+14C7;CANADIAN SYLLABICS NA;Lo;0;L;;;;;N;;;;;
+14C8;CANADIAN SYLLABICS NAA;Lo;0;L;;;;;N;;;;;
+14C9;CANADIAN SYLLABICS NWE;Lo;0;L;;;;;N;;;;;
+14CA;CANADIAN SYLLABICS WEST-CREE NWE;Lo;0;L;;;;;N;;;;;
+14CB;CANADIAN SYLLABICS NWA;Lo;0;L;;;;;N;;;;;
+14CC;CANADIAN SYLLABICS WEST-CREE NWA;Lo;0;L;;;;;N;;;;;
+14CD;CANADIAN SYLLABICS NWAA;Lo;0;L;;;;;N;;;;;
+14CE;CANADIAN SYLLABICS WEST-CREE NWAA;Lo;0;L;;;;;N;;;;;
+14CF;CANADIAN SYLLABICS NASKAPI NWAA;Lo;0;L;;;;;N;;;;;
+14D0;CANADIAN SYLLABICS N;Lo;0;L;;;;;N;;;;;
+14D1;CANADIAN SYLLABICS CARRIER NG;Lo;0;L;;;;;N;;;;;
+14D2;CANADIAN SYLLABICS NH;Lo;0;L;;;;;N;;;;;
+14D3;CANADIAN SYLLABICS LE;Lo;0;L;;;;;N;;;;;
+14D4;CANADIAN SYLLABICS LAAI;Lo;0;L;;;;;N;;;;;
+14D5;CANADIAN SYLLABICS LI;Lo;0;L;;;;;N;;;;;
+14D6;CANADIAN SYLLABICS LII;Lo;0;L;;;;;N;;;;;
+14D7;CANADIAN SYLLABICS LO;Lo;0;L;;;;;N;;;;;
+14D8;CANADIAN SYLLABICS LOO;Lo;0;L;;;;;N;;;;;
+14D9;CANADIAN SYLLABICS Y-CREE LOO;Lo;0;L;;;;;N;;;;;
+14DA;CANADIAN SYLLABICS LA;Lo;0;L;;;;;N;;;;;
+14DB;CANADIAN SYLLABICS LAA;Lo;0;L;;;;;N;;;;;
+14DC;CANADIAN SYLLABICS LWE;Lo;0;L;;;;;N;;;;;
+14DD;CANADIAN SYLLABICS WEST-CREE LWE;Lo;0;L;;;;;N;;;;;
+14DE;CANADIAN SYLLABICS LWI;Lo;0;L;;;;;N;;;;;
+14DF;CANADIAN SYLLABICS WEST-CREE LWI;Lo;0;L;;;;;N;;;;;
+14E0;CANADIAN SYLLABICS LWII;Lo;0;L;;;;;N;;;;;
+14E1;CANADIAN SYLLABICS WEST-CREE LWII;Lo;0;L;;;;;N;;;;;
+14E2;CANADIAN SYLLABICS LWO;Lo;0;L;;;;;N;;;;;
+14E3;CANADIAN SYLLABICS WEST-CREE LWO;Lo;0;L;;;;;N;;;;;
+14E4;CANADIAN SYLLABICS LWOO;Lo;0;L;;;;;N;;;;;
+14E5;CANADIAN SYLLABICS WEST-CREE LWOO;Lo;0;L;;;;;N;;;;;
+14E6;CANADIAN SYLLABICS LWA;Lo;0;L;;;;;N;;;;;
+14E7;CANADIAN SYLLABICS WEST-CREE LWA;Lo;0;L;;;;;N;;;;;
+14E8;CANADIAN SYLLABICS LWAA;Lo;0;L;;;;;N;;;;;
+14E9;CANADIAN SYLLABICS WEST-CREE LWAA;Lo;0;L;;;;;N;;;;;
+14EA;CANADIAN SYLLABICS L;Lo;0;L;;;;;N;;;;;
+14EB;CANADIAN SYLLABICS WEST-CREE L;Lo;0;L;;;;;N;;;;;
+14EC;CANADIAN SYLLABICS MEDIAL L;Lo;0;L;;;;;N;;;;;
+14ED;CANADIAN SYLLABICS SE;Lo;0;L;;;;;N;;;;;
+14EE;CANADIAN SYLLABICS SAAI;Lo;0;L;;;;;N;;;;;
+14EF;CANADIAN SYLLABICS SI;Lo;0;L;;;;;N;;;;;
+14F0;CANADIAN SYLLABICS SII;Lo;0;L;;;;;N;;;;;
+14F1;CANADIAN SYLLABICS SO;Lo;0;L;;;;;N;;;;;
+14F2;CANADIAN SYLLABICS SOO;Lo;0;L;;;;;N;;;;;
+14F3;CANADIAN SYLLABICS Y-CREE SOO;Lo;0;L;;;;;N;;;;;
+14F4;CANADIAN SYLLABICS SA;Lo;0;L;;;;;N;;;;;
+14F5;CANADIAN SYLLABICS SAA;Lo;0;L;;;;;N;;;;;
+14F6;CANADIAN SYLLABICS SWE;Lo;0;L;;;;;N;;;;;
+14F7;CANADIAN SYLLABICS WEST-CREE SWE;Lo;0;L;;;;;N;;;;;
+14F8;CANADIAN SYLLABICS SWI;Lo;0;L;;;;;N;;;;;
+14F9;CANADIAN SYLLABICS WEST-CREE SWI;Lo;0;L;;;;;N;;;;;
+14FA;CANADIAN SYLLABICS SWII;Lo;0;L;;;;;N;;;;;
+14FB;CANADIAN SYLLABICS WEST-CREE SWII;Lo;0;L;;;;;N;;;;;
+14FC;CANADIAN SYLLABICS SWO;Lo;0;L;;;;;N;;;;;
+14FD;CANADIAN SYLLABICS WEST-CREE SWO;Lo;0;L;;;;;N;;;;;
+14FE;CANADIAN SYLLABICS SWOO;Lo;0;L;;;;;N;;;;;
+14FF;CANADIAN SYLLABICS WEST-CREE SWOO;Lo;0;L;;;;;N;;;;;
+1500;CANADIAN SYLLABICS SWA;Lo;0;L;;;;;N;;;;;
+1501;CANADIAN SYLLABICS WEST-CREE SWA;Lo;0;L;;;;;N;;;;;
+1502;CANADIAN SYLLABICS SWAA;Lo;0;L;;;;;N;;;;;
+1503;CANADIAN SYLLABICS WEST-CREE SWAA;Lo;0;L;;;;;N;;;;;
+1504;CANADIAN SYLLABICS NASKAPI SWAA;Lo;0;L;;;;;N;;;;;
+1505;CANADIAN SYLLABICS S;Lo;0;L;;;;;N;;;;;
+1506;CANADIAN SYLLABICS ATHAPASCAN S;Lo;0;L;;;;;N;;;;;
+1507;CANADIAN SYLLABICS SW;Lo;0;L;;;;;N;;;;;
+1508;CANADIAN SYLLABICS BLACKFOOT S;Lo;0;L;;;;;N;;;;;
+1509;CANADIAN SYLLABICS MOOSE-CREE SK;Lo;0;L;;;;;N;;;;;
+150A;CANADIAN SYLLABICS NASKAPI SKW;Lo;0;L;;;;;N;;;;;
+150B;CANADIAN SYLLABICS NASKAPI S-W;Lo;0;L;;;;;N;;;;;
+150C;CANADIAN SYLLABICS NASKAPI SPWA;Lo;0;L;;;;;N;;;;;
+150D;CANADIAN SYLLABICS NASKAPI STWA;Lo;0;L;;;;;N;;;;;
+150E;CANADIAN SYLLABICS NASKAPI SKWA;Lo;0;L;;;;;N;;;;;
+150F;CANADIAN SYLLABICS NASKAPI SCWA;Lo;0;L;;;;;N;;;;;
+1510;CANADIAN SYLLABICS SHE;Lo;0;L;;;;;N;;;;;
+1511;CANADIAN SYLLABICS SHI;Lo;0;L;;;;;N;;;;;
+1512;CANADIAN SYLLABICS SHII;Lo;0;L;;;;;N;;;;;
+1513;CANADIAN SYLLABICS SHO;Lo;0;L;;;;;N;;;;;
+1514;CANADIAN SYLLABICS SHOO;Lo;0;L;;;;;N;;;;;
+1515;CANADIAN SYLLABICS SHA;Lo;0;L;;;;;N;;;;;
+1516;CANADIAN SYLLABICS SHAA;Lo;0;L;;;;;N;;;;;
+1517;CANADIAN SYLLABICS SHWE;Lo;0;L;;;;;N;;;;;
+1518;CANADIAN SYLLABICS WEST-CREE SHWE;Lo;0;L;;;;;N;;;;;
+1519;CANADIAN SYLLABICS SHWI;Lo;0;L;;;;;N;;;;;
+151A;CANADIAN SYLLABICS WEST-CREE SHWI;Lo;0;L;;;;;N;;;;;
+151B;CANADIAN SYLLABICS SHWII;Lo;0;L;;;;;N;;;;;
+151C;CANADIAN SYLLABICS WEST-CREE SHWII;Lo;0;L;;;;;N;;;;;
+151D;CANADIAN SYLLABICS SHWO;Lo;0;L;;;;;N;;;;;
+151E;CANADIAN SYLLABICS WEST-CREE SHWO;Lo;0;L;;;;;N;;;;;
+151F;CANADIAN SYLLABICS SHWOO;Lo;0;L;;;;;N;;;;;
+1520;CANADIAN SYLLABICS WEST-CREE SHWOO;Lo;0;L;;;;;N;;;;;
+1521;CANADIAN SYLLABICS SHWA;Lo;0;L;;;;;N;;;;;
+1522;CANADIAN SYLLABICS WEST-CREE SHWA;Lo;0;L;;;;;N;;;;;
+1523;CANADIAN SYLLABICS SHWAA;Lo;0;L;;;;;N;;;;;
+1524;CANADIAN SYLLABICS WEST-CREE SHWAA;Lo;0;L;;;;;N;;;;;
+1525;CANADIAN SYLLABICS SH;Lo;0;L;;;;;N;;;;;
+1526;CANADIAN SYLLABICS YE;Lo;0;L;;;;;N;;;;;
+1527;CANADIAN SYLLABICS YAAI;Lo;0;L;;;;;N;;;;;
+1528;CANADIAN SYLLABICS YI;Lo;0;L;;;;;N;;;;;
+1529;CANADIAN SYLLABICS YII;Lo;0;L;;;;;N;;;;;
+152A;CANADIAN SYLLABICS YO;Lo;0;L;;;;;N;;;;;
+152B;CANADIAN SYLLABICS YOO;Lo;0;L;;;;;N;;;;;
+152C;CANADIAN SYLLABICS Y-CREE YOO;Lo;0;L;;;;;N;;;;;
+152D;CANADIAN SYLLABICS YA;Lo;0;L;;;;;N;;;;;
+152E;CANADIAN SYLLABICS YAA;Lo;0;L;;;;;N;;;;;
+152F;CANADIAN SYLLABICS YWE;Lo;0;L;;;;;N;;;;;
+1530;CANADIAN SYLLABICS WEST-CREE YWE;Lo;0;L;;;;;N;;;;;
+1531;CANADIAN SYLLABICS YWI;Lo;0;L;;;;;N;;;;;
+1532;CANADIAN SYLLABICS WEST-CREE YWI;Lo;0;L;;;;;N;;;;;
+1533;CANADIAN SYLLABICS YWII;Lo;0;L;;;;;N;;;;;
+1534;CANADIAN SYLLABICS WEST-CREE YWII;Lo;0;L;;;;;N;;;;;
+1535;CANADIAN SYLLABICS YWO;Lo;0;L;;;;;N;;;;;
+1536;CANADIAN SYLLABICS WEST-CREE YWO;Lo;0;L;;;;;N;;;;;
+1537;CANADIAN SYLLABICS YWOO;Lo;0;L;;;;;N;;;;;
+1538;CANADIAN SYLLABICS WEST-CREE YWOO;Lo;0;L;;;;;N;;;;;
+1539;CANADIAN SYLLABICS YWA;Lo;0;L;;;;;N;;;;;
+153A;CANADIAN SYLLABICS WEST-CREE YWA;Lo;0;L;;;;;N;;;;;
+153B;CANADIAN SYLLABICS YWAA;Lo;0;L;;;;;N;;;;;
+153C;CANADIAN SYLLABICS WEST-CREE YWAA;Lo;0;L;;;;;N;;;;;
+153D;CANADIAN SYLLABICS NASKAPI YWAA;Lo;0;L;;;;;N;;;;;
+153E;CANADIAN SYLLABICS Y;Lo;0;L;;;;;N;;;;;
+153F;CANADIAN SYLLABICS BIBLE-CREE Y;Lo;0;L;;;;;N;;;;;
+1540;CANADIAN SYLLABICS WEST-CREE Y;Lo;0;L;;;;;N;;;;;
+1541;CANADIAN SYLLABICS SAYISI YI;Lo;0;L;;;;;N;;;;;
+1542;CANADIAN SYLLABICS RE;Lo;0;L;;;;;N;;;;;
+1543;CANADIAN SYLLABICS R-CREE RE;Lo;0;L;;;;;N;;;;;
+1544;CANADIAN SYLLABICS WEST-CREE LE;Lo;0;L;;;;;N;;;;;
+1545;CANADIAN SYLLABICS RAAI;Lo;0;L;;;;;N;;;;;
+1546;CANADIAN SYLLABICS RI;Lo;0;L;;;;;N;;;;;
+1547;CANADIAN SYLLABICS RII;Lo;0;L;;;;;N;;;;;
+1548;CANADIAN SYLLABICS RO;Lo;0;L;;;;;N;;;;;
+1549;CANADIAN SYLLABICS ROO;Lo;0;L;;;;;N;;;;;
+154A;CANADIAN SYLLABICS WEST-CREE LO;Lo;0;L;;;;;N;;;;;
+154B;CANADIAN SYLLABICS RA;Lo;0;L;;;;;N;;;;;
+154C;CANADIAN SYLLABICS RAA;Lo;0;L;;;;;N;;;;;
+154D;CANADIAN SYLLABICS WEST-CREE LA;Lo;0;L;;;;;N;;;;;
+154E;CANADIAN SYLLABICS RWAA;Lo;0;L;;;;;N;;;;;
+154F;CANADIAN SYLLABICS WEST-CREE RWAA;Lo;0;L;;;;;N;;;;;
+1550;CANADIAN SYLLABICS R;Lo;0;L;;;;;N;;;;;
+1551;CANADIAN SYLLABICS WEST-CREE R;Lo;0;L;;;;;N;;;;;
+1552;CANADIAN SYLLABICS MEDIAL R;Lo;0;L;;;;;N;;;;;
+1553;CANADIAN SYLLABICS FE;Lo;0;L;;;;;N;;;;;
+1554;CANADIAN SYLLABICS FAAI;Lo;0;L;;;;;N;;;;;
+1555;CANADIAN SYLLABICS FI;Lo;0;L;;;;;N;;;;;
+1556;CANADIAN SYLLABICS FII;Lo;0;L;;;;;N;;;;;
+1557;CANADIAN SYLLABICS FO;Lo;0;L;;;;;N;;;;;
+1558;CANADIAN SYLLABICS FOO;Lo;0;L;;;;;N;;;;;
+1559;CANADIAN SYLLABICS FA;Lo;0;L;;;;;N;;;;;
+155A;CANADIAN SYLLABICS FAA;Lo;0;L;;;;;N;;;;;
+155B;CANADIAN SYLLABICS FWAA;Lo;0;L;;;;;N;;;;;
+155C;CANADIAN SYLLABICS WEST-CREE FWAA;Lo;0;L;;;;;N;;;;;
+155D;CANADIAN SYLLABICS F;Lo;0;L;;;;;N;;;;;
+155E;CANADIAN SYLLABICS THE;Lo;0;L;;;;;N;;;;;
+155F;CANADIAN SYLLABICS N-CREE THE;Lo;0;L;;;;;N;;;;;
+1560;CANADIAN SYLLABICS THI;Lo;0;L;;;;;N;;;;;
+1561;CANADIAN SYLLABICS N-CREE THI;Lo;0;L;;;;;N;;;;;
+1562;CANADIAN SYLLABICS THII;Lo;0;L;;;;;N;;;;;
+1563;CANADIAN SYLLABICS N-CREE THII;Lo;0;L;;;;;N;;;;;
+1564;CANADIAN SYLLABICS THO;Lo;0;L;;;;;N;;;;;
+1565;CANADIAN SYLLABICS THOO;Lo;0;L;;;;;N;;;;;
+1566;CANADIAN SYLLABICS THA;Lo;0;L;;;;;N;;;;;
+1567;CANADIAN SYLLABICS THAA;Lo;0;L;;;;;N;;;;;
+1568;CANADIAN SYLLABICS THWAA;Lo;0;L;;;;;N;;;;;
+1569;CANADIAN SYLLABICS WEST-CREE THWAA;Lo;0;L;;;;;N;;;;;
+156A;CANADIAN SYLLABICS TH;Lo;0;L;;;;;N;;;;;
+156B;CANADIAN SYLLABICS TTHE;Lo;0;L;;;;;N;;;;;
+156C;CANADIAN SYLLABICS TTHI;Lo;0;L;;;;;N;;;;;
+156D;CANADIAN SYLLABICS TTHO;Lo;0;L;;;;;N;;;;;
+156E;CANADIAN SYLLABICS TTHA;Lo;0;L;;;;;N;;;;;
+156F;CANADIAN SYLLABICS TTH;Lo;0;L;;;;;N;;;;;
+1570;CANADIAN SYLLABICS TYE;Lo;0;L;;;;;N;;;;;
+1571;CANADIAN SYLLABICS TYI;Lo;0;L;;;;;N;;;;;
+1572;CANADIAN SYLLABICS TYO;Lo;0;L;;;;;N;;;;;
+1573;CANADIAN SYLLABICS TYA;Lo;0;L;;;;;N;;;;;
+1574;CANADIAN SYLLABICS NUNAVIK HE;Lo;0;L;;;;;N;;;;;
+1575;CANADIAN SYLLABICS NUNAVIK HI;Lo;0;L;;;;;N;;;;;
+1576;CANADIAN SYLLABICS NUNAVIK HII;Lo;0;L;;;;;N;;;;;
+1577;CANADIAN SYLLABICS NUNAVIK HO;Lo;0;L;;;;;N;;;;;
+1578;CANADIAN SYLLABICS NUNAVIK HOO;Lo;0;L;;;;;N;;;;;
+1579;CANADIAN SYLLABICS NUNAVIK HA;Lo;0;L;;;;;N;;;;;
+157A;CANADIAN SYLLABICS NUNAVIK HAA;Lo;0;L;;;;;N;;;;;
+157B;CANADIAN SYLLABICS NUNAVIK H;Lo;0;L;;;;;N;;;;;
+157C;CANADIAN SYLLABICS NUNAVUT H;Lo;0;L;;;;;N;;;;;
+157D;CANADIAN SYLLABICS HK;Lo;0;L;;;;;N;;;;;
+157E;CANADIAN SYLLABICS QAAI;Lo;0;L;;;;;N;;;;;
+157F;CANADIAN SYLLABICS QI;Lo;0;L;;;;;N;;;;;
+1580;CANADIAN SYLLABICS QII;Lo;0;L;;;;;N;;;;;
+1581;CANADIAN SYLLABICS QO;Lo;0;L;;;;;N;;;;;
+1582;CANADIAN SYLLABICS QOO;Lo;0;L;;;;;N;;;;;
+1583;CANADIAN SYLLABICS QA;Lo;0;L;;;;;N;;;;;
+1584;CANADIAN SYLLABICS QAA;Lo;0;L;;;;;N;;;;;
+1585;CANADIAN SYLLABICS Q;Lo;0;L;;;;;N;;;;;
+1586;CANADIAN SYLLABICS TLHE;Lo;0;L;;;;;N;;;;;
+1587;CANADIAN SYLLABICS TLHI;Lo;0;L;;;;;N;;;;;
+1588;CANADIAN SYLLABICS TLHO;Lo;0;L;;;;;N;;;;;
+1589;CANADIAN SYLLABICS TLHA;Lo;0;L;;;;;N;;;;;
+158A;CANADIAN SYLLABICS WEST-CREE RE;Lo;0;L;;;;;N;;;;;
+158B;CANADIAN SYLLABICS WEST-CREE RI;Lo;0;L;;;;;N;;;;;
+158C;CANADIAN SYLLABICS WEST-CREE RO;Lo;0;L;;;;;N;;;;;
+158D;CANADIAN SYLLABICS WEST-CREE RA;Lo;0;L;;;;;N;;;;;
+158E;CANADIAN SYLLABICS NGAAI;Lo;0;L;;;;;N;;;;;
+158F;CANADIAN SYLLABICS NGI;Lo;0;L;;;;;N;;;;;
+1590;CANADIAN SYLLABICS NGII;Lo;0;L;;;;;N;;;;;
+1591;CANADIAN SYLLABICS NGO;Lo;0;L;;;;;N;;;;;
+1592;CANADIAN SYLLABICS NGOO;Lo;0;L;;;;;N;;;;;
+1593;CANADIAN SYLLABICS NGA;Lo;0;L;;;;;N;;;;;
+1594;CANADIAN SYLLABICS NGAA;Lo;0;L;;;;;N;;;;;
+1595;CANADIAN SYLLABICS NG;Lo;0;L;;;;;N;;;;;
+1596;CANADIAN SYLLABICS NNG;Lo;0;L;;;;;N;;;;;
+1597;CANADIAN SYLLABICS SAYISI SHE;Lo;0;L;;;;;N;;;;;
+1598;CANADIAN SYLLABICS SAYISI SHI;Lo;0;L;;;;;N;;;;;
+1599;CANADIAN SYLLABICS SAYISI SHO;Lo;0;L;;;;;N;;;;;
+159A;CANADIAN SYLLABICS SAYISI SHA;Lo;0;L;;;;;N;;;;;
+159B;CANADIAN SYLLABICS WOODS-CREE THE;Lo;0;L;;;;;N;;;;;
+159C;CANADIAN SYLLABICS WOODS-CREE THI;Lo;0;L;;;;;N;;;;;
+159D;CANADIAN SYLLABICS WOODS-CREE THO;Lo;0;L;;;;;N;;;;;
+159E;CANADIAN SYLLABICS WOODS-CREE THA;Lo;0;L;;;;;N;;;;;
+159F;CANADIAN SYLLABICS WOODS-CREE TH;Lo;0;L;;;;;N;;;;;
+15A0;CANADIAN SYLLABICS LHI;Lo;0;L;;;;;N;;;;;
+15A1;CANADIAN SYLLABICS LHII;Lo;0;L;;;;;N;;;;;
+15A2;CANADIAN SYLLABICS LHO;Lo;0;L;;;;;N;;;;;
+15A3;CANADIAN SYLLABICS LHOO;Lo;0;L;;;;;N;;;;;
+15A4;CANADIAN SYLLABICS LHA;Lo;0;L;;;;;N;;;;;
+15A5;CANADIAN SYLLABICS LHAA;Lo;0;L;;;;;N;;;;;
+15A6;CANADIAN SYLLABICS LH;Lo;0;L;;;;;N;;;;;
+15A7;CANADIAN SYLLABICS TH-CREE THE;Lo;0;L;;;;;N;;;;;
+15A8;CANADIAN SYLLABICS TH-CREE THI;Lo;0;L;;;;;N;;;;;
+15A9;CANADIAN SYLLABICS TH-CREE THII;Lo;0;L;;;;;N;;;;;
+15AA;CANADIAN SYLLABICS TH-CREE THO;Lo;0;L;;;;;N;;;;;
+15AB;CANADIAN SYLLABICS TH-CREE THOO;Lo;0;L;;;;;N;;;;;
+15AC;CANADIAN SYLLABICS TH-CREE THA;Lo;0;L;;;;;N;;;;;
+15AD;CANADIAN SYLLABICS TH-CREE THAA;Lo;0;L;;;;;N;;;;;
+15AE;CANADIAN SYLLABICS TH-CREE TH;Lo;0;L;;;;;N;;;;;
+15AF;CANADIAN SYLLABICS AIVILIK B;Lo;0;L;;;;;N;;;;;
+15B0;CANADIAN SYLLABICS BLACKFOOT E;Lo;0;L;;;;;N;;;;;
+15B1;CANADIAN SYLLABICS BLACKFOOT I;Lo;0;L;;;;;N;;;;;
+15B2;CANADIAN SYLLABICS BLACKFOOT O;Lo;0;L;;;;;N;;;;;
+15B3;CANADIAN SYLLABICS BLACKFOOT A;Lo;0;L;;;;;N;;;;;
+15B4;CANADIAN SYLLABICS BLACKFOOT WE;Lo;0;L;;;;;N;;;;;
+15B5;CANADIAN SYLLABICS BLACKFOOT WI;Lo;0;L;;;;;N;;;;;
+15B6;CANADIAN SYLLABICS BLACKFOOT WO;Lo;0;L;;;;;N;;;;;
+15B7;CANADIAN SYLLABICS BLACKFOOT WA;Lo;0;L;;;;;N;;;;;
+15B8;CANADIAN SYLLABICS BLACKFOOT NE;Lo;0;L;;;;;N;;;;;
+15B9;CANADIAN SYLLABICS BLACKFOOT NI;Lo;0;L;;;;;N;;;;;
+15BA;CANADIAN SYLLABICS BLACKFOOT NO;Lo;0;L;;;;;N;;;;;
+15BB;CANADIAN SYLLABICS BLACKFOOT NA;Lo;0;L;;;;;N;;;;;
+15BC;CANADIAN SYLLABICS BLACKFOOT KE;Lo;0;L;;;;;N;;;;;
+15BD;CANADIAN SYLLABICS BLACKFOOT KI;Lo;0;L;;;;;N;;;;;
+15BE;CANADIAN SYLLABICS BLACKFOOT KO;Lo;0;L;;;;;N;;;;;
+15BF;CANADIAN SYLLABICS BLACKFOOT KA;Lo;0;L;;;;;N;;;;;
+15C0;CANADIAN SYLLABICS SAYISI HE;Lo;0;L;;;;;N;;;;;
+15C1;CANADIAN SYLLABICS SAYISI HI;Lo;0;L;;;;;N;;;;;
+15C2;CANADIAN SYLLABICS SAYISI HO;Lo;0;L;;;;;N;;;;;
+15C3;CANADIAN SYLLABICS SAYISI HA;Lo;0;L;;;;;N;;;;;
+15C4;CANADIAN SYLLABICS CARRIER GHU;Lo;0;L;;;;;N;;;;;
+15C5;CANADIAN SYLLABICS CARRIER GHO;Lo;0;L;;;;;N;;;;;
+15C6;CANADIAN SYLLABICS CARRIER GHE;Lo;0;L;;;;;N;;;;;
+15C7;CANADIAN SYLLABICS CARRIER GHEE;Lo;0;L;;;;;N;;;;;
+15C8;CANADIAN SYLLABICS CARRIER GHI;Lo;0;L;;;;;N;;;;;
+15C9;CANADIAN SYLLABICS CARRIER GHA;Lo;0;L;;;;;N;;;;;
+15CA;CANADIAN SYLLABICS CARRIER RU;Lo;0;L;;;;;N;;;;;
+15CB;CANADIAN SYLLABICS CARRIER RO;Lo;0;L;;;;;N;;;;;
+15CC;CANADIAN SYLLABICS CARRIER RE;Lo;0;L;;;;;N;;;;;
+15CD;CANADIAN SYLLABICS CARRIER REE;Lo;0;L;;;;;N;;;;;
+15CE;CANADIAN SYLLABICS CARRIER RI;Lo;0;L;;;;;N;;;;;
+15CF;CANADIAN SYLLABICS CARRIER RA;Lo;0;L;;;;;N;;;;;
+15D0;CANADIAN SYLLABICS CARRIER WU;Lo;0;L;;;;;N;;;;;
+15D1;CANADIAN SYLLABICS CARRIER WO;Lo;0;L;;;;;N;;;;;
+15D2;CANADIAN SYLLABICS CARRIER WE;Lo;0;L;;;;;N;;;;;
+15D3;CANADIAN SYLLABICS CARRIER WEE;Lo;0;L;;;;;N;;;;;
+15D4;CANADIAN SYLLABICS CARRIER WI;Lo;0;L;;;;;N;;;;;
+15D5;CANADIAN SYLLABICS CARRIER WA;Lo;0;L;;;;;N;;;;;
+15D6;CANADIAN SYLLABICS CARRIER HWU;Lo;0;L;;;;;N;;;;;
+15D7;CANADIAN SYLLABICS CARRIER HWO;Lo;0;L;;;;;N;;;;;
+15D8;CANADIAN SYLLABICS CARRIER HWE;Lo;0;L;;;;;N;;;;;
+15D9;CANADIAN SYLLABICS CARRIER HWEE;Lo;0;L;;;;;N;;;;;
+15DA;CANADIAN SYLLABICS CARRIER HWI;Lo;0;L;;;;;N;;;;;
+15DB;CANADIAN SYLLABICS CARRIER HWA;Lo;0;L;;;;;N;;;;;
+15DC;CANADIAN SYLLABICS CARRIER THU;Lo;0;L;;;;;N;;;;;
+15DD;CANADIAN SYLLABICS CARRIER THO;Lo;0;L;;;;;N;;;;;
+15DE;CANADIAN SYLLABICS CARRIER THE;Lo;0;L;;;;;N;;;;;
+15DF;CANADIAN SYLLABICS CARRIER THEE;Lo;0;L;;;;;N;;;;;
+15E0;CANADIAN SYLLABICS CARRIER THI;Lo;0;L;;;;;N;;;;;
+15E1;CANADIAN SYLLABICS CARRIER THA;Lo;0;L;;;;;N;;;;;
+15E2;CANADIAN SYLLABICS CARRIER TTU;Lo;0;L;;;;;N;;;;;
+15E3;CANADIAN SYLLABICS CARRIER TTO;Lo;0;L;;;;;N;;;;;
+15E4;CANADIAN SYLLABICS CARRIER TTE;Lo;0;L;;;;;N;;;;;
+15E5;CANADIAN SYLLABICS CARRIER TTEE;Lo;0;L;;;;;N;;;;;
+15E6;CANADIAN SYLLABICS CARRIER TTI;Lo;0;L;;;;;N;;;;;
+15E7;CANADIAN SYLLABICS CARRIER TTA;Lo;0;L;;;;;N;;;;;
+15E8;CANADIAN SYLLABICS CARRIER PU;Lo;0;L;;;;;N;;;;;
+15E9;CANADIAN SYLLABICS CARRIER PO;Lo;0;L;;;;;N;;;;;
+15EA;CANADIAN SYLLABICS CARRIER PE;Lo;0;L;;;;;N;;;;;
+15EB;CANADIAN SYLLABICS CARRIER PEE;Lo;0;L;;;;;N;;;;;
+15EC;CANADIAN SYLLABICS CARRIER PI;Lo;0;L;;;;;N;;;;;
+15ED;CANADIAN SYLLABICS CARRIER PA;Lo;0;L;;;;;N;;;;;
+15EE;CANADIAN SYLLABICS CARRIER P;Lo;0;L;;;;;N;;;;;
+15EF;CANADIAN SYLLABICS CARRIER GU;Lo;0;L;;;;;N;;;;;
+15F0;CANADIAN SYLLABICS CARRIER GO;Lo;0;L;;;;;N;;;;;
+15F1;CANADIAN SYLLABICS CARRIER GE;Lo;0;L;;;;;N;;;;;
+15F2;CANADIAN SYLLABICS CARRIER GEE;Lo;0;L;;;;;N;;;;;
+15F3;CANADIAN SYLLABICS CARRIER GI;Lo;0;L;;;;;N;;;;;
+15F4;CANADIAN SYLLABICS CARRIER GA;Lo;0;L;;;;;N;;;;;
+15F5;CANADIAN SYLLABICS CARRIER KHU;Lo;0;L;;;;;N;;;;;
+15F6;CANADIAN SYLLABICS CARRIER KHO;Lo;0;L;;;;;N;;;;;
+15F7;CANADIAN SYLLABICS CARRIER KHE;Lo;0;L;;;;;N;;;;;
+15F8;CANADIAN SYLLABICS CARRIER KHEE;Lo;0;L;;;;;N;;;;;
+15F9;CANADIAN SYLLABICS CARRIER KHI;Lo;0;L;;;;;N;;;;;
+15FA;CANADIAN SYLLABICS CARRIER KHA;Lo;0;L;;;;;N;;;;;
+15FB;CANADIAN SYLLABICS CARRIER KKU;Lo;0;L;;;;;N;;;;;
+15FC;CANADIAN SYLLABICS CARRIER KKO;Lo;0;L;;;;;N;;;;;
+15FD;CANADIAN SYLLABICS CARRIER KKE;Lo;0;L;;;;;N;;;;;
+15FE;CANADIAN SYLLABICS CARRIER KKEE;Lo;0;L;;;;;N;;;;;
+15FF;CANADIAN SYLLABICS CARRIER KKI;Lo;0;L;;;;;N;;;;;
+1600;CANADIAN SYLLABICS CARRIER KKA;Lo;0;L;;;;;N;;;;;
+1601;CANADIAN SYLLABICS CARRIER KK;Lo;0;L;;;;;N;;;;;
+1602;CANADIAN SYLLABICS CARRIER NU;Lo;0;L;;;;;N;;;;;
+1603;CANADIAN SYLLABICS CARRIER NO;Lo;0;L;;;;;N;;;;;
+1604;CANADIAN SYLLABICS CARRIER NE;Lo;0;L;;;;;N;;;;;
+1605;CANADIAN SYLLABICS CARRIER NEE;Lo;0;L;;;;;N;;;;;
+1606;CANADIAN SYLLABICS CARRIER NI;Lo;0;L;;;;;N;;;;;
+1607;CANADIAN SYLLABICS CARRIER NA;Lo;0;L;;;;;N;;;;;
+1608;CANADIAN SYLLABICS CARRIER MU;Lo;0;L;;;;;N;;;;;
+1609;CANADIAN SYLLABICS CARRIER MO;Lo;0;L;;;;;N;;;;;
+160A;CANADIAN SYLLABICS CARRIER ME;Lo;0;L;;;;;N;;;;;
+160B;CANADIAN SYLLABICS CARRIER MEE;Lo;0;L;;;;;N;;;;;
+160C;CANADIAN SYLLABICS CARRIER MI;Lo;0;L;;;;;N;;;;;
+160D;CANADIAN SYLLABICS CARRIER MA;Lo;0;L;;;;;N;;;;;
+160E;CANADIAN SYLLABICS CARRIER YU;Lo;0;L;;;;;N;;;;;
+160F;CANADIAN SYLLABICS CARRIER YO;Lo;0;L;;;;;N;;;;;
+1610;CANADIAN SYLLABICS CARRIER YE;Lo;0;L;;;;;N;;;;;
+1611;CANADIAN SYLLABICS CARRIER YEE;Lo;0;L;;;;;N;;;;;
+1612;CANADIAN SYLLABICS CARRIER YI;Lo;0;L;;;;;N;;;;;
+1613;CANADIAN SYLLABICS CARRIER YA;Lo;0;L;;;;;N;;;;;
+1614;CANADIAN SYLLABICS CARRIER JU;Lo;0;L;;;;;N;;;;;
+1615;CANADIAN SYLLABICS SAYISI JU;Lo;0;L;;;;;N;;;;;
+1616;CANADIAN SYLLABICS CARRIER JO;Lo;0;L;;;;;N;;;;;
+1617;CANADIAN SYLLABICS CARRIER JE;Lo;0;L;;;;;N;;;;;
+1618;CANADIAN SYLLABICS CARRIER JEE;Lo;0;L;;;;;N;;;;;
+1619;CANADIAN SYLLABICS CARRIER JI;Lo;0;L;;;;;N;;;;;
+161A;CANADIAN SYLLABICS SAYISI JI;Lo;0;L;;;;;N;;;;;
+161B;CANADIAN SYLLABICS CARRIER JA;Lo;0;L;;;;;N;;;;;
+161C;CANADIAN SYLLABICS CARRIER JJU;Lo;0;L;;;;;N;;;;;
+161D;CANADIAN SYLLABICS CARRIER JJO;Lo;0;L;;;;;N;;;;;
+161E;CANADIAN SYLLABICS CARRIER JJE;Lo;0;L;;;;;N;;;;;
+161F;CANADIAN SYLLABICS CARRIER JJEE;Lo;0;L;;;;;N;;;;;
+1620;CANADIAN SYLLABICS CARRIER JJI;Lo;0;L;;;;;N;;;;;
+1621;CANADIAN SYLLABICS CARRIER JJA;Lo;0;L;;;;;N;;;;;
+1622;CANADIAN SYLLABICS CARRIER LU;Lo;0;L;;;;;N;;;;;
+1623;CANADIAN SYLLABICS CARRIER LO;Lo;0;L;;;;;N;;;;;
+1624;CANADIAN SYLLABICS CARRIER LE;Lo;0;L;;;;;N;;;;;
+1625;CANADIAN SYLLABICS CARRIER LEE;Lo;0;L;;;;;N;;;;;
+1626;CANADIAN SYLLABICS CARRIER LI;Lo;0;L;;;;;N;;;;;
+1627;CANADIAN SYLLABICS CARRIER LA;Lo;0;L;;;;;N;;;;;
+1628;CANADIAN SYLLABICS CARRIER DLU;Lo;0;L;;;;;N;;;;;
+1629;CANADIAN SYLLABICS CARRIER DLO;Lo;0;L;;;;;N;;;;;
+162A;CANADIAN SYLLABICS CARRIER DLE;Lo;0;L;;;;;N;;;;;
+162B;CANADIAN SYLLABICS CARRIER DLEE;Lo;0;L;;;;;N;;;;;
+162C;CANADIAN SYLLABICS CARRIER DLI;Lo;0;L;;;;;N;;;;;
+162D;CANADIAN SYLLABICS CARRIER DLA;Lo;0;L;;;;;N;;;;;
+162E;CANADIAN SYLLABICS CARRIER LHU;Lo;0;L;;;;;N;;;;;
+162F;CANADIAN SYLLABICS CARRIER LHO;Lo;0;L;;;;;N;;;;;
+1630;CANADIAN SYLLABICS CARRIER LHE;Lo;0;L;;;;;N;;;;;
+1631;CANADIAN SYLLABICS CARRIER LHEE;Lo;0;L;;;;;N;;;;;
+1632;CANADIAN SYLLABICS CARRIER LHI;Lo;0;L;;;;;N;;;;;
+1633;CANADIAN SYLLABICS CARRIER LHA;Lo;0;L;;;;;N;;;;;
+1634;CANADIAN SYLLABICS CARRIER TLHU;Lo;0;L;;;;;N;;;;;
+1635;CANADIAN SYLLABICS CARRIER TLHO;Lo;0;L;;;;;N;;;;;
+1636;CANADIAN SYLLABICS CARRIER TLHE;Lo;0;L;;;;;N;;;;;
+1637;CANADIAN SYLLABICS CARRIER TLHEE;Lo;0;L;;;;;N;;;;;
+1638;CANADIAN SYLLABICS CARRIER TLHI;Lo;0;L;;;;;N;;;;;
+1639;CANADIAN SYLLABICS CARRIER TLHA;Lo;0;L;;;;;N;;;;;
+163A;CANADIAN SYLLABICS CARRIER TLU;Lo;0;L;;;;;N;;;;;
+163B;CANADIAN SYLLABICS CARRIER TLO;Lo;0;L;;;;;N;;;;;
+163C;CANADIAN SYLLABICS CARRIER TLE;Lo;0;L;;;;;N;;;;;
+163D;CANADIAN SYLLABICS CARRIER TLEE;Lo;0;L;;;;;N;;;;;
+163E;CANADIAN SYLLABICS CARRIER TLI;Lo;0;L;;;;;N;;;;;
+163F;CANADIAN SYLLABICS CARRIER TLA;Lo;0;L;;;;;N;;;;;
+1640;CANADIAN SYLLABICS CARRIER ZU;Lo;0;L;;;;;N;;;;;
+1641;CANADIAN SYLLABICS CARRIER ZO;Lo;0;L;;;;;N;;;;;
+1642;CANADIAN SYLLABICS CARRIER ZE;Lo;0;L;;;;;N;;;;;
+1643;CANADIAN SYLLABICS CARRIER ZEE;Lo;0;L;;;;;N;;;;;
+1644;CANADIAN SYLLABICS CARRIER ZI;Lo;0;L;;;;;N;;;;;
+1645;CANADIAN SYLLABICS CARRIER ZA;Lo;0;L;;;;;N;;;;;
+1646;CANADIAN SYLLABICS CARRIER Z;Lo;0;L;;;;;N;;;;;
+1647;CANADIAN SYLLABICS CARRIER INITIAL Z;Lo;0;L;;;;;N;;;;;
+1648;CANADIAN SYLLABICS CARRIER DZU;Lo;0;L;;;;;N;;;;;
+1649;CANADIAN SYLLABICS CARRIER DZO;Lo;0;L;;;;;N;;;;;
+164A;CANADIAN SYLLABICS CARRIER DZE;Lo;0;L;;;;;N;;;;;
+164B;CANADIAN SYLLABICS CARRIER DZEE;Lo;0;L;;;;;N;;;;;
+164C;CANADIAN SYLLABICS CARRIER DZI;Lo;0;L;;;;;N;;;;;
+164D;CANADIAN SYLLABICS CARRIER DZA;Lo;0;L;;;;;N;;;;;
+164E;CANADIAN SYLLABICS CARRIER SU;Lo;0;L;;;;;N;;;;;
+164F;CANADIAN SYLLABICS CARRIER SO;Lo;0;L;;;;;N;;;;;
+1650;CANADIAN SYLLABICS CARRIER SE;Lo;0;L;;;;;N;;;;;
+1651;CANADIAN SYLLABICS CARRIER SEE;Lo;0;L;;;;;N;;;;;
+1652;CANADIAN SYLLABICS CARRIER SI;Lo;0;L;;;;;N;;;;;
+1653;CANADIAN SYLLABICS CARRIER SA;Lo;0;L;;;;;N;;;;;
+1654;CANADIAN SYLLABICS CARRIER SHU;Lo;0;L;;;;;N;;;;;
+1655;CANADIAN SYLLABICS CARRIER SHO;Lo;0;L;;;;;N;;;;;
+1656;CANADIAN SYLLABICS CARRIER SHE;Lo;0;L;;;;;N;;;;;
+1657;CANADIAN SYLLABICS CARRIER SHEE;Lo;0;L;;;;;N;;;;;
+1658;CANADIAN SYLLABICS CARRIER SHI;Lo;0;L;;;;;N;;;;;
+1659;CANADIAN SYLLABICS CARRIER SHA;Lo;0;L;;;;;N;;;;;
+165A;CANADIAN SYLLABICS CARRIER SH;Lo;0;L;;;;;N;;;;;
+165B;CANADIAN SYLLABICS CARRIER TSU;Lo;0;L;;;;;N;;;;;
+165C;CANADIAN SYLLABICS CARRIER TSO;Lo;0;L;;;;;N;;;;;
+165D;CANADIAN SYLLABICS CARRIER TSE;Lo;0;L;;;;;N;;;;;
+165E;CANADIAN SYLLABICS CARRIER TSEE;Lo;0;L;;;;;N;;;;;
+165F;CANADIAN SYLLABICS CARRIER TSI;Lo;0;L;;;;;N;;;;;
+1660;CANADIAN SYLLABICS CARRIER TSA;Lo;0;L;;;;;N;;;;;
+1661;CANADIAN SYLLABICS CARRIER CHU;Lo;0;L;;;;;N;;;;;
+1662;CANADIAN SYLLABICS CARRIER CHO;Lo;0;L;;;;;N;;;;;
+1663;CANADIAN SYLLABICS CARRIER CHE;Lo;0;L;;;;;N;;;;;
+1664;CANADIAN SYLLABICS CARRIER CHEE;Lo;0;L;;;;;N;;;;;
+1665;CANADIAN SYLLABICS CARRIER CHI;Lo;0;L;;;;;N;;;;;
+1666;CANADIAN SYLLABICS CARRIER CHA;Lo;0;L;;;;;N;;;;;
+1667;CANADIAN SYLLABICS CARRIER TTSU;Lo;0;L;;;;;N;;;;;
+1668;CANADIAN SYLLABICS CARRIER TTSO;Lo;0;L;;;;;N;;;;;
+1669;CANADIAN SYLLABICS CARRIER TTSE;Lo;0;L;;;;;N;;;;;
+166A;CANADIAN SYLLABICS CARRIER TTSEE;Lo;0;L;;;;;N;;;;;
+166B;CANADIAN SYLLABICS CARRIER TTSI;Lo;0;L;;;;;N;;;;;
+166C;CANADIAN SYLLABICS CARRIER TTSA;Lo;0;L;;;;;N;;;;;
+166D;CANADIAN SYLLABICS CHI SIGN;Po;0;L;;;;;N;;;;;
+166E;CANADIAN SYLLABICS FULL STOP;Po;0;L;;;;;N;;;;;
+166F;CANADIAN SYLLABICS QAI;Lo;0;L;;;;;N;;;;;
+1670;CANADIAN SYLLABICS NGAI;Lo;0;L;;;;;N;;;;;
+1671;CANADIAN SYLLABICS NNGI;Lo;0;L;;;;;N;;;;;
+1672;CANADIAN SYLLABICS NNGII;Lo;0;L;;;;;N;;;;;
+1673;CANADIAN SYLLABICS NNGO;Lo;0;L;;;;;N;;;;;
+1674;CANADIAN SYLLABICS NNGOO;Lo;0;L;;;;;N;;;;;
+1675;CANADIAN SYLLABICS NNGA;Lo;0;L;;;;;N;;;;;
+1676;CANADIAN SYLLABICS NNGAA;Lo;0;L;;;;;N;;;;;
+1680;OGHAM SPACE MARK;Zs;0;WS;;;;;N;;;;;
+1681;OGHAM LETTER BEITH;Lo;0;L;;;;;N;;;;;
+1682;OGHAM LETTER LUIS;Lo;0;L;;;;;N;;;;;
+1683;OGHAM LETTER FEARN;Lo;0;L;;;;;N;;;;;
+1684;OGHAM LETTER SAIL;Lo;0;L;;;;;N;;;;;
+1685;OGHAM LETTER NION;Lo;0;L;;;;;N;;;;;
+1686;OGHAM LETTER UATH;Lo;0;L;;;;;N;;;;;
+1687;OGHAM LETTER DAIR;Lo;0;L;;;;;N;;;;;
+1688;OGHAM LETTER TINNE;Lo;0;L;;;;;N;;;;;
+1689;OGHAM LETTER COLL;Lo;0;L;;;;;N;;;;;
+168A;OGHAM LETTER CEIRT;Lo;0;L;;;;;N;;;;;
+168B;OGHAM LETTER MUIN;Lo;0;L;;;;;N;;;;;
+168C;OGHAM LETTER GORT;Lo;0;L;;;;;N;;;;;
+168D;OGHAM LETTER NGEADAL;Lo;0;L;;;;;N;;;;;
+168E;OGHAM LETTER STRAIF;Lo;0;L;;;;;N;;;;;
+168F;OGHAM LETTER RUIS;Lo;0;L;;;;;N;;;;;
+1690;OGHAM LETTER AILM;Lo;0;L;;;;;N;;;;;
+1691;OGHAM LETTER ONN;Lo;0;L;;;;;N;;;;;
+1692;OGHAM LETTER UR;Lo;0;L;;;;;N;;;;;
+1693;OGHAM LETTER EADHADH;Lo;0;L;;;;;N;;;;;
+1694;OGHAM LETTER IODHADH;Lo;0;L;;;;;N;;;;;
+1695;OGHAM LETTER EABHADH;Lo;0;L;;;;;N;;;;;
+1696;OGHAM LETTER OR;Lo;0;L;;;;;N;;;;;
+1697;OGHAM LETTER UILLEANN;Lo;0;L;;;;;N;;;;;
+1698;OGHAM LETTER IFIN;Lo;0;L;;;;;N;;;;;
+1699;OGHAM LETTER EAMHANCHOLL;Lo;0;L;;;;;N;;;;;
+169A;OGHAM LETTER PEITH;Lo;0;L;;;;;N;;;;;
+169B;OGHAM FEATHER MARK;Ps;0;ON;;;;;N;;;;;
+169C;OGHAM REVERSED FEATHER MARK;Pe;0;ON;;;;;N;;;;;
+16A0;RUNIC LETTER FEHU FEOH FE F;Lo;0;L;;;;;N;;;;;
+16A1;RUNIC LETTER V;Lo;0;L;;;;;N;;;;;
+16A2;RUNIC LETTER URUZ UR U;Lo;0;L;;;;;N;;;;;
+16A3;RUNIC LETTER YR;Lo;0;L;;;;;N;;;;;
+16A4;RUNIC LETTER Y;Lo;0;L;;;;;N;;;;;
+16A5;RUNIC LETTER W;Lo;0;L;;;;;N;;;;;
+16A6;RUNIC LETTER THURISAZ THURS THORN;Lo;0;L;;;;;N;;;;;
+16A7;RUNIC LETTER ETH;Lo;0;L;;;;;N;;;;;
+16A8;RUNIC LETTER ANSUZ A;Lo;0;L;;;;;N;;;;;
+16A9;RUNIC LETTER OS O;Lo;0;L;;;;;N;;;;;
+16AA;RUNIC LETTER AC A;Lo;0;L;;;;;N;;;;;
+16AB;RUNIC LETTER AESC;Lo;0;L;;;;;N;;;;;
+16AC;RUNIC LETTER LONG-BRANCH-OSS O;Lo;0;L;;;;;N;;;;;
+16AD;RUNIC LETTER SHORT-TWIG-OSS O;Lo;0;L;;;;;N;;;;;
+16AE;RUNIC LETTER O;Lo;0;L;;;;;N;;;;;
+16AF;RUNIC LETTER OE;Lo;0;L;;;;;N;;;;;
+16B0;RUNIC LETTER ON;Lo;0;L;;;;;N;;;;;
+16B1;RUNIC LETTER RAIDO RAD REID R;Lo;0;L;;;;;N;;;;;
+16B2;RUNIC LETTER KAUNA;Lo;0;L;;;;;N;;;;;
+16B3;RUNIC LETTER CEN;Lo;0;L;;;;;N;;;;;
+16B4;RUNIC LETTER KAUN K;Lo;0;L;;;;;N;;;;;
+16B5;RUNIC LETTER G;Lo;0;L;;;;;N;;;;;
+16B6;RUNIC LETTER ENG;Lo;0;L;;;;;N;;;;;
+16B7;RUNIC LETTER GEBO GYFU G;Lo;0;L;;;;;N;;;;;
+16B8;RUNIC LETTER GAR;Lo;0;L;;;;;N;;;;;
+16B9;RUNIC LETTER WUNJO WYNN W;Lo;0;L;;;;;N;;;;;
+16BA;RUNIC LETTER HAGLAZ H;Lo;0;L;;;;;N;;;;;
+16BB;RUNIC LETTER HAEGL H;Lo;0;L;;;;;N;;;;;
+16BC;RUNIC LETTER LONG-BRANCH-HAGALL H;Lo;0;L;;;;;N;;;;;
+16BD;RUNIC LETTER SHORT-TWIG-HAGALL H;Lo;0;L;;;;;N;;;;;
+16BE;RUNIC LETTER NAUDIZ NYD NAUD N;Lo;0;L;;;;;N;;;;;
+16BF;RUNIC LETTER SHORT-TWIG-NAUD N;Lo;0;L;;;;;N;;;;;
+16C0;RUNIC LETTER DOTTED-N;Lo;0;L;;;;;N;;;;;
+16C1;RUNIC LETTER ISAZ IS ISS I;Lo;0;L;;;;;N;;;;;
+16C2;RUNIC LETTER E;Lo;0;L;;;;;N;;;;;
+16C3;RUNIC LETTER JERAN J;Lo;0;L;;;;;N;;;;;
+16C4;RUNIC LETTER GER;Lo;0;L;;;;;N;;;;;
+16C5;RUNIC LETTER LONG-BRANCH-AR AE;Lo;0;L;;;;;N;;;;;
+16C6;RUNIC LETTER SHORT-TWIG-AR A;Lo;0;L;;;;;N;;;;;
+16C7;RUNIC LETTER IWAZ EOH;Lo;0;L;;;;;N;;;;;
+16C8;RUNIC LETTER PERTHO PEORTH P;Lo;0;L;;;;;N;;;;;
+16C9;RUNIC LETTER ALGIZ EOLHX;Lo;0;L;;;;;N;;;;;
+16CA;RUNIC LETTER SOWILO S;Lo;0;L;;;;;N;;;;;
+16CB;RUNIC LETTER SIGEL LONG-BRANCH-SOL S;Lo;0;L;;;;;N;;;;;
+16CC;RUNIC LETTER SHORT-TWIG-SOL S;Lo;0;L;;;;;N;;;;;
+16CD;RUNIC LETTER C;Lo;0;L;;;;;N;;;;;
+16CE;RUNIC LETTER Z;Lo;0;L;;;;;N;;;;;
+16CF;RUNIC LETTER TIWAZ TIR TYR T;Lo;0;L;;;;;N;;;;;
+16D0;RUNIC LETTER SHORT-TWIG-TYR T;Lo;0;L;;;;;N;;;;;
+16D1;RUNIC LETTER D;Lo;0;L;;;;;N;;;;;
+16D2;RUNIC LETTER BERKANAN BEORC BJARKAN B;Lo;0;L;;;;;N;;;;;
+16D3;RUNIC LETTER SHORT-TWIG-BJARKAN B;Lo;0;L;;;;;N;;;;;
+16D4;RUNIC LETTER DOTTED-P;Lo;0;L;;;;;N;;;;;
+16D5;RUNIC LETTER OPEN-P;Lo;0;L;;;;;N;;;;;
+16D6;RUNIC LETTER EHWAZ EH E;Lo;0;L;;;;;N;;;;;
+16D7;RUNIC LETTER MANNAZ MAN M;Lo;0;L;;;;;N;;;;;
+16D8;RUNIC LETTER LONG-BRANCH-MADR M;Lo;0;L;;;;;N;;;;;
+16D9;RUNIC LETTER SHORT-TWIG-MADR M;Lo;0;L;;;;;N;;;;;
+16DA;RUNIC LETTER LAUKAZ LAGU LOGR L;Lo;0;L;;;;;N;;;;;
+16DB;RUNIC LETTER DOTTED-L;Lo;0;L;;;;;N;;;;;
+16DC;RUNIC LETTER INGWAZ;Lo;0;L;;;;;N;;;;;
+16DD;RUNIC LETTER ING;Lo;0;L;;;;;N;;;;;
+16DE;RUNIC LETTER DAGAZ DAEG D;Lo;0;L;;;;;N;;;;;
+16DF;RUNIC LETTER OTHALAN ETHEL O;Lo;0;L;;;;;N;;;;;
+16E0;RUNIC LETTER EAR;Lo;0;L;;;;;N;;;;;
+16E1;RUNIC LETTER IOR;Lo;0;L;;;;;N;;;;;
+16E2;RUNIC LETTER CWEORTH;Lo;0;L;;;;;N;;;;;
+16E3;RUNIC LETTER CALC;Lo;0;L;;;;;N;;;;;
+16E4;RUNIC LETTER CEALC;Lo;0;L;;;;;N;;;;;
+16E5;RUNIC LETTER STAN;Lo;0;L;;;;;N;;;;;
+16E6;RUNIC LETTER LONG-BRANCH-YR;Lo;0;L;;;;;N;;;;;
+16E7;RUNIC LETTER SHORT-TWIG-YR;Lo;0;L;;;;;N;;;;;
+16E8;RUNIC LETTER ICELANDIC-YR;Lo;0;L;;;;;N;;;;;
+16E9;RUNIC LETTER Q;Lo;0;L;;;;;N;;;;;
+16EA;RUNIC LETTER X;Lo;0;L;;;;;N;;;;;
+16EB;RUNIC SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+16EC;RUNIC MULTIPLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+16ED;RUNIC CROSS PUNCTUATION;Po;0;L;;;;;N;;;;;
+16EE;RUNIC ARLAUG SYMBOL;Nl;0;L;;;;17;N;;golden number 17;;;
+16EF;RUNIC TVIMADUR SYMBOL;Nl;0;L;;;;18;N;;golden number 18;;;
+16F0;RUNIC BELGTHOR SYMBOL;Nl;0;L;;;;19;N;;golden number 19;;;
+1700;TAGALOG LETTER A;Lo;0;L;;;;;N;;;;;
+1701;TAGALOG LETTER I;Lo;0;L;;;;;N;;;;;
+1702;TAGALOG LETTER U;Lo;0;L;;;;;N;;;;;
+1703;TAGALOG LETTER KA;Lo;0;L;;;;;N;;;;;
+1704;TAGALOG LETTER GA;Lo;0;L;;;;;N;;;;;
+1705;TAGALOG LETTER NGA;Lo;0;L;;;;;N;;;;;
+1706;TAGALOG LETTER TA;Lo;0;L;;;;;N;;;;;
+1707;TAGALOG LETTER DA;Lo;0;L;;;;;N;;;;;
+1708;TAGALOG LETTER NA;Lo;0;L;;;;;N;;;;;
+1709;TAGALOG LETTER PA;Lo;0;L;;;;;N;;;;;
+170A;TAGALOG LETTER BA;Lo;0;L;;;;;N;;;;;
+170B;TAGALOG LETTER MA;Lo;0;L;;;;;N;;;;;
+170C;TAGALOG LETTER YA;Lo;0;L;;;;;N;;;;;
+170E;TAGALOG LETTER LA;Lo;0;L;;;;;N;;;;;
+170F;TAGALOG LETTER WA;Lo;0;L;;;;;N;;;;;
+1710;TAGALOG LETTER SA;Lo;0;L;;;;;N;;;;;
+1711;TAGALOG LETTER HA;Lo;0;L;;;;;N;;;;;
+1712;TAGALOG VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1713;TAGALOG VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1714;TAGALOG SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;;
+1720;HANUNOO LETTER A;Lo;0;L;;;;;N;;;;;
+1721;HANUNOO LETTER I;Lo;0;L;;;;;N;;;;;
+1722;HANUNOO LETTER U;Lo;0;L;;;;;N;;;;;
+1723;HANUNOO LETTER KA;Lo;0;L;;;;;N;;;;;
+1724;HANUNOO LETTER GA;Lo;0;L;;;;;N;;;;;
+1725;HANUNOO LETTER NGA;Lo;0;L;;;;;N;;;;;
+1726;HANUNOO LETTER TA;Lo;0;L;;;;;N;;;;;
+1727;HANUNOO LETTER DA;Lo;0;L;;;;;N;;;;;
+1728;HANUNOO LETTER NA;Lo;0;L;;;;;N;;;;;
+1729;HANUNOO LETTER PA;Lo;0;L;;;;;N;;;;;
+172A;HANUNOO LETTER BA;Lo;0;L;;;;;N;;;;;
+172B;HANUNOO LETTER MA;Lo;0;L;;;;;N;;;;;
+172C;HANUNOO LETTER YA;Lo;0;L;;;;;N;;;;;
+172D;HANUNOO LETTER RA;Lo;0;L;;;;;N;;;;;
+172E;HANUNOO LETTER LA;Lo;0;L;;;;;N;;;;;
+172F;HANUNOO LETTER WA;Lo;0;L;;;;;N;;;;;
+1730;HANUNOO LETTER SA;Lo;0;L;;;;;N;;;;;
+1731;HANUNOO LETTER HA;Lo;0;L;;;;;N;;;;;
+1732;HANUNOO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1733;HANUNOO VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1734;HANUNOO SIGN PAMUDPOD;Mn;9;NSM;;;;;N;;;;;
+1735;PHILIPPINE SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+1736;PHILIPPINE DOUBLE PUNCTUATION;Po;0;L;;;;;N;;;;;
+1740;BUHID LETTER A;Lo;0;L;;;;;N;;;;;
+1741;BUHID LETTER I;Lo;0;L;;;;;N;;;;;
+1742;BUHID LETTER U;Lo;0;L;;;;;N;;;;;
+1743;BUHID LETTER KA;Lo;0;L;;;;;N;;;;;
+1744;BUHID LETTER GA;Lo;0;L;;;;;N;;;;;
+1745;BUHID LETTER NGA;Lo;0;L;;;;;N;;;;;
+1746;BUHID LETTER TA;Lo;0;L;;;;;N;;;;;
+1747;BUHID LETTER DA;Lo;0;L;;;;;N;;;;;
+1748;BUHID LETTER NA;Lo;0;L;;;;;N;;;;;
+1749;BUHID LETTER PA;Lo;0;L;;;;;N;;;;;
+174A;BUHID LETTER BA;Lo;0;L;;;;;N;;;;;
+174B;BUHID LETTER MA;Lo;0;L;;;;;N;;;;;
+174C;BUHID LETTER YA;Lo;0;L;;;;;N;;;;;
+174D;BUHID LETTER RA;Lo;0;L;;;;;N;;;;;
+174E;BUHID LETTER LA;Lo;0;L;;;;;N;;;;;
+174F;BUHID LETTER WA;Lo;0;L;;;;;N;;;;;
+1750;BUHID LETTER SA;Lo;0;L;;;;;N;;;;;
+1751;BUHID LETTER HA;Lo;0;L;;;;;N;;;;;
+1752;BUHID VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1753;BUHID VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1760;TAGBANWA LETTER A;Lo;0;L;;;;;N;;;;;
+1761;TAGBANWA LETTER I;Lo;0;L;;;;;N;;;;;
+1762;TAGBANWA LETTER U;Lo;0;L;;;;;N;;;;;
+1763;TAGBANWA LETTER KA;Lo;0;L;;;;;N;;;;;
+1764;TAGBANWA LETTER GA;Lo;0;L;;;;;N;;;;;
+1765;TAGBANWA LETTER NGA;Lo;0;L;;;;;N;;;;;
+1766;TAGBANWA LETTER TA;Lo;0;L;;;;;N;;;;;
+1767;TAGBANWA LETTER DA;Lo;0;L;;;;;N;;;;;
+1768;TAGBANWA LETTER NA;Lo;0;L;;;;;N;;;;;
+1769;TAGBANWA LETTER PA;Lo;0;L;;;;;N;;;;;
+176A;TAGBANWA LETTER BA;Lo;0;L;;;;;N;;;;;
+176B;TAGBANWA LETTER MA;Lo;0;L;;;;;N;;;;;
+176C;TAGBANWA LETTER YA;Lo;0;L;;;;;N;;;;;
+176E;TAGBANWA LETTER LA;Lo;0;L;;;;;N;;;;;
+176F;TAGBANWA LETTER WA;Lo;0;L;;;;;N;;;;;
+1770;TAGBANWA LETTER SA;Lo;0;L;;;;;N;;;;;
+1772;TAGBANWA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+1773;TAGBANWA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+1780;KHMER LETTER KA;Lo;0;L;;;;;N;;;;;
+1781;KHMER LETTER KHA;Lo;0;L;;;;;N;;;;;
+1782;KHMER LETTER KO;Lo;0;L;;;;;N;;;;;
+1783;KHMER LETTER KHO;Lo;0;L;;;;;N;;;;;
+1784;KHMER LETTER NGO;Lo;0;L;;;;;N;;;;;
+1785;KHMER LETTER CA;Lo;0;L;;;;;N;;;;;
+1786;KHMER LETTER CHA;Lo;0;L;;;;;N;;;;;
+1787;KHMER LETTER CO;Lo;0;L;;;;;N;;;;;
+1788;KHMER LETTER CHO;Lo;0;L;;;;;N;;;;;
+1789;KHMER LETTER NYO;Lo;0;L;;;;;N;;;;;
+178A;KHMER LETTER DA;Lo;0;L;;;;;N;;;;;
+178B;KHMER LETTER TTHA;Lo;0;L;;;;;N;;;;;
+178C;KHMER LETTER DO;Lo;0;L;;;;;N;;;;;
+178D;KHMER LETTER TTHO;Lo;0;L;;;;;N;;;;;
+178E;KHMER LETTER NNO;Lo;0;L;;;;;N;;;;;
+178F;KHMER LETTER TA;Lo;0;L;;;;;N;;;;;
+1790;KHMER LETTER THA;Lo;0;L;;;;;N;;;;;
+1791;KHMER LETTER TO;Lo;0;L;;;;;N;;;;;
+1792;KHMER LETTER THO;Lo;0;L;;;;;N;;;;;
+1793;KHMER LETTER NO;Lo;0;L;;;;;N;;;;;
+1794;KHMER LETTER BA;Lo;0;L;;;;;N;;;;;
+1795;KHMER LETTER PHA;Lo;0;L;;;;;N;;;;;
+1796;KHMER LETTER PO;Lo;0;L;;;;;N;;;;;
+1797;KHMER LETTER PHO;Lo;0;L;;;;;N;;;;;
+1798;KHMER LETTER MO;Lo;0;L;;;;;N;;;;;
+1799;KHMER LETTER YO;Lo;0;L;;;;;N;;;;;
+179A;KHMER LETTER RO;Lo;0;L;;;;;N;;;;;
+179B;KHMER LETTER LO;Lo;0;L;;;;;N;;;;;
+179C;KHMER LETTER VO;Lo;0;L;;;;;N;;;;;
+179D;KHMER LETTER SHA;Lo;0;L;;;;;N;;;;;
+179E;KHMER LETTER SSO;Lo;0;L;;;;;N;;;;;
+179F;KHMER LETTER SA;Lo;0;L;;;;;N;;;;;
+17A0;KHMER LETTER HA;Lo;0;L;;;;;N;;;;;
+17A1;KHMER LETTER LA;Lo;0;L;;;;;N;;;;;
+17A2;KHMER LETTER QA;Lo;0;L;;;;;N;;;;;
+17A3;KHMER INDEPENDENT VOWEL QAQ;Lo;0;L;;;;;N;;;;;
+17A4;KHMER INDEPENDENT VOWEL QAA;Lo;0;L;;;;;N;;;;;
+17A5;KHMER INDEPENDENT VOWEL QI;Lo;0;L;;;;;N;;;;;
+17A6;KHMER INDEPENDENT VOWEL QII;Lo;0;L;;;;;N;;;;;
+17A7;KHMER INDEPENDENT VOWEL QU;Lo;0;L;;;;;N;;;;;
+17A8;KHMER INDEPENDENT VOWEL QUK;Lo;0;L;;;;;N;;;;;
+17A9;KHMER INDEPENDENT VOWEL QUU;Lo;0;L;;;;;N;;;;;
+17AA;KHMER INDEPENDENT VOWEL QUUV;Lo;0;L;;;;;N;;;;;
+17AB;KHMER INDEPENDENT VOWEL RY;Lo;0;L;;;;;N;;;;;
+17AC;KHMER INDEPENDENT VOWEL RYY;Lo;0;L;;;;;N;;;;;
+17AD;KHMER INDEPENDENT VOWEL LY;Lo;0;L;;;;;N;;;;;
+17AE;KHMER INDEPENDENT VOWEL LYY;Lo;0;L;;;;;N;;;;;
+17AF;KHMER INDEPENDENT VOWEL QE;Lo;0;L;;;;;N;;;;;
+17B0;KHMER INDEPENDENT VOWEL QAI;Lo;0;L;;;;;N;;;;;
+17B1;KHMER INDEPENDENT VOWEL QOO TYPE ONE;Lo;0;L;;;;;N;;;;;
+17B2;KHMER INDEPENDENT VOWEL QOO TYPE TWO;Lo;0;L;;;;;N;;;;;
+17B3;KHMER INDEPENDENT VOWEL QAU;Lo;0;L;;;;;N;;;;;
+17B4;KHMER VOWEL INHERENT AQ;Mc;0;L;;;;;N;;;;;
+17B5;KHMER VOWEL INHERENT AA;Mc;0;L;;;;;N;;;;;
+17B6;KHMER VOWEL SIGN AA;Mc;0;L;;;;;N;;;;;
+17B7;KHMER VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;;
+17B8;KHMER VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;;
+17B9;KHMER VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;;
+17BA;KHMER VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;;
+17BB;KHMER VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;;
+17BC;KHMER VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;;
+17BD;KHMER VOWEL SIGN UA;Mn;0;NSM;;;;;N;;;;;
+17BE;KHMER VOWEL SIGN OE;Mc;0;L;;;;;N;;;;;
+17BF;KHMER VOWEL SIGN YA;Mc;0;L;;;;;N;;;;;
+17C0;KHMER VOWEL SIGN IE;Mc;0;L;;;;;N;;;;;
+17C1;KHMER VOWEL SIGN E;Mc;0;L;;;;;N;;;;;
+17C2;KHMER VOWEL SIGN AE;Mc;0;L;;;;;N;;;;;
+17C3;KHMER VOWEL SIGN AI;Mc;0;L;;;;;N;;;;;
+17C4;KHMER VOWEL SIGN OO;Mc;0;L;;;;;N;;;;;
+17C5;KHMER VOWEL SIGN AU;Mc;0;L;;;;;N;;;;;
+17C6;KHMER SIGN NIKAHIT;Mn;0;NSM;;;;;N;;;;;
+17C7;KHMER SIGN REAHMUK;Mc;0;L;;;;;N;;;;;
+17C8;KHMER SIGN YUUKALEAPINTU;Mc;0;L;;;;;N;;;;;
+17C9;KHMER SIGN MUUSIKATOAN;Mn;0;NSM;;;;;N;;;;;
+17CA;KHMER SIGN TRIISAP;Mn;0;NSM;;;;;N;;;;;
+17CB;KHMER SIGN BANTOC;Mn;0;NSM;;;;;N;;;;;
+17CC;KHMER SIGN ROBAT;Mn;0;NSM;;;;;N;;;;;
+17CD;KHMER SIGN TOANDAKHIAT;Mn;0;NSM;;;;;N;;;;;
+17CE;KHMER SIGN KAKABAT;Mn;0;NSM;;;;;N;;;;;
+17CF;KHMER SIGN AHSDA;Mn;0;NSM;;;;;N;;;;;
+17D0;KHMER SIGN SAMYOK SANNYA;Mn;0;NSM;;;;;N;;;;;
+17D1;KHMER SIGN VIRIAM;Mn;0;NSM;;;;;N;;;;;
+17D2;KHMER SIGN COENG;Mn;9;NSM;;;;;N;;;;;
+17D3;KHMER SIGN BATHAMASAT;Mn;0;NSM;;;;;N;;;;;
+17D4;KHMER SIGN KHAN;Po;0;L;;;;;N;;;;;
+17D5;KHMER SIGN BARIYOOSAN;Po;0;L;;;;;N;;;;;
+17D6;KHMER SIGN CAMNUC PII KUUH;Po;0;L;;;;;N;;;;;
+17D7;KHMER SIGN LEK TOO;Lm;0;L;;;;;N;;;;;
+17D8;KHMER SIGN BEYYAL;Po;0;L;;;;;N;;;;;
+17D9;KHMER SIGN PHNAEK MUAN;Po;0;L;;;;;N;;;;;
+17DA;KHMER SIGN KOOMUUT;Po;0;L;;;;;N;;;;;
+17DB;KHMER CURRENCY SYMBOL RIEL;Sc;0;ET;;;;;N;;;;;
+17DC;KHMER SIGN AVAKRAHASANYA;Lo;0;L;;;;;N;;;;;
+17E0;KHMER DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+17E1;KHMER DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+17E2;KHMER DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+17E3;KHMER DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+17E4;KHMER DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+17E5;KHMER DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+17E6;KHMER DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+17E7;KHMER DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+17E8;KHMER DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+17E9;KHMER DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+1800;MONGOLIAN BIRGA;Po;0;ON;;;;;N;;;;;
+1801;MONGOLIAN ELLIPSIS;Po;0;ON;;;;;N;;;;;
+1802;MONGOLIAN COMMA;Po;0;ON;;;;;N;;;;;
+1803;MONGOLIAN FULL STOP;Po;0;ON;;;;;N;;;;;
+1804;MONGOLIAN COLON;Po;0;ON;;;;;N;;;;;
+1805;MONGOLIAN FOUR DOTS;Po;0;ON;;;;;N;;;;;
+1806;MONGOLIAN TODO SOFT HYPHEN;Pd;0;ON;;;;;N;;;;;
+1807;MONGOLIAN SIBE SYLLABLE BOUNDARY MARKER;Po;0;ON;;;;;N;;;;;
+1808;MONGOLIAN MANCHU COMMA;Po;0;ON;;;;;N;;;;;
+1809;MONGOLIAN MANCHU FULL STOP;Po;0;ON;;;;;N;;;;;
+180A;MONGOLIAN NIRUGU;Po;0;ON;;;;;N;;;;;
+180B;MONGOLIAN FREE VARIATION SELECTOR ONE;Mn;0;NSM;;;;;N;;;;;
+180C;MONGOLIAN FREE VARIATION SELECTOR TWO;Mn;0;NSM;;;;;N;;;;;
+180D;MONGOLIAN FREE VARIATION SELECTOR THREE;Mn;0;NSM;;;;;N;;;;;
+180E;MONGOLIAN VOWEL SEPARATOR;Cf;0;BN;;;;;N;;;;;
+1810;MONGOLIAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;;
+1811;MONGOLIAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;;
+1812;MONGOLIAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;;
+1813;MONGOLIAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;;
+1814;MONGOLIAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;;
+1815;MONGOLIAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;;
+1816;MONGOLIAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;;
+1817;MONGOLIAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;;
+1818;MONGOLIAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;;
+1819;MONGOLIAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;;
+1820;MONGOLIAN LETTER A;Lo;0;L;;;;;N;;;;;
+1821;MONGOLIAN LETTER E;Lo;0;L;;;;;N;;;;;
+1822;MONGOLIAN LETTER I;Lo;0;L;;;;;N;;;;;
+1823;MONGOLIAN LETTER O;Lo;0;L;;;;;N;;;;;
+1824;MONGOLIAN LETTER U;Lo;0;L;;;;;N;;;;;
+1825;MONGOLIAN LETTER OE;Lo;0;L;;;;;N;;;;;
+1826;MONGOLIAN LETTER UE;Lo;0;L;;;;;N;;;;;
+1827;MONGOLIAN LETTER EE;Lo;0;L;;;;;N;;;;;
+1828;MONGOLIAN LETTER NA;Lo;0;L;;;;;N;;;;;
+1829;MONGOLIAN LETTER ANG;Lo;0;L;;;;;N;;;;;
+182A;MONGOLIAN LETTER BA;Lo;0;L;;;;;N;;;;;
+182B;MONGOLIAN LETTER PA;Lo;0;L;;;;;N;;;;;
+182C;MONGOLIAN LETTER QA;Lo;0;L;;;;;N;;;;;
+182D;MONGOLIAN LETTER GA;Lo;0;L;;;;;N;;;;;
+182E;MONGOLIAN LETTER MA;Lo;0;L;;;;;N;;;;;
+182F;MONGOLIAN LETTER LA;Lo;0;L;;;;;N;;;;;
+1830;MONGOLIAN LETTER SA;Lo;0;L;;;;;N;;;;;
+1831;MONGOLIAN LETTER SHA;Lo;0;L;;;;;N;;;;;
+1832;MONGOLIAN LETTER TA;Lo;0;L;;;;;N;;;;;
+1833;MONGOLIAN LETTER DA;Lo;0;L;;;;;N;;;;;
+1834;MONGOLIAN LETTER CHA;Lo;0;L;;;;;N;;;;;
+1835;MONGOLIAN LETTER JA;Lo;0;L;;;;;N;;;;;
+1836;MONGOLIAN LETTER YA;Lo;0;L;;;;;N;;;;;
+1837;MONGOLIAN LETTER RA;Lo;0;L;;;;;N;;;;;
+1838;MONGOLIAN LETTER WA;Lo;0;L;;;;;N;;;;;
+1839;MONGOLIAN LETTER FA;Lo;0;L;;;;;N;;;;;
+183A;MONGOLIAN LETTER KA;Lo;0;L;;;;;N;;;;;
+183B;MONGOLIAN LETTER KHA;Lo;0;L;;;;;N;;;;;
+183C;MONGOLIAN LETTER TSA;Lo;0;L;;;;;N;;;;;
+183D;MONGOLIAN LETTER ZA;Lo;0;L;;;;;N;;;;;
+183E;MONGOLIAN LETTER HAA;Lo;0;L;;;;;N;;;;;
+183F;MONGOLIAN LETTER ZRA;Lo;0;L;;;;;N;;;;;
+1840;MONGOLIAN LETTER LHA;Lo;0;L;;;;;N;;;;;
+1841;MONGOLIAN LETTER ZHI;Lo;0;L;;;;;N;;;;;
+1842;MONGOLIAN LETTER CHI;Lo;0;L;;;;;N;;;;;
+1843;MONGOLIAN LETTER TODO LONG VOWEL SIGN;Lm;0;L;;;;;N;;;;;
+1844;MONGOLIAN LETTER TODO E;Lo;0;L;;;;;N;;;;;
+1845;MONGOLIAN LETTER TODO I;Lo;0;L;;;;;N;;;;;
+1846;MONGOLIAN LETTER TODO O;Lo;0;L;;;;;N;;;;;
+1847;MONGOLIAN LETTER TODO U;Lo;0;L;;;;;N;;;;;
+1848;MONGOLIAN LETTER TODO OE;Lo;0;L;;;;;N;;;;;
+1849;MONGOLIAN LETTER TODO UE;Lo;0;L;;;;;N;;;;;
+184A;MONGOLIAN LETTER TODO ANG;Lo;0;L;;;;;N;;;;;
+184B;MONGOLIAN LETTER TODO BA;Lo;0;L;;;;;N;;;;;
+184C;MONGOLIAN LETTER TODO PA;Lo;0;L;;;;;N;;;;;
+184D;MONGOLIAN LETTER TODO QA;Lo;0;L;;;;;N;;;;;
+184E;MONGOLIAN LETTER TODO GA;Lo;0;L;;;;;N;;;;;
+184F;MONGOLIAN LETTER TODO MA;Lo;0;L;;;;;N;;;;;
+1850;MONGOLIAN LETTER TODO TA;Lo;0;L;;;;;N;;;;;
+1851;MONGOLIAN LETTER TODO DA;Lo;0;L;;;;;N;;;;;
+1852;MONGOLIAN LETTER TODO CHA;Lo;0;L;;;;;N;;;;;
+1853;MONGOLIAN LETTER TODO JA;Lo;0;L;;;;;N;;;;;
+1854;MONGOLIAN LETTER TODO TSA;Lo;0;L;;;;;N;;;;;
+1855;MONGOLIAN LETTER TODO YA;Lo;0;L;;;;;N;;;;;
+1856;MONGOLIAN LETTER TODO WA;Lo;0;L;;;;;N;;;;;
+1857;MONGOLIAN LETTER TODO KA;Lo;0;L;;;;;N;;;;;
+1858;MONGOLIAN LETTER TODO GAA;Lo;0;L;;;;;N;;;;;
+1859;MONGOLIAN LETTER TODO HAA;Lo;0;L;;;;;N;;;;;
+185A;MONGOLIAN LETTER TODO JIA;Lo;0;L;;;;;N;;;;;
+185B;MONGOLIAN LETTER TODO NIA;Lo;0;L;;;;;N;;;;;
+185C;MONGOLIAN LETTER TODO DZA;Lo;0;L;;;;;N;;;;;
+185D;MONGOLIAN LETTER SIBE E;Lo;0;L;;;;;N;;;;;
+185E;MONGOLIAN LETTER SIBE I;Lo;0;L;;;;;N;;;;;
+185F;MONGOLIAN LETTER SIBE IY;Lo;0;L;;;;;N;;;;;
+1860;MONGOLIAN LETTER SIBE UE;Lo;0;L;;;;;N;;;;;
+1861;MONGOLIAN LETTER SIBE U;Lo;0;L;;;;;N;;;;;
+1862;MONGOLIAN LETTER SIBE ANG;Lo;0;L;;;;;N;;;;;
+1863;MONGOLIAN LETTER SIBE KA;Lo;0;L;;;;;N;;;;;
+1864;MONGOLIAN LETTER SIBE GA;Lo;0;L;;;;;N;;;;;
+1865;MONGOLIAN LETTER SIBE HA;Lo;0;L;;;;;N;;;;;
+1866;MONGOLIAN LETTER SIBE PA;Lo;0;L;;;;;N;;;;;
+1867;MONGOLIAN LETTER SIBE SHA;Lo;0;L;;;;;N;;;;;
+1868;MONGOLIAN LETTER SIBE TA;Lo;0;L;;;;;N;;;;;
+1869;MONGOLIAN LETTER SIBE DA;Lo;0;L;;;;;N;;;;;
+186A;MONGOLIAN LETTER SIBE JA;Lo;0;L;;;;;N;;;;;
+186B;MONGOLIAN LETTER SIBE FA;Lo;0;L;;;;;N;;;;;
+186C;MONGOLIAN LETTER SIBE GAA;Lo;0;L;;;;;N;;;;;
+186D;MONGOLIAN LETTER SIBE HAA;Lo;0;L;;;;;N;;;;;
+186E;MONGOLIAN LETTER SIBE TSA;Lo;0;L;;;;;N;;;;;
+186F;MONGOLIAN LETTER SIBE ZA;Lo;0;L;;;;;N;;;;;
+1870;MONGOLIAN LETTER SIBE RAA;Lo;0;L;;;;;N;;;;;
+1871;MONGOLIAN LETTER SIBE CHA;Lo;0;L;;;;;N;;;;;
+1872;MONGOLIAN LETTER SIBE ZHA;Lo;0;L;;;;;N;;;;;
+1873;MONGOLIAN LETTER MANCHU I;Lo;0;L;;;;;N;;;;;
+1874;MONGOLIAN LETTER MANCHU KA;Lo;0;L;;;;;N;;;;;
+1875;MONGOLIAN LETTER MANCHU RA;Lo;0;L;;;;;N;;;;;
+1876;MONGOLIAN LETTER MANCHU FA;Lo;0;L;;;;;N;;;;;
+1877;MONGOLIAN LETTER MANCHU ZHA;Lo;0;L;;;;;N;;;;;
+1880;MONGOLIAN LETTER ALI GALI ANUSVARA ONE;Lo;0;L;;;;;N;;;;;
+1881;MONGOLIAN LETTER ALI GALI VISARGA ONE;Lo;0;L;;;;;N;;;;;
+1882;MONGOLIAN LETTER ALI GALI DAMARU;Lo;0;L;;;;;N;;;;;
+1883;MONGOLIAN LETTER ALI GALI UBADAMA;Lo;0;L;;;;;N;;;;;
+1884;MONGOLIAN LETTER ALI GALI INVERTED UBADAMA;Lo;0;L;;;;;N;;;;;
+1885;MONGOLIAN LETTER ALI GALI BALUDA;Lo;0;L;;;;;N;;;;;
+1886;MONGOLIAN LETTER ALI GALI THREE BALUDA;Lo;0;L;;;;;N;;;;;
+1887;MONGOLIAN LETTER ALI GALI A;Lo;0;L;;;;;N;;;;;
+1888;MONGOLIAN LETTER ALI GALI I;Lo;0;L;;;;;N;;;;;
+1889;MONGOLIAN LETTER ALI GALI KA;Lo;0;L;;;;;N;;;;;
+188A;MONGOLIAN LETTER ALI GALI NGA;Lo;0;L;;;;;N;;;;;
+188B;MONGOLIAN LETTER ALI GALI CA;Lo;0;L;;;;;N;;;;;
+188C;MONGOLIAN LETTER ALI GALI TTA;Lo;0;L;;;;;N;;;;;
+188D;MONGOLIAN LETTER ALI GALI TTHA;Lo;0;L;;;;;N;;;;;
+188E;MONGOLIAN LETTER ALI GALI DDA;Lo;0;L;;;;;N;;;;;
+188F;MONGOLIAN LETTER ALI GALI NNA;Lo;0;L;;;;;N;;;;;
+1890;MONGOLIAN LETTER ALI GALI TA;Lo;0;L;;;;;N;;;;;
+1891;MONGOLIAN LETTER ALI GALI DA;Lo;0;L;;;;;N;;;;;
+1892;MONGOLIAN LETTER ALI GALI PA;Lo;0;L;;;;;N;;;;;
+1893;MONGOLIAN LETTER ALI GALI PHA;Lo;0;L;;;;;N;;;;;
+1894;MONGOLIAN LETTER ALI GALI SSA;Lo;0;L;;;;;N;;;;;
+1895;MONGOLIAN LETTER ALI GALI ZHA;Lo;0;L;;;;;N;;;;;
+1896;MONGOLIAN LETTER ALI GALI ZA;Lo;0;L;;;;;N;;;;;
+1897;MONGOLIAN LETTER ALI GALI AH;Lo;0;L;;;;;N;;;;;
+1898;MONGOLIAN LETTER TODO ALI GALI TA;Lo;0;L;;;;;N;;;;;
+1899;MONGOLIAN LETTER TODO ALI GALI ZHA;Lo;0;L;;;;;N;;;;;
+189A;MONGOLIAN LETTER MANCHU ALI GALI GHA;Lo;0;L;;;;;N;;;;;
+189B;MONGOLIAN LETTER MANCHU ALI GALI NGA;Lo;0;L;;;;;N;;;;;
+189C;MONGOLIAN LETTER MANCHU ALI GALI CA;Lo;0;L;;;;;N;;;;;
+189D;MONGOLIAN LETTER MANCHU ALI GALI JHA;Lo;0;L;;;;;N;;;;;
+189E;MONGOLIAN LETTER MANCHU ALI GALI TTA;Lo;0;L;;;;;N;;;;;
+189F;MONGOLIAN LETTER MANCHU ALI GALI DDHA;Lo;0;L;;;;;N;;;;;
+18A0;MONGOLIAN LETTER MANCHU ALI GALI TA;Lo;0;L;;;;;N;;;;;
+18A1;MONGOLIAN LETTER MANCHU ALI GALI DHA;Lo;0;L;;;;;N;;;;;
+18A2;MONGOLIAN LETTER MANCHU ALI GALI SSA;Lo;0;L;;;;;N;;;;;
+18A3;MONGOLIAN LETTER MANCHU ALI GALI CYA;Lo;0;L;;;;;N;;;;;
+18A4;MONGOLIAN LETTER MANCHU ALI GALI ZHA;Lo;0;L;;;;;N;;;;;
+18A5;MONGOLIAN LETTER MANCHU ALI GALI ZA;Lo;0;L;;;;;N;;;;;
+18A6;MONGOLIAN LETTER ALI GALI HALF U;Lo;0;L;;;;;N;;;;;
+18A7;MONGOLIAN LETTER ALI GALI HALF YA;Lo;0;L;;;;;N;;;;;
+18A8;MONGOLIAN LETTER MANCHU ALI GALI BHA;Lo;0;L;;;;;N;;;;;
+18A9;MONGOLIAN LETTER ALI GALI DAGALGA;Mn;228;NSM;;;;;N;;;;;
+1E00;LATIN CAPITAL LETTER A WITH RING BELOW;Lu;0;L;0041 0325;;;;N;;;;1E01;
+1E01;LATIN SMALL LETTER A WITH RING BELOW;Ll;0;L;0061 0325;;;;N;;;1E00;;1E00
+1E02;LATIN CAPITAL LETTER B WITH DOT ABOVE;Lu;0;L;0042 0307;;;;N;;;;1E03;
+1E03;LATIN SMALL LETTER B WITH DOT ABOVE;Ll;0;L;0062 0307;;;;N;;;1E02;;1E02
+1E04;LATIN CAPITAL LETTER B WITH DOT BELOW;Lu;0;L;0042 0323;;;;N;;;;1E05;
+1E05;LATIN SMALL LETTER B WITH DOT BELOW;Ll;0;L;0062 0323;;;;N;;;1E04;;1E04
+1E06;LATIN CAPITAL LETTER B WITH LINE BELOW;Lu;0;L;0042 0331;;;;N;;;;1E07;
+1E07;LATIN SMALL LETTER B WITH LINE BELOW;Ll;0;L;0062 0331;;;;N;;;1E06;;1E06
+1E08;LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE;Lu;0;L;00C7 0301;;;;N;;;;1E09;
+1E09;LATIN SMALL LETTER C WITH CEDILLA AND ACUTE;Ll;0;L;00E7 0301;;;;N;;;1E08;;1E08
+1E0A;LATIN CAPITAL LETTER D WITH DOT ABOVE;Lu;0;L;0044 0307;;;;N;;;;1E0B;
+1E0B;LATIN SMALL LETTER D WITH DOT ABOVE;Ll;0;L;0064 0307;;;;N;;;1E0A;;1E0A
+1E0C;LATIN CAPITAL LETTER D WITH DOT BELOW;Lu;0;L;0044 0323;;;;N;;;;1E0D;
+1E0D;LATIN SMALL LETTER D WITH DOT BELOW;Ll;0;L;0064 0323;;;;N;;;1E0C;;1E0C
+1E0E;LATIN CAPITAL LETTER D WITH LINE BELOW;Lu;0;L;0044 0331;;;;N;;;;1E0F;
+1E0F;LATIN SMALL LETTER D WITH LINE BELOW;Ll;0;L;0064 0331;;;;N;;;1E0E;;1E0E
+1E10;LATIN CAPITAL LETTER D WITH CEDILLA;Lu;0;L;0044 0327;;;;N;;;;1E11;
+1E11;LATIN SMALL LETTER D WITH CEDILLA;Ll;0;L;0064 0327;;;;N;;;1E10;;1E10
+1E12;LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW;Lu;0;L;0044 032D;;;;N;;;;1E13;
+1E13;LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW;Ll;0;L;0064 032D;;;;N;;;1E12;;1E12
+1E14;LATIN CAPITAL LETTER E WITH MACRON AND GRAVE;Lu;0;L;0112 0300;;;;N;;;;1E15;
+1E15;LATIN SMALL LETTER E WITH MACRON AND GRAVE;Ll;0;L;0113 0300;;;;N;;;1E14;;1E14
+1E16;LATIN CAPITAL LETTER E WITH MACRON AND ACUTE;Lu;0;L;0112 0301;;;;N;;;;1E17;
+1E17;LATIN SMALL LETTER E WITH MACRON AND ACUTE;Ll;0;L;0113 0301;;;;N;;;1E16;;1E16
+1E18;LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW;Lu;0;L;0045 032D;;;;N;;;;1E19;
+1E19;LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW;Ll;0;L;0065 032D;;;;N;;;1E18;;1E18
+1E1A;LATIN CAPITAL LETTER E WITH TILDE BELOW;Lu;0;L;0045 0330;;;;N;;;;1E1B;
+1E1B;LATIN SMALL LETTER E WITH TILDE BELOW;Ll;0;L;0065 0330;;;;N;;;1E1A;;1E1A
+1E1C;LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE;Lu;0;L;0228 0306;;;;N;;;;1E1D;
+1E1D;LATIN SMALL LETTER E WITH CEDILLA AND BREVE;Ll;0;L;0229 0306;;;;N;;;1E1C;;1E1C
+1E1E;LATIN CAPITAL LETTER F WITH DOT ABOVE;Lu;0;L;0046 0307;;;;N;;;;1E1F;
+1E1F;LATIN SMALL LETTER F WITH DOT ABOVE;Ll;0;L;0066 0307;;;;N;;;1E1E;;1E1E
+1E20;LATIN CAPITAL LETTER G WITH MACRON;Lu;0;L;0047 0304;;;;N;;;;1E21;
+1E21;LATIN SMALL LETTER G WITH MACRON;Ll;0;L;0067 0304;;;;N;;;1E20;;1E20
+1E22;LATIN CAPITAL LETTER H WITH DOT ABOVE;Lu;0;L;0048 0307;;;;N;;;;1E23;
+1E23;LATIN SMALL LETTER H WITH DOT ABOVE;Ll;0;L;0068 0307;;;;N;;;1E22;;1E22
+1E24;LATIN CAPITAL LETTER H WITH DOT BELOW;Lu;0;L;0048 0323;;;;N;;;;1E25;
+1E25;LATIN SMALL LETTER H WITH DOT BELOW;Ll;0;L;0068 0323;;;;N;;;1E24;;1E24
+1E26;LATIN CAPITAL LETTER H WITH DIAERESIS;Lu;0;L;0048 0308;;;;N;;;;1E27;
+1E27;LATIN SMALL LETTER H WITH DIAERESIS;Ll;0;L;0068 0308;;;;N;;;1E26;;1E26
+1E28;LATIN CAPITAL LETTER H WITH CEDILLA;Lu;0;L;0048 0327;;;;N;;;;1E29;
+1E29;LATIN SMALL LETTER H WITH CEDILLA;Ll;0;L;0068 0327;;;;N;;;1E28;;1E28
+1E2A;LATIN CAPITAL LETTER H WITH BREVE BELOW;Lu;0;L;0048 032E;;;;N;;;;1E2B;
+1E2B;LATIN SMALL LETTER H WITH BREVE BELOW;Ll;0;L;0068 032E;;;;N;;;1E2A;;1E2A
+1E2C;LATIN CAPITAL LETTER I WITH TILDE BELOW;Lu;0;L;0049 0330;;;;N;;;;1E2D;
+1E2D;LATIN SMALL LETTER I WITH TILDE BELOW;Ll;0;L;0069 0330;;;;N;;;1E2C;;1E2C
+1E2E;LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE;Lu;0;L;00CF 0301;;;;N;;;;1E2F;
+1E2F;LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE;Ll;0;L;00EF 0301;;;;N;;;1E2E;;1E2E
+1E30;LATIN CAPITAL LETTER K WITH ACUTE;Lu;0;L;004B 0301;;;;N;;;;1E31;
+1E31;LATIN SMALL LETTER K WITH ACUTE;Ll;0;L;006B 0301;;;;N;;;1E30;;1E30
+1E32;LATIN CAPITAL LETTER K WITH DOT BELOW;Lu;0;L;004B 0323;;;;N;;;;1E33;
+1E33;LATIN SMALL LETTER K WITH DOT BELOW;Ll;0;L;006B 0323;;;;N;;;1E32;;1E32
+1E34;LATIN CAPITAL LETTER K WITH LINE BELOW;Lu;0;L;004B 0331;;;;N;;;;1E35;
+1E35;LATIN SMALL LETTER K WITH LINE BELOW;Ll;0;L;006B 0331;;;;N;;;1E34;;1E34
+1E36;LATIN CAPITAL LETTER L WITH DOT BELOW;Lu;0;L;004C 0323;;;;N;;;;1E37;
+1E37;LATIN SMALL LETTER L WITH DOT BELOW;Ll;0;L;006C 0323;;;;N;;;1E36;;1E36
+1E38;LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON;Lu;0;L;1E36 0304;;;;N;;;;1E39;
+1E39;LATIN SMALL LETTER L WITH DOT BELOW AND MACRON;Ll;0;L;1E37 0304;;;;N;;;1E38;;1E38
+1E3A;LATIN CAPITAL LETTER L WITH LINE BELOW;Lu;0;L;004C 0331;;;;N;;;;1E3B;
+1E3B;LATIN SMALL LETTER L WITH LINE BELOW;Ll;0;L;006C 0331;;;;N;;;1E3A;;1E3A
+1E3C;LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW;Lu;0;L;004C 032D;;;;N;;;;1E3D;
+1E3D;LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW;Ll;0;L;006C 032D;;;;N;;;1E3C;;1E3C
+1E3E;LATIN CAPITAL LETTER M WITH ACUTE;Lu;0;L;004D 0301;;;;N;;;;1E3F;
+1E3F;LATIN SMALL LETTER M WITH ACUTE;Ll;0;L;006D 0301;;;;N;;;1E3E;;1E3E
+1E40;LATIN CAPITAL LETTER M WITH DOT ABOVE;Lu;0;L;004D 0307;;;;N;;;;1E41;
+1E41;LATIN SMALL LETTER M WITH DOT ABOVE;Ll;0;L;006D 0307;;;;N;;;1E40;;1E40
+1E42;LATIN CAPITAL LETTER M WITH DOT BELOW;Lu;0;L;004D 0323;;;;N;;;;1E43;
+1E43;LATIN SMALL LETTER M WITH DOT BELOW;Ll;0;L;006D 0323;;;;N;;;1E42;;1E42
+1E44;LATIN CAPITAL LETTER N WITH DOT ABOVE;Lu;0;L;004E 0307;;;;N;;;;1E45;
+1E45;LATIN SMALL LETTER N WITH DOT ABOVE;Ll;0;L;006E 0307;;;;N;;;1E44;;1E44
+1E46;LATIN CAPITAL LETTER N WITH DOT BELOW;Lu;0;L;004E 0323;;;;N;;;;1E47;
+1E47;LATIN SMALL LETTER N WITH DOT BELOW;Ll;0;L;006E 0323;;;;N;;;1E46;;1E46
+1E48;LATIN CAPITAL LETTER N WITH LINE BELOW;Lu;0;L;004E 0331;;;;N;;;;1E49;
+1E49;LATIN SMALL LETTER N WITH LINE BELOW;Ll;0;L;006E 0331;;;;N;;;1E48;;1E48
+1E4A;LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW;Lu;0;L;004E 032D;;;;N;;;;1E4B;
+1E4B;LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW;Ll;0;L;006E 032D;;;;N;;;1E4A;;1E4A
+1E4C;LATIN CAPITAL LETTER O WITH TILDE AND ACUTE;Lu;0;L;00D5 0301;;;;N;;;;1E4D;
+1E4D;LATIN SMALL LETTER O WITH TILDE AND ACUTE;Ll;0;L;00F5 0301;;;;N;;;1E4C;;1E4C
+1E4E;LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS;Lu;0;L;00D5 0308;;;;N;;;;1E4F;
+1E4F;LATIN SMALL LETTER O WITH TILDE AND DIAERESIS;Ll;0;L;00F5 0308;;;;N;;;1E4E;;1E4E
+1E50;LATIN CAPITAL LETTER O WITH MACRON AND GRAVE;Lu;0;L;014C 0300;;;;N;;;;1E51;
+1E51;LATIN SMALL LETTER O WITH MACRON AND GRAVE;Ll;0;L;014D 0300;;;;N;;;1E50;;1E50
+1E52;LATIN CAPITAL LETTER O WITH MACRON AND ACUTE;Lu;0;L;014C 0301;;;;N;;;;1E53;
+1E53;LATIN SMALL LETTER O WITH MACRON AND ACUTE;Ll;0;L;014D 0301;;;;N;;;1E52;;1E52
+1E54;LATIN CAPITAL LETTER P WITH ACUTE;Lu;0;L;0050 0301;;;;N;;;;1E55;
+1E55;LATIN SMALL LETTER P WITH ACUTE;Ll;0;L;0070 0301;;;;N;;;1E54;;1E54
+1E56;LATIN CAPITAL LETTER P WITH DOT ABOVE;Lu;0;L;0050 0307;;;;N;;;;1E57;
+1E57;LATIN SMALL LETTER P WITH DOT ABOVE;Ll;0;L;0070 0307;;;;N;;;1E56;;1E56
+1E58;LATIN CAPITAL LETTER R WITH DOT ABOVE;Lu;0;L;0052 0307;;;;N;;;;1E59;
+1E59;LATIN SMALL LETTER R WITH DOT ABOVE;Ll;0;L;0072 0307;;;;N;;;1E58;;1E58
+1E5A;LATIN CAPITAL LETTER R WITH DOT BELOW;Lu;0;L;0052 0323;;;;N;;;;1E5B;
+1E5B;LATIN SMALL LETTER R WITH DOT BELOW;Ll;0;L;0072 0323;;;;N;;;1E5A;;1E5A
+1E5C;LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON;Lu;0;L;1E5A 0304;;;;N;;;;1E5D;
+1E5D;LATIN SMALL LETTER R WITH DOT BELOW AND MACRON;Ll;0;L;1E5B 0304;;;;N;;;1E5C;;1E5C
+1E5E;LATIN CAPITAL LETTER R WITH LINE BELOW;Lu;0;L;0052 0331;;;;N;;;;1E5F;
+1E5F;LATIN SMALL LETTER R WITH LINE BELOW;Ll;0;L;0072 0331;;;;N;;;1E5E;;1E5E
+1E60;LATIN CAPITAL LETTER S WITH DOT ABOVE;Lu;0;L;0053 0307;;;;N;;;;1E61;
+1E61;LATIN SMALL LETTER S WITH DOT ABOVE;Ll;0;L;0073 0307;;;;N;;;1E60;;1E60
+1E62;LATIN CAPITAL LETTER S WITH DOT BELOW;Lu;0;L;0053 0323;;;;N;;;;1E63;
+1E63;LATIN SMALL LETTER S WITH DOT BELOW;Ll;0;L;0073 0323;;;;N;;;1E62;;1E62
+1E64;LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE;Lu;0;L;015A 0307;;;;N;;;;1E65;
+1E65;LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE;Ll;0;L;015B 0307;;;;N;;;1E64;;1E64
+1E66;LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE;Lu;0;L;0160 0307;;;;N;;;;1E67;
+1E67;LATIN SMALL LETTER S WITH CARON AND DOT ABOVE;Ll;0;L;0161 0307;;;;N;;;1E66;;1E66
+1E68;LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE;Lu;0;L;1E62 0307;;;;N;;;;1E69;
+1E69;LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE;Ll;0;L;1E63 0307;;;;N;;;1E68;;1E68
+1E6A;LATIN CAPITAL LETTER T WITH DOT ABOVE;Lu;0;L;0054 0307;;;;N;;;;1E6B;
+1E6B;LATIN SMALL LETTER T WITH DOT ABOVE;Ll;0;L;0074 0307;;;;N;;;1E6A;;1E6A
+1E6C;LATIN CAPITAL LETTER T WITH DOT BELOW;Lu;0;L;0054 0323;;;;N;;;;1E6D;
+1E6D;LATIN SMALL LETTER T WITH DOT BELOW;Ll;0;L;0074 0323;;;;N;;;1E6C;;1E6C
+1E6E;LATIN CAPITAL LETTER T WITH LINE BELOW;Lu;0;L;0054 0331;;;;N;;;;1E6F;
+1E6F;LATIN SMALL LETTER T WITH LINE BELOW;Ll;0;L;0074 0331;;;;N;;;1E6E;;1E6E
+1E70;LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW;Lu;0;L;0054 032D;;;;N;;;;1E71;
+1E71;LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW;Ll;0;L;0074 032D;;;;N;;;1E70;;1E70
+1E72;LATIN CAPITAL LETTER U WITH DIAERESIS BELOW;Lu;0;L;0055 0324;;;;N;;;;1E73;
+1E73;LATIN SMALL LETTER U WITH DIAERESIS BELOW;Ll;0;L;0075 0324;;;;N;;;1E72;;1E72
+1E74;LATIN CAPITAL LETTER U WITH TILDE BELOW;Lu;0;L;0055 0330;;;;N;;;;1E75;
+1E75;LATIN SMALL LETTER U WITH TILDE BELOW;Ll;0;L;0075 0330;;;;N;;;1E74;;1E74
+1E76;LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW;Lu;0;L;0055 032D;;;;N;;;;1E77;
+1E77;LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW;Ll;0;L;0075 032D;;;;N;;;1E76;;1E76
+1E78;LATIN CAPITAL LETTER U WITH TILDE AND ACUTE;Lu;0;L;0168 0301;;;;N;;;;1E79;
+1E79;LATIN SMALL LETTER U WITH TILDE AND ACUTE;Ll;0;L;0169 0301;;;;N;;;1E78;;1E78
+1E7A;LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS;Lu;0;L;016A 0308;;;;N;;;;1E7B;
+1E7B;LATIN SMALL LETTER U WITH MACRON AND DIAERESIS;Ll;0;L;016B 0308;;;;N;;;1E7A;;1E7A
+1E7C;LATIN CAPITAL LETTER V WITH TILDE;Lu;0;L;0056 0303;;;;N;;;;1E7D;
+1E7D;LATIN SMALL LETTER V WITH TILDE;Ll;0;L;0076 0303;;;;N;;;1E7C;;1E7C
+1E7E;LATIN CAPITAL LETTER V WITH DOT BELOW;Lu;0;L;0056 0323;;;;N;;;;1E7F;
+1E7F;LATIN SMALL LETTER V WITH DOT BELOW;Ll;0;L;0076 0323;;;;N;;;1E7E;;1E7E
+1E80;LATIN CAPITAL LETTER W WITH GRAVE;Lu;0;L;0057 0300;;;;N;;;;1E81;
+1E81;LATIN SMALL LETTER W WITH GRAVE;Ll;0;L;0077 0300;;;;N;;;1E80;;1E80
+1E82;LATIN CAPITAL LETTER W WITH ACUTE;Lu;0;L;0057 0301;;;;N;;;;1E83;
+1E83;LATIN SMALL LETTER W WITH ACUTE;Ll;0;L;0077 0301;;;;N;;;1E82;;1E82
+1E84;LATIN CAPITAL LETTER W WITH DIAERESIS;Lu;0;L;0057 0308;;;;N;;;;1E85;
+1E85;LATIN SMALL LETTER W WITH DIAERESIS;Ll;0;L;0077 0308;;;;N;;;1E84;;1E84
+1E86;LATIN CAPITAL LETTER W WITH DOT ABOVE;Lu;0;L;0057 0307;;;;N;;;;1E87;
+1E87;LATIN SMALL LETTER W WITH DOT ABOVE;Ll;0;L;0077 0307;;;;N;;;1E86;;1E86
+1E88;LATIN CAPITAL LETTER W WITH DOT BELOW;Lu;0;L;0057 0323;;;;N;;;;1E89;
+1E89;LATIN SMALL LETTER W WITH DOT BELOW;Ll;0;L;0077 0323;;;;N;;;1E88;;1E88
+1E8A;LATIN CAPITAL LETTER X WITH DOT ABOVE;Lu;0;L;0058 0307;;;;N;;;;1E8B;
+1E8B;LATIN SMALL LETTER X WITH DOT ABOVE;Ll;0;L;0078 0307;;;;N;;;1E8A;;1E8A
+1E8C;LATIN CAPITAL LETTER X WITH DIAERESIS;Lu;0;L;0058 0308;;;;N;;;;1E8D;
+1E8D;LATIN SMALL LETTER X WITH DIAERESIS;Ll;0;L;0078 0308;;;;N;;;1E8C;;1E8C
+1E8E;LATIN CAPITAL LETTER Y WITH DOT ABOVE;Lu;0;L;0059 0307;;;;N;;;;1E8F;
+1E8F;LATIN SMALL LETTER Y WITH DOT ABOVE;Ll;0;L;0079 0307;;;;N;;;1E8E;;1E8E
+1E90;LATIN CAPITAL LETTER Z WITH CIRCUMFLEX;Lu;0;L;005A 0302;;;;N;;;;1E91;
+1E91;LATIN SMALL LETTER Z WITH CIRCUMFLEX;Ll;0;L;007A 0302;;;;N;;;1E90;;1E90
+1E92;LATIN CAPITAL LETTER Z WITH DOT BELOW;Lu;0;L;005A 0323;;;;N;;;;1E93;
+1E93;LATIN SMALL LETTER Z WITH DOT BELOW;Ll;0;L;007A 0323;;;;N;;;1E92;;1E92
+1E94;LATIN CAPITAL LETTER Z WITH LINE BELOW;Lu;0;L;005A 0331;;;;N;;;;1E95;
+1E95;LATIN SMALL LETTER Z WITH LINE BELOW;Ll;0;L;007A 0331;;;;N;;;1E94;;1E94
+1E96;LATIN SMALL LETTER H WITH LINE BELOW;Ll;0;L;0068 0331;;;;N;;;;;
+1E97;LATIN SMALL LETTER T WITH DIAERESIS;Ll;0;L;0074 0308;;;;N;;;;;
+1E98;LATIN SMALL LETTER W WITH RING ABOVE;Ll;0;L;0077 030A;;;;N;;;;;
+1E99;LATIN SMALL LETTER Y WITH RING ABOVE;Ll;0;L;0079 030A;;;;N;;;;;
+1E9A;LATIN SMALL LETTER A WITH RIGHT HALF RING;Ll;0;L;<compat> 0061 02BE;;;;N;;;;;
+1E9B;LATIN SMALL LETTER LONG S WITH DOT ABOVE;Ll;0;L;017F 0307;;;;N;;;1E60;;1E60
+1EA0;LATIN CAPITAL LETTER A WITH DOT BELOW;Lu;0;L;0041 0323;;;;N;;;;1EA1;
+1EA1;LATIN SMALL LETTER A WITH DOT BELOW;Ll;0;L;0061 0323;;;;N;;;1EA0;;1EA0
+1EA2;LATIN CAPITAL LETTER A WITH HOOK ABOVE;Lu;0;L;0041 0309;;;;N;;;;1EA3;
+1EA3;LATIN SMALL LETTER A WITH HOOK ABOVE;Ll;0;L;0061 0309;;;;N;;;1EA2;;1EA2
+1EA4;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00C2 0301;;;;N;;;;1EA5;
+1EA5;LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00E2 0301;;;;N;;;1EA4;;1EA4
+1EA6;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00C2 0300;;;;N;;;;1EA7;
+1EA7;LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00E2 0300;;;;N;;;1EA6;;1EA6
+1EA8;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00C2 0309;;;;N;;;;1EA9;
+1EA9;LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00E2 0309;;;;N;;;1EA8;;1EA8
+1EAA;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE;Lu;0;L;00C2 0303;;;;N;;;;1EAB;
+1EAB;LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE;Ll;0;L;00E2 0303;;;;N;;;1EAA;;1EAA
+1EAC;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EA0 0302;;;;N;;;;1EAD;
+1EAD;LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EA1 0302;;;;N;;;1EAC;;1EAC
+1EAE;LATIN CAPITAL LETTER A WITH BREVE AND ACUTE;Lu;0;L;0102 0301;;;;N;;;;1EAF;
+1EAF;LATIN SMALL LETTER A WITH BREVE AND ACUTE;Ll;0;L;0103 0301;;;;N;;;1EAE;;1EAE
+1EB0;LATIN CAPITAL LETTER A WITH BREVE AND GRAVE;Lu;0;L;0102 0300;;;;N;;;;1EB1;
+1EB1;LATIN SMALL LETTER A WITH BREVE AND GRAVE;Ll;0;L;0103 0300;;;;N;;;1EB0;;1EB0
+1EB2;LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE;Lu;0;L;0102 0309;;;;N;;;;1EB3;
+1EB3;LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE;Ll;0;L;0103 0309;;;;N;;;1EB2;;1EB2
+1EB4;LATIN CAPITAL LETTER A WITH BREVE AND TILDE;Lu;0;L;0102 0303;;;;N;;;;1EB5;
+1EB5;LATIN SMALL LETTER A WITH BREVE AND TILDE;Ll;0;L;0103 0303;;;;N;;;1EB4;;1EB4
+1EB6;LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW;Lu;0;L;1EA0 0306;;;;N;;;;1EB7;
+1EB7;LATIN SMALL LETTER A WITH BREVE AND DOT BELOW;Ll;0;L;1EA1 0306;;;;N;;;1EB6;;1EB6
+1EB8;LATIN CAPITAL LETTER E WITH DOT BELOW;Lu;0;L;0045 0323;;;;N;;;;1EB9;
+1EB9;LATIN SMALL LETTER E WITH DOT BELOW;Ll;0;L;0065 0323;;;;N;;;1EB8;;1EB8
+1EBA;LATIN CAPITAL LETTER E WITH HOOK ABOVE;Lu;0;L;0045 0309;;;;N;;;;1EBB;
+1EBB;LATIN SMALL LETTER E WITH HOOK ABOVE;Ll;0;L;0065 0309;;;;N;;;1EBA;;1EBA
+1EBC;LATIN CAPITAL LETTER E WITH TILDE;Lu;0;L;0045 0303;;;;N;;;;1EBD;
+1EBD;LATIN SMALL LETTER E WITH TILDE;Ll;0;L;0065 0303;;;;N;;;1EBC;;1EBC
+1EBE;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00CA 0301;;;;N;;;;1EBF;
+1EBF;LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00EA 0301;;;;N;;;1EBE;;1EBE
+1EC0;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00CA 0300;;;;N;;;;1EC1;
+1EC1;LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00EA 0300;;;;N;;;1EC0;;1EC0
+1EC2;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00CA 0309;;;;N;;;;1EC3;
+1EC3;LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00EA 0309;;;;N;;;1EC2;;1EC2
+1EC4;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE;Lu;0;L;00CA 0303;;;;N;;;;1EC5;
+1EC5;LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE;Ll;0;L;00EA 0303;;;;N;;;1EC4;;1EC4
+1EC6;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EB8 0302;;;;N;;;;1EC7;
+1EC7;LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EB9 0302;;;;N;;;1EC6;;1EC6
+1EC8;LATIN CAPITAL LETTER I WITH HOOK ABOVE;Lu;0;L;0049 0309;;;;N;;;;1EC9;
+1EC9;LATIN SMALL LETTER I WITH HOOK ABOVE;Ll;0;L;0069 0309;;;;N;;;1EC8;;1EC8
+1ECA;LATIN CAPITAL LETTER I WITH DOT BELOW;Lu;0;L;0049 0323;;;;N;;;;1ECB;
+1ECB;LATIN SMALL LETTER I WITH DOT BELOW;Ll;0;L;0069 0323;;;;N;;;1ECA;;1ECA
+1ECC;LATIN CAPITAL LETTER O WITH DOT BELOW;Lu;0;L;004F 0323;;;;N;;;;1ECD;
+1ECD;LATIN SMALL LETTER O WITH DOT BELOW;Ll;0;L;006F 0323;;;;N;;;1ECC;;1ECC
+1ECE;LATIN CAPITAL LETTER O WITH HOOK ABOVE;Lu;0;L;004F 0309;;;;N;;;;1ECF;
+1ECF;LATIN SMALL LETTER O WITH HOOK ABOVE;Ll;0;L;006F 0309;;;;N;;;1ECE;;1ECE
+1ED0;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00D4 0301;;;;N;;;;1ED1;
+1ED1;LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00F4 0301;;;;N;;;1ED0;;1ED0
+1ED2;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00D4 0300;;;;N;;;;1ED3;
+1ED3;LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00F4 0300;;;;N;;;1ED2;;1ED2
+1ED4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00D4 0309;;;;N;;;;1ED5;
+1ED5;LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00F4 0309;;;;N;;;1ED4;;1ED4
+1ED6;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE;Lu;0;L;00D4 0303;;;;N;;;;1ED7;
+1ED7;LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE;Ll;0;L;00F4 0303;;;;N;;;1ED6;;1ED6
+1ED8;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1ECC 0302;;;;N;;;;1ED9;
+1ED9;LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1ECD 0302;;;;N;;;1ED8;;1ED8
+1EDA;LATIN CAPITAL LETTER O WITH HORN AND ACUTE;Lu;0;L;01A0 0301;;;;N;;;;1EDB;
+1EDB;LATIN SMALL LETTER O WITH HORN AND ACUTE;Ll;0;L;01A1 0301;;;;N;;;1EDA;;1EDA
+1EDC;LATIN CAPITAL LETTER O WITH HORN AND GRAVE;Lu;0;L;01A0 0300;;;;N;;;;1EDD;
+1EDD;LATIN SMALL LETTER O WITH HORN AND GRAVE;Ll;0;L;01A1 0300;;;;N;;;1EDC;;1EDC
+1EDE;LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE;Lu;0;L;01A0 0309;;;;N;;;;1EDF;
+1EDF;LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE;Ll;0;L;01A1 0309;;;;N;;;1EDE;;1EDE
+1EE0;LATIN CAPITAL LETTER O WITH HORN AND TILDE;Lu;0;L;01A0 0303;;;;N;;;;1EE1;
+1EE1;LATIN SMALL LETTER O WITH HORN AND TILDE;Ll;0;L;01A1 0303;;;;N;;;1EE0;;1EE0
+1EE2;LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW;Lu;0;L;01A0 0323;;;;N;;;;1EE3;
+1EE3;LATIN SMALL LETTER O WITH HORN AND DOT BELOW;Ll;0;L;01A1 0323;;;;N;;;1EE2;;1EE2
+1EE4;LATIN CAPITAL LETTER U WITH DOT BELOW;Lu;0;L;0055 0323;;;;N;;;;1EE5;
+1EE5;LATIN SMALL LETTER U WITH DOT BELOW;Ll;0;L;0075 0323;;;;N;;;1EE4;;1EE4
+1EE6;LATIN CAPITAL LETTER U WITH HOOK ABOVE;Lu;0;L;0055 0309;;;;N;;;;1EE7;
+1EE7;LATIN SMALL LETTER U WITH HOOK ABOVE;Ll;0;L;0075 0309;;;;N;;;1EE6;;1EE6
+1EE8;LATIN CAPITAL LETTER U WITH HORN AND ACUTE;Lu;0;L;01AF 0301;;;;N;;;;1EE9;
+1EE9;LATIN SMALL LETTER U WITH HORN AND ACUTE;Ll;0;L;01B0 0301;;;;N;;;1EE8;;1EE8
+1EEA;LATIN CAPITAL LETTER U WITH HORN AND GRAVE;Lu;0;L;01AF 0300;;;;N;;;;1EEB;
+1EEB;LATIN SMALL LETTER U WITH HORN AND GRAVE;Ll;0;L;01B0 0300;;;;N;;;1EEA;;1EEA
+1EEC;LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE;Lu;0;L;01AF 0309;;;;N;;;;1EED;
+1EED;LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE;Ll;0;L;01B0 0309;;;;N;;;1EEC;;1EEC
+1EEE;LATIN CAPITAL LETTER U WITH HORN AND TILDE;Lu;0;L;01AF 0303;;;;N;;;;1EEF;
+1EEF;LATIN SMALL LETTER U WITH HORN AND TILDE;Ll;0;L;01B0 0303;;;;N;;;1EEE;;1EEE
+1EF0;LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW;Lu;0;L;01AF 0323;;;;N;;;;1EF1;
+1EF1;LATIN SMALL LETTER U WITH HORN AND DOT BELOW;Ll;0;L;01B0 0323;;;;N;;;1EF0;;1EF0
+1EF2;LATIN CAPITAL LETTER Y WITH GRAVE;Lu;0;L;0059 0300;;;;N;;;;1EF3;
+1EF3;LATIN SMALL LETTER Y WITH GRAVE;Ll;0;L;0079 0300;;;;N;;;1EF2;;1EF2
+1EF4;LATIN CAPITAL LETTER Y WITH DOT BELOW;Lu;0;L;0059 0323;;;;N;;;;1EF5;
+1EF5;LATIN SMALL LETTER Y WITH DOT BELOW;Ll;0;L;0079 0323;;;;N;;;1EF4;;1EF4
+1EF6;LATIN CAPITAL LETTER Y WITH HOOK ABOVE;Lu;0;L;0059 0309;;;;N;;;;1EF7;
+1EF7;LATIN SMALL LETTER Y WITH HOOK ABOVE;Ll;0;L;0079 0309;;;;N;;;1EF6;;1EF6
+1EF8;LATIN CAPITAL LETTER Y WITH TILDE;Lu;0;L;0059 0303;;;;N;;;;1EF9;
+1EF9;LATIN SMALL LETTER Y WITH TILDE;Ll;0;L;0079 0303;;;;N;;;1EF8;;1EF8
+1F00;GREEK SMALL LETTER ALPHA WITH PSILI;Ll;0;L;03B1 0313;;;;N;;;1F08;;1F08
+1F01;GREEK SMALL LETTER ALPHA WITH DASIA;Ll;0;L;03B1 0314;;;;N;;;1F09;;1F09
+1F02;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA;Ll;0;L;1F00 0300;;;;N;;;1F0A;;1F0A
+1F03;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA;Ll;0;L;1F01 0300;;;;N;;;1F0B;;1F0B
+1F04;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA;Ll;0;L;1F00 0301;;;;N;;;1F0C;;1F0C
+1F05;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA;Ll;0;L;1F01 0301;;;;N;;;1F0D;;1F0D
+1F06;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI;Ll;0;L;1F00 0342;;;;N;;;1F0E;;1F0E
+1F07;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI;Ll;0;L;1F01 0342;;;;N;;;1F0F;;1F0F
+1F08;GREEK CAPITAL LETTER ALPHA WITH PSILI;Lu;0;L;0391 0313;;;;N;;;;1F00;
+1F09;GREEK CAPITAL LETTER ALPHA WITH DASIA;Lu;0;L;0391 0314;;;;N;;;;1F01;
+1F0A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA;Lu;0;L;1F08 0300;;;;N;;;;1F02;
+1F0B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA;Lu;0;L;1F09 0300;;;;N;;;;1F03;
+1F0C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA;Lu;0;L;1F08 0301;;;;N;;;;1F04;
+1F0D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA;Lu;0;L;1F09 0301;;;;N;;;;1F05;
+1F0E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI;Lu;0;L;1F08 0342;;;;N;;;;1F06;
+1F0F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI;Lu;0;L;1F09 0342;;;;N;;;;1F07;
+1F10;GREEK SMALL LETTER EPSILON WITH PSILI;Ll;0;L;03B5 0313;;;;N;;;1F18;;1F18
+1F11;GREEK SMALL LETTER EPSILON WITH DASIA;Ll;0;L;03B5 0314;;;;N;;;1F19;;1F19
+1F12;GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA;Ll;0;L;1F10 0300;;;;N;;;1F1A;;1F1A
+1F13;GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA;Ll;0;L;1F11 0300;;;;N;;;1F1B;;1F1B
+1F14;GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA;Ll;0;L;1F10 0301;;;;N;;;1F1C;;1F1C
+1F15;GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA;Ll;0;L;1F11 0301;;;;N;;;1F1D;;1F1D
+1F18;GREEK CAPITAL LETTER EPSILON WITH PSILI;Lu;0;L;0395 0313;;;;N;;;;1F10;
+1F19;GREEK CAPITAL LETTER EPSILON WITH DASIA;Lu;0;L;0395 0314;;;;N;;;;1F11;
+1F1A;GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA;Lu;0;L;1F18 0300;;;;N;;;;1F12;
+1F1B;GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA;Lu;0;L;1F19 0300;;;;N;;;;1F13;
+1F1C;GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA;Lu;0;L;1F18 0301;;;;N;;;;1F14;
+1F1D;GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA;Lu;0;L;1F19 0301;;;;N;;;;1F15;
+1F20;GREEK SMALL LETTER ETA WITH PSILI;Ll;0;L;03B7 0313;;;;N;;;1F28;;1F28
+1F21;GREEK SMALL LETTER ETA WITH DASIA;Ll;0;L;03B7 0314;;;;N;;;1F29;;1F29
+1F22;GREEK SMALL LETTER ETA WITH PSILI AND VARIA;Ll;0;L;1F20 0300;;;;N;;;1F2A;;1F2A
+1F23;GREEK SMALL LETTER ETA WITH DASIA AND VARIA;Ll;0;L;1F21 0300;;;;N;;;1F2B;;1F2B
+1F24;GREEK SMALL LETTER ETA WITH PSILI AND OXIA;Ll;0;L;1F20 0301;;;;N;;;1F2C;;1F2C
+1F25;GREEK SMALL LETTER ETA WITH DASIA AND OXIA;Ll;0;L;1F21 0301;;;;N;;;1F2D;;1F2D
+1F26;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI;Ll;0;L;1F20 0342;;;;N;;;1F2E;;1F2E
+1F27;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI;Ll;0;L;1F21 0342;;;;N;;;1F2F;;1F2F
+1F28;GREEK CAPITAL LETTER ETA WITH PSILI;Lu;0;L;0397 0313;;;;N;;;;1F20;
+1F29;GREEK CAPITAL LETTER ETA WITH DASIA;Lu;0;L;0397 0314;;;;N;;;;1F21;
+1F2A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA;Lu;0;L;1F28 0300;;;;N;;;;1F22;
+1F2B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA;Lu;0;L;1F29 0300;;;;N;;;;1F23;
+1F2C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA;Lu;0;L;1F28 0301;;;;N;;;;1F24;
+1F2D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA;Lu;0;L;1F29 0301;;;;N;;;;1F25;
+1F2E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI;Lu;0;L;1F28 0342;;;;N;;;;1F26;
+1F2F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI;Lu;0;L;1F29 0342;;;;N;;;;1F27;
+1F30;GREEK SMALL LETTER IOTA WITH PSILI;Ll;0;L;03B9 0313;;;;N;;;1F38;;1F38
+1F31;GREEK SMALL LETTER IOTA WITH DASIA;Ll;0;L;03B9 0314;;;;N;;;1F39;;1F39
+1F32;GREEK SMALL LETTER IOTA WITH PSILI AND VARIA;Ll;0;L;1F30 0300;;;;N;;;1F3A;;1F3A
+1F33;GREEK SMALL LETTER IOTA WITH DASIA AND VARIA;Ll;0;L;1F31 0300;;;;N;;;1F3B;;1F3B
+1F34;GREEK SMALL LETTER IOTA WITH PSILI AND OXIA;Ll;0;L;1F30 0301;;;;N;;;1F3C;;1F3C
+1F35;GREEK SMALL LETTER IOTA WITH DASIA AND OXIA;Ll;0;L;1F31 0301;;;;N;;;1F3D;;1F3D
+1F36;GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI;Ll;0;L;1F30 0342;;;;N;;;1F3E;;1F3E
+1F37;GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI;Ll;0;L;1F31 0342;;;;N;;;1F3F;;1F3F
+1F38;GREEK CAPITAL LETTER IOTA WITH PSILI;Lu;0;L;0399 0313;;;;N;;;;1F30;
+1F39;GREEK CAPITAL LETTER IOTA WITH DASIA;Lu;0;L;0399 0314;;;;N;;;;1F31;
+1F3A;GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA;Lu;0;L;1F38 0300;;;;N;;;;1F32;
+1F3B;GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA;Lu;0;L;1F39 0300;;;;N;;;;1F33;
+1F3C;GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA;Lu;0;L;1F38 0301;;;;N;;;;1F34;
+1F3D;GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA;Lu;0;L;1F39 0301;;;;N;;;;1F35;
+1F3E;GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI;Lu;0;L;1F38 0342;;;;N;;;;1F36;
+1F3F;GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI;Lu;0;L;1F39 0342;;;;N;;;;1F37;
+1F40;GREEK SMALL LETTER OMICRON WITH PSILI;Ll;0;L;03BF 0313;;;;N;;;1F48;;1F48
+1F41;GREEK SMALL LETTER OMICRON WITH DASIA;Ll;0;L;03BF 0314;;;;N;;;1F49;;1F49
+1F42;GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA;Ll;0;L;1F40 0300;;;;N;;;1F4A;;1F4A
+1F43;GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA;Ll;0;L;1F41 0300;;;;N;;;1F4B;;1F4B
+1F44;GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA;Ll;0;L;1F40 0301;;;;N;;;1F4C;;1F4C
+1F45;GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA;Ll;0;L;1F41 0301;;;;N;;;1F4D;;1F4D
+1F48;GREEK CAPITAL LETTER OMICRON WITH PSILI;Lu;0;L;039F 0313;;;;N;;;;1F40;
+1F49;GREEK CAPITAL LETTER OMICRON WITH DASIA;Lu;0;L;039F 0314;;;;N;;;;1F41;
+1F4A;GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA;Lu;0;L;1F48 0300;;;;N;;;;1F42;
+1F4B;GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA;Lu;0;L;1F49 0300;;;;N;;;;1F43;
+1F4C;GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA;Lu;0;L;1F48 0301;;;;N;;;;1F44;
+1F4D;GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA;Lu;0;L;1F49 0301;;;;N;;;;1F45;
+1F50;GREEK SMALL LETTER UPSILON WITH PSILI;Ll;0;L;03C5 0313;;;;N;;;;;
+1F51;GREEK SMALL LETTER UPSILON WITH DASIA;Ll;0;L;03C5 0314;;;;N;;;1F59;;1F59
+1F52;GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA;Ll;0;L;1F50 0300;;;;N;;;;;
+1F53;GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA;Ll;0;L;1F51 0300;;;;N;;;1F5B;;1F5B
+1F54;GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA;Ll;0;L;1F50 0301;;;;N;;;;;
+1F55;GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA;Ll;0;L;1F51 0301;;;;N;;;1F5D;;1F5D
+1F56;GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI;Ll;0;L;1F50 0342;;;;N;;;;;
+1F57;GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI;Ll;0;L;1F51 0342;;;;N;;;1F5F;;1F5F
+1F59;GREEK CAPITAL LETTER UPSILON WITH DASIA;Lu;0;L;03A5 0314;;;;N;;;;1F51;
+1F5B;GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA;Lu;0;L;1F59 0300;;;;N;;;;1F53;
+1F5D;GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA;Lu;0;L;1F59 0301;;;;N;;;;1F55;
+1F5F;GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI;Lu;0;L;1F59 0342;;;;N;;;;1F57;
+1F60;GREEK SMALL LETTER OMEGA WITH PSILI;Ll;0;L;03C9 0313;;;;N;;;1F68;;1F68
+1F61;GREEK SMALL LETTER OMEGA WITH DASIA;Ll;0;L;03C9 0314;;;;N;;;1F69;;1F69
+1F62;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA;Ll;0;L;1F60 0300;;;;N;;;1F6A;;1F6A
+1F63;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA;Ll;0;L;1F61 0300;;;;N;;;1F6B;;1F6B
+1F64;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA;Ll;0;L;1F60 0301;;;;N;;;1F6C;;1F6C
+1F65;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA;Ll;0;L;1F61 0301;;;;N;;;1F6D;;1F6D
+1F66;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI;Ll;0;L;1F60 0342;;;;N;;;1F6E;;1F6E
+1F67;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI;Ll;0;L;1F61 0342;;;;N;;;1F6F;;1F6F
+1F68;GREEK CAPITAL LETTER OMEGA WITH PSILI;Lu;0;L;03A9 0313;;;;N;;;;1F60;
+1F69;GREEK CAPITAL LETTER OMEGA WITH DASIA;Lu;0;L;03A9 0314;;;;N;;;;1F61;
+1F6A;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA;Lu;0;L;1F68 0300;;;;N;;;;1F62;
+1F6B;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA;Lu;0;L;1F69 0300;;;;N;;;;1F63;
+1F6C;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA;Lu;0;L;1F68 0301;;;;N;;;;1F64;
+1F6D;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA;Lu;0;L;1F69 0301;;;;N;;;;1F65;
+1F6E;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI;Lu;0;L;1F68 0342;;;;N;;;;1F66;
+1F6F;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI;Lu;0;L;1F69 0342;;;;N;;;;1F67;
+1F70;GREEK SMALL LETTER ALPHA WITH VARIA;Ll;0;L;03B1 0300;;;;N;;;1FBA;;1FBA
+1F71;GREEK SMALL LETTER ALPHA WITH OXIA;Ll;0;L;03AC;;;;N;;;1FBB;;1FBB
+1F72;GREEK SMALL LETTER EPSILON WITH VARIA;Ll;0;L;03B5 0300;;;;N;;;1FC8;;1FC8
+1F73;GREEK SMALL LETTER EPSILON WITH OXIA;Ll;0;L;03AD;;;;N;;;1FC9;;1FC9
+1F74;GREEK SMALL LETTER ETA WITH VARIA;Ll;0;L;03B7 0300;;;;N;;;1FCA;;1FCA
+1F75;GREEK SMALL LETTER ETA WITH OXIA;Ll;0;L;03AE;;;;N;;;1FCB;;1FCB
+1F76;GREEK SMALL LETTER IOTA WITH VARIA;Ll;0;L;03B9 0300;;;;N;;;1FDA;;1FDA
+1F77;GREEK SMALL LETTER IOTA WITH OXIA;Ll;0;L;03AF;;;;N;;;1FDB;;1FDB
+1F78;GREEK SMALL LETTER OMICRON WITH VARIA;Ll;0;L;03BF 0300;;;;N;;;1FF8;;1FF8
+1F79;GREEK SMALL LETTER OMICRON WITH OXIA;Ll;0;L;03CC;;;;N;;;1FF9;;1FF9
+1F7A;GREEK SMALL LETTER UPSILON WITH VARIA;Ll;0;L;03C5 0300;;;;N;;;1FEA;;1FEA
+1F7B;GREEK SMALL LETTER UPSILON WITH OXIA;Ll;0;L;03CD;;;;N;;;1FEB;;1FEB
+1F7C;GREEK SMALL LETTER OMEGA WITH VARIA;Ll;0;L;03C9 0300;;;;N;;;1FFA;;1FFA
+1F7D;GREEK SMALL LETTER OMEGA WITH OXIA;Ll;0;L;03CE;;;;N;;;1FFB;;1FFB
+1F80;GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F00 0345;;;;N;;;1F88;;1F88
+1F81;GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F01 0345;;;;N;;;1F89;;1F89
+1F82;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F02 0345;;;;N;;;1F8A;;1F8A
+1F83;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F03 0345;;;;N;;;1F8B;;1F8B
+1F84;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F04 0345;;;;N;;;1F8C;;1F8C
+1F85;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F05 0345;;;;N;;;1F8D;;1F8D
+1F86;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F06 0345;;;;N;;;1F8E;;1F8E
+1F87;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F07 0345;;;;N;;;1F8F;;1F8F
+1F88;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F08 0345;;;;N;;;;1F80;
+1F89;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F09 0345;;;;N;;;;1F81;
+1F8A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0A 0345;;;;N;;;;1F82;
+1F8B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0B 0345;;;;N;;;;1F83;
+1F8C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0C 0345;;;;N;;;;1F84;
+1F8D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0D 0345;;;;N;;;;1F85;
+1F8E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0E 0345;;;;N;;;;1F86;
+1F8F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0F 0345;;;;N;;;;1F87;
+1F90;GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F20 0345;;;;N;;;1F98;;1F98
+1F91;GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F21 0345;;;;N;;;1F99;;1F99
+1F92;GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F22 0345;;;;N;;;1F9A;;1F9A
+1F93;GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F23 0345;;;;N;;;1F9B;;1F9B
+1F94;GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F24 0345;;;;N;;;1F9C;;1F9C
+1F95;GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F25 0345;;;;N;;;1F9D;;1F9D
+1F96;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F26 0345;;;;N;;;1F9E;;1F9E
+1F97;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F27 0345;;;;N;;;1F9F;;1F9F
+1F98;GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F28 0345;;;;N;;;;1F90;
+1F99;GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F29 0345;;;;N;;;;1F91;
+1F9A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2A 0345;;;;N;;;;1F92;
+1F9B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2B 0345;;;;N;;;;1F93;
+1F9C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2C 0345;;;;N;;;;1F94;
+1F9D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2D 0345;;;;N;;;;1F95;
+1F9E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2E 0345;;;;N;;;;1F96;
+1F9F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2F 0345;;;;N;;;;1F97;
+1FA0;GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F60 0345;;;;N;;;1FA8;;1FA8
+1FA1;GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F61 0345;;;;N;;;1FA9;;1FA9
+1FA2;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F62 0345;;;;N;;;1FAA;;1FAA
+1FA3;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F63 0345;;;;N;;;1FAB;;1FAB
+1FA4;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F64 0345;;;;N;;;1FAC;;1FAC
+1FA5;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F65 0345;;;;N;;;1FAD;;1FAD
+1FA6;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F66 0345;;;;N;;;1FAE;;1FAE
+1FA7;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F67 0345;;;;N;;;1FAF;;1FAF
+1FA8;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F68 0345;;;;N;;;;1FA0;
+1FA9;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F69 0345;;;;N;;;;1FA1;
+1FAA;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6A 0345;;;;N;;;;1FA2;
+1FAB;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6B 0345;;;;N;;;;1FA3;
+1FAC;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6C 0345;;;;N;;;;1FA4;
+1FAD;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6D 0345;;;;N;;;;1FA5;
+1FAE;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6E 0345;;;;N;;;;1FA6;
+1FAF;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6F 0345;;;;N;;;;1FA7;
+1FB0;GREEK SMALL LETTER ALPHA WITH VRACHY;Ll;0;L;03B1 0306;;;;N;;;1FB8;;1FB8
+1FB1;GREEK SMALL LETTER ALPHA WITH MACRON;Ll;0;L;03B1 0304;;;;N;;;1FB9;;1FB9
+1FB2;GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F70 0345;;;;N;;;;;
+1FB3;GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI;Ll;0;L;03B1 0345;;;;N;;;1FBC;;1FBC
+1FB4;GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AC 0345;;;;N;;;;;
+1FB6;GREEK SMALL LETTER ALPHA WITH PERISPOMENI;Ll;0;L;03B1 0342;;;;N;;;;;
+1FB7;GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FB6 0345;;;;N;;;;;
+1FB8;GREEK CAPITAL LETTER ALPHA WITH VRACHY;Lu;0;L;0391 0306;;;;N;;;;1FB0;
+1FB9;GREEK CAPITAL LETTER ALPHA WITH MACRON;Lu;0;L;0391 0304;;;;N;;;;1FB1;
+1FBA;GREEK CAPITAL LETTER ALPHA WITH VARIA;Lu;0;L;0391 0300;;;;N;;;;1F70;
+1FBB;GREEK CAPITAL LETTER ALPHA WITH OXIA;Lu;0;L;0386;;;;N;;;;1F71;
+1FBC;GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI;Lt;0;L;0391 0345;;;;N;;;;1FB3;
+1FBD;GREEK KORONIS;Sk;0;ON;<compat> 0020 0313;;;;N;;;;;
+1FBE;GREEK PROSGEGRAMMENI;Ll;0;L;03B9;;;;N;;;0399;;0399
+1FBF;GREEK PSILI;Sk;0;ON;<compat> 0020 0313;;;;N;;;;;
+1FC0;GREEK PERISPOMENI;Sk;0;ON;<compat> 0020 0342;;;;N;;;;;
+1FC1;GREEK DIALYTIKA AND PERISPOMENI;Sk;0;ON;00A8 0342;;;;N;;;;;
+1FC2;GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F74 0345;;;;N;;;;;
+1FC3;GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI;Ll;0;L;03B7 0345;;;;N;;;1FCC;;1FCC
+1FC4;GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AE 0345;;;;N;;;;;
+1FC6;GREEK SMALL LETTER ETA WITH PERISPOMENI;Ll;0;L;03B7 0342;;;;N;;;;;
+1FC7;GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FC6 0345;;;;N;;;;;
+1FC8;GREEK CAPITAL LETTER EPSILON WITH VARIA;Lu;0;L;0395 0300;;;;N;;;;1F72;
+1FC9;GREEK CAPITAL LETTER EPSILON WITH OXIA;Lu;0;L;0388;;;;N;;;;1F73;
+1FCA;GREEK CAPITAL LETTER ETA WITH VARIA;Lu;0;L;0397 0300;;;;N;;;;1F74;
+1FCB;GREEK CAPITAL LETTER ETA WITH OXIA;Lu;0;L;0389;;;;N;;;;1F75;
+1FCC;GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI;Lt;0;L;0397 0345;;;;N;;;;1FC3;
+1FCD;GREEK PSILI AND VARIA;Sk;0;ON;1FBF 0300;;;;N;;;;;
+1FCE;GREEK PSILI AND OXIA;Sk;0;ON;1FBF 0301;;;;N;;;;;
+1FCF;GREEK PSILI AND PERISPOMENI;Sk;0;ON;1FBF 0342;;;;N;;;;;
+1FD0;GREEK SMALL LETTER IOTA WITH VRACHY;Ll;0;L;03B9 0306;;;;N;;;1FD8;;1FD8
+1FD1;GREEK SMALL LETTER IOTA WITH MACRON;Ll;0;L;03B9 0304;;;;N;;;1FD9;;1FD9
+1FD2;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA;Ll;0;L;03CA 0300;;;;N;;;;;
+1FD3;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA;Ll;0;L;0390;;;;N;;;;;
+1FD6;GREEK SMALL LETTER IOTA WITH PERISPOMENI;Ll;0;L;03B9 0342;;;;N;;;;;
+1FD7;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CA 0342;;;;N;;;;;
+1FD8;GREEK CAPITAL LETTER IOTA WITH VRACHY;Lu;0;L;0399 0306;;;;N;;;;1FD0;
+1FD9;GREEK CAPITAL LETTER IOTA WITH MACRON;Lu;0;L;0399 0304;;;;N;;;;1FD1;
+1FDA;GREEK CAPITAL LETTER IOTA WITH VARIA;Lu;0;L;0399 0300;;;;N;;;;1F76;
+1FDB;GREEK CAPITAL LETTER IOTA WITH OXIA;Lu;0;L;038A;;;;N;;;;1F77;
+1FDD;GREEK DASIA AND VARIA;Sk;0;ON;1FFE 0300;;;;N;;;;;
+1FDE;GREEK DASIA AND OXIA;Sk;0;ON;1FFE 0301;;;;N;;;;;
+1FDF;GREEK DASIA AND PERISPOMENI;Sk;0;ON;1FFE 0342;;;;N;;;;;
+1FE0;GREEK SMALL LETTER UPSILON WITH VRACHY;Ll;0;L;03C5 0306;;;;N;;;1FE8;;1FE8
+1FE1;GREEK SMALL LETTER UPSILON WITH MACRON;Ll;0;L;03C5 0304;;;;N;;;1FE9;;1FE9
+1FE2;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA;Ll;0;L;03CB 0300;;;;N;;;;;
+1FE3;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA;Ll;0;L;03B0;;;;N;;;;;
+1FE4;GREEK SMALL LETTER RHO WITH PSILI;Ll;0;L;03C1 0313;;;;N;;;;;
+1FE5;GREEK SMALL LETTER RHO WITH DASIA;Ll;0;L;03C1 0314;;;;N;;;1FEC;;1FEC
+1FE6;GREEK SMALL LETTER UPSILON WITH PERISPOMENI;Ll;0;L;03C5 0342;;;;N;;;;;
+1FE7;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CB 0342;;;;N;;;;;
+1FE8;GREEK CAPITAL LETTER UPSILON WITH VRACHY;Lu;0;L;03A5 0306;;;;N;;;;1FE0;
+1FE9;GREEK CAPITAL LETTER UPSILON WITH MACRON;Lu;0;L;03A5 0304;;;;N;;;;1FE1;
+1FEA;GREEK CAPITAL LETTER UPSILON WITH VARIA;Lu;0;L;03A5 0300;;;;N;;;;1F7A;
+1FEB;GREEK CAPITAL LETTER UPSILON WITH OXIA;Lu;0;L;038E;;;;N;;;;1F7B;
+1FEC;GREEK CAPITAL LETTER RHO WITH DASIA;Lu;0;L;03A1 0314;;;;N;;;;1FE5;
+1FED;GREEK DIALYTIKA AND VARIA;Sk;0;ON;00A8 0300;;;;N;;;;;
+1FEE;GREEK DIALYTIKA AND OXIA;Sk;0;ON;0385;;;;N;;;;;
+1FEF;GREEK VARIA;Sk;0;ON;0060;;;;N;;;;;
+1FF2;GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F7C 0345;;;;N;;;;;
+1FF3;GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI;Ll;0;L;03C9 0345;;;;N;;;1FFC;;1FFC
+1FF4;GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03CE 0345;;;;N;;;;;
+1FF6;GREEK SMALL LETTER OMEGA WITH PERISPOMENI;Ll;0;L;03C9 0342;;;;N;;;;;
+1FF7;GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FF6 0345;;;;N;;;;;
+1FF8;GREEK CAPITAL LETTER OMICRON WITH VARIA;Lu;0;L;039F 0300;;;;N;;;;1F78;
+1FF9;GREEK CAPITAL LETTER OMICRON WITH OXIA;Lu;0;L;038C;;;;N;;;;1F79;
+1FFA;GREEK CAPITAL LETTER OMEGA WITH VARIA;Lu;0;L;03A9 0300;;;;N;;;;1F7C;
+1FFB;GREEK CAPITAL LETTER OMEGA WITH OXIA;Lu;0;L;038F;;;;N;;;;1F7D;
+1FFC;GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI;Lt;0;L;03A9 0345;;;;N;;;;1FF3;
+1FFD;GREEK OXIA;Sk;0;ON;00B4;;;;N;;;;;
+1FFE;GREEK DASIA;Sk;0;ON;<compat> 0020 0314;;;;N;;;;;
+2000;EN QUAD;Zs;0;WS;2002;;;;N;;;;;
+2001;EM QUAD;Zs;0;WS;2003;;;;N;;;;;
+2002;EN SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2003;EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2004;THREE-PER-EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2005;FOUR-PER-EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2006;SIX-PER-EM SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2007;FIGURE SPACE;Zs;0;WS;<noBreak> 0020;;;;N;;;;;
+2008;PUNCTUATION SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2009;THIN SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+200A;HAIR SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+200B;ZERO WIDTH SPACE;Zs;0;BN;;;;;N;;;;;
+200C;ZERO WIDTH NON-JOINER;Cf;0;BN;;;;;N;;;;;
+200D;ZERO WIDTH JOINER;Cf;0;BN;;;;;N;;;;;
+200E;LEFT-TO-RIGHT MARK;Cf;0;L;;;;;N;;;;;
+200F;RIGHT-TO-LEFT MARK;Cf;0;R;;;;;N;;;;;
+2010;HYPHEN;Pd;0;ON;;;;;N;;;;;
+2011;NON-BREAKING HYPHEN;Pd;0;ON;<noBreak> 2010;;;;N;;;;;
+2012;FIGURE DASH;Pd;0;ON;;;;;N;;;;;
+2013;EN DASH;Pd;0;ON;;;;;N;;;;;
+2014;EM DASH;Pd;0;ON;;;;;N;;;;;
+2015;HORIZONTAL BAR;Pd;0;ON;;;;;N;QUOTATION DASH;;;;
+2016;DOUBLE VERTICAL LINE;Po;0;ON;;;;;N;DOUBLE VERTICAL BAR;;;;
+2017;DOUBLE LOW LINE;Po;0;ON;<compat> 0020 0333;;;;N;SPACING DOUBLE UNDERSCORE;;;;
+2018;LEFT SINGLE QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE TURNED COMMA QUOTATION MARK;;;;
+2019;RIGHT SINGLE QUOTATION MARK;Pf;0;ON;;;;;N;SINGLE COMMA QUOTATION MARK;;;;
+201A;SINGLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW SINGLE COMMA QUOTATION MARK;;;;
+201B;SINGLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE REVERSED COMMA QUOTATION MARK;;;;
+201C;LEFT DOUBLE QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE TURNED COMMA QUOTATION MARK;;;;
+201D;RIGHT DOUBLE QUOTATION MARK;Pf;0;ON;;;;;N;DOUBLE COMMA QUOTATION MARK;;;;
+201E;DOUBLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW DOUBLE COMMA QUOTATION MARK;;;;
+201F;DOUBLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE REVERSED COMMA QUOTATION MARK;;;;
+2020;DAGGER;Po;0;ON;;;;;N;;;;;
+2021;DOUBLE DAGGER;Po;0;ON;;;;;N;;;;;
+2022;BULLET;Po;0;ON;;;;;N;;;;;
+2023;TRIANGULAR BULLET;Po;0;ON;;;;;N;;;;;
+2024;ONE DOT LEADER;Po;0;ON;<compat> 002E;;;;N;;;;;
+2025;TWO DOT LEADER;Po;0;ON;<compat> 002E 002E;;;;N;;;;;
+2026;HORIZONTAL ELLIPSIS;Po;0;ON;<compat> 002E 002E 002E;;;;N;;;;;
+2027;HYPHENATION POINT;Po;0;ON;;;;;N;;;;;
+2028;LINE SEPARATOR;Zl;0;WS;;;;;N;;;;;
+2029;PARAGRAPH SEPARATOR;Zp;0;B;;;;;N;;;;;
+202A;LEFT-TO-RIGHT EMBEDDING;Cf;0;LRE;;;;;N;;;;;
+202B;RIGHT-TO-LEFT EMBEDDING;Cf;0;RLE;;;;;N;;;;;
+202C;POP DIRECTIONAL FORMATTING;Cf;0;PDF;;;;;N;;;;;
+202D;LEFT-TO-RIGHT OVERRIDE;Cf;0;LRO;;;;;N;;;;;
+202E;RIGHT-TO-LEFT OVERRIDE;Cf;0;RLO;;;;;N;;;;;
+202F;NARROW NO-BREAK SPACE;Zs;0;WS;<noBreak> 0020;;;;N;;;;;
+2030;PER MILLE SIGN;Po;0;ET;;;;;N;;;;;
+2031;PER TEN THOUSAND SIGN;Po;0;ET;;;;;N;;;;;
+2032;PRIME;Po;0;ET;;;;;N;;;;;
+2033;DOUBLE PRIME;Po;0;ET;<compat> 2032 2032;;;;N;;;;;
+2034;TRIPLE PRIME;Po;0;ET;<compat> 2032 2032 2032;;;;N;;;;;
+2035;REVERSED PRIME;Po;0;ON;;;;;N;;;;;
+2036;REVERSED DOUBLE PRIME;Po;0;ON;<compat> 2035 2035;;;;N;;;;;
+2037;REVERSED TRIPLE PRIME;Po;0;ON;<compat> 2035 2035 2035;;;;N;;;;;
+2038;CARET;Po;0;ON;;;;;N;;;;;
+2039;SINGLE LEFT-POINTING ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING SINGLE GUILLEMET;;;;
+203A;SINGLE RIGHT-POINTING ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING SINGLE GUILLEMET;;;;
+203B;REFERENCE MARK;Po;0;ON;;;;;N;;;;;
+203C;DOUBLE EXCLAMATION MARK;Po;0;ON;<compat> 0021 0021;;;;N;;;;;
+203D;INTERROBANG;Po;0;ON;;;;;N;;;;;
+203E;OVERLINE;Po;0;ON;<compat> 0020 0305;;;;N;SPACING OVERSCORE;;;;
+203F;UNDERTIE;Pc;0;ON;;;;;N;;Enotikon;;;
+2040;CHARACTER TIE;Pc;0;ON;;;;;N;;;;;
+2041;CARET INSERTION POINT;Po;0;ON;;;;;N;;;;;
+2042;ASTERISM;Po;0;ON;;;;;N;;;;;
+2043;HYPHEN BULLET;Po;0;ON;;;;;N;;;;;
+2044;FRACTION SLASH;Sm;0;ON;;;;;N;;;;;
+2045;LEFT SQUARE BRACKET WITH QUILL;Ps;0;ON;;;;;Y;;;;;
+2046;RIGHT SQUARE BRACKET WITH QUILL;Pe;0;ON;;;;;Y;;;;;
+2047;DOUBLE QUESTION MARK;Po;0;ON;<compat> 003F 003F;;;;N;;;;;
+2048;QUESTION EXCLAMATION MARK;Po;0;ON;<compat> 003F 0021;;;;N;;;;;
+2049;EXCLAMATION QUESTION MARK;Po;0;ON;<compat> 0021 003F;;;;N;;;;;
+204A;TIRONIAN SIGN ET;Po;0;ON;;;;;N;;;;;
+204B;REVERSED PILCROW SIGN;Po;0;ON;;;;;N;;;;;
+204C;BLACK LEFTWARDS BULLET;Po;0;ON;;;;;N;;;;;
+204D;BLACK RIGHTWARDS BULLET;Po;0;ON;;;;;N;;;;;
+204E;LOW ASTERISK;Po;0;ON;;;;;N;;;;;
+204F;REVERSED SEMICOLON;Po;0;ON;;;;;N;;;;;
+2050;CLOSE UP;Po;0;ON;;;;;N;;;;;
+2051;TWO ASTERISKS ALIGNED VERTICALLY;Po;0;ON;;;;;N;;;;;
+2052;COMMERCIAL MINUS SIGN;Sm;0;ON;;;;;N;;;;;
+2057;QUADRUPLE PRIME;Po;0;ON;<compat> 2032 2032 2032 2032;;;;N;;;;;
+205F;MEDIUM MATHEMATICAL SPACE;Zs;0;WS;<compat> 0020;;;;N;;;;;
+2060;WORD JOINER;Cf;0;BN;;;;;N;;;;;
+2061;FUNCTION APPLICATION;Cf;0;BN;;;;;N;;;;;
+2062;INVISIBLE TIMES;Cf;0;BN;;;;;N;;;;;
+2063;INVISIBLE SEPARATOR;Cf;0;BN;;;;;N;;;;;
+206A;INHIBIT SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;;
+206B;ACTIVATE SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;;
+206C;INHIBIT ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;;
+206D;ACTIVATE ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;;
+206E;NATIONAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;;
+206F;NOMINAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;;
+2070;SUPERSCRIPT ZERO;No;0;EN;<super> 0030;0;0;0;N;SUPERSCRIPT DIGIT ZERO;;;;
+2071;SUPERSCRIPT LATIN SMALL LETTER I;Ll;0;L;<super> 0069;;;;N;;;;;
+2074;SUPERSCRIPT FOUR;No;0;EN;<super> 0034;4;4;4;N;SUPERSCRIPT DIGIT FOUR;;;;
+2075;SUPERSCRIPT FIVE;No;0;EN;<super> 0035;5;5;5;N;SUPERSCRIPT DIGIT FIVE;;;;
+2076;SUPERSCRIPT SIX;No;0;EN;<super> 0036;6;6;6;N;SUPERSCRIPT DIGIT SIX;;;;
+2077;SUPERSCRIPT SEVEN;No;0;EN;<super> 0037;7;7;7;N;SUPERSCRIPT DIGIT SEVEN;;;;
+2078;SUPERSCRIPT EIGHT;No;0;EN;<super> 0038;8;8;8;N;SUPERSCRIPT DIGIT EIGHT;;;;
+2079;SUPERSCRIPT NINE;No;0;EN;<super> 0039;9;9;9;N;SUPERSCRIPT DIGIT NINE;;;;
+207A;SUPERSCRIPT PLUS SIGN;Sm;0;ET;<super> 002B;;;;N;;;;;
+207B;SUPERSCRIPT MINUS;Sm;0;ET;<super> 2212;;;;N;SUPERSCRIPT HYPHEN-MINUS;;;;
+207C;SUPERSCRIPT EQUALS SIGN;Sm;0;ON;<super> 003D;;;;N;;;;;
+207D;SUPERSCRIPT LEFT PARENTHESIS;Ps;0;ON;<super> 0028;;;;Y;SUPERSCRIPT OPENING PARENTHESIS;;;;
+207E;SUPERSCRIPT RIGHT PARENTHESIS;Pe;0;ON;<super> 0029;;;;Y;SUPERSCRIPT CLOSING PARENTHESIS;;;;
+207F;SUPERSCRIPT LATIN SMALL LETTER N;Ll;0;L;<super> 006E;;;;N;;;;;
+2080;SUBSCRIPT ZERO;No;0;EN;<sub> 0030;0;0;0;N;SUBSCRIPT DIGIT ZERO;;;;
+2081;SUBSCRIPT ONE;No;0;EN;<sub> 0031;1;1;1;N;SUBSCRIPT DIGIT ONE;;;;
+2082;SUBSCRIPT TWO;No;0;EN;<sub> 0032;2;2;2;N;SUBSCRIPT DIGIT TWO;;;;
+2083;SUBSCRIPT THREE;No;0;EN;<sub> 0033;3;3;3;N;SUBSCRIPT DIGIT THREE;;;;
+2084;SUBSCRIPT FOUR;No;0;EN;<sub> 0034;4;4;4;N;SUBSCRIPT DIGIT FOUR;;;;
+2085;SUBSCRIPT FIVE;No;0;EN;<sub> 0035;5;5;5;N;SUBSCRIPT DIGIT FIVE;;;;
+2086;SUBSCRIPT SIX;No;0;EN;<sub> 0036;6;6;6;N;SUBSCRIPT DIGIT SIX;;;;
+2087;SUBSCRIPT SEVEN;No;0;EN;<sub> 0037;7;7;7;N;SUBSCRIPT DIGIT SEVEN;;;;
+2088;SUBSCRIPT EIGHT;No;0;EN;<sub> 0038;8;8;8;N;SUBSCRIPT DIGIT EIGHT;;;;
+2089;SUBSCRIPT NINE;No;0;EN;<sub> 0039;9;9;9;N;SUBSCRIPT DIGIT NINE;;;;
+208A;SUBSCRIPT PLUS SIGN;Sm;0;ET;<sub> 002B;;;;N;;;;;
+208B;SUBSCRIPT MINUS;Sm;0;ET;<sub> 2212;;;;N;SUBSCRIPT HYPHEN-MINUS;;;;
+208C;SUBSCRIPT EQUALS SIGN;Sm;0;ON;<sub> 003D;;;;N;;;;;
+208D;SUBSCRIPT LEFT PARENTHESIS;Ps;0;ON;<sub> 0028;;;;Y;SUBSCRIPT OPENING PARENTHESIS;;;;
+208E;SUBSCRIPT RIGHT PARENTHESIS;Pe;0;ON;<sub> 0029;;;;Y;SUBSCRIPT CLOSING PARENTHESIS;;;;
+20A0;EURO-CURRENCY SIGN;Sc;0;ET;;;;;N;;;;;
+20A1;COLON SIGN;Sc;0;ET;;;;;N;;;;;
+20A2;CRUZEIRO SIGN;Sc;0;ET;;;;;N;;;;;
+20A3;FRENCH FRANC SIGN;Sc;0;ET;;;;;N;;;;;
+20A4;LIRA SIGN;Sc;0;ET;;;;;N;;;;;
+20A5;MILL SIGN;Sc;0;ET;;;;;N;;;;;
+20A6;NAIRA SIGN;Sc;0;ET;;;;;N;;;;;
+20A7;PESETA SIGN;Sc;0;ET;;;;;N;;;;;
+20A8;RUPEE SIGN;Sc;0;ET;<compat> 0052 0073;;;;N;;;;;
+20A9;WON SIGN;Sc;0;ET;;;;;N;;;;;
+20AA;NEW SHEQEL SIGN;Sc;0;ET;;;;;N;;;;;
+20AB;DONG SIGN;Sc;0;ET;;;;;N;;;;;
+20AC;EURO SIGN;Sc;0;ET;;;;;N;;;;;
+20AD;KIP SIGN;Sc;0;ET;;;;;N;;;;;
+20AE;TUGRIK SIGN;Sc;0;ET;;;;;N;;;;;
+20AF;DRACHMA SIGN;Sc;0;ET;;;;;N;;;;;
+20B0;GERMAN PENNY SIGN;Sc;0;ET;;;;;N;;;;;
+20B1;PESO SIGN;Sc;0;ET;;;;;N;;;;;
+20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;;
+20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;;
+20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;;
+20D3;COMBINING SHORT VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT VERTICAL BAR OVERLAY;;;;
+20D4;COMBINING ANTICLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING ANTICLOCKWISE ARROW ABOVE;;;;
+20D5;COMBINING CLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING CLOCKWISE ARROW ABOVE;;;;
+20D6;COMBINING LEFT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT ARROW ABOVE;;;;
+20D7;COMBINING RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT ARROW ABOVE;;;;
+20D8;COMBINING RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING RING OVERLAY;;;;
+20D9;COMBINING CLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING CLOCKWISE RING OVERLAY;;;;
+20DA;COMBINING ANTICLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING ANTICLOCKWISE RING OVERLAY;;;;
+20DB;COMBINING THREE DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING THREE DOTS ABOVE;;;;
+20DC;COMBINING FOUR DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING FOUR DOTS ABOVE;;;;
+20DD;COMBINING ENCLOSING CIRCLE;Me;0;NSM;;;;;N;ENCLOSING CIRCLE;;;;
+20DE;COMBINING ENCLOSING SQUARE;Me;0;NSM;;;;;N;ENCLOSING SQUARE;;;;
+20DF;COMBINING ENCLOSING DIAMOND;Me;0;NSM;;;;;N;ENCLOSING DIAMOND;;;;
+20E0;COMBINING ENCLOSING CIRCLE BACKSLASH;Me;0;NSM;;;;;N;ENCLOSING CIRCLE SLASH;;;;
+20E1;COMBINING LEFT RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT RIGHT ARROW ABOVE;;;;
+20E2;COMBINING ENCLOSING SCREEN;Me;0;NSM;;;;;N;;;;;
+20E3;COMBINING ENCLOSING KEYCAP;Me;0;NSM;;;;;N;;;;;
+20E4;COMBINING ENCLOSING UPWARD POINTING TRIANGLE;Me;0;NSM;;;;;N;;;;;
+20E5;COMBINING REVERSE SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;;;;;
+20E6;COMBINING DOUBLE VERTICAL STROKE OVERLAY;Mn;1;NSM;;;;;N;;;;;
+20E7;COMBINING ANNUITY SYMBOL;Mn;230;NSM;;;;;N;;;;;
+20E8;COMBINING TRIPLE UNDERDOT;Mn;220;NSM;;;;;N;;;;;
+20E9;COMBINING WIDE BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;;
+20EA;COMBINING LEFTWARDS ARROW OVERLAY;Mn;1;NSM;;;;;N;;;;;
+2100;ACCOUNT OF;So;0;ON;<compat> 0061 002F 0063;;;;N;;;;;
+2101;ADDRESSED TO THE SUBJECT;So;0;ON;<compat> 0061 002F 0073;;;;N;;;;;
+2102;DOUBLE-STRUCK CAPITAL C;Lu;0;L;<font> 0043;;;;N;DOUBLE-STRUCK C;;;;
+2103;DEGREE CELSIUS;So;0;ON;<compat> 00B0 0043;;;;N;DEGREES CENTIGRADE;;;;
+2104;CENTRE LINE SYMBOL;So;0;ON;;;;;N;C L SYMBOL;;;;
+2105;CARE OF;So;0;ON;<compat> 0063 002F 006F;;;;N;;;;;
+2106;CADA UNA;So;0;ON;<compat> 0063 002F 0075;;;;N;;;;;
+2107;EULER CONSTANT;Lu;0;L;<compat> 0190;;;;N;EULERS;;;;
+2108;SCRUPLE;So;0;ON;;;;;N;;;;;
+2109;DEGREE FAHRENHEIT;So;0;ON;<compat> 00B0 0046;;;;N;DEGREES FAHRENHEIT;;;;
+210A;SCRIPT SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+210B;SCRIPT CAPITAL H;Lu;0;L;<font> 0048;;;;N;SCRIPT H;;;;
+210C;BLACK-LETTER CAPITAL H;Lu;0;L;<font> 0048;;;;N;BLACK-LETTER H;;;;
+210D;DOUBLE-STRUCK CAPITAL H;Lu;0;L;<font> 0048;;;;N;DOUBLE-STRUCK H;;;;
+210E;PLANCK CONSTANT;Ll;0;L;<font> 0068;;;;N;;;;;
+210F;PLANCK CONSTANT OVER TWO PI;Ll;0;L;<font> 0127;;;;N;PLANCK CONSTANT OVER 2 PI;;;;
+2110;SCRIPT CAPITAL I;Lu;0;L;<font> 0049;;;;N;SCRIPT I;;;;
+2111;BLACK-LETTER CAPITAL I;Lu;0;L;<font> 0049;;;;N;BLACK-LETTER I;;;;
+2112;SCRIPT CAPITAL L;Lu;0;L;<font> 004C;;;;N;SCRIPT L;;;;
+2113;SCRIPT SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+2114;L B BAR SYMBOL;So;0;ON;;;;;N;;;;;
+2115;DOUBLE-STRUCK CAPITAL N;Lu;0;L;<font> 004E;;;;N;DOUBLE-STRUCK N;;;;
+2116;NUMERO SIGN;So;0;ON;<compat> 004E 006F;;;;N;NUMERO;;;;
+2117;SOUND RECORDING COPYRIGHT;So;0;ON;;;;;N;;;;;
+2118;SCRIPT CAPITAL P;So;0;ON;;;;;N;SCRIPT P;;;;
+2119;DOUBLE-STRUCK CAPITAL P;Lu;0;L;<font> 0050;;;;N;DOUBLE-STRUCK P;;;;
+211A;DOUBLE-STRUCK CAPITAL Q;Lu;0;L;<font> 0051;;;;N;DOUBLE-STRUCK Q;;;;
+211B;SCRIPT CAPITAL R;Lu;0;L;<font> 0052;;;;N;SCRIPT R;;;;
+211C;BLACK-LETTER CAPITAL R;Lu;0;L;<font> 0052;;;;N;BLACK-LETTER R;;;;
+211D;DOUBLE-STRUCK CAPITAL R;Lu;0;L;<font> 0052;;;;N;DOUBLE-STRUCK R;;;;
+211E;PRESCRIPTION TAKE;So;0;ON;;;;;N;;;;;
+211F;RESPONSE;So;0;ON;;;;;N;;;;;
+2120;SERVICE MARK;So;0;ON;<super> 0053 004D;;;;N;;;;;
+2121;TELEPHONE SIGN;So;0;ON;<compat> 0054 0045 004C;;;;N;T E L SYMBOL;;;;
+2122;TRADE MARK SIGN;So;0;ON;<super> 0054 004D;;;;N;TRADEMARK;;;;
+2123;VERSICLE;So;0;ON;;;;;N;;;;;
+2124;DOUBLE-STRUCK CAPITAL Z;Lu;0;L;<font> 005A;;;;N;DOUBLE-STRUCK Z;;;;
+2125;OUNCE SIGN;So;0;ON;;;;;N;OUNCE;;;;
+2126;OHM SIGN;Lu;0;L;03A9;;;;N;OHM;;;03C9;
+2127;INVERTED OHM SIGN;So;0;ON;;;;;N;MHO;;;;
+2128;BLACK-LETTER CAPITAL Z;Lu;0;L;<font> 005A;;;;N;BLACK-LETTER Z;;;;
+2129;TURNED GREEK SMALL LETTER IOTA;So;0;ON;;;;;N;;;;;
+212A;KELVIN SIGN;Lu;0;L;004B;;;;N;DEGREES KELVIN;;;006B;
+212B;ANGSTROM SIGN;Lu;0;L;00C5;;;;N;ANGSTROM UNIT;;;00E5;
+212C;SCRIPT CAPITAL B;Lu;0;L;<font> 0042;;;;N;SCRIPT B;;;;
+212D;BLACK-LETTER CAPITAL C;Lu;0;L;<font> 0043;;;;N;BLACK-LETTER C;;;;
+212E;ESTIMATED SYMBOL;So;0;ET;;;;;N;;;;;
+212F;SCRIPT SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+2130;SCRIPT CAPITAL E;Lu;0;L;<font> 0045;;;;N;SCRIPT E;;;;
+2131;SCRIPT CAPITAL F;Lu;0;L;<font> 0046;;;;N;SCRIPT F;;;;
+2132;TURNED CAPITAL F;So;0;ON;;;;;N;TURNED F;;;;
+2133;SCRIPT CAPITAL M;Lu;0;L;<font> 004D;;;;N;SCRIPT M;;;;
+2134;SCRIPT SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+2135;ALEF SYMBOL;Lo;0;L;<compat> 05D0;;;;N;FIRST TRANSFINITE CARDINAL;;;;
+2136;BET SYMBOL;Lo;0;L;<compat> 05D1;;;;N;SECOND TRANSFINITE CARDINAL;;;;
+2137;GIMEL SYMBOL;Lo;0;L;<compat> 05D2;;;;N;THIRD TRANSFINITE CARDINAL;;;;
+2138;DALET SYMBOL;Lo;0;L;<compat> 05D3;;;;N;FOURTH TRANSFINITE CARDINAL;;;;
+2139;INFORMATION SOURCE;Ll;0;L;<font> 0069;;;;N;;;;;
+213A;ROTATED CAPITAL Q;So;0;ON;;;;;N;;;;;
+213D;DOUBLE-STRUCK SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+213E;DOUBLE-STRUCK CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+213F;DOUBLE-STRUCK CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+2140;DOUBLE-STRUCK N-ARY SUMMATION;Sm;0;ON;<font> 2211;;;;Y;;;;;
+2141;TURNED SANS-SERIF CAPITAL G;Sm;0;ON;;;;;N;;;;;
+2142;TURNED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;;
+2143;REVERSED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;;
+2144;TURNED SANS-SERIF CAPITAL Y;Sm;0;ON;;;;;N;;;;;
+2145;DOUBLE-STRUCK ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+2146;DOUBLE-STRUCK ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+2147;DOUBLE-STRUCK ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+2148;DOUBLE-STRUCK ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+2149;DOUBLE-STRUCK ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+214A;PROPERTY LINE;So;0;ON;;;;;N;;;;;
+214B;TURNED AMPERSAND;Sm;0;ON;;;;;N;;;;;
+2153;VULGAR FRACTION ONE THIRD;No;0;ON;<fraction> 0031 2044 0033;;;1/3;N;FRACTION ONE THIRD;;;;
+2154;VULGAR FRACTION TWO THIRDS;No;0;ON;<fraction> 0032 2044 0033;;;2/3;N;FRACTION TWO THIRDS;;;;
+2155;VULGAR FRACTION ONE FIFTH;No;0;ON;<fraction> 0031 2044 0035;;;1/5;N;FRACTION ONE FIFTH;;;;
+2156;VULGAR FRACTION TWO FIFTHS;No;0;ON;<fraction> 0032 2044 0035;;;2/5;N;FRACTION TWO FIFTHS;;;;
+2157;VULGAR FRACTION THREE FIFTHS;No;0;ON;<fraction> 0033 2044 0035;;;3/5;N;FRACTION THREE FIFTHS;;;;
+2158;VULGAR FRACTION FOUR FIFTHS;No;0;ON;<fraction> 0034 2044 0035;;;4/5;N;FRACTION FOUR FIFTHS;;;;
+2159;VULGAR FRACTION ONE SIXTH;No;0;ON;<fraction> 0031 2044 0036;;;1/6;N;FRACTION ONE SIXTH;;;;
+215A;VULGAR FRACTION FIVE SIXTHS;No;0;ON;<fraction> 0035 2044 0036;;;5/6;N;FRACTION FIVE SIXTHS;;;;
+215B;VULGAR FRACTION ONE EIGHTH;No;0;ON;<fraction> 0031 2044 0038;;;1/8;N;FRACTION ONE EIGHTH;;;;
+215C;VULGAR FRACTION THREE EIGHTHS;No;0;ON;<fraction> 0033 2044 0038;;;3/8;N;FRACTION THREE EIGHTHS;;;;
+215D;VULGAR FRACTION FIVE EIGHTHS;No;0;ON;<fraction> 0035 2044 0038;;;5/8;N;FRACTION FIVE EIGHTHS;;;;
+215E;VULGAR FRACTION SEVEN EIGHTHS;No;0;ON;<fraction> 0037 2044 0038;;;7/8;N;FRACTION SEVEN EIGHTHS;;;;
+215F;FRACTION NUMERATOR ONE;No;0;ON;<fraction> 0031 2044;;;1;N;;;;;
+2160;ROMAN NUMERAL ONE;Nl;0;L;<compat> 0049;;;1;N;;;;2170;
+2161;ROMAN NUMERAL TWO;Nl;0;L;<compat> 0049 0049;;;2;N;;;;2171;
+2162;ROMAN NUMERAL THREE;Nl;0;L;<compat> 0049 0049 0049;;;3;N;;;;2172;
+2163;ROMAN NUMERAL FOUR;Nl;0;L;<compat> 0049 0056;;;4;N;;;;2173;
+2164;ROMAN NUMERAL FIVE;Nl;0;L;<compat> 0056;;;5;N;;;;2174;
+2165;ROMAN NUMERAL SIX;Nl;0;L;<compat> 0056 0049;;;6;N;;;;2175;
+2166;ROMAN NUMERAL SEVEN;Nl;0;L;<compat> 0056 0049 0049;;;7;N;;;;2176;
+2167;ROMAN NUMERAL EIGHT;Nl;0;L;<compat> 0056 0049 0049 0049;;;8;N;;;;2177;
+2168;ROMAN NUMERAL NINE;Nl;0;L;<compat> 0049 0058;;;9;N;;;;2178;
+2169;ROMAN NUMERAL TEN;Nl;0;L;<compat> 0058;;;10;N;;;;2179;
+216A;ROMAN NUMERAL ELEVEN;Nl;0;L;<compat> 0058 0049;;;11;N;;;;217A;
+216B;ROMAN NUMERAL TWELVE;Nl;0;L;<compat> 0058 0049 0049;;;12;N;;;;217B;
+216C;ROMAN NUMERAL FIFTY;Nl;0;L;<compat> 004C;;;50;N;;;;217C;
+216D;ROMAN NUMERAL ONE HUNDRED;Nl;0;L;<compat> 0043;;;100;N;;;;217D;
+216E;ROMAN NUMERAL FIVE HUNDRED;Nl;0;L;<compat> 0044;;;500;N;;;;217E;
+216F;ROMAN NUMERAL ONE THOUSAND;Nl;0;L;<compat> 004D;;;1000;N;;;;217F;
+2170;SMALL ROMAN NUMERAL ONE;Nl;0;L;<compat> 0069;;;1;N;;;2160;;2160
+2171;SMALL ROMAN NUMERAL TWO;Nl;0;L;<compat> 0069 0069;;;2;N;;;2161;;2161
+2172;SMALL ROMAN NUMERAL THREE;Nl;0;L;<compat> 0069 0069 0069;;;3;N;;;2162;;2162
+2173;SMALL ROMAN NUMERAL FOUR;Nl;0;L;<compat> 0069 0076;;;4;N;;;2163;;2163
+2174;SMALL ROMAN NUMERAL FIVE;Nl;0;L;<compat> 0076;;;5;N;;;2164;;2164
+2175;SMALL ROMAN NUMERAL SIX;Nl;0;L;<compat> 0076 0069;;;6;N;;;2165;;2165
+2176;SMALL ROMAN NUMERAL SEVEN;Nl;0;L;<compat> 0076 0069 0069;;;7;N;;;2166;;2166
+2177;SMALL ROMAN NUMERAL EIGHT;Nl;0;L;<compat> 0076 0069 0069 0069;;;8;N;;;2167;;2167
+2178;SMALL ROMAN NUMERAL NINE;Nl;0;L;<compat> 0069 0078;;;9;N;;;2168;;2168
+2179;SMALL ROMAN NUMERAL TEN;Nl;0;L;<compat> 0078;;;10;N;;;2169;;2169
+217A;SMALL ROMAN NUMERAL ELEVEN;Nl;0;L;<compat> 0078 0069;;;11;N;;;216A;;216A
+217B;SMALL ROMAN NUMERAL TWELVE;Nl;0;L;<compat> 0078 0069 0069;;;12;N;;;216B;;216B
+217C;SMALL ROMAN NUMERAL FIFTY;Nl;0;L;<compat> 006C;;;50;N;;;216C;;216C
+217D;SMALL ROMAN NUMERAL ONE HUNDRED;Nl;0;L;<compat> 0063;;;100;N;;;216D;;216D
+217E;SMALL ROMAN NUMERAL FIVE HUNDRED;Nl;0;L;<compat> 0064;;;500;N;;;216E;;216E
+217F;SMALL ROMAN NUMERAL ONE THOUSAND;Nl;0;L;<compat> 006D;;;1000;N;;;216F;;216F
+2180;ROMAN NUMERAL ONE THOUSAND C D;Nl;0;L;;;;1000;N;;;;;
+2181;ROMAN NUMERAL FIVE THOUSAND;Nl;0;L;;;;5000;N;;;;;
+2182;ROMAN NUMERAL TEN THOUSAND;Nl;0;L;;;;10000;N;;;;;
+2183;ROMAN NUMERAL REVERSED ONE HUNDRED;Nl;0;L;;;;;N;;;;;
+2190;LEFTWARDS ARROW;Sm;0;ON;;;;;N;LEFT ARROW;;;;
+2191;UPWARDS ARROW;Sm;0;ON;;;;;N;UP ARROW;;;;
+2192;RIGHTWARDS ARROW;Sm;0;ON;;;;;N;RIGHT ARROW;;;;
+2193;DOWNWARDS ARROW;Sm;0;ON;;;;;N;DOWN ARROW;;;;
+2194;LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;;
+2195;UP DOWN ARROW;So;0;ON;;;;;N;;;;;
+2196;NORTH WEST ARROW;So;0;ON;;;;;N;UPPER LEFT ARROW;;;;
+2197;NORTH EAST ARROW;So;0;ON;;;;;N;UPPER RIGHT ARROW;;;;
+2198;SOUTH EAST ARROW;So;0;ON;;;;;N;LOWER RIGHT ARROW;;;;
+2199;SOUTH WEST ARROW;So;0;ON;;;;;N;LOWER LEFT ARROW;;;;
+219A;LEFTWARDS ARROW WITH STROKE;Sm;0;ON;2190 0338;;;;N;LEFT ARROW WITH STROKE;;;;
+219B;RIGHTWARDS ARROW WITH STROKE;Sm;0;ON;2192 0338;;;;N;RIGHT ARROW WITH STROKE;;;;
+219C;LEFTWARDS WAVE ARROW;So;0;ON;;;;;N;LEFT WAVE ARROW;;;;
+219D;RIGHTWARDS WAVE ARROW;So;0;ON;;;;;N;RIGHT WAVE ARROW;;;;
+219E;LEFTWARDS TWO HEADED ARROW;So;0;ON;;;;;N;LEFT TWO HEADED ARROW;;;;
+219F;UPWARDS TWO HEADED ARROW;So;0;ON;;;;;N;UP TWO HEADED ARROW;;;;
+21A0;RIGHTWARDS TWO HEADED ARROW;Sm;0;ON;;;;;N;RIGHT TWO HEADED ARROW;;;;
+21A1;DOWNWARDS TWO HEADED ARROW;So;0;ON;;;;;N;DOWN TWO HEADED ARROW;;;;
+21A2;LEFTWARDS ARROW WITH TAIL;So;0;ON;;;;;N;LEFT ARROW WITH TAIL;;;;
+21A3;RIGHTWARDS ARROW WITH TAIL;Sm;0;ON;;;;;N;RIGHT ARROW WITH TAIL;;;;
+21A4;LEFTWARDS ARROW FROM BAR;So;0;ON;;;;;N;LEFT ARROW FROM BAR;;;;
+21A5;UPWARDS ARROW FROM BAR;So;0;ON;;;;;N;UP ARROW FROM BAR;;;;
+21A6;RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;RIGHT ARROW FROM BAR;;;;
+21A7;DOWNWARDS ARROW FROM BAR;So;0;ON;;;;;N;DOWN ARROW FROM BAR;;;;
+21A8;UP DOWN ARROW WITH BASE;So;0;ON;;;;;N;;;;;
+21A9;LEFTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;LEFT ARROW WITH HOOK;;;;
+21AA;RIGHTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;RIGHT ARROW WITH HOOK;;;;
+21AB;LEFTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;LEFT ARROW WITH LOOP;;;;
+21AC;RIGHTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;RIGHT ARROW WITH LOOP;;;;
+21AD;LEFT RIGHT WAVE ARROW;So;0;ON;;;;;N;;;;;
+21AE;LEFT RIGHT ARROW WITH STROKE;Sm;0;ON;2194 0338;;;;N;;;;;
+21AF;DOWNWARDS ZIGZAG ARROW;So;0;ON;;;;;N;DOWN ZIGZAG ARROW;;;;
+21B0;UPWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP LEFT;;;;
+21B1;UPWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP RIGHT;;;;
+21B2;DOWNWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP LEFT;;;;
+21B3;DOWNWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP RIGHT;;;;
+21B4;RIGHTWARDS ARROW WITH CORNER DOWNWARDS;So;0;ON;;;;;N;RIGHT ARROW WITH CORNER DOWN;;;;
+21B5;DOWNWARDS ARROW WITH CORNER LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH CORNER LEFT;;;;
+21B6;ANTICLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21B7;CLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21B8;NORTH WEST ARROW TO LONG BAR;So;0;ON;;;;;N;UPPER LEFT ARROW TO LONG BAR;;;;
+21B9;LEFTWARDS ARROW TO BAR OVER RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR OVER RIGHT ARROW TO BAR;;;;
+21BA;ANTICLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21BB;CLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;;
+21BC;LEFTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB UP;;;;
+21BD;LEFTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB DOWN;;;;
+21BE;UPWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB RIGHT;;;;
+21BF;UPWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB LEFT;;;;
+21C0;RIGHTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB UP;;;;
+21C1;RIGHTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB DOWN;;;;
+21C2;DOWNWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB RIGHT;;;;
+21C3;DOWNWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB LEFT;;;;
+21C4;RIGHTWARDS ARROW OVER LEFTWARDS ARROW;So;0;ON;;;;;N;RIGHT ARROW OVER LEFT ARROW;;;;
+21C5;UPWARDS ARROW LEFTWARDS OF DOWNWARDS ARROW;So;0;ON;;;;;N;UP ARROW LEFT OF DOWN ARROW;;;;
+21C6;LEFTWARDS ARROW OVER RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT ARROW OVER RIGHT ARROW;;;;
+21C7;LEFTWARDS PAIRED ARROWS;So;0;ON;;;;;N;LEFT PAIRED ARROWS;;;;
+21C8;UPWARDS PAIRED ARROWS;So;0;ON;;;;;N;UP PAIRED ARROWS;;;;
+21C9;RIGHTWARDS PAIRED ARROWS;So;0;ON;;;;;N;RIGHT PAIRED ARROWS;;;;
+21CA;DOWNWARDS PAIRED ARROWS;So;0;ON;;;;;N;DOWN PAIRED ARROWS;;;;
+21CB;LEFTWARDS HARPOON OVER RIGHTWARDS HARPOON;So;0;ON;;;;;N;LEFT HARPOON OVER RIGHT HARPOON;;;;
+21CC;RIGHTWARDS HARPOON OVER LEFTWARDS HARPOON;So;0;ON;;;;;N;RIGHT HARPOON OVER LEFT HARPOON;;;;
+21CD;LEFTWARDS DOUBLE ARROW WITH STROKE;So;0;ON;21D0 0338;;;;N;LEFT DOUBLE ARROW WITH STROKE;;;;
+21CE;LEFT RIGHT DOUBLE ARROW WITH STROKE;Sm;0;ON;21D4 0338;;;;N;;;;;
+21CF;RIGHTWARDS DOUBLE ARROW WITH STROKE;Sm;0;ON;21D2 0338;;;;N;RIGHT DOUBLE ARROW WITH STROKE;;;;
+21D0;LEFTWARDS DOUBLE ARROW;So;0;ON;;;;;N;LEFT DOUBLE ARROW;;;;
+21D1;UPWARDS DOUBLE ARROW;So;0;ON;;;;;N;UP DOUBLE ARROW;;;;
+21D2;RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;RIGHT DOUBLE ARROW;;;;
+21D3;DOWNWARDS DOUBLE ARROW;So;0;ON;;;;;N;DOWN DOUBLE ARROW;;;;
+21D4;LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+21D5;UP DOWN DOUBLE ARROW;So;0;ON;;;;;N;;;;;
+21D6;NORTH WEST DOUBLE ARROW;So;0;ON;;;;;N;UPPER LEFT DOUBLE ARROW;;;;
+21D7;NORTH EAST DOUBLE ARROW;So;0;ON;;;;;N;UPPER RIGHT DOUBLE ARROW;;;;
+21D8;SOUTH EAST DOUBLE ARROW;So;0;ON;;;;;N;LOWER RIGHT DOUBLE ARROW;;;;
+21D9;SOUTH WEST DOUBLE ARROW;So;0;ON;;;;;N;LOWER LEFT DOUBLE ARROW;;;;
+21DA;LEFTWARDS TRIPLE ARROW;So;0;ON;;;;;N;LEFT TRIPLE ARROW;;;;
+21DB;RIGHTWARDS TRIPLE ARROW;So;0;ON;;;;;N;RIGHT TRIPLE ARROW;;;;
+21DC;LEFTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;LEFT SQUIGGLE ARROW;;;;
+21DD;RIGHTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;RIGHT SQUIGGLE ARROW;;;;
+21DE;UPWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;UP ARROW WITH DOUBLE STROKE;;;;
+21DF;DOWNWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;DOWN ARROW WITH DOUBLE STROKE;;;;
+21E0;LEFTWARDS DASHED ARROW;So;0;ON;;;;;N;LEFT DASHED ARROW;;;;
+21E1;UPWARDS DASHED ARROW;So;0;ON;;;;;N;UP DASHED ARROW;;;;
+21E2;RIGHTWARDS DASHED ARROW;So;0;ON;;;;;N;RIGHT DASHED ARROW;;;;
+21E3;DOWNWARDS DASHED ARROW;So;0;ON;;;;;N;DOWN DASHED ARROW;;;;
+21E4;LEFTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR;;;;
+21E5;RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;RIGHT ARROW TO BAR;;;;
+21E6;LEFTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE LEFT ARROW;;;;
+21E7;UPWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE UP ARROW;;;;
+21E8;RIGHTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE RIGHT ARROW;;;;
+21E9;DOWNWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE DOWN ARROW;;;;
+21EA;UPWARDS WHITE ARROW FROM BAR;So;0;ON;;;;;N;WHITE UP ARROW FROM BAR;;;;
+21EB;UPWARDS WHITE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;;
+21EC;UPWARDS WHITE ARROW ON PEDESTAL WITH HORIZONTAL BAR;So;0;ON;;;;;N;;;;;
+21ED;UPWARDS WHITE ARROW ON PEDESTAL WITH VERTICAL BAR;So;0;ON;;;;;N;;;;;
+21EE;UPWARDS WHITE DOUBLE ARROW;So;0;ON;;;;;N;;;;;
+21EF;UPWARDS WHITE DOUBLE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;;
+21F0;RIGHTWARDS WHITE ARROW FROM WALL;So;0;ON;;;;;N;;;;;
+21F1;NORTH WEST ARROW TO CORNER;So;0;ON;;;;;N;;;;;
+21F2;SOUTH EAST ARROW TO CORNER;So;0;ON;;;;;N;;;;;
+21F3;UP DOWN WHITE ARROW;So;0;ON;;;;;N;;;;;
+21F4;RIGHT ARROW WITH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+21F5;DOWNWARDS ARROW LEFTWARDS OF UPWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+21F6;THREE RIGHTWARDS ARROWS;Sm;0;ON;;;;;N;;;;;
+21F7;LEFTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21F8;RIGHTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21F9;LEFT RIGHT ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FA;LEFTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FB;RIGHTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FC;LEFT RIGHT ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+21FD;LEFTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;;
+21FE;RIGHTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;;
+21FF;LEFT RIGHT OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;;
+2200;FOR ALL;Sm;0;ON;;;;;N;;;;;
+2201;COMPLEMENT;Sm;0;ON;;;;;Y;;;;;
+2202;PARTIAL DIFFERENTIAL;Sm;0;ON;;;;;Y;;;;;
+2203;THERE EXISTS;Sm;0;ON;;;;;Y;;;;;
+2204;THERE DOES NOT EXIST;Sm;0;ON;2203 0338;;;;Y;;;;;
+2205;EMPTY SET;Sm;0;ON;;;;;N;;;;;
+2206;INCREMENT;Sm;0;ON;;;;;N;;;;;
+2207;NABLA;Sm;0;ON;;;;;N;;;;;
+2208;ELEMENT OF;Sm;0;ON;;;;;Y;;;;;
+2209;NOT AN ELEMENT OF;Sm;0;ON;2208 0338;;;;Y;;;;;
+220A;SMALL ELEMENT OF;Sm;0;ON;;;;;Y;;;;;
+220B;CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;;
+220C;DOES NOT CONTAIN AS MEMBER;Sm;0;ON;220B 0338;;;;Y;;;;;
+220D;SMALL CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;;
+220E;END OF PROOF;Sm;0;ON;;;;;N;;;;;
+220F;N-ARY PRODUCT;Sm;0;ON;;;;;N;;;;;
+2210;N-ARY COPRODUCT;Sm;0;ON;;;;;N;;;;;
+2211;N-ARY SUMMATION;Sm;0;ON;;;;;Y;;;;;
+2212;MINUS SIGN;Sm;0;ET;;;;;N;;;;;
+2213;MINUS-OR-PLUS SIGN;Sm;0;ET;;;;;N;;;;;
+2214;DOT PLUS;Sm;0;ON;;;;;N;;;;;
+2215;DIVISION SLASH;Sm;0;ON;;;;;Y;;;;;
+2216;SET MINUS;Sm;0;ON;;;;;Y;;;;;
+2217;ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;;
+2218;RING OPERATOR;Sm;0;ON;;;;;N;;;;;
+2219;BULLET OPERATOR;Sm;0;ON;;;;;N;;;;;
+221A;SQUARE ROOT;Sm;0;ON;;;;;Y;;;;;
+221B;CUBE ROOT;Sm;0;ON;;;;;Y;;;;;
+221C;FOURTH ROOT;Sm;0;ON;;;;;Y;;;;;
+221D;PROPORTIONAL TO;Sm;0;ON;;;;;Y;;;;;
+221E;INFINITY;Sm;0;ON;;;;;N;;;;;
+221F;RIGHT ANGLE;Sm;0;ON;;;;;Y;;;;;
+2220;ANGLE;Sm;0;ON;;;;;Y;;;;;
+2221;MEASURED ANGLE;Sm;0;ON;;;;;Y;;;;;
+2222;SPHERICAL ANGLE;Sm;0;ON;;;;;Y;;;;;
+2223;DIVIDES;Sm;0;ON;;;;;N;;;;;
+2224;DOES NOT DIVIDE;Sm;0;ON;2223 0338;;;;Y;;;;;
+2225;PARALLEL TO;Sm;0;ON;;;;;N;;;;;
+2226;NOT PARALLEL TO;Sm;0;ON;2225 0338;;;;Y;;;;;
+2227;LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2228;LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2229;INTERSECTION;Sm;0;ON;;;;;N;;;;;
+222A;UNION;Sm;0;ON;;;;;N;;;;;
+222B;INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+222C;DOUBLE INTEGRAL;Sm;0;ON;<compat> 222B 222B;;;;Y;;;;;
+222D;TRIPLE INTEGRAL;Sm;0;ON;<compat> 222B 222B 222B;;;;Y;;;;;
+222E;CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+222F;SURFACE INTEGRAL;Sm;0;ON;<compat> 222E 222E;;;;Y;;;;;
+2230;VOLUME INTEGRAL;Sm;0;ON;<compat> 222E 222E 222E;;;;Y;;;;;
+2231;CLOCKWISE INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2232;CLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2233;ANTICLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2234;THEREFORE;Sm;0;ON;;;;;N;;;;;
+2235;BECAUSE;Sm;0;ON;;;;;N;;;;;
+2236;RATIO;Sm;0;ON;;;;;N;;;;;
+2237;PROPORTION;Sm;0;ON;;;;;N;;;;;
+2238;DOT MINUS;Sm;0;ON;;;;;N;;;;;
+2239;EXCESS;Sm;0;ON;;;;;Y;;;;;
+223A;GEOMETRIC PROPORTION;Sm;0;ON;;;;;N;;;;;
+223B;HOMOTHETIC;Sm;0;ON;;;;;Y;;;;;
+223C;TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+223D;REVERSED TILDE;Sm;0;ON;;;;;Y;;lazy S;;;
+223E;INVERTED LAZY S;Sm;0;ON;;;;;Y;;;;;
+223F;SINE WAVE;Sm;0;ON;;;;;Y;;;;;
+2240;WREATH PRODUCT;Sm;0;ON;;;;;Y;;;;;
+2241;NOT TILDE;Sm;0;ON;223C 0338;;;;Y;;;;;
+2242;MINUS TILDE;Sm;0;ON;;;;;Y;;;;;
+2243;ASYMPTOTICALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2244;NOT ASYMPTOTICALLY EQUAL TO;Sm;0;ON;2243 0338;;;;Y;;;;;
+2245;APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2246;APPROXIMATELY BUT NOT ACTUALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2247;NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO;Sm;0;ON;2245 0338;;;;Y;;;;;
+2248;ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2249;NOT ALMOST EQUAL TO;Sm;0;ON;2248 0338;;;;Y;;;;;
+224A;ALMOST EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+224B;TRIPLE TILDE;Sm;0;ON;;;;;Y;;;;;
+224C;ALL EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+224D;EQUIVALENT TO;Sm;0;ON;;;;;N;;;;;
+224E;GEOMETRICALLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;;
+224F;DIFFERENCE BETWEEN;Sm;0;ON;;;;;N;;;;;
+2250;APPROACHES THE LIMIT;Sm;0;ON;;;;;N;;;;;
+2251;GEOMETRICALLY EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2252;APPROXIMATELY EQUAL TO OR THE IMAGE OF;Sm;0;ON;;;;;Y;;;;;
+2253;IMAGE OF OR APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2254;COLON EQUALS;Sm;0;ON;;;;;Y;COLON EQUAL;;;;
+2255;EQUALS COLON;Sm;0;ON;;;;;Y;EQUAL COLON;;;;
+2256;RING IN EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2257;RING EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2258;CORRESPONDS TO;Sm;0;ON;;;;;N;;;;;
+2259;ESTIMATES;Sm;0;ON;;;;;N;;;;;
+225A;EQUIANGULAR TO;Sm;0;ON;;;;;N;;;;;
+225B;STAR EQUALS;Sm;0;ON;;;;;N;;;;;
+225C;DELTA EQUAL TO;Sm;0;ON;;;;;N;;;;;
+225D;EQUAL TO BY DEFINITION;Sm;0;ON;;;;;N;;;;;
+225E;MEASURED BY;Sm;0;ON;;;;;N;;;;;
+225F;QUESTIONED EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2260;NOT EQUAL TO;Sm;0;ON;003D 0338;;;;Y;;;;;
+2261;IDENTICAL TO;Sm;0;ON;;;;;N;;;;;
+2262;NOT IDENTICAL TO;Sm;0;ON;2261 0338;;;;Y;;;;;
+2263;STRICTLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;;
+2264;LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUAL TO;;;;
+2265;GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUAL TO;;;;
+2266;LESS-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OVER EQUAL TO;;;;
+2267;GREATER-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OVER EQUAL TO;;;;
+2268;LESS-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUAL TO;;;;
+2269;GREATER-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUAL TO;;;;
+226A;MUCH LESS-THAN;Sm;0;ON;;;;;Y;MUCH LESS THAN;;;;
+226B;MUCH GREATER-THAN;Sm;0;ON;;;;;Y;MUCH GREATER THAN;;;;
+226C;BETWEEN;Sm;0;ON;;;;;N;;;;;
+226D;NOT EQUIVALENT TO;Sm;0;ON;224D 0338;;;;N;;;;;
+226E;NOT LESS-THAN;Sm;0;ON;003C 0338;;;;Y;NOT LESS THAN;;;;
+226F;NOT GREATER-THAN;Sm;0;ON;003E 0338;;;;Y;NOT GREATER THAN;;;;
+2270;NEITHER LESS-THAN NOR EQUAL TO;Sm;0;ON;2264 0338;;;;Y;NEITHER LESS THAN NOR EQUAL TO;;;;
+2271;NEITHER GREATER-THAN NOR EQUAL TO;Sm;0;ON;2265 0338;;;;Y;NEITHER GREATER THAN NOR EQUAL TO;;;;
+2272;LESS-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUIVALENT TO;;;;
+2273;GREATER-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUIVALENT TO;;;;
+2274;NEITHER LESS-THAN NOR EQUIVALENT TO;Sm;0;ON;2272 0338;;;;Y;NEITHER LESS THAN NOR EQUIVALENT TO;;;;
+2275;NEITHER GREATER-THAN NOR EQUIVALENT TO;Sm;0;ON;2273 0338;;;;Y;NEITHER GREATER THAN NOR EQUIVALENT TO;;;;
+2276;LESS-THAN OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN OR GREATER THAN;;;;
+2277;GREATER-THAN OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN OR LESS THAN;;;;
+2278;NEITHER LESS-THAN NOR GREATER-THAN;Sm;0;ON;2276 0338;;;;Y;NEITHER LESS THAN NOR GREATER THAN;;;;
+2279;NEITHER GREATER-THAN NOR LESS-THAN;Sm;0;ON;2277 0338;;;;Y;NEITHER GREATER THAN NOR LESS THAN;;;;
+227A;PRECEDES;Sm;0;ON;;;;;Y;;;;;
+227B;SUCCEEDS;Sm;0;ON;;;;;Y;;;;;
+227C;PRECEDES OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+227D;SUCCEEDS OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+227E;PRECEDES OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+227F;SUCCEEDS OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+2280;DOES NOT PRECEDE;Sm;0;ON;227A 0338;;;;Y;;;;;
+2281;DOES NOT SUCCEED;Sm;0;ON;227B 0338;;;;Y;;;;;
+2282;SUBSET OF;Sm;0;ON;;;;;Y;;;;;
+2283;SUPERSET OF;Sm;0;ON;;;;;Y;;;;;
+2284;NOT A SUBSET OF;Sm;0;ON;2282 0338;;;;Y;;;;;
+2285;NOT A SUPERSET OF;Sm;0;ON;2283 0338;;;;Y;;;;;
+2286;SUBSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2287;SUPERSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2288;NEITHER A SUBSET OF NOR EQUAL TO;Sm;0;ON;2286 0338;;;;Y;;;;;
+2289;NEITHER A SUPERSET OF NOR EQUAL TO;Sm;0;ON;2287 0338;;;;Y;;;;;
+228A;SUBSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUBSET OF OR NOT EQUAL TO;;;;
+228B;SUPERSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUPERSET OF OR NOT EQUAL TO;;;;
+228C;MULTISET;Sm;0;ON;;;;;Y;;;;;
+228D;MULTISET MULTIPLICATION;Sm;0;ON;;;;;N;;;;;
+228E;MULTISET UNION;Sm;0;ON;;;;;N;;;;;
+228F;SQUARE IMAGE OF;Sm;0;ON;;;;;Y;;;;;
+2290;SQUARE ORIGINAL OF;Sm;0;ON;;;;;Y;;;;;
+2291;SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2292;SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2293;SQUARE CAP;Sm;0;ON;;;;;N;;;;;
+2294;SQUARE CUP;Sm;0;ON;;;;;N;;;;;
+2295;CIRCLED PLUS;Sm;0;ON;;;;;N;;;;;
+2296;CIRCLED MINUS;Sm;0;ON;;;;;N;;;;;
+2297;CIRCLED TIMES;Sm;0;ON;;;;;N;;;;;
+2298;CIRCLED DIVISION SLASH;Sm;0;ON;;;;;Y;;;;;
+2299;CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+229A;CIRCLED RING OPERATOR;Sm;0;ON;;;;;N;;;;;
+229B;CIRCLED ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;;
+229C;CIRCLED EQUALS;Sm;0;ON;;;;;N;;;;;
+229D;CIRCLED DASH;Sm;0;ON;;;;;N;;;;;
+229E;SQUARED PLUS;Sm;0;ON;;;;;N;;;;;
+229F;SQUARED MINUS;Sm;0;ON;;;;;N;;;;;
+22A0;SQUARED TIMES;Sm;0;ON;;;;;N;;;;;
+22A1;SQUARED DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+22A2;RIGHT TACK;Sm;0;ON;;;;;Y;;;;;
+22A3;LEFT TACK;Sm;0;ON;;;;;Y;;;;;
+22A4;DOWN TACK;Sm;0;ON;;;;;N;;;;;
+22A5;UP TACK;Sm;0;ON;;;;;N;;;;;
+22A6;ASSERTION;Sm;0;ON;;;;;Y;;;;;
+22A7;MODELS;Sm;0;ON;;;;;Y;;;;;
+22A8;TRUE;Sm;0;ON;;;;;Y;;;;;
+22A9;FORCES;Sm;0;ON;;;;;Y;;;;;
+22AA;TRIPLE VERTICAL BAR RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+22AB;DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+22AC;DOES NOT PROVE;Sm;0;ON;22A2 0338;;;;Y;;;;;
+22AD;NOT TRUE;Sm;0;ON;22A8 0338;;;;Y;;;;;
+22AE;DOES NOT FORCE;Sm;0;ON;22A9 0338;;;;Y;;;;;
+22AF;NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;22AB 0338;;;;Y;;;;;
+22B0;PRECEDES UNDER RELATION;Sm;0;ON;;;;;Y;;;;;
+22B1;SUCCEEDS UNDER RELATION;Sm;0;ON;;;;;Y;;;;;
+22B2;NORMAL SUBGROUP OF;Sm;0;ON;;;;;Y;;;;;
+22B3;CONTAINS AS NORMAL SUBGROUP;Sm;0;ON;;;;;Y;;;;;
+22B4;NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22B5;CONTAINS AS NORMAL SUBGROUP OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22B6;ORIGINAL OF;Sm;0;ON;;;;;Y;;;;;
+22B7;IMAGE OF;Sm;0;ON;;;;;Y;;;;;
+22B8;MULTIMAP;Sm;0;ON;;;;;Y;;;;;
+22B9;HERMITIAN CONJUGATE MATRIX;Sm;0;ON;;;;;N;;;;;
+22BA;INTERCALATE;Sm;0;ON;;;;;N;;;;;
+22BB;XOR;Sm;0;ON;;;;;N;;;;;
+22BC;NAND;Sm;0;ON;;;;;N;;;;;
+22BD;NOR;Sm;0;ON;;;;;N;;;;;
+22BE;RIGHT ANGLE WITH ARC;Sm;0;ON;;;;;Y;;;;;
+22BF;RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;;
+22C0;N-ARY LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+22C1;N-ARY LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+22C2;N-ARY INTERSECTION;Sm;0;ON;;;;;N;;;;;
+22C3;N-ARY UNION;Sm;0;ON;;;;;N;;;;;
+22C4;DIAMOND OPERATOR;Sm;0;ON;;;;;N;;;;;
+22C5;DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+22C6;STAR OPERATOR;Sm;0;ON;;;;;N;;;;;
+22C7;DIVISION TIMES;Sm;0;ON;;;;;N;;;;;
+22C8;BOWTIE;Sm;0;ON;;;;;N;;;;;
+22C9;LEFT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CA;RIGHT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CB;LEFT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CC;RIGHT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;;
+22CD;REVERSED TILDE EQUALS;Sm;0;ON;;;;;Y;;;;;
+22CE;CURLY LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+22CF;CURLY LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+22D0;DOUBLE SUBSET;Sm;0;ON;;;;;Y;;;;;
+22D1;DOUBLE SUPERSET;Sm;0;ON;;;;;Y;;;;;
+22D2;DOUBLE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+22D3;DOUBLE UNION;Sm;0;ON;;;;;N;;;;;
+22D4;PITCHFORK;Sm;0;ON;;;;;N;;;;;
+22D5;EQUAL AND PARALLEL TO;Sm;0;ON;;;;;N;;;;;
+22D6;LESS-THAN WITH DOT;Sm;0;ON;;;;;Y;LESS THAN WITH DOT;;;;
+22D7;GREATER-THAN WITH DOT;Sm;0;ON;;;;;Y;GREATER THAN WITH DOT;;;;
+22D8;VERY MUCH LESS-THAN;Sm;0;ON;;;;;Y;VERY MUCH LESS THAN;;;;
+22D9;VERY MUCH GREATER-THAN;Sm;0;ON;;;;;Y;VERY MUCH GREATER THAN;;;;
+22DA;LESS-THAN EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN EQUAL TO OR GREATER THAN;;;;
+22DB;GREATER-THAN EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN EQUAL TO OR LESS THAN;;;;
+22DC;EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR LESS THAN;;;;
+22DD;EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR GREATER THAN;;;;
+22DE;EQUAL TO OR PRECEDES;Sm;0;ON;;;;;Y;;;;;
+22DF;EQUAL TO OR SUCCEEDS;Sm;0;ON;;;;;Y;;;;;
+22E0;DOES NOT PRECEDE OR EQUAL;Sm;0;ON;227C 0338;;;;Y;;;;;
+22E1;DOES NOT SUCCEED OR EQUAL;Sm;0;ON;227D 0338;;;;Y;;;;;
+22E2;NOT SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;2291 0338;;;;Y;;;;;
+22E3;NOT SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;2292 0338;;;;Y;;;;;
+22E4;SQUARE IMAGE OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22E5;SQUARE ORIGINAL OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+22E6;LESS-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUIVALENT TO;;;;
+22E7;GREATER-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUIVALENT TO;;;;
+22E8;PRECEDES BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+22E9;SUCCEEDS BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;;
+22EA;NOT NORMAL SUBGROUP OF;Sm;0;ON;22B2 0338;;;;Y;;;;;
+22EB;DOES NOT CONTAIN AS NORMAL SUBGROUP;Sm;0;ON;22B3 0338;;;;Y;;;;;
+22EC;NOT NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;22B4 0338;;;;Y;;;;;
+22ED;DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL;Sm;0;ON;22B5 0338;;;;Y;;;;;
+22EE;VERTICAL ELLIPSIS;Sm;0;ON;;;;;N;;;;;
+22EF;MIDLINE HORIZONTAL ELLIPSIS;Sm;0;ON;;;;;N;;;;;
+22F0;UP RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;;
+22F1;DOWN RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;;
+22F2;ELEMENT OF WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22F3;ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22F4;SMALL ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22F5;ELEMENT OF WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+22F6;ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22F7;SMALL ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22F8;ELEMENT OF WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+22F9;ELEMENT OF WITH TWO HORIZONTAL STROKES;Sm;0;ON;;;;;Y;;;;;
+22FA;CONTAINS WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22FB;CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22FC;SMALL CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+22FD;CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22FE;SMALL CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+22FF;Z NOTATION BAG MEMBERSHIP;Sm;0;ON;;;;;Y;;;;;
+2300;DIAMETER SIGN;So;0;ON;;;;;N;;;;;
+2301;ELECTRIC ARROW;So;0;ON;;;;;N;;;;;
+2302;HOUSE;So;0;ON;;;;;N;;;;;
+2303;UP ARROWHEAD;So;0;ON;;;;;N;;;;;
+2304;DOWN ARROWHEAD;So;0;ON;;;;;N;;;;;
+2305;PROJECTIVE;So;0;ON;;;;;N;;;;;
+2306;PERSPECTIVE;So;0;ON;;;;;N;;;;;
+2307;WAVY LINE;So;0;ON;;;;;N;;;;;
+2308;LEFT CEILING;Sm;0;ON;;;;;Y;;;;;
+2309;RIGHT CEILING;Sm;0;ON;;;;;Y;;;;;
+230A;LEFT FLOOR;Sm;0;ON;;;;;Y;;;;;
+230B;RIGHT FLOOR;Sm;0;ON;;;;;Y;;;;;
+230C;BOTTOM RIGHT CROP;So;0;ON;;;;;N;;;;;
+230D;BOTTOM LEFT CROP;So;0;ON;;;;;N;;;;;
+230E;TOP RIGHT CROP;So;0;ON;;;;;N;;;;;
+230F;TOP LEFT CROP;So;0;ON;;;;;N;;;;;
+2310;REVERSED NOT SIGN;So;0;ON;;;;;N;;;;;
+2311;SQUARE LOZENGE;So;0;ON;;;;;N;;;;;
+2312;ARC;So;0;ON;;;;;N;;;;;
+2313;SEGMENT;So;0;ON;;;;;N;;;;;
+2314;SECTOR;So;0;ON;;;;;N;;;;;
+2315;TELEPHONE RECORDER;So;0;ON;;;;;N;;;;;
+2316;POSITION INDICATOR;So;0;ON;;;;;N;;;;;
+2317;VIEWDATA SQUARE;So;0;ON;;;;;N;;;;;
+2318;PLACE OF INTEREST SIGN;So;0;ON;;;;;N;COMMAND KEY;;;;
+2319;TURNED NOT SIGN;So;0;ON;;;;;N;;;;;
+231A;WATCH;So;0;ON;;;;;N;;;;;
+231B;HOURGLASS;So;0;ON;;;;;N;;;;;
+231C;TOP LEFT CORNER;So;0;ON;;;;;N;;;;;
+231D;TOP RIGHT CORNER;So;0;ON;;;;;N;;;;;
+231E;BOTTOM LEFT CORNER;So;0;ON;;;;;N;;;;;
+231F;BOTTOM RIGHT CORNER;So;0;ON;;;;;N;;;;;
+2320;TOP HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2321;BOTTOM HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2322;FROWN;So;0;ON;;;;;N;;;;;
+2323;SMILE;So;0;ON;;;;;N;;;;;
+2324;UP ARROWHEAD BETWEEN TWO HORIZONTAL BARS;So;0;ON;;;;;N;ENTER KEY;;;;
+2325;OPTION KEY;So;0;ON;;;;;N;;;;;
+2326;ERASE TO THE RIGHT;So;0;ON;;;;;N;DELETE TO THE RIGHT KEY;;;;
+2327;X IN A RECTANGLE BOX;So;0;ON;;;;;N;CLEAR KEY;;;;
+2328;KEYBOARD;So;0;ON;;;;;N;;;;;
+2329;LEFT-POINTING ANGLE BRACKET;Ps;0;ON;3008;;;;Y;BRA;;;;
+232A;RIGHT-POINTING ANGLE BRACKET;Pe;0;ON;3009;;;;Y;KET;;;;
+232B;ERASE TO THE LEFT;So;0;ON;;;;;N;DELETE TO THE LEFT KEY;;;;
+232C;BENZENE RING;So;0;ON;;;;;N;;;;;
+232D;CYLINDRICITY;So;0;ON;;;;;N;;;;;
+232E;ALL AROUND-PROFILE;So;0;ON;;;;;N;;;;;
+232F;SYMMETRY;So;0;ON;;;;;N;;;;;
+2330;TOTAL RUNOUT;So;0;ON;;;;;N;;;;;
+2331;DIMENSION ORIGIN;So;0;ON;;;;;N;;;;;
+2332;CONICAL TAPER;So;0;ON;;;;;N;;;;;
+2333;SLOPE;So;0;ON;;;;;N;;;;;
+2334;COUNTERBORE;So;0;ON;;;;;N;;;;;
+2335;COUNTERSINK;So;0;ON;;;;;N;;;;;
+2336;APL FUNCTIONAL SYMBOL I-BEAM;So;0;L;;;;;N;;;;;
+2337;APL FUNCTIONAL SYMBOL SQUISH QUAD;So;0;L;;;;;N;;;;;
+2338;APL FUNCTIONAL SYMBOL QUAD EQUAL;So;0;L;;;;;N;;;;;
+2339;APL FUNCTIONAL SYMBOL QUAD DIVIDE;So;0;L;;;;;N;;;;;
+233A;APL FUNCTIONAL SYMBOL QUAD DIAMOND;So;0;L;;;;;N;;;;;
+233B;APL FUNCTIONAL SYMBOL QUAD JOT;So;0;L;;;;;N;;;;;
+233C;APL FUNCTIONAL SYMBOL QUAD CIRCLE;So;0;L;;;;;N;;;;;
+233D;APL FUNCTIONAL SYMBOL CIRCLE STILE;So;0;L;;;;;N;;;;;
+233E;APL FUNCTIONAL SYMBOL CIRCLE JOT;So;0;L;;;;;N;;;;;
+233F;APL FUNCTIONAL SYMBOL SLASH BAR;So;0;L;;;;;N;;;;;
+2340;APL FUNCTIONAL SYMBOL BACKSLASH BAR;So;0;L;;;;;N;;;;;
+2341;APL FUNCTIONAL SYMBOL QUAD SLASH;So;0;L;;;;;N;;;;;
+2342;APL FUNCTIONAL SYMBOL QUAD BACKSLASH;So;0;L;;;;;N;;;;;
+2343;APL FUNCTIONAL SYMBOL QUAD LESS-THAN;So;0;L;;;;;N;;;;;
+2344;APL FUNCTIONAL SYMBOL QUAD GREATER-THAN;So;0;L;;;;;N;;;;;
+2345;APL FUNCTIONAL SYMBOL LEFTWARDS VANE;So;0;L;;;;;N;;;;;
+2346;APL FUNCTIONAL SYMBOL RIGHTWARDS VANE;So;0;L;;;;;N;;;;;
+2347;APL FUNCTIONAL SYMBOL QUAD LEFTWARDS ARROW;So;0;L;;;;;N;;;;;
+2348;APL FUNCTIONAL SYMBOL QUAD RIGHTWARDS ARROW;So;0;L;;;;;N;;;;;
+2349;APL FUNCTIONAL SYMBOL CIRCLE BACKSLASH;So;0;L;;;;;N;;;;;
+234A;APL FUNCTIONAL SYMBOL DOWN TACK UNDERBAR;So;0;L;;;;;N;;*;;;
+234B;APL FUNCTIONAL SYMBOL DELTA STILE;So;0;L;;;;;N;;;;;
+234C;APL FUNCTIONAL SYMBOL QUAD DOWN CARET;So;0;L;;;;;N;;;;;
+234D;APL FUNCTIONAL SYMBOL QUAD DELTA;So;0;L;;;;;N;;;;;
+234E;APL FUNCTIONAL SYMBOL DOWN TACK JOT;So;0;L;;;;;N;;*;;;
+234F;APL FUNCTIONAL SYMBOL UPWARDS VANE;So;0;L;;;;;N;;;;;
+2350;APL FUNCTIONAL SYMBOL QUAD UPWARDS ARROW;So;0;L;;;;;N;;;;;
+2351;APL FUNCTIONAL SYMBOL UP TACK OVERBAR;So;0;L;;;;;N;;*;;;
+2352;APL FUNCTIONAL SYMBOL DEL STILE;So;0;L;;;;;N;;;;;
+2353;APL FUNCTIONAL SYMBOL QUAD UP CARET;So;0;L;;;;;N;;;;;
+2354;APL FUNCTIONAL SYMBOL QUAD DEL;So;0;L;;;;;N;;;;;
+2355;APL FUNCTIONAL SYMBOL UP TACK JOT;So;0;L;;;;;N;;*;;;
+2356;APL FUNCTIONAL SYMBOL DOWNWARDS VANE;So;0;L;;;;;N;;;;;
+2357;APL FUNCTIONAL SYMBOL QUAD DOWNWARDS ARROW;So;0;L;;;;;N;;;;;
+2358;APL FUNCTIONAL SYMBOL QUOTE UNDERBAR;So;0;L;;;;;N;;;;;
+2359;APL FUNCTIONAL SYMBOL DELTA UNDERBAR;So;0;L;;;;;N;;;;;
+235A;APL FUNCTIONAL SYMBOL DIAMOND UNDERBAR;So;0;L;;;;;N;;;;;
+235B;APL FUNCTIONAL SYMBOL JOT UNDERBAR;So;0;L;;;;;N;;;;;
+235C;APL FUNCTIONAL SYMBOL CIRCLE UNDERBAR;So;0;L;;;;;N;;;;;
+235D;APL FUNCTIONAL SYMBOL UP SHOE JOT;So;0;L;;;;;N;;;;;
+235E;APL FUNCTIONAL SYMBOL QUOTE QUAD;So;0;L;;;;;N;;;;;
+235F;APL FUNCTIONAL SYMBOL CIRCLE STAR;So;0;L;;;;;N;;;;;
+2360;APL FUNCTIONAL SYMBOL QUAD COLON;So;0;L;;;;;N;;;;;
+2361;APL FUNCTIONAL SYMBOL UP TACK DIAERESIS;So;0;L;;;;;N;;*;;;
+2362;APL FUNCTIONAL SYMBOL DEL DIAERESIS;So;0;L;;;;;N;;;;;
+2363;APL FUNCTIONAL SYMBOL STAR DIAERESIS;So;0;L;;;;;N;;;;;
+2364;APL FUNCTIONAL SYMBOL JOT DIAERESIS;So;0;L;;;;;N;;;;;
+2365;APL FUNCTIONAL SYMBOL CIRCLE DIAERESIS;So;0;L;;;;;N;;;;;
+2366;APL FUNCTIONAL SYMBOL DOWN SHOE STILE;So;0;L;;;;;N;;;;;
+2367;APL FUNCTIONAL SYMBOL LEFT SHOE STILE;So;0;L;;;;;N;;;;;
+2368;APL FUNCTIONAL SYMBOL TILDE DIAERESIS;So;0;L;;;;;N;;;;;
+2369;APL FUNCTIONAL SYMBOL GREATER-THAN DIAERESIS;So;0;L;;;;;N;;;;;
+236A;APL FUNCTIONAL SYMBOL COMMA BAR;So;0;L;;;;;N;;;;;
+236B;APL FUNCTIONAL SYMBOL DEL TILDE;So;0;L;;;;;N;;;;;
+236C;APL FUNCTIONAL SYMBOL ZILDE;So;0;L;;;;;N;;;;;
+236D;APL FUNCTIONAL SYMBOL STILE TILDE;So;0;L;;;;;N;;;;;
+236E;APL FUNCTIONAL SYMBOL SEMICOLON UNDERBAR;So;0;L;;;;;N;;;;;
+236F;APL FUNCTIONAL SYMBOL QUAD NOT EQUAL;So;0;L;;;;;N;;;;;
+2370;APL FUNCTIONAL SYMBOL QUAD QUESTION;So;0;L;;;;;N;;;;;
+2371;APL FUNCTIONAL SYMBOL DOWN CARET TILDE;So;0;L;;;;;N;;;;;
+2372;APL FUNCTIONAL SYMBOL UP CARET TILDE;So;0;L;;;;;N;;;;;
+2373;APL FUNCTIONAL SYMBOL IOTA;So;0;L;;;;;N;;;;;
+2374;APL FUNCTIONAL SYMBOL RHO;So;0;L;;;;;N;;;;;
+2375;APL FUNCTIONAL SYMBOL OMEGA;So;0;L;;;;;N;;;;;
+2376;APL FUNCTIONAL SYMBOL ALPHA UNDERBAR;So;0;L;;;;;N;;;;;
+2377;APL FUNCTIONAL SYMBOL EPSILON UNDERBAR;So;0;L;;;;;N;;;;;
+2378;APL FUNCTIONAL SYMBOL IOTA UNDERBAR;So;0;L;;;;;N;;;;;
+2379;APL FUNCTIONAL SYMBOL OMEGA UNDERBAR;So;0;L;;;;;N;;;;;
+237A;APL FUNCTIONAL SYMBOL ALPHA;So;0;L;;;;;N;;;;;
+237B;NOT CHECK MARK;So;0;ON;;;;;N;;;;;
+237C;RIGHT ANGLE WITH DOWNWARDS ZIGZAG ARROW;Sm;0;ON;;;;;N;;;;;
+237D;SHOULDERED OPEN BOX;So;0;ON;;;;;N;;;;;
+237E;BELL SYMBOL;So;0;ON;;;;;N;;;;;
+237F;VERTICAL LINE WITH MIDDLE DOT;So;0;ON;;;;;N;;;;;
+2380;INSERTION SYMBOL;So;0;ON;;;;;N;;;;;
+2381;CONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;;
+2382;DISCONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;;
+2383;EMPHASIS SYMBOL;So;0;ON;;;;;N;;;;;
+2384;COMPOSITION SYMBOL;So;0;ON;;;;;N;;;;;
+2385;WHITE SQUARE WITH CENTRE VERTICAL LINE;So;0;ON;;;;;N;;;;;
+2386;ENTER SYMBOL;So;0;ON;;;;;N;;;;;
+2387;ALTERNATIVE KEY SYMBOL;So;0;ON;;;;;N;;;;;
+2388;HELM SYMBOL;So;0;ON;;;;;N;;;;;
+2389;CIRCLED HORIZONTAL BAR WITH NOTCH;So;0;ON;;;;;N;;pause;;;
+238A;CIRCLED TRIANGLE DOWN;So;0;ON;;;;;N;;break;;;
+238B;BROKEN CIRCLE WITH NORTHWEST ARROW;So;0;ON;;;;;N;;escape;;;
+238C;UNDO SYMBOL;So;0;ON;;;;;N;;;;;
+238D;MONOSTABLE SYMBOL;So;0;ON;;;;;N;;;;;
+238E;HYSTERESIS SYMBOL;So;0;ON;;;;;N;;;;;
+238F;OPEN-CIRCUIT-OUTPUT H-TYPE SYMBOL;So;0;ON;;;;;N;;;;;
+2390;OPEN-CIRCUIT-OUTPUT L-TYPE SYMBOL;So;0;ON;;;;;N;;;;;
+2391;PASSIVE-PULL-DOWN-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;;
+2392;PASSIVE-PULL-UP-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;;
+2393;DIRECT CURRENT SYMBOL FORM TWO;So;0;ON;;;;;N;;;;;
+2394;SOFTWARE-FUNCTION SYMBOL;So;0;ON;;;;;N;;;;;
+2395;APL FUNCTIONAL SYMBOL QUAD;So;0;L;;;;;N;;;;;
+2396;DECIMAL SEPARATOR KEY SYMBOL;So;0;ON;;;;;N;;;;;
+2397;PREVIOUS PAGE;So;0;ON;;;;;N;;;;;
+2398;NEXT PAGE;So;0;ON;;;;;N;;;;;
+2399;PRINT SCREEN SYMBOL;So;0;ON;;;;;N;;;;;
+239A;CLEAR SCREEN SYMBOL;So;0;ON;;;;;N;;;;;
+239B;LEFT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+239C;LEFT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;;
+239D;LEFT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+239E;RIGHT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+239F;RIGHT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;;
+23A0;RIGHT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+23A1;LEFT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;;
+23A2;LEFT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;;
+23A3;LEFT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;;
+23A4;RIGHT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;;
+23A5;RIGHT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;;
+23A6;RIGHT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;;
+23A7;LEFT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+23A8;LEFT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;;
+23A9;LEFT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+23AA;CURLY BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;;
+23AB;RIGHT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;;
+23AC;RIGHT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;;
+23AD;RIGHT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;;
+23AE;INTEGRAL EXTENSION;Sm;0;ON;;;;;N;;;;;
+23AF;HORIZONTAL LINE EXTENSION;Sm;0;ON;;;;;N;;;;;
+23B0;UPPER LEFT OR LOWER RIGHT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;;
+23B1;UPPER RIGHT OR LOWER LEFT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;;
+23B2;SUMMATION TOP;Sm;0;ON;;;;;N;;;;;
+23B3;SUMMATION BOTTOM;Sm;0;ON;;;;;N;;;;;
+23B4;TOP SQUARE BRACKET;Ps;0;ON;;;;;N;;;;;
+23B5;BOTTOM SQUARE BRACKET;Pe;0;ON;;;;;N;;;;;
+23B6;BOTTOM SQUARE BRACKET OVER TOP SQUARE BRACKET;Po;0;ON;;;;;N;;;;;
+23B7;RADICAL SYMBOL BOTTOM;So;0;ON;;;;;N;;;;;
+23B8;LEFT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;;
+23B9;RIGHT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;;
+23BA;HORIZONTAL SCAN LINE-1;So;0;ON;;;;;N;;;;;
+23BB;HORIZONTAL SCAN LINE-3;So;0;ON;;;;;N;;;;;
+23BC;HORIZONTAL SCAN LINE-7;So;0;ON;;;;;N;;;;;
+23BD;HORIZONTAL SCAN LINE-9;So;0;ON;;;;;N;;;;;
+23BE;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP RIGHT;So;0;ON;;;;;N;;;;;
+23BF;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM RIGHT;So;0;ON;;;;;N;;;;;
+23C0;DENTISTRY SYMBOL LIGHT VERTICAL WITH CIRCLE;So;0;ON;;;;;N;;;;;
+23C1;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;;
+23C2;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;;
+23C3;DENTISTRY SYMBOL LIGHT VERTICAL WITH TRIANGLE;So;0;ON;;;;;N;;;;;
+23C4;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;;
+23C5;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;;
+23C6;DENTISTRY SYMBOL LIGHT VERTICAL AND WAVE;So;0;ON;;;;;N;;;;;
+23C7;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;;
+23C8;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;;
+23C9;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;;;;;
+23CA;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;;;;;
+23CB;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP LEFT;So;0;ON;;;;;N;;;;;
+23CC;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM LEFT;So;0;ON;;;;;N;;;;;
+23CD;SQUARE FOOT;So;0;ON;;;;;N;;;;;
+23CE;RETURN SYMBOL;So;0;ON;;;;;N;;;;;
+2400;SYMBOL FOR NULL;So;0;ON;;;;;N;GRAPHIC FOR NULL;;;;
+2401;SYMBOL FOR START OF HEADING;So;0;ON;;;;;N;GRAPHIC FOR START OF HEADING;;;;
+2402;SYMBOL FOR START OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR START OF TEXT;;;;
+2403;SYMBOL FOR END OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR END OF TEXT;;;;
+2404;SYMBOL FOR END OF TRANSMISSION;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION;;;;
+2405;SYMBOL FOR ENQUIRY;So;0;ON;;;;;N;GRAPHIC FOR ENQUIRY;;;;
+2406;SYMBOL FOR ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR ACKNOWLEDGE;;;;
+2407;SYMBOL FOR BELL;So;0;ON;;;;;N;GRAPHIC FOR BELL;;;;
+2408;SYMBOL FOR BACKSPACE;So;0;ON;;;;;N;GRAPHIC FOR BACKSPACE;;;;
+2409;SYMBOL FOR HORIZONTAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR HORIZONTAL TABULATION;;;;
+240A;SYMBOL FOR LINE FEED;So;0;ON;;;;;N;GRAPHIC FOR LINE FEED;;;;
+240B;SYMBOL FOR VERTICAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR VERTICAL TABULATION;;;;
+240C;SYMBOL FOR FORM FEED;So;0;ON;;;;;N;GRAPHIC FOR FORM FEED;;;;
+240D;SYMBOL FOR CARRIAGE RETURN;So;0;ON;;;;;N;GRAPHIC FOR CARRIAGE RETURN;;;;
+240E;SYMBOL FOR SHIFT OUT;So;0;ON;;;;;N;GRAPHIC FOR SHIFT OUT;;;;
+240F;SYMBOL FOR SHIFT IN;So;0;ON;;;;;N;GRAPHIC FOR SHIFT IN;;;;
+2410;SYMBOL FOR DATA LINK ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR DATA LINK ESCAPE;;;;
+2411;SYMBOL FOR DEVICE CONTROL ONE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL ONE;;;;
+2412;SYMBOL FOR DEVICE CONTROL TWO;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL TWO;;;;
+2413;SYMBOL FOR DEVICE CONTROL THREE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL THREE;;;;
+2414;SYMBOL FOR DEVICE CONTROL FOUR;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL FOUR;;;;
+2415;SYMBOL FOR NEGATIVE ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR NEGATIVE ACKNOWLEDGE;;;;
+2416;SYMBOL FOR SYNCHRONOUS IDLE;So;0;ON;;;;;N;GRAPHIC FOR SYNCHRONOUS IDLE;;;;
+2417;SYMBOL FOR END OF TRANSMISSION BLOCK;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION BLOCK;;;;
+2418;SYMBOL FOR CANCEL;So;0;ON;;;;;N;GRAPHIC FOR CANCEL;;;;
+2419;SYMBOL FOR END OF MEDIUM;So;0;ON;;;;;N;GRAPHIC FOR END OF MEDIUM;;;;
+241A;SYMBOL FOR SUBSTITUTE;So;0;ON;;;;;N;GRAPHIC FOR SUBSTITUTE;;;;
+241B;SYMBOL FOR ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR ESCAPE;;;;
+241C;SYMBOL FOR FILE SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR FILE SEPARATOR;;;;
+241D;SYMBOL FOR GROUP SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR GROUP SEPARATOR;;;;
+241E;SYMBOL FOR RECORD SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR RECORD SEPARATOR;;;;
+241F;SYMBOL FOR UNIT SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR UNIT SEPARATOR;;;;
+2420;SYMBOL FOR SPACE;So;0;ON;;;;;N;GRAPHIC FOR SPACE;;;;
+2421;SYMBOL FOR DELETE;So;0;ON;;;;;N;GRAPHIC FOR DELETE;;;;
+2422;BLANK SYMBOL;So;0;ON;;;;;N;BLANK;;;;
+2423;OPEN BOX;So;0;ON;;;;;N;;;;;
+2424;SYMBOL FOR NEWLINE;So;0;ON;;;;;N;GRAPHIC FOR NEWLINE;;;;
+2425;SYMBOL FOR DELETE FORM TWO;So;0;ON;;;;;N;;;;;
+2426;SYMBOL FOR SUBSTITUTE FORM TWO;So;0;ON;;;;;N;;;;;
+2440;OCR HOOK;So;0;ON;;;;;N;;;;;
+2441;OCR CHAIR;So;0;ON;;;;;N;;;;;
+2442;OCR FORK;So;0;ON;;;;;N;;;;;
+2443;OCR INVERTED FORK;So;0;ON;;;;;N;;;;;
+2444;OCR BELT BUCKLE;So;0;ON;;;;;N;;;;;
+2445;OCR BOW TIE;So;0;ON;;;;;N;;;;;
+2446;OCR BRANCH BANK IDENTIFICATION;So;0;ON;;;;;N;;;;;
+2447;OCR AMOUNT OF CHECK;So;0;ON;;;;;N;;;;;
+2448;OCR DASH;So;0;ON;;;;;N;;;;;
+2449;OCR CUSTOMER ACCOUNT NUMBER;So;0;ON;;;;;N;;;;;
+244A;OCR DOUBLE BACKSLASH;So;0;ON;;;;;N;;;;;
+2460;CIRCLED DIGIT ONE;No;0;EN;<circle> 0031;;1;1;N;;;;;
+2461;CIRCLED DIGIT TWO;No;0;EN;<circle> 0032;;2;2;N;;;;;
+2462;CIRCLED DIGIT THREE;No;0;EN;<circle> 0033;;3;3;N;;;;;
+2463;CIRCLED DIGIT FOUR;No;0;EN;<circle> 0034;;4;4;N;;;;;
+2464;CIRCLED DIGIT FIVE;No;0;EN;<circle> 0035;;5;5;N;;;;;
+2465;CIRCLED DIGIT SIX;No;0;EN;<circle> 0036;;6;6;N;;;;;
+2466;CIRCLED DIGIT SEVEN;No;0;EN;<circle> 0037;;7;7;N;;;;;
+2467;CIRCLED DIGIT EIGHT;No;0;EN;<circle> 0038;;8;8;N;;;;;
+2468;CIRCLED DIGIT NINE;No;0;EN;<circle> 0039;;9;9;N;;;;;
+2469;CIRCLED NUMBER TEN;No;0;EN;<circle> 0031 0030;;;10;N;;;;;
+246A;CIRCLED NUMBER ELEVEN;No;0;EN;<circle> 0031 0031;;;11;N;;;;;
+246B;CIRCLED NUMBER TWELVE;No;0;EN;<circle> 0031 0032;;;12;N;;;;;
+246C;CIRCLED NUMBER THIRTEEN;No;0;EN;<circle> 0031 0033;;;13;N;;;;;
+246D;CIRCLED NUMBER FOURTEEN;No;0;EN;<circle> 0031 0034;;;14;N;;;;;
+246E;CIRCLED NUMBER FIFTEEN;No;0;EN;<circle> 0031 0035;;;15;N;;;;;
+246F;CIRCLED NUMBER SIXTEEN;No;0;EN;<circle> 0031 0036;;;16;N;;;;;
+2470;CIRCLED NUMBER SEVENTEEN;No;0;EN;<circle> 0031 0037;;;17;N;;;;;
+2471;CIRCLED NUMBER EIGHTEEN;No;0;EN;<circle> 0031 0038;;;18;N;;;;;
+2472;CIRCLED NUMBER NINETEEN;No;0;EN;<circle> 0031 0039;;;19;N;;;;;
+2473;CIRCLED NUMBER TWENTY;No;0;EN;<circle> 0032 0030;;;20;N;;;;;
+2474;PARENTHESIZED DIGIT ONE;No;0;EN;<compat> 0028 0031 0029;;1;1;N;;;;;
+2475;PARENTHESIZED DIGIT TWO;No;0;EN;<compat> 0028 0032 0029;;2;2;N;;;;;
+2476;PARENTHESIZED DIGIT THREE;No;0;EN;<compat> 0028 0033 0029;;3;3;N;;;;;
+2477;PARENTHESIZED DIGIT FOUR;No;0;EN;<compat> 0028 0034 0029;;4;4;N;;;;;
+2478;PARENTHESIZED DIGIT FIVE;No;0;EN;<compat> 0028 0035 0029;;5;5;N;;;;;
+2479;PARENTHESIZED DIGIT SIX;No;0;EN;<compat> 0028 0036 0029;;6;6;N;;;;;
+247A;PARENTHESIZED DIGIT SEVEN;No;0;EN;<compat> 0028 0037 0029;;7;7;N;;;;;
+247B;PARENTHESIZED DIGIT EIGHT;No;0;EN;<compat> 0028 0038 0029;;8;8;N;;;;;
+247C;PARENTHESIZED DIGIT NINE;No;0;EN;<compat> 0028 0039 0029;;9;9;N;;;;;
+247D;PARENTHESIZED NUMBER TEN;No;0;EN;<compat> 0028 0031 0030 0029;;;10;N;;;;;
+247E;PARENTHESIZED NUMBER ELEVEN;No;0;EN;<compat> 0028 0031 0031 0029;;;11;N;;;;;
+247F;PARENTHESIZED NUMBER TWELVE;No;0;EN;<compat> 0028 0031 0032 0029;;;12;N;;;;;
+2480;PARENTHESIZED NUMBER THIRTEEN;No;0;EN;<compat> 0028 0031 0033 0029;;;13;N;;;;;
+2481;PARENTHESIZED NUMBER FOURTEEN;No;0;EN;<compat> 0028 0031 0034 0029;;;14;N;;;;;
+2482;PARENTHESIZED NUMBER FIFTEEN;No;0;EN;<compat> 0028 0031 0035 0029;;;15;N;;;;;
+2483;PARENTHESIZED NUMBER SIXTEEN;No;0;EN;<compat> 0028 0031 0036 0029;;;16;N;;;;;
+2484;PARENTHESIZED NUMBER SEVENTEEN;No;0;EN;<compat> 0028 0031 0037 0029;;;17;N;;;;;
+2485;PARENTHESIZED NUMBER EIGHTEEN;No;0;EN;<compat> 0028 0031 0038 0029;;;18;N;;;;;
+2486;PARENTHESIZED NUMBER NINETEEN;No;0;EN;<compat> 0028 0031 0039 0029;;;19;N;;;;;
+2487;PARENTHESIZED NUMBER TWENTY;No;0;EN;<compat> 0028 0032 0030 0029;;;20;N;;;;;
+2488;DIGIT ONE FULL STOP;No;0;EN;<compat> 0031 002E;;1;1;N;DIGIT ONE PERIOD;;;;
+2489;DIGIT TWO FULL STOP;No;0;EN;<compat> 0032 002E;;2;2;N;DIGIT TWO PERIOD;;;;
+248A;DIGIT THREE FULL STOP;No;0;EN;<compat> 0033 002E;;3;3;N;DIGIT THREE PERIOD;;;;
+248B;DIGIT FOUR FULL STOP;No;0;EN;<compat> 0034 002E;;4;4;N;DIGIT FOUR PERIOD;;;;
+248C;DIGIT FIVE FULL STOP;No;0;EN;<compat> 0035 002E;;5;5;N;DIGIT FIVE PERIOD;;;;
+248D;DIGIT SIX FULL STOP;No;0;EN;<compat> 0036 002E;;6;6;N;DIGIT SIX PERIOD;;;;
+248E;DIGIT SEVEN FULL STOP;No;0;EN;<compat> 0037 002E;;7;7;N;DIGIT SEVEN PERIOD;;;;
+248F;DIGIT EIGHT FULL STOP;No;0;EN;<compat> 0038 002E;;8;8;N;DIGIT EIGHT PERIOD;;;;
+2490;DIGIT NINE FULL STOP;No;0;EN;<compat> 0039 002E;;9;9;N;DIGIT NINE PERIOD;;;;
+2491;NUMBER TEN FULL STOP;No;0;EN;<compat> 0031 0030 002E;;;10;N;NUMBER TEN PERIOD;;;;
+2492;NUMBER ELEVEN FULL STOP;No;0;EN;<compat> 0031 0031 002E;;;11;N;NUMBER ELEVEN PERIOD;;;;
+2493;NUMBER TWELVE FULL STOP;No;0;EN;<compat> 0031 0032 002E;;;12;N;NUMBER TWELVE PERIOD;;;;
+2494;NUMBER THIRTEEN FULL STOP;No;0;EN;<compat> 0031 0033 002E;;;13;N;NUMBER THIRTEEN PERIOD;;;;
+2495;NUMBER FOURTEEN FULL STOP;No;0;EN;<compat> 0031 0034 002E;;;14;N;NUMBER FOURTEEN PERIOD;;;;
+2496;NUMBER FIFTEEN FULL STOP;No;0;EN;<compat> 0031 0035 002E;;;15;N;NUMBER FIFTEEN PERIOD;;;;
+2497;NUMBER SIXTEEN FULL STOP;No;0;EN;<compat> 0031 0036 002E;;;16;N;NUMBER SIXTEEN PERIOD;;;;
+2498;NUMBER SEVENTEEN FULL STOP;No;0;EN;<compat> 0031 0037 002E;;;17;N;NUMBER SEVENTEEN PERIOD;;;;
+2499;NUMBER EIGHTEEN FULL STOP;No;0;EN;<compat> 0031 0038 002E;;;18;N;NUMBER EIGHTEEN PERIOD;;;;
+249A;NUMBER NINETEEN FULL STOP;No;0;EN;<compat> 0031 0039 002E;;;19;N;NUMBER NINETEEN PERIOD;;;;
+249B;NUMBER TWENTY FULL STOP;No;0;EN;<compat> 0032 0030 002E;;;20;N;NUMBER TWENTY PERIOD;;;;
+249C;PARENTHESIZED LATIN SMALL LETTER A;So;0;L;<compat> 0028 0061 0029;;;;N;;;;;
+249D;PARENTHESIZED LATIN SMALL LETTER B;So;0;L;<compat> 0028 0062 0029;;;;N;;;;;
+249E;PARENTHESIZED LATIN SMALL LETTER C;So;0;L;<compat> 0028 0063 0029;;;;N;;;;;
+249F;PARENTHESIZED LATIN SMALL LETTER D;So;0;L;<compat> 0028 0064 0029;;;;N;;;;;
+24A0;PARENTHESIZED LATIN SMALL LETTER E;So;0;L;<compat> 0028 0065 0029;;;;N;;;;;
+24A1;PARENTHESIZED LATIN SMALL LETTER F;So;0;L;<compat> 0028 0066 0029;;;;N;;;;;
+24A2;PARENTHESIZED LATIN SMALL LETTER G;So;0;L;<compat> 0028 0067 0029;;;;N;;;;;
+24A3;PARENTHESIZED LATIN SMALL LETTER H;So;0;L;<compat> 0028 0068 0029;;;;N;;;;;
+24A4;PARENTHESIZED LATIN SMALL LETTER I;So;0;L;<compat> 0028 0069 0029;;;;N;;;;;
+24A5;PARENTHESIZED LATIN SMALL LETTER J;So;0;L;<compat> 0028 006A 0029;;;;N;;;;;
+24A6;PARENTHESIZED LATIN SMALL LETTER K;So;0;L;<compat> 0028 006B 0029;;;;N;;;;;
+24A7;PARENTHESIZED LATIN SMALL LETTER L;So;0;L;<compat> 0028 006C 0029;;;;N;;;;;
+24A8;PARENTHESIZED LATIN SMALL LETTER M;So;0;L;<compat> 0028 006D 0029;;;;N;;;;;
+24A9;PARENTHESIZED LATIN SMALL LETTER N;So;0;L;<compat> 0028 006E 0029;;;;N;;;;;
+24AA;PARENTHESIZED LATIN SMALL LETTER O;So;0;L;<compat> 0028 006F 0029;;;;N;;;;;
+24AB;PARENTHESIZED LATIN SMALL LETTER P;So;0;L;<compat> 0028 0070 0029;;;;N;;;;;
+24AC;PARENTHESIZED LATIN SMALL LETTER Q;So;0;L;<compat> 0028 0071 0029;;;;N;;;;;
+24AD;PARENTHESIZED LATIN SMALL LETTER R;So;0;L;<compat> 0028 0072 0029;;;;N;;;;;
+24AE;PARENTHESIZED LATIN SMALL LETTER S;So;0;L;<compat> 0028 0073 0029;;;;N;;;;;
+24AF;PARENTHESIZED LATIN SMALL LETTER T;So;0;L;<compat> 0028 0074 0029;;;;N;;;;;
+24B0;PARENTHESIZED LATIN SMALL LETTER U;So;0;L;<compat> 0028 0075 0029;;;;N;;;;;
+24B1;PARENTHESIZED LATIN SMALL LETTER V;So;0;L;<compat> 0028 0076 0029;;;;N;;;;;
+24B2;PARENTHESIZED LATIN SMALL LETTER W;So;0;L;<compat> 0028 0077 0029;;;;N;;;;;
+24B3;PARENTHESIZED LATIN SMALL LETTER X;So;0;L;<compat> 0028 0078 0029;;;;N;;;;;
+24B4;PARENTHESIZED LATIN SMALL LETTER Y;So;0;L;<compat> 0028 0079 0029;;;;N;;;;;
+24B5;PARENTHESIZED LATIN SMALL LETTER Z;So;0;L;<compat> 0028 007A 0029;;;;N;;;;;
+24B6;CIRCLED LATIN CAPITAL LETTER A;So;0;L;<circle> 0041;;;;N;;;;24D0;
+24B7;CIRCLED LATIN CAPITAL LETTER B;So;0;L;<circle> 0042;;;;N;;;;24D1;
+24B8;CIRCLED LATIN CAPITAL LETTER C;So;0;L;<circle> 0043;;;;N;;;;24D2;
+24B9;CIRCLED LATIN CAPITAL LETTER D;So;0;L;<circle> 0044;;;;N;;;;24D3;
+24BA;CIRCLED LATIN CAPITAL LETTER E;So;0;L;<circle> 0045;;;;N;;;;24D4;
+24BB;CIRCLED LATIN CAPITAL LETTER F;So;0;L;<circle> 0046;;;;N;;;;24D5;
+24BC;CIRCLED LATIN CAPITAL LETTER G;So;0;L;<circle> 0047;;;;N;;;;24D6;
+24BD;CIRCLED LATIN CAPITAL LETTER H;So;0;L;<circle> 0048;;;;N;;;;24D7;
+24BE;CIRCLED LATIN CAPITAL LETTER I;So;0;L;<circle> 0049;;;;N;;;;24D8;
+24BF;CIRCLED LATIN CAPITAL LETTER J;So;0;L;<circle> 004A;;;;N;;;;24D9;
+24C0;CIRCLED LATIN CAPITAL LETTER K;So;0;L;<circle> 004B;;;;N;;;;24DA;
+24C1;CIRCLED LATIN CAPITAL LETTER L;So;0;L;<circle> 004C;;;;N;;;;24DB;
+24C2;CIRCLED LATIN CAPITAL LETTER M;So;0;L;<circle> 004D;;;;N;;;;24DC;
+24C3;CIRCLED LATIN CAPITAL LETTER N;So;0;L;<circle> 004E;;;;N;;;;24DD;
+24C4;CIRCLED LATIN CAPITAL LETTER O;So;0;L;<circle> 004F;;;;N;;;;24DE;
+24C5;CIRCLED LATIN CAPITAL LETTER P;So;0;L;<circle> 0050;;;;N;;;;24DF;
+24C6;CIRCLED LATIN CAPITAL LETTER Q;So;0;L;<circle> 0051;;;;N;;;;24E0;
+24C7;CIRCLED LATIN CAPITAL LETTER R;So;0;L;<circle> 0052;;;;N;;;;24E1;
+24C8;CIRCLED LATIN CAPITAL LETTER S;So;0;L;<circle> 0053;;;;N;;;;24E2;
+24C9;CIRCLED LATIN CAPITAL LETTER T;So;0;L;<circle> 0054;;;;N;;;;24E3;
+24CA;CIRCLED LATIN CAPITAL LETTER U;So;0;L;<circle> 0055;;;;N;;;;24E4;
+24CB;CIRCLED LATIN CAPITAL LETTER V;So;0;L;<circle> 0056;;;;N;;;;24E5;
+24CC;CIRCLED LATIN CAPITAL LETTER W;So;0;L;<circle> 0057;;;;N;;;;24E6;
+24CD;CIRCLED LATIN CAPITAL LETTER X;So;0;L;<circle> 0058;;;;N;;;;24E7;
+24CE;CIRCLED LATIN CAPITAL LETTER Y;So;0;L;<circle> 0059;;;;N;;;;24E8;
+24CF;CIRCLED LATIN CAPITAL LETTER Z;So;0;L;<circle> 005A;;;;N;;;;24E9;
+24D0;CIRCLED LATIN SMALL LETTER A;So;0;L;<circle> 0061;;;;N;;;24B6;;24B6
+24D1;CIRCLED LATIN SMALL LETTER B;So;0;L;<circle> 0062;;;;N;;;24B7;;24B7
+24D2;CIRCLED LATIN SMALL LETTER C;So;0;L;<circle> 0063;;;;N;;;24B8;;24B8
+24D3;CIRCLED LATIN SMALL LETTER D;So;0;L;<circle> 0064;;;;N;;;24B9;;24B9
+24D4;CIRCLED LATIN SMALL LETTER E;So;0;L;<circle> 0065;;;;N;;;24BA;;24BA
+24D5;CIRCLED LATIN SMALL LETTER F;So;0;L;<circle> 0066;;;;N;;;24BB;;24BB
+24D6;CIRCLED LATIN SMALL LETTER G;So;0;L;<circle> 0067;;;;N;;;24BC;;24BC
+24D7;CIRCLED LATIN SMALL LETTER H;So;0;L;<circle> 0068;;;;N;;;24BD;;24BD
+24D8;CIRCLED LATIN SMALL LETTER I;So;0;L;<circle> 0069;;;;N;;;24BE;;24BE
+24D9;CIRCLED LATIN SMALL LETTER J;So;0;L;<circle> 006A;;;;N;;;24BF;;24BF
+24DA;CIRCLED LATIN SMALL LETTER K;So;0;L;<circle> 006B;;;;N;;;24C0;;24C0
+24DB;CIRCLED LATIN SMALL LETTER L;So;0;L;<circle> 006C;;;;N;;;24C1;;24C1
+24DC;CIRCLED LATIN SMALL LETTER M;So;0;L;<circle> 006D;;;;N;;;24C2;;24C2
+24DD;CIRCLED LATIN SMALL LETTER N;So;0;L;<circle> 006E;;;;N;;;24C3;;24C3
+24DE;CIRCLED LATIN SMALL LETTER O;So;0;L;<circle> 006F;;;;N;;;24C4;;24C4
+24DF;CIRCLED LATIN SMALL LETTER P;So;0;L;<circle> 0070;;;;N;;;24C5;;24C5
+24E0;CIRCLED LATIN SMALL LETTER Q;So;0;L;<circle> 0071;;;;N;;;24C6;;24C6
+24E1;CIRCLED LATIN SMALL LETTER R;So;0;L;<circle> 0072;;;;N;;;24C7;;24C7
+24E2;CIRCLED LATIN SMALL LETTER S;So;0;L;<circle> 0073;;;;N;;;24C8;;24C8
+24E3;CIRCLED LATIN SMALL LETTER T;So;0;L;<circle> 0074;;;;N;;;24C9;;24C9
+24E4;CIRCLED LATIN SMALL LETTER U;So;0;L;<circle> 0075;;;;N;;;24CA;;24CA
+24E5;CIRCLED LATIN SMALL LETTER V;So;0;L;<circle> 0076;;;;N;;;24CB;;24CB
+24E6;CIRCLED LATIN SMALL LETTER W;So;0;L;<circle> 0077;;;;N;;;24CC;;24CC
+24E7;CIRCLED LATIN SMALL LETTER X;So;0;L;<circle> 0078;;;;N;;;24CD;;24CD
+24E8;CIRCLED LATIN SMALL LETTER Y;So;0;L;<circle> 0079;;;;N;;;24CE;;24CE
+24E9;CIRCLED LATIN SMALL LETTER Z;So;0;L;<circle> 007A;;;;N;;;24CF;;24CF
+24EA;CIRCLED DIGIT ZERO;No;0;EN;<circle> 0030;;0;0;N;;;;;
+24EB;NEGATIVE CIRCLED NUMBER ELEVEN;No;0;ON;;;;11;N;;;;;
+24EC;NEGATIVE CIRCLED NUMBER TWELVE;No;0;ON;;;;12;N;;;;;
+24ED;NEGATIVE CIRCLED NUMBER THIRTEEN;No;0;ON;;;;13;N;;;;;
+24EE;NEGATIVE CIRCLED NUMBER FOURTEEN;No;0;ON;;;;14;N;;;;;
+24EF;NEGATIVE CIRCLED NUMBER FIFTEEN;No;0;ON;;;;15;N;;;;;
+24F0;NEGATIVE CIRCLED NUMBER SIXTEEN;No;0;ON;;;;16;N;;;;;
+24F1;NEGATIVE CIRCLED NUMBER SEVENTEEN;No;0;ON;;;;17;N;;;;;
+24F2;NEGATIVE CIRCLED NUMBER EIGHTEEN;No;0;ON;;;;18;N;;;;;
+24F3;NEGATIVE CIRCLED NUMBER NINETEEN;No;0;ON;;;;19;N;;;;;
+24F4;NEGATIVE CIRCLED NUMBER TWENTY;No;0;ON;;;;20;N;;;;;
+24F5;DOUBLE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;;;;;
+24F6;DOUBLE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;;;;;
+24F7;DOUBLE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;;;;;
+24F8;DOUBLE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;;;;;
+24F9;DOUBLE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;;;;;
+24FA;DOUBLE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;;;;;
+24FB;DOUBLE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;;;;;
+24FC;DOUBLE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;;;;;
+24FD;DOUBLE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;;;;;
+24FE;DOUBLE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;;;;;
+2500;BOX DRAWINGS LIGHT HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT HORIZONTAL;;;;
+2501;BOX DRAWINGS HEAVY HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY HORIZONTAL;;;;
+2502;BOX DRAWINGS LIGHT VERTICAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL;;;;
+2503;BOX DRAWINGS HEAVY VERTICAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL;;;;
+2504;BOX DRAWINGS LIGHT TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH HORIZONTAL;;;;
+2505;BOX DRAWINGS HEAVY TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH HORIZONTAL;;;;
+2506;BOX DRAWINGS LIGHT TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH VERTICAL;;;;
+2507;BOX DRAWINGS HEAVY TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH VERTICAL;;;;
+2508;BOX DRAWINGS LIGHT QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH HORIZONTAL;;;;
+2509;BOX DRAWINGS HEAVY QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH HORIZONTAL;;;;
+250A;BOX DRAWINGS LIGHT QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH VERTICAL;;;;
+250B;BOX DRAWINGS HEAVY QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH VERTICAL;;;;
+250C;BOX DRAWINGS LIGHT DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND RIGHT;;;;
+250D;BOX DRAWINGS DOWN LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT HEAVY;;;;
+250E;BOX DRAWINGS DOWN HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT LIGHT;;;;
+250F;BOX DRAWINGS HEAVY DOWN AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND RIGHT;;;;
+2510;BOX DRAWINGS LIGHT DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND LEFT;;;;
+2511;BOX DRAWINGS DOWN LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT HEAVY;;;;
+2512;BOX DRAWINGS DOWN HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT LIGHT;;;;
+2513;BOX DRAWINGS HEAVY DOWN AND LEFT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND LEFT;;;;
+2514;BOX DRAWINGS LIGHT UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT UP AND RIGHT;;;;
+2515;BOX DRAWINGS UP LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT HEAVY;;;;
+2516;BOX DRAWINGS UP HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT LIGHT;;;;
+2517;BOX DRAWINGS HEAVY UP AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY UP AND RIGHT;;;;
+2518;BOX DRAWINGS LIGHT UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT UP AND LEFT;;;;
+2519;BOX DRAWINGS UP LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT HEAVY;;;;
+251A;BOX DRAWINGS UP HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT LIGHT;;;;
+251B;BOX DRAWINGS HEAVY UP AND LEFT;So;0;ON;;;;;N;FORMS HEAVY UP AND LEFT;;;;
+251C;BOX DRAWINGS LIGHT VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND RIGHT;;;;
+251D;BOX DRAWINGS VERTICAL LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND RIGHT HEAVY;;;;
+251E;BOX DRAWINGS UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT DOWN LIGHT;;;;
+251F;BOX DRAWINGS DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT UP LIGHT;;;;
+2520;BOX DRAWINGS VERTICAL HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND RIGHT LIGHT;;;;
+2521;BOX DRAWINGS DOWN LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT UP HEAVY;;;;
+2522;BOX DRAWINGS UP LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT DOWN HEAVY;;;;
+2523;BOX DRAWINGS HEAVY VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND RIGHT;;;;
+2524;BOX DRAWINGS LIGHT VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND LEFT;;;;
+2525;BOX DRAWINGS VERTICAL LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND LEFT HEAVY;;;;
+2526;BOX DRAWINGS UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT DOWN LIGHT;;;;
+2527;BOX DRAWINGS DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT UP LIGHT;;;;
+2528;BOX DRAWINGS VERTICAL HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND LEFT LIGHT;;;;
+2529;BOX DRAWINGS DOWN LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT UP HEAVY;;;;
+252A;BOX DRAWINGS UP LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT DOWN HEAVY;;;;
+252B;BOX DRAWINGS HEAVY VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND LEFT;;;;
+252C;BOX DRAWINGS LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOWN AND HORIZONTAL;;;;
+252D;BOX DRAWINGS LEFT HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT DOWN LIGHT;;;;
+252E;BOX DRAWINGS RIGHT HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT DOWN LIGHT;;;;
+252F;BOX DRAWINGS DOWN LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND HORIZONTAL HEAVY;;;;
+2530;BOX DRAWINGS DOWN HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND HORIZONTAL LIGHT;;;;
+2531;BOX DRAWINGS RIGHT LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT DOWN HEAVY;;;;
+2532;BOX DRAWINGS LEFT LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT DOWN HEAVY;;;;
+2533;BOX DRAWINGS HEAVY DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOWN AND HORIZONTAL;;;;
+2534;BOX DRAWINGS LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT UP AND HORIZONTAL;;;;
+2535;BOX DRAWINGS LEFT HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT UP LIGHT;;;;
+2536;BOX DRAWINGS RIGHT HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT UP LIGHT;;;;
+2537;BOX DRAWINGS UP LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND HORIZONTAL HEAVY;;;;
+2538;BOX DRAWINGS UP HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND HORIZONTAL LIGHT;;;;
+2539;BOX DRAWINGS RIGHT LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT UP HEAVY;;;;
+253A;BOX DRAWINGS LEFT LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT UP HEAVY;;;;
+253B;BOX DRAWINGS HEAVY UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY UP AND HORIZONTAL;;;;
+253C;BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND HORIZONTAL;;;;
+253D;BOX DRAWINGS LEFT HEAVY AND RIGHT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT VERTICAL LIGHT;;;;
+253E;BOX DRAWINGS RIGHT HEAVY AND LEFT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT VERTICAL LIGHT;;;;
+253F;BOX DRAWINGS VERTICAL LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND HORIZONTAL HEAVY;;;;
+2540;BOX DRAWINGS UP HEAVY AND DOWN HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND DOWN HORIZONTAL LIGHT;;;;
+2541;BOX DRAWINGS DOWN HEAVY AND UP HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND UP HORIZONTAL LIGHT;;;;
+2542;BOX DRAWINGS VERTICAL HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND HORIZONTAL LIGHT;;;;
+2543;BOX DRAWINGS LEFT UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT UP HEAVY AND RIGHT DOWN LIGHT;;;;
+2544;BOX DRAWINGS RIGHT UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT UP HEAVY AND LEFT DOWN LIGHT;;;;
+2545;BOX DRAWINGS LEFT DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT DOWN HEAVY AND RIGHT UP LIGHT;;;;
+2546;BOX DRAWINGS RIGHT DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT DOWN HEAVY AND LEFT UP LIGHT;;;;
+2547;BOX DRAWINGS DOWN LIGHT AND UP HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND UP HORIZONTAL HEAVY;;;;
+2548;BOX DRAWINGS UP LIGHT AND DOWN HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND DOWN HORIZONTAL HEAVY;;;;
+2549;BOX DRAWINGS RIGHT LIGHT AND LEFT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT VERTICAL HEAVY;;;;
+254A;BOX DRAWINGS LEFT LIGHT AND RIGHT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT VERTICAL HEAVY;;;;
+254B;BOX DRAWINGS HEAVY VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND HORIZONTAL;;;;
+254C;BOX DRAWINGS LIGHT DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH HORIZONTAL;;;;
+254D;BOX DRAWINGS HEAVY DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH HORIZONTAL;;;;
+254E;BOX DRAWINGS LIGHT DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH VERTICAL;;;;
+254F;BOX DRAWINGS HEAVY DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH VERTICAL;;;;
+2550;BOX DRAWINGS DOUBLE HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE HORIZONTAL;;;;
+2551;BOX DRAWINGS DOUBLE VERTICAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL;;;;
+2552;BOX DRAWINGS DOWN SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND RIGHT DOUBLE;;;;
+2553;BOX DRAWINGS DOWN DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND RIGHT SINGLE;;;;
+2554;BOX DRAWINGS DOUBLE DOWN AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND RIGHT;;;;
+2555;BOX DRAWINGS DOWN SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND LEFT DOUBLE;;;;
+2556;BOX DRAWINGS DOWN DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND LEFT SINGLE;;;;
+2557;BOX DRAWINGS DOUBLE DOWN AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND LEFT;;;;
+2558;BOX DRAWINGS UP SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND RIGHT DOUBLE;;;;
+2559;BOX DRAWINGS UP DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND RIGHT SINGLE;;;;
+255A;BOX DRAWINGS DOUBLE UP AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE UP AND RIGHT;;;;
+255B;BOX DRAWINGS UP SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND LEFT DOUBLE;;;;
+255C;BOX DRAWINGS UP DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND LEFT SINGLE;;;;
+255D;BOX DRAWINGS DOUBLE UP AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE UP AND LEFT;;;;
+255E;BOX DRAWINGS VERTICAL SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND RIGHT DOUBLE;;;;
+255F;BOX DRAWINGS VERTICAL DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND RIGHT SINGLE;;;;
+2560;BOX DRAWINGS DOUBLE VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND RIGHT;;;;
+2561;BOX DRAWINGS VERTICAL SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND LEFT DOUBLE;;;;
+2562;BOX DRAWINGS VERTICAL DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND LEFT SINGLE;;;;
+2563;BOX DRAWINGS DOUBLE VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND LEFT;;;;
+2564;BOX DRAWINGS DOWN SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND HORIZONTAL DOUBLE;;;;
+2565;BOX DRAWINGS DOWN DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND HORIZONTAL SINGLE;;;;
+2566;BOX DRAWINGS DOUBLE DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND HORIZONTAL;;;;
+2567;BOX DRAWINGS UP SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND HORIZONTAL DOUBLE;;;;
+2568;BOX DRAWINGS UP DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND HORIZONTAL SINGLE;;;;
+2569;BOX DRAWINGS DOUBLE UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE UP AND HORIZONTAL;;;;
+256A;BOX DRAWINGS VERTICAL SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND HORIZONTAL DOUBLE;;;;
+256B;BOX DRAWINGS VERTICAL DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND HORIZONTAL SINGLE;;;;
+256C;BOX DRAWINGS DOUBLE VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND HORIZONTAL;;;;
+256D;BOX DRAWINGS LIGHT ARC DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND RIGHT;;;;
+256E;BOX DRAWINGS LIGHT ARC DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND LEFT;;;;
+256F;BOX DRAWINGS LIGHT ARC UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND LEFT;;;;
+2570;BOX DRAWINGS LIGHT ARC UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND RIGHT;;;;
+2571;BOX DRAWINGS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;;;;
+2572;BOX DRAWINGS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;;;;
+2573;BOX DRAWINGS LIGHT DIAGONAL CROSS;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL CROSS;;;;
+2574;BOX DRAWINGS LIGHT LEFT;So;0;ON;;;;;N;FORMS LIGHT LEFT;;;;
+2575;BOX DRAWINGS LIGHT UP;So;0;ON;;;;;N;FORMS LIGHT UP;;;;
+2576;BOX DRAWINGS LIGHT RIGHT;So;0;ON;;;;;N;FORMS LIGHT RIGHT;;;;
+2577;BOX DRAWINGS LIGHT DOWN;So;0;ON;;;;;N;FORMS LIGHT DOWN;;;;
+2578;BOX DRAWINGS HEAVY LEFT;So;0;ON;;;;;N;FORMS HEAVY LEFT;;;;
+2579;BOX DRAWINGS HEAVY UP;So;0;ON;;;;;N;FORMS HEAVY UP;;;;
+257A;BOX DRAWINGS HEAVY RIGHT;So;0;ON;;;;;N;FORMS HEAVY RIGHT;;;;
+257B;BOX DRAWINGS HEAVY DOWN;So;0;ON;;;;;N;FORMS HEAVY DOWN;;;;
+257C;BOX DRAWINGS LIGHT LEFT AND HEAVY RIGHT;So;0;ON;;;;;N;FORMS LIGHT LEFT AND HEAVY RIGHT;;;;
+257D;BOX DRAWINGS LIGHT UP AND HEAVY DOWN;So;0;ON;;;;;N;FORMS LIGHT UP AND HEAVY DOWN;;;;
+257E;BOX DRAWINGS HEAVY LEFT AND LIGHT RIGHT;So;0;ON;;;;;N;FORMS HEAVY LEFT AND LIGHT RIGHT;;;;
+257F;BOX DRAWINGS HEAVY UP AND LIGHT DOWN;So;0;ON;;;;;N;FORMS HEAVY UP AND LIGHT DOWN;;;;
+2580;UPPER HALF BLOCK;So;0;ON;;;;;N;;;;;
+2581;LOWER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2582;LOWER ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;;
+2583;LOWER THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+2584;LOWER HALF BLOCK;So;0;ON;;;;;N;;;;;
+2585;LOWER FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+2586;LOWER THREE QUARTERS BLOCK;So;0;ON;;;;;N;LOWER THREE QUARTER BLOCK;;;;
+2587;LOWER SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+2588;FULL BLOCK;So;0;ON;;;;;N;;;;;
+2589;LEFT SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+258A;LEFT THREE QUARTERS BLOCK;So;0;ON;;;;;N;LEFT THREE QUARTER BLOCK;;;;
+258B;LEFT FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+258C;LEFT HALF BLOCK;So;0;ON;;;;;N;;;;;
+258D;LEFT THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;;
+258E;LEFT ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;;
+258F;LEFT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2590;RIGHT HALF BLOCK;So;0;ON;;;;;N;;;;;
+2591;LIGHT SHADE;So;0;ON;;;;;N;;;;;
+2592;MEDIUM SHADE;So;0;ON;;;;;N;;;;;
+2593;DARK SHADE;So;0;ON;;;;;N;;;;;
+2594;UPPER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2595;RIGHT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;;
+2596;QUADRANT LOWER LEFT;So;0;ON;;;;;N;;;;;
+2597;QUADRANT LOWER RIGHT;So;0;ON;;;;;N;;;;;
+2598;QUADRANT UPPER LEFT;So;0;ON;;;;;N;;;;;
+2599;QUADRANT UPPER LEFT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+259A;QUADRANT UPPER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+259B;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;;
+259C;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+259D;QUADRANT UPPER RIGHT;So;0;ON;;;;;N;;;;;
+259E;QUADRANT UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;;
+259F;QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;;
+25A0;BLACK SQUARE;So;0;ON;;;;;N;;;;;
+25A1;WHITE SQUARE;So;0;ON;;;;;N;;;;;
+25A2;WHITE SQUARE WITH ROUNDED CORNERS;So;0;ON;;;;;N;;;;;
+25A3;WHITE SQUARE CONTAINING BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;;
+25A4;SQUARE WITH HORIZONTAL FILL;So;0;ON;;;;;N;;;;;
+25A5;SQUARE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;;
+25A6;SQUARE WITH ORTHOGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;;
+25A7;SQUARE WITH UPPER LEFT TO LOWER RIGHT FILL;So;0;ON;;;;;N;;;;;
+25A8;SQUARE WITH UPPER RIGHT TO LOWER LEFT FILL;So;0;ON;;;;;N;;;;;
+25A9;SQUARE WITH DIAGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;;
+25AA;BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;;
+25AB;WHITE SMALL SQUARE;So;0;ON;;;;;N;;;;;
+25AC;BLACK RECTANGLE;So;0;ON;;;;;N;;;;;
+25AD;WHITE RECTANGLE;So;0;ON;;;;;N;;;;;
+25AE;BLACK VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;;
+25AF;WHITE VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;;
+25B0;BLACK PARALLELOGRAM;So;0;ON;;;;;N;;;;;
+25B1;WHITE PARALLELOGRAM;So;0;ON;;;;;N;;;;;
+25B2;BLACK UP-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING TRIANGLE;;;;
+25B3;WHITE UP-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE;;;;
+25B4;BLACK UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING SMALL TRIANGLE;;;;
+25B5;WHITE UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING SMALL TRIANGLE;;;;
+25B6;BLACK RIGHT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING TRIANGLE;;;;
+25B7;WHITE RIGHT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE RIGHT POINTING TRIANGLE;;;;
+25B8;BLACK RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING SMALL TRIANGLE;;;;
+25B9;WHITE RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE RIGHT POINTING SMALL TRIANGLE;;;;
+25BA;BLACK RIGHT-POINTING POINTER;So;0;ON;;;;;N;BLACK RIGHT POINTING POINTER;;;;
+25BB;WHITE RIGHT-POINTING POINTER;So;0;ON;;;;;N;WHITE RIGHT POINTING POINTER;;;;
+25BC;BLACK DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING TRIANGLE;;;;
+25BD;WHITE DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING TRIANGLE;;;;
+25BE;BLACK DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING SMALL TRIANGLE;;;;
+25BF;WHITE DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING SMALL TRIANGLE;;;;
+25C0;BLACK LEFT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING TRIANGLE;;;;
+25C1;WHITE LEFT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE LEFT POINTING TRIANGLE;;;;
+25C2;BLACK LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING SMALL TRIANGLE;;;;
+25C3;WHITE LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE LEFT POINTING SMALL TRIANGLE;;;;
+25C4;BLACK LEFT-POINTING POINTER;So;0;ON;;;;;N;BLACK LEFT POINTING POINTER;;;;
+25C5;WHITE LEFT-POINTING POINTER;So;0;ON;;;;;N;WHITE LEFT POINTING POINTER;;;;
+25C6;BLACK DIAMOND;So;0;ON;;;;;N;;;;;
+25C7;WHITE DIAMOND;So;0;ON;;;;;N;;;;;
+25C8;WHITE DIAMOND CONTAINING BLACK SMALL DIAMOND;So;0;ON;;;;;N;;;;;
+25C9;FISHEYE;So;0;ON;;;;;N;;;;;
+25CA;LOZENGE;So;0;ON;;;;;N;;;;;
+25CB;WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25CC;DOTTED CIRCLE;So;0;ON;;;;;N;;;;;
+25CD;CIRCLE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;;
+25CE;BULLSEYE;So;0;ON;;;;;N;;;;;
+25CF;BLACK CIRCLE;So;0;ON;;;;;N;;;;;
+25D0;CIRCLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;;
+25D1;CIRCLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;;
+25D2;CIRCLE WITH LOWER HALF BLACK;So;0;ON;;;;;N;;;;;
+25D3;CIRCLE WITH UPPER HALF BLACK;So;0;ON;;;;;N;;;;;
+25D4;CIRCLE WITH UPPER RIGHT QUADRANT BLACK;So;0;ON;;;;;N;;;;;
+25D5;CIRCLE WITH ALL BUT UPPER LEFT QUADRANT BLACK;So;0;ON;;;;;N;;;;;
+25D6;LEFT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;;
+25D7;RIGHT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;;
+25D8;INVERSE BULLET;So;0;ON;;;;;N;;;;;
+25D9;INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25DA;UPPER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25DB;LOWER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+25DC;UPPER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25DD;UPPER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25DE;LOWER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25DF;LOWER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;;
+25E0;UPPER HALF CIRCLE;So;0;ON;;;;;N;;;;;
+25E1;LOWER HALF CIRCLE;So;0;ON;;;;;N;;;;;
+25E2;BLACK LOWER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E3;BLACK LOWER LEFT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E4;BLACK UPPER LEFT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E5;BLACK UPPER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;;
+25E6;WHITE BULLET;So;0;ON;;;;;N;;;;;
+25E7;SQUARE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;;
+25E8;SQUARE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;;
+25E9;SQUARE WITH UPPER LEFT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;;
+25EA;SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;;
+25EB;WHITE SQUARE WITH VERTICAL BISECTING LINE;So;0;ON;;;;;N;;;;;
+25EC;WHITE UP-POINTING TRIANGLE WITH DOT;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE WITH DOT;;;;
+25ED;UP-POINTING TRIANGLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH LEFT HALF BLACK;;;;
+25EE;UP-POINTING TRIANGLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH RIGHT HALF BLACK;;;;
+25EF;LARGE CIRCLE;So;0;ON;;;;;N;;;;;
+25F0;WHITE SQUARE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F1;WHITE SQUARE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F2;WHITE SQUARE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F3;WHITE SQUARE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F4;WHITE CIRCLE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F5;WHITE CIRCLE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;;
+25F6;WHITE CIRCLE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F7;WHITE CIRCLE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;;
+25F8;UPPER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+25F9;UPPER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+25FA;LOWER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+25FB;WHITE MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;;
+25FC;BLACK MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;;
+25FD;WHITE MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;;
+25FE;BLACK MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;;
+25FF;LOWER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2600;BLACK SUN WITH RAYS;So;0;ON;;;;;N;;;;;
+2601;CLOUD;So;0;ON;;;;;N;;;;;
+2602;UMBRELLA;So;0;ON;;;;;N;;;;;
+2603;SNOWMAN;So;0;ON;;;;;N;;;;;
+2604;COMET;So;0;ON;;;;;N;;;;;
+2605;BLACK STAR;So;0;ON;;;;;N;;;;;
+2606;WHITE STAR;So;0;ON;;;;;N;;;;;
+2607;LIGHTNING;So;0;ON;;;;;N;;;;;
+2608;THUNDERSTORM;So;0;ON;;;;;N;;;;;
+2609;SUN;So;0;ON;;;;;N;;;;;
+260A;ASCENDING NODE;So;0;ON;;;;;N;;;;;
+260B;DESCENDING NODE;So;0;ON;;;;;N;;;;;
+260C;CONJUNCTION;So;0;ON;;;;;N;;;;;
+260D;OPPOSITION;So;0;ON;;;;;N;;;;;
+260E;BLACK TELEPHONE;So;0;ON;;;;;N;;;;;
+260F;WHITE TELEPHONE;So;0;ON;;;;;N;;;;;
+2610;BALLOT BOX;So;0;ON;;;;;N;;;;;
+2611;BALLOT BOX WITH CHECK;So;0;ON;;;;;N;;;;;
+2612;BALLOT BOX WITH X;So;0;ON;;;;;N;;;;;
+2613;SALTIRE;So;0;ON;;;;;N;;;;;
+2616;WHITE SHOGI PIECE;So;0;ON;;;;;N;;;;;
+2617;BLACK SHOGI PIECE;So;0;ON;;;;;N;;;;;
+2619;REVERSED ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;;
+261A;BLACK LEFT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261B;BLACK RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261C;WHITE LEFT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261D;WHITE UP POINTING INDEX;So;0;ON;;;;;N;;;;;
+261E;WHITE RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;;
+261F;WHITE DOWN POINTING INDEX;So;0;ON;;;;;N;;;;;
+2620;SKULL AND CROSSBONES;So;0;ON;;;;;N;;;;;
+2621;CAUTION SIGN;So;0;ON;;;;;N;;;;;
+2622;RADIOACTIVE SIGN;So;0;ON;;;;;N;;;;;
+2623;BIOHAZARD SIGN;So;0;ON;;;;;N;;;;;
+2624;CADUCEUS;So;0;ON;;;;;N;;;;;
+2625;ANKH;So;0;ON;;;;;N;;;;;
+2626;ORTHODOX CROSS;So;0;ON;;;;;N;;;;;
+2627;CHI RHO;So;0;ON;;;;;N;;;;;
+2628;CROSS OF LORRAINE;So;0;ON;;;;;N;;;;;
+2629;CROSS OF JERUSALEM;So;0;ON;;;;;N;;;;;
+262A;STAR AND CRESCENT;So;0;ON;;;;;N;;;;;
+262B;FARSI SYMBOL;So;0;ON;;;;;N;SYMBOL OF IRAN;;;;
+262C;ADI SHAKTI;So;0;ON;;;;;N;;;;;
+262D;HAMMER AND SICKLE;So;0;ON;;;;;N;;;;;
+262E;PEACE SYMBOL;So;0;ON;;;;;N;;;;;
+262F;YIN YANG;So;0;ON;;;;;N;;;;;
+2630;TRIGRAM FOR HEAVEN;So;0;ON;;;;;N;;;;;
+2631;TRIGRAM FOR LAKE;So;0;ON;;;;;N;;;;;
+2632;TRIGRAM FOR FIRE;So;0;ON;;;;;N;;;;;
+2633;TRIGRAM FOR THUNDER;So;0;ON;;;;;N;;;;;
+2634;TRIGRAM FOR WIND;So;0;ON;;;;;N;;;;;
+2635;TRIGRAM FOR WATER;So;0;ON;;;;;N;;;;;
+2636;TRIGRAM FOR MOUNTAIN;So;0;ON;;;;;N;;;;;
+2637;TRIGRAM FOR EARTH;So;0;ON;;;;;N;;;;;
+2638;WHEEL OF DHARMA;So;0;ON;;;;;N;;;;;
+2639;WHITE FROWNING FACE;So;0;ON;;;;;N;;;;;
+263A;WHITE SMILING FACE;So;0;ON;;;;;N;;;;;
+263B;BLACK SMILING FACE;So;0;ON;;;;;N;;;;;
+263C;WHITE SUN WITH RAYS;So;0;ON;;;;;N;;;;;
+263D;FIRST QUARTER MOON;So;0;ON;;;;;N;;;;;
+263E;LAST QUARTER MOON;So;0;ON;;;;;N;;;;;
+263F;MERCURY;So;0;ON;;;;;N;;;;;
+2640;FEMALE SIGN;So;0;ON;;;;;N;;;;;
+2641;EARTH;So;0;ON;;;;;N;;;;;
+2642;MALE SIGN;So;0;ON;;;;;N;;;;;
+2643;JUPITER;So;0;ON;;;;;N;;;;;
+2644;SATURN;So;0;ON;;;;;N;;;;;
+2645;URANUS;So;0;ON;;;;;N;;;;;
+2646;NEPTUNE;So;0;ON;;;;;N;;;;;
+2647;PLUTO;So;0;ON;;;;;N;;;;;
+2648;ARIES;So;0;ON;;;;;N;;;;;
+2649;TAURUS;So;0;ON;;;;;N;;;;;
+264A;GEMINI;So;0;ON;;;;;N;;;;;
+264B;CANCER;So;0;ON;;;;;N;;;;;
+264C;LEO;So;0;ON;;;;;N;;;;;
+264D;VIRGO;So;0;ON;;;;;N;;;;;
+264E;LIBRA;So;0;ON;;;;;N;;;;;
+264F;SCORPIUS;So;0;ON;;;;;N;;;;;
+2650;SAGITTARIUS;So;0;ON;;;;;N;;;;;
+2651;CAPRICORN;So;0;ON;;;;;N;;;;;
+2652;AQUARIUS;So;0;ON;;;;;N;;;;;
+2653;PISCES;So;0;ON;;;;;N;;;;;
+2654;WHITE CHESS KING;So;0;ON;;;;;N;;;;;
+2655;WHITE CHESS QUEEN;So;0;ON;;;;;N;;;;;
+2656;WHITE CHESS ROOK;So;0;ON;;;;;N;;;;;
+2657;WHITE CHESS BISHOP;So;0;ON;;;;;N;;;;;
+2658;WHITE CHESS KNIGHT;So;0;ON;;;;;N;;;;;
+2659;WHITE CHESS PAWN;So;0;ON;;;;;N;;;;;
+265A;BLACK CHESS KING;So;0;ON;;;;;N;;;;;
+265B;BLACK CHESS QUEEN;So;0;ON;;;;;N;;;;;
+265C;BLACK CHESS ROOK;So;0;ON;;;;;N;;;;;
+265D;BLACK CHESS BISHOP;So;0;ON;;;;;N;;;;;
+265E;BLACK CHESS KNIGHT;So;0;ON;;;;;N;;;;;
+265F;BLACK CHESS PAWN;So;0;ON;;;;;N;;;;;
+2660;BLACK SPADE SUIT;So;0;ON;;;;;N;;;;;
+2661;WHITE HEART SUIT;So;0;ON;;;;;N;;;;;
+2662;WHITE DIAMOND SUIT;So;0;ON;;;;;N;;;;;
+2663;BLACK CLUB SUIT;So;0;ON;;;;;N;;;;;
+2664;WHITE SPADE SUIT;So;0;ON;;;;;N;;;;;
+2665;BLACK HEART SUIT;So;0;ON;;;;;N;;;;;
+2666;BLACK DIAMOND SUIT;So;0;ON;;;;;N;;;;;
+2667;WHITE CLUB SUIT;So;0;ON;;;;;N;;;;;
+2668;HOT SPRINGS;So;0;ON;;;;;N;;;;;
+2669;QUARTER NOTE;So;0;ON;;;;;N;;;;;
+266A;EIGHTH NOTE;So;0;ON;;;;;N;;;;;
+266B;BEAMED EIGHTH NOTES;So;0;ON;;;;;N;BARRED EIGHTH NOTES;;;;
+266C;BEAMED SIXTEENTH NOTES;So;0;ON;;;;;N;BARRED SIXTEENTH NOTES;;;;
+266D;MUSIC FLAT SIGN;So;0;ON;;;;;N;FLAT;;;;
+266E;MUSIC NATURAL SIGN;So;0;ON;;;;;N;NATURAL;;;;
+266F;MUSIC SHARP SIGN;Sm;0;ON;;;;;N;SHARP;;;;
+2670;WEST SYRIAC CROSS;So;0;ON;;;;;N;;;;;
+2671;EAST SYRIAC CROSS;So;0;ON;;;;;N;;;;;
+2672;UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;;
+2673;RECYCLING SYMBOL FOR TYPE-1 PLASTICS;So;0;ON;;;;;N;;pete;;;
+2674;RECYCLING SYMBOL FOR TYPE-2 PLASTICS;So;0;ON;;;;;N;;hdpe;;;
+2675;RECYCLING SYMBOL FOR TYPE-3 PLASTICS;So;0;ON;;;;;N;;pvc;;;
+2676;RECYCLING SYMBOL FOR TYPE-4 PLASTICS;So;0;ON;;;;;N;;ldpe;;;
+2677;RECYCLING SYMBOL FOR TYPE-5 PLASTICS;So;0;ON;;;;;N;;pp;;;
+2678;RECYCLING SYMBOL FOR TYPE-6 PLASTICS;So;0;ON;;;;;N;;ps;;;
+2679;RECYCLING SYMBOL FOR TYPE-7 PLASTICS;So;0;ON;;;;;N;;other;;;
+267A;RECYCLING SYMBOL FOR GENERIC MATERIALS;So;0;ON;;;;;N;;;;;
+267B;BLACK UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;;
+267C;RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;;
+267D;PARTIALLY-RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;;
+2680;DIE FACE-1;So;0;ON;;;;;N;;;;;
+2681;DIE FACE-2;So;0;ON;;;;;N;;;;;
+2682;DIE FACE-3;So;0;ON;;;;;N;;;;;
+2683;DIE FACE-4;So;0;ON;;;;;N;;;;;
+2684;DIE FACE-5;So;0;ON;;;;;N;;;;;
+2685;DIE FACE-6;So;0;ON;;;;;N;;;;;
+2686;WHITE CIRCLE WITH DOT RIGHT;So;0;ON;;;;;N;;;;;
+2687;WHITE CIRCLE WITH TWO DOTS;So;0;ON;;;;;N;;;;;
+2688;BLACK CIRCLE WITH WHITE DOT RIGHT;So;0;ON;;;;;N;;;;;
+2689;BLACK CIRCLE WITH TWO WHITE DOTS;So;0;ON;;;;;N;;;;;
+2701;UPPER BLADE SCISSORS;So;0;ON;;;;;N;;;;;
+2702;BLACK SCISSORS;So;0;ON;;;;;N;;;;;
+2703;LOWER BLADE SCISSORS;So;0;ON;;;;;N;;;;;
+2704;WHITE SCISSORS;So;0;ON;;;;;N;;;;;
+2706;TELEPHONE LOCATION SIGN;So;0;ON;;;;;N;;;;;
+2707;TAPE DRIVE;So;0;ON;;;;;N;;;;;
+2708;AIRPLANE;So;0;ON;;;;;N;;;;;
+2709;ENVELOPE;So;0;ON;;;;;N;;;;;
+270C;VICTORY HAND;So;0;ON;;;;;N;;;;;
+270D;WRITING HAND;So;0;ON;;;;;N;;;;;
+270E;LOWER RIGHT PENCIL;So;0;ON;;;;;N;;;;;
+270F;PENCIL;So;0;ON;;;;;N;;;;;
+2710;UPPER RIGHT PENCIL;So;0;ON;;;;;N;;;;;
+2711;WHITE NIB;So;0;ON;;;;;N;;;;;
+2712;BLACK NIB;So;0;ON;;;;;N;;;;;
+2713;CHECK MARK;So;0;ON;;;;;N;;;;;
+2714;HEAVY CHECK MARK;So;0;ON;;;;;N;;;;;
+2715;MULTIPLICATION X;So;0;ON;;;;;N;;;;;
+2716;HEAVY MULTIPLICATION X;So;0;ON;;;;;N;;;;;
+2717;BALLOT X;So;0;ON;;;;;N;;;;;
+2718;HEAVY BALLOT X;So;0;ON;;;;;N;;;;;
+2719;OUTLINED GREEK CROSS;So;0;ON;;;;;N;;;;;
+271A;HEAVY GREEK CROSS;So;0;ON;;;;;N;;;;;
+271B;OPEN CENTRE CROSS;So;0;ON;;;;;N;OPEN CENTER CROSS;;;;
+271C;HEAVY OPEN CENTRE CROSS;So;0;ON;;;;;N;HEAVY OPEN CENTER CROSS;;;;
+271D;LATIN CROSS;So;0;ON;;;;;N;;;;;
+271E;SHADOWED WHITE LATIN CROSS;So;0;ON;;;;;N;;;;;
+271F;OUTLINED LATIN CROSS;So;0;ON;;;;;N;;;;;
+2720;MALTESE CROSS;So;0;ON;;;;;N;;;;;
+2721;STAR OF DAVID;So;0;ON;;;;;N;;;;;
+2722;FOUR TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2723;FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2724;HEAVY FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2725;FOUR CLUB-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2726;BLACK FOUR POINTED STAR;So;0;ON;;;;;N;;;;;
+2727;WHITE FOUR POINTED STAR;So;0;ON;;;;;N;;;;;
+2729;STRESS OUTLINED WHITE STAR;So;0;ON;;;;;N;;;;;
+272A;CIRCLED WHITE STAR;So;0;ON;;;;;N;;;;;
+272B;OPEN CENTRE BLACK STAR;So;0;ON;;;;;N;OPEN CENTER BLACK STAR;;;;
+272C;BLACK CENTRE WHITE STAR;So;0;ON;;;;;N;BLACK CENTER WHITE STAR;;;;
+272D;OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;;
+272E;HEAVY OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;;
+272F;PINWHEEL STAR;So;0;ON;;;;;N;;;;;
+2730;SHADOWED WHITE STAR;So;0;ON;;;;;N;;;;;
+2731;HEAVY ASTERISK;So;0;ON;;;;;N;;;;;
+2732;OPEN CENTRE ASTERISK;So;0;ON;;;;;N;OPEN CENTER ASTERISK;;;;
+2733;EIGHT SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+2734;EIGHT POINTED BLACK STAR;So;0;ON;;;;;N;;;;;
+2735;EIGHT POINTED PINWHEEL STAR;So;0;ON;;;;;N;;;;;
+2736;SIX POINTED BLACK STAR;So;0;ON;;;;;N;;;;;
+2737;EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;;
+2738;HEAVY EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;;
+2739;TWELVE POINTED BLACK STAR;So;0;ON;;;;;N;;;;;
+273A;SIXTEEN POINTED ASTERISK;So;0;ON;;;;;N;;;;;
+273B;TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+273C;OPEN CENTRE TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;OPEN CENTER TEARDROP-SPOKED ASTERISK;;;;
+273D;HEAVY TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+273E;SIX PETALLED BLACK AND WHITE FLORETTE;So;0;ON;;;;;N;;;;;
+273F;BLACK FLORETTE;So;0;ON;;;;;N;;;;;
+2740;WHITE FLORETTE;So;0;ON;;;;;N;;;;;
+2741;EIGHT PETALLED OUTLINED BLACK FLORETTE;So;0;ON;;;;;N;;;;;
+2742;CIRCLED OPEN CENTRE EIGHT POINTED STAR;So;0;ON;;;;;N;CIRCLED OPEN CENTER EIGHT POINTED STAR;;;;
+2743;HEAVY TEARDROP-SPOKED PINWHEEL ASTERISK;So;0;ON;;;;;N;;;;;
+2744;SNOWFLAKE;So;0;ON;;;;;N;;;;;
+2745;TIGHT TRIFOLIATE SNOWFLAKE;So;0;ON;;;;;N;;;;;
+2746;HEAVY CHEVRON SNOWFLAKE;So;0;ON;;;;;N;;;;;
+2747;SPARKLE;So;0;ON;;;;;N;;;;;
+2748;HEAVY SPARKLE;So;0;ON;;;;;N;;;;;
+2749;BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;;
+274A;EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;;
+274B;HEAVY EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;;
+274D;SHADOWED WHITE CIRCLE;So;0;ON;;;;;N;;;;;
+274F;LOWER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2750;UPPER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2751;LOWER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2752;UPPER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;;
+2756;BLACK DIAMOND MINUS WHITE X;So;0;ON;;;;;N;;;;;
+2758;LIGHT VERTICAL BAR;So;0;ON;;;;;N;;;;;
+2759;MEDIUM VERTICAL BAR;So;0;ON;;;;;N;;;;;
+275A;HEAVY VERTICAL BAR;So;0;ON;;;;;N;;;;;
+275B;HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+275C;HEAVY SINGLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+275D;HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+275E;HEAVY DOUBLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+2761;CURVED STEM PARAGRAPH SIGN ORNAMENT;So;0;ON;;;;;N;;;;;
+2762;HEAVY EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+2763;HEAVY HEART EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;;
+2764;HEAVY BLACK HEART;So;0;ON;;;;;N;;;;;
+2765;ROTATED HEAVY BLACK HEART BULLET;So;0;ON;;;;;N;;;;;
+2766;FLORAL HEART;So;0;ON;;;;;N;;;;;
+2767;ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;;
+2768;MEDIUM LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2769;MEDIUM RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+276A;MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+276B;MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+276C;MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+276D;MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+276E;HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+276F;HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2770;HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2771;HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2772;LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2773;LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2774;MEDIUM LEFT CURLY BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;;
+2775;MEDIUM RIGHT CURLY BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;;
+2776;DINGBAT NEGATIVE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED DIGIT ONE;;;;
+2777;DINGBAT NEGATIVE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED DIGIT TWO;;;;
+2778;DINGBAT NEGATIVE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED DIGIT THREE;;;;
+2779;DINGBAT NEGATIVE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED DIGIT FOUR;;;;
+277A;DINGBAT NEGATIVE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED DIGIT FIVE;;;;
+277B;DINGBAT NEGATIVE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED DIGIT SIX;;;;
+277C;DINGBAT NEGATIVE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED DIGIT SEVEN;;;;
+277D;DINGBAT NEGATIVE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED DIGIT EIGHT;;;;
+277E;DINGBAT NEGATIVE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED DIGIT NINE;;;;
+277F;DINGBAT NEGATIVE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED NUMBER TEN;;;;
+2780;DINGBAT CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;CIRCLED SANS-SERIF DIGIT ONE;;;;
+2781;DINGBAT CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;CIRCLED SANS-SERIF DIGIT TWO;;;;
+2782;DINGBAT CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;CIRCLED SANS-SERIF DIGIT THREE;;;;
+2783;DINGBAT CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;CIRCLED SANS-SERIF DIGIT FOUR;;;;
+2784;DINGBAT CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;CIRCLED SANS-SERIF DIGIT FIVE;;;;
+2785;DINGBAT CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;CIRCLED SANS-SERIF DIGIT SIX;;;;
+2786;DINGBAT CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;CIRCLED SANS-SERIF DIGIT SEVEN;;;;
+2787;DINGBAT CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;CIRCLED SANS-SERIF DIGIT EIGHT;;;;
+2788;DINGBAT CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;CIRCLED SANS-SERIF DIGIT NINE;;;;
+2789;DINGBAT CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;CIRCLED SANS-SERIF NUMBER TEN;;;;
+278A;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED SANS-SERIF DIGIT ONE;;;;
+278B;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED SANS-SERIF DIGIT TWO;;;;
+278C;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED SANS-SERIF DIGIT THREE;;;;
+278D;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED SANS-SERIF DIGIT FOUR;;;;
+278E;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED SANS-SERIF DIGIT FIVE;;;;
+278F;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED SANS-SERIF DIGIT SIX;;;;
+2790;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED SANS-SERIF DIGIT SEVEN;;;;
+2791;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED SANS-SERIF DIGIT EIGHT;;;;
+2792;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED SANS-SERIF DIGIT NINE;;;;
+2793;DINGBAT NEGATIVE CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED SANS-SERIF NUMBER TEN;;;;
+2794;HEAVY WIDE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WIDE-HEADED RIGHT ARROW;;;;
+2798;HEAVY SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT ARROW;;;;
+2799;HEAVY RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY RIGHT ARROW;;;;
+279A;HEAVY NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT ARROW;;;;
+279B;DRAFTING POINT RIGHTWARDS ARROW;So;0;ON;;;;;N;DRAFTING POINT RIGHT ARROW;;;;
+279C;HEAVY ROUND-TIPPED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY ROUND-TIPPED RIGHT ARROW;;;;
+279D;TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;TRIANGLE-HEADED RIGHT ARROW;;;;
+279E;HEAVY TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TRIANGLE-HEADED RIGHT ARROW;;;;
+279F;DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;DASHED TRIANGLE-HEADED RIGHT ARROW;;;;
+27A0;HEAVY DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY DASHED TRIANGLE-HEADED RIGHT ARROW;;;;
+27A1;BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK RIGHT ARROW;;;;
+27A2;THREE-D TOP-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D TOP-LIGHTED RIGHT ARROWHEAD;;;;
+27A3;THREE-D BOTTOM-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D BOTTOM-LIGHTED RIGHT ARROWHEAD;;;;
+27A4;BLACK RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;BLACK RIGHT ARROWHEAD;;;;
+27A5;HEAVY BLACK CURVED DOWNWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED DOWN AND RIGHT ARROW;;;;
+27A6;HEAVY BLACK CURVED UPWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED UP AND RIGHT ARROW;;;;
+27A7;SQUAT BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;SQUAT BLACK RIGHT ARROW;;;;
+27A8;HEAVY CONCAVE-POINTED BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY CONCAVE-POINTED BLACK RIGHT ARROW;;;;
+27A9;RIGHT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;RIGHT-SHADED WHITE RIGHT ARROW;;;;
+27AA;LEFT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT-SHADED WHITE RIGHT ARROW;;;;
+27AB;BACK-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;BACK-TILTED SHADOWED WHITE RIGHT ARROW;;;;
+27AC;FRONT-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;FRONT-TILTED SHADOWED WHITE RIGHT ARROW;;;;
+27AD;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27AE;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27AF;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27B1;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;;
+27B2;CIRCLED HEAVY WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;CIRCLED HEAVY WHITE RIGHT ARROW;;;;
+27B3;WHITE-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;WHITE-FEATHERED RIGHT ARROW;;;;
+27B4;BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED LOWER RIGHT ARROW;;;;
+27B5;BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK-FEATHERED RIGHT ARROW;;;;
+27B6;BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED UPPER RIGHT ARROW;;;;
+27B7;HEAVY BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED LOWER RIGHT ARROW;;;;
+27B8;HEAVY BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED RIGHT ARROW;;;;
+27B9;HEAVY BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED UPPER RIGHT ARROW;;;;
+27BA;TEARDROP-BARBED RIGHTWARDS ARROW;So;0;ON;;;;;N;TEARDROP-BARBED RIGHT ARROW;;;;
+27BB;HEAVY TEARDROP-SHANKED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TEARDROP-SHANKED RIGHT ARROW;;;;
+27BC;WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;WEDGE-TAILED RIGHT ARROW;;;;
+27BD;HEAVY WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WEDGE-TAILED RIGHT ARROW;;;;
+27BE;OPEN-OUTLINED RIGHTWARDS ARROW;So;0;ON;;;;;N;OPEN-OUTLINED RIGHT ARROW;;;;
+27D0;WHITE DIAMOND WITH CENTRED DOT;Sm;0;ON;;;;;N;;;;;
+27D1;AND WITH DOT;Sm;0;ON;;;;;N;;;;;
+27D2;ELEMENT OF OPENING UPWARDS;Sm;0;ON;;;;;N;;;;;
+27D3;LOWER RIGHT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;;
+27D4;UPPER LEFT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;;
+27D5;LEFT OUTER JOIN;Sm;0;ON;;;;;Y;;;;;
+27D6;RIGHT OUTER JOIN;Sm;0;ON;;;;;Y;;;;;
+27D7;FULL OUTER JOIN;Sm;0;ON;;;;;N;;;;;
+27D8;LARGE UP TACK;Sm;0;ON;;;;;N;;;;;
+27D9;LARGE DOWN TACK;Sm;0;ON;;;;;N;;;;;
+27DA;LEFT AND RIGHT DOUBLE TURNSTILE;Sm;0;ON;;;;;N;;;;;
+27DB;LEFT AND RIGHT TACK;Sm;0;ON;;;;;N;;;;;
+27DC;LEFT MULTIMAP;Sm;0;ON;;;;;Y;;;;;
+27DD;LONG RIGHT TACK;Sm;0;ON;;;;;Y;;;;;
+27DE;LONG LEFT TACK;Sm;0;ON;;;;;Y;;;;;
+27DF;UP TACK WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+27E0;LOZENGE DIVIDED BY HORIZONTAL RULE;Sm;0;ON;;;;;N;;;;;
+27E1;WHITE CONCAVE-SIDED DIAMOND;Sm;0;ON;;;;;N;;;;;
+27E2;WHITE CONCAVE-SIDED DIAMOND WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E3;WHITE CONCAVE-SIDED DIAMOND WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E4;WHITE SQUARE WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E5;WHITE SQUARE WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;;
+27E6;MATHEMATICAL LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;;;;;
+27E7;MATHEMATICAL RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;;;;;
+27E8;MATHEMATICAL LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;;
+27E9;MATHEMATICAL RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;;
+27EA;MATHEMATICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;;
+27EB;MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;;
+27F0;UPWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F1;DOWNWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F2;ANTICLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F3;CLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F4;RIGHT ARROW WITH CIRCLED PLUS;Sm;0;ON;;;;;N;;;;;
+27F5;LONG LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+27F6;LONG RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+27F7;LONG LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;;
+27F8;LONG LEFTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+27F9;LONG RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+27FA;LONG LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;;
+27FB;LONG LEFTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FC;LONG RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FD;LONG LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FE;LONG RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+27FF;LONG RIGHTWARDS SQUIGGLE ARROW;Sm;0;ON;;;;;N;;;;;
+2800;BRAILLE PATTERN BLANK;So;0;ON;;;;;N;;;;;
+2801;BRAILLE PATTERN DOTS-1;So;0;ON;;;;;N;;;;;
+2802;BRAILLE PATTERN DOTS-2;So;0;ON;;;;;N;;;;;
+2803;BRAILLE PATTERN DOTS-12;So;0;ON;;;;;N;;;;;
+2804;BRAILLE PATTERN DOTS-3;So;0;ON;;;;;N;;;;;
+2805;BRAILLE PATTERN DOTS-13;So;0;ON;;;;;N;;;;;
+2806;BRAILLE PATTERN DOTS-23;So;0;ON;;;;;N;;;;;
+2807;BRAILLE PATTERN DOTS-123;So;0;ON;;;;;N;;;;;
+2808;BRAILLE PATTERN DOTS-4;So;0;ON;;;;;N;;;;;
+2809;BRAILLE PATTERN DOTS-14;So;0;ON;;;;;N;;;;;
+280A;BRAILLE PATTERN DOTS-24;So;0;ON;;;;;N;;;;;
+280B;BRAILLE PATTERN DOTS-124;So;0;ON;;;;;N;;;;;
+280C;BRAILLE PATTERN DOTS-34;So;0;ON;;;;;N;;;;;
+280D;BRAILLE PATTERN DOTS-134;So;0;ON;;;;;N;;;;;
+280E;BRAILLE PATTERN DOTS-234;So;0;ON;;;;;N;;;;;
+280F;BRAILLE PATTERN DOTS-1234;So;0;ON;;;;;N;;;;;
+2810;BRAILLE PATTERN DOTS-5;So;0;ON;;;;;N;;;;;
+2811;BRAILLE PATTERN DOTS-15;So;0;ON;;;;;N;;;;;
+2812;BRAILLE PATTERN DOTS-25;So;0;ON;;;;;N;;;;;
+2813;BRAILLE PATTERN DOTS-125;So;0;ON;;;;;N;;;;;
+2814;BRAILLE PATTERN DOTS-35;So;0;ON;;;;;N;;;;;
+2815;BRAILLE PATTERN DOTS-135;So;0;ON;;;;;N;;;;;
+2816;BRAILLE PATTERN DOTS-235;So;0;ON;;;;;N;;;;;
+2817;BRAILLE PATTERN DOTS-1235;So;0;ON;;;;;N;;;;;
+2818;BRAILLE PATTERN DOTS-45;So;0;ON;;;;;N;;;;;
+2819;BRAILLE PATTERN DOTS-145;So;0;ON;;;;;N;;;;;
+281A;BRAILLE PATTERN DOTS-245;So;0;ON;;;;;N;;;;;
+281B;BRAILLE PATTERN DOTS-1245;So;0;ON;;;;;N;;;;;
+281C;BRAILLE PATTERN DOTS-345;So;0;ON;;;;;N;;;;;
+281D;BRAILLE PATTERN DOTS-1345;So;0;ON;;;;;N;;;;;
+281E;BRAILLE PATTERN DOTS-2345;So;0;ON;;;;;N;;;;;
+281F;BRAILLE PATTERN DOTS-12345;So;0;ON;;;;;N;;;;;
+2820;BRAILLE PATTERN DOTS-6;So;0;ON;;;;;N;;;;;
+2821;BRAILLE PATTERN DOTS-16;So;0;ON;;;;;N;;;;;
+2822;BRAILLE PATTERN DOTS-26;So;0;ON;;;;;N;;;;;
+2823;BRAILLE PATTERN DOTS-126;So;0;ON;;;;;N;;;;;
+2824;BRAILLE PATTERN DOTS-36;So;0;ON;;;;;N;;;;;
+2825;BRAILLE PATTERN DOTS-136;So;0;ON;;;;;N;;;;;
+2826;BRAILLE PATTERN DOTS-236;So;0;ON;;;;;N;;;;;
+2827;BRAILLE PATTERN DOTS-1236;So;0;ON;;;;;N;;;;;
+2828;BRAILLE PATTERN DOTS-46;So;0;ON;;;;;N;;;;;
+2829;BRAILLE PATTERN DOTS-146;So;0;ON;;;;;N;;;;;
+282A;BRAILLE PATTERN DOTS-246;So;0;ON;;;;;N;;;;;
+282B;BRAILLE PATTERN DOTS-1246;So;0;ON;;;;;N;;;;;
+282C;BRAILLE PATTERN DOTS-346;So;0;ON;;;;;N;;;;;
+282D;BRAILLE PATTERN DOTS-1346;So;0;ON;;;;;N;;;;;
+282E;BRAILLE PATTERN DOTS-2346;So;0;ON;;;;;N;;;;;
+282F;BRAILLE PATTERN DOTS-12346;So;0;ON;;;;;N;;;;;
+2830;BRAILLE PATTERN DOTS-56;So;0;ON;;;;;N;;;;;
+2831;BRAILLE PATTERN DOTS-156;So;0;ON;;;;;N;;;;;
+2832;BRAILLE PATTERN DOTS-256;So;0;ON;;;;;N;;;;;
+2833;BRAILLE PATTERN DOTS-1256;So;0;ON;;;;;N;;;;;
+2834;BRAILLE PATTERN DOTS-356;So;0;ON;;;;;N;;;;;
+2835;BRAILLE PATTERN DOTS-1356;So;0;ON;;;;;N;;;;;
+2836;BRAILLE PATTERN DOTS-2356;So;0;ON;;;;;N;;;;;
+2837;BRAILLE PATTERN DOTS-12356;So;0;ON;;;;;N;;;;;
+2838;BRAILLE PATTERN DOTS-456;So;0;ON;;;;;N;;;;;
+2839;BRAILLE PATTERN DOTS-1456;So;0;ON;;;;;N;;;;;
+283A;BRAILLE PATTERN DOTS-2456;So;0;ON;;;;;N;;;;;
+283B;BRAILLE PATTERN DOTS-12456;So;0;ON;;;;;N;;;;;
+283C;BRAILLE PATTERN DOTS-3456;So;0;ON;;;;;N;;;;;
+283D;BRAILLE PATTERN DOTS-13456;So;0;ON;;;;;N;;;;;
+283E;BRAILLE PATTERN DOTS-23456;So;0;ON;;;;;N;;;;;
+283F;BRAILLE PATTERN DOTS-123456;So;0;ON;;;;;N;;;;;
+2840;BRAILLE PATTERN DOTS-7;So;0;ON;;;;;N;;;;;
+2841;BRAILLE PATTERN DOTS-17;So;0;ON;;;;;N;;;;;
+2842;BRAILLE PATTERN DOTS-27;So;0;ON;;;;;N;;;;;
+2843;BRAILLE PATTERN DOTS-127;So;0;ON;;;;;N;;;;;
+2844;BRAILLE PATTERN DOTS-37;So;0;ON;;;;;N;;;;;
+2845;BRAILLE PATTERN DOTS-137;So;0;ON;;;;;N;;;;;
+2846;BRAILLE PATTERN DOTS-237;So;0;ON;;;;;N;;;;;
+2847;BRAILLE PATTERN DOTS-1237;So;0;ON;;;;;N;;;;;
+2848;BRAILLE PATTERN DOTS-47;So;0;ON;;;;;N;;;;;
+2849;BRAILLE PATTERN DOTS-147;So;0;ON;;;;;N;;;;;
+284A;BRAILLE PATTERN DOTS-247;So;0;ON;;;;;N;;;;;
+284B;BRAILLE PATTERN DOTS-1247;So;0;ON;;;;;N;;;;;
+284C;BRAILLE PATTERN DOTS-347;So;0;ON;;;;;N;;;;;
+284D;BRAILLE PATTERN DOTS-1347;So;0;ON;;;;;N;;;;;
+284E;BRAILLE PATTERN DOTS-2347;So;0;ON;;;;;N;;;;;
+284F;BRAILLE PATTERN DOTS-12347;So;0;ON;;;;;N;;;;;
+2850;BRAILLE PATTERN DOTS-57;So;0;ON;;;;;N;;;;;
+2851;BRAILLE PATTERN DOTS-157;So;0;ON;;;;;N;;;;;
+2852;BRAILLE PATTERN DOTS-257;So;0;ON;;;;;N;;;;;
+2853;BRAILLE PATTERN DOTS-1257;So;0;ON;;;;;N;;;;;
+2854;BRAILLE PATTERN DOTS-357;So;0;ON;;;;;N;;;;;
+2855;BRAILLE PATTERN DOTS-1357;So;0;ON;;;;;N;;;;;
+2856;BRAILLE PATTERN DOTS-2357;So;0;ON;;;;;N;;;;;
+2857;BRAILLE PATTERN DOTS-12357;So;0;ON;;;;;N;;;;;
+2858;BRAILLE PATTERN DOTS-457;So;0;ON;;;;;N;;;;;
+2859;BRAILLE PATTERN DOTS-1457;So;0;ON;;;;;N;;;;;
+285A;BRAILLE PATTERN DOTS-2457;So;0;ON;;;;;N;;;;;
+285B;BRAILLE PATTERN DOTS-12457;So;0;ON;;;;;N;;;;;
+285C;BRAILLE PATTERN DOTS-3457;So;0;ON;;;;;N;;;;;
+285D;BRAILLE PATTERN DOTS-13457;So;0;ON;;;;;N;;;;;
+285E;BRAILLE PATTERN DOTS-23457;So;0;ON;;;;;N;;;;;
+285F;BRAILLE PATTERN DOTS-123457;So;0;ON;;;;;N;;;;;
+2860;BRAILLE PATTERN DOTS-67;So;0;ON;;;;;N;;;;;
+2861;BRAILLE PATTERN DOTS-167;So;0;ON;;;;;N;;;;;
+2862;BRAILLE PATTERN DOTS-267;So;0;ON;;;;;N;;;;;
+2863;BRAILLE PATTERN DOTS-1267;So;0;ON;;;;;N;;;;;
+2864;BRAILLE PATTERN DOTS-367;So;0;ON;;;;;N;;;;;
+2865;BRAILLE PATTERN DOTS-1367;So;0;ON;;;;;N;;;;;
+2866;BRAILLE PATTERN DOTS-2367;So;0;ON;;;;;N;;;;;
+2867;BRAILLE PATTERN DOTS-12367;So;0;ON;;;;;N;;;;;
+2868;BRAILLE PATTERN DOTS-467;So;0;ON;;;;;N;;;;;
+2869;BRAILLE PATTERN DOTS-1467;So;0;ON;;;;;N;;;;;
+286A;BRAILLE PATTERN DOTS-2467;So;0;ON;;;;;N;;;;;
+286B;BRAILLE PATTERN DOTS-12467;So;0;ON;;;;;N;;;;;
+286C;BRAILLE PATTERN DOTS-3467;So;0;ON;;;;;N;;;;;
+286D;BRAILLE PATTERN DOTS-13467;So;0;ON;;;;;N;;;;;
+286E;BRAILLE PATTERN DOTS-23467;So;0;ON;;;;;N;;;;;
+286F;BRAILLE PATTERN DOTS-123467;So;0;ON;;;;;N;;;;;
+2870;BRAILLE PATTERN DOTS-567;So;0;ON;;;;;N;;;;;
+2871;BRAILLE PATTERN DOTS-1567;So;0;ON;;;;;N;;;;;
+2872;BRAILLE PATTERN DOTS-2567;So;0;ON;;;;;N;;;;;
+2873;BRAILLE PATTERN DOTS-12567;So;0;ON;;;;;N;;;;;
+2874;BRAILLE PATTERN DOTS-3567;So;0;ON;;;;;N;;;;;
+2875;BRAILLE PATTERN DOTS-13567;So;0;ON;;;;;N;;;;;
+2876;BRAILLE PATTERN DOTS-23567;So;0;ON;;;;;N;;;;;
+2877;BRAILLE PATTERN DOTS-123567;So;0;ON;;;;;N;;;;;
+2878;BRAILLE PATTERN DOTS-4567;So;0;ON;;;;;N;;;;;
+2879;BRAILLE PATTERN DOTS-14567;So;0;ON;;;;;N;;;;;
+287A;BRAILLE PATTERN DOTS-24567;So;0;ON;;;;;N;;;;;
+287B;BRAILLE PATTERN DOTS-124567;So;0;ON;;;;;N;;;;;
+287C;BRAILLE PATTERN DOTS-34567;So;0;ON;;;;;N;;;;;
+287D;BRAILLE PATTERN DOTS-134567;So;0;ON;;;;;N;;;;;
+287E;BRAILLE PATTERN DOTS-234567;So;0;ON;;;;;N;;;;;
+287F;BRAILLE PATTERN DOTS-1234567;So;0;ON;;;;;N;;;;;
+2880;BRAILLE PATTERN DOTS-8;So;0;ON;;;;;N;;;;;
+2881;BRAILLE PATTERN DOTS-18;So;0;ON;;;;;N;;;;;
+2882;BRAILLE PATTERN DOTS-28;So;0;ON;;;;;N;;;;;
+2883;BRAILLE PATTERN DOTS-128;So;0;ON;;;;;N;;;;;
+2884;BRAILLE PATTERN DOTS-38;So;0;ON;;;;;N;;;;;
+2885;BRAILLE PATTERN DOTS-138;So;0;ON;;;;;N;;;;;
+2886;BRAILLE PATTERN DOTS-238;So;0;ON;;;;;N;;;;;
+2887;BRAILLE PATTERN DOTS-1238;So;0;ON;;;;;N;;;;;
+2888;BRAILLE PATTERN DOTS-48;So;0;ON;;;;;N;;;;;
+2889;BRAILLE PATTERN DOTS-148;So;0;ON;;;;;N;;;;;
+288A;BRAILLE PATTERN DOTS-248;So;0;ON;;;;;N;;;;;
+288B;BRAILLE PATTERN DOTS-1248;So;0;ON;;;;;N;;;;;
+288C;BRAILLE PATTERN DOTS-348;So;0;ON;;;;;N;;;;;
+288D;BRAILLE PATTERN DOTS-1348;So;0;ON;;;;;N;;;;;
+288E;BRAILLE PATTERN DOTS-2348;So;0;ON;;;;;N;;;;;
+288F;BRAILLE PATTERN DOTS-12348;So;0;ON;;;;;N;;;;;
+2890;BRAILLE PATTERN DOTS-58;So;0;ON;;;;;N;;;;;
+2891;BRAILLE PATTERN DOTS-158;So;0;ON;;;;;N;;;;;
+2892;BRAILLE PATTERN DOTS-258;So;0;ON;;;;;N;;;;;
+2893;BRAILLE PATTERN DOTS-1258;So;0;ON;;;;;N;;;;;
+2894;BRAILLE PATTERN DOTS-358;So;0;ON;;;;;N;;;;;
+2895;BRAILLE PATTERN DOTS-1358;So;0;ON;;;;;N;;;;;
+2896;BRAILLE PATTERN DOTS-2358;So;0;ON;;;;;N;;;;;
+2897;BRAILLE PATTERN DOTS-12358;So;0;ON;;;;;N;;;;;
+2898;BRAILLE PATTERN DOTS-458;So;0;ON;;;;;N;;;;;
+2899;BRAILLE PATTERN DOTS-1458;So;0;ON;;;;;N;;;;;
+289A;BRAILLE PATTERN DOTS-2458;So;0;ON;;;;;N;;;;;
+289B;BRAILLE PATTERN DOTS-12458;So;0;ON;;;;;N;;;;;
+289C;BRAILLE PATTERN DOTS-3458;So;0;ON;;;;;N;;;;;
+289D;BRAILLE PATTERN DOTS-13458;So;0;ON;;;;;N;;;;;
+289E;BRAILLE PATTERN DOTS-23458;So;0;ON;;;;;N;;;;;
+289F;BRAILLE PATTERN DOTS-123458;So;0;ON;;;;;N;;;;;
+28A0;BRAILLE PATTERN DOTS-68;So;0;ON;;;;;N;;;;;
+28A1;BRAILLE PATTERN DOTS-168;So;0;ON;;;;;N;;;;;
+28A2;BRAILLE PATTERN DOTS-268;So;0;ON;;;;;N;;;;;
+28A3;BRAILLE PATTERN DOTS-1268;So;0;ON;;;;;N;;;;;
+28A4;BRAILLE PATTERN DOTS-368;So;0;ON;;;;;N;;;;;
+28A5;BRAILLE PATTERN DOTS-1368;So;0;ON;;;;;N;;;;;
+28A6;BRAILLE PATTERN DOTS-2368;So;0;ON;;;;;N;;;;;
+28A7;BRAILLE PATTERN DOTS-12368;So;0;ON;;;;;N;;;;;
+28A8;BRAILLE PATTERN DOTS-468;So;0;ON;;;;;N;;;;;
+28A9;BRAILLE PATTERN DOTS-1468;So;0;ON;;;;;N;;;;;
+28AA;BRAILLE PATTERN DOTS-2468;So;0;ON;;;;;N;;;;;
+28AB;BRAILLE PATTERN DOTS-12468;So;0;ON;;;;;N;;;;;
+28AC;BRAILLE PATTERN DOTS-3468;So;0;ON;;;;;N;;;;;
+28AD;BRAILLE PATTERN DOTS-13468;So;0;ON;;;;;N;;;;;
+28AE;BRAILLE PATTERN DOTS-23468;So;0;ON;;;;;N;;;;;
+28AF;BRAILLE PATTERN DOTS-123468;So;0;ON;;;;;N;;;;;
+28B0;BRAILLE PATTERN DOTS-568;So;0;ON;;;;;N;;;;;
+28B1;BRAILLE PATTERN DOTS-1568;So;0;ON;;;;;N;;;;;
+28B2;BRAILLE PATTERN DOTS-2568;So;0;ON;;;;;N;;;;;
+28B3;BRAILLE PATTERN DOTS-12568;So;0;ON;;;;;N;;;;;
+28B4;BRAILLE PATTERN DOTS-3568;So;0;ON;;;;;N;;;;;
+28B5;BRAILLE PATTERN DOTS-13568;So;0;ON;;;;;N;;;;;
+28B6;BRAILLE PATTERN DOTS-23568;So;0;ON;;;;;N;;;;;
+28B7;BRAILLE PATTERN DOTS-123568;So;0;ON;;;;;N;;;;;
+28B8;BRAILLE PATTERN DOTS-4568;So;0;ON;;;;;N;;;;;
+28B9;BRAILLE PATTERN DOTS-14568;So;0;ON;;;;;N;;;;;
+28BA;BRAILLE PATTERN DOTS-24568;So;0;ON;;;;;N;;;;;
+28BB;BRAILLE PATTERN DOTS-124568;So;0;ON;;;;;N;;;;;
+28BC;BRAILLE PATTERN DOTS-34568;So;0;ON;;;;;N;;;;;
+28BD;BRAILLE PATTERN DOTS-134568;So;0;ON;;;;;N;;;;;
+28BE;BRAILLE PATTERN DOTS-234568;So;0;ON;;;;;N;;;;;
+28BF;BRAILLE PATTERN DOTS-1234568;So;0;ON;;;;;N;;;;;
+28C0;BRAILLE PATTERN DOTS-78;So;0;ON;;;;;N;;;;;
+28C1;BRAILLE PATTERN DOTS-178;So;0;ON;;;;;N;;;;;
+28C2;BRAILLE PATTERN DOTS-278;So;0;ON;;;;;N;;;;;
+28C3;BRAILLE PATTERN DOTS-1278;So;0;ON;;;;;N;;;;;
+28C4;BRAILLE PATTERN DOTS-378;So;0;ON;;;;;N;;;;;
+28C5;BRAILLE PATTERN DOTS-1378;So;0;ON;;;;;N;;;;;
+28C6;BRAILLE PATTERN DOTS-2378;So;0;ON;;;;;N;;;;;
+28C7;BRAILLE PATTERN DOTS-12378;So;0;ON;;;;;N;;;;;
+28C8;BRAILLE PATTERN DOTS-478;So;0;ON;;;;;N;;;;;
+28C9;BRAILLE PATTERN DOTS-1478;So;0;ON;;;;;N;;;;;
+28CA;BRAILLE PATTERN DOTS-2478;So;0;ON;;;;;N;;;;;
+28CB;BRAILLE PATTERN DOTS-12478;So;0;ON;;;;;N;;;;;
+28CC;BRAILLE PATTERN DOTS-3478;So;0;ON;;;;;N;;;;;
+28CD;BRAILLE PATTERN DOTS-13478;So;0;ON;;;;;N;;;;;
+28CE;BRAILLE PATTERN DOTS-23478;So;0;ON;;;;;N;;;;;
+28CF;BRAILLE PATTERN DOTS-123478;So;0;ON;;;;;N;;;;;
+28D0;BRAILLE PATTERN DOTS-578;So;0;ON;;;;;N;;;;;
+28D1;BRAILLE PATTERN DOTS-1578;So;0;ON;;;;;N;;;;;
+28D2;BRAILLE PATTERN DOTS-2578;So;0;ON;;;;;N;;;;;
+28D3;BRAILLE PATTERN DOTS-12578;So;0;ON;;;;;N;;;;;
+28D4;BRAILLE PATTERN DOTS-3578;So;0;ON;;;;;N;;;;;
+28D5;BRAILLE PATTERN DOTS-13578;So;0;ON;;;;;N;;;;;
+28D6;BRAILLE PATTERN DOTS-23578;So;0;ON;;;;;N;;;;;
+28D7;BRAILLE PATTERN DOTS-123578;So;0;ON;;;;;N;;;;;
+28D8;BRAILLE PATTERN DOTS-4578;So;0;ON;;;;;N;;;;;
+28D9;BRAILLE PATTERN DOTS-14578;So;0;ON;;;;;N;;;;;
+28DA;BRAILLE PATTERN DOTS-24578;So;0;ON;;;;;N;;;;;
+28DB;BRAILLE PATTERN DOTS-124578;So;0;ON;;;;;N;;;;;
+28DC;BRAILLE PATTERN DOTS-34578;So;0;ON;;;;;N;;;;;
+28DD;BRAILLE PATTERN DOTS-134578;So;0;ON;;;;;N;;;;;
+28DE;BRAILLE PATTERN DOTS-234578;So;0;ON;;;;;N;;;;;
+28DF;BRAILLE PATTERN DOTS-1234578;So;0;ON;;;;;N;;;;;
+28E0;BRAILLE PATTERN DOTS-678;So;0;ON;;;;;N;;;;;
+28E1;BRAILLE PATTERN DOTS-1678;So;0;ON;;;;;N;;;;;
+28E2;BRAILLE PATTERN DOTS-2678;So;0;ON;;;;;N;;;;;
+28E3;BRAILLE PATTERN DOTS-12678;So;0;ON;;;;;N;;;;;
+28E4;BRAILLE PATTERN DOTS-3678;So;0;ON;;;;;N;;;;;
+28E5;BRAILLE PATTERN DOTS-13678;So;0;ON;;;;;N;;;;;
+28E6;BRAILLE PATTERN DOTS-23678;So;0;ON;;;;;N;;;;;
+28E7;BRAILLE PATTERN DOTS-123678;So;0;ON;;;;;N;;;;;
+28E8;BRAILLE PATTERN DOTS-4678;So;0;ON;;;;;N;;;;;
+28E9;BRAILLE PATTERN DOTS-14678;So;0;ON;;;;;N;;;;;
+28EA;BRAILLE PATTERN DOTS-24678;So;0;ON;;;;;N;;;;;
+28EB;BRAILLE PATTERN DOTS-124678;So;0;ON;;;;;N;;;;;
+28EC;BRAILLE PATTERN DOTS-34678;So;0;ON;;;;;N;;;;;
+28ED;BRAILLE PATTERN DOTS-134678;So;0;ON;;;;;N;;;;;
+28EE;BRAILLE PATTERN DOTS-234678;So;0;ON;;;;;N;;;;;
+28EF;BRAILLE PATTERN DOTS-1234678;So;0;ON;;;;;N;;;;;
+28F0;BRAILLE PATTERN DOTS-5678;So;0;ON;;;;;N;;;;;
+28F1;BRAILLE PATTERN DOTS-15678;So;0;ON;;;;;N;;;;;
+28F2;BRAILLE PATTERN DOTS-25678;So;0;ON;;;;;N;;;;;
+28F3;BRAILLE PATTERN DOTS-125678;So;0;ON;;;;;N;;;;;
+28F4;BRAILLE PATTERN DOTS-35678;So;0;ON;;;;;N;;;;;
+28F5;BRAILLE PATTERN DOTS-135678;So;0;ON;;;;;N;;;;;
+28F6;BRAILLE PATTERN DOTS-235678;So;0;ON;;;;;N;;;;;
+28F7;BRAILLE PATTERN DOTS-1235678;So;0;ON;;;;;N;;;;;
+28F8;BRAILLE PATTERN DOTS-45678;So;0;ON;;;;;N;;;;;
+28F9;BRAILLE PATTERN DOTS-145678;So;0;ON;;;;;N;;;;;
+28FA;BRAILLE PATTERN DOTS-245678;So;0;ON;;;;;N;;;;;
+28FB;BRAILLE PATTERN DOTS-1245678;So;0;ON;;;;;N;;;;;
+28FC;BRAILLE PATTERN DOTS-345678;So;0;ON;;;;;N;;;;;
+28FD;BRAILLE PATTERN DOTS-1345678;So;0;ON;;;;;N;;;;;
+28FE;BRAILLE PATTERN DOTS-2345678;So;0;ON;;;;;N;;;;;
+28FF;BRAILLE PATTERN DOTS-12345678;So;0;ON;;;;;N;;;;;
+2900;RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2901;RIGHTWARDS TWO-HEADED ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2902;LEFTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2903;RIGHTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2904;LEFT RIGHT DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2905;RIGHTWARDS TWO-HEADED ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+2906;LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+2907;RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;;
+2908;DOWNWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+2909;UPWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+290A;UPWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;;
+290B;DOWNWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;;
+290C;LEFTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+290D;RIGHTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+290E;LEFTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+290F;RIGHTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+2910;RIGHTWARDS TWO-HEADED TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;;
+2911;RIGHTWARDS ARROW WITH DOTTED STEM;Sm;0;ON;;;;;N;;;;;
+2912;UPWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;;
+2913;DOWNWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;;
+2914;RIGHTWARDS ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2915;RIGHTWARDS ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2916;RIGHTWARDS TWO-HEADED ARROW WITH TAIL;Sm;0;ON;;;;;N;;;;;
+2917;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2918;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2919;LEFTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291A;RIGHTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291B;LEFTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291C;RIGHTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;;
+291D;LEFTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+291E;RIGHTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+291F;LEFTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+2920;RIGHTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+2921;NORTH WEST AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2922;NORTH EAST AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+2923;NORTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2924;NORTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2925;SOUTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2926;SOUTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;;
+2927;NORTH WEST ARROW AND NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2928;NORTH EAST ARROW AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2929;SOUTH EAST ARROW AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+292A;SOUTH WEST ARROW AND NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+292B;RISING DIAGONAL CROSSING FALLING DIAGONAL;Sm;0;ON;;;;;N;;;;;
+292C;FALLING DIAGONAL CROSSING RISING DIAGONAL;Sm;0;ON;;;;;N;;;;;
+292D;SOUTH EAST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+292E;NORTH EAST ARROW CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+292F;FALLING DIAGONAL CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2930;RISING DIAGONAL CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2931;NORTH EAST ARROW CROSSING NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;;
+2932;NORTH WEST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;;
+2933;WAVE ARROW POINTING DIRECTLY RIGHT;Sm;0;ON;;;;;N;;;;;
+2934;ARROW POINTING RIGHTWARDS THEN CURVING UPWARDS;Sm;0;ON;;;;;N;;;;;
+2935;ARROW POINTING RIGHTWARDS THEN CURVING DOWNWARDS;Sm;0;ON;;;;;N;;;;;
+2936;ARROW POINTING DOWNWARDS THEN CURVING LEFTWARDS;Sm;0;ON;;;;;N;;;;;
+2937;ARROW POINTING DOWNWARDS THEN CURVING RIGHTWARDS;Sm;0;ON;;;;;N;;;;;
+2938;RIGHT-SIDE ARC CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+2939;LEFT-SIDE ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293A;TOP ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293B;BOTTOM ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293C;TOP ARC CLOCKWISE ARROW WITH MINUS;Sm;0;ON;;;;;N;;;;;
+293D;TOP ARC ANTICLOCKWISE ARROW WITH PLUS;Sm;0;ON;;;;;N;;;;;
+293E;LOWER RIGHT SEMICIRCULAR CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+293F;LOWER LEFT SEMICIRCULAR ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;;
+2940;ANTICLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+2941;CLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;;
+2942;RIGHTWARDS ARROW ABOVE SHORT LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2943;LEFTWARDS ARROW ABOVE SHORT RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2944;SHORT RIGHTWARDS ARROW ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2945;RIGHTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;;
+2946;LEFTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;;
+2947;RIGHTWARDS ARROW THROUGH X;Sm;0;ON;;;;;N;;;;;
+2948;LEFT RIGHT ARROW THROUGH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+2949;UPWARDS TWO-HEADED ARROW FROM SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+294A;LEFT BARB UP RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;;
+294B;LEFT BARB DOWN RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;;
+294C;UP BARB RIGHT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;;
+294D;UP BARB LEFT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;;
+294E;LEFT BARB UP RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;;
+294F;UP BARB RIGHT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;;
+2950;LEFT BARB DOWN RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;;
+2951;UP BARB LEFT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;;
+2952;LEFTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;;
+2953;RIGHTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;;
+2954;UPWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;;
+2955;DOWNWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;;
+2956;LEFTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;;
+2957;RIGHTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;;
+2958;UPWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;;
+2959;DOWNWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;;
+295A;LEFTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;;
+295B;RIGHTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;;
+295C;UPWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;;
+295D;DOWNWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;;
+295E;LEFTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;;
+295F;RIGHTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;;
+2960;UPWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;;
+2961;DOWNWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;;
+2962;LEFTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+2963;UPWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+2964;RIGHTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+2965;DOWNWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+2966;LEFTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;;
+2967;LEFTWARDS HARPOON WITH BARB DOWN ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+2968;RIGHTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;;
+2969;RIGHTWARDS HARPOON WITH BARB DOWN ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;;
+296A;LEFTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;;
+296B;LEFTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;;
+296C;RIGHTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;;
+296D;RIGHTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;;
+296E;UPWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+296F;DOWNWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;;
+2970;RIGHT DOUBLE ARROW WITH ROUNDED HEAD;Sm;0;ON;;;;;N;;;;;
+2971;EQUALS SIGN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2972;TILDE OPERATOR ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2973;LEFTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;;
+2974;RIGHTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;;
+2975;RIGHTWARDS ARROW ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;N;;;;;
+2976;LESS-THAN ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2977;LEFTWARDS ARROW THROUGH LESS-THAN;Sm;0;ON;;;;;N;;;;;
+2978;GREATER-THAN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+2979;SUBSET ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+297A;LEFTWARDS ARROW THROUGH SUBSET;Sm;0;ON;;;;;N;;;;;
+297B;SUPERSET ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;;
+297C;LEFT FISH TAIL;Sm;0;ON;;;;;N;;;;;
+297D;RIGHT FISH TAIL;Sm;0;ON;;;;;N;;;;;
+297E;UP FISH TAIL;Sm;0;ON;;;;;N;;;;;
+297F;DOWN FISH TAIL;Sm;0;ON;;;;;N;;;;;
+2980;TRIPLE VERTICAL BAR DELIMITER;Sm;0;ON;;;;;N;;;;;
+2981;Z NOTATION SPOT;Sm;0;ON;;;;;N;;;;;
+2982;Z NOTATION TYPE COLON;Sm;0;ON;;;;;N;;;;;
+2983;LEFT WHITE CURLY BRACKET;Ps;0;ON;;;;;Y;;;;;
+2984;RIGHT WHITE CURLY BRACKET;Pe;0;ON;;;;;Y;;;;;
+2985;LEFT WHITE PARENTHESIS;Ps;0;ON;;;;;Y;;;;;
+2986;RIGHT WHITE PARENTHESIS;Pe;0;ON;;;;;Y;;;;;
+2987;Z NOTATION LEFT IMAGE BRACKET;Ps;0;ON;;;;;Y;;;;;
+2988;Z NOTATION RIGHT IMAGE BRACKET;Pe;0;ON;;;;;Y;;;;;
+2989;Z NOTATION LEFT BINDING BRACKET;Ps;0;ON;;;;;Y;;;;;
+298A;Z NOTATION RIGHT BINDING BRACKET;Pe;0;ON;;;;;Y;;;;;
+298B;LEFT SQUARE BRACKET WITH UNDERBAR;Ps;0;ON;;;;;Y;;;;;
+298C;RIGHT SQUARE BRACKET WITH UNDERBAR;Pe;0;ON;;;;;Y;;;;;
+298D;LEFT SQUARE BRACKET WITH TICK IN TOP CORNER;Ps;0;ON;;;;;Y;;;;;
+298E;RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Pe;0;ON;;;;;Y;;;;;
+298F;LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Ps;0;ON;;;;;Y;;;;;
+2990;RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER;Pe;0;ON;;;;;Y;;;;;
+2991;LEFT ANGLE BRACKET WITH DOT;Ps;0;ON;;;;;Y;;;;;
+2992;RIGHT ANGLE BRACKET WITH DOT;Pe;0;ON;;;;;Y;;;;;
+2993;LEFT ARC LESS-THAN BRACKET;Ps;0;ON;;;;;Y;;;;;
+2994;RIGHT ARC GREATER-THAN BRACKET;Pe;0;ON;;;;;Y;;;;;
+2995;DOUBLE LEFT ARC GREATER-THAN BRACKET;Ps;0;ON;;;;;Y;;;;;
+2996;DOUBLE RIGHT ARC LESS-THAN BRACKET;Pe;0;ON;;;;;Y;;;;;
+2997;LEFT BLACK TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;;;;;
+2998;RIGHT BLACK TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;;;;;
+2999;DOTTED FENCE;Sm;0;ON;;;;;N;;;;;
+299A;VERTICAL ZIGZAG LINE;Sm;0;ON;;;;;N;;;;;
+299B;MEASURED ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;;
+299C;RIGHT ANGLE VARIANT WITH SQUARE;Sm;0;ON;;;;;Y;;;;;
+299D;MEASURED RIGHT ANGLE WITH DOT;Sm;0;ON;;;;;Y;;;;;
+299E;ANGLE WITH S INSIDE;Sm;0;ON;;;;;Y;;;;;
+299F;ACUTE ANGLE;Sm;0;ON;;;;;Y;;;;;
+29A0;SPHERICAL ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;;
+29A1;SPHERICAL ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;;
+29A2;TURNED ANGLE;Sm;0;ON;;;;;Y;;;;;
+29A3;REVERSED ANGLE;Sm;0;ON;;;;;Y;;;;;
+29A4;ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+29A5;REVERSED ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+29A6;OBLIQUE ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;;
+29A7;OBLIQUE ANGLE OPENING DOWN;Sm;0;ON;;;;;Y;;;;;
+29A8;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND RIGHT;Sm;0;ON;;;;;Y;;;;;
+29A9;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND LEFT;Sm;0;ON;;;;;Y;;;;;
+29AA;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND RIGHT;Sm;0;ON;;;;;Y;;;;;
+29AB;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND LEFT;Sm;0;ON;;;;;Y;;;;;
+29AC;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND UP;Sm;0;ON;;;;;Y;;;;;
+29AD;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND UP;Sm;0;ON;;;;;Y;;;;;
+29AE;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND DOWN;Sm;0;ON;;;;;Y;;;;;
+29AF;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND DOWN;Sm;0;ON;;;;;Y;;;;;
+29B0;REVERSED EMPTY SET;Sm;0;ON;;;;;N;;;;;
+29B1;EMPTY SET WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+29B2;EMPTY SET WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+29B3;EMPTY SET WITH RIGHT ARROW ABOVE;Sm;0;ON;;;;;N;;;;;
+29B4;EMPTY SET WITH LEFT ARROW ABOVE;Sm;0;ON;;;;;N;;;;;
+29B5;CIRCLE WITH HORIZONTAL BAR;Sm;0;ON;;;;;N;;;;;
+29B6;CIRCLED VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+29B7;CIRCLED PARALLEL;Sm;0;ON;;;;;N;;;;;
+29B8;CIRCLED REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;;
+29B9;CIRCLED PERPENDICULAR;Sm;0;ON;;;;;N;;;;;
+29BA;CIRCLE DIVIDED BY HORIZONTAL BAR AND TOP HALF DIVIDED BY VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+29BB;CIRCLE WITH SUPERIMPOSED X;Sm;0;ON;;;;;N;;;;;
+29BC;CIRCLED ANTICLOCKWISE-ROTATED DIVISION SIGN;Sm;0;ON;;;;;N;;;;;
+29BD;UP ARROW THROUGH CIRCLE;Sm;0;ON;;;;;N;;;;;
+29BE;CIRCLED WHITE BULLET;Sm;0;ON;;;;;N;;;;;
+29BF;CIRCLED BULLET;Sm;0;ON;;;;;N;;;;;
+29C0;CIRCLED LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+29C1;CIRCLED GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+29C2;CIRCLE WITH SMALL CIRCLE TO THE RIGHT;Sm;0;ON;;;;;Y;;;;;
+29C3;CIRCLE WITH TWO HORIZONTAL STROKES TO THE RIGHT;Sm;0;ON;;;;;Y;;;;;
+29C4;SQUARED RISING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;;
+29C5;SQUARED FALLING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;;
+29C6;SQUARED ASTERISK;Sm;0;ON;;;;;N;;;;;
+29C7;SQUARED SMALL CIRCLE;Sm;0;ON;;;;;N;;;;;
+29C8;SQUARED SQUARE;Sm;0;ON;;;;;N;;;;;
+29C9;TWO JOINED SQUARES;Sm;0;ON;;;;;Y;;;;;
+29CA;TRIANGLE WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+29CB;TRIANGLE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+29CC;S IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+29CD;TRIANGLE WITH SERIFS AT BOTTOM;Sm;0;ON;;;;;N;;;;;
+29CE;RIGHT TRIANGLE ABOVE LEFT TRIANGLE;Sm;0;ON;;;;;Y;;;;;
+29CF;LEFT TRIANGLE BESIDE VERTICAL BAR;Sm;0;ON;;;;;Y;;;;;
+29D0;VERTICAL BAR BESIDE RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;;
+29D1;BOWTIE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D2;BOWTIE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D3;BLACK BOWTIE;Sm;0;ON;;;;;N;;;;;
+29D4;TIMES WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D5;TIMES WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29D6;WHITE HOURGLASS;Sm;0;ON;;;;;N;;;;;
+29D7;BLACK HOURGLASS;Sm;0;ON;;;;;N;;;;;
+29D8;LEFT WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;;
+29D9;RIGHT WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;;
+29DA;LEFT DOUBLE WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;;
+29DB;RIGHT DOUBLE WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;;
+29DC;INCOMPLETE INFINITY;Sm;0;ON;;;;;Y;;;;;
+29DD;TIE OVER INFINITY;Sm;0;ON;;;;;N;;;;;
+29DE;INFINITY NEGATED WITH VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+29DF;DOUBLE-ENDED MULTIMAP;Sm;0;ON;;;;;N;;;;;
+29E0;SQUARE WITH CONTOURED OUTLINE;Sm;0;ON;;;;;N;;;;;
+29E1;INCREASES AS;Sm;0;ON;;;;;Y;;;;;
+29E2;SHUFFLE PRODUCT;Sm;0;ON;;;;;N;;;;;
+29E3;EQUALS SIGN AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;;
+29E4;EQUALS SIGN AND SLANTED PARALLEL WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;;
+29E5;IDENTICAL TO AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;;
+29E6;GLEICH STARK;Sm;0;ON;;;;;N;;;;;
+29E7;THERMODYNAMIC;Sm;0;ON;;;;;N;;;;;
+29E8;DOWN-POINTING TRIANGLE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29E9;DOWN-POINTING TRIANGLE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;;
+29EA;BLACK DIAMOND WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;;
+29EB;BLACK LOZENGE;Sm;0;ON;;;;;N;;;;;
+29EC;WHITE CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;;
+29ED;BLACK CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;;
+29EE;ERROR-BARRED WHITE SQUARE;Sm;0;ON;;;;;N;;;;;
+29EF;ERROR-BARRED BLACK SQUARE;Sm;0;ON;;;;;N;;;;;
+29F0;ERROR-BARRED WHITE DIAMOND;Sm;0;ON;;;;;N;;;;;
+29F1;ERROR-BARRED BLACK DIAMOND;Sm;0;ON;;;;;N;;;;;
+29F2;ERROR-BARRED WHITE CIRCLE;Sm;0;ON;;;;;N;;;;;
+29F3;ERROR-BARRED BLACK CIRCLE;Sm;0;ON;;;;;N;;;;;
+29F4;RULE-DELAYED;Sm;0;ON;;;;;Y;;;;;
+29F5;REVERSE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;;
+29F6;SOLIDUS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+29F7;REVERSE SOLIDUS WITH HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;;
+29F8;BIG SOLIDUS;Sm;0;ON;;;;;Y;;;;;
+29F9;BIG REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;;
+29FA;DOUBLE PLUS;Sm;0;ON;;;;;N;;;;;
+29FB;TRIPLE PLUS;Sm;0;ON;;;;;N;;;;;
+29FC;LEFT-POINTING CURVED ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;;
+29FD;RIGHT-POINTING CURVED ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;;
+29FE;TINY;Sm;0;ON;;;;;N;;;;;
+29FF;MINY;Sm;0;ON;;;;;N;;;;;
+2A00;N-ARY CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A01;N-ARY CIRCLED PLUS OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A02;N-ARY CIRCLED TIMES OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A03;N-ARY UNION OPERATOR WITH DOT;Sm;0;ON;;;;;N;;;;;
+2A04;N-ARY UNION OPERATOR WITH PLUS;Sm;0;ON;;;;;N;;;;;
+2A05;N-ARY SQUARE INTERSECTION OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A06;N-ARY SQUARE UNION OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A07;TWO LOGICAL AND OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A08;TWO LOGICAL OR OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A09;N-ARY TIMES OPERATOR;Sm;0;ON;;;;;N;;;;;
+2A0A;MODULO TWO SUM;Sm;0;ON;;;;;Y;;;;;
+2A0B;SUMMATION WITH INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2A0C;QUADRUPLE INTEGRAL OPERATOR;Sm;0;ON;<compat> 222B 222B 222B 222B;;;;Y;;;;;
+2A0D;FINITE PART INTEGRAL;Sm;0;ON;;;;;Y;;;;;
+2A0E;INTEGRAL WITH DOUBLE STROKE;Sm;0;ON;;;;;Y;;;;;
+2A0F;INTEGRAL AVERAGE WITH SLASH;Sm;0;ON;;;;;Y;;;;;
+2A10;CIRCULATION FUNCTION;Sm;0;ON;;;;;Y;;;;;
+2A11;ANTICLOCKWISE INTEGRATION;Sm;0;ON;;;;;Y;;;;;
+2A12;LINE INTEGRATION WITH RECTANGULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;;
+2A13;LINE INTEGRATION WITH SEMICIRCULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;;
+2A14;LINE INTEGRATION NOT INCLUDING THE POLE;Sm;0;ON;;;;;Y;;;;;
+2A15;INTEGRAL AROUND A POINT OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A16;QUATERNION INTEGRAL OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A17;INTEGRAL WITH LEFTWARDS ARROW WITH HOOK;Sm;0;ON;;;;;Y;;;;;
+2A18;INTEGRAL WITH TIMES SIGN;Sm;0;ON;;;;;Y;;;;;
+2A19;INTEGRAL WITH INTERSECTION;Sm;0;ON;;;;;Y;;;;;
+2A1A;INTEGRAL WITH UNION;Sm;0;ON;;;;;Y;;;;;
+2A1B;INTEGRAL WITH OVERBAR;Sm;0;ON;;;;;Y;;;;;
+2A1C;INTEGRAL WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+2A1D;JOIN;Sm;0;ON;;;;;N;;;;;
+2A1E;LARGE LEFT TRIANGLE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A1F;Z NOTATION SCHEMA COMPOSITION;Sm;0;ON;;;;;Y;;;;;
+2A20;Z NOTATION SCHEMA PIPING;Sm;0;ON;;;;;Y;;;;;
+2A21;Z NOTATION SCHEMA PROJECTION;Sm;0;ON;;;;;Y;;;;;
+2A22;PLUS SIGN WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+2A23;PLUS SIGN WITH CIRCUMFLEX ACCENT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A24;PLUS SIGN WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A25;PLUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;;
+2A26;PLUS SIGN WITH TILDE BELOW;Sm;0;ON;;;;;Y;;;;;
+2A27;PLUS SIGN WITH SUBSCRIPT TWO;Sm;0;ON;;;;;N;;;;;
+2A28;PLUS SIGN WITH BLACK TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A29;MINUS SIGN WITH COMMA ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A2A;MINUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;;
+2A2B;MINUS SIGN WITH FALLING DOTS;Sm;0;ON;;;;;Y;;;;;
+2A2C;MINUS SIGN WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;;
+2A2D;PLUS SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A2E;PLUS SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A2F;VECTOR OR CROSS PRODUCT;Sm;0;ON;;;;;N;;;;;
+2A30;MULTIPLICATION SIGN WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A31;MULTIPLICATION SIGN WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A32;SEMIDIRECT PRODUCT WITH BOTTOM CLOSED;Sm;0;ON;;;;;N;;;;;
+2A33;SMASH PRODUCT;Sm;0;ON;;;;;N;;;;;
+2A34;MULTIPLICATION SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A35;MULTIPLICATION SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;;
+2A36;CIRCLED MULTIPLICATION SIGN WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;N;;;;;
+2A37;MULTIPLICATION SIGN IN DOUBLE CIRCLE;Sm;0;ON;;;;;N;;;;;
+2A38;CIRCLED DIVISION SIGN;Sm;0;ON;;;;;N;;;;;
+2A39;PLUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A3A;MINUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A3B;MULTIPLICATION SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;;
+2A3C;INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;;
+2A3D;RIGHTHAND INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;;
+2A3E;Z NOTATION RELATIONAL COMPOSITION;Sm;0;ON;;;;;Y;;;;;
+2A3F;AMALGAMATION OR COPRODUCT;Sm;0;ON;;;;;N;;;;;
+2A40;INTERSECTION WITH DOT;Sm;0;ON;;;;;N;;;;;
+2A41;UNION WITH MINUS SIGN;Sm;0;ON;;;;;N;;;;;
+2A42;UNION WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A43;INTERSECTION WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A44;INTERSECTION WITH LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A45;UNION WITH LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2A46;UNION ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A47;INTERSECTION ABOVE UNION;Sm;0;ON;;;;;N;;;;;
+2A48;UNION ABOVE BAR ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A49;INTERSECTION ABOVE BAR ABOVE UNION;Sm;0;ON;;;;;N;;;;;
+2A4A;UNION BESIDE AND JOINED WITH UNION;Sm;0;ON;;;;;N;;;;;
+2A4B;INTERSECTION BESIDE AND JOINED WITH INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A4C;CLOSED UNION WITH SERIFS;Sm;0;ON;;;;;N;;;;;
+2A4D;CLOSED INTERSECTION WITH SERIFS;Sm;0;ON;;;;;N;;;;;
+2A4E;DOUBLE SQUARE INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2A4F;DOUBLE SQUARE UNION;Sm;0;ON;;;;;N;;;;;
+2A50;CLOSED UNION WITH SERIFS AND SMASH PRODUCT;Sm;0;ON;;;;;N;;;;;
+2A51;LOGICAL AND WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A52;LOGICAL OR WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A53;DOUBLE LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A54;DOUBLE LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2A55;TWO INTERSECTING LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A56;TWO INTERSECTING LOGICAL OR;Sm;0;ON;;;;;N;;;;;
+2A57;SLOPING LARGE OR;Sm;0;ON;;;;;Y;;;;;
+2A58;SLOPING LARGE AND;Sm;0;ON;;;;;Y;;;;;
+2A59;LOGICAL OR OVERLAPPING LOGICAL AND;Sm;0;ON;;;;;N;;;;;
+2A5A;LOGICAL AND WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;;
+2A5B;LOGICAL OR WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;;
+2A5C;LOGICAL AND WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;;
+2A5D;LOGICAL OR WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;;
+2A5E;LOGICAL AND WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A5F;LOGICAL AND WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A60;LOGICAL AND WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A61;SMALL VEE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A62;LOGICAL OR WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;;
+2A63;LOGICAL OR WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2A64;Z NOTATION DOMAIN ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;;
+2A65;Z NOTATION RANGE ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;;
+2A66;EQUALS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;;
+2A67;IDENTICAL WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;;
+2A68;TRIPLE HORIZONTAL BAR WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2A69;TRIPLE HORIZONTAL BAR WITH TRIPLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;;
+2A6A;TILDE OPERATOR WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A6B;TILDE OPERATOR WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;;
+2A6C;SIMILAR MINUS SIMILAR;Sm;0;ON;;;;;Y;;;;;
+2A6D;CONGRUENT WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A6E;EQUALS WITH ASTERISK;Sm;0;ON;;;;;N;;;;;
+2A6F;ALMOST EQUAL TO WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;Y;;;;;
+2A70;APPROXIMATELY EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A71;EQUALS SIGN ABOVE PLUS SIGN;Sm;0;ON;;;;;N;;;;;
+2A72;PLUS SIGN ABOVE EQUALS SIGN;Sm;0;ON;;;;;N;;;;;
+2A73;EQUALS SIGN ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2A74;DOUBLE COLON EQUAL;Sm;0;ON;<compat> 003A 003A 003D;;;;Y;;;;;
+2A75;TWO CONSECUTIVE EQUALS SIGNS;Sm;0;ON;<compat> 003D 003D;;;;N;;;;;
+2A76;THREE CONSECUTIVE EQUALS SIGNS;Sm;0;ON;<compat> 003D 003D 003D;;;;N;;;;;
+2A77;EQUALS SIGN WITH TWO DOTS ABOVE AND TWO DOTS BELOW;Sm;0;ON;;;;;N;;;;;
+2A78;EQUIVALENT WITH FOUR DOTS ABOVE;Sm;0;ON;;;;;N;;;;;
+2A79;LESS-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A7A;GREATER-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A7B;LESS-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A7C;GREATER-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A7D;LESS-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A7E;GREATER-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A7F;LESS-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A80;GREATER-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A81;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A82;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2A83;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE RIGHT;Sm;0;ON;;;;;Y;;;;;
+2A84;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE LEFT;Sm;0;ON;;;;;Y;;;;;
+2A85;LESS-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A86;GREATER-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A87;LESS-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A88;GREATER-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2A89;LESS-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A8A;GREATER-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;;
+2A8B;LESS-THAN ABOVE DOUBLE-LINE EQUAL ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A8C;GREATER-THAN ABOVE DOUBLE-LINE EQUAL ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A8D;LESS-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A8E;GREATER-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A8F;LESS-THAN ABOVE SIMILAR ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A90;GREATER-THAN ABOVE SIMILAR ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A91;LESS-THAN ABOVE GREATER-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A92;GREATER-THAN ABOVE LESS-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A93;LESS-THAN ABOVE SLANTED EQUAL ABOVE GREATER-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A94;GREATER-THAN ABOVE SLANTED EQUAL ABOVE LESS-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2A95;SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A96;SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A97;SLANTED EQUAL TO OR LESS-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A98;SLANTED EQUAL TO OR GREATER-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;;
+2A99;DOUBLE-LINE EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9A;DOUBLE-LINE EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9B;DOUBLE-LINE SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9C;DOUBLE-LINE SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9D;SIMILAR OR LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9E;SIMILAR OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2A9F;SIMILAR ABOVE LESS-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AA0;SIMILAR ABOVE GREATER-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AA1;DOUBLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2AA2;DOUBLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2AA3;DOUBLE NESTED LESS-THAN WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;;
+2AA4;GREATER-THAN OVERLAPPING LESS-THAN;Sm;0;ON;;;;;N;;;;;
+2AA5;GREATER-THAN BESIDE LESS-THAN;Sm;0;ON;;;;;N;;;;;
+2AA6;LESS-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;;
+2AA7;GREATER-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;;
+2AA8;LESS-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2AA9;GREATER-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;;
+2AAA;SMALLER THAN;Sm;0;ON;;;;;Y;;;;;
+2AAB;LARGER THAN;Sm;0;ON;;;;;Y;;;;;
+2AAC;SMALLER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AAD;LARGER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AAE;EQUALS SIGN WITH BUMPY ABOVE;Sm;0;ON;;;;;N;;;;;
+2AAF;PRECEDES ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB0;SUCCEEDS ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB1;PRECEDES ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB2;SUCCEEDS ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB3;PRECEDES ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB4;SUCCEEDS ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AB5;PRECEDES ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB6;SUCCEEDS ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB7;PRECEDES ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB8;SUCCEEDS ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AB9;PRECEDES ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ABA;SUCCEEDS ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ABB;DOUBLE PRECEDES;Sm;0;ON;;;;;Y;;;;;
+2ABC;DOUBLE SUCCEEDS;Sm;0;ON;;;;;Y;;;;;
+2ABD;SUBSET WITH DOT;Sm;0;ON;;;;;Y;;;;;
+2ABE;SUPERSET WITH DOT;Sm;0;ON;;;;;Y;;;;;
+2ABF;SUBSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC0;SUPERSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC1;SUBSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC2;SUPERSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;;
+2AC3;SUBSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2AC4;SUPERSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;;
+2AC5;SUBSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AC6;SUPERSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;;
+2AC7;SUBSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AC8;SUPERSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AC9;SUBSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACA;SUPERSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACB;SUBSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACC;SUPERSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2ACD;SQUARE LEFT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2ACE;SQUARE RIGHT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2ACF;CLOSED SUBSET;Sm;0;ON;;;;;Y;;;;;
+2AD0;CLOSED SUPERSET;Sm;0;ON;;;;;Y;;;;;
+2AD1;CLOSED SUBSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AD2;CLOSED SUPERSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AD3;SUBSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;;
+2AD4;SUPERSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;;
+2AD5;SUBSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;;
+2AD6;SUPERSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;;
+2AD7;SUPERSET BESIDE SUBSET;Sm;0;ON;;;;;N;;;;;
+2AD8;SUPERSET BESIDE AND JOINED BY DASH WITH SUBSET;Sm;0;ON;;;;;N;;;;;
+2AD9;ELEMENT OF OPENING DOWNWARDS;Sm;0;ON;;;;;N;;;;;
+2ADA;PITCHFORK WITH TEE TOP;Sm;0;ON;;;;;N;;;;;
+2ADB;TRANSVERSAL INTERSECTION;Sm;0;ON;;;;;N;;;;;
+2ADC;FORKING;Sm;0;ON;2ADD 0338;;;;Y;;not independent;;;
+2ADD;NONFORKING;Sm;0;ON;;;;;N;;independent;;;
+2ADE;SHORT LEFT TACK;Sm;0;ON;;;;;Y;;;;;
+2ADF;SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;;
+2AE0;SHORT UP TACK;Sm;0;ON;;;;;N;;;;;
+2AE1;PERPENDICULAR WITH S;Sm;0;ON;;;;;N;;;;;
+2AE2;VERTICAL BAR TRIPLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE3;DOUBLE VERTICAL BAR LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE4;VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE5;DOUBLE VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;;
+2AE6;LONG DASH FROM LEFT MEMBER OF DOUBLE VERTICAL;Sm;0;ON;;;;;Y;;;;;
+2AE7;SHORT DOWN TACK WITH OVERBAR;Sm;0;ON;;;;;N;;;;;
+2AE8;SHORT UP TACK WITH UNDERBAR;Sm;0;ON;;;;;N;;;;;
+2AE9;SHORT UP TACK ABOVE SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;;
+2AEA;DOUBLE DOWN TACK;Sm;0;ON;;;;;N;;;;;
+2AEB;DOUBLE UP TACK;Sm;0;ON;;;;;N;;;;;
+2AEC;DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;;
+2AED;REVERSED DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;;
+2AEE;DOES NOT DIVIDE WITH REVERSED NEGATION SLASH;Sm;0;ON;;;;;Y;;;;;
+2AEF;VERTICAL LINE WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;;
+2AF0;VERTICAL LINE WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;;
+2AF1;DOWN TACK WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;;
+2AF2;PARALLEL WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+2AF3;PARALLEL WITH TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AF4;TRIPLE VERTICAL BAR BINARY RELATION;Sm;0;ON;;;;;N;;;;;
+2AF5;TRIPLE VERTICAL BAR WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;;
+2AF6;TRIPLE COLON OPERATOR;Sm;0;ON;;;;;N;;;;;
+2AF7;TRIPLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;;
+2AF8;TRIPLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;;
+2AF9;DOUBLE-LINE SLANTED LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AFA;DOUBLE-LINE SLANTED GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;;
+2AFB;TRIPLE SOLIDUS BINARY RELATION;Sm;0;ON;;;;;Y;;;;;
+2AFC;LARGE TRIPLE VERTICAL BAR OPERATOR;Sm;0;ON;;;;;N;;;;;
+2AFD;DOUBLE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;;
+2AFE;WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+2AFF;N-ARY WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;;
+2E80;CJK RADICAL REPEAT;So;0;ON;;;;;N;;;;;
+2E81;CJK RADICAL CLIFF;So;0;ON;;;;;N;;;;;
+2E82;CJK RADICAL SECOND ONE;So;0;ON;;;;;N;;;;;
+2E83;CJK RADICAL SECOND TWO;So;0;ON;;;;;N;;;;;
+2E84;CJK RADICAL SECOND THREE;So;0;ON;;;;;N;;;;;
+2E85;CJK RADICAL PERSON;So;0;ON;;;;;N;;;;;
+2E86;CJK RADICAL BOX;So;0;ON;;;;;N;;;;;
+2E87;CJK RADICAL TABLE;So;0;ON;;;;;N;;;;;
+2E88;CJK RADICAL KNIFE ONE;So;0;ON;;;;;N;;;;;
+2E89;CJK RADICAL KNIFE TWO;So;0;ON;;;;;N;;;;;
+2E8A;CJK RADICAL DIVINATION;So;0;ON;;;;;N;;;;;
+2E8B;CJK RADICAL SEAL;So;0;ON;;;;;N;;;;;
+2E8C;CJK RADICAL SMALL ONE;So;0;ON;;;;;N;;;;;
+2E8D;CJK RADICAL SMALL TWO;So;0;ON;;;;;N;;;;;
+2E8E;CJK RADICAL LAME ONE;So;0;ON;;;;;N;;;;;
+2E8F;CJK RADICAL LAME TWO;So;0;ON;;;;;N;;;;;
+2E90;CJK RADICAL LAME THREE;So;0;ON;;;;;N;;;;;
+2E91;CJK RADICAL LAME FOUR;So;0;ON;;;;;N;;;;;
+2E92;CJK RADICAL SNAKE;So;0;ON;;;;;N;;;;;
+2E93;CJK RADICAL THREAD;So;0;ON;;;;;N;;;;;
+2E94;CJK RADICAL SNOUT ONE;So;0;ON;;;;;N;;;;;
+2E95;CJK RADICAL SNOUT TWO;So;0;ON;;;;;N;;;;;
+2E96;CJK RADICAL HEART ONE;So;0;ON;;;;;N;;;;;
+2E97;CJK RADICAL HEART TWO;So;0;ON;;;;;N;;;;;
+2E98;CJK RADICAL HAND;So;0;ON;;;;;N;;;;;
+2E99;CJK RADICAL RAP;So;0;ON;;;;;N;;;;;
+2E9B;CJK RADICAL CHOKE;So;0;ON;;;;;N;;;;;
+2E9C;CJK RADICAL SUN;So;0;ON;;;;;N;;;;;
+2E9D;CJK RADICAL MOON;So;0;ON;;;;;N;;;;;
+2E9E;CJK RADICAL DEATH;So;0;ON;;;;;N;;;;;
+2E9F;CJK RADICAL MOTHER;So;0;ON;<compat> 6BCD;;;;N;;;;;
+2EA0;CJK RADICAL CIVILIAN;So;0;ON;;;;;N;;;;;
+2EA1;CJK RADICAL WATER ONE;So;0;ON;;;;;N;;;;;
+2EA2;CJK RADICAL WATER TWO;So;0;ON;;;;;N;;;;;
+2EA3;CJK RADICAL FIRE;So;0;ON;;;;;N;;;;;
+2EA4;CJK RADICAL PAW ONE;So;0;ON;;;;;N;;;;;
+2EA5;CJK RADICAL PAW TWO;So;0;ON;;;;;N;;;;;
+2EA6;CJK RADICAL SIMPLIFIED HALF TREE TRUNK;So;0;ON;;;;;N;;;;;
+2EA7;CJK RADICAL COW;So;0;ON;;;;;N;;;;;
+2EA8;CJK RADICAL DOG;So;0;ON;;;;;N;;;;;
+2EA9;CJK RADICAL JADE;So;0;ON;;;;;N;;;;;
+2EAA;CJK RADICAL BOLT OF CLOTH;So;0;ON;;;;;N;;;;;
+2EAB;CJK RADICAL EYE;So;0;ON;;;;;N;;;;;
+2EAC;CJK RADICAL SPIRIT ONE;So;0;ON;;;;;N;;;;;
+2EAD;CJK RADICAL SPIRIT TWO;So;0;ON;;;;;N;;;;;
+2EAE;CJK RADICAL BAMBOO;So;0;ON;;;;;N;;;;;
+2EAF;CJK RADICAL SILK;So;0;ON;;;;;N;;;;;
+2EB0;CJK RADICAL C-SIMPLIFIED SILK;So;0;ON;;;;;N;;;;;
+2EB1;CJK RADICAL NET ONE;So;0;ON;;;;;N;;;;;
+2EB2;CJK RADICAL NET TWO;So;0;ON;;;;;N;;;;;
+2EB3;CJK RADICAL NET THREE;So;0;ON;;;;;N;;;;;
+2EB4;CJK RADICAL NET FOUR;So;0;ON;;;;;N;;;;;
+2EB5;CJK RADICAL MESH;So;0;ON;;;;;N;;;;;
+2EB6;CJK RADICAL SHEEP;So;0;ON;;;;;N;;;;;
+2EB7;CJK RADICAL RAM;So;0;ON;;;;;N;;;;;
+2EB8;CJK RADICAL EWE;So;0;ON;;;;;N;;;;;
+2EB9;CJK RADICAL OLD;So;0;ON;;;;;N;;;;;
+2EBA;CJK RADICAL BRUSH ONE;So;0;ON;;;;;N;;;;;
+2EBB;CJK RADICAL BRUSH TWO;So;0;ON;;;;;N;;;;;
+2EBC;CJK RADICAL MEAT;So;0;ON;;;;;N;;;;;
+2EBD;CJK RADICAL MORTAR;So;0;ON;;;;;N;;;;;
+2EBE;CJK RADICAL GRASS ONE;So;0;ON;;;;;N;;;;;
+2EBF;CJK RADICAL GRASS TWO;So;0;ON;;;;;N;;;;;
+2EC0;CJK RADICAL GRASS THREE;So;0;ON;;;;;N;;;;;
+2EC1;CJK RADICAL TIGER;So;0;ON;;;;;N;;;;;
+2EC2;CJK RADICAL CLOTHES;So;0;ON;;;;;N;;;;;
+2EC3;CJK RADICAL WEST ONE;So;0;ON;;;;;N;;;;;
+2EC4;CJK RADICAL WEST TWO;So;0;ON;;;;;N;;;;;
+2EC5;CJK RADICAL C-SIMPLIFIED SEE;So;0;ON;;;;;N;;;;;
+2EC6;CJK RADICAL SIMPLIFIED HORN;So;0;ON;;;;;N;;;;;
+2EC7;CJK RADICAL HORN;So;0;ON;;;;;N;;;;;
+2EC8;CJK RADICAL C-SIMPLIFIED SPEECH;So;0;ON;;;;;N;;;;;
+2EC9;CJK RADICAL C-SIMPLIFIED SHELL;So;0;ON;;;;;N;;;;;
+2ECA;CJK RADICAL FOOT;So;0;ON;;;;;N;;;;;
+2ECB;CJK RADICAL C-SIMPLIFIED CART;So;0;ON;;;;;N;;;;;
+2ECC;CJK RADICAL SIMPLIFIED WALK;So;0;ON;;;;;N;;;;;
+2ECD;CJK RADICAL WALK ONE;So;0;ON;;;;;N;;;;;
+2ECE;CJK RADICAL WALK TWO;So;0;ON;;;;;N;;;;;
+2ECF;CJK RADICAL CITY;So;0;ON;;;;;N;;;;;
+2ED0;CJK RADICAL C-SIMPLIFIED GOLD;So;0;ON;;;;;N;;;;;
+2ED1;CJK RADICAL LONG ONE;So;0;ON;;;;;N;;;;;
+2ED2;CJK RADICAL LONG TWO;So;0;ON;;;;;N;;;;;
+2ED3;CJK RADICAL C-SIMPLIFIED LONG;So;0;ON;;;;;N;;;;;
+2ED4;CJK RADICAL C-SIMPLIFIED GATE;So;0;ON;;;;;N;;;;;
+2ED5;CJK RADICAL MOUND ONE;So;0;ON;;;;;N;;;;;
+2ED6;CJK RADICAL MOUND TWO;So;0;ON;;;;;N;;;;;
+2ED7;CJK RADICAL RAIN;So;0;ON;;;;;N;;;;;
+2ED8;CJK RADICAL BLUE;So;0;ON;;;;;N;;;;;
+2ED9;CJK RADICAL C-SIMPLIFIED TANNED LEATHER;So;0;ON;;;;;N;;;;;
+2EDA;CJK RADICAL C-SIMPLIFIED LEAF;So;0;ON;;;;;N;;;;;
+2EDB;CJK RADICAL C-SIMPLIFIED WIND;So;0;ON;;;;;N;;;;;
+2EDC;CJK RADICAL C-SIMPLIFIED FLY;So;0;ON;;;;;N;;;;;
+2EDD;CJK RADICAL EAT ONE;So;0;ON;;;;;N;;;;;
+2EDE;CJK RADICAL EAT TWO;So;0;ON;;;;;N;;;;;
+2EDF;CJK RADICAL EAT THREE;So;0;ON;;;;;N;;;;;
+2EE0;CJK RADICAL C-SIMPLIFIED EAT;So;0;ON;;;;;N;;;;;
+2EE1;CJK RADICAL HEAD;So;0;ON;;;;;N;;;;;
+2EE2;CJK RADICAL C-SIMPLIFIED HORSE;So;0;ON;;;;;N;;;;;
+2EE3;CJK RADICAL BONE;So;0;ON;;;;;N;;;;;
+2EE4;CJK RADICAL GHOST;So;0;ON;;;;;N;;;;;
+2EE5;CJK RADICAL C-SIMPLIFIED FISH;So;0;ON;;;;;N;;;;;
+2EE6;CJK RADICAL C-SIMPLIFIED BIRD;So;0;ON;;;;;N;;;;;
+2EE7;CJK RADICAL C-SIMPLIFIED SALT;So;0;ON;;;;;N;;;;;
+2EE8;CJK RADICAL SIMPLIFIED WHEAT;So;0;ON;;;;;N;;;;;
+2EE9;CJK RADICAL SIMPLIFIED YELLOW;So;0;ON;;;;;N;;;;;
+2EEA;CJK RADICAL C-SIMPLIFIED FROG;So;0;ON;;;;;N;;;;;
+2EEB;CJK RADICAL J-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;;
+2EEC;CJK RADICAL C-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;;
+2EED;CJK RADICAL J-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;;
+2EEE;CJK RADICAL C-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;;
+2EEF;CJK RADICAL J-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;;
+2EF0;CJK RADICAL C-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;;
+2EF1;CJK RADICAL TURTLE;So;0;ON;;;;;N;;;;;
+2EF2;CJK RADICAL J-SIMPLIFIED TURTLE;So;0;ON;;;;;N;;;;;
+2EF3;CJK RADICAL C-SIMPLIFIED TURTLE;So;0;ON;<compat> 9F9F;;;;N;;;;;
+2F00;KANGXI RADICAL ONE;So;0;ON;<compat> 4E00;;;;N;;;;;
+2F01;KANGXI RADICAL LINE;So;0;ON;<compat> 4E28;;;;N;;;;;
+2F02;KANGXI RADICAL DOT;So;0;ON;<compat> 4E36;;;;N;;;;;
+2F03;KANGXI RADICAL SLASH;So;0;ON;<compat> 4E3F;;;;N;;;;;
+2F04;KANGXI RADICAL SECOND;So;0;ON;<compat> 4E59;;;;N;;;;;
+2F05;KANGXI RADICAL HOOK;So;0;ON;<compat> 4E85;;;;N;;;;;
+2F06;KANGXI RADICAL TWO;So;0;ON;<compat> 4E8C;;;;N;;;;;
+2F07;KANGXI RADICAL LID;So;0;ON;<compat> 4EA0;;;;N;;;;;
+2F08;KANGXI RADICAL MAN;So;0;ON;<compat> 4EBA;;;;N;;;;;
+2F09;KANGXI RADICAL LEGS;So;0;ON;<compat> 513F;;;;N;;;;;
+2F0A;KANGXI RADICAL ENTER;So;0;ON;<compat> 5165;;;;N;;;;;
+2F0B;KANGXI RADICAL EIGHT;So;0;ON;<compat> 516B;;;;N;;;;;
+2F0C;KANGXI RADICAL DOWN BOX;So;0;ON;<compat> 5182;;;;N;;;;;
+2F0D;KANGXI RADICAL COVER;So;0;ON;<compat> 5196;;;;N;;;;;
+2F0E;KANGXI RADICAL ICE;So;0;ON;<compat> 51AB;;;;N;;;;;
+2F0F;KANGXI RADICAL TABLE;So;0;ON;<compat> 51E0;;;;N;;;;;
+2F10;KANGXI RADICAL OPEN BOX;So;0;ON;<compat> 51F5;;;;N;;;;;
+2F11;KANGXI RADICAL KNIFE;So;0;ON;<compat> 5200;;;;N;;;;;
+2F12;KANGXI RADICAL POWER;So;0;ON;<compat> 529B;;;;N;;;;;
+2F13;KANGXI RADICAL WRAP;So;0;ON;<compat> 52F9;;;;N;;;;;
+2F14;KANGXI RADICAL SPOON;So;0;ON;<compat> 5315;;;;N;;;;;
+2F15;KANGXI RADICAL RIGHT OPEN BOX;So;0;ON;<compat> 531A;;;;N;;;;;
+2F16;KANGXI RADICAL HIDING ENCLOSURE;So;0;ON;<compat> 5338;;;;N;;;;;
+2F17;KANGXI RADICAL TEN;So;0;ON;<compat> 5341;;;;N;;;;;
+2F18;KANGXI RADICAL DIVINATION;So;0;ON;<compat> 535C;;;;N;;;;;
+2F19;KANGXI RADICAL SEAL;So;0;ON;<compat> 5369;;;;N;;;;;
+2F1A;KANGXI RADICAL CLIFF;So;0;ON;<compat> 5382;;;;N;;;;;
+2F1B;KANGXI RADICAL PRIVATE;So;0;ON;<compat> 53B6;;;;N;;;;;
+2F1C;KANGXI RADICAL AGAIN;So;0;ON;<compat> 53C8;;;;N;;;;;
+2F1D;KANGXI RADICAL MOUTH;So;0;ON;<compat> 53E3;;;;N;;;;;
+2F1E;KANGXI RADICAL ENCLOSURE;So;0;ON;<compat> 56D7;;;;N;;;;;
+2F1F;KANGXI RADICAL EARTH;So;0;ON;<compat> 571F;;;;N;;;;;
+2F20;KANGXI RADICAL SCHOLAR;So;0;ON;<compat> 58EB;;;;N;;;;;
+2F21;KANGXI RADICAL GO;So;0;ON;<compat> 5902;;;;N;;;;;
+2F22;KANGXI RADICAL GO SLOWLY;So;0;ON;<compat> 590A;;;;N;;;;;
+2F23;KANGXI RADICAL EVENING;So;0;ON;<compat> 5915;;;;N;;;;;
+2F24;KANGXI RADICAL BIG;So;0;ON;<compat> 5927;;;;N;;;;;
+2F25;KANGXI RADICAL WOMAN;So;0;ON;<compat> 5973;;;;N;;;;;
+2F26;KANGXI RADICAL CHILD;So;0;ON;<compat> 5B50;;;;N;;;;;
+2F27;KANGXI RADICAL ROOF;So;0;ON;<compat> 5B80;;;;N;;;;;
+2F28;KANGXI RADICAL INCH;So;0;ON;<compat> 5BF8;;;;N;;;;;
+2F29;KANGXI RADICAL SMALL;So;0;ON;<compat> 5C0F;;;;N;;;;;
+2F2A;KANGXI RADICAL LAME;So;0;ON;<compat> 5C22;;;;N;;;;;
+2F2B;KANGXI RADICAL CORPSE;So;0;ON;<compat> 5C38;;;;N;;;;;
+2F2C;KANGXI RADICAL SPROUT;So;0;ON;<compat> 5C6E;;;;N;;;;;
+2F2D;KANGXI RADICAL MOUNTAIN;So;0;ON;<compat> 5C71;;;;N;;;;;
+2F2E;KANGXI RADICAL RIVER;So;0;ON;<compat> 5DDB;;;;N;;;;;
+2F2F;KANGXI RADICAL WORK;So;0;ON;<compat> 5DE5;;;;N;;;;;
+2F30;KANGXI RADICAL ONESELF;So;0;ON;<compat> 5DF1;;;;N;;;;;
+2F31;KANGXI RADICAL TURBAN;So;0;ON;<compat> 5DFE;;;;N;;;;;
+2F32;KANGXI RADICAL DRY;So;0;ON;<compat> 5E72;;;;N;;;;;
+2F33;KANGXI RADICAL SHORT THREAD;So;0;ON;<compat> 5E7A;;;;N;;;;;
+2F34;KANGXI RADICAL DOTTED CLIFF;So;0;ON;<compat> 5E7F;;;;N;;;;;
+2F35;KANGXI RADICAL LONG STRIDE;So;0;ON;<compat> 5EF4;;;;N;;;;;
+2F36;KANGXI RADICAL TWO HANDS;So;0;ON;<compat> 5EFE;;;;N;;;;;
+2F37;KANGXI RADICAL SHOOT;So;0;ON;<compat> 5F0B;;;;N;;;;;
+2F38;KANGXI RADICAL BOW;So;0;ON;<compat> 5F13;;;;N;;;;;
+2F39;KANGXI RADICAL SNOUT;So;0;ON;<compat> 5F50;;;;N;;;;;
+2F3A;KANGXI RADICAL BRISTLE;So;0;ON;<compat> 5F61;;;;N;;;;;
+2F3B;KANGXI RADICAL STEP;So;0;ON;<compat> 5F73;;;;N;;;;;
+2F3C;KANGXI RADICAL HEART;So;0;ON;<compat> 5FC3;;;;N;;;;;
+2F3D;KANGXI RADICAL HALBERD;So;0;ON;<compat> 6208;;;;N;;;;;
+2F3E;KANGXI RADICAL DOOR;So;0;ON;<compat> 6236;;;;N;;;;;
+2F3F;KANGXI RADICAL HAND;So;0;ON;<compat> 624B;;;;N;;;;;
+2F40;KANGXI RADICAL BRANCH;So;0;ON;<compat> 652F;;;;N;;;;;
+2F41;KANGXI RADICAL RAP;So;0;ON;<compat> 6534;;;;N;;;;;
+2F42;KANGXI RADICAL SCRIPT;So;0;ON;<compat> 6587;;;;N;;;;;
+2F43;KANGXI RADICAL DIPPER;So;0;ON;<compat> 6597;;;;N;;;;;
+2F44;KANGXI RADICAL AXE;So;0;ON;<compat> 65A4;;;;N;;;;;
+2F45;KANGXI RADICAL SQUARE;So;0;ON;<compat> 65B9;;;;N;;;;;
+2F46;KANGXI RADICAL NOT;So;0;ON;<compat> 65E0;;;;N;;;;;
+2F47;KANGXI RADICAL SUN;So;0;ON;<compat> 65E5;;;;N;;;;;
+2F48;KANGXI RADICAL SAY;So;0;ON;<compat> 66F0;;;;N;;;;;
+2F49;KANGXI RADICAL MOON;So;0;ON;<compat> 6708;;;;N;;;;;
+2F4A;KANGXI RADICAL TREE;So;0;ON;<compat> 6728;;;;N;;;;;
+2F4B;KANGXI RADICAL LACK;So;0;ON;<compat> 6B20;;;;N;;;;;
+2F4C;KANGXI RADICAL STOP;So;0;ON;<compat> 6B62;;;;N;;;;;
+2F4D;KANGXI RADICAL DEATH;So;0;ON;<compat> 6B79;;;;N;;;;;
+2F4E;KANGXI RADICAL WEAPON;So;0;ON;<compat> 6BB3;;;;N;;;;;
+2F4F;KANGXI RADICAL DO NOT;So;0;ON;<compat> 6BCB;;;;N;;;;;
+2F50;KANGXI RADICAL COMPARE;So;0;ON;<compat> 6BD4;;;;N;;;;;
+2F51;KANGXI RADICAL FUR;So;0;ON;<compat> 6BDB;;;;N;;;;;
+2F52;KANGXI RADICAL CLAN;So;0;ON;<compat> 6C0F;;;;N;;;;;
+2F53;KANGXI RADICAL STEAM;So;0;ON;<compat> 6C14;;;;N;;;;;
+2F54;KANGXI RADICAL WATER;So;0;ON;<compat> 6C34;;;;N;;;;;
+2F55;KANGXI RADICAL FIRE;So;0;ON;<compat> 706B;;;;N;;;;;
+2F56;KANGXI RADICAL CLAW;So;0;ON;<compat> 722A;;;;N;;;;;
+2F57;KANGXI RADICAL FATHER;So;0;ON;<compat> 7236;;;;N;;;;;
+2F58;KANGXI RADICAL DOUBLE X;So;0;ON;<compat> 723B;;;;N;;;;;
+2F59;KANGXI RADICAL HALF TREE TRUNK;So;0;ON;<compat> 723F;;;;N;;;;;
+2F5A;KANGXI RADICAL SLICE;So;0;ON;<compat> 7247;;;;N;;;;;
+2F5B;KANGXI RADICAL FANG;So;0;ON;<compat> 7259;;;;N;;;;;
+2F5C;KANGXI RADICAL COW;So;0;ON;<compat> 725B;;;;N;;;;;
+2F5D;KANGXI RADICAL DOG;So;0;ON;<compat> 72AC;;;;N;;;;;
+2F5E;KANGXI RADICAL PROFOUND;So;0;ON;<compat> 7384;;;;N;;;;;
+2F5F;KANGXI RADICAL JADE;So;0;ON;<compat> 7389;;;;N;;;;;
+2F60;KANGXI RADICAL MELON;So;0;ON;<compat> 74DC;;;;N;;;;;
+2F61;KANGXI RADICAL TILE;So;0;ON;<compat> 74E6;;;;N;;;;;
+2F62;KANGXI RADICAL SWEET;So;0;ON;<compat> 7518;;;;N;;;;;
+2F63;KANGXI RADICAL LIFE;So;0;ON;<compat> 751F;;;;N;;;;;
+2F64;KANGXI RADICAL USE;So;0;ON;<compat> 7528;;;;N;;;;;
+2F65;KANGXI RADICAL FIELD;So;0;ON;<compat> 7530;;;;N;;;;;
+2F66;KANGXI RADICAL BOLT OF CLOTH;So;0;ON;<compat> 758B;;;;N;;;;;
+2F67;KANGXI RADICAL SICKNESS;So;0;ON;<compat> 7592;;;;N;;;;;
+2F68;KANGXI RADICAL DOTTED TENT;So;0;ON;<compat> 7676;;;;N;;;;;
+2F69;KANGXI RADICAL WHITE;So;0;ON;<compat> 767D;;;;N;;;;;
+2F6A;KANGXI RADICAL SKIN;So;0;ON;<compat> 76AE;;;;N;;;;;
+2F6B;KANGXI RADICAL DISH;So;0;ON;<compat> 76BF;;;;N;;;;;
+2F6C;KANGXI RADICAL EYE;So;0;ON;<compat> 76EE;;;;N;;;;;
+2F6D;KANGXI RADICAL SPEAR;So;0;ON;<compat> 77DB;;;;N;;;;;
+2F6E;KANGXI RADICAL ARROW;So;0;ON;<compat> 77E2;;;;N;;;;;
+2F6F;KANGXI RADICAL STONE;So;0;ON;<compat> 77F3;;;;N;;;;;
+2F70;KANGXI RADICAL SPIRIT;So;0;ON;<compat> 793A;;;;N;;;;;
+2F71;KANGXI RADICAL TRACK;So;0;ON;<compat> 79B8;;;;N;;;;;
+2F72;KANGXI RADICAL GRAIN;So;0;ON;<compat> 79BE;;;;N;;;;;
+2F73;KANGXI RADICAL CAVE;So;0;ON;<compat> 7A74;;;;N;;;;;
+2F74;KANGXI RADICAL STAND;So;0;ON;<compat> 7ACB;;;;N;;;;;
+2F75;KANGXI RADICAL BAMBOO;So;0;ON;<compat> 7AF9;;;;N;;;;;
+2F76;KANGXI RADICAL RICE;So;0;ON;<compat> 7C73;;;;N;;;;;
+2F77;KANGXI RADICAL SILK;So;0;ON;<compat> 7CF8;;;;N;;;;;
+2F78;KANGXI RADICAL JAR;So;0;ON;<compat> 7F36;;;;N;;;;;
+2F79;KANGXI RADICAL NET;So;0;ON;<compat> 7F51;;;;N;;;;;
+2F7A;KANGXI RADICAL SHEEP;So;0;ON;<compat> 7F8A;;;;N;;;;;
+2F7B;KANGXI RADICAL FEATHER;So;0;ON;<compat> 7FBD;;;;N;;;;;
+2F7C;KANGXI RADICAL OLD;So;0;ON;<compat> 8001;;;;N;;;;;
+2F7D;KANGXI RADICAL AND;So;0;ON;<compat> 800C;;;;N;;;;;
+2F7E;KANGXI RADICAL PLOW;So;0;ON;<compat> 8012;;;;N;;;;;
+2F7F;KANGXI RADICAL EAR;So;0;ON;<compat> 8033;;;;N;;;;;
+2F80;KANGXI RADICAL BRUSH;So;0;ON;<compat> 807F;;;;N;;;;;
+2F81;KANGXI RADICAL MEAT;So;0;ON;<compat> 8089;;;;N;;;;;
+2F82;KANGXI RADICAL MINISTER;So;0;ON;<compat> 81E3;;;;N;;;;;
+2F83;KANGXI RADICAL SELF;So;0;ON;<compat> 81EA;;;;N;;;;;
+2F84;KANGXI RADICAL ARRIVE;So;0;ON;<compat> 81F3;;;;N;;;;;
+2F85;KANGXI RADICAL MORTAR;So;0;ON;<compat> 81FC;;;;N;;;;;
+2F86;KANGXI RADICAL TONGUE;So;0;ON;<compat> 820C;;;;N;;;;;
+2F87;KANGXI RADICAL OPPOSE;So;0;ON;<compat> 821B;;;;N;;;;;
+2F88;KANGXI RADICAL BOAT;So;0;ON;<compat> 821F;;;;N;;;;;
+2F89;KANGXI RADICAL STOPPING;So;0;ON;<compat> 826E;;;;N;;;;;
+2F8A;KANGXI RADICAL COLOR;So;0;ON;<compat> 8272;;;;N;;;;;
+2F8B;KANGXI RADICAL GRASS;So;0;ON;<compat> 8278;;;;N;;;;;
+2F8C;KANGXI RADICAL TIGER;So;0;ON;<compat> 864D;;;;N;;;;;
+2F8D;KANGXI RADICAL INSECT;So;0;ON;<compat> 866B;;;;N;;;;;
+2F8E;KANGXI RADICAL BLOOD;So;0;ON;<compat> 8840;;;;N;;;;;
+2F8F;KANGXI RADICAL WALK ENCLOSURE;So;0;ON;<compat> 884C;;;;N;;;;;
+2F90;KANGXI RADICAL CLOTHES;So;0;ON;<compat> 8863;;;;N;;;;;
+2F91;KANGXI RADICAL WEST;So;0;ON;<compat> 897E;;;;N;;;;;
+2F92;KANGXI RADICAL SEE;So;0;ON;<compat> 898B;;;;N;;;;;
+2F93;KANGXI RADICAL HORN;So;0;ON;<compat> 89D2;;;;N;;;;;
+2F94;KANGXI RADICAL SPEECH;So;0;ON;<compat> 8A00;;;;N;;;;;
+2F95;KANGXI RADICAL VALLEY;So;0;ON;<compat> 8C37;;;;N;;;;;
+2F96;KANGXI RADICAL BEAN;So;0;ON;<compat> 8C46;;;;N;;;;;
+2F97;KANGXI RADICAL PIG;So;0;ON;<compat> 8C55;;;;N;;;;;
+2F98;KANGXI RADICAL BADGER;So;0;ON;<compat> 8C78;;;;N;;;;;
+2F99;KANGXI RADICAL SHELL;So;0;ON;<compat> 8C9D;;;;N;;;;;
+2F9A;KANGXI RADICAL RED;So;0;ON;<compat> 8D64;;;;N;;;;;
+2F9B;KANGXI RADICAL RUN;So;0;ON;<compat> 8D70;;;;N;;;;;
+2F9C;KANGXI RADICAL FOOT;So;0;ON;<compat> 8DB3;;;;N;;;;;
+2F9D;KANGXI RADICAL BODY;So;0;ON;<compat> 8EAB;;;;N;;;;;
+2F9E;KANGXI RADICAL CART;So;0;ON;<compat> 8ECA;;;;N;;;;;
+2F9F;KANGXI RADICAL BITTER;So;0;ON;<compat> 8F9B;;;;N;;;;;
+2FA0;KANGXI RADICAL MORNING;So;0;ON;<compat> 8FB0;;;;N;;;;;
+2FA1;KANGXI RADICAL WALK;So;0;ON;<compat> 8FB5;;;;N;;;;;
+2FA2;KANGXI RADICAL CITY;So;0;ON;<compat> 9091;;;;N;;;;;
+2FA3;KANGXI RADICAL WINE;So;0;ON;<compat> 9149;;;;N;;;;;
+2FA4;KANGXI RADICAL DISTINGUISH;So;0;ON;<compat> 91C6;;;;N;;;;;
+2FA5;KANGXI RADICAL VILLAGE;So;0;ON;<compat> 91CC;;;;N;;;;;
+2FA6;KANGXI RADICAL GOLD;So;0;ON;<compat> 91D1;;;;N;;;;;
+2FA7;KANGXI RADICAL LONG;So;0;ON;<compat> 9577;;;;N;;;;;
+2FA8;KANGXI RADICAL GATE;So;0;ON;<compat> 9580;;;;N;;;;;
+2FA9;KANGXI RADICAL MOUND;So;0;ON;<compat> 961C;;;;N;;;;;
+2FAA;KANGXI RADICAL SLAVE;So;0;ON;<compat> 96B6;;;;N;;;;;
+2FAB;KANGXI RADICAL SHORT TAILED BIRD;So;0;ON;<compat> 96B9;;;;N;;;;;
+2FAC;KANGXI RADICAL RAIN;So;0;ON;<compat> 96E8;;;;N;;;;;
+2FAD;KANGXI RADICAL BLUE;So;0;ON;<compat> 9751;;;;N;;;;;
+2FAE;KANGXI RADICAL WRONG;So;0;ON;<compat> 975E;;;;N;;;;;
+2FAF;KANGXI RADICAL FACE;So;0;ON;<compat> 9762;;;;N;;;;;
+2FB0;KANGXI RADICAL LEATHER;So;0;ON;<compat> 9769;;;;N;;;;;
+2FB1;KANGXI RADICAL TANNED LEATHER;So;0;ON;<compat> 97CB;;;;N;;;;;
+2FB2;KANGXI RADICAL LEEK;So;0;ON;<compat> 97ED;;;;N;;;;;
+2FB3;KANGXI RADICAL SOUND;So;0;ON;<compat> 97F3;;;;N;;;;;
+2FB4;KANGXI RADICAL LEAF;So;0;ON;<compat> 9801;;;;N;;;;;
+2FB5;KANGXI RADICAL WIND;So;0;ON;<compat> 98A8;;;;N;;;;;
+2FB6;KANGXI RADICAL FLY;So;0;ON;<compat> 98DB;;;;N;;;;;
+2FB7;KANGXI RADICAL EAT;So;0;ON;<compat> 98DF;;;;N;;;;;
+2FB8;KANGXI RADICAL HEAD;So;0;ON;<compat> 9996;;;;N;;;;;
+2FB9;KANGXI RADICAL FRAGRANT;So;0;ON;<compat> 9999;;;;N;;;;;
+2FBA;KANGXI RADICAL HORSE;So;0;ON;<compat> 99AC;;;;N;;;;;
+2FBB;KANGXI RADICAL BONE;So;0;ON;<compat> 9AA8;;;;N;;;;;
+2FBC;KANGXI RADICAL TALL;So;0;ON;<compat> 9AD8;;;;N;;;;;
+2FBD;KANGXI RADICAL HAIR;So;0;ON;<compat> 9ADF;;;;N;;;;;
+2FBE;KANGXI RADICAL FIGHT;So;0;ON;<compat> 9B25;;;;N;;;;;
+2FBF;KANGXI RADICAL SACRIFICIAL WINE;So;0;ON;<compat> 9B2F;;;;N;;;;;
+2FC0;KANGXI RADICAL CAULDRON;So;0;ON;<compat> 9B32;;;;N;;;;;
+2FC1;KANGXI RADICAL GHOST;So;0;ON;<compat> 9B3C;;;;N;;;;;
+2FC2;KANGXI RADICAL FISH;So;0;ON;<compat> 9B5A;;;;N;;;;;
+2FC3;KANGXI RADICAL BIRD;So;0;ON;<compat> 9CE5;;;;N;;;;;
+2FC4;KANGXI RADICAL SALT;So;0;ON;<compat> 9E75;;;;N;;;;;
+2FC5;KANGXI RADICAL DEER;So;0;ON;<compat> 9E7F;;;;N;;;;;
+2FC6;KANGXI RADICAL WHEAT;So;0;ON;<compat> 9EA5;;;;N;;;;;
+2FC7;KANGXI RADICAL HEMP;So;0;ON;<compat> 9EBB;;;;N;;;;;
+2FC8;KANGXI RADICAL YELLOW;So;0;ON;<compat> 9EC3;;;;N;;;;;
+2FC9;KANGXI RADICAL MILLET;So;0;ON;<compat> 9ECD;;;;N;;;;;
+2FCA;KANGXI RADICAL BLACK;So;0;ON;<compat> 9ED1;;;;N;;;;;
+2FCB;KANGXI RADICAL EMBROIDERY;So;0;ON;<compat> 9EF9;;;;N;;;;;
+2FCC;KANGXI RADICAL FROG;So;0;ON;<compat> 9EFD;;;;N;;;;;
+2FCD;KANGXI RADICAL TRIPOD;So;0;ON;<compat> 9F0E;;;;N;;;;;
+2FCE;KANGXI RADICAL DRUM;So;0;ON;<compat> 9F13;;;;N;;;;;
+2FCF;KANGXI RADICAL RAT;So;0;ON;<compat> 9F20;;;;N;;;;;
+2FD0;KANGXI RADICAL NOSE;So;0;ON;<compat> 9F3B;;;;N;;;;;
+2FD1;KANGXI RADICAL EVEN;So;0;ON;<compat> 9F4A;;;;N;;;;;
+2FD2;KANGXI RADICAL TOOTH;So;0;ON;<compat> 9F52;;;;N;;;;;
+2FD3;KANGXI RADICAL DRAGON;So;0;ON;<compat> 9F8D;;;;N;;;;;
+2FD4;KANGXI RADICAL TURTLE;So;0;ON;<compat> 9F9C;;;;N;;;;;
+2FD5;KANGXI RADICAL FLUTE;So;0;ON;<compat> 9FA0;;;;N;;;;;
+2FF0;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT;So;0;ON;;;;;N;;;;;
+2FF1;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO BELOW;So;0;ON;;;;;N;;;;;
+2FF2;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO MIDDLE AND RIGHT;So;0;ON;;;;;N;;;;;
+2FF3;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO MIDDLE AND BELOW;So;0;ON;;;;;N;;;;;
+2FF4;IDEOGRAPHIC DESCRIPTION CHARACTER FULL SURROUND;So;0;ON;;;;;N;;;;;
+2FF5;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM ABOVE;So;0;ON;;;;;N;;;;;
+2FF6;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM BELOW;So;0;ON;;;;;N;;;;;
+2FF7;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LEFT;So;0;ON;;;;;N;;;;;
+2FF8;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER LEFT;So;0;ON;;;;;N;;;;;
+2FF9;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER RIGHT;So;0;ON;;;;;N;;;;;
+2FFA;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LOWER LEFT;So;0;ON;;;;;N;;;;;
+2FFB;IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID;So;0;ON;;;;;N;;;;;
+3000;IDEOGRAPHIC SPACE;Zs;0;WS;<wide> 0020;;;;N;;;;;
+3001;IDEOGRAPHIC COMMA;Po;0;ON;;;;;N;;;;;
+3002;IDEOGRAPHIC FULL STOP;Po;0;ON;;;;;N;IDEOGRAPHIC PERIOD;;;;
+3003;DITTO MARK;Po;0;ON;;;;;N;;;;;
+3004;JAPANESE INDUSTRIAL STANDARD SYMBOL;So;0;ON;;;;;N;;;;;
+3005;IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;;
+3006;IDEOGRAPHIC CLOSING MARK;Lo;0;L;;;;;N;;;;;
+3007;IDEOGRAPHIC NUMBER ZERO;Nl;0;L;;;;0;N;;;;;
+3008;LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING ANGLE BRACKET;;;;
+3009;RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING ANGLE BRACKET;;;;
+300A;LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING DOUBLE ANGLE BRACKET;;;;
+300B;RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING DOUBLE ANGLE BRACKET;;;;
+300C;LEFT CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING CORNER BRACKET;;;;
+300D;RIGHT CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING CORNER BRACKET;;;;
+300E;LEFT WHITE CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE CORNER BRACKET;;;;
+300F;RIGHT WHITE CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE CORNER BRACKET;;;;
+3010;LEFT BLACK LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING BLACK LENTICULAR BRACKET;;;;
+3011;RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING BLACK LENTICULAR BRACKET;;;;
+3012;POSTAL MARK;So;0;ON;;;;;N;;;;;
+3013;GETA MARK;So;0;ON;;;;;N;;;;;
+3014;LEFT TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING TORTOISE SHELL BRACKET;;;;
+3015;RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING TORTOISE SHELL BRACKET;;;;
+3016;LEFT WHITE LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE LENTICULAR BRACKET;;;;
+3017;RIGHT WHITE LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE LENTICULAR BRACKET;;;;
+3018;LEFT WHITE TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE TORTOISE SHELL BRACKET;;;;
+3019;RIGHT WHITE TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE TORTOISE SHELL BRACKET;;;;
+301A;LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE SQUARE BRACKET;;;;
+301B;RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE SQUARE BRACKET;;;;
+301C;WAVE DASH;Pd;0;ON;;;;;N;;;;;
+301D;REVERSED DOUBLE PRIME QUOTATION MARK;Ps;0;ON;;;;;N;;;;;
+301E;DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;;
+301F;LOW DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;;
+3020;POSTAL MARK FACE;So;0;ON;;;;;N;;;;;
+3021;HANGZHOU NUMERAL ONE;Nl;0;L;;;;1;N;;;;;
+3022;HANGZHOU NUMERAL TWO;Nl;0;L;;;;2;N;;;;;
+3023;HANGZHOU NUMERAL THREE;Nl;0;L;;;;3;N;;;;;
+3024;HANGZHOU NUMERAL FOUR;Nl;0;L;;;;4;N;;;;;
+3025;HANGZHOU NUMERAL FIVE;Nl;0;L;;;;5;N;;;;;
+3026;HANGZHOU NUMERAL SIX;Nl;0;L;;;;6;N;;;;;
+3027;HANGZHOU NUMERAL SEVEN;Nl;0;L;;;;7;N;;;;;
+3028;HANGZHOU NUMERAL EIGHT;Nl;0;L;;;;8;N;;;;;
+3029;HANGZHOU NUMERAL NINE;Nl;0;L;;;;9;N;;;;;
+302A;IDEOGRAPHIC LEVEL TONE MARK;Mn;218;NSM;;;;;N;;;;;
+302B;IDEOGRAPHIC RISING TONE MARK;Mn;228;NSM;;;;;N;;;;;
+302C;IDEOGRAPHIC DEPARTING TONE MARK;Mn;232;NSM;;;;;N;;;;;
+302D;IDEOGRAPHIC ENTERING TONE MARK;Mn;222;NSM;;;;;N;;;;;
+302E;HANGUL SINGLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;;
+302F;HANGUL DOUBLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;;
+3030;WAVY DASH;Pd;0;ON;;;;;N;;;;;
+3031;VERTICAL KANA REPEAT MARK;Lm;0;L;;;;;N;;;;;
+3032;VERTICAL KANA REPEAT WITH VOICED SOUND MARK;Lm;0;L;;;;;N;;;;;
+3033;VERTICAL KANA REPEAT MARK UPPER HALF;Lm;0;L;;;;;N;;;;;
+3034;VERTICAL KANA REPEAT WITH VOICED SOUND MARK UPPER HALF;Lm;0;L;;;;;N;;;;;
+3035;VERTICAL KANA REPEAT MARK LOWER HALF;Lm;0;L;;;;;N;;;;;
+3036;CIRCLED POSTAL MARK;So;0;ON;<compat> 3012;;;;N;;;;;
+3037;IDEOGRAPHIC TELEGRAPH LINE FEED SEPARATOR SYMBOL;So;0;ON;;;;;N;;;;;
+3038;HANGZHOU NUMERAL TEN;Nl;0;L;<compat> 5341;;;10;N;;;;;
+3039;HANGZHOU NUMERAL TWENTY;Nl;0;L;<compat> 5344;;;20;N;;;;;
+303A;HANGZHOU NUMERAL THIRTY;Nl;0;L;<compat> 5345;;;30;N;;;;;
+303B;VERTICAL IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;;
+303C;MASU MARK;Lo;0;L;;;;;N;;;;;
+303D;PART ALTERNATION MARK;Po;0;ON;;;;;N;;;;;
+303E;IDEOGRAPHIC VARIATION INDICATOR;So;0;ON;;;;;N;;;;;
+303F;IDEOGRAPHIC HALF FILL SPACE;So;0;ON;;;;;N;;;;;
+3041;HIRAGANA LETTER SMALL A;Lo;0;L;;;;;N;;;;;
+3042;HIRAGANA LETTER A;Lo;0;L;;;;;N;;;;;
+3043;HIRAGANA LETTER SMALL I;Lo;0;L;;;;;N;;;;;
+3044;HIRAGANA LETTER I;Lo;0;L;;;;;N;;;;;
+3045;HIRAGANA LETTER SMALL U;Lo;0;L;;;;;N;;;;;
+3046;HIRAGANA LETTER U;Lo;0;L;;;;;N;;;;;
+3047;HIRAGANA LETTER SMALL E;Lo;0;L;;;;;N;;;;;
+3048;HIRAGANA LETTER E;Lo;0;L;;;;;N;;;;;
+3049;HIRAGANA LETTER SMALL O;Lo;0;L;;;;;N;;;;;
+304A;HIRAGANA LETTER O;Lo;0;L;;;;;N;;;;;
+304B;HIRAGANA LETTER KA;Lo;0;L;;;;;N;;;;;
+304C;HIRAGANA LETTER GA;Lo;0;L;304B 3099;;;;N;;;;;
+304D;HIRAGANA LETTER KI;Lo;0;L;;;;;N;;;;;
+304E;HIRAGANA LETTER GI;Lo;0;L;304D 3099;;;;N;;;;;
+304F;HIRAGANA LETTER KU;Lo;0;L;;;;;N;;;;;
+3050;HIRAGANA LETTER GU;Lo;0;L;304F 3099;;;;N;;;;;
+3051;HIRAGANA LETTER KE;Lo;0;L;;;;;N;;;;;
+3052;HIRAGANA LETTER GE;Lo;0;L;3051 3099;;;;N;;;;;
+3053;HIRAGANA LETTER KO;Lo;0;L;;;;;N;;;;;
+3054;HIRAGANA LETTER GO;Lo;0;L;3053 3099;;;;N;;;;;
+3055;HIRAGANA LETTER SA;Lo;0;L;;;;;N;;;;;
+3056;HIRAGANA LETTER ZA;Lo;0;L;3055 3099;;;;N;;;;;
+3057;HIRAGANA LETTER SI;Lo;0;L;;;;;N;;;;;
+3058;HIRAGANA LETTER ZI;Lo;0;L;3057 3099;;;;N;;;;;
+3059;HIRAGANA LETTER SU;Lo;0;L;;;;;N;;;;;
+305A;HIRAGANA LETTER ZU;Lo;0;L;3059 3099;;;;N;;;;;
+305B;HIRAGANA LETTER SE;Lo;0;L;;;;;N;;;;;
+305C;HIRAGANA LETTER ZE;Lo;0;L;305B 3099;;;;N;;;;;
+305D;HIRAGANA LETTER SO;Lo;0;L;;;;;N;;;;;
+305E;HIRAGANA LETTER ZO;Lo;0;L;305D 3099;;;;N;;;;;
+305F;HIRAGANA LETTER TA;Lo;0;L;;;;;N;;;;;
+3060;HIRAGANA LETTER DA;Lo;0;L;305F 3099;;;;N;;;;;
+3061;HIRAGANA LETTER TI;Lo;0;L;;;;;N;;;;;
+3062;HIRAGANA LETTER DI;Lo;0;L;3061 3099;;;;N;;;;;
+3063;HIRAGANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;;
+3064;HIRAGANA LETTER TU;Lo;0;L;;;;;N;;;;;
+3065;HIRAGANA LETTER DU;Lo;0;L;3064 3099;;;;N;;;;;
+3066;HIRAGANA LETTER TE;Lo;0;L;;;;;N;;;;;
+3067;HIRAGANA LETTER DE;Lo;0;L;3066 3099;;;;N;;;;;
+3068;HIRAGANA LETTER TO;Lo;0;L;;;;;N;;;;;
+3069;HIRAGANA LETTER DO;Lo;0;L;3068 3099;;;;N;;;;;
+306A;HIRAGANA LETTER NA;Lo;0;L;;;;;N;;;;;
+306B;HIRAGANA LETTER NI;Lo;0;L;;;;;N;;;;;
+306C;HIRAGANA LETTER NU;Lo;0;L;;;;;N;;;;;
+306D;HIRAGANA LETTER NE;Lo;0;L;;;;;N;;;;;
+306E;HIRAGANA LETTER NO;Lo;0;L;;;;;N;;;;;
+306F;HIRAGANA LETTER HA;Lo;0;L;;;;;N;;;;;
+3070;HIRAGANA LETTER BA;Lo;0;L;306F 3099;;;;N;;;;;
+3071;HIRAGANA LETTER PA;Lo;0;L;306F 309A;;;;N;;;;;
+3072;HIRAGANA LETTER HI;Lo;0;L;;;;;N;;;;;
+3073;HIRAGANA LETTER BI;Lo;0;L;3072 3099;;;;N;;;;;
+3074;HIRAGANA LETTER PI;Lo;0;L;3072 309A;;;;N;;;;;
+3075;HIRAGANA LETTER HU;Lo;0;L;;;;;N;;;;;
+3076;HIRAGANA LETTER BU;Lo;0;L;3075 3099;;;;N;;;;;
+3077;HIRAGANA LETTER PU;Lo;0;L;3075 309A;;;;N;;;;;
+3078;HIRAGANA LETTER HE;Lo;0;L;;;;;N;;;;;
+3079;HIRAGANA LETTER BE;Lo;0;L;3078 3099;;;;N;;;;;
+307A;HIRAGANA LETTER PE;Lo;0;L;3078 309A;;;;N;;;;;
+307B;HIRAGANA LETTER HO;Lo;0;L;;;;;N;;;;;
+307C;HIRAGANA LETTER BO;Lo;0;L;307B 3099;;;;N;;;;;
+307D;HIRAGANA LETTER PO;Lo;0;L;307B 309A;;;;N;;;;;
+307E;HIRAGANA LETTER MA;Lo;0;L;;;;;N;;;;;
+307F;HIRAGANA LETTER MI;Lo;0;L;;;;;N;;;;;
+3080;HIRAGANA LETTER MU;Lo;0;L;;;;;N;;;;;
+3081;HIRAGANA LETTER ME;Lo;0;L;;;;;N;;;;;
+3082;HIRAGANA LETTER MO;Lo;0;L;;;;;N;;;;;
+3083;HIRAGANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;;
+3084;HIRAGANA LETTER YA;Lo;0;L;;;;;N;;;;;
+3085;HIRAGANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;;
+3086;HIRAGANA LETTER YU;Lo;0;L;;;;;N;;;;;
+3087;HIRAGANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;;
+3088;HIRAGANA LETTER YO;Lo;0;L;;;;;N;;;;;
+3089;HIRAGANA LETTER RA;Lo;0;L;;;;;N;;;;;
+308A;HIRAGANA LETTER RI;Lo;0;L;;;;;N;;;;;
+308B;HIRAGANA LETTER RU;Lo;0;L;;;;;N;;;;;
+308C;HIRAGANA LETTER RE;Lo;0;L;;;;;N;;;;;
+308D;HIRAGANA LETTER RO;Lo;0;L;;;;;N;;;;;
+308E;HIRAGANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;;
+308F;HIRAGANA LETTER WA;Lo;0;L;;;;;N;;;;;
+3090;HIRAGANA LETTER WI;Lo;0;L;;;;;N;;;;;
+3091;HIRAGANA LETTER WE;Lo;0;L;;;;;N;;;;;
+3092;HIRAGANA LETTER WO;Lo;0;L;;;;;N;;;;;
+3093;HIRAGANA LETTER N;Lo;0;L;;;;;N;;;;;
+3094;HIRAGANA LETTER VU;Lo;0;L;3046 3099;;;;N;;;;;
+3095;HIRAGANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;;
+3096;HIRAGANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;;
+3099;COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA VOICED SOUND MARK;;;;
+309A;COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;;;;
+309B;KATAKANA-HIRAGANA VOICED SOUND MARK;Sk;0;ON;<compat> 0020 3099;;;;N;;;;;
+309C;KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Sk;0;ON;<compat> 0020 309A;;;;N;;;;;
+309D;HIRAGANA ITERATION MARK;Lm;0;L;;;;;N;;;;;
+309E;HIRAGANA VOICED ITERATION MARK;Lm;0;L;309D 3099;;;;N;;;;;
+309F;HIRAGANA DIGRAPH YORI;Lo;0;L;<vertical> 3088 308A;;;;N;;;;;
+30A0;KATAKANA-HIRAGANA DOUBLE HYPHEN;Pd;0;ON;;;;;N;;;;;
+30A1;KATAKANA LETTER SMALL A;Lo;0;L;;;;;N;;;;;
+30A2;KATAKANA LETTER A;Lo;0;L;;;;;N;;;;;
+30A3;KATAKANA LETTER SMALL I;Lo;0;L;;;;;N;;;;;
+30A4;KATAKANA LETTER I;Lo;0;L;;;;;N;;;;;
+30A5;KATAKANA LETTER SMALL U;Lo;0;L;;;;;N;;;;;
+30A6;KATAKANA LETTER U;Lo;0;L;;;;;N;;;;;
+30A7;KATAKANA LETTER SMALL E;Lo;0;L;;;;;N;;;;;
+30A8;KATAKANA LETTER E;Lo;0;L;;;;;N;;;;;
+30A9;KATAKANA LETTER SMALL O;Lo;0;L;;;;;N;;;;;
+30AA;KATAKANA LETTER O;Lo;0;L;;;;;N;;;;;
+30AB;KATAKANA LETTER KA;Lo;0;L;;;;;N;;;;;
+30AC;KATAKANA LETTER GA;Lo;0;L;30AB 3099;;;;N;;;;;
+30AD;KATAKANA LETTER KI;Lo;0;L;;;;;N;;;;;
+30AE;KATAKANA LETTER GI;Lo;0;L;30AD 3099;;;;N;;;;;
+30AF;KATAKANA LETTER KU;Lo;0;L;;;;;N;;;;;
+30B0;KATAKANA LETTER GU;Lo;0;L;30AF 3099;;;;N;;;;;
+30B1;KATAKANA LETTER KE;Lo;0;L;;;;;N;;;;;
+30B2;KATAKANA LETTER GE;Lo;0;L;30B1 3099;;;;N;;;;;
+30B3;KATAKANA LETTER KO;Lo;0;L;;;;;N;;;;;
+30B4;KATAKANA LETTER GO;Lo;0;L;30B3 3099;;;;N;;;;;
+30B5;KATAKANA LETTER SA;Lo;0;L;;;;;N;;;;;
+30B6;KATAKANA LETTER ZA;Lo;0;L;30B5 3099;;;;N;;;;;
+30B7;KATAKANA LETTER SI;Lo;0;L;;;;;N;;;;;
+30B8;KATAKANA LETTER ZI;Lo;0;L;30B7 3099;;;;N;;;;;
+30B9;KATAKANA LETTER SU;Lo;0;L;;;;;N;;;;;
+30BA;KATAKANA LETTER ZU;Lo;0;L;30B9 3099;;;;N;;;;;
+30BB;KATAKANA LETTER SE;Lo;0;L;;;;;N;;;;;
+30BC;KATAKANA LETTER ZE;Lo;0;L;30BB 3099;;;;N;;;;;
+30BD;KATAKANA LETTER SO;Lo;0;L;;;;;N;;;;;
+30BE;KATAKANA LETTER ZO;Lo;0;L;30BD 3099;;;;N;;;;;
+30BF;KATAKANA LETTER TA;Lo;0;L;;;;;N;;;;;
+30C0;KATAKANA LETTER DA;Lo;0;L;30BF 3099;;;;N;;;;;
+30C1;KATAKANA LETTER TI;Lo;0;L;;;;;N;;;;;
+30C2;KATAKANA LETTER DI;Lo;0;L;30C1 3099;;;;N;;;;;
+30C3;KATAKANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;;
+30C4;KATAKANA LETTER TU;Lo;0;L;;;;;N;;;;;
+30C5;KATAKANA LETTER DU;Lo;0;L;30C4 3099;;;;N;;;;;
+30C6;KATAKANA LETTER TE;Lo;0;L;;;;;N;;;;;
+30C7;KATAKANA LETTER DE;Lo;0;L;30C6 3099;;;;N;;;;;
+30C8;KATAKANA LETTER TO;Lo;0;L;;;;;N;;;;;
+30C9;KATAKANA LETTER DO;Lo;0;L;30C8 3099;;;;N;;;;;
+30CA;KATAKANA LETTER NA;Lo;0;L;;;;;N;;;;;
+30CB;KATAKANA LETTER NI;Lo;0;L;;;;;N;;;;;
+30CC;KATAKANA LETTER NU;Lo;0;L;;;;;N;;;;;
+30CD;KATAKANA LETTER NE;Lo;0;L;;;;;N;;;;;
+30CE;KATAKANA LETTER NO;Lo;0;L;;;;;N;;;;;
+30CF;KATAKANA LETTER HA;Lo;0;L;;;;;N;;;;;
+30D0;KATAKANA LETTER BA;Lo;0;L;30CF 3099;;;;N;;;;;
+30D1;KATAKANA LETTER PA;Lo;0;L;30CF 309A;;;;N;;;;;
+30D2;KATAKANA LETTER HI;Lo;0;L;;;;;N;;;;;
+30D3;KATAKANA LETTER BI;Lo;0;L;30D2 3099;;;;N;;;;;
+30D4;KATAKANA LETTER PI;Lo;0;L;30D2 309A;;;;N;;;;;
+30D5;KATAKANA LETTER HU;Lo;0;L;;;;;N;;;;;
+30D6;KATAKANA LETTER BU;Lo;0;L;30D5 3099;;;;N;;;;;
+30D7;KATAKANA LETTER PU;Lo;0;L;30D5 309A;;;;N;;;;;
+30D8;KATAKANA LETTER HE;Lo;0;L;;;;;N;;;;;
+30D9;KATAKANA LETTER BE;Lo;0;L;30D8 3099;;;;N;;;;;
+30DA;KATAKANA LETTER PE;Lo;0;L;30D8 309A;;;;N;;;;;
+30DB;KATAKANA LETTER HO;Lo;0;L;;;;;N;;;;;
+30DC;KATAKANA LETTER BO;Lo;0;L;30DB 3099;;;;N;;;;;
+30DD;KATAKANA LETTER PO;Lo;0;L;30DB 309A;;;;N;;;;;
+30DE;KATAKANA LETTER MA;Lo;0;L;;;;;N;;;;;
+30DF;KATAKANA LETTER MI;Lo;0;L;;;;;N;;;;;
+30E0;KATAKANA LETTER MU;Lo;0;L;;;;;N;;;;;
+30E1;KATAKANA LETTER ME;Lo;0;L;;;;;N;;;;;
+30E2;KATAKANA LETTER MO;Lo;0;L;;;;;N;;;;;
+30E3;KATAKANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;;
+30E4;KATAKANA LETTER YA;Lo;0;L;;;;;N;;;;;
+30E5;KATAKANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;;
+30E6;KATAKANA LETTER YU;Lo;0;L;;;;;N;;;;;
+30E7;KATAKANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;;
+30E8;KATAKANA LETTER YO;Lo;0;L;;;;;N;;;;;
+30E9;KATAKANA LETTER RA;Lo;0;L;;;;;N;;;;;
+30EA;KATAKANA LETTER RI;Lo;0;L;;;;;N;;;;;
+30EB;KATAKANA LETTER RU;Lo;0;L;;;;;N;;;;;
+30EC;KATAKANA LETTER RE;Lo;0;L;;;;;N;;;;;
+30ED;KATAKANA LETTER RO;Lo;0;L;;;;;N;;;;;
+30EE;KATAKANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;;
+30EF;KATAKANA LETTER WA;Lo;0;L;;;;;N;;;;;
+30F0;KATAKANA LETTER WI;Lo;0;L;;;;;N;;;;;
+30F1;KATAKANA LETTER WE;Lo;0;L;;;;;N;;;;;
+30F2;KATAKANA LETTER WO;Lo;0;L;;;;;N;;;;;
+30F3;KATAKANA LETTER N;Lo;0;L;;;;;N;;;;;
+30F4;KATAKANA LETTER VU;Lo;0;L;30A6 3099;;;;N;;;;;
+30F5;KATAKANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;;
+30F6;KATAKANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;;
+30F7;KATAKANA LETTER VA;Lo;0;L;30EF 3099;;;;N;;;;;
+30F8;KATAKANA LETTER VI;Lo;0;L;30F0 3099;;;;N;;;;;
+30F9;KATAKANA LETTER VE;Lo;0;L;30F1 3099;;;;N;;;;;
+30FA;KATAKANA LETTER VO;Lo;0;L;30F2 3099;;;;N;;;;;
+30FB;KATAKANA MIDDLE DOT;Pc;0;ON;;;;;N;;;;;
+30FC;KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L;;;;;N;;;;;
+30FD;KATAKANA ITERATION MARK;Lm;0;L;;;;;N;;;;;
+30FE;KATAKANA VOICED ITERATION MARK;Lm;0;L;30FD 3099;;;;N;;;;;
+30FF;KATAKANA DIGRAPH KOTO;Lo;0;L;<vertical> 30B3 30C8;;;;N;;;;;
+3105;BOPOMOFO LETTER B;Lo;0;L;;;;;N;;;;;
+3106;BOPOMOFO LETTER P;Lo;0;L;;;;;N;;;;;
+3107;BOPOMOFO LETTER M;Lo;0;L;;;;;N;;;;;
+3108;BOPOMOFO LETTER F;Lo;0;L;;;;;N;;;;;
+3109;BOPOMOFO LETTER D;Lo;0;L;;;;;N;;;;;
+310A;BOPOMOFO LETTER T;Lo;0;L;;;;;N;;;;;
+310B;BOPOMOFO LETTER N;Lo;0;L;;;;;N;;;;;
+310C;BOPOMOFO LETTER L;Lo;0;L;;;;;N;;;;;
+310D;BOPOMOFO LETTER G;Lo;0;L;;;;;N;;;;;
+310E;BOPOMOFO LETTER K;Lo;0;L;;;;;N;;;;;
+310F;BOPOMOFO LETTER H;Lo;0;L;;;;;N;;;;;
+3110;BOPOMOFO LETTER J;Lo;0;L;;;;;N;;;;;
+3111;BOPOMOFO LETTER Q;Lo;0;L;;;;;N;;;;;
+3112;BOPOMOFO LETTER X;Lo;0;L;;;;;N;;;;;
+3113;BOPOMOFO LETTER ZH;Lo;0;L;;;;;N;;;;;
+3114;BOPOMOFO LETTER CH;Lo;0;L;;;;;N;;;;;
+3115;BOPOMOFO LETTER SH;Lo;0;L;;;;;N;;;;;
+3116;BOPOMOFO LETTER R;Lo;0;L;;;;;N;;;;;
+3117;BOPOMOFO LETTER Z;Lo;0;L;;;;;N;;;;;
+3118;BOPOMOFO LETTER C;Lo;0;L;;;;;N;;;;;
+3119;BOPOMOFO LETTER S;Lo;0;L;;;;;N;;;;;
+311A;BOPOMOFO LETTER A;Lo;0;L;;;;;N;;;;;
+311B;BOPOMOFO LETTER O;Lo;0;L;;;;;N;;;;;
+311C;BOPOMOFO LETTER E;Lo;0;L;;;;;N;;;;;
+311D;BOPOMOFO LETTER EH;Lo;0;L;;;;;N;;;;;
+311E;BOPOMOFO LETTER AI;Lo;0;L;;;;;N;;;;;
+311F;BOPOMOFO LETTER EI;Lo;0;L;;;;;N;;;;;
+3120;BOPOMOFO LETTER AU;Lo;0;L;;;;;N;;;;;
+3121;BOPOMOFO LETTER OU;Lo;0;L;;;;;N;;;;;
+3122;BOPOMOFO LETTER AN;Lo;0;L;;;;;N;;;;;
+3123;BOPOMOFO LETTER EN;Lo;0;L;;;;;N;;;;;
+3124;BOPOMOFO LETTER ANG;Lo;0;L;;;;;N;;;;;
+3125;BOPOMOFO LETTER ENG;Lo;0;L;;;;;N;;;;;
+3126;BOPOMOFO LETTER ER;Lo;0;L;;;;;N;;;;;
+3127;BOPOMOFO LETTER I;Lo;0;L;;;;;N;;;;;
+3128;BOPOMOFO LETTER U;Lo;0;L;;;;;N;;;;;
+3129;BOPOMOFO LETTER IU;Lo;0;L;;;;;N;;;;;
+312A;BOPOMOFO LETTER V;Lo;0;L;;;;;N;;;;;
+312B;BOPOMOFO LETTER NG;Lo;0;L;;;;;N;;;;;
+312C;BOPOMOFO LETTER GN;Lo;0;L;;;;;N;;;;;
+3131;HANGUL LETTER KIYEOK;Lo;0;L;<compat> 1100;;;;N;HANGUL LETTER GIYEOG;;;;
+3132;HANGUL LETTER SSANGKIYEOK;Lo;0;L;<compat> 1101;;;;N;HANGUL LETTER SSANG GIYEOG;;;;
+3133;HANGUL LETTER KIYEOK-SIOS;Lo;0;L;<compat> 11AA;;;;N;HANGUL LETTER GIYEOG SIOS;;;;
+3134;HANGUL LETTER NIEUN;Lo;0;L;<compat> 1102;;;;N;;;;;
+3135;HANGUL LETTER NIEUN-CIEUC;Lo;0;L;<compat> 11AC;;;;N;HANGUL LETTER NIEUN JIEUJ;;;;
+3136;HANGUL LETTER NIEUN-HIEUH;Lo;0;L;<compat> 11AD;;;;N;HANGUL LETTER NIEUN HIEUH;;;;
+3137;HANGUL LETTER TIKEUT;Lo;0;L;<compat> 1103;;;;N;HANGUL LETTER DIGEUD;;;;
+3138;HANGUL LETTER SSANGTIKEUT;Lo;0;L;<compat> 1104;;;;N;HANGUL LETTER SSANG DIGEUD;;;;
+3139;HANGUL LETTER RIEUL;Lo;0;L;<compat> 1105;;;;N;HANGUL LETTER LIEUL;;;;
+313A;HANGUL LETTER RIEUL-KIYEOK;Lo;0;L;<compat> 11B0;;;;N;HANGUL LETTER LIEUL GIYEOG;;;;
+313B;HANGUL LETTER RIEUL-MIEUM;Lo;0;L;<compat> 11B1;;;;N;HANGUL LETTER LIEUL MIEUM;;;;
+313C;HANGUL LETTER RIEUL-PIEUP;Lo;0;L;<compat> 11B2;;;;N;HANGUL LETTER LIEUL BIEUB;;;;
+313D;HANGUL LETTER RIEUL-SIOS;Lo;0;L;<compat> 11B3;;;;N;HANGUL LETTER LIEUL SIOS;;;;
+313E;HANGUL LETTER RIEUL-THIEUTH;Lo;0;L;<compat> 11B4;;;;N;HANGUL LETTER LIEUL TIEUT;;;;
+313F;HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L;<compat> 11B5;;;;N;HANGUL LETTER LIEUL PIEUP;;;;
+3140;HANGUL LETTER RIEUL-HIEUH;Lo;0;L;<compat> 111A;;;;N;HANGUL LETTER LIEUL HIEUH;;;;
+3141;HANGUL LETTER MIEUM;Lo;0;L;<compat> 1106;;;;N;;;;;
+3142;HANGUL LETTER PIEUP;Lo;0;L;<compat> 1107;;;;N;HANGUL LETTER BIEUB;;;;
+3143;HANGUL LETTER SSANGPIEUP;Lo;0;L;<compat> 1108;;;;N;HANGUL LETTER SSANG BIEUB;;;;
+3144;HANGUL LETTER PIEUP-SIOS;Lo;0;L;<compat> 1121;;;;N;HANGUL LETTER BIEUB SIOS;;;;
+3145;HANGUL LETTER SIOS;Lo;0;L;<compat> 1109;;;;N;;;;;
+3146;HANGUL LETTER SSANGSIOS;Lo;0;L;<compat> 110A;;;;N;HANGUL LETTER SSANG SIOS;;;;
+3147;HANGUL LETTER IEUNG;Lo;0;L;<compat> 110B;;;;N;;;;;
+3148;HANGUL LETTER CIEUC;Lo;0;L;<compat> 110C;;;;N;HANGUL LETTER JIEUJ;;;;
+3149;HANGUL LETTER SSANGCIEUC;Lo;0;L;<compat> 110D;;;;N;HANGUL LETTER SSANG JIEUJ;;;;
+314A;HANGUL LETTER CHIEUCH;Lo;0;L;<compat> 110E;;;;N;HANGUL LETTER CIEUC;;;;
+314B;HANGUL LETTER KHIEUKH;Lo;0;L;<compat> 110F;;;;N;HANGUL LETTER KIYEOK;;;;
+314C;HANGUL LETTER THIEUTH;Lo;0;L;<compat> 1110;;;;N;HANGUL LETTER TIEUT;;;;
+314D;HANGUL LETTER PHIEUPH;Lo;0;L;<compat> 1111;;;;N;HANGUL LETTER PIEUP;;;;
+314E;HANGUL LETTER HIEUH;Lo;0;L;<compat> 1112;;;;N;;;;;
+314F;HANGUL LETTER A;Lo;0;L;<compat> 1161;;;;N;;;;;
+3150;HANGUL LETTER AE;Lo;0;L;<compat> 1162;;;;N;;;;;
+3151;HANGUL LETTER YA;Lo;0;L;<compat> 1163;;;;N;;;;;
+3152;HANGUL LETTER YAE;Lo;0;L;<compat> 1164;;;;N;;;;;
+3153;HANGUL LETTER EO;Lo;0;L;<compat> 1165;;;;N;;;;;
+3154;HANGUL LETTER E;Lo;0;L;<compat> 1166;;;;N;;;;;
+3155;HANGUL LETTER YEO;Lo;0;L;<compat> 1167;;;;N;;;;;
+3156;HANGUL LETTER YE;Lo;0;L;<compat> 1168;;;;N;;;;;
+3157;HANGUL LETTER O;Lo;0;L;<compat> 1169;;;;N;;;;;
+3158;HANGUL LETTER WA;Lo;0;L;<compat> 116A;;;;N;;;;;
+3159;HANGUL LETTER WAE;Lo;0;L;<compat> 116B;;;;N;;;;;
+315A;HANGUL LETTER OE;Lo;0;L;<compat> 116C;;;;N;;;;;
+315B;HANGUL LETTER YO;Lo;0;L;<compat> 116D;;;;N;;;;;
+315C;HANGUL LETTER U;Lo;0;L;<compat> 116E;;;;N;;;;;
+315D;HANGUL LETTER WEO;Lo;0;L;<compat> 116F;;;;N;;;;;
+315E;HANGUL LETTER WE;Lo;0;L;<compat> 1170;;;;N;;;;;
+315F;HANGUL LETTER WI;Lo;0;L;<compat> 1171;;;;N;;;;;
+3160;HANGUL LETTER YU;Lo;0;L;<compat> 1172;;;;N;;;;;
+3161;HANGUL LETTER EU;Lo;0;L;<compat> 1173;;;;N;;;;;
+3162;HANGUL LETTER YI;Lo;0;L;<compat> 1174;;;;N;;;;;
+3163;HANGUL LETTER I;Lo;0;L;<compat> 1175;;;;N;;;;;
+3164;HANGUL FILLER;Lo;0;L;<compat> 1160;;;;N;HANGUL CAE OM;;;;
+3165;HANGUL LETTER SSANGNIEUN;Lo;0;L;<compat> 1114;;;;N;HANGUL LETTER SSANG NIEUN;;;;
+3166;HANGUL LETTER NIEUN-TIKEUT;Lo;0;L;<compat> 1115;;;;N;HANGUL LETTER NIEUN DIGEUD;;;;
+3167;HANGUL LETTER NIEUN-SIOS;Lo;0;L;<compat> 11C7;;;;N;HANGUL LETTER NIEUN SIOS;;;;
+3168;HANGUL LETTER NIEUN-PANSIOS;Lo;0;L;<compat> 11C8;;;;N;HANGUL LETTER NIEUN BAN CHI EUM;;;;
+3169;HANGUL LETTER RIEUL-KIYEOK-SIOS;Lo;0;L;<compat> 11CC;;;;N;HANGUL LETTER LIEUL GIYEOG SIOS;;;;
+316A;HANGUL LETTER RIEUL-TIKEUT;Lo;0;L;<compat> 11CE;;;;N;HANGUL LETTER LIEUL DIGEUD;;;;
+316B;HANGUL LETTER RIEUL-PIEUP-SIOS;Lo;0;L;<compat> 11D3;;;;N;HANGUL LETTER LIEUL BIEUB SIOS;;;;
+316C;HANGUL LETTER RIEUL-PANSIOS;Lo;0;L;<compat> 11D7;;;;N;HANGUL LETTER LIEUL BAN CHI EUM;;;;
+316D;HANGUL LETTER RIEUL-YEORINHIEUH;Lo;0;L;<compat> 11D9;;;;N;HANGUL LETTER LIEUL YEOLIN HIEUH;;;;
+316E;HANGUL LETTER MIEUM-PIEUP;Lo;0;L;<compat> 111C;;;;N;HANGUL LETTER MIEUM BIEUB;;;;
+316F;HANGUL LETTER MIEUM-SIOS;Lo;0;L;<compat> 11DD;;;;N;HANGUL LETTER MIEUM SIOS;;;;
+3170;HANGUL LETTER MIEUM-PANSIOS;Lo;0;L;<compat> 11DF;;;;N;HANGUL LETTER BIEUB BAN CHI EUM;;;;
+3171;HANGUL LETTER KAPYEOUNMIEUM;Lo;0;L;<compat> 111D;;;;N;HANGUL LETTER MIEUM SUN GYEONG EUM;;;;
+3172;HANGUL LETTER PIEUP-KIYEOK;Lo;0;L;<compat> 111E;;;;N;HANGUL LETTER BIEUB GIYEOG;;;;
+3173;HANGUL LETTER PIEUP-TIKEUT;Lo;0;L;<compat> 1120;;;;N;HANGUL LETTER BIEUB DIGEUD;;;;
+3174;HANGUL LETTER PIEUP-SIOS-KIYEOK;Lo;0;L;<compat> 1122;;;;N;HANGUL LETTER BIEUB SIOS GIYEOG;;;;
+3175;HANGUL LETTER PIEUP-SIOS-TIKEUT;Lo;0;L;<compat> 1123;;;;N;HANGUL LETTER BIEUB SIOS DIGEUD;;;;
+3176;HANGUL LETTER PIEUP-CIEUC;Lo;0;L;<compat> 1127;;;;N;HANGUL LETTER BIEUB JIEUJ;;;;
+3177;HANGUL LETTER PIEUP-THIEUTH;Lo;0;L;<compat> 1129;;;;N;HANGUL LETTER BIEUB TIEUT;;;;
+3178;HANGUL LETTER KAPYEOUNPIEUP;Lo;0;L;<compat> 112B;;;;N;HANGUL LETTER BIEUB SUN GYEONG EUM;;;;
+3179;HANGUL LETTER KAPYEOUNSSANGPIEUP;Lo;0;L;<compat> 112C;;;;N;HANGUL LETTER SSANG BIEUB SUN GYEONG EUM;;;;
+317A;HANGUL LETTER SIOS-KIYEOK;Lo;0;L;<compat> 112D;;;;N;HANGUL LETTER SIOS GIYEOG;;;;
+317B;HANGUL LETTER SIOS-NIEUN;Lo;0;L;<compat> 112E;;;;N;HANGUL LETTER SIOS NIEUN;;;;
+317C;HANGUL LETTER SIOS-TIKEUT;Lo;0;L;<compat> 112F;;;;N;HANGUL LETTER SIOS DIGEUD;;;;
+317D;HANGUL LETTER SIOS-PIEUP;Lo;0;L;<compat> 1132;;;;N;HANGUL LETTER SIOS BIEUB;;;;
+317E;HANGUL LETTER SIOS-CIEUC;Lo;0;L;<compat> 1136;;;;N;HANGUL LETTER SIOS JIEUJ;;;;
+317F;HANGUL LETTER PANSIOS;Lo;0;L;<compat> 1140;;;;N;HANGUL LETTER BAN CHI EUM;;;;
+3180;HANGUL LETTER SSANGIEUNG;Lo;0;L;<compat> 1147;;;;N;HANGUL LETTER SSANG IEUNG;;;;
+3181;HANGUL LETTER YESIEUNG;Lo;0;L;<compat> 114C;;;;N;HANGUL LETTER NGIEUNG;;;;
+3182;HANGUL LETTER YESIEUNG-SIOS;Lo;0;L;<compat> 11F1;;;;N;HANGUL LETTER NGIEUNG SIOS;;;;
+3183;HANGUL LETTER YESIEUNG-PANSIOS;Lo;0;L;<compat> 11F2;;;;N;HANGUL LETTER NGIEUNG BAN CHI EUM;;;;
+3184;HANGUL LETTER KAPYEOUNPHIEUPH;Lo;0;L;<compat> 1157;;;;N;HANGUL LETTER PIEUP SUN GYEONG EUM;;;;
+3185;HANGUL LETTER SSANGHIEUH;Lo;0;L;<compat> 1158;;;;N;HANGUL LETTER SSANG HIEUH;;;;
+3186;HANGUL LETTER YEORINHIEUH;Lo;0;L;<compat> 1159;;;;N;HANGUL LETTER YEOLIN HIEUH;;;;
+3187;HANGUL LETTER YO-YA;Lo;0;L;<compat> 1184;;;;N;HANGUL LETTER YOYA;;;;
+3188;HANGUL LETTER YO-YAE;Lo;0;L;<compat> 1185;;;;N;HANGUL LETTER YOYAE;;;;
+3189;HANGUL LETTER YO-I;Lo;0;L;<compat> 1188;;;;N;HANGUL LETTER YOI;;;;
+318A;HANGUL LETTER YU-YEO;Lo;0;L;<compat> 1191;;;;N;HANGUL LETTER YUYEO;;;;
+318B;HANGUL LETTER YU-YE;Lo;0;L;<compat> 1192;;;;N;HANGUL LETTER YUYE;;;;
+318C;HANGUL LETTER YU-I;Lo;0;L;<compat> 1194;;;;N;HANGUL LETTER YUI;;;;
+318D;HANGUL LETTER ARAEA;Lo;0;L;<compat> 119E;;;;N;HANGUL LETTER ALAE A;;;;
+318E;HANGUL LETTER ARAEAE;Lo;0;L;<compat> 11A1;;;;N;HANGUL LETTER ALAE AE;;;;
+3190;IDEOGRAPHIC ANNOTATION LINKING MARK;So;0;L;;;;;N;KANBUN TATETEN;Kanbun Tateten;;;
+3191;IDEOGRAPHIC ANNOTATION REVERSE MARK;So;0;L;;;;;N;KAERITEN RE;Kaeriten;;;
+3192;IDEOGRAPHIC ANNOTATION ONE MARK;No;0;L;<super> 4E00;;;1;N;KAERITEN ITI;Kaeriten;;;
+3193;IDEOGRAPHIC ANNOTATION TWO MARK;No;0;L;<super> 4E8C;;;2;N;KAERITEN NI;Kaeriten;;;
+3194;IDEOGRAPHIC ANNOTATION THREE MARK;No;0;L;<super> 4E09;;;3;N;KAERITEN SAN;Kaeriten;;;
+3195;IDEOGRAPHIC ANNOTATION FOUR MARK;No;0;L;<super> 56DB;;;4;N;KAERITEN SI;Kaeriten;;;
+3196;IDEOGRAPHIC ANNOTATION TOP MARK;So;0;L;<super> 4E0A;;;;N;KAERITEN ZYOU;Kaeriten;;;
+3197;IDEOGRAPHIC ANNOTATION MIDDLE MARK;So;0;L;<super> 4E2D;;;;N;KAERITEN TYUU;Kaeriten;;;
+3198;IDEOGRAPHIC ANNOTATION BOTTOM MARK;So;0;L;<super> 4E0B;;;;N;KAERITEN GE;Kaeriten;;;
+3199;IDEOGRAPHIC ANNOTATION FIRST MARK;So;0;L;<super> 7532;;;;N;KAERITEN KOU;Kaeriten;;;
+319A;IDEOGRAPHIC ANNOTATION SECOND MARK;So;0;L;<super> 4E59;;;;N;KAERITEN OTU;Kaeriten;;;
+319B;IDEOGRAPHIC ANNOTATION THIRD MARK;So;0;L;<super> 4E19;;;;N;KAERITEN HEI;Kaeriten;;;
+319C;IDEOGRAPHIC ANNOTATION FOURTH MARK;So;0;L;<super> 4E01;;;;N;KAERITEN TEI;Kaeriten;;;
+319D;IDEOGRAPHIC ANNOTATION HEAVEN MARK;So;0;L;<super> 5929;;;;N;KAERITEN TEN;Kaeriten;;;
+319E;IDEOGRAPHIC ANNOTATION EARTH MARK;So;0;L;<super> 5730;;;;N;KAERITEN TI;Kaeriten;;;
+319F;IDEOGRAPHIC ANNOTATION MAN MARK;So;0;L;<super> 4EBA;;;;N;KAERITEN ZIN;Kaeriten;;;
+31A0;BOPOMOFO LETTER BU;Lo;0;L;;;;;N;;;;;
+31A1;BOPOMOFO LETTER ZI;Lo;0;L;;;;;N;;;;;
+31A2;BOPOMOFO LETTER JI;Lo;0;L;;;;;N;;;;;
+31A3;BOPOMOFO LETTER GU;Lo;0;L;;;;;N;;;;;
+31A4;BOPOMOFO LETTER EE;Lo;0;L;;;;;N;;;;;
+31A5;BOPOMOFO LETTER ENN;Lo;0;L;;;;;N;;;;;
+31A6;BOPOMOFO LETTER OO;Lo;0;L;;;;;N;;;;;
+31A7;BOPOMOFO LETTER ONN;Lo;0;L;;;;;N;;;;;
+31A8;BOPOMOFO LETTER IR;Lo;0;L;;;;;N;;;;;
+31A9;BOPOMOFO LETTER ANN;Lo;0;L;;;;;N;;;;;
+31AA;BOPOMOFO LETTER INN;Lo;0;L;;;;;N;;;;;
+31AB;BOPOMOFO LETTER UNN;Lo;0;L;;;;;N;;;;;
+31AC;BOPOMOFO LETTER IM;Lo;0;L;;;;;N;;;;;
+31AD;BOPOMOFO LETTER NGG;Lo;0;L;;;;;N;;;;;
+31AE;BOPOMOFO LETTER AINN;Lo;0;L;;;;;N;;;;;
+31AF;BOPOMOFO LETTER AUNN;Lo;0;L;;;;;N;;;;;
+31B0;BOPOMOFO LETTER AM;Lo;0;L;;;;;N;;;;;
+31B1;BOPOMOFO LETTER OM;Lo;0;L;;;;;N;;;;;
+31B2;BOPOMOFO LETTER ONG;Lo;0;L;;;;;N;;;;;
+31B3;BOPOMOFO LETTER INNN;Lo;0;L;;;;;N;;;;;
+31B4;BOPOMOFO FINAL LETTER P;Lo;0;L;;;;;N;;;;;
+31B5;BOPOMOFO FINAL LETTER T;Lo;0;L;;;;;N;;;;;
+31B6;BOPOMOFO FINAL LETTER K;Lo;0;L;;;;;N;;;;;
+31B7;BOPOMOFO FINAL LETTER H;Lo;0;L;;;;;N;;;;;
+31F0;KATAKANA LETTER SMALL KU;Lo;0;L;;;;;N;;;;;
+31F1;KATAKANA LETTER SMALL SI;Lo;0;L;;;;;N;;;;;
+31F2;KATAKANA LETTER SMALL SU;Lo;0;L;;;;;N;;;;;
+31F3;KATAKANA LETTER SMALL TO;Lo;0;L;;;;;N;;;;;
+31F4;KATAKANA LETTER SMALL NU;Lo;0;L;;;;;N;;;;;
+31F5;KATAKANA LETTER SMALL HA;Lo;0;L;;;;;N;;;;;
+31F6;KATAKANA LETTER SMALL HI;Lo;0;L;;;;;N;;;;;
+31F7;KATAKANA LETTER SMALL HU;Lo;0;L;;;;;N;;;;;
+31F8;KATAKANA LETTER SMALL HE;Lo;0;L;;;;;N;;;;;
+31F9;KATAKANA LETTER SMALL HO;Lo;0;L;;;;;N;;;;;
+31FA;KATAKANA LETTER SMALL MU;Lo;0;L;;;;;N;;;;;
+31FB;KATAKANA LETTER SMALL RA;Lo;0;L;;;;;N;;;;;
+31FC;KATAKANA LETTER SMALL RI;Lo;0;L;;;;;N;;;;;
+31FD;KATAKANA LETTER SMALL RU;Lo;0;L;;;;;N;;;;;
+31FE;KATAKANA LETTER SMALL RE;Lo;0;L;;;;;N;;;;;
+31FF;KATAKANA LETTER SMALL RO;Lo;0;L;;;;;N;;;;;
+3200;PARENTHESIZED HANGUL KIYEOK;So;0;L;<compat> 0028 1100 0029;;;;N;PARENTHESIZED HANGUL GIYEOG;;;;
+3201;PARENTHESIZED HANGUL NIEUN;So;0;L;<compat> 0028 1102 0029;;;;N;;;;;
+3202;PARENTHESIZED HANGUL TIKEUT;So;0;L;<compat> 0028 1103 0029;;;;N;PARENTHESIZED HANGUL DIGEUD;;;;
+3203;PARENTHESIZED HANGUL RIEUL;So;0;L;<compat> 0028 1105 0029;;;;N;PARENTHESIZED HANGUL LIEUL;;;;
+3204;PARENTHESIZED HANGUL MIEUM;So;0;L;<compat> 0028 1106 0029;;;;N;;;;;
+3205;PARENTHESIZED HANGUL PIEUP;So;0;L;<compat> 0028 1107 0029;;;;N;PARENTHESIZED HANGUL BIEUB;;;;
+3206;PARENTHESIZED HANGUL SIOS;So;0;L;<compat> 0028 1109 0029;;;;N;;;;;
+3207;PARENTHESIZED HANGUL IEUNG;So;0;L;<compat> 0028 110B 0029;;;;N;;;;;
+3208;PARENTHESIZED HANGUL CIEUC;So;0;L;<compat> 0028 110C 0029;;;;N;PARENTHESIZED HANGUL JIEUJ;;;;
+3209;PARENTHESIZED HANGUL CHIEUCH;So;0;L;<compat> 0028 110E 0029;;;;N;PARENTHESIZED HANGUL CIEUC;;;;
+320A;PARENTHESIZED HANGUL KHIEUKH;So;0;L;<compat> 0028 110F 0029;;;;N;PARENTHESIZED HANGUL KIYEOK;;;;
+320B;PARENTHESIZED HANGUL THIEUTH;So;0;L;<compat> 0028 1110 0029;;;;N;PARENTHESIZED HANGUL TIEUT;;;;
+320C;PARENTHESIZED HANGUL PHIEUPH;So;0;L;<compat> 0028 1111 0029;;;;N;PARENTHESIZED HANGUL PIEUP;;;;
+320D;PARENTHESIZED HANGUL HIEUH;So;0;L;<compat> 0028 1112 0029;;;;N;;;;;
+320E;PARENTHESIZED HANGUL KIYEOK A;So;0;L;<compat> 0028 1100 1161 0029;;;;N;PARENTHESIZED HANGUL GA;;;;
+320F;PARENTHESIZED HANGUL NIEUN A;So;0;L;<compat> 0028 1102 1161 0029;;;;N;PARENTHESIZED HANGUL NA;;;;
+3210;PARENTHESIZED HANGUL TIKEUT A;So;0;L;<compat> 0028 1103 1161 0029;;;;N;PARENTHESIZED HANGUL DA;;;;
+3211;PARENTHESIZED HANGUL RIEUL A;So;0;L;<compat> 0028 1105 1161 0029;;;;N;PARENTHESIZED HANGUL LA;;;;
+3212;PARENTHESIZED HANGUL MIEUM A;So;0;L;<compat> 0028 1106 1161 0029;;;;N;PARENTHESIZED HANGUL MA;;;;
+3213;PARENTHESIZED HANGUL PIEUP A;So;0;L;<compat> 0028 1107 1161 0029;;;;N;PARENTHESIZED HANGUL BA;;;;
+3214;PARENTHESIZED HANGUL SIOS A;So;0;L;<compat> 0028 1109 1161 0029;;;;N;PARENTHESIZED HANGUL SA;;;;
+3215;PARENTHESIZED HANGUL IEUNG A;So;0;L;<compat> 0028 110B 1161 0029;;;;N;PARENTHESIZED HANGUL A;;;;
+3216;PARENTHESIZED HANGUL CIEUC A;So;0;L;<compat> 0028 110C 1161 0029;;;;N;PARENTHESIZED HANGUL JA;;;;
+3217;PARENTHESIZED HANGUL CHIEUCH A;So;0;L;<compat> 0028 110E 1161 0029;;;;N;PARENTHESIZED HANGUL CA;;;;
+3218;PARENTHESIZED HANGUL KHIEUKH A;So;0;L;<compat> 0028 110F 1161 0029;;;;N;PARENTHESIZED HANGUL KA;;;;
+3219;PARENTHESIZED HANGUL THIEUTH A;So;0;L;<compat> 0028 1110 1161 0029;;;;N;PARENTHESIZED HANGUL TA;;;;
+321A;PARENTHESIZED HANGUL PHIEUPH A;So;0;L;<compat> 0028 1111 1161 0029;;;;N;PARENTHESIZED HANGUL PA;;;;
+321B;PARENTHESIZED HANGUL HIEUH A;So;0;L;<compat> 0028 1112 1161 0029;;;;N;PARENTHESIZED HANGUL HA;;;;
+321C;PARENTHESIZED HANGUL CIEUC U;So;0;L;<compat> 0028 110C 116E 0029;;;;N;PARENTHESIZED HANGUL JU;;;;
+3220;PARENTHESIZED IDEOGRAPH ONE;No;0;L;<compat> 0028 4E00 0029;;;1;N;;;;;
+3221;PARENTHESIZED IDEOGRAPH TWO;No;0;L;<compat> 0028 4E8C 0029;;;2;N;;;;;
+3222;PARENTHESIZED IDEOGRAPH THREE;No;0;L;<compat> 0028 4E09 0029;;;3;N;;;;;
+3223;PARENTHESIZED IDEOGRAPH FOUR;No;0;L;<compat> 0028 56DB 0029;;;4;N;;;;;
+3224;PARENTHESIZED IDEOGRAPH FIVE;No;0;L;<compat> 0028 4E94 0029;;;5;N;;;;;
+3225;PARENTHESIZED IDEOGRAPH SIX;No;0;L;<compat> 0028 516D 0029;;;6;N;;;;;
+3226;PARENTHESIZED IDEOGRAPH SEVEN;No;0;L;<compat> 0028 4E03 0029;;;7;N;;;;;
+3227;PARENTHESIZED IDEOGRAPH EIGHT;No;0;L;<compat> 0028 516B 0029;;;8;N;;;;;
+3228;PARENTHESIZED IDEOGRAPH NINE;No;0;L;<compat> 0028 4E5D 0029;;;9;N;;;;;
+3229;PARENTHESIZED IDEOGRAPH TEN;No;0;L;<compat> 0028 5341 0029;;;10;N;;;;;
+322A;PARENTHESIZED IDEOGRAPH MOON;So;0;L;<compat> 0028 6708 0029;;;;N;;;;;
+322B;PARENTHESIZED IDEOGRAPH FIRE;So;0;L;<compat> 0028 706B 0029;;;;N;;;;;
+322C;PARENTHESIZED IDEOGRAPH WATER;So;0;L;<compat> 0028 6C34 0029;;;;N;;;;;
+322D;PARENTHESIZED IDEOGRAPH WOOD;So;0;L;<compat> 0028 6728 0029;;;;N;;;;;
+322E;PARENTHESIZED IDEOGRAPH METAL;So;0;L;<compat> 0028 91D1 0029;;;;N;;;;;
+322F;PARENTHESIZED IDEOGRAPH EARTH;So;0;L;<compat> 0028 571F 0029;;;;N;;;;;
+3230;PARENTHESIZED IDEOGRAPH SUN;So;0;L;<compat> 0028 65E5 0029;;;;N;;;;;
+3231;PARENTHESIZED IDEOGRAPH STOCK;So;0;L;<compat> 0028 682A 0029;;;;N;;;;;
+3232;PARENTHESIZED IDEOGRAPH HAVE;So;0;L;<compat> 0028 6709 0029;;;;N;;;;;
+3233;PARENTHESIZED IDEOGRAPH SOCIETY;So;0;L;<compat> 0028 793E 0029;;;;N;;;;;
+3234;PARENTHESIZED IDEOGRAPH NAME;So;0;L;<compat> 0028 540D 0029;;;;N;;;;;
+3235;PARENTHESIZED IDEOGRAPH SPECIAL;So;0;L;<compat> 0028 7279 0029;;;;N;;;;;
+3236;PARENTHESIZED IDEOGRAPH FINANCIAL;So;0;L;<compat> 0028 8CA1 0029;;;;N;;;;;
+3237;PARENTHESIZED IDEOGRAPH CONGRATULATION;So;0;L;<compat> 0028 795D 0029;;;;N;;;;;
+3238;PARENTHESIZED IDEOGRAPH LABOR;So;0;L;<compat> 0028 52B4 0029;;;;N;;;;;
+3239;PARENTHESIZED IDEOGRAPH REPRESENT;So;0;L;<compat> 0028 4EE3 0029;;;;N;;;;;
+323A;PARENTHESIZED IDEOGRAPH CALL;So;0;L;<compat> 0028 547C 0029;;;;N;;;;;
+323B;PARENTHESIZED IDEOGRAPH STUDY;So;0;L;<compat> 0028 5B66 0029;;;;N;;;;;
+323C;PARENTHESIZED IDEOGRAPH SUPERVISE;So;0;L;<compat> 0028 76E3 0029;;;;N;;;;;
+323D;PARENTHESIZED IDEOGRAPH ENTERPRISE;So;0;L;<compat> 0028 4F01 0029;;;;N;;;;;
+323E;PARENTHESIZED IDEOGRAPH RESOURCE;So;0;L;<compat> 0028 8CC7 0029;;;;N;;;;;
+323F;PARENTHESIZED IDEOGRAPH ALLIANCE;So;0;L;<compat> 0028 5354 0029;;;;N;;;;;
+3240;PARENTHESIZED IDEOGRAPH FESTIVAL;So;0;L;<compat> 0028 796D 0029;;;;N;;;;;
+3241;PARENTHESIZED IDEOGRAPH REST;So;0;L;<compat> 0028 4F11 0029;;;;N;;;;;
+3242;PARENTHESIZED IDEOGRAPH SELF;So;0;L;<compat> 0028 81EA 0029;;;;N;;;;;
+3243;PARENTHESIZED IDEOGRAPH REACH;So;0;L;<compat> 0028 81F3 0029;;;;N;;;;;
+3251;CIRCLED NUMBER TWENTY ONE;No;0;ON;<circle> 0032 0031;;;21;N;;;;;
+3252;CIRCLED NUMBER TWENTY TWO;No;0;ON;<circle> 0032 0032;;;22;N;;;;;
+3253;CIRCLED NUMBER TWENTY THREE;No;0;ON;<circle> 0032 0033;;;23;N;;;;;
+3254;CIRCLED NUMBER TWENTY FOUR;No;0;ON;<circle> 0032 0034;;;24;N;;;;;
+3255;CIRCLED NUMBER TWENTY FIVE;No;0;ON;<circle> 0032 0035;;;25;N;;;;;
+3256;CIRCLED NUMBER TWENTY SIX;No;0;ON;<circle> 0032 0036;;;26;N;;;;;
+3257;CIRCLED NUMBER TWENTY SEVEN;No;0;ON;<circle> 0032 0037;;;27;N;;;;;
+3258;CIRCLED NUMBER TWENTY EIGHT;No;0;ON;<circle> 0032 0038;;;28;N;;;;;
+3259;CIRCLED NUMBER TWENTY NINE;No;0;ON;<circle> 0032 0039;;;29;N;;;;;
+325A;CIRCLED NUMBER THIRTY;No;0;ON;<circle> 0033 0030;;;30;N;;;;;
+325B;CIRCLED NUMBER THIRTY ONE;No;0;ON;<circle> 0033 0031;;;31;N;;;;;
+325C;CIRCLED NUMBER THIRTY TWO;No;0;ON;<circle> 0033 0032;;;32;N;;;;;
+325D;CIRCLED NUMBER THIRTY THREE;No;0;ON;<circle> 0033 0033;;;33;N;;;;;
+325E;CIRCLED NUMBER THIRTY FOUR;No;0;ON;<circle> 0033 0034;;;34;N;;;;;
+325F;CIRCLED NUMBER THIRTY FIVE;No;0;ON;<circle> 0033 0035;;;35;N;;;;;
+3260;CIRCLED HANGUL KIYEOK;So;0;L;<circle> 1100;;;;N;CIRCLED HANGUL GIYEOG;;;;
+3261;CIRCLED HANGUL NIEUN;So;0;L;<circle> 1102;;;;N;;;;;
+3262;CIRCLED HANGUL TIKEUT;So;0;L;<circle> 1103;;;;N;CIRCLED HANGUL DIGEUD;;;;
+3263;CIRCLED HANGUL RIEUL;So;0;L;<circle> 1105;;;;N;CIRCLED HANGUL LIEUL;;;;
+3264;CIRCLED HANGUL MIEUM;So;0;L;<circle> 1106;;;;N;;;;;
+3265;CIRCLED HANGUL PIEUP;So;0;L;<circle> 1107;;;;N;CIRCLED HANGUL BIEUB;;;;
+3266;CIRCLED HANGUL SIOS;So;0;L;<circle> 1109;;;;N;;;;;
+3267;CIRCLED HANGUL IEUNG;So;0;L;<circle> 110B;;;;N;;;;;
+3268;CIRCLED HANGUL CIEUC;So;0;L;<circle> 110C;;;;N;CIRCLED HANGUL JIEUJ;;;;
+3269;CIRCLED HANGUL CHIEUCH;So;0;L;<circle> 110E;;;;N;CIRCLED HANGUL CIEUC;;;;
+326A;CIRCLED HANGUL KHIEUKH;So;0;L;<circle> 110F;;;;N;CIRCLED HANGUL KIYEOK;;;;
+326B;CIRCLED HANGUL THIEUTH;So;0;L;<circle> 1110;;;;N;CIRCLED HANGUL TIEUT;;;;
+326C;CIRCLED HANGUL PHIEUPH;So;0;L;<circle> 1111;;;;N;CIRCLED HANGUL PIEUP;;;;
+326D;CIRCLED HANGUL HIEUH;So;0;L;<circle> 1112;;;;N;;;;;
+326E;CIRCLED HANGUL KIYEOK A;So;0;L;<circle> 1100 1161;;;;N;CIRCLED HANGUL GA;;;;
+326F;CIRCLED HANGUL NIEUN A;So;0;L;<circle> 1102 1161;;;;N;CIRCLED HANGUL NA;;;;
+3270;CIRCLED HANGUL TIKEUT A;So;0;L;<circle> 1103 1161;;;;N;CIRCLED HANGUL DA;;;;
+3271;CIRCLED HANGUL RIEUL A;So;0;L;<circle> 1105 1161;;;;N;CIRCLED HANGUL LA;;;;
+3272;CIRCLED HANGUL MIEUM A;So;0;L;<circle> 1106 1161;;;;N;CIRCLED HANGUL MA;;;;
+3273;CIRCLED HANGUL PIEUP A;So;0;L;<circle> 1107 1161;;;;N;CIRCLED HANGUL BA;;;;
+3274;CIRCLED HANGUL SIOS A;So;0;L;<circle> 1109 1161;;;;N;CIRCLED HANGUL SA;;;;
+3275;CIRCLED HANGUL IEUNG A;So;0;L;<circle> 110B 1161;;;;N;CIRCLED HANGUL A;;;;
+3276;CIRCLED HANGUL CIEUC A;So;0;L;<circle> 110C 1161;;;;N;CIRCLED HANGUL JA;;;;
+3277;CIRCLED HANGUL CHIEUCH A;So;0;L;<circle> 110E 1161;;;;N;CIRCLED HANGUL CA;;;;
+3278;CIRCLED HANGUL KHIEUKH A;So;0;L;<circle> 110F 1161;;;;N;CIRCLED HANGUL KA;;;;
+3279;CIRCLED HANGUL THIEUTH A;So;0;L;<circle> 1110 1161;;;;N;CIRCLED HANGUL TA;;;;
+327A;CIRCLED HANGUL PHIEUPH A;So;0;L;<circle> 1111 1161;;;;N;CIRCLED HANGUL PA;;;;
+327B;CIRCLED HANGUL HIEUH A;So;0;L;<circle> 1112 1161;;;;N;CIRCLED HANGUL HA;;;;
+327F;KOREAN STANDARD SYMBOL;So;0;L;;;;;N;;;;;
+3280;CIRCLED IDEOGRAPH ONE;No;0;L;<circle> 4E00;;;1;N;;;;;
+3281;CIRCLED IDEOGRAPH TWO;No;0;L;<circle> 4E8C;;;2;N;;;;;
+3282;CIRCLED IDEOGRAPH THREE;No;0;L;<circle> 4E09;;;3;N;;;;;
+3283;CIRCLED IDEOGRAPH FOUR;No;0;L;<circle> 56DB;;;4;N;;;;;
+3284;CIRCLED IDEOGRAPH FIVE;No;0;L;<circle> 4E94;;;5;N;;;;;
+3285;CIRCLED IDEOGRAPH SIX;No;0;L;<circle> 516D;;;6;N;;;;;
+3286;CIRCLED IDEOGRAPH SEVEN;No;0;L;<circle> 4E03;;;7;N;;;;;
+3287;CIRCLED IDEOGRAPH EIGHT;No;0;L;<circle> 516B;;;8;N;;;;;
+3288;CIRCLED IDEOGRAPH NINE;No;0;L;<circle> 4E5D;;;9;N;;;;;
+3289;CIRCLED IDEOGRAPH TEN;No;0;L;<circle> 5341;;;10;N;;;;;
+328A;CIRCLED IDEOGRAPH MOON;So;0;L;<circle> 6708;;;;N;;;;;
+328B;CIRCLED IDEOGRAPH FIRE;So;0;L;<circle> 706B;;;;N;;;;;
+328C;CIRCLED IDEOGRAPH WATER;So;0;L;<circle> 6C34;;;;N;;;;;
+328D;CIRCLED IDEOGRAPH WOOD;So;0;L;<circle> 6728;;;;N;;;;;
+328E;CIRCLED IDEOGRAPH METAL;So;0;L;<circle> 91D1;;;;N;;;;;
+328F;CIRCLED IDEOGRAPH EARTH;So;0;L;<circle> 571F;;;;N;;;;;
+3290;CIRCLED IDEOGRAPH SUN;So;0;L;<circle> 65E5;;;;N;;;;;
+3291;CIRCLED IDEOGRAPH STOCK;So;0;L;<circle> 682A;;;;N;;;;;
+3292;CIRCLED IDEOGRAPH HAVE;So;0;L;<circle> 6709;;;;N;;;;;
+3293;CIRCLED IDEOGRAPH SOCIETY;So;0;L;<circle> 793E;;;;N;;;;;
+3294;CIRCLED IDEOGRAPH NAME;So;0;L;<circle> 540D;;;;N;;;;;
+3295;CIRCLED IDEOGRAPH SPECIAL;So;0;L;<circle> 7279;;;;N;;;;;
+3296;CIRCLED IDEOGRAPH FINANCIAL;So;0;L;<circle> 8CA1;;;;N;;;;;
+3297;CIRCLED IDEOGRAPH CONGRATULATION;So;0;L;<circle> 795D;;;;N;;;;;
+3298;CIRCLED IDEOGRAPH LABOR;So;0;L;<circle> 52B4;;;;N;;;;;
+3299;CIRCLED IDEOGRAPH SECRET;So;0;L;<circle> 79D8;;;;N;;;;;
+329A;CIRCLED IDEOGRAPH MALE;So;0;L;<circle> 7537;;;;N;;;;;
+329B;CIRCLED IDEOGRAPH FEMALE;So;0;L;<circle> 5973;;;;N;;;;;
+329C;CIRCLED IDEOGRAPH SUITABLE;So;0;L;<circle> 9069;;;;N;;;;;
+329D;CIRCLED IDEOGRAPH EXCELLENT;So;0;L;<circle> 512A;;;;N;;;;;
+329E;CIRCLED IDEOGRAPH PRINT;So;0;L;<circle> 5370;;;;N;;;;;
+329F;CIRCLED IDEOGRAPH ATTENTION;So;0;L;<circle> 6CE8;;;;N;;;;;
+32A0;CIRCLED IDEOGRAPH ITEM;So;0;L;<circle> 9805;;;;N;;;;;
+32A1;CIRCLED IDEOGRAPH REST;So;0;L;<circle> 4F11;;;;N;;;;;
+32A2;CIRCLED IDEOGRAPH COPY;So;0;L;<circle> 5199;;;;N;;;;;
+32A3;CIRCLED IDEOGRAPH CORRECT;So;0;L;<circle> 6B63;;;;N;;;;;
+32A4;CIRCLED IDEOGRAPH HIGH;So;0;L;<circle> 4E0A;;;;N;;;;;
+32A5;CIRCLED IDEOGRAPH CENTRE;So;0;L;<circle> 4E2D;;;;N;CIRCLED IDEOGRAPH CENTER;;;;
+32A6;CIRCLED IDEOGRAPH LOW;So;0;L;<circle> 4E0B;;;;N;;;;;
+32A7;CIRCLED IDEOGRAPH LEFT;So;0;L;<circle> 5DE6;;;;N;;;;;
+32A8;CIRCLED IDEOGRAPH RIGHT;So;0;L;<circle> 53F3;;;;N;;;;;
+32A9;CIRCLED IDEOGRAPH MEDICINE;So;0;L;<circle> 533B;;;;N;;;;;
+32AA;CIRCLED IDEOGRAPH RELIGION;So;0;L;<circle> 5B97;;;;N;;;;;
+32AB;CIRCLED IDEOGRAPH STUDY;So;0;L;<circle> 5B66;;;;N;;;;;
+32AC;CIRCLED IDEOGRAPH SUPERVISE;So;0;L;<circle> 76E3;;;;N;;;;;
+32AD;CIRCLED IDEOGRAPH ENTERPRISE;So;0;L;<circle> 4F01;;;;N;;;;;
+32AE;CIRCLED IDEOGRAPH RESOURCE;So;0;L;<circle> 8CC7;;;;N;;;;;
+32AF;CIRCLED IDEOGRAPH ALLIANCE;So;0;L;<circle> 5354;;;;N;;;;;
+32B0;CIRCLED IDEOGRAPH NIGHT;So;0;L;<circle> 591C;;;;N;;;;;
+32B1;CIRCLED NUMBER THIRTY SIX;No;0;ON;<circle> 0033 0036;;;36;N;;;;;
+32B2;CIRCLED NUMBER THIRTY SEVEN;No;0;ON;<circle> 0033 0037;;;37;N;;;;;
+32B3;CIRCLED NUMBER THIRTY EIGHT;No;0;ON;<circle> 0033 0038;;;38;N;;;;;
+32B4;CIRCLED NUMBER THIRTY NINE;No;0;ON;<circle> 0033 0039;;;39;N;;;;;
+32B5;CIRCLED NUMBER FORTY;No;0;ON;<circle> 0034 0030;;;40;N;;;;;
+32B6;CIRCLED NUMBER FORTY ONE;No;0;ON;<circle> 0034 0031;;;41;N;;;;;
+32B7;CIRCLED NUMBER FORTY TWO;No;0;ON;<circle> 0034 0032;;;42;N;;;;;
+32B8;CIRCLED NUMBER FORTY THREE;No;0;ON;<circle> 0034 0033;;;43;N;;;;;
+32B9;CIRCLED NUMBER FORTY FOUR;No;0;ON;<circle> 0034 0034;;;44;N;;;;;
+32BA;CIRCLED NUMBER FORTY FIVE;No;0;ON;<circle> 0034 0035;;;45;N;;;;;
+32BB;CIRCLED NUMBER FORTY SIX;No;0;ON;<circle> 0034 0036;;;46;N;;;;;
+32BC;CIRCLED NUMBER FORTY SEVEN;No;0;ON;<circle> 0034 0037;;;47;N;;;;;
+32BD;CIRCLED NUMBER FORTY EIGHT;No;0;ON;<circle> 0034 0038;;;48;N;;;;;
+32BE;CIRCLED NUMBER FORTY NINE;No;0;ON;<circle> 0034 0039;;;49;N;;;;;
+32BF;CIRCLED NUMBER FIFTY;No;0;ON;<circle> 0035 0030;;;50;N;;;;;
+32C0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY;So;0;L;<compat> 0031 6708;;;;N;;;;;
+32C1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY;So;0;L;<compat> 0032 6708;;;;N;;;;;
+32C2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH;So;0;L;<compat> 0033 6708;;;;N;;;;;
+32C3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL;So;0;L;<compat> 0034 6708;;;;N;;;;;
+32C4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY;So;0;L;<compat> 0035 6708;;;;N;;;;;
+32C5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE;So;0;L;<compat> 0036 6708;;;;N;;;;;
+32C6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY;So;0;L;<compat> 0037 6708;;;;N;;;;;
+32C7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST;So;0;L;<compat> 0038 6708;;;;N;;;;;
+32C8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER;So;0;L;<compat> 0039 6708;;;;N;;;;;
+32C9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER;So;0;L;<compat> 0031 0030 6708;;;;N;;;;;
+32CA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER;So;0;L;<compat> 0031 0031 6708;;;;N;;;;;
+32CB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER;So;0;L;<compat> 0031 0032 6708;;;;N;;;;;
+32D0;CIRCLED KATAKANA A;So;0;L;<circle> 30A2;;;;N;;;;;
+32D1;CIRCLED KATAKANA I;So;0;L;<circle> 30A4;;;;N;;;;;
+32D2;CIRCLED KATAKANA U;So;0;L;<circle> 30A6;;;;N;;;;;
+32D3;CIRCLED KATAKANA E;So;0;L;<circle> 30A8;;;;N;;;;;
+32D4;CIRCLED KATAKANA O;So;0;L;<circle> 30AA;;;;N;;;;;
+32D5;CIRCLED KATAKANA KA;So;0;L;<circle> 30AB;;;;N;;;;;
+32D6;CIRCLED KATAKANA KI;So;0;L;<circle> 30AD;;;;N;;;;;
+32D7;CIRCLED KATAKANA KU;So;0;L;<circle> 30AF;;;;N;;;;;
+32D8;CIRCLED KATAKANA KE;So;0;L;<circle> 30B1;;;;N;;;;;
+32D9;CIRCLED KATAKANA KO;So;0;L;<circle> 30B3;;;;N;;;;;
+32DA;CIRCLED KATAKANA SA;So;0;L;<circle> 30B5;;;;N;;;;;
+32DB;CIRCLED KATAKANA SI;So;0;L;<circle> 30B7;;;;N;;;;;
+32DC;CIRCLED KATAKANA SU;So;0;L;<circle> 30B9;;;;N;;;;;
+32DD;CIRCLED KATAKANA SE;So;0;L;<circle> 30BB;;;;N;;;;;
+32DE;CIRCLED KATAKANA SO;So;0;L;<circle> 30BD;;;;N;;;;;
+32DF;CIRCLED KATAKANA TA;So;0;L;<circle> 30BF;;;;N;;;;;
+32E0;CIRCLED KATAKANA TI;So;0;L;<circle> 30C1;;;;N;;;;;
+32E1;CIRCLED KATAKANA TU;So;0;L;<circle> 30C4;;;;N;;;;;
+32E2;CIRCLED KATAKANA TE;So;0;L;<circle> 30C6;;;;N;;;;;
+32E3;CIRCLED KATAKANA TO;So;0;L;<circle> 30C8;;;;N;;;;;
+32E4;CIRCLED KATAKANA NA;So;0;L;<circle> 30CA;;;;N;;;;;
+32E5;CIRCLED KATAKANA NI;So;0;L;<circle> 30CB;;;;N;;;;;
+32E6;CIRCLED KATAKANA NU;So;0;L;<circle> 30CC;;;;N;;;;;
+32E7;CIRCLED KATAKANA NE;So;0;L;<circle> 30CD;;;;N;;;;;
+32E8;CIRCLED KATAKANA NO;So;0;L;<circle> 30CE;;;;N;;;;;
+32E9;CIRCLED KATAKANA HA;So;0;L;<circle> 30CF;;;;N;;;;;
+32EA;CIRCLED KATAKANA HI;So;0;L;<circle> 30D2;;;;N;;;;;
+32EB;CIRCLED KATAKANA HU;So;0;L;<circle> 30D5;;;;N;;;;;
+32EC;CIRCLED KATAKANA HE;So;0;L;<circle> 30D8;;;;N;;;;;
+32ED;CIRCLED KATAKANA HO;So;0;L;<circle> 30DB;;;;N;;;;;
+32EE;CIRCLED KATAKANA MA;So;0;L;<circle> 30DE;;;;N;;;;;
+32EF;CIRCLED KATAKANA MI;So;0;L;<circle> 30DF;;;;N;;;;;
+32F0;CIRCLED KATAKANA MU;So;0;L;<circle> 30E0;;;;N;;;;;
+32F1;CIRCLED KATAKANA ME;So;0;L;<circle> 30E1;;;;N;;;;;
+32F2;CIRCLED KATAKANA MO;So;0;L;<circle> 30E2;;;;N;;;;;
+32F3;CIRCLED KATAKANA YA;So;0;L;<circle> 30E4;;;;N;;;;;
+32F4;CIRCLED KATAKANA YU;So;0;L;<circle> 30E6;;;;N;;;;;
+32F5;CIRCLED KATAKANA YO;So;0;L;<circle> 30E8;;;;N;;;;;
+32F6;CIRCLED KATAKANA RA;So;0;L;<circle> 30E9;;;;N;;;;;
+32F7;CIRCLED KATAKANA RI;So;0;L;<circle> 30EA;;;;N;;;;;
+32F8;CIRCLED KATAKANA RU;So;0;L;<circle> 30EB;;;;N;;;;;
+32F9;CIRCLED KATAKANA RE;So;0;L;<circle> 30EC;;;;N;;;;;
+32FA;CIRCLED KATAKANA RO;So;0;L;<circle> 30ED;;;;N;;;;;
+32FB;CIRCLED KATAKANA WA;So;0;L;<circle> 30EF;;;;N;;;;;
+32FC;CIRCLED KATAKANA WI;So;0;L;<circle> 30F0;;;;N;;;;;
+32FD;CIRCLED KATAKANA WE;So;0;L;<circle> 30F1;;;;N;;;;;
+32FE;CIRCLED KATAKANA WO;So;0;L;<circle> 30F2;;;;N;;;;;
+3300;SQUARE APAATO;So;0;L;<square> 30A2 30D1 30FC 30C8;;;;N;SQUARED APAATO;;;;
+3301;SQUARE ARUHUA;So;0;L;<square> 30A2 30EB 30D5 30A1;;;;N;SQUARED ARUHUA;;;;
+3302;SQUARE ANPEA;So;0;L;<square> 30A2 30F3 30DA 30A2;;;;N;SQUARED ANPEA;;;;
+3303;SQUARE AARU;So;0;L;<square> 30A2 30FC 30EB;;;;N;SQUARED AARU;;;;
+3304;SQUARE ININGU;So;0;L;<square> 30A4 30CB 30F3 30B0;;;;N;SQUARED ININGU;;;;
+3305;SQUARE INTI;So;0;L;<square> 30A4 30F3 30C1;;;;N;SQUARED INTI;;;;
+3306;SQUARE UON;So;0;L;<square> 30A6 30A9 30F3;;;;N;SQUARED UON;;;;
+3307;SQUARE ESUKUUDO;So;0;L;<square> 30A8 30B9 30AF 30FC 30C9;;;;N;SQUARED ESUKUUDO;;;;
+3308;SQUARE EEKAA;So;0;L;<square> 30A8 30FC 30AB 30FC;;;;N;SQUARED EEKAA;;;;
+3309;SQUARE ONSU;So;0;L;<square> 30AA 30F3 30B9;;;;N;SQUARED ONSU;;;;
+330A;SQUARE OOMU;So;0;L;<square> 30AA 30FC 30E0;;;;N;SQUARED OOMU;;;;
+330B;SQUARE KAIRI;So;0;L;<square> 30AB 30A4 30EA;;;;N;SQUARED KAIRI;;;;
+330C;SQUARE KARATTO;So;0;L;<square> 30AB 30E9 30C3 30C8;;;;N;SQUARED KARATTO;;;;
+330D;SQUARE KARORII;So;0;L;<square> 30AB 30ED 30EA 30FC;;;;N;SQUARED KARORII;;;;
+330E;SQUARE GARON;So;0;L;<square> 30AC 30ED 30F3;;;;N;SQUARED GARON;;;;
+330F;SQUARE GANMA;So;0;L;<square> 30AC 30F3 30DE;;;;N;SQUARED GANMA;;;;
+3310;SQUARE GIGA;So;0;L;<square> 30AE 30AC;;;;N;SQUARED GIGA;;;;
+3311;SQUARE GINII;So;0;L;<square> 30AE 30CB 30FC;;;;N;SQUARED GINII;;;;
+3312;SQUARE KYURII;So;0;L;<square> 30AD 30E5 30EA 30FC;;;;N;SQUARED KYURII;;;;
+3313;SQUARE GIRUDAA;So;0;L;<square> 30AE 30EB 30C0 30FC;;;;N;SQUARED GIRUDAA;;;;
+3314;SQUARE KIRO;So;0;L;<square> 30AD 30ED;;;;N;SQUARED KIRO;;;;
+3315;SQUARE KIROGURAMU;So;0;L;<square> 30AD 30ED 30B0 30E9 30E0;;;;N;SQUARED KIROGURAMU;;;;
+3316;SQUARE KIROMEETORU;So;0;L;<square> 30AD 30ED 30E1 30FC 30C8 30EB;;;;N;SQUARED KIROMEETORU;;;;
+3317;SQUARE KIROWATTO;So;0;L;<square> 30AD 30ED 30EF 30C3 30C8;;;;N;SQUARED KIROWATTO;;;;
+3318;SQUARE GURAMU;So;0;L;<square> 30B0 30E9 30E0;;;;N;SQUARED GURAMU;;;;
+3319;SQUARE GURAMUTON;So;0;L;<square> 30B0 30E9 30E0 30C8 30F3;;;;N;SQUARED GURAMUTON;;;;
+331A;SQUARE KURUZEIRO;So;0;L;<square> 30AF 30EB 30BC 30A4 30ED;;;;N;SQUARED KURUZEIRO;;;;
+331B;SQUARE KUROONE;So;0;L;<square> 30AF 30ED 30FC 30CD;;;;N;SQUARED KUROONE;;;;
+331C;SQUARE KEESU;So;0;L;<square> 30B1 30FC 30B9;;;;N;SQUARED KEESU;;;;
+331D;SQUARE KORUNA;So;0;L;<square> 30B3 30EB 30CA;;;;N;SQUARED KORUNA;;;;
+331E;SQUARE KOOPO;So;0;L;<square> 30B3 30FC 30DD;;;;N;SQUARED KOOPO;;;;
+331F;SQUARE SAIKURU;So;0;L;<square> 30B5 30A4 30AF 30EB;;;;N;SQUARED SAIKURU;;;;
+3320;SQUARE SANTIIMU;So;0;L;<square> 30B5 30F3 30C1 30FC 30E0;;;;N;SQUARED SANTIIMU;;;;
+3321;SQUARE SIRINGU;So;0;L;<square> 30B7 30EA 30F3 30B0;;;;N;SQUARED SIRINGU;;;;
+3322;SQUARE SENTI;So;0;L;<square> 30BB 30F3 30C1;;;;N;SQUARED SENTI;;;;
+3323;SQUARE SENTO;So;0;L;<square> 30BB 30F3 30C8;;;;N;SQUARED SENTO;;;;
+3324;SQUARE DAASU;So;0;L;<square> 30C0 30FC 30B9;;;;N;SQUARED DAASU;;;;
+3325;SQUARE DESI;So;0;L;<square> 30C7 30B7;;;;N;SQUARED DESI;;;;
+3326;SQUARE DORU;So;0;L;<square> 30C9 30EB;;;;N;SQUARED DORU;;;;
+3327;SQUARE TON;So;0;L;<square> 30C8 30F3;;;;N;SQUARED TON;;;;
+3328;SQUARE NANO;So;0;L;<square> 30CA 30CE;;;;N;SQUARED NANO;;;;
+3329;SQUARE NOTTO;So;0;L;<square> 30CE 30C3 30C8;;;;N;SQUARED NOTTO;;;;
+332A;SQUARE HAITU;So;0;L;<square> 30CF 30A4 30C4;;;;N;SQUARED HAITU;;;;
+332B;SQUARE PAASENTO;So;0;L;<square> 30D1 30FC 30BB 30F3 30C8;;;;N;SQUARED PAASENTO;;;;
+332C;SQUARE PAATU;So;0;L;<square> 30D1 30FC 30C4;;;;N;SQUARED PAATU;;;;
+332D;SQUARE BAARERU;So;0;L;<square> 30D0 30FC 30EC 30EB;;;;N;SQUARED BAARERU;;;;
+332E;SQUARE PIASUTORU;So;0;L;<square> 30D4 30A2 30B9 30C8 30EB;;;;N;SQUARED PIASUTORU;;;;
+332F;SQUARE PIKURU;So;0;L;<square> 30D4 30AF 30EB;;;;N;SQUARED PIKURU;;;;
+3330;SQUARE PIKO;So;0;L;<square> 30D4 30B3;;;;N;SQUARED PIKO;;;;
+3331;SQUARE BIRU;So;0;L;<square> 30D3 30EB;;;;N;SQUARED BIRU;;;;
+3332;SQUARE HUARADDO;So;0;L;<square> 30D5 30A1 30E9 30C3 30C9;;;;N;SQUARED HUARADDO;;;;
+3333;SQUARE HUIITO;So;0;L;<square> 30D5 30A3 30FC 30C8;;;;N;SQUARED HUIITO;;;;
+3334;SQUARE BUSSYERU;So;0;L;<square> 30D6 30C3 30B7 30A7 30EB;;;;N;SQUARED BUSSYERU;;;;
+3335;SQUARE HURAN;So;0;L;<square> 30D5 30E9 30F3;;;;N;SQUARED HURAN;;;;
+3336;SQUARE HEKUTAARU;So;0;L;<square> 30D8 30AF 30BF 30FC 30EB;;;;N;SQUARED HEKUTAARU;;;;
+3337;SQUARE PESO;So;0;L;<square> 30DA 30BD;;;;N;SQUARED PESO;;;;
+3338;SQUARE PENIHI;So;0;L;<square> 30DA 30CB 30D2;;;;N;SQUARED PENIHI;;;;
+3339;SQUARE HERUTU;So;0;L;<square> 30D8 30EB 30C4;;;;N;SQUARED HERUTU;;;;
+333A;SQUARE PENSU;So;0;L;<square> 30DA 30F3 30B9;;;;N;SQUARED PENSU;;;;
+333B;SQUARE PEEZI;So;0;L;<square> 30DA 30FC 30B8;;;;N;SQUARED PEEZI;;;;
+333C;SQUARE BEETA;So;0;L;<square> 30D9 30FC 30BF;;;;N;SQUARED BEETA;;;;
+333D;SQUARE POINTO;So;0;L;<square> 30DD 30A4 30F3 30C8;;;;N;SQUARED POINTO;;;;
+333E;SQUARE BORUTO;So;0;L;<square> 30DC 30EB 30C8;;;;N;SQUARED BORUTO;;;;
+333F;SQUARE HON;So;0;L;<square> 30DB 30F3;;;;N;SQUARED HON;;;;
+3340;SQUARE PONDO;So;0;L;<square> 30DD 30F3 30C9;;;;N;SQUARED PONDO;;;;
+3341;SQUARE HOORU;So;0;L;<square> 30DB 30FC 30EB;;;;N;SQUARED HOORU;;;;
+3342;SQUARE HOON;So;0;L;<square> 30DB 30FC 30F3;;;;N;SQUARED HOON;;;;
+3343;SQUARE MAIKURO;So;0;L;<square> 30DE 30A4 30AF 30ED;;;;N;SQUARED MAIKURO;;;;
+3344;SQUARE MAIRU;So;0;L;<square> 30DE 30A4 30EB;;;;N;SQUARED MAIRU;;;;
+3345;SQUARE MAHHA;So;0;L;<square> 30DE 30C3 30CF;;;;N;SQUARED MAHHA;;;;
+3346;SQUARE MARUKU;So;0;L;<square> 30DE 30EB 30AF;;;;N;SQUARED MARUKU;;;;
+3347;SQUARE MANSYON;So;0;L;<square> 30DE 30F3 30B7 30E7 30F3;;;;N;SQUARED MANSYON;;;;
+3348;SQUARE MIKURON;So;0;L;<square> 30DF 30AF 30ED 30F3;;;;N;SQUARED MIKURON;;;;
+3349;SQUARE MIRI;So;0;L;<square> 30DF 30EA;;;;N;SQUARED MIRI;;;;
+334A;SQUARE MIRIBAARU;So;0;L;<square> 30DF 30EA 30D0 30FC 30EB;;;;N;SQUARED MIRIBAARU;;;;
+334B;SQUARE MEGA;So;0;L;<square> 30E1 30AC;;;;N;SQUARED MEGA;;;;
+334C;SQUARE MEGATON;So;0;L;<square> 30E1 30AC 30C8 30F3;;;;N;SQUARED MEGATON;;;;
+334D;SQUARE MEETORU;So;0;L;<square> 30E1 30FC 30C8 30EB;;;;N;SQUARED MEETORU;;;;
+334E;SQUARE YAADO;So;0;L;<square> 30E4 30FC 30C9;;;;N;SQUARED YAADO;;;;
+334F;SQUARE YAARU;So;0;L;<square> 30E4 30FC 30EB;;;;N;SQUARED YAARU;;;;
+3350;SQUARE YUAN;So;0;L;<square> 30E6 30A2 30F3;;;;N;SQUARED YUAN;;;;
+3351;SQUARE RITTORU;So;0;L;<square> 30EA 30C3 30C8 30EB;;;;N;SQUARED RITTORU;;;;
+3352;SQUARE RIRA;So;0;L;<square> 30EA 30E9;;;;N;SQUARED RIRA;;;;
+3353;SQUARE RUPII;So;0;L;<square> 30EB 30D4 30FC;;;;N;SQUARED RUPII;;;;
+3354;SQUARE RUUBURU;So;0;L;<square> 30EB 30FC 30D6 30EB;;;;N;SQUARED RUUBURU;;;;
+3355;SQUARE REMU;So;0;L;<square> 30EC 30E0;;;;N;SQUARED REMU;;;;
+3356;SQUARE RENTOGEN;So;0;L;<square> 30EC 30F3 30C8 30B2 30F3;;;;N;SQUARED RENTOGEN;;;;
+3357;SQUARE WATTO;So;0;L;<square> 30EF 30C3 30C8;;;;N;SQUARED WATTO;;;;
+3358;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO;So;0;L;<compat> 0030 70B9;;;;N;;;;;
+3359;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE;So;0;L;<compat> 0031 70B9;;;;N;;;;;
+335A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO;So;0;L;<compat> 0032 70B9;;;;N;;;;;
+335B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE;So;0;L;<compat> 0033 70B9;;;;N;;;;;
+335C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR;So;0;L;<compat> 0034 70B9;;;;N;;;;;
+335D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE;So;0;L;<compat> 0035 70B9;;;;N;;;;;
+335E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX;So;0;L;<compat> 0036 70B9;;;;N;;;;;
+335F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN;So;0;L;<compat> 0037 70B9;;;;N;;;;;
+3360;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT;So;0;L;<compat> 0038 70B9;;;;N;;;;;
+3361;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE;So;0;L;<compat> 0039 70B9;;;;N;;;;;
+3362;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN;So;0;L;<compat> 0031 0030 70B9;;;;N;;;;;
+3363;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN;So;0;L;<compat> 0031 0031 70B9;;;;N;;;;;
+3364;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE;So;0;L;<compat> 0031 0032 70B9;;;;N;;;;;
+3365;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN;So;0;L;<compat> 0031 0033 70B9;;;;N;;;;;
+3366;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN;So;0;L;<compat> 0031 0034 70B9;;;;N;;;;;
+3367;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN;So;0;L;<compat> 0031 0035 70B9;;;;N;;;;;
+3368;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN;So;0;L;<compat> 0031 0036 70B9;;;;N;;;;;
+3369;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN;So;0;L;<compat> 0031 0037 70B9;;;;N;;;;;
+336A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN;So;0;L;<compat> 0031 0038 70B9;;;;N;;;;;
+336B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN;So;0;L;<compat> 0031 0039 70B9;;;;N;;;;;
+336C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY;So;0;L;<compat> 0032 0030 70B9;;;;N;;;;;
+336D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE;So;0;L;<compat> 0032 0031 70B9;;;;N;;;;;
+336E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO;So;0;L;<compat> 0032 0032 70B9;;;;N;;;;;
+336F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE;So;0;L;<compat> 0032 0033 70B9;;;;N;;;;;
+3370;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR;So;0;L;<compat> 0032 0034 70B9;;;;N;;;;;
+3371;SQUARE HPA;So;0;L;<square> 0068 0050 0061;;;;N;;;;;
+3372;SQUARE DA;So;0;L;<square> 0064 0061;;;;N;;;;;
+3373;SQUARE AU;So;0;L;<square> 0041 0055;;;;N;;;;;
+3374;SQUARE BAR;So;0;L;<square> 0062 0061 0072;;;;N;;;;;
+3375;SQUARE OV;So;0;L;<square> 006F 0056;;;;N;;;;;
+3376;SQUARE PC;So;0;L;<square> 0070 0063;;;;N;;;;;
+337B;SQUARE ERA NAME HEISEI;So;0;L;<square> 5E73 6210;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME HEISEI;;;;
+337C;SQUARE ERA NAME SYOUWA;So;0;L;<square> 662D 548C;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME SYOUWA;;;;
+337D;SQUARE ERA NAME TAISYOU;So;0;L;<square> 5927 6B63;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME TAISYOU;;;;
+337E;SQUARE ERA NAME MEIZI;So;0;L;<square> 660E 6CBB;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME MEIZI;;;;
+337F;SQUARE CORPORATION;So;0;L;<square> 682A 5F0F 4F1A 793E;;;;N;SQUARED FOUR IDEOGRAPHS CORPORATION;;;;
+3380;SQUARE PA AMPS;So;0;L;<square> 0070 0041;;;;N;SQUARED PA AMPS;;;;
+3381;SQUARE NA;So;0;L;<square> 006E 0041;;;;N;SQUARED NA;;;;
+3382;SQUARE MU A;So;0;L;<square> 03BC 0041;;;;N;SQUARED MU A;;;;
+3383;SQUARE MA;So;0;L;<square> 006D 0041;;;;N;SQUARED MA;;;;
+3384;SQUARE KA;So;0;L;<square> 006B 0041;;;;N;SQUARED KA;;;;
+3385;SQUARE KB;So;0;L;<square> 004B 0042;;;;N;SQUARED KB;;;;
+3386;SQUARE MB;So;0;L;<square> 004D 0042;;;;N;SQUARED MB;;;;
+3387;SQUARE GB;So;0;L;<square> 0047 0042;;;;N;SQUARED GB;;;;
+3388;SQUARE CAL;So;0;L;<square> 0063 0061 006C;;;;N;SQUARED CAL;;;;
+3389;SQUARE KCAL;So;0;L;<square> 006B 0063 0061 006C;;;;N;SQUARED KCAL;;;;
+338A;SQUARE PF;So;0;L;<square> 0070 0046;;;;N;SQUARED PF;;;;
+338B;SQUARE NF;So;0;L;<square> 006E 0046;;;;N;SQUARED NF;;;;
+338C;SQUARE MU F;So;0;L;<square> 03BC 0046;;;;N;SQUARED MU F;;;;
+338D;SQUARE MU G;So;0;L;<square> 03BC 0067;;;;N;SQUARED MU G;;;;
+338E;SQUARE MG;So;0;L;<square> 006D 0067;;;;N;SQUARED MG;;;;
+338F;SQUARE KG;So;0;L;<square> 006B 0067;;;;N;SQUARED KG;;;;
+3390;SQUARE HZ;So;0;L;<square> 0048 007A;;;;N;SQUARED HZ;;;;
+3391;SQUARE KHZ;So;0;L;<square> 006B 0048 007A;;;;N;SQUARED KHZ;;;;
+3392;SQUARE MHZ;So;0;L;<square> 004D 0048 007A;;;;N;SQUARED MHZ;;;;
+3393;SQUARE GHZ;So;0;L;<square> 0047 0048 007A;;;;N;SQUARED GHZ;;;;
+3394;SQUARE THZ;So;0;L;<square> 0054 0048 007A;;;;N;SQUARED THZ;;;;
+3395;SQUARE MU L;So;0;L;<square> 03BC 2113;;;;N;SQUARED MU L;;;;
+3396;SQUARE ML;So;0;L;<square> 006D 2113;;;;N;SQUARED ML;;;;
+3397;SQUARE DL;So;0;L;<square> 0064 2113;;;;N;SQUARED DL;;;;
+3398;SQUARE KL;So;0;L;<square> 006B 2113;;;;N;SQUARED KL;;;;
+3399;SQUARE FM;So;0;L;<square> 0066 006D;;;;N;SQUARED FM;;;;
+339A;SQUARE NM;So;0;L;<square> 006E 006D;;;;N;SQUARED NM;;;;
+339B;SQUARE MU M;So;0;L;<square> 03BC 006D;;;;N;SQUARED MU M;;;;
+339C;SQUARE MM;So;0;L;<square> 006D 006D;;;;N;SQUARED MM;;;;
+339D;SQUARE CM;So;0;L;<square> 0063 006D;;;;N;SQUARED CM;;;;
+339E;SQUARE KM;So;0;L;<square> 006B 006D;;;;N;SQUARED KM;;;;
+339F;SQUARE MM SQUARED;So;0;L;<square> 006D 006D 00B2;;;;N;SQUARED MM SQUARED;;;;
+33A0;SQUARE CM SQUARED;So;0;L;<square> 0063 006D 00B2;;;;N;SQUARED CM SQUARED;;;;
+33A1;SQUARE M SQUARED;So;0;L;<square> 006D 00B2;;;;N;SQUARED M SQUARED;;;;
+33A2;SQUARE KM SQUARED;So;0;L;<square> 006B 006D 00B2;;;;N;SQUARED KM SQUARED;;;;
+33A3;SQUARE MM CUBED;So;0;L;<square> 006D 006D 00B3;;;;N;SQUARED MM CUBED;;;;
+33A4;SQUARE CM CUBED;So;0;L;<square> 0063 006D 00B3;;;;N;SQUARED CM CUBED;;;;
+33A5;SQUARE M CUBED;So;0;L;<square> 006D 00B3;;;;N;SQUARED M CUBED;;;;
+33A6;SQUARE KM CUBED;So;0;L;<square> 006B 006D 00B3;;;;N;SQUARED KM CUBED;;;;
+33A7;SQUARE M OVER S;So;0;L;<square> 006D 2215 0073;;;;N;SQUARED M OVER S;;;;
+33A8;SQUARE M OVER S SQUARED;So;0;L;<square> 006D 2215 0073 00B2;;;;N;SQUARED M OVER S SQUARED;;;;
+33A9;SQUARE PA;So;0;L;<square> 0050 0061;;;;N;SQUARED PA;;;;
+33AA;SQUARE KPA;So;0;L;<square> 006B 0050 0061;;;;N;SQUARED KPA;;;;
+33AB;SQUARE MPA;So;0;L;<square> 004D 0050 0061;;;;N;SQUARED MPA;;;;
+33AC;SQUARE GPA;So;0;L;<square> 0047 0050 0061;;;;N;SQUARED GPA;;;;
+33AD;SQUARE RAD;So;0;L;<square> 0072 0061 0064;;;;N;SQUARED RAD;;;;
+33AE;SQUARE RAD OVER S;So;0;L;<square> 0072 0061 0064 2215 0073;;;;N;SQUARED RAD OVER S;;;;
+33AF;SQUARE RAD OVER S SQUARED;So;0;L;<square> 0072 0061 0064 2215 0073 00B2;;;;N;SQUARED RAD OVER S SQUARED;;;;
+33B0;SQUARE PS;So;0;L;<square> 0070 0073;;;;N;SQUARED PS;;;;
+33B1;SQUARE NS;So;0;L;<square> 006E 0073;;;;N;SQUARED NS;;;;
+33B2;SQUARE MU S;So;0;L;<square> 03BC 0073;;;;N;SQUARED MU S;;;;
+33B3;SQUARE MS;So;0;L;<square> 006D 0073;;;;N;SQUARED MS;;;;
+33B4;SQUARE PV;So;0;L;<square> 0070 0056;;;;N;SQUARED PV;;;;
+33B5;SQUARE NV;So;0;L;<square> 006E 0056;;;;N;SQUARED NV;;;;
+33B6;SQUARE MU V;So;0;L;<square> 03BC 0056;;;;N;SQUARED MU V;;;;
+33B7;SQUARE MV;So;0;L;<square> 006D 0056;;;;N;SQUARED MV;;;;
+33B8;SQUARE KV;So;0;L;<square> 006B 0056;;;;N;SQUARED KV;;;;
+33B9;SQUARE MV MEGA;So;0;L;<square> 004D 0056;;;;N;SQUARED MV MEGA;;;;
+33BA;SQUARE PW;So;0;L;<square> 0070 0057;;;;N;SQUARED PW;;;;
+33BB;SQUARE NW;So;0;L;<square> 006E 0057;;;;N;SQUARED NW;;;;
+33BC;SQUARE MU W;So;0;L;<square> 03BC 0057;;;;N;SQUARED MU W;;;;
+33BD;SQUARE MW;So;0;L;<square> 006D 0057;;;;N;SQUARED MW;;;;
+33BE;SQUARE KW;So;0;L;<square> 006B 0057;;;;N;SQUARED KW;;;;
+33BF;SQUARE MW MEGA;So;0;L;<square> 004D 0057;;;;N;SQUARED MW MEGA;;;;
+33C0;SQUARE K OHM;So;0;L;<square> 006B 03A9;;;;N;SQUARED K OHM;;;;
+33C1;SQUARE M OHM;So;0;L;<square> 004D 03A9;;;;N;SQUARED M OHM;;;;
+33C2;SQUARE AM;So;0;L;<square> 0061 002E 006D 002E;;;;N;SQUARED AM;;;;
+33C3;SQUARE BQ;So;0;L;<square> 0042 0071;;;;N;SQUARED BQ;;;;
+33C4;SQUARE CC;So;0;L;<square> 0063 0063;;;;N;SQUARED CC;;;;
+33C5;SQUARE CD;So;0;L;<square> 0063 0064;;;;N;SQUARED CD;;;;
+33C6;SQUARE C OVER KG;So;0;L;<square> 0043 2215 006B 0067;;;;N;SQUARED C OVER KG;;;;
+33C7;SQUARE CO;So;0;L;<square> 0043 006F 002E;;;;N;SQUARED CO;;;;
+33C8;SQUARE DB;So;0;L;<square> 0064 0042;;;;N;SQUARED DB;;;;
+33C9;SQUARE GY;So;0;L;<square> 0047 0079;;;;N;SQUARED GY;;;;
+33CA;SQUARE HA;So;0;L;<square> 0068 0061;;;;N;SQUARED HA;;;;
+33CB;SQUARE HP;So;0;L;<square> 0048 0050;;;;N;SQUARED HP;;;;
+33CC;SQUARE IN;So;0;L;<square> 0069 006E;;;;N;SQUARED IN;;;;
+33CD;SQUARE KK;So;0;L;<square> 004B 004B;;;;N;SQUARED KK;;;;
+33CE;SQUARE KM CAPITAL;So;0;L;<square> 004B 004D;;;;N;SQUARED KM CAPITAL;;;;
+33CF;SQUARE KT;So;0;L;<square> 006B 0074;;;;N;SQUARED KT;;;;
+33D0;SQUARE LM;So;0;L;<square> 006C 006D;;;;N;SQUARED LM;;;;
+33D1;SQUARE LN;So;0;L;<square> 006C 006E;;;;N;SQUARED LN;;;;
+33D2;SQUARE LOG;So;0;L;<square> 006C 006F 0067;;;;N;SQUARED LOG;;;;
+33D3;SQUARE LX;So;0;L;<square> 006C 0078;;;;N;SQUARED LX;;;;
+33D4;SQUARE MB SMALL;So;0;L;<square> 006D 0062;;;;N;SQUARED MB SMALL;;;;
+33D5;SQUARE MIL;So;0;L;<square> 006D 0069 006C;;;;N;SQUARED MIL;;;;
+33D6;SQUARE MOL;So;0;L;<square> 006D 006F 006C;;;;N;SQUARED MOL;;;;
+33D7;SQUARE PH;So;0;L;<square> 0050 0048;;;;N;SQUARED PH;;;;
+33D8;SQUARE PM;So;0;L;<square> 0070 002E 006D 002E;;;;N;SQUARED PM;;;;
+33D9;SQUARE PPM;So;0;L;<square> 0050 0050 004D;;;;N;SQUARED PPM;;;;
+33DA;SQUARE PR;So;0;L;<square> 0050 0052;;;;N;SQUARED PR;;;;
+33DB;SQUARE SR;So;0;L;<square> 0073 0072;;;;N;SQUARED SR;;;;
+33DC;SQUARE SV;So;0;L;<square> 0053 0076;;;;N;SQUARED SV;;;;
+33DD;SQUARE WB;So;0;L;<square> 0057 0062;;;;N;SQUARED WB;;;;
+33E0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE;So;0;L;<compat> 0031 65E5;;;;N;;;;;
+33E1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO;So;0;L;<compat> 0032 65E5;;;;N;;;;;
+33E2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE;So;0;L;<compat> 0033 65E5;;;;N;;;;;
+33E3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR;So;0;L;<compat> 0034 65E5;;;;N;;;;;
+33E4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE;So;0;L;<compat> 0035 65E5;;;;N;;;;;
+33E5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX;So;0;L;<compat> 0036 65E5;;;;N;;;;;
+33E6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN;So;0;L;<compat> 0037 65E5;;;;N;;;;;
+33E7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT;So;0;L;<compat> 0038 65E5;;;;N;;;;;
+33E8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE;So;0;L;<compat> 0039 65E5;;;;N;;;;;
+33E9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN;So;0;L;<compat> 0031 0030 65E5;;;;N;;;;;
+33EA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN;So;0;L;<compat> 0031 0031 65E5;;;;N;;;;;
+33EB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE;So;0;L;<compat> 0031 0032 65E5;;;;N;;;;;
+33EC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN;So;0;L;<compat> 0031 0033 65E5;;;;N;;;;;
+33ED;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN;So;0;L;<compat> 0031 0034 65E5;;;;N;;;;;
+33EE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN;So;0;L;<compat> 0031 0035 65E5;;;;N;;;;;
+33EF;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN;So;0;L;<compat> 0031 0036 65E5;;;;N;;;;;
+33F0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN;So;0;L;<compat> 0031 0037 65E5;;;;N;;;;;
+33F1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN;So;0;L;<compat> 0031 0038 65E5;;;;N;;;;;
+33F2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN;So;0;L;<compat> 0031 0039 65E5;;;;N;;;;;
+33F3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY;So;0;L;<compat> 0032 0030 65E5;;;;N;;;;;
+33F4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE;So;0;L;<compat> 0032 0031 65E5;;;;N;;;;;
+33F5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO;So;0;L;<compat> 0032 0032 65E5;;;;N;;;;;
+33F6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE;So;0;L;<compat> 0032 0033 65E5;;;;N;;;;;
+33F7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR;So;0;L;<compat> 0032 0034 65E5;;;;N;;;;;
+33F8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE;So;0;L;<compat> 0032 0035 65E5;;;;N;;;;;
+33F9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX;So;0;L;<compat> 0032 0036 65E5;;;;N;;;;;
+33FA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN;So;0;L;<compat> 0032 0037 65E5;;;;N;;;;;
+33FB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT;So;0;L;<compat> 0032 0038 65E5;;;;N;;;;;
+33FC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE;So;0;L;<compat> 0032 0039 65E5;;;;N;;;;;
+33FD;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY;So;0;L;<compat> 0033 0030 65E5;;;;N;;;;;
+33FE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE;So;0;L;<compat> 0033 0031 65E5;;;;N;;;;;
+3400;<CJK Ideograph Extension A, First>;Lo;0;L;;;;;N;;;;;
+4DB5;<CJK Ideograph Extension A, Last>;Lo;0;L;;;;;N;;;;;
+4E00;<CJK Ideograph, First>;Lo;0;L;;;;;N;;;;;
+9FA5;<CJK Ideograph, Last>;Lo;0;L;;;;;N;;;;;
+A000;YI SYLLABLE IT;Lo;0;L;;;;;N;;;;;
+A001;YI SYLLABLE IX;Lo;0;L;;;;;N;;;;;
+A002;YI SYLLABLE I;Lo;0;L;;;;;N;;;;;
+A003;YI SYLLABLE IP;Lo;0;L;;;;;N;;;;;
+A004;YI SYLLABLE IET;Lo;0;L;;;;;N;;;;;
+A005;YI SYLLABLE IEX;Lo;0;L;;;;;N;;;;;
+A006;YI SYLLABLE IE;Lo;0;L;;;;;N;;;;;
+A007;YI SYLLABLE IEP;Lo;0;L;;;;;N;;;;;
+A008;YI SYLLABLE AT;Lo;0;L;;;;;N;;;;;
+A009;YI SYLLABLE AX;Lo;0;L;;;;;N;;;;;
+A00A;YI SYLLABLE A;Lo;0;L;;;;;N;;;;;
+A00B;YI SYLLABLE AP;Lo;0;L;;;;;N;;;;;
+A00C;YI SYLLABLE UOX;Lo;0;L;;;;;N;;;;;
+A00D;YI SYLLABLE UO;Lo;0;L;;;;;N;;;;;
+A00E;YI SYLLABLE UOP;Lo;0;L;;;;;N;;;;;
+A00F;YI SYLLABLE OT;Lo;0;L;;;;;N;;;;;
+A010;YI SYLLABLE OX;Lo;0;L;;;;;N;;;;;
+A011;YI SYLLABLE O;Lo;0;L;;;;;N;;;;;
+A012;YI SYLLABLE OP;Lo;0;L;;;;;N;;;;;
+A013;YI SYLLABLE EX;Lo;0;L;;;;;N;;;;;
+A014;YI SYLLABLE E;Lo;0;L;;;;;N;;;;;
+A015;YI SYLLABLE WU;Lo;0;L;;;;;N;;;;;
+A016;YI SYLLABLE BIT;Lo;0;L;;;;;N;;;;;
+A017;YI SYLLABLE BIX;Lo;0;L;;;;;N;;;;;
+A018;YI SYLLABLE BI;Lo;0;L;;;;;N;;;;;
+A019;YI SYLLABLE BIP;Lo;0;L;;;;;N;;;;;
+A01A;YI SYLLABLE BIET;Lo;0;L;;;;;N;;;;;
+A01B;YI SYLLABLE BIEX;Lo;0;L;;;;;N;;;;;
+A01C;YI SYLLABLE BIE;Lo;0;L;;;;;N;;;;;
+A01D;YI SYLLABLE BIEP;Lo;0;L;;;;;N;;;;;
+A01E;YI SYLLABLE BAT;Lo;0;L;;;;;N;;;;;
+A01F;YI SYLLABLE BAX;Lo;0;L;;;;;N;;;;;
+A020;YI SYLLABLE BA;Lo;0;L;;;;;N;;;;;
+A021;YI SYLLABLE BAP;Lo;0;L;;;;;N;;;;;
+A022;YI SYLLABLE BUOX;Lo;0;L;;;;;N;;;;;
+A023;YI SYLLABLE BUO;Lo;0;L;;;;;N;;;;;
+A024;YI SYLLABLE BUOP;Lo;0;L;;;;;N;;;;;
+A025;YI SYLLABLE BOT;Lo;0;L;;;;;N;;;;;
+A026;YI SYLLABLE BOX;Lo;0;L;;;;;N;;;;;
+A027;YI SYLLABLE BO;Lo;0;L;;;;;N;;;;;
+A028;YI SYLLABLE BOP;Lo;0;L;;;;;N;;;;;
+A029;YI SYLLABLE BEX;Lo;0;L;;;;;N;;;;;
+A02A;YI SYLLABLE BE;Lo;0;L;;;;;N;;;;;
+A02B;YI SYLLABLE BEP;Lo;0;L;;;;;N;;;;;
+A02C;YI SYLLABLE BUT;Lo;0;L;;;;;N;;;;;
+A02D;YI SYLLABLE BUX;Lo;0;L;;;;;N;;;;;
+A02E;YI SYLLABLE BU;Lo;0;L;;;;;N;;;;;
+A02F;YI SYLLABLE BUP;Lo;0;L;;;;;N;;;;;
+A030;YI SYLLABLE BURX;Lo;0;L;;;;;N;;;;;
+A031;YI SYLLABLE BUR;Lo;0;L;;;;;N;;;;;
+A032;YI SYLLABLE BYT;Lo;0;L;;;;;N;;;;;
+A033;YI SYLLABLE BYX;Lo;0;L;;;;;N;;;;;
+A034;YI SYLLABLE BY;Lo;0;L;;;;;N;;;;;
+A035;YI SYLLABLE BYP;Lo;0;L;;;;;N;;;;;
+A036;YI SYLLABLE BYRX;Lo;0;L;;;;;N;;;;;
+A037;YI SYLLABLE BYR;Lo;0;L;;;;;N;;;;;
+A038;YI SYLLABLE PIT;Lo;0;L;;;;;N;;;;;
+A039;YI SYLLABLE PIX;Lo;0;L;;;;;N;;;;;
+A03A;YI SYLLABLE PI;Lo;0;L;;;;;N;;;;;
+A03B;YI SYLLABLE PIP;Lo;0;L;;;;;N;;;;;
+A03C;YI SYLLABLE PIEX;Lo;0;L;;;;;N;;;;;
+A03D;YI SYLLABLE PIE;Lo;0;L;;;;;N;;;;;
+A03E;YI SYLLABLE PIEP;Lo;0;L;;;;;N;;;;;
+A03F;YI SYLLABLE PAT;Lo;0;L;;;;;N;;;;;
+A040;YI SYLLABLE PAX;Lo;0;L;;;;;N;;;;;
+A041;YI SYLLABLE PA;Lo;0;L;;;;;N;;;;;
+A042;YI SYLLABLE PAP;Lo;0;L;;;;;N;;;;;
+A043;YI SYLLABLE PUOX;Lo;0;L;;;;;N;;;;;
+A044;YI SYLLABLE PUO;Lo;0;L;;;;;N;;;;;
+A045;YI SYLLABLE PUOP;Lo;0;L;;;;;N;;;;;
+A046;YI SYLLABLE POT;Lo;0;L;;;;;N;;;;;
+A047;YI SYLLABLE POX;Lo;0;L;;;;;N;;;;;
+A048;YI SYLLABLE PO;Lo;0;L;;;;;N;;;;;
+A049;YI SYLLABLE POP;Lo;0;L;;;;;N;;;;;
+A04A;YI SYLLABLE PUT;Lo;0;L;;;;;N;;;;;
+A04B;YI SYLLABLE PUX;Lo;0;L;;;;;N;;;;;
+A04C;YI SYLLABLE PU;Lo;0;L;;;;;N;;;;;
+A04D;YI SYLLABLE PUP;Lo;0;L;;;;;N;;;;;
+A04E;YI SYLLABLE PURX;Lo;0;L;;;;;N;;;;;
+A04F;YI SYLLABLE PUR;Lo;0;L;;;;;N;;;;;
+A050;YI SYLLABLE PYT;Lo;0;L;;;;;N;;;;;
+A051;YI SYLLABLE PYX;Lo;0;L;;;;;N;;;;;
+A052;YI SYLLABLE PY;Lo;0;L;;;;;N;;;;;
+A053;YI SYLLABLE PYP;Lo;0;L;;;;;N;;;;;
+A054;YI SYLLABLE PYRX;Lo;0;L;;;;;N;;;;;
+A055;YI SYLLABLE PYR;Lo;0;L;;;;;N;;;;;
+A056;YI SYLLABLE BBIT;Lo;0;L;;;;;N;;;;;
+A057;YI SYLLABLE BBIX;Lo;0;L;;;;;N;;;;;
+A058;YI SYLLABLE BBI;Lo;0;L;;;;;N;;;;;
+A059;YI SYLLABLE BBIP;Lo;0;L;;;;;N;;;;;
+A05A;YI SYLLABLE BBIET;Lo;0;L;;;;;N;;;;;
+A05B;YI SYLLABLE BBIEX;Lo;0;L;;;;;N;;;;;
+A05C;YI SYLLABLE BBIE;Lo;0;L;;;;;N;;;;;
+A05D;YI SYLLABLE BBIEP;Lo;0;L;;;;;N;;;;;
+A05E;YI SYLLABLE BBAT;Lo;0;L;;;;;N;;;;;
+A05F;YI SYLLABLE BBAX;Lo;0;L;;;;;N;;;;;
+A060;YI SYLLABLE BBA;Lo;0;L;;;;;N;;;;;
+A061;YI SYLLABLE BBAP;Lo;0;L;;;;;N;;;;;
+A062;YI SYLLABLE BBUOX;Lo;0;L;;;;;N;;;;;
+A063;YI SYLLABLE BBUO;Lo;0;L;;;;;N;;;;;
+A064;YI SYLLABLE BBUOP;Lo;0;L;;;;;N;;;;;
+A065;YI SYLLABLE BBOT;Lo;0;L;;;;;N;;;;;
+A066;YI SYLLABLE BBOX;Lo;0;L;;;;;N;;;;;
+A067;YI SYLLABLE BBO;Lo;0;L;;;;;N;;;;;
+A068;YI SYLLABLE BBOP;Lo;0;L;;;;;N;;;;;
+A069;YI SYLLABLE BBEX;Lo;0;L;;;;;N;;;;;
+A06A;YI SYLLABLE BBE;Lo;0;L;;;;;N;;;;;
+A06B;YI SYLLABLE BBEP;Lo;0;L;;;;;N;;;;;
+A06C;YI SYLLABLE BBUT;Lo;0;L;;;;;N;;;;;
+A06D;YI SYLLABLE BBUX;Lo;0;L;;;;;N;;;;;
+A06E;YI SYLLABLE BBU;Lo;0;L;;;;;N;;;;;
+A06F;YI SYLLABLE BBUP;Lo;0;L;;;;;N;;;;;
+A070;YI SYLLABLE BBURX;Lo;0;L;;;;;N;;;;;
+A071;YI SYLLABLE BBUR;Lo;0;L;;;;;N;;;;;
+A072;YI SYLLABLE BBYT;Lo;0;L;;;;;N;;;;;
+A073;YI SYLLABLE BBYX;Lo;0;L;;;;;N;;;;;
+A074;YI SYLLABLE BBY;Lo;0;L;;;;;N;;;;;
+A075;YI SYLLABLE BBYP;Lo;0;L;;;;;N;;;;;
+A076;YI SYLLABLE NBIT;Lo;0;L;;;;;N;;;;;
+A077;YI SYLLABLE NBIX;Lo;0;L;;;;;N;;;;;
+A078;YI SYLLABLE NBI;Lo;0;L;;;;;N;;;;;
+A079;YI SYLLABLE NBIP;Lo;0;L;;;;;N;;;;;
+A07A;YI SYLLABLE NBIEX;Lo;0;L;;;;;N;;;;;
+A07B;YI SYLLABLE NBIE;Lo;0;L;;;;;N;;;;;
+A07C;YI SYLLABLE NBIEP;Lo;0;L;;;;;N;;;;;
+A07D;YI SYLLABLE NBAT;Lo;0;L;;;;;N;;;;;
+A07E;YI SYLLABLE NBAX;Lo;0;L;;;;;N;;;;;
+A07F;YI SYLLABLE NBA;Lo;0;L;;;;;N;;;;;
+A080;YI SYLLABLE NBAP;Lo;0;L;;;;;N;;;;;
+A081;YI SYLLABLE NBOT;Lo;0;L;;;;;N;;;;;
+A082;YI SYLLABLE NBOX;Lo;0;L;;;;;N;;;;;
+A083;YI SYLLABLE NBO;Lo;0;L;;;;;N;;;;;
+A084;YI SYLLABLE NBOP;Lo;0;L;;;;;N;;;;;
+A085;YI SYLLABLE NBUT;Lo;0;L;;;;;N;;;;;
+A086;YI SYLLABLE NBUX;Lo;0;L;;;;;N;;;;;
+A087;YI SYLLABLE NBU;Lo;0;L;;;;;N;;;;;
+A088;YI SYLLABLE NBUP;Lo;0;L;;;;;N;;;;;
+A089;YI SYLLABLE NBURX;Lo;0;L;;;;;N;;;;;
+A08A;YI SYLLABLE NBUR;Lo;0;L;;;;;N;;;;;
+A08B;YI SYLLABLE NBYT;Lo;0;L;;;;;N;;;;;
+A08C;YI SYLLABLE NBYX;Lo;0;L;;;;;N;;;;;
+A08D;YI SYLLABLE NBY;Lo;0;L;;;;;N;;;;;
+A08E;YI SYLLABLE NBYP;Lo;0;L;;;;;N;;;;;
+A08F;YI SYLLABLE NBYRX;Lo;0;L;;;;;N;;;;;
+A090;YI SYLLABLE NBYR;Lo;0;L;;;;;N;;;;;
+A091;YI SYLLABLE HMIT;Lo;0;L;;;;;N;;;;;
+A092;YI SYLLABLE HMIX;Lo;0;L;;;;;N;;;;;
+A093;YI SYLLABLE HMI;Lo;0;L;;;;;N;;;;;
+A094;YI SYLLABLE HMIP;Lo;0;L;;;;;N;;;;;
+A095;YI SYLLABLE HMIEX;Lo;0;L;;;;;N;;;;;
+A096;YI SYLLABLE HMIE;Lo;0;L;;;;;N;;;;;
+A097;YI SYLLABLE HMIEP;Lo;0;L;;;;;N;;;;;
+A098;YI SYLLABLE HMAT;Lo;0;L;;;;;N;;;;;
+A099;YI SYLLABLE HMAX;Lo;0;L;;;;;N;;;;;
+A09A;YI SYLLABLE HMA;Lo;0;L;;;;;N;;;;;
+A09B;YI SYLLABLE HMAP;Lo;0;L;;;;;N;;;;;
+A09C;YI SYLLABLE HMUOX;Lo;0;L;;;;;N;;;;;
+A09D;YI SYLLABLE HMUO;Lo;0;L;;;;;N;;;;;
+A09E;YI SYLLABLE HMUOP;Lo;0;L;;;;;N;;;;;
+A09F;YI SYLLABLE HMOT;Lo;0;L;;;;;N;;;;;
+A0A0;YI SYLLABLE HMOX;Lo;0;L;;;;;N;;;;;
+A0A1;YI SYLLABLE HMO;Lo;0;L;;;;;N;;;;;
+A0A2;YI SYLLABLE HMOP;Lo;0;L;;;;;N;;;;;
+A0A3;YI SYLLABLE HMUT;Lo;0;L;;;;;N;;;;;
+A0A4;YI SYLLABLE HMUX;Lo;0;L;;;;;N;;;;;
+A0A5;YI SYLLABLE HMU;Lo;0;L;;;;;N;;;;;
+A0A6;YI SYLLABLE HMUP;Lo;0;L;;;;;N;;;;;
+A0A7;YI SYLLABLE HMURX;Lo;0;L;;;;;N;;;;;
+A0A8;YI SYLLABLE HMUR;Lo;0;L;;;;;N;;;;;
+A0A9;YI SYLLABLE HMYX;Lo;0;L;;;;;N;;;;;
+A0AA;YI SYLLABLE HMY;Lo;0;L;;;;;N;;;;;
+A0AB;YI SYLLABLE HMYP;Lo;0;L;;;;;N;;;;;
+A0AC;YI SYLLABLE HMYRX;Lo;0;L;;;;;N;;;;;
+A0AD;YI SYLLABLE HMYR;Lo;0;L;;;;;N;;;;;
+A0AE;YI SYLLABLE MIT;Lo;0;L;;;;;N;;;;;
+A0AF;YI SYLLABLE MIX;Lo;0;L;;;;;N;;;;;
+A0B0;YI SYLLABLE MI;Lo;0;L;;;;;N;;;;;
+A0B1;YI SYLLABLE MIP;Lo;0;L;;;;;N;;;;;
+A0B2;YI SYLLABLE MIEX;Lo;0;L;;;;;N;;;;;
+A0B3;YI SYLLABLE MIE;Lo;0;L;;;;;N;;;;;
+A0B4;YI SYLLABLE MIEP;Lo;0;L;;;;;N;;;;;
+A0B5;YI SYLLABLE MAT;Lo;0;L;;;;;N;;;;;
+A0B6;YI SYLLABLE MAX;Lo;0;L;;;;;N;;;;;
+A0B7;YI SYLLABLE MA;Lo;0;L;;;;;N;;;;;
+A0B8;YI SYLLABLE MAP;Lo;0;L;;;;;N;;;;;
+A0B9;YI SYLLABLE MUOT;Lo;0;L;;;;;N;;;;;
+A0BA;YI SYLLABLE MUOX;Lo;0;L;;;;;N;;;;;
+A0BB;YI SYLLABLE MUO;Lo;0;L;;;;;N;;;;;
+A0BC;YI SYLLABLE MUOP;Lo;0;L;;;;;N;;;;;
+A0BD;YI SYLLABLE MOT;Lo;0;L;;;;;N;;;;;
+A0BE;YI SYLLABLE MOX;Lo;0;L;;;;;N;;;;;
+A0BF;YI SYLLABLE MO;Lo;0;L;;;;;N;;;;;
+A0C0;YI SYLLABLE MOP;Lo;0;L;;;;;N;;;;;
+A0C1;YI SYLLABLE MEX;Lo;0;L;;;;;N;;;;;
+A0C2;YI SYLLABLE ME;Lo;0;L;;;;;N;;;;;
+A0C3;YI SYLLABLE MUT;Lo;0;L;;;;;N;;;;;
+A0C4;YI SYLLABLE MUX;Lo;0;L;;;;;N;;;;;
+A0C5;YI SYLLABLE MU;Lo;0;L;;;;;N;;;;;
+A0C6;YI SYLLABLE MUP;Lo;0;L;;;;;N;;;;;
+A0C7;YI SYLLABLE MURX;Lo;0;L;;;;;N;;;;;
+A0C8;YI SYLLABLE MUR;Lo;0;L;;;;;N;;;;;
+A0C9;YI SYLLABLE MYT;Lo;0;L;;;;;N;;;;;
+A0CA;YI SYLLABLE MYX;Lo;0;L;;;;;N;;;;;
+A0CB;YI SYLLABLE MY;Lo;0;L;;;;;N;;;;;
+A0CC;YI SYLLABLE MYP;Lo;0;L;;;;;N;;;;;
+A0CD;YI SYLLABLE FIT;Lo;0;L;;;;;N;;;;;
+A0CE;YI SYLLABLE FIX;Lo;0;L;;;;;N;;;;;
+A0CF;YI SYLLABLE FI;Lo;0;L;;;;;N;;;;;
+A0D0;YI SYLLABLE FIP;Lo;0;L;;;;;N;;;;;
+A0D1;YI SYLLABLE FAT;Lo;0;L;;;;;N;;;;;
+A0D2;YI SYLLABLE FAX;Lo;0;L;;;;;N;;;;;
+A0D3;YI SYLLABLE FA;Lo;0;L;;;;;N;;;;;
+A0D4;YI SYLLABLE FAP;Lo;0;L;;;;;N;;;;;
+A0D5;YI SYLLABLE FOX;Lo;0;L;;;;;N;;;;;
+A0D6;YI SYLLABLE FO;Lo;0;L;;;;;N;;;;;
+A0D7;YI SYLLABLE FOP;Lo;0;L;;;;;N;;;;;
+A0D8;YI SYLLABLE FUT;Lo;0;L;;;;;N;;;;;
+A0D9;YI SYLLABLE FUX;Lo;0;L;;;;;N;;;;;
+A0DA;YI SYLLABLE FU;Lo;0;L;;;;;N;;;;;
+A0DB;YI SYLLABLE FUP;Lo;0;L;;;;;N;;;;;
+A0DC;YI SYLLABLE FURX;Lo;0;L;;;;;N;;;;;
+A0DD;YI SYLLABLE FUR;Lo;0;L;;;;;N;;;;;
+A0DE;YI SYLLABLE FYT;Lo;0;L;;;;;N;;;;;
+A0DF;YI SYLLABLE FYX;Lo;0;L;;;;;N;;;;;
+A0E0;YI SYLLABLE FY;Lo;0;L;;;;;N;;;;;
+A0E1;YI SYLLABLE FYP;Lo;0;L;;;;;N;;;;;
+A0E2;YI SYLLABLE VIT;Lo;0;L;;;;;N;;;;;
+A0E3;YI SYLLABLE VIX;Lo;0;L;;;;;N;;;;;
+A0E4;YI SYLLABLE VI;Lo;0;L;;;;;N;;;;;
+A0E5;YI SYLLABLE VIP;Lo;0;L;;;;;N;;;;;
+A0E6;YI SYLLABLE VIET;Lo;0;L;;;;;N;;;;;
+A0E7;YI SYLLABLE VIEX;Lo;0;L;;;;;N;;;;;
+A0E8;YI SYLLABLE VIE;Lo;0;L;;;;;N;;;;;
+A0E9;YI SYLLABLE VIEP;Lo;0;L;;;;;N;;;;;
+A0EA;YI SYLLABLE VAT;Lo;0;L;;;;;N;;;;;
+A0EB;YI SYLLABLE VAX;Lo;0;L;;;;;N;;;;;
+A0EC;YI SYLLABLE VA;Lo;0;L;;;;;N;;;;;
+A0ED;YI SYLLABLE VAP;Lo;0;L;;;;;N;;;;;
+A0EE;YI SYLLABLE VOT;Lo;0;L;;;;;N;;;;;
+A0EF;YI SYLLABLE VOX;Lo;0;L;;;;;N;;;;;
+A0F0;YI SYLLABLE VO;Lo;0;L;;;;;N;;;;;
+A0F1;YI SYLLABLE VOP;Lo;0;L;;;;;N;;;;;
+A0F2;YI SYLLABLE VEX;Lo;0;L;;;;;N;;;;;
+A0F3;YI SYLLABLE VEP;Lo;0;L;;;;;N;;;;;
+A0F4;YI SYLLABLE VUT;Lo;0;L;;;;;N;;;;;
+A0F5;YI SYLLABLE VUX;Lo;0;L;;;;;N;;;;;
+A0F6;YI SYLLABLE VU;Lo;0;L;;;;;N;;;;;
+A0F7;YI SYLLABLE VUP;Lo;0;L;;;;;N;;;;;
+A0F8;YI SYLLABLE VURX;Lo;0;L;;;;;N;;;;;
+A0F9;YI SYLLABLE VUR;Lo;0;L;;;;;N;;;;;
+A0FA;YI SYLLABLE VYT;Lo;0;L;;;;;N;;;;;
+A0FB;YI SYLLABLE VYX;Lo;0;L;;;;;N;;;;;
+A0FC;YI SYLLABLE VY;Lo;0;L;;;;;N;;;;;
+A0FD;YI SYLLABLE VYP;Lo;0;L;;;;;N;;;;;
+A0FE;YI SYLLABLE VYRX;Lo;0;L;;;;;N;;;;;
+A0FF;YI SYLLABLE VYR;Lo;0;L;;;;;N;;;;;
+A100;YI SYLLABLE DIT;Lo;0;L;;;;;N;;;;;
+A101;YI SYLLABLE DIX;Lo;0;L;;;;;N;;;;;
+A102;YI SYLLABLE DI;Lo;0;L;;;;;N;;;;;
+A103;YI SYLLABLE DIP;Lo;0;L;;;;;N;;;;;
+A104;YI SYLLABLE DIEX;Lo;0;L;;;;;N;;;;;
+A105;YI SYLLABLE DIE;Lo;0;L;;;;;N;;;;;
+A106;YI SYLLABLE DIEP;Lo;0;L;;;;;N;;;;;
+A107;YI SYLLABLE DAT;Lo;0;L;;;;;N;;;;;
+A108;YI SYLLABLE DAX;Lo;0;L;;;;;N;;;;;
+A109;YI SYLLABLE DA;Lo;0;L;;;;;N;;;;;
+A10A;YI SYLLABLE DAP;Lo;0;L;;;;;N;;;;;
+A10B;YI SYLLABLE DUOX;Lo;0;L;;;;;N;;;;;
+A10C;YI SYLLABLE DUO;Lo;0;L;;;;;N;;;;;
+A10D;YI SYLLABLE DOT;Lo;0;L;;;;;N;;;;;
+A10E;YI SYLLABLE DOX;Lo;0;L;;;;;N;;;;;
+A10F;YI SYLLABLE DO;Lo;0;L;;;;;N;;;;;
+A110;YI SYLLABLE DOP;Lo;0;L;;;;;N;;;;;
+A111;YI SYLLABLE DEX;Lo;0;L;;;;;N;;;;;
+A112;YI SYLLABLE DE;Lo;0;L;;;;;N;;;;;
+A113;YI SYLLABLE DEP;Lo;0;L;;;;;N;;;;;
+A114;YI SYLLABLE DUT;Lo;0;L;;;;;N;;;;;
+A115;YI SYLLABLE DUX;Lo;0;L;;;;;N;;;;;
+A116;YI SYLLABLE DU;Lo;0;L;;;;;N;;;;;
+A117;YI SYLLABLE DUP;Lo;0;L;;;;;N;;;;;
+A118;YI SYLLABLE DURX;Lo;0;L;;;;;N;;;;;
+A119;YI SYLLABLE DUR;Lo;0;L;;;;;N;;;;;
+A11A;YI SYLLABLE TIT;Lo;0;L;;;;;N;;;;;
+A11B;YI SYLLABLE TIX;Lo;0;L;;;;;N;;;;;
+A11C;YI SYLLABLE TI;Lo;0;L;;;;;N;;;;;
+A11D;YI SYLLABLE TIP;Lo;0;L;;;;;N;;;;;
+A11E;YI SYLLABLE TIEX;Lo;0;L;;;;;N;;;;;
+A11F;YI SYLLABLE TIE;Lo;0;L;;;;;N;;;;;
+A120;YI SYLLABLE TIEP;Lo;0;L;;;;;N;;;;;
+A121;YI SYLLABLE TAT;Lo;0;L;;;;;N;;;;;
+A122;YI SYLLABLE TAX;Lo;0;L;;;;;N;;;;;
+A123;YI SYLLABLE TA;Lo;0;L;;;;;N;;;;;
+A124;YI SYLLABLE TAP;Lo;0;L;;;;;N;;;;;
+A125;YI SYLLABLE TUOT;Lo;0;L;;;;;N;;;;;
+A126;YI SYLLABLE TUOX;Lo;0;L;;;;;N;;;;;
+A127;YI SYLLABLE TUO;Lo;0;L;;;;;N;;;;;
+A128;YI SYLLABLE TUOP;Lo;0;L;;;;;N;;;;;
+A129;YI SYLLABLE TOT;Lo;0;L;;;;;N;;;;;
+A12A;YI SYLLABLE TOX;Lo;0;L;;;;;N;;;;;
+A12B;YI SYLLABLE TO;Lo;0;L;;;;;N;;;;;
+A12C;YI SYLLABLE TOP;Lo;0;L;;;;;N;;;;;
+A12D;YI SYLLABLE TEX;Lo;0;L;;;;;N;;;;;
+A12E;YI SYLLABLE TE;Lo;0;L;;;;;N;;;;;
+A12F;YI SYLLABLE TEP;Lo;0;L;;;;;N;;;;;
+A130;YI SYLLABLE TUT;Lo;0;L;;;;;N;;;;;
+A131;YI SYLLABLE TUX;Lo;0;L;;;;;N;;;;;
+A132;YI SYLLABLE TU;Lo;0;L;;;;;N;;;;;
+A133;YI SYLLABLE TUP;Lo;0;L;;;;;N;;;;;
+A134;YI SYLLABLE TURX;Lo;0;L;;;;;N;;;;;
+A135;YI SYLLABLE TUR;Lo;0;L;;;;;N;;;;;
+A136;YI SYLLABLE DDIT;Lo;0;L;;;;;N;;;;;
+A137;YI SYLLABLE DDIX;Lo;0;L;;;;;N;;;;;
+A138;YI SYLLABLE DDI;Lo;0;L;;;;;N;;;;;
+A139;YI SYLLABLE DDIP;Lo;0;L;;;;;N;;;;;
+A13A;YI SYLLABLE DDIEX;Lo;0;L;;;;;N;;;;;
+A13B;YI SYLLABLE DDIE;Lo;0;L;;;;;N;;;;;
+A13C;YI SYLLABLE DDIEP;Lo;0;L;;;;;N;;;;;
+A13D;YI SYLLABLE DDAT;Lo;0;L;;;;;N;;;;;
+A13E;YI SYLLABLE DDAX;Lo;0;L;;;;;N;;;;;
+A13F;YI SYLLABLE DDA;Lo;0;L;;;;;N;;;;;
+A140;YI SYLLABLE DDAP;Lo;0;L;;;;;N;;;;;
+A141;YI SYLLABLE DDUOX;Lo;0;L;;;;;N;;;;;
+A142;YI SYLLABLE DDUO;Lo;0;L;;;;;N;;;;;
+A143;YI SYLLABLE DDUOP;Lo;0;L;;;;;N;;;;;
+A144;YI SYLLABLE DDOT;Lo;0;L;;;;;N;;;;;
+A145;YI SYLLABLE DDOX;Lo;0;L;;;;;N;;;;;
+A146;YI SYLLABLE DDO;Lo;0;L;;;;;N;;;;;
+A147;YI SYLLABLE DDOP;Lo;0;L;;;;;N;;;;;
+A148;YI SYLLABLE DDEX;Lo;0;L;;;;;N;;;;;
+A149;YI SYLLABLE DDE;Lo;0;L;;;;;N;;;;;
+A14A;YI SYLLABLE DDEP;Lo;0;L;;;;;N;;;;;
+A14B;YI SYLLABLE DDUT;Lo;0;L;;;;;N;;;;;
+A14C;YI SYLLABLE DDUX;Lo;0;L;;;;;N;;;;;
+A14D;YI SYLLABLE DDU;Lo;0;L;;;;;N;;;;;
+A14E;YI SYLLABLE DDUP;Lo;0;L;;;;;N;;;;;
+A14F;YI SYLLABLE DDURX;Lo;0;L;;;;;N;;;;;
+A150;YI SYLLABLE DDUR;Lo;0;L;;;;;N;;;;;
+A151;YI SYLLABLE NDIT;Lo;0;L;;;;;N;;;;;
+A152;YI SYLLABLE NDIX;Lo;0;L;;;;;N;;;;;
+A153;YI SYLLABLE NDI;Lo;0;L;;;;;N;;;;;
+A154;YI SYLLABLE NDIP;Lo;0;L;;;;;N;;;;;
+A155;YI SYLLABLE NDIEX;Lo;0;L;;;;;N;;;;;
+A156;YI SYLLABLE NDIE;Lo;0;L;;;;;N;;;;;
+A157;YI SYLLABLE NDAT;Lo;0;L;;;;;N;;;;;
+A158;YI SYLLABLE NDAX;Lo;0;L;;;;;N;;;;;
+A159;YI SYLLABLE NDA;Lo;0;L;;;;;N;;;;;
+A15A;YI SYLLABLE NDAP;Lo;0;L;;;;;N;;;;;
+A15B;YI SYLLABLE NDOT;Lo;0;L;;;;;N;;;;;
+A15C;YI SYLLABLE NDOX;Lo;0;L;;;;;N;;;;;
+A15D;YI SYLLABLE NDO;Lo;0;L;;;;;N;;;;;
+A15E;YI SYLLABLE NDOP;Lo;0;L;;;;;N;;;;;
+A15F;YI SYLLABLE NDEX;Lo;0;L;;;;;N;;;;;
+A160;YI SYLLABLE NDE;Lo;0;L;;;;;N;;;;;
+A161;YI SYLLABLE NDEP;Lo;0;L;;;;;N;;;;;
+A162;YI SYLLABLE NDUT;Lo;0;L;;;;;N;;;;;
+A163;YI SYLLABLE NDUX;Lo;0;L;;;;;N;;;;;
+A164;YI SYLLABLE NDU;Lo;0;L;;;;;N;;;;;
+A165;YI SYLLABLE NDUP;Lo;0;L;;;;;N;;;;;
+A166;YI SYLLABLE NDURX;Lo;0;L;;;;;N;;;;;
+A167;YI SYLLABLE NDUR;Lo;0;L;;;;;N;;;;;
+A168;YI SYLLABLE HNIT;Lo;0;L;;;;;N;;;;;
+A169;YI SYLLABLE HNIX;Lo;0;L;;;;;N;;;;;
+A16A;YI SYLLABLE HNI;Lo;0;L;;;;;N;;;;;
+A16B;YI SYLLABLE HNIP;Lo;0;L;;;;;N;;;;;
+A16C;YI SYLLABLE HNIET;Lo;0;L;;;;;N;;;;;
+A16D;YI SYLLABLE HNIEX;Lo;0;L;;;;;N;;;;;
+A16E;YI SYLLABLE HNIE;Lo;0;L;;;;;N;;;;;
+A16F;YI SYLLABLE HNIEP;Lo;0;L;;;;;N;;;;;
+A170;YI SYLLABLE HNAT;Lo;0;L;;;;;N;;;;;
+A171;YI SYLLABLE HNAX;Lo;0;L;;;;;N;;;;;
+A172;YI SYLLABLE HNA;Lo;0;L;;;;;N;;;;;
+A173;YI SYLLABLE HNAP;Lo;0;L;;;;;N;;;;;
+A174;YI SYLLABLE HNUOX;Lo;0;L;;;;;N;;;;;
+A175;YI SYLLABLE HNUO;Lo;0;L;;;;;N;;;;;
+A176;YI SYLLABLE HNOT;Lo;0;L;;;;;N;;;;;
+A177;YI SYLLABLE HNOX;Lo;0;L;;;;;N;;;;;
+A178;YI SYLLABLE HNOP;Lo;0;L;;;;;N;;;;;
+A179;YI SYLLABLE HNEX;Lo;0;L;;;;;N;;;;;
+A17A;YI SYLLABLE HNE;Lo;0;L;;;;;N;;;;;
+A17B;YI SYLLABLE HNEP;Lo;0;L;;;;;N;;;;;
+A17C;YI SYLLABLE HNUT;Lo;0;L;;;;;N;;;;;
+A17D;YI SYLLABLE NIT;Lo;0;L;;;;;N;;;;;
+A17E;YI SYLLABLE NIX;Lo;0;L;;;;;N;;;;;
+A17F;YI SYLLABLE NI;Lo;0;L;;;;;N;;;;;
+A180;YI SYLLABLE NIP;Lo;0;L;;;;;N;;;;;
+A181;YI SYLLABLE NIEX;Lo;0;L;;;;;N;;;;;
+A182;YI SYLLABLE NIE;Lo;0;L;;;;;N;;;;;
+A183;YI SYLLABLE NIEP;Lo;0;L;;;;;N;;;;;
+A184;YI SYLLABLE NAX;Lo;0;L;;;;;N;;;;;
+A185;YI SYLLABLE NA;Lo;0;L;;;;;N;;;;;
+A186;YI SYLLABLE NAP;Lo;0;L;;;;;N;;;;;
+A187;YI SYLLABLE NUOX;Lo;0;L;;;;;N;;;;;
+A188;YI SYLLABLE NUO;Lo;0;L;;;;;N;;;;;
+A189;YI SYLLABLE NUOP;Lo;0;L;;;;;N;;;;;
+A18A;YI SYLLABLE NOT;Lo;0;L;;;;;N;;;;;
+A18B;YI SYLLABLE NOX;Lo;0;L;;;;;N;;;;;
+A18C;YI SYLLABLE NO;Lo;0;L;;;;;N;;;;;
+A18D;YI SYLLABLE NOP;Lo;0;L;;;;;N;;;;;
+A18E;YI SYLLABLE NEX;Lo;0;L;;;;;N;;;;;
+A18F;YI SYLLABLE NE;Lo;0;L;;;;;N;;;;;
+A190;YI SYLLABLE NEP;Lo;0;L;;;;;N;;;;;
+A191;YI SYLLABLE NUT;Lo;0;L;;;;;N;;;;;
+A192;YI SYLLABLE NUX;Lo;0;L;;;;;N;;;;;
+A193;YI SYLLABLE NU;Lo;0;L;;;;;N;;;;;
+A194;YI SYLLABLE NUP;Lo;0;L;;;;;N;;;;;
+A195;YI SYLLABLE NURX;Lo;0;L;;;;;N;;;;;
+A196;YI SYLLABLE NUR;Lo;0;L;;;;;N;;;;;
+A197;YI SYLLABLE HLIT;Lo;0;L;;;;;N;;;;;
+A198;YI SYLLABLE HLIX;Lo;0;L;;;;;N;;;;;
+A199;YI SYLLABLE HLI;Lo;0;L;;;;;N;;;;;
+A19A;YI SYLLABLE HLIP;Lo;0;L;;;;;N;;;;;
+A19B;YI SYLLABLE HLIEX;Lo;0;L;;;;;N;;;;;
+A19C;YI SYLLABLE HLIE;Lo;0;L;;;;;N;;;;;
+A19D;YI SYLLABLE HLIEP;Lo;0;L;;;;;N;;;;;
+A19E;YI SYLLABLE HLAT;Lo;0;L;;;;;N;;;;;
+A19F;YI SYLLABLE HLAX;Lo;0;L;;;;;N;;;;;
+A1A0;YI SYLLABLE HLA;Lo;0;L;;;;;N;;;;;
+A1A1;YI SYLLABLE HLAP;Lo;0;L;;;;;N;;;;;
+A1A2;YI SYLLABLE HLUOX;Lo;0;L;;;;;N;;;;;
+A1A3;YI SYLLABLE HLUO;Lo;0;L;;;;;N;;;;;
+A1A4;YI SYLLABLE HLUOP;Lo;0;L;;;;;N;;;;;
+A1A5;YI SYLLABLE HLOX;Lo;0;L;;;;;N;;;;;
+A1A6;YI SYLLABLE HLO;Lo;0;L;;;;;N;;;;;
+A1A7;YI SYLLABLE HLOP;Lo;0;L;;;;;N;;;;;
+A1A8;YI SYLLABLE HLEX;Lo;0;L;;;;;N;;;;;
+A1A9;YI SYLLABLE HLE;Lo;0;L;;;;;N;;;;;
+A1AA;YI SYLLABLE HLEP;Lo;0;L;;;;;N;;;;;
+A1AB;YI SYLLABLE HLUT;Lo;0;L;;;;;N;;;;;
+A1AC;YI SYLLABLE HLUX;Lo;0;L;;;;;N;;;;;
+A1AD;YI SYLLABLE HLU;Lo;0;L;;;;;N;;;;;
+A1AE;YI SYLLABLE HLUP;Lo;0;L;;;;;N;;;;;
+A1AF;YI SYLLABLE HLURX;Lo;0;L;;;;;N;;;;;
+A1B0;YI SYLLABLE HLUR;Lo;0;L;;;;;N;;;;;
+A1B1;YI SYLLABLE HLYT;Lo;0;L;;;;;N;;;;;
+A1B2;YI SYLLABLE HLYX;Lo;0;L;;;;;N;;;;;
+A1B3;YI SYLLABLE HLY;Lo;0;L;;;;;N;;;;;
+A1B4;YI SYLLABLE HLYP;Lo;0;L;;;;;N;;;;;
+A1B5;YI SYLLABLE HLYRX;Lo;0;L;;;;;N;;;;;
+A1B6;YI SYLLABLE HLYR;Lo;0;L;;;;;N;;;;;
+A1B7;YI SYLLABLE LIT;Lo;0;L;;;;;N;;;;;
+A1B8;YI SYLLABLE LIX;Lo;0;L;;;;;N;;;;;
+A1B9;YI SYLLABLE LI;Lo;0;L;;;;;N;;;;;
+A1BA;YI SYLLABLE LIP;Lo;0;L;;;;;N;;;;;
+A1BB;YI SYLLABLE LIET;Lo;0;L;;;;;N;;;;;
+A1BC;YI SYLLABLE LIEX;Lo;0;L;;;;;N;;;;;
+A1BD;YI SYLLABLE LIE;Lo;0;L;;;;;N;;;;;
+A1BE;YI SYLLABLE LIEP;Lo;0;L;;;;;N;;;;;
+A1BF;YI SYLLABLE LAT;Lo;0;L;;;;;N;;;;;
+A1C0;YI SYLLABLE LAX;Lo;0;L;;;;;N;;;;;
+A1C1;YI SYLLABLE LA;Lo;0;L;;;;;N;;;;;
+A1C2;YI SYLLABLE LAP;Lo;0;L;;;;;N;;;;;
+A1C3;YI SYLLABLE LUOT;Lo;0;L;;;;;N;;;;;
+A1C4;YI SYLLABLE LUOX;Lo;0;L;;;;;N;;;;;
+A1C5;YI SYLLABLE LUO;Lo;0;L;;;;;N;;;;;
+A1C6;YI SYLLABLE LUOP;Lo;0;L;;;;;N;;;;;
+A1C7;YI SYLLABLE LOT;Lo;0;L;;;;;N;;;;;
+A1C8;YI SYLLABLE LOX;Lo;0;L;;;;;N;;;;;
+A1C9;YI SYLLABLE LO;Lo;0;L;;;;;N;;;;;
+A1CA;YI SYLLABLE LOP;Lo;0;L;;;;;N;;;;;
+A1CB;YI SYLLABLE LEX;Lo;0;L;;;;;N;;;;;
+A1CC;YI SYLLABLE LE;Lo;0;L;;;;;N;;;;;
+A1CD;YI SYLLABLE LEP;Lo;0;L;;;;;N;;;;;
+A1CE;YI SYLLABLE LUT;Lo;0;L;;;;;N;;;;;
+A1CF;YI SYLLABLE LUX;Lo;0;L;;;;;N;;;;;
+A1D0;YI SYLLABLE LU;Lo;0;L;;;;;N;;;;;
+A1D1;YI SYLLABLE LUP;Lo;0;L;;;;;N;;;;;
+A1D2;YI SYLLABLE LURX;Lo;0;L;;;;;N;;;;;
+A1D3;YI SYLLABLE LUR;Lo;0;L;;;;;N;;;;;
+A1D4;YI SYLLABLE LYT;Lo;0;L;;;;;N;;;;;
+A1D5;YI SYLLABLE LYX;Lo;0;L;;;;;N;;;;;
+A1D6;YI SYLLABLE LY;Lo;0;L;;;;;N;;;;;
+A1D7;YI SYLLABLE LYP;Lo;0;L;;;;;N;;;;;
+A1D8;YI SYLLABLE LYRX;Lo;0;L;;;;;N;;;;;
+A1D9;YI SYLLABLE LYR;Lo;0;L;;;;;N;;;;;
+A1DA;YI SYLLABLE GIT;Lo;0;L;;;;;N;;;;;
+A1DB;YI SYLLABLE GIX;Lo;0;L;;;;;N;;;;;
+A1DC;YI SYLLABLE GI;Lo;0;L;;;;;N;;;;;
+A1DD;YI SYLLABLE GIP;Lo;0;L;;;;;N;;;;;
+A1DE;YI SYLLABLE GIET;Lo;0;L;;;;;N;;;;;
+A1DF;YI SYLLABLE GIEX;Lo;0;L;;;;;N;;;;;
+A1E0;YI SYLLABLE GIE;Lo;0;L;;;;;N;;;;;
+A1E1;YI SYLLABLE GIEP;Lo;0;L;;;;;N;;;;;
+A1E2;YI SYLLABLE GAT;Lo;0;L;;;;;N;;;;;
+A1E3;YI SYLLABLE GAX;Lo;0;L;;;;;N;;;;;
+A1E4;YI SYLLABLE GA;Lo;0;L;;;;;N;;;;;
+A1E5;YI SYLLABLE GAP;Lo;0;L;;;;;N;;;;;
+A1E6;YI SYLLABLE GUOT;Lo;0;L;;;;;N;;;;;
+A1E7;YI SYLLABLE GUOX;Lo;0;L;;;;;N;;;;;
+A1E8;YI SYLLABLE GUO;Lo;0;L;;;;;N;;;;;
+A1E9;YI SYLLABLE GUOP;Lo;0;L;;;;;N;;;;;
+A1EA;YI SYLLABLE GOT;Lo;0;L;;;;;N;;;;;
+A1EB;YI SYLLABLE GOX;Lo;0;L;;;;;N;;;;;
+A1EC;YI SYLLABLE GO;Lo;0;L;;;;;N;;;;;
+A1ED;YI SYLLABLE GOP;Lo;0;L;;;;;N;;;;;
+A1EE;YI SYLLABLE GET;Lo;0;L;;;;;N;;;;;
+A1EF;YI SYLLABLE GEX;Lo;0;L;;;;;N;;;;;
+A1F0;YI SYLLABLE GE;Lo;0;L;;;;;N;;;;;
+A1F1;YI SYLLABLE GEP;Lo;0;L;;;;;N;;;;;
+A1F2;YI SYLLABLE GUT;Lo;0;L;;;;;N;;;;;
+A1F3;YI SYLLABLE GUX;Lo;0;L;;;;;N;;;;;
+A1F4;YI SYLLABLE GU;Lo;0;L;;;;;N;;;;;
+A1F5;YI SYLLABLE GUP;Lo;0;L;;;;;N;;;;;
+A1F6;YI SYLLABLE GURX;Lo;0;L;;;;;N;;;;;
+A1F7;YI SYLLABLE GUR;Lo;0;L;;;;;N;;;;;
+A1F8;YI SYLLABLE KIT;Lo;0;L;;;;;N;;;;;
+A1F9;YI SYLLABLE KIX;Lo;0;L;;;;;N;;;;;
+A1FA;YI SYLLABLE KI;Lo;0;L;;;;;N;;;;;
+A1FB;YI SYLLABLE KIP;Lo;0;L;;;;;N;;;;;
+A1FC;YI SYLLABLE KIEX;Lo;0;L;;;;;N;;;;;
+A1FD;YI SYLLABLE KIE;Lo;0;L;;;;;N;;;;;
+A1FE;YI SYLLABLE KIEP;Lo;0;L;;;;;N;;;;;
+A1FF;YI SYLLABLE KAT;Lo;0;L;;;;;N;;;;;
+A200;YI SYLLABLE KAX;Lo;0;L;;;;;N;;;;;
+A201;YI SYLLABLE KA;Lo;0;L;;;;;N;;;;;
+A202;YI SYLLABLE KAP;Lo;0;L;;;;;N;;;;;
+A203;YI SYLLABLE KUOX;Lo;0;L;;;;;N;;;;;
+A204;YI SYLLABLE KUO;Lo;0;L;;;;;N;;;;;
+A205;YI SYLLABLE KUOP;Lo;0;L;;;;;N;;;;;
+A206;YI SYLLABLE KOT;Lo;0;L;;;;;N;;;;;
+A207;YI SYLLABLE KOX;Lo;0;L;;;;;N;;;;;
+A208;YI SYLLABLE KO;Lo;0;L;;;;;N;;;;;
+A209;YI SYLLABLE KOP;Lo;0;L;;;;;N;;;;;
+A20A;YI SYLLABLE KET;Lo;0;L;;;;;N;;;;;
+A20B;YI SYLLABLE KEX;Lo;0;L;;;;;N;;;;;
+A20C;YI SYLLABLE KE;Lo;0;L;;;;;N;;;;;
+A20D;YI SYLLABLE KEP;Lo;0;L;;;;;N;;;;;
+A20E;YI SYLLABLE KUT;Lo;0;L;;;;;N;;;;;
+A20F;YI SYLLABLE KUX;Lo;0;L;;;;;N;;;;;
+A210;YI SYLLABLE KU;Lo;0;L;;;;;N;;;;;
+A211;YI SYLLABLE KUP;Lo;0;L;;;;;N;;;;;
+A212;YI SYLLABLE KURX;Lo;0;L;;;;;N;;;;;
+A213;YI SYLLABLE KUR;Lo;0;L;;;;;N;;;;;
+A214;YI SYLLABLE GGIT;Lo;0;L;;;;;N;;;;;
+A215;YI SYLLABLE GGIX;Lo;0;L;;;;;N;;;;;
+A216;YI SYLLABLE GGI;Lo;0;L;;;;;N;;;;;
+A217;YI SYLLABLE GGIEX;Lo;0;L;;;;;N;;;;;
+A218;YI SYLLABLE GGIE;Lo;0;L;;;;;N;;;;;
+A219;YI SYLLABLE GGIEP;Lo;0;L;;;;;N;;;;;
+A21A;YI SYLLABLE GGAT;Lo;0;L;;;;;N;;;;;
+A21B;YI SYLLABLE GGAX;Lo;0;L;;;;;N;;;;;
+A21C;YI SYLLABLE GGA;Lo;0;L;;;;;N;;;;;
+A21D;YI SYLLABLE GGAP;Lo;0;L;;;;;N;;;;;
+A21E;YI SYLLABLE GGUOT;Lo;0;L;;;;;N;;;;;
+A21F;YI SYLLABLE GGUOX;Lo;0;L;;;;;N;;;;;
+A220;YI SYLLABLE GGUO;Lo;0;L;;;;;N;;;;;
+A221;YI SYLLABLE GGUOP;Lo;0;L;;;;;N;;;;;
+A222;YI SYLLABLE GGOT;Lo;0;L;;;;;N;;;;;
+A223;YI SYLLABLE GGOX;Lo;0;L;;;;;N;;;;;
+A224;YI SYLLABLE GGO;Lo;0;L;;;;;N;;;;;
+A225;YI SYLLABLE GGOP;Lo;0;L;;;;;N;;;;;
+A226;YI SYLLABLE GGET;Lo;0;L;;;;;N;;;;;
+A227;YI SYLLABLE GGEX;Lo;0;L;;;;;N;;;;;
+A228;YI SYLLABLE GGE;Lo;0;L;;;;;N;;;;;
+A229;YI SYLLABLE GGEP;Lo;0;L;;;;;N;;;;;
+A22A;YI SYLLABLE GGUT;Lo;0;L;;;;;N;;;;;
+A22B;YI SYLLABLE GGUX;Lo;0;L;;;;;N;;;;;
+A22C;YI SYLLABLE GGU;Lo;0;L;;;;;N;;;;;
+A22D;YI SYLLABLE GGUP;Lo;0;L;;;;;N;;;;;
+A22E;YI SYLLABLE GGURX;Lo;0;L;;;;;N;;;;;
+A22F;YI SYLLABLE GGUR;Lo;0;L;;;;;N;;;;;
+A230;YI SYLLABLE MGIEX;Lo;0;L;;;;;N;;;;;
+A231;YI SYLLABLE MGIE;Lo;0;L;;;;;N;;;;;
+A232;YI SYLLABLE MGAT;Lo;0;L;;;;;N;;;;;
+A233;YI SYLLABLE MGAX;Lo;0;L;;;;;N;;;;;
+A234;YI SYLLABLE MGA;Lo;0;L;;;;;N;;;;;
+A235;YI SYLLABLE MGAP;Lo;0;L;;;;;N;;;;;
+A236;YI SYLLABLE MGUOX;Lo;0;L;;;;;N;;;;;
+A237;YI SYLLABLE MGUO;Lo;0;L;;;;;N;;;;;
+A238;YI SYLLABLE MGUOP;Lo;0;L;;;;;N;;;;;
+A239;YI SYLLABLE MGOT;Lo;0;L;;;;;N;;;;;
+A23A;YI SYLLABLE MGOX;Lo;0;L;;;;;N;;;;;
+A23B;YI SYLLABLE MGO;Lo;0;L;;;;;N;;;;;
+A23C;YI SYLLABLE MGOP;Lo;0;L;;;;;N;;;;;
+A23D;YI SYLLABLE MGEX;Lo;0;L;;;;;N;;;;;
+A23E;YI SYLLABLE MGE;Lo;0;L;;;;;N;;;;;
+A23F;YI SYLLABLE MGEP;Lo;0;L;;;;;N;;;;;
+A240;YI SYLLABLE MGUT;Lo;0;L;;;;;N;;;;;
+A241;YI SYLLABLE MGUX;Lo;0;L;;;;;N;;;;;
+A242;YI SYLLABLE MGU;Lo;0;L;;;;;N;;;;;
+A243;YI SYLLABLE MGUP;Lo;0;L;;;;;N;;;;;
+A244;YI SYLLABLE MGURX;Lo;0;L;;;;;N;;;;;
+A245;YI SYLLABLE MGUR;Lo;0;L;;;;;N;;;;;
+A246;YI SYLLABLE HXIT;Lo;0;L;;;;;N;;;;;
+A247;YI SYLLABLE HXIX;Lo;0;L;;;;;N;;;;;
+A248;YI SYLLABLE HXI;Lo;0;L;;;;;N;;;;;
+A249;YI SYLLABLE HXIP;Lo;0;L;;;;;N;;;;;
+A24A;YI SYLLABLE HXIET;Lo;0;L;;;;;N;;;;;
+A24B;YI SYLLABLE HXIEX;Lo;0;L;;;;;N;;;;;
+A24C;YI SYLLABLE HXIE;Lo;0;L;;;;;N;;;;;
+A24D;YI SYLLABLE HXIEP;Lo;0;L;;;;;N;;;;;
+A24E;YI SYLLABLE HXAT;Lo;0;L;;;;;N;;;;;
+A24F;YI SYLLABLE HXAX;Lo;0;L;;;;;N;;;;;
+A250;YI SYLLABLE HXA;Lo;0;L;;;;;N;;;;;
+A251;YI SYLLABLE HXAP;Lo;0;L;;;;;N;;;;;
+A252;YI SYLLABLE HXUOT;Lo;0;L;;;;;N;;;;;
+A253;YI SYLLABLE HXUOX;Lo;0;L;;;;;N;;;;;
+A254;YI SYLLABLE HXUO;Lo;0;L;;;;;N;;;;;
+A255;YI SYLLABLE HXUOP;Lo;0;L;;;;;N;;;;;
+A256;YI SYLLABLE HXOT;Lo;0;L;;;;;N;;;;;
+A257;YI SYLLABLE HXOX;Lo;0;L;;;;;N;;;;;
+A258;YI SYLLABLE HXO;Lo;0;L;;;;;N;;;;;
+A259;YI SYLLABLE HXOP;Lo;0;L;;;;;N;;;;;
+A25A;YI SYLLABLE HXEX;Lo;0;L;;;;;N;;;;;
+A25B;YI SYLLABLE HXE;Lo;0;L;;;;;N;;;;;
+A25C;YI SYLLABLE HXEP;Lo;0;L;;;;;N;;;;;
+A25D;YI SYLLABLE NGIEX;Lo;0;L;;;;;N;;;;;
+A25E;YI SYLLABLE NGIE;Lo;0;L;;;;;N;;;;;
+A25F;YI SYLLABLE NGIEP;Lo;0;L;;;;;N;;;;;
+A260;YI SYLLABLE NGAT;Lo;0;L;;;;;N;;;;;
+A261;YI SYLLABLE NGAX;Lo;0;L;;;;;N;;;;;
+A262;YI SYLLABLE NGA;Lo;0;L;;;;;N;;;;;
+A263;YI SYLLABLE NGAP;Lo;0;L;;;;;N;;;;;
+A264;YI SYLLABLE NGUOT;Lo;0;L;;;;;N;;;;;
+A265;YI SYLLABLE NGUOX;Lo;0;L;;;;;N;;;;;
+A266;YI SYLLABLE NGUO;Lo;0;L;;;;;N;;;;;
+A267;YI SYLLABLE NGOT;Lo;0;L;;;;;N;;;;;
+A268;YI SYLLABLE NGOX;Lo;0;L;;;;;N;;;;;
+A269;YI SYLLABLE NGO;Lo;0;L;;;;;N;;;;;
+A26A;YI SYLLABLE NGOP;Lo;0;L;;;;;N;;;;;
+A26B;YI SYLLABLE NGEX;Lo;0;L;;;;;N;;;;;
+A26C;YI SYLLABLE NGE;Lo;0;L;;;;;N;;;;;
+A26D;YI SYLLABLE NGEP;Lo;0;L;;;;;N;;;;;
+A26E;YI SYLLABLE HIT;Lo;0;L;;;;;N;;;;;
+A26F;YI SYLLABLE HIEX;Lo;0;L;;;;;N;;;;;
+A270;YI SYLLABLE HIE;Lo;0;L;;;;;N;;;;;
+A271;YI SYLLABLE HAT;Lo;0;L;;;;;N;;;;;
+A272;YI SYLLABLE HAX;Lo;0;L;;;;;N;;;;;
+A273;YI SYLLABLE HA;Lo;0;L;;;;;N;;;;;
+A274;YI SYLLABLE HAP;Lo;0;L;;;;;N;;;;;
+A275;YI SYLLABLE HUOT;Lo;0;L;;;;;N;;;;;
+A276;YI SYLLABLE HUOX;Lo;0;L;;;;;N;;;;;
+A277;YI SYLLABLE HUO;Lo;0;L;;;;;N;;;;;
+A278;YI SYLLABLE HUOP;Lo;0;L;;;;;N;;;;;
+A279;YI SYLLABLE HOT;Lo;0;L;;;;;N;;;;;
+A27A;YI SYLLABLE HOX;Lo;0;L;;;;;N;;;;;
+A27B;YI SYLLABLE HO;Lo;0;L;;;;;N;;;;;
+A27C;YI SYLLABLE HOP;Lo;0;L;;;;;N;;;;;
+A27D;YI SYLLABLE HEX;Lo;0;L;;;;;N;;;;;
+A27E;YI SYLLABLE HE;Lo;0;L;;;;;N;;;;;
+A27F;YI SYLLABLE HEP;Lo;0;L;;;;;N;;;;;
+A280;YI SYLLABLE WAT;Lo;0;L;;;;;N;;;;;
+A281;YI SYLLABLE WAX;Lo;0;L;;;;;N;;;;;
+A282;YI SYLLABLE WA;Lo;0;L;;;;;N;;;;;
+A283;YI SYLLABLE WAP;Lo;0;L;;;;;N;;;;;
+A284;YI SYLLABLE WUOX;Lo;0;L;;;;;N;;;;;
+A285;YI SYLLABLE WUO;Lo;0;L;;;;;N;;;;;
+A286;YI SYLLABLE WUOP;Lo;0;L;;;;;N;;;;;
+A287;YI SYLLABLE WOX;Lo;0;L;;;;;N;;;;;
+A288;YI SYLLABLE WO;Lo;0;L;;;;;N;;;;;
+A289;YI SYLLABLE WOP;Lo;0;L;;;;;N;;;;;
+A28A;YI SYLLABLE WEX;Lo;0;L;;;;;N;;;;;
+A28B;YI SYLLABLE WE;Lo;0;L;;;;;N;;;;;
+A28C;YI SYLLABLE WEP;Lo;0;L;;;;;N;;;;;
+A28D;YI SYLLABLE ZIT;Lo;0;L;;;;;N;;;;;
+A28E;YI SYLLABLE ZIX;Lo;0;L;;;;;N;;;;;
+A28F;YI SYLLABLE ZI;Lo;0;L;;;;;N;;;;;
+A290;YI SYLLABLE ZIP;Lo;0;L;;;;;N;;;;;
+A291;YI SYLLABLE ZIEX;Lo;0;L;;;;;N;;;;;
+A292;YI SYLLABLE ZIE;Lo;0;L;;;;;N;;;;;
+A293;YI SYLLABLE ZIEP;Lo;0;L;;;;;N;;;;;
+A294;YI SYLLABLE ZAT;Lo;0;L;;;;;N;;;;;
+A295;YI SYLLABLE ZAX;Lo;0;L;;;;;N;;;;;
+A296;YI SYLLABLE ZA;Lo;0;L;;;;;N;;;;;
+A297;YI SYLLABLE ZAP;Lo;0;L;;;;;N;;;;;
+A298;YI SYLLABLE ZUOX;Lo;0;L;;;;;N;;;;;
+A299;YI SYLLABLE ZUO;Lo;0;L;;;;;N;;;;;
+A29A;YI SYLLABLE ZUOP;Lo;0;L;;;;;N;;;;;
+A29B;YI SYLLABLE ZOT;Lo;0;L;;;;;N;;;;;
+A29C;YI SYLLABLE ZOX;Lo;0;L;;;;;N;;;;;
+A29D;YI SYLLABLE ZO;Lo;0;L;;;;;N;;;;;
+A29E;YI SYLLABLE ZOP;Lo;0;L;;;;;N;;;;;
+A29F;YI SYLLABLE ZEX;Lo;0;L;;;;;N;;;;;
+A2A0;YI SYLLABLE ZE;Lo;0;L;;;;;N;;;;;
+A2A1;YI SYLLABLE ZEP;Lo;0;L;;;;;N;;;;;
+A2A2;YI SYLLABLE ZUT;Lo;0;L;;;;;N;;;;;
+A2A3;YI SYLLABLE ZUX;Lo;0;L;;;;;N;;;;;
+A2A4;YI SYLLABLE ZU;Lo;0;L;;;;;N;;;;;
+A2A5;YI SYLLABLE ZUP;Lo;0;L;;;;;N;;;;;
+A2A6;YI SYLLABLE ZURX;Lo;0;L;;;;;N;;;;;
+A2A7;YI SYLLABLE ZUR;Lo;0;L;;;;;N;;;;;
+A2A8;YI SYLLABLE ZYT;Lo;0;L;;;;;N;;;;;
+A2A9;YI SYLLABLE ZYX;Lo;0;L;;;;;N;;;;;
+A2AA;YI SYLLABLE ZY;Lo;0;L;;;;;N;;;;;
+A2AB;YI SYLLABLE ZYP;Lo;0;L;;;;;N;;;;;
+A2AC;YI SYLLABLE ZYRX;Lo;0;L;;;;;N;;;;;
+A2AD;YI SYLLABLE ZYR;Lo;0;L;;;;;N;;;;;
+A2AE;YI SYLLABLE CIT;Lo;0;L;;;;;N;;;;;
+A2AF;YI SYLLABLE CIX;Lo;0;L;;;;;N;;;;;
+A2B0;YI SYLLABLE CI;Lo;0;L;;;;;N;;;;;
+A2B1;YI SYLLABLE CIP;Lo;0;L;;;;;N;;;;;
+A2B2;YI SYLLABLE CIET;Lo;0;L;;;;;N;;;;;
+A2B3;YI SYLLABLE CIEX;Lo;0;L;;;;;N;;;;;
+A2B4;YI SYLLABLE CIE;Lo;0;L;;;;;N;;;;;
+A2B5;YI SYLLABLE CIEP;Lo;0;L;;;;;N;;;;;
+A2B6;YI SYLLABLE CAT;Lo;0;L;;;;;N;;;;;
+A2B7;YI SYLLABLE CAX;Lo;0;L;;;;;N;;;;;
+A2B8;YI SYLLABLE CA;Lo;0;L;;;;;N;;;;;
+A2B9;YI SYLLABLE CAP;Lo;0;L;;;;;N;;;;;
+A2BA;YI SYLLABLE CUOX;Lo;0;L;;;;;N;;;;;
+A2BB;YI SYLLABLE CUO;Lo;0;L;;;;;N;;;;;
+A2BC;YI SYLLABLE CUOP;Lo;0;L;;;;;N;;;;;
+A2BD;YI SYLLABLE COT;Lo;0;L;;;;;N;;;;;
+A2BE;YI SYLLABLE COX;Lo;0;L;;;;;N;;;;;
+A2BF;YI SYLLABLE CO;Lo;0;L;;;;;N;;;;;
+A2C0;YI SYLLABLE COP;Lo;0;L;;;;;N;;;;;
+A2C1;YI SYLLABLE CEX;Lo;0;L;;;;;N;;;;;
+A2C2;YI SYLLABLE CE;Lo;0;L;;;;;N;;;;;
+A2C3;YI SYLLABLE CEP;Lo;0;L;;;;;N;;;;;
+A2C4;YI SYLLABLE CUT;Lo;0;L;;;;;N;;;;;
+A2C5;YI SYLLABLE CUX;Lo;0;L;;;;;N;;;;;
+A2C6;YI SYLLABLE CU;Lo;0;L;;;;;N;;;;;
+A2C7;YI SYLLABLE CUP;Lo;0;L;;;;;N;;;;;
+A2C8;YI SYLLABLE CURX;Lo;0;L;;;;;N;;;;;
+A2C9;YI SYLLABLE CUR;Lo;0;L;;;;;N;;;;;
+A2CA;YI SYLLABLE CYT;Lo;0;L;;;;;N;;;;;
+A2CB;YI SYLLABLE CYX;Lo;0;L;;;;;N;;;;;
+A2CC;YI SYLLABLE CY;Lo;0;L;;;;;N;;;;;
+A2CD;YI SYLLABLE CYP;Lo;0;L;;;;;N;;;;;
+A2CE;YI SYLLABLE CYRX;Lo;0;L;;;;;N;;;;;
+A2CF;YI SYLLABLE CYR;Lo;0;L;;;;;N;;;;;
+A2D0;YI SYLLABLE ZZIT;Lo;0;L;;;;;N;;;;;
+A2D1;YI SYLLABLE ZZIX;Lo;0;L;;;;;N;;;;;
+A2D2;YI SYLLABLE ZZI;Lo;0;L;;;;;N;;;;;
+A2D3;YI SYLLABLE ZZIP;Lo;0;L;;;;;N;;;;;
+A2D4;YI SYLLABLE ZZIET;Lo;0;L;;;;;N;;;;;
+A2D5;YI SYLLABLE ZZIEX;Lo;0;L;;;;;N;;;;;
+A2D6;YI SYLLABLE ZZIE;Lo;0;L;;;;;N;;;;;
+A2D7;YI SYLLABLE ZZIEP;Lo;0;L;;;;;N;;;;;
+A2D8;YI SYLLABLE ZZAT;Lo;0;L;;;;;N;;;;;
+A2D9;YI SYLLABLE ZZAX;Lo;0;L;;;;;N;;;;;
+A2DA;YI SYLLABLE ZZA;Lo;0;L;;;;;N;;;;;
+A2DB;YI SYLLABLE ZZAP;Lo;0;L;;;;;N;;;;;
+A2DC;YI SYLLABLE ZZOX;Lo;0;L;;;;;N;;;;;
+A2DD;YI SYLLABLE ZZO;Lo;0;L;;;;;N;;;;;
+A2DE;YI SYLLABLE ZZOP;Lo;0;L;;;;;N;;;;;
+A2DF;YI SYLLABLE ZZEX;Lo;0;L;;;;;N;;;;;
+A2E0;YI SYLLABLE ZZE;Lo;0;L;;;;;N;;;;;
+A2E1;YI SYLLABLE ZZEP;Lo;0;L;;;;;N;;;;;
+A2E2;YI SYLLABLE ZZUX;Lo;0;L;;;;;N;;;;;
+A2E3;YI SYLLABLE ZZU;Lo;0;L;;;;;N;;;;;
+A2E4;YI SYLLABLE ZZUP;Lo;0;L;;;;;N;;;;;
+A2E5;YI SYLLABLE ZZURX;Lo;0;L;;;;;N;;;;;
+A2E6;YI SYLLABLE ZZUR;Lo;0;L;;;;;N;;;;;
+A2E7;YI SYLLABLE ZZYT;Lo;0;L;;;;;N;;;;;
+A2E8;YI SYLLABLE ZZYX;Lo;0;L;;;;;N;;;;;
+A2E9;YI SYLLABLE ZZY;Lo;0;L;;;;;N;;;;;
+A2EA;YI SYLLABLE ZZYP;Lo;0;L;;;;;N;;;;;
+A2EB;YI SYLLABLE ZZYRX;Lo;0;L;;;;;N;;;;;
+A2EC;YI SYLLABLE ZZYR;Lo;0;L;;;;;N;;;;;
+A2ED;YI SYLLABLE NZIT;Lo;0;L;;;;;N;;;;;
+A2EE;YI SYLLABLE NZIX;Lo;0;L;;;;;N;;;;;
+A2EF;YI SYLLABLE NZI;Lo;0;L;;;;;N;;;;;
+A2F0;YI SYLLABLE NZIP;Lo;0;L;;;;;N;;;;;
+A2F1;YI SYLLABLE NZIEX;Lo;0;L;;;;;N;;;;;
+A2F2;YI SYLLABLE NZIE;Lo;0;L;;;;;N;;;;;
+A2F3;YI SYLLABLE NZIEP;Lo;0;L;;;;;N;;;;;
+A2F4;YI SYLLABLE NZAT;Lo;0;L;;;;;N;;;;;
+A2F5;YI SYLLABLE NZAX;Lo;0;L;;;;;N;;;;;
+A2F6;YI SYLLABLE NZA;Lo;0;L;;;;;N;;;;;
+A2F7;YI SYLLABLE NZAP;Lo;0;L;;;;;N;;;;;
+A2F8;YI SYLLABLE NZUOX;Lo;0;L;;;;;N;;;;;
+A2F9;YI SYLLABLE NZUO;Lo;0;L;;;;;N;;;;;
+A2FA;YI SYLLABLE NZOX;Lo;0;L;;;;;N;;;;;
+A2FB;YI SYLLABLE NZOP;Lo;0;L;;;;;N;;;;;
+A2FC;YI SYLLABLE NZEX;Lo;0;L;;;;;N;;;;;
+A2FD;YI SYLLABLE NZE;Lo;0;L;;;;;N;;;;;
+A2FE;YI SYLLABLE NZUX;Lo;0;L;;;;;N;;;;;
+A2FF;YI SYLLABLE NZU;Lo;0;L;;;;;N;;;;;
+A300;YI SYLLABLE NZUP;Lo;0;L;;;;;N;;;;;
+A301;YI SYLLABLE NZURX;Lo;0;L;;;;;N;;;;;
+A302;YI SYLLABLE NZUR;Lo;0;L;;;;;N;;;;;
+A303;YI SYLLABLE NZYT;Lo;0;L;;;;;N;;;;;
+A304;YI SYLLABLE NZYX;Lo;0;L;;;;;N;;;;;
+A305;YI SYLLABLE NZY;Lo;0;L;;;;;N;;;;;
+A306;YI SYLLABLE NZYP;Lo;0;L;;;;;N;;;;;
+A307;YI SYLLABLE NZYRX;Lo;0;L;;;;;N;;;;;
+A308;YI SYLLABLE NZYR;Lo;0;L;;;;;N;;;;;
+A309;YI SYLLABLE SIT;Lo;0;L;;;;;N;;;;;
+A30A;YI SYLLABLE SIX;Lo;0;L;;;;;N;;;;;
+A30B;YI SYLLABLE SI;Lo;0;L;;;;;N;;;;;
+A30C;YI SYLLABLE SIP;Lo;0;L;;;;;N;;;;;
+A30D;YI SYLLABLE SIEX;Lo;0;L;;;;;N;;;;;
+A30E;YI SYLLABLE SIE;Lo;0;L;;;;;N;;;;;
+A30F;YI SYLLABLE SIEP;Lo;0;L;;;;;N;;;;;
+A310;YI SYLLABLE SAT;Lo;0;L;;;;;N;;;;;
+A311;YI SYLLABLE SAX;Lo;0;L;;;;;N;;;;;
+A312;YI SYLLABLE SA;Lo;0;L;;;;;N;;;;;
+A313;YI SYLLABLE SAP;Lo;0;L;;;;;N;;;;;
+A314;YI SYLLABLE SUOX;Lo;0;L;;;;;N;;;;;
+A315;YI SYLLABLE SUO;Lo;0;L;;;;;N;;;;;
+A316;YI SYLLABLE SUOP;Lo;0;L;;;;;N;;;;;
+A317;YI SYLLABLE SOT;Lo;0;L;;;;;N;;;;;
+A318;YI SYLLABLE SOX;Lo;0;L;;;;;N;;;;;
+A319;YI SYLLABLE SO;Lo;0;L;;;;;N;;;;;
+A31A;YI SYLLABLE SOP;Lo;0;L;;;;;N;;;;;
+A31B;YI SYLLABLE SEX;Lo;0;L;;;;;N;;;;;
+A31C;YI SYLLABLE SE;Lo;0;L;;;;;N;;;;;
+A31D;YI SYLLABLE SEP;Lo;0;L;;;;;N;;;;;
+A31E;YI SYLLABLE SUT;Lo;0;L;;;;;N;;;;;
+A31F;YI SYLLABLE SUX;Lo;0;L;;;;;N;;;;;
+A320;YI SYLLABLE SU;Lo;0;L;;;;;N;;;;;
+A321;YI SYLLABLE SUP;Lo;0;L;;;;;N;;;;;
+A322;YI SYLLABLE SURX;Lo;0;L;;;;;N;;;;;
+A323;YI SYLLABLE SUR;Lo;0;L;;;;;N;;;;;
+A324;YI SYLLABLE SYT;Lo;0;L;;;;;N;;;;;
+A325;YI SYLLABLE SYX;Lo;0;L;;;;;N;;;;;
+A326;YI SYLLABLE SY;Lo;0;L;;;;;N;;;;;
+A327;YI SYLLABLE SYP;Lo;0;L;;;;;N;;;;;
+A328;YI SYLLABLE SYRX;Lo;0;L;;;;;N;;;;;
+A329;YI SYLLABLE SYR;Lo;0;L;;;;;N;;;;;
+A32A;YI SYLLABLE SSIT;Lo;0;L;;;;;N;;;;;
+A32B;YI SYLLABLE SSIX;Lo;0;L;;;;;N;;;;;
+A32C;YI SYLLABLE SSI;Lo;0;L;;;;;N;;;;;
+A32D;YI SYLLABLE SSIP;Lo;0;L;;;;;N;;;;;
+A32E;YI SYLLABLE SSIEX;Lo;0;L;;;;;N;;;;;
+A32F;YI SYLLABLE SSIE;Lo;0;L;;;;;N;;;;;
+A330;YI SYLLABLE SSIEP;Lo;0;L;;;;;N;;;;;
+A331;YI SYLLABLE SSAT;Lo;0;L;;;;;N;;;;;
+A332;YI SYLLABLE SSAX;Lo;0;L;;;;;N;;;;;
+A333;YI SYLLABLE SSA;Lo;0;L;;;;;N;;;;;
+A334;YI SYLLABLE SSAP;Lo;0;L;;;;;N;;;;;
+A335;YI SYLLABLE SSOT;Lo;0;L;;;;;N;;;;;
+A336;YI SYLLABLE SSOX;Lo;0;L;;;;;N;;;;;
+A337;YI SYLLABLE SSO;Lo;0;L;;;;;N;;;;;
+A338;YI SYLLABLE SSOP;Lo;0;L;;;;;N;;;;;
+A339;YI SYLLABLE SSEX;Lo;0;L;;;;;N;;;;;
+A33A;YI SYLLABLE SSE;Lo;0;L;;;;;N;;;;;
+A33B;YI SYLLABLE SSEP;Lo;0;L;;;;;N;;;;;
+A33C;YI SYLLABLE SSUT;Lo;0;L;;;;;N;;;;;
+A33D;YI SYLLABLE SSUX;Lo;0;L;;;;;N;;;;;
+A33E;YI SYLLABLE SSU;Lo;0;L;;;;;N;;;;;
+A33F;YI SYLLABLE SSUP;Lo;0;L;;;;;N;;;;;
+A340;YI SYLLABLE SSYT;Lo;0;L;;;;;N;;;;;
+A341;YI SYLLABLE SSYX;Lo;0;L;;;;;N;;;;;
+A342;YI SYLLABLE SSY;Lo;0;L;;;;;N;;;;;
+A343;YI SYLLABLE SSYP;Lo;0;L;;;;;N;;;;;
+A344;YI SYLLABLE SSYRX;Lo;0;L;;;;;N;;;;;
+A345;YI SYLLABLE SSYR;Lo;0;L;;;;;N;;;;;
+A346;YI SYLLABLE ZHAT;Lo;0;L;;;;;N;;;;;
+A347;YI SYLLABLE ZHAX;Lo;0;L;;;;;N;;;;;
+A348;YI SYLLABLE ZHA;Lo;0;L;;;;;N;;;;;
+A349;YI SYLLABLE ZHAP;Lo;0;L;;;;;N;;;;;
+A34A;YI SYLLABLE ZHUOX;Lo;0;L;;;;;N;;;;;
+A34B;YI SYLLABLE ZHUO;Lo;0;L;;;;;N;;;;;
+A34C;YI SYLLABLE ZHUOP;Lo;0;L;;;;;N;;;;;
+A34D;YI SYLLABLE ZHOT;Lo;0;L;;;;;N;;;;;
+A34E;YI SYLLABLE ZHOX;Lo;0;L;;;;;N;;;;;
+A34F;YI SYLLABLE ZHO;Lo;0;L;;;;;N;;;;;
+A350;YI SYLLABLE ZHOP;Lo;0;L;;;;;N;;;;;
+A351;YI SYLLABLE ZHET;Lo;0;L;;;;;N;;;;;
+A352;YI SYLLABLE ZHEX;Lo;0;L;;;;;N;;;;;
+A353;YI SYLLABLE ZHE;Lo;0;L;;;;;N;;;;;
+A354;YI SYLLABLE ZHEP;Lo;0;L;;;;;N;;;;;
+A355;YI SYLLABLE ZHUT;Lo;0;L;;;;;N;;;;;
+A356;YI SYLLABLE ZHUX;Lo;0;L;;;;;N;;;;;
+A357;YI SYLLABLE ZHU;Lo;0;L;;;;;N;;;;;
+A358;YI SYLLABLE ZHUP;Lo;0;L;;;;;N;;;;;
+A359;YI SYLLABLE ZHURX;Lo;0;L;;;;;N;;;;;
+A35A;YI SYLLABLE ZHUR;Lo;0;L;;;;;N;;;;;
+A35B;YI SYLLABLE ZHYT;Lo;0;L;;;;;N;;;;;
+A35C;YI SYLLABLE ZHYX;Lo;0;L;;;;;N;;;;;
+A35D;YI SYLLABLE ZHY;Lo;0;L;;;;;N;;;;;
+A35E;YI SYLLABLE ZHYP;Lo;0;L;;;;;N;;;;;
+A35F;YI SYLLABLE ZHYRX;Lo;0;L;;;;;N;;;;;
+A360;YI SYLLABLE ZHYR;Lo;0;L;;;;;N;;;;;
+A361;YI SYLLABLE CHAT;Lo;0;L;;;;;N;;;;;
+A362;YI SYLLABLE CHAX;Lo;0;L;;;;;N;;;;;
+A363;YI SYLLABLE CHA;Lo;0;L;;;;;N;;;;;
+A364;YI SYLLABLE CHAP;Lo;0;L;;;;;N;;;;;
+A365;YI SYLLABLE CHUOT;Lo;0;L;;;;;N;;;;;
+A366;YI SYLLABLE CHUOX;Lo;0;L;;;;;N;;;;;
+A367;YI SYLLABLE CHUO;Lo;0;L;;;;;N;;;;;
+A368;YI SYLLABLE CHUOP;Lo;0;L;;;;;N;;;;;
+A369;YI SYLLABLE CHOT;Lo;0;L;;;;;N;;;;;
+A36A;YI SYLLABLE CHOX;Lo;0;L;;;;;N;;;;;
+A36B;YI SYLLABLE CHO;Lo;0;L;;;;;N;;;;;
+A36C;YI SYLLABLE CHOP;Lo;0;L;;;;;N;;;;;
+A36D;YI SYLLABLE CHET;Lo;0;L;;;;;N;;;;;
+A36E;YI SYLLABLE CHEX;Lo;0;L;;;;;N;;;;;
+A36F;YI SYLLABLE CHE;Lo;0;L;;;;;N;;;;;
+A370;YI SYLLABLE CHEP;Lo;0;L;;;;;N;;;;;
+A371;YI SYLLABLE CHUX;Lo;0;L;;;;;N;;;;;
+A372;YI SYLLABLE CHU;Lo;0;L;;;;;N;;;;;
+A373;YI SYLLABLE CHUP;Lo;0;L;;;;;N;;;;;
+A374;YI SYLLABLE CHURX;Lo;0;L;;;;;N;;;;;
+A375;YI SYLLABLE CHUR;Lo;0;L;;;;;N;;;;;
+A376;YI SYLLABLE CHYT;Lo;0;L;;;;;N;;;;;
+A377;YI SYLLABLE CHYX;Lo;0;L;;;;;N;;;;;
+A378;YI SYLLABLE CHY;Lo;0;L;;;;;N;;;;;
+A379;YI SYLLABLE CHYP;Lo;0;L;;;;;N;;;;;
+A37A;YI SYLLABLE CHYRX;Lo;0;L;;;;;N;;;;;
+A37B;YI SYLLABLE CHYR;Lo;0;L;;;;;N;;;;;
+A37C;YI SYLLABLE RRAX;Lo;0;L;;;;;N;;;;;
+A37D;YI SYLLABLE RRA;Lo;0;L;;;;;N;;;;;
+A37E;YI SYLLABLE RRUOX;Lo;0;L;;;;;N;;;;;
+A37F;YI SYLLABLE RRUO;Lo;0;L;;;;;N;;;;;
+A380;YI SYLLABLE RROT;Lo;0;L;;;;;N;;;;;
+A381;YI SYLLABLE RROX;Lo;0;L;;;;;N;;;;;
+A382;YI SYLLABLE RRO;Lo;0;L;;;;;N;;;;;
+A383;YI SYLLABLE RROP;Lo;0;L;;;;;N;;;;;
+A384;YI SYLLABLE RRET;Lo;0;L;;;;;N;;;;;
+A385;YI SYLLABLE RREX;Lo;0;L;;;;;N;;;;;
+A386;YI SYLLABLE RRE;Lo;0;L;;;;;N;;;;;
+A387;YI SYLLABLE RREP;Lo;0;L;;;;;N;;;;;
+A388;YI SYLLABLE RRUT;Lo;0;L;;;;;N;;;;;
+A389;YI SYLLABLE RRUX;Lo;0;L;;;;;N;;;;;
+A38A;YI SYLLABLE RRU;Lo;0;L;;;;;N;;;;;
+A38B;YI SYLLABLE RRUP;Lo;0;L;;;;;N;;;;;
+A38C;YI SYLLABLE RRURX;Lo;0;L;;;;;N;;;;;
+A38D;YI SYLLABLE RRUR;Lo;0;L;;;;;N;;;;;
+A38E;YI SYLLABLE RRYT;Lo;0;L;;;;;N;;;;;
+A38F;YI SYLLABLE RRYX;Lo;0;L;;;;;N;;;;;
+A390;YI SYLLABLE RRY;Lo;0;L;;;;;N;;;;;
+A391;YI SYLLABLE RRYP;Lo;0;L;;;;;N;;;;;
+A392;YI SYLLABLE RRYRX;Lo;0;L;;;;;N;;;;;
+A393;YI SYLLABLE RRYR;Lo;0;L;;;;;N;;;;;
+A394;YI SYLLABLE NRAT;Lo;0;L;;;;;N;;;;;
+A395;YI SYLLABLE NRAX;Lo;0;L;;;;;N;;;;;
+A396;YI SYLLABLE NRA;Lo;0;L;;;;;N;;;;;
+A397;YI SYLLABLE NRAP;Lo;0;L;;;;;N;;;;;
+A398;YI SYLLABLE NROX;Lo;0;L;;;;;N;;;;;
+A399;YI SYLLABLE NRO;Lo;0;L;;;;;N;;;;;
+A39A;YI SYLLABLE NROP;Lo;0;L;;;;;N;;;;;
+A39B;YI SYLLABLE NRET;Lo;0;L;;;;;N;;;;;
+A39C;YI SYLLABLE NREX;Lo;0;L;;;;;N;;;;;
+A39D;YI SYLLABLE NRE;Lo;0;L;;;;;N;;;;;
+A39E;YI SYLLABLE NREP;Lo;0;L;;;;;N;;;;;
+A39F;YI SYLLABLE NRUT;Lo;0;L;;;;;N;;;;;
+A3A0;YI SYLLABLE NRUX;Lo;0;L;;;;;N;;;;;
+A3A1;YI SYLLABLE NRU;Lo;0;L;;;;;N;;;;;
+A3A2;YI SYLLABLE NRUP;Lo;0;L;;;;;N;;;;;
+A3A3;YI SYLLABLE NRURX;Lo;0;L;;;;;N;;;;;
+A3A4;YI SYLLABLE NRUR;Lo;0;L;;;;;N;;;;;
+A3A5;YI SYLLABLE NRYT;Lo;0;L;;;;;N;;;;;
+A3A6;YI SYLLABLE NRYX;Lo;0;L;;;;;N;;;;;
+A3A7;YI SYLLABLE NRY;Lo;0;L;;;;;N;;;;;
+A3A8;YI SYLLABLE NRYP;Lo;0;L;;;;;N;;;;;
+A3A9;YI SYLLABLE NRYRX;Lo;0;L;;;;;N;;;;;
+A3AA;YI SYLLABLE NRYR;Lo;0;L;;;;;N;;;;;
+A3AB;YI SYLLABLE SHAT;Lo;0;L;;;;;N;;;;;
+A3AC;YI SYLLABLE SHAX;Lo;0;L;;;;;N;;;;;
+A3AD;YI SYLLABLE SHA;Lo;0;L;;;;;N;;;;;
+A3AE;YI SYLLABLE SHAP;Lo;0;L;;;;;N;;;;;
+A3AF;YI SYLLABLE SHUOX;Lo;0;L;;;;;N;;;;;
+A3B0;YI SYLLABLE SHUO;Lo;0;L;;;;;N;;;;;
+A3B1;YI SYLLABLE SHUOP;Lo;0;L;;;;;N;;;;;
+A3B2;YI SYLLABLE SHOT;Lo;0;L;;;;;N;;;;;
+A3B3;YI SYLLABLE SHOX;Lo;0;L;;;;;N;;;;;
+A3B4;YI SYLLABLE SHO;Lo;0;L;;;;;N;;;;;
+A3B5;YI SYLLABLE SHOP;Lo;0;L;;;;;N;;;;;
+A3B6;YI SYLLABLE SHET;Lo;0;L;;;;;N;;;;;
+A3B7;YI SYLLABLE SHEX;Lo;0;L;;;;;N;;;;;
+A3B8;YI SYLLABLE SHE;Lo;0;L;;;;;N;;;;;
+A3B9;YI SYLLABLE SHEP;Lo;0;L;;;;;N;;;;;
+A3BA;YI SYLLABLE SHUT;Lo;0;L;;;;;N;;;;;
+A3BB;YI SYLLABLE SHUX;Lo;0;L;;;;;N;;;;;
+A3BC;YI SYLLABLE SHU;Lo;0;L;;;;;N;;;;;
+A3BD;YI SYLLABLE SHUP;Lo;0;L;;;;;N;;;;;
+A3BE;YI SYLLABLE SHURX;Lo;0;L;;;;;N;;;;;
+A3BF;YI SYLLABLE SHUR;Lo;0;L;;;;;N;;;;;
+A3C0;YI SYLLABLE SHYT;Lo;0;L;;;;;N;;;;;
+A3C1;YI SYLLABLE SHYX;Lo;0;L;;;;;N;;;;;
+A3C2;YI SYLLABLE SHY;Lo;0;L;;;;;N;;;;;
+A3C3;YI SYLLABLE SHYP;Lo;0;L;;;;;N;;;;;
+A3C4;YI SYLLABLE SHYRX;Lo;0;L;;;;;N;;;;;
+A3C5;YI SYLLABLE SHYR;Lo;0;L;;;;;N;;;;;
+A3C6;YI SYLLABLE RAT;Lo;0;L;;;;;N;;;;;
+A3C7;YI SYLLABLE RAX;Lo;0;L;;;;;N;;;;;
+A3C8;YI SYLLABLE RA;Lo;0;L;;;;;N;;;;;
+A3C9;YI SYLLABLE RAP;Lo;0;L;;;;;N;;;;;
+A3CA;YI SYLLABLE RUOX;Lo;0;L;;;;;N;;;;;
+A3CB;YI SYLLABLE RUO;Lo;0;L;;;;;N;;;;;
+A3CC;YI SYLLABLE RUOP;Lo;0;L;;;;;N;;;;;
+A3CD;YI SYLLABLE ROT;Lo;0;L;;;;;N;;;;;
+A3CE;YI SYLLABLE ROX;Lo;0;L;;;;;N;;;;;
+A3CF;YI SYLLABLE RO;Lo;0;L;;;;;N;;;;;
+A3D0;YI SYLLABLE ROP;Lo;0;L;;;;;N;;;;;
+A3D1;YI SYLLABLE REX;Lo;0;L;;;;;N;;;;;
+A3D2;YI SYLLABLE RE;Lo;0;L;;;;;N;;;;;
+A3D3;YI SYLLABLE REP;Lo;0;L;;;;;N;;;;;
+A3D4;YI SYLLABLE RUT;Lo;0;L;;;;;N;;;;;
+A3D5;YI SYLLABLE RUX;Lo;0;L;;;;;N;;;;;
+A3D6;YI SYLLABLE RU;Lo;0;L;;;;;N;;;;;
+A3D7;YI SYLLABLE RUP;Lo;0;L;;;;;N;;;;;
+A3D8;YI SYLLABLE RURX;Lo;0;L;;;;;N;;;;;
+A3D9;YI SYLLABLE RUR;Lo;0;L;;;;;N;;;;;
+A3DA;YI SYLLABLE RYT;Lo;0;L;;;;;N;;;;;
+A3DB;YI SYLLABLE RYX;Lo;0;L;;;;;N;;;;;
+A3DC;YI SYLLABLE RY;Lo;0;L;;;;;N;;;;;
+A3DD;YI SYLLABLE RYP;Lo;0;L;;;;;N;;;;;
+A3DE;YI SYLLABLE RYRX;Lo;0;L;;;;;N;;;;;
+A3DF;YI SYLLABLE RYR;Lo;0;L;;;;;N;;;;;
+A3E0;YI SYLLABLE JIT;Lo;0;L;;;;;N;;;;;
+A3E1;YI SYLLABLE JIX;Lo;0;L;;;;;N;;;;;
+A3E2;YI SYLLABLE JI;Lo;0;L;;;;;N;;;;;
+A3E3;YI SYLLABLE JIP;Lo;0;L;;;;;N;;;;;
+A3E4;YI SYLLABLE JIET;Lo;0;L;;;;;N;;;;;
+A3E5;YI SYLLABLE JIEX;Lo;0;L;;;;;N;;;;;
+A3E6;YI SYLLABLE JIE;Lo;0;L;;;;;N;;;;;
+A3E7;YI SYLLABLE JIEP;Lo;0;L;;;;;N;;;;;
+A3E8;YI SYLLABLE JUOT;Lo;0;L;;;;;N;;;;;
+A3E9;YI SYLLABLE JUOX;Lo;0;L;;;;;N;;;;;
+A3EA;YI SYLLABLE JUO;Lo;0;L;;;;;N;;;;;
+A3EB;YI SYLLABLE JUOP;Lo;0;L;;;;;N;;;;;
+A3EC;YI SYLLABLE JOT;Lo;0;L;;;;;N;;;;;
+A3ED;YI SYLLABLE JOX;Lo;0;L;;;;;N;;;;;
+A3EE;YI SYLLABLE JO;Lo;0;L;;;;;N;;;;;
+A3EF;YI SYLLABLE JOP;Lo;0;L;;;;;N;;;;;
+A3F0;YI SYLLABLE JUT;Lo;0;L;;;;;N;;;;;
+A3F1;YI SYLLABLE JUX;Lo;0;L;;;;;N;;;;;
+A3F2;YI SYLLABLE JU;Lo;0;L;;;;;N;;;;;
+A3F3;YI SYLLABLE JUP;Lo;0;L;;;;;N;;;;;
+A3F4;YI SYLLABLE JURX;Lo;0;L;;;;;N;;;;;
+A3F5;YI SYLLABLE JUR;Lo;0;L;;;;;N;;;;;
+A3F6;YI SYLLABLE JYT;Lo;0;L;;;;;N;;;;;
+A3F7;YI SYLLABLE JYX;Lo;0;L;;;;;N;;;;;
+A3F8;YI SYLLABLE JY;Lo;0;L;;;;;N;;;;;
+A3F9;YI SYLLABLE JYP;Lo;0;L;;;;;N;;;;;
+A3FA;YI SYLLABLE JYRX;Lo;0;L;;;;;N;;;;;
+A3FB;YI SYLLABLE JYR;Lo;0;L;;;;;N;;;;;
+A3FC;YI SYLLABLE QIT;Lo;0;L;;;;;N;;;;;
+A3FD;YI SYLLABLE QIX;Lo;0;L;;;;;N;;;;;
+A3FE;YI SYLLABLE QI;Lo;0;L;;;;;N;;;;;
+A3FF;YI SYLLABLE QIP;Lo;0;L;;;;;N;;;;;
+A400;YI SYLLABLE QIET;Lo;0;L;;;;;N;;;;;
+A401;YI SYLLABLE QIEX;Lo;0;L;;;;;N;;;;;
+A402;YI SYLLABLE QIE;Lo;0;L;;;;;N;;;;;
+A403;YI SYLLABLE QIEP;Lo;0;L;;;;;N;;;;;
+A404;YI SYLLABLE QUOT;Lo;0;L;;;;;N;;;;;
+A405;YI SYLLABLE QUOX;Lo;0;L;;;;;N;;;;;
+A406;YI SYLLABLE QUO;Lo;0;L;;;;;N;;;;;
+A407;YI SYLLABLE QUOP;Lo;0;L;;;;;N;;;;;
+A408;YI SYLLABLE QOT;Lo;0;L;;;;;N;;;;;
+A409;YI SYLLABLE QOX;Lo;0;L;;;;;N;;;;;
+A40A;YI SYLLABLE QO;Lo;0;L;;;;;N;;;;;
+A40B;YI SYLLABLE QOP;Lo;0;L;;;;;N;;;;;
+A40C;YI SYLLABLE QUT;Lo;0;L;;;;;N;;;;;
+A40D;YI SYLLABLE QUX;Lo;0;L;;;;;N;;;;;
+A40E;YI SYLLABLE QU;Lo;0;L;;;;;N;;;;;
+A40F;YI SYLLABLE QUP;Lo;0;L;;;;;N;;;;;
+A410;YI SYLLABLE QURX;Lo;0;L;;;;;N;;;;;
+A411;YI SYLLABLE QUR;Lo;0;L;;;;;N;;;;;
+A412;YI SYLLABLE QYT;Lo;0;L;;;;;N;;;;;
+A413;YI SYLLABLE QYX;Lo;0;L;;;;;N;;;;;
+A414;YI SYLLABLE QY;Lo;0;L;;;;;N;;;;;
+A415;YI SYLLABLE QYP;Lo;0;L;;;;;N;;;;;
+A416;YI SYLLABLE QYRX;Lo;0;L;;;;;N;;;;;
+A417;YI SYLLABLE QYR;Lo;0;L;;;;;N;;;;;
+A418;YI SYLLABLE JJIT;Lo;0;L;;;;;N;;;;;
+A419;YI SYLLABLE JJIX;Lo;0;L;;;;;N;;;;;
+A41A;YI SYLLABLE JJI;Lo;0;L;;;;;N;;;;;
+A41B;YI SYLLABLE JJIP;Lo;0;L;;;;;N;;;;;
+A41C;YI SYLLABLE JJIET;Lo;0;L;;;;;N;;;;;
+A41D;YI SYLLABLE JJIEX;Lo;0;L;;;;;N;;;;;
+A41E;YI SYLLABLE JJIE;Lo;0;L;;;;;N;;;;;
+A41F;YI SYLLABLE JJIEP;Lo;0;L;;;;;N;;;;;
+A420;YI SYLLABLE JJUOX;Lo;0;L;;;;;N;;;;;
+A421;YI SYLLABLE JJUO;Lo;0;L;;;;;N;;;;;
+A422;YI SYLLABLE JJUOP;Lo;0;L;;;;;N;;;;;
+A423;YI SYLLABLE JJOT;Lo;0;L;;;;;N;;;;;
+A424;YI SYLLABLE JJOX;Lo;0;L;;;;;N;;;;;
+A425;YI SYLLABLE JJO;Lo;0;L;;;;;N;;;;;
+A426;YI SYLLABLE JJOP;Lo;0;L;;;;;N;;;;;
+A427;YI SYLLABLE JJUT;Lo;0;L;;;;;N;;;;;
+A428;YI SYLLABLE JJUX;Lo;0;L;;;;;N;;;;;
+A429;YI SYLLABLE JJU;Lo;0;L;;;;;N;;;;;
+A42A;YI SYLLABLE JJUP;Lo;0;L;;;;;N;;;;;
+A42B;YI SYLLABLE JJURX;Lo;0;L;;;;;N;;;;;
+A42C;YI SYLLABLE JJUR;Lo;0;L;;;;;N;;;;;
+A42D;YI SYLLABLE JJYT;Lo;0;L;;;;;N;;;;;
+A42E;YI SYLLABLE JJYX;Lo;0;L;;;;;N;;;;;
+A42F;YI SYLLABLE JJY;Lo;0;L;;;;;N;;;;;
+A430;YI SYLLABLE JJYP;Lo;0;L;;;;;N;;;;;
+A431;YI SYLLABLE NJIT;Lo;0;L;;;;;N;;;;;
+A432;YI SYLLABLE NJIX;Lo;0;L;;;;;N;;;;;
+A433;YI SYLLABLE NJI;Lo;0;L;;;;;N;;;;;
+A434;YI SYLLABLE NJIP;Lo;0;L;;;;;N;;;;;
+A435;YI SYLLABLE NJIET;Lo;0;L;;;;;N;;;;;
+A436;YI SYLLABLE NJIEX;Lo;0;L;;;;;N;;;;;
+A437;YI SYLLABLE NJIE;Lo;0;L;;;;;N;;;;;
+A438;YI SYLLABLE NJIEP;Lo;0;L;;;;;N;;;;;
+A439;YI SYLLABLE NJUOX;Lo;0;L;;;;;N;;;;;
+A43A;YI SYLLABLE NJUO;Lo;0;L;;;;;N;;;;;
+A43B;YI SYLLABLE NJOT;Lo;0;L;;;;;N;;;;;
+A43C;YI SYLLABLE NJOX;Lo;0;L;;;;;N;;;;;
+A43D;YI SYLLABLE NJO;Lo;0;L;;;;;N;;;;;
+A43E;YI SYLLABLE NJOP;Lo;0;L;;;;;N;;;;;
+A43F;YI SYLLABLE NJUX;Lo;0;L;;;;;N;;;;;
+A440;YI SYLLABLE NJU;Lo;0;L;;;;;N;;;;;
+A441;YI SYLLABLE NJUP;Lo;0;L;;;;;N;;;;;
+A442;YI SYLLABLE NJURX;Lo;0;L;;;;;N;;;;;
+A443;YI SYLLABLE NJUR;Lo;0;L;;;;;N;;;;;
+A444;YI SYLLABLE NJYT;Lo;0;L;;;;;N;;;;;
+A445;YI SYLLABLE NJYX;Lo;0;L;;;;;N;;;;;
+A446;YI SYLLABLE NJY;Lo;0;L;;;;;N;;;;;
+A447;YI SYLLABLE NJYP;Lo;0;L;;;;;N;;;;;
+A448;YI SYLLABLE NJYRX;Lo;0;L;;;;;N;;;;;
+A449;YI SYLLABLE NJYR;Lo;0;L;;;;;N;;;;;
+A44A;YI SYLLABLE NYIT;Lo;0;L;;;;;N;;;;;
+A44B;YI SYLLABLE NYIX;Lo;0;L;;;;;N;;;;;
+A44C;YI SYLLABLE NYI;Lo;0;L;;;;;N;;;;;
+A44D;YI SYLLABLE NYIP;Lo;0;L;;;;;N;;;;;
+A44E;YI SYLLABLE NYIET;Lo;0;L;;;;;N;;;;;
+A44F;YI SYLLABLE NYIEX;Lo;0;L;;;;;N;;;;;
+A450;YI SYLLABLE NYIE;Lo;0;L;;;;;N;;;;;
+A451;YI SYLLABLE NYIEP;Lo;0;L;;;;;N;;;;;
+A452;YI SYLLABLE NYUOX;Lo;0;L;;;;;N;;;;;
+A453;YI SYLLABLE NYUO;Lo;0;L;;;;;N;;;;;
+A454;YI SYLLABLE NYUOP;Lo;0;L;;;;;N;;;;;
+A455;YI SYLLABLE NYOT;Lo;0;L;;;;;N;;;;;
+A456;YI SYLLABLE NYOX;Lo;0;L;;;;;N;;;;;
+A457;YI SYLLABLE NYO;Lo;0;L;;;;;N;;;;;
+A458;YI SYLLABLE NYOP;Lo;0;L;;;;;N;;;;;
+A459;YI SYLLABLE NYUT;Lo;0;L;;;;;N;;;;;
+A45A;YI SYLLABLE NYUX;Lo;0;L;;;;;N;;;;;
+A45B;YI SYLLABLE NYU;Lo;0;L;;;;;N;;;;;
+A45C;YI SYLLABLE NYUP;Lo;0;L;;;;;N;;;;;
+A45D;YI SYLLABLE XIT;Lo;0;L;;;;;N;;;;;
+A45E;YI SYLLABLE XIX;Lo;0;L;;;;;N;;;;;
+A45F;YI SYLLABLE XI;Lo;0;L;;;;;N;;;;;
+A460;YI SYLLABLE XIP;Lo;0;L;;;;;N;;;;;
+A461;YI SYLLABLE XIET;Lo;0;L;;;;;N;;;;;
+A462;YI SYLLABLE XIEX;Lo;0;L;;;;;N;;;;;
+A463;YI SYLLABLE XIE;Lo;0;L;;;;;N;;;;;
+A464;YI SYLLABLE XIEP;Lo;0;L;;;;;N;;;;;
+A465;YI SYLLABLE XUOX;Lo;0;L;;;;;N;;;;;
+A466;YI SYLLABLE XUO;Lo;0;L;;;;;N;;;;;
+A467;YI SYLLABLE XOT;Lo;0;L;;;;;N;;;;;
+A468;YI SYLLABLE XOX;Lo;0;L;;;;;N;;;;;
+A469;YI SYLLABLE XO;Lo;0;L;;;;;N;;;;;
+A46A;YI SYLLABLE XOP;Lo;0;L;;;;;N;;;;;
+A46B;YI SYLLABLE XYT;Lo;0;L;;;;;N;;;;;
+A46C;YI SYLLABLE XYX;Lo;0;L;;;;;N;;;;;
+A46D;YI SYLLABLE XY;Lo;0;L;;;;;N;;;;;
+A46E;YI SYLLABLE XYP;Lo;0;L;;;;;N;;;;;
+A46F;YI SYLLABLE XYRX;Lo;0;L;;;;;N;;;;;
+A470;YI SYLLABLE XYR;Lo;0;L;;;;;N;;;;;
+A471;YI SYLLABLE YIT;Lo;0;L;;;;;N;;;;;
+A472;YI SYLLABLE YIX;Lo;0;L;;;;;N;;;;;
+A473;YI SYLLABLE YI;Lo;0;L;;;;;N;;;;;
+A474;YI SYLLABLE YIP;Lo;0;L;;;;;N;;;;;
+A475;YI SYLLABLE YIET;Lo;0;L;;;;;N;;;;;
+A476;YI SYLLABLE YIEX;Lo;0;L;;;;;N;;;;;
+A477;YI SYLLABLE YIE;Lo;0;L;;;;;N;;;;;
+A478;YI SYLLABLE YIEP;Lo;0;L;;;;;N;;;;;
+A479;YI SYLLABLE YUOT;Lo;0;L;;;;;N;;;;;
+A47A;YI SYLLABLE YUOX;Lo;0;L;;;;;N;;;;;
+A47B;YI SYLLABLE YUO;Lo;0;L;;;;;N;;;;;
+A47C;YI SYLLABLE YUOP;Lo;0;L;;;;;N;;;;;
+A47D;YI SYLLABLE YOT;Lo;0;L;;;;;N;;;;;
+A47E;YI SYLLABLE YOX;Lo;0;L;;;;;N;;;;;
+A47F;YI SYLLABLE YO;Lo;0;L;;;;;N;;;;;
+A480;YI SYLLABLE YOP;Lo;0;L;;;;;N;;;;;
+A481;YI SYLLABLE YUT;Lo;0;L;;;;;N;;;;;
+A482;YI SYLLABLE YUX;Lo;0;L;;;;;N;;;;;
+A483;YI SYLLABLE YU;Lo;0;L;;;;;N;;;;;
+A484;YI SYLLABLE YUP;Lo;0;L;;;;;N;;;;;
+A485;YI SYLLABLE YURX;Lo;0;L;;;;;N;;;;;
+A486;YI SYLLABLE YUR;Lo;0;L;;;;;N;;;;;
+A487;YI SYLLABLE YYT;Lo;0;L;;;;;N;;;;;
+A488;YI SYLLABLE YYX;Lo;0;L;;;;;N;;;;;
+A489;YI SYLLABLE YY;Lo;0;L;;;;;N;;;;;
+A48A;YI SYLLABLE YYP;Lo;0;L;;;;;N;;;;;
+A48B;YI SYLLABLE YYRX;Lo;0;L;;;;;N;;;;;
+A48C;YI SYLLABLE YYR;Lo;0;L;;;;;N;;;;;
+A490;YI RADICAL QOT;So;0;ON;;;;;N;;;;;
+A491;YI RADICAL LI;So;0;ON;;;;;N;;;;;
+A492;YI RADICAL KIT;So;0;ON;;;;;N;;;;;
+A493;YI RADICAL NYIP;So;0;ON;;;;;N;;;;;
+A494;YI RADICAL CYP;So;0;ON;;;;;N;;;;;
+A495;YI RADICAL SSI;So;0;ON;;;;;N;;;;;
+A496;YI RADICAL GGOP;So;0;ON;;;;;N;;;;;
+A497;YI RADICAL GEP;So;0;ON;;;;;N;;;;;
+A498;YI RADICAL MI;So;0;ON;;;;;N;;;;;
+A499;YI RADICAL HXIT;So;0;ON;;;;;N;;;;;
+A49A;YI RADICAL LYR;So;0;ON;;;;;N;;;;;
+A49B;YI RADICAL BBUT;So;0;ON;;;;;N;;;;;
+A49C;YI RADICAL MOP;So;0;ON;;;;;N;;;;;
+A49D;YI RADICAL YO;So;0;ON;;;;;N;;;;;
+A49E;YI RADICAL PUT;So;0;ON;;;;;N;;;;;
+A49F;YI RADICAL HXUO;So;0;ON;;;;;N;;;;;
+A4A0;YI RADICAL TAT;So;0;ON;;;;;N;;;;;
+A4A1;YI RADICAL GA;So;0;ON;;;;;N;;;;;
+A4A2;YI RADICAL ZUP;So;0;ON;;;;;N;;;;;
+A4A3;YI RADICAL CYT;So;0;ON;;;;;N;;;;;
+A4A4;YI RADICAL DDUR;So;0;ON;;;;;N;;;;;
+A4A5;YI RADICAL BUR;So;0;ON;;;;;N;;;;;
+A4A6;YI RADICAL GGUO;So;0;ON;;;;;N;;;;;
+A4A7;YI RADICAL NYOP;So;0;ON;;;;;N;;;;;
+A4A8;YI RADICAL TU;So;0;ON;;;;;N;;;;;
+A4A9;YI RADICAL OP;So;0;ON;;;;;N;;;;;
+A4AA;YI RADICAL JJUT;So;0;ON;;;;;N;;;;;
+A4AB;YI RADICAL ZOT;So;0;ON;;;;;N;;;;;
+A4AC;YI RADICAL PYT;So;0;ON;;;;;N;;;;;
+A4AD;YI RADICAL HMO;So;0;ON;;;;;N;;;;;
+A4AE;YI RADICAL YIT;So;0;ON;;;;;N;;;;;
+A4AF;YI RADICAL VUR;So;0;ON;;;;;N;;;;;
+A4B0;YI RADICAL SHY;So;0;ON;;;;;N;;;;;
+A4B1;YI RADICAL VEP;So;0;ON;;;;;N;;;;;
+A4B2;YI RADICAL ZA;So;0;ON;;;;;N;;;;;
+A4B3;YI RADICAL JO;So;0;ON;;;;;N;;;;;
+A4B4;YI RADICAL NZUP;So;0;ON;;;;;N;;;;;
+A4B5;YI RADICAL JJY;So;0;ON;;;;;N;;;;;
+A4B6;YI RADICAL GOT;So;0;ON;;;;;N;;;;;
+A4B7;YI RADICAL JJIE;So;0;ON;;;;;N;;;;;
+A4B8;YI RADICAL WO;So;0;ON;;;;;N;;;;;
+A4B9;YI RADICAL DU;So;0;ON;;;;;N;;;;;
+A4BA;YI RADICAL SHUR;So;0;ON;;;;;N;;;;;
+A4BB;YI RADICAL LIE;So;0;ON;;;;;N;;;;;
+A4BC;YI RADICAL CY;So;0;ON;;;;;N;;;;;
+A4BD;YI RADICAL CUOP;So;0;ON;;;;;N;;;;;
+A4BE;YI RADICAL CIP;So;0;ON;;;;;N;;;;;
+A4BF;YI RADICAL HXOP;So;0;ON;;;;;N;;;;;
+A4C0;YI RADICAL SHAT;So;0;ON;;;;;N;;;;;
+A4C1;YI RADICAL ZUR;So;0;ON;;;;;N;;;;;
+A4C2;YI RADICAL SHOP;So;0;ON;;;;;N;;;;;
+A4C3;YI RADICAL CHE;So;0;ON;;;;;N;;;;;
+A4C4;YI RADICAL ZZIET;So;0;ON;;;;;N;;;;;
+A4C5;YI RADICAL NBIE;So;0;ON;;;;;N;;;;;
+A4C6;YI RADICAL KE;So;0;ON;;;;;N;;;;;
+AC00;<Hangul Syllable, First>;Lo;0;L;;;;;N;;;;;
+D7A3;<Hangul Syllable, Last>;Lo;0;L;;;;;N;;;;;
+D800;<Non Private Use High Surrogate, First>;Cs;0;L;;;;;N;;;;;
+DB7F;<Non Private Use High Surrogate, Last>;Cs;0;L;;;;;N;;;;;
+DB80;<Private Use High Surrogate, First>;Cs;0;L;;;;;N;;;;;
+DBFF;<Private Use High Surrogate, Last>;Cs;0;L;;;;;N;;;;;
+DC00;<Low Surrogate, First>;Cs;0;L;;;;;N;;;;;
+DFFF;<Low Surrogate, Last>;Cs;0;L;;;;;N;;;;;
+E000;<Private Use, First>;Co;0;L;;;;;N;;;;;
+F8FF;<Private Use, Last>;Co;0;L;;;;;N;;;;;
+F900;CJK COMPATIBILITY IDEOGRAPH-F900;Lo;0;L;8C48;;;;N;;;;;
+F901;CJK COMPATIBILITY IDEOGRAPH-F901;Lo;0;L;66F4;;;;N;;;;;
+F902;CJK COMPATIBILITY IDEOGRAPH-F902;Lo;0;L;8ECA;;;;N;;;;;
+F903;CJK COMPATIBILITY IDEOGRAPH-F903;Lo;0;L;8CC8;;;;N;;;;;
+F904;CJK COMPATIBILITY IDEOGRAPH-F904;Lo;0;L;6ED1;;;;N;;;;;
+F905;CJK COMPATIBILITY IDEOGRAPH-F905;Lo;0;L;4E32;;;;N;;;;;
+F906;CJK COMPATIBILITY IDEOGRAPH-F906;Lo;0;L;53E5;;;;N;;;;;
+F907;CJK COMPATIBILITY IDEOGRAPH-F907;Lo;0;L;9F9C;;;;N;;;;;
+F908;CJK COMPATIBILITY IDEOGRAPH-F908;Lo;0;L;9F9C;;;;N;;;;;
+F909;CJK COMPATIBILITY IDEOGRAPH-F909;Lo;0;L;5951;;;;N;;;;;
+F90A;CJK COMPATIBILITY IDEOGRAPH-F90A;Lo;0;L;91D1;;;;N;;;;;
+F90B;CJK COMPATIBILITY IDEOGRAPH-F90B;Lo;0;L;5587;;;;N;;;;;
+F90C;CJK COMPATIBILITY IDEOGRAPH-F90C;Lo;0;L;5948;;;;N;;;;;
+F90D;CJK COMPATIBILITY IDEOGRAPH-F90D;Lo;0;L;61F6;;;;N;;;;;
+F90E;CJK COMPATIBILITY IDEOGRAPH-F90E;Lo;0;L;7669;;;;N;;;;;
+F90F;CJK COMPATIBILITY IDEOGRAPH-F90F;Lo;0;L;7F85;;;;N;;;;;
+F910;CJK COMPATIBILITY IDEOGRAPH-F910;Lo;0;L;863F;;;;N;;;;;
+F911;CJK COMPATIBILITY IDEOGRAPH-F911;Lo;0;L;87BA;;;;N;;;;;
+F912;CJK COMPATIBILITY IDEOGRAPH-F912;Lo;0;L;88F8;;;;N;;;;;
+F913;CJK COMPATIBILITY IDEOGRAPH-F913;Lo;0;L;908F;;;;N;;;;;
+F914;CJK COMPATIBILITY IDEOGRAPH-F914;Lo;0;L;6A02;;;;N;;;;;
+F915;CJK COMPATIBILITY IDEOGRAPH-F915;Lo;0;L;6D1B;;;;N;;;;;
+F916;CJK COMPATIBILITY IDEOGRAPH-F916;Lo;0;L;70D9;;;;N;;;;;
+F917;CJK COMPATIBILITY IDEOGRAPH-F917;Lo;0;L;73DE;;;;N;;;;;
+F918;CJK COMPATIBILITY IDEOGRAPH-F918;Lo;0;L;843D;;;;N;;;;;
+F919;CJK COMPATIBILITY IDEOGRAPH-F919;Lo;0;L;916A;;;;N;;;;;
+F91A;CJK COMPATIBILITY IDEOGRAPH-F91A;Lo;0;L;99F1;;;;N;;;;;
+F91B;CJK COMPATIBILITY IDEOGRAPH-F91B;Lo;0;L;4E82;;;;N;;;;;
+F91C;CJK COMPATIBILITY IDEOGRAPH-F91C;Lo;0;L;5375;;;;N;;;;;
+F91D;CJK COMPATIBILITY IDEOGRAPH-F91D;Lo;0;L;6B04;;;;N;;;;;
+F91E;CJK COMPATIBILITY IDEOGRAPH-F91E;Lo;0;L;721B;;;;N;;;;;
+F91F;CJK COMPATIBILITY IDEOGRAPH-F91F;Lo;0;L;862D;;;;N;;;;;
+F920;CJK COMPATIBILITY IDEOGRAPH-F920;Lo;0;L;9E1E;;;;N;;;;;
+F921;CJK COMPATIBILITY IDEOGRAPH-F921;Lo;0;L;5D50;;;;N;;;;;
+F922;CJK COMPATIBILITY IDEOGRAPH-F922;Lo;0;L;6FEB;;;;N;;;;;
+F923;CJK COMPATIBILITY IDEOGRAPH-F923;Lo;0;L;85CD;;;;N;;;;;
+F924;CJK COMPATIBILITY IDEOGRAPH-F924;Lo;0;L;8964;;;;N;;;;;
+F925;CJK COMPATIBILITY IDEOGRAPH-F925;Lo;0;L;62C9;;;;N;;;;;
+F926;CJK COMPATIBILITY IDEOGRAPH-F926;Lo;0;L;81D8;;;;N;;;;;
+F927;CJK COMPATIBILITY IDEOGRAPH-F927;Lo;0;L;881F;;;;N;;;;;
+F928;CJK COMPATIBILITY IDEOGRAPH-F928;Lo;0;L;5ECA;;;;N;;;;;
+F929;CJK COMPATIBILITY IDEOGRAPH-F929;Lo;0;L;6717;;;;N;;;;;
+F92A;CJK COMPATIBILITY IDEOGRAPH-F92A;Lo;0;L;6D6A;;;;N;;;;;
+F92B;CJK COMPATIBILITY IDEOGRAPH-F92B;Lo;0;L;72FC;;;;N;;;;;
+F92C;CJK COMPATIBILITY IDEOGRAPH-F92C;Lo;0;L;90CE;;;;N;;;;;
+F92D;CJK COMPATIBILITY IDEOGRAPH-F92D;Lo;0;L;4F86;;;;N;;;;;
+F92E;CJK COMPATIBILITY IDEOGRAPH-F92E;Lo;0;L;51B7;;;;N;;;;;
+F92F;CJK COMPATIBILITY IDEOGRAPH-F92F;Lo;0;L;52DE;;;;N;;;;;
+F930;CJK COMPATIBILITY IDEOGRAPH-F930;Lo;0;L;64C4;;;;N;;;;;
+F931;CJK COMPATIBILITY IDEOGRAPH-F931;Lo;0;L;6AD3;;;;N;;;;;
+F932;CJK COMPATIBILITY IDEOGRAPH-F932;Lo;0;L;7210;;;;N;;;;;
+F933;CJK COMPATIBILITY IDEOGRAPH-F933;Lo;0;L;76E7;;;;N;;;;;
+F934;CJK COMPATIBILITY IDEOGRAPH-F934;Lo;0;L;8001;;;;N;;;;;
+F935;CJK COMPATIBILITY IDEOGRAPH-F935;Lo;0;L;8606;;;;N;;;;;
+F936;CJK COMPATIBILITY IDEOGRAPH-F936;Lo;0;L;865C;;;;N;;;;;
+F937;CJK COMPATIBILITY IDEOGRAPH-F937;Lo;0;L;8DEF;;;;N;;;;;
+F938;CJK COMPATIBILITY IDEOGRAPH-F938;Lo;0;L;9732;;;;N;;;;;
+F939;CJK COMPATIBILITY IDEOGRAPH-F939;Lo;0;L;9B6F;;;;N;;;;;
+F93A;CJK COMPATIBILITY IDEOGRAPH-F93A;Lo;0;L;9DFA;;;;N;;;;;
+F93B;CJK COMPATIBILITY IDEOGRAPH-F93B;Lo;0;L;788C;;;;N;;;;;
+F93C;CJK COMPATIBILITY IDEOGRAPH-F93C;Lo;0;L;797F;;;;N;;;;;
+F93D;CJK COMPATIBILITY IDEOGRAPH-F93D;Lo;0;L;7DA0;;;;N;;;;;
+F93E;CJK COMPATIBILITY IDEOGRAPH-F93E;Lo;0;L;83C9;;;;N;;;;;
+F93F;CJK COMPATIBILITY IDEOGRAPH-F93F;Lo;0;L;9304;;;;N;;;;;
+F940;CJK COMPATIBILITY IDEOGRAPH-F940;Lo;0;L;9E7F;;;;N;;;;;
+F941;CJK COMPATIBILITY IDEOGRAPH-F941;Lo;0;L;8AD6;;;;N;;;;;
+F942;CJK COMPATIBILITY IDEOGRAPH-F942;Lo;0;L;58DF;;;;N;;;;;
+F943;CJK COMPATIBILITY IDEOGRAPH-F943;Lo;0;L;5F04;;;;N;;;;;
+F944;CJK COMPATIBILITY IDEOGRAPH-F944;Lo;0;L;7C60;;;;N;;;;;
+F945;CJK COMPATIBILITY IDEOGRAPH-F945;Lo;0;L;807E;;;;N;;;;;
+F946;CJK COMPATIBILITY IDEOGRAPH-F946;Lo;0;L;7262;;;;N;;;;;
+F947;CJK COMPATIBILITY IDEOGRAPH-F947;Lo;0;L;78CA;;;;N;;;;;
+F948;CJK COMPATIBILITY IDEOGRAPH-F948;Lo;0;L;8CC2;;;;N;;;;;
+F949;CJK COMPATIBILITY IDEOGRAPH-F949;Lo;0;L;96F7;;;;N;;;;;
+F94A;CJK COMPATIBILITY IDEOGRAPH-F94A;Lo;0;L;58D8;;;;N;;;;;
+F94B;CJK COMPATIBILITY IDEOGRAPH-F94B;Lo;0;L;5C62;;;;N;;;;;
+F94C;CJK COMPATIBILITY IDEOGRAPH-F94C;Lo;0;L;6A13;;;;N;;;;;
+F94D;CJK COMPATIBILITY IDEOGRAPH-F94D;Lo;0;L;6DDA;;;;N;;;;;
+F94E;CJK COMPATIBILITY IDEOGRAPH-F94E;Lo;0;L;6F0F;;;;N;;;;;
+F94F;CJK COMPATIBILITY IDEOGRAPH-F94F;Lo;0;L;7D2F;;;;N;;;;;
+F950;CJK COMPATIBILITY IDEOGRAPH-F950;Lo;0;L;7E37;;;;N;;;;;
+F951;CJK COMPATIBILITY IDEOGRAPH-F951;Lo;0;L;964B;;;;N;;;;;
+F952;CJK COMPATIBILITY IDEOGRAPH-F952;Lo;0;L;52D2;;;;N;;;;;
+F953;CJK COMPATIBILITY IDEOGRAPH-F953;Lo;0;L;808B;;;;N;;;;;
+F954;CJK COMPATIBILITY IDEOGRAPH-F954;Lo;0;L;51DC;;;;N;;;;;
+F955;CJK COMPATIBILITY IDEOGRAPH-F955;Lo;0;L;51CC;;;;N;;;;;
+F956;CJK COMPATIBILITY IDEOGRAPH-F956;Lo;0;L;7A1C;;;;N;;;;;
+F957;CJK COMPATIBILITY IDEOGRAPH-F957;Lo;0;L;7DBE;;;;N;;;;;
+F958;CJK COMPATIBILITY IDEOGRAPH-F958;Lo;0;L;83F1;;;;N;;;;;
+F959;CJK COMPATIBILITY IDEOGRAPH-F959;Lo;0;L;9675;;;;N;;;;;
+F95A;CJK COMPATIBILITY IDEOGRAPH-F95A;Lo;0;L;8B80;;;;N;;;;;
+F95B;CJK COMPATIBILITY IDEOGRAPH-F95B;Lo;0;L;62CF;;;;N;;;;;
+F95C;CJK COMPATIBILITY IDEOGRAPH-F95C;Lo;0;L;6A02;;;;N;;;;;
+F95D;CJK COMPATIBILITY IDEOGRAPH-F95D;Lo;0;L;8AFE;;;;N;;;;;
+F95E;CJK COMPATIBILITY IDEOGRAPH-F95E;Lo;0;L;4E39;;;;N;;;;;
+F95F;CJK COMPATIBILITY IDEOGRAPH-F95F;Lo;0;L;5BE7;;;;N;;;;;
+F960;CJK COMPATIBILITY IDEOGRAPH-F960;Lo;0;L;6012;;;;N;;;;;
+F961;CJK COMPATIBILITY IDEOGRAPH-F961;Lo;0;L;7387;;;;N;;;;;
+F962;CJK COMPATIBILITY IDEOGRAPH-F962;Lo;0;L;7570;;;;N;;;;;
+F963;CJK COMPATIBILITY IDEOGRAPH-F963;Lo;0;L;5317;;;;N;;;;;
+F964;CJK COMPATIBILITY IDEOGRAPH-F964;Lo;0;L;78FB;;;;N;;;;;
+F965;CJK COMPATIBILITY IDEOGRAPH-F965;Lo;0;L;4FBF;;;;N;;;;;
+F966;CJK COMPATIBILITY IDEOGRAPH-F966;Lo;0;L;5FA9;;;;N;;;;;
+F967;CJK COMPATIBILITY IDEOGRAPH-F967;Lo;0;L;4E0D;;;;N;;;;;
+F968;CJK COMPATIBILITY IDEOGRAPH-F968;Lo;0;L;6CCC;;;;N;;;;;
+F969;CJK COMPATIBILITY IDEOGRAPH-F969;Lo;0;L;6578;;;;N;;;;;
+F96A;CJK COMPATIBILITY IDEOGRAPH-F96A;Lo;0;L;7D22;;;;N;;;;;
+F96B;CJK COMPATIBILITY IDEOGRAPH-F96B;Lo;0;L;53C3;;;;N;;;;;
+F96C;CJK COMPATIBILITY IDEOGRAPH-F96C;Lo;0;L;585E;;;;N;;;;;
+F96D;CJK COMPATIBILITY IDEOGRAPH-F96D;Lo;0;L;7701;;;;N;;;;;
+F96E;CJK COMPATIBILITY IDEOGRAPH-F96E;Lo;0;L;8449;;;;N;;;;;
+F96F;CJK COMPATIBILITY IDEOGRAPH-F96F;Lo;0;L;8AAA;;;;N;;;;;
+F970;CJK COMPATIBILITY IDEOGRAPH-F970;Lo;0;L;6BBA;;;;N;;;;;
+F971;CJK COMPATIBILITY IDEOGRAPH-F971;Lo;0;L;8FB0;;;;N;;;;;
+F972;CJK COMPATIBILITY IDEOGRAPH-F972;Lo;0;L;6C88;;;;N;;;;;
+F973;CJK COMPATIBILITY IDEOGRAPH-F973;Lo;0;L;62FE;;;;N;;;;;
+F974;CJK COMPATIBILITY IDEOGRAPH-F974;Lo;0;L;82E5;;;;N;;;;;
+F975;CJK COMPATIBILITY IDEOGRAPH-F975;Lo;0;L;63A0;;;;N;;;;;
+F976;CJK COMPATIBILITY IDEOGRAPH-F976;Lo;0;L;7565;;;;N;;;;;
+F977;CJK COMPATIBILITY IDEOGRAPH-F977;Lo;0;L;4EAE;;;;N;;;;;
+F978;CJK COMPATIBILITY IDEOGRAPH-F978;Lo;0;L;5169;;;;N;;;;;
+F979;CJK COMPATIBILITY IDEOGRAPH-F979;Lo;0;L;51C9;;;;N;;;;;
+F97A;CJK COMPATIBILITY IDEOGRAPH-F97A;Lo;0;L;6881;;;;N;;;;;
+F97B;CJK COMPATIBILITY IDEOGRAPH-F97B;Lo;0;L;7CE7;;;;N;;;;;
+F97C;CJK COMPATIBILITY IDEOGRAPH-F97C;Lo;0;L;826F;;;;N;;;;;
+F97D;CJK COMPATIBILITY IDEOGRAPH-F97D;Lo;0;L;8AD2;;;;N;;;;;
+F97E;CJK COMPATIBILITY IDEOGRAPH-F97E;Lo;0;L;91CF;;;;N;;;;;
+F97F;CJK COMPATIBILITY IDEOGRAPH-F97F;Lo;0;L;52F5;;;;N;;;;;
+F980;CJK COMPATIBILITY IDEOGRAPH-F980;Lo;0;L;5442;;;;N;;;;;
+F981;CJK COMPATIBILITY IDEOGRAPH-F981;Lo;0;L;5973;;;;N;;;;;
+F982;CJK COMPATIBILITY IDEOGRAPH-F982;Lo;0;L;5EEC;;;;N;;;;;
+F983;CJK COMPATIBILITY IDEOGRAPH-F983;Lo;0;L;65C5;;;;N;;;;;
+F984;CJK COMPATIBILITY IDEOGRAPH-F984;Lo;0;L;6FFE;;;;N;;;;;
+F985;CJK COMPATIBILITY IDEOGRAPH-F985;Lo;0;L;792A;;;;N;;;;;
+F986;CJK COMPATIBILITY IDEOGRAPH-F986;Lo;0;L;95AD;;;;N;;;;;
+F987;CJK COMPATIBILITY IDEOGRAPH-F987;Lo;0;L;9A6A;;;;N;;;;;
+F988;CJK COMPATIBILITY IDEOGRAPH-F988;Lo;0;L;9E97;;;;N;;;;;
+F989;CJK COMPATIBILITY IDEOGRAPH-F989;Lo;0;L;9ECE;;;;N;;;;;
+F98A;CJK COMPATIBILITY IDEOGRAPH-F98A;Lo;0;L;529B;;;;N;;;;;
+F98B;CJK COMPATIBILITY IDEOGRAPH-F98B;Lo;0;L;66C6;;;;N;;;;;
+F98C;CJK COMPATIBILITY IDEOGRAPH-F98C;Lo;0;L;6B77;;;;N;;;;;
+F98D;CJK COMPATIBILITY IDEOGRAPH-F98D;Lo;0;L;8F62;;;;N;;;;;
+F98E;CJK COMPATIBILITY IDEOGRAPH-F98E;Lo;0;L;5E74;;;;N;;;;;
+F98F;CJK COMPATIBILITY IDEOGRAPH-F98F;Lo;0;L;6190;;;;N;;;;;
+F990;CJK COMPATIBILITY IDEOGRAPH-F990;Lo;0;L;6200;;;;N;;;;;
+F991;CJK COMPATIBILITY IDEOGRAPH-F991;Lo;0;L;649A;;;;N;;;;;
+F992;CJK COMPATIBILITY IDEOGRAPH-F992;Lo;0;L;6F23;;;;N;;;;;
+F993;CJK COMPATIBILITY IDEOGRAPH-F993;Lo;0;L;7149;;;;N;;;;;
+F994;CJK COMPATIBILITY IDEOGRAPH-F994;Lo;0;L;7489;;;;N;;;;;
+F995;CJK COMPATIBILITY IDEOGRAPH-F995;Lo;0;L;79CA;;;;N;;;;;
+F996;CJK COMPATIBILITY IDEOGRAPH-F996;Lo;0;L;7DF4;;;;N;;;;;
+F997;CJK COMPATIBILITY IDEOGRAPH-F997;Lo;0;L;806F;;;;N;;;;;
+F998;CJK COMPATIBILITY IDEOGRAPH-F998;Lo;0;L;8F26;;;;N;;;;;
+F999;CJK COMPATIBILITY IDEOGRAPH-F999;Lo;0;L;84EE;;;;N;;;;;
+F99A;CJK COMPATIBILITY IDEOGRAPH-F99A;Lo;0;L;9023;;;;N;;;;;
+F99B;CJK COMPATIBILITY IDEOGRAPH-F99B;Lo;0;L;934A;;;;N;;;;;
+F99C;CJK COMPATIBILITY IDEOGRAPH-F99C;Lo;0;L;5217;;;;N;;;;;
+F99D;CJK COMPATIBILITY IDEOGRAPH-F99D;Lo;0;L;52A3;;;;N;;;;;
+F99E;CJK COMPATIBILITY IDEOGRAPH-F99E;Lo;0;L;54BD;;;;N;;;;;
+F99F;CJK COMPATIBILITY IDEOGRAPH-F99F;Lo;0;L;70C8;;;;N;;;;;
+F9A0;CJK COMPATIBILITY IDEOGRAPH-F9A0;Lo;0;L;88C2;;;;N;;;;;
+F9A1;CJK COMPATIBILITY IDEOGRAPH-F9A1;Lo;0;L;8AAA;;;;N;;;;;
+F9A2;CJK COMPATIBILITY IDEOGRAPH-F9A2;Lo;0;L;5EC9;;;;N;;;;;
+F9A3;CJK COMPATIBILITY IDEOGRAPH-F9A3;Lo;0;L;5FF5;;;;N;;;;;
+F9A4;CJK COMPATIBILITY IDEOGRAPH-F9A4;Lo;0;L;637B;;;;N;;;;;
+F9A5;CJK COMPATIBILITY IDEOGRAPH-F9A5;Lo;0;L;6BAE;;;;N;;;;;
+F9A6;CJK COMPATIBILITY IDEOGRAPH-F9A6;Lo;0;L;7C3E;;;;N;;;;;
+F9A7;CJK COMPATIBILITY IDEOGRAPH-F9A7;Lo;0;L;7375;;;;N;;;;;
+F9A8;CJK COMPATIBILITY IDEOGRAPH-F9A8;Lo;0;L;4EE4;;;;N;;;;;
+F9A9;CJK COMPATIBILITY IDEOGRAPH-F9A9;Lo;0;L;56F9;;;;N;;;;;
+F9AA;CJK COMPATIBILITY IDEOGRAPH-F9AA;Lo;0;L;5BE7;;;;N;;;;;
+F9AB;CJK COMPATIBILITY IDEOGRAPH-F9AB;Lo;0;L;5DBA;;;;N;;;;;
+F9AC;CJK COMPATIBILITY IDEOGRAPH-F9AC;Lo;0;L;601C;;;;N;;;;;
+F9AD;CJK COMPATIBILITY IDEOGRAPH-F9AD;Lo;0;L;73B2;;;;N;;;;;
+F9AE;CJK COMPATIBILITY IDEOGRAPH-F9AE;Lo;0;L;7469;;;;N;;;;;
+F9AF;CJK COMPATIBILITY IDEOGRAPH-F9AF;Lo;0;L;7F9A;;;;N;;;;;
+F9B0;CJK COMPATIBILITY IDEOGRAPH-F9B0;Lo;0;L;8046;;;;N;;;;;
+F9B1;CJK COMPATIBILITY IDEOGRAPH-F9B1;Lo;0;L;9234;;;;N;;;;;
+F9B2;CJK COMPATIBILITY IDEOGRAPH-F9B2;Lo;0;L;96F6;;;;N;;;;;
+F9B3;CJK COMPATIBILITY IDEOGRAPH-F9B3;Lo;0;L;9748;;;;N;;;;;
+F9B4;CJK COMPATIBILITY IDEOGRAPH-F9B4;Lo;0;L;9818;;;;N;;;;;
+F9B5;CJK COMPATIBILITY IDEOGRAPH-F9B5;Lo;0;L;4F8B;;;;N;;;;;
+F9B6;CJK COMPATIBILITY IDEOGRAPH-F9B6;Lo;0;L;79AE;;;;N;;;;;
+F9B7;CJK COMPATIBILITY IDEOGRAPH-F9B7;Lo;0;L;91B4;;;;N;;;;;
+F9B8;CJK COMPATIBILITY IDEOGRAPH-F9B8;Lo;0;L;96B8;;;;N;;;;;
+F9B9;CJK COMPATIBILITY IDEOGRAPH-F9B9;Lo;0;L;60E1;;;;N;;;;;
+F9BA;CJK COMPATIBILITY IDEOGRAPH-F9BA;Lo;0;L;4E86;;;;N;;;;;
+F9BB;CJK COMPATIBILITY IDEOGRAPH-F9BB;Lo;0;L;50DA;;;;N;;;;;
+F9BC;CJK COMPATIBILITY IDEOGRAPH-F9BC;Lo;0;L;5BEE;;;;N;;;;;
+F9BD;CJK COMPATIBILITY IDEOGRAPH-F9BD;Lo;0;L;5C3F;;;;N;;;;;
+F9BE;CJK COMPATIBILITY IDEOGRAPH-F9BE;Lo;0;L;6599;;;;N;;;;;
+F9BF;CJK COMPATIBILITY IDEOGRAPH-F9BF;Lo;0;L;6A02;;;;N;;;;;
+F9C0;CJK COMPATIBILITY IDEOGRAPH-F9C0;Lo;0;L;71CE;;;;N;;;;;
+F9C1;CJK COMPATIBILITY IDEOGRAPH-F9C1;Lo;0;L;7642;;;;N;;;;;
+F9C2;CJK COMPATIBILITY IDEOGRAPH-F9C2;Lo;0;L;84FC;;;;N;;;;;
+F9C3;CJK COMPATIBILITY IDEOGRAPH-F9C3;Lo;0;L;907C;;;;N;;;;;
+F9C4;CJK COMPATIBILITY IDEOGRAPH-F9C4;Lo;0;L;9F8D;;;;N;;;;;
+F9C5;CJK COMPATIBILITY IDEOGRAPH-F9C5;Lo;0;L;6688;;;;N;;;;;
+F9C6;CJK COMPATIBILITY IDEOGRAPH-F9C6;Lo;0;L;962E;;;;N;;;;;
+F9C7;CJK COMPATIBILITY IDEOGRAPH-F9C7;Lo;0;L;5289;;;;N;;;;;
+F9C8;CJK COMPATIBILITY IDEOGRAPH-F9C8;Lo;0;L;677B;;;;N;;;;;
+F9C9;CJK COMPATIBILITY IDEOGRAPH-F9C9;Lo;0;L;67F3;;;;N;;;;;
+F9CA;CJK COMPATIBILITY IDEOGRAPH-F9CA;Lo;0;L;6D41;;;;N;;;;;
+F9CB;CJK COMPATIBILITY IDEOGRAPH-F9CB;Lo;0;L;6E9C;;;;N;;;;;
+F9CC;CJK COMPATIBILITY IDEOGRAPH-F9CC;Lo;0;L;7409;;;;N;;;;;
+F9CD;CJK COMPATIBILITY IDEOGRAPH-F9CD;Lo;0;L;7559;;;;N;;;;;
+F9CE;CJK COMPATIBILITY IDEOGRAPH-F9CE;Lo;0;L;786B;;;;N;;;;;
+F9CF;CJK COMPATIBILITY IDEOGRAPH-F9CF;Lo;0;L;7D10;;;;N;;;;;
+F9D0;CJK COMPATIBILITY IDEOGRAPH-F9D0;Lo;0;L;985E;;;;N;;;;;
+F9D1;CJK COMPATIBILITY IDEOGRAPH-F9D1;Lo;0;L;516D;;;;N;;;;;
+F9D2;CJK COMPATIBILITY IDEOGRAPH-F9D2;Lo;0;L;622E;;;;N;;;;;
+F9D3;CJK COMPATIBILITY IDEOGRAPH-F9D3;Lo;0;L;9678;;;;N;;;;;
+F9D4;CJK COMPATIBILITY IDEOGRAPH-F9D4;Lo;0;L;502B;;;;N;;;;;
+F9D5;CJK COMPATIBILITY IDEOGRAPH-F9D5;Lo;0;L;5D19;;;;N;;;;;
+F9D6;CJK COMPATIBILITY IDEOGRAPH-F9D6;Lo;0;L;6DEA;;;;N;;;;;
+F9D7;CJK COMPATIBILITY IDEOGRAPH-F9D7;Lo;0;L;8F2A;;;;N;;;;;
+F9D8;CJK COMPATIBILITY IDEOGRAPH-F9D8;Lo;0;L;5F8B;;;;N;;;;;
+F9D9;CJK COMPATIBILITY IDEOGRAPH-F9D9;Lo;0;L;6144;;;;N;;;;;
+F9DA;CJK COMPATIBILITY IDEOGRAPH-F9DA;Lo;0;L;6817;;;;N;;;;;
+F9DB;CJK COMPATIBILITY IDEOGRAPH-F9DB;Lo;0;L;7387;;;;N;;;;;
+F9DC;CJK COMPATIBILITY IDEOGRAPH-F9DC;Lo;0;L;9686;;;;N;;;;;
+F9DD;CJK COMPATIBILITY IDEOGRAPH-F9DD;Lo;0;L;5229;;;;N;;;;;
+F9DE;CJK COMPATIBILITY IDEOGRAPH-F9DE;Lo;0;L;540F;;;;N;;;;;
+F9DF;CJK COMPATIBILITY IDEOGRAPH-F9DF;Lo;0;L;5C65;;;;N;;;;;
+F9E0;CJK COMPATIBILITY IDEOGRAPH-F9E0;Lo;0;L;6613;;;;N;;;;;
+F9E1;CJK COMPATIBILITY IDEOGRAPH-F9E1;Lo;0;L;674E;;;;N;;;;;
+F9E2;CJK COMPATIBILITY IDEOGRAPH-F9E2;Lo;0;L;68A8;;;;N;;;;;
+F9E3;CJK COMPATIBILITY IDEOGRAPH-F9E3;Lo;0;L;6CE5;;;;N;;;;;
+F9E4;CJK COMPATIBILITY IDEOGRAPH-F9E4;Lo;0;L;7406;;;;N;;;;;
+F9E5;CJK COMPATIBILITY IDEOGRAPH-F9E5;Lo;0;L;75E2;;;;N;;;;;
+F9E6;CJK COMPATIBILITY IDEOGRAPH-F9E6;Lo;0;L;7F79;;;;N;;;;;
+F9E7;CJK COMPATIBILITY IDEOGRAPH-F9E7;Lo;0;L;88CF;;;;N;;;;;
+F9E8;CJK COMPATIBILITY IDEOGRAPH-F9E8;Lo;0;L;88E1;;;;N;;;;;
+F9E9;CJK COMPATIBILITY IDEOGRAPH-F9E9;Lo;0;L;91CC;;;;N;;;;;
+F9EA;CJK COMPATIBILITY IDEOGRAPH-F9EA;Lo;0;L;96E2;;;;N;;;;;
+F9EB;CJK COMPATIBILITY IDEOGRAPH-F9EB;Lo;0;L;533F;;;;N;;;;;
+F9EC;CJK COMPATIBILITY IDEOGRAPH-F9EC;Lo;0;L;6EBA;;;;N;;;;;
+F9ED;CJK COMPATIBILITY IDEOGRAPH-F9ED;Lo;0;L;541D;;;;N;;;;;
+F9EE;CJK COMPATIBILITY IDEOGRAPH-F9EE;Lo;0;L;71D0;;;;N;;;;;
+F9EF;CJK COMPATIBILITY IDEOGRAPH-F9EF;Lo;0;L;7498;;;;N;;;;;
+F9F0;CJK COMPATIBILITY IDEOGRAPH-F9F0;Lo;0;L;85FA;;;;N;;;;;
+F9F1;CJK COMPATIBILITY IDEOGRAPH-F9F1;Lo;0;L;96A3;;;;N;;;;;
+F9F2;CJK COMPATIBILITY IDEOGRAPH-F9F2;Lo;0;L;9C57;;;;N;;;;;
+F9F3;CJK COMPATIBILITY IDEOGRAPH-F9F3;Lo;0;L;9E9F;;;;N;;;;;
+F9F4;CJK COMPATIBILITY IDEOGRAPH-F9F4;Lo;0;L;6797;;;;N;;;;;
+F9F5;CJK COMPATIBILITY IDEOGRAPH-F9F5;Lo;0;L;6DCB;;;;N;;;;;
+F9F6;CJK COMPATIBILITY IDEOGRAPH-F9F6;Lo;0;L;81E8;;;;N;;;;;
+F9F7;CJK COMPATIBILITY IDEOGRAPH-F9F7;Lo;0;L;7ACB;;;;N;;;;;
+F9F8;CJK COMPATIBILITY IDEOGRAPH-F9F8;Lo;0;L;7B20;;;;N;;;;;
+F9F9;CJK COMPATIBILITY IDEOGRAPH-F9F9;Lo;0;L;7C92;;;;N;;;;;
+F9FA;CJK COMPATIBILITY IDEOGRAPH-F9FA;Lo;0;L;72C0;;;;N;;;;;
+F9FB;CJK COMPATIBILITY IDEOGRAPH-F9FB;Lo;0;L;7099;;;;N;;;;;
+F9FC;CJK COMPATIBILITY IDEOGRAPH-F9FC;Lo;0;L;8B58;;;;N;;;;;
+F9FD;CJK COMPATIBILITY IDEOGRAPH-F9FD;Lo;0;L;4EC0;;;;N;;;;;
+F9FE;CJK COMPATIBILITY IDEOGRAPH-F9FE;Lo;0;L;8336;;;;N;;;;;
+F9FF;CJK COMPATIBILITY IDEOGRAPH-F9FF;Lo;0;L;523A;;;;N;;;;;
+FA00;CJK COMPATIBILITY IDEOGRAPH-FA00;Lo;0;L;5207;;;;N;;;;;
+FA01;CJK COMPATIBILITY IDEOGRAPH-FA01;Lo;0;L;5EA6;;;;N;;;;;
+FA02;CJK COMPATIBILITY IDEOGRAPH-FA02;Lo;0;L;62D3;;;;N;;;;;
+FA03;CJK COMPATIBILITY IDEOGRAPH-FA03;Lo;0;L;7CD6;;;;N;;;;;
+FA04;CJK COMPATIBILITY IDEOGRAPH-FA04;Lo;0;L;5B85;;;;N;;;;;
+FA05;CJK COMPATIBILITY IDEOGRAPH-FA05;Lo;0;L;6D1E;;;;N;;;;;
+FA06;CJK COMPATIBILITY IDEOGRAPH-FA06;Lo;0;L;66B4;;;;N;;;;;
+FA07;CJK COMPATIBILITY IDEOGRAPH-FA07;Lo;0;L;8F3B;;;;N;;;;;
+FA08;CJK COMPATIBILITY IDEOGRAPH-FA08;Lo;0;L;884C;;;;N;;;;;
+FA09;CJK COMPATIBILITY IDEOGRAPH-FA09;Lo;0;L;964D;;;;N;;;;;
+FA0A;CJK COMPATIBILITY IDEOGRAPH-FA0A;Lo;0;L;898B;;;;N;;;;;
+FA0B;CJK COMPATIBILITY IDEOGRAPH-FA0B;Lo;0;L;5ED3;;;;N;;;;;
+FA0C;CJK COMPATIBILITY IDEOGRAPH-FA0C;Lo;0;L;5140;;;;N;;;;;
+FA0D;CJK COMPATIBILITY IDEOGRAPH-FA0D;Lo;0;L;55C0;;;;N;;;;;
+FA0E;CJK COMPATIBILITY IDEOGRAPH-FA0E;Lo;0;L;;;;;N;;;;;
+FA0F;CJK COMPATIBILITY IDEOGRAPH-FA0F;Lo;0;L;;;;;N;;;;;
+FA10;CJK COMPATIBILITY IDEOGRAPH-FA10;Lo;0;L;585A;;;;N;;;;;
+FA11;CJK COMPATIBILITY IDEOGRAPH-FA11;Lo;0;L;;;;;N;;;;;
+FA12;CJK COMPATIBILITY IDEOGRAPH-FA12;Lo;0;L;6674;;;;N;;;;;
+FA13;CJK COMPATIBILITY IDEOGRAPH-FA13;Lo;0;L;;;;;N;;;;;
+FA14;CJK COMPATIBILITY IDEOGRAPH-FA14;Lo;0;L;;;;;N;;;;;
+FA15;CJK COMPATIBILITY IDEOGRAPH-FA15;Lo;0;L;51DE;;;;N;;;;;
+FA16;CJK COMPATIBILITY IDEOGRAPH-FA16;Lo;0;L;732A;;;;N;;;;;
+FA17;CJK COMPATIBILITY IDEOGRAPH-FA17;Lo;0;L;76CA;;;;N;;;;;
+FA18;CJK COMPATIBILITY IDEOGRAPH-FA18;Lo;0;L;793C;;;;N;;;;;
+FA19;CJK COMPATIBILITY IDEOGRAPH-FA19;Lo;0;L;795E;;;;N;;;;;
+FA1A;CJK COMPATIBILITY IDEOGRAPH-FA1A;Lo;0;L;7965;;;;N;;;;;
+FA1B;CJK COMPATIBILITY IDEOGRAPH-FA1B;Lo;0;L;798F;;;;N;;;;;
+FA1C;CJK COMPATIBILITY IDEOGRAPH-FA1C;Lo;0;L;9756;;;;N;;;;;
+FA1D;CJK COMPATIBILITY IDEOGRAPH-FA1D;Lo;0;L;7CBE;;;;N;;;;;
+FA1E;CJK COMPATIBILITY IDEOGRAPH-FA1E;Lo;0;L;7FBD;;;;N;;;;;
+FA1F;CJK COMPATIBILITY IDEOGRAPH-FA1F;Lo;0;L;;;;;N;;*;;;
+FA20;CJK COMPATIBILITY IDEOGRAPH-FA20;Lo;0;L;8612;;;;N;;;;;
+FA21;CJK COMPATIBILITY IDEOGRAPH-FA21;Lo;0;L;;;;;N;;;;;
+FA22;CJK COMPATIBILITY IDEOGRAPH-FA22;Lo;0;L;8AF8;;;;N;;;;;
+FA23;CJK COMPATIBILITY IDEOGRAPH-FA23;Lo;0;L;;;;;N;;*;;;
+FA24;CJK COMPATIBILITY IDEOGRAPH-FA24;Lo;0;L;;;;;N;;;;;
+FA25;CJK COMPATIBILITY IDEOGRAPH-FA25;Lo;0;L;9038;;;;N;;;;;
+FA26;CJK COMPATIBILITY IDEOGRAPH-FA26;Lo;0;L;90FD;;;;N;;;;;
+FA27;CJK COMPATIBILITY IDEOGRAPH-FA27;Lo;0;L;;;;;N;;;;;
+FA28;CJK COMPATIBILITY IDEOGRAPH-FA28;Lo;0;L;;;;;N;;;;;
+FA29;CJK COMPATIBILITY IDEOGRAPH-FA29;Lo;0;L;;;;;N;;;;;
+FA2A;CJK COMPATIBILITY IDEOGRAPH-FA2A;Lo;0;L;98EF;;;;N;;;;;
+FA2B;CJK COMPATIBILITY IDEOGRAPH-FA2B;Lo;0;L;98FC;;;;N;;;;;
+FA2C;CJK COMPATIBILITY IDEOGRAPH-FA2C;Lo;0;L;9928;;;;N;;;;;
+FA2D;CJK COMPATIBILITY IDEOGRAPH-FA2D;Lo;0;L;9DB4;;;;N;;;;;
+FA30;CJK COMPATIBILITY IDEOGRAPH-FA30;Lo;0;L;4FAE;;;;N;;;;;
+FA31;CJK COMPATIBILITY IDEOGRAPH-FA31;Lo;0;L;50E7;;;;N;;;;;
+FA32;CJK COMPATIBILITY IDEOGRAPH-FA32;Lo;0;L;514D;;;;N;;;;;
+FA33;CJK COMPATIBILITY IDEOGRAPH-FA33;Lo;0;L;52C9;;;;N;;;;;
+FA34;CJK COMPATIBILITY IDEOGRAPH-FA34;Lo;0;L;52E4;;;;N;;;;;
+FA35;CJK COMPATIBILITY IDEOGRAPH-FA35;Lo;0;L;5351;;;;N;;;;;
+FA36;CJK COMPATIBILITY IDEOGRAPH-FA36;Lo;0;L;559D;;;;N;;;;;
+FA37;CJK COMPATIBILITY IDEOGRAPH-FA37;Lo;0;L;5606;;;;N;;;;;
+FA38;CJK COMPATIBILITY IDEOGRAPH-FA38;Lo;0;L;5668;;;;N;;;;;
+FA39;CJK COMPATIBILITY IDEOGRAPH-FA39;Lo;0;L;5840;;;;N;;;;;
+FA3A;CJK COMPATIBILITY IDEOGRAPH-FA3A;Lo;0;L;58A8;;;;N;;;;;
+FA3B;CJK COMPATIBILITY IDEOGRAPH-FA3B;Lo;0;L;5C64;;;;N;;;;;
+FA3C;CJK COMPATIBILITY IDEOGRAPH-FA3C;Lo;0;L;5C6E;;;;N;;;;;
+FA3D;CJK COMPATIBILITY IDEOGRAPH-FA3D;Lo;0;L;6094;;;;N;;;;;
+FA3E;CJK COMPATIBILITY IDEOGRAPH-FA3E;Lo;0;L;6168;;;;N;;;;;
+FA3F;CJK COMPATIBILITY IDEOGRAPH-FA3F;Lo;0;L;618E;;;;N;;;;;
+FA40;CJK COMPATIBILITY IDEOGRAPH-FA40;Lo;0;L;61F2;;;;N;;;;;
+FA41;CJK COMPATIBILITY IDEOGRAPH-FA41;Lo;0;L;654F;;;;N;;;;;
+FA42;CJK COMPATIBILITY IDEOGRAPH-FA42;Lo;0;L;65E2;;;;N;;;;;
+FA43;CJK COMPATIBILITY IDEOGRAPH-FA43;Lo;0;L;6691;;;;N;;;;;
+FA44;CJK COMPATIBILITY IDEOGRAPH-FA44;Lo;0;L;6885;;;;N;;;;;
+FA45;CJK COMPATIBILITY IDEOGRAPH-FA45;Lo;0;L;6D77;;;;N;;;;;
+FA46;CJK COMPATIBILITY IDEOGRAPH-FA46;Lo;0;L;6E1A;;;;N;;;;;
+FA47;CJK COMPATIBILITY IDEOGRAPH-FA47;Lo;0;L;6F22;;;;N;;;;;
+FA48;CJK COMPATIBILITY IDEOGRAPH-FA48;Lo;0;L;716E;;;;N;;;;;
+FA49;CJK COMPATIBILITY IDEOGRAPH-FA49;Lo;0;L;722B;;;;N;;;;;
+FA4A;CJK COMPATIBILITY IDEOGRAPH-FA4A;Lo;0;L;7422;;;;N;;;;;
+FA4B;CJK COMPATIBILITY IDEOGRAPH-FA4B;Lo;0;L;7891;;;;N;;;;;
+FA4C;CJK COMPATIBILITY IDEOGRAPH-FA4C;Lo;0;L;793E;;;;N;;;;;
+FA4D;CJK COMPATIBILITY IDEOGRAPH-FA4D;Lo;0;L;7949;;;;N;;;;;
+FA4E;CJK COMPATIBILITY IDEOGRAPH-FA4E;Lo;0;L;7948;;;;N;;;;;
+FA4F;CJK COMPATIBILITY IDEOGRAPH-FA4F;Lo;0;L;7950;;;;N;;;;;
+FA50;CJK COMPATIBILITY IDEOGRAPH-FA50;Lo;0;L;7956;;;;N;;;;;
+FA51;CJK COMPATIBILITY IDEOGRAPH-FA51;Lo;0;L;795D;;;;N;;;;;
+FA52;CJK COMPATIBILITY IDEOGRAPH-FA52;Lo;0;L;798D;;;;N;;;;;
+FA53;CJK COMPATIBILITY IDEOGRAPH-FA53;Lo;0;L;798E;;;;N;;;;;
+FA54;CJK COMPATIBILITY IDEOGRAPH-FA54;Lo;0;L;7A40;;;;N;;;;;
+FA55;CJK COMPATIBILITY IDEOGRAPH-FA55;Lo;0;L;7A81;;;;N;;;;;
+FA56;CJK COMPATIBILITY IDEOGRAPH-FA56;Lo;0;L;7BC0;;;;N;;;;;
+FA57;CJK COMPATIBILITY IDEOGRAPH-FA57;Lo;0;L;7DF4;;;;N;;;;;
+FA58;CJK COMPATIBILITY IDEOGRAPH-FA58;Lo;0;L;7E09;;;;N;;;;;
+FA59;CJK COMPATIBILITY IDEOGRAPH-FA59;Lo;0;L;7E41;;;;N;;;;;
+FA5A;CJK COMPATIBILITY IDEOGRAPH-FA5A;Lo;0;L;7F72;;;;N;;;;;
+FA5B;CJK COMPATIBILITY IDEOGRAPH-FA5B;Lo;0;L;8005;;;;N;;;;;
+FA5C;CJK COMPATIBILITY IDEOGRAPH-FA5C;Lo;0;L;81ED;;;;N;;;;;
+FA5D;CJK COMPATIBILITY IDEOGRAPH-FA5D;Lo;0;L;8279;;;;N;;;;;
+FA5E;CJK COMPATIBILITY IDEOGRAPH-FA5E;Lo;0;L;8279;;;;N;;;;;
+FA5F;CJK COMPATIBILITY IDEOGRAPH-FA5F;Lo;0;L;8457;;;;N;;;;;
+FA60;CJK COMPATIBILITY IDEOGRAPH-FA60;Lo;0;L;8910;;;;N;;;;;
+FA61;CJK COMPATIBILITY IDEOGRAPH-FA61;Lo;0;L;8996;;;;N;;;;;
+FA62;CJK COMPATIBILITY IDEOGRAPH-FA62;Lo;0;L;8B01;;;;N;;;;;
+FA63;CJK COMPATIBILITY IDEOGRAPH-FA63;Lo;0;L;8B39;;;;N;;;;;
+FA64;CJK COMPATIBILITY IDEOGRAPH-FA64;Lo;0;L;8CD3;;;;N;;;;;
+FA65;CJK COMPATIBILITY IDEOGRAPH-FA65;Lo;0;L;8D08;;;;N;;;;;
+FA66;CJK COMPATIBILITY IDEOGRAPH-FA66;Lo;0;L;8FB6;;;;N;;;;;
+FA67;CJK COMPATIBILITY IDEOGRAPH-FA67;Lo;0;L;9038;;;;N;;;;;
+FA68;CJK COMPATIBILITY IDEOGRAPH-FA68;Lo;0;L;96E3;;;;N;;;;;
+FA69;CJK COMPATIBILITY IDEOGRAPH-FA69;Lo;0;L;97FF;;;;N;;;;;
+FA6A;CJK COMPATIBILITY IDEOGRAPH-FA6A;Lo;0;L;983B;;;;N;;;;;
+FB00;LATIN SMALL LIGATURE FF;Ll;0;L;<compat> 0066 0066;;;;N;;;;;
+FB01;LATIN SMALL LIGATURE FI;Ll;0;L;<compat> 0066 0069;;;;N;;;;;
+FB02;LATIN SMALL LIGATURE FL;Ll;0;L;<compat> 0066 006C;;;;N;;;;;
+FB03;LATIN SMALL LIGATURE FFI;Ll;0;L;<compat> 0066 0066 0069;;;;N;;;;;
+FB04;LATIN SMALL LIGATURE FFL;Ll;0;L;<compat> 0066 0066 006C;;;;N;;;;;
+FB05;LATIN SMALL LIGATURE LONG S T;Ll;0;L;<compat> 017F 0074;;;;N;;;;;
+FB06;LATIN SMALL LIGATURE ST;Ll;0;L;<compat> 0073 0074;;;;N;;;;;
+FB13;ARMENIAN SMALL LIGATURE MEN NOW;Ll;0;L;<compat> 0574 0576;;;;N;;;;;
+FB14;ARMENIAN SMALL LIGATURE MEN ECH;Ll;0;L;<compat> 0574 0565;;;;N;;;;;
+FB15;ARMENIAN SMALL LIGATURE MEN INI;Ll;0;L;<compat> 0574 056B;;;;N;;;;;
+FB16;ARMENIAN SMALL LIGATURE VEW NOW;Ll;0;L;<compat> 057E 0576;;;;N;;;;;
+FB17;ARMENIAN SMALL LIGATURE MEN XEH;Ll;0;L;<compat> 0574 056D;;;;N;;;;;
+FB1D;HEBREW LETTER YOD WITH HIRIQ;Lo;0;R;05D9 05B4;;;;N;;;;;
+FB1E;HEBREW POINT JUDEO-SPANISH VARIKA;Mn;26;NSM;;;;;N;HEBREW POINT VARIKA;;;;
+FB1F;HEBREW LIGATURE YIDDISH YOD YOD PATAH;Lo;0;R;05F2 05B7;;;;N;;;;;
+FB20;HEBREW LETTER ALTERNATIVE AYIN;Lo;0;R;<font> 05E2;;;;N;;;;;
+FB21;HEBREW LETTER WIDE ALEF;Lo;0;R;<font> 05D0;;;;N;;;;;
+FB22;HEBREW LETTER WIDE DALET;Lo;0;R;<font> 05D3;;;;N;;;;;
+FB23;HEBREW LETTER WIDE HE;Lo;0;R;<font> 05D4;;;;N;;;;;
+FB24;HEBREW LETTER WIDE KAF;Lo;0;R;<font> 05DB;;;;N;;;;;
+FB25;HEBREW LETTER WIDE LAMED;Lo;0;R;<font> 05DC;;;;N;;;;;
+FB26;HEBREW LETTER WIDE FINAL MEM;Lo;0;R;<font> 05DD;;;;N;;;;;
+FB27;HEBREW LETTER WIDE RESH;Lo;0;R;<font> 05E8;;;;N;;;;;
+FB28;HEBREW LETTER WIDE TAV;Lo;0;R;<font> 05EA;;;;N;;;;;
+FB29;HEBREW LETTER ALTERNATIVE PLUS SIGN;Sm;0;ET;<font> 002B;;;;N;;;;;
+FB2A;HEBREW LETTER SHIN WITH SHIN DOT;Lo;0;R;05E9 05C1;;;;N;;;;;
+FB2B;HEBREW LETTER SHIN WITH SIN DOT;Lo;0;R;05E9 05C2;;;;N;;;;;
+FB2C;HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT;Lo;0;R;FB49 05C1;;;;N;;;;;
+FB2D;HEBREW LETTER SHIN WITH DAGESH AND SIN DOT;Lo;0;R;FB49 05C2;;;;N;;;;;
+FB2E;HEBREW LETTER ALEF WITH PATAH;Lo;0;R;05D0 05B7;;;;N;;;;;
+FB2F;HEBREW LETTER ALEF WITH QAMATS;Lo;0;R;05D0 05B8;;;;N;;;;;
+FB30;HEBREW LETTER ALEF WITH MAPIQ;Lo;0;R;05D0 05BC;;;;N;;;;;
+FB31;HEBREW LETTER BET WITH DAGESH;Lo;0;R;05D1 05BC;;;;N;;;;;
+FB32;HEBREW LETTER GIMEL WITH DAGESH;Lo;0;R;05D2 05BC;;;;N;;;;;
+FB33;HEBREW LETTER DALET WITH DAGESH;Lo;0;R;05D3 05BC;;;;N;;;;;
+FB34;HEBREW LETTER HE WITH MAPIQ;Lo;0;R;05D4 05BC;;;;N;;;;;
+FB35;HEBREW LETTER VAV WITH DAGESH;Lo;0;R;05D5 05BC;;;;N;;;;;
+FB36;HEBREW LETTER ZAYIN WITH DAGESH;Lo;0;R;05D6 05BC;;;;N;;;;;
+FB38;HEBREW LETTER TET WITH DAGESH;Lo;0;R;05D8 05BC;;;;N;;;;;
+FB39;HEBREW LETTER YOD WITH DAGESH;Lo;0;R;05D9 05BC;;;;N;;;;;
+FB3A;HEBREW LETTER FINAL KAF WITH DAGESH;Lo;0;R;05DA 05BC;;;;N;;;;;
+FB3B;HEBREW LETTER KAF WITH DAGESH;Lo;0;R;05DB 05BC;;;;N;;;;;
+FB3C;HEBREW LETTER LAMED WITH DAGESH;Lo;0;R;05DC 05BC;;;;N;;;;;
+FB3E;HEBREW LETTER MEM WITH DAGESH;Lo;0;R;05DE 05BC;;;;N;;;;;
+FB40;HEBREW LETTER NUN WITH DAGESH;Lo;0;R;05E0 05BC;;;;N;;;;;
+FB41;HEBREW LETTER SAMEKH WITH DAGESH;Lo;0;R;05E1 05BC;;;;N;;;;;
+FB43;HEBREW LETTER FINAL PE WITH DAGESH;Lo;0;R;05E3 05BC;;;;N;;;;;
+FB44;HEBREW LETTER PE WITH DAGESH;Lo;0;R;05E4 05BC;;;;N;;;;;
+FB46;HEBREW LETTER TSADI WITH DAGESH;Lo;0;R;05E6 05BC;;;;N;;;;;
+FB47;HEBREW LETTER QOF WITH DAGESH;Lo;0;R;05E7 05BC;;;;N;;;;;
+FB48;HEBREW LETTER RESH WITH DAGESH;Lo;0;R;05E8 05BC;;;;N;;;;;
+FB49;HEBREW LETTER SHIN WITH DAGESH;Lo;0;R;05E9 05BC;;;;N;;;;;
+FB4A;HEBREW LETTER TAV WITH DAGESH;Lo;0;R;05EA 05BC;;;;N;;;;;
+FB4B;HEBREW LETTER VAV WITH HOLAM;Lo;0;R;05D5 05B9;;;;N;;;;;
+FB4C;HEBREW LETTER BET WITH RAFE;Lo;0;R;05D1 05BF;;;;N;;;;;
+FB4D;HEBREW LETTER KAF WITH RAFE;Lo;0;R;05DB 05BF;;;;N;;;;;
+FB4E;HEBREW LETTER PE WITH RAFE;Lo;0;R;05E4 05BF;;;;N;;;;;
+FB4F;HEBREW LIGATURE ALEF LAMED;Lo;0;R;<compat> 05D0 05DC;;;;N;;;;;
+FB50;ARABIC LETTER ALEF WASLA ISOLATED FORM;Lo;0;AL;<isolated> 0671;;;;N;;;;;
+FB51;ARABIC LETTER ALEF WASLA FINAL FORM;Lo;0;AL;<final> 0671;;;;N;;;;;
+FB52;ARABIC LETTER BEEH ISOLATED FORM;Lo;0;AL;<isolated> 067B;;;;N;;;;;
+FB53;ARABIC LETTER BEEH FINAL FORM;Lo;0;AL;<final> 067B;;;;N;;;;;
+FB54;ARABIC LETTER BEEH INITIAL FORM;Lo;0;AL;<initial> 067B;;;;N;;;;;
+FB55;ARABIC LETTER BEEH MEDIAL FORM;Lo;0;AL;<medial> 067B;;;;N;;;;;
+FB56;ARABIC LETTER PEH ISOLATED FORM;Lo;0;AL;<isolated> 067E;;;;N;;;;;
+FB57;ARABIC LETTER PEH FINAL FORM;Lo;0;AL;<final> 067E;;;;N;;;;;
+FB58;ARABIC LETTER PEH INITIAL FORM;Lo;0;AL;<initial> 067E;;;;N;;;;;
+FB59;ARABIC LETTER PEH MEDIAL FORM;Lo;0;AL;<medial> 067E;;;;N;;;;;
+FB5A;ARABIC LETTER BEHEH ISOLATED FORM;Lo;0;AL;<isolated> 0680;;;;N;;;;;
+FB5B;ARABIC LETTER BEHEH FINAL FORM;Lo;0;AL;<final> 0680;;;;N;;;;;
+FB5C;ARABIC LETTER BEHEH INITIAL FORM;Lo;0;AL;<initial> 0680;;;;N;;;;;
+FB5D;ARABIC LETTER BEHEH MEDIAL FORM;Lo;0;AL;<medial> 0680;;;;N;;;;;
+FB5E;ARABIC LETTER TTEHEH ISOLATED FORM;Lo;0;AL;<isolated> 067A;;;;N;;;;;
+FB5F;ARABIC LETTER TTEHEH FINAL FORM;Lo;0;AL;<final> 067A;;;;N;;;;;
+FB60;ARABIC LETTER TTEHEH INITIAL FORM;Lo;0;AL;<initial> 067A;;;;N;;;;;
+FB61;ARABIC LETTER TTEHEH MEDIAL FORM;Lo;0;AL;<medial> 067A;;;;N;;;;;
+FB62;ARABIC LETTER TEHEH ISOLATED FORM;Lo;0;AL;<isolated> 067F;;;;N;;;;;
+FB63;ARABIC LETTER TEHEH FINAL FORM;Lo;0;AL;<final> 067F;;;;N;;;;;
+FB64;ARABIC LETTER TEHEH INITIAL FORM;Lo;0;AL;<initial> 067F;;;;N;;;;;
+FB65;ARABIC LETTER TEHEH MEDIAL FORM;Lo;0;AL;<medial> 067F;;;;N;;;;;
+FB66;ARABIC LETTER TTEH ISOLATED FORM;Lo;0;AL;<isolated> 0679;;;;N;;;;;
+FB67;ARABIC LETTER TTEH FINAL FORM;Lo;0;AL;<final> 0679;;;;N;;;;;
+FB68;ARABIC LETTER TTEH INITIAL FORM;Lo;0;AL;<initial> 0679;;;;N;;;;;
+FB69;ARABIC LETTER TTEH MEDIAL FORM;Lo;0;AL;<medial> 0679;;;;N;;;;;
+FB6A;ARABIC LETTER VEH ISOLATED FORM;Lo;0;AL;<isolated> 06A4;;;;N;;;;;
+FB6B;ARABIC LETTER VEH FINAL FORM;Lo;0;AL;<final> 06A4;;;;N;;;;;
+FB6C;ARABIC LETTER VEH INITIAL FORM;Lo;0;AL;<initial> 06A4;;;;N;;;;;
+FB6D;ARABIC LETTER VEH MEDIAL FORM;Lo;0;AL;<medial> 06A4;;;;N;;;;;
+FB6E;ARABIC LETTER PEHEH ISOLATED FORM;Lo;0;AL;<isolated> 06A6;;;;N;;;;;
+FB6F;ARABIC LETTER PEHEH FINAL FORM;Lo;0;AL;<final> 06A6;;;;N;;;;;
+FB70;ARABIC LETTER PEHEH INITIAL FORM;Lo;0;AL;<initial> 06A6;;;;N;;;;;
+FB71;ARABIC LETTER PEHEH MEDIAL FORM;Lo;0;AL;<medial> 06A6;;;;N;;;;;
+FB72;ARABIC LETTER DYEH ISOLATED FORM;Lo;0;AL;<isolated> 0684;;;;N;;;;;
+FB73;ARABIC LETTER DYEH FINAL FORM;Lo;0;AL;<final> 0684;;;;N;;;;;
+FB74;ARABIC LETTER DYEH INITIAL FORM;Lo;0;AL;<initial> 0684;;;;N;;;;;
+FB75;ARABIC LETTER DYEH MEDIAL FORM;Lo;0;AL;<medial> 0684;;;;N;;;;;
+FB76;ARABIC LETTER NYEH ISOLATED FORM;Lo;0;AL;<isolated> 0683;;;;N;;;;;
+FB77;ARABIC LETTER NYEH FINAL FORM;Lo;0;AL;<final> 0683;;;;N;;;;;
+FB78;ARABIC LETTER NYEH INITIAL FORM;Lo;0;AL;<initial> 0683;;;;N;;;;;
+FB79;ARABIC LETTER NYEH MEDIAL FORM;Lo;0;AL;<medial> 0683;;;;N;;;;;
+FB7A;ARABIC LETTER TCHEH ISOLATED FORM;Lo;0;AL;<isolated> 0686;;;;N;;;;;
+FB7B;ARABIC LETTER TCHEH FINAL FORM;Lo;0;AL;<final> 0686;;;;N;;;;;
+FB7C;ARABIC LETTER TCHEH INITIAL FORM;Lo;0;AL;<initial> 0686;;;;N;;;;;
+FB7D;ARABIC LETTER TCHEH MEDIAL FORM;Lo;0;AL;<medial> 0686;;;;N;;;;;
+FB7E;ARABIC LETTER TCHEHEH ISOLATED FORM;Lo;0;AL;<isolated> 0687;;;;N;;;;;
+FB7F;ARABIC LETTER TCHEHEH FINAL FORM;Lo;0;AL;<final> 0687;;;;N;;;;;
+FB80;ARABIC LETTER TCHEHEH INITIAL FORM;Lo;0;AL;<initial> 0687;;;;N;;;;;
+FB81;ARABIC LETTER TCHEHEH MEDIAL FORM;Lo;0;AL;<medial> 0687;;;;N;;;;;
+FB82;ARABIC LETTER DDAHAL ISOLATED FORM;Lo;0;AL;<isolated> 068D;;;;N;;;;;
+FB83;ARABIC LETTER DDAHAL FINAL FORM;Lo;0;AL;<final> 068D;;;;N;;;;;
+FB84;ARABIC LETTER DAHAL ISOLATED FORM;Lo;0;AL;<isolated> 068C;;;;N;;;;;
+FB85;ARABIC LETTER DAHAL FINAL FORM;Lo;0;AL;<final> 068C;;;;N;;;;;
+FB86;ARABIC LETTER DUL ISOLATED FORM;Lo;0;AL;<isolated> 068E;;;;N;;;;;
+FB87;ARABIC LETTER DUL FINAL FORM;Lo;0;AL;<final> 068E;;;;N;;;;;
+FB88;ARABIC LETTER DDAL ISOLATED FORM;Lo;0;AL;<isolated> 0688;;;;N;;;;;
+FB89;ARABIC LETTER DDAL FINAL FORM;Lo;0;AL;<final> 0688;;;;N;;;;;
+FB8A;ARABIC LETTER JEH ISOLATED FORM;Lo;0;AL;<isolated> 0698;;;;N;;;;;
+FB8B;ARABIC LETTER JEH FINAL FORM;Lo;0;AL;<final> 0698;;;;N;;;;;
+FB8C;ARABIC LETTER RREH ISOLATED FORM;Lo;0;AL;<isolated> 0691;;;;N;;;;;
+FB8D;ARABIC LETTER RREH FINAL FORM;Lo;0;AL;<final> 0691;;;;N;;;;;
+FB8E;ARABIC LETTER KEHEH ISOLATED FORM;Lo;0;AL;<isolated> 06A9;;;;N;;;;;
+FB8F;ARABIC LETTER KEHEH FINAL FORM;Lo;0;AL;<final> 06A9;;;;N;;;;;
+FB90;ARABIC LETTER KEHEH INITIAL FORM;Lo;0;AL;<initial> 06A9;;;;N;;;;;
+FB91;ARABIC LETTER KEHEH MEDIAL FORM;Lo;0;AL;<medial> 06A9;;;;N;;;;;
+FB92;ARABIC LETTER GAF ISOLATED FORM;Lo;0;AL;<isolated> 06AF;;;;N;;;;;
+FB93;ARABIC LETTER GAF FINAL FORM;Lo;0;AL;<final> 06AF;;;;N;;;;;
+FB94;ARABIC LETTER GAF INITIAL FORM;Lo;0;AL;<initial> 06AF;;;;N;;;;;
+FB95;ARABIC LETTER GAF MEDIAL FORM;Lo;0;AL;<medial> 06AF;;;;N;;;;;
+FB96;ARABIC LETTER GUEH ISOLATED FORM;Lo;0;AL;<isolated> 06B3;;;;N;;;;;
+FB97;ARABIC LETTER GUEH FINAL FORM;Lo;0;AL;<final> 06B3;;;;N;;;;;
+FB98;ARABIC LETTER GUEH INITIAL FORM;Lo;0;AL;<initial> 06B3;;;;N;;;;;
+FB99;ARABIC LETTER GUEH MEDIAL FORM;Lo;0;AL;<medial> 06B3;;;;N;;;;;
+FB9A;ARABIC LETTER NGOEH ISOLATED FORM;Lo;0;AL;<isolated> 06B1;;;;N;;;;;
+FB9B;ARABIC LETTER NGOEH FINAL FORM;Lo;0;AL;<final> 06B1;;;;N;;;;;
+FB9C;ARABIC LETTER NGOEH INITIAL FORM;Lo;0;AL;<initial> 06B1;;;;N;;;;;
+FB9D;ARABIC LETTER NGOEH MEDIAL FORM;Lo;0;AL;<medial> 06B1;;;;N;;;;;
+FB9E;ARABIC LETTER NOON GHUNNA ISOLATED FORM;Lo;0;AL;<isolated> 06BA;;;;N;;;;;
+FB9F;ARABIC LETTER NOON GHUNNA FINAL FORM;Lo;0;AL;<final> 06BA;;;;N;;;;;
+FBA0;ARABIC LETTER RNOON ISOLATED FORM;Lo;0;AL;<isolated> 06BB;;;;N;;;;;
+FBA1;ARABIC LETTER RNOON FINAL FORM;Lo;0;AL;<final> 06BB;;;;N;;;;;
+FBA2;ARABIC LETTER RNOON INITIAL FORM;Lo;0;AL;<initial> 06BB;;;;N;;;;;
+FBA3;ARABIC LETTER RNOON MEDIAL FORM;Lo;0;AL;<medial> 06BB;;;;N;;;;;
+FBA4;ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 06C0;;;;N;;;;;
+FBA5;ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM;Lo;0;AL;<final> 06C0;;;;N;;;;;
+FBA6;ARABIC LETTER HEH GOAL ISOLATED FORM;Lo;0;AL;<isolated> 06C1;;;;N;;;;;
+FBA7;ARABIC LETTER HEH GOAL FINAL FORM;Lo;0;AL;<final> 06C1;;;;N;;;;;
+FBA8;ARABIC LETTER HEH GOAL INITIAL FORM;Lo;0;AL;<initial> 06C1;;;;N;;;;;
+FBA9;ARABIC LETTER HEH GOAL MEDIAL FORM;Lo;0;AL;<medial> 06C1;;;;N;;;;;
+FBAA;ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM;Lo;0;AL;<isolated> 06BE;;;;N;;;;;
+FBAB;ARABIC LETTER HEH DOACHASHMEE FINAL FORM;Lo;0;AL;<final> 06BE;;;;N;;;;;
+FBAC;ARABIC LETTER HEH DOACHASHMEE INITIAL FORM;Lo;0;AL;<initial> 06BE;;;;N;;;;;
+FBAD;ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM;Lo;0;AL;<medial> 06BE;;;;N;;;;;
+FBAE;ARABIC LETTER YEH BARREE ISOLATED FORM;Lo;0;AL;<isolated> 06D2;;;;N;;;;;
+FBAF;ARABIC LETTER YEH BARREE FINAL FORM;Lo;0;AL;<final> 06D2;;;;N;;;;;
+FBB0;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 06D3;;;;N;;;;;
+FBB1;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 06D3;;;;N;;;;;
+FBD3;ARABIC LETTER NG ISOLATED FORM;Lo;0;AL;<isolated> 06AD;;;;N;;;;;
+FBD4;ARABIC LETTER NG FINAL FORM;Lo;0;AL;<final> 06AD;;;;N;;;;;
+FBD5;ARABIC LETTER NG INITIAL FORM;Lo;0;AL;<initial> 06AD;;;;N;;;;;
+FBD6;ARABIC LETTER NG MEDIAL FORM;Lo;0;AL;<medial> 06AD;;;;N;;;;;
+FBD7;ARABIC LETTER U ISOLATED FORM;Lo;0;AL;<isolated> 06C7;;;;N;;;;;
+FBD8;ARABIC LETTER U FINAL FORM;Lo;0;AL;<final> 06C7;;;;N;;;;;
+FBD9;ARABIC LETTER OE ISOLATED FORM;Lo;0;AL;<isolated> 06C6;;;;N;;;;;
+FBDA;ARABIC LETTER OE FINAL FORM;Lo;0;AL;<final> 06C6;;;;N;;;;;
+FBDB;ARABIC LETTER YU ISOLATED FORM;Lo;0;AL;<isolated> 06C8;;;;N;;;;;
+FBDC;ARABIC LETTER YU FINAL FORM;Lo;0;AL;<final> 06C8;;;;N;;;;;
+FBDD;ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0677;;;;N;;;;;
+FBDE;ARABIC LETTER VE ISOLATED FORM;Lo;0;AL;<isolated> 06CB;;;;N;;;;;
+FBDF;ARABIC LETTER VE FINAL FORM;Lo;0;AL;<final> 06CB;;;;N;;;;;
+FBE0;ARABIC LETTER KIRGHIZ OE ISOLATED FORM;Lo;0;AL;<isolated> 06C5;;;;N;;;;;
+FBE1;ARABIC LETTER KIRGHIZ OE FINAL FORM;Lo;0;AL;<final> 06C5;;;;N;;;;;
+FBE2;ARABIC LETTER KIRGHIZ YU ISOLATED FORM;Lo;0;AL;<isolated> 06C9;;;;N;;;;;
+FBE3;ARABIC LETTER KIRGHIZ YU FINAL FORM;Lo;0;AL;<final> 06C9;;;;N;;;;;
+FBE4;ARABIC LETTER E ISOLATED FORM;Lo;0;AL;<isolated> 06D0;;;;N;;;;;
+FBE5;ARABIC LETTER E FINAL FORM;Lo;0;AL;<final> 06D0;;;;N;;;;;
+FBE6;ARABIC LETTER E INITIAL FORM;Lo;0;AL;<initial> 06D0;;;;N;;;;;
+FBE7;ARABIC LETTER E MEDIAL FORM;Lo;0;AL;<medial> 06D0;;;;N;;;;;
+FBE8;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM;Lo;0;AL;<initial> 0649;;;;N;;;;;
+FBE9;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM;Lo;0;AL;<medial> 0649;;;;N;;;;;
+FBEA;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0626 0627;;;;N;;;;;
+FBEB;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM;Lo;0;AL;<final> 0626 0627;;;;N;;;;;
+FBEC;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM;Lo;0;AL;<isolated> 0626 06D5;;;;N;;;;;
+FBED;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM;Lo;0;AL;<final> 0626 06D5;;;;N;;;;;
+FBEE;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM;Lo;0;AL;<isolated> 0626 0648;;;;N;;;;;
+FBEF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM;Lo;0;AL;<final> 0626 0648;;;;N;;;;;
+FBF0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM;Lo;0;AL;<isolated> 0626 06C7;;;;N;;;;;
+FBF1;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM;Lo;0;AL;<final> 0626 06C7;;;;N;;;;;
+FBF2;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM;Lo;0;AL;<isolated> 0626 06C6;;;;N;;;;;
+FBF3;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM;Lo;0;AL;<final> 0626 06C6;;;;N;;;;;
+FBF4;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM;Lo;0;AL;<isolated> 0626 06C8;;;;N;;;;;
+FBF5;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM;Lo;0;AL;<final> 0626 06C8;;;;N;;;;;
+FBF6;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM;Lo;0;AL;<isolated> 0626 06D0;;;;N;;;;;
+FBF7;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM;Lo;0;AL;<final> 0626 06D0;;;;N;;;;;
+FBF8;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM;Lo;0;AL;<initial> 0626 06D0;;;;N;;;;;
+FBF9;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0626 0649;;;;N;;;;;
+FBFA;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0626 0649;;;;N;;;;;
+FBFB;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM;Lo;0;AL;<initial> 0626 0649;;;;N;;;;;
+FBFC;ARABIC LETTER FARSI YEH ISOLATED FORM;Lo;0;AL;<isolated> 06CC;;;;N;;;;;
+FBFD;ARABIC LETTER FARSI YEH FINAL FORM;Lo;0;AL;<final> 06CC;;;;N;;;;;
+FBFE;ARABIC LETTER FARSI YEH INITIAL FORM;Lo;0;AL;<initial> 06CC;;;;N;;;;;
+FBFF;ARABIC LETTER FARSI YEH MEDIAL FORM;Lo;0;AL;<medial> 06CC;;;;N;;;;;
+FC00;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0626 062C;;;;N;;;;;
+FC01;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0626 062D;;;;N;;;;;
+FC02;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0626 0645;;;;N;;;;;
+FC03;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0626 0649;;;;N;;;;;
+FC04;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0626 064A;;;;N;;;;;
+FC05;ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0628 062C;;;;N;;;;;
+FC06;ARABIC LIGATURE BEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0628 062D;;;;N;;;;;
+FC07;ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0628 062E;;;;N;;;;;
+FC08;ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0628 0645;;;;N;;;;;
+FC09;ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0628 0649;;;;N;;;;;
+FC0A;ARABIC LIGATURE BEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0628 064A;;;;N;;;;;
+FC0B;ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062A 062C;;;;N;;;;;
+FC0C;ARABIC LIGATURE TEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 062A 062D;;;;N;;;;;
+FC0D;ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 062A 062E;;;;N;;;;;
+FC0E;ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062A 0645;;;;N;;;;;
+FC0F;ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062A 0649;;;;N;;;;;
+FC10;ARABIC LIGATURE TEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062A 064A;;;;N;;;;;
+FC11;ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062B 062C;;;;N;;;;;
+FC12;ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062B 0645;;;;N;;;;;
+FC13;ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062B 0649;;;;N;;;;;
+FC14;ARABIC LIGATURE THEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062B 064A;;;;N;;;;;
+FC15;ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 062C 062D;;;;N;;;;;
+FC16;ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062C 0645;;;;N;;;;;
+FC17;ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062D 062C;;;;N;;;;;
+FC18;ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062D 0645;;;;N;;;;;
+FC19;ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062E 062C;;;;N;;;;;
+FC1A;ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 062E 062D;;;;N;;;;;
+FC1B;ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 062E 0645;;;;N;;;;;
+FC1C;ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0633 062C;;;;N;;;;;
+FC1D;ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0633 062D;;;;N;;;;;
+FC1E;ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0633 062E;;;;N;;;;;
+FC1F;ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0633 0645;;;;N;;;;;
+FC20;ARABIC LIGATURE SAD WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0635 062D;;;;N;;;;;
+FC21;ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0635 0645;;;;N;;;;;
+FC22;ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0636 062C;;;;N;;;;;
+FC23;ARABIC LIGATURE DAD WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0636 062D;;;;N;;;;;
+FC24;ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0636 062E;;;;N;;;;;
+FC25;ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0636 0645;;;;N;;;;;
+FC26;ARABIC LIGATURE TAH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0637 062D;;;;N;;;;;
+FC27;ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0637 0645;;;;N;;;;;
+FC28;ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0638 0645;;;;N;;;;;
+FC29;ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0639 062C;;;;N;;;;;
+FC2A;ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0639 0645;;;;N;;;;;
+FC2B;ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 063A 062C;;;;N;;;;;
+FC2C;ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 063A 0645;;;;N;;;;;
+FC2D;ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0641 062C;;;;N;;;;;
+FC2E;ARABIC LIGATURE FEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0641 062D;;;;N;;;;;
+FC2F;ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0641 062E;;;;N;;;;;
+FC30;ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0641 0645;;;;N;;;;;
+FC31;ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0641 0649;;;;N;;;;;
+FC32;ARABIC LIGATURE FEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0641 064A;;;;N;;;;;
+FC33;ARABIC LIGATURE QAF WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0642 062D;;;;N;;;;;
+FC34;ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0642 0645;;;;N;;;;;
+FC35;ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0642 0649;;;;N;;;;;
+FC36;ARABIC LIGATURE QAF WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0642 064A;;;;N;;;;;
+FC37;ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0643 0627;;;;N;;;;;
+FC38;ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0643 062C;;;;N;;;;;
+FC39;ARABIC LIGATURE KAF WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0643 062D;;;;N;;;;;
+FC3A;ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0643 062E;;;;N;;;;;
+FC3B;ARABIC LIGATURE KAF WITH LAM ISOLATED FORM;Lo;0;AL;<isolated> 0643 0644;;;;N;;;;;
+FC3C;ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0643 0645;;;;N;;;;;
+FC3D;ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0643 0649;;;;N;;;;;
+FC3E;ARABIC LIGATURE KAF WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0643 064A;;;;N;;;;;
+FC3F;ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0644 062C;;;;N;;;;;
+FC40;ARABIC LIGATURE LAM WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0644 062D;;;;N;;;;;
+FC41;ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0644 062E;;;;N;;;;;
+FC42;ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0644 0645;;;;N;;;;;
+FC43;ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0644 0649;;;;N;;;;;
+FC44;ARABIC LIGATURE LAM WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0644 064A;;;;N;;;;;
+FC45;ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0645 062C;;;;N;;;;;
+FC46;ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0645 062D;;;;N;;;;;
+FC47;ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0645 062E;;;;N;;;;;
+FC48;ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0645 0645;;;;N;;;;;
+FC49;ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0645 0649;;;;N;;;;;
+FC4A;ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0645 064A;;;;N;;;;;
+FC4B;ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0646 062C;;;;N;;;;;
+FC4C;ARABIC LIGATURE NOON WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0646 062D;;;;N;;;;;
+FC4D;ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0646 062E;;;;N;;;;;
+FC4E;ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0646 0645;;;;N;;;;;
+FC4F;ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0646 0649;;;;N;;;;;
+FC50;ARABIC LIGATURE NOON WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0646 064A;;;;N;;;;;
+FC51;ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0647 062C;;;;N;;;;;
+FC52;ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0647 0645;;;;N;;;;;
+FC53;ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0647 0649;;;;N;;;;;
+FC54;ARABIC LIGATURE HEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0647 064A;;;;N;;;;;
+FC55;ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 064A 062C;;;;N;;;;;
+FC56;ARABIC LIGATURE YEH WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 064A 062D;;;;N;;;;;
+FC57;ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 064A 062E;;;;N;;;;;
+FC58;ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 064A 0645;;;;N;;;;;
+FC59;ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 064A 0649;;;;N;;;;;
+FC5A;ARABIC LIGATURE YEH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 064A 064A;;;;N;;;;;
+FC5B;ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0630 0670;;;;N;;;;;
+FC5C;ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0631 0670;;;;N;;;;;
+FC5D;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0649 0670;;;;N;;;;;
+FC5E;ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064C 0651;;;;N;;;;;
+FC5F;ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064D 0651;;;;N;;;;;
+FC60;ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064E 0651;;;;N;;;;;
+FC61;ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064F 0651;;;;N;;;;;
+FC62;ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM;Lo;0;AL;<isolated> 0020 0650 0651;;;;N;;;;;
+FC63;ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0020 0651 0670;;;;N;;;;;
+FC64;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM;Lo;0;AL;<final> 0626 0631;;;;N;;;;;
+FC65;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM;Lo;0;AL;<final> 0626 0632;;;;N;;;;;
+FC66;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM;Lo;0;AL;<final> 0626 0645;;;;N;;;;;
+FC67;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM;Lo;0;AL;<final> 0626 0646;;;;N;;;;;
+FC68;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0626 0649;;;;N;;;;;
+FC69;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM;Lo;0;AL;<final> 0626 064A;;;;N;;;;;
+FC6A;ARABIC LIGATURE BEH WITH REH FINAL FORM;Lo;0;AL;<final> 0628 0631;;;;N;;;;;
+FC6B;ARABIC LIGATURE BEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 0628 0632;;;;N;;;;;
+FC6C;ARABIC LIGATURE BEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0628 0645;;;;N;;;;;
+FC6D;ARABIC LIGATURE BEH WITH NOON FINAL FORM;Lo;0;AL;<final> 0628 0646;;;;N;;;;;
+FC6E;ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0628 0649;;;;N;;;;;
+FC6F;ARABIC LIGATURE BEH WITH YEH FINAL FORM;Lo;0;AL;<final> 0628 064A;;;;N;;;;;
+FC70;ARABIC LIGATURE TEH WITH REH FINAL FORM;Lo;0;AL;<final> 062A 0631;;;;N;;;;;
+FC71;ARABIC LIGATURE TEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 062A 0632;;;;N;;;;;
+FC72;ARABIC LIGATURE TEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 062A 0645;;;;N;;;;;
+FC73;ARABIC LIGATURE TEH WITH NOON FINAL FORM;Lo;0;AL;<final> 062A 0646;;;;N;;;;;
+FC74;ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 0649;;;;N;;;;;
+FC75;ARABIC LIGATURE TEH WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 064A;;;;N;;;;;
+FC76;ARABIC LIGATURE THEH WITH REH FINAL FORM;Lo;0;AL;<final> 062B 0631;;;;N;;;;;
+FC77;ARABIC LIGATURE THEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 062B 0632;;;;N;;;;;
+FC78;ARABIC LIGATURE THEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 062B 0645;;;;N;;;;;
+FC79;ARABIC LIGATURE THEH WITH NOON FINAL FORM;Lo;0;AL;<final> 062B 0646;;;;N;;;;;
+FC7A;ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062B 0649;;;;N;;;;;
+FC7B;ARABIC LIGATURE THEH WITH YEH FINAL FORM;Lo;0;AL;<final> 062B 064A;;;;N;;;;;
+FC7C;ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0641 0649;;;;N;;;;;
+FC7D;ARABIC LIGATURE FEH WITH YEH FINAL FORM;Lo;0;AL;<final> 0641 064A;;;;N;;;;;
+FC7E;ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0642 0649;;;;N;;;;;
+FC7F;ARABIC LIGATURE QAF WITH YEH FINAL FORM;Lo;0;AL;<final> 0642 064A;;;;N;;;;;
+FC80;ARABIC LIGATURE KAF WITH ALEF FINAL FORM;Lo;0;AL;<final> 0643 0627;;;;N;;;;;
+FC81;ARABIC LIGATURE KAF WITH LAM FINAL FORM;Lo;0;AL;<final> 0643 0644;;;;N;;;;;
+FC82;ARABIC LIGATURE KAF WITH MEEM FINAL FORM;Lo;0;AL;<final> 0643 0645;;;;N;;;;;
+FC83;ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0643 0649;;;;N;;;;;
+FC84;ARABIC LIGATURE KAF WITH YEH FINAL FORM;Lo;0;AL;<final> 0643 064A;;;;N;;;;;
+FC85;ARABIC LIGATURE LAM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 0645;;;;N;;;;;
+FC86;ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0644 0649;;;;N;;;;;
+FC87;ARABIC LIGATURE LAM WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 064A;;;;N;;;;;
+FC88;ARABIC LIGATURE MEEM WITH ALEF FINAL FORM;Lo;0;AL;<final> 0645 0627;;;;N;;;;;
+FC89;ARABIC LIGATURE MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0645 0645;;;;N;;;;;
+FC8A;ARABIC LIGATURE NOON WITH REH FINAL FORM;Lo;0;AL;<final> 0646 0631;;;;N;;;;;
+FC8B;ARABIC LIGATURE NOON WITH ZAIN FINAL FORM;Lo;0;AL;<final> 0646 0632;;;;N;;;;;
+FC8C;ARABIC LIGATURE NOON WITH MEEM FINAL FORM;Lo;0;AL;<final> 0646 0645;;;;N;;;;;
+FC8D;ARABIC LIGATURE NOON WITH NOON FINAL FORM;Lo;0;AL;<final> 0646 0646;;;;N;;;;;
+FC8E;ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 0649;;;;N;;;;;
+FC8F;ARABIC LIGATURE NOON WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 064A;;;;N;;;;;
+FC90;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM;Lo;0;AL;<final> 0649 0670;;;;N;;;;;
+FC91;ARABIC LIGATURE YEH WITH REH FINAL FORM;Lo;0;AL;<final> 064A 0631;;;;N;;;;;
+FC92;ARABIC LIGATURE YEH WITH ZAIN FINAL FORM;Lo;0;AL;<final> 064A 0632;;;;N;;;;;
+FC93;ARABIC LIGATURE YEH WITH MEEM FINAL FORM;Lo;0;AL;<final> 064A 0645;;;;N;;;;;
+FC94;ARABIC LIGATURE YEH WITH NOON FINAL FORM;Lo;0;AL;<final> 064A 0646;;;;N;;;;;
+FC95;ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 064A 0649;;;;N;;;;;
+FC96;ARABIC LIGATURE YEH WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 064A;;;;N;;;;;
+FC97;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0626 062C;;;;N;;;;;
+FC98;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0626 062D;;;;N;;;;;
+FC99;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0626 062E;;;;N;;;;;
+FC9A;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0626 0645;;;;N;;;;;
+FC9B;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0626 0647;;;;N;;;;;
+FC9C;ARABIC LIGATURE BEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0628 062C;;;;N;;;;;
+FC9D;ARABIC LIGATURE BEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0628 062D;;;;N;;;;;
+FC9E;ARABIC LIGATURE BEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0628 062E;;;;N;;;;;
+FC9F;ARABIC LIGATURE BEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0628 0645;;;;N;;;;;
+FCA0;ARABIC LIGATURE BEH WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0628 0647;;;;N;;;;;
+FCA1;ARABIC LIGATURE TEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062C;;;;N;;;;;
+FCA2;ARABIC LIGATURE TEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062A 062D;;;;N;;;;;
+FCA3;ARABIC LIGATURE TEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 062A 062E;;;;N;;;;;
+FCA4;ARABIC LIGATURE TEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 0645;;;;N;;;;;
+FCA5;ARABIC LIGATURE TEH WITH HEH INITIAL FORM;Lo;0;AL;<initial> 062A 0647;;;;N;;;;;
+FCA6;ARABIC LIGATURE THEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062B 0645;;;;N;;;;;
+FCA7;ARABIC LIGATURE JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062C 062D;;;;N;;;;;
+FCA8;ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062C 0645;;;;N;;;;;
+FCA9;ARABIC LIGATURE HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062D 062C;;;;N;;;;;
+FCAA;ARABIC LIGATURE HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062D 0645;;;;N;;;;;
+FCAB;ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062E 062C;;;;N;;;;;
+FCAC;ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062E 0645;;;;N;;;;;
+FCAD;ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0633 062C;;;;N;;;;;
+FCAE;ARABIC LIGATURE SEEN WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0633 062D;;;;N;;;;;
+FCAF;ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0633 062E;;;;N;;;;;
+FCB0;ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0633 0645;;;;N;;;;;
+FCB1;ARABIC LIGATURE SAD WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0635 062D;;;;N;;;;;
+FCB2;ARABIC LIGATURE SAD WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0635 062E;;;;N;;;;;
+FCB3;ARABIC LIGATURE SAD WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0635 0645;;;;N;;;;;
+FCB4;ARABIC LIGATURE DAD WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0636 062C;;;;N;;;;;
+FCB5;ARABIC LIGATURE DAD WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0636 062D;;;;N;;;;;
+FCB6;ARABIC LIGATURE DAD WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0636 062E;;;;N;;;;;
+FCB7;ARABIC LIGATURE DAD WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0636 0645;;;;N;;;;;
+FCB8;ARABIC LIGATURE TAH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0637 062D;;;;N;;;;;
+FCB9;ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0638 0645;;;;N;;;;;
+FCBA;ARABIC LIGATURE AIN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0639 062C;;;;N;;;;;
+FCBB;ARABIC LIGATURE AIN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0639 0645;;;;N;;;;;
+FCBC;ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 063A 062C;;;;N;;;;;
+FCBD;ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 063A 0645;;;;N;;;;;
+FCBE;ARABIC LIGATURE FEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0641 062C;;;;N;;;;;
+FCBF;ARABIC LIGATURE FEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0641 062D;;;;N;;;;;
+FCC0;ARABIC LIGATURE FEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0641 062E;;;;N;;;;;
+FCC1;ARABIC LIGATURE FEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0641 0645;;;;N;;;;;
+FCC2;ARABIC LIGATURE QAF WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0642 062D;;;;N;;;;;
+FCC3;ARABIC LIGATURE QAF WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0642 0645;;;;N;;;;;
+FCC4;ARABIC LIGATURE KAF WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0643 062C;;;;N;;;;;
+FCC5;ARABIC LIGATURE KAF WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0643 062D;;;;N;;;;;
+FCC6;ARABIC LIGATURE KAF WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0643 062E;;;;N;;;;;
+FCC7;ARABIC LIGATURE KAF WITH LAM INITIAL FORM;Lo;0;AL;<initial> 0643 0644;;;;N;;;;;
+FCC8;ARABIC LIGATURE KAF WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0643 0645;;;;N;;;;;
+FCC9;ARABIC LIGATURE LAM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062C;;;;N;;;;;
+FCCA;ARABIC LIGATURE LAM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0644 062D;;;;N;;;;;
+FCCB;ARABIC LIGATURE LAM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0644 062E;;;;N;;;;;
+FCCC;ARABIC LIGATURE LAM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 0645;;;;N;;;;;
+FCCD;ARABIC LIGATURE LAM WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0644 0647;;;;N;;;;;
+FCCE;ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062C;;;;N;;;;;
+FCCF;ARABIC LIGATURE MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0645 062D;;;;N;;;;;
+FCD0;ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0645 062E;;;;N;;;;;
+FCD1;ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 0645;;;;N;;;;;
+FCD2;ARABIC LIGATURE NOON WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0646 062C;;;;N;;;;;
+FCD3;ARABIC LIGATURE NOON WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0646 062D;;;;N;;;;;
+FCD4;ARABIC LIGATURE NOON WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0646 062E;;;;N;;;;;
+FCD5;ARABIC LIGATURE NOON WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0646 0645;;;;N;;;;;
+FCD6;ARABIC LIGATURE NOON WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0646 0647;;;;N;;;;;
+FCD7;ARABIC LIGATURE HEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0647 062C;;;;N;;;;;
+FCD8;ARABIC LIGATURE HEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0647 0645;;;;N;;;;;
+FCD9;ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM;Lo;0;AL;<initial> 0647 0670;;;;N;;;;;
+FCDA;ARABIC LIGATURE YEH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 064A 062C;;;;N;;;;;
+FCDB;ARABIC LIGATURE YEH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 064A 062D;;;;N;;;;;
+FCDC;ARABIC LIGATURE YEH WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 064A 062E;;;;N;;;;;
+FCDD;ARABIC LIGATURE YEH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 064A 0645;;;;N;;;;;
+FCDE;ARABIC LIGATURE YEH WITH HEH INITIAL FORM;Lo;0;AL;<initial> 064A 0647;;;;N;;;;;
+FCDF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0626 0645;;;;N;;;;;
+FCE0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0626 0647;;;;N;;;;;
+FCE1;ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0628 0645;;;;N;;;;;
+FCE2;ARABIC LIGATURE BEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0628 0647;;;;N;;;;;
+FCE3;ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 062A 0645;;;;N;;;;;
+FCE4;ARABIC LIGATURE TEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 062A 0647;;;;N;;;;;
+FCE5;ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 062B 0645;;;;N;;;;;
+FCE6;ARABIC LIGATURE THEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 062B 0647;;;;N;;;;;
+FCE7;ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0633 0645;;;;N;;;;;
+FCE8;ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0633 0647;;;;N;;;;;
+FCE9;ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0634 0645;;;;N;;;;;
+FCEA;ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0634 0647;;;;N;;;;;
+FCEB;ARABIC LIGATURE KAF WITH LAM MEDIAL FORM;Lo;0;AL;<medial> 0643 0644;;;;N;;;;;
+FCEC;ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0643 0645;;;;N;;;;;
+FCED;ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0644 0645;;;;N;;;;;
+FCEE;ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0646 0645;;;;N;;;;;
+FCEF;ARABIC LIGATURE NOON WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 0646 0647;;;;N;;;;;
+FCF0;ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 064A 0645;;;;N;;;;;
+FCF1;ARABIC LIGATURE YEH WITH HEH MEDIAL FORM;Lo;0;AL;<medial> 064A 0647;;;;N;;;;;
+FCF2;ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM;Lo;0;AL;<medial> 0640 064E 0651;;;;N;;;;;
+FCF3;ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM;Lo;0;AL;<medial> 0640 064F 0651;;;;N;;;;;
+FCF4;ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM;Lo;0;AL;<medial> 0640 0650 0651;;;;N;;;;;
+FCF5;ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0637 0649;;;;N;;;;;
+FCF6;ARABIC LIGATURE TAH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0637 064A;;;;N;;;;;
+FCF7;ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0639 0649;;;;N;;;;;
+FCF8;ARABIC LIGATURE AIN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0639 064A;;;;N;;;;;
+FCF9;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 063A 0649;;;;N;;;;;
+FCFA;ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 063A 064A;;;;N;;;;;
+FCFB;ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0633 0649;;;;N;;;;;
+FCFC;ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0633 064A;;;;N;;;;;
+FCFD;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0634 0649;;;;N;;;;;
+FCFE;ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0634 064A;;;;N;;;;;
+FCFF;ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062D 0649;;;;N;;;;;
+FD00;ARABIC LIGATURE HAH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062D 064A;;;;N;;;;;
+FD01;ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062C 0649;;;;N;;;;;
+FD02;ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062C 064A;;;;N;;;;;
+FD03;ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 062E 0649;;;;N;;;;;
+FD04;ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 062E 064A;;;;N;;;;;
+FD05;ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0635 0649;;;;N;;;;;
+FD06;ARABIC LIGATURE SAD WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0635 064A;;;;N;;;;;
+FD07;ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0636 0649;;;;N;;;;;
+FD08;ARABIC LIGATURE DAD WITH YEH ISOLATED FORM;Lo;0;AL;<isolated> 0636 064A;;;;N;;;;;
+FD09;ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM;Lo;0;AL;<isolated> 0634 062C;;;;N;;;;;
+FD0A;ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM;Lo;0;AL;<isolated> 0634 062D;;;;N;;;;;
+FD0B;ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM;Lo;0;AL;<isolated> 0634 062E;;;;N;;;;;
+FD0C;ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0634 0645;;;;N;;;;;
+FD0D;ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0634 0631;;;;N;;;;;
+FD0E;ARABIC LIGATURE SEEN WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0633 0631;;;;N;;;;;
+FD0F;ARABIC LIGATURE SAD WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0635 0631;;;;N;;;;;
+FD10;ARABIC LIGATURE DAD WITH REH ISOLATED FORM;Lo;0;AL;<isolated> 0636 0631;;;;N;;;;;
+FD11;ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0637 0649;;;;N;;;;;
+FD12;ARABIC LIGATURE TAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0637 064A;;;;N;;;;;
+FD13;ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0639 0649;;;;N;;;;;
+FD14;ARABIC LIGATURE AIN WITH YEH FINAL FORM;Lo;0;AL;<final> 0639 064A;;;;N;;;;;
+FD15;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 063A 0649;;;;N;;;;;
+FD16;ARABIC LIGATURE GHAIN WITH YEH FINAL FORM;Lo;0;AL;<final> 063A 064A;;;;N;;;;;
+FD17;ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0633 0649;;;;N;;;;;
+FD18;ARABIC LIGATURE SEEN WITH YEH FINAL FORM;Lo;0;AL;<final> 0633 064A;;;;N;;;;;
+FD19;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0634 0649;;;;N;;;;;
+FD1A;ARABIC LIGATURE SHEEN WITH YEH FINAL FORM;Lo;0;AL;<final> 0634 064A;;;;N;;;;;
+FD1B;ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062D 0649;;;;N;;;;;
+FD1C;ARABIC LIGATURE HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062D 064A;;;;N;;;;;
+FD1D;ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062C 0649;;;;N;;;;;
+FD1E;ARABIC LIGATURE JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062C 064A;;;;N;;;;;
+FD1F;ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062E 0649;;;;N;;;;;
+FD20;ARABIC LIGATURE KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062E 064A;;;;N;;;;;
+FD21;ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0635 0649;;;;N;;;;;
+FD22;ARABIC LIGATURE SAD WITH YEH FINAL FORM;Lo;0;AL;<final> 0635 064A;;;;N;;;;;
+FD23;ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0636 0649;;;;N;;;;;
+FD24;ARABIC LIGATURE DAD WITH YEH FINAL FORM;Lo;0;AL;<final> 0636 064A;;;;N;;;;;
+FD25;ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM;Lo;0;AL;<final> 0634 062C;;;;N;;;;;
+FD26;ARABIC LIGATURE SHEEN WITH HAH FINAL FORM;Lo;0;AL;<final> 0634 062D;;;;N;;;;;
+FD27;ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM;Lo;0;AL;<final> 0634 062E;;;;N;;;;;
+FD28;ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM;Lo;0;AL;<final> 0634 0645;;;;N;;;;;
+FD29;ARABIC LIGATURE SHEEN WITH REH FINAL FORM;Lo;0;AL;<final> 0634 0631;;;;N;;;;;
+FD2A;ARABIC LIGATURE SEEN WITH REH FINAL FORM;Lo;0;AL;<final> 0633 0631;;;;N;;;;;
+FD2B;ARABIC LIGATURE SAD WITH REH FINAL FORM;Lo;0;AL;<final> 0635 0631;;;;N;;;;;
+FD2C;ARABIC LIGATURE DAD WITH REH FINAL FORM;Lo;0;AL;<final> 0636 0631;;;;N;;;;;
+FD2D;ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0634 062C;;;;N;;;;;
+FD2E;ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0634 062D;;;;N;;;;;
+FD2F;ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0634 062E;;;;N;;;;;
+FD30;ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0634 0645;;;;N;;;;;
+FD31;ARABIC LIGATURE SEEN WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0633 0647;;;;N;;;;;
+FD32;ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM;Lo;0;AL;<initial> 0634 0647;;;;N;;;;;
+FD33;ARABIC LIGATURE TAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0637 0645;;;;N;;;;;
+FD34;ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM;Lo;0;AL;<medial> 0633 062C;;;;N;;;;;
+FD35;ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM;Lo;0;AL;<medial> 0633 062D;;;;N;;;;;
+FD36;ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM;Lo;0;AL;<medial> 0633 062E;;;;N;;;;;
+FD37;ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM;Lo;0;AL;<medial> 0634 062C;;;;N;;;;;
+FD38;ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM;Lo;0;AL;<medial> 0634 062D;;;;N;;;;;
+FD39;ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM;Lo;0;AL;<medial> 0634 062E;;;;N;;;;;
+FD3A;ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0637 0645;;;;N;;;;;
+FD3B;ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM;Lo;0;AL;<medial> 0638 0645;;;;N;;;;;
+FD3C;ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM;Lo;0;AL;<final> 0627 064B;;;;N;;;;;
+FD3D;ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM;Lo;0;AL;<isolated> 0627 064B;;;;N;;;;;
+FD3E;ORNATE LEFT PARENTHESIS;Ps;0;ON;;;;;N;;;;;
+FD3F;ORNATE RIGHT PARENTHESIS;Pe;0;ON;;;;;N;;;;;
+FD50;ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062C 0645;;;;N;;;;;
+FD51;ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM;Lo;0;AL;<final> 062A 062D 062C;;;;N;;;;;
+FD52;ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062D 062C;;;;N;;;;;
+FD53;ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062D 0645;;;;N;;;;;
+FD54;ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 062A 062E 0645;;;;N;;;;;
+FD55;ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 062A 0645 062C;;;;N;;;;;
+FD56;ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062A 0645 062D;;;;N;;;;;
+FD57;ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 062A 0645 062E;;;;N;;;;;
+FD58;ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 062C 0645 062D;;;;N;;;;;
+FD59;ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 062C 0645 062D;;;;N;;;;;
+FD5A;ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062D 0645 064A;;;;N;;;;;
+FD5B;ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062D 0645 0649;;;;N;;;;;
+FD5C;ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0633 062D 062C;;;;N;;;;;
+FD5D;ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0633 062C 062D;;;;N;;;;;
+FD5E;ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0633 062C 0649;;;;N;;;;;
+FD5F;ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0633 0645 062D;;;;N;;;;;
+FD60;ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0633 0645 062D;;;;N;;;;;
+FD61;ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0633 0645 062C;;;;N;;;;;
+FD62;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0633 0645 0645;;;;N;;;;;
+FD63;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0633 0645 0645;;;;N;;;;;
+FD64;ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM;Lo;0;AL;<final> 0635 062D 062D;;;;N;;;;;
+FD65;ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0635 062D 062D;;;;N;;;;;
+FD66;ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0635 0645 0645;;;;N;;;;;
+FD67;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0634 062D 0645;;;;N;;;;;
+FD68;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0634 062D 0645;;;;N;;;;;
+FD69;ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0634 062C 064A;;;;N;;;;;
+FD6A;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM;Lo;0;AL;<final> 0634 0645 062E;;;;N;;;;;
+FD6B;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0634 0645 062E;;;;N;;;;;
+FD6C;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0634 0645 0645;;;;N;;;;;
+FD6D;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0634 0645 0645;;;;N;;;;;
+FD6E;ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0636 062D 0649;;;;N;;;;;
+FD6F;ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0636 062E 0645;;;;N;;;;;
+FD70;ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0636 062E 0645;;;;N;;;;;
+FD71;ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0637 0645 062D;;;;N;;;;;
+FD72;ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0637 0645 062D;;;;N;;;;;
+FD73;ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0637 0645 0645;;;;N;;;;;
+FD74;ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0637 0645 064A;;;;N;;;;;
+FD75;ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0639 062C 0645;;;;N;;;;;
+FD76;ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0639 0645 0645;;;;N;;;;;
+FD77;ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0639 0645 0645;;;;N;;;;;
+FD78;ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0639 0645 0649;;;;N;;;;;
+FD79;ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 063A 0645 0645;;;;N;;;;;
+FD7A;ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 063A 0645 064A;;;;N;;;;;
+FD7B;ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 063A 0645 0649;;;;N;;;;;
+FD7C;ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0641 062E 0645;;;;N;;;;;
+FD7D;ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0641 062E 0645;;;;N;;;;;
+FD7E;ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0642 0645 062D;;;;N;;;;;
+FD7F;ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0642 0645 0645;;;;N;;;;;
+FD80;ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 062D 0645;;;;N;;;;;
+FD81;ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 062D 064A;;;;N;;;;;
+FD82;ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0644 062D 0649;;;;N;;;;;
+FD83;ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062C 062C;;;;N;;;;;
+FD84;ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM;Lo;0;AL;<final> 0644 062C 062C;;;;N;;;;;
+FD85;ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 062E 0645;;;;N;;;;;
+FD86;ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062E 0645;;;;N;;;;;
+FD87;ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0644 0645 062D;;;;N;;;;;
+FD88;ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0644 0645 062D;;;;N;;;;;
+FD89;ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062D 062C;;;;N;;;;;
+FD8A;ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062D 0645;;;;N;;;;;
+FD8B;ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 062D 064A;;;;N;;;;;
+FD8C;ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0645 062C 062D;;;;N;;;;;
+FD8D;ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062C 0645;;;;N;;;;;
+FD8E;ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062E 062C;;;;N;;;;;
+FD8F;ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0645 062E 0645;;;;N;;;;;
+FD92;ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM;Lo;0;AL;<initial> 0645 062C 062E;;;;N;;;;;
+FD93;ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL;<initial> 0647 0645 062C;;;;N;;;;;
+FD94;ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0647 0645 0645;;;;N;;;;;
+FD95;ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0646 062D 0645;;;;N;;;;;
+FD96;ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 062D 0649;;;;N;;;;;
+FD97;ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0646 062C 0645;;;;N;;;;;
+FD98;ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0646 062C 0645;;;;N;;;;;
+FD99;ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 062C 0649;;;;N;;;;;
+FD9A;ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 0645 064A;;;;N;;;;;
+FD9B;ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0646 0645 0649;;;;N;;;;;
+FD9C;ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 064A 0645 0645;;;;N;;;;;
+FD9D;ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 064A 0645 0645;;;;N;;;;;
+FD9E;ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0628 062E 064A;;;;N;;;;;
+FD9F;ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 062C 064A;;;;N;;;;;
+FDA0;ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 062C 0649;;;;N;;;;;
+FDA1;ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 062E 064A;;;;N;;;;;
+FDA2;ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 062E 0649;;;;N;;;;;
+FDA3;ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062A 0645 064A;;;;N;;;;;
+FDA4;ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062A 0645 0649;;;;N;;;;;
+FDA5;ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062C 0645 064A;;;;N;;;;;
+FDA6;ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062C 062D 0649;;;;N;;;;;
+FDA7;ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 062C 0645 0649;;;;N;;;;;
+FDA8;ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0633 062E 0649;;;;N;;;;;
+FDA9;ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0635 062D 064A;;;;N;;;;;
+FDAA;ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0634 062D 064A;;;;N;;;;;
+FDAB;ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0636 062D 064A;;;;N;;;;;
+FDAC;ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 062C 064A;;;;N;;;;;
+FDAD;ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0644 0645 064A;;;;N;;;;;
+FDAE;ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 062D 064A;;;;N;;;;;
+FDAF;ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 062C 064A;;;;N;;;;;
+FDB0;ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 064A 0645 064A;;;;N;;;;;
+FDB1;ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 0645 064A;;;;N;;;;;
+FDB2;ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0642 0645 064A;;;;N;;;;;
+FDB3;ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 062D 064A;;;;N;;;;;
+FDB4;ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0642 0645 062D;;;;N;;;;;
+FDB5;ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062D 0645;;;;N;;;;;
+FDB6;ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0639 0645 064A;;;;N;;;;;
+FDB7;ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0643 0645 064A;;;;N;;;;;
+FDB8;ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL;<initial> 0646 062C 062D;;;;N;;;;;
+FDB9;ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 062E 064A;;;;N;;;;;
+FDBA;ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0644 062C 0645;;;;N;;;;;
+FDBB;ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0643 0645 0645;;;;N;;;;;
+FDBC;ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL;<final> 0644 062C 0645;;;;N;;;;;
+FDBD;ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM;Lo;0;AL;<final> 0646 062C 062D;;;;N;;;;;
+FDBE;ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 062C 062D 064A;;;;N;;;;;
+FDBF;ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 062D 062C 064A;;;;N;;;;;
+FDC0;ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0645 062C 064A;;;;N;;;;;
+FDC1;ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0641 0645 064A;;;;N;;;;;
+FDC2;ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0628 062D 064A;;;;N;;;;;
+FDC3;ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0643 0645 0645;;;;N;;;;;
+FDC4;ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0639 062C 0645;;;;N;;;;;
+FDC5;ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL;<initial> 0635 0645 0645;;;;N;;;;;
+FDC6;ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM;Lo;0;AL;<final> 0633 062E 064A;;;;N;;;;;
+FDC7;ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM;Lo;0;AL;<final> 0646 062C 064A;;;;N;;;;;
+FDF0;ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL;<isolated> 0635 0644 06D2;;;;N;;;;;
+FDF1;ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL;<isolated> 0642 0644 06D2;;;;N;;;;;
+FDF2;ARABIC LIGATURE ALLAH ISOLATED FORM;Lo;0;AL;<isolated> 0627 0644 0644 0647;;;;N;;;;;
+FDF3;ARABIC LIGATURE AKBAR ISOLATED FORM;Lo;0;AL;<isolated> 0627 0643 0628 0631;;;;N;;;;;
+FDF4;ARABIC LIGATURE MOHAMMAD ISOLATED FORM;Lo;0;AL;<isolated> 0645 062D 0645 062F;;;;N;;;;;
+FDF5;ARABIC LIGATURE SALAM ISOLATED FORM;Lo;0;AL;<isolated> 0635 0644 0639 0645;;;;N;;;;;
+FDF6;ARABIC LIGATURE RASOUL ISOLATED FORM;Lo;0;AL;<isolated> 0631 0633 0648 0644;;;;N;;;;;
+FDF7;ARABIC LIGATURE ALAYHE ISOLATED FORM;Lo;0;AL;<isolated> 0639 0644 064A 0647;;;;N;;;;;
+FDF8;ARABIC LIGATURE WASALLAM ISOLATED FORM;Lo;0;AL;<isolated> 0648 0633 0644 0645;;;;N;;;;;
+FDF9;ARABIC LIGATURE SALLA ISOLATED FORM;Lo;0;AL;<isolated> 0635 0644 0649;;;;N;;;;;
+FDFA;ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM;Lo;0;AL;<isolated> 0635 0644 0649 0020 0627 0644 0644 0647 0020 0639 0644 064A 0647 0020 0648 0633 0644 0645;;;;N;ARABIC LETTER SALLALLAHOU ALAYHE WASALLAM;;;;
+FDFB;ARABIC LIGATURE JALLAJALALOUHOU;Lo;0;AL;<isolated> 062C 0644 0020 062C 0644 0627 0644 0647;;;;N;ARABIC LETTER JALLAJALALOUHOU;;;;
+FDFC;RIAL SIGN;Sc;0;AL;<isolated> 0631 06CC 0627 0644;;;;N;;;;;
+FE00;VARIATION SELECTOR-1;Mn;0;NSM;;;;;N;;;;;
+FE01;VARIATION SELECTOR-2;Mn;0;NSM;;;;;N;;;;;
+FE02;VARIATION SELECTOR-3;Mn;0;NSM;;;;;N;;;;;
+FE03;VARIATION SELECTOR-4;Mn;0;NSM;;;;;N;;;;;
+FE04;VARIATION SELECTOR-5;Mn;0;NSM;;;;;N;;;;;
+FE05;VARIATION SELECTOR-6;Mn;0;NSM;;;;;N;;;;;
+FE06;VARIATION SELECTOR-7;Mn;0;NSM;;;;;N;;;;;
+FE07;VARIATION SELECTOR-8;Mn;0;NSM;;;;;N;;;;;
+FE08;VARIATION SELECTOR-9;Mn;0;NSM;;;;;N;;;;;
+FE09;VARIATION SELECTOR-10;Mn;0;NSM;;;;;N;;;;;
+FE0A;VARIATION SELECTOR-11;Mn;0;NSM;;;;;N;;;;;
+FE0B;VARIATION SELECTOR-12;Mn;0;NSM;;;;;N;;;;;
+FE0C;VARIATION SELECTOR-13;Mn;0;NSM;;;;;N;;;;;
+FE0D;VARIATION SELECTOR-14;Mn;0;NSM;;;;;N;;;;;
+FE0E;VARIATION SELECTOR-15;Mn;0;NSM;;;;;N;;;;;
+FE0F;VARIATION SELECTOR-16;Mn;0;NSM;;;;;N;;;;;
+FE20;COMBINING LIGATURE LEFT HALF;Mn;230;NSM;;;;;N;;;;;
+FE21;COMBINING LIGATURE RIGHT HALF;Mn;230;NSM;;;;;N;;;;;
+FE22;COMBINING DOUBLE TILDE LEFT HALF;Mn;230;NSM;;;;;N;;;;;
+FE23;COMBINING DOUBLE TILDE RIGHT HALF;Mn;230;NSM;;;;;N;;;;;
+FE30;PRESENTATION FORM FOR VERTICAL TWO DOT LEADER;Po;0;ON;<vertical> 2025;;;;N;GLYPH FOR VERTICAL TWO DOT LEADER;;;;
+FE31;PRESENTATION FORM FOR VERTICAL EM DASH;Pd;0;ON;<vertical> 2014;;;;N;GLYPH FOR VERTICAL EM DASH;;;;
+FE32;PRESENTATION FORM FOR VERTICAL EN DASH;Pd;0;ON;<vertical> 2013;;;;N;GLYPH FOR VERTICAL EN DASH;;;;
+FE33;PRESENTATION FORM FOR VERTICAL LOW LINE;Pc;0;ON;<vertical> 005F;;;;N;GLYPH FOR VERTICAL SPACING UNDERSCORE;;;;
+FE34;PRESENTATION FORM FOR VERTICAL WAVY LOW LINE;Pc;0;ON;<vertical> 005F;;;;N;GLYPH FOR VERTICAL SPACING WAVY UNDERSCORE;;;;
+FE35;PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS;Ps;0;ON;<vertical> 0028;;;;N;GLYPH FOR VERTICAL OPENING PARENTHESIS;;;;
+FE36;PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS;Pe;0;ON;<vertical> 0029;;;;N;GLYPH FOR VERTICAL CLOSING PARENTHESIS;;;;
+FE37;PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET;Ps;0;ON;<vertical> 007B;;;;N;GLYPH FOR VERTICAL OPENING CURLY BRACKET;;;;
+FE38;PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET;Pe;0;ON;<vertical> 007D;;;;N;GLYPH FOR VERTICAL CLOSING CURLY BRACKET;;;;
+FE39;PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET;Ps;0;ON;<vertical> 3014;;;;N;GLYPH FOR VERTICAL OPENING TORTOISE SHELL BRACKET;;;;
+FE3A;PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;<vertical> 3015;;;;N;GLYPH FOR VERTICAL CLOSING TORTOISE SHELL BRACKET;;;;
+FE3B;PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET;Ps;0;ON;<vertical> 3010;;;;N;GLYPH FOR VERTICAL OPENING BLACK LENTICULAR BRACKET;;;;
+FE3C;PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON;<vertical> 3011;;;;N;GLYPH FOR VERTICAL CLOSING BLACK LENTICULAR BRACKET;;;;
+FE3D;PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;<vertical> 300A;;;;N;GLYPH FOR VERTICAL OPENING DOUBLE ANGLE BRACKET;;;;
+FE3E;PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;<vertical> 300B;;;;N;GLYPH FOR VERTICAL CLOSING DOUBLE ANGLE BRACKET;;;;
+FE3F;PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET;Ps;0;ON;<vertical> 3008;;;;N;GLYPH FOR VERTICAL OPENING ANGLE BRACKET;;;;
+FE40;PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET;Pe;0;ON;<vertical> 3009;;;;N;GLYPH FOR VERTICAL CLOSING ANGLE BRACKET;;;;
+FE41;PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET;Ps;0;ON;<vertical> 300C;;;;N;GLYPH FOR VERTICAL OPENING CORNER BRACKET;;;;
+FE42;PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET;Pe;0;ON;<vertical> 300D;;;;N;GLYPH FOR VERTICAL CLOSING CORNER BRACKET;;;;
+FE43;PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET;Ps;0;ON;<vertical> 300E;;;;N;GLYPH FOR VERTICAL OPENING WHITE CORNER BRACKET;;;;
+FE44;PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET;Pe;0;ON;<vertical> 300F;;;;N;GLYPH FOR VERTICAL CLOSING WHITE CORNER BRACKET;;;;
+FE45;SESAME DOT;Po;0;ON;;;;;N;;;;;
+FE46;WHITE SESAME DOT;Po;0;ON;;;;;N;;;;;
+FE49;DASHED OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING DASHED OVERSCORE;;;;
+FE4A;CENTRELINE OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING CENTERLINE OVERSCORE;;;;
+FE4B;WAVY OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING WAVY OVERSCORE;;;;
+FE4C;DOUBLE WAVY OVERLINE;Po;0;ON;<compat> 203E;;;;N;SPACING DOUBLE WAVY OVERSCORE;;;;
+FE4D;DASHED LOW LINE;Pc;0;ON;<compat> 005F;;;;N;SPACING DASHED UNDERSCORE;;;;
+FE4E;CENTRELINE LOW LINE;Pc;0;ON;<compat> 005F;;;;N;SPACING CENTERLINE UNDERSCORE;;;;
+FE4F;WAVY LOW LINE;Pc;0;ON;<compat> 005F;;;;N;SPACING WAVY UNDERSCORE;;;;
+FE50;SMALL COMMA;Po;0;CS;<small> 002C;;;;N;;;;;
+FE51;SMALL IDEOGRAPHIC COMMA;Po;0;ON;<small> 3001;;;;N;;;;;
+FE52;SMALL FULL STOP;Po;0;CS;<small> 002E;;;;N;SMALL PERIOD;;;;
+FE54;SMALL SEMICOLON;Po;0;ON;<small> 003B;;;;N;;;;;
+FE55;SMALL COLON;Po;0;CS;<small> 003A;;;;N;;;;;
+FE56;SMALL QUESTION MARK;Po;0;ON;<small> 003F;;;;N;;;;;
+FE57;SMALL EXCLAMATION MARK;Po;0;ON;<small> 0021;;;;N;;;;;
+FE58;SMALL EM DASH;Pd;0;ON;<small> 2014;;;;N;;;;;
+FE59;SMALL LEFT PARENTHESIS;Ps;0;ON;<small> 0028;;;;N;SMALL OPENING PARENTHESIS;;;;
+FE5A;SMALL RIGHT PARENTHESIS;Pe;0;ON;<small> 0029;;;;N;SMALL CLOSING PARENTHESIS;;;;
+FE5B;SMALL LEFT CURLY BRACKET;Ps;0;ON;<small> 007B;;;;N;SMALL OPENING CURLY BRACKET;;;;
+FE5C;SMALL RIGHT CURLY BRACKET;Pe;0;ON;<small> 007D;;;;N;SMALL CLOSING CURLY BRACKET;;;;
+FE5D;SMALL LEFT TORTOISE SHELL BRACKET;Ps;0;ON;<small> 3014;;;;N;SMALL OPENING TORTOISE SHELL BRACKET;;;;
+FE5E;SMALL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;<small> 3015;;;;N;SMALL CLOSING TORTOISE SHELL BRACKET;;;;
+FE5F;SMALL NUMBER SIGN;Po;0;ET;<small> 0023;;;;N;;;;;
+FE60;SMALL AMPERSAND;Po;0;ON;<small> 0026;;;;N;;;;;
+FE61;SMALL ASTERISK;Po;0;ON;<small> 002A;;;;N;;;;;
+FE62;SMALL PLUS SIGN;Sm;0;ET;<small> 002B;;;;N;;;;;
+FE63;SMALL HYPHEN-MINUS;Pd;0;ET;<small> 002D;;;;N;;;;;
+FE64;SMALL LESS-THAN SIGN;Sm;0;ON;<small> 003C;;;;N;;;;;
+FE65;SMALL GREATER-THAN SIGN;Sm;0;ON;<small> 003E;;;;N;;;;;
+FE66;SMALL EQUALS SIGN;Sm;0;ON;<small> 003D;;;;N;;;;;
+FE68;SMALL REVERSE SOLIDUS;Po;0;ON;<small> 005C;;;;N;SMALL BACKSLASH;;;;
+FE69;SMALL DOLLAR SIGN;Sc;0;ET;<small> 0024;;;;N;;;;;
+FE6A;SMALL PERCENT SIGN;Po;0;ET;<small> 0025;;;;N;;;;;
+FE6B;SMALL COMMERCIAL AT;Po;0;ON;<small> 0040;;;;N;;;;;
+FE70;ARABIC FATHATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064B;;;;N;ARABIC SPACING FATHATAN;;;;
+FE71;ARABIC TATWEEL WITH FATHATAN ABOVE;Lo;0;AL;<medial> 0640 064B;;;;N;ARABIC FATHATAN ON TATWEEL;;;;
+FE72;ARABIC DAMMATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064C;;;;N;ARABIC SPACING DAMMATAN;;;;
+FE73;ARABIC TAIL FRAGMENT;Lo;0;AL;;;;;N;;;;;
+FE74;ARABIC KASRATAN ISOLATED FORM;Lo;0;AL;<isolated> 0020 064D;;;;N;ARABIC SPACING KASRATAN;;;;
+FE76;ARABIC FATHA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064E;;;;N;ARABIC SPACING FATHAH;;;;
+FE77;ARABIC FATHA MEDIAL FORM;Lo;0;AL;<medial> 0640 064E;;;;N;ARABIC FATHAH ON TATWEEL;;;;
+FE78;ARABIC DAMMA ISOLATED FORM;Lo;0;AL;<isolated> 0020 064F;;;;N;ARABIC SPACING DAMMAH;;;;
+FE79;ARABIC DAMMA MEDIAL FORM;Lo;0;AL;<medial> 0640 064F;;;;N;ARABIC DAMMAH ON TATWEEL;;;;
+FE7A;ARABIC KASRA ISOLATED FORM;Lo;0;AL;<isolated> 0020 0650;;;;N;ARABIC SPACING KASRAH;;;;
+FE7B;ARABIC KASRA MEDIAL FORM;Lo;0;AL;<medial> 0640 0650;;;;N;ARABIC KASRAH ON TATWEEL;;;;
+FE7C;ARABIC SHADDA ISOLATED FORM;Lo;0;AL;<isolated> 0020 0651;;;;N;ARABIC SPACING SHADDAH;;;;
+FE7D;ARABIC SHADDA MEDIAL FORM;Lo;0;AL;<medial> 0640 0651;;;;N;ARABIC SHADDAH ON TATWEEL;;;;
+FE7E;ARABIC SUKUN ISOLATED FORM;Lo;0;AL;<isolated> 0020 0652;;;;N;ARABIC SPACING SUKUN;;;;
+FE7F;ARABIC SUKUN MEDIAL FORM;Lo;0;AL;<medial> 0640 0652;;;;N;ARABIC SUKUN ON TATWEEL;;;;
+FE80;ARABIC LETTER HAMZA ISOLATED FORM;Lo;0;AL;<isolated> 0621;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH;;;;
+FE81;ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON ALEF;;;;
+FE82;ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL;<final> 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON ALEF;;;;
+FE83;ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON ALEF;;;;
+FE84;ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON ALEF;;;;
+FE85;ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0624;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON WAW;;;;
+FE86;ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0624;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON WAW;;;;
+FE87;ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL;<isolated> 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER ALEF;;;;
+FE88;ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL;<final> 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER ALEF;;;;
+FE89;ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0626;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON YA;;;;
+FE8A;ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0626;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON YA;;;;
+FE8B;ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM;Lo;0;AL;<initial> 0626;;;;N;GLYPH FOR INITIAL ARABIC HAMZAH ON YA;;;;
+FE8C;ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM;Lo;0;AL;<medial> 0626;;;;N;GLYPH FOR MEDIAL ARABIC HAMZAH ON YA;;;;
+FE8D;ARABIC LETTER ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0627;;;;N;GLYPH FOR ISOLATE ARABIC ALEF;;;;
+FE8E;ARABIC LETTER ALEF FINAL FORM;Lo;0;AL;<final> 0627;;;;N;GLYPH FOR FINAL ARABIC ALEF;;;;
+FE8F;ARABIC LETTER BEH ISOLATED FORM;Lo;0;AL;<isolated> 0628;;;;N;GLYPH FOR ISOLATE ARABIC BAA;;;;
+FE90;ARABIC LETTER BEH FINAL FORM;Lo;0;AL;<final> 0628;;;;N;GLYPH FOR FINAL ARABIC BAA;;;;
+FE91;ARABIC LETTER BEH INITIAL FORM;Lo;0;AL;<initial> 0628;;;;N;GLYPH FOR INITIAL ARABIC BAA;;;;
+FE92;ARABIC LETTER BEH MEDIAL FORM;Lo;0;AL;<medial> 0628;;;;N;GLYPH FOR MEDIAL ARABIC BAA;;;;
+FE93;ARABIC LETTER TEH MARBUTA ISOLATED FORM;Lo;0;AL;<isolated> 0629;;;;N;GLYPH FOR ISOLATE ARABIC TAA MARBUTAH;;;;
+FE94;ARABIC LETTER TEH MARBUTA FINAL FORM;Lo;0;AL;<final> 0629;;;;N;GLYPH FOR FINAL ARABIC TAA MARBUTAH;;;;
+FE95;ARABIC LETTER TEH ISOLATED FORM;Lo;0;AL;<isolated> 062A;;;;N;GLYPH FOR ISOLATE ARABIC TAA;;;;
+FE96;ARABIC LETTER TEH FINAL FORM;Lo;0;AL;<final> 062A;;;;N;GLYPH FOR FINAL ARABIC TAA;;;;
+FE97;ARABIC LETTER TEH INITIAL FORM;Lo;0;AL;<initial> 062A;;;;N;GLYPH FOR INITIAL ARABIC TAA;;;;
+FE98;ARABIC LETTER TEH MEDIAL FORM;Lo;0;AL;<medial> 062A;;;;N;GLYPH FOR MEDIAL ARABIC TAA;;;;
+FE99;ARABIC LETTER THEH ISOLATED FORM;Lo;0;AL;<isolated> 062B;;;;N;GLYPH FOR ISOLATE ARABIC THAA;;;;
+FE9A;ARABIC LETTER THEH FINAL FORM;Lo;0;AL;<final> 062B;;;;N;GLYPH FOR FINAL ARABIC THAA;;;;
+FE9B;ARABIC LETTER THEH INITIAL FORM;Lo;0;AL;<initial> 062B;;;;N;GLYPH FOR INITIAL ARABIC THAA;;;;
+FE9C;ARABIC LETTER THEH MEDIAL FORM;Lo;0;AL;<medial> 062B;;;;N;GLYPH FOR MEDIAL ARABIC THAA;;;;
+FE9D;ARABIC LETTER JEEM ISOLATED FORM;Lo;0;AL;<isolated> 062C;;;;N;GLYPH FOR ISOLATE ARABIC JEEM;;;;
+FE9E;ARABIC LETTER JEEM FINAL FORM;Lo;0;AL;<final> 062C;;;;N;GLYPH FOR FINAL ARABIC JEEM;;;;
+FE9F;ARABIC LETTER JEEM INITIAL FORM;Lo;0;AL;<initial> 062C;;;;N;GLYPH FOR INITIAL ARABIC JEEM;;;;
+FEA0;ARABIC LETTER JEEM MEDIAL FORM;Lo;0;AL;<medial> 062C;;;;N;GLYPH FOR MEDIAL ARABIC JEEM;;;;
+FEA1;ARABIC LETTER HAH ISOLATED FORM;Lo;0;AL;<isolated> 062D;;;;N;GLYPH FOR ISOLATE ARABIC HAA;;;;
+FEA2;ARABIC LETTER HAH FINAL FORM;Lo;0;AL;<final> 062D;;;;N;GLYPH FOR FINAL ARABIC HAA;;;;
+FEA3;ARABIC LETTER HAH INITIAL FORM;Lo;0;AL;<initial> 062D;;;;N;GLYPH FOR INITIAL ARABIC HAA;;;;
+FEA4;ARABIC LETTER HAH MEDIAL FORM;Lo;0;AL;<medial> 062D;;;;N;GLYPH FOR MEDIAL ARABIC HAA;;;;
+FEA5;ARABIC LETTER KHAH ISOLATED FORM;Lo;0;AL;<isolated> 062E;;;;N;GLYPH FOR ISOLATE ARABIC KHAA;;;;
+FEA6;ARABIC LETTER KHAH FINAL FORM;Lo;0;AL;<final> 062E;;;;N;GLYPH FOR FINAL ARABIC KHAA;;;;
+FEA7;ARABIC LETTER KHAH INITIAL FORM;Lo;0;AL;<initial> 062E;;;;N;GLYPH FOR INITIAL ARABIC KHAA;;;;
+FEA8;ARABIC LETTER KHAH MEDIAL FORM;Lo;0;AL;<medial> 062E;;;;N;GLYPH FOR MEDIAL ARABIC KHAA;;;;
+FEA9;ARABIC LETTER DAL ISOLATED FORM;Lo;0;AL;<isolated> 062F;;;;N;GLYPH FOR ISOLATE ARABIC DAL;;;;
+FEAA;ARABIC LETTER DAL FINAL FORM;Lo;0;AL;<final> 062F;;;;N;GLYPH FOR FINAL ARABIC DAL;;;;
+FEAB;ARABIC LETTER THAL ISOLATED FORM;Lo;0;AL;<isolated> 0630;;;;N;GLYPH FOR ISOLATE ARABIC THAL;;;;
+FEAC;ARABIC LETTER THAL FINAL FORM;Lo;0;AL;<final> 0630;;;;N;GLYPH FOR FINAL ARABIC THAL;;;;
+FEAD;ARABIC LETTER REH ISOLATED FORM;Lo;0;AL;<isolated> 0631;;;;N;GLYPH FOR ISOLATE ARABIC RA;;;;
+FEAE;ARABIC LETTER REH FINAL FORM;Lo;0;AL;<final> 0631;;;;N;GLYPH FOR FINAL ARABIC RA;;;;
+FEAF;ARABIC LETTER ZAIN ISOLATED FORM;Lo;0;AL;<isolated> 0632;;;;N;GLYPH FOR ISOLATE ARABIC ZAIN;;;;
+FEB0;ARABIC LETTER ZAIN FINAL FORM;Lo;0;AL;<final> 0632;;;;N;GLYPH FOR FINAL ARABIC ZAIN;;;;
+FEB1;ARABIC LETTER SEEN ISOLATED FORM;Lo;0;AL;<isolated> 0633;;;;N;GLYPH FOR ISOLATE ARABIC SEEN;;;;
+FEB2;ARABIC LETTER SEEN FINAL FORM;Lo;0;AL;<final> 0633;;;;N;GLYPH FOR FINAL ARABIC SEEN;;;;
+FEB3;ARABIC LETTER SEEN INITIAL FORM;Lo;0;AL;<initial> 0633;;;;N;GLYPH FOR INITIAL ARABIC SEEN;;;;
+FEB4;ARABIC LETTER SEEN MEDIAL FORM;Lo;0;AL;<medial> 0633;;;;N;GLYPH FOR MEDIAL ARABIC SEEN;;;;
+FEB5;ARABIC LETTER SHEEN ISOLATED FORM;Lo;0;AL;<isolated> 0634;;;;N;GLYPH FOR ISOLATE ARABIC SHEEN;;;;
+FEB6;ARABIC LETTER SHEEN FINAL FORM;Lo;0;AL;<final> 0634;;;;N;GLYPH FOR FINAL ARABIC SHEEN;;;;
+FEB7;ARABIC LETTER SHEEN INITIAL FORM;Lo;0;AL;<initial> 0634;;;;N;GLYPH FOR INITIAL ARABIC SHEEN;;;;
+FEB8;ARABIC LETTER SHEEN MEDIAL FORM;Lo;0;AL;<medial> 0634;;;;N;GLYPH FOR MEDIAL ARABIC SHEEN;;;;
+FEB9;ARABIC LETTER SAD ISOLATED FORM;Lo;0;AL;<isolated> 0635;;;;N;GLYPH FOR ISOLATE ARABIC SAD;;;;
+FEBA;ARABIC LETTER SAD FINAL FORM;Lo;0;AL;<final> 0635;;;;N;GLYPH FOR FINAL ARABIC SAD;;;;
+FEBB;ARABIC LETTER SAD INITIAL FORM;Lo;0;AL;<initial> 0635;;;;N;GLYPH FOR INITIAL ARABIC SAD;;;;
+FEBC;ARABIC LETTER SAD MEDIAL FORM;Lo;0;AL;<medial> 0635;;;;N;GLYPH FOR MEDIAL ARABIC SAD;;;;
+FEBD;ARABIC LETTER DAD ISOLATED FORM;Lo;0;AL;<isolated> 0636;;;;N;GLYPH FOR ISOLATE ARABIC DAD;;;;
+FEBE;ARABIC LETTER DAD FINAL FORM;Lo;0;AL;<final> 0636;;;;N;GLYPH FOR FINAL ARABIC DAD;;;;
+FEBF;ARABIC LETTER DAD INITIAL FORM;Lo;0;AL;<initial> 0636;;;;N;GLYPH FOR INITIAL ARABIC DAD;;;;
+FEC0;ARABIC LETTER DAD MEDIAL FORM;Lo;0;AL;<medial> 0636;;;;N;GLYPH FOR MEDIAL ARABIC DAD;;;;
+FEC1;ARABIC LETTER TAH ISOLATED FORM;Lo;0;AL;<isolated> 0637;;;;N;GLYPH FOR ISOLATE ARABIC TAH;;;;
+FEC2;ARABIC LETTER TAH FINAL FORM;Lo;0;AL;<final> 0637;;;;N;GLYPH FOR FINAL ARABIC TAH;;;;
+FEC3;ARABIC LETTER TAH INITIAL FORM;Lo;0;AL;<initial> 0637;;;;N;GLYPH FOR INITIAL ARABIC TAH;;;;
+FEC4;ARABIC LETTER TAH MEDIAL FORM;Lo;0;AL;<medial> 0637;;;;N;GLYPH FOR MEDIAL ARABIC TAH;;;;
+FEC5;ARABIC LETTER ZAH ISOLATED FORM;Lo;0;AL;<isolated> 0638;;;;N;GLYPH FOR ISOLATE ARABIC DHAH;;;;
+FEC6;ARABIC LETTER ZAH FINAL FORM;Lo;0;AL;<final> 0638;;;;N;GLYPH FOR FINAL ARABIC DHAH;;;;
+FEC7;ARABIC LETTER ZAH INITIAL FORM;Lo;0;AL;<initial> 0638;;;;N;GLYPH FOR INITIAL ARABIC DHAH;;;;
+FEC8;ARABIC LETTER ZAH MEDIAL FORM;Lo;0;AL;<medial> 0638;;;;N;GLYPH FOR MEDIAL ARABIC DHAH;;;;
+FEC9;ARABIC LETTER AIN ISOLATED FORM;Lo;0;AL;<isolated> 0639;;;;N;GLYPH FOR ISOLATE ARABIC AIN;;;;
+FECA;ARABIC LETTER AIN FINAL FORM;Lo;0;AL;<final> 0639;;;;N;GLYPH FOR FINAL ARABIC AIN;;;;
+FECB;ARABIC LETTER AIN INITIAL FORM;Lo;0;AL;<initial> 0639;;;;N;GLYPH FOR INITIAL ARABIC AIN;;;;
+FECC;ARABIC LETTER AIN MEDIAL FORM;Lo;0;AL;<medial> 0639;;;;N;GLYPH FOR MEDIAL ARABIC AIN;;;;
+FECD;ARABIC LETTER GHAIN ISOLATED FORM;Lo;0;AL;<isolated> 063A;;;;N;GLYPH FOR ISOLATE ARABIC GHAIN;;;;
+FECE;ARABIC LETTER GHAIN FINAL FORM;Lo;0;AL;<final> 063A;;;;N;GLYPH FOR FINAL ARABIC GHAIN;;;;
+FECF;ARABIC LETTER GHAIN INITIAL FORM;Lo;0;AL;<initial> 063A;;;;N;GLYPH FOR INITIAL ARABIC GHAIN;;;;
+FED0;ARABIC LETTER GHAIN MEDIAL FORM;Lo;0;AL;<medial> 063A;;;;N;GLYPH FOR MEDIAL ARABIC GHAIN;;;;
+FED1;ARABIC LETTER FEH ISOLATED FORM;Lo;0;AL;<isolated> 0641;;;;N;GLYPH FOR ISOLATE ARABIC FA;;;;
+FED2;ARABIC LETTER FEH FINAL FORM;Lo;0;AL;<final> 0641;;;;N;GLYPH FOR FINAL ARABIC FA;;;;
+FED3;ARABIC LETTER FEH INITIAL FORM;Lo;0;AL;<initial> 0641;;;;N;GLYPH FOR INITIAL ARABIC FA;;;;
+FED4;ARABIC LETTER FEH MEDIAL FORM;Lo;0;AL;<medial> 0641;;;;N;GLYPH FOR MEDIAL ARABIC FA;;;;
+FED5;ARABIC LETTER QAF ISOLATED FORM;Lo;0;AL;<isolated> 0642;;;;N;GLYPH FOR ISOLATE ARABIC QAF;;;;
+FED6;ARABIC LETTER QAF FINAL FORM;Lo;0;AL;<final> 0642;;;;N;GLYPH FOR FINAL ARABIC QAF;;;;
+FED7;ARABIC LETTER QAF INITIAL FORM;Lo;0;AL;<initial> 0642;;;;N;GLYPH FOR INITIAL ARABIC QAF;;;;
+FED8;ARABIC LETTER QAF MEDIAL FORM;Lo;0;AL;<medial> 0642;;;;N;GLYPH FOR MEDIAL ARABIC QAF;;;;
+FED9;ARABIC LETTER KAF ISOLATED FORM;Lo;0;AL;<isolated> 0643;;;;N;GLYPH FOR ISOLATE ARABIC CAF;;;;
+FEDA;ARABIC LETTER KAF FINAL FORM;Lo;0;AL;<final> 0643;;;;N;GLYPH FOR FINAL ARABIC CAF;;;;
+FEDB;ARABIC LETTER KAF INITIAL FORM;Lo;0;AL;<initial> 0643;;;;N;GLYPH FOR INITIAL ARABIC CAF;;;;
+FEDC;ARABIC LETTER KAF MEDIAL FORM;Lo;0;AL;<medial> 0643;;;;N;GLYPH FOR MEDIAL ARABIC CAF;;;;
+FEDD;ARABIC LETTER LAM ISOLATED FORM;Lo;0;AL;<isolated> 0644;;;;N;GLYPH FOR ISOLATE ARABIC LAM;;;;
+FEDE;ARABIC LETTER LAM FINAL FORM;Lo;0;AL;<final> 0644;;;;N;GLYPH FOR FINAL ARABIC LAM;;;;
+FEDF;ARABIC LETTER LAM INITIAL FORM;Lo;0;AL;<initial> 0644;;;;N;GLYPH FOR INITIAL ARABIC LAM;;;;
+FEE0;ARABIC LETTER LAM MEDIAL FORM;Lo;0;AL;<medial> 0644;;;;N;GLYPH FOR MEDIAL ARABIC LAM;;;;
+FEE1;ARABIC LETTER MEEM ISOLATED FORM;Lo;0;AL;<isolated> 0645;;;;N;GLYPH FOR ISOLATE ARABIC MEEM;;;;
+FEE2;ARABIC LETTER MEEM FINAL FORM;Lo;0;AL;<final> 0645;;;;N;GLYPH FOR FINAL ARABIC MEEM;;;;
+FEE3;ARABIC LETTER MEEM INITIAL FORM;Lo;0;AL;<initial> 0645;;;;N;GLYPH FOR INITIAL ARABIC MEEM;;;;
+FEE4;ARABIC LETTER MEEM MEDIAL FORM;Lo;0;AL;<medial> 0645;;;;N;GLYPH FOR MEDIAL ARABIC MEEM;;;;
+FEE5;ARABIC LETTER NOON ISOLATED FORM;Lo;0;AL;<isolated> 0646;;;;N;GLYPH FOR ISOLATE ARABIC NOON;;;;
+FEE6;ARABIC LETTER NOON FINAL FORM;Lo;0;AL;<final> 0646;;;;N;GLYPH FOR FINAL ARABIC NOON;;;;
+FEE7;ARABIC LETTER NOON INITIAL FORM;Lo;0;AL;<initial> 0646;;;;N;GLYPH FOR INITIAL ARABIC NOON;;;;
+FEE8;ARABIC LETTER NOON MEDIAL FORM;Lo;0;AL;<medial> 0646;;;;N;GLYPH FOR MEDIAL ARABIC NOON;;;;
+FEE9;ARABIC LETTER HEH ISOLATED FORM;Lo;0;AL;<isolated> 0647;;;;N;GLYPH FOR ISOLATE ARABIC HA;;;;
+FEEA;ARABIC LETTER HEH FINAL FORM;Lo;0;AL;<final> 0647;;;;N;GLYPH FOR FINAL ARABIC HA;;;;
+FEEB;ARABIC LETTER HEH INITIAL FORM;Lo;0;AL;<initial> 0647;;;;N;GLYPH FOR INITIAL ARABIC HA;;;;
+FEEC;ARABIC LETTER HEH MEDIAL FORM;Lo;0;AL;<medial> 0647;;;;N;GLYPH FOR MEDIAL ARABIC HA;;;;
+FEED;ARABIC LETTER WAW ISOLATED FORM;Lo;0;AL;<isolated> 0648;;;;N;GLYPH FOR ISOLATE ARABIC WAW;;;;
+FEEE;ARABIC LETTER WAW FINAL FORM;Lo;0;AL;<final> 0648;;;;N;GLYPH FOR FINAL ARABIC WAW;;;;
+FEEF;ARABIC LETTER ALEF MAKSURA ISOLATED FORM;Lo;0;AL;<isolated> 0649;;;;N;GLYPH FOR ISOLATE ARABIC ALEF MAQSURAH;;;;
+FEF0;ARABIC LETTER ALEF MAKSURA FINAL FORM;Lo;0;AL;<final> 0649;;;;N;GLYPH FOR FINAL ARABIC ALEF MAQSURAH;;;;
+FEF1;ARABIC LETTER YEH ISOLATED FORM;Lo;0;AL;<isolated> 064A;;;;N;GLYPH FOR ISOLATE ARABIC YA;;;;
+FEF2;ARABIC LETTER YEH FINAL FORM;Lo;0;AL;<final> 064A;;;;N;GLYPH FOR FINAL ARABIC YA;;;;
+FEF3;ARABIC LETTER YEH INITIAL FORM;Lo;0;AL;<initial> 064A;;;;N;GLYPH FOR INITIAL ARABIC YA;;;;
+FEF4;ARABIC LETTER YEH MEDIAL FORM;Lo;0;AL;<medial> 064A;;;;N;GLYPH FOR MEDIAL ARABIC YA;;;;
+FEF5;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0644 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON LIGATURE LAM ALEF;;;;
+FEF6;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL;<final> 0644 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON LIGATURE LAM ALEF;;;;
+FEF7;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL;<isolated> 0644 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON LIGATURE LAM ALEF;;;;
+FEF8;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL;<final> 0644 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON LIGATURE LAM ALEF;;;;
+FEF9;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL;<isolated> 0644 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;;
+FEFA;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL;<final> 0644 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;;
+FEFB;ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM;Lo;0;AL;<isolated> 0644 0627;;;;N;GLYPH FOR ISOLATE ARABIC LIGATURE LAM ALEF;;;;
+FEFC;ARABIC LIGATURE LAM WITH ALEF FINAL FORM;Lo;0;AL;<final> 0644 0627;;;;N;GLYPH FOR FINAL ARABIC LIGATURE LAM ALEF;;;;
+FEFF;ZERO WIDTH NO-BREAK SPACE;Cf;0;BN;;;;;N;BYTE ORDER MARK;;;;
+FF01;FULLWIDTH EXCLAMATION MARK;Po;0;ON;<wide> 0021;;;;N;;;;;
+FF02;FULLWIDTH QUOTATION MARK;Po;0;ON;<wide> 0022;;;;N;;;;;
+FF03;FULLWIDTH NUMBER SIGN;Po;0;ET;<wide> 0023;;;;N;;;;;
+FF04;FULLWIDTH DOLLAR SIGN;Sc;0;ET;<wide> 0024;;;;N;;;;;
+FF05;FULLWIDTH PERCENT SIGN;Po;0;ET;<wide> 0025;;;;N;;;;;
+FF06;FULLWIDTH AMPERSAND;Po;0;ON;<wide> 0026;;;;N;;;;;
+FF07;FULLWIDTH APOSTROPHE;Po;0;ON;<wide> 0027;;;;N;;;;;
+FF08;FULLWIDTH LEFT PARENTHESIS;Ps;0;ON;<wide> 0028;;;;Y;FULLWIDTH OPENING PARENTHESIS;;;;
+FF09;FULLWIDTH RIGHT PARENTHESIS;Pe;0;ON;<wide> 0029;;;;Y;FULLWIDTH CLOSING PARENTHESIS;;;;
+FF0A;FULLWIDTH ASTERISK;Po;0;ON;<wide> 002A;;;;N;;;;;
+FF0B;FULLWIDTH PLUS SIGN;Sm;0;ET;<wide> 002B;;;;N;;;;;
+FF0C;FULLWIDTH COMMA;Po;0;CS;<wide> 002C;;;;N;;;;;
+FF0D;FULLWIDTH HYPHEN-MINUS;Pd;0;ET;<wide> 002D;;;;N;;;;;
+FF0E;FULLWIDTH FULL STOP;Po;0;CS;<wide> 002E;;;;N;FULLWIDTH PERIOD;;;;
+FF0F;FULLWIDTH SOLIDUS;Po;0;ES;<wide> 002F;;;;N;FULLWIDTH SLASH;;;;
+FF10;FULLWIDTH DIGIT ZERO;Nd;0;EN;<wide> 0030;0;0;0;N;;;;;
+FF11;FULLWIDTH DIGIT ONE;Nd;0;EN;<wide> 0031;1;1;1;N;;;;;
+FF12;FULLWIDTH DIGIT TWO;Nd;0;EN;<wide> 0032;2;2;2;N;;;;;
+FF13;FULLWIDTH DIGIT THREE;Nd;0;EN;<wide> 0033;3;3;3;N;;;;;
+FF14;FULLWIDTH DIGIT FOUR;Nd;0;EN;<wide> 0034;4;4;4;N;;;;;
+FF15;FULLWIDTH DIGIT FIVE;Nd;0;EN;<wide> 0035;5;5;5;N;;;;;
+FF16;FULLWIDTH DIGIT SIX;Nd;0;EN;<wide> 0036;6;6;6;N;;;;;
+FF17;FULLWIDTH DIGIT SEVEN;Nd;0;EN;<wide> 0037;7;7;7;N;;;;;
+FF18;FULLWIDTH DIGIT EIGHT;Nd;0;EN;<wide> 0038;8;8;8;N;;;;;
+FF19;FULLWIDTH DIGIT NINE;Nd;0;EN;<wide> 0039;9;9;9;N;;;;;
+FF1A;FULLWIDTH COLON;Po;0;CS;<wide> 003A;;;;N;;;;;
+FF1B;FULLWIDTH SEMICOLON;Po;0;ON;<wide> 003B;;;;N;;;;;
+FF1C;FULLWIDTH LESS-THAN SIGN;Sm;0;ON;<wide> 003C;;;;Y;;;;;
+FF1D;FULLWIDTH EQUALS SIGN;Sm;0;ON;<wide> 003D;;;;N;;;;;
+FF1E;FULLWIDTH GREATER-THAN SIGN;Sm;0;ON;<wide> 003E;;;;Y;;;;;
+FF1F;FULLWIDTH QUESTION MARK;Po;0;ON;<wide> 003F;;;;N;;;;;
+FF20;FULLWIDTH COMMERCIAL AT;Po;0;ON;<wide> 0040;;;;N;;;;;
+FF21;FULLWIDTH LATIN CAPITAL LETTER A;Lu;0;L;<wide> 0041;;;;N;;;;FF41;
+FF22;FULLWIDTH LATIN CAPITAL LETTER B;Lu;0;L;<wide> 0042;;;;N;;;;FF42;
+FF23;FULLWIDTH LATIN CAPITAL LETTER C;Lu;0;L;<wide> 0043;;;;N;;;;FF43;
+FF24;FULLWIDTH LATIN CAPITAL LETTER D;Lu;0;L;<wide> 0044;;;;N;;;;FF44;
+FF25;FULLWIDTH LATIN CAPITAL LETTER E;Lu;0;L;<wide> 0045;;;;N;;;;FF45;
+FF26;FULLWIDTH LATIN CAPITAL LETTER F;Lu;0;L;<wide> 0046;;;;N;;;;FF46;
+FF27;FULLWIDTH LATIN CAPITAL LETTER G;Lu;0;L;<wide> 0047;;;;N;;;;FF47;
+FF28;FULLWIDTH LATIN CAPITAL LETTER H;Lu;0;L;<wide> 0048;;;;N;;;;FF48;
+FF29;FULLWIDTH LATIN CAPITAL LETTER I;Lu;0;L;<wide> 0049;;;;N;;;;FF49;
+FF2A;FULLWIDTH LATIN CAPITAL LETTER J;Lu;0;L;<wide> 004A;;;;N;;;;FF4A;
+FF2B;FULLWIDTH LATIN CAPITAL LETTER K;Lu;0;L;<wide> 004B;;;;N;;;;FF4B;
+FF2C;FULLWIDTH LATIN CAPITAL LETTER L;Lu;0;L;<wide> 004C;;;;N;;;;FF4C;
+FF2D;FULLWIDTH LATIN CAPITAL LETTER M;Lu;0;L;<wide> 004D;;;;N;;;;FF4D;
+FF2E;FULLWIDTH LATIN CAPITAL LETTER N;Lu;0;L;<wide> 004E;;;;N;;;;FF4E;
+FF2F;FULLWIDTH LATIN CAPITAL LETTER O;Lu;0;L;<wide> 004F;;;;N;;;;FF4F;
+FF30;FULLWIDTH LATIN CAPITAL LETTER P;Lu;0;L;<wide> 0050;;;;N;;;;FF50;
+FF31;FULLWIDTH LATIN CAPITAL LETTER Q;Lu;0;L;<wide> 0051;;;;N;;;;FF51;
+FF32;FULLWIDTH LATIN CAPITAL LETTER R;Lu;0;L;<wide> 0052;;;;N;;;;FF52;
+FF33;FULLWIDTH LATIN CAPITAL LETTER S;Lu;0;L;<wide> 0053;;;;N;;;;FF53;
+FF34;FULLWIDTH LATIN CAPITAL LETTER T;Lu;0;L;<wide> 0054;;;;N;;;;FF54;
+FF35;FULLWIDTH LATIN CAPITAL LETTER U;Lu;0;L;<wide> 0055;;;;N;;;;FF55;
+FF36;FULLWIDTH LATIN CAPITAL LETTER V;Lu;0;L;<wide> 0056;;;;N;;;;FF56;
+FF37;FULLWIDTH LATIN CAPITAL LETTER W;Lu;0;L;<wide> 0057;;;;N;;;;FF57;
+FF38;FULLWIDTH LATIN CAPITAL LETTER X;Lu;0;L;<wide> 0058;;;;N;;;;FF58;
+FF39;FULLWIDTH LATIN CAPITAL LETTER Y;Lu;0;L;<wide> 0059;;;;N;;;;FF59;
+FF3A;FULLWIDTH LATIN CAPITAL LETTER Z;Lu;0;L;<wide> 005A;;;;N;;;;FF5A;
+FF3B;FULLWIDTH LEFT SQUARE BRACKET;Ps;0;ON;<wide> 005B;;;;Y;FULLWIDTH OPENING SQUARE BRACKET;;;;
+FF3C;FULLWIDTH REVERSE SOLIDUS;Po;0;ON;<wide> 005C;;;;N;FULLWIDTH BACKSLASH;;;;
+FF3D;FULLWIDTH RIGHT SQUARE BRACKET;Pe;0;ON;<wide> 005D;;;;Y;FULLWIDTH CLOSING SQUARE BRACKET;;;;
+FF3E;FULLWIDTH CIRCUMFLEX ACCENT;Sk;0;ON;<wide> 005E;;;;N;FULLWIDTH SPACING CIRCUMFLEX;;;;
+FF3F;FULLWIDTH LOW LINE;Pc;0;ON;<wide> 005F;;;;N;FULLWIDTH SPACING UNDERSCORE;;;;
+FF40;FULLWIDTH GRAVE ACCENT;Sk;0;ON;<wide> 0060;;;;N;FULLWIDTH SPACING GRAVE;;;;
+FF41;FULLWIDTH LATIN SMALL LETTER A;Ll;0;L;<wide> 0061;;;;N;;;FF21;;FF21
+FF42;FULLWIDTH LATIN SMALL LETTER B;Ll;0;L;<wide> 0062;;;;N;;;FF22;;FF22
+FF43;FULLWIDTH LATIN SMALL LETTER C;Ll;0;L;<wide> 0063;;;;N;;;FF23;;FF23
+FF44;FULLWIDTH LATIN SMALL LETTER D;Ll;0;L;<wide> 0064;;;;N;;;FF24;;FF24
+FF45;FULLWIDTH LATIN SMALL LETTER E;Ll;0;L;<wide> 0065;;;;N;;;FF25;;FF25
+FF46;FULLWIDTH LATIN SMALL LETTER F;Ll;0;L;<wide> 0066;;;;N;;;FF26;;FF26
+FF47;FULLWIDTH LATIN SMALL LETTER G;Ll;0;L;<wide> 0067;;;;N;;;FF27;;FF27
+FF48;FULLWIDTH LATIN SMALL LETTER H;Ll;0;L;<wide> 0068;;;;N;;;FF28;;FF28
+FF49;FULLWIDTH LATIN SMALL LETTER I;Ll;0;L;<wide> 0069;;;;N;;;FF29;;FF29
+FF4A;FULLWIDTH LATIN SMALL LETTER J;Ll;0;L;<wide> 006A;;;;N;;;FF2A;;FF2A
+FF4B;FULLWIDTH LATIN SMALL LETTER K;Ll;0;L;<wide> 006B;;;;N;;;FF2B;;FF2B
+FF4C;FULLWIDTH LATIN SMALL LETTER L;Ll;0;L;<wide> 006C;;;;N;;;FF2C;;FF2C
+FF4D;FULLWIDTH LATIN SMALL LETTER M;Ll;0;L;<wide> 006D;;;;N;;;FF2D;;FF2D
+FF4E;FULLWIDTH LATIN SMALL LETTER N;Ll;0;L;<wide> 006E;;;;N;;;FF2E;;FF2E
+FF4F;FULLWIDTH LATIN SMALL LETTER O;Ll;0;L;<wide> 006F;;;;N;;;FF2F;;FF2F
+FF50;FULLWIDTH LATIN SMALL LETTER P;Ll;0;L;<wide> 0070;;;;N;;;FF30;;FF30
+FF51;FULLWIDTH LATIN SMALL LETTER Q;Ll;0;L;<wide> 0071;;;;N;;;FF31;;FF31
+FF52;FULLWIDTH LATIN SMALL LETTER R;Ll;0;L;<wide> 0072;;;;N;;;FF32;;FF32
+FF53;FULLWIDTH LATIN SMALL LETTER S;Ll;0;L;<wide> 0073;;;;N;;;FF33;;FF33
+FF54;FULLWIDTH LATIN SMALL LETTER T;Ll;0;L;<wide> 0074;;;;N;;;FF34;;FF34
+FF55;FULLWIDTH LATIN SMALL LETTER U;Ll;0;L;<wide> 0075;;;;N;;;FF35;;FF35
+FF56;FULLWIDTH LATIN SMALL LETTER V;Ll;0;L;<wide> 0076;;;;N;;;FF36;;FF36
+FF57;FULLWIDTH LATIN SMALL LETTER W;Ll;0;L;<wide> 0077;;;;N;;;FF37;;FF37
+FF58;FULLWIDTH LATIN SMALL LETTER X;Ll;0;L;<wide> 0078;;;;N;;;FF38;;FF38
+FF59;FULLWIDTH LATIN SMALL LETTER Y;Ll;0;L;<wide> 0079;;;;N;;;FF39;;FF39
+FF5A;FULLWIDTH LATIN SMALL LETTER Z;Ll;0;L;<wide> 007A;;;;N;;;FF3A;;FF3A
+FF5B;FULLWIDTH LEFT CURLY BRACKET;Ps;0;ON;<wide> 007B;;;;Y;FULLWIDTH OPENING CURLY BRACKET;;;;
+FF5C;FULLWIDTH VERTICAL LINE;Sm;0;ON;<wide> 007C;;;;N;FULLWIDTH VERTICAL BAR;;;;
+FF5D;FULLWIDTH RIGHT CURLY BRACKET;Pe;0;ON;<wide> 007D;;;;Y;FULLWIDTH CLOSING CURLY BRACKET;;;;
+FF5E;FULLWIDTH TILDE;Sm;0;ON;<wide> 007E;;;;N;FULLWIDTH SPACING TILDE;;;;
+FF5F;FULLWIDTH LEFT WHITE PARENTHESIS;Ps;0;ON;<wide> 2985;;;;Y;;*;;;
+FF60;FULLWIDTH RIGHT WHITE PARENTHESIS;Pe;0;ON;<wide> 2986;;;;Y;;*;;;
+FF61;HALFWIDTH IDEOGRAPHIC FULL STOP;Po;0;ON;<narrow> 3002;;;;N;HALFWIDTH IDEOGRAPHIC PERIOD;;;;
+FF62;HALFWIDTH LEFT CORNER BRACKET;Ps;0;ON;<narrow> 300C;;;;Y;HALFWIDTH OPENING CORNER BRACKET;;;;
+FF63;HALFWIDTH RIGHT CORNER BRACKET;Pe;0;ON;<narrow> 300D;;;;Y;HALFWIDTH CLOSING CORNER BRACKET;;;;
+FF64;HALFWIDTH IDEOGRAPHIC COMMA;Po;0;ON;<narrow> 3001;;;;N;;;;;
+FF65;HALFWIDTH KATAKANA MIDDLE DOT;Pc;0;ON;<narrow> 30FB;;;;N;;;;;
+FF66;HALFWIDTH KATAKANA LETTER WO;Lo;0;L;<narrow> 30F2;;;;N;;;;;
+FF67;HALFWIDTH KATAKANA LETTER SMALL A;Lo;0;L;<narrow> 30A1;;;;N;;;;;
+FF68;HALFWIDTH KATAKANA LETTER SMALL I;Lo;0;L;<narrow> 30A3;;;;N;;;;;
+FF69;HALFWIDTH KATAKANA LETTER SMALL U;Lo;0;L;<narrow> 30A5;;;;N;;;;;
+FF6A;HALFWIDTH KATAKANA LETTER SMALL E;Lo;0;L;<narrow> 30A7;;;;N;;;;;
+FF6B;HALFWIDTH KATAKANA LETTER SMALL O;Lo;0;L;<narrow> 30A9;;;;N;;;;;
+FF6C;HALFWIDTH KATAKANA LETTER SMALL YA;Lo;0;L;<narrow> 30E3;;;;N;;;;;
+FF6D;HALFWIDTH KATAKANA LETTER SMALL YU;Lo;0;L;<narrow> 30E5;;;;N;;;;;
+FF6E;HALFWIDTH KATAKANA LETTER SMALL YO;Lo;0;L;<narrow> 30E7;;;;N;;;;;
+FF6F;HALFWIDTH KATAKANA LETTER SMALL TU;Lo;0;L;<narrow> 30C3;;;;N;;;;;
+FF70;HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L;<narrow> 30FC;;;;N;;;;;
+FF71;HALFWIDTH KATAKANA LETTER A;Lo;0;L;<narrow> 30A2;;;;N;;;;;
+FF72;HALFWIDTH KATAKANA LETTER I;Lo;0;L;<narrow> 30A4;;;;N;;;;;
+FF73;HALFWIDTH KATAKANA LETTER U;Lo;0;L;<narrow> 30A6;;;;N;;;;;
+FF74;HALFWIDTH KATAKANA LETTER E;Lo;0;L;<narrow> 30A8;;;;N;;;;;
+FF75;HALFWIDTH KATAKANA LETTER O;Lo;0;L;<narrow> 30AA;;;;N;;;;;
+FF76;HALFWIDTH KATAKANA LETTER KA;Lo;0;L;<narrow> 30AB;;;;N;;;;;
+FF77;HALFWIDTH KATAKANA LETTER KI;Lo;0;L;<narrow> 30AD;;;;N;;;;;
+FF78;HALFWIDTH KATAKANA LETTER KU;Lo;0;L;<narrow> 30AF;;;;N;;;;;
+FF79;HALFWIDTH KATAKANA LETTER KE;Lo;0;L;<narrow> 30B1;;;;N;;;;;
+FF7A;HALFWIDTH KATAKANA LETTER KO;Lo;0;L;<narrow> 30B3;;;;N;;;;;
+FF7B;HALFWIDTH KATAKANA LETTER SA;Lo;0;L;<narrow> 30B5;;;;N;;;;;
+FF7C;HALFWIDTH KATAKANA LETTER SI;Lo;0;L;<narrow> 30B7;;;;N;;;;;
+FF7D;HALFWIDTH KATAKANA LETTER SU;Lo;0;L;<narrow> 30B9;;;;N;;;;;
+FF7E;HALFWIDTH KATAKANA LETTER SE;Lo;0;L;<narrow> 30BB;;;;N;;;;;
+FF7F;HALFWIDTH KATAKANA LETTER SO;Lo;0;L;<narrow> 30BD;;;;N;;;;;
+FF80;HALFWIDTH KATAKANA LETTER TA;Lo;0;L;<narrow> 30BF;;;;N;;;;;
+FF81;HALFWIDTH KATAKANA LETTER TI;Lo;0;L;<narrow> 30C1;;;;N;;;;;
+FF82;HALFWIDTH KATAKANA LETTER TU;Lo;0;L;<narrow> 30C4;;;;N;;;;;
+FF83;HALFWIDTH KATAKANA LETTER TE;Lo;0;L;<narrow> 30C6;;;;N;;;;;
+FF84;HALFWIDTH KATAKANA LETTER TO;Lo;0;L;<narrow> 30C8;;;;N;;;;;
+FF85;HALFWIDTH KATAKANA LETTER NA;Lo;0;L;<narrow> 30CA;;;;N;;;;;
+FF86;HALFWIDTH KATAKANA LETTER NI;Lo;0;L;<narrow> 30CB;;;;N;;;;;
+FF87;HALFWIDTH KATAKANA LETTER NU;Lo;0;L;<narrow> 30CC;;;;N;;;;;
+FF88;HALFWIDTH KATAKANA LETTER NE;Lo;0;L;<narrow> 30CD;;;;N;;;;;
+FF89;HALFWIDTH KATAKANA LETTER NO;Lo;0;L;<narrow> 30CE;;;;N;;;;;
+FF8A;HALFWIDTH KATAKANA LETTER HA;Lo;0;L;<narrow> 30CF;;;;N;;;;;
+FF8B;HALFWIDTH KATAKANA LETTER HI;Lo;0;L;<narrow> 30D2;;;;N;;;;;
+FF8C;HALFWIDTH KATAKANA LETTER HU;Lo;0;L;<narrow> 30D5;;;;N;;;;;
+FF8D;HALFWIDTH KATAKANA LETTER HE;Lo;0;L;<narrow> 30D8;;;;N;;;;;
+FF8E;HALFWIDTH KATAKANA LETTER HO;Lo;0;L;<narrow> 30DB;;;;N;;;;;
+FF8F;HALFWIDTH KATAKANA LETTER MA;Lo;0;L;<narrow> 30DE;;;;N;;;;;
+FF90;HALFWIDTH KATAKANA LETTER MI;Lo;0;L;<narrow> 30DF;;;;N;;;;;
+FF91;HALFWIDTH KATAKANA LETTER MU;Lo;0;L;<narrow> 30E0;;;;N;;;;;
+FF92;HALFWIDTH KATAKANA LETTER ME;Lo;0;L;<narrow> 30E1;;;;N;;;;;
+FF93;HALFWIDTH KATAKANA LETTER MO;Lo;0;L;<narrow> 30E2;;;;N;;;;;
+FF94;HALFWIDTH KATAKANA LETTER YA;Lo;0;L;<narrow> 30E4;;;;N;;;;;
+FF95;HALFWIDTH KATAKANA LETTER YU;Lo;0;L;<narrow> 30E6;;;;N;;;;;
+FF96;HALFWIDTH KATAKANA LETTER YO;Lo;0;L;<narrow> 30E8;;;;N;;;;;
+FF97;HALFWIDTH KATAKANA LETTER RA;Lo;0;L;<narrow> 30E9;;;;N;;;;;
+FF98;HALFWIDTH KATAKANA LETTER RI;Lo;0;L;<narrow> 30EA;;;;N;;;;;
+FF99;HALFWIDTH KATAKANA LETTER RU;Lo;0;L;<narrow> 30EB;;;;N;;;;;
+FF9A;HALFWIDTH KATAKANA LETTER RE;Lo;0;L;<narrow> 30EC;;;;N;;;;;
+FF9B;HALFWIDTH KATAKANA LETTER RO;Lo;0;L;<narrow> 30ED;;;;N;;;;;
+FF9C;HALFWIDTH KATAKANA LETTER WA;Lo;0;L;<narrow> 30EF;;;;N;;;;;
+FF9D;HALFWIDTH KATAKANA LETTER N;Lo;0;L;<narrow> 30F3;;;;N;;;;;
+FF9E;HALFWIDTH KATAKANA VOICED SOUND MARK;Lm;0;L;<narrow> 3099;;;;N;;halfwidth katakana-hiragana voiced sound mark;;;
+FF9F;HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK;Lm;0;L;<narrow> 309A;;;;N;;halfwidth katakana-hiragana semi-voiced sound mark;;;
+FFA0;HALFWIDTH HANGUL FILLER;Lo;0;L;<narrow> 3164;;;;N;HALFWIDTH HANGUL CAE OM;;;;
+FFA1;HALFWIDTH HANGUL LETTER KIYEOK;Lo;0;L;<narrow> 3131;;;;N;HALFWIDTH HANGUL LETTER GIYEOG;;;;
+FFA2;HALFWIDTH HANGUL LETTER SSANGKIYEOK;Lo;0;L;<narrow> 3132;;;;N;HALFWIDTH HANGUL LETTER SSANG GIYEOG;;;;
+FFA3;HALFWIDTH HANGUL LETTER KIYEOK-SIOS;Lo;0;L;<narrow> 3133;;;;N;HALFWIDTH HANGUL LETTER GIYEOG SIOS;;;;
+FFA4;HALFWIDTH HANGUL LETTER NIEUN;Lo;0;L;<narrow> 3134;;;;N;;;;;
+FFA5;HALFWIDTH HANGUL LETTER NIEUN-CIEUC;Lo;0;L;<narrow> 3135;;;;N;HALFWIDTH HANGUL LETTER NIEUN JIEUJ;;;;
+FFA6;HALFWIDTH HANGUL LETTER NIEUN-HIEUH;Lo;0;L;<narrow> 3136;;;;N;HALFWIDTH HANGUL LETTER NIEUN HIEUH;;;;
+FFA7;HALFWIDTH HANGUL LETTER TIKEUT;Lo;0;L;<narrow> 3137;;;;N;HALFWIDTH HANGUL LETTER DIGEUD;;;;
+FFA8;HALFWIDTH HANGUL LETTER SSANGTIKEUT;Lo;0;L;<narrow> 3138;;;;N;HALFWIDTH HANGUL LETTER SSANG DIGEUD;;;;
+FFA9;HALFWIDTH HANGUL LETTER RIEUL;Lo;0;L;<narrow> 3139;;;;N;HALFWIDTH HANGUL LETTER LIEUL;;;;
+FFAA;HALFWIDTH HANGUL LETTER RIEUL-KIYEOK;Lo;0;L;<narrow> 313A;;;;N;HALFWIDTH HANGUL LETTER LIEUL GIYEOG;;;;
+FFAB;HALFWIDTH HANGUL LETTER RIEUL-MIEUM;Lo;0;L;<narrow> 313B;;;;N;HALFWIDTH HANGUL LETTER LIEUL MIEUM;;;;
+FFAC;HALFWIDTH HANGUL LETTER RIEUL-PIEUP;Lo;0;L;<narrow> 313C;;;;N;HALFWIDTH HANGUL LETTER LIEUL BIEUB;;;;
+FFAD;HALFWIDTH HANGUL LETTER RIEUL-SIOS;Lo;0;L;<narrow> 313D;;;;N;HALFWIDTH HANGUL LETTER LIEUL SIOS;;;;
+FFAE;HALFWIDTH HANGUL LETTER RIEUL-THIEUTH;Lo;0;L;<narrow> 313E;;;;N;HALFWIDTH HANGUL LETTER LIEUL TIEUT;;;;
+FFAF;HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L;<narrow> 313F;;;;N;HALFWIDTH HANGUL LETTER LIEUL PIEUP;;;;
+FFB0;HALFWIDTH HANGUL LETTER RIEUL-HIEUH;Lo;0;L;<narrow> 3140;;;;N;HALFWIDTH HANGUL LETTER LIEUL HIEUH;;;;
+FFB1;HALFWIDTH HANGUL LETTER MIEUM;Lo;0;L;<narrow> 3141;;;;N;;;;;
+FFB2;HALFWIDTH HANGUL LETTER PIEUP;Lo;0;L;<narrow> 3142;;;;N;HALFWIDTH HANGUL LETTER BIEUB;;;;
+FFB3;HALFWIDTH HANGUL LETTER SSANGPIEUP;Lo;0;L;<narrow> 3143;;;;N;HALFWIDTH HANGUL LETTER SSANG BIEUB;;;;
+FFB4;HALFWIDTH HANGUL LETTER PIEUP-SIOS;Lo;0;L;<narrow> 3144;;;;N;HALFWIDTH HANGUL LETTER BIEUB SIOS;;;;
+FFB5;HALFWIDTH HANGUL LETTER SIOS;Lo;0;L;<narrow> 3145;;;;N;;;;;
+FFB6;HALFWIDTH HANGUL LETTER SSANGSIOS;Lo;0;L;<narrow> 3146;;;;N;HALFWIDTH HANGUL LETTER SSANG SIOS;;;;
+FFB7;HALFWIDTH HANGUL LETTER IEUNG;Lo;0;L;<narrow> 3147;;;;N;;;;;
+FFB8;HALFWIDTH HANGUL LETTER CIEUC;Lo;0;L;<narrow> 3148;;;;N;HALFWIDTH HANGUL LETTER JIEUJ;;;;
+FFB9;HALFWIDTH HANGUL LETTER SSANGCIEUC;Lo;0;L;<narrow> 3149;;;;N;HALFWIDTH HANGUL LETTER SSANG JIEUJ;;;;
+FFBA;HALFWIDTH HANGUL LETTER CHIEUCH;Lo;0;L;<narrow> 314A;;;;N;HALFWIDTH HANGUL LETTER CIEUC;;;;
+FFBB;HALFWIDTH HANGUL LETTER KHIEUKH;Lo;0;L;<narrow> 314B;;;;N;HALFWIDTH HANGUL LETTER KIYEOK;;;;
+FFBC;HALFWIDTH HANGUL LETTER THIEUTH;Lo;0;L;<narrow> 314C;;;;N;HALFWIDTH HANGUL LETTER TIEUT;;;;
+FFBD;HALFWIDTH HANGUL LETTER PHIEUPH;Lo;0;L;<narrow> 314D;;;;N;HALFWIDTH HANGUL LETTER PIEUP;;;;
+FFBE;HALFWIDTH HANGUL LETTER HIEUH;Lo;0;L;<narrow> 314E;;;;N;;;;;
+FFC2;HALFWIDTH HANGUL LETTER A;Lo;0;L;<narrow> 314F;;;;N;;;;;
+FFC3;HALFWIDTH HANGUL LETTER AE;Lo;0;L;<narrow> 3150;;;;N;;;;;
+FFC4;HALFWIDTH HANGUL LETTER YA;Lo;0;L;<narrow> 3151;;;;N;;;;;
+FFC5;HALFWIDTH HANGUL LETTER YAE;Lo;0;L;<narrow> 3152;;;;N;;;;;
+FFC6;HALFWIDTH HANGUL LETTER EO;Lo;0;L;<narrow> 3153;;;;N;;;;;
+FFC7;HALFWIDTH HANGUL LETTER E;Lo;0;L;<narrow> 3154;;;;N;;;;;
+FFCA;HALFWIDTH HANGUL LETTER YEO;Lo;0;L;<narrow> 3155;;;;N;;;;;
+FFCB;HALFWIDTH HANGUL LETTER YE;Lo;0;L;<narrow> 3156;;;;N;;;;;
+FFCC;HALFWIDTH HANGUL LETTER O;Lo;0;L;<narrow> 3157;;;;N;;;;;
+FFCD;HALFWIDTH HANGUL LETTER WA;Lo;0;L;<narrow> 3158;;;;N;;;;;
+FFCE;HALFWIDTH HANGUL LETTER WAE;Lo;0;L;<narrow> 3159;;;;N;;;;;
+FFCF;HALFWIDTH HANGUL LETTER OE;Lo;0;L;<narrow> 315A;;;;N;;;;;
+FFD2;HALFWIDTH HANGUL LETTER YO;Lo;0;L;<narrow> 315B;;;;N;;;;;
+FFD3;HALFWIDTH HANGUL LETTER U;Lo;0;L;<narrow> 315C;;;;N;;;;;
+FFD4;HALFWIDTH HANGUL LETTER WEO;Lo;0;L;<narrow> 315D;;;;N;;;;;
+FFD5;HALFWIDTH HANGUL LETTER WE;Lo;0;L;<narrow> 315E;;;;N;;;;;
+FFD6;HALFWIDTH HANGUL LETTER WI;Lo;0;L;<narrow> 315F;;;;N;;;;;
+FFD7;HALFWIDTH HANGUL LETTER YU;Lo;0;L;<narrow> 3160;;;;N;;;;;
+FFDA;HALFWIDTH HANGUL LETTER EU;Lo;0;L;<narrow> 3161;;;;N;;;;;
+FFDB;HALFWIDTH HANGUL LETTER YI;Lo;0;L;<narrow> 3162;;;;N;;;;;
+FFDC;HALFWIDTH HANGUL LETTER I;Lo;0;L;<narrow> 3163;;;;N;;;;;
+FFE0;FULLWIDTH CENT SIGN;Sc;0;ET;<wide> 00A2;;;;N;;;;;
+FFE1;FULLWIDTH POUND SIGN;Sc;0;ET;<wide> 00A3;;;;N;;;;;
+FFE2;FULLWIDTH NOT SIGN;Sm;0;ON;<wide> 00AC;;;;N;;;;;
+FFE3;FULLWIDTH MACRON;Sk;0;ON;<wide> 00AF;;;;N;FULLWIDTH SPACING MACRON;*;;;
+FFE4;FULLWIDTH BROKEN BAR;So;0;ON;<wide> 00A6;;;;N;FULLWIDTH BROKEN VERTICAL BAR;;;;
+FFE5;FULLWIDTH YEN SIGN;Sc;0;ET;<wide> 00A5;;;;N;;;;;
+FFE6;FULLWIDTH WON SIGN;Sc;0;ET;<wide> 20A9;;;;N;;;;;
+FFE8;HALFWIDTH FORMS LIGHT VERTICAL;So;0;ON;<narrow> 2502;;;;N;;;;;
+FFE9;HALFWIDTH LEFTWARDS ARROW;Sm;0;ON;<narrow> 2190;;;;N;;;;;
+FFEA;HALFWIDTH UPWARDS ARROW;Sm;0;ON;<narrow> 2191;;;;N;;;;;
+FFEB;HALFWIDTH RIGHTWARDS ARROW;Sm;0;ON;<narrow> 2192;;;;N;;;;;
+FFEC;HALFWIDTH DOWNWARDS ARROW;Sm;0;ON;<narrow> 2193;;;;N;;;;;
+FFED;HALFWIDTH BLACK SQUARE;So;0;ON;<narrow> 25A0;;;;N;;;;;
+FFEE;HALFWIDTH WHITE CIRCLE;So;0;ON;<narrow> 25CB;;;;N;;;;;
+FFF9;INTERLINEAR ANNOTATION ANCHOR;Cf;0;BN;;;;;N;;;;;
+FFFA;INTERLINEAR ANNOTATION SEPARATOR;Cf;0;BN;;;;;N;;;;;
+FFFB;INTERLINEAR ANNOTATION TERMINATOR;Cf;0;BN;;;;;N;;;;;
+FFFC;OBJECT REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
+FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;;
+10300;OLD ITALIC LETTER A;Lo;0;L;;;;;N;;;;;
+10301;OLD ITALIC LETTER BE;Lo;0;L;;;;;N;;;;;
+10302;OLD ITALIC LETTER KE;Lo;0;L;;;;;N;;;;;
+10303;OLD ITALIC LETTER DE;Lo;0;L;;;;;N;;;;;
+10304;OLD ITALIC LETTER E;Lo;0;L;;;;;N;;;;;
+10305;OLD ITALIC LETTER VE;Lo;0;L;;;;;N;;;;;
+10306;OLD ITALIC LETTER ZE;Lo;0;L;;;;;N;;;;;
+10307;OLD ITALIC LETTER HE;Lo;0;L;;;;;N;;;;;
+10308;OLD ITALIC LETTER THE;Lo;0;L;;;;;N;;;;;
+10309;OLD ITALIC LETTER I;Lo;0;L;;;;;N;;;;;
+1030A;OLD ITALIC LETTER KA;Lo;0;L;;;;;N;;;;;
+1030B;OLD ITALIC LETTER EL;Lo;0;L;;;;;N;;;;;
+1030C;OLD ITALIC LETTER EM;Lo;0;L;;;;;N;;;;;
+1030D;OLD ITALIC LETTER EN;Lo;0;L;;;;;N;;;;;
+1030E;OLD ITALIC LETTER ESH;Lo;0;L;;;;;N;;;;;
+1030F;OLD ITALIC LETTER O;Lo;0;L;;;;;N;;Faliscan;;;
+10310;OLD ITALIC LETTER PE;Lo;0;L;;;;;N;;;;;
+10311;OLD ITALIC LETTER SHE;Lo;0;L;;;;;N;;;;;
+10312;OLD ITALIC LETTER KU;Lo;0;L;;;;;N;;;;;
+10313;OLD ITALIC LETTER ER;Lo;0;L;;;;;N;;;;;
+10314;OLD ITALIC LETTER ES;Lo;0;L;;;;;N;;;;;
+10315;OLD ITALIC LETTER TE;Lo;0;L;;;;;N;;;;;
+10316;OLD ITALIC LETTER U;Lo;0;L;;;;;N;;;;;
+10317;OLD ITALIC LETTER EKS;Lo;0;L;;;;;N;;Faliscan;;;
+10318;OLD ITALIC LETTER PHE;Lo;0;L;;;;;N;;;;;
+10319;OLD ITALIC LETTER KHE;Lo;0;L;;;;;N;;;;;
+1031A;OLD ITALIC LETTER EF;Lo;0;L;;;;;N;;;;;
+1031B;OLD ITALIC LETTER ERS;Lo;0;L;;;;;N;;Umbrian;;;
+1031C;OLD ITALIC LETTER CHE;Lo;0;L;;;;;N;;Umbrian;;;
+1031D;OLD ITALIC LETTER II;Lo;0;L;;;;;N;;Oscan;;;
+1031E;OLD ITALIC LETTER UU;Lo;0;L;;;;;N;;Oscan;;;
+10320;OLD ITALIC NUMERAL ONE;No;0;L;;;;1;N;;;;;
+10321;OLD ITALIC NUMERAL FIVE;No;0;L;;;;5;N;;;;;
+10322;OLD ITALIC NUMERAL TEN;No;0;L;;;;10;N;;;;;
+10323;OLD ITALIC NUMERAL FIFTY;No;0;L;;;;50;N;;;;;
+10330;GOTHIC LETTER AHSA;Lo;0;L;;;;;N;;;;;
+10331;GOTHIC LETTER BAIRKAN;Lo;0;L;;;;;N;;;;;
+10332;GOTHIC LETTER GIBA;Lo;0;L;;;;;N;;;;;
+10333;GOTHIC LETTER DAGS;Lo;0;L;;;;;N;;;;;
+10334;GOTHIC LETTER AIHVUS;Lo;0;L;;;;;N;;;;;
+10335;GOTHIC LETTER QAIRTHRA;Lo;0;L;;;;;N;;;;;
+10336;GOTHIC LETTER IUJA;Lo;0;L;;;;;N;;;;;
+10337;GOTHIC LETTER HAGL;Lo;0;L;;;;;N;;;;;
+10338;GOTHIC LETTER THIUTH;Lo;0;L;;;;;N;;;;;
+10339;GOTHIC LETTER EIS;Lo;0;L;;;;;N;;;;;
+1033A;GOTHIC LETTER KUSMA;Lo;0;L;;;;;N;;;;;
+1033B;GOTHIC LETTER LAGUS;Lo;0;L;;;;;N;;;;;
+1033C;GOTHIC LETTER MANNA;Lo;0;L;;;;;N;;;;;
+1033D;GOTHIC LETTER NAUTHS;Lo;0;L;;;;;N;;;;;
+1033E;GOTHIC LETTER JER;Lo;0;L;;;;;N;;;;;
+1033F;GOTHIC LETTER URUS;Lo;0;L;;;;;N;;;;;
+10340;GOTHIC LETTER PAIRTHRA;Lo;0;L;;;;;N;;;;;
+10341;GOTHIC LETTER NINETY;Lo;0;L;;;;;N;;;;;
+10342;GOTHIC LETTER RAIDA;Lo;0;L;;;;;N;;;;;
+10343;GOTHIC LETTER SAUIL;Lo;0;L;;;;;N;;;;;
+10344;GOTHIC LETTER TEIWS;Lo;0;L;;;;;N;;;;;
+10345;GOTHIC LETTER WINJA;Lo;0;L;;;;;N;;;;;
+10346;GOTHIC LETTER FAIHU;Lo;0;L;;;;;N;;;;;
+10347;GOTHIC LETTER IGGWS;Lo;0;L;;;;;N;;;;;
+10348;GOTHIC LETTER HWAIR;Lo;0;L;;;;;N;;;;;
+10349;GOTHIC LETTER OTHAL;Lo;0;L;;;;;N;;;;;
+1034A;GOTHIC LETTER NINE HUNDRED;Nl;0;L;;;;;N;;;;;
+10400;DESERET CAPITAL LETTER LONG I;Lu;0;L;;;;;N;;;;10428;
+10401;DESERET CAPITAL LETTER LONG E;Lu;0;L;;;;;N;;;;10429;
+10402;DESERET CAPITAL LETTER LONG A;Lu;0;L;;;;;N;;;;1042A;
+10403;DESERET CAPITAL LETTER LONG AH;Lu;0;L;;;;;N;;;;1042B;
+10404;DESERET CAPITAL LETTER LONG O;Lu;0;L;;;;;N;;;;1042C;
+10405;DESERET CAPITAL LETTER LONG OO;Lu;0;L;;;;;N;;;;1042D;
+10406;DESERET CAPITAL LETTER SHORT I;Lu;0;L;;;;;N;;;;1042E;
+10407;DESERET CAPITAL LETTER SHORT E;Lu;0;L;;;;;N;;;;1042F;
+10408;DESERET CAPITAL LETTER SHORT A;Lu;0;L;;;;;N;;;;10430;
+10409;DESERET CAPITAL LETTER SHORT AH;Lu;0;L;;;;;N;;;;10431;
+1040A;DESERET CAPITAL LETTER SHORT O;Lu;0;L;;;;;N;;;;10432;
+1040B;DESERET CAPITAL LETTER SHORT OO;Lu;0;L;;;;;N;;;;10433;
+1040C;DESERET CAPITAL LETTER AY;Lu;0;L;;;;;N;;;;10434;
+1040D;DESERET CAPITAL LETTER OW;Lu;0;L;;;;;N;;;;10435;
+1040E;DESERET CAPITAL LETTER WU;Lu;0;L;;;;;N;;;;10436;
+1040F;DESERET CAPITAL LETTER YEE;Lu;0;L;;;;;N;;;;10437;
+10410;DESERET CAPITAL LETTER H;Lu;0;L;;;;;N;;;;10438;
+10411;DESERET CAPITAL LETTER PEE;Lu;0;L;;;;;N;;;;10439;
+10412;DESERET CAPITAL LETTER BEE;Lu;0;L;;;;;N;;;;1043A;
+10413;DESERET CAPITAL LETTER TEE;Lu;0;L;;;;;N;;;;1043B;
+10414;DESERET CAPITAL LETTER DEE;Lu;0;L;;;;;N;;;;1043C;
+10415;DESERET CAPITAL LETTER CHEE;Lu;0;L;;;;;N;;;;1043D;
+10416;DESERET CAPITAL LETTER JEE;Lu;0;L;;;;;N;;;;1043E;
+10417;DESERET CAPITAL LETTER KAY;Lu;0;L;;;;;N;;;;1043F;
+10418;DESERET CAPITAL LETTER GAY;Lu;0;L;;;;;N;;;;10440;
+10419;DESERET CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;10441;
+1041A;DESERET CAPITAL LETTER VEE;Lu;0;L;;;;;N;;;;10442;
+1041B;DESERET CAPITAL LETTER ETH;Lu;0;L;;;;;N;;;;10443;
+1041C;DESERET CAPITAL LETTER THEE;Lu;0;L;;;;;N;;;;10444;
+1041D;DESERET CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;10445;
+1041E;DESERET CAPITAL LETTER ZEE;Lu;0;L;;;;;N;;;;10446;
+1041F;DESERET CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;10447;
+10420;DESERET CAPITAL LETTER ZHEE;Lu;0;L;;;;;N;;;;10448;
+10421;DESERET CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;10449;
+10422;DESERET CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;1044A;
+10423;DESERET CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;1044B;
+10424;DESERET CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;1044C;
+10425;DESERET CAPITAL LETTER ENG;Lu;0;L;;;;;N;;;;1044D;
+10428;DESERET SMALL LETTER LONG I;Ll;0;L;;;;;N;;;10400;;10400
+10429;DESERET SMALL LETTER LONG E;Ll;0;L;;;;;N;;;10401;;10401
+1042A;DESERET SMALL LETTER LONG A;Ll;0;L;;;;;N;;;10402;;10402
+1042B;DESERET SMALL LETTER LONG AH;Ll;0;L;;;;;N;;;10403;;10403
+1042C;DESERET SMALL LETTER LONG O;Ll;0;L;;;;;N;;;10404;;10404
+1042D;DESERET SMALL LETTER LONG OO;Ll;0;L;;;;;N;;;10405;;10405
+1042E;DESERET SMALL LETTER SHORT I;Ll;0;L;;;;;N;;;10406;;10406
+1042F;DESERET SMALL LETTER SHORT E;Ll;0;L;;;;;N;;;10407;;10407
+10430;DESERET SMALL LETTER SHORT A;Ll;0;L;;;;;N;;;10408;;10408
+10431;DESERET SMALL LETTER SHORT AH;Ll;0;L;;;;;N;;;10409;;10409
+10432;DESERET SMALL LETTER SHORT O;Ll;0;L;;;;;N;;;1040A;;1040A
+10433;DESERET SMALL LETTER SHORT OO;Ll;0;L;;;;;N;;;1040B;;1040B
+10434;DESERET SMALL LETTER AY;Ll;0;L;;;;;N;;;1040C;;1040C
+10435;DESERET SMALL LETTER OW;Ll;0;L;;;;;N;;;1040D;;1040D
+10436;DESERET SMALL LETTER WU;Ll;0;L;;;;;N;;;1040E;;1040E
+10437;DESERET SMALL LETTER YEE;Ll;0;L;;;;;N;;;1040F;;1040F
+10438;DESERET SMALL LETTER H;Ll;0;L;;;;;N;;;10410;;10410
+10439;DESERET SMALL LETTER PEE;Ll;0;L;;;;;N;;;10411;;10411
+1043A;DESERET SMALL LETTER BEE;Ll;0;L;;;;;N;;;10412;;10412
+1043B;DESERET SMALL LETTER TEE;Ll;0;L;;;;;N;;;10413;;10413
+1043C;DESERET SMALL LETTER DEE;Ll;0;L;;;;;N;;;10414;;10414
+1043D;DESERET SMALL LETTER CHEE;Ll;0;L;;;;;N;;;10415;;10415
+1043E;DESERET SMALL LETTER JEE;Ll;0;L;;;;;N;;;10416;;10416
+1043F;DESERET SMALL LETTER KAY;Ll;0;L;;;;;N;;;10417;;10417
+10440;DESERET SMALL LETTER GAY;Ll;0;L;;;;;N;;;10418;;10418
+10441;DESERET SMALL LETTER EF;Ll;0;L;;;;;N;;;10419;;10419
+10442;DESERET SMALL LETTER VEE;Ll;0;L;;;;;N;;;1041A;;1041A
+10443;DESERET SMALL LETTER ETH;Ll;0;L;;;;;N;;;1041B;;1041B
+10444;DESERET SMALL LETTER THEE;Ll;0;L;;;;;N;;;1041C;;1041C
+10445;DESERET SMALL LETTER ES;Ll;0;L;;;;;N;;;1041D;;1041D
+10446;DESERET SMALL LETTER ZEE;Ll;0;L;;;;;N;;;1041E;;1041E
+10447;DESERET SMALL LETTER ESH;Ll;0;L;;;;;N;;;1041F;;1041F
+10448;DESERET SMALL LETTER ZHEE;Ll;0;L;;;;;N;;;10420;;10420
+10449;DESERET SMALL LETTER ER;Ll;0;L;;;;;N;;;10421;;10421
+1044A;DESERET SMALL LETTER EL;Ll;0;L;;;;;N;;;10422;;10422
+1044B;DESERET SMALL LETTER EM;Ll;0;L;;;;;N;;;10423;;10423
+1044C;DESERET SMALL LETTER EN;Ll;0;L;;;;;N;;;10424;;10424
+1044D;DESERET SMALL LETTER ENG;Ll;0;L;;;;;N;;;10425;;10425
+1D000;BYZANTINE MUSICAL SYMBOL PSILI;So;0;L;;;;;N;;;;;
+1D001;BYZANTINE MUSICAL SYMBOL DASEIA;So;0;L;;;;;N;;;;;
+1D002;BYZANTINE MUSICAL SYMBOL PERISPOMENI;So;0;L;;;;;N;;;;;
+1D003;BYZANTINE MUSICAL SYMBOL OXEIA EKFONITIKON;So;0;L;;;;;N;;;;;
+1D004;BYZANTINE MUSICAL SYMBOL OXEIA DIPLI;So;0;L;;;;;N;;;;;
+1D005;BYZANTINE MUSICAL SYMBOL VAREIA EKFONITIKON;So;0;L;;;;;N;;;;;
+1D006;BYZANTINE MUSICAL SYMBOL VAREIA DIPLI;So;0;L;;;;;N;;;;;
+1D007;BYZANTINE MUSICAL SYMBOL KATHISTI;So;0;L;;;;;N;;;;;
+1D008;BYZANTINE MUSICAL SYMBOL SYRMATIKI;So;0;L;;;;;N;;;;;
+1D009;BYZANTINE MUSICAL SYMBOL PARAKLITIKI;So;0;L;;;;;N;;;;;
+1D00A;BYZANTINE MUSICAL SYMBOL YPOKRISIS;So;0;L;;;;;N;;;;;
+1D00B;BYZANTINE MUSICAL SYMBOL YPOKRISIS DIPLI;So;0;L;;;;;N;;;;;
+1D00C;BYZANTINE MUSICAL SYMBOL KREMASTI;So;0;L;;;;;N;;;;;
+1D00D;BYZANTINE MUSICAL SYMBOL APESO EKFONITIKON;So;0;L;;;;;N;;;;;
+1D00E;BYZANTINE MUSICAL SYMBOL EXO EKFONITIKON;So;0;L;;;;;N;;;;;
+1D00F;BYZANTINE MUSICAL SYMBOL TELEIA;So;0;L;;;;;N;;;;;
+1D010;BYZANTINE MUSICAL SYMBOL KENTIMATA;So;0;L;;;;;N;;;;;
+1D011;BYZANTINE MUSICAL SYMBOL APOSTROFOS;So;0;L;;;;;N;;;;;
+1D012;BYZANTINE MUSICAL SYMBOL APOSTROFOS DIPLI;So;0;L;;;;;N;;;;;
+1D013;BYZANTINE MUSICAL SYMBOL SYNEVMA;So;0;L;;;;;N;;;;;
+1D014;BYZANTINE MUSICAL SYMBOL THITA;So;0;L;;;;;N;;;;;
+1D015;BYZANTINE MUSICAL SYMBOL OLIGON ARCHAION;So;0;L;;;;;N;;;;;
+1D016;BYZANTINE MUSICAL SYMBOL GORGON ARCHAION;So;0;L;;;;;N;;;;;
+1D017;BYZANTINE MUSICAL SYMBOL PSILON;So;0;L;;;;;N;;;;;
+1D018;BYZANTINE MUSICAL SYMBOL CHAMILON;So;0;L;;;;;N;;;;;
+1D019;BYZANTINE MUSICAL SYMBOL VATHY;So;0;L;;;;;N;;;;;
+1D01A;BYZANTINE MUSICAL SYMBOL ISON ARCHAION;So;0;L;;;;;N;;;;;
+1D01B;BYZANTINE MUSICAL SYMBOL KENTIMA ARCHAION;So;0;L;;;;;N;;;;;
+1D01C;BYZANTINE MUSICAL SYMBOL KENTIMATA ARCHAION;So;0;L;;;;;N;;;;;
+1D01D;BYZANTINE MUSICAL SYMBOL SAXIMATA;So;0;L;;;;;N;;;;;
+1D01E;BYZANTINE MUSICAL SYMBOL PARICHON;So;0;L;;;;;N;;;;;
+1D01F;BYZANTINE MUSICAL SYMBOL STAVROS APODEXIA;So;0;L;;;;;N;;;;;
+1D020;BYZANTINE MUSICAL SYMBOL OXEIAI ARCHAION;So;0;L;;;;;N;;;;;
+1D021;BYZANTINE MUSICAL SYMBOL VAREIAI ARCHAION;So;0;L;;;;;N;;;;;
+1D022;BYZANTINE MUSICAL SYMBOL APODERMA ARCHAION;So;0;L;;;;;N;;;;;
+1D023;BYZANTINE MUSICAL SYMBOL APOTHEMA;So;0;L;;;;;N;;;;;
+1D024;BYZANTINE MUSICAL SYMBOL KLASMA;So;0;L;;;;;N;;;;;
+1D025;BYZANTINE MUSICAL SYMBOL REVMA;So;0;L;;;;;N;;;;;
+1D026;BYZANTINE MUSICAL SYMBOL PIASMA ARCHAION;So;0;L;;;;;N;;;;;
+1D027;BYZANTINE MUSICAL SYMBOL TINAGMA;So;0;L;;;;;N;;;;;
+1D028;BYZANTINE MUSICAL SYMBOL ANATRICHISMA;So;0;L;;;;;N;;;;;
+1D029;BYZANTINE MUSICAL SYMBOL SEISMA;So;0;L;;;;;N;;;;;
+1D02A;BYZANTINE MUSICAL SYMBOL SYNAGMA ARCHAION;So;0;L;;;;;N;;;;;
+1D02B;BYZANTINE MUSICAL SYMBOL SYNAGMA META STAVROU;So;0;L;;;;;N;;;;;
+1D02C;BYZANTINE MUSICAL SYMBOL OYRANISMA ARCHAION;So;0;L;;;;;N;;;;;
+1D02D;BYZANTINE MUSICAL SYMBOL THEMA;So;0;L;;;;;N;;;;;
+1D02E;BYZANTINE MUSICAL SYMBOL LEMOI;So;0;L;;;;;N;;;;;
+1D02F;BYZANTINE MUSICAL SYMBOL DYO;So;0;L;;;;;N;;;;;
+1D030;BYZANTINE MUSICAL SYMBOL TRIA;So;0;L;;;;;N;;;;;
+1D031;BYZANTINE MUSICAL SYMBOL TESSERA;So;0;L;;;;;N;;;;;
+1D032;BYZANTINE MUSICAL SYMBOL KRATIMATA;So;0;L;;;;;N;;;;;
+1D033;BYZANTINE MUSICAL SYMBOL APESO EXO NEO;So;0;L;;;;;N;;;;;
+1D034;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION;So;0;L;;;;;N;;;;;
+1D035;BYZANTINE MUSICAL SYMBOL IMIFTHORA;So;0;L;;;;;N;;;;;
+1D036;BYZANTINE MUSICAL SYMBOL TROMIKON ARCHAION;So;0;L;;;;;N;;;;;
+1D037;BYZANTINE MUSICAL SYMBOL KATAVA TROMIKON;So;0;L;;;;;N;;;;;
+1D038;BYZANTINE MUSICAL SYMBOL PELASTON;So;0;L;;;;;N;;;;;
+1D039;BYZANTINE MUSICAL SYMBOL PSIFISTON;So;0;L;;;;;N;;;;;
+1D03A;BYZANTINE MUSICAL SYMBOL KONTEVMA;So;0;L;;;;;N;;;;;
+1D03B;BYZANTINE MUSICAL SYMBOL CHOREVMA ARCHAION;So;0;L;;;;;N;;;;;
+1D03C;BYZANTINE MUSICAL SYMBOL RAPISMA;So;0;L;;;;;N;;;;;
+1D03D;BYZANTINE MUSICAL SYMBOL PARAKALESMA ARCHAION;So;0;L;;;;;N;;;;;
+1D03E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI ARCHAION;So;0;L;;;;;N;;;;;
+1D03F;BYZANTINE MUSICAL SYMBOL ICHADIN;So;0;L;;;;;N;;;;;
+1D040;BYZANTINE MUSICAL SYMBOL NANA;So;0;L;;;;;N;;;;;
+1D041;BYZANTINE MUSICAL SYMBOL PETASMA;So;0;L;;;;;N;;;;;
+1D042;BYZANTINE MUSICAL SYMBOL KONTEVMA ALLO;So;0;L;;;;;N;;;;;
+1D043;BYZANTINE MUSICAL SYMBOL TROMIKON ALLO;So;0;L;;;;;N;;;;;
+1D044;BYZANTINE MUSICAL SYMBOL STRAGGISMATA;So;0;L;;;;;N;;;;;
+1D045;BYZANTINE MUSICAL SYMBOL GRONTHISMATA;So;0;L;;;;;N;;;;;
+1D046;BYZANTINE MUSICAL SYMBOL ISON NEO;So;0;L;;;;;N;;;;;
+1D047;BYZANTINE MUSICAL SYMBOL OLIGON NEO;So;0;L;;;;;N;;;;;
+1D048;BYZANTINE MUSICAL SYMBOL OXEIA NEO;So;0;L;;;;;N;;;;;
+1D049;BYZANTINE MUSICAL SYMBOL PETASTI;So;0;L;;;;;N;;;;;
+1D04A;BYZANTINE MUSICAL SYMBOL KOUFISMA;So;0;L;;;;;N;;;;;
+1D04B;BYZANTINE MUSICAL SYMBOL PETASTOKOUFISMA;So;0;L;;;;;N;;;;;
+1D04C;BYZANTINE MUSICAL SYMBOL KRATIMOKOUFISMA;So;0;L;;;;;N;;;;;
+1D04D;BYZANTINE MUSICAL SYMBOL PELASTON NEO;So;0;L;;;;;N;;;;;
+1D04E;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO ANO;So;0;L;;;;;N;;;;;
+1D04F;BYZANTINE MUSICAL SYMBOL KENTIMA NEO ANO;So;0;L;;;;;N;;;;;
+1D050;BYZANTINE MUSICAL SYMBOL YPSILI;So;0;L;;;;;N;;;;;
+1D051;BYZANTINE MUSICAL SYMBOL APOSTROFOS NEO;So;0;L;;;;;N;;;;;
+1D052;BYZANTINE MUSICAL SYMBOL APOSTROFOI SYNDESMOS NEO;So;0;L;;;;;N;;;;;
+1D053;BYZANTINE MUSICAL SYMBOL YPORROI;So;0;L;;;;;N;;;;;
+1D054;BYZANTINE MUSICAL SYMBOL KRATIMOYPORROON;So;0;L;;;;;N;;;;;
+1D055;BYZANTINE MUSICAL SYMBOL ELAFRON;So;0;L;;;;;N;;;;;
+1D056;BYZANTINE MUSICAL SYMBOL CHAMILI;So;0;L;;;;;N;;;;;
+1D057;BYZANTINE MUSICAL SYMBOL MIKRON ISON;So;0;L;;;;;N;;;;;
+1D058;BYZANTINE MUSICAL SYMBOL VAREIA NEO;So;0;L;;;;;N;;;;;
+1D059;BYZANTINE MUSICAL SYMBOL PIASMA NEO;So;0;L;;;;;N;;;;;
+1D05A;BYZANTINE MUSICAL SYMBOL PSIFISTON NEO;So;0;L;;;;;N;;;;;
+1D05B;BYZANTINE MUSICAL SYMBOL OMALON;So;0;L;;;;;N;;;;;
+1D05C;BYZANTINE MUSICAL SYMBOL ANTIKENOMA;So;0;L;;;;;N;;;;;
+1D05D;BYZANTINE MUSICAL SYMBOL LYGISMA;So;0;L;;;;;N;;;;;
+1D05E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI NEO;So;0;L;;;;;N;;;;;
+1D05F;BYZANTINE MUSICAL SYMBOL PARAKALESMA NEO;So;0;L;;;;;N;;;;;
+1D060;BYZANTINE MUSICAL SYMBOL ETERON PARAKALESMA;So;0;L;;;;;N;;;;;
+1D061;BYZANTINE MUSICAL SYMBOL KYLISMA;So;0;L;;;;;N;;;;;
+1D062;BYZANTINE MUSICAL SYMBOL ANTIKENOKYLISMA;So;0;L;;;;;N;;;;;
+1D063;BYZANTINE MUSICAL SYMBOL TROMIKON NEO;So;0;L;;;;;N;;;;;
+1D064;BYZANTINE MUSICAL SYMBOL EKSTREPTON;So;0;L;;;;;N;;;;;
+1D065;BYZANTINE MUSICAL SYMBOL SYNAGMA NEO;So;0;L;;;;;N;;;;;
+1D066;BYZANTINE MUSICAL SYMBOL SYRMA;So;0;L;;;;;N;;;;;
+1D067;BYZANTINE MUSICAL SYMBOL CHOREVMA NEO;So;0;L;;;;;N;;;;;
+1D068;BYZANTINE MUSICAL SYMBOL EPEGERMA;So;0;L;;;;;N;;;;;
+1D069;BYZANTINE MUSICAL SYMBOL SEISMA NEO;So;0;L;;;;;N;;;;;
+1D06A;BYZANTINE MUSICAL SYMBOL XIRON KLASMA;So;0;L;;;;;N;;;;;
+1D06B;BYZANTINE MUSICAL SYMBOL TROMIKOPSIFISTON;So;0;L;;;;;N;;;;;
+1D06C;BYZANTINE MUSICAL SYMBOL PSIFISTOLYGISMA;So;0;L;;;;;N;;;;;
+1D06D;BYZANTINE MUSICAL SYMBOL TROMIKOLYGISMA;So;0;L;;;;;N;;;;;
+1D06E;BYZANTINE MUSICAL SYMBOL TROMIKOPARAKALESMA;So;0;L;;;;;N;;;;;
+1D06F;BYZANTINE MUSICAL SYMBOL PSIFISTOPARAKALESMA;So;0;L;;;;;N;;;;;
+1D070;BYZANTINE MUSICAL SYMBOL TROMIKOSYNAGMA;So;0;L;;;;;N;;;;;
+1D071;BYZANTINE MUSICAL SYMBOL PSIFISTOSYNAGMA;So;0;L;;;;;N;;;;;
+1D072;BYZANTINE MUSICAL SYMBOL GORGOSYNTHETON;So;0;L;;;;;N;;;;;
+1D073;BYZANTINE MUSICAL SYMBOL ARGOSYNTHETON;So;0;L;;;;;N;;;;;
+1D074;BYZANTINE MUSICAL SYMBOL ETERON ARGOSYNTHETON;So;0;L;;;;;N;;;;;
+1D075;BYZANTINE MUSICAL SYMBOL OYRANISMA NEO;So;0;L;;;;;N;;;;;
+1D076;BYZANTINE MUSICAL SYMBOL THEMATISMOS ESO;So;0;L;;;;;N;;;;;
+1D077;BYZANTINE MUSICAL SYMBOL THEMATISMOS EXO;So;0;L;;;;;N;;;;;
+1D078;BYZANTINE MUSICAL SYMBOL THEMA APLOUN;So;0;L;;;;;N;;;;;
+1D079;BYZANTINE MUSICAL SYMBOL THES KAI APOTHES;So;0;L;;;;;N;;;;;
+1D07A;BYZANTINE MUSICAL SYMBOL KATAVASMA;So;0;L;;;;;N;;;;;
+1D07B;BYZANTINE MUSICAL SYMBOL ENDOFONON;So;0;L;;;;;N;;;;;
+1D07C;BYZANTINE MUSICAL SYMBOL YFEN KATO;So;0;L;;;;;N;;;;;
+1D07D;BYZANTINE MUSICAL SYMBOL YFEN ANO;So;0;L;;;;;N;;;;;
+1D07E;BYZANTINE MUSICAL SYMBOL STAVROS;So;0;L;;;;;N;;;;;
+1D07F;BYZANTINE MUSICAL SYMBOL KLASMA ANO;So;0;L;;;;;N;;;;;
+1D080;BYZANTINE MUSICAL SYMBOL DIPLI ARCHAION;So;0;L;;;;;N;;;;;
+1D081;BYZANTINE MUSICAL SYMBOL KRATIMA ARCHAION;So;0;L;;;;;N;;;;;
+1D082;BYZANTINE MUSICAL SYMBOL KRATIMA ALLO;So;0;L;;;;;N;;;;;
+1D083;BYZANTINE MUSICAL SYMBOL KRATIMA NEO;So;0;L;;;;;N;;;;;
+1D084;BYZANTINE MUSICAL SYMBOL APODERMA NEO;So;0;L;;;;;N;;;;;
+1D085;BYZANTINE MUSICAL SYMBOL APLI;So;0;L;;;;;N;;;;;
+1D086;BYZANTINE MUSICAL SYMBOL DIPLI;So;0;L;;;;;N;;;;;
+1D087;BYZANTINE MUSICAL SYMBOL TRIPLI;So;0;L;;;;;N;;;;;
+1D088;BYZANTINE MUSICAL SYMBOL TETRAPLI;So;0;L;;;;;N;;;;;
+1D089;BYZANTINE MUSICAL SYMBOL KORONIS;So;0;L;;;;;N;;;;;
+1D08A;BYZANTINE MUSICAL SYMBOL LEIMMA ENOS CHRONOU;So;0;L;;;;;N;;;;;
+1D08B;BYZANTINE MUSICAL SYMBOL LEIMMA DYO CHRONON;So;0;L;;;;;N;;;;;
+1D08C;BYZANTINE MUSICAL SYMBOL LEIMMA TRION CHRONON;So;0;L;;;;;N;;;;;
+1D08D;BYZANTINE MUSICAL SYMBOL LEIMMA TESSARON CHRONON;So;0;L;;;;;N;;;;;
+1D08E;BYZANTINE MUSICAL SYMBOL LEIMMA IMISEOS CHRONOU;So;0;L;;;;;N;;;;;
+1D08F;BYZANTINE MUSICAL SYMBOL GORGON NEO ANO;So;0;L;;;;;N;;;;;
+1D090;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON ARISTERA;So;0;L;;;;;N;;;;;
+1D091;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;;
+1D092;BYZANTINE MUSICAL SYMBOL DIGORGON;So;0;L;;;;;N;;;;;
+1D093;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA KATO;So;0;L;;;;;N;;;;;
+1D094;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA ANO;So;0;L;;;;;N;;;;;
+1D095;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;;
+1D096;BYZANTINE MUSICAL SYMBOL TRIGORGON;So;0;L;;;;;N;;;;;
+1D097;BYZANTINE MUSICAL SYMBOL ARGON;So;0;L;;;;;N;;;;;
+1D098;BYZANTINE MUSICAL SYMBOL IMIDIARGON;So;0;L;;;;;N;;;;;
+1D099;BYZANTINE MUSICAL SYMBOL DIARGON;So;0;L;;;;;N;;;;;
+1D09A;BYZANTINE MUSICAL SYMBOL AGOGI POLI ARGI;So;0;L;;;;;N;;;;;
+1D09B;BYZANTINE MUSICAL SYMBOL AGOGI ARGOTERI;So;0;L;;;;;N;;;;;
+1D09C;BYZANTINE MUSICAL SYMBOL AGOGI ARGI;So;0;L;;;;;N;;;;;
+1D09D;BYZANTINE MUSICAL SYMBOL AGOGI METRIA;So;0;L;;;;;N;;;;;
+1D09E;BYZANTINE MUSICAL SYMBOL AGOGI MESI;So;0;L;;;;;N;;;;;
+1D09F;BYZANTINE MUSICAL SYMBOL AGOGI GORGI;So;0;L;;;;;N;;;;;
+1D0A0;BYZANTINE MUSICAL SYMBOL AGOGI GORGOTERI;So;0;L;;;;;N;;;;;
+1D0A1;BYZANTINE MUSICAL SYMBOL AGOGI POLI GORGI;So;0;L;;;;;N;;;;;
+1D0A2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A3;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI PROTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A4;BYZANTINE MUSICAL SYMBOL MARTYRIA DEYTEROS ICHOS;So;0;L;;;;;N;;;;;
+1D0A5;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI DEYTEROS ICHOS;So;0;L;;;;;N;;;;;
+1D0A6;BYZANTINE MUSICAL SYMBOL MARTYRIA TRITOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A7;BYZANTINE MUSICAL SYMBOL MARTYRIA TRIFONIAS;So;0;L;;;;;N;;;;;
+1D0A8;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0A9;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS LEGETOS ICHOS;So;0;L;;;;;N;;;;;
+1D0AA;BYZANTINE MUSICAL SYMBOL MARTYRIA LEGETOS ICHOS;So;0;L;;;;;N;;;;;
+1D0AB;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS ICHOS;So;0;L;;;;;N;;;;;
+1D0AC;BYZANTINE MUSICAL SYMBOL ISAKIA TELOUS ICHIMATOS;So;0;L;;;;;N;;;;;
+1D0AD;BYZANTINE MUSICAL SYMBOL APOSTROFOI TELOUS ICHIMATOS;So;0;L;;;;;N;;;;;
+1D0AE;BYZANTINE MUSICAL SYMBOL FANEROSIS TETRAFONIAS;So;0;L;;;;;N;;;;;
+1D0AF;BYZANTINE MUSICAL SYMBOL FANEROSIS MONOFONIAS;So;0;L;;;;;N;;;;;
+1D0B0;BYZANTINE MUSICAL SYMBOL FANEROSIS DIFONIAS;So;0;L;;;;;N;;;;;
+1D0B1;BYZANTINE MUSICAL SYMBOL MARTYRIA VARYS ICHOS;So;0;L;;;;;N;;;;;
+1D0B2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOVARYS ICHOS;So;0;L;;;;;N;;;;;
+1D0B3;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS TETARTOS ICHOS;So;0;L;;;;;N;;;;;
+1D0B4;BYZANTINE MUSICAL SYMBOL GORTHMIKON N APLOUN;So;0;L;;;;;N;;;;;
+1D0B5;BYZANTINE MUSICAL SYMBOL GORTHMIKON N DIPLOUN;So;0;L;;;;;N;;;;;
+1D0B6;BYZANTINE MUSICAL SYMBOL ENARXIS KAI FTHORA VOU;So;0;L;;;;;N;;;;;
+1D0B7;BYZANTINE MUSICAL SYMBOL IMIFONON;So;0;L;;;;;N;;;;;
+1D0B8;BYZANTINE MUSICAL SYMBOL IMIFTHORON;So;0;L;;;;;N;;;;;
+1D0B9;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION DEYTEROU ICHOU;So;0;L;;;;;N;;;;;
+1D0BA;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI PA;So;0;L;;;;;N;;;;;
+1D0BB;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NANA;So;0;L;;;;;N;;;;;
+1D0BC;BYZANTINE MUSICAL SYMBOL FTHORA NAOS ICHOS;So;0;L;;;;;N;;;;;
+1D0BD;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI DI;So;0;L;;;;;N;;;;;
+1D0BE;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON DIATONON DI;So;0;L;;;;;N;;;;;
+1D0BF;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI KE;So;0;L;;;;;N;;;;;
+1D0C0;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI ZO;So;0;L;;;;;N;;;;;
+1D0C1;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI KATO;So;0;L;;;;;N;;;;;
+1D0C2;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI ANO;So;0;L;;;;;N;;;;;
+1D0C3;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA DIFONIAS;So;0;L;;;;;N;;;;;
+1D0C4;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA MONOFONIAS;So;0;L;;;;;N;;;;;
+1D0C5;BYZANTINE MUSICAL SYMBOL FHTORA SKLIRON CHROMA VASIS;So;0;L;;;;;N;;;;;
+1D0C6;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON CHROMA SYNAFI;So;0;L;;;;;N;;;;;
+1D0C7;BYZANTINE MUSICAL SYMBOL FTHORA NENANO;So;0;L;;;;;N;;;;;
+1D0C8;BYZANTINE MUSICAL SYMBOL CHROA ZYGOS;So;0;L;;;;;N;;;;;
+1D0C9;BYZANTINE MUSICAL SYMBOL CHROA KLITON;So;0;L;;;;;N;;;;;
+1D0CA;BYZANTINE MUSICAL SYMBOL CHROA SPATHI;So;0;L;;;;;N;;;;;
+1D0CB;BYZANTINE MUSICAL SYMBOL FTHORA I YFESIS TETARTIMORION;So;0;L;;;;;N;;;;;
+1D0CC;BYZANTINE MUSICAL SYMBOL FTHORA ENARMONIOS ANTIFONIA;So;0;L;;;;;N;;;;;
+1D0CD;BYZANTINE MUSICAL SYMBOL YFESIS TRITIMORION;So;0;L;;;;;N;;;;;
+1D0CE;BYZANTINE MUSICAL SYMBOL DIESIS TRITIMORION;So;0;L;;;;;N;;;;;
+1D0CF;BYZANTINE MUSICAL SYMBOL DIESIS TETARTIMORION;So;0;L;;;;;N;;;;;
+1D0D0;BYZANTINE MUSICAL SYMBOL DIESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D1;BYZANTINE MUSICAL SYMBOL DIESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;;
+1D0D2;BYZANTINE MUSICAL SYMBOL DIESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;;
+1D0D3;BYZANTINE MUSICAL SYMBOL DIESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D4;BYZANTINE MUSICAL SYMBOL YFESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D5;BYZANTINE MUSICAL SYMBOL YFESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;;
+1D0D6;BYZANTINE MUSICAL SYMBOL YFESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;;
+1D0D7;BYZANTINE MUSICAL SYMBOL YFESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;;
+1D0D8;BYZANTINE MUSICAL SYMBOL GENIKI DIESIS;So;0;L;;;;;N;;;;;
+1D0D9;BYZANTINE MUSICAL SYMBOL GENIKI YFESIS;So;0;L;;;;;N;;;;;
+1D0DA;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MIKRI;So;0;L;;;;;N;;;;;
+1D0DB;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MEGALI;So;0;L;;;;;N;;;;;
+1D0DC;BYZANTINE MUSICAL SYMBOL DIASTOLI DIPLI;So;0;L;;;;;N;;;;;
+1D0DD;BYZANTINE MUSICAL SYMBOL DIASTOLI THESEOS;So;0;L;;;;;N;;;;;
+1D0DE;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS;So;0;L;;;;;N;;;;;
+1D0DF;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS DISIMOU;So;0;L;;;;;N;;;;;
+1D0E0;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TRISIMOU;So;0;L;;;;;N;;;;;
+1D0E1;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TETRASIMOU;So;0;L;;;;;N;;;;;
+1D0E2;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS;So;0;L;;;;;N;;;;;
+1D0E3;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS DISIMOU;So;0;L;;;;;N;;;;;
+1D0E4;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TRISIMOU;So;0;L;;;;;N;;;;;
+1D0E5;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TETRASIMOU;So;0;L;;;;;N;;;;;
+1D0E6;BYZANTINE MUSICAL SYMBOL DIGRAMMA GG;So;0;L;;;;;N;;;;;
+1D0E7;BYZANTINE MUSICAL SYMBOL DIFTOGGOS OU;So;0;L;;;;;N;;;;;
+1D0E8;BYZANTINE MUSICAL SYMBOL STIGMA;So;0;L;;;;;N;;;;;
+1D0E9;BYZANTINE MUSICAL SYMBOL ARKTIKO PA;So;0;L;;;;;N;;;;;
+1D0EA;BYZANTINE MUSICAL SYMBOL ARKTIKO VOU;So;0;L;;;;;N;;;;;
+1D0EB;BYZANTINE MUSICAL SYMBOL ARKTIKO GA;So;0;L;;;;;N;;;;;
+1D0EC;BYZANTINE MUSICAL SYMBOL ARKTIKO DI;So;0;L;;;;;N;;;;;
+1D0ED;BYZANTINE MUSICAL SYMBOL ARKTIKO KE;So;0;L;;;;;N;;;;;
+1D0EE;BYZANTINE MUSICAL SYMBOL ARKTIKO ZO;So;0;L;;;;;N;;;;;
+1D0EF;BYZANTINE MUSICAL SYMBOL ARKTIKO NI;So;0;L;;;;;N;;;;;
+1D0F0;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO MESO;So;0;L;;;;;N;;;;;
+1D0F1;BYZANTINE MUSICAL SYMBOL KENTIMA NEO MESO;So;0;L;;;;;N;;;;;
+1D0F2;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO KATO;So;0;L;;;;;N;;;;;
+1D0F3;BYZANTINE MUSICAL SYMBOL KENTIMA NEO KATO;So;0;L;;;;;N;;;;;
+1D0F4;BYZANTINE MUSICAL SYMBOL KLASMA KATO;So;0;L;;;;;N;;;;;
+1D0F5;BYZANTINE MUSICAL SYMBOL GORGON NEO KATO;So;0;L;;;;;N;;;;;
+1D100;MUSICAL SYMBOL SINGLE BARLINE;So;0;L;;;;;N;;;;;
+1D101;MUSICAL SYMBOL DOUBLE BARLINE;So;0;L;;;;;N;;;;;
+1D102;MUSICAL SYMBOL FINAL BARLINE;So;0;L;;;;;N;;;;;
+1D103;MUSICAL SYMBOL REVERSE FINAL BARLINE;So;0;L;;;;;N;;;;;
+1D104;MUSICAL SYMBOL DASHED BARLINE;So;0;L;;;;;N;;;;;
+1D105;MUSICAL SYMBOL SHORT BARLINE;So;0;L;;;;;N;;;;;
+1D106;MUSICAL SYMBOL LEFT REPEAT SIGN;So;0;L;;;;;N;;;;;
+1D107;MUSICAL SYMBOL RIGHT REPEAT SIGN;So;0;L;;;;;N;;;;;
+1D108;MUSICAL SYMBOL REPEAT DOTS;So;0;L;;;;;N;;;;;
+1D109;MUSICAL SYMBOL DAL SEGNO;So;0;L;;;;;N;;;;;
+1D10A;MUSICAL SYMBOL DA CAPO;So;0;L;;;;;N;;;;;
+1D10B;MUSICAL SYMBOL SEGNO;So;0;L;;;;;N;;;;;
+1D10C;MUSICAL SYMBOL CODA;So;0;L;;;;;N;;;;;
+1D10D;MUSICAL SYMBOL REPEATED FIGURE-1;So;0;L;;;;;N;;;;;
+1D10E;MUSICAL SYMBOL REPEATED FIGURE-2;So;0;L;;;;;N;;;;;
+1D10F;MUSICAL SYMBOL REPEATED FIGURE-3;So;0;L;;;;;N;;;;;
+1D110;MUSICAL SYMBOL FERMATA;So;0;L;;;;;N;;;;;
+1D111;MUSICAL SYMBOL FERMATA BELOW;So;0;L;;;;;N;;;;;
+1D112;MUSICAL SYMBOL BREATH MARK;So;0;L;;;;;N;;;;;
+1D113;MUSICAL SYMBOL CAESURA;So;0;L;;;;;N;;;;;
+1D114;MUSICAL SYMBOL BRACE;So;0;L;;;;;N;;;;;
+1D115;MUSICAL SYMBOL BRACKET;So;0;L;;;;;N;;;;;
+1D116;MUSICAL SYMBOL ONE-LINE STAFF;So;0;L;;;;;N;;;;;
+1D117;MUSICAL SYMBOL TWO-LINE STAFF;So;0;L;;;;;N;;;;;
+1D118;MUSICAL SYMBOL THREE-LINE STAFF;So;0;L;;;;;N;;;;;
+1D119;MUSICAL SYMBOL FOUR-LINE STAFF;So;0;L;;;;;N;;;;;
+1D11A;MUSICAL SYMBOL FIVE-LINE STAFF;So;0;L;;;;;N;;;;;
+1D11B;MUSICAL SYMBOL SIX-LINE STAFF;So;0;L;;;;;N;;;;;
+1D11C;MUSICAL SYMBOL SIX-STRING FRETBOARD;So;0;L;;;;;N;;;;;
+1D11D;MUSICAL SYMBOL FOUR-STRING FRETBOARD;So;0;L;;;;;N;;;;;
+1D11E;MUSICAL SYMBOL G CLEF;So;0;L;;;;;N;;;;;
+1D11F;MUSICAL SYMBOL G CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;;
+1D120;MUSICAL SYMBOL G CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;;
+1D121;MUSICAL SYMBOL C CLEF;So;0;L;;;;;N;;;;;
+1D122;MUSICAL SYMBOL F CLEF;So;0;L;;;;;N;;;;;
+1D123;MUSICAL SYMBOL F CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;;
+1D124;MUSICAL SYMBOL F CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;;
+1D125;MUSICAL SYMBOL DRUM CLEF-1;So;0;L;;;;;N;;;;;
+1D126;MUSICAL SYMBOL DRUM CLEF-2;So;0;L;;;;;N;;;;;
+1D12A;MUSICAL SYMBOL DOUBLE SHARP;So;0;L;;;;;N;;;;;
+1D12B;MUSICAL SYMBOL DOUBLE FLAT;So;0;L;;;;;N;;;;;
+1D12C;MUSICAL SYMBOL FLAT UP;So;0;L;;;;;N;;;;;
+1D12D;MUSICAL SYMBOL FLAT DOWN;So;0;L;;;;;N;;;;;
+1D12E;MUSICAL SYMBOL NATURAL UP;So;0;L;;;;;N;;;;;
+1D12F;MUSICAL SYMBOL NATURAL DOWN;So;0;L;;;;;N;;;;;
+1D130;MUSICAL SYMBOL SHARP UP;So;0;L;;;;;N;;;;;
+1D131;MUSICAL SYMBOL SHARP DOWN;So;0;L;;;;;N;;;;;
+1D132;MUSICAL SYMBOL QUARTER TONE SHARP;So;0;L;;;;;N;;;;;
+1D133;MUSICAL SYMBOL QUARTER TONE FLAT;So;0;L;;;;;N;;;;;
+1D134;MUSICAL SYMBOL COMMON TIME;So;0;L;;;;;N;;;;;
+1D135;MUSICAL SYMBOL CUT TIME;So;0;L;;;;;N;;;;;
+1D136;MUSICAL SYMBOL OTTAVA ALTA;So;0;L;;;;;N;;;;;
+1D137;MUSICAL SYMBOL OTTAVA BASSA;So;0;L;;;;;N;;;;;
+1D138;MUSICAL SYMBOL QUINDICESIMA ALTA;So;0;L;;;;;N;;;;;
+1D139;MUSICAL SYMBOL QUINDICESIMA BASSA;So;0;L;;;;;N;;;;;
+1D13A;MUSICAL SYMBOL MULTI REST;So;0;L;;;;;N;;;;;
+1D13B;MUSICAL SYMBOL WHOLE REST;So;0;L;;;;;N;;;;;
+1D13C;MUSICAL SYMBOL HALF REST;So;0;L;;;;;N;;;;;
+1D13D;MUSICAL SYMBOL QUARTER REST;So;0;L;;;;;N;;;;;
+1D13E;MUSICAL SYMBOL EIGHTH REST;So;0;L;;;;;N;;;;;
+1D13F;MUSICAL SYMBOL SIXTEENTH REST;So;0;L;;;;;N;;;;;
+1D140;MUSICAL SYMBOL THIRTY-SECOND REST;So;0;L;;;;;N;;;;;
+1D141;MUSICAL SYMBOL SIXTY-FOURTH REST;So;0;L;;;;;N;;;;;
+1D142;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH REST;So;0;L;;;;;N;;;;;
+1D143;MUSICAL SYMBOL X NOTEHEAD;So;0;L;;;;;N;;;;;
+1D144;MUSICAL SYMBOL PLUS NOTEHEAD;So;0;L;;;;;N;;;;;
+1D145;MUSICAL SYMBOL CIRCLE X NOTEHEAD;So;0;L;;;;;N;;;;;
+1D146;MUSICAL SYMBOL SQUARE NOTEHEAD WHITE;So;0;L;;;;;N;;;;;
+1D147;MUSICAL SYMBOL SQUARE NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D148;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP WHITE;So;0;L;;;;;N;;;;;
+1D149;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP BLACK;So;0;L;;;;;N;;;;;
+1D14A;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT WHITE;So;0;L;;;;;N;;;;;
+1D14B;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT BLACK;So;0;L;;;;;N;;;;;
+1D14C;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT WHITE;So;0;L;;;;;N;;;;;
+1D14D;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT BLACK;So;0;L;;;;;N;;;;;
+1D14E;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;;
+1D14F;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;;
+1D150;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT WHITE;So;0;L;;;;;N;;;;;
+1D151;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT BLACK;So;0;L;;;;;N;;;;;
+1D152;MUSICAL SYMBOL MOON NOTEHEAD WHITE;So;0;L;;;;;N;;;;;
+1D153;MUSICAL SYMBOL MOON NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D154;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;;
+1D155;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;;
+1D156;MUSICAL SYMBOL PARENTHESIS NOTEHEAD;So;0;L;;;;;N;;;;;
+1D157;MUSICAL SYMBOL VOID NOTEHEAD;So;0;L;;;;;N;;;;;
+1D158;MUSICAL SYMBOL NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D159;MUSICAL SYMBOL NULL NOTEHEAD;So;0;L;;;;;N;;;;;
+1D15A;MUSICAL SYMBOL CLUSTER NOTEHEAD WHITE;So;0;L;;;;;N;;;;;
+1D15B;MUSICAL SYMBOL CLUSTER NOTEHEAD BLACK;So;0;L;;;;;N;;;;;
+1D15C;MUSICAL SYMBOL BREVE;So;0;L;;;;;N;;;;;
+1D15D;MUSICAL SYMBOL WHOLE NOTE;So;0;L;;;;;N;;;;;
+1D15E;MUSICAL SYMBOL HALF NOTE;So;0;L;1D157 1D165;;;;N;;;;;
+1D15F;MUSICAL SYMBOL QUARTER NOTE;So;0;L;1D158 1D165;;;;N;;;;;
+1D160;MUSICAL SYMBOL EIGHTH NOTE;So;0;L;1D15F 1D16E;;;;N;;;;;
+1D161;MUSICAL SYMBOL SIXTEENTH NOTE;So;0;L;1D15F 1D16F;;;;N;;;;;
+1D162;MUSICAL SYMBOL THIRTY-SECOND NOTE;So;0;L;1D15F 1D170;;;;N;;;;;
+1D163;MUSICAL SYMBOL SIXTY-FOURTH NOTE;So;0;L;1D15F 1D171;;;;N;;;;;
+1D164;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE;So;0;L;1D15F 1D172;;;;N;;;;;
+1D165;MUSICAL SYMBOL COMBINING STEM;Mc;216;L;;;;;N;;;;;
+1D166;MUSICAL SYMBOL COMBINING SPRECHGESANG STEM;Mc;216;L;;;;;N;;;;;
+1D167;MUSICAL SYMBOL COMBINING TREMOLO-1;Mn;1;NSM;;;;;N;;;;;
+1D168;MUSICAL SYMBOL COMBINING TREMOLO-2;Mn;1;NSM;;;;;N;;;;;
+1D169;MUSICAL SYMBOL COMBINING TREMOLO-3;Mn;1;NSM;;;;;N;;;;;
+1D16A;MUSICAL SYMBOL FINGERED TREMOLO-1;So;0;L;;;;;N;;;;;
+1D16B;MUSICAL SYMBOL FINGERED TREMOLO-2;So;0;L;;;;;N;;;;;
+1D16C;MUSICAL SYMBOL FINGERED TREMOLO-3;So;0;L;;;;;N;;;;;
+1D16D;MUSICAL SYMBOL COMBINING AUGMENTATION DOT;Mc;226;L;;;;;N;;;;;
+1D16E;MUSICAL SYMBOL COMBINING FLAG-1;Mc;216;L;;;;;N;;;;;
+1D16F;MUSICAL SYMBOL COMBINING FLAG-2;Mc;216;L;;;;;N;;;;;
+1D170;MUSICAL SYMBOL COMBINING FLAG-3;Mc;216;L;;;;;N;;;;;
+1D171;MUSICAL SYMBOL COMBINING FLAG-4;Mc;216;L;;;;;N;;;;;
+1D172;MUSICAL SYMBOL COMBINING FLAG-5;Mc;216;L;;;;;N;;;;;
+1D173;MUSICAL SYMBOL BEGIN BEAM;Cf;0;BN;;;;;N;;;;;
+1D174;MUSICAL SYMBOL END BEAM;Cf;0;BN;;;;;N;;;;;
+1D175;MUSICAL SYMBOL BEGIN TIE;Cf;0;BN;;;;;N;;;;;
+1D176;MUSICAL SYMBOL END TIE;Cf;0;BN;;;;;N;;;;;
+1D177;MUSICAL SYMBOL BEGIN SLUR;Cf;0;BN;;;;;N;;;;;
+1D178;MUSICAL SYMBOL END SLUR;Cf;0;BN;;;;;N;;;;;
+1D179;MUSICAL SYMBOL BEGIN PHRASE;Cf;0;BN;;;;;N;;;;;
+1D17A;MUSICAL SYMBOL END PHRASE;Cf;0;BN;;;;;N;;;;;
+1D17B;MUSICAL SYMBOL COMBINING ACCENT;Mn;220;NSM;;;;;N;;;;;
+1D17C;MUSICAL SYMBOL COMBINING STACCATO;Mn;220;NSM;;;;;N;;;;;
+1D17D;MUSICAL SYMBOL COMBINING TENUTO;Mn;220;NSM;;;;;N;;;;;
+1D17E;MUSICAL SYMBOL COMBINING STACCATISSIMO;Mn;220;NSM;;;;;N;;;;;
+1D17F;MUSICAL SYMBOL COMBINING MARCATO;Mn;220;NSM;;;;;N;;;;;
+1D180;MUSICAL SYMBOL COMBINING MARCATO-STACCATO;Mn;220;NSM;;;;;N;;;;;
+1D181;MUSICAL SYMBOL COMBINING ACCENT-STACCATO;Mn;220;NSM;;;;;N;;;;;
+1D182;MUSICAL SYMBOL COMBINING LOURE;Mn;220;NSM;;;;;N;;;;;
+1D183;MUSICAL SYMBOL ARPEGGIATO UP;So;0;L;;;;;N;;;;;
+1D184;MUSICAL SYMBOL ARPEGGIATO DOWN;So;0;L;;;;;N;;;;;
+1D185;MUSICAL SYMBOL COMBINING DOIT;Mn;230;NSM;;;;;N;;;;;
+1D186;MUSICAL SYMBOL COMBINING RIP;Mn;230;NSM;;;;;N;;;;;
+1D187;MUSICAL SYMBOL COMBINING FLIP;Mn;230;NSM;;;;;N;;;;;
+1D188;MUSICAL SYMBOL COMBINING SMEAR;Mn;230;NSM;;;;;N;;;;;
+1D189;MUSICAL SYMBOL COMBINING BEND;Mn;230;NSM;;;;;N;;;;;
+1D18A;MUSICAL SYMBOL COMBINING DOUBLE TONGUE;Mn;220;NSM;;;;;N;;;;;
+1D18B;MUSICAL SYMBOL COMBINING TRIPLE TONGUE;Mn;220;NSM;;;;;N;;;;;
+1D18C;MUSICAL SYMBOL RINFORZANDO;So;0;L;;;;;N;;;;;
+1D18D;MUSICAL SYMBOL SUBITO;So;0;L;;;;;N;;;;;
+1D18E;MUSICAL SYMBOL Z;So;0;L;;;;;N;;;;;
+1D18F;MUSICAL SYMBOL PIANO;So;0;L;;;;;N;;;;;
+1D190;MUSICAL SYMBOL MEZZO;So;0;L;;;;;N;;;;;
+1D191;MUSICAL SYMBOL FORTE;So;0;L;;;;;N;;;;;
+1D192;MUSICAL SYMBOL CRESCENDO;So;0;L;;;;;N;;;;;
+1D193;MUSICAL SYMBOL DECRESCENDO;So;0;L;;;;;N;;;;;
+1D194;MUSICAL SYMBOL GRACE NOTE SLASH;So;0;L;;;;;N;;;;;
+1D195;MUSICAL SYMBOL GRACE NOTE NO SLASH;So;0;L;;;;;N;;;;;
+1D196;MUSICAL SYMBOL TR;So;0;L;;;;;N;;;;;
+1D197;MUSICAL SYMBOL TURN;So;0;L;;;;;N;;;;;
+1D198;MUSICAL SYMBOL INVERTED TURN;So;0;L;;;;;N;;;;;
+1D199;MUSICAL SYMBOL TURN SLASH;So;0;L;;;;;N;;;;;
+1D19A;MUSICAL SYMBOL TURN UP;So;0;L;;;;;N;;;;;
+1D19B;MUSICAL SYMBOL ORNAMENT STROKE-1;So;0;L;;;;;N;;;;;
+1D19C;MUSICAL SYMBOL ORNAMENT STROKE-2;So;0;L;;;;;N;;;;;
+1D19D;MUSICAL SYMBOL ORNAMENT STROKE-3;So;0;L;;;;;N;;;;;
+1D19E;MUSICAL SYMBOL ORNAMENT STROKE-4;So;0;L;;;;;N;;;;;
+1D19F;MUSICAL SYMBOL ORNAMENT STROKE-5;So;0;L;;;;;N;;;;;
+1D1A0;MUSICAL SYMBOL ORNAMENT STROKE-6;So;0;L;;;;;N;;;;;
+1D1A1;MUSICAL SYMBOL ORNAMENT STROKE-7;So;0;L;;;;;N;;;;;
+1D1A2;MUSICAL SYMBOL ORNAMENT STROKE-8;So;0;L;;;;;N;;;;;
+1D1A3;MUSICAL SYMBOL ORNAMENT STROKE-9;So;0;L;;;;;N;;;;;
+1D1A4;MUSICAL SYMBOL ORNAMENT STROKE-10;So;0;L;;;;;N;;;;;
+1D1A5;MUSICAL SYMBOL ORNAMENT STROKE-11;So;0;L;;;;;N;;;;;
+1D1A6;MUSICAL SYMBOL HAUPTSTIMME;So;0;L;;;;;N;;;;;
+1D1A7;MUSICAL SYMBOL NEBENSTIMME;So;0;L;;;;;N;;;;;
+1D1A8;MUSICAL SYMBOL END OF STIMME;So;0;L;;;;;N;;;;;
+1D1A9;MUSICAL SYMBOL DEGREE SLASH;So;0;L;;;;;N;;;;;
+1D1AA;MUSICAL SYMBOL COMBINING DOWN BOW;Mn;230;NSM;;;;;N;;;;;
+1D1AB;MUSICAL SYMBOL COMBINING UP BOW;Mn;230;NSM;;;;;N;;;;;
+1D1AC;MUSICAL SYMBOL COMBINING HARMONIC;Mn;230;NSM;;;;;N;;;;;
+1D1AD;MUSICAL SYMBOL COMBINING SNAP PIZZICATO;Mn;230;NSM;;;;;N;;;;;
+1D1AE;MUSICAL SYMBOL PEDAL MARK;So;0;L;;;;;N;;;;;
+1D1AF;MUSICAL SYMBOL PEDAL UP MARK;So;0;L;;;;;N;;;;;
+1D1B0;MUSICAL SYMBOL HALF PEDAL MARK;So;0;L;;;;;N;;;;;
+1D1B1;MUSICAL SYMBOL GLISSANDO UP;So;0;L;;;;;N;;;;;
+1D1B2;MUSICAL SYMBOL GLISSANDO DOWN;So;0;L;;;;;N;;;;;
+1D1B3;MUSICAL SYMBOL WITH FINGERNAILS;So;0;L;;;;;N;;;;;
+1D1B4;MUSICAL SYMBOL DAMP;So;0;L;;;;;N;;;;;
+1D1B5;MUSICAL SYMBOL DAMP ALL;So;0;L;;;;;N;;;;;
+1D1B6;MUSICAL SYMBOL MAXIMA;So;0;L;;;;;N;;;;;
+1D1B7;MUSICAL SYMBOL LONGA;So;0;L;;;;;N;;;;;
+1D1B8;MUSICAL SYMBOL BREVIS;So;0;L;;;;;N;;;;;
+1D1B9;MUSICAL SYMBOL SEMIBREVIS WHITE;So;0;L;;;;;N;;;;;
+1D1BA;MUSICAL SYMBOL SEMIBREVIS BLACK;So;0;L;;;;;N;;;;;
+1D1BB;MUSICAL SYMBOL MINIMA;So;0;L;1D1B9 1D165;;;;N;;;;;
+1D1BC;MUSICAL SYMBOL MINIMA BLACK;So;0;L;1D1BA 1D165;;;;N;;;;;
+1D1BD;MUSICAL SYMBOL SEMIMINIMA WHITE;So;0;L;1D1BB 1D16E;;;;N;;;;;
+1D1BE;MUSICAL SYMBOL SEMIMINIMA BLACK;So;0;L;1D1BC 1D16E;;;;N;;;;;
+1D1BF;MUSICAL SYMBOL FUSA WHITE;So;0;L;1D1BB 1D16F;;;;N;;;;;
+1D1C0;MUSICAL SYMBOL FUSA BLACK;So;0;L;1D1BC 1D16F;;;;N;;;;;
+1D1C1;MUSICAL SYMBOL LONGA PERFECTA REST;So;0;L;;;;;N;;;;;
+1D1C2;MUSICAL SYMBOL LONGA IMPERFECTA REST;So;0;L;;;;;N;;;;;
+1D1C3;MUSICAL SYMBOL BREVIS REST;So;0;L;;;;;N;;;;;
+1D1C4;MUSICAL SYMBOL SEMIBREVIS REST;So;0;L;;;;;N;;;;;
+1D1C5;MUSICAL SYMBOL MINIMA REST;So;0;L;;;;;N;;;;;
+1D1C6;MUSICAL SYMBOL SEMIMINIMA REST;So;0;L;;;;;N;;;;;
+1D1C7;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;;
+1D1C8;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;;
+1D1C9;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;;
+1D1CA;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;;
+1D1CB;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;;
+1D1CC;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;;
+1D1CD;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-2;So;0;L;;;;;N;;;;;
+1D1CE;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-3;So;0;L;;;;;N;;;;;
+1D1CF;MUSICAL SYMBOL CROIX;So;0;L;;;;;N;;;;;
+1D1D0;MUSICAL SYMBOL GREGORIAN C CLEF;So;0;L;;;;;N;;;;;
+1D1D1;MUSICAL SYMBOL GREGORIAN F CLEF;So;0;L;;;;;N;;;;;
+1D1D2;MUSICAL SYMBOL SQUARE B;So;0;L;;;;;N;;;;;
+1D1D3;MUSICAL SYMBOL VIRGA;So;0;L;;;;;N;;;;;
+1D1D4;MUSICAL SYMBOL PODATUS;So;0;L;;;;;N;;;;;
+1D1D5;MUSICAL SYMBOL CLIVIS;So;0;L;;;;;N;;;;;
+1D1D6;MUSICAL SYMBOL SCANDICUS;So;0;L;;;;;N;;;;;
+1D1D7;MUSICAL SYMBOL CLIMACUS;So;0;L;;;;;N;;;;;
+1D1D8;MUSICAL SYMBOL TORCULUS;So;0;L;;;;;N;;;;;
+1D1D9;MUSICAL SYMBOL PORRECTUS;So;0;L;;;;;N;;;;;
+1D1DA;MUSICAL SYMBOL PORRECTUS FLEXUS;So;0;L;;;;;N;;;;;
+1D1DB;MUSICAL SYMBOL SCANDICUS FLEXUS;So;0;L;;;;;N;;;;;
+1D1DC;MUSICAL SYMBOL TORCULUS RESUPINUS;So;0;L;;;;;N;;;;;
+1D1DD;MUSICAL SYMBOL PES SUBPUNCTIS;So;0;L;;;;;N;;;;;
+1D400;MATHEMATICAL BOLD CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D401;MATHEMATICAL BOLD CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D402;MATHEMATICAL BOLD CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D403;MATHEMATICAL BOLD CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D404;MATHEMATICAL BOLD CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D405;MATHEMATICAL BOLD CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D406;MATHEMATICAL BOLD CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D407;MATHEMATICAL BOLD CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D408;MATHEMATICAL BOLD CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D409;MATHEMATICAL BOLD CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D40A;MATHEMATICAL BOLD CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D40B;MATHEMATICAL BOLD CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D40C;MATHEMATICAL BOLD CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D40D;MATHEMATICAL BOLD CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D40E;MATHEMATICAL BOLD CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D40F;MATHEMATICAL BOLD CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D410;MATHEMATICAL BOLD CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D411;MATHEMATICAL BOLD CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D412;MATHEMATICAL BOLD CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D413;MATHEMATICAL BOLD CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D414;MATHEMATICAL BOLD CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D415;MATHEMATICAL BOLD CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D416;MATHEMATICAL BOLD CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D417;MATHEMATICAL BOLD CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D418;MATHEMATICAL BOLD CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D419;MATHEMATICAL BOLD CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D41A;MATHEMATICAL BOLD SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D41B;MATHEMATICAL BOLD SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D41C;MATHEMATICAL BOLD SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D41D;MATHEMATICAL BOLD SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D41E;MATHEMATICAL BOLD SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D41F;MATHEMATICAL BOLD SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D420;MATHEMATICAL BOLD SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D421;MATHEMATICAL BOLD SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D422;MATHEMATICAL BOLD SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D423;MATHEMATICAL BOLD SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D424;MATHEMATICAL BOLD SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D425;MATHEMATICAL BOLD SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D426;MATHEMATICAL BOLD SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D427;MATHEMATICAL BOLD SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D428;MATHEMATICAL BOLD SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D429;MATHEMATICAL BOLD SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D42A;MATHEMATICAL BOLD SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D42B;MATHEMATICAL BOLD SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D42C;MATHEMATICAL BOLD SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D42D;MATHEMATICAL BOLD SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D42E;MATHEMATICAL BOLD SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D42F;MATHEMATICAL BOLD SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D430;MATHEMATICAL BOLD SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D431;MATHEMATICAL BOLD SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D432;MATHEMATICAL BOLD SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D433;MATHEMATICAL BOLD SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D434;MATHEMATICAL ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D435;MATHEMATICAL ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D436;MATHEMATICAL ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D437;MATHEMATICAL ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D438;MATHEMATICAL ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D439;MATHEMATICAL ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D43A;MATHEMATICAL ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D43B;MATHEMATICAL ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D43C;MATHEMATICAL ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D43D;MATHEMATICAL ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D43E;MATHEMATICAL ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D43F;MATHEMATICAL ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D440;MATHEMATICAL ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D441;MATHEMATICAL ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D442;MATHEMATICAL ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D443;MATHEMATICAL ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D444;MATHEMATICAL ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D445;MATHEMATICAL ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D446;MATHEMATICAL ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D447;MATHEMATICAL ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D448;MATHEMATICAL ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D449;MATHEMATICAL ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D44A;MATHEMATICAL ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D44B;MATHEMATICAL ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D44C;MATHEMATICAL ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D44D;MATHEMATICAL ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D44E;MATHEMATICAL ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D44F;MATHEMATICAL ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D450;MATHEMATICAL ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D451;MATHEMATICAL ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D452;MATHEMATICAL ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D453;MATHEMATICAL ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D454;MATHEMATICAL ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D456;MATHEMATICAL ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D457;MATHEMATICAL ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D458;MATHEMATICAL ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D459;MATHEMATICAL ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D45A;MATHEMATICAL ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D45B;MATHEMATICAL ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D45C;MATHEMATICAL ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D45D;MATHEMATICAL ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D45E;MATHEMATICAL ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D45F;MATHEMATICAL ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D460;MATHEMATICAL ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D461;MATHEMATICAL ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D462;MATHEMATICAL ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D463;MATHEMATICAL ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D464;MATHEMATICAL ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D465;MATHEMATICAL ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D466;MATHEMATICAL ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D467;MATHEMATICAL ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D468;MATHEMATICAL BOLD ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D469;MATHEMATICAL BOLD ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D46A;MATHEMATICAL BOLD ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D46B;MATHEMATICAL BOLD ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D46C;MATHEMATICAL BOLD ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D46D;MATHEMATICAL BOLD ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D46E;MATHEMATICAL BOLD ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D46F;MATHEMATICAL BOLD ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D470;MATHEMATICAL BOLD ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D471;MATHEMATICAL BOLD ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D472;MATHEMATICAL BOLD ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D473;MATHEMATICAL BOLD ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D474;MATHEMATICAL BOLD ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D475;MATHEMATICAL BOLD ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D476;MATHEMATICAL BOLD ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D477;MATHEMATICAL BOLD ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D478;MATHEMATICAL BOLD ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D479;MATHEMATICAL BOLD ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D47A;MATHEMATICAL BOLD ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D47B;MATHEMATICAL BOLD ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D47C;MATHEMATICAL BOLD ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D47D;MATHEMATICAL BOLD ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D47E;MATHEMATICAL BOLD ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D47F;MATHEMATICAL BOLD ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D480;MATHEMATICAL BOLD ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D481;MATHEMATICAL BOLD ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D482;MATHEMATICAL BOLD ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D483;MATHEMATICAL BOLD ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D484;MATHEMATICAL BOLD ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D485;MATHEMATICAL BOLD ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D486;MATHEMATICAL BOLD ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D487;MATHEMATICAL BOLD ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D488;MATHEMATICAL BOLD ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D489;MATHEMATICAL BOLD ITALIC SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D48A;MATHEMATICAL BOLD ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D48B;MATHEMATICAL BOLD ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D48C;MATHEMATICAL BOLD ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D48D;MATHEMATICAL BOLD ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D48E;MATHEMATICAL BOLD ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D48F;MATHEMATICAL BOLD ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D490;MATHEMATICAL BOLD ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D491;MATHEMATICAL BOLD ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D492;MATHEMATICAL BOLD ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D493;MATHEMATICAL BOLD ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D494;MATHEMATICAL BOLD ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D495;MATHEMATICAL BOLD ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D496;MATHEMATICAL BOLD ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D497;MATHEMATICAL BOLD ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D498;MATHEMATICAL BOLD ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D499;MATHEMATICAL BOLD ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D49A;MATHEMATICAL BOLD ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D49B;MATHEMATICAL BOLD ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D49C;MATHEMATICAL SCRIPT CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D49E;MATHEMATICAL SCRIPT CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D49F;MATHEMATICAL SCRIPT CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D4A2;MATHEMATICAL SCRIPT CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D4A5;MATHEMATICAL SCRIPT CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D4A6;MATHEMATICAL SCRIPT CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D4A9;MATHEMATICAL SCRIPT CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D4AA;MATHEMATICAL SCRIPT CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D4AB;MATHEMATICAL SCRIPT CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D4AC;MATHEMATICAL SCRIPT CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D4AE;MATHEMATICAL SCRIPT CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D4AF;MATHEMATICAL SCRIPT CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D4B0;MATHEMATICAL SCRIPT CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D4B1;MATHEMATICAL SCRIPT CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D4B2;MATHEMATICAL SCRIPT CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D4B3;MATHEMATICAL SCRIPT CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D4B4;MATHEMATICAL SCRIPT CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D4B5;MATHEMATICAL SCRIPT CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D4B6;MATHEMATICAL SCRIPT SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D4B7;MATHEMATICAL SCRIPT SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D4B8;MATHEMATICAL SCRIPT SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D4B9;MATHEMATICAL SCRIPT SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D4BB;MATHEMATICAL SCRIPT SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D4BD;MATHEMATICAL SCRIPT SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D4BE;MATHEMATICAL SCRIPT SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D4BF;MATHEMATICAL SCRIPT SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D4C0;MATHEMATICAL SCRIPT SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D4C2;MATHEMATICAL SCRIPT SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D4C3;MATHEMATICAL SCRIPT SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D4C5;MATHEMATICAL SCRIPT SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D4C6;MATHEMATICAL SCRIPT SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D4C7;MATHEMATICAL SCRIPT SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D4C8;MATHEMATICAL SCRIPT SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D4C9;MATHEMATICAL SCRIPT SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D4CA;MATHEMATICAL SCRIPT SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D4CB;MATHEMATICAL SCRIPT SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D4CC;MATHEMATICAL SCRIPT SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D4CD;MATHEMATICAL SCRIPT SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D4CE;MATHEMATICAL SCRIPT SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D4CF;MATHEMATICAL SCRIPT SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D4D0;MATHEMATICAL BOLD SCRIPT CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D4D1;MATHEMATICAL BOLD SCRIPT CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D4D2;MATHEMATICAL BOLD SCRIPT CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D4D3;MATHEMATICAL BOLD SCRIPT CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D4D4;MATHEMATICAL BOLD SCRIPT CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D4D5;MATHEMATICAL BOLD SCRIPT CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D4D6;MATHEMATICAL BOLD SCRIPT CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D4D7;MATHEMATICAL BOLD SCRIPT CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D4D8;MATHEMATICAL BOLD SCRIPT CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D4D9;MATHEMATICAL BOLD SCRIPT CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D4DA;MATHEMATICAL BOLD SCRIPT CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D4DB;MATHEMATICAL BOLD SCRIPT CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D4DC;MATHEMATICAL BOLD SCRIPT CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D4DD;MATHEMATICAL BOLD SCRIPT CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D4DE;MATHEMATICAL BOLD SCRIPT CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D4DF;MATHEMATICAL BOLD SCRIPT CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D4E0;MATHEMATICAL BOLD SCRIPT CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D4E1;MATHEMATICAL BOLD SCRIPT CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D4E2;MATHEMATICAL BOLD SCRIPT CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D4E3;MATHEMATICAL BOLD SCRIPT CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D4E4;MATHEMATICAL BOLD SCRIPT CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D4E5;MATHEMATICAL BOLD SCRIPT CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D4E6;MATHEMATICAL BOLD SCRIPT CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D4E7;MATHEMATICAL BOLD SCRIPT CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D4E8;MATHEMATICAL BOLD SCRIPT CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D4E9;MATHEMATICAL BOLD SCRIPT CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D4EA;MATHEMATICAL BOLD SCRIPT SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D4EB;MATHEMATICAL BOLD SCRIPT SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D4EC;MATHEMATICAL BOLD SCRIPT SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D4ED;MATHEMATICAL BOLD SCRIPT SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D4EE;MATHEMATICAL BOLD SCRIPT SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D4EF;MATHEMATICAL BOLD SCRIPT SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D4F0;MATHEMATICAL BOLD SCRIPT SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D4F1;MATHEMATICAL BOLD SCRIPT SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D4F2;MATHEMATICAL BOLD SCRIPT SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D4F3;MATHEMATICAL BOLD SCRIPT SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D4F4;MATHEMATICAL BOLD SCRIPT SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D4F5;MATHEMATICAL BOLD SCRIPT SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D4F6;MATHEMATICAL BOLD SCRIPT SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D4F7;MATHEMATICAL BOLD SCRIPT SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D4F8;MATHEMATICAL BOLD SCRIPT SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D4F9;MATHEMATICAL BOLD SCRIPT SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D4FA;MATHEMATICAL BOLD SCRIPT SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D4FB;MATHEMATICAL BOLD SCRIPT SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D4FC;MATHEMATICAL BOLD SCRIPT SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D4FD;MATHEMATICAL BOLD SCRIPT SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D4FE;MATHEMATICAL BOLD SCRIPT SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D4FF;MATHEMATICAL BOLD SCRIPT SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D500;MATHEMATICAL BOLD SCRIPT SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D501;MATHEMATICAL BOLD SCRIPT SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D502;MATHEMATICAL BOLD SCRIPT SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D503;MATHEMATICAL BOLD SCRIPT SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D504;MATHEMATICAL FRAKTUR CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D505;MATHEMATICAL FRAKTUR CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D507;MATHEMATICAL FRAKTUR CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D508;MATHEMATICAL FRAKTUR CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D509;MATHEMATICAL FRAKTUR CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D50A;MATHEMATICAL FRAKTUR CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D50D;MATHEMATICAL FRAKTUR CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D50E;MATHEMATICAL FRAKTUR CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D50F;MATHEMATICAL FRAKTUR CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D510;MATHEMATICAL FRAKTUR CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D511;MATHEMATICAL FRAKTUR CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D512;MATHEMATICAL FRAKTUR CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D513;MATHEMATICAL FRAKTUR CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D514;MATHEMATICAL FRAKTUR CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D516;MATHEMATICAL FRAKTUR CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D517;MATHEMATICAL FRAKTUR CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D518;MATHEMATICAL FRAKTUR CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D519;MATHEMATICAL FRAKTUR CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D51A;MATHEMATICAL FRAKTUR CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D51B;MATHEMATICAL FRAKTUR CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D51C;MATHEMATICAL FRAKTUR CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D51E;MATHEMATICAL FRAKTUR SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D51F;MATHEMATICAL FRAKTUR SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D520;MATHEMATICAL FRAKTUR SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D521;MATHEMATICAL FRAKTUR SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D522;MATHEMATICAL FRAKTUR SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D523;MATHEMATICAL FRAKTUR SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D524;MATHEMATICAL FRAKTUR SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D525;MATHEMATICAL FRAKTUR SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D526;MATHEMATICAL FRAKTUR SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D527;MATHEMATICAL FRAKTUR SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D528;MATHEMATICAL FRAKTUR SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D529;MATHEMATICAL FRAKTUR SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D52A;MATHEMATICAL FRAKTUR SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D52B;MATHEMATICAL FRAKTUR SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D52C;MATHEMATICAL FRAKTUR SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D52D;MATHEMATICAL FRAKTUR SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D52E;MATHEMATICAL FRAKTUR SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D52F;MATHEMATICAL FRAKTUR SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D530;MATHEMATICAL FRAKTUR SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D531;MATHEMATICAL FRAKTUR SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D532;MATHEMATICAL FRAKTUR SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D533;MATHEMATICAL FRAKTUR SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D534;MATHEMATICAL FRAKTUR SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D535;MATHEMATICAL FRAKTUR SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D536;MATHEMATICAL FRAKTUR SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D537;MATHEMATICAL FRAKTUR SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D538;MATHEMATICAL DOUBLE-STRUCK CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D539;MATHEMATICAL DOUBLE-STRUCK CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D53B;MATHEMATICAL DOUBLE-STRUCK CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D53C;MATHEMATICAL DOUBLE-STRUCK CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D53D;MATHEMATICAL DOUBLE-STRUCK CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D53E;MATHEMATICAL DOUBLE-STRUCK CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D540;MATHEMATICAL DOUBLE-STRUCK CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D541;MATHEMATICAL DOUBLE-STRUCK CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D542;MATHEMATICAL DOUBLE-STRUCK CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D543;MATHEMATICAL DOUBLE-STRUCK CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D544;MATHEMATICAL DOUBLE-STRUCK CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D546;MATHEMATICAL DOUBLE-STRUCK CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D54A;MATHEMATICAL DOUBLE-STRUCK CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D54B;MATHEMATICAL DOUBLE-STRUCK CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D54C;MATHEMATICAL DOUBLE-STRUCK CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D54D;MATHEMATICAL DOUBLE-STRUCK CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D54E;MATHEMATICAL DOUBLE-STRUCK CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D54F;MATHEMATICAL DOUBLE-STRUCK CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D550;MATHEMATICAL DOUBLE-STRUCK CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D552;MATHEMATICAL DOUBLE-STRUCK SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D553;MATHEMATICAL DOUBLE-STRUCK SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D554;MATHEMATICAL DOUBLE-STRUCK SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D555;MATHEMATICAL DOUBLE-STRUCK SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D556;MATHEMATICAL DOUBLE-STRUCK SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D557;MATHEMATICAL DOUBLE-STRUCK SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D558;MATHEMATICAL DOUBLE-STRUCK SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D559;MATHEMATICAL DOUBLE-STRUCK SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D55A;MATHEMATICAL DOUBLE-STRUCK SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D55B;MATHEMATICAL DOUBLE-STRUCK SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D55C;MATHEMATICAL DOUBLE-STRUCK SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D55D;MATHEMATICAL DOUBLE-STRUCK SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D55E;MATHEMATICAL DOUBLE-STRUCK SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D55F;MATHEMATICAL DOUBLE-STRUCK SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D560;MATHEMATICAL DOUBLE-STRUCK SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D561;MATHEMATICAL DOUBLE-STRUCK SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D562;MATHEMATICAL DOUBLE-STRUCK SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D563;MATHEMATICAL DOUBLE-STRUCK SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D564;MATHEMATICAL DOUBLE-STRUCK SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D565;MATHEMATICAL DOUBLE-STRUCK SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D566;MATHEMATICAL DOUBLE-STRUCK SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D567;MATHEMATICAL DOUBLE-STRUCK SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D568;MATHEMATICAL DOUBLE-STRUCK SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D569;MATHEMATICAL DOUBLE-STRUCK SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D56A;MATHEMATICAL DOUBLE-STRUCK SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D56B;MATHEMATICAL DOUBLE-STRUCK SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D56C;MATHEMATICAL BOLD FRAKTUR CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D56D;MATHEMATICAL BOLD FRAKTUR CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D56E;MATHEMATICAL BOLD FRAKTUR CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D56F;MATHEMATICAL BOLD FRAKTUR CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D570;MATHEMATICAL BOLD FRAKTUR CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D571;MATHEMATICAL BOLD FRAKTUR CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D572;MATHEMATICAL BOLD FRAKTUR CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D573;MATHEMATICAL BOLD FRAKTUR CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D574;MATHEMATICAL BOLD FRAKTUR CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D575;MATHEMATICAL BOLD FRAKTUR CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D576;MATHEMATICAL BOLD FRAKTUR CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D577;MATHEMATICAL BOLD FRAKTUR CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D578;MATHEMATICAL BOLD FRAKTUR CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D579;MATHEMATICAL BOLD FRAKTUR CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D57A;MATHEMATICAL BOLD FRAKTUR CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D57B;MATHEMATICAL BOLD FRAKTUR CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D57C;MATHEMATICAL BOLD FRAKTUR CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D57D;MATHEMATICAL BOLD FRAKTUR CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D57E;MATHEMATICAL BOLD FRAKTUR CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D57F;MATHEMATICAL BOLD FRAKTUR CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D580;MATHEMATICAL BOLD FRAKTUR CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D581;MATHEMATICAL BOLD FRAKTUR CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D582;MATHEMATICAL BOLD FRAKTUR CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D583;MATHEMATICAL BOLD FRAKTUR CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D584;MATHEMATICAL BOLD FRAKTUR CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D585;MATHEMATICAL BOLD FRAKTUR CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D586;MATHEMATICAL BOLD FRAKTUR SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D587;MATHEMATICAL BOLD FRAKTUR SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D588;MATHEMATICAL BOLD FRAKTUR SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D589;MATHEMATICAL BOLD FRAKTUR SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D58A;MATHEMATICAL BOLD FRAKTUR SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D58B;MATHEMATICAL BOLD FRAKTUR SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D58C;MATHEMATICAL BOLD FRAKTUR SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D58D;MATHEMATICAL BOLD FRAKTUR SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D58E;MATHEMATICAL BOLD FRAKTUR SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D58F;MATHEMATICAL BOLD FRAKTUR SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D590;MATHEMATICAL BOLD FRAKTUR SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D591;MATHEMATICAL BOLD FRAKTUR SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D592;MATHEMATICAL BOLD FRAKTUR SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D593;MATHEMATICAL BOLD FRAKTUR SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D594;MATHEMATICAL BOLD FRAKTUR SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D595;MATHEMATICAL BOLD FRAKTUR SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D596;MATHEMATICAL BOLD FRAKTUR SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D597;MATHEMATICAL BOLD FRAKTUR SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D598;MATHEMATICAL BOLD FRAKTUR SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D599;MATHEMATICAL BOLD FRAKTUR SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D59A;MATHEMATICAL BOLD FRAKTUR SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D59B;MATHEMATICAL BOLD FRAKTUR SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D59C;MATHEMATICAL BOLD FRAKTUR SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D59D;MATHEMATICAL BOLD FRAKTUR SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D59E;MATHEMATICAL BOLD FRAKTUR SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D59F;MATHEMATICAL BOLD FRAKTUR SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D5A0;MATHEMATICAL SANS-SERIF CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D5A1;MATHEMATICAL SANS-SERIF CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D5A2;MATHEMATICAL SANS-SERIF CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D5A3;MATHEMATICAL SANS-SERIF CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D5A4;MATHEMATICAL SANS-SERIF CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D5A5;MATHEMATICAL SANS-SERIF CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D5A6;MATHEMATICAL SANS-SERIF CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D5A7;MATHEMATICAL SANS-SERIF CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D5A8;MATHEMATICAL SANS-SERIF CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D5A9;MATHEMATICAL SANS-SERIF CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D5AA;MATHEMATICAL SANS-SERIF CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D5AB;MATHEMATICAL SANS-SERIF CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D5AC;MATHEMATICAL SANS-SERIF CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D5AD;MATHEMATICAL SANS-SERIF CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D5AE;MATHEMATICAL SANS-SERIF CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D5AF;MATHEMATICAL SANS-SERIF CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D5B0;MATHEMATICAL SANS-SERIF CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D5B1;MATHEMATICAL SANS-SERIF CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D5B2;MATHEMATICAL SANS-SERIF CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D5B3;MATHEMATICAL SANS-SERIF CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D5B4;MATHEMATICAL SANS-SERIF CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D5B5;MATHEMATICAL SANS-SERIF CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D5B6;MATHEMATICAL SANS-SERIF CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D5B7;MATHEMATICAL SANS-SERIF CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D5B8;MATHEMATICAL SANS-SERIF CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D5B9;MATHEMATICAL SANS-SERIF CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D5BA;MATHEMATICAL SANS-SERIF SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D5BB;MATHEMATICAL SANS-SERIF SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D5BC;MATHEMATICAL SANS-SERIF SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D5BD;MATHEMATICAL SANS-SERIF SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D5BE;MATHEMATICAL SANS-SERIF SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D5BF;MATHEMATICAL SANS-SERIF SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D5C0;MATHEMATICAL SANS-SERIF SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D5C1;MATHEMATICAL SANS-SERIF SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D5C2;MATHEMATICAL SANS-SERIF SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D5C3;MATHEMATICAL SANS-SERIF SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D5C4;MATHEMATICAL SANS-SERIF SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D5C5;MATHEMATICAL SANS-SERIF SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D5C6;MATHEMATICAL SANS-SERIF SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D5C7;MATHEMATICAL SANS-SERIF SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D5C8;MATHEMATICAL SANS-SERIF SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D5C9;MATHEMATICAL SANS-SERIF SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D5CA;MATHEMATICAL SANS-SERIF SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D5CB;MATHEMATICAL SANS-SERIF SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D5CC;MATHEMATICAL SANS-SERIF SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D5CD;MATHEMATICAL SANS-SERIF SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D5CE;MATHEMATICAL SANS-SERIF SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D5CF;MATHEMATICAL SANS-SERIF SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D5D0;MATHEMATICAL SANS-SERIF SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D5D1;MATHEMATICAL SANS-SERIF SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D5D2;MATHEMATICAL SANS-SERIF SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D5D3;MATHEMATICAL SANS-SERIF SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D5D4;MATHEMATICAL SANS-SERIF BOLD CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D5D5;MATHEMATICAL SANS-SERIF BOLD CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D5D6;MATHEMATICAL SANS-SERIF BOLD CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D5D7;MATHEMATICAL SANS-SERIF BOLD CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D5D8;MATHEMATICAL SANS-SERIF BOLD CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D5D9;MATHEMATICAL SANS-SERIF BOLD CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D5DA;MATHEMATICAL SANS-SERIF BOLD CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D5DB;MATHEMATICAL SANS-SERIF BOLD CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D5DC;MATHEMATICAL SANS-SERIF BOLD CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D5DD;MATHEMATICAL SANS-SERIF BOLD CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D5DE;MATHEMATICAL SANS-SERIF BOLD CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D5DF;MATHEMATICAL SANS-SERIF BOLD CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D5E0;MATHEMATICAL SANS-SERIF BOLD CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D5E1;MATHEMATICAL SANS-SERIF BOLD CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D5E2;MATHEMATICAL SANS-SERIF BOLD CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D5E3;MATHEMATICAL SANS-SERIF BOLD CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D5E4;MATHEMATICAL SANS-SERIF BOLD CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D5E5;MATHEMATICAL SANS-SERIF BOLD CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D5E6;MATHEMATICAL SANS-SERIF BOLD CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D5E7;MATHEMATICAL SANS-SERIF BOLD CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D5E8;MATHEMATICAL SANS-SERIF BOLD CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D5E9;MATHEMATICAL SANS-SERIF BOLD CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D5EA;MATHEMATICAL SANS-SERIF BOLD CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D5EB;MATHEMATICAL SANS-SERIF BOLD CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D5EC;MATHEMATICAL SANS-SERIF BOLD CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D5ED;MATHEMATICAL SANS-SERIF BOLD CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D5EE;MATHEMATICAL SANS-SERIF BOLD SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D5EF;MATHEMATICAL SANS-SERIF BOLD SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D5F0;MATHEMATICAL SANS-SERIF BOLD SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D5F1;MATHEMATICAL SANS-SERIF BOLD SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D5F2;MATHEMATICAL SANS-SERIF BOLD SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D5F3;MATHEMATICAL SANS-SERIF BOLD SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D5F4;MATHEMATICAL SANS-SERIF BOLD SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D5F5;MATHEMATICAL SANS-SERIF BOLD SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D5F6;MATHEMATICAL SANS-SERIF BOLD SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D5F7;MATHEMATICAL SANS-SERIF BOLD SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D5F8;MATHEMATICAL SANS-SERIF BOLD SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D5F9;MATHEMATICAL SANS-SERIF BOLD SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D5FA;MATHEMATICAL SANS-SERIF BOLD SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D5FB;MATHEMATICAL SANS-SERIF BOLD SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D5FC;MATHEMATICAL SANS-SERIF BOLD SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D5FD;MATHEMATICAL SANS-SERIF BOLD SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D5FE;MATHEMATICAL SANS-SERIF BOLD SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D5FF;MATHEMATICAL SANS-SERIF BOLD SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D600;MATHEMATICAL SANS-SERIF BOLD SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D601;MATHEMATICAL SANS-SERIF BOLD SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D602;MATHEMATICAL SANS-SERIF BOLD SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D603;MATHEMATICAL SANS-SERIF BOLD SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D604;MATHEMATICAL SANS-SERIF BOLD SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D605;MATHEMATICAL SANS-SERIF BOLD SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D606;MATHEMATICAL SANS-SERIF BOLD SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D607;MATHEMATICAL SANS-SERIF BOLD SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D608;MATHEMATICAL SANS-SERIF ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D609;MATHEMATICAL SANS-SERIF ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D60A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D60B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D60C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D60D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D60E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D60F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D610;MATHEMATICAL SANS-SERIF ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D611;MATHEMATICAL SANS-SERIF ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D612;MATHEMATICAL SANS-SERIF ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D613;MATHEMATICAL SANS-SERIF ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D614;MATHEMATICAL SANS-SERIF ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D615;MATHEMATICAL SANS-SERIF ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D616;MATHEMATICAL SANS-SERIF ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D617;MATHEMATICAL SANS-SERIF ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D618;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D619;MATHEMATICAL SANS-SERIF ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D61A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D61B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D61C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D61D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D61E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D61F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D620;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D621;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D622;MATHEMATICAL SANS-SERIF ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D623;MATHEMATICAL SANS-SERIF ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D624;MATHEMATICAL SANS-SERIF ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D625;MATHEMATICAL SANS-SERIF ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D626;MATHEMATICAL SANS-SERIF ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D627;MATHEMATICAL SANS-SERIF ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D628;MATHEMATICAL SANS-SERIF ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D629;MATHEMATICAL SANS-SERIF ITALIC SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D62A;MATHEMATICAL SANS-SERIF ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D62B;MATHEMATICAL SANS-SERIF ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D62C;MATHEMATICAL SANS-SERIF ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D62D;MATHEMATICAL SANS-SERIF ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D62E;MATHEMATICAL SANS-SERIF ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D62F;MATHEMATICAL SANS-SERIF ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D630;MATHEMATICAL SANS-SERIF ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D631;MATHEMATICAL SANS-SERIF ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D632;MATHEMATICAL SANS-SERIF ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D633;MATHEMATICAL SANS-SERIF ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D634;MATHEMATICAL SANS-SERIF ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D635;MATHEMATICAL SANS-SERIF ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D636;MATHEMATICAL SANS-SERIF ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D637;MATHEMATICAL SANS-SERIF ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D638;MATHEMATICAL SANS-SERIF ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D639;MATHEMATICAL SANS-SERIF ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D63A;MATHEMATICAL SANS-SERIF ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D63B;MATHEMATICAL SANS-SERIF ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D63C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D63D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D63E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D63F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D640;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D641;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D642;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D643;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D644;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D645;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D646;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D647;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D648;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D649;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D64A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D64B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D64C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D64D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D64E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D64F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D650;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D651;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D652;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D653;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D654;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D655;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D656;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D657;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D658;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D659;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D65A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D65B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D65C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D65D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D65E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D65F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D660;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D661;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D662;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D663;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D664;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D665;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D666;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D667;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D668;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D669;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D66A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D66B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D66C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D66D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D66E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D66F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D670;MATHEMATICAL MONOSPACE CAPITAL A;Lu;0;L;<font> 0041;;;;N;;;;;
+1D671;MATHEMATICAL MONOSPACE CAPITAL B;Lu;0;L;<font> 0042;;;;N;;;;;
+1D672;MATHEMATICAL MONOSPACE CAPITAL C;Lu;0;L;<font> 0043;;;;N;;;;;
+1D673;MATHEMATICAL MONOSPACE CAPITAL D;Lu;0;L;<font> 0044;;;;N;;;;;
+1D674;MATHEMATICAL MONOSPACE CAPITAL E;Lu;0;L;<font> 0045;;;;N;;;;;
+1D675;MATHEMATICAL MONOSPACE CAPITAL F;Lu;0;L;<font> 0046;;;;N;;;;;
+1D676;MATHEMATICAL MONOSPACE CAPITAL G;Lu;0;L;<font> 0047;;;;N;;;;;
+1D677;MATHEMATICAL MONOSPACE CAPITAL H;Lu;0;L;<font> 0048;;;;N;;;;;
+1D678;MATHEMATICAL MONOSPACE CAPITAL I;Lu;0;L;<font> 0049;;;;N;;;;;
+1D679;MATHEMATICAL MONOSPACE CAPITAL J;Lu;0;L;<font> 004A;;;;N;;;;;
+1D67A;MATHEMATICAL MONOSPACE CAPITAL K;Lu;0;L;<font> 004B;;;;N;;;;;
+1D67B;MATHEMATICAL MONOSPACE CAPITAL L;Lu;0;L;<font> 004C;;;;N;;;;;
+1D67C;MATHEMATICAL MONOSPACE CAPITAL M;Lu;0;L;<font> 004D;;;;N;;;;;
+1D67D;MATHEMATICAL MONOSPACE CAPITAL N;Lu;0;L;<font> 004E;;;;N;;;;;
+1D67E;MATHEMATICAL MONOSPACE CAPITAL O;Lu;0;L;<font> 004F;;;;N;;;;;
+1D67F;MATHEMATICAL MONOSPACE CAPITAL P;Lu;0;L;<font> 0050;;;;N;;;;;
+1D680;MATHEMATICAL MONOSPACE CAPITAL Q;Lu;0;L;<font> 0051;;;;N;;;;;
+1D681;MATHEMATICAL MONOSPACE CAPITAL R;Lu;0;L;<font> 0052;;;;N;;;;;
+1D682;MATHEMATICAL MONOSPACE CAPITAL S;Lu;0;L;<font> 0053;;;;N;;;;;
+1D683;MATHEMATICAL MONOSPACE CAPITAL T;Lu;0;L;<font> 0054;;;;N;;;;;
+1D684;MATHEMATICAL MONOSPACE CAPITAL U;Lu;0;L;<font> 0055;;;;N;;;;;
+1D685;MATHEMATICAL MONOSPACE CAPITAL V;Lu;0;L;<font> 0056;;;;N;;;;;
+1D686;MATHEMATICAL MONOSPACE CAPITAL W;Lu;0;L;<font> 0057;;;;N;;;;;
+1D687;MATHEMATICAL MONOSPACE CAPITAL X;Lu;0;L;<font> 0058;;;;N;;;;;
+1D688;MATHEMATICAL MONOSPACE CAPITAL Y;Lu;0;L;<font> 0059;;;;N;;;;;
+1D689;MATHEMATICAL MONOSPACE CAPITAL Z;Lu;0;L;<font> 005A;;;;N;;;;;
+1D68A;MATHEMATICAL MONOSPACE SMALL A;Ll;0;L;<font> 0061;;;;N;;;;;
+1D68B;MATHEMATICAL MONOSPACE SMALL B;Ll;0;L;<font> 0062;;;;N;;;;;
+1D68C;MATHEMATICAL MONOSPACE SMALL C;Ll;0;L;<font> 0063;;;;N;;;;;
+1D68D;MATHEMATICAL MONOSPACE SMALL D;Ll;0;L;<font> 0064;;;;N;;;;;
+1D68E;MATHEMATICAL MONOSPACE SMALL E;Ll;0;L;<font> 0065;;;;N;;;;;
+1D68F;MATHEMATICAL MONOSPACE SMALL F;Ll;0;L;<font> 0066;;;;N;;;;;
+1D690;MATHEMATICAL MONOSPACE SMALL G;Ll;0;L;<font> 0067;;;;N;;;;;
+1D691;MATHEMATICAL MONOSPACE SMALL H;Ll;0;L;<font> 0068;;;;N;;;;;
+1D692;MATHEMATICAL MONOSPACE SMALL I;Ll;0;L;<font> 0069;;;;N;;;;;
+1D693;MATHEMATICAL MONOSPACE SMALL J;Ll;0;L;<font> 006A;;;;N;;;;;
+1D694;MATHEMATICAL MONOSPACE SMALL K;Ll;0;L;<font> 006B;;;;N;;;;;
+1D695;MATHEMATICAL MONOSPACE SMALL L;Ll;0;L;<font> 006C;;;;N;;;;;
+1D696;MATHEMATICAL MONOSPACE SMALL M;Ll;0;L;<font> 006D;;;;N;;;;;
+1D697;MATHEMATICAL MONOSPACE SMALL N;Ll;0;L;<font> 006E;;;;N;;;;;
+1D698;MATHEMATICAL MONOSPACE SMALL O;Ll;0;L;<font> 006F;;;;N;;;;;
+1D699;MATHEMATICAL MONOSPACE SMALL P;Ll;0;L;<font> 0070;;;;N;;;;;
+1D69A;MATHEMATICAL MONOSPACE SMALL Q;Ll;0;L;<font> 0071;;;;N;;;;;
+1D69B;MATHEMATICAL MONOSPACE SMALL R;Ll;0;L;<font> 0072;;;;N;;;;;
+1D69C;MATHEMATICAL MONOSPACE SMALL S;Ll;0;L;<font> 0073;;;;N;;;;;
+1D69D;MATHEMATICAL MONOSPACE SMALL T;Ll;0;L;<font> 0074;;;;N;;;;;
+1D69E;MATHEMATICAL MONOSPACE SMALL U;Ll;0;L;<font> 0075;;;;N;;;;;
+1D69F;MATHEMATICAL MONOSPACE SMALL V;Ll;0;L;<font> 0076;;;;N;;;;;
+1D6A0;MATHEMATICAL MONOSPACE SMALL W;Ll;0;L;<font> 0077;;;;N;;;;;
+1D6A1;MATHEMATICAL MONOSPACE SMALL X;Ll;0;L;<font> 0078;;;;N;;;;;
+1D6A2;MATHEMATICAL MONOSPACE SMALL Y;Ll;0;L;<font> 0079;;;;N;;;;;
+1D6A3;MATHEMATICAL MONOSPACE SMALL Z;Ll;0;L;<font> 007A;;;;N;;;;;
+1D6A8;MATHEMATICAL BOLD CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D6A9;MATHEMATICAL BOLD CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D6AA;MATHEMATICAL BOLD CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D6AB;MATHEMATICAL BOLD CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D6AC;MATHEMATICAL BOLD CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D6AD;MATHEMATICAL BOLD CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D6AE;MATHEMATICAL BOLD CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D6AF;MATHEMATICAL BOLD CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D6B0;MATHEMATICAL BOLD CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D6B1;MATHEMATICAL BOLD CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D6B2;MATHEMATICAL BOLD CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D6B3;MATHEMATICAL BOLD CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D6B4;MATHEMATICAL BOLD CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D6B5;MATHEMATICAL BOLD CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D6B6;MATHEMATICAL BOLD CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D6B7;MATHEMATICAL BOLD CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D6B8;MATHEMATICAL BOLD CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D6B9;MATHEMATICAL BOLD CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D6BA;MATHEMATICAL BOLD CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D6BB;MATHEMATICAL BOLD CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D6BC;MATHEMATICAL BOLD CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D6BD;MATHEMATICAL BOLD CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D6BE;MATHEMATICAL BOLD CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D6BF;MATHEMATICAL BOLD CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D6C0;MATHEMATICAL BOLD CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D6C1;MATHEMATICAL BOLD NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D6C2;MATHEMATICAL BOLD SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D6C3;MATHEMATICAL BOLD SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D6C4;MATHEMATICAL BOLD SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D6C5;MATHEMATICAL BOLD SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D6C6;MATHEMATICAL BOLD SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D6C7;MATHEMATICAL BOLD SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D6C8;MATHEMATICAL BOLD SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D6C9;MATHEMATICAL BOLD SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D6CA;MATHEMATICAL BOLD SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D6CB;MATHEMATICAL BOLD SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D6CC;MATHEMATICAL BOLD SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D6CD;MATHEMATICAL BOLD SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D6CE;MATHEMATICAL BOLD SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D6CF;MATHEMATICAL BOLD SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D6D0;MATHEMATICAL BOLD SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D6D1;MATHEMATICAL BOLD SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D6D2;MATHEMATICAL BOLD SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D6D3;MATHEMATICAL BOLD SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D6D4;MATHEMATICAL BOLD SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D6D5;MATHEMATICAL BOLD SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D6D6;MATHEMATICAL BOLD SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D6D7;MATHEMATICAL BOLD SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D6D8;MATHEMATICAL BOLD SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D6D9;MATHEMATICAL BOLD SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D6DA;MATHEMATICAL BOLD SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D6DB;MATHEMATICAL BOLD PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D6DC;MATHEMATICAL BOLD EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D6DD;MATHEMATICAL BOLD THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D6DE;MATHEMATICAL BOLD KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D6DF;MATHEMATICAL BOLD PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D6E0;MATHEMATICAL BOLD RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D6E1;MATHEMATICAL BOLD PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D6E2;MATHEMATICAL ITALIC CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D6E3;MATHEMATICAL ITALIC CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D6E4;MATHEMATICAL ITALIC CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D6E5;MATHEMATICAL ITALIC CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D6E6;MATHEMATICAL ITALIC CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D6E7;MATHEMATICAL ITALIC CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D6E8;MATHEMATICAL ITALIC CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D6E9;MATHEMATICAL ITALIC CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D6EA;MATHEMATICAL ITALIC CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D6EB;MATHEMATICAL ITALIC CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D6EC;MATHEMATICAL ITALIC CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D6ED;MATHEMATICAL ITALIC CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D6EE;MATHEMATICAL ITALIC CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D6EF;MATHEMATICAL ITALIC CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D6F0;MATHEMATICAL ITALIC CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D6F1;MATHEMATICAL ITALIC CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D6F2;MATHEMATICAL ITALIC CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D6F3;MATHEMATICAL ITALIC CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D6F4;MATHEMATICAL ITALIC CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D6F5;MATHEMATICAL ITALIC CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D6F6;MATHEMATICAL ITALIC CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D6F7;MATHEMATICAL ITALIC CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D6F8;MATHEMATICAL ITALIC CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D6F9;MATHEMATICAL ITALIC CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D6FA;MATHEMATICAL ITALIC CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D6FB;MATHEMATICAL ITALIC NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D6FC;MATHEMATICAL ITALIC SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D6FD;MATHEMATICAL ITALIC SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D6FE;MATHEMATICAL ITALIC SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D6FF;MATHEMATICAL ITALIC SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D700;MATHEMATICAL ITALIC SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D701;MATHEMATICAL ITALIC SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D702;MATHEMATICAL ITALIC SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D703;MATHEMATICAL ITALIC SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D704;MATHEMATICAL ITALIC SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D705;MATHEMATICAL ITALIC SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D706;MATHEMATICAL ITALIC SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D707;MATHEMATICAL ITALIC SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D708;MATHEMATICAL ITALIC SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D709;MATHEMATICAL ITALIC SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D70A;MATHEMATICAL ITALIC SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D70B;MATHEMATICAL ITALIC SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D70C;MATHEMATICAL ITALIC SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D70D;MATHEMATICAL ITALIC SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D70E;MATHEMATICAL ITALIC SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D70F;MATHEMATICAL ITALIC SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D710;MATHEMATICAL ITALIC SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D711;MATHEMATICAL ITALIC SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D712;MATHEMATICAL ITALIC SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D713;MATHEMATICAL ITALIC SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D714;MATHEMATICAL ITALIC SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D715;MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D716;MATHEMATICAL ITALIC EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D717;MATHEMATICAL ITALIC THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D718;MATHEMATICAL ITALIC KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D719;MATHEMATICAL ITALIC PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D71A;MATHEMATICAL ITALIC RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D71B;MATHEMATICAL ITALIC PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D71C;MATHEMATICAL BOLD ITALIC CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D71D;MATHEMATICAL BOLD ITALIC CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D71E;MATHEMATICAL BOLD ITALIC CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D71F;MATHEMATICAL BOLD ITALIC CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D720;MATHEMATICAL BOLD ITALIC CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D721;MATHEMATICAL BOLD ITALIC CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D722;MATHEMATICAL BOLD ITALIC CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D723;MATHEMATICAL BOLD ITALIC CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D724;MATHEMATICAL BOLD ITALIC CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D725;MATHEMATICAL BOLD ITALIC CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D726;MATHEMATICAL BOLD ITALIC CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D727;MATHEMATICAL BOLD ITALIC CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D728;MATHEMATICAL BOLD ITALIC CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D729;MATHEMATICAL BOLD ITALIC CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D72A;MATHEMATICAL BOLD ITALIC CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D72B;MATHEMATICAL BOLD ITALIC CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D72C;MATHEMATICAL BOLD ITALIC CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D72D;MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D72E;MATHEMATICAL BOLD ITALIC CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D72F;MATHEMATICAL BOLD ITALIC CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D730;MATHEMATICAL BOLD ITALIC CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D731;MATHEMATICAL BOLD ITALIC CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D732;MATHEMATICAL BOLD ITALIC CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D733;MATHEMATICAL BOLD ITALIC CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D734;MATHEMATICAL BOLD ITALIC CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D735;MATHEMATICAL BOLD ITALIC NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D736;MATHEMATICAL BOLD ITALIC SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D737;MATHEMATICAL BOLD ITALIC SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D738;MATHEMATICAL BOLD ITALIC SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D739;MATHEMATICAL BOLD ITALIC SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D73A;MATHEMATICAL BOLD ITALIC SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D73B;MATHEMATICAL BOLD ITALIC SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D73C;MATHEMATICAL BOLD ITALIC SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D73D;MATHEMATICAL BOLD ITALIC SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D73E;MATHEMATICAL BOLD ITALIC SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D73F;MATHEMATICAL BOLD ITALIC SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D740;MATHEMATICAL BOLD ITALIC SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D741;MATHEMATICAL BOLD ITALIC SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D742;MATHEMATICAL BOLD ITALIC SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D743;MATHEMATICAL BOLD ITALIC SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D744;MATHEMATICAL BOLD ITALIC SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D745;MATHEMATICAL BOLD ITALIC SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D746;MATHEMATICAL BOLD ITALIC SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D747;MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D748;MATHEMATICAL BOLD ITALIC SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D749;MATHEMATICAL BOLD ITALIC SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D74A;MATHEMATICAL BOLD ITALIC SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D74B;MATHEMATICAL BOLD ITALIC SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D74C;MATHEMATICAL BOLD ITALIC SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D74D;MATHEMATICAL BOLD ITALIC SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D74E;MATHEMATICAL BOLD ITALIC SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D74F;MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D750;MATHEMATICAL BOLD ITALIC EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D751;MATHEMATICAL BOLD ITALIC THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D752;MATHEMATICAL BOLD ITALIC KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D753;MATHEMATICAL BOLD ITALIC PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D754;MATHEMATICAL BOLD ITALIC RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D755;MATHEMATICAL BOLD ITALIC PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D756;MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D757;MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D758;MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D759;MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D75A;MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D75B;MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D75C;MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D75D;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D75E;MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D75F;MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D760;MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D761;MATHEMATICAL SANS-SERIF BOLD CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D762;MATHEMATICAL SANS-SERIF BOLD CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D763;MATHEMATICAL SANS-SERIF BOLD CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D764;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D765;MATHEMATICAL SANS-SERIF BOLD CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D766;MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D767;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D768;MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D769;MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D76A;MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D76B;MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D76C;MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D76D;MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D76E;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D76F;MATHEMATICAL SANS-SERIF BOLD NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D770;MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D771;MATHEMATICAL SANS-SERIF BOLD SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D772;MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D773;MATHEMATICAL SANS-SERIF BOLD SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D774;MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D775;MATHEMATICAL SANS-SERIF BOLD SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D776;MATHEMATICAL SANS-SERIF BOLD SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D777;MATHEMATICAL SANS-SERIF BOLD SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D778;MATHEMATICAL SANS-SERIF BOLD SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D779;MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D77A;MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D77B;MATHEMATICAL SANS-SERIF BOLD SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D77C;MATHEMATICAL SANS-SERIF BOLD SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D77D;MATHEMATICAL SANS-SERIF BOLD SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D77E;MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D77F;MATHEMATICAL SANS-SERIF BOLD SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D780;MATHEMATICAL SANS-SERIF BOLD SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D781;MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D782;MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D783;MATHEMATICAL SANS-SERIF BOLD SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D784;MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D785;MATHEMATICAL SANS-SERIF BOLD SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D786;MATHEMATICAL SANS-SERIF BOLD SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D787;MATHEMATICAL SANS-SERIF BOLD SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D788;MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D789;MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D78A;MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D78B;MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D78C;MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D78D;MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D78E;MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D78F;MATHEMATICAL SANS-SERIF BOLD PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D790;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA;Lu;0;L;<font> 0391;;;;N;;;;;
+1D791;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA;Lu;0;L;<font> 0392;;;;N;;;;;
+1D792;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA;Lu;0;L;<font> 0393;;;;N;;;;;
+1D793;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA;Lu;0;L;<font> 0394;;;;N;;;;;
+1D794;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON;Lu;0;L;<font> 0395;;;;N;;;;;
+1D795;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA;Lu;0;L;<font> 0396;;;;N;;;;;
+1D796;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA;Lu;0;L;<font> 0397;;;;N;;;;;
+1D797;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA;Lu;0;L;<font> 0398;;;;N;;;;;
+1D798;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA;Lu;0;L;<font> 0399;;;;N;;;;;
+1D799;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA;Lu;0;L;<font> 039A;;;;N;;;;;
+1D79A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA;Lu;0;L;<font> 039B;;;;N;;;;;
+1D79B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU;Lu;0;L;<font> 039C;;;;N;;;;;
+1D79C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU;Lu;0;L;<font> 039D;;;;N;;;;;
+1D79D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI;Lu;0;L;<font> 039E;;;;N;;;;;
+1D79E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON;Lu;0;L;<font> 039F;;;;N;;;;;
+1D79F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI;Lu;0;L;<font> 03A0;;;;N;;;;;
+1D7A0;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO;Lu;0;L;<font> 03A1;;;;N;;;;;
+1D7A1;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L;<font> 03F4;;;;N;;;;;
+1D7A2;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA;Lu;0;L;<font> 03A3;;;;N;;;;;
+1D7A3;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU;Lu;0;L;<font> 03A4;;;;N;;;;;
+1D7A4;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON;Lu;0;L;<font> 03A5;;;;N;;;;;
+1D7A5;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI;Lu;0;L;<font> 03A6;;;;N;;;;;
+1D7A6;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI;Lu;0;L;<font> 03A7;;;;N;;;;;
+1D7A7;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI;Lu;0;L;<font> 03A8;;;;N;;;;;
+1D7A8;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA;Lu;0;L;<font> 03A9;;;;N;;;;;
+1D7A9;MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA;Sm;0;L;<font> 2207;;;;N;;;;;
+1D7AA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA;Ll;0;L;<font> 03B1;;;;N;;;;;
+1D7AB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA;Ll;0;L;<font> 03B2;;;;N;;;;;
+1D7AC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA;Ll;0;L;<font> 03B3;;;;N;;;;;
+1D7AD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA;Ll;0;L;<font> 03B4;;;;N;;;;;
+1D7AE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON;Ll;0;L;<font> 03B5;;;;N;;;;;
+1D7AF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA;Ll;0;L;<font> 03B6;;;;N;;;;;
+1D7B0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA;Ll;0;L;<font> 03B7;;;;N;;;;;
+1D7B1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA;Ll;0;L;<font> 03B8;;;;N;;;;;
+1D7B2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA;Ll;0;L;<font> 03B9;;;;N;;;;;
+1D7B3;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA;Ll;0;L;<font> 03BA;;;;N;;;;;
+1D7B4;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA;Ll;0;L;<font> 03BB;;;;N;;;;;
+1D7B5;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU;Ll;0;L;<font> 03BC;;;;N;;;;;
+1D7B6;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU;Ll;0;L;<font> 03BD;;;;N;;;;;
+1D7B7;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI;Ll;0;L;<font> 03BE;;;;N;;;;;
+1D7B8;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON;Ll;0;L;<font> 03BF;;;;N;;;;;
+1D7B9;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI;Ll;0;L;<font> 03C0;;;;N;;;;;
+1D7BA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO;Ll;0;L;<font> 03C1;;;;N;;;;;
+1D7BB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L;<font> 03C2;;;;N;;;;;
+1D7BC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA;Ll;0;L;<font> 03C3;;;;N;;;;;
+1D7BD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU;Ll;0;L;<font> 03C4;;;;N;;;;;
+1D7BE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON;Ll;0;L;<font> 03C5;;;;N;;;;;
+1D7BF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI;Ll;0;L;<font> 03C6;;;;N;;;;;
+1D7C0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI;Ll;0;L;<font> 03C7;;;;N;;;;;
+1D7C1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI;Ll;0;L;<font> 03C8;;;;N;;;;;
+1D7C2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA;Ll;0;L;<font> 03C9;;;;N;;;;;
+1D7C3;MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L;<font> 2202;;;;N;;;;;
+1D7C4;MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL;Ll;0;L;<font> 03F5;;;;N;;;;;
+1D7C5;MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL;Ll;0;L;<font> 03D1;;;;N;;;;;
+1D7C6;MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL;Ll;0;L;<font> 03F0;;;;N;;;;;
+1D7C7;MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL;Ll;0;L;<font> 03D5;;;;N;;;;;
+1D7C8;MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL;Ll;0;L;<font> 03F1;;;;N;;;;;
+1D7C9;MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL;Ll;0;L;<font> 03D6;;;;N;;;;;
+1D7CE;MATHEMATICAL BOLD DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7CF;MATHEMATICAL BOLD DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7D0;MATHEMATICAL BOLD DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7D1;MATHEMATICAL BOLD DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7D2;MATHEMATICAL BOLD DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7D3;MATHEMATICAL BOLD DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7D4;MATHEMATICAL BOLD DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7D5;MATHEMATICAL BOLD DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7D6;MATHEMATICAL BOLD DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7D7;MATHEMATICAL BOLD DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7D8;MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7D9;MATHEMATICAL DOUBLE-STRUCK DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7DA;MATHEMATICAL DOUBLE-STRUCK DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7DB;MATHEMATICAL DOUBLE-STRUCK DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7DC;MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7DD;MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7DE;MATHEMATICAL DOUBLE-STRUCK DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7DF;MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7E0;MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7E1;MATHEMATICAL DOUBLE-STRUCK DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7E2;MATHEMATICAL SANS-SERIF DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7E3;MATHEMATICAL SANS-SERIF DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7E4;MATHEMATICAL SANS-SERIF DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7E5;MATHEMATICAL SANS-SERIF DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7E6;MATHEMATICAL SANS-SERIF DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7E7;MATHEMATICAL SANS-SERIF DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7E8;MATHEMATICAL SANS-SERIF DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7E9;MATHEMATICAL SANS-SERIF DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7EA;MATHEMATICAL SANS-SERIF DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7EB;MATHEMATICAL SANS-SERIF DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7EC;MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7ED;MATHEMATICAL SANS-SERIF BOLD DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7EE;MATHEMATICAL SANS-SERIF BOLD DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7EF;MATHEMATICAL SANS-SERIF BOLD DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7F0;MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7F1;MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7F2;MATHEMATICAL SANS-SERIF BOLD DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7F3;MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7F4;MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7F5;MATHEMATICAL SANS-SERIF BOLD DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+1D7F6;MATHEMATICAL MONOSPACE DIGIT ZERO;Nd;0;EN;<font> 0030;0;0;0;N;;;;;
+1D7F7;MATHEMATICAL MONOSPACE DIGIT ONE;Nd;0;EN;<font> 0031;1;1;1;N;;;;;
+1D7F8;MATHEMATICAL MONOSPACE DIGIT TWO;Nd;0;EN;<font> 0032;2;2;2;N;;;;;
+1D7F9;MATHEMATICAL MONOSPACE DIGIT THREE;Nd;0;EN;<font> 0033;3;3;3;N;;;;;
+1D7FA;MATHEMATICAL MONOSPACE DIGIT FOUR;Nd;0;EN;<font> 0034;4;4;4;N;;;;;
+1D7FB;MATHEMATICAL MONOSPACE DIGIT FIVE;Nd;0;EN;<font> 0035;5;5;5;N;;;;;
+1D7FC;MATHEMATICAL MONOSPACE DIGIT SIX;Nd;0;EN;<font> 0036;6;6;6;N;;;;;
+1D7FD;MATHEMATICAL MONOSPACE DIGIT SEVEN;Nd;0;EN;<font> 0037;7;7;7;N;;;;;
+1D7FE;MATHEMATICAL MONOSPACE DIGIT EIGHT;Nd;0;EN;<font> 0038;8;8;8;N;;;;;
+1D7FF;MATHEMATICAL MONOSPACE DIGIT NINE;Nd;0;EN;<font> 0039;9;9;9;N;;;;;
+20000;<CJK Ideograph Extension B, First>;Lo;0;L;;;;;N;;;;;
+2A6D6;<CJK Ideograph Extension B, Last>;Lo;0;L;;;;;N;;;;;
+2F800;CJK COMPATIBILITY IDEOGRAPH-2F800;Lo;0;L;4E3D;;;;N;;;;;
+2F801;CJK COMPATIBILITY IDEOGRAPH-2F801;Lo;0;L;4E38;;;;N;;;;;
+2F802;CJK COMPATIBILITY IDEOGRAPH-2F802;Lo;0;L;4E41;;;;N;;;;;
+2F803;CJK COMPATIBILITY IDEOGRAPH-2F803;Lo;0;L;20122;;;;N;;;;;
+2F804;CJK COMPATIBILITY IDEOGRAPH-2F804;Lo;0;L;4F60;;;;N;;;;;
+2F805;CJK COMPATIBILITY IDEOGRAPH-2F805;Lo;0;L;4FAE;;;;N;;;;;
+2F806;CJK COMPATIBILITY IDEOGRAPH-2F806;Lo;0;L;4FBB;;;;N;;;;;
+2F807;CJK COMPATIBILITY IDEOGRAPH-2F807;Lo;0;L;5002;;;;N;;;;;
+2F808;CJK COMPATIBILITY IDEOGRAPH-2F808;Lo;0;L;507A;;;;N;;;;;
+2F809;CJK COMPATIBILITY IDEOGRAPH-2F809;Lo;0;L;5099;;;;N;;;;;
+2F80A;CJK COMPATIBILITY IDEOGRAPH-2F80A;Lo;0;L;50E7;;;;N;;;;;
+2F80B;CJK COMPATIBILITY IDEOGRAPH-2F80B;Lo;0;L;50CF;;;;N;;;;;
+2F80C;CJK COMPATIBILITY IDEOGRAPH-2F80C;Lo;0;L;349E;;;;N;;;;;
+2F80D;CJK COMPATIBILITY IDEOGRAPH-2F80D;Lo;0;L;2063A;;;;N;;;;;
+2F80E;CJK COMPATIBILITY IDEOGRAPH-2F80E;Lo;0;L;514D;;;;N;;;;;
+2F80F;CJK COMPATIBILITY IDEOGRAPH-2F80F;Lo;0;L;5154;;;;N;;;;;
+2F810;CJK COMPATIBILITY IDEOGRAPH-2F810;Lo;0;L;5164;;;;N;;;;;
+2F811;CJK COMPATIBILITY IDEOGRAPH-2F811;Lo;0;L;5177;;;;N;;;;;
+2F812;CJK COMPATIBILITY IDEOGRAPH-2F812;Lo;0;L;2051C;;;;N;;;;;
+2F813;CJK COMPATIBILITY IDEOGRAPH-2F813;Lo;0;L;34B9;;;;N;;;;;
+2F814;CJK COMPATIBILITY IDEOGRAPH-2F814;Lo;0;L;5167;;;;N;;;;;
+2F815;CJK COMPATIBILITY IDEOGRAPH-2F815;Lo;0;L;518D;;;;N;;;;;
+2F816;CJK COMPATIBILITY IDEOGRAPH-2F816;Lo;0;L;2054B;;;;N;;;;;
+2F817;CJK COMPATIBILITY IDEOGRAPH-2F817;Lo;0;L;5197;;;;N;;;;;
+2F818;CJK COMPATIBILITY IDEOGRAPH-2F818;Lo;0;L;51A4;;;;N;;;;;
+2F819;CJK COMPATIBILITY IDEOGRAPH-2F819;Lo;0;L;4ECC;;;;N;;;;;
+2F81A;CJK COMPATIBILITY IDEOGRAPH-2F81A;Lo;0;L;51AC;;;;N;;;;;
+2F81B;CJK COMPATIBILITY IDEOGRAPH-2F81B;Lo;0;L;51B5;;;;N;;;;;
+2F81C;CJK COMPATIBILITY IDEOGRAPH-2F81C;Lo;0;L;291DF;;;;N;;;;;
+2F81D;CJK COMPATIBILITY IDEOGRAPH-2F81D;Lo;0;L;51F5;;;;N;;;;;
+2F81E;CJK COMPATIBILITY IDEOGRAPH-2F81E;Lo;0;L;5203;;;;N;;;;;
+2F81F;CJK COMPATIBILITY IDEOGRAPH-2F81F;Lo;0;L;34DF;;;;N;;;;;
+2F820;CJK COMPATIBILITY IDEOGRAPH-2F820;Lo;0;L;523B;;;;N;;;;;
+2F821;CJK COMPATIBILITY IDEOGRAPH-2F821;Lo;0;L;5246;;;;N;;;;;
+2F822;CJK COMPATIBILITY IDEOGRAPH-2F822;Lo;0;L;5272;;;;N;;;;;
+2F823;CJK COMPATIBILITY IDEOGRAPH-2F823;Lo;0;L;5277;;;;N;;;;;
+2F824;CJK COMPATIBILITY IDEOGRAPH-2F824;Lo;0;L;3515;;;;N;;;;;
+2F825;CJK COMPATIBILITY IDEOGRAPH-2F825;Lo;0;L;52C7;;;;N;;;;;
+2F826;CJK COMPATIBILITY IDEOGRAPH-2F826;Lo;0;L;52C9;;;;N;;;;;
+2F827;CJK COMPATIBILITY IDEOGRAPH-2F827;Lo;0;L;52E4;;;;N;;;;;
+2F828;CJK COMPATIBILITY IDEOGRAPH-2F828;Lo;0;L;52FA;;;;N;;;;;
+2F829;CJK COMPATIBILITY IDEOGRAPH-2F829;Lo;0;L;5305;;;;N;;;;;
+2F82A;CJK COMPATIBILITY IDEOGRAPH-2F82A;Lo;0;L;5306;;;;N;;;;;
+2F82B;CJK COMPATIBILITY IDEOGRAPH-2F82B;Lo;0;L;5317;;;;N;;;;;
+2F82C;CJK COMPATIBILITY IDEOGRAPH-2F82C;Lo;0;L;5349;;;;N;;;;;
+2F82D;CJK COMPATIBILITY IDEOGRAPH-2F82D;Lo;0;L;5351;;;;N;;;;;
+2F82E;CJK COMPATIBILITY IDEOGRAPH-2F82E;Lo;0;L;535A;;;;N;;;;;
+2F82F;CJK COMPATIBILITY IDEOGRAPH-2F82F;Lo;0;L;5373;;;;N;;;;;
+2F830;CJK COMPATIBILITY IDEOGRAPH-2F830;Lo;0;L;537D;;;;N;;;;;
+2F831;CJK COMPATIBILITY IDEOGRAPH-2F831;Lo;0;L;537F;;;;N;;;;;
+2F832;CJK COMPATIBILITY IDEOGRAPH-2F832;Lo;0;L;537F;;;;N;;;;;
+2F833;CJK COMPATIBILITY IDEOGRAPH-2F833;Lo;0;L;537F;;;;N;;;;;
+2F834;CJK COMPATIBILITY IDEOGRAPH-2F834;Lo;0;L;20A2C;;;;N;;;;;
+2F835;CJK COMPATIBILITY IDEOGRAPH-2F835;Lo;0;L;7070;;;;N;;;;;
+2F836;CJK COMPATIBILITY IDEOGRAPH-2F836;Lo;0;L;53CA;;;;N;;;;;
+2F837;CJK COMPATIBILITY IDEOGRAPH-2F837;Lo;0;L;53DF;;;;N;;;;;
+2F838;CJK COMPATIBILITY IDEOGRAPH-2F838;Lo;0;L;20B63;;;;N;;;;;
+2F839;CJK COMPATIBILITY IDEOGRAPH-2F839;Lo;0;L;53EB;;;;N;;;;;
+2F83A;CJK COMPATIBILITY IDEOGRAPH-2F83A;Lo;0;L;53F1;;;;N;;;;;
+2F83B;CJK COMPATIBILITY IDEOGRAPH-2F83B;Lo;0;L;5406;;;;N;;;;;
+2F83C;CJK COMPATIBILITY IDEOGRAPH-2F83C;Lo;0;L;549E;;;;N;;;;;
+2F83D;CJK COMPATIBILITY IDEOGRAPH-2F83D;Lo;0;L;5438;;;;N;;;;;
+2F83E;CJK COMPATIBILITY IDEOGRAPH-2F83E;Lo;0;L;5448;;;;N;;;;;
+2F83F;CJK COMPATIBILITY IDEOGRAPH-2F83F;Lo;0;L;5468;;;;N;;;;;
+2F840;CJK COMPATIBILITY IDEOGRAPH-2F840;Lo;0;L;54A2;;;;N;;;;;
+2F841;CJK COMPATIBILITY IDEOGRAPH-2F841;Lo;0;L;54F6;;;;N;;;;;
+2F842;CJK COMPATIBILITY IDEOGRAPH-2F842;Lo;0;L;5510;;;;N;;;;;
+2F843;CJK COMPATIBILITY IDEOGRAPH-2F843;Lo;0;L;5553;;;;N;;;;;
+2F844;CJK COMPATIBILITY IDEOGRAPH-2F844;Lo;0;L;5563;;;;N;;;;;
+2F845;CJK COMPATIBILITY IDEOGRAPH-2F845;Lo;0;L;5584;;;;N;;;;;
+2F846;CJK COMPATIBILITY IDEOGRAPH-2F846;Lo;0;L;5584;;;;N;;;;;
+2F847;CJK COMPATIBILITY IDEOGRAPH-2F847;Lo;0;L;5599;;;;N;;;;;
+2F848;CJK COMPATIBILITY IDEOGRAPH-2F848;Lo;0;L;55AB;;;;N;;;;;
+2F849;CJK COMPATIBILITY IDEOGRAPH-2F849;Lo;0;L;55B3;;;;N;;;;;
+2F84A;CJK COMPATIBILITY IDEOGRAPH-2F84A;Lo;0;L;55C2;;;;N;;;;;
+2F84B;CJK COMPATIBILITY IDEOGRAPH-2F84B;Lo;0;L;5716;;;;N;;;;;
+2F84C;CJK COMPATIBILITY IDEOGRAPH-2F84C;Lo;0;L;5606;;;;N;;;;;
+2F84D;CJK COMPATIBILITY IDEOGRAPH-2F84D;Lo;0;L;5717;;;;N;;;;;
+2F84E;CJK COMPATIBILITY IDEOGRAPH-2F84E;Lo;0;L;5651;;;;N;;;;;
+2F84F;CJK COMPATIBILITY IDEOGRAPH-2F84F;Lo;0;L;5674;;;;N;;;;;
+2F850;CJK COMPATIBILITY IDEOGRAPH-2F850;Lo;0;L;5207;;;;N;;;;;
+2F851;CJK COMPATIBILITY IDEOGRAPH-2F851;Lo;0;L;58EE;;;;N;;;;;
+2F852;CJK COMPATIBILITY IDEOGRAPH-2F852;Lo;0;L;57CE;;;;N;;;;;
+2F853;CJK COMPATIBILITY IDEOGRAPH-2F853;Lo;0;L;57F4;;;;N;;;;;
+2F854;CJK COMPATIBILITY IDEOGRAPH-2F854;Lo;0;L;580D;;;;N;;;;;
+2F855;CJK COMPATIBILITY IDEOGRAPH-2F855;Lo;0;L;578B;;;;N;;;;;
+2F856;CJK COMPATIBILITY IDEOGRAPH-2F856;Lo;0;L;5832;;;;N;;;;;
+2F857;CJK COMPATIBILITY IDEOGRAPH-2F857;Lo;0;L;5831;;;;N;;;;;
+2F858;CJK COMPATIBILITY IDEOGRAPH-2F858;Lo;0;L;58AC;;;;N;;;;;
+2F859;CJK COMPATIBILITY IDEOGRAPH-2F859;Lo;0;L;214E4;;;;N;;;;;
+2F85A;CJK COMPATIBILITY IDEOGRAPH-2F85A;Lo;0;L;58F2;;;;N;;;;;
+2F85B;CJK COMPATIBILITY IDEOGRAPH-2F85B;Lo;0;L;58F7;;;;N;;;;;
+2F85C;CJK COMPATIBILITY IDEOGRAPH-2F85C;Lo;0;L;5906;;;;N;;;;;
+2F85D;CJK COMPATIBILITY IDEOGRAPH-2F85D;Lo;0;L;591A;;;;N;;;;;
+2F85E;CJK COMPATIBILITY IDEOGRAPH-2F85E;Lo;0;L;5922;;;;N;;;;;
+2F85F;CJK COMPATIBILITY IDEOGRAPH-2F85F;Lo;0;L;5962;;;;N;;;;;
+2F860;CJK COMPATIBILITY IDEOGRAPH-2F860;Lo;0;L;216A8;;;;N;;;;;
+2F861;CJK COMPATIBILITY IDEOGRAPH-2F861;Lo;0;L;216EA;;;;N;;;;;
+2F862;CJK COMPATIBILITY IDEOGRAPH-2F862;Lo;0;L;59EC;;;;N;;;;;
+2F863;CJK COMPATIBILITY IDEOGRAPH-2F863;Lo;0;L;5A1B;;;;N;;;;;
+2F864;CJK COMPATIBILITY IDEOGRAPH-2F864;Lo;0;L;5A27;;;;N;;;;;
+2F865;CJK COMPATIBILITY IDEOGRAPH-2F865;Lo;0;L;59D8;;;;N;;;;;
+2F866;CJK COMPATIBILITY IDEOGRAPH-2F866;Lo;0;L;5A66;;;;N;;;;;
+2F867;CJK COMPATIBILITY IDEOGRAPH-2F867;Lo;0;L;36EE;;;;N;;;;;
+2F868;CJK COMPATIBILITY IDEOGRAPH-2F868;Lo;0;L;2136A;;;;N;;;;;
+2F869;CJK COMPATIBILITY IDEOGRAPH-2F869;Lo;0;L;5B08;;;;N;;;;;
+2F86A;CJK COMPATIBILITY IDEOGRAPH-2F86A;Lo;0;L;5B3E;;;;N;;;;;
+2F86B;CJK COMPATIBILITY IDEOGRAPH-2F86B;Lo;0;L;5B3E;;;;N;;;;;
+2F86C;CJK COMPATIBILITY IDEOGRAPH-2F86C;Lo;0;L;219C8;;;;N;;;;;
+2F86D;CJK COMPATIBILITY IDEOGRAPH-2F86D;Lo;0;L;5BC3;;;;N;;;;;
+2F86E;CJK COMPATIBILITY IDEOGRAPH-2F86E;Lo;0;L;5BD8;;;;N;;;;;
+2F86F;CJK COMPATIBILITY IDEOGRAPH-2F86F;Lo;0;L;5BE7;;;;N;;;;;
+2F870;CJK COMPATIBILITY IDEOGRAPH-2F870;Lo;0;L;5BF3;;;;N;;;;;
+2F871;CJK COMPATIBILITY IDEOGRAPH-2F871;Lo;0;L;21B18;;;;N;;;;;
+2F872;CJK COMPATIBILITY IDEOGRAPH-2F872;Lo;0;L;5BFF;;;;N;;;;;
+2F873;CJK COMPATIBILITY IDEOGRAPH-2F873;Lo;0;L;5C06;;;;N;;;;;
+2F874;CJK COMPATIBILITY IDEOGRAPH-2F874;Lo;0;L;5F33;;;;N;;;;;
+2F875;CJK COMPATIBILITY IDEOGRAPH-2F875;Lo;0;L;5C22;;;;N;;;;;
+2F876;CJK COMPATIBILITY IDEOGRAPH-2F876;Lo;0;L;3781;;;;N;;;;;
+2F877;CJK COMPATIBILITY IDEOGRAPH-2F877;Lo;0;L;5C60;;;;N;;;;;
+2F878;CJK COMPATIBILITY IDEOGRAPH-2F878;Lo;0;L;5C6E;;;;N;;;;;
+2F879;CJK COMPATIBILITY IDEOGRAPH-2F879;Lo;0;L;5CC0;;;;N;;;;;
+2F87A;CJK COMPATIBILITY IDEOGRAPH-2F87A;Lo;0;L;5C8D;;;;N;;;;;
+2F87B;CJK COMPATIBILITY IDEOGRAPH-2F87B;Lo;0;L;21DE4;;;;N;;;;;
+2F87C;CJK COMPATIBILITY IDEOGRAPH-2F87C;Lo;0;L;5D43;;;;N;;;;;
+2F87D;CJK COMPATIBILITY IDEOGRAPH-2F87D;Lo;0;L;21DE6;;;;N;;;;;
+2F87E;CJK COMPATIBILITY IDEOGRAPH-2F87E;Lo;0;L;5D6E;;;;N;;;;;
+2F87F;CJK COMPATIBILITY IDEOGRAPH-2F87F;Lo;0;L;5D6B;;;;N;;;;;
+2F880;CJK COMPATIBILITY IDEOGRAPH-2F880;Lo;0;L;5D7C;;;;N;;;;;
+2F881;CJK COMPATIBILITY IDEOGRAPH-2F881;Lo;0;L;5DE1;;;;N;;;;;
+2F882;CJK COMPATIBILITY IDEOGRAPH-2F882;Lo;0;L;5DE2;;;;N;;;;;
+2F883;CJK COMPATIBILITY IDEOGRAPH-2F883;Lo;0;L;382F;;;;N;;;;;
+2F884;CJK COMPATIBILITY IDEOGRAPH-2F884;Lo;0;L;5DFD;;;;N;;;;;
+2F885;CJK COMPATIBILITY IDEOGRAPH-2F885;Lo;0;L;5E28;;;;N;;;;;
+2F886;CJK COMPATIBILITY IDEOGRAPH-2F886;Lo;0;L;5E3D;;;;N;;;;;
+2F887;CJK COMPATIBILITY IDEOGRAPH-2F887;Lo;0;L;5E69;;;;N;;;;;
+2F888;CJK COMPATIBILITY IDEOGRAPH-2F888;Lo;0;L;3862;;;;N;;;;;
+2F889;CJK COMPATIBILITY IDEOGRAPH-2F889;Lo;0;L;22183;;;;N;;;;;
+2F88A;CJK COMPATIBILITY IDEOGRAPH-2F88A;Lo;0;L;387C;;;;N;;;;;
+2F88B;CJK COMPATIBILITY IDEOGRAPH-2F88B;Lo;0;L;5EB0;;;;N;;;;;
+2F88C;CJK COMPATIBILITY IDEOGRAPH-2F88C;Lo;0;L;5EB3;;;;N;;;;;
+2F88D;CJK COMPATIBILITY IDEOGRAPH-2F88D;Lo;0;L;5EB6;;;;N;;;;;
+2F88E;CJK COMPATIBILITY IDEOGRAPH-2F88E;Lo;0;L;5ECA;;;;N;;;;;
+2F88F;CJK COMPATIBILITY IDEOGRAPH-2F88F;Lo;0;L;2A392;;;;N;;;;;
+2F890;CJK COMPATIBILITY IDEOGRAPH-2F890;Lo;0;L;5EFE;;;;N;;;;;
+2F891;CJK COMPATIBILITY IDEOGRAPH-2F891;Lo;0;L;22331;;;;N;;;;;
+2F892;CJK COMPATIBILITY IDEOGRAPH-2F892;Lo;0;L;22331;;;;N;;;;;
+2F893;CJK COMPATIBILITY IDEOGRAPH-2F893;Lo;0;L;8201;;;;N;;;;;
+2F894;CJK COMPATIBILITY IDEOGRAPH-2F894;Lo;0;L;5F22;;;;N;;;;;
+2F895;CJK COMPATIBILITY IDEOGRAPH-2F895;Lo;0;L;5F22;;;;N;;;;;
+2F896;CJK COMPATIBILITY IDEOGRAPH-2F896;Lo;0;L;38C7;;;;N;;;;;
+2F897;CJK COMPATIBILITY IDEOGRAPH-2F897;Lo;0;L;232B8;;;;N;;;;;
+2F898;CJK COMPATIBILITY IDEOGRAPH-2F898;Lo;0;L;261DA;;;;N;;;;;
+2F899;CJK COMPATIBILITY IDEOGRAPH-2F899;Lo;0;L;5F62;;;;N;;;;;
+2F89A;CJK COMPATIBILITY IDEOGRAPH-2F89A;Lo;0;L;5F6B;;;;N;;;;;
+2F89B;CJK COMPATIBILITY IDEOGRAPH-2F89B;Lo;0;L;38E3;;;;N;;;;;
+2F89C;CJK COMPATIBILITY IDEOGRAPH-2F89C;Lo;0;L;5F9A;;;;N;;;;;
+2F89D;CJK COMPATIBILITY IDEOGRAPH-2F89D;Lo;0;L;5FCD;;;;N;;;;;
+2F89E;CJK COMPATIBILITY IDEOGRAPH-2F89E;Lo;0;L;5FD7;;;;N;;;;;
+2F89F;CJK COMPATIBILITY IDEOGRAPH-2F89F;Lo;0;L;5FF9;;;;N;;;;;
+2F8A0;CJK COMPATIBILITY IDEOGRAPH-2F8A0;Lo;0;L;6081;;;;N;;;;;
+2F8A1;CJK COMPATIBILITY IDEOGRAPH-2F8A1;Lo;0;L;393A;;;;N;;;;;
+2F8A2;CJK COMPATIBILITY IDEOGRAPH-2F8A2;Lo;0;L;391C;;;;N;;;;;
+2F8A3;CJK COMPATIBILITY IDEOGRAPH-2F8A3;Lo;0;L;6094;;;;N;;;;;
+2F8A4;CJK COMPATIBILITY IDEOGRAPH-2F8A4;Lo;0;L;226D4;;;;N;;;;;
+2F8A5;CJK COMPATIBILITY IDEOGRAPH-2F8A5;Lo;0;L;60C7;;;;N;;;;;
+2F8A6;CJK COMPATIBILITY IDEOGRAPH-2F8A6;Lo;0;L;6148;;;;N;;;;;
+2F8A7;CJK COMPATIBILITY IDEOGRAPH-2F8A7;Lo;0;L;614C;;;;N;;;;;
+2F8A8;CJK COMPATIBILITY IDEOGRAPH-2F8A8;Lo;0;L;614E;;;;N;;;;;
+2F8A9;CJK COMPATIBILITY IDEOGRAPH-2F8A9;Lo;0;L;614C;;;;N;;;;;
+2F8AA;CJK COMPATIBILITY IDEOGRAPH-2F8AA;Lo;0;L;617A;;;;N;;;;;
+2F8AB;CJK COMPATIBILITY IDEOGRAPH-2F8AB;Lo;0;L;618E;;;;N;;;;;
+2F8AC;CJK COMPATIBILITY IDEOGRAPH-2F8AC;Lo;0;L;61B2;;;;N;;;;;
+2F8AD;CJK COMPATIBILITY IDEOGRAPH-2F8AD;Lo;0;L;61A4;;;;N;;;;;
+2F8AE;CJK COMPATIBILITY IDEOGRAPH-2F8AE;Lo;0;L;61AF;;;;N;;;;;
+2F8AF;CJK COMPATIBILITY IDEOGRAPH-2F8AF;Lo;0;L;61DE;;;;N;;;;;
+2F8B0;CJK COMPATIBILITY IDEOGRAPH-2F8B0;Lo;0;L;61F2;;;;N;;;;;
+2F8B1;CJK COMPATIBILITY IDEOGRAPH-2F8B1;Lo;0;L;61F6;;;;N;;;;;
+2F8B2;CJK COMPATIBILITY IDEOGRAPH-2F8B2;Lo;0;L;6210;;;;N;;;;;
+2F8B3;CJK COMPATIBILITY IDEOGRAPH-2F8B3;Lo;0;L;621B;;;;N;;;;;
+2F8B4;CJK COMPATIBILITY IDEOGRAPH-2F8B4;Lo;0;L;625D;;;;N;;;;;
+2F8B5;CJK COMPATIBILITY IDEOGRAPH-2F8B5;Lo;0;L;62B1;;;;N;;;;;
+2F8B6;CJK COMPATIBILITY IDEOGRAPH-2F8B6;Lo;0;L;62D4;;;;N;;;;;
+2F8B7;CJK COMPATIBILITY IDEOGRAPH-2F8B7;Lo;0;L;6350;;;;N;;;;;
+2F8B8;CJK COMPATIBILITY IDEOGRAPH-2F8B8;Lo;0;L;22B0C;;;;N;;;;;
+2F8B9;CJK COMPATIBILITY IDEOGRAPH-2F8B9;Lo;0;L;633D;;;;N;;;;;
+2F8BA;CJK COMPATIBILITY IDEOGRAPH-2F8BA;Lo;0;L;62FC;;;;N;;;;;
+2F8BB;CJK COMPATIBILITY IDEOGRAPH-2F8BB;Lo;0;L;6368;;;;N;;;;;
+2F8BC;CJK COMPATIBILITY IDEOGRAPH-2F8BC;Lo;0;L;6383;;;;N;;;;;
+2F8BD;CJK COMPATIBILITY IDEOGRAPH-2F8BD;Lo;0;L;63E4;;;;N;;;;;
+2F8BE;CJK COMPATIBILITY IDEOGRAPH-2F8BE;Lo;0;L;22BF1;;;;N;;;;;
+2F8BF;CJK COMPATIBILITY IDEOGRAPH-2F8BF;Lo;0;L;6422;;;;N;;;;;
+2F8C0;CJK COMPATIBILITY IDEOGRAPH-2F8C0;Lo;0;L;63C5;;;;N;;;;;
+2F8C1;CJK COMPATIBILITY IDEOGRAPH-2F8C1;Lo;0;L;63A9;;;;N;;;;;
+2F8C2;CJK COMPATIBILITY IDEOGRAPH-2F8C2;Lo;0;L;3A2E;;;;N;;;;;
+2F8C3;CJK COMPATIBILITY IDEOGRAPH-2F8C3;Lo;0;L;6469;;;;N;;;;;
+2F8C4;CJK COMPATIBILITY IDEOGRAPH-2F8C4;Lo;0;L;647E;;;;N;;;;;
+2F8C5;CJK COMPATIBILITY IDEOGRAPH-2F8C5;Lo;0;L;649D;;;;N;;;;;
+2F8C6;CJK COMPATIBILITY IDEOGRAPH-2F8C6;Lo;0;L;6477;;;;N;;;;;
+2F8C7;CJK COMPATIBILITY IDEOGRAPH-2F8C7;Lo;0;L;3A6C;;;;N;;;;;
+2F8C8;CJK COMPATIBILITY IDEOGRAPH-2F8C8;Lo;0;L;654F;;;;N;;;;;
+2F8C9;CJK COMPATIBILITY IDEOGRAPH-2F8C9;Lo;0;L;656C;;;;N;;;;;
+2F8CA;CJK COMPATIBILITY IDEOGRAPH-2F8CA;Lo;0;L;2300A;;;;N;;;;;
+2F8CB;CJK COMPATIBILITY IDEOGRAPH-2F8CB;Lo;0;L;65E3;;;;N;;;;;
+2F8CC;CJK COMPATIBILITY IDEOGRAPH-2F8CC;Lo;0;L;66F8;;;;N;;;;;
+2F8CD;CJK COMPATIBILITY IDEOGRAPH-2F8CD;Lo;0;L;6649;;;;N;;;;;
+2F8CE;CJK COMPATIBILITY IDEOGRAPH-2F8CE;Lo;0;L;3B19;;;;N;;;;;
+2F8CF;CJK COMPATIBILITY IDEOGRAPH-2F8CF;Lo;0;L;6691;;;;N;;;;;
+2F8D0;CJK COMPATIBILITY IDEOGRAPH-2F8D0;Lo;0;L;3B08;;;;N;;;;;
+2F8D1;CJK COMPATIBILITY IDEOGRAPH-2F8D1;Lo;0;L;3AE4;;;;N;;;;;
+2F8D2;CJK COMPATIBILITY IDEOGRAPH-2F8D2;Lo;0;L;5192;;;;N;;;;;
+2F8D3;CJK COMPATIBILITY IDEOGRAPH-2F8D3;Lo;0;L;5195;;;;N;;;;;
+2F8D4;CJK COMPATIBILITY IDEOGRAPH-2F8D4;Lo;0;L;6700;;;;N;;;;;
+2F8D5;CJK COMPATIBILITY IDEOGRAPH-2F8D5;Lo;0;L;669C;;;;N;;;;;
+2F8D6;CJK COMPATIBILITY IDEOGRAPH-2F8D6;Lo;0;L;80AD;;;;N;;;;;
+2F8D7;CJK COMPATIBILITY IDEOGRAPH-2F8D7;Lo;0;L;43D9;;;;N;;;;;
+2F8D8;CJK COMPATIBILITY IDEOGRAPH-2F8D8;Lo;0;L;6717;;;;N;;;;;
+2F8D9;CJK COMPATIBILITY IDEOGRAPH-2F8D9;Lo;0;L;671B;;;;N;;;;;
+2F8DA;CJK COMPATIBILITY IDEOGRAPH-2F8DA;Lo;0;L;6721;;;;N;;;;;
+2F8DB;CJK COMPATIBILITY IDEOGRAPH-2F8DB;Lo;0;L;675E;;;;N;;;;;
+2F8DC;CJK COMPATIBILITY IDEOGRAPH-2F8DC;Lo;0;L;6753;;;;N;;;;;
+2F8DD;CJK COMPATIBILITY IDEOGRAPH-2F8DD;Lo;0;L;233C3;;;;N;;;;;
+2F8DE;CJK COMPATIBILITY IDEOGRAPH-2F8DE;Lo;0;L;3B49;;;;N;;;;;
+2F8DF;CJK COMPATIBILITY IDEOGRAPH-2F8DF;Lo;0;L;67FA;;;;N;;;;;
+2F8E0;CJK COMPATIBILITY IDEOGRAPH-2F8E0;Lo;0;L;6785;;;;N;;;;;
+2F8E1;CJK COMPATIBILITY IDEOGRAPH-2F8E1;Lo;0;L;6852;;;;N;;;;;
+2F8E2;CJK COMPATIBILITY IDEOGRAPH-2F8E2;Lo;0;L;6885;;;;N;;;;;
+2F8E3;CJK COMPATIBILITY IDEOGRAPH-2F8E3;Lo;0;L;2346D;;;;N;;;;;
+2F8E4;CJK COMPATIBILITY IDEOGRAPH-2F8E4;Lo;0;L;688E;;;;N;;;;;
+2F8E5;CJK COMPATIBILITY IDEOGRAPH-2F8E5;Lo;0;L;681F;;;;N;;;;;
+2F8E6;CJK COMPATIBILITY IDEOGRAPH-2F8E6;Lo;0;L;6914;;;;N;;;;;
+2F8E7;CJK COMPATIBILITY IDEOGRAPH-2F8E7;Lo;0;L;3B9D;;;;N;;;;;
+2F8E8;CJK COMPATIBILITY IDEOGRAPH-2F8E8;Lo;0;L;6942;;;;N;;;;;
+2F8E9;CJK COMPATIBILITY IDEOGRAPH-2F8E9;Lo;0;L;69A3;;;;N;;;;;
+2F8EA;CJK COMPATIBILITY IDEOGRAPH-2F8EA;Lo;0;L;69EA;;;;N;;;;;
+2F8EB;CJK COMPATIBILITY IDEOGRAPH-2F8EB;Lo;0;L;6AA8;;;;N;;;;;
+2F8EC;CJK COMPATIBILITY IDEOGRAPH-2F8EC;Lo;0;L;236A3;;;;N;;;;;
+2F8ED;CJK COMPATIBILITY IDEOGRAPH-2F8ED;Lo;0;L;6ADB;;;;N;;;;;
+2F8EE;CJK COMPATIBILITY IDEOGRAPH-2F8EE;Lo;0;L;3C18;;;;N;;;;;
+2F8EF;CJK COMPATIBILITY IDEOGRAPH-2F8EF;Lo;0;L;6B21;;;;N;;;;;
+2F8F0;CJK COMPATIBILITY IDEOGRAPH-2F8F0;Lo;0;L;238A7;;;;N;;;;;
+2F8F1;CJK COMPATIBILITY IDEOGRAPH-2F8F1;Lo;0;L;6B54;;;;N;;;;;
+2F8F2;CJK COMPATIBILITY IDEOGRAPH-2F8F2;Lo;0;L;3C4E;;;;N;;;;;
+2F8F3;CJK COMPATIBILITY IDEOGRAPH-2F8F3;Lo;0;L;6B72;;;;N;;;;;
+2F8F4;CJK COMPATIBILITY IDEOGRAPH-2F8F4;Lo;0;L;6B9F;;;;N;;;;;
+2F8F5;CJK COMPATIBILITY IDEOGRAPH-2F8F5;Lo;0;L;6BBA;;;;N;;;;;
+2F8F6;CJK COMPATIBILITY IDEOGRAPH-2F8F6;Lo;0;L;6BBB;;;;N;;;;;
+2F8F7;CJK COMPATIBILITY IDEOGRAPH-2F8F7;Lo;0;L;23A8D;;;;N;;;;;
+2F8F8;CJK COMPATIBILITY IDEOGRAPH-2F8F8;Lo;0;L;21D0B;;;;N;;;;;
+2F8F9;CJK COMPATIBILITY IDEOGRAPH-2F8F9;Lo;0;L;23AFA;;;;N;;;;;
+2F8FA;CJK COMPATIBILITY IDEOGRAPH-2F8FA;Lo;0;L;6C4E;;;;N;;;;;
+2F8FB;CJK COMPATIBILITY IDEOGRAPH-2F8FB;Lo;0;L;23CBC;;;;N;;;;;
+2F8FC;CJK COMPATIBILITY IDEOGRAPH-2F8FC;Lo;0;L;6CBF;;;;N;;;;;
+2F8FD;CJK COMPATIBILITY IDEOGRAPH-2F8FD;Lo;0;L;6CCD;;;;N;;;;;
+2F8FE;CJK COMPATIBILITY IDEOGRAPH-2F8FE;Lo;0;L;6C67;;;;N;;;;;
+2F8FF;CJK COMPATIBILITY IDEOGRAPH-2F8FF;Lo;0;L;6D16;;;;N;;;;;
+2F900;CJK COMPATIBILITY IDEOGRAPH-2F900;Lo;0;L;6D3E;;;;N;;;;;
+2F901;CJK COMPATIBILITY IDEOGRAPH-2F901;Lo;0;L;6D77;;;;N;;;;;
+2F902;CJK COMPATIBILITY IDEOGRAPH-2F902;Lo;0;L;6D41;;;;N;;;;;
+2F903;CJK COMPATIBILITY IDEOGRAPH-2F903;Lo;0;L;6D69;;;;N;;;;;
+2F904;CJK COMPATIBILITY IDEOGRAPH-2F904;Lo;0;L;6D78;;;;N;;;;;
+2F905;CJK COMPATIBILITY IDEOGRAPH-2F905;Lo;0;L;6D85;;;;N;;;;;
+2F906;CJK COMPATIBILITY IDEOGRAPH-2F906;Lo;0;L;23D1E;;;;N;;;;;
+2F907;CJK COMPATIBILITY IDEOGRAPH-2F907;Lo;0;L;6D34;;;;N;;;;;
+2F908;CJK COMPATIBILITY IDEOGRAPH-2F908;Lo;0;L;6E2F;;;;N;;;;;
+2F909;CJK COMPATIBILITY IDEOGRAPH-2F909;Lo;0;L;6E6E;;;;N;;;;;
+2F90A;CJK COMPATIBILITY IDEOGRAPH-2F90A;Lo;0;L;3D33;;;;N;;;;;
+2F90B;CJK COMPATIBILITY IDEOGRAPH-2F90B;Lo;0;L;6ECB;;;;N;;;;;
+2F90C;CJK COMPATIBILITY IDEOGRAPH-2F90C;Lo;0;L;6EC7;;;;N;;;;;
+2F90D;CJK COMPATIBILITY IDEOGRAPH-2F90D;Lo;0;L;23ED1;;;;N;;;;;
+2F90E;CJK COMPATIBILITY IDEOGRAPH-2F90E;Lo;0;L;6DF9;;;;N;;;;;
+2F90F;CJK COMPATIBILITY IDEOGRAPH-2F90F;Lo;0;L;6F6E;;;;N;;;;;
+2F910;CJK COMPATIBILITY IDEOGRAPH-2F910;Lo;0;L;23F5E;;;;N;;;;;
+2F911;CJK COMPATIBILITY IDEOGRAPH-2F911;Lo;0;L;23F8E;;;;N;;;;;
+2F912;CJK COMPATIBILITY IDEOGRAPH-2F912;Lo;0;L;6FC6;;;;N;;;;;
+2F913;CJK COMPATIBILITY IDEOGRAPH-2F913;Lo;0;L;7039;;;;N;;;;;
+2F914;CJK COMPATIBILITY IDEOGRAPH-2F914;Lo;0;L;701E;;;;N;;;;;
+2F915;CJK COMPATIBILITY IDEOGRAPH-2F915;Lo;0;L;701B;;;;N;;;;;
+2F916;CJK COMPATIBILITY IDEOGRAPH-2F916;Lo;0;L;3D96;;;;N;;;;;
+2F917;CJK COMPATIBILITY IDEOGRAPH-2F917;Lo;0;L;704A;;;;N;;;;;
+2F918;CJK COMPATIBILITY IDEOGRAPH-2F918;Lo;0;L;707D;;;;N;;;;;
+2F919;CJK COMPATIBILITY IDEOGRAPH-2F919;Lo;0;L;7077;;;;N;;;;;
+2F91A;CJK COMPATIBILITY IDEOGRAPH-2F91A;Lo;0;L;70AD;;;;N;;;;;
+2F91B;CJK COMPATIBILITY IDEOGRAPH-2F91B;Lo;0;L;20525;;;;N;;;;;
+2F91C;CJK COMPATIBILITY IDEOGRAPH-2F91C;Lo;0;L;7145;;;;N;;;;;
+2F91D;CJK COMPATIBILITY IDEOGRAPH-2F91D;Lo;0;L;24263;;;;N;;;;;
+2F91E;CJK COMPATIBILITY IDEOGRAPH-2F91E;Lo;0;L;719C;;;;N;;;;;
+2F91F;CJK COMPATIBILITY IDEOGRAPH-2F91F;Lo;0;L;43AB;;;;N;;;;;
+2F920;CJK COMPATIBILITY IDEOGRAPH-2F920;Lo;0;L;7228;;;;N;;;;;
+2F921;CJK COMPATIBILITY IDEOGRAPH-2F921;Lo;0;L;7235;;;;N;;;;;
+2F922;CJK COMPATIBILITY IDEOGRAPH-2F922;Lo;0;L;7250;;;;N;;;;;
+2F923;CJK COMPATIBILITY IDEOGRAPH-2F923;Lo;0;L;24608;;;;N;;;;;
+2F924;CJK COMPATIBILITY IDEOGRAPH-2F924;Lo;0;L;7280;;;;N;;;;;
+2F925;CJK COMPATIBILITY IDEOGRAPH-2F925;Lo;0;L;7295;;;;N;;;;;
+2F926;CJK COMPATIBILITY IDEOGRAPH-2F926;Lo;0;L;24735;;;;N;;;;;
+2F927;CJK COMPATIBILITY IDEOGRAPH-2F927;Lo;0;L;24814;;;;N;;;;;
+2F928;CJK COMPATIBILITY IDEOGRAPH-2F928;Lo;0;L;737A;;;;N;;;;;
+2F929;CJK COMPATIBILITY IDEOGRAPH-2F929;Lo;0;L;738B;;;;N;;;;;
+2F92A;CJK COMPATIBILITY IDEOGRAPH-2F92A;Lo;0;L;3EAC;;;;N;;;;;
+2F92B;CJK COMPATIBILITY IDEOGRAPH-2F92B;Lo;0;L;73A5;;;;N;;;;;
+2F92C;CJK COMPATIBILITY IDEOGRAPH-2F92C;Lo;0;L;3EB8;;;;N;;;;;
+2F92D;CJK COMPATIBILITY IDEOGRAPH-2F92D;Lo;0;L;3EB8;;;;N;;;;;
+2F92E;CJK COMPATIBILITY IDEOGRAPH-2F92E;Lo;0;L;7447;;;;N;;;;;
+2F92F;CJK COMPATIBILITY IDEOGRAPH-2F92F;Lo;0;L;745C;;;;N;;;;;
+2F930;CJK COMPATIBILITY IDEOGRAPH-2F930;Lo;0;L;7471;;;;N;;;;;
+2F931;CJK COMPATIBILITY IDEOGRAPH-2F931;Lo;0;L;7485;;;;N;;;;;
+2F932;CJK COMPATIBILITY IDEOGRAPH-2F932;Lo;0;L;74CA;;;;N;;;;;
+2F933;CJK COMPATIBILITY IDEOGRAPH-2F933;Lo;0;L;3F1B;;;;N;;;;;
+2F934;CJK COMPATIBILITY IDEOGRAPH-2F934;Lo;0;L;7524;;;;N;;;;;
+2F935;CJK COMPATIBILITY IDEOGRAPH-2F935;Lo;0;L;24C36;;;;N;;;;;
+2F936;CJK COMPATIBILITY IDEOGRAPH-2F936;Lo;0;L;753E;;;;N;;;;;
+2F937;CJK COMPATIBILITY IDEOGRAPH-2F937;Lo;0;L;24C92;;;;N;;;;;
+2F938;CJK COMPATIBILITY IDEOGRAPH-2F938;Lo;0;L;7570;;;;N;;;;;
+2F939;CJK COMPATIBILITY IDEOGRAPH-2F939;Lo;0;L;2219F;;;;N;;;;;
+2F93A;CJK COMPATIBILITY IDEOGRAPH-2F93A;Lo;0;L;7610;;;;N;;;;;
+2F93B;CJK COMPATIBILITY IDEOGRAPH-2F93B;Lo;0;L;24FA1;;;;N;;;;;
+2F93C;CJK COMPATIBILITY IDEOGRAPH-2F93C;Lo;0;L;24FB8;;;;N;;;;;
+2F93D;CJK COMPATIBILITY IDEOGRAPH-2F93D;Lo;0;L;25044;;;;N;;;;;
+2F93E;CJK COMPATIBILITY IDEOGRAPH-2F93E;Lo;0;L;3FFC;;;;N;;;;;
+2F93F;CJK COMPATIBILITY IDEOGRAPH-2F93F;Lo;0;L;4008;;;;N;;;;;
+2F940;CJK COMPATIBILITY IDEOGRAPH-2F940;Lo;0;L;76F4;;;;N;;;;;
+2F941;CJK COMPATIBILITY IDEOGRAPH-2F941;Lo;0;L;250F3;;;;N;;;;;
+2F942;CJK COMPATIBILITY IDEOGRAPH-2F942;Lo;0;L;250F2;;;;N;;;;;
+2F943;CJK COMPATIBILITY IDEOGRAPH-2F943;Lo;0;L;25119;;;;N;;;;;
+2F944;CJK COMPATIBILITY IDEOGRAPH-2F944;Lo;0;L;25133;;;;N;;;;;
+2F945;CJK COMPATIBILITY IDEOGRAPH-2F945;Lo;0;L;771E;;;;N;;;;;
+2F946;CJK COMPATIBILITY IDEOGRAPH-2F946;Lo;0;L;771F;;;;N;;;;;
+2F947;CJK COMPATIBILITY IDEOGRAPH-2F947;Lo;0;L;771F;;;;N;;;;;
+2F948;CJK COMPATIBILITY IDEOGRAPH-2F948;Lo;0;L;774A;;;;N;;;;;
+2F949;CJK COMPATIBILITY IDEOGRAPH-2F949;Lo;0;L;4039;;;;N;;;;;
+2F94A;CJK COMPATIBILITY IDEOGRAPH-2F94A;Lo;0;L;778B;;;;N;;;;;
+2F94B;CJK COMPATIBILITY IDEOGRAPH-2F94B;Lo;0;L;4046;;;;N;;;;;
+2F94C;CJK COMPATIBILITY IDEOGRAPH-2F94C;Lo;0;L;4096;;;;N;;;;;
+2F94D;CJK COMPATIBILITY IDEOGRAPH-2F94D;Lo;0;L;2541D;;;;N;;;;;
+2F94E;CJK COMPATIBILITY IDEOGRAPH-2F94E;Lo;0;L;784E;;;;N;;;;;
+2F94F;CJK COMPATIBILITY IDEOGRAPH-2F94F;Lo;0;L;788C;;;;N;;;;;
+2F950;CJK COMPATIBILITY IDEOGRAPH-2F950;Lo;0;L;78CC;;;;N;;;;;
+2F951;CJK COMPATIBILITY IDEOGRAPH-2F951;Lo;0;L;40E3;;;;N;;;;;
+2F952;CJK COMPATIBILITY IDEOGRAPH-2F952;Lo;0;L;25626;;;;N;;;;;
+2F953;CJK COMPATIBILITY IDEOGRAPH-2F953;Lo;0;L;7956;;;;N;;;;;
+2F954;CJK COMPATIBILITY IDEOGRAPH-2F954;Lo;0;L;2569A;;;;N;;;;;
+2F955;CJK COMPATIBILITY IDEOGRAPH-2F955;Lo;0;L;256C5;;;;N;;;;;
+2F956;CJK COMPATIBILITY IDEOGRAPH-2F956;Lo;0;L;798F;;;;N;;;;;
+2F957;CJK COMPATIBILITY IDEOGRAPH-2F957;Lo;0;L;79EB;;;;N;;;;;
+2F958;CJK COMPATIBILITY IDEOGRAPH-2F958;Lo;0;L;412F;;;;N;;;;;
+2F959;CJK COMPATIBILITY IDEOGRAPH-2F959;Lo;0;L;7A40;;;;N;;;;;
+2F95A;CJK COMPATIBILITY IDEOGRAPH-2F95A;Lo;0;L;7A4A;;;;N;;;;;
+2F95B;CJK COMPATIBILITY IDEOGRAPH-2F95B;Lo;0;L;7A4F;;;;N;;;;;
+2F95C;CJK COMPATIBILITY IDEOGRAPH-2F95C;Lo;0;L;2597C;;;;N;;;;;
+2F95D;CJK COMPATIBILITY IDEOGRAPH-2F95D;Lo;0;L;25AA7;;;;N;;;;;
+2F95E;CJK COMPATIBILITY IDEOGRAPH-2F95E;Lo;0;L;25AA7;;;;N;;;;;
+2F95F;CJK COMPATIBILITY IDEOGRAPH-2F95F;Lo;0;L;7AAE;;;;N;;;;;
+2F960;CJK COMPATIBILITY IDEOGRAPH-2F960;Lo;0;L;4202;;;;N;;;;;
+2F961;CJK COMPATIBILITY IDEOGRAPH-2F961;Lo;0;L;25BAB;;;;N;;;;;
+2F962;CJK COMPATIBILITY IDEOGRAPH-2F962;Lo;0;L;7BC6;;;;N;;;;;
+2F963;CJK COMPATIBILITY IDEOGRAPH-2F963;Lo;0;L;7BC9;;;;N;;;;;
+2F964;CJK COMPATIBILITY IDEOGRAPH-2F964;Lo;0;L;4227;;;;N;;;;;
+2F965;CJK COMPATIBILITY IDEOGRAPH-2F965;Lo;0;L;25C80;;;;N;;;;;
+2F966;CJK COMPATIBILITY IDEOGRAPH-2F966;Lo;0;L;7CD2;;;;N;;;;;
+2F967;CJK COMPATIBILITY IDEOGRAPH-2F967;Lo;0;L;42A0;;;;N;;;;;
+2F968;CJK COMPATIBILITY IDEOGRAPH-2F968;Lo;0;L;7CE8;;;;N;;;;;
+2F969;CJK COMPATIBILITY IDEOGRAPH-2F969;Lo;0;L;7CE3;;;;N;;;;;
+2F96A;CJK COMPATIBILITY IDEOGRAPH-2F96A;Lo;0;L;7D00;;;;N;;;;;
+2F96B;CJK COMPATIBILITY IDEOGRAPH-2F96B;Lo;0;L;25F86;;;;N;;;;;
+2F96C;CJK COMPATIBILITY IDEOGRAPH-2F96C;Lo;0;L;7D63;;;;N;;;;;
+2F96D;CJK COMPATIBILITY IDEOGRAPH-2F96D;Lo;0;L;4301;;;;N;;;;;
+2F96E;CJK COMPATIBILITY IDEOGRAPH-2F96E;Lo;0;L;7DC7;;;;N;;;;;
+2F96F;CJK COMPATIBILITY IDEOGRAPH-2F96F;Lo;0;L;7E02;;;;N;;;;;
+2F970;CJK COMPATIBILITY IDEOGRAPH-2F970;Lo;0;L;7E45;;;;N;;;;;
+2F971;CJK COMPATIBILITY IDEOGRAPH-2F971;Lo;0;L;4334;;;;N;;;;;
+2F972;CJK COMPATIBILITY IDEOGRAPH-2F972;Lo;0;L;26228;;;;N;;;;;
+2F973;CJK COMPATIBILITY IDEOGRAPH-2F973;Lo;0;L;26247;;;;N;;;;;
+2F974;CJK COMPATIBILITY IDEOGRAPH-2F974;Lo;0;L;4359;;;;N;;;;;
+2F975;CJK COMPATIBILITY IDEOGRAPH-2F975;Lo;0;L;262D9;;;;N;;;;;
+2F976;CJK COMPATIBILITY IDEOGRAPH-2F976;Lo;0;L;7F7A;;;;N;;;;;
+2F977;CJK COMPATIBILITY IDEOGRAPH-2F977;Lo;0;L;2633E;;;;N;;;;;
+2F978;CJK COMPATIBILITY IDEOGRAPH-2F978;Lo;0;L;7F95;;;;N;;;;;
+2F979;CJK COMPATIBILITY IDEOGRAPH-2F979;Lo;0;L;7FFA;;;;N;;;;;
+2F97A;CJK COMPATIBILITY IDEOGRAPH-2F97A;Lo;0;L;8005;;;;N;;;;;
+2F97B;CJK COMPATIBILITY IDEOGRAPH-2F97B;Lo;0;L;264DA;;;;N;;;;;
+2F97C;CJK COMPATIBILITY IDEOGRAPH-2F97C;Lo;0;L;26523;;;;N;;;;;
+2F97D;CJK COMPATIBILITY IDEOGRAPH-2F97D;Lo;0;L;8060;;;;N;;;;;
+2F97E;CJK COMPATIBILITY IDEOGRAPH-2F97E;Lo;0;L;265A8;;;;N;;;;;
+2F97F;CJK COMPATIBILITY IDEOGRAPH-2F97F;Lo;0;L;8070;;;;N;;;;;
+2F980;CJK COMPATIBILITY IDEOGRAPH-2F980;Lo;0;L;2335F;;;;N;;;;;
+2F981;CJK COMPATIBILITY IDEOGRAPH-2F981;Lo;0;L;43D5;;;;N;;;;;
+2F982;CJK COMPATIBILITY IDEOGRAPH-2F982;Lo;0;L;80B2;;;;N;;;;;
+2F983;CJK COMPATIBILITY IDEOGRAPH-2F983;Lo;0;L;8103;;;;N;;;;;
+2F984;CJK COMPATIBILITY IDEOGRAPH-2F984;Lo;0;L;440B;;;;N;;;;;
+2F985;CJK COMPATIBILITY IDEOGRAPH-2F985;Lo;0;L;813E;;;;N;;;;;
+2F986;CJK COMPATIBILITY IDEOGRAPH-2F986;Lo;0;L;5AB5;;;;N;;;;;
+2F987;CJK COMPATIBILITY IDEOGRAPH-2F987;Lo;0;L;267A7;;;;N;;;;;
+2F988;CJK COMPATIBILITY IDEOGRAPH-2F988;Lo;0;L;267B5;;;;N;;;;;
+2F989;CJK COMPATIBILITY IDEOGRAPH-2F989;Lo;0;L;23393;;;;N;;;;;
+2F98A;CJK COMPATIBILITY IDEOGRAPH-2F98A;Lo;0;L;2339C;;;;N;;;;;
+2F98B;CJK COMPATIBILITY IDEOGRAPH-2F98B;Lo;0;L;8201;;;;N;;;;;
+2F98C;CJK COMPATIBILITY IDEOGRAPH-2F98C;Lo;0;L;8204;;;;N;;;;;
+2F98D;CJK COMPATIBILITY IDEOGRAPH-2F98D;Lo;0;L;8F9E;;;;N;;;;;
+2F98E;CJK COMPATIBILITY IDEOGRAPH-2F98E;Lo;0;L;446B;;;;N;;;;;
+2F98F;CJK COMPATIBILITY IDEOGRAPH-2F98F;Lo;0;L;8291;;;;N;;;;;
+2F990;CJK COMPATIBILITY IDEOGRAPH-2F990;Lo;0;L;828B;;;;N;;;;;
+2F991;CJK COMPATIBILITY IDEOGRAPH-2F991;Lo;0;L;829D;;;;N;;;;;
+2F992;CJK COMPATIBILITY IDEOGRAPH-2F992;Lo;0;L;52B3;;;;N;;;;;
+2F993;CJK COMPATIBILITY IDEOGRAPH-2F993;Lo;0;L;82B1;;;;N;;;;;
+2F994;CJK COMPATIBILITY IDEOGRAPH-2F994;Lo;0;L;82B3;;;;N;;;;;
+2F995;CJK COMPATIBILITY IDEOGRAPH-2F995;Lo;0;L;82BD;;;;N;;;;;
+2F996;CJK COMPATIBILITY IDEOGRAPH-2F996;Lo;0;L;82E6;;;;N;;;;;
+2F997;CJK COMPATIBILITY IDEOGRAPH-2F997;Lo;0;L;26B3C;;;;N;;;;;
+2F998;CJK COMPATIBILITY IDEOGRAPH-2F998;Lo;0;L;82E5;;;;N;;;;;
+2F999;CJK COMPATIBILITY IDEOGRAPH-2F999;Lo;0;L;831D;;;;N;;;;;
+2F99A;CJK COMPATIBILITY IDEOGRAPH-2F99A;Lo;0;L;8363;;;;N;;;;;
+2F99B;CJK COMPATIBILITY IDEOGRAPH-2F99B;Lo;0;L;83AD;;;;N;;;;;
+2F99C;CJK COMPATIBILITY IDEOGRAPH-2F99C;Lo;0;L;8323;;;;N;;;;;
+2F99D;CJK COMPATIBILITY IDEOGRAPH-2F99D;Lo;0;L;83BD;;;;N;;;;;
+2F99E;CJK COMPATIBILITY IDEOGRAPH-2F99E;Lo;0;L;83E7;;;;N;;;;;
+2F99F;CJK COMPATIBILITY IDEOGRAPH-2F99F;Lo;0;L;8457;;;;N;;;;;
+2F9A0;CJK COMPATIBILITY IDEOGRAPH-2F9A0;Lo;0;L;8353;;;;N;;;;;
+2F9A1;CJK COMPATIBILITY IDEOGRAPH-2F9A1;Lo;0;L;83CA;;;;N;;;;;
+2F9A2;CJK COMPATIBILITY IDEOGRAPH-2F9A2;Lo;0;L;83CC;;;;N;;;;;
+2F9A3;CJK COMPATIBILITY IDEOGRAPH-2F9A3;Lo;0;L;83DC;;;;N;;;;;
+2F9A4;CJK COMPATIBILITY IDEOGRAPH-2F9A4;Lo;0;L;26C36;;;;N;;;;;
+2F9A5;CJK COMPATIBILITY IDEOGRAPH-2F9A5;Lo;0;L;26D6B;;;;N;;;;;
+2F9A6;CJK COMPATIBILITY IDEOGRAPH-2F9A6;Lo;0;L;26CD5;;;;N;;;;;
+2F9A7;CJK COMPATIBILITY IDEOGRAPH-2F9A7;Lo;0;L;452B;;;;N;;;;;
+2F9A8;CJK COMPATIBILITY IDEOGRAPH-2F9A8;Lo;0;L;84F1;;;;N;;;;;
+2F9A9;CJK COMPATIBILITY IDEOGRAPH-2F9A9;Lo;0;L;84F3;;;;N;;;;;
+2F9AA;CJK COMPATIBILITY IDEOGRAPH-2F9AA;Lo;0;L;8516;;;;N;;;;;
+2F9AB;CJK COMPATIBILITY IDEOGRAPH-2F9AB;Lo;0;L;273CA;;;;N;;;;;
+2F9AC;CJK COMPATIBILITY IDEOGRAPH-2F9AC;Lo;0;L;8564;;;;N;;;;;
+2F9AD;CJK COMPATIBILITY IDEOGRAPH-2F9AD;Lo;0;L;26F2C;;;;N;;;;;
+2F9AE;CJK COMPATIBILITY IDEOGRAPH-2F9AE;Lo;0;L;455D;;;;N;;;;;
+2F9AF;CJK COMPATIBILITY IDEOGRAPH-2F9AF;Lo;0;L;4561;;;;N;;;;;
+2F9B0;CJK COMPATIBILITY IDEOGRAPH-2F9B0;Lo;0;L;26FB1;;;;N;;;;;
+2F9B1;CJK COMPATIBILITY IDEOGRAPH-2F9B1;Lo;0;L;270D2;;;;N;;;;;
+2F9B2;CJK COMPATIBILITY IDEOGRAPH-2F9B2;Lo;0;L;456B;;;;N;;;;;
+2F9B3;CJK COMPATIBILITY IDEOGRAPH-2F9B3;Lo;0;L;8650;;;;N;;;;;
+2F9B4;CJK COMPATIBILITY IDEOGRAPH-2F9B4;Lo;0;L;865C;;;;N;;;;;
+2F9B5;CJK COMPATIBILITY IDEOGRAPH-2F9B5;Lo;0;L;8667;;;;N;;;;;
+2F9B6;CJK COMPATIBILITY IDEOGRAPH-2F9B6;Lo;0;L;8669;;;;N;;;;;
+2F9B7;CJK COMPATIBILITY IDEOGRAPH-2F9B7;Lo;0;L;86A9;;;;N;;;;;
+2F9B8;CJK COMPATIBILITY IDEOGRAPH-2F9B8;Lo;0;L;8688;;;;N;;;;;
+2F9B9;CJK COMPATIBILITY IDEOGRAPH-2F9B9;Lo;0;L;870E;;;;N;;;;;
+2F9BA;CJK COMPATIBILITY IDEOGRAPH-2F9BA;Lo;0;L;86E2;;;;N;;;;;
+2F9BB;CJK COMPATIBILITY IDEOGRAPH-2F9BB;Lo;0;L;8779;;;;N;;;;;
+2F9BC;CJK COMPATIBILITY IDEOGRAPH-2F9BC;Lo;0;L;8728;;;;N;;;;;
+2F9BD;CJK COMPATIBILITY IDEOGRAPH-2F9BD;Lo;0;L;876B;;;;N;;;;;
+2F9BE;CJK COMPATIBILITY IDEOGRAPH-2F9BE;Lo;0;L;8786;;;;N;;;;;
+2F9BF;CJK COMPATIBILITY IDEOGRAPH-2F9BF;Lo;0;L;4D57;;;;N;;;;;
+2F9C0;CJK COMPATIBILITY IDEOGRAPH-2F9C0;Lo;0;L;87E1;;;;N;;;;;
+2F9C1;CJK COMPATIBILITY IDEOGRAPH-2F9C1;Lo;0;L;8801;;;;N;;;;;
+2F9C2;CJK COMPATIBILITY IDEOGRAPH-2F9C2;Lo;0;L;45F9;;;;N;;;;;
+2F9C3;CJK COMPATIBILITY IDEOGRAPH-2F9C3;Lo;0;L;8860;;;;N;;;;;
+2F9C4;CJK COMPATIBILITY IDEOGRAPH-2F9C4;Lo;0;L;8863;;;;N;;;;;
+2F9C5;CJK COMPATIBILITY IDEOGRAPH-2F9C5;Lo;0;L;27667;;;;N;;;;;
+2F9C6;CJK COMPATIBILITY IDEOGRAPH-2F9C6;Lo;0;L;88D7;;;;N;;;;;
+2F9C7;CJK COMPATIBILITY IDEOGRAPH-2F9C7;Lo;0;L;88DE;;;;N;;;;;
+2F9C8;CJK COMPATIBILITY IDEOGRAPH-2F9C8;Lo;0;L;4635;;;;N;;;;;
+2F9C9;CJK COMPATIBILITY IDEOGRAPH-2F9C9;Lo;0;L;88FA;;;;N;;;;;
+2F9CA;CJK COMPATIBILITY IDEOGRAPH-2F9CA;Lo;0;L;34BB;;;;N;;;;;
+2F9CB;CJK COMPATIBILITY IDEOGRAPH-2F9CB;Lo;0;L;278AE;;;;N;;;;;
+2F9CC;CJK COMPATIBILITY IDEOGRAPH-2F9CC;Lo;0;L;27966;;;;N;;;;;
+2F9CD;CJK COMPATIBILITY IDEOGRAPH-2F9CD;Lo;0;L;46BE;;;;N;;;;;
+2F9CE;CJK COMPATIBILITY IDEOGRAPH-2F9CE;Lo;0;L;46C7;;;;N;;;;;
+2F9CF;CJK COMPATIBILITY IDEOGRAPH-2F9CF;Lo;0;L;8AA0;;;;N;;;;;
+2F9D0;CJK COMPATIBILITY IDEOGRAPH-2F9D0;Lo;0;L;8AED;;;;N;;;;;
+2F9D1;CJK COMPATIBILITY IDEOGRAPH-2F9D1;Lo;0;L;8B8A;;;;N;;;;;
+2F9D2;CJK COMPATIBILITY IDEOGRAPH-2F9D2;Lo;0;L;8C55;;;;N;;;;;
+2F9D3;CJK COMPATIBILITY IDEOGRAPH-2F9D3;Lo;0;L;27CA8;;;;N;;;;;
+2F9D4;CJK COMPATIBILITY IDEOGRAPH-2F9D4;Lo;0;L;8CAB;;;;N;;;;;
+2F9D5;CJK COMPATIBILITY IDEOGRAPH-2F9D5;Lo;0;L;8CC1;;;;N;;;;;
+2F9D6;CJK COMPATIBILITY IDEOGRAPH-2F9D6;Lo;0;L;8D1B;;;;N;;;;;
+2F9D7;CJK COMPATIBILITY IDEOGRAPH-2F9D7;Lo;0;L;8D77;;;;N;;;;;
+2F9D8;CJK COMPATIBILITY IDEOGRAPH-2F9D8;Lo;0;L;27F2F;;;;N;;;;;
+2F9D9;CJK COMPATIBILITY IDEOGRAPH-2F9D9;Lo;0;L;20804;;;;N;;;;;
+2F9DA;CJK COMPATIBILITY IDEOGRAPH-2F9DA;Lo;0;L;8DCB;;;;N;;;;;
+2F9DB;CJK COMPATIBILITY IDEOGRAPH-2F9DB;Lo;0;L;8DBC;;;;N;;;;;
+2F9DC;CJK COMPATIBILITY IDEOGRAPH-2F9DC;Lo;0;L;8DF0;;;;N;;;;;
+2F9DD;CJK COMPATIBILITY IDEOGRAPH-2F9DD;Lo;0;L;208DE;;;;N;;;;;
+2F9DE;CJK COMPATIBILITY IDEOGRAPH-2F9DE;Lo;0;L;8ED4;;;;N;;;;;
+2F9DF;CJK COMPATIBILITY IDEOGRAPH-2F9DF;Lo;0;L;8F38;;;;N;;;;;
+2F9E0;CJK COMPATIBILITY IDEOGRAPH-2F9E0;Lo;0;L;285D2;;;;N;;;;;
+2F9E1;CJK COMPATIBILITY IDEOGRAPH-2F9E1;Lo;0;L;285ED;;;;N;;;;;
+2F9E2;CJK COMPATIBILITY IDEOGRAPH-2F9E2;Lo;0;L;9094;;;;N;;;;;
+2F9E3;CJK COMPATIBILITY IDEOGRAPH-2F9E3;Lo;0;L;90F1;;;;N;;;;;
+2F9E4;CJK COMPATIBILITY IDEOGRAPH-2F9E4;Lo;0;L;9111;;;;N;;;;;
+2F9E5;CJK COMPATIBILITY IDEOGRAPH-2F9E5;Lo;0;L;2872E;;;;N;;;;;
+2F9E6;CJK COMPATIBILITY IDEOGRAPH-2F9E6;Lo;0;L;911B;;;;N;;;;;
+2F9E7;CJK COMPATIBILITY IDEOGRAPH-2F9E7;Lo;0;L;9238;;;;N;;;;;
+2F9E8;CJK COMPATIBILITY IDEOGRAPH-2F9E8;Lo;0;L;92D7;;;;N;;;;;
+2F9E9;CJK COMPATIBILITY IDEOGRAPH-2F9E9;Lo;0;L;92D8;;;;N;;;;;
+2F9EA;CJK COMPATIBILITY IDEOGRAPH-2F9EA;Lo;0;L;927C;;;;N;;;;;
+2F9EB;CJK COMPATIBILITY IDEOGRAPH-2F9EB;Lo;0;L;93F9;;;;N;;;;;
+2F9EC;CJK COMPATIBILITY IDEOGRAPH-2F9EC;Lo;0;L;9415;;;;N;;;;;
+2F9ED;CJK COMPATIBILITY IDEOGRAPH-2F9ED;Lo;0;L;28BFA;;;;N;;;;;
+2F9EE;CJK COMPATIBILITY IDEOGRAPH-2F9EE;Lo;0;L;958B;;;;N;;;;;
+2F9EF;CJK COMPATIBILITY IDEOGRAPH-2F9EF;Lo;0;L;4995;;;;N;;;;;
+2F9F0;CJK COMPATIBILITY IDEOGRAPH-2F9F0;Lo;0;L;95B7;;;;N;;;;;
+2F9F1;CJK COMPATIBILITY IDEOGRAPH-2F9F1;Lo;0;L;28D77;;;;N;;;;;
+2F9F2;CJK COMPATIBILITY IDEOGRAPH-2F9F2;Lo;0;L;49E6;;;;N;;;;;
+2F9F3;CJK COMPATIBILITY IDEOGRAPH-2F9F3;Lo;0;L;96C3;;;;N;;;;;
+2F9F4;CJK COMPATIBILITY IDEOGRAPH-2F9F4;Lo;0;L;5DB2;;;;N;;;;;
+2F9F5;CJK COMPATIBILITY IDEOGRAPH-2F9F5;Lo;0;L;9723;;;;N;;;;;
+2F9F6;CJK COMPATIBILITY IDEOGRAPH-2F9F6;Lo;0;L;29145;;;;N;;;;;
+2F9F7;CJK COMPATIBILITY IDEOGRAPH-2F9F7;Lo;0;L;2921A;;;;N;;;;;
+2F9F8;CJK COMPATIBILITY IDEOGRAPH-2F9F8;Lo;0;L;4A6E;;;;N;;;;;
+2F9F9;CJK COMPATIBILITY IDEOGRAPH-2F9F9;Lo;0;L;4A76;;;;N;;;;;
+2F9FA;CJK COMPATIBILITY IDEOGRAPH-2F9FA;Lo;0;L;97E0;;;;N;;;;;
+2F9FB;CJK COMPATIBILITY IDEOGRAPH-2F9FB;Lo;0;L;2940A;;;;N;;;;;
+2F9FC;CJK COMPATIBILITY IDEOGRAPH-2F9FC;Lo;0;L;4AB2;;;;N;;;;;
+2F9FD;CJK COMPATIBILITY IDEOGRAPH-2F9FD;Lo;0;L;29496;;;;N;;;;;
+2F9FE;CJK COMPATIBILITY IDEOGRAPH-2F9FE;Lo;0;L;980B;;;;N;;;;;
+2F9FF;CJK COMPATIBILITY IDEOGRAPH-2F9FF;Lo;0;L;980B;;;;N;;;;;
+2FA00;CJK COMPATIBILITY IDEOGRAPH-2FA00;Lo;0;L;9829;;;;N;;;;;
+2FA01;CJK COMPATIBILITY IDEOGRAPH-2FA01;Lo;0;L;295B6;;;;N;;;;;
+2FA02;CJK COMPATIBILITY IDEOGRAPH-2FA02;Lo;0;L;98E2;;;;N;;;;;
+2FA03;CJK COMPATIBILITY IDEOGRAPH-2FA03;Lo;0;L;4B33;;;;N;;;;;
+2FA04;CJK COMPATIBILITY IDEOGRAPH-2FA04;Lo;0;L;9929;;;;N;;;;;
+2FA05;CJK COMPATIBILITY IDEOGRAPH-2FA05;Lo;0;L;99A7;;;;N;;;;;
+2FA06;CJK COMPATIBILITY IDEOGRAPH-2FA06;Lo;0;L;99C2;;;;N;;;;;
+2FA07;CJK COMPATIBILITY IDEOGRAPH-2FA07;Lo;0;L;99FE;;;;N;;;;;
+2FA08;CJK COMPATIBILITY IDEOGRAPH-2FA08;Lo;0;L;4BCE;;;;N;;;;;
+2FA09;CJK COMPATIBILITY IDEOGRAPH-2FA09;Lo;0;L;29B30;;;;N;;;;;
+2FA0A;CJK COMPATIBILITY IDEOGRAPH-2FA0A;Lo;0;L;9B12;;;;N;;;;;
+2FA0B;CJK COMPATIBILITY IDEOGRAPH-2FA0B;Lo;0;L;9C40;;;;N;;;;;
+2FA0C;CJK COMPATIBILITY IDEOGRAPH-2FA0C;Lo;0;L;9CFD;;;;N;;;;;
+2FA0D;CJK COMPATIBILITY IDEOGRAPH-2FA0D;Lo;0;L;4CCE;;;;N;;;;;
+2FA0E;CJK COMPATIBILITY IDEOGRAPH-2FA0E;Lo;0;L;4CED;;;;N;;;;;
+2FA0F;CJK COMPATIBILITY IDEOGRAPH-2FA0F;Lo;0;L;9D67;;;;N;;;;;
+2FA10;CJK COMPATIBILITY IDEOGRAPH-2FA10;Lo;0;L;2A0CE;;;;N;;;;;
+2FA11;CJK COMPATIBILITY IDEOGRAPH-2FA11;Lo;0;L;4CF8;;;;N;;;;;
+2FA12;CJK COMPATIBILITY IDEOGRAPH-2FA12;Lo;0;L;2A105;;;;N;;;;;
+2FA13;CJK COMPATIBILITY IDEOGRAPH-2FA13;Lo;0;L;2A20E;;;;N;;;;;
+2FA14;CJK COMPATIBILITY IDEOGRAPH-2FA14;Lo;0;L;2A291;;;;N;;;;;
+2FA15;CJK COMPATIBILITY IDEOGRAPH-2FA15;Lo;0;L;9EBB;;;;N;;;;;
+2FA16;CJK COMPATIBILITY IDEOGRAPH-2FA16;Lo;0;L;4D56;;;;N;;;;;
+2FA17;CJK COMPATIBILITY IDEOGRAPH-2FA17;Lo;0;L;9EF9;;;;N;;;;;
+2FA18;CJK COMPATIBILITY IDEOGRAPH-2FA18;Lo;0;L;9EFE;;;;N;;;;;
+2FA19;CJK COMPATIBILITY IDEOGRAPH-2FA19;Lo;0;L;9F05;;;;N;;;;;
+2FA1A;CJK COMPATIBILITY IDEOGRAPH-2FA1A;Lo;0;L;9F0F;;;;N;;;;;
+2FA1B;CJK COMPATIBILITY IDEOGRAPH-2FA1B;Lo;0;L;9F16;;;;N;;;;;
+2FA1C;CJK COMPATIBILITY IDEOGRAPH-2FA1C;Lo;0;L;9F3B;;;;N;;;;;
+2FA1D;CJK COMPATIBILITY IDEOGRAPH-2FA1D;Lo;0;L;2A600;;;;N;;;;;
+E0001;LANGUAGE TAG;Cf;0;BN;;;;;N;;;;;
+E0020;TAG SPACE;Cf;0;BN;;;;;N;;;;;
+E0021;TAG EXCLAMATION MARK;Cf;0;BN;;;;;N;;;;;
+E0022;TAG QUOTATION MARK;Cf;0;BN;;;;;N;;;;;
+E0023;TAG NUMBER SIGN;Cf;0;BN;;;;;N;;;;;
+E0024;TAG DOLLAR SIGN;Cf;0;BN;;;;;N;;;;;
+E0025;TAG PERCENT SIGN;Cf;0;BN;;;;;N;;;;;
+E0026;TAG AMPERSAND;Cf;0;BN;;;;;N;;;;;
+E0027;TAG APOSTROPHE;Cf;0;BN;;;;;N;;;;;
+E0028;TAG LEFT PARENTHESIS;Cf;0;BN;;;;;N;;;;;
+E0029;TAG RIGHT PARENTHESIS;Cf;0;BN;;;;;N;;;;;
+E002A;TAG ASTERISK;Cf;0;BN;;;;;N;;;;;
+E002B;TAG PLUS SIGN;Cf;0;BN;;;;;N;;;;;
+E002C;TAG COMMA;Cf;0;BN;;;;;N;;;;;
+E002D;TAG HYPHEN-MINUS;Cf;0;BN;;;;;N;;;;;
+E002E;TAG FULL STOP;Cf;0;BN;;;;;N;;;;;
+E002F;TAG SOLIDUS;Cf;0;BN;;;;;N;;;;;
+E0030;TAG DIGIT ZERO;Cf;0;BN;;;;;N;;;;;
+E0031;TAG DIGIT ONE;Cf;0;BN;;;;;N;;;;;
+E0032;TAG DIGIT TWO;Cf;0;BN;;;;;N;;;;;
+E0033;TAG DIGIT THREE;Cf;0;BN;;;;;N;;;;;
+E0034;TAG DIGIT FOUR;Cf;0;BN;;;;;N;;;;;
+E0035;TAG DIGIT FIVE;Cf;0;BN;;;;;N;;;;;
+E0036;TAG DIGIT SIX;Cf;0;BN;;;;;N;;;;;
+E0037;TAG DIGIT SEVEN;Cf;0;BN;;;;;N;;;;;
+E0038;TAG DIGIT EIGHT;Cf;0;BN;;;;;N;;;;;
+E0039;TAG DIGIT NINE;Cf;0;BN;;;;;N;;;;;
+E003A;TAG COLON;Cf;0;BN;;;;;N;;;;;
+E003B;TAG SEMICOLON;Cf;0;BN;;;;;N;;;;;
+E003C;TAG LESS-THAN SIGN;Cf;0;BN;;;;;N;;;;;
+E003D;TAG EQUALS SIGN;Cf;0;BN;;;;;N;;;;;
+E003E;TAG GREATER-THAN SIGN;Cf;0;BN;;;;;N;;;;;
+E003F;TAG QUESTION MARK;Cf;0;BN;;;;;N;;;;;
+E0040;TAG COMMERCIAL AT;Cf;0;BN;;;;;N;;;;;
+E0041;TAG LATIN CAPITAL LETTER A;Cf;0;BN;;;;;N;;;;;
+E0042;TAG LATIN CAPITAL LETTER B;Cf;0;BN;;;;;N;;;;;
+E0043;TAG LATIN CAPITAL LETTER C;Cf;0;BN;;;;;N;;;;;
+E0044;TAG LATIN CAPITAL LETTER D;Cf;0;BN;;;;;N;;;;;
+E0045;TAG LATIN CAPITAL LETTER E;Cf;0;BN;;;;;N;;;;;
+E0046;TAG LATIN CAPITAL LETTER F;Cf;0;BN;;;;;N;;;;;
+E0047;TAG LATIN CAPITAL LETTER G;Cf;0;BN;;;;;N;;;;;
+E0048;TAG LATIN CAPITAL LETTER H;Cf;0;BN;;;;;N;;;;;
+E0049;TAG LATIN CAPITAL LETTER I;Cf;0;BN;;;;;N;;;;;
+E004A;TAG LATIN CAPITAL LETTER J;Cf;0;BN;;;;;N;;;;;
+E004B;TAG LATIN CAPITAL LETTER K;Cf;0;BN;;;;;N;;;;;
+E004C;TAG LATIN CAPITAL LETTER L;Cf;0;BN;;;;;N;;;;;
+E004D;TAG LATIN CAPITAL LETTER M;Cf;0;BN;;;;;N;;;;;
+E004E;TAG LATIN CAPITAL LETTER N;Cf;0;BN;;;;;N;;;;;
+E004F;TAG LATIN CAPITAL LETTER O;Cf;0;BN;;;;;N;;;;;
+E0050;TAG LATIN CAPITAL LETTER P;Cf;0;BN;;;;;N;;;;;
+E0051;TAG LATIN CAPITAL LETTER Q;Cf;0;BN;;;;;N;;;;;
+E0052;TAG LATIN CAPITAL LETTER R;Cf;0;BN;;;;;N;;;;;
+E0053;TAG LATIN CAPITAL LETTER S;Cf;0;BN;;;;;N;;;;;
+E0054;TAG LATIN CAPITAL LETTER T;Cf;0;BN;;;;;N;;;;;
+E0055;TAG LATIN CAPITAL LETTER U;Cf;0;BN;;;;;N;;;;;
+E0056;TAG LATIN CAPITAL LETTER V;Cf;0;BN;;;;;N;;;;;
+E0057;TAG LATIN CAPITAL LETTER W;Cf;0;BN;;;;;N;;;;;
+E0058;TAG LATIN CAPITAL LETTER X;Cf;0;BN;;;;;N;;;;;
+E0059;TAG LATIN CAPITAL LETTER Y;Cf;0;BN;;;;;N;;;;;
+E005A;TAG LATIN CAPITAL LETTER Z;Cf;0;BN;;;;;N;;;;;
+E005B;TAG LEFT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;;
+E005C;TAG REVERSE SOLIDUS;Cf;0;BN;;;;;N;;;;;
+E005D;TAG RIGHT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;;
+E005E;TAG CIRCUMFLEX ACCENT;Cf;0;BN;;;;;N;;;;;
+E005F;TAG LOW LINE;Cf;0;BN;;;;;N;;;;;
+E0060;TAG GRAVE ACCENT;Cf;0;BN;;;;;N;;;;;
+E0061;TAG LATIN SMALL LETTER A;Cf;0;BN;;;;;N;;;;;
+E0062;TAG LATIN SMALL LETTER B;Cf;0;BN;;;;;N;;;;;
+E0063;TAG LATIN SMALL LETTER C;Cf;0;BN;;;;;N;;;;;
+E0064;TAG LATIN SMALL LETTER D;Cf;0;BN;;;;;N;;;;;
+E0065;TAG LATIN SMALL LETTER E;Cf;0;BN;;;;;N;;;;;
+E0066;TAG LATIN SMALL LETTER F;Cf;0;BN;;;;;N;;;;;
+E0067;TAG LATIN SMALL LETTER G;Cf;0;BN;;;;;N;;;;;
+E0068;TAG LATIN SMALL LETTER H;Cf;0;BN;;;;;N;;;;;
+E0069;TAG LATIN SMALL LETTER I;Cf;0;BN;;;;;N;;;;;
+E006A;TAG LATIN SMALL LETTER J;Cf;0;BN;;;;;N;;;;;
+E006B;TAG LATIN SMALL LETTER K;Cf;0;BN;;;;;N;;;;;
+E006C;TAG LATIN SMALL LETTER L;Cf;0;BN;;;;;N;;;;;
+E006D;TAG LATIN SMALL LETTER M;Cf;0;BN;;;;;N;;;;;
+E006E;TAG LATIN SMALL LETTER N;Cf;0;BN;;;;;N;;;;;
+E006F;TAG LATIN SMALL LETTER O;Cf;0;BN;;;;;N;;;;;
+E0070;TAG LATIN SMALL LETTER P;Cf;0;BN;;;;;N;;;;;
+E0071;TAG LATIN SMALL LETTER Q;Cf;0;BN;;;;;N;;;;;
+E0072;TAG LATIN SMALL LETTER R;Cf;0;BN;;;;;N;;;;;
+E0073;TAG LATIN SMALL LETTER S;Cf;0;BN;;;;;N;;;;;
+E0074;TAG LATIN SMALL LETTER T;Cf;0;BN;;;;;N;;;;;
+E0075;TAG LATIN SMALL LETTER U;Cf;0;BN;;;;;N;;;;;
+E0076;TAG LATIN SMALL LETTER V;Cf;0;BN;;;;;N;;;;;
+E0077;TAG LATIN SMALL LETTER W;Cf;0;BN;;;;;N;;;;;
+E0078;TAG LATIN SMALL LETTER X;Cf;0;BN;;;;;N;;;;;
+E0079;TAG LATIN SMALL LETTER Y;Cf;0;BN;;;;;N;;;;;
+E007A;TAG LATIN SMALL LETTER Z;Cf;0;BN;;;;;N;;;;;
+E007B;TAG LEFT CURLY BRACKET;Cf;0;BN;;;;;N;;;;;
+E007C;TAG VERTICAL LINE;Cf;0;BN;;;;;N;;;;;
+E007D;TAG RIGHT CURLY BRACKET;Cf;0;BN;;;;;N;;;;;
+E007E;TAG TILDE;Cf;0;BN;;;;;N;;;;;
+E007F;CANCEL TAG;Cf;0;BN;;;;;N;;;;;
+F0000;<Plane 15 Private Use, First>;Co;0;L;;;;;N;;;;;
+FFFFD;<Plane 15 Private Use, Last>;Co;0;L;;;;;N;;;;;
+100000;<Plane 16 Private Use, First>;Co;0;L;;;;;N;;;;;
+10FFFD;<Plane 16 Private Use, Last>;Co;0;L;;;;;N;;;;;
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/deps b/krb5-1.21.3/src/lib/krb5/unicode/deps
new file mode 100644
index 00000000..9aab9a5c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+ucstr.so ucstr.po $(OUTPRE)ucstr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/ucdata/ucdata.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/k5-unicode.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ucstr.c
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/MUTTUCData.txt b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/MUTTUCData.txt
new file mode 100644
index 00000000..82c46594
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/MUTTUCData.txt
@@ -0,0 +1,303 @@
+#
+# $Id: MUTTUCData.txt,v 1.3 1999/10/29 00:04:35 mleisher Exp $
+#
+# Copyright 1999 Computing Research Labs, New Mexico State University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+#
+# Implementation specific character properties.
+#
+#
+# Space, other.
+#
+0009;;Ss;;;;;;;;;;;;
+000A;;Ss;;;;;;;;;;;;
+000B;;Ss;;;;;;;;;;;;
+000C;;Ss;;;;;;;;;;;;
+000D;;Ss;;;;;;;;;;;;
+#
+# Non-breaking.
+#
+00A0;;Nb;;;;;;;;;;;;
+2007;;Nb;;;;;;;;;;;;
+2011;;Nb;;;;;;;;;;;;
+FEFF;;Nb;;;;;;;;;;;;
+#
+# Symmetric.
+#
+0028;;Sy;;;;;;;;;;;;
+0029;;Sy;;;;;;;;;;;;
+005B;;Sy;;;;;;;;;;;;
+005D;;Sy;;;;;;;;;;;;
+007B;;Sy;;;;;;;;;;;;
+007D;;Sy;;;;;;;;;;;;
+00AB;;Sy;;;;;;;;;;;;
+00BB;;Sy;;;;;;;;;;;;
+0F3A;;Sy;;;;;;;;;;;;
+0F3B;;Sy;;;;;;;;;;;;
+0F3C;;Sy;;;;;;;;;;;;
+0F3D;;Sy;;;;;;;;;;;;
+0F3E;;Sy;;;;;;;;;;;;
+0F3F;;Sy;;;;;;;;;;;;
+2018;;Sy;;;;;;;;;;;;
+2019;;Sy;;;;;;;;;;;;
+201A;;Sy;;;;;;;;;;;;
+201B;;Sy;;;;;;;;;;;;
+201C;;Sy;;;;;;;;;;;;
+201D;;Sy;;;;;;;;;;;;
+201E;;Sy;;;;;;;;;;;;
+201F;;Sy;;;;;;;;;;;;
+2039;;Sy;;;;;;;;;;;;
+203A;;Sy;;;;;;;;;;;;
+2045;;Sy;;;;;;;;;;;;
+2046;;Sy;;;;;;;;;;;;
+207D;;Sy;;;;;;;;;;;;
+207E;;Sy;;;;;;;;;;;;
+208D;;Sy;;;;;;;;;;;;
+208E;;Sy;;;;;;;;;;;;
+2329;;Sy;;;;;;;;;;;;
+232A;;Sy;;;;;;;;;;;;
+3008;;Sy;;;;;;;;;;;;
+3009;;Sy;;;;;;;;;;;;
+300A;;Sy;;;;;;;;;;;;
+300B;;Sy;;;;;;;;;;;;
+300C;;Sy;;;;;;;;;;;;
+300D;;Sy;;;;;;;;;;;;
+300E;;Sy;;;;;;;;;;;;
+300F;;Sy;;;;;;;;;;;;
+3010;;Sy;;;;;;;;;;;;
+3011;;Sy;;;;;;;;;;;;
+3014;;Sy;;;;;;;;;;;;
+3015;;Sy;;;;;;;;;;;;
+3016;;Sy;;;;;;;;;;;;
+3017;;Sy;;;;;;;;;;;;
+3018;;Sy;;;;;;;;;;;;
+3019;;Sy;;;;;;;;;;;;
+301A;;Sy;;;;;;;;;;;;
+301B;;Sy;;;;;;;;;;;;
+301D;;Sy;;;;;;;;;;;;
+301E;;Sy;;;;;;;;;;;;
+301F;;Sy;;;;;;;;;;;;
+FD3E;;Sy;;;;;;;;;;;;
+FD3F;;Sy;;;;;;;;;;;;
+FE35;;Sy;;;;;;;;;;;;
+FE36;;Sy;;;;;;;;;;;;
+FE37;;Sy;;;;;;;;;;;;
+FE38;;Sy;;;;;;;;;;;;
+FE39;;Sy;;;;;;;;;;;;
+FE3A;;Sy;;;;;;;;;;;;
+FE3B;;Sy;;;;;;;;;;;;
+FE3C;;Sy;;;;;;;;;;;;
+FE3D;;Sy;;;;;;;;;;;;
+FE3E;;Sy;;;;;;;;;;;;
+FE3F;;Sy;;;;;;;;;;;;
+FE40;;Sy;;;;;;;;;;;;
+FE41;;Sy;;;;;;;;;;;;
+FE42;;Sy;;;;;;;;;;;;
+FE43;;Sy;;;;;;;;;;;;
+FE44;;Sy;;;;;;;;;;;;
+FE59;;Sy;;;;;;;;;;;;
+FE5A;;Sy;;;;;;;;;;;;
+FE5B;;Sy;;;;;;;;;;;;
+FE5C;;Sy;;;;;;;;;;;;
+FE5D;;Sy;;;;;;;;;;;;
+FE5E;;Sy;;;;;;;;;;;;
+FF08;;Sy;;;;;;;;;;;;
+FF09;;Sy;;;;;;;;;;;;
+FF3B;;Sy;;;;;;;;;;;;
+FF3D;;Sy;;;;;;;;;;;;
+FF5B;;Sy;;;;;;;;;;;;
+FF5D;;Sy;;;;;;;;;;;;
+FF62;;Sy;;;;;;;;;;;;
+FF63;;Sy;;;;;;;;;;;;
+#
+# Hex digit.
+#
+0030;;Hd;;;;;;;;;;;;
+0031;;Hd;;;;;;;;;;;;
+0032;;Hd;;;;;;;;;;;;
+0033;;Hd;;;;;;;;;;;;
+0034;;Hd;;;;;;;;;;;;
+0035;;Hd;;;;;;;;;;;;
+0036;;Hd;;;;;;;;;;;;
+0037;;Hd;;;;;;;;;;;;
+0038;;Hd;;;;;;;;;;;;
+0039;;Hd;;;;;;;;;;;;
+0041;;Hd;;;;;;;;;;;;
+0042;;Hd;;;;;;;;;;;;
+0043;;Hd;;;;;;;;;;;;
+0044;;Hd;;;;;;;;;;;;
+0045;;Hd;;;;;;;;;;;;
+0046;;Hd;;;;;;;;;;;;
+0061;;Hd;;;;;;;;;;;;
+0062;;Hd;;;;;;;;;;;;
+0063;;Hd;;;;;;;;;;;;
+0064;;Hd;;;;;;;;;;;;
+0065;;Hd;;;;;;;;;;;;
+0066;;Hd;;;;;;;;;;;;
+FF10;;Hd;;;;;;;;;;;;
+FF11;;Hd;;;;;;;;;;;;
+FF12;;Hd;;;;;;;;;;;;
+FF13;;Hd;;;;;;;;;;;;
+FF14;;Hd;;;;;;;;;;;;
+FF15;;Hd;;;;;;;;;;;;
+FF16;;Hd;;;;;;;;;;;;
+FF17;;Hd;;;;;;;;;;;;
+FF18;;Hd;;;;;;;;;;;;
+FF19;;Hd;;;;;;;;;;;;
+FF21;;Hd;;;;;;;;;;;;
+FF22;;Hd;;;;;;;;;;;;
+FF23;;Hd;;;;;;;;;;;;
+FF24;;Hd;;;;;;;;;;;;
+FF25;;Hd;;;;;;;;;;;;
+FF26;;Hd;;;;;;;;;;;;
+FF41;;Hd;;;;;;;;;;;;
+FF42;;Hd;;;;;;;;;;;;
+FF43;;Hd;;;;;;;;;;;;
+FF44;;Hd;;;;;;;;;;;;
+FF45;;Hd;;;;;;;;;;;;
+FF46;;Hd;;;;;;;;;;;;
+#
+# Quote marks.
+#
+0022;;Qm;;;;;;;;;;;;
+0027;;Qm;;;;;;;;;;;;
+00AB;;Qm;;;;;;;;;;;;
+00BB;;Qm;;;;;;;;;;;;
+2018;;Qm;;;;;;;;;;;;
+2019;;Qm;;;;;;;;;;;;
+201A;;Qm;;;;;;;;;;;;
+201B;;Qm;;;;;;;;;;;;
+201C;;Qm;;;;;;;;;;;;
+201D;;Qm;;;;;;;;;;;;
+201E;;Qm;;;;;;;;;;;;
+201F;;Qm;;;;;;;;;;;;
+2039;;Qm;;;;;;;;;;;;
+203A;;Qm;;;;;;;;;;;;
+300C;;Qm;;;;;;;;;;;;
+300D;;Qm;;;;;;;;;;;;
+300E;;Qm;;;;;;;;;;;;
+300F;;Qm;;;;;;;;;;;;
+301D;;Qm;;;;;;;;;;;;
+301E;;Qm;;;;;;;;;;;;
+301F;;Qm;;;;;;;;;;;;
+FE41;;Qm;;;;;;;;;;;;
+FE42;;Qm;;;;;;;;;;;;
+FE43;;Qm;;;;;;;;;;;;
+FE44;;Qm;;;;;;;;;;;;
+FF02;;Qm;;;;;;;;;;;;
+FF07;;Qm;;;;;;;;;;;;
+FF62;;Qm;;;;;;;;;;;;
+FF63;;Qm;;;;;;;;;;;;
+#
+# Special Devanagari forms
+#
+E900;DEVANAGARI KSHA LIGATURE;Lo;0;L;0915 094D 0937;;;;N;;;;;
+E901;DEVANAGARI GNYA LIGATURE;Lo;0;L;091C 094D 091E;;;;N;;;;;
+E902;DEVANAGARI TTA LIGATURE;Lo;0;L;0924 094D 0924;;;;N;;;;;
+E903;DEVANAGARI TRA LIGATURE;Lo;0;L;0924 094D 0930;;;;N;;;;;
+E904;DEVANAGARI SHCHA LIGATURE;Lo;0;L;0936 094D 091B;;;;N;;;;;
+E905;DEVANAGARI SHRA LIGATURE;Lo;0;L;0936 094D 0930;;;;N;;;;;
+E906;DEVANAGARI SHVA LIGATURE;Lo;0;L;0936 094D 0935;;;;N;;;;;
+E907;DEVANAGARI KRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E908;DEVANAGARI JRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E909;DEVANAGARI ZRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90A;DEVANAGARI PHRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90B;DEVANAGARI FRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90C;DEVANAGARI PRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90D;DEVANAGARI SRA LIGATURE;Lo;0;L;;;;;N;;;;;
+E90E;DEVANAGARI RU LIGATURE;Lo;0;L;;;;;N;;;;;
+E90F;DEVANAGARI RUU LIGATURE;Lo;0;L;;;;;N;;;;;
+E915;DEVANAGARI HALF LETTER KA;Lo;0;L;;;;;N;;;;;
+E916;DEVANAGARI HALF LETTER KHA;Lo;0;L;;;;;N;;;;;
+E917;DEVANAGARI HALF LETTER GA;Lo;0;L;;;;;N;;;;;
+E918;DEVANAGARI HALF LETTER GHA;Lo;0;L;;;;;N;;;;;
+E919;DEVANAGARI HALF LETTER NGA;Lo;0;L;;;;;N;;;;;
+E91A;DEVANAGARI HALF LETTER CA;Lo;0;L;;;;;N;;;;;
+E91B;DEVANAGARI HALF LETTER CHA;Lo;0;L;;;;;N;;;;;
+E91C;DEVANAGARI HALF LETTER JA;Lo;0;L;;;;;N;;;;;
+E91D;DEVANAGARI HALF LETTER JHA;Lo;0;L;;;;;N;;;;;
+E91E;DEVANAGARI HALF LETTER NYA;Lo;0;L;;;;;N;;;;;
+E91F;DEVANAGARI HALF LETTER TTA;Lo;0;L;;;;;N;;;;;
+E920;DEVANAGARI HALF LETTER TTHA;Lo;0;L;;;;;N;;;;;
+E921;DEVANAGARI HALF LETTER DDA;Lo;0;L;;;;;N;;;;;
+E922;DEVANAGARI HALF LETTER DDHA;Lo;0;L;;;;;N;;;;;
+E923;DEVANAGARI HALF LETTER NNA;Lo;0;L;;;;;N;;;;;
+E924;DEVANAGARI HALF LETTER TA;Lo;0;L;;;;;N;;;;;
+E925;DEVANAGARI HALF LETTER THA;Lo;0;L;;;;;N;;;;;
+E926;DEVANAGARI HALF LETTER DA;Lo;0;L;;;;;N;;;;;
+E927;DEVANAGARI HALF LETTER DHA;Lo;0;L;;;;;N;;;;;
+E928;DEVANAGARI HALF LETTER NA;Lo;0;L;;;;;N;;;;;
+E929;DEVANAGARI HALF LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;;
+E92A;DEVANAGARI HALF LETTER PA;Lo;0;L;;;;;N;;;;;
+E92B;DEVANAGARI HALF LETTER PHA;Lo;0;L;;;;;N;;;;;
+E92C;DEVANAGARI HALF LETTER BA;Lo;0;L;;;;;N;;;;;
+E92D;DEVANAGARI HALF LETTER BHA;Lo;0;L;;;;;N;;;;;
+E92E;DEVANAGARI HALF LETTER MA;Lo;0;L;;;;;N;;;;;
+E92F;DEVANAGARI HALF LETTER YA;Lo;0;L;;;;;N;;;;;
+E930;DEVANAGARI HALF LETTER RA;Lo;0;L;;;;;N;;;;;
+E931;DEVANAGARI HALF LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;;
+E932;DEVANAGARI HALF LETTER LA;Lo;0;L;;;;;N;;;;;
+E933;DEVANAGARI HALF LETTER LLA;Lo;0;L;;;;;N;;;;;
+E934;DEVANAGARI HALF LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;;
+E935;DEVANAGARI HALF LETTER VA;Lo;0;L;;;;;N;;;;;
+E936;DEVANAGARI HALF LETTER SHA;Lo;0;L;;;;;N;;;;;
+E937;DEVANAGARI HALF LETTER SSA;Lo;0;L;;;;;N;;;;;
+E938;DEVANAGARI HALF LETTER SA;Lo;0;L;;;;;N;;;;;
+E939;DEVANAGARI HALF LETTER HA;Lo;0;L;;;;;N;;;;;
+E940;DEVANAGARI KKA LIGATURE;Lo;0;L;0915 094D 0915;;;;N;;;;;
+E941;DEVANAGARI KTA LIGATURE;Lo;0;L;0915 094D 0924;;;;N;;;;;
+E942;DEVANAGARI NGKA LIGATURE;Lo;0;L;0919 094D 0915;;;;N;;;;;
+E943;DEVANAGARI NGKHA LIGATURE;Lo;0;L;0919 094D 0916;;;;N;;;;;
+E944;DEVANAGARI NGGA LIGATURE;Lo;0;L;0919 094D 0917;;;;N;;;;;
+E945;DEVANAGARI NGGHA LIGATURE;Lo;0;L;0919 094D 0918;;;;N;;;;;
+E946;DEVANAGARI NYJA LIGATURE;Lo;0;L;091E 094D 091C;;;;N;;;;;
+E947;DEVANAGARI DGHA LIGATURE;Lo;0;L;0926 094D 0918;;;;N;;;;;
+E948;DEVANAGARI DDA LIGATURE;Lo;0;L;0926 094D 0926;;;;N;;;;;
+E949;DEVANAGARI DDHA LIGATURE;Lo;0;L;0926 094D 0927;;;;N;;;;;
+E94A;DEVANAGARI DBA LIGATURE;Lo;0;L;0926 094D 092C;;;;N;;;;;
+E94B;DEVANAGARI DBHA LIGATURE;Lo;0;L;0926 094D 092D;;;;N;;;;;
+E94C;DEVANAGARI DMA LIGATURE;Lo;0;L;0926 094D 092E;;;;N;;;;;
+E94D;DEVANAGARI DYA LIGATURE;Lo;0;L;0926 094D 092F;;;;N;;;;;
+E94E;DEVANAGARI DVA LIGATURE;Lo;0;L;0926 094D 0935;;;;N;;;;;
+E94F;DEVANAGARI TT-TTA LIGATURE;Lo;0;L;091F 094D 091F;;;;N;;;;;
+E950;DEVANAGARI TT-TTHA LIGATURE;Lo;0;L;091F 094D 0920;;;;N;;;;;
+E951;DEVANAGARI TTH-TTHA LIGATURE;Lo;0;L;0920 094D 0920;;;;N;;;;;
+E952;DEVANAGARI DD-GA LIGATURE;Lo;0;L;0921 094D 0917;;;;N;;;;;
+E953;DEVANAGARI DD-DDA LIGATURE;Lo;0;L;0921 094D 0921;;;;N;;;;;
+E954;DEVANAGARI DD-DDHA LIGATURE;Lo;0;L;0921 094D 0922;;;;N;;;;;
+E955;DEVANAGARI NNA LIGATURE;Lo;0;L;0928 094D 0928;;;;N;;;;;
+E956;DEVANAGARI HMA LIGATURE;Lo;0;L;0939 094D 092E;;;;N;;;;;
+E957;DEVANAGARI HYA LIGATURE;Lo;0;L;0939 094D 092F;;;;N;;;;;
+E958;DEVANAGARI HLA LIGATURE;Lo;0;L;0939 094D 0932;;;;N;;;;;
+E959;DEVANAGARI HVA LIGATURE;Lo;0;L;0939 094D 0935;;;;N;;;;;
+E95A;DEVANAGARI STRA LIGATURE;Lo;0;L;0938 094D 0924 094D 0930;;;;N;;;;;
+E970;DEVANAGARI HALF KSHA LIGATURE;Lo;0;L;0915 094D 0937;;;;N;;;;;
+E971;DEVANAGARI HALF GNYA LIGATURE;Lo;0;L;091C 094D 091E;;;;N;;;;;
+E972;DEVANAGARI HALF TTA LIGATURE;Lo;0;L;0924 094D 0924;;;;N;;;;;
+E973;DEVANAGARI HALF TRA LIGATURE;Lo;0;L;0924 094D 0930;;;;N;;;;;
+E974;DEVANAGARI HALF SHCHA LIGATURE;Lo;0;L;0936 094D 091B;;;;N;;;;;
+E975;DEVANAGARI HALF SHRA LIGATURE;Lo;0;L;0936 094D 0930;;;;N;;;;;
+E976;DEVANAGARI HALF SHVA LIGATURE;Lo;0;L;0936 094D 0935;;;;N;;;;;
+E97B;DEVANAGARI SIGN RRA-REPHA;Mn;36;L;;;;;N;;;;;
+E97C;DEVANAGARI HAR LIGATURE;Lo;0;L;0939 0943;;;;N;;;;;
+E97D;DEVANAGARI SIGN EYELASH RA;Lo;0;L;;;;;N;;;;;
+E97E;DEVANAGARI SIGN REPHA;Mn;36;L;;;;;N;;;;;
+E97F;DEVANAGARI SIGN SUBJOINED RA;Mn;36;L;;;;;N;;;;;
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/README b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/README
new file mode 100644
index 00000000..6a02cc18
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/README
@@ -0,0 +1,313 @@
+#
+# $Id: README,v 1.33 2001/01/02 18:46:19 mleisher Exp $
+#
+
+                           MUTT UCData Package 2.5
+                           -----------------------
+
+This is a package that supports ctype-like operations for Unicode UCS-2 text
+(and surrogates), case mapping, decomposition lookup, and provides a
+bidirectional reordering algorithm.  To use it, you will need to get the
+latest "UnicodeData-*.txt" (or later) file from the Unicode Web or FTP site.
+
+The character information portion of the package consists of three parts:
+
+  1. A program called "ucgendat" which generates five data files from the
+     UnicodeData-*.txt file.  The files are:
+
+     A. case.dat   - the case mappings.
+     B. ctype.dat  - the character property tables.
+     C. comp.dat   - the character composition pairs.
+     D. decomp.dat - the character decompositions.
+     E. cmbcl.dat  - the non-zero combining classes.
+     F. num.dat    - the codes representing numbers.
+
+  2. The "ucdata.[ch]" files which implement the functions needed to
+     check to see if a character matches groups of properties, to map between
+     upper, lower, and title case, to look up the decomposition of a
+     character, look up the combining class of a character, and get the number
+     value of a character.
+
+  3. The UCData.java class which provides the same API (with minor changes for
+     the numbers) and loads the same binary data files as the C code.
+
+A short reference to the functions available is in the "api.txt" file.
+
+Techie Details
+==============
+
+The "ucgendat" program parses files from the command line which are all in the
+Unicode Character Database (UCDB) format.  An additional properties file,
+"MUTTUCData.txt", provides some extra properties for some characters.
+
+The program looks for the two character properties fields (2 and 4), the
+combining class field (3), the decomposition field (5), the numeric value
+field (8), and the case mapping fields (12, 13, and 14).  The decompositions
+are recursively expanded before being written out.
+
+The decomposition table contains all the canonical decompositions.  This means
+all decompositions that do not have tags such as "<compat>" or "<font>".
+
+The data is almost all stored as unsigned longs (32-bits assumed) and the
+routines that load the data take care of endian swaps when necessary.  This
+also means that supplementary characters (>= 0x10000) can be placed in the
+data files the "ucgendat" program parses.
+
+The data is written as external files and broken into six parts so it can be
+selectively updated at runtime if necessary.
+
+The data files currently generated from the "ucgendat" program total about 56K
+in size all together.
+
+The format of the binary data files is documented in the "format.txt" file.
+
+==========================================================================
+
+                       The "Pretty Good Bidi Algorithm"
+                       --------------------------------
+
+This routine provides an alternative to the Unicode Bidi algorithm.  The
+difference is that this version of the PGBA does not handle the explicit
+directional codes (LRE, RLE, LRO, RLO, PDF).  It should now produce the same
+results as the Unicode BiDi algorithm for implicit reordering.  Included are
+functions for doing cursor motion in both logical and visual order.
+
+This implementation is provided to demonstrate an effective alternate method
+for implicit reordering.  To make this useful for an application, it probably
+needs some changes to the memory allocation and deallocation, as well as data
+structure additions for rendering.
+
+Mark Leisher <mleisher@crl.nmsu.edu>
+19 November 1999
+
+-----------------------------------------------------------------------------
+
+CHANGES
+=======
+Version 2.5
+-----------
+1. Changed the number lookup to set the denominator to 1 in cases of digits.
+   This restores functional compatibility with John Cowan's UCType package.
+
+2. Added support for the AL property.
+
+3. Modified load and reload functions to return error codes.
+
+Version 2.4
+-----------
+1. Improved some bidi algorithm documentation in the code.
+
+2. Fixed a code mixup that produced a non-working version.
+
+Version 2.3
+-----------
+1. Fixed a misspelling in the ucpgba.h header file.
+
+2. Fixed a bug which caused trailing weak non-digit sequences to be left out of
+   the reordered string in the bidi algorithm.
+
+3. Fixed a problem with weak sequences containing non-spacing marks in the
+   bidi algorithm.
+
+4. Fixed a problem with text runs of the opposite direction of the string
+   surrounding a weak + neutral text run appearing in the wrong order in the
+   bidi algorithm.
+
+5. Added a default overall direction parameter to the reordering function for
+   cases of strings with no strong directional characters in the bidi
+   algorithm.
+
+6. The bidi API documentation was improved.
+
+7. Added a man page for the bidi API.
+
+Version 2.2
+-----------
+1. Fixed a problem with the bidi algorithm locating directional section
+   boundaries.
+
+2. Fixed a problem with the bidi algorithm starting the reordering correctly.
+
+3. Fixed a problem with the bidi algorithm determining end boundaries for LTR
+   segments.
+
+4. Fixed a problem with the bidi algorithm reordering weak (digits and number
+   separators) segments.
+
+5. Added automatic switching of symmetrically paired characters when
+   reversing RTL segments.
+
+6. Added a missing symmetric character to the extra character properties in
+   MUTTUCData.txt.
+
+7. Added support for doing logical and visual cursor traversal.
+
+Version 2.1
+-----------
+1. Updated the ucgendat program to handle the Unicode 3.0 character database
+   properties.  The AL and BM bidi properties gets marked as strong RTL and
+   Other Neutral, the NSM, LRE, RLE, PDF, LRO, and RLO controls all get marked
+   as Other Neutral.
+
+2. Fixed some problems with testing against signed values in the UCData.java
+   code and some minor cleanup.
+
+3. Added the "Pretty Good Bidi Algorithm."
+
+Version 2.0
+-----------
+1. Removed the old Java stuff for a new class that loads directly from the
+   same data files as the C code does.
+
+2. Fixed a problem with choosing the correct field when mapping case.
+
+3. Adjust some search routines to start their search in the correct position.
+
+4. Moved the copyright year to 1999.
+
+Version 1.9
+-----------
+1. Fixed a problem with an incorrect amount of storage being allocated for the
+   combining class nodes.
+
+2. Fixed an invalid initialization in the number code.
+
+3. Changed the Java template file formatting a bit.
+
+4. Added tables and function for getting decompositions in the Java class.
+
+Version 1.8
+-----------
+1. Fixed a problem with adding certain ranges.
+
+2. Added two more macros for testing for identifiers.
+
+3. Tested with the UnicodeData-2.1.5.txt file.
+
+Version 1.7
+-----------
+1. Fixed a problem with looking up decompositions in "ucgendat."
+
+Version 1.6
+-----------
+1. Added two new properties introduced with UnicodeData-2.1.4.txt.
+
+2. Changed the "ucgendat.c" program a little to automatically align the
+   property data on a 4-byte boundary when new properties are added.
+
+3. Changed the "ucgendat.c" programs to only generate canonical
+   decompositions.
+
+4. Added two new macros ucisinitialpunct() and ucisfinalpunct() to check for
+   initial and final punctuation characters.
+
+5. Minor additions and changes to the documentation.
+
+Version 1.5
+-----------
+1. Changed all file open calls to include binary mode with "b" for DOS/WIN
+   platforms.
+
+2. Wrapped the unistd.h include so it won't be included when compiled under
+   Win32.
+
+3. Fixed a bad range check for hex digits in ucgendat.c.
+
+4. Fixed a bad endian swap for combining classes.
+
+5. Added code to make a number table and associated lookup functions.
+   Functions added are ucnumber(), ucdigit(), and ucgetnumber().  The last
+   function is to maintain compatibility with John Cowan's "uctype" package.
+
+Version 1.4
+-----------
+1. Fixed a bug with adding a range.
+
+2. Fixed a bug with inserting a range in order.
+
+3. Fixed incorrectly specified ucisdefined() and ucisundefined() macros.
+
+4. Added the missing unload for the combining class data.
+
+5. Fixed a bad macro placement in ucisweak().
+
+Version 1.3
+-----------
+1. Bug with case mapping calculations fixed.
+
+2. Bug with empty character property entries fixed.
+
+3. Bug with incorrect type in the combining class lookup fixed.
+
+4. Some corrections done to api.txt.
+
+5. Bug in certain character property lookups fixed.
+
+6. Added a character property table that records the defined characters.
+
+7. Replaced ucisunknown() with ucisdefined() and ucisundefined().
+
+Version 1.2
+-----------
+1. Added code to ucgendat to generate a combining class table.
+
+2. Fixed an endian problem with the byte count of decompositions.
+
+3. Fixed some minor problems in the "format.txt" file.
+
+4. Removed some bogus "Ss" values from MUTTUCData.txt file.
+
+5. Added API function to get combining class.
+
+6. Changed the open mode to "rb" so binary data files will be opened correctly
+   on DOS/WIN as well as other platforms.
+
+7. Added the "api.txt" file.
+
+Version 1.1
+-----------
+1. Added ucisxdigit() which I overlooked.
+
+2. Added UC_LT to the ucisalpha() macro which I overlooked.
+
+3. Change uciscntrl() to include UC_CF.
+
+4. Added ucisocntrl() and ucfntcntrl() macros.
+
+5. Added a ucisblank() which I overlooked.
+
+6. Added missing properties to ucissymbol() and ucisnumber().
+
+7. Added ucisgraph() and ucisprint().
+
+8. Changed the "Mr" property to "Sy" to mark this subset of mirroring
+   characters as symmetric to avoid trampling the Unicode/ISO10646 sense of
+   mirroring.
+
+9. Added another property called "Ss" which includes control characters
+   traditionally seen as spaces in the isspace() macro.
+
+10. Added a bunch of macros to be API compatible with John Cowan's package.
+
+ACKNOWLEDGEMENTS
+================
+
+Thanks go to John Cowan <cowan@locke.ccil.org> for pointing out lots of
+missing things and giving me stuff, particularly a bunch of new macros.
+
+Thanks go to Bob Verbrugge <bob_verbrugge@nl.compuware.com> for pointing out
+various bugs.
+
+Thanks go to Christophe Pierret <cpierret@businessobjects.com> for pointing
+out that file modes need to have "b" for DOS/WIN machines, pointing out
+unistd.h is not a Win 32 header, and pointing out a problem with ucisalnum().
+
+Thanks go to Kent Johnson <kent@pondview.mv.com> for finding a bug that caused
+incomplete decompositions to be generated by the "ucgendat" program.
+
+Thanks go to Valeriy E. Ushakov <uwe@ptc.spbu.ru> for spotting an allocation
+error and an initialization error.
+
+Thanks go to Stig Venaas <Stig.Venaas@uninett.no> for providing a patch to
+support return types on load and reload, and for major updates to handle
+canonical composition and decomposition.
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/api.txt b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/api.txt
new file mode 100644
index 00000000..59170ba4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/api.txt
@@ -0,0 +1,401 @@
+#
+# $Id: api.txt,v 1.3 2001/01/02 18:46:20 mleisher Exp $
+#
+
+                             The MUTT UCData API
+                             -------------------
+
+
+####
+NOTE: This library has been customized for use with OpenLDAP. The character
+data tables are hardcoded into the library and the load/unload/reload
+functions are no-ops. Also, the MUTT API claimed to be compatible with
+John Cowan's library but its ucnumber behavior was broken. This has been
+fixed in the OpenLDAP release.
+
+By default, the implementation specific properties in MUTTUCData.txt are
+not incorporated into the OpenLDAP build. You can supply them to ucgendat
+and recreate uctable.h if you need them.
+  -- hyc@openldap.org
+####
+
+
+-----------------------------------------------------------------------------
+
+Macros that combine to select data tables for ucdata_load(), ucdata_unload(),
+and ucdata_reload().
+
+#define UCDATA_CASE   0x01
+#define UCDATA_CTYPE  0x02
+#define UCDATA_DECOMP 0x04
+#define UCDATA_CMBCL  0x08
+#define UCDATA_NUM    0x10
+#define UCDATA_COMP   0x20
+#define UCATA_ALL (UCDATA_CASE|UCDATA_CTYPE|UCDATA_DECOMP|\
+                   UCDATA_CMBCL|UCDATA_NUM|UCDATA_COMP)
+-----------------------------------------------------------------------------
+
+void ucdata_load(char *paths, int masks)
+
+  This function initializes the UCData library by locating the data files in
+  one of the colon-separated directories in the `paths' parameter.  The data
+  files to be loaded are specified in the `masks' parameter as a bitwise
+  combination of the macros listed above.
+
+  This should be called before using any of the other functions.
+
+  NOTE: the ucdata_setup(char *paths) function is now a macro that expands
+        into this function at compile time.
+
+-----------------------------------------------------------------------------
+
+void ucdata_unload(int masks)
+
+  This function unloads the data tables specified in the `masks' parameter.
+
+  This function should be called when the application is done using the UCData
+  package.
+
+  NOTE: the ucdata_cleanup() function is now a macro that expands into this
+        function at compile time.
+
+-----------------------------------------------------------------------------
+
+void ucdata_reload(char *paths, int masks)
+
+  This function reloads the data files from one of the colon-separated
+  directories in the `paths' parameter.  The data files to be reloaded are
+  specified in the `masks' parameter as a bitwise combination of the macros
+  listed above.
+
+  If the data files have already been loaded, they are unloaded before the
+  data files are loaded again.
+
+-----------------------------------------------------------------------------
+
+int ucdecomp(unsigned long code, unsigned long *num, unsigned long **decomp)
+
+  This function determines if a character has a decomposition and returns the
+  decomposition information if it exists.
+
+  If a zero is returned, there is no decomposition.  If a non-zero is
+  returned, then the `num' and `decomp' variables are filled in with the
+  appropriate values.
+
+  Example call:
+
+    unsigned long i, num, *decomp;
+
+    if (ucdecomp(0x1d5, &num, &decomp) != 0) {
+       for (i = 0; i < num; i++)
+         printf("0x%08lX,", decomp[i]);
+       putchar('\n');
+    }
+
+int uccanondecomp(const unsigned long *in, int inlen, unsigned long **out,
+                  int *outlen)
+
+  This function decomposes an input string and does canonical reordering of
+  the characters at the same time.
+
+  If a -1 is returned, memory allocation was not successful.  If a zero is
+  returned, no decomposition occured.  Any other value means the output string
+  contains the fully decomposed string in canonical order.
+
+  If the "outlen" parameter comes back with a value > 0, then the string
+  returned in the "out" parameter needs to be deallocated by the caller. 
+
+-----------------------------------------------------------------------------
+
+int ucdecomp_hangul(unsigned long code, unsigned long *num,
+                    unsigned long decomp[])
+
+  This function determines if a Hangul syllable has a decomposition and
+  returns the decomposition information.
+
+  An array of at least size 3 should be passed to the function for the
+  decomposition of the syllable.
+
+  If a zero is returned, the character is not a Hangul syllable.  If a
+  non-zero is returned, the `num' field will be 2 or 3 and the syllable will
+  be decomposed into the `decomp' array arithmetically.
+
+  Example call:
+
+    unsigned long i, num, decomp[3];
+
+    if (ucdecomp_hangul(0xb1ba, &num, &decomp) != 0) {
+       for (i = 0; i < num; i++)
+         printf("0x%08lX,", decomp[i]);
+       putchar('\n');
+    }
+
+-----------------------------------------------------------------------------
+
+int uccomp(unsigned long ch1, unsigned long ch2, unsigned long *comp)
+
+  This function takes a pair of characters and determines if they combine to
+  form another character.
+
+  If a zero is returned, no composition is formed by the character pair.  Any
+  other value indicates the "comp" parameter has a value.
+
+int uccomp_hangul(unsigned long *str, int len)
+
+  This function composes the Hangul Jamo in the string.  The composition is
+  done in-place.
+
+  The return value provides the new length of the string.  This will be
+  smaller than "len" if compositions occured.
+
+int uccanoncomp(unsigned long *str, int len)
+
+  This function does a canonical composition of characters in the string.
+
+  The return value is the new length of the string.
+
+-----------------------------------------------------------------------------
+
+struct ucnumber {
+  int numerator;
+  int denominator;
+};
+
+int ucnumber_lookup(unsigned long code, struct ucnumber *num)
+
+  This function determines if the code is a number and fills in the `num'
+  field with the numerator and denominator.  If the code happens to be a
+  single digit, the denominator field will be 1.
+
+####
+The original code would set numerator = denominator for regular digits.
+However, the Readme also claimed to be compatible with John Cowan's uctype
+library, but this behavior is both nonsensical and incompatible with the
+Cowan library. As such, it has been fixed here as described above.
+  -- hyc@openldap.org
+####
+
+  If the function returns 0, the code is not a number.  Any other return
+  value means the code is a number.
+
+int ucdigit_lookup(unsigned long code, int *digit)
+
+  This function determines if the code is a digit and fills in the `digit'
+  field with the digit value.
+
+  If the function returns 0, the code is not a number.  Any other return
+  value means the code is a number.
+
+struct ucnumber ucgetnumber(unsigned long code)
+
+  This is a compatibility function with John Cowan's "uctype" package.  It
+  uses ucnumber_lookup().
+
+int ucgetdigit(unsigned long code)
+
+  This is a compatibility function with John Cowan's "uctype" package.  It
+  uses ucdigit_lookup().
+
+-----------------------------------------------------------------------------
+
+unsigned long uctoupper(unsigned long code)
+
+  This function returns the code unchanged if it is already upper case or has
+  no upper case equivalent.  Otherwise the upper case equivalent is returned.
+
+-----------------------------------------------------------------------------
+
+unsigned long uctolower(unsigned long code)
+
+  This function returns the code unchanged if it is already lower case or has
+  no lower case equivalent.  Otherwise the lower case equivalent is returned.
+
+-----------------------------------------------------------------------------
+
+unsigned long uctotitle(unsigned long code)
+
+  This function returns the code unchanged if it is already title case or has
+  no title case equivalent.  Otherwise the title case equivalent is returned.
+
+-----------------------------------------------------------------------------
+
+int ucisalpha(unsigned long code)
+int ucisalnum(unsigned long code)
+int ucisdigit(unsigned long code)
+int uciscntrl(unsigned long code)
+int ucisspace(unsigned long code)
+int ucisblank(unsigned long code)
+int ucispunct(unsigned long code)
+int ucisgraph(unsigned long code)
+int ucisprint(unsigned long code)
+int ucisxdigit(unsigned long code)
+
+int ucisupper(unsigned long code)
+int ucislower(unsigned long code)
+int ucistitle(unsigned long code)
+
+  These functions (actually macros) determine if a character has these
+  properties.  These behave in a fashion very similar to the venerable ctype
+  package.
+
+-----------------------------------------------------------------------------
+
+int ucisisocntrl(unsigned long code)
+
+  Is the character a C0 control character (< 32) ?
+
+int ucisfmtcntrl(unsigned long code)
+
+  Is the character a format control character?
+
+int ucissymbol(unsigned long code)
+
+  Is the character a symbol?
+
+int ucisnumber(unsigned long code)
+
+  Is the character a number or digit?
+
+int ucisnonspacing(unsigned long code)
+
+  Is the character non-spacing?
+
+int ucisopenpunct(unsigned long code)
+
+  Is the character an open/left punctuation (i.e. '[')
+
+int ucisclosepunct(unsigned long code)
+
+  Is the character an close/right punctuation (i.e. ']')
+
+int ucisinitialpunct(unsigned long code)
+
+  Is the character an initial punctuation (i.e. U+2018 LEFT SINGLE QUOTATION
+  MARK)
+
+int ucisfinalpunct(unsigned long code)
+
+  Is the character a final punctuation (i.e. U+2019 RIGHT SINGLE QUOTATION
+  MARK)
+
+int uciscomposite(unsigned long code)
+
+  Can the character be decomposed into a set of other characters?
+
+int ucisquote(unsigned long code)
+
+  Is the character one of the many quotation marks?
+
+int ucissymmetric(unsigned long code)
+
+  Is the character one that has an opposite form (i.e. <>)
+
+int ucismirroring(unsigned long code)
+
+  Is the character mirroring (superset of symmetric)?
+
+int ucisnonbreaking(unsigned long code)
+
+  Is the character non-breaking (i.e. non-breaking space)?
+
+int ucisrtl(unsigned long code)
+
+  Does the character have strong right-to-left directionality (i.e. Arabic
+  letters)?
+
+int ucisltr(unsigned long code)
+
+  Does the character have strong left-to-right directionality (i.e. Latin
+  letters)?
+
+int ucisstrong(unsigned long code)
+
+  Does the character have strong directionality?
+
+int ucisweak(unsigned long code)
+
+  Does the character have weak directionality (i.e. numbers)?
+
+int ucisneutral(unsigned long code)
+
+  Does the character have neutral directionality (i.e. whitespace)?
+
+int ucisseparator(unsigned long code)
+
+  Is the character a block or segment separator?
+
+int ucislsep(unsigned long code)
+
+  Is the character a line separator?
+
+int ucispsep(unsigned long code)
+
+  Is the character a paragraph separator?
+
+int ucismark(unsigned long code)
+
+  Is the character a mark of some kind?
+
+int ucisnsmark(unsigned long code)
+
+  Is the character a non-spacing mark?
+
+int ucisspmark(unsigned long code)
+
+  Is the character a spacing mark?
+
+int ucismodif(unsigned long code)
+
+  Is the character a modifier letter?
+
+int ucismodifsymbol(unsigned long code)
+
+  Is the character a modifier symbol?
+
+int ucisletnum(unsigned long code)
+
+  Is the character a number represented by a letter?
+
+int ucisconnect(unsigned long code)
+
+  Is the character connecting punctuation?
+
+int ucisdash(unsigned long code)
+
+  Is the character dash punctuation?
+
+int ucismath(unsigned long code)
+
+  Is the character a math character?
+
+int uciscurrency(unsigned long code)
+
+  Is the character a currency character?
+
+int ucisenclosing(unsigned long code)
+
+  Is the character enclosing (i.e. enclosing box)?
+
+int ucisprivate(unsigned long code)
+
+  Is the character from the Private Use Area?
+
+int ucissurrogate(unsigned long code)
+
+  Is the character one of the surrogate codes?
+
+int ucisdefined(unsigned long code)
+
+  Is the character defined (appeared in one of the data files)?
+
+int ucisundefined(unsigned long code)
+
+  Is the character not defined (non-Unicode)?
+
+int ucishan(unsigned long code)
+
+  Is the character a Han ideograph?
+
+int ucishangul(unsigned long code)
+
+  Is the character a pre-composed Hangul syllable?
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/format.txt b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/format.txt
new file mode 100644
index 00000000..e285b390
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/format.txt
@@ -0,0 +1,267 @@
+#
+# $Id: format.txt,v 1.2 2001/01/02 18:46:20 mleisher Exp $
+#
+
+CHARACTER DATA
+==============
+
+This package generates some data files that contain character properties useful
+for text processing.
+
+CHARACTER PROPERTIES
+====================
+
+The first data file is called "ctype.dat" and contains a compressed form of
+the character properties found in the Unicode Character Database (UCDB).
+Additional properties can be specified in limited UCDB format in another file
+to avoid modifying the original UCDB.
+
+The following is a property name and code table to be used with the character
+data:
+
+NAME CODE DESCRIPTION
+---------------------
+Mn   0    Mark, Non-Spacing
+Mc   1    Mark, Spacing Combining
+Me   2    Mark, Enclosing
+Nd   3    Number, Decimal Digit
+Nl   4    Number, Letter
+No   5    Number, Other
+Zs   6    Separator, Space
+Zl   7    Separator, Line
+Zp   8    Separator, Paragraph
+Cc   9    Other, Control
+Cf   10   Other, Format
+Cs   11   Other, Surrogate
+Co   12   Other, Private Use
+Cn   13   Other, Not Assigned
+Lu   14   Letter, Uppercase
+Ll   15   Letter, Lowercase
+Lt   16   Letter, Titlecase
+Lm   17   Letter, Modifier
+Lo   18   Letter, Other
+Pc   19   Punctuation, Connector
+Pd   20   Punctuation, Dash
+Ps   21   Punctuation, Open
+Pe   22   Punctuation, Close
+Po   23   Punctuation, Other
+Sm   24   Symbol, Math
+Sc   25   Symbol, Currency
+Sk   26   Symbol, Modifier
+So   27   Symbol, Other
+L    28   Left-To-Right
+R    29   Right-To-Left
+EN   30   European Number
+ES   31   European Number Separator
+ET   32   European Number Terminator
+AN   33   Arabic Number
+CS   34   Common Number Separator
+B    35   Block Separator
+S    36   Segment Separator
+WS   37   Whitespace
+ON   38   Other Neutrals
+Pi   47   Punctuation, Initial
+Pf   48   Punctuation, Final
+#
+# Implementation specific properties.
+#
+Cm   39   Composite
+Nb   40   Non-Breaking
+Sy   41   Symmetric (characters which are part of open/close pairs)
+Hd   42   Hex Digit
+Qm   43   Quote Mark
+Mr   44   Mirroring
+Ss   45   Space, Other (controls viewed as spaces in ctype isspace())
+Cp   46   Defined character
+
+The actual binary data is formatted as follows:
+
+  Assumptions: unsigned short is at least 16-bits in size and unsigned long
+               is at least 32-bits in size.
+
+    unsigned short ByteOrderMark
+    unsigned short OffsetArraySize
+    unsigned long  Bytes
+    unsigned short Offsets[OffsetArraySize + 1]
+    unsigned long  Ranges[N], N = value of Offsets[OffsetArraySize]
+
+  The Bytes field provides the total byte count used for the Offsets[] and
+  Ranges[] arrays.  The Offsets[] array is aligned on a 4-byte boundary and
+  there is always one extra node on the end to hold the final index of the
+  Ranges[] array.  The Ranges[] array contains pairs of 4-byte values
+  representing a range of Unicode characters.  The pairs are arranged in
+  increasing order by the first character code in the range.
+
+  Determining if a particular character is in the property list requires a
+  simple binary search to determine if a character is in any of the ranges
+  for the property.
+
+  If the ByteOrderMark is equal to 0xFFFE, then the data was generated on a
+  machine with a different endian order and the values must be byte-swapped.
+
+  To swap a 16-bit value:
+     c = (c >> 8) | ((c & 0xff) << 8)
+
+  To swap a 32-bit value:
+     c = ((c & 0xff) << 24) | (((c >> 8) & 0xff) << 16) |
+         (((c >> 16) & 0xff) << 8) | (c >> 24)
+
+CASE MAPPINGS
+=============
+
+The next data file is called "case.dat" and contains three case mapping tables
+in the following order: upper, lower, and title case.  Each table is in
+increasing order by character code and each mapping contains 3 unsigned longs
+which represent the possible mappings.
+
+The format for the binary form of these tables is:
+
+  unsigned short ByteOrderMark
+  unsigned short NumMappingNodes, count of all mapping nodes
+  unsigned short CaseTableSizes[2], upper and lower mapping node counts
+  unsigned long  CaseTables[NumMappingNodes]
+
+  The starting indexes of the case tables are calculated as following:
+
+    UpperIndex = 0;
+    LowerIndex = CaseTableSizes[0] * 3;
+    TitleIndex = LowerIndex + CaseTableSizes[1] * 3;
+
+  The order of the fields for the three tables are:
+
+    Upper case
+    ----------
+    unsigned long upper;
+    unsigned long lower;
+    unsigned long title;
+
+    Lower case
+    ----------
+    unsigned long lower;
+    unsigned long upper;
+    unsigned long title;
+
+    Title case
+    ----------
+    unsigned long title;
+    unsigned long upper;
+    unsigned long lower;
+
+  If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+  same way as described in the CHARACTER PROPERTIES section.
+
+  Because the tables are in increasing order by character code, locating a
+  mapping requires a simple binary search on one of the 3 codes that make up
+  each node.
+
+  It is important to note that there can only be 65536 mapping nodes which
+  divided into 3 portions allows 21845 nodes for each case mapping table.  The
+  distribution of mappings may be more or less than 21845 per table, but only
+  65536 are allowed.
+
+COMPOSITIONS
+============
+
+This data file is called "comp.dat" and contains data that tracks character
+pairs that have a single Unicode value representing the combination of the two
+characters.
+
+The format for the binary form of this table is:
+
+  unsigned short ByteOrderMark
+  unsigned short NumCompositionNodes, count of composition nodes
+  unsigned long  Bytes, total number of bytes used for composition nodes
+  unsigned long  CompositionNodes[NumCompositionNodes * 4]
+
+  If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+  same way as described in the CHARACTER PROPERTIES section.
+
+  The CompositionNodes[] array consists of groups of 4 unsigned longs.  The
+  first of these is the character code representing the combination of two
+  other character codes, the second records the number of character codes that
+  make up the composition (not currently used), and the last two are the pair
+  of character codes whose combination is represented by the character code in
+  the first field.
+
+DECOMPOSITIONS
+==============
+
+The next data file is called "decomp.dat" and contains the decomposition data
+for all characters with decompositions containing more than one character and
+are *not* compatibility decompositions.  Compatibility decompositions are
+signaled in the UCDB format by the use of the <compat> tag in the
+decomposition field.  Each list of character codes represents a full
+decomposition of a composite character.  The nodes are arranged in increasing
+order by character code.
+
+The format for the binary form of this table is:
+
+  unsigned short ByteOrderMark
+  unsigned short NumDecompNodes, count of all decomposition nodes
+  unsigned long  Bytes
+  unsigned long  DecompNodes[(NumDecompNodes * 2) + 1]
+  unsigned long  Decomp[N], N = sum of all counts in DecompNodes[]
+
+  If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+  same way as described in the CHARACTER PROPERTIES section.
+
+  The DecompNodes[] array consists of pairs of unsigned longs, the first of
+  which is the character code and the second is the initial index of the list
+  of character codes representing the decomposition.
+
+  Locating the decomposition of a composite character requires a binary search
+  for a character code in the DecompNodes[] array and using its index to
+  locate the start of the decomposition.  The length of the decomposition list
+  is the index in the following element in DecompNode[] minus the current
+  index.
+
+COMBINING CLASSES
+=================
+
+The fourth data file is called "cmbcl.dat" and contains the characters with
+non-zero combining classes.
+
+The format for the binary form of this table is:
+
+  unsigned short ByteOrderMark
+  unsigned short NumCCLNodes
+  unsigned long  Bytes
+  unsigned long  CCLNodes[NumCCLNodes * 3]
+
+  If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+  same way as described in the CHARACTER PROPERTIES section.
+
+  The CCLNodes[] array consists of groups of three unsigned longs.  The first
+  and second are the beginning and ending of a range and the third is the
+  combining class of that range.
+
+  If a character is not found in this table, then the combining class is
+  assumed to be 0.
+
+  It is important to note that only 65536 distinct ranges plus combining class
+  can be specified because the NumCCLNodes is usually a 16-bit number.
+
+NUMBER TABLE
+============
+
+The final data file is called "num.dat" and contains the characters that have
+a numeric value associated with them.
+
+The format for the binary form of the table is:
+
+  unsigned short ByteOrderMark
+  unsigned short NumNumberNodes
+  unsigned long  Bytes
+  unsigned long  NumberNodes[NumNumberNodes]
+  unsigned short ValueNodes[(Bytes - (NumNumberNodes * sizeof(unsigned long)))
+                            / sizeof(short)]
+
+  If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the
+  same way as described in the CHARACTER PROPERTIES section.
+
+  The NumberNodes array contains pairs of values, the first of which is the
+  character code and the second an index into the ValueNodes array.  The
+  ValueNodes array contains pairs of integers which represent the numerator
+  and denominator of the numeric value of the character.  If the character
+  happens to map to an integer, both the values in ValueNodes will be the
+  same.
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.c b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.c
new file mode 100644
index 00000000..5b6ac708
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.c
@@ -0,0 +1,1497 @@
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+ * This work is part of OpenLDAP Software <https://www.openldap.org/>.
+ * $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.36 2008/01/07 23:20:05 kurt Exp $
+ * $Id: ucdata.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $"
+ */
+
+#include "k5-int.h"
+#include "k5-utf8.h"
+#include "k5-unicode.h"
+
+#include "ucdata.h"
+
+#ifndef HARDCODE_DATA
+#define	HARDCODE_DATA	1
+#endif
+
+#if HARDCODE_DATA
+#include "uctable.h"
+#endif
+
+/**************************************************************************
+ *
+ * Miscellaneous types, data, and support functions.
+ *
+ **************************************************************************/
+
+typedef struct {
+    krb5_ui_2 bom;
+    krb5_ui_2 cnt;
+    union {
+        krb5_ui_4 bytes;
+        krb5_ui_2 len[2];
+    } size;
+} _ucheader_t;
+
+/*
+ * A simple array of 32-bit masks for lookup.
+ */
+static krb5_ui_4 masks32[32] = {
+	0x00000001UL, 0x00000002UL, 0x00000004UL, 0x00000008UL,
+	0x00000010UL, 0x00000020UL, 0x00000040UL, 0x00000080UL,
+	0x00000100UL, 0x00000200UL, 0x00000400UL, 0x00000800UL,
+	0x00001000UL, 0x00002000UL, 0x00004000UL, 0x00008000UL,
+	0x00010000UL, 0x00020000UL, 0x00040000UL, 0x00080000UL,
+	0x00100000UL, 0x00200000UL, 0x00400000UL, 0x00800000UL,
+	0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
+	0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL
+};
+
+#define endian_short(cc) (((cc) >> 8) | (((cc) & 0xff) << 8))
+#define endian_long(cc) ((((cc) & 0xff) << 24)|((((cc) >> 8) & 0xff) << 16)|\
+                        ((((cc) >> 16) & 0xff) << 8)|((cc) >> 24))
+
+#if !HARDCODE_DATA
+static FILE *
+_ucopenfile(char *paths, char *filename, char *mode)
+{
+    FILE *f;
+    char *fp, *dp, *pp, path[BUFSIZ];
+
+    if (filename == 0 || *filename == 0)
+      return 0;
+
+    dp = paths;
+    while (dp && *dp) {
+        pp = path;
+        while (*dp && *dp != ':')
+          *pp++ = *dp++;
+        *pp++ = *LDAP_DIRSEP;
+
+        fp = filename;
+        while (*fp)
+          *pp++ = *fp++;
+        *pp = 0;
+
+        if ((f = fopen(path, mode)) != 0)
+          return f;
+
+        if (*dp == ':')
+          dp++;
+    }
+
+    return 0;
+}
+#endif
+
+/**************************************************************************
+ *
+ * Support for the character properties.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+static krb5_ui_4 _ucprop_size;
+static krb5_ui_2 *_ucprop_offsets;
+static krb5_ui_4 *_ucprop_ranges;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_ucprop_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 size, i;
+    _ucheader_t hdr;
+
+    if (_ucprop_size > 0) {
+        if (!reload)
+          /*
+           * The character properties have already been loaded.
+           */
+          return 0;
+
+        /*
+         * Unload the current character property data in preparation for
+         * loading a new copy.  Only the first array has to be deallocated
+         * because all the memory for the arrays is allocated as a single
+         * block.
+         */
+        free((char *) _ucprop_offsets);
+        _ucprop_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "ctype.dat", "rb")) == 0)
+      return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.bytes = endian_long(hdr.size.bytes);
+    }
+
+    if ((_ucprop_size = hdr.cnt) == 0) {
+        fclose(in);
+        return -1;
+    }
+
+    /*
+     * Allocate all the storage needed for the lookup table.
+     */
+    _ucprop_offsets = (krb5_ui_2 *) malloc(hdr.size.bytes);
+
+    /*
+     * Calculate the offset into the storage for the ranges.  The offsets
+     * array is on a 4-byte boundary and one larger than the value provided in
+     * the header count field.  This means the offset to the ranges must be
+     * calculated after aligning the count to a 4-byte boundary.
+     */
+    if ((size = ((hdr.cnt + 1) * sizeof(krb5_ui_2))) & 3)
+      size += 4 - (size & 3);
+    size >>= 1;
+    _ucprop_ranges = (krb5_ui_4 *) (_ucprop_offsets + size);
+
+    /*
+     * Load the offset array.
+     */
+    fread((char *) _ucprop_offsets, sizeof(krb5_ui_2), size, in);
+
+    /*
+     * Do an endian swap if necessary.  Don't forget there is an extra node on
+     * the end with the final index.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i <= _ucprop_size; i++)
+          _ucprop_offsets[i] = endian_short(_ucprop_offsets[i]);
+    }
+
+    /*
+     * Load the ranges.  The number of elements is in the last array position
+     * of the offsets.
+     */
+    fread((char *) _ucprop_ranges, sizeof(krb5_ui_4),
+          _ucprop_offsets[_ucprop_size], in);
+
+    fclose(in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < _ucprop_offsets[_ucprop_size]; i++)
+          _ucprop_ranges[i] = endian_long(_ucprop_ranges[i]);
+    }
+    return 0;
+}
+
+static void
+_ucprop_unload(void)
+{
+    if (_ucprop_size == 0)
+      return;
+
+    /*
+     * Only need to free the offsets because the memory is allocated as a
+     * single block.
+     */
+    free((char *) _ucprop_offsets);
+    _ucprop_size = 0;
+}
+#endif
+
+static int
+_ucprop_lookup(krb5_ui_4 code, krb5_ui_4 n)
+{
+    long l, r, m;
+
+    if (_ucprop_size == 0)
+      return 0;
+
+    /*
+     * There is an extra node on the end of the offsets to allow this routine
+     * to work right.  If the index is 0xffff, then there are no nodes for the
+     * property.
+     */
+    if ((l = _ucprop_offsets[n]) == 0xffff)
+      return 0;
+
+    /*
+     * Locate the next offset that is not 0xffff.  The sentinel at the end of
+     * the array is the max index value.
+     */
+    for (m = 1;
+         n + m < _ucprop_size && _ucprop_offsets[n + m] == 0xffff; m++) ;
+
+    r = _ucprop_offsets[n + m] - 1;
+
+    while (l <= r) {
+        /*
+         * Determine a "mid" point and adjust to make sure the mid point is at
+         * the beginning of a range pair.
+         */
+        m = (l + r) >> 1;
+        m -= (m & 1);
+        if (code > _ucprop_ranges[m + 1])
+          l = m + 2;
+        else if (code < _ucprop_ranges[m])
+          r = m - 2;
+        else if (code >= _ucprop_ranges[m] && code <= _ucprop_ranges[m + 1])
+          return 1;
+    }
+    return 0;
+}
+
+int
+ucisprop(krb5_ui_4 code, krb5_ui_4 mask1, krb5_ui_4 mask2)
+{
+    krb5_ui_4 i;
+
+    if (mask1 == 0 && mask2 == 0)
+      return 0;
+
+    for (i = 0; mask1 && i < 32; i++) {
+        if ((mask1 & masks32[i]) && _ucprop_lookup(code, i))
+          return 1;
+    }
+
+    for (i = 32; mask2 && i < _ucprop_size; i++) {
+        if ((mask2 & masks32[i & 31]) && _ucprop_lookup(code, i))
+          return 1;
+    }
+
+    return 0;
+}
+
+/**************************************************************************
+ *
+ * Support for case mapping.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+/* These record the number of slots in the map.
+ * There are 3 words per slot.
+ */
+static krb5_ui_4 _uccase_size;
+static krb5_ui_2 _uccase_len[2];
+static krb5_ui_4 *_uccase_map;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uccase_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 i;
+    _ucheader_t hdr;
+
+    if (_uccase_size > 0) {
+        if (!reload)
+          /*
+           * The case mappings have already been loaded.
+           */
+          return 0;
+
+        free((char *) _uccase_map);
+        _uccase_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "case.dat", "rb")) == 0)
+      return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.len[0] = endian_short(hdr.size.len[0]);
+        hdr.size.len[1] = endian_short(hdr.size.len[1]);
+    }
+
+    /*
+     * Set the node count and lengths of the upper and lower case mapping
+     * tables.
+     */
+    _uccase_size = hdr.cnt;
+    _uccase_len[0] = hdr.size.len[0];
+    _uccase_len[1] = hdr.size.len[1];
+
+    _uccase_map = (krb5_ui_4 *)
+        malloc(_uccase_size * 3 * sizeof(krb5_ui_4));
+
+    /*
+     * Load the case mapping table.
+     */
+    fread((char *) _uccase_map, sizeof(krb5_ui_4), _uccase_size * 3, in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < _uccase_size * 3; i++)
+          _uccase_map[i] = endian_long(_uccase_map[i]);
+    }
+    fclose(in);
+    return 0;
+}
+
+static void
+_uccase_unload(void)
+{
+    if (_uccase_size == 0)
+      return;
+
+    free((char *) _uccase_map);
+    _uccase_size = 0;
+}
+#endif
+
+static krb5_ui_4
+_uccase_lookup(krb5_ui_4 code, long l, long r, int field)
+{
+    long m;
+	const krb5_ui_4 *tmp;
+
+    /*
+     * Do the binary search.
+     */
+    while (l <= r) {
+        /*
+         * Determine a "mid" point and adjust to make sure the mid point is at
+         * the beginning of a case mapping triple.
+         */
+        m = (l + r) >> 1;
+		tmp = &_uccase_map[m*3];
+        if (code > *tmp)
+          l = m + 1;
+        else if (code < *tmp)
+          r = m - 1;
+        else if (code == *tmp)
+          return tmp[field];
+    }
+
+    return code;
+}
+
+krb5_ui_4
+uctoupper(krb5_ui_4 code)
+{
+    int field;
+    long l, r;
+
+    if (ucisupper(code))
+      return code;
+
+    if (ucislower(code)) {
+        /*
+         * The character is lower case.
+         */
+        field = 2;
+        l = _uccase_len[0];
+        r = (l + _uccase_len[1]) - 1;
+    } else {
+        /*
+         * The character is title case.
+         */
+        field = 1;
+        l = _uccase_len[0] + _uccase_len[1];
+        r = _uccase_size - 1;
+    }
+    return _uccase_lookup(code, l, r, field);
+}
+
+krb5_ui_4
+uctolower(krb5_ui_4 code)
+{
+    int field;
+    long l, r;
+
+    if (ucislower(code))
+      return code;
+
+    if (ucisupper(code)) {
+        /*
+         * The character is upper case.
+         */
+        field = 1;
+        l = 0;
+        r = _uccase_len[0] - 1;
+    } else {
+        /*
+         * The character is title case.
+         */
+        field = 2;
+        l = _uccase_len[0] + _uccase_len[1];
+        r = _uccase_size - 1;
+    }
+    return _uccase_lookup(code, l, r, field);
+}
+
+krb5_ui_4
+uctotitle(krb5_ui_4 code)
+{
+    int field;
+    long l, r;
+
+    if (ucistitle(code))
+      return code;
+
+    /*
+     * The offset will always be the same for converting to title case.
+     */
+    field = 2;
+
+    if (ucisupper(code)) {
+        /*
+         * The character is upper case.
+         */
+        l = 0;
+        r = _uccase_len[0] - 1;
+    } else {
+        /*
+         * The character is lower case.
+         */
+        l = _uccase_len[0];
+        r = (l + _uccase_len[1]) - 1;
+    }
+    return _uccase_lookup(code, l, r, field);
+}
+
+/**************************************************************************
+ *
+ * Support for compositions.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+static krb5_ui_4  _uccomp_size;
+static krb5_ui_4 *_uccomp_data;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uccomp_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 size, i;
+    _ucheader_t hdr;
+
+    if (_uccomp_size > 0) {
+        if (!reload)
+            /*
+             * The compositions have already been loaded.
+             */
+            return 0;
+
+        free((char *) _uccomp_data);
+        _uccomp_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "comp.dat", "rb")) == 0)
+        return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.bytes = endian_long(hdr.size.bytes);
+    }
+
+    _uccomp_size = hdr.cnt;
+    _uccomp_data = (krb5_ui_4 *) malloc(hdr.size.bytes);
+
+    /*
+     * Read the composition data in.
+     */
+    size = hdr.size.bytes / sizeof(krb5_ui_4);
+    fread((char *) _uccomp_data, sizeof(krb5_ui_4), size, in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < size; i++)
+            _uccomp_data[i] = endian_long(_uccomp_data[i]);
+    }
+
+    /*
+     * Assume that the data is ordered on count, so that all compositions
+     * of length 2 come first. Only handling length 2 for now.
+     */
+    for (i = 1; i < size; i += 4)
+      if (_uccomp_data[i] != 2)
+        break;
+    _uccomp_size = i - 1;
+
+    fclose(in);
+    return 0;
+}
+
+static void
+_uccomp_unload(void)
+{
+    if (_uccomp_size == 0)
+        return;
+
+    free((char *) _uccomp_data);
+    _uccomp_size = 0;
+}
+#endif
+
+int
+uccomp(krb5_ui_4 node1, krb5_ui_4 node2, krb5_ui_4 *comp)
+{
+    int l, r, m;
+
+    l = 0;
+    r = _uccomp_size - 1;
+
+    while (l <= r) {
+        m = ((r + l) >> 1);
+        m -= m & 3;
+        if (node1 > _uccomp_data[m+2])
+          l = m + 4;
+        else if (node1 < _uccomp_data[m+2])
+          r = m - 4;
+        else if (node2 > _uccomp_data[m+3])
+          l = m + 4;
+        else if (node2 < _uccomp_data[m+3])
+          r = m - 4;
+        else {
+            *comp = _uccomp_data[m];
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int
+uccomp_hangul(krb5_ui_4 *str, int len)
+{
+    const int SBase = 0xAC00, LBase = 0x1100,
+        VBase = 0x1161, TBase = 0x11A7,
+        LCount = 19, VCount = 21, TCount = 28,
+        NCount = VCount * TCount,   /* 588 */
+        SCount = LCount * NCount;   /* 11172 */
+
+    int i, rlen;
+    krb5_ui_4 ch, last, lindex, sindex;
+
+    last = str[0];
+    rlen = 1;
+    for ( i = 1; i < len; i++ ) {
+        ch = str[i];
+
+        /* check if two current characters are L and V */
+        lindex = last - LBase;
+        if (lindex < (krb5_ui_4) LCount) {
+            krb5_ui_4 vindex = ch - VBase;
+            if (vindex < (krb5_ui_4) VCount) {
+                /* make syllable of form LV */
+                last = SBase + (lindex * VCount + vindex) * TCount;
+                str[rlen-1] = last; /* reset last */
+                continue;
+            }
+        }
+
+        /* check if two current characters are LV and T */
+        sindex = last - SBase;
+        if (sindex < (krb5_ui_4) SCount
+			&& (sindex % TCount) == 0)
+		{
+            krb5_ui_4 tindex = ch - TBase;
+            if (tindex <= (krb5_ui_4) TCount) {
+                /* make syllable of form LVT */
+                last += tindex;
+                str[rlen-1] = last; /* reset last */
+                continue;
+            }
+        }
+
+        /* if neither case was true, just add the character */
+        last = ch;
+        str[rlen] = ch;
+        rlen++;
+    }
+    return rlen;
+}
+
+int
+uccanoncomp(krb5_ui_4 *str, int len)
+{
+    int i, stpos, copos;
+    krb5_ui_4 cl, prevcl, st, ch, co;
+
+    st = str[0];
+    stpos = 0;
+    copos = 1;
+    prevcl = uccombining_class(st) == 0 ? 0 : 256;
+
+    for (i = 1; i < len; i++) {
+        ch = str[i];
+        cl = uccombining_class(ch);
+        if (uccomp(st, ch, &co) && (prevcl < cl || prevcl == 0))
+          st = str[stpos] = co;
+        else {
+            if (cl == 0) {
+                stpos = copos;
+                st = ch;
+            }
+            prevcl = cl;
+            str[copos++] = ch;
+        }
+    }
+
+    return uccomp_hangul(str, copos);
+}
+
+/**************************************************************************
+ *
+ * Support for decompositions.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+
+static krb5_ui_4  _ucdcmp_size;
+static krb5_ui_4 *_ucdcmp_nodes;
+static krb5_ui_4 *_ucdcmp_decomp;
+
+static krb5_ui_4  _uckdcmp_size;
+static krb5_ui_4 *_uckdcmp_nodes;
+static krb5_ui_4 *_uckdcmp_decomp;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_ucdcmp_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 size, i;
+    _ucheader_t hdr;
+
+    if (_ucdcmp_size > 0) {
+        if (!reload)
+            /*
+             * The decompositions have already been loaded.
+             */
+          return 0;
+
+        free((char *) _ucdcmp_nodes);
+        _ucdcmp_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "decomp.dat", "rb")) == 0)
+        return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.bytes = endian_long(hdr.size.bytes);
+    }
+
+    _ucdcmp_size = hdr.cnt << 1;
+    _ucdcmp_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes);
+    _ucdcmp_decomp = _ucdcmp_nodes + (_ucdcmp_size + 1);
+
+    /*
+     * Read the decomposition data in.
+     */
+    size = hdr.size.bytes / sizeof(krb5_ui_4);
+    fread((char *) _ucdcmp_nodes, sizeof(krb5_ui_4), size, in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < size; i++)
+            _ucdcmp_nodes[i] = endian_long(_ucdcmp_nodes[i]);
+    }
+    fclose(in);
+    return 0;
+}
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uckdcmp_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 size, i;
+    _ucheader_t hdr;
+
+    if (_uckdcmp_size > 0) {
+        if (!reload)
+            /*
+             * The decompositions have already been loaded.
+             */
+          return 0;
+
+        free((char *) _uckdcmp_nodes);
+        _uckdcmp_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "kdecomp.dat", "rb")) == 0)
+        return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.bytes = endian_long(hdr.size.bytes);
+    }
+
+    _uckdcmp_size = hdr.cnt << 1;
+    _uckdcmp_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes);
+    _uckdcmp_decomp = _uckdcmp_nodes + (_uckdcmp_size + 1);
+
+    /*
+     * Read the decomposition data in.
+     */
+    size = hdr.size.bytes / sizeof(krb5_ui_4);
+    fread((char *) _uckdcmp_nodes, sizeof(krb5_ui_4), size, in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < size; i++)
+            _uckdcmp_nodes[i] = endian_long(_uckdcmp_nodes[i]);
+    }
+    fclose(in);
+    return 0;
+}
+
+static void
+_ucdcmp_unload(void)
+{
+    if (_ucdcmp_size == 0)
+      return;
+
+    /*
+     * Only need to free the offsets because the memory is allocated as a
+     * single block.
+     */
+    free((char *) _ucdcmp_nodes);
+    _ucdcmp_size = 0;
+}
+
+static void
+_uckdcmp_unload(void)
+{
+    if (_uckdcmp_size == 0)
+      return;
+
+    /*
+     * Only need to free the offsets because the memory is allocated as a
+     * single block.
+     */
+    free((char *) _uckdcmp_nodes);
+    _uckdcmp_size = 0;
+}
+#endif
+
+int
+ucdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp)
+{
+    long l, r, m;
+
+    if (code < _ucdcmp_nodes[0]) {
+	return 0;
+    }
+
+    l = 0;
+    r = _ucdcmp_nodes[_ucdcmp_size] - 1;
+
+    while (l <= r) {
+        /*
+         * Determine a "mid" point and adjust to make sure the mid point is at
+         * the beginning of a code+offset pair.
+         */
+        m = (l + r) >> 1;
+        m -= (m & 1);
+        if (code > _ucdcmp_nodes[m])
+          l = m + 2;
+        else if (code < _ucdcmp_nodes[m])
+          r = m - 2;
+        else if (code == _ucdcmp_nodes[m]) {
+            *num = _ucdcmp_nodes[m + 3] - _ucdcmp_nodes[m + 1];
+            *decomp = (krb5_ui_4*)&_ucdcmp_decomp[_ucdcmp_nodes[m + 1]];
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int
+uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp)
+{
+    long l, r, m;
+
+    if (code < _uckdcmp_nodes[0]) {
+	return 0;
+    }
+
+    l = 0;
+    r = _uckdcmp_nodes[_uckdcmp_size] - 1;
+
+    while (l <= r) {
+        /*
+         * Determine a "mid" point and adjust to make sure the mid point is at
+         * the beginning of a code+offset pair.
+         */
+        m = (l + r) >> 1;
+        m -= (m & 1);
+        if (code > _uckdcmp_nodes[m])
+          l = m + 2;
+        else if (code < _uckdcmp_nodes[m])
+          r = m - 2;
+        else if (code == _uckdcmp_nodes[m]) {
+            *num = _uckdcmp_nodes[m + 3] - _uckdcmp_nodes[m + 1];
+            *decomp = (krb5_ui_4*)&_uckdcmp_decomp[_uckdcmp_nodes[m + 1]];
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int
+ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[])
+{
+    if (!ucishangul(code))
+      return 0;
+
+    code -= 0xac00;
+    decomp[0] = 0x1100 + (krb5_ui_4) (code / 588);
+    decomp[1] = 0x1161 + (krb5_ui_4) ((code % 588) / 28);
+    decomp[2] = 0x11a7 + (krb5_ui_4) (code % 28);
+    *num = (decomp[2] != 0x11a7) ? 3 : 2;
+
+    return 1;
+}
+
+/* mode == 0 for canonical, mode == 1 for compatibility */
+static int
+uccanoncompatdecomp(const krb5_ui_4 *in, int inlen,
+		    krb5_ui_4 **out, int *outlen, short mode)
+{
+    int l, size;
+	unsigned i, j, k;
+    krb5_ui_4 num, class, *decomp, hangdecomp[3];
+
+    size = inlen * 2;
+    *out = (krb5_ui_4 *) malloc(size * sizeof(**out));
+    if (*out == NULL)
+        return *outlen = -1;
+
+    i = 0;
+    for (j = 0; j < (unsigned) inlen; j++) {
+	if (mode ? uckdecomp(in[j], &num, &decomp) : ucdecomp(in[j], &num, &decomp)) {
+            if ( size - i < num) {
+                size = inlen + i - j + num - 1;
+                *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
+                if (*out == NULL)
+                    return *outlen = -1;
+            }
+            for (k = 0; k < num; k++) {
+                class = uccombining_class(decomp[k]);
+                if (class == 0) {
+                    (*out)[i] = decomp[k];
+                } else {
+                    for (l = i; l > 0; l--)
+                        if (class >= uccombining_class((*out)[l-1]))
+                            break;
+                    memmove(*out + l + 1, *out + l, (i - l) * sizeof(**out));
+                    (*out)[l] = decomp[k];
+                }
+                i++;
+            }
+        } else if (ucdecomp_hangul(in[j], &num, hangdecomp)) {
+            if (size - i < num) {
+                size = inlen + i - j + num - 1;
+                *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
+                if (*out == NULL)
+                    return *outlen = -1;
+            }
+            for (k = 0; k < num; k++) {
+                (*out)[i] = hangdecomp[k];
+                i++;
+            }
+        } else {
+            if (size - i < 1) {
+                size = inlen + i - j;
+                *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
+                if (*out == NULL)
+                    return *outlen = -1;
+            }
+            class = uccombining_class(in[j]);
+            if (class == 0) {
+                (*out)[i] = in[j];
+            } else {
+                for (l = i; l > 0; l--)
+                    if (class >= uccombining_class((*out)[l-1]))
+                        break;
+                memmove(*out + l + 1, *out + l, (i - l) * sizeof(**out));
+                (*out)[l] = in[j];
+            }
+            i++;
+        }
+    }
+    return *outlen = i;
+}
+
+int
+uccanondecomp(const krb5_ui_4 *in, int inlen,
+              krb5_ui_4 **out, int *outlen)
+{
+    return uccanoncompatdecomp(in, inlen, out, outlen, 0);
+}
+
+int
+uccompatdecomp(const krb5_ui_4 *in, int inlen,
+	       krb5_ui_4 **out, int *outlen)
+{
+    return uccanoncompatdecomp(in, inlen, out, outlen, 1);
+}
+
+/**************************************************************************
+ *
+ * Support for combining classes.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+static krb5_ui_4  _uccmcl_size;
+static krb5_ui_4 *_uccmcl_nodes;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_uccmcl_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 i;
+    _ucheader_t hdr;
+
+    if (_uccmcl_size > 0) {
+        if (!reload)
+            /*
+             * The combining classes have already been loaded.
+             */
+            return 0;
+
+        free((char *) _uccmcl_nodes);
+        _uccmcl_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "cmbcl.dat", "rb")) == 0)
+        return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.bytes = endian_long(hdr.size.bytes);
+    }
+
+    _uccmcl_size = hdr.cnt * 3;
+    _uccmcl_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes);
+
+    /*
+     * Read the combining classes in.
+     */
+    fread((char *) _uccmcl_nodes, sizeof(krb5_ui_4), _uccmcl_size, in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < _uccmcl_size; i++)
+            _uccmcl_nodes[i] = endian_long(_uccmcl_nodes[i]);
+    }
+    fclose(in);
+    return 0;
+}
+
+static void
+_uccmcl_unload(void)
+{
+    if (_uccmcl_size == 0)
+      return;
+
+    free((char *) _uccmcl_nodes);
+    _uccmcl_size = 0;
+}
+#endif
+
+krb5_ui_4
+uccombining_class(krb5_ui_4 code)
+{
+    long l, r, m;
+
+    l = 0;
+    r = _uccmcl_size - 1;
+
+    while (l <= r) {
+        m = (l + r) >> 1;
+        m -= (m % 3);
+        if (code > _uccmcl_nodes[m + 1])
+          l = m + 3;
+        else if (code < _uccmcl_nodes[m])
+          r = m - 3;
+        else if (code >= _uccmcl_nodes[m] && code <= _uccmcl_nodes[m + 1])
+          return _uccmcl_nodes[m + 2];
+    }
+    return 0;
+}
+
+/**************************************************************************
+ *
+ * Support for numeric values.
+ *
+ **************************************************************************/
+
+#if !HARDCODE_DATA
+static krb5_ui_4 *_ucnum_nodes;
+static krb5_ui_4 _ucnum_size;
+static short *_ucnum_vals;
+
+/*
+ * Return -1 on error, 0 if okay
+ */
+static int
+_ucnumb_load(char *paths, int reload)
+{
+    FILE *in;
+    krb5_ui_4 size, i;
+    _ucheader_t hdr;
+
+    if (_ucnum_size > 0) {
+        if (!reload)
+          /*
+           * The numbers have already been loaded.
+           */
+          return 0;
+
+        free((char *) _ucnum_nodes);
+        _ucnum_size = 0;
+    }
+
+    if ((in = _ucopenfile(paths, "num.dat", "rb")) == 0)
+      return -1;
+
+    /*
+     * Load the header.
+     */
+    fread((char *) &hdr, sizeof(_ucheader_t), 1, in);
+
+    if (hdr.bom == 0xfffe) {
+        hdr.cnt = endian_short(hdr.cnt);
+        hdr.size.bytes = endian_long(hdr.size.bytes);
+    }
+
+    _ucnum_size = hdr.cnt;
+    _ucnum_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes);
+    _ucnum_vals = (short *) (_ucnum_nodes + _ucnum_size);
+
+    /*
+     * Read the combining classes in.
+     */
+    fread((char *) _ucnum_nodes, sizeof(unsigned char), hdr.size.bytes, in);
+
+    /*
+     * Do an endian swap if necessary.
+     */
+    if (hdr.bom == 0xfffe) {
+        for (i = 0; i < _ucnum_size; i++)
+          _ucnum_nodes[i] = endian_long(_ucnum_nodes[i]);
+
+        /*
+         * Determine the number of values that have to be adjusted.
+         */
+        size = (hdr.size.bytes -
+                (_ucnum_size * (sizeof(krb5_ui_4) << 1))) /
+            sizeof(short);
+
+        for (i = 0; i < size; i++)
+          _ucnum_vals[i] = endian_short(_ucnum_vals[i]);
+    }
+    fclose(in);
+    return 0;
+}
+
+static void
+_ucnumb_unload(void)
+{
+    if (_ucnum_size == 0)
+      return;
+
+    free((char *) _ucnum_nodes);
+    _ucnum_size = 0;
+}
+#endif
+
+int
+ucnumber_lookup(krb5_ui_4 code, struct ucnumber *num)
+{
+    long l, r, m;
+    short *vp;
+
+    l = 0;
+    r = _ucnum_size - 1;
+    while (l <= r) {
+        /*
+         * Determine a "mid" point and adjust to make sure the mid point is at
+         * the beginning of a code+offset pair.
+         */
+        m = (l + r) >> 1;
+        m -= (m & 1);
+        if (code > _ucnum_nodes[m])
+          l = m + 2;
+        else if (code < _ucnum_nodes[m])
+          r = m - 2;
+        else {
+            vp = (short *)_ucnum_vals + _ucnum_nodes[m + 1];
+            num->numerator = (int) *vp++;
+            num->denominator = (int) *vp;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int
+ucdigit_lookup(krb5_ui_4 code, int *digit)
+{
+    long l, r, m;
+    short *vp;
+
+    l = 0;
+    r = _ucnum_size - 1;
+    while (l <= r) {
+        /*
+         * Determine a "mid" point and adjust to make sure the mid point is at
+         * the beginning of a code+offset pair.
+         */
+        m = (l + r) >> 1;
+        m -= (m & 1);
+        if (code > _ucnum_nodes[m])
+          l = m + 2;
+        else if (code < _ucnum_nodes[m])
+          r = m - 2;
+        else {
+            vp = (short *)_ucnum_vals + _ucnum_nodes[m + 1];
+            if (*vp == *(vp + 1)) {
+              *digit = *vp;
+              return 1;
+            }
+            return 0;
+        }
+    }
+    return 0;
+}
+
+struct ucnumber
+ucgetnumber(krb5_ui_4 code)
+{
+    struct ucnumber num;
+
+    /*
+     * Initialize with some arbitrary value, because the caller simply cannot
+     * tell for sure if the code is a number without calling the ucisnumber()
+     * macro before calling this function.
+     */
+    num.numerator = num.denominator = -111;
+
+    (void) ucnumber_lookup(code, &num);
+
+    return num;
+}
+
+int
+ucgetdigit(krb5_ui_4 code)
+{
+    int dig;
+
+    /*
+     * Initialize with some arbitrary value, because the caller simply cannot
+     * tell for sure if the code is a number without calling the ucisdigit()
+     * macro before calling this function.
+     */
+    dig = -111;
+
+    (void) ucdigit_lookup(code, &dig);
+
+    return dig;
+}
+
+/**************************************************************************
+ *
+ * Setup and cleanup routines.
+ *
+ **************************************************************************/
+
+#if HARDCODE_DATA
+int ucdata_load(char *paths, int masks) { return 0; }
+void ucdata_unload(int masks) { }
+int ucdata_reload(char *paths, int masks) { return 0; }
+#else
+/*
+ * Return 0 if okay, negative on error
+ */
+int
+ucdata_load(char *paths, int masks)
+{
+    int error = 0;
+
+    if (masks & UCDATA_CTYPE)
+      error |= _ucprop_load(paths, 0) < 0 ? UCDATA_CTYPE : 0;
+    if (masks & UCDATA_CASE)
+      error |= _uccase_load(paths, 0) < 0 ? UCDATA_CASE : 0;
+    if (masks & UCDATA_DECOMP)
+      error |= _ucdcmp_load(paths, 0) < 0 ? UCDATA_DECOMP : 0;
+    if (masks & UCDATA_CMBCL)
+      error |= _uccmcl_load(paths, 0) < 0 ? UCDATA_CMBCL : 0;
+    if (masks & UCDATA_NUM)
+      error |= _ucnumb_load(paths, 0) < 0 ? UCDATA_NUM : 0;
+    if (masks & UCDATA_COMP)
+      error |= _uccomp_load(paths, 0) < 0 ? UCDATA_COMP : 0;
+    if (masks & UCDATA_KDECOMP)
+      error |= _uckdcmp_load(paths, 0) < 0 ? UCDATA_KDECOMP : 0;
+
+    return -error;
+}
+
+void
+ucdata_unload(int masks)
+{
+    if (masks & UCDATA_CTYPE)
+      _ucprop_unload();
+    if (masks & UCDATA_CASE)
+      _uccase_unload();
+    if (masks & UCDATA_DECOMP)
+      _ucdcmp_unload();
+    if (masks & UCDATA_CMBCL)
+      _uccmcl_unload();
+    if (masks & UCDATA_NUM)
+      _ucnumb_unload();
+    if (masks & UCDATA_COMP)
+      _uccomp_unload();
+    if (masks & UCDATA_KDECOMP)
+      _uckdcmp_unload();
+}
+
+/*
+ * Return 0 if okay, negative on error
+ */
+int
+ucdata_reload(char *paths, int masks)
+{
+    int error = 0;
+
+    if (masks & UCDATA_CTYPE)
+        error |= _ucprop_load(paths, 1) < 0 ? UCDATA_CTYPE : 0;
+    if (masks & UCDATA_CASE)
+        error |= _uccase_load(paths, 1) < 0 ? UCDATA_CASE : 0;
+    if (masks & UCDATA_DECOMP)
+        error |= _ucdcmp_load(paths, 1) < 0 ? UCDATA_DECOMP : 0;
+    if (masks & UCDATA_CMBCL)
+        error |= _uccmcl_load(paths, 1) < 0 ? UCDATA_CMBCL : 0;
+    if (masks & UCDATA_NUM)
+        error |= _ucnumb_load(paths, 1) < 0 ? UCDATA_NUM : 0;
+    if (masks & UCDATA_COMP)
+        error |= _uccomp_load(paths, 1) < 0 ? UCDATA_COMP : 0;
+    if (masks & UCDATA_KDECOMP)
+        error |= _uckdcmp_load(paths, 1) < 0 ? UCDATA_KDECOMP : 0;
+
+    return -error;
+}
+#endif
+
+#ifdef TEST
+
+void
+main(void)
+{
+    int dig;
+    krb5_ui_4 i, lo, *dec;
+    struct ucnumber num;
+
+/*    ucdata_setup("."); */
+
+    if (ucisweak(0x30))
+      printf("WEAK\n");
+    else
+      printf("NOT WEAK\n");
+
+    printf("LOWER 0x%04lX\n", uctolower(0xff3a));
+    printf("UPPER 0x%04lX\n", uctoupper(0xff5a));
+
+    if (ucisalpha(0x1d5))
+      printf("ALPHA\n");
+    else
+      printf("NOT ALPHA\n");
+
+    if (ucisupper(0x1d5)) {
+        printf("UPPER\n");
+        lo = uctolower(0x1d5);
+        printf("0x%04lx\n", lo);
+        lo = uctotitle(0x1d5);
+        printf("0x%04lx\n", lo);
+    } else
+      printf("NOT UPPER\n");
+
+    if (ucistitle(0x1d5))
+      printf("TITLE\n");
+    else
+      printf("NOT TITLE\n");
+
+    if (uciscomposite(0x1d5))
+      printf("COMPOSITE\n");
+    else
+      printf("NOT COMPOSITE\n");
+
+    if (ucdecomp(0x1d5, &lo, &dec)) {
+        for (i = 0; i < lo; i++)
+          printf("0x%04lx ", dec[i]);
+        putchar('\n');
+    }
+
+    if ((lo = uccombining_class(0x41)) != 0)
+      printf("0x41 CCL %ld\n", lo);
+
+    if (ucisxdigit(0xfeff))
+      printf("0xFEFF HEX DIGIT\n");
+    else
+      printf("0xFEFF NOT HEX DIGIT\n");
+
+    if (ucisdefined(0x10000))
+      printf("0x10000 DEFINED\n");
+    else
+      printf("0x10000 NOT DEFINED\n");
+
+    if (ucnumber_lookup(0x30, &num)) {
+        if (num.denominator != 1)
+          printf("UCNUMBER: 0x30 = %d/%d\n", num.numerator, num.denominator);
+        else
+          printf("UCNUMBER: 0x30 = %d\n", num.numerator);
+    } else
+      printf("UCNUMBER: 0x30 NOT A NUMBER\n");
+
+    if (ucnumber_lookup(0xbc, &num)) {
+        if (num.denominator != 1)
+          printf("UCNUMBER: 0xbc = %d/%d\n", num.numerator, num.denominator);
+        else
+          printf("UCNUMBER: 0xbc = %d\n", num.numerator);
+    } else
+      printf("UCNUMBER: 0xbc NOT A NUMBER\n");
+
+
+    if (ucnumber_lookup(0xff19, &num)) {
+        if (num.denominator != 1)
+          printf("UCNUMBER: 0xff19 = %d/%d\n", num.numerator, num.denominator);
+        else
+          printf("UCNUMBER: 0xff19 = %d\n", num.numerator);
+    } else
+      printf("UCNUMBER: 0xff19 NOT A NUMBER\n");
+
+    if (ucnumber_lookup(0x4e00, &num)) {
+        if (num.denominator != 1)
+          printf("UCNUMBER: 0x4e00 = %d/%d\n", num.numerator, num.denominator);
+        else
+          printf("UCNUMBER: 0x4e00 = %d\n", num.numerator);
+    } else
+      printf("UCNUMBER: 0x4e00 NOT A NUMBER\n");
+
+    if (ucdigit_lookup(0x06f9, &dig))
+      printf("UCDIGIT: 0x6f9 = %d\n", dig);
+    else
+      printf("UCDIGIT: 0x6f9 NOT A NUMBER\n");
+
+    dig = ucgetdigit(0x0969);
+    printf("UCGETDIGIT: 0x969 = %d\n", dig);
+
+    num = ucgetnumber(0x30);
+    if (num.denominator != 1)
+      printf("UCGETNUMBER: 0x30 = %d/%d\n", num.numerator, num.denominator);
+    else
+      printf("UCGETNUMBER: 0x30 = %d\n", num.numerator);
+
+    num = ucgetnumber(0xbc);
+    if (num.denominator != 1)
+      printf("UCGETNUMBER: 0xbc = %d/%d\n", num.numerator, num.denominator);
+    else
+      printf("UCGETNUMBER: 0xbc = %d\n", num.numerator);
+
+    num = ucgetnumber(0xff19);
+    if (num.denominator != 1)
+      printf("UCGETNUMBER: 0xff19 = %d/%d\n", num.numerator, num.denominator);
+    else
+      printf("UCGETNUMBER: 0xff19 = %d\n", num.numerator);
+
+/*    ucdata_cleanup(); */
+    exit(0);
+}
+
+#endif /* TEST */
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.h b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.h
new file mode 100644
index 00000000..3396709f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.h
@@ -0,0 +1,354 @@
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+ * This work is part of OpenLDAP Software <https://www.openldap.org/>.
+ * $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.21 2008/01/07 23:20:05 kurt Exp $
+ * $Id: ucdata.h,v 1.6 2001/01/02 18:46:20 mleisher Exp $
+ */
+
+#ifndef _h_ucdata
+#define _h_ucdata
+
+#define UCDATA_VERSION "2.4"
+
+/**************************************************************************
+ *
+ * Masks and macros for character properties.
+ *
+ **************************************************************************/
+
+/*
+ * Values that can appear in the `mask1' parameter of the ucisprop()
+ * function.
+ */
+#define UC_MN 0x00000001 /* Mark, Non-Spacing          */
+#define UC_MC 0x00000002 /* Mark, Spacing Combining    */
+#define UC_ME 0x00000004 /* Mark, Enclosing            */
+#define UC_ND 0x00000008 /* Number, Decimal Digit      */
+#define UC_NL 0x00000010 /* Number, Letter             */
+#define UC_NO 0x00000020 /* Number, Other              */
+#define UC_ZS 0x00000040 /* Separator, Space           */
+#define UC_ZL 0x00000080 /* Separator, Line            */
+#define UC_ZP 0x00000100 /* Separator, Paragraph       */
+#define UC_CC 0x00000200 /* Other, Control             */
+#define UC_CF 0x00000400 /* Other, Format              */
+#define UC_OS 0x00000800 /* Other, Surrogate           */
+#define UC_CO 0x00001000 /* Other, Private Use         */
+#define UC_CN 0x00002000 /* Other, Not Assigned        */
+#define UC_LU 0x00004000 /* Letter, Uppercase          */
+#define UC_LL 0x00008000 /* Letter, Lowercase          */
+#define UC_LT 0x00010000 /* Letter, Titlecase          */
+#define UC_LM 0x00020000 /* Letter, Modifier           */
+#define UC_LO 0x00040000 /* Letter, Other              */
+#define UC_PC 0x00080000 /* Punctuation, Connector     */
+#define UC_PD 0x00100000 /* Punctuation, Dash          */
+#define UC_PS 0x00200000 /* Punctuation, Open          */
+#define UC_PE 0x00400000 /* Punctuation, Close         */
+#define UC_PO 0x00800000 /* Punctuation, Other         */
+#define UC_SM 0x01000000 /* Symbol, Math               */
+#define UC_SC 0x02000000 /* Symbol, Currency           */
+#define UC_SK 0x04000000 /* Symbol, Modifier           */
+#define UC_SO 0x08000000 /* Symbol, Other              */
+#define UC_L  0x10000000 /* Left-To-Right              */
+#define UC_R  0x20000000 /* Right-To-Left              */
+#define UC_EN 0x40000000 /* European Number            */
+#define UC_ES 0x80000000 /* European Number Separator  */
+
+/*
+ * Values that can appear in the `mask2' parameter of the ucisprop()
+ * function.
+ */
+#define UC_ET 0x00000001 /* European Number Terminator */
+#define UC_AN 0x00000002 /* Arabic Number              */
+#define UC_CS 0x00000004 /* Common Number Separator    */
+#define UC_B  0x00000008 /* Block Separator            */
+#define UC_S  0x00000010 /* Segment Separator          */
+#define UC_WS 0x00000020 /* Whitespace                 */
+#define UC_ON 0x00000040 /* Other Neutrals             */
+/*
+ * Implementation specific character properties.
+ */
+#define UC_CM 0x00000080 /* Composite                  */
+#define UC_NB 0x00000100 /* Non-Breaking               */
+#define UC_SY 0x00000200 /* Symmetric                  */
+#define UC_HD 0x00000400 /* Hex Digit                  */
+#define UC_QM 0x00000800 /* Quote Mark                 */
+#define UC_MR 0x00001000 /* Mirroring                  */
+#define UC_SS 0x00002000 /* Space, other               */
+
+#define UC_CP 0x00004000 /* Defined                    */
+
+/*
+ * Added for UnicodeData-2.1.3.
+ */
+#define UC_PI 0x00008000 /* Punctuation, Initial       */
+#define UC_PF 0x00010000 /* Punctuation, Final         */
+
+/*
+ * This is the primary function for testing to see if a character has some set
+ * of properties.  The macros that test for various character properties all
+ * call this function with some set of masks.
+ */
+int
+ucisprop (krb5_ui_4 code, krb5_ui_4 mask1, krb5_ui_4 mask2);
+
+#define ucisalpha(cc) ucisprop(cc, UC_LU|UC_LL|UC_LM|UC_LO|UC_LT, 0)
+#define ucisdigit(cc) ucisprop(cc, UC_ND, 0)
+#define ucisalnum(cc) ucisprop(cc, UC_LU|UC_LL|UC_LM|UC_LO|UC_LT|UC_ND, 0)
+#define uciscntrl(cc) ucisprop(cc, UC_CC|UC_CF, 0)
+#define ucisspace(cc) ucisprop(cc, UC_ZS|UC_SS, 0)
+#define ucisblank(cc) ucisprop(cc, UC_ZS, 0)
+#define ucispunct(cc) ucisprop(cc, UC_PD|UC_PS|UC_PE|UC_PO, UC_PI|UC_PF)
+#define ucisgraph(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME|UC_ND|UC_NL|UC_NO|\
+                               UC_LU|UC_LL|UC_LT|UC_LM|UC_LO|UC_PC|UC_PD|\
+                               UC_PS|UC_PE|UC_PO|UC_SM|UC_SM|UC_SC|UC_SK|\
+                               UC_SO, UC_PI|UC_PF)
+#define ucisprint(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME|UC_ND|UC_NL|UC_NO|\
+                               UC_LU|UC_LL|UC_LT|UC_LM|UC_LO|UC_PC|UC_PD|\
+                               UC_PS|UC_PE|UC_PO|UC_SM|UC_SM|UC_SC|UC_SK|\
+                               UC_SO|UC_ZS, UC_PI|UC_PF)
+#define ucisupper(cc) ucisprop(cc, UC_LU, 0)
+#define ucislower(cc) ucisprop(cc, UC_LL, 0)
+#define ucistitle(cc) ucisprop(cc, UC_LT, 0)
+#define ucisxdigit(cc) ucisprop(cc, 0, UC_HD)
+
+#define ucisisocntrl(cc) ucisprop(cc, UC_CC, 0)
+#define ucisfmtcntrl(cc) ucisprop(cc, UC_CF, 0)
+
+#define ucissymbol(cc) ucisprop(cc, UC_SM|UC_SC|UC_SO|UC_SK, 0)
+#define ucisnumber(cc) ucisprop(cc, UC_ND|UC_NO|UC_NL, 0)
+#define ucisnonspacing(cc) ucisprop(cc, UC_MN, 0)
+#define ucisopenpunct(cc) ucisprop(cc, UC_PS, 0)
+#define ucisclosepunct(cc) ucisprop(cc, UC_PE, 0)
+#define ucisinitialpunct(cc) ucisprop(cc, 0, UC_PI)
+#define ucisfinalpunct(cc) ucisprop(cc, 0, UC_PF)
+
+#define uciscomposite(cc) ucisprop(cc, 0, UC_CM)
+#define ucishex(cc) ucisprop(cc, 0, UC_HD)
+#define ucisquote(cc) ucisprop(cc, 0, UC_QM)
+#define ucissymmetric(cc) ucisprop(cc, 0, UC_SY)
+#define ucismirroring(cc) ucisprop(cc, 0, UC_MR)
+#define ucisnonbreaking(cc) ucisprop(cc, 0, UC_NB)
+
+/*
+ * Directionality macros.
+ */
+#define ucisrtl(cc) ucisprop(cc, UC_R, 0)
+#define ucisltr(cc) ucisprop(cc, UC_L, 0)
+#define ucisstrong(cc) ucisprop(cc, UC_L|UC_R, 0)
+#define ucisweak(cc) ucisprop(cc, UC_EN|UC_ES, UC_ET|UC_AN|UC_CS)
+#define ucisneutral(cc) ucisprop(cc, 0, UC_B|UC_S|UC_WS|UC_ON)
+#define ucisseparator(cc) ucisprop(cc, 0, UC_B|UC_S)
+
+/*
+ * Other macros inspired by John Cowan.
+ */
+#define ucismark(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME, 0)
+#define ucismodif(cc) ucisprop(cc, UC_LM, 0)
+#define ucisletnum(cc) ucisprop(cc, UC_NL, 0)
+#define ucisconnect(cc) ucisprop(cc, UC_PC, 0)
+#define ucisdash(cc) ucisprop(cc, UC_PD, 0)
+#define ucismath(cc) ucisprop(cc, UC_SM, 0)
+#define uciscurrency(cc) ucisprop(cc, UC_SC, 0)
+#define ucismodifsymbol(cc) ucisprop(cc, UC_SK, 0)
+#define ucisnsmark(cc) ucisprop(cc, UC_MN, 0)
+#define ucisspmark(cc) ucisprop(cc, UC_MC, 0)
+#define ucisenclosing(cc) ucisprop(cc, UC_ME, 0)
+#define ucisprivate(cc) ucisprop(cc, UC_CO, 0)
+#define ucissurrogate(cc) ucisprop(cc, UC_OS, 0)
+#define ucislsep(cc) ucisprop(cc, UC_ZL, 0)
+#define ucispsep(cc) ucisprop(cc, UC_ZP, 0)
+
+#define ucisidentstart(cc) ucisprop(cc, UC_LU|UC_LL|UC_LT|UC_LO|UC_NL, 0)
+#define ucisidentpart(cc) ucisprop(cc, UC_LU|UC_LL|UC_LT|UC_LO|UC_NL|\
+                                   UC_MN|UC_MC|UC_ND|UC_PC|UC_CF, 0)
+
+#define ucisdefined(cc) ucisprop(cc, 0, UC_CP)
+#define ucisundefined(cc) !ucisprop(cc, 0, UC_CP)
+
+/*
+ * Other miscellaneous character property macros.
+ */
+#define ucishan(cc) (((cc) >= 0x4e00 && (cc) <= 0x9fff) ||\
+                     ((cc) >= 0xf900 && (cc) <= 0xfaff))
+#define ucishangul(cc) ((cc) >= 0xac00 && (cc) <= 0xd7ff)
+
+/**************************************************************************
+ *
+ * Functions for case conversion.
+ *
+ **************************************************************************/
+
+krb5_ui_4 uctoupper(krb5_ui_4 code);
+krb5_ui_4 uctolower(krb5_ui_4 code);
+krb5_ui_4 uctotitle(krb5_ui_4 code);
+
+/**************************************************************************
+ *
+ * Functions for getting compositions.
+ *
+ **************************************************************************/
+
+/*
+ * This routine determines if there exists a composition of node1 and node2.
+ * If it returns 0, there is no composition.  Any other value indicates a
+ * composition was returned in comp.
+ */
+int uccomp(krb5_ui_4 node1, krb5_ui_4 node2, krb5_ui_4 *comp);
+
+/*
+ * Does Hangul composition on the string str with length len, and returns
+ * the length of the composed string.
+ */
+int uccomp_hangul(krb5_ui_4 *str, int len);
+
+/*
+ * Does canonical composition on the string str with length len, and returns
+ * the length of the composed string.
+ */
+int uccanoncomp(krb5_ui_4 *str, int len);
+
+/**************************************************************************
+ *
+ * Functions for getting decompositions.
+ *
+ **************************************************************************/
+
+/*
+ * This routine determines if the code has a decomposition.  If it returns 0,
+ * there is no decomposition.  Any other value indicates a decomposition was
+ * returned.
+ */
+int ucdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp);
+
+/*
+ * Equivalent to ucdecomp() except that it includes compatibility
+ * decompositions.
+ */
+int uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp);
+
+/*
+ * If the code is a Hangul syllable, this routine decomposes it into the array
+ * passed.  The array size should be at least 3.
+ */
+int ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]);
+
+/*
+ * This routine does canonical decomposition of the string in of length
+ * inlen, and returns the decomposed string in out with length outlen.
+ * The memory for out is allocated by this routine. It returns the length
+ * of the decomposed string if okay, and -1 on error.
+ */
+int uccanondecomp (const krb5_ui_4 *in, int inlen,
+		     krb5_ui_4 **out, int *outlen);
+
+/*
+ * Equivalent to uccanondecomp() except that it includes compatibility
+ * decompositions.
+ */
+int uccompatdecomp(const krb5_ui_4 *in, int inlen,
+		     krb5_ui_4 **out, int *outlen);
+
+/**************************************************************************
+ *
+ * Functions for getting combining classes.
+ *
+ **************************************************************************/
+
+/*
+ * This will return the combining class for a character to be used with the
+ * Canonical Ordering algorithm.
+ */
+krb5_ui_4 uccombining_class(krb5_ui_4 code);
+
+/**************************************************************************
+ *
+ * Functions for getting numbers and digits.
+ *
+ **************************************************************************/
+
+struct ucnumber {
+    int numerator;
+    int denominator;
+};
+
+int
+ucnumber_lookup (krb5_ui_4 code, struct ucnumber *num);
+
+int
+ucdigit_lookup (krb5_ui_4 code, int *digit);
+
+/*
+ * For compatibility with John Cowan's "uctype" package.
+ */
+struct ucnumber ucgetnumber (krb5_ui_4 code);
+int ucgetdigit (krb5_ui_4 code);
+
+/**************************************************************************
+ *
+ * Functions library initialization and cleanup.
+ *
+ **************************************************************************/
+
+/*
+ * Macros for specifying the data tables to be loaded, unloaded, or reloaded
+ * by the ucdata_load(), ucdata_unload(), and ucdata_reload() routines.
+ */
+#define UCDATA_CASE   0x01
+#define UCDATA_CTYPE  0x02
+#define UCDATA_DECOMP 0x04
+#define UCDATA_CMBCL  0x08
+#define UCDATA_NUM    0x10
+#define UCDATA_COMP   0x20
+#define UCDATA_KDECOMP 0x40
+
+#define UCDATA_ALL (UCDATA_CASE|UCDATA_CTYPE|UCDATA_DECOMP|\
+                    UCDATA_CMBCL|UCDATA_NUM|UCDATA_COMP|UCDATA_KDECOMP)
+
+/*
+ * Functions to load, unload, and reload specific data files.
+ */
+int ucdata_load (char *paths, int mask);
+void ucdata_unload (int mask);
+int ucdata_reload (char *paths, int mask);
+
+#ifdef UCDATA_DEPRECATED
+/*
+ * Deprecated functions, now just compatibility macros.
+ */
+#define ucdata_setup(p) ucdata_load(p, UCDATA_ALL)
+#define ucdata_cleanup() ucdata_unload(UCDATA_ALL)
+#endif
+
+#endif /* _h_ucdata */
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.man b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.man
new file mode 100644
index 00000000..54df4848
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucdata.man
@@ -0,0 +1,504 @@
+.\"
+.\" $Id: ucdata.man,v 1.5 2001/01/02 18:46:20 mleisher Exp $
+.\"
+.TH ucdata 3 "03 January 2001"
+.SH NAME 
+ucdata \- package for providing Unicode/ISO10646 character information
+
+.SH SYNOPSIS
+#include <ucdata.h>
+.sp
+void ucdata_load(char * paths, int masks)
+.sp
+void ucdata_unload(int masks)
+.sp
+void ucdata_reload(char * paths, int masks)
+.sp
+int ucdecomp(unsigned long code, unsigned long *num, unsigned long **decomp)
+.sp
+int uccanondecomp(const unsigned long *in, int inlen, unsigned long **out,
+int *outlen)
+.sp
+int ucdecomp_hangul(unsigned long code, unsigned long *num,
+unsigned long decomp[])
+.sp
+int uccomp(unsigned long ch1, unsigned long ch2, unsigned long *comp)
+.sp
+int uccomp_hangul(unsigned long *str, int len)
+.sp
+int uccanoncomp(unsiged long *str, int len)
+.nf
+struct ucnumber {
+  int numerator;
+  int denominator;
+};
+.sp
+int ucnumber_lookup(unsigned long code, struct ucnumber *num)
+.sp
+int ucdigit_lookup(unsigned long code, int *digit)
+.sp
+struct ucnumber ucgetnumber(unsigned long code)
+.sp
+int ucgetdigit(unsigned long code)
+.sp
+unsigned long uctoupper(unsigned long code)
+.sp
+unsigned long uctolower(unsigned long code)
+.sp
+unsigned long uctotitle(unsigned long code)
+.sp
+int ucisalpha(unsigned long code)
+.sp
+int ucisalnum(unsigned long code)
+.sp
+int ucisdigit(unsigned long code)
+.sp
+int uciscntrl(unsigned long code)
+.sp
+int ucisspace(unsigned long code)
+.sp
+int ucisblank(unsigned long code)
+.sp
+int ucispunct(unsigned long code)
+.sp
+int ucisgraph(unsigned long code)
+.sp
+int ucisprint(unsigned long code)
+.sp
+int ucisxdigit(unsigned long code)
+.sp
+int ucisupper(unsigned long code)
+.sp
+int ucislower(unsigned long code)
+.sp
+int ucistitle(unsigned long code)
+.sp
+int ucisisocntrl(unsigned long code)
+.sp
+int ucisfmtcntrl(unsigned long code)
+.sp
+int ucissymbol(unsigned long code)
+.sp
+int ucisnumber(unsigned long code)
+.sp
+int ucisnonspacing(unsigned long code)
+.sp
+int ucisopenpunct(unsigned long code)
+.sp
+int ucisclosepunct(unsigned long code)
+.sp
+int ucisinitialpunct(unsigned long code)
+.sp
+int ucisfinalpunct(unsigned long code)
+.sp
+int uciscomposite(unsigned long code)
+.sp
+int ucisquote(unsigned long code)
+.sp
+int ucissymmetric(unsigned long code)
+.sp
+int ucismirroring(unsigned long code)
+.sp
+int ucisnonbreaking(unsigned long code)
+.sp
+int ucisrtl(unsigned long code)
+.sp
+int ucisltr(unsigned long code)
+.sp
+int ucisstrong(unsigned long code)
+.sp
+int ucisweak(unsigned long code)
+.sp
+int ucisneutral(unsigned long code)
+.sp
+int ucisseparator(unsigned long code)
+.sp
+int ucislsep(unsigned long code)
+.sp
+int ucispsep(unsigned long code)
+.sp
+int ucismark(unsigned long code)
+.sp
+int ucisnsmark(unsigned long code)
+.sp
+int ucisspmark(unsigned long code)
+.sp
+int ucismodif(unsigned long code)
+.sp
+int ucismodifsymbol(unsigned long code)
+.sp
+int ucisletnum(unsigned long code)
+.sp
+int ucisconnect(unsigned long code)
+.sp
+int ucisdash(unsigned long code)
+.sp
+int ucismath(unsigned long code)
+.sp
+int uciscurrency(unsigned long code)
+.sp
+int ucisenclosing(unsigned long code)
+.sp
+int ucisprivate(unsigned long code)
+.sp
+int ucissurrogate(unsigned long code)
+.sp
+int ucisidentstart(unsigned long code)
+.sp
+int ucisidentpart(unsigned long code)
+.sp
+int ucisdefined(unsigned long code)
+.sp
+int ucisundefined(unsigned long code)
+.sp
+int ucishan(unsigned long code)
+.sp
+int ucishangul(unsigned long code)
+
+.SH DESCRIPTION
+.TP 4
+.BR Macros
+.br
+UCDATA_CASE
+.br
+UCDATA_CTYPE
+.br
+UCDATA_DECOMP
+.br
+UCDATA_CMBCL
+.br
+UCDATA_NUM
+.br
+UCDATA_ALL
+.br
+.TP 4
+.BR ucdata_load()
+This function initializes the UCData library by locating the data files in one
+of the colon-separated directories in the `paths' parameter.  The data files
+to be loaded are specified in the `masks' parameter as a bitwise combination
+of the macros listed above.
+.sp
+This should be called before using any of the other functions.
+.TP 4
+.BR ucdata_unload()
+This function unloads the data tables specified in the `masks' parameter.
+.sp
+This function should be called when the application is done using the UCData
+package.
+.TP 4
+.BR ucdata_reload()
+This function reloads the data files from one of the colon-separated
+directories in the `paths' parameter.  The data files to be reloaded are
+specified in the `masks' parameter as a bitwise combination of the macros
+listed above.
+.TP 4
+.BR ucdecomp()
+This function determines if a character has a decomposition and returns the
+decomposition information if it exists.
+.sp
+If a zero is returned, there is no decomposition.  If a non-zero is
+returned, then the `num' and `decomp' variables are filled in with the
+appropriate values.
+.sp
+Example call:
+.sp
+.nf
+    unsigned long i, num, *decomp;
+
+    if (ucdecomp(0x1d5, &num, &decomp) != 0) {
+       for (i = 0; i < num; i++)
+         printf("0x%08lX,", decomp[i]);
+       putchar('\n');
+    }
+.TP 4
+.BR uccanondecomp()
+This function will decompose a string, insuring the characters are in
+canonical order for comparison.
+.sp
+If a decomposed string is returned, the caller is responsible for deallocating
+the string.
+.sp
+If a -1 is returned, memory allocation failed.  If a zero is returned, no
+decomposition was done.  Any other value means a decomposition string was
+created and the values returned in the `out' and `outlen' parameters.
+.TP 4
+.BR ucdecomp_hangul()
+This function determines if a Hangul syllable has a
+decomposition and returns the decomposition information.
+.sp
+An array of at least size 3 should be passed to the function
+for the decomposition of the syllable.
+.sp
+If a zero is returned, the character is not a Hangul
+syllable. If a non-zero is returned, the `num' field
+will be 2 or 3 and the syllable will be decomposed into
+the `decomp' array arithmetically.
+.sp
+Example call:
+.sp
+.nf
+    unsigned long i, num, decomp[3];
+
+    if (ucdecomp_hangul(0xb1ba, &num, &decomp) != 0) {
+       for (i = 0; i < num; i++)
+         printf("0x%08lX,", decomp[i]);
+       putchar('\n');
+    }
+.TP 4
+.BR uccomp()
+This function determines if a pair of characters have a composition, and
+returns that composition if one exists.
+.sp
+A zero is returned is no composition exists for the character pair.  Any other
+value indicates the `comp' field holds the character code representing the
+composition of the two character codes.
+.TP 4
+.BR uccomp_hangul()
+This composes the Hangul Jamo in-place in the string.
+.sp
+The returned value is the new length of the string.
+.TP 4
+.BR uccanoncomp()
+This function does a full composition in-place in the string, including the
+Hangul composition.
+.sp
+The returned value is the new length of the string.
+.TP 4
+.BR ucnumber_lookup()
+This function determines if the code is a number and
+fills in the `num' field with the numerator and
+denominator.  If the code happens to be a single digit,
+the numerator and denominator fields will be the same.
+.sp
+If the function returns 0, the code is not a number.
+Any other return value means the code is a number.
+.TP 4
+.BR ucdigit_lookup()
+This function determines if the code is a digit and
+fills in the `digit' field with the digit value.
+.sp
+If the function returns 0, the code is not a number.
+Any other return value means the code is a number.
+.TP 4
+.BR ucgetnumber()
+This is a compatibility function with John Cowan's
+"uctype" package.  It uses ucnumber_lookup().
+.TP 4
+.BR ucgetdigit()
+This is a compatibility function with John Cowan's
+"uctype" package.  It uses ucdigit_lookup().
+.TP 4
+.BR uctoupper()
+This function returns the code unchanged if it is
+already upper case or has no upper case equivalent.
+Otherwise the upper case equivalent is returned.
+.TP 4
+.BR uctolower()
+This function returns the code unchanged if it is
+already lower case or has no lower case equivalent.
+Otherwise the lower case equivalent is returned.
+.TP 4
+.BR uctotitle()
+This function returns the code unchanged if it is
+already title case or has no title case equivalent.
+Otherwise the title case equivalent is returned.
+.TP 4
+.BR ucisalpha()
+Test if \fIcode\fR is an alpha character.
+.TP 4
+.BR ucisalnum()
+Test if \fIcode\fR is an alpha or digit character.
+.TP 4
+.BR ucisdigit()
+Test if \fIcode\fR is a digit character.
+.TP 4
+.BR uciscntrl()
+Test if \fIcode\fR is a control character.
+.TP 4
+.BR ucisspace()
+Test if \fIcode\fR is a space character.
+.TP 4
+.BR ucisblank()
+Test if \fIcode\fR is a blank character.
+.TP 4
+.BR ucispunct()
+Test if \fIcode\fR is a punctuation character.
+.TP 4
+.BR ucisgraph()
+Test if \fIcode\fR is a graphical (visible) character.
+.TP 4
+.BR ucisprint()
+Test if \fIcode\fR is a printable character.
+.TP 4
+.BR ucisxdigit()
+Test if \fIcode\fR is a hexadecimal digit character.
+.TP 4
+.BR ucisupper()
+Test if \fIcode\fR is an upper case character.
+.TP 4
+.BR ucislower()
+Test if \fIcode\fR is a lower case character.
+.TP 4
+.BR ucistitle()
+Test if \fIcode\fR is a title case character.
+.TP 4
+.BR ucisisocntrl()
+Is the character a C0 control character (< 32)?
+.TP 4
+.BR ucisfmtcntrl()
+Is the character a format control character?
+.TP 4
+.BR ucissymbol()
+Is the character a symbol?
+.TP 4
+.BR ucisnumber()
+Is the character a number or digit?
+.TP 4
+.BR ucisnonspacing()
+Is the character non-spacing?
+.TP 4
+.BR ucisopenpunct()
+Is the character an open/left punctuation (i.e. '[')
+.TP 4
+.BR ucisclosepunct()
+Is the character an close/right punctuation (i.e. ']')
+.TP 4
+.BR ucisinitialpunct()
+Is the character an initial punctuation (i.e. U+2018 LEFT
+SINGLE QUOTATION MARK)
+.TP 4
+.BR ucisfinalpunct()
+Is the character a final punctuation (i.e. U+2019 RIGHT
+SINGLE QUOTATION MARK)
+.TP 4
+.BR uciscomposite()
+Can the character be decomposed into a set of other
+characters?
+.TP 4
+.BR ucisquote()
+Is the character one of the many quotation marks?
+.TP 4
+.BR ucissymmetric()
+Is the character one that has an opposite form
+(i.e. <>)
+.TP 4
+.BR ucismirroring()
+Is the character mirroring (superset of symmetric)?
+.TP 4
+.BR ucisnonbreaking()
+Is the character non-breaking (i.e. non-breaking
+space)?
+.TP 4
+.BR ucisrtl()
+Does the character have strong right-to-left
+directionality (i.e. Arabic letters)?
+.TP 4
+.BR ucisltr()
+Does the character have strong left-to-right
+directionality (i.e. Latin letters)?
+.TP 4
+.BR ucisstrong()
+Does the character have strong directionality?
+.TP 4
+.BR ucisweak()
+Does the character have weak directionality
+(i.e. numbers)?
+.TP 4
+.BR ucisneutral()
+Does the character have neutral directionality
+(i.e. whitespace)?
+.TP 4
+.BR ucisseparator()
+Is the character a block or segment separator?
+.TP 4
+.BR ucislsep()
+Is the character a line separator?
+.TP 4
+.BR ucispsep()
+Is the character a paragraph separator?
+.TP 4
+.BR ucismark()
+Is the character a mark of some kind?
+.TP 4
+.BR ucisnsmark()
+Is the character a non-spacing mark?
+.TP 4
+.BR ucisspmark()
+Is the character a spacing mark?
+.TP 4
+.BR ucismodif()
+Is the character a modifier letter?
+.TP 4
+.BR ucismodifsymbol()
+Is the character a modifier symbol?
+.TP 4
+.BR ucisletnum()
+Is the character a number represented by a letter?
+.TP 4
+.BR ucisconnect()
+Is the character connecting punctuation?
+.TP 4
+.BR ucisdash()
+Is the character dash punctuation?
+.TP 4
+.BR ucismath()
+Is the character a math character?
+.TP 4
+.BR uciscurrency()
+Is the character a currency character?
+.TP 4
+.BR ucisenclosing()
+Is the character enclosing (i.e. enclosing box)?
+.TP 4
+.BR ucisprivate()
+Is the character from the Private Use Area?
+.TP 4
+.BR ucissurrogate()
+Is the character one of the surrogate codes?
+.TP 4
+.BR ucisidentstart()
+Is the character a legal initial character of an identifier?
+.TP 4
+.BR ucisidentpart()
+Is the character a legal identifier character?
+.TP 4
+.BR ucisdefined()
+Is the character defined (appeared in one of the data
+files)?
+.TP 4
+.BR ucisundefined()
+Is the character not defined (non-Unicode)?
+.TP 4
+.BR ucishan()
+Is the character a Han ideograph?
+.TP 4
+.BR ucishangul()
+Is the character a pre-composed Hangul syllable?
+
+.SH "SEE ALSO"
+ctype(3)
+
+.SH ACKNOWLEDGMENTS
+These are people who have helped with patches or
+alerted me about problems.
+.sp
+John Cowan <cowan@locke.ccil.org>
+.br
+Bob Verbrugge <bob_verbrugge@nl.compuware.com>
+.br
+Christophe Pierret <cpierret@businessobjects.com>
+.br
+Kent Johnson <kent@pondview.mv.com>
+.br
+Valeriy E. Ushakov <uwe@ptc.spbu.ru>
+.br
+Stig Venaas <Stig.Venaas@uninett.no>
+
+.SH AUTHOR
+Mark Leisher
+.br
+Computing Research Lab
+.br
+New Mexico State University
+.br
+Email: mleisher@crl.nmsu.edu
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucgendat.c b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucgendat.c
new file mode 100644
index 00000000..70cec52d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/ucgendat.c
@@ -0,0 +1,1945 @@
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright 2001 Computing Research Labs, New Mexico State University
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+ * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+ * This work is part of OpenLDAP Software <https://www.openldap.org/>.
+ * $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.43 2008/01/07 23:20:05 kurt Exp $
+ * $Id: ucgendat.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $"
+ */
+
+#include "k5-int.h"
+#include "k5-utf8.h"
+#include "k5-unicode.h"
+
+#ifndef HARDCODE_DATA
+#define	HARDCODE_DATA	1
+#endif
+
+#undef ishdigit
+#define ishdigit(cc) (((cc) >= '0' && (cc) <= '9') ||\
+                      ((cc) >= 'A' && (cc) <= 'F') ||\
+                      ((cc) >= 'a' && (cc) <= 'f'))
+
+/*
+ * A header written to the output file with the byte-order-mark and the number
+ * of property nodes.
+ */
+static krb5_ui_2 hdr[2] = {0xfeff, 0};
+
+#define NUMPROPS 50
+#define NEEDPROPS (NUMPROPS + (4 - (NUMPROPS & 3)))
+
+typedef struct {
+    char *name;
+    int len;
+} _prop_t;
+
+/*
+ * List of properties expected to be found in the Unicode Character Database
+ * including some implementation specific properties.
+ *
+ * The implementation specific properties are:
+ * Cm = Composed (can be decomposed)
+ * Nb = Non-breaking
+ * Sy = Symmetric (has left and right forms)
+ * Hd = Hex digit
+ * Qm = Quote marks
+ * Mr = Mirroring
+ * Ss = Space, other
+ * Cp = Defined character
+ */
+static _prop_t props[NUMPROPS] = {
+    {"Mn", 2}, {"Mc", 2}, {"Me", 2}, {"Nd", 2}, {"Nl", 2}, {"No", 2},
+    {"Zs", 2}, {"Zl", 2}, {"Zp", 2}, {"Cc", 2}, {"Cf", 2}, {"Cs", 2},
+    {"Co", 2}, {"Cn", 2}, {"Lu", 2}, {"Ll", 2}, {"Lt", 2}, {"Lm", 2},
+    {"Lo", 2}, {"Pc", 2}, {"Pd", 2}, {"Ps", 2}, {"Pe", 2}, {"Po", 2},
+    {"Sm", 2}, {"Sc", 2}, {"Sk", 2}, {"So", 2}, {"L",  1}, {"R",  1},
+    {"EN", 2}, {"ES", 2}, {"ET", 2}, {"AN", 2}, {"CS", 2}, {"B",  1},
+    {"S",  1}, {"WS", 2}, {"ON", 2},
+    {"Cm", 2}, {"Nb", 2}, {"Sy", 2}, {"Hd", 2}, {"Qm", 2}, {"Mr", 2},
+    {"Ss", 2}, {"Cp", 2}, {"Pi", 2}, {"Pf", 2}, {"AL", 2}
+};
+
+typedef struct {
+    krb5_ui_4 *ranges;
+    krb5_ui_2 used;
+    krb5_ui_2 size;
+} _ranges_t;
+
+static _ranges_t proptbl[NUMPROPS];
+
+/*
+ * Make sure this array is sized to be on a 4-byte boundary at compile time.
+ */
+static krb5_ui_2 propcnt[NEEDPROPS];
+
+/*
+ * Array used to collect a decomposition before adding it to the decomposition
+ * table.
+ */
+static krb5_ui_4 dectmp[64];
+static krb5_ui_4 dectmp_size;
+
+typedef struct {
+    krb5_ui_4 code;
+    krb5_ui_2 size;
+    krb5_ui_2 used;
+    krb5_ui_4 *decomp;
+} _decomp_t;
+
+/*
+ * List of decomposition.  Created and expanded in order as the characters are
+ * encountered. First list contains canonical mappings, second also includes
+ * compatibility mappings.
+ */
+static _decomp_t *decomps;
+static krb5_ui_4 decomps_used;
+static krb5_ui_4 decomps_size;
+
+static _decomp_t *kdecomps;
+static krb5_ui_4 kdecomps_used;
+static krb5_ui_4 kdecomps_size;
+
+/*
+ * Composition exclusion table stuff.
+ */
+#define COMPEX_SET(c) (compexs[(c) >> 5] |= (1 << ((c) & 31)))
+#define COMPEX_TEST(c) (compexs[(c) >> 5] & (1 << ((c) & 31)))
+static krb5_ui_4 compexs[8192];
+
+/*
+ * Struct for holding a composition pair, and array of composition pairs
+ */
+typedef struct {
+    krb5_ui_4 comp;
+    krb5_ui_4 count;
+    krb5_ui_4 code1;
+    krb5_ui_4 code2;
+} _comp_t;
+
+static _comp_t *comps;
+static krb5_ui_4 comps_used;
+
+/*
+ * Types and lists for handling lists of case mappings.
+ */
+typedef struct {
+    krb5_ui_4 key;
+    krb5_ui_4 other1;
+    krb5_ui_4 other2;
+} _case_t;
+
+static _case_t *upper;
+static _case_t *lower;
+static _case_t *title;
+static krb5_ui_4 upper_used;
+static krb5_ui_4 upper_size;
+static krb5_ui_4 lower_used;
+static krb5_ui_4 lower_size;
+static krb5_ui_4 title_used;
+static krb5_ui_4 title_size;
+
+/*
+ * Array used to collect case mappings before adding them to a list.
+ */
+static krb5_ui_4 cases[3];
+
+/*
+ * An array to hold ranges for combining classes.
+ */
+static krb5_ui_4 *ccl;
+static krb5_ui_4 ccl_used;
+static krb5_ui_4 ccl_size;
+
+/*
+ * Structures for handling numbers.
+ */
+typedef struct {
+    krb5_ui_4 code;
+    krb5_ui_4 idx;
+} _codeidx_t;
+
+typedef struct {
+    short numerator;
+    short denominator;
+} _num_t;
+
+/*
+ * Arrays to hold the mapping of codes to numbers.
+ */
+static _codeidx_t *ncodes;
+static krb5_ui_4 ncodes_used;
+static krb5_ui_4 ncodes_size;
+
+static _num_t *nums;
+static krb5_ui_4 nums_used;
+static krb5_ui_4 nums_size;
+
+/*
+ * Array for holding numbers.
+ */
+static _num_t *nums;
+static krb5_ui_4 nums_used;
+static krb5_ui_4 nums_size;
+
+static void
+add_range(krb5_ui_4 start, krb5_ui_4 end, char *p1, char *p2)
+{
+    int i, j, k, len;
+    _ranges_t *rlp;
+    char *name;
+
+    for (k = 0; k < 2; k++) {
+        if (k == 0) {
+            name = p1;
+            len = 2;
+        } else {
+            if (p2 == 0)
+              break;
+
+            name = p2;
+            len = 1;
+        }
+
+        for (i = 0; i < NUMPROPS; i++) {
+            if (props[i].len == len && memcmp(props[i].name, name, len) == 0)
+              break;
+        }
+
+        if (i == NUMPROPS)
+          continue;
+
+        rlp = &proptbl[i];
+
+        /*
+         * Resize the range list if necessary.
+         */
+        if (rlp->used == rlp->size) {
+            if (rlp->size == 0)
+              rlp->ranges = (krb5_ui_4 *)
+                  malloc(sizeof(krb5_ui_4) << 3);
+            else
+              rlp->ranges = (krb5_ui_4 *)
+                  realloc((char *) rlp->ranges,
+                          sizeof(krb5_ui_4) * (rlp->size + 8));
+            rlp->size += 8;
+        }
+
+        /*
+         * If this is the first code for this property list, just add it
+         * and return.
+         */
+        if (rlp->used == 0) {
+            rlp->ranges[0] = start;
+            rlp->ranges[1] = end;
+            rlp->used += 2;
+            continue;
+        }
+
+        /*
+         * Optimize the case of adding the range to the end.
+         */
+        j = rlp->used - 1;
+        if (start > rlp->ranges[j]) {
+            j = rlp->used;
+            rlp->ranges[j++] = start;
+            rlp->ranges[j++] = end;
+            rlp->used = j;
+            continue;
+        }
+
+        /*
+         * Need to locate the insertion point.
+         */
+        for (i = 0;
+             i < rlp->used && start > rlp->ranges[i + 1] + 1; i += 2) ;
+
+        /*
+         * If the start value lies in the current range, then simply set the
+         * new end point of the range to the end value passed as a parameter.
+         */
+        if (rlp->ranges[i] <= start && start <= rlp->ranges[i + 1] + 1) {
+            rlp->ranges[i + 1] = end;
+            return;
+        }
+
+        /*
+         * Shift following values up by two.
+         */
+        for (j = rlp->used; j > i; j -= 2) {
+            rlp->ranges[j] = rlp->ranges[j - 2];
+            rlp->ranges[j + 1] = rlp->ranges[j - 1];
+        }
+
+        /*
+         * Add the new range at the insertion point.
+         */
+        rlp->ranges[i] = start;
+        rlp->ranges[i + 1] = end;
+        rlp->used += 2;
+    }
+}
+
+static void
+ordered_range_insert(krb5_ui_4 c, char *name, int len)
+{
+    int i, j;
+    krb5_ui_4 s, e;
+    _ranges_t *rlp;
+
+    if (len == 0)
+      return;
+
+    /*
+     * Deal with directionality codes introduced in Unicode 3.0.
+     */
+    if ((len == 2 && memcmp(name, "BN", 2) == 0) ||
+        (len == 3 &&
+         (memcmp(name, "NSM", 3) == 0 || memcmp(name, "PDF", 3) == 0 ||
+          memcmp(name, "LRE", 3) == 0 || memcmp(name, "LRO", 3) == 0 ||
+          memcmp(name, "RLE", 3) == 0 || memcmp(name, "RLO", 3) == 0))) {
+        /*
+         * Mark all of these as Other Neutral to preserve compatibility with
+         * older versions.
+         */
+        len = 2;
+        name = "ON";
+    }
+
+    for (i = 0; i < NUMPROPS; i++) {
+        if (props[i].len == len && memcmp(props[i].name, name, len) == 0)
+          break;
+    }
+
+    if (i == NUMPROPS)
+      return;
+
+    /*
+     * Have a match, so insert the code in order.
+     */
+    rlp = &proptbl[i];
+
+    /*
+     * Resize the range list if necessary.
+     */
+    if (rlp->used == rlp->size) {
+        if (rlp->size == 0)
+          rlp->ranges = (krb5_ui_4 *)
+              malloc(sizeof(krb5_ui_4) << 3);
+        else
+          rlp->ranges = (krb5_ui_4 *)
+              realloc((char *) rlp->ranges,
+                      sizeof(krb5_ui_4) * (rlp->size + 8));
+        rlp->size += 8;
+    }
+
+    /*
+     * If this is the first code for this property list, just add it
+     * and return.
+     */
+    if (rlp->used == 0) {
+        rlp->ranges[0] = rlp->ranges[1] = c;
+        rlp->used += 2;
+        return;
+    }
+
+    /*
+     * Optimize the cases of extending the last range and adding new ranges to
+     * the end.
+     */
+    j = rlp->used - 1;
+    e = rlp->ranges[j];
+    s = rlp->ranges[j - 1];
+
+    if (c == e + 1) {
+        /*
+         * Extend the last range.
+         */
+        rlp->ranges[j] = c;
+        return;
+    }
+
+    if (c > e + 1) {
+        /*
+         * Start another range on the end.
+         */
+        j = rlp->used;
+        rlp->ranges[j] = rlp->ranges[j + 1] = c;
+        rlp->used += 2;
+        return;
+    }
+
+    if (c >= s)
+      /*
+       * The code is a duplicate of a code in the last range, so just return.
+       */
+      return;
+
+    /*
+     * The code should be inserted somewhere before the last range in the
+     * list.  Locate the insertion point.
+     */
+    for (i = 0;
+         i < rlp->used && c > rlp->ranges[i + 1] + 1; i += 2) ;
+
+    s = rlp->ranges[i];
+    e = rlp->ranges[i + 1];
+
+    if (c == e + 1)
+      /*
+       * Simply extend the current range.
+       */
+      rlp->ranges[i + 1] = c;
+    else if (c < s) {
+        /*
+         * Add a new entry before the current location.  Shift all entries
+         * before the current one up by one to make room.
+         */
+        for (j = rlp->used; j > i; j -= 2) {
+            rlp->ranges[j] = rlp->ranges[j - 2];
+            rlp->ranges[j + 1] = rlp->ranges[j - 1];
+        }
+        rlp->ranges[i] = rlp->ranges[i + 1] = c;
+
+        rlp->used += 2;
+    }
+}
+
+static void
+add_decomp(krb5_ui_4 code, short compat)
+{
+    krb5_ui_4 i, j, size;
+    _decomp_t **pdecomps;
+    krb5_ui_4 *pdecomps_used;
+    krb5_ui_4 *pdecomps_size;
+
+    if (compat) {
+	pdecomps = &kdecomps;
+	pdecomps_used = &kdecomps_used;
+	pdecomps_size = &kdecomps_size;
+    } else {
+	pdecomps = &decomps;
+	pdecomps_used = &decomps_used;
+	pdecomps_size = &decomps_size;
+    }
+
+    /*
+     * Add the code to the composite property.
+     */
+    if (!compat) {
+	ordered_range_insert(code, "Cm", 2);
+    }
+
+    /*
+     * Locate the insertion point for the code.
+     */
+    for (i = 0; i < *pdecomps_used && code > (*pdecomps)[i].code; i++) ;
+
+    /*
+     * Allocate space for a new decomposition.
+     */
+    if (*pdecomps_used == *pdecomps_size) {
+        if (*pdecomps_size == 0)
+          *pdecomps = (_decomp_t *) malloc(sizeof(_decomp_t) << 3);
+        else
+          *pdecomps = (_decomp_t *)
+              realloc((char *) *pdecomps,
+                      sizeof(_decomp_t) * (*pdecomps_size + 8));
+        (void) memset((char *) (*pdecomps + *pdecomps_size), '\0',
+                      sizeof(_decomp_t) << 3);
+        *pdecomps_size += 8;
+    }
+
+    if (i < *pdecomps_used && code != (*pdecomps)[i].code) {
+        /*
+         * Shift the decomps up by one if the codes don't match.
+         */
+        for (j = *pdecomps_used; j > i; j--)
+          (void) memmove((char *) &(*pdecomps)[j], (char *) &(*pdecomps)[j - 1],
+                         sizeof(_decomp_t));
+    }
+
+    /*
+     * Insert or replace a decomposition.
+     */
+    size = dectmp_size + (4 - (dectmp_size & 3));
+    if ((*pdecomps)[i].size < size) {
+        if ((*pdecomps)[i].size == 0)
+          (*pdecomps)[i].decomp = (krb5_ui_4 *)
+              malloc(sizeof(krb5_ui_4) * size);
+        else
+          (*pdecomps)[i].decomp = (krb5_ui_4 *)
+              realloc((char *) (*pdecomps)[i].decomp,
+                      sizeof(krb5_ui_4) * size);
+        (*pdecomps)[i].size = size;
+    }
+
+    if ((*pdecomps)[i].code != code)
+      (*pdecomps_used)++;
+
+    (*pdecomps)[i].code = code;
+    (*pdecomps)[i].used = dectmp_size;
+    (void) memmove((char *) (*pdecomps)[i].decomp, (char *) dectmp,
+                   sizeof(krb5_ui_4) * dectmp_size);
+
+    /*
+     * NOTICE: This needs changing later so it is more general than simply
+     * pairs.  This calculation is done here to simplify allocation elsewhere.
+     */
+    if (!compat && dectmp_size == 2)
+      comps_used++;
+}
+
+static void
+add_title(krb5_ui_4 code)
+{
+    krb5_ui_4 i, j;
+
+    /*
+     * Always map the code to itself.
+     */
+    cases[2] = code;
+
+    if (title_used == title_size) {
+        if (title_size == 0)
+          title = (_case_t *) malloc(sizeof(_case_t) << 3);
+        else
+          title = (_case_t *) realloc((char *) title,
+                                      sizeof(_case_t) * (title_size + 8));
+        title_size += 8;
+    }
+
+    /*
+     * Locate the insertion point.
+     */
+    for (i = 0; i < title_used && code > title[i].key; i++) ;
+
+    if (i < title_used) {
+        /*
+         * Shift the array up by one.
+         */
+        for (j = title_used; j > i; j--)
+          (void) memmove((char *) &title[j], (char *) &title[j - 1],
+                         sizeof(_case_t));
+    }
+
+    title[i].key = cases[2];    /* Title */
+    title[i].other1 = cases[0]; /* Upper */
+    title[i].other2 = cases[1]; /* Lower */
+
+    title_used++;
+}
+
+static void
+add_upper(krb5_ui_4 code)
+{
+    krb5_ui_4 i, j;
+
+    /*
+     * Always map the code to itself.
+     */
+    cases[0] = code;
+
+    /*
+     * If the title case character is not present, then make it the same as
+     * the upper case.
+     */
+    if (cases[2] == 0)
+      cases[2] = code;
+
+    if (upper_used == upper_size) {
+        if (upper_size == 0)
+          upper = (_case_t *) malloc(sizeof(_case_t) << 3);
+        else
+          upper = (_case_t *) realloc((char *) upper,
+                                      sizeof(_case_t) * (upper_size + 8));
+        upper_size += 8;
+    }
+
+    /*
+     * Locate the insertion point.
+     */
+    for (i = 0; i < upper_used && code > upper[i].key; i++) ;
+
+    if (i < upper_used) {
+        /*
+         * Shift the array up by one.
+         */
+        for (j = upper_used; j > i; j--)
+          (void) memmove((char *) &upper[j], (char *) &upper[j - 1],
+                         sizeof(_case_t));
+    }
+
+    upper[i].key = cases[0];    /* Upper */
+    upper[i].other1 = cases[1]; /* Lower */
+    upper[i].other2 = cases[2]; /* Title */
+
+    upper_used++;
+}
+
+static void
+add_lower(krb5_ui_4 code)
+{
+    krb5_ui_4 i, j;
+
+    /*
+     * Always map the code to itself.
+     */
+    cases[1] = code;
+
+    /*
+     * If the title case character is empty, then make it the same as the
+     * upper case.
+     */
+    if (cases[2] == 0)
+      cases[2] = cases[0];
+
+    if (lower_used == lower_size) {
+        if (lower_size == 0)
+          lower = (_case_t *) malloc(sizeof(_case_t) << 3);
+        else
+          lower = (_case_t *) realloc((char *) lower,
+                                      sizeof(_case_t) * (lower_size + 8));
+        lower_size += 8;
+    }
+
+    /*
+     * Locate the insertion point.
+     */
+    for (i = 0; i < lower_used && code > lower[i].key; i++) ;
+
+    if (i < lower_used) {
+        /*
+         * Shift the array up by one.
+         */
+        for (j = lower_used; j > i; j--)
+          (void) memmove((char *) &lower[j], (char *) &lower[j - 1],
+                         sizeof(_case_t));
+    }
+
+    lower[i].key = cases[1];    /* Lower */
+    lower[i].other1 = cases[0]; /* Upper */
+    lower[i].other2 = cases[2]; /* Title */
+
+    lower_used++;
+}
+
+static void
+ordered_ccl_insert(krb5_ui_4 c, krb5_ui_4 ccl_code)
+{
+    krb5_ui_4 i, j;
+
+    if (ccl_used == ccl_size) {
+        if (ccl_size == 0)
+          ccl = (krb5_ui_4 *) malloc(sizeof(krb5_ui_4) * 24);
+        else
+          ccl = (krb5_ui_4 *)
+              realloc((char *) ccl, sizeof(krb5_ui_4) * (ccl_size + 24));
+        ccl_size += 24;
+    }
+
+    /*
+     * Optimize adding the first item.
+     */
+    if (ccl_used == 0) {
+        ccl[0] = ccl[1] = c;
+        ccl[2] = ccl_code;
+        ccl_used += 3;
+        return;
+    }
+
+    /*
+     * Handle the special case of extending the range on the end.  This
+     * requires that the combining class codes are the same.
+     */
+    if (ccl_code == ccl[ccl_used - 1] && c == ccl[ccl_used - 2] + 1) {
+        ccl[ccl_used - 2] = c;
+        return;
+    }
+
+    /*
+     * Handle the special case of adding another range on the end.
+     */
+    if (c > ccl[ccl_used - 2] + 1 ||
+        (c == ccl[ccl_used - 2] + 1 && ccl_code != ccl[ccl_used - 1])) {
+        ccl[ccl_used++] = c;
+        ccl[ccl_used++] = c;
+        ccl[ccl_used++] = ccl_code;
+        return;
+    }
+
+    /*
+     * Locate either the insertion point or range for the code.
+     */
+    for (i = 0; i < ccl_used && c > ccl[i + 1] + 1; i += 3) ;
+
+    if (ccl_code == ccl[i + 2] && c == ccl[i + 1] + 1) {
+        /*
+         * Extend an existing range.
+         */
+        ccl[i + 1] = c;
+        return;
+    } else if (c < ccl[i]) {
+        /*
+         * Start a new range before the current location.
+         */
+        for (j = ccl_used; j > i; j -= 3) {
+            ccl[j] = ccl[j - 3];
+            ccl[j - 1] = ccl[j - 4];
+            ccl[j - 2] = ccl[j - 5];
+        }
+        ccl[i] = ccl[i + 1] = c;
+        ccl[i + 2] = ccl_code;
+    }
+}
+
+/*
+ * Adds a number if it does not already exist and returns an index value
+ * multiplied by 2.
+ */
+static krb5_ui_4
+make_number(short num, short denom)
+{
+    krb5_ui_4 n;
+
+    /*
+     * Determine if the number already exists.
+     */
+    for (n = 0; n < nums_used; n++) {
+        if (nums[n].numerator == num && nums[n].denominator == denom)
+          return n << 1;
+    }
+
+    if (nums_used == nums_size) {
+        if (nums_size == 0)
+          nums = (_num_t *) malloc(sizeof(_num_t) << 3);
+        else
+          nums = (_num_t *) realloc((char *) nums,
+                                    sizeof(_num_t) * (nums_size + 8));
+        nums_size += 8;
+    }
+
+    n = nums_used++;
+    nums[n].numerator = num;
+    nums[n].denominator = denom;
+
+    return n << 1;
+}
+
+static void
+add_number(krb5_ui_4 code, short num, short denom)
+{
+    krb5_ui_4 i, j;
+
+    /*
+     * Insert the code in order.
+     */
+    for (i = 0; i < ncodes_used && code > ncodes[i].code; i++) ;
+
+    /*
+     * Handle the case of the codes matching and simply replace the number
+     * that was there before.
+     */
+    if (i < ncodes_used && code == ncodes[i].code) {
+        ncodes[i].idx = make_number(num, denom);
+        return;
+    }
+
+    /*
+     * Resize the array if necessary.
+     */
+    if (ncodes_used == ncodes_size) {
+        if (ncodes_size == 0)
+          ncodes = (_codeidx_t *) malloc(sizeof(_codeidx_t) << 3);
+        else
+          ncodes = (_codeidx_t *)
+              realloc((char *) ncodes, sizeof(_codeidx_t) * (ncodes_size + 8));
+
+        ncodes_size += 8;
+    }
+
+    /*
+     * Shift things around to insert the code if necessary.
+     */
+    if (i < ncodes_used) {
+        for (j = ncodes_used; j > i; j--) {
+            ncodes[j].code = ncodes[j - 1].code;
+            ncodes[j].idx = ncodes[j - 1].idx;
+        }
+    }
+    ncodes[i].code = code;
+    ncodes[i].idx = make_number(num, denom);
+
+    ncodes_used++;
+}
+
+/*
+ * This routine assumes that the line is a valid Unicode Character Database
+ * entry.
+ */
+static void
+read_cdata(FILE *in)
+{
+    krb5_ui_4 i, lineno, skip, code, ccl_code;
+    short wnum, neg, number[2], compat;
+    char line[512], *s, *e;
+
+    lineno = skip = 0;
+    while (fgets(line, sizeof(line), in)) {
+	if( (s=strchr(line, '\n')) ) *s = '\0';
+        lineno++;
+
+        /*
+         * Skip blank lines and lines that start with a '#'.
+         */
+        if (line[0] == 0 || line[0] == '#')
+          continue;
+
+        /*
+         * If lines need to be skipped, do it here.
+         */
+        if (skip) {
+            skip--;
+            continue;
+        }
+
+        /*
+         * Collect the code.  The code can be up to 6 hex digits in length to
+         * allow surrogates to be specified.
+         */
+        for (s = line, i = code = 0; *s != ';' && i < 6; i++, s++) {
+            code <<= 4;
+            if (*s >= '0' && *s <= '9')
+              code += *s - '0';
+            else if (*s >= 'A' && *s <= 'F')
+              code += (*s - 'A') + 10;
+            else if (*s >= 'a' && *s <= 'f')
+              code += (*s - 'a') + 10;
+        }
+
+        /*
+         * Handle the following special cases:
+         * 1. 4E00-9FA5 CJK Ideographs.
+         * 2. AC00-D7A3 Hangul Syllables.
+         * 3. D800-DFFF Surrogates.
+         * 4. E000-F8FF Private Use Area.
+         * 5. F900-FA2D Han compatibility.
+	 * ...Plus additional ranges in newer Unicode versions...
+         */
+        switch (code) {
+	  case 0x3400:
+	    /* CJK Ideograph Extension A */
+            add_range(0x3400, 0x4db5, "Lo", "L");
+
+            add_range(0x3400, 0x4db5, "Cp", 0);
+
+	    skip = 1;
+	    break;
+          case 0x4e00:
+            /*
+             * The Han ideographs.
+             */
+            add_range(0x4e00, 0x9fff, "Lo", "L");
+
+            /*
+             * Add the characters to the defined category.
+             */
+            add_range(0x4e00, 0x9fa5, "Cp", 0);
+
+            skip = 1;
+            break;
+          case 0xac00:
+            /*
+             * The Hangul syllables.
+             */
+            add_range(0xac00, 0xd7a3, "Lo", "L");
+
+            /*
+             * Add the characters to the defined category.
+             */
+            add_range(0xac00, 0xd7a3, "Cp", 0);
+
+            skip = 1;
+            break;
+          case 0xd800:
+            /*
+             * Make a range of all surrogates and assume some default
+             * properties.
+             */
+            add_range(0x010000, 0x10ffff, "Cs", "L");
+            skip = 5;
+            break;
+          case 0xe000:
+            /*
+             * The Private Use area.  Add with a default set of properties.
+             */
+            add_range(0xe000, 0xf8ff, "Co", "L");
+            skip = 1;
+            break;
+          case 0xf900:
+            /*
+             * The CJK compatibility area.
+             */
+            add_range(0xf900, 0xfaff, "Lo", "L");
+
+            /*
+             * Add the characters to the defined category.
+             */
+            add_range(0xf900, 0xfaff, "Cp", 0);
+
+            skip = 1;
+	    break;
+	  case 0x20000:
+	    /* CJK Ideograph Extension B */
+            add_range(0x20000, 0x2a6d6, "Lo", "L");
+
+            add_range(0x20000, 0x2a6d6, "Cp", 0);
+
+	    skip = 1;
+	    break;
+	  case 0xf0000:
+	    /* Plane 15 private use */
+	    add_range(0xf0000, 0xffffd, "Co", "L");
+	    skip = 1;
+	    break;
+
+	  case 0x100000:
+	    /* Plane 16 private use */
+	    add_range(0x100000, 0x10fffd, "Co", "L");
+	    skip = 1;
+	    break;
+        }
+
+        if (skip)
+          continue;
+
+        /*
+         * Add the code to the defined category.
+         */
+        ordered_range_insert(code, "Cp", 2);
+
+        /*
+         * Locate the first character property field.
+         */
+        for (i = 0; *s != 0 && i < 2; s++) {
+            if (*s == ';')
+              i++;
+        }
+        for (e = s; *e && *e != ';'; e++) ;
+
+        ordered_range_insert(code, s, e - s);
+
+        /*
+         * Locate the combining class code.
+         */
+        for (s = e; *s != 0 && i < 3; s++) {
+            if (*s == ';')
+              i++;
+        }
+
+        /*
+         * Convert the combining class code from decimal.
+         */
+        for (ccl_code = 0, e = s; *e && *e != ';'; e++)
+          ccl_code = (ccl_code * 10) + (*e - '0');
+
+        /*
+         * Add the code if it not 0.
+         */
+        if (ccl_code != 0)
+          ordered_ccl_insert(code, ccl_code);
+
+        /*
+         * Locate the second character property field.
+         */
+        for (s = e; *s != 0 && i < 4; s++) {
+            if (*s == ';')
+              i++;
+        }
+        for (e = s; *e && *e != ';'; e++) ;
+
+        ordered_range_insert(code, s, e - s);
+
+        /*
+         * Check for a decomposition.
+         */
+        s = ++e;
+        if (*s != ';') {
+	    compat = *s == '<';
+	    if (compat) {
+		/*
+		 * Skip compatibility formatting tag.
+		 */
+		while (*s++ != '>');
+	    }
+            /*
+             * Collect the codes of the decomposition.
+             */
+            for (dectmp_size = 0; *s != ';'; ) {
+                /*
+                 * Skip all leading non-hex digits.
+                 */
+                while (!ishdigit(*s))
+ 		  s++;
+
+                for (dectmp[dectmp_size] = 0; ishdigit(*s); s++) {
+                    dectmp[dectmp_size] <<= 4;
+                    if (*s >= '0' && *s <= '9')
+                      dectmp[dectmp_size] += *s - '0';
+                    else if (*s >= 'A' && *s <= 'F')
+                      dectmp[dectmp_size] += (*s - 'A') + 10;
+                    else if (*s >= 'a' && *s <= 'f')
+                      dectmp[dectmp_size] += (*s - 'a') + 10;
+                }
+                dectmp_size++;
+            }
+
+            /*
+             * If there are any codes in the temporary decomposition array,
+             * then add the character with its decomposition.
+             */
+            if (dectmp_size > 0) {
+		if (!compat) {
+		    add_decomp(code, 0);
+		}
+		add_decomp(code, 1);
+	    }
+        }
+
+        /*
+         * Skip to the number field.
+         */
+        for (i = 0; i < 3 && *s; s++) {
+            if (*s == ';')
+              i++;
+        }
+
+        /*
+         * Scan the number in.
+         */
+        number[0] = number[1] = 0;
+        for (e = s, neg = wnum = 0; *e && *e != ';'; e++) {
+            if (*e == '-') {
+                neg = 1;
+                continue;
+            }
+
+            if (*e == '/') {
+                /*
+                 * Move the the denominator of the fraction.
+                 */
+                if (neg)
+                  number[wnum] *= -1;
+                neg = 0;
+                e++;
+                wnum++;
+            }
+            number[wnum] = (number[wnum] * 10) + (*e - '0');
+        }
+
+        if (e > s) {
+            /*
+             * Adjust the denominator in case of integers and add the number.
+             */
+            if (wnum == 0)
+              number[1] = 1;
+
+            add_number(code, number[0], number[1]);
+        }
+
+        /*
+         * Skip to the start of the possible case mappings.
+         */
+        for (s = e, i = 0; i < 4 && *s; s++) {
+            if (*s == ';')
+              i++;
+        }
+
+        /*
+         * Collect the case mappings.
+         */
+        cases[0] = cases[1] = cases[2] = 0;
+        for (i = 0; i < 3; i++) {
+            while (ishdigit(*s)) {
+                cases[i] <<= 4;
+                if (*s >= '0' && *s <= '9')
+                  cases[i] += *s - '0';
+                else if (*s >= 'A' && *s <= 'F')
+                  cases[i] += (*s - 'A') + 10;
+                else if (*s >= 'a' && *s <= 'f')
+                  cases[i] += (*s - 'a') + 10;
+                s++;
+            }
+            if (*s == ';')
+              s++;
+        }
+        if (cases[0] && cases[1])
+          /*
+           * Add the upper and lower mappings for a title case character.
+           */
+          add_title(code);
+        else if (cases[1])
+          /*
+           * Add the lower and title case mappings for the upper case
+           * character.
+           */
+          add_upper(code);
+        else if (cases[0])
+          /*
+           * Add the upper and title case mappings for the lower case
+           * character.
+           */
+          add_lower(code);
+    }
+}
+
+static _decomp_t *
+find_decomp(krb5_ui_4 code, short compat)
+{
+    long l, r, m;
+    _decomp_t *decs;
+
+    l = 0;
+    r = (compat ? kdecomps_used : decomps_used) - 1;
+    decs = compat ? kdecomps : decomps;
+    while (l <= r) {
+        m = (l + r) >> 1;
+        if (code > decs[m].code)
+          l = m + 1;
+        else if (code < decs[m].code)
+          r = m - 1;
+        else
+          return &decs[m];
+    }
+    return 0;
+}
+
+static void
+decomp_it(_decomp_t *d, short compat)
+{
+    krb5_ui_4 i;
+    _decomp_t *dp;
+
+    for (i = 0; i < d->used; i++) {
+        if ((dp = find_decomp(d->decomp[i], compat)) != 0)
+          decomp_it(dp, compat);
+        else
+          dectmp[dectmp_size++] = d->decomp[i];
+    }
+}
+
+/*
+ * Expand all decompositions by recursively decomposing each character
+ * in the decomposition.
+ */
+static void
+expand_decomp(void)
+{
+    krb5_ui_4 i;
+
+    for (i = 0; i < decomps_used; i++) {
+        dectmp_size = 0;
+        decomp_it(&decomps[i], 0);
+        if (dectmp_size > 0)
+          add_decomp(decomps[i].code, 0);
+    }
+
+    for (i = 0; i < kdecomps_used; i++) {
+        dectmp_size = 0;
+        decomp_it(&kdecomps[i], 1);
+        if (dectmp_size > 0)
+          add_decomp(kdecomps[i].code, 1);
+    }
+}
+
+static int
+cmpcomps(const void *v_comp1, const void *v_comp2)
+{
+	const _comp_t *comp1 = v_comp1, *comp2 = v_comp2;
+    long diff = comp1->code1 - comp2->code1;
+
+    if (!diff)
+	diff = comp1->code2 - comp2->code2;
+    return (int) diff;
+}
+
+/*
+ * Load composition exclusion data
+ */
+static void
+read_compexdata(FILE *in)
+{
+    krb5_ui_2 i;
+    krb5_ui_4 code;
+    char line[512], *s;
+
+    (void) memset((char *) compexs, 0, sizeof(compexs));
+
+    while (fgets(line, sizeof(line), in)) {
+	if( (s=strchr(line, '\n')) ) *s = '\0';
+        /*
+         * Skip blank lines and lines that start with a '#'.
+         */
+        if (line[0] == 0 || line[0] == '#')
+	    continue;
+
+	/*
+         * Collect the code.  Assume max 6 digits
+         */
+
+	for (s = line, i = code = 0; *s != '#' && i < 6; i++, s++) {
+	    if (isspace((unsigned char)*s)) break;
+            code <<= 4;
+            if (*s >= '0' && *s <= '9')
+		code += *s - '0';
+            else if (*s >= 'A' && *s <= 'F')
+		code += (*s - 'A') + 10;
+            else if (*s >= 'a' && *s <= 'f')
+		code += (*s - 'a') + 10;
+        }
+        COMPEX_SET(code);
+    }
+}
+
+/*
+ * Creates array of compositions from decomposition array
+ */
+static void
+create_comps(void)
+{
+    krb5_ui_4 i, cu;
+
+    comps = (_comp_t *) malloc(comps_used * sizeof(_comp_t));
+
+    for (i = cu = 0; i < decomps_used; i++) {
+	if (decomps[i].used != 2 || COMPEX_TEST(decomps[i].code))
+	    continue;
+	comps[cu].comp = decomps[i].code;
+	comps[cu].count = 2;
+	comps[cu].code1 = decomps[i].decomp[0];
+	comps[cu].code2 = decomps[i].decomp[1];
+	cu++;
+    }
+    comps_used = cu;
+    qsort(comps, comps_used, sizeof(_comp_t), cmpcomps);
+}
+
+#if HARDCODE_DATA
+static void
+write_case(FILE *out, _case_t *tab, int num, int first)
+{
+    int i;
+
+    for (i=0; i<num; i++) {
+	if (first) first = 0;
+	else fprintf(out, ",");
+	fprintf(out, "\n\t0x%08lx, 0x%08lx, 0x%08lx",
+		(unsigned long) tab[i].key, (unsigned long) tab[i].other1,
+		(unsigned long) tab[i].other2);
+    }
+}
+
+#define PREF "static const "
+
+#endif
+
+static void
+write_cdata(char *opath)
+{
+    FILE *out;
+	krb5_ui_4 bytes;
+    krb5_ui_4 i, idx, nprops;
+#if !(HARDCODE_DATA)
+    krb5_ui_2 casecnt[2];
+#endif
+    char path[BUFSIZ];
+#if HARDCODE_DATA
+    int j, k;
+
+    /*****************************************************************
+     *
+     * Generate the ctype data.
+     *
+     *****************************************************************/
+
+    /*
+     * Open the output file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "uctable.h", opath);
+    if ((out = fopen(path, "w")) == 0)
+      return;
+#else
+    /*
+     * Open the ctype.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "ctype.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+      return;
+#endif
+
+    /*
+     * Collect the offsets for the properties.  The offsets array is
+     * on a 4-byte boundary to keep things efficient for architectures
+     * that need such a thing.
+     */
+    for (i = idx = 0; i < NUMPROPS; i++) {
+        propcnt[i] = (proptbl[i].used != 0) ? idx : 0xffff;
+        idx += proptbl[i].used;
+    }
+
+    /*
+     * Add the sentinel index which is used by the binary search as the upper
+     * bound for a search.
+     */
+    propcnt[i] = idx;
+
+    /*
+     * Record the actual number of property lists.  This may be different than
+     * the number of offsets actually written because of aligning on a 4-byte
+     * boundary.
+     */
+    hdr[1] = NUMPROPS;
+
+    /*
+     * Calculate the byte count needed and pad the property counts array to a
+     * 4-byte boundary.
+     */
+    if ((bytes = sizeof(krb5_ui_2) * (NUMPROPS + 1)) & 3)
+      bytes += 4 - (bytes & 3);
+    nprops = bytes / sizeof(krb5_ui_2);
+    bytes += sizeof(krb5_ui_4) * idx;
+
+#if HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _ucprop_size = %d;\n\n", NUMPROPS);
+
+    fprintf(out, PREF "krb5_ui_2 _ucprop_offsets[] = {");
+
+    for (i = 0; i<nprops; i++) {
+       if (i) fprintf(out, ",");
+       if (!(i&7)) fprintf(out, "\n\t");
+       else fprintf(out, " ");
+       fprintf(out, "0x%04x", propcnt[i]);
+    }
+    fprintf(out, "\n};\n\n");
+
+    fprintf(out, PREF "krb5_ui_4 _ucprop_ranges[] = {");
+
+    k = 0;
+    for (i = 0; i < NUMPROPS; i++) {
+	if (proptbl[i].used > 0) {
+	  for (j=0; j<proptbl[i].used; j++) {
+	    if (k) fprintf(out, ",");
+	    if (!(k&3)) fprintf(out,"\n\t");
+	    else fprintf(out, " ");
+	    k++;
+	    fprintf(out, "0x%08lx", (unsigned long) proptbl[i].ranges[j]);
+	  }
+	}
+    }
+    fprintf(out, "\n};\n\n");
+#else
+    /*
+     * Write the header.
+     */
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write the byte count.
+     */
+    fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+    /*
+     * Write the property list counts.
+     */
+    fwrite((char *) propcnt, sizeof(krb5_ui_2), nprops, out);
+
+    /*
+     * Write the property lists.
+     */
+    for (i = 0; i < NUMPROPS; i++) {
+        if (proptbl[i].used > 0)
+          fwrite((char *) proptbl[i].ranges, sizeof(krb5_ui_4),
+                 proptbl[i].used, out);
+    }
+
+    fclose(out);
+#endif
+
+    /*****************************************************************
+     *
+     * Generate the case mapping data.
+     *
+     *****************************************************************/
+
+#if HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _uccase_size = %ld;\n\n",
+        (long) (upper_used + lower_used + title_used));
+
+    fprintf(out, PREF "krb5_ui_2 _uccase_len[2] = {%ld, %ld};\n\n",
+        (long) upper_used, (long) lower_used);
+    fprintf(out, PREF "krb5_ui_4 _uccase_map[] = {");
+
+    if (upper_used > 0)
+      /*
+       * Write the upper case table.
+       */
+      write_case(out, upper, upper_used, 1);
+
+    if (lower_used > 0)
+      /*
+       * Write the lower case table.
+       */
+      write_case(out, lower, lower_used, !upper_used);
+
+    if (title_used > 0)
+      /*
+       * Write the title case table.
+       */
+      write_case(out, title, title_used, !(upper_used||lower_used));
+
+    if (!(upper_used || lower_used || title_used))
+	fprintf(out, "\t0");
+
+    fprintf(out, "\n};\n\n");
+#else
+    /*
+     * Open the case.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "case.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+      return;
+
+    /*
+     * Write the case mapping tables.
+     */
+    hdr[1] = upper_used + lower_used + title_used;
+    casecnt[0] = upper_used;
+    casecnt[1] = lower_used;
+
+    /*
+     * Write the header.
+     */
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write the upper and lower case table sizes.
+     */
+    fwrite((char *) casecnt, sizeof(krb5_ui_2), 2, out);
+
+    if (upper_used > 0)
+      /*
+       * Write the upper case table.
+       */
+      fwrite((char *) upper, sizeof(_case_t), upper_used, out);
+
+    if (lower_used > 0)
+      /*
+       * Write the lower case table.
+       */
+      fwrite((char *) lower, sizeof(_case_t), lower_used, out);
+
+    if (title_used > 0)
+      /*
+       * Write the title case table.
+       */
+      fwrite((char *) title, sizeof(_case_t), title_used, out);
+
+    fclose(out);
+#endif
+
+    /*****************************************************************
+     *
+     * Generate the composition data.
+     *
+     *****************************************************************/
+
+    /*
+     * Create compositions from decomposition data
+     */
+    create_comps();
+
+#if HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _uccomp_size = %ld;\n\n",
+        comps_used * 4L);
+
+    fprintf(out, PREF "krb5_ui_4 _uccomp_data[] = {");
+
+     /*
+      * Now, if comps exist, write them out.
+      */
+    if (comps_used > 0) {
+	for (i=0; i<comps_used; i++) {
+	    if (i) fprintf(out, ",");
+	    fprintf(out, "\n\t0x%08lx, 0x%08lx, 0x%08lx, 0x%08lx",
+	        (unsigned long) comps[i].comp, (unsigned long) comps[i].count,
+	        (unsigned long) comps[i].code1, (unsigned long) comps[i].code2);
+	}
+    } else {
+	fprintf(out, "\t0");
+    }
+    fprintf(out, "\n};\n\n");
+#else
+    /*
+     * Open the comp.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "comp.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+	return;
+
+    /*
+     * Write the header.
+     */
+    hdr[1] = (krb5_ui_2) comps_used * 4;
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write out the byte count to maintain header size.
+     */
+    bytes = comps_used * sizeof(_comp_t);
+    fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+    /*
+     * Now, if comps exist, write them out.
+     */
+    if (comps_used > 0)
+        fwrite((char *) comps, sizeof(_comp_t), comps_used, out);
+
+    fclose(out);
+#endif
+
+    /*****************************************************************
+     *
+     * Generate the decomposition data.
+     *
+     *****************************************************************/
+
+    /*
+     * Fully expand all decompositions before generating the output file.
+     */
+    expand_decomp();
+
+#if HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _ucdcmp_size = %ld;\n\n",
+        decomps_used * 2L);
+
+    fprintf(out, PREF "krb5_ui_4 _ucdcmp_nodes[] = {");
+
+    if (decomps_used) {
+	/*
+	 * Write the list of decomp nodes.
+	 */
+	for (i = idx = 0; i < decomps_used; i++) {
+	    fprintf(out, "\n\t0x%08lx, 0x%08lx,",
+	        (unsigned long) decomps[i].code, (unsigned long) idx);
+	    idx += decomps[i].used;
+	}
+
+	/*
+	 * Write the sentinel index as the last decomp node.
+	 */
+	fprintf(out, "\n\t0x%08lx\n};\n\n", (unsigned long) idx);
+
+	fprintf(out, PREF "krb5_ui_4 _ucdcmp_decomp[] = {");
+	/*
+	 * Write the decompositions themselves.
+	 */
+	k = 0;
+	for (i = 0; i < decomps_used; i++)
+	  for (j=0; j<decomps[i].used; j++) {
+	    if (k) fprintf(out, ",");
+	    if (!(k&3)) fprintf(out,"\n\t");
+	    else fprintf(out, " ");
+	    k++;
+	    fprintf(out, "0x%08lx", (unsigned long) decomps[i].decomp[j]);
+	  }
+	fprintf(out, "\n};\n\n");
+    }
+#else
+    /*
+     * Open the decomp.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "decomp.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+      return;
+
+    hdr[1] = decomps_used;
+
+    /*
+     * Write the header.
+     */
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write a temporary byte count which will be calculated as the
+     * decompositions are written out.
+     */
+    bytes = 0;
+    fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+    if (decomps_used) {
+        /*
+         * Write the list of decomp nodes.
+         */
+        for (i = idx = 0; i < decomps_used; i++) {
+            fwrite((char *) &decomps[i].code, sizeof(krb5_ui_4), 1, out);
+            fwrite((char *) &idx, sizeof(krb5_ui_4), 1, out);
+            idx += decomps[i].used;
+        }
+
+        /*
+         * Write the sentinel index as the last decomp node.
+         */
+        fwrite((char *) &idx, sizeof(krb5_ui_4), 1, out);
+
+        /*
+         * Write the decompositions themselves.
+         */
+        for (i = 0; i < decomps_used; i++)
+          fwrite((char *) decomps[i].decomp, sizeof(krb5_ui_4),
+                 decomps[i].used, out);
+
+        /*
+         * Seek back to the beginning and write the byte count.
+         */
+        bytes = (sizeof(krb5_ui_4) * idx) +
+            (sizeof(krb5_ui_4) * ((hdr[1] << 1) + 1));
+        fseek(out, sizeof(krb5_ui_2) << 1, 0L);
+        fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+        fclose(out);
+    }
+#endif
+
+#ifdef HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _uckdcmp_size = %ld;\n\n",
+        kdecomps_used * 2L);
+
+    fprintf(out, PREF "krb5_ui_4 _uckdcmp_nodes[] = {");
+
+    if (kdecomps_used) {
+	/*
+	 * Write the list of kdecomp nodes.
+	 */
+	for (i = idx = 0; i < kdecomps_used; i++) {
+	    fprintf(out, "\n\t0x%08lx, 0x%08lx,",
+	        (unsigned long) kdecomps[i].code, (unsigned long) idx);
+	    idx += kdecomps[i].used;
+	}
+
+	/*
+	 * Write the sentinel index as the last decomp node.
+	 */
+	fprintf(out, "\n\t0x%08lx\n};\n\n", (unsigned long) idx);
+
+	fprintf(out, PREF "krb5_ui_4 _uckdcmp_decomp[] = {");
+
+	/*
+	 * Write the decompositions themselves.
+	 */
+	k = 0;
+	for (i = 0; i < kdecomps_used; i++)
+	  for (j=0; j<kdecomps[i].used; j++) {
+	    if (k) fprintf(out, ",");
+	    if (!(k&3)) fprintf(out,"\n\t");
+	    else fprintf(out, " ");
+	    k++;
+	    fprintf(out, "0x%08lx", (unsigned long) kdecomps[i].decomp[j]);
+	  }
+	fprintf(out, "\n};\n\n");
+    }
+#else
+    /*
+     * Open the kdecomp.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "kdecomp.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+      return;
+
+    hdr[1] = kdecomps_used;
+
+    /*
+     * Write the header.
+     */
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write a temporary byte count which will be calculated as the
+     * decompositions are written out.
+     */
+    bytes = 0;
+    fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+    if (kdecomps_used) {
+        /*
+         * Write the list of kdecomp nodes.
+         */
+        for (i = idx = 0; i < kdecomps_used; i++) {
+            fwrite((char *) &kdecomps[i].code, sizeof(krb5_ui_4), 1, out);
+            fwrite((char *) &idx, sizeof(krb5_ui_4), 1, out);
+            idx += kdecomps[i].used;
+        }
+
+        /*
+         * Write the sentinel index as the last decomp node.
+         */
+        fwrite((char *) &idx, sizeof(krb5_ui_4), 1, out);
+
+        /*
+         * Write the decompositions themselves.
+         */
+        for (i = 0; i < kdecomps_used; i++)
+          fwrite((char *) kdecomps[i].decomp, sizeof(krb5_ui_4),
+                 kdecomps[i].used, out);
+
+        /*
+         * Seek back to the beginning and write the byte count.
+         */
+        bytes = (sizeof(krb5_ui_4) * idx) +
+            (sizeof(krb5_ui_4) * ((hdr[1] << 1) + 1));
+        fseek(out, sizeof(krb5_ui_2) << 1, 0L);
+        fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+        fclose(out);
+    }
+#endif
+
+    /*****************************************************************
+     *
+     * Generate the combining class data.
+     *
+     *****************************************************************/
+#ifdef HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _uccmcl_size = %ld;\n\n", (long) ccl_used);
+
+    fprintf(out, PREF "krb5_ui_4 _uccmcl_nodes[] = {");
+
+    if (ccl_used > 0) {
+	/*
+	 * Write the combining class ranges out.
+	 */
+	for (i = 0; i<ccl_used; i++) {
+	    if (i) fprintf(out, ",");
+	    if (!(i&3)) fprintf(out, "\n\t");
+	    else fprintf(out, " ");
+	    fprintf(out, "0x%08lx", (unsigned long) ccl[i]);
+	}
+    } else {
+	fprintf(out, "\t0");
+    }
+    fprintf(out, "\n};\n\n");
+#else
+    /*
+     * Open the cmbcl.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "cmbcl.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+      return;
+
+    /*
+     * Set the number of ranges used.  Each range has a combining class which
+     * means each entry is a 3-tuple.
+     */
+    hdr[1] = ccl_used / 3;
+
+    /*
+     * Write the header.
+     */
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write out the byte count to maintain header size.
+     */
+    bytes = ccl_used * sizeof(krb5_ui_4);
+    fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+    if (ccl_used > 0)
+      /*
+       * Write the combining class ranges out.
+       */
+      fwrite((char *) ccl, sizeof(krb5_ui_4), ccl_used, out);
+
+    fclose(out);
+#endif
+
+    /*****************************************************************
+     *
+     * Generate the number data.
+     *
+     *****************************************************************/
+
+#if HARDCODE_DATA
+    fprintf(out, PREF "krb5_ui_4 _ucnum_size = %lu;\n\n",
+        (unsigned long)ncodes_used<<1);
+
+    fprintf(out, PREF "krb5_ui_4 _ucnum_nodes[] = {");
+
+    /*
+     * Now, if number mappings exist, write them out.
+     */
+    if (ncodes_used > 0) {
+	for (i = 0; i<ncodes_used; i++) {
+	    if (i) fprintf(out, ",");
+	    if (!(i&1)) fprintf(out, "\n\t");
+	    else fprintf(out, " ");
+	    fprintf(out, "0x%08lx, 0x%08lx",
+	        (unsigned long) ncodes[i].code, (unsigned long) ncodes[i].idx);
+	}
+	fprintf(out, "\n};\n\n");
+
+	fprintf(out, PREF "short _ucnum_vals[] = {");
+	for (i = 0; i<nums_used; i++) {
+	    if (i) fprintf(out, ",");
+	    if (!(i&3)) fprintf(out, "\n\t");
+	    else fprintf(out, " ");
+	    if (nums[i].numerator < 0) {
+		fprintf(out, "%6d, 0x%04x",
+		  nums[i].numerator, nums[i].denominator);
+	    } else {
+		fprintf(out, "0x%04x, 0x%04x",
+		  nums[i].numerator, nums[i].denominator);
+	    }
+	}
+	fprintf(out, "\n};\n\n");
+    }
+#else
+    /*
+     * Open the num.dat file.
+     */
+    snprintf(path, sizeof path, "%s" LDAP_DIRSEP "num.dat", opath);
+    if ((out = fopen(path, "wb")) == 0)
+      return;
+
+    /*
+     * The count part of the header will be the total number of codes that
+     * have numbers.
+     */
+    hdr[1] = (krb5_ui_2) (ncodes_used << 1);
+    bytes = (ncodes_used * sizeof(_codeidx_t)) + (nums_used * sizeof(_num_t));
+
+    /*
+     * Write the header.
+     */
+    fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
+
+    /*
+     * Write out the byte count to maintain header size.
+     */
+    fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
+
+    /*
+     * Now, if number mappings exist, write them out.
+     */
+    if (ncodes_used > 0) {
+        fwrite((char *) ncodes, sizeof(_codeidx_t), ncodes_used, out);
+        fwrite((char *) nums, sizeof(_num_t), nums_used, out);
+    }
+#endif
+
+    fclose(out);
+}
+
+static void
+usage(char *prog)
+{
+    fprintf(stderr,
+            "Usage: %s [-o output-directory|-x composition-exclusions]", prog);
+    fprintf(stderr, " datafile1 datafile2 ...\n\n");
+    fprintf(stderr,
+            "-o output-directory\n\t\tWrite the output files to a different");
+    fprintf(stderr, " directory (default: .).\n");
+    fprintf(stderr,
+            "-x composition-exclusion\n\t\tFile of composition codes");
+    fprintf(stderr, " that should be excluded.\n");
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    FILE *in;
+    char *prog, *opath;
+
+    prog = lutil_progname( "ucgendat", argc, argv );
+
+    opath = 0;
+    in = stdin;
+
+    argc--;
+    argv++;
+
+    while (argc > 0) {
+        if (argv[0][0] == '-') {
+            switch (argv[0][1]) {
+              case 'o':
+                argc--;
+                argv++;
+                opath = argv[0];
+                break;
+              case 'x':
+                argc--;
+                argv++;
+                if ((in = fopen(argv[0], "r")) == 0)
+                  fprintf(stderr,
+                          "%s: unable to open composition exclusion file %s\n",
+                          prog, argv[0]);
+                else {
+                    read_compexdata(in);
+                    fclose(in);
+                    in = 0;
+                }
+                break;
+              default:
+                usage(prog);
+            }
+        } else {
+            if (in != stdin && in != NULL)
+              fclose(in);
+            if ((in = fopen(argv[0], "r")) == 0)
+              fprintf(stderr, "%s: unable to open ctype file %s\n",
+                      prog, argv[0]);
+            else {
+                read_cdata(in);
+                fclose(in);
+                in = 0;
+	    }
+        }
+        argc--;
+        argv++;
+    }
+
+    if (opath == 0)
+      opath = ".";
+    write_cdata(opath);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucdata/uctable.h b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/uctable.h
new file mode 100644
index 00000000..98a8745f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucdata/uctable.h
@@ -0,0 +1,14305 @@
+static const krb5_ui_4 _ucprop_size = 50;
+
+static const krb5_ui_2 _ucprop_offsets[] = {
+	0x0000, 0x00d0, 0x0138, 0x0140, 0x016a, 0x0176, 0x019e, 0x01ac,
+	0x01ae, 0x01b0, 0x01b4, 0x01cc, 0x01ce, 0xffff, 0x01d4, 0x051a,
+	0x0862, 0x0876, 0x089e, 0x0a32, 0x0a40, 0x0a58, 0x0ad8, 0x0b54,
+	0x0be0, 0x0c54, 0x0c6a, 0x0c96, 0x0d66, 0x0fee, 0x100a, 0x1020,
+	0x1024, 0x1054, 0x1058, 0x106e, 0x1078, 0x107e, 0x108e, 0x1240,
+	0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x13e8, 0x16e4,
+	0x16ee, 0x16f6, 0x1720, 0x0000
+};
+
+static const krb5_ui_4 _ucprop_ranges[] = {
+	0x00000300, 0x0000034f, 0x00000360, 0x0000036f,
+	0x00000483, 0x00000486, 0x00000591, 0x000005a1,
+	0x000005a3, 0x000005b9, 0x000005bb, 0x000005bd,
+	0x000005bf, 0x000005bf, 0x000005c1, 0x000005c2,
+	0x000005c4, 0x000005c4, 0x0000064b, 0x00000655,
+	0x00000670, 0x00000670, 0x000006d6, 0x000006dc,
+	0x000006df, 0x000006e4, 0x000006e7, 0x000006e8,
+	0x000006ea, 0x000006ed, 0x00000711, 0x00000711,
+	0x00000730, 0x0000074a, 0x000007a6, 0x000007b0,
+	0x00000901, 0x00000902, 0x0000093c, 0x0000093c,
+	0x00000941, 0x00000948, 0x0000094d, 0x0000094d,
+	0x00000951, 0x00000954, 0x00000962, 0x00000963,
+	0x00000981, 0x00000981, 0x000009bc, 0x000009bc,
+	0x000009c1, 0x000009c4, 0x000009cd, 0x000009cd,
+	0x000009e2, 0x000009e3, 0x00000a02, 0x00000a02,
+	0x00000a3c, 0x00000a3c, 0x00000a41, 0x00000a42,
+	0x00000a47, 0x00000a48, 0x00000a4b, 0x00000a4d,
+	0x00000a70, 0x00000a71, 0x00000a81, 0x00000a82,
+	0x00000abc, 0x00000abc, 0x00000ac1, 0x00000ac5,
+	0x00000ac7, 0x00000ac8, 0x00000acd, 0x00000acd,
+	0x00000b01, 0x00000b01, 0x00000b3c, 0x00000b3c,
+	0x00000b3f, 0x00000b3f, 0x00000b41, 0x00000b43,
+	0x00000b4d, 0x00000b4d, 0x00000b56, 0x00000b56,
+	0x00000b82, 0x00000b82, 0x00000bc0, 0x00000bc0,
+	0x00000bcd, 0x00000bcd, 0x00000c3e, 0x00000c40,
+	0x00000c46, 0x00000c48, 0x00000c4a, 0x00000c4d,
+	0x00000c55, 0x00000c56, 0x00000cbf, 0x00000cbf,
+	0x00000cc6, 0x00000cc6, 0x00000ccc, 0x00000ccd,
+	0x00000d41, 0x00000d43, 0x00000d4d, 0x00000d4d,
+	0x00000dca, 0x00000dca, 0x00000dd2, 0x00000dd4,
+	0x00000dd6, 0x00000dd6, 0x00000e31, 0x00000e31,
+	0x00000e34, 0x00000e3a, 0x00000e47, 0x00000e4e,
+	0x00000eb1, 0x00000eb1, 0x00000eb4, 0x00000eb9,
+	0x00000ebb, 0x00000ebc, 0x00000ec8, 0x00000ecd,
+	0x00000f18, 0x00000f19, 0x00000f35, 0x00000f35,
+	0x00000f37, 0x00000f37, 0x00000f39, 0x00000f39,
+	0x00000f71, 0x00000f7e, 0x00000f80, 0x00000f84,
+	0x00000f86, 0x00000f87, 0x00000f90, 0x00000f97,
+	0x00000f99, 0x00000fbc, 0x00000fc6, 0x00000fc6,
+	0x0000102d, 0x00001030, 0x00001032, 0x00001032,
+	0x00001036, 0x00001037, 0x00001039, 0x00001039,
+	0x00001058, 0x00001059, 0x00001712, 0x00001714,
+	0x00001732, 0x00001734, 0x00001752, 0x00001753,
+	0x00001772, 0x00001773, 0x000017b7, 0x000017bd,
+	0x000017c6, 0x000017c6, 0x000017c9, 0x000017d3,
+	0x0000180b, 0x0000180d, 0x000018a9, 0x000018a9,
+	0x000020d0, 0x000020dc, 0x000020e1, 0x000020e1,
+	0x000020e5, 0x000020ea, 0x0000302a, 0x0000302f,
+	0x00003099, 0x0000309a, 0x0000fb1e, 0x0000fb1e,
+	0x0000fe00, 0x0000fe0f, 0x0000fe20, 0x0000fe23,
+	0x0001d167, 0x0001d169, 0x0001d17b, 0x0001d182,
+	0x0001d185, 0x0001d18b, 0x0001d1aa, 0x0001d1ad,
+	0x00000903, 0x00000903, 0x0000093e, 0x00000940,
+	0x00000949, 0x0000094c, 0x00000982, 0x00000983,
+	0x000009be, 0x000009c0, 0x000009c7, 0x000009c8,
+	0x000009cb, 0x000009cc, 0x000009d7, 0x000009d7,
+	0x00000a3e, 0x00000a40, 0x00000a83, 0x00000a83,
+	0x00000abe, 0x00000ac0, 0x00000ac9, 0x00000ac9,
+	0x00000acb, 0x00000acc, 0x00000b02, 0x00000b03,
+	0x00000b3e, 0x00000b3e, 0x00000b40, 0x00000b40,
+	0x00000b47, 0x00000b48, 0x00000b4b, 0x00000b4c,
+	0x00000b57, 0x00000b57, 0x00000bbe, 0x00000bbf,
+	0x00000bc1, 0x00000bc2, 0x00000bc6, 0x00000bc8,
+	0x00000bca, 0x00000bcc, 0x00000bd7, 0x00000bd7,
+	0x00000c01, 0x00000c03, 0x00000c41, 0x00000c44,
+	0x00000c82, 0x00000c83, 0x00000cbe, 0x00000cbe,
+	0x00000cc0, 0x00000cc4, 0x00000cc7, 0x00000cc8,
+	0x00000cca, 0x00000ccb, 0x00000cd5, 0x00000cd6,
+	0x00000d02, 0x00000d03, 0x00000d3e, 0x00000d40,
+	0x00000d46, 0x00000d48, 0x00000d4a, 0x00000d4c,
+	0x00000d57, 0x00000d57, 0x00000d82, 0x00000d83,
+	0x00000dcf, 0x00000dd1, 0x00000dd8, 0x00000ddf,
+	0x00000df2, 0x00000df3, 0x00000f3e, 0x00000f3f,
+	0x00000f7f, 0x00000f7f, 0x0000102c, 0x0000102c,
+	0x00001031, 0x00001031, 0x00001038, 0x00001038,
+	0x00001056, 0x00001057, 0x000017b4, 0x000017b6,
+	0x000017be, 0x000017c5, 0x000017c7, 0x000017c8,
+	0x0001d165, 0x0001d166, 0x0001d16d, 0x0001d172,
+	0x00000488, 0x00000489, 0x000006de, 0x000006de,
+	0x000020dd, 0x000020e0, 0x000020e2, 0x000020e4,
+	0x00000030, 0x00000039, 0x00000660, 0x00000669,
+	0x000006f0, 0x000006f9, 0x00000966, 0x0000096f,
+	0x000009e6, 0x000009ef, 0x00000a66, 0x00000a6f,
+	0x00000ae6, 0x00000aef, 0x00000b66, 0x00000b6f,
+	0x00000be7, 0x00000bef, 0x00000c66, 0x00000c6f,
+	0x00000ce6, 0x00000cef, 0x00000d66, 0x00000d6f,
+	0x00000e50, 0x00000e59, 0x00000ed0, 0x00000ed9,
+	0x00000f20, 0x00000f29, 0x00001040, 0x00001049,
+	0x00001369, 0x00001371, 0x000017e0, 0x000017e9,
+	0x00001810, 0x00001819, 0x0000ff10, 0x0000ff19,
+	0x0001d7ce, 0x0001d7ff, 0x000016ee, 0x000016f0,
+	0x00002160, 0x00002183, 0x00003007, 0x00003007,
+	0x00003021, 0x00003029, 0x00003038, 0x0000303a,
+	0x0001034a, 0x0001034a, 0x000000b2, 0x000000b3,
+	0x000000b9, 0x000000b9, 0x000000bc, 0x000000be,
+	0x000009f4, 0x000009f9, 0x00000bf0, 0x00000bf2,
+	0x00000f2a, 0x00000f33, 0x00001372, 0x0000137c,
+	0x00002070, 0x00002070, 0x00002074, 0x00002079,
+	0x00002080, 0x00002089, 0x00002153, 0x0000215f,
+	0x00002460, 0x0000249b, 0x000024ea, 0x000024fe,
+	0x00002776, 0x00002793, 0x00003192, 0x00003195,
+	0x00003220, 0x00003229, 0x00003251, 0x0000325f,
+	0x00003280, 0x00003289, 0x000032b1, 0x000032bf,
+	0x00010320, 0x00010323, 0x00000020, 0x00000020,
+	0x000000a0, 0x000000a0, 0x00001680, 0x00001680,
+	0x00002000, 0x0000200b, 0x0000202f, 0x0000202f,
+	0x0000205f, 0x0000205f, 0x00003000, 0x00003000,
+	0x00002028, 0x00002028, 0x00002029, 0x00002029,
+	0x00000000, 0x0000001f, 0x0000007f, 0x0000009f,
+	0x000006dd, 0x000006dd, 0x0000070f, 0x0000070f,
+	0x0000180e, 0x0000180e, 0x0000200c, 0x0000200f,
+	0x0000202a, 0x0000202e, 0x00002060, 0x00002063,
+	0x0000206a, 0x0000206f, 0x0000feff, 0x0000feff,
+	0x0000fff9, 0x0000fffb, 0x0001d173, 0x0001d17a,
+	0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f,
+	0x00010000, 0x0010ffff, 0x0000e000, 0x0000f8ff,
+	0x000f0000, 0x000ffffd, 0x00100000, 0x0010fffd,
+	0x00000041, 0x0000005a, 0x000000c0, 0x000000d6,
+	0x000000d8, 0x000000de, 0x00000100, 0x00000100,
+	0x00000102, 0x00000102, 0x00000104, 0x00000104,
+	0x00000106, 0x00000106, 0x00000108, 0x00000108,
+	0x0000010a, 0x0000010a, 0x0000010c, 0x0000010c,
+	0x0000010e, 0x0000010e, 0x00000110, 0x00000110,
+	0x00000112, 0x00000112, 0x00000114, 0x00000114,
+	0x00000116, 0x00000116, 0x00000118, 0x00000118,
+	0x0000011a, 0x0000011a, 0x0000011c, 0x0000011c,
+	0x0000011e, 0x0000011e, 0x00000120, 0x00000120,
+	0x00000122, 0x00000122, 0x00000124, 0x00000124,
+	0x00000126, 0x00000126, 0x00000128, 0x00000128,
+	0x0000012a, 0x0000012a, 0x0000012c, 0x0000012c,
+	0x0000012e, 0x0000012e, 0x00000130, 0x00000130,
+	0x00000132, 0x00000132, 0x00000134, 0x00000134,
+	0x00000136, 0x00000136, 0x00000139, 0x00000139,
+	0x0000013b, 0x0000013b, 0x0000013d, 0x0000013d,
+	0x0000013f, 0x0000013f, 0x00000141, 0x00000141,
+	0x00000143, 0x00000143, 0x00000145, 0x00000145,
+	0x00000147, 0x00000147, 0x0000014a, 0x0000014a,
+	0x0000014c, 0x0000014c, 0x0000014e, 0x0000014e,
+	0x00000150, 0x00000150, 0x00000152, 0x00000152,
+	0x00000154, 0x00000154, 0x00000156, 0x00000156,
+	0x00000158, 0x00000158, 0x0000015a, 0x0000015a,
+	0x0000015c, 0x0000015c, 0x0000015e, 0x0000015e,
+	0x00000160, 0x00000160, 0x00000162, 0x00000162,
+	0x00000164, 0x00000164, 0x00000166, 0x00000166,
+	0x00000168, 0x00000168, 0x0000016a, 0x0000016a,
+	0x0000016c, 0x0000016c, 0x0000016e, 0x0000016e,
+	0x00000170, 0x00000170, 0x00000172, 0x00000172,
+	0x00000174, 0x00000174, 0x00000176, 0x00000176,
+	0x00000178, 0x00000179, 0x0000017b, 0x0000017b,
+	0x0000017d, 0x0000017d, 0x00000181, 0x00000182,
+	0x00000184, 0x00000184, 0x00000186, 0x00000187,
+	0x00000189, 0x0000018b, 0x0000018e, 0x00000191,
+	0x00000193, 0x00000194, 0x00000196, 0x00000198,
+	0x0000019c, 0x0000019d, 0x0000019f, 0x000001a0,
+	0x000001a2, 0x000001a2, 0x000001a4, 0x000001a4,
+	0x000001a6, 0x000001a7, 0x000001a9, 0x000001a9,
+	0x000001ac, 0x000001ac, 0x000001ae, 0x000001af,
+	0x000001b1, 0x000001b3, 0x000001b5, 0x000001b5,
+	0x000001b7, 0x000001b8, 0x000001bc, 0x000001bc,
+	0x000001c4, 0x000001c4, 0x000001c7, 0x000001c7,
+	0x000001ca, 0x000001ca, 0x000001cd, 0x000001cd,
+	0x000001cf, 0x000001cf, 0x000001d1, 0x000001d1,
+	0x000001d3, 0x000001d3, 0x000001d5, 0x000001d5,
+	0x000001d7, 0x000001d7, 0x000001d9, 0x000001d9,
+	0x000001db, 0x000001db, 0x000001de, 0x000001de,
+	0x000001e0, 0x000001e0, 0x000001e2, 0x000001e2,
+	0x000001e4, 0x000001e4, 0x000001e6, 0x000001e6,
+	0x000001e8, 0x000001e8, 0x000001ea, 0x000001ea,
+	0x000001ec, 0x000001ec, 0x000001ee, 0x000001ee,
+	0x000001f1, 0x000001f1, 0x000001f4, 0x000001f4,
+	0x000001f6, 0x000001f8, 0x000001fa, 0x000001fa,
+	0x000001fc, 0x000001fc, 0x000001fe, 0x000001fe,
+	0x00000200, 0x00000200, 0x00000202, 0x00000202,
+	0x00000204, 0x00000204, 0x00000206, 0x00000206,
+	0x00000208, 0x00000208, 0x0000020a, 0x0000020a,
+	0x0000020c, 0x0000020c, 0x0000020e, 0x0000020e,
+	0x00000210, 0x00000210, 0x00000212, 0x00000212,
+	0x00000214, 0x00000214, 0x00000216, 0x00000216,
+	0x00000218, 0x00000218, 0x0000021a, 0x0000021a,
+	0x0000021c, 0x0000021c, 0x0000021e, 0x0000021e,
+	0x00000220, 0x00000220, 0x00000222, 0x00000222,
+	0x00000224, 0x00000224, 0x00000226, 0x00000226,
+	0x00000228, 0x00000228, 0x0000022a, 0x0000022a,
+	0x0000022c, 0x0000022c, 0x0000022e, 0x0000022e,
+	0x00000230, 0x00000230, 0x00000232, 0x00000232,
+	0x00000386, 0x00000386, 0x00000388, 0x0000038a,
+	0x0000038c, 0x0000038c, 0x0000038e, 0x0000038f,
+	0x00000391, 0x000003a1, 0x000003a3, 0x000003ab,
+	0x000003d2, 0x000003d4, 0x000003d8, 0x000003d8,
+	0x000003da, 0x000003da, 0x000003dc, 0x000003dc,
+	0x000003de, 0x000003de, 0x000003e0, 0x000003e0,
+	0x000003e2, 0x000003e2, 0x000003e4, 0x000003e4,
+	0x000003e6, 0x000003e6, 0x000003e8, 0x000003e8,
+	0x000003ea, 0x000003ea, 0x000003ec, 0x000003ec,
+	0x000003ee, 0x000003ee, 0x000003f4, 0x000003f4,
+	0x00000400, 0x0000042f, 0x00000460, 0x00000460,
+	0x00000462, 0x00000462, 0x00000464, 0x00000464,
+	0x00000466, 0x00000466, 0x00000468, 0x00000468,
+	0x0000046a, 0x0000046a, 0x0000046c, 0x0000046c,
+	0x0000046e, 0x0000046e, 0x00000470, 0x00000470,
+	0x00000472, 0x00000472, 0x00000474, 0x00000474,
+	0x00000476, 0x00000476, 0x00000478, 0x00000478,
+	0x0000047a, 0x0000047a, 0x0000047c, 0x0000047c,
+	0x0000047e, 0x0000047e, 0x00000480, 0x00000480,
+	0x0000048a, 0x0000048a, 0x0000048c, 0x0000048c,
+	0x0000048e, 0x0000048e, 0x00000490, 0x00000490,
+	0x00000492, 0x00000492, 0x00000494, 0x00000494,
+	0x00000496, 0x00000496, 0x00000498, 0x00000498,
+	0x0000049a, 0x0000049a, 0x0000049c, 0x0000049c,
+	0x0000049e, 0x0000049e, 0x000004a0, 0x000004a0,
+	0x000004a2, 0x000004a2, 0x000004a4, 0x000004a4,
+	0x000004a6, 0x000004a6, 0x000004a8, 0x000004a8,
+	0x000004aa, 0x000004aa, 0x000004ac, 0x000004ac,
+	0x000004ae, 0x000004ae, 0x000004b0, 0x000004b0,
+	0x000004b2, 0x000004b2, 0x000004b4, 0x000004b4,
+	0x000004b6, 0x000004b6, 0x000004b8, 0x000004b8,
+	0x000004ba, 0x000004ba, 0x000004bc, 0x000004bc,
+	0x000004be, 0x000004be, 0x000004c0, 0x000004c1,
+	0x000004c3, 0x000004c3, 0x000004c5, 0x000004c5,
+	0x000004c7, 0x000004c7, 0x000004c9, 0x000004c9,
+	0x000004cb, 0x000004cb, 0x000004cd, 0x000004cd,
+	0x000004d0, 0x000004d0, 0x000004d2, 0x000004d2,
+	0x000004d4, 0x000004d4, 0x000004d6, 0x000004d6,
+	0x000004d8, 0x000004d8, 0x000004da, 0x000004da,
+	0x000004dc, 0x000004dc, 0x000004de, 0x000004de,
+	0x000004e0, 0x000004e0, 0x000004e2, 0x000004e2,
+	0x000004e4, 0x000004e4, 0x000004e6, 0x000004e6,
+	0x000004e8, 0x000004e8, 0x000004ea, 0x000004ea,
+	0x000004ec, 0x000004ec, 0x000004ee, 0x000004ee,
+	0x000004f0, 0x000004f0, 0x000004f2, 0x000004f2,
+	0x000004f4, 0x000004f4, 0x000004f8, 0x000004f8,
+	0x00000500, 0x00000500, 0x00000502, 0x00000502,
+	0x00000504, 0x00000504, 0x00000506, 0x00000506,
+	0x00000508, 0x00000508, 0x0000050a, 0x0000050a,
+	0x0000050c, 0x0000050c, 0x0000050e, 0x0000050e,
+	0x00000531, 0x00000556, 0x000010a0, 0x000010c5,
+	0x00001e00, 0x00001e00, 0x00001e02, 0x00001e02,
+	0x00001e04, 0x00001e04, 0x00001e06, 0x00001e06,
+	0x00001e08, 0x00001e08, 0x00001e0a, 0x00001e0a,
+	0x00001e0c, 0x00001e0c, 0x00001e0e, 0x00001e0e,
+	0x00001e10, 0x00001e10, 0x00001e12, 0x00001e12,
+	0x00001e14, 0x00001e14, 0x00001e16, 0x00001e16,
+	0x00001e18, 0x00001e18, 0x00001e1a, 0x00001e1a,
+	0x00001e1c, 0x00001e1c, 0x00001e1e, 0x00001e1e,
+	0x00001e20, 0x00001e20, 0x00001e22, 0x00001e22,
+	0x00001e24, 0x00001e24, 0x00001e26, 0x00001e26,
+	0x00001e28, 0x00001e28, 0x00001e2a, 0x00001e2a,
+	0x00001e2c, 0x00001e2c, 0x00001e2e, 0x00001e2e,
+	0x00001e30, 0x00001e30, 0x00001e32, 0x00001e32,
+	0x00001e34, 0x00001e34, 0x00001e36, 0x00001e36,
+	0x00001e38, 0x00001e38, 0x00001e3a, 0x00001e3a,
+	0x00001e3c, 0x00001e3c, 0x00001e3e, 0x00001e3e,
+	0x00001e40, 0x00001e40, 0x00001e42, 0x00001e42,
+	0x00001e44, 0x00001e44, 0x00001e46, 0x00001e46,
+	0x00001e48, 0x00001e48, 0x00001e4a, 0x00001e4a,
+	0x00001e4c, 0x00001e4c, 0x00001e4e, 0x00001e4e,
+	0x00001e50, 0x00001e50, 0x00001e52, 0x00001e52,
+	0x00001e54, 0x00001e54, 0x00001e56, 0x00001e56,
+	0x00001e58, 0x00001e58, 0x00001e5a, 0x00001e5a,
+	0x00001e5c, 0x00001e5c, 0x00001e5e, 0x00001e5e,
+	0x00001e60, 0x00001e60, 0x00001e62, 0x00001e62,
+	0x00001e64, 0x00001e64, 0x00001e66, 0x00001e66,
+	0x00001e68, 0x00001e68, 0x00001e6a, 0x00001e6a,
+	0x00001e6c, 0x00001e6c, 0x00001e6e, 0x00001e6e,
+	0x00001e70, 0x00001e70, 0x00001e72, 0x00001e72,
+	0x00001e74, 0x00001e74, 0x00001e76, 0x00001e76,
+	0x00001e78, 0x00001e78, 0x00001e7a, 0x00001e7a,
+	0x00001e7c, 0x00001e7c, 0x00001e7e, 0x00001e7e,
+	0x00001e80, 0x00001e80, 0x00001e82, 0x00001e82,
+	0x00001e84, 0x00001e84, 0x00001e86, 0x00001e86,
+	0x00001e88, 0x00001e88, 0x00001e8a, 0x00001e8a,
+	0x00001e8c, 0x00001e8c, 0x00001e8e, 0x00001e8e,
+	0x00001e90, 0x00001e90, 0x00001e92, 0x00001e92,
+	0x00001e94, 0x00001e94, 0x00001ea0, 0x00001ea0,
+	0x00001ea2, 0x00001ea2, 0x00001ea4, 0x00001ea4,
+	0x00001ea6, 0x00001ea6, 0x00001ea8, 0x00001ea8,
+	0x00001eaa, 0x00001eaa, 0x00001eac, 0x00001eac,
+	0x00001eae, 0x00001eae, 0x00001eb0, 0x00001eb0,
+	0x00001eb2, 0x00001eb2, 0x00001eb4, 0x00001eb4,
+	0x00001eb6, 0x00001eb6, 0x00001eb8, 0x00001eb8,
+	0x00001eba, 0x00001eba, 0x00001ebc, 0x00001ebc,
+	0x00001ebe, 0x00001ebe, 0x00001ec0, 0x00001ec0,
+	0x00001ec2, 0x00001ec2, 0x00001ec4, 0x00001ec4,
+	0x00001ec6, 0x00001ec6, 0x00001ec8, 0x00001ec8,
+	0x00001eca, 0x00001eca, 0x00001ecc, 0x00001ecc,
+	0x00001ece, 0x00001ece, 0x00001ed0, 0x00001ed0,
+	0x00001ed2, 0x00001ed2, 0x00001ed4, 0x00001ed4,
+	0x00001ed6, 0x00001ed6, 0x00001ed8, 0x00001ed8,
+	0x00001eda, 0x00001eda, 0x00001edc, 0x00001edc,
+	0x00001ede, 0x00001ede, 0x00001ee0, 0x00001ee0,
+	0x00001ee2, 0x00001ee2, 0x00001ee4, 0x00001ee4,
+	0x00001ee6, 0x00001ee6, 0x00001ee8, 0x00001ee8,
+	0x00001eea, 0x00001eea, 0x00001eec, 0x00001eec,
+	0x00001eee, 0x00001eee, 0x00001ef0, 0x00001ef0,
+	0x00001ef2, 0x00001ef2, 0x00001ef4, 0x00001ef4,
+	0x00001ef6, 0x00001ef6, 0x00001ef8, 0x00001ef8,
+	0x00001f08, 0x00001f0f, 0x00001f18, 0x00001f1d,
+	0x00001f28, 0x00001f2f, 0x00001f38, 0x00001f3f,
+	0x00001f48, 0x00001f4d, 0x00001f59, 0x00001f59,
+	0x00001f5b, 0x00001f5b, 0x00001f5d, 0x00001f5d,
+	0x00001f5f, 0x00001f5f, 0x00001f68, 0x00001f6f,
+	0x00001fb8, 0x00001fbb, 0x00001fc8, 0x00001fcb,
+	0x00001fd8, 0x00001fdb, 0x00001fe8, 0x00001fec,
+	0x00001ff8, 0x00001ffb, 0x00002102, 0x00002102,
+	0x00002107, 0x00002107, 0x0000210b, 0x0000210d,
+	0x00002110, 0x00002112, 0x00002115, 0x00002115,
+	0x00002119, 0x0000211d, 0x00002124, 0x00002124,
+	0x00002126, 0x00002126, 0x00002128, 0x00002128,
+	0x0000212a, 0x0000212d, 0x00002130, 0x00002131,
+	0x00002133, 0x00002133, 0x0000213e, 0x0000213f,
+	0x00002145, 0x00002145, 0x0000ff21, 0x0000ff3a,
+	0x00010400, 0x00010425, 0x0001d400, 0x0001d419,
+	0x0001d434, 0x0001d44d, 0x0001d468, 0x0001d481,
+	0x0001d49c, 0x0001d49c, 0x0001d49e, 0x0001d49f,
+	0x0001d4a2, 0x0001d4a2, 0x0001d4a5, 0x0001d4a6,
+	0x0001d4a9, 0x0001d4ac, 0x0001d4ae, 0x0001d4b5,
+	0x0001d4d0, 0x0001d4e9, 0x0001d504, 0x0001d505,
+	0x0001d507, 0x0001d50a, 0x0001d50d, 0x0001d514,
+	0x0001d516, 0x0001d51c, 0x0001d538, 0x0001d539,
+	0x0001d53b, 0x0001d53e, 0x0001d540, 0x0001d544,
+	0x0001d546, 0x0001d546, 0x0001d54a, 0x0001d550,
+	0x0001d56c, 0x0001d585, 0x0001d5a0, 0x0001d5b9,
+	0x0001d5d4, 0x0001d5ed, 0x0001d608, 0x0001d621,
+	0x0001d63c, 0x0001d655, 0x0001d670, 0x0001d689,
+	0x0001d6a8, 0x0001d6c0, 0x0001d6e2, 0x0001d6fa,
+	0x0001d71c, 0x0001d734, 0x0001d756, 0x0001d76e,
+	0x0001d790, 0x0001d7a8, 0x00000061, 0x0000007a,
+	0x000000aa, 0x000000aa, 0x000000b5, 0x000000b5,
+	0x000000ba, 0x000000ba, 0x000000df, 0x000000f6,
+	0x000000f8, 0x000000ff, 0x00000101, 0x00000101,
+	0x00000103, 0x00000103, 0x00000105, 0x00000105,
+	0x00000107, 0x00000107, 0x00000109, 0x00000109,
+	0x0000010b, 0x0000010b, 0x0000010d, 0x0000010d,
+	0x0000010f, 0x0000010f, 0x00000111, 0x00000111,
+	0x00000113, 0x00000113, 0x00000115, 0x00000115,
+	0x00000117, 0x00000117, 0x00000119, 0x00000119,
+	0x0000011b, 0x0000011b, 0x0000011d, 0x0000011d,
+	0x0000011f, 0x0000011f, 0x00000121, 0x00000121,
+	0x00000123, 0x00000123, 0x00000125, 0x00000125,
+	0x00000127, 0x00000127, 0x00000129, 0x00000129,
+	0x0000012b, 0x0000012b, 0x0000012d, 0x0000012d,
+	0x0000012f, 0x0000012f, 0x00000131, 0x00000131,
+	0x00000133, 0x00000133, 0x00000135, 0x00000135,
+	0x00000137, 0x00000138, 0x0000013a, 0x0000013a,
+	0x0000013c, 0x0000013c, 0x0000013e, 0x0000013e,
+	0x00000140, 0x00000140, 0x00000142, 0x00000142,
+	0x00000144, 0x00000144, 0x00000146, 0x00000146,
+	0x00000148, 0x00000149, 0x0000014b, 0x0000014b,
+	0x0000014d, 0x0000014d, 0x0000014f, 0x0000014f,
+	0x00000151, 0x00000151, 0x00000153, 0x00000153,
+	0x00000155, 0x00000155, 0x00000157, 0x00000157,
+	0x00000159, 0x00000159, 0x0000015b, 0x0000015b,
+	0x0000015d, 0x0000015d, 0x0000015f, 0x0000015f,
+	0x00000161, 0x00000161, 0x00000163, 0x00000163,
+	0x00000165, 0x00000165, 0x00000167, 0x00000167,
+	0x00000169, 0x00000169, 0x0000016b, 0x0000016b,
+	0x0000016d, 0x0000016d, 0x0000016f, 0x0000016f,
+	0x00000171, 0x00000171, 0x00000173, 0x00000173,
+	0x00000175, 0x00000175, 0x00000177, 0x00000177,
+	0x0000017a, 0x0000017a, 0x0000017c, 0x0000017c,
+	0x0000017e, 0x00000180, 0x00000183, 0x00000183,
+	0x00000185, 0x00000185, 0x00000188, 0x00000188,
+	0x0000018c, 0x0000018d, 0x00000192, 0x00000192,
+	0x00000195, 0x00000195, 0x00000199, 0x0000019b,
+	0x0000019e, 0x0000019e, 0x000001a1, 0x000001a1,
+	0x000001a3, 0x000001a3, 0x000001a5, 0x000001a5,
+	0x000001a8, 0x000001a8, 0x000001aa, 0x000001ab,
+	0x000001ad, 0x000001ad, 0x000001b0, 0x000001b0,
+	0x000001b4, 0x000001b4, 0x000001b6, 0x000001b6,
+	0x000001b9, 0x000001ba, 0x000001bd, 0x000001bf,
+	0x000001c6, 0x000001c6, 0x000001c9, 0x000001c9,
+	0x000001cc, 0x000001cc, 0x000001ce, 0x000001ce,
+	0x000001d0, 0x000001d0, 0x000001d2, 0x000001d2,
+	0x000001d4, 0x000001d4, 0x000001d6, 0x000001d6,
+	0x000001d8, 0x000001d8, 0x000001da, 0x000001da,
+	0x000001dc, 0x000001dd, 0x000001df, 0x000001df,
+	0x000001e1, 0x000001e1, 0x000001e3, 0x000001e3,
+	0x000001e5, 0x000001e5, 0x000001e7, 0x000001e7,
+	0x000001e9, 0x000001e9, 0x000001eb, 0x000001eb,
+	0x000001ed, 0x000001ed, 0x000001ef, 0x000001f0,
+	0x000001f3, 0x000001f3, 0x000001f5, 0x000001f5,
+	0x000001f9, 0x000001f9, 0x000001fb, 0x000001fb,
+	0x000001fd, 0x000001fd, 0x000001ff, 0x000001ff,
+	0x00000201, 0x00000201, 0x00000203, 0x00000203,
+	0x00000205, 0x00000205, 0x00000207, 0x00000207,
+	0x00000209, 0x00000209, 0x0000020b, 0x0000020b,
+	0x0000020d, 0x0000020d, 0x0000020f, 0x0000020f,
+	0x00000211, 0x00000211, 0x00000213, 0x00000213,
+	0x00000215, 0x00000215, 0x00000217, 0x00000217,
+	0x00000219, 0x00000219, 0x0000021b, 0x0000021b,
+	0x0000021d, 0x0000021d, 0x0000021f, 0x0000021f,
+	0x00000223, 0x00000223, 0x00000225, 0x00000225,
+	0x00000227, 0x00000227, 0x00000229, 0x00000229,
+	0x0000022b, 0x0000022b, 0x0000022d, 0x0000022d,
+	0x0000022f, 0x0000022f, 0x00000231, 0x00000231,
+	0x00000233, 0x00000233, 0x00000250, 0x000002ad,
+	0x00000390, 0x00000390, 0x000003ac, 0x000003ce,
+	0x000003d0, 0x000003d1, 0x000003d5, 0x000003d7,
+	0x000003d9, 0x000003d9, 0x000003db, 0x000003db,
+	0x000003dd, 0x000003dd, 0x000003df, 0x000003df,
+	0x000003e1, 0x000003e1, 0x000003e3, 0x000003e3,
+	0x000003e5, 0x000003e5, 0x000003e7, 0x000003e7,
+	0x000003e9, 0x000003e9, 0x000003eb, 0x000003eb,
+	0x000003ed, 0x000003ed, 0x000003ef, 0x000003f3,
+	0x000003f5, 0x000003f5, 0x00000430, 0x0000045f,
+	0x00000461, 0x00000461, 0x00000463, 0x00000463,
+	0x00000465, 0x00000465, 0x00000467, 0x00000467,
+	0x00000469, 0x00000469, 0x0000046b, 0x0000046b,
+	0x0000046d, 0x0000046d, 0x0000046f, 0x0000046f,
+	0x00000471, 0x00000471, 0x00000473, 0x00000473,
+	0x00000475, 0x00000475, 0x00000477, 0x00000477,
+	0x00000479, 0x00000479, 0x0000047b, 0x0000047b,
+	0x0000047d, 0x0000047d, 0x0000047f, 0x0000047f,
+	0x00000481, 0x00000481, 0x0000048b, 0x0000048b,
+	0x0000048d, 0x0000048d, 0x0000048f, 0x0000048f,
+	0x00000491, 0x00000491, 0x00000493, 0x00000493,
+	0x00000495, 0x00000495, 0x00000497, 0x00000497,
+	0x00000499, 0x00000499, 0x0000049b, 0x0000049b,
+	0x0000049d, 0x0000049d, 0x0000049f, 0x0000049f,
+	0x000004a1, 0x000004a1, 0x000004a3, 0x000004a3,
+	0x000004a5, 0x000004a5, 0x000004a7, 0x000004a7,
+	0x000004a9, 0x000004a9, 0x000004ab, 0x000004ab,
+	0x000004ad, 0x000004ad, 0x000004af, 0x000004af,
+	0x000004b1, 0x000004b1, 0x000004b3, 0x000004b3,
+	0x000004b5, 0x000004b5, 0x000004b7, 0x000004b7,
+	0x000004b9, 0x000004b9, 0x000004bb, 0x000004bb,
+	0x000004bd, 0x000004bd, 0x000004bf, 0x000004bf,
+	0x000004c2, 0x000004c2, 0x000004c4, 0x000004c4,
+	0x000004c6, 0x000004c6, 0x000004c8, 0x000004c8,
+	0x000004ca, 0x000004ca, 0x000004cc, 0x000004cc,
+	0x000004ce, 0x000004ce, 0x000004d1, 0x000004d1,
+	0x000004d3, 0x000004d3, 0x000004d5, 0x000004d5,
+	0x000004d7, 0x000004d7, 0x000004d9, 0x000004d9,
+	0x000004db, 0x000004db, 0x000004dd, 0x000004dd,
+	0x000004df, 0x000004df, 0x000004e1, 0x000004e1,
+	0x000004e3, 0x000004e3, 0x000004e5, 0x000004e5,
+	0x000004e7, 0x000004e7, 0x000004e9, 0x000004e9,
+	0x000004eb, 0x000004eb, 0x000004ed, 0x000004ed,
+	0x000004ef, 0x000004ef, 0x000004f1, 0x000004f1,
+	0x000004f3, 0x000004f3, 0x000004f5, 0x000004f5,
+	0x000004f9, 0x000004f9, 0x00000501, 0x00000501,
+	0x00000503, 0x00000503, 0x00000505, 0x00000505,
+	0x00000507, 0x00000507, 0x00000509, 0x00000509,
+	0x0000050b, 0x0000050b, 0x0000050d, 0x0000050d,
+	0x0000050f, 0x0000050f, 0x00000561, 0x00000587,
+	0x00001e01, 0x00001e01, 0x00001e03, 0x00001e03,
+	0x00001e05, 0x00001e05, 0x00001e07, 0x00001e07,
+	0x00001e09, 0x00001e09, 0x00001e0b, 0x00001e0b,
+	0x00001e0d, 0x00001e0d, 0x00001e0f, 0x00001e0f,
+	0x00001e11, 0x00001e11, 0x00001e13, 0x00001e13,
+	0x00001e15, 0x00001e15, 0x00001e17, 0x00001e17,
+	0x00001e19, 0x00001e19, 0x00001e1b, 0x00001e1b,
+	0x00001e1d, 0x00001e1d, 0x00001e1f, 0x00001e1f,
+	0x00001e21, 0x00001e21, 0x00001e23, 0x00001e23,
+	0x00001e25, 0x00001e25, 0x00001e27, 0x00001e27,
+	0x00001e29, 0x00001e29, 0x00001e2b, 0x00001e2b,
+	0x00001e2d, 0x00001e2d, 0x00001e2f, 0x00001e2f,
+	0x00001e31, 0x00001e31, 0x00001e33, 0x00001e33,
+	0x00001e35, 0x00001e35, 0x00001e37, 0x00001e37,
+	0x00001e39, 0x00001e39, 0x00001e3b, 0x00001e3b,
+	0x00001e3d, 0x00001e3d, 0x00001e3f, 0x00001e3f,
+	0x00001e41, 0x00001e41, 0x00001e43, 0x00001e43,
+	0x00001e45, 0x00001e45, 0x00001e47, 0x00001e47,
+	0x00001e49, 0x00001e49, 0x00001e4b, 0x00001e4b,
+	0x00001e4d, 0x00001e4d, 0x00001e4f, 0x00001e4f,
+	0x00001e51, 0x00001e51, 0x00001e53, 0x00001e53,
+	0x00001e55, 0x00001e55, 0x00001e57, 0x00001e57,
+	0x00001e59, 0x00001e59, 0x00001e5b, 0x00001e5b,
+	0x00001e5d, 0x00001e5d, 0x00001e5f, 0x00001e5f,
+	0x00001e61, 0x00001e61, 0x00001e63, 0x00001e63,
+	0x00001e65, 0x00001e65, 0x00001e67, 0x00001e67,
+	0x00001e69, 0x00001e69, 0x00001e6b, 0x00001e6b,
+	0x00001e6d, 0x00001e6d, 0x00001e6f, 0x00001e6f,
+	0x00001e71, 0x00001e71, 0x00001e73, 0x00001e73,
+	0x00001e75, 0x00001e75, 0x00001e77, 0x00001e77,
+	0x00001e79, 0x00001e79, 0x00001e7b, 0x00001e7b,
+	0x00001e7d, 0x00001e7d, 0x00001e7f, 0x00001e7f,
+	0x00001e81, 0x00001e81, 0x00001e83, 0x00001e83,
+	0x00001e85, 0x00001e85, 0x00001e87, 0x00001e87,
+	0x00001e89, 0x00001e89, 0x00001e8b, 0x00001e8b,
+	0x00001e8d, 0x00001e8d, 0x00001e8f, 0x00001e8f,
+	0x00001e91, 0x00001e91, 0x00001e93, 0x00001e93,
+	0x00001e95, 0x00001e9b, 0x00001ea1, 0x00001ea1,
+	0x00001ea3, 0x00001ea3, 0x00001ea5, 0x00001ea5,
+	0x00001ea7, 0x00001ea7, 0x00001ea9, 0x00001ea9,
+	0x00001eab, 0x00001eab, 0x00001ead, 0x00001ead,
+	0x00001eaf, 0x00001eaf, 0x00001eb1, 0x00001eb1,
+	0x00001eb3, 0x00001eb3, 0x00001eb5, 0x00001eb5,
+	0x00001eb7, 0x00001eb7, 0x00001eb9, 0x00001eb9,
+	0x00001ebb, 0x00001ebb, 0x00001ebd, 0x00001ebd,
+	0x00001ebf, 0x00001ebf, 0x00001ec1, 0x00001ec1,
+	0x00001ec3, 0x00001ec3, 0x00001ec5, 0x00001ec5,
+	0x00001ec7, 0x00001ec7, 0x00001ec9, 0x00001ec9,
+	0x00001ecb, 0x00001ecb, 0x00001ecd, 0x00001ecd,
+	0x00001ecf, 0x00001ecf, 0x00001ed1, 0x00001ed1,
+	0x00001ed3, 0x00001ed3, 0x00001ed5, 0x00001ed5,
+	0x00001ed7, 0x00001ed7, 0x00001ed9, 0x00001ed9,
+	0x00001edb, 0x00001edb, 0x00001edd, 0x00001edd,
+	0x00001edf, 0x00001edf, 0x00001ee1, 0x00001ee1,
+	0x00001ee3, 0x00001ee3, 0x00001ee5, 0x00001ee5,
+	0x00001ee7, 0x00001ee7, 0x00001ee9, 0x00001ee9,
+	0x00001eeb, 0x00001eeb, 0x00001eed, 0x00001eed,
+	0x00001eef, 0x00001eef, 0x00001ef1, 0x00001ef1,
+	0x00001ef3, 0x00001ef3, 0x00001ef5, 0x00001ef5,
+	0x00001ef7, 0x00001ef7, 0x00001ef9, 0x00001ef9,
+	0x00001f00, 0x00001f07, 0x00001f10, 0x00001f15,
+	0x00001f20, 0x00001f27, 0x00001f30, 0x00001f37,
+	0x00001f40, 0x00001f45, 0x00001f50, 0x00001f57,
+	0x00001f60, 0x00001f67, 0x00001f70, 0x00001f7d,
+	0x00001f80, 0x00001f87, 0x00001f90, 0x00001f97,
+	0x00001fa0, 0x00001fa7, 0x00001fb0, 0x00001fb4,
+	0x00001fb6, 0x00001fb7, 0x00001fbe, 0x00001fbe,
+	0x00001fc2, 0x00001fc4, 0x00001fc6, 0x00001fc7,
+	0x00001fd0, 0x00001fd3, 0x00001fd6, 0x00001fd7,
+	0x00001fe0, 0x00001fe7, 0x00001ff2, 0x00001ff4,
+	0x00001ff6, 0x00001ff7, 0x00002071, 0x00002071,
+	0x0000207f, 0x0000207f, 0x0000210a, 0x0000210a,
+	0x0000210e, 0x0000210f, 0x00002113, 0x00002113,
+	0x0000212f, 0x0000212f, 0x00002134, 0x00002134,
+	0x00002139, 0x00002139, 0x0000213d, 0x0000213d,
+	0x00002146, 0x00002149, 0x0000fb00, 0x0000fb06,
+	0x0000fb13, 0x0000fb17, 0x0000ff41, 0x0000ff5a,
+	0x00010428, 0x0001044d, 0x0001d41a, 0x0001d433,
+	0x0001d44e, 0x0001d454, 0x0001d456, 0x0001d467,
+	0x0001d482, 0x0001d49b, 0x0001d4b6, 0x0001d4b9,
+	0x0001d4bb, 0x0001d4bb, 0x0001d4bd, 0x0001d4c0,
+	0x0001d4c2, 0x0001d4c3, 0x0001d4c5, 0x0001d4cf,
+	0x0001d4ea, 0x0001d503, 0x0001d51e, 0x0001d537,
+	0x0001d552, 0x0001d56b, 0x0001d586, 0x0001d59f,
+	0x0001d5ba, 0x0001d5d3, 0x0001d5ee, 0x0001d607,
+	0x0001d622, 0x0001d63b, 0x0001d656, 0x0001d66f,
+	0x0001d68a, 0x0001d6a3, 0x0001d6c2, 0x0001d6da,
+	0x0001d6dc, 0x0001d6e1, 0x0001d6fc, 0x0001d714,
+	0x0001d716, 0x0001d71b, 0x0001d736, 0x0001d74e,
+	0x0001d750, 0x0001d755, 0x0001d770, 0x0001d788,
+	0x0001d78a, 0x0001d78f, 0x0001d7aa, 0x0001d7c2,
+	0x0001d7c4, 0x0001d7c9, 0x000001c5, 0x000001c5,
+	0x000001c8, 0x000001c8, 0x000001cb, 0x000001cb,
+	0x000001f2, 0x000001f2, 0x00001f88, 0x00001f8f,
+	0x00001f98, 0x00001f9f, 0x00001fa8, 0x00001faf,
+	0x00001fbc, 0x00001fbc, 0x00001fcc, 0x00001fcc,
+	0x00001ffc, 0x00001ffc, 0x000002b0, 0x000002b8,
+	0x000002bb, 0x000002c1, 0x000002d0, 0x000002d1,
+	0x000002e0, 0x000002e4, 0x000002ee, 0x000002ee,
+	0x0000037a, 0x0000037a, 0x00000559, 0x00000559,
+	0x00000640, 0x00000640, 0x000006e5, 0x000006e6,
+	0x00000e46, 0x00000e46, 0x00000ec6, 0x00000ec6,
+	0x000017d7, 0x000017d7, 0x00001843, 0x00001843,
+	0x00003005, 0x00003005, 0x00003031, 0x00003035,
+	0x0000303b, 0x0000303b, 0x0000309d, 0x0000309e,
+	0x000030fc, 0x000030fe, 0x0000ff70, 0x0000ff70,
+	0x0000ff9e, 0x0000ff9f, 0x000001bb, 0x000001bb,
+	0x000001c0, 0x000001c3, 0x000005d0, 0x000005ea,
+	0x000005f0, 0x000005f2, 0x00000621, 0x0000063a,
+	0x00000641, 0x0000064a, 0x0000066e, 0x0000066f,
+	0x00000671, 0x000006d3, 0x000006d5, 0x000006d5,
+	0x000006fa, 0x000006fc, 0x00000710, 0x00000710,
+	0x00000712, 0x0000072c, 0x00000780, 0x000007a5,
+	0x000007b1, 0x000007b1, 0x00000905, 0x00000939,
+	0x0000093d, 0x0000093d, 0x00000950, 0x00000950,
+	0x00000958, 0x00000961, 0x00000985, 0x0000098c,
+	0x0000098f, 0x00000990, 0x00000993, 0x000009a8,
+	0x000009aa, 0x000009b0, 0x000009b2, 0x000009b2,
+	0x000009b6, 0x000009b9, 0x000009dc, 0x000009dd,
+	0x000009df, 0x000009e1, 0x000009f0, 0x000009f1,
+	0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10,
+	0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30,
+	0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36,
+	0x00000a38, 0x00000a39, 0x00000a59, 0x00000a5c,
+	0x00000a5e, 0x00000a5e, 0x00000a72, 0x00000a74,
+	0x00000a85, 0x00000a8b, 0x00000a8d, 0x00000a8d,
+	0x00000a8f, 0x00000a91, 0x00000a93, 0x00000aa8,
+	0x00000aaa, 0x00000ab0, 0x00000ab2, 0x00000ab3,
+	0x00000ab5, 0x00000ab9, 0x00000abd, 0x00000abd,
+	0x00000ad0, 0x00000ad0, 0x00000ae0, 0x00000ae0,
+	0x00000b05, 0x00000b0c, 0x00000b0f, 0x00000b10,
+	0x00000b13, 0x00000b28, 0x00000b2a, 0x00000b30,
+	0x00000b32, 0x00000b33, 0x00000b36, 0x00000b39,
+	0x00000b3d, 0x00000b3d, 0x00000b5c, 0x00000b5d,
+	0x00000b5f, 0x00000b61, 0x00000b83, 0x00000b83,
+	0x00000b85, 0x00000b8a, 0x00000b8e, 0x00000b90,
+	0x00000b92, 0x00000b95, 0x00000b99, 0x00000b9a,
+	0x00000b9c, 0x00000b9c, 0x00000b9e, 0x00000b9f,
+	0x00000ba3, 0x00000ba4, 0x00000ba8, 0x00000baa,
+	0x00000bae, 0x00000bb5, 0x00000bb7, 0x00000bb9,
+	0x00000c05, 0x00000c0c, 0x00000c0e, 0x00000c10,
+	0x00000c12, 0x00000c28, 0x00000c2a, 0x00000c33,
+	0x00000c35, 0x00000c39, 0x00000c60, 0x00000c61,
+	0x00000c85, 0x00000c8c, 0x00000c8e, 0x00000c90,
+	0x00000c92, 0x00000ca8, 0x00000caa, 0x00000cb3,
+	0x00000cb5, 0x00000cb9, 0x00000cde, 0x00000cde,
+	0x00000ce0, 0x00000ce1, 0x00000d05, 0x00000d0c,
+	0x00000d0e, 0x00000d10, 0x00000d12, 0x00000d28,
+	0x00000d2a, 0x00000d39, 0x00000d60, 0x00000d61,
+	0x00000d85, 0x00000d96, 0x00000d9a, 0x00000db1,
+	0x00000db3, 0x00000dbb, 0x00000dbd, 0x00000dbd,
+	0x00000dc0, 0x00000dc6, 0x00000e01, 0x00000e30,
+	0x00000e32, 0x00000e33, 0x00000e40, 0x00000e45,
+	0x00000e81, 0x00000e82, 0x00000e84, 0x00000e84,
+	0x00000e87, 0x00000e88, 0x00000e8a, 0x00000e8a,
+	0x00000e8d, 0x00000e8d, 0x00000e94, 0x00000e97,
+	0x00000e99, 0x00000e9f, 0x00000ea1, 0x00000ea3,
+	0x00000ea5, 0x00000ea5, 0x00000ea7, 0x00000ea7,
+	0x00000eaa, 0x00000eab, 0x00000ead, 0x00000eb0,
+	0x00000eb2, 0x00000eb3, 0x00000ebd, 0x00000ebd,
+	0x00000ec0, 0x00000ec4, 0x00000edc, 0x00000edd,
+	0x00000f00, 0x00000f00, 0x00000f40, 0x00000f47,
+	0x00000f49, 0x00000f6a, 0x00000f88, 0x00000f8b,
+	0x00001000, 0x00001021, 0x00001023, 0x00001027,
+	0x00001029, 0x0000102a, 0x00001050, 0x00001055,
+	0x000010d0, 0x000010f8, 0x00001100, 0x00001159,
+	0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9,
+	0x00001200, 0x00001206, 0x00001208, 0x00001246,
+	0x00001248, 0x00001248, 0x0000124a, 0x0000124d,
+	0x00001250, 0x00001256, 0x00001258, 0x00001258,
+	0x0000125a, 0x0000125d, 0x00001260, 0x00001286,
+	0x00001288, 0x00001288, 0x0000128a, 0x0000128d,
+	0x00001290, 0x000012ae, 0x000012b0, 0x000012b0,
+	0x000012b2, 0x000012b5, 0x000012b8, 0x000012be,
+	0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5,
+	0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6,
+	0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e,
+	0x00001310, 0x00001310, 0x00001312, 0x00001315,
+	0x00001318, 0x0000131e, 0x00001320, 0x00001346,
+	0x00001348, 0x0000135a, 0x000013a0, 0x000013f4,
+	0x00001401, 0x0000166c, 0x0000166f, 0x00001676,
+	0x00001681, 0x0000169a, 0x000016a0, 0x000016ea,
+	0x00001700, 0x0000170c, 0x0000170e, 0x00001711,
+	0x00001720, 0x00001731, 0x00001740, 0x00001751,
+	0x00001760, 0x0000176c, 0x0000176e, 0x00001770,
+	0x00001780, 0x000017b3, 0x000017dc, 0x000017dc,
+	0x00001820, 0x00001842, 0x00001844, 0x00001877,
+	0x00001880, 0x000018a8, 0x00002135, 0x00002138,
+	0x00003006, 0x00003006, 0x0000303c, 0x0000303c,
+	0x00003041, 0x00003096, 0x0000309f, 0x0000309f,
+	0x000030a1, 0x000030fa, 0x000030ff, 0x000030ff,
+	0x00003105, 0x0000312c, 0x00003131, 0x0000318e,
+	0x000031a0, 0x000031b7, 0x000031f0, 0x000031ff,
+	0x00003400, 0x00004db5, 0x00004e00, 0x0000a48c,
+	0x0000ac00, 0x0000d7a3, 0x0000f900, 0x0000faff,
+	0x0000fb1d, 0x0000fb1d, 0x0000fb1f, 0x0000fb28,
+	0x0000fb2a, 0x0000fb36, 0x0000fb38, 0x0000fb3c,
+	0x0000fb3e, 0x0000fb3e, 0x0000fb40, 0x0000fb41,
+	0x0000fb43, 0x0000fb44, 0x0000fb46, 0x0000fbb1,
+	0x0000fbd3, 0x0000fd3d, 0x0000fd50, 0x0000fd8f,
+	0x0000fd92, 0x0000fdc7, 0x0000fdf0, 0x0000fdfb,
+	0x0000fe70, 0x0000fe74, 0x0000fe76, 0x0000fefc,
+	0x0000ff66, 0x0000ff6f, 0x0000ff71, 0x0000ff9d,
+	0x0000ffa0, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7,
+	0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7,
+	0x0000ffda, 0x0000ffdc, 0x00010300, 0x0001031e,
+	0x00010330, 0x00010349, 0x00020000, 0x0002a6d6,
+	0x0002f800, 0x0002fa1d, 0x0000005f, 0x0000005f,
+	0x0000203f, 0x00002040, 0x000030fb, 0x000030fb,
+	0x0000fe33, 0x0000fe34, 0x0000fe4d, 0x0000fe4f,
+	0x0000ff3f, 0x0000ff3f, 0x0000ff65, 0x0000ff65,
+	0x0000002d, 0x0000002d, 0x000000ad, 0x000000ad,
+	0x0000058a, 0x0000058a, 0x00001806, 0x00001806,
+	0x00002010, 0x00002015, 0x0000301c, 0x0000301c,
+	0x00003030, 0x00003030, 0x000030a0, 0x000030a0,
+	0x0000fe31, 0x0000fe32, 0x0000fe58, 0x0000fe58,
+	0x0000fe63, 0x0000fe63, 0x0000ff0d, 0x0000ff0d,
+	0x00000028, 0x00000028, 0x0000005b, 0x0000005b,
+	0x0000007b, 0x0000007b, 0x00000f3a, 0x00000f3a,
+	0x00000f3c, 0x00000f3c, 0x0000169b, 0x0000169b,
+	0x0000201a, 0x0000201a, 0x0000201e, 0x0000201e,
+	0x00002045, 0x00002045, 0x0000207d, 0x0000207d,
+	0x0000208d, 0x0000208d, 0x00002329, 0x00002329,
+	0x000023b4, 0x000023b4, 0x00002768, 0x00002768,
+	0x0000276a, 0x0000276a, 0x0000276c, 0x0000276c,
+	0x0000276e, 0x0000276e, 0x00002770, 0x00002770,
+	0x00002772, 0x00002772, 0x00002774, 0x00002774,
+	0x000027e6, 0x000027e6, 0x000027e8, 0x000027e8,
+	0x000027ea, 0x000027ea, 0x00002983, 0x00002983,
+	0x00002985, 0x00002985, 0x00002987, 0x00002987,
+	0x00002989, 0x00002989, 0x0000298b, 0x0000298b,
+	0x0000298d, 0x0000298d, 0x0000298f, 0x0000298f,
+	0x00002991, 0x00002991, 0x00002993, 0x00002993,
+	0x00002995, 0x00002995, 0x00002997, 0x00002997,
+	0x000029d8, 0x000029d8, 0x000029da, 0x000029da,
+	0x000029fc, 0x000029fc, 0x00003008, 0x00003008,
+	0x0000300a, 0x0000300a, 0x0000300c, 0x0000300c,
+	0x0000300e, 0x0000300e, 0x00003010, 0x00003010,
+	0x00003014, 0x00003014, 0x00003016, 0x00003016,
+	0x00003018, 0x00003018, 0x0000301a, 0x0000301a,
+	0x0000301d, 0x0000301d, 0x0000fd3e, 0x0000fd3e,
+	0x0000fe35, 0x0000fe35, 0x0000fe37, 0x0000fe37,
+	0x0000fe39, 0x0000fe39, 0x0000fe3b, 0x0000fe3b,
+	0x0000fe3d, 0x0000fe3d, 0x0000fe3f, 0x0000fe3f,
+	0x0000fe41, 0x0000fe41, 0x0000fe43, 0x0000fe43,
+	0x0000fe59, 0x0000fe59, 0x0000fe5b, 0x0000fe5b,
+	0x0000fe5d, 0x0000fe5d, 0x0000ff08, 0x0000ff08,
+	0x0000ff3b, 0x0000ff3b, 0x0000ff5b, 0x0000ff5b,
+	0x0000ff5f, 0x0000ff5f, 0x0000ff62, 0x0000ff62,
+	0x00000029, 0x00000029, 0x0000005d, 0x0000005d,
+	0x0000007d, 0x0000007d, 0x00000f3b, 0x00000f3b,
+	0x00000f3d, 0x00000f3d, 0x0000169c, 0x0000169c,
+	0x00002046, 0x00002046, 0x0000207e, 0x0000207e,
+	0x0000208e, 0x0000208e, 0x0000232a, 0x0000232a,
+	0x000023b5, 0x000023b5, 0x00002769, 0x00002769,
+	0x0000276b, 0x0000276b, 0x0000276d, 0x0000276d,
+	0x0000276f, 0x0000276f, 0x00002771, 0x00002771,
+	0x00002773, 0x00002773, 0x00002775, 0x00002775,
+	0x000027e7, 0x000027e7, 0x000027e9, 0x000027e9,
+	0x000027eb, 0x000027eb, 0x00002984, 0x00002984,
+	0x00002986, 0x00002986, 0x00002988, 0x00002988,
+	0x0000298a, 0x0000298a, 0x0000298c, 0x0000298c,
+	0x0000298e, 0x0000298e, 0x00002990, 0x00002990,
+	0x00002992, 0x00002992, 0x00002994, 0x00002994,
+	0x00002996, 0x00002996, 0x00002998, 0x00002998,
+	0x000029d9, 0x000029d9, 0x000029db, 0x000029db,
+	0x000029fd, 0x000029fd, 0x00003009, 0x00003009,
+	0x0000300b, 0x0000300b, 0x0000300d, 0x0000300d,
+	0x0000300f, 0x0000300f, 0x00003011, 0x00003011,
+	0x00003015, 0x00003015, 0x00003017, 0x00003017,
+	0x00003019, 0x00003019, 0x0000301b, 0x0000301b,
+	0x0000301e, 0x0000301f, 0x0000fd3f, 0x0000fd3f,
+	0x0000fe36, 0x0000fe36, 0x0000fe38, 0x0000fe38,
+	0x0000fe3a, 0x0000fe3a, 0x0000fe3c, 0x0000fe3c,
+	0x0000fe3e, 0x0000fe3e, 0x0000fe40, 0x0000fe40,
+	0x0000fe42, 0x0000fe42, 0x0000fe44, 0x0000fe44,
+	0x0000fe5a, 0x0000fe5a, 0x0000fe5c, 0x0000fe5c,
+	0x0000fe5e, 0x0000fe5e, 0x0000ff09, 0x0000ff09,
+	0x0000ff3d, 0x0000ff3d, 0x0000ff5d, 0x0000ff5d,
+	0x0000ff60, 0x0000ff60, 0x0000ff63, 0x0000ff63,
+	0x00000021, 0x00000023, 0x00000025, 0x00000027,
+	0x0000002a, 0x0000002a, 0x0000002c, 0x0000002c,
+	0x0000002e, 0x0000002f, 0x0000003a, 0x0000003b,
+	0x0000003f, 0x00000040, 0x0000005c, 0x0000005c,
+	0x000000a1, 0x000000a1, 0x000000b7, 0x000000b7,
+	0x000000bf, 0x000000bf, 0x0000037e, 0x0000037e,
+	0x00000387, 0x00000387, 0x0000055a, 0x0000055f,
+	0x00000589, 0x00000589, 0x000005be, 0x000005be,
+	0x000005c0, 0x000005c0, 0x000005c3, 0x000005c3,
+	0x000005f3, 0x000005f4, 0x0000060c, 0x0000060c,
+	0x0000061b, 0x0000061b, 0x0000061f, 0x0000061f,
+	0x0000066a, 0x0000066d, 0x000006d4, 0x000006d4,
+	0x00000700, 0x0000070d, 0x00000964, 0x00000965,
+	0x00000970, 0x00000970, 0x00000df4, 0x00000df4,
+	0x00000e4f, 0x00000e4f, 0x00000e5a, 0x00000e5b,
+	0x00000f04, 0x00000f12, 0x00000f85, 0x00000f85,
+	0x0000104a, 0x0000104f, 0x000010fb, 0x000010fb,
+	0x00001361, 0x00001368, 0x0000166d, 0x0000166e,
+	0x000016eb, 0x000016ed, 0x00001735, 0x00001736,
+	0x000017d4, 0x000017d6, 0x000017d8, 0x000017da,
+	0x00001800, 0x00001805, 0x00001807, 0x0000180a,
+	0x00002016, 0x00002017, 0x00002020, 0x00002027,
+	0x00002030, 0x00002038, 0x0000203b, 0x0000203e,
+	0x00002041, 0x00002043, 0x00002047, 0x00002051,
+	0x00002057, 0x00002057, 0x000023b6, 0x000023b6,
+	0x00003001, 0x00003003, 0x0000303d, 0x0000303d,
+	0x0000fe30, 0x0000fe30, 0x0000fe45, 0x0000fe46,
+	0x0000fe49, 0x0000fe4c, 0x0000fe50, 0x0000fe52,
+	0x0000fe54, 0x0000fe57, 0x0000fe5f, 0x0000fe61,
+	0x0000fe68, 0x0000fe68, 0x0000fe6a, 0x0000fe6b,
+	0x0000ff01, 0x0000ff03, 0x0000ff05, 0x0000ff07,
+	0x0000ff0a, 0x0000ff0a, 0x0000ff0c, 0x0000ff0c,
+	0x0000ff0e, 0x0000ff0f, 0x0000ff1a, 0x0000ff1b,
+	0x0000ff1f, 0x0000ff20, 0x0000ff3c, 0x0000ff3c,
+	0x0000ff61, 0x0000ff61, 0x0000ff64, 0x0000ff64,
+	0x0000002b, 0x0000002b, 0x0000003c, 0x0000003e,
+	0x0000007c, 0x0000007c, 0x0000007e, 0x0000007e,
+	0x000000ac, 0x000000ac, 0x000000b1, 0x000000b1,
+	0x000000d7, 0x000000d7, 0x000000f7, 0x000000f7,
+	0x000003f6, 0x000003f6, 0x00002044, 0x00002044,
+	0x00002052, 0x00002052, 0x0000207a, 0x0000207c,
+	0x0000208a, 0x0000208c, 0x00002140, 0x00002144,
+	0x0000214b, 0x0000214b, 0x00002190, 0x00002194,
+	0x0000219a, 0x0000219b, 0x000021a0, 0x000021a0,
+	0x000021a3, 0x000021a3, 0x000021a6, 0x000021a6,
+	0x000021ae, 0x000021ae, 0x000021ce, 0x000021cf,
+	0x000021d2, 0x000021d2, 0x000021d4, 0x000021d4,
+	0x000021f4, 0x000022ff, 0x00002308, 0x0000230b,
+	0x00002320, 0x00002321, 0x0000237c, 0x0000237c,
+	0x0000239b, 0x000023b3, 0x000025b7, 0x000025b7,
+	0x000025c1, 0x000025c1, 0x000025f8, 0x000025ff,
+	0x0000266f, 0x0000266f, 0x000027d0, 0x000027e5,
+	0x000027f0, 0x000027ff, 0x00002900, 0x00002982,
+	0x00002999, 0x000029d7, 0x000029dc, 0x000029fb,
+	0x000029fe, 0x00002aff, 0x0000fb29, 0x0000fb29,
+	0x0000fe62, 0x0000fe62, 0x0000fe64, 0x0000fe66,
+	0x0000ff0b, 0x0000ff0b, 0x0000ff1c, 0x0000ff1e,
+	0x0000ff5c, 0x0000ff5c, 0x0000ff5e, 0x0000ff5e,
+	0x0000ffe2, 0x0000ffe2, 0x0000ffe9, 0x0000ffec,
+	0x0001d6c1, 0x0001d6c1, 0x0001d6db, 0x0001d6db,
+	0x0001d6fb, 0x0001d6fb, 0x0001d715, 0x0001d715,
+	0x0001d735, 0x0001d735, 0x0001d74f, 0x0001d74f,
+	0x0001d76f, 0x0001d76f, 0x0001d789, 0x0001d789,
+	0x0001d7a9, 0x0001d7a9, 0x0001d7c3, 0x0001d7c3,
+	0x00000024, 0x00000024, 0x000000a2, 0x000000a5,
+	0x000009f2, 0x000009f3, 0x00000e3f, 0x00000e3f,
+	0x000017db, 0x000017db, 0x000020a0, 0x000020b1,
+	0x0000fdfc, 0x0000fdfc, 0x0000fe69, 0x0000fe69,
+	0x0000ff04, 0x0000ff04, 0x0000ffe0, 0x0000ffe1,
+	0x0000ffe5, 0x0000ffe6, 0x0000005e, 0x0000005e,
+	0x00000060, 0x00000060, 0x000000a8, 0x000000a8,
+	0x000000af, 0x000000af, 0x000000b4, 0x000000b4,
+	0x000000b8, 0x000000b8, 0x000002b9, 0x000002ba,
+	0x000002c2, 0x000002cf, 0x000002d2, 0x000002df,
+	0x000002e5, 0x000002ed, 0x00000374, 0x00000375,
+	0x00000384, 0x00000385, 0x00001fbd, 0x00001fbd,
+	0x00001fbf, 0x00001fc1, 0x00001fcd, 0x00001fcf,
+	0x00001fdd, 0x00001fdf, 0x00001fed, 0x00001fef,
+	0x00001ffd, 0x00001ffe, 0x0000309b, 0x0000309c,
+	0x0000ff3e, 0x0000ff3e, 0x0000ff40, 0x0000ff40,
+	0x0000ffe3, 0x0000ffe3, 0x000000a6, 0x000000a7,
+	0x000000a9, 0x000000a9, 0x000000ae, 0x000000ae,
+	0x000000b0, 0x000000b0, 0x000000b6, 0x000000b6,
+	0x00000482, 0x00000482, 0x000006e9, 0x000006e9,
+	0x000006fd, 0x000006fe, 0x000009fa, 0x000009fa,
+	0x00000b70, 0x00000b70, 0x00000f01, 0x00000f03,
+	0x00000f13, 0x00000f17, 0x00000f1a, 0x00000f1f,
+	0x00000f34, 0x00000f34, 0x00000f36, 0x00000f36,
+	0x00000f38, 0x00000f38, 0x00000fbe, 0x00000fc5,
+	0x00000fc7, 0x00000fcc, 0x00000fcf, 0x00000fcf,
+	0x00002100, 0x00002101, 0x00002103, 0x00002106,
+	0x00002108, 0x00002109, 0x00002114, 0x00002114,
+	0x00002116, 0x00002118, 0x0000211e, 0x00002123,
+	0x00002125, 0x00002125, 0x00002127, 0x00002127,
+	0x00002129, 0x00002129, 0x0000212e, 0x0000212e,
+	0x00002132, 0x00002132, 0x0000213a, 0x0000213a,
+	0x0000214a, 0x0000214a, 0x00002195, 0x00002199,
+	0x0000219c, 0x0000219f, 0x000021a1, 0x000021a2,
+	0x000021a4, 0x000021a5, 0x000021a7, 0x000021ad,
+	0x000021af, 0x000021cd, 0x000021d0, 0x000021d1,
+	0x000021d3, 0x000021d3, 0x000021d5, 0x000021f3,
+	0x00002300, 0x00002307, 0x0000230c, 0x0000231f,
+	0x00002322, 0x00002328, 0x0000232b, 0x0000237b,
+	0x0000237d, 0x0000239a, 0x000023b7, 0x000023ce,
+	0x00002400, 0x00002426, 0x00002440, 0x0000244a,
+	0x0000249c, 0x000024e9, 0x00002500, 0x000025b6,
+	0x000025b8, 0x000025c0, 0x000025c2, 0x000025f7,
+	0x00002600, 0x00002613, 0x00002616, 0x00002617,
+	0x00002619, 0x0000266e, 0x00002670, 0x0000267d,
+	0x00002680, 0x00002689, 0x00002701, 0x00002704,
+	0x00002706, 0x00002709, 0x0000270c, 0x00002727,
+	0x00002729, 0x0000274b, 0x0000274d, 0x0000274d,
+	0x0000274f, 0x00002752, 0x00002756, 0x00002756,
+	0x00002758, 0x0000275e, 0x00002761, 0x00002767,
+	0x00002794, 0x00002794, 0x00002798, 0x000027af,
+	0x000027b1, 0x000027be, 0x00002800, 0x000028ff,
+	0x00002e80, 0x00002e99, 0x00002e9b, 0x00002ef3,
+	0x00002f00, 0x00002fd5, 0x00002ff0, 0x00002ffb,
+	0x00003004, 0x00003004, 0x00003012, 0x00003013,
+	0x00003020, 0x00003020, 0x00003036, 0x00003037,
+	0x0000303e, 0x0000303f, 0x00003190, 0x00003191,
+	0x00003196, 0x0000319f, 0x00003200, 0x0000321c,
+	0x0000322a, 0x00003243, 0x00003260, 0x0000327b,
+	0x0000327f, 0x0000327f, 0x0000328a, 0x000032b0,
+	0x000032c0, 0x000032cb, 0x000032d0, 0x000032fe,
+	0x00003300, 0x00003376, 0x0000337b, 0x000033dd,
+	0x000033e0, 0x000033fe, 0x0000a490, 0x0000a4c6,
+	0x0000ffe4, 0x0000ffe4, 0x0000ffe8, 0x0000ffe8,
+	0x0000ffed, 0x0000ffee, 0x0000fffc, 0x0000fffd,
+	0x0001d000, 0x0001d0f5, 0x0001d100, 0x0001d126,
+	0x0001d12a, 0x0001d164, 0x0001d16a, 0x0001d16c,
+	0x0001d183, 0x0001d184, 0x0001d18c, 0x0001d1a9,
+	0x0001d1ae, 0x0001d1dd, 0x00000041, 0x0000005a,
+	0x00000061, 0x0000007a, 0x000000aa, 0x000000aa,
+	0x000000b5, 0x000000b5, 0x000000ba, 0x000000ba,
+	0x000000c0, 0x000000d6, 0x000000d8, 0x000000f6,
+	0x000000f8, 0x00000220, 0x00000222, 0x00000233,
+	0x00000250, 0x000002ad, 0x000002b0, 0x000002b8,
+	0x000002bb, 0x000002c1, 0x000002d0, 0x000002d1,
+	0x000002e0, 0x000002e4, 0x000002ee, 0x000002ee,
+	0x0000037a, 0x0000037a, 0x00000386, 0x00000386,
+	0x00000388, 0x0000038a, 0x0000038c, 0x0000038c,
+	0x0000038e, 0x000003a1, 0x000003a3, 0x000003ce,
+	0x000003d0, 0x000003f5, 0x00000400, 0x00000482,
+	0x0000048a, 0x000004ce, 0x000004d0, 0x000004f5,
+	0x000004f8, 0x000004f9, 0x00000500, 0x0000050f,
+	0x00000531, 0x00000556, 0x00000559, 0x0000055f,
+	0x00000561, 0x00000587, 0x00000589, 0x00000589,
+	0x00000903, 0x00000903, 0x00000905, 0x00000939,
+	0x0000093d, 0x00000940, 0x00000949, 0x0000094c,
+	0x00000950, 0x00000950, 0x00000958, 0x00000961,
+	0x00000964, 0x00000970, 0x00000982, 0x00000983,
+	0x00000985, 0x0000098c, 0x0000098f, 0x00000990,
+	0x00000993, 0x000009a8, 0x000009aa, 0x000009b0,
+	0x000009b2, 0x000009b2, 0x000009b6, 0x000009b9,
+	0x000009be, 0x000009c0, 0x000009c7, 0x000009c8,
+	0x000009cb, 0x000009cc, 0x000009d7, 0x000009d7,
+	0x000009dc, 0x000009dd, 0x000009df, 0x000009e1,
+	0x000009e6, 0x000009f1, 0x000009f4, 0x000009fa,
+	0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10,
+	0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30,
+	0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36,
+	0x00000a38, 0x00000a39, 0x00000a3e, 0x00000a40,
+	0x00000a59, 0x00000a5c, 0x00000a5e, 0x00000a5e,
+	0x00000a66, 0x00000a6f, 0x00000a72, 0x00000a74,
+	0x00000a83, 0x00000a83, 0x00000a85, 0x00000a8b,
+	0x00000a8d, 0x00000a8d, 0x00000a8f, 0x00000a91,
+	0x00000a93, 0x00000aa8, 0x00000aaa, 0x00000ab0,
+	0x00000ab2, 0x00000ab3, 0x00000ab5, 0x00000ab9,
+	0x00000abd, 0x00000ac0, 0x00000ac9, 0x00000ac9,
+	0x00000acb, 0x00000acc, 0x00000ad0, 0x00000ad0,
+	0x00000ae0, 0x00000ae0, 0x00000ae6, 0x00000aef,
+	0x00000b02, 0x00000b03, 0x00000b05, 0x00000b0c,
+	0x00000b0f, 0x00000b10, 0x00000b13, 0x00000b28,
+	0x00000b2a, 0x00000b30, 0x00000b32, 0x00000b33,
+	0x00000b36, 0x00000b39, 0x00000b3d, 0x00000b3e,
+	0x00000b40, 0x00000b40, 0x00000b47, 0x00000b48,
+	0x00000b4b, 0x00000b4c, 0x00000b57, 0x00000b57,
+	0x00000b5c, 0x00000b5d, 0x00000b5f, 0x00000b61,
+	0x00000b66, 0x00000b70, 0x00000b83, 0x00000b83,
+	0x00000b85, 0x00000b8a, 0x00000b8e, 0x00000b90,
+	0x00000b92, 0x00000b95, 0x00000b99, 0x00000b9a,
+	0x00000b9c, 0x00000b9c, 0x00000b9e, 0x00000b9f,
+	0x00000ba3, 0x00000ba4, 0x00000ba8, 0x00000baa,
+	0x00000bae, 0x00000bb5, 0x00000bb7, 0x00000bb9,
+	0x00000bbe, 0x00000bbf, 0x00000bc1, 0x00000bc2,
+	0x00000bc6, 0x00000bc8, 0x00000bca, 0x00000bcc,
+	0x00000bd7, 0x00000bd7, 0x00000be7, 0x00000bf2,
+	0x00000c01, 0x00000c03, 0x00000c05, 0x00000c0c,
+	0x00000c0e, 0x00000c10, 0x00000c12, 0x00000c28,
+	0x00000c2a, 0x00000c33, 0x00000c35, 0x00000c39,
+	0x00000c41, 0x00000c44, 0x00000c60, 0x00000c61,
+	0x00000c66, 0x00000c6f, 0x00000c82, 0x00000c83,
+	0x00000c85, 0x00000c8c, 0x00000c8e, 0x00000c90,
+	0x00000c92, 0x00000ca8, 0x00000caa, 0x00000cb3,
+	0x00000cb5, 0x00000cb9, 0x00000cbe, 0x00000cbe,
+	0x00000cc0, 0x00000cc4, 0x00000cc7, 0x00000cc8,
+	0x00000cca, 0x00000ccb, 0x00000cd5, 0x00000cd6,
+	0x00000cde, 0x00000cde, 0x00000ce0, 0x00000ce1,
+	0x00000ce6, 0x00000cef, 0x00000d02, 0x00000d03,
+	0x00000d05, 0x00000d0c, 0x00000d0e, 0x00000d10,
+	0x00000d12, 0x00000d28, 0x00000d2a, 0x00000d39,
+	0x00000d3e, 0x00000d40, 0x00000d46, 0x00000d48,
+	0x00000d4a, 0x00000d4c, 0x00000d57, 0x00000d57,
+	0x00000d60, 0x00000d61, 0x00000d66, 0x00000d6f,
+	0x00000d82, 0x00000d83, 0x00000d85, 0x00000d96,
+	0x00000d9a, 0x00000db1, 0x00000db3, 0x00000dbb,
+	0x00000dbd, 0x00000dbd, 0x00000dc0, 0x00000dc6,
+	0x00000dcf, 0x00000dd1, 0x00000dd8, 0x00000ddf,
+	0x00000df2, 0x00000df4, 0x00000e01, 0x00000e30,
+	0x00000e32, 0x00000e33, 0x00000e40, 0x00000e46,
+	0x00000e4f, 0x00000e5b, 0x00000e81, 0x00000e82,
+	0x00000e84, 0x00000e84, 0x00000e87, 0x00000e88,
+	0x00000e8a, 0x00000e8a, 0x00000e8d, 0x00000e8d,
+	0x00000e94, 0x00000e97, 0x00000e99, 0x00000e9f,
+	0x00000ea1, 0x00000ea3, 0x00000ea5, 0x00000ea5,
+	0x00000ea7, 0x00000ea7, 0x00000eaa, 0x00000eab,
+	0x00000ead, 0x00000eb0, 0x00000eb2, 0x00000eb3,
+	0x00000ebd, 0x00000ebd, 0x00000ec0, 0x00000ec4,
+	0x00000ec6, 0x00000ec6, 0x00000ed0, 0x00000ed9,
+	0x00000edc, 0x00000edd, 0x00000f00, 0x00000f17,
+	0x00000f1a, 0x00000f34, 0x00000f36, 0x00000f36,
+	0x00000f38, 0x00000f38, 0x00000f3e, 0x00000f47,
+	0x00000f49, 0x00000f6a, 0x00000f7f, 0x00000f7f,
+	0x00000f85, 0x00000f85, 0x00000f88, 0x00000f8b,
+	0x00000fbe, 0x00000fc5, 0x00000fc7, 0x00000fcc,
+	0x00000fcf, 0x00000fcf, 0x00001000, 0x00001021,
+	0x00001023, 0x00001027, 0x00001029, 0x0000102a,
+	0x0000102c, 0x0000102c, 0x00001031, 0x00001031,
+	0x00001038, 0x00001038, 0x00001040, 0x00001057,
+	0x000010a0, 0x000010c5, 0x000010d0, 0x000010f8,
+	0x000010fb, 0x000010fb, 0x00001100, 0x00001159,
+	0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9,
+	0x00001200, 0x00001206, 0x00001208, 0x00001246,
+	0x00001248, 0x00001248, 0x0000124a, 0x0000124d,
+	0x00001250, 0x00001256, 0x00001258, 0x00001258,
+	0x0000125a, 0x0000125d, 0x00001260, 0x00001286,
+	0x00001288, 0x00001288, 0x0000128a, 0x0000128d,
+	0x00001290, 0x000012ae, 0x000012b0, 0x000012b0,
+	0x000012b2, 0x000012b5, 0x000012b8, 0x000012be,
+	0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5,
+	0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6,
+	0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e,
+	0x00001310, 0x00001310, 0x00001312, 0x00001315,
+	0x00001318, 0x0000131e, 0x00001320, 0x00001346,
+	0x00001348, 0x0000135a, 0x00001361, 0x0000137c,
+	0x000013a0, 0x000013f4, 0x00001401, 0x00001676,
+	0x00001681, 0x0000169a, 0x000016a0, 0x000016f0,
+	0x00001700, 0x0000170c, 0x0000170e, 0x00001711,
+	0x00001720, 0x00001731, 0x00001735, 0x00001736,
+	0x00001740, 0x00001751, 0x00001760, 0x0000176c,
+	0x0000176e, 0x00001770, 0x00001780, 0x000017b6,
+	0x000017be, 0x000017c5, 0x000017c7, 0x000017c8,
+	0x000017d4, 0x000017da, 0x000017dc, 0x000017dc,
+	0x000017e0, 0x000017e9, 0x00001810, 0x00001819,
+	0x00001820, 0x00001877, 0x00001880, 0x000018a8,
+	0x00001e00, 0x00001e9b, 0x00001ea0, 0x00001ef9,
+	0x00001f00, 0x00001f15, 0x00001f18, 0x00001f1d,
+	0x00001f20, 0x00001f45, 0x00001f48, 0x00001f4d,
+	0x00001f50, 0x00001f57, 0x00001f59, 0x00001f59,
+	0x00001f5b, 0x00001f5b, 0x00001f5d, 0x00001f5d,
+	0x00001f5f, 0x00001f7d, 0x00001f80, 0x00001fb4,
+	0x00001fb6, 0x00001fbc, 0x00001fbe, 0x00001fbe,
+	0x00001fc2, 0x00001fc4, 0x00001fc6, 0x00001fcc,
+	0x00001fd0, 0x00001fd3, 0x00001fd6, 0x00001fdb,
+	0x00001fe0, 0x00001fec, 0x00001ff2, 0x00001ff4,
+	0x00001ff6, 0x00001ffc, 0x0000200e, 0x0000200e,
+	0x00002071, 0x00002071, 0x0000207f, 0x0000207f,
+	0x00002102, 0x00002102, 0x00002107, 0x00002107,
+	0x0000210a, 0x00002113, 0x00002115, 0x00002115,
+	0x00002119, 0x0000211d, 0x00002124, 0x00002124,
+	0x00002126, 0x00002126, 0x00002128, 0x00002128,
+	0x0000212a, 0x0000212d, 0x0000212f, 0x00002131,
+	0x00002133, 0x00002139, 0x0000213d, 0x0000213f,
+	0x00002145, 0x00002149, 0x00002160, 0x00002183,
+	0x00002336, 0x0000237a, 0x00002395, 0x00002395,
+	0x0000249c, 0x000024e9, 0x00003005, 0x00003007,
+	0x00003021, 0x00003029, 0x00003031, 0x00003035,
+	0x00003038, 0x0000303c, 0x00003041, 0x00003096,
+	0x0000309d, 0x0000309f, 0x000030a1, 0x000030fa,
+	0x000030fc, 0x000030ff, 0x00003105, 0x0000312c,
+	0x00003131, 0x0000318e, 0x00003190, 0x000031b7,
+	0x000031f0, 0x0000321c, 0x00003220, 0x00003243,
+	0x00003260, 0x0000327b, 0x0000327f, 0x000032b0,
+	0x000032c0, 0x000032cb, 0x000032d0, 0x000032fe,
+	0x00003300, 0x00003376, 0x0000337b, 0x000033dd,
+	0x000033e0, 0x000033fe, 0x00003400, 0x00004db5,
+	0x00004e00, 0x0000a48c, 0x0000ac00, 0x0000d7a3,
+	0x0000e000, 0x0000fb06, 0x0000fb13, 0x0000fb17,
+	0x0000ff21, 0x0000ff3a, 0x0000ff41, 0x0000ff5a,
+	0x0000ff66, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7,
+	0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7,
+	0x0000ffda, 0x0000ffdc, 0x00010000, 0x0002a6d6,
+	0x0002f800, 0x0002fa1d, 0x000f0000, 0x000ffffd,
+	0x00100000, 0x0010fffd, 0x000005be, 0x000005be,
+	0x000005c0, 0x000005c0, 0x000005c3, 0x000005c3,
+	0x000005d0, 0x000005ea, 0x000005f0, 0x000005f4,
+	0x0000200f, 0x0000200f, 0x0000fb1d, 0x0000fb1d,
+	0x0000fb1f, 0x0000fb28, 0x0000fb2a, 0x0000fb36,
+	0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e,
+	0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44,
+	0x0000fb46, 0x0000fb4f, 0x00000030, 0x00000039,
+	0x000000b2, 0x000000b3, 0x000000b9, 0x000000b9,
+	0x000006f0, 0x000006f9, 0x00002070, 0x00002070,
+	0x00002074, 0x00002079, 0x00002080, 0x00002089,
+	0x00002460, 0x0000249b, 0x000024ea, 0x000024ea,
+	0x0000ff10, 0x0000ff19, 0x0001d7ce, 0x0001d7ff,
+	0x0000002f, 0x0000002f, 0x0000ff0f, 0x0000ff0f,
+	0x00000023, 0x00000025, 0x0000002b, 0x0000002b,
+	0x0000002d, 0x0000002d, 0x000000a2, 0x000000a5,
+	0x000000b0, 0x000000b1, 0x0000066a, 0x0000066a,
+	0x000009f2, 0x000009f3, 0x00000e3f, 0x00000e3f,
+	0x000017db, 0x000017db, 0x00002030, 0x00002034,
+	0x0000207a, 0x0000207b, 0x0000208a, 0x0000208b,
+	0x000020a0, 0x000020b1, 0x0000212e, 0x0000212e,
+	0x00002212, 0x00002213, 0x0000fb29, 0x0000fb29,
+	0x0000fe5f, 0x0000fe5f, 0x0000fe62, 0x0000fe63,
+	0x0000fe69, 0x0000fe6a, 0x0000ff03, 0x0000ff05,
+	0x0000ff0b, 0x0000ff0b, 0x0000ff0d, 0x0000ff0d,
+	0x0000ffe0, 0x0000ffe1, 0x0000ffe5, 0x0000ffe6,
+	0x00000660, 0x00000669, 0x0000066b, 0x0000066c,
+	0x0000002c, 0x0000002c, 0x0000002e, 0x0000002e,
+	0x0000003a, 0x0000003a, 0x000000a0, 0x000000a0,
+	0x0000060c, 0x0000060c, 0x0000fe50, 0x0000fe50,
+	0x0000fe52, 0x0000fe52, 0x0000fe55, 0x0000fe55,
+	0x0000ff0c, 0x0000ff0c, 0x0000ff0e, 0x0000ff0e,
+	0x0000ff1a, 0x0000ff1a, 0x0000000a, 0x0000000a,
+	0x0000000d, 0x0000000d, 0x0000001c, 0x0000001e,
+	0x00000085, 0x00000085, 0x00002029, 0x00002029,
+	0x00000009, 0x00000009, 0x0000000b, 0x0000000b,
+	0x0000001f, 0x0000001f, 0x0000000c, 0x0000000c,
+	0x00000020, 0x00000020, 0x00001680, 0x00001680,
+	0x00002000, 0x0000200a, 0x00002028, 0x00002028,
+	0x0000202f, 0x0000202f, 0x0000205f, 0x0000205f,
+	0x00003000, 0x00003000, 0x00000000, 0x00000008,
+	0x0000000e, 0x0000001b, 0x00000021, 0x00000022,
+	0x00000026, 0x0000002a, 0x0000003b, 0x00000040,
+	0x0000005b, 0x00000060, 0x0000007b, 0x00000084,
+	0x00000086, 0x0000009f, 0x000000a1, 0x000000a1,
+	0x000000a6, 0x000000a9, 0x000000ab, 0x000000af,
+	0x000000b4, 0x000000b4, 0x000000b6, 0x000000b8,
+	0x000000bb, 0x000000bf, 0x000000d7, 0x000000d7,
+	0x000000f7, 0x000000f7, 0x000002b9, 0x000002ba,
+	0x000002c2, 0x000002cf, 0x000002d2, 0x000002df,
+	0x000002e5, 0x000002ed, 0x00000300, 0x0000034f,
+	0x00000360, 0x0000036f, 0x00000374, 0x00000375,
+	0x0000037e, 0x0000037e, 0x00000384, 0x00000385,
+	0x00000387, 0x00000387, 0x000003f6, 0x000003f6,
+	0x00000483, 0x00000486, 0x00000488, 0x00000489,
+	0x0000058a, 0x0000058a, 0x00000591, 0x000005a1,
+	0x000005a3, 0x000005b9, 0x000005bb, 0x000005bd,
+	0x000005bf, 0x000005bf, 0x000005c1, 0x000005c2,
+	0x000005c4, 0x000005c4, 0x0000064b, 0x00000655,
+	0x00000670, 0x00000670, 0x000006d6, 0x000006dc,
+	0x000006de, 0x000006e4, 0x000006e7, 0x000006ed,
+	0x0000070f, 0x0000070f, 0x00000711, 0x00000711,
+	0x00000730, 0x0000074a, 0x000007a6, 0x000007b0,
+	0x00000901, 0x00000902, 0x0000093c, 0x0000093c,
+	0x00000941, 0x00000948, 0x0000094d, 0x0000094d,
+	0x00000951, 0x00000954, 0x00000962, 0x00000963,
+	0x00000981, 0x00000981, 0x000009bc, 0x000009bc,
+	0x000009c1, 0x000009c4, 0x000009cd, 0x000009cd,
+	0x000009e2, 0x000009e3, 0x00000a02, 0x00000a02,
+	0x00000a3c, 0x00000a3c, 0x00000a41, 0x00000a42,
+	0x00000a47, 0x00000a48, 0x00000a4b, 0x00000a4d,
+	0x00000a70, 0x00000a71, 0x00000a81, 0x00000a82,
+	0x00000abc, 0x00000abc, 0x00000ac1, 0x00000ac5,
+	0x00000ac7, 0x00000ac8, 0x00000acd, 0x00000acd,
+	0x00000b01, 0x00000b01, 0x00000b3c, 0x00000b3c,
+	0x00000b3f, 0x00000b3f, 0x00000b41, 0x00000b43,
+	0x00000b4d, 0x00000b4d, 0x00000b56, 0x00000b56,
+	0x00000b82, 0x00000b82, 0x00000bc0, 0x00000bc0,
+	0x00000bcd, 0x00000bcd, 0x00000c3e, 0x00000c40,
+	0x00000c46, 0x00000c48, 0x00000c4a, 0x00000c4d,
+	0x00000c55, 0x00000c56, 0x00000cbf, 0x00000cbf,
+	0x00000cc6, 0x00000cc6, 0x00000ccc, 0x00000ccd,
+	0x00000d41, 0x00000d43, 0x00000d4d, 0x00000d4d,
+	0x00000dca, 0x00000dca, 0x00000dd2, 0x00000dd4,
+	0x00000dd6, 0x00000dd6, 0x00000e31, 0x00000e31,
+	0x00000e34, 0x00000e3a, 0x00000e47, 0x00000e4e,
+	0x00000eb1, 0x00000eb1, 0x00000eb4, 0x00000eb9,
+	0x00000ebb, 0x00000ebc, 0x00000ec8, 0x00000ecd,
+	0x00000f18, 0x00000f19, 0x00000f35, 0x00000f35,
+	0x00000f37, 0x00000f37, 0x00000f39, 0x00000f3d,
+	0x00000f71, 0x00000f7e, 0x00000f80, 0x00000f84,
+	0x00000f86, 0x00000f87, 0x00000f90, 0x00000f97,
+	0x00000f99, 0x00000fbc, 0x00000fc6, 0x00000fc6,
+	0x0000102d, 0x00001030, 0x00001032, 0x00001032,
+	0x00001036, 0x00001037, 0x00001039, 0x00001039,
+	0x00001058, 0x00001059, 0x0000169b, 0x0000169c,
+	0x00001712, 0x00001714, 0x00001732, 0x00001734,
+	0x00001752, 0x00001753, 0x00001772, 0x00001773,
+	0x000017b7, 0x000017bd, 0x000017c6, 0x000017c6,
+	0x000017c9, 0x000017d3, 0x00001800, 0x0000180e,
+	0x000018a9, 0x000018a9, 0x00001fbd, 0x00001fbd,
+	0x00001fbf, 0x00001fc1, 0x00001fcd, 0x00001fcf,
+	0x00001fdd, 0x00001fdf, 0x00001fed, 0x00001fef,
+	0x00001ffd, 0x00001ffe, 0x0000200b, 0x0000200d,
+	0x00002010, 0x00002027, 0x0000202a, 0x0000202e,
+	0x00002035, 0x00002052, 0x00002057, 0x00002057,
+	0x00002060, 0x00002063, 0x0000206a, 0x0000206f,
+	0x0000207c, 0x0000207e, 0x0000208c, 0x0000208e,
+	0x000020d0, 0x000020ea, 0x00002100, 0x00002101,
+	0x00002103, 0x00002106, 0x00002108, 0x00002109,
+	0x00002114, 0x00002114, 0x00002116, 0x00002118,
+	0x0000211e, 0x00002123, 0x00002125, 0x00002125,
+	0x00002127, 0x00002127, 0x00002129, 0x00002129,
+	0x00002132, 0x00002132, 0x0000213a, 0x0000213a,
+	0x00002140, 0x00002144, 0x0000214a, 0x0000214b,
+	0x00002153, 0x0000215f, 0x00002190, 0x00002211,
+	0x00002214, 0x00002335, 0x0000237b, 0x00002394,
+	0x00002396, 0x000023ce, 0x00002400, 0x00002426,
+	0x00002440, 0x0000244a, 0x000024eb, 0x000024fe,
+	0x00002500, 0x00002613, 0x00002616, 0x00002617,
+	0x00002619, 0x0000267d, 0x00002680, 0x00002689,
+	0x00002701, 0x00002704, 0x00002706, 0x00002709,
+	0x0000270c, 0x00002727, 0x00002729, 0x0000274b,
+	0x0000274d, 0x0000274d, 0x0000274f, 0x00002752,
+	0x00002756, 0x00002756, 0x00002758, 0x0000275e,
+	0x00002761, 0x00002794, 0x00002798, 0x000027af,
+	0x000027b1, 0x000027be, 0x000027d0, 0x000027eb,
+	0x000027f0, 0x00002aff, 0x00002e80, 0x00002e99,
+	0x00002e9b, 0x00002ef3, 0x00002f00, 0x00002fd5,
+	0x00002ff0, 0x00002ffb, 0x00003001, 0x00003004,
+	0x00003008, 0x00003020, 0x0000302a, 0x00003030,
+	0x00003036, 0x00003037, 0x0000303d, 0x0000303f,
+	0x00003099, 0x0000309c, 0x000030a0, 0x000030a0,
+	0x000030fb, 0x000030fb, 0x00003251, 0x0000325f,
+	0x000032b1, 0x000032bf, 0x0000a490, 0x0000a4c6,
+	0x0000fb1e, 0x0000fb1e, 0x0000fd3e, 0x0000fd3f,
+	0x0000fe00, 0x0000fe0f, 0x0000fe20, 0x0000fe23,
+	0x0000fe30, 0x0000fe46, 0x0000fe49, 0x0000fe4f,
+	0x0000fe51, 0x0000fe51, 0x0000fe54, 0x0000fe54,
+	0x0000fe56, 0x0000fe5e, 0x0000fe60, 0x0000fe61,
+	0x0000fe64, 0x0000fe66, 0x0000fe68, 0x0000fe68,
+	0x0000fe6b, 0x0000fe6b, 0x0000feff, 0x0000feff,
+	0x0000ff01, 0x0000ff02, 0x0000ff06, 0x0000ff0a,
+	0x0000ff1b, 0x0000ff20, 0x0000ff3b, 0x0000ff40,
+	0x0000ff5b, 0x0000ff65, 0x0000ffe2, 0x0000ffe4,
+	0x0000ffe8, 0x0000ffee, 0x0000fff9, 0x0000fffd,
+	0x0001d167, 0x0001d169, 0x0001d173, 0x0001d182,
+	0x0001d185, 0x0001d18b, 0x0001d1aa, 0x0001d1ad,
+	0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f,
+	0x000000c0, 0x000000c5, 0x000000c7, 0x000000cf,
+	0x000000d1, 0x000000d6, 0x000000d9, 0x000000dd,
+	0x000000e0, 0x000000e5, 0x000000e7, 0x000000ef,
+	0x000000f1, 0x000000f6, 0x000000f9, 0x000000fd,
+	0x000000ff, 0x0000010f, 0x00000112, 0x00000125,
+	0x00000128, 0x00000130, 0x00000134, 0x00000137,
+	0x00000139, 0x0000013e, 0x00000143, 0x00000148,
+	0x0000014c, 0x00000151, 0x00000154, 0x00000165,
+	0x00000168, 0x0000017e, 0x000001a0, 0x000001a1,
+	0x000001af, 0x000001b0, 0x000001cd, 0x000001dc,
+	0x000001de, 0x000001e3, 0x000001e6, 0x000001f0,
+	0x000001f4, 0x000001f5, 0x000001f8, 0x0000021b,
+	0x0000021e, 0x0000021f, 0x00000226, 0x00000233,
+	0x00000340, 0x00000341, 0x00000343, 0x00000344,
+	0x00000374, 0x00000374, 0x0000037e, 0x0000037e,
+	0x00000385, 0x0000038a, 0x0000038c, 0x0000038c,
+	0x0000038e, 0x00000390, 0x000003aa, 0x000003b0,
+	0x000003ca, 0x000003ce, 0x000003d3, 0x000003d4,
+	0x00000400, 0x00000401, 0x00000403, 0x00000403,
+	0x00000407, 0x00000407, 0x0000040c, 0x0000040e,
+	0x00000419, 0x00000419, 0x00000439, 0x00000439,
+	0x00000450, 0x00000451, 0x00000453, 0x00000453,
+	0x00000457, 0x00000457, 0x0000045c, 0x0000045e,
+	0x00000476, 0x00000477, 0x000004c1, 0x000004c2,
+	0x000004d0, 0x000004d3, 0x000004d6, 0x000004d7,
+	0x000004da, 0x000004df, 0x000004e2, 0x000004e7,
+	0x000004ea, 0x000004f5, 0x000004f8, 0x000004f9,
+	0x00000622, 0x00000626, 0x000006c0, 0x000006c0,
+	0x000006c2, 0x000006c2, 0x000006d3, 0x000006d3,
+	0x00000929, 0x00000929, 0x00000931, 0x00000931,
+	0x00000934, 0x00000934, 0x00000958, 0x0000095f,
+	0x000009cb, 0x000009cc, 0x000009dc, 0x000009dd,
+	0x000009df, 0x000009df, 0x00000a33, 0x00000a33,
+	0x00000a36, 0x00000a36, 0x00000a59, 0x00000a5b,
+	0x00000a5e, 0x00000a5e, 0x00000b48, 0x00000b48,
+	0x00000b4b, 0x00000b4c, 0x00000b5c, 0x00000b5d,
+	0x00000b94, 0x00000b94, 0x00000bca, 0x00000bcc,
+	0x00000c48, 0x00000c48, 0x00000cc0, 0x00000cc0,
+	0x00000cc7, 0x00000cc8, 0x00000cca, 0x00000ccb,
+	0x00000d4a, 0x00000d4c, 0x00000dda, 0x00000dda,
+	0x00000ddc, 0x00000dde, 0x00000f43, 0x00000f43,
+	0x00000f4d, 0x00000f4d, 0x00000f52, 0x00000f52,
+	0x00000f57, 0x00000f57, 0x00000f5c, 0x00000f5c,
+	0x00000f69, 0x00000f69, 0x00000f73, 0x00000f73,
+	0x00000f75, 0x00000f76, 0x00000f78, 0x00000f78,
+	0x00000f81, 0x00000f81, 0x00000f93, 0x00000f93,
+	0x00000f9d, 0x00000f9d, 0x00000fa2, 0x00000fa2,
+	0x00000fa7, 0x00000fa7, 0x00000fac, 0x00000fac,
+	0x00000fb9, 0x00000fb9, 0x00001026, 0x00001026,
+	0x00001e00, 0x00001e99, 0x00001e9b, 0x00001e9b,
+	0x00001ea0, 0x00001ef9, 0x00001f00, 0x00001f15,
+	0x00001f18, 0x00001f1d, 0x00001f20, 0x00001f45,
+	0x00001f48, 0x00001f4d, 0x00001f50, 0x00001f57,
+	0x00001f59, 0x00001f59, 0x00001f5b, 0x00001f5b,
+	0x00001f5d, 0x00001f5d, 0x00001f5f, 0x00001f7d,
+	0x00001f80, 0x00001fb4, 0x00001fb6, 0x00001fbc,
+	0x00001fbe, 0x00001fbe, 0x00001fc1, 0x00001fc4,
+	0x00001fc6, 0x00001fd3, 0x00001fd6, 0x00001fdb,
+	0x00001fdd, 0x00001fef, 0x00001ff2, 0x00001ff4,
+	0x00001ff6, 0x00001ffd, 0x00002000, 0x00002001,
+	0x00002126, 0x00002126, 0x0000212a, 0x0000212b,
+	0x0000219a, 0x0000219b, 0x000021ae, 0x000021ae,
+	0x000021cd, 0x000021cf, 0x00002204, 0x00002204,
+	0x00002209, 0x00002209, 0x0000220c, 0x0000220c,
+	0x00002224, 0x00002224, 0x00002226, 0x00002226,
+	0x00002241, 0x00002241, 0x00002244, 0x00002244,
+	0x00002247, 0x00002247, 0x00002249, 0x00002249,
+	0x00002260, 0x00002260, 0x00002262, 0x00002262,
+	0x0000226d, 0x00002271, 0x00002274, 0x00002275,
+	0x00002278, 0x00002279, 0x00002280, 0x00002281,
+	0x00002284, 0x00002285, 0x00002288, 0x00002289,
+	0x000022ac, 0x000022af, 0x000022e0, 0x000022e3,
+	0x000022ea, 0x000022ed, 0x00002329, 0x0000232a,
+	0x00002adc, 0x00002adc, 0x0000304c, 0x0000304c,
+	0x0000304e, 0x0000304e, 0x00003050, 0x00003050,
+	0x00003052, 0x00003052, 0x00003054, 0x00003054,
+	0x00003056, 0x00003056, 0x00003058, 0x00003058,
+	0x0000305a, 0x0000305a, 0x0000305c, 0x0000305c,
+	0x0000305e, 0x0000305e, 0x00003060, 0x00003060,
+	0x00003062, 0x00003062, 0x00003065, 0x00003065,
+	0x00003067, 0x00003067, 0x00003069, 0x00003069,
+	0x00003070, 0x00003071, 0x00003073, 0x00003074,
+	0x00003076, 0x00003077, 0x00003079, 0x0000307a,
+	0x0000307c, 0x0000307d, 0x00003094, 0x00003094,
+	0x0000309e, 0x0000309e, 0x000030ac, 0x000030ac,
+	0x000030ae, 0x000030ae, 0x000030b0, 0x000030b0,
+	0x000030b2, 0x000030b2, 0x000030b4, 0x000030b4,
+	0x000030b6, 0x000030b6, 0x000030b8, 0x000030b8,
+	0x000030ba, 0x000030ba, 0x000030bc, 0x000030bc,
+	0x000030be, 0x000030be, 0x000030c0, 0x000030c0,
+	0x000030c2, 0x000030c2, 0x000030c5, 0x000030c5,
+	0x000030c7, 0x000030c7, 0x000030c9, 0x000030c9,
+	0x000030d0, 0x000030d1, 0x000030d3, 0x000030d4,
+	0x000030d6, 0x000030d7, 0x000030d9, 0x000030da,
+	0x000030dc, 0x000030dd, 0x000030f4, 0x000030f4,
+	0x000030f7, 0x000030fa, 0x000030fe, 0x000030fe,
+	0x0000f902, 0x0000fa0d, 0x0000fa10, 0x0000fa10,
+	0x0000fa12, 0x0000fa12, 0x0000fa15, 0x0000fa1e,
+	0x0000fa20, 0x0000fa20, 0x0000fa22, 0x0000fa22,
+	0x0000fa25, 0x0000fa26, 0x0000fa2a, 0x0000fa2d,
+	0x0000fa30, 0x0000fa6a, 0x0000fb1d, 0x0000fb1d,
+	0x0000fb1f, 0x0000fb1f, 0x0000fb2a, 0x0000fb36,
+	0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e,
+	0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44,
+	0x0000fb46, 0x0000fb4e, 0x0001d15e, 0x0001d164,
+	0x0001d1bb, 0x0001d1c0, 0x0002f800, 0x0002fa1d,
+	0x00000000, 0x00000220, 0x00000222, 0x00000233,
+	0x00000250, 0x000002ad, 0x000002b0, 0x000002ee,
+	0x00000300, 0x0000034f, 0x00000360, 0x0000036f,
+	0x00000374, 0x00000375, 0x0000037a, 0x0000037a,
+	0x0000037e, 0x0000037e, 0x00000384, 0x0000038a,
+	0x0000038c, 0x0000038c, 0x0000038e, 0x000003a1,
+	0x000003a3, 0x000003ce, 0x000003d0, 0x000003f6,
+	0x00000400, 0x00000486, 0x00000488, 0x000004ce,
+	0x000004d0, 0x000004f5, 0x000004f8, 0x000004f9,
+	0x00000500, 0x0000050f, 0x00000531, 0x00000556,
+	0x00000559, 0x0000055f, 0x00000561, 0x00000587,
+	0x00000589, 0x0000058a, 0x00000591, 0x000005a1,
+	0x000005a3, 0x000005b9, 0x000005bb, 0x000005c4,
+	0x000005d0, 0x000005ea, 0x000005f0, 0x000005f4,
+	0x0000060c, 0x0000060c, 0x0000061b, 0x0000061b,
+	0x0000061f, 0x0000061f, 0x00000621, 0x0000063a,
+	0x00000640, 0x00000655, 0x00000660, 0x000006ed,
+	0x000006f0, 0x000006fe, 0x00000700, 0x0000070d,
+	0x0000070f, 0x0000072c, 0x00000730, 0x0000074a,
+	0x00000780, 0x000007b1, 0x00000901, 0x00000903,
+	0x00000905, 0x00000939, 0x0000093c, 0x0000094d,
+	0x00000950, 0x00000954, 0x00000958, 0x00000970,
+	0x00000981, 0x00000983, 0x00000985, 0x0000098c,
+	0x0000098f, 0x00000990, 0x00000993, 0x000009a8,
+	0x000009aa, 0x000009b0, 0x000009b2, 0x000009b2,
+	0x000009b6, 0x000009b9, 0x000009bc, 0x000009bc,
+	0x000009be, 0x000009c4, 0x000009c7, 0x000009c8,
+	0x000009cb, 0x000009cd, 0x000009d7, 0x000009d7,
+	0x000009dc, 0x000009dd, 0x000009df, 0x000009e3,
+	0x000009e6, 0x000009fa, 0x00000a02, 0x00000a02,
+	0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10,
+	0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30,
+	0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36,
+	0x00000a38, 0x00000a39, 0x00000a3c, 0x00000a3c,
+	0x00000a3e, 0x00000a42, 0x00000a47, 0x00000a48,
+	0x00000a4b, 0x00000a4d, 0x00000a59, 0x00000a5c,
+	0x00000a5e, 0x00000a5e, 0x00000a66, 0x00000a74,
+	0x00000a81, 0x00000a83, 0x00000a85, 0x00000a8b,
+	0x00000a8d, 0x00000a8d, 0x00000a8f, 0x00000a91,
+	0x00000a93, 0x00000aa8, 0x00000aaa, 0x00000ab0,
+	0x00000ab2, 0x00000ab3, 0x00000ab5, 0x00000ab9,
+	0x00000abc, 0x00000ac5, 0x00000ac7, 0x00000ac9,
+	0x00000acb, 0x00000acd, 0x00000ad0, 0x00000ad0,
+	0x00000ae0, 0x00000ae0, 0x00000ae6, 0x00000aef,
+	0x00000b01, 0x00000b03, 0x00000b05, 0x00000b0c,
+	0x00000b0f, 0x00000b10, 0x00000b13, 0x00000b28,
+	0x00000b2a, 0x00000b30, 0x00000b32, 0x00000b33,
+	0x00000b36, 0x00000b39, 0x00000b3c, 0x00000b43,
+	0x00000b47, 0x00000b48, 0x00000b4b, 0x00000b4d,
+	0x00000b56, 0x00000b57, 0x00000b5c, 0x00000b5d,
+	0x00000b5f, 0x00000b61, 0x00000b66, 0x00000b70,
+	0x00000b82, 0x00000b83, 0x00000b85, 0x00000b8a,
+	0x00000b8e, 0x00000b90, 0x00000b92, 0x00000b95,
+	0x00000b99, 0x00000b9a, 0x00000b9c, 0x00000b9c,
+	0x00000b9e, 0x00000b9f, 0x00000ba3, 0x00000ba4,
+	0x00000ba8, 0x00000baa, 0x00000bae, 0x00000bb5,
+	0x00000bb7, 0x00000bb9, 0x00000bbe, 0x00000bc2,
+	0x00000bc6, 0x00000bc8, 0x00000bca, 0x00000bcd,
+	0x00000bd7, 0x00000bd7, 0x00000be7, 0x00000bf2,
+	0x00000c01, 0x00000c03, 0x00000c05, 0x00000c0c,
+	0x00000c0e, 0x00000c10, 0x00000c12, 0x00000c28,
+	0x00000c2a, 0x00000c33, 0x00000c35, 0x00000c39,
+	0x00000c3e, 0x00000c44, 0x00000c46, 0x00000c48,
+	0x00000c4a, 0x00000c4d, 0x00000c55, 0x00000c56,
+	0x00000c60, 0x00000c61, 0x00000c66, 0x00000c6f,
+	0x00000c82, 0x00000c83, 0x00000c85, 0x00000c8c,
+	0x00000c8e, 0x00000c90, 0x00000c92, 0x00000ca8,
+	0x00000caa, 0x00000cb3, 0x00000cb5, 0x00000cb9,
+	0x00000cbe, 0x00000cc4, 0x00000cc6, 0x00000cc8,
+	0x00000cca, 0x00000ccd, 0x00000cd5, 0x00000cd6,
+	0x00000cde, 0x00000cde, 0x00000ce0, 0x00000ce1,
+	0x00000ce6, 0x00000cef, 0x00000d02, 0x00000d03,
+	0x00000d05, 0x00000d0c, 0x00000d0e, 0x00000d10,
+	0x00000d12, 0x00000d28, 0x00000d2a, 0x00000d39,
+	0x00000d3e, 0x00000d43, 0x00000d46, 0x00000d48,
+	0x00000d4a, 0x00000d4d, 0x00000d57, 0x00000d57,
+	0x00000d60, 0x00000d61, 0x00000d66, 0x00000d6f,
+	0x00000d82, 0x00000d83, 0x00000d85, 0x00000d96,
+	0x00000d9a, 0x00000db1, 0x00000db3, 0x00000dbb,
+	0x00000dbd, 0x00000dbd, 0x00000dc0, 0x00000dc6,
+	0x00000dca, 0x00000dca, 0x00000dcf, 0x00000dd4,
+	0x00000dd6, 0x00000dd6, 0x00000dd8, 0x00000ddf,
+	0x00000df2, 0x00000df4, 0x00000e01, 0x00000e3a,
+	0x00000e3f, 0x00000e5b, 0x00000e81, 0x00000e82,
+	0x00000e84, 0x00000e84, 0x00000e87, 0x00000e88,
+	0x00000e8a, 0x00000e8a, 0x00000e8d, 0x00000e8d,
+	0x00000e94, 0x00000e97, 0x00000e99, 0x00000e9f,
+	0x00000ea1, 0x00000ea3, 0x00000ea5, 0x00000ea5,
+	0x00000ea7, 0x00000ea7, 0x00000eaa, 0x00000eab,
+	0x00000ead, 0x00000eb9, 0x00000ebb, 0x00000ebd,
+	0x00000ec0, 0x00000ec4, 0x00000ec6, 0x00000ec6,
+	0x00000ec8, 0x00000ecd, 0x00000ed0, 0x00000ed9,
+	0x00000edc, 0x00000edd, 0x00000f00, 0x00000f47,
+	0x00000f49, 0x00000f6a, 0x00000f71, 0x00000f8b,
+	0x00000f90, 0x00000f97, 0x00000f99, 0x00000fbc,
+	0x00000fbe, 0x00000fcc, 0x00000fcf, 0x00000fcf,
+	0x00001000, 0x00001021, 0x00001023, 0x00001027,
+	0x00001029, 0x0000102a, 0x0000102c, 0x00001032,
+	0x00001036, 0x00001039, 0x00001040, 0x00001059,
+	0x000010a0, 0x000010c5, 0x000010d0, 0x000010f8,
+	0x000010fb, 0x000010fb, 0x00001100, 0x00001159,
+	0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9,
+	0x00001200, 0x00001206, 0x00001208, 0x00001246,
+	0x00001248, 0x00001248, 0x0000124a, 0x0000124d,
+	0x00001250, 0x00001256, 0x00001258, 0x00001258,
+	0x0000125a, 0x0000125d, 0x00001260, 0x00001286,
+	0x00001288, 0x00001288, 0x0000128a, 0x0000128d,
+	0x00001290, 0x000012ae, 0x000012b0, 0x000012b0,
+	0x000012b2, 0x000012b5, 0x000012b8, 0x000012be,
+	0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5,
+	0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6,
+	0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e,
+	0x00001310, 0x00001310, 0x00001312, 0x00001315,
+	0x00001318, 0x0000131e, 0x00001320, 0x00001346,
+	0x00001348, 0x0000135a, 0x00001361, 0x0000137c,
+	0x000013a0, 0x000013f4, 0x00001401, 0x00001676,
+	0x00001680, 0x0000169c, 0x000016a0, 0x000016f0,
+	0x00001700, 0x0000170c, 0x0000170e, 0x00001714,
+	0x00001720, 0x00001736, 0x00001740, 0x00001753,
+	0x00001760, 0x0000176c, 0x0000176e, 0x00001770,
+	0x00001772, 0x00001773, 0x00001780, 0x000017dc,
+	0x000017e0, 0x000017e9, 0x00001800, 0x0000180e,
+	0x00001810, 0x00001819, 0x00001820, 0x00001877,
+	0x00001880, 0x000018a9, 0x00001e00, 0x00001e9b,
+	0x00001ea0, 0x00001ef9, 0x00001f00, 0x00001f15,
+	0x00001f18, 0x00001f1d, 0x00001f20, 0x00001f45,
+	0x00001f48, 0x00001f4d, 0x00001f50, 0x00001f57,
+	0x00001f59, 0x00001f59, 0x00001f5b, 0x00001f5b,
+	0x00001f5d, 0x00001f5d, 0x00001f5f, 0x00001f7d,
+	0x00001f80, 0x00001fb4, 0x00001fb6, 0x00001fc4,
+	0x00001fc6, 0x00001fd3, 0x00001fd6, 0x00001fdb,
+	0x00001fdd, 0x00001fef, 0x00001ff2, 0x00001ff4,
+	0x00001ff6, 0x00001ffe, 0x00002000, 0x00002052,
+	0x00002057, 0x00002057, 0x0000205f, 0x00002063,
+	0x0000206a, 0x00002071, 0x00002074, 0x0000208e,
+	0x000020a0, 0x000020b1, 0x000020d0, 0x000020ea,
+	0x00002100, 0x0000213a, 0x0000213d, 0x0000214b,
+	0x00002153, 0x00002183, 0x00002190, 0x000023ce,
+	0x00002400, 0x00002426, 0x00002440, 0x0000244a,
+	0x00002460, 0x000024fe, 0x00002500, 0x00002613,
+	0x00002616, 0x00002617, 0x00002619, 0x0000267d,
+	0x00002680, 0x00002689, 0x00002701, 0x00002704,
+	0x00002706, 0x00002709, 0x0000270c, 0x00002727,
+	0x00002729, 0x0000274b, 0x0000274d, 0x0000274d,
+	0x0000274f, 0x00002752, 0x00002756, 0x00002756,
+	0x00002758, 0x0000275e, 0x00002761, 0x00002794,
+	0x00002798, 0x000027af, 0x000027b1, 0x000027be,
+	0x000027d0, 0x000027eb, 0x000027f0, 0x00002aff,
+	0x00002e80, 0x00002e99, 0x00002e9b, 0x00002ef3,
+	0x00002f00, 0x00002fd5, 0x00002ff0, 0x00002ffb,
+	0x00003000, 0x0000303f, 0x00003041, 0x00003096,
+	0x00003099, 0x000030ff, 0x00003105, 0x0000312c,
+	0x00003131, 0x0000318e, 0x00003190, 0x000031b7,
+	0x000031f0, 0x0000321c, 0x00003220, 0x00003243,
+	0x00003251, 0x0000327b, 0x0000327f, 0x000032cb,
+	0x000032d0, 0x000032fe, 0x00003300, 0x00003376,
+	0x0000337b, 0x000033dd, 0x000033e0, 0x000033fe,
+	0x00003400, 0x00004db5, 0x00004e00, 0x00009fa5,
+	0x0000a000, 0x0000a48c, 0x0000a490, 0x0000a4c6,
+	0x0000ac00, 0x0000d7a3, 0x0000f900, 0x0000fb06,
+	0x0000fb13, 0x0000fb17, 0x0000fb1d, 0x0000fb36,
+	0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e,
+	0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44,
+	0x0000fb46, 0x0000fbb1, 0x0000fbd3, 0x0000fd3f,
+	0x0000fd50, 0x0000fd8f, 0x0000fd92, 0x0000fdc7,
+	0x0000fdf0, 0x0000fdfc, 0x0000fe00, 0x0000fe0f,
+	0x0000fe20, 0x0000fe23, 0x0000fe30, 0x0000fe46,
+	0x0000fe49, 0x0000fe52, 0x0000fe54, 0x0000fe66,
+	0x0000fe68, 0x0000fe6b, 0x0000fe70, 0x0000fe74,
+	0x0000fe76, 0x0000fefc, 0x0000feff, 0x0000feff,
+	0x0000ff01, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7,
+	0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7,
+	0x0000ffda, 0x0000ffdc, 0x0000ffe0, 0x0000ffe6,
+	0x0000ffe8, 0x0000ffee, 0x0000fff9, 0x0000fffd,
+	0x00010300, 0x0001031e, 0x00010320, 0x00010323,
+	0x00010330, 0x0001034a, 0x00010400, 0x00010425,
+	0x00010428, 0x0001044d, 0x0001d000, 0x0001d0f5,
+	0x0001d100, 0x0001d126, 0x0001d12a, 0x0001d1dd,
+	0x0001d400, 0x0001d454, 0x0001d456, 0x0001d49c,
+	0x0001d49e, 0x0001d49f, 0x0001d4a2, 0x0001d4a2,
+	0x0001d4a5, 0x0001d4a6, 0x0001d4a9, 0x0001d4ac,
+	0x0001d4ae, 0x0001d4b9, 0x0001d4bb, 0x0001d4bb,
+	0x0001d4bd, 0x0001d4c0, 0x0001d4c2, 0x0001d4c3,
+	0x0001d4c5, 0x0001d505, 0x0001d507, 0x0001d50a,
+	0x0001d50d, 0x0001d514, 0x0001d516, 0x0001d51c,
+	0x0001d51e, 0x0001d539, 0x0001d53b, 0x0001d53e,
+	0x0001d540, 0x0001d544, 0x0001d546, 0x0001d546,
+	0x0001d54a, 0x0001d550, 0x0001d552, 0x0001d6a3,
+	0x0001d6a8, 0x0001d7c9, 0x0001d7ce, 0x0001d7ff,
+	0x00020000, 0x0002a6d6, 0x0002f800, 0x0002fa1d,
+	0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f,
+	0x000000ab, 0x000000ab, 0x00002018, 0x00002018,
+	0x0000201b, 0x0000201c, 0x0000201f, 0x0000201f,
+	0x00002039, 0x00002039, 0x000000bb, 0x000000bb,
+	0x00002019, 0x00002019, 0x0000201d, 0x0000201d,
+	0x0000203a, 0x0000203a, 0x0000061b, 0x0000061b,
+	0x0000061f, 0x0000061f, 0x00000621, 0x0000063a,
+	0x00000640, 0x0000064a, 0x0000066d, 0x0000066f,
+	0x00000671, 0x000006d5, 0x000006dd, 0x000006dd,
+	0x000006e5, 0x000006e6, 0x000006fa, 0x000006fe,
+	0x00000700, 0x0000070d, 0x00000710, 0x00000710,
+	0x00000712, 0x0000072c, 0x00000780, 0x000007a5,
+	0x000007b1, 0x000007b1, 0x0000fb50, 0x0000fbb1,
+	0x0000fbd3, 0x0000fd3d, 0x0000fd50, 0x0000fd8f,
+	0x0000fd92, 0x0000fdc7, 0x0000fdf0, 0x0000fdfc,
+	0x0000fe70, 0x0000fe74, 0x0000fe76, 0x0000fefc
+};
+
+static const krb5_ui_4 _uccase_size = 1504;
+
+static const krb5_ui_2 _uccase_len[2] = {745, 755};
+
+static const krb5_ui_4 _uccase_map[] = {
+	0x00000041, 0x00000061, 0x00000041,
+	0x00000042, 0x00000062, 0x00000042,
+	0x00000043, 0x00000063, 0x00000043,
+	0x00000044, 0x00000064, 0x00000044,
+	0x00000045, 0x00000065, 0x00000045,
+	0x00000046, 0x00000066, 0x00000046,
+	0x00000047, 0x00000067, 0x00000047,
+	0x00000048, 0x00000068, 0x00000048,
+	0x00000049, 0x00000069, 0x00000049,
+	0x0000004a, 0x0000006a, 0x0000004a,
+	0x0000004b, 0x0000006b, 0x0000004b,
+	0x0000004c, 0x0000006c, 0x0000004c,
+	0x0000004d, 0x0000006d, 0x0000004d,
+	0x0000004e, 0x0000006e, 0x0000004e,
+	0x0000004f, 0x0000006f, 0x0000004f,
+	0x00000050, 0x00000070, 0x00000050,
+	0x00000051, 0x00000071, 0x00000051,
+	0x00000052, 0x00000072, 0x00000052,
+	0x00000053, 0x00000073, 0x00000053,
+	0x00000054, 0x00000074, 0x00000054,
+	0x00000055, 0x00000075, 0x00000055,
+	0x00000056, 0x00000076, 0x00000056,
+	0x00000057, 0x00000077, 0x00000057,
+	0x00000058, 0x00000078, 0x00000058,
+	0x00000059, 0x00000079, 0x00000059,
+	0x0000005a, 0x0000007a, 0x0000005a,
+	0x000000c0, 0x000000e0, 0x000000c0,
+	0x000000c1, 0x000000e1, 0x000000c1,
+	0x000000c2, 0x000000e2, 0x000000c2,
+	0x000000c3, 0x000000e3, 0x000000c3,
+	0x000000c4, 0x000000e4, 0x000000c4,
+	0x000000c5, 0x000000e5, 0x000000c5,
+	0x000000c6, 0x000000e6, 0x000000c6,
+	0x000000c7, 0x000000e7, 0x000000c7,
+	0x000000c8, 0x000000e8, 0x000000c8,
+	0x000000c9, 0x000000e9, 0x000000c9,
+	0x000000ca, 0x000000ea, 0x000000ca,
+	0x000000cb, 0x000000eb, 0x000000cb,
+	0x000000cc, 0x000000ec, 0x000000cc,
+	0x000000cd, 0x000000ed, 0x000000cd,
+	0x000000ce, 0x000000ee, 0x000000ce,
+	0x000000cf, 0x000000ef, 0x000000cf,
+	0x000000d0, 0x000000f0, 0x000000d0,
+	0x000000d1, 0x000000f1, 0x000000d1,
+	0x000000d2, 0x000000f2, 0x000000d2,
+	0x000000d3, 0x000000f3, 0x000000d3,
+	0x000000d4, 0x000000f4, 0x000000d4,
+	0x000000d5, 0x000000f5, 0x000000d5,
+	0x000000d6, 0x000000f6, 0x000000d6,
+	0x000000d8, 0x000000f8, 0x000000d8,
+	0x000000d9, 0x000000f9, 0x000000d9,
+	0x000000da, 0x000000fa, 0x000000da,
+	0x000000db, 0x000000fb, 0x000000db,
+	0x000000dc, 0x000000fc, 0x000000dc,
+	0x000000dd, 0x000000fd, 0x000000dd,
+	0x000000de, 0x000000fe, 0x000000de,
+	0x00000100, 0x00000101, 0x00000100,
+	0x00000102, 0x00000103, 0x00000102,
+	0x00000104, 0x00000105, 0x00000104,
+	0x00000106, 0x00000107, 0x00000106,
+	0x00000108, 0x00000109, 0x00000108,
+	0x0000010a, 0x0000010b, 0x0000010a,
+	0x0000010c, 0x0000010d, 0x0000010c,
+	0x0000010e, 0x0000010f, 0x0000010e,
+	0x00000110, 0x00000111, 0x00000110,
+	0x00000112, 0x00000113, 0x00000112,
+	0x00000114, 0x00000115, 0x00000114,
+	0x00000116, 0x00000117, 0x00000116,
+	0x00000118, 0x00000119, 0x00000118,
+	0x0000011a, 0x0000011b, 0x0000011a,
+	0x0000011c, 0x0000011d, 0x0000011c,
+	0x0000011e, 0x0000011f, 0x0000011e,
+	0x00000120, 0x00000121, 0x00000120,
+	0x00000122, 0x00000123, 0x00000122,
+	0x00000124, 0x00000125, 0x00000124,
+	0x00000126, 0x00000127, 0x00000126,
+	0x00000128, 0x00000129, 0x00000128,
+	0x0000012a, 0x0000012b, 0x0000012a,
+	0x0000012c, 0x0000012d, 0x0000012c,
+	0x0000012e, 0x0000012f, 0x0000012e,
+	0x00000130, 0x00000069, 0x00000130,
+	0x00000132, 0x00000133, 0x00000132,
+	0x00000134, 0x00000135, 0x00000134,
+	0x00000136, 0x00000137, 0x00000136,
+	0x00000139, 0x0000013a, 0x00000139,
+	0x0000013b, 0x0000013c, 0x0000013b,
+	0x0000013d, 0x0000013e, 0x0000013d,
+	0x0000013f, 0x00000140, 0x0000013f,
+	0x00000141, 0x00000142, 0x00000141,
+	0x00000143, 0x00000144, 0x00000143,
+	0x00000145, 0x00000146, 0x00000145,
+	0x00000147, 0x00000148, 0x00000147,
+	0x0000014a, 0x0000014b, 0x0000014a,
+	0x0000014c, 0x0000014d, 0x0000014c,
+	0x0000014e, 0x0000014f, 0x0000014e,
+	0x00000150, 0x00000151, 0x00000150,
+	0x00000152, 0x00000153, 0x00000152,
+	0x00000154, 0x00000155, 0x00000154,
+	0x00000156, 0x00000157, 0x00000156,
+	0x00000158, 0x00000159, 0x00000158,
+	0x0000015a, 0x0000015b, 0x0000015a,
+	0x0000015c, 0x0000015d, 0x0000015c,
+	0x0000015e, 0x0000015f, 0x0000015e,
+	0x00000160, 0x00000161, 0x00000160,
+	0x00000162, 0x00000163, 0x00000162,
+	0x00000164, 0x00000165, 0x00000164,
+	0x00000166, 0x00000167, 0x00000166,
+	0x00000168, 0x00000169, 0x00000168,
+	0x0000016a, 0x0000016b, 0x0000016a,
+	0x0000016c, 0x0000016d, 0x0000016c,
+	0x0000016e, 0x0000016f, 0x0000016e,
+	0x00000170, 0x00000171, 0x00000170,
+	0x00000172, 0x00000173, 0x00000172,
+	0x00000174, 0x00000175, 0x00000174,
+	0x00000176, 0x00000177, 0x00000176,
+	0x00000178, 0x000000ff, 0x00000178,
+	0x00000179, 0x0000017a, 0x00000179,
+	0x0000017b, 0x0000017c, 0x0000017b,
+	0x0000017d, 0x0000017e, 0x0000017d,
+	0x00000181, 0x00000253, 0x00000181,
+	0x00000182, 0x00000183, 0x00000182,
+	0x00000184, 0x00000185, 0x00000184,
+	0x00000186, 0x00000254, 0x00000186,
+	0x00000187, 0x00000188, 0x00000187,
+	0x00000189, 0x00000256, 0x00000189,
+	0x0000018a, 0x00000257, 0x0000018a,
+	0x0000018b, 0x0000018c, 0x0000018b,
+	0x0000018e, 0x000001dd, 0x0000018e,
+	0x0000018f, 0x00000259, 0x0000018f,
+	0x00000190, 0x0000025b, 0x00000190,
+	0x00000191, 0x00000192, 0x00000191,
+	0x00000193, 0x00000260, 0x00000193,
+	0x00000194, 0x00000263, 0x00000194,
+	0x00000196, 0x00000269, 0x00000196,
+	0x00000197, 0x00000268, 0x00000197,
+	0x00000198, 0x00000199, 0x00000198,
+	0x0000019c, 0x0000026f, 0x0000019c,
+	0x0000019d, 0x00000272, 0x0000019d,
+	0x0000019f, 0x00000275, 0x0000019f,
+	0x000001a0, 0x000001a1, 0x000001a0,
+	0x000001a2, 0x000001a3, 0x000001a2,
+	0x000001a4, 0x000001a5, 0x000001a4,
+	0x000001a6, 0x00000280, 0x000001a6,
+	0x000001a7, 0x000001a8, 0x000001a7,
+	0x000001a9, 0x00000283, 0x000001a9,
+	0x000001ac, 0x000001ad, 0x000001ac,
+	0x000001ae, 0x00000288, 0x000001ae,
+	0x000001af, 0x000001b0, 0x000001af,
+	0x000001b1, 0x0000028a, 0x000001b1,
+	0x000001b2, 0x0000028b, 0x000001b2,
+	0x000001b3, 0x000001b4, 0x000001b3,
+	0x000001b5, 0x000001b6, 0x000001b5,
+	0x000001b7, 0x00000292, 0x000001b7,
+	0x000001b8, 0x000001b9, 0x000001b8,
+	0x000001bc, 0x000001bd, 0x000001bc,
+	0x000001c4, 0x000001c6, 0x000001c5,
+	0x000001c7, 0x000001c9, 0x000001c8,
+	0x000001ca, 0x000001cc, 0x000001cb,
+	0x000001cd, 0x000001ce, 0x000001cd,
+	0x000001cf, 0x000001d0, 0x000001cf,
+	0x000001d1, 0x000001d2, 0x000001d1,
+	0x000001d3, 0x000001d4, 0x000001d3,
+	0x000001d5, 0x000001d6, 0x000001d5,
+	0x000001d7, 0x000001d8, 0x000001d7,
+	0x000001d9, 0x000001da, 0x000001d9,
+	0x000001db, 0x000001dc, 0x000001db,
+	0x000001de, 0x000001df, 0x000001de,
+	0x000001e0, 0x000001e1, 0x000001e0,
+	0x000001e2, 0x000001e3, 0x000001e2,
+	0x000001e4, 0x000001e5, 0x000001e4,
+	0x000001e6, 0x000001e7, 0x000001e6,
+	0x000001e8, 0x000001e9, 0x000001e8,
+	0x000001ea, 0x000001eb, 0x000001ea,
+	0x000001ec, 0x000001ed, 0x000001ec,
+	0x000001ee, 0x000001ef, 0x000001ee,
+	0x000001f1, 0x000001f3, 0x000001f2,
+	0x000001f4, 0x000001f5, 0x000001f4,
+	0x000001f6, 0x00000195, 0x000001f6,
+	0x000001f7, 0x000001bf, 0x000001f7,
+	0x000001f8, 0x000001f9, 0x000001f8,
+	0x000001fa, 0x000001fb, 0x000001fa,
+	0x000001fc, 0x000001fd, 0x000001fc,
+	0x000001fe, 0x000001ff, 0x000001fe,
+	0x00000200, 0x00000201, 0x00000200,
+	0x00000202, 0x00000203, 0x00000202,
+	0x00000204, 0x00000205, 0x00000204,
+	0x00000206, 0x00000207, 0x00000206,
+	0x00000208, 0x00000209, 0x00000208,
+	0x0000020a, 0x0000020b, 0x0000020a,
+	0x0000020c, 0x0000020d, 0x0000020c,
+	0x0000020e, 0x0000020f, 0x0000020e,
+	0x00000210, 0x00000211, 0x00000210,
+	0x00000212, 0x00000213, 0x00000212,
+	0x00000214, 0x00000215, 0x00000214,
+	0x00000216, 0x00000217, 0x00000216,
+	0x00000218, 0x00000219, 0x00000218,
+	0x0000021a, 0x0000021b, 0x0000021a,
+	0x0000021c, 0x0000021d, 0x0000021c,
+	0x0000021e, 0x0000021f, 0x0000021e,
+	0x00000220, 0x0000019e, 0x00000220,
+	0x00000222, 0x00000223, 0x00000222,
+	0x00000224, 0x00000225, 0x00000224,
+	0x00000226, 0x00000227, 0x00000226,
+	0x00000228, 0x00000229, 0x00000228,
+	0x0000022a, 0x0000022b, 0x0000022a,
+	0x0000022c, 0x0000022d, 0x0000022c,
+	0x0000022e, 0x0000022f, 0x0000022e,
+	0x00000230, 0x00000231, 0x00000230,
+	0x00000232, 0x00000233, 0x00000232,
+	0x00000386, 0x000003ac, 0x00000386,
+	0x00000388, 0x000003ad, 0x00000388,
+	0x00000389, 0x000003ae, 0x00000389,
+	0x0000038a, 0x000003af, 0x0000038a,
+	0x0000038c, 0x000003cc, 0x0000038c,
+	0x0000038e, 0x000003cd, 0x0000038e,
+	0x0000038f, 0x000003ce, 0x0000038f,
+	0x00000391, 0x000003b1, 0x00000391,
+	0x00000392, 0x000003b2, 0x00000392,
+	0x00000393, 0x000003b3, 0x00000393,
+	0x00000394, 0x000003b4, 0x00000394,
+	0x00000395, 0x000003b5, 0x00000395,
+	0x00000396, 0x000003b6, 0x00000396,
+	0x00000397, 0x000003b7, 0x00000397,
+	0x00000398, 0x000003b8, 0x00000398,
+	0x00000399, 0x000003b9, 0x00000399,
+	0x0000039a, 0x000003ba, 0x0000039a,
+	0x0000039b, 0x000003bb, 0x0000039b,
+	0x0000039c, 0x000003bc, 0x0000039c,
+	0x0000039d, 0x000003bd, 0x0000039d,
+	0x0000039e, 0x000003be, 0x0000039e,
+	0x0000039f, 0x000003bf, 0x0000039f,
+	0x000003a0, 0x000003c0, 0x000003a0,
+	0x000003a1, 0x000003c1, 0x000003a1,
+	0x000003a3, 0x000003c3, 0x000003a3,
+	0x000003a4, 0x000003c4, 0x000003a4,
+	0x000003a5, 0x000003c5, 0x000003a5,
+	0x000003a6, 0x000003c6, 0x000003a6,
+	0x000003a7, 0x000003c7, 0x000003a7,
+	0x000003a8, 0x000003c8, 0x000003a8,
+	0x000003a9, 0x000003c9, 0x000003a9,
+	0x000003aa, 0x000003ca, 0x000003aa,
+	0x000003ab, 0x000003cb, 0x000003ab,
+	0x000003d8, 0x000003d9, 0x000003d8,
+	0x000003da, 0x000003db, 0x000003da,
+	0x000003dc, 0x000003dd, 0x000003dc,
+	0x000003de, 0x000003df, 0x000003de,
+	0x000003e0, 0x000003e1, 0x000003e0,
+	0x000003e2, 0x000003e3, 0x000003e2,
+	0x000003e4, 0x000003e5, 0x000003e4,
+	0x000003e6, 0x000003e7, 0x000003e6,
+	0x000003e8, 0x000003e9, 0x000003e8,
+	0x000003ea, 0x000003eb, 0x000003ea,
+	0x000003ec, 0x000003ed, 0x000003ec,
+	0x000003ee, 0x000003ef, 0x000003ee,
+	0x000003f4, 0x000003b8, 0x000003f4,
+	0x00000400, 0x00000450, 0x00000400,
+	0x00000401, 0x00000451, 0x00000401,
+	0x00000402, 0x00000452, 0x00000402,
+	0x00000403, 0x00000453, 0x00000403,
+	0x00000404, 0x00000454, 0x00000404,
+	0x00000405, 0x00000455, 0x00000405,
+	0x00000406, 0x00000456, 0x00000406,
+	0x00000407, 0x00000457, 0x00000407,
+	0x00000408, 0x00000458, 0x00000408,
+	0x00000409, 0x00000459, 0x00000409,
+	0x0000040a, 0x0000045a, 0x0000040a,
+	0x0000040b, 0x0000045b, 0x0000040b,
+	0x0000040c, 0x0000045c, 0x0000040c,
+	0x0000040d, 0x0000045d, 0x0000040d,
+	0x0000040e, 0x0000045e, 0x0000040e,
+	0x0000040f, 0x0000045f, 0x0000040f,
+	0x00000410, 0x00000430, 0x00000410,
+	0x00000411, 0x00000431, 0x00000411,
+	0x00000412, 0x00000432, 0x00000412,
+	0x00000413, 0x00000433, 0x00000413,
+	0x00000414, 0x00000434, 0x00000414,
+	0x00000415, 0x00000435, 0x00000415,
+	0x00000416, 0x00000436, 0x00000416,
+	0x00000417, 0x00000437, 0x00000417,
+	0x00000418, 0x00000438, 0x00000418,
+	0x00000419, 0x00000439, 0x00000419,
+	0x0000041a, 0x0000043a, 0x0000041a,
+	0x0000041b, 0x0000043b, 0x0000041b,
+	0x0000041c, 0x0000043c, 0x0000041c,
+	0x0000041d, 0x0000043d, 0x0000041d,
+	0x0000041e, 0x0000043e, 0x0000041e,
+	0x0000041f, 0x0000043f, 0x0000041f,
+	0x00000420, 0x00000440, 0x00000420,
+	0x00000421, 0x00000441, 0x00000421,
+	0x00000422, 0x00000442, 0x00000422,
+	0x00000423, 0x00000443, 0x00000423,
+	0x00000424, 0x00000444, 0x00000424,
+	0x00000425, 0x00000445, 0x00000425,
+	0x00000426, 0x00000446, 0x00000426,
+	0x00000427, 0x00000447, 0x00000427,
+	0x00000428, 0x00000448, 0x00000428,
+	0x00000429, 0x00000449, 0x00000429,
+	0x0000042a, 0x0000044a, 0x0000042a,
+	0x0000042b, 0x0000044b, 0x0000042b,
+	0x0000042c, 0x0000044c, 0x0000042c,
+	0x0000042d, 0x0000044d, 0x0000042d,
+	0x0000042e, 0x0000044e, 0x0000042e,
+	0x0000042f, 0x0000044f, 0x0000042f,
+	0x00000460, 0x00000461, 0x00000460,
+	0x00000462, 0x00000463, 0x00000462,
+	0x00000464, 0x00000465, 0x00000464,
+	0x00000466, 0x00000467, 0x00000466,
+	0x00000468, 0x00000469, 0x00000468,
+	0x0000046a, 0x0000046b, 0x0000046a,
+	0x0000046c, 0x0000046d, 0x0000046c,
+	0x0000046e, 0x0000046f, 0x0000046e,
+	0x00000470, 0x00000471, 0x00000470,
+	0x00000472, 0x00000473, 0x00000472,
+	0x00000474, 0x00000475, 0x00000474,
+	0x00000476, 0x00000477, 0x00000476,
+	0x00000478, 0x00000479, 0x00000478,
+	0x0000047a, 0x0000047b, 0x0000047a,
+	0x0000047c, 0x0000047d, 0x0000047c,
+	0x0000047e, 0x0000047f, 0x0000047e,
+	0x00000480, 0x00000481, 0x00000480,
+	0x0000048a, 0x0000048b, 0x0000048a,
+	0x0000048c, 0x0000048d, 0x0000048c,
+	0x0000048e, 0x0000048f, 0x0000048e,
+	0x00000490, 0x00000491, 0x00000490,
+	0x00000492, 0x00000493, 0x00000492,
+	0x00000494, 0x00000495, 0x00000494,
+	0x00000496, 0x00000497, 0x00000496,
+	0x00000498, 0x00000499, 0x00000498,
+	0x0000049a, 0x0000049b, 0x0000049a,
+	0x0000049c, 0x0000049d, 0x0000049c,
+	0x0000049e, 0x0000049f, 0x0000049e,
+	0x000004a0, 0x000004a1, 0x000004a0,
+	0x000004a2, 0x000004a3, 0x000004a2,
+	0x000004a4, 0x000004a5, 0x000004a4,
+	0x000004a6, 0x000004a7, 0x000004a6,
+	0x000004a8, 0x000004a9, 0x000004a8,
+	0x000004aa, 0x000004ab, 0x000004aa,
+	0x000004ac, 0x000004ad, 0x000004ac,
+	0x000004ae, 0x000004af, 0x000004ae,
+	0x000004b0, 0x000004b1, 0x000004b0,
+	0x000004b2, 0x000004b3, 0x000004b2,
+	0x000004b4, 0x000004b5, 0x000004b4,
+	0x000004b6, 0x000004b7, 0x000004b6,
+	0x000004b8, 0x000004b9, 0x000004b8,
+	0x000004ba, 0x000004bb, 0x000004ba,
+	0x000004bc, 0x000004bd, 0x000004bc,
+	0x000004be, 0x000004bf, 0x000004be,
+	0x000004c1, 0x000004c2, 0x000004c1,
+	0x000004c3, 0x000004c4, 0x000004c3,
+	0x000004c5, 0x000004c6, 0x000004c5,
+	0x000004c7, 0x000004c8, 0x000004c7,
+	0x000004c9, 0x000004ca, 0x000004c9,
+	0x000004cb, 0x000004cc, 0x000004cb,
+	0x000004cd, 0x000004ce, 0x000004cd,
+	0x000004d0, 0x000004d1, 0x000004d0,
+	0x000004d2, 0x000004d3, 0x000004d2,
+	0x000004d4, 0x000004d5, 0x000004d4,
+	0x000004d6, 0x000004d7, 0x000004d6,
+	0x000004d8, 0x000004d9, 0x000004d8,
+	0x000004da, 0x000004db, 0x000004da,
+	0x000004dc, 0x000004dd, 0x000004dc,
+	0x000004de, 0x000004df, 0x000004de,
+	0x000004e0, 0x000004e1, 0x000004e0,
+	0x000004e2, 0x000004e3, 0x000004e2,
+	0x000004e4, 0x000004e5, 0x000004e4,
+	0x000004e6, 0x000004e7, 0x000004e6,
+	0x000004e8, 0x000004e9, 0x000004e8,
+	0x000004ea, 0x000004eb, 0x000004ea,
+	0x000004ec, 0x000004ed, 0x000004ec,
+	0x000004ee, 0x000004ef, 0x000004ee,
+	0x000004f0, 0x000004f1, 0x000004f0,
+	0x000004f2, 0x000004f3, 0x000004f2,
+	0x000004f4, 0x000004f5, 0x000004f4,
+	0x000004f8, 0x000004f9, 0x000004f8,
+	0x00000500, 0x00000501, 0x00000500,
+	0x00000502, 0x00000503, 0x00000502,
+	0x00000504, 0x00000505, 0x00000504,
+	0x00000506, 0x00000507, 0x00000506,
+	0x00000508, 0x00000509, 0x00000508,
+	0x0000050a, 0x0000050b, 0x0000050a,
+	0x0000050c, 0x0000050d, 0x0000050c,
+	0x0000050e, 0x0000050f, 0x0000050e,
+	0x00000531, 0x00000561, 0x00000531,
+	0x00000532, 0x00000562, 0x00000532,
+	0x00000533, 0x00000563, 0x00000533,
+	0x00000534, 0x00000564, 0x00000534,
+	0x00000535, 0x00000565, 0x00000535,
+	0x00000536, 0x00000566, 0x00000536,
+	0x00000537, 0x00000567, 0x00000537,
+	0x00000538, 0x00000568, 0x00000538,
+	0x00000539, 0x00000569, 0x00000539,
+	0x0000053a, 0x0000056a, 0x0000053a,
+	0x0000053b, 0x0000056b, 0x0000053b,
+	0x0000053c, 0x0000056c, 0x0000053c,
+	0x0000053d, 0x0000056d, 0x0000053d,
+	0x0000053e, 0x0000056e, 0x0000053e,
+	0x0000053f, 0x0000056f, 0x0000053f,
+	0x00000540, 0x00000570, 0x00000540,
+	0x00000541, 0x00000571, 0x00000541,
+	0x00000542, 0x00000572, 0x00000542,
+	0x00000543, 0x00000573, 0x00000543,
+	0x00000544, 0x00000574, 0x00000544,
+	0x00000545, 0x00000575, 0x00000545,
+	0x00000546, 0x00000576, 0x00000546,
+	0x00000547, 0x00000577, 0x00000547,
+	0x00000548, 0x00000578, 0x00000548,
+	0x00000549, 0x00000579, 0x00000549,
+	0x0000054a, 0x0000057a, 0x0000054a,
+	0x0000054b, 0x0000057b, 0x0000054b,
+	0x0000054c, 0x0000057c, 0x0000054c,
+	0x0000054d, 0x0000057d, 0x0000054d,
+	0x0000054e, 0x0000057e, 0x0000054e,
+	0x0000054f, 0x0000057f, 0x0000054f,
+	0x00000550, 0x00000580, 0x00000550,
+	0x00000551, 0x00000581, 0x00000551,
+	0x00000552, 0x00000582, 0x00000552,
+	0x00000553, 0x00000583, 0x00000553,
+	0x00000554, 0x00000584, 0x00000554,
+	0x00000555, 0x00000585, 0x00000555,
+	0x00000556, 0x00000586, 0x00000556,
+	0x00001e00, 0x00001e01, 0x00001e00,
+	0x00001e02, 0x00001e03, 0x00001e02,
+	0x00001e04, 0x00001e05, 0x00001e04,
+	0x00001e06, 0x00001e07, 0x00001e06,
+	0x00001e08, 0x00001e09, 0x00001e08,
+	0x00001e0a, 0x00001e0b, 0x00001e0a,
+	0x00001e0c, 0x00001e0d, 0x00001e0c,
+	0x00001e0e, 0x00001e0f, 0x00001e0e,
+	0x00001e10, 0x00001e11, 0x00001e10,
+	0x00001e12, 0x00001e13, 0x00001e12,
+	0x00001e14, 0x00001e15, 0x00001e14,
+	0x00001e16, 0x00001e17, 0x00001e16,
+	0x00001e18, 0x00001e19, 0x00001e18,
+	0x00001e1a, 0x00001e1b, 0x00001e1a,
+	0x00001e1c, 0x00001e1d, 0x00001e1c,
+	0x00001e1e, 0x00001e1f, 0x00001e1e,
+	0x00001e20, 0x00001e21, 0x00001e20,
+	0x00001e22, 0x00001e23, 0x00001e22,
+	0x00001e24, 0x00001e25, 0x00001e24,
+	0x00001e26, 0x00001e27, 0x00001e26,
+	0x00001e28, 0x00001e29, 0x00001e28,
+	0x00001e2a, 0x00001e2b, 0x00001e2a,
+	0x00001e2c, 0x00001e2d, 0x00001e2c,
+	0x00001e2e, 0x00001e2f, 0x00001e2e,
+	0x00001e30, 0x00001e31, 0x00001e30,
+	0x00001e32, 0x00001e33, 0x00001e32,
+	0x00001e34, 0x00001e35, 0x00001e34,
+	0x00001e36, 0x00001e37, 0x00001e36,
+	0x00001e38, 0x00001e39, 0x00001e38,
+	0x00001e3a, 0x00001e3b, 0x00001e3a,
+	0x00001e3c, 0x00001e3d, 0x00001e3c,
+	0x00001e3e, 0x00001e3f, 0x00001e3e,
+	0x00001e40, 0x00001e41, 0x00001e40,
+	0x00001e42, 0x00001e43, 0x00001e42,
+	0x00001e44, 0x00001e45, 0x00001e44,
+	0x00001e46, 0x00001e47, 0x00001e46,
+	0x00001e48, 0x00001e49, 0x00001e48,
+	0x00001e4a, 0x00001e4b, 0x00001e4a,
+	0x00001e4c, 0x00001e4d, 0x00001e4c,
+	0x00001e4e, 0x00001e4f, 0x00001e4e,
+	0x00001e50, 0x00001e51, 0x00001e50,
+	0x00001e52, 0x00001e53, 0x00001e52,
+	0x00001e54, 0x00001e55, 0x00001e54,
+	0x00001e56, 0x00001e57, 0x00001e56,
+	0x00001e58, 0x00001e59, 0x00001e58,
+	0x00001e5a, 0x00001e5b, 0x00001e5a,
+	0x00001e5c, 0x00001e5d, 0x00001e5c,
+	0x00001e5e, 0x00001e5f, 0x00001e5e,
+	0x00001e60, 0x00001e61, 0x00001e60,
+	0x00001e62, 0x00001e63, 0x00001e62,
+	0x00001e64, 0x00001e65, 0x00001e64,
+	0x00001e66, 0x00001e67, 0x00001e66,
+	0x00001e68, 0x00001e69, 0x00001e68,
+	0x00001e6a, 0x00001e6b, 0x00001e6a,
+	0x00001e6c, 0x00001e6d, 0x00001e6c,
+	0x00001e6e, 0x00001e6f, 0x00001e6e,
+	0x00001e70, 0x00001e71, 0x00001e70,
+	0x00001e72, 0x00001e73, 0x00001e72,
+	0x00001e74, 0x00001e75, 0x00001e74,
+	0x00001e76, 0x00001e77, 0x00001e76,
+	0x00001e78, 0x00001e79, 0x00001e78,
+	0x00001e7a, 0x00001e7b, 0x00001e7a,
+	0x00001e7c, 0x00001e7d, 0x00001e7c,
+	0x00001e7e, 0x00001e7f, 0x00001e7e,
+	0x00001e80, 0x00001e81, 0x00001e80,
+	0x00001e82, 0x00001e83, 0x00001e82,
+	0x00001e84, 0x00001e85, 0x00001e84,
+	0x00001e86, 0x00001e87, 0x00001e86,
+	0x00001e88, 0x00001e89, 0x00001e88,
+	0x00001e8a, 0x00001e8b, 0x00001e8a,
+	0x00001e8c, 0x00001e8d, 0x00001e8c,
+	0x00001e8e, 0x00001e8f, 0x00001e8e,
+	0x00001e90, 0x00001e91, 0x00001e90,
+	0x00001e92, 0x00001e93, 0x00001e92,
+	0x00001e94, 0x00001e95, 0x00001e94,
+	0x00001ea0, 0x00001ea1, 0x00001ea0,
+	0x00001ea2, 0x00001ea3, 0x00001ea2,
+	0x00001ea4, 0x00001ea5, 0x00001ea4,
+	0x00001ea6, 0x00001ea7, 0x00001ea6,
+	0x00001ea8, 0x00001ea9, 0x00001ea8,
+	0x00001eaa, 0x00001eab, 0x00001eaa,
+	0x00001eac, 0x00001ead, 0x00001eac,
+	0x00001eae, 0x00001eaf, 0x00001eae,
+	0x00001eb0, 0x00001eb1, 0x00001eb0,
+	0x00001eb2, 0x00001eb3, 0x00001eb2,
+	0x00001eb4, 0x00001eb5, 0x00001eb4,
+	0x00001eb6, 0x00001eb7, 0x00001eb6,
+	0x00001eb8, 0x00001eb9, 0x00001eb8,
+	0x00001eba, 0x00001ebb, 0x00001eba,
+	0x00001ebc, 0x00001ebd, 0x00001ebc,
+	0x00001ebe, 0x00001ebf, 0x00001ebe,
+	0x00001ec0, 0x00001ec1, 0x00001ec0,
+	0x00001ec2, 0x00001ec3, 0x00001ec2,
+	0x00001ec4, 0x00001ec5, 0x00001ec4,
+	0x00001ec6, 0x00001ec7, 0x00001ec6,
+	0x00001ec8, 0x00001ec9, 0x00001ec8,
+	0x00001eca, 0x00001ecb, 0x00001eca,
+	0x00001ecc, 0x00001ecd, 0x00001ecc,
+	0x00001ece, 0x00001ecf, 0x00001ece,
+	0x00001ed0, 0x00001ed1, 0x00001ed0,
+	0x00001ed2, 0x00001ed3, 0x00001ed2,
+	0x00001ed4, 0x00001ed5, 0x00001ed4,
+	0x00001ed6, 0x00001ed7, 0x00001ed6,
+	0x00001ed8, 0x00001ed9, 0x00001ed8,
+	0x00001eda, 0x00001edb, 0x00001eda,
+	0x00001edc, 0x00001edd, 0x00001edc,
+	0x00001ede, 0x00001edf, 0x00001ede,
+	0x00001ee0, 0x00001ee1, 0x00001ee0,
+	0x00001ee2, 0x00001ee3, 0x00001ee2,
+	0x00001ee4, 0x00001ee5, 0x00001ee4,
+	0x00001ee6, 0x00001ee7, 0x00001ee6,
+	0x00001ee8, 0x00001ee9, 0x00001ee8,
+	0x00001eea, 0x00001eeb, 0x00001eea,
+	0x00001eec, 0x00001eed, 0x00001eec,
+	0x00001eee, 0x00001eef, 0x00001eee,
+	0x00001ef0, 0x00001ef1, 0x00001ef0,
+	0x00001ef2, 0x00001ef3, 0x00001ef2,
+	0x00001ef4, 0x00001ef5, 0x00001ef4,
+	0x00001ef6, 0x00001ef7, 0x00001ef6,
+	0x00001ef8, 0x00001ef9, 0x00001ef8,
+	0x00001f08, 0x00001f00, 0x00001f08,
+	0x00001f09, 0x00001f01, 0x00001f09,
+	0x00001f0a, 0x00001f02, 0x00001f0a,
+	0x00001f0b, 0x00001f03, 0x00001f0b,
+	0x00001f0c, 0x00001f04, 0x00001f0c,
+	0x00001f0d, 0x00001f05, 0x00001f0d,
+	0x00001f0e, 0x00001f06, 0x00001f0e,
+	0x00001f0f, 0x00001f07, 0x00001f0f,
+	0x00001f18, 0x00001f10, 0x00001f18,
+	0x00001f19, 0x00001f11, 0x00001f19,
+	0x00001f1a, 0x00001f12, 0x00001f1a,
+	0x00001f1b, 0x00001f13, 0x00001f1b,
+	0x00001f1c, 0x00001f14, 0x00001f1c,
+	0x00001f1d, 0x00001f15, 0x00001f1d,
+	0x00001f28, 0x00001f20, 0x00001f28,
+	0x00001f29, 0x00001f21, 0x00001f29,
+	0x00001f2a, 0x00001f22, 0x00001f2a,
+	0x00001f2b, 0x00001f23, 0x00001f2b,
+	0x00001f2c, 0x00001f24, 0x00001f2c,
+	0x00001f2d, 0x00001f25, 0x00001f2d,
+	0x00001f2e, 0x00001f26, 0x00001f2e,
+	0x00001f2f, 0x00001f27, 0x00001f2f,
+	0x00001f38, 0x00001f30, 0x00001f38,
+	0x00001f39, 0x00001f31, 0x00001f39,
+	0x00001f3a, 0x00001f32, 0x00001f3a,
+	0x00001f3b, 0x00001f33, 0x00001f3b,
+	0x00001f3c, 0x00001f34, 0x00001f3c,
+	0x00001f3d, 0x00001f35, 0x00001f3d,
+	0x00001f3e, 0x00001f36, 0x00001f3e,
+	0x00001f3f, 0x00001f37, 0x00001f3f,
+	0x00001f48, 0x00001f40, 0x00001f48,
+	0x00001f49, 0x00001f41, 0x00001f49,
+	0x00001f4a, 0x00001f42, 0x00001f4a,
+	0x00001f4b, 0x00001f43, 0x00001f4b,
+	0x00001f4c, 0x00001f44, 0x00001f4c,
+	0x00001f4d, 0x00001f45, 0x00001f4d,
+	0x00001f59, 0x00001f51, 0x00001f59,
+	0x00001f5b, 0x00001f53, 0x00001f5b,
+	0x00001f5d, 0x00001f55, 0x00001f5d,
+	0x00001f5f, 0x00001f57, 0x00001f5f,
+	0x00001f68, 0x00001f60, 0x00001f68,
+	0x00001f69, 0x00001f61, 0x00001f69,
+	0x00001f6a, 0x00001f62, 0x00001f6a,
+	0x00001f6b, 0x00001f63, 0x00001f6b,
+	0x00001f6c, 0x00001f64, 0x00001f6c,
+	0x00001f6d, 0x00001f65, 0x00001f6d,
+	0x00001f6e, 0x00001f66, 0x00001f6e,
+	0x00001f6f, 0x00001f67, 0x00001f6f,
+	0x00001f88, 0x00001f80, 0x00001f88,
+	0x00001f89, 0x00001f81, 0x00001f89,
+	0x00001f8a, 0x00001f82, 0x00001f8a,
+	0x00001f8b, 0x00001f83, 0x00001f8b,
+	0x00001f8c, 0x00001f84, 0x00001f8c,
+	0x00001f8d, 0x00001f85, 0x00001f8d,
+	0x00001f8e, 0x00001f86, 0x00001f8e,
+	0x00001f8f, 0x00001f87, 0x00001f8f,
+	0x00001f98, 0x00001f90, 0x00001f98,
+	0x00001f99, 0x00001f91, 0x00001f99,
+	0x00001f9a, 0x00001f92, 0x00001f9a,
+	0x00001f9b, 0x00001f93, 0x00001f9b,
+	0x00001f9c, 0x00001f94, 0x00001f9c,
+	0x00001f9d, 0x00001f95, 0x00001f9d,
+	0x00001f9e, 0x00001f96, 0x00001f9e,
+	0x00001f9f, 0x00001f97, 0x00001f9f,
+	0x00001fa8, 0x00001fa0, 0x00001fa8,
+	0x00001fa9, 0x00001fa1, 0x00001fa9,
+	0x00001faa, 0x00001fa2, 0x00001faa,
+	0x00001fab, 0x00001fa3, 0x00001fab,
+	0x00001fac, 0x00001fa4, 0x00001fac,
+	0x00001fad, 0x00001fa5, 0x00001fad,
+	0x00001fae, 0x00001fa6, 0x00001fae,
+	0x00001faf, 0x00001fa7, 0x00001faf,
+	0x00001fb8, 0x00001fb0, 0x00001fb8,
+	0x00001fb9, 0x00001fb1, 0x00001fb9,
+	0x00001fba, 0x00001f70, 0x00001fba,
+	0x00001fbb, 0x00001f71, 0x00001fbb,
+	0x00001fbc, 0x00001fb3, 0x00001fbc,
+	0x00001fc8, 0x00001f72, 0x00001fc8,
+	0x00001fc9, 0x00001f73, 0x00001fc9,
+	0x00001fca, 0x00001f74, 0x00001fca,
+	0x00001fcb, 0x00001f75, 0x00001fcb,
+	0x00001fcc, 0x00001fc3, 0x00001fcc,
+	0x00001fd8, 0x00001fd0, 0x00001fd8,
+	0x00001fd9, 0x00001fd1, 0x00001fd9,
+	0x00001fda, 0x00001f76, 0x00001fda,
+	0x00001fdb, 0x00001f77, 0x00001fdb,
+	0x00001fe8, 0x00001fe0, 0x00001fe8,
+	0x00001fe9, 0x00001fe1, 0x00001fe9,
+	0x00001fea, 0x00001f7a, 0x00001fea,
+	0x00001feb, 0x00001f7b, 0x00001feb,
+	0x00001fec, 0x00001fe5, 0x00001fec,
+	0x00001ff8, 0x00001f78, 0x00001ff8,
+	0x00001ff9, 0x00001f79, 0x00001ff9,
+	0x00001ffa, 0x00001f7c, 0x00001ffa,
+	0x00001ffb, 0x00001f7d, 0x00001ffb,
+	0x00001ffc, 0x00001ff3, 0x00001ffc,
+	0x00002126, 0x000003c9, 0x00002126,
+	0x0000212a, 0x0000006b, 0x0000212a,
+	0x0000212b, 0x000000e5, 0x0000212b,
+	0x00002160, 0x00002170, 0x00002160,
+	0x00002161, 0x00002171, 0x00002161,
+	0x00002162, 0x00002172, 0x00002162,
+	0x00002163, 0x00002173, 0x00002163,
+	0x00002164, 0x00002174, 0x00002164,
+	0x00002165, 0x00002175, 0x00002165,
+	0x00002166, 0x00002176, 0x00002166,
+	0x00002167, 0x00002177, 0x00002167,
+	0x00002168, 0x00002178, 0x00002168,
+	0x00002169, 0x00002179, 0x00002169,
+	0x0000216a, 0x0000217a, 0x0000216a,
+	0x0000216b, 0x0000217b, 0x0000216b,
+	0x0000216c, 0x0000217c, 0x0000216c,
+	0x0000216d, 0x0000217d, 0x0000216d,
+	0x0000216e, 0x0000217e, 0x0000216e,
+	0x0000216f, 0x0000217f, 0x0000216f,
+	0x000024b6, 0x000024d0, 0x000024b6,
+	0x000024b7, 0x000024d1, 0x000024b7,
+	0x000024b8, 0x000024d2, 0x000024b8,
+	0x000024b9, 0x000024d3, 0x000024b9,
+	0x000024ba, 0x000024d4, 0x000024ba,
+	0x000024bb, 0x000024d5, 0x000024bb,
+	0x000024bc, 0x000024d6, 0x000024bc,
+	0x000024bd, 0x000024d7, 0x000024bd,
+	0x000024be, 0x000024d8, 0x000024be,
+	0x000024bf, 0x000024d9, 0x000024bf,
+	0x000024c0, 0x000024da, 0x000024c0,
+	0x000024c1, 0x000024db, 0x000024c1,
+	0x000024c2, 0x000024dc, 0x000024c2,
+	0x000024c3, 0x000024dd, 0x000024c3,
+	0x000024c4, 0x000024de, 0x000024c4,
+	0x000024c5, 0x000024df, 0x000024c5,
+	0x000024c6, 0x000024e0, 0x000024c6,
+	0x000024c7, 0x000024e1, 0x000024c7,
+	0x000024c8, 0x000024e2, 0x000024c8,
+	0x000024c9, 0x000024e3, 0x000024c9,
+	0x000024ca, 0x000024e4, 0x000024ca,
+	0x000024cb, 0x000024e5, 0x000024cb,
+	0x000024cc, 0x000024e6, 0x000024cc,
+	0x000024cd, 0x000024e7, 0x000024cd,
+	0x000024ce, 0x000024e8, 0x000024ce,
+	0x000024cf, 0x000024e9, 0x000024cf,
+	0x0000ff21, 0x0000ff41, 0x0000ff21,
+	0x0000ff22, 0x0000ff42, 0x0000ff22,
+	0x0000ff23, 0x0000ff43, 0x0000ff23,
+	0x0000ff24, 0x0000ff44, 0x0000ff24,
+	0x0000ff25, 0x0000ff45, 0x0000ff25,
+	0x0000ff26, 0x0000ff46, 0x0000ff26,
+	0x0000ff27, 0x0000ff47, 0x0000ff27,
+	0x0000ff28, 0x0000ff48, 0x0000ff28,
+	0x0000ff29, 0x0000ff49, 0x0000ff29,
+	0x0000ff2a, 0x0000ff4a, 0x0000ff2a,
+	0x0000ff2b, 0x0000ff4b, 0x0000ff2b,
+	0x0000ff2c, 0x0000ff4c, 0x0000ff2c,
+	0x0000ff2d, 0x0000ff4d, 0x0000ff2d,
+	0x0000ff2e, 0x0000ff4e, 0x0000ff2e,
+	0x0000ff2f, 0x0000ff4f, 0x0000ff2f,
+	0x0000ff30, 0x0000ff50, 0x0000ff30,
+	0x0000ff31, 0x0000ff51, 0x0000ff31,
+	0x0000ff32, 0x0000ff52, 0x0000ff32,
+	0x0000ff33, 0x0000ff53, 0x0000ff33,
+	0x0000ff34, 0x0000ff54, 0x0000ff34,
+	0x0000ff35, 0x0000ff55, 0x0000ff35,
+	0x0000ff36, 0x0000ff56, 0x0000ff36,
+	0x0000ff37, 0x0000ff57, 0x0000ff37,
+	0x0000ff38, 0x0000ff58, 0x0000ff38,
+	0x0000ff39, 0x0000ff59, 0x0000ff39,
+	0x0000ff3a, 0x0000ff5a, 0x0000ff3a,
+	0x00010400, 0x00010428, 0x00010400,
+	0x00010401, 0x00010429, 0x00010401,
+	0x00010402, 0x0001042a, 0x00010402,
+	0x00010403, 0x0001042b, 0x00010403,
+	0x00010404, 0x0001042c, 0x00010404,
+	0x00010405, 0x0001042d, 0x00010405,
+	0x00010406, 0x0001042e, 0x00010406,
+	0x00010407, 0x0001042f, 0x00010407,
+	0x00010408, 0x00010430, 0x00010408,
+	0x00010409, 0x00010431, 0x00010409,
+	0x0001040a, 0x00010432, 0x0001040a,
+	0x0001040b, 0x00010433, 0x0001040b,
+	0x0001040c, 0x00010434, 0x0001040c,
+	0x0001040d, 0x00010435, 0x0001040d,
+	0x0001040e, 0x00010436, 0x0001040e,
+	0x0001040f, 0x00010437, 0x0001040f,
+	0x00010410, 0x00010438, 0x00010410,
+	0x00010411, 0x00010439, 0x00010411,
+	0x00010412, 0x0001043a, 0x00010412,
+	0x00010413, 0x0001043b, 0x00010413,
+	0x00010414, 0x0001043c, 0x00010414,
+	0x00010415, 0x0001043d, 0x00010415,
+	0x00010416, 0x0001043e, 0x00010416,
+	0x00010417, 0x0001043f, 0x00010417,
+	0x00010418, 0x00010440, 0x00010418,
+	0x00010419, 0x00010441, 0x00010419,
+	0x0001041a, 0x00010442, 0x0001041a,
+	0x0001041b, 0x00010443, 0x0001041b,
+	0x0001041c, 0x00010444, 0x0001041c,
+	0x0001041d, 0x00010445, 0x0001041d,
+	0x0001041e, 0x00010446, 0x0001041e,
+	0x0001041f, 0x00010447, 0x0001041f,
+	0x00010420, 0x00010448, 0x00010420,
+	0x00010421, 0x00010449, 0x00010421,
+	0x00010422, 0x0001044a, 0x00010422,
+	0x00010423, 0x0001044b, 0x00010423,
+	0x00010424, 0x0001044c, 0x00010424,
+	0x00010425, 0x0001044d, 0x00010425,
+	0x00000061, 0x00000041, 0x00000041,
+	0x00000062, 0x00000042, 0x00000042,
+	0x00000063, 0x00000043, 0x00000043,
+	0x00000064, 0x00000044, 0x00000044,
+	0x00000065, 0x00000045, 0x00000045,
+	0x00000066, 0x00000046, 0x00000046,
+	0x00000067, 0x00000047, 0x00000047,
+	0x00000068, 0x00000048, 0x00000048,
+	0x00000069, 0x00000049, 0x00000049,
+	0x0000006a, 0x0000004a, 0x0000004a,
+	0x0000006b, 0x0000004b, 0x0000004b,
+	0x0000006c, 0x0000004c, 0x0000004c,
+	0x0000006d, 0x0000004d, 0x0000004d,
+	0x0000006e, 0x0000004e, 0x0000004e,
+	0x0000006f, 0x0000004f, 0x0000004f,
+	0x00000070, 0x00000050, 0x00000050,
+	0x00000071, 0x00000051, 0x00000051,
+	0x00000072, 0x00000052, 0x00000052,
+	0x00000073, 0x00000053, 0x00000053,
+	0x00000074, 0x00000054, 0x00000054,
+	0x00000075, 0x00000055, 0x00000055,
+	0x00000076, 0x00000056, 0x00000056,
+	0x00000077, 0x00000057, 0x00000057,
+	0x00000078, 0x00000058, 0x00000058,
+	0x00000079, 0x00000059, 0x00000059,
+	0x0000007a, 0x0000005a, 0x0000005a,
+	0x000000b5, 0x0000039c, 0x0000039c,
+	0x000000e0, 0x000000c0, 0x000000c0,
+	0x000000e1, 0x000000c1, 0x000000c1,
+	0x000000e2, 0x000000c2, 0x000000c2,
+	0x000000e3, 0x000000c3, 0x000000c3,
+	0x000000e4, 0x000000c4, 0x000000c4,
+	0x000000e5, 0x000000c5, 0x000000c5,
+	0x000000e6, 0x000000c6, 0x000000c6,
+	0x000000e7, 0x000000c7, 0x000000c7,
+	0x000000e8, 0x000000c8, 0x000000c8,
+	0x000000e9, 0x000000c9, 0x000000c9,
+	0x000000ea, 0x000000ca, 0x000000ca,
+	0x000000eb, 0x000000cb, 0x000000cb,
+	0x000000ec, 0x000000cc, 0x000000cc,
+	0x000000ed, 0x000000cd, 0x000000cd,
+	0x000000ee, 0x000000ce, 0x000000ce,
+	0x000000ef, 0x000000cf, 0x000000cf,
+	0x000000f0, 0x000000d0, 0x000000d0,
+	0x000000f1, 0x000000d1, 0x000000d1,
+	0x000000f2, 0x000000d2, 0x000000d2,
+	0x000000f3, 0x000000d3, 0x000000d3,
+	0x000000f4, 0x000000d4, 0x000000d4,
+	0x000000f5, 0x000000d5, 0x000000d5,
+	0x000000f6, 0x000000d6, 0x000000d6,
+	0x000000f8, 0x000000d8, 0x000000d8,
+	0x000000f9, 0x000000d9, 0x000000d9,
+	0x000000fa, 0x000000da, 0x000000da,
+	0x000000fb, 0x000000db, 0x000000db,
+	0x000000fc, 0x000000dc, 0x000000dc,
+	0x000000fd, 0x000000dd, 0x000000dd,
+	0x000000fe, 0x000000de, 0x000000de,
+	0x000000ff, 0x00000178, 0x00000178,
+	0x00000101, 0x00000100, 0x00000100,
+	0x00000103, 0x00000102, 0x00000102,
+	0x00000105, 0x00000104, 0x00000104,
+	0x00000107, 0x00000106, 0x00000106,
+	0x00000109, 0x00000108, 0x00000108,
+	0x0000010b, 0x0000010a, 0x0000010a,
+	0x0000010d, 0x0000010c, 0x0000010c,
+	0x0000010f, 0x0000010e, 0x0000010e,
+	0x00000111, 0x00000110, 0x00000110,
+	0x00000113, 0x00000112, 0x00000112,
+	0x00000115, 0x00000114, 0x00000114,
+	0x00000117, 0x00000116, 0x00000116,
+	0x00000119, 0x00000118, 0x00000118,
+	0x0000011b, 0x0000011a, 0x0000011a,
+	0x0000011d, 0x0000011c, 0x0000011c,
+	0x0000011f, 0x0000011e, 0x0000011e,
+	0x00000121, 0x00000120, 0x00000120,
+	0x00000123, 0x00000122, 0x00000122,
+	0x00000125, 0x00000124, 0x00000124,
+	0x00000127, 0x00000126, 0x00000126,
+	0x00000129, 0x00000128, 0x00000128,
+	0x0000012b, 0x0000012a, 0x0000012a,
+	0x0000012d, 0x0000012c, 0x0000012c,
+	0x0000012f, 0x0000012e, 0x0000012e,
+	0x00000131, 0x00000049, 0x00000049,
+	0x00000133, 0x00000132, 0x00000132,
+	0x00000135, 0x00000134, 0x00000134,
+	0x00000137, 0x00000136, 0x00000136,
+	0x0000013a, 0x00000139, 0x00000139,
+	0x0000013c, 0x0000013b, 0x0000013b,
+	0x0000013e, 0x0000013d, 0x0000013d,
+	0x00000140, 0x0000013f, 0x0000013f,
+	0x00000142, 0x00000141, 0x00000141,
+	0x00000144, 0x00000143, 0x00000143,
+	0x00000146, 0x00000145, 0x00000145,
+	0x00000148, 0x00000147, 0x00000147,
+	0x0000014b, 0x0000014a, 0x0000014a,
+	0x0000014d, 0x0000014c, 0x0000014c,
+	0x0000014f, 0x0000014e, 0x0000014e,
+	0x00000151, 0x00000150, 0x00000150,
+	0x00000153, 0x00000152, 0x00000152,
+	0x00000155, 0x00000154, 0x00000154,
+	0x00000157, 0x00000156, 0x00000156,
+	0x00000159, 0x00000158, 0x00000158,
+	0x0000015b, 0x0000015a, 0x0000015a,
+	0x0000015d, 0x0000015c, 0x0000015c,
+	0x0000015f, 0x0000015e, 0x0000015e,
+	0x00000161, 0x00000160, 0x00000160,
+	0x00000163, 0x00000162, 0x00000162,
+	0x00000165, 0x00000164, 0x00000164,
+	0x00000167, 0x00000166, 0x00000166,
+	0x00000169, 0x00000168, 0x00000168,
+	0x0000016b, 0x0000016a, 0x0000016a,
+	0x0000016d, 0x0000016c, 0x0000016c,
+	0x0000016f, 0x0000016e, 0x0000016e,
+	0x00000171, 0x00000170, 0x00000170,
+	0x00000173, 0x00000172, 0x00000172,
+	0x00000175, 0x00000174, 0x00000174,
+	0x00000177, 0x00000176, 0x00000176,
+	0x0000017a, 0x00000179, 0x00000179,
+	0x0000017c, 0x0000017b, 0x0000017b,
+	0x0000017e, 0x0000017d, 0x0000017d,
+	0x0000017f, 0x00000053, 0x00000053,
+	0x00000183, 0x00000182, 0x00000182,
+	0x00000185, 0x00000184, 0x00000184,
+	0x00000188, 0x00000187, 0x00000187,
+	0x0000018c, 0x0000018b, 0x0000018b,
+	0x00000192, 0x00000191, 0x00000191,
+	0x00000195, 0x000001f6, 0x000001f6,
+	0x00000199, 0x00000198, 0x00000198,
+	0x0000019e, 0x00000220, 0x00000220,
+	0x000001a1, 0x000001a0, 0x000001a0,
+	0x000001a3, 0x000001a2, 0x000001a2,
+	0x000001a5, 0x000001a4, 0x000001a4,
+	0x000001a8, 0x000001a7, 0x000001a7,
+	0x000001ad, 0x000001ac, 0x000001ac,
+	0x000001b0, 0x000001af, 0x000001af,
+	0x000001b4, 0x000001b3, 0x000001b3,
+	0x000001b6, 0x000001b5, 0x000001b5,
+	0x000001b9, 0x000001b8, 0x000001b8,
+	0x000001bd, 0x000001bc, 0x000001bc,
+	0x000001bf, 0x000001f7, 0x000001f7,
+	0x000001c6, 0x000001c4, 0x000001c5,
+	0x000001c9, 0x000001c7, 0x000001c8,
+	0x000001cc, 0x000001ca, 0x000001cb,
+	0x000001ce, 0x000001cd, 0x000001cd,
+	0x000001d0, 0x000001cf, 0x000001cf,
+	0x000001d2, 0x000001d1, 0x000001d1,
+	0x000001d4, 0x000001d3, 0x000001d3,
+	0x000001d6, 0x000001d5, 0x000001d5,
+	0x000001d8, 0x000001d7, 0x000001d7,
+	0x000001da, 0x000001d9, 0x000001d9,
+	0x000001dc, 0x000001db, 0x000001db,
+	0x000001dd, 0x0000018e, 0x0000018e,
+	0x000001df, 0x000001de, 0x000001de,
+	0x000001e1, 0x000001e0, 0x000001e0,
+	0x000001e3, 0x000001e2, 0x000001e2,
+	0x000001e5, 0x000001e4, 0x000001e4,
+	0x000001e7, 0x000001e6, 0x000001e6,
+	0x000001e9, 0x000001e8, 0x000001e8,
+	0x000001eb, 0x000001ea, 0x000001ea,
+	0x000001ed, 0x000001ec, 0x000001ec,
+	0x000001ef, 0x000001ee, 0x000001ee,
+	0x000001f3, 0x000001f1, 0x000001f2,
+	0x000001f5, 0x000001f4, 0x000001f4,
+	0x000001f9, 0x000001f8, 0x000001f8,
+	0x000001fb, 0x000001fa, 0x000001fa,
+	0x000001fd, 0x000001fc, 0x000001fc,
+	0x000001ff, 0x000001fe, 0x000001fe,
+	0x00000201, 0x00000200, 0x00000200,
+	0x00000203, 0x00000202, 0x00000202,
+	0x00000205, 0x00000204, 0x00000204,
+	0x00000207, 0x00000206, 0x00000206,
+	0x00000209, 0x00000208, 0x00000208,
+	0x0000020b, 0x0000020a, 0x0000020a,
+	0x0000020d, 0x0000020c, 0x0000020c,
+	0x0000020f, 0x0000020e, 0x0000020e,
+	0x00000211, 0x00000210, 0x00000210,
+	0x00000213, 0x00000212, 0x00000212,
+	0x00000215, 0x00000214, 0x00000214,
+	0x00000217, 0x00000216, 0x00000216,
+	0x00000219, 0x00000218, 0x00000218,
+	0x0000021b, 0x0000021a, 0x0000021a,
+	0x0000021d, 0x0000021c, 0x0000021c,
+	0x0000021f, 0x0000021e, 0x0000021e,
+	0x00000223, 0x00000222, 0x00000222,
+	0x00000225, 0x00000224, 0x00000224,
+	0x00000227, 0x00000226, 0x00000226,
+	0x00000229, 0x00000228, 0x00000228,
+	0x0000022b, 0x0000022a, 0x0000022a,
+	0x0000022d, 0x0000022c, 0x0000022c,
+	0x0000022f, 0x0000022e, 0x0000022e,
+	0x00000231, 0x00000230, 0x00000230,
+	0x00000233, 0x00000232, 0x00000232,
+	0x00000253, 0x00000181, 0x00000181,
+	0x00000254, 0x00000186, 0x00000186,
+	0x00000256, 0x00000189, 0x00000189,
+	0x00000257, 0x0000018a, 0x0000018a,
+	0x00000259, 0x0000018f, 0x0000018f,
+	0x0000025b, 0x00000190, 0x00000190,
+	0x00000260, 0x00000193, 0x00000193,
+	0x00000263, 0x00000194, 0x00000194,
+	0x00000268, 0x00000197, 0x00000197,
+	0x00000269, 0x00000196, 0x00000196,
+	0x0000026f, 0x0000019c, 0x0000019c,
+	0x00000272, 0x0000019d, 0x0000019d,
+	0x00000275, 0x0000019f, 0x0000019f,
+	0x00000280, 0x000001a6, 0x000001a6,
+	0x00000283, 0x000001a9, 0x000001a9,
+	0x00000288, 0x000001ae, 0x000001ae,
+	0x0000028a, 0x000001b1, 0x000001b1,
+	0x0000028b, 0x000001b2, 0x000001b2,
+	0x00000292, 0x000001b7, 0x000001b7,
+	0x00000345, 0x00000399, 0x00000399,
+	0x000003ac, 0x00000386, 0x00000386,
+	0x000003ad, 0x00000388, 0x00000388,
+	0x000003ae, 0x00000389, 0x00000389,
+	0x000003af, 0x0000038a, 0x0000038a,
+	0x000003b1, 0x00000391, 0x00000391,
+	0x000003b2, 0x00000392, 0x00000392,
+	0x000003b3, 0x00000393, 0x00000393,
+	0x000003b4, 0x00000394, 0x00000394,
+	0x000003b5, 0x00000395, 0x00000395,
+	0x000003b6, 0x00000396, 0x00000396,
+	0x000003b7, 0x00000397, 0x00000397,
+	0x000003b8, 0x00000398, 0x00000398,
+	0x000003b9, 0x00000399, 0x00000399,
+	0x000003ba, 0x0000039a, 0x0000039a,
+	0x000003bb, 0x0000039b, 0x0000039b,
+	0x000003bc, 0x0000039c, 0x0000039c,
+	0x000003bd, 0x0000039d, 0x0000039d,
+	0x000003be, 0x0000039e, 0x0000039e,
+	0x000003bf, 0x0000039f, 0x0000039f,
+	0x000003c0, 0x000003a0, 0x000003a0,
+	0x000003c1, 0x000003a1, 0x000003a1,
+	0x000003c2, 0x000003a3, 0x000003a3,
+	0x000003c3, 0x000003a3, 0x000003a3,
+	0x000003c4, 0x000003a4, 0x000003a4,
+	0x000003c5, 0x000003a5, 0x000003a5,
+	0x000003c6, 0x000003a6, 0x000003a6,
+	0x000003c7, 0x000003a7, 0x000003a7,
+	0x000003c8, 0x000003a8, 0x000003a8,
+	0x000003c9, 0x000003a9, 0x000003a9,
+	0x000003ca, 0x000003aa, 0x000003aa,
+	0x000003cb, 0x000003ab, 0x000003ab,
+	0x000003cc, 0x0000038c, 0x0000038c,
+	0x000003cd, 0x0000038e, 0x0000038e,
+	0x000003ce, 0x0000038f, 0x0000038f,
+	0x000003d0, 0x00000392, 0x00000392,
+	0x000003d1, 0x00000398, 0x00000398,
+	0x000003d5, 0x000003a6, 0x000003a6,
+	0x000003d6, 0x000003a0, 0x000003a0,
+	0x000003d9, 0x000003d8, 0x000003d8,
+	0x000003db, 0x000003da, 0x000003da,
+	0x000003dd, 0x000003dc, 0x000003dc,
+	0x000003df, 0x000003de, 0x000003de,
+	0x000003e1, 0x000003e0, 0x000003e0,
+	0x000003e3, 0x000003e2, 0x000003e2,
+	0x000003e5, 0x000003e4, 0x000003e4,
+	0x000003e7, 0x000003e6, 0x000003e6,
+	0x000003e9, 0x000003e8, 0x000003e8,
+	0x000003eb, 0x000003ea, 0x000003ea,
+	0x000003ed, 0x000003ec, 0x000003ec,
+	0x000003ef, 0x000003ee, 0x000003ee,
+	0x000003f0, 0x0000039a, 0x0000039a,
+	0x000003f1, 0x000003a1, 0x000003a1,
+	0x000003f2, 0x000003a3, 0x000003a3,
+	0x000003f5, 0x00000395, 0x00000395,
+	0x00000430, 0x00000410, 0x00000410,
+	0x00000431, 0x00000411, 0x00000411,
+	0x00000432, 0x00000412, 0x00000412,
+	0x00000433, 0x00000413, 0x00000413,
+	0x00000434, 0x00000414, 0x00000414,
+	0x00000435, 0x00000415, 0x00000415,
+	0x00000436, 0x00000416, 0x00000416,
+	0x00000437, 0x00000417, 0x00000417,
+	0x00000438, 0x00000418, 0x00000418,
+	0x00000439, 0x00000419, 0x00000419,
+	0x0000043a, 0x0000041a, 0x0000041a,
+	0x0000043b, 0x0000041b, 0x0000041b,
+	0x0000043c, 0x0000041c, 0x0000041c,
+	0x0000043d, 0x0000041d, 0x0000041d,
+	0x0000043e, 0x0000041e, 0x0000041e,
+	0x0000043f, 0x0000041f, 0x0000041f,
+	0x00000440, 0x00000420, 0x00000420,
+	0x00000441, 0x00000421, 0x00000421,
+	0x00000442, 0x00000422, 0x00000422,
+	0x00000443, 0x00000423, 0x00000423,
+	0x00000444, 0x00000424, 0x00000424,
+	0x00000445, 0x00000425, 0x00000425,
+	0x00000446, 0x00000426, 0x00000426,
+	0x00000447, 0x00000427, 0x00000427,
+	0x00000448, 0x00000428, 0x00000428,
+	0x00000449, 0x00000429, 0x00000429,
+	0x0000044a, 0x0000042a, 0x0000042a,
+	0x0000044b, 0x0000042b, 0x0000042b,
+	0x0000044c, 0x0000042c, 0x0000042c,
+	0x0000044d, 0x0000042d, 0x0000042d,
+	0x0000044e, 0x0000042e, 0x0000042e,
+	0x0000044f, 0x0000042f, 0x0000042f,
+	0x00000450, 0x00000400, 0x00000400,
+	0x00000451, 0x00000401, 0x00000401,
+	0x00000452, 0x00000402, 0x00000402,
+	0x00000453, 0x00000403, 0x00000403,
+	0x00000454, 0x00000404, 0x00000404,
+	0x00000455, 0x00000405, 0x00000405,
+	0x00000456, 0x00000406, 0x00000406,
+	0x00000457, 0x00000407, 0x00000407,
+	0x00000458, 0x00000408, 0x00000408,
+	0x00000459, 0x00000409, 0x00000409,
+	0x0000045a, 0x0000040a, 0x0000040a,
+	0x0000045b, 0x0000040b, 0x0000040b,
+	0x0000045c, 0x0000040c, 0x0000040c,
+	0x0000045d, 0x0000040d, 0x0000040d,
+	0x0000045e, 0x0000040e, 0x0000040e,
+	0x0000045f, 0x0000040f, 0x0000040f,
+	0x00000461, 0x00000460, 0x00000460,
+	0x00000463, 0x00000462, 0x00000462,
+	0x00000465, 0x00000464, 0x00000464,
+	0x00000467, 0x00000466, 0x00000466,
+	0x00000469, 0x00000468, 0x00000468,
+	0x0000046b, 0x0000046a, 0x0000046a,
+	0x0000046d, 0x0000046c, 0x0000046c,
+	0x0000046f, 0x0000046e, 0x0000046e,
+	0x00000471, 0x00000470, 0x00000470,
+	0x00000473, 0x00000472, 0x00000472,
+	0x00000475, 0x00000474, 0x00000474,
+	0x00000477, 0x00000476, 0x00000476,
+	0x00000479, 0x00000478, 0x00000478,
+	0x0000047b, 0x0000047a, 0x0000047a,
+	0x0000047d, 0x0000047c, 0x0000047c,
+	0x0000047f, 0x0000047e, 0x0000047e,
+	0x00000481, 0x00000480, 0x00000480,
+	0x0000048b, 0x0000048a, 0x0000048a,
+	0x0000048d, 0x0000048c, 0x0000048c,
+	0x0000048f, 0x0000048e, 0x0000048e,
+	0x00000491, 0x00000490, 0x00000490,
+	0x00000493, 0x00000492, 0x00000492,
+	0x00000495, 0x00000494, 0x00000494,
+	0x00000497, 0x00000496, 0x00000496,
+	0x00000499, 0x00000498, 0x00000498,
+	0x0000049b, 0x0000049a, 0x0000049a,
+	0x0000049d, 0x0000049c, 0x0000049c,
+	0x0000049f, 0x0000049e, 0x0000049e,
+	0x000004a1, 0x000004a0, 0x000004a0,
+	0x000004a3, 0x000004a2, 0x000004a2,
+	0x000004a5, 0x000004a4, 0x000004a4,
+	0x000004a7, 0x000004a6, 0x000004a6,
+	0x000004a9, 0x000004a8, 0x000004a8,
+	0x000004ab, 0x000004aa, 0x000004aa,
+	0x000004ad, 0x000004ac, 0x000004ac,
+	0x000004af, 0x000004ae, 0x000004ae,
+	0x000004b1, 0x000004b0, 0x000004b0,
+	0x000004b3, 0x000004b2, 0x000004b2,
+	0x000004b5, 0x000004b4, 0x000004b4,
+	0x000004b7, 0x000004b6, 0x000004b6,
+	0x000004b9, 0x000004b8, 0x000004b8,
+	0x000004bb, 0x000004ba, 0x000004ba,
+	0x000004bd, 0x000004bc, 0x000004bc,
+	0x000004bf, 0x000004be, 0x000004be,
+	0x000004c2, 0x000004c1, 0x000004c1,
+	0x000004c4, 0x000004c3, 0x000004c3,
+	0x000004c6, 0x000004c5, 0x000004c5,
+	0x000004c8, 0x000004c7, 0x000004c7,
+	0x000004ca, 0x000004c9, 0x000004c9,
+	0x000004cc, 0x000004cb, 0x000004cb,
+	0x000004ce, 0x000004cd, 0x000004cd,
+	0x000004d1, 0x000004d0, 0x000004d0,
+	0x000004d3, 0x000004d2, 0x000004d2,
+	0x000004d5, 0x000004d4, 0x000004d4,
+	0x000004d7, 0x000004d6, 0x000004d6,
+	0x000004d9, 0x000004d8, 0x000004d8,
+	0x000004db, 0x000004da, 0x000004da,
+	0x000004dd, 0x000004dc, 0x000004dc,
+	0x000004df, 0x000004de, 0x000004de,
+	0x000004e1, 0x000004e0, 0x000004e0,
+	0x000004e3, 0x000004e2, 0x000004e2,
+	0x000004e5, 0x000004e4, 0x000004e4,
+	0x000004e7, 0x000004e6, 0x000004e6,
+	0x000004e9, 0x000004e8, 0x000004e8,
+	0x000004eb, 0x000004ea, 0x000004ea,
+	0x000004ed, 0x000004ec, 0x000004ec,
+	0x000004ef, 0x000004ee, 0x000004ee,
+	0x000004f1, 0x000004f0, 0x000004f0,
+	0x000004f3, 0x000004f2, 0x000004f2,
+	0x000004f5, 0x000004f4, 0x000004f4,
+	0x000004f9, 0x000004f8, 0x000004f8,
+	0x00000501, 0x00000500, 0x00000500,
+	0x00000503, 0x00000502, 0x00000502,
+	0x00000505, 0x00000504, 0x00000504,
+	0x00000507, 0x00000506, 0x00000506,
+	0x00000509, 0x00000508, 0x00000508,
+	0x0000050b, 0x0000050a, 0x0000050a,
+	0x0000050d, 0x0000050c, 0x0000050c,
+	0x0000050f, 0x0000050e, 0x0000050e,
+	0x00000561, 0x00000531, 0x00000531,
+	0x00000562, 0x00000532, 0x00000532,
+	0x00000563, 0x00000533, 0x00000533,
+	0x00000564, 0x00000534, 0x00000534,
+	0x00000565, 0x00000535, 0x00000535,
+	0x00000566, 0x00000536, 0x00000536,
+	0x00000567, 0x00000537, 0x00000537,
+	0x00000568, 0x00000538, 0x00000538,
+	0x00000569, 0x00000539, 0x00000539,
+	0x0000056a, 0x0000053a, 0x0000053a,
+	0x0000056b, 0x0000053b, 0x0000053b,
+	0x0000056c, 0x0000053c, 0x0000053c,
+	0x0000056d, 0x0000053d, 0x0000053d,
+	0x0000056e, 0x0000053e, 0x0000053e,
+	0x0000056f, 0x0000053f, 0x0000053f,
+	0x00000570, 0x00000540, 0x00000540,
+	0x00000571, 0x00000541, 0x00000541,
+	0x00000572, 0x00000542, 0x00000542,
+	0x00000573, 0x00000543, 0x00000543,
+	0x00000574, 0x00000544, 0x00000544,
+	0x00000575, 0x00000545, 0x00000545,
+	0x00000576, 0x00000546, 0x00000546,
+	0x00000577, 0x00000547, 0x00000547,
+	0x00000578, 0x00000548, 0x00000548,
+	0x00000579, 0x00000549, 0x00000549,
+	0x0000057a, 0x0000054a, 0x0000054a,
+	0x0000057b, 0x0000054b, 0x0000054b,
+	0x0000057c, 0x0000054c, 0x0000054c,
+	0x0000057d, 0x0000054d, 0x0000054d,
+	0x0000057e, 0x0000054e, 0x0000054e,
+	0x0000057f, 0x0000054f, 0x0000054f,
+	0x00000580, 0x00000550, 0x00000550,
+	0x00000581, 0x00000551, 0x00000551,
+	0x00000582, 0x00000552, 0x00000552,
+	0x00000583, 0x00000553, 0x00000553,
+	0x00000584, 0x00000554, 0x00000554,
+	0x00000585, 0x00000555, 0x00000555,
+	0x00000586, 0x00000556, 0x00000556,
+	0x00001e01, 0x00001e00, 0x00001e00,
+	0x00001e03, 0x00001e02, 0x00001e02,
+	0x00001e05, 0x00001e04, 0x00001e04,
+	0x00001e07, 0x00001e06, 0x00001e06,
+	0x00001e09, 0x00001e08, 0x00001e08,
+	0x00001e0b, 0x00001e0a, 0x00001e0a,
+	0x00001e0d, 0x00001e0c, 0x00001e0c,
+	0x00001e0f, 0x00001e0e, 0x00001e0e,
+	0x00001e11, 0x00001e10, 0x00001e10,
+	0x00001e13, 0x00001e12, 0x00001e12,
+	0x00001e15, 0x00001e14, 0x00001e14,
+	0x00001e17, 0x00001e16, 0x00001e16,
+	0x00001e19, 0x00001e18, 0x00001e18,
+	0x00001e1b, 0x00001e1a, 0x00001e1a,
+	0x00001e1d, 0x00001e1c, 0x00001e1c,
+	0x00001e1f, 0x00001e1e, 0x00001e1e,
+	0x00001e21, 0x00001e20, 0x00001e20,
+	0x00001e23, 0x00001e22, 0x00001e22,
+	0x00001e25, 0x00001e24, 0x00001e24,
+	0x00001e27, 0x00001e26, 0x00001e26,
+	0x00001e29, 0x00001e28, 0x00001e28,
+	0x00001e2b, 0x00001e2a, 0x00001e2a,
+	0x00001e2d, 0x00001e2c, 0x00001e2c,
+	0x00001e2f, 0x00001e2e, 0x00001e2e,
+	0x00001e31, 0x00001e30, 0x00001e30,
+	0x00001e33, 0x00001e32, 0x00001e32,
+	0x00001e35, 0x00001e34, 0x00001e34,
+	0x00001e37, 0x00001e36, 0x00001e36,
+	0x00001e39, 0x00001e38, 0x00001e38,
+	0x00001e3b, 0x00001e3a, 0x00001e3a,
+	0x00001e3d, 0x00001e3c, 0x00001e3c,
+	0x00001e3f, 0x00001e3e, 0x00001e3e,
+	0x00001e41, 0x00001e40, 0x00001e40,
+	0x00001e43, 0x00001e42, 0x00001e42,
+	0x00001e45, 0x00001e44, 0x00001e44,
+	0x00001e47, 0x00001e46, 0x00001e46,
+	0x00001e49, 0x00001e48, 0x00001e48,
+	0x00001e4b, 0x00001e4a, 0x00001e4a,
+	0x00001e4d, 0x00001e4c, 0x00001e4c,
+	0x00001e4f, 0x00001e4e, 0x00001e4e,
+	0x00001e51, 0x00001e50, 0x00001e50,
+	0x00001e53, 0x00001e52, 0x00001e52,
+	0x00001e55, 0x00001e54, 0x00001e54,
+	0x00001e57, 0x00001e56, 0x00001e56,
+	0x00001e59, 0x00001e58, 0x00001e58,
+	0x00001e5b, 0x00001e5a, 0x00001e5a,
+	0x00001e5d, 0x00001e5c, 0x00001e5c,
+	0x00001e5f, 0x00001e5e, 0x00001e5e,
+	0x00001e61, 0x00001e60, 0x00001e60,
+	0x00001e63, 0x00001e62, 0x00001e62,
+	0x00001e65, 0x00001e64, 0x00001e64,
+	0x00001e67, 0x00001e66, 0x00001e66,
+	0x00001e69, 0x00001e68, 0x00001e68,
+	0x00001e6b, 0x00001e6a, 0x00001e6a,
+	0x00001e6d, 0x00001e6c, 0x00001e6c,
+	0x00001e6f, 0x00001e6e, 0x00001e6e,
+	0x00001e71, 0x00001e70, 0x00001e70,
+	0x00001e73, 0x00001e72, 0x00001e72,
+	0x00001e75, 0x00001e74, 0x00001e74,
+	0x00001e77, 0x00001e76, 0x00001e76,
+	0x00001e79, 0x00001e78, 0x00001e78,
+	0x00001e7b, 0x00001e7a, 0x00001e7a,
+	0x00001e7d, 0x00001e7c, 0x00001e7c,
+	0x00001e7f, 0x00001e7e, 0x00001e7e,
+	0x00001e81, 0x00001e80, 0x00001e80,
+	0x00001e83, 0x00001e82, 0x00001e82,
+	0x00001e85, 0x00001e84, 0x00001e84,
+	0x00001e87, 0x00001e86, 0x00001e86,
+	0x00001e89, 0x00001e88, 0x00001e88,
+	0x00001e8b, 0x00001e8a, 0x00001e8a,
+	0x00001e8d, 0x00001e8c, 0x00001e8c,
+	0x00001e8f, 0x00001e8e, 0x00001e8e,
+	0x00001e91, 0x00001e90, 0x00001e90,
+	0x00001e93, 0x00001e92, 0x00001e92,
+	0x00001e95, 0x00001e94, 0x00001e94,
+	0x00001e9b, 0x00001e60, 0x00001e60,
+	0x00001ea1, 0x00001ea0, 0x00001ea0,
+	0x00001ea3, 0x00001ea2, 0x00001ea2,
+	0x00001ea5, 0x00001ea4, 0x00001ea4,
+	0x00001ea7, 0x00001ea6, 0x00001ea6,
+	0x00001ea9, 0x00001ea8, 0x00001ea8,
+	0x00001eab, 0x00001eaa, 0x00001eaa,
+	0x00001ead, 0x00001eac, 0x00001eac,
+	0x00001eaf, 0x00001eae, 0x00001eae,
+	0x00001eb1, 0x00001eb0, 0x00001eb0,
+	0x00001eb3, 0x00001eb2, 0x00001eb2,
+	0x00001eb5, 0x00001eb4, 0x00001eb4,
+	0x00001eb7, 0x00001eb6, 0x00001eb6,
+	0x00001eb9, 0x00001eb8, 0x00001eb8,
+	0x00001ebb, 0x00001eba, 0x00001eba,
+	0x00001ebd, 0x00001ebc, 0x00001ebc,
+	0x00001ebf, 0x00001ebe, 0x00001ebe,
+	0x00001ec1, 0x00001ec0, 0x00001ec0,
+	0x00001ec3, 0x00001ec2, 0x00001ec2,
+	0x00001ec5, 0x00001ec4, 0x00001ec4,
+	0x00001ec7, 0x00001ec6, 0x00001ec6,
+	0x00001ec9, 0x00001ec8, 0x00001ec8,
+	0x00001ecb, 0x00001eca, 0x00001eca,
+	0x00001ecd, 0x00001ecc, 0x00001ecc,
+	0x00001ecf, 0x00001ece, 0x00001ece,
+	0x00001ed1, 0x00001ed0, 0x00001ed0,
+	0x00001ed3, 0x00001ed2, 0x00001ed2,
+	0x00001ed5, 0x00001ed4, 0x00001ed4,
+	0x00001ed7, 0x00001ed6, 0x00001ed6,
+	0x00001ed9, 0x00001ed8, 0x00001ed8,
+	0x00001edb, 0x00001eda, 0x00001eda,
+	0x00001edd, 0x00001edc, 0x00001edc,
+	0x00001edf, 0x00001ede, 0x00001ede,
+	0x00001ee1, 0x00001ee0, 0x00001ee0,
+	0x00001ee3, 0x00001ee2, 0x00001ee2,
+	0x00001ee5, 0x00001ee4, 0x00001ee4,
+	0x00001ee7, 0x00001ee6, 0x00001ee6,
+	0x00001ee9, 0x00001ee8, 0x00001ee8,
+	0x00001eeb, 0x00001eea, 0x00001eea,
+	0x00001eed, 0x00001eec, 0x00001eec,
+	0x00001eef, 0x00001eee, 0x00001eee,
+	0x00001ef1, 0x00001ef0, 0x00001ef0,
+	0x00001ef3, 0x00001ef2, 0x00001ef2,
+	0x00001ef5, 0x00001ef4, 0x00001ef4,
+	0x00001ef7, 0x00001ef6, 0x00001ef6,
+	0x00001ef9, 0x00001ef8, 0x00001ef8,
+	0x00001f00, 0x00001f08, 0x00001f08,
+	0x00001f01, 0x00001f09, 0x00001f09,
+	0x00001f02, 0x00001f0a, 0x00001f0a,
+	0x00001f03, 0x00001f0b, 0x00001f0b,
+	0x00001f04, 0x00001f0c, 0x00001f0c,
+	0x00001f05, 0x00001f0d, 0x00001f0d,
+	0x00001f06, 0x00001f0e, 0x00001f0e,
+	0x00001f07, 0x00001f0f, 0x00001f0f,
+	0x00001f10, 0x00001f18, 0x00001f18,
+	0x00001f11, 0x00001f19, 0x00001f19,
+	0x00001f12, 0x00001f1a, 0x00001f1a,
+	0x00001f13, 0x00001f1b, 0x00001f1b,
+	0x00001f14, 0x00001f1c, 0x00001f1c,
+	0x00001f15, 0x00001f1d, 0x00001f1d,
+	0x00001f20, 0x00001f28, 0x00001f28,
+	0x00001f21, 0x00001f29, 0x00001f29,
+	0x00001f22, 0x00001f2a, 0x00001f2a,
+	0x00001f23, 0x00001f2b, 0x00001f2b,
+	0x00001f24, 0x00001f2c, 0x00001f2c,
+	0x00001f25, 0x00001f2d, 0x00001f2d,
+	0x00001f26, 0x00001f2e, 0x00001f2e,
+	0x00001f27, 0x00001f2f, 0x00001f2f,
+	0x00001f30, 0x00001f38, 0x00001f38,
+	0x00001f31, 0x00001f39, 0x00001f39,
+	0x00001f32, 0x00001f3a, 0x00001f3a,
+	0x00001f33, 0x00001f3b, 0x00001f3b,
+	0x00001f34, 0x00001f3c, 0x00001f3c,
+	0x00001f35, 0x00001f3d, 0x00001f3d,
+	0x00001f36, 0x00001f3e, 0x00001f3e,
+	0x00001f37, 0x00001f3f, 0x00001f3f,
+	0x00001f40, 0x00001f48, 0x00001f48,
+	0x00001f41, 0x00001f49, 0x00001f49,
+	0x00001f42, 0x00001f4a, 0x00001f4a,
+	0x00001f43, 0x00001f4b, 0x00001f4b,
+	0x00001f44, 0x00001f4c, 0x00001f4c,
+	0x00001f45, 0x00001f4d, 0x00001f4d,
+	0x00001f51, 0x00001f59, 0x00001f59,
+	0x00001f53, 0x00001f5b, 0x00001f5b,
+	0x00001f55, 0x00001f5d, 0x00001f5d,
+	0x00001f57, 0x00001f5f, 0x00001f5f,
+	0x00001f60, 0x00001f68, 0x00001f68,
+	0x00001f61, 0x00001f69, 0x00001f69,
+	0x00001f62, 0x00001f6a, 0x00001f6a,
+	0x00001f63, 0x00001f6b, 0x00001f6b,
+	0x00001f64, 0x00001f6c, 0x00001f6c,
+	0x00001f65, 0x00001f6d, 0x00001f6d,
+	0x00001f66, 0x00001f6e, 0x00001f6e,
+	0x00001f67, 0x00001f6f, 0x00001f6f,
+	0x00001f70, 0x00001fba, 0x00001fba,
+	0x00001f71, 0x00001fbb, 0x00001fbb,
+	0x00001f72, 0x00001fc8, 0x00001fc8,
+	0x00001f73, 0x00001fc9, 0x00001fc9,
+	0x00001f74, 0x00001fca, 0x00001fca,
+	0x00001f75, 0x00001fcb, 0x00001fcb,
+	0x00001f76, 0x00001fda, 0x00001fda,
+	0x00001f77, 0x00001fdb, 0x00001fdb,
+	0x00001f78, 0x00001ff8, 0x00001ff8,
+	0x00001f79, 0x00001ff9, 0x00001ff9,
+	0x00001f7a, 0x00001fea, 0x00001fea,
+	0x00001f7b, 0x00001feb, 0x00001feb,
+	0x00001f7c, 0x00001ffa, 0x00001ffa,
+	0x00001f7d, 0x00001ffb, 0x00001ffb,
+	0x00001f80, 0x00001f88, 0x00001f88,
+	0x00001f81, 0x00001f89, 0x00001f89,
+	0x00001f82, 0x00001f8a, 0x00001f8a,
+	0x00001f83, 0x00001f8b, 0x00001f8b,
+	0x00001f84, 0x00001f8c, 0x00001f8c,
+	0x00001f85, 0x00001f8d, 0x00001f8d,
+	0x00001f86, 0x00001f8e, 0x00001f8e,
+	0x00001f87, 0x00001f8f, 0x00001f8f,
+	0x00001f90, 0x00001f98, 0x00001f98,
+	0x00001f91, 0x00001f99, 0x00001f99,
+	0x00001f92, 0x00001f9a, 0x00001f9a,
+	0x00001f93, 0x00001f9b, 0x00001f9b,
+	0x00001f94, 0x00001f9c, 0x00001f9c,
+	0x00001f95, 0x00001f9d, 0x00001f9d,
+	0x00001f96, 0x00001f9e, 0x00001f9e,
+	0x00001f97, 0x00001f9f, 0x00001f9f,
+	0x00001fa0, 0x00001fa8, 0x00001fa8,
+	0x00001fa1, 0x00001fa9, 0x00001fa9,
+	0x00001fa2, 0x00001faa, 0x00001faa,
+	0x00001fa3, 0x00001fab, 0x00001fab,
+	0x00001fa4, 0x00001fac, 0x00001fac,
+	0x00001fa5, 0x00001fad, 0x00001fad,
+	0x00001fa6, 0x00001fae, 0x00001fae,
+	0x00001fa7, 0x00001faf, 0x00001faf,
+	0x00001fb0, 0x00001fb8, 0x00001fb8,
+	0x00001fb1, 0x00001fb9, 0x00001fb9,
+	0x00001fb3, 0x00001fbc, 0x00001fbc,
+	0x00001fbe, 0x00000399, 0x00000399,
+	0x00001fc3, 0x00001fcc, 0x00001fcc,
+	0x00001fd0, 0x00001fd8, 0x00001fd8,
+	0x00001fd1, 0x00001fd9, 0x00001fd9,
+	0x00001fe0, 0x00001fe8, 0x00001fe8,
+	0x00001fe1, 0x00001fe9, 0x00001fe9,
+	0x00001fe5, 0x00001fec, 0x00001fec,
+	0x00001ff3, 0x00001ffc, 0x00001ffc,
+	0x00002170, 0x00002160, 0x00002160,
+	0x00002171, 0x00002161, 0x00002161,
+	0x00002172, 0x00002162, 0x00002162,
+	0x00002173, 0x00002163, 0x00002163,
+	0x00002174, 0x00002164, 0x00002164,
+	0x00002175, 0x00002165, 0x00002165,
+	0x00002176, 0x00002166, 0x00002166,
+	0x00002177, 0x00002167, 0x00002167,
+	0x00002178, 0x00002168, 0x00002168,
+	0x00002179, 0x00002169, 0x00002169,
+	0x0000217a, 0x0000216a, 0x0000216a,
+	0x0000217b, 0x0000216b, 0x0000216b,
+	0x0000217c, 0x0000216c, 0x0000216c,
+	0x0000217d, 0x0000216d, 0x0000216d,
+	0x0000217e, 0x0000216e, 0x0000216e,
+	0x0000217f, 0x0000216f, 0x0000216f,
+	0x000024d0, 0x000024b6, 0x000024b6,
+	0x000024d1, 0x000024b7, 0x000024b7,
+	0x000024d2, 0x000024b8, 0x000024b8,
+	0x000024d3, 0x000024b9, 0x000024b9,
+	0x000024d4, 0x000024ba, 0x000024ba,
+	0x000024d5, 0x000024bb, 0x000024bb,
+	0x000024d6, 0x000024bc, 0x000024bc,
+	0x000024d7, 0x000024bd, 0x000024bd,
+	0x000024d8, 0x000024be, 0x000024be,
+	0x000024d9, 0x000024bf, 0x000024bf,
+	0x000024da, 0x000024c0, 0x000024c0,
+	0x000024db, 0x000024c1, 0x000024c1,
+	0x000024dc, 0x000024c2, 0x000024c2,
+	0x000024dd, 0x000024c3, 0x000024c3,
+	0x000024de, 0x000024c4, 0x000024c4,
+	0x000024df, 0x000024c5, 0x000024c5,
+	0x000024e0, 0x000024c6, 0x000024c6,
+	0x000024e1, 0x000024c7, 0x000024c7,
+	0x000024e2, 0x000024c8, 0x000024c8,
+	0x000024e3, 0x000024c9, 0x000024c9,
+	0x000024e4, 0x000024ca, 0x000024ca,
+	0x000024e5, 0x000024cb, 0x000024cb,
+	0x000024e6, 0x000024cc, 0x000024cc,
+	0x000024e7, 0x000024cd, 0x000024cd,
+	0x000024e8, 0x000024ce, 0x000024ce,
+	0x000024e9, 0x000024cf, 0x000024cf,
+	0x0000ff41, 0x0000ff21, 0x0000ff21,
+	0x0000ff42, 0x0000ff22, 0x0000ff22,
+	0x0000ff43, 0x0000ff23, 0x0000ff23,
+	0x0000ff44, 0x0000ff24, 0x0000ff24,
+	0x0000ff45, 0x0000ff25, 0x0000ff25,
+	0x0000ff46, 0x0000ff26, 0x0000ff26,
+	0x0000ff47, 0x0000ff27, 0x0000ff27,
+	0x0000ff48, 0x0000ff28, 0x0000ff28,
+	0x0000ff49, 0x0000ff29, 0x0000ff29,
+	0x0000ff4a, 0x0000ff2a, 0x0000ff2a,
+	0x0000ff4b, 0x0000ff2b, 0x0000ff2b,
+	0x0000ff4c, 0x0000ff2c, 0x0000ff2c,
+	0x0000ff4d, 0x0000ff2d, 0x0000ff2d,
+	0x0000ff4e, 0x0000ff2e, 0x0000ff2e,
+	0x0000ff4f, 0x0000ff2f, 0x0000ff2f,
+	0x0000ff50, 0x0000ff30, 0x0000ff30,
+	0x0000ff51, 0x0000ff31, 0x0000ff31,
+	0x0000ff52, 0x0000ff32, 0x0000ff32,
+	0x0000ff53, 0x0000ff33, 0x0000ff33,
+	0x0000ff54, 0x0000ff34, 0x0000ff34,
+	0x0000ff55, 0x0000ff35, 0x0000ff35,
+	0x0000ff56, 0x0000ff36, 0x0000ff36,
+	0x0000ff57, 0x0000ff37, 0x0000ff37,
+	0x0000ff58, 0x0000ff38, 0x0000ff38,
+	0x0000ff59, 0x0000ff39, 0x0000ff39,
+	0x0000ff5a, 0x0000ff3a, 0x0000ff3a,
+	0x00010428, 0x00010400, 0x00010400,
+	0x00010429, 0x00010401, 0x00010401,
+	0x0001042a, 0x00010402, 0x00010402,
+	0x0001042b, 0x00010403, 0x00010403,
+	0x0001042c, 0x00010404, 0x00010404,
+	0x0001042d, 0x00010405, 0x00010405,
+	0x0001042e, 0x00010406, 0x00010406,
+	0x0001042f, 0x00010407, 0x00010407,
+	0x00010430, 0x00010408, 0x00010408,
+	0x00010431, 0x00010409, 0x00010409,
+	0x00010432, 0x0001040a, 0x0001040a,
+	0x00010433, 0x0001040b, 0x0001040b,
+	0x00010434, 0x0001040c, 0x0001040c,
+	0x00010435, 0x0001040d, 0x0001040d,
+	0x00010436, 0x0001040e, 0x0001040e,
+	0x00010437, 0x0001040f, 0x0001040f,
+	0x00010438, 0x00010410, 0x00010410,
+	0x00010439, 0x00010411, 0x00010411,
+	0x0001043a, 0x00010412, 0x00010412,
+	0x0001043b, 0x00010413, 0x00010413,
+	0x0001043c, 0x00010414, 0x00010414,
+	0x0001043d, 0x00010415, 0x00010415,
+	0x0001043e, 0x00010416, 0x00010416,
+	0x0001043f, 0x00010417, 0x00010417,
+	0x00010440, 0x00010418, 0x00010418,
+	0x00010441, 0x00010419, 0x00010419,
+	0x00010442, 0x0001041a, 0x0001041a,
+	0x00010443, 0x0001041b, 0x0001041b,
+	0x00010444, 0x0001041c, 0x0001041c,
+	0x00010445, 0x0001041d, 0x0001041d,
+	0x00010446, 0x0001041e, 0x0001041e,
+	0x00010447, 0x0001041f, 0x0001041f,
+	0x00010448, 0x00010420, 0x00010420,
+	0x00010449, 0x00010421, 0x00010421,
+	0x0001044a, 0x00010422, 0x00010422,
+	0x0001044b, 0x00010423, 0x00010423,
+	0x0001044c, 0x00010424, 0x00010424,
+	0x0001044d, 0x00010425, 0x00010425,
+	0x000001c5, 0x000001c4, 0x000001c6,
+	0x000001c8, 0x000001c7, 0x000001c9,
+	0x000001cb, 0x000001ca, 0x000001cc,
+	0x000001f2, 0x000001f1, 0x000001f3
+};
+
+static const krb5_ui_4 _uccomp_size = 3684;
+
+static const krb5_ui_4 _uccomp_data[] = {
+	0x0000226e, 0x00000002, 0x0000003c, 0x00000338,
+	0x00002260, 0x00000002, 0x0000003d, 0x00000338,
+	0x0000226f, 0x00000002, 0x0000003e, 0x00000338,
+	0x000000c0, 0x00000002, 0x00000041, 0x00000300,
+	0x000000c1, 0x00000002, 0x00000041, 0x00000301,
+	0x000000c2, 0x00000002, 0x00000041, 0x00000302,
+	0x000000c3, 0x00000002, 0x00000041, 0x00000303,
+	0x00000100, 0x00000002, 0x00000041, 0x00000304,
+	0x00000102, 0x00000002, 0x00000041, 0x00000306,
+	0x00000226, 0x00000002, 0x00000041, 0x00000307,
+	0x000000c4, 0x00000002, 0x00000041, 0x00000308,
+	0x00001ea2, 0x00000002, 0x00000041, 0x00000309,
+	0x000000c5, 0x00000002, 0x00000041, 0x0000030a,
+	0x000001cd, 0x00000002, 0x00000041, 0x0000030c,
+	0x00000200, 0x00000002, 0x00000041, 0x0000030f,
+	0x00000202, 0x00000002, 0x00000041, 0x00000311,
+	0x00001ea0, 0x00000002, 0x00000041, 0x00000323,
+	0x00001e00, 0x00000002, 0x00000041, 0x00000325,
+	0x00000104, 0x00000002, 0x00000041, 0x00000328,
+	0x00001e02, 0x00000002, 0x00000042, 0x00000307,
+	0x00001e04, 0x00000002, 0x00000042, 0x00000323,
+	0x00001e06, 0x00000002, 0x00000042, 0x00000331,
+	0x00000106, 0x00000002, 0x00000043, 0x00000301,
+	0x00000108, 0x00000002, 0x00000043, 0x00000302,
+	0x0000010a, 0x00000002, 0x00000043, 0x00000307,
+	0x0000010c, 0x00000002, 0x00000043, 0x0000030c,
+	0x000000c7, 0x00000002, 0x00000043, 0x00000327,
+	0x00001e0a, 0x00000002, 0x00000044, 0x00000307,
+	0x0000010e, 0x00000002, 0x00000044, 0x0000030c,
+	0x00001e0c, 0x00000002, 0x00000044, 0x00000323,
+	0x00001e10, 0x00000002, 0x00000044, 0x00000327,
+	0x00001e12, 0x00000002, 0x00000044, 0x0000032d,
+	0x00001e0e, 0x00000002, 0x00000044, 0x00000331,
+	0x000000c8, 0x00000002, 0x00000045, 0x00000300,
+	0x000000c9, 0x00000002, 0x00000045, 0x00000301,
+	0x000000ca, 0x00000002, 0x00000045, 0x00000302,
+	0x00001ebc, 0x00000002, 0x00000045, 0x00000303,
+	0x00000112, 0x00000002, 0x00000045, 0x00000304,
+	0x00000114, 0x00000002, 0x00000045, 0x00000306,
+	0x00000116, 0x00000002, 0x00000045, 0x00000307,
+	0x000000cb, 0x00000002, 0x00000045, 0x00000308,
+	0x00001eba, 0x00000002, 0x00000045, 0x00000309,
+	0x0000011a, 0x00000002, 0x00000045, 0x0000030c,
+	0x00000204, 0x00000002, 0x00000045, 0x0000030f,
+	0x00000206, 0x00000002, 0x00000045, 0x00000311,
+	0x00001eb8, 0x00000002, 0x00000045, 0x00000323,
+	0x00000228, 0x00000002, 0x00000045, 0x00000327,
+	0x00000118, 0x00000002, 0x00000045, 0x00000328,
+	0x00001e18, 0x00000002, 0x00000045, 0x0000032d,
+	0x00001e1a, 0x00000002, 0x00000045, 0x00000330,
+	0x00001e1e, 0x00000002, 0x00000046, 0x00000307,
+	0x000001f4, 0x00000002, 0x00000047, 0x00000301,
+	0x0000011c, 0x00000002, 0x00000047, 0x00000302,
+	0x00001e20, 0x00000002, 0x00000047, 0x00000304,
+	0x0000011e, 0x00000002, 0x00000047, 0x00000306,
+	0x00000120, 0x00000002, 0x00000047, 0x00000307,
+	0x000001e6, 0x00000002, 0x00000047, 0x0000030c,
+	0x00000122, 0x00000002, 0x00000047, 0x00000327,
+	0x00000124, 0x00000002, 0x00000048, 0x00000302,
+	0x00001e22, 0x00000002, 0x00000048, 0x00000307,
+	0x00001e26, 0x00000002, 0x00000048, 0x00000308,
+	0x0000021e, 0x00000002, 0x00000048, 0x0000030c,
+	0x00001e24, 0x00000002, 0x00000048, 0x00000323,
+	0x00001e28, 0x00000002, 0x00000048, 0x00000327,
+	0x00001e2a, 0x00000002, 0x00000048, 0x0000032e,
+	0x000000cc, 0x00000002, 0x00000049, 0x00000300,
+	0x000000cd, 0x00000002, 0x00000049, 0x00000301,
+	0x000000ce, 0x00000002, 0x00000049, 0x00000302,
+	0x00000128, 0x00000002, 0x00000049, 0x00000303,
+	0x0000012a, 0x00000002, 0x00000049, 0x00000304,
+	0x0000012c, 0x00000002, 0x00000049, 0x00000306,
+	0x00000130, 0x00000002, 0x00000049, 0x00000307,
+	0x000000cf, 0x00000002, 0x00000049, 0x00000308,
+	0x00001ec8, 0x00000002, 0x00000049, 0x00000309,
+	0x000001cf, 0x00000002, 0x00000049, 0x0000030c,
+	0x00000208, 0x00000002, 0x00000049, 0x0000030f,
+	0x0000020a, 0x00000002, 0x00000049, 0x00000311,
+	0x00001eca, 0x00000002, 0x00000049, 0x00000323,
+	0x0000012e, 0x00000002, 0x00000049, 0x00000328,
+	0x00001e2c, 0x00000002, 0x00000049, 0x00000330,
+	0x00000134, 0x00000002, 0x0000004a, 0x00000302,
+	0x00001e30, 0x00000002, 0x0000004b, 0x00000301,
+	0x000001e8, 0x00000002, 0x0000004b, 0x0000030c,
+	0x00001e32, 0x00000002, 0x0000004b, 0x00000323,
+	0x00000136, 0x00000002, 0x0000004b, 0x00000327,
+	0x00001e34, 0x00000002, 0x0000004b, 0x00000331,
+	0x00000139, 0x00000002, 0x0000004c, 0x00000301,
+	0x0000013d, 0x00000002, 0x0000004c, 0x0000030c,
+	0x00001e36, 0x00000002, 0x0000004c, 0x00000323,
+	0x0000013b, 0x00000002, 0x0000004c, 0x00000327,
+	0x00001e3c, 0x00000002, 0x0000004c, 0x0000032d,
+	0x00001e3a, 0x00000002, 0x0000004c, 0x00000331,
+	0x00001e3e, 0x00000002, 0x0000004d, 0x00000301,
+	0x00001e40, 0x00000002, 0x0000004d, 0x00000307,
+	0x00001e42, 0x00000002, 0x0000004d, 0x00000323,
+	0x000001f8, 0x00000002, 0x0000004e, 0x00000300,
+	0x00000143, 0x00000002, 0x0000004e, 0x00000301,
+	0x000000d1, 0x00000002, 0x0000004e, 0x00000303,
+	0x00001e44, 0x00000002, 0x0000004e, 0x00000307,
+	0x00000147, 0x00000002, 0x0000004e, 0x0000030c,
+	0x00001e46, 0x00000002, 0x0000004e, 0x00000323,
+	0x00000145, 0x00000002, 0x0000004e, 0x00000327,
+	0x00001e4a, 0x00000002, 0x0000004e, 0x0000032d,
+	0x00001e48, 0x00000002, 0x0000004e, 0x00000331,
+	0x000000d2, 0x00000002, 0x0000004f, 0x00000300,
+	0x000000d3, 0x00000002, 0x0000004f, 0x00000301,
+	0x000000d4, 0x00000002, 0x0000004f, 0x00000302,
+	0x000000d5, 0x00000002, 0x0000004f, 0x00000303,
+	0x0000014c, 0x00000002, 0x0000004f, 0x00000304,
+	0x0000014e, 0x00000002, 0x0000004f, 0x00000306,
+	0x0000022e, 0x00000002, 0x0000004f, 0x00000307,
+	0x000000d6, 0x00000002, 0x0000004f, 0x00000308,
+	0x00001ece, 0x00000002, 0x0000004f, 0x00000309,
+	0x00000150, 0x00000002, 0x0000004f, 0x0000030b,
+	0x000001d1, 0x00000002, 0x0000004f, 0x0000030c,
+	0x0000020c, 0x00000002, 0x0000004f, 0x0000030f,
+	0x0000020e, 0x00000002, 0x0000004f, 0x00000311,
+	0x000001a0, 0x00000002, 0x0000004f, 0x0000031b,
+	0x00001ecc, 0x00000002, 0x0000004f, 0x00000323,
+	0x000001ea, 0x00000002, 0x0000004f, 0x00000328,
+	0x00001e54, 0x00000002, 0x00000050, 0x00000301,
+	0x00001e56, 0x00000002, 0x00000050, 0x00000307,
+	0x00000154, 0x00000002, 0x00000052, 0x00000301,
+	0x00001e58, 0x00000002, 0x00000052, 0x00000307,
+	0x00000158, 0x00000002, 0x00000052, 0x0000030c,
+	0x00000210, 0x00000002, 0x00000052, 0x0000030f,
+	0x00000212, 0x00000002, 0x00000052, 0x00000311,
+	0x00001e5a, 0x00000002, 0x00000052, 0x00000323,
+	0x00000156, 0x00000002, 0x00000052, 0x00000327,
+	0x00001e5e, 0x00000002, 0x00000052, 0x00000331,
+	0x0000015a, 0x00000002, 0x00000053, 0x00000301,
+	0x0000015c, 0x00000002, 0x00000053, 0x00000302,
+	0x00001e60, 0x00000002, 0x00000053, 0x00000307,
+	0x00000160, 0x00000002, 0x00000053, 0x0000030c,
+	0x00001e62, 0x00000002, 0x00000053, 0x00000323,
+	0x00000218, 0x00000002, 0x00000053, 0x00000326,
+	0x0000015e, 0x00000002, 0x00000053, 0x00000327,
+	0x00001e6a, 0x00000002, 0x00000054, 0x00000307,
+	0x00000164, 0x00000002, 0x00000054, 0x0000030c,
+	0x00001e6c, 0x00000002, 0x00000054, 0x00000323,
+	0x0000021a, 0x00000002, 0x00000054, 0x00000326,
+	0x00000162, 0x00000002, 0x00000054, 0x00000327,
+	0x00001e70, 0x00000002, 0x00000054, 0x0000032d,
+	0x00001e6e, 0x00000002, 0x00000054, 0x00000331,
+	0x000000d9, 0x00000002, 0x00000055, 0x00000300,
+	0x000000da, 0x00000002, 0x00000055, 0x00000301,
+	0x000000db, 0x00000002, 0x00000055, 0x00000302,
+	0x00000168, 0x00000002, 0x00000055, 0x00000303,
+	0x0000016a, 0x00000002, 0x00000055, 0x00000304,
+	0x0000016c, 0x00000002, 0x00000055, 0x00000306,
+	0x000000dc, 0x00000002, 0x00000055, 0x00000308,
+	0x00001ee6, 0x00000002, 0x00000055, 0x00000309,
+	0x0000016e, 0x00000002, 0x00000055, 0x0000030a,
+	0x00000170, 0x00000002, 0x00000055, 0x0000030b,
+	0x000001d3, 0x00000002, 0x00000055, 0x0000030c,
+	0x00000214, 0x00000002, 0x00000055, 0x0000030f,
+	0x00000216, 0x00000002, 0x00000055, 0x00000311,
+	0x000001af, 0x00000002, 0x00000055, 0x0000031b,
+	0x00001ee4, 0x00000002, 0x00000055, 0x00000323,
+	0x00001e72, 0x00000002, 0x00000055, 0x00000324,
+	0x00000172, 0x00000002, 0x00000055, 0x00000328,
+	0x00001e76, 0x00000002, 0x00000055, 0x0000032d,
+	0x00001e74, 0x00000002, 0x00000055, 0x00000330,
+	0x00001e7c, 0x00000002, 0x00000056, 0x00000303,
+	0x00001e7e, 0x00000002, 0x00000056, 0x00000323,
+	0x00001e80, 0x00000002, 0x00000057, 0x00000300,
+	0x00001e82, 0x00000002, 0x00000057, 0x00000301,
+	0x00000174, 0x00000002, 0x00000057, 0x00000302,
+	0x00001e86, 0x00000002, 0x00000057, 0x00000307,
+	0x00001e84, 0x00000002, 0x00000057, 0x00000308,
+	0x00001e88, 0x00000002, 0x00000057, 0x00000323,
+	0x00001e8a, 0x00000002, 0x00000058, 0x00000307,
+	0x00001e8c, 0x00000002, 0x00000058, 0x00000308,
+	0x00001ef2, 0x00000002, 0x00000059, 0x00000300,
+	0x000000dd, 0x00000002, 0x00000059, 0x00000301,
+	0x00000176, 0x00000002, 0x00000059, 0x00000302,
+	0x00001ef8, 0x00000002, 0x00000059, 0x00000303,
+	0x00000232, 0x00000002, 0x00000059, 0x00000304,
+	0x00001e8e, 0x00000002, 0x00000059, 0x00000307,
+	0x00000178, 0x00000002, 0x00000059, 0x00000308,
+	0x00001ef6, 0x00000002, 0x00000059, 0x00000309,
+	0x00001ef4, 0x00000002, 0x00000059, 0x00000323,
+	0x00000179, 0x00000002, 0x0000005a, 0x00000301,
+	0x00001e90, 0x00000002, 0x0000005a, 0x00000302,
+	0x0000017b, 0x00000002, 0x0000005a, 0x00000307,
+	0x0000017d, 0x00000002, 0x0000005a, 0x0000030c,
+	0x00001e92, 0x00000002, 0x0000005a, 0x00000323,
+	0x00001e94, 0x00000002, 0x0000005a, 0x00000331,
+	0x000000e0, 0x00000002, 0x00000061, 0x00000300,
+	0x000000e1, 0x00000002, 0x00000061, 0x00000301,
+	0x000000e2, 0x00000002, 0x00000061, 0x00000302,
+	0x000000e3, 0x00000002, 0x00000061, 0x00000303,
+	0x00000101, 0x00000002, 0x00000061, 0x00000304,
+	0x00000103, 0x00000002, 0x00000061, 0x00000306,
+	0x00000227, 0x00000002, 0x00000061, 0x00000307,
+	0x000000e4, 0x00000002, 0x00000061, 0x00000308,
+	0x00001ea3, 0x00000002, 0x00000061, 0x00000309,
+	0x000000e5, 0x00000002, 0x00000061, 0x0000030a,
+	0x000001ce, 0x00000002, 0x00000061, 0x0000030c,
+	0x00000201, 0x00000002, 0x00000061, 0x0000030f,
+	0x00000203, 0x00000002, 0x00000061, 0x00000311,
+	0x00001ea1, 0x00000002, 0x00000061, 0x00000323,
+	0x00001e01, 0x00000002, 0x00000061, 0x00000325,
+	0x00000105, 0x00000002, 0x00000061, 0x00000328,
+	0x00001e03, 0x00000002, 0x00000062, 0x00000307,
+	0x00001e05, 0x00000002, 0x00000062, 0x00000323,
+	0x00001e07, 0x00000002, 0x00000062, 0x00000331,
+	0x00000107, 0x00000002, 0x00000063, 0x00000301,
+	0x00000109, 0x00000002, 0x00000063, 0x00000302,
+	0x0000010b, 0x00000002, 0x00000063, 0x00000307,
+	0x0000010d, 0x00000002, 0x00000063, 0x0000030c,
+	0x000000e7, 0x00000002, 0x00000063, 0x00000327,
+	0x00001e0b, 0x00000002, 0x00000064, 0x00000307,
+	0x0000010f, 0x00000002, 0x00000064, 0x0000030c,
+	0x00001e0d, 0x00000002, 0x00000064, 0x00000323,
+	0x00001e11, 0x00000002, 0x00000064, 0x00000327,
+	0x00001e13, 0x00000002, 0x00000064, 0x0000032d,
+	0x00001e0f, 0x00000002, 0x00000064, 0x00000331,
+	0x000000e8, 0x00000002, 0x00000065, 0x00000300,
+	0x000000e9, 0x00000002, 0x00000065, 0x00000301,
+	0x000000ea, 0x00000002, 0x00000065, 0x00000302,
+	0x00001ebd, 0x00000002, 0x00000065, 0x00000303,
+	0x00000113, 0x00000002, 0x00000065, 0x00000304,
+	0x00000115, 0x00000002, 0x00000065, 0x00000306,
+	0x00000117, 0x00000002, 0x00000065, 0x00000307,
+	0x000000eb, 0x00000002, 0x00000065, 0x00000308,
+	0x00001ebb, 0x00000002, 0x00000065, 0x00000309,
+	0x0000011b, 0x00000002, 0x00000065, 0x0000030c,
+	0x00000205, 0x00000002, 0x00000065, 0x0000030f,
+	0x00000207, 0x00000002, 0x00000065, 0x00000311,
+	0x00001eb9, 0x00000002, 0x00000065, 0x00000323,
+	0x00000229, 0x00000002, 0x00000065, 0x00000327,
+	0x00000119, 0x00000002, 0x00000065, 0x00000328,
+	0x00001e19, 0x00000002, 0x00000065, 0x0000032d,
+	0x00001e1b, 0x00000002, 0x00000065, 0x00000330,
+	0x00001e1f, 0x00000002, 0x00000066, 0x00000307,
+	0x000001f5, 0x00000002, 0x00000067, 0x00000301,
+	0x0000011d, 0x00000002, 0x00000067, 0x00000302,
+	0x00001e21, 0x00000002, 0x00000067, 0x00000304,
+	0x0000011f, 0x00000002, 0x00000067, 0x00000306,
+	0x00000121, 0x00000002, 0x00000067, 0x00000307,
+	0x000001e7, 0x00000002, 0x00000067, 0x0000030c,
+	0x00000123, 0x00000002, 0x00000067, 0x00000327,
+	0x00000125, 0x00000002, 0x00000068, 0x00000302,
+	0x00001e23, 0x00000002, 0x00000068, 0x00000307,
+	0x00001e27, 0x00000002, 0x00000068, 0x00000308,
+	0x0000021f, 0x00000002, 0x00000068, 0x0000030c,
+	0x00001e25, 0x00000002, 0x00000068, 0x00000323,
+	0x00001e29, 0x00000002, 0x00000068, 0x00000327,
+	0x00001e2b, 0x00000002, 0x00000068, 0x0000032e,
+	0x00001e96, 0x00000002, 0x00000068, 0x00000331,
+	0x000000ec, 0x00000002, 0x00000069, 0x00000300,
+	0x000000ed, 0x00000002, 0x00000069, 0x00000301,
+	0x000000ee, 0x00000002, 0x00000069, 0x00000302,
+	0x00000129, 0x00000002, 0x00000069, 0x00000303,
+	0x0000012b, 0x00000002, 0x00000069, 0x00000304,
+	0x0000012d, 0x00000002, 0x00000069, 0x00000306,
+	0x000000ef, 0x00000002, 0x00000069, 0x00000308,
+	0x00001ec9, 0x00000002, 0x00000069, 0x00000309,
+	0x000001d0, 0x00000002, 0x00000069, 0x0000030c,
+	0x00000209, 0x00000002, 0x00000069, 0x0000030f,
+	0x0000020b, 0x00000002, 0x00000069, 0x00000311,
+	0x00001ecb, 0x00000002, 0x00000069, 0x00000323,
+	0x0000012f, 0x00000002, 0x00000069, 0x00000328,
+	0x00001e2d, 0x00000002, 0x00000069, 0x00000330,
+	0x00000135, 0x00000002, 0x0000006a, 0x00000302,
+	0x000001f0, 0x00000002, 0x0000006a, 0x0000030c,
+	0x00001e31, 0x00000002, 0x0000006b, 0x00000301,
+	0x000001e9, 0x00000002, 0x0000006b, 0x0000030c,
+	0x00001e33, 0x00000002, 0x0000006b, 0x00000323,
+	0x00000137, 0x00000002, 0x0000006b, 0x00000327,
+	0x00001e35, 0x00000002, 0x0000006b, 0x00000331,
+	0x0000013a, 0x00000002, 0x0000006c, 0x00000301,
+	0x0000013e, 0x00000002, 0x0000006c, 0x0000030c,
+	0x00001e37, 0x00000002, 0x0000006c, 0x00000323,
+	0x0000013c, 0x00000002, 0x0000006c, 0x00000327,
+	0x00001e3d, 0x00000002, 0x0000006c, 0x0000032d,
+	0x00001e3b, 0x00000002, 0x0000006c, 0x00000331,
+	0x00001e3f, 0x00000002, 0x0000006d, 0x00000301,
+	0x00001e41, 0x00000002, 0x0000006d, 0x00000307,
+	0x00001e43, 0x00000002, 0x0000006d, 0x00000323,
+	0x000001f9, 0x00000002, 0x0000006e, 0x00000300,
+	0x00000144, 0x00000002, 0x0000006e, 0x00000301,
+	0x000000f1, 0x00000002, 0x0000006e, 0x00000303,
+	0x00001e45, 0x00000002, 0x0000006e, 0x00000307,
+	0x00000148, 0x00000002, 0x0000006e, 0x0000030c,
+	0x00001e47, 0x00000002, 0x0000006e, 0x00000323,
+	0x00000146, 0x00000002, 0x0000006e, 0x00000327,
+	0x00001e4b, 0x00000002, 0x0000006e, 0x0000032d,
+	0x00001e49, 0x00000002, 0x0000006e, 0x00000331,
+	0x000000f2, 0x00000002, 0x0000006f, 0x00000300,
+	0x000000f3, 0x00000002, 0x0000006f, 0x00000301,
+	0x000000f4, 0x00000002, 0x0000006f, 0x00000302,
+	0x000000f5, 0x00000002, 0x0000006f, 0x00000303,
+	0x0000014d, 0x00000002, 0x0000006f, 0x00000304,
+	0x0000014f, 0x00000002, 0x0000006f, 0x00000306,
+	0x0000022f, 0x00000002, 0x0000006f, 0x00000307,
+	0x000000f6, 0x00000002, 0x0000006f, 0x00000308,
+	0x00001ecf, 0x00000002, 0x0000006f, 0x00000309,
+	0x00000151, 0x00000002, 0x0000006f, 0x0000030b,
+	0x000001d2, 0x00000002, 0x0000006f, 0x0000030c,
+	0x0000020d, 0x00000002, 0x0000006f, 0x0000030f,
+	0x0000020f, 0x00000002, 0x0000006f, 0x00000311,
+	0x000001a1, 0x00000002, 0x0000006f, 0x0000031b,
+	0x00001ecd, 0x00000002, 0x0000006f, 0x00000323,
+	0x000001eb, 0x00000002, 0x0000006f, 0x00000328,
+	0x00001e55, 0x00000002, 0x00000070, 0x00000301,
+	0x00001e57, 0x00000002, 0x00000070, 0x00000307,
+	0x00000155, 0x00000002, 0x00000072, 0x00000301,
+	0x00001e59, 0x00000002, 0x00000072, 0x00000307,
+	0x00000159, 0x00000002, 0x00000072, 0x0000030c,
+	0x00000211, 0x00000002, 0x00000072, 0x0000030f,
+	0x00000213, 0x00000002, 0x00000072, 0x00000311,
+	0x00001e5b, 0x00000002, 0x00000072, 0x00000323,
+	0x00000157, 0x00000002, 0x00000072, 0x00000327,
+	0x00001e5f, 0x00000002, 0x00000072, 0x00000331,
+	0x0000015b, 0x00000002, 0x00000073, 0x00000301,
+	0x0000015d, 0x00000002, 0x00000073, 0x00000302,
+	0x00001e61, 0x00000002, 0x00000073, 0x00000307,
+	0x00000161, 0x00000002, 0x00000073, 0x0000030c,
+	0x00001e63, 0x00000002, 0x00000073, 0x00000323,
+	0x00000219, 0x00000002, 0x00000073, 0x00000326,
+	0x0000015f, 0x00000002, 0x00000073, 0x00000327,
+	0x00001e6b, 0x00000002, 0x00000074, 0x00000307,
+	0x00001e97, 0x00000002, 0x00000074, 0x00000308,
+	0x00000165, 0x00000002, 0x00000074, 0x0000030c,
+	0x00001e6d, 0x00000002, 0x00000074, 0x00000323,
+	0x0000021b, 0x00000002, 0x00000074, 0x00000326,
+	0x00000163, 0x00000002, 0x00000074, 0x00000327,
+	0x00001e71, 0x00000002, 0x00000074, 0x0000032d,
+	0x00001e6f, 0x00000002, 0x00000074, 0x00000331,
+	0x000000f9, 0x00000002, 0x00000075, 0x00000300,
+	0x000000fa, 0x00000002, 0x00000075, 0x00000301,
+	0x000000fb, 0x00000002, 0x00000075, 0x00000302,
+	0x00000169, 0x00000002, 0x00000075, 0x00000303,
+	0x0000016b, 0x00000002, 0x00000075, 0x00000304,
+	0x0000016d, 0x00000002, 0x00000075, 0x00000306,
+	0x000000fc, 0x00000002, 0x00000075, 0x00000308,
+	0x00001ee7, 0x00000002, 0x00000075, 0x00000309,
+	0x0000016f, 0x00000002, 0x00000075, 0x0000030a,
+	0x00000171, 0x00000002, 0x00000075, 0x0000030b,
+	0x000001d4, 0x00000002, 0x00000075, 0x0000030c,
+	0x00000215, 0x00000002, 0x00000075, 0x0000030f,
+	0x00000217, 0x00000002, 0x00000075, 0x00000311,
+	0x000001b0, 0x00000002, 0x00000075, 0x0000031b,
+	0x00001ee5, 0x00000002, 0x00000075, 0x00000323,
+	0x00001e73, 0x00000002, 0x00000075, 0x00000324,
+	0x00000173, 0x00000002, 0x00000075, 0x00000328,
+	0x00001e77, 0x00000002, 0x00000075, 0x0000032d,
+	0x00001e75, 0x00000002, 0x00000075, 0x00000330,
+	0x00001e7d, 0x00000002, 0x00000076, 0x00000303,
+	0x00001e7f, 0x00000002, 0x00000076, 0x00000323,
+	0x00001e81, 0x00000002, 0x00000077, 0x00000300,
+	0x00001e83, 0x00000002, 0x00000077, 0x00000301,
+	0x00000175, 0x00000002, 0x00000077, 0x00000302,
+	0x00001e87, 0x00000002, 0x00000077, 0x00000307,
+	0x00001e85, 0x00000002, 0x00000077, 0x00000308,
+	0x00001e98, 0x00000002, 0x00000077, 0x0000030a,
+	0x00001e89, 0x00000002, 0x00000077, 0x00000323,
+	0x00001e8b, 0x00000002, 0x00000078, 0x00000307,
+	0x00001e8d, 0x00000002, 0x00000078, 0x00000308,
+	0x00001ef3, 0x00000002, 0x00000079, 0x00000300,
+	0x000000fd, 0x00000002, 0x00000079, 0x00000301,
+	0x00000177, 0x00000002, 0x00000079, 0x00000302,
+	0x00001ef9, 0x00000002, 0x00000079, 0x00000303,
+	0x00000233, 0x00000002, 0x00000079, 0x00000304,
+	0x00001e8f, 0x00000002, 0x00000079, 0x00000307,
+	0x000000ff, 0x00000002, 0x00000079, 0x00000308,
+	0x00001ef7, 0x00000002, 0x00000079, 0x00000309,
+	0x00001e99, 0x00000002, 0x00000079, 0x0000030a,
+	0x00001ef5, 0x00000002, 0x00000079, 0x00000323,
+	0x0000017a, 0x00000002, 0x0000007a, 0x00000301,
+	0x00001e91, 0x00000002, 0x0000007a, 0x00000302,
+	0x0000017c, 0x00000002, 0x0000007a, 0x00000307,
+	0x0000017e, 0x00000002, 0x0000007a, 0x0000030c,
+	0x00001e93, 0x00000002, 0x0000007a, 0x00000323,
+	0x00001e95, 0x00000002, 0x0000007a, 0x00000331,
+	0x00001fed, 0x00000002, 0x000000a8, 0x00000300,
+	0x00000385, 0x00000002, 0x000000a8, 0x00000301,
+	0x00001fc1, 0x00000002, 0x000000a8, 0x00000342,
+	0x00001ea6, 0x00000002, 0x000000c2, 0x00000300,
+	0x00001ea4, 0x00000002, 0x000000c2, 0x00000301,
+	0x00001eaa, 0x00000002, 0x000000c2, 0x00000303,
+	0x00001ea8, 0x00000002, 0x000000c2, 0x00000309,
+	0x000001de, 0x00000002, 0x000000c4, 0x00000304,
+	0x000001fa, 0x00000002, 0x000000c5, 0x00000301,
+	0x000001fc, 0x00000002, 0x000000c6, 0x00000301,
+	0x000001e2, 0x00000002, 0x000000c6, 0x00000304,
+	0x00001e08, 0x00000002, 0x000000c7, 0x00000301,
+	0x00001ec0, 0x00000002, 0x000000ca, 0x00000300,
+	0x00001ebe, 0x00000002, 0x000000ca, 0x00000301,
+	0x00001ec4, 0x00000002, 0x000000ca, 0x00000303,
+	0x00001ec2, 0x00000002, 0x000000ca, 0x00000309,
+	0x00001e2e, 0x00000002, 0x000000cf, 0x00000301,
+	0x00001ed2, 0x00000002, 0x000000d4, 0x00000300,
+	0x00001ed0, 0x00000002, 0x000000d4, 0x00000301,
+	0x00001ed6, 0x00000002, 0x000000d4, 0x00000303,
+	0x00001ed4, 0x00000002, 0x000000d4, 0x00000309,
+	0x00001e4c, 0x00000002, 0x000000d5, 0x00000301,
+	0x0000022c, 0x00000002, 0x000000d5, 0x00000304,
+	0x00001e4e, 0x00000002, 0x000000d5, 0x00000308,
+	0x0000022a, 0x00000002, 0x000000d6, 0x00000304,
+	0x000001fe, 0x00000002, 0x000000d8, 0x00000301,
+	0x000001db, 0x00000002, 0x000000dc, 0x00000300,
+	0x000001d7, 0x00000002, 0x000000dc, 0x00000301,
+	0x000001d5, 0x00000002, 0x000000dc, 0x00000304,
+	0x000001d9, 0x00000002, 0x000000dc, 0x0000030c,
+	0x00001ea7, 0x00000002, 0x000000e2, 0x00000300,
+	0x00001ea5, 0x00000002, 0x000000e2, 0x00000301,
+	0x00001eab, 0x00000002, 0x000000e2, 0x00000303,
+	0x00001ea9, 0x00000002, 0x000000e2, 0x00000309,
+	0x000001df, 0x00000002, 0x000000e4, 0x00000304,
+	0x000001fb, 0x00000002, 0x000000e5, 0x00000301,
+	0x000001fd, 0x00000002, 0x000000e6, 0x00000301,
+	0x000001e3, 0x00000002, 0x000000e6, 0x00000304,
+	0x00001e09, 0x00000002, 0x000000e7, 0x00000301,
+	0x00001ec1, 0x00000002, 0x000000ea, 0x00000300,
+	0x00001ebf, 0x00000002, 0x000000ea, 0x00000301,
+	0x00001ec5, 0x00000002, 0x000000ea, 0x00000303,
+	0x00001ec3, 0x00000002, 0x000000ea, 0x00000309,
+	0x00001e2f, 0x00000002, 0x000000ef, 0x00000301,
+	0x00001ed3, 0x00000002, 0x000000f4, 0x00000300,
+	0x00001ed1, 0x00000002, 0x000000f4, 0x00000301,
+	0x00001ed7, 0x00000002, 0x000000f4, 0x00000303,
+	0x00001ed5, 0x00000002, 0x000000f4, 0x00000309,
+	0x00001e4d, 0x00000002, 0x000000f5, 0x00000301,
+	0x0000022d, 0x00000002, 0x000000f5, 0x00000304,
+	0x00001e4f, 0x00000002, 0x000000f5, 0x00000308,
+	0x0000022b, 0x00000002, 0x000000f6, 0x00000304,
+	0x000001ff, 0x00000002, 0x000000f8, 0x00000301,
+	0x000001dc, 0x00000002, 0x000000fc, 0x00000300,
+	0x000001d8, 0x00000002, 0x000000fc, 0x00000301,
+	0x000001d6, 0x00000002, 0x000000fc, 0x00000304,
+	0x000001da, 0x00000002, 0x000000fc, 0x0000030c,
+	0x00001eb0, 0x00000002, 0x00000102, 0x00000300,
+	0x00001eae, 0x00000002, 0x00000102, 0x00000301,
+	0x00001eb4, 0x00000002, 0x00000102, 0x00000303,
+	0x00001eb2, 0x00000002, 0x00000102, 0x00000309,
+	0x00001eb1, 0x00000002, 0x00000103, 0x00000300,
+	0x00001eaf, 0x00000002, 0x00000103, 0x00000301,
+	0x00001eb5, 0x00000002, 0x00000103, 0x00000303,
+	0x00001eb3, 0x00000002, 0x00000103, 0x00000309,
+	0x00001e14, 0x00000002, 0x00000112, 0x00000300,
+	0x00001e16, 0x00000002, 0x00000112, 0x00000301,
+	0x00001e15, 0x00000002, 0x00000113, 0x00000300,
+	0x00001e17, 0x00000002, 0x00000113, 0x00000301,
+	0x00001e50, 0x00000002, 0x0000014c, 0x00000300,
+	0x00001e52, 0x00000002, 0x0000014c, 0x00000301,
+	0x00001e51, 0x00000002, 0x0000014d, 0x00000300,
+	0x00001e53, 0x00000002, 0x0000014d, 0x00000301,
+	0x00001e64, 0x00000002, 0x0000015a, 0x00000307,
+	0x00001e65, 0x00000002, 0x0000015b, 0x00000307,
+	0x00001e66, 0x00000002, 0x00000160, 0x00000307,
+	0x00001e67, 0x00000002, 0x00000161, 0x00000307,
+	0x00001e78, 0x00000002, 0x00000168, 0x00000301,
+	0x00001e79, 0x00000002, 0x00000169, 0x00000301,
+	0x00001e7a, 0x00000002, 0x0000016a, 0x00000308,
+	0x00001e7b, 0x00000002, 0x0000016b, 0x00000308,
+	0x00001e9b, 0x00000002, 0x0000017f, 0x00000307,
+	0x00001edc, 0x00000002, 0x000001a0, 0x00000300,
+	0x00001eda, 0x00000002, 0x000001a0, 0x00000301,
+	0x00001ee0, 0x00000002, 0x000001a0, 0x00000303,
+	0x00001ede, 0x00000002, 0x000001a0, 0x00000309,
+	0x00001ee2, 0x00000002, 0x000001a0, 0x00000323,
+	0x00001edd, 0x00000002, 0x000001a1, 0x00000300,
+	0x00001edb, 0x00000002, 0x000001a1, 0x00000301,
+	0x00001ee1, 0x00000002, 0x000001a1, 0x00000303,
+	0x00001edf, 0x00000002, 0x000001a1, 0x00000309,
+	0x00001ee3, 0x00000002, 0x000001a1, 0x00000323,
+	0x00001eea, 0x00000002, 0x000001af, 0x00000300,
+	0x00001ee8, 0x00000002, 0x000001af, 0x00000301,
+	0x00001eee, 0x00000002, 0x000001af, 0x00000303,
+	0x00001eec, 0x00000002, 0x000001af, 0x00000309,
+	0x00001ef0, 0x00000002, 0x000001af, 0x00000323,
+	0x00001eeb, 0x00000002, 0x000001b0, 0x00000300,
+	0x00001ee9, 0x00000002, 0x000001b0, 0x00000301,
+	0x00001eef, 0x00000002, 0x000001b0, 0x00000303,
+	0x00001eed, 0x00000002, 0x000001b0, 0x00000309,
+	0x00001ef1, 0x00000002, 0x000001b0, 0x00000323,
+	0x000001ee, 0x00000002, 0x000001b7, 0x0000030c,
+	0x000001ec, 0x00000002, 0x000001ea, 0x00000304,
+	0x000001ed, 0x00000002, 0x000001eb, 0x00000304,
+	0x000001e0, 0x00000002, 0x00000226, 0x00000304,
+	0x000001e1, 0x00000002, 0x00000227, 0x00000304,
+	0x00001e1c, 0x00000002, 0x00000228, 0x00000306,
+	0x00001e1d, 0x00000002, 0x00000229, 0x00000306,
+	0x00000230, 0x00000002, 0x0000022e, 0x00000304,
+	0x00000231, 0x00000002, 0x0000022f, 0x00000304,
+	0x000001ef, 0x00000002, 0x00000292, 0x0000030c,
+	0x00000344, 0x00000002, 0x00000308, 0x00000301,
+	0x00001fba, 0x00000002, 0x00000391, 0x00000300,
+	0x00000386, 0x00000002, 0x00000391, 0x00000301,
+	0x00001fb9, 0x00000002, 0x00000391, 0x00000304,
+	0x00001fb8, 0x00000002, 0x00000391, 0x00000306,
+	0x00001f08, 0x00000002, 0x00000391, 0x00000313,
+	0x00001f09, 0x00000002, 0x00000391, 0x00000314,
+	0x00001fbc, 0x00000002, 0x00000391, 0x00000345,
+	0x00001fc8, 0x00000002, 0x00000395, 0x00000300,
+	0x00000388, 0x00000002, 0x00000395, 0x00000301,
+	0x00001f18, 0x00000002, 0x00000395, 0x00000313,
+	0x00001f19, 0x00000002, 0x00000395, 0x00000314,
+	0x00001fca, 0x00000002, 0x00000397, 0x00000300,
+	0x00000389, 0x00000002, 0x00000397, 0x00000301,
+	0x00001f28, 0x00000002, 0x00000397, 0x00000313,
+	0x00001f29, 0x00000002, 0x00000397, 0x00000314,
+	0x00001fcc, 0x00000002, 0x00000397, 0x00000345,
+	0x00001fda, 0x00000002, 0x00000399, 0x00000300,
+	0x0000038a, 0x00000002, 0x00000399, 0x00000301,
+	0x00001fd9, 0x00000002, 0x00000399, 0x00000304,
+	0x00001fd8, 0x00000002, 0x00000399, 0x00000306,
+	0x000003aa, 0x00000002, 0x00000399, 0x00000308,
+	0x00001f38, 0x00000002, 0x00000399, 0x00000313,
+	0x00001f39, 0x00000002, 0x00000399, 0x00000314,
+	0x00001ff8, 0x00000002, 0x0000039f, 0x00000300,
+	0x0000038c, 0x00000002, 0x0000039f, 0x00000301,
+	0x00001f48, 0x00000002, 0x0000039f, 0x00000313,
+	0x00001f49, 0x00000002, 0x0000039f, 0x00000314,
+	0x00001fec, 0x00000002, 0x000003a1, 0x00000314,
+	0x00001fea, 0x00000002, 0x000003a5, 0x00000300,
+	0x0000038e, 0x00000002, 0x000003a5, 0x00000301,
+	0x00001fe9, 0x00000002, 0x000003a5, 0x00000304,
+	0x00001fe8, 0x00000002, 0x000003a5, 0x00000306,
+	0x000003ab, 0x00000002, 0x000003a5, 0x00000308,
+	0x00001f59, 0x00000002, 0x000003a5, 0x00000314,
+	0x00001ffa, 0x00000002, 0x000003a9, 0x00000300,
+	0x0000038f, 0x00000002, 0x000003a9, 0x00000301,
+	0x00001f68, 0x00000002, 0x000003a9, 0x00000313,
+	0x00001f69, 0x00000002, 0x000003a9, 0x00000314,
+	0x00001ffc, 0x00000002, 0x000003a9, 0x00000345,
+	0x00001fb4, 0x00000002, 0x000003ac, 0x00000345,
+	0x00001fc4, 0x00000002, 0x000003ae, 0x00000345,
+	0x00001f70, 0x00000002, 0x000003b1, 0x00000300,
+	0x000003ac, 0x00000002, 0x000003b1, 0x00000301,
+	0x00001fb1, 0x00000002, 0x000003b1, 0x00000304,
+	0x00001fb0, 0x00000002, 0x000003b1, 0x00000306,
+	0x00001f00, 0x00000002, 0x000003b1, 0x00000313,
+	0x00001f01, 0x00000002, 0x000003b1, 0x00000314,
+	0x00001fb6, 0x00000002, 0x000003b1, 0x00000342,
+	0x00001fb3, 0x00000002, 0x000003b1, 0x00000345,
+	0x00001f72, 0x00000002, 0x000003b5, 0x00000300,
+	0x000003ad, 0x00000002, 0x000003b5, 0x00000301,
+	0x00001f10, 0x00000002, 0x000003b5, 0x00000313,
+	0x00001f11, 0x00000002, 0x000003b5, 0x00000314,
+	0x00001f74, 0x00000002, 0x000003b7, 0x00000300,
+	0x000003ae, 0x00000002, 0x000003b7, 0x00000301,
+	0x00001f20, 0x00000002, 0x000003b7, 0x00000313,
+	0x00001f21, 0x00000002, 0x000003b7, 0x00000314,
+	0x00001fc6, 0x00000002, 0x000003b7, 0x00000342,
+	0x00001fc3, 0x00000002, 0x000003b7, 0x00000345,
+	0x00001f76, 0x00000002, 0x000003b9, 0x00000300,
+	0x000003af, 0x00000002, 0x000003b9, 0x00000301,
+	0x00001fd1, 0x00000002, 0x000003b9, 0x00000304,
+	0x00001fd0, 0x00000002, 0x000003b9, 0x00000306,
+	0x000003ca, 0x00000002, 0x000003b9, 0x00000308,
+	0x00001f30, 0x00000002, 0x000003b9, 0x00000313,
+	0x00001f31, 0x00000002, 0x000003b9, 0x00000314,
+	0x00001fd6, 0x00000002, 0x000003b9, 0x00000342,
+	0x00001f78, 0x00000002, 0x000003bf, 0x00000300,
+	0x000003cc, 0x00000002, 0x000003bf, 0x00000301,
+	0x00001f40, 0x00000002, 0x000003bf, 0x00000313,
+	0x00001f41, 0x00000002, 0x000003bf, 0x00000314,
+	0x00001fe4, 0x00000002, 0x000003c1, 0x00000313,
+	0x00001fe5, 0x00000002, 0x000003c1, 0x00000314,
+	0x00001f7a, 0x00000002, 0x000003c5, 0x00000300,
+	0x000003cd, 0x00000002, 0x000003c5, 0x00000301,
+	0x00001fe1, 0x00000002, 0x000003c5, 0x00000304,
+	0x00001fe0, 0x00000002, 0x000003c5, 0x00000306,
+	0x000003cb, 0x00000002, 0x000003c5, 0x00000308,
+	0x00001f50, 0x00000002, 0x000003c5, 0x00000313,
+	0x00001f51, 0x00000002, 0x000003c5, 0x00000314,
+	0x00001fe6, 0x00000002, 0x000003c5, 0x00000342,
+	0x00001f7c, 0x00000002, 0x000003c9, 0x00000300,
+	0x000003ce, 0x00000002, 0x000003c9, 0x00000301,
+	0x00001f60, 0x00000002, 0x000003c9, 0x00000313,
+	0x00001f61, 0x00000002, 0x000003c9, 0x00000314,
+	0x00001ff6, 0x00000002, 0x000003c9, 0x00000342,
+	0x00001ff3, 0x00000002, 0x000003c9, 0x00000345,
+	0x00001fd2, 0x00000002, 0x000003ca, 0x00000300,
+	0x00000390, 0x00000002, 0x000003ca, 0x00000301,
+	0x00001fd7, 0x00000002, 0x000003ca, 0x00000342,
+	0x00001fe2, 0x00000002, 0x000003cb, 0x00000300,
+	0x000003b0, 0x00000002, 0x000003cb, 0x00000301,
+	0x00001fe7, 0x00000002, 0x000003cb, 0x00000342,
+	0x00001ff4, 0x00000002, 0x000003ce, 0x00000345,
+	0x000003d3, 0x00000002, 0x000003d2, 0x00000301,
+	0x000003d4, 0x00000002, 0x000003d2, 0x00000308,
+	0x00000407, 0x00000002, 0x00000406, 0x00000308,
+	0x000004d0, 0x00000002, 0x00000410, 0x00000306,
+	0x000004d2, 0x00000002, 0x00000410, 0x00000308,
+	0x00000403, 0x00000002, 0x00000413, 0x00000301,
+	0x00000400, 0x00000002, 0x00000415, 0x00000300,
+	0x000004d6, 0x00000002, 0x00000415, 0x00000306,
+	0x00000401, 0x00000002, 0x00000415, 0x00000308,
+	0x000004c1, 0x00000002, 0x00000416, 0x00000306,
+	0x000004dc, 0x00000002, 0x00000416, 0x00000308,
+	0x000004de, 0x00000002, 0x00000417, 0x00000308,
+	0x0000040d, 0x00000002, 0x00000418, 0x00000300,
+	0x000004e2, 0x00000002, 0x00000418, 0x00000304,
+	0x00000419, 0x00000002, 0x00000418, 0x00000306,
+	0x000004e4, 0x00000002, 0x00000418, 0x00000308,
+	0x0000040c, 0x00000002, 0x0000041a, 0x00000301,
+	0x000004e6, 0x00000002, 0x0000041e, 0x00000308,
+	0x000004ee, 0x00000002, 0x00000423, 0x00000304,
+	0x0000040e, 0x00000002, 0x00000423, 0x00000306,
+	0x000004f0, 0x00000002, 0x00000423, 0x00000308,
+	0x000004f2, 0x00000002, 0x00000423, 0x0000030b,
+	0x000004f4, 0x00000002, 0x00000427, 0x00000308,
+	0x000004f8, 0x00000002, 0x0000042b, 0x00000308,
+	0x000004ec, 0x00000002, 0x0000042d, 0x00000308,
+	0x000004d1, 0x00000002, 0x00000430, 0x00000306,
+	0x000004d3, 0x00000002, 0x00000430, 0x00000308,
+	0x00000453, 0x00000002, 0x00000433, 0x00000301,
+	0x00000450, 0x00000002, 0x00000435, 0x00000300,
+	0x000004d7, 0x00000002, 0x00000435, 0x00000306,
+	0x00000451, 0x00000002, 0x00000435, 0x00000308,
+	0x000004c2, 0x00000002, 0x00000436, 0x00000306,
+	0x000004dd, 0x00000002, 0x00000436, 0x00000308,
+	0x000004df, 0x00000002, 0x00000437, 0x00000308,
+	0x0000045d, 0x00000002, 0x00000438, 0x00000300,
+	0x000004e3, 0x00000002, 0x00000438, 0x00000304,
+	0x00000439, 0x00000002, 0x00000438, 0x00000306,
+	0x000004e5, 0x00000002, 0x00000438, 0x00000308,
+	0x0000045c, 0x00000002, 0x0000043a, 0x00000301,
+	0x000004e7, 0x00000002, 0x0000043e, 0x00000308,
+	0x000004ef, 0x00000002, 0x00000443, 0x00000304,
+	0x0000045e, 0x00000002, 0x00000443, 0x00000306,
+	0x000004f1, 0x00000002, 0x00000443, 0x00000308,
+	0x000004f3, 0x00000002, 0x00000443, 0x0000030b,
+	0x000004f5, 0x00000002, 0x00000447, 0x00000308,
+	0x000004f9, 0x00000002, 0x0000044b, 0x00000308,
+	0x000004ed, 0x00000002, 0x0000044d, 0x00000308,
+	0x00000457, 0x00000002, 0x00000456, 0x00000308,
+	0x00000476, 0x00000002, 0x00000474, 0x0000030f,
+	0x00000477, 0x00000002, 0x00000475, 0x0000030f,
+	0x000004da, 0x00000002, 0x000004d8, 0x00000308,
+	0x000004db, 0x00000002, 0x000004d9, 0x00000308,
+	0x000004ea, 0x00000002, 0x000004e8, 0x00000308,
+	0x000004eb, 0x00000002, 0x000004e9, 0x00000308,
+	0x00000622, 0x00000002, 0x00000627, 0x00000653,
+	0x00000623, 0x00000002, 0x00000627, 0x00000654,
+	0x00000625, 0x00000002, 0x00000627, 0x00000655,
+	0x00000624, 0x00000002, 0x00000648, 0x00000654,
+	0x00000626, 0x00000002, 0x0000064a, 0x00000654,
+	0x000006c2, 0x00000002, 0x000006c1, 0x00000654,
+	0x000006d3, 0x00000002, 0x000006d2, 0x00000654,
+	0x000006c0, 0x00000002, 0x000006d5, 0x00000654,
+	0x00000929, 0x00000002, 0x00000928, 0x0000093c,
+	0x00000931, 0x00000002, 0x00000930, 0x0000093c,
+	0x00000934, 0x00000002, 0x00000933, 0x0000093c,
+	0x000009cb, 0x00000002, 0x000009c7, 0x000009be,
+	0x000009cc, 0x00000002, 0x000009c7, 0x000009d7,
+	0x00000b4b, 0x00000002, 0x00000b47, 0x00000b3e,
+	0x00000b48, 0x00000002, 0x00000b47, 0x00000b56,
+	0x00000b4c, 0x00000002, 0x00000b47, 0x00000b57,
+	0x00000b94, 0x00000002, 0x00000b92, 0x00000bd7,
+	0x00000bca, 0x00000002, 0x00000bc6, 0x00000bbe,
+	0x00000bcc, 0x00000002, 0x00000bc6, 0x00000bd7,
+	0x00000bcb, 0x00000002, 0x00000bc7, 0x00000bbe,
+	0x00000c48, 0x00000002, 0x00000c46, 0x00000c56,
+	0x00000cc0, 0x00000002, 0x00000cbf, 0x00000cd5,
+	0x00000cca, 0x00000002, 0x00000cc6, 0x00000cc2,
+	0x00000cc7, 0x00000002, 0x00000cc6, 0x00000cd5,
+	0x00000cc8, 0x00000002, 0x00000cc6, 0x00000cd6,
+	0x00000ccb, 0x00000002, 0x00000cca, 0x00000cd5,
+	0x00000d4a, 0x00000002, 0x00000d46, 0x00000d3e,
+	0x00000d4c, 0x00000002, 0x00000d46, 0x00000d57,
+	0x00000d4b, 0x00000002, 0x00000d47, 0x00000d3e,
+	0x00000dda, 0x00000002, 0x00000dd9, 0x00000dca,
+	0x00000ddc, 0x00000002, 0x00000dd9, 0x00000dcf,
+	0x00000dde, 0x00000002, 0x00000dd9, 0x00000ddf,
+	0x00000ddd, 0x00000002, 0x00000ddc, 0x00000dca,
+	0x00000f73, 0x00000002, 0x00000f71, 0x00000f72,
+	0x00000f75, 0x00000002, 0x00000f71, 0x00000f74,
+	0x00000f81, 0x00000002, 0x00000f71, 0x00000f80,
+	0x00001026, 0x00000002, 0x00001025, 0x0000102e,
+	0x00001e38, 0x00000002, 0x00001e36, 0x00000304,
+	0x00001e39, 0x00000002, 0x00001e37, 0x00000304,
+	0x00001e5c, 0x00000002, 0x00001e5a, 0x00000304,
+	0x00001e5d, 0x00000002, 0x00001e5b, 0x00000304,
+	0x00001e68, 0x00000002, 0x00001e62, 0x00000307,
+	0x00001e69, 0x00000002, 0x00001e63, 0x00000307,
+	0x00001eac, 0x00000002, 0x00001ea0, 0x00000302,
+	0x00001eb6, 0x00000002, 0x00001ea0, 0x00000306,
+	0x00001ead, 0x00000002, 0x00001ea1, 0x00000302,
+	0x00001eb7, 0x00000002, 0x00001ea1, 0x00000306,
+	0x00001ec6, 0x00000002, 0x00001eb8, 0x00000302,
+	0x00001ec7, 0x00000002, 0x00001eb9, 0x00000302,
+	0x00001ed8, 0x00000002, 0x00001ecc, 0x00000302,
+	0x00001ed9, 0x00000002, 0x00001ecd, 0x00000302,
+	0x00001f02, 0x00000002, 0x00001f00, 0x00000300,
+	0x00001f04, 0x00000002, 0x00001f00, 0x00000301,
+	0x00001f06, 0x00000002, 0x00001f00, 0x00000342,
+	0x00001f80, 0x00000002, 0x00001f00, 0x00000345,
+	0x00001f03, 0x00000002, 0x00001f01, 0x00000300,
+	0x00001f05, 0x00000002, 0x00001f01, 0x00000301,
+	0x00001f07, 0x00000002, 0x00001f01, 0x00000342,
+	0x00001f81, 0x00000002, 0x00001f01, 0x00000345,
+	0x00001f82, 0x00000002, 0x00001f02, 0x00000345,
+	0x00001f83, 0x00000002, 0x00001f03, 0x00000345,
+	0x00001f84, 0x00000002, 0x00001f04, 0x00000345,
+	0x00001f85, 0x00000002, 0x00001f05, 0x00000345,
+	0x00001f86, 0x00000002, 0x00001f06, 0x00000345,
+	0x00001f87, 0x00000002, 0x00001f07, 0x00000345,
+	0x00001f0a, 0x00000002, 0x00001f08, 0x00000300,
+	0x00001f0c, 0x00000002, 0x00001f08, 0x00000301,
+	0x00001f0e, 0x00000002, 0x00001f08, 0x00000342,
+	0x00001f88, 0x00000002, 0x00001f08, 0x00000345,
+	0x00001f0b, 0x00000002, 0x00001f09, 0x00000300,
+	0x00001f0d, 0x00000002, 0x00001f09, 0x00000301,
+	0x00001f0f, 0x00000002, 0x00001f09, 0x00000342,
+	0x00001f89, 0x00000002, 0x00001f09, 0x00000345,
+	0x00001f8a, 0x00000002, 0x00001f0a, 0x00000345,
+	0x00001f8b, 0x00000002, 0x00001f0b, 0x00000345,
+	0x00001f8c, 0x00000002, 0x00001f0c, 0x00000345,
+	0x00001f8d, 0x00000002, 0x00001f0d, 0x00000345,
+	0x00001f8e, 0x00000002, 0x00001f0e, 0x00000345,
+	0x00001f8f, 0x00000002, 0x00001f0f, 0x00000345,
+	0x00001f12, 0x00000002, 0x00001f10, 0x00000300,
+	0x00001f14, 0x00000002, 0x00001f10, 0x00000301,
+	0x00001f13, 0x00000002, 0x00001f11, 0x00000300,
+	0x00001f15, 0x00000002, 0x00001f11, 0x00000301,
+	0x00001f1a, 0x00000002, 0x00001f18, 0x00000300,
+	0x00001f1c, 0x00000002, 0x00001f18, 0x00000301,
+	0x00001f1b, 0x00000002, 0x00001f19, 0x00000300,
+	0x00001f1d, 0x00000002, 0x00001f19, 0x00000301,
+	0x00001f22, 0x00000002, 0x00001f20, 0x00000300,
+	0x00001f24, 0x00000002, 0x00001f20, 0x00000301,
+	0x00001f26, 0x00000002, 0x00001f20, 0x00000342,
+	0x00001f90, 0x00000002, 0x00001f20, 0x00000345,
+	0x00001f23, 0x00000002, 0x00001f21, 0x00000300,
+	0x00001f25, 0x00000002, 0x00001f21, 0x00000301,
+	0x00001f27, 0x00000002, 0x00001f21, 0x00000342,
+	0x00001f91, 0x00000002, 0x00001f21, 0x00000345,
+	0x00001f92, 0x00000002, 0x00001f22, 0x00000345,
+	0x00001f93, 0x00000002, 0x00001f23, 0x00000345,
+	0x00001f94, 0x00000002, 0x00001f24, 0x00000345,
+	0x00001f95, 0x00000002, 0x00001f25, 0x00000345,
+	0x00001f96, 0x00000002, 0x00001f26, 0x00000345,
+	0x00001f97, 0x00000002, 0x00001f27, 0x00000345,
+	0x00001f2a, 0x00000002, 0x00001f28, 0x00000300,
+	0x00001f2c, 0x00000002, 0x00001f28, 0x00000301,
+	0x00001f2e, 0x00000002, 0x00001f28, 0x00000342,
+	0x00001f98, 0x00000002, 0x00001f28, 0x00000345,
+	0x00001f2b, 0x00000002, 0x00001f29, 0x00000300,
+	0x00001f2d, 0x00000002, 0x00001f29, 0x00000301,
+	0x00001f2f, 0x00000002, 0x00001f29, 0x00000342,
+	0x00001f99, 0x00000002, 0x00001f29, 0x00000345,
+	0x00001f9a, 0x00000002, 0x00001f2a, 0x00000345,
+	0x00001f9b, 0x00000002, 0x00001f2b, 0x00000345,
+	0x00001f9c, 0x00000002, 0x00001f2c, 0x00000345,
+	0x00001f9d, 0x00000002, 0x00001f2d, 0x00000345,
+	0x00001f9e, 0x00000002, 0x00001f2e, 0x00000345,
+	0x00001f9f, 0x00000002, 0x00001f2f, 0x00000345,
+	0x00001f32, 0x00000002, 0x00001f30, 0x00000300,
+	0x00001f34, 0x00000002, 0x00001f30, 0x00000301,
+	0x00001f36, 0x00000002, 0x00001f30, 0x00000342,
+	0x00001f33, 0x00000002, 0x00001f31, 0x00000300,
+	0x00001f35, 0x00000002, 0x00001f31, 0x00000301,
+	0x00001f37, 0x00000002, 0x00001f31, 0x00000342,
+	0x00001f3a, 0x00000002, 0x00001f38, 0x00000300,
+	0x00001f3c, 0x00000002, 0x00001f38, 0x00000301,
+	0x00001f3e, 0x00000002, 0x00001f38, 0x00000342,
+	0x00001f3b, 0x00000002, 0x00001f39, 0x00000300,
+	0x00001f3d, 0x00000002, 0x00001f39, 0x00000301,
+	0x00001f3f, 0x00000002, 0x00001f39, 0x00000342,
+	0x00001f42, 0x00000002, 0x00001f40, 0x00000300,
+	0x00001f44, 0x00000002, 0x00001f40, 0x00000301,
+	0x00001f43, 0x00000002, 0x00001f41, 0x00000300,
+	0x00001f45, 0x00000002, 0x00001f41, 0x00000301,
+	0x00001f4a, 0x00000002, 0x00001f48, 0x00000300,
+	0x00001f4c, 0x00000002, 0x00001f48, 0x00000301,
+	0x00001f4b, 0x00000002, 0x00001f49, 0x00000300,
+	0x00001f4d, 0x00000002, 0x00001f49, 0x00000301,
+	0x00001f52, 0x00000002, 0x00001f50, 0x00000300,
+	0x00001f54, 0x00000002, 0x00001f50, 0x00000301,
+	0x00001f56, 0x00000002, 0x00001f50, 0x00000342,
+	0x00001f53, 0x00000002, 0x00001f51, 0x00000300,
+	0x00001f55, 0x00000002, 0x00001f51, 0x00000301,
+	0x00001f57, 0x00000002, 0x00001f51, 0x00000342,
+	0x00001f5b, 0x00000002, 0x00001f59, 0x00000300,
+	0x00001f5d, 0x00000002, 0x00001f59, 0x00000301,
+	0x00001f5f, 0x00000002, 0x00001f59, 0x00000342,
+	0x00001f62, 0x00000002, 0x00001f60, 0x00000300,
+	0x00001f64, 0x00000002, 0x00001f60, 0x00000301,
+	0x00001f66, 0x00000002, 0x00001f60, 0x00000342,
+	0x00001fa0, 0x00000002, 0x00001f60, 0x00000345,
+	0x00001f63, 0x00000002, 0x00001f61, 0x00000300,
+	0x00001f65, 0x00000002, 0x00001f61, 0x00000301,
+	0x00001f67, 0x00000002, 0x00001f61, 0x00000342,
+	0x00001fa1, 0x00000002, 0x00001f61, 0x00000345,
+	0x00001fa2, 0x00000002, 0x00001f62, 0x00000345,
+	0x00001fa3, 0x00000002, 0x00001f63, 0x00000345,
+	0x00001fa4, 0x00000002, 0x00001f64, 0x00000345,
+	0x00001fa5, 0x00000002, 0x00001f65, 0x00000345,
+	0x00001fa6, 0x00000002, 0x00001f66, 0x00000345,
+	0x00001fa7, 0x00000002, 0x00001f67, 0x00000345,
+	0x00001f6a, 0x00000002, 0x00001f68, 0x00000300,
+	0x00001f6c, 0x00000002, 0x00001f68, 0x00000301,
+	0x00001f6e, 0x00000002, 0x00001f68, 0x00000342,
+	0x00001fa8, 0x00000002, 0x00001f68, 0x00000345,
+	0x00001f6b, 0x00000002, 0x00001f69, 0x00000300,
+	0x00001f6d, 0x00000002, 0x00001f69, 0x00000301,
+	0x00001f6f, 0x00000002, 0x00001f69, 0x00000342,
+	0x00001fa9, 0x00000002, 0x00001f69, 0x00000345,
+	0x00001faa, 0x00000002, 0x00001f6a, 0x00000345,
+	0x00001fab, 0x00000002, 0x00001f6b, 0x00000345,
+	0x00001fac, 0x00000002, 0x00001f6c, 0x00000345,
+	0x00001fad, 0x00000002, 0x00001f6d, 0x00000345,
+	0x00001fae, 0x00000002, 0x00001f6e, 0x00000345,
+	0x00001faf, 0x00000002, 0x00001f6f, 0x00000345,
+	0x00001fb2, 0x00000002, 0x00001f70, 0x00000345,
+	0x00001fc2, 0x00000002, 0x00001f74, 0x00000345,
+	0x00001ff2, 0x00000002, 0x00001f7c, 0x00000345,
+	0x00001fb7, 0x00000002, 0x00001fb6, 0x00000345,
+	0x00001fcd, 0x00000002, 0x00001fbf, 0x00000300,
+	0x00001fce, 0x00000002, 0x00001fbf, 0x00000301,
+	0x00001fcf, 0x00000002, 0x00001fbf, 0x00000342,
+	0x00001fc7, 0x00000002, 0x00001fc6, 0x00000345,
+	0x00001ff7, 0x00000002, 0x00001ff6, 0x00000345,
+	0x00001fdd, 0x00000002, 0x00001ffe, 0x00000300,
+	0x00001fde, 0x00000002, 0x00001ffe, 0x00000301,
+	0x00001fdf, 0x00000002, 0x00001ffe, 0x00000342,
+	0x0000219a, 0x00000002, 0x00002190, 0x00000338,
+	0x0000219b, 0x00000002, 0x00002192, 0x00000338,
+	0x000021ae, 0x00000002, 0x00002194, 0x00000338,
+	0x000021cd, 0x00000002, 0x000021d0, 0x00000338,
+	0x000021cf, 0x00000002, 0x000021d2, 0x00000338,
+	0x000021ce, 0x00000002, 0x000021d4, 0x00000338,
+	0x00002204, 0x00000002, 0x00002203, 0x00000338,
+	0x00002209, 0x00000002, 0x00002208, 0x00000338,
+	0x0000220c, 0x00000002, 0x0000220b, 0x00000338,
+	0x00002224, 0x00000002, 0x00002223, 0x00000338,
+	0x00002226, 0x00000002, 0x00002225, 0x00000338,
+	0x00002241, 0x00000002, 0x0000223c, 0x00000338,
+	0x00002244, 0x00000002, 0x00002243, 0x00000338,
+	0x00002247, 0x00000002, 0x00002245, 0x00000338,
+	0x00002249, 0x00000002, 0x00002248, 0x00000338,
+	0x0000226d, 0x00000002, 0x0000224d, 0x00000338,
+	0x00002262, 0x00000002, 0x00002261, 0x00000338,
+	0x00002270, 0x00000002, 0x00002264, 0x00000338,
+	0x00002271, 0x00000002, 0x00002265, 0x00000338,
+	0x00002274, 0x00000002, 0x00002272, 0x00000338,
+	0x00002275, 0x00000002, 0x00002273, 0x00000338,
+	0x00002278, 0x00000002, 0x00002276, 0x00000338,
+	0x00002279, 0x00000002, 0x00002277, 0x00000338,
+	0x00002280, 0x00000002, 0x0000227a, 0x00000338,
+	0x00002281, 0x00000002, 0x0000227b, 0x00000338,
+	0x000022e0, 0x00000002, 0x0000227c, 0x00000338,
+	0x000022e1, 0x00000002, 0x0000227d, 0x00000338,
+	0x00002284, 0x00000002, 0x00002282, 0x00000338,
+	0x00002285, 0x00000002, 0x00002283, 0x00000338,
+	0x00002288, 0x00000002, 0x00002286, 0x00000338,
+	0x00002289, 0x00000002, 0x00002287, 0x00000338,
+	0x000022e2, 0x00000002, 0x00002291, 0x00000338,
+	0x000022e3, 0x00000002, 0x00002292, 0x00000338,
+	0x000022ac, 0x00000002, 0x000022a2, 0x00000338,
+	0x000022ad, 0x00000002, 0x000022a8, 0x00000338,
+	0x000022ae, 0x00000002, 0x000022a9, 0x00000338,
+	0x000022af, 0x00000002, 0x000022ab, 0x00000338,
+	0x000022ea, 0x00000002, 0x000022b2, 0x00000338,
+	0x000022eb, 0x00000002, 0x000022b3, 0x00000338,
+	0x000022ec, 0x00000002, 0x000022b4, 0x00000338,
+	0x000022ed, 0x00000002, 0x000022b5, 0x00000338,
+	0x00003094, 0x00000002, 0x00003046, 0x00003099,
+	0x0000304c, 0x00000002, 0x0000304b, 0x00003099,
+	0x0000304e, 0x00000002, 0x0000304d, 0x00003099,
+	0x00003050, 0x00000002, 0x0000304f, 0x00003099,
+	0x00003052, 0x00000002, 0x00003051, 0x00003099,
+	0x00003054, 0x00000002, 0x00003053, 0x00003099,
+	0x00003056, 0x00000002, 0x00003055, 0x00003099,
+	0x00003058, 0x00000002, 0x00003057, 0x00003099,
+	0x0000305a, 0x00000002, 0x00003059, 0x00003099,
+	0x0000305c, 0x00000002, 0x0000305b, 0x00003099,
+	0x0000305e, 0x00000002, 0x0000305d, 0x00003099,
+	0x00003060, 0x00000002, 0x0000305f, 0x00003099,
+	0x00003062, 0x00000002, 0x00003061, 0x00003099,
+	0x00003065, 0x00000002, 0x00003064, 0x00003099,
+	0x00003067, 0x00000002, 0x00003066, 0x00003099,
+	0x00003069, 0x00000002, 0x00003068, 0x00003099,
+	0x00003070, 0x00000002, 0x0000306f, 0x00003099,
+	0x00003071, 0x00000002, 0x0000306f, 0x0000309a,
+	0x00003073, 0x00000002, 0x00003072, 0x00003099,
+	0x00003074, 0x00000002, 0x00003072, 0x0000309a,
+	0x00003076, 0x00000002, 0x00003075, 0x00003099,
+	0x00003077, 0x00000002, 0x00003075, 0x0000309a,
+	0x00003079, 0x00000002, 0x00003078, 0x00003099,
+	0x0000307a, 0x00000002, 0x00003078, 0x0000309a,
+	0x0000307c, 0x00000002, 0x0000307b, 0x00003099,
+	0x0000307d, 0x00000002, 0x0000307b, 0x0000309a,
+	0x0000309e, 0x00000002, 0x0000309d, 0x00003099,
+	0x000030f4, 0x00000002, 0x000030a6, 0x00003099,
+	0x000030ac, 0x00000002, 0x000030ab, 0x00003099,
+	0x000030ae, 0x00000002, 0x000030ad, 0x00003099,
+	0x000030b0, 0x00000002, 0x000030af, 0x00003099,
+	0x000030b2, 0x00000002, 0x000030b1, 0x00003099,
+	0x000030b4, 0x00000002, 0x000030b3, 0x00003099,
+	0x000030b6, 0x00000002, 0x000030b5, 0x00003099,
+	0x000030b8, 0x00000002, 0x000030b7, 0x00003099,
+	0x000030ba, 0x00000002, 0x000030b9, 0x00003099,
+	0x000030bc, 0x00000002, 0x000030bb, 0x00003099,
+	0x000030be, 0x00000002, 0x000030bd, 0x00003099,
+	0x000030c0, 0x00000002, 0x000030bf, 0x00003099,
+	0x000030c2, 0x00000002, 0x000030c1, 0x00003099,
+	0x000030c5, 0x00000002, 0x000030c4, 0x00003099,
+	0x000030c7, 0x00000002, 0x000030c6, 0x00003099,
+	0x000030c9, 0x00000002, 0x000030c8, 0x00003099,
+	0x000030d0, 0x00000002, 0x000030cf, 0x00003099,
+	0x000030d1, 0x00000002, 0x000030cf, 0x0000309a,
+	0x000030d3, 0x00000002, 0x000030d2, 0x00003099,
+	0x000030d4, 0x00000002, 0x000030d2, 0x0000309a,
+	0x000030d6, 0x00000002, 0x000030d5, 0x00003099,
+	0x000030d7, 0x00000002, 0x000030d5, 0x0000309a,
+	0x000030d9, 0x00000002, 0x000030d8, 0x00003099,
+	0x000030da, 0x00000002, 0x000030d8, 0x0000309a,
+	0x000030dc, 0x00000002, 0x000030db, 0x00003099,
+	0x000030dd, 0x00000002, 0x000030db, 0x0000309a,
+	0x000030f7, 0x00000002, 0x000030ef, 0x00003099,
+	0x000030f8, 0x00000002, 0x000030f0, 0x00003099,
+	0x000030f9, 0x00000002, 0x000030f1, 0x00003099,
+	0x000030fa, 0x00000002, 0x000030f2, 0x00003099,
+	0x000030fe, 0x00000002, 0x000030fd, 0x00003099
+};
+
+static const krb5_ui_4 _ucdcmp_size = 3848;
+
+static const krb5_ui_4 _ucdcmp_nodes[] = {
+	0x000000c0, 0x00000000,
+	0x000000c1, 0x00000002,
+	0x000000c2, 0x00000004,
+	0x000000c3, 0x00000006,
+	0x000000c4, 0x00000008,
+	0x000000c5, 0x0000000a,
+	0x000000c7, 0x0000000c,
+	0x000000c8, 0x0000000e,
+	0x000000c9, 0x00000010,
+	0x000000ca, 0x00000012,
+	0x000000cb, 0x00000014,
+	0x000000cc, 0x00000016,
+	0x000000cd, 0x00000018,
+	0x000000ce, 0x0000001a,
+	0x000000cf, 0x0000001c,
+	0x000000d1, 0x0000001e,
+	0x000000d2, 0x00000020,
+	0x000000d3, 0x00000022,
+	0x000000d4, 0x00000024,
+	0x000000d5, 0x00000026,
+	0x000000d6, 0x00000028,
+	0x000000d9, 0x0000002a,
+	0x000000da, 0x0000002c,
+	0x000000db, 0x0000002e,
+	0x000000dc, 0x00000030,
+	0x000000dd, 0x00000032,
+	0x000000e0, 0x00000034,
+	0x000000e1, 0x00000036,
+	0x000000e2, 0x00000038,
+	0x000000e3, 0x0000003a,
+	0x000000e4, 0x0000003c,
+	0x000000e5, 0x0000003e,
+	0x000000e7, 0x00000040,
+	0x000000e8, 0x00000042,
+	0x000000e9, 0x00000044,
+	0x000000ea, 0x00000046,
+	0x000000eb, 0x00000048,
+	0x000000ec, 0x0000004a,
+	0x000000ed, 0x0000004c,
+	0x000000ee, 0x0000004e,
+	0x000000ef, 0x00000050,
+	0x000000f1, 0x00000052,
+	0x000000f2, 0x00000054,
+	0x000000f3, 0x00000056,
+	0x000000f4, 0x00000058,
+	0x000000f5, 0x0000005a,
+	0x000000f6, 0x0000005c,
+	0x000000f9, 0x0000005e,
+	0x000000fa, 0x00000060,
+	0x000000fb, 0x00000062,
+	0x000000fc, 0x00000064,
+	0x000000fd, 0x00000066,
+	0x000000ff, 0x00000068,
+	0x00000100, 0x0000006a,
+	0x00000101, 0x0000006c,
+	0x00000102, 0x0000006e,
+	0x00000103, 0x00000070,
+	0x00000104, 0x00000072,
+	0x00000105, 0x00000074,
+	0x00000106, 0x00000076,
+	0x00000107, 0x00000078,
+	0x00000108, 0x0000007a,
+	0x00000109, 0x0000007c,
+	0x0000010a, 0x0000007e,
+	0x0000010b, 0x00000080,
+	0x0000010c, 0x00000082,
+	0x0000010d, 0x00000084,
+	0x0000010e, 0x00000086,
+	0x0000010f, 0x00000088,
+	0x00000112, 0x0000008a,
+	0x00000113, 0x0000008c,
+	0x00000114, 0x0000008e,
+	0x00000115, 0x00000090,
+	0x00000116, 0x00000092,
+	0x00000117, 0x00000094,
+	0x00000118, 0x00000096,
+	0x00000119, 0x00000098,
+	0x0000011a, 0x0000009a,
+	0x0000011b, 0x0000009c,
+	0x0000011c, 0x0000009e,
+	0x0000011d, 0x000000a0,
+	0x0000011e, 0x000000a2,
+	0x0000011f, 0x000000a4,
+	0x00000120, 0x000000a6,
+	0x00000121, 0x000000a8,
+	0x00000122, 0x000000aa,
+	0x00000123, 0x000000ac,
+	0x00000124, 0x000000ae,
+	0x00000125, 0x000000b0,
+	0x00000128, 0x000000b2,
+	0x00000129, 0x000000b4,
+	0x0000012a, 0x000000b6,
+	0x0000012b, 0x000000b8,
+	0x0000012c, 0x000000ba,
+	0x0000012d, 0x000000bc,
+	0x0000012e, 0x000000be,
+	0x0000012f, 0x000000c0,
+	0x00000130, 0x000000c2,
+	0x00000134, 0x000000c4,
+	0x00000135, 0x000000c6,
+	0x00000136, 0x000000c8,
+	0x00000137, 0x000000ca,
+	0x00000139, 0x000000cc,
+	0x0000013a, 0x000000ce,
+	0x0000013b, 0x000000d0,
+	0x0000013c, 0x000000d2,
+	0x0000013d, 0x000000d4,
+	0x0000013e, 0x000000d6,
+	0x00000143, 0x000000d8,
+	0x00000144, 0x000000da,
+	0x00000145, 0x000000dc,
+	0x00000146, 0x000000de,
+	0x00000147, 0x000000e0,
+	0x00000148, 0x000000e2,
+	0x0000014c, 0x000000e4,
+	0x0000014d, 0x000000e6,
+	0x0000014e, 0x000000e8,
+	0x0000014f, 0x000000ea,
+	0x00000150, 0x000000ec,
+	0x00000151, 0x000000ee,
+	0x00000154, 0x000000f0,
+	0x00000155, 0x000000f2,
+	0x00000156, 0x000000f4,
+	0x00000157, 0x000000f6,
+	0x00000158, 0x000000f8,
+	0x00000159, 0x000000fa,
+	0x0000015a, 0x000000fc,
+	0x0000015b, 0x000000fe,
+	0x0000015c, 0x00000100,
+	0x0000015d, 0x00000102,
+	0x0000015e, 0x00000104,
+	0x0000015f, 0x00000106,
+	0x00000160, 0x00000108,
+	0x00000161, 0x0000010a,
+	0x00000162, 0x0000010c,
+	0x00000163, 0x0000010e,
+	0x00000164, 0x00000110,
+	0x00000165, 0x00000112,
+	0x00000168, 0x00000114,
+	0x00000169, 0x00000116,
+	0x0000016a, 0x00000118,
+	0x0000016b, 0x0000011a,
+	0x0000016c, 0x0000011c,
+	0x0000016d, 0x0000011e,
+	0x0000016e, 0x00000120,
+	0x0000016f, 0x00000122,
+	0x00000170, 0x00000124,
+	0x00000171, 0x00000126,
+	0x00000172, 0x00000128,
+	0x00000173, 0x0000012a,
+	0x00000174, 0x0000012c,
+	0x00000175, 0x0000012e,
+	0x00000176, 0x00000130,
+	0x00000177, 0x00000132,
+	0x00000178, 0x00000134,
+	0x00000179, 0x00000136,
+	0x0000017a, 0x00000138,
+	0x0000017b, 0x0000013a,
+	0x0000017c, 0x0000013c,
+	0x0000017d, 0x0000013e,
+	0x0000017e, 0x00000140,
+	0x000001a0, 0x00000142,
+	0x000001a1, 0x00000144,
+	0x000001af, 0x00000146,
+	0x000001b0, 0x00000148,
+	0x000001cd, 0x0000014a,
+	0x000001ce, 0x0000014c,
+	0x000001cf, 0x0000014e,
+	0x000001d0, 0x00000150,
+	0x000001d1, 0x00000152,
+	0x000001d2, 0x00000154,
+	0x000001d3, 0x00000156,
+	0x000001d4, 0x00000158,
+	0x000001d5, 0x0000015a,
+	0x000001d6, 0x0000015d,
+	0x000001d7, 0x00000160,
+	0x000001d8, 0x00000163,
+	0x000001d9, 0x00000166,
+	0x000001da, 0x00000169,
+	0x000001db, 0x0000016c,
+	0x000001dc, 0x0000016f,
+	0x000001de, 0x00000172,
+	0x000001df, 0x00000175,
+	0x000001e0, 0x00000178,
+	0x000001e1, 0x0000017b,
+	0x000001e2, 0x0000017e,
+	0x000001e3, 0x00000180,
+	0x000001e6, 0x00000182,
+	0x000001e7, 0x00000184,
+	0x000001e8, 0x00000186,
+	0x000001e9, 0x00000188,
+	0x000001ea, 0x0000018a,
+	0x000001eb, 0x0000018c,
+	0x000001ec, 0x0000018e,
+	0x000001ed, 0x00000191,
+	0x000001ee, 0x00000194,
+	0x000001ef, 0x00000196,
+	0x000001f0, 0x00000198,
+	0x000001f4, 0x0000019a,
+	0x000001f5, 0x0000019c,
+	0x000001f8, 0x0000019e,
+	0x000001f9, 0x000001a0,
+	0x000001fa, 0x000001a2,
+	0x000001fb, 0x000001a5,
+	0x000001fc, 0x000001a8,
+	0x000001fd, 0x000001aa,
+	0x000001fe, 0x000001ac,
+	0x000001ff, 0x000001ae,
+	0x00000200, 0x000001b0,
+	0x00000201, 0x000001b2,
+	0x00000202, 0x000001b4,
+	0x00000203, 0x000001b6,
+	0x00000204, 0x000001b8,
+	0x00000205, 0x000001ba,
+	0x00000206, 0x000001bc,
+	0x00000207, 0x000001be,
+	0x00000208, 0x000001c0,
+	0x00000209, 0x000001c2,
+	0x0000020a, 0x000001c4,
+	0x0000020b, 0x000001c6,
+	0x0000020c, 0x000001c8,
+	0x0000020d, 0x000001ca,
+	0x0000020e, 0x000001cc,
+	0x0000020f, 0x000001ce,
+	0x00000210, 0x000001d0,
+	0x00000211, 0x000001d2,
+	0x00000212, 0x000001d4,
+	0x00000213, 0x000001d6,
+	0x00000214, 0x000001d8,
+	0x00000215, 0x000001da,
+	0x00000216, 0x000001dc,
+	0x00000217, 0x000001de,
+	0x00000218, 0x000001e0,
+	0x00000219, 0x000001e2,
+	0x0000021a, 0x000001e4,
+	0x0000021b, 0x000001e6,
+	0x0000021e, 0x000001e8,
+	0x0000021f, 0x000001ea,
+	0x00000226, 0x000001ec,
+	0x00000227, 0x000001ee,
+	0x00000228, 0x000001f0,
+	0x00000229, 0x000001f2,
+	0x0000022a, 0x000001f4,
+	0x0000022b, 0x000001f7,
+	0x0000022c, 0x000001fa,
+	0x0000022d, 0x000001fd,
+	0x0000022e, 0x00000200,
+	0x0000022f, 0x00000202,
+	0x00000230, 0x00000204,
+	0x00000231, 0x00000207,
+	0x00000232, 0x0000020a,
+	0x00000233, 0x0000020c,
+	0x00000340, 0x0000020e,
+	0x00000341, 0x0000020f,
+	0x00000343, 0x00000210,
+	0x00000344, 0x00000211,
+	0x00000374, 0x00000213,
+	0x0000037e, 0x00000214,
+	0x00000385, 0x00000215,
+	0x00000386, 0x00000217,
+	0x00000387, 0x00000219,
+	0x00000388, 0x0000021a,
+	0x00000389, 0x0000021c,
+	0x0000038a, 0x0000021e,
+	0x0000038c, 0x00000220,
+	0x0000038e, 0x00000222,
+	0x0000038f, 0x00000224,
+	0x00000390, 0x00000226,
+	0x000003aa, 0x00000229,
+	0x000003ab, 0x0000022b,
+	0x000003ac, 0x0000022d,
+	0x000003ad, 0x0000022f,
+	0x000003ae, 0x00000231,
+	0x000003af, 0x00000233,
+	0x000003b0, 0x00000235,
+	0x000003ca, 0x00000238,
+	0x000003cb, 0x0000023a,
+	0x000003cc, 0x0000023c,
+	0x000003cd, 0x0000023e,
+	0x000003ce, 0x00000240,
+	0x000003d3, 0x00000242,
+	0x000003d4, 0x00000244,
+	0x00000400, 0x00000246,
+	0x00000401, 0x00000248,
+	0x00000403, 0x0000024a,
+	0x00000407, 0x0000024c,
+	0x0000040c, 0x0000024e,
+	0x0000040d, 0x00000250,
+	0x0000040e, 0x00000252,
+	0x00000419, 0x00000254,
+	0x00000439, 0x00000256,
+	0x00000450, 0x00000258,
+	0x00000451, 0x0000025a,
+	0x00000453, 0x0000025c,
+	0x00000457, 0x0000025e,
+	0x0000045c, 0x00000260,
+	0x0000045d, 0x00000262,
+	0x0000045e, 0x00000264,
+	0x00000476, 0x00000266,
+	0x00000477, 0x00000268,
+	0x000004c1, 0x0000026a,
+	0x000004c2, 0x0000026c,
+	0x000004d0, 0x0000026e,
+	0x000004d1, 0x00000270,
+	0x000004d2, 0x00000272,
+	0x000004d3, 0x00000274,
+	0x000004d6, 0x00000276,
+	0x000004d7, 0x00000278,
+	0x000004da, 0x0000027a,
+	0x000004db, 0x0000027c,
+	0x000004dc, 0x0000027e,
+	0x000004dd, 0x00000280,
+	0x000004de, 0x00000282,
+	0x000004df, 0x00000284,
+	0x000004e2, 0x00000286,
+	0x000004e3, 0x00000288,
+	0x000004e4, 0x0000028a,
+	0x000004e5, 0x0000028c,
+	0x000004e6, 0x0000028e,
+	0x000004e7, 0x00000290,
+	0x000004ea, 0x00000292,
+	0x000004eb, 0x00000294,
+	0x000004ec, 0x00000296,
+	0x000004ed, 0x00000298,
+	0x000004ee, 0x0000029a,
+	0x000004ef, 0x0000029c,
+	0x000004f0, 0x0000029e,
+	0x000004f1, 0x000002a0,
+	0x000004f2, 0x000002a2,
+	0x000004f3, 0x000002a4,
+	0x000004f4, 0x000002a6,
+	0x000004f5, 0x000002a8,
+	0x000004f8, 0x000002aa,
+	0x000004f9, 0x000002ac,
+	0x00000622, 0x000002ae,
+	0x00000623, 0x000002b0,
+	0x00000624, 0x000002b2,
+	0x00000625, 0x000002b4,
+	0x00000626, 0x000002b6,
+	0x000006c0, 0x000002b8,
+	0x000006c2, 0x000002ba,
+	0x000006d3, 0x000002bc,
+	0x00000929, 0x000002be,
+	0x00000931, 0x000002c0,
+	0x00000934, 0x000002c2,
+	0x00000958, 0x000002c4,
+	0x00000959, 0x000002c6,
+	0x0000095a, 0x000002c8,
+	0x0000095b, 0x000002ca,
+	0x0000095c, 0x000002cc,
+	0x0000095d, 0x000002ce,
+	0x0000095e, 0x000002d0,
+	0x0000095f, 0x000002d2,
+	0x000009cb, 0x000002d4,
+	0x000009cc, 0x000002d6,
+	0x000009dc, 0x000002d8,
+	0x000009dd, 0x000002da,
+	0x000009df, 0x000002dc,
+	0x00000a33, 0x000002de,
+	0x00000a36, 0x000002e0,
+	0x00000a59, 0x000002e2,
+	0x00000a5a, 0x000002e4,
+	0x00000a5b, 0x000002e6,
+	0x00000a5e, 0x000002e8,
+	0x00000b48, 0x000002ea,
+	0x00000b4b, 0x000002ec,
+	0x00000b4c, 0x000002ee,
+	0x00000b5c, 0x000002f0,
+	0x00000b5d, 0x000002f2,
+	0x00000b94, 0x000002f4,
+	0x00000bca, 0x000002f6,
+	0x00000bcb, 0x000002f8,
+	0x00000bcc, 0x000002fa,
+	0x00000c48, 0x000002fc,
+	0x00000cc0, 0x000002fe,
+	0x00000cc7, 0x00000300,
+	0x00000cc8, 0x00000302,
+	0x00000cca, 0x00000304,
+	0x00000ccb, 0x00000306,
+	0x00000d4a, 0x00000309,
+	0x00000d4b, 0x0000030b,
+	0x00000d4c, 0x0000030d,
+	0x00000dda, 0x0000030f,
+	0x00000ddc, 0x00000311,
+	0x00000ddd, 0x00000313,
+	0x00000dde, 0x00000316,
+	0x00000f43, 0x00000318,
+	0x00000f4d, 0x0000031a,
+	0x00000f52, 0x0000031c,
+	0x00000f57, 0x0000031e,
+	0x00000f5c, 0x00000320,
+	0x00000f69, 0x00000322,
+	0x00000f73, 0x00000324,
+	0x00000f75, 0x00000326,
+	0x00000f76, 0x00000328,
+	0x00000f78, 0x0000032a,
+	0x00000f81, 0x0000032c,
+	0x00000f93, 0x0000032e,
+	0x00000f9d, 0x00000330,
+	0x00000fa2, 0x00000332,
+	0x00000fa7, 0x00000334,
+	0x00000fac, 0x00000336,
+	0x00000fb9, 0x00000338,
+	0x00001026, 0x0000033a,
+	0x00001e00, 0x0000033c,
+	0x00001e01, 0x0000033e,
+	0x00001e02, 0x00000340,
+	0x00001e03, 0x00000342,
+	0x00001e04, 0x00000344,
+	0x00001e05, 0x00000346,
+	0x00001e06, 0x00000348,
+	0x00001e07, 0x0000034a,
+	0x00001e08, 0x0000034c,
+	0x00001e09, 0x0000034f,
+	0x00001e0a, 0x00000352,
+	0x00001e0b, 0x00000354,
+	0x00001e0c, 0x00000356,
+	0x00001e0d, 0x00000358,
+	0x00001e0e, 0x0000035a,
+	0x00001e0f, 0x0000035c,
+	0x00001e10, 0x0000035e,
+	0x00001e11, 0x00000360,
+	0x00001e12, 0x00000362,
+	0x00001e13, 0x00000364,
+	0x00001e14, 0x00000366,
+	0x00001e15, 0x00000369,
+	0x00001e16, 0x0000036c,
+	0x00001e17, 0x0000036f,
+	0x00001e18, 0x00000372,
+	0x00001e19, 0x00000374,
+	0x00001e1a, 0x00000376,
+	0x00001e1b, 0x00000378,
+	0x00001e1c, 0x0000037a,
+	0x00001e1d, 0x0000037d,
+	0x00001e1e, 0x00000380,
+	0x00001e1f, 0x00000382,
+	0x00001e20, 0x00000384,
+	0x00001e21, 0x00000386,
+	0x00001e22, 0x00000388,
+	0x00001e23, 0x0000038a,
+	0x00001e24, 0x0000038c,
+	0x00001e25, 0x0000038e,
+	0x00001e26, 0x00000390,
+	0x00001e27, 0x00000392,
+	0x00001e28, 0x00000394,
+	0x00001e29, 0x00000396,
+	0x00001e2a, 0x00000398,
+	0x00001e2b, 0x0000039a,
+	0x00001e2c, 0x0000039c,
+	0x00001e2d, 0x0000039e,
+	0x00001e2e, 0x000003a0,
+	0x00001e2f, 0x000003a3,
+	0x00001e30, 0x000003a6,
+	0x00001e31, 0x000003a8,
+	0x00001e32, 0x000003aa,
+	0x00001e33, 0x000003ac,
+	0x00001e34, 0x000003ae,
+	0x00001e35, 0x000003b0,
+	0x00001e36, 0x000003b2,
+	0x00001e37, 0x000003b4,
+	0x00001e38, 0x000003b6,
+	0x00001e39, 0x000003b9,
+	0x00001e3a, 0x000003bc,
+	0x00001e3b, 0x000003be,
+	0x00001e3c, 0x000003c0,
+	0x00001e3d, 0x000003c2,
+	0x00001e3e, 0x000003c4,
+	0x00001e3f, 0x000003c6,
+	0x00001e40, 0x000003c8,
+	0x00001e41, 0x000003ca,
+	0x00001e42, 0x000003cc,
+	0x00001e43, 0x000003ce,
+	0x00001e44, 0x000003d0,
+	0x00001e45, 0x000003d2,
+	0x00001e46, 0x000003d4,
+	0x00001e47, 0x000003d6,
+	0x00001e48, 0x000003d8,
+	0x00001e49, 0x000003da,
+	0x00001e4a, 0x000003dc,
+	0x00001e4b, 0x000003de,
+	0x00001e4c, 0x000003e0,
+	0x00001e4d, 0x000003e3,
+	0x00001e4e, 0x000003e6,
+	0x00001e4f, 0x000003e9,
+	0x00001e50, 0x000003ec,
+	0x00001e51, 0x000003ef,
+	0x00001e52, 0x000003f2,
+	0x00001e53, 0x000003f5,
+	0x00001e54, 0x000003f8,
+	0x00001e55, 0x000003fa,
+	0x00001e56, 0x000003fc,
+	0x00001e57, 0x000003fe,
+	0x00001e58, 0x00000400,
+	0x00001e59, 0x00000402,
+	0x00001e5a, 0x00000404,
+	0x00001e5b, 0x00000406,
+	0x00001e5c, 0x00000408,
+	0x00001e5d, 0x0000040b,
+	0x00001e5e, 0x0000040e,
+	0x00001e5f, 0x00000410,
+	0x00001e60, 0x00000412,
+	0x00001e61, 0x00000414,
+	0x00001e62, 0x00000416,
+	0x00001e63, 0x00000418,
+	0x00001e64, 0x0000041a,
+	0x00001e65, 0x0000041d,
+	0x00001e66, 0x00000420,
+	0x00001e67, 0x00000423,
+	0x00001e68, 0x00000426,
+	0x00001e69, 0x00000429,
+	0x00001e6a, 0x0000042c,
+	0x00001e6b, 0x0000042e,
+	0x00001e6c, 0x00000430,
+	0x00001e6d, 0x00000432,
+	0x00001e6e, 0x00000434,
+	0x00001e6f, 0x00000436,
+	0x00001e70, 0x00000438,
+	0x00001e71, 0x0000043a,
+	0x00001e72, 0x0000043c,
+	0x00001e73, 0x0000043e,
+	0x00001e74, 0x00000440,
+	0x00001e75, 0x00000442,
+	0x00001e76, 0x00000444,
+	0x00001e77, 0x00000446,
+	0x00001e78, 0x00000448,
+	0x00001e79, 0x0000044b,
+	0x00001e7a, 0x0000044e,
+	0x00001e7b, 0x00000451,
+	0x00001e7c, 0x00000454,
+	0x00001e7d, 0x00000456,
+	0x00001e7e, 0x00000458,
+	0x00001e7f, 0x0000045a,
+	0x00001e80, 0x0000045c,
+	0x00001e81, 0x0000045e,
+	0x00001e82, 0x00000460,
+	0x00001e83, 0x00000462,
+	0x00001e84, 0x00000464,
+	0x00001e85, 0x00000466,
+	0x00001e86, 0x00000468,
+	0x00001e87, 0x0000046a,
+	0x00001e88, 0x0000046c,
+	0x00001e89, 0x0000046e,
+	0x00001e8a, 0x00000470,
+	0x00001e8b, 0x00000472,
+	0x00001e8c, 0x00000474,
+	0x00001e8d, 0x00000476,
+	0x00001e8e, 0x00000478,
+	0x00001e8f, 0x0000047a,
+	0x00001e90, 0x0000047c,
+	0x00001e91, 0x0000047e,
+	0x00001e92, 0x00000480,
+	0x00001e93, 0x00000482,
+	0x00001e94, 0x00000484,
+	0x00001e95, 0x00000486,
+	0x00001e96, 0x00000488,
+	0x00001e97, 0x0000048a,
+	0x00001e98, 0x0000048c,
+	0x00001e99, 0x0000048e,
+	0x00001e9b, 0x00000490,
+	0x00001ea0, 0x00000492,
+	0x00001ea1, 0x00000494,
+	0x00001ea2, 0x00000496,
+	0x00001ea3, 0x00000498,
+	0x00001ea4, 0x0000049a,
+	0x00001ea5, 0x0000049d,
+	0x00001ea6, 0x000004a0,
+	0x00001ea7, 0x000004a3,
+	0x00001ea8, 0x000004a6,
+	0x00001ea9, 0x000004a9,
+	0x00001eaa, 0x000004ac,
+	0x00001eab, 0x000004af,
+	0x00001eac, 0x000004b2,
+	0x00001ead, 0x000004b5,
+	0x00001eae, 0x000004b8,
+	0x00001eaf, 0x000004bb,
+	0x00001eb0, 0x000004be,
+	0x00001eb1, 0x000004c1,
+	0x00001eb2, 0x000004c4,
+	0x00001eb3, 0x000004c7,
+	0x00001eb4, 0x000004ca,
+	0x00001eb5, 0x000004cd,
+	0x00001eb6, 0x000004d0,
+	0x00001eb7, 0x000004d3,
+	0x00001eb8, 0x000004d6,
+	0x00001eb9, 0x000004d8,
+	0x00001eba, 0x000004da,
+	0x00001ebb, 0x000004dc,
+	0x00001ebc, 0x000004de,
+	0x00001ebd, 0x000004e0,
+	0x00001ebe, 0x000004e2,
+	0x00001ebf, 0x000004e5,
+	0x00001ec0, 0x000004e8,
+	0x00001ec1, 0x000004eb,
+	0x00001ec2, 0x000004ee,
+	0x00001ec3, 0x000004f1,
+	0x00001ec4, 0x000004f4,
+	0x00001ec5, 0x000004f7,
+	0x00001ec6, 0x000004fa,
+	0x00001ec7, 0x000004fd,
+	0x00001ec8, 0x00000500,
+	0x00001ec9, 0x00000502,
+	0x00001eca, 0x00000504,
+	0x00001ecb, 0x00000506,
+	0x00001ecc, 0x00000508,
+	0x00001ecd, 0x0000050a,
+	0x00001ece, 0x0000050c,
+	0x00001ecf, 0x0000050e,
+	0x00001ed0, 0x00000510,
+	0x00001ed1, 0x00000513,
+	0x00001ed2, 0x00000516,
+	0x00001ed3, 0x00000519,
+	0x00001ed4, 0x0000051c,
+	0x00001ed5, 0x0000051f,
+	0x00001ed6, 0x00000522,
+	0x00001ed7, 0x00000525,
+	0x00001ed8, 0x00000528,
+	0x00001ed9, 0x0000052b,
+	0x00001eda, 0x0000052e,
+	0x00001edb, 0x00000531,
+	0x00001edc, 0x00000534,
+	0x00001edd, 0x00000537,
+	0x00001ede, 0x0000053a,
+	0x00001edf, 0x0000053d,
+	0x00001ee0, 0x00000540,
+	0x00001ee1, 0x00000543,
+	0x00001ee2, 0x00000546,
+	0x00001ee3, 0x00000549,
+	0x00001ee4, 0x0000054c,
+	0x00001ee5, 0x0000054e,
+	0x00001ee6, 0x00000550,
+	0x00001ee7, 0x00000552,
+	0x00001ee8, 0x00000554,
+	0x00001ee9, 0x00000557,
+	0x00001eea, 0x0000055a,
+	0x00001eeb, 0x0000055d,
+	0x00001eec, 0x00000560,
+	0x00001eed, 0x00000563,
+	0x00001eee, 0x00000566,
+	0x00001eef, 0x00000569,
+	0x00001ef0, 0x0000056c,
+	0x00001ef1, 0x0000056f,
+	0x00001ef2, 0x00000572,
+	0x00001ef3, 0x00000574,
+	0x00001ef4, 0x00000576,
+	0x00001ef5, 0x00000578,
+	0x00001ef6, 0x0000057a,
+	0x00001ef7, 0x0000057c,
+	0x00001ef8, 0x0000057e,
+	0x00001ef9, 0x00000580,
+	0x00001f00, 0x00000582,
+	0x00001f01, 0x00000584,
+	0x00001f02, 0x00000586,
+	0x00001f03, 0x00000589,
+	0x00001f04, 0x0000058c,
+	0x00001f05, 0x0000058f,
+	0x00001f06, 0x00000592,
+	0x00001f07, 0x00000595,
+	0x00001f08, 0x00000598,
+	0x00001f09, 0x0000059a,
+	0x00001f0a, 0x0000059c,
+	0x00001f0b, 0x0000059f,
+	0x00001f0c, 0x000005a2,
+	0x00001f0d, 0x000005a5,
+	0x00001f0e, 0x000005a8,
+	0x00001f0f, 0x000005ab,
+	0x00001f10, 0x000005ae,
+	0x00001f11, 0x000005b0,
+	0x00001f12, 0x000005b2,
+	0x00001f13, 0x000005b5,
+	0x00001f14, 0x000005b8,
+	0x00001f15, 0x000005bb,
+	0x00001f18, 0x000005be,
+	0x00001f19, 0x000005c0,
+	0x00001f1a, 0x000005c2,
+	0x00001f1b, 0x000005c5,
+	0x00001f1c, 0x000005c8,
+	0x00001f1d, 0x000005cb,
+	0x00001f20, 0x000005ce,
+	0x00001f21, 0x000005d0,
+	0x00001f22, 0x000005d2,
+	0x00001f23, 0x000005d5,
+	0x00001f24, 0x000005d8,
+	0x00001f25, 0x000005db,
+	0x00001f26, 0x000005de,
+	0x00001f27, 0x000005e1,
+	0x00001f28, 0x000005e4,
+	0x00001f29, 0x000005e6,
+	0x00001f2a, 0x000005e8,
+	0x00001f2b, 0x000005eb,
+	0x00001f2c, 0x000005ee,
+	0x00001f2d, 0x000005f1,
+	0x00001f2e, 0x000005f4,
+	0x00001f2f, 0x000005f7,
+	0x00001f30, 0x000005fa,
+	0x00001f31, 0x000005fc,
+	0x00001f32, 0x000005fe,
+	0x00001f33, 0x00000601,
+	0x00001f34, 0x00000604,
+	0x00001f35, 0x00000607,
+	0x00001f36, 0x0000060a,
+	0x00001f37, 0x0000060d,
+	0x00001f38, 0x00000610,
+	0x00001f39, 0x00000612,
+	0x00001f3a, 0x00000614,
+	0x00001f3b, 0x00000617,
+	0x00001f3c, 0x0000061a,
+	0x00001f3d, 0x0000061d,
+	0x00001f3e, 0x00000620,
+	0x00001f3f, 0x00000623,
+	0x00001f40, 0x00000626,
+	0x00001f41, 0x00000628,
+	0x00001f42, 0x0000062a,
+	0x00001f43, 0x0000062d,
+	0x00001f44, 0x00000630,
+	0x00001f45, 0x00000633,
+	0x00001f48, 0x00000636,
+	0x00001f49, 0x00000638,
+	0x00001f4a, 0x0000063a,
+	0x00001f4b, 0x0000063d,
+	0x00001f4c, 0x00000640,
+	0x00001f4d, 0x00000643,
+	0x00001f50, 0x00000646,
+	0x00001f51, 0x00000648,
+	0x00001f52, 0x0000064a,
+	0x00001f53, 0x0000064d,
+	0x00001f54, 0x00000650,
+	0x00001f55, 0x00000653,
+	0x00001f56, 0x00000656,
+	0x00001f57, 0x00000659,
+	0x00001f59, 0x0000065c,
+	0x00001f5b, 0x0000065e,
+	0x00001f5d, 0x00000661,
+	0x00001f5f, 0x00000664,
+	0x00001f60, 0x00000667,
+	0x00001f61, 0x00000669,
+	0x00001f62, 0x0000066b,
+	0x00001f63, 0x0000066e,
+	0x00001f64, 0x00000671,
+	0x00001f65, 0x00000674,
+	0x00001f66, 0x00000677,
+	0x00001f67, 0x0000067a,
+	0x00001f68, 0x0000067d,
+	0x00001f69, 0x0000067f,
+	0x00001f6a, 0x00000681,
+	0x00001f6b, 0x00000684,
+	0x00001f6c, 0x00000687,
+	0x00001f6d, 0x0000068a,
+	0x00001f6e, 0x0000068d,
+	0x00001f6f, 0x00000690,
+	0x00001f70, 0x00000693,
+	0x00001f71, 0x00000695,
+	0x00001f72, 0x00000697,
+	0x00001f73, 0x00000699,
+	0x00001f74, 0x0000069b,
+	0x00001f75, 0x0000069d,
+	0x00001f76, 0x0000069f,
+	0x00001f77, 0x000006a1,
+	0x00001f78, 0x000006a3,
+	0x00001f79, 0x000006a5,
+	0x00001f7a, 0x000006a7,
+	0x00001f7b, 0x000006a9,
+	0x00001f7c, 0x000006ab,
+	0x00001f7d, 0x000006ad,
+	0x00001f80, 0x000006af,
+	0x00001f81, 0x000006b2,
+	0x00001f82, 0x000006b5,
+	0x00001f83, 0x000006b9,
+	0x00001f84, 0x000006bd,
+	0x00001f85, 0x000006c1,
+	0x00001f86, 0x000006c5,
+	0x00001f87, 0x000006c9,
+	0x00001f88, 0x000006cd,
+	0x00001f89, 0x000006d0,
+	0x00001f8a, 0x000006d3,
+	0x00001f8b, 0x000006d7,
+	0x00001f8c, 0x000006db,
+	0x00001f8d, 0x000006df,
+	0x00001f8e, 0x000006e3,
+	0x00001f8f, 0x000006e7,
+	0x00001f90, 0x000006eb,
+	0x00001f91, 0x000006ee,
+	0x00001f92, 0x000006f1,
+	0x00001f93, 0x000006f5,
+	0x00001f94, 0x000006f9,
+	0x00001f95, 0x000006fd,
+	0x00001f96, 0x00000701,
+	0x00001f97, 0x00000705,
+	0x00001f98, 0x00000709,
+	0x00001f99, 0x0000070c,
+	0x00001f9a, 0x0000070f,
+	0x00001f9b, 0x00000713,
+	0x00001f9c, 0x00000717,
+	0x00001f9d, 0x0000071b,
+	0x00001f9e, 0x0000071f,
+	0x00001f9f, 0x00000723,
+	0x00001fa0, 0x00000727,
+	0x00001fa1, 0x0000072a,
+	0x00001fa2, 0x0000072d,
+	0x00001fa3, 0x00000731,
+	0x00001fa4, 0x00000735,
+	0x00001fa5, 0x00000739,
+	0x00001fa6, 0x0000073d,
+	0x00001fa7, 0x00000741,
+	0x00001fa8, 0x00000745,
+	0x00001fa9, 0x00000748,
+	0x00001faa, 0x0000074b,
+	0x00001fab, 0x0000074f,
+	0x00001fac, 0x00000753,
+	0x00001fad, 0x00000757,
+	0x00001fae, 0x0000075b,
+	0x00001faf, 0x0000075f,
+	0x00001fb0, 0x00000763,
+	0x00001fb1, 0x00000765,
+	0x00001fb2, 0x00000767,
+	0x00001fb3, 0x0000076a,
+	0x00001fb4, 0x0000076c,
+	0x00001fb6, 0x0000076f,
+	0x00001fb7, 0x00000771,
+	0x00001fb8, 0x00000774,
+	0x00001fb9, 0x00000776,
+	0x00001fba, 0x00000778,
+	0x00001fbb, 0x0000077a,
+	0x00001fbc, 0x0000077c,
+	0x00001fbe, 0x0000077e,
+	0x00001fc1, 0x0000077f,
+	0x00001fc2, 0x00000781,
+	0x00001fc3, 0x00000784,
+	0x00001fc4, 0x00000786,
+	0x00001fc6, 0x00000789,
+	0x00001fc7, 0x0000078b,
+	0x00001fc8, 0x0000078e,
+	0x00001fc9, 0x00000790,
+	0x00001fca, 0x00000792,
+	0x00001fcb, 0x00000794,
+	0x00001fcc, 0x00000796,
+	0x00001fcd, 0x00000798,
+	0x00001fce, 0x0000079a,
+	0x00001fcf, 0x0000079c,
+	0x00001fd0, 0x0000079e,
+	0x00001fd1, 0x000007a0,
+	0x00001fd2, 0x000007a2,
+	0x00001fd3, 0x000007a5,
+	0x00001fd6, 0x000007a8,
+	0x00001fd7, 0x000007aa,
+	0x00001fd8, 0x000007ad,
+	0x00001fd9, 0x000007af,
+	0x00001fda, 0x000007b1,
+	0x00001fdb, 0x000007b3,
+	0x00001fdd, 0x000007b5,
+	0x00001fde, 0x000007b7,
+	0x00001fdf, 0x000007b9,
+	0x00001fe0, 0x000007bb,
+	0x00001fe1, 0x000007bd,
+	0x00001fe2, 0x000007bf,
+	0x00001fe3, 0x000007c2,
+	0x00001fe4, 0x000007c5,
+	0x00001fe5, 0x000007c7,
+	0x00001fe6, 0x000007c9,
+	0x00001fe7, 0x000007cb,
+	0x00001fe8, 0x000007ce,
+	0x00001fe9, 0x000007d0,
+	0x00001fea, 0x000007d2,
+	0x00001feb, 0x000007d4,
+	0x00001fec, 0x000007d6,
+	0x00001fed, 0x000007d8,
+	0x00001fee, 0x000007da,
+	0x00001fef, 0x000007dc,
+	0x00001ff2, 0x000007dd,
+	0x00001ff3, 0x000007e0,
+	0x00001ff4, 0x000007e2,
+	0x00001ff6, 0x000007e5,
+	0x00001ff7, 0x000007e7,
+	0x00001ff8, 0x000007ea,
+	0x00001ff9, 0x000007ec,
+	0x00001ffa, 0x000007ee,
+	0x00001ffb, 0x000007f0,
+	0x00001ffc, 0x000007f2,
+	0x00001ffd, 0x000007f4,
+	0x00002000, 0x000007f5,
+	0x00002001, 0x000007f6,
+	0x00002126, 0x000007f7,
+	0x0000212a, 0x000007f8,
+	0x0000212b, 0x000007f9,
+	0x0000219a, 0x000007fb,
+	0x0000219b, 0x000007fd,
+	0x000021ae, 0x000007ff,
+	0x000021cd, 0x00000801,
+	0x000021ce, 0x00000803,
+	0x000021cf, 0x00000805,
+	0x00002204, 0x00000807,
+	0x00002209, 0x00000809,
+	0x0000220c, 0x0000080b,
+	0x00002224, 0x0000080d,
+	0x00002226, 0x0000080f,
+	0x00002241, 0x00000811,
+	0x00002244, 0x00000813,
+	0x00002247, 0x00000815,
+	0x00002249, 0x00000817,
+	0x00002260, 0x00000819,
+	0x00002262, 0x0000081b,
+	0x0000226d, 0x0000081d,
+	0x0000226e, 0x0000081f,
+	0x0000226f, 0x00000821,
+	0x00002270, 0x00000823,
+	0x00002271, 0x00000825,
+	0x00002274, 0x00000827,
+	0x00002275, 0x00000829,
+	0x00002278, 0x0000082b,
+	0x00002279, 0x0000082d,
+	0x00002280, 0x0000082f,
+	0x00002281, 0x00000831,
+	0x00002284, 0x00000833,
+	0x00002285, 0x00000835,
+	0x00002288, 0x00000837,
+	0x00002289, 0x00000839,
+	0x000022ac, 0x0000083b,
+	0x000022ad, 0x0000083d,
+	0x000022ae, 0x0000083f,
+	0x000022af, 0x00000841,
+	0x000022e0, 0x00000843,
+	0x000022e1, 0x00000845,
+	0x000022e2, 0x00000847,
+	0x000022e3, 0x00000849,
+	0x000022ea, 0x0000084b,
+	0x000022eb, 0x0000084d,
+	0x000022ec, 0x0000084f,
+	0x000022ed, 0x00000851,
+	0x00002329, 0x00000853,
+	0x0000232a, 0x00000854,
+	0x00002adc, 0x00000855,
+	0x0000304c, 0x00000857,
+	0x0000304e, 0x00000859,
+	0x00003050, 0x0000085b,
+	0x00003052, 0x0000085d,
+	0x00003054, 0x0000085f,
+	0x00003056, 0x00000861,
+	0x00003058, 0x00000863,
+	0x0000305a, 0x00000865,
+	0x0000305c, 0x00000867,
+	0x0000305e, 0x00000869,
+	0x00003060, 0x0000086b,
+	0x00003062, 0x0000086d,
+	0x00003065, 0x0000086f,
+	0x00003067, 0x00000871,
+	0x00003069, 0x00000873,
+	0x00003070, 0x00000875,
+	0x00003071, 0x00000877,
+	0x00003073, 0x00000879,
+	0x00003074, 0x0000087b,
+	0x00003076, 0x0000087d,
+	0x00003077, 0x0000087f,
+	0x00003079, 0x00000881,
+	0x0000307a, 0x00000883,
+	0x0000307c, 0x00000885,
+	0x0000307d, 0x00000887,
+	0x00003094, 0x00000889,
+	0x0000309e, 0x0000088b,
+	0x000030ac, 0x0000088d,
+	0x000030ae, 0x0000088f,
+	0x000030b0, 0x00000891,
+	0x000030b2, 0x00000893,
+	0x000030b4, 0x00000895,
+	0x000030b6, 0x00000897,
+	0x000030b8, 0x00000899,
+	0x000030ba, 0x0000089b,
+	0x000030bc, 0x0000089d,
+	0x000030be, 0x0000089f,
+	0x000030c0, 0x000008a1,
+	0x000030c2, 0x000008a3,
+	0x000030c5, 0x000008a5,
+	0x000030c7, 0x000008a7,
+	0x000030c9, 0x000008a9,
+	0x000030d0, 0x000008ab,
+	0x000030d1, 0x000008ad,
+	0x000030d3, 0x000008af,
+	0x000030d4, 0x000008b1,
+	0x000030d6, 0x000008b3,
+	0x000030d7, 0x000008b5,
+	0x000030d9, 0x000008b7,
+	0x000030da, 0x000008b9,
+	0x000030dc, 0x000008bb,
+	0x000030dd, 0x000008bd,
+	0x000030f4, 0x000008bf,
+	0x000030f7, 0x000008c1,
+	0x000030f8, 0x000008c3,
+	0x000030f9, 0x000008c5,
+	0x000030fa, 0x000008c7,
+	0x000030fe, 0x000008c9,
+	0x0000f902, 0x000008cb,
+	0x0000f903, 0x000008cc,
+	0x0000f904, 0x000008cd,
+	0x0000f905, 0x000008ce,
+	0x0000f906, 0x000008cf,
+	0x0000f907, 0x000008d0,
+	0x0000f908, 0x000008d1,
+	0x0000f909, 0x000008d2,
+	0x0000f90a, 0x000008d3,
+	0x0000f90b, 0x000008d4,
+	0x0000f90c, 0x000008d5,
+	0x0000f90d, 0x000008d6,
+	0x0000f90e, 0x000008d7,
+	0x0000f90f, 0x000008d8,
+	0x0000f910, 0x000008d9,
+	0x0000f911, 0x000008da,
+	0x0000f912, 0x000008db,
+	0x0000f913, 0x000008dc,
+	0x0000f914, 0x000008dd,
+	0x0000f915, 0x000008de,
+	0x0000f916, 0x000008df,
+	0x0000f917, 0x000008e0,
+	0x0000f918, 0x000008e1,
+	0x0000f919, 0x000008e2,
+	0x0000f91a, 0x000008e3,
+	0x0000f91b, 0x000008e4,
+	0x0000f91c, 0x000008e5,
+	0x0000f91d, 0x000008e6,
+	0x0000f91e, 0x000008e7,
+	0x0000f91f, 0x000008e8,
+	0x0000f920, 0x000008e9,
+	0x0000f921, 0x000008ea,
+	0x0000f922, 0x000008eb,
+	0x0000f923, 0x000008ec,
+	0x0000f924, 0x000008ed,
+	0x0000f925, 0x000008ee,
+	0x0000f926, 0x000008ef,
+	0x0000f927, 0x000008f0,
+	0x0000f928, 0x000008f1,
+	0x0000f929, 0x000008f2,
+	0x0000f92a, 0x000008f3,
+	0x0000f92b, 0x000008f4,
+	0x0000f92c, 0x000008f5,
+	0x0000f92d, 0x000008f6,
+	0x0000f92e, 0x000008f7,
+	0x0000f92f, 0x000008f8,
+	0x0000f930, 0x000008f9,
+	0x0000f931, 0x000008fa,
+	0x0000f932, 0x000008fb,
+	0x0000f933, 0x000008fc,
+	0x0000f934, 0x000008fd,
+	0x0000f935, 0x000008fe,
+	0x0000f936, 0x000008ff,
+	0x0000f937, 0x00000900,
+	0x0000f938, 0x00000901,
+	0x0000f939, 0x00000902,
+	0x0000f93a, 0x00000903,
+	0x0000f93b, 0x00000904,
+	0x0000f93c, 0x00000905,
+	0x0000f93d, 0x00000906,
+	0x0000f93e, 0x00000907,
+	0x0000f93f, 0x00000908,
+	0x0000f940, 0x00000909,
+	0x0000f941, 0x0000090a,
+	0x0000f942, 0x0000090b,
+	0x0000f943, 0x0000090c,
+	0x0000f944, 0x0000090d,
+	0x0000f945, 0x0000090e,
+	0x0000f946, 0x0000090f,
+	0x0000f947, 0x00000910,
+	0x0000f948, 0x00000911,
+	0x0000f949, 0x00000912,
+	0x0000f94a, 0x00000913,
+	0x0000f94b, 0x00000914,
+	0x0000f94c, 0x00000915,
+	0x0000f94d, 0x00000916,
+	0x0000f94e, 0x00000917,
+	0x0000f94f, 0x00000918,
+	0x0000f950, 0x00000919,
+	0x0000f951, 0x0000091a,
+	0x0000f952, 0x0000091b,
+	0x0000f953, 0x0000091c,
+	0x0000f954, 0x0000091d,
+	0x0000f955, 0x0000091e,
+	0x0000f956, 0x0000091f,
+	0x0000f957, 0x00000920,
+	0x0000f958, 0x00000921,
+	0x0000f959, 0x00000922,
+	0x0000f95a, 0x00000923,
+	0x0000f95b, 0x00000924,
+	0x0000f95c, 0x00000925,
+	0x0000f95d, 0x00000926,
+	0x0000f95e, 0x00000927,
+	0x0000f95f, 0x00000928,
+	0x0000f960, 0x00000929,
+	0x0000f961, 0x0000092a,
+	0x0000f962, 0x0000092b,
+	0x0000f963, 0x0000092c,
+	0x0000f964, 0x0000092d,
+	0x0000f965, 0x0000092e,
+	0x0000f966, 0x0000092f,
+	0x0000f967, 0x00000930,
+	0x0000f968, 0x00000931,
+	0x0000f969, 0x00000932,
+	0x0000f96a, 0x00000933,
+	0x0000f96b, 0x00000934,
+	0x0000f96c, 0x00000935,
+	0x0000f96d, 0x00000936,
+	0x0000f96e, 0x00000937,
+	0x0000f96f, 0x00000938,
+	0x0000f970, 0x00000939,
+	0x0000f971, 0x0000093a,
+	0x0000f972, 0x0000093b,
+	0x0000f973, 0x0000093c,
+	0x0000f974, 0x0000093d,
+	0x0000f975, 0x0000093e,
+	0x0000f976, 0x0000093f,
+	0x0000f977, 0x00000940,
+	0x0000f978, 0x00000941,
+	0x0000f979, 0x00000942,
+	0x0000f97a, 0x00000943,
+	0x0000f97b, 0x00000944,
+	0x0000f97c, 0x00000945,
+	0x0000f97d, 0x00000946,
+	0x0000f97e, 0x00000947,
+	0x0000f97f, 0x00000948,
+	0x0000f980, 0x00000949,
+	0x0000f981, 0x0000094a,
+	0x0000f982, 0x0000094b,
+	0x0000f983, 0x0000094c,
+	0x0000f984, 0x0000094d,
+	0x0000f985, 0x0000094e,
+	0x0000f986, 0x0000094f,
+	0x0000f987, 0x00000950,
+	0x0000f988, 0x00000951,
+	0x0000f989, 0x00000952,
+	0x0000f98a, 0x00000953,
+	0x0000f98b, 0x00000954,
+	0x0000f98c, 0x00000955,
+	0x0000f98d, 0x00000956,
+	0x0000f98e, 0x00000957,
+	0x0000f98f, 0x00000958,
+	0x0000f990, 0x00000959,
+	0x0000f991, 0x0000095a,
+	0x0000f992, 0x0000095b,
+	0x0000f993, 0x0000095c,
+	0x0000f994, 0x0000095d,
+	0x0000f995, 0x0000095e,
+	0x0000f996, 0x0000095f,
+	0x0000f997, 0x00000960,
+	0x0000f998, 0x00000961,
+	0x0000f999, 0x00000962,
+	0x0000f99a, 0x00000963,
+	0x0000f99b, 0x00000964,
+	0x0000f99c, 0x00000965,
+	0x0000f99d, 0x00000966,
+	0x0000f99e, 0x00000967,
+	0x0000f99f, 0x00000968,
+	0x0000f9a0, 0x00000969,
+	0x0000f9a1, 0x0000096a,
+	0x0000f9a2, 0x0000096b,
+	0x0000f9a3, 0x0000096c,
+	0x0000f9a4, 0x0000096d,
+	0x0000f9a5, 0x0000096e,
+	0x0000f9a6, 0x0000096f,
+	0x0000f9a7, 0x00000970,
+	0x0000f9a8, 0x00000971,
+	0x0000f9a9, 0x00000972,
+	0x0000f9aa, 0x00000973,
+	0x0000f9ab, 0x00000974,
+	0x0000f9ac, 0x00000975,
+	0x0000f9ad, 0x00000976,
+	0x0000f9ae, 0x00000977,
+	0x0000f9af, 0x00000978,
+	0x0000f9b0, 0x00000979,
+	0x0000f9b1, 0x0000097a,
+	0x0000f9b2, 0x0000097b,
+	0x0000f9b3, 0x0000097c,
+	0x0000f9b4, 0x0000097d,
+	0x0000f9b5, 0x0000097e,
+	0x0000f9b6, 0x0000097f,
+	0x0000f9b7, 0x00000980,
+	0x0000f9b8, 0x00000981,
+	0x0000f9b9, 0x00000982,
+	0x0000f9ba, 0x00000983,
+	0x0000f9bb, 0x00000984,
+	0x0000f9bc, 0x00000985,
+	0x0000f9bd, 0x00000986,
+	0x0000f9be, 0x00000987,
+	0x0000f9bf, 0x00000988,
+	0x0000f9c0, 0x00000989,
+	0x0000f9c1, 0x0000098a,
+	0x0000f9c2, 0x0000098b,
+	0x0000f9c3, 0x0000098c,
+	0x0000f9c4, 0x0000098d,
+	0x0000f9c5, 0x0000098e,
+	0x0000f9c6, 0x0000098f,
+	0x0000f9c7, 0x00000990,
+	0x0000f9c8, 0x00000991,
+	0x0000f9c9, 0x00000992,
+	0x0000f9ca, 0x00000993,
+	0x0000f9cb, 0x00000994,
+	0x0000f9cc, 0x00000995,
+	0x0000f9cd, 0x00000996,
+	0x0000f9ce, 0x00000997,
+	0x0000f9cf, 0x00000998,
+	0x0000f9d0, 0x00000999,
+	0x0000f9d1, 0x0000099a,
+	0x0000f9d2, 0x0000099b,
+	0x0000f9d3, 0x0000099c,
+	0x0000f9d4, 0x0000099d,
+	0x0000f9d5, 0x0000099e,
+	0x0000f9d6, 0x0000099f,
+	0x0000f9d7, 0x000009a0,
+	0x0000f9d8, 0x000009a1,
+	0x0000f9d9, 0x000009a2,
+	0x0000f9da, 0x000009a3,
+	0x0000f9db, 0x000009a4,
+	0x0000f9dc, 0x000009a5,
+	0x0000f9dd, 0x000009a6,
+	0x0000f9de, 0x000009a7,
+	0x0000f9df, 0x000009a8,
+	0x0000f9e0, 0x000009a9,
+	0x0000f9e1, 0x000009aa,
+	0x0000f9e2, 0x000009ab,
+	0x0000f9e3, 0x000009ac,
+	0x0000f9e4, 0x000009ad,
+	0x0000f9e5, 0x000009ae,
+	0x0000f9e6, 0x000009af,
+	0x0000f9e7, 0x000009b0,
+	0x0000f9e8, 0x000009b1,
+	0x0000f9e9, 0x000009b2,
+	0x0000f9ea, 0x000009b3,
+	0x0000f9eb, 0x000009b4,
+	0x0000f9ec, 0x000009b5,
+	0x0000f9ed, 0x000009b6,
+	0x0000f9ee, 0x000009b7,
+	0x0000f9ef, 0x000009b8,
+	0x0000f9f0, 0x000009b9,
+	0x0000f9f1, 0x000009ba,
+	0x0000f9f2, 0x000009bb,
+	0x0000f9f3, 0x000009bc,
+	0x0000f9f4, 0x000009bd,
+	0x0000f9f5, 0x000009be,
+	0x0000f9f6, 0x000009bf,
+	0x0000f9f7, 0x000009c0,
+	0x0000f9f8, 0x000009c1,
+	0x0000f9f9, 0x000009c2,
+	0x0000f9fa, 0x000009c3,
+	0x0000f9fb, 0x000009c4,
+	0x0000f9fc, 0x000009c5,
+	0x0000f9fd, 0x000009c6,
+	0x0000f9fe, 0x000009c7,
+	0x0000f9ff, 0x000009c8,
+	0x0000fa00, 0x000009c9,
+	0x0000fa01, 0x000009ca,
+	0x0000fa02, 0x000009cb,
+	0x0000fa03, 0x000009cc,
+	0x0000fa04, 0x000009cd,
+	0x0000fa05, 0x000009ce,
+	0x0000fa06, 0x000009cf,
+	0x0000fa07, 0x000009d0,
+	0x0000fa08, 0x000009d1,
+	0x0000fa09, 0x000009d2,
+	0x0000fa0a, 0x000009d3,
+	0x0000fa0b, 0x000009d4,
+	0x0000fa0c, 0x000009d5,
+	0x0000fa0d, 0x000009d6,
+	0x0000fa10, 0x000009d7,
+	0x0000fa12, 0x000009d8,
+	0x0000fa15, 0x000009d9,
+	0x0000fa16, 0x000009da,
+	0x0000fa17, 0x000009db,
+	0x0000fa18, 0x000009dc,
+	0x0000fa19, 0x000009dd,
+	0x0000fa1a, 0x000009de,
+	0x0000fa1b, 0x000009df,
+	0x0000fa1c, 0x000009e0,
+	0x0000fa1d, 0x000009e1,
+	0x0000fa1e, 0x000009e2,
+	0x0000fa20, 0x000009e3,
+	0x0000fa22, 0x000009e4,
+	0x0000fa25, 0x000009e5,
+	0x0000fa26, 0x000009e6,
+	0x0000fa2a, 0x000009e7,
+	0x0000fa2b, 0x000009e8,
+	0x0000fa2c, 0x000009e9,
+	0x0000fa2d, 0x000009ea,
+	0x0000fa30, 0x000009eb,
+	0x0000fa31, 0x000009ec,
+	0x0000fa32, 0x000009ed,
+	0x0000fa33, 0x000009ee,
+	0x0000fa34, 0x000009ef,
+	0x0000fa35, 0x000009f0,
+	0x0000fa36, 0x000009f1,
+	0x0000fa37, 0x000009f2,
+	0x0000fa38, 0x000009f3,
+	0x0000fa39, 0x000009f4,
+	0x0000fa3a, 0x000009f5,
+	0x0000fa3b, 0x000009f6,
+	0x0000fa3c, 0x000009f7,
+	0x0000fa3d, 0x000009f8,
+	0x0000fa3e, 0x000009f9,
+	0x0000fa3f, 0x000009fa,
+	0x0000fa40, 0x000009fb,
+	0x0000fa41, 0x000009fc,
+	0x0000fa42, 0x000009fd,
+	0x0000fa43, 0x000009fe,
+	0x0000fa44, 0x000009ff,
+	0x0000fa45, 0x00000a00,
+	0x0000fa46, 0x00000a01,
+	0x0000fa47, 0x00000a02,
+	0x0000fa48, 0x00000a03,
+	0x0000fa49, 0x00000a04,
+	0x0000fa4a, 0x00000a05,
+	0x0000fa4b, 0x00000a06,
+	0x0000fa4c, 0x00000a07,
+	0x0000fa4d, 0x00000a08,
+	0x0000fa4e, 0x00000a09,
+	0x0000fa4f, 0x00000a0a,
+	0x0000fa50, 0x00000a0b,
+	0x0000fa51, 0x00000a0c,
+	0x0000fa52, 0x00000a0d,
+	0x0000fa53, 0x00000a0e,
+	0x0000fa54, 0x00000a0f,
+	0x0000fa55, 0x00000a10,
+	0x0000fa56, 0x00000a11,
+	0x0000fa57, 0x00000a12,
+	0x0000fa58, 0x00000a13,
+	0x0000fa59, 0x00000a14,
+	0x0000fa5a, 0x00000a15,
+	0x0000fa5b, 0x00000a16,
+	0x0000fa5c, 0x00000a17,
+	0x0000fa5d, 0x00000a18,
+	0x0000fa5e, 0x00000a19,
+	0x0000fa5f, 0x00000a1a,
+	0x0000fa60, 0x00000a1b,
+	0x0000fa61, 0x00000a1c,
+	0x0000fa62, 0x00000a1d,
+	0x0000fa63, 0x00000a1e,
+	0x0000fa64, 0x00000a1f,
+	0x0000fa65, 0x00000a20,
+	0x0000fa66, 0x00000a21,
+	0x0000fa67, 0x00000a22,
+	0x0000fa68, 0x00000a23,
+	0x0000fa69, 0x00000a24,
+	0x0000fa6a, 0x00000a25,
+	0x0000fb1d, 0x00000a26,
+	0x0000fb1f, 0x00000a28,
+	0x0000fb2a, 0x00000a2a,
+	0x0000fb2b, 0x00000a2c,
+	0x0000fb2c, 0x00000a2e,
+	0x0000fb2d, 0x00000a31,
+	0x0000fb2e, 0x00000a34,
+	0x0000fb2f, 0x00000a36,
+	0x0000fb30, 0x00000a38,
+	0x0000fb31, 0x00000a3a,
+	0x0000fb32, 0x00000a3c,
+	0x0000fb33, 0x00000a3e,
+	0x0000fb34, 0x00000a40,
+	0x0000fb35, 0x00000a42,
+	0x0000fb36, 0x00000a44,
+	0x0000fb38, 0x00000a46,
+	0x0000fb39, 0x00000a48,
+	0x0000fb3a, 0x00000a4a,
+	0x0000fb3b, 0x00000a4c,
+	0x0000fb3c, 0x00000a4e,
+	0x0000fb3e, 0x00000a50,
+	0x0000fb40, 0x00000a52,
+	0x0000fb41, 0x00000a54,
+	0x0000fb43, 0x00000a56,
+	0x0000fb44, 0x00000a58,
+	0x0000fb46, 0x00000a5a,
+	0x0000fb47, 0x00000a5c,
+	0x0000fb48, 0x00000a5e,
+	0x0000fb49, 0x00000a60,
+	0x0000fb4a, 0x00000a62,
+	0x0000fb4b, 0x00000a64,
+	0x0000fb4c, 0x00000a66,
+	0x0000fb4d, 0x00000a68,
+	0x0000fb4e, 0x00000a6a,
+	0x0001d15e, 0x00000a6c,
+	0x0001d15f, 0x00000a6e,
+	0x0001d160, 0x00000a70,
+	0x0001d161, 0x00000a73,
+	0x0001d162, 0x00000a76,
+	0x0001d163, 0x00000a79,
+	0x0001d164, 0x00000a7c,
+	0x0001d1bb, 0x00000a7f,
+	0x0001d1bc, 0x00000a81,
+	0x0001d1bd, 0x00000a83,
+	0x0001d1be, 0x00000a86,
+	0x0001d1bf, 0x00000a89,
+	0x0001d1c0, 0x00000a8c,
+	0x0002f800, 0x00000a8f,
+	0x0002f801, 0x00000a90,
+	0x0002f802, 0x00000a91,
+	0x0002f803, 0x00000a92,
+	0x0002f804, 0x00000a93,
+	0x0002f805, 0x00000a94,
+	0x0002f806, 0x00000a95,
+	0x0002f807, 0x00000a96,
+	0x0002f808, 0x00000a97,
+	0x0002f809, 0x00000a98,
+	0x0002f80a, 0x00000a99,
+	0x0002f80b, 0x00000a9a,
+	0x0002f80c, 0x00000a9b,
+	0x0002f80d, 0x00000a9c,
+	0x0002f80e, 0x00000a9d,
+	0x0002f80f, 0x00000a9e,
+	0x0002f810, 0x00000a9f,
+	0x0002f811, 0x00000aa0,
+	0x0002f812, 0x00000aa1,
+	0x0002f813, 0x00000aa2,
+	0x0002f814, 0x00000aa3,
+	0x0002f815, 0x00000aa4,
+	0x0002f816, 0x00000aa5,
+	0x0002f817, 0x00000aa6,
+	0x0002f818, 0x00000aa7,
+	0x0002f819, 0x00000aa8,
+	0x0002f81a, 0x00000aa9,
+	0x0002f81b, 0x00000aaa,
+	0x0002f81c, 0x00000aab,
+	0x0002f81d, 0x00000aac,
+	0x0002f81e, 0x00000aad,
+	0x0002f81f, 0x00000aae,
+	0x0002f820, 0x00000aaf,
+	0x0002f821, 0x00000ab0,
+	0x0002f822, 0x00000ab1,
+	0x0002f823, 0x00000ab2,
+	0x0002f824, 0x00000ab3,
+	0x0002f825, 0x00000ab4,
+	0x0002f826, 0x00000ab5,
+	0x0002f827, 0x00000ab6,
+	0x0002f828, 0x00000ab7,
+	0x0002f829, 0x00000ab8,
+	0x0002f82a, 0x00000ab9,
+	0x0002f82b, 0x00000aba,
+	0x0002f82c, 0x00000abb,
+	0x0002f82d, 0x00000abc,
+	0x0002f82e, 0x00000abd,
+	0x0002f82f, 0x00000abe,
+	0x0002f830, 0x00000abf,
+	0x0002f831, 0x00000ac0,
+	0x0002f832, 0x00000ac1,
+	0x0002f833, 0x00000ac2,
+	0x0002f834, 0x00000ac3,
+	0x0002f835, 0x00000ac4,
+	0x0002f836, 0x00000ac5,
+	0x0002f837, 0x00000ac6,
+	0x0002f838, 0x00000ac7,
+	0x0002f839, 0x00000ac8,
+	0x0002f83a, 0x00000ac9,
+	0x0002f83b, 0x00000aca,
+	0x0002f83c, 0x00000acb,
+	0x0002f83d, 0x00000acc,
+	0x0002f83e, 0x00000acd,
+	0x0002f83f, 0x00000ace,
+	0x0002f840, 0x00000acf,
+	0x0002f841, 0x00000ad0,
+	0x0002f842, 0x00000ad1,
+	0x0002f843, 0x00000ad2,
+	0x0002f844, 0x00000ad3,
+	0x0002f845, 0x00000ad4,
+	0x0002f846, 0x00000ad5,
+	0x0002f847, 0x00000ad6,
+	0x0002f848, 0x00000ad7,
+	0x0002f849, 0x00000ad8,
+	0x0002f84a, 0x00000ad9,
+	0x0002f84b, 0x00000ada,
+	0x0002f84c, 0x00000adb,
+	0x0002f84d, 0x00000adc,
+	0x0002f84e, 0x00000add,
+	0x0002f84f, 0x00000ade,
+	0x0002f850, 0x00000adf,
+	0x0002f851, 0x00000ae0,
+	0x0002f852, 0x00000ae1,
+	0x0002f853, 0x00000ae2,
+	0x0002f854, 0x00000ae3,
+	0x0002f855, 0x00000ae4,
+	0x0002f856, 0x00000ae5,
+	0x0002f857, 0x00000ae6,
+	0x0002f858, 0x00000ae7,
+	0x0002f859, 0x00000ae8,
+	0x0002f85a, 0x00000ae9,
+	0x0002f85b, 0x00000aea,
+	0x0002f85c, 0x00000aeb,
+	0x0002f85d, 0x00000aec,
+	0x0002f85e, 0x00000aed,
+	0x0002f85f, 0x00000aee,
+	0x0002f860, 0x00000aef,
+	0x0002f861, 0x00000af0,
+	0x0002f862, 0x00000af1,
+	0x0002f863, 0x00000af2,
+	0x0002f864, 0x00000af3,
+	0x0002f865, 0x00000af4,
+	0x0002f866, 0x00000af5,
+	0x0002f867, 0x00000af6,
+	0x0002f868, 0x00000af7,
+	0x0002f869, 0x00000af8,
+	0x0002f86a, 0x00000af9,
+	0x0002f86b, 0x00000afa,
+	0x0002f86c, 0x00000afb,
+	0x0002f86d, 0x00000afc,
+	0x0002f86e, 0x00000afd,
+	0x0002f86f, 0x00000afe,
+	0x0002f870, 0x00000aff,
+	0x0002f871, 0x00000b00,
+	0x0002f872, 0x00000b01,
+	0x0002f873, 0x00000b02,
+	0x0002f874, 0x00000b03,
+	0x0002f875, 0x00000b04,
+	0x0002f876, 0x00000b05,
+	0x0002f877, 0x00000b06,
+	0x0002f878, 0x00000b07,
+	0x0002f879, 0x00000b08,
+	0x0002f87a, 0x00000b09,
+	0x0002f87b, 0x00000b0a,
+	0x0002f87c, 0x00000b0b,
+	0x0002f87d, 0x00000b0c,
+	0x0002f87e, 0x00000b0d,
+	0x0002f87f, 0x00000b0e,
+	0x0002f880, 0x00000b0f,
+	0x0002f881, 0x00000b10,
+	0x0002f882, 0x00000b11,
+	0x0002f883, 0x00000b12,
+	0x0002f884, 0x00000b13,
+	0x0002f885, 0x00000b14,
+	0x0002f886, 0x00000b15,
+	0x0002f887, 0x00000b16,
+	0x0002f888, 0x00000b17,
+	0x0002f889, 0x00000b18,
+	0x0002f88a, 0x00000b19,
+	0x0002f88b, 0x00000b1a,
+	0x0002f88c, 0x00000b1b,
+	0x0002f88d, 0x00000b1c,
+	0x0002f88e, 0x00000b1d,
+	0x0002f88f, 0x00000b1e,
+	0x0002f890, 0x00000b1f,
+	0x0002f891, 0x00000b20,
+	0x0002f892, 0x00000b21,
+	0x0002f893, 0x00000b22,
+	0x0002f894, 0x00000b23,
+	0x0002f895, 0x00000b24,
+	0x0002f896, 0x00000b25,
+	0x0002f897, 0x00000b26,
+	0x0002f898, 0x00000b27,
+	0x0002f899, 0x00000b28,
+	0x0002f89a, 0x00000b29,
+	0x0002f89b, 0x00000b2a,
+	0x0002f89c, 0x00000b2b,
+	0x0002f89d, 0x00000b2c,
+	0x0002f89e, 0x00000b2d,
+	0x0002f89f, 0x00000b2e,
+	0x0002f8a0, 0x00000b2f,
+	0x0002f8a1, 0x00000b30,
+	0x0002f8a2, 0x00000b31,
+	0x0002f8a3, 0x00000b32,
+	0x0002f8a4, 0x00000b33,
+	0x0002f8a5, 0x00000b34,
+	0x0002f8a6, 0x00000b35,
+	0x0002f8a7, 0x00000b36,
+	0x0002f8a8, 0x00000b37,
+	0x0002f8a9, 0x00000b38,
+	0x0002f8aa, 0x00000b39,
+	0x0002f8ab, 0x00000b3a,
+	0x0002f8ac, 0x00000b3b,
+	0x0002f8ad, 0x00000b3c,
+	0x0002f8ae, 0x00000b3d,
+	0x0002f8af, 0x00000b3e,
+	0x0002f8b0, 0x00000b3f,
+	0x0002f8b1, 0x00000b40,
+	0x0002f8b2, 0x00000b41,
+	0x0002f8b3, 0x00000b42,
+	0x0002f8b4, 0x00000b43,
+	0x0002f8b5, 0x00000b44,
+	0x0002f8b6, 0x00000b45,
+	0x0002f8b7, 0x00000b46,
+	0x0002f8b8, 0x00000b47,
+	0x0002f8b9, 0x00000b48,
+	0x0002f8ba, 0x00000b49,
+	0x0002f8bb, 0x00000b4a,
+	0x0002f8bc, 0x00000b4b,
+	0x0002f8bd, 0x00000b4c,
+	0x0002f8be, 0x00000b4d,
+	0x0002f8bf, 0x00000b4e,
+	0x0002f8c0, 0x00000b4f,
+	0x0002f8c1, 0x00000b50,
+	0x0002f8c2, 0x00000b51,
+	0x0002f8c3, 0x00000b52,
+	0x0002f8c4, 0x00000b53,
+	0x0002f8c5, 0x00000b54,
+	0x0002f8c6, 0x00000b55,
+	0x0002f8c7, 0x00000b56,
+	0x0002f8c8, 0x00000b57,
+	0x0002f8c9, 0x00000b58,
+	0x0002f8ca, 0x00000b59,
+	0x0002f8cb, 0x00000b5a,
+	0x0002f8cc, 0x00000b5b,
+	0x0002f8cd, 0x00000b5c,
+	0x0002f8ce, 0x00000b5d,
+	0x0002f8cf, 0x00000b5e,
+	0x0002f8d0, 0x00000b5f,
+	0x0002f8d1, 0x00000b60,
+	0x0002f8d2, 0x00000b61,
+	0x0002f8d3, 0x00000b62,
+	0x0002f8d4, 0x00000b63,
+	0x0002f8d5, 0x00000b64,
+	0x0002f8d6, 0x00000b65,
+	0x0002f8d7, 0x00000b66,
+	0x0002f8d8, 0x00000b67,
+	0x0002f8d9, 0x00000b68,
+	0x0002f8da, 0x00000b69,
+	0x0002f8db, 0x00000b6a,
+	0x0002f8dc, 0x00000b6b,
+	0x0002f8dd, 0x00000b6c,
+	0x0002f8de, 0x00000b6d,
+	0x0002f8df, 0x00000b6e,
+	0x0002f8e0, 0x00000b6f,
+	0x0002f8e1, 0x00000b70,
+	0x0002f8e2, 0x00000b71,
+	0x0002f8e3, 0x00000b72,
+	0x0002f8e4, 0x00000b73,
+	0x0002f8e5, 0x00000b74,
+	0x0002f8e6, 0x00000b75,
+	0x0002f8e7, 0x00000b76,
+	0x0002f8e8, 0x00000b77,
+	0x0002f8e9, 0x00000b78,
+	0x0002f8ea, 0x00000b79,
+	0x0002f8eb, 0x00000b7a,
+	0x0002f8ec, 0x00000b7b,
+	0x0002f8ed, 0x00000b7c,
+	0x0002f8ee, 0x00000b7d,
+	0x0002f8ef, 0x00000b7e,
+	0x0002f8f0, 0x00000b7f,
+	0x0002f8f1, 0x00000b80,
+	0x0002f8f2, 0x00000b81,
+	0x0002f8f3, 0x00000b82,
+	0x0002f8f4, 0x00000b83,
+	0x0002f8f5, 0x00000b84,
+	0x0002f8f6, 0x00000b85,
+	0x0002f8f7, 0x00000b86,
+	0x0002f8f8, 0x00000b87,
+	0x0002f8f9, 0x00000b88,
+	0x0002f8fa, 0x00000b89,
+	0x0002f8fb, 0x00000b8a,
+	0x0002f8fc, 0x00000b8b,
+	0x0002f8fd, 0x00000b8c,
+	0x0002f8fe, 0x00000b8d,
+	0x0002f8ff, 0x00000b8e,
+	0x0002f900, 0x00000b8f,
+	0x0002f901, 0x00000b90,
+	0x0002f902, 0x00000b91,
+	0x0002f903, 0x00000b92,
+	0x0002f904, 0x00000b93,
+	0x0002f905, 0x00000b94,
+	0x0002f906, 0x00000b95,
+	0x0002f907, 0x00000b96,
+	0x0002f908, 0x00000b97,
+	0x0002f909, 0x00000b98,
+	0x0002f90a, 0x00000b99,
+	0x0002f90b, 0x00000b9a,
+	0x0002f90c, 0x00000b9b,
+	0x0002f90d, 0x00000b9c,
+	0x0002f90e, 0x00000b9d,
+	0x0002f90f, 0x00000b9e,
+	0x0002f910, 0x00000b9f,
+	0x0002f911, 0x00000ba0,
+	0x0002f912, 0x00000ba1,
+	0x0002f913, 0x00000ba2,
+	0x0002f914, 0x00000ba3,
+	0x0002f915, 0x00000ba4,
+	0x0002f916, 0x00000ba5,
+	0x0002f917, 0x00000ba6,
+	0x0002f918, 0x00000ba7,
+	0x0002f919, 0x00000ba8,
+	0x0002f91a, 0x00000ba9,
+	0x0002f91b, 0x00000baa,
+	0x0002f91c, 0x00000bab,
+	0x0002f91d, 0x00000bac,
+	0x0002f91e, 0x00000bad,
+	0x0002f91f, 0x00000bae,
+	0x0002f920, 0x00000baf,
+	0x0002f921, 0x00000bb0,
+	0x0002f922, 0x00000bb1,
+	0x0002f923, 0x00000bb2,
+	0x0002f924, 0x00000bb3,
+	0x0002f925, 0x00000bb4,
+	0x0002f926, 0x00000bb5,
+	0x0002f927, 0x00000bb6,
+	0x0002f928, 0x00000bb7,
+	0x0002f929, 0x00000bb8,
+	0x0002f92a, 0x00000bb9,
+	0x0002f92b, 0x00000bba,
+	0x0002f92c, 0x00000bbb,
+	0x0002f92d, 0x00000bbc,
+	0x0002f92e, 0x00000bbd,
+	0x0002f92f, 0x00000bbe,
+	0x0002f930, 0x00000bbf,
+	0x0002f931, 0x00000bc0,
+	0x0002f932, 0x00000bc1,
+	0x0002f933, 0x00000bc2,
+	0x0002f934, 0x00000bc3,
+	0x0002f935, 0x00000bc4,
+	0x0002f936, 0x00000bc5,
+	0x0002f937, 0x00000bc6,
+	0x0002f938, 0x00000bc7,
+	0x0002f939, 0x00000bc8,
+	0x0002f93a, 0x00000bc9,
+	0x0002f93b, 0x00000bca,
+	0x0002f93c, 0x00000bcb,
+	0x0002f93d, 0x00000bcc,
+	0x0002f93e, 0x00000bcd,
+	0x0002f93f, 0x00000bce,
+	0x0002f940, 0x00000bcf,
+	0x0002f941, 0x00000bd0,
+	0x0002f942, 0x00000bd1,
+	0x0002f943, 0x00000bd2,
+	0x0002f944, 0x00000bd3,
+	0x0002f945, 0x00000bd4,
+	0x0002f946, 0x00000bd5,
+	0x0002f947, 0x00000bd6,
+	0x0002f948, 0x00000bd7,
+	0x0002f949, 0x00000bd8,
+	0x0002f94a, 0x00000bd9,
+	0x0002f94b, 0x00000bda,
+	0x0002f94c, 0x00000bdb,
+	0x0002f94d, 0x00000bdc,
+	0x0002f94e, 0x00000bdd,
+	0x0002f94f, 0x00000bde,
+	0x0002f950, 0x00000bdf,
+	0x0002f951, 0x00000be0,
+	0x0002f952, 0x00000be1,
+	0x0002f953, 0x00000be2,
+	0x0002f954, 0x00000be3,
+	0x0002f955, 0x00000be4,
+	0x0002f956, 0x00000be5,
+	0x0002f957, 0x00000be6,
+	0x0002f958, 0x00000be7,
+	0x0002f959, 0x00000be8,
+	0x0002f95a, 0x00000be9,
+	0x0002f95b, 0x00000bea,
+	0x0002f95c, 0x00000beb,
+	0x0002f95d, 0x00000bec,
+	0x0002f95e, 0x00000bed,
+	0x0002f95f, 0x00000bee,
+	0x0002f960, 0x00000bef,
+	0x0002f961, 0x00000bf0,
+	0x0002f962, 0x00000bf1,
+	0x0002f963, 0x00000bf2,
+	0x0002f964, 0x00000bf3,
+	0x0002f965, 0x00000bf4,
+	0x0002f966, 0x00000bf5,
+	0x0002f967, 0x00000bf6,
+	0x0002f968, 0x00000bf7,
+	0x0002f969, 0x00000bf8,
+	0x0002f96a, 0x00000bf9,
+	0x0002f96b, 0x00000bfa,
+	0x0002f96c, 0x00000bfb,
+	0x0002f96d, 0x00000bfc,
+	0x0002f96e, 0x00000bfd,
+	0x0002f96f, 0x00000bfe,
+	0x0002f970, 0x00000bff,
+	0x0002f971, 0x00000c00,
+	0x0002f972, 0x00000c01,
+	0x0002f973, 0x00000c02,
+	0x0002f974, 0x00000c03,
+	0x0002f975, 0x00000c04,
+	0x0002f976, 0x00000c05,
+	0x0002f977, 0x00000c06,
+	0x0002f978, 0x00000c07,
+	0x0002f979, 0x00000c08,
+	0x0002f97a, 0x00000c09,
+	0x0002f97b, 0x00000c0a,
+	0x0002f97c, 0x00000c0b,
+	0x0002f97d, 0x00000c0c,
+	0x0002f97e, 0x00000c0d,
+	0x0002f97f, 0x00000c0e,
+	0x0002f980, 0x00000c0f,
+	0x0002f981, 0x00000c10,
+	0x0002f982, 0x00000c11,
+	0x0002f983, 0x00000c12,
+	0x0002f984, 0x00000c13,
+	0x0002f985, 0x00000c14,
+	0x0002f986, 0x00000c15,
+	0x0002f987, 0x00000c16,
+	0x0002f988, 0x00000c17,
+	0x0002f989, 0x00000c18,
+	0x0002f98a, 0x00000c19,
+	0x0002f98b, 0x00000c1a,
+	0x0002f98c, 0x00000c1b,
+	0x0002f98d, 0x00000c1c,
+	0x0002f98e, 0x00000c1d,
+	0x0002f98f, 0x00000c1e,
+	0x0002f990, 0x00000c1f,
+	0x0002f991, 0x00000c20,
+	0x0002f992, 0x00000c21,
+	0x0002f993, 0x00000c22,
+	0x0002f994, 0x00000c23,
+	0x0002f995, 0x00000c24,
+	0x0002f996, 0x00000c25,
+	0x0002f997, 0x00000c26,
+	0x0002f998, 0x00000c27,
+	0x0002f999, 0x00000c28,
+	0x0002f99a, 0x00000c29,
+	0x0002f99b, 0x00000c2a,
+	0x0002f99c, 0x00000c2b,
+	0x0002f99d, 0x00000c2c,
+	0x0002f99e, 0x00000c2d,
+	0x0002f99f, 0x00000c2e,
+	0x0002f9a0, 0x00000c2f,
+	0x0002f9a1, 0x00000c30,
+	0x0002f9a2, 0x00000c31,
+	0x0002f9a3, 0x00000c32,
+	0x0002f9a4, 0x00000c33,
+	0x0002f9a5, 0x00000c34,
+	0x0002f9a6, 0x00000c35,
+	0x0002f9a7, 0x00000c36,
+	0x0002f9a8, 0x00000c37,
+	0x0002f9a9, 0x00000c38,
+	0x0002f9aa, 0x00000c39,
+	0x0002f9ab, 0x00000c3a,
+	0x0002f9ac, 0x00000c3b,
+	0x0002f9ad, 0x00000c3c,
+	0x0002f9ae, 0x00000c3d,
+	0x0002f9af, 0x00000c3e,
+	0x0002f9b0, 0x00000c3f,
+	0x0002f9b1, 0x00000c40,
+	0x0002f9b2, 0x00000c41,
+	0x0002f9b3, 0x00000c42,
+	0x0002f9b4, 0x00000c43,
+	0x0002f9b5, 0x00000c44,
+	0x0002f9b6, 0x00000c45,
+	0x0002f9b7, 0x00000c46,
+	0x0002f9b8, 0x00000c47,
+	0x0002f9b9, 0x00000c48,
+	0x0002f9ba, 0x00000c49,
+	0x0002f9bb, 0x00000c4a,
+	0x0002f9bc, 0x00000c4b,
+	0x0002f9bd, 0x00000c4c,
+	0x0002f9be, 0x00000c4d,
+	0x0002f9bf, 0x00000c4e,
+	0x0002f9c0, 0x00000c4f,
+	0x0002f9c1, 0x00000c50,
+	0x0002f9c2, 0x00000c51,
+	0x0002f9c3, 0x00000c52,
+	0x0002f9c4, 0x00000c53,
+	0x0002f9c5, 0x00000c54,
+	0x0002f9c6, 0x00000c55,
+	0x0002f9c7, 0x00000c56,
+	0x0002f9c8, 0x00000c57,
+	0x0002f9c9, 0x00000c58,
+	0x0002f9ca, 0x00000c59,
+	0x0002f9cb, 0x00000c5a,
+	0x0002f9cc, 0x00000c5b,
+	0x0002f9cd, 0x00000c5c,
+	0x0002f9ce, 0x00000c5d,
+	0x0002f9cf, 0x00000c5e,
+	0x0002f9d0, 0x00000c5f,
+	0x0002f9d1, 0x00000c60,
+	0x0002f9d2, 0x00000c61,
+	0x0002f9d3, 0x00000c62,
+	0x0002f9d4, 0x00000c63,
+	0x0002f9d5, 0x00000c64,
+	0x0002f9d6, 0x00000c65,
+	0x0002f9d7, 0x00000c66,
+	0x0002f9d8, 0x00000c67,
+	0x0002f9d9, 0x00000c68,
+	0x0002f9da, 0x00000c69,
+	0x0002f9db, 0x00000c6a,
+	0x0002f9dc, 0x00000c6b,
+	0x0002f9dd, 0x00000c6c,
+	0x0002f9de, 0x00000c6d,
+	0x0002f9df, 0x00000c6e,
+	0x0002f9e0, 0x00000c6f,
+	0x0002f9e1, 0x00000c70,
+	0x0002f9e2, 0x00000c71,
+	0x0002f9e3, 0x00000c72,
+	0x0002f9e4, 0x00000c73,
+	0x0002f9e5, 0x00000c74,
+	0x0002f9e6, 0x00000c75,
+	0x0002f9e7, 0x00000c76,
+	0x0002f9e8, 0x00000c77,
+	0x0002f9e9, 0x00000c78,
+	0x0002f9ea, 0x00000c79,
+	0x0002f9eb, 0x00000c7a,
+	0x0002f9ec, 0x00000c7b,
+	0x0002f9ed, 0x00000c7c,
+	0x0002f9ee, 0x00000c7d,
+	0x0002f9ef, 0x00000c7e,
+	0x0002f9f0, 0x00000c7f,
+	0x0002f9f1, 0x00000c80,
+	0x0002f9f2, 0x00000c81,
+	0x0002f9f3, 0x00000c82,
+	0x0002f9f4, 0x00000c83,
+	0x0002f9f5, 0x00000c84,
+	0x0002f9f6, 0x00000c85,
+	0x0002f9f7, 0x00000c86,
+	0x0002f9f8, 0x00000c87,
+	0x0002f9f9, 0x00000c88,
+	0x0002f9fa, 0x00000c89,
+	0x0002f9fb, 0x00000c8a,
+	0x0002f9fc, 0x00000c8b,
+	0x0002f9fd, 0x00000c8c,
+	0x0002f9fe, 0x00000c8d,
+	0x0002f9ff, 0x00000c8e,
+	0x0002fa00, 0x00000c8f,
+	0x0002fa01, 0x00000c90,
+	0x0002fa02, 0x00000c91,
+	0x0002fa03, 0x00000c92,
+	0x0002fa04, 0x00000c93,
+	0x0002fa05, 0x00000c94,
+	0x0002fa06, 0x00000c95,
+	0x0002fa07, 0x00000c96,
+	0x0002fa08, 0x00000c97,
+	0x0002fa09, 0x00000c98,
+	0x0002fa0a, 0x00000c99,
+	0x0002fa0b, 0x00000c9a,
+	0x0002fa0c, 0x00000c9b,
+	0x0002fa0d, 0x00000c9c,
+	0x0002fa0e, 0x00000c9d,
+	0x0002fa0f, 0x00000c9e,
+	0x0002fa10, 0x00000c9f,
+	0x0002fa11, 0x00000ca0,
+	0x0002fa12, 0x00000ca1,
+	0x0002fa13, 0x00000ca2,
+	0x0002fa14, 0x00000ca3,
+	0x0002fa15, 0x00000ca4,
+	0x0002fa16, 0x00000ca5,
+	0x0002fa17, 0x00000ca6,
+	0x0002fa18, 0x00000ca7,
+	0x0002fa19, 0x00000ca8,
+	0x0002fa1a, 0x00000ca9,
+	0x0002fa1b, 0x00000caa,
+	0x0002fa1c, 0x00000cab,
+	0x0002fa1d, 0x00000cac,
+	0x00000cad
+};
+
+static const krb5_ui_4 _ucdcmp_decomp[] = {
+	0x00000041, 0x00000300, 0x00000041, 0x00000301,
+	0x00000041, 0x00000302, 0x00000041, 0x00000303,
+	0x00000041, 0x00000308, 0x00000041, 0x0000030a,
+	0x00000043, 0x00000327, 0x00000045, 0x00000300,
+	0x00000045, 0x00000301, 0x00000045, 0x00000302,
+	0x00000045, 0x00000308, 0x00000049, 0x00000300,
+	0x00000049, 0x00000301, 0x00000049, 0x00000302,
+	0x00000049, 0x00000308, 0x0000004e, 0x00000303,
+	0x0000004f, 0x00000300, 0x0000004f, 0x00000301,
+	0x0000004f, 0x00000302, 0x0000004f, 0x00000303,
+	0x0000004f, 0x00000308, 0x00000055, 0x00000300,
+	0x00000055, 0x00000301, 0x00000055, 0x00000302,
+	0x00000055, 0x00000308, 0x00000059, 0x00000301,
+	0x00000061, 0x00000300, 0x00000061, 0x00000301,
+	0x00000061, 0x00000302, 0x00000061, 0x00000303,
+	0x00000061, 0x00000308, 0x00000061, 0x0000030a,
+	0x00000063, 0x00000327, 0x00000065, 0x00000300,
+	0x00000065, 0x00000301, 0x00000065, 0x00000302,
+	0x00000065, 0x00000308, 0x00000069, 0x00000300,
+	0x00000069, 0x00000301, 0x00000069, 0x00000302,
+	0x00000069, 0x00000308, 0x0000006e, 0x00000303,
+	0x0000006f, 0x00000300, 0x0000006f, 0x00000301,
+	0x0000006f, 0x00000302, 0x0000006f, 0x00000303,
+	0x0000006f, 0x00000308, 0x00000075, 0x00000300,
+	0x00000075, 0x00000301, 0x00000075, 0x00000302,
+	0x00000075, 0x00000308, 0x00000079, 0x00000301,
+	0x00000079, 0x00000308, 0x00000041, 0x00000304,
+	0x00000061, 0x00000304, 0x00000041, 0x00000306,
+	0x00000061, 0x00000306, 0x00000041, 0x00000328,
+	0x00000061, 0x00000328, 0x00000043, 0x00000301,
+	0x00000063, 0x00000301, 0x00000043, 0x00000302,
+	0x00000063, 0x00000302, 0x00000043, 0x00000307,
+	0x00000063, 0x00000307, 0x00000043, 0x0000030c,
+	0x00000063, 0x0000030c, 0x00000044, 0x0000030c,
+	0x00000064, 0x0000030c, 0x00000045, 0x00000304,
+	0x00000065, 0x00000304, 0x00000045, 0x00000306,
+	0x00000065, 0x00000306, 0x00000045, 0x00000307,
+	0x00000065, 0x00000307, 0x00000045, 0x00000328,
+	0x00000065, 0x00000328, 0x00000045, 0x0000030c,
+	0x00000065, 0x0000030c, 0x00000047, 0x00000302,
+	0x00000067, 0x00000302, 0x00000047, 0x00000306,
+	0x00000067, 0x00000306, 0x00000047, 0x00000307,
+	0x00000067, 0x00000307, 0x00000047, 0x00000327,
+	0x00000067, 0x00000327, 0x00000048, 0x00000302,
+	0x00000068, 0x00000302, 0x00000049, 0x00000303,
+	0x00000069, 0x00000303, 0x00000049, 0x00000304,
+	0x00000069, 0x00000304, 0x00000049, 0x00000306,
+	0x00000069, 0x00000306, 0x00000049, 0x00000328,
+	0x00000069, 0x00000328, 0x00000049, 0x00000307,
+	0x0000004a, 0x00000302, 0x0000006a, 0x00000302,
+	0x0000004b, 0x00000327, 0x0000006b, 0x00000327,
+	0x0000004c, 0x00000301, 0x0000006c, 0x00000301,
+	0x0000004c, 0x00000327, 0x0000006c, 0x00000327,
+	0x0000004c, 0x0000030c, 0x0000006c, 0x0000030c,
+	0x0000004e, 0x00000301, 0x0000006e, 0x00000301,
+	0x0000004e, 0x00000327, 0x0000006e, 0x00000327,
+	0x0000004e, 0x0000030c, 0x0000006e, 0x0000030c,
+	0x0000004f, 0x00000304, 0x0000006f, 0x00000304,
+	0x0000004f, 0x00000306, 0x0000006f, 0x00000306,
+	0x0000004f, 0x0000030b, 0x0000006f, 0x0000030b,
+	0x00000052, 0x00000301, 0x00000072, 0x00000301,
+	0x00000052, 0x00000327, 0x00000072, 0x00000327,
+	0x00000052, 0x0000030c, 0x00000072, 0x0000030c,
+	0x00000053, 0x00000301, 0x00000073, 0x00000301,
+	0x00000053, 0x00000302, 0x00000073, 0x00000302,
+	0x00000053, 0x00000327, 0x00000073, 0x00000327,
+	0x00000053, 0x0000030c, 0x00000073, 0x0000030c,
+	0x00000054, 0x00000327, 0x00000074, 0x00000327,
+	0x00000054, 0x0000030c, 0x00000074, 0x0000030c,
+	0x00000055, 0x00000303, 0x00000075, 0x00000303,
+	0x00000055, 0x00000304, 0x00000075, 0x00000304,
+	0x00000055, 0x00000306, 0x00000075, 0x00000306,
+	0x00000055, 0x0000030a, 0x00000075, 0x0000030a,
+	0x00000055, 0x0000030b, 0x00000075, 0x0000030b,
+	0x00000055, 0x00000328, 0x00000075, 0x00000328,
+	0x00000057, 0x00000302, 0x00000077, 0x00000302,
+	0x00000059, 0x00000302, 0x00000079, 0x00000302,
+	0x00000059, 0x00000308, 0x0000005a, 0x00000301,
+	0x0000007a, 0x00000301, 0x0000005a, 0x00000307,
+	0x0000007a, 0x00000307, 0x0000005a, 0x0000030c,
+	0x0000007a, 0x0000030c, 0x0000004f, 0x0000031b,
+	0x0000006f, 0x0000031b, 0x00000055, 0x0000031b,
+	0x00000075, 0x0000031b, 0x00000041, 0x0000030c,
+	0x00000061, 0x0000030c, 0x00000049, 0x0000030c,
+	0x00000069, 0x0000030c, 0x0000004f, 0x0000030c,
+	0x0000006f, 0x0000030c, 0x00000055, 0x0000030c,
+	0x00000075, 0x0000030c, 0x00000055, 0x00000308,
+	0x00000304, 0x00000075, 0x00000308, 0x00000304,
+	0x00000055, 0x00000308, 0x00000301, 0x00000075,
+	0x00000308, 0x00000301, 0x00000055, 0x00000308,
+	0x0000030c, 0x00000075, 0x00000308, 0x0000030c,
+	0x00000055, 0x00000308, 0x00000300, 0x00000075,
+	0x00000308, 0x00000300, 0x00000041, 0x00000308,
+	0x00000304, 0x00000061, 0x00000308, 0x00000304,
+	0x00000041, 0x00000307, 0x00000304, 0x00000061,
+	0x00000307, 0x00000304, 0x000000c6, 0x00000304,
+	0x000000e6, 0x00000304, 0x00000047, 0x0000030c,
+	0x00000067, 0x0000030c, 0x0000004b, 0x0000030c,
+	0x0000006b, 0x0000030c, 0x0000004f, 0x00000328,
+	0x0000006f, 0x00000328, 0x0000004f, 0x00000328,
+	0x00000304, 0x0000006f, 0x00000328, 0x00000304,
+	0x000001b7, 0x0000030c, 0x00000292, 0x0000030c,
+	0x0000006a, 0x0000030c, 0x00000047, 0x00000301,
+	0x00000067, 0x00000301, 0x0000004e, 0x00000300,
+	0x0000006e, 0x00000300, 0x00000041, 0x0000030a,
+	0x00000301, 0x00000061, 0x0000030a, 0x00000301,
+	0x000000c6, 0x00000301, 0x000000e6, 0x00000301,
+	0x000000d8, 0x00000301, 0x000000f8, 0x00000301,
+	0x00000041, 0x0000030f, 0x00000061, 0x0000030f,
+	0x00000041, 0x00000311, 0x00000061, 0x00000311,
+	0x00000045, 0x0000030f, 0x00000065, 0x0000030f,
+	0x00000045, 0x00000311, 0x00000065, 0x00000311,
+	0x00000049, 0x0000030f, 0x00000069, 0x0000030f,
+	0x00000049, 0x00000311, 0x00000069, 0x00000311,
+	0x0000004f, 0x0000030f, 0x0000006f, 0x0000030f,
+	0x0000004f, 0x00000311, 0x0000006f, 0x00000311,
+	0x00000052, 0x0000030f, 0x00000072, 0x0000030f,
+	0x00000052, 0x00000311, 0x00000072, 0x00000311,
+	0x00000055, 0x0000030f, 0x00000075, 0x0000030f,
+	0x00000055, 0x00000311, 0x00000075, 0x00000311,
+	0x00000053, 0x00000326, 0x00000073, 0x00000326,
+	0x00000054, 0x00000326, 0x00000074, 0x00000326,
+	0x00000048, 0x0000030c, 0x00000068, 0x0000030c,
+	0x00000041, 0x00000307, 0x00000061, 0x00000307,
+	0x00000045, 0x00000327, 0x00000065, 0x00000327,
+	0x0000004f, 0x00000308, 0x00000304, 0x0000006f,
+	0x00000308, 0x00000304, 0x0000004f, 0x00000303,
+	0x00000304, 0x0000006f, 0x00000303, 0x00000304,
+	0x0000004f, 0x00000307, 0x0000006f, 0x00000307,
+	0x0000004f, 0x00000307, 0x00000304, 0x0000006f,
+	0x00000307, 0x00000304, 0x00000059, 0x00000304,
+	0x00000079, 0x00000304, 0x00000300, 0x00000301,
+	0x00000313, 0x00000308, 0x00000301, 0x000002b9,
+	0x0000003b, 0x000000a8, 0x00000301, 0x00000391,
+	0x00000301, 0x000000b7, 0x00000395, 0x00000301,
+	0x00000397, 0x00000301, 0x00000399, 0x00000301,
+	0x0000039f, 0x00000301, 0x000003a5, 0x00000301,
+	0x000003a9, 0x00000301, 0x000003b9, 0x00000308,
+	0x00000301, 0x00000399, 0x00000308, 0x000003a5,
+	0x00000308, 0x000003b1, 0x00000301, 0x000003b5,
+	0x00000301, 0x000003b7, 0x00000301, 0x000003b9,
+	0x00000301, 0x000003c5, 0x00000308, 0x00000301,
+	0x000003b9, 0x00000308, 0x000003c5, 0x00000308,
+	0x000003bf, 0x00000301, 0x000003c5, 0x00000301,
+	0x000003c9, 0x00000301, 0x000003d2, 0x00000301,
+	0x000003d2, 0x00000308, 0x00000415, 0x00000300,
+	0x00000415, 0x00000308, 0x00000413, 0x00000301,
+	0x00000406, 0x00000308, 0x0000041a, 0x00000301,
+	0x00000418, 0x00000300, 0x00000423, 0x00000306,
+	0x00000418, 0x00000306, 0x00000438, 0x00000306,
+	0x00000435, 0x00000300, 0x00000435, 0x00000308,
+	0x00000433, 0x00000301, 0x00000456, 0x00000308,
+	0x0000043a, 0x00000301, 0x00000438, 0x00000300,
+	0x00000443, 0x00000306, 0x00000474, 0x0000030f,
+	0x00000475, 0x0000030f, 0x00000416, 0x00000306,
+	0x00000436, 0x00000306, 0x00000410, 0x00000306,
+	0x00000430, 0x00000306, 0x00000410, 0x00000308,
+	0x00000430, 0x00000308, 0x00000415, 0x00000306,
+	0x00000435, 0x00000306, 0x000004d8, 0x00000308,
+	0x000004d9, 0x00000308, 0x00000416, 0x00000308,
+	0x00000436, 0x00000308, 0x00000417, 0x00000308,
+	0x00000437, 0x00000308, 0x00000418, 0x00000304,
+	0x00000438, 0x00000304, 0x00000418, 0x00000308,
+	0x00000438, 0x00000308, 0x0000041e, 0x00000308,
+	0x0000043e, 0x00000308, 0x000004e8, 0x00000308,
+	0x000004e9, 0x00000308, 0x0000042d, 0x00000308,
+	0x0000044d, 0x00000308, 0x00000423, 0x00000304,
+	0x00000443, 0x00000304, 0x00000423, 0x00000308,
+	0x00000443, 0x00000308, 0x00000423, 0x0000030b,
+	0x00000443, 0x0000030b, 0x00000427, 0x00000308,
+	0x00000447, 0x00000308, 0x0000042b, 0x00000308,
+	0x0000044b, 0x00000308, 0x00000627, 0x00000653,
+	0x00000627, 0x00000654, 0x00000648, 0x00000654,
+	0x00000627, 0x00000655, 0x0000064a, 0x00000654,
+	0x000006d5, 0x00000654, 0x000006c1, 0x00000654,
+	0x000006d2, 0x00000654, 0x00000928, 0x0000093c,
+	0x00000930, 0x0000093c, 0x00000933, 0x0000093c,
+	0x00000915, 0x0000093c, 0x00000916, 0x0000093c,
+	0x00000917, 0x0000093c, 0x0000091c, 0x0000093c,
+	0x00000921, 0x0000093c, 0x00000922, 0x0000093c,
+	0x0000092b, 0x0000093c, 0x0000092f, 0x0000093c,
+	0x000009c7, 0x000009be, 0x000009c7, 0x000009d7,
+	0x000009a1, 0x000009bc, 0x000009a2, 0x000009bc,
+	0x000009af, 0x000009bc, 0x00000a32, 0x00000a3c,
+	0x00000a38, 0x00000a3c, 0x00000a16, 0x00000a3c,
+	0x00000a17, 0x00000a3c, 0x00000a1c, 0x00000a3c,
+	0x00000a2b, 0x00000a3c, 0x00000b47, 0x00000b56,
+	0x00000b47, 0x00000b3e, 0x00000b47, 0x00000b57,
+	0x00000b21, 0x00000b3c, 0x00000b22, 0x00000b3c,
+	0x00000b92, 0x00000bd7, 0x00000bc6, 0x00000bbe,
+	0x00000bc7, 0x00000bbe, 0x00000bc6, 0x00000bd7,
+	0x00000c46, 0x00000c56, 0x00000cbf, 0x00000cd5,
+	0x00000cc6, 0x00000cd5, 0x00000cc6, 0x00000cd6,
+	0x00000cc6, 0x00000cc2, 0x00000cc6, 0x00000cc2,
+	0x00000cd5, 0x00000d46, 0x00000d3e, 0x00000d47,
+	0x00000d3e, 0x00000d46, 0x00000d57, 0x00000dd9,
+	0x00000dca, 0x00000dd9, 0x00000dcf, 0x00000dd9,
+	0x00000dcf, 0x00000dca, 0x00000dd9, 0x00000ddf,
+	0x00000f42, 0x00000fb7, 0x00000f4c, 0x00000fb7,
+	0x00000f51, 0x00000fb7, 0x00000f56, 0x00000fb7,
+	0x00000f5b, 0x00000fb7, 0x00000f40, 0x00000fb5,
+	0x00000f71, 0x00000f72, 0x00000f71, 0x00000f74,
+	0x00000fb2, 0x00000f80, 0x00000fb3, 0x00000f80,
+	0x00000f71, 0x00000f80, 0x00000f92, 0x00000fb7,
+	0x00000f9c, 0x00000fb7, 0x00000fa1, 0x00000fb7,
+	0x00000fa6, 0x00000fb7, 0x00000fab, 0x00000fb7,
+	0x00000f90, 0x00000fb5, 0x00001025, 0x0000102e,
+	0x00000041, 0x00000325, 0x00000061, 0x00000325,
+	0x00000042, 0x00000307, 0x00000062, 0x00000307,
+	0x00000042, 0x00000323, 0x00000062, 0x00000323,
+	0x00000042, 0x00000331, 0x00000062, 0x00000331,
+	0x00000043, 0x00000327, 0x00000301, 0x00000063,
+	0x00000327, 0x00000301, 0x00000044, 0x00000307,
+	0x00000064, 0x00000307, 0x00000044, 0x00000323,
+	0x00000064, 0x00000323, 0x00000044, 0x00000331,
+	0x00000064, 0x00000331, 0x00000044, 0x00000327,
+	0x00000064, 0x00000327, 0x00000044, 0x0000032d,
+	0x00000064, 0x0000032d, 0x00000045, 0x00000304,
+	0x00000300, 0x00000065, 0x00000304, 0x00000300,
+	0x00000045, 0x00000304, 0x00000301, 0x00000065,
+	0x00000304, 0x00000301, 0x00000045, 0x0000032d,
+	0x00000065, 0x0000032d, 0x00000045, 0x00000330,
+	0x00000065, 0x00000330, 0x00000045, 0x00000327,
+	0x00000306, 0x00000065, 0x00000327, 0x00000306,
+	0x00000046, 0x00000307, 0x00000066, 0x00000307,
+	0x00000047, 0x00000304, 0x00000067, 0x00000304,
+	0x00000048, 0x00000307, 0x00000068, 0x00000307,
+	0x00000048, 0x00000323, 0x00000068, 0x00000323,
+	0x00000048, 0x00000308, 0x00000068, 0x00000308,
+	0x00000048, 0x00000327, 0x00000068, 0x00000327,
+	0x00000048, 0x0000032e, 0x00000068, 0x0000032e,
+	0x00000049, 0x00000330, 0x00000069, 0x00000330,
+	0x00000049, 0x00000308, 0x00000301, 0x00000069,
+	0x00000308, 0x00000301, 0x0000004b, 0x00000301,
+	0x0000006b, 0x00000301, 0x0000004b, 0x00000323,
+	0x0000006b, 0x00000323, 0x0000004b, 0x00000331,
+	0x0000006b, 0x00000331, 0x0000004c, 0x00000323,
+	0x0000006c, 0x00000323, 0x0000004c, 0x00000323,
+	0x00000304, 0x0000006c, 0x00000323, 0x00000304,
+	0x0000004c, 0x00000331, 0x0000006c, 0x00000331,
+	0x0000004c, 0x0000032d, 0x0000006c, 0x0000032d,
+	0x0000004d, 0x00000301, 0x0000006d, 0x00000301,
+	0x0000004d, 0x00000307, 0x0000006d, 0x00000307,
+	0x0000004d, 0x00000323, 0x0000006d, 0x00000323,
+	0x0000004e, 0x00000307, 0x0000006e, 0x00000307,
+	0x0000004e, 0x00000323, 0x0000006e, 0x00000323,
+	0x0000004e, 0x00000331, 0x0000006e, 0x00000331,
+	0x0000004e, 0x0000032d, 0x0000006e, 0x0000032d,
+	0x0000004f, 0x00000303, 0x00000301, 0x0000006f,
+	0x00000303, 0x00000301, 0x0000004f, 0x00000303,
+	0x00000308, 0x0000006f, 0x00000303, 0x00000308,
+	0x0000004f, 0x00000304, 0x00000300, 0x0000006f,
+	0x00000304, 0x00000300, 0x0000004f, 0x00000304,
+	0x00000301, 0x0000006f, 0x00000304, 0x00000301,
+	0x00000050, 0x00000301, 0x00000070, 0x00000301,
+	0x00000050, 0x00000307, 0x00000070, 0x00000307,
+	0x00000052, 0x00000307, 0x00000072, 0x00000307,
+	0x00000052, 0x00000323, 0x00000072, 0x00000323,
+	0x00000052, 0x00000323, 0x00000304, 0x00000072,
+	0x00000323, 0x00000304, 0x00000052, 0x00000331,
+	0x00000072, 0x00000331, 0x00000053, 0x00000307,
+	0x00000073, 0x00000307, 0x00000053, 0x00000323,
+	0x00000073, 0x00000323, 0x00000053, 0x00000301,
+	0x00000307, 0x00000073, 0x00000301, 0x00000307,
+	0x00000053, 0x0000030c, 0x00000307, 0x00000073,
+	0x0000030c, 0x00000307, 0x00000053, 0x00000323,
+	0x00000307, 0x00000073, 0x00000323, 0x00000307,
+	0x00000054, 0x00000307, 0x00000074, 0x00000307,
+	0x00000054, 0x00000323, 0x00000074, 0x00000323,
+	0x00000054, 0x00000331, 0x00000074, 0x00000331,
+	0x00000054, 0x0000032d, 0x00000074, 0x0000032d,
+	0x00000055, 0x00000324, 0x00000075, 0x00000324,
+	0x00000055, 0x00000330, 0x00000075, 0x00000330,
+	0x00000055, 0x0000032d, 0x00000075, 0x0000032d,
+	0x00000055, 0x00000303, 0x00000301, 0x00000075,
+	0x00000303, 0x00000301, 0x00000055, 0x00000304,
+	0x00000308, 0x00000075, 0x00000304, 0x00000308,
+	0x00000056, 0x00000303, 0x00000076, 0x00000303,
+	0x00000056, 0x00000323, 0x00000076, 0x00000323,
+	0x00000057, 0x00000300, 0x00000077, 0x00000300,
+	0x00000057, 0x00000301, 0x00000077, 0x00000301,
+	0x00000057, 0x00000308, 0x00000077, 0x00000308,
+	0x00000057, 0x00000307, 0x00000077, 0x00000307,
+	0x00000057, 0x00000323, 0x00000077, 0x00000323,
+	0x00000058, 0x00000307, 0x00000078, 0x00000307,
+	0x00000058, 0x00000308, 0x00000078, 0x00000308,
+	0x00000059, 0x00000307, 0x00000079, 0x00000307,
+	0x0000005a, 0x00000302, 0x0000007a, 0x00000302,
+	0x0000005a, 0x00000323, 0x0000007a, 0x00000323,
+	0x0000005a, 0x00000331, 0x0000007a, 0x00000331,
+	0x00000068, 0x00000331, 0x00000074, 0x00000308,
+	0x00000077, 0x0000030a, 0x00000079, 0x0000030a,
+	0x0000017f, 0x00000307, 0x00000041, 0x00000323,
+	0x00000061, 0x00000323, 0x00000041, 0x00000309,
+	0x00000061, 0x00000309, 0x00000041, 0x00000302,
+	0x00000301, 0x00000061, 0x00000302, 0x00000301,
+	0x00000041, 0x00000302, 0x00000300, 0x00000061,
+	0x00000302, 0x00000300, 0x00000041, 0x00000302,
+	0x00000309, 0x00000061, 0x00000302, 0x00000309,
+	0x00000041, 0x00000302, 0x00000303, 0x00000061,
+	0x00000302, 0x00000303, 0x00000041, 0x00000323,
+	0x00000302, 0x00000061, 0x00000323, 0x00000302,
+	0x00000041, 0x00000306, 0x00000301, 0x00000061,
+	0x00000306, 0x00000301, 0x00000041, 0x00000306,
+	0x00000300, 0x00000061, 0x00000306, 0x00000300,
+	0x00000041, 0x00000306, 0x00000309, 0x00000061,
+	0x00000306, 0x00000309, 0x00000041, 0x00000306,
+	0x00000303, 0x00000061, 0x00000306, 0x00000303,
+	0x00000041, 0x00000323, 0x00000306, 0x00000061,
+	0x00000323, 0x00000306, 0x00000045, 0x00000323,
+	0x00000065, 0x00000323, 0x00000045, 0x00000309,
+	0x00000065, 0x00000309, 0x00000045, 0x00000303,
+	0x00000065, 0x00000303, 0x00000045, 0x00000302,
+	0x00000301, 0x00000065, 0x00000302, 0x00000301,
+	0x00000045, 0x00000302, 0x00000300, 0x00000065,
+	0x00000302, 0x00000300, 0x00000045, 0x00000302,
+	0x00000309, 0x00000065, 0x00000302, 0x00000309,
+	0x00000045, 0x00000302, 0x00000303, 0x00000065,
+	0x00000302, 0x00000303, 0x00000045, 0x00000323,
+	0x00000302, 0x00000065, 0x00000323, 0x00000302,
+	0x00000049, 0x00000309, 0x00000069, 0x00000309,
+	0x00000049, 0x00000323, 0x00000069, 0x00000323,
+	0x0000004f, 0x00000323, 0x0000006f, 0x00000323,
+	0x0000004f, 0x00000309, 0x0000006f, 0x00000309,
+	0x0000004f, 0x00000302, 0x00000301, 0x0000006f,
+	0x00000302, 0x00000301, 0x0000004f, 0x00000302,
+	0x00000300, 0x0000006f, 0x00000302, 0x00000300,
+	0x0000004f, 0x00000302, 0x00000309, 0x0000006f,
+	0x00000302, 0x00000309, 0x0000004f, 0x00000302,
+	0x00000303, 0x0000006f, 0x00000302, 0x00000303,
+	0x0000004f, 0x00000323, 0x00000302, 0x0000006f,
+	0x00000323, 0x00000302, 0x0000004f, 0x0000031b,
+	0x00000301, 0x0000006f, 0x0000031b, 0x00000301,
+	0x0000004f, 0x0000031b, 0x00000300, 0x0000006f,
+	0x0000031b, 0x00000300, 0x0000004f, 0x0000031b,
+	0x00000309, 0x0000006f, 0x0000031b, 0x00000309,
+	0x0000004f, 0x0000031b, 0x00000303, 0x0000006f,
+	0x0000031b, 0x00000303, 0x0000004f, 0x0000031b,
+	0x00000323, 0x0000006f, 0x0000031b, 0x00000323,
+	0x00000055, 0x00000323, 0x00000075, 0x00000323,
+	0x00000055, 0x00000309, 0x00000075, 0x00000309,
+	0x00000055, 0x0000031b, 0x00000301, 0x00000075,
+	0x0000031b, 0x00000301, 0x00000055, 0x0000031b,
+	0x00000300, 0x00000075, 0x0000031b, 0x00000300,
+	0x00000055, 0x0000031b, 0x00000309, 0x00000075,
+	0x0000031b, 0x00000309, 0x00000055, 0x0000031b,
+	0x00000303, 0x00000075, 0x0000031b, 0x00000303,
+	0x00000055, 0x0000031b, 0x00000323, 0x00000075,
+	0x0000031b, 0x00000323, 0x00000059, 0x00000300,
+	0x00000079, 0x00000300, 0x00000059, 0x00000323,
+	0x00000079, 0x00000323, 0x00000059, 0x00000309,
+	0x00000079, 0x00000309, 0x00000059, 0x00000303,
+	0x00000079, 0x00000303, 0x000003b1, 0x00000313,
+	0x000003b1, 0x00000314, 0x000003b1, 0x00000313,
+	0x00000300, 0x000003b1, 0x00000314, 0x00000300,
+	0x000003b1, 0x00000313, 0x00000301, 0x000003b1,
+	0x00000314, 0x00000301, 0x000003b1, 0x00000313,
+	0x00000342, 0x000003b1, 0x00000314, 0x00000342,
+	0x00000391, 0x00000313, 0x00000391, 0x00000314,
+	0x00000391, 0x00000313, 0x00000300, 0x00000391,
+	0x00000314, 0x00000300, 0x00000391, 0x00000313,
+	0x00000301, 0x00000391, 0x00000314, 0x00000301,
+	0x00000391, 0x00000313, 0x00000342, 0x00000391,
+	0x00000314, 0x00000342, 0x000003b5, 0x00000313,
+	0x000003b5, 0x00000314, 0x000003b5, 0x00000313,
+	0x00000300, 0x000003b5, 0x00000314, 0x00000300,
+	0x000003b5, 0x00000313, 0x00000301, 0x000003b5,
+	0x00000314, 0x00000301, 0x00000395, 0x00000313,
+	0x00000395, 0x00000314, 0x00000395, 0x00000313,
+	0x00000300, 0x00000395, 0x00000314, 0x00000300,
+	0x00000395, 0x00000313, 0x00000301, 0x00000395,
+	0x00000314, 0x00000301, 0x000003b7, 0x00000313,
+	0x000003b7, 0x00000314, 0x000003b7, 0x00000313,
+	0x00000300, 0x000003b7, 0x00000314, 0x00000300,
+	0x000003b7, 0x00000313, 0x00000301, 0x000003b7,
+	0x00000314, 0x00000301, 0x000003b7, 0x00000313,
+	0x00000342, 0x000003b7, 0x00000314, 0x00000342,
+	0x00000397, 0x00000313, 0x00000397, 0x00000314,
+	0x00000397, 0x00000313, 0x00000300, 0x00000397,
+	0x00000314, 0x00000300, 0x00000397, 0x00000313,
+	0x00000301, 0x00000397, 0x00000314, 0x00000301,
+	0x00000397, 0x00000313, 0x00000342, 0x00000397,
+	0x00000314, 0x00000342, 0x000003b9, 0x00000313,
+	0x000003b9, 0x00000314, 0x000003b9, 0x00000313,
+	0x00000300, 0x000003b9, 0x00000314, 0x00000300,
+	0x000003b9, 0x00000313, 0x00000301, 0x000003b9,
+	0x00000314, 0x00000301, 0x000003b9, 0x00000313,
+	0x00000342, 0x000003b9, 0x00000314, 0x00000342,
+	0x00000399, 0x00000313, 0x00000399, 0x00000314,
+	0x00000399, 0x00000313, 0x00000300, 0x00000399,
+	0x00000314, 0x00000300, 0x00000399, 0x00000313,
+	0x00000301, 0x00000399, 0x00000314, 0x00000301,
+	0x00000399, 0x00000313, 0x00000342, 0x00000399,
+	0x00000314, 0x00000342, 0x000003bf, 0x00000313,
+	0x000003bf, 0x00000314, 0x000003bf, 0x00000313,
+	0x00000300, 0x000003bf, 0x00000314, 0x00000300,
+	0x000003bf, 0x00000313, 0x00000301, 0x000003bf,
+	0x00000314, 0x00000301, 0x0000039f, 0x00000313,
+	0x0000039f, 0x00000314, 0x0000039f, 0x00000313,
+	0x00000300, 0x0000039f, 0x00000314, 0x00000300,
+	0x0000039f, 0x00000313, 0x00000301, 0x0000039f,
+	0x00000314, 0x00000301, 0x000003c5, 0x00000313,
+	0x000003c5, 0x00000314, 0x000003c5, 0x00000313,
+	0x00000300, 0x000003c5, 0x00000314, 0x00000300,
+	0x000003c5, 0x00000313, 0x00000301, 0x000003c5,
+	0x00000314, 0x00000301, 0x000003c5, 0x00000313,
+	0x00000342, 0x000003c5, 0x00000314, 0x00000342,
+	0x000003a5, 0x00000314, 0x000003a5, 0x00000314,
+	0x00000300, 0x000003a5, 0x00000314, 0x00000301,
+	0x000003a5, 0x00000314, 0x00000342, 0x000003c9,
+	0x00000313, 0x000003c9, 0x00000314, 0x000003c9,
+	0x00000313, 0x00000300, 0x000003c9, 0x00000314,
+	0x00000300, 0x000003c9, 0x00000313, 0x00000301,
+	0x000003c9, 0x00000314, 0x00000301, 0x000003c9,
+	0x00000313, 0x00000342, 0x000003c9, 0x00000314,
+	0x00000342, 0x000003a9, 0x00000313, 0x000003a9,
+	0x00000314, 0x000003a9, 0x00000313, 0x00000300,
+	0x000003a9, 0x00000314, 0x00000300, 0x000003a9,
+	0x00000313, 0x00000301, 0x000003a9, 0x00000314,
+	0x00000301, 0x000003a9, 0x00000313, 0x00000342,
+	0x000003a9, 0x00000314, 0x00000342, 0x000003b1,
+	0x00000300, 0x000003b1, 0x00000301, 0x000003b5,
+	0x00000300, 0x000003b5, 0x00000301, 0x000003b7,
+	0x00000300, 0x000003b7, 0x00000301, 0x000003b9,
+	0x00000300, 0x000003b9, 0x00000301, 0x000003bf,
+	0x00000300, 0x000003bf, 0x00000301, 0x000003c5,
+	0x00000300, 0x000003c5, 0x00000301, 0x000003c9,
+	0x00000300, 0x000003c9, 0x00000301, 0x000003b1,
+	0x00000313, 0x00000345, 0x000003b1, 0x00000314,
+	0x00000345, 0x000003b1, 0x00000313, 0x00000300,
+	0x00000345, 0x000003b1, 0x00000314, 0x00000300,
+	0x00000345, 0x000003b1, 0x00000313, 0x00000301,
+	0x00000345, 0x000003b1, 0x00000314, 0x00000301,
+	0x00000345, 0x000003b1, 0x00000313, 0x00000342,
+	0x00000345, 0x000003b1, 0x00000314, 0x00000342,
+	0x00000345, 0x00000391, 0x00000313, 0x00000345,
+	0x00000391, 0x00000314, 0x00000345, 0x00000391,
+	0x00000313, 0x00000300, 0x00000345, 0x00000391,
+	0x00000314, 0x00000300, 0x00000345, 0x00000391,
+	0x00000313, 0x00000301, 0x00000345, 0x00000391,
+	0x00000314, 0x00000301, 0x00000345, 0x00000391,
+	0x00000313, 0x00000342, 0x00000345, 0x00000391,
+	0x00000314, 0x00000342, 0x00000345, 0x000003b7,
+	0x00000313, 0x00000345, 0x000003b7, 0x00000314,
+	0x00000345, 0x000003b7, 0x00000313, 0x00000300,
+	0x00000345, 0x000003b7, 0x00000314, 0x00000300,
+	0x00000345, 0x000003b7, 0x00000313, 0x00000301,
+	0x00000345, 0x000003b7, 0x00000314, 0x00000301,
+	0x00000345, 0x000003b7, 0x00000313, 0x00000342,
+	0x00000345, 0x000003b7, 0x00000314, 0x00000342,
+	0x00000345, 0x00000397, 0x00000313, 0x00000345,
+	0x00000397, 0x00000314, 0x00000345, 0x00000397,
+	0x00000313, 0x00000300, 0x00000345, 0x00000397,
+	0x00000314, 0x00000300, 0x00000345, 0x00000397,
+	0x00000313, 0x00000301, 0x00000345, 0x00000397,
+	0x00000314, 0x00000301, 0x00000345, 0x00000397,
+	0x00000313, 0x00000342, 0x00000345, 0x00000397,
+	0x00000314, 0x00000342, 0x00000345, 0x000003c9,
+	0x00000313, 0x00000345, 0x000003c9, 0x00000314,
+	0x00000345, 0x000003c9, 0x00000313, 0x00000300,
+	0x00000345, 0x000003c9, 0x00000314, 0x00000300,
+	0x00000345, 0x000003c9, 0x00000313, 0x00000301,
+	0x00000345, 0x000003c9, 0x00000314, 0x00000301,
+	0x00000345, 0x000003c9, 0x00000313, 0x00000342,
+	0x00000345, 0x000003c9, 0x00000314, 0x00000342,
+	0x00000345, 0x000003a9, 0x00000313, 0x00000345,
+	0x000003a9, 0x00000314, 0x00000345, 0x000003a9,
+	0x00000313, 0x00000300, 0x00000345, 0x000003a9,
+	0x00000314, 0x00000300, 0x00000345, 0x000003a9,
+	0x00000313, 0x00000301, 0x00000345, 0x000003a9,
+	0x00000314, 0x00000301, 0x00000345, 0x000003a9,
+	0x00000313, 0x00000342, 0x00000345, 0x000003a9,
+	0x00000314, 0x00000342, 0x00000345, 0x000003b1,
+	0x00000306, 0x000003b1, 0x00000304, 0x000003b1,
+	0x00000300, 0x00000345, 0x000003b1, 0x00000345,
+	0x000003b1, 0x00000301, 0x00000345, 0x000003b1,
+	0x00000342, 0x000003b1, 0x00000342, 0x00000345,
+	0x00000391, 0x00000306, 0x00000391, 0x00000304,
+	0x00000391, 0x00000300, 0x00000391, 0x00000301,
+	0x00000391, 0x00000345, 0x000003b9, 0x000000a8,
+	0x00000342, 0x000003b7, 0x00000300, 0x00000345,
+	0x000003b7, 0x00000345, 0x000003b7, 0x00000301,
+	0x00000345, 0x000003b7, 0x00000342, 0x000003b7,
+	0x00000342, 0x00000345, 0x00000395, 0x00000300,
+	0x00000395, 0x00000301, 0x00000397, 0x00000300,
+	0x00000397, 0x00000301, 0x00000397, 0x00000345,
+	0x00001fbf, 0x00000300, 0x00001fbf, 0x00000301,
+	0x00001fbf, 0x00000342, 0x000003b9, 0x00000306,
+	0x000003b9, 0x00000304, 0x000003b9, 0x00000308,
+	0x00000300, 0x000003b9, 0x00000308, 0x00000301,
+	0x000003b9, 0x00000342, 0x000003b9, 0x00000308,
+	0x00000342, 0x00000399, 0x00000306, 0x00000399,
+	0x00000304, 0x00000399, 0x00000300, 0x00000399,
+	0x00000301, 0x00001ffe, 0x00000300, 0x00001ffe,
+	0x00000301, 0x00001ffe, 0x00000342, 0x000003c5,
+	0x00000306, 0x000003c5, 0x00000304, 0x000003c5,
+	0x00000308, 0x00000300, 0x000003c5, 0x00000308,
+	0x00000301, 0x000003c1, 0x00000313, 0x000003c1,
+	0x00000314, 0x000003c5, 0x00000342, 0x000003c5,
+	0x00000308, 0x00000342, 0x000003a5, 0x00000306,
+	0x000003a5, 0x00000304, 0x000003a5, 0x00000300,
+	0x000003a5, 0x00000301, 0x000003a1, 0x00000314,
+	0x000000a8, 0x00000300, 0x000000a8, 0x00000301,
+	0x00000060, 0x000003c9, 0x00000300, 0x00000345,
+	0x000003c9, 0x00000345, 0x000003c9, 0x00000301,
+	0x00000345, 0x000003c9, 0x00000342, 0x000003c9,
+	0x00000342, 0x00000345, 0x0000039f, 0x00000300,
+	0x0000039f, 0x00000301, 0x000003a9, 0x00000300,
+	0x000003a9, 0x00000301, 0x000003a9, 0x00000345,
+	0x000000b4, 0x00002002, 0x00002003, 0x000003a9,
+	0x0000004b, 0x00000041, 0x0000030a, 0x00002190,
+	0x00000338, 0x00002192, 0x00000338, 0x00002194,
+	0x00000338, 0x000021d0, 0x00000338, 0x000021d4,
+	0x00000338, 0x000021d2, 0x00000338, 0x00002203,
+	0x00000338, 0x00002208, 0x00000338, 0x0000220b,
+	0x00000338, 0x00002223, 0x00000338, 0x00002225,
+	0x00000338, 0x0000223c, 0x00000338, 0x00002243,
+	0x00000338, 0x00002245, 0x00000338, 0x00002248,
+	0x00000338, 0x0000003d, 0x00000338, 0x00002261,
+	0x00000338, 0x0000224d, 0x00000338, 0x0000003c,
+	0x00000338, 0x0000003e, 0x00000338, 0x00002264,
+	0x00000338, 0x00002265, 0x00000338, 0x00002272,
+	0x00000338, 0x00002273, 0x00000338, 0x00002276,
+	0x00000338, 0x00002277, 0x00000338, 0x0000227a,
+	0x00000338, 0x0000227b, 0x00000338, 0x00002282,
+	0x00000338, 0x00002283, 0x00000338, 0x00002286,
+	0x00000338, 0x00002287, 0x00000338, 0x000022a2,
+	0x00000338, 0x000022a8, 0x00000338, 0x000022a9,
+	0x00000338, 0x000022ab, 0x00000338, 0x0000227c,
+	0x00000338, 0x0000227d, 0x00000338, 0x00002291,
+	0x00000338, 0x00002292, 0x00000338, 0x000022b2,
+	0x00000338, 0x000022b3, 0x00000338, 0x000022b4,
+	0x00000338, 0x000022b5, 0x00000338, 0x00003008,
+	0x00003009, 0x00002add, 0x00000338, 0x0000304b,
+	0x00003099, 0x0000304d, 0x00003099, 0x0000304f,
+	0x00003099, 0x00003051, 0x00003099, 0x00003053,
+	0x00003099, 0x00003055, 0x00003099, 0x00003057,
+	0x00003099, 0x00003059, 0x00003099, 0x0000305b,
+	0x00003099, 0x0000305d, 0x00003099, 0x0000305f,
+	0x00003099, 0x00003061, 0x00003099, 0x00003064,
+	0x00003099, 0x00003066, 0x00003099, 0x00003068,
+	0x00003099, 0x0000306f, 0x00003099, 0x0000306f,
+	0x0000309a, 0x00003072, 0x00003099, 0x00003072,
+	0x0000309a, 0x00003075, 0x00003099, 0x00003075,
+	0x0000309a, 0x00003078, 0x00003099, 0x00003078,
+	0x0000309a, 0x0000307b, 0x00003099, 0x0000307b,
+	0x0000309a, 0x00003046, 0x00003099, 0x0000309d,
+	0x00003099, 0x000030ab, 0x00003099, 0x000030ad,
+	0x00003099, 0x000030af, 0x00003099, 0x000030b1,
+	0x00003099, 0x000030b3, 0x00003099, 0x000030b5,
+	0x00003099, 0x000030b7, 0x00003099, 0x000030b9,
+	0x00003099, 0x000030bb, 0x00003099, 0x000030bd,
+	0x00003099, 0x000030bf, 0x00003099, 0x000030c1,
+	0x00003099, 0x000030c4, 0x00003099, 0x000030c6,
+	0x00003099, 0x000030c8, 0x00003099, 0x000030cf,
+	0x00003099, 0x000030cf, 0x0000309a, 0x000030d2,
+	0x00003099, 0x000030d2, 0x0000309a, 0x000030d5,
+	0x00003099, 0x000030d5, 0x0000309a, 0x000030d8,
+	0x00003099, 0x000030d8, 0x0000309a, 0x000030db,
+	0x00003099, 0x000030db, 0x0000309a, 0x000030a6,
+	0x00003099, 0x000030ef, 0x00003099, 0x000030f0,
+	0x00003099, 0x000030f1, 0x00003099, 0x000030f2,
+	0x00003099, 0x000030fd, 0x00003099, 0x00008eca,
+	0x00008cc8, 0x00006ed1, 0x00004e32, 0x000053e5,
+	0x00009f9c, 0x00009f9c, 0x00005951, 0x000091d1,
+	0x00005587, 0x00005948, 0x000061f6, 0x00007669,
+	0x00007f85, 0x0000863f, 0x000087ba, 0x000088f8,
+	0x0000908f, 0x00006a02, 0x00006d1b, 0x000070d9,
+	0x000073de, 0x0000843d, 0x0000916a, 0x000099f1,
+	0x00004e82, 0x00005375, 0x00006b04, 0x0000721b,
+	0x0000862d, 0x00009e1e, 0x00005d50, 0x00006feb,
+	0x000085cd, 0x00008964, 0x000062c9, 0x000081d8,
+	0x0000881f, 0x00005eca, 0x00006717, 0x00006d6a,
+	0x000072fc, 0x000090ce, 0x00004f86, 0x000051b7,
+	0x000052de, 0x000064c4, 0x00006ad3, 0x00007210,
+	0x000076e7, 0x00008001, 0x00008606, 0x0000865c,
+	0x00008def, 0x00009732, 0x00009b6f, 0x00009dfa,
+	0x0000788c, 0x0000797f, 0x00007da0, 0x000083c9,
+	0x00009304, 0x00009e7f, 0x00008ad6, 0x000058df,
+	0x00005f04, 0x00007c60, 0x0000807e, 0x00007262,
+	0x000078ca, 0x00008cc2, 0x000096f7, 0x000058d8,
+	0x00005c62, 0x00006a13, 0x00006dda, 0x00006f0f,
+	0x00007d2f, 0x00007e37, 0x0000964b, 0x000052d2,
+	0x0000808b, 0x000051dc, 0x000051cc, 0x00007a1c,
+	0x00007dbe, 0x000083f1, 0x00009675, 0x00008b80,
+	0x000062cf, 0x00006a02, 0x00008afe, 0x00004e39,
+	0x00005be7, 0x00006012, 0x00007387, 0x00007570,
+	0x00005317, 0x000078fb, 0x00004fbf, 0x00005fa9,
+	0x00004e0d, 0x00006ccc, 0x00006578, 0x00007d22,
+	0x000053c3, 0x0000585e, 0x00007701, 0x00008449,
+	0x00008aaa, 0x00006bba, 0x00008fb0, 0x00006c88,
+	0x000062fe, 0x000082e5, 0x000063a0, 0x00007565,
+	0x00004eae, 0x00005169, 0x000051c9, 0x00006881,
+	0x00007ce7, 0x0000826f, 0x00008ad2, 0x000091cf,
+	0x000052f5, 0x00005442, 0x00005973, 0x00005eec,
+	0x000065c5, 0x00006ffe, 0x0000792a, 0x000095ad,
+	0x00009a6a, 0x00009e97, 0x00009ece, 0x0000529b,
+	0x000066c6, 0x00006b77, 0x00008f62, 0x00005e74,
+	0x00006190, 0x00006200, 0x0000649a, 0x00006f23,
+	0x00007149, 0x00007489, 0x000079ca, 0x00007df4,
+	0x0000806f, 0x00008f26, 0x000084ee, 0x00009023,
+	0x0000934a, 0x00005217, 0x000052a3, 0x000054bd,
+	0x000070c8, 0x000088c2, 0x00008aaa, 0x00005ec9,
+	0x00005ff5, 0x0000637b, 0x00006bae, 0x00007c3e,
+	0x00007375, 0x00004ee4, 0x000056f9, 0x00005be7,
+	0x00005dba, 0x0000601c, 0x000073b2, 0x00007469,
+	0x00007f9a, 0x00008046, 0x00009234, 0x000096f6,
+	0x00009748, 0x00009818, 0x00004f8b, 0x000079ae,
+	0x000091b4, 0x000096b8, 0x000060e1, 0x00004e86,
+	0x000050da, 0x00005bee, 0x00005c3f, 0x00006599,
+	0x00006a02, 0x000071ce, 0x00007642, 0x000084fc,
+	0x0000907c, 0x00009f8d, 0x00006688, 0x0000962e,
+	0x00005289, 0x0000677b, 0x000067f3, 0x00006d41,
+	0x00006e9c, 0x00007409, 0x00007559, 0x0000786b,
+	0x00007d10, 0x0000985e, 0x0000516d, 0x0000622e,
+	0x00009678, 0x0000502b, 0x00005d19, 0x00006dea,
+	0x00008f2a, 0x00005f8b, 0x00006144, 0x00006817,
+	0x00007387, 0x00009686, 0x00005229, 0x0000540f,
+	0x00005c65, 0x00006613, 0x0000674e, 0x000068a8,
+	0x00006ce5, 0x00007406, 0x000075e2, 0x00007f79,
+	0x000088cf, 0x000088e1, 0x000091cc, 0x000096e2,
+	0x0000533f, 0x00006eba, 0x0000541d, 0x000071d0,
+	0x00007498, 0x000085fa, 0x000096a3, 0x00009c57,
+	0x00009e9f, 0x00006797, 0x00006dcb, 0x000081e8,
+	0x00007acb, 0x00007b20, 0x00007c92, 0x000072c0,
+	0x00007099, 0x00008b58, 0x00004ec0, 0x00008336,
+	0x0000523a, 0x00005207, 0x00005ea6, 0x000062d3,
+	0x00007cd6, 0x00005b85, 0x00006d1e, 0x000066b4,
+	0x00008f3b, 0x0000884c, 0x0000964d, 0x0000898b,
+	0x00005ed3, 0x00005140, 0x000055c0, 0x0000585a,
+	0x00006674, 0x000051de, 0x0000732a, 0x000076ca,
+	0x0000793c, 0x0000795e, 0x00007965, 0x0000798f,
+	0x00009756, 0x00007cbe, 0x00007fbd, 0x00008612,
+	0x00008af8, 0x00009038, 0x000090fd, 0x000098ef,
+	0x000098fc, 0x00009928, 0x00009db4, 0x00004fae,
+	0x000050e7, 0x0000514d, 0x000052c9, 0x000052e4,
+	0x00005351, 0x0000559d, 0x00005606, 0x00005668,
+	0x00005840, 0x000058a8, 0x00005c64, 0x00005c6e,
+	0x00006094, 0x00006168, 0x0000618e, 0x000061f2,
+	0x0000654f, 0x000065e2, 0x00006691, 0x00006885,
+	0x00006d77, 0x00006e1a, 0x00006f22, 0x0000716e,
+	0x0000722b, 0x00007422, 0x00007891, 0x0000793e,
+	0x00007949, 0x00007948, 0x00007950, 0x00007956,
+	0x0000795d, 0x0000798d, 0x0000798e, 0x00007a40,
+	0x00007a81, 0x00007bc0, 0x00007df4, 0x00007e09,
+	0x00007e41, 0x00007f72, 0x00008005, 0x000081ed,
+	0x00008279, 0x00008279, 0x00008457, 0x00008910,
+	0x00008996, 0x00008b01, 0x00008b39, 0x00008cd3,
+	0x00008d08, 0x00008fb6, 0x00009038, 0x000096e3,
+	0x000097ff, 0x0000983b, 0x000005d9, 0x000005b4,
+	0x000005f2, 0x000005b7, 0x000005e9, 0x000005c1,
+	0x000005e9, 0x000005c2, 0x000005e9, 0x000005bc,
+	0x000005c1, 0x000005e9, 0x000005bc, 0x000005c2,
+	0x000005d0, 0x000005b7, 0x000005d0, 0x000005b8,
+	0x000005d0, 0x000005bc, 0x000005d1, 0x000005bc,
+	0x000005d2, 0x000005bc, 0x000005d3, 0x000005bc,
+	0x000005d4, 0x000005bc, 0x000005d5, 0x000005bc,
+	0x000005d6, 0x000005bc, 0x000005d8, 0x000005bc,
+	0x000005d9, 0x000005bc, 0x000005da, 0x000005bc,
+	0x000005db, 0x000005bc, 0x000005dc, 0x000005bc,
+	0x000005de, 0x000005bc, 0x000005e0, 0x000005bc,
+	0x000005e1, 0x000005bc, 0x000005e3, 0x000005bc,
+	0x000005e4, 0x000005bc, 0x000005e6, 0x000005bc,
+	0x000005e7, 0x000005bc, 0x000005e8, 0x000005bc,
+	0x000005e9, 0x000005bc, 0x000005ea, 0x000005bc,
+	0x000005d5, 0x000005b9, 0x000005d1, 0x000005bf,
+	0x000005db, 0x000005bf, 0x000005e4, 0x000005bf,
+	0x0001d157, 0x0001d165, 0x0001d158, 0x0001d165,
+	0x0001d158, 0x0001d165, 0x0001d16e, 0x0001d158,
+	0x0001d165, 0x0001d16f, 0x0001d158, 0x0001d165,
+	0x0001d170, 0x0001d158, 0x0001d165, 0x0001d171,
+	0x0001d158, 0x0001d165, 0x0001d172, 0x0001d1b9,
+	0x0001d165, 0x0001d1ba, 0x0001d165, 0x0001d1b9,
+	0x0001d165, 0x0001d16e, 0x0001d1ba, 0x0001d165,
+	0x0001d16e, 0x0001d1b9, 0x0001d165, 0x0001d16f,
+	0x0001d1ba, 0x0001d165, 0x0001d16f, 0x00004e3d,
+	0x00004e38, 0x00004e41, 0x00020122, 0x00004f60,
+	0x00004fae, 0x00004fbb, 0x00005002, 0x0000507a,
+	0x00005099, 0x000050e7, 0x000050cf, 0x0000349e,
+	0x0002063a, 0x0000514d, 0x00005154, 0x00005164,
+	0x00005177, 0x0002051c, 0x000034b9, 0x00005167,
+	0x0000518d, 0x0002054b, 0x00005197, 0x000051a4,
+	0x00004ecc, 0x000051ac, 0x000051b5, 0x000291df,
+	0x000051f5, 0x00005203, 0x000034df, 0x0000523b,
+	0x00005246, 0x00005272, 0x00005277, 0x00003515,
+	0x000052c7, 0x000052c9, 0x000052e4, 0x000052fa,
+	0x00005305, 0x00005306, 0x00005317, 0x00005349,
+	0x00005351, 0x0000535a, 0x00005373, 0x0000537d,
+	0x0000537f, 0x0000537f, 0x0000537f, 0x00020a2c,
+	0x00007070, 0x000053ca, 0x000053df, 0x00020b63,
+	0x000053eb, 0x000053f1, 0x00005406, 0x0000549e,
+	0x00005438, 0x00005448, 0x00005468, 0x000054a2,
+	0x000054f6, 0x00005510, 0x00005553, 0x00005563,
+	0x00005584, 0x00005584, 0x00005599, 0x000055ab,
+	0x000055b3, 0x000055c2, 0x00005716, 0x00005606,
+	0x00005717, 0x00005651, 0x00005674, 0x00005207,
+	0x000058ee, 0x000057ce, 0x000057f4, 0x0000580d,
+	0x0000578b, 0x00005832, 0x00005831, 0x000058ac,
+	0x000214e4, 0x000058f2, 0x000058f7, 0x00005906,
+	0x0000591a, 0x00005922, 0x00005962, 0x000216a8,
+	0x000216ea, 0x000059ec, 0x00005a1b, 0x00005a27,
+	0x000059d8, 0x00005a66, 0x000036ee, 0x0002136a,
+	0x00005b08, 0x00005b3e, 0x00005b3e, 0x000219c8,
+	0x00005bc3, 0x00005bd8, 0x00005be7, 0x00005bf3,
+	0x00021b18, 0x00005bff, 0x00005c06, 0x00005f33,
+	0x00005c22, 0x00003781, 0x00005c60, 0x00005c6e,
+	0x00005cc0, 0x00005c8d, 0x00021de4, 0x00005d43,
+	0x00021de6, 0x00005d6e, 0x00005d6b, 0x00005d7c,
+	0x00005de1, 0x00005de2, 0x0000382f, 0x00005dfd,
+	0x00005e28, 0x00005e3d, 0x00005e69, 0x00003862,
+	0x00022183, 0x0000387c, 0x00005eb0, 0x00005eb3,
+	0x00005eb6, 0x00005eca, 0x0002a392, 0x00005efe,
+	0x00022331, 0x00022331, 0x00008201, 0x00005f22,
+	0x00005f22, 0x000038c7, 0x000232b8, 0x000261da,
+	0x00005f62, 0x00005f6b, 0x000038e3, 0x00005f9a,
+	0x00005fcd, 0x00005fd7, 0x00005ff9, 0x00006081,
+	0x0000393a, 0x0000391c, 0x00006094, 0x000226d4,
+	0x000060c7, 0x00006148, 0x0000614c, 0x0000614e,
+	0x0000614c, 0x0000617a, 0x0000618e, 0x000061b2,
+	0x000061a4, 0x000061af, 0x000061de, 0x000061f2,
+	0x000061f6, 0x00006210, 0x0000621b, 0x0000625d,
+	0x000062b1, 0x000062d4, 0x00006350, 0x00022b0c,
+	0x0000633d, 0x000062fc, 0x00006368, 0x00006383,
+	0x000063e4, 0x00022bf1, 0x00006422, 0x000063c5,
+	0x000063a9, 0x00003a2e, 0x00006469, 0x0000647e,
+	0x0000649d, 0x00006477, 0x00003a6c, 0x0000654f,
+	0x0000656c, 0x0002300a, 0x000065e3, 0x000066f8,
+	0x00006649, 0x00003b19, 0x00006691, 0x00003b08,
+	0x00003ae4, 0x00005192, 0x00005195, 0x00006700,
+	0x0000669c, 0x000080ad, 0x000043d9, 0x00006717,
+	0x0000671b, 0x00006721, 0x0000675e, 0x00006753,
+	0x000233c3, 0x00003b49, 0x000067fa, 0x00006785,
+	0x00006852, 0x00006885, 0x0002346d, 0x0000688e,
+	0x0000681f, 0x00006914, 0x00003b9d, 0x00006942,
+	0x000069a3, 0x000069ea, 0x00006aa8, 0x000236a3,
+	0x00006adb, 0x00003c18, 0x00006b21, 0x000238a7,
+	0x00006b54, 0x00003c4e, 0x00006b72, 0x00006b9f,
+	0x00006bba, 0x00006bbb, 0x00023a8d, 0x00021d0b,
+	0x00023afa, 0x00006c4e, 0x00023cbc, 0x00006cbf,
+	0x00006ccd, 0x00006c67, 0x00006d16, 0x00006d3e,
+	0x00006d77, 0x00006d41, 0x00006d69, 0x00006d78,
+	0x00006d85, 0x00023d1e, 0x00006d34, 0x00006e2f,
+	0x00006e6e, 0x00003d33, 0x00006ecb, 0x00006ec7,
+	0x00023ed1, 0x00006df9, 0x00006f6e, 0x00023f5e,
+	0x00023f8e, 0x00006fc6, 0x00007039, 0x0000701e,
+	0x0000701b, 0x00003d96, 0x0000704a, 0x0000707d,
+	0x00007077, 0x000070ad, 0x00020525, 0x00007145,
+	0x00024263, 0x0000719c, 0x000043ab, 0x00007228,
+	0x00007235, 0x00007250, 0x00024608, 0x00007280,
+	0x00007295, 0x00024735, 0x00024814, 0x0000737a,
+	0x0000738b, 0x00003eac, 0x000073a5, 0x00003eb8,
+	0x00003eb8, 0x00007447, 0x0000745c, 0x00007471,
+	0x00007485, 0x000074ca, 0x00003f1b, 0x00007524,
+	0x00024c36, 0x0000753e, 0x00024c92, 0x00007570,
+	0x0002219f, 0x00007610, 0x00024fa1, 0x00024fb8,
+	0x00025044, 0x00003ffc, 0x00004008, 0x000076f4,
+	0x000250f3, 0x000250f2, 0x00025119, 0x00025133,
+	0x0000771e, 0x0000771f, 0x0000771f, 0x0000774a,
+	0x00004039, 0x0000778b, 0x00004046, 0x00004096,
+	0x0002541d, 0x0000784e, 0x0000788c, 0x000078cc,
+	0x000040e3, 0x00025626, 0x00007956, 0x0002569a,
+	0x000256c5, 0x0000798f, 0x000079eb, 0x0000412f,
+	0x00007a40, 0x00007a4a, 0x00007a4f, 0x0002597c,
+	0x00025aa7, 0x00025aa7, 0x00007aae, 0x00004202,
+	0x00025bab, 0x00007bc6, 0x00007bc9, 0x00004227,
+	0x00025c80, 0x00007cd2, 0x000042a0, 0x00007ce8,
+	0x00007ce3, 0x00007d00, 0x00025f86, 0x00007d63,
+	0x00004301, 0x00007dc7, 0x00007e02, 0x00007e45,
+	0x00004334, 0x00026228, 0x00026247, 0x00004359,
+	0x000262d9, 0x00007f7a, 0x0002633e, 0x00007f95,
+	0x00007ffa, 0x00008005, 0x000264da, 0x00026523,
+	0x00008060, 0x000265a8, 0x00008070, 0x0002335f,
+	0x000043d5, 0x000080b2, 0x00008103, 0x0000440b,
+	0x0000813e, 0x00005ab5, 0x000267a7, 0x000267b5,
+	0x00023393, 0x0002339c, 0x00008201, 0x00008204,
+	0x00008f9e, 0x0000446b, 0x00008291, 0x0000828b,
+	0x0000829d, 0x000052b3, 0x000082b1, 0x000082b3,
+	0x000082bd, 0x000082e6, 0x00026b3c, 0x000082e5,
+	0x0000831d, 0x00008363, 0x000083ad, 0x00008323,
+	0x000083bd, 0x000083e7, 0x00008457, 0x00008353,
+	0x000083ca, 0x000083cc, 0x000083dc, 0x00026c36,
+	0x00026d6b, 0x00026cd5, 0x0000452b, 0x000084f1,
+	0x000084f3, 0x00008516, 0x000273ca, 0x00008564,
+	0x00026f2c, 0x0000455d, 0x00004561, 0x00026fb1,
+	0x000270d2, 0x0000456b, 0x00008650, 0x0000865c,
+	0x00008667, 0x00008669, 0x000086a9, 0x00008688,
+	0x0000870e, 0x000086e2, 0x00008779, 0x00008728,
+	0x0000876b, 0x00008786, 0x00004d57, 0x000087e1,
+	0x00008801, 0x000045f9, 0x00008860, 0x00008863,
+	0x00027667, 0x000088d7, 0x000088de, 0x00004635,
+	0x000088fa, 0x000034bb, 0x000278ae, 0x00027966,
+	0x000046be, 0x000046c7, 0x00008aa0, 0x00008aed,
+	0x00008b8a, 0x00008c55, 0x00027ca8, 0x00008cab,
+	0x00008cc1, 0x00008d1b, 0x00008d77, 0x00027f2f,
+	0x00020804, 0x00008dcb, 0x00008dbc, 0x00008df0,
+	0x000208de, 0x00008ed4, 0x00008f38, 0x000285d2,
+	0x000285ed, 0x00009094, 0x000090f1, 0x00009111,
+	0x0002872e, 0x0000911b, 0x00009238, 0x000092d7,
+	0x000092d8, 0x0000927c, 0x000093f9, 0x00009415,
+	0x00028bfa, 0x0000958b, 0x00004995, 0x000095b7,
+	0x00028d77, 0x000049e6, 0x000096c3, 0x00005db2,
+	0x00009723, 0x00029145, 0x0002921a, 0x00004a6e,
+	0x00004a76, 0x000097e0, 0x0002940a, 0x00004ab2,
+	0x00029496, 0x0000980b, 0x0000980b, 0x00009829,
+	0x000295b6, 0x000098e2, 0x00004b33, 0x00009929,
+	0x000099a7, 0x000099c2, 0x000099fe, 0x00004bce,
+	0x00029b30, 0x00009b12, 0x00009c40, 0x00009cfd,
+	0x00004cce, 0x00004ced, 0x00009d67, 0x0002a0ce,
+	0x00004cf8, 0x0002a105, 0x0002a20e, 0x0002a291,
+	0x00009ebb, 0x00004d56, 0x00009ef9, 0x00009efe,
+	0x00009f05, 0x00009f0f, 0x00009f16, 0x00009f3b,
+	0x0002a600
+};
+
+static const krb5_ui_4 _uckdcmp_size = 10282;
+
+static const krb5_ui_4 _uckdcmp_nodes[] = {
+	0x000000a0, 0x00000000,
+	0x000000a8, 0x00000001,
+	0x000000aa, 0x00000003,
+	0x000000af, 0x00000004,
+	0x000000b2, 0x00000006,
+	0x000000b3, 0x00000007,
+	0x000000b4, 0x00000008,
+	0x000000b5, 0x0000000a,
+	0x000000b8, 0x0000000b,
+	0x000000b9, 0x0000000d,
+	0x000000ba, 0x0000000e,
+	0x000000bc, 0x0000000f,
+	0x000000bd, 0x00000012,
+	0x000000be, 0x00000015,
+	0x000000c0, 0x00000018,
+	0x000000c1, 0x0000001a,
+	0x000000c2, 0x0000001c,
+	0x000000c3, 0x0000001e,
+	0x000000c4, 0x00000020,
+	0x000000c5, 0x00000022,
+	0x000000c7, 0x00000024,
+	0x000000c8, 0x00000026,
+	0x000000c9, 0x00000028,
+	0x000000ca, 0x0000002a,
+	0x000000cb, 0x0000002c,
+	0x000000cc, 0x0000002e,
+	0x000000cd, 0x00000030,
+	0x000000ce, 0x00000032,
+	0x000000cf, 0x00000034,
+	0x000000d1, 0x00000036,
+	0x000000d2, 0x00000038,
+	0x000000d3, 0x0000003a,
+	0x000000d4, 0x0000003c,
+	0x000000d5, 0x0000003e,
+	0x000000d6, 0x00000040,
+	0x000000d9, 0x00000042,
+	0x000000da, 0x00000044,
+	0x000000db, 0x00000046,
+	0x000000dc, 0x00000048,
+	0x000000dd, 0x0000004a,
+	0x000000e0, 0x0000004c,
+	0x000000e1, 0x0000004e,
+	0x000000e2, 0x00000050,
+	0x000000e3, 0x00000052,
+	0x000000e4, 0x00000054,
+	0x000000e5, 0x00000056,
+	0x000000e7, 0x00000058,
+	0x000000e8, 0x0000005a,
+	0x000000e9, 0x0000005c,
+	0x000000ea, 0x0000005e,
+	0x000000eb, 0x00000060,
+	0x000000ec, 0x00000062,
+	0x000000ed, 0x00000064,
+	0x000000ee, 0x00000066,
+	0x000000ef, 0x00000068,
+	0x000000f1, 0x0000006a,
+	0x000000f2, 0x0000006c,
+	0x000000f3, 0x0000006e,
+	0x000000f4, 0x00000070,
+	0x000000f5, 0x00000072,
+	0x000000f6, 0x00000074,
+	0x000000f9, 0x00000076,
+	0x000000fa, 0x00000078,
+	0x000000fb, 0x0000007a,
+	0x000000fc, 0x0000007c,
+	0x000000fd, 0x0000007e,
+	0x000000ff, 0x00000080,
+	0x00000100, 0x00000082,
+	0x00000101, 0x00000084,
+	0x00000102, 0x00000086,
+	0x00000103, 0x00000088,
+	0x00000104, 0x0000008a,
+	0x00000105, 0x0000008c,
+	0x00000106, 0x0000008e,
+	0x00000107, 0x00000090,
+	0x00000108, 0x00000092,
+	0x00000109, 0x00000094,
+	0x0000010a, 0x00000096,
+	0x0000010b, 0x00000098,
+	0x0000010c, 0x0000009a,
+	0x0000010d, 0x0000009c,
+	0x0000010e, 0x0000009e,
+	0x0000010f, 0x000000a0,
+	0x00000112, 0x000000a2,
+	0x00000113, 0x000000a4,
+	0x00000114, 0x000000a6,
+	0x00000115, 0x000000a8,
+	0x00000116, 0x000000aa,
+	0x00000117, 0x000000ac,
+	0x00000118, 0x000000ae,
+	0x00000119, 0x000000b0,
+	0x0000011a, 0x000000b2,
+	0x0000011b, 0x000000b4,
+	0x0000011c, 0x000000b6,
+	0x0000011d, 0x000000b8,
+	0x0000011e, 0x000000ba,
+	0x0000011f, 0x000000bc,
+	0x00000120, 0x000000be,
+	0x00000121, 0x000000c0,
+	0x00000122, 0x000000c2,
+	0x00000123, 0x000000c4,
+	0x00000124, 0x000000c6,
+	0x00000125, 0x000000c8,
+	0x00000128, 0x000000ca,
+	0x00000129, 0x000000cc,
+	0x0000012a, 0x000000ce,
+	0x0000012b, 0x000000d0,
+	0x0000012c, 0x000000d2,
+	0x0000012d, 0x000000d4,
+	0x0000012e, 0x000000d6,
+	0x0000012f, 0x000000d8,
+	0x00000130, 0x000000da,
+	0x00000132, 0x000000dc,
+	0x00000133, 0x000000de,
+	0x00000134, 0x000000e0,
+	0x00000135, 0x000000e2,
+	0x00000136, 0x000000e4,
+	0x00000137, 0x000000e6,
+	0x00000139, 0x000000e8,
+	0x0000013a, 0x000000ea,
+	0x0000013b, 0x000000ec,
+	0x0000013c, 0x000000ee,
+	0x0000013d, 0x000000f0,
+	0x0000013e, 0x000000f2,
+	0x0000013f, 0x000000f4,
+	0x00000140, 0x000000f6,
+	0x00000143, 0x000000f8,
+	0x00000144, 0x000000fa,
+	0x00000145, 0x000000fc,
+	0x00000146, 0x000000fe,
+	0x00000147, 0x00000100,
+	0x00000148, 0x00000102,
+	0x00000149, 0x00000104,
+	0x0000014c, 0x00000106,
+	0x0000014d, 0x00000108,
+	0x0000014e, 0x0000010a,
+	0x0000014f, 0x0000010c,
+	0x00000150, 0x0000010e,
+	0x00000151, 0x00000110,
+	0x00000154, 0x00000112,
+	0x00000155, 0x00000114,
+	0x00000156, 0x00000116,
+	0x00000157, 0x00000118,
+	0x00000158, 0x0000011a,
+	0x00000159, 0x0000011c,
+	0x0000015a, 0x0000011e,
+	0x0000015b, 0x00000120,
+	0x0000015c, 0x00000122,
+	0x0000015d, 0x00000124,
+	0x0000015e, 0x00000126,
+	0x0000015f, 0x00000128,
+	0x00000160, 0x0000012a,
+	0x00000161, 0x0000012c,
+	0x00000162, 0x0000012e,
+	0x00000163, 0x00000130,
+	0x00000164, 0x00000132,
+	0x00000165, 0x00000134,
+	0x00000168, 0x00000136,
+	0x00000169, 0x00000138,
+	0x0000016a, 0x0000013a,
+	0x0000016b, 0x0000013c,
+	0x0000016c, 0x0000013e,
+	0x0000016d, 0x00000140,
+	0x0000016e, 0x00000142,
+	0x0000016f, 0x00000144,
+	0x00000170, 0x00000146,
+	0x00000171, 0x00000148,
+	0x00000172, 0x0000014a,
+	0x00000173, 0x0000014c,
+	0x00000174, 0x0000014e,
+	0x00000175, 0x00000150,
+	0x00000176, 0x00000152,
+	0x00000177, 0x00000154,
+	0x00000178, 0x00000156,
+	0x00000179, 0x00000158,
+	0x0000017a, 0x0000015a,
+	0x0000017b, 0x0000015c,
+	0x0000017c, 0x0000015e,
+	0x0000017d, 0x00000160,
+	0x0000017e, 0x00000162,
+	0x0000017f, 0x00000164,
+	0x000001a0, 0x00000165,
+	0x000001a1, 0x00000167,
+	0x000001af, 0x00000169,
+	0x000001b0, 0x0000016b,
+	0x000001c4, 0x0000016d,
+	0x000001c5, 0x00000170,
+	0x000001c6, 0x00000173,
+	0x000001c7, 0x00000176,
+	0x000001c8, 0x00000178,
+	0x000001c9, 0x0000017a,
+	0x000001ca, 0x0000017c,
+	0x000001cb, 0x0000017e,
+	0x000001cc, 0x00000180,
+	0x000001cd, 0x00000182,
+	0x000001ce, 0x00000184,
+	0x000001cf, 0x00000186,
+	0x000001d0, 0x00000188,
+	0x000001d1, 0x0000018a,
+	0x000001d2, 0x0000018c,
+	0x000001d3, 0x0000018e,
+	0x000001d4, 0x00000190,
+	0x000001d5, 0x00000192,
+	0x000001d6, 0x00000195,
+	0x000001d7, 0x00000198,
+	0x000001d8, 0x0000019b,
+	0x000001d9, 0x0000019e,
+	0x000001da, 0x000001a1,
+	0x000001db, 0x000001a4,
+	0x000001dc, 0x000001a7,
+	0x000001de, 0x000001aa,
+	0x000001df, 0x000001ad,
+	0x000001e0, 0x000001b0,
+	0x000001e1, 0x000001b3,
+	0x000001e2, 0x000001b6,
+	0x000001e3, 0x000001b8,
+	0x000001e6, 0x000001ba,
+	0x000001e7, 0x000001bc,
+	0x000001e8, 0x000001be,
+	0x000001e9, 0x000001c0,
+	0x000001ea, 0x000001c2,
+	0x000001eb, 0x000001c4,
+	0x000001ec, 0x000001c6,
+	0x000001ed, 0x000001c9,
+	0x000001ee, 0x000001cc,
+	0x000001ef, 0x000001ce,
+	0x000001f0, 0x000001d0,
+	0x000001f1, 0x000001d2,
+	0x000001f2, 0x000001d4,
+	0x000001f3, 0x000001d6,
+	0x000001f4, 0x000001d8,
+	0x000001f5, 0x000001da,
+	0x000001f8, 0x000001dc,
+	0x000001f9, 0x000001de,
+	0x000001fa, 0x000001e0,
+	0x000001fb, 0x000001e3,
+	0x000001fc, 0x000001e6,
+	0x000001fd, 0x000001e8,
+	0x000001fe, 0x000001ea,
+	0x000001ff, 0x000001ec,
+	0x00000200, 0x000001ee,
+	0x00000201, 0x000001f0,
+	0x00000202, 0x000001f2,
+	0x00000203, 0x000001f4,
+	0x00000204, 0x000001f6,
+	0x00000205, 0x000001f8,
+	0x00000206, 0x000001fa,
+	0x00000207, 0x000001fc,
+	0x00000208, 0x000001fe,
+	0x00000209, 0x00000200,
+	0x0000020a, 0x00000202,
+	0x0000020b, 0x00000204,
+	0x0000020c, 0x00000206,
+	0x0000020d, 0x00000208,
+	0x0000020e, 0x0000020a,
+	0x0000020f, 0x0000020c,
+	0x00000210, 0x0000020e,
+	0x00000211, 0x00000210,
+	0x00000212, 0x00000212,
+	0x00000213, 0x00000214,
+	0x00000214, 0x00000216,
+	0x00000215, 0x00000218,
+	0x00000216, 0x0000021a,
+	0x00000217, 0x0000021c,
+	0x00000218, 0x0000021e,
+	0x00000219, 0x00000220,
+	0x0000021a, 0x00000222,
+	0x0000021b, 0x00000224,
+	0x0000021e, 0x00000226,
+	0x0000021f, 0x00000228,
+	0x00000226, 0x0000022a,
+	0x00000227, 0x0000022c,
+	0x00000228, 0x0000022e,
+	0x00000229, 0x00000230,
+	0x0000022a, 0x00000232,
+	0x0000022b, 0x00000235,
+	0x0000022c, 0x00000238,
+	0x0000022d, 0x0000023b,
+	0x0000022e, 0x0000023e,
+	0x0000022f, 0x00000240,
+	0x00000230, 0x00000242,
+	0x00000231, 0x00000245,
+	0x00000232, 0x00000248,
+	0x00000233, 0x0000024a,
+	0x000002b0, 0x0000024c,
+	0x000002b1, 0x0000024d,
+	0x000002b2, 0x0000024e,
+	0x000002b3, 0x0000024f,
+	0x000002b4, 0x00000250,
+	0x000002b5, 0x00000251,
+	0x000002b6, 0x00000252,
+	0x000002b7, 0x00000253,
+	0x000002b8, 0x00000254,
+	0x000002d8, 0x00000255,
+	0x000002d9, 0x00000257,
+	0x000002da, 0x00000259,
+	0x000002db, 0x0000025b,
+	0x000002dc, 0x0000025d,
+	0x000002dd, 0x0000025f,
+	0x000002e0, 0x00000261,
+	0x000002e1, 0x00000262,
+	0x000002e2, 0x00000263,
+	0x000002e3, 0x00000264,
+	0x000002e4, 0x00000265,
+	0x00000340, 0x00000266,
+	0x00000341, 0x00000267,
+	0x00000343, 0x00000268,
+	0x00000344, 0x00000269,
+	0x00000374, 0x0000026b,
+	0x0000037a, 0x0000026c,
+	0x0000037e, 0x0000026e,
+	0x00000384, 0x0000026f,
+	0x00000385, 0x00000271,
+	0x00000386, 0x00000274,
+	0x00000387, 0x00000276,
+	0x00000388, 0x00000277,
+	0x00000389, 0x00000279,
+	0x0000038a, 0x0000027b,
+	0x0000038c, 0x0000027d,
+	0x0000038e, 0x0000027f,
+	0x0000038f, 0x00000281,
+	0x00000390, 0x00000283,
+	0x000003aa, 0x00000286,
+	0x000003ab, 0x00000288,
+	0x000003ac, 0x0000028a,
+	0x000003ad, 0x0000028c,
+	0x000003ae, 0x0000028e,
+	0x000003af, 0x00000290,
+	0x000003b0, 0x00000292,
+	0x000003ca, 0x00000295,
+	0x000003cb, 0x00000297,
+	0x000003cc, 0x00000299,
+	0x000003cd, 0x0000029b,
+	0x000003ce, 0x0000029d,
+	0x000003d0, 0x0000029f,
+	0x000003d1, 0x000002a0,
+	0x000003d2, 0x000002a1,
+	0x000003d3, 0x000002a2,
+	0x000003d4, 0x000002a4,
+	0x000003d5, 0x000002a6,
+	0x000003d6, 0x000002a7,
+	0x000003f0, 0x000002a8,
+	0x000003f1, 0x000002a9,
+	0x000003f2, 0x000002aa,
+	0x000003f4, 0x000002ab,
+	0x000003f5, 0x000002ac,
+	0x00000400, 0x000002ad,
+	0x00000401, 0x000002af,
+	0x00000403, 0x000002b1,
+	0x00000407, 0x000002b3,
+	0x0000040c, 0x000002b5,
+	0x0000040d, 0x000002b7,
+	0x0000040e, 0x000002b9,
+	0x00000419, 0x000002bb,
+	0x00000439, 0x000002bd,
+	0x00000450, 0x000002bf,
+	0x00000451, 0x000002c1,
+	0x00000453, 0x000002c3,
+	0x00000457, 0x000002c5,
+	0x0000045c, 0x000002c7,
+	0x0000045d, 0x000002c9,
+	0x0000045e, 0x000002cb,
+	0x00000476, 0x000002cd,
+	0x00000477, 0x000002cf,
+	0x000004c1, 0x000002d1,
+	0x000004c2, 0x000002d3,
+	0x000004d0, 0x000002d5,
+	0x000004d1, 0x000002d7,
+	0x000004d2, 0x000002d9,
+	0x000004d3, 0x000002db,
+	0x000004d6, 0x000002dd,
+	0x000004d7, 0x000002df,
+	0x000004da, 0x000002e1,
+	0x000004db, 0x000002e3,
+	0x000004dc, 0x000002e5,
+	0x000004dd, 0x000002e7,
+	0x000004de, 0x000002e9,
+	0x000004df, 0x000002eb,
+	0x000004e2, 0x000002ed,
+	0x000004e3, 0x000002ef,
+	0x000004e4, 0x000002f1,
+	0x000004e5, 0x000002f3,
+	0x000004e6, 0x000002f5,
+	0x000004e7, 0x000002f7,
+	0x000004ea, 0x000002f9,
+	0x000004eb, 0x000002fb,
+	0x000004ec, 0x000002fd,
+	0x000004ed, 0x000002ff,
+	0x000004ee, 0x00000301,
+	0x000004ef, 0x00000303,
+	0x000004f0, 0x00000305,
+	0x000004f1, 0x00000307,
+	0x000004f2, 0x00000309,
+	0x000004f3, 0x0000030b,
+	0x000004f4, 0x0000030d,
+	0x000004f5, 0x0000030f,
+	0x000004f8, 0x00000311,
+	0x000004f9, 0x00000313,
+	0x00000587, 0x00000315,
+	0x00000622, 0x00000317,
+	0x00000623, 0x00000319,
+	0x00000624, 0x0000031b,
+	0x00000625, 0x0000031d,
+	0x00000626, 0x0000031f,
+	0x00000675, 0x00000321,
+	0x00000676, 0x00000323,
+	0x00000677, 0x00000325,
+	0x00000678, 0x00000327,
+	0x000006c0, 0x00000329,
+	0x000006c2, 0x0000032b,
+	0x000006d3, 0x0000032d,
+	0x00000929, 0x0000032f,
+	0x00000931, 0x00000331,
+	0x00000934, 0x00000333,
+	0x00000958, 0x00000335,
+	0x00000959, 0x00000337,
+	0x0000095a, 0x00000339,
+	0x0000095b, 0x0000033b,
+	0x0000095c, 0x0000033d,
+	0x0000095d, 0x0000033f,
+	0x0000095e, 0x00000341,
+	0x0000095f, 0x00000343,
+	0x000009cb, 0x00000345,
+	0x000009cc, 0x00000347,
+	0x000009dc, 0x00000349,
+	0x000009dd, 0x0000034b,
+	0x000009df, 0x0000034d,
+	0x00000a33, 0x0000034f,
+	0x00000a36, 0x00000351,
+	0x00000a59, 0x00000353,
+	0x00000a5a, 0x00000355,
+	0x00000a5b, 0x00000357,
+	0x00000a5e, 0x00000359,
+	0x00000b48, 0x0000035b,
+	0x00000b4b, 0x0000035d,
+	0x00000b4c, 0x0000035f,
+	0x00000b5c, 0x00000361,
+	0x00000b5d, 0x00000363,
+	0x00000b94, 0x00000365,
+	0x00000bca, 0x00000367,
+	0x00000bcb, 0x00000369,
+	0x00000bcc, 0x0000036b,
+	0x00000c48, 0x0000036d,
+	0x00000cc0, 0x0000036f,
+	0x00000cc7, 0x00000371,
+	0x00000cc8, 0x00000373,
+	0x00000cca, 0x00000375,
+	0x00000ccb, 0x00000377,
+	0x00000d4a, 0x0000037a,
+	0x00000d4b, 0x0000037c,
+	0x00000d4c, 0x0000037e,
+	0x00000dda, 0x00000380,
+	0x00000ddc, 0x00000382,
+	0x00000ddd, 0x00000384,
+	0x00000dde, 0x00000387,
+	0x00000e33, 0x00000389,
+	0x00000eb3, 0x0000038b,
+	0x00000edc, 0x0000038d,
+	0x00000edd, 0x0000038f,
+	0x00000f0c, 0x00000391,
+	0x00000f43, 0x00000392,
+	0x00000f4d, 0x00000394,
+	0x00000f52, 0x00000396,
+	0x00000f57, 0x00000398,
+	0x00000f5c, 0x0000039a,
+	0x00000f69, 0x0000039c,
+	0x00000f73, 0x0000039e,
+	0x00000f75, 0x000003a0,
+	0x00000f76, 0x000003a2,
+	0x00000f77, 0x000003a4,
+	0x00000f78, 0x000003a7,
+	0x00000f79, 0x000003a9,
+	0x00000f81, 0x000003ac,
+	0x00000f93, 0x000003ae,
+	0x00000f9d, 0x000003b0,
+	0x00000fa2, 0x000003b2,
+	0x00000fa7, 0x000003b4,
+	0x00000fac, 0x000003b6,
+	0x00000fb9, 0x000003b8,
+	0x00001026, 0x000003ba,
+	0x00001e00, 0x000003bc,
+	0x00001e01, 0x000003be,
+	0x00001e02, 0x000003c0,
+	0x00001e03, 0x000003c2,
+	0x00001e04, 0x000003c4,
+	0x00001e05, 0x000003c6,
+	0x00001e06, 0x000003c8,
+	0x00001e07, 0x000003ca,
+	0x00001e08, 0x000003cc,
+	0x00001e09, 0x000003cf,
+	0x00001e0a, 0x000003d2,
+	0x00001e0b, 0x000003d4,
+	0x00001e0c, 0x000003d6,
+	0x00001e0d, 0x000003d8,
+	0x00001e0e, 0x000003da,
+	0x00001e0f, 0x000003dc,
+	0x00001e10, 0x000003de,
+	0x00001e11, 0x000003e0,
+	0x00001e12, 0x000003e2,
+	0x00001e13, 0x000003e4,
+	0x00001e14, 0x000003e6,
+	0x00001e15, 0x000003e9,
+	0x00001e16, 0x000003ec,
+	0x00001e17, 0x000003ef,
+	0x00001e18, 0x000003f2,
+	0x00001e19, 0x000003f4,
+	0x00001e1a, 0x000003f6,
+	0x00001e1b, 0x000003f8,
+	0x00001e1c, 0x000003fa,
+	0x00001e1d, 0x000003fd,
+	0x00001e1e, 0x00000400,
+	0x00001e1f, 0x00000402,
+	0x00001e20, 0x00000404,
+	0x00001e21, 0x00000406,
+	0x00001e22, 0x00000408,
+	0x00001e23, 0x0000040a,
+	0x00001e24, 0x0000040c,
+	0x00001e25, 0x0000040e,
+	0x00001e26, 0x00000410,
+	0x00001e27, 0x00000412,
+	0x00001e28, 0x00000414,
+	0x00001e29, 0x00000416,
+	0x00001e2a, 0x00000418,
+	0x00001e2b, 0x0000041a,
+	0x00001e2c, 0x0000041c,
+	0x00001e2d, 0x0000041e,
+	0x00001e2e, 0x00000420,
+	0x00001e2f, 0x00000423,
+	0x00001e30, 0x00000426,
+	0x00001e31, 0x00000428,
+	0x00001e32, 0x0000042a,
+	0x00001e33, 0x0000042c,
+	0x00001e34, 0x0000042e,
+	0x00001e35, 0x00000430,
+	0x00001e36, 0x00000432,
+	0x00001e37, 0x00000434,
+	0x00001e38, 0x00000436,
+	0x00001e39, 0x00000439,
+	0x00001e3a, 0x0000043c,
+	0x00001e3b, 0x0000043e,
+	0x00001e3c, 0x00000440,
+	0x00001e3d, 0x00000442,
+	0x00001e3e, 0x00000444,
+	0x00001e3f, 0x00000446,
+	0x00001e40, 0x00000448,
+	0x00001e41, 0x0000044a,
+	0x00001e42, 0x0000044c,
+	0x00001e43, 0x0000044e,
+	0x00001e44, 0x00000450,
+	0x00001e45, 0x00000452,
+	0x00001e46, 0x00000454,
+	0x00001e47, 0x00000456,
+	0x00001e48, 0x00000458,
+	0x00001e49, 0x0000045a,
+	0x00001e4a, 0x0000045c,
+	0x00001e4b, 0x0000045e,
+	0x00001e4c, 0x00000460,
+	0x00001e4d, 0x00000463,
+	0x00001e4e, 0x00000466,
+	0x00001e4f, 0x00000469,
+	0x00001e50, 0x0000046c,
+	0x00001e51, 0x0000046f,
+	0x00001e52, 0x00000472,
+	0x00001e53, 0x00000475,
+	0x00001e54, 0x00000478,
+	0x00001e55, 0x0000047a,
+	0x00001e56, 0x0000047c,
+	0x00001e57, 0x0000047e,
+	0x00001e58, 0x00000480,
+	0x00001e59, 0x00000482,
+	0x00001e5a, 0x00000484,
+	0x00001e5b, 0x00000486,
+	0x00001e5c, 0x00000488,
+	0x00001e5d, 0x0000048b,
+	0x00001e5e, 0x0000048e,
+	0x00001e5f, 0x00000490,
+	0x00001e60, 0x00000492,
+	0x00001e61, 0x00000494,
+	0x00001e62, 0x00000496,
+	0x00001e63, 0x00000498,
+	0x00001e64, 0x0000049a,
+	0x00001e65, 0x0000049d,
+	0x00001e66, 0x000004a0,
+	0x00001e67, 0x000004a3,
+	0x00001e68, 0x000004a6,
+	0x00001e69, 0x000004a9,
+	0x00001e6a, 0x000004ac,
+	0x00001e6b, 0x000004ae,
+	0x00001e6c, 0x000004b0,
+	0x00001e6d, 0x000004b2,
+	0x00001e6e, 0x000004b4,
+	0x00001e6f, 0x000004b6,
+	0x00001e70, 0x000004b8,
+	0x00001e71, 0x000004ba,
+	0x00001e72, 0x000004bc,
+	0x00001e73, 0x000004be,
+	0x00001e74, 0x000004c0,
+	0x00001e75, 0x000004c2,
+	0x00001e76, 0x000004c4,
+	0x00001e77, 0x000004c6,
+	0x00001e78, 0x000004c8,
+	0x00001e79, 0x000004cb,
+	0x00001e7a, 0x000004ce,
+	0x00001e7b, 0x000004d1,
+	0x00001e7c, 0x000004d4,
+	0x00001e7d, 0x000004d6,
+	0x00001e7e, 0x000004d8,
+	0x00001e7f, 0x000004da,
+	0x00001e80, 0x000004dc,
+	0x00001e81, 0x000004de,
+	0x00001e82, 0x000004e0,
+	0x00001e83, 0x000004e2,
+	0x00001e84, 0x000004e4,
+	0x00001e85, 0x000004e6,
+	0x00001e86, 0x000004e8,
+	0x00001e87, 0x000004ea,
+	0x00001e88, 0x000004ec,
+	0x00001e89, 0x000004ee,
+	0x00001e8a, 0x000004f0,
+	0x00001e8b, 0x000004f2,
+	0x00001e8c, 0x000004f4,
+	0x00001e8d, 0x000004f6,
+	0x00001e8e, 0x000004f8,
+	0x00001e8f, 0x000004fa,
+	0x00001e90, 0x000004fc,
+	0x00001e91, 0x000004fe,
+	0x00001e92, 0x00000500,
+	0x00001e93, 0x00000502,
+	0x00001e94, 0x00000504,
+	0x00001e95, 0x00000506,
+	0x00001e96, 0x00000508,
+	0x00001e97, 0x0000050a,
+	0x00001e98, 0x0000050c,
+	0x00001e99, 0x0000050e,
+	0x00001e9a, 0x00000510,
+	0x00001e9b, 0x00000512,
+	0x00001ea0, 0x00000514,
+	0x00001ea1, 0x00000516,
+	0x00001ea2, 0x00000518,
+	0x00001ea3, 0x0000051a,
+	0x00001ea4, 0x0000051c,
+	0x00001ea5, 0x0000051f,
+	0x00001ea6, 0x00000522,
+	0x00001ea7, 0x00000525,
+	0x00001ea8, 0x00000528,
+	0x00001ea9, 0x0000052b,
+	0x00001eaa, 0x0000052e,
+	0x00001eab, 0x00000531,
+	0x00001eac, 0x00000534,
+	0x00001ead, 0x00000537,
+	0x00001eae, 0x0000053a,
+	0x00001eaf, 0x0000053d,
+	0x00001eb0, 0x00000540,
+	0x00001eb1, 0x00000543,
+	0x00001eb2, 0x00000546,
+	0x00001eb3, 0x00000549,
+	0x00001eb4, 0x0000054c,
+	0x00001eb5, 0x0000054f,
+	0x00001eb6, 0x00000552,
+	0x00001eb7, 0x00000555,
+	0x00001eb8, 0x00000558,
+	0x00001eb9, 0x0000055a,
+	0x00001eba, 0x0000055c,
+	0x00001ebb, 0x0000055e,
+	0x00001ebc, 0x00000560,
+	0x00001ebd, 0x00000562,
+	0x00001ebe, 0x00000564,
+	0x00001ebf, 0x00000567,
+	0x00001ec0, 0x0000056a,
+	0x00001ec1, 0x0000056d,
+	0x00001ec2, 0x00000570,
+	0x00001ec3, 0x00000573,
+	0x00001ec4, 0x00000576,
+	0x00001ec5, 0x00000579,
+	0x00001ec6, 0x0000057c,
+	0x00001ec7, 0x0000057f,
+	0x00001ec8, 0x00000582,
+	0x00001ec9, 0x00000584,
+	0x00001eca, 0x00000586,
+	0x00001ecb, 0x00000588,
+	0x00001ecc, 0x0000058a,
+	0x00001ecd, 0x0000058c,
+	0x00001ece, 0x0000058e,
+	0x00001ecf, 0x00000590,
+	0x00001ed0, 0x00000592,
+	0x00001ed1, 0x00000595,
+	0x00001ed2, 0x00000598,
+	0x00001ed3, 0x0000059b,
+	0x00001ed4, 0x0000059e,
+	0x00001ed5, 0x000005a1,
+	0x00001ed6, 0x000005a4,
+	0x00001ed7, 0x000005a7,
+	0x00001ed8, 0x000005aa,
+	0x00001ed9, 0x000005ad,
+	0x00001eda, 0x000005b0,
+	0x00001edb, 0x000005b3,
+	0x00001edc, 0x000005b6,
+	0x00001edd, 0x000005b9,
+	0x00001ede, 0x000005bc,
+	0x00001edf, 0x000005bf,
+	0x00001ee0, 0x000005c2,
+	0x00001ee1, 0x000005c5,
+	0x00001ee2, 0x000005c8,
+	0x00001ee3, 0x000005cb,
+	0x00001ee4, 0x000005ce,
+	0x00001ee5, 0x000005d0,
+	0x00001ee6, 0x000005d2,
+	0x00001ee7, 0x000005d4,
+	0x00001ee8, 0x000005d6,
+	0x00001ee9, 0x000005d9,
+	0x00001eea, 0x000005dc,
+	0x00001eeb, 0x000005df,
+	0x00001eec, 0x000005e2,
+	0x00001eed, 0x000005e5,
+	0x00001eee, 0x000005e8,
+	0x00001eef, 0x000005eb,
+	0x00001ef0, 0x000005ee,
+	0x00001ef1, 0x000005f1,
+	0x00001ef2, 0x000005f4,
+	0x00001ef3, 0x000005f6,
+	0x00001ef4, 0x000005f8,
+	0x00001ef5, 0x000005fa,
+	0x00001ef6, 0x000005fc,
+	0x00001ef7, 0x000005fe,
+	0x00001ef8, 0x00000600,
+	0x00001ef9, 0x00000602,
+	0x00001f00, 0x00000604,
+	0x00001f01, 0x00000606,
+	0x00001f02, 0x00000608,
+	0x00001f03, 0x0000060b,
+	0x00001f04, 0x0000060e,
+	0x00001f05, 0x00000611,
+	0x00001f06, 0x00000614,
+	0x00001f07, 0x00000617,
+	0x00001f08, 0x0000061a,
+	0x00001f09, 0x0000061c,
+	0x00001f0a, 0x0000061e,
+	0x00001f0b, 0x00000621,
+	0x00001f0c, 0x00000624,
+	0x00001f0d, 0x00000627,
+	0x00001f0e, 0x0000062a,
+	0x00001f0f, 0x0000062d,
+	0x00001f10, 0x00000630,
+	0x00001f11, 0x00000632,
+	0x00001f12, 0x00000634,
+	0x00001f13, 0x00000637,
+	0x00001f14, 0x0000063a,
+	0x00001f15, 0x0000063d,
+	0x00001f18, 0x00000640,
+	0x00001f19, 0x00000642,
+	0x00001f1a, 0x00000644,
+	0x00001f1b, 0x00000647,
+	0x00001f1c, 0x0000064a,
+	0x00001f1d, 0x0000064d,
+	0x00001f20, 0x00000650,
+	0x00001f21, 0x00000652,
+	0x00001f22, 0x00000654,
+	0x00001f23, 0x00000657,
+	0x00001f24, 0x0000065a,
+	0x00001f25, 0x0000065d,
+	0x00001f26, 0x00000660,
+	0x00001f27, 0x00000663,
+	0x00001f28, 0x00000666,
+	0x00001f29, 0x00000668,
+	0x00001f2a, 0x0000066a,
+	0x00001f2b, 0x0000066d,
+	0x00001f2c, 0x00000670,
+	0x00001f2d, 0x00000673,
+	0x00001f2e, 0x00000676,
+	0x00001f2f, 0x00000679,
+	0x00001f30, 0x0000067c,
+	0x00001f31, 0x0000067e,
+	0x00001f32, 0x00000680,
+	0x00001f33, 0x00000683,
+	0x00001f34, 0x00000686,
+	0x00001f35, 0x00000689,
+	0x00001f36, 0x0000068c,
+	0x00001f37, 0x0000068f,
+	0x00001f38, 0x00000692,
+	0x00001f39, 0x00000694,
+	0x00001f3a, 0x00000696,
+	0x00001f3b, 0x00000699,
+	0x00001f3c, 0x0000069c,
+	0x00001f3d, 0x0000069f,
+	0x00001f3e, 0x000006a2,
+	0x00001f3f, 0x000006a5,
+	0x00001f40, 0x000006a8,
+	0x00001f41, 0x000006aa,
+	0x00001f42, 0x000006ac,
+	0x00001f43, 0x000006af,
+	0x00001f44, 0x000006b2,
+	0x00001f45, 0x000006b5,
+	0x00001f48, 0x000006b8,
+	0x00001f49, 0x000006ba,
+	0x00001f4a, 0x000006bc,
+	0x00001f4b, 0x000006bf,
+	0x00001f4c, 0x000006c2,
+	0x00001f4d, 0x000006c5,
+	0x00001f50, 0x000006c8,
+	0x00001f51, 0x000006ca,
+	0x00001f52, 0x000006cc,
+	0x00001f53, 0x000006cf,
+	0x00001f54, 0x000006d2,
+	0x00001f55, 0x000006d5,
+	0x00001f56, 0x000006d8,
+	0x00001f57, 0x000006db,
+	0x00001f59, 0x000006de,
+	0x00001f5b, 0x000006e0,
+	0x00001f5d, 0x000006e3,
+	0x00001f5f, 0x000006e6,
+	0x00001f60, 0x000006e9,
+	0x00001f61, 0x000006eb,
+	0x00001f62, 0x000006ed,
+	0x00001f63, 0x000006f0,
+	0x00001f64, 0x000006f3,
+	0x00001f65, 0x000006f6,
+	0x00001f66, 0x000006f9,
+	0x00001f67, 0x000006fc,
+	0x00001f68, 0x000006ff,
+	0x00001f69, 0x00000701,
+	0x00001f6a, 0x00000703,
+	0x00001f6b, 0x00000706,
+	0x00001f6c, 0x00000709,
+	0x00001f6d, 0x0000070c,
+	0x00001f6e, 0x0000070f,
+	0x00001f6f, 0x00000712,
+	0x00001f70, 0x00000715,
+	0x00001f71, 0x00000717,
+	0x00001f72, 0x00000719,
+	0x00001f73, 0x0000071b,
+	0x00001f74, 0x0000071d,
+	0x00001f75, 0x0000071f,
+	0x00001f76, 0x00000721,
+	0x00001f77, 0x00000723,
+	0x00001f78, 0x00000725,
+	0x00001f79, 0x00000727,
+	0x00001f7a, 0x00000729,
+	0x00001f7b, 0x0000072b,
+	0x00001f7c, 0x0000072d,
+	0x00001f7d, 0x0000072f,
+	0x00001f80, 0x00000731,
+	0x00001f81, 0x00000734,
+	0x00001f82, 0x00000737,
+	0x00001f83, 0x0000073b,
+	0x00001f84, 0x0000073f,
+	0x00001f85, 0x00000743,
+	0x00001f86, 0x00000747,
+	0x00001f87, 0x0000074b,
+	0x00001f88, 0x0000074f,
+	0x00001f89, 0x00000752,
+	0x00001f8a, 0x00000755,
+	0x00001f8b, 0x00000759,
+	0x00001f8c, 0x0000075d,
+	0x00001f8d, 0x00000761,
+	0x00001f8e, 0x00000765,
+	0x00001f8f, 0x00000769,
+	0x00001f90, 0x0000076d,
+	0x00001f91, 0x00000770,
+	0x00001f92, 0x00000773,
+	0x00001f93, 0x00000777,
+	0x00001f94, 0x0000077b,
+	0x00001f95, 0x0000077f,
+	0x00001f96, 0x00000783,
+	0x00001f97, 0x00000787,
+	0x00001f98, 0x0000078b,
+	0x00001f99, 0x0000078e,
+	0x00001f9a, 0x00000791,
+	0x00001f9b, 0x00000795,
+	0x00001f9c, 0x00000799,
+	0x00001f9d, 0x0000079d,
+	0x00001f9e, 0x000007a1,
+	0x00001f9f, 0x000007a5,
+	0x00001fa0, 0x000007a9,
+	0x00001fa1, 0x000007ac,
+	0x00001fa2, 0x000007af,
+	0x00001fa3, 0x000007b3,
+	0x00001fa4, 0x000007b7,
+	0x00001fa5, 0x000007bb,
+	0x00001fa6, 0x000007bf,
+	0x00001fa7, 0x000007c3,
+	0x00001fa8, 0x000007c7,
+	0x00001fa9, 0x000007ca,
+	0x00001faa, 0x000007cd,
+	0x00001fab, 0x000007d1,
+	0x00001fac, 0x000007d5,
+	0x00001fad, 0x000007d9,
+	0x00001fae, 0x000007dd,
+	0x00001faf, 0x000007e1,
+	0x00001fb0, 0x000007e5,
+	0x00001fb1, 0x000007e7,
+	0x00001fb2, 0x000007e9,
+	0x00001fb3, 0x000007ec,
+	0x00001fb4, 0x000007ee,
+	0x00001fb6, 0x000007f1,
+	0x00001fb7, 0x000007f3,
+	0x00001fb8, 0x000007f6,
+	0x00001fb9, 0x000007f8,
+	0x00001fba, 0x000007fa,
+	0x00001fbb, 0x000007fc,
+	0x00001fbc, 0x000007fe,
+	0x00001fbd, 0x00000800,
+	0x00001fbe, 0x00000802,
+	0x00001fbf, 0x00000803,
+	0x00001fc0, 0x00000805,
+	0x00001fc1, 0x00000807,
+	0x00001fc2, 0x0000080a,
+	0x00001fc3, 0x0000080d,
+	0x00001fc4, 0x0000080f,
+	0x00001fc6, 0x00000812,
+	0x00001fc7, 0x00000814,
+	0x00001fc8, 0x00000817,
+	0x00001fc9, 0x00000819,
+	0x00001fca, 0x0000081b,
+	0x00001fcb, 0x0000081d,
+	0x00001fcc, 0x0000081f,
+	0x00001fcd, 0x00000821,
+	0x00001fce, 0x00000824,
+	0x00001fcf, 0x00000827,
+	0x00001fd0, 0x0000082a,
+	0x00001fd1, 0x0000082c,
+	0x00001fd2, 0x0000082e,
+	0x00001fd3, 0x00000831,
+	0x00001fd6, 0x00000834,
+	0x00001fd7, 0x00000836,
+	0x00001fd8, 0x00000839,
+	0x00001fd9, 0x0000083b,
+	0x00001fda, 0x0000083d,
+	0x00001fdb, 0x0000083f,
+	0x00001fdd, 0x00000841,
+	0x00001fde, 0x00000844,
+	0x00001fdf, 0x00000847,
+	0x00001fe0, 0x0000084a,
+	0x00001fe1, 0x0000084c,
+	0x00001fe2, 0x0000084e,
+	0x00001fe3, 0x00000851,
+	0x00001fe4, 0x00000854,
+	0x00001fe5, 0x00000856,
+	0x00001fe6, 0x00000858,
+	0x00001fe7, 0x0000085a,
+	0x00001fe8, 0x0000085d,
+	0x00001fe9, 0x0000085f,
+	0x00001fea, 0x00000861,
+	0x00001feb, 0x00000863,
+	0x00001fec, 0x00000865,
+	0x00001fed, 0x00000867,
+	0x00001fee, 0x0000086a,
+	0x00001fef, 0x0000086d,
+	0x00001ff2, 0x0000086e,
+	0x00001ff3, 0x00000871,
+	0x00001ff4, 0x00000873,
+	0x00001ff6, 0x00000876,
+	0x00001ff7, 0x00000878,
+	0x00001ff8, 0x0000087b,
+	0x00001ff9, 0x0000087d,
+	0x00001ffa, 0x0000087f,
+	0x00001ffb, 0x00000881,
+	0x00001ffc, 0x00000883,
+	0x00001ffd, 0x00000885,
+	0x00001ffe, 0x00000887,
+	0x00002000, 0x00000889,
+	0x00002001, 0x0000088a,
+	0x00002002, 0x0000088b,
+	0x00002003, 0x0000088c,
+	0x00002004, 0x0000088d,
+	0x00002005, 0x0000088e,
+	0x00002006, 0x0000088f,
+	0x00002007, 0x00000890,
+	0x00002008, 0x00000891,
+	0x00002009, 0x00000892,
+	0x0000200a, 0x00000893,
+	0x00002011, 0x00000894,
+	0x00002017, 0x00000895,
+	0x00002024, 0x00000897,
+	0x00002025, 0x00000898,
+	0x00002026, 0x0000089a,
+	0x0000202f, 0x0000089d,
+	0x00002033, 0x0000089e,
+	0x00002034, 0x000008a0,
+	0x00002036, 0x000008a3,
+	0x00002037, 0x000008a5,
+	0x0000203c, 0x000008a8,
+	0x0000203e, 0x000008aa,
+	0x00002047, 0x000008ac,
+	0x00002048, 0x000008ae,
+	0x00002049, 0x000008b0,
+	0x00002057, 0x000008b2,
+	0x0000205f, 0x000008b6,
+	0x00002070, 0x000008b7,
+	0x00002071, 0x000008b8,
+	0x00002074, 0x000008b9,
+	0x00002075, 0x000008ba,
+	0x00002076, 0x000008bb,
+	0x00002077, 0x000008bc,
+	0x00002078, 0x000008bd,
+	0x00002079, 0x000008be,
+	0x0000207a, 0x000008bf,
+	0x0000207b, 0x000008c0,
+	0x0000207c, 0x000008c1,
+	0x0000207d, 0x000008c2,
+	0x0000207e, 0x000008c3,
+	0x0000207f, 0x000008c4,
+	0x00002080, 0x000008c5,
+	0x00002081, 0x000008c6,
+	0x00002082, 0x000008c7,
+	0x00002083, 0x000008c8,
+	0x00002084, 0x000008c9,
+	0x00002085, 0x000008ca,
+	0x00002086, 0x000008cb,
+	0x00002087, 0x000008cc,
+	0x00002088, 0x000008cd,
+	0x00002089, 0x000008ce,
+	0x0000208a, 0x000008cf,
+	0x0000208b, 0x000008d0,
+	0x0000208c, 0x000008d1,
+	0x0000208d, 0x000008d2,
+	0x0000208e, 0x000008d3,
+	0x000020a8, 0x000008d4,
+	0x00002100, 0x000008d6,
+	0x00002101, 0x000008d9,
+	0x00002102, 0x000008dc,
+	0x00002103, 0x000008dd,
+	0x00002105, 0x000008df,
+	0x00002106, 0x000008e2,
+	0x00002107, 0x000008e5,
+	0x00002109, 0x000008e6,
+	0x0000210a, 0x000008e8,
+	0x0000210b, 0x000008e9,
+	0x0000210c, 0x000008ea,
+	0x0000210d, 0x000008eb,
+	0x0000210e, 0x000008ec,
+	0x0000210f, 0x000008ed,
+	0x00002110, 0x000008ee,
+	0x00002111, 0x000008ef,
+	0x00002112, 0x000008f0,
+	0x00002113, 0x000008f1,
+	0x00002115, 0x000008f2,
+	0x00002116, 0x000008f3,
+	0x00002119, 0x000008f5,
+	0x0000211a, 0x000008f6,
+	0x0000211b, 0x000008f7,
+	0x0000211c, 0x000008f8,
+	0x0000211d, 0x000008f9,
+	0x00002120, 0x000008fa,
+	0x00002121, 0x000008fc,
+	0x00002122, 0x000008ff,
+	0x00002124, 0x00000901,
+	0x00002126, 0x00000902,
+	0x00002128, 0x00000903,
+	0x0000212a, 0x00000904,
+	0x0000212b, 0x00000905,
+	0x0000212c, 0x00000907,
+	0x0000212d, 0x00000908,
+	0x0000212f, 0x00000909,
+	0x00002130, 0x0000090a,
+	0x00002131, 0x0000090b,
+	0x00002133, 0x0000090c,
+	0x00002134, 0x0000090d,
+	0x00002135, 0x0000090e,
+	0x00002136, 0x0000090f,
+	0x00002137, 0x00000910,
+	0x00002138, 0x00000911,
+	0x00002139, 0x00000912,
+	0x0000213d, 0x00000913,
+	0x0000213e, 0x00000914,
+	0x0000213f, 0x00000915,
+	0x00002140, 0x00000916,
+	0x00002145, 0x00000917,
+	0x00002146, 0x00000918,
+	0x00002147, 0x00000919,
+	0x00002148, 0x0000091a,
+	0x00002149, 0x0000091b,
+	0x00002153, 0x0000091c,
+	0x00002154, 0x0000091f,
+	0x00002155, 0x00000922,
+	0x00002156, 0x00000925,
+	0x00002157, 0x00000928,
+	0x00002158, 0x0000092b,
+	0x00002159, 0x0000092e,
+	0x0000215a, 0x00000931,
+	0x0000215b, 0x00000934,
+	0x0000215c, 0x00000937,
+	0x0000215d, 0x0000093a,
+	0x0000215e, 0x0000093d,
+	0x0000215f, 0x00000940,
+	0x00002160, 0x00000942,
+	0x00002161, 0x00000943,
+	0x00002162, 0x00000945,
+	0x00002163, 0x00000948,
+	0x00002164, 0x0000094a,
+	0x00002165, 0x0000094b,
+	0x00002166, 0x0000094d,
+	0x00002167, 0x00000950,
+	0x00002168, 0x00000954,
+	0x00002169, 0x00000956,
+	0x0000216a, 0x00000957,
+	0x0000216b, 0x00000959,
+	0x0000216c, 0x0000095c,
+	0x0000216d, 0x0000095d,
+	0x0000216e, 0x0000095e,
+	0x0000216f, 0x0000095f,
+	0x00002170, 0x00000960,
+	0x00002171, 0x00000961,
+	0x00002172, 0x00000963,
+	0x00002173, 0x00000966,
+	0x00002174, 0x00000968,
+	0x00002175, 0x00000969,
+	0x00002176, 0x0000096b,
+	0x00002177, 0x0000096e,
+	0x00002178, 0x00000972,
+	0x00002179, 0x00000974,
+	0x0000217a, 0x00000975,
+	0x0000217b, 0x00000977,
+	0x0000217c, 0x0000097a,
+	0x0000217d, 0x0000097b,
+	0x0000217e, 0x0000097c,
+	0x0000217f, 0x0000097d,
+	0x0000219a, 0x0000097e,
+	0x0000219b, 0x00000980,
+	0x000021ae, 0x00000982,
+	0x000021cd, 0x00000984,
+	0x000021ce, 0x00000986,
+	0x000021cf, 0x00000988,
+	0x00002204, 0x0000098a,
+	0x00002209, 0x0000098c,
+	0x0000220c, 0x0000098e,
+	0x00002224, 0x00000990,
+	0x00002226, 0x00000992,
+	0x0000222c, 0x00000994,
+	0x0000222d, 0x00000996,
+	0x0000222f, 0x00000999,
+	0x00002230, 0x0000099b,
+	0x00002241, 0x0000099e,
+	0x00002244, 0x000009a0,
+	0x00002247, 0x000009a2,
+	0x00002249, 0x000009a4,
+	0x00002260, 0x000009a6,
+	0x00002262, 0x000009a8,
+	0x0000226d, 0x000009aa,
+	0x0000226e, 0x000009ac,
+	0x0000226f, 0x000009ae,
+	0x00002270, 0x000009b0,
+	0x00002271, 0x000009b2,
+	0x00002274, 0x000009b4,
+	0x00002275, 0x000009b6,
+	0x00002278, 0x000009b8,
+	0x00002279, 0x000009ba,
+	0x00002280, 0x000009bc,
+	0x00002281, 0x000009be,
+	0x00002284, 0x000009c0,
+	0x00002285, 0x000009c2,
+	0x00002288, 0x000009c4,
+	0x00002289, 0x000009c6,
+	0x000022ac, 0x000009c8,
+	0x000022ad, 0x000009ca,
+	0x000022ae, 0x000009cc,
+	0x000022af, 0x000009ce,
+	0x000022e0, 0x000009d0,
+	0x000022e1, 0x000009d2,
+	0x000022e2, 0x000009d4,
+	0x000022e3, 0x000009d6,
+	0x000022ea, 0x000009d8,
+	0x000022eb, 0x000009da,
+	0x000022ec, 0x000009dc,
+	0x000022ed, 0x000009de,
+	0x00002329, 0x000009e0,
+	0x0000232a, 0x000009e1,
+	0x00002460, 0x000009e2,
+	0x00002461, 0x000009e3,
+	0x00002462, 0x000009e4,
+	0x00002463, 0x000009e5,
+	0x00002464, 0x000009e6,
+	0x00002465, 0x000009e7,
+	0x00002466, 0x000009e8,
+	0x00002467, 0x000009e9,
+	0x00002468, 0x000009ea,
+	0x00002469, 0x000009eb,
+	0x0000246a, 0x000009ed,
+	0x0000246b, 0x000009ef,
+	0x0000246c, 0x000009f1,
+	0x0000246d, 0x000009f3,
+	0x0000246e, 0x000009f5,
+	0x0000246f, 0x000009f7,
+	0x00002470, 0x000009f9,
+	0x00002471, 0x000009fb,
+	0x00002472, 0x000009fd,
+	0x00002473, 0x000009ff,
+	0x00002474, 0x00000a01,
+	0x00002475, 0x00000a04,
+	0x00002476, 0x00000a07,
+	0x00002477, 0x00000a0a,
+	0x00002478, 0x00000a0d,
+	0x00002479, 0x00000a10,
+	0x0000247a, 0x00000a13,
+	0x0000247b, 0x00000a16,
+	0x0000247c, 0x00000a19,
+	0x0000247d, 0x00000a1c,
+	0x0000247e, 0x00000a20,
+	0x0000247f, 0x00000a24,
+	0x00002480, 0x00000a28,
+	0x00002481, 0x00000a2c,
+	0x00002482, 0x00000a30,
+	0x00002483, 0x00000a34,
+	0x00002484, 0x00000a38,
+	0x00002485, 0x00000a3c,
+	0x00002486, 0x00000a40,
+	0x00002487, 0x00000a44,
+	0x00002488, 0x00000a48,
+	0x00002489, 0x00000a4a,
+	0x0000248a, 0x00000a4c,
+	0x0000248b, 0x00000a4e,
+	0x0000248c, 0x00000a50,
+	0x0000248d, 0x00000a52,
+	0x0000248e, 0x00000a54,
+	0x0000248f, 0x00000a56,
+	0x00002490, 0x00000a58,
+	0x00002491, 0x00000a5a,
+	0x00002492, 0x00000a5d,
+	0x00002493, 0x00000a60,
+	0x00002494, 0x00000a63,
+	0x00002495, 0x00000a66,
+	0x00002496, 0x00000a69,
+	0x00002497, 0x00000a6c,
+	0x00002498, 0x00000a6f,
+	0x00002499, 0x00000a72,
+	0x0000249a, 0x00000a75,
+	0x0000249b, 0x00000a78,
+	0x0000249c, 0x00000a7b,
+	0x0000249d, 0x00000a7e,
+	0x0000249e, 0x00000a81,
+	0x0000249f, 0x00000a84,
+	0x000024a0, 0x00000a87,
+	0x000024a1, 0x00000a8a,
+	0x000024a2, 0x00000a8d,
+	0x000024a3, 0x00000a90,
+	0x000024a4, 0x00000a93,
+	0x000024a5, 0x00000a96,
+	0x000024a6, 0x00000a99,
+	0x000024a7, 0x00000a9c,
+	0x000024a8, 0x00000a9f,
+	0x000024a9, 0x00000aa2,
+	0x000024aa, 0x00000aa5,
+	0x000024ab, 0x00000aa8,
+	0x000024ac, 0x00000aab,
+	0x000024ad, 0x00000aae,
+	0x000024ae, 0x00000ab1,
+	0x000024af, 0x00000ab4,
+	0x000024b0, 0x00000ab7,
+	0x000024b1, 0x00000aba,
+	0x000024b2, 0x00000abd,
+	0x000024b3, 0x00000ac0,
+	0x000024b4, 0x00000ac3,
+	0x000024b5, 0x00000ac6,
+	0x000024b6, 0x00000ac9,
+	0x000024b7, 0x00000aca,
+	0x000024b8, 0x00000acb,
+	0x000024b9, 0x00000acc,
+	0x000024ba, 0x00000acd,
+	0x000024bb, 0x00000ace,
+	0x000024bc, 0x00000acf,
+	0x000024bd, 0x00000ad0,
+	0x000024be, 0x00000ad1,
+	0x000024bf, 0x00000ad2,
+	0x000024c0, 0x00000ad3,
+	0x000024c1, 0x00000ad4,
+	0x000024c2, 0x00000ad5,
+	0x000024c3, 0x00000ad6,
+	0x000024c4, 0x00000ad7,
+	0x000024c5, 0x00000ad8,
+	0x000024c6, 0x00000ad9,
+	0x000024c7, 0x00000ada,
+	0x000024c8, 0x00000adb,
+	0x000024c9, 0x00000adc,
+	0x000024ca, 0x00000add,
+	0x000024cb, 0x00000ade,
+	0x000024cc, 0x00000adf,
+	0x000024cd, 0x00000ae0,
+	0x000024ce, 0x00000ae1,
+	0x000024cf, 0x00000ae2,
+	0x000024d0, 0x00000ae3,
+	0x000024d1, 0x00000ae4,
+	0x000024d2, 0x00000ae5,
+	0x000024d3, 0x00000ae6,
+	0x000024d4, 0x00000ae7,
+	0x000024d5, 0x00000ae8,
+	0x000024d6, 0x00000ae9,
+	0x000024d7, 0x00000aea,
+	0x000024d8, 0x00000aeb,
+	0x000024d9, 0x00000aec,
+	0x000024da, 0x00000aed,
+	0x000024db, 0x00000aee,
+	0x000024dc, 0x00000aef,
+	0x000024dd, 0x00000af0,
+	0x000024de, 0x00000af1,
+	0x000024df, 0x00000af2,
+	0x000024e0, 0x00000af3,
+	0x000024e1, 0x00000af4,
+	0x000024e2, 0x00000af5,
+	0x000024e3, 0x00000af6,
+	0x000024e4, 0x00000af7,
+	0x000024e5, 0x00000af8,
+	0x000024e6, 0x00000af9,
+	0x000024e7, 0x00000afa,
+	0x000024e8, 0x00000afb,
+	0x000024e9, 0x00000afc,
+	0x000024ea, 0x00000afd,
+	0x00002a0c, 0x00000afe,
+	0x00002a74, 0x00000b02,
+	0x00002a75, 0x00000b05,
+	0x00002a76, 0x00000b07,
+	0x00002adc, 0x00000b0a,
+	0x00002e9f, 0x00000b0c,
+	0x00002ef3, 0x00000b0d,
+	0x00002f00, 0x00000b0e,
+	0x00002f01, 0x00000b0f,
+	0x00002f02, 0x00000b10,
+	0x00002f03, 0x00000b11,
+	0x00002f04, 0x00000b12,
+	0x00002f05, 0x00000b13,
+	0x00002f06, 0x00000b14,
+	0x00002f07, 0x00000b15,
+	0x00002f08, 0x00000b16,
+	0x00002f09, 0x00000b17,
+	0x00002f0a, 0x00000b18,
+	0x00002f0b, 0x00000b19,
+	0x00002f0c, 0x00000b1a,
+	0x00002f0d, 0x00000b1b,
+	0x00002f0e, 0x00000b1c,
+	0x00002f0f, 0x00000b1d,
+	0x00002f10, 0x00000b1e,
+	0x00002f11, 0x00000b1f,
+	0x00002f12, 0x00000b20,
+	0x00002f13, 0x00000b21,
+	0x00002f14, 0x00000b22,
+	0x00002f15, 0x00000b23,
+	0x00002f16, 0x00000b24,
+	0x00002f17, 0x00000b25,
+	0x00002f18, 0x00000b26,
+	0x00002f19, 0x00000b27,
+	0x00002f1a, 0x00000b28,
+	0x00002f1b, 0x00000b29,
+	0x00002f1c, 0x00000b2a,
+	0x00002f1d, 0x00000b2b,
+	0x00002f1e, 0x00000b2c,
+	0x00002f1f, 0x00000b2d,
+	0x00002f20, 0x00000b2e,
+	0x00002f21, 0x00000b2f,
+	0x00002f22, 0x00000b30,
+	0x00002f23, 0x00000b31,
+	0x00002f24, 0x00000b32,
+	0x00002f25, 0x00000b33,
+	0x00002f26, 0x00000b34,
+	0x00002f27, 0x00000b35,
+	0x00002f28, 0x00000b36,
+	0x00002f29, 0x00000b37,
+	0x00002f2a, 0x00000b38,
+	0x00002f2b, 0x00000b39,
+	0x00002f2c, 0x00000b3a,
+	0x00002f2d, 0x00000b3b,
+	0x00002f2e, 0x00000b3c,
+	0x00002f2f, 0x00000b3d,
+	0x00002f30, 0x00000b3e,
+	0x00002f31, 0x00000b3f,
+	0x00002f32, 0x00000b40,
+	0x00002f33, 0x00000b41,
+	0x00002f34, 0x00000b42,
+	0x00002f35, 0x00000b43,
+	0x00002f36, 0x00000b44,
+	0x00002f37, 0x00000b45,
+	0x00002f38, 0x00000b46,
+	0x00002f39, 0x00000b47,
+	0x00002f3a, 0x00000b48,
+	0x00002f3b, 0x00000b49,
+	0x00002f3c, 0x00000b4a,
+	0x00002f3d, 0x00000b4b,
+	0x00002f3e, 0x00000b4c,
+	0x00002f3f, 0x00000b4d,
+	0x00002f40, 0x00000b4e,
+	0x00002f41, 0x00000b4f,
+	0x00002f42, 0x00000b50,
+	0x00002f43, 0x00000b51,
+	0x00002f44, 0x00000b52,
+	0x00002f45, 0x00000b53,
+	0x00002f46, 0x00000b54,
+	0x00002f47, 0x00000b55,
+	0x00002f48, 0x00000b56,
+	0x00002f49, 0x00000b57,
+	0x00002f4a, 0x00000b58,
+	0x00002f4b, 0x00000b59,
+	0x00002f4c, 0x00000b5a,
+	0x00002f4d, 0x00000b5b,
+	0x00002f4e, 0x00000b5c,
+	0x00002f4f, 0x00000b5d,
+	0x00002f50, 0x00000b5e,
+	0x00002f51, 0x00000b5f,
+	0x00002f52, 0x00000b60,
+	0x00002f53, 0x00000b61,
+	0x00002f54, 0x00000b62,
+	0x00002f55, 0x00000b63,
+	0x00002f56, 0x00000b64,
+	0x00002f57, 0x00000b65,
+	0x00002f58, 0x00000b66,
+	0x00002f59, 0x00000b67,
+	0x00002f5a, 0x00000b68,
+	0x00002f5b, 0x00000b69,
+	0x00002f5c, 0x00000b6a,
+	0x00002f5d, 0x00000b6b,
+	0x00002f5e, 0x00000b6c,
+	0x00002f5f, 0x00000b6d,
+	0x00002f60, 0x00000b6e,
+	0x00002f61, 0x00000b6f,
+	0x00002f62, 0x00000b70,
+	0x00002f63, 0x00000b71,
+	0x00002f64, 0x00000b72,
+	0x00002f65, 0x00000b73,
+	0x00002f66, 0x00000b74,
+	0x00002f67, 0x00000b75,
+	0x00002f68, 0x00000b76,
+	0x00002f69, 0x00000b77,
+	0x00002f6a, 0x00000b78,
+	0x00002f6b, 0x00000b79,
+	0x00002f6c, 0x00000b7a,
+	0x00002f6d, 0x00000b7b,
+	0x00002f6e, 0x00000b7c,
+	0x00002f6f, 0x00000b7d,
+	0x00002f70, 0x00000b7e,
+	0x00002f71, 0x00000b7f,
+	0x00002f72, 0x00000b80,
+	0x00002f73, 0x00000b81,
+	0x00002f74, 0x00000b82,
+	0x00002f75, 0x00000b83,
+	0x00002f76, 0x00000b84,
+	0x00002f77, 0x00000b85,
+	0x00002f78, 0x00000b86,
+	0x00002f79, 0x00000b87,
+	0x00002f7a, 0x00000b88,
+	0x00002f7b, 0x00000b89,
+	0x00002f7c, 0x00000b8a,
+	0x00002f7d, 0x00000b8b,
+	0x00002f7e, 0x00000b8c,
+	0x00002f7f, 0x00000b8d,
+	0x00002f80, 0x00000b8e,
+	0x00002f81, 0x00000b8f,
+	0x00002f82, 0x00000b90,
+	0x00002f83, 0x00000b91,
+	0x00002f84, 0x00000b92,
+	0x00002f85, 0x00000b93,
+	0x00002f86, 0x00000b94,
+	0x00002f87, 0x00000b95,
+	0x00002f88, 0x00000b96,
+	0x00002f89, 0x00000b97,
+	0x00002f8a, 0x00000b98,
+	0x00002f8b, 0x00000b99,
+	0x00002f8c, 0x00000b9a,
+	0x00002f8d, 0x00000b9b,
+	0x00002f8e, 0x00000b9c,
+	0x00002f8f, 0x00000b9d,
+	0x00002f90, 0x00000b9e,
+	0x00002f91, 0x00000b9f,
+	0x00002f92, 0x00000ba0,
+	0x00002f93, 0x00000ba1,
+	0x00002f94, 0x00000ba2,
+	0x00002f95, 0x00000ba3,
+	0x00002f96, 0x00000ba4,
+	0x00002f97, 0x00000ba5,
+	0x00002f98, 0x00000ba6,
+	0x00002f99, 0x00000ba7,
+	0x00002f9a, 0x00000ba8,
+	0x00002f9b, 0x00000ba9,
+	0x00002f9c, 0x00000baa,
+	0x00002f9d, 0x00000bab,
+	0x00002f9e, 0x00000bac,
+	0x00002f9f, 0x00000bad,
+	0x00002fa0, 0x00000bae,
+	0x00002fa1, 0x00000baf,
+	0x00002fa2, 0x00000bb0,
+	0x00002fa3, 0x00000bb1,
+	0x00002fa4, 0x00000bb2,
+	0x00002fa5, 0x00000bb3,
+	0x00002fa6, 0x00000bb4,
+	0x00002fa7, 0x00000bb5,
+	0x00002fa8, 0x00000bb6,
+	0x00002fa9, 0x00000bb7,
+	0x00002faa, 0x00000bb8,
+	0x00002fab, 0x00000bb9,
+	0x00002fac, 0x00000bba,
+	0x00002fad, 0x00000bbb,
+	0x00002fae, 0x00000bbc,
+	0x00002faf, 0x00000bbd,
+	0x00002fb0, 0x00000bbe,
+	0x00002fb1, 0x00000bbf,
+	0x00002fb2, 0x00000bc0,
+	0x00002fb3, 0x00000bc1,
+	0x00002fb4, 0x00000bc2,
+	0x00002fb5, 0x00000bc3,
+	0x00002fb6, 0x00000bc4,
+	0x00002fb7, 0x00000bc5,
+	0x00002fb8, 0x00000bc6,
+	0x00002fb9, 0x00000bc7,
+	0x00002fba, 0x00000bc8,
+	0x00002fbb, 0x00000bc9,
+	0x00002fbc, 0x00000bca,
+	0x00002fbd, 0x00000bcb,
+	0x00002fbe, 0x00000bcc,
+	0x00002fbf, 0x00000bcd,
+	0x00002fc0, 0x00000bce,
+	0x00002fc1, 0x00000bcf,
+	0x00002fc2, 0x00000bd0,
+	0x00002fc3, 0x00000bd1,
+	0x00002fc4, 0x00000bd2,
+	0x00002fc5, 0x00000bd3,
+	0x00002fc6, 0x00000bd4,
+	0x00002fc7, 0x00000bd5,
+	0x00002fc8, 0x00000bd6,
+	0x00002fc9, 0x00000bd7,
+	0x00002fca, 0x00000bd8,
+	0x00002fcb, 0x00000bd9,
+	0x00002fcc, 0x00000bda,
+	0x00002fcd, 0x00000bdb,
+	0x00002fce, 0x00000bdc,
+	0x00002fcf, 0x00000bdd,
+	0x00002fd0, 0x00000bde,
+	0x00002fd1, 0x00000bdf,
+	0x00002fd2, 0x00000be0,
+	0x00002fd3, 0x00000be1,
+	0x00002fd4, 0x00000be2,
+	0x00002fd5, 0x00000be3,
+	0x00003000, 0x00000be4,
+	0x00003036, 0x00000be5,
+	0x00003038, 0x00000be6,
+	0x00003039, 0x00000be7,
+	0x0000303a, 0x00000be8,
+	0x0000304c, 0x00000be9,
+	0x0000304e, 0x00000beb,
+	0x00003050, 0x00000bed,
+	0x00003052, 0x00000bef,
+	0x00003054, 0x00000bf1,
+	0x00003056, 0x00000bf3,
+	0x00003058, 0x00000bf5,
+	0x0000305a, 0x00000bf7,
+	0x0000305c, 0x00000bf9,
+	0x0000305e, 0x00000bfb,
+	0x00003060, 0x00000bfd,
+	0x00003062, 0x00000bff,
+	0x00003065, 0x00000c01,
+	0x00003067, 0x00000c03,
+	0x00003069, 0x00000c05,
+	0x00003070, 0x00000c07,
+	0x00003071, 0x00000c09,
+	0x00003073, 0x00000c0b,
+	0x00003074, 0x00000c0d,
+	0x00003076, 0x00000c0f,
+	0x00003077, 0x00000c11,
+	0x00003079, 0x00000c13,
+	0x0000307a, 0x00000c15,
+	0x0000307c, 0x00000c17,
+	0x0000307d, 0x00000c19,
+	0x00003094, 0x00000c1b,
+	0x0000309b, 0x00000c1d,
+	0x0000309c, 0x00000c1f,
+	0x0000309e, 0x00000c21,
+	0x0000309f, 0x00000c23,
+	0x000030ac, 0x00000c25,
+	0x000030ae, 0x00000c27,
+	0x000030b0, 0x00000c29,
+	0x000030b2, 0x00000c2b,
+	0x000030b4, 0x00000c2d,
+	0x000030b6, 0x00000c2f,
+	0x000030b8, 0x00000c31,
+	0x000030ba, 0x00000c33,
+	0x000030bc, 0x00000c35,
+	0x000030be, 0x00000c37,
+	0x000030c0, 0x00000c39,
+	0x000030c2, 0x00000c3b,
+	0x000030c5, 0x00000c3d,
+	0x000030c7, 0x00000c3f,
+	0x000030c9, 0x00000c41,
+	0x000030d0, 0x00000c43,
+	0x000030d1, 0x00000c45,
+	0x000030d3, 0x00000c47,
+	0x000030d4, 0x00000c49,
+	0x000030d6, 0x00000c4b,
+	0x000030d7, 0x00000c4d,
+	0x000030d9, 0x00000c4f,
+	0x000030da, 0x00000c51,
+	0x000030dc, 0x00000c53,
+	0x000030dd, 0x00000c55,
+	0x000030f4, 0x00000c57,
+	0x000030f7, 0x00000c59,
+	0x000030f8, 0x00000c5b,
+	0x000030f9, 0x00000c5d,
+	0x000030fa, 0x00000c5f,
+	0x000030fe, 0x00000c61,
+	0x000030ff, 0x00000c63,
+	0x00003131, 0x00000c65,
+	0x00003132, 0x00000c66,
+	0x00003133, 0x00000c67,
+	0x00003134, 0x00000c68,
+	0x00003135, 0x00000c69,
+	0x00003136, 0x00000c6a,
+	0x00003137, 0x00000c6b,
+	0x00003138, 0x00000c6c,
+	0x00003139, 0x00000c6d,
+	0x0000313a, 0x00000c6e,
+	0x0000313b, 0x00000c6f,
+	0x0000313c, 0x00000c70,
+	0x0000313d, 0x00000c71,
+	0x0000313e, 0x00000c72,
+	0x0000313f, 0x00000c73,
+	0x00003140, 0x00000c74,
+	0x00003141, 0x00000c75,
+	0x00003142, 0x00000c76,
+	0x00003143, 0x00000c77,
+	0x00003144, 0x00000c78,
+	0x00003145, 0x00000c79,
+	0x00003146, 0x00000c7a,
+	0x00003147, 0x00000c7b,
+	0x00003148, 0x00000c7c,
+	0x00003149, 0x00000c7d,
+	0x0000314a, 0x00000c7e,
+	0x0000314b, 0x00000c7f,
+	0x0000314c, 0x00000c80,
+	0x0000314d, 0x00000c81,
+	0x0000314e, 0x00000c82,
+	0x0000314f, 0x00000c83,
+	0x00003150, 0x00000c84,
+	0x00003151, 0x00000c85,
+	0x00003152, 0x00000c86,
+	0x00003153, 0x00000c87,
+	0x00003154, 0x00000c88,
+	0x00003155, 0x00000c89,
+	0x00003156, 0x00000c8a,
+	0x00003157, 0x00000c8b,
+	0x00003158, 0x00000c8c,
+	0x00003159, 0x00000c8d,
+	0x0000315a, 0x00000c8e,
+	0x0000315b, 0x00000c8f,
+	0x0000315c, 0x00000c90,
+	0x0000315d, 0x00000c91,
+	0x0000315e, 0x00000c92,
+	0x0000315f, 0x00000c93,
+	0x00003160, 0x00000c94,
+	0x00003161, 0x00000c95,
+	0x00003162, 0x00000c96,
+	0x00003163, 0x00000c97,
+	0x00003164, 0x00000c98,
+	0x00003165, 0x00000c99,
+	0x00003166, 0x00000c9a,
+	0x00003167, 0x00000c9b,
+	0x00003168, 0x00000c9c,
+	0x00003169, 0x00000c9d,
+	0x0000316a, 0x00000c9e,
+	0x0000316b, 0x00000c9f,
+	0x0000316c, 0x00000ca0,
+	0x0000316d, 0x00000ca1,
+	0x0000316e, 0x00000ca2,
+	0x0000316f, 0x00000ca3,
+	0x00003170, 0x00000ca4,
+	0x00003171, 0x00000ca5,
+	0x00003172, 0x00000ca6,
+	0x00003173, 0x00000ca7,
+	0x00003174, 0x00000ca8,
+	0x00003175, 0x00000ca9,
+	0x00003176, 0x00000caa,
+	0x00003177, 0x00000cab,
+	0x00003178, 0x00000cac,
+	0x00003179, 0x00000cad,
+	0x0000317a, 0x00000cae,
+	0x0000317b, 0x00000caf,
+	0x0000317c, 0x00000cb0,
+	0x0000317d, 0x00000cb1,
+	0x0000317e, 0x00000cb2,
+	0x0000317f, 0x00000cb3,
+	0x00003180, 0x00000cb4,
+	0x00003181, 0x00000cb5,
+	0x00003182, 0x00000cb6,
+	0x00003183, 0x00000cb7,
+	0x00003184, 0x00000cb8,
+	0x00003185, 0x00000cb9,
+	0x00003186, 0x00000cba,
+	0x00003187, 0x00000cbb,
+	0x00003188, 0x00000cbc,
+	0x00003189, 0x00000cbd,
+	0x0000318a, 0x00000cbe,
+	0x0000318b, 0x00000cbf,
+	0x0000318c, 0x00000cc0,
+	0x0000318d, 0x00000cc1,
+	0x0000318e, 0x00000cc2,
+	0x00003192, 0x00000cc3,
+	0x00003193, 0x00000cc4,
+	0x00003194, 0x00000cc5,
+	0x00003195, 0x00000cc6,
+	0x00003196, 0x00000cc7,
+	0x00003197, 0x00000cc8,
+	0x00003198, 0x00000cc9,
+	0x00003199, 0x00000cca,
+	0x0000319a, 0x00000ccb,
+	0x0000319b, 0x00000ccc,
+	0x0000319c, 0x00000ccd,
+	0x0000319d, 0x00000cce,
+	0x0000319e, 0x00000ccf,
+	0x0000319f, 0x00000cd0,
+	0x00003200, 0x00000cd1,
+	0x00003201, 0x00000cd4,
+	0x00003202, 0x00000cd7,
+	0x00003203, 0x00000cda,
+	0x00003204, 0x00000cdd,
+	0x00003205, 0x00000ce0,
+	0x00003206, 0x00000ce3,
+	0x00003207, 0x00000ce6,
+	0x00003208, 0x00000ce9,
+	0x00003209, 0x00000cec,
+	0x0000320a, 0x00000cef,
+	0x0000320b, 0x00000cf2,
+	0x0000320c, 0x00000cf5,
+	0x0000320d, 0x00000cf8,
+	0x0000320e, 0x00000cfb,
+	0x0000320f, 0x00000cff,
+	0x00003210, 0x00000d03,
+	0x00003211, 0x00000d07,
+	0x00003212, 0x00000d0b,
+	0x00003213, 0x00000d0f,
+	0x00003214, 0x00000d13,
+	0x00003215, 0x00000d17,
+	0x00003216, 0x00000d1b,
+	0x00003217, 0x00000d1f,
+	0x00003218, 0x00000d23,
+	0x00003219, 0x00000d27,
+	0x0000321a, 0x00000d2b,
+	0x0000321b, 0x00000d2f,
+	0x0000321c, 0x00000d33,
+	0x00003220, 0x00000d37,
+	0x00003221, 0x00000d3a,
+	0x00003222, 0x00000d3d,
+	0x00003223, 0x00000d40,
+	0x00003224, 0x00000d43,
+	0x00003225, 0x00000d46,
+	0x00003226, 0x00000d49,
+	0x00003227, 0x00000d4c,
+	0x00003228, 0x00000d4f,
+	0x00003229, 0x00000d52,
+	0x0000322a, 0x00000d55,
+	0x0000322b, 0x00000d58,
+	0x0000322c, 0x00000d5b,
+	0x0000322d, 0x00000d5e,
+	0x0000322e, 0x00000d61,
+	0x0000322f, 0x00000d64,
+	0x00003230, 0x00000d67,
+	0x00003231, 0x00000d6a,
+	0x00003232, 0x00000d6d,
+	0x00003233, 0x00000d70,
+	0x00003234, 0x00000d73,
+	0x00003235, 0x00000d76,
+	0x00003236, 0x00000d79,
+	0x00003237, 0x00000d7c,
+	0x00003238, 0x00000d7f,
+	0x00003239, 0x00000d82,
+	0x0000323a, 0x00000d85,
+	0x0000323b, 0x00000d88,
+	0x0000323c, 0x00000d8b,
+	0x0000323d, 0x00000d8e,
+	0x0000323e, 0x00000d91,
+	0x0000323f, 0x00000d94,
+	0x00003240, 0x00000d97,
+	0x00003241, 0x00000d9a,
+	0x00003242, 0x00000d9d,
+	0x00003243, 0x00000da0,
+	0x00003251, 0x00000da3,
+	0x00003252, 0x00000da5,
+	0x00003253, 0x00000da7,
+	0x00003254, 0x00000da9,
+	0x00003255, 0x00000dab,
+	0x00003256, 0x00000dad,
+	0x00003257, 0x00000daf,
+	0x00003258, 0x00000db1,
+	0x00003259, 0x00000db3,
+	0x0000325a, 0x00000db5,
+	0x0000325b, 0x00000db7,
+	0x0000325c, 0x00000db9,
+	0x0000325d, 0x00000dbb,
+	0x0000325e, 0x00000dbd,
+	0x0000325f, 0x00000dbf,
+	0x00003260, 0x00000dc1,
+	0x00003261, 0x00000dc2,
+	0x00003262, 0x00000dc3,
+	0x00003263, 0x00000dc4,
+	0x00003264, 0x00000dc5,
+	0x00003265, 0x00000dc6,
+	0x00003266, 0x00000dc7,
+	0x00003267, 0x00000dc8,
+	0x00003268, 0x00000dc9,
+	0x00003269, 0x00000dca,
+	0x0000326a, 0x00000dcb,
+	0x0000326b, 0x00000dcc,
+	0x0000326c, 0x00000dcd,
+	0x0000326d, 0x00000dce,
+	0x0000326e, 0x00000dcf,
+	0x0000326f, 0x00000dd1,
+	0x00003270, 0x00000dd3,
+	0x00003271, 0x00000dd5,
+	0x00003272, 0x00000dd7,
+	0x00003273, 0x00000dd9,
+	0x00003274, 0x00000ddb,
+	0x00003275, 0x00000ddd,
+	0x00003276, 0x00000ddf,
+	0x00003277, 0x00000de1,
+	0x00003278, 0x00000de3,
+	0x00003279, 0x00000de5,
+	0x0000327a, 0x00000de7,
+	0x0000327b, 0x00000de9,
+	0x00003280, 0x00000deb,
+	0x00003281, 0x00000dec,
+	0x00003282, 0x00000ded,
+	0x00003283, 0x00000dee,
+	0x00003284, 0x00000def,
+	0x00003285, 0x00000df0,
+	0x00003286, 0x00000df1,
+	0x00003287, 0x00000df2,
+	0x00003288, 0x00000df3,
+	0x00003289, 0x00000df4,
+	0x0000328a, 0x00000df5,
+	0x0000328b, 0x00000df6,
+	0x0000328c, 0x00000df7,
+	0x0000328d, 0x00000df8,
+	0x0000328e, 0x00000df9,
+	0x0000328f, 0x00000dfa,
+	0x00003290, 0x00000dfb,
+	0x00003291, 0x00000dfc,
+	0x00003292, 0x00000dfd,
+	0x00003293, 0x00000dfe,
+	0x00003294, 0x00000dff,
+	0x00003295, 0x00000e00,
+	0x00003296, 0x00000e01,
+	0x00003297, 0x00000e02,
+	0x00003298, 0x00000e03,
+	0x00003299, 0x00000e04,
+	0x0000329a, 0x00000e05,
+	0x0000329b, 0x00000e06,
+	0x0000329c, 0x00000e07,
+	0x0000329d, 0x00000e08,
+	0x0000329e, 0x00000e09,
+	0x0000329f, 0x00000e0a,
+	0x000032a0, 0x00000e0b,
+	0x000032a1, 0x00000e0c,
+	0x000032a2, 0x00000e0d,
+	0x000032a3, 0x00000e0e,
+	0x000032a4, 0x00000e0f,
+	0x000032a5, 0x00000e10,
+	0x000032a6, 0x00000e11,
+	0x000032a7, 0x00000e12,
+	0x000032a8, 0x00000e13,
+	0x000032a9, 0x00000e14,
+	0x000032aa, 0x00000e15,
+	0x000032ab, 0x00000e16,
+	0x000032ac, 0x00000e17,
+	0x000032ad, 0x00000e18,
+	0x000032ae, 0x00000e19,
+	0x000032af, 0x00000e1a,
+	0x000032b0, 0x00000e1b,
+	0x000032b1, 0x00000e1c,
+	0x000032b2, 0x00000e1e,
+	0x000032b3, 0x00000e20,
+	0x000032b4, 0x00000e22,
+	0x000032b5, 0x00000e24,
+	0x000032b6, 0x00000e26,
+	0x000032b7, 0x00000e28,
+	0x000032b8, 0x00000e2a,
+	0x000032b9, 0x00000e2c,
+	0x000032ba, 0x00000e2e,
+	0x000032bb, 0x00000e30,
+	0x000032bc, 0x00000e32,
+	0x000032bd, 0x00000e34,
+	0x000032be, 0x00000e36,
+	0x000032bf, 0x00000e38,
+	0x000032c0, 0x00000e3a,
+	0x000032c1, 0x00000e3c,
+	0x000032c2, 0x00000e3e,
+	0x000032c3, 0x00000e40,
+	0x000032c4, 0x00000e42,
+	0x000032c5, 0x00000e44,
+	0x000032c6, 0x00000e46,
+	0x000032c7, 0x00000e48,
+	0x000032c8, 0x00000e4a,
+	0x000032c9, 0x00000e4c,
+	0x000032ca, 0x00000e4f,
+	0x000032cb, 0x00000e52,
+	0x000032d0, 0x00000e55,
+	0x000032d1, 0x00000e56,
+	0x000032d2, 0x00000e57,
+	0x000032d3, 0x00000e58,
+	0x000032d4, 0x00000e59,
+	0x000032d5, 0x00000e5a,
+	0x000032d6, 0x00000e5b,
+	0x000032d7, 0x00000e5c,
+	0x000032d8, 0x00000e5d,
+	0x000032d9, 0x00000e5e,
+	0x000032da, 0x00000e5f,
+	0x000032db, 0x00000e60,
+	0x000032dc, 0x00000e61,
+	0x000032dd, 0x00000e62,
+	0x000032de, 0x00000e63,
+	0x000032df, 0x00000e64,
+	0x000032e0, 0x00000e65,
+	0x000032e1, 0x00000e66,
+	0x000032e2, 0x00000e67,
+	0x000032e3, 0x00000e68,
+	0x000032e4, 0x00000e69,
+	0x000032e5, 0x00000e6a,
+	0x000032e6, 0x00000e6b,
+	0x000032e7, 0x00000e6c,
+	0x000032e8, 0x00000e6d,
+	0x000032e9, 0x00000e6e,
+	0x000032ea, 0x00000e6f,
+	0x000032eb, 0x00000e70,
+	0x000032ec, 0x00000e71,
+	0x000032ed, 0x00000e72,
+	0x000032ee, 0x00000e73,
+	0x000032ef, 0x00000e74,
+	0x000032f0, 0x00000e75,
+	0x000032f1, 0x00000e76,
+	0x000032f2, 0x00000e77,
+	0x000032f3, 0x00000e78,
+	0x000032f4, 0x00000e79,
+	0x000032f5, 0x00000e7a,
+	0x000032f6, 0x00000e7b,
+	0x000032f7, 0x00000e7c,
+	0x000032f8, 0x00000e7d,
+	0x000032f9, 0x00000e7e,
+	0x000032fa, 0x00000e7f,
+	0x000032fb, 0x00000e80,
+	0x000032fc, 0x00000e81,
+	0x000032fd, 0x00000e82,
+	0x000032fe, 0x00000e83,
+	0x00003300, 0x00000e84,
+	0x00003301, 0x00000e89,
+	0x00003302, 0x00000e8d,
+	0x00003303, 0x00000e92,
+	0x00003304, 0x00000e95,
+	0x00003305, 0x00000e9a,
+	0x00003306, 0x00000e9d,
+	0x00003307, 0x00000ea0,
+	0x00003308, 0x00000ea6,
+	0x00003309, 0x00000eaa,
+	0x0000330a, 0x00000ead,
+	0x0000330b, 0x00000eb0,
+	0x0000330c, 0x00000eb3,
+	0x0000330d, 0x00000eb7,
+	0x0000330e, 0x00000ebb,
+	0x0000330f, 0x00000ebf,
+	0x00003310, 0x00000ec3,
+	0x00003311, 0x00000ec7,
+	0x00003312, 0x00000ecb,
+	0x00003313, 0x00000ecf,
+	0x00003314, 0x00000ed5,
+	0x00003315, 0x00000ed7,
+	0x00003316, 0x00000edd,
+	0x00003317, 0x00000ee3,
+	0x00003318, 0x00000ee8,
+	0x00003319, 0x00000eec,
+	0x0000331a, 0x00000ef2,
+	0x0000331b, 0x00000ef8,
+	0x0000331c, 0x00000efc,
+	0x0000331d, 0x00000eff,
+	0x0000331e, 0x00000f02,
+	0x0000331f, 0x00000f06,
+	0x00003320, 0x00000f0a,
+	0x00003321, 0x00000f0f,
+	0x00003322, 0x00000f14,
+	0x00003323, 0x00000f17,
+	0x00003324, 0x00000f1a,
+	0x00003325, 0x00000f1e,
+	0x00003326, 0x00000f21,
+	0x00003327, 0x00000f24,
+	0x00003328, 0x00000f26,
+	0x00003329, 0x00000f28,
+	0x0000332a, 0x00000f2b,
+	0x0000332b, 0x00000f2e,
+	0x0000332c, 0x00000f34,
+	0x0000332d, 0x00000f38,
+	0x0000332e, 0x00000f3d,
+	0x0000332f, 0x00000f43,
+	0x00003330, 0x00000f47,
+	0x00003331, 0x00000f4a,
+	0x00003332, 0x00000f4d,
+	0x00003333, 0x00000f53,
+	0x00003334, 0x00000f57,
+	0x00003335, 0x00000f5d,
+	0x00003336, 0x00000f60,
+	0x00003337, 0x00000f65,
+	0x00003338, 0x00000f68,
+	0x00003339, 0x00000f6c,
+	0x0000333a, 0x00000f6f,
+	0x0000333b, 0x00000f73,
+	0x0000333c, 0x00000f78,
+	0x0000333d, 0x00000f7c,
+	0x0000333e, 0x00000f81,
+	0x0000333f, 0x00000f85,
+	0x00003340, 0x00000f87,
+	0x00003341, 0x00000f8c,
+	0x00003342, 0x00000f8f,
+	0x00003343, 0x00000f92,
+	0x00003344, 0x00000f96,
+	0x00003345, 0x00000f99,
+	0x00003346, 0x00000f9c,
+	0x00003347, 0x00000f9f,
+	0x00003348, 0x00000fa4,
+	0x00003349, 0x00000fa8,
+	0x0000334a, 0x00000faa,
+	0x0000334b, 0x00000fb0,
+	0x0000334c, 0x00000fb3,
+	0x0000334d, 0x00000fb8,
+	0x0000334e, 0x00000fbc,
+	0x0000334f, 0x00000fc0,
+	0x00003350, 0x00000fc3,
+	0x00003351, 0x00000fc6,
+	0x00003352, 0x00000fca,
+	0x00003353, 0x00000fcc,
+	0x00003354, 0x00000fd0,
+	0x00003355, 0x00000fd5,
+	0x00003356, 0x00000fd7,
+	0x00003357, 0x00000fdd,
+	0x00003358, 0x00000fe0,
+	0x00003359, 0x00000fe2,
+	0x0000335a, 0x00000fe4,
+	0x0000335b, 0x00000fe6,
+	0x0000335c, 0x00000fe8,
+	0x0000335d, 0x00000fea,
+	0x0000335e, 0x00000fec,
+	0x0000335f, 0x00000fee,
+	0x00003360, 0x00000ff0,
+	0x00003361, 0x00000ff2,
+	0x00003362, 0x00000ff4,
+	0x00003363, 0x00000ff7,
+	0x00003364, 0x00000ffa,
+	0x00003365, 0x00000ffd,
+	0x00003366, 0x00001000,
+	0x00003367, 0x00001003,
+	0x00003368, 0x00001006,
+	0x00003369, 0x00001009,
+	0x0000336a, 0x0000100c,
+	0x0000336b, 0x0000100f,
+	0x0000336c, 0x00001012,
+	0x0000336d, 0x00001015,
+	0x0000336e, 0x00001018,
+	0x0000336f, 0x0000101b,
+	0x00003370, 0x0000101e,
+	0x00003371, 0x00001021,
+	0x00003372, 0x00001024,
+	0x00003373, 0x00001026,
+	0x00003374, 0x00001028,
+	0x00003375, 0x0000102b,
+	0x00003376, 0x0000102d,
+	0x0000337b, 0x0000102f,
+	0x0000337c, 0x00001031,
+	0x0000337d, 0x00001033,
+	0x0000337e, 0x00001035,
+	0x0000337f, 0x00001037,
+	0x00003380, 0x0000103b,
+	0x00003381, 0x0000103d,
+	0x00003382, 0x0000103f,
+	0x00003383, 0x00001041,
+	0x00003384, 0x00001043,
+	0x00003385, 0x00001045,
+	0x00003386, 0x00001047,
+	0x00003387, 0x00001049,
+	0x00003388, 0x0000104b,
+	0x00003389, 0x0000104e,
+	0x0000338a, 0x00001052,
+	0x0000338b, 0x00001054,
+	0x0000338c, 0x00001056,
+	0x0000338d, 0x00001058,
+	0x0000338e, 0x0000105a,
+	0x0000338f, 0x0000105c,
+	0x00003390, 0x0000105e,
+	0x00003391, 0x00001060,
+	0x00003392, 0x00001063,
+	0x00003393, 0x00001066,
+	0x00003394, 0x00001069,
+	0x00003395, 0x0000106c,
+	0x00003396, 0x0000106e,
+	0x00003397, 0x00001070,
+	0x00003398, 0x00001072,
+	0x00003399, 0x00001074,
+	0x0000339a, 0x00001076,
+	0x0000339b, 0x00001078,
+	0x0000339c, 0x0000107a,
+	0x0000339d, 0x0000107c,
+	0x0000339e, 0x0000107e,
+	0x0000339f, 0x00001080,
+	0x000033a0, 0x00001083,
+	0x000033a1, 0x00001086,
+	0x000033a2, 0x00001088,
+	0x000033a3, 0x0000108b,
+	0x000033a4, 0x0000108e,
+	0x000033a5, 0x00001091,
+	0x000033a6, 0x00001093,
+	0x000033a7, 0x00001096,
+	0x000033a8, 0x00001099,
+	0x000033a9, 0x0000109d,
+	0x000033aa, 0x0000109f,
+	0x000033ab, 0x000010a2,
+	0x000033ac, 0x000010a5,
+	0x000033ad, 0x000010a8,
+	0x000033ae, 0x000010ab,
+	0x000033af, 0x000010b0,
+	0x000033b0, 0x000010b6,
+	0x000033b1, 0x000010b8,
+	0x000033b2, 0x000010ba,
+	0x000033b3, 0x000010bc,
+	0x000033b4, 0x000010be,
+	0x000033b5, 0x000010c0,
+	0x000033b6, 0x000010c2,
+	0x000033b7, 0x000010c4,
+	0x000033b8, 0x000010c6,
+	0x000033b9, 0x000010c8,
+	0x000033ba, 0x000010ca,
+	0x000033bb, 0x000010cc,
+	0x000033bc, 0x000010ce,
+	0x000033bd, 0x000010d0,
+	0x000033be, 0x000010d2,
+	0x000033bf, 0x000010d4,
+	0x000033c0, 0x000010d6,
+	0x000033c1, 0x000010d8,
+	0x000033c2, 0x000010da,
+	0x000033c3, 0x000010de,
+	0x000033c4, 0x000010e0,
+	0x000033c5, 0x000010e2,
+	0x000033c6, 0x000010e4,
+	0x000033c7, 0x000010e8,
+	0x000033c8, 0x000010eb,
+	0x000033c9, 0x000010ed,
+	0x000033ca, 0x000010ef,
+	0x000033cb, 0x000010f1,
+	0x000033cc, 0x000010f3,
+	0x000033cd, 0x000010f5,
+	0x000033ce, 0x000010f7,
+	0x000033cf, 0x000010f9,
+	0x000033d0, 0x000010fb,
+	0x000033d1, 0x000010fd,
+	0x000033d2, 0x000010ff,
+	0x000033d3, 0x00001102,
+	0x000033d4, 0x00001104,
+	0x000033d5, 0x00001106,
+	0x000033d6, 0x00001109,
+	0x000033d7, 0x0000110c,
+	0x000033d8, 0x0000110e,
+	0x000033d9, 0x00001112,
+	0x000033da, 0x00001115,
+	0x000033db, 0x00001117,
+	0x000033dc, 0x00001119,
+	0x000033dd, 0x0000111b,
+	0x000033e0, 0x0000111d,
+	0x000033e1, 0x0000111f,
+	0x000033e2, 0x00001121,
+	0x000033e3, 0x00001123,
+	0x000033e4, 0x00001125,
+	0x000033e5, 0x00001127,
+	0x000033e6, 0x00001129,
+	0x000033e7, 0x0000112b,
+	0x000033e8, 0x0000112d,
+	0x000033e9, 0x0000112f,
+	0x000033ea, 0x00001132,
+	0x000033eb, 0x00001135,
+	0x000033ec, 0x00001138,
+	0x000033ed, 0x0000113b,
+	0x000033ee, 0x0000113e,
+	0x000033ef, 0x00001141,
+	0x000033f0, 0x00001144,
+	0x000033f1, 0x00001147,
+	0x000033f2, 0x0000114a,
+	0x000033f3, 0x0000114d,
+	0x000033f4, 0x00001150,
+	0x000033f5, 0x00001153,
+	0x000033f6, 0x00001156,
+	0x000033f7, 0x00001159,
+	0x000033f8, 0x0000115c,
+	0x000033f9, 0x0000115f,
+	0x000033fa, 0x00001162,
+	0x000033fb, 0x00001165,
+	0x000033fc, 0x00001168,
+	0x000033fd, 0x0000116b,
+	0x000033fe, 0x0000116e,
+	0x0000f902, 0x00001171,
+	0x0000f903, 0x00001172,
+	0x0000f904, 0x00001173,
+	0x0000f905, 0x00001174,
+	0x0000f906, 0x00001175,
+	0x0000f907, 0x00001176,
+	0x0000f908, 0x00001177,
+	0x0000f909, 0x00001178,
+	0x0000f90a, 0x00001179,
+	0x0000f90b, 0x0000117a,
+	0x0000f90c, 0x0000117b,
+	0x0000f90d, 0x0000117c,
+	0x0000f90e, 0x0000117d,
+	0x0000f90f, 0x0000117e,
+	0x0000f910, 0x0000117f,
+	0x0000f911, 0x00001180,
+	0x0000f912, 0x00001181,
+	0x0000f913, 0x00001182,
+	0x0000f914, 0x00001183,
+	0x0000f915, 0x00001184,
+	0x0000f916, 0x00001185,
+	0x0000f917, 0x00001186,
+	0x0000f918, 0x00001187,
+	0x0000f919, 0x00001188,
+	0x0000f91a, 0x00001189,
+	0x0000f91b, 0x0000118a,
+	0x0000f91c, 0x0000118b,
+	0x0000f91d, 0x0000118c,
+	0x0000f91e, 0x0000118d,
+	0x0000f91f, 0x0000118e,
+	0x0000f920, 0x0000118f,
+	0x0000f921, 0x00001190,
+	0x0000f922, 0x00001191,
+	0x0000f923, 0x00001192,
+	0x0000f924, 0x00001193,
+	0x0000f925, 0x00001194,
+	0x0000f926, 0x00001195,
+	0x0000f927, 0x00001196,
+	0x0000f928, 0x00001197,
+	0x0000f929, 0x00001198,
+	0x0000f92a, 0x00001199,
+	0x0000f92b, 0x0000119a,
+	0x0000f92c, 0x0000119b,
+	0x0000f92d, 0x0000119c,
+	0x0000f92e, 0x0000119d,
+	0x0000f92f, 0x0000119e,
+	0x0000f930, 0x0000119f,
+	0x0000f931, 0x000011a0,
+	0x0000f932, 0x000011a1,
+	0x0000f933, 0x000011a2,
+	0x0000f934, 0x000011a3,
+	0x0000f935, 0x000011a4,
+	0x0000f936, 0x000011a5,
+	0x0000f937, 0x000011a6,
+	0x0000f938, 0x000011a7,
+	0x0000f939, 0x000011a8,
+	0x0000f93a, 0x000011a9,
+	0x0000f93b, 0x000011aa,
+	0x0000f93c, 0x000011ab,
+	0x0000f93d, 0x000011ac,
+	0x0000f93e, 0x000011ad,
+	0x0000f93f, 0x000011ae,
+	0x0000f940, 0x000011af,
+	0x0000f941, 0x000011b0,
+	0x0000f942, 0x000011b1,
+	0x0000f943, 0x000011b2,
+	0x0000f944, 0x000011b3,
+	0x0000f945, 0x000011b4,
+	0x0000f946, 0x000011b5,
+	0x0000f947, 0x000011b6,
+	0x0000f948, 0x000011b7,
+	0x0000f949, 0x000011b8,
+	0x0000f94a, 0x000011b9,
+	0x0000f94b, 0x000011ba,
+	0x0000f94c, 0x000011bb,
+	0x0000f94d, 0x000011bc,
+	0x0000f94e, 0x000011bd,
+	0x0000f94f, 0x000011be,
+	0x0000f950, 0x000011bf,
+	0x0000f951, 0x000011c0,
+	0x0000f952, 0x000011c1,
+	0x0000f953, 0x000011c2,
+	0x0000f954, 0x000011c3,
+	0x0000f955, 0x000011c4,
+	0x0000f956, 0x000011c5,
+	0x0000f957, 0x000011c6,
+	0x0000f958, 0x000011c7,
+	0x0000f959, 0x000011c8,
+	0x0000f95a, 0x000011c9,
+	0x0000f95b, 0x000011ca,
+	0x0000f95c, 0x000011cb,
+	0x0000f95d, 0x000011cc,
+	0x0000f95e, 0x000011cd,
+	0x0000f95f, 0x000011ce,
+	0x0000f960, 0x000011cf,
+	0x0000f961, 0x000011d0,
+	0x0000f962, 0x000011d1,
+	0x0000f963, 0x000011d2,
+	0x0000f964, 0x000011d3,
+	0x0000f965, 0x000011d4,
+	0x0000f966, 0x000011d5,
+	0x0000f967, 0x000011d6,
+	0x0000f968, 0x000011d7,
+	0x0000f969, 0x000011d8,
+	0x0000f96a, 0x000011d9,
+	0x0000f96b, 0x000011da,
+	0x0000f96c, 0x000011db,
+	0x0000f96d, 0x000011dc,
+	0x0000f96e, 0x000011dd,
+	0x0000f96f, 0x000011de,
+	0x0000f970, 0x000011df,
+	0x0000f971, 0x000011e0,
+	0x0000f972, 0x000011e1,
+	0x0000f973, 0x000011e2,
+	0x0000f974, 0x000011e3,
+	0x0000f975, 0x000011e4,
+	0x0000f976, 0x000011e5,
+	0x0000f977, 0x000011e6,
+	0x0000f978, 0x000011e7,
+	0x0000f979, 0x000011e8,
+	0x0000f97a, 0x000011e9,
+	0x0000f97b, 0x000011ea,
+	0x0000f97c, 0x000011eb,
+	0x0000f97d, 0x000011ec,
+	0x0000f97e, 0x000011ed,
+	0x0000f97f, 0x000011ee,
+	0x0000f980, 0x000011ef,
+	0x0000f981, 0x000011f0,
+	0x0000f982, 0x000011f1,
+	0x0000f983, 0x000011f2,
+	0x0000f984, 0x000011f3,
+	0x0000f985, 0x000011f4,
+	0x0000f986, 0x000011f5,
+	0x0000f987, 0x000011f6,
+	0x0000f988, 0x000011f7,
+	0x0000f989, 0x000011f8,
+	0x0000f98a, 0x000011f9,
+	0x0000f98b, 0x000011fa,
+	0x0000f98c, 0x000011fb,
+	0x0000f98d, 0x000011fc,
+	0x0000f98e, 0x000011fd,
+	0x0000f98f, 0x000011fe,
+	0x0000f990, 0x000011ff,
+	0x0000f991, 0x00001200,
+	0x0000f992, 0x00001201,
+	0x0000f993, 0x00001202,
+	0x0000f994, 0x00001203,
+	0x0000f995, 0x00001204,
+	0x0000f996, 0x00001205,
+	0x0000f997, 0x00001206,
+	0x0000f998, 0x00001207,
+	0x0000f999, 0x00001208,
+	0x0000f99a, 0x00001209,
+	0x0000f99b, 0x0000120a,
+	0x0000f99c, 0x0000120b,
+	0x0000f99d, 0x0000120c,
+	0x0000f99e, 0x0000120d,
+	0x0000f99f, 0x0000120e,
+	0x0000f9a0, 0x0000120f,
+	0x0000f9a1, 0x00001210,
+	0x0000f9a2, 0x00001211,
+	0x0000f9a3, 0x00001212,
+	0x0000f9a4, 0x00001213,
+	0x0000f9a5, 0x00001214,
+	0x0000f9a6, 0x00001215,
+	0x0000f9a7, 0x00001216,
+	0x0000f9a8, 0x00001217,
+	0x0000f9a9, 0x00001218,
+	0x0000f9aa, 0x00001219,
+	0x0000f9ab, 0x0000121a,
+	0x0000f9ac, 0x0000121b,
+	0x0000f9ad, 0x0000121c,
+	0x0000f9ae, 0x0000121d,
+	0x0000f9af, 0x0000121e,
+	0x0000f9b0, 0x0000121f,
+	0x0000f9b1, 0x00001220,
+	0x0000f9b2, 0x00001221,
+	0x0000f9b3, 0x00001222,
+	0x0000f9b4, 0x00001223,
+	0x0000f9b5, 0x00001224,
+	0x0000f9b6, 0x00001225,
+	0x0000f9b7, 0x00001226,
+	0x0000f9b8, 0x00001227,
+	0x0000f9b9, 0x00001228,
+	0x0000f9ba, 0x00001229,
+	0x0000f9bb, 0x0000122a,
+	0x0000f9bc, 0x0000122b,
+	0x0000f9bd, 0x0000122c,
+	0x0000f9be, 0x0000122d,
+	0x0000f9bf, 0x0000122e,
+	0x0000f9c0, 0x0000122f,
+	0x0000f9c1, 0x00001230,
+	0x0000f9c2, 0x00001231,
+	0x0000f9c3, 0x00001232,
+	0x0000f9c4, 0x00001233,
+	0x0000f9c5, 0x00001234,
+	0x0000f9c6, 0x00001235,
+	0x0000f9c7, 0x00001236,
+	0x0000f9c8, 0x00001237,
+	0x0000f9c9, 0x00001238,
+	0x0000f9ca, 0x00001239,
+	0x0000f9cb, 0x0000123a,
+	0x0000f9cc, 0x0000123b,
+	0x0000f9cd, 0x0000123c,
+	0x0000f9ce, 0x0000123d,
+	0x0000f9cf, 0x0000123e,
+	0x0000f9d0, 0x0000123f,
+	0x0000f9d1, 0x00001240,
+	0x0000f9d2, 0x00001241,
+	0x0000f9d3, 0x00001242,
+	0x0000f9d4, 0x00001243,
+	0x0000f9d5, 0x00001244,
+	0x0000f9d6, 0x00001245,
+	0x0000f9d7, 0x00001246,
+	0x0000f9d8, 0x00001247,
+	0x0000f9d9, 0x00001248,
+	0x0000f9da, 0x00001249,
+	0x0000f9db, 0x0000124a,
+	0x0000f9dc, 0x0000124b,
+	0x0000f9dd, 0x0000124c,
+	0x0000f9de, 0x0000124d,
+	0x0000f9df, 0x0000124e,
+	0x0000f9e0, 0x0000124f,
+	0x0000f9e1, 0x00001250,
+	0x0000f9e2, 0x00001251,
+	0x0000f9e3, 0x00001252,
+	0x0000f9e4, 0x00001253,
+	0x0000f9e5, 0x00001254,
+	0x0000f9e6, 0x00001255,
+	0x0000f9e7, 0x00001256,
+	0x0000f9e8, 0x00001257,
+	0x0000f9e9, 0x00001258,
+	0x0000f9ea, 0x00001259,
+	0x0000f9eb, 0x0000125a,
+	0x0000f9ec, 0x0000125b,
+	0x0000f9ed, 0x0000125c,
+	0x0000f9ee, 0x0000125d,
+	0x0000f9ef, 0x0000125e,
+	0x0000f9f0, 0x0000125f,
+	0x0000f9f1, 0x00001260,
+	0x0000f9f2, 0x00001261,
+	0x0000f9f3, 0x00001262,
+	0x0000f9f4, 0x00001263,
+	0x0000f9f5, 0x00001264,
+	0x0000f9f6, 0x00001265,
+	0x0000f9f7, 0x00001266,
+	0x0000f9f8, 0x00001267,
+	0x0000f9f9, 0x00001268,
+	0x0000f9fa, 0x00001269,
+	0x0000f9fb, 0x0000126a,
+	0x0000f9fc, 0x0000126b,
+	0x0000f9fd, 0x0000126c,
+	0x0000f9fe, 0x0000126d,
+	0x0000f9ff, 0x0000126e,
+	0x0000fa00, 0x0000126f,
+	0x0000fa01, 0x00001270,
+	0x0000fa02, 0x00001271,
+	0x0000fa03, 0x00001272,
+	0x0000fa04, 0x00001273,
+	0x0000fa05, 0x00001274,
+	0x0000fa06, 0x00001275,
+	0x0000fa07, 0x00001276,
+	0x0000fa08, 0x00001277,
+	0x0000fa09, 0x00001278,
+	0x0000fa0a, 0x00001279,
+	0x0000fa0b, 0x0000127a,
+	0x0000fa0c, 0x0000127b,
+	0x0000fa0d, 0x0000127c,
+	0x0000fa10, 0x0000127d,
+	0x0000fa12, 0x0000127e,
+	0x0000fa15, 0x0000127f,
+	0x0000fa16, 0x00001280,
+	0x0000fa17, 0x00001281,
+	0x0000fa18, 0x00001282,
+	0x0000fa19, 0x00001283,
+	0x0000fa1a, 0x00001284,
+	0x0000fa1b, 0x00001285,
+	0x0000fa1c, 0x00001286,
+	0x0000fa1d, 0x00001287,
+	0x0000fa1e, 0x00001288,
+	0x0000fa20, 0x00001289,
+	0x0000fa22, 0x0000128a,
+	0x0000fa25, 0x0000128b,
+	0x0000fa26, 0x0000128c,
+	0x0000fa2a, 0x0000128d,
+	0x0000fa2b, 0x0000128e,
+	0x0000fa2c, 0x0000128f,
+	0x0000fa2d, 0x00001290,
+	0x0000fa30, 0x00001291,
+	0x0000fa31, 0x00001292,
+	0x0000fa32, 0x00001293,
+	0x0000fa33, 0x00001294,
+	0x0000fa34, 0x00001295,
+	0x0000fa35, 0x00001296,
+	0x0000fa36, 0x00001297,
+	0x0000fa37, 0x00001298,
+	0x0000fa38, 0x00001299,
+	0x0000fa39, 0x0000129a,
+	0x0000fa3a, 0x0000129b,
+	0x0000fa3b, 0x0000129c,
+	0x0000fa3c, 0x0000129d,
+	0x0000fa3d, 0x0000129e,
+	0x0000fa3e, 0x0000129f,
+	0x0000fa3f, 0x000012a0,
+	0x0000fa40, 0x000012a1,
+	0x0000fa41, 0x000012a2,
+	0x0000fa42, 0x000012a3,
+	0x0000fa43, 0x000012a4,
+	0x0000fa44, 0x000012a5,
+	0x0000fa45, 0x000012a6,
+	0x0000fa46, 0x000012a7,
+	0x0000fa47, 0x000012a8,
+	0x0000fa48, 0x000012a9,
+	0x0000fa49, 0x000012aa,
+	0x0000fa4a, 0x000012ab,
+	0x0000fa4b, 0x000012ac,
+	0x0000fa4c, 0x000012ad,
+	0x0000fa4d, 0x000012ae,
+	0x0000fa4e, 0x000012af,
+	0x0000fa4f, 0x000012b0,
+	0x0000fa50, 0x000012b1,
+	0x0000fa51, 0x000012b2,
+	0x0000fa52, 0x000012b3,
+	0x0000fa53, 0x000012b4,
+	0x0000fa54, 0x000012b5,
+	0x0000fa55, 0x000012b6,
+	0x0000fa56, 0x000012b7,
+	0x0000fa57, 0x000012b8,
+	0x0000fa58, 0x000012b9,
+	0x0000fa59, 0x000012ba,
+	0x0000fa5a, 0x000012bb,
+	0x0000fa5b, 0x000012bc,
+	0x0000fa5c, 0x000012bd,
+	0x0000fa5d, 0x000012be,
+	0x0000fa5e, 0x000012bf,
+	0x0000fa5f, 0x000012c0,
+	0x0000fa60, 0x000012c1,
+	0x0000fa61, 0x000012c2,
+	0x0000fa62, 0x000012c3,
+	0x0000fa63, 0x000012c4,
+	0x0000fa64, 0x000012c5,
+	0x0000fa65, 0x000012c6,
+	0x0000fa66, 0x000012c7,
+	0x0000fa67, 0x000012c8,
+	0x0000fa68, 0x000012c9,
+	0x0000fa69, 0x000012ca,
+	0x0000fa6a, 0x000012cb,
+	0x0000fb00, 0x000012cc,
+	0x0000fb01, 0x000012ce,
+	0x0000fb02, 0x000012d0,
+	0x0000fb03, 0x000012d2,
+	0x0000fb04, 0x000012d5,
+	0x0000fb05, 0x000012d8,
+	0x0000fb06, 0x000012da,
+	0x0000fb13, 0x000012dc,
+	0x0000fb14, 0x000012de,
+	0x0000fb15, 0x000012e0,
+	0x0000fb16, 0x000012e2,
+	0x0000fb17, 0x000012e4,
+	0x0000fb1d, 0x000012e6,
+	0x0000fb1f, 0x000012e8,
+	0x0000fb20, 0x000012ea,
+	0x0000fb21, 0x000012eb,
+	0x0000fb22, 0x000012ec,
+	0x0000fb23, 0x000012ed,
+	0x0000fb24, 0x000012ee,
+	0x0000fb25, 0x000012ef,
+	0x0000fb26, 0x000012f0,
+	0x0000fb27, 0x000012f1,
+	0x0000fb28, 0x000012f2,
+	0x0000fb29, 0x000012f3,
+	0x0000fb2a, 0x000012f4,
+	0x0000fb2b, 0x000012f6,
+	0x0000fb2c, 0x000012f8,
+	0x0000fb2d, 0x000012fb,
+	0x0000fb2e, 0x000012fe,
+	0x0000fb2f, 0x00001300,
+	0x0000fb30, 0x00001302,
+	0x0000fb31, 0x00001304,
+	0x0000fb32, 0x00001306,
+	0x0000fb33, 0x00001308,
+	0x0000fb34, 0x0000130a,
+	0x0000fb35, 0x0000130c,
+	0x0000fb36, 0x0000130e,
+	0x0000fb38, 0x00001310,
+	0x0000fb39, 0x00001312,
+	0x0000fb3a, 0x00001314,
+	0x0000fb3b, 0x00001316,
+	0x0000fb3c, 0x00001318,
+	0x0000fb3e, 0x0000131a,
+	0x0000fb40, 0x0000131c,
+	0x0000fb41, 0x0000131e,
+	0x0000fb43, 0x00001320,
+	0x0000fb44, 0x00001322,
+	0x0000fb46, 0x00001324,
+	0x0000fb47, 0x00001326,
+	0x0000fb48, 0x00001328,
+	0x0000fb49, 0x0000132a,
+	0x0000fb4a, 0x0000132c,
+	0x0000fb4b, 0x0000132e,
+	0x0000fb4c, 0x00001330,
+	0x0000fb4d, 0x00001332,
+	0x0000fb4e, 0x00001334,
+	0x0000fb4f, 0x00001336,
+	0x0000fb50, 0x00001338,
+	0x0000fb51, 0x00001339,
+	0x0000fb52, 0x0000133a,
+	0x0000fb53, 0x0000133b,
+	0x0000fb54, 0x0000133c,
+	0x0000fb55, 0x0000133d,
+	0x0000fb56, 0x0000133e,
+	0x0000fb57, 0x0000133f,
+	0x0000fb58, 0x00001340,
+	0x0000fb59, 0x00001341,
+	0x0000fb5a, 0x00001342,
+	0x0000fb5b, 0x00001343,
+	0x0000fb5c, 0x00001344,
+	0x0000fb5d, 0x00001345,
+	0x0000fb5e, 0x00001346,
+	0x0000fb5f, 0x00001347,
+	0x0000fb60, 0x00001348,
+	0x0000fb61, 0x00001349,
+	0x0000fb62, 0x0000134a,
+	0x0000fb63, 0x0000134b,
+	0x0000fb64, 0x0000134c,
+	0x0000fb65, 0x0000134d,
+	0x0000fb66, 0x0000134e,
+	0x0000fb67, 0x0000134f,
+	0x0000fb68, 0x00001350,
+	0x0000fb69, 0x00001351,
+	0x0000fb6a, 0x00001352,
+	0x0000fb6b, 0x00001353,
+	0x0000fb6c, 0x00001354,
+	0x0000fb6d, 0x00001355,
+	0x0000fb6e, 0x00001356,
+	0x0000fb6f, 0x00001357,
+	0x0000fb70, 0x00001358,
+	0x0000fb71, 0x00001359,
+	0x0000fb72, 0x0000135a,
+	0x0000fb73, 0x0000135b,
+	0x0000fb74, 0x0000135c,
+	0x0000fb75, 0x0000135d,
+	0x0000fb76, 0x0000135e,
+	0x0000fb77, 0x0000135f,
+	0x0000fb78, 0x00001360,
+	0x0000fb79, 0x00001361,
+	0x0000fb7a, 0x00001362,
+	0x0000fb7b, 0x00001363,
+	0x0000fb7c, 0x00001364,
+	0x0000fb7d, 0x00001365,
+	0x0000fb7e, 0x00001366,
+	0x0000fb7f, 0x00001367,
+	0x0000fb80, 0x00001368,
+	0x0000fb81, 0x00001369,
+	0x0000fb82, 0x0000136a,
+	0x0000fb83, 0x0000136b,
+	0x0000fb84, 0x0000136c,
+	0x0000fb85, 0x0000136d,
+	0x0000fb86, 0x0000136e,
+	0x0000fb87, 0x0000136f,
+	0x0000fb88, 0x00001370,
+	0x0000fb89, 0x00001371,
+	0x0000fb8a, 0x00001372,
+	0x0000fb8b, 0x00001373,
+	0x0000fb8c, 0x00001374,
+	0x0000fb8d, 0x00001375,
+	0x0000fb8e, 0x00001376,
+	0x0000fb8f, 0x00001377,
+	0x0000fb90, 0x00001378,
+	0x0000fb91, 0x00001379,
+	0x0000fb92, 0x0000137a,
+	0x0000fb93, 0x0000137b,
+	0x0000fb94, 0x0000137c,
+	0x0000fb95, 0x0000137d,
+	0x0000fb96, 0x0000137e,
+	0x0000fb97, 0x0000137f,
+	0x0000fb98, 0x00001380,
+	0x0000fb99, 0x00001381,
+	0x0000fb9a, 0x00001382,
+	0x0000fb9b, 0x00001383,
+	0x0000fb9c, 0x00001384,
+	0x0000fb9d, 0x00001385,
+	0x0000fb9e, 0x00001386,
+	0x0000fb9f, 0x00001387,
+	0x0000fba0, 0x00001388,
+	0x0000fba1, 0x00001389,
+	0x0000fba2, 0x0000138a,
+	0x0000fba3, 0x0000138b,
+	0x0000fba4, 0x0000138c,
+	0x0000fba5, 0x0000138e,
+	0x0000fba6, 0x00001390,
+	0x0000fba7, 0x00001391,
+	0x0000fba8, 0x00001392,
+	0x0000fba9, 0x00001393,
+	0x0000fbaa, 0x00001394,
+	0x0000fbab, 0x00001395,
+	0x0000fbac, 0x00001396,
+	0x0000fbad, 0x00001397,
+	0x0000fbae, 0x00001398,
+	0x0000fbaf, 0x00001399,
+	0x0000fbb0, 0x0000139a,
+	0x0000fbb1, 0x0000139c,
+	0x0000fbd3, 0x0000139e,
+	0x0000fbd4, 0x0000139f,
+	0x0000fbd5, 0x000013a0,
+	0x0000fbd6, 0x000013a1,
+	0x0000fbd7, 0x000013a2,
+	0x0000fbd8, 0x000013a3,
+	0x0000fbd9, 0x000013a4,
+	0x0000fbda, 0x000013a5,
+	0x0000fbdb, 0x000013a6,
+	0x0000fbdc, 0x000013a7,
+	0x0000fbdd, 0x000013a8,
+	0x0000fbde, 0x000013aa,
+	0x0000fbdf, 0x000013ab,
+	0x0000fbe0, 0x000013ac,
+	0x0000fbe1, 0x000013ad,
+	0x0000fbe2, 0x000013ae,
+	0x0000fbe3, 0x000013af,
+	0x0000fbe4, 0x000013b0,
+	0x0000fbe5, 0x000013b1,
+	0x0000fbe6, 0x000013b2,
+	0x0000fbe7, 0x000013b3,
+	0x0000fbe8, 0x000013b4,
+	0x0000fbe9, 0x000013b5,
+	0x0000fbea, 0x000013b6,
+	0x0000fbeb, 0x000013b9,
+	0x0000fbec, 0x000013bc,
+	0x0000fbed, 0x000013bf,
+	0x0000fbee, 0x000013c2,
+	0x0000fbef, 0x000013c5,
+	0x0000fbf0, 0x000013c8,
+	0x0000fbf1, 0x000013cb,
+	0x0000fbf2, 0x000013ce,
+	0x0000fbf3, 0x000013d1,
+	0x0000fbf4, 0x000013d4,
+	0x0000fbf5, 0x000013d7,
+	0x0000fbf6, 0x000013da,
+	0x0000fbf7, 0x000013dd,
+	0x0000fbf8, 0x000013e0,
+	0x0000fbf9, 0x000013e3,
+	0x0000fbfa, 0x000013e6,
+	0x0000fbfb, 0x000013e9,
+	0x0000fbfc, 0x000013ec,
+	0x0000fbfd, 0x000013ed,
+	0x0000fbfe, 0x000013ee,
+	0x0000fbff, 0x000013ef,
+	0x0000fc00, 0x000013f0,
+	0x0000fc01, 0x000013f3,
+	0x0000fc02, 0x000013f6,
+	0x0000fc03, 0x000013f9,
+	0x0000fc04, 0x000013fc,
+	0x0000fc05, 0x000013ff,
+	0x0000fc06, 0x00001401,
+	0x0000fc07, 0x00001403,
+	0x0000fc08, 0x00001405,
+	0x0000fc09, 0x00001407,
+	0x0000fc0a, 0x00001409,
+	0x0000fc0b, 0x0000140b,
+	0x0000fc0c, 0x0000140d,
+	0x0000fc0d, 0x0000140f,
+	0x0000fc0e, 0x00001411,
+	0x0000fc0f, 0x00001413,
+	0x0000fc10, 0x00001415,
+	0x0000fc11, 0x00001417,
+	0x0000fc12, 0x00001419,
+	0x0000fc13, 0x0000141b,
+	0x0000fc14, 0x0000141d,
+	0x0000fc15, 0x0000141f,
+	0x0000fc16, 0x00001421,
+	0x0000fc17, 0x00001423,
+	0x0000fc18, 0x00001425,
+	0x0000fc19, 0x00001427,
+	0x0000fc1a, 0x00001429,
+	0x0000fc1b, 0x0000142b,
+	0x0000fc1c, 0x0000142d,
+	0x0000fc1d, 0x0000142f,
+	0x0000fc1e, 0x00001431,
+	0x0000fc1f, 0x00001433,
+	0x0000fc20, 0x00001435,
+	0x0000fc21, 0x00001437,
+	0x0000fc22, 0x00001439,
+	0x0000fc23, 0x0000143b,
+	0x0000fc24, 0x0000143d,
+	0x0000fc25, 0x0000143f,
+	0x0000fc26, 0x00001441,
+	0x0000fc27, 0x00001443,
+	0x0000fc28, 0x00001445,
+	0x0000fc29, 0x00001447,
+	0x0000fc2a, 0x00001449,
+	0x0000fc2b, 0x0000144b,
+	0x0000fc2c, 0x0000144d,
+	0x0000fc2d, 0x0000144f,
+	0x0000fc2e, 0x00001451,
+	0x0000fc2f, 0x00001453,
+	0x0000fc30, 0x00001455,
+	0x0000fc31, 0x00001457,
+	0x0000fc32, 0x00001459,
+	0x0000fc33, 0x0000145b,
+	0x0000fc34, 0x0000145d,
+	0x0000fc35, 0x0000145f,
+	0x0000fc36, 0x00001461,
+	0x0000fc37, 0x00001463,
+	0x0000fc38, 0x00001465,
+	0x0000fc39, 0x00001467,
+	0x0000fc3a, 0x00001469,
+	0x0000fc3b, 0x0000146b,
+	0x0000fc3c, 0x0000146d,
+	0x0000fc3d, 0x0000146f,
+	0x0000fc3e, 0x00001471,
+	0x0000fc3f, 0x00001473,
+	0x0000fc40, 0x00001475,
+	0x0000fc41, 0x00001477,
+	0x0000fc42, 0x00001479,
+	0x0000fc43, 0x0000147b,
+	0x0000fc44, 0x0000147d,
+	0x0000fc45, 0x0000147f,
+	0x0000fc46, 0x00001481,
+	0x0000fc47, 0x00001483,
+	0x0000fc48, 0x00001485,
+	0x0000fc49, 0x00001487,
+	0x0000fc4a, 0x00001489,
+	0x0000fc4b, 0x0000148b,
+	0x0000fc4c, 0x0000148d,
+	0x0000fc4d, 0x0000148f,
+	0x0000fc4e, 0x00001491,
+	0x0000fc4f, 0x00001493,
+	0x0000fc50, 0x00001495,
+	0x0000fc51, 0x00001497,
+	0x0000fc52, 0x00001499,
+	0x0000fc53, 0x0000149b,
+	0x0000fc54, 0x0000149d,
+	0x0000fc55, 0x0000149f,
+	0x0000fc56, 0x000014a1,
+	0x0000fc57, 0x000014a3,
+	0x0000fc58, 0x000014a5,
+	0x0000fc59, 0x000014a7,
+	0x0000fc5a, 0x000014a9,
+	0x0000fc5b, 0x000014ab,
+	0x0000fc5c, 0x000014ad,
+	0x0000fc5d, 0x000014af,
+	0x0000fc5e, 0x000014b1,
+	0x0000fc5f, 0x000014b4,
+	0x0000fc60, 0x000014b7,
+	0x0000fc61, 0x000014ba,
+	0x0000fc62, 0x000014bd,
+	0x0000fc63, 0x000014c0,
+	0x0000fc64, 0x000014c3,
+	0x0000fc65, 0x000014c6,
+	0x0000fc66, 0x000014c9,
+	0x0000fc67, 0x000014cc,
+	0x0000fc68, 0x000014cf,
+	0x0000fc69, 0x000014d2,
+	0x0000fc6a, 0x000014d5,
+	0x0000fc6b, 0x000014d7,
+	0x0000fc6c, 0x000014d9,
+	0x0000fc6d, 0x000014db,
+	0x0000fc6e, 0x000014dd,
+	0x0000fc6f, 0x000014df,
+	0x0000fc70, 0x000014e1,
+	0x0000fc71, 0x000014e3,
+	0x0000fc72, 0x000014e5,
+	0x0000fc73, 0x000014e7,
+	0x0000fc74, 0x000014e9,
+	0x0000fc75, 0x000014eb,
+	0x0000fc76, 0x000014ed,
+	0x0000fc77, 0x000014ef,
+	0x0000fc78, 0x000014f1,
+	0x0000fc79, 0x000014f3,
+	0x0000fc7a, 0x000014f5,
+	0x0000fc7b, 0x000014f7,
+	0x0000fc7c, 0x000014f9,
+	0x0000fc7d, 0x000014fb,
+	0x0000fc7e, 0x000014fd,
+	0x0000fc7f, 0x000014ff,
+	0x0000fc80, 0x00001501,
+	0x0000fc81, 0x00001503,
+	0x0000fc82, 0x00001505,
+	0x0000fc83, 0x00001507,
+	0x0000fc84, 0x00001509,
+	0x0000fc85, 0x0000150b,
+	0x0000fc86, 0x0000150d,
+	0x0000fc87, 0x0000150f,
+	0x0000fc88, 0x00001511,
+	0x0000fc89, 0x00001513,
+	0x0000fc8a, 0x00001515,
+	0x0000fc8b, 0x00001517,
+	0x0000fc8c, 0x00001519,
+	0x0000fc8d, 0x0000151b,
+	0x0000fc8e, 0x0000151d,
+	0x0000fc8f, 0x0000151f,
+	0x0000fc90, 0x00001521,
+	0x0000fc91, 0x00001523,
+	0x0000fc92, 0x00001525,
+	0x0000fc93, 0x00001527,
+	0x0000fc94, 0x00001529,
+	0x0000fc95, 0x0000152b,
+	0x0000fc96, 0x0000152d,
+	0x0000fc97, 0x0000152f,
+	0x0000fc98, 0x00001532,
+	0x0000fc99, 0x00001535,
+	0x0000fc9a, 0x00001538,
+	0x0000fc9b, 0x0000153b,
+	0x0000fc9c, 0x0000153e,
+	0x0000fc9d, 0x00001540,
+	0x0000fc9e, 0x00001542,
+	0x0000fc9f, 0x00001544,
+	0x0000fca0, 0x00001546,
+	0x0000fca1, 0x00001548,
+	0x0000fca2, 0x0000154a,
+	0x0000fca3, 0x0000154c,
+	0x0000fca4, 0x0000154e,
+	0x0000fca5, 0x00001550,
+	0x0000fca6, 0x00001552,
+	0x0000fca7, 0x00001554,
+	0x0000fca8, 0x00001556,
+	0x0000fca9, 0x00001558,
+	0x0000fcaa, 0x0000155a,
+	0x0000fcab, 0x0000155c,
+	0x0000fcac, 0x0000155e,
+	0x0000fcad, 0x00001560,
+	0x0000fcae, 0x00001562,
+	0x0000fcaf, 0x00001564,
+	0x0000fcb0, 0x00001566,
+	0x0000fcb1, 0x00001568,
+	0x0000fcb2, 0x0000156a,
+	0x0000fcb3, 0x0000156c,
+	0x0000fcb4, 0x0000156e,
+	0x0000fcb5, 0x00001570,
+	0x0000fcb6, 0x00001572,
+	0x0000fcb7, 0x00001574,
+	0x0000fcb8, 0x00001576,
+	0x0000fcb9, 0x00001578,
+	0x0000fcba, 0x0000157a,
+	0x0000fcbb, 0x0000157c,
+	0x0000fcbc, 0x0000157e,
+	0x0000fcbd, 0x00001580,
+	0x0000fcbe, 0x00001582,
+	0x0000fcbf, 0x00001584,
+	0x0000fcc0, 0x00001586,
+	0x0000fcc1, 0x00001588,
+	0x0000fcc2, 0x0000158a,
+	0x0000fcc3, 0x0000158c,
+	0x0000fcc4, 0x0000158e,
+	0x0000fcc5, 0x00001590,
+	0x0000fcc6, 0x00001592,
+	0x0000fcc7, 0x00001594,
+	0x0000fcc8, 0x00001596,
+	0x0000fcc9, 0x00001598,
+	0x0000fcca, 0x0000159a,
+	0x0000fccb, 0x0000159c,
+	0x0000fccc, 0x0000159e,
+	0x0000fccd, 0x000015a0,
+	0x0000fcce, 0x000015a2,
+	0x0000fccf, 0x000015a4,
+	0x0000fcd0, 0x000015a6,
+	0x0000fcd1, 0x000015a8,
+	0x0000fcd2, 0x000015aa,
+	0x0000fcd3, 0x000015ac,
+	0x0000fcd4, 0x000015ae,
+	0x0000fcd5, 0x000015b0,
+	0x0000fcd6, 0x000015b2,
+	0x0000fcd7, 0x000015b4,
+	0x0000fcd8, 0x000015b6,
+	0x0000fcd9, 0x000015b8,
+	0x0000fcda, 0x000015ba,
+	0x0000fcdb, 0x000015bc,
+	0x0000fcdc, 0x000015be,
+	0x0000fcdd, 0x000015c0,
+	0x0000fcde, 0x000015c2,
+	0x0000fcdf, 0x000015c4,
+	0x0000fce0, 0x000015c7,
+	0x0000fce1, 0x000015ca,
+	0x0000fce2, 0x000015cc,
+	0x0000fce3, 0x000015ce,
+	0x0000fce4, 0x000015d0,
+	0x0000fce5, 0x000015d2,
+	0x0000fce6, 0x000015d4,
+	0x0000fce7, 0x000015d6,
+	0x0000fce8, 0x000015d8,
+	0x0000fce9, 0x000015da,
+	0x0000fcea, 0x000015dc,
+	0x0000fceb, 0x000015de,
+	0x0000fcec, 0x000015e0,
+	0x0000fced, 0x000015e2,
+	0x0000fcee, 0x000015e4,
+	0x0000fcef, 0x000015e6,
+	0x0000fcf0, 0x000015e8,
+	0x0000fcf1, 0x000015ea,
+	0x0000fcf2, 0x000015ec,
+	0x0000fcf3, 0x000015ef,
+	0x0000fcf4, 0x000015f2,
+	0x0000fcf5, 0x000015f5,
+	0x0000fcf6, 0x000015f7,
+	0x0000fcf7, 0x000015f9,
+	0x0000fcf8, 0x000015fb,
+	0x0000fcf9, 0x000015fd,
+	0x0000fcfa, 0x000015ff,
+	0x0000fcfb, 0x00001601,
+	0x0000fcfc, 0x00001603,
+	0x0000fcfd, 0x00001605,
+	0x0000fcfe, 0x00001607,
+	0x0000fcff, 0x00001609,
+	0x0000fd00, 0x0000160b,
+	0x0000fd01, 0x0000160d,
+	0x0000fd02, 0x0000160f,
+	0x0000fd03, 0x00001611,
+	0x0000fd04, 0x00001613,
+	0x0000fd05, 0x00001615,
+	0x0000fd06, 0x00001617,
+	0x0000fd07, 0x00001619,
+	0x0000fd08, 0x0000161b,
+	0x0000fd09, 0x0000161d,
+	0x0000fd0a, 0x0000161f,
+	0x0000fd0b, 0x00001621,
+	0x0000fd0c, 0x00001623,
+	0x0000fd0d, 0x00001625,
+	0x0000fd0e, 0x00001627,
+	0x0000fd0f, 0x00001629,
+	0x0000fd10, 0x0000162b,
+	0x0000fd11, 0x0000162d,
+	0x0000fd12, 0x0000162f,
+	0x0000fd13, 0x00001631,
+	0x0000fd14, 0x00001633,
+	0x0000fd15, 0x00001635,
+	0x0000fd16, 0x00001637,
+	0x0000fd17, 0x00001639,
+	0x0000fd18, 0x0000163b,
+	0x0000fd19, 0x0000163d,
+	0x0000fd1a, 0x0000163f,
+	0x0000fd1b, 0x00001641,
+	0x0000fd1c, 0x00001643,
+	0x0000fd1d, 0x00001645,
+	0x0000fd1e, 0x00001647,
+	0x0000fd1f, 0x00001649,
+	0x0000fd20, 0x0000164b,
+	0x0000fd21, 0x0000164d,
+	0x0000fd22, 0x0000164f,
+	0x0000fd23, 0x00001651,
+	0x0000fd24, 0x00001653,
+	0x0000fd25, 0x00001655,
+	0x0000fd26, 0x00001657,
+	0x0000fd27, 0x00001659,
+	0x0000fd28, 0x0000165b,
+	0x0000fd29, 0x0000165d,
+	0x0000fd2a, 0x0000165f,
+	0x0000fd2b, 0x00001661,
+	0x0000fd2c, 0x00001663,
+	0x0000fd2d, 0x00001665,
+	0x0000fd2e, 0x00001667,
+	0x0000fd2f, 0x00001669,
+	0x0000fd30, 0x0000166b,
+	0x0000fd31, 0x0000166d,
+	0x0000fd32, 0x0000166f,
+	0x0000fd33, 0x00001671,
+	0x0000fd34, 0x00001673,
+	0x0000fd35, 0x00001675,
+	0x0000fd36, 0x00001677,
+	0x0000fd37, 0x00001679,
+	0x0000fd38, 0x0000167b,
+	0x0000fd39, 0x0000167d,
+	0x0000fd3a, 0x0000167f,
+	0x0000fd3b, 0x00001681,
+	0x0000fd3c, 0x00001683,
+	0x0000fd3d, 0x00001685,
+	0x0000fd50, 0x00001687,
+	0x0000fd51, 0x0000168a,
+	0x0000fd52, 0x0000168d,
+	0x0000fd53, 0x00001690,
+	0x0000fd54, 0x00001693,
+	0x0000fd55, 0x00001696,
+	0x0000fd56, 0x00001699,
+	0x0000fd57, 0x0000169c,
+	0x0000fd58, 0x0000169f,
+	0x0000fd59, 0x000016a2,
+	0x0000fd5a, 0x000016a5,
+	0x0000fd5b, 0x000016a8,
+	0x0000fd5c, 0x000016ab,
+	0x0000fd5d, 0x000016ae,
+	0x0000fd5e, 0x000016b1,
+	0x0000fd5f, 0x000016b4,
+	0x0000fd60, 0x000016b7,
+	0x0000fd61, 0x000016ba,
+	0x0000fd62, 0x000016bd,
+	0x0000fd63, 0x000016c0,
+	0x0000fd64, 0x000016c3,
+	0x0000fd65, 0x000016c6,
+	0x0000fd66, 0x000016c9,
+	0x0000fd67, 0x000016cc,
+	0x0000fd68, 0x000016cf,
+	0x0000fd69, 0x000016d2,
+	0x0000fd6a, 0x000016d5,
+	0x0000fd6b, 0x000016d8,
+	0x0000fd6c, 0x000016db,
+	0x0000fd6d, 0x000016de,
+	0x0000fd6e, 0x000016e1,
+	0x0000fd6f, 0x000016e4,
+	0x0000fd70, 0x000016e7,
+	0x0000fd71, 0x000016ea,
+	0x0000fd72, 0x000016ed,
+	0x0000fd73, 0x000016f0,
+	0x0000fd74, 0x000016f3,
+	0x0000fd75, 0x000016f6,
+	0x0000fd76, 0x000016f9,
+	0x0000fd77, 0x000016fc,
+	0x0000fd78, 0x000016ff,
+	0x0000fd79, 0x00001702,
+	0x0000fd7a, 0x00001705,
+	0x0000fd7b, 0x00001708,
+	0x0000fd7c, 0x0000170b,
+	0x0000fd7d, 0x0000170e,
+	0x0000fd7e, 0x00001711,
+	0x0000fd7f, 0x00001714,
+	0x0000fd80, 0x00001717,
+	0x0000fd81, 0x0000171a,
+	0x0000fd82, 0x0000171d,
+	0x0000fd83, 0x00001720,
+	0x0000fd84, 0x00001723,
+	0x0000fd85, 0x00001726,
+	0x0000fd86, 0x00001729,
+	0x0000fd87, 0x0000172c,
+	0x0000fd88, 0x0000172f,
+	0x0000fd89, 0x00001732,
+	0x0000fd8a, 0x00001735,
+	0x0000fd8b, 0x00001738,
+	0x0000fd8c, 0x0000173b,
+	0x0000fd8d, 0x0000173e,
+	0x0000fd8e, 0x00001741,
+	0x0000fd8f, 0x00001744,
+	0x0000fd92, 0x00001747,
+	0x0000fd93, 0x0000174a,
+	0x0000fd94, 0x0000174d,
+	0x0000fd95, 0x00001750,
+	0x0000fd96, 0x00001753,
+	0x0000fd97, 0x00001756,
+	0x0000fd98, 0x00001759,
+	0x0000fd99, 0x0000175c,
+	0x0000fd9a, 0x0000175f,
+	0x0000fd9b, 0x00001762,
+	0x0000fd9c, 0x00001765,
+	0x0000fd9d, 0x00001768,
+	0x0000fd9e, 0x0000176b,
+	0x0000fd9f, 0x0000176e,
+	0x0000fda0, 0x00001771,
+	0x0000fda1, 0x00001774,
+	0x0000fda2, 0x00001777,
+	0x0000fda3, 0x0000177a,
+	0x0000fda4, 0x0000177d,
+	0x0000fda5, 0x00001780,
+	0x0000fda6, 0x00001783,
+	0x0000fda7, 0x00001786,
+	0x0000fda8, 0x00001789,
+	0x0000fda9, 0x0000178c,
+	0x0000fdaa, 0x0000178f,
+	0x0000fdab, 0x00001792,
+	0x0000fdac, 0x00001795,
+	0x0000fdad, 0x00001798,
+	0x0000fdae, 0x0000179b,
+	0x0000fdaf, 0x0000179e,
+	0x0000fdb0, 0x000017a1,
+	0x0000fdb1, 0x000017a4,
+	0x0000fdb2, 0x000017a7,
+	0x0000fdb3, 0x000017aa,
+	0x0000fdb4, 0x000017ad,
+	0x0000fdb5, 0x000017b0,
+	0x0000fdb6, 0x000017b3,
+	0x0000fdb7, 0x000017b6,
+	0x0000fdb8, 0x000017b9,
+	0x0000fdb9, 0x000017bc,
+	0x0000fdba, 0x000017bf,
+	0x0000fdbb, 0x000017c2,
+	0x0000fdbc, 0x000017c5,
+	0x0000fdbd, 0x000017c8,
+	0x0000fdbe, 0x000017cb,
+	0x0000fdbf, 0x000017ce,
+	0x0000fdc0, 0x000017d1,
+	0x0000fdc1, 0x000017d4,
+	0x0000fdc2, 0x000017d7,
+	0x0000fdc3, 0x000017da,
+	0x0000fdc4, 0x000017dd,
+	0x0000fdc5, 0x000017e0,
+	0x0000fdc6, 0x000017e3,
+	0x0000fdc7, 0x000017e6,
+	0x0000fdf0, 0x000017e9,
+	0x0000fdf1, 0x000017ec,
+	0x0000fdf2, 0x000017ef,
+	0x0000fdf3, 0x000017f3,
+	0x0000fdf4, 0x000017f7,
+	0x0000fdf5, 0x000017fb,
+	0x0000fdf6, 0x000017ff,
+	0x0000fdf7, 0x00001803,
+	0x0000fdf8, 0x00001807,
+	0x0000fdf9, 0x0000180b,
+	0x0000fdfa, 0x0000180e,
+	0x0000fdfb, 0x00001820,
+	0x0000fdfc, 0x00001828,
+	0x0000fe30, 0x0000182c,
+	0x0000fe31, 0x0000182e,
+	0x0000fe32, 0x0000182f,
+	0x0000fe33, 0x00001830,
+	0x0000fe34, 0x00001831,
+	0x0000fe35, 0x00001832,
+	0x0000fe36, 0x00001833,
+	0x0000fe37, 0x00001834,
+	0x0000fe38, 0x00001835,
+	0x0000fe39, 0x00001836,
+	0x0000fe3a, 0x00001837,
+	0x0000fe3b, 0x00001838,
+	0x0000fe3c, 0x00001839,
+	0x0000fe3d, 0x0000183a,
+	0x0000fe3e, 0x0000183b,
+	0x0000fe3f, 0x0000183c,
+	0x0000fe40, 0x0000183d,
+	0x0000fe41, 0x0000183e,
+	0x0000fe42, 0x0000183f,
+	0x0000fe43, 0x00001840,
+	0x0000fe44, 0x00001841,
+	0x0000fe49, 0x00001842,
+	0x0000fe4a, 0x00001844,
+	0x0000fe4b, 0x00001846,
+	0x0000fe4c, 0x00001848,
+	0x0000fe4d, 0x0000184a,
+	0x0000fe4e, 0x0000184b,
+	0x0000fe4f, 0x0000184c,
+	0x0000fe50, 0x0000184d,
+	0x0000fe51, 0x0000184e,
+	0x0000fe52, 0x0000184f,
+	0x0000fe54, 0x00001850,
+	0x0000fe55, 0x00001851,
+	0x0000fe56, 0x00001852,
+	0x0000fe57, 0x00001853,
+	0x0000fe58, 0x00001854,
+	0x0000fe59, 0x00001855,
+	0x0000fe5a, 0x00001856,
+	0x0000fe5b, 0x00001857,
+	0x0000fe5c, 0x00001858,
+	0x0000fe5d, 0x00001859,
+	0x0000fe5e, 0x0000185a,
+	0x0000fe5f, 0x0000185b,
+	0x0000fe60, 0x0000185c,
+	0x0000fe61, 0x0000185d,
+	0x0000fe62, 0x0000185e,
+	0x0000fe63, 0x0000185f,
+	0x0000fe64, 0x00001860,
+	0x0000fe65, 0x00001861,
+	0x0000fe66, 0x00001862,
+	0x0000fe68, 0x00001863,
+	0x0000fe69, 0x00001864,
+	0x0000fe6a, 0x00001865,
+	0x0000fe6b, 0x00001866,
+	0x0000fe70, 0x00001867,
+	0x0000fe71, 0x00001869,
+	0x0000fe72, 0x0000186b,
+	0x0000fe74, 0x0000186d,
+	0x0000fe76, 0x0000186f,
+	0x0000fe77, 0x00001871,
+	0x0000fe78, 0x00001873,
+	0x0000fe79, 0x00001875,
+	0x0000fe7a, 0x00001877,
+	0x0000fe7b, 0x00001879,
+	0x0000fe7c, 0x0000187b,
+	0x0000fe7d, 0x0000187d,
+	0x0000fe7e, 0x0000187f,
+	0x0000fe7f, 0x00001881,
+	0x0000fe80, 0x00001883,
+	0x0000fe81, 0x00001884,
+	0x0000fe82, 0x00001886,
+	0x0000fe83, 0x00001888,
+	0x0000fe84, 0x0000188a,
+	0x0000fe85, 0x0000188c,
+	0x0000fe86, 0x0000188e,
+	0x0000fe87, 0x00001890,
+	0x0000fe88, 0x00001892,
+	0x0000fe89, 0x00001894,
+	0x0000fe8a, 0x00001896,
+	0x0000fe8b, 0x00001898,
+	0x0000fe8c, 0x0000189a,
+	0x0000fe8d, 0x0000189c,
+	0x0000fe8e, 0x0000189d,
+	0x0000fe8f, 0x0000189e,
+	0x0000fe90, 0x0000189f,
+	0x0000fe91, 0x000018a0,
+	0x0000fe92, 0x000018a1,
+	0x0000fe93, 0x000018a2,
+	0x0000fe94, 0x000018a3,
+	0x0000fe95, 0x000018a4,
+	0x0000fe96, 0x000018a5,
+	0x0000fe97, 0x000018a6,
+	0x0000fe98, 0x000018a7,
+	0x0000fe99, 0x000018a8,
+	0x0000fe9a, 0x000018a9,
+	0x0000fe9b, 0x000018aa,
+	0x0000fe9c, 0x000018ab,
+	0x0000fe9d, 0x000018ac,
+	0x0000fe9e, 0x000018ad,
+	0x0000fe9f, 0x000018ae,
+	0x0000fea0, 0x000018af,
+	0x0000fea1, 0x000018b0,
+	0x0000fea2, 0x000018b1,
+	0x0000fea3, 0x000018b2,
+	0x0000fea4, 0x000018b3,
+	0x0000fea5, 0x000018b4,
+	0x0000fea6, 0x000018b5,
+	0x0000fea7, 0x000018b6,
+	0x0000fea8, 0x000018b7,
+	0x0000fea9, 0x000018b8,
+	0x0000feaa, 0x000018b9,
+	0x0000feab, 0x000018ba,
+	0x0000feac, 0x000018bb,
+	0x0000fead, 0x000018bc,
+	0x0000feae, 0x000018bd,
+	0x0000feaf, 0x000018be,
+	0x0000feb0, 0x000018bf,
+	0x0000feb1, 0x000018c0,
+	0x0000feb2, 0x000018c1,
+	0x0000feb3, 0x000018c2,
+	0x0000feb4, 0x000018c3,
+	0x0000feb5, 0x000018c4,
+	0x0000feb6, 0x000018c5,
+	0x0000feb7, 0x000018c6,
+	0x0000feb8, 0x000018c7,
+	0x0000feb9, 0x000018c8,
+	0x0000feba, 0x000018c9,
+	0x0000febb, 0x000018ca,
+	0x0000febc, 0x000018cb,
+	0x0000febd, 0x000018cc,
+	0x0000febe, 0x000018cd,
+	0x0000febf, 0x000018ce,
+	0x0000fec0, 0x000018cf,
+	0x0000fec1, 0x000018d0,
+	0x0000fec2, 0x000018d1,
+	0x0000fec3, 0x000018d2,
+	0x0000fec4, 0x000018d3,
+	0x0000fec5, 0x000018d4,
+	0x0000fec6, 0x000018d5,
+	0x0000fec7, 0x000018d6,
+	0x0000fec8, 0x000018d7,
+	0x0000fec9, 0x000018d8,
+	0x0000feca, 0x000018d9,
+	0x0000fecb, 0x000018da,
+	0x0000fecc, 0x000018db,
+	0x0000fecd, 0x000018dc,
+	0x0000fece, 0x000018dd,
+	0x0000fecf, 0x000018de,
+	0x0000fed0, 0x000018df,
+	0x0000fed1, 0x000018e0,
+	0x0000fed2, 0x000018e1,
+	0x0000fed3, 0x000018e2,
+	0x0000fed4, 0x000018e3,
+	0x0000fed5, 0x000018e4,
+	0x0000fed6, 0x000018e5,
+	0x0000fed7, 0x000018e6,
+	0x0000fed8, 0x000018e7,
+	0x0000fed9, 0x000018e8,
+	0x0000feda, 0x000018e9,
+	0x0000fedb, 0x000018ea,
+	0x0000fedc, 0x000018eb,
+	0x0000fedd, 0x000018ec,
+	0x0000fede, 0x000018ed,
+	0x0000fedf, 0x000018ee,
+	0x0000fee0, 0x000018ef,
+	0x0000fee1, 0x000018f0,
+	0x0000fee2, 0x000018f1,
+	0x0000fee3, 0x000018f2,
+	0x0000fee4, 0x000018f3,
+	0x0000fee5, 0x000018f4,
+	0x0000fee6, 0x000018f5,
+	0x0000fee7, 0x000018f6,
+	0x0000fee8, 0x000018f7,
+	0x0000fee9, 0x000018f8,
+	0x0000feea, 0x000018f9,
+	0x0000feeb, 0x000018fa,
+	0x0000feec, 0x000018fb,
+	0x0000feed, 0x000018fc,
+	0x0000feee, 0x000018fd,
+	0x0000feef, 0x000018fe,
+	0x0000fef0, 0x000018ff,
+	0x0000fef1, 0x00001900,
+	0x0000fef2, 0x00001901,
+	0x0000fef3, 0x00001902,
+	0x0000fef4, 0x00001903,
+	0x0000fef5, 0x00001904,
+	0x0000fef6, 0x00001907,
+	0x0000fef7, 0x0000190a,
+	0x0000fef8, 0x0000190d,
+	0x0000fef9, 0x00001910,
+	0x0000fefa, 0x00001913,
+	0x0000fefb, 0x00001916,
+	0x0000fefc, 0x00001918,
+	0x0000ff01, 0x0000191a,
+	0x0000ff02, 0x0000191b,
+	0x0000ff03, 0x0000191c,
+	0x0000ff04, 0x0000191d,
+	0x0000ff05, 0x0000191e,
+	0x0000ff06, 0x0000191f,
+	0x0000ff07, 0x00001920,
+	0x0000ff08, 0x00001921,
+	0x0000ff09, 0x00001922,
+	0x0000ff0a, 0x00001923,
+	0x0000ff0b, 0x00001924,
+	0x0000ff0c, 0x00001925,
+	0x0000ff0d, 0x00001926,
+	0x0000ff0e, 0x00001927,
+	0x0000ff0f, 0x00001928,
+	0x0000ff10, 0x00001929,
+	0x0000ff11, 0x0000192a,
+	0x0000ff12, 0x0000192b,
+	0x0000ff13, 0x0000192c,
+	0x0000ff14, 0x0000192d,
+	0x0000ff15, 0x0000192e,
+	0x0000ff16, 0x0000192f,
+	0x0000ff17, 0x00001930,
+	0x0000ff18, 0x00001931,
+	0x0000ff19, 0x00001932,
+	0x0000ff1a, 0x00001933,
+	0x0000ff1b, 0x00001934,
+	0x0000ff1c, 0x00001935,
+	0x0000ff1d, 0x00001936,
+	0x0000ff1e, 0x00001937,
+	0x0000ff1f, 0x00001938,
+	0x0000ff20, 0x00001939,
+	0x0000ff21, 0x0000193a,
+	0x0000ff22, 0x0000193b,
+	0x0000ff23, 0x0000193c,
+	0x0000ff24, 0x0000193d,
+	0x0000ff25, 0x0000193e,
+	0x0000ff26, 0x0000193f,
+	0x0000ff27, 0x00001940,
+	0x0000ff28, 0x00001941,
+	0x0000ff29, 0x00001942,
+	0x0000ff2a, 0x00001943,
+	0x0000ff2b, 0x00001944,
+	0x0000ff2c, 0x00001945,
+	0x0000ff2d, 0x00001946,
+	0x0000ff2e, 0x00001947,
+	0x0000ff2f, 0x00001948,
+	0x0000ff30, 0x00001949,
+	0x0000ff31, 0x0000194a,
+	0x0000ff32, 0x0000194b,
+	0x0000ff33, 0x0000194c,
+	0x0000ff34, 0x0000194d,
+	0x0000ff35, 0x0000194e,
+	0x0000ff36, 0x0000194f,
+	0x0000ff37, 0x00001950,
+	0x0000ff38, 0x00001951,
+	0x0000ff39, 0x00001952,
+	0x0000ff3a, 0x00001953,
+	0x0000ff3b, 0x00001954,
+	0x0000ff3c, 0x00001955,
+	0x0000ff3d, 0x00001956,
+	0x0000ff3e, 0x00001957,
+	0x0000ff3f, 0x00001958,
+	0x0000ff40, 0x00001959,
+	0x0000ff41, 0x0000195a,
+	0x0000ff42, 0x0000195b,
+	0x0000ff43, 0x0000195c,
+	0x0000ff44, 0x0000195d,
+	0x0000ff45, 0x0000195e,
+	0x0000ff46, 0x0000195f,
+	0x0000ff47, 0x00001960,
+	0x0000ff48, 0x00001961,
+	0x0000ff49, 0x00001962,
+	0x0000ff4a, 0x00001963,
+	0x0000ff4b, 0x00001964,
+	0x0000ff4c, 0x00001965,
+	0x0000ff4d, 0x00001966,
+	0x0000ff4e, 0x00001967,
+	0x0000ff4f, 0x00001968,
+	0x0000ff50, 0x00001969,
+	0x0000ff51, 0x0000196a,
+	0x0000ff52, 0x0000196b,
+	0x0000ff53, 0x0000196c,
+	0x0000ff54, 0x0000196d,
+	0x0000ff55, 0x0000196e,
+	0x0000ff56, 0x0000196f,
+	0x0000ff57, 0x00001970,
+	0x0000ff58, 0x00001971,
+	0x0000ff59, 0x00001972,
+	0x0000ff5a, 0x00001973,
+	0x0000ff5b, 0x00001974,
+	0x0000ff5c, 0x00001975,
+	0x0000ff5d, 0x00001976,
+	0x0000ff5e, 0x00001977,
+	0x0000ff5f, 0x00001978,
+	0x0000ff60, 0x00001979,
+	0x0000ff61, 0x0000197a,
+	0x0000ff62, 0x0000197b,
+	0x0000ff63, 0x0000197c,
+	0x0000ff64, 0x0000197d,
+	0x0000ff65, 0x0000197e,
+	0x0000ff66, 0x0000197f,
+	0x0000ff67, 0x00001980,
+	0x0000ff68, 0x00001981,
+	0x0000ff69, 0x00001982,
+	0x0000ff6a, 0x00001983,
+	0x0000ff6b, 0x00001984,
+	0x0000ff6c, 0x00001985,
+	0x0000ff6d, 0x00001986,
+	0x0000ff6e, 0x00001987,
+	0x0000ff6f, 0x00001988,
+	0x0000ff70, 0x00001989,
+	0x0000ff71, 0x0000198a,
+	0x0000ff72, 0x0000198b,
+	0x0000ff73, 0x0000198c,
+	0x0000ff74, 0x0000198d,
+	0x0000ff75, 0x0000198e,
+	0x0000ff76, 0x0000198f,
+	0x0000ff77, 0x00001990,
+	0x0000ff78, 0x00001991,
+	0x0000ff79, 0x00001992,
+	0x0000ff7a, 0x00001993,
+	0x0000ff7b, 0x00001994,
+	0x0000ff7c, 0x00001995,
+	0x0000ff7d, 0x00001996,
+	0x0000ff7e, 0x00001997,
+	0x0000ff7f, 0x00001998,
+	0x0000ff80, 0x00001999,
+	0x0000ff81, 0x0000199a,
+	0x0000ff82, 0x0000199b,
+	0x0000ff83, 0x0000199c,
+	0x0000ff84, 0x0000199d,
+	0x0000ff85, 0x0000199e,
+	0x0000ff86, 0x0000199f,
+	0x0000ff87, 0x000019a0,
+	0x0000ff88, 0x000019a1,
+	0x0000ff89, 0x000019a2,
+	0x0000ff8a, 0x000019a3,
+	0x0000ff8b, 0x000019a4,
+	0x0000ff8c, 0x000019a5,
+	0x0000ff8d, 0x000019a6,
+	0x0000ff8e, 0x000019a7,
+	0x0000ff8f, 0x000019a8,
+	0x0000ff90, 0x000019a9,
+	0x0000ff91, 0x000019aa,
+	0x0000ff92, 0x000019ab,
+	0x0000ff93, 0x000019ac,
+	0x0000ff94, 0x000019ad,
+	0x0000ff95, 0x000019ae,
+	0x0000ff96, 0x000019af,
+	0x0000ff97, 0x000019b0,
+	0x0000ff98, 0x000019b1,
+	0x0000ff99, 0x000019b2,
+	0x0000ff9a, 0x000019b3,
+	0x0000ff9b, 0x000019b4,
+	0x0000ff9c, 0x000019b5,
+	0x0000ff9d, 0x000019b6,
+	0x0000ff9e, 0x000019b7,
+	0x0000ff9f, 0x000019b8,
+	0x0000ffa0, 0x000019b9,
+	0x0000ffa1, 0x000019ba,
+	0x0000ffa2, 0x000019bb,
+	0x0000ffa3, 0x000019bc,
+	0x0000ffa4, 0x000019bd,
+	0x0000ffa5, 0x000019be,
+	0x0000ffa6, 0x000019bf,
+	0x0000ffa7, 0x000019c0,
+	0x0000ffa8, 0x000019c1,
+	0x0000ffa9, 0x000019c2,
+	0x0000ffaa, 0x000019c3,
+	0x0000ffab, 0x000019c4,
+	0x0000ffac, 0x000019c5,
+	0x0000ffad, 0x000019c6,
+	0x0000ffae, 0x000019c7,
+	0x0000ffaf, 0x000019c8,
+	0x0000ffb0, 0x000019c9,
+	0x0000ffb1, 0x000019ca,
+	0x0000ffb2, 0x000019cb,
+	0x0000ffb3, 0x000019cc,
+	0x0000ffb4, 0x000019cd,
+	0x0000ffb5, 0x000019ce,
+	0x0000ffb6, 0x000019cf,
+	0x0000ffb7, 0x000019d0,
+	0x0000ffb8, 0x000019d1,
+	0x0000ffb9, 0x000019d2,
+	0x0000ffba, 0x000019d3,
+	0x0000ffbb, 0x000019d4,
+	0x0000ffbc, 0x000019d5,
+	0x0000ffbd, 0x000019d6,
+	0x0000ffbe, 0x000019d7,
+	0x0000ffc2, 0x000019d8,
+	0x0000ffc3, 0x000019d9,
+	0x0000ffc4, 0x000019da,
+	0x0000ffc5, 0x000019db,
+	0x0000ffc6, 0x000019dc,
+	0x0000ffc7, 0x000019dd,
+	0x0000ffca, 0x000019de,
+	0x0000ffcb, 0x000019df,
+	0x0000ffcc, 0x000019e0,
+	0x0000ffcd, 0x000019e1,
+	0x0000ffce, 0x000019e2,
+	0x0000ffcf, 0x000019e3,
+	0x0000ffd2, 0x000019e4,
+	0x0000ffd3, 0x000019e5,
+	0x0000ffd4, 0x000019e6,
+	0x0000ffd5, 0x000019e7,
+	0x0000ffd6, 0x000019e8,
+	0x0000ffd7, 0x000019e9,
+	0x0000ffda, 0x000019ea,
+	0x0000ffdb, 0x000019eb,
+	0x0000ffdc, 0x000019ec,
+	0x0000ffe0, 0x000019ed,
+	0x0000ffe1, 0x000019ee,
+	0x0000ffe2, 0x000019ef,
+	0x0000ffe3, 0x000019f0,
+	0x0000ffe4, 0x000019f2,
+	0x0000ffe5, 0x000019f3,
+	0x0000ffe6, 0x000019f4,
+	0x0000ffe8, 0x000019f5,
+	0x0000ffe9, 0x000019f6,
+	0x0000ffea, 0x000019f7,
+	0x0000ffeb, 0x000019f8,
+	0x0000ffec, 0x000019f9,
+	0x0000ffed, 0x000019fa,
+	0x0000ffee, 0x000019fb,
+	0x0001d15e, 0x000019fc,
+	0x0001d15f, 0x000019fe,
+	0x0001d160, 0x00001a00,
+	0x0001d161, 0x00001a03,
+	0x0001d162, 0x00001a06,
+	0x0001d163, 0x00001a09,
+	0x0001d164, 0x00001a0c,
+	0x0001d1bb, 0x00001a0f,
+	0x0001d1bc, 0x00001a11,
+	0x0001d1bd, 0x00001a13,
+	0x0001d1be, 0x00001a16,
+	0x0001d1bf, 0x00001a19,
+	0x0001d1c0, 0x00001a1c,
+	0x0001d400, 0x00001a1f,
+	0x0001d401, 0x00001a20,
+	0x0001d402, 0x00001a21,
+	0x0001d403, 0x00001a22,
+	0x0001d404, 0x00001a23,
+	0x0001d405, 0x00001a24,
+	0x0001d406, 0x00001a25,
+	0x0001d407, 0x00001a26,
+	0x0001d408, 0x00001a27,
+	0x0001d409, 0x00001a28,
+	0x0001d40a, 0x00001a29,
+	0x0001d40b, 0x00001a2a,
+	0x0001d40c, 0x00001a2b,
+	0x0001d40d, 0x00001a2c,
+	0x0001d40e, 0x00001a2d,
+	0x0001d40f, 0x00001a2e,
+	0x0001d410, 0x00001a2f,
+	0x0001d411, 0x00001a30,
+	0x0001d412, 0x00001a31,
+	0x0001d413, 0x00001a32,
+	0x0001d414, 0x00001a33,
+	0x0001d415, 0x00001a34,
+	0x0001d416, 0x00001a35,
+	0x0001d417, 0x00001a36,
+	0x0001d418, 0x00001a37,
+	0x0001d419, 0x00001a38,
+	0x0001d41a, 0x00001a39,
+	0x0001d41b, 0x00001a3a,
+	0x0001d41c, 0x00001a3b,
+	0x0001d41d, 0x00001a3c,
+	0x0001d41e, 0x00001a3d,
+	0x0001d41f, 0x00001a3e,
+	0x0001d420, 0x00001a3f,
+	0x0001d421, 0x00001a40,
+	0x0001d422, 0x00001a41,
+	0x0001d423, 0x00001a42,
+	0x0001d424, 0x00001a43,
+	0x0001d425, 0x00001a44,
+	0x0001d426, 0x00001a45,
+	0x0001d427, 0x00001a46,
+	0x0001d428, 0x00001a47,
+	0x0001d429, 0x00001a48,
+	0x0001d42a, 0x00001a49,
+	0x0001d42b, 0x00001a4a,
+	0x0001d42c, 0x00001a4b,
+	0x0001d42d, 0x00001a4c,
+	0x0001d42e, 0x00001a4d,
+	0x0001d42f, 0x00001a4e,
+	0x0001d430, 0x00001a4f,
+	0x0001d431, 0x00001a50,
+	0x0001d432, 0x00001a51,
+	0x0001d433, 0x00001a52,
+	0x0001d434, 0x00001a53,
+	0x0001d435, 0x00001a54,
+	0x0001d436, 0x00001a55,
+	0x0001d437, 0x00001a56,
+	0x0001d438, 0x00001a57,
+	0x0001d439, 0x00001a58,
+	0x0001d43a, 0x00001a59,
+	0x0001d43b, 0x00001a5a,
+	0x0001d43c, 0x00001a5b,
+	0x0001d43d, 0x00001a5c,
+	0x0001d43e, 0x00001a5d,
+	0x0001d43f, 0x00001a5e,
+	0x0001d440, 0x00001a5f,
+	0x0001d441, 0x00001a60,
+	0x0001d442, 0x00001a61,
+	0x0001d443, 0x00001a62,
+	0x0001d444, 0x00001a63,
+	0x0001d445, 0x00001a64,
+	0x0001d446, 0x00001a65,
+	0x0001d447, 0x00001a66,
+	0x0001d448, 0x00001a67,
+	0x0001d449, 0x00001a68,
+	0x0001d44a, 0x00001a69,
+	0x0001d44b, 0x00001a6a,
+	0x0001d44c, 0x00001a6b,
+	0x0001d44d, 0x00001a6c,
+	0x0001d44e, 0x00001a6d,
+	0x0001d44f, 0x00001a6e,
+	0x0001d450, 0x00001a6f,
+	0x0001d451, 0x00001a70,
+	0x0001d452, 0x00001a71,
+	0x0001d453, 0x00001a72,
+	0x0001d454, 0x00001a73,
+	0x0001d456, 0x00001a74,
+	0x0001d457, 0x00001a75,
+	0x0001d458, 0x00001a76,
+	0x0001d459, 0x00001a77,
+	0x0001d45a, 0x00001a78,
+	0x0001d45b, 0x00001a79,
+	0x0001d45c, 0x00001a7a,
+	0x0001d45d, 0x00001a7b,
+	0x0001d45e, 0x00001a7c,
+	0x0001d45f, 0x00001a7d,
+	0x0001d460, 0x00001a7e,
+	0x0001d461, 0x00001a7f,
+	0x0001d462, 0x00001a80,
+	0x0001d463, 0x00001a81,
+	0x0001d464, 0x00001a82,
+	0x0001d465, 0x00001a83,
+	0x0001d466, 0x00001a84,
+	0x0001d467, 0x00001a85,
+	0x0001d468, 0x00001a86,
+	0x0001d469, 0x00001a87,
+	0x0001d46a, 0x00001a88,
+	0x0001d46b, 0x00001a89,
+	0x0001d46c, 0x00001a8a,
+	0x0001d46d, 0x00001a8b,
+	0x0001d46e, 0x00001a8c,
+	0x0001d46f, 0x00001a8d,
+	0x0001d470, 0x00001a8e,
+	0x0001d471, 0x00001a8f,
+	0x0001d472, 0x00001a90,
+	0x0001d473, 0x00001a91,
+	0x0001d474, 0x00001a92,
+	0x0001d475, 0x00001a93,
+	0x0001d476, 0x00001a94,
+	0x0001d477, 0x00001a95,
+	0x0001d478, 0x00001a96,
+	0x0001d479, 0x00001a97,
+	0x0001d47a, 0x00001a98,
+	0x0001d47b, 0x00001a99,
+	0x0001d47c, 0x00001a9a,
+	0x0001d47d, 0x00001a9b,
+	0x0001d47e, 0x00001a9c,
+	0x0001d47f, 0x00001a9d,
+	0x0001d480, 0x00001a9e,
+	0x0001d481, 0x00001a9f,
+	0x0001d482, 0x00001aa0,
+	0x0001d483, 0x00001aa1,
+	0x0001d484, 0x00001aa2,
+	0x0001d485, 0x00001aa3,
+	0x0001d486, 0x00001aa4,
+	0x0001d487, 0x00001aa5,
+	0x0001d488, 0x00001aa6,
+	0x0001d489, 0x00001aa7,
+	0x0001d48a, 0x00001aa8,
+	0x0001d48b, 0x00001aa9,
+	0x0001d48c, 0x00001aaa,
+	0x0001d48d, 0x00001aab,
+	0x0001d48e, 0x00001aac,
+	0x0001d48f, 0x00001aad,
+	0x0001d490, 0x00001aae,
+	0x0001d491, 0x00001aaf,
+	0x0001d492, 0x00001ab0,
+	0x0001d493, 0x00001ab1,
+	0x0001d494, 0x00001ab2,
+	0x0001d495, 0x00001ab3,
+	0x0001d496, 0x00001ab4,
+	0x0001d497, 0x00001ab5,
+	0x0001d498, 0x00001ab6,
+	0x0001d499, 0x00001ab7,
+	0x0001d49a, 0x00001ab8,
+	0x0001d49b, 0x00001ab9,
+	0x0001d49c, 0x00001aba,
+	0x0001d49e, 0x00001abb,
+	0x0001d49f, 0x00001abc,
+	0x0001d4a2, 0x00001abd,
+	0x0001d4a5, 0x00001abe,
+	0x0001d4a6, 0x00001abf,
+	0x0001d4a9, 0x00001ac0,
+	0x0001d4aa, 0x00001ac1,
+	0x0001d4ab, 0x00001ac2,
+	0x0001d4ac, 0x00001ac3,
+	0x0001d4ae, 0x00001ac4,
+	0x0001d4af, 0x00001ac5,
+	0x0001d4b0, 0x00001ac6,
+	0x0001d4b1, 0x00001ac7,
+	0x0001d4b2, 0x00001ac8,
+	0x0001d4b3, 0x00001ac9,
+	0x0001d4b4, 0x00001aca,
+	0x0001d4b5, 0x00001acb,
+	0x0001d4b6, 0x00001acc,
+	0x0001d4b7, 0x00001acd,
+	0x0001d4b8, 0x00001ace,
+	0x0001d4b9, 0x00001acf,
+	0x0001d4bb, 0x00001ad0,
+	0x0001d4bd, 0x00001ad1,
+	0x0001d4be, 0x00001ad2,
+	0x0001d4bf, 0x00001ad3,
+	0x0001d4c0, 0x00001ad4,
+	0x0001d4c2, 0x00001ad5,
+	0x0001d4c3, 0x00001ad6,
+	0x0001d4c5, 0x00001ad7,
+	0x0001d4c6, 0x00001ad8,
+	0x0001d4c7, 0x00001ad9,
+	0x0001d4c8, 0x00001ada,
+	0x0001d4c9, 0x00001adb,
+	0x0001d4ca, 0x00001adc,
+	0x0001d4cb, 0x00001add,
+	0x0001d4cc, 0x00001ade,
+	0x0001d4cd, 0x00001adf,
+	0x0001d4ce, 0x00001ae0,
+	0x0001d4cf, 0x00001ae1,
+	0x0001d4d0, 0x00001ae2,
+	0x0001d4d1, 0x00001ae3,
+	0x0001d4d2, 0x00001ae4,
+	0x0001d4d3, 0x00001ae5,
+	0x0001d4d4, 0x00001ae6,
+	0x0001d4d5, 0x00001ae7,
+	0x0001d4d6, 0x00001ae8,
+	0x0001d4d7, 0x00001ae9,
+	0x0001d4d8, 0x00001aea,
+	0x0001d4d9, 0x00001aeb,
+	0x0001d4da, 0x00001aec,
+	0x0001d4db, 0x00001aed,
+	0x0001d4dc, 0x00001aee,
+	0x0001d4dd, 0x00001aef,
+	0x0001d4de, 0x00001af0,
+	0x0001d4df, 0x00001af1,
+	0x0001d4e0, 0x00001af2,
+	0x0001d4e1, 0x00001af3,
+	0x0001d4e2, 0x00001af4,
+	0x0001d4e3, 0x00001af5,
+	0x0001d4e4, 0x00001af6,
+	0x0001d4e5, 0x00001af7,
+	0x0001d4e6, 0x00001af8,
+	0x0001d4e7, 0x00001af9,
+	0x0001d4e8, 0x00001afa,
+	0x0001d4e9, 0x00001afb,
+	0x0001d4ea, 0x00001afc,
+	0x0001d4eb, 0x00001afd,
+	0x0001d4ec, 0x00001afe,
+	0x0001d4ed, 0x00001aff,
+	0x0001d4ee, 0x00001b00,
+	0x0001d4ef, 0x00001b01,
+	0x0001d4f0, 0x00001b02,
+	0x0001d4f1, 0x00001b03,
+	0x0001d4f2, 0x00001b04,
+	0x0001d4f3, 0x00001b05,
+	0x0001d4f4, 0x00001b06,
+	0x0001d4f5, 0x00001b07,
+	0x0001d4f6, 0x00001b08,
+	0x0001d4f7, 0x00001b09,
+	0x0001d4f8, 0x00001b0a,
+	0x0001d4f9, 0x00001b0b,
+	0x0001d4fa, 0x00001b0c,
+	0x0001d4fb, 0x00001b0d,
+	0x0001d4fc, 0x00001b0e,
+	0x0001d4fd, 0x00001b0f,
+	0x0001d4fe, 0x00001b10,
+	0x0001d4ff, 0x00001b11,
+	0x0001d500, 0x00001b12,
+	0x0001d501, 0x00001b13,
+	0x0001d502, 0x00001b14,
+	0x0001d503, 0x00001b15,
+	0x0001d504, 0x00001b16,
+	0x0001d505, 0x00001b17,
+	0x0001d507, 0x00001b18,
+	0x0001d508, 0x00001b19,
+	0x0001d509, 0x00001b1a,
+	0x0001d50a, 0x00001b1b,
+	0x0001d50d, 0x00001b1c,
+	0x0001d50e, 0x00001b1d,
+	0x0001d50f, 0x00001b1e,
+	0x0001d510, 0x00001b1f,
+	0x0001d511, 0x00001b20,
+	0x0001d512, 0x00001b21,
+	0x0001d513, 0x00001b22,
+	0x0001d514, 0x00001b23,
+	0x0001d516, 0x00001b24,
+	0x0001d517, 0x00001b25,
+	0x0001d518, 0x00001b26,
+	0x0001d519, 0x00001b27,
+	0x0001d51a, 0x00001b28,
+	0x0001d51b, 0x00001b29,
+	0x0001d51c, 0x00001b2a,
+	0x0001d51e, 0x00001b2b,
+	0x0001d51f, 0x00001b2c,
+	0x0001d520, 0x00001b2d,
+	0x0001d521, 0x00001b2e,
+	0x0001d522, 0x00001b2f,
+	0x0001d523, 0x00001b30,
+	0x0001d524, 0x00001b31,
+	0x0001d525, 0x00001b32,
+	0x0001d526, 0x00001b33,
+	0x0001d527, 0x00001b34,
+	0x0001d528, 0x00001b35,
+	0x0001d529, 0x00001b36,
+	0x0001d52a, 0x00001b37,
+	0x0001d52b, 0x00001b38,
+	0x0001d52c, 0x00001b39,
+	0x0001d52d, 0x00001b3a,
+	0x0001d52e, 0x00001b3b,
+	0x0001d52f, 0x00001b3c,
+	0x0001d530, 0x00001b3d,
+	0x0001d531, 0x00001b3e,
+	0x0001d532, 0x00001b3f,
+	0x0001d533, 0x00001b40,
+	0x0001d534, 0x00001b41,
+	0x0001d535, 0x00001b42,
+	0x0001d536, 0x00001b43,
+	0x0001d537, 0x00001b44,
+	0x0001d538, 0x00001b45,
+	0x0001d539, 0x00001b46,
+	0x0001d53b, 0x00001b47,
+	0x0001d53c, 0x00001b48,
+	0x0001d53d, 0x00001b49,
+	0x0001d53e, 0x00001b4a,
+	0x0001d540, 0x00001b4b,
+	0x0001d541, 0x00001b4c,
+	0x0001d542, 0x00001b4d,
+	0x0001d543, 0x00001b4e,
+	0x0001d544, 0x00001b4f,
+	0x0001d546, 0x00001b50,
+	0x0001d54a, 0x00001b51,
+	0x0001d54b, 0x00001b52,
+	0x0001d54c, 0x00001b53,
+	0x0001d54d, 0x00001b54,
+	0x0001d54e, 0x00001b55,
+	0x0001d54f, 0x00001b56,
+	0x0001d550, 0x00001b57,
+	0x0001d552, 0x00001b58,
+	0x0001d553, 0x00001b59,
+	0x0001d554, 0x00001b5a,
+	0x0001d555, 0x00001b5b,
+	0x0001d556, 0x00001b5c,
+	0x0001d557, 0x00001b5d,
+	0x0001d558, 0x00001b5e,
+	0x0001d559, 0x00001b5f,
+	0x0001d55a, 0x00001b60,
+	0x0001d55b, 0x00001b61,
+	0x0001d55c, 0x00001b62,
+	0x0001d55d, 0x00001b63,
+	0x0001d55e, 0x00001b64,
+	0x0001d55f, 0x00001b65,
+	0x0001d560, 0x00001b66,
+	0x0001d561, 0x00001b67,
+	0x0001d562, 0x00001b68,
+	0x0001d563, 0x00001b69,
+	0x0001d564, 0x00001b6a,
+	0x0001d565, 0x00001b6b,
+	0x0001d566, 0x00001b6c,
+	0x0001d567, 0x00001b6d,
+	0x0001d568, 0x00001b6e,
+	0x0001d569, 0x00001b6f,
+	0x0001d56a, 0x00001b70,
+	0x0001d56b, 0x00001b71,
+	0x0001d56c, 0x00001b72,
+	0x0001d56d, 0x00001b73,
+	0x0001d56e, 0x00001b74,
+	0x0001d56f, 0x00001b75,
+	0x0001d570, 0x00001b76,
+	0x0001d571, 0x00001b77,
+	0x0001d572, 0x00001b78,
+	0x0001d573, 0x00001b79,
+	0x0001d574, 0x00001b7a,
+	0x0001d575, 0x00001b7b,
+	0x0001d576, 0x00001b7c,
+	0x0001d577, 0x00001b7d,
+	0x0001d578, 0x00001b7e,
+	0x0001d579, 0x00001b7f,
+	0x0001d57a, 0x00001b80,
+	0x0001d57b, 0x00001b81,
+	0x0001d57c, 0x00001b82,
+	0x0001d57d, 0x00001b83,
+	0x0001d57e, 0x00001b84,
+	0x0001d57f, 0x00001b85,
+	0x0001d580, 0x00001b86,
+	0x0001d581, 0x00001b87,
+	0x0001d582, 0x00001b88,
+	0x0001d583, 0x00001b89,
+	0x0001d584, 0x00001b8a,
+	0x0001d585, 0x00001b8b,
+	0x0001d586, 0x00001b8c,
+	0x0001d587, 0x00001b8d,
+	0x0001d588, 0x00001b8e,
+	0x0001d589, 0x00001b8f,
+	0x0001d58a, 0x00001b90,
+	0x0001d58b, 0x00001b91,
+	0x0001d58c, 0x00001b92,
+	0x0001d58d, 0x00001b93,
+	0x0001d58e, 0x00001b94,
+	0x0001d58f, 0x00001b95,
+	0x0001d590, 0x00001b96,
+	0x0001d591, 0x00001b97,
+	0x0001d592, 0x00001b98,
+	0x0001d593, 0x00001b99,
+	0x0001d594, 0x00001b9a,
+	0x0001d595, 0x00001b9b,
+	0x0001d596, 0x00001b9c,
+	0x0001d597, 0x00001b9d,
+	0x0001d598, 0x00001b9e,
+	0x0001d599, 0x00001b9f,
+	0x0001d59a, 0x00001ba0,
+	0x0001d59b, 0x00001ba1,
+	0x0001d59c, 0x00001ba2,
+	0x0001d59d, 0x00001ba3,
+	0x0001d59e, 0x00001ba4,
+	0x0001d59f, 0x00001ba5,
+	0x0001d5a0, 0x00001ba6,
+	0x0001d5a1, 0x00001ba7,
+	0x0001d5a2, 0x00001ba8,
+	0x0001d5a3, 0x00001ba9,
+	0x0001d5a4, 0x00001baa,
+	0x0001d5a5, 0x00001bab,
+	0x0001d5a6, 0x00001bac,
+	0x0001d5a7, 0x00001bad,
+	0x0001d5a8, 0x00001bae,
+	0x0001d5a9, 0x00001baf,
+	0x0001d5aa, 0x00001bb0,
+	0x0001d5ab, 0x00001bb1,
+	0x0001d5ac, 0x00001bb2,
+	0x0001d5ad, 0x00001bb3,
+	0x0001d5ae, 0x00001bb4,
+	0x0001d5af, 0x00001bb5,
+	0x0001d5b0, 0x00001bb6,
+	0x0001d5b1, 0x00001bb7,
+	0x0001d5b2, 0x00001bb8,
+	0x0001d5b3, 0x00001bb9,
+	0x0001d5b4, 0x00001bba,
+	0x0001d5b5, 0x00001bbb,
+	0x0001d5b6, 0x00001bbc,
+	0x0001d5b7, 0x00001bbd,
+	0x0001d5b8, 0x00001bbe,
+	0x0001d5b9, 0x00001bbf,
+	0x0001d5ba, 0x00001bc0,
+	0x0001d5bb, 0x00001bc1,
+	0x0001d5bc, 0x00001bc2,
+	0x0001d5bd, 0x00001bc3,
+	0x0001d5be, 0x00001bc4,
+	0x0001d5bf, 0x00001bc5,
+	0x0001d5c0, 0x00001bc6,
+	0x0001d5c1, 0x00001bc7,
+	0x0001d5c2, 0x00001bc8,
+	0x0001d5c3, 0x00001bc9,
+	0x0001d5c4, 0x00001bca,
+	0x0001d5c5, 0x00001bcb,
+	0x0001d5c6, 0x00001bcc,
+	0x0001d5c7, 0x00001bcd,
+	0x0001d5c8, 0x00001bce,
+	0x0001d5c9, 0x00001bcf,
+	0x0001d5ca, 0x00001bd0,
+	0x0001d5cb, 0x00001bd1,
+	0x0001d5cc, 0x00001bd2,
+	0x0001d5cd, 0x00001bd3,
+	0x0001d5ce, 0x00001bd4,
+	0x0001d5cf, 0x00001bd5,
+	0x0001d5d0, 0x00001bd6,
+	0x0001d5d1, 0x00001bd7,
+	0x0001d5d2, 0x00001bd8,
+	0x0001d5d3, 0x00001bd9,
+	0x0001d5d4, 0x00001bda,
+	0x0001d5d5, 0x00001bdb,
+	0x0001d5d6, 0x00001bdc,
+	0x0001d5d7, 0x00001bdd,
+	0x0001d5d8, 0x00001bde,
+	0x0001d5d9, 0x00001bdf,
+	0x0001d5da, 0x00001be0,
+	0x0001d5db, 0x00001be1,
+	0x0001d5dc, 0x00001be2,
+	0x0001d5dd, 0x00001be3,
+	0x0001d5de, 0x00001be4,
+	0x0001d5df, 0x00001be5,
+	0x0001d5e0, 0x00001be6,
+	0x0001d5e1, 0x00001be7,
+	0x0001d5e2, 0x00001be8,
+	0x0001d5e3, 0x00001be9,
+	0x0001d5e4, 0x00001bea,
+	0x0001d5e5, 0x00001beb,
+	0x0001d5e6, 0x00001bec,
+	0x0001d5e7, 0x00001bed,
+	0x0001d5e8, 0x00001bee,
+	0x0001d5e9, 0x00001bef,
+	0x0001d5ea, 0x00001bf0,
+	0x0001d5eb, 0x00001bf1,
+	0x0001d5ec, 0x00001bf2,
+	0x0001d5ed, 0x00001bf3,
+	0x0001d5ee, 0x00001bf4,
+	0x0001d5ef, 0x00001bf5,
+	0x0001d5f0, 0x00001bf6,
+	0x0001d5f1, 0x00001bf7,
+	0x0001d5f2, 0x00001bf8,
+	0x0001d5f3, 0x00001bf9,
+	0x0001d5f4, 0x00001bfa,
+	0x0001d5f5, 0x00001bfb,
+	0x0001d5f6, 0x00001bfc,
+	0x0001d5f7, 0x00001bfd,
+	0x0001d5f8, 0x00001bfe,
+	0x0001d5f9, 0x00001bff,
+	0x0001d5fa, 0x00001c00,
+	0x0001d5fb, 0x00001c01,
+	0x0001d5fc, 0x00001c02,
+	0x0001d5fd, 0x00001c03,
+	0x0001d5fe, 0x00001c04,
+	0x0001d5ff, 0x00001c05,
+	0x0001d600, 0x00001c06,
+	0x0001d601, 0x00001c07,
+	0x0001d602, 0x00001c08,
+	0x0001d603, 0x00001c09,
+	0x0001d604, 0x00001c0a,
+	0x0001d605, 0x00001c0b,
+	0x0001d606, 0x00001c0c,
+	0x0001d607, 0x00001c0d,
+	0x0001d608, 0x00001c0e,
+	0x0001d609, 0x00001c0f,
+	0x0001d60a, 0x00001c10,
+	0x0001d60b, 0x00001c11,
+	0x0001d60c, 0x00001c12,
+	0x0001d60d, 0x00001c13,
+	0x0001d60e, 0x00001c14,
+	0x0001d60f, 0x00001c15,
+	0x0001d610, 0x00001c16,
+	0x0001d611, 0x00001c17,
+	0x0001d612, 0x00001c18,
+	0x0001d613, 0x00001c19,
+	0x0001d614, 0x00001c1a,
+	0x0001d615, 0x00001c1b,
+	0x0001d616, 0x00001c1c,
+	0x0001d617, 0x00001c1d,
+	0x0001d618, 0x00001c1e,
+	0x0001d619, 0x00001c1f,
+	0x0001d61a, 0x00001c20,
+	0x0001d61b, 0x00001c21,
+	0x0001d61c, 0x00001c22,
+	0x0001d61d, 0x00001c23,
+	0x0001d61e, 0x00001c24,
+	0x0001d61f, 0x00001c25,
+	0x0001d620, 0x00001c26,
+	0x0001d621, 0x00001c27,
+	0x0001d622, 0x00001c28,
+	0x0001d623, 0x00001c29,
+	0x0001d624, 0x00001c2a,
+	0x0001d625, 0x00001c2b,
+	0x0001d626, 0x00001c2c,
+	0x0001d627, 0x00001c2d,
+	0x0001d628, 0x00001c2e,
+	0x0001d629, 0x00001c2f,
+	0x0001d62a, 0x00001c30,
+	0x0001d62b, 0x00001c31,
+	0x0001d62c, 0x00001c32,
+	0x0001d62d, 0x00001c33,
+	0x0001d62e, 0x00001c34,
+	0x0001d62f, 0x00001c35,
+	0x0001d630, 0x00001c36,
+	0x0001d631, 0x00001c37,
+	0x0001d632, 0x00001c38,
+	0x0001d633, 0x00001c39,
+	0x0001d634, 0x00001c3a,
+	0x0001d635, 0x00001c3b,
+	0x0001d636, 0x00001c3c,
+	0x0001d637, 0x00001c3d,
+	0x0001d638, 0x00001c3e,
+	0x0001d639, 0x00001c3f,
+	0x0001d63a, 0x00001c40,
+	0x0001d63b, 0x00001c41,
+	0x0001d63c, 0x00001c42,
+	0x0001d63d, 0x00001c43,
+	0x0001d63e, 0x00001c44,
+	0x0001d63f, 0x00001c45,
+	0x0001d640, 0x00001c46,
+	0x0001d641, 0x00001c47,
+	0x0001d642, 0x00001c48,
+	0x0001d643, 0x00001c49,
+	0x0001d644, 0x00001c4a,
+	0x0001d645, 0x00001c4b,
+	0x0001d646, 0x00001c4c,
+	0x0001d647, 0x00001c4d,
+	0x0001d648, 0x00001c4e,
+	0x0001d649, 0x00001c4f,
+	0x0001d64a, 0x00001c50,
+	0x0001d64b, 0x00001c51,
+	0x0001d64c, 0x00001c52,
+	0x0001d64d, 0x00001c53,
+	0x0001d64e, 0x00001c54,
+	0x0001d64f, 0x00001c55,
+	0x0001d650, 0x00001c56,
+	0x0001d651, 0x00001c57,
+	0x0001d652, 0x00001c58,
+	0x0001d653, 0x00001c59,
+	0x0001d654, 0x00001c5a,
+	0x0001d655, 0x00001c5b,
+	0x0001d656, 0x00001c5c,
+	0x0001d657, 0x00001c5d,
+	0x0001d658, 0x00001c5e,
+	0x0001d659, 0x00001c5f,
+	0x0001d65a, 0x00001c60,
+	0x0001d65b, 0x00001c61,
+	0x0001d65c, 0x00001c62,
+	0x0001d65d, 0x00001c63,
+	0x0001d65e, 0x00001c64,
+	0x0001d65f, 0x00001c65,
+	0x0001d660, 0x00001c66,
+	0x0001d661, 0x00001c67,
+	0x0001d662, 0x00001c68,
+	0x0001d663, 0x00001c69,
+	0x0001d664, 0x00001c6a,
+	0x0001d665, 0x00001c6b,
+	0x0001d666, 0x00001c6c,
+	0x0001d667, 0x00001c6d,
+	0x0001d668, 0x00001c6e,
+	0x0001d669, 0x00001c6f,
+	0x0001d66a, 0x00001c70,
+	0x0001d66b, 0x00001c71,
+	0x0001d66c, 0x00001c72,
+	0x0001d66d, 0x00001c73,
+	0x0001d66e, 0x00001c74,
+	0x0001d66f, 0x00001c75,
+	0x0001d670, 0x00001c76,
+	0x0001d671, 0x00001c77,
+	0x0001d672, 0x00001c78,
+	0x0001d673, 0x00001c79,
+	0x0001d674, 0x00001c7a,
+	0x0001d675, 0x00001c7b,
+	0x0001d676, 0x00001c7c,
+	0x0001d677, 0x00001c7d,
+	0x0001d678, 0x00001c7e,
+	0x0001d679, 0x00001c7f,
+	0x0001d67a, 0x00001c80,
+	0x0001d67b, 0x00001c81,
+	0x0001d67c, 0x00001c82,
+	0x0001d67d, 0x00001c83,
+	0x0001d67e, 0x00001c84,
+	0x0001d67f, 0x00001c85,
+	0x0001d680, 0x00001c86,
+	0x0001d681, 0x00001c87,
+	0x0001d682, 0x00001c88,
+	0x0001d683, 0x00001c89,
+	0x0001d684, 0x00001c8a,
+	0x0001d685, 0x00001c8b,
+	0x0001d686, 0x00001c8c,
+	0x0001d687, 0x00001c8d,
+	0x0001d688, 0x00001c8e,
+	0x0001d689, 0x00001c8f,
+	0x0001d68a, 0x00001c90,
+	0x0001d68b, 0x00001c91,
+	0x0001d68c, 0x00001c92,
+	0x0001d68d, 0x00001c93,
+	0x0001d68e, 0x00001c94,
+	0x0001d68f, 0x00001c95,
+	0x0001d690, 0x00001c96,
+	0x0001d691, 0x00001c97,
+	0x0001d692, 0x00001c98,
+	0x0001d693, 0x00001c99,
+	0x0001d694, 0x00001c9a,
+	0x0001d695, 0x00001c9b,
+	0x0001d696, 0x00001c9c,
+	0x0001d697, 0x00001c9d,
+	0x0001d698, 0x00001c9e,
+	0x0001d699, 0x00001c9f,
+	0x0001d69a, 0x00001ca0,
+	0x0001d69b, 0x00001ca1,
+	0x0001d69c, 0x00001ca2,
+	0x0001d69d, 0x00001ca3,
+	0x0001d69e, 0x00001ca4,
+	0x0001d69f, 0x00001ca5,
+	0x0001d6a0, 0x00001ca6,
+	0x0001d6a1, 0x00001ca7,
+	0x0001d6a2, 0x00001ca8,
+	0x0001d6a3, 0x00001ca9,
+	0x0001d6a8, 0x00001caa,
+	0x0001d6a9, 0x00001cab,
+	0x0001d6aa, 0x00001cac,
+	0x0001d6ab, 0x00001cad,
+	0x0001d6ac, 0x00001cae,
+	0x0001d6ad, 0x00001caf,
+	0x0001d6ae, 0x00001cb0,
+	0x0001d6af, 0x00001cb1,
+	0x0001d6b0, 0x00001cb2,
+	0x0001d6b1, 0x00001cb3,
+	0x0001d6b2, 0x00001cb4,
+	0x0001d6b3, 0x00001cb5,
+	0x0001d6b4, 0x00001cb6,
+	0x0001d6b5, 0x00001cb7,
+	0x0001d6b6, 0x00001cb8,
+	0x0001d6b7, 0x00001cb9,
+	0x0001d6b8, 0x00001cba,
+	0x0001d6b9, 0x00001cbb,
+	0x0001d6ba, 0x00001cbc,
+	0x0001d6bb, 0x00001cbd,
+	0x0001d6bc, 0x00001cbe,
+	0x0001d6bd, 0x00001cbf,
+	0x0001d6be, 0x00001cc0,
+	0x0001d6bf, 0x00001cc1,
+	0x0001d6c0, 0x00001cc2,
+	0x0001d6c1, 0x00001cc3,
+	0x0001d6c2, 0x00001cc4,
+	0x0001d6c3, 0x00001cc5,
+	0x0001d6c4, 0x00001cc6,
+	0x0001d6c5, 0x00001cc7,
+	0x0001d6c6, 0x00001cc8,
+	0x0001d6c7, 0x00001cc9,
+	0x0001d6c8, 0x00001cca,
+	0x0001d6c9, 0x00001ccb,
+	0x0001d6ca, 0x00001ccc,
+	0x0001d6cb, 0x00001ccd,
+	0x0001d6cc, 0x00001cce,
+	0x0001d6cd, 0x00001ccf,
+	0x0001d6ce, 0x00001cd0,
+	0x0001d6cf, 0x00001cd1,
+	0x0001d6d0, 0x00001cd2,
+	0x0001d6d1, 0x00001cd3,
+	0x0001d6d2, 0x00001cd4,
+	0x0001d6d3, 0x00001cd5,
+	0x0001d6d4, 0x00001cd6,
+	0x0001d6d5, 0x00001cd7,
+	0x0001d6d6, 0x00001cd8,
+	0x0001d6d7, 0x00001cd9,
+	0x0001d6d8, 0x00001cda,
+	0x0001d6d9, 0x00001cdb,
+	0x0001d6da, 0x00001cdc,
+	0x0001d6db, 0x00001cdd,
+	0x0001d6dc, 0x00001cde,
+	0x0001d6dd, 0x00001cdf,
+	0x0001d6de, 0x00001ce0,
+	0x0001d6df, 0x00001ce1,
+	0x0001d6e0, 0x00001ce2,
+	0x0001d6e1, 0x00001ce3,
+	0x0001d6e2, 0x00001ce4,
+	0x0001d6e3, 0x00001ce5,
+	0x0001d6e4, 0x00001ce6,
+	0x0001d6e5, 0x00001ce7,
+	0x0001d6e6, 0x00001ce8,
+	0x0001d6e7, 0x00001ce9,
+	0x0001d6e8, 0x00001cea,
+	0x0001d6e9, 0x00001ceb,
+	0x0001d6ea, 0x00001cec,
+	0x0001d6eb, 0x00001ced,
+	0x0001d6ec, 0x00001cee,
+	0x0001d6ed, 0x00001cef,
+	0x0001d6ee, 0x00001cf0,
+	0x0001d6ef, 0x00001cf1,
+	0x0001d6f0, 0x00001cf2,
+	0x0001d6f1, 0x00001cf3,
+	0x0001d6f2, 0x00001cf4,
+	0x0001d6f3, 0x00001cf5,
+	0x0001d6f4, 0x00001cf6,
+	0x0001d6f5, 0x00001cf7,
+	0x0001d6f6, 0x00001cf8,
+	0x0001d6f7, 0x00001cf9,
+	0x0001d6f8, 0x00001cfa,
+	0x0001d6f9, 0x00001cfb,
+	0x0001d6fa, 0x00001cfc,
+	0x0001d6fb, 0x00001cfd,
+	0x0001d6fc, 0x00001cfe,
+	0x0001d6fd, 0x00001cff,
+	0x0001d6fe, 0x00001d00,
+	0x0001d6ff, 0x00001d01,
+	0x0001d700, 0x00001d02,
+	0x0001d701, 0x00001d03,
+	0x0001d702, 0x00001d04,
+	0x0001d703, 0x00001d05,
+	0x0001d704, 0x00001d06,
+	0x0001d705, 0x00001d07,
+	0x0001d706, 0x00001d08,
+	0x0001d707, 0x00001d09,
+	0x0001d708, 0x00001d0a,
+	0x0001d709, 0x00001d0b,
+	0x0001d70a, 0x00001d0c,
+	0x0001d70b, 0x00001d0d,
+	0x0001d70c, 0x00001d0e,
+	0x0001d70d, 0x00001d0f,
+	0x0001d70e, 0x00001d10,
+	0x0001d70f, 0x00001d11,
+	0x0001d710, 0x00001d12,
+	0x0001d711, 0x00001d13,
+	0x0001d712, 0x00001d14,
+	0x0001d713, 0x00001d15,
+	0x0001d714, 0x00001d16,
+	0x0001d715, 0x00001d17,
+	0x0001d716, 0x00001d18,
+	0x0001d717, 0x00001d19,
+	0x0001d718, 0x00001d1a,
+	0x0001d719, 0x00001d1b,
+	0x0001d71a, 0x00001d1c,
+	0x0001d71b, 0x00001d1d,
+	0x0001d71c, 0x00001d1e,
+	0x0001d71d, 0x00001d1f,
+	0x0001d71e, 0x00001d20,
+	0x0001d71f, 0x00001d21,
+	0x0001d720, 0x00001d22,
+	0x0001d721, 0x00001d23,
+	0x0001d722, 0x00001d24,
+	0x0001d723, 0x00001d25,
+	0x0001d724, 0x00001d26,
+	0x0001d725, 0x00001d27,
+	0x0001d726, 0x00001d28,
+	0x0001d727, 0x00001d29,
+	0x0001d728, 0x00001d2a,
+	0x0001d729, 0x00001d2b,
+	0x0001d72a, 0x00001d2c,
+	0x0001d72b, 0x00001d2d,
+	0x0001d72c, 0x00001d2e,
+	0x0001d72d, 0x00001d2f,
+	0x0001d72e, 0x00001d30,
+	0x0001d72f, 0x00001d31,
+	0x0001d730, 0x00001d32,
+	0x0001d731, 0x00001d33,
+	0x0001d732, 0x00001d34,
+	0x0001d733, 0x00001d35,
+	0x0001d734, 0x00001d36,
+	0x0001d735, 0x00001d37,
+	0x0001d736, 0x00001d38,
+	0x0001d737, 0x00001d39,
+	0x0001d738, 0x00001d3a,
+	0x0001d739, 0x00001d3b,
+	0x0001d73a, 0x00001d3c,
+	0x0001d73b, 0x00001d3d,
+	0x0001d73c, 0x00001d3e,
+	0x0001d73d, 0x00001d3f,
+	0x0001d73e, 0x00001d40,
+	0x0001d73f, 0x00001d41,
+	0x0001d740, 0x00001d42,
+	0x0001d741, 0x00001d43,
+	0x0001d742, 0x00001d44,
+	0x0001d743, 0x00001d45,
+	0x0001d744, 0x00001d46,
+	0x0001d745, 0x00001d47,
+	0x0001d746, 0x00001d48,
+	0x0001d747, 0x00001d49,
+	0x0001d748, 0x00001d4a,
+	0x0001d749, 0x00001d4b,
+	0x0001d74a, 0x00001d4c,
+	0x0001d74b, 0x00001d4d,
+	0x0001d74c, 0x00001d4e,
+	0x0001d74d, 0x00001d4f,
+	0x0001d74e, 0x00001d50,
+	0x0001d74f, 0x00001d51,
+	0x0001d750, 0x00001d52,
+	0x0001d751, 0x00001d53,
+	0x0001d752, 0x00001d54,
+	0x0001d753, 0x00001d55,
+	0x0001d754, 0x00001d56,
+	0x0001d755, 0x00001d57,
+	0x0001d756, 0x00001d58,
+	0x0001d757, 0x00001d59,
+	0x0001d758, 0x00001d5a,
+	0x0001d759, 0x00001d5b,
+	0x0001d75a, 0x00001d5c,
+	0x0001d75b, 0x00001d5d,
+	0x0001d75c, 0x00001d5e,
+	0x0001d75d, 0x00001d5f,
+	0x0001d75e, 0x00001d60,
+	0x0001d75f, 0x00001d61,
+	0x0001d760, 0x00001d62,
+	0x0001d761, 0x00001d63,
+	0x0001d762, 0x00001d64,
+	0x0001d763, 0x00001d65,
+	0x0001d764, 0x00001d66,
+	0x0001d765, 0x00001d67,
+	0x0001d766, 0x00001d68,
+	0x0001d767, 0x00001d69,
+	0x0001d768, 0x00001d6a,
+	0x0001d769, 0x00001d6b,
+	0x0001d76a, 0x00001d6c,
+	0x0001d76b, 0x00001d6d,
+	0x0001d76c, 0x00001d6e,
+	0x0001d76d, 0x00001d6f,
+	0x0001d76e, 0x00001d70,
+	0x0001d76f, 0x00001d71,
+	0x0001d770, 0x00001d72,
+	0x0001d771, 0x00001d73,
+	0x0001d772, 0x00001d74,
+	0x0001d773, 0x00001d75,
+	0x0001d774, 0x00001d76,
+	0x0001d775, 0x00001d77,
+	0x0001d776, 0x00001d78,
+	0x0001d777, 0x00001d79,
+	0x0001d778, 0x00001d7a,
+	0x0001d779, 0x00001d7b,
+	0x0001d77a, 0x00001d7c,
+	0x0001d77b, 0x00001d7d,
+	0x0001d77c, 0x00001d7e,
+	0x0001d77d, 0x00001d7f,
+	0x0001d77e, 0x00001d80,
+	0x0001d77f, 0x00001d81,
+	0x0001d780, 0x00001d82,
+	0x0001d781, 0x00001d83,
+	0x0001d782, 0x00001d84,
+	0x0001d783, 0x00001d85,
+	0x0001d784, 0x00001d86,
+	0x0001d785, 0x00001d87,
+	0x0001d786, 0x00001d88,
+	0x0001d787, 0x00001d89,
+	0x0001d788, 0x00001d8a,
+	0x0001d789, 0x00001d8b,
+	0x0001d78a, 0x00001d8c,
+	0x0001d78b, 0x00001d8d,
+	0x0001d78c, 0x00001d8e,
+	0x0001d78d, 0x00001d8f,
+	0x0001d78e, 0x00001d90,
+	0x0001d78f, 0x00001d91,
+	0x0001d790, 0x00001d92,
+	0x0001d791, 0x00001d93,
+	0x0001d792, 0x00001d94,
+	0x0001d793, 0x00001d95,
+	0x0001d794, 0x00001d96,
+	0x0001d795, 0x00001d97,
+	0x0001d796, 0x00001d98,
+	0x0001d797, 0x00001d99,
+	0x0001d798, 0x00001d9a,
+	0x0001d799, 0x00001d9b,
+	0x0001d79a, 0x00001d9c,
+	0x0001d79b, 0x00001d9d,
+	0x0001d79c, 0x00001d9e,
+	0x0001d79d, 0x00001d9f,
+	0x0001d79e, 0x00001da0,
+	0x0001d79f, 0x00001da1,
+	0x0001d7a0, 0x00001da2,
+	0x0001d7a1, 0x00001da3,
+	0x0001d7a2, 0x00001da4,
+	0x0001d7a3, 0x00001da5,
+	0x0001d7a4, 0x00001da6,
+	0x0001d7a5, 0x00001da7,
+	0x0001d7a6, 0x00001da8,
+	0x0001d7a7, 0x00001da9,
+	0x0001d7a8, 0x00001daa,
+	0x0001d7a9, 0x00001dab,
+	0x0001d7aa, 0x00001dac,
+	0x0001d7ab, 0x00001dad,
+	0x0001d7ac, 0x00001dae,
+	0x0001d7ad, 0x00001daf,
+	0x0001d7ae, 0x00001db0,
+	0x0001d7af, 0x00001db1,
+	0x0001d7b0, 0x00001db2,
+	0x0001d7b1, 0x00001db3,
+	0x0001d7b2, 0x00001db4,
+	0x0001d7b3, 0x00001db5,
+	0x0001d7b4, 0x00001db6,
+	0x0001d7b5, 0x00001db7,
+	0x0001d7b6, 0x00001db8,
+	0x0001d7b7, 0x00001db9,
+	0x0001d7b8, 0x00001dba,
+	0x0001d7b9, 0x00001dbb,
+	0x0001d7ba, 0x00001dbc,
+	0x0001d7bb, 0x00001dbd,
+	0x0001d7bc, 0x00001dbe,
+	0x0001d7bd, 0x00001dbf,
+	0x0001d7be, 0x00001dc0,
+	0x0001d7bf, 0x00001dc1,
+	0x0001d7c0, 0x00001dc2,
+	0x0001d7c1, 0x00001dc3,
+	0x0001d7c2, 0x00001dc4,
+	0x0001d7c3, 0x00001dc5,
+	0x0001d7c4, 0x00001dc6,
+	0x0001d7c5, 0x00001dc7,
+	0x0001d7c6, 0x00001dc8,
+	0x0001d7c7, 0x00001dc9,
+	0x0001d7c8, 0x00001dca,
+	0x0001d7c9, 0x00001dcb,
+	0x0001d7ce, 0x00001dcc,
+	0x0001d7cf, 0x00001dcd,
+	0x0001d7d0, 0x00001dce,
+	0x0001d7d1, 0x00001dcf,
+	0x0001d7d2, 0x00001dd0,
+	0x0001d7d3, 0x00001dd1,
+	0x0001d7d4, 0x00001dd2,
+	0x0001d7d5, 0x00001dd3,
+	0x0001d7d6, 0x00001dd4,
+	0x0001d7d7, 0x00001dd5,
+	0x0001d7d8, 0x00001dd6,
+	0x0001d7d9, 0x00001dd7,
+	0x0001d7da, 0x00001dd8,
+	0x0001d7db, 0x00001dd9,
+	0x0001d7dc, 0x00001dda,
+	0x0001d7dd, 0x00001ddb,
+	0x0001d7de, 0x00001ddc,
+	0x0001d7df, 0x00001ddd,
+	0x0001d7e0, 0x00001dde,
+	0x0001d7e1, 0x00001ddf,
+	0x0001d7e2, 0x00001de0,
+	0x0001d7e3, 0x00001de1,
+	0x0001d7e4, 0x00001de2,
+	0x0001d7e5, 0x00001de3,
+	0x0001d7e6, 0x00001de4,
+	0x0001d7e7, 0x00001de5,
+	0x0001d7e8, 0x00001de6,
+	0x0001d7e9, 0x00001de7,
+	0x0001d7ea, 0x00001de8,
+	0x0001d7eb, 0x00001de9,
+	0x0001d7ec, 0x00001dea,
+	0x0001d7ed, 0x00001deb,
+	0x0001d7ee, 0x00001dec,
+	0x0001d7ef, 0x00001ded,
+	0x0001d7f0, 0x00001dee,
+	0x0001d7f1, 0x00001def,
+	0x0001d7f2, 0x00001df0,
+	0x0001d7f3, 0x00001df1,
+	0x0001d7f4, 0x00001df2,
+	0x0001d7f5, 0x00001df3,
+	0x0001d7f6, 0x00001df4,
+	0x0001d7f7, 0x00001df5,
+	0x0001d7f8, 0x00001df6,
+	0x0001d7f9, 0x00001df7,
+	0x0001d7fa, 0x00001df8,
+	0x0001d7fb, 0x00001df9,
+	0x0001d7fc, 0x00001dfa,
+	0x0001d7fd, 0x00001dfb,
+	0x0001d7fe, 0x00001dfc,
+	0x0001d7ff, 0x00001dfd,
+	0x0002f800, 0x00001dfe,
+	0x0002f801, 0x00001dff,
+	0x0002f802, 0x00001e00,
+	0x0002f803, 0x00001e01,
+	0x0002f804, 0x00001e02,
+	0x0002f805, 0x00001e03,
+	0x0002f806, 0x00001e04,
+	0x0002f807, 0x00001e05,
+	0x0002f808, 0x00001e06,
+	0x0002f809, 0x00001e07,
+	0x0002f80a, 0x00001e08,
+	0x0002f80b, 0x00001e09,
+	0x0002f80c, 0x00001e0a,
+	0x0002f80d, 0x00001e0b,
+	0x0002f80e, 0x00001e0c,
+	0x0002f80f, 0x00001e0d,
+	0x0002f810, 0x00001e0e,
+	0x0002f811, 0x00001e0f,
+	0x0002f812, 0x00001e10,
+	0x0002f813, 0x00001e11,
+	0x0002f814, 0x00001e12,
+	0x0002f815, 0x00001e13,
+	0x0002f816, 0x00001e14,
+	0x0002f817, 0x00001e15,
+	0x0002f818, 0x00001e16,
+	0x0002f819, 0x00001e17,
+	0x0002f81a, 0x00001e18,
+	0x0002f81b, 0x00001e19,
+	0x0002f81c, 0x00001e1a,
+	0x0002f81d, 0x00001e1b,
+	0x0002f81e, 0x00001e1c,
+	0x0002f81f, 0x00001e1d,
+	0x0002f820, 0x00001e1e,
+	0x0002f821, 0x00001e1f,
+	0x0002f822, 0x00001e20,
+	0x0002f823, 0x00001e21,
+	0x0002f824, 0x00001e22,
+	0x0002f825, 0x00001e23,
+	0x0002f826, 0x00001e24,
+	0x0002f827, 0x00001e25,
+	0x0002f828, 0x00001e26,
+	0x0002f829, 0x00001e27,
+	0x0002f82a, 0x00001e28,
+	0x0002f82b, 0x00001e29,
+	0x0002f82c, 0x00001e2a,
+	0x0002f82d, 0x00001e2b,
+	0x0002f82e, 0x00001e2c,
+	0x0002f82f, 0x00001e2d,
+	0x0002f830, 0x00001e2e,
+	0x0002f831, 0x00001e2f,
+	0x0002f832, 0x00001e30,
+	0x0002f833, 0x00001e31,
+	0x0002f834, 0x00001e32,
+	0x0002f835, 0x00001e33,
+	0x0002f836, 0x00001e34,
+	0x0002f837, 0x00001e35,
+	0x0002f838, 0x00001e36,
+	0x0002f839, 0x00001e37,
+	0x0002f83a, 0x00001e38,
+	0x0002f83b, 0x00001e39,
+	0x0002f83c, 0x00001e3a,
+	0x0002f83d, 0x00001e3b,
+	0x0002f83e, 0x00001e3c,
+	0x0002f83f, 0x00001e3d,
+	0x0002f840, 0x00001e3e,
+	0x0002f841, 0x00001e3f,
+	0x0002f842, 0x00001e40,
+	0x0002f843, 0x00001e41,
+	0x0002f844, 0x00001e42,
+	0x0002f845, 0x00001e43,
+	0x0002f846, 0x00001e44,
+	0x0002f847, 0x00001e45,
+	0x0002f848, 0x00001e46,
+	0x0002f849, 0x00001e47,
+	0x0002f84a, 0x00001e48,
+	0x0002f84b, 0x00001e49,
+	0x0002f84c, 0x00001e4a,
+	0x0002f84d, 0x00001e4b,
+	0x0002f84e, 0x00001e4c,
+	0x0002f84f, 0x00001e4d,
+	0x0002f850, 0x00001e4e,
+	0x0002f851, 0x00001e4f,
+	0x0002f852, 0x00001e50,
+	0x0002f853, 0x00001e51,
+	0x0002f854, 0x00001e52,
+	0x0002f855, 0x00001e53,
+	0x0002f856, 0x00001e54,
+	0x0002f857, 0x00001e55,
+	0x0002f858, 0x00001e56,
+	0x0002f859, 0x00001e57,
+	0x0002f85a, 0x00001e58,
+	0x0002f85b, 0x00001e59,
+	0x0002f85c, 0x00001e5a,
+	0x0002f85d, 0x00001e5b,
+	0x0002f85e, 0x00001e5c,
+	0x0002f85f, 0x00001e5d,
+	0x0002f860, 0x00001e5e,
+	0x0002f861, 0x00001e5f,
+	0x0002f862, 0x00001e60,
+	0x0002f863, 0x00001e61,
+	0x0002f864, 0x00001e62,
+	0x0002f865, 0x00001e63,
+	0x0002f866, 0x00001e64,
+	0x0002f867, 0x00001e65,
+	0x0002f868, 0x00001e66,
+	0x0002f869, 0x00001e67,
+	0x0002f86a, 0x00001e68,
+	0x0002f86b, 0x00001e69,
+	0x0002f86c, 0x00001e6a,
+	0x0002f86d, 0x00001e6b,
+	0x0002f86e, 0x00001e6c,
+	0x0002f86f, 0x00001e6d,
+	0x0002f870, 0x00001e6e,
+	0x0002f871, 0x00001e6f,
+	0x0002f872, 0x00001e70,
+	0x0002f873, 0x00001e71,
+	0x0002f874, 0x00001e72,
+	0x0002f875, 0x00001e73,
+	0x0002f876, 0x00001e74,
+	0x0002f877, 0x00001e75,
+	0x0002f878, 0x00001e76,
+	0x0002f879, 0x00001e77,
+	0x0002f87a, 0x00001e78,
+	0x0002f87b, 0x00001e79,
+	0x0002f87c, 0x00001e7a,
+	0x0002f87d, 0x00001e7b,
+	0x0002f87e, 0x00001e7c,
+	0x0002f87f, 0x00001e7d,
+	0x0002f880, 0x00001e7e,
+	0x0002f881, 0x00001e7f,
+	0x0002f882, 0x00001e80,
+	0x0002f883, 0x00001e81,
+	0x0002f884, 0x00001e82,
+	0x0002f885, 0x00001e83,
+	0x0002f886, 0x00001e84,
+	0x0002f887, 0x00001e85,
+	0x0002f888, 0x00001e86,
+	0x0002f889, 0x00001e87,
+	0x0002f88a, 0x00001e88,
+	0x0002f88b, 0x00001e89,
+	0x0002f88c, 0x00001e8a,
+	0x0002f88d, 0x00001e8b,
+	0x0002f88e, 0x00001e8c,
+	0x0002f88f, 0x00001e8d,
+	0x0002f890, 0x00001e8e,
+	0x0002f891, 0x00001e8f,
+	0x0002f892, 0x00001e90,
+	0x0002f893, 0x00001e91,
+	0x0002f894, 0x00001e92,
+	0x0002f895, 0x00001e93,
+	0x0002f896, 0x00001e94,
+	0x0002f897, 0x00001e95,
+	0x0002f898, 0x00001e96,
+	0x0002f899, 0x00001e97,
+	0x0002f89a, 0x00001e98,
+	0x0002f89b, 0x00001e99,
+	0x0002f89c, 0x00001e9a,
+	0x0002f89d, 0x00001e9b,
+	0x0002f89e, 0x00001e9c,
+	0x0002f89f, 0x00001e9d,
+	0x0002f8a0, 0x00001e9e,
+	0x0002f8a1, 0x00001e9f,
+	0x0002f8a2, 0x00001ea0,
+	0x0002f8a3, 0x00001ea1,
+	0x0002f8a4, 0x00001ea2,
+	0x0002f8a5, 0x00001ea3,
+	0x0002f8a6, 0x00001ea4,
+	0x0002f8a7, 0x00001ea5,
+	0x0002f8a8, 0x00001ea6,
+	0x0002f8a9, 0x00001ea7,
+	0x0002f8aa, 0x00001ea8,
+	0x0002f8ab, 0x00001ea9,
+	0x0002f8ac, 0x00001eaa,
+	0x0002f8ad, 0x00001eab,
+	0x0002f8ae, 0x00001eac,
+	0x0002f8af, 0x00001ead,
+	0x0002f8b0, 0x00001eae,
+	0x0002f8b1, 0x00001eaf,
+	0x0002f8b2, 0x00001eb0,
+	0x0002f8b3, 0x00001eb1,
+	0x0002f8b4, 0x00001eb2,
+	0x0002f8b5, 0x00001eb3,
+	0x0002f8b6, 0x00001eb4,
+	0x0002f8b7, 0x00001eb5,
+	0x0002f8b8, 0x00001eb6,
+	0x0002f8b9, 0x00001eb7,
+	0x0002f8ba, 0x00001eb8,
+	0x0002f8bb, 0x00001eb9,
+	0x0002f8bc, 0x00001eba,
+	0x0002f8bd, 0x00001ebb,
+	0x0002f8be, 0x00001ebc,
+	0x0002f8bf, 0x00001ebd,
+	0x0002f8c0, 0x00001ebe,
+	0x0002f8c1, 0x00001ebf,
+	0x0002f8c2, 0x00001ec0,
+	0x0002f8c3, 0x00001ec1,
+	0x0002f8c4, 0x00001ec2,
+	0x0002f8c5, 0x00001ec3,
+	0x0002f8c6, 0x00001ec4,
+	0x0002f8c7, 0x00001ec5,
+	0x0002f8c8, 0x00001ec6,
+	0x0002f8c9, 0x00001ec7,
+	0x0002f8ca, 0x00001ec8,
+	0x0002f8cb, 0x00001ec9,
+	0x0002f8cc, 0x00001eca,
+	0x0002f8cd, 0x00001ecb,
+	0x0002f8ce, 0x00001ecc,
+	0x0002f8cf, 0x00001ecd,
+	0x0002f8d0, 0x00001ece,
+	0x0002f8d1, 0x00001ecf,
+	0x0002f8d2, 0x00001ed0,
+	0x0002f8d3, 0x00001ed1,
+	0x0002f8d4, 0x00001ed2,
+	0x0002f8d5, 0x00001ed3,
+	0x0002f8d6, 0x00001ed4,
+	0x0002f8d7, 0x00001ed5,
+	0x0002f8d8, 0x00001ed6,
+	0x0002f8d9, 0x00001ed7,
+	0x0002f8da, 0x00001ed8,
+	0x0002f8db, 0x00001ed9,
+	0x0002f8dc, 0x00001eda,
+	0x0002f8dd, 0x00001edb,
+	0x0002f8de, 0x00001edc,
+	0x0002f8df, 0x00001edd,
+	0x0002f8e0, 0x00001ede,
+	0x0002f8e1, 0x00001edf,
+	0x0002f8e2, 0x00001ee0,
+	0x0002f8e3, 0x00001ee1,
+	0x0002f8e4, 0x00001ee2,
+	0x0002f8e5, 0x00001ee3,
+	0x0002f8e6, 0x00001ee4,
+	0x0002f8e7, 0x00001ee5,
+	0x0002f8e8, 0x00001ee6,
+	0x0002f8e9, 0x00001ee7,
+	0x0002f8ea, 0x00001ee8,
+	0x0002f8eb, 0x00001ee9,
+	0x0002f8ec, 0x00001eea,
+	0x0002f8ed, 0x00001eeb,
+	0x0002f8ee, 0x00001eec,
+	0x0002f8ef, 0x00001eed,
+	0x0002f8f0, 0x00001eee,
+	0x0002f8f1, 0x00001eef,
+	0x0002f8f2, 0x00001ef0,
+	0x0002f8f3, 0x00001ef1,
+	0x0002f8f4, 0x00001ef2,
+	0x0002f8f5, 0x00001ef3,
+	0x0002f8f6, 0x00001ef4,
+	0x0002f8f7, 0x00001ef5,
+	0x0002f8f8, 0x00001ef6,
+	0x0002f8f9, 0x00001ef7,
+	0x0002f8fa, 0x00001ef8,
+	0x0002f8fb, 0x00001ef9,
+	0x0002f8fc, 0x00001efa,
+	0x0002f8fd, 0x00001efb,
+	0x0002f8fe, 0x00001efc,
+	0x0002f8ff, 0x00001efd,
+	0x0002f900, 0x00001efe,
+	0x0002f901, 0x00001eff,
+	0x0002f902, 0x00001f00,
+	0x0002f903, 0x00001f01,
+	0x0002f904, 0x00001f02,
+	0x0002f905, 0x00001f03,
+	0x0002f906, 0x00001f04,
+	0x0002f907, 0x00001f05,
+	0x0002f908, 0x00001f06,
+	0x0002f909, 0x00001f07,
+	0x0002f90a, 0x00001f08,
+	0x0002f90b, 0x00001f09,
+	0x0002f90c, 0x00001f0a,
+	0x0002f90d, 0x00001f0b,
+	0x0002f90e, 0x00001f0c,
+	0x0002f90f, 0x00001f0d,
+	0x0002f910, 0x00001f0e,
+	0x0002f911, 0x00001f0f,
+	0x0002f912, 0x00001f10,
+	0x0002f913, 0x00001f11,
+	0x0002f914, 0x00001f12,
+	0x0002f915, 0x00001f13,
+	0x0002f916, 0x00001f14,
+	0x0002f917, 0x00001f15,
+	0x0002f918, 0x00001f16,
+	0x0002f919, 0x00001f17,
+	0x0002f91a, 0x00001f18,
+	0x0002f91b, 0x00001f19,
+	0x0002f91c, 0x00001f1a,
+	0x0002f91d, 0x00001f1b,
+	0x0002f91e, 0x00001f1c,
+	0x0002f91f, 0x00001f1d,
+	0x0002f920, 0x00001f1e,
+	0x0002f921, 0x00001f1f,
+	0x0002f922, 0x00001f20,
+	0x0002f923, 0x00001f21,
+	0x0002f924, 0x00001f22,
+	0x0002f925, 0x00001f23,
+	0x0002f926, 0x00001f24,
+	0x0002f927, 0x00001f25,
+	0x0002f928, 0x00001f26,
+	0x0002f929, 0x00001f27,
+	0x0002f92a, 0x00001f28,
+	0x0002f92b, 0x00001f29,
+	0x0002f92c, 0x00001f2a,
+	0x0002f92d, 0x00001f2b,
+	0x0002f92e, 0x00001f2c,
+	0x0002f92f, 0x00001f2d,
+	0x0002f930, 0x00001f2e,
+	0x0002f931, 0x00001f2f,
+	0x0002f932, 0x00001f30,
+	0x0002f933, 0x00001f31,
+	0x0002f934, 0x00001f32,
+	0x0002f935, 0x00001f33,
+	0x0002f936, 0x00001f34,
+	0x0002f937, 0x00001f35,
+	0x0002f938, 0x00001f36,
+	0x0002f939, 0x00001f37,
+	0x0002f93a, 0x00001f38,
+	0x0002f93b, 0x00001f39,
+	0x0002f93c, 0x00001f3a,
+	0x0002f93d, 0x00001f3b,
+	0x0002f93e, 0x00001f3c,
+	0x0002f93f, 0x00001f3d,
+	0x0002f940, 0x00001f3e,
+	0x0002f941, 0x00001f3f,
+	0x0002f942, 0x00001f40,
+	0x0002f943, 0x00001f41,
+	0x0002f944, 0x00001f42,
+	0x0002f945, 0x00001f43,
+	0x0002f946, 0x00001f44,
+	0x0002f947, 0x00001f45,
+	0x0002f948, 0x00001f46,
+	0x0002f949, 0x00001f47,
+	0x0002f94a, 0x00001f48,
+	0x0002f94b, 0x00001f49,
+	0x0002f94c, 0x00001f4a,
+	0x0002f94d, 0x00001f4b,
+	0x0002f94e, 0x00001f4c,
+	0x0002f94f, 0x00001f4d,
+	0x0002f950, 0x00001f4e,
+	0x0002f951, 0x00001f4f,
+	0x0002f952, 0x00001f50,
+	0x0002f953, 0x00001f51,
+	0x0002f954, 0x00001f52,
+	0x0002f955, 0x00001f53,
+	0x0002f956, 0x00001f54,
+	0x0002f957, 0x00001f55,
+	0x0002f958, 0x00001f56,
+	0x0002f959, 0x00001f57,
+	0x0002f95a, 0x00001f58,
+	0x0002f95b, 0x00001f59,
+	0x0002f95c, 0x00001f5a,
+	0x0002f95d, 0x00001f5b,
+	0x0002f95e, 0x00001f5c,
+	0x0002f95f, 0x00001f5d,
+	0x0002f960, 0x00001f5e,
+	0x0002f961, 0x00001f5f,
+	0x0002f962, 0x00001f60,
+	0x0002f963, 0x00001f61,
+	0x0002f964, 0x00001f62,
+	0x0002f965, 0x00001f63,
+	0x0002f966, 0x00001f64,
+	0x0002f967, 0x00001f65,
+	0x0002f968, 0x00001f66,
+	0x0002f969, 0x00001f67,
+	0x0002f96a, 0x00001f68,
+	0x0002f96b, 0x00001f69,
+	0x0002f96c, 0x00001f6a,
+	0x0002f96d, 0x00001f6b,
+	0x0002f96e, 0x00001f6c,
+	0x0002f96f, 0x00001f6d,
+	0x0002f970, 0x00001f6e,
+	0x0002f971, 0x00001f6f,
+	0x0002f972, 0x00001f70,
+	0x0002f973, 0x00001f71,
+	0x0002f974, 0x00001f72,
+	0x0002f975, 0x00001f73,
+	0x0002f976, 0x00001f74,
+	0x0002f977, 0x00001f75,
+	0x0002f978, 0x00001f76,
+	0x0002f979, 0x00001f77,
+	0x0002f97a, 0x00001f78,
+	0x0002f97b, 0x00001f79,
+	0x0002f97c, 0x00001f7a,
+	0x0002f97d, 0x00001f7b,
+	0x0002f97e, 0x00001f7c,
+	0x0002f97f, 0x00001f7d,
+	0x0002f980, 0x00001f7e,
+	0x0002f981, 0x00001f7f,
+	0x0002f982, 0x00001f80,
+	0x0002f983, 0x00001f81,
+	0x0002f984, 0x00001f82,
+	0x0002f985, 0x00001f83,
+	0x0002f986, 0x00001f84,
+	0x0002f987, 0x00001f85,
+	0x0002f988, 0x00001f86,
+	0x0002f989, 0x00001f87,
+	0x0002f98a, 0x00001f88,
+	0x0002f98b, 0x00001f89,
+	0x0002f98c, 0x00001f8a,
+	0x0002f98d, 0x00001f8b,
+	0x0002f98e, 0x00001f8c,
+	0x0002f98f, 0x00001f8d,
+	0x0002f990, 0x00001f8e,
+	0x0002f991, 0x00001f8f,
+	0x0002f992, 0x00001f90,
+	0x0002f993, 0x00001f91,
+	0x0002f994, 0x00001f92,
+	0x0002f995, 0x00001f93,
+	0x0002f996, 0x00001f94,
+	0x0002f997, 0x00001f95,
+	0x0002f998, 0x00001f96,
+	0x0002f999, 0x00001f97,
+	0x0002f99a, 0x00001f98,
+	0x0002f99b, 0x00001f99,
+	0x0002f99c, 0x00001f9a,
+	0x0002f99d, 0x00001f9b,
+	0x0002f99e, 0x00001f9c,
+	0x0002f99f, 0x00001f9d,
+	0x0002f9a0, 0x00001f9e,
+	0x0002f9a1, 0x00001f9f,
+	0x0002f9a2, 0x00001fa0,
+	0x0002f9a3, 0x00001fa1,
+	0x0002f9a4, 0x00001fa2,
+	0x0002f9a5, 0x00001fa3,
+	0x0002f9a6, 0x00001fa4,
+	0x0002f9a7, 0x00001fa5,
+	0x0002f9a8, 0x00001fa6,
+	0x0002f9a9, 0x00001fa7,
+	0x0002f9aa, 0x00001fa8,
+	0x0002f9ab, 0x00001fa9,
+	0x0002f9ac, 0x00001faa,
+	0x0002f9ad, 0x00001fab,
+	0x0002f9ae, 0x00001fac,
+	0x0002f9af, 0x00001fad,
+	0x0002f9b0, 0x00001fae,
+	0x0002f9b1, 0x00001faf,
+	0x0002f9b2, 0x00001fb0,
+	0x0002f9b3, 0x00001fb1,
+	0x0002f9b4, 0x00001fb2,
+	0x0002f9b5, 0x00001fb3,
+	0x0002f9b6, 0x00001fb4,
+	0x0002f9b7, 0x00001fb5,
+	0x0002f9b8, 0x00001fb6,
+	0x0002f9b9, 0x00001fb7,
+	0x0002f9ba, 0x00001fb8,
+	0x0002f9bb, 0x00001fb9,
+	0x0002f9bc, 0x00001fba,
+	0x0002f9bd, 0x00001fbb,
+	0x0002f9be, 0x00001fbc,
+	0x0002f9bf, 0x00001fbd,
+	0x0002f9c0, 0x00001fbe,
+	0x0002f9c1, 0x00001fbf,
+	0x0002f9c2, 0x00001fc0,
+	0x0002f9c3, 0x00001fc1,
+	0x0002f9c4, 0x00001fc2,
+	0x0002f9c5, 0x00001fc3,
+	0x0002f9c6, 0x00001fc4,
+	0x0002f9c7, 0x00001fc5,
+	0x0002f9c8, 0x00001fc6,
+	0x0002f9c9, 0x00001fc7,
+	0x0002f9ca, 0x00001fc8,
+	0x0002f9cb, 0x00001fc9,
+	0x0002f9cc, 0x00001fca,
+	0x0002f9cd, 0x00001fcb,
+	0x0002f9ce, 0x00001fcc,
+	0x0002f9cf, 0x00001fcd,
+	0x0002f9d0, 0x00001fce,
+	0x0002f9d1, 0x00001fcf,
+	0x0002f9d2, 0x00001fd0,
+	0x0002f9d3, 0x00001fd1,
+	0x0002f9d4, 0x00001fd2,
+	0x0002f9d5, 0x00001fd3,
+	0x0002f9d6, 0x00001fd4,
+	0x0002f9d7, 0x00001fd5,
+	0x0002f9d8, 0x00001fd6,
+	0x0002f9d9, 0x00001fd7,
+	0x0002f9da, 0x00001fd8,
+	0x0002f9db, 0x00001fd9,
+	0x0002f9dc, 0x00001fda,
+	0x0002f9dd, 0x00001fdb,
+	0x0002f9de, 0x00001fdc,
+	0x0002f9df, 0x00001fdd,
+	0x0002f9e0, 0x00001fde,
+	0x0002f9e1, 0x00001fdf,
+	0x0002f9e2, 0x00001fe0,
+	0x0002f9e3, 0x00001fe1,
+	0x0002f9e4, 0x00001fe2,
+	0x0002f9e5, 0x00001fe3,
+	0x0002f9e6, 0x00001fe4,
+	0x0002f9e7, 0x00001fe5,
+	0x0002f9e8, 0x00001fe6,
+	0x0002f9e9, 0x00001fe7,
+	0x0002f9ea, 0x00001fe8,
+	0x0002f9eb, 0x00001fe9,
+	0x0002f9ec, 0x00001fea,
+	0x0002f9ed, 0x00001feb,
+	0x0002f9ee, 0x00001fec,
+	0x0002f9ef, 0x00001fed,
+	0x0002f9f0, 0x00001fee,
+	0x0002f9f1, 0x00001fef,
+	0x0002f9f2, 0x00001ff0,
+	0x0002f9f3, 0x00001ff1,
+	0x0002f9f4, 0x00001ff2,
+	0x0002f9f5, 0x00001ff3,
+	0x0002f9f6, 0x00001ff4,
+	0x0002f9f7, 0x00001ff5,
+	0x0002f9f8, 0x00001ff6,
+	0x0002f9f9, 0x00001ff7,
+	0x0002f9fa, 0x00001ff8,
+	0x0002f9fb, 0x00001ff9,
+	0x0002f9fc, 0x00001ffa,
+	0x0002f9fd, 0x00001ffb,
+	0x0002f9fe, 0x00001ffc,
+	0x0002f9ff, 0x00001ffd,
+	0x0002fa00, 0x00001ffe,
+	0x0002fa01, 0x00001fff,
+	0x0002fa02, 0x00002000,
+	0x0002fa03, 0x00002001,
+	0x0002fa04, 0x00002002,
+	0x0002fa05, 0x00002003,
+	0x0002fa06, 0x00002004,
+	0x0002fa07, 0x00002005,
+	0x0002fa08, 0x00002006,
+	0x0002fa09, 0x00002007,
+	0x0002fa0a, 0x00002008,
+	0x0002fa0b, 0x00002009,
+	0x0002fa0c, 0x0000200a,
+	0x0002fa0d, 0x0000200b,
+	0x0002fa0e, 0x0000200c,
+	0x0002fa0f, 0x0000200d,
+	0x0002fa10, 0x0000200e,
+	0x0002fa11, 0x0000200f,
+	0x0002fa12, 0x00002010,
+	0x0002fa13, 0x00002011,
+	0x0002fa14, 0x00002012,
+	0x0002fa15, 0x00002013,
+	0x0002fa16, 0x00002014,
+	0x0002fa17, 0x00002015,
+	0x0002fa18, 0x00002016,
+	0x0002fa19, 0x00002017,
+	0x0002fa1a, 0x00002018,
+	0x0002fa1b, 0x00002019,
+	0x0002fa1c, 0x0000201a,
+	0x0002fa1d, 0x0000201b,
+	0x0000201c
+};
+
+static const krb5_ui_4 _uckdcmp_decomp[] = {
+	0x00000020, 0x00000020, 0x00000308, 0x00000061,
+	0x00000020, 0x00000304, 0x00000032, 0x00000033,
+	0x00000020, 0x00000301, 0x000003bc, 0x00000020,
+	0x00000327, 0x00000031, 0x0000006f, 0x00000031,
+	0x00002044, 0x00000034, 0x00000031, 0x00002044,
+	0x00000032, 0x00000033, 0x00002044, 0x00000034,
+	0x00000041, 0x00000300, 0x00000041, 0x00000301,
+	0x00000041, 0x00000302, 0x00000041, 0x00000303,
+	0x00000041, 0x00000308, 0x00000041, 0x0000030a,
+	0x00000043, 0x00000327, 0x00000045, 0x00000300,
+	0x00000045, 0x00000301, 0x00000045, 0x00000302,
+	0x00000045, 0x00000308, 0x00000049, 0x00000300,
+	0x00000049, 0x00000301, 0x00000049, 0x00000302,
+	0x00000049, 0x00000308, 0x0000004e, 0x00000303,
+	0x0000004f, 0x00000300, 0x0000004f, 0x00000301,
+	0x0000004f, 0x00000302, 0x0000004f, 0x00000303,
+	0x0000004f, 0x00000308, 0x00000055, 0x00000300,
+	0x00000055, 0x00000301, 0x00000055, 0x00000302,
+	0x00000055, 0x00000308, 0x00000059, 0x00000301,
+	0x00000061, 0x00000300, 0x00000061, 0x00000301,
+	0x00000061, 0x00000302, 0x00000061, 0x00000303,
+	0x00000061, 0x00000308, 0x00000061, 0x0000030a,
+	0x00000063, 0x00000327, 0x00000065, 0x00000300,
+	0x00000065, 0x00000301, 0x00000065, 0x00000302,
+	0x00000065, 0x00000308, 0x00000069, 0x00000300,
+	0x00000069, 0x00000301, 0x00000069, 0x00000302,
+	0x00000069, 0x00000308, 0x0000006e, 0x00000303,
+	0x0000006f, 0x00000300, 0x0000006f, 0x00000301,
+	0x0000006f, 0x00000302, 0x0000006f, 0x00000303,
+	0x0000006f, 0x00000308, 0x00000075, 0x00000300,
+	0x00000075, 0x00000301, 0x00000075, 0x00000302,
+	0x00000075, 0x00000308, 0x00000079, 0x00000301,
+	0x00000079, 0x00000308, 0x00000041, 0x00000304,
+	0x00000061, 0x00000304, 0x00000041, 0x00000306,
+	0x00000061, 0x00000306, 0x00000041, 0x00000328,
+	0x00000061, 0x00000328, 0x00000043, 0x00000301,
+	0x00000063, 0x00000301, 0x00000043, 0x00000302,
+	0x00000063, 0x00000302, 0x00000043, 0x00000307,
+	0x00000063, 0x00000307, 0x00000043, 0x0000030c,
+	0x00000063, 0x0000030c, 0x00000044, 0x0000030c,
+	0x00000064, 0x0000030c, 0x00000045, 0x00000304,
+	0x00000065, 0x00000304, 0x00000045, 0x00000306,
+	0x00000065, 0x00000306, 0x00000045, 0x00000307,
+	0x00000065, 0x00000307, 0x00000045, 0x00000328,
+	0x00000065, 0x00000328, 0x00000045, 0x0000030c,
+	0x00000065, 0x0000030c, 0x00000047, 0x00000302,
+	0x00000067, 0x00000302, 0x00000047, 0x00000306,
+	0x00000067, 0x00000306, 0x00000047, 0x00000307,
+	0x00000067, 0x00000307, 0x00000047, 0x00000327,
+	0x00000067, 0x00000327, 0x00000048, 0x00000302,
+	0x00000068, 0x00000302, 0x00000049, 0x00000303,
+	0x00000069, 0x00000303, 0x00000049, 0x00000304,
+	0x00000069, 0x00000304, 0x00000049, 0x00000306,
+	0x00000069, 0x00000306, 0x00000049, 0x00000328,
+	0x00000069, 0x00000328, 0x00000049, 0x00000307,
+	0x00000049, 0x0000004a, 0x00000069, 0x0000006a,
+	0x0000004a, 0x00000302, 0x0000006a, 0x00000302,
+	0x0000004b, 0x00000327, 0x0000006b, 0x00000327,
+	0x0000004c, 0x00000301, 0x0000006c, 0x00000301,
+	0x0000004c, 0x00000327, 0x0000006c, 0x00000327,
+	0x0000004c, 0x0000030c, 0x0000006c, 0x0000030c,
+	0x0000004c, 0x000000b7, 0x0000006c, 0x000000b7,
+	0x0000004e, 0x00000301, 0x0000006e, 0x00000301,
+	0x0000004e, 0x00000327, 0x0000006e, 0x00000327,
+	0x0000004e, 0x0000030c, 0x0000006e, 0x0000030c,
+	0x000002bc, 0x0000006e, 0x0000004f, 0x00000304,
+	0x0000006f, 0x00000304, 0x0000004f, 0x00000306,
+	0x0000006f, 0x00000306, 0x0000004f, 0x0000030b,
+	0x0000006f, 0x0000030b, 0x00000052, 0x00000301,
+	0x00000072, 0x00000301, 0x00000052, 0x00000327,
+	0x00000072, 0x00000327, 0x00000052, 0x0000030c,
+	0x00000072, 0x0000030c, 0x00000053, 0x00000301,
+	0x00000073, 0x00000301, 0x00000053, 0x00000302,
+	0x00000073, 0x00000302, 0x00000053, 0x00000327,
+	0x00000073, 0x00000327, 0x00000053, 0x0000030c,
+	0x00000073, 0x0000030c, 0x00000054, 0x00000327,
+	0x00000074, 0x00000327, 0x00000054, 0x0000030c,
+	0x00000074, 0x0000030c, 0x00000055, 0x00000303,
+	0x00000075, 0x00000303, 0x00000055, 0x00000304,
+	0x00000075, 0x00000304, 0x00000055, 0x00000306,
+	0x00000075, 0x00000306, 0x00000055, 0x0000030a,
+	0x00000075, 0x0000030a, 0x00000055, 0x0000030b,
+	0x00000075, 0x0000030b, 0x00000055, 0x00000328,
+	0x00000075, 0x00000328, 0x00000057, 0x00000302,
+	0x00000077, 0x00000302, 0x00000059, 0x00000302,
+	0x00000079, 0x00000302, 0x00000059, 0x00000308,
+	0x0000005a, 0x00000301, 0x0000007a, 0x00000301,
+	0x0000005a, 0x00000307, 0x0000007a, 0x00000307,
+	0x0000005a, 0x0000030c, 0x0000007a, 0x0000030c,
+	0x00000073, 0x0000004f, 0x0000031b, 0x0000006f,
+	0x0000031b, 0x00000055, 0x0000031b, 0x00000075,
+	0x0000031b, 0x00000044, 0x0000005a, 0x0000030c,
+	0x00000044, 0x0000007a, 0x0000030c, 0x00000064,
+	0x0000007a, 0x0000030c, 0x0000004c, 0x0000004a,
+	0x0000004c, 0x0000006a, 0x0000006c, 0x0000006a,
+	0x0000004e, 0x0000004a, 0x0000004e, 0x0000006a,
+	0x0000006e, 0x0000006a, 0x00000041, 0x0000030c,
+	0x00000061, 0x0000030c, 0x00000049, 0x0000030c,
+	0x00000069, 0x0000030c, 0x0000004f, 0x0000030c,
+	0x0000006f, 0x0000030c, 0x00000055, 0x0000030c,
+	0x00000075, 0x0000030c, 0x00000055, 0x00000308,
+	0x00000304, 0x00000075, 0x00000308, 0x00000304,
+	0x00000055, 0x00000308, 0x00000301, 0x00000075,
+	0x00000308, 0x00000301, 0x00000055, 0x00000308,
+	0x0000030c, 0x00000075, 0x00000308, 0x0000030c,
+	0x00000055, 0x00000308, 0x00000300, 0x00000075,
+	0x00000308, 0x00000300, 0x00000041, 0x00000308,
+	0x00000304, 0x00000061, 0x00000308, 0x00000304,
+	0x00000041, 0x00000307, 0x00000304, 0x00000061,
+	0x00000307, 0x00000304, 0x000000c6, 0x00000304,
+	0x000000e6, 0x00000304, 0x00000047, 0x0000030c,
+	0x00000067, 0x0000030c, 0x0000004b, 0x0000030c,
+	0x0000006b, 0x0000030c, 0x0000004f, 0x00000328,
+	0x0000006f, 0x00000328, 0x0000004f, 0x00000328,
+	0x00000304, 0x0000006f, 0x00000328, 0x00000304,
+	0x000001b7, 0x0000030c, 0x00000292, 0x0000030c,
+	0x0000006a, 0x0000030c, 0x00000044, 0x0000005a,
+	0x00000044, 0x0000007a, 0x00000064, 0x0000007a,
+	0x00000047, 0x00000301, 0x00000067, 0x00000301,
+	0x0000004e, 0x00000300, 0x0000006e, 0x00000300,
+	0x00000041, 0x0000030a, 0x00000301, 0x00000061,
+	0x0000030a, 0x00000301, 0x000000c6, 0x00000301,
+	0x000000e6, 0x00000301, 0x000000d8, 0x00000301,
+	0x000000f8, 0x00000301, 0x00000041, 0x0000030f,
+	0x00000061, 0x0000030f, 0x00000041, 0x00000311,
+	0x00000061, 0x00000311, 0x00000045, 0x0000030f,
+	0x00000065, 0x0000030f, 0x00000045, 0x00000311,
+	0x00000065, 0x00000311, 0x00000049, 0x0000030f,
+	0x00000069, 0x0000030f, 0x00000049, 0x00000311,
+	0x00000069, 0x00000311, 0x0000004f, 0x0000030f,
+	0x0000006f, 0x0000030f, 0x0000004f, 0x00000311,
+	0x0000006f, 0x00000311, 0x00000052, 0x0000030f,
+	0x00000072, 0x0000030f, 0x00000052, 0x00000311,
+	0x00000072, 0x00000311, 0x00000055, 0x0000030f,
+	0x00000075, 0x0000030f, 0x00000055, 0x00000311,
+	0x00000075, 0x00000311, 0x00000053, 0x00000326,
+	0x00000073, 0x00000326, 0x00000054, 0x00000326,
+	0x00000074, 0x00000326, 0x00000048, 0x0000030c,
+	0x00000068, 0x0000030c, 0x00000041, 0x00000307,
+	0x00000061, 0x00000307, 0x00000045, 0x00000327,
+	0x00000065, 0x00000327, 0x0000004f, 0x00000308,
+	0x00000304, 0x0000006f, 0x00000308, 0x00000304,
+	0x0000004f, 0x00000303, 0x00000304, 0x0000006f,
+	0x00000303, 0x00000304, 0x0000004f, 0x00000307,
+	0x0000006f, 0x00000307, 0x0000004f, 0x00000307,
+	0x00000304, 0x0000006f, 0x00000307, 0x00000304,
+	0x00000059, 0x00000304, 0x00000079, 0x00000304,
+	0x00000068, 0x00000266, 0x0000006a, 0x00000072,
+	0x00000279, 0x0000027b, 0x00000281, 0x00000077,
+	0x00000079, 0x00000020, 0x00000306, 0x00000020,
+	0x00000307, 0x00000020, 0x0000030a, 0x00000020,
+	0x00000328, 0x00000020, 0x00000303, 0x00000020,
+	0x0000030b, 0x00000263, 0x0000006c, 0x00000073,
+	0x00000078, 0x00000295, 0x00000300, 0x00000301,
+	0x00000313, 0x00000308, 0x00000301, 0x000002b9,
+	0x00000020, 0x00000345, 0x0000003b, 0x00000020,
+	0x00000301, 0x00000020, 0x00000308, 0x00000301,
+	0x00000391, 0x00000301, 0x000000b7, 0x00000395,
+	0x00000301, 0x00000397, 0x00000301, 0x00000399,
+	0x00000301, 0x0000039f, 0x00000301, 0x000003a5,
+	0x00000301, 0x000003a9, 0x00000301, 0x000003b9,
+	0x00000308, 0x00000301, 0x00000399, 0x00000308,
+	0x000003a5, 0x00000308, 0x000003b1, 0x00000301,
+	0x000003b5, 0x00000301, 0x000003b7, 0x00000301,
+	0x000003b9, 0x00000301, 0x000003c5, 0x00000308,
+	0x00000301, 0x000003b9, 0x00000308, 0x000003c5,
+	0x00000308, 0x000003bf, 0x00000301, 0x000003c5,
+	0x00000301, 0x000003c9, 0x00000301, 0x000003b2,
+	0x000003b8, 0x000003a5, 0x000003a5, 0x00000301,
+	0x000003a5, 0x00000308, 0x000003c6, 0x000003c0,
+	0x000003ba, 0x000003c1, 0x000003c2, 0x00000398,
+	0x000003b5, 0x00000415, 0x00000300, 0x00000415,
+	0x00000308, 0x00000413, 0x00000301, 0x00000406,
+	0x00000308, 0x0000041a, 0x00000301, 0x00000418,
+	0x00000300, 0x00000423, 0x00000306, 0x00000418,
+	0x00000306, 0x00000438, 0x00000306, 0x00000435,
+	0x00000300, 0x00000435, 0x00000308, 0x00000433,
+	0x00000301, 0x00000456, 0x00000308, 0x0000043a,
+	0x00000301, 0x00000438, 0x00000300, 0x00000443,
+	0x00000306, 0x00000474, 0x0000030f, 0x00000475,
+	0x0000030f, 0x00000416, 0x00000306, 0x00000436,
+	0x00000306, 0x00000410, 0x00000306, 0x00000430,
+	0x00000306, 0x00000410, 0x00000308, 0x00000430,
+	0x00000308, 0x00000415, 0x00000306, 0x00000435,
+	0x00000306, 0x000004d8, 0x00000308, 0x000004d9,
+	0x00000308, 0x00000416, 0x00000308, 0x00000436,
+	0x00000308, 0x00000417, 0x00000308, 0x00000437,
+	0x00000308, 0x00000418, 0x00000304, 0x00000438,
+	0x00000304, 0x00000418, 0x00000308, 0x00000438,
+	0x00000308, 0x0000041e, 0x00000308, 0x0000043e,
+	0x00000308, 0x000004e8, 0x00000308, 0x000004e9,
+	0x00000308, 0x0000042d, 0x00000308, 0x0000044d,
+	0x00000308, 0x00000423, 0x00000304, 0x00000443,
+	0x00000304, 0x00000423, 0x00000308, 0x00000443,
+	0x00000308, 0x00000423, 0x0000030b, 0x00000443,
+	0x0000030b, 0x00000427, 0x00000308, 0x00000447,
+	0x00000308, 0x0000042b, 0x00000308, 0x0000044b,
+	0x00000308, 0x00000565, 0x00000582, 0x00000627,
+	0x00000653, 0x00000627, 0x00000654, 0x00000648,
+	0x00000654, 0x00000627, 0x00000655, 0x0000064a,
+	0x00000654, 0x00000627, 0x00000674, 0x00000648,
+	0x00000674, 0x000006c7, 0x00000674, 0x0000064a,
+	0x00000674, 0x000006d5, 0x00000654, 0x000006c1,
+	0x00000654, 0x000006d2, 0x00000654, 0x00000928,
+	0x0000093c, 0x00000930, 0x0000093c, 0x00000933,
+	0x0000093c, 0x00000915, 0x0000093c, 0x00000916,
+	0x0000093c, 0x00000917, 0x0000093c, 0x0000091c,
+	0x0000093c, 0x00000921, 0x0000093c, 0x00000922,
+	0x0000093c, 0x0000092b, 0x0000093c, 0x0000092f,
+	0x0000093c, 0x000009c7, 0x000009be, 0x000009c7,
+	0x000009d7, 0x000009a1, 0x000009bc, 0x000009a2,
+	0x000009bc, 0x000009af, 0x000009bc, 0x00000a32,
+	0x00000a3c, 0x00000a38, 0x00000a3c, 0x00000a16,
+	0x00000a3c, 0x00000a17, 0x00000a3c, 0x00000a1c,
+	0x00000a3c, 0x00000a2b, 0x00000a3c, 0x00000b47,
+	0x00000b56, 0x00000b47, 0x00000b3e, 0x00000b47,
+	0x00000b57, 0x00000b21, 0x00000b3c, 0x00000b22,
+	0x00000b3c, 0x00000b92, 0x00000bd7, 0x00000bc6,
+	0x00000bbe, 0x00000bc7, 0x00000bbe, 0x00000bc6,
+	0x00000bd7, 0x00000c46, 0x00000c56, 0x00000cbf,
+	0x00000cd5, 0x00000cc6, 0x00000cd5, 0x00000cc6,
+	0x00000cd6, 0x00000cc6, 0x00000cc2, 0x00000cc6,
+	0x00000cc2, 0x00000cd5, 0x00000d46, 0x00000d3e,
+	0x00000d47, 0x00000d3e, 0x00000d46, 0x00000d57,
+	0x00000dd9, 0x00000dca, 0x00000dd9, 0x00000dcf,
+	0x00000dd9, 0x00000dcf, 0x00000dca, 0x00000dd9,
+	0x00000ddf, 0x00000e4d, 0x00000e32, 0x00000ecd,
+	0x00000eb2, 0x00000eab, 0x00000e99, 0x00000eab,
+	0x00000ea1, 0x00000f0b, 0x00000f42, 0x00000fb7,
+	0x00000f4c, 0x00000fb7, 0x00000f51, 0x00000fb7,
+	0x00000f56, 0x00000fb7, 0x00000f5b, 0x00000fb7,
+	0x00000f40, 0x00000fb5, 0x00000f71, 0x00000f72,
+	0x00000f71, 0x00000f74, 0x00000fb2, 0x00000f80,
+	0x00000fb2, 0x00000f71, 0x00000f80, 0x00000fb3,
+	0x00000f80, 0x00000fb3, 0x00000f71, 0x00000f80,
+	0x00000f71, 0x00000f80, 0x00000f92, 0x00000fb7,
+	0x00000f9c, 0x00000fb7, 0x00000fa1, 0x00000fb7,
+	0x00000fa6, 0x00000fb7, 0x00000fab, 0x00000fb7,
+	0x00000f90, 0x00000fb5, 0x00001025, 0x0000102e,
+	0x00000041, 0x00000325, 0x00000061, 0x00000325,
+	0x00000042, 0x00000307, 0x00000062, 0x00000307,
+	0x00000042, 0x00000323, 0x00000062, 0x00000323,
+	0x00000042, 0x00000331, 0x00000062, 0x00000331,
+	0x00000043, 0x00000327, 0x00000301, 0x00000063,
+	0x00000327, 0x00000301, 0x00000044, 0x00000307,
+	0x00000064, 0x00000307, 0x00000044, 0x00000323,
+	0x00000064, 0x00000323, 0x00000044, 0x00000331,
+	0x00000064, 0x00000331, 0x00000044, 0x00000327,
+	0x00000064, 0x00000327, 0x00000044, 0x0000032d,
+	0x00000064, 0x0000032d, 0x00000045, 0x00000304,
+	0x00000300, 0x00000065, 0x00000304, 0x00000300,
+	0x00000045, 0x00000304, 0x00000301, 0x00000065,
+	0x00000304, 0x00000301, 0x00000045, 0x0000032d,
+	0x00000065, 0x0000032d, 0x00000045, 0x00000330,
+	0x00000065, 0x00000330, 0x00000045, 0x00000327,
+	0x00000306, 0x00000065, 0x00000327, 0x00000306,
+	0x00000046, 0x00000307, 0x00000066, 0x00000307,
+	0x00000047, 0x00000304, 0x00000067, 0x00000304,
+	0x00000048, 0x00000307, 0x00000068, 0x00000307,
+	0x00000048, 0x00000323, 0x00000068, 0x00000323,
+	0x00000048, 0x00000308, 0x00000068, 0x00000308,
+	0x00000048, 0x00000327, 0x00000068, 0x00000327,
+	0x00000048, 0x0000032e, 0x00000068, 0x0000032e,
+	0x00000049, 0x00000330, 0x00000069, 0x00000330,
+	0x00000049, 0x00000308, 0x00000301, 0x00000069,
+	0x00000308, 0x00000301, 0x0000004b, 0x00000301,
+	0x0000006b, 0x00000301, 0x0000004b, 0x00000323,
+	0x0000006b, 0x00000323, 0x0000004b, 0x00000331,
+	0x0000006b, 0x00000331, 0x0000004c, 0x00000323,
+	0x0000006c, 0x00000323, 0x0000004c, 0x00000323,
+	0x00000304, 0x0000006c, 0x00000323, 0x00000304,
+	0x0000004c, 0x00000331, 0x0000006c, 0x00000331,
+	0x0000004c, 0x0000032d, 0x0000006c, 0x0000032d,
+	0x0000004d, 0x00000301, 0x0000006d, 0x00000301,
+	0x0000004d, 0x00000307, 0x0000006d, 0x00000307,
+	0x0000004d, 0x00000323, 0x0000006d, 0x00000323,
+	0x0000004e, 0x00000307, 0x0000006e, 0x00000307,
+	0x0000004e, 0x00000323, 0x0000006e, 0x00000323,
+	0x0000004e, 0x00000331, 0x0000006e, 0x00000331,
+	0x0000004e, 0x0000032d, 0x0000006e, 0x0000032d,
+	0x0000004f, 0x00000303, 0x00000301, 0x0000006f,
+	0x00000303, 0x00000301, 0x0000004f, 0x00000303,
+	0x00000308, 0x0000006f, 0x00000303, 0x00000308,
+	0x0000004f, 0x00000304, 0x00000300, 0x0000006f,
+	0x00000304, 0x00000300, 0x0000004f, 0x00000304,
+	0x00000301, 0x0000006f, 0x00000304, 0x00000301,
+	0x00000050, 0x00000301, 0x00000070, 0x00000301,
+	0x00000050, 0x00000307, 0x00000070, 0x00000307,
+	0x00000052, 0x00000307, 0x00000072, 0x00000307,
+	0x00000052, 0x00000323, 0x00000072, 0x00000323,
+	0x00000052, 0x00000323, 0x00000304, 0x00000072,
+	0x00000323, 0x00000304, 0x00000052, 0x00000331,
+	0x00000072, 0x00000331, 0x00000053, 0x00000307,
+	0x00000073, 0x00000307, 0x00000053, 0x00000323,
+	0x00000073, 0x00000323, 0x00000053, 0x00000301,
+	0x00000307, 0x00000073, 0x00000301, 0x00000307,
+	0x00000053, 0x0000030c, 0x00000307, 0x00000073,
+	0x0000030c, 0x00000307, 0x00000053, 0x00000323,
+	0x00000307, 0x00000073, 0x00000323, 0x00000307,
+	0x00000054, 0x00000307, 0x00000074, 0x00000307,
+	0x00000054, 0x00000323, 0x00000074, 0x00000323,
+	0x00000054, 0x00000331, 0x00000074, 0x00000331,
+	0x00000054, 0x0000032d, 0x00000074, 0x0000032d,
+	0x00000055, 0x00000324, 0x00000075, 0x00000324,
+	0x00000055, 0x00000330, 0x00000075, 0x00000330,
+	0x00000055, 0x0000032d, 0x00000075, 0x0000032d,
+	0x00000055, 0x00000303, 0x00000301, 0x00000075,
+	0x00000303, 0x00000301, 0x00000055, 0x00000304,
+	0x00000308, 0x00000075, 0x00000304, 0x00000308,
+	0x00000056, 0x00000303, 0x00000076, 0x00000303,
+	0x00000056, 0x00000323, 0x00000076, 0x00000323,
+	0x00000057, 0x00000300, 0x00000077, 0x00000300,
+	0x00000057, 0x00000301, 0x00000077, 0x00000301,
+	0x00000057, 0x00000308, 0x00000077, 0x00000308,
+	0x00000057, 0x00000307, 0x00000077, 0x00000307,
+	0x00000057, 0x00000323, 0x00000077, 0x00000323,
+	0x00000058, 0x00000307, 0x00000078, 0x00000307,
+	0x00000058, 0x00000308, 0x00000078, 0x00000308,
+	0x00000059, 0x00000307, 0x00000079, 0x00000307,
+	0x0000005a, 0x00000302, 0x0000007a, 0x00000302,
+	0x0000005a, 0x00000323, 0x0000007a, 0x00000323,
+	0x0000005a, 0x00000331, 0x0000007a, 0x00000331,
+	0x00000068, 0x00000331, 0x00000074, 0x00000308,
+	0x00000077, 0x0000030a, 0x00000079, 0x0000030a,
+	0x00000061, 0x000002be, 0x00000073, 0x00000307,
+	0x00000041, 0x00000323, 0x00000061, 0x00000323,
+	0x00000041, 0x00000309, 0x00000061, 0x00000309,
+	0x00000041, 0x00000302, 0x00000301, 0x00000061,
+	0x00000302, 0x00000301, 0x00000041, 0x00000302,
+	0x00000300, 0x00000061, 0x00000302, 0x00000300,
+	0x00000041, 0x00000302, 0x00000309, 0x00000061,
+	0x00000302, 0x00000309, 0x00000041, 0x00000302,
+	0x00000303, 0x00000061, 0x00000302, 0x00000303,
+	0x00000041, 0x00000323, 0x00000302, 0x00000061,
+	0x00000323, 0x00000302, 0x00000041, 0x00000306,
+	0x00000301, 0x00000061, 0x00000306, 0x00000301,
+	0x00000041, 0x00000306, 0x00000300, 0x00000061,
+	0x00000306, 0x00000300, 0x00000041, 0x00000306,
+	0x00000309, 0x00000061, 0x00000306, 0x00000309,
+	0x00000041, 0x00000306, 0x00000303, 0x00000061,
+	0x00000306, 0x00000303, 0x00000041, 0x00000323,
+	0x00000306, 0x00000061, 0x00000323, 0x00000306,
+	0x00000045, 0x00000323, 0x00000065, 0x00000323,
+	0x00000045, 0x00000309, 0x00000065, 0x00000309,
+	0x00000045, 0x00000303, 0x00000065, 0x00000303,
+	0x00000045, 0x00000302, 0x00000301, 0x00000065,
+	0x00000302, 0x00000301, 0x00000045, 0x00000302,
+	0x00000300, 0x00000065, 0x00000302, 0x00000300,
+	0x00000045, 0x00000302, 0x00000309, 0x00000065,
+	0x00000302, 0x00000309, 0x00000045, 0x00000302,
+	0x00000303, 0x00000065, 0x00000302, 0x00000303,
+	0x00000045, 0x00000323, 0x00000302, 0x00000065,
+	0x00000323, 0x00000302, 0x00000049, 0x00000309,
+	0x00000069, 0x00000309, 0x00000049, 0x00000323,
+	0x00000069, 0x00000323, 0x0000004f, 0x00000323,
+	0x0000006f, 0x00000323, 0x0000004f, 0x00000309,
+	0x0000006f, 0x00000309, 0x0000004f, 0x00000302,
+	0x00000301, 0x0000006f, 0x00000302, 0x00000301,
+	0x0000004f, 0x00000302, 0x00000300, 0x0000006f,
+	0x00000302, 0x00000300, 0x0000004f, 0x00000302,
+	0x00000309, 0x0000006f, 0x00000302, 0x00000309,
+	0x0000004f, 0x00000302, 0x00000303, 0x0000006f,
+	0x00000302, 0x00000303, 0x0000004f, 0x00000323,
+	0x00000302, 0x0000006f, 0x00000323, 0x00000302,
+	0x0000004f, 0x0000031b, 0x00000301, 0x0000006f,
+	0x0000031b, 0x00000301, 0x0000004f, 0x0000031b,
+	0x00000300, 0x0000006f, 0x0000031b, 0x00000300,
+	0x0000004f, 0x0000031b, 0x00000309, 0x0000006f,
+	0x0000031b, 0x00000309, 0x0000004f, 0x0000031b,
+	0x00000303, 0x0000006f, 0x0000031b, 0x00000303,
+	0x0000004f, 0x0000031b, 0x00000323, 0x0000006f,
+	0x0000031b, 0x00000323, 0x00000055, 0x00000323,
+	0x00000075, 0x00000323, 0x00000055, 0x00000309,
+	0x00000075, 0x00000309, 0x00000055, 0x0000031b,
+	0x00000301, 0x00000075, 0x0000031b, 0x00000301,
+	0x00000055, 0x0000031b, 0x00000300, 0x00000075,
+	0x0000031b, 0x00000300, 0x00000055, 0x0000031b,
+	0x00000309, 0x00000075, 0x0000031b, 0x00000309,
+	0x00000055, 0x0000031b, 0x00000303, 0x00000075,
+	0x0000031b, 0x00000303, 0x00000055, 0x0000031b,
+	0x00000323, 0x00000075, 0x0000031b, 0x00000323,
+	0x00000059, 0x00000300, 0x00000079, 0x00000300,
+	0x00000059, 0x00000323, 0x00000079, 0x00000323,
+	0x00000059, 0x00000309, 0x00000079, 0x00000309,
+	0x00000059, 0x00000303, 0x00000079, 0x00000303,
+	0x000003b1, 0x00000313, 0x000003b1, 0x00000314,
+	0x000003b1, 0x00000313, 0x00000300, 0x000003b1,
+	0x00000314, 0x00000300, 0x000003b1, 0x00000313,
+	0x00000301, 0x000003b1, 0x00000314, 0x00000301,
+	0x000003b1, 0x00000313, 0x00000342, 0x000003b1,
+	0x00000314, 0x00000342, 0x00000391, 0x00000313,
+	0x00000391, 0x00000314, 0x00000391, 0x00000313,
+	0x00000300, 0x00000391, 0x00000314, 0x00000300,
+	0x00000391, 0x00000313, 0x00000301, 0x00000391,
+	0x00000314, 0x00000301, 0x00000391, 0x00000313,
+	0x00000342, 0x00000391, 0x00000314, 0x00000342,
+	0x000003b5, 0x00000313, 0x000003b5, 0x00000314,
+	0x000003b5, 0x00000313, 0x00000300, 0x000003b5,
+	0x00000314, 0x00000300, 0x000003b5, 0x00000313,
+	0x00000301, 0x000003b5, 0x00000314, 0x00000301,
+	0x00000395, 0x00000313, 0x00000395, 0x00000314,
+	0x00000395, 0x00000313, 0x00000300, 0x00000395,
+	0x00000314, 0x00000300, 0x00000395, 0x00000313,
+	0x00000301, 0x00000395, 0x00000314, 0x00000301,
+	0x000003b7, 0x00000313, 0x000003b7, 0x00000314,
+	0x000003b7, 0x00000313, 0x00000300, 0x000003b7,
+	0x00000314, 0x00000300, 0x000003b7, 0x00000313,
+	0x00000301, 0x000003b7, 0x00000314, 0x00000301,
+	0x000003b7, 0x00000313, 0x00000342, 0x000003b7,
+	0x00000314, 0x00000342, 0x00000397, 0x00000313,
+	0x00000397, 0x00000314, 0x00000397, 0x00000313,
+	0x00000300, 0x00000397, 0x00000314, 0x00000300,
+	0x00000397, 0x00000313, 0x00000301, 0x00000397,
+	0x00000314, 0x00000301, 0x00000397, 0x00000313,
+	0x00000342, 0x00000397, 0x00000314, 0x00000342,
+	0x000003b9, 0x00000313, 0x000003b9, 0x00000314,
+	0x000003b9, 0x00000313, 0x00000300, 0x000003b9,
+	0x00000314, 0x00000300, 0x000003b9, 0x00000313,
+	0x00000301, 0x000003b9, 0x00000314, 0x00000301,
+	0x000003b9, 0x00000313, 0x00000342, 0x000003b9,
+	0x00000314, 0x00000342, 0x00000399, 0x00000313,
+	0x00000399, 0x00000314, 0x00000399, 0x00000313,
+	0x00000300, 0x00000399, 0x00000314, 0x00000300,
+	0x00000399, 0x00000313, 0x00000301, 0x00000399,
+	0x00000314, 0x00000301, 0x00000399, 0x00000313,
+	0x00000342, 0x00000399, 0x00000314, 0x00000342,
+	0x000003bf, 0x00000313, 0x000003bf, 0x00000314,
+	0x000003bf, 0x00000313, 0x00000300, 0x000003bf,
+	0x00000314, 0x00000300, 0x000003bf, 0x00000313,
+	0x00000301, 0x000003bf, 0x00000314, 0x00000301,
+	0x0000039f, 0x00000313, 0x0000039f, 0x00000314,
+	0x0000039f, 0x00000313, 0x00000300, 0x0000039f,
+	0x00000314, 0x00000300, 0x0000039f, 0x00000313,
+	0x00000301, 0x0000039f, 0x00000314, 0x00000301,
+	0x000003c5, 0x00000313, 0x000003c5, 0x00000314,
+	0x000003c5, 0x00000313, 0x00000300, 0x000003c5,
+	0x00000314, 0x00000300, 0x000003c5, 0x00000313,
+	0x00000301, 0x000003c5, 0x00000314, 0x00000301,
+	0x000003c5, 0x00000313, 0x00000342, 0x000003c5,
+	0x00000314, 0x00000342, 0x000003a5, 0x00000314,
+	0x000003a5, 0x00000314, 0x00000300, 0x000003a5,
+	0x00000314, 0x00000301, 0x000003a5, 0x00000314,
+	0x00000342, 0x000003c9, 0x00000313, 0x000003c9,
+	0x00000314, 0x000003c9, 0x00000313, 0x00000300,
+	0x000003c9, 0x00000314, 0x00000300, 0x000003c9,
+	0x00000313, 0x00000301, 0x000003c9, 0x00000314,
+	0x00000301, 0x000003c9, 0x00000313, 0x00000342,
+	0x000003c9, 0x00000314, 0x00000342, 0x000003a9,
+	0x00000313, 0x000003a9, 0x00000314, 0x000003a9,
+	0x00000313, 0x00000300, 0x000003a9, 0x00000314,
+	0x00000300, 0x000003a9, 0x00000313, 0x00000301,
+	0x000003a9, 0x00000314, 0x00000301, 0x000003a9,
+	0x00000313, 0x00000342, 0x000003a9, 0x00000314,
+	0x00000342, 0x000003b1, 0x00000300, 0x000003b1,
+	0x00000301, 0x000003b5, 0x00000300, 0x000003b5,
+	0x00000301, 0x000003b7, 0x00000300, 0x000003b7,
+	0x00000301, 0x000003b9, 0x00000300, 0x000003b9,
+	0x00000301, 0x000003bf, 0x00000300, 0x000003bf,
+	0x00000301, 0x000003c5, 0x00000300, 0x000003c5,
+	0x00000301, 0x000003c9, 0x00000300, 0x000003c9,
+	0x00000301, 0x000003b1, 0x00000313, 0x00000345,
+	0x000003b1, 0x00000314, 0x00000345, 0x000003b1,
+	0x00000313, 0x00000300, 0x00000345, 0x000003b1,
+	0x00000314, 0x00000300, 0x00000345, 0x000003b1,
+	0x00000313, 0x00000301, 0x00000345, 0x000003b1,
+	0x00000314, 0x00000301, 0x00000345, 0x000003b1,
+	0x00000313, 0x00000342, 0x00000345, 0x000003b1,
+	0x00000314, 0x00000342, 0x00000345, 0x00000391,
+	0x00000313, 0x00000345, 0x00000391, 0x00000314,
+	0x00000345, 0x00000391, 0x00000313, 0x00000300,
+	0x00000345, 0x00000391, 0x00000314, 0x00000300,
+	0x00000345, 0x00000391, 0x00000313, 0x00000301,
+	0x00000345, 0x00000391, 0x00000314, 0x00000301,
+	0x00000345, 0x00000391, 0x00000313, 0x00000342,
+	0x00000345, 0x00000391, 0x00000314, 0x00000342,
+	0x00000345, 0x000003b7, 0x00000313, 0x00000345,
+	0x000003b7, 0x00000314, 0x00000345, 0x000003b7,
+	0x00000313, 0x00000300, 0x00000345, 0x000003b7,
+	0x00000314, 0x00000300, 0x00000345, 0x000003b7,
+	0x00000313, 0x00000301, 0x00000345, 0x000003b7,
+	0x00000314, 0x00000301, 0x00000345, 0x000003b7,
+	0x00000313, 0x00000342, 0x00000345, 0x000003b7,
+	0x00000314, 0x00000342, 0x00000345, 0x00000397,
+	0x00000313, 0x00000345, 0x00000397, 0x00000314,
+	0x00000345, 0x00000397, 0x00000313, 0x00000300,
+	0x00000345, 0x00000397, 0x00000314, 0x00000300,
+	0x00000345, 0x00000397, 0x00000313, 0x00000301,
+	0x00000345, 0x00000397, 0x00000314, 0x00000301,
+	0x00000345, 0x00000397, 0x00000313, 0x00000342,
+	0x00000345, 0x00000397, 0x00000314, 0x00000342,
+	0x00000345, 0x000003c9, 0x00000313, 0x00000345,
+	0x000003c9, 0x00000314, 0x00000345, 0x000003c9,
+	0x00000313, 0x00000300, 0x00000345, 0x000003c9,
+	0x00000314, 0x00000300, 0x00000345, 0x000003c9,
+	0x00000313, 0x00000301, 0x00000345, 0x000003c9,
+	0x00000314, 0x00000301, 0x00000345, 0x000003c9,
+	0x00000313, 0x00000342, 0x00000345, 0x000003c9,
+	0x00000314, 0x00000342, 0x00000345, 0x000003a9,
+	0x00000313, 0x00000345, 0x000003a9, 0x00000314,
+	0x00000345, 0x000003a9, 0x00000313, 0x00000300,
+	0x00000345, 0x000003a9, 0x00000314, 0x00000300,
+	0x00000345, 0x000003a9, 0x00000313, 0x00000301,
+	0x00000345, 0x000003a9, 0x00000314, 0x00000301,
+	0x00000345, 0x000003a9, 0x00000313, 0x00000342,
+	0x00000345, 0x000003a9, 0x00000314, 0x00000342,
+	0x00000345, 0x000003b1, 0x00000306, 0x000003b1,
+	0x00000304, 0x000003b1, 0x00000300, 0x00000345,
+	0x000003b1, 0x00000345, 0x000003b1, 0x00000301,
+	0x00000345, 0x000003b1, 0x00000342, 0x000003b1,
+	0x00000342, 0x00000345, 0x00000391, 0x00000306,
+	0x00000391, 0x00000304, 0x00000391, 0x00000300,
+	0x00000391, 0x00000301, 0x00000391, 0x00000345,
+	0x00000020, 0x00000313, 0x000003b9, 0x00000020,
+	0x00000313, 0x00000020, 0x00000342, 0x00000020,
+	0x00000308, 0x00000342, 0x000003b7, 0x00000300,
+	0x00000345, 0x000003b7, 0x00000345, 0x000003b7,
+	0x00000301, 0x00000345, 0x000003b7, 0x00000342,
+	0x000003b7, 0x00000342, 0x00000345, 0x00000395,
+	0x00000300, 0x00000395, 0x00000301, 0x00000397,
+	0x00000300, 0x00000397, 0x00000301, 0x00000397,
+	0x00000345, 0x00000020, 0x00000313, 0x00000300,
+	0x00000020, 0x00000313, 0x00000301, 0x00000020,
+	0x00000313, 0x00000342, 0x000003b9, 0x00000306,
+	0x000003b9, 0x00000304, 0x000003b9, 0x00000308,
+	0x00000300, 0x000003b9, 0x00000308, 0x00000301,
+	0x000003b9, 0x00000342, 0x000003b9, 0x00000308,
+	0x00000342, 0x00000399, 0x00000306, 0x00000399,
+	0x00000304, 0x00000399, 0x00000300, 0x00000399,
+	0x00000301, 0x00000020, 0x00000314, 0x00000300,
+	0x00000020, 0x00000314, 0x00000301, 0x00000020,
+	0x00000314, 0x00000342, 0x000003c5, 0x00000306,
+	0x000003c5, 0x00000304, 0x000003c5, 0x00000308,
+	0x00000300, 0x000003c5, 0x00000308, 0x00000301,
+	0x000003c1, 0x00000313, 0x000003c1, 0x00000314,
+	0x000003c5, 0x00000342, 0x000003c5, 0x00000308,
+	0x00000342, 0x000003a5, 0x00000306, 0x000003a5,
+	0x00000304, 0x000003a5, 0x00000300, 0x000003a5,
+	0x00000301, 0x000003a1, 0x00000314, 0x00000020,
+	0x00000308, 0x00000300, 0x00000020, 0x00000308,
+	0x00000301, 0x00000060, 0x000003c9, 0x00000300,
+	0x00000345, 0x000003c9, 0x00000345, 0x000003c9,
+	0x00000301, 0x00000345, 0x000003c9, 0x00000342,
+	0x000003c9, 0x00000342, 0x00000345, 0x0000039f,
+	0x00000300, 0x0000039f, 0x00000301, 0x000003a9,
+	0x00000300, 0x000003a9, 0x00000301, 0x000003a9,
+	0x00000345, 0x00000020, 0x00000301, 0x00000020,
+	0x00000314, 0x00000020, 0x00000020, 0x00000020,
+	0x00000020, 0x00000020, 0x00000020, 0x00000020,
+	0x00000020, 0x00000020, 0x00000020, 0x00000020,
+	0x00002010, 0x00000020, 0x00000333, 0x0000002e,
+	0x0000002e, 0x0000002e, 0x0000002e, 0x0000002e,
+	0x0000002e, 0x00000020, 0x00002032, 0x00002032,
+	0x00002032, 0x00002032, 0x00002032, 0x00002035,
+	0x00002035, 0x00002035, 0x00002035, 0x00002035,
+	0x00000021, 0x00000021, 0x00000020, 0x00000305,
+	0x0000003f, 0x0000003f, 0x0000003f, 0x00000021,
+	0x00000021, 0x0000003f, 0x00002032, 0x00002032,
+	0x00002032, 0x00002032, 0x00000020, 0x00000030,
+	0x00000069, 0x00000034, 0x00000035, 0x00000036,
+	0x00000037, 0x00000038, 0x00000039, 0x0000002b,
+	0x00002212, 0x0000003d, 0x00000028, 0x00000029,
+	0x0000006e, 0x00000030, 0x00000031, 0x00000032,
+	0x00000033, 0x00000034, 0x00000035, 0x00000036,
+	0x00000037, 0x00000038, 0x00000039, 0x0000002b,
+	0x00002212, 0x0000003d, 0x00000028, 0x00000029,
+	0x00000052, 0x00000073, 0x00000061, 0x0000002f,
+	0x00000063, 0x00000061, 0x0000002f, 0x00000073,
+	0x00000043, 0x000000b0, 0x00000043, 0x00000063,
+	0x0000002f, 0x0000006f, 0x00000063, 0x0000002f,
+	0x00000075, 0x00000190, 0x000000b0, 0x00000046,
+	0x00000067, 0x00000048, 0x00000048, 0x00000048,
+	0x00000068, 0x00000127, 0x00000049, 0x00000049,
+	0x0000004c, 0x0000006c, 0x0000004e, 0x0000004e,
+	0x0000006f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000052, 0x00000052, 0x00000053, 0x0000004d,
+	0x00000054, 0x00000045, 0x0000004c, 0x00000054,
+	0x0000004d, 0x0000005a, 0x000003a9, 0x0000005a,
+	0x0000004b, 0x00000041, 0x0000030a, 0x00000042,
+	0x00000043, 0x00000065, 0x00000045, 0x00000046,
+	0x0000004d, 0x0000006f, 0x000005d0, 0x000005d1,
+	0x000005d2, 0x000005d3, 0x00000069, 0x000003b3,
+	0x00000393, 0x000003a0, 0x00002211, 0x00000044,
+	0x00000064, 0x00000065, 0x00000069, 0x0000006a,
+	0x00000031, 0x00002044, 0x00000033, 0x00000032,
+	0x00002044, 0x00000033, 0x00000031, 0x00002044,
+	0x00000035, 0x00000032, 0x00002044, 0x00000035,
+	0x00000033, 0x00002044, 0x00000035, 0x00000034,
+	0x00002044, 0x00000035, 0x00000031, 0x00002044,
+	0x00000036, 0x00000035, 0x00002044, 0x00000036,
+	0x00000031, 0x00002044, 0x00000038, 0x00000033,
+	0x00002044, 0x00000038, 0x00000035, 0x00002044,
+	0x00000038, 0x00000037, 0x00002044, 0x00000038,
+	0x00000031, 0x00002044, 0x00000049, 0x00000049,
+	0x00000049, 0x00000049, 0x00000049, 0x00000049,
+	0x00000049, 0x00000056, 0x00000056, 0x00000056,
+	0x00000049, 0x00000056, 0x00000049, 0x00000049,
+	0x00000056, 0x00000049, 0x00000049, 0x00000049,
+	0x00000049, 0x00000058, 0x00000058, 0x00000058,
+	0x00000049, 0x00000058, 0x00000049, 0x00000049,
+	0x0000004c, 0x00000043, 0x00000044, 0x0000004d,
+	0x00000069, 0x00000069, 0x00000069, 0x00000069,
+	0x00000069, 0x00000069, 0x00000069, 0x00000076,
+	0x00000076, 0x00000076, 0x00000069, 0x00000076,
+	0x00000069, 0x00000069, 0x00000076, 0x00000069,
+	0x00000069, 0x00000069, 0x00000069, 0x00000078,
+	0x00000078, 0x00000078, 0x00000069, 0x00000078,
+	0x00000069, 0x00000069, 0x0000006c, 0x00000063,
+	0x00000064, 0x0000006d, 0x00002190, 0x00000338,
+	0x00002192, 0x00000338, 0x00002194, 0x00000338,
+	0x000021d0, 0x00000338, 0x000021d4, 0x00000338,
+	0x000021d2, 0x00000338, 0x00002203, 0x00000338,
+	0x00002208, 0x00000338, 0x0000220b, 0x00000338,
+	0x00002223, 0x00000338, 0x00002225, 0x00000338,
+	0x0000222b, 0x0000222b, 0x0000222b, 0x0000222b,
+	0x0000222b, 0x0000222e, 0x0000222e, 0x0000222e,
+	0x0000222e, 0x0000222e, 0x0000223c, 0x00000338,
+	0x00002243, 0x00000338, 0x00002245, 0x00000338,
+	0x00002248, 0x00000338, 0x0000003d, 0x00000338,
+	0x00002261, 0x00000338, 0x0000224d, 0x00000338,
+	0x0000003c, 0x00000338, 0x0000003e, 0x00000338,
+	0x00002264, 0x00000338, 0x00002265, 0x00000338,
+	0x00002272, 0x00000338, 0x00002273, 0x00000338,
+	0x00002276, 0x00000338, 0x00002277, 0x00000338,
+	0x0000227a, 0x00000338, 0x0000227b, 0x00000338,
+	0x00002282, 0x00000338, 0x00002283, 0x00000338,
+	0x00002286, 0x00000338, 0x00002287, 0x00000338,
+	0x000022a2, 0x00000338, 0x000022a8, 0x00000338,
+	0x000022a9, 0x00000338, 0x000022ab, 0x00000338,
+	0x0000227c, 0x00000338, 0x0000227d, 0x00000338,
+	0x00002291, 0x00000338, 0x00002292, 0x00000338,
+	0x000022b2, 0x00000338, 0x000022b3, 0x00000338,
+	0x000022b4, 0x00000338, 0x000022b5, 0x00000338,
+	0x00003008, 0x00003009, 0x00000031, 0x00000032,
+	0x00000033, 0x00000034, 0x00000035, 0x00000036,
+	0x00000037, 0x00000038, 0x00000039, 0x00000031,
+	0x00000030, 0x00000031, 0x00000031, 0x00000031,
+	0x00000032, 0x00000031, 0x00000033, 0x00000031,
+	0x00000034, 0x00000031, 0x00000035, 0x00000031,
+	0x00000036, 0x00000031, 0x00000037, 0x00000031,
+	0x00000038, 0x00000031, 0x00000039, 0x00000032,
+	0x00000030, 0x00000028, 0x00000031, 0x00000029,
+	0x00000028, 0x00000032, 0x00000029, 0x00000028,
+	0x00000033, 0x00000029, 0x00000028, 0x00000034,
+	0x00000029, 0x00000028, 0x00000035, 0x00000029,
+	0x00000028, 0x00000036, 0x00000029, 0x00000028,
+	0x00000037, 0x00000029, 0x00000028, 0x00000038,
+	0x00000029, 0x00000028, 0x00000039, 0x00000029,
+	0x00000028, 0x00000031, 0x00000030, 0x00000029,
+	0x00000028, 0x00000031, 0x00000031, 0x00000029,
+	0x00000028, 0x00000031, 0x00000032, 0x00000029,
+	0x00000028, 0x00000031, 0x00000033, 0x00000029,
+	0x00000028, 0x00000031, 0x00000034, 0x00000029,
+	0x00000028, 0x00000031, 0x00000035, 0x00000029,
+	0x00000028, 0x00000031, 0x00000036, 0x00000029,
+	0x00000028, 0x00000031, 0x00000037, 0x00000029,
+	0x00000028, 0x00000031, 0x00000038, 0x00000029,
+	0x00000028, 0x00000031, 0x00000039, 0x00000029,
+	0x00000028, 0x00000032, 0x00000030, 0x00000029,
+	0x00000031, 0x0000002e, 0x00000032, 0x0000002e,
+	0x00000033, 0x0000002e, 0x00000034, 0x0000002e,
+	0x00000035, 0x0000002e, 0x00000036, 0x0000002e,
+	0x00000037, 0x0000002e, 0x00000038, 0x0000002e,
+	0x00000039, 0x0000002e, 0x00000031, 0x00000030,
+	0x0000002e, 0x00000031, 0x00000031, 0x0000002e,
+	0x00000031, 0x00000032, 0x0000002e, 0x00000031,
+	0x00000033, 0x0000002e, 0x00000031, 0x00000034,
+	0x0000002e, 0x00000031, 0x00000035, 0x0000002e,
+	0x00000031, 0x00000036, 0x0000002e, 0x00000031,
+	0x00000037, 0x0000002e, 0x00000031, 0x00000038,
+	0x0000002e, 0x00000031, 0x00000039, 0x0000002e,
+	0x00000032, 0x00000030, 0x0000002e, 0x00000028,
+	0x00000061, 0x00000029, 0x00000028, 0x00000062,
+	0x00000029, 0x00000028, 0x00000063, 0x00000029,
+	0x00000028, 0x00000064, 0x00000029, 0x00000028,
+	0x00000065, 0x00000029, 0x00000028, 0x00000066,
+	0x00000029, 0x00000028, 0x00000067, 0x00000029,
+	0x00000028, 0x00000068, 0x00000029, 0x00000028,
+	0x00000069, 0x00000029, 0x00000028, 0x0000006a,
+	0x00000029, 0x00000028, 0x0000006b, 0x00000029,
+	0x00000028, 0x0000006c, 0x00000029, 0x00000028,
+	0x0000006d, 0x00000029, 0x00000028, 0x0000006e,
+	0x00000029, 0x00000028, 0x0000006f, 0x00000029,
+	0x00000028, 0x00000070, 0x00000029, 0x00000028,
+	0x00000071, 0x00000029, 0x00000028, 0x00000072,
+	0x00000029, 0x00000028, 0x00000073, 0x00000029,
+	0x00000028, 0x00000074, 0x00000029, 0x00000028,
+	0x00000075, 0x00000029, 0x00000028, 0x00000076,
+	0x00000029, 0x00000028, 0x00000077, 0x00000029,
+	0x00000028, 0x00000078, 0x00000029, 0x00000028,
+	0x00000079, 0x00000029, 0x00000028, 0x0000007a,
+	0x00000029, 0x00000041, 0x00000042, 0x00000043,
+	0x00000044, 0x00000045, 0x00000046, 0x00000047,
+	0x00000048, 0x00000049, 0x0000004a, 0x0000004b,
+	0x0000004c, 0x0000004d, 0x0000004e, 0x0000004f,
+	0x00000050, 0x00000051, 0x00000052, 0x00000053,
+	0x00000054, 0x00000055, 0x00000056, 0x00000057,
+	0x00000058, 0x00000059, 0x0000005a, 0x00000061,
+	0x00000062, 0x00000063, 0x00000064, 0x00000065,
+	0x00000066, 0x00000067, 0x00000068, 0x00000069,
+	0x0000006a, 0x0000006b, 0x0000006c, 0x0000006d,
+	0x0000006e, 0x0000006f, 0x00000070, 0x00000071,
+	0x00000072, 0x00000073, 0x00000074, 0x00000075,
+	0x00000076, 0x00000077, 0x00000078, 0x00000079,
+	0x0000007a, 0x00000030, 0x0000222b, 0x0000222b,
+	0x0000222b, 0x0000222b, 0x0000003a, 0x0000003a,
+	0x0000003d, 0x0000003d, 0x0000003d, 0x0000003d,
+	0x0000003d, 0x0000003d, 0x00002add, 0x00000338,
+	0x00006bcd, 0x00009f9f, 0x00004e00, 0x00004e28,
+	0x00004e36, 0x00004e3f, 0x00004e59, 0x00004e85,
+	0x00004e8c, 0x00004ea0, 0x00004eba, 0x0000513f,
+	0x00005165, 0x0000516b, 0x00005182, 0x00005196,
+	0x000051ab, 0x000051e0, 0x000051f5, 0x00005200,
+	0x0000529b, 0x000052f9, 0x00005315, 0x0000531a,
+	0x00005338, 0x00005341, 0x0000535c, 0x00005369,
+	0x00005382, 0x000053b6, 0x000053c8, 0x000053e3,
+	0x000056d7, 0x0000571f, 0x000058eb, 0x00005902,
+	0x0000590a, 0x00005915, 0x00005927, 0x00005973,
+	0x00005b50, 0x00005b80, 0x00005bf8, 0x00005c0f,
+	0x00005c22, 0x00005c38, 0x00005c6e, 0x00005c71,
+	0x00005ddb, 0x00005de5, 0x00005df1, 0x00005dfe,
+	0x00005e72, 0x00005e7a, 0x00005e7f, 0x00005ef4,
+	0x00005efe, 0x00005f0b, 0x00005f13, 0x00005f50,
+	0x00005f61, 0x00005f73, 0x00005fc3, 0x00006208,
+	0x00006236, 0x0000624b, 0x0000652f, 0x00006534,
+	0x00006587, 0x00006597, 0x000065a4, 0x000065b9,
+	0x000065e0, 0x000065e5, 0x000066f0, 0x00006708,
+	0x00006728, 0x00006b20, 0x00006b62, 0x00006b79,
+	0x00006bb3, 0x00006bcb, 0x00006bd4, 0x00006bdb,
+	0x00006c0f, 0x00006c14, 0x00006c34, 0x0000706b,
+	0x0000722a, 0x00007236, 0x0000723b, 0x0000723f,
+	0x00007247, 0x00007259, 0x0000725b, 0x000072ac,
+	0x00007384, 0x00007389, 0x000074dc, 0x000074e6,
+	0x00007518, 0x0000751f, 0x00007528, 0x00007530,
+	0x0000758b, 0x00007592, 0x00007676, 0x0000767d,
+	0x000076ae, 0x000076bf, 0x000076ee, 0x000077db,
+	0x000077e2, 0x000077f3, 0x0000793a, 0x000079b8,
+	0x000079be, 0x00007a74, 0x00007acb, 0x00007af9,
+	0x00007c73, 0x00007cf8, 0x00007f36, 0x00007f51,
+	0x00007f8a, 0x00007fbd, 0x00008001, 0x0000800c,
+	0x00008012, 0x00008033, 0x0000807f, 0x00008089,
+	0x000081e3, 0x000081ea, 0x000081f3, 0x000081fc,
+	0x0000820c, 0x0000821b, 0x0000821f, 0x0000826e,
+	0x00008272, 0x00008278, 0x0000864d, 0x0000866b,
+	0x00008840, 0x0000884c, 0x00008863, 0x0000897e,
+	0x0000898b, 0x000089d2, 0x00008a00, 0x00008c37,
+	0x00008c46, 0x00008c55, 0x00008c78, 0x00008c9d,
+	0x00008d64, 0x00008d70, 0x00008db3, 0x00008eab,
+	0x00008eca, 0x00008f9b, 0x00008fb0, 0x00008fb5,
+	0x00009091, 0x00009149, 0x000091c6, 0x000091cc,
+	0x000091d1, 0x00009577, 0x00009580, 0x0000961c,
+	0x000096b6, 0x000096b9, 0x000096e8, 0x00009751,
+	0x0000975e, 0x00009762, 0x00009769, 0x000097cb,
+	0x000097ed, 0x000097f3, 0x00009801, 0x000098a8,
+	0x000098db, 0x000098df, 0x00009996, 0x00009999,
+	0x000099ac, 0x00009aa8, 0x00009ad8, 0x00009adf,
+	0x00009b25, 0x00009b2f, 0x00009b32, 0x00009b3c,
+	0x00009b5a, 0x00009ce5, 0x00009e75, 0x00009e7f,
+	0x00009ea5, 0x00009ebb, 0x00009ec3, 0x00009ecd,
+	0x00009ed1, 0x00009ef9, 0x00009efd, 0x00009f0e,
+	0x00009f13, 0x00009f20, 0x00009f3b, 0x00009f4a,
+	0x00009f52, 0x00009f8d, 0x00009f9c, 0x00009fa0,
+	0x00000020, 0x00003012, 0x00005341, 0x00005344,
+	0x00005345, 0x0000304b, 0x00003099, 0x0000304d,
+	0x00003099, 0x0000304f, 0x00003099, 0x00003051,
+	0x00003099, 0x00003053, 0x00003099, 0x00003055,
+	0x00003099, 0x00003057, 0x00003099, 0x00003059,
+	0x00003099, 0x0000305b, 0x00003099, 0x0000305d,
+	0x00003099, 0x0000305f, 0x00003099, 0x00003061,
+	0x00003099, 0x00003064, 0x00003099, 0x00003066,
+	0x00003099, 0x00003068, 0x00003099, 0x0000306f,
+	0x00003099, 0x0000306f, 0x0000309a, 0x00003072,
+	0x00003099, 0x00003072, 0x0000309a, 0x00003075,
+	0x00003099, 0x00003075, 0x0000309a, 0x00003078,
+	0x00003099, 0x00003078, 0x0000309a, 0x0000307b,
+	0x00003099, 0x0000307b, 0x0000309a, 0x00003046,
+	0x00003099, 0x00000020, 0x00003099, 0x00000020,
+	0x0000309a, 0x0000309d, 0x00003099, 0x00003088,
+	0x0000308a, 0x000030ab, 0x00003099, 0x000030ad,
+	0x00003099, 0x000030af, 0x00003099, 0x000030b1,
+	0x00003099, 0x000030b3, 0x00003099, 0x000030b5,
+	0x00003099, 0x000030b7, 0x00003099, 0x000030b9,
+	0x00003099, 0x000030bb, 0x00003099, 0x000030bd,
+	0x00003099, 0x000030bf, 0x00003099, 0x000030c1,
+	0x00003099, 0x000030c4, 0x00003099, 0x000030c6,
+	0x00003099, 0x000030c8, 0x00003099, 0x000030cf,
+	0x00003099, 0x000030cf, 0x0000309a, 0x000030d2,
+	0x00003099, 0x000030d2, 0x0000309a, 0x000030d5,
+	0x00003099, 0x000030d5, 0x0000309a, 0x000030d8,
+	0x00003099, 0x000030d8, 0x0000309a, 0x000030db,
+	0x00003099, 0x000030db, 0x0000309a, 0x000030a6,
+	0x00003099, 0x000030ef, 0x00003099, 0x000030f0,
+	0x00003099, 0x000030f1, 0x00003099, 0x000030f2,
+	0x00003099, 0x000030fd, 0x00003099, 0x000030b3,
+	0x000030c8, 0x00001100, 0x00001101, 0x000011aa,
+	0x00001102, 0x000011ac, 0x000011ad, 0x00001103,
+	0x00001104, 0x00001105, 0x000011b0, 0x000011b1,
+	0x000011b2, 0x000011b3, 0x000011b4, 0x000011b5,
+	0x0000111a, 0x00001106, 0x00001107, 0x00001108,
+	0x00001121, 0x00001109, 0x0000110a, 0x0000110b,
+	0x0000110c, 0x0000110d, 0x0000110e, 0x0000110f,
+	0x00001110, 0x00001111, 0x00001112, 0x00001161,
+	0x00001162, 0x00001163, 0x00001164, 0x00001165,
+	0x00001166, 0x00001167, 0x00001168, 0x00001169,
+	0x0000116a, 0x0000116b, 0x0000116c, 0x0000116d,
+	0x0000116e, 0x0000116f, 0x00001170, 0x00001171,
+	0x00001172, 0x00001173, 0x00001174, 0x00001175,
+	0x00001160, 0x00001114, 0x00001115, 0x000011c7,
+	0x000011c8, 0x000011cc, 0x000011ce, 0x000011d3,
+	0x000011d7, 0x000011d9, 0x0000111c, 0x000011dd,
+	0x000011df, 0x0000111d, 0x0000111e, 0x00001120,
+	0x00001122, 0x00001123, 0x00001127, 0x00001129,
+	0x0000112b, 0x0000112c, 0x0000112d, 0x0000112e,
+	0x0000112f, 0x00001132, 0x00001136, 0x00001140,
+	0x00001147, 0x0000114c, 0x000011f1, 0x000011f2,
+	0x00001157, 0x00001158, 0x00001159, 0x00001184,
+	0x00001185, 0x00001188, 0x00001191, 0x00001192,
+	0x00001194, 0x0000119e, 0x000011a1, 0x00004e00,
+	0x00004e8c, 0x00004e09, 0x000056db, 0x00004e0a,
+	0x00004e2d, 0x00004e0b, 0x00007532, 0x00004e59,
+	0x00004e19, 0x00004e01, 0x00005929, 0x00005730,
+	0x00004eba, 0x00000028, 0x00001100, 0x00000029,
+	0x00000028, 0x00001102, 0x00000029, 0x00000028,
+	0x00001103, 0x00000029, 0x00000028, 0x00001105,
+	0x00000029, 0x00000028, 0x00001106, 0x00000029,
+	0x00000028, 0x00001107, 0x00000029, 0x00000028,
+	0x00001109, 0x00000029, 0x00000028, 0x0000110b,
+	0x00000029, 0x00000028, 0x0000110c, 0x00000029,
+	0x00000028, 0x0000110e, 0x00000029, 0x00000028,
+	0x0000110f, 0x00000029, 0x00000028, 0x00001110,
+	0x00000029, 0x00000028, 0x00001111, 0x00000029,
+	0x00000028, 0x00001112, 0x00000029, 0x00000028,
+	0x00001100, 0x00001161, 0x00000029, 0x00000028,
+	0x00001102, 0x00001161, 0x00000029, 0x00000028,
+	0x00001103, 0x00001161, 0x00000029, 0x00000028,
+	0x00001105, 0x00001161, 0x00000029, 0x00000028,
+	0x00001106, 0x00001161, 0x00000029, 0x00000028,
+	0x00001107, 0x00001161, 0x00000029, 0x00000028,
+	0x00001109, 0x00001161, 0x00000029, 0x00000028,
+	0x0000110b, 0x00001161, 0x00000029, 0x00000028,
+	0x0000110c, 0x00001161, 0x00000029, 0x00000028,
+	0x0000110e, 0x00001161, 0x00000029, 0x00000028,
+	0x0000110f, 0x00001161, 0x00000029, 0x00000028,
+	0x00001110, 0x00001161, 0x00000029, 0x00000028,
+	0x00001111, 0x00001161, 0x00000029, 0x00000028,
+	0x00001112, 0x00001161, 0x00000029, 0x00000028,
+	0x0000110c, 0x0000116e, 0x00000029, 0x00000028,
+	0x00004e00, 0x00000029, 0x00000028, 0x00004e8c,
+	0x00000029, 0x00000028, 0x00004e09, 0x00000029,
+	0x00000028, 0x000056db, 0x00000029, 0x00000028,
+	0x00004e94, 0x00000029, 0x00000028, 0x0000516d,
+	0x00000029, 0x00000028, 0x00004e03, 0x00000029,
+	0x00000028, 0x0000516b, 0x00000029, 0x00000028,
+	0x00004e5d, 0x00000029, 0x00000028, 0x00005341,
+	0x00000029, 0x00000028, 0x00006708, 0x00000029,
+	0x00000028, 0x0000706b, 0x00000029, 0x00000028,
+	0x00006c34, 0x00000029, 0x00000028, 0x00006728,
+	0x00000029, 0x00000028, 0x000091d1, 0x00000029,
+	0x00000028, 0x0000571f, 0x00000029, 0x00000028,
+	0x000065e5, 0x00000029, 0x00000028, 0x0000682a,
+	0x00000029, 0x00000028, 0x00006709, 0x00000029,
+	0x00000028, 0x0000793e, 0x00000029, 0x00000028,
+	0x0000540d, 0x00000029, 0x00000028, 0x00007279,
+	0x00000029, 0x00000028, 0x00008ca1, 0x00000029,
+	0x00000028, 0x0000795d, 0x00000029, 0x00000028,
+	0x000052b4, 0x00000029, 0x00000028, 0x00004ee3,
+	0x00000029, 0x00000028, 0x0000547c, 0x00000029,
+	0x00000028, 0x00005b66, 0x00000029, 0x00000028,
+	0x000076e3, 0x00000029, 0x00000028, 0x00004f01,
+	0x00000029, 0x00000028, 0x00008cc7, 0x00000029,
+	0x00000028, 0x00005354, 0x00000029, 0x00000028,
+	0x0000796d, 0x00000029, 0x00000028, 0x00004f11,
+	0x00000029, 0x00000028, 0x000081ea, 0x00000029,
+	0x00000028, 0x000081f3, 0x00000029, 0x00000032,
+	0x00000031, 0x00000032, 0x00000032, 0x00000032,
+	0x00000033, 0x00000032, 0x00000034, 0x00000032,
+	0x00000035, 0x00000032, 0x00000036, 0x00000032,
+	0x00000037, 0x00000032, 0x00000038, 0x00000032,
+	0x00000039, 0x00000033, 0x00000030, 0x00000033,
+	0x00000031, 0x00000033, 0x00000032, 0x00000033,
+	0x00000033, 0x00000033, 0x00000034, 0x00000033,
+	0x00000035, 0x00001100, 0x00001102, 0x00001103,
+	0x00001105, 0x00001106, 0x00001107, 0x00001109,
+	0x0000110b, 0x0000110c, 0x0000110e, 0x0000110f,
+	0x00001110, 0x00001111, 0x00001112, 0x00001100,
+	0x00001161, 0x00001102, 0x00001161, 0x00001103,
+	0x00001161, 0x00001105, 0x00001161, 0x00001106,
+	0x00001161, 0x00001107, 0x00001161, 0x00001109,
+	0x00001161, 0x0000110b, 0x00001161, 0x0000110c,
+	0x00001161, 0x0000110e, 0x00001161, 0x0000110f,
+	0x00001161, 0x00001110, 0x00001161, 0x00001111,
+	0x00001161, 0x00001112, 0x00001161, 0x00004e00,
+	0x00004e8c, 0x00004e09, 0x000056db, 0x00004e94,
+	0x0000516d, 0x00004e03, 0x0000516b, 0x00004e5d,
+	0x00005341, 0x00006708, 0x0000706b, 0x00006c34,
+	0x00006728, 0x000091d1, 0x0000571f, 0x000065e5,
+	0x0000682a, 0x00006709, 0x0000793e, 0x0000540d,
+	0x00007279, 0x00008ca1, 0x0000795d, 0x000052b4,
+	0x000079d8, 0x00007537, 0x00005973, 0x00009069,
+	0x0000512a, 0x00005370, 0x00006ce8, 0x00009805,
+	0x00004f11, 0x00005199, 0x00006b63, 0x00004e0a,
+	0x00004e2d, 0x00004e0b, 0x00005de6, 0x000053f3,
+	0x0000533b, 0x00005b97, 0x00005b66, 0x000076e3,
+	0x00004f01, 0x00008cc7, 0x00005354, 0x0000591c,
+	0x00000033, 0x00000036, 0x00000033, 0x00000037,
+	0x00000033, 0x00000038, 0x00000033, 0x00000039,
+	0x00000034, 0x00000030, 0x00000034, 0x00000031,
+	0x00000034, 0x00000032, 0x00000034, 0x00000033,
+	0x00000034, 0x00000034, 0x00000034, 0x00000035,
+	0x00000034, 0x00000036, 0x00000034, 0x00000037,
+	0x00000034, 0x00000038, 0x00000034, 0x00000039,
+	0x00000035, 0x00000030, 0x00000031, 0x00006708,
+	0x00000032, 0x00006708, 0x00000033, 0x00006708,
+	0x00000034, 0x00006708, 0x00000035, 0x00006708,
+	0x00000036, 0x00006708, 0x00000037, 0x00006708,
+	0x00000038, 0x00006708, 0x00000039, 0x00006708,
+	0x00000031, 0x00000030, 0x00006708, 0x00000031,
+	0x00000031, 0x00006708, 0x00000031, 0x00000032,
+	0x00006708, 0x000030a2, 0x000030a4, 0x000030a6,
+	0x000030a8, 0x000030aa, 0x000030ab, 0x000030ad,
+	0x000030af, 0x000030b1, 0x000030b3, 0x000030b5,
+	0x000030b7, 0x000030b9, 0x000030bb, 0x000030bd,
+	0x000030bf, 0x000030c1, 0x000030c4, 0x000030c6,
+	0x000030c8, 0x000030ca, 0x000030cb, 0x000030cc,
+	0x000030cd, 0x000030ce, 0x000030cf, 0x000030d2,
+	0x000030d5, 0x000030d8, 0x000030db, 0x000030de,
+	0x000030df, 0x000030e0, 0x000030e1, 0x000030e2,
+	0x000030e4, 0x000030e6, 0x000030e8, 0x000030e9,
+	0x000030ea, 0x000030eb, 0x000030ec, 0x000030ed,
+	0x000030ef, 0x000030f0, 0x000030f1, 0x000030f2,
+	0x000030a2, 0x000030cf, 0x0000309a, 0x000030fc,
+	0x000030c8, 0x000030a2, 0x000030eb, 0x000030d5,
+	0x000030a1, 0x000030a2, 0x000030f3, 0x000030d8,
+	0x0000309a, 0x000030a2, 0x000030a2, 0x000030fc,
+	0x000030eb, 0x000030a4, 0x000030cb, 0x000030f3,
+	0x000030af, 0x00003099, 0x000030a4, 0x000030f3,
+	0x000030c1, 0x000030a6, 0x000030a9, 0x000030f3,
+	0x000030a8, 0x000030b9, 0x000030af, 0x000030fc,
+	0x000030c8, 0x00003099, 0x000030a8, 0x000030fc,
+	0x000030ab, 0x000030fc, 0x000030aa, 0x000030f3,
+	0x000030b9, 0x000030aa, 0x000030fc, 0x000030e0,
+	0x000030ab, 0x000030a4, 0x000030ea, 0x000030ab,
+	0x000030e9, 0x000030c3, 0x000030c8, 0x000030ab,
+	0x000030ed, 0x000030ea, 0x000030fc, 0x000030ab,
+	0x00003099, 0x000030ed, 0x000030f3, 0x000030ab,
+	0x00003099, 0x000030f3, 0x000030de, 0x000030ad,
+	0x00003099, 0x000030ab, 0x00003099, 0x000030ad,
+	0x00003099, 0x000030cb, 0x000030fc, 0x000030ad,
+	0x000030e5, 0x000030ea, 0x000030fc, 0x000030ad,
+	0x00003099, 0x000030eb, 0x000030bf, 0x00003099,
+	0x000030fc, 0x000030ad, 0x000030ed, 0x000030ad,
+	0x000030ed, 0x000030af, 0x00003099, 0x000030e9,
+	0x000030e0, 0x000030ad, 0x000030ed, 0x000030e1,
+	0x000030fc, 0x000030c8, 0x000030eb, 0x000030ad,
+	0x000030ed, 0x000030ef, 0x000030c3, 0x000030c8,
+	0x000030af, 0x00003099, 0x000030e9, 0x000030e0,
+	0x000030af, 0x00003099, 0x000030e9, 0x000030e0,
+	0x000030c8, 0x000030f3, 0x000030af, 0x000030eb,
+	0x000030bb, 0x00003099, 0x000030a4, 0x000030ed,
+	0x000030af, 0x000030ed, 0x000030fc, 0x000030cd,
+	0x000030b1, 0x000030fc, 0x000030b9, 0x000030b3,
+	0x000030eb, 0x000030ca, 0x000030b3, 0x000030fc,
+	0x000030db, 0x0000309a, 0x000030b5, 0x000030a4,
+	0x000030af, 0x000030eb, 0x000030b5, 0x000030f3,
+	0x000030c1, 0x000030fc, 0x000030e0, 0x000030b7,
+	0x000030ea, 0x000030f3, 0x000030af, 0x00003099,
+	0x000030bb, 0x000030f3, 0x000030c1, 0x000030bb,
+	0x000030f3, 0x000030c8, 0x000030bf, 0x00003099,
+	0x000030fc, 0x000030b9, 0x000030c6, 0x00003099,
+	0x000030b7, 0x000030c8, 0x00003099, 0x000030eb,
+	0x000030c8, 0x000030f3, 0x000030ca, 0x000030ce,
+	0x000030ce, 0x000030c3, 0x000030c8, 0x000030cf,
+	0x000030a4, 0x000030c4, 0x000030cf, 0x0000309a,
+	0x000030fc, 0x000030bb, 0x000030f3, 0x000030c8,
+	0x000030cf, 0x0000309a, 0x000030fc, 0x000030c4,
+	0x000030cf, 0x00003099, 0x000030fc, 0x000030ec,
+	0x000030eb, 0x000030d2, 0x0000309a, 0x000030a2,
+	0x000030b9, 0x000030c8, 0x000030eb, 0x000030d2,
+	0x0000309a, 0x000030af, 0x000030eb, 0x000030d2,
+	0x0000309a, 0x000030b3, 0x000030d2, 0x00003099,
+	0x000030eb, 0x000030d5, 0x000030a1, 0x000030e9,
+	0x000030c3, 0x000030c8, 0x00003099, 0x000030d5,
+	0x000030a3, 0x000030fc, 0x000030c8, 0x000030d5,
+	0x00003099, 0x000030c3, 0x000030b7, 0x000030a7,
+	0x000030eb, 0x000030d5, 0x000030e9, 0x000030f3,
+	0x000030d8, 0x000030af, 0x000030bf, 0x000030fc,
+	0x000030eb, 0x000030d8, 0x0000309a, 0x000030bd,
+	0x000030d8, 0x0000309a, 0x000030cb, 0x000030d2,
+	0x000030d8, 0x000030eb, 0x000030c4, 0x000030d8,
+	0x0000309a, 0x000030f3, 0x000030b9, 0x000030d8,
+	0x0000309a, 0x000030fc, 0x000030b7, 0x00003099,
+	0x000030d8, 0x00003099, 0x000030fc, 0x000030bf,
+	0x000030db, 0x0000309a, 0x000030a4, 0x000030f3,
+	0x000030c8, 0x000030db, 0x00003099, 0x000030eb,
+	0x000030c8, 0x000030db, 0x000030f3, 0x000030db,
+	0x0000309a, 0x000030f3, 0x000030c8, 0x00003099,
+	0x000030db, 0x000030fc, 0x000030eb, 0x000030db,
+	0x000030fc, 0x000030f3, 0x000030de, 0x000030a4,
+	0x000030af, 0x000030ed, 0x000030de, 0x000030a4,
+	0x000030eb, 0x000030de, 0x000030c3, 0x000030cf,
+	0x000030de, 0x000030eb, 0x000030af, 0x000030de,
+	0x000030f3, 0x000030b7, 0x000030e7, 0x000030f3,
+	0x000030df, 0x000030af, 0x000030ed, 0x000030f3,
+	0x000030df, 0x000030ea, 0x000030df, 0x000030ea,
+	0x000030cf, 0x00003099, 0x000030fc, 0x000030eb,
+	0x000030e1, 0x000030ab, 0x00003099, 0x000030e1,
+	0x000030ab, 0x00003099, 0x000030c8, 0x000030f3,
+	0x000030e1, 0x000030fc, 0x000030c8, 0x000030eb,
+	0x000030e4, 0x000030fc, 0x000030c8, 0x00003099,
+	0x000030e4, 0x000030fc, 0x000030eb, 0x000030e6,
+	0x000030a2, 0x000030f3, 0x000030ea, 0x000030c3,
+	0x000030c8, 0x000030eb, 0x000030ea, 0x000030e9,
+	0x000030eb, 0x000030d2, 0x0000309a, 0x000030fc,
+	0x000030eb, 0x000030fc, 0x000030d5, 0x00003099,
+	0x000030eb, 0x000030ec, 0x000030e0, 0x000030ec,
+	0x000030f3, 0x000030c8, 0x000030b1, 0x00003099,
+	0x000030f3, 0x000030ef, 0x000030c3, 0x000030c8,
+	0x00000030, 0x000070b9, 0x00000031, 0x000070b9,
+	0x00000032, 0x000070b9, 0x00000033, 0x000070b9,
+	0x00000034, 0x000070b9, 0x00000035, 0x000070b9,
+	0x00000036, 0x000070b9, 0x00000037, 0x000070b9,
+	0x00000038, 0x000070b9, 0x00000039, 0x000070b9,
+	0x00000031, 0x00000030, 0x000070b9, 0x00000031,
+	0x00000031, 0x000070b9, 0x00000031, 0x00000032,
+	0x000070b9, 0x00000031, 0x00000033, 0x000070b9,
+	0x00000031, 0x00000034, 0x000070b9, 0x00000031,
+	0x00000035, 0x000070b9, 0x00000031, 0x00000036,
+	0x000070b9, 0x00000031, 0x00000037, 0x000070b9,
+	0x00000031, 0x00000038, 0x000070b9, 0x00000031,
+	0x00000039, 0x000070b9, 0x00000032, 0x00000030,
+	0x000070b9, 0x00000032, 0x00000031, 0x000070b9,
+	0x00000032, 0x00000032, 0x000070b9, 0x00000032,
+	0x00000033, 0x000070b9, 0x00000032, 0x00000034,
+	0x000070b9, 0x00000068, 0x00000050, 0x00000061,
+	0x00000064, 0x00000061, 0x00000041, 0x00000055,
+	0x00000062, 0x00000061, 0x00000072, 0x0000006f,
+	0x00000056, 0x00000070, 0x00000063, 0x00005e73,
+	0x00006210, 0x0000662d, 0x0000548c, 0x00005927,
+	0x00006b63, 0x0000660e, 0x00006cbb, 0x0000682a,
+	0x00005f0f, 0x00004f1a, 0x0000793e, 0x00000070,
+	0x00000041, 0x0000006e, 0x00000041, 0x000003bc,
+	0x00000041, 0x0000006d, 0x00000041, 0x0000006b,
+	0x00000041, 0x0000004b, 0x00000042, 0x0000004d,
+	0x00000042, 0x00000047, 0x00000042, 0x00000063,
+	0x00000061, 0x0000006c, 0x0000006b, 0x00000063,
+	0x00000061, 0x0000006c, 0x00000070, 0x00000046,
+	0x0000006e, 0x00000046, 0x000003bc, 0x00000046,
+	0x000003bc, 0x00000067, 0x0000006d, 0x00000067,
+	0x0000006b, 0x00000067, 0x00000048, 0x0000007a,
+	0x0000006b, 0x00000048, 0x0000007a, 0x0000004d,
+	0x00000048, 0x0000007a, 0x00000047, 0x00000048,
+	0x0000007a, 0x00000054, 0x00000048, 0x0000007a,
+	0x000003bc, 0x0000006c, 0x0000006d, 0x0000006c,
+	0x00000064, 0x0000006c, 0x0000006b, 0x0000006c,
+	0x00000066, 0x0000006d, 0x0000006e, 0x0000006d,
+	0x000003bc, 0x0000006d, 0x0000006d, 0x0000006d,
+	0x00000063, 0x0000006d, 0x0000006b, 0x0000006d,
+	0x0000006d, 0x0000006d, 0x00000032, 0x00000063,
+	0x0000006d, 0x00000032, 0x0000006d, 0x00000032,
+	0x0000006b, 0x0000006d, 0x00000032, 0x0000006d,
+	0x0000006d, 0x00000033, 0x00000063, 0x0000006d,
+	0x00000033, 0x0000006d, 0x00000033, 0x0000006b,
+	0x0000006d, 0x00000033, 0x0000006d, 0x00002215,
+	0x00000073, 0x0000006d, 0x00002215, 0x00000073,
+	0x00000032, 0x00000050, 0x00000061, 0x0000006b,
+	0x00000050, 0x00000061, 0x0000004d, 0x00000050,
+	0x00000061, 0x00000047, 0x00000050, 0x00000061,
+	0x00000072, 0x00000061, 0x00000064, 0x00000072,
+	0x00000061, 0x00000064, 0x00002215, 0x00000073,
+	0x00000072, 0x00000061, 0x00000064, 0x00002215,
+	0x00000073, 0x00000032, 0x00000070, 0x00000073,
+	0x0000006e, 0x00000073, 0x000003bc, 0x00000073,
+	0x0000006d, 0x00000073, 0x00000070, 0x00000056,
+	0x0000006e, 0x00000056, 0x000003bc, 0x00000056,
+	0x0000006d, 0x00000056, 0x0000006b, 0x00000056,
+	0x0000004d, 0x00000056, 0x00000070, 0x00000057,
+	0x0000006e, 0x00000057, 0x000003bc, 0x00000057,
+	0x0000006d, 0x00000057, 0x0000006b, 0x00000057,
+	0x0000004d, 0x00000057, 0x0000006b, 0x000003a9,
+	0x0000004d, 0x000003a9, 0x00000061, 0x0000002e,
+	0x0000006d, 0x0000002e, 0x00000042, 0x00000071,
+	0x00000063, 0x00000063, 0x00000063, 0x00000064,
+	0x00000043, 0x00002215, 0x0000006b, 0x00000067,
+	0x00000043, 0x0000006f, 0x0000002e, 0x00000064,
+	0x00000042, 0x00000047, 0x00000079, 0x00000068,
+	0x00000061, 0x00000048, 0x00000050, 0x00000069,
+	0x0000006e, 0x0000004b, 0x0000004b, 0x0000004b,
+	0x0000004d, 0x0000006b, 0x00000074, 0x0000006c,
+	0x0000006d, 0x0000006c, 0x0000006e, 0x0000006c,
+	0x0000006f, 0x00000067, 0x0000006c, 0x00000078,
+	0x0000006d, 0x00000062, 0x0000006d, 0x00000069,
+	0x0000006c, 0x0000006d, 0x0000006f, 0x0000006c,
+	0x00000050, 0x00000048, 0x00000070, 0x0000002e,
+	0x0000006d, 0x0000002e, 0x00000050, 0x00000050,
+	0x0000004d, 0x00000050, 0x00000052, 0x00000073,
+	0x00000072, 0x00000053, 0x00000076, 0x00000057,
+	0x00000062, 0x00000031, 0x000065e5, 0x00000032,
+	0x000065e5, 0x00000033, 0x000065e5, 0x00000034,
+	0x000065e5, 0x00000035, 0x000065e5, 0x00000036,
+	0x000065e5, 0x00000037, 0x000065e5, 0x00000038,
+	0x000065e5, 0x00000039, 0x000065e5, 0x00000031,
+	0x00000030, 0x000065e5, 0x00000031, 0x00000031,
+	0x000065e5, 0x00000031, 0x00000032, 0x000065e5,
+	0x00000031, 0x00000033, 0x000065e5, 0x00000031,
+	0x00000034, 0x000065e5, 0x00000031, 0x00000035,
+	0x000065e5, 0x00000031, 0x00000036, 0x000065e5,
+	0x00000031, 0x00000037, 0x000065e5, 0x00000031,
+	0x00000038, 0x000065e5, 0x00000031, 0x00000039,
+	0x000065e5, 0x00000032, 0x00000030, 0x000065e5,
+	0x00000032, 0x00000031, 0x000065e5, 0x00000032,
+	0x00000032, 0x000065e5, 0x00000032, 0x00000033,
+	0x000065e5, 0x00000032, 0x00000034, 0x000065e5,
+	0x00000032, 0x00000035, 0x000065e5, 0x00000032,
+	0x00000036, 0x000065e5, 0x00000032, 0x00000037,
+	0x000065e5, 0x00000032, 0x00000038, 0x000065e5,
+	0x00000032, 0x00000039, 0x000065e5, 0x00000033,
+	0x00000030, 0x000065e5, 0x00000033, 0x00000031,
+	0x000065e5, 0x00008eca, 0x00008cc8, 0x00006ed1,
+	0x00004e32, 0x000053e5, 0x00009f9c, 0x00009f9c,
+	0x00005951, 0x000091d1, 0x00005587, 0x00005948,
+	0x000061f6, 0x00007669, 0x00007f85, 0x0000863f,
+	0x000087ba, 0x000088f8, 0x0000908f, 0x00006a02,
+	0x00006d1b, 0x000070d9, 0x000073de, 0x0000843d,
+	0x0000916a, 0x000099f1, 0x00004e82, 0x00005375,
+	0x00006b04, 0x0000721b, 0x0000862d, 0x00009e1e,
+	0x00005d50, 0x00006feb, 0x000085cd, 0x00008964,
+	0x000062c9, 0x000081d8, 0x0000881f, 0x00005eca,
+	0x00006717, 0x00006d6a, 0x000072fc, 0x000090ce,
+	0x00004f86, 0x000051b7, 0x000052de, 0x000064c4,
+	0x00006ad3, 0x00007210, 0x000076e7, 0x00008001,
+	0x00008606, 0x0000865c, 0x00008def, 0x00009732,
+	0x00009b6f, 0x00009dfa, 0x0000788c, 0x0000797f,
+	0x00007da0, 0x000083c9, 0x00009304, 0x00009e7f,
+	0x00008ad6, 0x000058df, 0x00005f04, 0x00007c60,
+	0x0000807e, 0x00007262, 0x000078ca, 0x00008cc2,
+	0x000096f7, 0x000058d8, 0x00005c62, 0x00006a13,
+	0x00006dda, 0x00006f0f, 0x00007d2f, 0x00007e37,
+	0x0000964b, 0x000052d2, 0x0000808b, 0x000051dc,
+	0x000051cc, 0x00007a1c, 0x00007dbe, 0x000083f1,
+	0x00009675, 0x00008b80, 0x000062cf, 0x00006a02,
+	0x00008afe, 0x00004e39, 0x00005be7, 0x00006012,
+	0x00007387, 0x00007570, 0x00005317, 0x000078fb,
+	0x00004fbf, 0x00005fa9, 0x00004e0d, 0x00006ccc,
+	0x00006578, 0x00007d22, 0x000053c3, 0x0000585e,
+	0x00007701, 0x00008449, 0x00008aaa, 0x00006bba,
+	0x00008fb0, 0x00006c88, 0x000062fe, 0x000082e5,
+	0x000063a0, 0x00007565, 0x00004eae, 0x00005169,
+	0x000051c9, 0x00006881, 0x00007ce7, 0x0000826f,
+	0x00008ad2, 0x000091cf, 0x000052f5, 0x00005442,
+	0x00005973, 0x00005eec, 0x000065c5, 0x00006ffe,
+	0x0000792a, 0x000095ad, 0x00009a6a, 0x00009e97,
+	0x00009ece, 0x0000529b, 0x000066c6, 0x00006b77,
+	0x00008f62, 0x00005e74, 0x00006190, 0x00006200,
+	0x0000649a, 0x00006f23, 0x00007149, 0x00007489,
+	0x000079ca, 0x00007df4, 0x0000806f, 0x00008f26,
+	0x000084ee, 0x00009023, 0x0000934a, 0x00005217,
+	0x000052a3, 0x000054bd, 0x000070c8, 0x000088c2,
+	0x00008aaa, 0x00005ec9, 0x00005ff5, 0x0000637b,
+	0x00006bae, 0x00007c3e, 0x00007375, 0x00004ee4,
+	0x000056f9, 0x00005be7, 0x00005dba, 0x0000601c,
+	0x000073b2, 0x00007469, 0x00007f9a, 0x00008046,
+	0x00009234, 0x000096f6, 0x00009748, 0x00009818,
+	0x00004f8b, 0x000079ae, 0x000091b4, 0x000096b8,
+	0x000060e1, 0x00004e86, 0x000050da, 0x00005bee,
+	0x00005c3f, 0x00006599, 0x00006a02, 0x000071ce,
+	0x00007642, 0x000084fc, 0x0000907c, 0x00009f8d,
+	0x00006688, 0x0000962e, 0x00005289, 0x0000677b,
+	0x000067f3, 0x00006d41, 0x00006e9c, 0x00007409,
+	0x00007559, 0x0000786b, 0x00007d10, 0x0000985e,
+	0x0000516d, 0x0000622e, 0x00009678, 0x0000502b,
+	0x00005d19, 0x00006dea, 0x00008f2a, 0x00005f8b,
+	0x00006144, 0x00006817, 0x00007387, 0x00009686,
+	0x00005229, 0x0000540f, 0x00005c65, 0x00006613,
+	0x0000674e, 0x000068a8, 0x00006ce5, 0x00007406,
+	0x000075e2, 0x00007f79, 0x000088cf, 0x000088e1,
+	0x000091cc, 0x000096e2, 0x0000533f, 0x00006eba,
+	0x0000541d, 0x000071d0, 0x00007498, 0x000085fa,
+	0x000096a3, 0x00009c57, 0x00009e9f, 0x00006797,
+	0x00006dcb, 0x000081e8, 0x00007acb, 0x00007b20,
+	0x00007c92, 0x000072c0, 0x00007099, 0x00008b58,
+	0x00004ec0, 0x00008336, 0x0000523a, 0x00005207,
+	0x00005ea6, 0x000062d3, 0x00007cd6, 0x00005b85,
+	0x00006d1e, 0x000066b4, 0x00008f3b, 0x0000884c,
+	0x0000964d, 0x0000898b, 0x00005ed3, 0x00005140,
+	0x000055c0, 0x0000585a, 0x00006674, 0x000051de,
+	0x0000732a, 0x000076ca, 0x0000793c, 0x0000795e,
+	0x00007965, 0x0000798f, 0x00009756, 0x00007cbe,
+	0x00007fbd, 0x00008612, 0x00008af8, 0x00009038,
+	0x000090fd, 0x000098ef, 0x000098fc, 0x00009928,
+	0x00009db4, 0x00004fae, 0x000050e7, 0x0000514d,
+	0x000052c9, 0x000052e4, 0x00005351, 0x0000559d,
+	0x00005606, 0x00005668, 0x00005840, 0x000058a8,
+	0x00005c64, 0x00005c6e, 0x00006094, 0x00006168,
+	0x0000618e, 0x000061f2, 0x0000654f, 0x000065e2,
+	0x00006691, 0x00006885, 0x00006d77, 0x00006e1a,
+	0x00006f22, 0x0000716e, 0x0000722b, 0x00007422,
+	0x00007891, 0x0000793e, 0x00007949, 0x00007948,
+	0x00007950, 0x00007956, 0x0000795d, 0x0000798d,
+	0x0000798e, 0x00007a40, 0x00007a81, 0x00007bc0,
+	0x00007df4, 0x00007e09, 0x00007e41, 0x00007f72,
+	0x00008005, 0x000081ed, 0x00008279, 0x00008279,
+	0x00008457, 0x00008910, 0x00008996, 0x00008b01,
+	0x00008b39, 0x00008cd3, 0x00008d08, 0x00008fb6,
+	0x00009038, 0x000096e3, 0x000097ff, 0x0000983b,
+	0x00000066, 0x00000066, 0x00000066, 0x00000069,
+	0x00000066, 0x0000006c, 0x00000066, 0x00000066,
+	0x00000069, 0x00000066, 0x00000066, 0x0000006c,
+	0x00000073, 0x00000074, 0x00000073, 0x00000074,
+	0x00000574, 0x00000576, 0x00000574, 0x00000565,
+	0x00000574, 0x0000056b, 0x0000057e, 0x00000576,
+	0x00000574, 0x0000056d, 0x000005d9, 0x000005b4,
+	0x000005f2, 0x000005b7, 0x000005e2, 0x000005d0,
+	0x000005d3, 0x000005d4, 0x000005db, 0x000005dc,
+	0x000005dd, 0x000005e8, 0x000005ea, 0x0000002b,
+	0x000005e9, 0x000005c1, 0x000005e9, 0x000005c2,
+	0x000005e9, 0x000005bc, 0x000005c1, 0x000005e9,
+	0x000005bc, 0x000005c2, 0x000005d0, 0x000005b7,
+	0x000005d0, 0x000005b8, 0x000005d0, 0x000005bc,
+	0x000005d1, 0x000005bc, 0x000005d2, 0x000005bc,
+	0x000005d3, 0x000005bc, 0x000005d4, 0x000005bc,
+	0x000005d5, 0x000005bc, 0x000005d6, 0x000005bc,
+	0x000005d8, 0x000005bc, 0x000005d9, 0x000005bc,
+	0x000005da, 0x000005bc, 0x000005db, 0x000005bc,
+	0x000005dc, 0x000005bc, 0x000005de, 0x000005bc,
+	0x000005e0, 0x000005bc, 0x000005e1, 0x000005bc,
+	0x000005e3, 0x000005bc, 0x000005e4, 0x000005bc,
+	0x000005e6, 0x000005bc, 0x000005e7, 0x000005bc,
+	0x000005e8, 0x000005bc, 0x000005e9, 0x000005bc,
+	0x000005ea, 0x000005bc, 0x000005d5, 0x000005b9,
+	0x000005d1, 0x000005bf, 0x000005db, 0x000005bf,
+	0x000005e4, 0x000005bf, 0x000005d0, 0x000005dc,
+	0x00000671, 0x00000671, 0x0000067b, 0x0000067b,
+	0x0000067b, 0x0000067b, 0x0000067e, 0x0000067e,
+	0x0000067e, 0x0000067e, 0x00000680, 0x00000680,
+	0x00000680, 0x00000680, 0x0000067a, 0x0000067a,
+	0x0000067a, 0x0000067a, 0x0000067f, 0x0000067f,
+	0x0000067f, 0x0000067f, 0x00000679, 0x00000679,
+	0x00000679, 0x00000679, 0x000006a4, 0x000006a4,
+	0x000006a4, 0x000006a4, 0x000006a6, 0x000006a6,
+	0x000006a6, 0x000006a6, 0x00000684, 0x00000684,
+	0x00000684, 0x00000684, 0x00000683, 0x00000683,
+	0x00000683, 0x00000683, 0x00000686, 0x00000686,
+	0x00000686, 0x00000686, 0x00000687, 0x00000687,
+	0x00000687, 0x00000687, 0x0000068d, 0x0000068d,
+	0x0000068c, 0x0000068c, 0x0000068e, 0x0000068e,
+	0x00000688, 0x00000688, 0x00000698, 0x00000698,
+	0x00000691, 0x00000691, 0x000006a9, 0x000006a9,
+	0x000006a9, 0x000006a9, 0x000006af, 0x000006af,
+	0x000006af, 0x000006af, 0x000006b3, 0x000006b3,
+	0x000006b3, 0x000006b3, 0x000006b1, 0x000006b1,
+	0x000006b1, 0x000006b1, 0x000006ba, 0x000006ba,
+	0x000006bb, 0x000006bb, 0x000006bb, 0x000006bb,
+	0x000006d5, 0x00000654, 0x000006d5, 0x00000654,
+	0x000006c1, 0x000006c1, 0x000006c1, 0x000006c1,
+	0x000006be, 0x000006be, 0x000006be, 0x000006be,
+	0x000006d2, 0x000006d2, 0x000006d2, 0x00000654,
+	0x000006d2, 0x00000654, 0x000006ad, 0x000006ad,
+	0x000006ad, 0x000006ad, 0x000006c7, 0x000006c7,
+	0x000006c6, 0x000006c6, 0x000006c8, 0x000006c8,
+	0x000006c7, 0x00000674, 0x000006cb, 0x000006cb,
+	0x000006c5, 0x000006c5, 0x000006c9, 0x000006c9,
+	0x000006d0, 0x000006d0, 0x000006d0, 0x000006d0,
+	0x00000649, 0x00000649, 0x0000064a, 0x00000654,
+	0x00000627, 0x0000064a, 0x00000654, 0x00000627,
+	0x0000064a, 0x00000654, 0x000006d5, 0x0000064a,
+	0x00000654, 0x000006d5, 0x0000064a, 0x00000654,
+	0x00000648, 0x0000064a, 0x00000654, 0x00000648,
+	0x0000064a, 0x00000654, 0x000006c7, 0x0000064a,
+	0x00000654, 0x000006c7, 0x0000064a, 0x00000654,
+	0x000006c6, 0x0000064a, 0x00000654, 0x000006c6,
+	0x0000064a, 0x00000654, 0x000006c8, 0x0000064a,
+	0x00000654, 0x000006c8, 0x0000064a, 0x00000654,
+	0x000006d0, 0x0000064a, 0x00000654, 0x000006d0,
+	0x0000064a, 0x00000654, 0x000006d0, 0x0000064a,
+	0x00000654, 0x00000649, 0x0000064a, 0x00000654,
+	0x00000649, 0x0000064a, 0x00000654, 0x00000649,
+	0x000006cc, 0x000006cc, 0x000006cc, 0x000006cc,
+	0x0000064a, 0x00000654, 0x0000062c, 0x0000064a,
+	0x00000654, 0x0000062d, 0x0000064a, 0x00000654,
+	0x00000645, 0x0000064a, 0x00000654, 0x00000649,
+	0x0000064a, 0x00000654, 0x0000064a, 0x00000628,
+	0x0000062c, 0x00000628, 0x0000062d, 0x00000628,
+	0x0000062e, 0x00000628, 0x00000645, 0x00000628,
+	0x00000649, 0x00000628, 0x0000064a, 0x0000062a,
+	0x0000062c, 0x0000062a, 0x0000062d, 0x0000062a,
+	0x0000062e, 0x0000062a, 0x00000645, 0x0000062a,
+	0x00000649, 0x0000062a, 0x0000064a, 0x0000062b,
+	0x0000062c, 0x0000062b, 0x00000645, 0x0000062b,
+	0x00000649, 0x0000062b, 0x0000064a, 0x0000062c,
+	0x0000062d, 0x0000062c, 0x00000645, 0x0000062d,
+	0x0000062c, 0x0000062d, 0x00000645, 0x0000062e,
+	0x0000062c, 0x0000062e, 0x0000062d, 0x0000062e,
+	0x00000645, 0x00000633, 0x0000062c, 0x00000633,
+	0x0000062d, 0x00000633, 0x0000062e, 0x00000633,
+	0x00000645, 0x00000635, 0x0000062d, 0x00000635,
+	0x00000645, 0x00000636, 0x0000062c, 0x00000636,
+	0x0000062d, 0x00000636, 0x0000062e, 0x00000636,
+	0x00000645, 0x00000637, 0x0000062d, 0x00000637,
+	0x00000645, 0x00000638, 0x00000645, 0x00000639,
+	0x0000062c, 0x00000639, 0x00000645, 0x0000063a,
+	0x0000062c, 0x0000063a, 0x00000645, 0x00000641,
+	0x0000062c, 0x00000641, 0x0000062d, 0x00000641,
+	0x0000062e, 0x00000641, 0x00000645, 0x00000641,
+	0x00000649, 0x00000641, 0x0000064a, 0x00000642,
+	0x0000062d, 0x00000642, 0x00000645, 0x00000642,
+	0x00000649, 0x00000642, 0x0000064a, 0x00000643,
+	0x00000627, 0x00000643, 0x0000062c, 0x00000643,
+	0x0000062d, 0x00000643, 0x0000062e, 0x00000643,
+	0x00000644, 0x00000643, 0x00000645, 0x00000643,
+	0x00000649, 0x00000643, 0x0000064a, 0x00000644,
+	0x0000062c, 0x00000644, 0x0000062d, 0x00000644,
+	0x0000062e, 0x00000644, 0x00000645, 0x00000644,
+	0x00000649, 0x00000644, 0x0000064a, 0x00000645,
+	0x0000062c, 0x00000645, 0x0000062d, 0x00000645,
+	0x0000062e, 0x00000645, 0x00000645, 0x00000645,
+	0x00000649, 0x00000645, 0x0000064a, 0x00000646,
+	0x0000062c, 0x00000646, 0x0000062d, 0x00000646,
+	0x0000062e, 0x00000646, 0x00000645, 0x00000646,
+	0x00000649, 0x00000646, 0x0000064a, 0x00000647,
+	0x0000062c, 0x00000647, 0x00000645, 0x00000647,
+	0x00000649, 0x00000647, 0x0000064a, 0x0000064a,
+	0x0000062c, 0x0000064a, 0x0000062d, 0x0000064a,
+	0x0000062e, 0x0000064a, 0x00000645, 0x0000064a,
+	0x00000649, 0x0000064a, 0x0000064a, 0x00000630,
+	0x00000670, 0x00000631, 0x00000670, 0x00000649,
+	0x00000670, 0x00000020, 0x0000064c, 0x00000651,
+	0x00000020, 0x0000064d, 0x00000651, 0x00000020,
+	0x0000064e, 0x00000651, 0x00000020, 0x0000064f,
+	0x00000651, 0x00000020, 0x00000650, 0x00000651,
+	0x00000020, 0x00000651, 0x00000670, 0x0000064a,
+	0x00000654, 0x00000631, 0x0000064a, 0x00000654,
+	0x00000632, 0x0000064a, 0x00000654, 0x00000645,
+	0x0000064a, 0x00000654, 0x00000646, 0x0000064a,
+	0x00000654, 0x00000649, 0x0000064a, 0x00000654,
+	0x0000064a, 0x00000628, 0x00000631, 0x00000628,
+	0x00000632, 0x00000628, 0x00000645, 0x00000628,
+	0x00000646, 0x00000628, 0x00000649, 0x00000628,
+	0x0000064a, 0x0000062a, 0x00000631, 0x0000062a,
+	0x00000632, 0x0000062a, 0x00000645, 0x0000062a,
+	0x00000646, 0x0000062a, 0x00000649, 0x0000062a,
+	0x0000064a, 0x0000062b, 0x00000631, 0x0000062b,
+	0x00000632, 0x0000062b, 0x00000645, 0x0000062b,
+	0x00000646, 0x0000062b, 0x00000649, 0x0000062b,
+	0x0000064a, 0x00000641, 0x00000649, 0x00000641,
+	0x0000064a, 0x00000642, 0x00000649, 0x00000642,
+	0x0000064a, 0x00000643, 0x00000627, 0x00000643,
+	0x00000644, 0x00000643, 0x00000645, 0x00000643,
+	0x00000649, 0x00000643, 0x0000064a, 0x00000644,
+	0x00000645, 0x00000644, 0x00000649, 0x00000644,
+	0x0000064a, 0x00000645, 0x00000627, 0x00000645,
+	0x00000645, 0x00000646, 0x00000631, 0x00000646,
+	0x00000632, 0x00000646, 0x00000645, 0x00000646,
+	0x00000646, 0x00000646, 0x00000649, 0x00000646,
+	0x0000064a, 0x00000649, 0x00000670, 0x0000064a,
+	0x00000631, 0x0000064a, 0x00000632, 0x0000064a,
+	0x00000645, 0x0000064a, 0x00000646, 0x0000064a,
+	0x00000649, 0x0000064a, 0x0000064a, 0x0000064a,
+	0x00000654, 0x0000062c, 0x0000064a, 0x00000654,
+	0x0000062d, 0x0000064a, 0x00000654, 0x0000062e,
+	0x0000064a, 0x00000654, 0x00000645, 0x0000064a,
+	0x00000654, 0x00000647, 0x00000628, 0x0000062c,
+	0x00000628, 0x0000062d, 0x00000628, 0x0000062e,
+	0x00000628, 0x00000645, 0x00000628, 0x00000647,
+	0x0000062a, 0x0000062c, 0x0000062a, 0x0000062d,
+	0x0000062a, 0x0000062e, 0x0000062a, 0x00000645,
+	0x0000062a, 0x00000647, 0x0000062b, 0x00000645,
+	0x0000062c, 0x0000062d, 0x0000062c, 0x00000645,
+	0x0000062d, 0x0000062c, 0x0000062d, 0x00000645,
+	0x0000062e, 0x0000062c, 0x0000062e, 0x00000645,
+	0x00000633, 0x0000062c, 0x00000633, 0x0000062d,
+	0x00000633, 0x0000062e, 0x00000633, 0x00000645,
+	0x00000635, 0x0000062d, 0x00000635, 0x0000062e,
+	0x00000635, 0x00000645, 0x00000636, 0x0000062c,
+	0x00000636, 0x0000062d, 0x00000636, 0x0000062e,
+	0x00000636, 0x00000645, 0x00000637, 0x0000062d,
+	0x00000638, 0x00000645, 0x00000639, 0x0000062c,
+	0x00000639, 0x00000645, 0x0000063a, 0x0000062c,
+	0x0000063a, 0x00000645, 0x00000641, 0x0000062c,
+	0x00000641, 0x0000062d, 0x00000641, 0x0000062e,
+	0x00000641, 0x00000645, 0x00000642, 0x0000062d,
+	0x00000642, 0x00000645, 0x00000643, 0x0000062c,
+	0x00000643, 0x0000062d, 0x00000643, 0x0000062e,
+	0x00000643, 0x00000644, 0x00000643, 0x00000645,
+	0x00000644, 0x0000062c, 0x00000644, 0x0000062d,
+	0x00000644, 0x0000062e, 0x00000644, 0x00000645,
+	0x00000644, 0x00000647, 0x00000645, 0x0000062c,
+	0x00000645, 0x0000062d, 0x00000645, 0x0000062e,
+	0x00000645, 0x00000645, 0x00000646, 0x0000062c,
+	0x00000646, 0x0000062d, 0x00000646, 0x0000062e,
+	0x00000646, 0x00000645, 0x00000646, 0x00000647,
+	0x00000647, 0x0000062c, 0x00000647, 0x00000645,
+	0x00000647, 0x00000670, 0x0000064a, 0x0000062c,
+	0x0000064a, 0x0000062d, 0x0000064a, 0x0000062e,
+	0x0000064a, 0x00000645, 0x0000064a, 0x00000647,
+	0x0000064a, 0x00000654, 0x00000645, 0x0000064a,
+	0x00000654, 0x00000647, 0x00000628, 0x00000645,
+	0x00000628, 0x00000647, 0x0000062a, 0x00000645,
+	0x0000062a, 0x00000647, 0x0000062b, 0x00000645,
+	0x0000062b, 0x00000647, 0x00000633, 0x00000645,
+	0x00000633, 0x00000647, 0x00000634, 0x00000645,
+	0x00000634, 0x00000647, 0x00000643, 0x00000644,
+	0x00000643, 0x00000645, 0x00000644, 0x00000645,
+	0x00000646, 0x00000645, 0x00000646, 0x00000647,
+	0x0000064a, 0x00000645, 0x0000064a, 0x00000647,
+	0x00000640, 0x0000064e, 0x00000651, 0x00000640,
+	0x0000064f, 0x00000651, 0x00000640, 0x00000650,
+	0x00000651, 0x00000637, 0x00000649, 0x00000637,
+	0x0000064a, 0x00000639, 0x00000649, 0x00000639,
+	0x0000064a, 0x0000063a, 0x00000649, 0x0000063a,
+	0x0000064a, 0x00000633, 0x00000649, 0x00000633,
+	0x0000064a, 0x00000634, 0x00000649, 0x00000634,
+	0x0000064a, 0x0000062d, 0x00000649, 0x0000062d,
+	0x0000064a, 0x0000062c, 0x00000649, 0x0000062c,
+	0x0000064a, 0x0000062e, 0x00000649, 0x0000062e,
+	0x0000064a, 0x00000635, 0x00000649, 0x00000635,
+	0x0000064a, 0x00000636, 0x00000649, 0x00000636,
+	0x0000064a, 0x00000634, 0x0000062c, 0x00000634,
+	0x0000062d, 0x00000634, 0x0000062e, 0x00000634,
+	0x00000645, 0x00000634, 0x00000631, 0x00000633,
+	0x00000631, 0x00000635, 0x00000631, 0x00000636,
+	0x00000631, 0x00000637, 0x00000649, 0x00000637,
+	0x0000064a, 0x00000639, 0x00000649, 0x00000639,
+	0x0000064a, 0x0000063a, 0x00000649, 0x0000063a,
+	0x0000064a, 0x00000633, 0x00000649, 0x00000633,
+	0x0000064a, 0x00000634, 0x00000649, 0x00000634,
+	0x0000064a, 0x0000062d, 0x00000649, 0x0000062d,
+	0x0000064a, 0x0000062c, 0x00000649, 0x0000062c,
+	0x0000064a, 0x0000062e, 0x00000649, 0x0000062e,
+	0x0000064a, 0x00000635, 0x00000649, 0x00000635,
+	0x0000064a, 0x00000636, 0x00000649, 0x00000636,
+	0x0000064a, 0x00000634, 0x0000062c, 0x00000634,
+	0x0000062d, 0x00000634, 0x0000062e, 0x00000634,
+	0x00000645, 0x00000634, 0x00000631, 0x00000633,
+	0x00000631, 0x00000635, 0x00000631, 0x00000636,
+	0x00000631, 0x00000634, 0x0000062c, 0x00000634,
+	0x0000062d, 0x00000634, 0x0000062e, 0x00000634,
+	0x00000645, 0x00000633, 0x00000647, 0x00000634,
+	0x00000647, 0x00000637, 0x00000645, 0x00000633,
+	0x0000062c, 0x00000633, 0x0000062d, 0x00000633,
+	0x0000062e, 0x00000634, 0x0000062c, 0x00000634,
+	0x0000062d, 0x00000634, 0x0000062e, 0x00000637,
+	0x00000645, 0x00000638, 0x00000645, 0x00000627,
+	0x0000064b, 0x00000627, 0x0000064b, 0x0000062a,
+	0x0000062c, 0x00000645, 0x0000062a, 0x0000062d,
+	0x0000062c, 0x0000062a, 0x0000062d, 0x0000062c,
+	0x0000062a, 0x0000062d, 0x00000645, 0x0000062a,
+	0x0000062e, 0x00000645, 0x0000062a, 0x00000645,
+	0x0000062c, 0x0000062a, 0x00000645, 0x0000062d,
+	0x0000062a, 0x00000645, 0x0000062e, 0x0000062c,
+	0x00000645, 0x0000062d, 0x0000062c, 0x00000645,
+	0x0000062d, 0x0000062d, 0x00000645, 0x0000064a,
+	0x0000062d, 0x00000645, 0x00000649, 0x00000633,
+	0x0000062d, 0x0000062c, 0x00000633, 0x0000062c,
+	0x0000062d, 0x00000633, 0x0000062c, 0x00000649,
+	0x00000633, 0x00000645, 0x0000062d, 0x00000633,
+	0x00000645, 0x0000062d, 0x00000633, 0x00000645,
+	0x0000062c, 0x00000633, 0x00000645, 0x00000645,
+	0x00000633, 0x00000645, 0x00000645, 0x00000635,
+	0x0000062d, 0x0000062d, 0x00000635, 0x0000062d,
+	0x0000062d, 0x00000635, 0x00000645, 0x00000645,
+	0x00000634, 0x0000062d, 0x00000645, 0x00000634,
+	0x0000062d, 0x00000645, 0x00000634, 0x0000062c,
+	0x0000064a, 0x00000634, 0x00000645, 0x0000062e,
+	0x00000634, 0x00000645, 0x0000062e, 0x00000634,
+	0x00000645, 0x00000645, 0x00000634, 0x00000645,
+	0x00000645, 0x00000636, 0x0000062d, 0x00000649,
+	0x00000636, 0x0000062e, 0x00000645, 0x00000636,
+	0x0000062e, 0x00000645, 0x00000637, 0x00000645,
+	0x0000062d, 0x00000637, 0x00000645, 0x0000062d,
+	0x00000637, 0x00000645, 0x00000645, 0x00000637,
+	0x00000645, 0x0000064a, 0x00000639, 0x0000062c,
+	0x00000645, 0x00000639, 0x00000645, 0x00000645,
+	0x00000639, 0x00000645, 0x00000645, 0x00000639,
+	0x00000645, 0x00000649, 0x0000063a, 0x00000645,
+	0x00000645, 0x0000063a, 0x00000645, 0x0000064a,
+	0x0000063a, 0x00000645, 0x00000649, 0x00000641,
+	0x0000062e, 0x00000645, 0x00000641, 0x0000062e,
+	0x00000645, 0x00000642, 0x00000645, 0x0000062d,
+	0x00000642, 0x00000645, 0x00000645, 0x00000644,
+	0x0000062d, 0x00000645, 0x00000644, 0x0000062d,
+	0x0000064a, 0x00000644, 0x0000062d, 0x00000649,
+	0x00000644, 0x0000062c, 0x0000062c, 0x00000644,
+	0x0000062c, 0x0000062c, 0x00000644, 0x0000062e,
+	0x00000645, 0x00000644, 0x0000062e, 0x00000645,
+	0x00000644, 0x00000645, 0x0000062d, 0x00000644,
+	0x00000645, 0x0000062d, 0x00000645, 0x0000062d,
+	0x0000062c, 0x00000645, 0x0000062d, 0x00000645,
+	0x00000645, 0x0000062d, 0x0000064a, 0x00000645,
+	0x0000062c, 0x0000062d, 0x00000645, 0x0000062c,
+	0x00000645, 0x00000645, 0x0000062e, 0x0000062c,
+	0x00000645, 0x0000062e, 0x00000645, 0x00000645,
+	0x0000062c, 0x0000062e, 0x00000647, 0x00000645,
+	0x0000062c, 0x00000647, 0x00000645, 0x00000645,
+	0x00000646, 0x0000062d, 0x00000645, 0x00000646,
+	0x0000062d, 0x00000649, 0x00000646, 0x0000062c,
+	0x00000645, 0x00000646, 0x0000062c, 0x00000645,
+	0x00000646, 0x0000062c, 0x00000649, 0x00000646,
+	0x00000645, 0x0000064a, 0x00000646, 0x00000645,
+	0x00000649, 0x0000064a, 0x00000645, 0x00000645,
+	0x0000064a, 0x00000645, 0x00000645, 0x00000628,
+	0x0000062e, 0x0000064a, 0x0000062a, 0x0000062c,
+	0x0000064a, 0x0000062a, 0x0000062c, 0x00000649,
+	0x0000062a, 0x0000062e, 0x0000064a, 0x0000062a,
+	0x0000062e, 0x00000649, 0x0000062a, 0x00000645,
+	0x0000064a, 0x0000062a, 0x00000645, 0x00000649,
+	0x0000062c, 0x00000645, 0x0000064a, 0x0000062c,
+	0x0000062d, 0x00000649, 0x0000062c, 0x00000645,
+	0x00000649, 0x00000633, 0x0000062e, 0x00000649,
+	0x00000635, 0x0000062d, 0x0000064a, 0x00000634,
+	0x0000062d, 0x0000064a, 0x00000636, 0x0000062d,
+	0x0000064a, 0x00000644, 0x0000062c, 0x0000064a,
+	0x00000644, 0x00000645, 0x0000064a, 0x0000064a,
+	0x0000062d, 0x0000064a, 0x0000064a, 0x0000062c,
+	0x0000064a, 0x0000064a, 0x00000645, 0x0000064a,
+	0x00000645, 0x00000645, 0x0000064a, 0x00000642,
+	0x00000645, 0x0000064a, 0x00000646, 0x0000062d,
+	0x0000064a, 0x00000642, 0x00000645, 0x0000062d,
+	0x00000644, 0x0000062d, 0x00000645, 0x00000639,
+	0x00000645, 0x0000064a, 0x00000643, 0x00000645,
+	0x0000064a, 0x00000646, 0x0000062c, 0x0000062d,
+	0x00000645, 0x0000062e, 0x0000064a, 0x00000644,
+	0x0000062c, 0x00000645, 0x00000643, 0x00000645,
+	0x00000645, 0x00000644, 0x0000062c, 0x00000645,
+	0x00000646, 0x0000062c, 0x0000062d, 0x0000062c,
+	0x0000062d, 0x0000064a, 0x0000062d, 0x0000062c,
+	0x0000064a, 0x00000645, 0x0000062c, 0x0000064a,
+	0x00000641, 0x00000645, 0x0000064a, 0x00000628,
+	0x0000062d, 0x0000064a, 0x00000643, 0x00000645,
+	0x00000645, 0x00000639, 0x0000062c, 0x00000645,
+	0x00000635, 0x00000645, 0x00000645, 0x00000633,
+	0x0000062e, 0x0000064a, 0x00000646, 0x0000062c,
+	0x0000064a, 0x00000635, 0x00000644, 0x000006d2,
+	0x00000642, 0x00000644, 0x000006d2, 0x00000627,
+	0x00000644, 0x00000644, 0x00000647, 0x00000627,
+	0x00000643, 0x00000628, 0x00000631, 0x00000645,
+	0x0000062d, 0x00000645, 0x0000062f, 0x00000635,
+	0x00000644, 0x00000639, 0x00000645, 0x00000631,
+	0x00000633, 0x00000648, 0x00000644, 0x00000639,
+	0x00000644, 0x0000064a, 0x00000647, 0x00000648,
+	0x00000633, 0x00000644, 0x00000645, 0x00000635,
+	0x00000644, 0x00000649, 0x00000635, 0x00000644,
+	0x00000649, 0x00000020, 0x00000627, 0x00000644,
+	0x00000644, 0x00000647, 0x00000020, 0x00000639,
+	0x00000644, 0x0000064a, 0x00000647, 0x00000020,
+	0x00000648, 0x00000633, 0x00000644, 0x00000645,
+	0x0000062c, 0x00000644, 0x00000020, 0x0000062c,
+	0x00000644, 0x00000627, 0x00000644, 0x00000647,
+	0x00000631, 0x000006cc, 0x00000627, 0x00000644,
+	0x0000002e, 0x0000002e, 0x00002014, 0x00002013,
+	0x0000005f, 0x0000005f, 0x00000028, 0x00000029,
+	0x0000007b, 0x0000007d, 0x00003014, 0x00003015,
+	0x00003010, 0x00003011, 0x0000300a, 0x0000300b,
+	0x00003008, 0x00003009, 0x0000300c, 0x0000300d,
+	0x0000300e, 0x0000300f, 0x00000020, 0x00000305,
+	0x00000020, 0x00000305, 0x00000020, 0x00000305,
+	0x00000020, 0x00000305, 0x0000005f, 0x0000005f,
+	0x0000005f, 0x0000002c, 0x00003001, 0x0000002e,
+	0x0000003b, 0x0000003a, 0x0000003f, 0x00000021,
+	0x00002014, 0x00000028, 0x00000029, 0x0000007b,
+	0x0000007d, 0x00003014, 0x00003015, 0x00000023,
+	0x00000026, 0x0000002a, 0x0000002b, 0x0000002d,
+	0x0000003c, 0x0000003e, 0x0000003d, 0x0000005c,
+	0x00000024, 0x00000025, 0x00000040, 0x00000020,
+	0x0000064b, 0x00000640, 0x0000064b, 0x00000020,
+	0x0000064c, 0x00000020, 0x0000064d, 0x00000020,
+	0x0000064e, 0x00000640, 0x0000064e, 0x00000020,
+	0x0000064f, 0x00000640, 0x0000064f, 0x00000020,
+	0x00000650, 0x00000640, 0x00000650, 0x00000020,
+	0x00000651, 0x00000640, 0x00000651, 0x00000020,
+	0x00000652, 0x00000640, 0x00000652, 0x00000621,
+	0x00000627, 0x00000653, 0x00000627, 0x00000653,
+	0x00000627, 0x00000654, 0x00000627, 0x00000654,
+	0x00000648, 0x00000654, 0x00000648, 0x00000654,
+	0x00000627, 0x00000655, 0x00000627, 0x00000655,
+	0x0000064a, 0x00000654, 0x0000064a, 0x00000654,
+	0x0000064a, 0x00000654, 0x0000064a, 0x00000654,
+	0x00000627, 0x00000627, 0x00000628, 0x00000628,
+	0x00000628, 0x00000628, 0x00000629, 0x00000629,
+	0x0000062a, 0x0000062a, 0x0000062a, 0x0000062a,
+	0x0000062b, 0x0000062b, 0x0000062b, 0x0000062b,
+	0x0000062c, 0x0000062c, 0x0000062c, 0x0000062c,
+	0x0000062d, 0x0000062d, 0x0000062d, 0x0000062d,
+	0x0000062e, 0x0000062e, 0x0000062e, 0x0000062e,
+	0x0000062f, 0x0000062f, 0x00000630, 0x00000630,
+	0x00000631, 0x00000631, 0x00000632, 0x00000632,
+	0x00000633, 0x00000633, 0x00000633, 0x00000633,
+	0x00000634, 0x00000634, 0x00000634, 0x00000634,
+	0x00000635, 0x00000635, 0x00000635, 0x00000635,
+	0x00000636, 0x00000636, 0x00000636, 0x00000636,
+	0x00000637, 0x00000637, 0x00000637, 0x00000637,
+	0x00000638, 0x00000638, 0x00000638, 0x00000638,
+	0x00000639, 0x00000639, 0x00000639, 0x00000639,
+	0x0000063a, 0x0000063a, 0x0000063a, 0x0000063a,
+	0x00000641, 0x00000641, 0x00000641, 0x00000641,
+	0x00000642, 0x00000642, 0x00000642, 0x00000642,
+	0x00000643, 0x00000643, 0x00000643, 0x00000643,
+	0x00000644, 0x00000644, 0x00000644, 0x00000644,
+	0x00000645, 0x00000645, 0x00000645, 0x00000645,
+	0x00000646, 0x00000646, 0x00000646, 0x00000646,
+	0x00000647, 0x00000647, 0x00000647, 0x00000647,
+	0x00000648, 0x00000648, 0x00000649, 0x00000649,
+	0x0000064a, 0x0000064a, 0x0000064a, 0x0000064a,
+	0x00000644, 0x00000627, 0x00000653, 0x00000644,
+	0x00000627, 0x00000653, 0x00000644, 0x00000627,
+	0x00000654, 0x00000644, 0x00000627, 0x00000654,
+	0x00000644, 0x00000627, 0x00000655, 0x00000644,
+	0x00000627, 0x00000655, 0x00000644, 0x00000627,
+	0x00000644, 0x00000627, 0x00000021, 0x00000022,
+	0x00000023, 0x00000024, 0x00000025, 0x00000026,
+	0x00000027, 0x00000028, 0x00000029, 0x0000002a,
+	0x0000002b, 0x0000002c, 0x0000002d, 0x0000002e,
+	0x0000002f, 0x00000030, 0x00000031, 0x00000032,
+	0x00000033, 0x00000034, 0x00000035, 0x00000036,
+	0x00000037, 0x00000038, 0x00000039, 0x0000003a,
+	0x0000003b, 0x0000003c, 0x0000003d, 0x0000003e,
+	0x0000003f, 0x00000040, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x0000005b, 0x0000005c, 0x0000005d, 0x0000005e,
+	0x0000005f, 0x00000060, 0x00000061, 0x00000062,
+	0x00000063, 0x00000064, 0x00000065, 0x00000066,
+	0x00000067, 0x00000068, 0x00000069, 0x0000006a,
+	0x0000006b, 0x0000006c, 0x0000006d, 0x0000006e,
+	0x0000006f, 0x00000070, 0x00000071, 0x00000072,
+	0x00000073, 0x00000074, 0x00000075, 0x00000076,
+	0x00000077, 0x00000078, 0x00000079, 0x0000007a,
+	0x0000007b, 0x0000007c, 0x0000007d, 0x0000007e,
+	0x00002985, 0x00002986, 0x00003002, 0x0000300c,
+	0x0000300d, 0x00003001, 0x000030fb, 0x000030f2,
+	0x000030a1, 0x000030a3, 0x000030a5, 0x000030a7,
+	0x000030a9, 0x000030e3, 0x000030e5, 0x000030e7,
+	0x000030c3, 0x000030fc, 0x000030a2, 0x000030a4,
+	0x000030a6, 0x000030a8, 0x000030aa, 0x000030ab,
+	0x000030ad, 0x000030af, 0x000030b1, 0x000030b3,
+	0x000030b5, 0x000030b7, 0x000030b9, 0x000030bb,
+	0x000030bd, 0x000030bf, 0x000030c1, 0x000030c4,
+	0x000030c6, 0x000030c8, 0x000030ca, 0x000030cb,
+	0x000030cc, 0x000030cd, 0x000030ce, 0x000030cf,
+	0x000030d2, 0x000030d5, 0x000030d8, 0x000030db,
+	0x000030de, 0x000030df, 0x000030e0, 0x000030e1,
+	0x000030e2, 0x000030e4, 0x000030e6, 0x000030e8,
+	0x000030e9, 0x000030ea, 0x000030eb, 0x000030ec,
+	0x000030ed, 0x000030ef, 0x000030f3, 0x00003099,
+	0x0000309a, 0x00001160, 0x00001100, 0x00001101,
+	0x000011aa, 0x00001102, 0x000011ac, 0x000011ad,
+	0x00001103, 0x00001104, 0x00001105, 0x000011b0,
+	0x000011b1, 0x000011b2, 0x000011b3, 0x000011b4,
+	0x000011b5, 0x0000111a, 0x00001106, 0x00001107,
+	0x00001108, 0x00001121, 0x00001109, 0x0000110a,
+	0x0000110b, 0x0000110c, 0x0000110d, 0x0000110e,
+	0x0000110f, 0x00001110, 0x00001111, 0x00001112,
+	0x00001161, 0x00001162, 0x00001163, 0x00001164,
+	0x00001165, 0x00001166, 0x00001167, 0x00001168,
+	0x00001169, 0x0000116a, 0x0000116b, 0x0000116c,
+	0x0000116d, 0x0000116e, 0x0000116f, 0x00001170,
+	0x00001171, 0x00001172, 0x00001173, 0x00001174,
+	0x00001175, 0x000000a2, 0x000000a3, 0x000000ac,
+	0x00000020, 0x00000304, 0x000000a6, 0x000000a5,
+	0x000020a9, 0x00002502, 0x00002190, 0x00002191,
+	0x00002192, 0x00002193, 0x000025a0, 0x000025cb,
+	0x0001d157, 0x0001d165, 0x0001d158, 0x0001d165,
+	0x0001d158, 0x0001d165, 0x0001d16e, 0x0001d158,
+	0x0001d165, 0x0001d16f, 0x0001d158, 0x0001d165,
+	0x0001d170, 0x0001d158, 0x0001d165, 0x0001d171,
+	0x0001d158, 0x0001d165, 0x0001d172, 0x0001d1b9,
+	0x0001d165, 0x0001d1ba, 0x0001d165, 0x0001d1b9,
+	0x0001d165, 0x0001d16e, 0x0001d1ba, 0x0001d165,
+	0x0001d16e, 0x0001d1b9, 0x0001d165, 0x0001d16f,
+	0x0001d1ba, 0x0001d165, 0x0001d16f, 0x00000041,
+	0x00000042, 0x00000043, 0x00000044, 0x00000045,
+	0x00000046, 0x00000047, 0x00000048, 0x00000049,
+	0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+	0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+	0x00000052, 0x00000053, 0x00000054, 0x00000055,
+	0x00000056, 0x00000057, 0x00000058, 0x00000059,
+	0x0000005a, 0x00000061, 0x00000062, 0x00000063,
+	0x00000064, 0x00000065, 0x00000066, 0x00000067,
+	0x00000068, 0x00000069, 0x0000006a, 0x0000006b,
+	0x0000006c, 0x0000006d, 0x0000006e, 0x0000006f,
+	0x00000070, 0x00000071, 0x00000072, 0x00000073,
+	0x00000074, 0x00000075, 0x00000076, 0x00000077,
+	0x00000078, 0x00000079, 0x0000007a, 0x00000041,
+	0x00000042, 0x00000043, 0x00000044, 0x00000045,
+	0x00000046, 0x00000047, 0x00000048, 0x00000049,
+	0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+	0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+	0x00000052, 0x00000053, 0x00000054, 0x00000055,
+	0x00000056, 0x00000057, 0x00000058, 0x00000059,
+	0x0000005a, 0x00000061, 0x00000062, 0x00000063,
+	0x00000064, 0x00000065, 0x00000066, 0x00000067,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000043,
+	0x00000044, 0x00000047, 0x0000004a, 0x0000004b,
+	0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000066, 0x00000068, 0x00000069, 0x0000006a,
+	0x0000006b, 0x0000006d, 0x0000006e, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000044, 0x00000045, 0x00000046, 0x00000047,
+	0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+	0x0000004e, 0x0000004f, 0x00000050, 0x00000051,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x00000061,
+	0x00000062, 0x00000063, 0x00000064, 0x00000065,
+	0x00000066, 0x00000067, 0x00000068, 0x00000069,
+	0x0000006a, 0x0000006b, 0x0000006c, 0x0000006d,
+	0x0000006e, 0x0000006f, 0x00000070, 0x00000071,
+	0x00000072, 0x00000073, 0x00000074, 0x00000075,
+	0x00000076, 0x00000077, 0x00000078, 0x00000079,
+	0x0000007a, 0x00000041, 0x00000042, 0x00000044,
+	0x00000045, 0x00000046, 0x00000047, 0x00000049,
+	0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d,
+	0x0000004f, 0x00000053, 0x00000054, 0x00000055,
+	0x00000056, 0x00000057, 0x00000058, 0x00000059,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000041, 0x00000042,
+	0x00000043, 0x00000044, 0x00000045, 0x00000046,
+	0x00000047, 0x00000048, 0x00000049, 0x0000004a,
+	0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e,
+	0x0000004f, 0x00000050, 0x00000051, 0x00000052,
+	0x00000053, 0x00000054, 0x00000055, 0x00000056,
+	0x00000057, 0x00000058, 0x00000059, 0x0000005a,
+	0x00000061, 0x00000062, 0x00000063, 0x00000064,
+	0x00000065, 0x00000066, 0x00000067, 0x00000068,
+	0x00000069, 0x0000006a, 0x0000006b, 0x0000006c,
+	0x0000006d, 0x0000006e, 0x0000006f, 0x00000070,
+	0x00000071, 0x00000072, 0x00000073, 0x00000074,
+	0x00000075, 0x00000076, 0x00000077, 0x00000078,
+	0x00000079, 0x0000007a, 0x00000391, 0x00000392,
+	0x00000393, 0x00000394, 0x00000395, 0x00000396,
+	0x00000397, 0x00000398, 0x00000399, 0x0000039a,
+	0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e,
+	0x0000039f, 0x000003a0, 0x000003a1, 0x00000398,
+	0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6,
+	0x000003a7, 0x000003a8, 0x000003a9, 0x00002207,
+	0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4,
+	0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8,
+	0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc,
+	0x000003bd, 0x000003be, 0x000003bf, 0x000003c0,
+	0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4,
+	0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8,
+	0x000003c9, 0x00002202, 0x000003b5, 0x000003b8,
+	0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0,
+	0x00000391, 0x00000392, 0x00000393, 0x00000394,
+	0x00000395, 0x00000396, 0x00000397, 0x00000398,
+	0x00000399, 0x0000039a, 0x0000039b, 0x0000039c,
+	0x0000039d, 0x0000039e, 0x0000039f, 0x000003a0,
+	0x000003a1, 0x00000398, 0x000003a3, 0x000003a4,
+	0x000003a5, 0x000003a6, 0x000003a7, 0x000003a8,
+	0x000003a9, 0x00002207, 0x000003b1, 0x000003b2,
+	0x000003b3, 0x000003b4, 0x000003b5, 0x000003b6,
+	0x000003b7, 0x000003b8, 0x000003b9, 0x000003ba,
+	0x000003bb, 0x000003bc, 0x000003bd, 0x000003be,
+	0x000003bf, 0x000003c0, 0x000003c1, 0x000003c2,
+	0x000003c3, 0x000003c4, 0x000003c5, 0x000003c6,
+	0x000003c7, 0x000003c8, 0x000003c9, 0x00002202,
+	0x000003b5, 0x000003b8, 0x000003ba, 0x000003c6,
+	0x000003c1, 0x000003c0, 0x00000391, 0x00000392,
+	0x00000393, 0x00000394, 0x00000395, 0x00000396,
+	0x00000397, 0x00000398, 0x00000399, 0x0000039a,
+	0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e,
+	0x0000039f, 0x000003a0, 0x000003a1, 0x00000398,
+	0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6,
+	0x000003a7, 0x000003a8, 0x000003a9, 0x00002207,
+	0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4,
+	0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8,
+	0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc,
+	0x000003bd, 0x000003be, 0x000003bf, 0x000003c0,
+	0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4,
+	0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8,
+	0x000003c9, 0x00002202, 0x000003b5, 0x000003b8,
+	0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0,
+	0x00000391, 0x00000392, 0x00000393, 0x00000394,
+	0x00000395, 0x00000396, 0x00000397, 0x00000398,
+	0x00000399, 0x0000039a, 0x0000039b, 0x0000039c,
+	0x0000039d, 0x0000039e, 0x0000039f, 0x000003a0,
+	0x000003a1, 0x00000398, 0x000003a3, 0x000003a4,
+	0x000003a5, 0x000003a6, 0x000003a7, 0x000003a8,
+	0x000003a9, 0x00002207, 0x000003b1, 0x000003b2,
+	0x000003b3, 0x000003b4, 0x000003b5, 0x000003b6,
+	0x000003b7, 0x000003b8, 0x000003b9, 0x000003ba,
+	0x000003bb, 0x000003bc, 0x000003bd, 0x000003be,
+	0x000003bf, 0x000003c0, 0x000003c1, 0x000003c2,
+	0x000003c3, 0x000003c4, 0x000003c5, 0x000003c6,
+	0x000003c7, 0x000003c8, 0x000003c9, 0x00002202,
+	0x000003b5, 0x000003b8, 0x000003ba, 0x000003c6,
+	0x000003c1, 0x000003c0, 0x00000391, 0x00000392,
+	0x00000393, 0x00000394, 0x00000395, 0x00000396,
+	0x00000397, 0x00000398, 0x00000399, 0x0000039a,
+	0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e,
+	0x0000039f, 0x000003a0, 0x000003a1, 0x00000398,
+	0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6,
+	0x000003a7, 0x000003a8, 0x000003a9, 0x00002207,
+	0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4,
+	0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8,
+	0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc,
+	0x000003bd, 0x000003be, 0x000003bf, 0x000003c0,
+	0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4,
+	0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8,
+	0x000003c9, 0x00002202, 0x000003b5, 0x000003b8,
+	0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0,
+	0x00000030, 0x00000031, 0x00000032, 0x00000033,
+	0x00000034, 0x00000035, 0x00000036, 0x00000037,
+	0x00000038, 0x00000039, 0x00000030, 0x00000031,
+	0x00000032, 0x00000033, 0x00000034, 0x00000035,
+	0x00000036, 0x00000037, 0x00000038, 0x00000039,
+	0x00000030, 0x00000031, 0x00000032, 0x00000033,
+	0x00000034, 0x00000035, 0x00000036, 0x00000037,
+	0x00000038, 0x00000039, 0x00000030, 0x00000031,
+	0x00000032, 0x00000033, 0x00000034, 0x00000035,
+	0x00000036, 0x00000037, 0x00000038, 0x00000039,
+	0x00000030, 0x00000031, 0x00000032, 0x00000033,
+	0x00000034, 0x00000035, 0x00000036, 0x00000037,
+	0x00000038, 0x00000039, 0x00004e3d, 0x00004e38,
+	0x00004e41, 0x00020122, 0x00004f60, 0x00004fae,
+	0x00004fbb, 0x00005002, 0x0000507a, 0x00005099,
+	0x000050e7, 0x000050cf, 0x0000349e, 0x0002063a,
+	0x0000514d, 0x00005154, 0x00005164, 0x00005177,
+	0x0002051c, 0x000034b9, 0x00005167, 0x0000518d,
+	0x0002054b, 0x00005197, 0x000051a4, 0x00004ecc,
+	0x000051ac, 0x000051b5, 0x000291df, 0x000051f5,
+	0x00005203, 0x000034df, 0x0000523b, 0x00005246,
+	0x00005272, 0x00005277, 0x00003515, 0x000052c7,
+	0x000052c9, 0x000052e4, 0x000052fa, 0x00005305,
+	0x00005306, 0x00005317, 0x00005349, 0x00005351,
+	0x0000535a, 0x00005373, 0x0000537d, 0x0000537f,
+	0x0000537f, 0x0000537f, 0x00020a2c, 0x00007070,
+	0x000053ca, 0x000053df, 0x00020b63, 0x000053eb,
+	0x000053f1, 0x00005406, 0x0000549e, 0x00005438,
+	0x00005448, 0x00005468, 0x000054a2, 0x000054f6,
+	0x00005510, 0x00005553, 0x00005563, 0x00005584,
+	0x00005584, 0x00005599, 0x000055ab, 0x000055b3,
+	0x000055c2, 0x00005716, 0x00005606, 0x00005717,
+	0x00005651, 0x00005674, 0x00005207, 0x000058ee,
+	0x000057ce, 0x000057f4, 0x0000580d, 0x0000578b,
+	0x00005832, 0x00005831, 0x000058ac, 0x000214e4,
+	0x000058f2, 0x000058f7, 0x00005906, 0x0000591a,
+	0x00005922, 0x00005962, 0x000216a8, 0x000216ea,
+	0x000059ec, 0x00005a1b, 0x00005a27, 0x000059d8,
+	0x00005a66, 0x000036ee, 0x0002136a, 0x00005b08,
+	0x00005b3e, 0x00005b3e, 0x000219c8, 0x00005bc3,
+	0x00005bd8, 0x00005be7, 0x00005bf3, 0x00021b18,
+	0x00005bff, 0x00005c06, 0x00005f33, 0x00005c22,
+	0x00003781, 0x00005c60, 0x00005c6e, 0x00005cc0,
+	0x00005c8d, 0x00021de4, 0x00005d43, 0x00021de6,
+	0x00005d6e, 0x00005d6b, 0x00005d7c, 0x00005de1,
+	0x00005de2, 0x0000382f, 0x00005dfd, 0x00005e28,
+	0x00005e3d, 0x00005e69, 0x00003862, 0x00022183,
+	0x0000387c, 0x00005eb0, 0x00005eb3, 0x00005eb6,
+	0x00005eca, 0x0002a392, 0x00005efe, 0x00022331,
+	0x00022331, 0x00008201, 0x00005f22, 0x00005f22,
+	0x000038c7, 0x000232b8, 0x000261da, 0x00005f62,
+	0x00005f6b, 0x000038e3, 0x00005f9a, 0x00005fcd,
+	0x00005fd7, 0x00005ff9, 0x00006081, 0x0000393a,
+	0x0000391c, 0x00006094, 0x000226d4, 0x000060c7,
+	0x00006148, 0x0000614c, 0x0000614e, 0x0000614c,
+	0x0000617a, 0x0000618e, 0x000061b2, 0x000061a4,
+	0x000061af, 0x000061de, 0x000061f2, 0x000061f6,
+	0x00006210, 0x0000621b, 0x0000625d, 0x000062b1,
+	0x000062d4, 0x00006350, 0x00022b0c, 0x0000633d,
+	0x000062fc, 0x00006368, 0x00006383, 0x000063e4,
+	0x00022bf1, 0x00006422, 0x000063c5, 0x000063a9,
+	0x00003a2e, 0x00006469, 0x0000647e, 0x0000649d,
+	0x00006477, 0x00003a6c, 0x0000654f, 0x0000656c,
+	0x0002300a, 0x000065e3, 0x000066f8, 0x00006649,
+	0x00003b19, 0x00006691, 0x00003b08, 0x00003ae4,
+	0x00005192, 0x00005195, 0x00006700, 0x0000669c,
+	0x000080ad, 0x000043d9, 0x00006717, 0x0000671b,
+	0x00006721, 0x0000675e, 0x00006753, 0x000233c3,
+	0x00003b49, 0x000067fa, 0x00006785, 0x00006852,
+	0x00006885, 0x0002346d, 0x0000688e, 0x0000681f,
+	0x00006914, 0x00003b9d, 0x00006942, 0x000069a3,
+	0x000069ea, 0x00006aa8, 0x000236a3, 0x00006adb,
+	0x00003c18, 0x00006b21, 0x000238a7, 0x00006b54,
+	0x00003c4e, 0x00006b72, 0x00006b9f, 0x00006bba,
+	0x00006bbb, 0x00023a8d, 0x00021d0b, 0x00023afa,
+	0x00006c4e, 0x00023cbc, 0x00006cbf, 0x00006ccd,
+	0x00006c67, 0x00006d16, 0x00006d3e, 0x00006d77,
+	0x00006d41, 0x00006d69, 0x00006d78, 0x00006d85,
+	0x00023d1e, 0x00006d34, 0x00006e2f, 0x00006e6e,
+	0x00003d33, 0x00006ecb, 0x00006ec7, 0x00023ed1,
+	0x00006df9, 0x00006f6e, 0x00023f5e, 0x00023f8e,
+	0x00006fc6, 0x00007039, 0x0000701e, 0x0000701b,
+	0x00003d96, 0x0000704a, 0x0000707d, 0x00007077,
+	0x000070ad, 0x00020525, 0x00007145, 0x00024263,
+	0x0000719c, 0x000043ab, 0x00007228, 0x00007235,
+	0x00007250, 0x00024608, 0x00007280, 0x00007295,
+	0x00024735, 0x00024814, 0x0000737a, 0x0000738b,
+	0x00003eac, 0x000073a5, 0x00003eb8, 0x00003eb8,
+	0x00007447, 0x0000745c, 0x00007471, 0x00007485,
+	0x000074ca, 0x00003f1b, 0x00007524, 0x00024c36,
+	0x0000753e, 0x00024c92, 0x00007570, 0x0002219f,
+	0x00007610, 0x00024fa1, 0x00024fb8, 0x00025044,
+	0x00003ffc, 0x00004008, 0x000076f4, 0x000250f3,
+	0x000250f2, 0x00025119, 0x00025133, 0x0000771e,
+	0x0000771f, 0x0000771f, 0x0000774a, 0x00004039,
+	0x0000778b, 0x00004046, 0x00004096, 0x0002541d,
+	0x0000784e, 0x0000788c, 0x000078cc, 0x000040e3,
+	0x00025626, 0x00007956, 0x0002569a, 0x000256c5,
+	0x0000798f, 0x000079eb, 0x0000412f, 0x00007a40,
+	0x00007a4a, 0x00007a4f, 0x0002597c, 0x00025aa7,
+	0x00025aa7, 0x00007aae, 0x00004202, 0x00025bab,
+	0x00007bc6, 0x00007bc9, 0x00004227, 0x00025c80,
+	0x00007cd2, 0x000042a0, 0x00007ce8, 0x00007ce3,
+	0x00007d00, 0x00025f86, 0x00007d63, 0x00004301,
+	0x00007dc7, 0x00007e02, 0x00007e45, 0x00004334,
+	0x00026228, 0x00026247, 0x00004359, 0x000262d9,
+	0x00007f7a, 0x0002633e, 0x00007f95, 0x00007ffa,
+	0x00008005, 0x000264da, 0x00026523, 0x00008060,
+	0x000265a8, 0x00008070, 0x0002335f, 0x000043d5,
+	0x000080b2, 0x00008103, 0x0000440b, 0x0000813e,
+	0x00005ab5, 0x000267a7, 0x000267b5, 0x00023393,
+	0x0002339c, 0x00008201, 0x00008204, 0x00008f9e,
+	0x0000446b, 0x00008291, 0x0000828b, 0x0000829d,
+	0x000052b3, 0x000082b1, 0x000082b3, 0x000082bd,
+	0x000082e6, 0x00026b3c, 0x000082e5, 0x0000831d,
+	0x00008363, 0x000083ad, 0x00008323, 0x000083bd,
+	0x000083e7, 0x00008457, 0x00008353, 0x000083ca,
+	0x000083cc, 0x000083dc, 0x00026c36, 0x00026d6b,
+	0x00026cd5, 0x0000452b, 0x000084f1, 0x000084f3,
+	0x00008516, 0x000273ca, 0x00008564, 0x00026f2c,
+	0x0000455d, 0x00004561, 0x00026fb1, 0x000270d2,
+	0x0000456b, 0x00008650, 0x0000865c, 0x00008667,
+	0x00008669, 0x000086a9, 0x00008688, 0x0000870e,
+	0x000086e2, 0x00008779, 0x00008728, 0x0000876b,
+	0x00008786, 0x00004d57, 0x000087e1, 0x00008801,
+	0x000045f9, 0x00008860, 0x00008863, 0x00027667,
+	0x000088d7, 0x000088de, 0x00004635, 0x000088fa,
+	0x000034bb, 0x000278ae, 0x00027966, 0x000046be,
+	0x000046c7, 0x00008aa0, 0x00008aed, 0x00008b8a,
+	0x00008c55, 0x00027ca8, 0x00008cab, 0x00008cc1,
+	0x00008d1b, 0x00008d77, 0x00027f2f, 0x00020804,
+	0x00008dcb, 0x00008dbc, 0x00008df0, 0x000208de,
+	0x00008ed4, 0x00008f38, 0x000285d2, 0x000285ed,
+	0x00009094, 0x000090f1, 0x00009111, 0x0002872e,
+	0x0000911b, 0x00009238, 0x000092d7, 0x000092d8,
+	0x0000927c, 0x000093f9, 0x00009415, 0x00028bfa,
+	0x0000958b, 0x00004995, 0x000095b7, 0x00028d77,
+	0x000049e6, 0x000096c3, 0x00005db2, 0x00009723,
+	0x00029145, 0x0002921a, 0x00004a6e, 0x00004a76,
+	0x000097e0, 0x0002940a, 0x00004ab2, 0x00029496,
+	0x0000980b, 0x0000980b, 0x00009829, 0x000295b6,
+	0x000098e2, 0x00004b33, 0x00009929, 0x000099a7,
+	0x000099c2, 0x000099fe, 0x00004bce, 0x00029b30,
+	0x00009b12, 0x00009c40, 0x00009cfd, 0x00004cce,
+	0x00004ced, 0x00009d67, 0x0002a0ce, 0x00004cf8,
+	0x0002a105, 0x0002a20e, 0x0002a291, 0x00009ebb,
+	0x00004d56, 0x00009ef9, 0x00009efe, 0x00009f05,
+	0x00009f0f, 0x00009f16, 0x00009f3b, 0x0002a600
+};
+
+static const krb5_ui_4 _uccmcl_size = 489;
+
+static const krb5_ui_4 _uccmcl_nodes[] = {
+	0x00000300, 0x00000314, 0x000000e6, 0x00000315,
+	0x00000315, 0x000000e8, 0x00000316, 0x00000319,
+	0x000000dc, 0x0000031a, 0x0000031a, 0x000000e8,
+	0x0000031b, 0x0000031b, 0x000000d8, 0x0000031c,
+	0x00000320, 0x000000dc, 0x00000321, 0x00000322,
+	0x000000ca, 0x00000323, 0x00000326, 0x000000dc,
+	0x00000327, 0x00000328, 0x000000ca, 0x00000329,
+	0x00000333, 0x000000dc, 0x00000334, 0x00000338,
+	0x00000001, 0x00000339, 0x0000033c, 0x000000dc,
+	0x0000033d, 0x00000344, 0x000000e6, 0x00000345,
+	0x00000345, 0x000000f0, 0x00000346, 0x00000346,
+	0x000000e6, 0x00000347, 0x00000349, 0x000000dc,
+	0x0000034a, 0x0000034c, 0x000000e6, 0x0000034d,
+	0x0000034e, 0x000000dc, 0x00000360, 0x00000361,
+	0x000000ea, 0x00000362, 0x00000362, 0x000000e9,
+	0x00000363, 0x0000036f, 0x000000e6, 0x00000483,
+	0x00000486, 0x000000e6, 0x00000591, 0x00000591,
+	0x000000dc, 0x00000592, 0x00000595, 0x000000e6,
+	0x00000596, 0x00000596, 0x000000dc, 0x00000597,
+	0x00000599, 0x000000e6, 0x0000059a, 0x0000059a,
+	0x000000de, 0x0000059b, 0x0000059b, 0x000000dc,
+	0x0000059c, 0x000005a1, 0x000000e6, 0x000005a3,
+	0x000005a7, 0x000000dc, 0x000005a8, 0x000005a9,
+	0x000000e6, 0x000005aa, 0x000005aa, 0x000000dc,
+	0x000005ab, 0x000005ac, 0x000000e6, 0x000005ad,
+	0x000005ad, 0x000000de, 0x000005ae, 0x000005ae,
+	0x000000e4, 0x000005af, 0x000005af, 0x000000e6,
+	0x000005b0, 0x000005b0, 0x0000000a, 0x000005b1,
+	0x000005b1, 0x0000000b, 0x000005b2, 0x000005b2,
+	0x0000000c, 0x000005b3, 0x000005b3, 0x0000000d,
+	0x000005b4, 0x000005b4, 0x0000000e, 0x000005b5,
+	0x000005b5, 0x0000000f, 0x000005b6, 0x000005b6,
+	0x00000010, 0x000005b7, 0x000005b7, 0x00000011,
+	0x000005b8, 0x000005b8, 0x00000012, 0x000005b9,
+	0x000005b9, 0x00000013, 0x000005bb, 0x000005bb,
+	0x00000014, 0x000005bc, 0x000005bc, 0x00000015,
+	0x000005bd, 0x000005bd, 0x00000016, 0x000005bf,
+	0x000005bf, 0x00000017, 0x000005c1, 0x000005c1,
+	0x00000018, 0x000005c2, 0x000005c2, 0x00000019,
+	0x000005c4, 0x000005c4, 0x000000e6, 0x0000064b,
+	0x0000064b, 0x0000001b, 0x0000064c, 0x0000064c,
+	0x0000001c, 0x0000064d, 0x0000064d, 0x0000001d,
+	0x0000064e, 0x0000064e, 0x0000001e, 0x0000064f,
+	0x0000064f, 0x0000001f, 0x00000650, 0x00000650,
+	0x00000020, 0x00000651, 0x00000651, 0x00000021,
+	0x00000652, 0x00000652, 0x00000022, 0x00000653,
+	0x00000654, 0x000000e6, 0x00000655, 0x00000655,
+	0x000000dc, 0x00000670, 0x00000670, 0x00000023,
+	0x000006d6, 0x000006dc, 0x000000e6, 0x000006df,
+	0x000006e2, 0x000000e6, 0x000006e3, 0x000006e3,
+	0x000000dc, 0x000006e4, 0x000006e4, 0x000000e6,
+	0x000006e7, 0x000006e8, 0x000000e6, 0x000006ea,
+	0x000006ea, 0x000000dc, 0x000006eb, 0x000006ec,
+	0x000000e6, 0x000006ed, 0x000006ed, 0x000000dc,
+	0x00000711, 0x00000711, 0x00000024, 0x00000730,
+	0x00000730, 0x000000e6, 0x00000731, 0x00000731,
+	0x000000dc, 0x00000732, 0x00000733, 0x000000e6,
+	0x00000734, 0x00000734, 0x000000dc, 0x00000735,
+	0x00000736, 0x000000e6, 0x00000737, 0x00000739,
+	0x000000dc, 0x0000073a, 0x0000073a, 0x000000e6,
+	0x0000073b, 0x0000073c, 0x000000dc, 0x0000073d,
+	0x0000073d, 0x000000e6, 0x0000073e, 0x0000073e,
+	0x000000dc, 0x0000073f, 0x00000741, 0x000000e6,
+	0x00000742, 0x00000742, 0x000000dc, 0x00000743,
+	0x00000743, 0x000000e6, 0x00000744, 0x00000744,
+	0x000000dc, 0x00000745, 0x00000745, 0x000000e6,
+	0x00000746, 0x00000746, 0x000000dc, 0x00000747,
+	0x00000747, 0x000000e6, 0x00000748, 0x00000748,
+	0x000000dc, 0x00000749, 0x0000074a, 0x000000e6,
+	0x0000093c, 0x0000093c, 0x00000007, 0x0000094d,
+	0x0000094d, 0x00000009, 0x00000951, 0x00000951,
+	0x000000e6, 0x00000952, 0x00000952, 0x000000dc,
+	0x00000953, 0x00000954, 0x000000e6, 0x000009bc,
+	0x000009bc, 0x00000007, 0x000009cd, 0x000009cd,
+	0x00000009, 0x00000a3c, 0x00000a3c, 0x00000007,
+	0x00000a4d, 0x00000a4d, 0x00000009, 0x00000abc,
+	0x00000abc, 0x00000007, 0x00000acd, 0x00000acd,
+	0x00000009, 0x00000b3c, 0x00000b3c, 0x00000007,
+	0x00000b4d, 0x00000b4d, 0x00000009, 0x00000bcd,
+	0x00000bcd, 0x00000009, 0x00000c4d, 0x00000c4d,
+	0x00000009, 0x00000c55, 0x00000c55, 0x00000054,
+	0x00000c56, 0x00000c56, 0x0000005b, 0x00000ccd,
+	0x00000ccd, 0x00000009, 0x00000d4d, 0x00000d4d,
+	0x00000009, 0x00000dca, 0x00000dca, 0x00000009,
+	0x00000e38, 0x00000e39, 0x00000067, 0x00000e3a,
+	0x00000e3a, 0x00000009, 0x00000e48, 0x00000e4b,
+	0x0000006b, 0x00000eb8, 0x00000eb9, 0x00000076,
+	0x00000ec8, 0x00000ecb, 0x0000007a, 0x00000f18,
+	0x00000f19, 0x000000dc, 0x00000f35, 0x00000f35,
+	0x000000dc, 0x00000f37, 0x00000f37, 0x000000dc,
+	0x00000f39, 0x00000f39, 0x000000d8, 0x00000f71,
+	0x00000f71, 0x00000081, 0x00000f72, 0x00000f72,
+	0x00000082, 0x00000f74, 0x00000f74, 0x00000084,
+	0x00000f7a, 0x00000f7d, 0x00000082, 0x00000f80,
+	0x00000f80, 0x00000082, 0x00000f82, 0x00000f83,
+	0x000000e6, 0x00000f84, 0x00000f84, 0x00000009,
+	0x00000f86, 0x00000f87, 0x000000e6, 0x00000fc6,
+	0x00000fc6, 0x000000dc, 0x00001037, 0x00001037,
+	0x00000007, 0x00001039, 0x00001039, 0x00000009,
+	0x00001714, 0x00001714, 0x00000009, 0x00001734,
+	0x00001734, 0x00000009, 0x000017d2, 0x000017d2,
+	0x00000009, 0x000018a9, 0x000018a9, 0x000000e4,
+	0x000020d0, 0x000020d1, 0x000000e6, 0x000020d2,
+	0x000020d3, 0x00000001, 0x000020d4, 0x000020d7,
+	0x000000e6, 0x000020d8, 0x000020da, 0x00000001,
+	0x000020db, 0x000020dc, 0x000000e6, 0x000020e1,
+	0x000020e1, 0x000000e6, 0x000020e5, 0x000020e6,
+	0x00000001, 0x000020e7, 0x000020e7, 0x000000e6,
+	0x000020e8, 0x000020e8, 0x000000dc, 0x000020e9,
+	0x000020e9, 0x000000e6, 0x000020ea, 0x000020ea,
+	0x00000001, 0x0000302a, 0x0000302a, 0x000000da,
+	0x0000302b, 0x0000302b, 0x000000e4, 0x0000302c,
+	0x0000302c, 0x000000e8, 0x0000302d, 0x0000302d,
+	0x000000de, 0x0000302e, 0x0000302f, 0x000000e0,
+	0x00003099, 0x0000309a, 0x00000008, 0x0000fb1e,
+	0x0000fb1e, 0x0000001a, 0x0000fe20, 0x0000fe23,
+	0x000000e6, 0x0001d165, 0x0001d166, 0x000000d8,
+	0x0001d167, 0x0001d169, 0x00000001, 0x0001d16d,
+	0x0001d16d, 0x000000e2, 0x0001d16e, 0x0001d172,
+	0x000000d8, 0x0001d17b, 0x0001d182, 0x000000dc,
+	0x0001d185, 0x0001d189, 0x000000e6, 0x0001d18a,
+	0x0001d18b, 0x000000dc, 0x0001d1aa, 0x0001d1ad,
+	0x000000e6
+};
+
+static const krb5_ui_4 _ucnum_size = 1066;
+
+static const krb5_ui_4 _ucnum_nodes[] = {
+	0x00000030, 0x00000000, 0x00000031, 0x00000002,
+	0x00000032, 0x00000004, 0x00000033, 0x00000006,
+	0x00000034, 0x00000008, 0x00000035, 0x0000000a,
+	0x00000036, 0x0000000c, 0x00000037, 0x0000000e,
+	0x00000038, 0x00000010, 0x00000039, 0x00000012,
+	0x000000b2, 0x00000004, 0x000000b3, 0x00000006,
+	0x000000b9, 0x00000002, 0x000000bc, 0x00000014,
+	0x000000bd, 0x00000016, 0x000000be, 0x00000018,
+	0x00000660, 0x00000000, 0x00000661, 0x00000002,
+	0x00000662, 0x00000004, 0x00000663, 0x00000006,
+	0x00000664, 0x00000008, 0x00000665, 0x0000000a,
+	0x00000666, 0x0000000c, 0x00000667, 0x0000000e,
+	0x00000668, 0x00000010, 0x00000669, 0x00000012,
+	0x000006f0, 0x00000000, 0x000006f1, 0x00000002,
+	0x000006f2, 0x00000004, 0x000006f3, 0x00000006,
+	0x000006f4, 0x00000008, 0x000006f5, 0x0000000a,
+	0x000006f6, 0x0000000c, 0x000006f7, 0x0000000e,
+	0x000006f8, 0x00000010, 0x000006f9, 0x00000012,
+	0x00000966, 0x00000000, 0x00000967, 0x00000002,
+	0x00000968, 0x00000004, 0x00000969, 0x00000006,
+	0x0000096a, 0x00000008, 0x0000096b, 0x0000000a,
+	0x0000096c, 0x0000000c, 0x0000096d, 0x0000000e,
+	0x0000096e, 0x00000010, 0x0000096f, 0x00000012,
+	0x000009e6, 0x00000000, 0x000009e7, 0x00000002,
+	0x000009e8, 0x00000004, 0x000009e9, 0x00000006,
+	0x000009ea, 0x00000008, 0x000009eb, 0x0000000a,
+	0x000009ec, 0x0000000c, 0x000009ed, 0x0000000e,
+	0x000009ee, 0x00000010, 0x000009ef, 0x00000012,
+	0x000009f4, 0x00000002, 0x000009f5, 0x00000004,
+	0x000009f6, 0x00000006, 0x000009f7, 0x00000008,
+	0x000009f9, 0x0000001a, 0x00000a66, 0x00000000,
+	0x00000a67, 0x00000002, 0x00000a68, 0x00000004,
+	0x00000a69, 0x00000006, 0x00000a6a, 0x00000008,
+	0x00000a6b, 0x0000000a, 0x00000a6c, 0x0000000c,
+	0x00000a6d, 0x0000000e, 0x00000a6e, 0x00000010,
+	0x00000a6f, 0x00000012, 0x00000ae6, 0x00000000,
+	0x00000ae7, 0x00000002, 0x00000ae8, 0x00000004,
+	0x00000ae9, 0x00000006, 0x00000aea, 0x00000008,
+	0x00000aeb, 0x0000000a, 0x00000aec, 0x0000000c,
+	0x00000aed, 0x0000000e, 0x00000aee, 0x00000010,
+	0x00000aef, 0x00000012, 0x00000b66, 0x00000000,
+	0x00000b67, 0x00000002, 0x00000b68, 0x00000004,
+	0x00000b69, 0x00000006, 0x00000b6a, 0x00000008,
+	0x00000b6b, 0x0000000a, 0x00000b6c, 0x0000000c,
+	0x00000b6d, 0x0000000e, 0x00000b6e, 0x00000010,
+	0x00000b6f, 0x00000012, 0x00000be7, 0x00000002,
+	0x00000be8, 0x00000004, 0x00000be9, 0x00000006,
+	0x00000bea, 0x00000008, 0x00000beb, 0x0000000a,
+	0x00000bec, 0x0000000c, 0x00000bed, 0x0000000e,
+	0x00000bee, 0x00000010, 0x00000bef, 0x00000012,
+	0x00000bf0, 0x0000001c, 0x00000bf1, 0x0000001e,
+	0x00000bf2, 0x00000020, 0x00000c66, 0x00000000,
+	0x00000c67, 0x00000002, 0x00000c68, 0x00000004,
+	0x00000c69, 0x00000006, 0x00000c6a, 0x00000008,
+	0x00000c6b, 0x0000000a, 0x00000c6c, 0x0000000c,
+	0x00000c6d, 0x0000000e, 0x00000c6e, 0x00000010,
+	0x00000c6f, 0x00000012, 0x00000ce6, 0x00000000,
+	0x00000ce7, 0x00000002, 0x00000ce8, 0x00000004,
+	0x00000ce9, 0x00000006, 0x00000cea, 0x00000008,
+	0x00000ceb, 0x0000000a, 0x00000cec, 0x0000000c,
+	0x00000ced, 0x0000000e, 0x00000cee, 0x00000010,
+	0x00000cef, 0x00000012, 0x00000d66, 0x00000000,
+	0x00000d67, 0x00000002, 0x00000d68, 0x00000004,
+	0x00000d69, 0x00000006, 0x00000d6a, 0x00000008,
+	0x00000d6b, 0x0000000a, 0x00000d6c, 0x0000000c,
+	0x00000d6d, 0x0000000e, 0x00000d6e, 0x00000010,
+	0x00000d6f, 0x00000012, 0x00000e50, 0x00000000,
+	0x00000e51, 0x00000002, 0x00000e52, 0x00000004,
+	0x00000e53, 0x00000006, 0x00000e54, 0x00000008,
+	0x00000e55, 0x0000000a, 0x00000e56, 0x0000000c,
+	0x00000e57, 0x0000000e, 0x00000e58, 0x00000010,
+	0x00000e59, 0x00000012, 0x00000ed0, 0x00000000,
+	0x00000ed1, 0x00000002, 0x00000ed2, 0x00000004,
+	0x00000ed3, 0x00000006, 0x00000ed4, 0x00000008,
+	0x00000ed5, 0x0000000a, 0x00000ed6, 0x0000000c,
+	0x00000ed7, 0x0000000e, 0x00000ed8, 0x00000010,
+	0x00000ed9, 0x00000012, 0x00000f20, 0x00000000,
+	0x00000f21, 0x00000002, 0x00000f22, 0x00000004,
+	0x00000f23, 0x00000006, 0x00000f24, 0x00000008,
+	0x00000f25, 0x0000000a, 0x00000f26, 0x0000000c,
+	0x00000f27, 0x0000000e, 0x00000f28, 0x00000010,
+	0x00000f29, 0x00000012, 0x00000f2a, 0x00000016,
+	0x00000f2b, 0x00000022, 0x00000f2c, 0x00000024,
+	0x00000f2d, 0x00000026, 0x00000f2e, 0x00000028,
+	0x00000f2f, 0x0000002a, 0x00000f30, 0x0000002c,
+	0x00000f31, 0x0000002e, 0x00000f32, 0x00000030,
+	0x00000f33, 0x00000032, 0x00001040, 0x00000000,
+	0x00001041, 0x00000002, 0x00001042, 0x00000004,
+	0x00001043, 0x00000006, 0x00001044, 0x00000008,
+	0x00001045, 0x0000000a, 0x00001046, 0x0000000c,
+	0x00001047, 0x0000000e, 0x00001048, 0x00000010,
+	0x00001049, 0x00000012, 0x00001369, 0x00000002,
+	0x0000136a, 0x00000004, 0x0000136b, 0x00000006,
+	0x0000136c, 0x00000008, 0x0000136d, 0x0000000a,
+	0x0000136e, 0x0000000c, 0x0000136f, 0x0000000e,
+	0x00001370, 0x00000010, 0x00001371, 0x00000012,
+	0x00001372, 0x0000001c, 0x00001373, 0x00000034,
+	0x00001374, 0x00000036, 0x00001375, 0x00000038,
+	0x00001376, 0x0000003a, 0x00001377, 0x0000003c,
+	0x00001378, 0x0000003e, 0x00001379, 0x00000040,
+	0x0000137a, 0x00000042, 0x0000137b, 0x0000001e,
+	0x0000137c, 0x00000044, 0x000016ee, 0x00000046,
+	0x000016ef, 0x00000048, 0x000016f0, 0x0000004a,
+	0x000017e0, 0x00000000, 0x000017e1, 0x00000002,
+	0x000017e2, 0x00000004, 0x000017e3, 0x00000006,
+	0x000017e4, 0x00000008, 0x000017e5, 0x0000000a,
+	0x000017e6, 0x0000000c, 0x000017e7, 0x0000000e,
+	0x000017e8, 0x00000010, 0x000017e9, 0x00000012,
+	0x00001810, 0x00000000, 0x00001811, 0x00000002,
+	0x00001812, 0x00000004, 0x00001813, 0x00000006,
+	0x00001814, 0x00000008, 0x00001815, 0x0000000a,
+	0x00001816, 0x0000000c, 0x00001817, 0x0000000e,
+	0x00001818, 0x00000010, 0x00001819, 0x00000012,
+	0x00002070, 0x00000000, 0x00002074, 0x00000008,
+	0x00002075, 0x0000000a, 0x00002076, 0x0000000c,
+	0x00002077, 0x0000000e, 0x00002078, 0x00000010,
+	0x00002079, 0x00000012, 0x00002080, 0x00000000,
+	0x00002081, 0x00000002, 0x00002082, 0x00000004,
+	0x00002083, 0x00000006, 0x00002084, 0x00000008,
+	0x00002085, 0x0000000a, 0x00002086, 0x0000000c,
+	0x00002087, 0x0000000e, 0x00002088, 0x00000010,
+	0x00002089, 0x00000012, 0x00002153, 0x0000004c,
+	0x00002154, 0x0000004e, 0x00002155, 0x00000050,
+	0x00002156, 0x00000052, 0x00002157, 0x00000054,
+	0x00002158, 0x00000056, 0x00002159, 0x00000058,
+	0x0000215a, 0x0000005a, 0x0000215b, 0x0000005c,
+	0x0000215c, 0x0000005e, 0x0000215d, 0x00000060,
+	0x0000215e, 0x00000062, 0x0000215f, 0x00000002,
+	0x00002160, 0x00000002, 0x00002161, 0x00000004,
+	0x00002162, 0x00000006, 0x00002163, 0x00000008,
+	0x00002164, 0x0000000a, 0x00002165, 0x0000000c,
+	0x00002166, 0x0000000e, 0x00002167, 0x00000010,
+	0x00002168, 0x00000012, 0x00002169, 0x0000001c,
+	0x0000216a, 0x00000064, 0x0000216b, 0x00000066,
+	0x0000216c, 0x0000003a, 0x0000216d, 0x0000001e,
+	0x0000216e, 0x00000068, 0x0000216f, 0x00000020,
+	0x00002170, 0x00000002, 0x00002171, 0x00000004,
+	0x00002172, 0x00000006, 0x00002173, 0x00000008,
+	0x00002174, 0x0000000a, 0x00002175, 0x0000000c,
+	0x00002176, 0x0000000e, 0x00002177, 0x00000010,
+	0x00002178, 0x00000012, 0x00002179, 0x0000001c,
+	0x0000217a, 0x00000064, 0x0000217b, 0x00000066,
+	0x0000217c, 0x0000003a, 0x0000217d, 0x0000001e,
+	0x0000217e, 0x00000068, 0x0000217f, 0x00000020,
+	0x00002180, 0x00000020, 0x00002181, 0x0000006a,
+	0x00002182, 0x00000044, 0x00002460, 0x00000002,
+	0x00002461, 0x00000004, 0x00002462, 0x00000006,
+	0x00002463, 0x00000008, 0x00002464, 0x0000000a,
+	0x00002465, 0x0000000c, 0x00002466, 0x0000000e,
+	0x00002467, 0x00000010, 0x00002468, 0x00000012,
+	0x00002469, 0x0000001c, 0x0000246a, 0x00000064,
+	0x0000246b, 0x00000066, 0x0000246c, 0x0000006c,
+	0x0000246d, 0x0000006e, 0x0000246e, 0x00000070,
+	0x0000246f, 0x0000001a, 0x00002470, 0x00000046,
+	0x00002471, 0x00000048, 0x00002472, 0x0000004a,
+	0x00002473, 0x00000034, 0x00002474, 0x00000002,
+	0x00002475, 0x00000004, 0x00002476, 0x00000006,
+	0x00002477, 0x00000008, 0x00002478, 0x0000000a,
+	0x00002479, 0x0000000c, 0x0000247a, 0x0000000e,
+	0x0000247b, 0x00000010, 0x0000247c, 0x00000012,
+	0x0000247d, 0x0000001c, 0x0000247e, 0x00000064,
+	0x0000247f, 0x00000066, 0x00002480, 0x0000006c,
+	0x00002481, 0x0000006e, 0x00002482, 0x00000070,
+	0x00002483, 0x0000001a, 0x00002484, 0x00000046,
+	0x00002485, 0x00000048, 0x00002486, 0x0000004a,
+	0x00002487, 0x00000034, 0x00002488, 0x00000002,
+	0x00002489, 0x00000004, 0x0000248a, 0x00000006,
+	0x0000248b, 0x00000008, 0x0000248c, 0x0000000a,
+	0x0000248d, 0x0000000c, 0x0000248e, 0x0000000e,
+	0x0000248f, 0x00000010, 0x00002490, 0x00000012,
+	0x00002491, 0x0000001c, 0x00002492, 0x00000064,
+	0x00002493, 0x00000066, 0x00002494, 0x0000006c,
+	0x00002495, 0x0000006e, 0x00002496, 0x00000070,
+	0x00002497, 0x0000001a, 0x00002498, 0x00000046,
+	0x00002499, 0x00000048, 0x0000249a, 0x0000004a,
+	0x0000249b, 0x00000034, 0x000024ea, 0x00000000,
+	0x000024eb, 0x00000064, 0x000024ec, 0x00000066,
+	0x000024ed, 0x0000006c, 0x000024ee, 0x0000006e,
+	0x000024ef, 0x00000070, 0x000024f0, 0x0000001a,
+	0x000024f1, 0x00000046, 0x000024f2, 0x00000048,
+	0x000024f3, 0x0000004a, 0x000024f4, 0x00000034,
+	0x000024f5, 0x00000002, 0x000024f6, 0x00000004,
+	0x000024f7, 0x00000006, 0x000024f8, 0x00000008,
+	0x000024f9, 0x0000000a, 0x000024fa, 0x0000000c,
+	0x000024fb, 0x0000000e, 0x000024fc, 0x00000010,
+	0x000024fd, 0x00000012, 0x000024fe, 0x0000001c,
+	0x00002776, 0x00000002, 0x00002777, 0x00000004,
+	0x00002778, 0x00000006, 0x00002779, 0x00000008,
+	0x0000277a, 0x0000000a, 0x0000277b, 0x0000000c,
+	0x0000277c, 0x0000000e, 0x0000277d, 0x00000010,
+	0x0000277e, 0x00000012, 0x0000277f, 0x0000001c,
+	0x00002780, 0x00000002, 0x00002781, 0x00000004,
+	0x00002782, 0x00000006, 0x00002783, 0x00000008,
+	0x00002784, 0x0000000a, 0x00002785, 0x0000000c,
+	0x00002786, 0x0000000e, 0x00002787, 0x00000010,
+	0x00002788, 0x00000012, 0x00002789, 0x0000001c,
+	0x0000278a, 0x00000002, 0x0000278b, 0x00000004,
+	0x0000278c, 0x00000006, 0x0000278d, 0x00000008,
+	0x0000278e, 0x0000000a, 0x0000278f, 0x0000000c,
+	0x00002790, 0x0000000e, 0x00002791, 0x00000010,
+	0x00002792, 0x00000012, 0x00002793, 0x0000001c,
+	0x00003007, 0x00000000, 0x00003021, 0x00000002,
+	0x00003022, 0x00000004, 0x00003023, 0x00000006,
+	0x00003024, 0x00000008, 0x00003025, 0x0000000a,
+	0x00003026, 0x0000000c, 0x00003027, 0x0000000e,
+	0x00003028, 0x00000010, 0x00003029, 0x00000012,
+	0x00003038, 0x0000001c, 0x00003039, 0x00000034,
+	0x0000303a, 0x00000036, 0x00003192, 0x00000002,
+	0x00003193, 0x00000004, 0x00003194, 0x00000006,
+	0x00003195, 0x00000008, 0x00003220, 0x00000002,
+	0x00003221, 0x00000004, 0x00003222, 0x00000006,
+	0x00003223, 0x00000008, 0x00003224, 0x0000000a,
+	0x00003225, 0x0000000c, 0x00003226, 0x0000000e,
+	0x00003227, 0x00000010, 0x00003228, 0x00000012,
+	0x00003229, 0x0000001c, 0x00003251, 0x00000072,
+	0x00003252, 0x00000074, 0x00003253, 0x00000076,
+	0x00003254, 0x00000078, 0x00003255, 0x0000007a,
+	0x00003256, 0x0000007c, 0x00003257, 0x0000007e,
+	0x00003258, 0x00000080, 0x00003259, 0x00000082,
+	0x0000325a, 0x00000036, 0x0000325b, 0x00000084,
+	0x0000325c, 0x00000086, 0x0000325d, 0x00000088,
+	0x0000325e, 0x0000008a, 0x0000325f, 0x0000008c,
+	0x00003280, 0x00000002, 0x00003281, 0x00000004,
+	0x00003282, 0x00000006, 0x00003283, 0x00000008,
+	0x00003284, 0x0000000a, 0x00003285, 0x0000000c,
+	0x00003286, 0x0000000e, 0x00003287, 0x00000010,
+	0x00003288, 0x00000012, 0x00003289, 0x0000001c,
+	0x000032b1, 0x0000008e, 0x000032b2, 0x00000090,
+	0x000032b3, 0x00000092, 0x000032b4, 0x00000094,
+	0x000032b5, 0x00000038, 0x000032b6, 0x00000096,
+	0x000032b7, 0x00000098, 0x000032b8, 0x0000009a,
+	0x000032b9, 0x0000009c, 0x000032ba, 0x0000009e,
+	0x000032bb, 0x000000a0, 0x000032bc, 0x000000a2,
+	0x000032bd, 0x000000a4, 0x000032be, 0x000000a6,
+	0x000032bf, 0x0000003a, 0x0000ff10, 0x00000000,
+	0x0000ff11, 0x00000002, 0x0000ff12, 0x00000004,
+	0x0000ff13, 0x00000006, 0x0000ff14, 0x00000008,
+	0x0000ff15, 0x0000000a, 0x0000ff16, 0x0000000c,
+	0x0000ff17, 0x0000000e, 0x0000ff18, 0x00000010,
+	0x0000ff19, 0x00000012, 0x00010320, 0x00000002,
+	0x00010321, 0x0000000a, 0x00010322, 0x0000001c,
+	0x00010323, 0x0000003a, 0x0001d7ce, 0x00000000,
+	0x0001d7cf, 0x00000002, 0x0001d7d0, 0x00000004,
+	0x0001d7d1, 0x00000006, 0x0001d7d2, 0x00000008,
+	0x0001d7d3, 0x0000000a, 0x0001d7d4, 0x0000000c,
+	0x0001d7d5, 0x0000000e, 0x0001d7d6, 0x00000010,
+	0x0001d7d7, 0x00000012, 0x0001d7d8, 0x00000000,
+	0x0001d7d9, 0x00000002, 0x0001d7da, 0x00000004,
+	0x0001d7db, 0x00000006, 0x0001d7dc, 0x00000008,
+	0x0001d7dd, 0x0000000a, 0x0001d7de, 0x0000000c,
+	0x0001d7df, 0x0000000e, 0x0001d7e0, 0x00000010,
+	0x0001d7e1, 0x00000012, 0x0001d7e2, 0x00000000,
+	0x0001d7e3, 0x00000002, 0x0001d7e4, 0x00000004,
+	0x0001d7e5, 0x00000006, 0x0001d7e6, 0x00000008,
+	0x0001d7e7, 0x0000000a, 0x0001d7e8, 0x0000000c,
+	0x0001d7e9, 0x0000000e, 0x0001d7ea, 0x00000010,
+	0x0001d7eb, 0x00000012, 0x0001d7ec, 0x00000000,
+	0x0001d7ed, 0x00000002, 0x0001d7ee, 0x00000004,
+	0x0001d7ef, 0x00000006, 0x0001d7f0, 0x00000008,
+	0x0001d7f1, 0x0000000a, 0x0001d7f2, 0x0000000c,
+	0x0001d7f3, 0x0000000e, 0x0001d7f4, 0x00000010,
+	0x0001d7f5, 0x00000012, 0x0001d7f6, 0x00000000,
+	0x0001d7f7, 0x00000002, 0x0001d7f8, 0x00000004,
+	0x0001d7f9, 0x00000006, 0x0001d7fa, 0x00000008,
+	0x0001d7fb, 0x0000000a, 0x0001d7fc, 0x0000000c,
+	0x0001d7fd, 0x0000000e, 0x0001d7fe, 0x00000010,
+	0x0001d7ff, 0x00000012
+};
+
+static const short _ucnum_vals[] = {
+	0x0000, 0x0001, 0x0001, 0x0001, 0x0002, 0x0001, 0x0003, 0x0001,
+	0x0004, 0x0001, 0x0005, 0x0001, 0x0006, 0x0001, 0x0007, 0x0001,
+	0x0008, 0x0001, 0x0009, 0x0001, 0x0001, 0x0004, 0x0001, 0x0002,
+	0x0003, 0x0004, 0x0010, 0x0001, 0x000a, 0x0001, 0x0064, 0x0001,
+	0x03e8, 0x0001, 0x0003, 0x0002, 0x0005, 0x0002, 0x0007, 0x0002,
+	0x0009, 0x0002, 0x000b, 0x0002, 0x000d, 0x0002, 0x000f, 0x0002,
+	0x0011, 0x0002,     -1, 0x0002, 0x0014, 0x0001, 0x001e, 0x0001,
+	0x0028, 0x0001, 0x0032, 0x0001, 0x003c, 0x0001, 0x0046, 0x0001,
+	0x0050, 0x0001, 0x005a, 0x0001, 0x2710, 0x0001, 0x0011, 0x0001,
+	0x0012, 0x0001, 0x0013, 0x0001, 0x0001, 0x0003, 0x0002, 0x0003,
+	0x0001, 0x0005, 0x0002, 0x0005, 0x0003, 0x0005, 0x0004, 0x0005,
+	0x0001, 0x0006, 0x0005, 0x0006, 0x0001, 0x0008, 0x0003, 0x0008,
+	0x0005, 0x0008, 0x0007, 0x0008, 0x000b, 0x0001, 0x000c, 0x0001,
+	0x01f4, 0x0001, 0x1388, 0x0001, 0x000d, 0x0001, 0x000e, 0x0001,
+	0x000f, 0x0001, 0x0015, 0x0001, 0x0016, 0x0001, 0x0017, 0x0001,
+	0x0018, 0x0001, 0x0019, 0x0001, 0x001a, 0x0001, 0x001b, 0x0001,
+	0x001c, 0x0001, 0x001d, 0x0001, 0x001f, 0x0001, 0x0020, 0x0001,
+	0x0021, 0x0001, 0x0022, 0x0001, 0x0023, 0x0001, 0x0024, 0x0001,
+	0x0025, 0x0001, 0x0026, 0x0001, 0x0027, 0x0001, 0x0029, 0x0001,
+	0x002a, 0x0001, 0x002b, 0x0001, 0x002c, 0x0001, 0x002d, 0x0001,
+	0x002e, 0x0001, 0x002f, 0x0001, 0x0030, 0x0001, 0x0031, 0x0001
+};
diff --git a/krb5-1.21.3/src/lib/krb5/unicode/ucstr.c b/krb5-1.21.3/src/lib/krb5/unicode/ucstr.c
new file mode 100644
index 00000000..0a2e5ab4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5/unicode/ucstr.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP Public
+ * License.
+ *
+ * A copy of this license is available in file LICENSE in the top-level
+ * directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+
+/*
+ * This work is part of OpenLDAP Software <https://www.openldap.org/>.
+ * $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.40 2008/03/04 06:24:05 hyc Exp $
+ */
+
+#include "k5-int.h"
+#include "k5-utf8.h"
+#include "k5-unicode.h"
+#include "k5-input.h"
+#include "ucdata/ucdata.h"
+
+#include <ctype.h>
+
+static int
+krb5int_ucstrncmp(
+		  const krb5_unicode * u1,
+		  const krb5_unicode * u2,
+		  size_t n)
+{
+    for (; 0 < n; ++u1, ++u2, --n) {
+	if (*u1 != *u2) {
+	    return *u1 < *u2 ? -1 : +1;
+	}
+	if (*u1 == 0) {
+	    return 0;
+	}
+    }
+    return 0;
+}
+
+static int
+krb5int_ucstrncasecmp(
+		      const krb5_unicode * u1,
+		      const krb5_unicode * u2,
+		      size_t n)
+{
+    for (; 0 < n; ++u1, ++u2, --n) {
+	krb5_unicode uu1 = uctolower(*u1);
+	krb5_unicode uu2 = uctolower(*u2);
+
+	if (uu1 != uu2) {
+	    return uu1 < uu2 ? -1 : +1;
+	}
+	if (uu1 == 0) {
+	    return 0;
+	}
+    }
+    return 0;
+}
+
+/* Return true if data contains valid UTF-8 sequences. */
+krb5_boolean
+k5_utf8_validate(const krb5_data *data)
+{
+    struct k5input in;
+    int len, tmplen, i;
+    const uint8_t *bytes;
+
+    k5_input_init(&in, data->data, data->length);
+    while (!in.status && in.len > 0) {
+	len = KRB5_UTF8_CHARLEN(in.ptr);
+	if (len < 1 || len > 4)
+	    return FALSE;
+	bytes = k5_input_get_bytes(&in, len);
+	if (bytes == NULL)
+	    return FALSE;
+	if (KRB5_UTF8_CHARLEN2(bytes, tmplen) != len)
+	    return FALSE;
+	for (i = 1; i < len; i++) {
+	    if ((bytes[i] & 0xc0) != 0x80)
+		return FALSE;
+	}
+    }
+    return !in.status;
+}
+
+#define TOLOWER(c)  (isupper(c) ? tolower(c) : (c))
+
+/* compare UTF8-strings, optionally ignore casing */
+/* slow, should be optimized */
+int
+krb5int_utf8_normcmp(
+		     const krb5_data * data1,
+		     const krb5_data * data2,
+		     unsigned flags)
+{
+    int i, l1, l2, len, ulen, res = 0;
+    char *s1, *s2, *done;
+    krb5_ucs4 *ucs, *ucsout1, *ucsout2;
+
+    unsigned casefold = flags & KRB5_UTF8_CASEFOLD;
+    unsigned norm1 = flags & KRB5_UTF8_ARG1NFC;
+    unsigned norm2 = flags & KRB5_UTF8_ARG2NFC;
+
+    if (data1 == NULL) {
+	return data2 == NULL ? 0 : -1;
+
+    } else if (data2 == NULL) {
+	return 1;
+    }
+    l1 = data1->length;
+    l2 = data2->length;
+
+    len = (l1 < l2) ? l1 : l2;
+    if (len == 0) {
+	return l1 == 0 ? (l2 == 0 ? 0 : -1) : 1;
+    }
+    s1 = data1->data;
+    s2 = data2->data;
+    done = s1 + len;
+
+    while ((s1 < done) && KRB5_UTF8_ISASCII(s1) && KRB5_UTF8_ISASCII(s2)) {
+	if (casefold) {
+	    char c1 = TOLOWER(*s1);
+	    char c2 = TOLOWER(*s2);
+	    res = c1 - c2;
+	} else {
+	    res = *s1 - *s2;
+	}
+	s1++;
+	s2++;
+	if (res) {
+	    /* done unless next character in s1 or s2 is non-ascii */
+	    if (s1 < done) {
+		if (!KRB5_UTF8_ISASCII(s1) || !KRB5_UTF8_ISASCII(s2)) {
+		    break;
+		}
+	    } else if (((len < l1) && !KRB5_UTF8_ISASCII(s1)) ||
+		       ((len < l2) && !KRB5_UTF8_ISASCII(s2))) {
+		break;
+	    }
+	    return res;
+	}
+    }
+
+    /* We have encountered non-ascii or strings equal up to len */
+
+    /* set i to number of iterations */
+    i = s1 - done + len;
+    /* passed through loop at least once? */
+    if (i > 0) {
+	if (!res && (s1 == done) &&
+	    ((len == l1) || KRB5_UTF8_ISASCII(s1)) &&
+	    ((len == l2) || KRB5_UTF8_ISASCII(s2))) {
+	    /* all ascii and equal up to len */
+	    return l1 - l2;
+	}
+	/* rewind one char, and do normalized compare from there */
+	s1--;
+	s2--;
+	l1 -= i - 1;
+	l2 -= i - 1;
+    }
+    /*
+     * Should first check to see if strings are already in proper normalized
+     * form.
+     */
+    ucs = malloc(((norm1 || l1 > l2) ? l1 : l2) * sizeof(*ucs));
+    if (ucs == NULL) {
+	return l1 > l2 ? 1 : -1;/* what to do??? */
+    }
+    /*
+     * XXYYZ: we convert to ucs4 even though -llunicode
+     * expects ucs2 in an ac_uint4
+     */
+
+    /* convert and normalize 1st string */
+    for (i = 0, ulen = 0; i < l1; i += len, ulen++) {
+	if (krb5int_utf8_to_ucs4(s1 + i, &ucs[ulen]) == -1) {
+	    free(ucs);
+	    return -1;		/* what to do??? */
+	}
+	len = KRB5_UTF8_CHARLEN(s1 + i);
+    }
+
+    if (norm1) {
+	ucsout1 = ucs;
+	l1 = ulen;
+	ucs = malloc(l2 * sizeof(*ucs));
+	if (ucs == NULL) {
+	    free(ucsout1);
+	    return l1 > l2 ? 1 : -1;	/* what to do??? */
+	}
+    } else {
+	uccompatdecomp(ucs, ulen, &ucsout1, &l1);
+	l1 = uccanoncomp(ucsout1, l1);
+    }
+
+    /* convert and normalize 2nd string */
+    for (i = 0, ulen = 0; i < l2; i += len, ulen++) {
+	if (krb5int_utf8_to_ucs4(s2 + i, &ucs[ulen]) == -1) {
+	    free(ucsout1);
+	    free(ucs);
+	    return 1;		/* what to do??? */
+	}
+	len = KRB5_UTF8_CHARLEN(s2 + i);
+    }
+
+    if (norm2) {
+	ucsout2 = ucs;
+	l2 = ulen;
+    } else {
+	uccompatdecomp(ucs, ulen, &ucsout2, &l2);
+	l2 = uccanoncomp(ucsout2, l2);
+	free(ucs);
+    }
+
+    res = casefold
+	? krb5int_ucstrncasecmp(ucsout1, ucsout2, l1 < l2 ? l1 : l2)
+	: krb5int_ucstrncmp(ucsout1, ucsout2, l1 < l2 ? l1 : l2);
+    free(ucsout1);
+    free(ucsout2);
+
+    if (res != 0) {
+	return res;
+    }
+    if (l1 == l2) {
+	return 0;
+    }
+    return l1 > l2 ? 1 : -1;
+}
diff --git a/krb5-1.21.3/src/lib/krb5_32.def b/krb5-1.21.3/src/lib/krb5_32.def
new file mode 100644
index 00000000..b1610974
--- /dev/null
+++ b/krb5-1.21.3/src/lib/krb5_32.def
@@ -0,0 +1,512 @@
+;----------------------------------------------------
+;   KRB5.DEF - KRB5.DLL module definition file
+;----------------------------------------------------
+
+; ****************************************************************************
+; Do not add any function to this file until you make sure the calling
+; convention for the exported function is KRB5_CALLCONV
+; ****************************************************************************
+
+; Key:
+;
+; PRIVATE   - Private entrypoint.  It should not be called by anything other
+;             than gssapi32.dll or krb4_32.dll.
+; GSSAPI    - Private entrypoint used by gssapi32.dll.
+; KRB5_CALLCONV_WRONG - entrypoint that should have used KRB5_CALLCONV, but
+;                       did not due to developer error
+
+EXPORTS
+
+	krb5_425_conv_principal			@10
+	krb5_524_conv_principal			@11
+	krb5_address_compare			@13
+	krb5_address_order			@14
+	krb5_address_search			@15	; KRB5_CALLCONV_WRONG
+	krb5_aname_to_localname			@16
+	krb5_appdefault_boolean			@17
+	krb5_appdefault_string			@18
+	krb5_auth_con_free			@19
+	krb5_auth_con_genaddrs			@20
+	krb5_auth_con_getaddrs			@21
+	krb5_auth_con_getauthenticator		@22
+	krb5_auth_con_get_checksum_func		@23
+	krb5_auth_con_getflags			@24
+	krb5_auth_con_getkey			@25
+	krb5_auth_con_getlocalseqnumber		@26
+	krb5_auth_con_getlocalsubkey		@27
+	krb5_auth_con_getrcache			@28	; KRB5_CALLCONV_WRONG
+	krb5_auth_con_getrecvsubkey		@29	
+	krb5_auth_con_getremoteseqnumber	@30
+	krb5_auth_con_getremotesubkey		@31
+	krb5_auth_con_getsendsubkey		@32
+	krb5_auth_con_init			@33
+	krb5_auth_con_initivector		@34	; DEPRECATED
+	krb5_auth_con_set_checksum_func		@35
+	krb5_auth_con_setaddrs			@37	; KRB5_CALLCONV_WRONG
+	krb5_auth_con_setflags			@38
+	krb5_auth_con_setports			@39
+	krb5_auth_con_setrcache			@40
+	krb5_auth_con_setrecvsubkey		@41
+	krb5_auth_con_setsendsubkey		@42
+	krb5_auth_con_setuseruserkey		@43
+	krb5_build_principal			@44
+	krb5_build_principal_ext		@45
+	krb5_build_principal_va			@46
+	krb5_c_block_size			@47
+	krb5_c_checksum_length			@48
+	krb5_c_decrypt				@49
+	krb5_c_encrypt				@50
+	krb5_c_encrypt_length			@51
+	krb5_c_enctype_compare			@52
+	krb5_c_is_coll_proof_cksum		@53
+	krb5_c_is_keyed_cksum			@54
+	krb5_c_keyed_checksum_types		@55
+	krb5_c_make_checksum			@56
+	krb5_c_make_random_key			@57
+ 	krb5_c_prf				@58
+ 	krb5_c_prf_length			@59
+	krb5_c_random_make_octets		@60
+	krb5_c_random_seed			@61
+	krb5_c_string_to_key			@62
+ 	krb5_c_string_to_key_with_params	@63
+	krb5_c_valid_cksumtype			@64
+	krb5_c_valid_enctype			@65
+	krb5_c_verify_checksum			@66
+	krb5_calculate_checksum			@67
+	krb5_cc_close				@68
+	krb5_cc_copy_creds			@69
+	krb5_cc_default				@70
+	krb5_cc_default_name			@71
+	krb5_cc_destroy				@72
+	krb5_cc_end_seq_get			@73
+	krb5_cc_gen_new				@74
+	krb5_cc_get_name			@75
+	krb5_cc_get_principal			@76
+	krb5_cc_get_type			@77
+	krb5_cc_initialize			@78
+	krb5_cc_new_unique			@79
+	krb5_cc_next_cred			@80
+	krb5_cc_remove_cred			@81
+	krb5_cc_resolve				@82
+	krb5_cc_retrieve_cred			@83
+	krb5_cc_set_default_name		@84
+	krb5_cc_set_flags			@85
+	krb5_cc_start_seq_get			@86
+	krb5_cc_store_cred			@87
+	krb5_cccol_cursor_free			@88
+	krb5_cccol_cursor_new			@89
+	krb5_cccol_cursor_next			@90
+	krb5_change_password			@91
+	krb5_checksum_size			@92
+	krb5_cksumtype_to_string		@93
+	krb5_copy_addresses			@95 
+	krb5_copy_authdata			@96 
+	krb5_copy_authenticator			@97 
+	krb5_copy_checksum			@98 
+	krb5_copy_context			@99 
+	krb5_copy_creds				@100
+	krb5_copy_data				@101
+	krb5_copy_keyblock			@102
+	krb5_copy_keyblock_contents		@103
+	krb5_copy_principal			@104
+	krb5_copy_ticket			@105
+	krb5_decode_ticket			@106
+	krb5_decrypt				@107
+	krb5_deltat_to_string			@109
+	krb5_eblock_enctype			@110
+	krb5_encrypt				@111
+	krb5_encrypt_size			@112
+	krb5_enctype_to_string			@113
+	krb5_finish_key				@115
+	krb5_finish_random_key			@116
+	krb5_free_addresses			@117
+	krb5_free_ap_rep_enc_part		@118
+	krb5_free_authdata			@120
+	krb5_free_authenticator			@121
+	krb5_free_checksum			@122
+	krb5_free_checksum_contents		@123
+	krb5_free_cksumtypes			@124
+	krb5_free_config_files			@125
+	krb5_free_context			@126
+	krb5_free_cred_contents			@127
+	krb5_free_creds				@128
+	krb5_free_data				@129
+	krb5_free_data_contents			@130
+	krb5_free_default_realm			@131
+	krb5_free_error				@133
+	krb5_free_host_realm			@135
+	krb5_free_keyblock			@136
+	krb5_free_keyblock_contents		@137
+	krb5_free_keytab_entry_contents		@138
+	krb5_free_principal			@140
+	krb5_free_tgt_creds			@141
+	krb5_free_ticket			@142
+	krb5_free_unparsed_name			@143
+	krb5_fwd_tgt_creds			@144
+	krb5_get_credentials			@145
+	krb5_get_credentials_renew		@146
+	krb5_get_credentials_validate		@147
+	krb5_get_default_config_files		@148
+	krb5_get_default_realm			@149
+	krb5_get_host_realm			@151
+;	krb5_get_in_tkt				@152	; REMOVED
+	krb5_get_in_tkt_with_keytab		@153	; DEPRECATED
+	krb5_get_in_tkt_with_password		@154	; DEPRECATED
+	krb5_get_in_tkt_with_skey		@155	; DEPRECATED
+	krb5_get_init_creds_keytab		@156
+	krb5_get_init_creds_opt_alloc		@157
+	krb5_get_init_creds_opt_free		@158
+	krb5_get_init_creds_opt_free_pa		@159
+	krb5_get_init_creds_opt_get_pa		@160
+	krb5_get_init_creds_opt_init		@161
+	krb5_get_init_creds_opt_set_address_list	    @162
+	krb5_get_init_creds_opt_set_change_password_prompt  @163
+	krb5_get_init_creds_opt_set_etype_list		    @164
+	krb5_get_init_creds_opt_set_forwardable		    @165
+	krb5_get_init_creds_opt_set_pa			    @166	    
+	krb5_get_init_creds_opt_set_preauth_list	    @167
+	krb5_get_init_creds_opt_set_proxiable		    @168
+	krb5_get_init_creds_opt_set_renew_life		    @169
+	krb5_get_init_creds_opt_set_salt		    @170
+	krb5_get_init_creds_opt_set_tkt_life		    @171
+	krb5_get_init_creds_password		@172
+	krb5_get_permitted_enctypes		@173
+	krb5_get_profile			@269
+	krb5_get_prompt_types			@174
+	krb5_get_renewed_creds			@175
+	krb5_get_server_rcache			@176
+	krb5_get_time_offsets			@178
+	krb5_get_validated_creds		@179
+	krb5_init_context			@180
+	krb5_init_keyblock			@181
+	krb5_init_random_key			@182
+	krb5_init_secure_context		@183
+	krb5_is_referral_realm			@185
+        krb5_is_thread_safe			@186
+	krb5_kt_add_entry			@187
+	krb5_kt_close				@188
+	krb5_kt_default				@189
+	krb5_kt_default_name			@190
+	krb5_kt_end_seq_get			@191
+	krb5_kt_get_entry			@193
+	krb5_kt_get_name			@194
+	krb5_kt_get_type			@195
+	krb5_kt_next_entry			@196
+	krb5_kt_read_service_key		@197
+	krb5_kt_remove_entry			@198
+	krb5_kt_resolve				@199
+	krb5_kt_start_seq_get			@200
+	krb5_kuserok				@201
+	krb5_mk_1cred				@202
+	krb5_mk_error				@203
+	krb5_mk_ncred				@204
+	krb5_mk_priv				@205
+	krb5_mk_rep				@206
+	krb5_mk_req				@207
+	krb5_mk_req_extended			@208
+	krb5_mk_safe				@209
+	krb5_os_localaddr			@210
+	krb5_parse_name				@211
+	krb5_principal2salt                     @212	; KRB5_CALLCONV_WRONG
+	krb5_principal_compare			@213
+	krb5_process_key			@214
+	krb5_prompter_posix			@215
+	krb5_random_key				@216
+	krb5_rd_cred				@218
+	krb5_rd_error				@219
+	krb5_rd_priv				@220
+	krb5_rd_rep				@221
+	krb5_rd_req				@222
+	krb5_rd_safe				@223
+	krb5_read_password			@224
+	krb5_realm_compare			@225
+	krb5_recvauth				@226
+	krb5_recvauth_version			@227
+	krb5_salttype_to_string			@228
+	krb5_sendauth				@229
+	krb5_server_decrypt_ticket_keytab	@239
+	krb5_set_default_realm			@240
+	krb5_set_default_tgs_enctypes		@241
+        krb5_set_password			@243
+        krb5_set_password_using_ccache		@244
+	krb5_set_principal_realm		@245
+	krb5_set_real_time			@246
+	krb5_sname_to_principal			@248
+	krb5_string_to_cksumtype		@249
+	krb5_string_to_deltat			@250
+	krb5_string_to_enctype			@251
+	krb5_string_to_key			@252
+	krb5_string_to_salttype			@253
+	krb5_string_to_timestamp		@254
+	krb5_timeofday				@255
+	krb5_timestamp_to_sfstring		@256
+	krb5_timestamp_to_string		@257
+	krb5_unparse_name			@258
+	krb5_unparse_name_ext			@259
+	krb5_us_timeofday			@260
+	krb5_use_enctype			@261
+	krb5_verify_checksum			@262
+	krb5_verify_init_creds			@263
+	krb5_verify_init_creds_opt_init		@264
+	krb5_verify_init_creds_opt_set_ap_req_nofail	@265
+
+	krb5_524_convert_creds			@12
+; Don't add krb524_convert_creds_kdc or krb524_init_ets here;
+; they've never been exported by this library, and are deprecated. -KR
+
+	krb5int_accessor			@267	; INTERNAL (to end all internals)
+
+
+; DO NOT USE -- Currently required to implement gssapi32.dll
+	decode_krb5_ap_req			@2	; PRIVATE GSSAPI k5-int.h KRB5_CALLCONV_WRONG
+	krb5_ser_pack_bytes			@234	; PRIVATE GSSAPI k5-int.h
+	krb5_ser_pack_int32			@235	; PRIVATE GSSAPI k5-int.h
+	krb5_ser_unpack_bytes			@237	; PRIVATE GSSAPI k5-int.h
+	krb5_ser_unpack_int32			@238	; PRIVATE GSSAPI k5-int.h
+	krb5int_cc_default			@268	; PRIVATE GSSAPI k5-int.h
+
+	krb5_free_ap_req			@119	; PRIVATE GSSAPI krb5.hin
+	krb5_get_tgs_ktypes			@177	; PRIVATE GSSAPI krb5.hin
+	krb5_auth_con_set_req_cksumtype		@36	; PRIVATE GSSAPI krb5.hin
+	krb5_kt_free_entry			@192	; PRIVATE GSSAPI krb5.hin
+	k5_rc_close				@217	; PRIVATE GSSAPI krb5.hin
+	krb5_free_enc_tkt_part			@132	; PRIVATE GSSAPI krb5.hin
+	krb5_decrypt_tkt_part			@108	; PRIVATE GSSAPI krb5.hin
+
+	krb5_set_error_message			@242
+	krb5_vset_error_message			@266
+	krb5_get_error_message			@150
+	krb5_free_error_message			@134
+	krb5_clear_error_message		@94
+
+; new in 1.7-1.9
+	krb5_rd_rep_dce					@270
+	krb5_mk_rep_dce					@271
+	krb5_c_padding_length				@272
+	krb5_c_crypto_length				@273
+	krb5_c_encrypt_iov				@274
+	krb5_c_decrypt_iov				@275
+	krb5_c_make_checksum_iov			@276
+	krb5_c_verify_checksum_iov			@277
+	krb5_allow_weak_crypto				@278
+	krb5_anonymous_principal			@279
+	krb5_anonymous_realm				@280
+	krb5_auth_con_getkey_k				@281
+	krb5_auth_con_getrecvsubkey_k			@282
+	krb5_auth_con_getsendsubkey_k			@283
+	krb5_auth_con_setrecvsubkey_k			@284
+	krb5_auth_con_setsendsubkey_k			@285
+	krb5_build_principal_alloc_va			@286
+	krb5_c_crypto_length_iov			@287
+	krb5_c_free_state				@288
+	krb5_c_fx_cf2_simple				@289
+	krb5_c_init_state				@290
+	krb5_c_keylengths				@291
+	krb5_c_random_add_entropy			@292
+	krb5_c_random_os_entropy			@293
+	krb5_c_random_to_key				@294
+	krb5_cc_dup					@295
+	krb5_cc_get_config				@296
+	krb5_cc_set_config				@297
+	krb5_copy_error_message				@298
+	krb5_decode_authdata_container			@299
+	krb5_encode_authdata_container			@300
+	krb5_enctype_to_name				@301
+	krb5_get_fallback_host_realm			@302
+	krb5_get_init_creds_opt_get_fast_flags		@303
+	krb5_get_init_creds_opt_set_anonymous		@304
+	krb5_get_init_creds_opt_set_canonicalize	@305
+	krb5_get_init_creds_opt_set_expire_callback	@306
+	krb5_get_init_creds_opt_set_fast_ccache		@307
+	krb5_get_init_creds_opt_set_fast_ccache_name	@308
+	krb5_get_init_creds_opt_set_fast_flags		@309
+	krb5_get_init_creds_opt_set_out_ccache		@310
+	krb5_init_creds_free				@311
+	krb5_init_creds_get				@312
+	krb5_init_creds_get_creds			@313
+	krb5_init_creds_get_error			@314
+	krb5_init_creds_get_times			@315
+	krb5_init_creds_init				@316
+	krb5_init_creds_set_keytab			@317
+	krb5_init_creds_set_password			@318
+	krb5_init_creds_set_service			@319
+	krb5_init_creds_step				@320
+	krb5_is_config_principal			@321
+	krb5_k_create_key				@322
+	krb5_k_decrypt					@323
+	krb5_k_decrypt_iov				@324
+	krb5_k_encrypt					@325
+	krb5_k_encrypt_iov				@326
+	krb5_k_free_key					@327
+	krb5_k_key_enctype				@328
+	krb5_k_key_keyblock				@329
+	krb5_k_make_checksum				@330
+	krb5_k_make_checksum_iov			@331
+	krb5_k_prf					@332
+	krb5_k_reference_key				@333
+	krb5_k_verify_checksum				@334
+	krb5_k_verify_checksum_iov			@335
+	krb5_make_authdata_kdc_issued			@336
+	krb5_merge_authdata				@337
+	krb5_pac_add_buffer				@338
+	krb5_pac_free					@339
+	krb5_pac_get_buffer				@340
+	krb5_pac_get_types				@341
+	krb5_pac_init					@342
+	krb5_pac_parse					@343
+	krb5_pac_verify					@344
+	krb5_parse_name_flags				@345
+	krb5_principal_compare_any_realm		@346
+	krb5_principal_compare_flags			@347
+	krb5_tkt_creds_free				@348
+	krb5_tkt_creds_get				@349
+	krb5_tkt_creds_get_creds			@350
+	krb5_tkt_creds_get_times			@351
+	krb5_tkt_creds_init				@352
+	krb5_tkt_creds_step				@353
+	krb5_unparse_name_flags				@354
+	krb5_unparse_name_flags_ext			@355
+	krb5_verify_authdata_kdc_issued			@356
+; Accidentally left out until a 1.9/1.10 bugfix
+	krb5_set_trace_callback				@399
+	krb5_set_trace_filename				@400
+
+; More internal symbols used by gssapi
+	decode_krb5_error				@357 ; PRIVATE GSSAPI
+	decode_krb5_iakerb_finished			@358 ; PRIVATE GSSAPI
+	decode_krb5_iakerb_header			@359 ; PRIVATE GSSAPI
+	encode_krb5_iakerb_finished			@360 ; PRIVATE GSSAPI
+	encode_krb5_iakerb_header			@361 ; PRIVATE GSSAPI
+	encode_krb5_ticket				@362 ; PRIVATE GSSAPI
+	krb5_auth_con_get_authdata_context		@363 ; PRIVATE GSSAPI
+	krb5_auth_con_set_authdata_context		@364 ; PRIVATE GSSAPI
+	krb5_authdata_context_copy			@365 ; PRIVATE GSSAPI
+	krb5_authdata_context_free			@366 ; PRIVATE GSSAPI
+	krb5_authdata_context_init			@367 ; PRIVATE GSSAPI
+	krb5_authdata_delete_attribute			@368 ; PRIVATE GSSAPI
+	krb5_authdata_export_attributes			@369 ; PRIVATE GSSAPI
+	krb5_authdata_export_authdata			@370 ; PRIVATE GSSAPI
+	krb5_authdata_export_internal			@371 ; PRIVATE GSSAPI
+	krb5_authdata_free_internal			@372 ; PRIVATE GSSAPI
+	krb5_authdata_get_attribute			@373 ; PRIVATE GSSAPI
+	krb5_authdata_get_attribute_types		@374 ; PRIVATE GSSAPI
+	krb5_authdata_import_attributes			@375 ; PRIVATE GSSAPI
+	krb5_authdata_set_attribute			@376 ; PRIVATE GSSAPI
+	krb5_free_iakerb_finished			@377 ; PRIVATE GSSAPI
+	krb5_free_iakerb_header				@378 ; PRIVATE GSSAPI
+	krb5_get_credentials_for_user			@379 ; PRIVATE GSSAPI
+	krb5_get_credentials_for_proxy			@380 ; PRIVATE GSSAPI
+	krb5_sendto_kdc					@381 ; PRIVATE GSSAPI
+	krb5int_copy_data_contents_add0			@382 ; PRIVATE GSSAPI
+	krb5int_free_data_list				@383 ; PRIVATE GSSAPI
+
+; new in 1.10
+	krb5_sname_match				@384
+	k5_kt_get_principal				@385 ; PRIVATE GSSAPI
+	krb5_init_context_profile			@386
+	krb5int_c_mandatory_cksumtype			@387 ; PRIVATE GSSAPI
+	krb5int_arcfour_gsscrypt			@388 ; PRIVATE GSSAPI
+	krb5_cc_cache_match				@389
+	krb5_cc_get_full_name				@390
+	krb5_cc_support_switch				@391
+	krb5_cc_switch					@392
+	krb5_free_string				@393
+	krb5_cc_select					@394
+	krb5_pac_sign					@395
+	krb5_find_authdata				@396
+	krb5_check_clockskew				@397
+
+; new in 1.11 (note that 399-400 are used above)
+	krb5_chpw_message				@398
+	krb5_kt_have_content				@401
+	krb5_cccol_have_content				@402
+	krb5_kt_client_default				@403
+	krb5int_cc_user_set_default_name		@404 ; PRIVATE LEASH
+	krb5_get_init_creds_opt_set_responder		@405
+	krb5_responder_get_challenge			@406
+	krb5_responder_list_questions			@407
+	krb5_responder_set_answer			@408
+	k5_rc_resolve					@410 ; PRIVATE GSSAPI
+	k5_rc_get_name					@411 ; PRIVATE GSSAPI
+	krb5_responder_otp_get_challenge		@413
+	krb5_responder_otp_set_answer			@414
+	krb5_responder_otp_challenge_free		@415
+	krb5_cc_move					@416
+	krb5_get_init_creds_opt_set_in_ccache		@417
+
+; new in 1.12
+	krb5_free_enctypes				@419
+	krb5_kt_dup					@420
+	krb5_responder_pkinit_get_challenge		@421
+	krb5_responder_pkinit_set_answer		@422
+	krb5_responder_pkinit_challenge_free		@423
+	krb5_auth_con_setpermetypes			@424 ; PRIVATE GSSAPI
+	krb5_rd_req_decoded				@425 ; PRIVATE GSSAPI
+
+; new in 1.13
+	k5_change_error_message_code			@426 ; PRIVATE GSSAPI
+
+; new in 1.14
+	krb5_prepend_error_message			@427
+	krb5_vprepend_error_message			@428
+	krb5_wrap_error_message 			@429
+	krb5_vwrap_error_message			@430
+	krb5_c_prfplus					@431
+	krb5_c_derive_prfplus				@432
+
+; new in 1.15
+	krb5_set_kdc_send_hook				@433
+	krb5_set_kdc_recv_hook				@434
+	krb5_get_init_creds_opt_set_pac_request		@435
+	krb5int_trace					@436 ; PRIVATE GSSAPI
+	krb5_expand_hostname				@437
+
+; new in 1.16
+	k5_enctype_to_ssf				@438 ; PRIVATE GSSAPI
+
+; new in 1.17
+	krb5_get_etype_info				@447
+	krb5_pac_sign_ext				@448
+	krb5_pac_verify_ext				@449
+; private symbols used by SPAKE client module
+	profile_get_string				@439 ; PRIVATE
+	profile_release_string				@440 ; PRIVATE
+	k5_sha256					@441 ; PRIVATE
+	krb5_encrypt_helper				@442 ; PRIVATE
+	encode_krb5_spake_factor			@443 ; PRIVATE
+	encode_krb5_pa_spake				@444 ; PRIVATE
+	decode_krb5_pa_spake				@445 ; PRIVATE
+	k5_free_pa_spake				@446 ; PRIVATE
+
+; new in 1.18
+	krb5int_c_deprecated_enctype			@450 ; PRIVATE
+	krb5_pac_get_client_info			@451
+	k5_externalize_auth_context			@452 ; PRIVATE GSSAPI
+	k5_externalize_authdata				@453 ; PRIVATE GSSAPI
+	k5_externalize_authdata_context			@454 ; PRIVATE GSSAPI
+	k5_externalize_context				@455 ; PRIVATE GSSAPI
+	k5_externalize_keyblock				@456 ; PRIVATE GSSAPI
+	k5_externalize_principal			@457 ; PRIVATE GSSAPI
+	k5_internalize_auth_context			@458 ; PRIVATE GSSAPI
+	k5_internalize_authdata				@459 ; PRIVATE GSSAPI
+	k5_internalize_authdata_context			@460 ; PRIVATE GSSAPI
+	k5_internalize_context				@461 ; PRIVATE GSSAPI
+	k5_internalize_keyblock				@462 ; PRIVATE GSSAPI
+	k5_internalize_principal			@463 ; PRIVATE GSSAPI
+	k5_size_auth_context				@464 ; PRIVATE GSSAPI
+	k5_size_authdata				@465 ; PRIVATE GSSAPI
+	k5_size_authdata_context			@466 ; PRIVATE GSSAPI
+	k5_size_context					@467 ; PRIVATE GSSAPI
+	k5_size_keyblock				@468 ; PRIVATE GSSAPI
+	k5_size_principal				@469 ; PRIVATE GSSAPI
+
+; new in 1.19
+	k5_cc_store_primary_cred			@470 ; PRIVATE
+	k5_kt_have_match				@471 ; PRIVATE GSSAPI
+
+; new in 1.20
+	krb5_marshal_credentials			@472
+	krb5_unmarshal_credentials			@473
+	k5_sname_compare				@474 ; PRIVATE GSSAPI
+	krb5_kdc_sign_ticket                            @475 ;
+	krb5_kdc_verify_ticket                          @476 ;
diff --git a/krb5-1.21.3/src/lib/rpc/Makefile.in b/krb5-1.21.3/src/lib/rpc/Makefile.in
new file mode 100644
index 00000000..39db2d3c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/Makefile.in
@@ -0,0 +1,235 @@
+mydir=lib$(S)rpc
+BUILDTOP=$(REL)..$(S)..
+DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0 -DGSSRPC__IMPL
+
+SUBDIRS=unit-test
+
+##DOSBUILDTOP = ..\..
+##DOSLIBNAME=libgssrpc.lib
+
+LIBBASE=gssrpc
+LIBMAJOR=4
+LIBMINOR=2
+SHLIB_EXPDEPS= \
+	$(TOPLIBD)/libgssapi_krb5$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT) \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(COM_ERR_DEPLIB)
+SHLIB_EXPLIBS=-lgssapi_krb5 -lkrb5 -lk5crypto $(COM_ERR_LIB) $(LIBS)
+RELDIR=rpc
+
+SRCS = $(srcdir)/auth_none.c \
+	$(srcdir)/auth_unix.c \
+	$(srcdir)/authgss_prot.c \
+	$(srcdir)/authunix_prot.c \
+	$(srcdir)/auth_gss.c \
+	$(srcdir)/auth_gssapi.c \
+	$(srcdir)/auth_gssapi_misc.c \
+	$(srcdir)/bindresvport.c \
+	$(srcdir)/clnt_generic.c \
+	$(srcdir)/clnt_perror.c \
+	$(srcdir)/clnt_raw.c \
+	$(srcdir)/clnt_simple.c \
+	$(srcdir)/clnt_tcp.c \
+	$(srcdir)/clnt_udp.c \
+	$(srcdir)/dyn.c \
+	$(srcdir)/rpc_dtablesize.c \
+	$(srcdir)/get_myaddress.c \
+	$(srcdir)/getrpcport.c \
+	$(srcdir)/pmap_clnt.c \
+	$(srcdir)/pmap_getmaps.c \
+	$(srcdir)/pmap_getport.c \
+	$(srcdir)/pmap_prot.c \
+	$(srcdir)/pmap_prot2.c \
+	$(srcdir)/pmap_rmt.c \
+	$(srcdir)/rpc_prot.c \
+	$(srcdir)/rpc_commondata.c \
+	$(srcdir)/rpc_callmsg.c \
+	$(srcdir)/svc.c \
+	$(srcdir)/svc_auth.c \
+	$(srcdir)/svc_auth_gss.c \
+	$(srcdir)/svc_auth_none.c \
+	$(srcdir)/svc_auth_unix.c \
+	$(srcdir)/svc_auth_gssapi.c \
+	$(srcdir)/svc_raw.c \
+	$(srcdir)/svc_run.c \
+	$(srcdir)/svc_simple.c \
+	$(srcdir)/svc_tcp.c \
+	$(srcdir)/svc_udp.c \
+	$(srcdir)/xdr.c \
+	$(srcdir)/xdr_array.c \
+	$(srcdir)/xdr_float.c \
+	$(srcdir)/xdr_mem.c \
+	$(srcdir)/xdr_rec.c \
+	$(srcdir)/xdr_reference.c \
+	$(srcdir)/xdr_stdio.c \
+	$(srcdir)/xdr_sizeof.c \
+	$(srcdir)/xdr_alloc.c
+
+OBJS = auth_none.$(OBJEXT) \
+	auth_unix.$(OBJEXT) \
+	authunix_prot.$(OBJEXT) \
+	authgss_prot.$(OBJEXT) \
+	auth_gss.$(OBJEXT) \
+	auth_gssapi.$(OBJEXT) \
+	auth_gssapi_misc.$(OBJEXT) \
+	bindresvport.$(OBJEXT) \
+	clnt_generic.$(OBJEXT) \
+	clnt_perror.$(OBJEXT) \
+	clnt_raw.$(OBJEXT) \
+	clnt_simple.$(OBJEXT) \
+	clnt_tcp.$(OBJEXT) \
+	clnt_udp.$(OBJEXT) \
+	dyn.$(OBJEXT) \
+	rpc_dtablesize.$(OBJEXT) \
+	get_myaddress.$(OBJEXT) \
+	getrpcport.$(OBJEXT) \
+	pmap_clnt.$(OBJEXT) \
+	pmap_getmaps.$(OBJEXT) \
+	pmap_getport.$(OBJEXT) \
+	pmap_prot.$(OBJEXT) \
+	pmap_prot2.$(OBJEXT) \
+	pmap_rmt.$(OBJEXT) \
+	rpc_prot.$(OBJEXT) \
+	rpc_commondata.$(OBJEXT) \
+	rpc_callmsg.$(OBJEXT) \
+	svc.$(OBJEXT) \
+	svc_auth.$(OBJEXT) \
+	svc_auth_gss.$(OBJEXT) \
+	svc_auth_none.$(OBJEXT) \
+	svc_auth_unix.$(OBJEXT) \
+	svc_auth_gssapi.$(OBJEXT) \
+	svc_raw.$(OBJEXT) \
+	svc_run.$(OBJEXT) \
+	svc_simple.$(OBJEXT) \
+	svc_tcp.$(OBJEXT) \
+	svc_udp.$(OBJEXT) \
+	xdr.$(OBJEXT) \
+	xdr_array.$(OBJEXT) \
+	xdr_float.$(OBJEXT) \
+	xdr_mem.$(OBJEXT) \
+	xdr_rec.$(OBJEXT) \
+	xdr_reference.$(OBJEXT) \
+	xdr_stdio.$(OBJEXT) \
+	xdr_sizeof.$(OBJEXT) \
+	xdr_alloc.$(OBJEXT)
+
+STLIBOBJS = \
+	auth_none.o \
+	auth_unix.o \
+	authgss_prot.o \
+	authunix_prot.o \
+	auth_gss.o \
+	auth_gssapi.o \
+	auth_gssapi_misc.o \
+	bindresvport.o \
+	clnt_generic.o \
+	clnt_perror.o \
+	clnt_raw.o \
+	clnt_simple.o \
+	clnt_tcp.o \
+	clnt_udp.o \
+	dyn.o \
+	rpc_dtablesize.o \
+	get_myaddress.o \
+	getrpcport.o \
+	pmap_clnt.o \
+	pmap_getmaps.o \
+	pmap_getport.o \
+	pmap_prot.o \
+	pmap_prot2.o \
+	pmap_rmt.o \
+	rpc_prot.o \
+	rpc_commondata.o \
+	rpc_callmsg.o \
+	svc.o \
+	svc_auth.o \
+	svc_auth_gss.o \
+	svc_auth_gssapi.o \
+	svc_auth_none.o \
+	svc_auth_unix.o \
+	svc_raw.o \
+	svc_run.o \
+	svc_simple.o \
+	svc_tcp.o \
+	svc_udp.o \
+	xdr.o \
+	xdr_array.o \
+	xdr_float.o \
+	xdr_mem.o \
+	xdr_rec.o \
+	xdr_reference.o \
+	xdr_stdio.o \
+	xdr_sizeof.o \
+	xdr_alloc.o
+
+HDRDIR=$(BUILDTOP)/include/gssrpc
+
+all-prerecurse: all-liblinks
+
+all-windows: $(OBJS)
+
+generate-files-mac: darwin.exports
+
+install-unix: install-libs
+
+install-unix:
+	for i in $(SRC_HDRS); do \
+		(set -x; $(INSTALL_DATA) $(srcdir)/../../include/gssrpc/$$i $(DESTDIR)$(KRB5_INCDIR)$(S)gssrpc$(S)$$i) ; \
+	done
+	for i in $(BUILD_HDRS); do \
+		(set -x; $(INSTALL_DATA) ../../include/gssrpc/$$i $(DESTDIR)$(KRB5_INCDIR)$(S)gssrpc$(S)$$i) ; \
+	done
+
+BUILD_HDRS = types.h
+SRC_HDRS = auth.h auth_gss.h auth_gssapi.h auth_unix.h clnt.h \
+	netdb.h pmap_clnt.h pmap_prot.h pmap_rmt.h rename.h \
+	rpc.h rpc_msg.h svc.h svc_auth.h xdr.h
+
+check-windows:
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+clean-windows::
+
+# stuff picked up from old "dyn" library
+#check-unix: run-dyntest
+run-dyntest: dyntest
+	./dyntest
+dyntest: dyntest.o dyn.o
+	$(CC) -o dyntest dyntest.o dyn.o
+clean-unix:: clean-dyntest
+clean-dyntest:
+	$(RM) dyntest dyntest.o
+
+LCLINT=		lclint
+# +posixlib     gets more complete errno list than ansilib
+# -usedef       turns off bogus warnings from poor dataflow analysis (should be
+#               redundant with gcc warnings anyways)
+# -warnposix
+# +charintliteral
+# +ignoresigns
+# -predboolint
+# -exportlocal
+# -retvalint    allow ignoring of int return values (e.g., fputs)
+LCLINTOPTS=+posixlib \
+        +ignoresigns -predboolint \
+        +mod-uncon +modinternalstrict +modfilesys \
+        -expect 2
+do-dyn-lclint:
+	$(LCLINT) $(LCLINTOPTS) $(LOCALINCLUDES) $(DEFS) dyn.c dyntest.c
+
+$(BUILDTOP)/include/gssrpc/types.h: types.stamp
+types.stamp: $(top_srcdir)/include/gssrpc/types.hin $(BUILDTOP)/config.status
+	(cd $(BUILDTOP) && $(SHELL) config.status include/gssrpc/types.h)
+	touch types.stamp
+
+clean-unix::
+	$(RM) types.stamp $(BUILDTOP)/include/gssrpc/types.h
+clean-windows::
+	$(RM) types.stamp
+
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/lib/rpc/auth_gss.c b/krb5-1.21.3/src/lib/rpc/auth_gss.c
new file mode 100644
index 00000000..319bc759
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/auth_gss.c
@@ -0,0 +1,627 @@
+/* lib/rpc/auth_gss.c */
+/*
+  Copyright (c) 2000 The Regents of the University of Michigan.
+  All rights reserved.
+
+  Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+  All rights reserved, all wrongs reversed.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+  3. Neither the name of the University nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+  Id: auth_gss.c,v 1.35 2002/10/15 21:25:25 kwc Exp
+*/
+
+/* RPCSEC_GSS client routines. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/auth.h>
+#include <gssrpc/auth_gss.h>
+#include <gssrpc/clnt.h>
+#include <netinet/in.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
+#else
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#endif
+
+#ifdef DEBUG_GSSAPI
+int auth_debug_gss = DEBUG_GSSAPI;
+int misc_debug_gss = DEBUG_GSSAPI;
+#endif
+
+static void	authgss_nextverf(AUTH *);
+static bool_t	authgss_marshal(AUTH *, XDR *);
+static bool_t	authgss_refresh(AUTH *, struct rpc_msg *);
+static bool_t	authgss_validate(AUTH *, struct opaque_auth *);
+static void	authgss_destroy(AUTH *);
+static void	authgss_destroy_context(AUTH *);
+static bool_t	authgss_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t	authgss_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+
+
+/*
+ * from mit-krb5-1.2.1 mechglue/mglueP.h:
+ * Array of context IDs typed by mechanism OID
+ */
+typedef struct gss_union_ctx_id_t {
+  gss_OID     mech_type;
+  gss_ctx_id_t    internal_ctx_id;
+} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
+
+static struct auth_ops authgss_ops = {
+	authgss_nextverf,
+	authgss_marshal,
+	authgss_validate,
+	authgss_refresh,
+	authgss_destroy,
+	authgss_wrap,
+	authgss_unwrap
+};
+
+#ifdef DEBUG
+
+/* useful as i add more mechanisms */
+void
+print_rpc_gss_sec(struct rpc_gss_sec *ptr)
+{
+	int i;
+	char *p;
+
+	log_debug("rpc_gss_sec:");
+	if(ptr->mech == NULL)
+		log_debug("NULL gss_OID mech");
+	else {
+		fprintf(stderr, "     mechanism_OID: {");
+		p = (char *)ptr->mech->elements;
+		for (i=0; i < ptr->mech->length; i++)
+			/* First byte of OIDs encoded to save a byte */
+			if (i == 0) {
+				int first, second;
+				if (*p < 40) {
+					first = 0;
+					second = *p;
+				}
+				else if (40 <= *p && *p < 80) {
+					first = 1;
+					second = *p - 40;
+				}
+				else if (80 <= *p && *p < 127) {
+					first = 2;
+					second = *p - 80;
+				}
+				else {
+					/* Invalid value! */
+					first = -1;
+					second = -1;
+				}
+				fprintf(stderr, " %u %u", first, second);
+				p++;
+			}
+			else {
+				fprintf(stderr, " %u", (unsigned char)*p++);
+			}
+		fprintf(stderr, " }\n");
+	}
+	fprintf(stderr, "     qop: %d\n", ptr->qop);
+	fprintf(stderr, "     service: %d\n", ptr->svc);
+	fprintf(stderr, "     cred: %p\n", ptr->cred);
+	fprintf(stderr, "     req_flags: 0x%08x", ptr->req_flags);
+}
+#endif /*DEBUG*/
+
+struct rpc_gss_data {
+	bool_t			 established;	/* context established */
+	bool_t			 inprogress;
+  gss_buffer_desc      gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier
+                                   * to process at end of context negotiation*/
+	CLIENT			*clnt;		/* client handle */
+	gss_name_t		 name;		/* service name */
+	struct rpc_gss_sec	 sec;		/* security tuple */
+	gss_ctx_id_t		 ctx;		/* context id */
+	struct rpc_gss_cred	 gc;		/* client credentials */
+	uint32_t		 win;		/* sequence window */
+};
+
+#define	AUTH_PRIVATE(auth)	((struct rpc_gss_data *)auth->ah_private)
+
+static struct timeval AUTH_TIMEOUT = { 25, 0 };
+
+AUTH *
+authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
+{
+	AUTH			*auth, *save_auth;
+	struct rpc_gss_data	*gd;
+	OM_uint32		min_stat = 0;
+
+	log_debug("in authgss_create()");
+
+	memset(&rpc_createerr, 0, sizeof(rpc_createerr));
+
+	if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = ENOMEM;
+		return (NULL);
+	}
+	if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = ENOMEM;
+		free(auth);
+		return (NULL);
+	}
+	if (name != GSS_C_NO_NAME) {
+		if (gss_duplicate_name(&min_stat, name, &gd->name)
+						!= GSS_S_COMPLETE) {
+			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+			rpc_createerr.cf_error.re_errno = ENOMEM;
+			free(auth);
+			free(gd);
+			return (NULL);
+		}
+	}
+	else
+		gd->name = name;
+
+	gd->clnt = clnt;
+	gd->ctx = GSS_C_NO_CONTEXT;
+	gd->sec = *sec;
+
+	gd->gc.gc_v = RPCSEC_GSS_VERSION;
+	gd->gc.gc_proc = RPCSEC_GSS_INIT;
+	gd->gc.gc_svc = gd->sec.svc;
+
+	auth->ah_ops = &authgss_ops;
+	auth->ah_private = (caddr_t)gd;
+
+	save_auth = clnt->cl_auth;
+	clnt->cl_auth = auth;
+
+	if (!authgss_refresh(auth, NULL))
+		auth = NULL;
+
+	clnt->cl_auth = save_auth;
+
+	log_debug("authgss_create returning auth 0x%08x", auth);
+	return (auth);
+}
+
+AUTH *
+authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
+{
+	AUTH			*auth;
+	OM_uint32		 maj_stat = 0, min_stat = 0;
+	gss_buffer_desc		 sname;
+	gss_name_t		 name;
+
+	log_debug("in authgss_create_default()");
+
+
+	sname.value = service;
+	sname.length = strlen(service);
+
+	maj_stat = gss_import_name(&min_stat, &sname,
+		(gss_OID)gss_nt_service_name,
+		&name);
+
+	if (maj_stat != GSS_S_COMPLETE) {
+		log_status("gss_import_name", maj_stat, min_stat);
+		rpc_createerr.cf_stat = RPC_AUTHERROR;
+		return (NULL);
+	}
+
+	auth = authgss_create(clnt, name, sec);
+
+ 	if (name != GSS_C_NO_NAME)
+ 		gss_release_name(&min_stat, &name);
+
+	log_debug("authgss_create_default returning auth 0x%08x", auth);
+	return (auth);
+}
+
+bool_t
+authgss_get_private_data(AUTH *auth, struct authgss_private_data *pd)
+{
+	struct rpc_gss_data	*gd;
+
+	log_debug("in authgss_get_private_data()");
+
+	if (!auth || !pd)
+		return (FALSE);
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (!gd || !gd->established)
+		return (FALSE);
+
+	pd->pd_ctx = gd->ctx;
+	pd->pd_ctx_hndl = gd->gc.gc_ctx;
+	pd->pd_seq_win = gd->win;
+
+	return (TRUE);
+}
+
+static void
+authgss_nextverf(AUTH *auth)
+{
+	log_debug("in authgss_nextverf()\n");
+	/* no action necessary */
+}
+
+static bool_t
+authgss_marshal(AUTH *auth, XDR *xdrs)
+{
+	XDR			 tmpxdrs;
+	char			 tmp[MAX_AUTH_BYTES];
+	struct rpc_gss_data	*gd;
+	gss_buffer_desc		 rpcbuf, checksum;
+	OM_uint32		 maj_stat, min_stat;
+	bool_t			 xdr_stat;
+
+	log_debug("in authgss_marshal()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (gd->established)
+		gd->gc.gc_seq++;
+
+	xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
+
+	if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) {
+		XDR_DESTROY(&tmpxdrs);
+		return (FALSE);
+	}
+	auth->ah_cred.oa_flavor = RPCSEC_GSS;
+	auth->ah_cred.oa_base = tmp;
+	auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
+
+	XDR_DESTROY(&tmpxdrs);
+
+	if (!xdr_opaque_auth(xdrs, &auth->ah_cred))
+		return (FALSE);
+
+	if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
+	    gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
+		return (xdr_opaque_auth(xdrs, &gssrpc__null_auth));
+	}
+	/* Checksum serialized RPC header, up to and including credential. */
+	rpcbuf.length = XDR_GETPOS(xdrs);
+	XDR_SETPOS(xdrs, 0);
+	rpcbuf.value = XDR_INLINE(xdrs, (int)rpcbuf.length);
+
+	maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
+			    &rpcbuf, &checksum);
+
+	if (maj_stat != GSS_S_COMPLETE) {
+		log_status("gss_get_mic", maj_stat, min_stat);
+		if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+			gd->established = FALSE;
+			authgss_destroy_context(auth);
+		}
+		return (FALSE);
+	}
+	auth->ah_verf.oa_flavor = RPCSEC_GSS;
+	auth->ah_verf.oa_base = checksum.value;
+	auth->ah_verf.oa_length = checksum.length;
+
+	xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
+	gss_release_buffer(&min_stat, &checksum);
+
+	return (xdr_stat);
+}
+
+static bool_t
+authgss_validate(AUTH *auth, struct opaque_auth *verf)
+{
+	struct rpc_gss_data	*gd;
+	uint32_t		 num;
+	gss_qop_t		 qop_state;
+	gss_buffer_desc		 signbuf, checksum;
+	OM_uint32		 maj_stat, min_stat;
+
+	log_debug("in authgss_validate()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (gd->established == FALSE) {
+		/* would like to do this only on NULL rpc - gc->established is good enough.
+		 * save the on the wire verifier to validate last INIT phase packet
+		 * after decode if the major status is GSS_S_COMPLETE
+		 */
+		if ((gd->gc_wire_verf.value = mem_alloc(verf->oa_length)) == NULL) {
+			fprintf(stderr, "gss_validate: out of memory\n");
+			return (FALSE);
+		}
+		memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
+		gd->gc_wire_verf.length = verf->oa_length;
+		return (TRUE);
+  	}
+
+	if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
+	    gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
+		num = htonl(gd->win);
+	}
+	else num = htonl(gd->gc.gc_seq);
+
+	signbuf.value = &num;
+	signbuf.length = sizeof(num);
+
+	checksum.value = verf->oa_base;
+	checksum.length = verf->oa_length;
+
+	maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
+				  &checksum, &qop_state);
+	if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
+		log_status("gss_verify_mic", maj_stat, min_stat);
+		if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+			gd->established = FALSE;
+			authgss_destroy_context(auth);
+		}
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+static bool_t
+authgss_refresh(AUTH *auth, struct rpc_msg *msg)
+{
+	struct rpc_gss_data	*gd;
+	struct rpc_gss_init_res	 gr;
+	gss_buffer_desc		*recv_tokenp, send_token;
+	OM_uint32		 maj_stat, min_stat, call_stat, ret_flags;
+
+	log_debug("in authgss_refresh()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (gd->established || gd->inprogress)
+		return (TRUE);
+
+	/* GSS context establishment loop. */
+	memset(&gr, 0, sizeof(gr));
+	recv_tokenp = GSS_C_NO_BUFFER;
+
+#ifdef DEBUG
+	print_rpc_gss_sec(&gd->sec);
+#endif /*DEBUG*/
+
+	for (;;) {
+		gd->inprogress = TRUE;
+		maj_stat = gss_init_sec_context(&min_stat,
+						gd->sec.cred,
+						&gd->ctx,
+						gd->name,
+						gd->sec.mech,
+						gd->sec.req_flags,
+						0,		/* time req */
+						GSS_C_NO_CHANNEL_BINDINGS,
+						recv_tokenp,
+						NULL,		/* used mech */
+						&send_token,
+						&ret_flags,
+						NULL);		/* time rec */
+
+		log_status("gss_init_sec_context", maj_stat, min_stat);
+		if (recv_tokenp != GSS_C_NO_BUFFER) {
+			free(gr.gr_token.value);
+			gr.gr_token.value = NULL;
+			recv_tokenp = GSS_C_NO_BUFFER;
+		}
+		if (maj_stat != GSS_S_COMPLETE &&
+		    maj_stat != GSS_S_CONTINUE_NEEDED) {
+			log_status("gss_init_sec_context (error)", maj_stat, min_stat);
+			break;
+		}
+		if (send_token.length != 0) {
+			memset(&gr, 0, sizeof(gr));
+
+			call_stat = clnt_call(gd->clnt, NULLPROC,
+					      xdr_rpc_gss_init_args,
+					      &send_token,
+					      xdr_rpc_gss_init_res,
+					      (caddr_t)&gr, AUTH_TIMEOUT);
+
+			gss_release_buffer(&min_stat, &send_token);
+
+			log_debug("authgss_refresh: call_stat=%d", call_stat);
+			log_debug("%s", clnt_sperror(gd->clnt, "authgss_refresh"));
+			if (call_stat != RPC_SUCCESS ||
+			    (gr.gr_major != GSS_S_COMPLETE &&
+			     gr.gr_major != GSS_S_CONTINUE_NEEDED))
+				break;
+
+			if (gr.gr_ctx.length != 0) {
+				free(gd->gc.gc_ctx.value);
+				gd->gc.gc_ctx = gr.gr_ctx;
+			}
+			if (gr.gr_token.length != 0) {
+				if (maj_stat != GSS_S_CONTINUE_NEEDED)
+					break;
+				recv_tokenp = &gr.gr_token;
+			}
+			gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
+		}
+
+		/* GSS_S_COMPLETE => check gss header verifier, usually checked in
+		 * gss_validate
+		 */
+		if (maj_stat == GSS_S_COMPLETE) {
+			gss_buffer_desc   bufin;
+			gss_buffer_desc   bufout;
+			uint32_t seq;
+			gss_qop_t qop_state = 0;
+
+			seq = htonl(gr.gr_win);
+			bufin.value = (u_char *)&seq;
+			bufin.length = sizeof(seq);
+			bufout.value = (u_char *)gd->gc_wire_verf.value;
+			bufout.length = gd->gc_wire_verf.length;
+
+			log_debug("authgss_refresh: GSS_S_COMPLETE: calling verify_mic");
+			maj_stat = gss_verify_mic(&min_stat,gd->ctx,
+				&bufin, &bufout, &qop_state);
+			free(gd->gc_wire_verf.value);
+			gd->gc_wire_verf.length = 0;
+			gd->gc_wire_verf.value = NULL;
+
+			if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
+				log_status("gss_verify_mic", maj_stat, min_stat);
+				if (maj_stat == GSS_S_CONTEXT_EXPIRED) {
+					gd->established = FALSE;
+					authgss_destroy_context(auth);
+				}
+				return (FALSE);
+			}
+			gd->established = TRUE;
+			gd->inprogress = FALSE;
+			gd->gc.gc_proc = RPCSEC_GSS_DATA;
+			gd->gc.gc_seq = 0;
+			gd->win = gr.gr_win;
+			break;
+		}
+	}
+	log_status("authgss_refresh: at end of context negotiation", maj_stat, min_stat);
+	/* End context negotiation loop. */
+	if (gd->gc.gc_proc != RPCSEC_GSS_DATA) {
+		log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc);
+		free(gr.gr_token.value);
+		authgss_destroy(auth);
+		auth = NULL;
+		rpc_createerr.cf_stat = RPC_AUTHERROR;
+
+		return (FALSE);
+	}
+	log_debug("authgss_refresh: returning SUCCESS");
+	return (TRUE);
+}
+
+bool_t
+authgss_service(AUTH *auth, int svc)
+{
+	struct rpc_gss_data	*gd;
+
+	log_debug("in authgss_service()");
+
+	if (!auth)
+		return(FALSE);
+	gd = AUTH_PRIVATE(auth);
+	if (!gd || !gd->established)
+		return (FALSE);
+	gd->sec.svc = svc;
+	gd->gc.gc_svc = svc;
+	return (TRUE);
+}
+
+static void
+authgss_destroy_context(AUTH *auth)
+{
+	struct rpc_gss_data	*gd;
+	OM_uint32		 min_stat;
+
+	log_debug("in authgss_destroy_context()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (gd->gc.gc_ctx.length != 0) {
+		if (gd->established) {
+			gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
+			(void)clnt_call(gd->clnt, NULLPROC, xdr_void, NULL,
+					xdr_void, NULL, AUTH_TIMEOUT);
+			log_debug("%s",
+				  clnt_sperror(gd->clnt,
+					       "authgss_destroy_context"));
+		}
+		free(gd->gc.gc_ctx.value);
+		/* XXX ANDROS check size of context  - should be 8 */
+		memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
+	}
+	if (gd->ctx != GSS_C_NO_CONTEXT) {
+		gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
+		gd->ctx = GSS_C_NO_CONTEXT;
+	}
+	gd->established = FALSE;
+
+	log_debug("finished authgss_destroy_context()");
+}
+
+static void
+authgss_destroy(AUTH *auth)
+{
+	struct rpc_gss_data	*gd;
+	OM_uint32		 min_stat;
+
+	log_debug("in authgss_destroy()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	authgss_destroy_context(auth);
+
+	if (gd->name != GSS_C_NO_NAME)
+		gss_release_name(&min_stat, &gd->name);
+
+	free(gd);
+	free(auth);
+}
+
+bool_t
+authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+	struct rpc_gss_data	*gd;
+
+	log_debug("in authgss_wrap()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+		return ((*xdr_func)(xdrs, xdr_ptr));
+	}
+	return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+				 gd->ctx, gd->sec.qop,
+				 gd->sec.svc, gd->gc.gc_seq));
+}
+
+bool_t
+authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+	struct rpc_gss_data	*gd;
+
+	log_debug("in authgss_unwrap()");
+
+	gd = AUTH_PRIVATE(auth);
+
+	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+		return ((*xdr_func)(xdrs, xdr_ptr));
+	}
+	return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+				 gd->ctx, gd->sec.qop,
+				 gd->sec.svc, gd->gc.gc_seq));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/auth_gssapi.c b/krb5-1.21.3/src/lib/rpc/auth_gssapi.c
new file mode 100644
index 00000000..8ab7ab5b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/auth_gssapi.c
@@ -0,0 +1,812 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/errno.h>
+
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#ifdef GSSAPI_KRB5
+#include <gssapi/gssapi_krb5.h>
+#endif
+
+#include <gssrpc/rpc.h>
+#include <gssrpc/auth_gssapi.h>
+
+#include "gssrpcint.h"
+
+#ifdef __CODECENTER__
+#define DEBUG_GSSAPI 1
+#endif
+
+#ifdef DEBUG_GSSAPI
+int auth_debug_gssapi = DEBUG_GSSAPI;
+extern void gssrpcint_printf(const char *format, ...);
+#define L_PRINTF(l,args) if (auth_debug_gssapi >= l) gssrpcint_printf args
+#define PRINTF(args) L_PRINTF(99, args)
+#define AUTH_GSSAPI_DISPLAY_STATUS(args) \
+	if (auth_debug_gssapi) auth_gssapi_display_status args
+#else
+#define PRINTF(args)
+#define L_PRINTF(l, args)
+#define AUTH_GSSAPI_DISPLAY_STATUS(args)
+#endif
+
+static void 	auth_gssapi_nextverf(AUTH *);
+static bool_t 	auth_gssapi_marshall(AUTH *, XDR *);
+static bool_t	auth_gssapi_validate(AUTH *, struct opaque_auth *);
+static bool_t	auth_gssapi_refresh(AUTH *, struct rpc_msg *);
+static bool_t	auth_gssapi_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t	auth_gssapi_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+static void	auth_gssapi_destroy(AUTH *);
+
+static bool_t	marshall_new_creds(AUTH *, bool_t, gss_buffer_t);
+
+static struct auth_ops auth_gssapi_ops = {
+     auth_gssapi_nextverf,
+     auth_gssapi_marshall,
+     auth_gssapi_validate,
+     auth_gssapi_refresh,
+     auth_gssapi_destroy,
+     auth_gssapi_wrap,
+     auth_gssapi_unwrap,
+};
+
+/*
+ * the ah_private data structure for an auth_handle
+ */
+struct auth_gssapi_data {
+     bool_t established;
+     CLIENT *clnt;
+     gss_ctx_id_t context;
+     gss_buffer_desc client_handle;
+     uint32_t seq_num;
+     int def_cred;
+
+     /* pre-serialized ah_cred */
+     unsigned char cred_buf[MAX_AUTH_BYTES];
+     uint32_t cred_len;
+};
+#define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private)
+
+/*
+ * Function: auth_gssapi_create_default
+ *
+ * Purpose:  Create a GSS-API style authenticator, with default
+ * options, and return the handle.
+ *
+ * Effects: See design document, section XXX.
+ */
+AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name)
+{
+     AUTH *auth;
+     OM_uint32 gssstat, minor_stat;
+     gss_buffer_desc input_name;
+     gss_name_t target_name;
+
+     input_name.value = service_name;
+     input_name.length = strlen(service_name) + 1;
+
+     gssstat = gss_import_name(&minor_stat, &input_name,
+			       gss_nt_service_name, &target_name);
+     if (gssstat != GSS_S_COMPLETE) {
+	  AUTH_GSSAPI_DISPLAY_STATUS(("parsing name", gssstat,
+				      minor_stat));
+	  rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+	  rpc_createerr.cf_error.re_errno = ENOMEM;
+	  return NULL;
+     }
+
+     auth = auth_gssapi_create(clnt,
+			       &gssstat,
+			       &minor_stat,
+			       GSS_C_NO_CREDENTIAL,
+			       target_name,
+			       GSS_C_NULL_OID,
+			       GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+			       0,
+			       NULL,
+			       NULL,
+			       NULL);
+
+     gss_release_name(&minor_stat, &target_name);
+     return auth;
+}
+
+/*
+ * Function: auth_gssapi_create
+ *
+ * Purpose: Create a GSS-API style authenticator, with all the
+ * options, and return the handle.
+ *
+ * Effects: See design document, section XXX.
+ */
+AUTH *auth_gssapi_create(
+     CLIENT *clnt,
+     OM_uint32 *gssstat,
+     OM_uint32 *minor_stat,
+     gss_cred_id_t claimant_cred_handle,
+     gss_name_t target_name,
+     gss_OID mech_type,
+     OM_uint32 req_flags,
+     OM_uint32 time_req,
+     gss_OID *actual_mech_type,
+     OM_uint32 *ret_flags,
+     OM_uint32 *time_rec)
+{
+     AUTH *auth, *save_auth;
+     struct auth_gssapi_data *pdata;
+     struct gss_channel_bindings_struct bindings, *bindp;
+     struct sockaddr_in laddr, raddr;
+     enum clnt_stat callstat;
+     struct timeval timeout;
+     int bindings_failed;
+     rpcproc_t init_func;
+
+     auth_gssapi_init_arg call_arg;
+     auth_gssapi_init_res call_res;
+     gss_buffer_desc *input_token, isn_buf;
+
+     memset(&rpc_createerr, 0, sizeof(rpc_createerr));
+
+     /* this timeout is only used if clnt_control(clnt, CLSET_TIMEOUT) */
+     /* has not already been called.. therefore, we can just pick */
+     /* something reasonable-sounding.. */
+     timeout.tv_sec = 30;
+     timeout.tv_usec = 0;
+
+     auth = NULL;
+     pdata = NULL;
+
+     /* don't assume the caller will want to change clnt->cl_auth */
+     save_auth = clnt->cl_auth;
+
+     auth = (AUTH *) malloc(sizeof(*auth));
+     pdata = (struct auth_gssapi_data *) malloc(sizeof(*pdata));
+     if (auth == NULL || pdata == NULL) {
+	  /* They needn't both have failed; clean up.  */
+	  free(auth);
+	  free(pdata);
+	  auth = NULL;
+	  pdata = NULL;
+	  rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+	  rpc_createerr.cf_error.re_errno = ENOMEM;
+	  goto cleanup;
+     }
+     memset(auth, 0, sizeof(*auth));
+     memset(pdata, 0, sizeof(*pdata));
+
+     auth->ah_ops = &auth_gssapi_ops;
+     auth->ah_private = (caddr_t) pdata;
+
+     /* initial creds are auth_msg TRUE and no handle */
+     marshall_new_creds(auth, TRUE, NULL);
+
+     /* initial verifier is empty */
+     auth->ah_verf.oa_flavor = AUTH_GSSAPI;
+     auth->ah_verf.oa_base = NULL;
+     auth->ah_verf.oa_length = 0;
+
+     AUTH_PRIVATE(auth)->established = FALSE;
+     AUTH_PRIVATE(auth)->clnt = clnt;
+     AUTH_PRIVATE(auth)->def_cred = (claimant_cred_handle ==
+				     GSS_C_NO_CREDENTIAL);
+
+     clnt->cl_auth = auth;
+
+     /* start by trying latest version */
+     call_arg.version = 4;
+     bindings_failed = 0;
+
+try_new_version:
+     /* set state for initial call to init_sec_context */
+     input_token = GSS_C_NO_BUFFER;
+     AUTH_PRIVATE(auth)->context = GSS_C_NO_CONTEXT;
+     init_func = AUTH_GSSAPI_INIT;
+
+#ifdef GSSAPI_KRB5
+     /*
+      * OV servers up to version 3 used the old mech id.  Beta 7
+      * servers used version 3 with the new mech id; however, the beta
+      * 7 gss-api accept_sec_context accepts either mech id.  Thus, if
+      * any server rejects version 4, we fall back to version 3 with
+      * the old mech id; for the OV server it will be right, and for
+      * the beta 7 server it will be accepted.  Not ideal, but it
+      * works.
+      */
+     if (call_arg.version < 4 && (mech_type == gss_mech_krb5 ||
+				  mech_type == GSS_C_NULL_OID))
+	  mech_type = (gss_OID) gss_mech_krb5_old;
+#endif
+
+     if (!bindings_failed && call_arg.version >= 3) {
+	  if (clnt_control(clnt, CLGET_LOCAL_ADDR, &laddr) == FALSE) {
+	       PRINTF(("gssapi_create: CLGET_LOCAL_ADDR failed"));
+	       goto cleanup;
+	  }
+	  if (clnt_control(clnt, CLGET_SERVER_ADDR, &raddr) == FALSE) {
+	       PRINTF(("gssapi_create: CLGET_SERVER_ADDR failed"));
+	       goto cleanup;
+	  }
+
+	  memset(&bindings, 0, sizeof(bindings));
+	  bindings.application_data.length = 0;
+	  bindings.initiator_addrtype = GSS_C_AF_INET;
+	  bindings.initiator_address.length = 4;
+	  bindings.initiator_address.value = &laddr.sin_addr.s_addr;
+
+	  bindings.acceptor_addrtype = GSS_C_AF_INET;
+	  bindings.acceptor_address.length = 4;
+	  bindings.acceptor_address.value = &raddr.sin_addr.s_addr;
+	  bindp = &bindings;
+     } else {
+	  bindp = NULL;
+     }
+
+     memset(&call_res, 0, sizeof(call_res));
+
+next_token:
+     *gssstat = gss_init_sec_context(minor_stat,
+				     claimant_cred_handle,
+				     &AUTH_PRIVATE(auth)->context,
+				     target_name,
+				     mech_type,
+				     req_flags,
+				     time_req,
+				     bindp,
+				     input_token,
+				     actual_mech_type,
+				     &call_arg.token,
+				     ret_flags,
+				     time_rec);
+
+     if (*gssstat != GSS_S_COMPLETE && *gssstat != GSS_S_CONTINUE_NEEDED) {
+	  AUTH_GSSAPI_DISPLAY_STATUS(("initializing context", *gssstat,
+				      *minor_stat));
+	  goto cleanup;
+     }
+
+     /* if we got a token, pass it on */
+     if (call_arg.token.length != 0) {
+
+	  /*
+	   * sanity check: if we received a signed isn in the last
+	   * response then there *cannot* be another token to send
+	   */
+	  if (call_res.signed_isn.length != 0) {
+	       PRINTF(("gssapi_create: unexpected token from init_sec\n"));
+	       goto cleanup;
+	  }
+
+	  PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func));
+
+	  xdr_free(xdr_authgssapi_init_res, &call_res);
+	  memset(&call_res, 0, sizeof(call_res));
+	  callstat = clnt_call(clnt, init_func,
+			       xdr_authgssapi_init_arg, &call_arg,
+			       xdr_authgssapi_init_res, &call_res,
+			       timeout);
+	  gss_release_buffer(minor_stat, &call_arg.token);
+
+	  if (callstat != RPC_SUCCESS) {
+	       struct rpc_err err;
+
+	       clnt_geterr(clnt, &err);
+	       if (callstat == RPC_AUTHERROR &&
+		   (err.re_why == AUTH_BADCRED || err.re_why == AUTH_FAILED)
+		   && call_arg.version >= 1) {
+		    L_PRINTF(1,
+			     ("call_arg protocol version %d rejected, trying %d.\n",
+			    call_arg.version, call_arg.version-1));
+		    call_arg.version--;
+		    goto try_new_version;
+	       } else {
+		    PRINTF(("gssapi_create: GSSAPI_INIT (%d) failed, stat %d\n",
+			    init_func, callstat));
+	       }
+
+	       goto cleanup;
+	  } else if (call_res.version != call_arg.version &&
+		     !(call_arg.version == 2 && call_res.version == 1)) {
+	       /*
+		* The Secure 1.1 servers always respond with version
+		* 1.  Thus, if we just tried a version >=3, fall all
+		* the way back to version 1 since that is all they
+		* understand
+		*/
+	       if (call_arg.version > 2 && call_res.version == 1) {
+		    L_PRINTF(1,
+			     ("Talking to Secure 1.1 server, using version 1.\n"));
+		    call_arg.version = 1;
+		    goto try_new_version;
+	       }
+
+	       PRINTF(("gssapi_create: invalid call_res vers %d\n",
+		       call_res.version));
+	       goto cleanup;
+	  } else if (call_res.gss_major != GSS_S_COMPLETE) {
+	       AUTH_GSSAPI_DISPLAY_STATUS(("in response from server",
+					   call_res.gss_major,
+					   call_res.gss_minor));
+	       goto cleanup;
+	  }
+
+	  PRINTF(("gssapi_create: GSSAPI_INIT (%d) succeeded\n", init_func));
+	  init_func = AUTH_GSSAPI_CONTINUE_INIT;
+
+	  /* check for client_handle */
+	  if (AUTH_PRIVATE(auth)->client_handle.length == 0) {
+	       if (call_res.client_handle.length == 0) {
+		    PRINTF(("gssapi_create: expected client_handle\n"));
+		    goto cleanup;
+	       } else {
+		    PRINTF(("gssapi_create: got client_handle %d\n",
+			    *((uint32_t *)call_res.client_handle.value)));
+
+		    GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle,
+				   call_res.client_handle);
+
+		    /* auth_msg is TRUE; there may be more tokens */
+		    marshall_new_creds(auth, TRUE,
+				       &AUTH_PRIVATE(auth)->client_handle);
+	       }
+	  } else if (!GSS_BUFFERS_EQUAL(AUTH_PRIVATE(auth)->client_handle,
+					call_res.client_handle)) {
+	       PRINTF(("gssapi_create: got different client_handle\n"));
+	       goto cleanup;
+	  }
+
+	  /* check for token */
+	  if (call_res.token.length==0 && *gssstat==GSS_S_CONTINUE_NEEDED) {
+	       PRINTF(("gssapi_create: expected token\n"));
+	       goto cleanup;
+	  } else if (call_res.token.length != 0) {
+	       if (*gssstat == GSS_S_COMPLETE) {
+		    PRINTF(("gssapi_create: got unexpected token\n"));
+		    goto cleanup;
+	       } else {
+		    /* assumes call_res is safe until init_sec_context */
+		    input_token = &call_res.token;
+		    PRINTF(("gssapi_create: got new token\n"));
+	       }
+	  }
+     }
+
+     /* check for isn */
+     if (*gssstat == GSS_S_COMPLETE) {
+	  if (call_res.signed_isn.length == 0) {
+	       PRINTF(("gssapi_created: expected signed isn\n"));
+	       goto cleanup;
+	  } else {
+	       PRINTF(("gssapi_create: processing signed isn\n"));
+
+	       /* don't check conf (integ only) or qop (accept default) */
+	       *gssstat = gss_unseal(minor_stat,
+				     AUTH_PRIVATE(auth)->context,
+				     &call_res.signed_isn,
+				     &isn_buf, NULL, NULL);
+
+	       if (*gssstat != GSS_S_COMPLETE) {
+		    AUTH_GSSAPI_DISPLAY_STATUS(("unsealing isn",
+						*gssstat, *minor_stat));
+		    goto cleanup;
+	       } else if (isn_buf.length != sizeof(uint32_t)) {
+		    PRINTF(("gssapi_create: gss_unseal gave %d bytes\n",
+			    (int) isn_buf.length));
+		    goto cleanup;
+	       }
+
+	       AUTH_PRIVATE(auth)->seq_num = (uint32_t)
+		    ntohl(*((uint32_t*)isn_buf.value));
+	       *gssstat = gss_release_buffer(minor_stat, &isn_buf);
+	       if (*gssstat != GSS_S_COMPLETE) {
+		    AUTH_GSSAPI_DISPLAY_STATUS(("releasing unsealed isn",
+						*gssstat, *minor_stat));
+		    goto cleanup;
+	       }
+
+	       PRINTF(("gssapi_create: isn is %d\n",
+		       AUTH_PRIVATE(auth)->seq_num));
+	  }
+     } else if (call_res.signed_isn.length != 0) {
+	  PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
+     }
+
+     /* results were okay.. continue if necessary */
+     if (*gssstat == GSS_S_CONTINUE_NEEDED) {
+	  PRINTF(("gssapi_create: not done, continuing\n"));
+	  goto next_token;
+     }
+
+     /*
+      * Done!  Context is established, we have client_handle and isn.
+      */
+     AUTH_PRIVATE(auth)->established = TRUE;
+
+     marshall_new_creds(auth, FALSE,
+			&AUTH_PRIVATE(auth)->client_handle);
+
+     PRINTF(("gssapi_create: done. client_handle %#x, isn %d\n\n",
+	     *((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value),
+	     AUTH_PRIVATE(auth)->seq_num));
+
+     /* don't assume the caller will want to change clnt->cl_auth */
+     clnt->cl_auth = save_auth;
+
+     xdr_free(xdr_authgssapi_init_res, &call_res);
+     return auth;
+
+     /******************************************************************/
+
+cleanup:
+     PRINTF(("gssapi_create: bailing\n\n"));
+
+     if (auth) {
+	 if (AUTH_PRIVATE(auth))
+	     auth_gssapi_destroy(auth);
+	 else
+	     free(auth);
+	 auth = NULL;
+     }
+
+     /* don't assume the caller will want to change clnt->cl_auth */
+     clnt->cl_auth = save_auth;
+
+     if (rpc_createerr.cf_stat == 0)
+	  rpc_createerr.cf_stat = RPC_AUTHERROR;
+
+     xdr_free(xdr_authgssapi_init_res, &call_res);
+     return auth;
+}
+
+/*
+ * Function: marshall_new_creds
+ *
+ * Purpose: (pre-)serialize auth_msg and client_handle fields of
+ * auth_gssapi_creds into auth->cred_buf
+ *
+ * Arguments:
+ *
+ * 	auth		(r/w) the AUTH structure to modify
+ * 	auth_msg	(r) the auth_msg field to serialize
+ * 	client_handle	(r) the client_handle field to serialize, or
+ * 			NULL
+ *
+ * Returns: TRUE if successful, FALSE if not
+ *
+ * Requires: auth must point to a valid GSS-API auth structure, auth_msg
+ * must be TRUE or FALSE, client_handle must be a gss_buffer_t with a valid
+ * value and length field or NULL.
+ *
+ * Effects: auth->ah_cred is set to the serialized auth_gssapi_creds
+ * version 2 structure (stored in the cred_buf field of private data)
+ * containing version, auth_msg and client_handle.
+ * auth->ah_cred.oa_flavor is set to AUTH_GSSAPI.  If cliend_handle is
+ * NULL, it is treated as if it had a length of 0 and a value of NULL.
+ *
+ * Modifies: auth
+ */
+static bool_t marshall_new_creds(
+     AUTH *auth,
+     bool_t auth_msg,
+     gss_buffer_t client_handle)
+{
+     auth_gssapi_creds creds;
+     XDR xdrs;
+
+     PRINTF(("marshall_new_creds: starting\n"));
+
+     creds.version = 2;
+
+     creds.auth_msg = auth_msg;
+     if (client_handle)
+	  GSS_COPY_BUFFER(creds.client_handle, *client_handle)
+     else {
+	  creds.client_handle.length = 0;
+	  creds.client_handle.value = NULL;
+     }
+
+     xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,
+		   MAX_AUTH_BYTES, XDR_ENCODE);
+     if (! xdr_authgssapi_creds(&xdrs, &creds)) {
+	  PRINTF(("marshall_new_creds: failed encoding auth_gssapi_creds\n"));
+	  XDR_DESTROY(&xdrs);
+	  return FALSE;
+     }
+     AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs);
+     XDR_DESTROY(&xdrs);
+
+     PRINTF(("marshall_new_creds: auth_gssapi_creds is %d bytes\n",
+	     AUTH_PRIVATE(auth)->cred_len));
+
+     auth->ah_cred.oa_flavor = AUTH_GSSAPI;
+     auth->ah_cred.oa_base = (char *) AUTH_PRIVATE(auth)->cred_buf;
+     auth->ah_cred.oa_length = AUTH_PRIVATE(auth)->cred_len;
+
+     PRINTF(("marshall_new_creds: succeeding\n"));
+
+     return TRUE;
+}
+
+
+/*
+ * Function: auth_gssapi_nextverf
+ *
+ * Purpose: None.
+ *
+ * Effects: None.  Never called.
+ */
+static void auth_gssapi_nextverf(AUTH *auth)
+{
+}
+
+/*
+ * Function: auth_gssapi_marhsall
+ *
+ * Purpose: Marshall RPC credentials and verifier onto xdr stream.
+ *
+ * Arguments:
+ *
+ * 	auth		(r/w) AUTH structure for client
+ * 	xdrs		(r/w) XDR stream to marshall to
+ *
+ * Returns: boolean indicating success/failure
+ *
+ * Effects:
+ *
+ * The pre-serialized credentials in cred_buf are serialized.  If the
+ * context is established, the sealed sequence number is serialized as
+ * the verifier.  If the context is not established, an empty verifier
+ * is serialized.  The sequence number is *not* incremented, because
+ * this function is called multiple times if retransmission is required.
+ *
+ * If this took all the header fields as arguments, it could sign
+ * them.
+ */
+static bool_t auth_gssapi_marshall(
+     AUTH *auth,
+     XDR *xdrs)
+{
+     OM_uint32 minor_stat;
+     gss_buffer_desc out_buf;
+     uint32_t seq_num;
+
+     if (AUTH_PRIVATE(auth)->established == TRUE)  {
+	  PRINTF(("gssapi_marshall: starting\n"));
+
+	  seq_num = AUTH_PRIVATE(auth)->seq_num + 1;
+
+	  PRINTF(("gssapi_marshall: sending seq_num %d\n", seq_num));
+
+	  if (auth_gssapi_seal_seq(AUTH_PRIVATE(auth)->context, seq_num,
+				   &out_buf) == FALSE) {
+	       PRINTF(("gssapi_marhshall: seal failed\n"));
+	  }
+
+	  auth->ah_verf.oa_base = out_buf.value;
+	  auth->ah_verf.oa_length = out_buf.length;
+
+	  if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
+	      ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
+	       (void) gss_release_buffer(&minor_stat, &out_buf);
+	       return FALSE;
+	  }
+	  (void) gss_release_buffer(&minor_stat, &out_buf);
+     } else {
+	  PRINTF(("gssapi_marshall: not established, sending null verf\n"));
+
+	  auth->ah_verf.oa_base = NULL;
+	  auth->ah_verf.oa_length = 0;
+
+	  if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
+	      ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
+	       return FALSE;
+	  }
+     }
+
+     return TRUE;
+}
+
+/*
+ * Function: auth_gssapi_validate
+ *
+ * Purpose: Validate RPC response verifier from server.
+ *
+ * Effects: See design document, section XXX.
+ */
+static bool_t auth_gssapi_validate(
+     AUTH *auth,
+     struct opaque_auth *verf)
+{
+     gss_buffer_desc in_buf;
+     uint32_t seq_num;
+
+     if (AUTH_PRIVATE(auth)->established == FALSE) {
+	  PRINTF(("gssapi_validate: not established, noop\n"));
+	  return TRUE;
+     }
+
+     PRINTF(("gssapi_validate: starting\n"));
+
+     in_buf.length = verf->oa_length;
+     in_buf.value = verf->oa_base;
+     if (auth_gssapi_unseal_seq(AUTH_PRIVATE(auth)->context, &in_buf,
+				&seq_num) == FALSE) {
+	  PRINTF(("gssapi_validate: failed unsealing verifier\n"));
+	  return FALSE;
+     }
+
+     /* we sent seq_num+1, so we should get back seq_num+2 */
+     if (AUTH_PRIVATE(auth)->seq_num+2 != seq_num) {
+	  PRINTF(("gssapi_validate: expecting seq_num %d, got %d (%#x)\n",
+		  AUTH_PRIVATE(auth)->seq_num + 2, seq_num, seq_num));
+	  return FALSE;
+     }
+     PRINTF(("gssapi_validate: seq_num %d okay\n", seq_num));
+
+     /* +1 for successful transmission, +1 for successful validation */
+     AUTH_PRIVATE(auth)->seq_num += 2;
+
+     PRINTF(("gssapi_validate: succeeding\n"));
+
+     return TRUE;
+}
+
+/*
+ * Function: auth_gssapi_refresh
+ *
+ * Purpose: Attempts to resyncrhonize the sequence number.
+ *
+ * Effects:
+ *
+ * When the server receives a properly authenticated RPC call, it
+ * increments the sequence number it is expecting from the client.
+ * But if the server's response is lost for any reason, the client
+ * can't know whether the server ever received it, assumes it didn't,
+ * and does *not* increment its sequence number.  Thus, the client's
+ * next call will fail with AUTH_REJECTEDCRED because the server will
+ * think it is a replay attack.
+ *
+ * When an AUTH_REJECTEDCRED error arrives, this function attempts to
+ * resyncrhonize by incrementing the client's sequence number and
+ * returning TRUE.  If any other error arrives, it returns FALSE.
+ */
+static bool_t auth_gssapi_refresh(
+     AUTH *auth,
+     struct rpc_msg *msg)
+{
+     if (msg->rm_reply.rp_rjct.rj_stat == AUTH_ERROR &&
+	 msg->rm_reply.rp_rjct.rj_why == AUTH_REJECTEDVERF) {
+	  PRINTF(("gssapi_refresh: rejected verifier, incrementing\n"));
+	  AUTH_PRIVATE(auth)->seq_num++;
+	  return TRUE;
+     } else {
+	  PRINTF(("gssapi_refresh: failing\n"));
+	  return FALSE;
+     }
+}
+
+/*
+ * Function: auth_gssapi_destroy
+ *
+ * Purpose: Destroy a GSS-API authentication structure.
+ *
+ * Effects:  This function destroys the GSS-API authentication
+ * context, and sends a message to the server instructing it to
+ * invokte gss_process_token() and thereby destroy its corresponding
+ * context.  Since the client doesn't really care whether the server
+ * gets this message, no failures are reported.
+ */
+static void auth_gssapi_destroy(AUTH *auth)
+{
+     struct timeval timeout;
+     OM_uint32 gssstat, minor_stat;
+     gss_cred_id_t cred;
+     int callstat;
+
+     if (AUTH_PRIVATE(auth)->client_handle.length == 0) {
+	  PRINTF(("gssapi_destroy: no client_handle, not calling destroy\n"));
+	  goto skip_call;
+     }
+
+     PRINTF(("gssapi_destroy: marshalling new creds\n"));
+     if (!marshall_new_creds(auth, TRUE, &AUTH_PRIVATE(auth)->client_handle)) {
+	  PRINTF(("gssapi_destroy: marshall_new_creds failed\n"));
+	  goto skip_call;
+     }
+
+     PRINTF(("gssapi_destroy: calling GSSAPI_DESTROY\n"));
+     timeout.tv_sec = 1;
+     timeout.tv_usec = 0;
+     callstat = clnt_call(AUTH_PRIVATE(auth)->clnt, AUTH_GSSAPI_DESTROY,
+			  xdr_void, NULL, xdr_void, NULL, timeout);
+     if (callstat != RPC_SUCCESS)
+	  clnt_sperror(AUTH_PRIVATE(auth)->clnt,
+		       "gssapi_destroy: GSSAPI_DESTROY failed");
+
+skip_call:
+     PRINTF(("gssapi_destroy: deleting context\n"));
+     gssstat = gss_delete_sec_context(&minor_stat,
+				      &AUTH_PRIVATE(auth)->context,
+				      NULL);
+     if (gssstat != GSS_S_COMPLETE)
+	  AUTH_GSSAPI_DISPLAY_STATUS(("deleting context", gssstat,
+				      minor_stat));
+     if (AUTH_PRIVATE(auth)->def_cred) {
+	  cred = GSS_C_NO_CREDENTIAL;
+	  gssstat = gss_release_cred(&minor_stat, &cred);
+	  if (gssstat != GSS_S_COMPLETE)
+	       AUTH_GSSAPI_DISPLAY_STATUS(("deleting default credential",
+					   gssstat, minor_stat));
+     }
+
+     free(AUTH_PRIVATE(auth)->client_handle.value);
+     free(auth->ah_private);
+     free(auth);
+     PRINTF(("gssapi_destroy: done\n"));
+}
+
+/*
+ * Function: auth_gssapi_wrap
+ *
+ * Purpose: encrypt the serialized arguments from xdr_func applied to
+ * xdr_ptr and write the result to xdrs.
+ *
+ * Effects: See design doc, section XXX.
+ */
+static bool_t auth_gssapi_wrap(
+     AUTH *auth,
+     XDR *out_xdrs,
+     bool_t (*xdr_func)(),
+     caddr_t xdr_ptr)
+{
+     OM_uint32 gssstat, minor_stat;
+
+     if (! AUTH_PRIVATE(auth)->established) {
+	  PRINTF(("gssapi_wrap: context not established, noop\n"));
+	  return (*xdr_func)(out_xdrs, xdr_ptr);
+     } else if (! auth_gssapi_wrap_data(&gssstat, &minor_stat,
+					AUTH_PRIVATE(auth)->context,
+					AUTH_PRIVATE(auth)->seq_num+1,
+					out_xdrs, xdr_func, xdr_ptr)) {
+	  if (gssstat != GSS_S_COMPLETE)
+	       AUTH_GSSAPI_DISPLAY_STATUS(("encrypting function arguments",
+					   gssstat, minor_stat));
+	  return FALSE;
+     } else
+	  return TRUE;
+}
+
+/*
+ * Function: auth_gssapi_unwrap
+ *
+ * Purpose: read encrypted arguments from xdrs, decrypt, and
+ * deserialize with xdr_func into xdr_ptr.
+ *
+ * Effects: See design doc, section XXX.
+ */
+static bool_t auth_gssapi_unwrap(
+     AUTH *auth,
+     XDR *in_xdrs,
+     bool_t (*xdr_func)(),
+     caddr_t xdr_ptr)
+{
+     OM_uint32 gssstat, minor_stat;
+
+     if (! AUTH_PRIVATE(auth)->established) {
+	  PRINTF(("gssapi_unwrap: context not established, noop\n"));
+	  return (*xdr_func)(in_xdrs, xdr_ptr);
+     } else if (! auth_gssapi_unwrap_data(&gssstat, &minor_stat,
+					  AUTH_PRIVATE(auth)->context,
+					  AUTH_PRIVATE(auth)->seq_num,
+					  in_xdrs, xdr_func, xdr_ptr)) {
+	  if (gssstat != GSS_S_COMPLETE)
+	       AUTH_GSSAPI_DISPLAY_STATUS(("decrypting function arguments",
+					   gssstat, minor_stat));
+	  return FALSE;
+     } else
+	  return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/rpc/auth_gssapi_misc.c b/krb5-1.21.3/src/lib/rpc/auth_gssapi_misc.c
new file mode 100644
index 00000000..a60eb7f7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/auth_gssapi_misc.c
@@ -0,0 +1,339 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ */
+
+#include <gssrpc/rpc.h>
+#include <stdio.h>
+
+#include <gssapi/gssapi.h>
+#include <gssrpc/auth_gssapi.h>
+
+#include "gssrpcint.h"
+
+#ifdef __CODECENTER__
+#define DEBUG_GSSAPI 1
+#endif
+
+#ifdef DEBUG_GSSAPI
+int misc_debug_gssapi = DEBUG_GSSAPI;
+extern void gssrpcint_printf(const char *, ...);
+#define L_PRINTF(l,args) if (misc_debug_gssapi >= l) gssrpcint_printf args
+#define PRINTF(args) L_PRINTF(99, args)
+#define AUTH_GSSAPI_DISPLAY_STATUS(args) \
+	if (misc_debug_gssapi) auth_gssapi_display_status args
+#else
+#define PRINTF(args)
+#define L_PRINTF(l, args)
+#define AUTH_GSSAPI_DISPLAY_STATUS(args)
+#endif
+
+static void auth_gssapi_display_status_1
+	(char *, OM_uint32, int, int);
+
+bool_t xdr_gss_buf(
+     XDR *xdrs,
+     gss_buffer_t buf)
+{
+     /*
+      * On decode, xdr_bytes will only allocate buf->value if the
+      * length read in is < maxsize (last arg).  This is dumb, because
+      * the whole point of allocating memory is so that I don't *have*
+      * to know the maximum length.  -1 effectively disables this
+      * braindamage.
+      */
+     bool_t result;
+     /* Fix type mismatches between APIs.  */
+     unsigned int length = buf->length;
+     char *cp = buf->value;
+     result = xdr_bytes(xdrs, &cp, &length,
+			(xdrs->x_op == XDR_DECODE && buf->value == NULL)
+			? (unsigned int) -1 : (unsigned int) buf->length);
+     buf->value = cp;
+     buf->length = length;
+     return result;
+}
+
+bool_t xdr_authgssapi_creds(
+     XDR *xdrs,
+     auth_gssapi_creds *creds)
+{
+     if (! xdr_u_int32(xdrs, &creds->version) ||
+	 ! xdr_bool(xdrs, &creds->auth_msg) ||
+	 ! xdr_gss_buf(xdrs, &creds->client_handle))
+       return FALSE;
+     return TRUE;
+}
+
+bool_t xdr_authgssapi_init_arg(
+     XDR *xdrs,
+     auth_gssapi_init_arg *init_arg)
+{
+     if (! xdr_u_int32(xdrs, &init_arg->version) ||
+	 ! xdr_gss_buf(xdrs, &init_arg->token))
+	  return FALSE;
+     return TRUE;
+}
+
+bool_t xdr_authgssapi_init_res(
+     XDR *xdrs,
+     auth_gssapi_init_res *init_res)
+{
+     if (! xdr_u_int32(xdrs, &init_res->version) ||
+	 ! xdr_gss_buf(xdrs, &init_res->client_handle) ||
+	 ! xdr_u_int32(xdrs, &init_res->gss_major) ||
+	 ! xdr_u_int32(xdrs, &init_res->gss_minor) ||
+	 ! xdr_gss_buf(xdrs, &init_res->token) ||
+	 ! xdr_gss_buf(xdrs, &init_res->signed_isn))
+	  return FALSE;
+     return TRUE;
+}
+
+bool_t auth_gssapi_seal_seq(
+     gss_ctx_id_t context,
+     uint32_t seq_num,
+     gss_buffer_t out_buf)
+{
+     gss_buffer_desc in_buf;
+     OM_uint32 gssstat, minor_stat;
+     uint32_t nl_seq_num;
+
+     nl_seq_num = htonl(seq_num);
+
+     in_buf.length = sizeof(uint32_t);
+     in_buf.value = (char *) &nl_seq_num;
+     gssstat = gss_seal(&minor_stat, context, 0, GSS_C_QOP_DEFAULT,
+			&in_buf, NULL, out_buf);
+     if (gssstat != GSS_S_COMPLETE) {
+	  PRINTF(("gssapi_seal_seq: failed\n"));
+	  AUTH_GSSAPI_DISPLAY_STATUS(("sealing sequence number",
+				      gssstat, minor_stat));
+	  return FALSE;
+     }
+     return TRUE;
+}
+
+bool_t auth_gssapi_unseal_seq(
+     gss_ctx_id_t context,
+     gss_buffer_t in_buf,
+     uint32_t *seq_num)
+{
+     gss_buffer_desc out_buf;
+     OM_uint32 gssstat, minor_stat;
+     uint32_t nl_seq_num;
+
+     gssstat = gss_unseal(&minor_stat, context, in_buf, &out_buf,
+			  NULL, NULL);
+     if (gssstat != GSS_S_COMPLETE) {
+	  PRINTF(("gssapi_unseal_seq: failed\n"));
+	  AUTH_GSSAPI_DISPLAY_STATUS(("unsealing sequence number",
+				      gssstat, minor_stat));
+	  return FALSE;
+     } else if (out_buf.length != sizeof(uint32_t)) {
+	  PRINTF(("gssapi_unseal_seq: unseal gave %d bytes\n",
+		  (int) out_buf.length));
+	  gss_release_buffer(&minor_stat, &out_buf);
+	  return FALSE;
+     }
+
+     nl_seq_num = *((uint32_t *) out_buf.value);
+     *seq_num = (uint32_t) ntohl(nl_seq_num);
+     gss_release_buffer(&minor_stat, &out_buf);
+
+     return TRUE;
+}
+
+void auth_gssapi_display_status(
+     char *msg,
+     OM_uint32 major,
+     OM_uint32 minor)
+{
+     auth_gssapi_display_status_1(msg, major, GSS_C_GSS_CODE, 0);
+     auth_gssapi_display_status_1(msg, minor, GSS_C_MECH_CODE, 0);
+}
+
+static void auth_gssapi_display_status_1(
+     char *m,
+     OM_uint32 code,
+     int type,
+     int rec)
+{
+     OM_uint32 gssstat, minor_stat;
+     gss_buffer_desc msg;
+     OM_uint32 msg_ctx;
+
+     msg_ctx = 0;
+     while (1) {
+	  gssstat = gss_display_status(&minor_stat, code,
+				       type, GSS_C_NULL_OID,
+				       &msg_ctx, &msg);
+	  if (gssstat != GSS_S_COMPLETE) {
+ 	       if (!rec) {
+		    auth_gssapi_display_status_1(m,gssstat,GSS_C_GSS_CODE,1);
+		    auth_gssapi_display_status_1(m, minor_stat,
+						 GSS_C_MECH_CODE, 1);
+	       } else {
+		   fputs ("GSS-API authentication error ", stderr);
+		   fwrite (msg.value, msg.length, 1, stderr);
+		   fputs (": recursive failure!\n", stderr);
+	       }
+	       return;
+	  }
+
+	  fprintf (stderr, "GSS-API authentication error %s: ", m);
+	  fwrite (msg.value, msg.length, 1, stderr);
+	  putc ('\n', stderr);
+	  if (misc_debug_gssapi)
+	      gssrpcint_printf("GSS-API authentication error %s: %*s\n",
+			       m, (int)msg.length, (char *) msg.value);
+	  (void) gss_release_buffer(&minor_stat, &msg);
+
+	  if (!msg_ctx)
+	       break;
+     }
+}
+
+bool_t auth_gssapi_wrap_data(
+     OM_uint32 *major,
+     OM_uint32 *minor,
+     gss_ctx_id_t context,
+     uint32_t seq_num,
+     XDR *out_xdrs,
+     bool_t (*xdr_func)(),
+     caddr_t xdr_ptr)
+{
+     gss_buffer_desc in_buf, out_buf;
+     XDR temp_xdrs;
+     int conf_state;
+     unsigned int length;
+     char *cp;
+
+     PRINTF(("gssapi_wrap_data: starting\n"));
+
+     *major = GSS_S_COMPLETE;
+     *minor = 0; /* assumption */
+
+     xdralloc_create(&temp_xdrs, XDR_ENCODE);
+
+     /* serialize the sequence number into local memory */
+     PRINTF(("gssapi_wrap_data: encoding seq_num %d\n", seq_num));
+     if (! xdr_u_int32(&temp_xdrs, &seq_num)) {
+	  PRINTF(("gssapi_wrap_data: serializing seq_num failed\n"));
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+
+     /* serialize the arguments into local memory */
+     if (!(*xdr_func)(&temp_xdrs, xdr_ptr)) {
+	  PRINTF(("gssapi_wrap_data: serializing arguments failed\n"));
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+
+     in_buf.length = xdr_getpos(&temp_xdrs);
+     in_buf.value = xdralloc_getdata(&temp_xdrs);
+
+     *major = gss_seal(minor, context, 1,
+		       GSS_C_QOP_DEFAULT, &in_buf, &conf_state,
+		       &out_buf);
+     if (*major != GSS_S_COMPLETE) {
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+
+     PRINTF(("gssapi_wrap_data: %d bytes data, %d bytes sealed\n",
+	     (int) in_buf.length, (int) out_buf.length));
+
+     /* write the token */
+     length = out_buf.length;
+     cp = out_buf.value;
+     if (! xdr_bytes(out_xdrs, &cp, &length, out_buf.length)) {
+	  PRINTF(("gssapi_wrap_data: serializing encrypted data failed\n"));
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+     out_buf.value = cp;
+
+     *major = gss_release_buffer(minor, &out_buf);
+
+     PRINTF(("gssapi_wrap_data: succeeding\n\n"));
+     XDR_DESTROY(&temp_xdrs);
+     return TRUE;
+}
+
+bool_t auth_gssapi_unwrap_data(
+     OM_uint32 *major,
+     OM_uint32 *minor,
+     gss_ctx_id_t context,
+     uint32_t seq_num,
+     XDR *in_xdrs,
+     bool_t (*xdr_func)(),
+     caddr_t xdr_ptr)
+{
+     gss_buffer_desc in_buf, out_buf;
+     XDR temp_xdrs;
+     uint32_t verf_seq_num;
+     int conf, qop;
+     unsigned int length;
+     char *cp;
+
+     PRINTF(("gssapi_unwrap_data: starting\n"));
+
+     *major = GSS_S_COMPLETE;
+     *minor = 0; /* assumption */
+
+     in_buf.value = NULL;
+     out_buf.value = NULL;
+     cp = in_buf.value;
+     if (! xdr_bytes(in_xdrs, &cp, &length, (unsigned int) -1)) {
+	 PRINTF(("gssapi_unwrap_data: deserializing encrypted data failed\n"));
+	 temp_xdrs.x_op = XDR_FREE;
+	 (void)xdr_bytes(&temp_xdrs, &cp, &length, (unsigned int) -1);
+	 in_buf.value = NULL;
+	 return FALSE;
+     }
+     in_buf.value = cp;
+     in_buf.length = length;
+
+     *major = gss_unseal(minor, context, &in_buf, &out_buf, &conf,
+			 &qop);
+     free(in_buf.value);
+     if (*major != GSS_S_COMPLETE)
+	  return FALSE;
+
+     PRINTF(("gssapi_unwrap_data: %llu bytes data, %llu bytes sealed\n",
+	     (unsigned long long)out_buf.length,
+	     (unsigned long long)in_buf.length));
+
+     xdrmem_create(&temp_xdrs, out_buf.value, out_buf.length, XDR_DECODE);
+
+     /* deserialize the sequence number */
+     if (! xdr_u_int32(&temp_xdrs, &verf_seq_num)) {
+	  PRINTF(("gssapi_unwrap_data: deserializing verf_seq_num failed\n"));
+	  gss_release_buffer(minor, &out_buf);
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+     if (verf_seq_num != seq_num) {
+	  PRINTF(("gssapi_unwrap_data: seq %d specified, read %d\n",
+		  seq_num, verf_seq_num));
+	  gss_release_buffer(minor, &out_buf);
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+     PRINTF(("gssapi_unwrap_data: unwrap seq_num %d okay\n", verf_seq_num));
+
+     /* deserialize the arguments into xdr_ptr */
+     if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) {
+	  PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n"));
+	  gss_release_buffer(minor, &out_buf);
+	  XDR_DESTROY(&temp_xdrs);
+	  return FALSE;
+     }
+
+     PRINTF(("gssapi_unwrap_data: succeeding\n\n"));
+
+     gss_release_buffer(minor, &out_buf);
+     XDR_DESTROY(&temp_xdrs);
+     return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/rpc/auth_none.c b/krb5-1.21.3/src/lib/rpc/auth_none.c
new file mode 100644
index 00000000..85ddbf7b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/auth_none.c
@@ -0,0 +1,147 @@
+/* @(#)auth_none.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)auth_none.c 1.19 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * auth_none.c
+ * Creates a client authentication handle for passing "null"
+ * credentials and verifiers to remote systems.
+ */
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/auth.h>
+#include <stdlib.h>
+#define MAX_MARSHEL_SIZE 20
+
+/*
+ * Authenticator operations routines
+ */
+static void	authnone_verf(AUTH *);
+static void	authnone_destroy(AUTH *);
+static bool_t	authnone_marshal(AUTH *, XDR *);
+static bool_t	authnone_validate(AUTH *, struct opaque_auth *);
+static bool_t	authnone_refresh(AUTH *, struct rpc_msg *);
+static bool_t	authnone_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+
+static struct auth_ops ops = {
+	authnone_verf,
+	authnone_marshal,
+	authnone_validate,
+	authnone_refresh,
+	authnone_destroy,
+	authnone_wrap,
+	authnone_wrap
+};
+
+static struct authnone_private {
+	AUTH	no_client;
+	char	marshalled_client[MAX_MARSHEL_SIZE];
+	u_int	mcnt;
+} *authnone_private;
+
+AUTH *
+authnone_create(void)
+{
+	struct authnone_private *ap = authnone_private;
+	XDR xdr_stream;
+	XDR *xdrs;
+
+	if (ap == 0) {
+		ap = (struct authnone_private *)calloc(1, sizeof (*ap));
+		if (ap == 0)
+			return (0);
+		authnone_private = ap;
+	}
+	if (!ap->mcnt) {
+		ap->no_client.ah_cred = ap->no_client.ah_verf = gssrpc__null_auth;
+		ap->no_client.ah_ops = &ops;
+		xdrs = &xdr_stream;
+		xdrmem_create(xdrs, ap->marshalled_client, (u_int)MAX_MARSHEL_SIZE,
+		    XDR_ENCODE);
+		(void)xdr_opaque_auth(xdrs, &ap->no_client.ah_cred);
+		(void)xdr_opaque_auth(xdrs, &ap->no_client.ah_verf);
+		ap->mcnt = XDR_GETPOS(xdrs);
+		XDR_DESTROY(xdrs);
+	}
+	return (&ap->no_client);
+}
+
+/*ARGSUSED*/
+static bool_t
+authnone_marshal(AUTH *client, XDR *xdrs)
+{
+	struct authnone_private *ap = authnone_private;
+
+	if (ap == 0)
+		return (0);
+	return ((*xdrs->x_ops->x_putbytes)(xdrs,
+	    ap->marshalled_client, ap->mcnt));
+}
+
+/*ARGSUSED*/
+static void
+authnone_verf(AUTH *auth)
+{
+}
+
+/*ARGSUSED*/
+static bool_t
+authnone_validate(AUTH *auth, struct opaque_auth *verf)
+{
+
+	return (TRUE);
+}
+
+/*ARGSUSED*/
+static bool_t
+authnone_refresh(AUTH *auth, struct rpc_msg *msg)
+{
+
+	return (FALSE);
+}
+
+/*ARGSUSED*/
+static void
+authnone_destroy(AUTH *auth)
+{
+}
+
+static bool_t
+authnone_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
+{
+	return ((*xfunc)(xdrs, xwhere));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/auth_unix.c b/krb5-1.21.3/src/lib/rpc/auth_unix.c
new file mode 100644
index 00000000..597314fd
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/auth_unix.c
@@ -0,0 +1,329 @@
+/* @(#)auth_unix.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * auth_unix.c, Implements UNIX style authentication parameters.
+ *
+ * The system is very weak.  The client uses no encryption for its
+ * credentials and only sends null verifiers.  The server sends backs
+ * null verifiers or optionally a verifier that suggests a new short hand
+ * for the credentials.
+ *
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/auth.h>
+#include <gssrpc/auth_unix.h>
+
+/*
+ * Unix authenticator operations vector
+ */
+static void	authunix_nextverf(AUTH *);
+static bool_t	authunix_marshal(AUTH *, XDR *);
+static bool_t	authunix_validate(AUTH *, struct opaque_auth *);
+static bool_t	authunix_refresh(AUTH *, struct rpc_msg *);
+static void	authunix_destroy(AUTH *);
+static bool_t	authunix_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
+
+static struct auth_ops auth_unix_ops = {
+	authunix_nextverf,
+	authunix_marshal,
+	authunix_validate,
+	authunix_refresh,
+	authunix_destroy,
+	authunix_wrap,
+	authunix_wrap
+};
+
+/*
+ * This struct is pointed to by the ah_private field of an auth_handle.
+ */
+struct audata {
+	struct opaque_auth	au_origcred;	/* original credentials */
+	struct opaque_auth	au_shcred;	/* short hand cred */
+	uint32_t		au_shfaults;	/* short hand cache faults */
+	char			au_marshed[MAX_AUTH_BYTES];
+	u_int			au_mpos;	/* xdr pos at end of marshed */
+};
+#define	AUTH_PRIVATE(auth)	((struct audata *)auth->ah_private)
+
+static void marshal_new_auth(AUTH *);
+
+
+/*
+ * Create a unix style authenticator.
+ * Returns an auth handle with the given stuff in it.
+ */
+AUTH *
+authunix_create(
+	char *machname,
+	int uid,
+	int gid,
+	int len,
+	int *aup_gids)
+{
+	struct authunix_parms aup;
+	char mymem[MAX_AUTH_BYTES];
+	struct timeval now;
+	XDR xdrs;
+	AUTH *auth;
+	struct audata *au;
+
+	/*
+	 * Allocate and set up auth handle
+	 */
+	auth = (AUTH *)mem_alloc(sizeof(*auth));
+#ifndef KERNEL
+	if (auth == NULL) {
+		(void)fprintf(stderr, "authunix_create: out of memory\n");
+		return (NULL);
+	}
+#endif
+	au = (struct audata *)mem_alloc(sizeof(*au));
+#ifndef KERNEL
+	if (au == NULL) {
+		(void)fprintf(stderr, "authunix_create: out of memory\n");
+		return (NULL);
+	}
+#endif
+	auth->ah_ops = &auth_unix_ops;
+	auth->ah_private = (caddr_t)au;
+	auth->ah_verf = au->au_shcred = gssrpc__null_auth;
+	au->au_shfaults = 0;
+
+	/*
+	 * fill in param struct from the given params
+	 */
+	(void)gettimeofday(&now,  (struct timezone *)0);
+	aup.aup_time = now.tv_sec;
+	aup.aup_machname = machname;
+	aup.aup_uid = uid;
+	aup.aup_gid = gid;
+	aup.aup_len = (u_int)len;
+	aup.aup_gids = aup_gids;
+
+	/*
+	 * Serialize the parameters into origcred
+	 */
+	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
+	if (! xdr_authunix_parms(&xdrs, &aup))
+		abort();
+	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
+	au->au_origcred.oa_flavor = AUTH_UNIX;
+#ifdef KERNEL
+	au->au_origcred.oa_base = mem_alloc((u_int) len);
+#else
+	if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) {
+		(void)fprintf(stderr, "authunix_create: out of memory\n");
+		return (NULL);
+	}
+#endif
+	memmove(au->au_origcred.oa_base, mymem, (u_int)len);
+
+	/*
+	 * set auth handle to reflect new cred.
+	 */
+	auth->ah_cred = au->au_origcred;
+	marshal_new_auth(auth);
+	return (auth);
+}
+
+/*
+ * Returns an auth handle with parameters determined by doing lots of
+ * syscalls.
+ */
+AUTH *
+authunix_create_default(void)
+{
+	int len;
+	char machname[MAX_MACHINE_NAME + 1];
+	int uid;
+	int gid;
+	GETGROUPS_T gids[NGRPS];
+	int igids[NGRPS], i;
+
+	if (gethostname(machname, MAX_MACHINE_NAME) == -1)
+		abort();
+	machname[MAX_MACHINE_NAME] = 0;
+	uid = geteuid();
+	gid = getegid();
+	if ((len = getgroups(NGRPS, gids)) < 0)
+		abort();
+	for(i = 0; i < NGRPS; i++) {
+	        igids[i] = gids[i];
+	}
+	return (authunix_create(machname, uid, gid, len, igids));
+}
+
+/*
+ * authunix operations
+ */
+
+static void
+authunix_nextverf(AUTH *auth)
+{
+	/* no action necessary */
+}
+
+static bool_t
+authunix_marshal(AUTH *auth, XDR *xdrs)
+{
+	struct audata *au = AUTH_PRIVATE(auth);
+
+	return (XDR_PUTBYTES(xdrs, au->au_marshed, au->au_mpos));
+}
+
+static bool_t
+authunix_validate(AUTH *auth, struct opaque_auth *verf)
+{
+	struct audata *au;
+	XDR xdrs;
+
+	if (verf->oa_flavor == AUTH_SHORT) {
+		au = AUTH_PRIVATE(auth);
+		xdrmem_create(&xdrs, verf->oa_base, verf->oa_length, XDR_DECODE);
+
+		if (au->au_shcred.oa_base != NULL) {
+			mem_free(au->au_shcred.oa_base,
+			    au->au_shcred.oa_length);
+			au->au_shcred.oa_base = NULL;
+		}
+		if (xdr_opaque_auth(&xdrs, &au->au_shcred)) {
+			auth->ah_cred = au->au_shcred;
+		} else {
+			xdrs.x_op = XDR_FREE;
+			(void)xdr_opaque_auth(&xdrs, &au->au_shcred);
+			au->au_shcred.oa_base = NULL;
+			auth->ah_cred = au->au_origcred;
+		}
+		marshal_new_auth(auth);
+	}
+	return (TRUE);
+}
+
+static bool_t
+authunix_refresh(AUTH *auth, struct rpc_msg *msg)
+{
+	struct audata *au = AUTH_PRIVATE(auth);
+	struct authunix_parms aup;
+	struct timeval now;
+	XDR xdrs;
+	int stat;
+
+	if (auth->ah_cred.oa_base == au->au_origcred.oa_base) {
+		/* there is no hope.  Punt */
+		return (FALSE);
+	}
+	au->au_shfaults ++;
+
+	/* first deserialize the creds back into a struct authunix_parms */
+	aup.aup_machname = NULL;
+	aup.aup_gids = (int *)NULL;
+	xdrmem_create(&xdrs, au->au_origcred.oa_base,
+	    au->au_origcred.oa_length, XDR_DECODE);
+	stat = xdr_authunix_parms(&xdrs, &aup);
+	if (! stat)
+		goto done;
+
+	/* update the time and serialize in place */
+	(void)gettimeofday(&now, (struct timezone *)0);
+	aup.aup_time = now.tv_sec;
+	xdrs.x_op = XDR_ENCODE;
+	XDR_SETPOS(&xdrs, 0);
+	stat = xdr_authunix_parms(&xdrs, &aup);
+	if (! stat)
+		goto done;
+	auth->ah_cred = au->au_origcred;
+	marshal_new_auth(auth);
+done:
+	/* free the struct authunix_parms created by deserializing */
+	xdrs.x_op = XDR_FREE;
+	(void)xdr_authunix_parms(&xdrs, &aup);
+	XDR_DESTROY(&xdrs);
+	return (stat);
+}
+
+static void
+authunix_destroy(AUTH *auth)
+{
+	struct audata *au = AUTH_PRIVATE(auth);
+
+	mem_free(au->au_origcred.oa_base, au->au_origcred.oa_length);
+
+	if (au->au_shcred.oa_base != NULL)
+		mem_free(au->au_shcred.oa_base, au->au_shcred.oa_length);
+
+	mem_free(auth->ah_private, sizeof(struct audata));
+
+	if (auth->ah_verf.oa_base != NULL)
+		mem_free(auth->ah_verf.oa_base, auth->ah_verf.oa_length);
+
+	mem_free((caddr_t)auth, sizeof(*auth));
+}
+
+/*
+ * Marshals (pre-serializes) an auth struct.
+ * sets private data, au_marshed and au_mpos
+ */
+static void
+marshal_new_auth(AUTH *auth)
+{
+	XDR		xdr_stream;
+	XDR	*xdrs = &xdr_stream;
+	struct audata *au = AUTH_PRIVATE(auth);
+
+	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
+	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
+	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {
+		perror("auth_none.c - Fatal marshalling problem");
+	} else {
+		au->au_mpos = XDR_GETPOS(xdrs);
+	}
+	XDR_DESTROY(xdrs);
+}
+
+static bool_t
+authunix_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xfunc, caddr_t xwhere)
+{
+	return ((*xfunc)(xdrs, xwhere));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/authgss_prot.c b/krb5-1.21.3/src/lib/rpc/authgss_prot.c
new file mode 100644
index 00000000..9a48277b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/authgss_prot.c
@@ -0,0 +1,366 @@
+/* lib/rpc/authgss_prot.c */
+/*
+  Copyright (c) 2000 The Regents of the University of Michigan.
+  All rights reserved.
+
+  Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+  All rights reserved, all wrongs reversed.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+  3. Neither the name of the University nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+  Id: authgss_prot.c,v 1.18 2000/09/01 04:14:03 dugsong Exp
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+
+bool_t
+xdr_rpc_gss_buf(XDR *xdrs, gss_buffer_t buf, u_int maxsize)
+{
+	bool_t xdr_stat;
+	u_int tmplen;
+	char *cp;
+
+	if (xdrs->x_op != XDR_DECODE) {
+		if (buf->length > UINT_MAX)
+			return (FALSE);
+		else
+			tmplen = buf->length;
+	}
+	cp = buf->value;
+	xdr_stat = xdr_bytes(xdrs, &cp, &tmplen, maxsize);
+	buf->value = cp;
+
+	if (xdr_stat && xdrs->x_op == XDR_DECODE)
+		buf->length = tmplen;
+
+	return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_cred(XDR *xdrs, struct rpc_gss_cred *p)
+{
+	bool_t xdr_stat;
+
+	xdr_stat = (xdr_u_int(xdrs, &p->gc_v) &&
+		    xdr_enum(xdrs, (enum_t *)&p->gc_proc) &&
+		    xdr_u_int32(xdrs, &p->gc_seq) &&
+		    xdr_enum(xdrs, (enum_t *)&p->gc_svc) &&
+		    xdr_rpc_gss_buf(xdrs, &p->gc_ctx, MAX_AUTH_BYTES));
+
+	log_debug("xdr_rpc_gss_cred: %s %s "
+		  "(v %d, proc %d, seq %d, svc %d, ctx %p:%d)",
+		  (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
+		  (xdr_stat == TRUE) ? "success" : "failure",
+		  p->gc_v, p->gc_proc, p->gc_seq, p->gc_svc,
+		  p->gc_ctx.value, p->gc_ctx.length);
+
+	return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
+{
+	bool_t xdr_stat;
+
+	xdr_stat = xdr_rpc_gss_buf(xdrs, p, MAX_NETOBJ_SZ);
+
+	log_debug("xdr_rpc_gss_init_args: %s %s (token %p:%d)",
+		  (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
+		  (xdr_stat == TRUE) ? "success" : "failure",
+		  p->value, p->length);
+
+	return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
+{
+	bool_t xdr_stat;
+
+	xdr_stat = (xdr_rpc_gss_buf(xdrs, &p->gr_ctx, MAX_NETOBJ_SZ) &&
+		    xdr_u_int32(xdrs, &p->gr_major) &&
+		    xdr_u_int32(xdrs, &p->gr_minor) &&
+		    xdr_u_int32(xdrs, &p->gr_win) &&
+		    xdr_rpc_gss_buf(xdrs, &p->gr_token, MAX_NETOBJ_SZ));
+
+	log_debug("xdr_rpc_gss_init_res %s %s "
+		  "(ctx %p:%d, maj %d, min %d, win %d, token %p:%d)",
+		  (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
+		  (xdr_stat == TRUE) ? "success" : "failure",
+		  p->gr_ctx.value, p->gr_ctx.length,
+		  p->gr_major, p->gr_minor, p->gr_win,
+		  p->gr_token.value, p->gr_token.length);
+
+	return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
+		      gss_ctx_id_t ctx, gss_qop_t qop,
+		      rpc_gss_svc_t svc, uint32_t seq)
+{
+	XDR		tmpxdrs;
+	gss_buffer_desc	databuf, wrapbuf;
+	OM_uint32	maj_stat, min_stat;
+	int		conf_state;
+	bool_t		xdr_stat;
+
+	xdralloc_create(&tmpxdrs, XDR_ENCODE);
+
+	xdr_stat = FALSE;
+
+	/* Marshal rpc_gss_data_t (sequence number + arguments). */
+	if (!xdr_u_int32(&tmpxdrs, &seq) || !(*xdr_func)(&tmpxdrs, xdr_ptr))
+		goto errout;
+
+	/* Set databuf to marshalled rpc_gss_data_t. */
+	databuf.length = xdr_getpos(&tmpxdrs);
+	databuf.value = xdralloc_getdata(&tmpxdrs);
+
+	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
+		if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1))
+			goto errout;
+
+		/* Checksum rpc_gss_data_t. */
+		maj_stat = gss_get_mic(&min_stat, ctx, qop,
+				       &databuf, &wrapbuf);
+		if (maj_stat != GSS_S_COMPLETE) {
+			log_debug("gss_get_mic failed");
+			goto errout;
+		}
+		/* Marshal checksum. */
+		xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1);
+		gss_release_buffer(&min_stat, &wrapbuf);
+	}
+	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
+		/* Encrypt rpc_gss_data_t. */
+		maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
+				    &conf_state, &wrapbuf);
+		if (maj_stat != GSS_S_COMPLETE) {
+			log_status("gss_wrap", maj_stat, min_stat);
+			goto errout;
+		}
+		/* Marshal databody_priv. */
+		xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1);
+		gss_release_buffer(&min_stat, &wrapbuf);
+	}
+errout:
+	xdr_destroy(&tmpxdrs);
+	return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
+			gss_ctx_id_t ctx, gss_qop_t qop,
+			rpc_gss_svc_t svc, uint32_t seq)
+{
+	XDR		tmpxdrs;
+	gss_buffer_desc	databuf, wrapbuf;
+	OM_uint32	maj_stat, min_stat;
+	uint32_t	seq_num;
+	int		conf_state;
+	gss_qop_t	qop_state;
+	bool_t		xdr_stat;
+
+	if (xdr_func == xdr_void || xdr_ptr == NULL)
+		return (TRUE);
+
+	memset(&databuf, 0, sizeof(databuf));
+	memset(&wrapbuf, 0, sizeof(wrapbuf));
+
+	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
+		/* Decode databody_integ. */
+		if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1)) {
+			log_debug("xdr decode databody_integ failed");
+			return (FALSE);
+		}
+		/* Decode checksum. */
+		if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1)) {
+			gss_release_buffer(&min_stat, &databuf);
+			log_debug("xdr decode checksum failed");
+			return (FALSE);
+		}
+		/* Verify checksum and QOP. */
+		maj_stat = gss_verify_mic(&min_stat, ctx, &databuf,
+					  &wrapbuf, &qop_state);
+		free(wrapbuf.value);
+
+		if (maj_stat != GSS_S_COMPLETE || qop_state != qop) {
+			gss_release_buffer(&min_stat, &databuf);
+			log_status("gss_verify_mic", maj_stat, min_stat);
+			return (FALSE);
+		}
+	}
+	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
+		/* Decode databody_priv. */
+		if (!xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1)) {
+			log_debug("xdr decode databody_priv failed");
+			return (FALSE);
+		}
+		/* Decrypt databody. */
+		maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf,
+				      &conf_state, &qop_state);
+
+		free(wrapbuf.value);
+
+		/* Verify encryption and QOP. */
+		if (maj_stat != GSS_S_COMPLETE || qop_state != qop ||
+			conf_state != TRUE) {
+			gss_release_buffer(&min_stat, &databuf);
+			log_status("gss_unwrap", maj_stat, min_stat);
+			return (FALSE);
+		}
+	}
+	/* Decode rpc_gss_data_t (sequence number + arguments). */
+	xdrmem_create(&tmpxdrs, databuf.value, databuf.length, XDR_DECODE);
+	xdr_stat = (xdr_u_int32(&tmpxdrs, &seq_num) &&
+		    (*xdr_func)(&tmpxdrs, xdr_ptr));
+	XDR_DESTROY(&tmpxdrs);
+	gss_release_buffer(&min_stat, &databuf);
+
+	/* Verify sequence number. */
+	if (xdr_stat == TRUE && seq_num != seq) {
+		log_debug("wrong sequence number in databody");
+		return (FALSE);
+	}
+	return (xdr_stat);
+}
+
+bool_t
+xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
+		 gss_ctx_id_t ctx, gss_qop_t qop,
+		 rpc_gss_svc_t svc, uint32_t seq)
+{
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr,
+					      ctx, qop, svc, seq));
+	case XDR_DECODE:
+		return (xdr_rpc_gss_unwrap_data(xdrs, xdr_func, xdr_ptr,
+						ctx, qop,svc, seq));
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+#ifdef DEBUG
+#include <ctype.h>
+
+void
+log_debug(const char *fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	fprintf(stderr, "rpcsec_gss: ");
+	vfprintf(stderr, fmt, ap);
+	fprintf(stderr, "\n");
+	va_end(ap);
+}
+
+void
+log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+	OM_uint32 min, msg_ctx;
+	gss_buffer_desc msgg, msgm;
+
+	msg_ctx = 0;
+	gss_display_status(&min, maj_stat, GSS_C_GSS_CODE, GSS_C_NULL_OID,
+			   &msg_ctx, &msgg);
+	msg_ctx = 0;
+	gss_display_status(&min, min_stat, GSS_C_MECH_CODE, GSS_C_NULL_OID,
+			   &msg_ctx, &msgm);
+
+	log_debug("%s: %.*s - %.*s\n", m,
+		  msgg.length, (char *)msgg.value,
+		  msgm.length, (char *)msgm.value);
+
+	gss_release_buffer(&min, &msgg);
+	gss_release_buffer(&min, &msgm);
+}
+
+void
+log_hexdump(const u_char *buf, int len, int offset)
+{
+	u_int i, j, jm;
+	int c;
+
+	fprintf(stderr, "\n");
+	for (i = 0; i < len; i += 0x10) {
+		fprintf(stderr, "  %04x: ", (u_int)(i + offset));
+		jm = len - i;
+		jm = jm > 16 ? 16 : jm;
+
+		for (j = 0; j < jm; j++) {
+			if ((j % 2) == 1)
+				fprintf(stderr, "%02x ", (u_int) buf[i+j]);
+			else
+				fprintf(stderr, "%02x", (u_int) buf[i+j]);
+		}
+		for (; j < 16; j++) {
+			if ((j % 2) == 1) printf("   ");
+			else fprintf(stderr, "  ");
+		}
+		fprintf(stderr, " ");
+
+		for (j = 0; j < jm; j++) {
+			c = buf[i+j];
+			c = isprint(c) ? c : '.';
+			fprintf(stderr, "%c", c);
+		}
+		fprintf(stderr, "\n");
+	}
+}
+
+#else
+
+void
+log_debug(const char *fmt, ...)
+{
+}
+
+void
+log_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+}
+
+void
+log_hexdump(const u_char *buf, int len, int offset)
+{
+}
+
+#endif
diff --git a/krb5-1.21.3/src/lib/rpc/authunix_prot.c b/krb5-1.21.3/src/lib/rpc/authunix_prot.c
new file mode 100644
index 00000000..512d5a51
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/authunix_prot.c
@@ -0,0 +1,65 @@
+/* @(#)authunix_prot.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)authunix_prot.c 1.15 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * authunix_prot.c
+ * XDR for UNIX style authentication parameters for RPC
+ */
+
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/auth.h>
+#include <gssrpc/auth_unix.h>
+
+/*
+ * XDR for unix authentication parameters.
+ */
+bool_t
+xdr_authunix_parms(XDR *xdrs, struct authunix_parms *p)
+{
+
+	if (xdr_u_int32(xdrs, &(p->aup_time))
+	    && xdr_string(xdrs, &(p->aup_machname), MAX_MACHINE_NAME)
+	    && xdr_int(xdrs, &(p->aup_uid))
+	    && xdr_int(xdrs, &(p->aup_gid))
+	    && xdr_array(xdrs, (caddr_t *)&(p->aup_gids),
+		    &(p->aup_len), NGRPS, sizeof(int), xdr_int) ) {
+		return (TRUE);
+	}
+	return (FALSE);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/bindresvport.c b/krb5-1.21.3/src/lib/rpc/bindresvport.c
new file mode 100644
index 00000000..a421dd8e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/bindresvport.c
@@ -0,0 +1,92 @@
+/* lib/rpc/bindresvport.c */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/errno.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <gssrpc/rpc.h>
+#include <errno.h>
+#include "socket-utils.h"
+
+/*
+ * Bind a socket to a privileged IP port
+ */
+int
+bindresvport_sa(int sd, struct sockaddr *sa)
+{
+	int res;
+	static short port;
+	struct sockaddr_storage myaddr;
+	socklen_t salen;
+	int i;
+
+#define STARTPORT 600
+#define ENDPORT (IPPORT_RESERVED - 1)
+#define NPORTS	(ENDPORT - STARTPORT + 1)
+	if (sa == NULL) {
+		salen = sizeof(myaddr);
+		sa = ss2sa(&myaddr);
+		res = getsockname(sd, sa, &salen);
+		if (res < 0)
+			return (-1);
+	}
+	if (!sa_is_inet(sa)) {
+		errno = EPFNOSUPPORT;
+		return (-1);
+	}
+	if (port == 0) {
+		port = (getpid() % NPORTS) + STARTPORT;
+	}
+	res = -1;
+	errno = EADDRINUSE;
+	for (i = 0; i < NPORTS && res < 0 && errno == EADDRINUSE; i++) {
+		sa_setport(sa, port++);
+		if (port > ENDPORT) {
+			port = STARTPORT;
+		}
+		res = bind(sd, sa, sa_socklen(sa));
+	}
+	return (res);
+}
+
+int
+bindresvport(int sd, struct sockaddr_in *sockin)
+{
+	return (bindresvport_sa(sd, (struct sockaddr *)sockin));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/clnt_generic.c b/krb5-1.21.3/src/lib/rpc/clnt_generic.c
new file mode 100644
index 00000000..79831e1d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/clnt_generic.c
@@ -0,0 +1,110 @@
+/* @(#)clnt_generic.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)clnt_generic.c 1.4 87/08/11 (C) 1987 SMI";
+#endif
+
+#include "autoconf.h"
+#include <string.h>
+#include <gssrpc/rpc.h>
+#include <sys/socket.h>
+#include <sys/errno.h>
+#include <netdb.h>
+
+/*
+ * Generic client creation: takes (hostname, program-number, protocol) and
+ * returns client handle. Default options are set, which the user can
+ * change using the rpc equivalent of ioctl()'s.
+ */
+CLIENT *
+clnt_create(
+	char *hostname,
+	rpcprog_t prog,
+	rpcvers_t vers,
+	char *proto)
+{
+	struct hostent *h;
+	struct protoent *p;
+	struct sockaddr_in sockin;
+	int sock;
+	struct timeval tv;
+	CLIENT *client;
+
+	h = gethostbyname(hostname);
+	if (h == NULL) {
+		rpc_createerr.cf_stat = RPC_UNKNOWNHOST;
+		return (NULL);
+	}
+	if (h->h_addrtype != AF_INET) {
+		/*
+		 * Only support INET for now
+		 */
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = EAFNOSUPPORT;
+		return (NULL);
+	}
+	memset(&sockin, 0, sizeof(sockin));
+	sockin.sin_family = h->h_addrtype;
+	sockin.sin_port = 0;
+	memmove((char*)&sockin.sin_addr, h->h_addr, sizeof(sockin.sin_addr));
+	p = getprotobyname(proto);
+	if (p == NULL) {
+		rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
+		rpc_createerr.cf_error.re_errno = EPFNOSUPPORT;
+		return (NULL);
+	}
+	sock = RPC_ANYSOCK;
+	switch (p->p_proto) {
+	case IPPROTO_UDP:
+		tv.tv_sec = 5;
+		tv.tv_usec = 0;
+		client = clntudp_create(&sockin, prog, vers, tv, &sock);
+		if (client == NULL) {
+			return (NULL);
+		}
+		break;
+	case IPPROTO_TCP:
+		client = clnttcp_create(&sockin, prog, vers, &sock, 0, 0);
+		if (client == NULL) {
+			return (NULL);
+		}
+		break;
+	default:
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = EPFNOSUPPORT;
+		return (NULL);
+	}
+	return (client);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/clnt_perror.c b/krb5-1.21.3/src/lib/rpc/clnt_perror.c
new file mode 100644
index 00000000..fcc36574
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/clnt_perror.c
@@ -0,0 +1,350 @@
+/* @(#)clnt_perror.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)clnt_perror.c 1.15 87/10/07 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * clnt_perror.c
+ */
+#include "autoconf.h"
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <gssrpc/types.h>
+#include <gssrpc/auth.h>
+#include <gssrpc/clnt.h>
+
+#ifndef HAVE_STRERROR
+#ifdef NEED_SYS_ERRLIST
+extern char *sys_errlist[];
+#endif
+extern int sys_nerr;
+#undef strerror
+#define strerror(N) (((N) > 0 && (N) < sys_nerr) ? sys_errlist[N] : (char *)0)
+#endif /* HAVE_STRERROR */
+static char *auth_errmsg(enum auth_stat);
+
+
+
+static char *buf;
+
+static char *
+get_buf(void)
+{
+	if (buf == NULL)
+		buf = (char *)malloc(BUFSIZ);
+	return (buf);
+}
+
+/*
+ * Print reply error info
+ */
+char *
+clnt_sperror(CLIENT *rpch, char *s)
+{
+	struct rpc_err e;
+	void clnt_perrno();
+	char *err;
+	char *bufstart = get_buf();
+	char *str = bufstart;
+	char *strstart = str;
+	char *strend;
+
+	if (str == 0)
+		return (0);
+	strend = str + BUFSIZ;
+	CLNT_GETERR(rpch, &e);
+
+	strncpy (str, s, BUFSIZ - 1);
+	str[BUFSIZ - 1] = 0;
+	strncat (str, ": ", BUFSIZ - 1 - strlen (bufstart));
+	str += strlen(str);
+	strncat (str, clnt_sperrno(e.re_status), BUFSIZ - 1 - strlen (bufstart));
+	strstart[BUFSIZ - 1] = '\0';
+	str += strlen(str);
+
+	switch (e.re_status) {
+	case RPC_SUCCESS:
+	case RPC_CANTENCODEARGS:
+	case RPC_CANTDECODERES:
+	case RPC_TIMEDOUT:
+	case RPC_PROGUNAVAIL:
+	case RPC_PROCUNAVAIL:
+	case RPC_CANTDECODEARGS:
+	case RPC_SYSTEMERROR:
+	case RPC_UNKNOWNHOST:
+	case RPC_UNKNOWNPROTO:
+	case RPC_PMAPFAILURE:
+	case RPC_PROGNOTREGISTERED:
+	case RPC_FAILED:
+		break;
+
+	case RPC_CANTSEND:
+	case RPC_CANTRECV:
+		/* 10 for the string */
+		if (str - bufstart + 10 + strlen(strerror(e.re_errno)) < BUFSIZ)
+		    (void) snprintf(str, strend-str, "; errno = %s",
+				    strerror(e.re_errno));
+		str += strlen(str);
+		break;
+
+	case RPC_VERSMISMATCH:
+		/* 33 for the string, 22 for the numbers */
+		if(str - bufstart + 33 + 22 < BUFSIZ)
+		    (void) snprintf(str, strend-str,
+				    "; low version = %lu, high version = %lu",
+				    (u_long) e.re_vers.low,
+				    (u_long) e.re_vers.high);
+		str += strlen(str);
+		break;
+
+	case RPC_AUTHERROR:
+		err = auth_errmsg(e.re_why);
+		/* 8 for the string */
+		if(str - bufstart + 8 < BUFSIZ)
+		    (void) snprintf(str, strend-str, "; why = ");
+		str += strlen(str);
+		if (err != NULL) {
+			if(str - bufstart + strlen(err) < BUFSIZ)
+			    (void) snprintf(str, strend-str, "%s",err);
+		} else {
+		    /* 33 for the string, 11 for the number */
+		    if(str - bufstart + 33 + 11 < BUFSIZ)
+			(void) snprintf(str, strend-str,
+					"(unknown authentication error - %d)",
+					(int) e.re_why);
+		}
+		str += strlen(str);
+		break;
+
+	case RPC_PROGVERSMISMATCH:
+		/* 33 for the string, 22 for the numbers */
+		if(str - bufstart + 33 + 22 < BUFSIZ)
+		    (void) snprintf(str, strend-str,
+				    "; low version = %lu, high version = %lu",
+				    (u_long) e.re_vers.low,
+				    (u_long) e.re_vers.high);
+		str += strlen(str);
+		break;
+
+	default:	/* unknown */
+		/* 14 for the string, 22 for the numbers */
+		if(str - bufstart + 14 + 22 < BUFSIZ)
+		    (void) snprintf(str, strend-str,
+				    "; s1 = %lu, s2 = %lu",
+				    (u_long) e.re_lb.s1,
+				    (u_long) e.re_lb.s2);
+		str += strlen(str);
+		break;
+	}
+	if (str - bufstart + 1 < BUFSIZ)
+	    (void) snprintf(str, strend-str, "\n");
+	return(strstart) ;
+}
+
+void
+clnt_perror(CLIENT *rpch, char *s)
+{
+	(void) fprintf(stderr,"%s",clnt_sperror(rpch,s));
+}
+
+
+struct rpc_errtab {
+	enum clnt_stat status;
+	char *message;
+};
+
+static struct rpc_errtab  rpc_errlist[] = {
+	{ RPC_SUCCESS,
+		"RPC: Success" },
+	{ RPC_CANTENCODEARGS,
+		"RPC: Can't encode arguments" },
+	{ RPC_CANTDECODERES,
+		"RPC: Can't decode result" },
+	{ RPC_CANTSEND,
+		"RPC: Unable to send" },
+	{ RPC_CANTRECV,
+		"RPC: Unable to receive" },
+	{ RPC_TIMEDOUT,
+		"RPC: Timed out" },
+	{ RPC_VERSMISMATCH,
+		"RPC: Incompatible versions of RPC" },
+	{ RPC_AUTHERROR,
+		"RPC: Authentication error" },
+	{ RPC_PROGUNAVAIL,
+		"RPC: Program unavailable" },
+	{ RPC_PROGVERSMISMATCH,
+		"RPC: Program/version mismatch" },
+	{ RPC_PROCUNAVAIL,
+		"RPC: Procedure unavailable" },
+	{ RPC_CANTDECODEARGS,
+		"RPC: Server can't decode arguments" },
+	{ RPC_SYSTEMERROR,
+		"RPC: Remote system error" },
+	{ RPC_UNKNOWNHOST,
+		"RPC: Unknown host" },
+	{ RPC_UNKNOWNPROTO,
+		"RPC: Unknown protocol" },
+	{ RPC_PMAPFAILURE,
+		"RPC: Port mapper failure" },
+	{ RPC_PROGNOTREGISTERED,
+		"RPC: Program not registered"},
+	{ RPC_FAILED,
+		"RPC: Failed (unspecified error)"}
+};
+
+
+/*
+ * This interface for use by clntrpc
+ */
+char *
+clnt_sperrno(enum clnt_stat stat)
+{
+	unsigned int i;
+
+	for (i = 0; i < sizeof(rpc_errlist)/sizeof(struct rpc_errtab); i++) {
+		if (rpc_errlist[i].status == stat) {
+			return (rpc_errlist[i].message);
+		}
+	}
+	return ("RPC: (unknown error code)");
+}
+
+void
+clnt_perrno(enum clnt_stat num)
+{
+	(void) fprintf(stderr,"%s",clnt_sperrno(num));
+}
+
+
+char *
+clnt_spcreateerror(char *s)
+{
+	char *str = get_buf();
+	char *strend;
+
+	if (str == 0)
+		return(0);
+	strend = str+BUFSIZ;
+	(void) snprintf(str, strend-str, "%s: ", s);
+	str[BUFSIZ - 1] = '\0';
+	(void) strncat(str, clnt_sperrno(rpc_createerr.cf_stat), BUFSIZ - 1);
+	switch (rpc_createerr.cf_stat) {
+	case RPC_PMAPFAILURE:
+		(void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
+		(void) strncat(str,
+		    clnt_sperrno(rpc_createerr.cf_error.re_status),
+		    BUFSIZ - 1 - strlen(str));
+		break;
+
+	case RPC_SYSTEMERROR:
+		(void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
+		{
+		    const char *m = strerror(rpc_createerr.cf_error.re_errno);
+		    if (m)
+			(void) strncat(str, m, BUFSIZ - 1 - strlen(str));
+		    else
+			(void) snprintf(&str[strlen(str)], BUFSIZ - strlen(str),
+					"Error %d",
+					rpc_createerr.cf_error.re_errno);
+		}
+		break;
+
+	case RPC_CANTSEND:
+	case RPC_CANTDECODERES:
+	case RPC_CANTENCODEARGS:
+	case RPC_SUCCESS:
+	case RPC_UNKNOWNPROTO:
+	case RPC_PROGNOTREGISTERED:
+	case RPC_FAILED:
+	case RPC_UNKNOWNHOST:
+	case RPC_CANTDECODEARGS:
+	case RPC_PROCUNAVAIL:
+	case RPC_PROGVERSMISMATCH:
+	case RPC_PROGUNAVAIL:
+	case RPC_AUTHERROR:
+	case RPC_VERSMISMATCH:
+	case RPC_TIMEDOUT:
+	case RPC_CANTRECV:
+	default:
+	    break;
+	}
+	(void) strncat(str, "\n", BUFSIZ - 1 - strlen(str));
+	return (str);
+}
+
+void
+clnt_pcreateerror(char *s)
+{
+	(void) fprintf(stderr,"%s",clnt_spcreateerror(s));
+}
+
+struct auth_errtab {
+	enum auth_stat status;
+	char *message;
+};
+
+static struct auth_errtab auth_errlist[] = {
+	{ AUTH_OK,
+		"Authentication OK" },
+	{ AUTH_BADCRED,
+		"Invalid client credential" },
+	{ AUTH_REJECTEDCRED,
+		"Server rejected credential" },
+	{ AUTH_BADVERF,
+		"Invalid client verifier" },
+	{ AUTH_REJECTEDVERF,
+		"Server rejected verifier" },
+	{ AUTH_TOOWEAK,
+		"Client credential too weak" },
+	{ AUTH_INVALIDRESP,
+		"Invalid server verifier" },
+	{ AUTH_FAILED,
+		"Failed (unspecified error)" },
+};
+
+static char *
+auth_errmsg(enum auth_stat stat)
+{
+	unsigned int i;
+
+	for (i = 0; i < sizeof(auth_errlist)/sizeof(struct auth_errtab); i++) {
+		if (auth_errlist[i].status == stat) {
+			return(auth_errlist[i].message);
+		}
+	}
+	return(NULL);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/clnt_raw.c b/krb5-1.21.3/src/lib/rpc/clnt_raw.c
new file mode 100644
index 00000000..dcbb5cf2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/clnt_raw.c
@@ -0,0 +1,272 @@
+/* @(#)clnt_raw.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)clnt_raw.c 1.22 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * clnt_raw.c
+ *
+ * Memory based rpc for simple testing and timing.
+ * Interface to create an rpc client and server in the same process.
+ * This lets us similate rpc and get round trip overhead, without
+ * any interference from the kernel.
+ */
+
+#include <gssrpc/rpc.h>
+
+#define MCALL_MSG_SIZE 24
+
+/*
+ * This is the "network" we will be moving stuff over.
+ */
+static struct clntraw_private {
+	CLIENT	client_object;
+	XDR	xdr_stream;
+	char	_raw_buf[UDPMSGSIZE];
+        union {
+	  struct rpc_msg    mashl_rpcmsg;
+	  char	            mashl_callmsg[MCALL_MSG_SIZE];
+	} u;
+	u_int	mcnt;
+} *clntraw_private;
+
+static enum clnt_stat	clntraw_call(CLIENT *, rpcproc_t, xdrproc_t,
+				     void *, xdrproc_t, void *,
+				     struct timeval);
+static void		clntraw_abort(CLIENT *);
+static void		clntraw_geterr(CLIENT *, struct rpc_err *);
+static bool_t		clntraw_freeres(CLIENT *, xdrproc_t, void *);
+static bool_t		clntraw_control(CLIENT *, int, void *);
+static void		clntraw_destroy(CLIENT *);
+
+static struct clnt_ops client_ops = {
+	clntraw_call,
+	clntraw_abort,
+	clntraw_geterr,
+	clntraw_freeres,
+	clntraw_destroy,
+	clntraw_control
+};
+
+void	svc_getreq();
+
+/*
+ * Create a client handle for memory based rpc.
+ */
+CLIENT *
+clntraw_create(
+	rpcprog_t prog,
+	rpcvers_t vers)
+{
+	struct clntraw_private *clp;
+	struct rpc_msg call_msg;
+	XDR *xdrs;
+	CLIENT *client;
+
+	if (clntraw_private == NULL) {
+		clntraw_private = calloc(1, sizeof(*clp));
+		if (clntraw_private == NULL)
+			return (NULL);
+	}
+	clp = clntraw_private;
+	xdrs = &clp->xdr_stream;
+	client = &clp->client_object;
+	/*
+	 * pre-serialize the staic part of the call msg and stash it away
+	 */
+	call_msg.rm_direction = CALL;
+	call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
+	call_msg.rm_call.cb_prog = prog;
+	call_msg.rm_call.cb_vers = vers;
+	xdrmem_create(xdrs, clp->u.mashl_callmsg, MCALL_MSG_SIZE, XDR_ENCODE);
+	if (! xdr_callhdr(xdrs, &call_msg)) {
+		perror("clnt_raw.c - Fatal header serialization error.");
+	}
+	clp->mcnt = XDR_GETPOS(xdrs);
+	XDR_DESTROY(xdrs);
+
+	/*
+	 * Set xdrmem for client/server shared buffer
+	 */
+	xdrmem_create(xdrs, clp->_raw_buf, UDPMSGSIZE, XDR_FREE);
+
+	/*
+	 * create client handle
+	 */
+	client->cl_ops = &client_ops;
+	client->cl_auth = authnone_create();
+	return (client);
+}
+
+static enum clnt_stat
+clntraw_call(
+	CLIENT *h,
+	rpcproc_t proc,
+	xdrproc_t xargs,
+	void * argsp,
+	xdrproc_t xresults,
+	void * resultsp,
+	struct timeval timeout)
+{
+	struct clntraw_private *clp = clntraw_private;
+	XDR *xdrs = &clp->xdr_stream;
+	struct rpc_msg msg;
+	enum clnt_stat status;
+	struct rpc_err error;
+	long procl = proc;
+
+	if (clp == 0)
+		return (RPC_FAILED);
+call_again:
+	/*
+	 * send request
+	 */
+	xdrs->x_op = XDR_ENCODE;
+	XDR_SETPOS(xdrs, 0);
+	clp->u.mashl_rpcmsg.rm_xid ++ ;
+	if ((! XDR_PUTBYTES(xdrs, clp->u.mashl_callmsg, clp->mcnt)) ||
+	    (! XDR_PUTLONG(xdrs, &procl)) ||
+	    (! AUTH_MARSHALL(h->cl_auth, xdrs)) ||
+	    (! (*xargs)(xdrs, argsp))) {
+		return (RPC_CANTENCODEARGS);
+	}
+	(void)XDR_GETPOS(xdrs);  /* called just to cause overhead */
+
+	/*
+	 * We have to call server input routine here because this is
+	 * all going on in one process. Yuk.
+	 */
+	svc_getreq(1);
+
+	/*
+	 * get results
+	 */
+	xdrs->x_op = XDR_DECODE;
+	XDR_SETPOS(xdrs, 0);
+	msg.acpted_rply.ar_verf = gssrpc__null_auth;
+	msg.acpted_rply.ar_results.where = resultsp;
+	msg.acpted_rply.ar_results.proc = xresults;
+	if (! xdr_replymsg(xdrs, &msg)) {
+		/*
+		 * It's possible for xdr_replymsg() to fail partway
+		 * through its attempt to decode the result from the
+		 * server. If this happens, it will leave the reply
+		 * structure partially populated with dynamically
+		 * allocated memory. (This can happen if someone uses
+		 * clntudp_bufcreate() to create a CLIENT handle and
+		 * specifies a receive buffer size that is too small.)
+		 * This memory must be free()ed to avoid a leak.
+		 */
+		enum xdr_op op = xdrs->x_op;
+		xdrs->x_op = XDR_FREE;
+		xdr_replymsg(xdrs, &msg);
+		xdrs->x_op = op;
+		return (RPC_CANTDECODERES);
+	}
+	gssrpc__seterr_reply(&msg, &error);
+	status = error.re_status;
+
+	if (status == RPC_SUCCESS) {
+		if (! AUTH_VALIDATE(h->cl_auth, &msg.acpted_rply.ar_verf)) {
+			status = RPC_AUTHERROR;
+		}
+	}  /* end successful completion */
+	else {
+		if (AUTH_REFRESH(h->cl_auth, &msg))
+			goto call_again;
+	}  /* end of unsuccessful completion */
+
+	if (status == RPC_SUCCESS) {
+		if (! AUTH_VALIDATE(h->cl_auth, &msg.acpted_rply.ar_verf)) {
+			status = RPC_AUTHERROR;
+		}
+		if (msg.acpted_rply.ar_verf.oa_base != NULL) {
+			xdrs->x_op = XDR_FREE;
+			(void)xdr_opaque_auth(xdrs, &(msg.acpted_rply.ar_verf));
+		}
+	}
+
+	return (status);
+}
+
+/*ARGSUSED*/
+static void
+clntraw_geterr(
+	CLIENT *cl,
+	struct rpc_err *err)
+{
+}
+
+
+static bool_t
+clntraw_freeres(
+	CLIENT *cl,
+	xdrproc_t xdr_res,
+	void *res_ptr)
+{
+	struct clntraw_private *clp = clntraw_private;
+	XDR *xdrs = &clp->xdr_stream;
+	bool_t rval;
+
+	if (clp == 0)
+	{
+		rval = (bool_t) RPC_FAILED;
+		return (rval);
+	}
+	xdrs->x_op = XDR_FREE;
+	return ((*xdr_res)(xdrs, res_ptr));
+}
+
+/*ARGSUSED*/
+static void
+clntraw_abort(CLIENT *cl)
+{
+}
+
+/*ARGSUSED*/
+static bool_t
+clntraw_control(
+	CLIENT *cl,
+	int request,
+	void *info)
+{
+	return (FALSE);
+}
+
+/*ARGSUSED*/
+static void
+clntraw_destroy(CLIENT *cl)
+{
+}
diff --git a/krb5-1.21.3/src/lib/rpc/clnt_simple.c b/krb5-1.21.3/src/lib/rpc/clnt_simple.c
new file mode 100644
index 00000000..39186e58
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/clnt_simple.c
@@ -0,0 +1,131 @@
+/* @(#)clnt_simple.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)clnt_simple.c 1.35 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * clnt_simple.c
+ * Simplified front end to rpc.
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+/* for close() */
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <string.h>
+#include <port-sockets.h>
+
+static struct callrpc_private {
+	CLIENT	*client;
+        SOCKET  socket;
+	rpcprog_t oldprognum;
+	rpcvers_t oldversnum;
+	int	valid;
+	char	*oldhost;
+} *callrpc_private;
+
+int
+callrpc(
+	char *host,
+	rpcprog_t prognum,
+	rpcvers_t versnum,
+	rpcproc_t procnum,
+	xdrproc_t inproc,
+	char *in,
+	xdrproc_t outproc,
+	char *out)
+{
+	struct callrpc_private *crp = callrpc_private;
+	struct sockaddr_in server_addr;
+	enum clnt_stat clnt_stat;
+	struct hostent *hp;
+	struct timeval timeout, tottimeout;
+
+	if (crp == 0) {
+		crp = (struct callrpc_private *)calloc(1, sizeof (*crp));
+		if (crp == 0)
+			return (0);
+		callrpc_private = crp;
+	}
+	if (crp->oldhost == NULL) {
+		crp->oldhost = mem_alloc(256);
+		if (crp->oldhost == 0)
+		    return 0;
+		crp->oldhost[0] = 0;
+		crp->socket = RPC_ANYSOCK;
+	}
+	if (crp->valid && crp->oldprognum == prognum && crp->oldversnum == versnum
+		&& strcmp(crp->oldhost, host) == 0) {
+		/* reuse old client */
+	} else {
+		crp->valid = 0;
+                (void)closesocket(crp->socket);
+		crp->socket = RPC_ANYSOCK;
+		if (crp->client) {
+			clnt_destroy(crp->client);
+			crp->client = NULL;
+		}
+		if ((hp = gethostbyname(host)) == NULL)
+			return ((int) RPC_UNKNOWNHOST);
+		timeout.tv_usec = 0;
+		timeout.tv_sec = 5;
+		memset(&server_addr, 0, sizeof(server_addr));
+		memmove((char *)&server_addr.sin_addr, hp->h_addr,
+			sizeof(server_addr.sin_addr));
+		server_addr.sin_family = AF_INET;
+		server_addr.sin_port =  0;
+		if ((crp->client = clntudp_create(&server_addr, prognum,
+		    versnum, timeout, &crp->socket)) == NULL)
+			return ((int) rpc_createerr.cf_stat);
+		crp->valid = 1;
+		crp->oldprognum = prognum;
+		crp->oldversnum = versnum;
+		(void) strncpy(crp->oldhost, host, 255);
+		crp->oldhost[255] = '\0';
+	}
+	tottimeout.tv_sec = 25;
+	tottimeout.tv_usec = 0;
+	clnt_stat = clnt_call(crp->client, procnum, inproc, in,
+	    outproc, out, tottimeout);
+	/*
+	 * if call failed, empty cache
+	 */
+	if (clnt_stat != RPC_SUCCESS)
+		crp->valid = 0;
+	return ((int) clnt_stat);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/clnt_tcp.c b/krb5-1.21.3/src/lib/rpc/clnt_tcp.c
new file mode 100644
index 00000000..dbd62d0a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/clnt_tcp.c
@@ -0,0 +1,509 @@
+/* @(#)clnt_tcp.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * clnt_tcp.c, Implements a TCP/IP based, client side RPC.
+ *
+ * TCP based RPC supports 'batched calls'.
+ * A sequence of calls may be batched-up in a send buffer.  The rpc call
+ * return immediately to the client even though the call was not necessarily
+ * sent.  The batching occurs if the results' xdr routine is NULL (0) AND
+ * the rpc timeout value is zero (see clnt.h, rpc).
+ *
+ * Clients should NOT casually batch calls that in fact return results; that is,
+ * the server side should be aware that a call is batched and not produce any
+ * return message.  Batched calls that produce many result messages can
+ * deadlock (netlock) the client and the server....
+ *
+ * Now go hang yourself.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <string.h>
+#include <gssrpc/pmap_clnt.h>
+/* FD_ZERO may need memset declaration (e.g., Solaris 9) */
+#include <string.h>
+#include <port-sockets.h>
+
+#define MCALL_MSG_SIZE 24
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+static enum clnt_stat	clnttcp_call(CLIENT *, rpcproc_t, xdrproc_t, void *,
+				     xdrproc_t, void *, struct timeval);
+static void		clnttcp_abort(CLIENT *);
+static void		clnttcp_geterr(CLIENT *, struct rpc_err *);
+static bool_t		clnttcp_freeres(CLIENT *, xdrproc_t, void *);
+static bool_t           clnttcp_control(CLIENT *, int, void *);
+static void		clnttcp_destroy(CLIENT *);
+
+static struct clnt_ops tcp_ops = {
+	clnttcp_call,
+	clnttcp_abort,
+	clnttcp_geterr,
+	clnttcp_freeres,
+	clnttcp_destroy,
+	clnttcp_control
+};
+
+struct ct_data {
+	int		ct_sock;
+	bool_t		ct_closeit;
+	struct timeval	ct_wait;
+	bool_t          ct_waitset;       /* wait set by clnt_control? */
+	struct sockaddr_in ct_addr;
+	struct rpc_err	ct_error;
+	union {
+	  char		ct_mcall[MCALL_MSG_SIZE];	/* marshalled callmsg */
+	  uint32_t   ct_mcalli;
+	} ct_u;
+	u_int		ct_mpos;			/* pos after marshal */
+	XDR		ct_xdrs;
+};
+
+static int	readtcp(char *, caddr_t, int);
+static int	writetcp(char *, caddr_t, int);
+
+
+/*
+ * Create a client handle for a tcp/ip connection.
+ * If *sockp<0, *sockp is set to a newly created TCP socket and it is
+ * connected to raddr.  If *sockp non-negative then
+ * raddr is ignored.  The rpc/tcp package does buffering
+ * similar to stdio, so the client must pick send and receive buffer sizes,];
+ * 0 => use the default.
+ * If raddr->sin_port is 0, then a binder on the remote machine is
+ * consulted for the right port number.
+ * NB: *sockp is copied into a private area.
+ * NB: It is the clients responsibility to close *sockp.
+ * NB: The rpch->cl_auth is set null authentication.  Caller may wish to set this
+ * something more useful.
+ */
+CLIENT *
+clnttcp_create(
+	struct sockaddr_in *raddr,
+	rpcprog_t prog,
+	rpcvers_t vers,
+        SOCKET *sockp,
+	u_int sendsz,
+	u_int recvsz)
+{
+	CLIENT *h;
+	struct ct_data *ct = 0;
+	struct timeval now;
+	struct rpc_msg call_msg;
+
+	h  = (CLIENT *)mem_alloc(sizeof(*h));
+	if (h == NULL) {
+		(void)fprintf(stderr, "clnttcp_create: out of memory\n");
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = errno;
+		goto fooy;
+	}
+	ct = (struct ct_data *)mem_alloc(sizeof(*ct));
+	if (ct == NULL) {
+		(void)fprintf(stderr, "clnttcp_create: out of memory\n");
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = errno;
+		goto fooy;
+	}
+
+	/*
+	 * If no port number given ask the pmap for one
+	 */
+	if (raddr != NULL && raddr->sin_port == 0) {
+		u_short port;
+		if ((port = pmap_getport(raddr, prog, vers, IPPROTO_TCP)) == 0) {
+			mem_free((caddr_t)ct, sizeof(struct ct_data));
+			mem_free((caddr_t)h, sizeof(CLIENT));
+			return ((CLIENT *)NULL);
+		}
+		raddr->sin_port = htons(port);
+	}
+
+	/*
+	 * If no socket given, open one
+	 */
+	if (*sockp < 0) {
+		*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+		(void)bindresvport_sa(*sockp, NULL);
+		if (*sockp < 0 || raddr == NULL ||
+		    connect(*sockp, (struct sockaddr *)raddr,
+			    sizeof(*raddr)) < 0) {
+			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+			rpc_createerr.cf_error.re_errno = errno;
+                        (void)closesocket(*sockp);
+			goto fooy;
+		}
+		ct->ct_closeit = TRUE;
+	} else {
+		ct->ct_closeit = FALSE;
+	}
+
+	/*
+	 * Set up private data struct
+	 */
+	ct->ct_sock = *sockp;
+	ct->ct_wait.tv_usec = 0;
+	ct->ct_waitset = FALSE;
+	if (raddr == NULL) {
+	    /* Get the remote address from the socket, if it's IPv4. */
+	    struct sockaddr_in sin;
+	    socklen_t len = sizeof(sin);
+	    int ret = getpeername(ct->ct_sock, (struct sockaddr *)&sin, &len);
+	    if (ret == 0 && len == sizeof(sin) && sin.sin_family == AF_INET)
+		ct->ct_addr = sin;
+	    else
+		memset(&ct->ct_addr, 0, sizeof(ct->ct_addr));
+	} else
+	    ct->ct_addr = *raddr;
+
+	/*
+	 * Initialize call message
+	 */
+	(void)gettimeofday(&now, (struct timezone *)0);
+	call_msg.rm_xid = getpid() ^ now.tv_sec ^ now.tv_usec;
+	call_msg.rm_direction = CALL;
+	call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
+	call_msg.rm_call.cb_prog = prog;
+	call_msg.rm_call.cb_vers = vers;
+
+	/*
+	 * pre-serialize the staic part of the call msg and stash it away
+	 */
+	xdrmem_create(&(ct->ct_xdrs), ct->ct_u.ct_mcall, MCALL_MSG_SIZE,
+	    XDR_ENCODE);
+	if (! xdr_callhdr(&(ct->ct_xdrs), &call_msg)) {
+		if (ct->ct_closeit)
+                        (void)closesocket(*sockp);
+		goto fooy;
+	}
+	ct->ct_mpos = XDR_GETPOS(&(ct->ct_xdrs));
+	XDR_DESTROY(&(ct->ct_xdrs));
+
+	/*
+	 * Create a client handle which uses xdrrec for serialization
+	 * and authnone for authentication.
+	 */
+	xdrrec_create(&(ct->ct_xdrs), sendsz, recvsz,
+	    (caddr_t)ct, readtcp, writetcp);
+	h->cl_ops = &tcp_ops;
+	h->cl_private = (caddr_t) ct;
+	h->cl_auth = authnone_create();
+	return (h);
+
+fooy:
+	/*
+	 * Something goofed, free stuff and barf
+	 */
+	mem_free((caddr_t)ct, sizeof(struct ct_data));
+	mem_free((caddr_t)h, sizeof(CLIENT));
+	return ((CLIENT *)NULL);
+}
+
+static enum clnt_stat
+clnttcp_call(
+	CLIENT *h,
+	rpcproc_t proc,
+	xdrproc_t xdr_args,
+	void * args_ptr,
+	xdrproc_t xdr_results,
+	void * results_ptr,
+	struct timeval timeout)
+{
+	struct ct_data *ct = h->cl_private;
+	XDR *xdrs = &ct->ct_xdrs;
+	struct rpc_msg reply_msg;
+	uint32_t x_id;
+	uint32_t *msg_x_id = &ct->ct_u.ct_mcalli;	/* yuk */
+	bool_t shipnow;
+	int refreshes = 2;
+	long procl = proc;
+
+	if (!ct->ct_waitset) {
+		ct->ct_wait = timeout;
+	}
+
+	shipnow =
+	    (xdr_results == (xdrproc_t)0 && timeout.tv_sec == 0
+	    && timeout.tv_usec == 0) ? FALSE : TRUE;
+
+call_again:
+	xdrs->x_op = XDR_ENCODE;
+	ct->ct_error.re_status = RPC_SUCCESS;
+	x_id = ntohl(--(*msg_x_id));
+	if ((! XDR_PUTBYTES(xdrs, ct->ct_u.ct_mcall, ct->ct_mpos)) ||
+	    (! XDR_PUTLONG(xdrs, &procl)) ||
+	    (! AUTH_MARSHALL(h->cl_auth, xdrs)) ||
+	    (! AUTH_WRAP(h->cl_auth, xdrs, xdr_args, args_ptr))) {
+		if (ct->ct_error.re_status == RPC_SUCCESS)
+			ct->ct_error.re_status = RPC_CANTENCODEARGS;
+		(void)xdrrec_endofrecord(xdrs, TRUE);
+		return (ct->ct_error.re_status);
+	}
+	if (! xdrrec_endofrecord(xdrs, shipnow))
+		return (ct->ct_error.re_status = RPC_CANTSEND);
+	if (! shipnow)
+		return (RPC_SUCCESS);
+	/*
+	 * Hack to provide rpc-based message passing
+	 */
+	if (timeout.tv_sec == 0 && timeout.tv_usec == 0) {
+		return(ct->ct_error.re_status = RPC_TIMEDOUT);
+	}
+
+
+	/*
+	 * Keep receiving until we get a valid transaction id
+	 */
+	xdrs->x_op = XDR_DECODE;
+	while (TRUE) {
+		reply_msg.acpted_rply.ar_verf = gssrpc__null_auth;
+		reply_msg.acpted_rply.ar_results.where = NULL;
+		reply_msg.acpted_rply.ar_results.proc = xdr_void;
+		if (! xdrrec_skiprecord(xdrs))
+			return (ct->ct_error.re_status);
+		/* now decode and validate the response header */
+		if (! xdr_replymsg(xdrs, &reply_msg)) {
+			/*
+			 * Free some stuff allocated by xdr_replymsg()
+			 * to avoid leaks, since it may allocate
+			 * memory from partially successful decodes.
+			 */
+			enum xdr_op op = xdrs->x_op;
+			xdrs->x_op = XDR_FREE;
+			xdr_replymsg(xdrs, &reply_msg);
+			xdrs->x_op = op;
+			if (ct->ct_error.re_status == RPC_SUCCESS)
+				continue;
+			return (ct->ct_error.re_status);
+		}
+		if (reply_msg.rm_xid == x_id)
+			break;
+	}
+
+	/*
+	 * process header
+	 */
+	gssrpc__seterr_reply(&reply_msg, &(ct->ct_error));
+	if (ct->ct_error.re_status == RPC_SUCCESS) {
+		if (! AUTH_VALIDATE(h->cl_auth, &reply_msg.acpted_rply.ar_verf)) {
+			ct->ct_error.re_status = RPC_AUTHERROR;
+			ct->ct_error.re_why = AUTH_INVALIDRESP;
+		} else if (! AUTH_UNWRAP(h->cl_auth, xdrs,
+					 xdr_results, results_ptr)) {
+			if (ct->ct_error.re_status == RPC_SUCCESS)
+				ct->ct_error.re_status = RPC_CANTDECODERES;
+		}
+	}  /* end successful completion */
+	else {
+		/* maybe our credentials need to be refreshed ... */
+		if (refreshes-- && AUTH_REFRESH(h->cl_auth, &reply_msg))
+			goto call_again;
+	}  /* end of unsuccessful completion */
+	/* free verifier ... */
+	if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
+	    (reply_msg.acpted_rply.ar_verf.oa_base != NULL)) {
+	    xdrs->x_op = XDR_FREE;
+	    (void)xdr_opaque_auth(xdrs, &(reply_msg.acpted_rply.ar_verf));
+	}
+	return (ct->ct_error.re_status);
+}
+
+static void
+clnttcp_geterr(
+	CLIENT *h,
+	struct rpc_err *errp)
+{
+	struct ct_data *ct = h->cl_private;
+
+	*errp = ct->ct_error;
+}
+
+static bool_t
+clnttcp_freeres(
+	CLIENT *cl,
+	xdrproc_t xdr_res,
+	void * res_ptr)
+{
+	struct ct_data *ct = cl->cl_private;
+	XDR *xdrs = &ct->ct_xdrs;
+
+	xdrs->x_op = XDR_FREE;
+	return ((*xdr_res)(xdrs, res_ptr));
+}
+
+/*ARGSUSED*/
+static void
+clnttcp_abort(CLIENT *cl)
+{
+}
+
+static bool_t
+clnttcp_control(
+	CLIENT *cl,
+	int request,
+	void *info)
+{
+	struct ct_data *ct = cl->cl_private;
+	GETSOCKNAME_ARG3_TYPE len;
+
+	switch (request) {
+	case CLSET_TIMEOUT:
+		ct->ct_wait = *(struct timeval *)info;
+		ct->ct_waitset = TRUE;
+		break;
+	case CLGET_TIMEOUT:
+		*(struct timeval *)info = ct->ct_wait;
+		break;
+	case CLGET_SERVER_ADDR:
+		*(struct sockaddr_in *)info = ct->ct_addr;
+		break;
+	case CLGET_LOCAL_ADDR:
+		len = sizeof(struct sockaddr);
+		if (getsockname(ct->ct_sock, (struct sockaddr*)info, &len) < 0)
+		     return FALSE;
+		else
+		     return TRUE;
+	default:
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+
+static void
+clnttcp_destroy(CLIENT *h)
+{
+	struct ct_data *ct = h->cl_private;
+
+	if (ct->ct_closeit)
+                (void)closesocket(ct->ct_sock);
+	XDR_DESTROY(&(ct->ct_xdrs));
+	mem_free((caddr_t)ct, sizeof(struct ct_data));
+	mem_free((caddr_t)h, sizeof(CLIENT));
+}
+
+/*
+ * Interface between xdr serializer and tcp connection.
+ * Behaves like the system calls, read & write, but keeps some error state
+ * around for the rpc level.
+ */
+static int
+readtcp(
+        char *ctptr,
+	caddr_t buf,
+	int len)
+{
+  struct ct_data *ct = (void *)ctptr;
+  struct timeval tout;
+#ifdef FD_SETSIZE
+	fd_set mask;
+	fd_set readfds;
+
+	if (len == 0)
+		return (0);
+	FD_ZERO(&mask);
+	FD_SET(ct->ct_sock, &mask);
+#else
+	int mask = 1 << (ct->ct_sock);
+	int readfds;
+
+	if (len == 0)
+		return (0);
+
+#endif /* def FD_SETSIZE */
+	while (TRUE) {
+		readfds = mask;
+		tout = ct->ct_wait;
+		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set*)NULL, (fd_set*)NULL,
+			       &tout)) {
+		case 0:
+			ct->ct_error.re_status = RPC_TIMEDOUT;
+			return (-1);
+
+		case -1:
+			if (errno == EINTR)
+				continue;
+			ct->ct_error.re_status = RPC_CANTRECV;
+			ct->ct_error.re_errno = errno;
+			return (-1);
+		}
+		break;
+	}
+	switch (len = read(ct->ct_sock, buf, (size_t) len)) {
+
+	case 0:
+		/* premature eof */
+		ct->ct_error.re_errno = ECONNRESET;
+		ct->ct_error.re_status = RPC_CANTRECV;
+		len = -1;  /* it's really an error */
+		break;
+
+	case -1:
+		ct->ct_error.re_errno = errno;
+		ct->ct_error.re_status = RPC_CANTRECV;
+		break;
+	}
+	return (len);
+}
+
+static int
+writetcp(
+        char *ctptr,
+	caddr_t buf,
+	int len)
+{
+	struct ct_data *ct = (struct ct_data *)(void *)ctptr;
+	int i, cnt;
+
+	for (cnt = len; cnt > 0; cnt -= i, buf += i) {
+		if ((i = write(ct->ct_sock, buf, (size_t) cnt)) == -1) {
+			ct->ct_error.re_errno = errno;
+			ct->ct_error.re_status = RPC_CANTSEND;
+			return (-1);
+		}
+	}
+	return (len);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/clnt_udp.c b/krb5-1.21.3/src/lib/rpc/clnt_udp.c
new file mode 100644
index 00000000..2503a387
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/clnt_udp.c
@@ -0,0 +1,488 @@
+/* @(#)clnt_udp.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)clnt_udp.c 1.39 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * clnt_udp.c, Implements a UDP/IP based, client side RPC.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#if defined(sun)
+#include <sys/filio.h>
+#endif
+#include <netdb.h>
+#include <errno.h>
+#include <string.h>
+#include <gssrpc/pmap_clnt.h>
+#include <port-sockets.h>
+#include <errno.h>
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+/*
+ * UDP bases client side rpc operations
+ */
+static enum clnt_stat	clntudp_call(CLIENT *, rpcproc_t, xdrproc_t, void *,
+				     xdrproc_t, void *, struct timeval);
+static void		clntudp_abort(CLIENT *);
+static void		clntudp_geterr(CLIENT *, struct rpc_err *);
+static bool_t		clntudp_freeres(CLIENT *, xdrproc_t, void *);
+static bool_t           clntudp_control(CLIENT *, int, void *);
+static void		clntudp_destroy(CLIENT *);
+
+static struct clnt_ops udp_ops = {
+	clntudp_call,
+	clntudp_abort,
+	clntudp_geterr,
+	clntudp_freeres,
+	clntudp_destroy,
+	clntudp_control
+};
+
+/*
+ * Private data kept per client handle
+ */
+struct cu_data {
+        SOCKET             cu_sock;
+	bool_t		   cu_closeit;
+	struct sockaddr_in cu_raddr;
+	int		   cu_rlen;
+	struct sockaddr_in cu_laddr;
+        GETSOCKNAME_ARG3_TYPE  cu_llen;
+	struct timeval	   cu_wait;
+	struct timeval     cu_total;
+	struct rpc_err	   cu_error;
+	XDR		   cu_outxdrs;
+	u_int		   cu_xdrpos;
+	u_int		   cu_sendsz;
+	char		   *cu_outbuf;
+	u_int		   cu_recvsz;
+	char		   cu_inbuf[1];
+};
+
+/*
+ * Create a UDP based client handle.
+ * If *sockp<0, *sockp is set to a newly created UPD socket.
+ * If raddr->sin_port is 0 a binder on the remote machine
+ * is consulted for the correct port number.
+ * NB: It is the clients responsibility to close *sockp.
+ * NB: The rpch->cl_auth is initialized to null authentication.
+ *     Caller may wish to set this something more useful.
+ *
+ * wait is the amount of time used between retransmitting a call if
+ * no response has been heard;  retransmission occurs until the actual
+ * rpc call times out.
+ *
+ * sendsz and recvsz are the maximum allowable packet sizes that can be
+ * sent and received.
+ */
+CLIENT *
+clntudp_bufcreate(
+	struct sockaddr_in *raddr,
+	rpcprog_t program,
+	rpcvers_t version,
+	struct timeval wait,
+	int *sockp,
+	u_int sendsz,
+	u_int recvsz)
+{
+	CLIENT *cl;
+	struct cu_data *cu = 0;
+	struct timeval now;
+	struct rpc_msg call_msg;
+
+	cl = (CLIENT *)mem_alloc(sizeof(CLIENT));
+	if (cl == NULL) {
+		(void) fprintf(stderr, "clntudp_create: out of memory\n");
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = errno;
+		goto fooy;
+	}
+	sendsz = ((sendsz + 3) / 4) * 4;
+	recvsz = ((recvsz + 3) / 4) * 4;
+	cu = (struct cu_data *)mem_alloc(sizeof(*cu) + sendsz + recvsz);
+	if (cu == NULL) {
+		(void) fprintf(stderr, "clntudp_create: out of memory\n");
+		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+		rpc_createerr.cf_error.re_errno = errno;
+		goto fooy;
+	}
+	cu->cu_outbuf = &cu->cu_inbuf[recvsz];
+
+	(void)gettimeofday(&now, (struct timezone *)0);
+	if (raddr->sin_port == 0) {
+		u_short port;
+		if ((port =
+		    pmap_getport(raddr, program, version, IPPROTO_UDP)) == 0) {
+			goto fooy;
+		}
+		raddr->sin_port = htons(port);
+	}
+	cl->cl_ops = &udp_ops;
+	cl->cl_private = (caddr_t)cu;
+	cu->cu_raddr = *raddr;
+	cu->cu_rlen = sizeof (cu->cu_raddr);
+	cu->cu_wait = wait;
+	cu->cu_total.tv_sec = -1;
+	cu->cu_total.tv_usec = -1;
+	cu->cu_sendsz = sendsz;
+	cu->cu_recvsz = recvsz;
+	call_msg.rm_xid = getpid() ^ now.tv_sec ^ now.tv_usec;
+	call_msg.rm_direction = CALL;
+	call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
+	call_msg.rm_call.cb_prog = program;
+	call_msg.rm_call.cb_vers = version;
+	xdrmem_create(&(cu->cu_outxdrs), cu->cu_outbuf,
+	    sendsz, XDR_ENCODE);
+	if (! xdr_callhdr(&(cu->cu_outxdrs), &call_msg)) {
+		goto fooy;
+	}
+	cu->cu_xdrpos = XDR_GETPOS(&(cu->cu_outxdrs));
+	if (*sockp < 0) {
+		int dontblock = 1;
+
+		*sockp = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+		if (*sockp < 0) {
+			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
+			rpc_createerr.cf_error.re_errno = errno;
+			goto fooy;
+		}
+		/* attempt to bind to prov port */
+		(void)bindresvport_sa(*sockp, NULL);
+		/* the sockets rpc controls are non-blocking */
+		(void)ioctl(*sockp, FIONBIO, (char *) &dontblock);
+		cu->cu_closeit = TRUE;
+	} else {
+		cu->cu_closeit = FALSE;
+	}
+	if (connect(*sockp, (struct sockaddr *)raddr, sizeof(*raddr)) < 0)
+	     goto fooy;
+	cu->cu_llen = sizeof(cu->cu_laddr);
+	if (getsockname(*sockp, (struct sockaddr *)&cu->cu_laddr, &cu->cu_llen) < 0)
+	     goto fooy;
+
+	cu->cu_sock = *sockp;
+	cl->cl_auth = authnone_create();
+	return (cl);
+fooy:
+	if (cu)
+		mem_free((caddr_t)cu, sizeof(*cu) + sendsz + recvsz);
+	if (cl)
+		mem_free((caddr_t)cl, sizeof(CLIENT));
+	return ((CLIENT *)NULL);
+}
+
+CLIENT *
+clntudp_create(
+	struct sockaddr_in *raddr,
+	rpcprog_t program,
+	rpcvers_t version,
+	struct timeval wait,
+	int *sockp)
+{
+
+	return(clntudp_bufcreate(raddr, program, version, wait, sockp,
+	    UDPMSGSIZE, UDPMSGSIZE));
+}
+
+static enum clnt_stat
+clntudp_call(
+	CLIENT	*cl,			/* client handle */
+	rpcproc_t	proc,		/* procedure number */
+	xdrproc_t	xargs,		/* xdr routine for args */
+	void *		argsp,		/* pointer to args */
+	xdrproc_t	xresults,	/* xdr routine for results */
+	void *		resultsp,	/* pointer to results */
+	struct timeval	utimeout	/* seconds to wait before
+					 * giving up */
+	)
+{
+	struct cu_data *cu = (struct cu_data *)cl->cl_private;
+	XDR *xdrs;
+	int outlen;
+	ssize_t inlen;
+	GETSOCKNAME_ARG3_TYPE fromlen; /* Assumes recvfrom uses same type */
+#ifdef FD_SETSIZE
+	fd_set readfds;
+	fd_set mask;
+#else
+	int readfds;
+	int mask;
+#endif /* def FD_SETSIZE */
+	struct sockaddr_in from;
+	struct rpc_msg reply_msg;
+	XDR reply_xdrs;
+	struct timeval time_waited, seltimeout;
+	bool_t ok;
+	int nrefreshes = 2;	/* number of times to refresh cred */
+	struct timeval timeout;
+	long procl = proc;
+
+	if (cu->cu_total.tv_usec == -1) {
+		timeout = utimeout;     /* use supplied timeout */
+	} else {
+		timeout = cu->cu_total; /* use default timeout */
+	}
+
+	time_waited.tv_sec = 0;
+	time_waited.tv_usec = 0;
+call_again:
+	xdrs = &(cu->cu_outxdrs);
+	xdrs->x_op = XDR_ENCODE;
+	XDR_SETPOS(xdrs, cu->cu_xdrpos);
+	/*
+	 * the transaction is the first thing in the out buffer
+	 */
+	(*(uint32_t *)(void *)(cu->cu_outbuf))++;
+	if ((! XDR_PUTLONG(xdrs, &procl)) ||
+	    (! AUTH_MARSHALL(cl->cl_auth, xdrs)) ||
+	    (! AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp)))
+		return (cu->cu_error.re_status = RPC_CANTENCODEARGS);
+	outlen = (int)XDR_GETPOS(xdrs);
+
+send_again:
+	if (send(cu->cu_sock, cu->cu_outbuf, (u_int)outlen, 0) != outlen) {
+		cu->cu_error.re_errno = errno;
+		return (cu->cu_error.re_status = RPC_CANTSEND);
+	}
+
+	/*
+	 * Hack to provide rpc-based message passing
+	 */
+	if (timeout.tv_sec == 0 && timeout.tv_usec == 0) {
+		return (cu->cu_error.re_status = RPC_TIMEDOUT);
+	}
+	/*
+	 * sub-optimal code appears here because we have
+	 * some clock time to spare while the packets are in flight.
+	 * (We assume that this is actually only executed once.)
+	 */
+	reply_msg.acpted_rply.ar_verf = gssrpc__null_auth;
+	reply_msg.acpted_rply.ar_results.where = NULL;
+	reply_msg.acpted_rply.ar_results.proc = xdr_void;
+#ifdef FD_SETSIZE
+	FD_ZERO(&mask);
+	FD_SET(cu->cu_sock, &mask);
+#else
+	mask = 1 << cu->cu_sock;
+#endif /* def FD_SETSIZE */
+	for (;;) {
+		readfds = mask;
+		seltimeout = cu->cu_wait;
+		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL,
+			       (fd_set *)NULL, &seltimeout)) {
+
+		case 0:
+			time_waited.tv_sec += cu->cu_wait.tv_sec;
+			time_waited.tv_usec += cu->cu_wait.tv_usec;
+			while (time_waited.tv_usec >= 1000000) {
+				time_waited.tv_sec++;
+				time_waited.tv_usec -= 1000000;
+			}
+			if ((time_waited.tv_sec < timeout.tv_sec) ||
+				((time_waited.tv_sec == timeout.tv_sec) &&
+				(time_waited.tv_usec < timeout.tv_usec)))
+				goto send_again;
+			return (cu->cu_error.re_status = RPC_TIMEDOUT);
+
+		/*
+		 * buggy in other cases because time_waited is not being
+		 * updated.
+		 */
+		case -1:
+			if (errno == EINTR)
+				continue;
+			cu->cu_error.re_errno = errno;
+			return (cu->cu_error.re_status = RPC_CANTRECV);
+		}
+		do {
+			fromlen = sizeof(struct sockaddr);
+			inlen = recvfrom(cu->cu_sock, cu->cu_inbuf,
+				cu->cu_recvsz, 0,
+				(struct sockaddr *)&from, &fromlen);
+		} while (inlen < 0 && errno == EINTR);
+		if (inlen < 0) {
+			if (errno == EWOULDBLOCK)
+				continue;
+			cu->cu_error.re_errno = errno;
+			return (cu->cu_error.re_status = RPC_CANTRECV);
+		}
+		if ((size_t)inlen < sizeof(uint32_t))
+			continue;
+		/* see if reply transaction id matches sent id */
+		if (*((uint32_t *)(void *)(cu->cu_inbuf)) !=
+		    *((uint32_t *)(void *)(cu->cu_outbuf)))
+			continue;
+		/* we now assume we have the proper reply */
+		break;
+	}
+
+	/*
+	 * now decode and validate the response
+	 */
+	xdrmem_create(&reply_xdrs, cu->cu_inbuf, (u_int)inlen, XDR_DECODE);
+	ok = xdr_replymsg(&reply_xdrs, &reply_msg);
+	/* XDR_DESTROY(&reply_xdrs);  save a few cycles on noop destroy */
+	if (ok) {
+		gssrpc__seterr_reply(&reply_msg, &(cu->cu_error));
+		if (cu->cu_error.re_status == RPC_SUCCESS) {
+			if (! AUTH_VALIDATE(cl->cl_auth,
+				&reply_msg.acpted_rply.ar_verf)) {
+				cu->cu_error.re_status = RPC_AUTHERROR;
+				cu->cu_error.re_why = AUTH_INVALIDRESP;
+			} else if (! AUTH_UNWRAP(cl->cl_auth, &reply_xdrs,
+						 xresults, resultsp)) {
+			     if (cu->cu_error.re_status == RPC_SUCCESS)
+				  cu->cu_error.re_status = RPC_CANTDECODERES;
+			}
+		}  /* end successful completion */
+		else {
+			/* maybe our credentials need to be refreshed ... */
+			if (nrefreshes > 0 &&
+			    AUTH_REFRESH(cl->cl_auth, &reply_msg)) {
+				nrefreshes--;
+				goto call_again;
+			}
+		}  /* end of unsuccessful completion */
+		/* free verifier */
+		if ((reply_msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
+		    (reply_msg.acpted_rply.ar_verf.oa_base != NULL)) {
+		    xdrs->x_op = XDR_FREE;
+		    (void)xdr_opaque_auth(xdrs,
+					  &(reply_msg.acpted_rply.ar_verf));
+		}
+	}  /* end of valid reply message */
+	else {
+		/*
+		 * It's possible for xdr_replymsg() to fail partway
+		 * through its attempt to decode the result from the
+		 * server. If this happens, it will leave the reply
+		 * structure partially populated with dynamically
+		 * allocated memory. (This can happen if someone uses
+		 * clntudp_bufcreate() to create a CLIENT handle and
+		 * specifies a receive buffer size that is too small.)
+		 * This memory must be free()ed to avoid a leak.
+		 */
+		enum xdr_op op = reply_xdrs.x_op;
+		reply_xdrs.x_op = XDR_FREE;
+		xdr_replymsg(&reply_xdrs, &reply_msg);
+		reply_xdrs.x_op = op;
+		cu->cu_error.re_status = RPC_CANTDECODERES;
+	}
+	return (cu->cu_error.re_status);
+}
+
+static void
+clntudp_geterr(
+	CLIENT *cl,
+	struct rpc_err *errp)
+{
+	struct cu_data *cu = (struct cu_data *)cl->cl_private;
+
+	*errp = cu->cu_error;
+}
+
+
+static bool_t
+clntudp_freeres(
+	CLIENT *cl,
+	xdrproc_t xdr_res,
+	void *res_ptr)
+{
+	struct cu_data *cu = cl->cl_private;
+	XDR *xdrs = &cu->cu_outxdrs;
+
+	xdrs->x_op = XDR_FREE;
+	return ((*xdr_res)(xdrs, res_ptr));
+}
+
+
+/*ARGSUSED*/
+static void
+clntudp_abort(CLIENT *h)
+{
+}
+
+static bool_t
+clntudp_control(
+	CLIENT *cl,
+	int request,
+	void *info)
+{
+	struct cu_data *cu = cl->cl_private;
+
+	switch (request) {
+	case CLSET_TIMEOUT:
+		cu->cu_total = *(struct timeval *)info;
+		break;
+	case CLGET_TIMEOUT:
+		*(struct timeval *)info = cu->cu_total;
+		break;
+	case CLSET_RETRY_TIMEOUT:
+		cu->cu_wait = *(struct timeval *)info;
+		break;
+	case CLGET_RETRY_TIMEOUT:
+		*(struct timeval *)info = cu->cu_wait;
+		break;
+	case CLGET_SERVER_ADDR:
+		*(struct sockaddr_in *)info = cu->cu_raddr;
+		break;
+	case CLGET_LOCAL_ADDR:
+		*(struct sockaddr_in *)info = cu->cu_laddr;
+		break;
+	default:
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+static void
+clntudp_destroy(CLIENT *cl)
+{
+	struct cu_data *cu = (struct cu_data *)cl->cl_private;
+
+	if (cu->cu_closeit)
+                (void)closesocket(cu->cu_sock);
+	XDR_DESTROY(&(cu->cu_outxdrs));
+	mem_free((caddr_t)cu, (sizeof(*cu) + cu->cu_sendsz + cu->cu_recvsz));
+	mem_free((caddr_t)cl, sizeof(CLIENT));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/deps b/krb5-1.21.3/src/lib/rpc/deps
new file mode 100644
index 00000000..f57b831d
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/deps
@@ -0,0 +1,329 @@
+#
+# Generated makefile dependencies follow.
+#
+auth_none.so auth_none.po $(OUTPRE)auth_none.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  auth_none.c
+auth_unix.so auth_unix.po $(OUTPRE)auth_unix.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  auth_unix.c
+authgss_prot.so authgss_prot.po $(OUTPRE)authgss_prot.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  authgss_prot.c
+authunix_prot.so authunix_prot.po $(OUTPRE)authunix_prot.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h authunix_prot.c
+auth_gss.so auth_gss.po $(OUTPRE)auth_gss.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h auth_gss.c
+auth_gssapi.so auth_gssapi.po $(OUTPRE)auth_gssapi.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h auth_gssapi.c gssrpcint.h
+auth_gssapi_misc.so auth_gssapi_misc.po $(OUTPRE)auth_gssapi_misc.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_gssapi.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h auth_gssapi_misc.c \
+  gssrpcint.h
+bindresvport.so bindresvport.po $(OUTPRE)bindresvport.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h bindresvport.c
+clnt_generic.so clnt_generic.po $(OUTPRE)clnt_generic.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h clnt_generic.c
+clnt_perror.so clnt_perror.po $(OUTPRE)clnt_perror.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  clnt_perror.c
+clnt_raw.so clnt_raw.po $(OUTPRE)clnt_raw.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  clnt_raw.c
+clnt_simple.so clnt_simple.po $(OUTPRE)clnt_simple.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/port-sockets.h \
+  clnt_simple.c
+clnt_tcp.so clnt_tcp.po $(OUTPRE)clnt_tcp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/port-sockets.h clnt_tcp.c
+clnt_udp.so clnt_udp.po $(OUTPRE)clnt_udp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/port-sockets.h clnt_udp.c
+dyn.so dyn.po $(OUTPRE)dyn.$(OBJEXT): dyn.c dyn.h dynP.h
+rpc_dtablesize.so rpc_dtablesize.po $(OUTPRE)rpc_dtablesize.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  rpc_dtablesize.c
+get_myaddress.so get_myaddress.po $(OUTPRE)get_myaddress.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h get_myaddress.c
+getrpcport.so getrpcport.po $(OUTPRE)getrpcport.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  getrpcport.c
+pmap_clnt.so pmap_clnt.po $(OUTPRE)pmap_clnt.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  pmap_clnt.c
+pmap_getmaps.so pmap_getmaps.po $(OUTPRE)pmap_getmaps.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  pmap_getmaps.c
+pmap_getport.so pmap_getport.po $(OUTPRE)pmap_getport.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  pmap_getport.c
+pmap_prot.so pmap_prot.po $(OUTPRE)pmap_prot.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  pmap_prot.c
+pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  pmap_prot2.c
+pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_prot.h $(top_srcdir)/include/gssrpc/pmap_rmt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pmap_rmt.c
+rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  rpc_prot.c
+rpc_commondata.so rpc_commondata.po $(OUTPRE)rpc_commondata.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  rpc_commondata.c
+rpc_callmsg.so rpc_callmsg.po $(OUTPRE)rpc_callmsg.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  rpc_callmsg.c
+svc.so svc.po $(OUTPRE)svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc.c
+svc_auth.so svc_auth.po $(OUTPRE)svc_auth.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  svc_auth.c
+svc_auth_gss.so svc_auth_gss.po $(OUTPRE)svc_auth_gss.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_gssapi.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h svc_auth_gss.c
+svc_auth_none.so svc_auth_none.po $(OUTPRE)svc_auth_none.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  svc_auth_none.c
+svc_auth_unix.so svc_auth_unix.po $(OUTPRE)svc_auth_unix.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  svc_auth_unix.c
+svc_auth_gssapi.so svc_auth_gssapi.po $(OUTPRE)svc_auth_gssapi.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h gssrpcint.h svc_auth_gssapi.c
+svc_raw.so svc_raw.po $(OUTPRE)svc_raw.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc_raw.c
+svc_run.so svc_run.po $(OUTPRE)svc_run.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc_run.c
+svc_simple.so svc_simple.po $(OUTPRE)svc_simple.$(OBJEXT): \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc_simple.c
+svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  svc_tcp.c
+svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  svc_udp.c
+xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  xdr.c
+xdr_array.so xdr_array.po $(OUTPRE)xdr_array.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_array.c
+xdr_float.so xdr_float.po $(OUTPRE)xdr_float.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_float.c
+xdr_mem.so xdr_mem.po $(OUTPRE)xdr_mem.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  xdr_mem.c
+xdr_rec.so xdr_rec.po $(OUTPRE)xdr_rec.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  xdr_rec.c
+xdr_reference.so xdr_reference.po $(OUTPRE)xdr_reference.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_reference.c
+xdr_stdio.so xdr_stdio.po $(OUTPRE)xdr_stdio.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_stdio.c
+xdr_sizeof.so xdr_sizeof.po $(OUTPRE)xdr_sizeof.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_sizeof.c
+xdr_alloc.so xdr_alloc.po $(OUTPRE)xdr_alloc.$(OBJEXT): \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h dyn.h xdr_alloc.c
diff --git a/krb5-1.21.3/src/lib/rpc/dyn.c b/krb5-1.21.3/src/lib/rpc/dyn.c
new file mode 100644
index 00000000..bce1fd2a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/dyn.c
@@ -0,0 +1,555 @@
+/*
+ * This file is the collected implementation of libdyn.a, the C
+ * Dynamic Object library.  It contains everything.
+ *
+ * There are no restrictions on this code; however, if you make any
+ * changes, I request that you document them so that I do not get
+ * credit or blame for your modifications.
+ *
+ * Written by Barr3y Jaspan, Student Information Processing Board (SIPB)
+ * and MIT-Project Athena, 1989.
+ *
+ * 2002-07-17 Collected full implementation into one source file for
+ *            easy inclusion into the one library still dependent on
+ *            libdyn.  Assume memmove.  Old ChangeLog appended.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "dynP.h"
+
+
+/* old dyn_append.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynAppend().
+ */
+
+/*
+ * Made obsolete by DynInsert, now just a convenience function.
+ */
+int DynAppend(obj, els, num)
+   DynObjectP obj;
+   DynPtr els;
+   int num;
+{
+     return DynInsert(obj, DynSize(obj), els, num);
+}
+
+
+/* old dyn_create.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the functions DynCreate() and
+ * DynDestroy().
+ */
+
+#ifndef DEFAULT_INC
+#define DEFAULT_INC	100
+#endif
+
+static int default_increment = DEFAULT_INC;
+
+DynObjectP DynCreate(el_size, inc)
+   int	el_size, inc;
+{
+     DynObjectP obj;
+
+     obj = (DynObjectP) malloc(sizeof(DynObjectRecP));
+     if (obj == NULL)
+	  return NULL;
+
+     obj->array = (DynPtr) malloc(1);
+     if (obj->array == NULL) {
+	 free(obj);
+	 return NULL;
+     }
+     obj->array[0] = '\0';
+
+     obj->el_size = el_size;
+     obj->num_el = obj->size = 0;
+     obj->debug = obj->paranoid = 0;
+     obj->inc = (inc) ? inc : default_increment;
+     obj->initzero = 0;
+
+     return obj;
+}
+
+DynObjectP DynCopy(obj)
+   DynObjectP obj;
+{
+     DynObjectP obj1;
+
+     obj1 = (DynObjectP) malloc(sizeof(DynObjectRecP));
+     if (obj1 == NULL)
+	  return NULL;
+
+     obj1->el_size = obj->el_size;
+     obj1->num_el = obj->num_el;
+     obj1->size = obj->size;
+     obj1->inc = obj->inc;
+     obj1->debug = obj->debug;
+     obj1->paranoid = obj->paranoid;
+     obj1->initzero = obj->initzero;
+     obj1->array = (char *) malloc((size_t) (obj1->el_size * obj1->size));
+     if (obj1->array == NULL) {
+	  free(obj1);
+	  return NULL;
+     }
+     memcpy(obj1->array, obj->array,
+	    (size_t) (obj1->el_size * obj1->size));
+
+     return obj1;
+}
+
+int DynDestroy(obj)
+     /*@only@*/DynObjectP obj;
+{
+     if (obj->paranoid) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: destroy: zeroing %d bytes from %p.\n",
+		       obj->el_size * obj->size, obj->array);
+	  memset(obj->array, 0, (size_t) (obj->el_size * obj->size));
+     }
+     free(obj->array);
+     free(obj);
+     return DYN_OK;
+}
+
+int DynRelease(obj)
+   DynObjectP obj;
+{
+     if (obj->debug)
+	  fprintf(stderr, "dyn: release: freeing object structure.\n");
+     free(obj);
+     return DYN_OK;
+}
+
+
+/* old dyn_debug.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynDebug().
+ */
+
+int DynDebug(obj, state)
+   DynObjectP obj;
+   int state;
+{
+     obj->debug = state;
+
+     fprintf(stderr, "dyn: debug: Debug state set to %d.\n", state);
+     return DYN_OK;
+}
+
+
+/* old dyn_delete.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynDelete().
+ */
+
+/*
+ * Checkers!  Get away from that "hard disk erase" button!
+ *    (Stupid dog.  He almost did it to me again ...)
+ */
+int DynDelete(obj, idx)
+   DynObjectP obj;
+   int idx;
+{
+     if (idx < 0) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: delete: bad index %d\n", idx);
+	  return DYN_BADINDEX;
+     }
+
+     if (idx >= obj->num_el) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: delete: Highest index is %d.\n",
+		       obj->num_el);
+	  return DYN_BADINDEX;
+     }
+
+     if (idx == obj->num_el-1) {
+	  if (obj->paranoid) {
+	       if (obj->debug)
+		    fprintf(stderr, "dyn: delete: last element, zeroing.\n");
+	       memset(obj->array + idx*obj->el_size, 0, (size_t) obj->el_size);
+	  }
+	  else {
+	       if (obj->debug)
+		    fprintf(stderr, "dyn: delete: last element, punting.\n");
+	  }
+     }
+     else {
+	  if (obj->debug)
+	       fprintf(stderr,
+		       "dyn: delete: copying %d bytes from %p + %d to + %d.\n",
+		       obj->el_size*(obj->num_el - idx), obj->array,
+		       (idx+1)*obj->el_size, idx*obj->el_size);
+
+	  memmove(obj->array + idx*obj->el_size,
+		  obj->array + (idx+1)*obj->el_size,
+		  (size_t) obj->el_size*(obj->num_el - idx));
+	  if (obj->paranoid) {
+	       if (obj->debug)
+		    fprintf(stderr,
+			    "dyn: delete: zeroing %d bytes from %p + %d\n",
+			    obj->el_size, obj->array,
+			    obj->el_size*(obj->num_el - 1));
+	       memset(obj->array + obj->el_size*(obj->num_el - 1), 0,
+		     (size_t) obj->el_size);
+	  }
+     }
+
+     --obj->num_el;
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: delete: done.\n");
+
+     return DYN_OK;
+}
+
+
+/* old dyn_initzero.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynInitZero().
+ */
+
+int DynInitzero(obj, state)
+   DynObjectP obj;
+   int state;
+{
+     obj->initzero = state;
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: initzero: initzero set to %d.\n", state);
+     return DYN_OK;
+}
+
+
+/* old dyn_insert.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynInsert().
+ */
+
+int DynInsert(obj, idx, els_in, num)
+   DynObjectP obj;
+   void *els_in;
+   int idx, num;
+{
+     DynPtr els = (DynPtr) els_in;
+     int ret;
+
+     if (idx < 0 || idx > obj->num_el) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: insert: index %d is not in [0,%d]\n",
+		       idx, obj->num_el);
+	  return DYN_BADINDEX;
+     }
+
+     if (num < 1) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: insert: cannot insert %d elements\n",
+		       num);
+	  return DYN_BADVALUE;
+     }
+
+     if (obj->debug)
+	  fprintf(stderr,"dyn: insert: Moving %d bytes from %p + %d to + %d\n",
+		  (obj->num_el-idx)*obj->el_size, obj->array,
+		  obj->el_size*idx, obj->el_size*(idx+num));
+
+     if ((ret = _DynResize(obj, obj->num_el + num)) != DYN_OK)
+	  return ret;
+     memmove(obj->array + obj->el_size*(idx + num),
+	     obj->array + obj->el_size*idx,
+	     (size_t) ((obj->num_el-idx)*obj->el_size));
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: insert: Copying %d bytes from %p to %p + %d\n",
+		  obj->el_size*num, els, obj->array, obj->el_size*idx);
+
+     memmove(obj->array + obj->el_size*idx, els, (size_t) (obj->el_size*num));
+     obj->num_el += num;
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: insert: done.\n");
+
+     return DYN_OK;
+}
+
+
+/* old dyn_paranoid.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynDebug().
+ */
+
+int DynParanoid(obj, state)
+   DynObjectP obj;
+   int state;
+{
+     obj->paranoid = state;
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: paranoid: Paranoia set to %d.\n", state);
+     return DYN_OK;
+}
+
+
+/* old dyn_put.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the functions DynGet() and DynAdd().
+ */
+
+DynPtr DynArray(obj)
+   DynObjectP obj;
+{
+     if (obj->debug)
+	  fprintf(stderr, "dyn: array: returning array pointer %p.\n",
+		  obj->array);
+
+     return obj->array;
+}
+
+DynPtr DynGet(obj, num)
+   DynObjectP obj;
+   int num;
+{
+     if (num < 0) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: get: bad index %d\n", num);
+	  return NULL;
+     }
+
+     if (num >= obj->num_el) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: get: highest element is %d.\n",
+		       obj->num_el);
+	  return NULL;
+     }
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: get: Returning address %p + %d.\n",
+		  obj->array, obj->el_size*num);
+
+     return (DynPtr) obj->array + obj->el_size*num;
+}
+
+int DynAdd(obj, el)
+   DynObjectP obj;
+   void *el;
+{
+     int	ret;
+
+     ret = DynPut(obj, el, obj->num_el);
+     if (ret != DYN_OK)
+	  return ret;
+
+     ++obj->num_el;
+     return ret;
+}
+
+/*
+ * WARNING!  There is a reason this function is not documented in the
+ * man page.  If DynPut used to mutate already existing elements,
+ * everything will go fine.  If it is used to add new elements
+ * directly, however, the state within the object (such as
+ * obj->num_el) will not be updated properly and many other functions
+ * in the library will lose.  Have a nice day.
+ */
+int DynPut(obj, el_in, idx)
+   DynObjectP obj;
+   void *el_in;
+   int idx;
+{
+     DynPtr el = (DynPtr) el_in;
+     int ret;
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: put: Writing %d bytes from %p to %p + %d\n",
+		  obj->el_size, el, obj->array, idx*obj->el_size);
+
+     if ((ret = _DynResize(obj, idx)) != DYN_OK)
+	  return ret;
+
+     memmove(obj->array + idx*obj->el_size, el, (size_t) obj->el_size);
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: put: done.\n");
+
+     return DYN_OK;
+}
+
+
+/* old dyn_realloc.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the internal function _DynRealloc().
+ */
+
+/*
+ * Resize the array so that element req exists.
+ */
+int _DynResize(obj, req)
+   DynObjectP obj;
+   int req;
+{
+     int size;
+
+     if (obj->size > req)
+	  return DYN_OK;
+     else if (obj->inc > 0)
+	  return _DynRealloc(obj, (req - obj->size) / obj->inc + 1);
+     else {
+	  if (obj->size == 0)
+	       size = -obj->inc;
+	  else
+	       size = obj->size;
+
+	  /*@-shiftsigned@*/
+	  while (size <= req)
+	       size <<= 1;
+	  /*@=shiftsigned@*/
+
+	  return _DynRealloc(obj, size);
+     }
+}
+
+/*
+ * Resize the array by num_incs units.  If obj->inc is positive, this
+ * means make it obj->inc*num_incs elements larger.  If obj->inc is
+ * negative, this means make the array num_incs elements long.
+ *
+ * Ideally, this function should not be called from outside the
+ * library.  However, nothing will break if it is.
+ */
+int _DynRealloc(obj, num_incs)
+   DynObjectP obj;
+   int num_incs;
+{
+     DynPtr temp;
+     int new_size_in_bytes;
+
+     if (obj->inc > 0)
+	  new_size_in_bytes = obj->el_size*(obj->size + obj->inc*num_incs);
+     else
+	  new_size_in_bytes = obj->el_size*num_incs;
+
+     if (obj->debug)
+	  fprintf(stderr,
+		  "dyn: alloc: Increasing object by %d bytes (%d incs).\n",
+		  new_size_in_bytes - obj->el_size*obj->size,
+		  num_incs);
+
+     temp = (DynPtr) realloc(obj->array, (size_t) new_size_in_bytes);
+     if (temp == NULL) {
+	  if (obj->debug)
+	       fprintf(stderr, "dyn: alloc: Out of memory.\n");
+	  return DYN_NOMEM;
+     }
+     else {
+	  obj->array = temp;
+	  if (obj->inc > 0)
+	       obj->size += obj->inc*num_incs;
+	  else
+	       obj->size = num_incs;
+     }
+
+     if (obj->debug)
+	  fprintf(stderr, "dyn: alloc: done.\n");
+
+     return DYN_OK;
+}
+
+
+/* old dyn_size.c */
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the source code for the function DynSize().
+ */
+
+int DynSize(obj)
+   DynObjectP obj;
+{
+     if (obj->debug)
+	  fprintf(stderr, "dyn: size: returning size %d.\n", obj->num_el);
+
+     return obj->num_el;
+}
+
+int DynCapacity(obj)
+   DynObjectP obj;
+{
+     if (obj->debug)
+	  fprintf(stderr, "dyn: capacity: returning cap of %d.\n", obj->size);
+
+     return obj->size;
+}
+
+/* Old change log, as it relates to source code; build system stuff
+   discarded.
+
+2001-10-09  Ken Raeburn  <raeburn@mit.edu>
+
+	* dyn.h, dynP.h: Make prototypes unconditional.  Don't define
+	P().
+
+2001-04-25  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn.h: Lclint annotate functions.
+
+	* dyn_create.c (DynCreate): Do not assume that malloc(0) is valid
+	and returns a valid pointer. Fix memory leak if malloc fails.
+
+	* dyn_realloc.c (_DynResize): Turn off warning of shifting a
+	signed variable.
+
+Thu Nov  9 15:31:31 2000  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn_create.c (DynCopy): Arguments to memcpy were reversed. Found
+ 	while playing with lclint.
+
+2000-11-09  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn_create.c, dyn_delete.c, dyn_insert.c, dyn_put.c,
+	dyn_realloc.c: Cast arguments to malloc(), realloc(), memmove() to
+	size_t.
+
+	* dynP.h: Provide full prototypes for _DynRealloc() and _DynResize().
+
+	* dyn.h: Add prototype for DynAppend.
+
+2000-06-29  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn_insert.c, dyn_put.c: Include string.h for memmove prototype.
+
+2000-06-28  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn_create.c, dyn_delete.c, dyn_insert.c, dyn_put.c: Use %p
+	format for displaying pointers.
+
+2000-06-26  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn_realloc.c: Remove unused variable.
+
+Sat Dec  6 22:50:03 1997  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn_delete.c: Include <string.h>
+
+Mon Jul 22 21:37:52 1996  Ezra Peisach  <epeisach@mit.edu>
+
+	* dyn.h: If __STDC__ is not defined, generate prototypes implying
+		functions and not variables.
+
+Mon Jul 22 04:20:48 1996  Marc Horowitz  <marc@mit.edu>
+
+	* dyn_insert.c (DynInsert): what used to be #ifdef POSIX, should
+ 	be #ifdef HAVE_MEMMOVE
+*/
diff --git a/krb5-1.21.3/src/lib/rpc/dyn.h b/krb5-1.21.3/src/lib/rpc/dyn.h
new file mode 100644
index 00000000..2e3f3e51
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/dyn.h
@@ -0,0 +1,79 @@
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the public header file.
+ *
+ * There are no restrictions on this code; however, if you make any
+ * changes, I request that you document them so that I do not get
+ * credit or blame for your modifications.
+ *
+ * Written by Barr3y Jaspan, Student Information Processing Board (SIPB)
+ * and MIT-Project Athena, 1989.
+ *
+ * 2002-07-17 Moved here from util/dyn; for old changes see dyn.c.
+ *            Added macros to rename exposed symbols.  For newer changes
+ *            see ChangeLog in the current directory.
+ */
+
+
+/*
+ * dyn.h -- header file to be included by programs linking against
+ * libdyn.a.
+ */
+
+#ifndef _Dyn_h
+#define _Dyn_h
+
+typedef char *DynPtr;
+typedef struct _DynObject {
+     DynPtr	array;
+     int	el_size, num_el, size, inc;
+     int	debug, paranoid, initzero;
+} DynObjectRec, *DynObject;
+
+/* Function macros */
+#define DynHigh(obj)	(DynSize(obj) - 1)
+#define DynLow(obj)	(0)
+
+/* Return status codes */
+#define DYN_OK		-1000
+#define DYN_NOMEM	-1001
+#define DYN_BADINDEX	-1002
+#define DYN_BADVALUE	-1003
+
+#define DynCreate	gssrpcint_DynCreate
+#define DynDestroy	gssrpcint_DynDestroy
+#define DynRelease	gssrpcint_DynRelease
+#define DynAdd		gssrpcint_DynAdd
+#define DynPut		gssrpcint_DynPut
+#define DynInsert	gssrpcint_DynInsert
+#define DynGet		gssrpcint_DynGet
+#define DynArray	gssrpcint_DynArray
+#define DynSize		gssrpcint_DynSize
+#define DynCopy		gssrpcint_DynCopy
+#define DynDelete	gssrpcint_DynDelete
+#define DynDebug	gssrpcint_DynDebug
+#define DynParanoid	gssrpcint_DynParanoid
+#define DynInitzero	gssrpcint_DynInitzero
+#define DynCapacity	gssrpcint_DynCapacity
+#define DynAppend	gssrpcint_DynAppend
+
+/*@null@*//*@only@*/ DynObject DynCreate (int el_size, int inc);
+/*@null@*//*@only@*/ DynObject DynCopy (DynObject obj);
+int DynDestroy (/*@only@*/DynObject obj), DynRelease (DynObject obj);
+int DynAdd (DynObject obj, void *el);
+int DynPut (DynObject obj, void *el, int idx);
+int DynInsert (DynObject obj, int idx, /*@observer@*/void *els, int num);
+int DynDelete (DynObject obj, int idx);
+/*@dependent@*//*@null@*/ DynPtr DynGet (DynObject obj, int num);
+/*@observer@*/ DynPtr DynArray (DynObject obj);
+int DynDebug (DynObject obj, int state);
+int DynParanoid (DynObject obj, int state);
+int DynInitzero (DynObject obj, int state);
+int DynSize (DynObject obj);
+int DynCapacity (DynObject obj);
+int DynAppend (DynObject obj, DynPtr els, int num);
+
+#undef P
+
+#endif /* _Dyn_h */
+/* DO NOT ADD ANYTHING AFTER THIS #endif */
diff --git a/krb5-1.21.3/src/lib/rpc/dynP.h b/krb5-1.21.3/src/lib/rpc/dynP.h
new file mode 100644
index 00000000..462ce186
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/dynP.h
@@ -0,0 +1,50 @@
+/*
+ * This file is part of libdyn.a, the C Dynamic Object library.  It
+ * contains the private header file.
+ *
+ * There are no restrictions on this code; however, if you make any
+ * changes, I request that you document them so that I do not get
+ * credit or blame for your modifications.
+ *
+ * Written by Barr3y Jaspan, Student Information Processing Board (SIPB)
+ * and MIT-Project Athena, 1989.
+ */
+
+
+/*
+ * dynP.h -- private header file included by source files for libdyn.a.
+ */
+
+#ifndef _DynP_h
+#define _DynP_h
+
+#include "dyn.h"
+#ifdef USE_DBMALLOC
+#include <sys/stdtypes.h>
+#include <malloc.h>
+#endif
+
+/*
+ * Rep invariant:
+ * 1) el_size is the number of bytes per element in the object
+ * 2) num_el is the number of elements currently in the object.  It is
+ * one higher than the highest index at which an element lives.
+ * 3) size is the number of elements the object can hold without
+ * resizing.  num_el <= index.
+ * 4) inc is a multiple of the number of elements the object grows by
+ * each time it is reallocated.
+ */
+
+typedef struct _DynObject DynObjectRecP, *DynObjectP;
+
+#define _DynRealloc	gssrpcint_DynRealloc
+#define _DynResize	gssrpcint_DynResize
+
+/* Internal functions */
+int _DynRealloc (DynObjectP obj, int req),
+  _DynResize (DynObjectP obj, int req);
+
+#undef P
+
+#endif /* _DynP_h */
+/* DON'T ADD STUFF AFTER THIS #endif */
diff --git a/krb5-1.21.3/src/lib/rpc/dyntest.c b/krb5-1.21.3/src/lib/rpc/dyntest.c
new file mode 100644
index 00000000..5e68f614
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/dyntest.c
@@ -0,0 +1,216 @@
+/*
+ * This file is a (rather silly) demonstration of the use of the
+ * C Dynamic Object library.  It is a also reasonably thorough test
+ * of the library (except that it only tests it with one data size).
+ *
+ * There are no restrictions on this code; however, if you make any
+ * changes, I request that you document them so that I do not get
+ * credit or blame for your modifications.
+ *
+ * Written by Barr3y Jaspan, Student Information Processing Board (SIPB)
+ * and MIT-Project Athena, 1989.
+ *
+ * 2002-07-17 Moved here from util/dyn/test.c.  Older changes described
+ *            at end of file; for newer changes see ChangeLog.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef USE_DBMALLOC
+#include <sys/stdtypes.h>
+#include <malloc.h>
+#endif
+#include <stdlib.h>
+
+#include "dyn.h"
+
+static char random_string[] = "This is a random string.";
+static char insert1[] = "This will be put at the beginning.";
+static char insert2[] = "(parenthetical remark!) ";
+static char insert3[] = "  This follows the random string.";
+
+int
+main(argc, argv)
+/*@unused@*/int argc;
+/*@unused@*/char **argv;
+{
+     /*@-exitarg@*/
+     DynObject	obj;
+     int	i, s;
+     char	d, *data;
+
+#ifdef _DEBUG_MALLOC_INC
+     union dbmalloptarg arg;
+     unsigned long hist1, hist2, o_size, c_size;
+#endif
+
+#ifdef _DEBUG_MALLOC_INC
+     arg.i = 0;
+     dbmallopt(MALLOC_ZERO, &arg);
+     dbmallopt(MALLOC_REUSE, &arg);
+
+     o_size = malloc_inuse(&hist1);
+#endif
+
+     /*@+matchanyintegral@*/
+     obj = DynCreate(sizeof(char), -8);
+     if (! obj) {
+	  fprintf(stderr, "test: create failed.\n");
+	  exit(1);
+     }
+
+     if(DynDebug(obj, 1) != DYN_OK) {
+	  fprintf(stderr, "test: setting paranoid failed.\n");
+	  exit(1);
+     }
+     if(DynParanoid(obj, 1) != DYN_OK) {
+	  fprintf(stderr, "test: setting paranoid failed.\n");
+	  exit(1);
+     }
+
+
+     if ((DynGet(obj, -5) != NULL) ||
+	 (DynGet(obj, 0) != NULL) || (DynGet(obj, 1000) != NULL)) {
+	  fprintf(stderr, "test: Get did not fail when it should have.\n");
+	  exit(1);
+     }
+
+     if (DynDelete(obj, -1) != DYN_BADINDEX ||
+	 DynDelete(obj, 0) != DYN_BADINDEX ||
+	 DynDelete(obj, 100) != DYN_BADINDEX) {
+	  fprintf(stderr, "test: Delete did not fail when it should have.\n");
+	  exit(1);
+     }
+
+     printf("Size of empty object: %d\n", DynSize(obj));
+
+     for (i=0; i<14; i++) {
+	  d = (char) i;
+	  if (DynAdd(obj, &d) != DYN_OK) {
+	       fprintf(stderr, "test: Adding %d failed.\n", i);
+	       exit(1);
+	  }
+     }
+
+     if (DynAppend(obj, random_string, strlen(random_string)+1) != DYN_OK) {
+	  fprintf(stderr, "test: appending array failed.\n");
+	  exit(1);
+     }
+
+     if (DynDelete(obj, DynHigh(obj) / 2) != DYN_OK) {
+	  fprintf(stderr, "test: deleting element failed.\n");
+	  exit(1);
+     }
+
+     if (DynDelete(obj, DynHigh(obj) * 2) == DYN_OK) {
+	  fprintf(stderr, "test: delete should have failed here.\n");
+	  exit(1);
+     }
+
+     d = '\200';
+     if (DynAdd(obj, &d) != DYN_OK) {
+	  fprintf(stderr, "test: Adding %d failed.\n", i);
+	  exit(1);
+     }
+
+     data = (char *) DynGet(obj, 0);
+     if(data == NULL) {
+	 fprintf(stderr, "test: getting object 0 failed.\n");
+	 exit(1);
+     }
+     s = DynSize(obj);
+     for (i=0; i < s; i++)
+	  printf("Element %d is %d.\n", i, (int) data[i]);
+
+     data = (char *) DynGet(obj, 13);
+     if(data == NULL) {
+	 fprintf(stderr, "test: getting element 13 failed.\n");
+	 exit(1);
+     }
+     printf("Element 13 is %d.\n", (int) *data);
+
+     data = (char *) DynGet(obj, DynSize(obj));
+     if (data) {
+	  fprintf(stderr, "DynGet did not return NULL when it should have.\n");
+	  exit(1);
+     }
+
+     data = DynGet(obj, 14);
+     if(data == NULL) {
+	 fprintf(stderr, "test: getting element 13 failed.\n");
+	 exit(1);
+     }
+     printf("This should be the random string: \"%s\"\n", data);
+
+     if (DynInsert(obj, -1, "foo", 4) != DYN_BADINDEX ||
+	 DynInsert(obj, DynSize(obj) + 1, "foo", 4) != DYN_BADINDEX ||
+	 DynInsert(obj, 0, "foo", -1) != DYN_BADVALUE) {
+	  fprintf(stderr, "DynInsert did not fail when it should have.\n");
+	  exit(1);
+     }
+
+     if (DynInsert(obj, DynSize(obj) - 2, insert3, strlen(insert3) +
+		   1) != DYN_OK) {
+	  fprintf(stderr, "DynInsert to end failed.\n");
+	  exit(1);
+     }
+
+     if (DynInsert(obj, 19, insert2, strlen(insert2)) != DYN_OK) {
+	  fprintf(stderr, "DynInsert to middle failed.\n");
+	  exit(1);
+     }
+
+     if (DynInsert(obj, 0, insert1, strlen(insert1)+1) != DYN_OK) {
+	  fprintf(stderr, "DynInsert to start failed.\n");
+	  exit(1);
+     }
+
+     data = DynGet(obj, 14 + strlen(insert1) + 1);
+     if (data == NULL) {
+	  fprintf(stderr, "DynGet of 14+strelen(insert1) failed.\n");
+	  exit(1);
+
+     }
+     printf("A new random string: \"%s\"\n", data);
+
+     data = DynGet(obj, 0);
+     if (data == NULL) {
+	  fprintf(stderr, "DynGet of 0 failed.\n");
+	  exit(1);
+
+     }
+     printf("This was put at the beginning: \"%s\"\n", data);
+
+     if(DynDestroy(obj) != DYN_OK) {
+	  fprintf(stderr, "test: destroy failed.\n");
+	  exit(1);
+     }
+
+#ifdef _DEBUG_MALLOC_INC
+     c_size = malloc_inuse(&hist2);
+     if (o_size != c_size) {
+	  printf("\n\nIgnore a single unfreed malloc segment "
+		 "(stdout buffer).\n\n");
+	  malloc_list(2, hist1, hist2);
+     }
+#endif
+
+     printf("All tests pass\n");
+
+     return 0;
+}
+
+/* Old change log, as it relates to source code; build system stuff
+   discarded.
+
+2001-04-25  Ezra Peisach  <epeisach@mit.edu>
+
+	* test.c: Always include stdlib.h
+
+	* test.c: Check the return values of all library calls.
+
+2000-11-09  Ezra Peisach  <epeisach@mit.edu>
+
+	* test.c: Include string,h, stdlib.h.
+
+*/
diff --git a/krb5-1.21.3/src/lib/rpc/get_myaddress.c b/krb5-1.21.3/src/lib/rpc/get_myaddress.c
new file mode 100644
index 00000000..1108ea1b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/get_myaddress.c
@@ -0,0 +1,120 @@
+/* @(#)get_myaddress.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * get_myaddress.c
+ *
+ * Get client's IP address via ioctl.  This avoids using the yellowpages.
+ */
+
+#ifdef GSSAPI_KRB5
+#include <string.h>
+#include <gssrpc/types.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_prot.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <krb5.h>
+/*
+ * don't use gethostbyname, which would invoke yellow pages
+ */
+int
+get_myaddress(struct sockaddr_in *addr)
+{
+	memset(addr, 0, sizeof(*addr));
+	addr->sin_family = AF_INET;
+	addr->sin_port = htons(PMAPPORT);
+	addr->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+	return (0);
+}
+#else /* !GSSAPI_KRB5 */
+#include <gssrpc/types.h>
+#include <gssrpc/pmap_prot.h>
+#include <sys/socket.h>
+#if defined(sun)
+#include <sys/sockio.h>
+#endif
+#include <stdio.h>
+#ifdef OSF1
+#include <net/route.h>
+#include <sys/mbuf.h>
+#endif
+#include <net/if.h>
+#include <sys/ioctl.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+/*
+ * don't use gethostbyname, which would invoke yellow pages
+ */
+get_myaddress(struct sockaddr_in *addr)
+{
+	int s;
+	char buf[256 * sizeof (struct ifreq)];
+	struct ifconf ifc;
+	struct ifreq ifreq, *ifr;
+	int len;
+
+	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+	    perror("get_myaddress: socket");
+	    exit(1);
+	}
+	set_cloexec_fd(s);
+	ifc.ifc_len = sizeof (buf);
+	ifc.ifc_buf = buf;
+	if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0) {
+		perror("get_myaddress: ioctl (get interface configuration)");
+		exit(1);
+	}
+	ifr = ifc.ifc_req;
+	for (len = ifc.ifc_len; len; len -= sizeof ifreq) {
+		ifreq = *ifr;
+		if (ioctl(s, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
+			perror("get_myaddress: ioctl");
+			exit(1);
+		}
+		if ((ifreq.ifr_flags & IFF_UP) &&
+		    ifr->ifr_addr.sa_family == AF_INET) {
+			*addr = *((struct sockaddr_in *)&ifr->ifr_addr);
+			addr->sin_port = htons(PMAPPORT);
+			break;
+		}
+		ifr++;
+	}
+	(void) close(s);
+}
+#endif /* !GSSAPI_KRB5 */
diff --git a/krb5-1.21.3/src/lib/rpc/getrpcent.c b/krb5-1.21.3/src/lib/rpc/getrpcent.c
new file mode 100644
index 00000000..ad6793f0
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/getrpcent.c
@@ -0,0 +1,236 @@
+/* lib/rpc/getrpcent.c */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <netdb.h>
+#include <gssrpc/rpc.h>
+#include <string.h>
+#include <sys/socket.h>
+
+SETRPCENT_TYPE setrpcent (int);
+ENDRPCENT_TYPE endrpcent (void);
+
+/*
+ * Internet version.
+ */
+struct rpcdata {
+	FILE	*rpcf;
+	char	*current;
+	int	currentlen;
+	int	stayopen;
+#define	MAXALIASES	35
+	char	*rpc_aliases[MAXALIASES];
+	struct	rpcent rpc;
+	char	line[BUFSIZ+1];
+	char	*domain;
+} *rpcdata;
+static struct rpcdata *get_rpcdata();
+
+static	struct rpcent *interpret();
+struct	hostent *gethostent();
+
+static char RPCDB[] = "/etc/rpc";
+
+static struct rpcdata *
+get_rpcdata(void)
+{
+	struct rpcdata *d = rpcdata;
+
+	if (d == 0) {
+		d = (struct rpcdata *)calloc(1, sizeof (struct rpcdata));
+		rpcdata = d;
+	}
+	return (d);
+}
+
+struct rpcent *
+getrpcbynumber(int number)
+{
+	struct rpcdata *d = get_rpcdata();
+	struct rpcent *p;
+	int reason;
+	char adrstr[16], *val = NULL;
+	int vallen;
+
+	if (d == 0)
+		return (0);
+	setrpcent(0);
+	while (p = getrpcent()) {
+		if (p->r_number == number)
+			break;
+	}
+	endrpcent();
+	return (p);
+}
+
+struct rpcent *
+getrpcbyname(const char *name)
+{
+	struct rpcent *rpc;
+	char **rp;
+
+	setrpcent(0);
+	while(rpc = getrpcent()) {
+		if (strcmp(rpc->r_name, name) == 0)
+			return (rpc);
+		for (rp = rpc->r_aliases; *rp != NULL; rp++) {
+			if (strcmp(*rp, name) == 0)
+				return (rpc);
+		}
+	}
+	endrpcent();
+	return (NULL);
+}
+
+SETRPCENT_TYPE setrpcent(int f)
+{
+	struct rpcdata *d = _rpcdata();
+
+	if (d == 0)
+		return;
+	if (d->rpcf == NULL) {
+		d->rpcf = fopen(RPCDB, "r");
+		if (d->rpcf)
+		    set_cloexec_file(d->rpcf);
+	} else
+		rewind(d->rpcf);
+	if (d->current)
+		free(d->current);
+	d->current = NULL;
+	d->stayopen |= f;
+}
+
+ENDRPCENT_TYPE endrpcent(void)
+{
+	struct rpcdata *d = _rpcdata();
+
+	if (d == 0)
+		return;
+	if (d->current && !d->stayopen) {
+		free(d->current);
+		d->current = NULL;
+	}
+	if (d->rpcf && !d->stayopen) {
+		fclose(d->rpcf);
+		d->rpcf = NULL;
+	}
+}
+
+struct rpcent *
+getrpcent(void)
+{
+	struct rpcent *hp;
+	int reason;
+	char *key = NULL, *val = NULL;
+	int keylen, vallen;
+	struct rpcdata *d = _rpcdata();
+
+	if (d == 0)
+		return(NULL);
+	if (d->rpcf == NULL) {
+	    if ((d->rpcf = fopen(RPCDB, "r")) == NULL)
+		return (NULL);
+	    set_cloexec_file(d->rpcf);
+	}
+	if (fgets(d->line, BUFSIZ, d->rpcf) == NULL)
+		return (NULL);
+	return interpret(d->line, strlen(d->line));
+}
+
+static struct rpcent *
+interpret(char *val, int len)
+{
+	struct rpcdata *d = _rpcdata();
+	char *p;
+	char *cp, **q;
+
+	if (d == 0)
+		return;
+	strncpy(d->line, val, len);
+	p = d->line;
+	d->line[len] = '\n';
+	if (*p == '#')
+		return (getrpcent());
+	cp = strchr(p, '#');
+	if (cp == NULL)
+    {
+		cp = strchr(p, '\n');
+		if (cp == NULL)
+			return (getrpcent());
+	}
+	*cp = '\0';
+	cp = strchr(p, ' ');
+	if (cp == NULL)
+    {
+		cp = strchr(p, '\t');
+		if (cp == NULL)
+			return (getrpcent());
+	}
+	*cp++ = '\0';
+	/* THIS STUFF IS INTERNET SPECIFIC */
+	d->rpc.r_name = d->line;
+	while (*cp == ' ' || *cp == '\t')
+		cp++;
+	d->rpc.r_number = atoi(cp);
+	q = d->rpc.r_aliases = d->rpc_aliases;
+	cp = strchr(p, ' ');
+	if (cp != NULL)
+		*cp++ = '\0';
+	else
+    {
+		cp = strchr(p, '\t');
+		if (cp != NULL)
+			*cp++ = '\0';
+	}
+	while (cp && *cp) {
+		if (*cp == ' ' || *cp == '\t') {
+			cp++;
+			continue;
+		}
+		if (q < &(d->rpc_aliases[MAXALIASES - 1]))
+			*q++ = cp;
+		cp = strchr(p, ' ');
+		if (cp != NULL)
+			*cp++ = '\0';
+		else
+	    {
+			cp = strchr(p, '\t');
+			if (cp != NULL)
+				*cp++ = '\0';
+		}
+	}
+	*q = NULL;
+	return (&d->rpc);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/getrpcport.c b/krb5-1.21.3/src/lib/rpc/getrpcport.c
new file mode 100644
index 00000000..e2817544
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/getrpcport.c
@@ -0,0 +1,60 @@
+/* lib/rpc/getrpcport.c */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_clnt.h>
+#include <netdb.h>
+#include <sys/socket.h>
+
+int
+gssrpc_getrpcport(
+	char *host,
+	rpcprog_t prognum,
+	rpcvers_t versnum,
+	rpcprot_t proto)
+{
+	struct sockaddr_in addr;
+	struct hostent *hp;
+
+	if ((hp = gethostbyname(host)) == NULL)
+		return (0);
+	memset(&addr, 0, sizeof(addr));
+	memmove((char *) &addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr));
+	addr.sin_family = AF_INET;
+	addr.sin_port =  0;
+	return (pmap_getport(&addr, prognum, versnum, proto));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/gssrpcint.h b/krb5-1.21.3/src/lib/rpc/gssrpcint.h
new file mode 100644
index 00000000..1d1bd7ed
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/gssrpcint.h
@@ -0,0 +1,35 @@
+/* lib/rpc/gssrpcint.h */
+/*
+ * Copyright (C) 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __GSSRPCINT_H__
+#define __GSSRPCINT_H__
+
+extern void gssrpcint_printf(const char *format, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 1, 2)))
+#endif
+  ;
+
+#endif /* __GSSRPCINT_H__ */
diff --git a/krb5-1.21.3/src/lib/rpc/libgssrpc.exports b/krb5-1.21.3/src/lib/rpc/libgssrpc.exports
new file mode 100644
index 00000000..0d60eedc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/libgssrpc.exports
@@ -0,0 +1,144 @@
+gssrpc_auth_debug_gss
+gssrpc_auth_debug_gssapi
+gssrpc_auth_gssapi_create
+gssrpc_auth_gssapi_create_default
+gssrpc_auth_gssapi_display_status
+gssrpc_auth_gssapi_seal_seq
+gssrpc_auth_gssapi_unseal_seq
+gssrpc_auth_gssapi_unwrap_data
+gssrpc_auth_gssapi_wrap_data
+gssrpc_authgss_create
+gssrpc_authgss_create_default
+gssrpc_authgss_get_private_data
+gssrpc_authgss_service
+gssrpc_authnone_create
+gssrpc_authunix_create
+gssrpc_authunix_create_default
+gssrpc_bindresvport
+gssrpc_bindresvport_sa
+gssrpc_callrpc
+gssrpc_clnt_broadcast
+gssrpc_clnt_create
+gssrpc_clnt_pcreateerror
+gssrpc_clnt_perrno
+gssrpc_clnt_perror
+gssrpc_clnt_spcreateerror
+gssrpc_clnt_sperrno
+gssrpc_clnt_sperror
+gssrpc_clntraw_create
+gssrpc_clnttcp_create
+gssrpc_clntudp_bufcreate
+gssrpc_clntudp_create
+gssrpc_get_myaddress
+gssrpc_getrpcport
+gssrpc_log_debug
+gssrpc_log_hexdump
+gssrpc_log_status
+gssrpc_misc_debug_gss
+gssrpc_misc_debug_gssapi
+gssrpc_pmap_getmaps
+gssrpc_pmap_getport
+gssrpc_pmap_rmtcall
+gssrpc_pmap_set
+gssrpc_pmap_unset
+gssrpc_registerrpc
+gssrpc_rpc_createrr
+gssrpc_svc_auth_gss_ops
+gssrpc_svc_auth_gssapi_ops
+gssrpc_svc_auth_none
+gssrpc_svc_auth_none_ops
+gssrpc_svc_debug_gss
+gssrpc_svc_debug_gssapi
+gssrpc_svc_fdset
+gssrpc_svc_fdset_init
+gssrpc_svc_getreq
+gssrpc_svc_getreqset
+gssrpc_svc_maxfd
+gssrpc_svc_register
+gssrpc_svc_run
+gssrpc_svc_sendreply
+gssrpc_svc_unregister
+gssrpc_svcauth_gss_get_principal
+gssrpc_svcauth_gss_set_log_badauth_func
+gssrpc_svcauth_gss_set_log_badauth2_func
+gssrpc_svcauth_gss_set_log_badverf_func
+gssrpc_svcauth_gss_set_log_miscerr_func
+gssrpc_svcauth_gss_set_svc_name
+gssrpc_svcauth_gssapi_set_log_badauth_func
+gssrpc_svcauth_gssapi_set_log_badauth2_func
+gssrpc_svcauth_gssapi_set_log_badverf_func
+gssrpc_svcauth_gssapi_set_log_miscerr_func
+gssrpc_svcauth_gssapi_set_names
+gssrpc_svcauth_gssapi_unset_names
+gssrpc_svcerr_auth
+gssrpc_svcerr_decode
+gssrpc_svcerr_noproc
+gssrpc_svcerr_noprog
+gssrpc_svcerr_progvers
+gssrpc_svcerr_systemerr
+gssrpc_svcerr_weakauth
+gssrpc_svcfd_create
+gssrpc_svcraw_create
+gssrpc_svctcp_create
+gssrpc_svcudp_bufcreate
+gssrpc_svcudp_create
+gssrpc_svcudp_enablecache
+gssrpc_xdr_accepted_reply
+gssrpc_xdr_array
+gssrpc_xdr_authgssapi_creds
+gssrpc_xdr_authgssapi_init_arg
+gssrpc_xdr_authgssapi_init_res
+gssrpc_xdr_authunix_parms
+gssrpc_xdr_bool
+gssrpc_xdr_bytes
+gssrpc_xdr_callhdr
+gssrpc_xdr_callmsg
+gssrpc_xdr_char
+gssrpc_xdr_des_block
+gssrpc_xdr_enum
+gssrpc_xdr_free
+gssrpc_xdr_gss_buf
+gssrpc_xdr_int
+gssrpc_xdr_int32
+gssrpc_xdr_long
+gssrpc_xdr_netobj
+gssrpc_xdr_opaque
+gssrpc_xdr_opaque_auth
+gssrpc_xdr_pmap
+gssrpc_xdr_pmaplist
+gssrpc_xdr_pointer
+gssrpc_xdr_reference
+gssrpc_xdr_rejected_reply
+gssrpc_xdr_replymsg
+gssrpc_xdr_rmtcall_args
+gssrpc_xdr_rmtcallres
+gssrpc_xdr_rpc_gss_buf
+gssrpc_xdr_rpc_gss_cred
+gssrpc_xdr_rpc_gss_data
+gssrpc_xdr_rpc_gss_init_args
+gssrpc_xdr_rpc_gss_init_res
+gssrpc_xdr_rpc_gss_unwrap_data
+gssrpc_xdr_rpc_gss_wrap_data
+gssrpc_xdr_short
+gssrpc_xdr_sizeof
+gssrpc_xdr_string
+gssrpc_xdr_u_char
+gssrpc_xdr_u_int
+gssrpc_xdr_u_int32
+gssrpc_xdr_u_long
+gssrpc_xdr_u_short
+gssrpc_xdr_union
+gssrpc_xdr_vector
+gssrpc_xdr_void
+gssrpc_xdr_wrapstring
+gssrpc_xdralloc_create
+gssrpc_xdralloc_getdata
+gssrpc_xdralloc_release
+gssrpc_xdrmem_create
+gssrpc_xdrrec_create
+gssrpc_xdrrec_endofrecord
+gssrpc_xdrrec_eof
+gssrpc_xdrrec_skiprecord
+gssrpc_xdrstdio_create
+gssrpc_xprt_register
+gssrpc_xprt_unregister
diff --git a/krb5-1.21.3/src/lib/rpc/pmap_clnt.c b/krb5-1.21.3/src/lib/rpc/pmap_clnt.c
new file mode 100644
index 00000000..952a2514
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/pmap_clnt.c
@@ -0,0 +1,169 @@
+/* @(#)pmap_clnt.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)pmap_clnt.c 1.37 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * pmap_clnt.c
+ * Client interface to pmap rpc service.
+ */
+
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_prot.h>
+#include <gssrpc/pmap_clnt.h>
+
+#if TARGET_OS_MAC
+#include <sys/un.h>
+#include <string.h>
+#include <syslog.h>
+#endif
+
+static struct timeval timeout = { 5, 0 };
+static struct timeval tottimeout = { 60, 0 };
+
+void clnt_perror();
+
+/*
+ * Set a mapping between program,version and port.
+ * Calls the pmap service remotely to do the mapping.
+ */
+bool_t
+pmap_set(
+	rpcprog_t program,
+	rpcvers_t version,
+	rpcprot_t protocol,
+	u_int port)
+{
+	struct sockaddr_in myaddress;
+	int sock = -1;
+	CLIENT *client;
+	struct pmap parms;
+	bool_t rslt;
+
+	get_myaddress(&myaddress);
+	client = clntudp_bufcreate(&myaddress, PMAPPROG, PMAPVERS,
+	    timeout, &sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
+	if (client == (CLIENT *)NULL)
+		return (FALSE);
+	parms.pm_prog = program;
+	parms.pm_vers = version;
+	parms.pm_prot = protocol;
+	parms.pm_port = port;
+#if TARGET_OS_MAC
+	{
+	    /*
+	     * Poke launchd, then wait for portmap to start up.
+	     *
+	     * My impression is that the protocol involves getting
+	     * something back from the server.  So wait, briefly, to
+	     * see if it's going to send us something.  Then continue
+	     * on, regardless.  I don't actually check what the data
+	     * is, because I have no idea what sort of validation, if
+	     * any, is needed.
+	     *
+	     * However, for whatever reason, the socket seems to be
+	     * mode 700 owner root on my system, so if you don't
+	     * change its ownership or mode, and if the program isn't
+	     * running as root, you still lose.
+	     */
+#define TICKLER_SOCKET "/var/run/portmap.socket"
+	    int tickle;
+	    struct sockaddr_un a = {
+		.sun_family = AF_UNIX,
+		.sun_path = TICKLER_SOCKET,
+		.sun_len = (sizeof(TICKLER_SOCKET)
+			    + offsetof(struct sockaddr_un, sun_path)),
+	    };
+
+	    if (sizeof(TICKLER_SOCKET) <= sizeof(a.sun_path)) {
+		tickle = socket(AF_UNIX, SOCK_STREAM, 0);
+		if (tickle >= 0) {
+		    if (connect(tickle, (struct sockaddr *)&a, a.sun_len) == 0
+			&& tickle < FD_SETSIZE) {
+			fd_set readfds;
+			struct timeval tv;
+
+			FD_ZERO(&readfds);
+			/* XXX Range check.  */
+			FD_SET(tickle, &readfds);
+			tv.tv_sec = 5;
+			tv.tv_usec = 0;
+			(void) select(tickle+1, &readfds, 0, 0, &tv);
+		    }
+		    close(tickle);
+		}
+	    }
+	}
+#endif
+	if (CLNT_CALL(client, PMAPPROC_SET, xdr_pmap, &parms, xdr_bool, &rslt,
+	    tottimeout) != RPC_SUCCESS) {
+		clnt_perror(client, "Cannot register service");
+		return (FALSE);
+	}
+	CLNT_DESTROY(client);
+	(void)close(sock);
+	return (rslt);
+}
+
+/*
+ * Remove the mapping between program,version and port.
+ * Calls the pmap service remotely to do the un-mapping.
+ */
+bool_t
+pmap_unset(
+	rpcprog_t program,
+	rpcvers_t version)
+{
+	struct sockaddr_in myaddress;
+	int sock = -1;
+	CLIENT *client;
+	struct pmap parms;
+	bool_t rslt;
+
+	get_myaddress(&myaddress);
+	client = clntudp_bufcreate(&myaddress, PMAPPROG, PMAPVERS,
+	    timeout, &sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
+	if (client == (CLIENT *)NULL)
+		return (FALSE);
+	parms.pm_prog = program;
+	parms.pm_vers = version;
+	parms.pm_port = parms.pm_prot = 0;
+	CLNT_CALL(client, PMAPPROC_UNSET, xdr_pmap, &parms, xdr_bool, &rslt,
+	    tottimeout);
+	CLNT_DESTROY(client);
+	(void)close(sock);
+	return (rslt);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/pmap_getmaps.c b/krb5-1.21.3/src/lib/rpc/pmap_getmaps.c
new file mode 100644
index 00000000..b8a9cecf
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/pmap_getmaps.c
@@ -0,0 +1,89 @@
+/* @(#)pmap_getmaps.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)pmap_getmaps.c 1.10 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * pmap_getmap.c
+ * Client interface to pmap rpc service.
+ * contains pmap_getmaps, which is only tcp service involved
+ */
+
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_prot.h>
+#include <gssrpc/pmap_clnt.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <errno.h>
+#ifdef OSF1
+#include <net/route.h>
+#include <sys/mbuf.h>
+#endif
+#include <net/if.h>
+#include <sys/ioctl.h>
+#define NAMELEN 255
+#define MAX_BROADCAST_SIZE 1400
+
+
+/*
+ * Get a copy of the current port maps.
+ * Calls the pmap service remotely to do get the maps.
+ */
+struct pmaplist *
+pmap_getmaps(struct sockaddr_in *address)
+{
+	struct pmaplist *head = (struct pmaplist *)NULL;
+	int sock = -1;
+	struct timeval minutetimeout;
+	CLIENT *client;
+
+	minutetimeout.tv_sec = 60;
+	minutetimeout.tv_usec = 0;
+	address->sin_port = htons(PMAPPORT);
+	client = clnttcp_create(address, PMAPPROG,
+	    PMAPVERS, &sock, 50, 500);
+	if (client != (CLIENT *)NULL) {
+		if (CLNT_CALL(client, PMAPPROC_DUMP, xdr_void, NULL, xdr_pmaplist,
+		    &head, minutetimeout) != RPC_SUCCESS) {
+			clnt_perror(client, "pmap_getmaps rpc problem");
+		}
+		CLNT_DESTROY(client);
+	}
+	(void)close(sock);
+	address->sin_port = 0;
+	return (head);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/pmap_getport.c b/krb5-1.21.3/src/lib/rpc/pmap_getport.c
new file mode 100644
index 00000000..66635a10
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/pmap_getport.c
@@ -0,0 +1,94 @@
+/* @(#)pmap_getport.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)pmap_getport.c 1.9 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * pmap_getport.c
+ * Client interface to pmap rpc service.
+ */
+
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_prot.h>
+#include <gssrpc/pmap_clnt.h>
+#include <sys/socket.h>
+#ifdef OSF1
+#include <net/route.h>
+#include <sys/mbuf.h>
+#endif
+#include <net/if.h>
+
+static struct timeval timeout = { 5, 0 };
+static struct timeval tottimeout = { 60, 0 };
+
+/*
+ * Find the mapped port for program,version.
+ * Calls the pmap service remotely to do the lookup.
+ * Returns 0 if no map exists.
+ */
+u_short
+pmap_getport(
+	struct sockaddr_in *address,
+	rpcprog_t program,
+	rpcvers_t version,
+	rpcprot_t protocol)
+{
+	unsigned short port = 0;
+	int sock = -1;
+	CLIENT *client;
+	struct pmap parms;
+
+	address->sin_port = htons(PMAPPORT);
+	client = clntudp_bufcreate(address, PMAPPROG,
+	    PMAPVERS, timeout, &sock, RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
+	if (client != (CLIENT *)NULL) {
+		parms.pm_prog = program;
+		parms.pm_vers = version;
+		parms.pm_prot = protocol;
+		parms.pm_port = 0;  /* not needed or used */
+		if (CLNT_CALL(client, PMAPPROC_GETPORT, xdr_pmap, &parms,
+		    xdr_u_short, &port, tottimeout) != RPC_SUCCESS){
+			rpc_createerr.cf_stat = RPC_PMAPFAILURE;
+			clnt_geterr(client, &rpc_createerr.cf_error);
+		} else if (port == 0) {
+			rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED;
+		}
+		CLNT_DESTROY(client);
+	}
+	(void)close(sock);
+	address->sin_port = 0;
+	return (port);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/pmap_prot.c b/krb5-1.21.3/src/lib/rpc/pmap_prot.c
new file mode 100644
index 00000000..5cbc1eda
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/pmap_prot.c
@@ -0,0 +1,57 @@
+/* @(#)pmap_prot.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)pmap_prot.c 1.17 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * pmap_prot.c
+ * Protocol for the local binder service, or pmap.
+ */
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/pmap_prot.h>
+
+
+bool_t
+xdr_pmap(XDR *xdrs, struct pmap *regs)
+{
+
+	if (xdr_rpcprog(xdrs, &regs->pm_prog) &&
+		xdr_rpcvers(xdrs, &regs->pm_vers) &&
+		xdr_rpcprot(xdrs, &regs->pm_prot))
+		return (xdr_rpcport(xdrs, &regs->pm_port));
+	return (FALSE);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/pmap_prot2.c b/krb5-1.21.3/src/lib/rpc/pmap_prot2.c
new file mode 100644
index 00000000..aeccac66
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/pmap_prot2.c
@@ -0,0 +1,116 @@
+/* @(#)pmap_prot2.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * pmap_prot2.c
+ * Protocol for the local binder service, or pmap.
+ */
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <gssrpc/pmap_prot.h>
+
+
+/*
+ * What is going on with linked lists? (!)
+ * First recall the link list declaration from pmap_prot.h:
+ *
+ * struct pmaplist {
+ *	struct pmap pml_map;
+ *	struct pmaplist *pml_map;
+ * };
+ *
+ * Compare that declaration with a corresponding xdr declaration that
+ * is (a) pointer-less, and (b) recursive:
+ *
+ * typedef union switch (bool_t) {
+ *
+ *	case TRUE: struct {
+ *		struct pmap;
+ * 		pmaplist_t foo;
+ *	};
+ *
+ *	case FALSE: struct {};
+ * } pmaplist_t;
+ *
+ * Notice that the xdr declaration has no nxt pointer while
+ * the C declaration has no bool_t variable.  The bool_t can be
+ * interpreted as ``more data follows me''; if FALSE then nothing
+ * follows this bool_t; if TRUE then the bool_t is followed by
+ * an actual struct pmap, and then (recursively) by the
+ * xdr union, pamplist_t.
+ *
+ * This could be implemented via the xdr_union primitive, though this
+ * would cause a one recursive call per element in the list.  Rather than do
+ * that we can ``unwind'' the recursion
+ * into a while loop and do the union arms in-place.
+ *
+ * The head of the list is what the C programmer wishes to past around
+ * the net, yet is the data that the pointer points to which is interesting;
+ * this sounds like a job for xdr_reference!
+ */
+bool_t
+xdr_pmaplist(XDR *xdrs, struct pmaplist **rp)
+{
+	/*
+	 * more_elements is pre-computed in case the direction is
+	 * XDR_ENCODE or XDR_FREE.  more_elements is overwritten by
+	 * xdr_bool when the direction is XDR_DECODE.
+	 */
+	bool_t more_elements;
+	int freeing = (xdrs->x_op == XDR_FREE);
+	struct pmaplist **next = NULL;
+
+	while (TRUE) {
+		more_elements = (bool_t)(*rp != NULL);
+		if (! xdr_bool(xdrs, &more_elements))
+			return (FALSE);
+		if (! more_elements)
+			return (TRUE);  /* we are done */
+		/*
+		 * the unfortunate side effect of non-recursion is that in
+		 * the case of freeing we must remember the next object
+		 * before we free the current object ...
+		 */
+		if (freeing)
+			next = &((*rp)->pml_next);
+		if (! xdr_reference(xdrs, (caddr_t *)rp,
+		    (u_int)sizeof(struct pmaplist), xdr_pmap))
+			return (FALSE);
+		rp = (freeing) ? next : &((*rp)->pml_next);
+	}
+}
diff --git a/krb5-1.21.3/src/lib/rpc/pmap_rmt.c b/krb5-1.21.3/src/lib/rpc/pmap_rmt.c
new file mode 100644
index 00000000..8c7e30c2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/pmap_rmt.c
@@ -0,0 +1,414 @@
+/* @(#)pmap_rmt.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)pmap_rmt.c 1.21 87/08/27 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * pmap_rmt.c
+ * Client interface to pmap rpc service.
+ * remote call and broadcast service
+ */
+
+#include "k5-platform.h"
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_prot.h>
+#include <gssrpc/pmap_clnt.h>
+#include <gssrpc/pmap_rmt.h>
+#include <sys/socket.h>
+#ifdef sun
+#include <sys/sockio.h>
+#endif
+#ifdef OSF1
+#include <net/route.h>
+#include <sys/mbuf.h>
+#endif
+#include <net/if.h>
+#include <sys/ioctl.h>
+#include <arpa/inet.h>
+#define MAX_BROADCAST_SIZE 1400
+#include <port-sockets.h>
+#include "socket-utils.h"
+
+static struct timeval timeout = { 3, 0 };
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+/*
+ * pmapper remote-call-service interface.
+ * This routine is used to call the pmapper remote call service
+ * which will look up a service program in the port maps, and then
+ * remotely call that routine with the given parameters.  This allows
+ * programs to do a lookup and call in one step.
+*/
+enum clnt_stat
+pmap_rmtcall(
+	struct sockaddr_in *addr,
+	rpcprog_t prog,
+	rpcvers_t vers,
+	rpcproc_t proc,
+	xdrproc_t xdrargs,
+	caddr_t argsp,
+	xdrproc_t xdrres,
+	caddr_t resp,
+	struct timeval tout,
+	rpcport_t *port_ptr)
+{
+        SOCKET sock = INVALID_SOCKET;
+	CLIENT *client;
+	struct rmtcallargs a;
+	struct rmtcallres r;
+	enum clnt_stat stat;
+
+	addr->sin_port = htons(PMAPPORT);
+	client = clntudp_create(addr, PMAPPROG, PMAPVERS, timeout, &sock);
+	if (client != (CLIENT *)NULL) {
+		a.prog = prog;
+		a.vers = vers;
+		a.proc = proc;
+		a.args_ptr = argsp;
+		a.xdr_args = xdrargs;
+		r.port_ptr = port_ptr;
+		r.results_ptr = resp;
+		r.xdr_results = xdrres;
+		stat = CLNT_CALL(client, PMAPPROC_CALLIT, xdr_rmtcall_args, &a,
+		    xdr_rmtcallres, &r, tout);
+		CLNT_DESTROY(client);
+	} else {
+		stat = RPC_FAILED;
+	}
+        (void)closesocket(sock);
+	addr->sin_port = 0;
+	return (stat);
+}
+
+
+/*
+ * XDR remote call arguments
+ * written for XDR_ENCODE direction only
+ */
+bool_t
+xdr_rmtcall_args(
+	XDR *xdrs,
+	struct rmtcallargs *cap)
+{
+	u_int lenposition, argposition, position;
+
+	if (xdr_u_int32(xdrs, &(cap->prog)) &&
+	    xdr_u_int32(xdrs, &(cap->vers)) &&
+	    xdr_u_int32(xdrs, &(cap->proc))) {
+		lenposition = XDR_GETPOS(xdrs);
+		if (! xdr_u_int32(xdrs, &(cap->arglen)))
+		    return (FALSE);
+		argposition = XDR_GETPOS(xdrs);
+		if (! (*(cap->xdr_args))(xdrs, cap->args_ptr))
+		    return (FALSE);
+		position = XDR_GETPOS(xdrs);
+		cap->arglen = (uint32_t)position - (uint32_t)argposition;
+		XDR_SETPOS(xdrs, lenposition);
+		if (! xdr_u_int32(xdrs, &(cap->arglen)))
+		    return (FALSE);
+		XDR_SETPOS(xdrs, position);
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * XDR remote call results
+ * written for XDR_DECODE direction only
+ */
+bool_t
+xdr_rmtcallres(
+	XDR *xdrs,
+	struct rmtcallres *crp)
+{
+	caddr_t port_ptr;
+
+	port_ptr = (caddr_t)(void *)crp->port_ptr;
+	if (xdr_reference(xdrs, &port_ptr, sizeof (uint32_t),
+	    xdr_u_int32) && xdr_u_int32(xdrs, &crp->resultslen)) {
+		crp->port_ptr = (uint32_t *)(void *)port_ptr;
+		return ((*(crp->xdr_results))(xdrs, crp->results_ptr));
+	}
+	return (FALSE);
+}
+
+
+/*
+ * The following is kludged-up support for simple rpc broadcasts.
+ * Someday a large, complicated system will replace these trivial
+ * routines which only support udp/ip .
+ */
+
+#define GIFCONF_BUFSIZE (256 * sizeof (struct ifconf))
+
+static int
+getbroadcastnets(
+	struct in_addr *addrs,
+	int sock,  /* any valid socket will do */
+	char *buf  /* why allocxate more when we can use existing... */
+	)
+{
+	struct ifconf ifc;
+        struct ifreq ifreq, *ifr;
+        int n, i;
+
+        ifc.ifc_len = GIFCONF_BUFSIZE;
+        ifc.ifc_buf = buf;
+	memset (buf, 0, GIFCONF_BUFSIZE);
+        if (ioctl(sock, SIOCGIFCONF, (char *)&ifc) < 0) {
+                perror("broadcast: ioctl (get interface configuration)");
+                return (0);
+        }
+        ifr = ifc.ifc_req;
+        for (i = 0, n = ifc.ifc_len/sizeof (struct ifreq); n > 0; n--, ifr++) {
+                ifreq = *ifr;
+                if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
+                        perror("broadcast: ioctl (get interface flags)");
+                        continue;
+                }
+                if ((ifreq.ifr_flags & IFF_BROADCAST) &&
+		    (ifreq.ifr_flags & IFF_UP) &&
+		    ifr->ifr_addr.sa_family == AF_INET) {
+#ifdef SIOCGIFBRDADDR   /* 4.3BSD */
+			if (ioctl(sock, SIOCGIFBRDADDR, (char *)&ifreq) < 0) {
+				addrs[i++].s_addr = INADDR_ANY;
+			} else {
+				addrs[i++] = sa2sin(&ifreq.ifr_addr)->sin_addr;
+			}
+#else /* 4.2 BSD */
+			struct sockaddr_in *sockin;
+			sockin = sa2sin(&ifr->ifr_addr);
+			addrs[i++] = inet_makeaddr(inet_netof
+			  (sockin->sin_addr.s_addr), INADDR_ANY);
+#endif
+		}
+	}
+	return (i);
+}
+
+enum clnt_stat
+clnt_broadcast(
+	rpcprog_t	prog,		/* program number */
+	rpcvers_t	vers,		/* version number */
+	rpcproc_t	proc,		/* procedure number */
+	xdrproc_t	xargs,		/* xdr routine for args */
+	caddr_t		argsp,		/* pointer to args */
+	xdrproc_t	xresults,	/* xdr routine for results */
+	caddr_t		resultsp,	/* pointer to results */
+	resultproc_t	eachresult	/* call with each result obtained */
+	)
+{
+	enum clnt_stat stat;
+	AUTH *unix_auth = authunix_create_default();
+	XDR xdr_stream;
+	XDR *xdrs = &xdr_stream;
+	int outlen, nets;
+	ssize_t inlen;
+	GETSOCKNAME_ARG3_TYPE fromlen;
+        SOCKET sock;
+	int on = 1;
+#ifdef FD_SETSIZE
+	fd_set mask;
+	fd_set readfds;
+#else
+	int readfds;
+	int mask;
+#endif /* def FD_SETSIZE */
+	int i;
+	bool_t done = FALSE;
+	uint32_t xid;
+	rpcport_t port;
+	struct in_addr addrs[20];
+	struct sockaddr_in baddr, raddr; /* broadcast and response addresses */
+	struct rmtcallargs a;
+	struct rmtcallres r;
+	struct rpc_msg msg;
+	struct timeval t, t2;
+	char outbuf[MAX_BROADCAST_SIZE];
+#ifndef MAX
+#define MAX(A,B) ((A)<(B)?(B):(A))
+#endif
+	char inbuf[MAX (UDPMSGSIZE, GIFCONF_BUFSIZE)];
+
+	/*
+	 * initialization: create a socket, a broadcast address, and
+	 * preserialize the arguments into a send buffer.
+	 */
+	if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+		perror("Cannot create socket for broadcast rpc");
+		stat = RPC_CANTSEND;
+		goto done_broad;
+	}
+	set_cloexec_fd(sock);
+#ifdef SO_BROADCAST
+	if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *) &on,
+		       sizeof (on)) < 0) {
+		perror("Cannot set socket option SO_BROADCAST");
+		stat = RPC_CANTSEND;
+		goto done_broad;
+	}
+#endif /* def SO_BROADCAST */
+#ifdef FD_SETSIZE
+	FD_ZERO(&mask);
+	FD_SET(sock, &mask);
+#else
+	mask = (1 << sock);
+#endif /* def FD_SETSIZE */
+	nets = getbroadcastnets(addrs, sock, inbuf);
+	memset(&baddr, 0, sizeof (baddr));
+	baddr.sin_family = AF_INET;
+	baddr.sin_port = htons(PMAPPORT);
+	baddr.sin_addr.s_addr = htonl(INADDR_ANY);
+/*	baddr.sin_addr.S_un.S_addr = htonl(INADDR_ANY); */
+	(void)gettimeofday(&t, (struct timezone *)0);
+	msg.rm_xid = xid = getpid() ^ t.tv_sec ^ t.tv_usec;
+	t.tv_usec = 0;
+	msg.rm_direction = CALL;
+	msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
+	msg.rm_call.cb_prog = PMAPPROG;
+	msg.rm_call.cb_vers = PMAPVERS;
+	msg.rm_call.cb_proc = PMAPPROC_CALLIT;
+	msg.rm_call.cb_cred = unix_auth->ah_cred;
+	msg.rm_call.cb_verf = unix_auth->ah_verf;
+	a.prog = prog;
+	a.vers = vers;
+	a.proc = proc;
+	a.xdr_args = xargs;
+	a.args_ptr = argsp;
+	r.port_ptr = &port;
+	r.xdr_results = xresults;
+	r.results_ptr = resultsp;
+	xdrmem_create(xdrs, outbuf, MAX_BROADCAST_SIZE, XDR_ENCODE);
+	if ((! xdr_callmsg(xdrs, &msg)) || (! xdr_rmtcall_args(xdrs, &a))) {
+		stat = RPC_CANTENCODEARGS;
+		goto done_broad;
+	}
+	outlen = (int)xdr_getpos(xdrs);
+	xdr_destroy(xdrs);
+	/*
+	 * Basic loop: broadcast a packet and wait a while for response(s).
+	 * The response timeout grows larger per iteration.
+	 */
+	for (t.tv_sec = 4; t.tv_sec <= 14; t.tv_sec += 2) {
+		for (i = 0; i < nets; i++) {
+			baddr.sin_addr = addrs[i];
+			if (sendto(sock, outbuf, outlen, 0,
+				(struct sockaddr *)&baddr,
+				sizeof (struct sockaddr)) != outlen) {
+				perror("Cannot send broadcast packet");
+				stat = RPC_CANTSEND;
+				goto done_broad;
+			}
+		}
+		if (eachresult == NULL) {
+			stat = RPC_SUCCESS;
+			goto done_broad;
+		}
+	recv_again:
+		msg.acpted_rply.ar_verf = gssrpc__null_auth;
+		msg.acpted_rply.ar_results.where = (caddr_t)&r;
+                msg.acpted_rply.ar_results.proc = xdr_rmtcallres;
+		readfds = mask;
+		t2 = t;
+		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL,
+			       (fd_set *)NULL, &t2)) {
+
+		case 0:  /* timed out */
+			stat = RPC_TIMEDOUT;
+			continue;
+
+		case -1:  /* some kind of error */
+			if (errno == EINTR)
+				goto recv_again;
+			perror("Broadcast select problem");
+			stat = RPC_CANTRECV;
+			goto done_broad;
+
+		}  /* end of select results switch */
+	try_again:
+		fromlen = sizeof(struct sockaddr);
+		inlen = recvfrom(sock, inbuf, UDPMSGSIZE, 0,
+			(struct sockaddr *)&raddr, &fromlen);
+		if (inlen < 0) {
+			if (errno == EINTR)
+				goto try_again;
+			perror("Cannot receive reply to broadcast");
+			stat = RPC_CANTRECV;
+			goto done_broad;
+		}
+		if ((size_t)inlen < sizeof(uint32_t))
+			goto recv_again;
+		/*
+		 * see if reply transaction id matches sent id.
+		 * If so, decode the results.
+		 */
+		xdrmem_create(xdrs, inbuf, (u_int)inlen, XDR_DECODE);
+		if (xdr_replymsg(xdrs, &msg)) {
+			if ((msg.rm_xid == xid) &&
+				(msg.rm_reply.rp_stat == MSG_ACCEPTED) &&
+				(msg.acpted_rply.ar_stat == SUCCESS)) {
+				raddr.sin_port = htons((u_short)port);
+				done = (*eachresult)(resultsp, &raddr);
+			}
+			/* otherwise, we just ignore the errors ... */
+		} else {
+#ifdef notdef
+			/* some kind of deserialization problem ... */
+			if (msg.rm_xid == xid)
+				fprintf(stderr, "Broadcast deserialization problem");
+			/* otherwise, just random garbage */
+#endif
+		}
+		xdrs->x_op = XDR_FREE;
+		msg.acpted_rply.ar_results.proc = xdr_void;
+		(void)xdr_replymsg(xdrs, &msg);
+		(void)(*xresults)(xdrs, resultsp);
+		xdr_destroy(xdrs);
+		if (done) {
+			stat = RPC_SUCCESS;
+			goto done_broad;
+		} else {
+			goto recv_again;
+		}
+	}
+done_broad:
+        (void)closesocket(sock);
+	AUTH_DESTROY(unix_auth);
+	return (stat);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/rpc_callmsg.c b/krb5-1.21.3/src/lib/rpc/rpc_callmsg.c
new file mode 100644
index 00000000..27d298fa
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/rpc_callmsg.c
@@ -0,0 +1,194 @@
+/* @(#)rpc_callmsg.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)rpc_callmsg.c 1.4 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * rpc_callmsg.c
+ */
+
+#include <sys/param.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+
+/*
+ * XDR a call message
+ */
+bool_t
+xdr_callmsg(XDR *xdrs, struct rpc_msg *cmsg)
+{
+	rpc_inline_t *buf;
+	struct opaque_auth *oa;
+
+	if (xdrs->x_op == XDR_ENCODE) {
+		if (cmsg->rm_call.cb_cred.oa_length > MAX_AUTH_BYTES) {
+			return (FALSE);
+		}
+		if (cmsg->rm_call.cb_verf.oa_length > MAX_AUTH_BYTES) {
+			return (FALSE);
+		}
+		buf = (rpc_inline_t *) XDR_INLINE(xdrs, (int) (
+		        8 * BYTES_PER_XDR_UNIT
+			+ RNDUP(cmsg->rm_call.cb_cred.oa_length)
+			+ 2 * BYTES_PER_XDR_UNIT
+			+ RNDUP(cmsg->rm_call.cb_verf.oa_length)));
+		if (buf != NULL) {
+			IXDR_PUT_LONG(buf, cmsg->rm_xid);
+			IXDR_PUT_ENUM(buf, cmsg->rm_direction);
+			if (cmsg->rm_direction != CALL) {
+				return (FALSE);
+			}
+			IXDR_PUT_LONG(buf, cmsg->rm_call.cb_rpcvers);
+			if (cmsg->rm_call.cb_rpcvers != RPC_MSG_VERSION) {
+				return (FALSE);
+			}
+			IXDR_PUT_LONG(buf, cmsg->rm_call.cb_prog);
+			IXDR_PUT_LONG(buf, cmsg->rm_call.cb_vers);
+			IXDR_PUT_LONG(buf, cmsg->rm_call.cb_proc);
+			oa = &cmsg->rm_call.cb_cred;
+			IXDR_PUT_ENUM(buf, oa->oa_flavor);
+			IXDR_PUT_LONG(buf, oa->oa_length);
+			if (oa->oa_length) {
+				memmove((caddr_t)buf, oa->oa_base,
+					oa->oa_length);
+				buf += RNDUP(oa->oa_length) / BYTES_PER_XDR_UNIT;
+			}
+			oa = &cmsg->rm_call.cb_verf;
+			IXDR_PUT_ENUM(buf, oa->oa_flavor);
+			IXDR_PUT_LONG(buf, oa->oa_length);
+			if (oa->oa_length) {
+				memmove((caddr_t)buf, oa->oa_base,
+					oa->oa_length);
+				/* no real need....
+				buf += RNDUP(oa->oa_length) / BYTES_PER_XDR_UNIT;
+				*/
+			}
+			return (TRUE);
+		}
+	}
+	if (xdrs->x_op == XDR_DECODE) {
+		buf = (rpc_inline_t *) XDR_INLINE(xdrs, 8 * BYTES_PER_XDR_UNIT);
+		if (buf != NULL) {
+			cmsg->rm_xid = IXDR_GET_LONG(buf);
+			cmsg->rm_direction = IXDR_GET_ENUM(buf, enum msg_type);
+			if (cmsg->rm_direction != CALL) {
+				return (FALSE);
+			}
+			cmsg->rm_call.cb_rpcvers = IXDR_GET_LONG(buf);
+			if (cmsg->rm_call.cb_rpcvers != RPC_MSG_VERSION) {
+				return (FALSE);
+			}
+			cmsg->rm_call.cb_prog = IXDR_GET_LONG(buf);
+			cmsg->rm_call.cb_vers = IXDR_GET_LONG(buf);
+			cmsg->rm_call.cb_proc = IXDR_GET_LONG(buf);
+			oa = &cmsg->rm_call.cb_cred;
+			oa->oa_flavor = IXDR_GET_ENUM(buf, enum_t);
+			oa->oa_length = IXDR_GET_LONG(buf);
+			if (oa->oa_length) {
+				if (oa->oa_length > MAX_AUTH_BYTES) {
+					return (FALSE);
+				}
+				if (oa->oa_base == NULL) {
+					oa->oa_base = (caddr_t)
+						mem_alloc(oa->oa_length);
+				}
+				buf = (rpc_inline_t *)
+				   XDR_INLINE(xdrs, (int)RNDUP(oa->oa_length));
+				if (buf == NULL) {
+					if (xdr_opaque(xdrs, oa->oa_base,
+					    oa->oa_length) == FALSE) {
+						return (FALSE);
+					}
+				} else {
+					memmove(oa->oa_base, (caddr_t)buf,
+						oa->oa_length);
+					/* no real need....
+					buf += RNDUP(oa->oa_length) /
+						BYTES_PER_XDR_UNIT;
+					*/
+				}
+			}
+			oa = &cmsg->rm_call.cb_verf;
+			buf = (rpc_inline_t *)
+			   XDR_INLINE(xdrs, 2 * BYTES_PER_XDR_UNIT);
+			if (buf == NULL) {
+				if (xdr_enum(xdrs, &oa->oa_flavor) == FALSE ||
+				    xdr_u_int(xdrs, &oa->oa_length) == FALSE) {
+					return (FALSE);
+				}
+			} else {
+				oa->oa_flavor = IXDR_GET_ENUM(buf, enum_t);
+				oa->oa_length = IXDR_GET_LONG(buf);
+			}
+			if (oa->oa_length) {
+				if (oa->oa_length > MAX_AUTH_BYTES) {
+					return (FALSE);
+				}
+				if (oa->oa_base == NULL) {
+					oa->oa_base = (caddr_t)
+						mem_alloc(oa->oa_length);
+				}
+				buf = (rpc_inline_t *)
+				   XDR_INLINE(xdrs, (int)RNDUP(oa->oa_length));
+				if (buf == NULL) {
+					if (xdr_opaque(xdrs, oa->oa_base,
+					    oa->oa_length) == FALSE) {
+						return (FALSE);
+					}
+				} else {
+					memmove(oa->oa_base, (caddr_t) buf,
+					    oa->oa_length);
+					/* no real need...
+					buf += RNDUP(oa->oa_length) /
+						BYTES_PER_XDR_UNIT;
+					*/
+				}
+			}
+			return (TRUE);
+		}
+	}
+	if (
+	    xdr_u_int32(xdrs, &(cmsg->rm_xid)) &&
+	    xdr_enum(xdrs, (enum_t *)&(cmsg->rm_direction)) &&
+	    (cmsg->rm_direction == CALL) &&
+	    xdr_u_int32(xdrs, &(cmsg->rm_call.cb_rpcvers)) &&
+	    (cmsg->rm_call.cb_rpcvers == RPC_MSG_VERSION) &&
+	    xdr_u_int32(xdrs, &(cmsg->rm_call.cb_prog)) &&
+	    xdr_u_int32(xdrs, &(cmsg->rm_call.cb_vers)) &&
+	    xdr_u_int32(xdrs, &(cmsg->rm_call.cb_proc)) &&
+	    xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_cred)) )
+	    return (xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf)));
+	return (FALSE);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/rpc_commondata.c b/krb5-1.21.3/src/lib/rpc/rpc_commondata.c
new file mode 100644
index 00000000..f647100b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/rpc_commondata.c
@@ -0,0 +1,51 @@
+/* @(#)rpc_commondata.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <gssrpc/rpc.h>
+/*
+ * This file should only contain common data (global data) that is exported
+ * by public interfaces.
+ *
+ * Actually initialized to prevent creation of common blocks, which
+ * can be problematic on some architectures.
+ */
+/* RENAMED: should be _null_auth */
+struct opaque_auth gssrpc__null_auth = {0};
+#ifdef FD_SETSIZE
+fd_set svc_fdset; /* Will be zeroed in data segment */
+int gssrpc_svc_fdset_init = 0;
+#else
+int svc_fds = 0;
+#endif /* def FD_SETSIZE */
+struct rpc_createerr rpc_createerr = {RPC_SUCCESS};
+int svc_maxfd = -1;
diff --git a/krb5-1.21.3/src/lib/rpc/rpc_dtablesize.c b/krb5-1.21.3/src/lib/rpc/rpc_dtablesize.c
new file mode 100644
index 00000000..7a43c1a4
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/rpc_dtablesize.c
@@ -0,0 +1,66 @@
+/* @(#)rpc_dtablesize.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)rpc_dtablesize.c 1.2 87/08/11 Copyr 1987 Sun Micro";
+#endif
+
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+
+/*
+ * Cache the result of getdtablesize(), so we don't have to do an
+ * expensive system call every time.
+ */
+int
+gssrpc__rpc_dtablesize(void)
+{
+	static int size;
+
+	if (size == 0) {
+#ifdef _SC_OPEN_MAX
+	    size = (int) sysconf(_SC_OPEN_MAX);
+#else
+	    size = getdtablesize();
+#endif
+
+/* sysconf() can return a number larger than what will fit in an
+   fd_set.  we can't use fd's larger than this, anyway. */
+
+#ifdef FD_SETSIZE
+	    if (size >= FD_SETSIZE)
+		size = FD_SETSIZE-1;
+#endif
+	}
+	return (size);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/rpc_prot.c b/krb5-1.21.3/src/lib/rpc/rpc_prot.c
new file mode 100644
index 00000000..9b82e12c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/rpc_prot.c
@@ -0,0 +1,295 @@
+/* @(#)rpc_prot.c	2.3 88/08/07 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)rpc_prot.c 1.36 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * rpc_prot.c
+ *
+ * This set of routines implements the rpc message definition,
+ * its serializer and some common rpc utility routines.
+ * The routines are meant for various implementations of rpc -
+ * they are NOT for the rpc client or rpc service implementations!
+ * Because authentication stuff is easy and is part of rpc, the opaque
+ * routines are also in this program.
+ */
+
+#include <sys/param.h>
+
+#include <gssrpc/rpc.h>
+
+/* * * * * * * * * * * * * * XDR Authentication * * * * * * * * * * * */
+
+/*
+ * XDR an opaque authentication struct
+ * (see auth.h)
+ */
+bool_t
+xdr_opaque_auth(XDR *xdrs, struct opaque_auth *ap)
+{
+
+	if (xdr_enum(xdrs, &(ap->oa_flavor)))
+		return (xdr_bytes(xdrs, &ap->oa_base,
+			&ap->oa_length, MAX_AUTH_BYTES));
+	return (FALSE);
+}
+
+/*
+ * XDR a DES block
+ */
+bool_t
+xdr_des_block(XDR *xdrs, des_block *blkp)
+{
+	return (xdr_opaque(xdrs, (caddr_t)blkp, sizeof(des_block)));
+}
+
+/* * * * * * * * * * * * * * XDR RPC MESSAGE * * * * * * * * * * * * * * * */
+
+/*
+ * XDR the MSG_ACCEPTED part of a reply message union
+ */
+bool_t
+xdr_accepted_reply(XDR *xdrs, struct accepted_reply *ar)
+{
+
+	/* personalized union, rather than calling xdr_union */
+	if (! xdr_opaque_auth(xdrs, &(ar->ar_verf)))
+		return (FALSE);
+	if (! xdr_enum(xdrs, (enum_t *)&(ar->ar_stat)))
+		return (FALSE);
+	switch (ar->ar_stat) {
+
+	case SUCCESS:
+		return ((*(ar->ar_results.proc))(xdrs, ar->ar_results.where));
+
+	case PROG_MISMATCH:
+		if (! xdr_rpcvers(xdrs, &(ar->ar_vers.low)))
+			return (FALSE);
+		return (xdr_rpcvers(xdrs, &(ar->ar_vers.high)));
+
+	case GARBAGE_ARGS:
+	case SYSTEM_ERR:
+	case PROC_UNAVAIL:
+	case PROG_UNAVAIL:
+		break;
+	}
+	return (TRUE);  /* TRUE => open ended set of problems */
+}
+
+/*
+ * XDR the MSG_DENIED part of a reply message union
+ */
+bool_t
+xdr_rejected_reply(XDR *xdrs, struct rejected_reply *rr)
+{
+
+	/* personalized union, rather than calling xdr_union */
+	if (! xdr_enum(xdrs, (enum_t *)&(rr->rj_stat)))
+		return (FALSE);
+	switch (rr->rj_stat) {
+
+	case RPC_MISMATCH:
+		if (! xdr_rpcvers(xdrs, &(rr->rj_vers.low)))
+			return (FALSE);
+		return (xdr_rpcvers(xdrs, &(rr->rj_vers.high)));
+
+	case AUTH_ERROR:
+		return (xdr_enum(xdrs, (enum_t *)&(rr->rj_why)));
+	}
+	return (FALSE);
+}
+
+static struct xdr_discrim reply_dscrm[3] = {
+	{ (int)MSG_ACCEPTED, xdr_accepted_reply },
+	{ (int)MSG_DENIED, xdr_rejected_reply },
+	{ __dontcare__, NULL_xdrproc_t } };
+
+/*
+ * XDR a reply message
+ */
+bool_t
+xdr_replymsg(XDR *xdrs, struct rpc_msg *rmsg)
+{
+	if (
+	    xdr_u_int32(xdrs, &(rmsg->rm_xid)) &&
+	    xdr_enum(xdrs, (enum_t *)&(rmsg->rm_direction)) &&
+	    (rmsg->rm_direction == REPLY) )
+		return (xdr_union(xdrs, (enum_t *)&(rmsg->rm_reply.rp_stat),
+		   (caddr_t)&(rmsg->rm_reply.ru), reply_dscrm, NULL_xdrproc_t));
+	return (FALSE);
+}
+
+
+/*
+ * Serializes the "static part" of a call message header.
+ * The fields include: rm_xid, rm_direction, rpcvers, prog, and vers.
+ * The rm_xid is not really static, but the user can easily munge on the fly.
+ */
+bool_t
+xdr_callhdr(XDR *xdrs, struct rpc_msg *cmsg)
+{
+
+	cmsg->rm_direction = CALL;
+	cmsg->rm_call.cb_rpcvers = RPC_MSG_VERSION;
+	if (
+	    (xdrs->x_op == XDR_ENCODE) &&
+	    xdr_u_int32(xdrs, &(cmsg->rm_xid)) &&
+	    xdr_enum(xdrs, (enum_t *)&(cmsg->rm_direction)) &&
+	    xdr_rpcvers(xdrs, &(cmsg->rm_call.cb_rpcvers)) &&
+	    xdr_rpcprog(xdrs, &(cmsg->rm_call.cb_prog)) )
+	    return (xdr_rpcvers(xdrs, &(cmsg->rm_call.cb_vers)));
+	return (FALSE);
+}
+
+/* ************************** Client utility routine ************* */
+
+static void
+accepted(enum accept_stat acpt_stat, struct rpc_err *error)
+{
+
+	switch (acpt_stat) {
+
+	case PROG_UNAVAIL:
+		error->re_status = RPC_PROGUNAVAIL;
+		return;
+
+	case PROG_MISMATCH:
+		error->re_status = RPC_PROGVERSMISMATCH;
+		return;
+
+	case PROC_UNAVAIL:
+		error->re_status = RPC_PROCUNAVAIL;
+		return;
+
+	case GARBAGE_ARGS:
+		error->re_status = RPC_CANTDECODEARGS;
+		return;
+
+	case SYSTEM_ERR:
+		error->re_status = RPC_SYSTEMERROR;
+		return;
+
+	case SUCCESS:
+		error->re_status = RPC_SUCCESS;
+		return;
+	}
+	/* something's wrong, but we don't know what ... */
+	error->re_status = RPC_FAILED;
+	error->re_lb.s1 = (int32_t)MSG_ACCEPTED;
+	error->re_lb.s2 = (int32_t)acpt_stat;
+}
+
+static void
+rejected(enum reject_stat rjct_stat, struct rpc_err *error)
+{
+
+	switch (rjct_stat) {
+
+	case RPC_MISMATCH:
+		error->re_status = RPC_VERSMISMATCH;
+		return;
+
+	case AUTH_ERROR:
+		error->re_status = RPC_AUTHERROR;
+		return;
+	}
+	/* something's wrong, but we don't know what ... */
+	error->re_status = RPC_FAILED;
+	error->re_lb.s1 = (int32_t)MSG_DENIED;
+	error->re_lb.s2 = (int32_t)rjct_stat;
+}
+
+/*
+ * given a reply message, fills in the error
+ */
+void
+gssrpc__seterr_reply(struct rpc_msg *msg, struct rpc_err *error)
+{
+
+	/* optimized for normal, SUCCESSful case */
+	switch (msg->rm_reply.rp_stat) {
+
+	case MSG_ACCEPTED:
+		if (msg->acpted_rply.ar_stat == SUCCESS) {
+			error->re_status = RPC_SUCCESS;
+			return;
+		};
+		accepted(msg->acpted_rply.ar_stat, error);
+		break;
+
+	case MSG_DENIED:
+		rejected(msg->rjcted_rply.rj_stat, error);
+		break;
+
+	default:
+		error->re_status = RPC_FAILED;
+		error->re_lb.s1 = (int32_t)(msg->rm_reply.rp_stat);
+		break;
+	}
+	switch (error->re_status) {
+
+	case RPC_VERSMISMATCH:
+		error->re_vers.low = msg->rjcted_rply.rj_vers.low;
+		error->re_vers.high = msg->rjcted_rply.rj_vers.high;
+		break;
+
+	case RPC_AUTHERROR:
+		error->re_why = msg->rjcted_rply.rj_why;
+		break;
+
+	case RPC_PROGVERSMISMATCH:
+		error->re_vers.low = msg->acpted_rply.ar_vers.low;
+		error->re_vers.high = msg->acpted_rply.ar_vers.high;
+		break;
+
+	case RPC_FAILED:
+	case RPC_SUCCESS:
+	case RPC_PROGNOTREGISTERED:
+	case RPC_PMAPFAILURE:
+	case RPC_UNKNOWNPROTO:
+	case RPC_UNKNOWNHOST:
+	case RPC_SYSTEMERROR:
+	case RPC_CANTDECODEARGS:
+	case RPC_PROCUNAVAIL:
+	case RPC_PROGUNAVAIL:
+	case RPC_TIMEDOUT:
+	case RPC_CANTRECV:
+	case RPC_CANTSEND:
+	case RPC_CANTDECODERES:
+	case RPC_CANTENCODEARGS:
+	default:
+		break;
+	}
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc.c b/krb5-1.21.3/src/lib/rpc/svc.c
new file mode 100644
index 00000000..cfbc7aad
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc.c
@@ -0,0 +1,536 @@
+/* @(#)svc.c	2.4 88/08/11 4.0 RPCSRC; from 1.44 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)svc.c 1.41 87/10/13 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * svc.c, Server-side remote procedure call interface.
+ *
+ * There are two sets of procedures here.  The xprt routines are
+ * for handling transport handles.  The svc routines handle the
+ * list of service routines.
+ */
+
+#include "autoconf.h"
+#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_clnt.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#ifdef FD_SETSIZE
+static SVCXPRT **xports;
+extern int gssrpc_svc_fdset_init;
+#else
+
+#ifdef NBBY
+#define NOFILE (sizeof(int) * NBBY)
+#else
+#define NOFILE (sizeof(int) * 8)
+#endif
+
+static SVCXPRT *xports[NOFILE];
+#endif /* def FD_SETSIZE */
+
+#define NULL_SVC ((struct svc_callout *)0)
+#define	RQCRED_SIZE	1024		/* this size is excessive */
+
+/*
+ * The services list
+ * Each entry represents a set of procedures (an rpc program).
+ * The dispatch routine takes request structs and runs the
+ * appropriate procedure.
+ */
+static struct svc_callout {
+	struct svc_callout *sc_next;
+	rpcprog_t		    sc_prog;
+	rpcprog_t		    sc_vers;
+	void		    (*sc_dispatch)();
+} *svc_head;
+
+static struct svc_callout *svc_find(rpcprog_t, rpcvers_t,
+				    struct svc_callout **);
+
+static void svc_do_xprt(SVCXPRT *xprt);
+
+/* ***************  SVCXPRT related stuff **************** */
+
+/*
+ * Activate a transport handle.
+ */
+void
+xprt_register(SVCXPRT *xprt)
+{
+	int sock = xprt->xp_sock;
+
+#ifdef FD_SETSIZE
+	if (gssrpc_svc_fdset_init == 0) {
+		FD_ZERO(&svc_fdset);
+		gssrpc_svc_fdset_init++;
+	}
+	if (xports == NULL) {
+		xports = (SVCXPRT **)
+			mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
+		memset(xports, 0, FD_SETSIZE * sizeof(SVCXPRT *));
+	}
+	if (sock < FD_SETSIZE) {
+		xports[sock] = xprt;
+		FD_SET(sock, &svc_fdset);
+		if (sock > svc_maxfd)
+			svc_maxfd = sock;
+	}
+#else
+	if (sock < NOFILE) {
+		xports[sock] = xprt;
+		svc_fds |= (1 << sock);
+		if (sock > svc_maxfd)
+			svc_maxfd = sock;
+	}
+#endif /* def FD_SETSIZE */
+}
+
+/*
+ * De-activate a transport handle.
+ */
+void
+xprt_unregister(SVCXPRT *xprt)
+{
+	int sock = xprt->xp_sock;
+
+#ifdef FD_SETSIZE
+	if ((sock < FD_SETSIZE) && (xports[sock] == xprt)) {
+		xports[sock] = (SVCXPRT *)0;
+		FD_CLR(sock, &svc_fdset);
+	}
+#else
+	if ((sock < NOFILE) && (xports[sock] == xprt)) {
+		xports[sock] = (SVCXPRT *)0;
+		svc_fds &= ~(1 << sock);
+	}
+#endif /* def FD_SETSIZE */
+	if (svc_maxfd <= sock) {
+		while ((svc_maxfd > 0) && xports[svc_maxfd] == 0)
+			svc_maxfd--;
+	}
+}
+
+
+/* ********************** CALLOUT list related stuff ************* */
+
+/*
+ * Add a service program to the callout list.
+ * The dispatch routine will be called when a rpc request for this
+ * program number comes in.
+ */
+bool_t
+svc_register(
+	SVCXPRT *xprt,
+	rpcprog_t prog,
+	rpcvers_t vers,
+	void (*dispatch)(),
+	int protocol)
+{
+	struct svc_callout *prev;
+	struct svc_callout *s;
+
+	if ((s = svc_find(prog, vers, &prev)) != NULL_SVC) {
+		if (s->sc_dispatch == dispatch)
+			goto pmap_it;  /* he is registering another xptr */
+		return (FALSE);
+	}
+	s = (struct svc_callout *)mem_alloc(sizeof(struct svc_callout));
+	if (s == (struct svc_callout *)0) {
+		return (FALSE);
+	}
+	s->sc_prog = prog;
+	s->sc_vers = vers;
+	s->sc_dispatch = dispatch;
+	s->sc_next = svc_head;
+	svc_head = s;
+pmap_it:
+	/* now register the information with the local binder service */
+	if (protocol) {
+		return (pmap_set(prog, vers, protocol, xprt->xp_port));
+	}
+	return (TRUE);
+}
+
+/*
+ * Remove a service program from the callout list.
+ */
+void
+svc_unregister(
+	rpcprog_t prog,
+	rpcvers_t vers)
+{
+	struct svc_callout *prev;
+	struct svc_callout *s;
+
+	if ((s = svc_find(prog, vers, &prev)) == NULL_SVC)
+		return;
+	if (prev == NULL_SVC) {
+		svc_head = s->sc_next;
+	} else {
+		prev->sc_next = s->sc_next;
+	}
+	s->sc_next = NULL_SVC;
+	mem_free((char *) s, (u_int) sizeof(struct svc_callout));
+	/* now unregister the information with the local binder service */
+	(void)pmap_unset(prog, vers);
+}
+
+/*
+ * Search the callout list for a program number, return the callout
+ * struct.
+ */
+static struct svc_callout *
+svc_find(
+	rpcprog_t prog,
+	rpcvers_t vers,
+	struct svc_callout **prev)
+{
+	struct svc_callout *s, *p;
+
+	p = NULL_SVC;
+	for (s = svc_head; s != NULL_SVC; s = s->sc_next) {
+		if ((s->sc_prog == prog) && (s->sc_vers == vers))
+			goto done;
+		p = s;
+	}
+done:
+	*prev = p;
+	return (s);
+}
+
+/* ******************* REPLY GENERATION ROUTINES  ************ */
+
+/*
+ * Send a reply to an rpc request
+ */
+bool_t
+svc_sendreply(
+	SVCXPRT *xprt,
+	xdrproc_t xdr_results,
+	caddr_t xdr_location)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
+	rply.acpted_rply.ar_stat = SUCCESS;
+	rply.acpted_rply.ar_results.where = xdr_location;
+	rply.acpted_rply.ar_results.proc = xdr_results;
+	return (SVC_REPLY(xprt, &rply));
+}
+
+/*
+ * No procedure error reply
+ */
+void
+svcerr_noproc(SVCXPRT *xprt)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
+	rply.acpted_rply.ar_stat = PROC_UNAVAIL;
+	SVC_REPLY(xprt, &rply);
+}
+
+/*
+ * Can't decode args error reply
+ */
+void
+svcerr_decode(SVCXPRT *xprt)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
+	rply.acpted_rply.ar_stat = GARBAGE_ARGS;
+	SVC_REPLY(xprt, &rply);
+}
+
+/*
+ * Some system error
+ */
+void
+svcerr_systemerr(SVCXPRT *xprt)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
+	rply.acpted_rply.ar_stat = SYSTEM_ERR;
+	SVC_REPLY(xprt, &rply);
+}
+
+/*
+ * Authentication error reply
+ */
+void
+svcerr_auth(
+	SVCXPRT *xprt,
+	enum auth_stat why)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_DENIED;
+	rply.rjcted_rply.rj_stat = AUTH_ERROR;
+	rply.rjcted_rply.rj_why = why;
+	SVC_REPLY(xprt, &rply);
+}
+
+/*
+ * Auth too weak error reply
+ */
+void
+svcerr_weakauth(SVCXPRT *xprt)
+{
+
+	svcerr_auth(xprt, AUTH_TOOWEAK);
+}
+
+/*
+ * Program unavailable error reply
+ */
+void
+svcerr_noprog(SVCXPRT *xprt)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
+	rply.acpted_rply.ar_stat = PROG_UNAVAIL;
+	SVC_REPLY(xprt, &rply);
+}
+
+/*
+ * Program version mismatch error reply
+ */
+void
+svcerr_progvers(
+	SVCXPRT *xprt,
+	rpcvers_t low_vers,
+	rpcvers_t high_vers)
+{
+	struct rpc_msg rply;
+
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
+	rply.acpted_rply.ar_stat = PROG_MISMATCH;
+	rply.acpted_rply.ar_vers.low = low_vers;
+	rply.acpted_rply.ar_vers.high = high_vers;
+	SVC_REPLY(xprt, &rply);
+}
+
+/* ******************* SERVER INPUT STUFF ******************* */
+
+/*
+ * Get server side input from some transport.
+ *
+ * Statement of authentication parameters management:
+ * This function owns and manages all authentication parameters, specifically
+ * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and
+ * the "cooked" credentials (rqst->rq_clntcred).
+ * However, this function does not know the structure of the cooked
+ * credentials, so it make the following assumptions:
+ *   a) the structure is contiguous (no pointers), and
+ *   b) the cred structure size does not exceed RQCRED_SIZE bytes.
+ * In all events, all three parameters are freed upon exit from this routine.
+ * The storage is trivially management on the call stack in user land, but
+ * is mallocated in kernel land.
+ */
+
+void
+svc_getreq(int rdfds)
+{
+#ifdef FD_SETSIZE
+	fd_set readfds;
+	int	i, mask;
+
+	FD_ZERO(&readfds);
+	for (i=0, mask=1; rdfds; i++, mask <<=1) {
+		if (rdfds & mask)
+			FD_SET(i, &readfds);
+		rdfds &= ~mask;
+	}
+	svc_getreqset(&readfds);
+#else
+	int readfds = rdfds & svc_fds;
+
+	svc_getreqset(&readfds);
+#endif /* def FD_SETSIZE */
+}
+
+#ifdef FD_SETSIZE
+#define FDSET_TYPE fd_set
+#else
+#define FDSET_TYPE int
+#endif
+
+void
+svc_getreqset(FDSET_TYPE *readfds)
+{
+#ifndef FD_SETSIZE
+	int readfds_local = *readfds;
+#endif
+	SVCXPRT *xprt;
+	int sock;
+
+#ifdef FD_SETSIZE
+	for (sock = 0; sock <= svc_maxfd; sock++) {
+		if (!FD_ISSET(sock, readfds))
+			continue;
+		/* sock has input waiting */
+		xprt = xports[sock];
+		/* now receive msgs from xprtprt (support batch calls) */
+		svc_do_xprt(xprt);
+	}
+#else
+	for (sock = 0; readfds_local != 0; sock++, readfds_local >>= 1) {
+		if ((readfds_local & 1) == 0)
+			continue;
+		/* sock has input waiting */
+		xprt = xports[sock];
+		/* now receive msgs from xprtprt (support batch calls) */
+		svc_do_xprt(xprt);
+	}
+#endif
+}
+
+extern struct svc_auth_ops svc_auth_gss_ops;
+
+static void
+svc_do_xprt(SVCXPRT *xprt)
+{
+	caddr_t rawcred, rawverf, cookedcred;
+	struct rpc_msg msg;
+	struct svc_req r;
+        bool_t no_dispatch;
+	int prog_found;
+	rpcvers_t low_vers;
+	rpcvers_t high_vers;
+	enum xprt_stat stat;
+
+	rawcred = mem_alloc(MAX_AUTH_BYTES);
+	rawverf = mem_alloc(MAX_AUTH_BYTES);
+	cookedcred = mem_alloc(RQCRED_SIZE);
+
+	if (rawcred == NULL || rawverf == NULL || cookedcred == NULL)
+		return;
+
+	msg.rm_call.cb_cred.oa_base = rawcred;
+	msg.rm_call.cb_verf.oa_base = rawverf;
+	r.rq_clntcred = cookedcred;
+
+	do {
+		struct svc_callout *s;
+		enum auth_stat why;
+
+		if (!SVC_RECV(xprt, &msg))
+			goto call_done;
+
+		/* now find the exported program and call it */
+
+		r.rq_xprt = xprt;
+		r.rq_prog = msg.rm_call.cb_prog;
+		r.rq_vers = msg.rm_call.cb_vers;
+		r.rq_proc = msg.rm_call.cb_proc;
+		r.rq_cred = msg.rm_call.cb_cred;
+
+		no_dispatch = FALSE;
+
+		/* first authenticate the message */
+		why = gssrpc__authenticate(&r, &msg, &no_dispatch);
+		if (why != AUTH_OK) {
+			svcerr_auth(xprt, why);
+			goto call_done;
+		} else if (no_dispatch) {
+			goto call_done;
+		}
+
+		/* now match message with a registered service*/
+		prog_found = FALSE;
+		low_vers = (rpcvers_t) -1L;
+		high_vers = 0;
+		for (s = svc_head; s != NULL_SVC; s = s->sc_next) {
+			if (s->sc_prog == r.rq_prog) {
+				if (s->sc_vers == r.rq_vers) {
+					(*s->sc_dispatch)(&r, xprt);
+					goto call_done;
+				}  /* found correct version */
+				prog_found = TRUE;
+				if (s->sc_vers < low_vers)
+					low_vers = s->sc_vers;
+				if (s->sc_vers > high_vers)
+					high_vers = s->sc_vers;
+			}   /* found correct program */
+		}
+		/*
+		 * if we got here, the program or version
+		 * is not served ...
+		 */
+		if (prog_found)
+			svcerr_progvers(xprt,
+					low_vers, high_vers);
+		else
+			svcerr_noprog(xprt);
+		/* Fall through to ... */
+
+	call_done:
+		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
+			SVC_DESTROY(xprt);
+			break;
+		} else if ((xprt->xp_auth != NULL) &&
+			   (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
+			xprt->xp_auth = NULL;
+		}
+	} while (stat == XPRT_MOREREQS);
+
+	mem_free(rawcred, MAX_AUTH_BYTES);
+	mem_free(rawverf, MAX_AUTH_BYTES);
+	mem_free(cookedcred, RQCRED_SIZE);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_auth.c b/krb5-1.21.3/src/lib/rpc/svc_auth.c
new file mode 100644
index 00000000..2df9cf48
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_auth.c
@@ -0,0 +1,106 @@
+/* lib/rpc/svc_auth.c */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * svc_auth_nodes.c, Server-side rpc authenticator interface,
+ * *WITHOUT* DES authentication.
+ */
+
+#include <gssrpc/rpc.h>
+
+/*
+ * Server side authenticators are called from authenticate by
+ * using the client auth struct flavor field to index into svcauthsw.
+ * The server auth flavors must implement a routine that looks
+ * like:
+ *
+ *	enum auth_stat
+ *	flavorx_auth(rqst, msg)
+ *		struct svc_req *rqst;
+ *		struct rpc_msg *msg;
+ *
+ */
+
+static struct svcauthsw_type {
+     enum_t flavor;
+     enum auth_stat (*authenticator)(struct svc_req *, struct rpc_msg *,
+				     bool_t *);
+} svcauthsw[] = {
+     {AUTH_GSSAPI, gssrpc__svcauth_gssapi},	/* AUTH_GSSAPI */
+     {AUTH_NONE, gssrpc__svcauth_none},		/* AUTH_NONE */
+     {AUTH_UNIX, gssrpc__svcauth_unix},		/* AUTH_UNIX */
+     {AUTH_SHORT, gssrpc__svcauth_short},	/* AUTH_SHORT */
+     {RPCSEC_GSS, gssrpc__svcauth_gss}		/* RPCSEC_GSS */
+};
+static int svcauthnum = sizeof(svcauthsw) / sizeof(struct svcauthsw_type);
+
+/*
+ * The call rpc message, msg has been obtained from the wire.  The msg contains
+ * the raw form of credentials and verifiers.  authenticate returns AUTH_OK
+ * if the msg is successfully authenticated.  If AUTH_OK then the routine also
+ * does the following things:
+ * set rqst->rq_xprt->verf to the appropriate response verifier;
+ * sets rqst->rq_client_cred to the "cooked" form of the credentials.
+ *
+ * NB: rqst->rq_cxprt->verf must be pre-alloctaed;
+ * its length is set appropriately.
+ *
+ * The caller still owns and is responsible for msg->u.cmb.cred and
+ * msg->u.cmb.verf.  The authentication system retains ownership of
+ * rqst->rq_client_cred, the cooked credentials.
+ */
+enum auth_stat
+gssrpc__authenticate(
+	struct svc_req *rqst,
+	struct rpc_msg *msg,
+	bool_t *no_dispatch)
+{
+	int cred_flavor, i;
+
+	rqst->rq_cred = msg->rm_call.cb_cred;
+	rqst->rq_xprt->xp_verf.oa_flavor = gssrpc__null_auth.oa_flavor;
+	rqst->rq_xprt->xp_verf.oa_length = 0;
+	cred_flavor = rqst->rq_cred.oa_flavor;
+	*no_dispatch = FALSE;
+	for (i = 0; i < svcauthnum; i++) {
+	     if (cred_flavor == svcauthsw[i].flavor &&
+		 svcauthsw[i].authenticator != NULL) {
+		  return ((*(svcauthsw[i].authenticator))(rqst,
+							  msg,
+							  no_dispatch));
+	     }
+	}
+
+	return (AUTH_REJECTEDCRED);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_auth_gss.c b/krb5-1.21.3/src/lib/rpc/svc_auth_gss.c
new file mode 100644
index 00000000..aba76948
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_auth_gss.c
@@ -0,0 +1,684 @@
+/* lib/rpc/svc_auth_gss.c */
+/*
+  Copyright (c) 2000 The Regents of the University of Michigan.
+  All rights reserved.
+
+  Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+  All rights reserved, all wrongs reversed.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+  3. Neither the name of the University nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+  Id: svc_auth_gss.c,v 1.28 2002/10/15 21:29:36 kwc Exp
+ */
+
+#include "k5-platform.h"
+#include <gssrpc/rpc.h>
+#include <gssrpc/auth_gssapi.h>
+#ifdef HAVE_HEIMDAL
+#include <gssapi.h>
+#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
+#else
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#endif
+
+#ifdef DEBUG_GSSAPI
+int svc_debug_gss = DEBUG_GSSAPI;
+#endif
+
+#ifdef SPKM
+
+#ifndef OID_EQ
+#define g_OID_equal(o1,o2) \
+   (((o1)->length == (o2)->length) && \
+    ((o1)->elements != 0) && ((o2)->elements != 0) && \
+    (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0))
+#define OID_EQ 1
+#endif /* OID_EQ */
+
+extern const gss_OID_desc * const gss_mech_spkm3;
+
+#endif /* SPKM */
+
+extern SVCAUTH svc_auth_none;
+
+static auth_gssapi_log_badauth_func log_badauth = NULL;
+static caddr_t log_badauth_data = NULL;
+static auth_gssapi_log_badauth2_func log_badauth2 = NULL;
+static caddr_t log_badauth2_data = NULL;
+static auth_gssapi_log_badverf_func log_badverf = NULL;
+static caddr_t log_badverf_data = NULL;
+static auth_gssapi_log_miscerr_func log_miscerr = NULL;
+static caddr_t log_miscerr_data = NULL;
+
+#define LOG_MISCERR(arg) if (log_miscerr) \
+        (*log_miscerr)(rqst, msg, arg, log_miscerr_data)
+
+static bool_t	svcauth_gss_destroy(SVCAUTH *);
+static bool_t   svcauth_gss_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t   svcauth_gss_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+
+static bool_t	svcauth_gss_nextverf(struct svc_req *, u_int);
+
+struct svc_auth_ops svc_auth_gss_ops = {
+	svcauth_gss_wrap,
+	svcauth_gss_unwrap,
+	svcauth_gss_destroy
+};
+
+struct svc_rpc_gss_data {
+	bool_t			established;	/* context established */
+	gss_cred_id_t		cred;		/* credential */
+	gss_ctx_id_t		ctx;		/* context id */
+	struct rpc_gss_sec	sec;		/* security triple */
+	gss_buffer_desc		cname;		/* GSS client name */
+	u_int			seq;		/* sequence number */
+	u_int			win;		/* sequence window */
+	u_int			seqlast;	/* last sequence number */
+	uint32_t		seqmask;	/* bitmask of seqnums */
+	gss_name_t		client_name;	/* unparsed name string */
+	gss_buffer_desc		checksum;	/* so we can free it */
+};
+
+#define SVCAUTH_PRIVATE(auth) \
+	(*(struct svc_rpc_gss_data **)&(auth)->svc_ah_private)
+
+/* Global server credentials. */
+static gss_name_t	svcauth_gss_name = NULL;
+
+bool_t
+svcauth_gss_set_svc_name(gss_name_t name)
+{
+	OM_uint32	maj_stat, min_stat;
+
+	log_debug("in svcauth_gss_set_svc_name()");
+
+	if (svcauth_gss_name != NULL) {
+		maj_stat = gss_release_name(&min_stat, &svcauth_gss_name);
+
+		if (maj_stat != GSS_S_COMPLETE) {
+			log_status("gss_release_name", maj_stat, min_stat);
+			return (FALSE);
+		}
+		svcauth_gss_name = NULL;
+	}
+	if (svcauth_gss_name == GSS_C_NO_NAME)
+		return (TRUE);
+
+	maj_stat = gss_duplicate_name(&min_stat, name, &svcauth_gss_name);
+
+	if (maj_stat != GSS_S_COMPLETE) {
+		log_status("gss_duplicate_name", maj_stat, min_stat);
+		return (FALSE);
+	}
+
+	return (TRUE);
+}
+
+static bool_t
+svcauth_gss_acquire_cred(struct svc_rpc_gss_data *gd)
+{
+	OM_uint32	maj_stat, min_stat;
+
+	log_debug("in svcauth_gss_acquire_cred()");
+
+	/* We don't need to acquire a credential if using the default name. */
+	if (svcauth_gss_name == GSS_C_NO_NAME)
+		return (TRUE);
+
+	/* Only acquire a credential once per authentication. */
+	if (gd->cred != GSS_C_NO_CREDENTIAL)
+		return (TRUE);
+
+	maj_stat = gss_acquire_cred(&min_stat, svcauth_gss_name, 0,
+				    GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+				    &gd->cred, NULL, NULL);
+
+	if (maj_stat != GSS_S_COMPLETE) {
+		log_status("gss_acquire_cred", maj_stat, min_stat);
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+/* Invoke log_badauth callbacks for an authentication failure. */
+static void
+badauth(OM_uint32 maj, OM_uint32 minor, SVCXPRT *xprt)
+{
+	if (log_badauth != NULL)
+		(*log_badauth)(maj, minor, &xprt->xp_raddr, log_badauth_data);
+	if (log_badauth2 != NULL)
+		(*log_badauth2)(maj, minor, xprt, log_badauth2_data);
+}
+
+static bool_t
+svcauth_gss_accept_sec_context(struct svc_req *rqst,
+			       struct rpc_gss_init_res *gr)
+{
+	struct svc_rpc_gss_data	*gd;
+	struct rpc_gss_cred	*gc;
+	gss_buffer_desc		 recv_tok, seqbuf;
+	gss_OID			 mech;
+	OM_uint32		 maj_stat = 0, min_stat = 0, ret_flags, seq;
+
+	log_debug("in svcauth_gss_accept_context()");
+
+	gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
+	gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
+	memset(gr, 0, sizeof(*gr));
+
+	/* Deserialize arguments. */
+	memset(&recv_tok, 0, sizeof(recv_tok));
+
+	if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args,
+			 (caddr_t)&recv_tok))
+		return (FALSE);
+
+	gr->gr_major = gss_accept_sec_context(&gr->gr_minor,
+					      &gd->ctx,
+					      gd->cred,
+					      &recv_tok,
+					      GSS_C_NO_CHANNEL_BINDINGS,
+					      &gd->client_name,
+					      &mech,
+					      &gr->gr_token,
+					      &ret_flags,
+					      NULL,
+					      NULL);
+
+	svc_freeargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok);
+
+	log_status("accept_sec_context", gr->gr_major, gr->gr_minor);
+	if (gr->gr_major != GSS_S_COMPLETE &&
+	    gr->gr_major != GSS_S_CONTINUE_NEEDED) {
+		badauth(gr->gr_major, gr->gr_minor, rqst->rq_xprt);
+		gd->ctx = GSS_C_NO_CONTEXT;
+		goto errout;
+	}
+	gr->gr_ctx.value = "xxxx";
+	gr->gr_ctx.length = 4;
+
+	/* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version...  */
+	gr->gr_win = sizeof(gd->seqmask) * 8;
+
+	/* Save client info. */
+	gd->sec.mech = mech;
+	gd->sec.qop = GSS_C_QOP_DEFAULT;
+	gd->sec.svc = gc->gc_svc;
+	gd->seq = gc->gc_seq;
+	gd->win = gr->gr_win;
+
+	if (gr->gr_major == GSS_S_COMPLETE) {
+#ifdef SPKM
+		/* spkm3: no src_name (anonymous) */
+		if(!g_OID_equal(gss_mech_spkm3, mech)) {
+#endif
+		    maj_stat = gss_display_name(&min_stat, gd->client_name,
+					    &gd->cname, &gd->sec.mech);
+#ifdef SPKM
+		}
+#endif
+		if (maj_stat != GSS_S_COMPLETE) {
+			log_status("display_name", maj_stat, min_stat);
+			goto errout;
+		}
+#ifdef DEBUG
+#ifdef HAVE_HEIMDAL
+		log_debug("accepted context for %.*s with "
+			  "<mech {}, qop %d, svc %d>",
+			  gd->cname.length, (char *)gd->cname.value,
+			  gd->sec.qop, gd->sec.svc);
+#else
+		{
+			gss_buffer_desc mechname;
+
+			gss_oid_to_str(&min_stat, mech, &mechname);
+
+			log_debug("accepted context for %.*s with "
+				  "<mech %.*s, qop %d, svc %d>",
+				  gd->cname.length, (char *)gd->cname.value,
+				  mechname.length, (char *)mechname.value,
+				  gd->sec.qop, gd->sec.svc);
+
+			gss_release_buffer(&min_stat, &mechname);
+		}
+#endif
+#endif /* DEBUG */
+		seq = htonl(gr->gr_win);
+		seqbuf.value = &seq;
+		seqbuf.length = sizeof(seq);
+
+		gss_release_buffer(&min_stat, &gd->checksum);
+		maj_stat = gss_sign(&min_stat, gd->ctx, GSS_C_QOP_DEFAULT,
+				    &seqbuf, &gd->checksum);
+
+		if (maj_stat != GSS_S_COMPLETE) {
+			goto errout;
+		}
+
+
+		rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
+		rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value;
+		rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length;
+	}
+	return (TRUE);
+errout:
+	gss_release_buffer(&min_stat, &gr->gr_token);
+	return (FALSE);
+}
+
+static bool_t
+svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct rpc_msg *msg)
+{
+	struct opaque_auth	*oa;
+	gss_buffer_desc		 rpcbuf, checksum;
+	OM_uint32		 maj_stat, min_stat, qop_state;
+	u_char			 rpchdr[128];
+	int32_t			*buf;
+
+	log_debug("in svcauth_gss_validate()");
+
+	memset(rpchdr, 0, sizeof(rpchdr));
+
+	/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
+	oa = &msg->rm_call.cb_cred;
+	if (oa->oa_length > MAX_AUTH_BYTES)
+		return (FALSE);
+
+	/* 8 XDR units from the IXDR macro calls. */
+	if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
+			      RNDUP(oa->oa_length)))
+		return (FALSE);
+
+	buf = (int32_t *)(void *)rpchdr;
+	IXDR_PUT_LONG(buf, msg->rm_xid);
+	IXDR_PUT_ENUM(buf, msg->rm_direction);
+	IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers);
+	IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
+	IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
+	IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
+	IXDR_PUT_ENUM(buf, oa->oa_flavor);
+	IXDR_PUT_LONG(buf, oa->oa_length);
+	if (oa->oa_length) {
+		memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
+		buf += RNDUP(oa->oa_length) / sizeof(int32_t);
+	}
+	rpcbuf.value = rpchdr;
+	rpcbuf.length = (u_char *)buf - rpchdr;
+
+	checksum.value = msg->rm_call.cb_verf.oa_base;
+	checksum.length = msg->rm_call.cb_verf.oa_length;
+
+	maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
+				  &qop_state);
+
+	if (maj_stat != GSS_S_COMPLETE) {
+		log_status("gss_verify_mic", maj_stat, min_stat);
+		if (log_badverf != NULL)
+			(*log_badverf)(gd->client_name,
+			       svcauth_gss_name,
+			       rqst, msg, log_badverf_data);
+		return (FALSE);
+	}
+	return (TRUE);
+}
+
+static bool_t
+svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
+{
+	struct svc_rpc_gss_data	*gd;
+	gss_buffer_desc		 signbuf;
+	OM_uint32		 maj_stat, min_stat;
+
+	log_debug("in svcauth_gss_nextverf()");
+
+	if (rqst->rq_xprt->xp_auth == NULL)
+		return (FALSE);
+
+	gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
+
+	gss_release_buffer(&min_stat, &gd->checksum);
+
+	signbuf.value = &num;
+	signbuf.length = sizeof(num);
+
+	maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
+			       &signbuf, &gd->checksum);
+
+	if (maj_stat != GSS_S_COMPLETE) {
+		log_status("gss_get_mic", maj_stat, min_stat);
+		return (FALSE);
+	}
+	rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
+	rqst->rq_xprt->xp_verf.oa_base = (caddr_t)gd->checksum.value;
+	rqst->rq_xprt->xp_verf.oa_length = (u_int)gd->checksum.length;
+
+	return (TRUE);
+}
+
+enum auth_stat
+gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
+	bool_t *no_dispatch)
+{
+	enum auth_stat		 retstat;
+	XDR	 		 xdrs;
+	SVCAUTH			*auth;
+	struct svc_rpc_gss_data	*gd;
+	struct rpc_gss_cred	*gc;
+	struct rpc_gss_init_res	 gr;
+	int			 call_stat, offset;
+	OM_uint32		 min_stat;
+
+	log_debug("in svcauth_gss()");
+
+	/* Initialize reply. */
+	rqst->rq_xprt->xp_verf = gssrpc__null_auth;
+
+	/* Allocate and set up server auth handle. */
+	if (rqst->rq_xprt->xp_auth == NULL ||
+	    rqst->rq_xprt->xp_auth == &svc_auth_none) {
+		if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
+			fprintf(stderr, "svcauth_gss: out_of_memory\n");
+			return (AUTH_FAILED);
+		}
+		if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
+			fprintf(stderr, "svcauth_gss: out_of_memory\n");
+			return (AUTH_FAILED);
+		}
+		auth->svc_ah_ops = &svc_auth_gss_ops;
+		SVCAUTH_PRIVATE(auth) = gd;
+		rqst->rq_xprt->xp_auth = auth;
+	}
+	else gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
+
+	log_debug("xp_auth=%p, gd=%p", rqst->rq_xprt->xp_auth, gd);
+
+	/* Deserialize client credentials. */
+	if (rqst->rq_cred.oa_length <= 0)
+		return (AUTH_BADCRED);
+
+	gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
+	memset(gc, 0, sizeof(*gc));
+
+	log_debug("calling xdrmem_create()");
+	log_debug("oa_base=%p, oa_length=%u", rqst->rq_cred.oa_base,
+		  rqst->rq_cred.oa_length);
+	xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
+		      rqst->rq_cred.oa_length, XDR_DECODE);
+	log_debug("xdrmem_create() returned");
+
+	if (!xdr_rpc_gss_cred(&xdrs, gc)) {
+		log_debug("xdr_rpc_gss_cred() failed");
+		XDR_DESTROY(&xdrs);
+		return (AUTH_BADCRED);
+	}
+	XDR_DESTROY(&xdrs);
+
+	retstat = AUTH_FAILED;
+
+#define ret_freegc(code) do { retstat = code; goto freegc; } while (0)
+
+	/* Check version. */
+	if (gc->gc_v != RPCSEC_GSS_VERSION)
+		ret_freegc (AUTH_BADCRED);
+
+	/* Check RPCSEC_GSS service. */
+	if (gc->gc_svc != RPCSEC_GSS_SVC_NONE &&
+	    gc->gc_svc != RPCSEC_GSS_SVC_INTEGRITY &&
+	    gc->gc_svc != RPCSEC_GSS_SVC_PRIVACY)
+		ret_freegc (AUTH_BADCRED);
+
+	/* Check sequence number. */
+	if (gd->established) {
+		if (gc->gc_seq > MAXSEQ)
+			ret_freegc (RPCSEC_GSS_CTXPROBLEM);
+
+		if ((offset = gd->seqlast - gc->gc_seq) < 0) {
+			gd->seqlast = gc->gc_seq;
+			offset = 0 - offset;
+			gd->seqmask <<= offset;
+			offset = 0;
+		} else if ((u_int)offset >= gd->win ||
+			   (gd->seqmask & (1 << offset))) {
+			*no_dispatch = 1;
+			ret_freegc (RPCSEC_GSS_CTXPROBLEM);
+		}
+		gd->seq = gc->gc_seq;
+		gd->seqmask |= (1 << offset);
+	}
+
+	if (gd->established) {
+		rqst->rq_clntname = (char *)gd->client_name;
+		rqst->rq_svccred = (char *)gd->ctx;
+	}
+
+	/* Handle RPCSEC_GSS control procedure. */
+	switch (gc->gc_proc) {
+
+	case RPCSEC_GSS_INIT:
+	case RPCSEC_GSS_CONTINUE_INIT:
+		if (rqst->rq_proc != NULLPROC)
+			ret_freegc (AUTH_FAILED);		/* XXX ? */
+
+		if (!svcauth_gss_acquire_cred(gd))
+			ret_freegc (AUTH_FAILED);
+
+		if (!svcauth_gss_accept_sec_context(rqst, &gr))
+			ret_freegc (AUTH_REJECTEDCRED);
+
+		if (!svcauth_gss_nextverf(rqst, htonl(gr.gr_win))) {
+			gss_release_buffer(&min_stat, &gr.gr_token);
+			ret_freegc (AUTH_FAILED);
+		}
+		*no_dispatch = TRUE;
+
+		call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res,
+					  (caddr_t)&gr);
+
+		gss_release_buffer(&min_stat, &gr.gr_token);
+		gss_release_buffer(&min_stat, &gd->checksum);
+		if (!call_stat)
+			ret_freegc (AUTH_FAILED);
+
+		if (gr.gr_major == GSS_S_COMPLETE)
+			gd->established = TRUE;
+
+		break;
+
+	case RPCSEC_GSS_DATA:
+		if (!svcauth_gss_validate(rqst, gd, msg))
+			ret_freegc (RPCSEC_GSS_CREDPROBLEM);
+
+		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
+ 			ret_freegc (AUTH_FAILED);
+		break;
+
+	case RPCSEC_GSS_DESTROY:
+		if (rqst->rq_proc != NULLPROC)
+			ret_freegc (AUTH_FAILED);		/* XXX ? */
+
+		if (!svcauth_gss_validate(rqst, gd, msg))
+			ret_freegc (RPCSEC_GSS_CREDPROBLEM);
+
+		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
+			ret_freegc (AUTH_FAILED);
+
+		*no_dispatch = TRUE;
+
+		call_stat = svc_sendreply(rqst->rq_xprt,
+					  xdr_void, (caddr_t)NULL);
+
+		log_debug("sendreply in destroy: %d", call_stat);
+
+		SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
+		rqst->rq_xprt->xp_auth = &svc_auth_none;
+
+		break;
+
+	default:
+		ret_freegc (AUTH_REJECTEDCRED);
+		break;
+	}
+	retstat = AUTH_OK;
+freegc:
+	xdr_free(xdr_rpc_gss_cred, gc);
+	log_debug("returning %d from svcauth_gss()", retstat);
+	return (retstat);
+}
+
+static bool_t
+svcauth_gss_destroy(SVCAUTH *auth)
+{
+	struct svc_rpc_gss_data	*gd;
+	OM_uint32		 min_stat;
+
+	log_debug("in svcauth_gss_destroy()");
+
+	gd = SVCAUTH_PRIVATE(auth);
+
+	gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER);
+	gss_release_cred(&min_stat, &gd->cred);
+	gss_release_buffer(&min_stat, &gd->cname);
+	gss_release_buffer(&min_stat, &gd->checksum);
+
+	if (gd->client_name)
+		gss_release_name(&min_stat, &gd->client_name);
+
+	mem_free(gd, sizeof(*gd));
+	mem_free(auth, sizeof(*auth));
+
+	return (TRUE);
+}
+
+static bool_t
+svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+	struct svc_rpc_gss_data	*gd;
+
+	log_debug("in svcauth_gss_wrap()");
+
+	gd = SVCAUTH_PRIVATE(auth);
+
+	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+		return ((*xdr_func)(xdrs, xdr_ptr));
+	}
+	return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+				 gd->ctx, gd->sec.qop,
+				 gd->sec.svc, gd->seq));
+}
+
+static bool_t
+svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
+{
+	struct svc_rpc_gss_data	*gd;
+
+	log_debug("in svcauth_gss_unwrap()");
+
+	gd = SVCAUTH_PRIVATE(auth);
+
+	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
+		return ((*xdr_func)(xdrs, xdr_ptr));
+	}
+	return (xdr_rpc_gss_data(xdrs, xdr_func, xdr_ptr,
+				 gd->ctx, gd->sec.qop,
+				 gd->sec.svc, gd->seq));
+}
+
+char *
+svcauth_gss_get_principal(SVCAUTH *auth)
+{
+	struct svc_rpc_gss_data *gd;
+	char *pname;
+
+	gd = SVCAUTH_PRIVATE(auth);
+
+	if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
+		return (NULL);
+
+	if ((pname = malloc(gd->cname.length + 1)) == NULL)
+		return (NULL);
+
+	memcpy(pname, gd->cname.value, gd->cname.length);
+	pname[gd->cname.length] = '\0';
+
+	return (pname);
+}
+
+/*
+ * Function: svcauth_gss_set_log_badauth_func
+ *
+ * Purpose: sets the logging function called when an invalid RPC call
+ * arrives
+ *
+ * See functional specifications.
+ */
+void svcauth_gss_set_log_badauth_func(
+	auth_gssapi_log_badauth_func func,
+	caddr_t data)
+{
+	log_badauth = func;
+	log_badauth_data = data;
+}
+
+void
+svcauth_gss_set_log_badauth2_func(auth_gssapi_log_badauth2_func func,
+				  caddr_t data)
+{
+	log_badauth2 = func;
+	log_badauth2_data = data;
+}
+
+/*
+ * Function: svcauth_gss_set_log_badverf_func
+ *
+ * Purpose: sets the logging function called when an invalid RPC call
+ * arrives
+ *
+ * See functional specifications.
+ */
+void svcauth_gss_set_log_badverf_func(
+	auth_gssapi_log_badverf_func func,
+	caddr_t data)
+{
+	log_badverf = func;
+	log_badverf_data = data;
+}
+
+/*
+ * Function: svcauth_gss_set_log_miscerr_func
+ *
+ * Purpose: sets the logging function called when a miscellaneous
+ * AUTH_GSSAPI error occurs
+ *
+ * See functional specifications.
+ */
+void svcauth_gss_set_log_miscerr_func(
+	auth_gssapi_log_miscerr_func func,
+	caddr_t data)
+{
+	log_miscerr = func;
+	log_miscerr_data = data;
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c b/krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c
new file mode 100644
index 00000000..b7ffee45
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c
@@ -0,0 +1,1132 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ *
+ */
+
+/*
+ * svc_auth_gssapi.c
+ * Handles the GSS-API flavor authentication parameters on the service
+ * side of RPC.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+#include <sys/stat.h>
+
+#include <gssapi/gssapi_generic.h>
+#include <gssrpc/auth_gssapi.h>
+
+#ifdef GSS_BACKWARD_HACK
+#include <gssapi/gssapi_krb5.h>
+#endif
+
+#include "gssrpcint.h"
+
+#ifdef GSSAPI_KRB5
+/* This is here for the krb5_error_code typedef and the
+ * KRB5KRB_AP_ERR_NOT_US #define.*/
+#include <krb5.h>
+#endif
+
+#include <sys/file.h>
+#include <fcntl.h>
+#include <time.h>
+
+#define INITIATION_TIMEOUT 60*15 /* seconds until partially created */
+				 /* context is destroed */
+#define INDEF_EXPIRE 60*60*24	/* seconds until an context with no */
+                                /* expiration time is expired */
+
+#ifdef __CODECENTER__
+#define DEBUG_GSSAPI 1
+#endif
+
+#ifdef DEBUG_GSSAPI
+int svc_debug_gssapi = DEBUG_GSSAPI;
+void gssrpcint_printf(const char *format, ...)
+{
+    va_list ap;
+    va_start(ap, format);
+#if 1
+    vprintf(format, ap);
+#else
+    {
+	static FILE *f;
+	if (f == NULL)
+	    f = fopen("/dev/pts/4", "a");
+	if (f) {
+	    vfprintf(f, format, ap);
+	    fflush(f);
+	}
+    }
+#endif
+    va_end(ap);
+}
+#define L_PRINTF(l,args) if (svc_debug_gssapi >= l) gssrpcint_printf args
+#define PRINTF(args) L_PRINTF(99, args)
+#define AUTH_GSSAPI_DISPLAY_STATUS(args) \
+	if (svc_debug_gssapi) auth_gssapi_display_status args
+#else
+#define PRINTF(args)
+#define L_PRINTF(l, args)
+#define AUTH_GSSAPI_DISPLAY_STATUS(args)
+#endif
+
+typedef struct _svc_auth_gssapi_data {
+     bool_t established;
+
+     gss_ctx_id_t context;
+     gss_name_t client_name, server_name;
+     gss_cred_id_t server_creds;
+
+     uint32_t expiration;
+     uint32_t seq_num;
+     uint32_t key;
+
+     SVCAUTH svcauth;
+
+     /* kludge to free verifiers on next call */
+     gss_buffer_desc prev_verf;
+} svc_auth_gssapi_data;
+
+#define SVCAUTH_PRIVATE(auth) \
+     ((svc_auth_gssapi_data *)(auth)->svc_ah_private)
+
+static bool_t	svc_auth_gssapi_wrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t	svc_auth_gssapi_unwrap(SVCAUTH *, XDR *, xdrproc_t, caddr_t);
+static bool_t	svc_auth_gssapi_destroy(SVCAUTH *);
+
+static svc_auth_gssapi_data *create_client(void);
+static svc_auth_gssapi_data *get_client
+       (gss_buffer_t client_handle);
+static void destroy_client
+       (svc_auth_gssapi_data *client_data);
+static void clean_client(void), cleanup(void);
+static void client_expire
+       (svc_auth_gssapi_data *client_data, uint32_t exp);
+static void dump_db (char *msg);
+
+struct svc_auth_ops svc_auth_gssapi_ops = {
+     svc_auth_gssapi_wrap,
+     svc_auth_gssapi_unwrap,
+     svc_auth_gssapi_destroy
+};
+
+/*
+ * Globals!  Eeek!  Run for the hills!
+ */
+static gss_cred_id_t *server_creds_list = NULL;
+static gss_name_t *server_name_list = NULL;
+static int server_creds_count = 0;
+
+static auth_gssapi_log_badauth_func log_badauth = NULL;
+static caddr_t log_badauth_data = NULL;
+static auth_gssapi_log_badauth2_func log_badauth2 = NULL;
+static caddr_t log_badauth2_data = NULL;
+static auth_gssapi_log_badverf_func log_badverf = NULL;
+static caddr_t log_badverf_data = NULL;
+static auth_gssapi_log_miscerr_func log_miscerr = NULL;
+static caddr_t log_miscerr_data = NULL;
+
+#define LOG_MISCERR(arg) if (log_miscerr) \
+	(*log_miscerr)(rqst, msg, arg, log_miscerr_data)
+
+typedef struct _client_list {
+     svc_auth_gssapi_data *client;
+     struct _client_list *next;
+} client_list;
+
+static client_list *clients = NULL;
+
+
+/* Invoke log_badauth callbacks for an authentication failure. */
+static void
+badauth(OM_uint32 maj, OM_uint32 minor, SVCXPRT *xprt)
+{
+     if (log_badauth != NULL)
+	  (*log_badauth)(maj, minor, &xprt->xp_raddr, log_badauth_data);
+     if (log_badauth2 != NULL)
+	  (*log_badauth2)(maj, minor, xprt, log_badauth2_data);
+}
+
+enum auth_stat gssrpc__svcauth_gssapi(
+     struct svc_req *rqst,
+     struct rpc_msg *msg,
+     bool_t *no_dispatch)
+{
+     XDR xdrs;
+     auth_gssapi_creds creds;
+     auth_gssapi_init_arg call_arg;
+     auth_gssapi_init_res call_res;
+     gss_buffer_desc output_token, in_buf, out_buf;
+     gss_cred_id_t server_creds;
+     struct gss_channel_bindings_struct bindings, *bindp;
+     OM_uint32 gssstat, minor_stat, time_rec;
+     struct opaque_auth *cred, *verf;
+     svc_auth_gssapi_data *client_data;
+     int i;
+     enum auth_stat ret;
+     OM_uint32 ret_flags;
+     uint32_t seq_num;
+
+     PRINTF(("svcauth_gssapi: starting\n"));
+
+     /* clean up expired entries */
+     clean_client();
+
+     /* use AUTH_NONE until there is a client_handle */
+     rqst->rq_xprt->xp_auth = &svc_auth_none;
+
+     memset(&call_res, 0, sizeof(call_res));
+     creds.client_handle.length = 0;
+     creds.client_handle.value = NULL;
+
+     cred = &msg->rm_call.cb_cred;
+     verf = &msg->rm_call.cb_verf;
+
+     if (cred->oa_length == 0) {
+	  PRINTF(("svcauth_gssapi: empty creds, failing\n"));
+	  LOG_MISCERR("empty client credentials");
+	  ret = AUTH_BADCRED;
+	  goto error;
+     }
+
+     PRINTF(("svcauth_gssapi: decoding credentials\n"));
+     xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE);
+     memset(&creds, 0, sizeof(creds));
+     if (! xdr_authgssapi_creds(&xdrs, &creds)) {
+	  PRINTF(("svcauth_gssapi: failed decoding creds\n"));
+	  LOG_MISCERR("protocol error in client credentials");
+	  xdr_free(xdr_authgssapi_creds, &creds);
+	  XDR_DESTROY(&xdrs);
+	  ret = AUTH_BADCRED;
+	  goto error;
+     }
+     XDR_DESTROY(&xdrs);
+
+     PRINTF(("svcauth_gssapi: got credentials, version %d, client_handle len %d\n",
+	     creds.version, (int) creds.client_handle.length));
+
+     if (creds.version != 2) {
+ 	  PRINTF(("svcauth_gssapi: bad credential version\n"));
+ 	  LOG_MISCERR("unsupported client credentials version");
+ 	  ret = AUTH_BADCRED;
+ 	  goto error;
+     }
+
+#ifdef DEBUG_GSSAPI
+     if (svc_debug_gssapi) {
+	  if (creds.auth_msg && rqst->rq_proc == AUTH_GSSAPI_EXIT) {
+	       PRINTF(("svcauth_gssapi: GSSAPI_EXIT, cleaning up\n"));
+	       svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
+	       xdr_free(xdr_authgssapi_creds, &creds);
+	       cleanup();
+	       exit(0);
+	  }
+     }
+#endif
+
+     /*
+      * If this is an auth_msg and proc is GSSAPI_INIT, then create a
+      * client handle for this client.  Otherwise, look up the
+      * existing handle.
+      */
+     if (creds.auth_msg && rqst->rq_proc == AUTH_GSSAPI_INIT) {
+	  if (creds.client_handle.length != 0) {
+	       PRINTF(("svcauth_gssapi: non-empty handle on GSSAPI_INIT\n"));
+	       LOG_MISCERR("protocol error in client handle");
+	       ret = AUTH_FAILED;
+	       goto error;
+	  }
+
+	  PRINTF(("svcauth_gssapi: GSSAPI_INIT, creating client.\n"));
+
+	  client_data = create_client();
+	  if (client_data == NULL) {
+	       PRINTF(("svcauth_gssapi: create_client failed\n"));
+	       LOG_MISCERR("internal error creating client record");
+	       ret = AUTH_FAILED;
+	       goto error;
+	  }
+     } else {
+	  if (creds.client_handle.length == 0) {
+	       PRINTF(("svcauth_gssapi: expected non-empty creds\n"));
+	       LOG_MISCERR("protocol error in client credentials");
+	       ret = AUTH_FAILED;
+	       goto error;
+	  }
+
+	  PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n",
+		  *((uint32_t *) creds.client_handle.value),
+		  (int) creds.client_handle.length));
+
+	  client_data = get_client(&creds.client_handle);
+	  if (client_data == NULL) {
+	       PRINTF(("svcauth_gssapi: client_handle lookup failed\n"));
+	       LOG_MISCERR("invalid client handle received");
+	       ret = AUTH_BADCRED;
+	       goto error;
+	  }
+	  PRINTF(("svcauth_gssapi: client_handle lookup succeeded\n"));
+     }
+
+     /* any response we send will use client_handle, so set it now */
+     call_res.client_handle.length = sizeof(client_data->key);
+     call_res.client_handle.value = (char *) &client_data->key;
+
+     /* mark this call as using AUTH_GSSAPI via client_data's SVCAUTH */
+     rqst->rq_xprt->xp_auth = &client_data->svcauth;
+
+     if (client_data->established == FALSE) {
+	  PRINTF(("svcauth_gssapi: context is not established\n"));
+
+	  if (creds.auth_msg == FALSE) {
+	       PRINTF(("svcauth_gssapi: expected auth_msg TRUE\n"));
+	       LOG_MISCERR("protocol error on incomplete connection");
+	       ret = AUTH_REJECTEDCRED;
+	       goto error;
+	  }
+
+	  /*
+	   * If the context is not established, then only GSSAPI_INIT
+	   * and _CONTINUE requests are valid.
+	   */
+	  if (rqst->rq_proc != AUTH_GSSAPI_INIT && rqst->rq_proc !=
+	      AUTH_GSSAPI_CONTINUE_INIT) {
+	       PRINTF(("svcauth_gssapi: unacceptable procedure %d\n",
+		       rqst->rq_proc));
+	       LOG_MISCERR("protocol error on incomplete connection");
+	       ret = AUTH_FAILED;
+	       goto error;
+	  }
+
+	  /* call is for us, deserialize arguments */
+	  memset(&call_arg, 0, sizeof(call_arg));
+	  if (! svc_getargs(rqst->rq_xprt, xdr_authgssapi_init_arg,
+			    &call_arg)) {
+	       PRINTF(("svcauth_gssapi: cannot decode args\n"));
+	       LOG_MISCERR("protocol error in procedure arguments");
+	       ret = AUTH_BADCRED;
+	       goto error;
+	  }
+
+	  /*
+	   * Process the call arg version number.
+	   *
+	   * Set the krb5_gss backwards-compatibility mode based on client
+	   * version.  This controls whether the AP_REP message is
+	   * encrypted with the session key (version 2+, correct) or the
+	   * session subkey (version 1, incorrect).  This function can
+	   * never fail, so we don't bother checking its return value.
+	   */
+	  switch (call_arg.version) {
+	  case 1:
+	  case 2:
+	       LOG_MISCERR("Warning: Accepted old RPC protocol request");
+	       call_res.version = 1;
+	       break;
+	  case 3:
+	  case 4:
+	       /* 3 and 4 are essentially the same, don't bother warning */
+	       call_res.version = call_arg.version;
+	       break;
+	  default:
+	       PRINTF(("svcauth_gssapi: bad GSSAPI_INIT version\n"));
+	       LOG_MISCERR("unsupported GSSAPI_INIT version");
+	       ret = AUTH_BADCRED;
+	       goto error;
+	  }
+
+#ifdef GSS_BACKWARD_HACK
+	  krb5_gss_set_backward_mode(&minor_stat, call_arg.version == 1);
+#endif
+
+	  if (call_arg.version >= 3) {
+	       memset(&bindings, 0, sizeof(bindings));
+	       bindings.application_data.length = 0;
+	       bindings.initiator_addrtype = GSS_C_AF_INET;
+	       bindings.initiator_address.length = 4;
+	       bindings.initiator_address.value =
+		    &svc_getcaller(rqst->rq_xprt)->sin_addr.s_addr;
+
+	       if (rqst->rq_xprt->xp_laddrlen > 0) {
+		    bindings.acceptor_addrtype = GSS_C_AF_INET;
+		    bindings.acceptor_address.length = 4;
+		    bindings.acceptor_address.value =
+			 &rqst->rq_xprt->xp_laddr.sin_addr.s_addr;
+	       } else {
+		    LOG_MISCERR("cannot get local address");
+		    ret = AUTH_FAILED;
+		    goto error;
+	       }
+
+
+	       bindp = &bindings;
+	  } else {
+	       bindp = GSS_C_NO_CHANNEL_BINDINGS;
+	  }
+
+	  /*
+	   * If the client's server_creds is already set, use it.
+	   * Otherwise, try each credential in server_creds_list until
+	   * one of them succeeds, then set the client server_creds
+	   * to that.  If all fail, the client's server_creds isn't
+	   * set (which is fine, because the client will be gc'ed
+	   * anyway).
+	   *
+	   * If accept_sec_context returns something other than
+	   * success and GSS_S_FAILURE, then assume different
+	   * credentials won't help and stop looping.
+	   *
+	   * Note that there are really two cases here: (1) the client
+	   * has a server_creds already, and (2) it does not.  They
+	   * are both written in the same loop so that there is only
+	   * one textual call to gss_accept_sec_context; in fact, in
+	   * case (1), the loop is executed exactly once.
+	   */
+	  for (i = 0; i < server_creds_count; i++) {
+	       if (client_data->server_creds != NULL) {
+		    PRINTF(("svcauth_gssapi: using's clients server_creds\n"));
+		    server_creds = client_data->server_creds;
+	       } else {
+		    PRINTF(("svcauth_gssapi: trying creds %d\n", i));
+		    server_creds = server_creds_list[i];
+	       }
+
+	       /* Free previous output_token from loop */
+	       if(i != 0) gss_release_buffer(&minor_stat, &output_token);
+
+	       call_res.gss_major =
+		    gss_accept_sec_context(&call_res.gss_minor,
+					   &client_data->context,
+					   server_creds,
+					   &call_arg.token,
+					   bindp,
+					   &client_data->client_name,
+					   NULL,
+					   &output_token,
+					   &ret_flags,
+					   &time_rec,
+					   NULL);
+
+	       if (server_creds == client_data->server_creds)
+		    break;
+
+	       PRINTF(("accept_sec_context returned 0x%x 0x%x not-us=%#x\n",
+		       call_res.gss_major, call_res.gss_minor,
+		       (int) KRB5KRB_AP_ERR_NOT_US));
+	       if (call_res.gss_major == GSS_S_COMPLETE ||
+		   call_res.gss_major == GSS_S_CONTINUE_NEEDED) {
+		    /* server_creds was right, set it! */
+		    PRINTF(("svcauth_gssapi: creds are correct, storing\n"));
+		    client_data->server_creds = server_creds;
+		    client_data->server_name = server_name_list[i];
+		    break;
+	       } else if (call_res.gss_major != GSS_S_FAILURE
+#ifdef GSSAPI_KRB5
+			  /*
+			   * hard-coded because there is no other way
+			   * to prevent all GSS_S_FAILURES from
+			   * returning a "wrong principal in request"
+			   * error
+			   */
+			  || ((krb5_error_code) call_res.gss_minor !=
+			      (krb5_error_code) KRB5KRB_AP_ERR_NOT_US)
+#endif
+			  ) {
+		    break;
+	       }
+	  }
+
+	  gssstat = call_res.gss_major;
+	  minor_stat = call_res.gss_minor;
+
+	  /* done with call args */
+	  xdr_free(xdr_authgssapi_init_arg, &call_arg);
+
+	  PRINTF(("svcauth_gssapi: accept_sec_context returned %#x %#x\n",
+		  call_res.gss_major, call_res.gss_minor));
+	  if (call_res.gss_major != GSS_S_COMPLETE &&
+	      call_res.gss_major != GSS_S_CONTINUE_NEEDED) {
+	       AUTH_GSSAPI_DISPLAY_STATUS(("accepting context",
+					   call_res.gss_major,
+					   call_res.gss_minor));
+
+	       badauth(call_res.gss_major, call_res.gss_minor, rqst->rq_xprt);
+
+	       gss_release_buffer(&minor_stat, &output_token);
+	       svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res,
+			     (caddr_t) &call_res);
+	       *no_dispatch = TRUE;
+	       ret = AUTH_OK;
+	       goto error;
+	  }
+
+	  if (output_token.length != 0) {
+	       PRINTF(("svcauth_gssapi: got new output token\n"));
+	       GSS_COPY_BUFFER(call_res.token, output_token);
+	  }
+
+	  if (gssstat == GSS_S_COMPLETE) {
+	       client_data->seq_num = rand();
+	       client_expire(client_data,
+			     (time_rec == GSS_C_INDEFINITE ?
+			      INDEF_EXPIRE : time_rec) + time(0));
+
+	       PRINTF(("svcauth_gssapi: context established, isn %d\n",
+		       client_data->seq_num));
+
+	       if (auth_gssapi_seal_seq(client_data->context,
+					client_data->seq_num,
+					&call_res.signed_isn) ==
+		   FALSE) {
+		    ret = AUTH_FAILED;
+		    LOG_MISCERR("internal error sealing sequence number");
+		    gss_release_buffer(&minor_stat, &output_token);
+		    goto error;
+	       }
+	  }
+
+	  PRINTF(("svcauth_gssapi: sending reply\n"));
+	  svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res,
+			(caddr_t) &call_res);
+	  *no_dispatch = TRUE;
+
+	  /*
+	   * If appropriate, set established to TRUE *after* sending
+	   * response (otherwise, the client will receive the final
+	   * token encrypted)
+	   */
+	  if (gssstat == GSS_S_COMPLETE) {
+	       gss_release_buffer(&minor_stat, &call_res.signed_isn);
+	       client_data->established = TRUE;
+	  }
+	  gss_release_buffer(&minor_stat, &output_token);
+     } else {
+	  PRINTF(("svcauth_gssapi: context is established\n"));
+
+	  /* check the verifier */
+	  PRINTF(("svcauth_gssapi: checking verifier, len %d\n",
+		  verf->oa_length));
+
+	  in_buf.length = verf->oa_length;
+	  in_buf.value = verf->oa_base;
+
+	  if (auth_gssapi_unseal_seq(client_data->context, &in_buf,
+				     &seq_num) == FALSE) {
+	       ret = AUTH_BADVERF;
+	       LOG_MISCERR("internal error unsealing sequence number");
+	       goto error;
+	  }
+
+	  if (seq_num != client_data->seq_num + 1) {
+	       PRINTF(("svcauth_gssapi: expected isn %d, got %d\n",
+		       client_data->seq_num + 1, seq_num));
+	       if (log_badverf != NULL)
+		    (*log_badverf)(client_data->client_name,
+				   client_data->server_name,
+				   rqst, msg, log_badverf_data);
+
+	       ret = AUTH_REJECTEDVERF;
+	       goto error;
+	  }
+	  client_data->seq_num++;
+
+	  PRINTF(("svcauth_gssapi: seq_num %d okay\n", seq_num));
+
+	  /* free previous response verifier, if any */
+	  if (client_data->prev_verf.length != 0) {
+	       gss_release_buffer(&minor_stat, &client_data->prev_verf);
+	       client_data->prev_verf.length = 0;
+	  }
+
+	  /* prepare response verifier */
+	  seq_num = client_data->seq_num + 1;
+	  if (auth_gssapi_seal_seq(client_data->context, seq_num,
+				   &out_buf) == FALSE) {
+	       ret = AUTH_FAILED;
+	       LOG_MISCERR("internal error sealing sequence number");
+	       goto error;
+	  }
+
+	  client_data->seq_num++;
+
+	  PRINTF(("svcauth_gssapi; response seq_num %d\n", seq_num));
+
+	  rqst->rq_xprt->xp_verf.oa_flavor = AUTH_GSSAPI;
+	  rqst->rq_xprt->xp_verf.oa_base = out_buf.value;
+	  rqst->rq_xprt->xp_verf.oa_length = out_buf.length;
+
+	  /* save verifier so it can be freed next time */
+	  client_data->prev_verf.value = out_buf.value;
+	  client_data->prev_verf.length = out_buf.length;
+
+	  /*
+	   * Message is authentic.  If auth_msg if true, process the
+	   * call; otherwise, return AUTH_OK so it will be dispatched
+	   * to the application server.
+	   */
+
+	  if (creds.auth_msg == TRUE) {
+	       /*
+		* If process_token fails, then the token probably came
+		* from an attacker.  No response (error or otherwise)
+		* should be returned to the client, since it won't be
+		* accepting one.
+		*/
+
+	       switch (rqst->rq_proc) {
+	       case AUTH_GSSAPI_MSG:
+		    PRINTF(("svcauth_gssapi: GSSAPI_MSG, getting args\n"));
+		    memset(&call_arg, 0, sizeof(call_arg));
+		    if (! svc_getargs(rqst->rq_xprt, xdr_authgssapi_init_arg,
+				      &call_arg)) {
+			 PRINTF(("svcauth_gssapi: cannot decode args\n"));
+			 LOG_MISCERR("protocol error in call arguments");
+			 xdr_free(xdr_authgssapi_init_arg, &call_arg);
+			 ret = AUTH_BADCRED;
+			 goto error;
+		    }
+
+		    PRINTF(("svcauth_gssapi: processing token\n"));
+		    gssstat = gss_process_context_token(&minor_stat,
+							client_data->context,
+							&call_arg.token);
+
+		    /* done with call args */
+		    xdr_free(xdr_authgssapi_init_arg, &call_arg);
+
+		    if (gssstat != GSS_S_COMPLETE) {
+			 AUTH_GSSAPI_DISPLAY_STATUS(("processing token",
+						     gssstat, minor_stat));
+			 ret = AUTH_FAILED;
+			 goto error;
+		    }
+
+		    svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
+		    *no_dispatch = TRUE;
+		    break;
+
+	       case AUTH_GSSAPI_DESTROY:
+		    PRINTF(("svcauth_gssapi: GSSAPI_DESTROY\n"));
+
+		    PRINTF(("svcauth_gssapi: sending reply\n"));
+		    svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
+		    *no_dispatch = TRUE;
+
+		    destroy_client(client_data);
+		    rqst->rq_xprt->xp_auth = NULL;
+		    break;
+
+	       default:
+		    PRINTF(("svcauth_gssapi: unacceptable procedure %d\n",
+			    rqst->rq_proc));
+		    LOG_MISCERR("invalid call procedure number");
+		    ret = AUTH_FAILED;
+		    goto error;
+	       }
+	  } else {
+	       /* set credentials for app server; comment in svc.c */
+	       /* seems to imply this is incorrect, but I don't see */
+	       /* any problem with it... */
+	       rqst->rq_clntcred = (char *)client_data->client_name;
+	       rqst->rq_svccred = (char *)client_data->context;
+	  }
+     }
+
+     if (creds.client_handle.length != 0) {
+	  PRINTF(("svcauth_gssapi: freeing client_handle len %d\n",
+		  (int) creds.client_handle.length));
+	  xdr_free(xdr_authgssapi_creds, &creds);
+     }
+
+     PRINTF(("\n"));
+     return AUTH_OK;
+
+error:
+     if (creds.client_handle.length != 0) {
+	  PRINTF(("svcauth_gssapi: freeing client_handle len %d\n",
+		  (int) creds.client_handle.length));
+	  xdr_free(xdr_authgssapi_creds, &creds);
+     }
+
+     PRINTF(("\n"));
+     return ret;
+}
+
+static void cleanup(void)
+{
+     client_list *c, *c2;
+
+     PRINTF(("cleanup_and_exit: starting\n"));
+
+     c = clients;
+     while (c) {
+	  c2 = c;
+	  c = c->next;
+	  destroy_client(c2->client);
+	  free(c2);
+     }
+
+     exit(0);
+}
+
+/*
+ * Function: create_client
+ *
+ * Purpose: Creates an new client_data structure and stores it in the
+ * database.
+ *
+ * Returns: the new client_data structure, or NULL on failure.
+ *
+ * Effects:
+ *
+ * A new client_data is created and stored in the hash table and
+ * b-tree.  A new key that is unique in the current database is
+ * chosen; this key should be used as the client's client_handle.
+ */
+static svc_auth_gssapi_data *create_client(void)
+{
+     client_list *c;
+     svc_auth_gssapi_data *client_data;
+     static int client_key = 1;
+
+     PRINTF(("svcauth_gssapi: empty creds, creating\n"));
+
+     client_data = (svc_auth_gssapi_data *) malloc(sizeof(*client_data));
+     if (client_data == NULL)
+	  return NULL;
+     memset(client_data, 0, sizeof(*client_data));
+     L_PRINTF(2, ("create_client: new client_data = %p\n",
+		  (void *) client_data));
+
+     /* set up client data structure */
+     client_data->established = 0;
+     client_data->context = GSS_C_NO_CONTEXT;
+     client_data->expiration = time(0) + INITIATION_TIMEOUT;
+
+     /* set up psycho-recursive SVCAUTH hack */
+     client_data->svcauth.svc_ah_ops = &svc_auth_gssapi_ops;
+     client_data->svcauth.svc_ah_private = (caddr_t) client_data;
+
+     client_data->key = client_key++;
+
+     c = (client_list *) malloc(sizeof(client_list));
+     if (c == NULL)
+	  return NULL;
+     c->client = client_data;
+     c->next = NULL;
+
+
+     if (clients == NULL)
+	  clients = c;
+     else {
+	  c->next = clients;
+	  clients = c;
+     }
+
+     PRINTF(("svcauth_gssapi: new handle %d\n", client_data->key));
+     L_PRINTF(2, ("create_client: done\n"));
+
+     return client_data;
+}
+
+/*
+ * Function: client_expire
+ *
+ * Purpose: change the expiration time of a client in the database
+ *
+ * Arguments:
+ *
+ * 	client_data	(r) the client_data to expire
+ * 	exp		(r) the new expiration time
+ *
+ * Effects:
+ *
+ * client_data->expiration = exp
+ *
+ * This function used to remove client_data from the database, change
+ * its expiration time, and re-add it, which was necessary because the
+ * database was sorted by expiration time so a simple modification
+ * would break the rep invariant.  Now the database is an unsorted
+ * linked list, so it doesn't matter.
+ */
+static void client_expire(
+     svc_auth_gssapi_data *client_data,
+     uint32_t exp)
+{
+     client_data->expiration = exp;
+}
+
+/*
+ * Function get_client
+ *
+ * Purpose: retrieve a client_data structure from the database based
+ * on its client handle (key)
+ *
+ * Arguments:
+ *
+ *	client_handle	(r) the handle (key) to retrieve
+ *
+ * Effects:
+ *
+ * Searches the list and returns the client_data whose key field
+ * matches the contents of client_handle, or returns NULL if none was
+ * found.
+ */
+static svc_auth_gssapi_data *get_client(gss_buffer_t client_handle)
+{
+     client_list *c;
+     uint32_t handle;
+
+     memcpy(&handle, client_handle->value, 4);
+
+     L_PRINTF(2, ("get_client: looking for client %d\n", handle));
+
+     c = clients;
+     while (c) {
+	  if (c->client->key == handle)
+	       return c->client;
+	  c = c->next;
+     }
+
+     L_PRINTF(2, ("get_client: client_handle lookup failed\n"));
+     return NULL;
+}
+
+/*
+ * Function: destroy_client
+ *
+ * Purpose: destroys a client entry and removes it from the database
+ *
+ * Arguments:
+ *
+ *	client_data	(r) the client to be destroyed
+ *
+ * Effects:
+ *
+ * client_data->context is deleted with gss_delete_sec_context.
+ * client_data's entry in the database is destroyed.  client_data is
+ * freed.
+ */
+static void destroy_client(svc_auth_gssapi_data *client_data)
+{
+     OM_uint32 gssstat, minor_stat;
+     gss_buffer_desc out_buf;
+     client_list *c, *c2;
+
+     PRINTF(("destroy_client: destroying client_data\n"));
+     L_PRINTF(2, ("destroy_client: client_data = %p\n", (void *) client_data));
+
+#ifdef DEBUG_GSSAPI
+     if (svc_debug_gssapi >= 3)
+	  dump_db("before frees");
+#endif
+
+     /* destroy client struct even if error occurs */
+
+     gssstat = gss_delete_sec_context(&minor_stat, &client_data->context,
+				      &out_buf);
+     if (gssstat != GSS_S_COMPLETE)
+	  AUTH_GSSAPI_DISPLAY_STATUS(("deleting context", gssstat,
+				      minor_stat));
+
+     gss_release_buffer(&minor_stat, &out_buf);
+     gss_release_name(&minor_stat, &client_data->client_name);
+     if (client_data->prev_verf.length != 0)
+	  gss_release_buffer(&minor_stat, &client_data->prev_verf);
+
+     if (clients == NULL) {
+	  PRINTF(("destroy_client: called on empty database\n"));
+	  abort();
+     } else if (clients->client == client_data) {
+	  c = clients;
+	  clients = clients->next;
+	  free(c);
+     } else {
+	  c2 = clients;
+	  c = clients->next;
+	  while (c) {
+	       if (c->client == client_data) {
+		    c2->next = c->next;
+		    free(c);
+		    goto done;
+	       } else {
+		    c2 = c;
+		    c = c->next;
+	       }
+	  }
+	  PRINTF(("destroy_client: client_handle delete failed\n"));
+	  abort();
+     }
+
+done:
+
+     L_PRINTF(2, ("destroy_client: client %d destroyed\n", client_data->key));
+
+     free(client_data);
+}
+
+static void dump_db(char *msg)
+{
+     svc_auth_gssapi_data *client_data;
+     client_list *c;
+
+     L_PRINTF(3, ("dump_db: %s:\n", msg));
+
+     c = clients;
+     while (c) {
+	  client_data = c->client;
+	  L_PRINTF(3, ("\tclient_data = %p, exp = %d\n",
+		       (void *) client_data, client_data->expiration));
+	  c = c->next;
+     }
+
+     L_PRINTF(3, ("\n"));
+}
+
+static void clean_client(void)
+{
+     svc_auth_gssapi_data *client_data;
+     client_list *c;
+
+     PRINTF(("clean_client: starting\n"));
+
+     c = clients;
+     while (c) {
+	  client_data = c->client;
+
+	  L_PRINTF(2, ("clean_client: client_data = %p\n",
+		       (void *) client_data));
+
+	  if (client_data->expiration < time(0)) {
+	       PRINTF(("clean_client: client %d expired\n",
+		       client_data->key));
+	       destroy_client(client_data);
+	       c = clients; /* start over, just to be safe */
+	  } else {
+	       c = c->next;
+	  }
+     }
+
+     PRINTF(("clean_client: done\n"));
+}
+
+/*
+ * Function: svcauth_gssapi_set_names
+ *
+ * Purpose: Sets the list of service names for which incoming
+ * authentication requests should be honored.
+ *
+ * See functional specifications.
+ */
+bool_t svcauth_gssapi_set_names(
+     auth_gssapi_name *names,
+     int num)
+{
+     OM_uint32 gssstat, minor_stat;
+     gss_buffer_desc in_buf;
+     int i;
+
+     if (num == 0)
+	  for (; names[num].name != NULL; num++)
+	       ;
+
+     server_creds_list = NULL;
+     server_name_list = NULL;
+
+     server_creds_list = (gss_cred_id_t *) malloc(num*sizeof(gss_cred_id_t));
+     if (server_creds_list == NULL)
+	  goto fail;
+     server_name_list = (gss_name_t *) malloc(num*sizeof(gss_name_t));
+     if (server_name_list == NULL)
+	  goto fail;
+
+     for (i = 0; i < num; i++) {
+	  server_name_list[i] = 0;
+	  server_creds_list[i] = 0;
+     }
+
+     server_creds_count = num;
+
+     for (i = 0; i < num; i++) {
+	  in_buf.value = names[i].name;
+	  in_buf.length = strlen(in_buf.value) + 1;
+
+	  PRINTF(("svcauth_gssapi_set_names: importing %s\n", names[i].name));
+
+	  gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type,
+				    &server_name_list[i]);
+
+	  if (gssstat != GSS_S_COMPLETE) {
+	       AUTH_GSSAPI_DISPLAY_STATUS(("importing name", gssstat,
+					   minor_stat));
+	       goto fail;
+	  }
+
+	  gssstat = gss_acquire_cred(&minor_stat, server_name_list[i], 0,
+				     GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+				     &server_creds_list[i], NULL, NULL);
+	  if (gssstat != GSS_S_COMPLETE) {
+	       AUTH_GSSAPI_DISPLAY_STATUS(("acquiring credentials",
+					   gssstat, minor_stat));
+	       goto fail;
+	  }
+     }
+
+     return TRUE;
+
+fail:
+     svcauth_gssapi_unset_names();
+
+     return FALSE;
+}
+
+/* Function: svcauth_gssapi_unset_names
+ *
+ * Purpose: releases the names and credentials allocated by
+ * svcauth_gssapi_set_names
+ */
+
+void svcauth_gssapi_unset_names(void)
+{
+     int i;
+     OM_uint32 minor_stat;
+
+     if (server_creds_list) {
+	  for (i = 0; i < server_creds_count; i++)
+	       if (server_creds_list[i])
+		    gss_release_cred(&minor_stat, &server_creds_list[i]);
+	  free(server_creds_list);
+	  server_creds_list = NULL;
+     }
+
+     if (server_name_list) {
+	  for (i = 0; i < server_creds_count; i++)
+	       if (server_name_list[i])
+		    gss_release_name(&minor_stat, &server_name_list[i]);
+	  free(server_name_list);
+	  server_name_list = NULL;
+     }
+     server_creds_count = 0;
+}
+
+
+/*
+ * Function: svcauth_gssapi_set_log_badauth_func
+ *
+ * Purpose: sets the logging function called when an invalid RPC call
+ * arrives
+ *
+ * See functional specifications.
+ */
+void svcauth_gssapi_set_log_badauth_func(
+     auth_gssapi_log_badauth_func func,
+     caddr_t data)
+{
+     log_badauth = func;
+     log_badauth_data = data;
+}
+
+void
+svcauth_gssapi_set_log_badauth2_func(auth_gssapi_log_badauth2_func func,
+				     caddr_t data)
+{
+     log_badauth2 = func;
+     log_badauth2_data = data;
+}
+
+/*
+ * Function: svcauth_gssapi_set_log_badverf_func
+ *
+ * Purpose: sets the logging function called when an invalid RPC call
+ * arrives
+ *
+ * See functional specifications.
+ */
+void svcauth_gssapi_set_log_badverf_func(
+     auth_gssapi_log_badverf_func func,
+     caddr_t data)
+{
+     log_badverf = func;
+     log_badverf_data = data;
+}
+
+/*
+ * Function: svcauth_gssapi_set_log_miscerr_func
+ *
+ * Purpose: sets the logging function called when a miscellaneous
+ * AUTH_GSSAPI error occurs
+ *
+ * See functional specifications.
+ */
+void svcauth_gssapi_set_log_miscerr_func(
+     auth_gssapi_log_miscerr_func func,
+     caddr_t data)
+{
+     log_miscerr = func;
+     log_miscerr_data = data;
+}
+
+/*
+ * Encrypt the serialized arguments from xdr_func applied to xdr_ptr
+ * and write the result to xdrs.
+ */
+static bool_t svc_auth_gssapi_wrap(
+     SVCAUTH *auth,
+     XDR *out_xdrs,
+     bool_t (*xdr_func)(),
+     caddr_t xdr_ptr)
+{
+     OM_uint32 gssstat, minor_stat;
+
+     if (! SVCAUTH_PRIVATE(auth)->established) {
+	  PRINTF(("svc_gssapi_wrap: not established, noop\n"));
+	  return (*xdr_func)(out_xdrs, xdr_ptr);
+     } else if (! auth_gssapi_wrap_data(&gssstat, &minor_stat,
+					SVCAUTH_PRIVATE(auth)->context,
+					SVCAUTH_PRIVATE(auth)->seq_num,
+					out_xdrs, xdr_func, xdr_ptr)) {
+	  if (gssstat != GSS_S_COMPLETE)
+	       AUTH_GSSAPI_DISPLAY_STATUS(("encrypting function arguments",
+					   gssstat, minor_stat));
+	  return FALSE;
+     } else
+	  return TRUE;
+}
+
+static bool_t svc_auth_gssapi_unwrap(
+     SVCAUTH *auth,
+     XDR *in_xdrs,
+     bool_t (*xdr_func)(),
+     caddr_t xdr_ptr)
+{
+     svc_auth_gssapi_data *client_data = SVCAUTH_PRIVATE(auth);
+     OM_uint32 gssstat, minor_stat;
+
+     if (! client_data->established) {
+	  PRINTF(("svc_gssapi_unwrap: not established, noop\n"));
+	  return (*xdr_func)(in_xdrs, (auth_gssapi_init_arg *)(void *) xdr_ptr);
+     } else if (! auth_gssapi_unwrap_data(&gssstat, &minor_stat,
+					  client_data->context,
+					  client_data->seq_num-1,
+					  in_xdrs, xdr_func, xdr_ptr)) {
+	  if (gssstat != GSS_S_COMPLETE)
+	       AUTH_GSSAPI_DISPLAY_STATUS(("decrypting function arguments",
+					   gssstat, minor_stat));
+	  return FALSE;
+     } else
+	  return TRUE;
+}
+
+static bool_t svc_auth_gssapi_destroy(SVCAUTH *auth)
+{
+     svc_auth_gssapi_data *client_data = SVCAUTH_PRIVATE(auth);
+
+     destroy_client(client_data);
+     return TRUE;
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_auth_none.c b/krb5-1.21.3/src/lib/rpc/svc_auth_none.c
new file mode 100644
index 00000000..cba230d9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_auth_none.c
@@ -0,0 +1,74 @@
+/* lib/rpc/svc_auth_none.c */
+/*
+  Copyright (c) 2000 The Regents of the University of Michigan.
+  All rights reserved.
+
+  Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
+  All rights reserved, all wrongs reversed.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+  3. Neither the name of the University nor the names of its
+     contributors may be used to endorse or promote products derived
+     from this software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+  DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+  BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+  Id: svc_auth_none.c,v 1.1 2000/08/24 20:51:34 dugsong Exp
+ */
+
+#include <gssrpc/rpc.h>
+
+static bool_t	svcauth_none_destroy(SVCAUTH *);
+static bool_t   svcauth_none_wrap(SVCAUTH *, XDR *, xdrproc_t,
+				  caddr_t);
+
+struct svc_auth_ops svc_auth_none_ops = {
+	svcauth_none_wrap,
+	svcauth_none_wrap,
+	svcauth_none_destroy
+};
+
+SVCAUTH svc_auth_none = {
+	&svc_auth_none_ops,
+	NULL,
+};
+
+static bool_t
+svcauth_none_destroy(SVCAUTH *auth)
+{
+	return (TRUE);
+}
+
+static bool_t
+svcauth_none_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func,
+		  caddr_t xdr_ptr)
+{
+	return ((*xdr_func)(xdrs, xdr_ptr));
+}
+
+enum auth_stat
+gssrpc__svcauth_none(struct svc_req *rqst, struct rpc_msg *msg,
+		     bool_t *no_dispatch)
+{
+	rqst->rq_xprt->xp_auth = &svc_auth_none;
+
+	return (AUTH_OK);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_auth_unix.c b/krb5-1.21.3/src/lib/rpc/svc_auth_unix.c
new file mode 100644
index 00000000..ee3057ed
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_auth_unix.c
@@ -0,0 +1,142 @@
+/* @(#)svc_auth_unix.c	2.3 88/08/01 4.0 RPCSRC; from 1.28 88/02/08 SMI */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)svc_auth_unix.c 1.28 88/02/08 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * svc_auth_unix.c
+ * Handles UNIX flavor authentication parameters on the service side of rpc.
+ * There are two svc auth implementations here: AUTH_UNIX and AUTH_SHORT.
+ * _svcauth_unix does full blown unix style uid,gid+gids auth,
+ * _svcauth_short uses a shorthand auth to index into a cache of longhand auths.
+ * Note: the shorthand has been gutted for efficiency.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+
+/*
+ * Unix longhand authenticator
+ */
+enum auth_stat
+gssrpc__svcauth_unix(
+	struct svc_req *rqst,
+	struct rpc_msg *msg,
+	bool_t *dispatch)
+{
+	enum auth_stat stat;
+	XDR xdrs;
+	struct authunix_parms *aup;
+	rpc_inline_t *buf;
+	struct area {
+		struct authunix_parms area_aup;
+		char area_machname[MAX_MACHINE_NAME+1];
+		int area_gids[NGRPS];
+	} *area;
+	u_int auth_len, str_len, gid_len, i;
+
+	rqst->rq_xprt->xp_auth = &svc_auth_none;
+
+	area = (struct area *) rqst->rq_clntcred;
+	aup = &area->area_aup;
+	aup->aup_machname = area->area_machname;
+	aup->aup_gids = area->area_gids;
+	auth_len = msg->rm_call.cb_cred.oa_length;
+	if (auth_len > INT_MAX)
+		return AUTH_BADCRED;
+	xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE);
+	buf = XDR_INLINE(&xdrs, (int)auth_len);
+	if (buf != NULL) {
+		aup->aup_time = IXDR_GET_LONG(buf);
+		str_len = IXDR_GET_U_LONG(buf);
+		if (str_len > MAX_MACHINE_NAME) {
+			stat = AUTH_BADCRED;
+			goto done;
+		}
+		memmove(aup->aup_machname, buf, str_len);
+		aup->aup_machname[str_len] = 0;
+		str_len = RNDUP(str_len);
+		buf += str_len / BYTES_PER_XDR_UNIT;
+		aup->aup_uid = IXDR_GET_LONG(buf);
+		aup->aup_gid = IXDR_GET_LONG(buf);
+		gid_len = IXDR_GET_U_LONG(buf);
+		if (gid_len > NGRPS) {
+			stat = AUTH_BADCRED;
+			goto done;
+		}
+		aup->aup_len = gid_len;
+		for (i = 0; i < gid_len; i++) {
+			aup->aup_gids[i] = IXDR_GET_LONG(buf);
+		}
+		/*
+		 * five is the smallest unix credentials structure -
+		 * timestamp, hostname len (0), uid, gid, and gids len (0).
+		 */
+		if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) {
+			(void) printf("bad auth_len gid %u str %u auth %u\n",
+			    gid_len, str_len, auth_len);
+			stat = AUTH_BADCRED;
+			goto done;
+		}
+	} else if (! xdr_authunix_parms(&xdrs, aup)) {
+		xdrs.x_op = XDR_FREE;
+		(void)xdr_authunix_parms(&xdrs, aup);
+		stat = AUTH_BADCRED;
+		goto done;
+	}
+	rqst->rq_xprt->xp_verf.oa_flavor = AUTH_NULL;
+	rqst->rq_xprt->xp_verf.oa_length = 0;
+	stat = AUTH_OK;
+done:
+	XDR_DESTROY(&xdrs);
+	return (stat);
+}
+
+
+/*
+ * Shorthand unix authenticator
+ * Looks up longhand in a cache.
+ */
+/*ARGSUSED*/
+enum auth_stat
+gssrpc__svcauth_short(
+	struct svc_req *rqst,
+	struct rpc_msg *msg,
+	bool_t *dispatch)
+{
+	rqst->rq_xprt->xp_auth = &svc_auth_none;
+	return (AUTH_REJECTEDCRED);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_raw.c b/krb5-1.21.3/src/lib/rpc/svc_raw.c
new file mode 100644
index 00000000..dd453cf8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_raw.c
@@ -0,0 +1,163 @@
+/* @(#)svc_raw.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)svc_raw.c 1.15 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * svc_raw.c,   This a toy for simple testing and timing.
+ * Interface to create an rpc client and server in the same UNIX process.
+ * This lets us similate rpc and get rpc (round trip) overhead, without
+ * any interference from the kernel.
+ */
+
+#include <gssrpc/rpc.h>
+
+
+/*
+ * This is the "network" that we will be moving data over
+ */
+static struct svcraw_private {
+	char	_raw_buf[UDPMSGSIZE];
+	SVCXPRT	server;
+	XDR	xdr_stream;
+	char	verf_body[MAX_AUTH_BYTES];
+} *svcraw_private;
+
+static bool_t		svcraw_recv(SVCXPRT *, struct rpc_msg *);
+static enum xprt_stat 	svcraw_stat(SVCXPRT *);
+static bool_t		svcraw_getargs(SVCXPRT *, xdrproc_t, void *);
+static bool_t		svcraw_reply(SVCXPRT *, struct rpc_msg *);
+static bool_t		svcraw_freeargs(SVCXPRT *, xdrproc_t, void *);
+static void		svcraw_destroy(SVCXPRT *);
+
+static struct xp_ops server_ops = {
+	svcraw_recv,
+	svcraw_stat,
+	svcraw_getargs,
+	svcraw_reply,
+	svcraw_freeargs,
+	svcraw_destroy
+};
+
+SVCXPRT *
+svcraw_create(void)
+{
+	struct svcraw_private *srp = svcraw_private;
+
+	if (srp == 0) {
+		srp = (struct svcraw_private *)calloc(1, sizeof (*srp));
+		if (srp == 0)
+			return (0);
+		svcraw_private = srp;
+	}
+	srp->server.xp_sock = 0;
+	srp->server.xp_port = 0;
+	srp->server.xp_ops = &server_ops;
+	srp->server.xp_verf.oa_base = srp->verf_body;
+	xdrmem_create(&srp->xdr_stream, srp->_raw_buf, UDPMSGSIZE, XDR_FREE);
+	return (&srp->server);
+}
+
+static enum xprt_stat
+svcraw_stat(SVCXPRT *xprt)
+{
+
+	return (XPRT_IDLE);
+}
+
+static bool_t
+svcraw_recv(SVCXPRT *xprt, struct rpc_msg *msg)
+{
+	struct svcraw_private *srp = svcraw_private;
+	XDR *xdrs;
+
+	if (srp == 0)
+		return (0);
+	xdrs = &srp->xdr_stream;
+	xdrs->x_op = XDR_DECODE;
+	XDR_SETPOS(xdrs, 0);
+	if (! xdr_callmsg(xdrs, msg))
+	       return (FALSE);
+	return (TRUE);
+}
+
+static bool_t
+svcraw_reply(SVCXPRT *xprt, struct rpc_msg *msg)
+{
+	struct svcraw_private *srp = svcraw_private;
+	XDR *xdrs;
+
+	if (srp == 0)
+		return (FALSE);
+	xdrs = &srp->xdr_stream;
+	xdrs->x_op = XDR_ENCODE;
+	XDR_SETPOS(xdrs, 0);
+	if (! xdr_replymsg(xdrs, msg))
+	       return (FALSE);
+	(void)XDR_GETPOS(xdrs);  /* called just for overhead */
+	return (TRUE);
+}
+
+static bool_t
+svcraw_getargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr)
+{
+	struct svcraw_private *srp = svcraw_private;
+
+	if (srp == 0)
+		return (FALSE);
+	if (! (*xdr_args)(&srp->xdr_stream, args_ptr)) {
+		(void)svcraw_freeargs(xprt, xdr_args, args_ptr);
+		return FALSE;
+	}
+	return TRUE;
+}
+
+static bool_t
+svcraw_freeargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr)
+{
+	struct svcraw_private *srp = svcraw_private;
+	XDR *xdrs;
+
+	if (srp == 0)
+		return (FALSE);
+	xdrs = &srp->xdr_stream;
+	xdrs->x_op = XDR_FREE;
+	return ((*xdr_args)(xdrs, args_ptr));
+}
+
+static void
+svcraw_destroy(SVCXPRT *xprt)
+{
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_run.c b/krb5-1.21.3/src/lib/rpc/svc_run.c
new file mode 100644
index 00000000..32b8517e
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_run.c
@@ -0,0 +1,74 @@
+/* lib/rpc/svc_run.c */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is the rpc server side idle loop
+ * Wait for input, call server program.
+ */
+
+#include <gssrpc/rpc.h>
+#include <errno.h>
+
+extern int svc_maxfd;
+
+void
+svc_run(void)
+{
+#ifdef FD_SETSIZE
+	fd_set readfds;
+#else
+	int readfds;
+#endif /* def FD_SETSIZE */
+
+	for (;;) {
+#ifdef FD_SETSIZE
+		readfds = svc_fdset;
+#else
+		readfds = svc_fds;
+#endif /* def FD_SETSIZE */
+		switch (select(svc_maxfd + 1, &readfds, (fd_set *)0,
+			       (fd_set *)0, (struct timeval *)0)) {
+		case -1:
+			if (errno == EINTR) {
+				continue;
+			}
+			perror("svc_run: - select failed");
+			return;
+		case 0:
+			continue;
+		default:
+			svc_getreqset(&readfds);
+		}
+	}
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_simple.c b/krb5-1.21.3/src/lib/rpc/svc_simple.c
new file mode 100644
index 00000000..315275f5
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_simple.c
@@ -0,0 +1,150 @@
+/* @(#)svc_simple.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)svc_simple.c 1.18 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * svc_simple.c
+ * Simplified front end to rpc.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_clnt.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+static struct proglst {
+	char *(*p_progname)();
+	int  p_prognum;
+	int  p_procnum;
+	xdrproc_t p_inproc, p_outproc;
+	struct proglst *p_nxt;
+} *proglst;
+static void universal(struct svc_req *, SVCXPRT *);
+static SVCXPRT *transp;
+
+int
+registerrpc(
+	rpcprog_t prognum,
+	rpcvers_t versnum,
+	rpcproc_t procnum,
+	char *(*progname)(),
+	xdrproc_t inproc,
+	xdrproc_t outproc)
+{
+        struct proglst *pl;
+
+	if (procnum == NULLPROC) {
+		(void) fprintf(stderr,
+		    "can't reassign procedure number %d\n", NULLPROC);
+		return (-1);
+	}
+	if (transp == 0) {
+		transp = svcudp_create(RPC_ANYSOCK);
+		if (transp == NULL) {
+			(void) fprintf(stderr, "couldn't create an rpc server\n");
+			return (-1);
+		}
+	}
+	(void) pmap_unset(prognum, versnum);
+	if (!svc_register(transp, prognum, versnum, universal, IPPROTO_UDP)) {
+	    	(void) fprintf(stderr, "couldn't register prog %d vers %d\n",
+		    prognum, versnum);
+		return (-1);
+	}
+	pl = (struct proglst *)malloc(sizeof(struct proglst));
+	if (pl == NULL) {
+		(void) fprintf(stderr, "registerrpc: out of memory\n");
+		return (-1);
+	}
+	pl->p_progname = progname;
+	pl->p_prognum = prognum;
+	pl->p_procnum = procnum;
+	pl->p_inproc = inproc;
+	pl->p_outproc = outproc;
+	pl->p_nxt = proglst;
+	proglst = pl;
+	return (0);
+}
+
+static void
+universal(
+	struct svc_req *rqstp,
+	SVCXPRT *s_transp)
+{
+	int prog, proc;
+	char *outdata;
+	char xdrbuf[UDPMSGSIZE];
+	struct proglst *pl;
+
+	/*
+	 * enforce "procnum 0 is echo" convention
+	 */
+	if (rqstp->rq_proc == NULLPROC) {
+		if (svc_sendreply(s_transp, xdr_void, (char *)NULL) == FALSE) {
+			(void) fprintf(stderr, "xxx\n");
+			exit(1);
+		}
+		return;
+	}
+	prog = rqstp->rq_prog;
+	proc = rqstp->rq_proc;
+	for (pl = proglst; pl != NULL; pl = pl->p_nxt)
+		if (pl->p_prognum == prog && pl->p_procnum == proc) {
+			/* decode arguments into a CLEAN buffer */
+			memset(xdrbuf, 0, sizeof(xdrbuf)); /* required ! */
+			if (!svc_getargs(s_transp, pl->p_inproc, xdrbuf)) {
+				svcerr_decode(s_transp);
+				return;
+			}
+			outdata = (*(pl->p_progname))(xdrbuf);
+			if (outdata == NULL && pl->p_outproc != xdr_void)
+				/* there was an error */
+				return;
+			if (!svc_sendreply(s_transp, pl->p_outproc, outdata)) {
+				(void) fprintf(stderr,
+				    "trouble replying to prog %d\n",
+				    pl->p_prognum);
+				exit(1);
+			}
+			/* free the decoded arguments */
+			(void)svc_freeargs(s_transp, pl->p_inproc, xdrbuf);
+			return;
+		}
+	(void) fprintf(stderr, "never registered prog %d\n", prog);
+	exit(1);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_tcp.c b/krb5-1.21.3/src/lib/rpc/svc_tcp.c
new file mode 100644
index 00000000..56fe7b65
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_tcp.c
@@ -0,0 +1,532 @@
+/* @(#)svc_tcp.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * svc_tcp.c, Server side for TCP/IP based RPC.
+ *
+ * Actually implements two flavors of transporter -
+ * a tcp rendezvouser (a listener and connection establisher)
+ * and a record/tcp stream.
+ */
+
+#include "k5-platform.h"
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <sys/socket.h>
+#include <port-sockets.h>
+#include <socket-utils.h>
+/*extern bool_t abort();
+extern errno;
+*/
+
+#ifndef FD_SETSIZE
+#ifdef NBBY
+#define NOFILE (sizeof(int) * NBBY)
+#else
+#define NOFILE (sizeof(int) * 8)
+#endif
+#endif
+
+/*
+ * Ops vector for TCP/IP based rpc service handle
+ */
+static bool_t		svctcp_recv(SVCXPRT *, struct rpc_msg *);
+static enum xprt_stat	svctcp_stat(SVCXPRT *);
+static bool_t		svctcp_getargs(SVCXPRT *, xdrproc_t, void *);
+static bool_t		svctcp_reply(SVCXPRT *, struct rpc_msg *);
+static bool_t		svctcp_freeargs(SVCXPRT *, xdrproc_t, void *);
+static void		svctcp_destroy(SVCXPRT *);
+
+static struct xp_ops svctcp_op = {
+	svctcp_recv,
+	svctcp_stat,
+	svctcp_getargs,
+	svctcp_reply,
+	svctcp_freeargs,
+	svctcp_destroy
+};
+
+/*
+ * Ops vector for TCP/IP rendezvous handler
+ */
+static bool_t		rendezvous_request(SVCXPRT *, struct rpc_msg *);
+static bool_t		abortx(void);
+static bool_t		abortx_getargs(SVCXPRT *, xdrproc_t, void *);
+static bool_t		abortx_reply(SVCXPRT *, struct rpc_msg *);
+static bool_t		abortx_freeargs(SVCXPRT *, xdrproc_t, void *);
+static enum xprt_stat	rendezvous_stat(SVCXPRT *);
+
+static struct xp_ops svctcp_rendezvous_op = {
+	rendezvous_request,
+	rendezvous_stat,
+	abortx_getargs,
+	abortx_reply,
+	abortx_freeargs,
+	svctcp_destroy
+};
+
+static int readtcp(char *, caddr_t, int), writetcp(char *, caddr_t, int);
+static SVCXPRT *makefd_xprt(int, u_int, u_int);
+
+struct tcp_rendezvous { /* kept in xprt->xp_p1 */
+	u_int sendsize;
+	u_int recvsize;
+};
+
+struct tcp_conn {  /* kept in xprt->xp_p1 */
+	enum xprt_stat strm_stat;
+	uint32_t x_id;
+	XDR xdrs;
+	char verf_body[MAX_AUTH_BYTES];
+};
+
+/*
+ * Usage:
+ *	xprt = svctcp_create(sock, send_buf_size, recv_buf_size);
+ *
+ * Creates, registers, and returns a (rpc) tcp based transporter.
+ * Once *xprt is initialized, it is registered as a transporter
+ * see (svc.h, xprt_register).  This routine returns
+ * a NULL if a problem occurred.
+ *
+ * If sock<0 then a socket is created, else sock is used.
+ * If the socket, sock is not bound to a port then svctcp_create
+ * binds it to an arbitrary port.  The routine then starts a tcp
+ * listener on the socket's associated port.  In any (successful) case,
+ * xprt->xp_sock is the registered socket number and xprt->xp_port is the
+ * associated port number.
+ *
+ * Since tcp streams do buffered io similar to stdio, the caller can specify
+ * how big the send and receive buffers are via the second and third parms;
+ * 0 => use the system default.
+ */
+SVCXPRT *
+svctcp_create(
+        SOCKET sock,
+	u_int sendsize,
+	u_int recvsize)
+{
+	bool_t madesock = FALSE;
+	SVCXPRT *xprt;
+	struct tcp_rendezvous *r;
+	struct sockaddr_storage ss;
+	struct sockaddr *sa = (struct sockaddr *)&ss;
+	socklen_t len;
+
+	if (sock == RPC_ANYSOCK) {
+		if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
+			perror("svctcp_.c - udp socket creation problem");
+			return ((SVCXPRT *)NULL);
+		}
+		set_cloexec_fd(sock);
+		madesock = TRUE;
+		memset(&ss, 0, sizeof(ss));
+		sa->sa_family = AF_INET;
+	} else {
+		len = sizeof(struct sockaddr_storage);
+		if (getsockname(sock, sa, &len) != 0) {
+			perror("svc_tcp.c - cannot getsockname");
+			return ((SVCXPRT *)NULL);
+		}
+	}
+
+	if (bindresvport_sa(sock, sa)) {
+		sa_setport(sa, 0);
+		(void)bind(sock, sa, sa_socklen(sa));
+	}
+	len = sizeof(struct sockaddr_storage);
+	if (getsockname(sock, sa, &len) != 0) {
+		perror("svc_tcp.c - cannot getsockname");
+                if (madesock)
+                        (void)closesocket(sock);
+		return ((SVCXPRT *)NULL);
+	}
+	if (listen(sock, 2) != 0) {
+		perror("svctcp_.c - cannot listen");
+                if (madesock)
+                        (void)closesocket(sock);
+		return ((SVCXPRT *)NULL);
+	}
+	r = (struct tcp_rendezvous *)mem_alloc(sizeof(*r));
+	if (r == NULL) {
+		(void) fprintf(stderr, "svctcp_create: out of memory\n");
+		return (NULL);
+	}
+	r->sendsize = sendsize;
+	r->recvsize = recvsize;
+	xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
+	if (xprt == NULL) {
+		(void) fprintf(stderr, "svctcp_create: out of memory\n");
+		return (NULL);
+	}
+	xprt->xp_p2 = NULL;
+	xprt->xp_p1 = (caddr_t)r;
+	xprt->xp_auth = NULL;
+	xprt->xp_verf = gssrpc__null_auth;
+	xprt->xp_ops = &svctcp_rendezvous_op;
+	xprt->xp_port = sa_getport(sa);
+	xprt->xp_sock = sock;
+	xprt->xp_laddrlen = 0;
+	xprt_register(xprt);
+	return (xprt);
+}
+
+/*
+ * Like svtcp_create(), except the routine takes any *open* UNIX file
+ * descriptor as its first input.
+ */
+SVCXPRT *
+svcfd_create(
+	int fd,
+	u_int sendsize,
+	u_int recvsize)
+{
+
+	return (makefd_xprt(fd, sendsize, recvsize));
+}
+
+static SVCXPRT *
+makefd_xprt(
+	int fd,
+	u_int sendsize,
+	u_int recvsize)
+{
+	SVCXPRT *xprt;
+	struct tcp_conn *cd;
+
+#ifdef FD_SETSIZE
+	if (fd >= FD_SETSIZE) {
+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+		xprt = NULL;
+		goto done;
+	}
+#else
+	if (fd >= NOFILE) {
+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
+		xprt = NULL;
+		goto done;
+	}
+#endif
+	xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
+	if (xprt == (SVCXPRT *)NULL) {
+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
+		goto done;
+	}
+	cd = (struct tcp_conn *)mem_alloc(sizeof(struct tcp_conn));
+	if (cd == (struct tcp_conn *)NULL) {
+		(void) fprintf(stderr, "svc_tcp: makefd_xprt: out of memory\n");
+		mem_free((char *) xprt, sizeof(SVCXPRT));
+		xprt = (SVCXPRT *)NULL;
+		goto done;
+	}
+	cd->strm_stat = XPRT_IDLE;
+	xdrrec_create(&(cd->xdrs), sendsize, recvsize,
+	    (caddr_t)xprt, readtcp, writetcp);
+	xprt->xp_p2 = NULL;
+	xprt->xp_p1 = (caddr_t)cd;
+	xprt->xp_auth = NULL;
+	xprt->xp_verf.oa_base = cd->verf_body;
+	xprt->xp_addrlen = 0;
+	xprt->xp_laddrlen = 0;
+	xprt->xp_ops = &svctcp_op;  /* truly deals with calls */
+	xprt->xp_port = 0;  /* this is a connection, not a rendezvouser */
+	xprt->xp_sock = fd;
+	xprt_register(xprt);
+    done:
+	return (xprt);
+}
+
+static bool_t
+rendezvous_request(
+	SVCXPRT *xprt,
+	struct rpc_msg *msg)
+{
+        SOCKET sock;
+	struct tcp_rendezvous *r;
+	struct sockaddr_in addr, laddr;
+	socklen_t len, llen;
+
+	r = (struct tcp_rendezvous *)xprt->xp_p1;
+    again:
+	len = llen = sizeof(struct sockaddr_in);
+	if ((sock = accept(xprt->xp_sock, (struct sockaddr *)&addr,
+	    &len)) < 0) {
+		if (errno == EINTR)
+			goto again;
+	       return (FALSE);
+	}
+	set_cloexec_fd(sock);
+	if (getsockname(sock, (struct sockaddr *) &laddr, &llen) < 0)
+	     return (FALSE);
+
+	/*
+	 * make a new transporter (re-uses xprt)
+	 */
+	xprt = makefd_xprt(sock, r->sendsize, r->recvsize);
+	if (xprt == NULL) {
+                (void)closesocket(sock);
+		return (FALSE);
+	}
+	xprt->xp_raddr = addr;
+	xprt->xp_addrlen = len;
+	xprt->xp_laddr = laddr;
+	xprt->xp_laddrlen = llen;
+	return (FALSE); /* there is never an rpc msg to be processed */
+}
+
+static enum xprt_stat
+rendezvous_stat(SVCXPRT *xprt)
+{
+
+	return (XPRT_IDLE);
+}
+
+static void
+svctcp_destroy(SVCXPRT *xprt)
+{
+	struct tcp_conn *cd = xprt->xp_p1;
+
+	xprt_unregister(xprt);
+        (void)closesocket(xprt->xp_sock);
+	if (xprt->xp_port != 0) {
+		/* a rendezvouser socket */
+		xprt->xp_port = 0;
+	} else {
+		/* an actual connection socket */
+		XDR_DESTROY(&(cd->xdrs));
+	}
+	if (xprt->xp_auth != NULL) {
+		SVCAUTH_DESTROY(xprt->xp_auth);
+		xprt->xp_auth = NULL;
+	}
+	mem_free((caddr_t)cd, sizeof(struct tcp_conn));
+	mem_free((caddr_t)xprt, sizeof(SVCXPRT));
+}
+
+/*
+ * All read operations timeout after 35 seconds.
+ * A timeout is fatal for the connection.
+ */
+static struct timeval wait_per_try = { 35, 0 };
+
+/*
+ * reads data from the tcp connection.
+ * any error is fatal and the connection is closed.
+ * (And a read of zero bytes is a half closed stream => error.)
+ */
+static int
+readtcp(
+        char *xprtptr,
+	caddr_t buf,
+	int len)
+{
+	SVCXPRT *xprt = (void *)xprtptr;
+	int sock = xprt->xp_sock;
+	struct timeval tout;
+#ifdef FD_SETSIZE
+	fd_set mask;
+	fd_set readfds;
+
+	FD_ZERO(&mask);
+	FD_SET(sock, &mask);
+#else
+	int mask = 1 << sock;
+	int readfds;
+#endif /* def FD_SETSIZE */
+#ifdef FD_SETSIZE
+#define loopcond (!FD_ISSET(sock, &readfds))
+#else
+#define loopcond (readfds != mask)
+#endif
+	do {
+		readfds = mask;
+		tout = wait_per_try;
+		if (select(sock + 1, &readfds, (fd_set*)NULL,
+			   (fd_set*)NULL, &tout) <= 0) {
+			if (errno == EINTR) {
+				continue;
+			}
+			goto fatal_err;
+		}
+	} while (loopcond);
+	if ((len = read(sock, buf, (size_t) len)) > 0) {
+		return (len);
+	}
+fatal_err:
+	((struct tcp_conn *)(xprt->xp_p1))->strm_stat = XPRT_DIED;
+	return (-1);
+}
+
+/*
+ * writes data to the tcp connection.
+ * Any error is fatal and the connection is closed.
+ */
+static int
+writetcp(
+	char *xprtptr,
+	caddr_t buf,
+	int len)
+{
+	SVCXPRT *xprt = (void *)xprtptr;
+	int i, cnt;
+
+	for (cnt = len; cnt > 0; cnt -= i, buf += i) {
+		if ((i = write(xprt->xp_sock, buf, (size_t) cnt)) < 0) {
+			((struct tcp_conn *)(xprt->xp_p1))->strm_stat =
+			    XPRT_DIED;
+			return (-1);
+		}
+	}
+	return (len);
+}
+
+static enum xprt_stat
+svctcp_stat(SVCXPRT *xprt)
+{
+	struct tcp_conn *cd = xprt->xp_p1;
+
+	if (cd->strm_stat == XPRT_DIED)
+		return (XPRT_DIED);
+	if (! xdrrec_eof(&(cd->xdrs)))
+		return (XPRT_MOREREQS);
+	return (XPRT_IDLE);
+}
+
+static bool_t
+svctcp_recv(
+	SVCXPRT *xprt,
+	struct rpc_msg *msg)
+{
+	struct tcp_conn *cd = xprt->xp_p1;
+	XDR *xdrs = &cd->xdrs;
+
+	xdrs->x_op = XDR_DECODE;
+	(void)xdrrec_skiprecord(xdrs);
+	if (xdr_callmsg(xdrs, msg)) {
+		cd->x_id = msg->rm_xid;
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+static bool_t
+svctcp_getargs(
+	SVCXPRT *xprt,
+	xdrproc_t xdr_args,
+	void *args_ptr)
+{
+	if (! SVCAUTH_UNWRAP(xprt->xp_auth,
+			     &(((struct tcp_conn *)(xprt->xp_p1))->xdrs),
+			     xdr_args, args_ptr)) {
+		(void)svctcp_freeargs(xprt, xdr_args, args_ptr);
+		return FALSE;
+	}
+	return TRUE;
+}
+
+static bool_t
+svctcp_freeargs(
+	SVCXPRT *xprt,
+	xdrproc_t xdr_args,
+	void * args_ptr)
+{
+	XDR *xdrs = &((struct tcp_conn *)(xprt->xp_p1))->xdrs;
+
+	xdrs->x_op = XDR_FREE;
+	return ((*xdr_args)(xdrs, args_ptr));
+}
+
+static bool_t svctcp_reply(
+	SVCXPRT *xprt,
+	struct rpc_msg *msg)
+{
+	struct tcp_conn *cd = xprt->xp_p1;
+	XDR *xdrs = &cd->xdrs;
+	bool_t stat;
+
+	xdrproc_t xdr_results = NULL;
+	caddr_t xdr_location = 0;
+	bool_t has_args;
+
+	if (msg->rm_reply.rp_stat == MSG_ACCEPTED &&
+	    msg->rm_reply.rp_acpt.ar_stat == SUCCESS) {
+		has_args = TRUE;
+		xdr_results = msg->acpted_rply.ar_results.proc;
+		xdr_location = msg->acpted_rply.ar_results.where;
+
+		msg->acpted_rply.ar_results.proc = xdr_void;
+		msg->acpted_rply.ar_results.where = NULL;
+	} else
+		has_args = FALSE;
+
+	xdrs->x_op = XDR_ENCODE;
+	msg->rm_xid = cd->x_id;
+	stat = FALSE;
+	if (xdr_replymsg(xdrs, msg) &&
+	    (!has_args ||
+	     (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
+		stat = TRUE;
+	}
+	(void)xdrrec_endofrecord(xdrs, TRUE);
+	return (stat);
+}
+
+static bool_t abortx(void)
+{
+	abort();
+	return 1;
+}
+
+static bool_t abortx_getargs(
+	SVCXPRT *xprt,
+	xdrproc_t proc,
+	void *info)
+{
+	return abortx();
+}
+
+static bool_t abortx_reply(SVCXPRT *xprt, struct rpc_msg *msg)
+{
+	return abortx();
+}
+
+static bool_t abortx_freeargs(
+	SVCXPRT *xprt, xdrproc_t proc,
+	void * info)
+{
+	return abortx();
+}
diff --git a/krb5-1.21.3/src/lib/rpc/svc_udp.c b/krb5-1.21.3/src/lib/rpc/svc_udp.c
new file mode 100644
index 00000000..8ecbdf2b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/svc_udp.c
@@ -0,0 +1,545 @@
+/* @(#)svc_udp.c	2.2 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)svc_udp.c 1.24 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * svc_udp.c,
+ * Server side for UDP/IP based RPC.  (Does some caching in the hopes of
+ * achieving execute-at-most-once semantics.)
+ */
+
+#include "k5-platform.h"
+#include <unistd.h>
+#include <gssrpc/rpc.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UIO_H
+#include <sys/uio.h>
+#endif
+#include <port-sockets.h>
+#include <socket-utils.h>
+
+
+#ifndef GETSOCKNAME_ARG3_TYPE
+#define GETSOCKNAME_ARG3_TYPE int
+#endif
+
+#define rpc_buffer(xprt) ((xprt)->xp_p1)
+#ifndef MAX
+#define MAX(a, b)     ((a > b) ? a : b)
+#endif
+
+static bool_t		svcudp_recv(SVCXPRT *, struct rpc_msg *);
+static bool_t		svcudp_reply(SVCXPRT *, struct rpc_msg *);
+static enum xprt_stat	svcudp_stat(SVCXPRT *);
+static bool_t		svcudp_getargs(SVCXPRT *, xdrproc_t, void *);
+static bool_t		svcudp_freeargs(SVCXPRT *, xdrproc_t, void *);
+static void		svcudp_destroy(SVCXPRT *);
+
+static void cache_set(SVCXPRT *, uint32_t);
+static int cache_get(SVCXPRT *, struct rpc_msg *, char **, uint32_t *);
+
+static struct xp_ops svcudp_op = {
+	svcudp_recv,
+	svcudp_stat,
+	svcudp_getargs,
+	svcudp_reply,
+	svcudp_freeargs,
+	svcudp_destroy
+};
+
+
+/*
+ * kept in xprt->xp_p2
+ */
+struct svcudp_data {
+	u_int   su_iosz;	/* byte size of send.recv buffer */
+	uint32_t	su_xid;		/* transaction id */
+	XDR	su_xdrs;	/* XDR handle */
+	char	su_verfbody[MAX_AUTH_BYTES];	/* verifier body */
+	void * 	su_cache;	/* cached data, NULL if no cache */
+};
+#define	su_data(xprt)	((struct svcudp_data *)(xprt->xp_p2))
+
+/*
+ * Usage:
+ *	xprt = svcudp_create(sock);
+ *
+ * If sock<0 then a socket is created, else sock is used.
+ * If the socket, sock is not bound to a port then svcudp_create
+ * binds it to an arbitrary port.  In any (successful) case,
+ * xprt->xp_sock is the registered socket number and xprt->xp_port is the
+ * associated port number.
+ * Once *xprt is initialized, it is registered as a transporter;
+ * see (svc.h, xprt_register).
+ * The routines returns NULL if a problem occurred.
+ */
+SVCXPRT *
+svcudp_bufcreate(
+	int sock,
+	u_int sendsz,
+	u_int recvsz)
+{
+	bool_t madesock = FALSE;
+	SVCXPRT *xprt;
+	struct svcudp_data *su;
+	struct sockaddr_storage ss;
+	struct sockaddr *sa = (struct sockaddr *)&ss;
+	socklen_t len;
+
+	if (sock == RPC_ANYSOCK) {
+		if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
+			perror("svcudp_create: socket creation problem");
+			return ((SVCXPRT *)NULL);
+		}
+		set_cloexec_fd(sock);
+		madesock = TRUE;
+		memset(&ss, 0, sizeof(ss));
+		sa->sa_family = AF_INET;
+	} else {
+		len = sizeof(struct sockaddr_storage);
+		if (getsockname(sock, sa, &len) < 0) {
+			perror("svcudp_create - cannot getsockname");
+			return ((SVCXPRT *)NULL);
+		}
+	}
+
+	if (bindresvport_sa(sock, sa)) {
+		sa_setport(sa, 0);
+		(void)bind(sock, sa, sa_socklen(sa));
+	}
+	len = sizeof(struct sockaddr_storage);
+	if (getsockname(sock, sa, &len) != 0) {
+		perror("svcudp_create - cannot getsockname");
+		if (madesock)
+			(void)close(sock);
+		return ((SVCXPRT *)NULL);
+	}
+	xprt = (SVCXPRT *)mem_alloc(sizeof(SVCXPRT));
+	if (xprt == NULL) {
+		(void)fprintf(stderr, "svcudp_create: out of memory\n");
+		return (NULL);
+	}
+	su = (struct svcudp_data *)mem_alloc(sizeof(*su));
+	if (su == NULL) {
+		(void)fprintf(stderr, "svcudp_create: out of memory\n");
+		return (NULL);
+	}
+	su->su_iosz = ((MAX(sendsz, recvsz) + 3) / 4) * 4;
+	if ((rpc_buffer(xprt) = mem_alloc(su->su_iosz)) == NULL) {
+		(void)fprintf(stderr, "svcudp_create: out of memory\n");
+		return (NULL);
+	}
+	xdrmem_create(
+	    &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE);
+	su->su_cache = NULL;
+	xprt->xp_p2 = (caddr_t)su;
+	xprt->xp_auth = NULL;
+	xprt->xp_verf.oa_base = su->su_verfbody;
+	xprt->xp_ops = &svcudp_op;
+	xprt->xp_port = sa_getport(sa);
+	xprt->xp_sock = sock;
+	xprt_register(xprt);
+	return (xprt);
+}
+
+SVCXPRT *
+svcudp_create(int sock)
+{
+
+	return(svcudp_bufcreate(sock, UDPMSGSIZE, UDPMSGSIZE));
+}
+
+static enum xprt_stat
+svcudp_stat(SVCXPRT *xprt)
+{
+
+	return (XPRT_IDLE);
+}
+
+static bool_t
+svcudp_recv(
+	SVCXPRT *xprt,
+	struct rpc_msg *msg)
+{
+        struct msghdr dummy;
+	struct iovec dummy_iov[1];
+	struct svcudp_data *su = su_data(xprt);
+	XDR *xdrs = &su->su_xdrs;
+	int rlen;
+	char *reply;
+	uint32_t replylen;
+	socklen_t addrlen;
+
+    again:
+	memset(&dummy, 0, sizeof(dummy));
+	dummy_iov[0].iov_base = rpc_buffer(xprt);
+	dummy_iov[0].iov_len = (int) su->su_iosz;
+	dummy.msg_iov = dummy_iov;
+	dummy.msg_iovlen = 1;
+	dummy.msg_namelen = xprt->xp_laddrlen = sizeof(struct sockaddr_in);
+	dummy.msg_name = (char *) &xprt->xp_laddr;
+	rlen = recvmsg(xprt->xp_sock, &dummy, MSG_PEEK);
+	if (rlen == -1) {
+	     if (errno == EINTR)
+		  goto again;
+	     else
+		  return (FALSE);
+	}
+
+	addrlen = sizeof(struct sockaddr_in);
+	rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz,
+	    0, (struct sockaddr *)&(xprt->xp_raddr), &addrlen);
+	if (rlen == -1 && errno == EINTR)
+		goto again;
+	if (rlen < (int) (4*sizeof(uint32_t)))
+		return (FALSE);
+	xprt->xp_addrlen = addrlen;
+	xdrs->x_op = XDR_DECODE;
+	XDR_SETPOS(xdrs, 0);
+	if (! xdr_callmsg(xdrs, msg))
+		return (FALSE);
+	su->su_xid = msg->rm_xid;
+	if (su->su_cache != NULL) {
+		if (cache_get(xprt, msg, &reply, &replylen)) {
+			(void) sendto(xprt->xp_sock, reply, (int) replylen, 0,
+			  (struct sockaddr *) &xprt->xp_raddr, xprt->xp_addrlen);
+			return (TRUE);
+		}
+	}
+	return (TRUE);
+}
+
+static bool_t svcudp_reply(
+	SVCXPRT *xprt,
+	struct rpc_msg *msg)
+{
+     struct svcudp_data *su = su_data(xprt);
+     XDR *xdrs = &su->su_xdrs;
+     int slen;
+     bool_t stat = FALSE;
+
+     xdrproc_t xdr_results = NULL;
+     caddr_t xdr_location = 0;
+     bool_t has_args;
+
+     if (msg->rm_reply.rp_stat == MSG_ACCEPTED &&
+	 msg->rm_reply.rp_acpt.ar_stat == SUCCESS) {
+	  has_args = TRUE;
+	  xdr_results = msg->acpted_rply.ar_results.proc;
+	  xdr_location = msg->acpted_rply.ar_results.where;
+
+	  msg->acpted_rply.ar_results.proc = xdr_void;
+	  msg->acpted_rply.ar_results.where = NULL;
+     } else
+	  has_args = FALSE;
+
+     xdrs->x_op = XDR_ENCODE;
+     XDR_SETPOS(xdrs, 0);
+     msg->rm_xid = su->su_xid;
+     if (xdr_replymsg(xdrs, msg) &&
+	 (!has_args ||
+	  (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) {
+	  slen = (int)XDR_GETPOS(xdrs);
+	  if (sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0,
+		     (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen)
+	      == slen) {
+	       stat = TRUE;
+	       if (su->su_cache && slen >= 0) {
+		    cache_set(xprt, (uint32_t) slen);
+	       }
+	  }
+     }
+     return (stat);
+}
+
+static bool_t
+svcudp_getargs(
+	SVCXPRT *xprt,
+	xdrproc_t xdr_args,
+	void * args_ptr)
+{
+	if (! SVCAUTH_UNWRAP(xprt->xp_auth, &(su_data(xprt)->su_xdrs),
+			     xdr_args, args_ptr)) {
+		(void)svcudp_freeargs(xprt, xdr_args, args_ptr);
+		return FALSE;
+	}
+	return TRUE;
+}
+
+static bool_t
+svcudp_freeargs(
+	SVCXPRT *xprt,
+	xdrproc_t xdr_args,
+	void * args_ptr)
+{
+	XDR *xdrs = &su_data(xprt)->su_xdrs;
+
+	xdrs->x_op = XDR_FREE;
+	return ((*xdr_args)(xdrs, args_ptr));
+}
+
+static void
+svcudp_destroy(SVCXPRT *xprt)
+{
+	struct svcudp_data *su = su_data(xprt);
+
+	xprt_unregister(xprt);
+        if (xprt->xp_sock != INVALID_SOCKET)
+                (void)closesocket(xprt->xp_sock);
+        xprt->xp_sock = INVALID_SOCKET;
+	if (xprt->xp_auth != NULL) {
+		SVCAUTH_DESTROY(xprt->xp_auth);
+		xprt->xp_auth = NULL;
+	}
+	XDR_DESTROY(&(su->su_xdrs));
+	mem_free(rpc_buffer(xprt), su->su_iosz);
+	mem_free((caddr_t)su, sizeof(struct svcudp_data));
+	mem_free((caddr_t)xprt, sizeof(SVCXPRT));
+}
+
+
+/***********this could be a separate file*********************/
+
+/*
+ * Fifo cache for udp server
+ * Copies pointers to reply buffers into fifo cache
+ * Buffers are sent again if retransmissions are detected.
+ */
+
+#define SPARSENESS 4	/* 75% sparse */
+
+#define CACHE_PERROR(msg)	\
+	(void) fprintf(stderr,"%s\n", msg)
+
+#define ALLOC(type, size)	\
+	(type *) mem_alloc((unsigned) (sizeof(type) * (size)))
+
+#define BZERO(addr, type, size)	 \
+	memset(addr, 0, sizeof(type) * (int) (size))
+
+/*
+ * An entry in the cache
+ */
+typedef struct cache_node *cache_ptr;
+struct cache_node {
+	/*
+	 * Index into cache is xid, proc, vers, prog and address
+	 */
+	uint32_t cache_xid;
+	rpcproc_t cache_proc;
+	rpcvers_t cache_vers;
+	rpcprog_t cache_prog;
+	struct sockaddr_in cache_addr;
+	/*
+	 * The cached reply and length
+	 */
+	char * cache_reply;
+	uint32_t cache_replylen;
+	/*
+ 	 * Next node on the list, if there is a collision
+	 */
+	cache_ptr cache_next;
+};
+
+
+
+/*
+ * The entire cache
+ */
+struct udp_cache {
+	uint32_t uc_size;		/* size of cache */
+	cache_ptr *uc_entries;	/* hash table of entries in cache */
+	cache_ptr *uc_fifo;	/* fifo list of entries in cache */
+	uint32_t uc_nextvictim;	/* points to next victim in fifo list */
+	rpcprog_t uc_prog;		/* saved program number */
+	rpcvers_t uc_vers;		/* saved version number */
+	rpcproc_t uc_proc;		/* saved procedure number */
+	struct sockaddr_in uc_addr; /* saved caller's address */
+};
+
+
+/*
+ * the hashing function
+ */
+#define CACHE_LOC(transp, xid)	\
+ (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size))
+
+
+/*
+ * Enable use of the cache.
+ * Note: there is no disable.
+ */
+int
+svcudp_enablecache(
+	SVCXPRT *transp,
+	uint32_t size)
+{
+	struct svcudp_data *su = su_data(transp);
+	struct udp_cache *uc;
+
+	if (su->su_cache != NULL) {
+		CACHE_PERROR("enablecache: cache already enabled");
+		return(0);
+	}
+	uc = ALLOC(struct udp_cache, 1);
+	if (uc == NULL) {
+		CACHE_PERROR("enablecache: could not allocate cache");
+		return(0);
+	}
+	uc->uc_size = size;
+	uc->uc_nextvictim = 0;
+	uc->uc_entries = ALLOC(cache_ptr, size * SPARSENESS);
+	if (uc->uc_entries == NULL) {
+		CACHE_PERROR("enablecache: could not allocate cache data");
+		return(0);
+	}
+	BZERO(uc->uc_entries, cache_ptr, size * SPARSENESS);
+	uc->uc_fifo = ALLOC(cache_ptr, size);
+	if (uc->uc_fifo == NULL) {
+		CACHE_PERROR("enablecache: could not allocate cache fifo");
+		return(0);
+	}
+	BZERO(uc->uc_fifo, cache_ptr, size);
+	su->su_cache = (char *) uc;
+	return(1);
+}
+
+
+/*
+ * Set an entry in the cache
+ */
+static void
+cache_set(
+	SVCXPRT *xprt,
+	uint32_t replylen)
+{
+	cache_ptr victim;
+	cache_ptr *vicp;
+	struct svcudp_data *su = su_data(xprt);
+	struct udp_cache *uc = (struct udp_cache *) su->su_cache;
+	u_int loc;
+	char *newbuf;
+
+	/*
+ 	 * Find space for the new entry, either by
+	 * reusing an old entry, or by mallocing a new one
+	 */
+	victim = uc->uc_fifo[uc->uc_nextvictim];
+	if (victim != NULL) {
+		loc = CACHE_LOC(xprt, victim->cache_xid);
+		for (vicp = &uc->uc_entries[loc];
+		  *vicp != NULL && *vicp != victim;
+		  vicp = &(*vicp)->cache_next)
+				;
+		if (*vicp == NULL) {
+			CACHE_PERROR("cache_set: victim not found");
+			return;
+		}
+		*vicp = victim->cache_next;	/* remote from cache */
+		newbuf = victim->cache_reply;
+	} else {
+		victim = ALLOC(struct cache_node, 1);
+		if (victim == NULL) {
+			CACHE_PERROR("cache_set: victim alloc failed");
+			return;
+		}
+		newbuf = mem_alloc(su->su_iosz);
+		if (newbuf == NULL) {
+			CACHE_PERROR("cache_set: could not allocate new rpc_buffer");
+			free(victim);
+			return;
+		}
+	}
+
+	/*
+	 * Store it away
+	 */
+	victim->cache_replylen = replylen;
+	victim->cache_reply = rpc_buffer(xprt);
+	rpc_buffer(xprt) = newbuf;
+	xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_ENCODE);
+	victim->cache_xid = su->su_xid;
+	victim->cache_proc = uc->uc_proc;
+	victim->cache_vers = uc->uc_vers;
+	victim->cache_prog = uc->uc_prog;
+	victim->cache_addr = uc->uc_addr;
+	loc = CACHE_LOC(xprt, victim->cache_xid);
+	victim->cache_next = uc->uc_entries[loc];
+	uc->uc_entries[loc] = victim;
+	uc->uc_fifo[uc->uc_nextvictim++] = victim;
+	uc->uc_nextvictim %= uc->uc_size;
+}
+
+/*
+ * Try to get an entry from the cache
+ * return 1 if found, 0 if not found
+ */
+static int
+cache_get(
+	SVCXPRT *xprt,
+	struct rpc_msg *msg,
+	char **replyp,
+	uint32_t *replylenp)
+{
+	u_int loc;
+	cache_ptr ent;
+	struct svcudp_data *su = su_data(xprt);
+	struct udp_cache *uc = su->su_cache;
+
+#	define EQADDR(a1, a2) (memcmp((char*)&a1, (char*)&a2, sizeof(a1)) == 0)
+
+	loc = CACHE_LOC(xprt, su->su_xid);
+	for (ent = uc->uc_entries[loc]; ent != NULL; ent = ent->cache_next) {
+		if (ent->cache_xid == su->su_xid &&
+		  ent->cache_proc == uc->uc_proc &&
+		  ent->cache_vers == uc->uc_vers &&
+		  ent->cache_prog == uc->uc_prog &&
+		  EQADDR(ent->cache_addr, uc->uc_addr)) {
+			*replyp = ent->cache_reply;
+			*replylenp = ent->cache_replylen;
+			return(1);
+		}
+	}
+	/*
+	 * Failed to find entry
+	 * Remember a few things so we can do a set later
+	 */
+	uc->uc_proc = msg->rm_call.cb_proc;
+	uc->uc_vers = msg->rm_call.cb_vers;
+	uc->uc_prog = msg->rm_call.cb_prog;
+	uc->uc_addr = xprt->xp_raddr;
+	return(0);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/Makefile.in b/krb5-1.21.3/src/lib/rpc/unit-test/Makefile.in
new file mode 100644
index 00000000..309ae2b2
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/Makefile.in
@@ -0,0 +1,38 @@
+mydir=lib$(S)rpc$(S)unit-test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+OBJS= client.o rpc_test_clnt.o rpc_test_svc.o server.o
+SRCS= client.c rpc_test_clnt.c rpc_test_svc.c server.c
+
+all: client server
+
+client: client.o rpc_test_clnt.o $(GSSRPC_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o client client.o rpc_test_clnt.o \
+		$(GSSRPC_LIBS) $(KRB5_BASE_LIBS)
+
+server: server.o rpc_test_svc.o $(GSSRPC_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o server server.o rpc_test_svc.o \
+		$(GSSRPC_LIBS) $(KRB5_BASE_LIBS)
+
+client.o server.o: rpc_test.h
+
+# If rpc_test.h and rpc_test_*.c do not work on your system, you can
+# try using rpcgen by uncommenting these lines (be sure to uncomment
+# then in the generated not Makefile.in).
+# rpc_test.h rpc_test_clnt.c rpc_test_svc.c: rpc_test.x
+# 	-rm -f rpc_test_clnt.c rpc_test_svc.c rpc_test.h
+# 	-ln -s $(srcdir)/rpc_test.x .
+# 	rpcgen -l rpc_test.x -o rpc_test_clnt.c
+# 	rpcgen -m rpc_test.x -o rpc_test_svc.c
+# 	rpcgen -h rpc_test.x -o rpc_test.h
+# 
+# clean:
+# 	rm -f rpc_test.h rpc_test_clnt.c rpc_test_svc.c
+# 
+
+check-pytests:
+	$(RUNPYTEST) $(srcdir)/t_rpc.py $(PYTESTFLAGS)
+
+clean:
+	$(RM) server client
+
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/client.c b/krb5-1.21.3/src/lib/rpc/unit-test/client.c
new file mode 100644
index 00000000..c9a812bc
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/client.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ *
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#include <string.h>
+#include <netdb.h>
+#include <sys/socket.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <gssrpc/rpc.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/auth_gssapi.h>
+#include "rpc_test.h"
+
+#define BIG_BUF 4096
+/* copied from auth_gssapi.c for hackery */
+struct auth_gssapi_data {
+     bool_t established;
+     CLIENT *clnt;
+     gss_ctx_id_t context;
+     gss_buffer_desc client_handle;
+     OM_uint32 seq_num;
+     int def_cred;
+
+     /* pre-serialized ah_cred */
+     u_char cred_buf[MAX_AUTH_BYTES];
+     int32_t cred_len;
+};
+#define AUTH_PRIVATE(auth) ((struct auth_gssapi_data *)auth->ah_private)
+
+extern int auth_debug_gssapi;
+char *whoami;
+
+#ifdef __GNUC__
+__attribute__((noreturn))
+#endif
+static void usage()
+{
+     fprintf(stderr, "usage: %s {-t|-u} [-a] [-s num] [-m num] host service [count]\n",
+	     whoami);
+     exit(1);
+}
+
+int
+main(argc, argv)
+   int argc;
+   char **argv;
+{
+     char        *host, *port, *target, *echo_arg, **echo_resp, buf[BIG_BUF];
+     CLIENT      *clnt;
+     AUTH	 *tmp_auth;
+     struct rpc_err e;
+     int auth_once, sock, use_tcp;
+     unsigned int count, i;
+     extern int optind;
+     extern char *optarg;
+     extern int svc_debug_gssapi, misc_debug_gssapi, auth_debug_gssapi;
+     int c;
+     struct sockaddr_in sin;
+     struct hostent *h;
+     struct timeval tv;
+
+     extern int krb5_gss_dbg_client_expcreds;
+     krb5_gss_dbg_client_expcreds = 1;
+
+     whoami = argv[0];
+     count = 1026;
+     auth_once = 0;
+     use_tcp = -1;
+
+     while ((c = getopt(argc, argv, "a:m:os:tu")) != -1) {
+	  switch (c) {
+	  case 'a':
+	       auth_debug_gssapi = atoi(optarg);
+	       break;
+	  case 'm':
+	       misc_debug_gssapi = atoi(optarg);
+	       break;
+	  case 'o':
+	       auth_once++;
+	       break;
+	  case 's':
+	       svc_debug_gssapi = atoi(optarg);
+	       break;
+	  case 't':
+	       use_tcp = 1;
+	       break;
+	  case 'u':
+	       use_tcp = 0;
+	       break;
+	  case '?':
+	       usage();
+	       break;
+	  }
+     }
+     if (use_tcp == -1)
+	  usage();
+
+     argv += optind;
+     argc -= optind;
+
+     switch (argc) {
+     case 4:
+	  count = atoi(argv[3]);
+	  if (count > BIG_BUF-1) {
+	    fprintf(stderr, "Test count cannot exceed %d.\n", BIG_BUF-1);
+	    usage();
+	  }
+     case 3:
+	  host = argv[0];
+	  port = argv[1];
+	  target = argv[2];
+	  break;
+     default:
+	  usage();
+     }
+
+     /* get server address */
+     h = gethostbyname(host);
+     if (h == NULL) {
+	 fprintf(stderr, "Can't resolve hostname %s\n", host);
+	 exit(1);
+     }
+     memset(&sin, 0, sizeof(sin));
+     sin.sin_family = h->h_addrtype;
+     sin.sin_port = ntohs(atoi(port));
+     memmove(&sin.sin_addr, h->h_addr, sizeof(sin.sin_addr));
+
+     /* client handle to rstat */
+     sock = RPC_ANYSOCK;
+     if (use_tcp) {
+	 clnt = clnttcp_create(&sin, RPC_TEST_PROG, RPC_TEST_VERS_1, &sock, 0,
+			       0);
+     } else {
+	 tv.tv_sec = 5;
+	 tv.tv_usec = 0;
+	 clnt = clntudp_create(&sin, RPC_TEST_PROG, RPC_TEST_VERS_1, tv,
+			       &sock);
+     }
+     if (clnt == NULL) {
+	  clnt_pcreateerror(whoami);
+	  exit(1);
+     }
+
+     clnt->cl_auth = auth_gssapi_create_default(clnt, target);
+     if (clnt->cl_auth == NULL) {
+	  clnt_pcreateerror(whoami);
+	  exit(2);
+     }
+
+     /*
+      * Call the echo service multiple times.
+      */
+     echo_arg = buf;
+     for (i = 0; i < 3; i++) {
+	  snprintf(buf, sizeof(buf), "testing %d\n", i);
+
+	  echo_resp = rpc_test_echo_1(&echo_arg, clnt);
+	  if (echo_resp == NULL) {
+	       fprintf(stderr, "RPC_TEST_ECHO call %d%s", i,
+		       clnt_sperror(clnt, ""));
+	  }
+	  if (strncmp(*echo_resp, "Echo: ", 6) &&
+	      strcmp(echo_arg, (*echo_resp) + 6) != 0)
+	       fprintf(stderr, "RPC_TEST_ECHO call %d response wrong: "
+		       "arg = %s, resp = %s\n", i, echo_arg, *echo_resp);
+	  gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+     }
+
+     /*
+      * Make a call with an invalid verifier and check for error;
+      * server should log error message.  It is important to
+      *increment* seq_num here, since a decrement would be fixed (see
+      * below).  Note that seq_num will be incremented (by
+      * authg_gssapi_refresh) twice, so we need to decrement by three
+      * to reset.
+      */
+     AUTH_PRIVATE(clnt->cl_auth)->seq_num++;
+
+     echo_arg = "testing with bad verf";
+
+     echo_resp = rpc_test_echo_1(&echo_arg, clnt);
+     if (echo_resp == NULL) {
+	  CLNT_GETERR(clnt, &e);
+	  if (e.re_status != RPC_AUTHERROR || e.re_why != AUTH_REJECTEDVERF)
+	       clnt_perror(clnt, whoami);
+     } else {
+	  fprintf(stderr, "bad seq didn't cause failure\n");
+	  gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+     }
+
+     AUTH_PRIVATE(clnt->cl_auth)->seq_num -= 3;
+
+     /*
+      * Make sure we're resyncronized.
+      */
+     echo_arg = "testing for reset";
+     echo_resp = rpc_test_echo_1(&echo_arg, clnt);
+     if (echo_resp == NULL)
+	  clnt_perror(clnt, "Sequence number improperly reset");
+     else
+	  gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+
+     /*
+      * Now simulate a lost server response, and see if
+      * auth_gssapi_refresh recovers.
+      */
+     AUTH_PRIVATE(clnt->cl_auth)->seq_num--;
+     echo_arg = "forcing auto-resynchronization";
+     echo_resp = rpc_test_echo_1(&echo_arg, clnt);
+     if (echo_resp == NULL)
+	  clnt_perror(clnt, "Auto-resynchronization failed");
+     else
+	  gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+
+     /*
+      * Now make sure auto-resyncrhonization actually worked
+      */
+     echo_arg = "testing for resynchronization";
+     echo_resp = rpc_test_echo_1(&echo_arg, clnt);
+     if (echo_resp == NULL)
+	  clnt_perror(clnt, "Auto-resynchronization did not work");
+     else
+	  gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+
+     if (! auth_once) {
+	  tmp_auth = clnt->cl_auth;
+	  clnt->cl_auth = auth_gssapi_create_default(clnt, target);
+	  if (clnt->cl_auth == NULL) {
+	       clnt_pcreateerror(whoami);
+	       exit(2);
+	  }
+	  AUTH_DESTROY(clnt->cl_auth);
+	  clnt->cl_auth = tmp_auth;
+     }
+
+     /*
+      * Try RPC calls with argument/result lengths [0, 1025].  Do
+      * this last, since it takes a while..
+      */
+     echo_arg = buf;
+     memset(buf, 0, count+1);
+     for (i = 0; i < count; i++) {
+	  echo_resp = rpc_test_echo_1(&echo_arg, clnt);
+	  if (echo_resp == NULL) {
+	       fprintf(stderr, "RPC_TEST_LENGTHS call %d%s", i,
+		       clnt_sperror(clnt, ""));
+	       break;
+	  } else {
+	       if (strncmp(*echo_resp, "Echo: ", 6) &&
+		   strcmp(echo_arg, (*echo_resp) + 6) != 0)
+		    fprintf(stderr,
+			    "RPC_TEST_LENGTHS call %d response wrong\n", i);
+	       gssrpc_xdr_free(xdr_wrapstring, echo_resp);
+	  }
+
+	  /* cycle from 1 to 255 */
+	  buf[i] = (i % 255) + 1;
+
+	  if (i % 100 == 0) {
+	       fputc('.', stdout);
+	       fflush(stdout);
+	  }
+     }
+     fputc('\n', stdout);
+
+     AUTH_DESTROY(clnt->cl_auth);
+     CLNT_DESTROY(clnt);
+     exit(0);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/deps b/krb5-1.21.3/src/lib/rpc/unit-test/deps
new file mode 100644
index 00000000..335eb672
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/deps
@@ -0,0 +1,37 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h client.c rpc_test.h
+$(OUTPRE)rpc_test_clnt.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h rpc_test.h rpc_test_clnt.c
+$(OUTPRE)rpc_test_svc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h rpc_test.h rpc_test_svc.c
+$(OUTPRE)server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h rpc_test.h server.c
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test.h b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test.h
new file mode 100644
index 00000000..2ad03995
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test.h
@@ -0,0 +1,13 @@
+#ifndef _RPC_TEST_H_RPCGEN
+#define	_RPC_TEST_H_RPCGEN
+
+#include <gssrpc/rpc.h>
+
+#define	RPC_TEST_PROG ((unsigned long)(1000001))
+#define	RPC_TEST_VERS_1 ((unsigned long)(1))
+#define	RPC_TEST_ECHO ((unsigned long)(1))
+extern char ** rpc_test_echo_1_svc(char **, struct svc_req *);
+extern char ** rpc_test_echo_1(char **, CLIENT *);
+extern void rpc_test_prog_1_svc(struct svc_req *, SVCXPRT *);
+
+#endif /* !_RPC_TEST_H_RPCGEN */
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test.x b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test.x
new file mode 100644
index 00000000..e9ae27c9
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test.x
@@ -0,0 +1,30 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ * $Source$
+ * 
+ * $Log$
+ * Revision 1.2  1996/07/22 20:41:42  marc
+ * this commit includes all the changes on the OV_9510_INTEGRATION and
+ * OV_MERGE branches.  This includes, but is not limited to, the new openvision
+ * admin system, and major changes to gssapi to add functionality, and bring
+ * the implementation in line with rfc1964.  before committing, the
+ * code was built and tested for netbsd and solaris.
+ *
+ * Revision 1.1.4.1  1996/07/18 04:20:04  marc
+ * merged in changes from OV_9510_BP to OV_9510_FINAL1
+ *
+# Revision 1.1.2.1  1996/06/20  23:42:06  marc
+# File added to the repository on a branch
+#
+# Revision 1.1  1993/11/03  23:53:58  bjaspan
+# Initial revision
+#
+ */
+
+program RPC_TEST_PROG {
+	version RPC_TEST_VERS_1 {
+		string RPC_TEST_ECHO(string) = 1;
+	} = 1;
+} = 1000001;
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test_clnt.c b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test_clnt.c
new file mode 100644
index 00000000..4e4a18a7
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test_clnt.c
@@ -0,0 +1,22 @@
+#include "rpc_test.h"
+#include <string.h>
+
+/* Default timeout can be changed using clnt_control() */
+static struct timeval TIMEOUT = { 25, 0 };
+
+char **
+rpc_test_echo_1(argp, clnt)
+	char **argp;
+	CLIENT *clnt;
+{
+	static char *clnt_res;
+
+	memset(&clnt_res, 0, sizeof (clnt_res));
+	if (clnt_call(clnt, RPC_TEST_ECHO,
+		(xdrproc_t) xdr_wrapstring, (caddr_t) argp,
+		(xdrproc_t) xdr_wrapstring, (caddr_t) &clnt_res,
+		TIMEOUT) != RPC_SUCCESS) {
+		return (NULL);
+	}
+	return (&clnt_res);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test_svc.c b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test_svc.c
new file mode 100644
index 00000000..c54c0813
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/rpc_test_svc.c
@@ -0,0 +1,67 @@
+#include "rpc_test.h"
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h> /* getenv, exit */
+#include <sys/types.h>
+#include <syslog.h>
+
+/* States a server can be in wrt request */
+
+#define	_IDLE 0
+#define	_SERVED 1
+
+static int _rpcsvcstate = _IDLE;	/* Set when a request is serviced */
+static int _rpcsvccount = 0;		/* Number of requests being serviced */
+
+void
+rpc_test_prog_1_svc(rqstp, transp)
+	struct svc_req *rqstp;
+	SVCXPRT *transp;
+{
+	union {
+		char *rpc_test_echo_1_arg;
+	} argument;
+	char *result;
+	bool_t (*xdr_argument)(), (*xdr_result)();
+	char *(*local)();
+
+	_rpcsvccount++;
+	switch (rqstp->rq_proc) {
+	case NULLPROC:
+		(void) svc_sendreply(transp, xdr_void,
+			(char *)NULL);
+		_rpcsvccount--;
+		_rpcsvcstate = _SERVED;
+		return;
+
+	case RPC_TEST_ECHO:
+		xdr_argument = xdr_wrapstring;
+		xdr_result = xdr_wrapstring;
+		local = (char *(*)()) rpc_test_echo_1_svc;
+		break;
+
+	default:
+		svcerr_noproc(transp);
+		_rpcsvccount--;
+		_rpcsvcstate = _SERVED;
+		return;
+	}
+	(void) memset(&argument, 0, sizeof (argument));
+	if (!svc_getargs(transp, xdr_argument, &argument)) {
+		svcerr_decode(transp);
+		_rpcsvccount--;
+		_rpcsvcstate = _SERVED;
+		return;
+	}
+	result = (*local)(&argument, rqstp);
+	if (result != NULL && !svc_sendreply(transp, xdr_result, result)) {
+		svcerr_systemerr(transp);
+	}
+	if (!svc_freeargs(transp, xdr_argument, &argument)) {
+		syslog(LOG_ERR, "unable to free arguments");
+		exit(1);
+	}
+	_rpcsvccount--;
+	_rpcsvcstate = _SERVED;
+	return;
+}
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/server.c b/krb5-1.21.3/src/lib/rpc/unit-test/server.c
new file mode 100644
index 00000000..c3bbcbf8
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/server.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Id$
+ * $Source$
+ */
+
+#include "k5-platform.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "autoconf.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+#include <signal.h>
+#include <gssrpc/rpc.h>
+#include <gssrpc/pmap_clnt.h>
+#include <arpa/inet.h>  /* inet_ntoa */
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#include <gssrpc/auth_gssapi.h>
+#include <sys/param.h>	/* MAXHOSTNAMELEN */
+#include "rpc_test.h"
+
+extern int svc_debug_gssapi, misc_debug_gssapi;
+
+void rpc_test_badauth(OM_uint32 major, OM_uint32 minor,
+		 struct sockaddr_in *addr, caddr_t data);
+void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, char
+		 *error, char *data);
+void log_badauth_display_status(OM_uint32 major, OM_uint32 minor);
+void log_badauth_display_status_1(OM_uint32 code, int type, int rec);
+static void rpc_test_badverf(gss_name_t client, gss_name_t server,
+			     struct svc_req *rqst, struct rpc_msg *msg,
+			     caddr_t data);
+
+#ifndef SERVICE_NAME
+#define SERVICE_NAME "host"
+#endif
+
+static void usage()
+{
+     fprintf(stderr, "Usage: server {-t|-u} [svc-debug] [misc-debug]\n");
+     exit(1);
+}
+
+#ifdef POSIX_SIGNALS
+static void handlesig(int dummy)
+#else
+static void handlesig(void)
+#endif
+{
+    exit(0);
+}
+
+int
+main(int argc, char **argv)
+{
+     int c, prot;
+     auth_gssapi_name names[2];
+     SVCXPRT *transp;
+     extern int optind;
+#ifdef POSIX_SIGNALS
+     struct sigaction sa;
+#endif
+
+     names[0].name = SERVICE_NAME;
+     names[0].type = (gss_OID) gss_nt_service_name;
+     names[1].name = 0;
+     names[1].type = 0;
+
+     prot = 0;
+     while ((c = getopt(argc, argv, "tu")) != -1) {
+	  switch (c) {
+	  case 't':
+	       prot = IPPROTO_TCP;
+	       break;
+	  case 'u':
+	       prot = IPPROTO_UDP;
+	       break;
+	  case '?':
+	       usage();
+	       break;
+	  }
+     }
+     if (prot == 0)
+	  usage();
+
+     argv += optind;
+     argc -= optind;
+
+     switch (argc) {
+     case 2:
+	  misc_debug_gssapi = atoi(argv[1]);
+     case 1:
+	  svc_debug_gssapi = atoi(argv[0]);
+     case 0:
+	  break;
+     default:
+	  usage();
+	  exit(1);
+     }
+
+     (void) pmap_unset(RPC_TEST_PROG, RPC_TEST_VERS_1);
+
+     if (prot == IPPROTO_TCP)
+	  transp = svctcp_create(RPC_ANYSOCK, 0, 0);
+     else
+	  transp = svcudp_create(RPC_ANYSOCK);
+     if (transp == NULL) {
+	  fprintf(stderr, "cannot create tcp service.");
+	  exit(1);
+     }
+     if (!svc_register(transp, RPC_TEST_PROG, RPC_TEST_VERS_1,
+		       rpc_test_prog_1_svc, 0)) {
+	  fprintf(stderr,
+		  "unable to register (RPC_TEST_PROG, RPC_TEST_VERS_1, %s).",
+		  prot == IPPROTO_TCP ? "tcp" : "udp");
+	  exit(1);
+     }
+
+     if (svcauth_gssapi_set_names(names, 0) == FALSE) {
+	  fprintf(stderr, "unable to set gssapi names\n");
+	  exit(1);
+     }
+
+     svcauth_gssapi_set_log_badauth_func(rpc_test_badauth, NULL);
+     svcauth_gssapi_set_log_badverf_func(rpc_test_badverf, NULL);
+     svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
+
+#ifdef POSIX_SIGNALS
+     (void) sigemptyset(&sa.sa_mask);
+     sa.sa_flags = 0;
+     sa.sa_handler = handlesig;
+     (void) sigaction(SIGHUP, &sa, NULL);
+     (void) sigaction(SIGINT, &sa, NULL);
+     (void) sigaction(SIGTERM, &sa, NULL);
+#else
+     signal(SIGHUP, handlesig);
+     signal(SIGINT, handlesig);
+     signal(SIGTERM, handlesig);
+#endif
+     printf("running\n");
+     printf("port: %d\n", (int)transp->xp_port);
+     fflush(stdout);
+
+     svc_run();
+     fprintf(stderr, "svc_run returned");
+     exit(1);
+     /* NOTREACHED */
+}
+
+char **rpc_test_echo_1_svc(char **arg, struct svc_req *h)
+{
+     static char *res = NULL;
+
+     if (res)
+	  free(res);
+     asprintf(&res, "Echo: %s", *arg);
+     return &res;
+}
+
+static void rpc_test_badverf(gss_name_t client, gss_name_t server,
+			     struct svc_req *rqst, struct rpc_msg *msg,
+			     caddr_t data)
+{
+     OM_uint32 minor_stat;
+     gss_OID type;
+     gss_buffer_desc client_name, server_name;
+
+     (void) gss_display_name(&minor_stat, client, &client_name, &type);
+     (void) gss_display_name(&minor_stat, server, &server_name, &type);
+
+     printf("rpc_test server: bad verifier from %.*s at %s:%d for %.*s\n",
+	    (int) client_name.length, (char *) client_name.value,
+	    inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr),
+	    ntohs(rqst->rq_xprt->xp_raddr.sin_port),
+	    (int) server_name.length, (char *) server_name.value);
+     fflush(stdout);
+
+     (void) gss_release_buffer(&minor_stat, &client_name);
+     (void) gss_release_buffer(&minor_stat, &server_name);
+}
+
+/*
+ * Function: log_badauth
+ *
+ * Purpose: Callback from GSS-API Sun RPC for authentication
+ * failures/errors.
+ *
+ * Arguments:
+ * 	major 		(r) GSS-API major status
+ * 	minor		(r) GSS-API minor status
+ * 	addr		(r) originating address
+ * 	data		(r) arbitrary data (NULL), not used
+ *
+ * Effects:
+ *
+ * Logs the GSS-API error to stdout.
+ */
+void rpc_test_badauth(OM_uint32 major, OM_uint32 minor,
+		 struct sockaddr_in *addr, caddr_t data)
+{
+     char *a;
+
+     /* Authentication attempt failed: <IP address>, <GSS-API error */
+     /* strings> */
+
+     a = inet_ntoa(addr->sin_addr);
+
+     printf("rpc_test server: Authentication attempt failed: %s", a);
+     log_badauth_display_status(major, minor);
+     printf("\n");
+     fflush(stdout);
+}
+
+void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
+		 char *error, char *data)
+{
+     char *a;
+
+     a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
+     printf("Miscellaneous RPC error: %s, %s\n", a, error);
+     fflush(stdout);
+}
+
+void log_badauth_display_status(OM_uint32 major, OM_uint32 minor)
+{
+     log_badauth_display_status_1(major, GSS_C_GSS_CODE, 0);
+     log_badauth_display_status_1(minor, GSS_C_MECH_CODE, 0);
+}
+
+void log_badauth_display_status_1(OM_uint32 code, int type, int rec)
+{
+     OM_uint32 gssstat, minor_stat, msg_ctx;
+     gss_buffer_desc msg;
+
+     msg_ctx = 0;
+     while (1) {
+	  gssstat = gss_display_status(&minor_stat, code,
+				       type, GSS_C_NULL_OID,
+				       &msg_ctx, &msg);
+	  if (gssstat != GSS_S_COMPLETE) {
+ 	       if (!rec) {
+		    log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1);
+		    log_badauth_display_status_1(minor_stat,
+						 GSS_C_MECH_CODE, 1);
+	       } else {
+		    printf("GSS-API authentication error %.*s: "
+			   "recursive failure!\n", (int) msg.length,
+			   (char *)msg.value);
+	       }
+	       fflush(stdout);
+	       return;
+	  }
+
+	  printf(", %.*s", (int) msg.length, (char *)msg.value);
+	  (void) gss_release_buffer(&minor_stat, &msg);
+
+	  if (!msg_ctx)
+	       break;
+     }
+     fflush(stdout);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/unit-test/t_rpc.py b/krb5-1.21.3/src/lib/rpc/unit-test/t_rpc.py
new file mode 100644
index 00000000..4e565d25
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/unit-test/t_rpc.py
@@ -0,0 +1,29 @@
+import re
+
+from k5test import *
+
+realm = K5Realm()
+
+server = realm.start_server(['./server', '-t'], 'running')
+line = server.stdout.readline()
+portstr = re.match(r'^port: (\d+)$', line).group(1)
+
+realm.run(['./client', '-t', hostname, portstr, 'host@' + hostname, '1026'],
+          expected_msg='...........')
+
+for i in range(4):
+    line = server.stdout.readline()
+    if 'rpc_test server: bad verifier from user@KRBTEST.COM at ' not in line:
+        fail('unexpected server message: ' + line)
+    output(line)
+
+realm.addprinc('nokey/' + hostname)
+
+realm.run(['./client', '-t', hostname, portstr, 'nokey@' + hostname, '1026'],
+          expected_code=2)
+
+line = server.stdout.readline()
+if 'rpc_test server: Authentication attempt failed: ' not in line:
+    fail('unexpected server message: ' + line)
+
+success('gssrpc auth_gssapi tests')
diff --git a/krb5-1.21.3/src/lib/rpc/xdr.c b/krb5-1.21.3/src/lib/rpc/xdr.c
new file mode 100644
index 00000000..24c3de4b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr.c
@@ -0,0 +1,677 @@
+/* @(#)xdr.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr.c 1.35 87/08/12";
+#endif
+
+/*
+ * xdr.c, Generic XDR routines implementation.
+ *
+ * These are the "generic" xdr routines used to serialize and de-serialize
+ * most common data items.  See xdr.h for more info on the interface to
+ * xdr.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+
+/*
+ * constants specific to the xdr "protocol"
+ */
+#define XDR_FALSE	((long) 0)
+#define XDR_TRUE	((long) 1)
+#define LASTUNSIGNED	((u_int) 0-1)
+
+#ifdef USE_VALGRIND
+#include <valgrind/memcheck.h>
+#else
+#define VALGRIND_CHECK_DEFINED(LVALUE)		((void)0)
+#define VALGRIND_CHECK_READABLE(PTR,SIZE)	((void)0)
+#endif
+
+/*
+ * for unit alignment
+ */
+static char xdr_zero[BYTES_PER_XDR_UNIT] = { 0, 0, 0, 0 };
+
+/*
+ * Free a data structure using XDR
+ * Not a filter, but a convenient utility nonetheless
+ */
+void
+xdr_free(xdrproc_t proc, void *objp)
+{
+	XDR x;
+
+	x.x_op = XDR_FREE;
+	(*proc)(&x, objp);
+}
+
+/*
+ * XDR nothing
+ */
+bool_t
+xdr_void(XDR *xdrs, void *addr)
+{
+
+	return (TRUE);
+}
+
+/*
+ * XDR integers
+ */
+bool_t
+xdr_int(XDR *xdrs, int *ip)
+{
+	long l;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*ip);
+		if (*ip > 0x7fffffffL || *ip < -0x7fffffffL - 1L)
+			return (FALSE);
+
+		l = (long) *ip;
+		return (XDR_PUTLONG(xdrs, &l));
+
+	case XDR_DECODE:
+		if (!XDR_GETLONG(xdrs, &l))
+			return (FALSE);
+
+		if (l > INT_MAX || l < INT_MIN)
+			return (FALSE);
+
+		*ip = (int) l;
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	/*NOTREACHED*/
+	return(FALSE);
+}
+
+/*
+ * XDR unsigned integers
+ */
+bool_t
+xdr_u_int(XDR *xdrs, u_int *up)
+{
+	u_long l;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*up);
+		if (*up > 0xffffffffUL)
+			return (FALSE);
+
+		l = (u_long)*up;
+		return (XDR_PUTLONG(xdrs, (long *) &l));
+
+	case XDR_DECODE:
+		if (!XDR_GETLONG(xdrs, (long *) &l))
+			return (FALSE);
+
+		if ((uint32_t)l > UINT_MAX)
+			return (FALSE);
+
+		*up = (u_int) l;
+		return (TRUE);
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	/*NOTREACHED*/
+	return(FALSE);
+}
+
+/*
+ * XDR long integers
+ */
+bool_t
+xdr_long(XDR *xdrs, long *lp)
+{
+
+	switch (xdrs->x_op) {
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*lp);
+		if (*lp > 0x7fffffffL || *lp < -0x7fffffffL - 1L)
+			return (FALSE);
+
+		return (XDR_PUTLONG(xdrs, lp));
+
+	case XDR_DECODE:
+		return (XDR_GETLONG(xdrs, lp));
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * XDR unsigned long integers
+ */
+bool_t
+xdr_u_long(XDR *xdrs, u_long *ulp)
+{
+
+	switch (xdrs->x_op) {
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*ulp);
+		if (*ulp > 0xffffffffUL)
+			return (FALSE);
+
+		return (XDR_PUTLONG(xdrs, (long *) ulp));
+
+	case XDR_DECODE:
+		return (XDR_GETLONG(xdrs, (long *) ulp));
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * XDR short integers
+ */
+bool_t
+xdr_short(XDR *xdrs, short *sp)
+{
+	long l;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*sp);
+		l = (long) *sp;
+		return (XDR_PUTLONG(xdrs, &l));
+
+	case XDR_DECODE:
+		if (!XDR_GETLONG(xdrs, &l)) {
+			return (FALSE);
+		}
+		if (l > SHRT_MAX || l < SHRT_MIN)
+			return (FALSE);
+
+		*sp = (short) l;
+		return (TRUE);
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * XDR unsigned short integers
+ */
+bool_t
+xdr_u_short(XDR *xdrs, u_short *usp)
+{
+	u_long l;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*usp);
+		l = (u_long) *usp;
+		return (XDR_PUTLONG(xdrs, (long *) &l));
+
+	case XDR_DECODE:
+		if (!XDR_GETLONG(xdrs, (long *) &l)) {
+			return (FALSE);
+		}
+		*usp = (u_short) l;
+		return (TRUE);
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+
+/*
+ * XDR a char
+ */
+bool_t
+xdr_char(XDR *xdrs, char *cp)
+{
+	int i;
+
+	switch (xdrs->x_op) {
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*cp);
+		break;
+	default:
+		break;
+	}
+	i = (*cp);
+	if (!xdr_int(xdrs, &i)) {
+		return (FALSE);
+	}
+	*cp = i;
+	return (TRUE);
+}
+
+/*
+ * XDR an unsigned char
+ */
+bool_t
+xdr_u_char(XDR *xdrs, u_char *cp)
+{
+	u_int u;
+
+	switch (xdrs->x_op) {
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*cp);
+		break;
+	default:
+		break;
+	}
+	u = (*cp);
+	if (!xdr_u_int(xdrs, &u)) {
+		return (FALSE);
+	}
+	*cp = u;
+	return (TRUE);
+}
+
+/*
+ * XDR booleans
+ */
+bool_t
+xdr_bool(XDR *xdrs, bool_t *bp)
+{
+	long lb;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*bp);
+		lb = *bp ? XDR_TRUE : XDR_FALSE;
+		return (XDR_PUTLONG(xdrs, &lb));
+
+	case XDR_DECODE:
+		if (!XDR_GETLONG(xdrs, &lb)) {
+			return (FALSE);
+		}
+		*bp = (lb == XDR_FALSE) ? FALSE : TRUE;
+		return (TRUE);
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * XDR enumerations
+ */
+bool_t
+xdr_enum(XDR *xdrs, enum_t *ep)
+{
+#ifndef lint
+	enum sizecheck { SIZEVAL };	/* used to find the size of an enum */
+
+	/*
+	 * enums are treated as ints
+	 */
+	switch (xdrs->x_op) {
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*ep);
+		break;
+	default:
+		break;
+	}
+	if (sizeof (enum sizecheck) == sizeof (long)) {
+		return (xdr_long(xdrs, (long *)(void *)ep));
+	} else if (sizeof (enum sizecheck) == sizeof (int)) {
+		return (xdr_int(xdrs, (int *)(void *)ep));
+	} else if (sizeof (enum sizecheck) == sizeof (short)) {
+		return (xdr_short(xdrs, (short *)(void *)ep));
+	} else {
+		return (FALSE);
+	}
+#else
+	(void) (xdr_short(xdrs, (short *)(void *)ep));
+	return (xdr_long(xdrs, (long *)(void *)ep));
+#endif
+}
+
+/*
+ * XDR opaque data
+ * Allows the specification of a fixed size sequence of opaque bytes.
+ * cp points to the opaque object and cnt gives the byte length.
+ */
+bool_t
+xdr_opaque(XDR *xdrs, caddr_t cp, u_int cnt)
+{
+	u_int rndup;
+	static int crud[BYTES_PER_XDR_UNIT];
+
+	/*
+	 * if no data we are done
+	 */
+	if (cnt == 0)
+		return (TRUE);
+
+	/*
+	 * round byte count to full xdr units
+	 */
+	rndup = cnt % BYTES_PER_XDR_UNIT;
+	if (rndup > 0)
+		rndup = BYTES_PER_XDR_UNIT - rndup;
+
+	if (xdrs->x_op == XDR_DECODE) {
+		if (!XDR_GETBYTES(xdrs, cp, cnt)) {
+			return (FALSE);
+		}
+		if (rndup == 0)
+			return (TRUE);
+		return (XDR_GETBYTES(xdrs, (caddr_t) (void *)crud, rndup));
+	}
+
+	if (xdrs->x_op == XDR_ENCODE) {
+		VALGRIND_CHECK_READABLE((volatile void *)cp, cnt);
+		if (!XDR_PUTBYTES(xdrs, cp, cnt)) {
+			return (FALSE);
+		}
+		if (rndup == 0)
+			return (TRUE);
+		return (XDR_PUTBYTES(xdrs, xdr_zero, rndup));
+	}
+
+	if (xdrs->x_op == XDR_FREE) {
+		return (TRUE);
+	}
+
+	return (FALSE);
+}
+
+/*
+ * XDR counted bytes
+ * *cpp is a pointer to the bytes, *sizep is the count.
+ * If *cpp is NULL maxsize bytes are allocated
+ */
+bool_t
+xdr_bytes(
+	XDR *xdrs,
+	char **cpp,
+	u_int *sizep,
+	u_int maxsize)
+{
+	char *sp = *cpp;  /* sp is the actual string pointer */
+	u_int nodesize;
+
+	/*
+	 * first deal with the length since xdr bytes are counted
+	 */
+	if (! xdr_u_int(xdrs, sizep)) {
+		return (FALSE);
+	}
+	nodesize = *sizep;
+	if ((nodesize > maxsize) && (xdrs->x_op != XDR_FREE)) {
+		return (FALSE);
+	}
+
+	/*
+	 * now deal with the actual bytes
+	 */
+	switch (xdrs->x_op) {
+
+	case XDR_DECODE:
+		if (nodesize == 0) {
+			return (TRUE);
+		}
+		if (sp == NULL) {
+			*cpp = sp = (char *)mem_alloc(nodesize);
+		}
+		if (sp == NULL) {
+			(void) fprintf(stderr, "xdr_bytes: out of memory\n");
+			return (FALSE);
+		}
+		/* fall into ... */
+
+	case XDR_ENCODE:
+		return (xdr_opaque(xdrs, sp, nodesize));
+
+	case XDR_FREE:
+		if (sp != NULL) {
+			mem_free(sp, nodesize);
+			*cpp = NULL;
+		}
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * Implemented here due to commonality of the object.
+ */
+bool_t
+xdr_netobj(XDR *xdrs, struct netobj *np)
+{
+
+	return (xdr_bytes(xdrs, &np->n_bytes, &np->n_len, MAX_NETOBJ_SZ));
+}
+
+bool_t
+xdr_int32(XDR *xdrs, int32_t *ip)
+{
+	long l;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*ip);
+		l = *ip;
+		return (xdr_long(xdrs, &l));
+
+	case XDR_DECODE:
+		if (!xdr_long(xdrs, &l)) {
+			return (FALSE);
+		}
+		*ip = l;
+		return (TRUE);
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+bool_t
+xdr_u_int32(XDR *xdrs, uint32_t *up)
+{
+	u_long ul;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		VALGRIND_CHECK_DEFINED(*up);
+		ul = *up;
+		return (xdr_u_long(xdrs, &ul));
+
+	case XDR_DECODE:
+		if (!xdr_u_long(xdrs, &ul)) {
+			return (FALSE);
+		}
+		*up = ul;
+		return (TRUE);
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * XDR a discriminated union
+ * Support routine for discriminated unions.
+ * You create an array of xdrdiscrim structures, terminated with
+ * an entry with a null procedure pointer.  The routine gets
+ * the discriminant value and then searches the array of xdrdiscrims
+ * looking for that value.  It calls the procedure given in the xdrdiscrim
+ * to handle the discriminant.  If there is no specific routine a default
+ * routine may be called.
+ * If there is no specific or default routine an error is returned.
+ */
+bool_t
+xdr_union(
+	XDR *xdrs,
+	enum_t *dscmp,		/* enum to decide which arm to work on */
+	char *unp,		/* the union itself */
+	struct xdr_discrim *choices,	/* [value, xdr proc] for each arm */
+	xdrproc_t dfault	/* default xdr routine */
+	)
+{
+	enum_t dscm;
+
+	/*
+	 * we deal with the discriminator;  it's an enum
+	 */
+	if (! xdr_enum(xdrs, dscmp)) {
+		return (FALSE);
+	}
+	dscm = *dscmp;
+
+	/*
+	 * search choices for a value that matches the discriminator.
+	 * if we find one, execute the xdr routine for that value.
+	 */
+	for (; choices->proc != NULL_xdrproc_t; choices++) {
+		if (choices->value == dscm)
+			return ((*(choices->proc))(xdrs, unp, LASTUNSIGNED));
+	}
+
+	/*
+	 * no match - execute the default xdr routine if there is one
+	 */
+	return ((dfault == NULL_xdrproc_t) ? FALSE :
+	    (*dfault)(xdrs, unp, LASTUNSIGNED));
+}
+
+
+/*
+ * Non-portable xdr primitives.
+ * Care should be taken when moving these routines to new architectures.
+ */
+
+
+/*
+ * XDR null terminated ASCII strings
+ * xdr_string deals with "C strings" - arrays of bytes that are
+ * terminated by a NULL character.  The parameter cpp references a
+ * pointer to storage; If the pointer is null, then the necessary
+ * storage is allocated.  The last parameter is the max allowed length
+ * of the string as specified by a protocol.
+ */
+bool_t
+xdr_string(XDR *xdrs, char **cpp, u_int maxsize)
+{
+	char *sp = *cpp;	/* sp is the actual string pointer */
+	u_int size;
+	u_int nodesize;
+
+	/*
+	 * first deal with the length since xdr strings are counted-strings
+	 */
+	switch (xdrs->x_op) {
+	case XDR_FREE:
+		if (sp == NULL) {
+			return(TRUE);	/* already free */
+		}
+		/* fall through... */
+	case XDR_ENCODE:
+		size = strlen(sp);
+		break;
+	case XDR_DECODE:
+		break;
+	}
+	if (! xdr_u_int(xdrs, &size)) {
+		return (FALSE);
+	}
+	if (size >= maxsize) {
+		return (FALSE);
+	}
+	nodesize = size + 1;
+
+	/*
+	 * now deal with the actual bytes
+	 */
+	switch (xdrs->x_op) {
+
+	case XDR_DECODE:
+		if (nodesize == 0) {
+			return (TRUE);
+		}
+		if (sp == NULL)
+			*cpp = sp = (char *)mem_alloc(nodesize);
+		if (sp == NULL) {
+			(void) fprintf(stderr, "xdr_string: out of memory\n");
+			return (FALSE);
+		}
+		sp[size] = 0;
+		/* fall into ... */
+
+	case XDR_ENCODE:
+		return (xdr_opaque(xdrs, sp, size));
+
+	case XDR_FREE:
+		mem_free(sp, nodesize);
+		*cpp = NULL;
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * Wrapper for xdr_string that can be called directly from
+ * routines like clnt_call
+ */
+bool_t
+xdr_wrapstring(XDR *xdrs, char **cpp)
+{
+	if (xdr_string(xdrs, cpp, LASTUNSIGNED)) {
+		return (TRUE);
+	}
+	return (FALSE);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_alloc.c b/krb5-1.21.3/src/lib/rpc/xdr_alloc.c
new file mode 100644
index 00000000..f39210e1
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_alloc.c
@@ -0,0 +1,150 @@
+/* lib/rpc/xdr_alloc.c */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ */
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include "dyn.h"
+
+static bool_t	xdralloc_putlong(XDR *, long *);
+static bool_t	xdralloc_putbytes(XDR *, caddr_t, unsigned int);
+static unsigned int	xdralloc_getpos(XDR *);
+static rpc_inline_t *	xdralloc_inline(XDR *, int);
+static void	xdralloc_destroy(XDR *);
+static bool_t	xdralloc_notsup_getlong(XDR *, long *);
+static bool_t	xdralloc_notsup_getbytes(XDR *, caddr_t, unsigned int);
+static bool_t	xdralloc_notsup_setpos(XDR *, unsigned int);
+static struct	xdr_ops xdralloc_ops = {
+     xdralloc_notsup_getlong,
+     xdralloc_putlong,
+     xdralloc_notsup_getbytes,
+     xdralloc_putbytes,
+     xdralloc_getpos,
+     xdralloc_notsup_setpos,
+     xdralloc_inline,
+     xdralloc_destroy,
+};
+
+/*
+ * The procedure xdralloc_create initializes a stream descriptor for a
+ * memory buffer.
+ */
+void xdralloc_create(XDR *xdrs, enum xdr_op op)
+{
+     xdrs->x_op = op;
+     xdrs->x_ops = &xdralloc_ops;
+     xdrs->x_private = (caddr_t) DynCreate(sizeof(char), -4);
+     /* not allowed to fail */
+}
+
+caddr_t xdralloc_getdata(XDR *xdrs)
+{
+     return (caddr_t) DynGet((DynObject) xdrs->x_private, 0);
+}
+
+void xdralloc_release(XDR *xdrs)
+{
+     DynRelease((DynObject) xdrs->x_private);
+}
+
+static void xdralloc_destroy(XDR *xdrs)
+{
+     DynDestroy((DynObject) xdrs->x_private);
+}
+
+static bool_t xdralloc_notsup_getlong(
+     XDR *xdrs,
+     long *lp)
+{
+     return FALSE;
+}
+
+static bool_t xdralloc_putlong(
+     XDR *xdrs,
+     long *lp)
+{
+     int l = htonl((uint32_t) *lp); /* XXX need bounds checking */
+
+     /* XXX assumes sizeof(int)==4 */
+     if (DynInsert((DynObject) xdrs->x_private,
+		   DynSize((DynObject) xdrs->x_private), &l,
+		   sizeof(int)) != DYN_OK)
+	  return FALSE;
+     return (TRUE);
+}
+
+
+static bool_t xdralloc_notsup_getbytes(
+     XDR *xdrs,
+     caddr_t addr,
+     unsigned int len)
+{
+     return FALSE;
+}
+
+
+static bool_t xdralloc_putbytes(
+     XDR *xdrs,
+     caddr_t addr,
+     unsigned int len)
+{
+     if (DynInsert((DynObject) xdrs->x_private,
+		   DynSize((DynObject) xdrs->x_private),
+		   addr, (int) len) != DYN_OK)
+	  return FALSE;
+     return TRUE;
+}
+
+static unsigned int xdralloc_getpos(XDR *xdrs)
+{
+     return DynSize((DynObject) xdrs->x_private);
+}
+
+static bool_t xdralloc_notsup_setpos(
+     XDR *xdrs,
+     unsigned int lp)
+{
+     return FALSE;
+}
+
+
+
+static rpc_inline_t *xdralloc_inline(
+     XDR *xdrs,
+     int len)
+{
+     return (rpc_inline_t *) 0;
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_array.c b/krb5-1.21.3/src/lib/rpc/xdr_array.c
new file mode 100644
index 00000000..aeaa7f2b
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_array.c
@@ -0,0 +1,159 @@
+/* @(#)xdr_array.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr_array.c 1.10 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * xdr_array.c, Generic XDR routines impelmentation.
+ *
+ * These are the "non-trivial" xdr primitives used to serialize and de-serialize
+ * arrays.  See xdr.h for more info on the interface to xdr.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+
+#define LASTUNSIGNED	((u_int)0-1)
+
+
+/*
+ * XDR an array of arbitrary elements
+ * *addrp is a pointer to the array, *sizep is the number of elements.
+ * If addrp is NULL (*sizep * elsize) bytes are allocated.
+ * elsize is the size (in bytes) of each element, and elproc is the
+ * xdr procedure to call to handle each element of the array.
+ */
+bool_t
+xdr_array(
+	XDR *xdrs,
+	caddr_t *addrp,		/* array pointer */
+	u_int *sizep,		/* number of elements */
+	u_int maxsize,		/* max numberof elements */
+	u_int elsize,		/* size in bytes of each element */
+	xdrproc_t elproc	/* xdr routine to handle each element */
+	)
+{
+	u_int i;
+	caddr_t target = *addrp;
+	u_int c;  /* the actual element count */
+	bool_t stat = TRUE;
+	u_int nodesize;
+
+	/* like strings, arrays are really counted arrays */
+	if (! xdr_u_int(xdrs, sizep)) {
+		return (FALSE);
+	}
+	c = *sizep;
+	if ((c > maxsize || c > LASTUNSIGNED / elsize)
+	    && (xdrs->x_op != XDR_FREE)) {
+		return (FALSE);
+	}
+	nodesize = c * elsize;
+
+	/*
+	 * if we are deserializing, we may need to allocate an array.
+	 * We also save time by checking for a null array if we are freeing.
+	 */
+	if (target == NULL)
+		switch (xdrs->x_op) {
+		case XDR_DECODE:
+			if (c == 0)
+				return (TRUE);
+			*addrp = target = mem_alloc(nodesize);
+			if (target == NULL) {
+				(void) fprintf(stderr,
+					"xdr_array: out of memory\n");
+				return (FALSE);
+			}
+			memset(target, 0, nodesize);
+			break;
+
+		case XDR_FREE:
+			return (TRUE);
+
+		case XDR_ENCODE:
+			break;
+	}
+
+	/*
+	 * now we xdr each element of array
+	 */
+	for (i = 0; (i < c) && stat; i++) {
+		stat = (*elproc)(xdrs, target, LASTUNSIGNED);
+		target += elsize;
+	}
+
+	/*
+	 * the array may need freeing
+	 */
+	if (xdrs->x_op == XDR_FREE) {
+		mem_free(*addrp, nodesize);
+		*addrp = NULL;
+	}
+	return (stat);
+}
+
+/*
+ * xdr_vector():
+ *
+ * XDR a fixed length array. Unlike variable-length arrays,
+ * the storage of fixed length arrays is static and unfreeable.
+ * > basep: base of the array
+ * > size: size of the array
+ * > elemsize: size of each element
+ * > xdr_elem: routine to XDR each element
+ */
+bool_t
+xdr_vector(
+	XDR *xdrs,
+	char *basep,
+	u_int nelem,
+	u_int elemsize,
+	xdrproc_t xdr_elem)
+{
+	u_int i;
+	char *elptr;
+
+	elptr = basep;
+	for (i = 0; i < nelem; i++) {
+		if (! (*xdr_elem)(xdrs, elptr, LASTUNSIGNED)) {
+			return(FALSE);
+		}
+		elptr += elemsize;
+	}
+	return(TRUE);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_float.c b/krb5-1.21.3/src/lib/rpc/xdr_float.c
new file mode 100644
index 00000000..82059b7c
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_float.c
@@ -0,0 +1,291 @@
+/* @(#)xdr_float.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr_float.c 1.12 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * xdr_float.c, Generic XDR routines impelmentation.
+ *
+ * These are the "floating point" xdr routines used to (de)serialize
+ * most common data items.  See xdr.h for more info on the interface to
+ * xdr.
+ */
+
+#include <stdio.h>
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+
+/*
+ * NB: Not portable.
+ * This routine works on Suns (Sky / 68000's) and Vaxen.
+ */
+#ifdef IGNORE
+
+#ifdef vax
+
+/* What IEEE single precision floating point looks like on a Vax */
+struct	ieee_single {
+	unsigned int	mantissa: 23;
+	unsigned int	exp     : 8;
+	unsigned int	sign    : 1;
+};
+
+/* Vax single precision floating point */
+struct	vax_single {
+	unsigned int	mantissa1 : 7;
+	unsigned int	exp       : 8;
+	unsigned int	sign      : 1;
+	unsigned int	mantissa2 : 16;
+};
+
+#define VAX_SNG_BIAS	0x81
+#define IEEE_SNG_BIAS	0x7f
+
+static struct sgl_limits {
+	struct vax_single s;
+	struct ieee_single ieee;
+} sgl_limits[2] = {
+	{{ 0x7f, 0xff, 0x0, 0xffff },	/* Max Vax */
+	{ 0x0, 0xff, 0x0 }},		/* Max IEEE */
+	{{ 0x0, 0x0, 0x0, 0x0 },	/* Min Vax */
+	{ 0x0, 0x0, 0x0 }}		/* Min IEEE */
+};
+#endif /* vax */
+
+bool_t
+xdr_float(XDR *xdrs, float *fp)
+{
+#if defined(vax)
+	struct ieee_single is;
+	struct vax_single vs, *vsp;
+	struct sgl_limits *lim;
+	int i;
+#endif
+	long lg;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+#if !defined(vax)
+	        lg = * (int_32 *) fp;
+		return (XDR_PUTLONG(xdrs, &lg));
+#else
+		vs = *((struct vax_single *)fp);
+		for (i = 0, lim = sgl_limits;
+			i < sizeof(sgl_limits)/sizeof(struct sgl_limits);
+			i++, lim++) {
+			if ((vs.mantissa2 == lim->s.mantissa2) &&
+				(vs.exp == lim->s.exp) &&
+				(vs.mantissa1 == lim->s.mantissa1)) {
+				is = lim->ieee;
+				goto shipit;
+			}
+		}
+		is.exp = vs.exp - VAX_SNG_BIAS + IEEE_SNG_BIAS;
+		is.mantissa = (vs.mantissa1 << 16) | vs.mantissa2;
+	shipit:
+		is.sign = vs.sign;
+		return (XDR_PUTLONG(xdrs, (int32_t *)&is));
+#endif
+
+	case XDR_DECODE:
+#if !defined(vax)
+	        if (!(XDR_GETLONG(xdrs, &lg))) {
+	                return (FALSE);
+		}
+		*fp = (float) ((int) lg);
+		return (TRUE);
+#else
+		vsp = (struct vax_single *)fp;
+		if (!XDR_GETLONG(xdrs, (int32_t *)&is))
+			return (FALSE);
+		for (i = 0, lim = sgl_limits;
+			i < sizeof(sgl_limits)/sizeof(struct sgl_limits);
+			i++, lim++) {
+			if ((is.exp == lim->ieee.exp) &&
+				(is.mantissa == lim->ieee.mantissa)) {
+				*vsp = lim->s;
+				goto doneit;
+			}
+		}
+		vsp->exp = is.exp - IEEE_SNG_BIAS + VAX_SNG_BIAS;
+		vsp->mantissa2 = is.mantissa;
+		vsp->mantissa1 = (is.mantissa >> 16);
+	doneit:
+		vsp->sign = is.sign;
+		return (TRUE);
+#endif
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+/*
+ * This routine works on Suns (Sky / 68000's) and Vaxen.
+ */
+
+#ifdef vax
+/* What IEEE double precision floating point looks like on a Vax */
+struct	ieee_double {
+	unsigned int	mantissa1 : 20;
+	unsigned int	exp       : 11;
+	unsigned int	sign      : 1;
+	unsigned int	mantissa2 : 32;
+};
+
+/* Vax double precision floating point */
+struct  vax_double {
+	unsigned int	mantissa1 : 7;
+	unsigned int	exp       : 8;
+	unsigned int	sign      : 1;
+	unsigned int	mantissa2 : 16;
+	unsigned int	mantissa3 : 16;
+	unsigned int	mantissa4 : 16;
+};
+
+#define VAX_DBL_BIAS	0x81
+#define IEEE_DBL_BIAS	0x3ff
+#define MASK(nbits)	((1 << nbits) - 1)
+
+static struct dbl_limits {
+	struct	vax_double d;
+	struct	ieee_double ieee;
+} dbl_limits[2] = {
+	{{ 0x7f, 0xff, 0x0, 0xffff, 0xffff, 0xffff },	/* Max Vax */
+	{ 0x0, 0x7ff, 0x0, 0x0 }},			/* Max IEEE */
+	{{ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},		/* Min Vax */
+	{ 0x0, 0x0, 0x0, 0x0 }}				/* Min IEEE */
+};
+
+#endif /* vax */
+
+
+bool_t
+xdr_double(XDR *xdrs, double *dp)
+{
+	int32_t *lp;
+#if defined(vax)
+	struct	ieee_double id;
+	struct	vax_double vd;
+	struct dbl_limits *lim;
+	int i;
+#endif
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+#if !defined(vax)
+		lp = (int32_t *)dp;
+		if (sizeof(int32_t) == sizeof(long)) {
+		  return (XDR_PUTLONG(xdrs, lp++) && XDR_PUTLONG(xdrs, lp));
+		} else {
+		  long lg1 = *lp++;;
+		  long lg2 = *lp;
+		  return (XDR_PUTLONG(xdrs, &lg1) && XDR_PUTLONG(xdrs, &lg2));
+		}
+#else
+		vd = *((struct vax_double *)dp);
+		for (i = 0, lim = dbl_limits;
+			i < sizeof(dbl_limits)/sizeof(struct dbl_limits);
+			i++, lim++) {
+			if ((vd.mantissa4 == lim->d.mantissa4) &&
+				(vd.mantissa3 == lim->d.mantissa3) &&
+				(vd.mantissa2 == lim->d.mantissa2) &&
+				(vd.mantissa1 == lim->d.mantissa1) &&
+				(vd.exp == lim->d.exp)) {
+				id = lim->ieee;
+				goto shipit;
+			}
+		}
+		id.exp = vd.exp - VAX_DBL_BIAS + IEEE_DBL_BIAS;
+		id.mantissa1 = (vd.mantissa1 << 13) | (vd.mantissa2 >> 3);
+		id.mantissa2 = ((vd.mantissa2 & MASK(3)) << 29) |
+				(vd.mantissa3 << 13) |
+				((vd.mantissa4 >> 3) & MASK(13));
+	shipit:
+		id.sign = vd.sign;
+		lp = (int32_t *)&id;
+		return (XDR_PUTLONG(xdrs, lp++) && XDR_PUTLONG(xdrs, lp));
+#endif
+
+	case XDR_DECODE:
+#if !defined(vax)
+		lp = (int32_t *)dp;
+		if (sizeof(int32_t) == sizeof(long)) {
+		  return (XDR_GETLONG(xdrs, lp++) && XDR_GETLONG(xdrs, lp));
+		} else {
+		  long lg1, lg2;
+		  bool_t flag =
+		   (XDR_GETLONG(xdrs, &lg1) && XDR_GETLONG(xdrs, &lg2));
+		  *lp++ = lg1;
+		  *lp = lg2;
+		  return flag;
+		}
+#else
+		lp = (int32_t *)&id;
+		if (!XDR_GETLONG(xdrs, lp++) || !XDR_GETLONG(xdrs, lp))
+			return (FALSE);
+		for (i = 0, lim = dbl_limits;
+			i < sizeof(dbl_limits)/sizeof(struct dbl_limits);
+			i++, lim++) {
+			if ((id.mantissa2 == lim->ieee.mantissa2) &&
+				(id.mantissa1 == lim->ieee.mantissa1) &&
+				(id.exp == lim->ieee.exp)) {
+				vd = lim->d;
+				goto doneit;
+			}
+		}
+		vd.exp = id.exp - IEEE_DBL_BIAS + VAX_DBL_BIAS;
+		vd.mantissa1 = (id.mantissa1 >> 13);
+		vd.mantissa2 = ((id.mantissa1 & MASK(13)) << 3) |
+				(id.mantissa2 >> 29);
+		vd.mantissa3 = (id.mantissa2 >> 13);
+		vd.mantissa4 = (id.mantissa2 << 3);
+	doneit:
+		vd.sign = id.sign;
+		*dp = *((double *)&vd);
+		return (TRUE);
+#endif
+
+	case XDR_FREE:
+		return (TRUE);
+	}
+	return (FALSE);
+}
+
+#endif /* IGNORE */
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_mem.c b/krb5-1.21.3/src/lib/rpc/xdr_mem.c
new file mode 100644
index 00000000..8d3f1201
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_mem.c
@@ -0,0 +1,184 @@
+/* @(#)xdr_mem.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr_mem.c 1.19 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * xdr_mem.h, XDR implementation using memory buffers.
+ *
+ * If you have some data to be interpreted as external data representation
+ * or to be converted to external data representation in a memory buffer,
+ * then this is the package for you.
+ *
+ */
+
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <netinet/in.h>
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+
+static bool_t	xdrmem_getlong(XDR *, long *);
+static bool_t	xdrmem_putlong(XDR *, long *);
+static bool_t	xdrmem_getbytes(XDR *, caddr_t, u_int);
+static bool_t	xdrmem_putbytes(XDR *, caddr_t, u_int);
+static u_int	xdrmem_getpos(XDR *);
+static bool_t	xdrmem_setpos(XDR *, u_int);
+static rpc_inline_t *	xdrmem_inline(XDR *, int);
+static void	xdrmem_destroy(XDR *);
+
+static struct	xdr_ops xdrmem_ops = {
+	xdrmem_getlong,
+	xdrmem_putlong,
+	xdrmem_getbytes,
+	xdrmem_putbytes,
+	xdrmem_getpos,
+	xdrmem_setpos,
+	xdrmem_inline,
+	xdrmem_destroy
+};
+
+/*
+ * The procedure xdrmem_create initializes a stream descriptor for a
+ * memory buffer.
+ */
+void
+xdrmem_create(
+	XDR *xdrs,
+	caddr_t addr,
+	u_int size,
+	enum xdr_op op)
+{
+
+	xdrs->x_op = op;
+	xdrs->x_ops = &xdrmem_ops;
+	xdrs->x_private = xdrs->x_base = addr;
+	xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */
+}
+
+static void
+xdrmem_destroy(XDR *xdrs)
+{
+}
+
+static bool_t
+xdrmem_getlong(XDR *xdrs, long *lp)
+{
+
+	if (xdrs->x_handy < BYTES_PER_XDR_UNIT)
+		return (FALSE);
+	else
+		xdrs->x_handy -= BYTES_PER_XDR_UNIT;
+	*lp = (long)(int32_t)ntohl(*((uint32_t *)(xdrs->x_private)));
+	xdrs->x_private = (char *)xdrs->x_private + BYTES_PER_XDR_UNIT;
+	return (TRUE);
+}
+
+static bool_t
+xdrmem_putlong(XDR *xdrs, long *lp)
+{
+
+	if (xdrs->x_handy < BYTES_PER_XDR_UNIT)
+		return (FALSE);
+	else
+		xdrs->x_handy -= BYTES_PER_XDR_UNIT;
+	*(int32_t *)xdrs->x_private = (int32_t)htonl((uint32_t)(*lp));
+	xdrs->x_private = (char *)xdrs->x_private + BYTES_PER_XDR_UNIT;
+	return (TRUE);
+}
+
+static bool_t
+xdrmem_getbytes(XDR *xdrs, caddr_t addr, u_int len)
+{
+
+	if ((u_int)xdrs->x_handy < len)
+		return (FALSE);
+	else
+		xdrs->x_handy -= len;
+	memmove(addr, xdrs->x_private, len);
+	xdrs->x_private = (char *)xdrs->x_private + len;
+	return (TRUE);
+}
+
+static bool_t
+xdrmem_putbytes(XDR *xdrs, caddr_t addr, u_int len)
+{
+
+	if ((u_int)xdrs->x_handy < len)
+		return (FALSE);
+	else
+		xdrs->x_handy -= len;
+	memmove(xdrs->x_private, addr, len);
+	xdrs->x_private = (char *)xdrs->x_private + len;
+	return (TRUE);
+}
+
+static u_int
+xdrmem_getpos(XDR *xdrs)
+{
+/*
+ * 11/3/95 - JRG - Rather than recast everything for 64 bit, just convert
+ * pointers to longs, then cast to int.
+ */
+	return (u_int)((u_long)xdrs->x_private - (u_long)xdrs->x_base);
+}
+
+static bool_t
+xdrmem_setpos(XDR *xdrs, u_int pos)
+{
+	caddr_t newaddr = xdrs->x_base + pos;
+	caddr_t lastaddr = (char *)xdrs->x_private + xdrs->x_handy;
+
+	if ((long)newaddr > (long)lastaddr)
+		return (FALSE);
+	xdrs->x_private = newaddr;
+	xdrs->x_handy = (int)((long)lastaddr - (long)newaddr);
+	return (TRUE);
+}
+
+static rpc_inline_t *
+xdrmem_inline(XDR *xdrs, int len)
+{
+	rpc_inline_t *buf = 0;
+
+	if (len >= 0 && xdrs->x_handy >= len) {
+		xdrs->x_handy -= len;
+		buf = (rpc_inline_t *) xdrs->x_private;
+		xdrs->x_private = (char *)xdrs->x_private + len;
+	}
+	return (buf);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_rec.c b/krb5-1.21.3/src/lib/rpc/xdr_rec.c
new file mode 100644
index 00000000..1f6a7762
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_rec.c
@@ -0,0 +1,571 @@
+/* @(#)xdr_rec.c	2.2 88/08/01 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * xdr_rec.c, Implements TCP/IP based XDR streams with a "record marking"
+ * layer above tcp (for rpc's use).
+ *
+ * These routines interface XDRSTREAMS to a tcp/ip connection.
+ * There is a record marking layer between the xdr stream
+ * and the tcp transport level.  A record is composed on one or more
+ * record fragments.  A record fragment is a thirty-two bit header followed
+ * by n bytes of data, where n is contained in the header.  The header
+ * is represented as a htonl(uint32_t).  Thegh order bit encodes
+ * whether or not the fragment is the last fragment of the record
+ * (1 => fragment is last, 0 => more fragments to follow.
+ * The other 31 bits encode the byte length of the fragment.
+ */
+
+#include <stdio.h>
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <netinet/in.h>
+
+#include <unistd.h>
+#include <string.h>
+
+static bool_t	xdrrec_getlong(XDR *, long *);
+static bool_t	xdrrec_putlong(XDR *, long *);
+static bool_t	xdrrec_getbytes(XDR *, caddr_t, u_int);
+static bool_t	xdrrec_putbytes(XDR *, caddr_t, u_int);
+static u_int	xdrrec_getpos(XDR *);
+static bool_t	xdrrec_setpos(XDR *, u_int);
+static rpc_inline_t *	xdrrec_inline(XDR *, int);
+static void	xdrrec_destroy(XDR *);
+
+static struct  xdr_ops xdrrec_ops = {
+	xdrrec_getlong,
+	xdrrec_putlong,
+	xdrrec_getbytes,
+	xdrrec_putbytes,
+	xdrrec_getpos,
+	xdrrec_setpos,
+	xdrrec_inline,
+	xdrrec_destroy
+};
+
+/*
+ * A record is composed of one or more record fragments.
+ * A record fragment is a four-byte header followed by zero to
+ * 2**31-1 bytes.  The header is treated as an unsigned 32 bit integer and is
+ * encode/decoded to the network via htonl/ntohl.  The low order 31 bits
+ * are a byte count of the fragment.  The highest order bit is a boolean:
+ * 1 => this fragment is the last fragment of the record,
+ * 0 => this fragment is followed by more fragment(s).
+ *
+ * The fragment/record machinery is not general;  it is constructed to
+ * meet the needs of xdr and rpc based on tcp.
+ */
+
+#define LAST_FRAG ((uint32_t)(1UL << 31))
+
+typedef struct rec_strm {
+	caddr_t tcp_handle;
+	caddr_t the_buffer;
+	/*
+	 * out-goung bits
+	 */
+	int (*writeit)();
+	caddr_t out_base;	/* output buffer (points to frag header) */
+	caddr_t out_finger;	/* next output position */
+	caddr_t out_boundry;	/* data cannot up to this address */
+	uint32_t *frag_header;	/* beginning of curren fragment */
+	bool_t frag_sent;	/* true if buffer sent in middle of record */
+	/*
+	 * in-coming bits
+	 */
+	int (*readit)();
+	uint32_t in_size;	/* fixed size of the input buffer */
+	caddr_t in_base;
+	caddr_t in_finger;	/* location of next byte to be had */
+	caddr_t in_boundry;	/* can read up to this location */
+	int32_t fbtbc;		/* fragment bytes to be consumed */
+	bool_t last_frag;
+	u_int sendsize;
+	u_int recvsize;
+} RECSTREAM;
+
+static u_int	fix_buf_size(u_int);
+static bool_t   flush_out(RECSTREAM *, bool_t);
+static bool_t   get_input_bytes(RECSTREAM *, caddr_t, int);
+static bool_t   set_input_fragment(RECSTREAM *);
+static bool_t   skip_input_bytes(RECSTREAM *, int32_t);
+
+/*
+ * Create an xdr handle for xdrrec
+ * xdrrec_create fills in xdrs.  Sendsize and recvsize are
+ * send and recv buffer sizes (0 => use default).
+ * tcp_handle is an opaque handle that is passed as the first parameter to
+ * the procedures readit and writeit.  Readit and writeit are read and
+ * write respectively.   They are like the system
+ * calls expect that they take an opaque handle rather than an fd.
+ */
+void
+xdrrec_create(
+	XDR *xdrs,
+	u_int sendsize,
+	u_int recvsize,
+	caddr_t tcp_handle,
+	int (*readit)(), /* like read, but pass it a tcp_handle, not sock */
+	int (*writeit)() /* like write, but pass it a tcp_handle, not sock */
+	)
+{
+	RECSTREAM *rstrm = mem_alloc(sizeof(RECSTREAM));
+
+	if (rstrm == NULL) {
+		(void)fprintf(stderr, "xdrrec_create: out of memory\n");
+		/*
+		 *  This is bad.  Should rework xdrrec_create to
+		 *  return a handle, and in this case return NULL
+		 */
+		return;
+	}
+	/*
+	 * adjust sizes and allocate buffer quad byte aligned
+	 */
+	rstrm->sendsize = sendsize = fix_buf_size(sendsize);
+	rstrm->recvsize = recvsize = fix_buf_size(recvsize);
+	rstrm->the_buffer = mem_alloc(sendsize + recvsize + BYTES_PER_XDR_UNIT);
+	if (rstrm->the_buffer == NULL) {
+		(void)fprintf(stderr, "xdrrec_create: out of memory\n");
+		return;
+	}
+	for (rstrm->out_base = rstrm->the_buffer;
+	     /* Pointer arithmetic - long cast allowed... */
+		(u_long)rstrm->out_base % BYTES_PER_XDR_UNIT != 0;
+		rstrm->out_base++);
+	rstrm->in_base = rstrm->out_base + sendsize;
+	/*
+	 * now the rest ...
+	 */
+	xdrs->x_ops = &xdrrec_ops;
+	xdrs->x_private = (caddr_t)rstrm;
+	rstrm->tcp_handle = tcp_handle;
+	rstrm->readit = readit;
+	rstrm->writeit = writeit;
+	rstrm->out_finger = rstrm->out_boundry = rstrm->out_base;
+	rstrm->frag_header = (uint32_t *)(void *)rstrm->out_base;
+	rstrm->out_finger += BYTES_PER_XDR_UNIT;
+	rstrm->out_boundry += sendsize;
+	rstrm->frag_sent = FALSE;
+	rstrm->in_size = recvsize;
+	rstrm->in_boundry = rstrm->in_base;
+	rstrm->in_finger = (rstrm->in_boundry += recvsize);
+	rstrm->fbtbc = 0;
+	rstrm->last_frag = TRUE;
+}
+
+
+/*
+ * The reoutines defined below are the xdr ops which will go into the
+ * xdr handle filled in by xdrrec_create.
+ */
+
+static bool_t
+xdrrec_getlong(XDR *xdrs, long *lp)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	int32_t *buflp = (void *)(rstrm->in_finger);
+	uint32_t mylong;
+
+	/* first try the inline, fast case */
+	if ((rstrm->fbtbc >= BYTES_PER_XDR_UNIT) &&
+		(((long)rstrm->in_boundry - (long)buflp) >=
+		 BYTES_PER_XDR_UNIT)) {
+		*lp = (long)ntohl((uint32_t)(*buflp));
+		rstrm->fbtbc -= BYTES_PER_XDR_UNIT;
+		rstrm->in_finger += BYTES_PER_XDR_UNIT;
+	} else {
+		if (! xdrrec_getbytes(xdrs, (caddr_t)&mylong,
+				      BYTES_PER_XDR_UNIT))
+			return (FALSE);
+		*lp = (long)(int32_t)ntohl(mylong);
+	}
+	return (TRUE);
+}
+
+static bool_t
+xdrrec_putlong(XDR *xdrs, long *lp)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	int32_t *dest_lp = (void *)(rstrm->out_finger);
+
+	if (rstrm->out_boundry - rstrm->out_finger < BYTES_PER_XDR_UNIT) {
+		/*
+		 * this case should almost never happen so the code is
+		 * inefficient
+		 */
+		rstrm->frag_sent = TRUE;
+		if (! flush_out(rstrm, FALSE))
+			return (FALSE);
+		dest_lp = ((int32_t *)(void *)(rstrm->out_finger));
+	}
+	rstrm->out_finger += BYTES_PER_XDR_UNIT;
+	*dest_lp = (int32_t)htonl((uint32_t)(*lp));
+	return (TRUE);
+}
+
+static bool_t  /* must manage buffers, fragments, and records */
+xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	u_int current;
+
+	while (len > 0) {
+		current = rstrm->fbtbc;
+		if (current == 0) {
+			if (rstrm->last_frag)
+				return (FALSE);
+			if (! set_input_fragment(rstrm))
+				return (FALSE);
+			continue;
+		}
+		current = (len < current) ? len : current;
+		if (! get_input_bytes(rstrm, addr, current))
+			return (FALSE);
+		addr += current;
+		rstrm->fbtbc -= current;
+		len -= current;
+	}
+	return (TRUE);
+}
+
+static bool_t
+xdrrec_putbytes(XDR *xdrs, caddr_t addr, u_int len)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	size_t current;
+
+	while (len > 0) {
+		current = (size_t) ((long)rstrm->out_boundry -
+				 (long)rstrm->out_finger);
+		current = (len < current) ? len : current;
+		memmove(rstrm->out_finger, addr, current);
+		rstrm->out_finger += current;
+		addr += current;
+		len -= current;
+		if (rstrm->out_finger == rstrm->out_boundry) {
+			rstrm->frag_sent = TRUE;
+			if (! flush_out(rstrm, FALSE))
+				return (FALSE);
+		}
+	}
+	return (TRUE);
+}
+
+static u_int
+xdrrec_getpos(XDR *xdrs)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	int pos;
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		pos = rstrm->out_finger - rstrm->out_base
+			- BYTES_PER_XDR_UNIT;
+		break;
+
+	case XDR_DECODE:
+		pos = rstrm->in_boundry - rstrm->in_finger
+			- BYTES_PER_XDR_UNIT;
+		break;
+
+	default:
+		pos = -1;
+		break;
+	}
+	return ((u_int) pos);
+}
+
+static bool_t
+xdrrec_setpos(XDR *xdrs, u_int pos)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	u_int currpos = xdrrec_getpos(xdrs);
+	int delta = currpos - pos;
+	caddr_t newpos;
+
+	if ((int)currpos != -1)
+		switch (xdrs->x_op) {
+
+		case XDR_ENCODE:
+			newpos = rstrm->out_finger - delta;
+			if ((newpos > (caddr_t)(rstrm->frag_header)) &&
+				(newpos < rstrm->out_boundry)) {
+				rstrm->out_finger = newpos;
+				return (TRUE);
+			}
+			break;
+
+		case XDR_DECODE:
+			newpos = rstrm->in_finger - delta;
+			if ((delta < (int)(rstrm->fbtbc)) &&
+				(newpos <= rstrm->in_boundry) &&
+				(newpos >= rstrm->in_base)) {
+				rstrm->in_finger = newpos;
+				rstrm->fbtbc -= delta;
+				return (TRUE);
+			}
+			break;
+
+		case XDR_FREE:
+			break;
+		}
+	return (FALSE);
+}
+
+static rpc_inline_t *
+xdrrec_inline(XDR *xdrs, int len)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	rpc_inline_t * buf = NULL;
+
+	if (len < 0)
+		return (FALSE);
+
+	switch (xdrs->x_op) {
+
+	case XDR_ENCODE:
+		if (len <= (rstrm->out_boundry - rstrm->out_finger)) {
+			buf = (rpc_inline_t *)(void *) rstrm->out_finger;
+			rstrm->out_finger += len;
+		}
+		break;
+
+	case XDR_DECODE:
+		if ((len <= rstrm->fbtbc) &&
+			(len <= (rstrm->in_boundry - rstrm->in_finger))) {
+			buf = (rpc_inline_t *)(void *) rstrm->in_finger;
+			rstrm->fbtbc -= len;
+			rstrm->in_finger += len;
+		}
+		break;
+
+	case XDR_FREE:
+	        break;
+	}
+	return (buf);
+}
+
+static void
+xdrrec_destroy(XDR *xdrs)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+
+	mem_free(rstrm->the_buffer,
+		rstrm->sendsize + rstrm->recvsize + BYTES_PER_XDR_UNIT);
+	mem_free((caddr_t)rstrm, sizeof(RECSTREAM));
+}
+
+
+/*
+ * Exported routines to manage xdr records
+ */
+
+/*
+ * Before reading (deserializing from the stream, one should always call
+ * this procedure to guarantee proper record alignment.
+ */
+bool_t
+xdrrec_skiprecord(XDR *xdrs)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+
+	while (rstrm->fbtbc > 0 || (! rstrm->last_frag)) {
+		if (! skip_input_bytes(rstrm, rstrm->fbtbc))
+			return (FALSE);
+		rstrm->fbtbc = 0;
+		if ((! rstrm->last_frag) && (! set_input_fragment(rstrm)))
+			return (FALSE);
+	}
+	rstrm->last_frag = FALSE;
+	return (TRUE);
+}
+
+/*
+ * Look ahead function.
+ * Returns TRUE iff there is no more input in the buffer
+ * after consuming the rest of the current record.
+ */
+bool_t
+xdrrec_eof(XDR *xdrs)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+
+	while (rstrm->fbtbc > 0 || (! rstrm->last_frag)) {
+		if (! skip_input_bytes(rstrm, rstrm->fbtbc))
+			return (TRUE);
+		rstrm->fbtbc = 0;
+		if ((! rstrm->last_frag) && (! set_input_fragment(rstrm)))
+			return (TRUE);
+	}
+	if (rstrm->in_finger == rstrm->in_boundry)
+		return (TRUE);
+	return (FALSE);
+}
+
+/*
+ * The client must tell the package when an end-of-record has occurred.
+ * The second paraemters tells whether the record should be flushed to the
+ * (output) tcp stream.  (This lets the package support batched or
+ * pipelined procedure calls.)  TRUE => immediate flush to tcp connection.
+ */
+bool_t
+xdrrec_endofrecord(XDR *xdrs, bool_t sendnow)
+{
+	RECSTREAM *rstrm = xdrs->x_private;
+	uint32_t len;  /* fragment length */
+
+	if (sendnow || rstrm->frag_sent ||
+		((long)rstrm->out_finger + BYTES_PER_XDR_UNIT >=
+		(long)rstrm->out_boundry)) {
+		rstrm->frag_sent = FALSE;
+		return (flush_out(rstrm, TRUE));
+	}
+	len = (long)(rstrm->out_finger) - (long)(rstrm->frag_header) -
+	   BYTES_PER_XDR_UNIT;
+	*(rstrm->frag_header) = htonl((uint32_t)len | LAST_FRAG);
+	rstrm->frag_header = (uint32_t *)(void *)rstrm->out_finger;
+	rstrm->out_finger += BYTES_PER_XDR_UNIT;
+	return (TRUE);
+}
+
+
+/*
+ * Internal useful routines
+ */
+static bool_t
+flush_out(RECSTREAM *rstrm, bool_t eor)
+{
+	uint32_t eormask = (eor == TRUE) ? LAST_FRAG : 0;
+	uint32_t len = (u_long)(rstrm->out_finger) -
+		(u_long)(rstrm->frag_header) - BYTES_PER_XDR_UNIT;
+
+	*(rstrm->frag_header) = htonl(len | eormask);
+	len = (u_long)(rstrm->out_finger) - (u_long)(rstrm->out_base);
+	if ((*(rstrm->writeit))(rstrm->tcp_handle, rstrm->out_base, (int)len)
+		!= (int)len)
+		return (FALSE);
+	rstrm->frag_header = (uint32_t *)(void *)rstrm->out_base;
+	rstrm->out_finger = (caddr_t)rstrm->out_base + BYTES_PER_XDR_UNIT;
+	return (TRUE);
+}
+
+static bool_t  /* knows nothing about records!  Only about input buffers */
+fill_input_buf(RECSTREAM *rstrm)
+{
+	caddr_t where;
+	u_int i;
+	int len;
+
+	where = rstrm->in_base;
+	i = (u_int)((u_long)rstrm->in_boundry % BYTES_PER_XDR_UNIT);
+	where += i;
+	len = rstrm->in_size - i;
+	if ((len = (*(rstrm->readit))(rstrm->tcp_handle, where, len)) == -1)
+		return (FALSE);
+	rstrm->in_finger = where;
+	where += len;
+	rstrm->in_boundry = where;
+	return (TRUE);
+}
+
+static bool_t  /* knows nothing about records!  Only about input buffers */
+get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len)
+{
+	size_t current;
+
+	while (len > 0) {
+		current = (size_t)((long)rstrm->in_boundry -
+				(long)rstrm->in_finger);
+		if (current == 0) {
+			if (! fill_input_buf(rstrm))
+				return (FALSE);
+			continue;
+		}
+		current = ((size_t)len < current) ? (size_t)len : current;
+		memmove(addr, rstrm->in_finger, current);
+		rstrm->in_finger += current;
+		addr += current;
+		len -= current;
+	}
+	return (TRUE);
+}
+
+static bool_t  /* next four bytes of input stream are treated as a header */
+set_input_fragment(rstrm)
+	RECSTREAM *rstrm;
+{
+	uint32_t header;
+
+	if (! get_input_bytes(rstrm, (caddr_t)&header, sizeof(header)))
+		return (FALSE);
+	header = ntohl(header);
+	rstrm->last_frag = ((header & LAST_FRAG) == 0) ? FALSE : TRUE;
+	rstrm->fbtbc = header & (~LAST_FRAG);
+	return (TRUE);
+}
+
+static bool_t  /* consumes input bytes; knows nothing about records! */
+skip_input_bytes(RECSTREAM *rstrm, int32_t cnt)
+{
+	int current;
+
+	while (cnt > 0) {
+		current = (int)((long)rstrm->in_boundry -
+				(long)rstrm->in_finger);
+		if (current == 0) {
+			if (! fill_input_buf(rstrm))
+				return (FALSE);
+			continue;
+		}
+		current = (cnt < current) ? cnt : current;
+		rstrm->in_finger += current;
+		cnt -= current;
+	}
+	return (TRUE);
+}
+
+static u_int
+fix_buf_size(u_int s)
+{
+
+	if (s < 100)
+		s = 4000;
+	return (RNDUP(s));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_reference.c b/krb5-1.21.3/src/lib/rpc/xdr_reference.c
new file mode 100644
index 00000000..eff279da
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_reference.c
@@ -0,0 +1,139 @@
+/* @(#)xdr_reference.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr_reference.c 1.11 87/08/11 SMI";
+#endif
+
+/*
+ * xdr_reference.c, Generic XDR routines impelmentation.
+ *
+ * These are the "non-trivial" xdr primitives used to serialize and de-serialize
+ * "pointers".  See xdr.h for more info on the interface to xdr.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+
+#define LASTUNSIGNED	((u_int)0-1)
+
+/*
+ * XDR an indirect pointer
+ * xdr_reference is for recursively translating a structure that is
+ * referenced by a pointer inside the structure that is currently being
+ * translated.  pp references a pointer to storage. If *pp is null
+ * the  necessary storage is allocated.
+ * size is the sizeof the referenced structure.
+ * proc is the routine to handle the referenced structure.
+ */
+bool_t
+xdr_reference(
+	XDR *xdrs,
+	caddr_t *pp,		/* the pointer to work on */
+	u_int size,		/* size of the object pointed to */
+	xdrproc_t proc		/* xdr routine to handle the object */
+	)
+{
+	caddr_t loc = *pp;
+	bool_t stat;
+
+	if (loc == NULL)
+		switch (xdrs->x_op) {
+		case XDR_FREE:
+			return (TRUE);
+
+		case XDR_DECODE:
+			*pp = loc = (caddr_t) mem_alloc(size);
+			if (loc == NULL) {
+				(void) fprintf(stderr,
+				    "xdr_reference: out of memory\n");
+				return (FALSE);
+			}
+			memset(loc, 0, size);
+			break;
+
+		case XDR_ENCODE:
+			break;
+	}
+
+	stat = (*proc)(xdrs, loc, LASTUNSIGNED);
+
+	if (xdrs->x_op == XDR_FREE) {
+		mem_free(loc, size);
+		*pp = NULL;
+	}
+	return (stat);
+}
+
+
+/*
+ * xdr_pointer():
+ *
+ * XDR a pointer to a possibly recursive data structure. This
+ * differs with xdr_reference in that it can serialize/deserialiaze
+ * trees correctly.
+ *
+ *  What's sent is actually a union:
+ *
+ *  union object_pointer switch (boolean b) {
+ *  case TRUE: object_data data;
+ *  case FALSE: void nothing;
+ *  }
+ *
+ * > objpp: Pointer to the pointer to the object.
+ * > obj_size: size of the object.
+ * > xdr_obj: routine to XDR an object.
+ *
+ */
+bool_t
+xdr_pointer(
+	XDR *xdrs,
+	char **objpp,
+	u_int obj_size,
+	xdrproc_t xdr_obj)
+{
+
+	bool_t more_data;
+
+	more_data = (*objpp != NULL);
+	if (! xdr_bool(xdrs,&more_data)) {
+		return (FALSE);
+	}
+	if (! more_data) {
+		*objpp = NULL;
+		return (TRUE);
+	}
+	return (xdr_reference(xdrs,objpp,obj_size,xdr_obj));
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_sizeof.c b/krb5-1.21.3/src/lib/rpc/xdr_sizeof.c
new file mode 100644
index 00000000..5b77fa6a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_sizeof.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * xdr_sizeof.c
+ *
+ * General purpose routine to see how much space something will use
+ * when serialized using XDR.
+ */
+
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <sys/types.h>
+
+/* ARGSUSED */
+static bool_t
+x_putlong(xdrs, longp)
+	XDR *xdrs;
+	long *longp;
+{
+	xdrs->x_handy += BYTES_PER_XDR_UNIT;
+	return (TRUE);
+}
+
+/* ARGSUSED */
+static bool_t
+x_putbytes(xdrs, bp, len)
+	XDR *xdrs;
+	char  *bp;
+	int len;
+{
+	xdrs->x_handy += len;
+
+	return (TRUE);
+}
+
+static u_int
+x_getpostn(xdrs)
+	XDR *xdrs;
+{
+	return (xdrs->x_handy);
+}
+
+/* ARGSUSED */
+static bool_t
+x_setpostn(xdrs, pos)
+	XDR *xdrs;
+	u_int pos;
+{
+	/* This is not allowed */
+	return (FALSE);
+}
+
+static rpc_inline_t *
+x_inline(xdrs, len)
+	XDR *xdrs;
+	int len;
+{
+	if (len == 0) {
+		return (NULL);
+	}
+	if (xdrs->x_op != XDR_ENCODE) {
+		return (NULL);
+	}
+	if (len < (int) ((caddr_t) xdrs->x_private - xdrs->x_base)) {
+		/* x_private was already allocated */
+		xdrs->x_handy += len;
+		return ((rpc_inline_t *) xdrs->x_private);
+	} else {
+		/* Free the earlier space and allocate new area */
+		if (xdrs->x_base)
+			free(xdrs->x_base);
+		if ((xdrs->x_base = (caddr_t) malloc(len)) == NULL) {
+			xdrs->x_private = NULL;
+			return (NULL);
+		}
+		xdrs->x_private = xdrs->x_base + len;
+		xdrs->x_handy += len;
+		return ((rpc_inline_t *) (void *) xdrs->x_base);
+	}
+}
+
+static int
+harmless()
+{
+	/* Always return FALSE/NULL, as the case may be */
+	return (0);
+}
+
+static void
+x_destroy(xdrs)
+	XDR *xdrs;
+{
+	xdrs->x_handy = 0;
+	xdrs->x_private = NULL;
+	if (xdrs->x_base) {
+		free(xdrs->x_base);
+		xdrs->x_base = NULL;
+	}
+	return;
+}
+
+unsigned long
+xdr_sizeof(func, data)
+	xdrproc_t func;
+	void *data;
+{
+	XDR x;
+	struct xdr_ops ops;
+	bool_t stat;
+	/* to stop ANSI-C compiler from complaining */
+	typedef  bool_t (* dummyfunc1)(XDR *, long *);
+	typedef  bool_t (* dummyfunc2)(XDR *, caddr_t, u_int);
+
+	ops.x_putlong = x_putlong;
+	ops.x_putbytes = x_putbytes;
+	ops.x_inline = x_inline;
+	ops.x_getpostn = x_getpostn;
+	ops.x_setpostn = x_setpostn;
+	ops.x_destroy = x_destroy;
+
+	/* the other harmless ones */
+	ops.x_getlong =  (dummyfunc1) harmless;
+	ops.x_getbytes = (dummyfunc2) harmless;
+
+	x.x_op = XDR_ENCODE;
+	x.x_ops = &ops;
+	x.x_handy = 0;
+	x.x_private = (caddr_t) NULL;
+	x.x_base = (caddr_t) 0;
+
+	stat = func(&x, data);
+	if (x.x_base)
+		free(x.x_base);
+	return (stat == TRUE ? (unsigned) x.x_handy: 0);
+}
diff --git a/krb5-1.21.3/src/lib/rpc/xdr_stdio.c b/krb5-1.21.3/src/lib/rpc/xdr_stdio.c
new file mode 100644
index 00000000..71e1070f
--- /dev/null
+++ b/krb5-1.21.3/src/lib/rpc/xdr_stdio.c
@@ -0,0 +1,172 @@
+/* @(#)xdr_stdio.c	2.1 88/07/29 4.0 RPCSRC */
+/*
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ *     * Neither the name of the "Oracle America, Inc." nor the names of
+ *       its contributors may be used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#if !defined(lint) && defined(SCCSIDS)
+static char sccsid[] = "@(#)xdr_stdio.c 1.16 87/08/11 Copyr 1984 Sun Micro";
+#endif
+
+/*
+ * xdr_stdio.c, XDR implementation on standard i/o file.
+ *
+ * This set of routines implements a XDR on a stdio stream.
+ * XDR_ENCODE serializes onto the stream, XDR_DECODE de-serializes
+ * from the stream.
+ */
+
+#include <gssrpc/types.h>
+#include <stdio.h>
+#include <gssrpc/xdr.h>
+
+static bool_t	xdrstdio_getlong(XDR *, long *);
+static bool_t	xdrstdio_putlong(XDR *, long *);
+static bool_t	xdrstdio_getbytes(XDR *, caddr_t, u_int);
+static bool_t	xdrstdio_putbytes(XDR *, caddr_t, u_int);
+static u_int	xdrstdio_getpos(XDR *);
+static bool_t	xdrstdio_setpos(XDR *, u_int);
+static rpc_inline_t *	xdrstdio_inline(XDR *, int);
+static void	xdrstdio_destroy(XDR *);
+
+/*
+ * Ops vector for stdio type XDR
+ */
+static struct xdr_ops	xdrstdio_ops = {
+	xdrstdio_getlong,	/* deseraialize a long int */
+	xdrstdio_putlong,	/* seraialize a long int */
+	xdrstdio_getbytes,	/* deserialize counted bytes */
+	xdrstdio_putbytes,	/* serialize counted bytes */
+	xdrstdio_getpos,	/* get offset in the stream */
+	xdrstdio_setpos,	/* set offset in the stream */
+	xdrstdio_inline,	/* prime stream for inline macros */
+	xdrstdio_destroy	/* destroy stream */
+};
+
+/*
+ * Initialize a stdio xdr stream.
+ * Sets the xdr stream handle xdrs for use on the stream file.
+ * Operation flag is set to op.
+ */
+void
+xdrstdio_create(XDR *xdrs, FILE *file, enum xdr_op op)
+{
+
+	xdrs->x_op = op;
+	xdrs->x_ops = &xdrstdio_ops;
+	xdrs->x_private = (caddr_t)file;
+	xdrs->x_handy = 0;
+	xdrs->x_base = 0;
+}
+
+/*
+ * Destroy a stdio xdr stream.
+ * Cleans up the xdr stream handle xdrs previously set up by xdrstdio_create.
+ */
+static void
+xdrstdio_destroy(XDR *xdrs)
+{
+	(void)fflush((FILE *)xdrs->x_private);
+	/* xx should we close the file ?? */
+}
+
+static bool_t
+xdrstdio_getlong(XDR *xdrs, long *lp)
+{
+        uint32_t tmp;
+	if (fread((caddr_t)&tmp,
+		  sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1)
+		return (FALSE);
+
+	*lp = (long)ntohl(tmp);
+
+	return (TRUE);
+}
+
+static bool_t
+xdrstdio_putlong(XDR *xdrs, long *lp)
+{
+	uint32_t mycopy = htonl((uint32_t)*lp);
+
+	if (fwrite((caddr_t)&mycopy, sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1)
+		return (FALSE);
+	return (TRUE);
+}
+
+static bool_t
+xdrstdio_getbytes(XDR *xdrs, caddr_t addr, u_int len)
+{
+
+	if ((len != 0) && (fread(addr, (size_t)len, 1,
+				 (FILE *)xdrs->x_private) != 1))
+		return (FALSE);
+	return (TRUE);
+}
+
+static bool_t
+xdrstdio_putbytes(XDR *xdrs, caddr_t addr, u_int len)
+{
+
+	if ((len != 0) && (fwrite(addr, (size_t)len, 1,
+			   (FILE *)xdrs->x_private) != 1))
+		return (FALSE);
+	return (TRUE);
+}
+
+static u_int
+xdrstdio_getpos(XDR *xdrs)
+{
+
+	return ((u_int) ftell((FILE *)xdrs->x_private));
+}
+
+static bool_t
+xdrstdio_setpos(XDR *xdrs, u_int pos)
+{
+
+	return ((fseek((FILE *)xdrs->x_private, (long)pos, 0) < 0) ?
+		FALSE : TRUE);
+}
+
+static rpc_inline_t *
+xdrstdio_inline(XDR *xdrs, int len)
+{
+
+	/*
+	 * Must do some work to implement this: must insure
+	 * enough data in the underlying stdio buffer,
+	 * that the buffer is aligned so that we can indirect through a
+	 * long *, and stuff this pointer in xdrs->x_buf.  Doing
+	 * a fread or fwrite to a scratch buffer would defeat
+	 * most of the gains to be had here and require storage
+	 * management on this buffer, so we don't do this.
+	 */
+	return (NULL);
+}
diff --git a/krb5-1.21.3/src/lib/win_glue.c b/krb5-1.21.3/src/lib/win_glue.c
new file mode 100644
index 00000000..d650cc3a
--- /dev/null
+++ b/krb5-1.21.3/src/lib/win_glue.c
@@ -0,0 +1,460 @@
+#include "k5-int.h"
+
+#ifdef KRB5
+#include "krb5_err.h"
+#include "kv5m_err.h"
+#include "asn1_err.h"
+#include "kdb5_err.h"
+#include "profile.h"
+extern void krb5_stdcc_shutdown();
+#endif
+#ifdef GSSAPI
+#include "gssapi/generic/gssapi_err_generic.h"
+#include "gssapi/krb5/gssapi_err_krb5.h"
+#endif
+
+
+/*
+ * #defines for MIT-specific time-based timebombs and/or version
+ * server for the Kerberos DLL.
+ */
+
+#ifdef SAP_TIMEBOMB
+#define TIMEBOMB 865141200	/* 1-Jun-97 */
+#define TIMEBOMB_PRODUCT "SAPGUI"
+#define TIMEBOMB_WARN  15
+#define TIMEBOMB_INFO "  Please see the web page at:\nhttp://web.mit.edu/reeng/www/saphelp for more information"
+#define TIMEBOMB_ERROR KRB5_APPL_EXPIRED
+#endif
+
+#ifdef KRB_TIMEBOMB
+#define TIMEBOMB 865141200	/* 1-Jun-97 */
+#define TIMEBOMB_PRODUCT "Kerberos V5"
+#define TIMEBOMB_WARN 15
+#define TIMEBOMB_INFO "  Please see the web page at:\nhttp://web.mit.edu/reeng/www/saphelp for more information"
+#define TIMEBOMB_ERROR KRB5_LIB_EXPIRED
+#endif
+
+/*
+ * #defines for using MIT's version server DLL
+ */
+#ifdef SAP_VERSERV
+#define APP_TITLE "KRB5-SAP"
+#define APP_VER "3.0f"
+#define APP_INI "krb5sap.ini"
+#define VERSERV_ERROR 	KRB5_APPL_EXPIRED
+#endif
+
+#ifdef VERSERV
+#define WINDOWS
+#include <ver.h>
+#include <vs.h>
+#include <v.h>
+
+
+/*
+ * This function will get the version resource information from the
+ * application using the DLL.  This allows us to Version Serve
+ * arbitrary third party applications.  If there is an error, or we
+ * decide that we should not version check the calling application
+ * then VSflag will be FALSE when the function returns.
+ *
+ * The buffers passed into this function must be at least
+ * APPVERINFO_SIZE bytes long.
+ */
+
+#define APPVERINFO_SIZE 256
+
+void GetCallingAppVerInfo( char *AppTitle, char *AppVer, char *AppIni,
+			  BOOL *VSflag)
+{
+	char CallerFilename[_MAX_PATH];
+	LONG *lpLangInfo;
+	DWORD hVersionInfoID, size;
+	GLOBALHANDLE hVersionInfo;
+	LPSTR lpVersionInfo;
+	int dumint, retval;
+	char *cp;
+	char *revAppTitle;
+	char szVerQ[90];
+	LPBYTE locAppTitle;
+	LPBYTE locAppVer;
+	char locAppIni[_MAX_PATH];
+#ifndef _WIN32
+	WORD wStackSeg;
+#endif /* !_WIN32 */
+
+	/* first we need to get the calling module's filename */
+#ifndef _WIN32
+	_asm {
+		mov wStackSeg, ss
+	};
+	retval = GetModuleFileName((HMODULE)wStackSeg, CallerFilename,
+		_MAX_PATH);
+#else
+	/*
+	 * Note: this may only work for single threaded applications,
+	 * we'll live and learn ...
+	 */
+        retval = GetModuleFileName( NULL, CallerFilename, _MAX_PATH);
+#endif
+
+	if ( retval == 0 ) {
+		VSflag = FALSE;
+		return;
+	}
+
+	size = GetFileVersionInfoSize( CallerFilename, &hVersionInfoID);
+
+	if( size == 0 ) {
+		/*
+		 * hey , I bet we don't have a version resource, let's
+		 * punt
+		 */
+		*VSflag = FALSE;
+		return;
+	}
+
+	hVersionInfo = GlobalAlloc(GHND, size);
+	lpVersionInfo = GlobalLock(hVersionInfo);
+
+	retval = GetFileVersionInfo( CallerFilename, hVersionInfoID, size,
+				    lpVersionInfo);
+
+	retval = VerQueryValue(lpVersionInfo, "\\VarFileInfo\\Translation",
+			       (LPSTR *)&lpLangInfo, &dumint);
+	wsprintf(szVerQ,
+		 "\\StringFileInfo\\%04x%04x\\",
+		 LOWORD(*lpLangInfo), HIWORD(*lpLangInfo));
+
+	cp = szVerQ + lstrlen(szVerQ);
+
+	lstrcpy(cp, "ProductName");
+
+
+	/* try a localAppTitle and then a strcpy 4/2/97 */
+
+	locAppTitle = 0;
+	locAppVer = 0;
+
+	retval = VerQueryValue(lpVersionInfo, szVerQ, &locAppTitle,
+			       &dumint);
+
+	lstrcpy(cp, "ProductVersion");
+
+
+	retval = VerQueryValue(lpVersionInfo, szVerQ, &locAppVer,
+			       &dumint);
+
+	if (!locAppTitle || !locAppVer) {
+	  	/* Punt, we don't have the right version resource records */
+		*VSflag = FALSE;
+		return;
+	}
+
+	/*
+	 * We don't have a way to determine that INI file of the
+	 * application at the moment so let's just use krb5.ini
+	 */
+	strncpy( locAppIni, KERBEROS_INI, sizeof(locAppIni) - 1 );
+	locAppIni[ sizeof(locAppIni) - 1 ] = '\0';
+
+	strncpy( AppTitle, locAppTitle, APPVERINFO_SIZE);
+	AppTitle[APPVERINFO_SIZE - 1] = '\0';
+	strncpy( AppVer, locAppVer, APPVERINFO_SIZE);
+	AppVer[APPVERINFO_SIZE - 1] = '\0';
+	strncpy( AppIni, locAppIni, APPVERINFO_SIZE);
+	AppIni[APPVERINFO_SIZE - 1] = '\0';
+
+	/*
+	 * We also need to determine if we want to suppress version
+	 * checking of this application.  Does the tail of the
+	 * AppTitle end in a "-v" ?
+	 */
+	revAppTitle = _strrev( _strdup(AppTitle));
+	if( revAppTitle[0] == 'v' || revAppTitle[0] == 'V'  &&
+	   revAppTitle[1] == '-' ) {
+		VSflag = FALSE;
+	}
+	return;
+}
+
+
+/*
+ * Use the version server to give us some control on distribution and usage
+ * We're going to test track as well
+ */
+static int CallVersionServer(app_title, app_version, app_ini, code_cover)
+	char *app_title;
+	char *app_version;
+	char *app_ini;
+	char *code_cover;
+{
+	VS_Request vrequest;
+	VS_Status  vstatus;
+
+	SetCursor(LoadCursor(NULL, IDC_WAIT));
+
+	/*
+	 * We should be able to pass in code_cover below, but things
+	 * are breaking under Windows 16 for no good reason.
+	 */
+	vrequest = VSFormRequest((LPSTR) app_title, (LPSTR) app_version,
+				 (LPSTR) app_ini,
+				 NULL /* code_cover */, NULL,
+				 V_CHECK_AND_LOG);
+
+	SetCursor(LoadCursor(NULL, IDC_ARROW));
+	/*
+	 * If the user presses cancel when registering the test
+	 * tracker, we'll let them continue.
+	 */
+	if (ReqStatus(vrequest) == V_E_CANCEL) {
+		VSDestroyRequest(vrequest);
+		return 0;
+	}
+	vstatus = VSProcessRequest(vrequest);
+	/*
+	 * Only complain periodically, if the test tracker isn't
+	 * working...
+	 */
+	if (v_complain(vstatus, app_ini)) {
+		WinVSReportRequest(vrequest, NULL,
+				   "Version Server Status Report");
+	}
+	if (vstatus == V_REQUIRED) {
+		SetCursor(LoadCursor(NULL, IDC_WAIT));
+		VSDestroyRequest(vrequest);
+		return( -1 );
+	}
+	VSDestroyRequest(vrequest);
+	return (0);
+}
+#endif
+
+#ifdef TIMEBOMB
+static krb5_error_code do_timebomb()
+{
+	char buf[1024];
+	long timeleft;
+	static first_time = 1;
+
+	timeleft = TIMEBOMB - time(0);
+	if (timeleft <= 0) {
+		if (first_time) {
+			sprintf(buf, "Your version of %s has expired.\n",
+				TIMEBOMB_PRODUCT);
+			buf[sizeof(buf) - 1] = '\0';
+			strncat(buf, "Please upgrade it.", sizeof(buf) - 1 - strlen(buf));
+#ifdef TIMEBOMB_INFO
+			strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
+#endif
+			MessageBox(NULL, buf, "", MB_OK);
+			first_time = 0;
+		}
+		return TIMEBOMB_ERROR;
+	}
+	timeleft = timeleft / ((long) 60*60*24);
+	if (timeleft < TIMEBOMB_WARN) {
+		if (first_time) {
+			sprintf(buf, "Your version of %s will expire in %ld days.\n",
+				TIMEBOMB_PRODUCT, timeleft);
+			strncat(buf, "Please upgrade it soon.", sizeof(buf) - 1 - strlen(buf));
+#ifdef TIMEBOMB_INFO
+			strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
+#endif
+			MessageBox(NULL, buf, "", MB_OK);
+			first_time = 0;
+		}
+	}
+	return 0;
+}
+#endif
+
+/*
+ * This was originally called from LibMain; unfortunately, Windows 3.1
+ * doesn't allow you to make messaging calls from LibMain.  So, we now
+ * do the timebomb/version server stuff from krb5_init_context().
+ */
+krb5_error_code krb5_vercheck()
+{
+	static int verchecked = 0;
+	if (verchecked)
+		return 0;
+#ifdef TIMEBOMB
+	krb5_error_code retval = do_timebomb();
+	if (retval)
+		return retval;
+#endif
+#ifdef VERSERV
+	{
+#ifdef APP_TITLE
+		if (CallVersionServer(APP_TITLE, APP_VER, APP_INI, NULL))
+			return VERSERV_ERROR;
+#else
+		char AppTitle[APPVERINFO_SIZE];
+		char AppVer[APPVERINFO_SIZE];
+		char AppIni[APPVERINFO_SIZE];
+		BOOL VSflag=TRUE;
+
+		GetCallingAppVerInfo( AppTitle, AppVer, AppIni, &VSflag);
+
+		if (VSflag) {
+			if (CallVersionServer(AppTitle, AppVer, AppIni, NULL))
+				return KRB5_APPL_EXPIRED;
+		}
+#endif
+
+	}
+#endif
+        verchecked = 1;
+	return 0;
+}
+
+
+static HINSTANCE hlibinstance;
+
+HINSTANCE get_lib_instance()
+{
+    return hlibinstance;
+}
+
+#define DLL_STARTUP 0
+#define DLL_SHUTDOWN 1
+
+static int
+control(int mode)
+{
+    switch(mode) {
+    case DLL_STARTUP:
+	break;
+
+    case DLL_SHUTDOWN:
+#ifdef KRB5
+	krb5_stdcc_shutdown();
+#endif
+	break;
+
+#if defined(ENABLE_THREADS) && defined(SUPPORTLIB)
+    case DLL_THREAD_DETACH:
+	krb5int_thread_detach_hook();
+	return 0;
+#endif
+
+    default:
+	return -1;
+    }
+
+#if defined KRB5
+    switch (mode) {
+    case DLL_STARTUP:
+	profile_library_initializer__auxinit();
+	krb5int_lib_init__auxinit();
+	break;
+    case DLL_SHUTDOWN:
+	krb5int_lib_fini();
+	profile_library_finalizer();
+	break;
+    }
+#elif defined GSSAPI
+    switch (mode) {
+    case DLL_STARTUP:
+	gssint_mechglue_init__auxinit();
+	break;
+    case DLL_SHUTDOWN:
+	gssint_mechglue_fini();
+	break;
+    }
+#elif defined COMERR
+    switch (mode) {
+    case DLL_STARTUP:
+	com_err_initialize__auxinit();
+	break;
+    case DLL_SHUTDOWN:
+	com_err_terminate();
+	break;
+    }
+#elif defined PROFILELIB
+    switch (mode) {
+    case DLL_STARTUP:
+	profile_library_initializer__auxinit();
+	break;
+    case DLL_SHUTDOWN:
+	profile_library_finalizer();
+	break;
+    }
+#elif defined SUPPORTLIB
+    switch (mode) {
+    case DLL_STARTUP:
+      krb5int_thread_support_init__auxinit();
+      break;
+    case DLL_SHUTDOWN:
+      krb5int_thread_support_fini();
+      break;
+    }
+#else
+# error "Don't know the init/fini functions for this library."
+#endif
+
+    return 0;
+}
+
+#ifdef _WIN32
+
+BOOL WINAPI DllMain (HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
+{
+    switch (fdwReason)
+    {
+        case DLL_PROCESS_ATTACH:
+	    hlibinstance = (HINSTANCE) hModule;
+	    if (control(DLL_STARTUP))
+		return FALSE;
+	    break;
+
+        case DLL_THREAD_ATTACH:
+	    break;
+
+        case DLL_THREAD_DETACH:
+	    if (control(DLL_THREAD_DETACH))
+		return FALSE;
+	    break;
+
+        case DLL_PROCESS_DETACH:
+	    if (control(DLL_SHUTDOWN))
+		return FALSE;
+	    break;
+
+        default:
+	    return FALSE;
+    }
+
+    return TRUE;   // successful DLL_PROCESS_ATTACH
+}
+
+#else
+
+BOOL CALLBACK
+LibMain (hInst, wDataSeg, cbHeap, CmdLine)
+HINSTANCE hInst;
+WORD wDataSeg;
+WORD cbHeap;
+LPSTR CmdLine;
+{
+    hlibinstance = hInst;
+    if (control(DLL_STARTUP))
+	return 0;
+    else
+	return 1;
+}
+
+int CALLBACK __export
+WEP(nParam)
+	int nParam;
+{
+    if (control(DLL_SHUTDOWN))
+	return 0;
+    else
+	return 1;
+}
+
+#endif
diff --git a/krb5-1.21.3/src/lib/xpprof32.def b/krb5-1.21.3/src/lib/xpprof32.def
new file mode 100644
index 00000000..c487a637
--- /dev/null
+++ b/krb5-1.21.3/src/lib/xpprof32.def
@@ -0,0 +1,28 @@
+;----------------------------------------------------
+;   XPPROF32.DEF - XPPROF32.DLL 
+;----------------------------------------------------
+
+;LIBRARY		XPPROF32.DLL
+DESCRIPTION	'Cross Platform Profile DLL'
+HEAPSIZE	8192
+
+EXPORTS
+         profile_abandon		  @1
+         profile_add_relation		  @2
+         profile_clear_relation		  @3
+         profile_flush			  @4
+         profile_free_list		  @5
+         profile_get_integer		  @6
+         profile_get_relation_names	  @7
+         profile_get_string		  @8
+         profile_get_subsection_names	  @9
+         profile_get_values		 @10
+         profile_init			 @11
+         profile_init_path		 @12
+         profile_iterator		 @13
+         profile_iterator_create	 @14
+         profile_iterator_free		 @15
+         profile_release		 @16
+         profile_release_string		 @17
+         profile_rename_section		 @18
+         profile_update_relation	 @19
diff --git a/krb5-1.21.3/src/man/Makefile.in b/krb5-1.21.3/src/man/Makefile.in
new file mode 100644
index 00000000..85cae091
--- /dev/null
+++ b/krb5-1.21.3/src/man/Makefile.in
@@ -0,0 +1,152 @@
+mydir=man
+BUILDTOP=$(REL)..
+
+SPHINX_BUILD=sphinx-build
+GROFF=@GROFF@
+GROFF_MAN=$(GROFF) -mtty-char -Tascii -mandoc -c
+sysconfdir=@sysconfdir@
+DEFCCNAME=@DEFCCNAME@
+DEFKTNAME=@DEFKTNAME@
+DEFCKTNAME=@DEFCKTNAME@
+PKCS11_MODNAME=@PKCS11_MODNAME@
+
+MANSUBS=k5identity.sub k5login.sub k5srvutil.sub kadm5.acl.sub kadmin.sub \
+	kadmind.sub kdb5_ldap_util.sub kdb5_util.sub kdc.conf.sub \
+	kdestroy.sub kinit.sub klist.sub kpasswd.sub kprop.sub kpropd.sub \
+	kproplog.sub krb5.conf.sub krb5-config.sub krb5kdc.sub ksu.sub \
+	kswitch.sub ktutil.sub kvno.sub sclient.sub sserver.sub kerberos.sub
+
+docsrc=$(top_srcdir)/../doc
+
+# Update checked-in man pages from RST sources in the top-level doc
+# directory.  This can be done from an unconfigured tree with:
+#     make -f Makefile.in top_srcdir=.. srcdir=. man
+#     make -f Makefile.in clean
+# The sed command deletes some trailing whitespace that the docutils
+# manpage writer outputs near the end of its output files.
+man: $(docsrc)/version.py
+	rm -rf rst_man
+	$(SPHINX_BUILD) -q -t mansubs -b man $(docsrc) rst_man
+	for f in rst_man/*.[0-9]; do \
+		name=`echo $$f | sed -e 's|^.*/\(.*\)\.[0-9]$$|\1|'`; \
+		sed -e '/^\.\\" $$/d' \
+		-e '/^\.\\"/s/reStructeredText/reStructuredText/' \
+		$$f > $(srcdir)/$$name.man; \
+	done
+
+$(docsrc)/version.py: $(top_srcdir)/patchlevel.h
+	(cd $(BUILDTOP)/doc && make version.py)
+
+.SUFFIXES: .man .sub
+
+.man.sub:
+	sed -e 's|@BINDIR@|$(CLIENT_BINDIR)|g' \
+	    -e 's|@SBINDIR@|$(SERVER_BINDIR)|g' \
+	    -e 's|@LIBDIR@|$(KRB5_LIBDIR)|g' \
+	    -e 's|@LOCALSTATEDIR@|$(localstatedir)|g' \
+	    -e 's|@RUNSTATEDIR@|$(runstatedir)|g' \
+	    -e 's|@SYSCONFDIR@|$(sysconfdir)|g' \
+	    -e 's|@CCNAME@|$(DEFCCNAME)|g' \
+	    -e 's|@KTNAME@|$(DEFKTNAME)|g' \
+	    -e 's|@CKTNAME@|$(DEFCKTNAME)|g' \
+	    -e 's|@PKCS11MOD@|$(PKCS11_MODNAME)|g' $? > $@
+
+all: $(MANSUBS)
+
+clean:
+	rm -rf $(MANSUBS) rst_man
+
+install: install-clientman install-fileman install-adminman \
+	install-overviewman install-serverman
+
+install-catman: install-clientcat install-filecat install-admincat \
+	install-overviewcat install-servercat
+
+install-clientman:
+	$(INSTALL_DATA) k5srvutil.sub $(DESTDIR)$(CLIENT_MANDIR)/k5srvutil.1
+	$(INSTALL_DATA) kadmin.sub $(DESTDIR)$(CLIENT_MANDIR)/kadmin.1
+	$(INSTALL_DATA) kdestroy.sub $(DESTDIR)$(CLIENT_MANDIR)/kdestroy.1
+	$(INSTALL_DATA) kinit.sub $(DESTDIR)$(CLIENT_MANDIR)/kinit.1
+	$(INSTALL_DATA) klist.sub $(DESTDIR)$(CLIENT_MANDIR)/klist.1
+	$(INSTALL_DATA) kpasswd.sub $(DESTDIR)$(CLIENT_MANDIR)/kpasswd.1
+	$(INSTALL_DATA) krb5-config.sub $(DESTDIR)$(CLIENT_MANDIR)/krb5-config.1
+	$(INSTALL_DATA) ksu.sub $(DESTDIR)$(CLIENT_MANDIR)/ksu.1
+	$(INSTALL_DATA) kswitch.sub $(DESTDIR)$(CLIENT_MANDIR)/kswitch.1
+	$(INSTALL_DATA) ktutil.sub $(DESTDIR)$(CLIENT_MANDIR)/ktutil.1
+	$(INSTALL_DATA) kvno.sub $(DESTDIR)$(CLIENT_MANDIR)/kvno.1
+	$(INSTALL_DATA) sclient.sub $(DESTDIR)$(CLIENT_MANDIR)/sclient.1
+
+install-fileman:
+	$(INSTALL_DATA) $(srcdir)/dot.k5identity.5 \
+		$(DESTDIR)$(FILE_MANDIR)/.k5identity.5
+	$(INSTALL_DATA) k5identity.sub $(DESTDIR)$(FILE_MANDIR)/k5identity.5
+	$(INSTALL_DATA) $(srcdir)/dot.k5login.5 \
+		$(DESTDIR)$(FILE_MANDIR)/.k5login.5
+	$(INSTALL_DATA) k5login.sub $(DESTDIR)$(FILE_MANDIR)/k5login.5
+	$(INSTALL_DATA) kadm5.acl.sub $(DESTDIR)$(FILE_MANDIR)/kadm5.acl.5
+	$(INSTALL_DATA) kdc.conf.sub $(DESTDIR)$(FILE_MANDIR)/kdc.conf.5
+	$(INSTALL_DATA) krb5.conf.sub $(DESTDIR)$(FILE_MANDIR)/krb5.conf.5
+
+install-overviewman:
+	$(INSTALL_DATA) kerberos.sub $(DESTDIR)$(OVERVIEW_MANDIR)/kerberos.7
+
+install-adminman:
+	$(INSTALL_DATA) $(srcdir)/kadmin.local.8 \
+		$(DESTDIR)$(ADMIN_MANDIR)/kadmin.local.8
+	$(INSTALL_DATA) kdb5_ldap_util.sub \
+		$(DESTDIR)$(ADMIN_MANDIR)/kdb5_ldap_util.8
+	$(INSTALL_DATA) kdb5_util.sub $(DESTDIR)$(ADMIN_MANDIR)/kdb5_util.8
+	$(INSTALL_DATA) kprop.sub $(DESTDIR)$(ADMIN_MANDIR)/kprop.8
+	$(INSTALL_DATA) kproplog.sub $(DESTDIR)$(ADMIN_MANDIR)/kproplog.8
+
+install-serverman:
+	$(INSTALL_DATA) kadmind.sub $(DESTDIR)$(SERVER_MANDIR)/kadmind.8
+	$(INSTALL_DATA) kpropd.sub $(DESTDIR)$(SERVER_MANDIR)/kpropd.8
+	$(INSTALL_DATA) krb5kdc.sub $(DESTDIR)$(SERVER_MANDIR)/krb5kdc.8
+	$(INSTALL_DATA) sserver.sub $(DESTDIR)$(SERVER_MANDIR)/sserver.8
+
+install-clientcat:
+	$(GROFF_MAN) k5srvutil.sub > $(DESTDIR)$(CLIENT_CATDIR)/k5srvutil.1
+	$(GROFF_MAN) kadmin.sub > $(DESTDIR)$(CLIENT_CATDIR)/kadmin.1
+	$(GROFF_MAN) kdestroy.sub > $(DESTDIR)$(CLIENT_CATDIR)/kdestroy.1
+	$(GROFF_MAN) kinit.sub > $(DESTDIR)$(CLIENT_CATDIR)/kinit.1
+	$(GROFF_MAN) klist.sub > $(DESTDIR)$(CLIENT_CATDIR)/klist.1
+	$(GROFF_MAN) kpasswd.sub > $(DESTDIR)$(CLIENT_CATDIR)/kpasswd.1
+	$(GROFF_MAN) krb5-config.sub > $(DESTDIR)$(CLIENT_CATDIR)/krb5-config.1
+	$(GROFF_MAN) ksu.sub > $(DESTDIR)$(CLIENT_CATDIR)/ksu.1
+	$(GROFF_MAN) kswitch.sub > $(DESTDIR)$(CLIENT_CATDIR)/kswitch.1
+	$(GROFF_MAN) ktutil.sub > $(DESTDIR)$(CLIENT_CATDIR)/ktutil.1
+	$(GROFF_MAN) kvno.sub > $(DESTDIR)$(CLIENT_CATDIR)/kvno.1
+	$(GROFF_MAN) sclient.sub > $(DESTDIR)$(CLIENT_CATDIR)/sclient.1
+
+install-filecat:
+	$(GROFF_MAN) k5identity.sub > $(DESTDIR)$(FILE_CATDIR)/k5identity.5
+	($(RM) $(DESTDIR)$(FILE_CATDIR)/.k5identity.5; \
+		$(LN_S) $(FILE_CATDIR)/k5identity.5 \
+		$(DESTDIR)$(FILE_CATDIR)/.k5identity.5)
+	$(GROFF_MAN) k5login.sub > $(DESTDIR)$(FILE_CATDIR)/k5login.5
+	($(RM) $(DESTDIR)$(FILE_CATDIR)/.k5login.5; \
+		$(LN_S) $(FILE_CATDIR)/k5login.5 \
+		$(DESTDIR)$(FILE_CATDIR)/.k5login.5)
+	$(GROFF_MAN) kadm5.acl.sub > $(DESTDIR)$(FILE_CATDIR)/kadm5.acl.5
+	$(GROFF_MAN) kdc.conf.sub > $(DESTDIR)$(FILE_CATDIR)/kdc.conf.5
+	$(GROFF_MAN) krb5.conf.sub > $(DESTDIR)$(FILE_CATDIR)/krb5.conf.5
+
+install-overviewcat:
+	$(GROFF_MAN) kerberos.sub > $(DESTDIR)$(OVERVIEW_CATDIR)/kerberos.7
+
+install-admincat:
+	($(RM) $(DESTDIR)$(ADMIN_CATDIR)/kadmin.local.8; \
+		$(LN_S) $(CLIENT_CATDIR)/kadmin.1 \
+		$(DESTDIR)$(ADMIN_CATDIR)/kadmin.local.8)
+	$(GROFF_MAN) kdb5_ldap_util.sub > \
+		$(DESTDIR)$(ADMIN_CATDIR)/kdb5_ldap_util.8
+	$(GROFF_MAN) kdb5_util.sub > $(DESTDIR)$(ADMIN_CATDIR)/kdb5_util.8
+	$(GROFF_MAN) kprop.sub > $(DESTDIR)$(ADMIN_CATDIR)/kprop.8
+	$(GROFF_MAN) kproplog.sub > $(DESTDIR)$(ADMIN_CATDIR)/kproplog.8
+
+install-servercat:
+	$(GROFF_MAN) kadmind.sub > $(DESTDIR)$(SERVER_CATDIR)/kadmind.8
+	$(GROFF_MAN) kpropd.sub > $(DESTDIR)$(SERVER_CATDIR)/kpropd.8
+	$(GROFF_MAN) krb5kdc.sub > $(DESTDIR)$(SERVER_CATDIR)/krb5kdc.8
+	$(GROFF_MAN) sserver.sub > $(DESTDIR)$(SERVER_CATDIR)/sserver.8
diff --git a/krb5-1.21.3/src/man/README b/krb5-1.21.3/src/man/README
new file mode 100644
index 00000000..e1119005
--- /dev/null
+++ b/krb5-1.21.3/src/man/README
@@ -0,0 +1,3 @@
+The manual page files in this directory are generated from
+reStructuredText files in doc/.  Edits made here will not survive a
+rebuild.
diff --git a/krb5-1.21.3/src/man/deps b/krb5-1.21.3/src/man/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/man/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/man/dot.k5identity.5 b/krb5-1.21.3/src/man/dot.k5identity.5
new file mode 100644
index 00000000..8af572af
--- /dev/null
+++ b/krb5-1.21.3/src/man/dot.k5identity.5
@@ -0,0 +1 @@
+.so man5/k5identity.5
diff --git a/krb5-1.21.3/src/man/dot.k5login.5 b/krb5-1.21.3/src/man/dot.k5login.5
new file mode 100644
index 00000000..60c82a4d
--- /dev/null
+++ b/krb5-1.21.3/src/man/dot.k5login.5
@@ -0,0 +1 @@
+.so man5/k5login.5
diff --git a/krb5-1.21.3/src/man/k5identity.man b/krb5-1.21.3/src/man/k5identity.man
new file mode 100644
index 00000000..91764459
--- /dev/null
+++ b/krb5-1.21.3/src/man/k5identity.man
@@ -0,0 +1,103 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "K5IDENTITY" "5" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+k5identity \- Kerberos V5 client principal selection rules
+.SH DESCRIPTION
+.sp
+The .k5identity file, which resides in a user\(aqs home directory,
+contains a list of rules for selecting a client principals based on
+the server being accessed.  These rules are used to choose a
+credential cache within the cache collection when possible.
+.sp
+Blank lines and lines beginning with \fB#\fP are ignored.  Each line has
+the form:
+.INDENT 0.0
+.INDENT 3.5
+\fIprincipal\fP \fIfield\fP=\fIvalue\fP ...
+.UNINDENT
+.UNINDENT
+.sp
+If the server principal meets all of the field constraints, then
+principal is chosen as the client principal.  The following fields are
+recognized:
+.INDENT 0.0
+.TP
+\fBrealm\fP
+If the realm of the server principal is known, it is matched
+against \fIvalue\fP, which may be a pattern using shell wildcards.
+For host\-based server principals, the realm will generally only be
+known if there is a domain_realm section in
+krb5.conf(5) with a mapping for the hostname.
+.TP
+\fBservice\fP
+If the server principal is a host\-based principal, its service
+component is matched against \fIvalue\fP, which may be a pattern using
+shell wildcards.
+.TP
+\fBhost\fP
+If the server principal is a host\-based principal, its hostname
+component is converted to lower case and matched against \fIvalue\fP,
+which may be a pattern using shell wildcards.
+.sp
+If the server principal matches the constraints of multiple lines
+in the .k5identity file, the principal from the first matching
+line is used.  If no line matches, credentials will be selected
+some other way, such as the realm heuristic or the current primary
+cache.
+.UNINDENT
+.SH EXAMPLE
+.sp
+The following example .k5identity file selects the client principal
+\fBalice@KRBTEST.COM\fP if the server principal is within that realm,
+the principal \fBalice/root@EXAMPLE.COM\fP if the server host is within
+a servers subdomain, and the principal \fBalice/mail@EXAMPLE.COM\fP when
+accessing the IMAP service on \fBmail.example.com\fP:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+alice@KRBTEST.COM       realm=KRBTEST.COM
+alice/root@EXAMPLE.COM  host=*.servers.example.com
+alice/mail@EXAMPLE.COM  host=mail.example.com service=imap
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH SEE ALSO
+.sp
+kerberos(1), krb5.conf(5)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/k5login.man b/krb5-1.21.3/src/man/k5login.man
new file mode 100644
index 00000000..6605a7ee
--- /dev/null
+++ b/krb5-1.21.3/src/man/k5login.man
@@ -0,0 +1,96 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "K5LOGIN" "5" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+k5login \- Kerberos V5 acl file for host access
+.SH DESCRIPTION
+.sp
+The .k5login file, which resides in a user\(aqs home directory, contains
+a list of the Kerberos principals.  Anyone with valid tickets for a
+principal in the file is allowed host access with the UID of the user
+in whose home directory the file resides.  One common use is to place
+a .k5login file in root\(aqs home directory, thereby granting system
+administrators remote root access to the host via Kerberos.
+.SH EXAMPLES
+.sp
+Suppose the user \fBalice\fP had a .k5login file in her home directory
+containing just the following line:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+bob@FOOBAR.ORG
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This would allow \fBbob\fP to use Kerberos network applications, such as
+ssh(1), to access \fBalice\fP\(aqs account, using \fBbob\fP\(aqs Kerberos
+tickets.  In a default configuration (with \fBk5login_authoritative\fP set
+to true in krb5.conf(5)), this .k5login file would not let
+\fBalice\fP use those network applications to access her account, since
+she is not listed!  With no .k5login file, or with \fBk5login_authoritative\fP
+set to false, a default rule would permit the principal \fBalice\fP in the
+machine\(aqs default realm to access the \fBalice\fP account.
+.sp
+Let us further suppose that \fBalice\fP is a system administrator.
+Alice and the other system administrators would have their principals
+in root\(aqs .k5login file on each host:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+alice@BLEEP.COM
+
+joeadmin/root@BLEEP.COM
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This would allow either system administrator to log in to these hosts
+using their Kerberos tickets instead of having to type the root
+password.  Note that because \fBbob\fP retains the Kerberos tickets for
+his own principal, \fBbob@FOOBAR.ORG\fP, he would not have any of the
+privileges that require \fBalice\fP\(aqs tickets, such as root access to
+any of the site\(aqs hosts, or the ability to change \fBalice\fP\(aqs
+password.
+.SH SEE ALSO
+.sp
+kerberos(1)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/k5srvutil.man b/krb5-1.21.3/src/man/k5srvutil.man
new file mode 100644
index 00000000..f3590b6e
--- /dev/null
+++ b/krb5-1.21.3/src/man/k5srvutil.man
@@ -0,0 +1,95 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "K5SRVUTIL" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+k5srvutil \- host key table (keytab) manipulation utility
+.SH SYNOPSIS
+.sp
+\fBk5srvutil\fP \fIoperation\fP
+[\fB\-i\fP]
+[\fB\-f\fP \fIfilename\fP]
+[\fB\-e\fP \fIkeysalts\fP]
+.SH DESCRIPTION
+.sp
+k5srvutil allows an administrator to list keys currently in
+a keytab, to obtain new keys for a principal currently in a keytab,
+or to delete non\-current keys from a keytab.
+.sp
+\fIoperation\fP must be one of the following:
+.INDENT 0.0
+.TP
+\fBlist\fP
+Lists the keys in a keytab, showing version number and principal
+name.
+.TP
+\fBchange\fP
+Uses the kadmin protocol to update the keys in the Kerberos
+database to new randomly\-generated keys, and updates the keys in
+the keytab to match.  If a key\(aqs version number doesn\(aqt match the
+version number stored in the Kerberos server\(aqs database, then the
+operation will fail.  If the \fB\-i\fP flag is given, k5srvutil will
+prompt for confirmation before changing each key.  If the \fB\-k\fP
+option is given, the old and new keys will be displayed.
+Ordinarily, keys will be generated with the default encryption
+types and key salts.  This can be overridden with the \fB\-e\fP
+option.  Old keys are retained in the keytab so that existing
+tickets continue to work, but \fBdelold\fP should be used after
+such tickets expire, to prevent attacks against the old keys.
+.TP
+\fBdelold\fP
+Deletes keys that are not the most recent version from the keytab.
+This operation should be used some time after a change operation
+to remove old keys, after existing tickets issued for the service
+have expired.  If the \fB\-i\fP flag is given, then k5srvutil will
+prompt for confirmation for each principal.
+.TP
+\fBdelete\fP
+Deletes particular keys in the keytab, interactively prompting for
+each key.
+.UNINDENT
+.sp
+In all cases, the default keytab is used unless this is overridden by
+the \fB\-f\fP option.
+.sp
+k5srvutil uses the kadmin(1) program to edit the keytab in
+place.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kadmin(1), ktutil(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kadm5.acl.man b/krb5-1.21.3/src/man/kadm5.acl.man
new file mode 100644
index 00000000..334db0ca
--- /dev/null
+++ b/krb5-1.21.3/src/man/kadm5.acl.man
@@ -0,0 +1,279 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KADM5.ACL" "5" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kadm5.acl \- Kerberos ACL file
+.SH DESCRIPTION
+.sp
+The Kerberos kadmind(8) daemon uses an Access Control List
+(ACL) file to manage access rights to the Kerberos database.
+For operations that affect principals, the ACL file also controls
+which principals can operate on which other principals.
+.sp
+The default location of the Kerberos ACL file is
+\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP  unless this is overridden by the \fIacl_file\fP
+variable in kdc.conf(5)\&.
+.SH SYNTAX
+.sp
+Empty lines and lines starting with the sharp sign (\fB#\fP) are
+ignored.  Lines containing ACL entries have the format:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+principal  permissions  [target_principal  [restrictions] ]
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Line order in the ACL file is important.  The first matching entry
+will control access for an actor principal on a target principal.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \fIprincipal\fP
+(Partially or fully qualified Kerberos principal name.) Specifies
+the principal whose permissions are to be set.
+.sp
+Each component of the name may be wildcarded using the \fB*\fP
+character.
+.TP
+.B \fIpermissions\fP
+Specifies what operations may or may not be performed by a
+\fIprincipal\fP matching a particular entry.  This is a string of one or
+more of the following list of characters or their upper\-case
+counterparts.  If the character is \fIupper\-case\fP, then the operation
+is disallowed.  If the character is \fIlower\-case\fP, then the operation
+is permitted.
+.TS
+center;
+|l|l|.
+_
+T{
+a
+T}	T{
+[Dis]allows the addition of principals or policies
+T}
+_
+T{
+c
+T}	T{
+[Dis]allows the changing of passwords for principals
+T}
+_
+T{
+d
+T}	T{
+[Dis]allows the deletion of principals or policies
+T}
+_
+T{
+e
+T}	T{
+[Dis]allows the extraction of principal keys
+T}
+_
+T{
+i
+T}	T{
+[Dis]allows inquiries about principals or policies
+T}
+_
+T{
+l
+T}	T{
+[Dis]allows the listing of all principals or policies
+T}
+_
+T{
+m
+T}	T{
+[Dis]allows the modification of principals or policies
+T}
+_
+T{
+p
+T}	T{
+[Dis]allows the propagation of the principal database (used in incr_db_prop)
+T}
+_
+T{
+s
+T}	T{
+[Dis]allows the explicit setting of the key for a principal
+T}
+_
+T{
+x
+T}	T{
+Short for admcilsp. All privileges (except \fBe\fP)
+T}
+_
+T{
+*
+T}	T{
+Same as x.
+T}
+_
+.TE
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+The \fBextract\fP privilege is not included in the wildcard
+privilege; it must be explicitly assigned.  This privilege
+allows the user to extract keys from the database, and must be
+handled with great care to avoid disclosure of important keys
+like those of the kadmin/* or krbtgt/* principals.  The
+\fBlockdown_keys\fP principal attribute can be used to prevent
+key extraction from specific principals regardless of the
+granted privilege.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+.B \fItarget_principal\fP
+(Optional. Partially or fully qualified Kerberos principal name.)
+Specifies the principal on which \fIpermissions\fP may be applied.
+Each component of the name may be wildcarded using the \fB*\fP
+character.
+.sp
+\fItarget_principal\fP can also include back\-references to \fIprincipal\fP,
+in which \fB*number\fP matches the corresponding wildcard in
+\fIprincipal\fP\&.
+.TP
+.B \fIrestrictions\fP
+(Optional) A string of flags. Allowed restrictions are:
+.INDENT 7.0
+.INDENT 3.5
+.INDENT 0.0
+.TP
+.B {+|\-}\fIflagname\fP
+flag is forced to the indicated value.  The permissible flags
+are the same as those for the \fBdefault_principal_flags\fP
+variable in kdc.conf(5)\&.
+.TP
+.B \fI\-clearpolicy\fP
+policy is forced to be empty.
+.TP
+.B \fI\-policy pol\fP
+policy is forced to be \fIpol\fP\&.
+.TP
+.B \-{\fIexpire, pwexpire, maxlife, maxrenewlife\fP} \fItime\fP
+(getdate string) associated value will be forced to
+MIN(\fItime\fP, requested value).
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
+The above flags act as restrictions on any add or modify operation
+which is allowed due to that ACL line.
+.UNINDENT
+.sp
+\fBWARNING:\fP
+.INDENT 0.0
+.INDENT 3.5
+If the kadmind ACL file is modified, the kadmind daemon needs to be
+restarted for changes to take effect.
+.UNINDENT
+.UNINDENT
+.SH EXAMPLE
+.sp
+Here is an example of a kadm5.acl file:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+*/admin@ATHENA.MIT.EDU    *                               # line 1
+joeadmin@ATHENA.MIT.EDU   ADMCIL                          # line 2
+joeadmin/*@ATHENA.MIT.EDU i   */root@ATHENA.MIT.EDU       # line 3
+*/root@ATHENA.MIT.EDU     ci  *1@ATHENA.MIT.EDU           # line 4
+*/root@ATHENA.MIT.EDU     l   *                           # line 5
+sms@ATHENA.MIT.EDU        x   * \-maxlife 9h \-postdateable # line 6
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+(line 1) Any principal in the \fBATHENA.MIT.EDU\fP realm with an
+\fBadmin\fP instance has all administrative privileges except extracting
+keys.
+.sp
+(lines 1\-3) The user \fBjoeadmin\fP has all permissions except
+extracting keys with his \fBadmin\fP instance,
+\fBjoeadmin/admin@ATHENA.MIT.EDU\fP (matches line 1).  He has no
+permissions at all with his null instance, \fBjoeadmin@ATHENA.MIT.EDU\fP
+(matches line 2).  His \fBroot\fP and other non\-\fBadmin\fP, non\-null
+instances (e.g., \fBextra\fP or \fBdbadmin\fP) have inquire permissions
+with any principal that has the instance \fBroot\fP (matches line 3).
+.sp
+(line 4) Any \fBroot\fP principal in \fBATHENA.MIT.EDU\fP can inquire
+or change the password of their null instance, but not any other
+null instance.  (Here, \fB*1\fP denotes a back\-reference to the
+component matching the first wildcard in the actor principal.)
+.sp
+(line 5) Any \fBroot\fP principal in \fBATHENA.MIT.EDU\fP can generate
+the list of principals in the database, and the list of policies
+in the database.  This line is separate from line 4, because list
+permission can only be granted globally, not to specific target
+principals.
+.sp
+(line 6) Finally, the Service Management System principal
+\fBsms@ATHENA.MIT.EDU\fP has all permissions except extracting keys, but
+any principal that it creates or modifies will not be able to get
+postdateable tickets or tickets with a life of longer than 9 hours.
+.SH MODULE BEHAVIOR
+.sp
+The ACL file can coexist with other authorization modules in release
+1.16 and later, as configured in the kadm5_auth section of
+krb5.conf(5)\&.  The ACL file will positively authorize
+operations according to the rules above, but will never
+authoritatively deny an operation, so other modules can authorize
+operations in addition to those authorized by the ACL file.
+.sp
+To operate without an ACL file, set the \fIacl_file\fP variable in
+kdc.conf(5) to the empty string with \fBacl_file = ""\fP\&.
+.SH SEE ALSO
+.sp
+kdc.conf(5), kadmind(8)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kadmin.local.8 b/krb5-1.21.3/src/man/kadmin.local.8
new file mode 100644
index 00000000..00df30db
--- /dev/null
+++ b/krb5-1.21.3/src/man/kadmin.local.8
@@ -0,0 +1 @@
+.so man1/kadmin.1
diff --git a/krb5-1.21.3/src/man/kadmin.man b/krb5-1.21.3/src/man/kadmin.man
new file mode 100644
index 00000000..8413e70c
--- /dev/null
+++ b/krb5-1.21.3/src/man/kadmin.man
@@ -0,0 +1,1099 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KADMIN" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kadmin \- Kerberos V5 database administration program
+.SH SYNOPSIS
+.sp
+\fBkadmin\fP
+[\fB\-O\fP|\fB\-N\fP]
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-p\fP \fIprincipal\fP]
+[\fB\-q\fP \fIquery\fP]
+[[\fB\-c\fP \fIcache_name\fP]|[\fB\-k\fP [\fB\-t\fP \fIkeytab\fP]]|\fB\-n\fP]
+[\fB\-w\fP \fIpassword\fP]
+[\fB\-s\fP \fIadmin_server\fP[:\fIport\fP]]
+[command args...]
+.sp
+\fBkadmin.local\fP
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-p\fP \fIprincipal\fP]
+[\fB\-q\fP \fIquery\fP]
+[\fB\-d\fP \fIdbname\fP]
+[\fB\-e\fP \fIenc\fP:\fIsalt\fP ...]
+[\fB\-m\fP]
+[\fB\-x\fP \fIdb_args\fP]
+[command args...]
+.SH DESCRIPTION
+.sp
+kadmin and kadmin.local are command\-line interfaces to the Kerberos V5
+administration system.  They provide nearly identical functionalities;
+the difference is that kadmin.local directly accesses the KDC
+database, while kadmin performs operations using kadmind(8)\&.
+Except as explicitly noted otherwise, this man page will use "kadmin"
+to refer to both versions.  kadmin provides for the maintenance of
+Kerberos principals, password policies, and service key tables
+(keytabs).
+.sp
+The remote kadmin client uses Kerberos to authenticate to kadmind
+using the service principal \fBkadmin/admin\fP or \fBkadmin/ADMINHOST\fP
+(where \fIADMINHOST\fP is the fully\-qualified hostname of the admin
+server).  If the credentials cache contains a ticket for one of these
+principals, and the \fB\-c\fP credentials_cache option is specified, that
+ticket is used to authenticate to kadmind.  Otherwise, the \fB\-p\fP and
+\fB\-k\fP options are used to specify the client Kerberos principal name
+used to authenticate.  Once kadmin has determined the principal name,
+it requests a service ticket from the KDC, and uses that service
+ticket to authenticate to kadmind.
+.sp
+Since kadmin.local directly accesses the KDC database, it usually must
+be run directly on the primary KDC with sufficient permissions to read
+the KDC database.  If the KDC database uses the LDAP database module,
+kadmin.local can be run on any host which can access the LDAP server.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-r\fP \fIrealm\fP
+Use \fIrealm\fP as the default database realm.
+.TP
+\fB\-p\fP \fIprincipal\fP
+Use \fIprincipal\fP to authenticate.  Otherwise, kadmin will append
+\fB/admin\fP to the primary principal name of the default ccache,
+the value of the \fBUSER\fP environment variable, or the username as
+obtained with getpwuid, in order of preference.
+.TP
+\fB\-k\fP
+Use a keytab to decrypt the KDC response instead of prompting for
+a password.  In this case, the default principal will be
+\fBhost/hostname\fP\&.  If there is no keytab specified with the
+\fB\-t\fP option, then the default keytab will be used.
+.TP
+\fB\-t\fP \fIkeytab\fP
+Use \fIkeytab\fP to decrypt the KDC response.  This can only be used
+with the \fB\-k\fP option.
+.TP
+\fB\-n\fP
+Requests anonymous processing.  Two types of anonymous principals
+are supported.  For fully anonymous Kerberos, configure PKINIT on
+the KDC and configure \fBpkinit_anchors\fP in the client\(aqs
+krb5.conf(5)\&.  Then use the \fB\-n\fP option with a principal
+of the form \fB@REALM\fP (an empty principal name followed by the
+at\-sign and a realm name).  If permitted by the KDC, an anonymous
+ticket will be returned.  A second form of anonymous tickets is
+supported; these realm\-exposed tickets hide the identity of the
+client but not the client\(aqs realm.  For this mode, use \fBkinit
+\-n\fP with a normal principal name.  If supported by the KDC, the
+principal (but not realm) will be replaced by the anonymous
+principal.  As of release 1.8, the MIT Kerberos KDC only supports
+fully anonymous operation.
+.TP
+\fB\-c\fP \fIcredentials_cache\fP
+Use \fIcredentials_cache\fP as the credentials cache.  The cache
+should contain a service ticket for the \fBkadmin/admin\fP or
+\fBkadmin/ADMINHOST\fP (where \fIADMINHOST\fP is the fully\-qualified
+hostname of the admin server) service; it can be acquired with the
+kinit(1) program.  If this option is not specified, kadmin
+requests a new service ticket from the KDC, and stores it in its
+own temporary ccache.
+.TP
+\fB\-w\fP \fIpassword\fP
+Use \fIpassword\fP instead of prompting for one.  Use this option with
+care, as it may expose the password to other users on the system
+via the process list.
+.TP
+\fB\-q\fP \fIquery\fP
+Perform the specified query and then exit.
+.TP
+\fB\-d\fP \fIdbname\fP
+Specifies the name of the KDC database.  This option does not
+apply to the LDAP database module.
+.TP
+\fB\-s\fP \fIadmin_server\fP[:\fIport\fP]
+Specifies the admin server which kadmin should contact.
+.TP
+\fB\-m\fP
+If using kadmin.local, prompt for the database master password
+instead of reading it from a stash file.
+.TP
+\fB\-e\fP "\fIenc\fP:\fIsalt\fP ..."
+Sets the keysalt list to be used for any new keys created.  See
+Keysalt_lists in kdc.conf(5) for a list of possible
+values.
+.TP
+\fB\-O\fP
+Force use of old AUTH_GSSAPI authentication flavor.
+.TP
+\fB\-N\fP
+Prevent fallback to AUTH_GSSAPI authentication flavor.
+.TP
+\fB\-x\fP \fIdb_args\fP
+Specifies the database specific arguments.  See the next section
+for supported options.
+.UNINDENT
+.sp
+Starting with release 1.14, if any command\-line arguments remain after
+the options, they will be treated as a single query to be executed.
+This mode of operation is intended for scripts and behaves differently
+from the interactive mode in several respects:
+.INDENT 0.0
+.IP \(bu 2
+Query arguments are split by the shell, not by kadmin.
+.IP \(bu 2
+Informational and warning messages are suppressed.  Error messages
+and query output (e.g. for \fBget_principal\fP) will still be
+displayed.
+.IP \(bu 2
+Confirmation prompts are disabled (as if \fB\-force\fP was given).
+Password prompts will still be issued as required.
+.IP \(bu 2
+The exit status will be non\-zero if the query fails.
+.UNINDENT
+.sp
+The \fB\-q\fP option does not carry these behavior differences; the query
+will be processed as if it was entered interactively.  The \fB\-q\fP
+option cannot be used in combination with a query in the remaining
+arguments.
+.SH DATABASE OPTIONS
+.sp
+Database options can be used to override database\-specific defaults.
+Supported options for the DB2 module are:
+.INDENT 0.0
+.INDENT 3.5
+.INDENT 0.0
+.TP
+\fB\-x dbname=\fP*filename*
+Specifies the base filename of the DB2 database.
+.TP
+\fB\-x lockiter\fP
+Make iteration operations hold the lock for the duration of
+the entire operation, rather than temporarily releasing the
+lock while handling each principal.  This is the default
+behavior, but this option exists to allow command line
+override of a [dbmodules] setting.  First introduced in
+release 1.13.
+.TP
+\fB\-x unlockiter\fP
+Make iteration operations unlock the database for each
+principal, instead of holding the lock for the duration of the
+entire operation.  First introduced in release 1.13.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
+Supported options for the LDAP module are:
+.INDENT 0.0
+.INDENT 3.5
+.INDENT 0.0
+.TP
+\fB\-x host=\fP\fIldapuri\fP
+Specifies the LDAP server to connect to by a LDAP URI.
+.TP
+\fB\-x binddn=\fP\fIbind_dn\fP
+Specifies the DN used to bind to the LDAP server.
+.TP
+\fB\-x bindpwd=\fP\fIpassword\fP
+Specifies the password or SASL secret used to bind to the LDAP
+server.  Using this option may expose the password to other
+users on the system via the process list; to avoid this,
+instead stash the password using the \fBstashsrvpw\fP command of
+kdb5_ldap_util(8)\&.
+.TP
+\fB\-x sasl_mech=\fP\fImechanism\fP
+Specifies the SASL mechanism used to bind to the LDAP server.
+The bind DN is ignored if a SASL mechanism is used.  New in
+release 1.13.
+.TP
+\fB\-x sasl_authcid=\fP\fIname\fP
+Specifies the authentication name used when binding to the
+LDAP server with a SASL mechanism, if the mechanism requires
+one.  New in release 1.13.
+.TP
+\fB\-x sasl_authzid=\fP\fIname\fP
+Specifies the authorization name used when binding to the LDAP
+server with a SASL mechanism.  New in release 1.13.
+.TP
+\fB\-x sasl_realm=\fP\fIrealm\fP
+Specifies the realm used when binding to the LDAP server with
+a SASL mechanism, if the mechanism uses one.  New in release
+1.13.
+.TP
+\fB\-x debug=\fP\fIlevel\fP
+sets the OpenLDAP client library debug level.  \fIlevel\fP is an
+integer to be interpreted by the library.  Debugging messages
+are printed to standard error.  New in release 1.12.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.SH COMMANDS
+.sp
+When using the remote client, available commands may be restricted
+according to the privileges specified in the kadm5.acl(5) file
+on the admin server.
+.SS add_principal
+.INDENT 0.0
+.INDENT 3.5
+\fBadd_principal\fP [\fIoptions\fP] \fInewprinc\fP
+.UNINDENT
+.UNINDENT
+.sp
+Creates the principal \fInewprinc\fP, prompting twice for a password.  If
+no password policy is specified with the \fB\-policy\fP option, and the
+policy named \fBdefault\fP is assigned to the principal if it exists.
+However, creating a policy named \fBdefault\fP will not automatically
+assign this policy to previously existing principals.  This policy
+assignment can be suppressed with the \fB\-clearpolicy\fP option.
+.sp
+This command requires the \fBadd\fP privilege.
+.sp
+Aliases: \fBaddprinc\fP, \fBank\fP
+.sp
+Options:
+.INDENT 0.0
+.TP
+\fB\-expire\fP \fIexpdate\fP
+(getdate string) The expiration date of the principal.
+.TP
+\fB\-pwexpire\fP \fIpwexpdate\fP
+(getdate string) The password expiration date.
+.TP
+\fB\-maxlife\fP \fImaxlife\fP
+(duration or getdate string) The maximum ticket life
+for the principal.
+.TP
+\fB\-maxrenewlife\fP \fImaxrenewlife\fP
+(duration or getdate string) The maximum renewable
+life of tickets for the principal.
+.TP
+\fB\-kvno\fP \fIkvno\fP
+The initial key version number.
+.TP
+\fB\-policy\fP \fIpolicy\fP
+The password policy used by this principal.  If not specified, the
+policy \fBdefault\fP is used if it exists (unless \fB\-clearpolicy\fP
+is specified).
+.TP
+\fB\-clearpolicy\fP
+Prevents any policy from being assigned when \fB\-policy\fP is not
+specified.
+.TP
+{\-|+}\fBallow_postdated\fP
+\fB\-allow_postdated\fP prohibits this principal from obtaining
+postdated tickets.  \fB+allow_postdated\fP clears this flag.
+.TP
+{\-|+}\fBallow_forwardable\fP
+\fB\-allow_forwardable\fP prohibits this principal from obtaining
+forwardable tickets.  \fB+allow_forwardable\fP clears this flag.
+.TP
+{\-|+}\fBallow_renewable\fP
+\fB\-allow_renewable\fP prohibits this principal from obtaining
+renewable tickets.  \fB+allow_renewable\fP clears this flag.
+.TP
+{\-|+}\fBallow_proxiable\fP
+\fB\-allow_proxiable\fP prohibits this principal from obtaining
+proxiable tickets.  \fB+allow_proxiable\fP clears this flag.
+.TP
+{\-|+}\fBallow_dup_skey\fP
+\fB\-allow_dup_skey\fP disables user\-to\-user authentication for this
+principal by prohibiting others from obtaining a service ticket
+encrypted in this principal\(aqs TGT session key.
+\fB+allow_dup_skey\fP clears this flag.
+.TP
+{\-|+}\fBrequires_preauth\fP
+\fB+requires_preauth\fP requires this principal to preauthenticate
+before being allowed to kinit.  \fB\-requires_preauth\fP clears this
+flag.  When \fB+requires_preauth\fP is set on a service principal,
+the KDC will only issue service tickets for that service principal
+if the client\(aqs initial authentication was performed using
+preauthentication.
+.TP
+{\-|+}\fBrequires_hwauth\fP
+\fB+requires_hwauth\fP requires this principal to preauthenticate
+using a hardware device before being allowed to kinit.
+\fB\-requires_hwauth\fP clears this flag.  When \fB+requires_hwauth\fP is
+set on a service principal, the KDC will only issue service tickets
+for that service principal if the client\(aqs initial authentication was
+performed using a hardware device to preauthenticate.
+.TP
+{\-|+}\fBok_as_delegate\fP
+\fB+ok_as_delegate\fP sets the \fBokay as delegate\fP flag on tickets
+issued with this principal as the service.  Clients may use this
+flag as a hint that credentials should be delegated when
+authenticating to the service.  \fB\-ok_as_delegate\fP clears this
+flag.
+.TP
+{\-|+}\fBallow_svr\fP
+\fB\-allow_svr\fP prohibits the issuance of service tickets for this
+principal.  In release 1.17 and later, user\-to\-user service
+tickets are still allowed unless the \fB\-allow_dup_skey\fP flag is
+also set.  \fB+allow_svr\fP clears this flag.
+.TP
+{\-|+}\fBallow_tgs_req\fP
+\fB\-allow_tgs_req\fP specifies that a Ticket\-Granting Service (TGS)
+request for a service ticket for this principal is not permitted.
+\fB+allow_tgs_req\fP clears this flag.
+.TP
+{\-|+}\fBallow_tix\fP
+\fB\-allow_tix\fP forbids the issuance of any tickets for this
+principal.  \fB+allow_tix\fP clears this flag.
+.TP
+{\-|+}\fBneedchange\fP
+\fB+needchange\fP forces a password change on the next initial
+authentication to this principal.  \fB\-needchange\fP clears this
+flag.
+.TP
+{\-|+}\fBpassword_changing_service\fP
+\fB+password_changing_service\fP marks this principal as a password
+change service principal.
+.TP
+{\-|+}\fBok_to_auth_as_delegate\fP
+\fB+ok_to_auth_as_delegate\fP allows this principal to acquire
+forwardable tickets to itself from arbitrary users, for use with
+constrained delegation.
+.TP
+{\-|+}\fBno_auth_data_required\fP
+\fB+no_auth_data_required\fP prevents PAC or AD\-SIGNEDPATH data from
+being added to service tickets for the principal.
+.TP
+{\-|+}\fBlockdown_keys\fP
+\fB+lockdown_keys\fP prevents keys for this principal from leaving
+the KDC via kadmind.  The chpass and extract operations are denied
+for a principal with this attribute.  The chrand operation is
+allowed, but will not return the new keys.  The delete and rename
+operations are also denied if this attribute is set, in order to
+prevent a malicious administrator from replacing principals like
+krbtgt/* or kadmin/* with new principals without the attribute.
+This attribute can be set via the network protocol, but can only
+be removed using kadmin.local.
+.TP
+\fB\-randkey\fP
+Sets the key of the principal to a random value.
+.TP
+\fB\-nokey\fP
+Causes the principal to be created with no key.  New in release
+1.12.
+.TP
+\fB\-pw\fP \fIpassword\fP
+Sets the password of the principal to the specified string and
+does not prompt for a password.  Note: using this option in a
+shell script may expose the password to other users on the system
+via the process list.
+.TP
+\fB\-e\fP \fIenc\fP:\fIsalt\fP,...
+Uses the specified keysalt list for setting the keys of the
+principal.  See Keysalt_lists in kdc.conf(5) for a
+list of possible values.
+.TP
+\fB\-x\fP \fIdb_princ_args\fP
+Indicates database\-specific options.  The options for the LDAP
+database module are:
+.INDENT 7.0
+.TP
+\fB\-x dn=\fP\fIdn\fP
+Specifies the LDAP object that will contain the Kerberos
+principal being created.
+.TP
+\fB\-x linkdn=\fP\fIdn\fP
+Specifies the LDAP object to which the newly created Kerberos
+principal object will point.
+.TP
+\fB\-x containerdn=\fP\fIcontainer_dn\fP
+Specifies the container object under which the Kerberos
+principal is to be created.
+.TP
+\fB\-x tktpolicy=\fP\fIpolicy\fP
+Associates a ticket policy to the Kerberos principal.
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+.INDENT 0.0
+.IP \(bu 2
+The \fBcontainerdn\fP and \fBlinkdn\fP options cannot be
+specified with the \fBdn\fP option.
+.IP \(bu 2
+If the \fIdn\fP or \fIcontainerdn\fP options are not specified while
+adding the principal, the principals are created under the
+principal container configured in the realm or the realm
+container.
+.IP \(bu 2
+\fIdn\fP and \fIcontainerdn\fP should be within the subtrees or
+principal container configured in the realm.
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: addprinc jennifer
+No policy specified for "jennifer@ATHENA.MIT.EDU";
+defaulting to no policy.
+Enter password for principal jennifer@ATHENA.MIT.EDU:
+Re\-enter password for principal jennifer@ATHENA.MIT.EDU:
+Principal "jennifer@ATHENA.MIT.EDU" created.
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS modify_principal
+.INDENT 0.0
+.INDENT 3.5
+\fBmodify_principal\fP [\fIoptions\fP] \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Modifies the specified principal, changing the fields as specified.
+The options to \fBadd_principal\fP also apply to this command, except
+for the \fB\-randkey\fP, \fB\-pw\fP, and \fB\-e\fP options.  In addition, the
+option \fB\-clearpolicy\fP will clear the current policy of a principal.
+.sp
+This command requires the \fImodify\fP privilege.
+.sp
+Alias: \fBmodprinc\fP
+.sp
+Options (in addition to the \fBaddprinc\fP options):
+.INDENT 0.0
+.TP
+\fB\-unlock\fP
+Unlocks a locked principal (one which has received too many failed
+authentication attempts without enough time between them according
+to its password policy) so that it can successfully authenticate.
+.UNINDENT
+.SS rename_principal
+.INDENT 0.0
+.INDENT 3.5
+\fBrename_principal\fP [\fB\-force\fP] \fIold_principal\fP \fInew_principal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Renames the specified \fIold_principal\fP to \fInew_principal\fP\&.  This
+command prompts for confirmation, unless the \fB\-force\fP option is
+given.
+.sp
+This command requires the \fBadd\fP and \fBdelete\fP privileges.
+.sp
+Alias: \fBrenprinc\fP
+.SS delete_principal
+.INDENT 0.0
+.INDENT 3.5
+\fBdelete_principal\fP [\fB\-force\fP] \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Deletes the specified \fIprincipal\fP from the database.  This command
+prompts for deletion, unless the \fB\-force\fP option is given.
+.sp
+This command requires the \fBdelete\fP privilege.
+.sp
+Alias: \fBdelprinc\fP
+.SS change_password
+.INDENT 0.0
+.INDENT 3.5
+\fBchange_password\fP [\fIoptions\fP] \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Changes the password of \fIprincipal\fP\&.  Prompts for a new password if
+neither \fB\-randkey\fP or \fB\-pw\fP is specified.
+.sp
+This command requires the \fBchangepw\fP privilege, or that the
+principal running the program is the same as the principal being
+changed.
+.sp
+Alias: \fBcpw\fP
+.sp
+The following options are available:
+.INDENT 0.0
+.TP
+\fB\-randkey\fP
+Sets the key of the principal to a random value.
+.TP
+\fB\-pw\fP \fIpassword\fP
+Set the password to the specified string.  Using this option in a
+script may expose the password to other users on the system via
+the process list.
+.TP
+\fB\-e\fP \fIenc\fP:\fIsalt\fP,...
+Uses the specified keysalt list for setting the keys of the
+principal.  See Keysalt_lists in kdc.conf(5) for a
+list of possible values.
+.TP
+\fB\-keepold\fP
+Keeps the existing keys in the database.  This flag is usually not
+necessary except perhaps for \fBkrbtgt\fP principals.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: cpw systest
+Enter password for principal systest@BLEEP.COM:
+Re\-enter password for principal systest@BLEEP.COM:
+Password for systest@BLEEP.COM changed.
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS purgekeys
+.INDENT 0.0
+.INDENT 3.5
+\fBpurgekeys\fP [\fB\-all\fP|\fB\-keepkvno\fP \fIoldest_kvno_to_keep\fP] \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Purges previously retained old keys (e.g., from \fBchange_password
+\-keepold\fP) from \fIprincipal\fP\&.  If \fB\-keepkvno\fP is specified, then
+only purges keys with kvnos lower than \fIoldest_kvno_to_keep\fP\&.  If
+\fB\-all\fP is specified, then all keys are purged.  The \fB\-all\fP option
+is new in release 1.12.
+.sp
+This command requires the \fBmodify\fP privilege.
+.SS get_principal
+.INDENT 0.0
+.INDENT 3.5
+\fBget_principal\fP [\fB\-terse\fP] \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Gets the attributes of principal.  With the \fB\-terse\fP option, outputs
+fields as quoted tab\-separated strings.
+.sp
+This command requires the \fBinquire\fP privilege, or that the principal
+running the the program to be the same as the one being listed.
+.sp
+Alias: \fBgetprinc\fP
+.sp
+Examples:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: getprinc tlyu/admin
+Principal: tlyu/admin@BLEEP.COM
+Expiration date: [never]
+Last password change: Mon Aug 12 14:16:47 EDT 1996
+Password expiration date: [never]
+Maximum ticket life: 0 days 10:00:00
+Maximum renewable life: 7 days 00:00:00
+Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
+Last successful authentication: [never]
+Last failed authentication: [never]
+Failed password attempts: 0
+Number of keys: 1
+Key: vno 1, aes256\-cts\-hmac\-sha384\-192
+MKey: vno 1
+Attributes:
+Policy: [none]
+
+kadmin: getprinc \-terse systest
+systest@BLEEP.COM   3    86400     604800    1
+785926535 753241234 785900000
+tlyu/admin@BLEEP.COM     786100034 0    0
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS list_principals
+.INDENT 0.0
+.INDENT 3.5
+\fBlist_principals\fP [\fIexpression\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Retrieves all or some principal names.  \fIexpression\fP is a shell\-style
+glob expression that can contain the wild\-card characters \fB?\fP,
+\fB*\fP, and \fB[]\fP\&.  All principal names matching the expression are
+printed.  If no expression is provided, all principal names are
+printed.  If the expression does not contain an \fB@\fP character, an
+\fB@\fP character followed by the local realm is appended to the
+expression.
+.sp
+This command requires the \fBlist\fP privilege.
+.sp
+Alias: \fBlistprincs\fP, \fBget_principals\fP, \fBgetprincs\fP
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin:  listprincs test*
+test3@SECURE\-TEST.OV.COM
+test2@SECURE\-TEST.OV.COM
+test1@SECURE\-TEST.OV.COM
+testuser@SECURE\-TEST.OV.COM
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS get_strings
+.INDENT 0.0
+.INDENT 3.5
+\fBget_strings\fP \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Displays string attributes on \fIprincipal\fP\&.
+.sp
+This command requires the \fBinquire\fP privilege.
+.sp
+Alias: \fBgetstrs\fP
+.SS set_string
+.INDENT 0.0
+.INDENT 3.5
+\fBset_string\fP \fIprincipal\fP \fIname\fP \fIvalue\fP
+.UNINDENT
+.UNINDENT
+.sp
+Sets a string attribute on \fIprincipal\fP\&.  String attributes are used to
+supply per\-principal configuration to the KDC and some KDC plugin
+modules.  The following string attribute names are recognized by the
+KDC:
+.INDENT 0.0
+.TP
+\fBrequire_auth\fP
+Specifies an authentication indicator which is required to
+authenticate to the principal as a service.  Multiple indicators
+can be specified, separated by spaces; in this case any of the
+specified indicators will be accepted.  (New in release 1.14.)
+.TP
+\fBsession_enctypes\fP
+Specifies the encryption types supported for session keys when the
+principal is authenticated to as a server.  See
+Encryption_types in kdc.conf(5) for a list of the
+accepted values.
+.TP
+\fBotp\fP
+Enables One Time Passwords (OTP) preauthentication for a client
+\fIprincipal\fP\&.  The \fIvalue\fP is a JSON string representing an array
+of objects, each having optional \fBtype\fP and \fBusername\fP fields.
+.TP
+\fBpkinit_cert_match\fP
+Specifies a matching expression that defines the certificate
+attributes required for the client certificate used by the
+principal during PKINIT authentication.  The matching expression
+is in the same format as those used by the \fBpkinit_cert_match\fP
+option in krb5.conf(5)\&.  (New in release 1.16.)
+.TP
+\fBpac_privsvr_enctype\fP
+Forces the encryption type of the PAC KDC checksum buffers to the
+specified encryption type for tickets issued to this server, by
+deriving a key from the local krbtgt key if it is of a different
+encryption type.  It may be necessary to set this value to
+"aes256\-sha1" on the cross\-realm krbtgt entry for an Active
+Directory realm when using aes\-sha2 keys on the local krbtgt
+entry.
+.UNINDENT
+.sp
+This command requires the \fBmodify\fP privilege.
+.sp
+Alias: \fBsetstr\fP
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+set_string host/foo.mit.edu session_enctypes aes128\-cts
+set_string user@FOO.COM otp "[{""type"":""hotp"",""username"":""al""}]"
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS del_string
+.INDENT 0.0
+.INDENT 3.5
+\fBdel_string\fP \fIprincipal\fP \fIkey\fP
+.UNINDENT
+.UNINDENT
+.sp
+Deletes a string attribute from \fIprincipal\fP\&.
+.sp
+This command requires the \fBdelete\fP privilege.
+.sp
+Alias: \fBdelstr\fP
+.SS add_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBadd_policy\fP [\fIoptions\fP] \fIpolicy\fP
+.UNINDENT
+.UNINDENT
+.sp
+Adds a password policy named \fIpolicy\fP to the database.
+.sp
+This command requires the \fBadd\fP privilege.
+.sp
+Alias: \fBaddpol\fP
+.sp
+The following options are available:
+.INDENT 0.0
+.TP
+\fB\-maxlife\fP \fItime\fP
+(duration or getdate string) Sets the maximum
+lifetime of a password.
+.TP
+\fB\-minlife\fP \fItime\fP
+(duration or getdate string) Sets the minimum
+lifetime of a password.
+.TP
+\fB\-minlength\fP \fIlength\fP
+Sets the minimum length of a password.
+.TP
+\fB\-minclasses\fP \fInumber\fP
+Sets the minimum number of character classes required in a
+password.  The five character classes are lower case, upper case,
+numbers, punctuation, and whitespace/unprintable characters.
+.TP
+\fB\-history\fP \fInumber\fP
+Sets the number of past keys kept for a principal.  This option is
+not supported with the LDAP KDC database module.
+.UNINDENT
+.INDENT 0.0
+.TP
+\fB\-maxfailure\fP \fImaxnumber\fP
+Sets the number of authentication failures before the principal is
+locked.  Authentication failures are only tracked for principals
+which require preauthentication.  The counter of failed attempts
+resets to 0 after a successful attempt to authenticate.  A
+\fImaxnumber\fP value of 0 (the default) disables lockout.
+.UNINDENT
+.INDENT 0.0
+.TP
+\fB\-failurecountinterval\fP \fIfailuretime\fP
+(duration or getdate string) Sets the allowable time
+between authentication failures.  If an authentication failure
+happens after \fIfailuretime\fP has elapsed since the previous
+failure, the number of authentication failures is reset to 1.  A
+\fIfailuretime\fP value of 0 (the default) means forever.
+.UNINDENT
+.INDENT 0.0
+.TP
+\fB\-lockoutduration\fP \fIlockouttime\fP
+(duration or getdate string) Sets the duration for
+which the principal is locked from authenticating if too many
+authentication failures occur without the specified failure count
+interval elapsing.  A duration of 0 (the default) means the
+principal remains locked out until it is administratively unlocked
+with \fBmodprinc \-unlock\fP\&.
+.TP
+\fB\-allowedkeysalts\fP
+Specifies the key/salt tuples supported for long\-term keys when
+setting or changing a principal\(aqs password/keys.  See
+Keysalt_lists in kdc.conf(5) for a list of the
+accepted values, but note that key/salt tuples must be separated
+with commas (\(aq,\(aq) only.  To clear the allowed key/salt policy use
+a value of \(aq\-\(aq.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: add_policy \-maxlife "2 days" \-minlength 5 guests
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS modify_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBmodify_policy\fP [\fIoptions\fP] \fIpolicy\fP
+.UNINDENT
+.UNINDENT
+.sp
+Modifies the password policy named \fIpolicy\fP\&.  Options are as described
+for \fBadd_policy\fP\&.
+.sp
+This command requires the \fBmodify\fP privilege.
+.sp
+Alias: \fBmodpol\fP
+.SS delete_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBdelete_policy\fP [\fB\-force\fP] \fIpolicy\fP
+.UNINDENT
+.UNINDENT
+.sp
+Deletes the password policy named \fIpolicy\fP\&.  Prompts for confirmation
+before deletion.  The command will fail if the policy is in use by any
+principals.
+.sp
+This command requires the \fBdelete\fP privilege.
+.sp
+Alias: \fBdelpol\fP
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: del_policy guests
+Are you sure you want to delete the policy "guests"?
+(yes/no): yes
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS get_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBget_policy\fP [ \fB\-terse\fP ] \fIpolicy\fP
+.UNINDENT
+.UNINDENT
+.sp
+Displays the values of the password policy named \fIpolicy\fP\&.  With the
+\fB\-terse\fP flag, outputs the fields as quoted strings separated by
+tabs.
+.sp
+This command requires the \fBinquire\fP privilege.
+.sp
+Alias: \fBgetpol\fP
+.sp
+Examples:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: get_policy admin
+Policy: admin
+Maximum password life: 180 days 00:00:00
+Minimum password life: 00:00:00
+Minimum password length: 6
+Minimum number of password character classes: 2
+Number of old keys kept: 5
+Reference count: 17
+
+kadmin: get_policy \-terse admin
+admin     15552000  0    6    2    5    17
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The "Reference count" is the number of principals using that policy.
+With the LDAP KDC database module, the reference count field is not
+meaningful.
+.SS list_policies
+.INDENT 0.0
+.INDENT 3.5
+\fBlist_policies\fP [\fIexpression\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Retrieves all or some policy names.  \fIexpression\fP is a shell\-style
+glob expression that can contain the wild\-card characters \fB?\fP,
+\fB*\fP, and \fB[]\fP\&.  All policy names matching the expression are
+printed.  If no expression is provided, all existing policy names are
+printed.
+.sp
+This command requires the \fBlist\fP privilege.
+.sp
+Aliases: \fBlistpols\fP, \fBget_policies\fP, \fBgetpols\fP\&.
+.sp
+Examples:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin:  listpols
+test\-pol
+dict\-only
+once\-a\-min
+test\-pol\-nopw
+
+kadmin:  listpols t*
+test\-pol
+test\-pol\-nopw
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS ktadd
+.INDENT 0.0
+.INDENT 3.5
+.nf
+\fBktadd\fP [options] \fIprincipal\fP
+\fBktadd\fP [options] \fB\-glob\fP \fIprinc\-exp\fP
+.fi
+.sp
+.UNINDENT
+.UNINDENT
+.sp
+Adds a \fIprincipal\fP, or all principals matching \fIprinc\-exp\fP, to a
+keytab file.  Each principal\(aqs keys are randomized in the process.
+The rules for \fIprinc\-exp\fP are described in the \fBlist_principals\fP
+command.
+.sp
+This command requires the \fBinquire\fP and \fBchangepw\fP privileges.
+With the \fB\-glob\fP form, it also requires the \fBlist\fP privilege.
+.sp
+The options are:
+.INDENT 0.0
+.TP
+\fB\-k[eytab]\fP \fIkeytab\fP
+Use \fIkeytab\fP as the keytab file.  Otherwise, the default keytab is
+used.
+.TP
+\fB\-e\fP \fIenc\fP:\fIsalt\fP,...
+Uses the specified keysalt list for setting the new keys of the
+principal.  See Keysalt_lists in kdc.conf(5) for a
+list of possible values.
+.TP
+\fB\-q\fP
+Display less verbose information.
+.TP
+\fB\-norandkey\fP
+Do not randomize the keys. The keys and their version numbers stay
+unchanged.  This option cannot be specified in combination with the
+\fB\-e\fP option.
+.UNINDENT
+.sp
+An entry for each of the principal\(aqs unique encryption types is added,
+ignoring multiple keys with the same encryption type but different
+salt types.
+.sp
+Alias: \fBxst\fP
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: ktadd \-k /tmp/foo\-new\-keytab host/foo.mit.edu
+Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3,
+     encryption type aes256\-cts\-hmac\-sha1\-96 added to keytab
+     FILE:/tmp/foo\-new\-keytab
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS ktremove
+.INDENT 0.0
+.INDENT 3.5
+\fBktremove\fP [options] \fIprincipal\fP [\fIkvno\fP | \fIall\fP | \fIold\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Removes entries for the specified \fIprincipal\fP from a keytab.  Requires
+no permissions, since this does not require database access.
+.sp
+If the string "all" is specified, all entries for that principal are
+removed; if the string "old" is specified, all entries for that
+principal except those with the highest kvno are removed.  Otherwise,
+the value specified is parsed as an integer, and all entries whose
+kvno match that integer are removed.
+.sp
+The options are:
+.INDENT 0.0
+.TP
+\fB\-k[eytab]\fP \fIkeytab\fP
+Use \fIkeytab\fP as the keytab file.  Otherwise, the default keytab is
+used.
+.TP
+\fB\-q\fP
+Display less verbose information.
+.UNINDENT
+.sp
+Alias: \fBktrem\fP
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin: ktremove kadmin/admin all
+Entry for principal kadmin/admin with kvno 3 removed from keytab
+     FILE:/etc/krb5.keytab
+kadmin:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS lock
+.sp
+Lock database exclusively.  Use with extreme caution!  This command
+only works with the DB2 KDC database module.
+.SS unlock
+.sp
+Release the exclusive database lock.
+.SS list_requests
+.sp
+Lists available for kadmin requests.
+.sp
+Aliases: \fBlr\fP, \fB?\fP
+.SS quit
+.sp
+Exit program.  If the database was locked, the lock is released.
+.sp
+Aliases: \fBexit\fP, \fBq\fP
+.SH HISTORY
+.sp
+The kadmin program was originally written by Tom Yu at MIT, as an
+interface to the OpenVision Kerberos administration program.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kpasswd(1), kadmind(8), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kadmind.man b/krb5-1.21.3/src/man/kadmind.man
new file mode 100644
index 00000000..32b9213a
--- /dev/null
+++ b/krb5-1.21.3/src/man/kadmind.man
@@ -0,0 +1,153 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KADMIND" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kadmind \- KADM5 administration server
+.SH SYNOPSIS
+.sp
+\fBkadmind\fP
+[\fB\-x\fP \fIdb_args\fP]
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-m\fP]
+[\fB\-nofork\fP]
+[\fB\-proponly\fP]
+[\fB\-port\fP \fIport\-number\fP]
+[\fB\-P\fP \fIpid_file\fP]
+[\fB\-p\fP \fIkdb5_util_path\fP]
+[\fB\-K\fP \fIkprop_path\fP]
+[\fB\-k\fP \fIkprop_port\fP]
+[\fB\-F\fP \fIdump_file\fP]
+.SH DESCRIPTION
+.sp
+kadmind starts the Kerberos administration server.  kadmind typically
+runs on the primary Kerberos server, which stores the KDC database.
+If the KDC database uses the LDAP module, the administration server
+and the KDC server need not run on the same machine.  kadmind accepts
+remote requests from programs such as kadmin(1) and
+kpasswd(1) to administer the information in these database.
+.sp
+kadmind requires a number of configuration files to be set up in order
+for it to work:
+.INDENT 0.0
+.TP
+.B kdc.conf(5)
+The KDC configuration file contains configuration information for
+the KDC and admin servers.  kadmind uses settings in this file to
+locate the Kerberos database, and is also affected by the
+\fBacl_file\fP, \fBdict_file\fP, \fBkadmind_port\fP, and iprop\-related
+settings.
+.TP
+.B kadm5.acl(5)
+kadmind\(aqs ACL (access control list) tells it which principals are
+allowed to perform administration actions.  The pathname to the
+ACL file can be specified with the \fBacl_file\fP kdc.conf(5)
+variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&.
+.UNINDENT
+.sp
+After the server begins running, it puts itself in the background and
+disassociates itself from its controlling terminal.
+.sp
+kadmind can be configured for incremental database propagation.
+Incremental propagation allows replica KDC servers to receive
+principal and policy updates incrementally instead of receiving full
+dumps of the database.  This facility can be enabled in the
+kdc.conf(5) file with the \fBiprop_enable\fP option.  Incremental
+propagation requires the principal \fBkiprop/PRIMARY\e@REALM\fP (where
+PRIMARY is the primary KDC\(aqs canonical host name, and REALM the realm
+name).  In release 1.13, this principal is automatically created and
+registered into the datebase.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-r\fP \fIrealm\fP
+specifies the realm that kadmind will serve; if it is not
+specified, the default realm of the host is used.
+.TP
+\fB\-m\fP
+causes the master database password to be fetched from the
+keyboard (before the server puts itself in the background, if not
+invoked with the \fB\-nofork\fP option) rather than from a file on
+disk.
+.TP
+\fB\-nofork\fP
+causes the server to remain in the foreground and remain
+associated to the terminal.
+.TP
+\fB\-proponly\fP
+causes the server to only listen and respond to Kerberos replica
+incremental propagation polling requests.  This option can be used
+to set up a hierarchical propagation topology where a replica KDC
+provides incremental updates to other Kerberos replicas.
+.TP
+\fB\-port\fP \fIport\-number\fP
+specifies the port on which the administration server listens for
+connections.  The default port is determined by the
+\fBkadmind_port\fP configuration variable in kdc.conf(5)\&.
+.TP
+\fB\-P\fP \fIpid_file\fP
+specifies the file to which the PID of kadmind process should be
+written after it starts up.  This file can be used to identify
+whether kadmind is still running and to allow init scripts to stop
+the correct process.
+.TP
+\fB\-p\fP \fIkdb5_util_path\fP
+specifies the path to the kdb5_util command to use when dumping the
+KDB in response to full resync requests when iprop is enabled.
+.TP
+\fB\-K\fP \fIkprop_path\fP
+specifies the path to the kprop command to use to send full dumps
+to replicas in response to full resync requests.
+.TP
+\fB\-k\fP \fIkprop_port\fP
+specifies the port by which the kprop process that is spawned by
+kadmind connects to the replica kpropd, in order to transfer the
+dump file during an iprop full resync request.
+.TP
+\fB\-F\fP \fIdump_file\fP
+specifies the file path to be used for dumping the KDB in response
+to full resync requests when iprop is enabled.
+.TP
+\fB\-x\fP \fIdb_args\fP
+specifies database\-specific arguments.  See Database Options in kadmin(1) for supported arguments.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kpasswd(1), kadmin(1), kdb5_util(8),
+kdb5_ldap_util(8), kadm5.acl(5), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kdb5_ldap_util.man b/krb5-1.21.3/src/man/kdb5_ldap_util.man
new file mode 100644
index 00000000..125e59ab
--- /dev/null
+++ b/krb5-1.21.3/src/man/kdb5_ldap_util.man
@@ -0,0 +1,527 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KDB5_LDAP_UTIL" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kdb5_ldap_util \- Kerberos configuration utility
+.SH SYNOPSIS
+.sp
+\fBkdb5_ldap_util\fP
+[\fB\-D\fP \fIuser_dn\fP [\fB\-w\fP \fIpasswd\fP]]
+[\fB\-H\fP \fIldapuri\fP]
+\fBcommand\fP
+[\fIcommand_options\fP]
+.SH DESCRIPTION
+.sp
+kdb5_ldap_util allows an administrator to manage realms, Kerberos
+services and ticket policies.
+.SH COMMAND-LINE OPTIONS
+.INDENT 0.0
+.TP
+\fB\-r\fP \fIrealm\fP
+Specifies the realm to be operated on.
+.TP
+\fB\-D\fP \fIuser_dn\fP
+Specifies the Distinguished Name (DN) of the user who has
+sufficient rights to perform the operation on the LDAP server.
+.TP
+\fB\-w\fP \fIpasswd\fP
+Specifies the password of \fIuser_dn\fP\&.  This option is not
+recommended.
+.TP
+\fB\-H\fP \fIldapuri\fP
+Specifies the URI of the LDAP server.
+.UNINDENT
+.sp
+By default, kdb5_ldap_util operates on the default realm (as specified
+in krb5.conf(5)) and connects and authenticates to the LDAP
+server in the same manner as :ref:kadmind(8)\(ga would given the
+parameters in dbdefaults in kdc.conf(5)\&.
+.SH COMMANDS
+.SS create
+.INDENT 0.0
+.INDENT 3.5
+\fBcreate\fP
+[\fB\-subtrees\fP \fIsubtree_dn_list\fP]
+[\fB\-sscope\fP \fIsearch_scope\fP]
+[\fB\-containerref\fP \fIcontainer_reference_dn\fP]
+[\fB\-k\fP \fImkeytype\fP]
+[\fB\-kv\fP \fImkeyVNO\fP]
+[\fB\-M\fP \fImkeyname\fP]
+[\fB\-m|\-P\fP \fIpassword\fP|\fB\-sf\fP \fIstashfilename\fP]
+[\fB\-s\fP]
+[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
+[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
+[\fIticket_flags\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Creates realm in directory. Options:
+.INDENT 0.0
+.TP
+\fB\-subtrees\fP \fIsubtree_dn_list\fP
+Specifies the list of subtrees containing the principals of a
+realm.  The list contains the DNs of the subtree objects separated
+by colon (\fB:\fP).
+.TP
+\fB\-sscope\fP \fIsearch_scope\fP
+Specifies the scope for searching the principals under the
+subtree.  The possible values are 1 or one (one level), 2 or sub
+(subtrees).
+.TP
+\fB\-containerref\fP \fIcontainer_reference_dn\fP
+Specifies the DN of the container object in which the principals
+of a realm will be created.  If the container reference is not
+configured for a realm, the principals will be created in the
+realm container.
+.TP
+\fB\-k\fP \fImkeytype\fP
+Specifies the key type of the master key in the database.  The
+default is given by the \fBmaster_key_type\fP variable in
+kdc.conf(5)\&.
+.TP
+\fB\-kv\fP \fImkeyVNO\fP
+Specifies the version number of the master key in the database;
+the default is 1.  Note that 0 is not allowed.
+.TP
+\fB\-M\fP \fImkeyname\fP
+Specifies the principal name for the master key in the database.
+If not specified, the name is determined by the
+\fBmaster_key_name\fP variable in kdc.conf(5)\&.
+.TP
+\fB\-m\fP
+Specifies that the master database password should be read from
+the TTY rather than fetched from a file on the disk.
+.TP
+\fB\-P\fP \fIpassword\fP
+Specifies the master database password. This option is not
+recommended.
+.TP
+\fB\-sf\fP \fIstashfilename\fP
+Specifies the stash file of the master database password.
+.TP
+\fB\-s\fP
+Specifies that the stash file is to be created.
+.TP
+\fB\-maxtktlife\fP \fImax_ticket_life\fP
+(getdate string) Specifies maximum ticket life for
+principals in this realm.
+.TP
+\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
+(getdate string) Specifies maximum renewable life of
+tickets for principals in this realm.
+.TP
+.B \fIticket_flags\fP
+Specifies global ticket flags for the realm.  Allowable flags are
+documented in the description of the \fBadd_principal\fP command in
+kadmin(1)\&.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
+    \-r ATHENA.MIT.EDU create \-subtrees o=org \-sscope SUB
+Password for "cn=admin,o=org":
+Initializing database for realm \(aqATHENA.MIT.EDU\(aq
+You will be prompted for the database Master Password.
+It is important that you NOT FORGET this password.
+Enter KDC database master key:
+Re\-enter KDC database master key to verify:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS modify
+.INDENT 0.0
+.INDENT 3.5
+\fBmodify\fP
+[\fB\-subtrees\fP \fIsubtree_dn_list\fP]
+[\fB\-sscope\fP \fIsearch_scope\fP]
+[\fB\-containerref\fP \fIcontainer_reference_dn\fP]
+[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
+[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
+[\fIticket_flags\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Modifies the attributes of a realm.  Options:
+.INDENT 0.0
+.TP
+\fB\-subtrees\fP \fIsubtree_dn_list\fP
+Specifies the list of subtrees containing the principals of a
+realm.  The list contains the DNs of the subtree objects separated
+by colon (\fB:\fP).  This list replaces the existing list.
+.TP
+\fB\-sscope\fP \fIsearch_scope\fP
+Specifies the scope for searching the principals under the
+subtrees.  The possible values are 1 or one (one level), 2 or sub
+(subtrees).
+.TP
+\fB\-containerref\fP \fIcontainer_reference_dn\fP Specifies the DN of the
+container object in which the principals of a realm will be
+created.
+.TP
+\fB\-maxtktlife\fP \fImax_ticket_life\fP
+(getdate string) Specifies maximum ticket life for
+principals in this realm.
+.TP
+\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
+(getdate string) Specifies maximum renewable life of
+tickets for principals in this realm.
+.TP
+.B \fIticket_flags\fP
+Specifies global ticket flags for the realm.  Allowable flags are
+documented in the description of the \fBadd_principal\fP command in
+kadmin(1)\&.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+shell% kdb5_ldap_util \-r ATHENA.MIT.EDU \-D cn=admin,o=org \-H
+    ldaps://ldap\-server1.mit.edu modify +requires_preauth
+Password for "cn=admin,o=org":
+shell%
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS view
+.INDENT 0.0
+.INDENT 3.5
+\fBview\fP
+.UNINDENT
+.UNINDENT
+.sp
+Displays the attributes of a realm.
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
+    \-r ATHENA.MIT.EDU view
+Password for "cn=admin,o=org":
+Realm Name: ATHENA.MIT.EDU
+Subtree: ou=users,o=org
+Subtree: ou=servers,o=org
+SearchScope: ONE
+Maximum ticket life: 0 days 01:00:00
+Maximum renewable life: 0 days 10:00:00
+Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS destroy
+.INDENT 0.0
+.INDENT 3.5
+\fBdestroy\fP [\fB\-f\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Destroys an existing realm. Options:
+.INDENT 0.0
+.TP
+\fB\-f\fP
+If specified, will not prompt the user for confirmation.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+shell% kdb5_ldap_util \-r ATHENA.MIT.EDU \-D cn=admin,o=org \-H
+    ldaps://ldap\-server1.mit.edu destroy
+Password for "cn=admin,o=org":
+Deleting KDC database of \(aqATHENA.MIT.EDU\(aq, are you sure?
+(type \(aqyes\(aq to confirm)? yes
+OK, deleting database of \(aqATHENA.MIT.EDU\(aq...
+shell%
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS list
+.INDENT 0.0
+.INDENT 3.5
+\fBlist\fP
+.UNINDENT
+.UNINDENT
+.sp
+Lists the names of realms under the container.
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+shell% kdb5_ldap_util \-D cn=admin,o=org \-H
+    ldaps://ldap\-server1.mit.edu list
+Password for "cn=admin,o=org":
+ATHENA.MIT.EDU
+OPENLDAP.MIT.EDU
+MEDIA\-LAB.MIT.EDU
+shell%
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS stashsrvpw
+.INDENT 0.0
+.INDENT 3.5
+\fBstashsrvpw\fP
+[\fB\-f\fP \fIfilename\fP]
+\fIname\fP
+.UNINDENT
+.UNINDENT
+.sp
+Allows an administrator to store the password for service object in a
+file so that KDC and Administration server can use it to authenticate
+to the LDAP server.  Options:
+.INDENT 0.0
+.TP
+\fB\-f\fP \fIfilename\fP
+Specifies the complete path of the service password file. By
+default, \fB/usr/local/var/service_passwd\fP is used.
+.TP
+.B \fIname\fP
+Specifies the name of the object whose password is to be stored.
+If krb5kdc(8) or kadmind(8) are configured for
+simple binding, this should be the distinguished name it will
+use as given by the \fBldap_kdc_dn\fP or \fBldap_kadmind_dn\fP
+variable in kdc.conf(5)\&.  If the KDC or kadmind is
+configured for SASL binding, this should be the authentication
+name it will use as given by the \fBldap_kdc_sasl_authcid\fP or
+\fBldap_kadmind_sasl_authcid\fP variable.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util stashsrvpw \-f /home/andrew/conf_keyfile
+    cn=service\-kdc,o=org
+Password for "cn=service\-kdc,o=org":
+Re\-enter password for "cn=service\-kdc,o=org":
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS create_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBcreate_policy\fP
+[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
+[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
+[\fIticket_flags\fP]
+\fIpolicy_name\fP
+.UNINDENT
+.UNINDENT
+.sp
+Creates a ticket policy in the directory.  Options:
+.INDENT 0.0
+.TP
+\fB\-maxtktlife\fP \fImax_ticket_life\fP
+(getdate string) Specifies maximum ticket life for
+principals.
+.TP
+\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP
+(getdate string) Specifies maximum renewable life of
+tickets for principals.
+.TP
+.B \fIticket_flags\fP
+Specifies the ticket flags.  If this option is not specified, by
+default, no restriction will be set by the policy.  Allowable
+flags are documented in the description of the \fBadd_principal\fP
+command in kadmin(1)\&.
+.TP
+.B \fIpolicy_name\fP
+Specifies the name of the ticket policy.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
+    \-r ATHENA.MIT.EDU create_policy \-maxtktlife "1 day"
+    \-maxrenewlife "1 week" \-allow_postdated +needchange
+    \-allow_forwardable tktpolicy
+Password for "cn=admin,o=org":
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS modify_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBmodify_policy\fP
+[\fB\-maxtktlife\fP \fImax_ticket_life\fP]
+[\fB\-maxrenewlife\fP \fImax_renewable_ticket_life\fP]
+[\fIticket_flags\fP]
+\fIpolicy_name\fP
+.UNINDENT
+.UNINDENT
+.sp
+Modifies the attributes of a ticket policy.  Options are same as for
+\fBcreate_policy\fP\&.
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H
+    ldaps://ldap\-server1.mit.edu \-r ATHENA.MIT.EDU modify_policy
+    \-maxtktlife "60 minutes" \-maxrenewlife "10 hours"
+    +allow_postdated \-requires_preauth tktpolicy
+Password for "cn=admin,o=org":
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS view_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBview_policy\fP
+\fIpolicy_name\fP
+.UNINDENT
+.UNINDENT
+.sp
+Displays the attributes of the named ticket policy.
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
+    \-r ATHENA.MIT.EDU view_policy tktpolicy
+Password for "cn=admin,o=org":
+Ticket policy: tktpolicy
+Maximum ticket life: 0 days 01:00:00
+Maximum renewable life: 0 days 10:00:00
+Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS destroy_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBdestroy_policy\fP
+[\fB\-force\fP]
+\fIpolicy_name\fP
+.UNINDENT
+.UNINDENT
+.sp
+Destroys an existing ticket policy.  Options:
+.INDENT 0.0
+.TP
+\fB\-force\fP
+Forces the deletion of the policy object.  If not specified, the
+user will be prompted for confirmation before deleting the policy.
+.TP
+.B \fIpolicy_name\fP
+Specifies the name of the ticket policy.
+.UNINDENT
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
+    \-r ATHENA.MIT.EDU destroy_policy tktpolicy
+Password for "cn=admin,o=org":
+This will delete the policy object \(aqtktpolicy\(aq, are you sure?
+(type \(aqyes\(aq to confirm)? yes
+** policy object \(aqtktpolicy\(aq deleted.
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SS list_policy
+.INDENT 0.0
+.INDENT 3.5
+\fBlist_policy\fP
+.UNINDENT
+.UNINDENT
+.sp
+Lists ticket policies.
+.sp
+Example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap\-server1.mit.edu
+    \-r ATHENA.MIT.EDU list_policy
+Password for "cn=admin,o=org":
+tktpolicy
+tmppolicy
+userpolicy
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kadmin(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kdb5_util.man b/krb5-1.21.3/src/man/kdb5_util.man
new file mode 100644
index 00000000..d43d913d
--- /dev/null
+++ b/krb5-1.21.3/src/man/kdb5_util.man
@@ -0,0 +1,559 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KDB5_UTIL" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kdb5_util \- Kerberos database maintenance utility
+.SH SYNOPSIS
+.sp
+\fBkdb5_util\fP
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-d\fP \fIdbname\fP]
+[\fB\-k\fP \fImkeytype\fP]
+[\fB\-kv\fP \fImkeyVNO\fP]
+[\fB\-M\fP \fImkeyname\fP]
+[\fB\-m\fP]
+[\fB\-sf\fP \fIstashfilename\fP]
+[\fB\-P\fP \fIpassword\fP]
+[\fB\-x\fP \fIdb_args\fP]
+\fIcommand\fP [\fIcommand_options\fP]
+.SH DESCRIPTION
+.sp
+kdb5_util allows an administrator to perform maintenance procedures on
+the KDC database.  Databases can be created, destroyed, and dumped to
+or loaded from ASCII files.  kdb5_util can create a Kerberos master
+key stash file or perform live rollover of the master key.
+.sp
+When kdb5_util is run, it attempts to acquire the master key and open
+the database.  However, execution continues regardless of whether or
+not kdb5_util successfully opens the database, because the database
+may not exist yet or the stash file may be corrupt.
+.sp
+Note that some KDC database modules may not support all kdb5_util
+commands.
+.SH COMMAND-LINE OPTIONS
+.INDENT 0.0
+.TP
+\fB\-r\fP \fIrealm\fP
+specifies the Kerberos realm of the database.
+.TP
+\fB\-d\fP \fIdbname\fP
+specifies the name under which the principal database is stored;
+by default the database is that listed in kdc.conf(5)\&.  The
+password policy database and lock files are also derived from this
+value.
+.TP
+\fB\-k\fP \fImkeytype\fP
+specifies the key type of the master key in the database.  The
+default is given by the \fBmaster_key_type\fP variable in
+kdc.conf(5)\&.
+.TP
+\fB\-kv\fP \fImkeyVNO\fP
+Specifies the version number of the master key in the database;
+the default is 1.  Note that 0 is not allowed.
+.TP
+\fB\-M\fP \fImkeyname\fP
+principal name for the master key in the database.  If not
+specified, the name is determined by the \fBmaster_key_name\fP
+variable in kdc.conf(5)\&.
+.TP
+\fB\-m\fP
+specifies that the master database password should be read from
+the keyboard rather than fetched from a file on disk.
+.TP
+\fB\-sf\fP \fIstash_file\fP
+specifies the stash filename of the master database password.  If
+not specified, the filename is determined by the
+\fBkey_stash_file\fP variable in kdc.conf(5)\&.
+.TP
+\fB\-P\fP \fIpassword\fP
+specifies the master database password.  Using this option may
+expose the password to other users on the system via the process
+list.
+.TP
+\fB\-x\fP \fIdb_args\fP
+specifies database\-specific options.  See kadmin(1) for
+supported options.
+.UNINDENT
+.SH COMMANDS
+.SS create
+.INDENT 0.0
+.INDENT 3.5
+\fBcreate\fP [\fB\-s\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Creates a new database.  If the \fB\-s\fP option is specified, the stash
+file is also created.  This command fails if the database already
+exists.  If the command is successful, the database is opened just as
+if it had already existed when the program was first run.
+.SS destroy
+.INDENT 0.0
+.INDENT 3.5
+\fBdestroy\fP [\fB\-f\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Destroys the database, first overwriting the disk sectors and then
+unlinking the files, after prompting the user for confirmation.  With
+the \fB\-f\fP argument, does not prompt the user.
+.SS stash
+.INDENT 0.0
+.INDENT 3.5
+\fBstash\fP [\fB\-f\fP \fIkeyfile\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Stores the master principal\(aqs keys in a stash file.  The \fB\-f\fP
+argument can be used to override the \fIkeyfile\fP specified in
+kdc.conf(5)\&.
+.SS dump
+.INDENT 0.0
+.INDENT 3.5
+\fBdump\fP [\fB\-b7\fP|\fB\-r13\fP|\fB\-r18\fP]
+[\fB\-verbose\fP] [\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP
+\fImkey_file\fP] [\fB\-rev\fP] [\fB\-recurse\fP] [\fIfilename\fP
+[\fIprincipals\fP\&...]]
+.UNINDENT
+.UNINDENT
+.sp
+Dumps the current Kerberos and KADM5 database into an ASCII file.  By
+default, the database is dumped in current format, "kdb5_util
+load_dump version 7".  If filename is not specified, or is the string
+"\-", the dump is sent to standard output.  Options:
+.INDENT 0.0
+.TP
+\fB\-b7\fP
+causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util
+load_dump version 4").  This was the dump format produced on
+releases prior to 1.2.2.
+.TP
+\fB\-r13\fP
+causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util
+load_dump version 5").  This was the dump format produced on
+releases prior to 1.8.
+.TP
+\fB\-r18\fP
+causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util
+load_dump version 6").  This was the dump format produced on
+releases prior to 1.11.
+.TP
+\fB\-verbose\fP
+causes the name of each principal and policy to be printed as it
+is dumped.
+.TP
+\fB\-mkey_convert\fP
+prompts for a new master key.  This new master key will be used to
+re\-encrypt principal key data in the dumpfile.  The principal keys
+themselves will not be changed.
+.TP
+\fB\-new_mkey_file\fP \fImkey_file\fP
+the filename of a stash file.  The master key in this stash file
+will be used to re\-encrypt the key data in the dumpfile.  The key
+data in the database will not be changed.
+.TP
+\fB\-rev\fP
+dumps in reverse order.  This may recover principals that do not
+dump normally, in cases where database corruption has occurred.
+.TP
+\fB\-recurse\fP
+causes the dump to walk the database recursively (btree only).
+This may recover principals that do not dump normally, in cases
+where database corruption has occurred.  In cases of such
+corruption, this option will probably retrieve more principals
+than the \fB\-rev\fP option will.
+.sp
+Changed in version 1.15: Release 1.15 restored the functionality of the \fB\-recurse\fP
+option.
+
+.sp
+Changed in version 1.5: The \fB\-recurse\fP option ceased working until release 1.15,
+doing a normal dump instead of a recursive traversal.
+
+.UNINDENT
+.SS load
+.INDENT 0.0
+.INDENT 3.5
+\fBload\fP [\fB\-b7\fP|\fB\-r13\fP|\fB\-r18\fP] [\fB\-hash\fP]
+[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP
+.UNINDENT
+.UNINDENT
+.sp
+Loads a database dump from the named file into the named database.  If
+no option is given to determine the format of the dump file, the
+format is detected automatically and handled as appropriate.  Unless
+the \fB\-update\fP option is given, \fBload\fP creates a new database
+containing only the data in the dump file, overwriting the contents of
+any previously existing database.  Note that when using the LDAP KDC
+database module, the \fB\-update\fP flag is required.
+.sp
+Options:
+.INDENT 0.0
+.TP
+\fB\-b7\fP
+requires the database to be in the Kerberos 5 Beta 7 format
+("kdb5_util load_dump version 4").  This was the dump format
+produced on releases prior to 1.2.2.
+.TP
+\fB\-r13\fP
+requires the database to be in Kerberos 5 1.3 format ("kdb5_util
+load_dump version 5").  This was the dump format produced on
+releases prior to 1.8.
+.TP
+\fB\-r18\fP
+requires the database to be in Kerberos 5 1.8 format ("kdb5_util
+load_dump version 6").  This was the dump format produced on
+releases prior to 1.11.
+.TP
+\fB\-hash\fP
+stores the database in hash format, if using the DB2 database
+type.  If this option is not specified, the database will be
+stored in btree format.  This option is not recommended, as
+databases stored in hash format are known to corrupt data and lose
+principals.
+.TP
+\fB\-verbose\fP
+causes the name of each principal and policy to be printed as it
+is dumped.
+.TP
+\fB\-update\fP
+records from the dump file are added to or updated in the existing
+database.  Otherwise, a new database is created containing only
+what is in the dump file and the old one destroyed upon successful
+completion.
+.UNINDENT
+.SS ark
+.INDENT 0.0
+.INDENT 3.5
+\fBark\fP [\fB\-e\fP \fIenc\fP:\fIsalt\fP,...] \fIprincipal\fP
+.UNINDENT
+.UNINDENT
+.sp
+Adds new random keys to \fIprincipal\fP at the next available key version
+number.  Keys for the current highest key version number will be
+preserved.  The \fB\-e\fP option specifies the list of encryption and
+salt types to be used for the new keys.
+.SS add_mkey
+.INDENT 0.0
+.INDENT 3.5
+\fBadd_mkey\fP [\fB\-e\fP \fIetype\fP] [\fB\-s\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Adds a new master key to the master key principal, but does not mark
+it as active.  Existing master keys will remain.  The \fB\-e\fP option
+specifies the encryption type of the new master key; see
+Encryption_types in kdc.conf(5) for a list of possible
+values.  The \fB\-s\fP option stashes the new master key in the stash
+file, which will be created if it doesn\(aqt already exist.
+.sp
+After a new master key is added, it should be propagated to replica
+servers via a manual or periodic invocation of kprop(8)\&.  Then,
+the stash files on the replica servers should be updated with the
+kdb5_util \fBstash\fP command.  Once those steps are complete, the key
+is ready to be marked active with the kdb5_util \fBuse_mkey\fP command.
+.SS use_mkey
+.INDENT 0.0
+.INDENT 3.5
+\fBuse_mkey\fP \fImkeyVNO\fP [\fItime\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Sets the activation time of the master key specified by \fImkeyVNO\fP\&.
+Once a master key becomes active, it will be used to encrypt newly
+created principal keys.  If no \fItime\fP argument is given, the current
+time is used, causing the specified master key version to become
+active immediately.  The format for \fItime\fP is getdate string.
+.sp
+After a new master key becomes active, the kdb5_util
+\fBupdate_princ_encryption\fP command can be used to update all
+principal keys to be encrypted in the new master key.
+.SS list_mkeys
+.INDENT 0.0
+.INDENT 3.5
+\fBlist_mkeys\fP
+.UNINDENT
+.UNINDENT
+.sp
+List all master keys, from most recent to earliest, in the master key
+principal.  The output will show the kvno, enctype, and salt type for
+each mkey, similar to the output of kadmin(1) \fBgetprinc\fP\&.  A
+\fB*\fP following an mkey denotes the currently active master key.
+.SS purge_mkeys
+.INDENT 0.0
+.INDENT 3.5
+\fBpurge_mkeys\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Delete master keys from the master key principal that are not used to
+protect any principals.  This command can be used to remove old master
+keys all principal keys are protected by a newer master key.
+.INDENT 0.0
+.TP
+\fB\-f\fP
+does not prompt for confirmation.
+.TP
+\fB\-n\fP
+performs a dry run, showing master keys that would be purged, but
+not actually purging any keys.
+.TP
+\fB\-v\fP
+gives more verbose output.
+.UNINDENT
+.SS update_princ_encryption
+.INDENT 0.0
+.INDENT 3.5
+\fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP]
+[\fIprinc\-pattern\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Update all principal records (or only those matching the
+\fIprinc\-pattern\fP glob pattern) to re\-encrypt the key data using the
+active database master key, if they are encrypted using a different
+version, and give a count at the end of the number of principals
+updated.  If the \fB\-f\fP option is not given, ask for confirmation
+before starting to make changes.  The \fB\-v\fP option causes each
+principal processed to be listed, with an indication as to whether it
+needed updating or not.  The \fB\-n\fP option performs a dry run, only
+showing the actions which would have been taken.
+.SS tabdump
+.INDENT 0.0
+.INDENT 3.5
+\fBtabdump\fP [\fB\-H\fP] [\fB\-c\fP] [\fB\-e\fP] [\fB\-n\fP] [\fB\-o\fP \fIoutfile\fP]
+\fIdumptype\fP
+.UNINDENT
+.UNINDENT
+.sp
+Dump selected fields of the database in a tabular format suitable for
+reporting (e.g., using traditional Unix text processing tools) or
+importing into relational databases.  The data format is tab\-separated
+(default), or optionally comma\-separated (CSV), with a fixed number of
+columns.  The output begins with a header line containing field names,
+unless suppression is requested using the \fB\-H\fP option.
+.sp
+The \fIdumptype\fP parameter specifies the name of an output table (see
+below).
+.sp
+Options:
+.INDENT 0.0
+.TP
+\fB\-H\fP
+suppress writing the field names in a header line
+.TP
+\fB\-c\fP
+use comma separated values (CSV) format, with minimal quoting,
+instead of the default tab\-separated (unquoted, unescaped) format
+.TP
+\fB\-e\fP
+write empty hexadecimal string fields as empty fields instead of
+as "\-1".
+.TP
+\fB\-n\fP
+produce numeric output for fields that normally have symbolic
+output, such as enctypes and flag names.  Also requests output of
+time stamps as decimal POSIX time_t values.
+.TP
+\fB\-o\fP \fIoutfile\fP
+write the dump to the specified output file instead of to standard
+output
+.UNINDENT
+.sp
+Dump types:
+.INDENT 0.0
+.TP
+\fBkeydata\fP
+principal encryption key information, including actual key data
+(which is still encrypted in the master key)
+.INDENT 7.0
+.TP
+\fBname\fP
+principal name
+.TP
+\fBkeyindex\fP
+index of this key in the principal\(aqs key list
+.TP
+\fBkvno\fP
+key version number
+.TP
+\fBenctype\fP
+encryption type
+.TP
+\fBkey\fP
+key data as a hexadecimal string
+.TP
+\fBsalttype\fP
+salt type
+.TP
+\fBsalt\fP
+salt data as a hexadecimal string
+.UNINDENT
+.TP
+\fBkeyinfo\fP
+principal encryption key information (as in \fBkeydata\fP above),
+excluding actual key data
+.TP
+\fBprinc_flags\fP
+principal boolean attributes.  Flag names print as hexadecimal
+numbers if the \fB\-n\fP option is specified, and all flag positions
+are printed regardless of whether or not they are set.  If \fB\-n\fP
+is not specified, print all known flag names for each principal,
+but only print hexadecimal flag names if the corresponding flag is
+set.
+.INDENT 7.0
+.TP
+\fBname\fP
+principal name
+.TP
+\fBflag\fP
+flag name
+.TP
+\fBvalue\fP
+boolean value (0 for clear, or 1 for set)
+.UNINDENT
+.TP
+\fBprinc_lockout\fP
+state information used for tracking repeated password failures
+.INDENT 7.0
+.TP
+\fBname\fP
+principal name
+.TP
+\fBlast_success\fP
+time stamp of most recent successful authentication
+.TP
+\fBlast_failed\fP
+time stamp of most recent failed authentication
+.TP
+\fBfail_count\fP
+count of failed attempts
+.UNINDENT
+.TP
+\fBprinc_meta\fP
+principal metadata
+.INDENT 7.0
+.TP
+\fBname\fP
+principal name
+.TP
+\fBmodby\fP
+name of last principal to modify this principal
+.TP
+\fBmodtime\fP
+timestamp of last modification
+.TP
+\fBlastpwd\fP
+timestamp of last password change
+.TP
+\fBpolicy\fP
+policy object name
+.TP
+\fBmkvno\fP
+key version number of the master key that encrypts this
+principal\(aqs key data
+.TP
+\fBhist_kvno\fP
+key version number of the history key that encrypts the key
+history data for this principal
+.UNINDENT
+.TP
+\fBprinc_stringattrs\fP
+string attributes (key/value pairs)
+.INDENT 7.0
+.TP
+\fBname\fP
+principal name
+.TP
+\fBkey\fP
+attribute name
+.TP
+\fBvalue\fP
+attribute value
+.UNINDENT
+.TP
+\fBprinc_tktpolicy\fP
+per\-principal ticket policy data, including maximum ticket
+lifetimes
+.INDENT 7.0
+.TP
+\fBname\fP
+principal name
+.TP
+\fBexpiration\fP
+principal expiration date
+.TP
+\fBpw_expiration\fP
+password expiration date
+.TP
+\fBmax_life\fP
+maximum ticket lifetime
+.TP
+\fBmax_renew_life\fP
+maximum renewable ticket lifetime
+.UNINDENT
+.UNINDENT
+.sp
+Examples:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+$ kdb5_util tabdump \-o keyinfo.txt keyinfo
+$ cat keyinfo.txt
+name        keyindex        kvno    enctype salttype        salt
+K/M@EXAMPLE.COM     0       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
+foo@EXAMPLE.COM     0       1       aes128\-cts\-hmac\-sha1\-96 normal  \-1
+bar@EXAMPLE.COM     0       1       aes128\-cts\-hmac\-sha1\-96 normal  \-1
+$ sqlite3
+sqlite> .mode tabs
+sqlite> .import keyinfo.txt keyinfo
+sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
+K/M@EXAMPLE.COM     1       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
+sqlite> .quit
+$ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
+K/M@EXAMPLE.COM     1       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kadmin(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kdc.conf.man b/krb5-1.21.3/src/man/kdc.conf.man
new file mode 100644
index 00000000..98a72223
--- /dev/null
+++ b/krb5-1.21.3/src/man/kdc.conf.man
@@ -0,0 +1,1195 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KDC.CONF" "5" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kdc.conf \- Kerberos V5 KDC configuration file
+.sp
+The kdc.conf file supplements krb5.conf(5) for programs which
+are typically only used on a KDC, such as the krb5kdc(8) and
+kadmind(8) daemons and the kdb5_util(8) program.
+Relations documented here may also be specified in krb5.conf; for the
+KDC programs mentioned, krb5.conf and kdc.conf will be merged into a
+single configuration profile.
+.sp
+Normally, the kdc.conf file is found in the KDC state directory,
+\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\&.  You can override the default location by setting the
+environment variable \fBKRB5_KDC_PROFILE\fP\&.
+.sp
+Please note that you need to restart the KDC daemon for any configuration
+changes to take effect.
+.SH STRUCTURE
+.sp
+The kdc.conf file is set up in the same format as the
+krb5.conf(5) file.
+.SH SECTIONS
+.sp
+The kdc.conf file may contain the following sections:
+.TS
+center;
+|l|l|.
+_
+T{
+\fI\%[kdcdefaults]\fP
+T}	T{
+Default values for KDC behavior
+T}
+_
+T{
+\fI\%[realms]\fP
+T}	T{
+Realm\-specific database configuration and settings
+T}
+_
+T{
+\fI\%[dbdefaults]\fP
+T}	T{
+Default database settings
+T}
+_
+T{
+\fI\%[dbmodules]\fP
+T}	T{
+Per\-database settings
+T}
+_
+T{
+\fI\%[logging]\fP
+T}	T{
+Controls how Kerberos daemons perform logging
+T}
+_
+.TE
+.SS [kdcdefaults]
+.sp
+Some relations in the [kdcdefaults] section specify default values for
+realm variables, to be used if the [realms] subsection does not
+contain a relation for the tag.  See the \fI\%[realms]\fP section for
+the definitions of these relations.
+.INDENT 0.0
+.IP \(bu 2
+\fBhost_based_services\fP
+.IP \(bu 2
+\fBkdc_listen\fP
+.IP \(bu 2
+\fBkdc_ports\fP
+.IP \(bu 2
+\fBkdc_tcp_listen\fP
+.IP \(bu 2
+\fBkdc_tcp_ports\fP
+.IP \(bu 2
+\fBno_host_referral\fP
+.IP \(bu 2
+\fBrestrict_anonymous_to_tgt\fP
+.UNINDENT
+.sp
+The following [kdcdefaults] variables have no per\-realm equivalent:
+.INDENT 0.0
+.TP
+\fBkdc_max_dgram_reply_size\fP
+Specifies the maximum packet size that can be sent over UDP.  The
+default value is 4096 bytes.
+.TP
+\fBkdc_tcp_listen_backlog\fP
+(Integer.)  Set the size of the listen queue length for the KDC
+daemon.  The value may be limited by OS settings.  The default
+value is 5.
+.TP
+\fBspake_preauth_kdc_challenge\fP
+(String.)  Specifies the group for a SPAKE optimistic challenge.
+See the \fBspake_preauth_groups\fP variable in libdefaults
+for possible values.  The default is not to issue an optimistic
+challenge.  (New in release 1.17.)
+.UNINDENT
+.SS [realms]
+.sp
+Each tag in the [realms] section is the name of a Kerberos realm.  The
+value of the tag is a subsection where the relations define KDC
+parameters for that particular realm.  The following example shows how
+to define one parameter for the ATHENA.MIT.EDU realm:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[realms]
+    ATHENA.MIT.EDU = {
+        max_renewable_life = 7d 0h 0m 0s
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The following tags may be specified in a [realms] subsection:
+.INDENT 0.0
+.TP
+\fBacl_file\fP
+(String.)  Location of the access control list file that
+kadmind(8) uses to determine which principals are allowed
+which permissions on the Kerberos database.  To operate without an
+ACL file, set this relation to the empty string with \fBacl_file =
+""\fP\&.  The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&.  For more
+information on Kerberos ACL file see kadm5.acl(5)\&.
+.TP
+\fBdatabase_module\fP
+(String.)  This relation indicates the name of the configuration
+section under \fI\%[dbmodules]\fP for database\-specific parameters
+used by the loadable database library.  The default value is the
+realm name.  If this configuration section does not exist, default
+values will be used for all database parameters.
+.TP
+\fBdatabase_name\fP
+(String, deprecated.)  This relation specifies the location of the
+Kerberos database for this realm, if the DB2 module is being used
+and the \fI\%[dbmodules]\fP configuration section does not specify a
+database name.  The default value is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&.
+.TP
+\fBdefault_principal_expiration\fP
+(abstime string.)  Specifies the default expiration date of
+principals created in this realm.  The default value is 0, which
+means no expiration date.
+.TP
+\fBdefault_principal_flags\fP
+(Flag string.)  Specifies the default attributes of principals
+created in this realm.  The format for this string is a
+comma\-separated list of flags, with \(aq+\(aq before each flag that
+should be enabled and \(aq\-\(aq before each flag that should be
+disabled.  The \fBpostdateable\fP, \fBforwardable\fP, \fBtgt\-based\fP,
+\fBrenewable\fP, \fBproxiable\fP, \fBdup\-skey\fP, \fBallow\-tickets\fP, and
+\fBservice\fP flags default to enabled.
+.sp
+There are a number of possible flags:
+.INDENT 7.0
+.TP
+\fBallow\-tickets\fP
+Enabling this flag means that the KDC will issue tickets for
+this principal.  Disabling this flag essentially deactivates
+the principal within this realm.
+.TP
+\fBdup\-skey\fP
+Enabling this flag allows the KDC to issue user\-to\-user
+service tickets for this principal.
+.TP
+\fBforwardable\fP
+Enabling this flag allows the principal to obtain forwardable
+tickets.
+.TP
+\fBhwauth\fP
+If this flag is enabled, then the principal is required to
+preauthenticate using a hardware device before receiving any
+tickets.
+.TP
+\fBno\-auth\-data\-required\fP
+Enabling this flag prevents PAC or AD\-SIGNEDPATH data from
+being added to service tickets for the principal.
+.TP
+\fBok\-as\-delegate\fP
+If this flag is enabled, it hints the client that credentials
+can and should be delegated when authenticating to the
+service.
+.TP
+\fBok\-to\-auth\-as\-delegate\fP
+Enabling this flag allows the principal to use S4USelf tickets.
+.TP
+\fBpostdateable\fP
+Enabling this flag allows the principal to obtain postdateable
+tickets.
+.TP
+\fBpreauth\fP
+If this flag is enabled on a client principal, then that
+principal is required to preauthenticate to the KDC before
+receiving any tickets.  On a service principal, enabling this
+flag means that service tickets for this principal will only
+be issued to clients with a TGT that has the preauthenticated
+bit set.
+.TP
+\fBproxiable\fP
+Enabling this flag allows the principal to obtain proxy
+tickets.
+.TP
+\fBpwchange\fP
+Enabling this flag forces a password change for this
+principal.
+.TP
+\fBpwservice\fP
+If this flag is enabled, it marks this principal as a password
+change service.  This should only be used in special cases,
+for example, if a user\(aqs password has expired, then the user
+has to get tickets for that principal without going through
+the normal password authentication in order to be able to
+change the password.
+.TP
+\fBrenewable\fP
+Enabling this flag allows the principal to obtain renewable
+tickets.
+.TP
+\fBservice\fP
+Enabling this flag allows the the KDC to issue service tickets
+for this principal.  In release 1.17 and later, user\-to\-user
+service tickets are still allowed if the \fBdup\-skey\fP flag is
+set.
+.TP
+\fBtgt\-based\fP
+Enabling this flag allows a principal to obtain tickets based
+on a ticket\-granting\-ticket, rather than repeating the
+authentication process that was used to obtain the TGT.
+.UNINDENT
+.TP
+\fBdict_file\fP
+(String.)  Location of the dictionary file containing strings that
+are not allowed as passwords.  The file should contain one string
+per line, with no additional whitespace.  If none is specified or
+if there is no policy assigned to the principal, no dictionary
+checks of passwords will be performed.
+.TP
+\fBdisable_pac\fP
+(Boolean value.)  If true, the KDC will not issue PACs for this
+realm, and S4U2Self and S4U2Proxy operations will be disabled.
+The default is false, which will permit the KDC to issue PACs.
+New in release 1.20.
+.TP
+\fBencrypted_challenge_indicator\fP
+(String.)  Specifies the authentication indicator value that the KDC
+asserts into tickets obtained using FAST encrypted challenge
+pre\-authentication.  New in 1.16.
+.TP
+\fBhost_based_services\fP
+(Whitespace\- or comma\-separated list.)  Lists services which will
+get host\-based referral processing even if the server principal is
+not marked as host\-based by the client.
+.TP
+\fBiprop_enable\fP
+(Boolean value.)  Specifies whether incremental database
+propagation is enabled.  The default value is false.
+.TP
+\fBiprop_ulogsize\fP
+(Integer.)  Specifies the maximum number of log entries to be
+retained for incremental propagation.  The default value is 1000.
+Prior to release 1.11, the maximum value was 2500.  New in release
+1.19.
+.TP
+\fBiprop_master_ulogsize\fP
+The name for \fBiprop_ulogsize\fP prior to release 1.19.  Its value is
+used as a fallback if \fBiprop_ulogsize\fP is not specified.
+.TP
+\fBiprop_replica_poll\fP
+(Delta time string.)  Specifies how often the replica KDC polls
+for new updates from the primary.  The default value is \fB2m\fP
+(that is, two minutes).  New in release 1.17.
+.TP
+\fBiprop_slave_poll\fP
+(Delta time string.)  The name for \fBiprop_replica_poll\fP prior to
+release 1.17.  Its value is used as a fallback if
+\fBiprop_replica_poll\fP is not specified.
+.TP
+\fBiprop_listen\fP
+(Whitespace\- or comma\-separated list.)  Specifies the iprop RPC
+listening addresses and/or ports for the kadmind(8) daemon.
+Each entry may be an interface address, a port number, or an
+address and port number separated by a colon.  If the address
+contains colons, enclose it in square brackets.  If no address is
+specified, the wildcard address is used.  If kadmind fails to bind
+to any of the specified addresses, it will fail to start.  The
+default (when \fBiprop_enable\fP is true) is to bind to the wildcard
+address at the port specified in \fBiprop_port\fP\&.  New in release
+1.15.
+.TP
+\fBiprop_port\fP
+(Port number.)  Specifies the port number to be used for
+incremental propagation.  When \fBiprop_enable\fP is true, this
+relation is required in the replica KDC configuration file, and
+this relation or \fBiprop_listen\fP is required in the primary
+configuration file, as there is no default port number.  Port
+numbers specified in \fBiprop_listen\fP entries will override this
+port number for the kadmind(8) daemon.
+.TP
+\fBiprop_resync_timeout\fP
+(Delta time string.)  Specifies the amount of time to wait for a
+full propagation to complete.  This is optional in configuration
+files, and is used by replica KDCs only.  The default value is 5
+minutes (\fB5m\fP).  New in release 1.11.
+.TP
+\fBiprop_logfile\fP
+(File name.)  Specifies where the update log file for the realm
+database is to be stored.  The default is to use the
+\fBdatabase_name\fP entry from the realms section of the krb5 config
+file, with \fB\&.ulog\fP appended.  (NOTE: If \fBdatabase_name\fP isn\(aqt
+specified in the realms section, perhaps because the LDAP database
+back end is being used, or the file name is specified in the
+[dbmodules] section, then the hard\-coded default for
+\fBdatabase_name\fP is used.  Determination of the \fBiprop_logfile\fP
+default value will not use values from the [dbmodules] section.)
+.TP
+\fBkadmind_listen\fP
+(Whitespace\- or comma\-separated list.)  Specifies the kadmin RPC
+listening addresses and/or ports for the kadmind(8) daemon.
+Each entry may be an interface address, a port number, or an
+address and port number separated by a colon.  If the address
+contains colons, enclose it in square brackets.  If no address is
+specified, the wildcard address is used.  If kadmind fails to bind
+to any of the specified addresses, it will fail to start.  The
+default is to bind to the wildcard address at the port specified
+in \fBkadmind_port\fP, or the standard kadmin port (749).  New in
+release 1.15.
+.TP
+\fBkadmind_port\fP
+(Port number.)  Specifies the port on which the kadmind(8)
+daemon is to listen for this realm.  Port numbers specified in
+\fBkadmind_listen\fP entries will override this port number.  The
+assigned port for kadmind is 749, which is used by default.
+.TP
+\fBkey_stash_file\fP
+(String.)  Specifies the location where the master key has been
+stored (via kdb5_util stash).  The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/.k5.REALM\fP, where \fIREALM\fP is the Kerberos realm.
+.TP
+\fBkdc_listen\fP
+(Whitespace\- or comma\-separated list.)  Specifies the UDP
+listening addresses and/or ports for the krb5kdc(8) daemon.
+Each entry may be an interface address, a port number, or an
+address and port number separated by a colon.  If the address
+contains colons, enclose it in square brackets.  If no address is
+specified, the wildcard address is used.  If no port is specified,
+the standard port (88) is used.  If the KDC daemon fails to bind
+to any of the specified addresses, it will fail to start.  The
+default is to bind to the wildcard address on the standard port.
+New in release 1.15.
+.TP
+\fBkdc_ports\fP
+(Whitespace\- or comma\-separated list, deprecated.)  Prior to
+release 1.15, this relation lists the ports for the
+krb5kdc(8) daemon to listen on for UDP requests.  In
+release 1.15 and later, it has the same meaning as \fBkdc_listen\fP
+if that relation is not defined.
+.TP
+\fBkdc_tcp_listen\fP
+(Whitespace\- or comma\-separated list.)  Specifies the TCP
+listening addresses and/or ports for the krb5kdc(8) daemon.
+Each entry may be an interface address, a port number, or an
+address and port number separated by a colon.  If the address
+contains colons, enclose it in square brackets.  If no address is
+specified, the wildcard address is used.  If no port is specified,
+the standard port (88) is used.  To disable listening on TCP, set
+this relation to the empty string with \fBkdc_tcp_listen = ""\fP\&.
+If the KDC daemon fails to bind to any of the specified addresses,
+it will fail to start.  The default is to bind to the wildcard
+address on the standard port.  New in release 1.15.
+.TP
+\fBkdc_tcp_ports\fP
+(Whitespace\- or comma\-separated list, deprecated.)  Prior to
+release 1.15, this relation lists the ports for the
+krb5kdc(8) daemon to listen on for UDP requests.  In
+release 1.15 and later, it has the same meaning as
+\fBkdc_tcp_listen\fP if that relation is not defined.
+.TP
+\fBkpasswd_listen\fP
+(Comma\-separated list.)  Specifies the kpasswd listening addresses
+and/or ports for the kadmind(8) daemon.  Each entry may be
+an interface address, a port number, or an address and port number
+separated by a colon.  If the address contains colons, enclose it
+in square brackets.  If no address is specified, the wildcard
+address is used.  If kadmind fails to bind to any of the specified
+addresses, it will fail to start.  The default is to bind to the
+wildcard address at the port specified in \fBkpasswd_port\fP, or the
+standard kpasswd port (464).  New in release 1.15.
+.TP
+\fBkpasswd_port\fP
+(Port number.)  Specifies the port on which the kadmind(8)
+daemon is to listen for password change requests for this realm.
+Port numbers specified in \fBkpasswd_listen\fP entries will override
+this port number.  The assigned port for password change requests
+is 464, which is used by default.
+.TP
+\fBmaster_key_name\fP
+(String.)  Specifies the name of the principal associated with the
+master key.  The default is \fBK/M\fP\&.
+.TP
+\fBmaster_key_type\fP
+(Key type string.)  Specifies the master key\(aqs key type.  The
+default value for this is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.  For a list of all possible
+values, see \fI\%Encryption types\fP\&.
+.TP
+\fBmax_life\fP
+(duration string.)  Specifies the maximum time period for
+which a ticket may be valid in this realm.  The default value is
+24 hours.
+.TP
+\fBmax_renewable_life\fP
+(duration string.)  Specifies the maximum time period
+during which a valid ticket may be renewed in this realm.
+The default value is 0.
+.TP
+\fBno_host_referral\fP
+(Whitespace\- or comma\-separated list.)  Lists services to block
+from getting host\-based referral processing, even if the client
+marks the server principal as host\-based or the service is also
+listed in \fBhost_based_services\fP\&.  \fBno_host_referral = *\fP will
+disable referral processing altogether.
+.TP
+\fBreject_bad_transit\fP
+(Boolean value.)  If set to true, the KDC will check the list of
+transited realms for cross\-realm tickets against the transit path
+computed from the realm names and the capaths section of its
+krb5.conf(5) file; if the path in the ticket to be issued
+contains any realms not in the computed path, the ticket will not
+be issued, and an error will be returned to the client instead.
+If this value is set to false, such tickets will be issued
+anyways, and it will be left up to the application server to
+validate the realm transit path.
+.sp
+If the disable\-transited\-check flag is set in the incoming
+request, this check is not performed at all.  Having the
+\fBreject_bad_transit\fP option will cause such ticket requests to
+be rejected always.
+.sp
+This transit path checking and config file option currently apply
+only to TGS requests.
+.sp
+The default value is true.
+.TP
+\fBrestrict_anonymous_to_tgt\fP
+(Boolean value.)  If set to true, the KDC will reject ticket
+requests from anonymous principals to service principals other
+than the realm\(aqs ticket\-granting service.  This option allows
+anonymous PKINIT to be enabled for use as FAST armor tickets
+without allowing anonymous authentication to services.  The
+default value is false.  New in release 1.9.
+.TP
+\fBspake_preauth_indicator\fP
+(String.)  Specifies an authentication indicator value that the
+KDC asserts into tickets obtained using SPAKE pre\-authentication.
+The default is not to add any indicators.  This option may be
+specified multiple times.  New in release 1.17.
+.TP
+\fBsupported_enctypes\fP
+(List of \fIkey\fP:\fIsalt\fP strings.)  Specifies the default key/salt
+combinations of principals for this realm.  Any principals created
+through kadmin(1) will have keys of these types.  The
+default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal\fP\&.  For lists of
+possible values, see \fI\%Keysalt lists\fP\&.
+.UNINDENT
+.SS [dbdefaults]
+.sp
+The [dbdefaults] section specifies default values for some database
+parameters, to be used if the [dbmodules] subsection does not contain
+a relation for the tag.  See the \fI\%[dbmodules]\fP section for the
+definitions of these relations.
+.INDENT 0.0
+.IP \(bu 2
+\fBldap_kerberos_container_dn\fP
+.IP \(bu 2
+\fBldap_kdc_dn\fP
+.IP \(bu 2
+\fBldap_kdc_sasl_authcid\fP
+.IP \(bu 2
+\fBldap_kdc_sasl_authzid\fP
+.IP \(bu 2
+\fBldap_kdc_sasl_mech\fP
+.IP \(bu 2
+\fBldap_kdc_sasl_realm\fP
+.IP \(bu 2
+\fBldap_kadmind_dn\fP
+.IP \(bu 2
+\fBldap_kadmind_sasl_authcid\fP
+.IP \(bu 2
+\fBldap_kadmind_sasl_authzid\fP
+.IP \(bu 2
+\fBldap_kadmind_sasl_mech\fP
+.IP \(bu 2
+\fBldap_kadmind_sasl_realm\fP
+.IP \(bu 2
+\fBldap_service_password_file\fP
+.IP \(bu 2
+\fBldap_conns_per_server\fP
+.UNINDENT
+.SS [dbmodules]
+.sp
+The [dbmodules] section contains parameters used by the KDC database
+library and database modules.  Each tag in the [dbmodules] section is
+the name of a Kerberos realm or a section name specified by a realm\(aqs
+\fBdatabase_module\fP parameter.  The following example shows how to
+define one database parameter for the ATHENA.MIT.EDU realm:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[dbmodules]
+    ATHENA.MIT.EDU = {
+        disable_last_success = true
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The following tags may be specified in a [dbmodules] subsection:
+.INDENT 0.0
+.TP
+\fBdatabase_name\fP
+This DB2\-specific tag indicates the location of the database in
+the filesystem.  The default is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/principal\fP\&.
+.TP
+\fBdb_library\fP
+This tag indicates the name of the loadable database module.  The
+value should be \fBdb2\fP for the DB2 module, \fBklmdb\fP for the LMDB
+module, or \fBkldap\fP for the LDAP module.
+.TP
+\fBdisable_last_success\fP
+If set to \fBtrue\fP, suppresses KDC updates to the "Last successful
+authentication" field of principal entries requiring
+preauthentication.  Setting this flag may improve performance.
+(Principal entries which do not require preauthentication never
+update the "Last successful authentication" field.).  First
+introduced in release 1.9.
+.TP
+\fBdisable_lockout\fP
+If set to \fBtrue\fP, suppresses KDC updates to the "Last failed
+authentication" and "Failed password attempts" fields of principal
+entries requiring preauthentication.  Setting this flag may
+improve performance, but also disables account lockout.  First
+introduced in release 1.9.
+.TP
+\fBldap_conns_per_server\fP
+This LDAP\-specific tag indicates the number of connections to be
+maintained per LDAP server.
+.TP
+\fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP
+These LDAP\-specific tags indicate the default DN for binding to
+the LDAP server.  The krb5kdc(8) daemon uses
+\fBldap_kdc_dn\fP, while the kadmind(8) daemon and other
+administrative programs use \fBldap_kadmind_dn\fP\&.  The kadmind DN
+must have the rights to read and write the Kerberos data in the
+LDAP database.  The KDC DN must have the same rights, unless
+\fBdisable_lockout\fP and \fBdisable_last_success\fP are true, in
+which case it only needs to have rights to read the Kerberos data.
+These tags are ignored if a SASL mechanism is set with
+\fBldap_kdc_sasl_mech\fP or \fBldap_kadmind_sasl_mech\fP\&.
+.TP
+\fBldap_kdc_sasl_mech\fP and \fBldap_kadmind_sasl_mech\fP
+These LDAP\-specific tags specify the SASL mechanism (such as
+\fBEXTERNAL\fP) to use when binding to the LDAP server.  New in
+release 1.13.
+.TP
+\fBldap_kdc_sasl_authcid\fP and \fBldap_kadmind_sasl_authcid\fP
+These LDAP\-specific tags specify the SASL authentication identity
+to use when binding to the LDAP server.  Not all SASL mechanisms
+require an authentication identity.  If the SASL mechanism
+requires a secret (such as the password for \fBDIGEST\-MD5\fP), these
+tags also determine the name within the
+\fBldap_service_password_file\fP where the secret is stashed.  New
+in release 1.13.
+.TP
+\fBldap_kdc_sasl_authzid\fP and \fBldap_kadmind_sasl_authzid\fP
+These LDAP\-specific tags specify the SASL authorization identity
+to use when binding to the LDAP server.  In most circumstances
+they do not need to be specified.  New in release 1.13.
+.TP
+\fBldap_kdc_sasl_realm\fP and \fBldap_kadmind_sasl_realm\fP
+These LDAP\-specific tags specify the SASL realm to use when
+binding to the LDAP server.  In most circumstances they do not
+need to be set.  New in release 1.13.
+.TP
+\fBldap_kerberos_container_dn\fP
+This LDAP\-specific tag indicates the DN of the container object
+where the realm objects will be located.
+.TP
+\fBldap_servers\fP
+This LDAP\-specific tag indicates the list of LDAP servers that the
+Kerberos servers can connect to.  The list of LDAP servers is
+whitespace\-separated.  The LDAP server is specified by a LDAP URI.
+It is recommended to use \fBldapi:\fP or \fBldaps:\fP URLs to connect
+to the LDAP server.
+.TP
+\fBldap_service_password_file\fP
+This LDAP\-specific tag indicates the file containing the stashed
+passwords (created by \fBkdb5_ldap_util stashsrvpw\fP) for the
+\fBldap_kdc_dn\fP and \fBldap_kadmind_dn\fP objects, or for the
+\fBldap_kdc_sasl_authcid\fP or \fBldap_kadmind_sasl_authcid\fP names
+for SASL authentication.  This file must be kept secure.
+.TP
+\fBmapsize\fP
+This LMDB\-specific tag indicates the maximum size of the two
+database environments in megabytes.  The default value is 128.
+Increase this value to address "Environment mapsize limit reached"
+errors.  New in release 1.17.
+.TP
+\fBmax_readers\fP
+This LMDB\-specific tag indicates the maximum number of concurrent
+reading processes for the databases.  The default value is 128.
+New in release 1.17.
+.TP
+\fBnosync\fP
+This LMDB\-specific tag can be set to improve the throughput of
+kadmind and other administrative agents, at the expense of
+durability (recent database changes may not survive a power outage
+or other sudden reboot).  It does not affect the throughput of the
+KDC.  The default value is false.  New in release 1.17.
+.TP
+\fBunlockiter\fP
+If set to \fBtrue\fP, this DB2\-specific tag causes iteration
+operations to release the database lock while processing each
+principal.  Setting this flag to \fBtrue\fP can prevent extended
+blocking of KDC or kadmin operations when dumps of large databases
+are in progress.  First introduced in release 1.13.
+.UNINDENT
+.sp
+The following tag may be specified directly in the [dbmodules]
+section to control where database modules are loaded from:
+.INDENT 0.0
+.TP
+\fBdb_module_dir\fP
+This tag controls where the plugin system looks for database
+modules.  The value should be an absolute path.
+.UNINDENT
+.SS [logging]
+.sp
+The [logging] section indicates how krb5kdc(8) and
+kadmind(8) perform logging.  It may contain the following
+relations:
+.INDENT 0.0
+.TP
+\fBadmin_server\fP
+Specifies how kadmind(8) performs logging.
+.TP
+\fBkdc\fP
+Specifies how krb5kdc(8) performs logging.
+.TP
+\fBdefault\fP
+Specifies how either daemon performs logging in the absence of
+relations specific to the daemon.
+.TP
+\fBdebug\fP
+(Boolean value.)  Specifies whether debugging messages are
+included in log outputs other than SYSLOG.  Debugging messages are
+always included in the system log output because syslog performs
+its own priority filtering.  The default value is false.  New in
+release 1.15.
+.UNINDENT
+.sp
+Logging specifications may have the following forms:
+.INDENT 0.0
+.TP
+\fBFILE=\fP\fIfilename\fP or \fBFILE:\fP\fIfilename\fP
+This value causes the daemon\(aqs logging messages to go to the
+\fIfilename\fP\&.  If the \fB=\fP form is used, the file is overwritten.
+If the \fB:\fP form is used, the file is appended to.
+.TP
+\fBSTDERR\fP
+This value causes the daemon\(aqs logging messages to go to its
+standard error stream.
+.TP
+\fBCONSOLE\fP
+This value causes the daemon\(aqs logging messages to go to the
+console, if the system supports it.
+.TP
+\fBDEVICE=\fP\fI<devicename>\fP
+This causes the daemon\(aqs logging messages to go to the specified
+device.
+.TP
+\fBSYSLOG\fP[\fB:\fP\fIseverity\fP[\fB:\fP\fIfacility\fP]]
+This causes the daemon\(aqs logging messages to go to the system log.
+.sp
+For backward compatibility, a severity argument may be specified,
+and must be specified in order to specify a facility.  This
+argument will be ignored.
+.sp
+The facility argument specifies the facility under which the
+messages are logged.  This may be any of the following facilities
+supported by the syslog(3) call minus the LOG_ prefix: \fBKERN\fP,
+\fBUSER\fP, \fBMAIL\fP, \fBDAEMON\fP, \fBAUTH\fP, \fBLPR\fP, \fBNEWS\fP,
+\fBUUCP\fP, \fBCRON\fP, and \fBLOCAL0\fP through \fBLOCAL7\fP\&.  If no
+facility is specified, the default is \fBAUTH\fP\&.
+.UNINDENT
+.sp
+In the following example, the logging messages from the KDC will go to
+the console and to the system log under the facility LOG_DAEMON, and
+the logging messages from the administrative server will be appended
+to the file \fB/var/adm/kadmin.log\fP and sent to the device
+\fB/dev/tty04\fP\&.
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[logging]
+    kdc = CONSOLE
+    kdc = SYSLOG:INFO:DAEMON
+    admin_server = FILE:/var/adm/kadmin.log
+    admin_server = DEVICE=/dev/tty04
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+If no logging specification is given, the default is to use syslog.
+To disable logging entirely, specify \fBdefault = DEVICE=/dev/null\fP\&.
+.SS [otp]
+.sp
+Each subsection of [otp] is the name of an OTP token type.  The tags
+within the subsection define the configuration required to forward a
+One Time Password request to a RADIUS server.
+.sp
+For each token type, the following tags may be specified:
+.INDENT 0.0
+.TP
+\fBserver\fP
+This is the server to send the RADIUS request to.  It can be a
+hostname with optional port, an ip address with optional port, or
+a Unix domain socket address.  The default is
+\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/<name>.socket\fP\&.
+.TP
+\fBsecret\fP
+This tag indicates a filename (which may be relative to \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP)
+containing the secret used to encrypt the RADIUS packets.  The
+secret should appear in the first line of the file by itself;
+leading and trailing whitespace on the line will be removed.  If
+the value of \fBserver\fP is a Unix domain socket address, this tag
+is optional, and an empty secret will be used if it is not
+specified.  Otherwise, this tag is required.
+.TP
+\fBtimeout\fP
+An integer which specifies the time in seconds during which the
+KDC should attempt to contact the RADIUS server.  This tag is the
+total time across all retries and should be less than the time
+which an OTP value remains valid for.  The default is 5 seconds.
+.TP
+\fBretries\fP
+This tag specifies the number of retries to make to the RADIUS
+server.  The default is 3 retries (4 tries).
+.TP
+\fBstrip_realm\fP
+If this tag is \fBtrue\fP, the principal without the realm will be
+passed to the RADIUS server.  Otherwise, the realm will be
+included.  The default value is \fBtrue\fP\&.
+.TP
+\fBindicator\fP
+This tag specifies an authentication indicator to be included in
+the ticket if this token type is used to authenticate.  This
+option may be specified multiple times.  (New in release 1.14.)
+.UNINDENT
+.sp
+In the following example, requests are sent to a remote server via UDP:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[otp]
+    MyRemoteTokenType = {
+        server = radius.mydomain.com:1812
+        secret = SEmfiajf42$
+        timeout = 15
+        retries = 5
+        strip_realm = true
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+An implicit default token type named \fBDEFAULT\fP is defined for when
+the per\-principal configuration does not specify a token type.  Its
+configuration is shown below.  You may override this token type to
+something applicable for your situation:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[otp]
+    DEFAULT = {
+        strip_realm = false
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH PKINIT OPTIONS
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+The following are pkinit\-specific options.  These values may
+be specified in [kdcdefaults] as global defaults, or within
+a realm\-specific subsection of [realms].  Also note that a
+realm\-specific value over\-rides, does not add to, a generic
+[kdcdefaults] specification.  The search order is:
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.IP 1. 3
+realm\-specific subsection of [realms]:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[realms]
+    EXAMPLE.COM = {
+        pkinit_anchors = FILE:/usr/local/example.com.crt
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+generic value in the [kdcdefaults] section:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[kdcdefaults]
+    pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
+For information about the syntax of some of these options, see
+Specifying PKINIT identity information in
+krb5.conf(5)\&.
+.INDENT 0.0
+.TP
+\fBpkinit_anchors\fP
+Specifies the location of trusted anchor (root) certificates which
+the KDC trusts to sign client certificates.  This option is
+required if pkinit is to be supported by the KDC.  This option may
+be specified multiple times.
+.TP
+\fBpkinit_dh_min_bits\fP
+Specifies the minimum number of bits the KDC is willing to accept
+for a client\(aqs Diffie\-Hellman key.  The default is 2048.
+.TP
+\fBpkinit_allow_upn\fP
+Specifies that the KDC is willing to accept client certificates
+with the Microsoft UserPrincipalName (UPN) Subject Alternative
+Name (SAN).  This means the KDC accepts the binding of the UPN in
+the certificate to the Kerberos principal name.  The default value
+is false.
+.sp
+Without this option, the KDC will only accept certificates with
+the id\-pkinit\-san as defined in \fI\%RFC 4556\fP\&.  There is currently
+no option to disable SAN checking in the KDC.
+.TP
+\fBpkinit_eku_checking\fP
+This option specifies what Extended Key Usage (EKU) values the KDC
+is willing to accept in client certificates.  The values
+recognized in the kdc.conf file are:
+.INDENT 7.0
+.TP
+\fBkpClientAuth\fP
+This is the default value and specifies that client
+certificates must have the id\-pkinit\-KPClientAuth EKU as
+defined in \fI\%RFC 4556\fP\&.
+.TP
+\fBscLogin\fP
+If scLogin is specified, client certificates with the
+Microsoft Smart Card Login EKU (id\-ms\-kp\-sc\-logon) will be
+accepted.
+.TP
+\fBnone\fP
+If none is specified, then client certificates will not be
+checked to verify they have an acceptable EKU.  The use of
+this option is not recommended.
+.UNINDENT
+.TP
+\fBpkinit_identity\fP
+Specifies the location of the KDC\(aqs X.509 identity information.
+This option is required if pkinit is to be supported by the KDC.
+.TP
+\fBpkinit_indicator\fP
+Specifies an authentication indicator to include in the ticket if
+pkinit is used to authenticate.  This option may be specified
+multiple times.  (New in release 1.14.)
+.TP
+\fBpkinit_pool\fP
+Specifies the location of intermediate certificates which may be
+used by the KDC to complete the trust chain between a client\(aqs
+certificate and a trusted anchor.  This option may be specified
+multiple times.
+.TP
+\fBpkinit_revoke\fP
+Specifies the location of Certificate Revocation List (CRL)
+information to be used by the KDC when verifying the validity of
+client certificates.  This option may be specified multiple times.
+.TP
+\fBpkinit_require_crl_checking\fP
+The default certificate verification process will always check the
+available revocation information to see if a certificate has been
+revoked.  If a match is found for the certificate in a CRL,
+verification fails.  If the certificate being verified is not
+listed in a CRL, or there is no CRL present for its issuing CA,
+and \fBpkinit_require_crl_checking\fP is false, then verification
+succeeds.
+.sp
+However, if \fBpkinit_require_crl_checking\fP is true and there is
+no CRL information available for the issuing CA, then verification
+fails.
+.sp
+\fBpkinit_require_crl_checking\fP should be set to true if the
+policy is such that up\-to\-date CRLs must be present for every CA.
+.TP
+\fBpkinit_require_freshness\fP
+Specifies whether to require clients to include a freshness token
+in PKINIT requests.  The default value is false.  (New in release
+1.17.)
+.UNINDENT
+.SH ENCRYPTION TYPES
+.sp
+Any tag in the configuration files which requires a list of encryption
+types can be set to some combination of the following strings.
+Encryption types marked as "weak" and "deprecated" are available for
+compatibility but not recommended for use.
+.TS
+center;
+|l|l|.
+_
+T{
+des3\-cbc\-raw
+T}	T{
+Triple DES cbc mode raw (weak)
+T}
+_
+T{
+des3\-cbc\-sha1 des3\-hmac\-sha1 des3\-cbc\-sha1\-kd
+T}	T{
+Triple DES cbc mode with HMAC/sha1 (deprecated)
+T}
+_
+T{
+aes256\-cts\-hmac\-sha1\-96 aes256\-cts aes256\-sha1
+T}	T{
+AES\-256 CTS mode with 96\-bit SHA\-1 HMAC
+T}
+_
+T{
+aes128\-cts\-hmac\-sha1\-96 aes128\-cts aes128\-sha1
+T}	T{
+AES\-128 CTS mode with 96\-bit SHA\-1 HMAC
+T}
+_
+T{
+aes256\-cts\-hmac\-sha384\-192 aes256\-sha2
+T}	T{
+AES\-256 CTS mode with 192\-bit SHA\-384 HMAC
+T}
+_
+T{
+aes128\-cts\-hmac\-sha256\-128 aes128\-sha2
+T}	T{
+AES\-128 CTS mode with 128\-bit SHA\-256 HMAC
+T}
+_
+T{
+arcfour\-hmac rc4\-hmac arcfour\-hmac\-md5
+T}	T{
+RC4 with HMAC/MD5 (deprecated)
+T}
+_
+T{
+arcfour\-hmac\-exp rc4\-hmac\-exp arcfour\-hmac\-md5\-exp
+T}	T{
+Exportable RC4 with HMAC/MD5 (weak)
+T}
+_
+T{
+camellia256\-cts\-cmac camellia256\-cts
+T}	T{
+Camellia\-256 CTS mode with CMAC
+T}
+_
+T{
+camellia128\-cts\-cmac camellia128\-cts
+T}	T{
+Camellia\-128 CTS mode with CMAC
+T}
+_
+T{
+des3
+T}	T{
+The triple DES family: des3\-cbc\-sha1
+T}
+_
+T{
+aes
+T}	T{
+The AES family: aes256\-cts\-hmac\-sha1\-96, aes128\-cts\-hmac\-sha1\-96, aes256\-cts\-hmac\-sha384\-192, and aes128\-cts\-hmac\-sha256\-128
+T}
+_
+T{
+rc4
+T}	T{
+The RC4 family: arcfour\-hmac
+T}
+_
+T{
+camellia
+T}	T{
+The Camellia family: camellia256\-cts\-cmac and camellia128\-cts\-cmac
+T}
+_
+.TE
+.sp
+The string \fBDEFAULT\fP can be used to refer to the default set of
+types for the variable in question.  Types or families can be removed
+from the current list by prefixing them with a minus sign ("\-").
+Types or families can be prefixed with a plus sign ("+") for symmetry;
+it has the same meaning as just listing the type or family.  For
+example, "\fBDEFAULT \-rc4\fP" would be the default set of encryption
+types with RC4 types removed, and "\fBdes3 DEFAULT\fP" would be the
+default set of encryption types with triple DES types moved to the
+front.
+.sp
+While \fBaes128\-cts\fP and \fBaes256\-cts\fP are supported for all Kerberos
+operations, they are not supported by very old versions of our GSSAPI
+implementation (krb5\-1.3.1 and earlier).  Services running versions of
+krb5 without AES support must not be given keys of these encryption
+types in the KDC database.
+.sp
+The \fBaes128\-sha2\fP and \fBaes256\-sha2\fP encryption types are new in
+release 1.15.  Services running versions of krb5 without support for
+these newer encryption types must not be given keys of these
+encryption types in the KDC database.
+.SH KEYSALT LISTS
+.sp
+Kerberos keys for users are usually derived from passwords.  Kerberos
+commands and configuration parameters that affect generation of keys
+take lists of enctype\-salttype ("keysalt") pairs, known as \fIkeysalt
+lists\fP\&.  Each keysalt pair is an enctype name followed by a salttype
+name, in the format \fIenc\fP:\fIsalt\fP\&.  Individual keysalt list members are
+separated by comma (",") characters or space characters.  For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kadmin \-e aes256\-cts:normal,aes128\-cts:normal
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+would start up kadmin so that by default it would generate
+password\-derived keys for the \fBaes256\-cts\fP and \fBaes128\-cts\fP
+encryption types, using a \fBnormal\fP salt.
+.sp
+To ensure that people who happen to pick the same password do not have
+the same key, Kerberos 5 incorporates more information into the key
+using something called a salt.  The supported salt types are as
+follows:
+.TS
+center;
+|l|l|.
+_
+T{
+normal
+T}	T{
+default for Kerberos Version 5
+T}
+_
+T{
+norealm
+T}	T{
+same as the default, without using realm information
+T}
+_
+T{
+onlyrealm
+T}	T{
+uses only realm information as the salt
+T}
+_
+T{
+special
+T}	T{
+generate a random salt
+T}
+_
+.TE
+.SH SAMPLE KDC.CONF FILE
+.sp
+Here\(aqs an example of a kdc.conf file:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[kdcdefaults]
+    kdc_listen = 88
+    kdc_tcp_listen = 88
+[realms]
+    ATHENA.MIT.EDU = {
+        kadmind_port = 749
+        max_life = 12h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = aes256\-cts\-hmac\-sha1\-96
+        supported_enctypes = aes256\-cts\-hmac\-sha1\-96:normal aes128\-cts\-hmac\-sha1\-96:normal
+        database_module = openldap_ldapconf
+    }
+
+[logging]
+    kdc = FILE:/usr/local/var/krb5kdc/kdc.log
+    admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log
+
+[dbdefaults]
+    ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
+
+[dbmodules]
+    openldap_ldapconf = {
+        db_library = kldap
+        disable_last_success = true
+        ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu"
+            # this object needs to have read rights on
+            # the realm container and principal subtrees
+        ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu"
+            # this object needs to have read and write rights on
+            # the realm container and principal subtrees
+        ldap_service_password_file = /etc/kerberos/service.keyfile
+        ldap_servers = ldaps://kerberos.mit.edu
+        ldap_conns_per_server = 5
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH FILES
+.sp
+\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP
+.SH SEE ALSO
+.sp
+krb5.conf(5), krb5kdc(8), kadm5.acl(5)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kdestroy.man b/krb5-1.21.3/src/man/kdestroy.man
new file mode 100644
index 00000000..c17b254e
--- /dev/null
+++ b/krb5-1.21.3/src/man/kdestroy.man
@@ -0,0 +1,95 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KDESTROY" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kdestroy \- destroy Kerberos tickets
+.SH SYNOPSIS
+.sp
+\fBkdestroy\fP
+[\fB\-A\fP]
+[\fB\-q\fP]
+[\fB\-c\fP \fIcache_name\fP]
+[\fB\-p\fP \fIprinc_name\fP]
+.SH DESCRIPTION
+.sp
+The kdestroy utility destroys the user\(aqs active Kerberos authorization
+tickets by overwriting and deleting the credentials cache that
+contains them.  If the credentials cache is not specified, the default
+credentials cache is destroyed.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-A\fP
+Destroys all caches in the collection, if a cache collection is
+available.  May be used with the \fB\-c\fP option to specify the
+collection to be destroyed.
+.TP
+\fB\-q\fP
+Run quietly.  Normally kdestroy beeps if it fails to destroy the
+user\(aqs tickets.  The \fB\-q\fP flag suppresses this behavior.
+.TP
+\fB\-c\fP \fIcache_name\fP
+Use \fIcache_name\fP as the credentials (ticket) cache name and
+location; if this option is not used, the default cache name and
+location are used.
+.sp
+The default credentials cache may vary between systems.  If the
+\fBKRB5CCNAME\fP environment variable is set, its value is used to
+name the default ticket cache.
+.TP
+\fB\-p\fP \fIprinc_name\fP
+If a cache collection is available, destroy the cache for
+\fIprinc_name\fP instead of the primary cache.  May be used with the
+\fB\-c\fP option to specify the collection to be searched.
+.UNINDENT
+.SH NOTE
+.sp
+Most installations recommend that you place the kdestroy command in
+your .logout file, so that your tickets are destroyed automatically
+when you log out.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH FILES
+.INDENT 0.0
+.TP
+.B \fB@CCNAME@\fP
+Default location of Kerberos 5 credentials cache
+.UNINDENT
+.SH SEE ALSO
+.sp
+kinit(1), klist(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kerberos.man b/krb5-1.21.3/src/man/kerberos.man
new file mode 100644
index 00000000..ec1d84dd
--- /dev/null
+++ b/krb5-1.21.3/src/man/kerberos.man
@@ -0,0 +1,217 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KERBEROS" "7" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kerberos \- Overview of using Kerberos
+.SH DESCRIPTION
+.sp
+The Kerberos system authenticates individual users in a network
+environment.  After authenticating yourself to Kerberos, you can use
+Kerberos\-enabled programs without having to present passwords or
+certificates to those programs.
+.sp
+If you receive the following response from kinit(1):
+.sp
+kinit: Client not found in Kerberos database while getting initial
+credentials
+.sp
+you haven\(aqt been registered as a Kerberos user.  See your system
+administrator.
+.sp
+A Kerberos name usually contains three parts.  The first is the
+\fBprimary\fP, which is usually a user\(aqs or service\(aqs name.  The second
+is the \fBinstance\fP, which in the case of a user is usually null.
+Some users may have privileged instances, however, such as \fBroot\fP or
+\fBadmin\fP\&.  In the case of a service, the instance is the fully
+qualified name of the machine on which it runs; i.e. there can be an
+ssh service running on the machine ABC (\fI\%ssh/ABC@REALM\fP), which is
+different from the ssh service running on the machine XYZ
+(\fI\%ssh/XYZ@REALM\fP).  The third part of a Kerberos name is the \fBrealm\fP\&.
+The realm corresponds to the Kerberos service providing authentication
+for the principal.  Realms are conventionally all\-uppercase, and often
+match the end of hostnames in the realm (for instance, host01.example.com
+might be in realm EXAMPLE.COM).
+.sp
+When writing a Kerberos name, the principal name is separated from the
+instance (if not null) by a slash, and the realm (if not the local
+realm) follows, preceded by an "@" sign.  The following are examples
+of valid Kerberos names:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+david
+jennifer/admin
+joeuser@BLEEP.COM
+cbrown/root@FUBAR.ORG
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+When you authenticate yourself with Kerberos you get an initial
+Kerberos \fBticket\fP\&.  (A Kerberos ticket is an encrypted protocol
+message that provides authentication.)  Kerberos uses this ticket for
+network utilities such as ssh.  The ticket transactions are done
+transparently, so you don\(aqt have to worry about their management.
+.sp
+Note, however, that tickets expire.  Administrators may configure more
+privileged tickets, such as those with service or instance of \fBroot\fP
+or \fBadmin\fP, to expire in a few minutes, while tickets that carry
+more ordinary privileges may be good for several hours or a day.  If
+your login session extends beyond the time limit, you will have to
+re\-authenticate yourself to Kerberos to get new tickets using the
+kinit(1) command.
+.sp
+Some tickets are \fBrenewable\fP beyond their initial lifetime.  This
+means that \fBkinit \-R\fP can extend their lifetime without requiring
+you to re\-authenticate.
+.sp
+If you wish to delete your local tickets, use the kdestroy(1)
+command.
+.sp
+Kerberos tickets can be forwarded.  In order to forward tickets, you
+must request \fBforwardable\fP tickets when you kinit.  Once you have
+forwardable tickets, most Kerberos programs have a command line option
+to forward them to the remote host.  This can be useful for, e.g.,
+running kinit on your local machine and then sshing into another to do
+work.  Note that this should not be done on untrusted machines since
+they will then have your tickets.
+.SH ENVIRONMENT VARIABLES
+.sp
+Several environment variables affect the operation of Kerberos\-enabled
+programs.  These include:
+.INDENT 0.0
+.TP
+\fBKRB5CCNAME\fP
+Default name for the credentials cache file, in the form
+\fITYPE\fP:\fIresidual\fP\&.  The type of the default cache may determine
+the availability of a cache collection.  \fBFILE\fP is not a
+collection type; \fBKEYRING\fP, \fBDIR\fP, and \fBKCM\fP are.
+.sp
+If not set, the value of \fBdefault_ccache_name\fP from
+configuration files (see \fBKRB5_CONFIG\fP) will be used.  If that
+is also not set, the default \fItype\fP is \fBFILE\fP, and the
+\fIresidual\fP is the path /tmp/krb5cc_*uid*, where \fIuid\fP is the
+decimal user ID of the user.
+.TP
+\fBKRB5_KTNAME\fP
+Specifies the location of the default keytab file, in the form
+\fITYPE\fP:\fIresidual\fP\&.  If no \fItype\fP is present, the \fBFILE\fP type is
+assumed and \fIresidual\fP is the pathname of the keytab file.  If
+unset, \fB@KTNAME@\fP will be used.
+.TP
+\fBKRB5_CONFIG\fP
+Specifies the location of the Kerberos configuration file.  The
+default is \fB@SYSCONFDIR@\fP\fB/krb5.conf\fP\&.  Multiple filenames can
+be specified, separated by a colon; all files which are present
+will be read.
+.TP
+\fBKRB5_KDC_PROFILE\fP
+Specifies the location of the KDC configuration file, which
+contains additional configuration directives for the Key
+Distribution Center daemon and associated programs.  The default
+is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kdc.conf\fP\&.
+.TP
+\fBKRB5RCACHENAME\fP
+(New in release 1.18) Specifies the location of the default replay
+cache, in the form \fItype\fP:\fIresidual\fP\&.  The \fBfile2\fP type with a
+pathname residual specifies a replay cache file in the version\-2
+format in the specified location.  The \fBnone\fP type (residual is
+ignored) disables the replay cache.  The \fBdfl\fP type (residual is
+ignored) indicates the default, which uses a file2 replay cache in
+a temporary directory.  The default is \fBdfl:\fP\&.
+.TP
+\fBKRB5RCACHETYPE\fP
+Specifies the type of the default replay cache, if
+\fBKRB5RCACHENAME\fP is unspecified.  No residual can be specified,
+so \fBnone\fP and \fBdfl\fP are the only useful types.
+.TP
+\fBKRB5RCACHEDIR\fP
+Specifies the directory used by the \fBdfl\fP replay cache type.
+The default is the value of the \fBTMPDIR\fP environment variable,
+or \fB/var/tmp\fP if \fBTMPDIR\fP is not set.
+.TP
+\fBKRB5_TRACE\fP
+Specifies a filename to write trace log output to.  Trace logs can
+help illuminate decisions made internally by the Kerberos
+libraries.  For example, \fBenv KRB5_TRACE=/dev/stderr kinit\fP
+would send tracing information for kinit(1) to
+\fB/dev/stderr\fP\&.  The default is not to write trace log output
+anywhere.
+.TP
+\fBKRB5_CLIENT_KTNAME\fP
+Default client keytab file name.  If unset, \fB@CKTNAME@\fP will be
+used).
+.TP
+\fBKPROP_PORT\fP
+kprop(8) port to use.  Defaults to 754.
+.TP
+\fBGSS_MECH_CONFIG\fP
+Specifies a filename containing GSSAPI mechanism module
+configuration.  The default is to read \fB@SYSCONFDIR@\fP\fB/gss/mech\fP
+and files with a \fB\&.conf\fP suffix within the directory
+\fB@SYSCONFDIR@\fP\fB/gss/mech.d\fP\&.
+.UNINDENT
+.sp
+Most environment variables are disabled for certain programs, such as
+login system programs and setuid programs, which are designed to be
+secure when run within an untrusted process environment.
+.SH SEE ALSO
+.sp
+kdestroy(1), kinit(1), klist(1),
+kswitch(1), kpasswd(1), ksu(1),
+krb5.conf(5), kdc.conf(5), kadmin(1),
+kadmind(8), kdb5_util(8), krb5kdc(8)
+.SH BUGS
+.SH AUTHORS
+.nf
+Steve Miller, MIT Project Athena/Digital Equipment Corporation
+Clifford Neuman, MIT Project Athena
+Greg Hudson, MIT Kerberos Consortium
+Robbie Harwood, Red Hat, Inc.
+.fi
+.sp
+.SH HISTORY
+.sp
+The MIT Kerberos 5 implementation was developed at MIT, with
+contributions from many outside parties.  It is currently maintained
+by the MIT Kerberos Consortium.
+.SH RESTRICTIONS
+.sp
+Copyright 1985, 1986, 1989\-1996, 2002, 2011, 2018 Masachusetts
+Institute of Technology
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kinit.man b/krb5-1.21.3/src/man/kinit.man
new file mode 100644
index 00000000..32f57c42
--- /dev/null
+++ b/krb5-1.21.3/src/man/kinit.man
@@ -0,0 +1,259 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KINIT" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kinit \- obtain and cache Kerberos ticket-granting ticket
+.SH SYNOPSIS
+.sp
+\fBkinit\fP
+[\fB\-V\fP]
+[\fB\-l\fP \fIlifetime\fP]
+[\fB\-s\fP \fIstart_time\fP]
+[\fB\-r\fP \fIrenewable_life\fP]
+[\fB\-p\fP | \-\fBP\fP]
+[\fB\-f\fP | \-\fBF\fP]
+[\fB\-a\fP]
+[\fB\-A\fP]
+[\fB\-C\fP]
+[\fB\-E\fP]
+[\fB\-v\fP]
+[\fB\-R\fP]
+[\fB\-k\fP [\fB\-i\fP | \-\fBt\fP \fIkeytab_file\fP]]
+[\fB\-c\fP \fIcache_name\fP]
+[\fB\-n\fP]
+[\fB\-S\fP \fIservice_name\fP]
+[\fB\-I\fP \fIinput_ccache\fP]
+[\fB\-T\fP \fIarmor_ccache\fP]
+[\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]]
+[\fB\-\-request\-pac\fP | \fB\-\-no\-request\-pac\fP]
+[\fIprincipal\fP]
+.SH DESCRIPTION
+.sp
+kinit obtains and caches an initial ticket\-granting ticket for
+\fIprincipal\fP\&.  If \fIprincipal\fP is absent, kinit chooses an appropriate
+principal name based on existing credential cache contents or the
+local username of the user invoking kinit.  Some options modify the
+choice of principal name.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-V\fP
+display verbose output.
+.TP
+\fB\-l\fP \fIlifetime\fP
+(duration string.)  Requests a ticket with the lifetime
+\fIlifetime\fP\&.
+.sp
+For example, \fBkinit \-l 5:30\fP or \fBkinit \-l 5h30m\fP\&.
+.sp
+If the \fB\-l\fP option is not specified, the default ticket lifetime
+(configured by each site) is used.  Specifying a ticket lifetime
+longer than the maximum ticket lifetime (configured by each site)
+will not override the configured maximum ticket lifetime.
+.TP
+\fB\-s\fP \fIstart_time\fP
+(duration string.)  Requests a postdated ticket.  Postdated
+tickets are issued with the \fBinvalid\fP flag set, and need to be
+resubmitted to the KDC for validation before use.
+.sp
+\fIstart_time\fP specifies the duration of the delay before the ticket
+can become valid.
+.TP
+\fB\-r\fP \fIrenewable_life\fP
+(duration string.)  Requests renewable tickets, with a total
+lifetime of \fIrenewable_life\fP\&.
+.TP
+\fB\-f\fP
+requests forwardable tickets.
+.TP
+\fB\-F\fP
+requests non\-forwardable tickets.
+.TP
+\fB\-p\fP
+requests proxiable tickets.
+.TP
+\fB\-P\fP
+requests non\-proxiable tickets.
+.TP
+\fB\-a\fP
+requests tickets restricted to the host\(aqs local address[es].
+.TP
+\fB\-A\fP
+requests tickets not restricted by address.
+.TP
+\fB\-C\fP
+requests canonicalization of the principal name, and allows the
+KDC to reply with a different client principal from the one
+requested.
+.TP
+\fB\-E\fP
+treats the principal name as an enterprise name.
+.TP
+\fB\-v\fP
+requests that the ticket\-granting ticket in the cache (with the
+\fBinvalid\fP flag set) be passed to the KDC for validation.  If the
+ticket is within its requested time range, the cache is replaced
+with the validated ticket.
+.TP
+\fB\-R\fP
+requests renewal of the ticket\-granting ticket.  Note that an
+expired ticket cannot be renewed, even if the ticket is still
+within its renewable life.
+.sp
+Note that renewable tickets that have expired as reported by
+klist(1) may sometimes be renewed using this option,
+because the KDC applies a grace period to account for client\-KDC
+clock skew.  See krb5.conf(5) \fBclockskew\fP setting.
+.TP
+\fB\-k\fP [\fB\-i\fP | \fB\-t\fP \fIkeytab_file\fP]
+requests a ticket, obtained from a key in the local host\(aqs keytab.
+The location of the keytab may be specified with the \fB\-t\fP
+\fIkeytab_file\fP option, or with the \fB\-i\fP option to specify the use
+of the default client keytab; otherwise the default keytab will be
+used.  By default, a host ticket for the local host is requested,
+but any principal may be specified.  On a KDC, the special keytab
+location \fBKDB:\fP can be used to indicate that kinit should open
+the KDC database and look up the key directly.  This permits an
+administrator to obtain tickets as any principal that supports
+authentication based on the key.
+.TP
+\fB\-n\fP
+Requests anonymous processing.  Two types of anonymous principals
+are supported.
+.sp
+For fully anonymous Kerberos, configure pkinit on the KDC and
+configure \fBpkinit_anchors\fP in the client\(aqs krb5.conf(5)\&.
+Then use the \fB\-n\fP option with a principal of the form \fB@REALM\fP
+(an empty principal name followed by the at\-sign and a realm
+name).  If permitted by the KDC, an anonymous ticket will be
+returned.
+.sp
+A second form of anonymous tickets is supported; these
+realm\-exposed tickets hide the identity of the client but not the
+client\(aqs realm.  For this mode, use \fBkinit \-n\fP with a normal
+principal name.  If supported by the KDC, the principal (but not
+realm) will be replaced by the anonymous principal.
+.sp
+As of release 1.8, the MIT Kerberos KDC only supports fully
+anonymous operation.
+.UNINDENT
+.sp
+\fB\-I\fP \fIinput_ccache\fP
+.INDENT 0.0
+.INDENT 3.5
+Specifies the name of a credentials cache that already contains a
+ticket.  When obtaining that ticket, if information about how that
+ticket was obtained was also stored to the cache, that information
+will be used to affect how new credentials are obtained, including
+preselecting the same methods of authenticating to the KDC.
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+\fB\-T\fP \fIarmor_ccache\fP
+Specifies the name of a credentials cache that already contains a
+ticket.  If supported by the KDC, this cache will be used to armor
+the request, preventing offline dictionary attacks and allowing
+the use of additional preauthentication mechanisms.  Armoring also
+makes sure that the response from the KDC is not modified in
+transit.
+.TP
+\fB\-c\fP \fIcache_name\fP
+use \fIcache_name\fP as the Kerberos 5 credentials (ticket) cache
+location.  If this option is not used, the default cache location
+is used.
+.sp
+The default cache location may vary between systems.  If the
+\fBKRB5CCNAME\fP environment variable is set, its value is used to
+locate the default cache.  If a principal name is specified and
+the type of the default cache supports a collection (such as the
+DIR type), an existing cache containing credentials for the
+principal is selected or a new one is created and becomes the new
+primary cache.  Otherwise, any existing contents of the default
+cache are destroyed by kinit.
+.TP
+\fB\-S\fP \fIservice_name\fP
+specify an alternate service name to use when getting initial
+tickets.
+.TP
+\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]
+specify a pre\-authentication \fIattribute\fP and \fIvalue\fP to be
+interpreted by pre\-authentication modules.  The acceptable
+attribute and value values vary from module to module.  This
+option may be specified multiple times to specify multiple
+attributes.  If no value is specified, it is assumed to be "yes".
+.sp
+The following attributes are recognized by the PKINIT
+pre\-authentication mechanism:
+.INDENT 7.0
+.TP
+\fBX509_user_identity\fP=\fIvalue\fP
+specify where to find user\(aqs X509 identity information
+.TP
+\fBX509_anchors\fP=\fIvalue\fP
+specify where to find trusted X509 anchor information
+.TP
+\fBflag_RSA_PROTOCOL\fP[\fB=yes\fP]
+specify use of RSA, rather than the default Diffie\-Hellman
+protocol
+.TP
+\fBdisable_freshness\fP[\fB=yes\fP]
+disable sending freshness tokens (for testing purposes only)
+.UNINDENT
+.TP
+\fB\-\-request\-pac\fP | \fB\-\-no\-request\-pac\fP
+mutually exclusive.  If \fB\-\-request\-pac\fP is set, ask the KDC to
+include a PAC in authdata; if \fB\-\-no\-request\-pac\fP is set, ask the
+KDC not to include a PAC; if neither are set,  the KDC will follow
+its default, which is typically is to include a PAC if doing so is
+supported.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH FILES
+.INDENT 0.0
+.TP
+.B \fB@CCNAME@\fP
+default location of Kerberos 5 credentials cache
+.TP
+.B \fB@KTNAME@\fP
+default location for the local host\(aqs keytab.
+.UNINDENT
+.SH SEE ALSO
+.sp
+klist(1), kdestroy(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/klist.man b/krb5-1.21.3/src/man/klist.man
new file mode 100644
index 00000000..3061e5cc
--- /dev/null
+++ b/krb5-1.21.3/src/man/klist.man
@@ -0,0 +1,158 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KLIST" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+klist \- list cached Kerberos tickets
+.SH SYNOPSIS
+.sp
+\fBklist\fP
+[\fB\-e\fP]
+[[\fB\-c\fP] [\fB\-l\fP] [\fB\-A\fP] [\fB\-f\fP] [\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]]
+[\fB\-C\fP]
+[\fB\-k\fP [\fB\-i\fP] [\fB\-t\fP] [\fB\-K\fP]]
+[\fB\-V\fP]
+[\fB\-d\fP]
+[\fIcache_name\fP|\fIkeytab_name\fP]
+.SH DESCRIPTION
+.sp
+klist lists the Kerberos principal and Kerberos tickets held in a
+credentials cache, or the keys held in a keytab file.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-e\fP
+Displays the encryption types of the session key and the ticket
+for each credential in the credential cache, or each key in the
+keytab file.
+.TP
+\fB\-l\fP
+If a cache collection is available, displays a table summarizing
+the caches present in the collection.
+.TP
+\fB\-A\fP
+If a cache collection is available, displays the contents of all
+of the caches in the collection.
+.TP
+\fB\-c\fP
+List tickets held in a credentials cache. This is the default if
+neither \fB\-c\fP nor \fB\-k\fP is specified.
+.TP
+\fB\-f\fP
+Shows the flags present in the credentials, using the following
+abbreviations:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+F    Forwardable
+f    forwarded
+P    Proxiable
+p    proxy
+D    postDateable
+d    postdated
+R    Renewable
+I    Initial
+i    invalid
+H    Hardware authenticated
+A    preAuthenticated
+T    Transit policy checked
+O    Okay as delegate
+a    anonymous
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.TP
+\fB\-s\fP
+Causes klist to run silently (produce no output).  klist will exit
+with status 1 if the credentials cache cannot be read or is
+expired, and with status 0 otherwise.
+.TP
+\fB\-a\fP
+Display list of addresses in credentials.
+.TP
+\fB\-n\fP
+Show numeric addresses instead of reverse\-resolving addresses.
+.TP
+\fB\-C\fP
+List configuration data that has been stored in the credentials
+cache when klist encounters it.  By default, configuration data
+is not listed.
+.TP
+\fB\-k\fP
+List keys held in a keytab file.
+.TP
+\fB\-i\fP
+In combination with \fB\-k\fP, defaults to using the default client
+keytab instead of the default acceptor keytab, if no name is
+given.
+.TP
+\fB\-t\fP
+Display the time entry timestamps for each keytab entry in the
+keytab file.
+.TP
+\fB\-K\fP
+Display the value of the encryption key in each keytab entry in
+the keytab file.
+.TP
+\fB\-d\fP
+Display the authdata types (if any) for each entry.
+.TP
+\fB\-V\fP
+Display the Kerberos version number and exit.
+.UNINDENT
+.sp
+If \fIcache_name\fP or \fIkeytab_name\fP is not specified, klist will display
+the credentials in the default credentials cache or keytab file as
+appropriate.  If the \fBKRB5CCNAME\fP environment variable is set, its
+value is used to locate the default ticket cache.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH FILES
+.INDENT 0.0
+.TP
+.B \fB@CCNAME@\fP
+Default location of Kerberos 5 credentials cache
+.TP
+.B \fB@KTNAME@\fP
+Default location for the local host\(aqs keytab file.
+.UNINDENT
+.SH SEE ALSO
+.sp
+kinit(1), kdestroy(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kpasswd.man b/krb5-1.21.3/src/man/kpasswd.man
new file mode 100644
index 00000000..846224b6
--- /dev/null
+++ b/krb5-1.21.3/src/man/kpasswd.man
@@ -0,0 +1,68 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KPASSWD" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kpasswd \- change a user's Kerberos password
+.SH SYNOPSIS
+.sp
+\fBkpasswd\fP [\fIprincipal\fP]
+.SH DESCRIPTION
+.sp
+The kpasswd command is used to change a Kerberos principal\(aqs password.
+kpasswd first prompts for the current Kerberos password, then prompts
+the user twice for the new password, and the password is changed.
+.sp
+If the principal is governed by a policy that specifies the length
+and/or number of character classes required in the new password, the
+new password must conform to the policy.  (The five character classes
+are lower case, upper case, numbers, punctuation, and all other
+characters.)
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fIprincipal\fP
+Change the password for the Kerberos principal principal.
+Otherwise, kpasswd uses the principal name from an existing ccache
+if there is one; if not, the principal is derived from the
+identity of the user invoking the kpasswd command.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kadmin(1), kadmind(8), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kprop.man b/krb5-1.21.3/src/man/kprop.man
new file mode 100644
index 00000000..60911739
--- /dev/null
+++ b/krb5-1.21.3/src/man/kprop.man
@@ -0,0 +1,82 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KPROP" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kprop \- propagate a Kerberos V5 principal database to a replica server
+.SH SYNOPSIS
+.sp
+\fBkprop\fP
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-f\fP \fIfile\fP]
+[\fB\-d\fP]
+[\fB\-P\fP \fIport\fP]
+[\fB\-s\fP \fIkeytab\fP]
+\fIreplica_host\fP
+.SH DESCRIPTION
+.sp
+kprop is used to securely propagate a Kerberos V5 database dump file
+from the primary Kerberos server to a replica Kerberos server, which is
+specified by \fIreplica_host\fP\&.  The dump file must be created by
+kdb5_util(8)\&.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-r\fP \fIrealm\fP
+Specifies the realm of the primary server.
+.TP
+\fB\-f\fP \fIfile\fP
+Specifies the filename where the dumped principal database file is
+to be found; by default the dumped database file is normally
+\fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/replica_datatrans\fP\&.
+.TP
+\fB\-P\fP \fIport\fP
+Specifies the port to use to contact the kpropd(8) server
+on the remote host.
+.TP
+\fB\-d\fP
+Prints debugging information.
+.TP
+\fB\-s\fP \fIkeytab\fP
+Specifies the location of the keytab file.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kpropd(8), kdb5_util(8), krb5kdc(8),
+kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kpropd.man b/krb5-1.21.3/src/man/kpropd.man
new file mode 100644
index 00000000..2c44d4fb
--- /dev/null
+++ b/krb5-1.21.3/src/man/kpropd.man
@@ -0,0 +1,171 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KPROPD" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kpropd \- Kerberos V5 replica KDC update server
+.SH SYNOPSIS
+.sp
+\fBkpropd\fP
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-A\fP \fIadmin_server\fP]
+[\fB\-a\fP \fIacl_file\fP]
+[\fB\-f\fP \fIreplica_dumpfile\fP]
+[\fB\-F\fP \fIprincipal_database\fP]
+[\fB\-p\fP \fIkdb5_util_prog\fP]
+[\fB\-P\fP \fIport\fP]
+[\fB\-\-pid\-file\fP=\fIpid_file\fP]
+[\fB\-D\fP]
+[\fB\-d\fP]
+[\fB\-s\fP \fIkeytab_file\fP]
+.SH DESCRIPTION
+.sp
+The \fIkpropd\fP command runs on the replica KDC server.  It listens for
+update requests made by the kprop(8) program.  If incremental
+propagation is enabled, it periodically requests incremental updates
+from the primary KDC.
+.sp
+When the replica receives a kprop request from the primary, kpropd
+accepts the dumped KDC database and places it in a file, and then runs
+kdb5_util(8) to load the dumped database into the active
+database which is used by krb5kdc(8)\&.  This allows the primary
+Kerberos server to use kprop(8) to propagate its database to
+the replica servers.  Upon a successful download of the KDC database
+file, the replica Kerberos server will have an up\-to\-date KDC
+database.
+.sp
+Where incremental propagation is not used, kpropd is commonly invoked
+out of inetd(8) as a nowait service.  This is done by adding a line to
+the \fB/etc/inetd.conf\fP file which looks like this:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kprop  stream  tcp  nowait  root  /usr/local/sbin/kpropd  kpropd
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+kpropd can also run as a standalone daemon, backgrounding itself and
+waiting for connections on port 754 (or the port specified with the
+\fB\-P\fP option if given).  Standalone mode is required for incremental
+propagation.  Starting in release 1.11, kpropd automatically detects
+whether it was run from inetd and runs in standalone mode if it is
+not.  Prior to release 1.11, the \fB\-S\fP option is required to run
+kpropd in standalone mode; this option is now accepted for backward
+compatibility but does nothing.
+.sp
+Incremental propagation may be enabled with the \fBiprop_enable\fP
+variable in kdc.conf(5)\&.  If incremental propagation is
+enabled, the replica periodically polls the primary KDC for updates, at
+an interval determined by the \fBiprop_replica_poll\fP variable.  If the
+replica receives updates, kpropd updates its log file with any updates
+from the primary.  kproplog(8) can be used to view a summary of
+the update entry log on the replica KDC.  If incremental propagation
+is enabled, the principal \fBkiprop/replicahostname@REALM\fP (where
+\fIreplicahostname\fP is the name of the replica KDC host, and \fIREALM\fP is
+the name of the Kerberos realm) must be present in the replica\(aqs
+keytab file.
+.sp
+kproplog(8) can be used to force full replication when iprop is
+enabled.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-r\fP \fIrealm\fP
+Specifies the realm of the primary server.
+.TP
+\fB\-A\fP \fIadmin_server\fP
+Specifies the server to be contacted for incremental updates; by
+default, the primary admin server is contacted.
+.TP
+\fB\-f\fP \fIfile\fP
+Specifies the filename where the dumped principal database file is
+to be stored; by default the dumped database file is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/from_master\fP\&.
+.TP
+\fB\-F\fP \fIkerberos_db\fP
+Path to the Kerberos database file, if not the default.
+.TP
+\fB\-p\fP
+Allows the user to specify the pathname to the kdb5_util(8)
+program; by default the pathname used is \fB@SBINDIR@\fP\fB/kdb5_util\fP\&.
+.TP
+\fB\-D\fP
+In this mode, kpropd will not detach itself from the current job
+and run in the background.  Instead, it will run in the
+foreground.
+.TP
+\fB\-d\fP
+Turn on debug mode.  kpropd will print out debugging messages
+during the database propogation and will run in the foreground
+(implies \fB\-D\fP).
+.TP
+\fB\-P\fP
+Allow for an alternate port number for kpropd to listen on.  This
+is only useful in combination with the \fB\-S\fP option.
+.TP
+\fB\-a\fP \fIacl_file\fP
+Allows the user to specify the path to the kpropd.acl file; by
+default the path used is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kpropd.acl\fP\&.
+.TP
+\fB\-\-pid\-file\fP=\fIpid_file\fP
+In standalone mode, write the process ID of the daemon into
+\fIpid_file\fP\&.
+.TP
+\fB\-s\fP \fIkeytab_file\fP
+Path to a keytab to use for acquiring acceptor credentials.
+.TP
+\fB\-x\fP \fIdb_args\fP
+Database\-specific arguments.  See Database Options in kadmin(1) for supported arguments.
+.UNINDENT
+.SH FILES
+.INDENT 0.0
+.TP
+.B kpropd.acl
+Access file for kpropd; the default location is
+\fB/usr/local/var/krb5kdc/kpropd.acl\fP\&.  Each entry is a line
+containing the principal of a host from which the local machine
+will allow Kerberos database propagation via kprop(8)\&.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kprop(8), kdb5_util(8), krb5kdc(8),
+kerberos(7), inetd(8)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kproplog.man b/krb5-1.21.3/src/man/kproplog.man
new file mode 100644
index 00000000..f7e93f35
--- /dev/null
+++ b/krb5-1.21.3/src/man/kproplog.man
@@ -0,0 +1,115 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KPROPLOG" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kproplog \- display the contents of the Kerberos principal update log
+.SH SYNOPSIS
+.sp
+\fBkproplog\fP [\fB\-h\fP] [\fB\-e\fP \fInum\fP] [\-v]
+\fBkproplog\fP [\-R]
+.SH DESCRIPTION
+.sp
+The kproplog command displays the contents of the KDC database update
+log to standard output.  It can be used to keep track of incremental
+updates to the principal database.  The update log file contains the
+update log maintained by the kadmind(8) process on the primary
+KDC server and the kpropd(8) process on the replica KDC
+servers.  When updates occur, they are logged to this file.
+Subsequently any KDC replica configured for incremental updates will
+request the current data from the primary KDC and update their log
+file with any updates returned.
+.sp
+The kproplog command requires read access to the update log file.  It
+will display update entries only for the KDC it runs on.
+.sp
+If no options are specified, kproplog displays a summary of the update
+log.  If invoked on the primary, kproplog also displays all of the
+update entries.  If invoked on a replica KDC server, kproplog displays
+only a summary of the updates, which includes the serial number of the
+last update received and the associated time stamp of the last update.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-R\fP
+Reset the update log.  This forces full resynchronization.  If
+used on a replica then that replica will request a full resync.
+If used on the primary then all replicas will request full
+resyncs.
+.TP
+\fB\-h\fP
+Display a summary of the update log.  This information includes
+the database version number, state of the database, the number of
+updates in the log, the time stamp of the first and last update,
+and the version number of the first and last update entry.
+.TP
+\fB\-e\fP \fInum\fP
+Display the last \fInum\fP update entries in the log.  This is useful
+when debugging synchronization between KDC servers.
+.TP
+\fB\-v\fP
+Display individual attributes per update.  An example of the
+output generated for one entry:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+Update Entry
+   Update serial # : 4
+   Update operation : Add
+   Update principal : test@EXAMPLE.COM
+   Update size : 424
+   Update committed : True
+   Update time stamp : Fri Feb 20 23:37:42 2004
+   Attributes changed : 6
+         Principal
+         Key data
+         Password last changed
+         Modifying principal
+         Modification time
+         TL data
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kpropd(8), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/krb5-config.man b/krb5-1.21.3/src/man/krb5-config.man
new file mode 100644
index 00000000..021c5811
--- /dev/null
+++ b/krb5-1.21.3/src/man/krb5-config.man
@@ -0,0 +1,141 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KRB5-CONFIG" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+krb5-config \- tool for linking against MIT Kerberos libraries
+.SH SYNOPSIS
+.sp
+\fBkrb5\-config\fP
+[\fB\-\fP\fB\-help\fP | \fB\-\fP\fB\-all\fP | \fB\-\fP\fB\-version\fP | \fB\-\fP\fB\-vendor\fP | \fB\-\fP\fB\-prefix\fP | \fB\-\fP\fB\-exec\-prefix\fP | \fB\-\fP\fB\-defccname\fP | \fB\-\fP\fB\-defktname\fP | \fB\-\fP\fB\-defcktname\fP | \fB\-\fP\fB\-cflags\fP | \fB\-\fP\fB\-libs\fP [\fIlibraries\fP]]
+.SH DESCRIPTION
+.sp
+krb5\-config tells the application programmer what flags to use to compile
+and link programs against the installed Kerberos libraries.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-\fP\fB\-help\fP
+prints a usage message.  This is the default behavior when no options
+are specified.
+.TP
+\fB\-\fP\fB\-all\fP
+prints the version, vendor, prefix, and exec\-prefix.
+.TP
+\fB\-\fP\fB\-version\fP
+prints the version number of the Kerberos installation.
+.TP
+\fB\-\fP\fB\-vendor\fP
+prints the name of the vendor of the Kerberos installation.
+.TP
+\fB\-\fP\fB\-prefix\fP
+prints the prefix for which the Kerberos installation was built.
+.TP
+\fB\-\fP\fB\-exec\-prefix\fP
+prints the prefix for executables for which the Kerberos installation
+was built.
+.TP
+\fB\-\fP\fB\-defccname\fP
+prints the built\-in default credentials cache location.
+.TP
+\fB\-\fP\fB\-defktname\fP
+prints the built\-in default keytab location.
+.TP
+\fB\-\fP\fB\-defcktname\fP
+prints the built\-in default client (initiator) keytab location.
+.TP
+\fB\-\fP\fB\-cflags\fP
+prints the compilation flags used to build the Kerberos installation.
+.TP
+\fB\-\fP\fB\-libs\fP [\fIlibrary\fP]
+prints the compiler options needed to link against \fIlibrary\fP\&.
+Allowed values for \fIlibrary\fP are:
+.TS
+center;
+|l|l|.
+_
+T{
+krb5
+T}	T{
+Kerberos 5 applications (default)
+T}
+_
+T{
+gssapi
+T}	T{
+GSSAPI applications with Kerberos 5 bindings
+T}
+_
+T{
+kadm\-client
+T}	T{
+Kadmin client
+T}
+_
+T{
+kadm\-server
+T}	T{
+Kadmin server
+T}
+_
+T{
+kdb
+T}	T{
+Applications that access the Kerberos database
+T}
+_
+.TE
+.UNINDENT
+.SH EXAMPLES
+.sp
+krb5\-config is particularly useful for compiling against a Kerberos
+installation that was installed in a non\-standard location.  For example,
+a Kerberos installation that is installed in \fB/opt/krb5/\fP but uses
+libraries in \fB/usr/local/lib/\fP for text localization would produce
+the following output:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+shell% krb5\-config \-\-libs krb5
+\-L/opt/krb5/lib \-Wl,\-rpath \-Wl,/opt/krb5/lib \-L/usr/local/lib \-lkrb5 \-lk5crypto \-lcom_err
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH SEE ALSO
+.sp
+kerberos(7), cc(1)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/krb5.conf.man b/krb5-1.21.3/src/man/krb5.conf.man
new file mode 100644
index 00000000..6c0e9aff
--- /dev/null
+++ b/krb5-1.21.3/src/man/krb5.conf.man
@@ -0,0 +1,1505 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KRB5.CONF" "5" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+krb5.conf \- Kerberos configuration file
+.sp
+The krb5.conf file contains Kerberos configuration information,
+including the locations of KDCs and admin servers for the Kerberos
+realms of interest, defaults for the current realm and for Kerberos
+applications, and mappings of hostnames onto Kerberos realms.
+Normally, you should install your krb5.conf file in the directory
+\fB/etc\fP\&.  You can override the default location by setting the
+environment variable \fBKRB5_CONFIG\fP\&.  Multiple colon\-separated
+filenames may be specified in \fBKRB5_CONFIG\fP; all files which are
+present will be read.  Starting in release 1.14, directory names can
+also be specified in \fBKRB5_CONFIG\fP; all files within the directory
+whose names consist solely of alphanumeric characters, dashes, or
+underscores will be read.
+.SH STRUCTURE
+.sp
+The krb5.conf file is set up in the style of a Windows INI file.
+Lines beginning with \(aq#\(aq or \(aq;\(aq (possibly after initial whitespace)
+are ignored as comments.  Sections are headed by the section name, in
+square brackets.  Each section may contain zero or more relations, of
+the form:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+foo = bar
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+or:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+fubar = {
+    foo = bar
+    baz = quux
+}
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Placing a \(aq*\(aq after the closing bracket of a section name indicates
+that the section is \fIfinal\fP, meaning that if the same section appears
+within a later file specified in \fBKRB5_CONFIG\fP, it will be ignored.
+A subsection can be marked as final by placing a \(aq*\(aq after either the
+tag name or the closing brace.
+.sp
+The krb5.conf file can include other files using either of the
+following directives at the beginning of a line:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+include FILENAME
+includedir DIRNAME
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fIFILENAME\fP or \fIDIRNAME\fP should be an absolute path. The named file or
+directory must exist and be readable.  Including a directory includes
+all files within the directory whose names consist solely of
+alphanumeric characters, dashes, or underscores.  Starting in release
+1.15, files with names ending in ".conf" are also included, unless the
+name begins with ".".  Included profile files are syntactically
+independent of their parents, so each included file must begin with a
+section header.  Starting in release 1.17, files are read in
+alphanumeric order; in previous releases, they may be read in any
+order.
+.sp
+The krb5.conf file can specify that configuration should be obtained
+from a loadable module, rather than the file itself, using the
+following directive at the beginning of a line before any section
+headers:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+module MODULEPATH:RESIDUAL
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fIMODULEPATH\fP may be relative to the library path of the krb5
+installation, or it may be an absolute path.  \fIRESIDUAL\fP is provided
+to the module at initialization time.  If krb5.conf uses a module
+directive, kdc.conf(5) should also use one if it exists.
+.SH SECTIONS
+.sp
+The krb5.conf file may contain the following sections:
+.TS
+center;
+|l|l|.
+_
+T{
+\fI\%[libdefaults]\fP
+T}	T{
+Settings used by the Kerberos V5 library
+T}
+_
+T{
+\fI\%[realms]\fP
+T}	T{
+Realm\-specific contact information and settings
+T}
+_
+T{
+\fI\%[domain_realm]\fP
+T}	T{
+Maps server hostnames to Kerberos realms
+T}
+_
+T{
+\fI\%[capaths]\fP
+T}	T{
+Authentication paths for non\-hierarchical cross\-realm
+T}
+_
+T{
+\fI\%[appdefaults]\fP
+T}	T{
+Settings used by some Kerberos V5 applications
+T}
+_
+T{
+\fI\%[plugins]\fP
+T}	T{
+Controls plugin module registration
+T}
+_
+.TE
+.sp
+Additionally, krb5.conf may include any of the relations described in
+kdc.conf(5), but it is not a recommended practice.
+.SS [libdefaults]
+.sp
+The libdefaults section may contain any of the following relations:
+.INDENT 0.0
+.TP
+\fBallow_des3\fP
+Permit the KDC to issue tickets with des3\-cbc\-sha1 session keys.
+In future releases, this flag will allow des3\-cbc\-sha1 to be used
+at all.  The default value for this tag is false.  (Added in
+release 1.21.)
+.TP
+\fBallow_rc4\fP
+Permit the KDC to issue tickets with arcfour\-hmac session keys.
+In future releases, this flag will allow arcfour\-hmac to be used
+at all.  The default value for this tag is false.  (Added in
+release 1.21.)
+.TP
+\fBallow_weak_crypto\fP
+If this flag is set to false, then weak encryption types (as noted
+in Encryption_types in kdc.conf(5)) will be filtered
+out of the lists \fBdefault_tgs_enctypes\fP,
+\fBdefault_tkt_enctypes\fP, and \fBpermitted_enctypes\fP\&.  The default
+value for this tag is false.
+.TP
+\fBcanonicalize\fP
+If this flag is set to true, initial ticket requests to the KDC
+will request canonicalization of the client principal name, and
+answers with different client principals than the requested
+principal will be accepted.  The default value is false.
+.TP
+\fBccache_type\fP
+This parameter determines the format of credential cache types
+created by kinit(1) or other programs.  The default value
+is 4, which represents the most current format.  Smaller values
+can be used for compatibility with very old implementations of
+Kerberos which interact with credential caches on the same host.
+.TP
+\fBclockskew\fP
+Sets the maximum allowable amount of clockskew in seconds that the
+library will tolerate before assuming that a Kerberos message is
+invalid.  The default value is 300 seconds, or five minutes.
+.sp
+The clockskew setting is also used when evaluating ticket start
+and expiration times.  For example, tickets that have reached
+their expiration time can still be used (and renewed if they are
+renewable tickets) if they have been expired for a shorter
+duration than the \fBclockskew\fP setting.
+.TP
+\fBdefault_ccache_name\fP
+This relation specifies the name of the default credential cache.
+The default is \fB@CCNAME@\fP\&.  This relation is subject to parameter
+expansion (see below).  New in release 1.11.
+.TP
+\fBdefault_client_keytab_name\fP
+This relation specifies the name of the default keytab for
+obtaining client credentials.  The default is \fB@CKTNAME@\fP\&.  This
+relation is subject to parameter expansion (see below).
+New in release 1.11.
+.TP
+\fBdefault_keytab_name\fP
+This relation specifies the default keytab name to be used by
+application servers such as sshd.  The default is \fB@KTNAME@\fP\&.  This
+relation is subject to parameter expansion (see below).
+.TP
+\fBdefault_rcache_name\fP
+This relation specifies the name of the default replay cache.
+The default is \fBdfl:\fP\&.  This relation is subject to parameter
+expansion (see below).  New in release 1.18.
+.TP
+\fBdefault_realm\fP
+Identifies the default Kerberos realm for the client.  Set its
+value to your Kerberos realm.  If this value is not set, then a
+realm must be specified with every Kerberos principal when
+invoking programs such as kinit(1)\&.
+.TP
+\fBdefault_tgs_enctypes\fP
+Identifies the supported list of session key encryption types that
+the client should request when making a TGS\-REQ, in order of
+preference from highest to lowest.  The list may be delimited with
+commas or whitespace.  See Encryption_types in
+kdc.conf(5) for a list of the accepted values for this tag.
+Starting in release 1.18, the default value is the value of
+\fBpermitted_enctypes\fP\&.  For previous releases or if
+\fBpermitted_enctypes\fP is not set, the default value is
+\fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac\fP\&.
+.sp
+Do not set this unless required for specific backward
+compatibility purposes; stale values of this setting can prevent
+clients from taking advantage of new stronger enctypes when the
+libraries are upgraded.
+.TP
+\fBdefault_tkt_enctypes\fP
+Identifies the supported list of session key encryption types that
+the client should request when making an AS\-REQ, in order of
+preference from highest to lowest.  The format is the same as for
+default_tgs_enctypes.  Starting in release 1.18, the default
+value is the value of \fBpermitted_enctypes\fP\&.  For previous
+releases or if \fBpermitted_enctypes\fP is not set, the default
+value is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac\fP\&.
+.sp
+Do not set this unless required for specific backward
+compatibility purposes; stale values of this setting can prevent
+clients from taking advantage of new stronger enctypes when the
+libraries are upgraded.
+.TP
+\fBdns_canonicalize_hostname\fP
+Indicate whether name lookups will be used to canonicalize
+hostnames for use in service principal names.  Setting this flag
+to false can improve security by reducing reliance on DNS, but
+means that short hostnames will not be canonicalized to
+fully\-qualified hostnames.  If this option is set to \fBfallback\fP (new
+in release 1.18), DNS canonicalization will only be performed the
+server hostname is not found with the original name when
+requesting credentials.  The default value is true.
+.TP
+\fBdns_lookup_kdc\fP
+Indicate whether DNS SRV records should be used to locate the KDCs
+and other servers for a realm, if they are not listed in the
+krb5.conf information for the realm.  (Note that the admin_server
+entry must be in the krb5.conf realm information in order to
+contact kadmind, because the DNS implementation for kadmin is
+incomplete.)
+.sp
+Enabling this option does open up a type of denial\-of\-service
+attack, if someone spoofs the DNS records and redirects you to
+another server.  However, it\(aqs no worse than a denial of service,
+because that fake KDC will be unable to decode anything you send
+it (besides the initial ticket request, which has no encrypted
+data), and anything the fake KDC sends will not be trusted without
+verification using some secret that it won\(aqt know.
+.TP
+\fBdns_uri_lookup\fP
+Indicate whether DNS URI records should be used to locate the KDCs
+and other servers for a realm, if they are not listed in the
+krb5.conf information for the realm.  SRV records are used as a
+fallback if no URI records were found.  The default value is true.
+New in release 1.15.
+.TP
+\fBenforce_ok_as_delegate\fP
+If this flag to true, GSSAPI credential delegation will be
+disabled when the \fBok\-as\-delegate\fP flag is not set in the
+service ticket.  If this flag is false, the \fBok\-as\-delegate\fP
+ticket flag is only enforced when an application specifically
+requests enforcement.  The default value is false.
+.TP
+\fBerr_fmt\fP
+This relation allows for custom error message formatting.  If a
+value is set, error messages will be formatted by substituting a
+normal error message for %M and an error code for %C in the value.
+.TP
+\fBextra_addresses\fP
+This allows a computer to use multiple local addresses, in order
+to allow Kerberos to work in a network that uses NATs while still
+using address\-restricted tickets.  The addresses should be in a
+comma\-separated list.  This option has no effect if
+\fBnoaddresses\fP is true.
+.TP
+\fBforwardable\fP
+If this flag is true, initial tickets will be forwardable by
+default, if allowed by the KDC.  The default value is false.
+.TP
+\fBignore_acceptor_hostname\fP
+When accepting GSSAPI or krb5 security contexts for host\-based
+service principals, ignore any hostname passed by the calling
+application, and allow clients to authenticate to any service
+principal in the keytab matching the service name and realm name
+(if given).  This option can improve the administrative
+flexibility of server applications on multihomed hosts, but could
+compromise the security of virtual hosting environments.  The
+default value is false.  New in release 1.10.
+.TP
+\fBk5login_authoritative\fP
+If this flag is true, principals must be listed in a local user\(aqs
+k5login file to be granted login access, if a \&.k5login(5)
+file exists.  If this flag is false, a principal may still be
+granted login access through other mechanisms even if a k5login
+file exists but does not list the principal.  The default value is
+true.
+.TP
+\fBk5login_directory\fP
+If set, the library will look for a local user\(aqs k5login file
+within the named directory, with a filename corresponding to the
+local username.  If not set, the library will look for k5login
+files in the user\(aqs home directory, with the filename .k5login.
+For security reasons, .k5login files must be owned by
+the local user or by root.
+.TP
+\fBkcm_mach_service\fP
+On macOS only, determines the name of the bootstrap service used to
+contact the KCM daemon for the KCM credential cache type.  If the
+value is \fB\-\fP, Mach RPC will not be used to contact the KCM
+daemon.  The default value is \fBorg.h5l.kcm\fP\&.
+.TP
+\fBkcm_socket\fP
+Determines the path to the Unix domain socket used to access the
+KCM daemon for the KCM credential cache type.  If the value is
+\fB\-\fP, Unix domain sockets will not be used to contact the KCM
+daemon.  The default value is
+\fB/var/run/.heim_org.h5l.kcm\-socket\fP\&.
+.TP
+\fBkdc_default_options\fP
+Default KDC options (Xored for multiple values) when requesting
+initial tickets.  By default it is set to 0x00000010
+(KDC_OPT_RENEWABLE_OK).
+.TP
+\fBkdc_timesync\fP
+Accepted values for this relation are 1 or 0.  If it is nonzero,
+client machines will compute the difference between their time and
+the time returned by the KDC in the timestamps in the tickets and
+use this value to correct for an inaccurate system clock when
+requesting service tickets or authenticating to services.  This
+corrective factor is only used by the Kerberos library; it is not
+used to change the system clock.  The default value is 1.
+.TP
+\fBnoaddresses\fP
+If this flag is true, requests for initial tickets will not be
+made with address restrictions set, allowing the tickets to be
+used across NATs.  The default value is true.
+.TP
+\fBpermitted_enctypes\fP
+Identifies the encryption types that servers will permit for
+session keys and for ticket and authenticator encryption, ordered
+by preference from highest to lowest.  Starting in release 1.18,
+this tag also acts as the default value for
+\fBdefault_tgs_enctypes\fP and \fBdefault_tkt_enctypes\fP\&.  The
+default value for this tag is \fBaes256\-cts\-hmac\-sha1\-96 aes128\-cts\-hmac\-sha1\-96 aes256\-cts\-hmac\-sha384\-192 aes128\-cts\-hmac\-sha256\-128 des3\-cbc\-sha1 arcfour\-hmac\-md5 camellia256\-cts\-cmac camellia128\-cts\-cmac\fP\&.
+.TP
+\fBplugin_base_dir\fP
+If set, determines the base directory where krb5 plugins are
+located.  The default value is the \fBkrb5/plugins\fP subdirectory
+of the krb5 library directory.  This relation is subject to
+parameter expansion (see below) in release 1.17 and later.
+.TP
+\fBpreferred_preauth_types\fP
+This allows you to set the preferred preauthentication types which
+the client will attempt before others which may be advertised by a
+KDC.  The default value for this setting is "17, 16, 15, 14",
+which forces libkrb5 to attempt to use PKINIT if it is supported.
+.TP
+\fBproxiable\fP
+If this flag is true, initial tickets will be proxiable by
+default, if allowed by the KDC.  The default value is false.
+.TP
+\fBqualify_shortname\fP
+If this string is set, it determines the domain suffix for
+single\-component hostnames when DNS canonicalization is not used
+(either because \fBdns_canonicalize_hostname\fP is false or because
+forward canonicalization failed).  The default value is the first
+search domain of the system\(aqs DNS configuration.  To disable
+qualification of shortnames, set this relation to the empty string
+with \fBqualify_shortname = ""\fP\&.  (New in release 1.18.)
+.TP
+\fBrdns\fP
+If this flag is true, reverse name lookup will be used in addition
+to forward name lookup to canonicalizing hostnames for use in
+service principal names.  If \fBdns_canonicalize_hostname\fP is set
+to false, this flag has no effect.  The default value is true.
+.TP
+\fBrealm_try_domains\fP
+Indicate whether a host\(aqs domain components should be used to
+determine the Kerberos realm of the host.  The value of this
+variable is an integer: \-1 means not to search, 0 means to try the
+host\(aqs domain itself, 1 means to also try the domain\(aqs immediate
+parent, and so forth.  The library\(aqs usual mechanism for locating
+Kerberos realms is used to determine whether a domain is a valid
+realm, which may involve consulting DNS if \fBdns_lookup_kdc\fP is
+set.  The default is not to search domain components.
+.TP
+\fBrenew_lifetime\fP
+(duration string.)  Sets the default renewable lifetime
+for initial ticket requests.  The default value is 0.
+.TP
+\fBspake_preauth_groups\fP
+A whitespace or comma\-separated list of words which specifies the
+groups allowed for SPAKE preauthentication.  The possible values
+are:
+.TS
+center;
+|l|l|.
+_
+T{
+edwards25519
+T}	T{
+Edwards25519 curve (\fI\%RFC 7748\fP)
+T}
+_
+T{
+P\-256
+T}	T{
+NIST P\-256 curve (\fI\%RFC 5480\fP)
+T}
+_
+T{
+P\-384
+T}	T{
+NIST P\-384 curve (\fI\%RFC 5480\fP)
+T}
+_
+T{
+P\-521
+T}	T{
+NIST P\-521 curve (\fI\%RFC 5480\fP)
+T}
+_
+.TE
+.sp
+The default value for the client is \fBedwards25519\fP\&.  The default
+value for the KDC is empty.  New in release 1.17.
+.TP
+\fBticket_lifetime\fP
+(duration string.)  Sets the default lifetime for initial
+ticket requests.  The default value is 1 day.
+.TP
+\fBudp_preference_limit\fP
+When sending a message to the KDC, the library will try using TCP
+before UDP if the size of the message is above
+\fBudp_preference_limit\fP\&.  If the message is smaller than
+\fBudp_preference_limit\fP, then UDP will be tried before TCP.
+Regardless of the size, both protocols will be tried if the first
+attempt fails.
+.TP
+\fBverify_ap_req_nofail\fP
+If this flag is true, then an attempt to verify initial
+credentials will fail if the client machine does not have a
+keytab.  The default value is false.
+.TP
+\fBclient_aware_channel_bindings\fP
+If this flag is true, then all application protocol authentication
+requests will be flagged to indicate that the application supports
+channel bindings when operating over a secure channel.  The
+default value is false.
+.UNINDENT
+.SS [realms]
+.sp
+Each tag in the [realms] section of the file is the name of a Kerberos
+realm.  The value of the tag is a subsection with relations that
+define the properties of that particular realm.  For each realm, the
+following tags may be specified in the realm\(aqs subsection:
+.INDENT 0.0
+.TP
+\fBadmin_server\fP
+Identifies the host where the administration server is running.
+Typically, this is the primary Kerberos server.  This tag must be
+given a value in order to communicate with the kadmind(8)
+server for the realm.
+.TP
+\fBauth_to_local\fP
+This tag allows you to set a general rule for mapping principal
+names to local user names.  It will be used if there is not an
+explicit mapping for the principal name that is being
+translated. The possible values are:
+.INDENT 7.0
+.TP
+\fBRULE:\fP\fIexp\fP
+The local name will be formulated from \fIexp\fP\&.
+.sp
+The format for \fIexp\fP is \fB[\fP\fIn\fP\fB:\fP\fIstring\fP\fB](\fP\fIregexp\fP\fB)s/\fP\fIpattern\fP\fB/\fP\fIreplacement\fP\fB/g\fP\&.
+The integer \fIn\fP indicates how many components the target
+principal should have.  If this matches, then a string will be
+formed from \fIstring\fP, substituting the realm of the principal
+for \fB$0\fP and the \fIn\fP\(aqth component of the principal for
+\fB$n\fP (e.g., if the principal was \fBjohndoe/admin\fP then
+\fB[2:$2$1foo]\fP would result in the string
+\fBadminjohndoefoo\fP).  If this string matches \fIregexp\fP, then
+the \fBs//[g]\fP substitution command will be run over the
+string.  The optional \fBg\fP will cause the substitution to be
+global over the \fIstring\fP, instead of replacing only the first
+match in the \fIstring\fP\&.
+.TP
+\fBDEFAULT\fP
+The principal name will be used as the local user name.  If
+the principal has more than one component or is not in the
+default realm, this rule is not applicable and the conversion
+will fail.
+.UNINDENT
+.sp
+For example:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[realms]
+    ATHENA.MIT.EDU = {
+        auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/
+        auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$//
+        auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/
+        auth_to_local = DEFAULT
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+would result in any principal without \fBroot\fP or \fBadmin\fP as the
+second component to be translated with the default rule.  A
+principal with a second component of \fBadmin\fP will become its
+first component.  \fBroot\fP will be used as the local name for any
+principal with a second component of \fBroot\fP\&.  The exception to
+these two rules are any principals \fBjohndoe/*\fP, which will
+always get the local name \fBguest\fP\&.
+.TP
+\fBauth_to_local_names\fP
+This subsection allows you to set explicit mappings from principal
+names to local user names.  The tag is the mapping name, and the
+value is the corresponding local user name.
+.TP
+\fBdefault_domain\fP
+This tag specifies the domain used to expand hostnames when
+translating Kerberos 4 service principals to Kerberos 5 principals
+(for example, when converting \fBrcmd.hostname\fP to
+\fBhost/hostname.domain\fP).
+.TP
+\fBdisable_encrypted_timestamp\fP
+If this flag is true, the client will not perform encrypted
+timestamp preauthentication if requested by the KDC.  Setting this
+flag can help to prevent dictionary attacks by active attackers,
+if the realm\(aqs KDCs support SPAKE preauthentication or if initial
+authentication always uses another mechanism or always uses FAST.
+This flag persists across client referrals during initial
+authentication.  This flag does not prevent the KDC from offering
+encrypted timestamp.  New in release 1.17.
+.TP
+\fBhttp_anchors\fP
+When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag
+can be used to specify the location of the CA certificate which should be
+trusted to issue the certificate for a proxy server.  If left unspecified,
+the system\-wide default set of CA certificates is used.
+.sp
+The syntax for values is similar to that of values for the
+\fBpkinit_anchors\fP tag:
+.sp
+\fBFILE:\fP \fIfilename\fP
+.sp
+\fIfilename\fP is assumed to be the name of an OpenSSL\-style ca\-bundle file.
+.sp
+\fBDIR:\fP \fIdirname\fP
+.sp
+\fIdirname\fP is assumed to be an directory which contains CA certificates.
+All files in the directory will be examined; if they contain certificates
+(in PEM format), they will be used.
+.sp
+\fBENV:\fP \fIenvvar\fP
+.sp
+\fIenvvar\fP specifies the name of an environment variable which has been set
+to a value conforming to one of the previous values.  For example,
+\fBENV:X509_PROXY_CA\fP, where environment variable \fBX509_PROXY_CA\fP has
+been set to \fBFILE:/tmp/my_proxy.pem\fP\&.
+.TP
+\fBkdc\fP
+The name or address of a host running a KDC for that realm.  An
+optional port number, separated from the hostname by a colon, may
+be included.  If the name or address contains colons (for example,
+if it is an IPv6 address), enclose it in square brackets to
+distinguish the colon from a port separator.  For your computer to
+be able to communicate with the KDC for each realm, this tag must
+be given a value in each realm subsection in the configuration
+file, or there must be DNS SRV records specifying the KDCs.
+.TP
+\fBkpasswd_server\fP
+Points to the server where all the password changes are performed.
+If there is no such entry, DNS will be queried (unless forbidden
+by \fBdns_lookup_kdc\fP).  Finally, port 464 on the \fBadmin_server\fP
+host will be tried.
+.TP
+\fBmaster_kdc\fP
+The name for \fBprimary_kdc\fP prior to release 1.19.  Its value is
+used as a fallback if \fBprimary_kdc\fP is not specified.
+.TP
+\fBprimary_kdc\fP
+Identifies the primary KDC(s).  Currently, this tag is used in only
+one case: If an attempt to get credentials fails because of an
+invalid password, the client software will attempt to contact the
+primary KDC, in case the user\(aqs password has just been changed, and
+the updated database has not been propagated to the replica
+servers yet.  New in release 1.19.
+.TP
+\fBv4_instance_convert\fP
+This subsection allows the administrator to configure exceptions
+to the \fBdefault_domain\fP mapping rule.  It contains V4 instances
+(the tag name) which should be translated to some specific
+hostname (the tag value) as the second component in a Kerberos V5
+principal name.
+.TP
+\fBv4_realm\fP
+This relation is used by the krb524 library routines when
+converting a V5 principal name to a V4 principal name.  It is used
+when the V4 realm name and the V5 realm name are not the same, but
+still share the same principal names and passwords. The tag value
+is the Kerberos V4 realm name.
+.UNINDENT
+.SS [domain_realm]
+.sp
+The [domain_realm] section provides a translation from hostnames to
+Kerberos realms.  Each tag is a domain name, providing the mapping for
+that domain and all subdomains.  If the tag begins with a period
+(\fB\&.\fP) then it applies only to subdomains.  The Kerberos realm may be
+identified either in the \fI\%realms\fP section or using DNS SRV records.
+Tag names should be in lower case.  For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[domain_realm]
+    crash.mit.edu = TEST.ATHENA.MIT.EDU
+    .dev.mit.edu = TEST.ATHENA.MIT.EDU
+    mit.edu = ATHENA.MIT.EDU
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+maps the host with the name \fBcrash.mit.edu\fP into the
+\fBTEST.ATHENA.MIT.EDU\fP realm.  The second entry maps all hosts under the
+domain \fBdev.mit.edu\fP into the \fBTEST.ATHENA.MIT.EDU\fP realm, but not
+the host with the name \fBdev.mit.edu\fP\&.  That host is matched
+by the third entry, which maps the host \fBmit.edu\fP and all hosts
+under the domain \fBmit.edu\fP that do not match a preceding rule
+into the realm \fBATHENA.MIT.EDU\fP\&.
+.sp
+If no translation entry applies to a hostname used for a service
+principal for a service ticket request, the library will try to get a
+referral to the appropriate realm from the client realm\(aqs KDC.  If
+that does not succeed, the host\(aqs realm is considered to be the
+hostname\(aqs domain portion converted to uppercase, unless the
+\fBrealm_try_domains\fP setting in [libdefaults] causes a different
+parent domain to be used.
+.SS [capaths]
+.sp
+In order to perform direct (non\-hierarchical) cross\-realm
+authentication, configuration is needed to determine the
+authentication paths between realms.
+.sp
+A client will use this section to find the authentication path between
+its realm and the realm of the server.  The server will use this
+section to verify the authentication path used by the client, by
+checking the transited field of the received ticket.
+.sp
+There is a tag for each participating client realm, and each tag has
+subtags for each of the server realms.  The value of the subtags is an
+intermediate realm which may participate in the cross\-realm
+authentication.  The subtags may be repeated if there is more then one
+intermediate realm.  A value of "." means that the two realms share
+keys directly, and no intermediate realms should be allowed to
+participate.
+.sp
+Only those entries which will be needed on the client or the server
+need to be present.  A client needs a tag for its local realm with
+subtags for all the realms of servers it will need to authenticate to.
+A server needs a tag for each realm of the clients it will serve, with
+a subtag of the server realm.
+.sp
+For example, \fBANL.GOV\fP, \fBPNL.GOV\fP, and \fBNERSC.GOV\fP all wish to
+use the \fBES.NET\fP realm as an intermediate realm.  ANL has a sub
+realm of \fBTEST.ANL.GOV\fP which will authenticate with \fBNERSC.GOV\fP
+but not \fBPNL.GOV\fP\&.  The [capaths] section for \fBANL.GOV\fP systems
+would look like this:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[capaths]
+    ANL.GOV = {
+        TEST.ANL.GOV = .
+        PNL.GOV = ES.NET
+        NERSC.GOV = ES.NET
+        ES.NET = .
+    }
+    TEST.ANL.GOV = {
+        ANL.GOV = .
+    }
+    PNL.GOV = {
+        ANL.GOV = ES.NET
+    }
+    NERSC.GOV = {
+        ANL.GOV = ES.NET
+    }
+    ES.NET = {
+        ANL.GOV = .
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The [capaths] section of the configuration file used on \fBNERSC.GOV\fP
+systems would look like this:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[capaths]
+    NERSC.GOV = {
+        ANL.GOV = ES.NET
+        TEST.ANL.GOV = ES.NET
+        TEST.ANL.GOV = ANL.GOV
+        PNL.GOV = ES.NET
+        ES.NET = .
+    }
+    ANL.GOV = {
+        NERSC.GOV = ES.NET
+    }
+    PNL.GOV = {
+        NERSC.GOV = ES.NET
+    }
+    ES.NET = {
+        NERSC.GOV = .
+    }
+    TEST.ANL.GOV = {
+        NERSC.GOV = ANL.GOV
+        NERSC.GOV = ES.NET
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+When a subtag is used more than once within a tag, clients will use
+the order of values to determine the path.  The order of values is not
+important to servers.
+.SS [appdefaults]
+.sp
+Each tag in the [appdefaults] section names a Kerberos V5 application
+or an option that is used by some Kerberos V5 application[s].  The
+value of the tag defines the default behaviors for that application.
+.sp
+For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[appdefaults]
+    telnet = {
+        ATHENA.MIT.EDU = {
+            option1 = false
+        }
+    }
+    telnet = {
+        option1 = true
+        option2 = true
+    }
+    ATHENA.MIT.EDU = {
+        option2 = false
+    }
+    option2 = true
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The above four ways of specifying the value of an option are shown in
+order of decreasing precedence. In this example, if telnet is running
+in the realm EXAMPLE.COM, it should, by default, have option1 and
+option2 set to true.  However, a telnet program in the realm
+\fBATHENA.MIT.EDU\fP should have \fBoption1\fP set to false and
+\fBoption2\fP set to true.  Any other programs in ATHENA.MIT.EDU should
+have \fBoption2\fP set to false by default.  Any programs running in
+other realms should have \fBoption2\fP set to true.
+.sp
+The list of specifiable options for each application may be found in
+that application\(aqs man pages.  The application defaults specified here
+are overridden by those specified in the \fI\%realms\fP section.
+.SS [plugins]
+.INDENT 0.0
+.INDENT 3.5
+.INDENT 0.0
+.IP \(bu 2
+\fI\%pwqual\fP interface
+.IP \(bu 2
+\fI\%kadm5_hook\fP interface
+.IP \(bu 2
+\fI\%clpreauth\fP and \fI\%kdcpreauth\fP interfaces
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.sp
+Tags in the [plugins] section can be used to register dynamic plugin
+modules and to turn modules on and off.  Not every krb5 pluggable
+interface uses the [plugins] section; the ones that do are documented
+here.
+.sp
+New in release 1.9.
+.sp
+Each pluggable interface corresponds to a subsection of [plugins].
+All subsections support the same tags:
+.INDENT 0.0
+.TP
+\fBdisable\fP
+This tag may have multiple values. If there are values for this
+tag, then the named modules will be disabled for the pluggable
+interface.
+.TP
+\fBenable_only\fP
+This tag may have multiple values. If there are values for this
+tag, then only the named modules will be enabled for the pluggable
+interface.
+.TP
+\fBmodule\fP
+This tag may have multiple values.  Each value is a string of the
+form \fBmodulename:pathname\fP, which causes the shared object
+located at \fIpathname\fP to be registered as a dynamic module named
+\fImodulename\fP for the pluggable interface.  If \fIpathname\fP is not an
+absolute path, it will be treated as relative to the
+\fBplugin_base_dir\fP value from \fI\%[libdefaults]\fP\&.
+.UNINDENT
+.sp
+For pluggable interfaces where module order matters, modules
+registered with a \fBmodule\fP tag normally come first, in the order
+they are registered, followed by built\-in modules in the order they
+are documented below.  If \fBenable_only\fP tags are used, then the
+order of those tags overrides the normal module order.
+.sp
+The following subsections are currently supported within the [plugins]
+section:
+.SS ccselect interface
+.sp
+The ccselect subsection controls modules for credential cache
+selection within a cache collection.  In addition to any registered
+dynamic modules, the following built\-in modules exist (and may be
+disabled with the disable tag):
+.INDENT 0.0
+.TP
+\fBk5identity\fP
+Uses a .k5identity file in the user\(aqs home directory to select a
+client principal
+.TP
+\fBrealm\fP
+Uses the service realm to guess an appropriate cache from the
+collection
+.TP
+\fBhostname\fP
+If the service principal is host\-based, uses the service hostname
+to guess an appropriate cache from the collection
+.UNINDENT
+.SS pwqual interface
+.sp
+The pwqual subsection controls modules for the password quality
+interface, which is used to reject weak passwords when passwords are
+changed.  The following built\-in modules exist for this interface:
+.INDENT 0.0
+.TP
+\fBdict\fP
+Checks against the realm dictionary file
+.TP
+\fBempty\fP
+Rejects empty passwords
+.TP
+\fBhesiod\fP
+Checks against user information stored in Hesiod (only if Kerberos
+was built with Hesiod support)
+.TP
+\fBprinc\fP
+Checks against components of the principal name
+.UNINDENT
+.SS kadm5_hook interface
+.sp
+The kadm5_hook interface provides plugins with information on
+principal creation, modification, password changes and deletion.  This
+interface can be used to write a plugin to synchronize MIT Kerberos
+with another database such as Active Directory.  No plugins are built
+in for this interface.
+.SS kadm5_auth interface
+.sp
+The kadm5_auth section (introduced in release 1.16) controls modules
+for the kadmin authorization interface, which determines whether a
+client principal is allowed to perform a kadmin operation.  The
+following built\-in modules exist for this interface:
+.INDENT 0.0
+.TP
+\fBacl\fP
+This module reads the kadm5.acl(5) file, and authorizes
+operations which are allowed according to the rules in the file.
+.TP
+\fBself\fP
+This module authorizes self\-service operations including password
+changes, creation of new random keys, fetching the client\(aqs
+principal record or string attributes, and fetching the policy
+record associated with the client principal.
+.UNINDENT
+.SS clpreauth and kdcpreauth interfaces
+.sp
+The clpreauth and kdcpreauth interfaces allow plugin modules to
+provide client and KDC preauthentication mechanisms.  The following
+built\-in modules exist for these interfaces:
+.INDENT 0.0
+.TP
+\fBpkinit\fP
+This module implements the PKINIT preauthentication mechanism.
+.TP
+\fBencrypted_challenge\fP
+This module implements the encrypted challenge FAST factor.
+.TP
+\fBencrypted_timestamp\fP
+This module implements the encrypted timestamp mechanism.
+.UNINDENT
+.SS hostrealm interface
+.sp
+The hostrealm section (introduced in release 1.12) controls modules
+for the host\-to\-realm interface, which affects the local mapping of
+hostnames to realm names and the choice of default realm.  The following
+built\-in modules exist for this interface:
+.INDENT 0.0
+.TP
+\fBprofile\fP
+This module consults the [domain_realm] section of the profile for
+authoritative host\-to\-realm mappings, and the \fBdefault_realm\fP
+variable for the default realm.
+.TP
+\fBdns\fP
+This module looks for DNS records for fallback host\-to\-realm
+mappings and the default realm.  It only operates if the
+\fBdns_lookup_realm\fP variable is set to true.
+.TP
+\fBdomain\fP
+This module applies heuristics for fallback host\-to\-realm
+mappings.  It implements the \fBrealm_try_domains\fP variable, and
+uses the uppercased parent domain of the hostname if that does not
+produce a result.
+.UNINDENT
+.SS localauth interface
+.sp
+The localauth section (introduced in release 1.12) controls modules
+for the local authorization interface, which affects the relationship
+between Kerberos principals and local system accounts.  The following
+built\-in modules exist for this interface:
+.INDENT 0.0
+.TP
+\fBdefault\fP
+This module implements the \fBDEFAULT\fP type for \fBauth_to_local\fP
+values.
+.TP
+\fBrule\fP
+This module implements the \fBRULE\fP type for \fBauth_to_local\fP
+values.
+.TP
+\fBnames\fP
+This module looks for an \fBauth_to_local_names\fP mapping for the
+principal name.
+.TP
+\fBauth_to_local\fP
+This module processes \fBauth_to_local\fP values in the default
+realm\(aqs section, and applies the default method if no
+\fBauth_to_local\fP values exist.
+.TP
+\fBk5login\fP
+This module authorizes a principal to a local account according to
+the account\(aqs \&.k5login(5) file.
+.TP
+\fBan2ln\fP
+This module authorizes a principal to a local account if the
+principal name maps to the local account name.
+.UNINDENT
+.SS certauth interface
+.sp
+The certauth section (introduced in release 1.16) controls modules for
+the certificate authorization interface, which determines whether a
+certificate is allowed to preauthenticate a user via PKINIT.  The
+following built\-in modules exist for this interface:
+.INDENT 0.0
+.TP
+\fBpkinit_san\fP
+This module authorizes the certificate if it contains a PKINIT
+Subject Alternative Name for the requested client principal, or a
+Microsoft UPN SAN matching the principal if \fBpkinit_allow_upn\fP
+is set to true for the realm.
+.TP
+\fBpkinit_eku\fP
+This module rejects the certificate if it does not contain an
+Extended Key Usage attribute consistent with the
+\fBpkinit_eku_checking\fP value for the realm.
+.TP
+\fBdbmatch\fP
+This module authorizes or rejects the certificate according to
+whether it matches the \fBpkinit_cert_match\fP string attribute on
+the client principal, if that attribute is present.
+.UNINDENT
+.SH PKINIT OPTIONS
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+The following are PKINIT\-specific options.  These values may
+be specified in [libdefaults] as global defaults, or within
+a realm\-specific subsection of [libdefaults], or may be
+specified as realm\-specific values in the [realms] section.
+A realm\-specific value overrides, not adds to, a generic
+[libdefaults] specification.  The search order is:
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.IP 1. 3
+realm\-specific subsection of [libdefaults]:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[libdefaults]
+    EXAMPLE.COM = {
+        pkinit_anchors = FILE:/usr/local/example.com.crt
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+realm\-specific value in the [realms] section:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[realms]
+    OTHERREALM.ORG = {
+        pkinit_anchors = FILE:/usr/local/otherrealm.org.crt
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.IP 3. 3
+generic value in the [libdefaults] section:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[libdefaults]
+    pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.SS Specifying PKINIT identity information
+.sp
+The syntax for specifying Public Key identity, trust, and revocation
+information for PKINIT is as follows:
+.INDENT 0.0
+.TP
+\fBFILE:\fP\fIfilename\fP[\fB,\fP\fIkeyfilename\fP]
+This option has context\-specific behavior.
+.sp
+In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIfilename\fP
+specifies the name of a PEM\-format file containing the user\(aqs
+certificate.  If \fIkeyfilename\fP is not specified, the user\(aqs
+private key is expected to be in \fIfilename\fP as well.  Otherwise,
+\fIkeyfilename\fP is the name of the file containing the private key.
+.sp
+In \fBpkinit_anchors\fP or \fBpkinit_pool\fP, \fIfilename\fP is assumed to
+be the name of an OpenSSL\-style ca\-bundle file.
+.TP
+\fBDIR:\fP\fIdirname\fP
+This option has context\-specific behavior.
+.sp
+In \fBpkinit_identity\fP or \fBpkinit_identities\fP, \fIdirname\fP
+specifies a directory with files named \fB*.crt\fP and \fB*.key\fP
+where the first part of the file name is the same for matching
+pairs of certificate and private key files.  When a file with a
+name ending with \fB\&.crt\fP is found, a matching file ending with
+\fB\&.key\fP is assumed to contain the private key.  If no such file
+is found, then the certificate in the \fB\&.crt\fP is not used.
+.sp
+In \fBpkinit_anchors\fP or \fBpkinit_pool\fP, \fIdirname\fP is assumed to
+be an OpenSSL\-style hashed CA directory where each CA cert is
+stored in a file named \fBhash\-of\-ca\-cert.#\fP\&.  This infrastructure
+is encouraged, but all files in the directory will be examined and
+if they contain certificates (in PEM format), they will be used.
+.sp
+In \fBpkinit_revoke\fP, \fIdirname\fP is assumed to be an OpenSSL\-style
+hashed CA directory where each revocation list is stored in a file
+named \fBhash\-of\-ca\-cert.r#\fP\&.  This infrastructure is encouraged,
+but all files in the directory will be examined and if they
+contain a revocation list (in PEM format), they will be used.
+.TP
+\fBPKCS12:\fP\fIfilename\fP
+\fIfilename\fP is the name of a PKCS #12 format file, containing the
+user\(aqs certificate and private key.
+.TP
+\fBPKCS11:\fP[\fBmodule_name=\fP]\fImodname\fP[\fB:slotid=\fP\fIslot\-id\fP][\fB:token=\fP\fItoken\-label\fP][\fB:certid=\fP\fIcert\-id\fP][\fB:certlabel=\fP\fIcert\-label\fP]
+All keyword/values are optional.  \fImodname\fP specifies the location
+of a library implementing PKCS #11.  If a value is encountered
+with no keyword, it is assumed to be the \fImodname\fP\&.  If no
+module\-name is specified, the default is \fB@PKCS11MOD@\fP\&.
+\fBslotid=\fP and/or \fBtoken=\fP may be specified to force the use of
+a particular smard card reader or token if there is more than one
+available.  \fBcertid=\fP and/or \fBcertlabel=\fP may be specified to
+force the selection of a particular certificate on the device.
+See the \fBpkinit_cert_match\fP configuration option for more ways
+to select a particular certificate to use for PKINIT.
+.TP
+\fBENV:\fP\fIenvvar\fP
+\fIenvvar\fP specifies the name of an environment variable which has
+been set to a value conforming to one of the previous values.  For
+example, \fBENV:X509_PROXY\fP, where environment variable
+\fBX509_PROXY\fP has been set to \fBFILE:/tmp/my_proxy.pem\fP\&.
+.UNINDENT
+.SS PKINIT krb5.conf options
+.INDENT 0.0
+.TP
+\fBpkinit_anchors\fP
+Specifies the location of trusted anchor (root) certificates which
+the client trusts to sign KDC certificates.  This option may be
+specified multiple times.  These values from the config file are
+not used if the user specifies X509_anchors on the command line.
+.TP
+\fBpkinit_cert_match\fP
+Specifies matching rules that the client certificate must match
+before it is used to attempt PKINIT authentication.  If a user has
+multiple certificates available (on a smart card, or via other
+media), there must be exactly one certificate chosen before
+attempting PKINIT authentication.  This option may be specified
+multiple times.  All the available certificates are checked
+against each rule in order until there is a match of exactly one
+certificate.
+.sp
+The Subject and Issuer comparison strings are the \fI\%RFC 2253\fP
+string representations from the certificate Subject DN and Issuer
+DN values.
+.sp
+The syntax of the matching rules is:
+.INDENT 7.0
+.INDENT 3.5
+[\fIrelation\-operator\fP]\fIcomponent\-rule\fP ...
+.UNINDENT
+.UNINDENT
+.sp
+where:
+.INDENT 7.0
+.TP
+.B \fIrelation\-operator\fP
+can be either \fB&&\fP, meaning all component rules must match,
+or \fB||\fP, meaning only one component rule must match.  The
+default is \fB&&\fP\&.
+.TP
+.B \fIcomponent\-rule\fP
+can be one of the following.  Note that there is no
+punctuation or whitespace between component rules.
+.INDENT 7.0
+.INDENT 3.5
+.nf
+\fB<SUBJECT>\fP\fIregular\-expression\fP
+\fB<ISSUER>\fP\fIregular\-expression\fP
+\fB<SAN>\fP\fIregular\-expression\fP
+\fB<EKU>\fP\fIextended\-key\-usage\-list\fP
+\fB<KU>\fP\fIkey\-usage\-list\fP
+.fi
+.sp
+.UNINDENT
+.UNINDENT
+.sp
+\fIextended\-key\-usage\-list\fP is a comma\-separated list of
+required Extended Key Usage values.  All values in the list
+must be present in the certificate.  Extended Key Usage values
+can be:
+.INDENT 7.0
+.IP \(bu 2
+pkinit
+.IP \(bu 2
+msScLogin
+.IP \(bu 2
+clientAuth
+.IP \(bu 2
+emailProtection
+.UNINDENT
+.sp
+\fIkey\-usage\-list\fP is a comma\-separated list of required Key
+Usage values.  All values in the list must be present in the
+certificate.  Key Usage values can be:
+.INDENT 7.0
+.IP \(bu 2
+digitalSignature
+.IP \(bu 2
+keyEncipherment
+.UNINDENT
+.UNINDENT
+.sp
+Examples:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+pkinit_cert_match = ||<SUBJECT>.*DoE.*<SAN>.*@EXAMPLE.COM
+pkinit_cert_match = &&<EKU>msScLogin,clientAuth<ISSUER>.*DoE.*
+pkinit_cert_match = <EKU>msScLogin,clientAuth<KU>digitalSignature
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.TP
+\fBpkinit_eku_checking\fP
+This option specifies what Extended Key Usage value the KDC
+certificate presented to the client must contain.  (Note that if
+the KDC certificate has the pkinit SubjectAlternativeName encoded
+as the Kerberos TGS name, EKU checking is not necessary since the
+issuing CA has certified this as a KDC certificate.)  The values
+recognized in the krb5.conf file are:
+.INDENT 7.0
+.TP
+\fBkpKDC\fP
+This is the default value and specifies that the KDC must have
+the id\-pkinit\-KPKdc EKU as defined in \fI\%RFC 4556\fP\&.
+.TP
+\fBkpServerAuth\fP
+If \fBkpServerAuth\fP is specified, a KDC certificate with the
+id\-kp\-serverAuth EKU will be accepted.  This key usage value
+is used in most commercially issued server certificates.
+.TP
+\fBnone\fP
+If \fBnone\fP is specified, then the KDC certificate will not be
+checked to verify it has an acceptable EKU.  The use of this
+option is not recommended.
+.UNINDENT
+.TP
+\fBpkinit_dh_min_bits\fP
+Specifies the size of the Diffie\-Hellman key the client will
+attempt to use.  The acceptable values are 1024, 2048, and 4096.
+The default is 2048.
+.TP
+\fBpkinit_identities\fP
+Specifies the location(s) to be used to find the user\(aqs X.509
+identity information.  If this option is specified multiple times,
+each value is attempted in order until certificates are found.
+Note that these values are not used if the user specifies
+\fBX509_user_identity\fP on the command line.
+.TP
+\fBpkinit_kdc_hostname\fP
+The presence of this option indicates that the client is willing
+to accept a KDC certificate with a dNSName SAN (Subject
+Alternative Name) rather than requiring the id\-pkinit\-san as
+defined in \fI\%RFC 4556\fP\&.  This option may be specified multiple
+times.  Its value should contain the acceptable hostname for the
+KDC (as contained in its certificate).
+.TP
+\fBpkinit_pool\fP
+Specifies the location of intermediate certificates which may be
+used by the client to complete the trust chain between a KDC
+certificate and a trusted anchor.  This option may be specified
+multiple times.
+.TP
+\fBpkinit_require_crl_checking\fP
+The default certificate verification process will always check the
+available revocation information to see if a certificate has been
+revoked.  If a match is found for the certificate in a CRL,
+verification fails.  If the certificate being verified is not
+listed in a CRL, or there is no CRL present for its issuing CA,
+and \fBpkinit_require_crl_checking\fP is false, then verification
+succeeds.
+.sp
+However, if \fBpkinit_require_crl_checking\fP is true and there is
+no CRL information available for the issuing CA, then verification
+fails.
+.sp
+\fBpkinit_require_crl_checking\fP should be set to true if the
+policy is such that up\-to\-date CRLs must be present for every CA.
+.TP
+\fBpkinit_revoke\fP
+Specifies the location of Certificate Revocation List (CRL)
+information to be used by the client when verifying the validity
+of the KDC certificate presented.  This option may be specified
+multiple times.
+.UNINDENT
+.SH PARAMETER EXPANSION
+.sp
+Starting with release 1.11, several variables, such as
+\fBdefault_keytab_name\fP, allow parameters to be expanded.
+Valid parameters are:
+.INDENT 0.0
+.INDENT 3.5
+.TS
+center;
+|l|l|.
+_
+T{
+%{TEMP}
+T}	T{
+Temporary directory
+T}
+_
+T{
+%{uid}
+T}	T{
+Unix real UID or Windows SID
+T}
+_
+T{
+%{euid}
+T}	T{
+Unix effective user ID or Windows SID
+T}
+_
+T{
+%{USERID}
+T}	T{
+Same as %{uid}
+T}
+_
+T{
+%{null}
+T}	T{
+Empty string
+T}
+_
+T{
+%{LIBDIR}
+T}	T{
+Installation library directory
+T}
+_
+T{
+%{BINDIR}
+T}	T{
+Installation binary directory
+T}
+_
+T{
+%{SBINDIR}
+T}	T{
+Installation admin binary directory
+T}
+_
+T{
+%{username}
+T}	T{
+(Unix) Username of effective user ID
+T}
+_
+T{
+%{APPDATA}
+T}	T{
+(Windows) Roaming application data for current user
+T}
+_
+T{
+%{COMMON_APPDATA}
+T}	T{
+(Windows) Application data for all users
+T}
+_
+T{
+%{LOCAL_APPDATA}
+T}	T{
+(Windows) Local application data for current user
+T}
+_
+T{
+%{SYSTEM}
+T}	T{
+(Windows) Windows system folder
+T}
+_
+T{
+%{WINDOWS}
+T}	T{
+(Windows) Windows folder
+T}
+_
+T{
+%{USERCONFIG}
+T}	T{
+(Windows) Per\-user MIT krb5 config file directory
+T}
+_
+T{
+%{COMMONCONFIG}
+T}	T{
+(Windows) Common MIT krb5 config file directory
+T}
+_
+.TE
+.UNINDENT
+.UNINDENT
+.SH SAMPLE KRB5.CONF FILE
+.sp
+Here is an example of a generic krb5.conf file:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+[libdefaults]
+    default_realm = ATHENA.MIT.EDU
+    dns_lookup_kdc = true
+    dns_lookup_realm = false
+
+[realms]
+    ATHENA.MIT.EDU = {
+        kdc = kerberos.mit.edu
+        kdc = kerberos\-1.mit.edu
+        kdc = kerberos\-2.mit.edu
+        admin_server = kerberos.mit.edu
+        primary_kdc = kerberos.mit.edu
+    }
+    EXAMPLE.COM = {
+        kdc = kerberos.example.com
+        kdc = kerberos\-1.example.com
+        admin_server = kerberos.example.com
+    }
+
+[domain_realm]
+    mit.edu = ATHENA.MIT.EDU
+
+[capaths]
+    ATHENA.MIT.EDU = {
+           EXAMPLE.COM = .
+    }
+    EXAMPLE.COM = {
+           ATHENA.MIT.EDU = .
+    }
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH FILES
+.sp
+\fB/etc/krb5.conf\fP
+.SH SEE ALSO
+.sp
+syslog(3)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/krb5kdc.man b/krb5-1.21.3/src/man/krb5kdc.man
new file mode 100644
index 00000000..dc6bc4da
--- /dev/null
+++ b/krb5-1.21.3/src/man/krb5kdc.man
@@ -0,0 +1,140 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KRB5KDC" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+krb5kdc \- Kerberos V5 KDC
+.SH SYNOPSIS
+.sp
+\fBkrb5kdc\fP
+[\fB\-x\fP \fIdb_args\fP]
+[\fB\-d\fP \fIdbname\fP]
+[\fB\-k\fP \fIkeytype\fP]
+[\fB\-M\fP \fImkeyname\fP]
+[\fB\-p\fP \fIportnum\fP]
+[\fB\-m\fP]
+[\fB\-r\fP \fIrealm\fP]
+[\fB\-n\fP]
+[\fB\-w\fP \fInumworkers\fP]
+[\fB\-P\fP \fIpid_file\fP]
+[\fB\-T\fP \fItime_offset\fP]
+.SH DESCRIPTION
+.sp
+krb5kdc is the Kerberos version 5 Authentication Service and Key
+Distribution Center (AS/KDC).
+.SH OPTIONS
+.sp
+The \fB\-r\fP \fIrealm\fP option specifies the realm for which the server
+should provide service.  This option may be specified multiple times
+to serve multiple realms.  If no \fB\-r\fP option is given, the default
+realm (as specified in krb5.conf(5)) will be served.
+.sp
+The \fB\-d\fP \fIdbname\fP option specifies the name under which the
+principal database can be found.  This option does not apply to the
+LDAP database.
+.sp
+The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
+to be entered manually as a password when \fB\-m\fP is given; the default
+is \fBaes256\-cts\-hmac\-sha1\-96\fP\&.
+.sp
+The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
+master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
+.sp
+The \fB\-m\fP option specifies that the master database password should
+be fetched from the keyboard rather than from a stash file.
+.sp
+The \fB\-n\fP option specifies that the KDC does not put itself in the
+background and does not disassociate itself from the terminal.
+.sp
+The \fB\-P\fP \fIpid_file\fP option tells the KDC to write its PID into
+\fIpid_file\fP after it starts up.  This can be used to identify whether
+the KDC is still running and to allow init scripts to stop the correct
+process.
+.sp
+The \fB\-p\fP \fIportnum\fP option specifies the default UDP and TCP port
+numbers which the KDC should listen on for Kerberos version 5
+requests, as a comma\-separated list.  This value overrides the port
+numbers specified in the kdcdefaults section of
+kdc.conf(5), but may be overridden by realm\-specific values.
+If no value is given from any source, the default port is 88.
+.sp
+The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP
+processes to listen to the KDC ports and process requests in parallel.
+The top level KDC process (whose pid is recorded in the pid file if
+the \fB\-P\fP option is also given) acts as a supervisor.  The supervisor
+will relay SIGHUP signals to the worker subprocesses, and will
+terminate the worker subprocess if the it is itself terminated or if
+any other worker process exits.
+.sp
+The \fB\-x\fP \fIdb_args\fP option specifies database\-specific arguments.
+See Database Options in kadmin(1) for
+supported arguments.
+.sp
+The \fB\-T\fP \fIoffset\fP option specifies a time offset, in seconds, which
+the KDC will operate under.  It is intended only for testing purposes.
+.SH EXAMPLE
+.sp
+The KDC may service requests for multiple realms (maximum 32 realms).
+The realms are listed on the command line.  Per\-realm options that can
+be specified on the command line pertain for each realm that follows
+it and are superseded by subsequent definitions of the same option.
+.sp
+For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+krb5kdc \-p 2001 \-r REALM1 \-p 2002 \-r REALM2 \-r REALM3
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+specifies that the KDC listen on port 2001 for REALM1 and on port 2002
+for REALM2 and REALM3.  Additionally, per\-realm parameters may be
+specified in the kdc.conf(5) file.  The location of this file
+may be specified by the \fBKRB5_KDC_PROFILE\fP environment variable.
+Per\-realm parameters specified in this file take precedence over
+options specified on the command line.  See the kdc.conf(5)
+description for further details.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kdb5_util(8), kdc.conf(5), krb5.conf(5),
+kdb5_ldap_util(8), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/ksu.man b/krb5-1.21.3/src/man/ksu.man
new file mode 100644
index 00000000..bb871131
--- /dev/null
+++ b/krb5-1.21.3/src/man/ksu.man
@@ -0,0 +1,479 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KSU" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+ksu \- Kerberized super-user
+.SH SYNOPSIS
+.sp
+\fBksu\fP
+[ \fItarget_user\fP ]
+[ \fB\-n\fP \fItarget_principal_name\fP ]
+[ \fB\-c\fP \fIsource_cache_name\fP ]
+[ \fB\-k\fP ]
+[ \fB\-r\fP time ]
+[ \fB\-p\fP | \fB\-P\fP]
+[ \fB\-f\fP | \fB\-F\fP]
+[ \fB\-l\fP \fIlifetime\fP ]
+[ \fB\-z | Z\fP ]
+[ \fB\-q\fP ]
+[ \fB\-e\fP \fIcommand\fP [ args ...  ] ] [ \fB\-a\fP [ args ...  ] ]
+.SH REQUIREMENTS
+.sp
+Must have Kerberos version 5 installed to compile ksu.  Must have a
+Kerberos version 5 server running to use ksu.
+.SH DESCRIPTION
+.sp
+ksu is a Kerberized version of the su program that has two missions:
+one is to securely change the real and effective user ID to that of
+the target user, and the other is to create a new security context.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+For the sake of clarity, all references to and attributes of
+the user invoking the program will start with "source"
+(e.g., "source user", "source cache", etc.).
+.sp
+Likewise, all references to and attributes of the target
+account will start with "target".
+.UNINDENT
+.UNINDENT
+.SH AUTHENTICATION
+.sp
+To fulfill the first mission, ksu operates in two phases:
+authentication and authorization.  Resolving the target principal name
+is the first step in authentication.  The user can either specify his
+principal name with the \fB\-n\fP option (e.g., \fB\-n jqpublic@USC.EDU\fP)
+or a default principal name will be assigned using a heuristic
+described in the OPTIONS section (see \fB\-n\fP option).  The target user
+name must be the first argument to ksu; if not specified root is the
+default.  If \fB\&.\fP is specified then the target user will be the
+source user (e.g., \fBksu .\fP).  If the source user is root or the
+target user is the source user, no authentication or authorization
+takes place.  Otherwise, ksu looks for an appropriate Kerberos ticket
+in the source cache.
+.sp
+The ticket can either be for the end\-server or a ticket granting
+ticket (TGT) for the target principal\(aqs realm.  If the ticket for the
+end\-server is already in the cache, it\(aqs decrypted and verified.  If
+it\(aqs not in the cache but the TGT is, the TGT is used to obtain the
+ticket for the end\-server.  The end\-server ticket is then verified.
+If neither ticket is in the cache, but ksu is compiled with the
+\fBGET_TGT_VIA_PASSWD\fP define, the user will be prompted for a
+Kerberos password which will then be used to get a TGT.  If the user
+is logged in remotely and does not have a secure channel, the password
+may be exposed.  If neither ticket is in the cache and
+\fBGET_TGT_VIA_PASSWD\fP is not defined, authentication fails.
+.SH AUTHORIZATION
+.sp
+This section describes authorization of the source user when ksu is
+invoked without the \fB\-e\fP option.  For a description of the \fB\-e\fP
+option, see the OPTIONS section.
+.sp
+Upon successful authentication, ksu checks whether the target
+principal is authorized to access the target account.  In the target
+user\(aqs home directory, ksu attempts to access two authorization files:
+\&.k5login(5) and .k5users.  In the .k5login file each line
+contains the name of a principal that is authorized to access the
+account.
+.sp
+For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+jqpublic@USC.EDU
+jqpublic/secure@USC.EDU
+jqpublic/admin@USC.EDU
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The format of .k5users is the same, except the principal name may be
+followed by a list of commands that the principal is authorized to
+execute (see the \fB\-e\fP option in the OPTIONS section for details).
+.sp
+Thus if the target principal name is found in the .k5login file the
+source user is authorized to access the target account.  Otherwise ksu
+looks in the .k5users file.  If the target principal name is found
+without any trailing commands or followed only by \fB*\fP then the
+source user is authorized.  If either .k5login or .k5users exist but
+an appropriate entry for the target principal does not exist then
+access is denied.  If neither file exists then the principal will be
+granted access to the account according to the aname\->lname mapping
+rules.  Otherwise, authorization fails.
+.SH EXECUTION OF THE TARGET SHELL
+.sp
+Upon successful authentication and authorization, ksu proceeds in a
+similar fashion to su.  The environment is unmodified with the
+exception of USER, HOME and SHELL variables.  If the target user is
+not root, USER gets set to the target user name.  Otherwise USER
+remains unchanged.  Both HOME and SHELL are set to the target login\(aqs
+default values.  In addition, the environment variable \fBKRB5CCNAME\fP
+gets set to the name of the target cache.  The real and effective user
+ID are changed to that of the target user.  The target user\(aqs shell is
+then invoked (the shell name is specified in the password file).  Upon
+termination of the shell, ksu deletes the target cache (unless ksu is
+invoked with the \fB\-k\fP option).  This is implemented by first doing a
+fork and then an exec, instead of just exec, as done by su.
+.SH CREATING A NEW SECURITY CONTEXT
+.sp
+ksu can be used to create a new security context for the target
+program (either the target shell, or command specified via the \fB\-e\fP
+option).  The target program inherits a set of credentials from the
+source user.  By default, this set includes all of the credentials in
+the source cache plus any additional credentials obtained during
+authentication.  The source user is able to limit the credentials in
+this set by using \fB\-z\fP or \fB\-Z\fP option.  \fB\-z\fP restricts the copy
+of tickets from the source cache to the target cache to only the
+tickets where client == the target principal name.  The \fB\-Z\fP option
+provides the target user with a fresh target cache (no creds in the
+cache).  Note that for security reasons, when the source user is root
+and target user is non\-root, \fB\-z\fP option is the default mode of
+operation.
+.sp
+While no authentication takes place if the source user is root or is
+the same as the target user, additional tickets can still be obtained
+for the target cache.  If \fB\-n\fP is specified and no credentials can
+be copied to the target cache, the source user is prompted for a
+Kerberos password (unless \fB\-Z\fP specified or \fBGET_TGT_VIA_PASSWD\fP
+is undefined).  If successful, a TGT is obtained from the Kerberos
+server and stored in the target cache.  Otherwise, if a password is
+not provided (user hit return) ksu continues in a normal mode of
+operation (the target cache will not contain the desired TGT).  If the
+wrong password is typed in, ksu fails.
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+During authentication, only the tickets that could be
+obtained without providing a password are cached in the
+source cache.
+.UNINDENT
+.UNINDENT
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-n\fP \fItarget_principal_name\fP
+Specify a Kerberos target principal name.  Used in authentication
+and authorization phases of ksu.
+.sp
+If ksu is invoked without \fB\-n\fP, a default principal name is
+assigned via the following heuristic:
+.INDENT 7.0
+.IP \(bu 2
+Case 1: source user is non\-root.
+.sp
+If the target user is the source user the default principal name
+is set to the default principal of the source cache.  If the
+cache does not exist then the default principal name is set to
+\fBtarget_user@local_realm\fP\&.  If the source and target users are
+different and neither \fB~target_user/.k5users\fP nor
+\fB~target_user/.k5login\fP exist then the default principal name
+is \fBtarget_user_login_name@local_realm\fP\&.  Otherwise, starting
+with the first principal listed below, ksu checks if the
+principal is authorized to access the target account and whether
+there is a legitimate ticket for that principal in the source
+cache.  If both conditions are met that principal becomes the
+default target principal, otherwise go to the next principal.
+.INDENT 2.0
+.IP a. 3
+default principal of the source cache
+.IP b. 3
+target_user@local_realm
+.IP c. 3
+source_user@local_realm
+.UNINDENT
+.sp
+If a\-c fails try any principal for which there is a ticket in
+the source cache and that is authorized to access the target
+account.  If that fails select the first principal that is
+authorized to access the target account from the above list.  If
+none are authorized and ksu is configured with
+\fBPRINC_LOOK_AHEAD\fP turned on, select the default principal as
+follows:
+.sp
+For each candidate in the above list, select an authorized
+principal that has the same realm name and first part of the
+principal name equal to the prefix of the candidate.  For
+example if candidate a) is \fBjqpublic@ISI.EDU\fP and
+\fBjqpublic/secure@ISI.EDU\fP is authorized to access the target
+account then the default principal is set to
+\fBjqpublic/secure@ISI.EDU\fP\&.
+.IP \(bu 2
+Case 2: source user is root.
+.sp
+If the target user is non\-root then the default principal name
+is \fBtarget_user@local_realm\fP\&.  Else, if the source cache
+exists the default principal name is set to the default
+principal of the source cache.  If the source cache does not
+exist, default principal name is set to \fBroot\e@local_realm\fP\&.
+.UNINDENT
+.UNINDENT
+.sp
+\fB\-c\fP \fIsource_cache_name\fP
+.INDENT 0.0
+.INDENT 3.5
+Specify source cache name (e.g., \fB\-c FILE:/tmp/my_cache\fP).  If
+\fB\-c\fP option is not used then the name is obtained from
+\fBKRB5CCNAME\fP environment variable.  If \fBKRB5CCNAME\fP is not
+defined the source cache name is set to \fBkrb5cc_<source uid>\fP\&.
+The target cache name is automatically set to \fBkrb5cc_<target
+uid>.(gen_sym())\fP, where gen_sym generates a new number such that
+the resulting cache does not already exist.  For example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+krb5cc_1984.2
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.TP
+\fB\-k\fP
+Do not delete the target cache upon termination of the target
+shell or a command (\fB\-e\fP command).  Without \fB\-k\fP, ksu deletes
+the target cache.
+.TP
+\fB\-z\fP
+Restrict the copy of tickets from the source cache to the target
+cache to only the tickets where client == the target principal
+name.  Use the \fB\-n\fP option if you want the tickets for other then
+the default principal.  Note that the \fB\-z\fP option is mutually
+exclusive with the \fB\-Z\fP option.
+.TP
+\fB\-Z\fP
+Don\(aqt copy any tickets from the source cache to the target cache.
+Just create a fresh target cache, where the default principal name
+of the cache is initialized to the target principal name.  Note
+that the \fB\-Z\fP option is mutually exclusive with the \fB\-z\fP
+option.
+.TP
+\fB\-q\fP
+Suppress the printing of status messages.
+.UNINDENT
+.sp
+Ticket granting ticket options:
+.INDENT 0.0
+.TP
+\fB\-l\fP \fIlifetime\fP \fB\-r\fP \fItime\fP \fB\-p\fP \fB\-P\fP \fB\-f\fP \fB\-F\fP
+The ticket granting ticket options only apply to the case where
+there are no appropriate tickets in the cache to authenticate the
+source user.  In this case if ksu is configured to prompt users
+for a Kerberos password (\fBGET_TGT_VIA_PASSWD\fP is defined), the
+ticket granting ticket options that are specified will be used
+when getting a ticket granting ticket from the Kerberos server.
+.TP
+\fB\-l\fP \fIlifetime\fP
+(duration string.)  Specifies the lifetime to be requested
+for the ticket; if this option is not specified, the default ticket
+lifetime (12 hours) is used instead.
+.TP
+\fB\-r\fP \fItime\fP
+(duration string.)  Specifies that the \fBrenewable\fP option
+should be requested for the ticket, and specifies the desired
+total lifetime of the ticket.
+.TP
+\fB\-p\fP
+specifies that the \fBproxiable\fP option should be requested for
+the ticket.
+.TP
+\fB\-P\fP
+specifies that the \fBproxiable\fP option should not be requested
+for the ticket, even if the default configuration is to ask for
+proxiable tickets.
+.TP
+\fB\-f\fP
+option specifies that the \fBforwardable\fP option should be
+requested for the ticket.
+.TP
+\fB\-F\fP
+option specifies that the \fBforwardable\fP option should not be
+requested for the ticket, even if the default configuration is to
+ask for forwardable tickets.
+.TP
+\fB\-e\fP \fIcommand\fP [\fIargs\fP ...]
+ksu proceeds exactly the same as if it was invoked without the
+\fB\-e\fP option, except instead of executing the target shell, ksu
+executes the specified command. Example of usage:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ksu bob \-e ls \-lag
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+The authorization algorithm for \fB\-e\fP is as follows:
+.sp
+If the source user is root or source user == target user, no
+authorization takes place and the command is executed.  If source
+user id != 0, and \fB~target_user/.k5users\fP file does not exist,
+authorization fails.  Otherwise, \fB~target_user/.k5users\fP file
+must have an appropriate entry for target principal to get
+authorized.
+.sp
+The .k5users file format:
+.sp
+A single principal entry on each line that may be followed by a
+list of commands that the principal is authorized to execute.  A
+principal name followed by a \fB*\fP means that the user is
+authorized to execute any command.  Thus, in the following
+example:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+jqpublic@USC.EDU ls mail /local/kerberos/klist
+jqpublic/secure@USC.EDU *
+jqpublic/admin@USC.EDU
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fBjqpublic@USC.EDU\fP is only authorized to execute \fBls\fP,
+\fBmail\fP and \fBklist\fP commands.  \fBjqpublic/secure@USC.EDU\fP is
+authorized to execute any command.  \fBjqpublic/admin@USC.EDU\fP is
+not authorized to execute any command.  Note, that
+\fBjqpublic/admin@USC.EDU\fP is authorized to execute the target
+shell (regular ksu, without the \fB\-e\fP option) but
+\fBjqpublic@USC.EDU\fP is not.
+.sp
+The commands listed after the principal name must be either a full
+path names or just the program name.  In the second case,
+\fBCMD_PATH\fP specifying the location of authorized programs must
+be defined at the compilation time of ksu.  Which command gets
+executed?
+.sp
+If the source user is root or the target user is the source user
+or the user is authorized to execute any command (\fB*\fP entry)
+then command can be either a full or a relative path leading to
+the target program.  Otherwise, the user must specify either a
+full path or just the program name.
+.TP
+\fB\-a\fP \fIargs\fP
+Specify arguments to be passed to the target shell.  Note that all
+flags and parameters following \-a will be passed to the shell,
+thus all options intended for ksu must precede \fB\-a\fP\&.
+.sp
+The \fB\-a\fP option can be used to simulate the \fB\-e\fP option if
+used as follows:
+.INDENT 7.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+\-a \-c [command [arguments]].
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+\fB\-c\fP is interpreted by the c\-shell to execute the command.
+.UNINDENT
+.SH INSTALLATION INSTRUCTIONS
+.sp
+ksu can be compiled with the following four flags:
+.INDENT 0.0
+.TP
+\fBGET_TGT_VIA_PASSWD\fP
+In case no appropriate tickets are found in the source cache, the
+user will be prompted for a Kerberos password.  The password is
+then used to get a ticket granting ticket from the Kerberos
+server.  The danger of configuring ksu with this macro is if the
+source user is logged in remotely and does not have a secure
+channel, the password may get exposed.
+.TP
+\fBPRINC_LOOK_AHEAD\fP
+During the resolution of the default principal name,
+\fBPRINC_LOOK_AHEAD\fP enables ksu to find principal names in
+the .k5users file as described in the OPTIONS section
+(see \fB\-n\fP option).
+.TP
+\fBCMD_PATH\fP
+Specifies a list of directories containing programs that users are
+authorized to execute (via .k5users file).
+.TP
+\fBHAVE_GETUSERSHELL\fP
+If the source user is non\-root, ksu insists that the target user\(aqs
+shell to be invoked is a "legal shell".  \fIgetusershell(3)\fP is
+called to obtain the names of "legal shells".  Note that the
+target user\(aqs shell is obtained from the passwd file.
+.UNINDENT
+.sp
+Sample configuration:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+KSU_OPTS = \-DGET_TGT_VIA_PASSWD \-DPRINC_LOOK_AHEAD \-DCMD_PATH=\(aq"/bin /usr/ucb /local/bin"
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+ksu should be owned by root and have the set user id bit turned on.
+.sp
+ksu attempts to get a ticket for the end server just as Kerberized
+telnet and rlogin.  Thus, there must be an entry for the server in the
+Kerberos database (e.g., \fBhost/nii.isi.edu@ISI.EDU\fP).  The keytab
+file must be in an appropriate location.
+.SH SIDE EFFECTS
+.sp
+ksu deletes all expired tickets from the source cache.
+.SH AUTHOR OF KSU
+.sp
+GENNADY (ARI) MEDVINSKY
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kerberos(7), kinit(1)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kswitch.man b/krb5-1.21.3/src/man/kswitch.man
new file mode 100644
index 00000000..83ae58fc
--- /dev/null
+++ b/krb5-1.21.3/src/man/kswitch.man
@@ -0,0 +1,71 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KSWITCH" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kswitch \- switch primary ticket cache
+.SH SYNOPSIS
+.sp
+\fBkswitch\fP
+{\fB\-c\fP \fIcachename\fP|\fB\-p\fP \fIprincipal\fP}
+.SH DESCRIPTION
+.sp
+kswitch makes the specified credential cache the primary cache for the
+collection, if a cache collection is available.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-c\fP \fIcachename\fP
+Directly specifies the credential cache to be made primary.
+.TP
+\fB\-p\fP \fIprincipal\fP
+Causes the cache collection to be searched for a cache containing
+credentials for \fIprincipal\fP\&.  If one is found, that collection is
+made primary.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH FILES
+.INDENT 0.0
+.TP
+.B \fB@CCNAME@\fP
+Default location of Kerberos 5 credentials cache
+.UNINDENT
+.SH SEE ALSO
+.sp
+kinit(1), kdestroy(1), klist(1),
+kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/ktutil.man b/krb5-1.21.3/src/man/ktutil.man
new file mode 100644
index 00000000..63466cf1
--- /dev/null
+++ b/krb5-1.21.3/src/man/ktutil.man
@@ -0,0 +1,164 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KTUTIL" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+ktutil \- Kerberos keytab file maintenance utility
+.SH SYNOPSIS
+.sp
+\fBktutil\fP
+.SH DESCRIPTION
+.sp
+The ktutil command invokes a command interface from which an
+administrator can read, write, or edit entries in a keytab.  (Kerberos
+V4 srvtab files are no longer supported.)
+.SH COMMANDS
+.SS list
+.INDENT 0.0
+.INDENT 3.5
+\fBlist\fP [\fB\-t\fP] [\fB\-k\fP] [\fB\-e\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Displays the current keylist.  If \fB\-t\fP, \fB\-k\fP, and/or \fB\-e\fP are
+specified, also display the timestamp, key contents, or enctype
+(respectively).
+.sp
+Alias: \fBl\fP
+.SS read_kt
+.INDENT 0.0
+.INDENT 3.5
+\fBread_kt\fP \fIkeytab\fP
+.UNINDENT
+.UNINDENT
+.sp
+Read the Kerberos V5 keytab file \fIkeytab\fP into the current keylist.
+.sp
+Alias: \fBrkt\fP
+.SS write_kt
+.INDENT 0.0
+.INDENT 3.5
+\fBwrite_kt\fP \fIkeytab\fP
+.UNINDENT
+.UNINDENT
+.sp
+Write the current keylist into the Kerberos V5 keytab file \fIkeytab\fP\&.
+.sp
+Alias: \fBwkt\fP
+.SS clear_list
+.INDENT 0.0
+.INDENT 3.5
+\fBclear_list\fP
+.UNINDENT
+.UNINDENT
+.sp
+Clear the current keylist.
+.sp
+Alias: \fBclear\fP
+.SS delete_entry
+.INDENT 0.0
+.INDENT 3.5
+\fBdelete_entry\fP \fIslot\fP
+.UNINDENT
+.UNINDENT
+.sp
+Delete the entry in slot number \fIslot\fP from the current keylist.
+.sp
+Alias: \fBdelent\fP
+.SS add_entry
+.INDENT 0.0
+.INDENT 3.5
+\fBadd_entry\fP {\fB\-key\fP|\fB\-password\fP} \fB\-p\fP \fIprincipal\fP
+\fB\-k\fP \fIkvno\fP [\fB\-e\fP \fIenctype\fP] [\fB\-f\fP|\fB\-s\fP \fIsalt\fP]
+.UNINDENT
+.UNINDENT
+.sp
+Add \fIprincipal\fP to keylist using key or password.  If the \fB\-f\fP flag
+is specified, salt information will be fetched from the KDC; in this
+case the \fB\-e\fP flag may be omitted, or it may be supplied to force a
+particular enctype.  If the \fB\-f\fP flag is not specified, the \fB\-e\fP
+flag must be specified, and the default salt will be used unless
+overridden with the \fB\-s\fP option.
+.sp
+Alias: \fBaddent\fP
+.SS list_requests
+.INDENT 0.0
+.INDENT 3.5
+\fBlist_requests\fP
+.UNINDENT
+.UNINDENT
+.sp
+Displays a listing of available commands.
+.sp
+Aliases: \fBlr\fP, \fB?\fP
+.SS quit
+.INDENT 0.0
+.INDENT 3.5
+\fBquit\fP
+.UNINDENT
+.UNINDENT
+.sp
+Quits ktutil.
+.sp
+Aliases: \fBexit\fP, \fBq\fP
+.SH EXAMPLE
+.INDENT 0.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ktutil:  add_entry \-password \-p alice@BLEEP.COM \-k 1 \-e
+    aes128\-cts\-hmac\-sha1\-96
+Password for alice@BLEEP.COM:
+ktutil:  add_entry \-password \-p alice@BLEEP.COM \-k 1 \-e
+    aes256\-cts\-hmac\-sha1\-96
+Password for alice@BLEEP.COM:
+ktutil:  write_kt alice.keytab
+ktutil:
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kadmin(1), kdb5_util(8), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/kvno.man b/krb5-1.21.3/src/man/kvno.man
new file mode 100644
index 00000000..9b5cd391
--- /dev/null
+++ b/krb5-1.21.3/src/man/kvno.man
@@ -0,0 +1,141 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "KVNO" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+kvno \- print key version numbers of Kerberos principals
+.SH SYNOPSIS
+.sp
+\fBkvno\fP
+[\fB\-c\fP \fIccache\fP]
+[\fB\-e\fP \fIetype\fP]
+[\fB\-k\fP \fIkeytab\fP]
+[\fB\-q\fP]
+[\fB\-u\fP | \fB\-S\fP \fIsname\fP]
+[\fB\-P\fP]
+[\fB\-\-cached\-only\fP]
+[\fB\-\-no\-store\fP]
+[\fB\-\-out\-cache\fP \fIcache\fP]
+[[{\fB\-F\fP \fIcert_file\fP | {\fB\-I\fP | \fB\-U\fP} \fIfor_user\fP} [\fB\-P\fP]] | \fB\-\-u2u\fP \fIccache\fP]
+\fIservice1 service2\fP ...
+.SH DESCRIPTION
+.sp
+kvno acquires a service ticket for the specified Kerberos principals
+and prints out the key version numbers of each.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+\fB\-c\fP \fIccache\fP
+Specifies the name of a credentials cache to use (if not the
+default)
+.TP
+\fB\-e\fP \fIetype\fP
+Specifies the enctype which will be requested for the session key
+of all the services named on the command line.  This is useful in
+certain backward compatibility situations.
+.TP
+\fB\-k\fP \fIkeytab\fP
+Decrypt the acquired tickets using \fIkeytab\fP to confirm their
+validity.
+.TP
+\fB\-q\fP
+Suppress printing output when successful.  If a service ticket
+cannot be obtained, an error message will still be printed and
+kvno will exit with nonzero status.
+.TP
+\fB\-u\fP
+Use the unknown name type in requested service principal names.
+This option Cannot be used with \fI\-S\fP\&.
+.TP
+\fB\-P\fP
+Specifies that the \fIservice1 service2\fP ...  arguments are to be
+treated as services for which credentials should be acquired using
+constrained delegation.  This option is only valid when used in
+conjunction with protocol transition.
+.TP
+\fB\-S\fP \fIsname\fP
+Specifies that the \fIservice1 service2\fP ... arguments are
+interpreted as hostnames, and the service principals are to be
+constructed from those hostnames and the service name \fIsname\fP\&.
+The service hostnames will be canonicalized according to the usual
+rules for constructing service principals.
+.TP
+\fB\-I\fP \fIfor_user\fP
+Specifies that protocol transition (S4U2Self) is to be used to
+acquire a ticket on behalf of \fIfor_user\fP\&.  If constrained
+delegation is not requested, the service name must match the
+credentials cache client principal.
+.TP
+\fB\-U\fP \fIfor_user\fP
+Same as \-I, but treats \fIfor_user\fP as an enterprise name.
+.TP
+\fB\-F\fP \fIcert_file\fP
+Specifies that protocol transition is to be used, identifying the
+client principal with the X.509 certificate in \fIcert_file\fP\&.  The
+certificate file must be in PEM format.
+.TP
+\fB\-\-cached\-only\fP
+Only retrieve credentials already present in the cache, not from
+the KDC.  (Added in release 1.19.)
+.TP
+\fB\-\-no\-store\fP
+Do not store retrieved credentials in the cache.  If
+\fB\-\-out\-cache\fP is also specified, credentials will still be
+stored into the output credential cache.  (Added in release 1.19.)
+.TP
+\fB\-\-out\-cache\fP \fIccache\fP
+Initialize \fIccache\fP and store all retrieved credentials into it.
+Do not store acquired credentials in the input cache.  (Added in
+release 1.19.)
+.TP
+\fB\-\-u2u\fP \fIccache\fP
+Requests a user\-to\-user ticket.  \fIccache\fP must contain a local
+krbtgt ticket for the server principal.  The reported version
+number will typically be 0, as the resulting ticket is not
+encrypted in the server\(aqs long\-term key.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH FILES
+.INDENT 0.0
+.TP
+.B \fB@CCNAME@\fP
+Default location of the credentials cache
+.UNINDENT
+.SH SEE ALSO
+.sp
+kinit(1), kdestroy(1), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/sclient.man b/krb5-1.21.3/src/man/sclient.man
new file mode 100644
index 00000000..0ccd1947
--- /dev/null
+++ b/krb5-1.21.3/src/man/sclient.man
@@ -0,0 +1,54 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "SCLIENT" "1" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+sclient \- sample Kerberos version 5 client
+.SH SYNOPSIS
+.sp
+\fBsclient\fP \fIremotehost\fP
+.SH DESCRIPTION
+.sp
+sclient is a sample application, primarily useful for testing
+purposes.  It contacts a sample server sserver(8) and
+authenticates to it using Kerberos version 5 tickets, then displays
+the server\(aqs response.
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+kinit(1), sserver(8), kerberos(7)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/man/sserver.man b/krb5-1.21.3/src/man/sserver.man
new file mode 100644
index 00000000..59de1631
--- /dev/null
+++ b/krb5-1.21.3/src/man/sserver.man
@@ -0,0 +1,198 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "SSERVER" "8" " " "1.21.3" "MIT Kerberos"
+.SH NAME
+sserver \- sample Kerberos version 5 server
+.SH SYNOPSIS
+.sp
+\fBsserver\fP
+[ \fB\-p\fP \fIport\fP ]
+[ \fB\-S\fP \fIkeytab\fP ]
+[ \fIserver_port\fP ]
+.SH DESCRIPTION
+.sp
+sserver and sclient(1) are a simple demonstration client/server
+application.  When sclient connects to sserver, it performs a Kerberos
+authentication, and then sserver returns to sclient the Kerberos
+principal which was used for the Kerberos authentication.  It makes a
+good test that Kerberos has been successfully installed on a machine.
+.sp
+The service name used by sserver and sclient is sample.  Hence,
+sserver will require that there be a keytab entry for the service
+\fBsample/hostname.domain.name@REALM.NAME\fP\&.  This keytab is generated
+using the kadmin(1) program.  The keytab file is usually
+installed as \fB@KTNAME@\fP\&.
+.sp
+The \fB\-S\fP option allows for a different keytab than the default.
+.sp
+sserver is normally invoked out of inetd(8), using a line in
+\fB/etc/inetd.conf\fP that looks like this:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+sample stream tcp nowait root /usr/local/sbin/sserver sserver
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Since \fBsample\fP is normally not a port defined in \fB/etc/services\fP,
+you will usually have to add a line to \fB/etc/services\fP which looks
+like this:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+sample          13135/tcp
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+When using sclient, you will first have to have an entry in the
+Kerberos database, by using kadmin(1), and then you have to get
+Kerberos tickets, by using kinit(1)\&.  Also, if you are running
+the sclient program on a different host than the sserver it will be
+connecting to, be sure that both hosts have an entry in /etc/services
+for the sample tcp port, and that the same port number is in both
+files.
+.sp
+When you run sclient you should see something like this:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+sendauth succeeded, reply is:
+reply len 32, contents:
+You are nlgilman@JIMI.MIT.EDU
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.SH COMMON ERROR MESSAGES
+.INDENT 0.0
+.IP 1. 3
+kinit returns the error:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+kinit: Client not found in Kerberos database while getting
+       initial credentials
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This means that you didn\(aqt create an entry for your username in the
+Kerberos database.
+.IP 2. 3
+sclient returns the error:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+unknown service sample/tcp; check /etc/services
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This means that you don\(aqt have an entry in /etc/services for the
+sample tcp port.
+.IP 3. 3
+sclient returns the error:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+connect: Connection refused
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This probably means you didn\(aqt edit /etc/inetd.conf correctly, or
+you didn\(aqt restart inetd after editing inetd.conf.
+.IP 4. 3
+sclient returns the error:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+sclient: Server not found in Kerberos database while using
+         sendauth
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This means that the \fBsample/hostname@LOCAL.REALM\fP service was not
+defined in the Kerberos database; it should be created using
+kadmin(1), and a keytab file needs to be generated to make
+the key for that service principal available for sclient.
+.IP 5. 3
+sclient returns the error:
+.INDENT 3.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+sendauth rejected, error reply is:
+    "No such file or directory"
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+This probably means sserver couldn\(aqt find the keytab file.  It was
+probably not installed in the proper directory.
+.UNINDENT
+.SH ENVIRONMENT
+.sp
+See kerberos(7) for a description of Kerberos environment
+variables.
+.SH SEE ALSO
+.sp
+sclient(1), kerberos(7), services(5), inetd(8)
+.SH AUTHOR
+MIT
+.SH COPYRIGHT
+1985-2024, MIT
+.\" Generated by docutils manpage writer.
+.
diff --git a/krb5-1.21.3/src/patchlevel.h b/krb5-1.21.3/src/patchlevel.h
new file mode 100644
index 00000000..b6baf771
--- /dev/null
+++ b/krb5-1.21.3/src/patchlevel.h
@@ -0,0 +1,57 @@
+/* patchlevel.h */
+/*
+ * Copyright (C) 2004-2006 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This is the master file for version stamping purposes.  The
+ * checked-in version will contain the correct version information at
+ * all times.  Prior to an official release x.y.z,
+ * KRB5_MAJOR_RELEASE=x, KRB5_MINOR_RELEASE=y, and KRB5_PATCHLEVEL=z.
+ * KRB5_RELTAIL will reflect the release state.  It will be
+ * "prerelease" for unreleased code either on the trunk or on a
+ * release branch.  It will be undefined for a final release.
+ *
+ * Immediately following a final release, the release version numbers
+ * will be incremented, and KRB5_RELTAIL will revert to "prerelease".
+ *
+ * KRB5_RELTAG contains the CVS tag name corresponding to the release.
+ * KRB5_RELDATE identifies the date of the release.  They should
+ * normally be undefined for checked-in code.
+ */
+
+/*
+ * ==========
+ * IMPORTANT:
+ * ==========
+ *
+ * If you are a vendor supplying modified code derived from MIT
+ * Kerberos, you SHOULD update KRB5_RELTAIL to identify your
+ * organization.
+ */
+#define KRB5_MAJOR_RELEASE 1
+#define KRB5_MINOR_RELEASE 21
+#define KRB5_PATCHLEVEL 3
+/* #undef KRB5_RELTAIL */
+#define KRB5_RELDATE "20240626"
+#define KRB5_RELTAG "krb5-1.21.3-final"
diff --git a/krb5-1.21.3/src/plugins/audit/Makefile.in b/krb5-1.21.3/src/plugins/audit/Makefile.in
new file mode 100644
index 00000000..e2f57c9e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/Makefile.in
@@ -0,0 +1,22 @@
+mydir=plugins$(S)audit
+BUILDTOP=$(REL)..$(S)..
+
+STLIBOBJS=kdc_j_encode.o
+LIBOBJS=$(OUTPRE)kdc_j_encode.$(OBJEXT)
+SRCS=kdc_j_encode.c
+
+AUJENC_HDR=$(BUILDTOP)$(S)include$(S)kdc_j_encode.h
+
+all-unix: all-libobjs includes
+
+clean-unix:: clean-libobjs
+	$(RM) $(AUJENC_HDR)
+
+includes: $(AUJENC_HDR)
+depend: $(AUJENC_HDR)
+
+$(AUJENC_HDR): $(srcdir)/kdc_j_encode.h
+	$(RM) $@
+	$(CP) $(srcdir)/kdc_j_encode.h $@
+
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/audit/deps b/krb5-1.21.3/src/plugins/audit/deps
new file mode 100644
index 00000000..91c301da
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+kdc_j_encode.so kdc_j_encode.po $(OUTPRE)kdc_j_encode.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/audit_plugin.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  j_dict.h kdc_j_encode.c kdc_j_encode.h
diff --git a/krb5-1.21.3/src/plugins/audit/j_dict.h b/krb5-1.21.3/src/plugins/audit/j_dict.h
new file mode 100644
index 00000000..65962e33
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/j_dict.h
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* j_dict.h - Dictionary file for json implementation of audit system */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef KRB5_J_DICT_H_INCLUDED
+#define KRB5_J_DICT_H_INCLUDED
+
+/* Dictionary for KDC events */
+#define AU_STAGE              "stage"
+#define AU_EVENT_NAME         "event_name"
+#define AU_EVENT_STATUS       "event_success"
+#define AU_TKT_IN_ID          "tkt_in_id"
+#define AU_TKT_OUT_ID         "tkt_out_id"
+#define AU_REQ_ID             "req_id"
+#define AU_KDC_STATUS         "kdc_status"
+#define AU_FROMPORT           "fromport"
+#define AU_FROMADDR           "fromaddr"
+#define AU_TYPE               "type" /* used by fromaddr */
+#define AU_IP                 "ip" /* used by fromaddr */
+#define AU_SESS_ETYPE         "sess_etype"
+#define AU_SRV_ETYPE          "srv_etype"
+#define AU_REP_ETYPE          "rep_etype"
+#define AU_REALM              "realm"
+#define AU_LENGTH             "length"
+#define AU_COMPONENTS         "components"
+#define AU_TKT_RENEWED        "tkt_renewed"
+#define AU_TKT_VALIDATED      "tkt_validated"
+/* referrals */
+#define AU_CREF_REALM         "clreferral_realm"
+/* request */
+#define AU_REQ_KDC_OPTIONS    "req.kdc_options"
+#define AU_REQ_SERVER         "req.server"
+#define AU_REQ_CLIENT         "req.client"
+#define AU_REQ_AVAIL_ETYPES   "req.avail_etypes"
+#define AU_EVIDENCE_TKT       "evidence_tkt"
+#define AU_REQ_ADDRESSES      "req.addresses"
+#define AU_REQ_TKT_START      "req.tkt_start"
+#define AU_REQ_TKT_END        "req.tkt_end"
+#define AU_REQ_TKT_RENEW_TILL "req.tkt_renew_till"
+#define AU_REQ_PA_TYPE        "req.pa_type"
+/* reply */
+#define AU_REP_TICKET         "rep.ticket"
+#define AU_REP_PA_TYPE        "rep.pa_type"
+/* ticket */
+#define AU_SNAME              "sname"
+#define AU_CNAME              "cname"
+#define AU_FLAGS              "flags"
+#define AU_START              "start"
+#define AU_END                "end"
+#define AU_RENEW_TILL         "renew_till"
+#define AU_AUTHTIME           "authtime"
+#define AU_TR_CONTENTS        "tr_contents"
+#define AU_CADDRS             "caddrs"
+/* S4U and U2U */
+#define AU_VIOLATION       "violation"   /* policy or protocol restrictions */
+#define AU_REQ_S4U2S_USER  "s4u2self_user"
+#define AU_REQ_S4U2P_USER  "s4u2proxy_user"
+#define AU_REQ_U2U_USER    "u2u_user"
+#define AU_EVIDENCE_TKT_ID "evidence_tkt_id" /* 2nd ticket in s4u2proxy req */
+#endif /* KRB5_J_DICT_H_INCLUDED */
diff --git a/krb5-1.21.3/src/plugins/audit/kdc_j_encode.c b/krb5-1.21.3/src/plugins/audit/kdc_j_encode.c
new file mode 100755
index 00000000..fb4a4ed7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/kdc_j_encode.c
@@ -0,0 +1,930 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/audit/kdc_j_encode.c - Utilities to json encode KDC audit stuff */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include <k5-json.h>
+#include "kdc_j_encode.h"
+#include "j_dict.h"
+#include <krb5/audit_plugin.h>
+#include <syslog.h>
+
+static krb5_error_code
+string_to_value(const char *in, k5_json_object obj, const char *key);
+static krb5_error_code
+princ_to_value(krb5_principal princ, k5_json_object obj, const char *key);
+static krb5_error_code
+data_to_value(krb5_data *data, k5_json_object obj, const char *key);
+static krb5_error_code
+int32_to_value(krb5_int32 int32, k5_json_object obj, const char *key);
+static krb5_error_code
+bool_to_value(krb5_boolean b, k5_json_object obj, const char *key);
+static krb5_error_code
+addr_to_obj(krb5_address *a, k5_json_object obj);
+static krb5_error_code
+eventinfo_to_value(k5_json_object obj, const char *name,
+                   const int stage, const krb5_boolean ev_success);
+static krb5_error_code
+addr_to_value(const krb5_address *address, k5_json_object obj,
+              const char *key);
+static krb5_error_code
+req_to_value(krb5_kdc_req *req, const krb5_boolean ev_success,
+             k5_json_object obj);
+static krb5_error_code
+rep_to_value(krb5_kdc_rep *rep, const krb5_boolean ev_success,
+             k5_json_object obj);
+static krb5_error_code
+tkt_to_value(krb5_ticket *tkt, k5_json_object obj, const char *key);
+static char *map_patype(krb5_preauthtype pa_type);
+
+#define NULL_STATE "state is NULL"
+#define T_RENEWED 1
+#define T_NOT_RENEWED 2
+#define T_VALIDATED 1
+#define T_NOT_VALIDATED 2
+
+/* KDC server STOP. Returns 0 on success. */
+krb5_error_code
+kau_j_kdc_stop(const krb5_boolean ev_success, char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+
+    *jout = NULL;
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+
+    /* Audit event_ID and ev_success. */
+    ret = string_to_value("KDC_STOP", obj, AU_EVENT_NAME);
+    if (!ret)
+        ret = bool_to_value(ev_success, obj, AU_EVENT_STATUS);
+    if (!ret)
+        ret = k5_json_encode(obj, jout);
+    k5_json_release(obj);
+
+    return ret;
+}
+
+/* KDC server START. Returns 0 on success. */
+krb5_error_code
+kau_j_kdc_start(const krb5_boolean ev_success, char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+
+    *jout = NULL;
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+
+    /* Audit event_ID and ev_success. */
+    ret = string_to_value("KDC_START", obj, AU_EVENT_NAME);
+    if (!ret)
+        ret = bool_to_value(ev_success, obj, AU_EVENT_STATUS);
+    if (!ret)
+        ret = k5_json_encode(obj, jout);
+    k5_json_release(obj);
+
+    return ret;
+}
+
+/* AS-REQ. Returns 0 on success. */
+krb5_error_code
+kau_j_as_req(const krb5_boolean ev_success, krb5_audit_state *state,
+             char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+
+    *jout = NULL;
+
+    if (!state) {
+        *jout = NULL_STATE;
+        return 0;
+    }
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+    /* Audit event_ID and ev_success. */
+    ret = eventinfo_to_value(obj, "AS_REQ", state->stage, ev_success);
+    if (ret)
+        goto error;
+    /* TGT ticket ID */
+    ret = string_to_value(state->tkt_out_id, obj, AU_TKT_OUT_ID);
+    if (ret)
+        goto error;
+    /* Request ID. */
+    ret = string_to_value(state->req_id, obj, AU_REQ_ID);
+    if (ret)
+        goto error;
+    /* Client's port and address. */
+    ret = int32_to_value(state->cl_port, obj, AU_FROMPORT);
+    if (ret)
+        goto error;
+    ret = addr_to_value(state->cl_addr, obj, AU_FROMADDR);
+    if (ret)
+        goto error;
+    /* KDC status msg */
+    ret = string_to_value(state->status, obj, AU_KDC_STATUS);
+    if (ret)
+        goto error;
+    /* non-local client's referral realm. */
+    ret = data_to_value(state->cl_realm, obj, AU_CREF_REALM);
+    if (ret)
+        goto error;
+    /* Request. */
+    ret = req_to_value(state->request, ev_success, obj);
+    if (ret == ENOMEM)
+        goto error;
+    /* Reply/ticket info. */
+    ret = rep_to_value(state->reply, ev_success, obj);
+    if (ret == ENOMEM)
+        goto error;
+    ret = k5_json_encode(obj, jout);
+
+error:
+    k5_json_release(obj);
+    return ret;
+}
+
+/* TGS-REQ. Returns 0 on success. */
+krb5_error_code
+kau_j_tgs_req(const krb5_boolean ev_success, krb5_audit_state *state,
+              char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+    krb5_kdc_req *req = state->request;
+    int tkt_validated = 0, tkt_renewed = 0;
+
+    *jout = NULL;
+
+    if (!state) {
+        *jout = NULL_STATE;
+        return 0;
+    }
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+
+    /* Audit Event ID and ev_success. */
+    ret = eventinfo_to_value(obj, "TGS_REQ", state->stage, ev_success);
+    if (ret)
+        goto error;
+    /* Primary and derived ticket IDs. */
+    ret = string_to_value(state->tkt_in_id, obj, AU_TKT_IN_ID);
+    if (ret)
+        goto error;
+    ret = string_to_value(state->tkt_out_id, obj, AU_TKT_OUT_ID);
+    if (ret)
+        goto error;
+    /* Request ID */
+    ret = string_to_value(state->req_id, obj, AU_REQ_ID);
+    if (ret)
+        goto error;
+    /* client’s address and port. */
+    ret = int32_to_value(state->cl_port, obj, AU_FROMPORT);
+    if (ret)
+        goto error;
+    ret = addr_to_value(state->cl_addr, obj, AU_FROMADDR);
+    if (ret)
+        goto error;
+    /* Ticket was renewed, validated. */
+    if ((ev_success == TRUE) && (req != NULL)) {
+        tkt_renewed = (req->kdc_options & KDC_OPT_RENEW) ?
+                      T_RENEWED : T_NOT_RENEWED;
+        tkt_validated = (req->kdc_options & KDC_OPT_VALIDATE) ?
+                      T_VALIDATED : T_NOT_VALIDATED;
+    }
+    ret = int32_to_value(tkt_renewed, obj, AU_TKT_RENEWED);
+    if (ret)
+        goto error;
+    ret = int32_to_value(tkt_validated, obj, AU_TKT_VALIDATED);
+    if (ret)
+        goto error;
+    /* KDC status msg, including "ISSUE". */
+    ret = string_to_value(state->status, obj, AU_KDC_STATUS);
+    if (ret)
+        goto error;
+    /* request */
+    ret = req_to_value(req, ev_success, obj);
+    if (ret == ENOMEM)
+        goto error;
+    /* reply/ticket */
+    ret = rep_to_value(state->reply, ev_success, obj);
+    if (ret == ENOMEM)
+        goto error;
+    ret = k5_json_encode(obj, jout);
+
+error:
+    k5_json_release(obj);
+    return ret;
+}
+
+/* S4U2Self protocol extension. Returns 0 on success. */
+krb5_error_code
+kau_j_tgs_s4u2self(const krb5_boolean ev_success, krb5_audit_state *state,
+                   char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+
+    *jout = NULL;
+
+    if (!state) {
+        *jout = NULL_STATE;
+        return 0;
+    }
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+
+    /* Audit Event ID and ev_success. */
+    ret = eventinfo_to_value(obj, "S4U2SELF", state->stage, ev_success);
+    if (ret)
+        goto error;
+    /* Front-end server's TGT ticket ID. */
+    ret = string_to_value(state->tkt_in_id, obj, AU_TKT_IN_ID);
+    if (ret)
+        goto error;
+    /* service "to self" ticket or referral TGT ticket ID. */
+    ret = string_to_value(state->tkt_out_id, obj, AU_TKT_OUT_ID);
+    if (ret)
+        goto error;
+    /* Request ID. */
+    ret = string_to_value(state->req_id, obj, AU_REQ_ID);
+    if (ret)
+        goto error;
+    if (ev_success == FALSE) {
+        /* KDC status msg. */
+        ret = string_to_value(state->status, obj, AU_KDC_STATUS);
+        if (ret)
+            goto error;
+        /* Local policy or S4U protocol constraints. */
+        ret = int32_to_value(state->violation, obj, AU_VIOLATION);
+        if (ret)
+            goto error;
+    }
+    /* Impersonated user. */
+    ret = princ_to_value(state->s4u2self_user, obj, AU_REQ_S4U2S_USER);
+    if (ret)
+        goto error;
+
+    ret = k5_json_encode(obj, jout);
+
+error:
+    k5_json_release(obj);
+    return ret;
+}
+
+/* S4U2Proxy protocol extension. Returns 0 on success. */
+krb5_error_code
+kau_j_tgs_s4u2proxy(const krb5_boolean ev_success, krb5_audit_state *state,
+                    char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+    krb5_kdc_req *req = state->request;
+
+    *jout = NULL;
+
+    if (!state) {
+        *jout = NULL_STATE;
+        return 0;
+    }
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+
+    /* Audit Event ID and ev_success. */
+    ret = eventinfo_to_value(obj, "S4U2PROXY", state->stage, ev_success);
+    if (ret)
+        goto error;
+    /* Front-end server's TGT ticket ID. */
+    ret = string_to_value(state->tkt_in_id, obj, AU_TKT_IN_ID);
+    if (ret)
+        goto error;
+    /* Resource service or referral TGT ticket ID. */
+    ret = string_to_value(state->tkt_out_id, obj, AU_TKT_OUT_ID);
+    if (ret)
+        goto error;
+    /* User's evidence ticket ID. */
+    ret = string_to_value(state->evid_tkt_id, obj, AU_EVIDENCE_TKT_ID);
+    if (ret)
+        goto error;
+    /* Request ID. */
+    ret = string_to_value(state->req_id, obj, AU_REQ_ID);
+    if (ret)
+        goto error;
+
+    if (ev_success == FALSE) {
+        /* KDC status msg. */
+        ret = string_to_value(state->status, obj, AU_KDC_STATUS);
+        if (ret)
+            goto error;
+        /* Local policy or S4U protocol constraints. */
+        ret = int32_to_value(state->violation, obj, AU_VIOLATION);
+        if (ret)
+            goto error;
+    }
+    /* Delegated user. */
+    if (req != NULL) {
+        ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
+                             obj, AU_REQ_S4U2P_USER);
+        if (ret)
+            goto error;
+    }
+    ret = k5_json_encode(obj, jout);
+
+error:
+    k5_json_release(obj);
+    return ret;
+}
+
+/* U2U. Returns 0 on success. */
+krb5_error_code
+kau_j_tgs_u2u(const krb5_boolean ev_success, krb5_audit_state *state,
+              char **jout)
+{
+    krb5_error_code ret = 0;
+    k5_json_object obj = NULL;
+    krb5_kdc_req *req = state->request;
+
+    if (!state) {
+        *jout = NULL_STATE;
+        return 0;
+    }
+
+    *jout = NULL;
+
+    /* Main object. */
+    if (k5_json_object_create(&obj))
+        return ENOMEM;
+    /* Audit Event ID and ev_success. */
+    ret = eventinfo_to_value(obj, "U2U", state->stage, ev_success);
+    if (ret)
+        goto error;
+    /* Front-end server's TGT ticket ID. */
+    ret = string_to_value(state->tkt_in_id, obj, AU_TKT_IN_ID);
+    if (ret)
+        goto error;
+    /* Service ticket ID. */
+    ret = string_to_value(state->tkt_out_id, obj, AU_TKT_OUT_ID);
+    if (ret)
+        goto error;
+    /* Request ID. */
+    ret = string_to_value(state->req_id, obj, AU_REQ_ID);
+    if (ret)
+        goto error;
+
+    if (ev_success == FALSE) {
+        /* KDC status msg. */
+        ret = string_to_value(state->status, obj, AU_KDC_STATUS);
+        if (ret)
+            goto error;
+    }
+    /* Client in the second ticket. */
+    if (req != NULL) {
+        ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
+                             obj, AU_REQ_U2U_USER);
+        if (ret)
+            goto error;
+    }
+    /* Enctype of a session key of the second ticket. */
+    ret = int32_to_value(req->second_ticket[0]->enc_part2->session->enctype,
+                         obj, AU_SRV_ETYPE);
+    if (ret)
+        goto error;
+
+    ret = k5_json_encode(obj, jout);
+
+error:
+    k5_json_release(obj);
+    return ret;
+}
+
+/* Low level utilities */
+
+/* Converts string into a property of a JSON object. Returns 0 on success.*/
+static krb5_error_code
+string_to_value(const char *in, k5_json_object obj, const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_string str = NULL;
+
+    if (in == NULL)
+        return 0;
+
+    ret = k5_json_string_create(in, &str);
+    if (ret)
+        return ret;
+    ret = k5_json_object_set(obj, key, str);
+    k5_json_release(str);
+
+    return ret;
+}
+
+/*
+ * Converts a krb5_data struct into a property of a JSON object.
+ * (Borrowed from preauth_otp.c)
+ * Returns 0 on success.
+ */
+static krb5_error_code
+data_to_value(krb5_data *data, k5_json_object obj, const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_string str = NULL;
+
+    if (data == NULL || data->data == NULL || data->length < 1)
+        return 0;
+
+    ret = k5_json_string_create_len(data->data, data->length, &str);
+    if (ret)
+        return ret;
+    ret = k5_json_object_set(obj, key, str);
+    k5_json_release(str);
+
+    return ret;
+}
+
+/*
+ * Converts krb5_int32 into a property of a JSON object.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+int32_to_value(krb5_int32 int32, k5_json_object obj, const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_number num = NULL;
+
+    ret = k5_json_number_create(int32, &num);
+    if (ret)
+        return ENOMEM;
+    ret = k5_json_object_set(obj, key, num);
+    k5_json_release(num);
+
+    return ret;
+}
+
+/*
+ * Converts krb5_boolean into a property of a JSON object.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+bool_to_value(krb5_boolean in, k5_json_object obj, const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_bool b = 0;
+
+    ret = k5_json_bool_create(in, &b);
+    if (ret)
+        return ENOMEM;
+
+    ret = k5_json_object_set(obj, key, b);
+    k5_json_release(b);
+
+    return ret;
+}
+
+/* Wrapper-level utilities */
+
+/* Wrapper for stage and event_status tags. Returns 0 on success. */
+static krb5_error_code
+eventinfo_to_value(k5_json_object obj, const char *name,
+                   const int stage, const krb5_boolean ev_success)
+{
+    krb5_error_code ret = 0;
+
+    ret = string_to_value(name, obj, AU_EVENT_NAME);
+    if (ret)
+        return ret;
+    ret = int32_to_value(stage, obj, AU_STAGE);
+    if (!ret)
+        ret = bool_to_value(ev_success, obj, AU_EVENT_STATUS);
+
+    return ret;
+}
+
+/*
+ * Converts krb5_principal into a property of a JSON object.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+princ_to_value(krb5_principal princ, k5_json_object obj, const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_object tmp = NULL;
+    k5_json_array arr = NULL;
+    k5_json_string str = NULL;
+    int i = 0;
+
+    if (princ == NULL || princ->data == NULL)
+        return 0;
+
+    /* Main object. */
+    if (k5_json_object_create(&tmp))
+        return ENOMEM;
+
+    ret = k5_json_array_create(&arr);
+    if (ret)
+        goto error;
+    for (i = 0; i < princ->length; i++) {
+        ret = k5_json_string_create_len((&princ->data[i])->data,
+                                       (&princ->data[i])->length, &str);
+        if (ret)
+            goto error;
+        ret = k5_json_array_add(arr, str);
+        k5_json_release(str);
+        if (ret)
+            goto error;
+    }
+    ret = k5_json_object_set(tmp, AU_COMPONENTS, arr);
+    if (ret)
+        goto error;
+    ret = data_to_value(&princ->realm, tmp, AU_REALM);
+    if (ret)
+        goto error;
+    ret = int32_to_value(princ->length, tmp, AU_LENGTH);
+    if (ret)
+        goto error;
+    ret = int32_to_value(princ->type, tmp, AU_TYPE);
+    if (ret)
+        goto error;
+
+    ret = k5_json_object_set(obj, key, tmp);
+
+error:
+    k5_json_release(tmp);
+    k5_json_release(arr);
+    return ret;
+}
+
+/*
+ * Helper for JSON encoding of krb5_address.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+addr_to_obj(krb5_address *a, k5_json_object obj)
+{
+    krb5_error_code ret = 0;
+    k5_json_number num = NULL;
+    k5_json_array arr = NULL;
+    int i;
+
+    if (a == NULL || a->contents == NULL || a->length <= 0)
+        return 0;
+
+    ret = int32_to_value(a->addrtype, obj, AU_TYPE);
+    if (ret)
+        goto error;
+    ret = int32_to_value(a->length, obj, AU_LENGTH);
+    if (ret)
+        goto error;
+
+    if (a->addrtype == ADDRTYPE_INET || a->addrtype == ADDRTYPE_INET6) {
+        ret = k5_json_array_create(&arr);
+        if (ret)
+            goto error;
+        for (i = 0; i < (int)a->length; i++) {
+            ret = k5_json_number_create(a->contents[i], &num);
+            if (ret)
+                goto error;
+            ret = k5_json_array_add(arr, num);
+            k5_json_release(num);
+            if (ret)
+                goto error;
+        }
+        ret = k5_json_object_set(obj, AU_IP, arr);
+        if (ret)
+            goto error;
+    }
+
+error:
+    k5_json_release(arr);
+    return ret;
+}
+
+/*
+ * Converts krb5_fulladdr into a property of a JSON object.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+addr_to_value(const krb5_address *address, k5_json_object obj, const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_object addr_obj = NULL;
+
+    if (address == NULL)
+        return 0;
+
+    ret = k5_json_object_create(&addr_obj);
+    if (ret)
+        return ret;
+    ret = addr_to_obj((krb5_address *)address, addr_obj);
+    if (!ret)
+        ret = k5_json_object_set(obj, key, addr_obj);
+    k5_json_release(addr_obj);
+
+    return ret;
+}
+
+/*
+ * Helper for JSON encoding of krb5_kdc_req.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+req_to_value(krb5_kdc_req *req, const krb5_boolean ev_success,
+             k5_json_object obj)
+{
+    krb5_error_code ret = 0;
+    k5_json_number num = NULL;
+    k5_json_string str = NULL;
+    k5_json_object tmpa = NULL;
+    k5_json_array arr = NULL, arra = NULL, arrpa = NULL;
+    krb5_pa_data **padata;
+    int i = 0;
+
+    if (req == NULL)
+        return 0;
+
+    ret = princ_to_value(req->client, obj, AU_REQ_CLIENT);
+    if (ret)
+        goto error;
+    ret = princ_to_value(req->server, obj, AU_REQ_SERVER);
+    if (ret)
+        goto error;
+
+    ret = int32_to_value(req->kdc_options, obj, AU_REQ_KDC_OPTIONS);
+        if (ret)
+            goto error;
+    ret = int32_to_value(req->from, obj, AU_REQ_TKT_START);
+        if (ret)
+            goto error;
+    ret = int32_to_value(req->till, obj, AU_REQ_TKT_END);
+        if (ret)
+            goto error;
+    ret = int32_to_value(req->rtime, obj, AU_REQ_TKT_RENEW_TILL);
+        if (ret)
+            goto error;
+    /* Available/requested enctypes. */
+    ret = k5_json_array_create(&arr);
+    if (ret)
+        goto error;
+    for (i = 0; (i < req->nktypes); i++) {
+        if (req->ktype[i] > 0) {
+            ret = k5_json_number_create(req->ktype[i], &num);
+            if (ret)
+                goto error;
+            ret = k5_json_array_add(arr, num);
+            k5_json_release(num);
+            if (ret)
+                goto error;
+        }
+    }
+    ret = k5_json_object_set(obj, AU_REQ_AVAIL_ETYPES, arr);
+    if (ret)
+        goto error;
+    /* Pre-auth types. */
+    if (ev_success == TRUE && req->padata) {
+            ret = k5_json_array_create(&arrpa);
+            if (ret)
+                goto error;
+            for (padata = req->padata; *padata; padata++) {
+                if (strlen(map_patype((*padata)->pa_type)) > 1) {
+                    ret = k5_json_string_create(map_patype((*padata)->pa_type),
+                                                &str);
+                    if (ret)
+                        goto error;
+                    ret = k5_json_array_add(arrpa, str);
+                    k5_json_release(str);
+                    if (ret)
+                        goto error;
+                }
+            }
+            ret = k5_json_object_set(obj, AU_REQ_PA_TYPE, arrpa);
+    }
+    /* List of requested addresses. */
+    if (req->addresses) {
+        ret = k5_json_array_create(&arra);
+        if (ret)
+                goto error;
+        for (i = 0; req->addresses[i] != NULL; i++) {
+            ret = k5_json_object_create(&tmpa);
+            if (ret)
+                goto error;
+            ret = addr_to_obj(req->addresses[i], tmpa);
+            if (!ret)
+                ret = k5_json_array_add(arra, tmpa);
+            k5_json_release(tmpa);
+            if (ret)
+                goto error;
+        }
+        ret = k5_json_object_set(obj, AU_REQ_ADDRESSES, arra);
+        if (ret)
+            goto error;
+    }
+error:
+    k5_json_release(arr);
+    k5_json_release(arra);
+    k5_json_release(arrpa);
+    return ret;
+}
+
+/*
+ * Helper for JSON encoding of krb5_kdc_rep.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+rep_to_value(krb5_kdc_rep *rep, const krb5_boolean ev_success,
+             k5_json_object obj)
+{
+    krb5_error_code ret = 0;
+    krb5_pa_data **padata;
+    k5_json_array arrpa = NULL;
+    k5_json_string str = NULL;
+
+    if (rep == NULL)
+        return 0;
+
+    if (ev_success == TRUE) {
+        ret = tkt_to_value(rep->ticket, obj, AU_REP_TICKET);
+        /* Enctype of the reply-encrypting key. */
+        ret = int32_to_value(rep->enc_part.enctype, obj, AU_REP_ETYPE);
+        if (ret)
+            goto error;
+    } else {
+
+        if (rep->padata) {
+            ret = k5_json_array_create(&arrpa);
+            if (ret)
+                goto error;
+            for (padata = rep->padata; *padata; padata++) {
+                if (strlen(map_patype((*padata)->pa_type)) > 1) {
+                    ret = k5_json_string_create(map_patype((*padata)->pa_type),
+                                                          &str);
+                    if (ret)
+                        goto error;
+                    ret = k5_json_array_add(arrpa, str);
+                    k5_json_release(str);
+                    if (ret)
+                        goto error;
+                }
+            }
+        }
+        ret = k5_json_object_set(obj, AU_REP_PA_TYPE, arrpa);
+    }
+error:
+    k5_json_release(arrpa);
+    return ret;
+}
+
+/*
+ * Converts krb5_ticket into a property of a JSON object.
+ * Returns 0 on success.
+ */
+static krb5_error_code
+tkt_to_value(krb5_ticket *tkt, k5_json_object obj,
+              const char *key)
+{
+    krb5_error_code ret = 0;
+    k5_json_object tmp = NULL;
+    krb5_enc_tkt_part *part2 = NULL;
+
+    if (tkt == NULL)
+        return 0;
+
+    /* Main object. */
+    if (k5_json_object_create(&tmp))
+        return ENOMEM;
+
+    /*
+     * CNAME - potentially redundant data...
+     * ...but it is part of the ticket. So, record it as such.
+     */
+    ret = princ_to_value(tkt->server, tmp, AU_CNAME);
+    if (ret)
+        goto error;
+    ret = princ_to_value(tkt->server, tmp, AU_SNAME);
+    if (ret)
+        goto error;
+    /* Enctype of a long-term key of service. */
+    if (tkt->enc_part.enctype)
+        ret = int32_to_value(tkt->enc_part.enctype, tmp, AU_SRV_ETYPE);
+    if (ret)
+        goto error;
+    if (tkt->enc_part2)
+        part2 = tkt->enc_part2;
+    if (part2) {
+        ret = princ_to_value(part2->client, tmp, AU_CNAME);
+        if (ret)
+            goto error;
+        ret = int32_to_value(part2->flags, tmp, AU_FLAGS);
+        if (ret)
+            goto error;
+        /* Chosen by KDC session key enctype (short-term key). */
+        ret = int32_to_value(part2->session->enctype, tmp, AU_SESS_ETYPE);
+        if (ret)
+            goto error;
+        ret = int32_to_value(part2->times.starttime, tmp, AU_START);
+        if (ret)
+            goto error;
+        ret = int32_to_value(part2->times.endtime, tmp, AU_END);
+        if (ret)
+            goto error;
+        ret = int32_to_value(part2->times.renew_till, tmp, AU_RENEW_TILL);
+        if (ret)
+            goto error;
+        ret = int32_to_value(part2->times.authtime, tmp, AU_AUTHTIME);
+        if (ret)
+            goto error;
+        if (part2->transited.tr_contents.length > 0) {
+            ret = data_to_value(&part2->transited.tr_contents,
+                               tmp, AU_TR_CONTENTS);
+            if (ret)
+                goto error;
+        }
+    } /* part2 != NULL */
+
+    if (!ret)
+        ret = k5_json_object_set(obj, key, tmp);
+
+error:
+    k5_json_release(tmp);
+    return ret;
+}
+
+/* Map preauth numeric type to the naming string. */
+struct _patype_str {
+    krb5_preauthtype id;
+    char *name;
+};
+struct _patype_str  patype_str[] = {
+    {KRB5_PADATA_ENC_TIMESTAMP, "ENC_TIMESTAMP"},
+    {KRB5_PADATA_PW_SALT, "PW_SALT"},
+    {KRB5_PADATA_ENC_UNIX_TIME, "ENC_UNIX_TIME"},
+    {KRB5_PADATA_SAM_CHALLENGE, "SAM_CHALLENGE"},
+    {KRB5_PADATA_SAM_RESPONSE, "SAM_RESPONSE"},
+    {KRB5_PADATA_PK_AS_REQ_OLD, "PK_AS_REQ_OLD"},
+    {KRB5_PADATA_PK_AS_REP_OLD, "PK_AS_REP_OLD"},
+    {KRB5_PADATA_PK_AS_REQ, "PK_AS_REQ"},
+    {KRB5_PADATA_PK_AS_REP, "PK_AS_REP"},
+    {KRB5_PADATA_ETYPE_INFO2, "ETYPE_INFO2"},
+    {KRB5_PADATA_SAM_CHALLENGE_2, "SAM_CHALLENGE_2"},
+    {KRB5_PADATA_SAM_RESPONSE_2, "SAM_RESPONSE_2"},
+    {KRB5_PADATA_PAC_REQUEST, "PAC_REQUEST"},
+    {KRB5_PADATA_FOR_USER, "FOR_USER"},
+    {KRB5_PADATA_S4U_X509_USER, "S4U_X509_USER"},
+    {KRB5_PADATA_ENCRYPTED_CHALLENGE, "ENCRYPTED_CHALLENGE"},
+    {KRB5_PADATA_OTP_CHALLENGE, "OTP_CHALLENGE"},
+    {KRB5_PADATA_OTP_REQUEST, "OTP_REQUEST"},
+    {KRB5_PADATA_OTP_PIN_CHANGE, "OTP_PIN_CHANGE"}
+};
+
+
+static char *
+map_patype(krb5_preauthtype pa_type)
+{
+    int i = 0;
+    int n = sizeof(patype_str)/sizeof(patype_str[0]);
+
+    for (i = 0; i < n; i++) {
+        if (pa_type == patype_str[i].id)
+            return patype_str[i].name;
+    }
+    return "";
+}
diff --git a/krb5-1.21.3/src/plugins/audit/kdc_j_encode.h b/krb5-1.21.3/src/plugins/audit/kdc_j_encode.h
new file mode 100644
index 00000000..0c59adc0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/kdc_j_encode.h
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*  plugins/audit/kdc_j_encode.h - Declarations for KDC audit json encoders */
+/*
+ * Copyright 2013 by the Massachusetts Institute of Technology.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef KRB5_KDC_J_ENCODE_H_INCLUDED
+#define KRB5_KDC_J_ENCODE_H_INCLUDED
+
+#include <krb5/audit_plugin.h>
+
+/* Maximum length of the name of preauth type. */
+#define MAX_PATYPE_NAME_LEN 32
+
+krb5_error_code
+kau_j_kdc_stop(const krb5_boolean ev_success, char **jout);
+
+krb5_error_code
+kau_j_kdc_start(const krb5_boolean ev_success, char **jout);
+
+krb5_error_code
+kau_j_as_req(const krb5_boolean ev_success, krb5_audit_state *state,
+             char **jout);
+
+krb5_error_code
+kau_j_tgs_req(const krb5_boolean ev_success, krb5_audit_state *state,
+              char **jout);
+
+krb5_error_code
+kau_j_tgs_s4u2self(const krb5_boolean ev_success, krb5_audit_state *state,
+                   char **jout);
+
+krb5_error_code
+kau_j_tgs_s4u2proxy(const krb5_boolean ev_success, krb5_audit_state *state,
+                    char **jout);
+
+krb5_error_code
+kau_j_tgs_u2u(const krb5_boolean ev_success, krb5_audit_state *state,
+              char **jout);
+
+#endif /* KRB5_KDC_J_ENCODE_H_INCLUDED */
diff --git a/krb5-1.21.3/src/plugins/audit/libauditjenc.exports b/krb5-1.21.3/src/plugins/audit/libauditjenc.exports
new file mode 100644
index 00000000..da7120fd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/libauditjenc.exports
@@ -0,0 +1,7 @@
+kau_j_kdc_stop
+kau_j_kdc_start
+kau_j_as_req
+kau_j_tgs_req
+kau_j_tgs_s4u2self
+kau_j_tgs_s4u2proxy
+kau_j_tgs_u2u
diff --git a/krb5-1.21.3/src/plugins/audit/simple/Makefile.in b/krb5-1.21.3/src/plugins/audit/simple/Makefile.in
new file mode 100644
index 00000000..158ea75b
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/simple/Makefile.in
@@ -0,0 +1,27 @@
+mydir=plugins$(S)audit$(S)simple
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=k5audit
+LIBMAJOR=1
+LIBMINOR=1
+RELDIR=../plugins/audit/simple
+
+#Depends on libkrb5 and libkrb5support.
+SHLIB_EXPDEPS= $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS= $(KRB5_BASE_LIBS)
+
+STOBJLISTS= OBJS.ST ../OBJS.ST
+STLIBOBJS= au_simple_main.o
+
+SRCS= $(srcdir)/au_simple_main.c
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+clean:
+	$(RM) au_simple_main.o kdc_j_encode.o
+	$(RM) lib$(LIBBASE)$(SO_EXT)
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/audit/simple/au_simple_main.c b/krb5-1.21.3/src/plugins/audit/simple/au_simple_main.c
new file mode 100644
index 00000000..87a2c556
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/simple/au_simple_main.c
@@ -0,0 +1,263 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/audit/au_simple_main.c - Sample Audit plugin implementation */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is a demo implementation of Audit JSON-based module.
+ * It utilizes MIT Kerberos <kdc_j_encode.h> routines for JSON processing and
+ * the Fedora/Debian libaudit library for audit logs.
+ */
+
+#include <k5-int.h>
+#include <krb5/audit_plugin.h>
+#include <libaudit.h>
+#include <kdc_j_encode.h>
+
+krb5_error_code
+audit_simple_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable);
+
+struct krb5_audit_moddata_st {
+    int fd;
+};
+
+/* Open connection to the audit system. Returns 0 on success. */
+static krb5_error_code
+open_au(krb5_audit_moddata *auctx_out)
+{
+    krb5_error_code ret;
+    int fd = 0;
+    krb5_audit_moddata auctx;
+
+    auctx = k5calloc(1, sizeof(*auctx), &ret);
+    if (ret)
+        return ENOMEM;
+    fd = audit_open();
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    auctx->fd = fd;
+    *auctx_out = auctx;
+
+    return 0;
+}
+
+/* Close connection to the audit system. Returns 0 on success. */
+static krb5_error_code
+close_au(krb5_audit_moddata auctx)
+{
+    int fd = auctx->fd;
+
+    audit_close(fd);
+    return 0;
+}
+
+/* Log KDC-start event. Returns 0 on success. */
+static krb5_error_code
+j_kdc_start(krb5_audit_moddata auctx, krb5_boolean ev_success)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_START;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_kdc_start(ev_success, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+/* Log KDC-stop event. Returns 0 on success. */
+static krb5_error_code
+j_kdc_stop(krb5_audit_moddata auctx, krb5_boolean ev_success)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_END;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_kdc_stop(ev_success, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+/* Log AS_REQ event. Returns 0 on success */
+static krb5_error_code
+j_as_req(krb5_audit_moddata auctx, krb5_boolean ev_success,
+         krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_AUTH;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_as_req(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+/* Log TGS_REQ event. Returns 0 on success */
+static krb5_error_code
+j_tgs_req(krb5_audit_moddata auctx, krb5_boolean ev_success,
+          krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_AUTH;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_tgs_req(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+/* Log S4U2SELF event. Returns 0 on success */
+static krb5_error_code
+j_tgs_s4u2self(krb5_audit_moddata auctx, krb5_boolean ev_success,
+               krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_AUTH;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_tgs_s4u2self(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+/* Log S4U2PROXY event. Returns 0 on success */
+static krb5_error_code
+j_tgs_s4u2proxy(krb5_audit_moddata auctx, krb5_boolean ev_success,
+                krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_AUTH;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_tgs_s4u2proxy(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+/* Log user-to-user event. Returns 0 on success */
+static krb5_error_code
+j_tgs_u2u(krb5_audit_moddata auctx, krb5_boolean ev_success,
+          krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    int local_type = AUDIT_USER_AUTH;
+    int fd = auctx->fd;
+    char *jout = NULL;
+
+    if (fd < 0)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+
+    ret = kau_j_tgs_u2u(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    if (audit_log_user_message(fd, local_type, jout,
+                               NULL, NULL, NULL, ev_success) <= 0)
+        ret = EIO;
+    free(jout);
+    return ret;
+}
+
+krb5_error_code
+audit_simple_initvt(krb5_context context, int maj_ver,
+                    int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_audit_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+
+    vt = (krb5_audit_vtable)vtable;
+    vt->name = "simple";
+    vt->open = open_au;
+    vt->close = close_au;
+    vt->kdc_start = j_kdc_start;
+    vt->kdc_stop = j_kdc_stop;
+    vt->as_req = j_as_req;
+    vt->tgs_req = j_tgs_req;
+    vt->tgs_s4u2self = j_tgs_s4u2self;
+    vt->tgs_s4u2proxy = j_tgs_s4u2proxy;
+    vt->tgs_u2u = j_tgs_u2u;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/audit/simple/deps b/krb5-1.21.3/src/plugins/audit/simple/deps
new file mode 100644
index 00000000..84d4f044
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/simple/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+au_simple_main.so au_simple_main.po $(OUTPRE)au_simple_main.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kdc_j_encode.h \
+  $(BUILDTOP)/include/krb5/audit_plugin.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  au_simple_main.c
diff --git a/krb5-1.21.3/src/plugins/audit/simple/k5audit.exports b/krb5-1.21.3/src/plugins/audit/simple/k5audit.exports
new file mode 100644
index 00000000..2070538b
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/simple/k5audit.exports
@@ -0,0 +1 @@
+audit_simple_initvt
diff --git a/krb5-1.21.3/src/plugins/audit/test/Makefile.in b/krb5-1.21.3/src/plugins/audit/test/Makefile.in
new file mode 100644
index 00000000..1bc27559
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/test/Makefile.in
@@ -0,0 +1,21 @@
+mydir=plugins$(S)audit$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=k5audit_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/audit/test
+# Depends on libkrb5 and libkrb5support.
+SHLIB_EXPDEPS= $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS= $(KRB5_BASE_LIBS)
+
+STOBJLISTS= OBJS.ST ../OBJS.ST
+STLIBOBJS= au_test.o
+
+SRCS= $(srcdir)/au_test.c
+
+all-unix: all-liblinks
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/audit/test/au_test.c b/krb5-1.21.3/src/plugins/audit/test/au_test.c
new file mode 100644
index 00000000..76e711e5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/test/au_test.c
@@ -0,0 +1,227 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/audit/au_test.c - Test Audit plugin implementation */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * This test is to verify the JSON-based KDC audit functionality.
+ * It utilized MIT Kerberos <kdc_j_encode.h> routines for JSON processing.
+ */
+
+#include <k5-int.h>
+#include <krb5/audit_plugin.h>
+#include <kdc_j_encode.h>
+#include "k5-thread.h"
+
+struct krb5_audit_moddata_st {
+    int au_fd;
+};
+
+krb5_error_code
+audit_test_initvt(krb5_context context, int maj_ver, int min_ver,
+                  krb5_plugin_vtable vtable);
+
+static FILE *au_fd;
+static k5_mutex_t lock = K5_MUTEX_PARTIAL_INITIALIZER;
+
+/* Open connection to the audit system. Returns 0 on success. */
+static krb5_error_code
+open_au(krb5_audit_moddata *auctx)
+{
+    au_fd = fopen("au.log", "a+");
+    if (au_fd == NULL)
+        return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
+    k5_mutex_init(&lock);
+    return 0;
+}
+
+/* Close connection to the audit system. Returns 0. */
+static krb5_error_code
+close_au(krb5_audit_moddata auctx)
+{
+    fclose(au_fd);
+    k5_mutex_destroy(&lock);
+    return 0;
+}
+
+/* Log KDC-start event. Returns 0 on success. */
+static krb5_error_code
+j_kdc_start(krb5_audit_moddata auctx, krb5_boolean ev_success)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_kdc_start(ev_success, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+/* Log KDC-stop event. Returns 0 on success. */
+static krb5_error_code
+j_kdc_stop(krb5_audit_moddata auctx, krb5_boolean ev_success)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_kdc_stop(ev_success, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+/* Log AS_REQ event. Returns 0 on success. */
+static krb5_error_code
+j_as_req(krb5_audit_moddata auctx, krb5_boolean ev_success,
+         krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_as_req(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+/* Log TGS_REQ event. Returns 0 on success. */
+static krb5_error_code
+j_tgs_req(krb5_audit_moddata auctx, krb5_boolean ev_success,
+          krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_tgs_req(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+/* Log S4U2SELF event. Returns 0 on success. */
+static krb5_error_code
+j_tgs_s4u2self(krb5_audit_moddata auctx, krb5_boolean ev_success,
+               krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_tgs_s4u2self(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+/* Log S4U2PROXY event. Returns 0 on success. */
+static krb5_error_code
+j_tgs_s4u2proxy(krb5_audit_moddata auctx, krb5_boolean ev_success,
+                krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_tgs_s4u2proxy(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+/* Log user-to-user event. Returns 0 on success. */
+static krb5_error_code
+j_tgs_u2u(krb5_audit_moddata auctx, krb5_boolean ev_success,
+          krb5_audit_state *state)
+{
+    krb5_error_code ret = 0;
+    char *jout = NULL;
+
+    ret = kau_j_tgs_u2u(ev_success, state, &jout);
+    if (ret)
+        return ret;
+    k5_mutex_lock(&lock);
+    fprintf(au_fd,"%s\n", jout);
+    fflush(au_fd);
+    k5_mutex_unlock(&lock);
+    free(jout);
+    return ret;
+}
+
+krb5_error_code
+audit_test_initvt(krb5_context context, int maj_ver, int min_ver,
+                  krb5_plugin_vtable vtable)
+{
+    krb5_audit_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+
+    vt = (krb5_audit_vtable)vtable;
+    vt->name = "test";
+
+    vt->open = open_au;
+    vt->close = close_au;
+    vt->kdc_start = j_kdc_start;
+    vt->kdc_stop = j_kdc_stop;
+    vt->as_req = j_as_req;
+    vt->tgs_req = j_tgs_req;
+    vt->tgs_s4u2self = j_tgs_s4u2self;
+    vt->tgs_s4u2proxy = j_tgs_s4u2proxy;
+    vt->tgs_u2u = j_tgs_u2u;
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/audit/test/deps b/krb5-1.21.3/src/plugins/audit/test/deps
new file mode 100644
index 00000000..5832ee45
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/test/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+au_test.so au_test.po $(OUTPRE)au_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/kdc_j_encode.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/audit_plugin.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h au_test.c
diff --git a/krb5-1.21.3/src/plugins/audit/test/k5audit_test.exports b/krb5-1.21.3/src/plugins/audit/test/k5audit_test.exports
new file mode 100644
index 00000000..8f693632
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/audit/test/k5audit_test.exports
@@ -0,0 +1 @@
+audit_test_initvt
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_client/Makefile.in b/krb5-1.21.3/src/plugins/authdata/greet_client/Makefile.in
new file mode 100644
index 00000000..f1f759db
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_client/Makefile.in
@@ -0,0 +1,20 @@
+mydir=plugins$(S)authdata$(S)greet_client
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=greet_client
+LIBMAJOR=0
+LIBMINOR=0
+SHLIB_EXPDEPS = $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS= -lkrb5 $(COM_ERR_LIB) -lk5crypto $(SUPPORT_LIB) $(LIBS)
+STLIBOBJS= greet.o
+
+SRCS=	greet.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_client/deps b/krb5-1.21.3/src/plugins/authdata/greet_client/deps
new file mode 100644
index 00000000..d9e62d7f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_client/deps
@@ -0,0 +1,13 @@
+#
+# Generated makefile dependencies follow.
+#
+greet.so greet.po $(OUTPRE)greet.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h greet.c
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_client/greet.c b/krb5-1.21.3/src/plugins/authdata/greet_client/greet.c
new file mode 100644
index 00000000..2aae2ddd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_client/greet.c
@@ -0,0 +1,377 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/authdata/greet_client/greet.c - Sample authorization data plugin */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <krb5/authdata_plugin.h>
+#include <assert.h>
+
+struct greet_context {
+    krb5_data greeting;
+    krb5_boolean verified;
+};
+
+static krb5_data greet_attr = {
+    KV5M_DATA, sizeof("urn:greet:greeting") - 1, "urn:greet:greeting" };
+
+static krb5_error_code
+greet_init(krb5_context kcontext, void **plugin_context)
+{
+    *plugin_context = 0;
+    return 0;
+}
+
+static void
+greet_flags(krb5_context kcontext,
+            void *plugin_context,
+            krb5_authdatatype ad_type,
+            krb5_flags *flags)
+{
+    *flags = AD_USAGE_AP_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL;
+}
+
+static void
+greet_fini(krb5_context kcontext, void *plugin_context)
+{
+    return;
+}
+
+static krb5_error_code
+greet_request_init(krb5_context kcontext,
+                   krb5_authdata_context context,
+                   void *plugin_context,
+                   void **request_context)
+{
+    struct greet_context *greet;
+
+    greet = malloc(sizeof(*greet));
+    if (greet == NULL)
+        return ENOMEM;
+
+    greet->greeting.data = NULL;
+    greet->greeting.length = 0;
+    greet->verified = FALSE;
+
+    *request_context = greet;
+
+    return 0;
+}
+
+static krb5_error_code
+greet_export_authdata(krb5_context kcontext,
+                      krb5_authdata_context context,
+                      void *plugin_context,
+                      void *request_context,
+                      krb5_flags usage,
+                      krb5_authdata ***out_authdata)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+    krb5_authdata *data[2];
+    krb5_authdata datum;
+    krb5_error_code code;
+
+    datum.ad_type = -42;
+    datum.length = greet->greeting.length;
+    datum.contents = (krb5_octet *)greet->greeting.data;
+
+    data[0] = &datum;
+    data[1] = NULL;
+
+    code = krb5_copy_authdata(kcontext, data, out_authdata);
+
+    return code;
+}
+
+static krb5_error_code
+greet_import_authdata(krb5_context kcontext,
+                      krb5_authdata_context context,
+                      void *plugin_context,
+                      void *request_context,
+                      krb5_authdata **authdata,
+                      krb5_boolean kdc_issued_flag,
+                      krb5_const_principal issuer)
+{
+    krb5_error_code code;
+    struct greet_context *greet = (struct greet_context *)request_context;
+    krb5_data data;
+
+    krb5_free_data_contents(kcontext, &greet->greeting);
+    greet->verified = FALSE;
+
+    assert(authdata[0] != NULL);
+
+    data.length = authdata[0]->length;
+    data.data = (char *)authdata[0]->contents;
+
+    code = krb5int_copy_data_contents_add0(kcontext, &data, &greet->greeting);
+    if (code == 0)
+        greet->verified = kdc_issued_flag;
+
+    return code;
+}
+
+static void
+greet_request_fini(krb5_context kcontext,
+                   krb5_authdata_context context,
+                   void *plugin_context,
+                   void *request_context)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+
+    if (greet != NULL) {
+        krb5_free_data_contents(kcontext, &greet->greeting);
+        free(greet);
+    }
+}
+
+static krb5_error_code
+greet_get_attribute_types(krb5_context kcontext,
+                          krb5_authdata_context context,
+                          void *plugin_context,
+                          void *request_context,
+                          krb5_data **out_attrs)
+{
+    krb5_error_code code;
+    struct greet_context *greet = (struct greet_context *)request_context;
+
+    if (greet->greeting.length == 0)
+        return ENOENT;
+
+    *out_attrs = calloc(2, sizeof(krb5_data));
+    if (*out_attrs == NULL)
+        return ENOMEM;
+
+    code = krb5int_copy_data_contents_add0(kcontext,
+                                           &greet_attr,
+                                           &(*out_attrs)[0]);
+    if (code != 0) {
+        free(*out_attrs);
+        *out_attrs = NULL;
+        return code;
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+greet_get_attribute(krb5_context kcontext,
+                    krb5_authdata_context context,
+                    void *plugin_context,
+                    void *request_context,
+                    const krb5_data *attribute,
+                    krb5_boolean *authenticated,
+                    krb5_boolean *complete,
+                    krb5_data *value,
+                    krb5_data *display_value,
+                    int *more)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+    krb5_error_code code;
+
+    if (!data_eq(*attribute, greet_attr) || greet->greeting.length == 0)
+        return ENOENT;
+
+    *authenticated = greet->verified;
+    *complete = TRUE;
+    *more = 0;
+
+    code = krb5int_copy_data_contents_add0(kcontext, &greet->greeting, value);
+    if (code == 0) {
+        code = krb5int_copy_data_contents_add0(kcontext,
+                                               &greet->greeting,
+                                               display_value);
+        if (code != 0)
+            krb5_free_data_contents(kcontext, value);
+    }
+
+    return code;
+}
+
+static krb5_error_code
+greet_set_attribute(krb5_context kcontext,
+                    krb5_authdata_context context,
+                    void *plugin_context,
+                    void *request_context,
+                    krb5_boolean complete,
+                    const krb5_data *attribute,
+                    const krb5_data *value)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+    krb5_data data;
+    krb5_error_code code;
+
+    if (!data_eq(*attribute, greet_attr))
+        return ENOENT;
+
+    if (greet->greeting.data != NULL)
+        return EEXIST;
+
+    code = krb5int_copy_data_contents_add0(kcontext, value, &data);
+    if (code != 0)
+        return code;
+
+    krb5_free_data_contents(kcontext, &greet->greeting);
+    greet->greeting = data;
+    greet->verified = FALSE;
+
+    return 0;
+}
+
+static krb5_error_code
+greet_delete_attribute(krb5_context kcontext,
+                       krb5_authdata_context context,
+                       void *plugin_context,
+                       void *request_context,
+                       const krb5_data *attribute)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+
+    krb5_free_data_contents(kcontext, &greet->greeting);
+    greet->verified = FALSE;
+
+    return 0;
+}
+
+static krb5_error_code
+greet_size(krb5_context kcontext,
+           krb5_authdata_context context,
+           void *plugin_context,
+           void *request_context,
+           size_t *sizep)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+
+    *sizep += sizeof(krb5_int32) +
+        greet->greeting.length +
+        sizeof(krb5_int32);
+
+    return 0;
+}
+
+static krb5_error_code
+greet_externalize(krb5_context kcontext,
+                  krb5_authdata_context context,
+                  void *plugin_context,
+                  void *request_context,
+                  krb5_octet **buffer,
+                  size_t *lenremain)
+{
+    size_t required = 0;
+    struct greet_context *greet = (struct greet_context *)request_context;
+
+    greet_size(kcontext, context, plugin_context,
+               request_context, &required);
+
+    if (*lenremain < required)
+        return ENOMEM;
+
+    /* Greeting Length | Greeting Contents | Verified */
+    krb5_ser_pack_int32(greet->greeting.length, buffer, lenremain);
+    krb5_ser_pack_bytes((krb5_octet *)greet->greeting.data,
+                        (size_t)greet->greeting.length,
+                        buffer, lenremain);
+    krb5_ser_pack_int32((krb5_int32)greet->verified, buffer, lenremain);
+
+    return 0;
+}
+
+static krb5_error_code
+greet_internalize(krb5_context kcontext,
+                  krb5_authdata_context context,
+                  void *plugin_context,
+                  void *request_context,
+                  krb5_octet **buffer,
+                  size_t *lenremain)
+{
+    struct greet_context *greet = (struct greet_context *)request_context;
+    krb5_error_code code;
+    krb5_int32 length;
+    krb5_octet *contents = NULL;
+    krb5_int32 verified;
+    krb5_octet *bp;
+    size_t remain;
+
+    bp = *buffer;
+    remain = *lenremain;
+
+    /* Greeting Length */
+    code = krb5_ser_unpack_int32(&length, &bp, &remain);
+    if (code != 0)
+        return code;
+
+    /* Greeting Contents */
+    if (length != 0) {
+        contents = malloc(length);
+        if (contents == NULL)
+            return ENOMEM;
+
+        code = krb5_ser_unpack_bytes(contents, (size_t)length, &bp, &remain);
+        if (code != 0) {
+            free(contents);
+            return code;
+        }
+    }
+
+    /* Verified */
+    code = krb5_ser_unpack_int32(&verified, &bp, &remain);
+    if (code != 0) {
+        free(contents);
+        return code;
+    }
+
+    krb5_free_data_contents(kcontext, &greet->greeting);
+    greet->greeting.length = length;
+    greet->greeting.data = (char *)contents;
+    greet->verified = (verified != 0);
+
+    *buffer = bp;
+    *lenremain = remain;
+
+    return 0;
+}
+
+static krb5_authdatatype greet_ad_types[] = { -42, 0 };
+
+krb5plugin_authdata_client_ftable_v0 authdata_client_0 = {
+    "greet",
+    greet_ad_types,
+    greet_init,
+    greet_fini,
+    greet_flags,
+    greet_request_init,
+    greet_request_fini,
+    greet_get_attribute_types,
+    greet_get_attribute,
+    greet_set_attribute,
+    greet_delete_attribute,
+    greet_export_authdata,
+    greet_import_authdata,
+    NULL,
+    NULL,
+    NULL,
+    greet_size,
+    greet_externalize,
+    greet_internalize,
+    NULL
+};
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_client/greet_client.exports b/krb5-1.21.3/src/plugins/authdata/greet_client/greet_client.exports
new file mode 100644
index 00000000..8d5d5c47
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_client/greet_client.exports
@@ -0,0 +1 @@
+authdata_client_0
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_server/Makefile.in b/krb5-1.21.3/src/plugins/authdata/greet_server/Makefile.in
new file mode 100644
index 00000000..186ca9ca
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_server/Makefile.in
@@ -0,0 +1,21 @@
+mydir=plugins$(S)authdata$(S)greet_server
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=greet_server
+LIBMAJOR=1
+LIBMINOR=0
+SHLIB_EXPDEPS = $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS= -lkrb5 $(COM_ERR_LIB) -lk5crypto $(SUPPORT_LIB) $(LIBS)
+
+STLIBOBJS= greet_auth.o
+
+SRCS=	greet_auth.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_server/deps b/krb5-1.21.3/src/plugins/authdata/greet_server/deps
new file mode 100644
index 00000000..07943cd9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_server/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcauthdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  greet_auth.c
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_server/greet_auth.c b/krb5-1.21.3/src/plugins/authdata/greet_server/greet_auth.c
new file mode 100644
index 00000000..7ef8f666
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_server/greet_auth.c
@@ -0,0 +1,140 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/authdata/greet_server/greet_auth.c */
+/*
+ * Copyright 2009 by the Massachusetts Institute of Technology.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Sample authorization data plugin
+ */
+
+#include <k5-int.h>
+#include <krb5/kdcauthdata_plugin.h>
+
+static krb5_error_code greet_hello(krb5_context context, krb5_data **ret)
+{
+    krb5_data tmp;
+
+    tmp.data = "Hello, KDC issued acceptor world!";
+    tmp.length = strlen(tmp.data);
+
+    return krb5_copy_data(context, &tmp, ret);
+}
+
+static krb5_error_code
+greet_kdc_sign(krb5_context context,
+               krb5_enc_tkt_part *enc_tkt_reply,
+               krb5_const_principal tgs,
+               krb5_data *greeting)
+{
+    krb5_error_code code;
+    krb5_authdata ad_datum, *ad_data[2], **kdc_issued = NULL;
+    krb5_authdata **if_relevant = NULL;
+    krb5_authdata **tkt_authdata;
+
+    ad_datum.ad_type = -42;
+    ad_datum.contents = (krb5_octet *)greeting->data;
+    ad_datum.length = greeting->length;
+
+    ad_data[0] = &ad_datum;
+    ad_data[1] = NULL;
+
+    code = krb5_make_authdata_kdc_issued(context,
+                                         enc_tkt_reply->session,
+                                         tgs,
+                                         ad_data,
+                                         &kdc_issued);
+    if (code != 0)
+        return code;
+
+    code = krb5_encode_authdata_container(context,
+                                          KRB5_AUTHDATA_IF_RELEVANT,
+                                          kdc_issued,
+                                          &if_relevant);
+    if (code != 0) {
+        krb5_free_authdata(context, kdc_issued);
+        return code;
+    }
+
+    code = krb5_merge_authdata(context,
+                               if_relevant,
+                               enc_tkt_reply->authorization_data,
+                               &tkt_authdata);
+    if (code == 0) {
+        krb5_free_authdata(context, enc_tkt_reply->authorization_data);
+        enc_tkt_reply->authorization_data = tkt_authdata;
+    }
+
+    krb5_free_authdata(context, if_relevant);
+    krb5_free_authdata(context, kdc_issued);
+
+    return code;
+}
+
+static krb5_error_code
+greet_authdata(krb5_context context,
+               krb5_kdcauthdata_moddata moddata,
+               unsigned int flags,
+               krb5_db_entry *client,
+               krb5_db_entry *server,
+               krb5_db_entry *tgs,
+               krb5_keyblock *client_key,
+               krb5_keyblock *server_key,
+               krb5_keyblock *krbtgt_key,
+               krb5_data *req_pkt,
+               krb5_kdc_req *request,
+               krb5_const_principal for_user_princ,
+               krb5_enc_tkt_part *enc_tkt_request,
+               krb5_enc_tkt_part *enc_tkt_reply)
+{
+    krb5_error_code code;
+    krb5_data *greeting = NULL;
+
+    if (request->msg_type != KRB5_TGS_REQ)
+        return 0;
+
+    code = greet_hello(context, &greeting);
+    if (code != 0)
+        return code;
+
+    code = greet_kdc_sign(context, enc_tkt_reply, tgs->princ, greeting);
+
+    krb5_free_data(context, greeting);
+
+    return code;
+}
+
+krb5_error_code
+kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_kdcauthdata_vtable vt = (krb5_kdcauthdata_vtable)vtable;
+
+    vt->name = "greet";
+    vt->handle = greet_authdata;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/authdata/greet_server/greet_server.exports b/krb5-1.21.3/src/plugins/authdata/greet_server/greet_server.exports
new file mode 100644
index 00000000..bddbef18
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/authdata/greet_server/greet_server.exports
@@ -0,0 +1 @@
+kdcauthdata_greet_initvt
diff --git a/krb5-1.21.3/src/plugins/certauth/test/Makefile.in b/krb5-1.21.3/src/plugins/certauth/test/Makefile.in
new file mode 100644
index 00000000..e94c1384
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/certauth/test/Makefile.in
@@ -0,0 +1,20 @@
+mydir=plugins$(S)certauth$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=certauth_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/certauth/test
+SHLIB_EXPDEPS=$(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(KDB5_LIBS) $(KRB5_BASE_LIBS)
+
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/certauth/test/certauth_test.exports b/krb5-1.21.3/src/plugins/certauth/test/certauth_test.exports
new file mode 100644
index 00000000..ecb9aa2f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/certauth/test/certauth_test.exports
@@ -0,0 +1,3 @@
+certauth_test1_initvt
+certauth_test2_initvt
+certauth_test3_initvt
diff --git a/krb5-1.21.3/src/plugins/certauth/test/deps b/krb5-1.21.3/src/plugins/certauth/test/deps
new file mode 100644
index 00000000..f8261054
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/certauth/test/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/certauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h main.c
diff --git a/krb5-1.21.3/src/plugins/certauth/test/main.c b/krb5-1.21.3/src/plugins/certauth/test/main.c
new file mode 100644
index 00000000..eea5cc6f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/certauth/test/main.c
@@ -0,0 +1,278 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/certauth/main.c - certauth plugin test modules. */
+/*
+ * Copyright (C) 2017 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include <kdb.h>
+#include "krb5/certauth_plugin.h"
+
+struct krb5_certauth_moddata_st {
+    int initialized;
+};
+
+/* Test module 1 passes with an indicator. */
+static krb5_error_code
+test1_authorize(krb5_context context, krb5_certauth_moddata moddata,
+                const uint8_t *cert, size_t cert_len,
+                krb5_const_principal princ, const void *opts,
+                const struct _krb5_db_entry_new *db_entry,
+                char ***authinds_out)
+{
+    char **ais = NULL;
+
+    ais = calloc(2, sizeof(*ais));
+    assert(ais != NULL);
+    ais[0] = strdup("test1");
+    assert(ais[0] != NULL);
+    *authinds_out = ais;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+static void
+test_free_ind(krb5_context context, krb5_certauth_moddata moddata,
+              char **authinds)
+{
+    size_t i;
+
+    if (authinds == NULL)
+        return;
+    for (i = 0; authinds[i] != NULL; i++)
+        free(authinds[i]);
+    free(authinds);
+}
+
+/* A basic moddata test. */
+static krb5_error_code
+test2_init(krb5_context context, krb5_certauth_moddata *moddata_out)
+{
+    krb5_certauth_moddata mod;
+
+    mod = calloc(1, sizeof(*mod));
+    assert(mod != NULL);
+    mod->initialized = 1;
+    *moddata_out = mod;
+    return 0;
+}
+
+static void
+test2_fini(krb5_context context, krb5_certauth_moddata moddata)
+{
+    free(moddata);
+}
+
+/* Return true if cert appears to contain the CN name, based on a search of the
+ * DER encoding. */
+static krb5_boolean
+has_cn(krb5_context context, const uint8_t *cert, size_t cert_len,
+       const char *name)
+{
+    krb5_boolean match = FALSE;
+    uint8_t name_len, cntag[5] = "\x06\x03\x55\x04\x03";
+    const uint8_t *c;
+    struct k5buf buf;
+    size_t c_left;
+
+    /* Construct a DER search string of the CN AttributeType encoding followed
+     * by a UTF8String encoding containing name as the AttributeValue. */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, cntag, sizeof(cntag));
+    k5_buf_add(&buf, "\x0C");
+    assert(strlen(name) < 128);
+    name_len = strlen(name);
+    k5_buf_add_len(&buf, &name_len, 1);
+    k5_buf_add_len(&buf, name, name_len);
+    assert(k5_buf_status(&buf) == 0);
+
+    /* Check for the CN needle in the certificate haystack. */
+    c_left = cert_len;
+    c = memchr(cert, *cntag, c_left);
+    while (c != NULL) {
+        c_left = cert_len - (c - cert);
+        if (buf.len > c_left)
+            break;
+        if (memcmp(c, buf.data, buf.len) == 0) {
+            match = TRUE;
+            break;
+        }
+        assert(c_left >= 1);
+        c = memchr(c + 1, *cntag, c_left - 1);
+    }
+
+    k5_buf_free(&buf);
+    return match;
+}
+
+/*
+ * Test module 2 passes if the principal name is "nocert".  Otherwise it
+ * returns OK if the CN of the cert matches the principal name, with indicators
+ * of the module name and princ, and errors if the certificate does not match.
+ */
+static krb5_error_code
+test2_authorize(krb5_context context, krb5_certauth_moddata moddata,
+                const uint8_t *cert, size_t cert_len,
+                krb5_const_principal princ, const void *opts,
+                const struct _krb5_db_entry_new *db_entry,
+                char ***authinds_out)
+{
+    krb5_error_code ret;
+    char *name = NULL, **ais = NULL;
+
+    *authinds_out = NULL;
+
+    assert(moddata != NULL && moddata->initialized);
+
+    ret = krb5_unparse_name_flags(context, princ,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
+    if (ret)
+        goto cleanup;
+    if (strcmp(name, "nocert") == 0) {
+        ret = KRB5_PLUGIN_NO_HANDLE;
+        goto cleanup;
+    }
+
+    if (!has_cn(context, cert, cert_len, name)) {
+        ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH;
+        goto cleanup;
+    }
+
+    /* Create an indicator list with the module name and CN. */
+    ais = calloc(3, sizeof(*ais));
+    assert(ais != NULL);
+    ais[0] = strdup("test2");
+    ais[1] = strdup(name);
+    assert(ais[0] != NULL && ais[1] != NULL);
+    *authinds_out = ais;
+
+    ais = NULL;
+
+cleanup:
+    krb5_free_unparsed_name(context, name);
+    return ret;
+}
+
+/*
+ * Test module 3 reads the "hwauth" string attribute on db_entry, and adds an
+ * authentication indicator of "hwauth:<value>" if the attribute is set.  It
+ * returns KRB5_CERTAUTH_HWAUTH if the value is "ok", and
+ * KRB5_CERTAUTH_HWAUTH_PASS if the value is "pass".  Otherwise it passes.
+ */
+static krb5_error_code
+test3_authorize(krb5_context context, krb5_certauth_moddata moddata,
+                const uint8_t *cert, size_t cert_len,
+                krb5_const_principal princ, const void *opts,
+                const struct _krb5_db_entry_new *db_entry,
+                char ***authinds_out)
+{
+    krb5_error_code ret;
+    char *strval = NULL, **ais = NULL;
+
+    ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth",
+                              &strval);
+    if (ret)
+        return ret;
+    if (strval != NULL && strcmp(strval, "ok") == 0)
+        ret = KRB5_CERTAUTH_HWAUTH;
+    else if (strval != NULL && strcmp(strval, "pass") == 0)
+        ret = KRB5_CERTAUTH_HWAUTH_PASS;
+    else
+        ret = KRB5_PLUGIN_NO_HANDLE;
+
+    if (strval != NULL) {
+        ais = calloc(2, sizeof(*ais));
+        assert(ais != NULL);
+        if (asprintf(&ais[0], "hwauth:%s", strval) < 0)
+            abort();
+        assert(ais[0] != NULL);
+    }
+
+    *authinds_out = ais;
+    ais = NULL;
+
+    krb5_dbe_free_string(context, strval);
+    return ret;
+}
+
+krb5_error_code
+certauth_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+krb5_error_code
+certauth_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_certauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_certauth_vtable)vtable;
+    vt->name = "test1";
+    vt->authorize = test1_authorize;
+    vt->free_ind = test_free_ind;
+    return 0;
+}
+
+krb5_error_code
+certauth_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+krb5_error_code
+certauth_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_certauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_certauth_vtable)vtable;
+    vt->name = "test2";
+    vt->authorize = test2_authorize;
+    vt->init = test2_init;
+    vt->fini = test2_fini;
+    vt->free_ind = test_free_ind;
+    return 0;
+}
+
+krb5_error_code
+certauth_test3_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+
+krb5_error_code
+certauth_test3_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_certauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_certauth_vtable)vtable;
+    vt->name = "test3";
+    vt->authorize = test3_authorize;
+    vt->free_ind = test_free_ind;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/gssapi/negoextest/Makefile.in b/krb5-1.21.3/src/plugins/gssapi/negoextest/Makefile.in
new file mode 100644
index 00000000..62e8a373
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/gssapi/negoextest/Makefile.in
@@ -0,0 +1,20 @@
+mydir=plugins$(S)gssapi$(S)negoextest
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=gss_negoextest
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/gssapi/negoextest
+SHLIB_EXPDEPS=$(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(GSS_LIBS) $(KRB5_BASE_LIBS)
+
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/gssapi/negoextest/deps b/krb5-1.21.3/src/plugins/gssapi/negoextest/deps
new file mode 100644
index 00000000..1e18ff41
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/gssapi/negoextest/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  main.c
diff --git a/krb5-1.21.3/src/plugins/gssapi/negoextest/gss_negoextest.exports b/krb5-1.21.3/src/plugins/gssapi/negoextest/gss_negoextest.exports
new file mode 100644
index 00000000..7825ab13
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/gssapi/negoextest/gss_negoextest.exports
@@ -0,0 +1,13 @@
+gss_accept_sec_context
+gss_acquire_cred
+gss_acquire_cred_with_password
+gss_delete_sec_context
+gss_display_status
+gss_import_name
+gss_init_sec_context
+gss_inquire_sec_context_by_oid
+gss_release_cred
+gss_release_name
+gssspi_exchange_meta_data
+gssspi_query_mechanism_info
+gssspi_query_meta_data
diff --git a/krb5-1.21.3/src/plugins/gssapi/negoextest/main.c b/krb5-1.21.3/src/plugins/gssapi/negoextest/main.c
new file mode 100644
index 00000000..72fc5273
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/gssapi/negoextest/main.c
@@ -0,0 +1,358 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/gssapi/negoextest/main.c - GSS test module for NegoEx */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+#include <gssapi/gssapi_alloc.h>
+
+struct test_context {
+    int initiator;
+    uint8_t hops;               /* hops remaining; 0 means established */
+};
+
+OM_uint32 KRB5_CALLCONV
+gss_init_sec_context(OM_uint32 *minor_status,
+                     gss_cred_id_t claimant_cred_handle,
+                     gss_ctx_id_t *context_handle, gss_name_t target_name,
+                     gss_OID mech_type, OM_uint32 req_flags,
+                     OM_uint32 time_req,
+                     gss_channel_bindings_t input_chan_bindings,
+                     gss_buffer_t input_token, gss_OID *actual_mech,
+                     gss_buffer_t output_token, OM_uint32 *ret_flags,
+                     OM_uint32 *time_rec)
+{
+    struct test_context *ctx = (struct test_context *)*context_handle;
+    OM_uint32 major;
+    gss_buffer_desc tok;
+    const char *envstr;
+    uint8_t hops, mech_last_octet;
+
+    envstr = getenv("GSS_INIT_BINDING");
+    if (envstr != NULL) {
+        assert(strlen(envstr) > 0);
+        assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS);
+        assert(strlen(envstr) == input_chan_bindings->application_data.length);
+        assert(strcmp((char *)input_chan_bindings->application_data.value,
+                      envstr) == 0);
+    }
+
+    if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
+        envstr = getenv("HOPS");
+        hops = (envstr != NULL) ? atoi(envstr) : 1;
+        assert(hops > 0);
+    } else if (input_token->length == 4 &&
+               memcmp(input_token->value, "fail", 4) == 0) {
+        *minor_status = 12345;
+        return GSS_S_FAILURE;
+    } else {
+        hops = ((uint8_t *)input_token->value)[0];
+    }
+
+    mech_last_octet = ((uint8_t *)mech_type->elements)[mech_type->length - 1];
+    envstr = getenv("INIT_FAIL");
+    if (envstr != NULL && atoi(envstr) == mech_last_octet)
+        return GSS_S_FAILURE;
+
+    if (ctx == NULL) {
+        ctx = malloc(sizeof(*ctx));
+        assert(ctx != NULL);
+        ctx->initiator = 1;
+        ctx->hops = hops;
+        *context_handle = (gss_ctx_id_t)ctx;
+    } else if (ctx != NULL) {
+        assert(ctx->initiator);
+        ctx->hops--;
+        assert(ctx->hops == hops);
+    }
+
+    if (ctx->hops > 0) {
+        /* Generate a token containing the remaining hop count. */
+        ctx->hops--;
+        tok.value = &ctx->hops;
+        tok.length = 1;
+        major = gss_encapsulate_token(&tok, mech_type, output_token);
+        assert(major == GSS_S_COMPLETE);
+    }
+
+    return (ctx->hops > 0) ? GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle,
+                       gss_cred_id_t verifier_cred_handle,
+                       gss_buffer_t input_token,
+                       gss_channel_bindings_t input_chan_bindings,
+                       gss_name_t *src_name, gss_OID *mech_type,
+                       gss_buffer_t output_token, OM_uint32 *ret_flags,
+                       OM_uint32 *time_rec,
+                       gss_cred_id_t *delegated_cred_handle)
+{
+    struct test_context *ctx = (struct test_context *)*context_handle;
+    uint8_t hops, mech_last_octet;
+    const char *envstr;
+
+    envstr = getenv("GSS_ACCEPT_BINDING");
+    if (envstr != NULL) {
+        assert(strlen(envstr) > 0);
+        assert(input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS);
+        assert(strlen(envstr) == input_chan_bindings->application_data.length);
+        assert(strcmp((char *)input_chan_bindings->application_data.value,
+                      envstr) == 0);
+    }
+
+    /*
+     * The unwrapped token sits at the end and is just one byte giving the
+     * remaining number of hops.  The final octet of the mech encoding should
+     * be just prior to it.
+     */
+    assert(input_token->length >= 2);
+    hops = ((uint8_t *)input_token->value)[input_token->length - 1];
+    mech_last_octet = ((uint8_t *)input_token->value)[input_token->length - 2];
+
+    envstr = getenv("ACCEPT_FAIL");
+    if (envstr != NULL && atoi(envstr) == mech_last_octet) {
+        output_token->value = gssalloc_strdup("fail");
+        assert(output_token->value != NULL);
+        output_token->length = 4;
+        return GSS_S_FAILURE;
+    }
+
+    if (*context_handle == GSS_C_NO_CONTEXT) {
+        ctx = malloc(sizeof(*ctx));
+        assert(ctx != NULL);
+        ctx->initiator = 0;
+        ctx->hops = hops;
+        *context_handle = (gss_ctx_id_t)ctx;
+    } else {
+        assert(!ctx->initiator);
+        ctx->hops--;
+        assert(ctx->hops == hops);
+    }
+
+    if (ctx->hops > 0) {
+        /* Generate a token containing the remaining hop count. */
+        ctx->hops--;
+        output_token->value = gssalloc_malloc(1);
+        assert(output_token->value != NULL);
+        memcpy(output_token->value, &ctx->hops, 1);
+        output_token->length = 1;
+    }
+
+    return (ctx->hops > 0) ? GSS_S_CONTINUE_NEEDED : GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle,
+                       gss_buffer_t output_token)
+{
+    free(*context_handle);
+    *context_handle = GSS_C_NO_CONTEXT;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name,
+                 OM_uint32 time_req, gss_OID_set desired_mechs,
+                 gss_cred_usage_t cred_usage,
+                 gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs,
+                 OM_uint32 *time_rec)
+{
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_acquire_cred_with_password(OM_uint32 *minor_status,
+                               const gss_name_t desired_name,
+                               const gss_buffer_t password, OM_uint32 time_req,
+                               const gss_OID_set desired_mechs,
+                               gss_cred_usage_t cred_usage,
+                               gss_cred_id_t *output_cred_handle,
+                               gss_OID_set *actual_mechs, OM_uint32 *time_rec)
+{
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
+{
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer,
+                gss_OID input_name_type, gss_name_t *output_name)
+{
+    static int dummy;
+
+    /*
+     * We don't need to remember anything about names, but we do need to
+     * distinguish them from GSS_C_NO_NAME (to determine the direction of
+     * gss_query_meta_data() and gss_exchange_meta_data()), so assign an
+     * arbitrary data pointer.
+     */
+    *output_name = (gss_name_t)&dummy;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_release_name(OM_uint32 *minor_status, gss_name_t *input_name)
+{
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
+                   int status_type, gss_OID mech_type,
+                   OM_uint32 *message_context, gss_buffer_t status_string)
+{
+    if (status_type == GSS_C_MECH_CODE && status_value == 12345) {
+        status_string->value = gssalloc_strdup("failure from acceptor");
+        assert(status_string->value != NULL);
+        status_string->length = strlen(status_string->value);
+        return GSS_S_COMPLETE;
+    }
+    return GSS_S_BAD_STATUS;
+}
+
+OM_uint32 KRB5_CALLCONV
+gssspi_query_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
+                       gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle,
+                       const gss_name_t targ_name, OM_uint32 req_flags,
+                       gss_buffer_t meta_data)
+{
+    const char *envstr;
+    uint8_t mech_last_octet;
+    int initiator = (targ_name != GSS_C_NO_NAME);
+
+    mech_last_octet = ((uint8_t *)mech_oid->elements)[mech_oid->length - 1];
+    envstr = getenv(initiator ? "INIT_QUERY_FAIL" : "ACCEPT_QUERY_FAIL");
+    if (envstr != NULL && atoi(envstr) == mech_last_octet)
+        return GSS_S_FAILURE;
+    envstr = getenv(initiator ? "INIT_QUERY_NONE" : "ACCEPT_QUERY_NONE");
+    if (envstr != NULL && atoi(envstr) == mech_last_octet)
+        return GSS_S_COMPLETE;
+
+    meta_data->value = gssalloc_strdup("X");
+    meta_data->length = 1;
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gssspi_exchange_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
+                          gss_cred_id_t cred_handle,
+                          gss_ctx_id_t *context_handle,
+                          const gss_name_t targ_name, OM_uint32 req_flags,
+                          gss_const_buffer_t meta_data)
+{
+    const char *envstr;
+    uint8_t mech_last_octet;
+    int initiator = (targ_name != GSS_C_NO_NAME);
+
+    mech_last_octet = ((uint8_t *)mech_oid->elements)[mech_oid->length - 1];
+    envstr = getenv(initiator ? "INIT_EXCHANGE_FAIL" : "ACCEPT_EXCHANGE_FAIL");
+    if (envstr != NULL && atoi(envstr) == mech_last_octet)
+        return GSS_S_FAILURE;
+
+    assert(meta_data->length == 1 && memcmp(meta_data->value, "X", 1) == 0);
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gssspi_query_mechanism_info(OM_uint32 *minor_status, gss_const_OID mech_oid,
+                            unsigned char auth_scheme[16])
+{
+    /* Copy the mech OID encoding and right-pad it with zeros. */
+    memset(auth_scheme, 0, 16);
+    assert(mech_oid->length <= 16);
+    memcpy(auth_scheme, mech_oid->elements, mech_oid->length);
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32 KRB5_CALLCONV
+gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+                               const gss_ctx_id_t context_handle,
+                               const gss_OID desired_object,
+                               gss_buffer_set_t *data_set)
+{
+    struct test_context *ctx = (struct test_context *)context_handle;
+    OM_uint32 major;
+    uint8_t keybytes[32] = { 0 };
+    uint8_t typebytes[4];
+    gss_buffer_desc key, type;
+    const char *envstr;
+    int ask_verify;
+
+    if (gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_KEY))
+        ask_verify = 0;
+    else if (gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_VERIFY_KEY))
+        ask_verify = 1;
+    else
+        return GSS_S_UNAVAILABLE;
+
+    /*
+     * By default, make a key available only if the context is established.
+     * This can be overridden to "always", "init-always", "accept-always",
+     * or "never".
+     */
+    envstr = getenv("KEY");
+    if (envstr != NULL && strcmp(envstr, "never") == 0) {
+        return GSS_S_UNAVAILABLE;
+    } else if (ctx->hops > 0) {
+        if (envstr == NULL)
+            return GSS_S_UNAVAILABLE;
+        else if (strcmp(envstr, "init-always") == 0 && !ctx->initiator)
+            return GSS_S_UNAVAILABLE;
+        else if (strcmp(envstr, "accept-always") == 0 && ctx->initiator)
+            return GSS_S_UNAVAILABLE;
+    }
+
+    /* Perturb the key so that each side's verifier key is equal to the other's
+     * checksum key. */
+    keybytes[0] = ask_verify ^ ctx->initiator;
+
+    /* Supply an all-zeros aes256-sha1 negoex key. */
+    if (gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_KEY) ||
+        gss_oid_equal(desired_object, GSS_C_INQ_NEGOEX_VERIFY_KEY)) {
+        store_32_le(ENCTYPE_AES256_CTS_HMAC_SHA1_96, typebytes);
+        key.value = keybytes;
+        key.length = sizeof(keybytes);
+        type.value = typebytes;
+        type.length = sizeof(typebytes);
+        major = gss_add_buffer_set_member(minor_status, &key, data_set);
+        if (major != GSS_S_COMPLETE)
+            return major;
+        return gss_add_buffer_set_member(minor_status, &type, data_set);
+    }
+
+    return GSS_S_UNAVAILABLE;
+}
diff --git a/krb5-1.21.3/src/plugins/hostrealm/test/Makefile.in b/krb5-1.21.3/src/plugins/hostrealm/test/Makefile.in
new file mode 100644
index 00000000..e624aa1d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/hostrealm/test/Makefile.in
@@ -0,0 +1,21 @@
+mydir=plugins$(S)hostrealm$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=hostrealm_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/hostrealm/test
+# Depends on libkrb5 and possibly libkrb5support
+SHLIB_EXPDEPS= $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS= $(KRB5_BASE_LIBS)
+
+STLIBOBJS=main.o
+
+SRCS= $(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/hostrealm/test/deps b/krb5-1.21.3/src/plugins/hostrealm/test/deps
new file mode 100644
index 00000000..d91fef86
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/hostrealm/test/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/hostrealm_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  main.c
diff --git a/krb5-1.21.3/src/plugins/hostrealm/test/hostrealm_test.exports b/krb5-1.21.3/src/plugins/hostrealm/test/hostrealm_test.exports
new file mode 100644
index 00000000..1adb7592
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/hostrealm/test/hostrealm_test.exports
@@ -0,0 +1,2 @@
+hostrealm_test1_initvt
+hostrealm_test2_initvt
diff --git a/krb5-1.21.3/src/plugins/hostrealm/test/main.c b/krb5-1.21.3/src/plugins/hostrealm/test/main.c
new file mode 100644
index 00000000..3b36dce7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/hostrealm/test/main.c
@@ -0,0 +1,197 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/hostrealm/test/main.c - test module for host-realm interface */
+/*
+ * Copyright (C) 2010,2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements two hostrealm modules named "test1" and "test2".
+ *
+ * The first module returns multi-element lists.  For host_realm and
+ * fallback_realm, it returns a list of the host's components in order.  For
+ * default_realm, it returns a list containing "one" and "two".
+ *
+ * The second module tests error handling.  For host_realm and fallback_realm,
+ * it returns a fatal error on hosts beginning with 'z', a list containing "a"
+ * for hosts beginning with 'a', and passes control to later modules otherwise.
+ * For default_realm, it returns a fatal error.
+ */
+
+#include <k5-int.h>
+#include <krb5/hostrealm_plugin.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+static krb5_error_code
+split_comps(krb5_context context, krb5_hostrealm_moddata data,
+            const char *host, char ***realms_out)
+{
+    krb5_error_code ret;
+    const char *p, *q;
+    char *word = NULL, **list = NULL, **newptr;
+    size_t count = 0;
+
+    *realms_out = NULL;
+    if (*host == '\0')
+        return KRB5_PLUGIN_NO_HANDLE;
+    p = host;
+    while (TRUE) {
+        q = strchr(p, '.');
+        word = (q == NULL) ? strdup(p) : k5memdup0(p, q - p, &ret);
+        if (word == NULL)
+            goto oom;
+        newptr = realloc(list, (count + 2) * sizeof(*list));
+        if (newptr == NULL)
+            goto oom;
+        list = newptr;
+        list[count++] = word;
+        list[count] = NULL;
+        word = NULL;
+        if (q == NULL)
+            break;
+        p = q + 1;
+    }
+    *realms_out = list;
+    return 0;
+
+oom:
+    krb5_free_host_realm(context, list);
+    free(word);
+    return ENOMEM;
+}
+
+static krb5_error_code
+multi_defrealm(krb5_context context, krb5_hostrealm_moddata data,
+               char ***realms_out)
+{
+    char **list = NULL, *one = NULL, *two = NULL;
+
+    *realms_out = NULL;
+    one = strdup("one");
+    if (one == NULL)
+        goto oom;
+    two = strdup("two");
+    if (two == NULL)
+        goto oom;
+    list = calloc(3, sizeof(*list));
+    if (list == NULL)
+        goto oom;
+    list[0] = one;
+    list[1] = two;
+    list[2] = NULL;
+    *realms_out = list;
+    return 0;
+
+oom:
+    free(one);
+    free(two);
+    free(list);
+    return ENOMEM;
+}
+
+static krb5_error_code
+maybe_realm(krb5_context context, krb5_hostrealm_moddata data,
+            const char *host, char ***realms_out)
+{
+    char **list, *a;
+
+    *realms_out = NULL;
+    if (*host == 'z')
+        return KRB5_ERR_NO_SERVICE;
+    if (*host != 'a')
+        return KRB5_PLUGIN_NO_HANDLE;
+    a = strdup("a");
+    if (a == NULL)
+        return ENOMEM;
+    list = calloc(2, sizeof(*list));
+    if (list == NULL) {
+        free(a);
+        return ENOMEM;
+    }
+    list[0] = a;
+    list[1] = NULL;
+    *realms_out = list;
+    return 0;
+}
+
+static krb5_error_code
+error(krb5_context context, krb5_hostrealm_moddata data, char ***realms_out)
+{
+    *realms_out = NULL;
+    return KRB5_ERR_NO_SERVICE;
+}
+
+static void
+free_realmlist(krb5_context context, krb5_hostrealm_moddata data,
+               char **list)
+{
+    krb5_free_host_realm(context, list);
+}
+
+krb5_error_code
+hostrealm_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+krb5_error_code
+hostrealm_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+
+krb5_error_code
+hostrealm_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_hostrealm_vtable)vtable;
+    vt->name = "test1";
+    vt->host_realm = split_comps;
+    vt->fallback_realm = split_comps;
+    vt->default_realm = multi_defrealm;
+    vt->free_list = free_realmlist;
+    return 0;
+}
+
+krb5_error_code
+hostrealm_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_hostrealm_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_hostrealm_vtable)vtable;
+    vt->name = "test2";
+    vt->host_realm = maybe_realm;
+    vt->default_realm = error;
+    vt->free_list = free_realmlist;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kadm5_auth/test/Makefile.in b/krb5-1.21.3/src/plugins/kadm5_auth/test/Makefile.in
new file mode 100644
index 00000000..825c4aea
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_auth/test/Makefile.in
@@ -0,0 +1,20 @@
+mydir=plugins$(S)kadm5_auth$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=kadm5_auth_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kadm5_auth/test
+SHLIB_EXPDEPS=$(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(KDB5_LIBS) $(KRB5_BASE_LIBS) $(LIBS)
+
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/kadm5_auth/test/deps b/krb5-1.21.3/src/plugins/kadm5_auth/test/deps
new file mode 100644
index 00000000..a2b74c21
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_auth/test/deps
@@ -0,0 +1,22 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kadm5_auth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h main.c
diff --git a/krb5-1.21.3/src/plugins/kadm5_auth/test/kadm5_auth_test.exports b/krb5-1.21.3/src/plugins/kadm5_auth/test/kadm5_auth_test.exports
new file mode 100644
index 00000000..31319af2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_auth/test/kadm5_auth_test.exports
@@ -0,0 +1,2 @@
+kadm5_auth_welcomer_initvt
+kadm5_auth_bouncer_initvt
diff --git a/krb5-1.21.3/src/plugins/kadm5_auth/test/main.c b/krb5-1.21.3/src/plugins/kadm5_auth/test/main.c
new file mode 100644
index 00000000..6899f22e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_auth/test/main.c
@@ -0,0 +1,305 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kadm5_auth/test/main.c - test modules for kadm5_auth interface */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements two testing kadm5_auth modules, the welcomer and the
+ * bouncer.  The welcomer implements permissive behavior, while the bouncer
+ * implements restrictive behavior.
+ *
+ * Module data objects and restrictions are adequately tested by the acl
+ * module, so we do not test them here.  Focus instead on the ability to
+ * examine principal and policy objects and to perform DB operations.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include <krb5/kadm5_auth_plugin.h>
+
+krb5_error_code
+kadm5_auth_welcomer_initvt(krb5_context context, int maj_ver, int min_ver,
+                           krb5_plugin_vtable vtable);
+krb5_error_code
+kadm5_auth_bouncer_initvt(krb5_context context, int maj_ver, int min_ver,
+                          krb5_plugin_vtable vtable);
+
+/* The welcomer authorizes all getprinc operations, since kadmin uses them as a
+ * precursor to modprinc. */
+static krb5_error_code
+welcomer_getprinc(krb5_context context, kadm5_auth_moddata data,
+                  krb5_const_principal client, krb5_const_principal target)
+{
+    return 0;
+}
+
+/* The welcomer authorizes addprinc operations which set a policy "VIP". */
+static krb5_error_code
+welcomer_addprinc(krb5_context context, kadm5_auth_moddata data,
+                  krb5_const_principal client, krb5_const_principal target,
+                  const struct _kadm5_principal_ent_t *ent, long mask,
+                  struct kadm5_auth_restrictions **rs_out)
+{
+    if ((mask & KADM5_POLICY) && strcmp(ent->policy, "VIP") == 0)
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies addprinc operations which include a maximum lifetime. */
+static krb5_error_code
+bouncer_addprinc(krb5_context context, kadm5_auth_moddata data,
+                 krb5_const_principal client, krb5_const_principal target,
+                 const struct _kadm5_principal_ent_t *ent, long mask,
+                 struct kadm5_auth_restrictions **rs_out)
+{
+    return (mask & KADM5_MAX_LIFE) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer authorizes modprinc operations which only set maxrenewlife. */
+static krb5_error_code
+welcomer_modprinc(krb5_context context, kadm5_auth_moddata data,
+                  krb5_const_principal client, krb5_const_principal target,
+                  const struct _kadm5_principal_ent_t *ent, long mask,
+                  struct kadm5_auth_restrictions **rs_out)
+{
+    return (mask == KADM5_MAX_RLIFE) ? 0 : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies modprinc operations if the target principal has an even
+ * number of components. */
+static krb5_error_code
+bouncer_modprinc(krb5_context context, kadm5_auth_moddata data,
+                 krb5_const_principal client, krb5_const_principal target,
+                 const struct _kadm5_principal_ent_t *ent, long mask,
+                 struct kadm5_auth_restrictions **rs_out)
+{
+    return (target->length % 2 == 0) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer authorizes setstr operations for the attribute "note". */
+static krb5_error_code
+welcomer_setstr(krb5_context context, kadm5_auth_moddata data,
+                krb5_const_principal client, krb5_const_principal target,
+                const char *key, const char *value)
+{
+    return (strcmp(key, "note") == 0) ? 0 : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies setstr operations if the value is more than 10 bytes. */
+static krb5_error_code
+bouncer_setstr(krb5_context context, kadm5_auth_moddata data,
+               krb5_const_principal client, krb5_const_principal target,
+               const char *key, const char *value)
+{
+    return (strlen(value) > 10) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer authorizes delprinc operations if the target principal starts
+ * with "d". */
+static krb5_error_code
+welcomer_delprinc(krb5_context context, kadm5_auth_moddata data,
+                  krb5_const_principal client, krb5_const_principal target)
+{
+    if (target->length > 0 && target->data[0].length > 0 &&
+        *target->data[0].data == 'd')
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies delprinc operations if the target principal has the
+ * "nodelete" string attribute. */
+static krb5_error_code
+bouncer_delprinc(krb5_context context, kadm5_auth_moddata data,
+                 krb5_const_principal client, krb5_const_principal target)
+{
+    krb5_error_code ret;
+    krb5_db_entry *ent;
+    char *val = NULL;
+
+    if (krb5_db_get_principal(context, target, 0, &ent) != 0)
+        return EPERM;
+    ret = krb5_dbe_get_string(context, ent, "nodelete", &val);
+    krb5_db_free_principal(context, ent);
+    ret = (ret != 0 || val != NULL) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
+    krb5_dbe_free_string(context, val);
+    return ret;
+}
+
+/* The welcomer authorizes rename operations if the first components of the
+ * principals have the same length. */
+static krb5_error_code
+welcomer_renprinc(krb5_context context, kadm5_auth_moddata data,
+                  krb5_const_principal client, krb5_const_principal src,
+                  krb5_const_principal dest)
+{
+    if (src->length > 0 && dest->length > 0 &&
+        src->data[0].length == dest->data[0].length)
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies rename operations if the source principal starts with
+ * "a". */
+static krb5_error_code
+bouncer_renprinc(krb5_context context, kadm5_auth_moddata data,
+                 krb5_const_principal client, krb5_const_principal src,
+                 krb5_const_principal dest)
+{
+    if (src->length > 0 && src->data[0].length > 0 &&
+        *src->data[0].data == 'a')
+        return EPERM;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer authorizes addpol operations which set a minlength of 3. */
+static krb5_error_code
+welcomer_addpol(krb5_context context, kadm5_auth_moddata data,
+                krb5_const_principal client, const char *policy,
+                const struct _kadm5_policy_ent_t *ent, long mask)
+{
+    if ((mask & KADM5_PW_MIN_LENGTH) && ent->pw_min_length == 3)
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies addpol operations if the name is 3 bytes or less. */
+static krb5_error_code
+bouncer_addpol(krb5_context context, kadm5_auth_moddata data,
+               krb5_const_principal client, const char *policy,
+               const struct _kadm5_policy_ent_t *ent, long mask)
+{
+    return (strlen(policy) <= 3) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer authorizes modpol operations which only change min_life. */
+static krb5_error_code
+welcomer_modpol(krb5_context context, kadm5_auth_moddata data,
+                krb5_const_principal client, const char *policy,
+                const struct _kadm5_policy_ent_t *ent, long mask)
+{
+    return (mask == KADM5_PW_MIN_LIFE) ? 0 : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies modpol operations which set pw_min_life above 10. */
+static krb5_error_code
+bouncer_modpol(krb5_context context, kadm5_auth_moddata data,
+               krb5_const_principal client, const char *policy,
+               const struct _kadm5_policy_ent_t *ent, long mask)
+{
+    if ((mask & KADM5_PW_MIN_LIFE) && ent->pw_min_life > 10)
+        return EPERM;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer authorizes getpol operations if the policy and client principal
+ * policy have the same length. */
+static krb5_error_code
+welcomer_getpol(krb5_context context, kadm5_auth_moddata data,
+                krb5_const_principal client, const char *policy,
+                const char *client_policy)
+{
+    if (client_policy != NULL && strlen(policy) == strlen(client_policy))
+        return 0;
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The bouncer denies getpol operations if the policy name begins with 'x'. */
+static krb5_error_code
+bouncer_getpol(krb5_context context, kadm5_auth_moddata data,
+               krb5_const_principal client, const char *policy,
+               const char *client_policy)
+{
+    return (*policy == 'x') ? EPERM : KRB5_PLUGIN_NO_HANDLE;
+}
+
+/* The welcomer counts end calls by incrementing the "ends" string attribute on
+ * the "opcount" principal, if it exists. */
+static void
+welcomer_end(krb5_context context, kadm5_auth_moddata data)
+{
+    krb5_principal princ = NULL;
+    krb5_db_entry *ent = NULL;
+    char *val = NULL, buf[10];
+
+    if (krb5_parse_name(context, "opcount", &princ) != 0)
+        goto cleanup;
+    if (krb5_db_get_principal(context, princ, 0, &ent) != 0)
+        goto cleanup;
+    if (krb5_dbe_get_string(context, ent, "ends", &val) != 0 || val == NULL)
+        goto cleanup;
+    snprintf(buf, sizeof(buf), "%d", atoi(val) + 1);
+    if (krb5_dbe_set_string(context, ent, "ends", buf) != 0)
+        goto cleanup;
+    ent->mask = KADM5_TL_DATA;
+    krb5_db_put_principal(context, ent);
+
+cleanup:
+    krb5_dbe_free_string(context, val);
+    krb5_db_free_principal(context, ent);
+    krb5_free_principal(context, princ);
+}
+
+krb5_error_code
+kadm5_auth_welcomer_initvt(krb5_context context, int maj_ver, int min_ver,
+                           krb5_plugin_vtable vtable)
+{
+    kadm5_auth_vtable vt = (kadm5_auth_vtable)vtable;
+
+    vt->name = "welcomer";
+    vt->addprinc = welcomer_addprinc;
+    vt->modprinc = welcomer_modprinc;
+    vt->setstr = welcomer_setstr;
+    vt->delprinc = welcomer_delprinc;
+    vt->renprinc = welcomer_renprinc;
+    vt->getprinc = welcomer_getprinc;
+    vt->addpol = welcomer_addpol;
+    vt->modpol = welcomer_modpol;
+    vt->getpol = welcomer_getpol;
+    vt->end = welcomer_end;
+    return 0;
+}
+
+krb5_error_code
+kadm5_auth_bouncer_initvt(krb5_context context, int maj_ver, int min_ver,
+                          krb5_plugin_vtable vtable)
+{
+    kadm5_auth_vtable vt = (kadm5_auth_vtable)vtable;
+
+    vt->name = "bouncer";
+    vt->addprinc = bouncer_addprinc;
+    vt->modprinc = bouncer_modprinc;
+    vt->setstr = bouncer_setstr;
+    vt->delprinc = bouncer_delprinc;
+    vt->renprinc = bouncer_renprinc;
+    vt->addpol = bouncer_addpol;
+    vt->modpol = bouncer_modpol;
+    vt->getpol = bouncer_getpol;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kadm5_hook/test/Makefile.in b/krb5-1.21.3/src/plugins/kadm5_hook/test/Makefile.in
new file mode 100644
index 00000000..593c3bca
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_hook/test/Makefile.in
@@ -0,0 +1,23 @@
+mydir=plugins$(S)kadm5_hook$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=kadm5_hook_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kadm5_hook/test
+# Depends on libk5crypto and libkrb5
+SHLIB_EXPDEPS = \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS= -lkrb5 $(COM_ERR_LIB) -lk5crypto $(SUPPORT_LIB) $(LIBS)
+
+STLIBOBJS=main.o
+
+SRCS= $(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/kadm5_hook/test/deps b/krb5-1.21.3/src/plugins/kadm5_hook/test/deps
new file mode 100644
index 00000000..91709f48
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_hook/test/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/kadm5_hook_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h main.c
diff --git a/krb5-1.21.3/src/plugins/kadm5_hook/test/kadm5_hook_test.exports b/krb5-1.21.3/src/plugins/kadm5_hook/test/kadm5_hook_test.exports
new file mode 100644
index 00000000..99d43599
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_hook/test/kadm5_hook_test.exports
@@ -0,0 +1 @@
+kadm5_hook_test_initvt
diff --git a/krb5-1.21.3/src/plugins/kadm5_hook/test/main.c b/krb5-1.21.3/src/plugins/kadm5_hook/test/main.c
new file mode 100644
index 00000000..1ac2cb08
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kadm5_hook/test/main.c
@@ -0,0 +1,109 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kadm5_hook/test/main.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/**
+ * @file plugins/kadm5_hook/test/main.c
+ *
+ * This is a test kadm5_hook plugin. If enabled, it will print when kadm5_hook
+ * calls are made.
+ */
+
+#include <krb5/krb5.h>
+#include <krb5/kadm5_hook_plugin.h>
+#include <stdio.h>
+#include <assert.h>
+
+static void
+log_call(krb5_context context,
+         const char *function,
+         int stage,
+         krb5_principal princ)
+{
+    char *unparsed = NULL;
+    krb5_error_code ret;
+    ret = krb5_unparse_name(context, princ, &unparsed);
+    assert(ret == 0);
+    printf("%s: stage %s principal %s\n",
+           function,
+           (stage == KADM5_HOOK_STAGE_PRECOMMIT) ? "precommit" : "postcommit",
+           unparsed);
+    if (unparsed)
+        krb5_free_unparsed_name(context, unparsed);
+}
+
+static kadm5_ret_t
+chpass(krb5_context context,
+       kadm5_hook_modinfo *modinfo,
+       int stage,
+       krb5_principal princ, krb5_boolean keepold,
+       int n_ks_tuple,
+       krb5_key_salt_tuple *ks_tuple,
+       const char *newpass)
+{
+    log_call(context, "chpass", stage, princ);
+    return 0;
+}
+
+
+static kadm5_ret_t
+create(krb5_context context,
+       kadm5_hook_modinfo *modinfo,
+       int stage,
+       kadm5_principal_ent_t princ, long mask,
+       int n_ks_tuple,
+       krb5_key_salt_tuple *ks_tuple,
+       const char *newpass)
+{
+    log_call(context, "create", stage, princ->principal);
+    return 0;
+}
+
+static kadm5_ret_t
+rename_hook(krb5_context context, kadm5_hook_modinfo *modinfo, int stage,
+            krb5_principal oprinc, krb5_principal nprinc)
+{
+    log_call(context, "rename", stage, oprinc);
+    return 0;
+}
+
+krb5_error_code
+kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+
+krb5_error_code
+kadm5_hook_test_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    kadm5_hook_vftable_1 *vt = (kadm5_hook_vftable_1 *) vtable;
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+
+    vt->name = "test";
+    vt->chpass = chpass;
+    vt->create = create;
+    vt->rename = rename_hook;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/Makefile.in
new file mode 100644
index 00000000..8c0d5fe9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/Makefile.in
@@ -0,0 +1,83 @@
+mydir=plugins$(S)kdb$(S)db2
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_DB_MODULE_DIR)
+
+SUBDIRS= $(SUBDIRS-@DB_VERSION@)
+SUBDIRS-sys=
+SUBDIRS-redirect=
+SUBDIRS-k5= libdb2
+
+LOCALINCLUDES = -I../../../lib/kdb -I$(srcdir)/../../../lib/kdb
+DEFINES = -DPLUGIN
+
+DB_VERSION	= @DB_VERSION@
+DB_DEPS		= $(DB_DEPS-@DB_HEADER_VERSION@)
+DB_DEPS-sys	=
+DB_DEPS-k5	= $(BUILDTOP)/include/db.h $(BUILDTOP)/include/db-config.h
+DB_DEPS-redirect = $(BUILDTOP)/include/db.h
+DB_LIB		= @DB_LIB@
+KDB5_DB_LIB	= @KDB5_DB_LIB@
+DB_DEPLIB	= $(DB_DEPLIB-@DB_VERSION@)
+DB_DEPLIB-k5	= $(TOPLIBD)/libdb$(DEPLIBEXT) $(KADMSRV_DEPLIBS)
+DB_DEPLIB-sys	=
+
+LIBBASE=db2
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kdb/db2
+# Depends on libk5crypto and libkrb5
+# Also on gssrpc, for xdr stuff.
+SHLIB_EXPDEPS = \
+	$(GSSRPC_DEPLIBS) \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS= $(GSSRPC_LIBS) -lkrb5 $(COM_ERR_LIB) -lk5crypto $(KDB5_DB_LIB) $(KADMSRV_LIBS) $(SUPPORT_LIB) $(LIBS) @DB_EXTRA_LIBS@
+
+DBDIR = libdb2
+DBOBJLISTS = $(DBOBJLISTS-@DB_VERSION@)
+DBOBJLISTS-sys =
+DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \
+	$(DBDIR)/db/OBJS.ST $(DBDIR)/mpool/OBJS.ST $(DBDIR)/recno/OBJS.ST
+DBSHOBJLISTS = $(DBOBJLISTS:.ST=.SH)
+
+SRCS= \
+	$(srcdir)/kdb_xdr.c \
+	$(srcdir)/adb_openclose.c \
+	$(srcdir)/adb_policy.c \
+	$(srcdir)/kdb_db2.c \
+	$(srcdir)/pol_xdr.c \
+	$(srcdir)/db2_exp.c \
+	$(srcdir)/lockout.c
+
+STOBJLISTS=OBJS.ST $(DBOBJLISTS)
+STLIBOBJS= \
+	kdb_xdr.o \
+	adb_openclose.o \
+	adb_policy.o \
+	kdb_db2.o \
+	pol_xdr.o \
+	db2_exp.o \
+	lockout.o
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+$(DB_DEPS) $(DBOBJLISTS-k5) $(DBSHOBJLISTS): all-recurse
+
+clean:
+	$(RM) .depend-verify-db
+
+@libnover_frag@
+@libobj_frag@
+
+.depend-verify-db: depend-verify-db-$(DB_VERSION)
+depend-verify-db-k5:
+	@if test -r .depend-verify-db; then :; \
+		else (set -x; touch .depend-verify-db); fi
+depend-verify-db-sys:
+	@echo 1>&2 error: cannot build dependencies using system db package
+	@exit 1
+
+.d: .depend-verify-db
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c b/krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c
new file mode 100644
index 00000000..9a506e9d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c
@@ -0,0 +1,355 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include        <k5-int.h>
+#include        <sys/file.h>
+#include        <fcntl.h>
+#include        <unistd.h>
+#include        "policy_db.h"
+#include        <stdlib.h>
+#include        <db.h>
+
+struct _locklist {
+    osa_adb_lock_ent lockinfo;
+    struct _locklist *next;
+};
+
+krb5_error_code
+osa_adb_create_db(char *filename, char *lockfilename, int magic)
+{
+    int lf;
+    DB *db;
+    BTREEINFO btinfo;
+
+    memset(&btinfo, 0, sizeof(btinfo));
+    btinfo.flags = 0;
+    btinfo.cachesize = 0;
+    btinfo.psize = 4096;
+    btinfo.lorder = 0;
+    btinfo.minkeypage = 0;
+    btinfo.compare = NULL;
+    btinfo.prefix = NULL;
+    db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo);
+    if (db == NULL)
+        return errno;
+    if (db->close(db) < 0)
+        return errno;
+
+    /* only create the lock file if we successfully created the db */
+    lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600);
+    if (lf == -1)
+        return errno;
+    (void) close(lf);
+
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_destroy_db(char *filename, char *lockfilename, int magic)
+{
+    /* the admin databases do not contain security-critical data */
+    if (unlink(filename) < 0 ||
+        unlink(lockfilename) < 0)
+        return errno;
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
+                int magic)
+{
+    osa_adb_db_t db;
+    static struct _locklist *locklist = NULL;
+    struct _locklist *lockp;
+    krb5_error_code code;
+
+    if (dbp == NULL || filename == NULL)
+        return EINVAL;
+
+    db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent));
+    if (db == NULL)
+        return ENOMEM;
+
+    memset(db, 0, sizeof(*db));
+    db->info.hash = NULL;
+    db->info.bsize = 256;
+    db->info.ffactor = 8;
+    db->info.nelem = 25000;
+    db->info.lorder = 0;
+
+    db->btinfo.flags = 0;
+    db->btinfo.cachesize = 0;
+    db->btinfo.psize = 4096;
+    db->btinfo.lorder = 0;
+    db->btinfo.minkeypage = 0;
+    db->btinfo.compare = NULL;
+    db->btinfo.prefix = NULL;
+    /*
+     * A process is allowed to open the same database multiple times
+     * and access it via different handles.  If the handles use
+     * distinct lockinfo structures, things get confused: lock(A),
+     * lock(B), release(B) will result in the kernel unlocking the
+     * lock file but handle A will still think the file is locked.
+     * Therefore, all handles using the same lock file must share a
+     * single lockinfo structure.
+     *
+     * It is not sufficient to have a single lockinfo structure,
+     * however, because a single process may also wish to open
+     * multiple different databases simultaneously, with different
+     * lock files.  This code used to use a single static lockinfo
+     * structure, which means that the second database opened used
+     * the first database's lock file.  This was Bad.
+     *
+     * We now maintain a linked list of lockinfo structures, keyed by
+     * lockfilename.  An entry is added when this function is called
+     * with a new lockfilename, and all subsequent calls with that
+     * lockfilename use the existing entry, updating the refcnt.
+     * When the database is closed with fini_db(), the refcnt is
+     * decremented, and when it is zero the lockinfo structure is
+     * freed and reset.  The entry in the linked list, however, is
+     * never removed; it will just be reinitialized the next time
+     * init_db is called with the right lockfilename.
+     */
+
+    /* find or create the lockinfo structure for lockfilename */
+    lockp = locklist;
+    while (lockp) {
+        if (strcmp(lockp->lockinfo.filename, lockfilename) == 0)
+            break;
+        else
+            lockp = lockp->next;
+    }
+    if (lockp == NULL) {
+        /* doesn't exist, create it, add to list */
+        lockp = (struct _locklist *) malloc(sizeof(*lockp));
+        if (lockp == NULL) {
+            free(db);
+            return ENOMEM;
+        }
+        memset(lockp, 0, sizeof(*lockp));
+        lockp->lockinfo.filename = strdup(lockfilename);
+        if (lockp->lockinfo.filename == NULL) {
+            free(lockp);
+            free(db);
+            return ENOMEM;
+        }
+        lockp->next = locklist;
+        locklist = lockp;
+    }
+
+    /* now initialize lockp->lockinfo if necessary */
+    if (lockp->lockinfo.lockfile == NULL) {
+        if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
+            free(db);
+            return((krb5_error_code) code);
+        }
+
+        /*
+         * needs be open read/write so that write locking can work with
+         * POSIX systems
+         */
+        if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
+            /*
+             * maybe someone took away write permission so we could only
+             * get shared locks?
+             */
+            if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
+                == NULL) {
+                free(db);
+                return OSA_ADB_NOLOCKFILE;
+            }
+        }
+        set_cloexec_file(lockp->lockinfo.lockfile);
+        lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
+    }
+
+    /* lockp is set, lockinfo is initialized, update the reference count */
+    db->lock = &lockp->lockinfo;
+    db->lock->refcnt++;
+
+    db->opencnt = 0;
+    db->filename = strdup(filename);
+    db->magic = magic;
+
+    *dbp = db;
+
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_fini_db(osa_adb_db_t db, int magic)
+{
+    if (db->magic != magic)
+        return EINVAL;
+    if (db->lock->refcnt == 0) {
+        /* barry says this can't happen */
+        return OSA_ADB_FAILURE;
+    } else {
+        db->lock->refcnt--;
+    }
+
+    if (db->lock->refcnt == 0) {
+        /*
+         * Don't free db->lock->filename, it is used as a key to
+         * find the lockinfo entry in the linked list.  If the
+         * lockfile doesn't exist, we must be closing the database
+         * after trashing it.  This has to be allowed, so don't
+         * generate an error.
+         */
+        if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT)
+            (void) fclose(db->lock->lockfile);
+        db->lock->lockfile = NULL;
+        krb5_free_context(db->lock->context);
+    }
+
+    db->magic = 0;
+    free(db->filename);
+    free(db);
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_get_lock(osa_adb_db_t db, int mode)
+{
+    int perm, krb5_mode, ret = 0;
+
+    if (db->lock->lockmode >= mode) {
+        /* No need to upgrade lock, just incr refcnt and return */
+        db->lock->lockcnt++;
+        return(OSA_ADB_OK);
+    }
+
+    perm = 0;
+    switch (mode) {
+    case KRB5_DB_LOCKMODE_PERMANENT:
+        perm = 1;
+    case KRB5_DB_LOCKMODE_EXCLUSIVE:
+        krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
+        break;
+    case KRB5_DB_LOCKMODE_SHARED:
+        krb5_mode = KRB5_LOCKMODE_SHARED;
+        break;
+    default:
+        return(EINVAL);
+    }
+
+    ret = krb5_lock_file(db->lock->context, fileno(db->lock->lockfile),
+                         krb5_mode);
+    if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
+        return OSA_ADB_NOEXCL_PERM;
+    else if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK)
+        return OSA_ADB_CANTLOCK_DB;
+    else if (ret != 0)
+        return ret;
+
+    /*
+     * If the file no longer exists, someone acquired a permanent
+     * lock.  If that process terminates its exclusive lock is lost,
+     * but if we already had the file open we can (probably) lock it
+     * even though it has been unlinked.  So we need to insist that
+     * it exist.
+     */
+    if (access(db->lock->filename, F_OK) < 0) {
+        (void) krb5_lock_file(db->lock->context,
+                              fileno(db->lock->lockfile),
+                              KRB5_LOCKMODE_UNLOCK);
+        return OSA_ADB_NOLOCKFILE;
+    }
+
+    /* we have the shared/exclusive lock */
+
+    if (perm) {
+        if (unlink(db->lock->filename) < 0) {
+            /* somehow we can't delete the file, but we already */
+            /* have the lock, so release it and return */
+
+            ret = errno;
+            (void) krb5_lock_file(db->lock->context,
+                                  fileno(db->lock->lockfile),
+                                  KRB5_LOCKMODE_UNLOCK);
+
+            /* maybe we should return CANTLOCK_DB.. but that would */
+            /* look just like the db was already locked */
+            return ret;
+        }
+
+        /* this releases our exclusive lock.. which is okay because */
+        /* now no one else can get one either */
+        (void) fclose(db->lock->lockfile);
+    }
+
+    db->lock->lockmode = mode;
+    db->lock->lockcnt++;
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_release_lock(osa_adb_db_t db)
+{
+    int ret, fd;
+
+    if (!db->lock->lockcnt)            /* lock already unlocked */
+        return OSA_ADB_NOTLOCKED;
+
+    if (--db->lock->lockcnt == 0) {
+        if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) {
+            /* now we need to create the file since it does not exist */
+            fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
+                                0600);
+            if (fd < 0)
+                return OSA_ADB_NOLOCKFILE;
+            set_cloexec_fd(fd);
+            if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
+                return OSA_ADB_NOLOCKFILE;
+        } else if ((ret = krb5_lock_file(db->lock->context,
+                                         fileno(db->lock->lockfile),
+                                         KRB5_LOCKMODE_UNLOCK)))
+            return ret;
+
+        db->lock->lockmode = 0;
+    }
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
+{
+    int ret;
+
+    ret = osa_adb_get_lock(db, locktype);
+    if (ret != OSA_ADB_OK)
+        return ret;
+    if (db->opencnt)
+        goto open_ok;
+
+    db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo);
+    if (db->db == NULL && IS_EFTYPE(errno))
+        db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
+    if (db->db == NULL) {
+        (void)osa_adb_release_lock(db);
+        return (errno == EINVAL) ? OSA_ADB_BAD_DB : errno;
+    }
+
+open_ok:
+    db->opencnt++;
+    return OSA_ADB_OK;
+}
+
+krb5_error_code
+osa_adb_close_and_unlock(osa_adb_princ_t db)
+{
+    if (--db->opencnt)
+        return osa_adb_release_lock(db);
+    if(db->db != NULL && db->db->close(db->db) == -1) {
+        (void) osa_adb_release_lock(db);
+        return OSA_ADB_FAILURE;
+    }
+
+    db->db = NULL;
+
+    return(osa_adb_release_lock(db));
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c b/krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c
new file mode 100644
index 00000000..221473bb
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c
@@ -0,0 +1,383 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#include "k5-int.h"
+
+#include <sys/file.h>
+#include "policy_db.h"
+
+#define OPENLOCK(db, mode)                                              \
+    {                                                                   \
+        int olret;                                                      \
+        if (db == NULL)                                                 \
+            return EINVAL;                                              \
+        else if (db->magic != OSA_ADB_POLICY_DB_MAGIC)                  \
+            return OSA_ADB_DBINIT;                                      \
+        else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
+            return olret;                                               \
+    }
+
+#define CLOSELOCK(db)                                                   \
+    {                                                                   \
+        int cl_ret;                                                     \
+        if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK)      \
+            return cl_ret;                                              \
+    }
+
+
+/*
+ * Function: osa_adb_create_policy
+ *
+ * Purpose: create a policy entry in the policy db.
+ *
+ * Arguments:
+ *      entry           (input) pointer to the entry to be added
+ *      <return value>  OSA_ADB_OK on success, else error code.
+ *
+ * Requires:
+ *      entry have a valid name.
+ *
+ * Effects:
+ *      creates the entry in the db
+ *
+ * Modifies:
+ *      the policy db.
+ *
+ */
+krb5_error_code
+osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
+{
+    DBT                 dbkey;
+    DBT                 dbdata;
+    XDR                 xdrs;
+    int                 ret;
+
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
+
+    if(entry->name == NULL) {
+        ret = EINVAL;
+        goto error;
+    }
+    dbkey.data = entry->name;
+    dbkey.size = (strlen(entry->name) + 1);
+
+    switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
+    case 0:
+        ret = OSA_ADB_DUP;
+        goto error;
+    case 1:
+        break;
+    default:
+        ret = errno;
+        goto error;
+    }
+    xdralloc_create(&xdrs, XDR_ENCODE);
+    if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
+        xdr_destroy(&xdrs);
+        ret = OSA_ADB_XDR_FAILURE;
+        goto error;
+    }
+    dbdata.data = xdralloc_getdata(&xdrs);
+    dbdata.size = xdr_getpos(&xdrs);
+    switch(db->db->put(db->db, &dbkey, &dbdata, R_NOOVERWRITE)) {
+    case 0:
+        if((db->db->sync(db->db, 0)) == -1)
+            ret = OSA_ADB_FAILURE;
+        ret = OSA_ADB_OK;
+        break;
+    case 1:
+        ret = OSA_ADB_DUP;
+        break;
+    default:
+        ret = OSA_ADB_FAILURE;
+        break;
+    }
+    xdr_destroy(&xdrs);
+
+error:
+    CLOSELOCK(db);
+    return ret;
+}
+
+/*
+ * Function: osa_adb_destroy_policy
+ *
+ * Purpose: destroy a policy entry
+ *
+ * Arguments:
+ *      db              (input) database handle
+ *      name            (input) name of policy
+ *      <return value>  OSA_ADB_OK on success, or error code.
+ *
+ * Requires:
+ *      db being valid.
+ *      name being non-null.
+ * Effects:
+ *      deletes policy from db.
+ *
+ * Modifies:
+ *      policy db.
+ *
+ */
+krb5_error_code
+osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
+{
+    DBT     dbkey;
+    int     status, ret;
+
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
+
+    if(name == NULL) {
+        ret = EINVAL;
+        goto error;
+    }
+    dbkey.data = name;
+    dbkey.size = (strlen(name) + 1);
+
+    status = db->db->del(db->db, &dbkey, 0);
+    switch(status) {
+    case 1:
+        ret = OSA_ADB_NOENT;
+        goto error;
+    case 0:
+        if ((db->db->sync(db->db, 0)) == -1) {
+            ret = OSA_ADB_FAILURE;
+            goto error;
+        }
+        ret = OSA_ADB_OK;
+        break;
+    default:
+        ret = OSA_ADB_FAILURE;
+        goto error;
+    }
+
+error:
+    CLOSELOCK(db);
+    return ret;
+}
+
+/*
+ * Function: osa_adb_get_policy
+ *
+ * Purpose: retrieve policy
+ *
+ * Arguments:
+ *      db              (input) db handle
+ *      name            (input) name of policy
+ *      entry           (output) policy entry
+ *      cnt             (inout) Number of entries
+ *      <return value>  0 on success, error code on failure.
+ *
+ * Requires:
+ * Effects:
+ * Modifies:
+ */
+krb5_error_code
+osa_adb_get_policy(osa_adb_policy_t db, char *name,
+                   osa_policy_ent_t *entry_ptr)
+{
+    DBT                 dbkey;
+    DBT                 dbdata;
+    XDR                 xdrs;
+    int                 ret;
+    char                *aligned_data = NULL;
+    osa_policy_ent_t    entry = NULL;
+
+    *entry_ptr = NULL;
+    OPENLOCK(db, KRB5_DB_LOCKMODE_SHARED);
+
+    if(name == NULL) {
+        ret = EINVAL;
+        goto error;
+    }
+    dbkey.data = name;
+    dbkey.size = (strlen(dbkey.data) + 1);
+    dbdata.data = NULL;
+    dbdata.size = 0;
+    switch((db->db->get(db->db, &dbkey, &dbdata, 0))) {
+    case 1:
+        ret = KRB5_KDB_NOENTRY;
+        goto error;
+    case 0:
+        break;
+    default:
+        ret = OSA_ADB_FAILURE;
+        goto error;
+    }
+    entry = k5alloc(sizeof(*entry), &ret);
+    if (entry == NULL)
+        goto error;
+    aligned_data = k5memdup(dbdata.data, dbdata.size, &ret);
+    if (aligned_data == NULL)
+        goto error;
+    xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
+    if (!xdr_osa_policy_ent_rec(&xdrs, entry)) {
+        ret = OSA_ADB_FAILURE;
+        goto error;
+    }
+    ret = OSA_ADB_OK;
+    xdr_destroy(&xdrs);
+    *entry_ptr = entry;
+    entry = NULL;
+
+error:
+    free(aligned_data);
+    free(entry);
+    CLOSELOCK(db);
+    return ret;
+}
+
+/*
+ * Function: osa_adb_put_policy
+ *
+ * Purpose: update a policy in the dababase
+ *
+ * Arguments:
+ *      db              (input) db handle
+ *      entry           (input) policy entry
+ *      <return value>  0 on success error code on failure.
+ *
+ * Requires:
+ *      [requires]
+ *
+ * Effects:
+ *      [effects]
+ *
+ * Modifies:
+ *      [modifies]
+ *
+ */
+krb5_error_code
+osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
+{
+    DBT                 dbkey;
+    DBT                 dbdata;
+    DBT                 tmpdb;
+    XDR                 xdrs;
+    int                 ret;
+
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
+
+    if(entry->name == NULL) {
+        ret = EINVAL;
+        goto error;
+    }
+    dbkey.data = entry->name;
+    dbkey.size = (strlen(entry->name) + 1);
+    switch(db->db->get(db->db, &dbkey, &tmpdb, 0)) {
+    case 0:
+        break;
+    case 1:
+        ret = OSA_ADB_NOENT;
+        goto error;
+    default:
+        ret = OSA_ADB_FAILURE;
+        goto error;
+    }
+    xdralloc_create(&xdrs, XDR_ENCODE);
+    if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
+        xdr_destroy(&xdrs);
+        ret = OSA_ADB_XDR_FAILURE;
+        goto error;
+    }
+    dbdata.data = xdralloc_getdata(&xdrs);
+    dbdata.size = xdr_getpos(&xdrs);
+    switch(db->db->put(db->db, &dbkey, &dbdata, 0)) {
+    case 0:
+        if((db->db->sync(db->db, 0)) == -1)
+            ret = OSA_ADB_FAILURE;
+        ret = OSA_ADB_OK;
+        break;
+    default:
+        ret = OSA_ADB_FAILURE;
+        break;
+    }
+    xdr_destroy(&xdrs);
+
+error:
+    CLOSELOCK(db);
+    return ret;
+}
+
+/*
+ * Function: osa_adb_iter_policy
+ *
+ * Purpose: iterate over the policy database.
+ *
+ * Arguments:
+ *      db              (input) db handle
+ *      func            (input) function pointer to call
+ *      data            opaque data type
+ *      <return value>  0 on success error code on failure
+ *
+ * Requires:
+ * Effects:
+ * Modifies:
+ */
+krb5_error_code
+osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
+                    void *data)
+{
+    DBT                     dbkey,
+        dbdata;
+    XDR                     xdrs;
+    int                     ret;
+    osa_policy_ent_t        entry;
+    char                    *aligned_data;
+
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); /* hmmm */
+
+    if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) {
+        ret = errno;
+        goto error;
+    }
+
+    while (ret == 0) {
+        entry = k5alloc(sizeof(osa_policy_ent_rec), &ret);
+        if (entry == NULL)
+            goto error;
+
+        aligned_data = k5memdup(dbdata.data, dbdata.size, &ret);
+        if (aligned_data == NULL) {
+            free(entry);
+            goto error;
+        }
+
+        xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
+        if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
+            xdr_destroy(&xdrs);
+            free(aligned_data);
+            osa_free_policy_ent(entry);
+            ret = OSA_ADB_FAILURE;
+            goto error;
+        }
+        (*func)(data, entry);
+        xdr_destroy(&xdrs);
+        free(aligned_data);
+        osa_free_policy_ent(entry);
+        ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
+    }
+    if(ret == -1)
+        ret = errno;
+    else ret = OSA_ADB_OK;
+
+error:
+    CLOSELOCK(db);
+    return ret;
+}
+
+void
+osa_free_policy_ent(osa_policy_ent_t val)
+{
+    XDR xdrs;
+
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+
+    xdr_osa_policy_ent_rec(&xdrs, val);
+
+    free(val);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/db2.exports b/krb5-1.21.3/src/plugins/kdb/db2/db2.exports
new file mode 100644
index 00000000..f2b7c111
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/db2.exports
@@ -0,0 +1 @@
+kdb_function_table
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/db2_exp.c b/krb5-1.21.3/src/plugins/kdb/db2/db2_exp.c
new file mode 100644
index 00000000..7cf8aa4d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/db2_exp.c
@@ -0,0 +1,235 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2006 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/**********************************************************************
+ *
+ *       C %name:                db2_exp.c %
+ *       Instance:               idc_sec_2
+ *       Description:
+ *       %created_by:    spradeep %
+ *       %date_created:  Tue Apr  5 11:44:00 2005 %
+ *
+ **********************************************************************/
+#include "k5-int.h"
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <db.h>
+#include <stdio.h>
+#include <errno.h>
+#include <utime.h>
+#include "kdb5.h"
+#include "kdb_db2.h"
+#include "kdb_xdr.h"
+#include "policy_db.h"
+
+/* Quick and dirty wrapper functions to provide for thread safety
+   within the plugin, instead of making the kdb5 library do it.  Eventually
+   these should be integrated into the real functions.
+
+   Some of the functions wrapped here are also called directly from
+   within this library (e.g., create calls open), so simply dropping
+   locking code into the top and bottom of each referenced function
+   won't do.  (We aren't doing recursive locks, currently.)  */
+
+k5_mutex_t *krb5_db2_mutex;
+
+#define WRAP(NAME,TYPE,ARGLIST,ARGNAMES)                \
+    static TYPE wrap_##NAME ARGLIST                     \
+    {                                                   \
+        TYPE result;                                    \
+        k5_mutex_lock (krb5_db2_mutex);                 \
+        result = NAME ARGNAMES;                         \
+        k5_mutex_unlock (krb5_db2_mutex);               \
+        return result;                                  \
+    }                                                   \
+    /* hack: decl to allow a following ";" */           \
+    static TYPE wrap_##NAME ()
+
+/* Two special cases: void (can't assign result), and krb5_error_code
+   (return error from locking code).  */
+
+#define WRAP_VOID(NAME,ARGLIST,ARGNAMES)                \
+    static void wrap_##NAME ARGLIST                     \
+    {                                                   \
+        k5_mutex_lock (krb5_db2_mutex);                 \
+        NAME ARGNAMES;                                  \
+        k5_mutex_unlock (krb5_db2_mutex);               \
+    }                                                   \
+    /* hack: decl to allow a following ";" */           \
+    static void wrap_##NAME ()
+
+#define WRAP_K(NAME,ARGLIST,ARGNAMES)                   \
+    WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES)
+
+WRAP_K (krb5_db2_open,
+        ( krb5_context kcontext,
+          char *conf_section,
+          char **db_args,
+          int mode ),
+        (kcontext, conf_section, db_args, mode));
+WRAP_K (krb5_db2_fini, (krb5_context ctx), (ctx));
+WRAP_K (krb5_db2_create,
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
+WRAP_K (krb5_db2_destroy,
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
+WRAP_K (krb5_db2_get_age,
+        (krb5_context ctx,
+         char *s,
+         time_t *t),
+        (ctx, s, t));
+
+WRAP_K (krb5_db2_lock,
+        ( krb5_context    context,
+          int             in_mode),
+        (context, in_mode));
+WRAP_K (krb5_db2_unlock, (krb5_context ctx), (ctx));
+
+WRAP_K (krb5_db2_get_principal,
+        (krb5_context ctx,
+         krb5_const_principal p,
+         unsigned int f,
+         krb5_db_entry **d),
+        (ctx, p, f, d));
+WRAP_K (krb5_db2_put_principal,
+        (krb5_context ctx,
+         krb5_db_entry *d,
+         char **db_args),
+        (ctx, d, db_args));
+WRAP_K (krb5_db2_delete_principal,
+        (krb5_context context,
+         krb5_const_principal searchfor),
+        (context, searchfor));
+
+WRAP_K (krb5_db2_iterate,
+        (krb5_context ctx, char *s,
+         krb5_error_code (*f) (krb5_pointer,
+                               krb5_db_entry *),
+         krb5_pointer p, krb5_flags flags),
+        (ctx, s, f, p, flags));
+
+WRAP_K (krb5_db2_create_policy,
+        (krb5_context context, osa_policy_ent_t entry),
+        (context, entry));
+WRAP_K (krb5_db2_get_policy,
+        ( krb5_context kcontext,
+          char *name,
+          osa_policy_ent_t *policy),
+        (kcontext, name, policy));
+WRAP_K (krb5_db2_put_policy,
+        ( krb5_context kcontext, osa_policy_ent_t policy ),
+        (kcontext, policy));
+WRAP_K (krb5_db2_iter_policy,
+        ( krb5_context kcontext,
+          char *match_entry,
+          osa_adb_iter_policy_func func,
+          void *data ),
+        (kcontext, match_entry, func, data));
+WRAP_K (krb5_db2_delete_policy,
+        ( krb5_context kcontext, char *policy ),
+        (kcontext, policy));
+
+WRAP_K (krb5_db2_promote_db,
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
+
+WRAP_K (krb5_db2_check_policy_as,
+        (krb5_context kcontext, krb5_kdc_req *request, krb5_db_entry *client,
+         krb5_db_entry *server, krb5_timestamp kdc_time, const char **status,
+         krb5_pa_data ***e_data),
+        (kcontext, request, client, server, kdc_time, status, e_data));
+
+WRAP_VOID (krb5_db2_audit_as_req,
+           (krb5_context kcontext, krb5_kdc_req *request,
+            const krb5_address *local_addr,
+            const krb5_address *remote_addr,
+            krb5_db_entry *client, krb5_db_entry *server,
+            krb5_timestamp authtime, krb5_error_code error_code),
+           (kcontext, request, local_addr, remote_addr, client, server,
+            authtime, error_code));
+
+static krb5_error_code
+hack_init (void)
+{
+    krb5_error_code c;
+
+    c = krb5int_mutex_alloc (&krb5_db2_mutex);
+    if (c)
+        return c;
+    return krb5_db2_lib_init ();
+}
+
+static krb5_error_code
+hack_cleanup (void)
+{
+    krb5int_mutex_free (krb5_db2_mutex);
+    krb5_db2_mutex = NULL;
+    return krb5_db2_lib_cleanup();
+}
+
+
+/*
+ *      Exposed API
+ */
+
+kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
+    KRB5_KDB_DAL_MAJOR_VERSION,             /* major version number */
+    0,                                      /* minor version number 0 */
+    /* init_library */                  hack_init,
+    /* fini_library */                  hack_cleanup,
+    /* init_module */                   wrap_krb5_db2_open,
+    /* fini_module */                   wrap_krb5_db2_fini,
+    /* create */                        wrap_krb5_db2_create,
+    /* destroy */                       wrap_krb5_db2_destroy,
+    /* get_age */                       wrap_krb5_db2_get_age,
+    /* lock */                          wrap_krb5_db2_lock,
+    /* unlock */                        wrap_krb5_db2_unlock,
+    /* get_principal */                 wrap_krb5_db2_get_principal,
+    /* put_principal */                 wrap_krb5_db2_put_principal,
+    /* delete_principal */              wrap_krb5_db2_delete_principal,
+    /* rename_principal */              NULL,
+    /* iterate */                       wrap_krb5_db2_iterate,
+    /* create_policy */                 wrap_krb5_db2_create_policy,
+    /* get_policy */                    wrap_krb5_db2_get_policy,
+    /* put_policy */                    wrap_krb5_db2_put_policy,
+    /* iter_policy */                   wrap_krb5_db2_iter_policy,
+    /* delete_policy */                 wrap_krb5_db2_delete_policy,
+    /* fetch_master_key */              NULL,
+    /* fetch_master_key_list */         NULL,
+    /* store_master_key_list */         NULL,
+    /* dbe_search_enctype */            NULL,
+    /* change_pwd */                    NULL,
+    /* promote_db */                    wrap_krb5_db2_promote_db,
+    /* decrypt_key_data */              NULL,
+    /* encrypt_key_data */              NULL,
+    /* check_transited_realms */        NULL,
+    /* check_policy_as */               wrap_krb5_db2_check_policy_as,
+    /* check_policy_tgs */              NULL,
+    /* audit_as_req */                  wrap_krb5_db2_audit_as_req,
+};
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/deps b/krb5-1.21.3/src/plugins/kdb/db2/deps
new file mode 100644
index 00000000..f12eba8a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/deps
@@ -0,0 +1,105 @@
+#
+# Generated makefile dependencies follow.
+#
+kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb_xdr.c kdb_xdr.h
+adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/kdb/adb_err.h \
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  adb_openclose.c policy_db.h
+adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/kdb/adb_err.h \
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  adb_policy.c policy_db.h
+kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
+  $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb_db2.c kdb_db2.h kdb_xdr.h policy_db.h
+pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/plugin.h pol_xdr.c policy_db.h
+db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
+  $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  db2_exp.c kdb_db2.h kdb_xdr.h policy_db.h
+lockout.so lockout.po $(OUTPRE)lockout.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
+  $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb_db2.h lockout.c policy_db.h
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c b/krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c
new file mode 100644
index 00000000..2c163d91
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c
@@ -0,0 +1,1560 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/db2/kdb_db2.c */
+/*
+ * Copyright 1997,2006,2007-2009 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <db.h>
+#include <stdio.h>
+#include <errno.h>
+#include <utime.h>
+#include "kdb5.h"
+#include "kdb_db2.h"
+#include "kdb_xdr.h"
+#include "policy_db.h"
+
+#define KDB_DB2_DATABASE_NAME "database_name"
+
+#define SUFFIX_DB ""
+#define SUFFIX_LOCK ".ok"
+#define SUFFIX_POLICY ".kadm5"
+#define SUFFIX_POLICY_LOCK ".kadm5.lock"
+
+/*
+ * Locking:
+ *
+ * There are two distinct locking protocols used.  One is designed to
+ * lock against processes (the admin_server, for one) which make
+ * incremental changes to the database; the other is designed to lock
+ * against utilities (kdb5_edit, kpropd, kdb5_convert) which replace the
+ * entire database in one fell swoop.
+ *
+ * The first locking protocol is implemented using flock() in the
+ * krb_dbl_lock() and krb_dbl_unlock routines.
+ *
+ * The second locking protocol is necessary because DBM "files" are
+ * actually implemented as two separate files, and it is impossible to
+ * atomically rename two files simultaneously.  It assumes that the
+ * database is replaced only very infrequently in comparison to the time
+ * needed to do a database read operation.
+ *
+ * A third file is used as a "version" semaphore; the modification
+ * time of this file is the "version number" of the database.
+ * At the start of a read operation, the reader checks the version
+ * number; at the end of the read operation, it checks again.  If the
+ * version number changed, or if the semaphore was nonexistent at
+ * either time, the reader sleeps for a second to let things
+ * stabilize, and then tries again; if it does not succeed after
+ * KRB5_DBM_MAX_RETRY attempts, it gives up.
+ *
+ * On update, the semaphore file is deleted (if it exists) before any
+ * update takes place; at the end of the update, it is replaced, with
+ * a version number strictly greater than the version number which
+ * existed at the start of the update.
+ *
+ * If the system crashes in the middle of an update, the semaphore
+ * file is not automatically created on reboot; this is a feature, not
+ * a bug, since the database may be inconsistent.  Note that the
+ * absence of a semaphore file does not prevent another _update_ from
+ * taking place later.  Database replacements take place automatically
+ * only on replica servers; a crash in the middle of an update will be
+ * fixed by the next propagation.  A crash in the middle of an on the
+ * master would be somewhat more serious, but this would likely be
+ * noticed by an administrator, who could fix the problem and retry
+ * the operation.
+ */
+
+/* Evaluate to true if the krb5_context c contains an initialized db2
+ * context. */
+#define inited(c) ((c)->dal_handle->db_context &&                       \
+                   ((krb5_db2_context *)(c)->dal_handle->db_context)->  \
+                   db_inited)
+
+static krb5_error_code
+get_db_opt(char *input, char **opt, char **val)
+{
+    char   *pos = strchr(input, '=');
+    if (pos == NULL) {
+        *opt = NULL;
+        *val = strdup(input);
+        if (*val == NULL) {
+            return ENOMEM;
+        }
+    } else {
+        *opt = malloc((pos - input) + 1);
+        *val = strdup(pos + 1);
+        if (!*opt || !*val) {
+            free(*opt);
+            *opt = NULL;
+            free(*val);
+            *val = NULL;
+            return ENOMEM;
+        }
+        memcpy(*opt, input, pos - input);
+        (*opt)[pos - input] = '\0';
+    }
+    return (0);
+
+}
+
+/* Restore dbctx to the uninitialized state. */
+static void
+ctx_clear(krb5_db2_context *dbc)
+{
+    /*
+     * Free any dynamically allocated memory.  File descriptors and locks
+     * are the caller's problem.
+     */
+    free(dbc->db_lf_name);
+    free(dbc->db_name);
+    /*
+     * Clear the structure and reset the defaults.
+     */
+    memset(dbc, 0, sizeof(krb5_db2_context));
+    dbc->db = NULL;
+    dbc->db_lf_name = NULL;
+    dbc->db_lf_file = -1;
+    dbc->db_name = NULL;
+    dbc->db_nb_locks = FALSE;
+    dbc->tempdb = FALSE;
+}
+
+/* Set *dbc_out to the db2 database context for context.  If one does not
+ * exist, create one in the uninitialized state. */
+static krb5_error_code
+ctx_get(krb5_context context, krb5_db2_context **dbc_out)
+{
+    krb5_db2_context *dbc;
+    kdb5_dal_handle *dal_handle;
+
+    dal_handle = context->dal_handle;
+
+    if (dal_handle->db_context == NULL) {
+        dbc = (krb5_db2_context *) malloc(sizeof(krb5_db2_context));
+        if (dbc == NULL)
+            return ENOMEM;
+        else {
+            memset(dbc, 0, sizeof(krb5_db2_context));
+            ctx_clear(dbc);
+            dal_handle->db_context = dbc;
+        }
+    }
+    *dbc_out = dal_handle->db_context;
+    return 0;
+}
+
+/* Using db_args and the profile, initialize the configurable parameters of the
+ * DB context inside context. */
+static krb5_error_code
+configure_context(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code status;
+    krb5_db2_context *dbc;
+    char **t_ptr, *opt = NULL, *val = NULL, *pval = NULL;
+    profile_t profile = KRB5_DB_GET_PROFILE(context);
+    int bval;
+
+    status = ctx_get(context, &dbc);
+    if (status != 0)
+        return status;
+
+    /* Allow unlockiter to be overridden by command line db_args. */
+    status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
+                                 KRB5_CONF_UNLOCKITER, FALSE, &bval);
+    if (status != 0)
+        goto cleanup;
+    dbc->unlockiter = bval;
+
+    for (t_ptr = db_args; t_ptr && *t_ptr; t_ptr++) {
+        free(opt);
+        free(val);
+        status = get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            dbc->db_name = strdup(val);
+            if (dbc->db_name == NULL) {
+                status = ENOMEM;
+                goto cleanup;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary")) {
+            dbc->tempdb = 1;
+        } else if (!opt && !strcmp(val, "merge_nra")) {
+            ;
+        } else if (opt && !strcmp(opt, "hash")) {
+            dbc->hashfirst = TRUE;
+        } else if (!opt && !strcmp(val, "unlockiter")) {
+            dbc->unlockiter = TRUE;
+        } else if (!opt && !strcmp(val, "lockiter")) {
+            dbc->unlockiter = FALSE;
+        } else {
+            status = EINVAL;
+            k5_setmsg(context, status,
+                      _("Unsupported argument \"%s\" for db2"),
+                      opt ? opt : val);
+            goto cleanup;
+        }
+    }
+
+    if (dbc->db_name == NULL) {
+        /* Check for database_name in the db_module section. */
+        status = profile_get_string(profile, KDB_MODULE_SECTION, conf_section,
+                                    KDB_DB2_DATABASE_NAME, NULL, &pval);
+        if (status == 0 && pval == NULL) {
+            /* For compatibility, check for database_name in the realm. */
+            status = profile_get_string(profile, KDB_REALM_SECTION,
+                                        KRB5_DB_GET_REALM(context),
+                                        KDB_DB2_DATABASE_NAME,
+                                        DEFAULT_KDB_FILE, &pval);
+        }
+        if (status != 0)
+            goto cleanup;
+        dbc->db_name = strdup(pval);
+    }
+
+    status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
+                                 KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval);
+    if (status != 0)
+        goto cleanup;
+    dbc->disable_last_success = bval;
+
+    status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
+                                 KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval);
+    if (status != 0)
+        goto cleanup;
+    dbc->disable_lockout = bval;
+
+cleanup:
+    free(opt);
+    free(val);
+    profile_release_string(pval);
+    return status;
+}
+
+/*
+ * Set *out to one of the filenames used for the DB described by dbc.  sfx
+ * should be one of SUFFIX_DB, SUFFIX_LOCK, SUFFIX_POLICY, or
+ * SUFFIX_POLICY_LOCK.
+ */
+static krb5_error_code
+ctx_dbsuffix(krb5_db2_context *dbc, const char *sfx, char **out)
+{
+    char *result;
+    const char *tilde;
+
+    *out = NULL;
+    tilde = dbc->tempdb ? "~" : "";
+    if (asprintf(&result, "%s%s%s", dbc->db_name, tilde, sfx) < 0)
+        return ENOMEM;
+    *out = result;
+    return 0;
+}
+
+/* Generate all four files corresponding to dbc. */
+static krb5_error_code
+ctx_allfiles(krb5_db2_context *dbc, char **dbname_out, char **lockname_out,
+             char **polname_out, char **plockname_out)
+{
+    char *a = NULL, *b = NULL, *c = NULL, *d = NULL;
+
+    *dbname_out = *lockname_out = *polname_out = *plockname_out = NULL;
+    if (ctx_dbsuffix(dbc, SUFFIX_DB, &a))
+        goto error;
+    if (ctx_dbsuffix(dbc, SUFFIX_LOCK, &b))
+        goto error;
+    if (ctx_dbsuffix(dbc, SUFFIX_POLICY, &c))
+        goto error;
+    if (ctx_dbsuffix(dbc, SUFFIX_POLICY_LOCK, &d))
+        goto error;
+    *dbname_out = a;
+    *lockname_out = b;
+    *polname_out = c;
+    *plockname_out = d;
+    return 0;
+error:
+    free(a);
+    free(b);
+    free(c);
+    free(d);
+    return ENOMEM;
+}
+
+/*
+ * Open the DB2 database described by dbc, using the specified flags and mode,
+ * and return the resulting handle.  Try both hash and btree database types;
+ * dbc->hashfirst determines which is attempted first.  If dbc->hashfirst
+ * indicated the wrong type, update it to indicate the correct type.
+ */
+static krb5_error_code
+open_db(krb5_context context, krb5_db2_context *dbc, int flags, int mode,
+        DB **db_out)
+{
+    char *fname = NULL;
+    DB *db;
+    BTREEINFO bti;
+    HASHINFO hashi;
+    bti.flags = 0;
+    bti.cachesize = 0;
+    bti.psize = 4096;
+    bti.lorder = 0;
+    bti.minkeypage = 0;
+    bti.compare = NULL;
+    bti.prefix = NULL;
+
+    *db_out = NULL;
+
+    if (ctx_dbsuffix(dbc, SUFFIX_DB, &fname) != 0)
+        return ENOMEM;
+
+    hashi.bsize = 4096;
+    hashi.cachesize = 0;
+    hashi.ffactor = 40;
+    hashi.hash = NULL;
+    hashi.lorder = 0;
+    hashi.nelem = 1;
+
+    /* Try our best guess at the database type. */
+    db = dbopen(fname, flags, mode,
+                dbc->hashfirst ? DB_HASH : DB_BTREE,
+                dbc->hashfirst ? (void *) &hashi : (void *) &bti);
+
+    if (db == NULL && IS_EFTYPE(errno)) {
+        db = dbopen(fname, flags, mode,
+                    dbc->hashfirst ? DB_BTREE : DB_HASH,
+                    dbc->hashfirst ? (void *) &bti : (void *) &hashi);
+        /* If that worked, update our guess for next time. */
+        if (db != NULL)
+            dbc->hashfirst = !dbc->hashfirst;
+    }
+
+    /* Don't try unlocked iteration with a hash database. */
+    if (db != NULL && dbc->hashfirst)
+        dbc->unlockiter = FALSE;
+
+    if (db == NULL) {
+        k5_prependmsg(context, errno, _("Cannot open DB2 database '%s'"),
+                      fname);
+    }
+
+    *db_out = db;
+    free(fname);
+    return (db == NULL) ? errno : 0;
+}
+
+static krb5_error_code
+ctx_unlock(krb5_context context, krb5_db2_context *dbc)
+{
+    krb5_error_code retval, retval2;
+    DB *db;
+
+    retval = osa_adb_release_lock(dbc->policy_db);
+
+    if (!dbc->db_locks_held) /* lock already unlocked */
+        return KRB5_KDB_NOTLOCKED;
+
+    db = dbc->db;
+    if (--(dbc->db_locks_held) == 0) {
+        db->close(db);
+        dbc->db = NULL;
+        dbc->db_lock_mode = 0;
+
+        retval2 = krb5_lock_file(context, dbc->db_lf_file,
+                                KRB5_LOCKMODE_UNLOCK);
+        if (retval2)
+            return retval2;
+    }
+
+    /* We may be unlocking because osa_adb_get_lock() failed. */
+    if (retval == OSA_ADB_NOTLOCKED)
+        return 0;
+    return retval;
+}
+
+static krb5_error_code
+ctx_lock(krb5_context context, krb5_db2_context *dbc, int lockmode)
+{
+    krb5_error_code retval;
+    int kmode;
+
+    if (lockmode == KRB5_DB_LOCKMODE_PERMANENT ||
+        lockmode == KRB5_DB_LOCKMODE_EXCLUSIVE)
+        kmode = KRB5_LOCKMODE_EXCLUSIVE;
+    else if (lockmode == KRB5_DB_LOCKMODE_SHARED)
+        kmode = KRB5_LOCKMODE_SHARED;
+    else
+        return EINVAL;
+
+    if (dbc->db_locks_held == 0 || dbc->db_lock_mode < kmode) {
+        /* Acquire or upgrade the lock. */
+        retval = krb5_lock_file(context, dbc->db_lf_file, kmode);
+        /* Check if we tried to lock something not open for write. */
+        if (retval == EBADF && kmode == KRB5_LOCKMODE_EXCLUSIVE)
+            return KRB5_KDB_CANTLOCK_DB;
+        else if (retval == EACCES || retval == EAGAIN || retval == EWOULDBLOCK)
+            return KRB5_KDB_CANTLOCK_DB;
+        else if (retval)
+            return retval;
+
+        /* Open the DB (or re-open it for read/write). */
+        if (dbc->db != NULL)
+            dbc->db->close(dbc->db);
+        retval = open_db(context, dbc,
+                         kmode == KRB5_LOCKMODE_SHARED ? O_RDONLY : O_RDWR,
+                         0600, &dbc->db);
+        if (retval) {
+            dbc->db_locks_held = 0;
+            dbc->db_lock_mode = 0;
+            (void) osa_adb_release_lock(dbc->policy_db);
+            (void) krb5_lock_file(context, dbc->db_lf_file,
+                                  KRB5_LOCKMODE_UNLOCK);
+            return retval;
+        }
+
+        dbc->db_lock_mode = kmode;
+    }
+    dbc->db_locks_held++;
+
+    /* Acquire or upgrade the policy lock. */
+    retval = osa_adb_get_lock(dbc->policy_db, lockmode);
+    if (retval) {
+        (void) ctx_unlock(context, dbc);
+        if (retval == OSA_ADB_NOEXCL_PERM || retval == OSA_ADB_CANTLOCK_DB ||
+            retval == OSA_ADB_NOLOCKFILE)
+            retval = KRB5_KDB_CANTLOCK_DB;
+    }
+    return retval;
+}
+
+/* Initialize the lock file and policy database fields of dbc.  The db_name and
+ * tempdb fields must already be set. */
+static krb5_error_code
+ctx_init(krb5_db2_context *dbc)
+{
+    krb5_error_code retval;
+    char *polname = NULL, *plockname = NULL;
+
+    retval = ctx_dbsuffix(dbc, SUFFIX_LOCK, &dbc->db_lf_name);
+    if (retval)
+        return retval;
+
+    /*
+     * should be opened read/write so that write locking can work with
+     * POSIX systems
+     */
+    if ((dbc->db_lf_file = open(dbc->db_lf_name, O_RDWR, 0666)) < 0) {
+        if ((dbc->db_lf_file = open(dbc->db_lf_name, O_RDONLY, 0666)) < 0) {
+            retval = errno;
+            goto cleanup;
+        }
+    }
+    set_cloexec_fd(dbc->db_lf_file);
+    dbc->db_inited++;
+
+    retval = ctx_dbsuffix(dbc, SUFFIX_POLICY, &polname);
+    if (retval)
+        goto cleanup;
+    retval = ctx_dbsuffix(dbc, SUFFIX_POLICY_LOCK, &plockname);
+    if (retval)
+        goto cleanup;
+    retval = osa_adb_init_db(&dbc->policy_db, polname, plockname,
+                             OSA_ADB_POLICY_DB_MAGIC);
+
+cleanup:
+    free(polname);
+    free(plockname);
+    if (retval)
+        ctx_clear(dbc);
+    return retval;
+}
+
+static void
+ctx_fini(krb5_db2_context *dbc)
+{
+    if (dbc->db_lf_file != -1)
+        (void) close(dbc->db_lf_file);
+    if (dbc->policy_db)
+        (void) osa_adb_fini_db(dbc->policy_db, OSA_ADB_POLICY_DB_MAGIC);
+    ctx_clear(dbc);
+    free(dbc);
+}
+
+krb5_error_code
+krb5_db2_fini(krb5_context context)
+{
+    if (context->dal_handle->db_context != NULL) {
+        ctx_fini(context->dal_handle->db_context);
+        context->dal_handle->db_context = NULL;
+    }
+    return 0;
+}
+
+/* Return successfully if the db2 name set in context can be opened. */
+static krb5_error_code
+check_openable(krb5_context context)
+{
+    krb5_error_code retval;
+    DB     *db;
+    krb5_db2_context *dbc;
+
+    dbc = context->dal_handle->db_context;
+    retval = open_db(context, dbc, O_RDONLY, 0, &db);
+    if (retval)
+        return retval;
+    db->close(db);
+    return 0;
+}
+
+/*
+ * Return the last modification time of the database.
+ *
+ * Think about using fstat.
+ */
+
+krb5_error_code
+krb5_db2_get_age(krb5_context context, char *db_name, time_t *age)
+{
+    krb5_db2_context *dbc;
+    struct stat st;
+
+    if (!inited(context))
+        return (KRB5_KDB_DBNOTINITED);
+    dbc = context->dal_handle->db_context;
+
+    if (fstat(dbc->db_lf_file, &st) < 0)
+        *age = -1;
+    else
+        *age = st.st_mtime;
+    return 0;
+}
+
+/* Try to update the timestamp on dbc's lockfile. */
+static void
+ctx_update_age(krb5_db2_context *dbc)
+{
+    struct stat st;
+    time_t now;
+    struct utimbuf utbuf;
+
+    now = time((time_t *) NULL);
+    if (fstat(dbc->db_lf_file, &st) != 0)
+        return;
+    if (st.st_mtime >= now) {
+        utbuf.actime = st.st_mtime + 1;
+        utbuf.modtime = st.st_mtime + 1;
+        (void) utime(dbc->db_lf_name, &utbuf);
+    } else
+        (void) utime(dbc->db_lf_name, (struct utimbuf *) NULL);
+}
+
+krb5_error_code
+krb5_db2_lock(krb5_context context, int lockmode)
+{
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+    return ctx_lock(context, context->dal_handle->db_context, lockmode);
+}
+
+krb5_error_code
+krb5_db2_unlock(krb5_context context)
+{
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+    return ctx_unlock(context, context->dal_handle->db_context);
+}
+
+/* Zero out and unlink filename. */
+static krb5_error_code
+destroy_file(char *filename)
+{
+    struct stat statb;
+    int dowrite, j, nb, fd, retval;
+    off_t pos;
+    char buf[BUFSIZ], zbuf[BUFSIZ];
+
+    fd = open(filename, O_RDWR, 0);
+    if (fd < 0)
+        return errno;
+    set_cloexec_fd(fd);
+    /* fstat() will probably not fail unless using a remote filesystem
+     * (which is inappropriate for the kerberos database) so this check
+     * is mostly paranoia.  */
+    if (fstat(fd, &statb) == -1)
+        goto error;
+    /*
+     * Stroll through the file, reading in BUFSIZ chunks.  If everything
+     * is zero, then we're done for that block, otherwise, zero the block.
+     * We would like to just blast through everything, but some DB
+     * implementations make holey files and writing data to the holes
+     * causes actual blocks to be allocated which is no good, since
+     * we're just about to unlink it anyways.
+     */
+    memset(zbuf, 0, BUFSIZ);
+    pos = 0;
+    while (pos < statb.st_size) {
+        dowrite = 0;
+        nb = read(fd, buf, BUFSIZ);
+        if (nb < 0)
+            goto error;
+        for (j = 0; j < nb; j++) {
+            if (buf[j] != '\0') {
+                dowrite = 1;
+                break;
+            }
+        }
+        /* For signedness */
+        j = nb;
+        if (dowrite) {
+            lseek(fd, pos, SEEK_SET);
+            nb = write(fd, zbuf, j);
+            if (nb < 0)
+                goto error;
+        }
+        pos += nb;
+    }
+    /* ??? Is fsync really needed?  I don't know of any non-networked
+     * filesystem which will discard queued writes to disk if a file
+     * is deleted after it is closed.  --jfc */
+#ifndef NOFSYNC
+    fsync(fd);
+#endif
+    close(fd);
+
+    if (unlink(filename))
+        return errno;
+    return 0;
+
+error:
+    retval = errno;
+    close(fd);
+    return retval;
+}
+
+/* Initialize dbc by locking and creating the DB.  If the DB already exists,
+ * clear it out if dbc->tempdb is set; otherwise return EEXIST. */
+static krb5_error_code
+ctx_create_db(krb5_context context, krb5_db2_context *dbc)
+{
+    krb5_error_code retval = 0;
+    char *dbname = NULL, *polname = NULL, *plockname = NULL;
+
+    retval = ctx_allfiles(dbc, &dbname, &dbc->db_lf_name, &polname,
+                          &plockname);
+    if (retval)
+        return retval;
+
+    dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
+                           0600);
+    if (dbc->db_lf_file < 0) {
+        retval = errno;
+        goto cleanup;
+    }
+    retval = krb5_lock_file(context, dbc->db_lf_file, KRB5_LOCKMODE_EXCLUSIVE);
+    if (retval != 0)
+        goto cleanup;
+    set_cloexec_fd(dbc->db_lf_file);
+    dbc->db_lock_mode = KRB5_LOCKMODE_EXCLUSIVE;
+    dbc->db_locks_held = 1;
+
+    if (dbc->tempdb) {
+        /* Temporary DBs are locked for their whole lifetime.  Since we have
+         * the lock, any remnant files can be safely destroyed. */
+        (void) destroy_file(dbname);
+        (void) unlink(polname);
+        (void) unlink(plockname);
+    }
+
+    retval = open_db(context, dbc, O_RDWR | O_CREAT | O_EXCL, 0600, &dbc->db);
+    if (retval)
+        goto cleanup;
+
+    /* Create the policy database, initialize a handle to it, and lock it. */
+    retval = osa_adb_create_db(polname, plockname, OSA_ADB_POLICY_DB_MAGIC);
+    if (retval)
+        goto cleanup;
+    retval = osa_adb_init_db(&dbc->policy_db, polname, plockname,
+                             OSA_ADB_POLICY_DB_MAGIC);
+    if (retval)
+        goto cleanup;
+    retval = osa_adb_get_lock(dbc->policy_db, KRB5_DB_LOCKMODE_EXCLUSIVE);
+    if (retval)
+        goto cleanup;
+
+    dbc->db_inited = 1;
+
+cleanup:
+    if (retval) {
+        if (dbc->db != NULL)
+            dbc->db->close(dbc->db);
+        if (dbc->db_locks_held > 0) {
+            (void) krb5_lock_file(context, dbc->db_lf_file,
+                                  KRB5_LOCKMODE_UNLOCK);
+        }
+        if (dbc->db_lf_file >= 0)
+            close(dbc->db_lf_file);
+        ctx_clear(dbc);
+    }
+    free(dbname);
+    free(polname);
+    free(plockname);
+    return retval;
+}
+
+krb5_error_code
+krb5_db2_get_principal(krb5_context context, krb5_const_principal searchfor,
+                       unsigned int flags, krb5_db_entry **entry)
+{
+    krb5_db2_context *dbc;
+    krb5_error_code retval;
+    DB     *db;
+    DBT     key, contents;
+    krb5_data keydata, contdata;
+    int     dbret;
+
+    *entry = NULL;
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+
+    dbc = context->dal_handle->db_context;
+
+    retval = ctx_lock(context, dbc, KRB5_LOCKMODE_SHARED);
+    if (retval)
+        return retval;
+
+    /* XXX deal with wildcard lookups */
+    retval = krb5_encode_princ_dbkey(context, &keydata, searchfor);
+    if (retval)
+        goto cleanup;
+    key.data = keydata.data;
+    key.size = keydata.length;
+
+    db = dbc->db;
+    dbret = (*db->get)(db, &key, &contents, 0);
+    retval = errno;
+    krb5_free_data_contents(context, &keydata);
+    switch (dbret) {
+    case 1:
+        retval = KRB5_KDB_NOENTRY;
+        /* Fall through. */
+    case -1:
+    default:
+        goto cleanup;
+    case 0:
+        contdata.data = contents.data;
+        contdata.length = contents.size;
+        retval = krb5_decode_princ_entry(context, &contdata, entry);
+        break;
+    }
+
+cleanup:
+    (void) krb5_db2_unlock(context); /* unlock read lock */
+    return retval;
+}
+
+krb5_error_code
+krb5_db2_put_principal(krb5_context context, krb5_db_entry *entry,
+                       char **db_args)
+{
+    int     dbret;
+    DB     *db;
+    DBT     key, contents;
+    krb5_data contdata, keydata;
+    krb5_error_code retval;
+    krb5_db2_context *dbc;
+
+    krb5_clear_error_message (context);
+    if (db_args) {
+        /* DB2 does not support db_args DB arguments for principal */
+        k5_setmsg(context, EINVAL, _("Unsupported argument \"%s\" for db2"),
+                  db_args[0]);
+        return EINVAL;
+    }
+
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+
+    dbc = context->dal_handle->db_context;
+    if ((retval = ctx_lock(context, dbc, KRB5_LOCKMODE_EXCLUSIVE)))
+        return retval;
+
+    db = dbc->db;
+
+    retval = krb5_encode_princ_entry(context, &contdata, entry);
+    if (retval)
+        goto cleanup;
+    contents.data = contdata.data;
+    contents.size = contdata.length;
+    retval = krb5_encode_princ_dbkey(context, &keydata, entry->princ);
+    if (retval) {
+        krb5_free_data_contents(context, &contdata);
+        goto cleanup;
+    }
+
+    key.data = keydata.data;
+    key.size = keydata.length;
+    dbret = (*db->put)(db, &key, &contents, 0);
+    retval = dbret ? errno : 0;
+    krb5_free_data_contents(context, &keydata);
+    krb5_free_data_contents(context, &contdata);
+
+cleanup:
+    ctx_update_age(dbc);
+    (void) krb5_db2_unlock(context); /* unlock database */
+    return (retval);
+}
+
+krb5_error_code
+krb5_db2_delete_principal(krb5_context context, krb5_const_principal searchfor)
+{
+    krb5_error_code retval;
+    krb5_db_entry *entry;
+    krb5_db2_context *dbc;
+    DB     *db;
+    DBT     key, contents;
+    krb5_data keydata, contdata;
+    int     i, dbret;
+
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+
+    dbc = context->dal_handle->db_context;
+    if ((retval = ctx_lock(context, dbc, KRB5_LOCKMODE_EXCLUSIVE)))
+        return (retval);
+
+    if ((retval = krb5_encode_princ_dbkey(context, &keydata, searchfor)))
+        goto cleanup;
+    key.data = keydata.data;
+    key.size = keydata.length;
+
+    db = dbc->db;
+    dbret = (*db->get) (db, &key, &contents, 0);
+    retval = errno;
+    switch (dbret) {
+    case 1:
+        retval = KRB5_KDB_NOENTRY;
+        /* Fall through. */
+    case -1:
+    default:
+        goto cleankey;
+    case 0:
+        ;
+    }
+    contdata.data = contents.data;
+    contdata.length = contents.size;
+    retval = krb5_decode_princ_entry(context, &contdata, &entry);
+    if (retval)
+        goto cleankey;
+
+    /* Clear encrypted key contents */
+    for (i = 0; i < entry->n_key_data; i++) {
+        if (entry->key_data[i].key_data_length[0]) {
+            memset(entry->key_data[i].key_data_contents[0], 0,
+                   (unsigned) entry->key_data[i].key_data_length[0]);
+        }
+    }
+
+    retval = krb5_encode_princ_entry(context, &contdata, entry);
+    krb5_db_free_principal(context, entry);
+    if (retval)
+        goto cleankey;
+
+    contents.data = contdata.data;
+    contents.size = contdata.length;
+    dbret = (*db->put) (db, &key, &contents, 0);
+    retval = dbret ? errno : 0;
+    krb5_free_data_contents(context, &contdata);
+    if (retval)
+        goto cleankey;
+    dbret = (*db->del) (db, &key, 0);
+    retval = dbret ? errno : 0;
+cleankey:
+    krb5_free_data_contents(context, &keydata);
+
+cleanup:
+    ctx_update_age(dbc);
+    (void) krb5_db2_unlock(context); /* unlock write lock */
+    return retval;
+}
+
+typedef krb5_error_code (*ctx_iterate_cb)(krb5_pointer, krb5_db_entry *);
+
+/* Cursor structure for ctx_iterate() */
+typedef struct iter_curs {
+    DBT key;
+    DBT data;
+    DBT keycopy;
+    unsigned int startflag;
+    unsigned int stepflag;
+    krb5_context ctx;
+    krb5_db2_context *dbc;
+    int lockmode;
+    krb5_boolean islocked;
+} iter_curs;
+
+/* Lock DB handle of curs, updating curs->islocked. */
+static krb5_error_code
+curs_lock(iter_curs *curs)
+{
+    krb5_error_code retval;
+
+    retval = ctx_lock(curs->ctx, curs->dbc, curs->lockmode);
+    if (retval)
+        return retval;
+    curs->islocked = TRUE;
+    return 0;
+}
+
+/* Unlock DB handle of curs, updating curs->islocked. */
+static void
+curs_unlock(iter_curs *curs)
+{
+    ctx_unlock(curs->ctx, curs->dbc);
+    curs->islocked = FALSE;
+}
+
+/* Set up curs and lock DB. */
+static krb5_error_code
+curs_init(iter_curs *curs, krb5_context ctx, krb5_db2_context *dbc,
+          krb5_flags iterflags)
+{
+    int isrecurse = iterflags & KRB5_DB_ITER_RECURSE;
+    unsigned int prevflag = R_PREV;
+    unsigned int nextflag = R_NEXT;
+
+    curs->keycopy.size = 0;
+    curs->keycopy.data = NULL;
+    curs->islocked = FALSE;
+    curs->ctx = ctx;
+    curs->dbc = dbc;
+
+    if (iterflags & KRB5_DB_ITER_WRITE)
+        curs->lockmode = KRB5_LOCKMODE_EXCLUSIVE;
+    else
+        curs->lockmode = KRB5_LOCKMODE_SHARED;
+
+    if (isrecurse) {
+#ifdef R_RNEXT
+        if (dbc->hashfirst) {
+            k5_setmsg(ctx, EINVAL, _("Recursive iteration is not supported "
+                                     "for hash databases"));
+            return EINVAL;
+        }
+        prevflag = R_RPREV;
+        nextflag = R_RNEXT;
+#else
+        k5_setmsg(ctx, EINVAL, _("Recursive iteration not supported "
+                                 "in this version of libdb"));
+        return EINVAL;
+#endif
+    }
+    if (iterflags & KRB5_DB_ITER_REV) {
+        curs->startflag = R_LAST;
+        curs->stepflag = prevflag;
+    } else {
+        curs->startflag = R_FIRST;
+        curs->stepflag = nextflag;
+    }
+    return curs_lock(curs);
+}
+
+/* Get initial entry. */
+static int
+curs_start(iter_curs *curs)
+{
+    DB *db = curs->dbc->db;
+
+    return db->seq(db, &curs->key, &curs->data, curs->startflag);
+}
+
+/* Save iteration state so DB can be unlocked/closed. */
+static krb5_error_code
+curs_save(iter_curs *curs)
+{
+    if (!curs->dbc->unlockiter)
+        return 0;
+
+    curs->keycopy.data = malloc(curs->key.size);
+    if (curs->keycopy.data == NULL)
+        return ENOMEM;
+
+    curs->keycopy.size = curs->key.size;
+    memcpy(curs->keycopy.data, curs->key.data, curs->key.size);
+    return 0;
+}
+
+/* Free allocated cursor resources */
+static void
+curs_free(iter_curs *curs)
+{
+    free(curs->keycopy.data);
+    curs->keycopy.size = 0;
+    curs->keycopy.data = NULL;
+}
+
+/* Move one step of iteration (forwards or backwards as requested).  Free
+ * curs->keycopy as a side effect, if needed. */
+static int
+curs_step(iter_curs *curs)
+{
+    int dbret;
+    krb5_db2_context *dbc = curs->dbc;
+
+    if (dbc->unlockiter) {
+        /* Reacquire libdb cursor using saved copy of key. */
+        curs->key = curs->keycopy;
+        dbret = dbc->db->seq(dbc->db, &curs->key, &curs->data, R_CURSOR);
+        curs_free(curs);
+        if (dbret)
+            return dbret;
+    }
+    return dbc->db->seq(dbc->db, &curs->key, &curs->data, curs->stepflag);
+}
+
+/* Run one invocation of the callback, unlocking the mutex and possibly the DB
+ * around the invocation. */
+static krb5_error_code
+curs_run_cb(iter_curs *curs, ctx_iterate_cb func, krb5_pointer func_arg)
+{
+    krb5_db2_context *dbc = curs->dbc;
+    krb5_error_code retval, lockerr;
+    krb5_db_entry *entry;
+    krb5_context ctx = curs->ctx;
+    krb5_data contdata;
+
+    contdata = make_data(curs->data.data, curs->data.size);
+    retval = krb5_decode_princ_entry(ctx, &contdata, &entry);
+    if (retval)
+        return retval;
+    /* Save libdb key across possible DB closure. */
+    retval = curs_save(curs);
+    if (retval)
+        return retval;
+
+    if (dbc->unlockiter)
+        curs_unlock(curs);
+
+    k5_mutex_unlock(krb5_db2_mutex);
+    retval = (*func)(func_arg, entry);
+    krb5_db_free_principal(ctx, entry);
+    k5_mutex_lock(krb5_db2_mutex);
+    if (dbc->unlockiter) {
+        lockerr = curs_lock(curs);
+        if (lockerr)
+            return lockerr;
+    }
+    return retval;
+}
+
+/* Free cursor resources and unlock the DB if needed. */
+static void
+curs_fini(iter_curs *curs)
+{
+    curs_free(curs);
+    if (curs->islocked)
+        curs_unlock(curs);
+}
+
+static krb5_error_code
+ctx_iterate(krb5_context context, krb5_db2_context *dbc,
+            ctx_iterate_cb func, krb5_pointer func_arg, krb5_flags iterflags)
+{
+    krb5_error_code retval;
+    int dbret;
+    iter_curs curs;
+
+    retval = curs_init(&curs, context, dbc, iterflags);
+    if (retval)
+        return retval;
+    dbret = curs_start(&curs);
+    while (dbret == 0) {
+        retval = curs_run_cb(&curs, func, func_arg);
+        if (retval)
+            goto cleanup;
+        dbret = curs_step(&curs);
+    }
+    switch (dbret) {
+    case 1:
+    case 0:
+        break;
+    case -1:
+    default:
+        retval = errno;
+    }
+cleanup:
+    curs_fini(&curs);
+    return retval;
+}
+
+krb5_error_code
+krb5_db2_iterate(krb5_context context, char *match_expr, ctx_iterate_cb func,
+                 krb5_pointer func_arg, krb5_flags iterflags)
+{
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+    return ctx_iterate(context, context->dal_handle->db_context, func,
+                       func_arg, iterflags);
+}
+
+krb5_boolean
+krb5_db2_set_lockmode(krb5_context context, krb5_boolean mode)
+{
+    krb5_boolean old;
+    krb5_db2_context *dbc;
+
+    dbc = context->dal_handle->db_context;
+    old = mode;
+    if (dbc) {
+        old = dbc->db_nb_locks;
+        dbc->db_nb_locks = mode;
+    }
+    return old;
+}
+
+/*
+ *     DAL API functions
+ */
+krb5_error_code
+krb5_db2_lib_init()
+{
+    return 0;
+}
+
+krb5_error_code
+krb5_db2_lib_cleanup()
+{
+    /* right now, no cleanup required */
+    return 0;
+}
+
+krb5_error_code
+krb5_db2_open(krb5_context context, char *conf_section, char **db_args,
+              int mode)
+{
+    krb5_error_code status = 0;
+
+    krb5_clear_error_message(context);
+    if (inited(context))
+        return 0;
+
+    status = configure_context(context, conf_section, db_args);
+    if (status != 0)
+        return status;
+
+    status = check_openable(context);
+    if (status != 0)
+        return status;
+
+    return ctx_init(context->dal_handle->db_context);
+}
+
+krb5_error_code
+krb5_db2_create(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code status = 0;
+    krb5_db2_context *dbc;
+
+    krb5_clear_error_message(context);
+    if (inited(context))
+        return 0;
+
+    status = configure_context(context, conf_section, db_args);
+    if (status != 0)
+        return status;
+
+    dbc = context->dal_handle->db_context;
+    status = ctx_create_db(context, dbc);
+    if (status != 0)
+        return status;
+
+    if (!dbc->tempdb)
+        krb5_db2_unlock(context);
+
+    return 0;
+}
+
+krb5_error_code
+krb5_db2_destroy(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code status;
+    krb5_db2_context *dbc;
+    char *dbname = NULL, *lockname = NULL, *polname = NULL, *plockname = NULL;
+
+    if (inited(context)) {
+        status = krb5_db2_fini(context);
+        if (status != 0)
+            return status;
+    }
+
+    krb5_clear_error_message(context);
+    status = configure_context(context, conf_section, db_args);
+    if (status != 0)
+        return status;
+
+    status = check_openable(context);
+    if (status != 0)
+        return status;
+
+    dbc = context->dal_handle->db_context;
+
+    status = ctx_allfiles(dbc, &dbname, &lockname, &polname, &plockname);
+    if (status)
+        goto cleanup;
+    status = destroy_file(dbname);
+    if (status)
+        goto cleanup;
+    status = unlink(lockname);
+    if (status)
+        goto cleanup;
+    status = osa_adb_destroy_db(polname, plockname, OSA_ADB_POLICY_DB_MAGIC);
+    if (status)
+        goto cleanup;
+
+    status = krb5_db2_fini(context);
+
+cleanup:
+    free(dbname);
+    free(lockname);
+    free(polname);
+    free(plockname);
+    return status;
+}
+
+/* policy functions */
+krb5_error_code
+krb5_db2_create_policy(krb5_context context, osa_policy_ent_t policy)
+{
+    krb5_db2_context *dbc = context->dal_handle->db_context;
+
+    return osa_adb_create_policy(dbc->policy_db, policy);
+}
+
+krb5_error_code
+krb5_db2_get_policy(krb5_context context,
+                    char *name, osa_policy_ent_t *policy)
+{
+    krb5_db2_context *dbc = context->dal_handle->db_context;
+
+    return osa_adb_get_policy(dbc->policy_db, name, policy);
+}
+
+krb5_error_code
+krb5_db2_put_policy(krb5_context context, osa_policy_ent_t policy)
+{
+    krb5_db2_context *dbc = context->dal_handle->db_context;
+
+    return osa_adb_put_policy(dbc->policy_db, policy);
+}
+
+krb5_error_code
+krb5_db2_iter_policy(krb5_context context,
+                     char *match_entry,
+                     osa_adb_iter_policy_func func, void *data)
+{
+    krb5_db2_context *dbc = context->dal_handle->db_context;
+
+    return osa_adb_iter_policy(dbc->policy_db, func, data);
+}
+
+krb5_error_code
+krb5_db2_delete_policy(krb5_context context, char *policy)
+{
+    krb5_db2_context *dbc = context->dal_handle->db_context;
+
+    return osa_adb_destroy_policy(dbc->policy_db, policy);
+}
+
+/*
+ * Merge non-replicated attributes from src into dst, setting
+ * changed to non-zero if dst was changed.
+ *
+ * Non-replicated attributes are: last_success, last_failed,
+ * fail_auth_count, and any negative TL data values.
+ */
+static krb5_error_code
+krb5_db2_merge_principal(krb5_context context,
+                         krb5_db_entry *src,
+                         krb5_db_entry *dst,
+                         int *changed)
+{
+    *changed = 0;
+
+    if (dst->last_success != src->last_success) {
+        dst->last_success = src->last_success;
+        (*changed)++;
+    }
+
+    if (dst->last_failed != src->last_failed) {
+        dst->last_failed = src->last_failed;
+        (*changed)++;
+    }
+
+    if (dst->fail_auth_count != src->fail_auth_count) {
+        dst->fail_auth_count = src->fail_auth_count;
+        (*changed)++;
+    }
+
+    return 0;
+}
+
+struct nra_context {
+    krb5_context kcontext;
+    krb5_db2_context *db_context;
+};
+
+/*
+ * Iteration callback merges non-replicated attributes from
+ * old database.
+ */
+static krb5_error_code
+krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
+{
+    struct nra_context *nra = (struct nra_context *)ptr;
+    kdb5_dal_handle *dal_handle = nra->kcontext->dal_handle;
+    krb5_error_code retval;
+    int changed;
+    krb5_db_entry *s_entry;
+    krb5_db2_context *dst_db;
+
+    memset(&s_entry, 0, sizeof(s_entry));
+
+    dst_db = dal_handle->db_context;
+    dal_handle->db_context = nra->db_context;
+
+    /* look up the new principal in the old DB */
+    retval = krb5_db2_get_principal(nra->kcontext, entry->princ, 0, &s_entry);
+    if (retval != 0) {
+        /* principal may be newly created, so ignore */
+        dal_handle->db_context = dst_db;
+        return 0;
+    }
+
+    /* merge non-replicated attributes from the old entry in */
+    krb5_db2_merge_principal(nra->kcontext, s_entry, entry, &changed);
+
+    dal_handle->db_context = dst_db;
+
+    /* if necessary, commit the modified new entry to the new DB */
+    if (changed) {
+        retval = krb5_db2_put_principal(nra->kcontext, entry, NULL);
+    } else {
+        retval = 0;
+    }
+
+    krb5_db_free_principal(nra->kcontext, s_entry);
+    return retval;
+}
+
+/*
+ * Merge non-replicated attributes (that is, lockout-related
+ * attributes and negative TL data types) from the real database
+ * into the temporary one.
+ */
+static krb5_error_code
+ctx_merge_nra(krb5_context context, krb5_db2_context *dbc_temp,
+              krb5_db2_context *dbc_real)
+{
+    struct nra_context nra;
+
+    nra.kcontext = context;
+    nra.db_context = dbc_real;
+    return ctx_iterate(context, dbc_temp, krb5_db2_merge_nra_iterator, &nra, 0);
+}
+
+/*
+ * In the filesystem, promote the temporary database described by dbc_temp to
+ * the real database described by dbc_real.  Both must be exclusively locked.
+ */
+static krb5_error_code
+ctx_promote(krb5_context context, krb5_db2_context *dbc_temp,
+            krb5_db2_context *dbc_real)
+{
+    krb5_error_code retval;
+    char *tdb = NULL, *tlock = NULL, *tpol = NULL, *tplock = NULL;
+    char *rdb = NULL, *rlock = NULL, *rpol = NULL, *rplock = NULL;
+
+    /* Generate all filenames of interest (including a few we don't need). */
+    retval = ctx_allfiles(dbc_temp, &tdb, &tlock, &tpol, &tplock);
+    if (retval)
+        return retval;
+    retval = ctx_allfiles(dbc_real, &rdb, &rlock, &rpol, &rplock);
+    if (retval)
+        goto cleanup;
+
+    /* Rename the principal and policy databases into place. */
+    if (rename(tdb, rdb)) {
+        retval = errno;
+        goto cleanup;
+    }
+    if (rename(tpol, rpol)) {
+        retval = errno;
+        goto cleanup;
+    }
+
+    ctx_update_age(dbc_real);
+
+    /* Release and remove the temporary DB lockfiles. */
+    (void) unlink(tlock);
+    (void) unlink(tplock);
+
+cleanup:
+    free(tdb);
+    free(tlock);
+    free(tpol);
+    free(tplock);
+    free(rdb);
+    free(rlock);
+    free(rpol);
+    free(rplock);
+    return retval;
+}
+
+krb5_error_code
+krb5_db2_promote_db(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code retval;
+    krb5_boolean merge_nra = FALSE, real_locked = FALSE;
+    krb5_db2_context *dbc_temp, *dbc_real = NULL;
+    char **db_argp;
+
+    /* context must be initialized with an exclusively locked temp DB. */
+    if (!inited(context))
+        return KRB5_KDB_DBNOTINITED;
+    dbc_temp = context->dal_handle->db_context;
+    if (dbc_temp->db_lock_mode != KRB5_LOCKMODE_EXCLUSIVE)
+        return KRB5_KDB_NOTLOCKED;
+    if (!dbc_temp->tempdb)
+        return EINVAL;
+
+    /* Check db_args for whether we should merge non-replicated attributes. */
+    for (db_argp = db_args; *db_argp; db_argp++) {
+        if (!strcmp(*db_argp, "merge_nra")) {
+            merge_nra = TRUE;
+            break;
+        }
+    }
+
+    /* Make a db2 context for the real DB. */
+    dbc_real = k5alloc(sizeof(*dbc_real), &retval);
+    if (dbc_real == NULL)
+        return retval;
+    ctx_clear(dbc_real);
+
+    /* Try creating the real DB. */
+    dbc_real->db_name = strdup(dbc_temp->db_name);
+    if (dbc_real->db_name == NULL)
+        goto cleanup;
+    dbc_real->tempdb = FALSE;
+    retval = ctx_create_db(context, dbc_real);
+    if (retval == EEXIST) {
+        /* The real database already exists, so open and lock it. */
+        dbc_real->db_name = strdup(dbc_temp->db_name);
+        if (dbc_real->db_name == NULL)
+            goto cleanup;
+        dbc_real->tempdb = FALSE;
+        retval = ctx_init(dbc_real);
+        if (retval)
+            goto cleanup;
+        retval = ctx_lock(context, dbc_real, KRB5_DB_LOCKMODE_EXCLUSIVE);
+        if (retval)
+            goto cleanup;
+    } else if (retval)
+        goto cleanup;
+    real_locked = TRUE;
+
+    if (merge_nra) {
+        retval = ctx_merge_nra(context, dbc_temp, dbc_real);
+        if (retval)
+            goto cleanup;
+    }
+
+    /* Perform filesystem manipulations for the promotion. */
+    retval = ctx_promote(context, dbc_temp, dbc_real);
+    if (retval)
+        goto cleanup;
+
+    /* Unlock and finalize context since the temp DB is gone. */
+    (void) krb5_db2_unlock(context);
+    krb5_db2_fini(context);
+
+cleanup:
+    if (real_locked)
+        (void) ctx_unlock(context, dbc_real);
+    if (dbc_real)
+        ctx_fini(dbc_real);
+    return retval;
+}
+
+krb5_error_code
+krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                         krb5_db_entry *client, krb5_db_entry *server,
+                         krb5_timestamp kdc_time, const char **status,
+                         krb5_pa_data ***e_data)
+{
+    krb5_error_code retval;
+
+    retval = krb5_db2_lockout_check_policy(kcontext, client, kdc_time);
+    if (retval == KRB5KDC_ERR_CLIENT_REVOKED)
+        *status = "LOCKED_OUT";
+    return retval;
+}
+
+void
+krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+                      const krb5_address *local_addr,
+                      const krb5_address *remote_addr, krb5_db_entry *client,
+                      krb5_db_entry *server, krb5_timestamp authtime,
+                      krb5_error_code error_code)
+{
+    (void) krb5_db2_lockout_audit(kcontext, client, authtime, error_code);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.h b/krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.h
new file mode 100644
index 00000000..349244dd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.h
@@ -0,0 +1,143 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/db2/kdb_db2.h */
+/*
+ * Copyright 1997 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * KDC Database backend definitions for Berkely DB.
+ */
+#ifndef KRB5_KDB_DB2_H
+#define KRB5_KDB_DB2_H
+
+#include "policy_db.h"
+
+typedef struct _krb5_db2_context {
+    krb5_boolean        db_inited;      /* Context initialized          */
+    char *              db_name;        /* Name of database             */
+    DB *                db;             /* DB handle                    */
+    krb5_boolean        hashfirst;      /* Try hash database type first */
+    char *              db_lf_name;     /* Name of lock file            */
+    int                 db_lf_file;     /* File descriptor of lock file */
+    int                 db_locks_held;  /* Number of times locked       */
+    int                 db_lock_mode;   /* Last lock mode, e.g. greatest*/
+    krb5_boolean        db_nb_locks;    /* [Non]Blocking lock modes     */
+    osa_adb_policy_t    policy_db;
+    krb5_boolean        tempdb;
+    krb5_boolean        disable_last_success;
+    krb5_boolean        disable_lockout;
+    krb5_boolean        unlockiter;
+} krb5_db2_context;
+
+krb5_error_code krb5_db2_init(krb5_context);
+krb5_error_code krb5_db2_fini(krb5_context);
+krb5_error_code krb5_db2_get_age(krb5_context, char *, time_t *);
+krb5_error_code krb5_db2_get_principal(krb5_context, krb5_const_principal,
+                                       unsigned int, krb5_db_entry **);
+krb5_error_code krb5_db2_put_principal(krb5_context, krb5_db_entry *,
+                                       char **db_args);
+krb5_error_code krb5_db2_iterate(krb5_context, char *,
+                                 krb5_error_code (*)(krb5_pointer,
+                                                     krb5_db_entry *),
+                                 krb5_pointer, krb5_flags);
+krb5_error_code krb5_db2_set_nonblocking(krb5_context, krb5_boolean,
+                                         krb5_boolean *);
+krb5_boolean krb5_db2_set_lockmode(krb5_context, krb5_boolean);
+krb5_error_code krb5_db2_open_database(krb5_context);
+krb5_error_code krb5_db2_close_database(krb5_context);
+
+krb5_error_code
+krb5_db2_delete_principal(krb5_context context,
+                          krb5_const_principal searchfor);
+
+krb5_error_code krb5_db2_lib_init(void);
+krb5_error_code krb5_db2_lib_cleanup(void);
+krb5_error_code krb5_db2_unlock(krb5_context);
+
+krb5_error_code
+krb5_db2_promote_db(krb5_context kcontext, char *conf_section, char **db_args);
+
+krb5_error_code
+krb5_db2_lock(krb5_context context, int in_mode);
+
+krb5_error_code
+krb5_db2_open(krb5_context kcontext, char *conf_section, char **db_args,
+              int mode);
+
+krb5_error_code krb5_db2_create(krb5_context kcontext, char *conf_section,
+                                char **db_args);
+
+krb5_error_code krb5_db2_destroy(krb5_context kcontext, char *conf_section,
+                                 char **db_args);
+
+const char *krb5_db2_err2str(krb5_context kcontext, long err_code);
+
+
+/* policy management functions */
+krb5_error_code
+krb5_db2_create_policy(krb5_context context, osa_policy_ent_t entry);
+
+krb5_error_code krb5_db2_get_policy(krb5_context kcontext,
+                                    char *name, osa_policy_ent_t *policy);
+
+krb5_error_code krb5_db2_put_policy(krb5_context kcontext,
+                                    osa_policy_ent_t policy);
+
+krb5_error_code krb5_db2_iter_policy(krb5_context kcontext, char *match_entry,
+                                     osa_adb_iter_policy_func func,
+                                     void *data);
+
+krb5_error_code krb5_db2_delete_policy(krb5_context kcontext, char *policy);
+
+
+/* Thread-safety wrapper slapped on top of original implementation.  */
+extern k5_mutex_t *krb5_db2_mutex;
+
+/* lockout */
+krb5_error_code
+krb5_db2_lockout_check_policy(krb5_context context,
+                              krb5_db_entry *entry,
+                              krb5_timestamp stamp);
+
+krb5_error_code
+krb5_db2_lockout_audit(krb5_context context,
+                       krb5_db_entry *entry,
+                       krb5_timestamp stamp,
+                       krb5_error_code status);
+
+krb5_error_code
+krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                         krb5_db_entry *client, krb5_db_entry *server,
+                         krb5_timestamp kdc_time, const char **status,
+                         krb5_pa_data ***e_data);
+
+void
+krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+                      const krb5_address *local_addr,
+                      const krb5_address *remote_addr,
+                      krb5_db_entry *client, krb5_db_entry *server,
+                      krb5_timestamp authtime,
+                      krb5_error_code error_code);
+
+#endif /* KRB5_KDB_DB2_H */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c b/krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c
new file mode 100644
index 00000000..054a87a3
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c
@@ -0,0 +1,442 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/db2/kdb_xdr.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include "kdb_xdr.h"
+
+krb5_error_code
+krb5_encode_princ_dbkey(krb5_context context, krb5_data *key,
+                        krb5_const_principal principal)
+{
+    char *princ_name;
+    krb5_error_code retval;
+
+    if (!(retval = krb5_unparse_name(context, principal, &princ_name))) {
+        /* need to store the NULL for decoding */
+        key->length = strlen(princ_name)+1;
+        key->data = princ_name;
+    }
+    return(retval);
+}
+
+krb5_error_code
+krb5_encode_princ_entry(krb5_context context, krb5_data *content,
+                        krb5_db_entry *entry)
+{
+    int                   i, j;
+    unsigned int          unparse_princ_size;
+    char                * unparse_princ;
+    unsigned char       * nextloc;
+    krb5_tl_data        * tl_data;
+    krb5_error_code       retval;
+    krb5_int16            psize16;
+
+    /*
+     * Generate one lump of data from the krb5_db_entry.
+     * This data must be independent of byte order of the machine,
+     * compact and extensible.
+     */
+
+    /*
+     * First allocate enough space for all the data.
+     * Need  2 bytes for the length of the base structure
+     * then 36 [ 8 * 4 + 2 * 2] bytes for the base information
+     *         [ attributes, max_life, max_renewable_life, expiration,
+     *           pw_expiration, last_success, last_failed, fail_auth_count ]
+     *         [ n_key_data, n_tl_data ]
+     * then XX bytes [ e_length ] for the extra data [ e_data ]
+     * then XX bytes [ 2 for length + length for string ] for the principal,
+     * then (4 [type + length] + tl_data_length) bytes per tl_data
+     * then (4 + (4 + key_data_length) per key_data_contents) bytes per key_data
+     */
+    content->length = entry->len + entry->e_length;
+
+    if ((retval = krb5_unparse_name(context, entry->princ, &unparse_princ)))
+        return(retval);
+
+    unparse_princ_size = strlen(unparse_princ) + 1;
+    content->length += unparse_princ_size;
+    content->length += 2;
+
+    i = 0;
+    /* tl_data is a linked list */
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
+        content->length += tl_data->tl_data_length;
+        content->length += 4; /* type, length */
+        i++;
+    }
+
+    if (i != entry->n_tl_data) {
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto epc_error;
+    }
+
+    /* key_data is an array */
+    for (i = 0; i < entry->n_key_data; i++) {
+        content->length += 4; /* Version, KVNO */
+        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+            content->length += entry->key_data[i].key_data_length[j];
+            content->length += 4; /* type + length */
+        }
+    }
+
+    if ((content->data = malloc(content->length)) == NULL) {
+        retval = ENOMEM;
+        goto epc_error;
+    }
+
+    /*
+     * Now we go through entry again, this time copying data
+     * These first entries are always saved regardless of version
+     */
+    nextloc = (unsigned char *)content->data;
+
+    /* Base Length */
+    krb5_kdb_encode_int16(entry->len, nextloc);
+    nextloc += 2;
+
+    /* Attributes */
+    krb5_kdb_encode_int32(entry->attributes, nextloc);
+    nextloc += 4;
+
+    /* Max Life */
+    krb5_kdb_encode_int32(entry->max_life, nextloc);
+    nextloc += 4;
+
+    /* Max Renewable Life */
+    krb5_kdb_encode_int32(entry->max_renewable_life, nextloc);
+    nextloc += 4;
+
+    /* When the client expires */
+    krb5_kdb_encode_int32(entry->expiration, nextloc);
+    nextloc += 4;
+
+    /* When its passwd expires */
+    krb5_kdb_encode_int32(entry->pw_expiration, nextloc);
+    nextloc += 4;
+
+    /* Last successful passwd */
+    krb5_kdb_encode_int32(entry->last_success, nextloc);
+    nextloc += 4;
+
+    /* Last failed passwd attempt */
+    krb5_kdb_encode_int32(entry->last_failed, nextloc);
+    nextloc += 4;
+
+    /* # of failed passwd attempt */
+    krb5_kdb_encode_int32(entry->fail_auth_count, nextloc);
+    nextloc += 4;
+
+    /* # tl_data structures */
+    krb5_kdb_encode_int16(entry->n_tl_data, nextloc);
+    nextloc += 2;
+
+    /* # key_data structures */
+    krb5_kdb_encode_int16(entry->n_key_data, nextloc);
+    nextloc += 2;
+
+    /* Put extended fields here */
+    if (entry->len != KRB5_KDB_V1_BASE_LENGTH)
+        abort();
+
+    /* Any extra data that this version doesn't understand. */
+    if (entry->e_length) {
+        memcpy(nextloc, entry->e_data, entry->e_length);
+        nextloc += entry->e_length;
+    }
+
+    /*
+     * Now we get to the principal.
+     * To squeze a few extra bytes out it is always assumed to come
+     * after the base type.
+     */
+    psize16 = (krb5_int16) unparse_princ_size;
+    krb5_kdb_encode_int16(psize16, nextloc);
+    nextloc += 2;
+    (void) memcpy(nextloc, unparse_princ, unparse_princ_size);
+    nextloc += unparse_princ_size;
+
+    /* tl_data is a linked list, of type, length, contents */
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
+        krb5_kdb_encode_int16(tl_data->tl_data_type, nextloc);
+        nextloc += 2;
+        krb5_kdb_encode_int16(tl_data->tl_data_length, nextloc);
+        nextloc += 2;
+
+        memcpy(nextloc, tl_data->tl_data_contents, tl_data->tl_data_length);
+        nextloc += tl_data->tl_data_length;
+    }
+
+    /* key_data is an array */
+    for (i = 0; i < entry->n_key_data; i++) {
+        krb5_kdb_encode_int16(entry->key_data[i].key_data_ver, nextloc);
+        nextloc += 2;
+        krb5_kdb_encode_int16(entry->key_data[i].key_data_kvno, nextloc);
+        nextloc += 2;
+
+        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+            krb5_int16 type = entry->key_data[i].key_data_type[j];
+            krb5_ui_2  length = entry->key_data[i].key_data_length[j];
+
+            krb5_kdb_encode_int16(type, nextloc);
+            nextloc += 2;
+            krb5_kdb_encode_int16(length, nextloc);
+            nextloc += 2;
+
+            if (length) {
+                memcpy(nextloc, entry->key_data[i].key_data_contents[j],length);
+                nextloc += length;
+            }
+        }
+    }
+
+epc_error:;
+    free(unparse_princ);
+    return retval;
+}
+
+krb5_error_code
+krb5_decode_princ_entry(krb5_context context, krb5_data *content,
+                        krb5_db_entry **entry_ptr)
+{
+    int                   sizeleft, i;
+    unsigned char       * nextloc;
+    krb5_tl_data       ** tl_data;
+    krb5_int16            i16;
+    krb5_db_entry       * entry;
+    krb5_error_code retval;
+
+    *entry_ptr = NULL;
+
+    entry = k5alloc(sizeof(*entry), &retval);
+    if (entry == NULL)
+        return retval;
+
+    /*
+     * Reverse the encoding of encode_princ_entry.
+     *
+     * The first part is decoding the base type. If the base type is
+     * bigger than the original base type then the additional fields
+     * need to be filled in. If the base type is larger than any
+     * known base type the additional data goes in e_data.
+     */
+
+    /* First do the easy stuff */
+    nextloc = (unsigned char *)content->data;
+    sizeleft = content->length;
+    if (sizeleft < KRB5_KDB_V1_BASE_LENGTH) {
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
+    }
+    sizeleft -= KRB5_KDB_V1_BASE_LENGTH;
+
+    /* Base Length */
+    krb5_kdb_decode_int16(nextloc, entry->len);
+    nextloc += 2;
+
+    /* Attributes */
+    krb5_kdb_decode_int32(nextloc, entry->attributes);
+    nextloc += 4;
+
+    /* Max Life */
+    krb5_kdb_decode_int32(nextloc, entry->max_life);
+    nextloc += 4;
+
+    /* Max Renewable Life */
+    krb5_kdb_decode_int32(nextloc, entry->max_renewable_life);
+    nextloc += 4;
+
+    /* When the client expires */
+    krb5_kdb_decode_int32(nextloc, entry->expiration);
+    nextloc += 4;
+
+    /* When its passwd expires */
+    krb5_kdb_decode_int32(nextloc, entry->pw_expiration);
+    nextloc += 4;
+
+    /* Last successful passwd */
+    krb5_kdb_decode_int32(nextloc, entry->last_success);
+    nextloc += 4;
+
+    /* Last failed passwd attempt */
+    krb5_kdb_decode_int32(nextloc, entry->last_failed);
+    nextloc += 4;
+
+    /* # of failed passwd attempt */
+    krb5_kdb_decode_int32(nextloc, entry->fail_auth_count);
+    nextloc += 4;
+
+    /* # tl_data structures */
+    krb5_kdb_decode_int16(nextloc, entry->n_tl_data);
+    nextloc += 2;
+
+    if (entry->n_tl_data < 0) {
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
+    }
+
+    /* # key_data structures */
+    krb5_kdb_decode_int16(nextloc, entry->n_key_data);
+    nextloc += 2;
+
+    if (entry->n_key_data < 0) {
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
+    }
+
+    /* Check for extra data */
+    if (entry->len > KRB5_KDB_V1_BASE_LENGTH) {
+        entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
+        entry->e_data = k5memdup(nextloc, entry->e_length, &retval);
+        if (entry->e_data == NULL)
+            goto error_out;
+        nextloc += entry->e_length;
+    }
+
+    /*
+     * Get the principal name for the entry
+     * (stored as a string which gets unparsed.)
+     */
+    if (sizeleft < 2) {
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
+    }
+    sizeleft -= 2;
+
+    i = 0;
+    krb5_kdb_decode_int16(nextloc, i16);
+    i = (int) i16;
+    nextloc += 2;
+    if (i <= 0 || i > sizeleft || nextloc[i - 1] != '\0' ||
+        memchr((char *)nextloc, '\0', i - 1) != NULL) {
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
+    }
+
+    if ((retval = krb5_parse_name(context, (char *)nextloc, &(entry->princ))))
+        goto error_out;
+    sizeleft -= i;
+    nextloc += i;
+
+    /* tl_data is a linked list */
+    tl_data = &entry->tl_data;
+    for (i = 0; i < entry->n_tl_data; i++) {
+        if (sizeleft < 4) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        sizeleft -= 4;
+        if ((*tl_data = (krb5_tl_data *)
+             malloc(sizeof(krb5_tl_data))) == NULL) {
+            retval = ENOMEM;
+            goto error_out;
+        }
+        (*tl_data)->tl_data_next = NULL;
+        (*tl_data)->tl_data_contents = NULL;
+        krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_type);
+        nextloc += 2;
+        krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_length);
+        nextloc += 2;
+
+        if ((*tl_data)->tl_data_length > sizeleft) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        sizeleft -= (*tl_data)->tl_data_length;
+        (*tl_data)->tl_data_contents =
+            k5memdup(nextloc, (*tl_data)->tl_data_length, &retval);
+        if ((*tl_data)->tl_data_contents == NULL)
+            goto error_out;
+        nextloc += (*tl_data)->tl_data_length;
+        tl_data = &((*tl_data)->tl_data_next);
+    }
+
+    /* key_data is an array */
+    if (entry->n_key_data && ((entry->key_data = (krb5_key_data *)
+                               malloc(sizeof(krb5_key_data) * entry->n_key_data)) == NULL)) {
+        retval = ENOMEM;
+        goto error_out;
+    }
+    for (i = 0; i < entry->n_key_data; i++) {
+        krb5_key_data * key_data;
+        int j;
+
+        if (sizeleft < 4) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        sizeleft -= 4;
+        key_data = entry->key_data + i;
+        memset(key_data, 0, sizeof(krb5_key_data));
+        krb5_kdb_decode_int16(nextloc, key_data->key_data_ver);
+        nextloc += 2;
+        krb5_kdb_decode_int16(nextloc, key_data->key_data_kvno);
+        nextloc += 2;
+
+        /* key_data_ver determines number of elements and how to unparse
+         * them. */
+        if (key_data->key_data_ver >= 0 &&
+            key_data->key_data_ver <= KRB5_KDB_V1_KEY_DATA_ARRAY) {
+            for (j = 0; j < key_data->key_data_ver; j++) {
+                if (sizeleft < 4) {
+                    retval = KRB5_KDB_TRUNCATED_RECORD;
+                    goto error_out;
+                }
+                sizeleft -= 4;
+                krb5_kdb_decode_int16(nextloc, key_data->key_data_type[j]);
+                nextloc += 2;
+                krb5_kdb_decode_int16(nextloc, key_data->key_data_length[j]);
+                nextloc += 2;
+
+                if (key_data->key_data_length[j] > sizeleft) {
+                    retval = KRB5_KDB_TRUNCATED_RECORD;
+                    goto error_out;
+                }
+                sizeleft -= key_data->key_data_length[j];
+                if (key_data->key_data_length[j]) {
+                    key_data->key_data_contents[j] =
+                        k5memdup(nextloc, key_data->key_data_length[j],
+                                 &retval);
+                    if (key_data->key_data_contents[j] == NULL)
+                        goto error_out;
+                    nextloc += key_data->key_data_length[j];
+                }
+            }
+        } else {
+            retval = KRB5_KDB_BAD_VERSION;
+            goto error_out;
+        }
+    }
+    *entry_ptr = entry;
+    return 0;
+
+error_out:
+    krb5_db_free_principal(context, entry);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.h b/krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.h
new file mode 100644
index 00000000..122605f7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.h
@@ -0,0 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef _KDB2_XDR_H
+#define _KDB2_XDR_H
+
+#include "kdb.h"
+
+krb5_error_code
+krb5_encode_princ_dbkey(krb5_context context, krb5_data *key,
+                        krb5_const_principal principal);
+
+krb5_error_code
+krb5_decode_princ_entry(krb5_context context, krb5_data *content,
+                        krb5_db_entry **entry);
+
+void
+krb5_dbe_free(krb5_context context, krb5_db_entry *entry);
+
+krb5_error_code
+krb5_encode_princ_entry(krb5_context context, krb5_data *content,
+                        krb5_db_entry *entry);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/CHANGELOG.db2 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/CHANGELOG.db2
new file mode 100644
index 00000000..abd05f95
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/CHANGELOG.db2
@@ -0,0 +1,123 @@
+db2-alpha.0 -> db2-alpha.1
+		This fixes a number of bugs in the alpha release.
+		1. 64-bit functionality.  The test suite now runs on alphas.
+		Memory leak fixed.
+		Pairs no longer disappear when pages are exactly full.
+		Flush meta-data correctly on sync.
+1.86 -> db2-alpha.0
+		This is an interim release.  We are in the process of
+		adding logging, locking, and transaction support to all
+		the db access methods.  This will necessitate database
+		format changes, interface changes, and major upheaval.
+		In the meantime, this PRELIMINARY release is to correct
+		some known bugs in the hash pacakge.  This release uses
+		a different page format from 1.86, so you will need to
+		dump and reload any existing databases if you upgrade
+		to this (and may have to do it again when 2.0 becomes
+		available.
+1.85 -> 1.86
+	btree:	Fix to split code for single large record at the end of a
+		page.
+1.84 -> 1.85
+	recno:	#ifdef out use of mmap, it's not portable enough.
+
+1.83 -> 1.84	Thu Aug 18 15:46:07 EDT 1994
+	recno:	Rework fixed-length records so that closing and reopening
+		the file now works.  Pad short records on input.  Never do
+		signed comparison in recno input reading functions.
+
+1.82 -> 1.83	Tue Jul 26 15:33:44 EDT 1994
+	btree:	Rework cursor deletion code yet again; bugs with
+		deleting empty pages that only contained the cursor
+		record.
+
+1.81 -> 1.82	Sat Jul 16 11:01:50 EDT 1994
+	btree:	Fix bugs introduced by new cursor/deletion code.
+		Replace return kbuf/dbuf with real DBT's.
+
+1.80 -> 1.81
+	btree:	Fix bugs introduced by new cursor/deletion code.
+	all:	Add #defines for Purify.
+
+1.79 -> 1.80	Wed Jul 13 22:41:54 EDT 1994
+	btree	Change deletion to coalesce empty pages.  This is a major
+		change, cursors and duplicate pages all had to be reworked.
+		Return to a fixed stack.
+	recno:	Affected by cursor changes.  New cursor structures should
+		permit multiple cursors in the future.
+
+1.78 -> 1.79	Mon Jun 20 17:36:47 EDT 1994
+	all:	Minor cleanups of 1.78 for porting reasons; only
+		major change was inlining check of NULL pointer
+		so that __fix_realloc goes away.
+
+1.77 -> 1.78	Thu Jun 16 19:06:43 EDT 1994
+	all:	Move "standard" size typedef's into db.h.
+
+1.76 -> 1.77	Thu Jun 16 16:48:38 EDT 1994
+	hash:	Delete __init_ routine, has special meaning to OSF 2.0.
+
+1.74 -> 1.76
+	all:	Finish up the port to the Alpha.
+
+1.73 -> 1.74
+	recno:	Don't put the record if rec_search fails, in rec_rdelete.
+		Create fixed-length intermediate records past "end" of DB
+		correctly.
+		Realloc bug when reading in fixed records.
+	all:	First cut at port to Alpha (64-bit architecture) using
+		4.4BSD basic integral types typedef's.
+		Cast allocation pointers to shut up old compilers.
+		Rework PORT directory into OS/machine directories.
+
+1.72 -> 1.73
+	btree:	If enough duplicate records were inserted and then deleted
+		that internal pages had references to empty pages of the
+		duplicate keys, the search function ended up on the wrong
+		page.
+
+1.7  -> 1.72	12 Oct 1993
+	hash:	Support NET/2 hash formats.
+
+1.7  -> 1.71	16 Sep 1993
+	btree/recno:
+		Fix bug in internal search routines that caused
+		return of invalid pointers.
+
+1.6  -> 1.7	07 Sep 1993
+	hash:	Fixed big key overflow bugs.
+	test:	Portability hacks, rewrite test script, Makefile.
+	btree/recno:
+		Stop copying non-overflow key/data pairs.
+	PORT:	Break PORT directory up into per architecture/OS
+		subdirectories.
+
+1.5  -> 1.6	06 Jun 1993
+	hash:	In PAIRFITS, the first comparison should look at (P)[2].
+		The hash_realloc function was walking off the end of memory.
+		The overflow page number was wrong when bumping splitpoint.
+
+1.4  -> 1.5	23 May 1993
+	hash:	Set hash default fill factor dynamically.
+	recno:	Fixed bug in sorted page splits.
+		Add page size parameter support.
+		Allow recno to specify the name of the underlying btree;
+			used for vi recovery.
+	btree/recno:
+		Support 64K pages.
+	btree/hash/recno:
+		Provide access to an underlying file descriptor.
+		Change sync routines to take a flag argument, recno
+			uses this to sync out the underlying btree.
+
+1.3  -> 1.4	10 May 1993
+	recno:	Delete the R_CURSORLOG flag from the recno interface.
+		Zero-length record fix for non-mmap reads.
+		Try and make SIZE_T_MAX test in open portable.
+
+1.2  -> 1.3	01 May 1993
+	btree:	Ignore user byte-order setting when reading already
+		existing database.  Fixes to byte-order conversions.
+
+1.1  -> 1.2	15 Apr 1993
+		No bug fixes, only compatibility hacks.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/Makefile.in
new file mode 100644
index 00000000..22b23f74
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/Makefile.in
@@ -0,0 +1,32 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+SUBDIRS=hash btree db mpool recno test
+
+LIBBASE=db
+LIBMAJOR=1
+LIBMINOR=1
+STOBJLISTS=hash/OBJS.ST btree/OBJS.ST db/OBJS.ST mpool/OBJS.ST \
+	recno/OBJS.ST
+SUBDIROBJLISTS=$(STOBJLISTS)
+RELDIR=../plugins/kdb/db2/libdb2
+
+HDRDIR=$(BUILDTOP)/include
+HDRS =	$(HDRDIR)/db.h $(HDRDIR)/db-config.h
+
+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS=$(SUPPORT_LIB) $(LIBS)
+
+all-unix: includes all-libs
+all-prerecurse depend-prerecurse: $(HDRS)
+clean-unix:: clean-libs clean-includes
+
+includes: $(HDRS)
+
+$(HDRDIR)/db.h: $(srcdir)/include/db.hin
+	$(CP) $(srcdir)/include/db.hin $@
+$(HDRDIR)/db-config.h: include/db-config.hin
+	$(CP) $(srcdir)/include/db-config.hin $@
+
+clean-includes:
+	$(RM) $(HDRS) include/*.stmp
+@lib_frag@
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/Makefile.inc
new file mode 100644
index 00000000..77af9c51
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/Makefile.inc
@@ -0,0 +1,10 @@
+#	@(#)Makefile.inc	8.2 (Berkeley) 2/21/94
+#
+CFLAGS+=-D__DBINTERFACE_PRIVATE
+
+.include "${.CURDIR}/db/btree/Makefile.inc"
+.include "${.CURDIR}/db/db/Makefile.inc"
+.include "${.CURDIR}/db/hash/Makefile.inc"
+.include "${.CURDIR}/db/man/Makefile.inc"
+.include "${.CURDIR}/db/mpool/Makefile.inc"
+.include "${.CURDIR}/db/recno/Makefile.inc"
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README
new file mode 100644
index 00000000..040a3dd5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README
@@ -0,0 +1,16 @@
+			  IMPORTANT NOTICE:
+
+This directory contains code of somewhat unknown origin that is
+INCOMPATIBLE with both Berkeley DB 1.85 and Sleepycat DB 2.x.  Do NOT
+contact Sleepycat regarding bugs in code found here; they do not
+appreciate it.  All bug reports about this code should go to the MIT
+Kerberos team via email to krb5-bugs@mit.edu, as usual.
+
+It is believed that this "db" code originated from Berkeley DB 1.85
+and was further modified by Cygnus and the MIT Kerberos team.  Some
+significant changes to the hash code occurred at some point.
+
+The file README.db2 contains the README file provided with the
+2.0-alpha release of Berkeley/Sleepycat DB, which may contain
+marginally useful information.  It is not known at this time how well
+this code matches that of the 2.0-alpha release.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README.NOT.SLEEPYCAT.DB b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README.NOT.SLEEPYCAT.DB
new file mode 100644
index 00000000..112454e9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README.NOT.SLEEPYCAT.DB
@@ -0,0 +1,2 @@
+THIS IS NOT THE SLEEPYCAT DB.
+Please see the README file for more information.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README.db2 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README.db2
new file mode 100644
index 00000000..5700b739
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/README.db2
@@ -0,0 +1,41 @@
+#	@(#)README	8.28 (Berkeley) 11/2/95
+
+This is version 2.0-ALPHA of the Berkeley DB code.
+THIS IS A PRELIMINARY RELEASE.
+
+For information on compiling and installing this software, see the file
+PORT/README.
+
+Newer versions of this software will periodically be made available by
+anonymous ftp from ftp.cs.berkeley.edu:ucb/4bsd/db.tar.{Z,gz} and from
+ftp.harvard.edu:margo/db.tar.{Z,gz}.  If you want to receive announcements
+of future releases of this software, send email to the contact address
+below.
+
+Email questions may be addressed to dbinfo@eecs.harvard.edu.
+
+============================================
+Distribution contents:
+
+README		This file.
+CHANGELOG	List of changes, per version.
+btree		B+tree access method.
+db		The db_open interface routine.
+docs		Various USENIX papers, and the formatted manual pages.
+hash		Extended linear hashing access method.
+lock		Lock manager.
+log		Log manager.
+man		The unformatted manual pages.
+mpool		The buffer manager support.
+mutex		Mutex support.
+recno		The fixed/variable length record access method.
+test		Test package.
+txn		Transaction support.
+
+============================================
+Debugging:
+
+If you're running a memory checker (e.g. Purify) on DB, make sure that
+you recompile it with "-DPURIFY" in the CFLAGS, first.  By default,
+allocated pages are not initialized by the DB code, and they will show
+up as reads of uninitialized memory in the buffer write routines.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/Makefile.in
new file mode 100644
index 00000000..2ff0bcbc
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/Makefile.in
@@ -0,0 +1,15 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2$(S)btree
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+STLIBOBJS=	bt_close.o bt_conv.o bt_debug.o bt_delete.o bt_get.o \
+		bt_open.o bt_overflow.o bt_page.o bt_put.o bt_search.o \
+		bt_seq.o bt_split.o bt_utils.o
+
+SRCS= $(STLIBOBJS:.o=.c)
+
+LOCALINCLUDES=	-I. -I$(srcdir)/../include -I../include -I$(srcdir)/../mpool \
+		-I$(srcdir)/../db
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/Makefile.inc
new file mode 100644
index 00000000..8ed76494
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/Makefile.inc
@@ -0,0 +1,7 @@
+#	@(#)Makefile.inc	8.2 (Berkeley) 7/14/94
+
+.PATH: ${.CURDIR}/db/btree
+
+SRCS+=	bt_close.c bt_conv.c bt_debug.c bt_delete.c bt_get.c bt_open.c \
+	bt_overflow.c bt_page.c bt_put.c bt_search.c bt_seq.c bt_split.c \
+	bt_utils.c
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_close.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_close.c
new file mode 100644
index 00000000..11be1341
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_close.c
@@ -0,0 +1,183 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_close.c	8.7 (Berkeley) 8/17/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static int bt_meta __P((BTREE *));
+
+/*
+ * BT_CLOSE -- Close a btree.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__bt_close(dbp)
+	DB *dbp;
+{
+	BTREE *t;
+	int fd;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* Sync the tree. */
+	if (__bt_sync(dbp, 0) == RET_ERROR)
+		return (RET_ERROR);
+
+	/* Close the memory pool. */
+	if (mpool_close(t->bt_mp) == RET_ERROR)
+		return (RET_ERROR);
+
+	/* Free random memory. */
+	if (t->bt_cursor.key.data != NULL) {
+		free(t->bt_cursor.key.data);
+		t->bt_cursor.key.size = 0;
+		t->bt_cursor.key.data = NULL;
+	}
+	if (t->bt_rkey.data) {
+		free(t->bt_rkey.data);
+		t->bt_rkey.size = 0;
+		t->bt_rkey.data = NULL;
+	}
+	if (t->bt_rdata.data) {
+		free(t->bt_rdata.data);
+		t->bt_rdata.size = 0;
+		t->bt_rdata.data = NULL;
+	}
+
+	fd = t->bt_fd;
+	free(t);
+	free(dbp);
+	return (close(fd) ? RET_ERROR : RET_SUCCESS);
+}
+
+/*
+ * BT_SYNC -- sync the btree to disk.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+int
+__bt_sync(dbp, flags)
+	const DB *dbp;
+	u_int flags;
+{
+	BTREE *t;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* Sync doesn't currently take any flags. */
+	if (flags != 0) {
+		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	if (F_ISSET(t, B_INMEM | B_RDONLY)
+	    || !F_ISSET(t, B_MODIFIED | B_METADIRTY))
+		return (RET_SUCCESS);
+
+	if (F_ISSET(t, B_METADIRTY) && bt_meta(t) == RET_ERROR)
+		return (RET_ERROR);
+
+	if ((status = mpool_sync(t->bt_mp)) == RET_SUCCESS)
+		F_CLR(t, B_MODIFIED);
+
+	return (status);
+}
+
+/*
+ * BT_META -- write the tree meta data to disk.
+ *
+ * Parameters:
+ *	t:	tree
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+static int
+bt_meta(t)
+	BTREE *t;
+{
+	BTMETA m;
+	void *p;
+
+	if ((p = mpool_get(t->bt_mp, P_META, 0)) == NULL)
+		return (RET_ERROR);
+
+	/* Fill in metadata. */
+	m.magic = BTREEMAGIC;
+	m.version = BTREEVERSION;
+	m.psize = t->bt_psize;
+	m.free = t->bt_free;
+	m.nrecs = t->bt_nrecs;
+	m.flags = F_ISSET(t, SAVEMETA);
+
+	memmove(p, &m, sizeof(BTMETA));
+	mpool_put(t->bt_mp, p, MPOOL_DIRTY);
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_conv.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_conv.c
new file mode 100644
index 00000000..c0644ed7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_conv.c
@@ -0,0 +1,224 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_conv.c	8.5 (Berkeley) 8/17/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static void mswap __P((PAGE *));
+
+/*
+ * __BT_BPGIN, __BT_BPGOUT --
+ *	Convert host-specific number layout to/from the host-independent
+ *	format stored on disk.
+ *
+ * Parameters:
+ *	t:	tree
+ *	pg:	page number
+ *	h:	page to convert
+ */
+void
+__bt_pgin(t, pg, pp)
+	void *t;
+	db_pgno_t pg;
+	void *pp;
+{
+	PAGE *h;
+	indx_t i, top;
+	u_char flags;
+	char *p;
+	u_int32_t ksize;
+
+	if (!F_ISSET(((BTREE *)t), B_NEEDSWAP))
+		return;
+	if (pg == P_META) {
+		mswap(pp);
+		return;
+	}
+
+	h = pp;
+	M_32_SWAP(h->pgno);
+	M_32_SWAP(h->prevpg);
+	M_32_SWAP(h->nextpg);
+	M_32_SWAP(h->flags);
+	M_16_SWAP(h->lower);
+	M_16_SWAP(h->upper);
+
+	top = NEXTINDEX(h);
+	if ((h->flags & P_TYPE) == P_BINTERNAL)
+		for (i = 0; i < top; i++) {
+			M_16_SWAP(h->linp[i]);
+			p = (char *)GETBINTERNAL(h, i);
+			P_32_SWAP(p);
+			p += sizeof(u_int32_t);
+			P_32_SWAP(p);
+			p += sizeof(db_pgno_t);
+			if (*(u_char *)p & P_BIGKEY) {
+				p += sizeof(u_char);
+				P_32_SWAP(p);
+				p += sizeof(db_pgno_t);
+				P_32_SWAP(p);
+			}
+		}
+	else if ((h->flags & P_TYPE) == P_BLEAF)
+		for (i = 0; i < top; i++) {
+			M_16_SWAP(h->linp[i]);
+			p = (char *)GETBLEAF(h, i);
+			P_32_SWAP(p);
+			memcpy(&ksize, p, sizeof(ksize));
+			p += sizeof(u_int32_t);
+			P_32_SWAP(p);
+			p += sizeof(u_int32_t);
+			flags = *(u_char *)p;
+			if (flags & (P_BIGKEY | P_BIGDATA)) {
+				p += sizeof(u_char);
+				if (flags & P_BIGKEY) {
+					P_32_SWAP(p);
+					P_32_SWAP(p + sizeof(db_pgno_t));
+				}
+				if (flags & P_BIGDATA) {
+					p += ksize;
+					P_32_SWAP(p);
+					p += sizeof(db_pgno_t);
+					P_32_SWAP(p);
+				}
+			}
+		}
+}
+
+void
+__bt_pgout(t, pg, pp)
+	void *t;
+	db_pgno_t pg;
+	void *pp;
+{
+	PAGE *h;
+	indx_t i, top;
+	u_char flags;
+	char *p;
+	u_int32_t ksize;
+
+	if (!F_ISSET(((BTREE *)t), B_NEEDSWAP))
+		return;
+	if (pg == P_META) {
+		mswap(pp);
+		return;
+	}
+
+	h = pp;
+	top = NEXTINDEX(h);
+	if ((h->flags & P_TYPE) == P_BINTERNAL)
+		for (i = 0; i < top; i++) {
+			p = (char *)GETBINTERNAL(h, i);
+			P_32_SWAP(p);
+			p += sizeof(u_int32_t);
+			P_32_SWAP(p);
+			p += sizeof(db_pgno_t);
+			if (*(u_char *)p & P_BIGKEY) {
+				p += sizeof(u_char);
+				P_32_SWAP(p);
+				p += sizeof(db_pgno_t);
+				P_32_SWAP(p);
+			}
+			M_16_SWAP(h->linp[i]);
+		}
+	else if ((h->flags & P_TYPE) == P_BLEAF)
+		for (i = 0; i < top; i++) {
+			ksize = GETBLEAF(h, i)->ksize;
+			p = (char *)GETBLEAF(h, i);
+			P_32_SWAP(p);
+			p += sizeof(u_int32_t);
+			P_32_SWAP(p);
+			p += sizeof(u_int32_t);
+			flags = *(u_char *)p;
+			if (flags & (P_BIGKEY | P_BIGDATA)) {
+				p += sizeof(u_char);
+				if (flags & P_BIGKEY) {
+					P_32_SWAP(p);
+					P_32_SWAP(p + sizeof(db_pgno_t));
+				}
+				if (flags & P_BIGDATA) {
+					p += ksize;
+					P_32_SWAP(p);
+					p += sizeof(db_pgno_t);
+					P_32_SWAP(p);
+				}
+			}
+			M_16_SWAP(h->linp[i]);
+		}
+
+	M_32_SWAP(h->pgno);
+	M_32_SWAP(h->prevpg);
+	M_32_SWAP(h->nextpg);
+	M_32_SWAP(h->flags);
+	M_16_SWAP(h->lower);
+	M_16_SWAP(h->upper);
+}
+
+/*
+ * MSWAP -- Actually swap the bytes on the meta page.
+ *
+ * Parameters:
+ *	p:	page to convert
+ */
+static void
+mswap(pg)
+	PAGE *pg;
+{
+	char *p;
+
+	p = (char *)pg;
+	P_32_SWAP(p);		/* magic */
+	p += sizeof(u_int32_t);
+	P_32_SWAP(p);		/* version */
+	p += sizeof(u_int32_t);
+	P_32_SWAP(p);		/* psize */
+	p += sizeof(u_int32_t);
+	P_32_SWAP(p);		/* free */
+	p += sizeof(u_int32_t);
+	P_32_SWAP(p);		/* nrecs */
+	p += sizeof(u_int32_t);
+	P_32_SWAP(p);		/* flags */
+	p += sizeof(u_int32_t);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_debug.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
new file mode 100644
index 00000000..bc71076a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
@@ -0,0 +1,416 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994, 1995
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_debug.c	8.6 (Berkeley) 1/9/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+#if defined(DEBUG) || defined(STATISTICS)
+
+static FILE *tracefp;
+
+/*
+ * __bt_dinit --
+ *	initialize debugging.
+ */
+static void
+__bt_dinit()
+{
+	static int first = 1;
+
+	if (!first)
+		return;
+	first = 0;
+
+#ifndef TRACE_TO_STDERR
+	if ((tracefp = fopen("/tmp/__bt_debug", "w")) != NULL)
+		return;
+#endif
+	tracefp = stderr;
+}
+#endif
+
+#ifdef DEBUG
+/*
+ * __bt_dump --
+ *	dump the tree
+ *
+ * Parameters:
+ *	dbp:	pointer to the DB
+ */
+int
+__bt_dump(dbp)
+	DB *dbp;
+{
+	BTREE *t;
+	PAGE *h;
+	db_pgno_t i;
+	char *sep;
+
+	__bt_dinit();
+
+	t = dbp->internal;
+	(void)fprintf(tracefp, "%s: pgsz %d",
+	    F_ISSET(t, B_INMEM) ? "memory" : "disk", t->bt_psize);
+	if (F_ISSET(t, R_RECNO))
+		(void)fprintf(tracefp, " keys %lu", (u_long)t->bt_nrecs);
+#undef X
+#define	X(flag, name) \
+	if (F_ISSET(t, flag)) { \
+		(void)fprintf(tracefp, "%s%s", sep, name); \
+		sep = ", "; \
+	}
+	if (t->flags != 0) {
+		sep = " flags (";
+		X(R_FIXLEN,	"FIXLEN");
+		X(B_INMEM,	"INMEM");
+		X(B_NODUPS,	"NODUPS");
+		X(B_RDONLY,	"RDONLY");
+		X(R_RECNO,	"RECNO");
+		X(B_METADIRTY,"METADIRTY");
+		(void)fprintf(tracefp, ")\n");
+	}
+#undef X
+	for (i = P_ROOT; i < t->bt_mp->npages &&
+	    (h = mpool_get(t->bt_mp, i, MPOOL_IGNOREPIN)) != NULL; ++i)
+		__bt_dpage(dbp, h);
+	(void)fflush(tracefp);
+	return (0);
+}
+
+/*
+ * BT_DMPAGE -- Dump the meta page
+ *
+ * Parameters:
+ *	h:	pointer to the PAGE
+ */
+int
+__bt_dmpage(h)
+	PAGE *h;
+{
+	BTMETA *m;
+	char *sep;
+
+	__bt_dinit();
+
+	m = (BTMETA *)h;
+	(void)fprintf(tracefp, "magic %lx\n", (u_long)m->magic);
+	(void)fprintf(tracefp, "version %lu\n", (u_long)m->version);
+	(void)fprintf(tracefp, "psize %lu\n", (u_long)m->psize);
+	(void)fprintf(tracefp, "free %lu\n", (u_long)m->free);
+	(void)fprintf(tracefp, "nrecs %lu\n", (u_long)m->nrecs);
+	(void)fprintf(tracefp, "flags %lu", (u_long)m->flags);
+#undef X
+#define	X(flag, name) \
+	if (m->flags & flag) { \
+		(void)fprintf(tracefp, "%s%s", sep, name); \
+		sep = ", "; \
+	}
+	if (m->flags) {
+		sep = " (";
+		X(B_NODUPS,	"NODUPS");
+		X(R_RECNO,	"RECNO");
+		(void)fprintf(tracefp, ")");
+	}
+	(void)fprintf(tracefp, "\n");
+	(void)fflush(tracefp);
+	return (0);
+}
+
+/*
+ * BT_DNPAGE -- Dump the page
+ *
+ * Parameters:
+ *	n:	page number to dump.
+ */
+int
+__bt_dnpage(dbp, pgno)
+	DB *dbp;
+	db_pgno_t pgno;
+{
+	BTREE *t;
+	PAGE *h;
+
+	__bt_dinit();
+
+	t = dbp->internal;
+	if ((h = mpool_get(t->bt_mp, pgno, MPOOL_IGNOREPIN)) != NULL)
+		__bt_dpage(dbp, h);
+	(void)fflush(tracefp);
+	return (0);
+}
+
+/*
+ * BT_DPAGE -- Dump the page
+ *
+ * Parameters:
+ *	h:	pointer to the PAGE
+ */
+int
+__bt_dpage(dbp, h)
+	DB *dbp;
+	PAGE *h;
+{
+	BINTERNAL *bi;
+	BLEAF *bl;
+	RINTERNAL *ri;
+	RLEAF *rl;
+	u_long pgsize;
+	indx_t cur, top, lim;
+	char *sep;
+	db_pgno_t pgno;
+	u_int32_t sz;
+
+	__bt_dinit();
+
+	(void)fprintf(tracefp, "    page %d: (", h->pgno);
+#undef X
+#define	X(flag, name)							\
+	if (h->flags & flag) {						\
+		(void)fprintf(tracefp, "%s%s", sep, name);		\
+		sep = ", ";						\
+	}
+	sep = "";
+	X(P_BINTERNAL,	"BINTERNAL")		/* types */
+	X(P_BLEAF,	"BLEAF")
+	X(P_RINTERNAL,	"RINTERNAL")		/* types */
+	X(P_RLEAF,	"RLEAF")
+	X(P_OVERFLOW,	"OVERFLOW")
+	X(P_PRESERVE,	"PRESERVE");
+	(void)fprintf(tracefp, ")\n");
+#undef X
+
+	(void)fprintf(tracefp, "\tprev %2d next %2d", h->prevpg, h->nextpg);
+	if (h->flags & P_OVERFLOW) {
+		(void)fprintf(tracefp, "\n");
+		return (0);
+	}
+
+	pgsize = ((BTREE *)dbp->internal)->bt_mp->pagesize;
+	lim = (pgsize - BTDATAOFF) / sizeof(indx_t);
+	top = NEXTINDEX(h);
+	lim = top > lim ? lim : top;
+	(void)fprintf(tracefp, " lower %3d upper %3d nextind %d\n",
+	    h->lower, h->upper, top);
+	for (cur = 0; cur < lim; cur++) {
+		(void)fprintf(tracefp, "\t[%03d] %4d ", cur, h->linp[cur]);
+		switch (h->flags & P_TYPE) {
+		case P_BINTERNAL:
+			bi = GETBINTERNAL(h, cur);
+			(void)fprintf(tracefp,
+			    "size %03d pgno %03d", bi->ksize, bi->pgno);
+			if (bi->flags & P_BIGKEY)
+				(void)fprintf(tracefp, " (indirect)");
+			else if (bi->ksize)
+				(void)fprintf(tracefp,
+				    " {%.*s}", (int)bi->ksize, bi->bytes);
+			break;
+		case P_RINTERNAL:
+			ri = GETRINTERNAL(h, cur);
+			(void)fprintf(tracefp, "entries %03d pgno %03d",
+				ri->nrecs, ri->pgno);
+			break;
+		case P_BLEAF:
+			bl = GETBLEAF(h, cur);
+			if (bl->flags & P_BIGKEY) {
+				memcpy(&pgno, bl->bytes, sizeof(pgno));
+				memcpy(&sz, bl->bytes + sizeof(pgno),
+				       sizeof(sz));
+				(void)fprintf(tracefp,
+					      "big key page %lu size %u/",
+					      (u_long)pgno, sz);
+			} else if (bl->ksize)
+				(void)fprintf(tracefp, "%.*s/",
+					      (int)bl->ksize, bl->bytes);
+			if (bl->flags & P_BIGDATA) {
+				memcpy(&pgno, bl->bytes + bl->ksize,
+				       sizeof(pgno));
+				memcpy(&sz, bl->bytes + bl->ksize +
+				       sizeof(pgno), sizeof(sz));
+				(void)fprintf(tracefp,
+					      "big data page %lu size %u",
+					      (u_long)pgno, sz);
+			} else if (bl->dsize)
+				(void)fprintf(tracefp, "%.*s",
+				    (int)bl->dsize, bl->bytes + bl->ksize);
+			break;
+		case P_RLEAF:
+			rl = GETRLEAF(h, cur);
+			if (rl->flags & P_BIGDATA) {
+				memcpy(&pgno, rl->bytes, sizeof(pgno));
+				memcpy(&sz, rl->bytes + sizeof(pgno),
+				       sizeof(sz));
+				(void)fprintf(tracefp,
+					      "big data page %lu size %u",
+					      (u_long)pgno, sz);
+			} else if (rl->dsize)
+				(void)fprintf(tracefp,
+				    "%.*s", (int)rl->dsize, rl->bytes);
+			break;
+		}
+		(void)fprintf(tracefp, "\n");
+	}
+	(void)fflush(tracefp);
+	return (0);
+}
+#else
+int
+__bt_dump(DB *dbp)
+{
+	return (0);
+}
+int
+__bt_dmpage(PAGE *h)
+{
+	return (0);
+}
+int
+__bt_dnpage(DB *dbp, db_pgno_t pgno)
+{
+	return (0);
+}
+int
+__bt_dpage(DB *dbp, PAGE *h)
+{
+	return (0);
+}
+#endif
+
+#ifdef STATISTICS
+/*
+ * bt_stat --
+ *	Gather/print the tree statistics
+ *
+ * Parameters:
+ *	dbp:	pointer to the DB
+ */
+int
+__bt_stat(dbp)
+	DB *dbp;
+{
+	extern u_long bt_cache_hit, bt_cache_miss, bt_pfxsaved, bt_rootsplit;
+	extern u_long bt_sortsplit, bt_split;
+	BTREE *t;
+	PAGE *h;
+	db_pgno_t i, pcont, pinternal, pleaf;
+	u_long ifree, lfree, nkeys;
+	int levels;
+
+	__bt_dinit();
+
+	t = dbp->internal;
+	pcont = pinternal = pleaf = 0;
+	nkeys = ifree = lfree = 0;
+	for (i = P_ROOT; i < t->bt_mp->npages &&
+	    (h = mpool_get(t->bt_mp, i, MPOOL_IGNOREPIN)) != NULL; ++i)
+		switch (h->flags & P_TYPE) {
+		case P_BINTERNAL:
+		case P_RINTERNAL:
+			++pinternal;
+			ifree += h->upper - h->lower;
+			break;
+		case P_BLEAF:
+		case P_RLEAF:
+			++pleaf;
+			lfree += h->upper - h->lower;
+			nkeys += NEXTINDEX(h);
+			break;
+		case P_OVERFLOW:
+			++pcont;
+			break;
+		}
+
+	/* Count the levels of the tree. */
+	for (i = P_ROOT, levels = 0 ;; ++levels) {
+		h = mpool_get(t->bt_mp, i, MPOOL_IGNOREPIN);
+		if (h->flags & (P_BLEAF|P_RLEAF)) {
+			if (levels == 0)
+				levels = 1;
+			break;
+		}
+		i = F_ISSET(t, R_RECNO) ?
+		    GETRINTERNAL(h, 0)->pgno :
+		    GETBINTERNAL(h, 0)->pgno;
+	}
+
+	(void)fprintf(tracefp, "%d level%s with %ld keys",
+	    levels, levels == 1 ? "" : "s", nkeys);
+	if (F_ISSET(t, R_RECNO))
+		(void)fprintf(tracefp, " (%ld header count)",
+			      (long)t->bt_nrecs);
+	(void)fprintf(tracefp,
+	    "\n%lu pages (leaf %ld, internal %ld, overflow %ld)\n",
+		      (u_long)(pinternal + pleaf + pcont),
+		      (long)pleaf, (long)pinternal, (long)pcont);
+	(void)fprintf(tracefp, "%ld cache hits, %ld cache misses\n",
+	    bt_cache_hit, bt_cache_miss);
+	(void)fprintf(tracefp,
+	    "%ld splits (%ld root splits, %ld sort splits)\n",
+	    bt_split, bt_rootsplit, bt_sortsplit);
+	pleaf *= t->bt_psize - BTDATAOFF;
+	if (pleaf)
+		(void)fprintf(tracefp,
+		    "%.0f%% leaf fill (%ld bytes used, %ld bytes free)\n",
+		    ((double)(pleaf - lfree) / pleaf) * 100,
+		    pleaf - lfree, lfree);
+	pinternal *= t->bt_psize - BTDATAOFF;
+	if (pinternal)
+		(void)fprintf(tracefp,
+		    "%.0f%% internal fill (%ld bytes used, %ld bytes free)\n",
+		    ((double)(pinternal - ifree) / pinternal) * 100,
+		    pinternal - ifree, ifree);
+	if (bt_pfxsaved)
+		(void)fprintf(tracefp, "prefix checking removed %lu bytes.\n",
+		    bt_pfxsaved);
+	(void)fflush(tracefp);
+	return (0);
+}
+#else
+int
+__bt_stat(DB *dbp)
+{
+	return (0);
+}
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_delete.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_delete.c
new file mode 100644
index 00000000..28cc24d1
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_delete.c
@@ -0,0 +1,657 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_delete.c	8.13 (Berkeley) 7/28/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static int __bt_bdelete __P((BTREE *, const DBT *));
+static int __bt_curdel __P((BTREE *, const DBT *, PAGE *, u_int));
+static int __bt_pdelete __P((BTREE *, PAGE *));
+static int __bt_stkacq __P((BTREE *, PAGE **, CURSOR *));
+
+/*
+ * __bt_delete
+ *	Delete the item(s) referenced by a key.
+ *
+ * Return RET_SPECIAL if the key is not found.
+ */
+int
+__bt_delete(dbp, key, flags)
+	const DB *dbp;
+	const DBT *key;
+	u_int flags;
+{
+	BTREE *t;
+	CURSOR *c;
+	PAGE *h;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* Check for change to a read-only tree. */
+	if (F_ISSET(t, B_RDONLY)) {
+		errno = EPERM;
+		return (RET_ERROR);
+	}
+
+	switch (flags) {
+	case 0:
+		status = __bt_bdelete(t, key);
+		break;
+	case R_CURSOR:
+		/*
+		 * If flags is R_CURSOR, delete the cursor.  Must already
+		 * have started a scan and not have already deleted it.
+		 */
+		c = &t->bt_cursor;
+		if (F_ISSET(c, CURS_INIT)) {
+			if (F_ISSET(c, CURS_ACQUIRE | CURS_AFTER | CURS_BEFORE))
+				return (RET_SPECIAL);
+			if ((h = mpool_get(t->bt_mp, c->pg.pgno, 0)) == NULL)
+				return (RET_ERROR);
+
+			/*
+			 * If the page is about to be emptied, we'll need to
+			 * delete it, which means we have to acquire a stack.
+			 */
+			if (NEXTINDEX(h) == 1)
+				if (__bt_stkacq(t, &h, &t->bt_cursor))
+					return (RET_ERROR);
+
+			status = __bt_dleaf(t, NULL, h, c->pg.index);
+
+			if (NEXTINDEX(h) == 0 && status == RET_SUCCESS) {
+				if (__bt_pdelete(t, h))
+					return (RET_ERROR);
+			} else
+				mpool_put(t->bt_mp,
+				    h, status == RET_SUCCESS ? MPOOL_DIRTY : 0);
+			break;
+		}
+		/* FALLTHROUGH */
+	default:
+		errno = EINVAL;
+		return (RET_ERROR);
+	}
+	if (status == RET_SUCCESS)
+		F_SET(t, B_MODIFIED);
+	return (status);
+}
+
+/*
+ * __bt_stkacq --
+ *	Acquire a stack so we can delete a cursor entry.
+ *
+ * Parameters:
+ *	  t:	tree
+ *	 hp:	pointer to current, pinned PAGE pointer
+ *	  c:	pointer to the cursor
+ *
+ * Returns:
+ *	0 on success, 1 on failure
+ */
+static int
+__bt_stkacq(t, hp, c)
+	BTREE *t;
+	PAGE **hp;
+	CURSOR *c;
+{
+	BINTERNAL *bi;
+	EPG *e;
+	EPGNO *parent;
+	PAGE *h;
+	indx_t idx = 0;
+	db_pgno_t pgno;
+	recno_t nextpg, prevpg;
+	int exact;
+	unsigned int level;
+
+	/*
+	 * Find the first occurrence of the key in the tree.  Toss the
+	 * currently locked page so we don't hit an already-locked page.
+	 */
+	h = *hp;
+	mpool_put(t->bt_mp, h, 0);
+	if ((e = __bt_search(t, &c->key, &exact)) == NULL)
+		return (1);
+	h = e->page;
+
+	/* See if we got it in one shot. */
+	if (h->pgno == c->pg.pgno)
+		goto ret;
+
+	/*
+	 * Move right, looking for the page.  At each move we have to move
+	 * up the stack until we don't have to move to the next page.  If
+	 * we have to change pages at an internal level, we have to fix the
+	 * stack back up.
+	 */
+	while (h->pgno != c->pg.pgno) {
+		if ((nextpg = h->nextpg) == P_INVALID)
+			break;
+		mpool_put(t->bt_mp, h, 0);
+
+		/* Move up the stack. */
+		for (level = 0; (parent = BT_POP(t)) != NULL; ++level) {
+			/* Get the parent page. */
+			if ((h = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+				return (1);
+
+			/* Move to the next index. */
+			if (parent->index != NEXTINDEX(h) - 1) {
+				idx = parent->index + 1;
+				BT_PUSH(t, h->pgno, idx);
+				break;
+			}
+			mpool_put(t->bt_mp, h, 0);
+		}
+
+		/* Restore the stack. */
+		while (level--) {
+			/* Push the next level down onto the stack. */
+			bi = GETBINTERNAL(h, idx);
+			pgno = bi->pgno;
+			BT_PUSH(t, pgno, 0);
+
+			/* Lose the currently pinned page. */
+			mpool_put(t->bt_mp, h, 0);
+
+			/* Get the next level down. */
+			if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
+				return (1);
+			idx = 0;
+		}
+		mpool_put(t->bt_mp, h, 0);
+		if ((h = mpool_get(t->bt_mp, nextpg, 0)) == NULL)
+			return (1);
+	}
+
+	if (h->pgno == c->pg.pgno)
+		goto ret;
+
+	/* Reacquire the original stack. */
+	mpool_put(t->bt_mp, h, 0);
+	if ((e = __bt_search(t, &c->key, &exact)) == NULL)
+		return (1);
+	h = e->page;
+
+	/*
+	 * Move left, looking for the page.  At each move we have to move
+	 * up the stack until we don't have to change pages to move to the
+	 * next page.  If we have to change pages at an internal level, we
+	 * have to fix the stack back up.
+	 */
+	while (h->pgno != c->pg.pgno) {
+		if ((prevpg = h->prevpg) == P_INVALID)
+			break;
+		mpool_put(t->bt_mp, h, 0);
+
+		/* Move up the stack. */
+		for (level = 0; (parent = BT_POP(t)) != NULL; ++level) {
+			/* Get the parent page. */
+			if ((h = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+				return (1);
+
+			/* Move to the next index. */
+			if (parent->index != 0) {
+				idx = parent->index - 1;
+				BT_PUSH(t, h->pgno, idx);
+				break;
+			}
+			mpool_put(t->bt_mp, h, 0);
+		}
+
+		/* Restore the stack. */
+		while (level--) {
+			/* Push the next level down onto the stack. */
+			bi = GETBINTERNAL(h, idx);
+			pgno = bi->pgno;
+
+			/* Lose the currently pinned page. */
+			mpool_put(t->bt_mp, h, 0);
+
+			/* Get the next level down. */
+			if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
+				return (1);
+
+			idx = NEXTINDEX(h) - 1;
+			BT_PUSH(t, pgno, idx);
+		}
+		mpool_put(t->bt_mp, h, 0);
+		if ((h = mpool_get(t->bt_mp, prevpg, 0)) == NULL)
+			return (1);
+	}
+
+
+ret:	mpool_put(t->bt_mp, h, 0);
+	return ((*hp = mpool_get(t->bt_mp, c->pg.pgno, 0)) == NULL);
+}
+
+/*
+ * __bt_bdelete --
+ *	Delete all key/data pairs matching the specified key.
+ *
+ * Parameters:
+ *	  t:	tree
+ *	key:	key to delete
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found.
+ */
+static int
+__bt_bdelete(t, key)
+	BTREE *t;
+	const DBT *key;
+{
+	EPG *e;
+	PAGE *h;
+	int deleted, exact, redo;
+
+	deleted = 0;
+
+	/* Find any matching record; __bt_search pins the page. */
+loop:	if ((e = __bt_search(t, key, &exact)) == NULL)
+		return (deleted ? RET_SUCCESS : RET_ERROR);
+	if (!exact) {
+		mpool_put(t->bt_mp, e->page, 0);
+		return (deleted ? RET_SUCCESS : RET_SPECIAL);
+	}
+
+	/*
+	 * Delete forward, then delete backward, from the found key.  If
+	 * there are duplicates and we reach either side of the page, do
+	 * the key search again, so that we get them all.
+	 */
+	redo = 0;
+	h = e->page;
+	do {
+		if (__bt_dleaf(t, key, h, e->index)) {
+			mpool_put(t->bt_mp, h, 0);
+			return (RET_ERROR);
+		}
+		if (F_ISSET(t, B_NODUPS)) {
+			if (NEXTINDEX(h) == 0) {
+				if (__bt_pdelete(t, h))
+					return (RET_ERROR);
+			} else
+				mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+			return (RET_SUCCESS);
+		}
+		deleted = 1;
+	} while (e->index < NEXTINDEX(h) && __bt_cmp(t, key, e) == 0);
+
+	/* Check for right-hand edge of the page. */
+	if (e->index == NEXTINDEX(h))
+		redo = 1;
+
+	/* Delete from the key to the beginning of the page. */
+	while (e->index-- > 0) {
+		if (__bt_cmp(t, key, e) != 0)
+			break;
+		if (__bt_dleaf(t, key, h, e->index) == RET_ERROR) {
+			mpool_put(t->bt_mp, h, 0);
+			return (RET_ERROR);
+		}
+		if (e->index == 0)
+			redo = 1;
+	}
+
+	/* Check for an empty page. */
+	if (NEXTINDEX(h) == 0) {
+		if (__bt_pdelete(t, h))
+			return (RET_ERROR);
+		goto loop;
+	}
+
+	/* Put the page. */
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+
+	if (redo)
+		goto loop;
+	return (RET_SUCCESS);
+}
+
+/*
+ * __bt_pdelete --
+ *	Delete a single page from the tree.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	leaf page
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ *
+ * Side-effects:
+ *	mpool_put's the page
+ */
+static int
+__bt_pdelete(t, h)
+	BTREE *t;
+	PAGE *h;
+{
+	BINTERNAL *bi;
+	PAGE *pg;
+	EPGNO *parent;
+	indx_t cnt, idx, *ip, offset;
+	u_int32_t nksize;
+	char *from;
+
+	/*
+	 * Walk the parent page stack -- a LIFO stack of the pages that were
+	 * traversed when we searched for the page where the delete occurred.
+	 * Each stack entry is a page number and a page index offset.  The
+	 * offset is for the page traversed on the search.  We've just deleted
+	 * a page, so we have to delete the key from the parent page.
+	 *
+	 * If the delete from the parent page makes it empty, this process may
+	 * continue all the way up the tree.  We stop if we reach the root page
+	 * (which is never deleted, it's just not worth the effort) or if the
+	 * delete does not empty the page.
+	 */
+	while ((parent = BT_POP(t)) != NULL) {
+		/* Get the parent page. */
+		if ((pg = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+			return (RET_ERROR);
+
+		idx = parent->index;
+		bi = GETBINTERNAL(pg, idx);
+
+		/* Free any overflow pages. */
+		if (bi->flags & P_BIGKEY &&
+		    __ovfl_delete(t, bi->bytes) == RET_ERROR) {
+			mpool_put(t->bt_mp, pg, 0);
+			return (RET_ERROR);
+		}
+
+		/*
+		 * Free the parent if it has only the one key and it's not the
+		 * root page. If it's the rootpage, turn it back into an empty
+		 * leaf page.
+		 */
+		if (NEXTINDEX(pg) == 1)
+			if (pg->pgno == P_ROOT) {
+				pg->lower = BTDATAOFF;
+				pg->upper = t->bt_psize;
+				pg->flags = P_BLEAF;
+			} else {
+				if (__bt_relink(t, pg) || __bt_free(t, pg))
+					return (RET_ERROR);
+				continue;
+			}
+		else {
+			/* Pack remaining key items at the end of the page. */
+			nksize = NBINTERNAL(bi->ksize);
+			from = (char *)pg + pg->upper;
+			memmove(from + nksize, from, (char *)bi - from);
+			pg->upper += nksize;
+
+			/* Adjust indices' offsets, shift the indices down. */
+			offset = pg->linp[idx];
+			for (cnt = idx, ip = &pg->linp[0]; cnt--; ++ip)
+				if (ip[0] < offset)
+					ip[0] += nksize;
+			for (cnt = NEXTINDEX(pg) - idx; --cnt; ++ip)
+				ip[0] = ip[1] < offset ? ip[1] + nksize : ip[1];
+			pg->lower -= sizeof(indx_t);
+		}
+
+		mpool_put(t->bt_mp, pg, MPOOL_DIRTY);
+		break;
+	}
+
+	/* Free the leaf page, as long as it wasn't the root. */
+	if (h->pgno == P_ROOT) {
+		mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+		return (RET_SUCCESS);
+	}
+	return (__bt_relink(t, h) || __bt_free(t, h));
+}
+
+/*
+ * __bt_dleaf --
+ *	Delete a single record from a leaf page.
+ *
+ * Parameters:
+ *	t:	tree
+ *    key:	referenced key
+ *	h:	page
+ *	idx:	index on page to delete
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+int
+__bt_dleaf(t, key, h, idx)
+	BTREE *t;
+	const DBT *key;
+	PAGE *h;
+	u_int idx;
+{
+	BLEAF *bl;
+	indx_t cnt, *ip, offset;
+	u_int32_t nbytes;
+	void *to;
+	char *from;
+
+	/* If this record is referenced by the cursor, delete the cursor. */
+	if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
+	    !F_ISSET(&t->bt_cursor, CURS_ACQUIRE) &&
+	    t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index == idx &&
+	    __bt_curdel(t, key, h, idx))
+		return (RET_ERROR);
+
+	/* If the entry uses overflow pages, make them available for reuse. */
+	to = bl = GETBLEAF(h, idx);
+	if (bl->flags & P_BIGKEY && __ovfl_delete(t, bl->bytes) == RET_ERROR)
+		return (RET_ERROR);
+	if (bl->flags & P_BIGDATA &&
+	    __ovfl_delete(t, bl->bytes + bl->ksize) == RET_ERROR)
+		return (RET_ERROR);
+
+	/* Pack the remaining key/data items at the end of the page. */
+	nbytes = NBLEAF(bl);
+	from = (char *)h + h->upper;
+	memmove(from + nbytes, from, (char *)to - from);
+	h->upper += nbytes;
+
+	/* Adjust the indices' offsets, shift the indices down. */
+	offset = h->linp[idx];
+	for (cnt = idx, ip = &h->linp[0]; cnt--; ++ip)
+		if (ip[0] < offset)
+			ip[0] += nbytes;
+	for (cnt = NEXTINDEX(h) - idx; --cnt; ++ip)
+		ip[0] = ip[1] < offset ? ip[1] + nbytes : ip[1];
+	h->lower -= sizeof(indx_t);
+
+	/* If the cursor is on this page, adjust it as necessary. */
+	if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
+	    !F_ISSET(&t->bt_cursor, CURS_ACQUIRE) &&
+	    t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index > idx)
+		--t->bt_cursor.pg.index;
+
+	return (RET_SUCCESS);
+}
+
+/*
+ * __bt_curdel --
+ *	Delete the cursor.
+ *
+ * Parameters:
+ *	t:	tree
+ *    key:	referenced key (or NULL)
+ *	h:	page
+ *  idx:	idx on page to delete
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+static int
+__bt_curdel(t, key, h, idx)
+	BTREE *t;
+	const DBT *key;
+	PAGE *h;
+	u_int idx;
+{
+	CURSOR *c;
+	EPG e;
+	PAGE *pg;
+	int curcopy, status;
+
+	/*
+	 * If there are duplicates, move forward or backward to one.
+	 * Otherwise, copy the key into the cursor area.
+	 */
+	c = &t->bt_cursor;
+	F_CLR(c, CURS_AFTER | CURS_BEFORE | CURS_ACQUIRE);
+
+	curcopy = 0;
+	if (!F_ISSET(t, B_NODUPS)) {
+		/*
+		 * We're going to have to do comparisons.  If we weren't
+		 * provided a copy of the key, i.e. the user is deleting
+		 * the current cursor position, get one.
+		 */
+		if (key == NULL) {
+			e.page = h;
+			e.index = idx;
+			if ((status = __bt_ret(t, &e,
+			    &c->key, &c->key, NULL, NULL, 1)) != RET_SUCCESS)
+				return (status);
+			curcopy = 1;
+			key = &c->key;
+		}
+		/* Check previous key, if not at the beginning of the page. */
+		if (idx > 0) {
+			e.page = h;
+			e.index = idx - 1;
+			if (__bt_cmp(t, key, &e) == 0) {
+				F_SET(c, CURS_BEFORE);
+				goto dup2;
+			}
+		}
+		/* Check next key, if not at the end of the page. */
+		if (idx < NEXTINDEX(h) - 1) {
+			e.page = h;
+			e.index = idx + 1;
+			if (__bt_cmp(t, key, &e) == 0) {
+				F_SET(c, CURS_AFTER);
+				goto dup2;
+			}
+		}
+		/* Check previous key if at the beginning of the page. */
+		if (idx == 0 && h->prevpg != P_INVALID) {
+			if ((pg = mpool_get(t->bt_mp, h->prevpg, 0)) == NULL)
+				return (RET_ERROR);
+			e.page = pg;
+			e.index = NEXTINDEX(pg) - 1;
+			if (__bt_cmp(t, key, &e) == 0) {
+				F_SET(c, CURS_BEFORE);
+				goto dup1;
+			}
+			mpool_put(t->bt_mp, pg, 0);
+		}
+		/* Check next key if at the end of the page. */
+		if (idx == NEXTINDEX(h) - 1 && h->nextpg != P_INVALID) {
+			if ((pg = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL)
+				return (RET_ERROR);
+			e.page = pg;
+			e.index = 0;
+			if (__bt_cmp(t, key, &e) == 0) {
+				F_SET(c, CURS_AFTER);
+dup1:				mpool_put(t->bt_mp, pg, 0);
+dup2:				c->pg.pgno = e.page->pgno;
+				c->pg.index = e.index;
+				return (RET_SUCCESS);
+			}
+			mpool_put(t->bt_mp, pg, 0);
+		}
+	}
+	e.page = h;
+	e.index = idx;
+	if (curcopy || (status =
+	    __bt_ret(t, &e, &c->key, &c->key, NULL, NULL, 1)) == RET_SUCCESS) {
+		F_SET(c, CURS_ACQUIRE);
+		return (RET_SUCCESS);
+	}
+	return (status);
+}
+
+/*
+ * __bt_relink --
+ *	Link around a deleted page.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	page to be deleted
+ */
+int
+__bt_relink(t, h)
+	BTREE *t;
+	PAGE *h;
+{
+	PAGE *pg;
+
+	if (h->nextpg != P_INVALID) {
+		if ((pg = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL)
+			return (RET_ERROR);
+		pg->prevpg = h->prevpg;
+		mpool_put(t->bt_mp, pg, MPOOL_DIRTY);
+	}
+	if (h->prevpg != P_INVALID) {
+		if ((pg = mpool_get(t->bt_mp, h->prevpg, 0)) == NULL)
+			return (RET_ERROR);
+		pg->nextpg = h->nextpg;
+		mpool_put(t->bt_mp, pg, MPOOL_DIRTY);
+	}
+	return (0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_get.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_get.c
new file mode 100644
index 00000000..b6318211
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_get.c
@@ -0,0 +1,105 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_get.c	8.6 (Berkeley) 7/20/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+/*
+ * __BT_GET -- Get a record from the btree.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key to find
+ *	data:	data to return
+ *	flag:	currently unused
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found.
+ */
+int
+__bt_get(dbp, key, data, flags)
+	const DB *dbp;
+	const DBT *key;
+	DBT *data;
+	u_int flags;
+{
+	BTREE *t;
+	EPG *e;
+	int exact, status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* Get currently doesn't take any flags. */
+	if (flags) {
+		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	if ((e = __bt_search(t, key, &exact)) == NULL)
+		return (RET_ERROR);
+	if (!exact) {
+		mpool_put(t->bt_mp, e->page, 0);
+		return (RET_SPECIAL);
+	}
+
+	status = __bt_ret(t, e, NULL, NULL, data, &t->bt_rdata, 0);
+
+	/*
+	 * If the user is doing concurrent access, we copied the
+	 * key/data, toss the page.
+	 */
+	if (F_ISSET(t, B_DB_LOCK))
+		mpool_put(t->bt_mp, e->page, 0);
+	else
+		t->bt_pinned = e->page;
+	return (status);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c
new file mode 100644
index 00000000..2977b17f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c
@@ -0,0 +1,480 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_open.c	8.11 (Berkeley) 11/2/95";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Implementation of btree access method for 4.4BSD.
+ *
+ * The design here was originally based on that of the btree access method
+ * used in the Postgres database system at UC Berkeley.  This implementation
+ * is wholly independent of the Postgres code.
+ */
+
+#include "k5-platform.h"
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+#ifdef DEBUG
+#undef	MINPSIZE
+#define	MINPSIZE	128
+#endif
+
+static int byteorder __P((void));
+static int nroot __P((BTREE *));
+static int tmp __P((void));
+
+/*
+ * __BT_OPEN -- Open a btree.
+ *
+ * Creates and fills a DB struct, and calls the routine that actually
+ * opens the btree.
+ *
+ * Parameters:
+ *	fname:	filename (NULL for in-memory trees)
+ *	flags:	open flag bits
+ *	mode:	open permission bits
+ *	b:	BTREEINFO pointer
+ *
+ * Returns:
+ *	NULL on failure, pointer to DB on success.
+ *
+ */
+DB *
+__bt_open(fname, flags, mode, openinfo, dflags)
+	const char *fname;
+	int flags, mode, dflags;
+	const BTREEINFO *openinfo;
+{
+	struct stat sb;
+	BTMETA m;
+	BTREE *t;
+	BTREEINFO b;
+	DB *dbp;
+	db_pgno_t ncache;
+	ssize_t nr;
+	int machine_lorder;
+
+	t = NULL;
+
+	/*
+	 * Intention is to make sure all of the user's selections are okay
+	 * here and then use them without checking.  Can't be complete, since
+	 * we don't know the right page size, lorder or flags until the backing
+	 * file is opened.  Also, the file's page size can cause the cachesize
+	 * to change.
+	 */
+	machine_lorder = byteorder();
+	if (openinfo) {
+		b = *openinfo;
+
+		/* Flags: R_DUP. */
+		if (b.flags & ~(R_DUP))
+			goto einval;
+
+		/*
+		 * Page size must be indx_t aligned and >= MINPSIZE.  Default
+		 * page size is set farther on, based on the underlying file
+		 * transfer size.
+		 */
+		if (b.psize &&
+		    (b.psize < MINPSIZE || b.psize > MAX_PAGE_OFFSET + 1 ||
+		    b.psize & (sizeof(indx_t) - 1)))
+			goto einval;
+
+		/* Minimum number of keys per page; absolute minimum is 2. */
+		if (b.minkeypage) {
+			if (b.minkeypage < 2)
+				goto einval;
+		} else
+			b.minkeypage = DEFMINKEYPAGE;
+
+		/* If no comparison, use default comparison and prefix. */
+		if (b.compare == NULL) {
+			b.compare = __bt_defcmp;
+			if (b.prefix == NULL)
+				b.prefix = __bt_defpfx;
+		}
+
+		if (b.lorder == 0)
+			b.lorder = machine_lorder;
+	} else {
+		b.compare = __bt_defcmp;
+		b.cachesize = 0;
+		b.flags = 0;
+		b.lorder = machine_lorder;
+		b.minkeypage = DEFMINKEYPAGE;
+		b.prefix = __bt_defpfx;
+		b.psize = 0;
+	}
+
+	/* Check for the ubiquitous PDP-11. */
+	if (b.lorder != DB_BIG_ENDIAN && b.lorder != DB_LITTLE_ENDIAN)
+		goto einval;
+
+	/* Allocate and initialize DB and BTREE structures. */
+	if ((t = (BTREE *)malloc(sizeof(BTREE))) == NULL)
+		goto err;
+	memset(t, 0, sizeof(BTREE));
+	t->bt_fd = -1;			/* Don't close unopened fd on error. */
+	t->bt_lorder = b.lorder;
+	t->bt_order = NOT;
+	t->bt_cmp = b.compare;
+	t->bt_pfx = b.prefix;
+	t->bt_rfd = -1;
+
+	if ((t->bt_dbp = dbp = (DB *)malloc(sizeof(DB))) == NULL)
+		goto err;
+	memset(t->bt_dbp, 0, sizeof(DB));
+	if (t->bt_lorder != machine_lorder)
+		F_SET(t, B_NEEDSWAP);
+
+	dbp->type = DB_BTREE;
+	dbp->internal = t;
+	dbp->close = __bt_close;
+	dbp->del = __bt_delete;
+	dbp->fd = __bt_fd;
+	dbp->get = __bt_get;
+	dbp->put = __bt_put;
+	dbp->seq = __bt_seq;
+	dbp->sync = __bt_sync;
+
+	/*
+	 * If no file name was supplied, this is an in-memory btree and we
+	 * open a backing temporary file.  Otherwise, it's a disk-based tree.
+	 */
+	if (fname) {
+		switch (flags & O_ACCMODE) {
+		case O_RDONLY:
+			F_SET(t, B_RDONLY);
+			break;
+		case O_RDWR:
+			break;
+		case O_WRONLY:
+		default:
+			goto einval;
+		}
+
+		if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0)
+			goto err;
+
+	} else {
+		if ((flags & O_ACCMODE) != O_RDWR)
+			goto einval;
+		if ((t->bt_fd = tmp()) == -1)
+			goto err;
+		F_SET(t, B_INMEM);
+	}
+
+	if (fcntl(t->bt_fd, F_SETFD, 1) == -1)
+		goto err;
+
+	if (fstat(t->bt_fd, &sb))
+		goto err;
+	if (sb.st_size) {
+		if ((nr = read(t->bt_fd, &m, sizeof(BTMETA))) < 0)
+			goto err;
+		if (nr != sizeof(BTMETA))
+			goto eftype;
+
+		/*
+		 * Read in the meta-data.  This can change the notion of what
+		 * the lorder, page size and flags are, and, when the page size
+		 * changes, the cachesize value can change too.  If the user
+		 * specified the wrong byte order for an existing database, we
+		 * don't bother to return an error, we just clear the NEEDSWAP
+		 * bit.
+		 */
+		if (m.magic == BTREEMAGIC)
+			F_CLR(t, B_NEEDSWAP);
+		else {
+			F_SET(t, B_NEEDSWAP);
+			M_32_SWAP(m.magic);
+			M_32_SWAP(m.version);
+			M_32_SWAP(m.psize);
+			M_32_SWAP(m.free);
+			M_32_SWAP(m.nrecs);
+			M_32_SWAP(m.flags);
+		}
+		if (m.magic != BTREEMAGIC || m.version != BTREEVERSION)
+			goto eftype;
+		if (m.psize < MINPSIZE || m.psize > MAX_PAGE_OFFSET + 1 ||
+		    m.psize & (sizeof(indx_t) - 1))
+			goto eftype;
+		if (m.flags & ~SAVEMETA)
+			goto eftype;
+		b.psize = m.psize;
+		F_SET(t, m.flags);
+		t->bt_free = m.free;
+		t->bt_nrecs = m.nrecs;
+	} else {
+		/*
+		 * Set the page size to the best value for I/O to this file.
+		 * Don't overflow the page offset type.
+		 */
+		if (b.psize == 0) {
+			b.psize = sb.st_blksize;
+			if (b.psize < MINPSIZE)
+				b.psize = MINPSIZE;
+			if (b.psize > MAX_PAGE_OFFSET + 1)
+				b.psize = MAX_PAGE_OFFSET + 1;
+		}
+
+		/* Set flag if duplicates permitted. */
+		if (!(b.flags & R_DUP))
+			F_SET(t, B_NODUPS);
+
+		t->bt_free = P_INVALID;
+		t->bt_nrecs = 0;
+		F_SET(t, B_METADIRTY);
+	}
+
+	t->bt_psize = b.psize;
+
+	/* Set the cache size; must be a multiple of the page size. */
+	if (b.cachesize && b.cachesize & (b.psize - 1))
+		b.cachesize += (~b.cachesize & (b.psize - 1)) + 1;
+	if (b.cachesize < b.psize * MINCACHE)
+		b.cachesize = b.psize * MINCACHE;
+
+	/* Calculate number of pages to cache. */
+	ncache = (b.cachesize + t->bt_psize - 1) / t->bt_psize;
+
+	/*
+	 * The btree data structure requires that at least two keys can fit on
+	 * a page, but other than that there's no fixed requirement.  The user
+	 * specified a minimum number per page, and we translated that into the
+	 * number of bytes a key/data pair can use before being placed on an
+	 * overflow page.  This calculation includes the page header, the size
+	 * of the index referencing the leaf item and the size of the leaf item
+	 * structure.  Also, don't let the user specify a minkeypage such that
+	 * a key/data pair won't fit even if both key and data are on overflow
+	 * pages.
+	 */
+	t->bt_ovflsize = (t->bt_psize - BTDATAOFF) / b.minkeypage -
+	    (sizeof(indx_t) + NBLEAFDBT(0, 0));
+	if (t->bt_ovflsize < NBLEAFDBT(NOVFLSIZE, NOVFLSIZE) + sizeof(indx_t))
+		t->bt_ovflsize =
+		    NBLEAFDBT(NOVFLSIZE, NOVFLSIZE) + sizeof(indx_t);
+
+	/* Initialize the buffer pool. */
+	if ((t->bt_mp =
+	    mpool_open(NULL, t->bt_fd, t->bt_psize, ncache)) == NULL)
+		goto err;
+	if (!F_ISSET(t, B_INMEM))
+		mpool_filter(t->bt_mp, __bt_pgin, __bt_pgout, t);
+
+	/* Create a root page if new tree. */
+	if (nroot(t) == RET_ERROR)
+		goto err;
+
+	/* Global flags. */
+	if (dflags & DB_LOCK)
+		F_SET(t, B_DB_LOCK);
+	if (dflags & DB_SHMEM)
+		F_SET(t, B_DB_SHMEM);
+	if (dflags & DB_TXN)
+		F_SET(t, B_DB_TXN);
+
+	return (dbp);
+
+einval:	errno = EINVAL;
+	goto err;
+
+eftype:	errno = EFTYPE;
+	goto err;
+
+err:	if (t) {
+		if (t->bt_dbp)
+			free(t->bt_dbp);
+		if (t->bt_fd != -1)
+			(void)close(t->bt_fd);
+		free(t);
+	}
+	return (NULL);
+}
+
+/*
+ * NROOT -- Create the root of a new tree.
+ *
+ * Parameters:
+ *	t:	tree
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+static int
+nroot(t)
+	BTREE *t;
+{
+	PAGE *meta, *root;
+	db_pgno_t npg;
+
+	if ((root = mpool_get(t->bt_mp, 1, 0)) != NULL) {
+		if (root->lower == 0 &&
+		    root->pgno == 0 &&
+		    root->linp[0] == 0) {
+			mpool_delete(t->bt_mp, root);
+			errno = EINVAL;
+		} else {
+			mpool_put(t->bt_mp, root, 0);
+			return (RET_SUCCESS);
+		}
+	}
+	if (errno != EINVAL)		/* It's OK to not exist. */
+		return (RET_ERROR);
+	errno = 0;
+
+	if ((meta = mpool_new(t->bt_mp, &npg, MPOOL_PAGE_NEXT)) == NULL)
+		return (RET_ERROR);
+
+	if ((root = mpool_new(t->bt_mp, &npg, MPOOL_PAGE_NEXT)) == NULL)
+		return (RET_ERROR);
+
+	if (npg != P_ROOT)
+		return (RET_ERROR);
+	root->pgno = npg;
+	root->prevpg = root->nextpg = P_INVALID;
+	root->lower = BTDATAOFF;
+	root->upper = t->bt_psize;
+	root->flags = P_BLEAF;
+	memset(meta, 0, t->bt_psize);
+	mpool_put(t->bt_mp, meta, MPOOL_DIRTY);
+	mpool_put(t->bt_mp, root, MPOOL_DIRTY);
+	return (RET_SUCCESS);
+}
+
+static int
+tmp()
+{
+#ifdef SIG_BLOCK
+	sigset_t set, oset;
+#else
+	int oset;
+#endif
+	int fd;
+	char *envtmp;
+	char path[MAXPATHLEN];
+	static char fn[] = "/bt.XXXXXX";
+
+	envtmp = getenv("TMPDIR");
+
+	/* this used to be done with snprintf(), but since snprintf
+	   isn't in most operating systems, and overflow checking in
+	   this case is easy, this is what is done */
+
+	if (envtmp && ((strlen(envtmp)+sizeof(fn)+1) > sizeof(path)))
+	    return(-1);
+
+	(void)snprintf(path, sizeof(path),
+		       "%s%s", (envtmp ? envtmp : "/tmp"), fn);
+
+#ifdef SIG_BLOCK
+	(void)sigfillset(&set);
+	(void)sigprocmask(SIG_BLOCK, &set, &oset);
+#else
+	oset = sigblock(~0);
+#endif
+	if ((fd = mkstemp(path)) != -1)
+		(void)unlink(path);
+	set_cloexec_fd(fd);
+#ifdef SIG_BLOCK
+	(void)sigprocmask(SIG_SETMASK, &oset, NULL);
+#else
+	sigsetmask(oset);
+#endif
+#ifdef __CYGWIN32__
+      /* Ensure the fd is in binary mode. */
+      setmode(fd, O_BINARY);
+#endif /* __CYGWIN32__ */
+
+	return(fd);
+}
+
+static int
+byteorder()
+{
+	u_int32_t x;
+	u_char *p;
+
+	x = 0x01020304;
+	p = (u_char *)&x;
+	switch (*p) {
+	case 1:
+		return (DB_BIG_ENDIAN);
+	case 4:
+		return (DB_LITTLE_ENDIAN);
+	default:
+		return (0);
+	}
+}
+
+int
+__bt_fd(dbp)
+        const DB *dbp;
+{
+	BTREE *t;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* In-memory database can't have a file descriptor. */
+	if (F_ISSET(t, B_INMEM)) {
+		errno = ENOENT;
+		return (-1);
+	}
+	return (t->bt_fd);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c
new file mode 100644
index 00000000..8b1f5979
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c
@@ -0,0 +1,228 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_overflow.c	8.5 (Berkeley) 7/16/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+/*
+ * Big key/data code.
+ *
+ * Big key and data entries are stored on linked lists of pages.  The initial
+ * reference is byte string stored with the key or data and is the page number
+ * and size.  The actual record is stored in a chain of pages linked by the
+ * nextpg field of the PAGE header.
+ *
+ * The first page of the chain has a special property.  If the record is used
+ * by an internal page, it cannot be deleted and the P_PRESERVE bit will be set
+ * in the header.
+ *
+ * XXX
+ * A single DBT is written to each chain, so a lot of space on the last page
+ * is wasted.  This is a fairly major bug for some data sets.
+ */
+
+/*
+ * __OVFL_GET -- Get an overflow key/data item.
+ *
+ * Parameters:
+ *	t:	tree
+ *	p:	pointer to { db_pgno_t, u_int32_t }
+ *	buf:	storage address
+ *	bufsz:	storage size
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__ovfl_get(t, p, ssz, buf, bufsz)
+	BTREE *t;
+	void *p;
+	size_t *ssz;
+	void **buf;
+	size_t *bufsz;
+{
+	PAGE *h;
+	db_pgno_t pg;
+	size_t nb, plen;
+	u_int32_t sz;
+
+	memmove(&pg, p, sizeof(db_pgno_t));
+	memmove(&sz, (char *)p + sizeof(db_pgno_t), sizeof(u_int32_t));
+	*ssz = sz;
+
+#ifdef DEBUG
+	if (pg == P_INVALID || sz == 0)
+		abort();
+#endif
+	/* Make the buffer bigger as necessary. */
+	if (*bufsz < sz) {
+		*buf = (char *)(*buf == NULL ? malloc(sz) : realloc(*buf, sz));
+		if (*buf == NULL)
+			return (RET_ERROR);
+		*bufsz = sz;
+	}
+
+	/*
+	 * Step through the linked list of pages, copying the data on each one
+	 * into the buffer.  Never copy more than the data's length.
+	 */
+	plen = t->bt_psize - BTDATAOFF;
+	for (p = *buf;; p = (char *)p + nb, pg = h->nextpg) {
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return (RET_ERROR);
+
+		nb = MIN(sz, plen);
+		memmove(p, (char *)h + BTDATAOFF, nb);
+		mpool_put(t->bt_mp, h, 0);
+
+		if ((sz -= nb) == 0)
+			break;
+	}
+	return (RET_SUCCESS);
+}
+
+/*
+ * __OVFL_PUT -- Store an overflow key/data item.
+ *
+ * Parameters:
+ *	t:	tree
+ *	data:	DBT to store
+ *	pgno:	storage page number
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__ovfl_put(t, dbt, pg)
+	BTREE *t;
+	const DBT *dbt;
+	db_pgno_t *pg;
+{
+	PAGE *h, *last;
+	void *p;
+	db_pgno_t npg;
+	size_t nb, plen;
+	u_int32_t sz;
+
+	/*
+	 * Allocate pages and copy the key/data record into them.  Store the
+	 * number of the first page in the chain.
+	 */
+	plen = t->bt_psize - BTDATAOFF;
+	for (last = NULL, p = dbt->data, sz = dbt->size;;
+	    p = (char *)p + plen, last = h) {
+		if ((h = __bt_new(t, &npg)) == NULL)
+			return (RET_ERROR);
+
+		h->pgno = npg;
+		h->nextpg = h->prevpg = P_INVALID;
+		h->flags = P_OVERFLOW;
+		h->lower = h->upper = 0;
+
+		nb = MIN(sz, plen);
+		memmove((char *)h + BTDATAOFF, p, nb);
+
+		if (last) {
+			last->nextpg = h->pgno;
+			mpool_put(t->bt_mp, last, MPOOL_DIRTY);
+		} else
+			*pg = h->pgno;
+
+		if ((sz -= nb) == 0) {
+			mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+			break;
+		}
+	}
+	return (RET_SUCCESS);
+}
+
+/*
+ * __OVFL_DELETE -- Delete an overflow chain.
+ *
+ * Parameters:
+ *	t:	tree
+ *	p:	pointer to { db_pgno_t, u_int32_t }
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__ovfl_delete(t, p)
+	BTREE *t;
+	void *p;
+{
+	PAGE *h;
+	db_pgno_t pg;
+	size_t plen;
+	u_int32_t sz;
+
+	memmove(&pg, p, sizeof(db_pgno_t));
+	memmove(&sz, (char *)p + sizeof(db_pgno_t), sizeof(u_int32_t));
+
+#ifdef DEBUG
+	if (pg == P_INVALID || sz == 0)
+		abort();
+#endif
+	if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+		return (RET_ERROR);
+
+	/* Don't delete chains used by internal pages. */
+	if (h->flags & P_PRESERVE) {
+		mpool_put(t->bt_mp, h, 0);
+		return (RET_SUCCESS);
+	}
+
+	/* Step through the chain, calling the free routine for each page. */
+	for (plen = t->bt_psize - BTDATAOFF;; sz -= plen) {
+		pg = h->nextpg;
+		__bt_free(t, h);
+		if (sz <= plen)
+			break;
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return (RET_ERROR);
+	}
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_page.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_page.c
new file mode 100644
index 00000000..3663cf7f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_page.c
@@ -0,0 +1,100 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_page.c	8.4 (Berkeley) 11/2/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <stdio.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+/*
+ * __bt_free --
+ *	Put a page on the freelist.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	page to free
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ *
+ * Side-effect:
+ *	mpool_put's the page.
+ */
+int
+__bt_free(t, h)
+	BTREE *t;
+	PAGE *h;
+{
+	/* Insert the page at the head of the free list. */
+	h->prevpg = P_INVALID;
+	h->nextpg = t->bt_free;
+	t->bt_free = h->pgno;
+	F_SET(t, B_METADIRTY);
+
+	/* Make sure the page gets written back. */
+	return (mpool_put(t->bt_mp, h, MPOOL_DIRTY));
+}
+
+/*
+ * __bt_new --
+ *	Get a new page, preferably from the freelist.
+ *
+ * Parameters:
+ *	t:	tree
+ *	npg:	storage for page number.
+ *
+ * Returns:
+ *	Pointer to a page, NULL on error.
+ */
+PAGE *
+__bt_new(t, npg)
+	BTREE *t;
+	db_pgno_t *npg;
+{
+	PAGE *h;
+
+	if (t->bt_free != P_INVALID &&
+	    (h = mpool_get(t->bt_mp, t->bt_free, 0)) != NULL) {
+		*npg = t->bt_free;
+		t->bt_free = h->nextpg;
+		F_SET(t, B_METADIRTY);
+		return (h);
+	}
+	return (mpool_new(t->bt_mp, npg, MPOOL_PAGE_NEXT));
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_put.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_put.c
new file mode 100644
index 00000000..7d659284
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_put.c
@@ -0,0 +1,329 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_put.c	8.8 (Berkeley) 7/26/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static EPG *bt_fast __P((BTREE *, const DBT *, const DBT *, int *));
+
+/*
+ * __BT_PUT -- Add a btree item to the tree.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key
+ *	data:	data
+ *	flag:	R_NOOVERWRITE
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key is already in the
+ *	tree and R_NOOVERWRITE specified.
+ */
+int
+__bt_put(dbp, key, data, flags)
+	const DB *dbp;
+	DBT *key;
+	const DBT *data;
+	u_int flags;
+{
+	BTREE *t;
+	DBT tkey, tdata;
+	EPG *e = 0;
+	PAGE *h;
+	indx_t idx, nxtindex;
+	db_pgno_t pg;
+	u_int32_t nbytes;
+	int dflags, exact, status;
+	char *dest, db[NOVFLSIZE], kb[NOVFLSIZE];
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* Check for change to a read-only tree. */
+	if (F_ISSET(t, B_RDONLY)) {
+		errno = EPERM;
+		return (RET_ERROR);
+	}
+
+	switch (flags) {
+	case 0:
+	case R_NOOVERWRITE:
+		break;
+	case R_CURSOR:
+		/*
+		 * If flags is R_CURSOR, put the cursor.  Must already
+		 * have started a scan and not have already deleted it.
+		 */
+		if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
+		    !F_ISSET(&t->bt_cursor,
+		        CURS_ACQUIRE | CURS_AFTER | CURS_BEFORE))
+			break;
+		/* FALLTHROUGH */
+	default:
+		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	/*
+	 * If the key/data pair won't fit on a page, store it on overflow
+	 * pages.  Only put the key on the overflow page if the pair are
+	 * still too big after moving the data to an overflow page.
+	 *
+	 * XXX
+	 * If the insert fails later on, the overflow pages aren't recovered.
+	 */
+	dflags = 0;
+	if (key->size + data->size > t->bt_ovflsize) {
+		if (key->size > t->bt_ovflsize) {
+			u_int32_t yuck_this_is_gross_code;
+storekey:		if (__ovfl_put(t, key, &pg) == RET_ERROR)
+				return (RET_ERROR);
+			tkey.data = kb;
+			tkey.size = NOVFLSIZE;
+			memmove(kb, &pg, sizeof(db_pgno_t));
+			yuck_this_is_gross_code = key->size;
+			if (yuck_this_is_gross_code != key->size)
+				abort ();
+			memmove(kb + sizeof(db_pgno_t),
+				&yuck_this_is_gross_code, sizeof(u_int32_t));
+			dflags |= P_BIGKEY;
+			key = &tkey;
+		}
+		if (key->size + data->size > t->bt_ovflsize) {
+			u_int32_t yuck_this_is_gross_code = data->size;
+			if (__ovfl_put(t, data, &pg) == RET_ERROR)
+				return (RET_ERROR);
+			tdata.data = db;
+			tdata.size = NOVFLSIZE;
+			memmove(db, &pg, sizeof(db_pgno_t));
+			if (yuck_this_is_gross_code != data->size)
+				abort ();
+			memmove(db + sizeof(db_pgno_t),
+				&yuck_this_is_gross_code, sizeof(u_int32_t));
+			dflags |= P_BIGDATA;
+			data = &tdata;
+		}
+		if (key->size + data->size > t->bt_ovflsize)
+			goto storekey;
+	}
+
+	/* Replace the cursor. */
+	if (flags == R_CURSOR) {
+		if ((h = mpool_get(t->bt_mp, t->bt_cursor.pg.pgno, 0)) == NULL)
+			return (RET_ERROR);
+		idx = t->bt_cursor.pg.index;
+		goto delete;
+	}
+
+	/*
+	 * Find the key to delete, or, the location at which to insert.
+	 * Bt_fast and __bt_search both pin the returned page.
+	 */
+	if (t->bt_order == NOT || (e = bt_fast(t, key, data, &exact)) == NULL)
+		if ((e = __bt_search(t, key, &exact)) == NULL)
+			return (RET_ERROR);
+	h = e->page;
+	idx = e->index;
+
+	/*
+	 * Add the key/data pair to the tree.  If an identical key is already
+	 * in the tree, and R_NOOVERWRITE is set, an error is returned.  If
+	 * R_NOOVERWRITE is not set, the key is either added (if duplicates are
+	 * permitted) or an error is returned.
+	 */
+	switch (flags) {
+	case R_NOOVERWRITE:
+		if (!exact)
+			break;
+		mpool_put(t->bt_mp, h, 0);
+		return (RET_SPECIAL);
+	default:
+		if (!exact || !F_ISSET(t, B_NODUPS))
+			break;
+		/*
+		 * !!!
+		 * Note, the delete may empty the page, so we need to put a
+		 * new entry into the page immediately.
+		 */
+delete:		if (__bt_dleaf(t, key, h, idx) == RET_ERROR) {
+			mpool_put(t->bt_mp, h, 0);
+			return (RET_ERROR);
+		}
+		break;
+	}
+
+	/*
+	 * If not enough room, or the user has put a ceiling on the number of
+	 * keys permitted in the page, split the page.  The split code will
+	 * insert the key and data and unpin the current page.  If inserting
+	 * into the offset array, shift the pointers up.
+	 */
+	nbytes = NBLEAFDBT(key->size, data->size);
+	if ((u_int32_t)h->upper - (u_int32_t)h->lower
+	    < nbytes + sizeof(indx_t)) {
+		if ((status = __bt_split(t, h, key,
+		    data, dflags, nbytes, idx)) != RET_SUCCESS)
+			return (status);
+		goto success;
+	}
+
+	if (idx < (nxtindex = NEXTINDEX(h)))
+		memmove(h->linp + idx + 1, h->linp + idx,
+		    (nxtindex - idx) * sizeof(indx_t));
+	h->lower += sizeof(indx_t);
+
+	h->linp[idx] = h->upper -= nbytes;
+	dest = (char *)h + h->upper;
+	WR_BLEAF(dest, key, data, dflags);
+
+	/* If the cursor is on this page, adjust it as necessary. */
+	if (F_ISSET(&t->bt_cursor, CURS_INIT) &&
+	    !F_ISSET(&t->bt_cursor, CURS_ACQUIRE) &&
+	    t->bt_cursor.pg.pgno == h->pgno && t->bt_cursor.pg.index >= idx)
+		++t->bt_cursor.pg.index;
+
+	if (t->bt_order == NOT) {
+		if (h->nextpg == P_INVALID) {
+			if (idx == NEXTINDEX(h) - 1) {
+				t->bt_order = FORWARD;
+				t->bt_last.index = idx;
+				t->bt_last.pgno = h->pgno;
+			}
+		} else if (h->prevpg == P_INVALID) {
+			if (idx == 0) {
+				t->bt_order = BACK;
+				t->bt_last.index = 0;
+				t->bt_last.pgno = h->pgno;
+			}
+		}
+	}
+
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+
+success:
+	if (flags == R_SETCURSOR)
+		__bt_setcur(t, e->page->pgno, e->index);
+
+	F_SET(t, B_MODIFIED);
+	return (RET_SUCCESS);
+}
+
+#ifdef STATISTICS
+u_long bt_cache_hit, bt_cache_miss;
+#endif
+
+/*
+ * BT_FAST -- Do a quick check for sorted data.
+ *
+ * Parameters:
+ *	t:	tree
+ *	key:	key to insert
+ *
+ * Returns:
+ * 	EPG for new record or NULL if not found.
+ */
+static EPG *
+bt_fast(t, key, data, exactp)
+	BTREE *t;
+	const DBT *key, *data;
+	int *exactp;
+{
+	PAGE *h;
+	u_int32_t nbytes;
+	int cmp;
+
+	if ((h = mpool_get(t->bt_mp, t->bt_last.pgno, 0)) == NULL) {
+		t->bt_order = NOT;
+		return (NULL);
+	}
+	t->bt_cur.page = h;
+	t->bt_cur.index = t->bt_last.index;
+
+	/*
+	 * If won't fit in this page or have too many keys in this page,
+	 * have to search to get split stack.
+	 */
+	nbytes = NBLEAFDBT(key->size, data->size);
+	if ((u_int32_t)h->upper - (u_int32_t)h->lower < nbytes + sizeof(indx_t))
+		goto miss;
+
+	if (t->bt_order == FORWARD) {
+		if (t->bt_cur.page->nextpg != P_INVALID)
+			goto miss;
+		if (t->bt_cur.index != NEXTINDEX(h) - 1)
+			goto miss;
+		if ((cmp = __bt_cmp(t, key, &t->bt_cur)) < 0)
+			goto miss;
+		t->bt_last.index = cmp ? ++t->bt_cur.index : t->bt_cur.index;
+	} else {
+		if (t->bt_cur.page->prevpg != P_INVALID)
+			goto miss;
+		if (t->bt_cur.index != 0)
+			goto miss;
+		if ((cmp = __bt_cmp(t, key, &t->bt_cur)) > 0)
+			goto miss;
+		t->bt_last.index = 0;
+	}
+	*exactp = cmp == 0;
+#ifdef STATISTICS
+	++bt_cache_hit;
+#endif
+	return (&t->bt_cur);
+
+miss:
+#ifdef STATISTICS
+	++bt_cache_miss;
+#endif
+	t->bt_order = NOT;
+	mpool_put(t->bt_mp, h, 0);
+	return (NULL);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_search.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_search.c
new file mode 100644
index 00000000..c633d14d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_search.c
@@ -0,0 +1,297 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_search.c	8.9 (Berkeley) 10/26/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <stdio.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static int __bt_snext __P((BTREE *, PAGE *, const DBT *, int *));
+static int __bt_sprev __P((BTREE *, PAGE *, const DBT *, int *));
+
+/*
+ * __bt_search --
+ *	Search a btree for a key.
+ *
+ * Parameters:
+ *	t:	tree to search
+ *	key:	key to find
+ *	exactp:	pointer to exact match flag
+ *
+ * Returns:
+ *	The EPG for matching record, if any, or the EPG for the location
+ *	of the key, if it were inserted into the tree, is entered into
+ *	the bt_cur field of the tree.  A pointer to the field is returned.
+ */
+EPG *
+__bt_search(t, key, exactp)
+	BTREE *t;
+	const DBT *key;
+	int *exactp;
+{
+	PAGE *h;
+	indx_t base, idx, lim;
+	db_pgno_t pg;
+	int cmp;
+
+	BT_CLR(t);
+	for (pg = P_ROOT;;) {
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return (NULL);
+
+		/* Do a binary search on the current page. */
+		t->bt_cur.page = h;
+		for (base = 0, lim = NEXTINDEX(h); lim; lim >>= 1) {
+			t->bt_cur.index = idx = base + (lim >> 1);
+			if ((cmp = __bt_cmp(t, key, &t->bt_cur)) == 0) {
+				if (h->flags & P_BLEAF) {
+					*exactp = 1;
+					return (&t->bt_cur);
+				}
+				goto next;
+			}
+			if (cmp > 0) {
+				base = idx + 1;
+				--lim;
+			}
+		}
+
+		/*
+		 * If it's a leaf page, we're almost done.  If no duplicates
+		 * are allowed, or we have an exact match, we're done.  Else,
+		 * it's possible that there were matching keys on this page,
+		 * which later deleted, and we're on a page with no matches
+		 * while there are matches on other pages.  If at the start or
+		 * end of a page, check the adjacent page.
+		 */
+		if (h->flags & P_BLEAF) {
+			if (!F_ISSET(t, B_NODUPS)) {
+				if (base == 0 &&
+				    h->prevpg != P_INVALID &&
+				    __bt_sprev(t, h, key, exactp))
+					return (&t->bt_cur);
+				if (base == NEXTINDEX(h) &&
+				    h->nextpg != P_INVALID &&
+				    __bt_snext(t, h, key, exactp))
+					return (&t->bt_cur);
+			}
+			*exactp = 0;
+			t->bt_cur.index = base;
+			return (&t->bt_cur);
+		}
+
+		/*
+		 * No match found.  Base is the smallest index greater than
+		 * key and may be zero or a last + 1 index.  If it's non-zero,
+		 * decrement by one, and record the internal page which should
+		 * be a parent page for the key.  If a split later occurs, the
+		 * inserted page will be to the right of the saved page.
+		 */
+		idx = base ? base - 1 : base;
+
+next:		BT_PUSH(t, h->pgno, idx);
+		pg = GETBINTERNAL(h, idx)->pgno;
+		mpool_put(t->bt_mp, h, 0);
+	}
+}
+
+/*
+ * __bt_snext --
+ *	Check for an exact match after the key.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	current page
+ *	key:	key
+ *	exactp:	pointer to exact match flag
+ *
+ * Returns:
+ *	If an exact match found.
+ */
+static int
+__bt_snext(t, h, key, exactp)
+	BTREE *t;
+	PAGE *h;
+	const DBT *key;
+	int *exactp;
+{
+	BINTERNAL *bi;
+	EPG e;
+	EPGNO *parent;
+	indx_t idx = 0;
+	db_pgno_t pgno;
+	unsigned int level;
+
+	/*
+	 * Get the next page.  The key is either an exact
+	 * match, or not as good as the one we already have.
+	 */
+	if ((e.page = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL)
+		return (0);
+	e.index = 0;
+	if (__bt_cmp(t, key, &e) != 0) {
+		mpool_put(t->bt_mp, e.page, 0);
+		return (0);
+	}
+	mpool_put(t->bt_mp, h, 0);
+	t->bt_cur = e;
+	*exactp = 1;
+
+	/*
+	 * Adjust the stack for the movement.
+	 *
+	 * Move up the stack.
+	 */
+	for (level = 0; (parent = BT_POP(t)) != NULL; ++level) {
+		/* Get the parent page. */
+		if ((h = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+			return (0);
+
+		/* Move to the next index. */
+		if (parent->index != NEXTINDEX(h) - 1) {
+			idx = parent->index + 1;
+			BT_PUSH(t, h->pgno, idx);
+			break;
+		}
+		mpool_put(t->bt_mp, h, 0);
+	}
+
+	/* Restore the stack. */
+	while (level--) {
+		/* Push the next level down onto the stack. */
+		bi = GETBINTERNAL(h, idx);
+		pgno = bi->pgno;
+		BT_PUSH(t, pgno, 0);
+
+		/* Lose the currently pinned page. */
+		mpool_put(t->bt_mp, h, 0);
+
+		/* Get the next level down. */
+		if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
+			return (0);
+		idx = 0;
+	}
+	mpool_put(t->bt_mp, h, 0);
+	return (1);
+}
+
+/*
+ * __bt_sprev --
+ *	Check for an exact match before the key.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	current page
+ *	key:	key
+ *	exactp:	pointer to exact match flag
+ *
+ * Returns:
+ *	If an exact match found.
+ */
+static int
+__bt_sprev(t, h, key, exactp)
+	BTREE *t;
+	PAGE *h;
+	const DBT *key;
+	int *exactp;
+{
+	BINTERNAL *bi;
+	EPG e;
+	EPGNO *parent;
+	indx_t idx = 0;
+	db_pgno_t pgno;
+	unsigned int level;
+
+	/*
+	 * Get the previous page.  The key is either an exact
+	 * match, or not as good as the one we already have.
+	 */
+	if ((e.page = mpool_get(t->bt_mp, h->prevpg, 0)) == NULL)
+		return (0);
+	e.index = NEXTINDEX(e.page) - 1;
+	if (__bt_cmp(t, key, &e) != 0) {
+		mpool_put(t->bt_mp, e.page, 0);
+		return (0);
+	}
+
+	mpool_put(t->bt_mp, h, 0);
+	t->bt_cur = e;
+	*exactp = 1;
+
+	/*
+	 * Adjust the stack for the movement.
+	 *
+	 * Move up the stack.
+	 */
+	for (level = 0; (parent = BT_POP(t)) != NULL; ++level) {
+		/* Get the parent page. */
+		if ((h = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+			return (1);
+
+		/* Move to the next index. */
+		if (parent->index != 0) {
+			idx = parent->index - 1;
+			BT_PUSH(t, h->pgno, idx);
+			break;
+		}
+		mpool_put(t->bt_mp, h, 0);
+	}
+
+	/* Restore the stack. */
+	while (level--) {
+		/* Push the next level down onto the stack. */
+		bi = GETBINTERNAL(h, idx);
+		pgno = bi->pgno;
+
+		/* Lose the currently pinned page. */
+		mpool_put(t->bt_mp, h, 0);
+
+		/* Get the next level down. */
+		if ((h = mpool_get(t->bt_mp, pgno, 0)) == NULL)
+			return (1);
+
+		idx = NEXTINDEX(h) - 1;
+		BT_PUSH(t, pgno, idx);
+	}
+	mpool_put(t->bt_mp, h, 0);
+	return (1);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_seq.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
new file mode 100644
index 00000000..2c8c2de9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
@@ -0,0 +1,616 @@
+/*
+ * Copyright (C) 2002, 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_seq.c	8.9 (Berkeley) 6/20/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static int __bt_first __P((BTREE *, const DBT *, EPG *, int *));
+static int __bt_seqadv __P((BTREE *, EPG *, int));
+static int __bt_seqset __P((BTREE *, EPG *, DBT *, int));
+
+static int bt_rseq_next(BTREE *, EPG *);
+static int bt_rseq_prev(BTREE *, EPG *);
+
+/*
+ * Sequential scan support.
+ *
+ * The tree can be scanned sequentially, starting from either end of the
+ * tree or from any specific key.  A scan request before any scanning is
+ * done is initialized as starting from the least node.
+ */
+
+/*
+ * __bt_seq --
+ *	Btree sequential scan interface.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key for positioning and return value
+ *	data:	data return value
+ *	flags:	R_CURSOR, R_FIRST, R_LAST, R_NEXT, R_PREV.
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key.
+ */
+int
+__bt_seq(dbp, key, data, flags)
+	const DB *dbp;
+	DBT *key, *data;
+	u_int flags;
+{
+	BTREE *t;
+	EPG e;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/*
+	 * If scan unitialized as yet, or starting at a specific record, set
+	 * the scan to a specific key.  Both __bt_seqset and __bt_seqadv pin
+	 * the page the cursor references if they're successful.
+	 */
+	switch (flags) {
+	case R_NEXT:
+	case R_PREV:
+	case R_RNEXT:
+	case R_RPREV:
+		if (F_ISSET(&t->bt_cursor, CURS_INIT)) {
+			status = __bt_seqadv(t, &e, flags);
+			break;
+		}
+		/* FALLTHROUGH */
+	case R_FIRST:
+	case R_LAST:
+	case R_CURSOR:
+		status = __bt_seqset(t, &e, key, flags);
+		break;
+	default:
+		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	if (status == RET_SUCCESS) {
+		__bt_setcur(t, e.page->pgno, e.index);
+
+		status =
+		    __bt_ret(t, &e, key, &t->bt_rkey, data, &t->bt_rdata, 0);
+
+		/*
+		 * If the user is doing concurrent access, we copied the
+		 * key/data, toss the page.
+		 */
+		if (F_ISSET(t, B_DB_LOCK))
+			mpool_put(t->bt_mp, e.page, 0);
+		else
+			t->bt_pinned = e.page;
+	}
+	return (status);
+}
+
+/*
+ * __bt_seqset --
+ *	Set the sequential scan to a specific key.
+ *
+ * Parameters:
+ *	t:	tree
+ *	ep:	storage for returned key
+ *	key:	key for initial scan position
+ *	flags:	R_CURSOR, R_FIRST, R_LAST, R_NEXT, R_PREV
+ *
+ * Side effects:
+ *	Pins the page the cursor references.
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key.
+ */
+static int
+__bt_seqset(t, ep, key, flags)
+	BTREE *t;
+	EPG *ep;
+	DBT *key;
+	int flags;
+{
+	PAGE *h;
+	db_pgno_t pg;
+	int exact;
+
+	/*
+	 * Find the first, last or specific key in the tree and point the
+	 * cursor at it.  The cursor may not be moved until a new key has
+	 * been found.
+	 */
+	switch (flags) {
+	case R_CURSOR:				/* Keyed scan. */
+		/*
+		 * Find the first instance of the key or the smallest key
+		 * which is greater than or equal to the specified key.
+		 */
+		if (key->data == NULL || key->size == 0) {
+			errno = EINVAL;
+			return (RET_ERROR);
+		}
+		return (__bt_first(t, key, ep, &exact));
+	case R_FIRST:				/* First record. */
+	case R_NEXT:
+	case R_RNEXT:
+		BT_CLR(t);
+		/* Walk down the left-hand side of the tree. */
+		for (pg = P_ROOT;;) {
+			if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+				return (RET_ERROR);
+
+			/* Check for an empty tree. */
+			if (NEXTINDEX(h) == 0) {
+				mpool_put(t->bt_mp, h, 0);
+				return (RET_SPECIAL);
+			}
+
+			if (h->flags & (P_BLEAF | P_RLEAF))
+				break;
+			pg = GETBINTERNAL(h, 0)->pgno;
+			BT_PUSH(t, h->pgno, 0);
+			mpool_put(t->bt_mp, h, 0);
+		}
+		ep->page = h;
+		ep->index = 0;
+		break;
+	case R_LAST:				/* Last record. */
+	case R_PREV:
+	case R_RPREV:
+		BT_CLR(t);
+		/* Walk down the right-hand side of the tree. */
+		for (pg = P_ROOT;;) {
+			if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+				return (RET_ERROR);
+
+			/* Check for an empty tree. */
+			if (NEXTINDEX(h) == 0) {
+				mpool_put(t->bt_mp, h, 0);
+				return (RET_SPECIAL);
+			}
+
+			if (h->flags & (P_BLEAF | P_RLEAF))
+				break;
+			pg = GETBINTERNAL(h, NEXTINDEX(h) - 1)->pgno;
+			BT_PUSH(t, h->pgno, NEXTINDEX(h) - 1);
+			mpool_put(t->bt_mp, h, 0);
+		}
+
+		ep->page = h;
+		ep->index = NEXTINDEX(h) - 1;
+		break;
+	}
+	return (RET_SUCCESS);
+}
+
+/*
+ * __bt_seqadvance --
+ *	Advance the sequential scan.
+ *
+ * Parameters:
+ *	t:	tree
+ *	flags:	R_NEXT, R_PREV
+ *
+ * Side effects:
+ *	Pins the page the new key/data record is on.
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key.
+ */
+static int
+__bt_seqadv(t, ep, flags)
+	BTREE *t;
+	EPG *ep;
+	int flags;
+{
+	CURSOR *c;
+	PAGE *h;
+	indx_t idx = 0;
+	db_pgno_t pg;
+	int exact, rval;
+
+	/*
+	 * There are a couple of states that we can be in.  The cursor has
+	 * been initialized by the time we get here, but that's all we know.
+	 */
+	c = &t->bt_cursor;
+
+	/*
+	 * The cursor was deleted and there weren't any duplicate records,
+	 * so the cursor's key was saved.  Find out where that key would
+	 * be in the current tree.  If the returned key is an exact match,
+	 * it means that a key/data pair was inserted into the tree after
+	 * the delete.  We could reasonably return the key, but the problem
+	 * is that this is the access pattern we'll see if the user is
+	 * doing seq(..., R_NEXT)/put(..., 0) pairs, i.e. the put deletes
+	 * the cursor record and then replaces it, so the cursor was saved,
+	 * and we'll simply return the same "new" record until the user
+	 * notices and doesn't do a put() of it.  Since the key is an exact
+	 * match, we could as easily put the new record before the cursor,
+	 * and we've made no guarantee to return it.  So, move forward or
+	 * back a record if it's an exact match.
+	 *
+	 * XXX
+	 * In the current implementation, put's to the cursor are done with
+	 * delete/add pairs.  This has two consequences.  First, it means
+	 * that seq(..., R_NEXT)/put(..., R_CURSOR) pairs are going to exhibit
+	 * the same behavior as above.  Second, you can return the same key
+	 * twice if you have duplicate records.  The scenario is that the
+	 * cursor record is deleted, moving the cursor forward or backward
+	 * to a duplicate.  The add then inserts the new record at a location
+	 * ahead of the cursor because duplicates aren't sorted in any way,
+	 * and the new record is later returned.  This has to be fixed at some
+	 * point.
+	 */
+	if (F_ISSET(c, CURS_ACQUIRE)) {
+		if ((rval = __bt_first(t, &c->key, ep, &exact)) == RET_ERROR)
+			return (RET_ERROR);
+		if (!exact)
+			return (rval);
+		/*
+		 * XXX
+		 * Kluge -- get, release, get the page.
+		 */
+		c->pg.pgno = ep->page->pgno;
+		c->pg.index = ep->index;
+		mpool_put(t->bt_mp, ep->page, 0);
+	}
+
+	/* Get the page referenced by the cursor. */
+	if ((h = mpool_get(t->bt_mp, c->pg.pgno, 0)) == NULL)
+		return (RET_ERROR);
+
+	/*
+ 	 * Find the next/previous record in the tree and point the cursor at
+	 * it.  The cursor may not be moved until a new key has been found.
+	 */
+	switch (flags) {
+	case R_NEXT:			/* Next record. */
+	case R_RNEXT:
+		/*
+		 * The cursor was deleted in duplicate records, and moved
+		 * forward to a record that has yet to be returned.  Clear
+		 * that flag, and return the record.
+		 */
+		if (F_ISSET(c, CURS_AFTER))
+			goto usecurrent;
+		idx = c->pg.index;
+		if (++idx == NEXTINDEX(h)) {
+			if (flags == R_RNEXT) {
+				ep->page = h;
+				ep->index = idx;
+				return (bt_rseq_next(t, ep));
+			}
+			pg = h->nextpg;
+			mpool_put(t->bt_mp, h, 0);
+			if (pg == P_INVALID)
+				return (RET_SPECIAL);
+			if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+				return (RET_ERROR);
+			idx = 0;
+		}
+		break;
+	case R_PREV:			/* Previous record. */
+	case R_RPREV:
+		/*
+		 * The cursor was deleted in duplicate records, and moved
+		 * backward to a record that has yet to be returned.  Clear
+		 * that flag, and return the record.
+		 */
+		if (F_ISSET(c, CURS_BEFORE)) {
+usecurrent:		F_CLR(c, CURS_AFTER | CURS_BEFORE);
+			ep->page = h;
+			ep->index = c->pg.index;
+			return (RET_SUCCESS);
+		}
+		idx = c->pg.index;
+		if (idx == 0) {
+			if (flags == R_RPREV) {
+				ep->page = h;
+				ep->index = idx;
+				return (bt_rseq_prev(t, ep));
+			}
+			pg = h->prevpg;
+			mpool_put(t->bt_mp, h, 0);
+			if (pg == P_INVALID)
+				return (RET_SPECIAL);
+			if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+				return (RET_ERROR);
+			idx = NEXTINDEX(h) - 1;
+		} else
+			--idx;
+		break;
+	}
+
+	ep->page = h;
+	ep->index = idx;
+	return (RET_SUCCESS);
+}
+
+/*
+ * Get the first item on the next page, but by going up and down the tree.
+ */
+static int
+bt_rseq_next(BTREE *t, EPG *ep)
+{
+	PAGE *h;
+	indx_t idx;
+	EPGNO *up;
+	db_pgno_t pg;
+
+	h = ep->page;
+	idx = ep->index;
+	do {
+		/* Move up the tree. */
+		up = BT_POP(t);
+		mpool_put(t->bt_mp, h, 0);
+		/* Did we hit the right edge of the root? */
+		if (up == NULL)
+			return (RET_SPECIAL);
+		if ((h = mpool_get(t->bt_mp, up->pgno, 0)) == NULL)
+			return (RET_ERROR);
+		idx = up->index;
+	} while (++idx == NEXTINDEX(h));
+
+	while (!(h->flags & (P_BLEAF | P_RLEAF))) {
+		/* Move back down the tree. */
+		BT_PUSH(t, h->pgno, idx);
+		pg = GETBINTERNAL(h, idx)->pgno;
+		mpool_put(t->bt_mp, h, 0);
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return (RET_ERROR);
+		idx = 0;
+	}
+	ep->page = h;
+	ep->index = idx;
+	return (RET_SUCCESS);
+}
+
+/*
+ * Get the last item on the previous page, but by going up and down the tree.
+ */
+static int
+bt_rseq_prev(BTREE *t, EPG *ep)
+{
+	PAGE *h;
+	indx_t idx;
+	EPGNO *up;
+	db_pgno_t pg;
+
+	h = ep->page;
+	idx = ep->index;
+	do {
+		/* Move up the tree. */
+		up = BT_POP(t);
+		mpool_put(t->bt_mp, h, 0);
+		/* Did we hit the left edge of the root? */
+		if (up == NULL)
+			return (RET_SPECIAL);
+		if ((h = mpool_get(t->bt_mp, up->pgno, 0)) == NULL)
+			return (RET_ERROR);
+		idx = up->index;
+	} while (idx == 0);
+	--idx;
+	while (!(h->flags & (P_BLEAF | P_RLEAF))) {
+		/* Move back down the tree. */
+		BT_PUSH(t, h->pgno, idx);
+		pg = GETBINTERNAL(h, idx)->pgno;
+		mpool_put(t->bt_mp, h, 0);
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return (RET_ERROR);
+		idx = NEXTINDEX(h) - 1;
+	}
+	ep->page = h;
+	ep->index = idx;
+	return (RET_SUCCESS);
+}
+
+/*
+ * __bt_first --
+ *	Find the first entry.
+ *
+ * Parameters:
+ *	t:	the tree
+ *    key:	the key
+ *  erval:	return EPG
+ * exactp:	pointer to exact match flag
+ *
+ * Returns:
+ *	The first entry in the tree greater than or equal to key,
+ *	or RET_SPECIAL if no such key exists.
+ */
+static int
+__bt_first(t, key, erval, exactp)
+	BTREE *t;
+	const DBT *key;
+	EPG *erval;
+	int *exactp;
+{
+	PAGE *h, *hprev;
+	EPG *ep, save;
+	db_pgno_t pg;
+
+	/*
+	 * Find any matching record; __bt_search pins the page.
+	 *
+	 * If it's an exact match and duplicates are possible, walk backwards
+	 * in the tree until we find the first one.  Otherwise, make sure it's
+	 * a valid key (__bt_search may return an index just past the end of a
+	 * page) and return it.
+	 */
+	if ((ep = __bt_search(t, key, exactp)) == NULL)
+		return (RET_SPECIAL);
+	if (*exactp) {
+		if (F_ISSET(t, B_NODUPS)) {
+			*erval = *ep;
+			return (RET_SUCCESS);
+		}
+
+		/*
+		 * Walk backwards, as long as the entry matches and there are
+		 * keys left in the tree.  Save a copy of each match in case
+		 * we go too far.
+		 */
+		save = *ep;
+		h = ep->page;
+		do {
+			if (save.page->pgno != ep->page->pgno) {
+				mpool_put(t->bt_mp, save.page, 0);
+				save = *ep;
+			} else
+				save.index = ep->index;
+
+			/*
+			 * Don't unpin the page the last (or original) match
+			 * was on, but make sure it's unpinned if an error
+			 * occurs.
+			 */
+			if (ep->index == 0) {
+				if (h->prevpg == P_INVALID)
+					break;
+				if (h->pgno != save.page->pgno)
+					mpool_put(t->bt_mp, h, 0);
+				if ((hprev = mpool_get(t->bt_mp,
+				    h->prevpg, 0)) == NULL) {
+					if (h->pgno == save.page->pgno)
+						mpool_put(t->bt_mp,
+						    save.page, 0);
+					return (RET_ERROR);
+				}
+				ep->page = h = hprev;
+				ep->index = NEXTINDEX(h);
+			}
+			--ep->index;
+		} while (__bt_cmp(t, key, ep) == 0);
+
+		/*
+		 * Reach here with the last page that was looked at pinned,
+		 * which may or may not be the same as the last (or original)
+		 * match page.  If it's not useful, release it.
+		 */
+		if (h->pgno != save.page->pgno)
+			mpool_put(t->bt_mp, h, 0);
+
+		*erval = save;
+		return (RET_SUCCESS);
+	}
+
+	/* If at the end of a page, find the next entry. */
+	if (ep->index == NEXTINDEX(ep->page)) {
+		h = ep->page;
+		pg = h->nextpg;
+		mpool_put(t->bt_mp, h, 0);
+		if (pg == P_INVALID)
+			return (RET_SPECIAL);
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return (RET_ERROR);
+		ep->index = 0;
+		ep->page = h;
+	}
+	*erval = *ep;
+	return (RET_SUCCESS);
+}
+
+/*
+ * __bt_setcur --
+ *	Set the cursor to an entry in the tree.
+ *
+ * Parameters:
+ *	t:	the tree
+ *   pgno:	page number
+ *  index:	page index
+ */
+void
+__bt_setcur(t, pgno, idx)
+	BTREE *t;
+	db_pgno_t pgno;
+	u_int idx;
+{
+	/* Lose any already deleted key. */
+	if (t->bt_cursor.key.data != NULL) {
+		free(t->bt_cursor.key.data);
+		t->bt_cursor.key.size = 0;
+		t->bt_cursor.key.data = NULL;
+	}
+	F_CLR(&t->bt_cursor, CURS_ACQUIRE | CURS_AFTER | CURS_BEFORE);
+
+	/* Update the cursor. */
+	t->bt_cursor.pg.pgno = pgno;
+	t->bt_cursor.pg.index = idx;
+	F_SET(&t->bt_cursor, CURS_INIT);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c
new file mode 100644
index 00000000..c7e4e72a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c
@@ -0,0 +1,836 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_split.c	8.10 (Berkeley) 1/9/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+static int	 bt_broot __P((BTREE *, PAGE *, PAGE *, PAGE *));
+static PAGE	*bt_page
+		    __P((BTREE *, PAGE *, PAGE **, PAGE **, indx_t *, size_t));
+static int	 bt_preserve __P((BTREE *, db_pgno_t));
+static PAGE	*bt_psplit
+		    __P((BTREE *, PAGE *, PAGE *, PAGE *, indx_t *, size_t));
+static PAGE	*bt_root
+		    __P((BTREE *, PAGE *, PAGE **, PAGE **, indx_t *, size_t));
+static int	 bt_rroot __P((BTREE *, PAGE *, PAGE *, PAGE *));
+static recno_t	 rec_total __P((PAGE *));
+
+#ifdef STATISTICS
+u_long	bt_rootsplit, bt_split, bt_sortsplit, bt_pfxsaved;
+#endif
+
+/*
+ * __BT_SPLIT -- Split the tree.
+ *
+ * Parameters:
+ *	t:	tree
+ *	sp:	page to split
+ *	key:	key to insert
+ *	data:	data to insert
+ *	flags:	BIGKEY/BIGDATA flags
+ *	ilen:	insert length
+ *	skip:	index to leave open
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__bt_split(t, sp, key, data, flags, ilen, argskip)
+	BTREE *t;
+	PAGE *sp;
+	const DBT *key, *data;
+	int flags;
+	size_t ilen;
+	u_int32_t argskip;
+{
+	BINTERNAL *bi = NULL;
+	BLEAF *bl = NULL, *tbl;
+	DBT a, b;
+	EPGNO *parent;
+	PAGE *h, *l, *r, *lchild, *rchild;
+	indx_t nxtindex;
+	u_int16_t skip;
+	u_int32_t n, nbytes, nksize = 0;
+	int parentsplit;
+	char *dest;
+
+	/*
+	 * Split the page into two pages, l and r.  The split routines return
+	 * a pointer to the page into which the key should be inserted and with
+	 * skip set to the offset which should be used.  Additionally, l and r
+	 * are pinned.
+	 */
+	skip = argskip;
+	h = sp->pgno == P_ROOT ?
+	    bt_root(t, sp, &l, &r, &skip, ilen) :
+	    bt_page(t, sp, &l, &r, &skip, ilen);
+	if (h == NULL)
+		return (RET_ERROR);
+
+	/*
+	 * Insert the new key/data pair into the leaf page.  (Key inserts
+	 * always cause a leaf page to split first.)
+	 */
+	h->linp[skip] = h->upper -= ilen;
+	dest = (char *)h + h->upper;
+	if (F_ISSET(t, R_RECNO))
+		WR_RLEAF(dest, data, flags)
+	else
+		WR_BLEAF(dest, key, data, flags)
+
+	/* If the root page was split, make it look right. */
+	if (sp->pgno == P_ROOT &&
+	    (F_ISSET(t, R_RECNO) ?
+	    bt_rroot(t, sp, l, r) : bt_broot(t, sp, l, r)) == RET_ERROR)
+		goto err2;
+
+	/*
+	 * Now we walk the parent page stack -- a LIFO stack of the pages that
+	 * were traversed when we searched for the page that split.  Each stack
+	 * entry is a page number and a page index offset.  The offset is for
+	 * the page traversed on the search.  We've just split a page, so we
+	 * have to insert a new key into the parent page.
+	 *
+	 * If the insert into the parent page causes it to split, may have to
+	 * continue splitting all the way up the tree.  We stop if the root
+	 * splits or the page inserted into didn't have to split to hold the
+	 * new key.  Some algorithms replace the key for the old page as well
+	 * as the new page.  We don't, as there's no reason to believe that the
+	 * first key on the old page is any better than the key we have, and,
+	 * in the case of a key being placed at index 0 causing the split, the
+	 * key is unavailable.
+	 *
+	 * There are a maximum of 5 pages pinned at any time.  We keep the left
+	 * and right pages pinned while working on the parent.   The 5 are the
+	 * two children, left parent and right parent (when the parent splits)
+	 * and the root page or the overflow key page when calling bt_preserve.
+	 * This code must make sure that all pins are released other than the
+	 * root page or overflow page which is unlocked elsewhere.
+	 */
+	while ((parent = BT_POP(t)) != NULL) {
+		lchild = l;
+		rchild = r;
+
+		/* Get the parent page. */
+		if ((h = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+			goto err2;
+
+	 	/*
+		 * The new key goes ONE AFTER the index, because the split
+		 * was to the right.
+		 */
+		skip = parent->index + 1;
+
+		/*
+		 * Calculate the space needed on the parent page.
+		 *
+		 * Prefix trees: space hack when inserting into BINTERNAL
+		 * pages.  Retain only what's needed to distinguish between
+		 * the new entry and the LAST entry on the page to its left.
+		 * If the keys compare equal, retain the entire key.  Note,
+		 * we don't touch overflow keys, and the entire key must be
+		 * retained for the next-to-left most key on the leftmost
+		 * page of each level, or the search will fail.  Applicable
+		 * ONLY to internal pages that have leaf pages as children.
+		 * Further reduction of the key between pairs of internal
+		 * pages loses too much information.
+		 */
+		switch (rchild->flags & P_TYPE) {
+		case P_BINTERNAL:
+			bi = GETBINTERNAL(rchild, 0);
+			nbytes = NBINTERNAL(bi->ksize);
+			break;
+		case P_BLEAF:
+			bl = GETBLEAF(rchild, 0);
+			nbytes = NBINTERNAL(bl->ksize);
+			if (t->bt_pfx && !(bl->flags & P_BIGKEY) &&
+			    (h->prevpg != P_INVALID || skip > 1)) {
+				tbl = GETBLEAF(lchild, NEXTINDEX(lchild) - 1);
+				a.size = tbl->ksize;
+				a.data = tbl->bytes;
+				b.size = bl->ksize;
+				b.data = bl->bytes;
+				nksize = t->bt_pfx(&a, &b);
+				n = NBINTERNAL(nksize);
+				if (n < nbytes) {
+#ifdef STATISTICS
+					bt_pfxsaved += nbytes - n;
+#endif
+					nbytes = n;
+				} else
+					nksize = 0;
+			} else
+				nksize = 0;
+			break;
+		case P_RINTERNAL:
+		case P_RLEAF:
+			nbytes = NRINTERNAL;
+			break;
+		default:
+			abort();
+		}
+
+		/* Split the parent page if necessary or shift the indices. */
+		if ((u_int32_t)h->upper - (u_int32_t)h->lower
+		    < nbytes + sizeof(indx_t)) {
+			sp = h;
+			h = h->pgno == P_ROOT ?
+			    bt_root(t, h, &l, &r, &skip, nbytes) :
+			    bt_page(t, h, &l, &r, &skip, nbytes);
+			if (h == NULL)
+				goto err1;
+			parentsplit = 1;
+		} else {
+			if (skip < (nxtindex = NEXTINDEX(h)))
+				memmove(h->linp + skip + 1, h->linp + skip,
+				    (nxtindex - skip) * sizeof(indx_t));
+			h->lower += sizeof(indx_t);
+			parentsplit = 0;
+		}
+
+		/* Insert the key into the parent page. */
+		switch (rchild->flags & P_TYPE) {
+		case P_BINTERNAL:
+			h->linp[skip] = h->upper -= nbytes;
+			dest = (char *)h + h->linp[skip];
+			memmove(dest, bi, nbytes);
+			((BINTERNAL *)(void *)dest)->pgno = rchild->pgno;
+			break;
+		case P_BLEAF:
+			h->linp[skip] = h->upper -= nbytes;
+			dest = (char *)h + h->linp[skip];
+			WR_BINTERNAL(dest, nksize ? nksize : bl->ksize,
+			    rchild->pgno, bl->flags & P_BIGKEY);
+			memmove(dest, bl->bytes, nksize ? nksize : bl->ksize);
+			if (bl->flags & P_BIGKEY) {
+				db_pgno_t pgno;
+				memcpy(&pgno, bl->bytes, sizeof(pgno));
+				if (bt_preserve(t, pgno) == RET_ERROR)
+					goto err1;
+			}
+			break;
+		case P_RINTERNAL:
+			/*
+			 * Update the left page count.  If split
+			 * added at index 0, fix the correct page.
+			 */
+			if (skip > 0)
+				dest = (char *)h + h->linp[skip - 1];
+			else
+				dest = (char *)l + l->linp[NEXTINDEX(l) - 1];
+			((RINTERNAL *)(void *)dest)->nrecs = rec_total(lchild);
+			((RINTERNAL *)(void *)dest)->pgno = lchild->pgno;
+
+			/* Update the right page count. */
+			h->linp[skip] = h->upper -= nbytes;
+			dest = (char *)h + h->linp[skip];
+			((RINTERNAL *)(void *)dest)->nrecs = rec_total(rchild);
+			((RINTERNAL *)(void *)dest)->pgno = rchild->pgno;
+			break;
+		case P_RLEAF:
+			/*
+			 * Update the left page count.  If split
+			 * added at index 0, fix the correct page.
+			 */
+			if (skip > 0)
+				dest = (char *)h + h->linp[skip - 1];
+			else
+				dest = (char *)l + l->linp[NEXTINDEX(l) - 1];
+			((RINTERNAL *)(void *)dest)->nrecs = NEXTINDEX(lchild);
+			((RINTERNAL *)(void *)dest)->pgno = lchild->pgno;
+
+			/* Update the right page count. */
+			h->linp[skip] = h->upper -= nbytes;
+			dest = (char *)h + h->linp[skip];
+			((RINTERNAL *)(void *)dest)->nrecs = NEXTINDEX(rchild);
+			((RINTERNAL *)(void *)dest)->pgno = rchild->pgno;
+			break;
+		default:
+			abort();
+		}
+
+		/* Unpin the held pages. */
+		if (!parentsplit) {
+			mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+			break;
+		}
+
+		/* If the root page was split, make it look right. */
+		if (sp->pgno == P_ROOT &&
+		    (F_ISSET(t, R_RECNO) ?
+		    bt_rroot(t, sp, l, r) : bt_broot(t, sp, l, r)) == RET_ERROR)
+			goto err1;
+
+		mpool_put(t->bt_mp, lchild, MPOOL_DIRTY);
+		mpool_put(t->bt_mp, rchild, MPOOL_DIRTY);
+	}
+
+	/* Unpin the held pages. */
+	mpool_put(t->bt_mp, l, MPOOL_DIRTY);
+	mpool_put(t->bt_mp, r, MPOOL_DIRTY);
+
+	/* Clear any pages left on the stack. */
+	return (RET_SUCCESS);
+
+	/*
+	 * If something fails in the above loop we were already walking back
+	 * up the tree and the tree is now inconsistent.  Nothing much we can
+	 * do about it but release any memory we're holding.
+	 */
+err1:	mpool_put(t->bt_mp, lchild, MPOOL_DIRTY);
+	mpool_put(t->bt_mp, rchild, MPOOL_DIRTY);
+
+err2:	mpool_put(t->bt_mp, l, 0);
+	mpool_put(t->bt_mp, r, 0);
+	__dbpanic(t->bt_dbp);
+	return (RET_ERROR);
+}
+
+/*
+ * BT_PAGE -- Split a non-root page of a btree.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	root page
+ *	lp:	pointer to left page pointer
+ *	rp:	pointer to right page pointer
+ *	skip:	pointer to index to leave open
+ *	ilen:	insert length
+ *
+ * Returns:
+ *	Pointer to page in which to insert or NULL on error.
+ */
+static PAGE *
+bt_page(t, h, lp, rp, skip, ilen)
+	BTREE *t;
+	PAGE *h, **lp, **rp;
+	indx_t *skip;
+	size_t ilen;
+{
+	PAGE *l, *r, *tp;
+	db_pgno_t npg;
+
+#ifdef STATISTICS
+	++bt_split;
+#endif
+	/* Put the new right page for the split into place. */
+	if ((r = __bt_new(t, &npg)) == NULL)
+		return (NULL);
+	r->pgno = npg;
+	r->lower = BTDATAOFF;
+	r->upper = t->bt_psize;
+	r->nextpg = h->nextpg;
+	r->prevpg = h->pgno;
+	r->flags = h->flags & P_TYPE;
+
+	/*
+	 * If we're splitting the last page on a level because we're appending
+	 * a key to it (skip is NEXTINDEX()), it's likely that the data is
+	 * sorted.  Adding an empty page on the side of the level is less work
+	 * and can push the fill factor much higher than normal.  If we're
+	 * wrong it's no big deal, we'll just do the split the right way next
+	 * time.  It may look like it's equally easy to do a similar hack for
+	 * reverse sorted data, that is, split the tree left, but it's not.
+	 * Don't even try.
+	 */
+	if (h->nextpg == P_INVALID && *skip == NEXTINDEX(h)) {
+#ifdef STATISTICS
+		++bt_sortsplit;
+#endif
+		h->nextpg = r->pgno;
+		r->lower = BTDATAOFF + sizeof(indx_t);
+		*skip = 0;
+		*lp = h;
+		*rp = r;
+		return (r);
+	}
+
+	/* Put the new left page for the split into place. */
+	if ((l = (PAGE *)malloc(t->bt_psize)) == NULL) {
+		mpool_put(t->bt_mp, r, 0);
+		return (NULL);
+	}
+#if 1 /* def PURIFY */
+	memset(l, 0xff, t->bt_psize);
+#endif
+	l->pgno = h->pgno;
+	l->nextpg = r->pgno;
+	l->prevpg = h->prevpg;
+	l->lower = BTDATAOFF;
+	l->upper = t->bt_psize;
+	l->flags = h->flags & P_TYPE;
+
+	/* Fix up the previous pointer of the page after the split page. */
+	if (h->nextpg != P_INVALID) {
+		if ((tp = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL) {
+			free(l);
+			/* XXX mpool_free(t->bt_mp, r->pgno); */
+			return (NULL);
+		}
+		tp->prevpg = r->pgno;
+		mpool_put(t->bt_mp, tp, MPOOL_DIRTY);
+	}
+
+	/*
+	 * Split right.  The key/data pairs aren't sorted in the btree page so
+	 * it's simpler to copy the data from the split page onto two new pages
+	 * instead of copying half the data to the right page and compacting
+	 * the left page in place.  Since the left page can't change, we have
+	 * to swap the original and the allocated left page after the split.
+	 */
+	tp = bt_psplit(t, h, l, r, skip, ilen);
+
+	/* Move the new left page onto the old left page. */
+	memmove(h, l, t->bt_psize);
+	if (tp == l)
+		tp = h;
+	free(l);
+
+	*lp = h;
+	*rp = r;
+	return (tp);
+}
+
+/*
+ * BT_ROOT -- Split the root page of a btree.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	root page
+ *	lp:	pointer to left page pointer
+ *	rp:	pointer to right page pointer
+ *	skip:	pointer to index to leave open
+ *	ilen:	insert length
+ *
+ * Returns:
+ *	Pointer to page in which to insert or NULL on error.
+ */
+static PAGE *
+bt_root(t, h, lp, rp, skip, ilen)
+	BTREE *t;
+	PAGE *h, **lp, **rp;
+	indx_t *skip;
+	size_t ilen;
+{
+	PAGE *l, *r, *tp;
+	db_pgno_t lnpg, rnpg;
+
+#ifdef STATISTICS
+	++bt_split;
+	++bt_rootsplit;
+#endif
+	/* Put the new left and right pages for the split into place. */
+	if ((l = __bt_new(t, &lnpg)) == NULL ||
+	    (r = __bt_new(t, &rnpg)) == NULL)
+		return (NULL);
+	l->pgno = lnpg;
+	r->pgno = rnpg;
+	l->nextpg = r->pgno;
+	r->prevpg = l->pgno;
+	l->prevpg = r->nextpg = P_INVALID;
+	l->lower = r->lower = BTDATAOFF;
+	l->upper = r->upper = t->bt_psize;
+	l->flags = r->flags = h->flags & P_TYPE;
+
+	/* Split the root page. */
+	tp = bt_psplit(t, h, l, r, skip, ilen);
+
+	*lp = l;
+	*rp = r;
+	return (tp);
+}
+
+/*
+ * BT_RROOT -- Fix up the recno root page after it has been split.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	root page
+ *	l:	left page
+ *	r:	right page
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+static int
+bt_rroot(t, h, l, r)
+	BTREE *t;
+	PAGE *h, *l, *r;
+{
+	char *dest;
+
+	/* Insert the left and right keys, set the header information. */
+	h->linp[0] = h->upper = t->bt_psize - NRINTERNAL;
+	dest = (char *)h + h->upper;
+	WR_RINTERNAL(dest,
+	    l->flags & P_RLEAF ? NEXTINDEX(l) : rec_total(l), l->pgno);
+
+	h->linp[1] = h->upper -= NRINTERNAL;
+	dest = (char *)h + h->upper;
+	WR_RINTERNAL(dest,
+	    r->flags & P_RLEAF ? NEXTINDEX(r) : rec_total(r), r->pgno);
+
+	h->lower = BTDATAOFF + 2 * sizeof(indx_t);
+
+	/* Unpin the root page, set to recno internal page. */
+	h->flags &= ~P_TYPE;
+	h->flags |= P_RINTERNAL;
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+
+	return (RET_SUCCESS);
+}
+
+/*
+ * BT_BROOT -- Fix up the btree root page after it has been split.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	root page
+ *	l:	left page
+ *	r:	right page
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+static int
+bt_broot(t, h, l, r)
+	BTREE *t;
+	PAGE *h, *l, *r;
+{
+	BINTERNAL *bi;
+	BLEAF *bl;
+	u_int32_t nbytes;
+	char *dest;
+
+	/*
+	 * If the root page was a leaf page, change it into an internal page.
+	 * We copy the key we split on (but not the key's data, in the case of
+	 * a leaf page) to the new root page.
+	 *
+	 * The btree comparison code guarantees that the left-most key on any
+	 * level of the tree is never used, so it doesn't need to be filled in.
+	 */
+	nbytes = NBINTERNAL(0);
+	h->linp[0] = h->upper = t->bt_psize - nbytes;
+	dest = (char *)h + h->upper;
+	WR_BINTERNAL(dest, 0, l->pgno, 0);
+
+	switch (h->flags & P_TYPE) {
+	case P_BLEAF:
+		bl = GETBLEAF(r, 0);
+		nbytes = NBINTERNAL(bl->ksize);
+		h->linp[1] = h->upper -= nbytes;
+		dest = (char *)h + h->upper;
+		WR_BINTERNAL(dest, bl->ksize, r->pgno, 0);
+		memmove(dest, bl->bytes, bl->ksize);
+
+		/*
+		 * If the key is on an overflow page, mark the overflow chain
+		 * so it isn't deleted when the leaf copy of the key is deleted.
+		 */
+		if (bl->flags & P_BIGKEY) {
+			db_pgno_t pgno;
+			memcpy(&pgno, bl->bytes, sizeof(pgno));
+			if (bt_preserve(t, pgno) == RET_ERROR)
+				return (RET_ERROR);
+		}
+		break;
+	case P_BINTERNAL:
+		bi = GETBINTERNAL(r, 0);
+		nbytes = NBINTERNAL(bi->ksize);
+		h->linp[1] = h->upper -= nbytes;
+		dest = (char *)h + h->upper;
+		memmove(dest, bi, nbytes);
+		((BINTERNAL *)(void *)dest)->pgno = r->pgno;
+		break;
+	default:
+		abort();
+	}
+
+	/* There are two keys on the page. */
+	h->lower = BTDATAOFF + 2 * sizeof(indx_t);
+
+	/* Unpin the root page, set to btree internal page. */
+	h->flags &= ~P_TYPE;
+	h->flags |= P_BINTERNAL;
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+
+	return (RET_SUCCESS);
+}
+
+/*
+ * BT_PSPLIT -- Do the real work of splitting the page.
+ *
+ * Parameters:
+ *	t:	tree
+ *	h:	page to be split
+ *	l:	page to put lower half of data
+ *	r:	page to put upper half of data
+ *	pskip:	pointer to index to leave open
+ *	ilen:	insert length
+ *
+ * Returns:
+ *	Pointer to page in which to insert.
+ */
+static PAGE *
+bt_psplit(t, h, l, r, pskip, ilen)
+	BTREE *t;
+	PAGE *h, *l, *r;
+	indx_t *pskip;
+	size_t ilen;
+{
+	BINTERNAL *bi;
+	BLEAF *bl;
+	CURSOR *c;
+	RLEAF *rl;
+	PAGE *rval;
+	void *src;
+	indx_t full, half, nxt, off, skip, top, used;
+	u_int32_t nbytes;
+	int bigkeycnt, isbigkey;
+
+	/*
+	 * Split the data to the left and right pages.  Leave the skip index
+	 * open.  Additionally, make some effort not to split on an overflow
+	 * key.  This makes internal page processing faster and can save
+	 * space as overflow keys used by internal pages are never deleted.
+	 */
+	bigkeycnt = 0;
+	skip = *pskip;
+	full = t->bt_psize - BTDATAOFF;
+	half = full / 2;
+	used = 0;
+	src = NULL;	     /* silence gcc "uninitialized" warning */
+	for (nxt = off = 0, top = NEXTINDEX(h); nxt < top; ++off) {
+		if (skip == off) {
+			nbytes = ilen;
+			isbigkey = 0;		/* XXX: not really known. */
+		} else
+			switch (h->flags & P_TYPE) {
+			case P_BINTERNAL:
+				src = bi = GETBINTERNAL(h, nxt);
+				nbytes = NBINTERNAL(bi->ksize);
+				isbigkey = bi->flags & P_BIGKEY;
+				break;
+			case P_BLEAF:
+				src = bl = GETBLEAF(h, nxt);
+				nbytes = NBLEAF(bl);
+				isbigkey = bl->flags & P_BIGKEY;
+				break;
+			case P_RINTERNAL:
+				src = GETRINTERNAL(h, nxt);
+				nbytes = NRINTERNAL;
+				isbigkey = 0;
+				break;
+			case P_RLEAF:
+				src = rl = GETRLEAF(h, nxt);
+				nbytes = NRLEAF(rl);
+				isbigkey = 0;
+				break;
+			default:
+				abort();
+			}
+
+		/*
+		 * If the key/data pairs are substantial fractions of the max
+		 * possible size for the page, it's possible to get situations
+		 * where we decide to try and copy too much onto the left page.
+		 * Make sure that doesn't happen.
+		 */
+		if ((skip <= off && used + nbytes + sizeof(indx_t) >= full)
+		    || nxt == top - 1) {
+			--off;
+			break;
+		}
+
+		/* Copy the key/data pair, if not the skipped index. */
+		if (skip != off) {
+			++nxt;
+
+			l->linp[off] = l->upper -= nbytes;
+			memmove((char *)l + l->upper, src, nbytes);
+		}
+
+		used += nbytes + sizeof(indx_t);
+		if (used >= half) {
+			if (!isbigkey || bigkeycnt == 3)
+				break;
+			else
+				++bigkeycnt;
+		}
+	}
+
+	/*
+	 * Off is the last offset that's valid for the left page.
+	 * Nxt is the first offset to be placed on the right page.
+	 */
+	l->lower += (off + 1) * sizeof(indx_t);
+
+	/*
+	 * If splitting the page that the cursor was on, the cursor has to be
+	 * adjusted to point to the same record as before the split.  If the
+	 * cursor is at or past the skipped slot, the cursor is incremented by
+	 * one.  If the cursor is on the right page, it is decremented by the
+	 * number of records split to the left page.
+	 */
+	c = &t->bt_cursor;
+	if (F_ISSET(c, CURS_INIT) && c->pg.pgno == h->pgno) {
+		if (c->pg.index >= skip)
+			++c->pg.index;
+		if (c->pg.index < nxt)			/* Left page. */
+			c->pg.pgno = l->pgno;
+		else {					/* Right page. */
+			c->pg.pgno = r->pgno;
+			c->pg.index -= nxt;
+		}
+	}
+
+	/*
+	 * If the skipped index was on the left page, just return that page.
+	 * Otherwise, adjust the skip index to reflect the new position on
+	 * the right page.
+	 */
+	if (skip <= off) {
+		skip = (indx_t)-1;
+		rval = l;
+	} else {
+		rval = r;
+		*pskip -= nxt;
+	}
+
+	for (off = 0; nxt < top; ++off) {
+		if (skip == nxt) {
+			++off;
+			skip = (indx_t)-1;
+		}
+		switch (h->flags & P_TYPE) {
+		case P_BINTERNAL:
+			src = bi = GETBINTERNAL(h, nxt);
+			nbytes = NBINTERNAL(bi->ksize);
+			break;
+		case P_BLEAF:
+			src = bl = GETBLEAF(h, nxt);
+			nbytes = NBLEAF(bl);
+			break;
+		case P_RINTERNAL:
+			src = GETRINTERNAL(h, nxt);
+			nbytes = NRINTERNAL;
+			break;
+		case P_RLEAF:
+			src = rl = GETRLEAF(h, nxt);
+			nbytes = NRLEAF(rl);
+			break;
+		default:
+			abort();
+		}
+		++nxt;
+		r->linp[off] = r->upper -= nbytes;
+		memmove((char *)r + r->upper, src, nbytes);
+	}
+	r->lower += off * sizeof(indx_t);
+
+	/* If the key is being appended to the page, adjust the index. */
+	if (skip == top)
+		r->lower += sizeof(indx_t);
+
+	return (rval);
+}
+
+/*
+ * BT_PRESERVE -- Mark a chain of pages as used by an internal node.
+ *
+ * Chains of indirect blocks pointed to by leaf nodes get reclaimed when the
+ * record that references them gets deleted.  Chains pointed to by internal
+ * pages never get deleted.  This routine marks a chain as pointed to by an
+ * internal page.
+ *
+ * Parameters:
+ *	t:	tree
+ *	pg:	page number of first page in the chain.
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+static int
+bt_preserve(t, pg)
+	BTREE *t;
+	db_pgno_t pg;
+{
+	PAGE *h;
+
+	if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+		return (RET_ERROR);
+	h->flags |= P_PRESERVE;
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+	return (RET_SUCCESS);
+}
+
+/*
+ * REC_TOTAL -- Return the number of recno entries below a page.
+ *
+ * Parameters:
+ *	h:	page
+ *
+ * Returns:
+ *	The number of recno entries below a page.
+ *
+ * XXX
+ * These values could be set by the bt_psplit routine.  The problem is that the
+ * entry has to be popped off of the stack etc. or the values have to be passed
+ * all the way back to bt_split/bt_rroot and it's not very clean.
+ */
+static recno_t
+rec_total(h)
+	PAGE *h;
+{
+	recno_t recs;
+	indx_t nxt, top;
+
+	for (recs = 0, nxt = 0, top = NEXTINDEX(h); nxt < top; ++nxt)
+		recs += GETRINTERNAL(h, nxt)->nrecs;
+	return (recs);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_utils.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_utils.c
new file mode 100644
index 00000000..be2f24f2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_utils.c
@@ -0,0 +1,260 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bt_utils.c	8.8 (Berkeley) 7/20/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+/*
+ * __bt_ret --
+ *	Build return key/data pair.
+ *
+ * Parameters:
+ *	t:	tree
+ *	e:	key/data pair to be returned
+ *	key:	user's key structure (NULL if not to be filled in)
+ *	rkey:	memory area to hold key
+ *	data:	user's data structure (NULL if not to be filled in)
+ *	rdata:	memory area to hold data
+ *       copy:	always copy the key/data item
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+int
+__bt_ret(t, e, key, rkey, data, rdata, copy)
+	BTREE *t;
+	EPG *e;
+	DBT *key, *rkey, *data, *rdata;
+	int copy;
+{
+	BLEAF *bl;
+	void *p;
+
+	bl = GETBLEAF(e->page, e->index);
+
+	/*
+	 * We must copy big keys/data to make them contigous.  Otherwise,
+	 * leave the page pinned and don't copy unless the user specified
+	 * concurrent access.
+	 */
+	if (key == NULL)
+		goto dataonly;
+
+	if (bl->flags & P_BIGKEY) {
+		if (__ovfl_get(t, bl->bytes,
+		    &key->size, &rkey->data, &rkey->size))
+			return (RET_ERROR);
+		key->data = rkey->data;
+	} else if (copy || F_ISSET(t, B_DB_LOCK)) {
+		if (bl->ksize > rkey->size) {
+			p = (void *)(rkey->data == NULL ?
+			    malloc(bl->ksize) : realloc(rkey->data, bl->ksize));
+			if (p == NULL)
+				return (RET_ERROR);
+			rkey->data = p;
+			rkey->size = bl->ksize;
+		}
+		memmove(rkey->data, bl->bytes, bl->ksize);
+		key->size = bl->ksize;
+		key->data = rkey->data;
+	} else {
+		key->size = bl->ksize;
+		key->data = bl->bytes;
+	}
+
+dataonly:
+	if (data == NULL)
+		return (RET_SUCCESS);
+
+	if (bl->flags & P_BIGDATA) {
+		if (__ovfl_get(t, bl->bytes + bl->ksize,
+		    &data->size, &rdata->data, &rdata->size))
+			return (RET_ERROR);
+		data->data = rdata->data;
+	} else if (copy || F_ISSET(t, B_DB_LOCK)) {
+		/* Use +1 in case the first record retrieved is 0 length. */
+		if (bl->dsize + 1 > rdata->size) {
+			p = (void *)(rdata->data == NULL ?
+			    malloc(bl->dsize + 1) :
+			    realloc(rdata->data, bl->dsize + 1));
+			if (p == NULL)
+				return (RET_ERROR);
+			rdata->data = p;
+			rdata->size = bl->dsize + 1;
+		}
+		memmove(rdata->data, bl->bytes + bl->ksize, bl->dsize);
+		data->size = bl->dsize;
+		data->data = rdata->data;
+	} else {
+		data->size = bl->dsize;
+		data->data = bl->bytes + bl->ksize;
+	}
+
+	return (RET_SUCCESS);
+}
+
+/*
+ * __BT_CMP -- Compare a key to a given record.
+ *
+ * Parameters:
+ *	t:	tree
+ *	k1:	DBT pointer of first arg to comparison
+ *	e:	pointer to EPG for comparison
+ *
+ * Returns:
+ *	< 0 if k1 is < record
+ *	= 0 if k1 is = record
+ *	> 0 if k1 is > record
+ */
+int
+__bt_cmp(t, k1, e)
+	BTREE *t;
+	const DBT *k1;
+	EPG *e;
+{
+	BINTERNAL *bi;
+	BLEAF *bl;
+	DBT k2;
+	PAGE *h;
+	void *bigkey;
+
+	/*
+	 * The left-most key on internal pages, at any level of the tree, is
+	 * guaranteed by the following code to be less than any user key.
+	 * This saves us from having to update the leftmost key on an internal
+	 * page when the user inserts a new key in the tree smaller than
+	 * anything we've yet seen.
+	 */
+	h = e->page;
+	if (e->index == 0 && h->prevpg == P_INVALID && !(h->flags & P_BLEAF))
+		return (1);
+
+	bigkey = NULL;
+	if (h->flags & P_BLEAF) {
+		bl = GETBLEAF(h, e->index);
+		if (bl->flags & P_BIGKEY)
+			bigkey = bl->bytes;
+		else {
+			k2.data = bl->bytes;
+			k2.size = bl->ksize;
+		}
+	} else {
+		bi = GETBINTERNAL(h, e->index);
+		if (bi->flags & P_BIGKEY)
+			bigkey = bi->bytes;
+		else {
+			k2.data = bi->bytes;
+			k2.size = bi->ksize;
+		}
+	}
+
+	if (bigkey) {
+		if (__ovfl_get(t, bigkey,
+		    &k2.size, &t->bt_rdata.data, &t->bt_rdata.size))
+			return (RET_ERROR);
+		k2.data = t->bt_rdata.data;
+	}
+	return ((*t->bt_cmp)(k1, &k2));
+}
+
+/*
+ * __BT_DEFCMP -- Default comparison routine.
+ *
+ * Parameters:
+ *	a:	DBT #1
+ *	b: 	DBT #2
+ *
+ * Returns:
+ *	< 0 if a is < b
+ *	= 0 if a is = b
+ *	> 0 if a is > b
+ */
+int
+__bt_defcmp(a, b)
+	const DBT *a, *b;
+{
+	size_t len;
+	u_char *p1, *p2;
+
+	/*
+	 * XXX
+	 * If a size_t doesn't fit in an int, this routine can lose.
+	 * What we need is a integral type which is guaranteed to be
+	 * larger than a size_t, and there is no such thing.
+	 */
+	len = MIN(a->size, b->size);
+	for (p1 = a->data, p2 = b->data; len--; ++p1, ++p2)
+		if (*p1 != *p2)
+			return ((int)*p1 - (int)*p2);
+	return ((int)a->size - (int)b->size);
+}
+
+/*
+ * __BT_DEFPFX -- Default prefix routine.
+ *
+ * Parameters:
+ *	a:	DBT #1
+ *	b: 	DBT #2
+ *
+ * Returns:
+ *	Number of bytes needed to distinguish b from a.
+ */
+size_t
+__bt_defpfx(a, b)
+	const DBT *a, *b;
+{
+	u_char *p1, *p2;
+	size_t cnt, len;
+
+	cnt = 1;
+	len = MIN(a->size, b->size);
+	for (p1 = a->data, p2 = b->data; len--; ++p1, ++p2, ++cnt)
+		if (*p1 != *p2)
+			return (cnt);
+
+	/* a->size must be <= b->size, or they wouldn't be in this order. */
+	return (a->size < b->size ? a->size + 1 : a->size);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/btree.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/btree.h
new file mode 100644
index 00000000..91fd271b
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/btree.h
@@ -0,0 +1,383 @@
+/*-
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)btree.h	8.11 (Berkeley) 8/17/94
+ */
+
+/* Macros to set/clear/test flags. */
+#define	F_SET(p, f)	(p)->flags |= (f)
+#define	F_CLR(p, f)	(p)->flags &= ~(f)
+#define	F_ISSET(p, f)	((p)->flags & (f))
+
+#include "mpool.h"
+
+#define	DEFMINKEYPAGE	(2)		/* Minimum keys per page */
+#define	MINCACHE	(5)		/* Minimum cached pages */
+#define	MINPSIZE	(512)		/* Minimum page size */
+
+/*
+ * Page 0 of a btree file contains a copy of the meta-data.  This page is also
+ * used as an out-of-band page, i.e. page pointers that point to nowhere point
+ * to page 0.  Page 1 is the root of the btree.
+ */
+#define	P_INVALID	 0		/* Invalid tree page number. */
+#define	P_META		 0		/* Tree metadata page number. */
+#define	P_ROOT		 1		/* Tree root page number. */
+
+/*
+ * There are five page layouts in the btree: btree internal pages (BINTERNAL),
+ * btree leaf pages (BLEAF), recno internal pages (RINTERNAL), recno leaf pages
+ * (RLEAF) and overflow pages.  All five page types have a page header (PAGE).
+ * This implementation requires that values within structures NOT be padded.
+ * (ANSI C permits random padding.)  If your compiler pads randomly you'll have
+ * to do some work to get this package to run.
+ */
+typedef struct _page {
+	db_pgno_t	pgno;			/* this page's page number */
+	db_pgno_t	prevpg;			/* left sibling */
+	db_pgno_t	nextpg;			/* right sibling */
+
+#define	P_BINTERNAL	0x01		/* btree internal page */
+#define	P_BLEAF		0x02		/* leaf page */
+#define	P_OVERFLOW	0x04		/* overflow page */
+#define	P_RINTERNAL	0x08		/* recno internal page */
+#define	P_RLEAF		0x10		/* leaf page */
+#define P_TYPE		0x1f		/* type mask */
+#define	P_PRESERVE	0x20		/* never delete this chain of pages */
+	u_int32_t flags;
+
+	indx_t	lower;			/* lower bound of free space on page */
+	indx_t	upper;			/* upper bound of free space on page */
+	indx_t	linp[1];		/* indx_t-aligned VAR. LENGTH DATA */
+} PAGE;
+
+/* First and next index. */
+#define	BTDATAOFF							\
+	(sizeof(db_pgno_t) + sizeof(db_pgno_t) + sizeof(db_pgno_t) +		\
+	    sizeof(u_int32_t) + sizeof(indx_t) + sizeof(indx_t))
+#define	NEXTINDEX(p)	(((p)->lower - BTDATAOFF) / sizeof(indx_t))
+
+/*
+ * For pages other than overflow pages, there is an array of offsets into the
+ * rest of the page immediately following the page header.  Each offset is to
+ * an item which is unique to the type of page.  The h_lower offset is just
+ * past the last filled-in index.  The h_upper offset is the first item on the
+ * page.  Offsets are from the beginning of the page.
+ *
+ * If an item is too big to store on a single page, a flag is set and the item
+ * is a { page, size } pair such that the page is the first page of an overflow
+ * chain with size bytes of item.  Overflow pages are simply bytes without any
+ * external structure.
+ *
+ * The page number and size fields in the items are db_pgno_t-aligned so they can
+ * be manipulated without copying.  (This presumes that 32 bit items can be
+ * manipulated on this system.)
+ */
+#define	LALIGN(n)	(((n) + sizeof(db_pgno_t) - 1) & ~(sizeof(db_pgno_t) - 1))
+#define	NOVFLSIZE	(sizeof(db_pgno_t) + sizeof(u_int32_t))
+
+/*
+ * For the btree internal pages, the item is a key.  BINTERNALs are {key, pgno}
+ * pairs, such that the key compares less than or equal to all of the records
+ * on that page.  For a tree without duplicate keys, an internal page with two
+ * consecutive keys, a and b, will have all records greater than or equal to a
+ * and less than b stored on the page associated with a.  Duplicate keys are
+ * somewhat special and can cause duplicate internal and leaf page records and
+ * some minor modifications of the above rule.
+ */
+typedef struct _binternal {
+	u_int32_t ksize;		/* key size */
+	db_pgno_t	pgno;			/* page number stored on */
+#define	P_BIGDATA	0x01		/* overflow data */
+#define	P_BIGKEY	0x02		/* overflow key */
+	u_char	flags;
+	char	bytes[1];		/* data */
+} BINTERNAL;
+
+/* Get the page's BINTERNAL structure at index indx. */
+#define	GETBINTERNAL(pg, indx)						\
+	((BINTERNAL *)(void *)((char *)(pg) + (pg)->linp[indx]))
+
+/* Get the number of bytes in the entry. */
+#define NBINTERNAL(len)							\
+	LALIGN(sizeof(u_int32_t) + sizeof(db_pgno_t) + sizeof(u_char) + (len))
+
+/* Copy a BINTERNAL entry to the page. */
+#define	WR_BINTERNAL(p, size, pgno, flags) {				\
+	*(u_int32_t *)(void *)p = size;					\
+	p += sizeof(u_int32_t);						\
+	*(db_pgno_t *)(void *)p = pgno;					\
+	p += sizeof(db_pgno_t);						\
+	*(u_char *)p = flags;						\
+	p += sizeof(u_char);						\
+}
+
+/*
+ * For the recno internal pages, the item is a page number with the number of
+ * keys found on that page and below.
+ */
+typedef struct _rinternal {
+	recno_t	nrecs;			/* number of records */
+	db_pgno_t	pgno;			/* page number stored below */
+} RINTERNAL;
+
+/* Get the page's RINTERNAL structure at index indx. */
+#define	GETRINTERNAL(pg, indx)						\
+	((RINTERNAL *)(void *)((char *)(void *)(pg) + (pg)->linp[indx]))
+
+/* Get the number of bytes in the entry. */
+#define NRINTERNAL							\
+	LALIGN(sizeof(recno_t) + sizeof(db_pgno_t))
+
+/* Copy a RINTERAL entry to the page. */
+#define	WR_RINTERNAL(p, nrecs, pgno) {					\
+	*(recno_t *)(void *)p = nrecs;					\
+	p += sizeof(recno_t);						\
+	*(db_pgno_t *)(void *)p = pgno;					\
+}
+
+/* For the btree leaf pages, the item is a key and data pair. */
+typedef struct _bleaf {
+	u_int32_t	ksize;		/* size of key */
+	u_int32_t	dsize;		/* size of data */
+	u_char	flags;			/* P_BIGDATA, P_BIGKEY */
+	char	bytes[1];		/* data */
+} BLEAF;
+
+/* Get the page's BLEAF structure at index indx. */
+#define	GETBLEAF(pg, indx)						\
+	((BLEAF *)(void *)((char *)(pg) + (pg)->linp[indx]))
+
+/* Get the number of bytes in the entry. */
+#define NBLEAF(p)	NBLEAFDBT((p)->ksize, (p)->dsize)
+
+/* Get the number of bytes in the user's key/data pair. */
+#define NBLEAFDBT(ksize, dsize)						\
+	LALIGN(sizeof(u_int32_t) + sizeof(u_int32_t) + sizeof(u_char) +	\
+	    (ksize) + (dsize))
+
+/* Copy a BLEAF entry to the page. */
+#define	WR_BLEAF(p, key, data, flags) {					\
+	*(u_int32_t *)(void *)p = key->size;				\
+	p += sizeof(u_int32_t);						\
+	*(u_int32_t *)(void *)p = data->size;				\
+	p += sizeof(u_int32_t);						\
+	*(u_char *)p = flags;						\
+	p += sizeof(u_char);						\
+	memmove(p, key->data, key->size);				\
+	p += key->size;							\
+	memmove(p, data->data, data->size);				\
+}
+
+/* For the recno leaf pages, the item is a data entry. */
+typedef struct _rleaf {
+	u_int32_t	dsize;		/* size of data */
+	u_char	flags;			/* P_BIGDATA */
+	char	bytes[1];
+} RLEAF;
+
+/* Get the page's RLEAF structure at index indx. */
+#define	GETRLEAF(pg, indx)						\
+	((RLEAF *)(void *)((char *)(pg) + (pg)->linp[indx]))
+
+/* Get the number of bytes in the entry. */
+#define NRLEAF(p)	NRLEAFDBT((p)->dsize)
+
+/* Get the number of bytes from the user's data. */
+#define	NRLEAFDBT(dsize)						\
+	LALIGN(sizeof(u_int32_t) + sizeof(u_char) + (dsize))
+
+/* Copy a RLEAF entry to the page. */
+#define	WR_RLEAF(p, data, flags) {					\
+	*(u_int32_t *)(void *)p = data->size;				\
+	p += sizeof(u_int32_t);						\
+	*(u_char *)p = flags;						\
+	p += sizeof(u_char);						\
+	memmove(p, data->data, data->size);				\
+}
+
+/*
+ * A record in the tree is either a pointer to a page and an index in the page
+ * or a page number and an index.  These structures are used as a cursor, stack
+ * entry and search returns as well as to pass records to other routines.
+ *
+ * One comment about searches.  Internal page searches must find the largest
+ * record less than key in the tree so that descents work.  Leaf page searches
+ * must find the smallest record greater than key so that the returned index
+ * is the record's correct position for insertion.
+ */
+typedef struct _epgno {
+	db_pgno_t	pgno;			/* the page number */
+	indx_t	index;			/* the index on the page */
+} EPGNO;
+
+typedef struct _epg {
+	PAGE	*page;			/* the (pinned) page */
+	indx_t	 index;			/* the index on the page */
+} EPG;
+
+/*
+ * About cursors.  The cursor (and the page that contained the key/data pair
+ * that it referenced) can be deleted, which makes things a bit tricky.  If
+ * there are no duplicates of the cursor key in the tree (i.e. B_NODUPS is set
+ * or there simply aren't any duplicates of the key) we copy the key that it
+ * referenced when it's deleted, and reacquire a new cursor key if the cursor
+ * is used again.  If there are duplicates keys, we move to the next/previous
+ * key, and set a flag so that we know what happened.  NOTE: if duplicate (to
+ * the cursor) keys are added to the tree during this process, it is undefined
+ * if they will be returned or not in a cursor scan.
+ *
+ * The flags determine the possible states of the cursor:
+ *
+ * CURS_INIT	The cursor references *something*.
+ * CURS_ACQUIRE	The cursor was deleted, and a key has been saved so that
+ *		we can reacquire the right position in the tree.
+ * CURS_AFTER, CURS_BEFORE
+ *		The cursor was deleted, and now references a key/data pair
+ *		that has not yet been returned, either before or after the
+ *		deleted key/data pair.
+ * XXX
+ * This structure is broken out so that we can eventually offer multiple
+ * cursors as part of the DB interface.
+ */
+typedef struct _cursor {
+	EPGNO	 pg;			/* B: Saved tree reference. */
+	DBT	 key;			/* B: Saved key, or key.data == NULL. */
+	recno_t	 rcursor;		/* R: recno cursor (1-based) */
+
+#define	CURS_ACQUIRE	0x01		/*  B: Cursor needs to be reacquired. */
+#define	CURS_AFTER	0x02		/*  B: Unreturned cursor after key. */
+#define	CURS_BEFORE	0x04		/*  B: Unreturned cursor before key. */
+#define	CURS_INIT	0x08		/* RB: Cursor initialized. */
+	u_int8_t flags;
+} CURSOR;
+
+/*
+ * The metadata of the tree.  The nrecs field is used only by the RECNO code.
+ * This is because the btree doesn't really need it and it requires that every
+ * put or delete call modify the metadata.
+ */
+typedef struct _btmeta {
+	u_int32_t	magic;		/* magic number */
+	u_int32_t	version;	/* version */
+	u_int32_t	psize;		/* page size */
+	u_int32_t	free;		/* page number of first free page */
+	u_int32_t	nrecs;		/* R: number of records */
+
+#define	SAVEMETA	(B_NODUPS | R_RECNO)
+	u_int32_t	flags;		/* bt_flags & SAVEMETA */
+} BTMETA;
+
+/* The in-memory btree/recno data structure. */
+typedef struct _btree {
+	MPOOL	 *bt_mp;		/* memory pool cookie */
+
+	DB	 *bt_dbp;		/* pointer to enclosing DB */
+
+	EPG	  bt_cur;		/* current (pinned) page */
+	PAGE	 *bt_pinned;		/* page pinned across calls */
+
+	CURSOR	  bt_cursor;		/* cursor */
+
+#define	BT_PUSH(t, p, i) {						\
+	t->bt_sp->pgno = p; 						\
+	t->bt_sp->index = i; 						\
+	++t->bt_sp;							\
+}
+#define	BT_POP(t)	(t->bt_sp == t->bt_stack ? NULL : --t->bt_sp)
+#define	BT_CLR(t)	(t->bt_sp = t->bt_stack)
+	EPGNO	  bt_stack[50];		/* stack of parent pages */
+	EPGNO	 *bt_sp;		/* current stack pointer */
+
+	DBT	  bt_rkey;		/* returned key */
+	DBT	  bt_rdata;		/* returned data */
+
+	int	  bt_fd;		/* tree file descriptor */
+
+	db_pgno_t	  bt_free;		/* next free page */
+	u_int32_t bt_psize;		/* page size */
+	indx_t	  bt_ovflsize;		/* cut-off for key/data overflow */
+	int	  bt_lorder;		/* byte order */
+					/* sorted order */
+	enum { NOT, BACK, FORWARD } bt_order;
+	EPGNO	  bt_last;		/* last insert */
+
+					/* B: key comparison function */
+	int	(*bt_cmp) __P((const DBT *, const DBT *));
+					/* B: prefix comparison function */
+	size_t	(*bt_pfx) __P((const DBT *, const DBT *));
+					/* R: recno input function */
+	int	(*bt_irec) __P((struct _btree *, recno_t));
+
+	FILE	 *bt_rfp;		/* R: record FILE pointer */
+	int	  bt_rfd;		/* R: record file descriptor */
+
+	caddr_t	  bt_cmap;		/* R: current point in mapped space */
+	caddr_t	  bt_smap;		/* R: start of mapped space */
+	caddr_t   bt_emap;		/* R: end of mapped space */
+	size_t	  bt_msize;		/* R: size of mapped region. */
+
+	recno_t	  bt_nrecs;		/* R: number of records */
+	size_t	  bt_reclen;		/* R: fixed record length */
+	u_char	  bt_bval;		/* R: delimiting byte/pad character */
+
+/*
+ * NB:
+ * B_NODUPS and R_RECNO are stored on disk, and may not be changed.
+ */
+#define	B_INMEM		0x00001		/* in-memory tree */
+#define	B_METADIRTY	0x00002		/* need to write metadata */
+#define	B_MODIFIED	0x00004		/* tree modified */
+#define	B_NEEDSWAP	0x00008		/* if byte order requires swapping */
+#define	B_RDONLY	0x00010		/* read-only tree */
+
+#define	B_NODUPS	0x00020		/* no duplicate keys permitted */
+#define	R_RECNO		0x00080		/* record oriented tree */
+
+#define	R_CLOSEFP	0x00040		/* opened a file pointer */
+#define	R_EOF		0x00100		/* end of input file reached. */
+#define	R_FIXLEN	0x00200		/* fixed length records */
+#define	R_MEMMAPPED	0x00400		/* memory mapped file. */
+#define	R_INMEM		0x00800		/* in-memory file */
+#define	R_MODIFIED	0x01000		/* modified file */
+#define	R_RDONLY	0x02000		/* read-only file */
+
+#define	B_DB_LOCK	0x04000		/* DB_LOCK specified. */
+#define	B_DB_SHMEM	0x08000		/* DB_SHMEM specified. */
+#define	B_DB_TXN	0x10000		/* DB_TXN specified. */
+	u_int32_t flags;
+} BTREE;
+
+#include "extern.h"
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/deps
new file mode 100644
index 00000000..b28516d9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/deps
@@ -0,0 +1,56 @@
+#
+# Generated makefile dependencies follow.
+#
+bt_close.so bt_close.po $(OUTPRE)bt_close.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_close.c btree.h extern.h
+bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  bt_conv.c btree.h extern.h
+bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_debug.c btree.h extern.h
+bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_delete.c btree.h extern.h
+bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  bt_get.c btree.h extern.h
+bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  bt_open.c btree.h extern.h
+bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_overflow.c btree.h extern.h
+bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  bt_page.c btree.h extern.h
+bt_put.so bt_put.po $(OUTPRE)bt_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  bt_put.c btree.h extern.h
+bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_search.c btree.h extern.h
+bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  bt_seq.c btree.h extern.h
+bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_split.c btree.h extern.h
+bt_utils.so bt_utils.po $(OUTPRE)bt_utils.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h bt_utils.c btree.h extern.h
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/extern.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/extern.h
new file mode 100644
index 00000000..9f4082af
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/extern.h
@@ -0,0 +1,101 @@
+/*-
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)extern.h	8.11 (Berkeley) 1/9/95
+ */
+
+#define __bt_close	__kdb2_bt_close
+#define __bt_cmp	__kdb2_bt_cmp
+#define __bt_crsrdel	__kdb2_bt_crsrdel
+#define __bt_defcmp	__kdb2_bt_defcmp
+#define __bt_defpfx	__kdb2_bt_defpfx
+#define __bt_delete	__kdb2_bt_delete
+#define __bt_dleaf	__kdb2_bt_deleaf
+#define __bt_fd		__kdb2_bt_fd
+#define __bt_free	__kdb2_bt_free
+#define __bt_get	__kdb2_bt_get
+#define __bt_new	__kdb2_bt_new
+#define __bt_pgin	__kdb2_bt_pgin
+#define __bt_pgout	__kdb2_bt_pgout
+#define __bt_push	__kdb2_bt_push
+#define __bt_put	__kdb2_bt_put
+#define __bt_ret	__kdb2_bt_ret
+#define __bt_search	__kdb2_bt_search
+#define __bt_seq	__kdb2_bt_seq
+#define __bt_setcur	__kdb2_bt_setcur
+#define __bt_split	__kdb2_bt_split
+#define __bt_sync	__kdb2_bt_sync
+#define __ovfl_delete	__kdb2_ovfl_delete
+#define __ovfl_get	__kdb2_ovfl_get
+#define __ovfl_put	__kdb2_ovfl_put
+#define __bt_dnpage	__kdb2_bt_dnpage
+#define __bt_dmpage	__kdb2_bt_dmpage
+#define __bt_dpage	__kdb2_bt_dpage
+#define __bt_dump	__kdb2_bt_dump
+#define __bt_stat	__kdb2_bt_stat
+#define __bt_relink	__kdb2_bt_relink
+
+int	 __bt_close __P((DB *));
+int	 __bt_cmp __P((BTREE *, const DBT *, EPG *));
+int	 __bt_crsrdel __P((BTREE *, EPGNO *));
+int	 __bt_defcmp __P((const DBT *, const DBT *));
+size_t	 __bt_defpfx __P((const DBT *, const DBT *));
+int	 __bt_delete __P((const DB *, const DBT *, u_int));
+int	 __bt_dleaf __P((BTREE *, const DBT *, PAGE *, u_int));
+int	 __bt_fd __P((const DB *));
+int	 __bt_free __P((BTREE *, PAGE *));
+int	 __bt_get __P((const DB *, const DBT *, DBT *, u_int));
+PAGE	*__bt_new __P((BTREE *, db_pgno_t *));
+void	 __bt_pgin __P((void *, db_pgno_t, void *));
+void	 __bt_pgout __P((void *, db_pgno_t, void *));
+int	 __bt_push __P((BTREE *, db_pgno_t, int));
+int	 __bt_put __P((const DB *dbp, DBT *, const DBT *, u_int));
+int	 __bt_ret __P((BTREE *, EPG *, DBT *, DBT *, DBT *, DBT *, int));
+EPG	*__bt_search __P((BTREE *, const DBT *, int *));
+int	 __bt_seq __P((const DB *, DBT *, DBT *, u_int));
+void	 __bt_setcur __P((BTREE *, db_pgno_t, u_int));
+int	 __bt_split __P((BTREE *, PAGE *,
+	    const DBT *, const DBT *, int, size_t, u_int32_t));
+int	 __bt_sync __P((const DB *, u_int));
+
+int	 __ovfl_delete __P((BTREE *, void *));
+int	 __ovfl_get __P((BTREE *, void *, size_t *, void **, size_t *));
+int	 __ovfl_put __P((BTREE *, const DBT *, db_pgno_t *));
+
+int	 __bt_dnpage __P((DB *, db_pgno_t));
+int	 __bt_dpage __P((DB *, PAGE *));
+int	 __bt_dmpage __P((PAGE *));
+int	 __bt_dump __P((DB *));
+
+int	 __bt_stat __P((DB *));
+
+int	 __bt_relink __P((BTREE *, PAGE *));
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/Makefile.in
new file mode 100644
index 00000000..1b9afa1c
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/Makefile.in
@@ -0,0 +1,12 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2$(S)db
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+STLIBOBJS=db.o
+
+LOCALINCLUDES=	-I. -I$(srcdir)/../include -I../include -I$(srcdir)/../mpool
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+@libobj_frag@
+
+SRCS= $(STLIBOBJS:.o=.c)
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/Makefile.inc
new file mode 100644
index 00000000..59478ba1
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/Makefile.inc
@@ -0,0 +1,5 @@
+#       @(#)Makefile.inc	8.1 (Berkeley) 6/4/93
+
+.PATH: ${.CURDIR}/db/db
+
+SRCS+=	db.c
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/db.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/db.c
new file mode 100644
index 00000000..fba77953
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/db.c
@@ -0,0 +1,99 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)db.c	8.4 (Berkeley) 2/21/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#include "db-int.h"
+
+DB *
+kdb2_dbopen(fname, flags, mode, type, openinfo)
+	const char *fname;
+	int flags, mode;
+	DBTYPE type;
+	const void *openinfo;
+{
+
+#define	DB_FLAGS	(DB_LOCK | DB_SHMEM | DB_TXN)
+#define	USE_OPEN_FLAGS							\
+	(O_CREAT | O_EXCL | O_EXLOCK | O_NONBLOCK | O_RDONLY |		\
+	 O_RDWR | O_SHLOCK | O_TRUNC | O_BINARY)
+
+	if ((flags & ~(USE_OPEN_FLAGS | DB_FLAGS)) == 0)
+		switch (type) {
+		case DB_BTREE:
+			return (__bt_open(fname, flags & USE_OPEN_FLAGS,
+			    mode, openinfo, flags & DB_FLAGS));
+		case DB_HASH:
+			return (__hash_open(fname, flags & USE_OPEN_FLAGS,
+			    mode, openinfo, flags & DB_FLAGS));
+		case DB_RECNO:
+			return (__rec_open(fname, flags & USE_OPEN_FLAGS,
+			    mode, openinfo, flags & DB_FLAGS));
+		}
+	errno = EINVAL;
+	return (NULL);
+}
+
+static int
+__dberr()
+{
+	return (RET_ERROR);
+}
+
+/*
+ * __DBPANIC -- Stop.
+ *
+ * Parameters:
+ *	dbp:	pointer to the DB structure.
+ */
+void
+__dbpanic(dbp)
+	DB *dbp;
+{
+	/* The only thing that can succeed is a close. */
+	dbp->del = (int (*)())__dberr;
+	dbp->fd = (int (*)())__dberr;
+	dbp->get = (int (*)())__dberr;
+	dbp->put = (int (*)())__dberr;
+	dbp->seq = (int (*)())__dberr;
+	dbp->sync = (int (*)())__dberr;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/deps
new file mode 100644
index 00000000..87645c9d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/db/deps
@@ -0,0 +1,6 @@
+#
+# Generated makefile dependencies follow.
+#
+db.so db.po $(OUTPRE)db.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  db.c
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/btree.3.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/btree.3.ps
new file mode 100644
index 00000000..c79c9723
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/btree.3.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/dbopen.3.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/dbopen.3.ps
new file mode 100644
index 00000000..c621bef9
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/dbopen.3.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/hash.3.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/hash.3.ps
new file mode 100644
index 00000000..18303cfb
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/hash.3.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/hash.usenix.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/hash.usenix.ps
new file mode 100644
index 00000000..acdea099
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/hash.usenix.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/libtp.usenix.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/libtp.usenix.ps
new file mode 100644
index 00000000..5b5ba6e1
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/libtp.usenix.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/mpool.3.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/mpool.3.ps
new file mode 100644
index 00000000..816c9243
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/mpool.3.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/recno.3.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/recno.3.ps
new file mode 100644
index 00000000..8ffccfca
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/docs/recno.3.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/Makefile.in
new file mode 100644
index 00000000..2283552a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/Makefile.in
@@ -0,0 +1,14 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2$(S)hash
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+STLIBOBJS=	hash.o hash_bigkey.o hash_debug.o hash_func.o hash_log2.o \
+		hash_page.o hsearch.o dbm.o
+
+LOCALINCLUDES=	-I. -I$(srcdir)/../include -I../include -I$(srcdir)/../mpool \
+		-I$(srcdir)/../db
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+@libobj_frag@
+
+SRCS= $(STLIBOBJS:.o=.c)
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/Makefile.inc
new file mode 100644
index 00000000..87746f72
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/Makefile.inc
@@ -0,0 +1,6 @@
+#       @(#)Makefile.inc	8.2 (Berkeley) 11/7/95
+
+.PATH: ${.CURDIR}/db/hash
+
+SRCS+=	hash.c hash_bigkey.c hash_buf.c hash_func.c hash_log2.c \
+	hash_page.c hsearch.c dbm.c
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/dbm.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/dbm.c
new file mode 100644
index 00000000..4878cbc0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/dbm.c
@@ -0,0 +1,359 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)dbm.c	8.6 (Berkeley) 11/7/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include "db-int.h"
+
+#include <sys/param.h>
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "db-ndbm.h"
+#include "db-dbm.h"
+#include "hash.h"
+
+/* If the two size fields of datum and DBMT are not equal, then
+ * casting between structures will result in stack garbage being
+ * transferred. Has been observed for DEC Alpha OSF, but will handle
+ *  the general case.
+ */
+
+#define NEED_COPY
+
+/*
+ *
+ * This package provides dbm and ndbm compatible interfaces to DB.
+ * First are the DBM routines, which call the NDBM routines, and
+ * the NDBM routines, which call the DB routines.
+ */
+static DBM *__cur_db;
+
+static void no_open_db __P((void));
+
+int
+kdb2_dbminit(file)
+	char *file;
+{
+	if (__cur_db != NULL)
+		(void)kdb2_dbm_close(__cur_db);
+	if ((__cur_db = kdb2_dbm_open(file, O_RDWR|O_BINARY, 0)) != NULL)
+		return (0);
+	if ((__cur_db = kdb2_dbm_open(file, O_RDONLY|O_BINARY, 0)) != NULL)
+		return (0);
+	return (-1);
+}
+
+datum
+kdb2_fetch(key)
+	datum key;
+{
+	datum item;
+
+	if (__cur_db == NULL) {
+		no_open_db();
+		item.dptr = 0;
+		item.dsize = 0;
+		return (item);
+	}
+	return (kdb2_dbm_fetch(__cur_db, key));
+}
+
+datum
+kdb2_firstkey()
+{
+	datum item;
+
+	if (__cur_db == NULL) {
+		no_open_db();
+		item.dptr = 0;
+		item.dsize = 0;
+		return (item);
+	}
+	return (kdb2_dbm_firstkey(__cur_db));
+}
+
+datum
+kdb2_nextkey(key)
+	datum key;
+{
+	datum item;
+
+	if (__cur_db == NULL) {
+		no_open_db();
+		item.dptr = 0;
+		item.dsize = 0;
+		return (item);
+	}
+	return (kdb2_dbm_nextkey(__cur_db));
+}
+
+int
+kdb2_delete(key)
+	datum key;
+{
+	if (__cur_db == NULL) {
+		no_open_db();
+		return (-1);
+	}
+	return (kdb2_dbm_delete(__cur_db, key));
+}
+
+int
+kdb2_store(key, dat)
+	datum key, dat;
+{
+	if (__cur_db == NULL) {
+		no_open_db();
+		return (-1);
+	}
+	return (kdb2_dbm_store(__cur_db, key, dat, DBM_REPLACE));
+}
+
+static void
+no_open_db()
+{
+	(void)fprintf(stderr, "dbm: no open database.\n");
+}
+
+/*
+ * Returns:
+ * 	*DBM on success
+ *	 NULL on failure
+ */
+DBM *
+kdb2_dbm_open(file, flags, mode)
+	const char *file;
+	int flags, mode;
+{
+	HASHINFO info;
+	char path[MAXPATHLEN];
+
+	info.bsize = 4096;
+	info.ffactor = 40;
+	info.nelem = 1;
+	info.cachesize = 0;
+	info.hash = NULL;
+	info.lorder = 0;
+	(void)strncpy(path, file, sizeof(path) - 1);
+	path[sizeof(path) - 1] = '\0';
+	(void)strncat(path, DBM_SUFFIX, sizeof(path) - 1 - strlen(path));
+	return ((DBM *)__hash_open(path, flags, mode, &info, 0));
+}
+
+/*
+ * Returns:
+ *	Nothing.
+ */
+void
+kdb2_dbm_close(db)
+	DBM *db;
+{
+	(void)(db->close)(db);
+}
+
+/*
+ * Returns:
+ *	DATUM on success
+ *	NULL on failure
+ */
+datum
+kdb2_dbm_fetch(db, key)
+	DBM *db;
+	datum key;
+{
+	datum retval;
+	int status;
+
+#ifdef NEED_COPY
+	DBT k, r;
+
+	k.data = key.dptr;
+	k.size = key.dsize;
+	status = (db->get)(db, &k, &r, 0);
+	retval.dptr = r.data;
+	retval.dsize = r.size;
+#else
+	status = (db->get)(db, (DBT *)&key, (DBT *)&retval, 0);
+#endif
+	if (status) {
+		retval.dptr = NULL;
+		retval.dsize = 0;
+	}
+	return (retval);
+}
+
+/*
+ * Returns:
+ *	DATUM on success
+ *	NULL on failure
+ */
+datum
+kdb2_dbm_firstkey(db)
+	DBM *db;
+{
+	int status;
+	datum retkey;
+
+#ifdef NEED_COPY
+	DBT k, r;
+
+	status = (db->seq)(db, &k, &r, R_FIRST);
+	retkey.dptr = k.data;
+	retkey.dsize = k.size;
+#else
+	datum retdata;
+
+	status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_FIRST);
+#endif
+	if (status)
+		retkey.dptr = NULL;
+	return (retkey);
+}
+
+/*
+ * Returns:
+ *	DATUM on success
+ *	NULL on failure
+ */
+datum
+kdb2_dbm_nextkey(db)
+	DBM *db;
+{
+	int status;
+	datum retkey;
+
+#ifdef NEED_COPY
+	DBT k, r;
+
+	status = (db->seq)(db, &k, &r, R_NEXT);
+	retkey.dptr = k.data;
+	retkey.dsize = k.size;
+#else
+	datum retdata;
+
+	status = (db->seq)(db, (DBT *)&retkey, (DBT *)&retdata, R_NEXT);
+#endif
+	if (status)
+		retkey.dptr = NULL;
+	return (retkey);
+}
+
+/*
+ * Returns:
+ *	 0 on success
+ *	<0 failure
+ */
+int
+kdb2_dbm_delete(db, key)
+	DBM *db;
+	datum key;
+{
+	int status;
+
+#ifdef NEED_COPY
+	DBT k;
+
+	k.data = key.dptr;
+	k.size = key.dsize;
+	status = (db->del)(db, &k, 0);
+#else
+	status = (db->del)(db, (DBT *)&key, 0);
+#endif
+	if (status)
+		return (-1);
+	else
+		return (0);
+}
+
+/*
+ * Returns:
+ *	 0 on success
+ *	<0 failure
+ *	 1 if DBM_INSERT and entry exists
+ */
+int
+kdb2_dbm_store(db, key, content, flags)
+	DBM *db;
+	datum key, content;
+	int flags;
+{
+#ifdef NEED_COPY
+	DBT k, c;
+
+	k.data = key.dptr;
+	k.size = key.dsize;
+	c.data = content.dptr;
+	c.size = content.dsize;
+	return ((db->put)(db, &k, &c,
+	    (flags == DBM_INSERT) ? R_NOOVERWRITE : 0));
+#else
+	return ((db->put)(db, (DBT *)&key, (DBT *)&content,
+	    (flags == DBM_INSERT) ? R_NOOVERWRITE : 0));
+#endif
+}
+
+int
+kdb2_dbm_error(db)
+	DBM *db;
+{
+	HTAB *hp;
+
+	hp = (HTAB *)db->internal;
+	return (hp->local_errno);
+}
+
+int
+kdb2_dbm_clearerr(db)
+	DBM *db;
+{
+	HTAB *hp;
+
+	hp = (HTAB *)db->internal;
+	hp->local_errno = 0;
+	return (0);
+}
+
+int
+kdb2_dbm_dirfno(db)
+	DBM *db;
+{
+	return(((HTAB *)db->internal)->fp);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/deps
new file mode 100644
index 00000000..ac4ca549
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/deps
@@ -0,0 +1,37 @@
+#
+# Generated makefile dependencies follow.
+#
+hash.so hash.po $(OUTPRE)hash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  extern.h hash.c hash.h page.h
+hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h hash.h hash_bigkey.c \
+  page.h
+hash_debug.so hash_debug.po $(OUTPRE)hash_debug.$(OBJEXT): \
+  hash_debug.c
+hash_func.so hash_func.po $(OUTPRE)hash_func.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h hash.h hash_func.c \
+  page.h
+hash_log2.so hash_log2.po $(OUTPRE)hash_log2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h hash.h hash_log2.c \
+  page.h
+hash_page.so hash_page.po $(OUTPRE)hash_page.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h hash.h hash_page.c \
+  page.h
+hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  hsearch.c search.h
+dbm.so dbm.po $(OUTPRE)dbm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-dbm.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-ndbm.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  dbm.c hash.h
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/extern.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/extern.h
new file mode 100644
index 00000000..872b6b0f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/extern.h
@@ -0,0 +1,109 @@
+/*-
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)extern.h	8.8 (Berkeley) 11/7/95
+ */
+
+#define __add_bigpage		__kdb2_add_bigpage
+#define __add_ovflpage		__kdb2_add_ovflpage
+#define __addel			__kdb2_addel
+#define __alloc_tmp		__kdb2_alloc_tmp
+#define __big_delete		__kdb2_big_delete
+#define __big_insert		__kdb2_big_insert
+#define __big_keydata		__kdb2_big_keydata
+#define __big_return		__kdb2_big_return
+#define __call_hash		__kdb2_call_hash
+#define __cursor_creat		__kdb2_cursor_creat
+#define __delete_page		__kdb2_delete_page
+#define __delpair		__kdb2_delpair
+#define __expand_table		__kdb2_expand_table
+#define __find_bigpair		__kdb2_find_bigpair
+#define __free_ovflpage		__kdb2_free_ovflpage
+#define __get_bigkey		__kdb2_get_bigkey
+#define __get_buf		__kdb2_get_buf
+#define __get_item		__kdb2_get_item
+#define __get_item_done		__kdb2_get_item_done
+#define __get_item_first	__kdb2_get_item_first
+#define __get_item_next		__kdb2_get_item_next
+#define __get_item_reset	__kdb2_get_item_reset
+#define __get_page		__kdb2_get_page
+#define __ibitmap		__kdb2_ibitmap
+#define __log2			__kdb2_log2
+#define __new_page		__kdb2_new_page
+#define __pgin_routine		__kdb2_pgin_routine
+#define __pgout_routine		__kdb2_pgout_routine
+#define __put_buf		__kdb2_put_buf
+#define __put_page		__kdb2_put_page
+#define __reclaim_tmp		__kdb2_reclaim_tmp
+#define __split_page		__kdb2_split_page
+
+PAGE16	 *__add_bigpage __P((HTAB *, PAGE16 *, indx_t, const u_int8_t));
+PAGE16	 *__add_ovflpage __P((HTAB *, PAGE16 *));
+int32_t	  __addel __P((HTAB *, ITEM_INFO *,
+		const DBT *, const DBT *, u_int32_t, const u_int8_t));
+u_int32_t __alloc_tmp __P((HTAB*));
+int32_t	  __big_delete __P((HTAB *, PAGE16 *, indx_t));
+int32_t	  __big_insert __P((HTAB *, PAGE16 *, const DBT *, const DBT *));
+int32_t	  __big_keydata __P((HTAB *, PAGE16 *, DBT *, DBT *, int32_t));
+int32_t	  __big_return __P((HTAB *, ITEM_INFO *, DBT *, int32_t));
+u_int32_t __call_hash __P((HTAB *, int8_t *, int32_t));
+CURSOR	 *__cursor_creat __P((const DB *));
+int32_t	  __delete_page __P((HTAB *, PAGE16 *, int32_t));
+int32_t	  __delpair __P((HTAB *, CURSOR *, ITEM_INFO *));
+int32_t	  __expand_table __P((HTAB *));
+int32_t	  __find_bigpair __P((HTAB *, CURSOR *, int8_t *, int32_t));
+void	  __free_ovflpage __P((HTAB *, PAGE16 *));
+int32_t	  __get_bigkey __P((HTAB *, PAGE16 *, indx_t, DBT *));
+PAGE16	 *__get_buf __P((HTAB *, u_int32_t, int32_t));
+u_int32_t __get_item __P((HTAB *, CURSOR *, DBT *, DBT *, ITEM_INFO *));
+u_int32_t __get_item_done __P((HTAB *, CURSOR *));
+u_int32_t __get_item_first __P((HTAB *, CURSOR *, DBT *, DBT *, ITEM_INFO *));
+u_int32_t __get_item_next __P((HTAB *, CURSOR *, DBT *, DBT *, ITEM_INFO *));
+u_int32_t __get_item_reset __P((HTAB *, CURSOR *));
+PAGE16	 *__get_page __P((HTAB *, u_int32_t, int32_t));
+int32_t	  __ibitmap __P((HTAB *, int32_t, int32_t, int32_t));
+u_int32_t __log2 __P((u_int32_t));
+int32_t	  __new_page __P((HTAB *, u_int32_t, int32_t));
+void	  __pgin_routine __P((void *, db_pgno_t, void *));
+void	  __pgout_routine __P((void *, db_pgno_t, void *));
+u_int32_t __put_buf __P((HTAB *, PAGE16 *, u_int32_t));
+int32_t	  __put_page __P((HTAB *, PAGE16 *, int32_t, int32_t));
+void	  __reclaim_tmp __P((HTAB *));
+int32_t	  __split_page __P((HTAB *, u_int32_t, u_int32_t));
+
+/* Default hash routine. */
+extern u_int32_t (*__default_hash) __P((const void *, size_t));
+
+#ifdef HASH_STATISTICS
+extern long hash_accesses, hash_bigpages, hash_collisions, hash_expansions;
+extern long hash_overflow;
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c
new file mode 100644
index 00000000..862dbb16
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c
@@ -0,0 +1,1054 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash.c	8.12 (Berkeley) 11/7/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#ifdef DEBUG
+#include <assert.h>
+#endif
+
+#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
+
+static int32_t flush_meta __P((HTAB *));
+static int32_t hash_access __P((HTAB *, ACTION, const DBT *, DBT *));
+static int32_t hash_close __P((DB *));
+static int32_t hash_delete __P((const DB *, const DBT *, u_int32_t));
+static int32_t hash_fd __P((const DB *));
+static int32_t hash_get __P((const DB *, const DBT *, DBT *, u_int32_t));
+static int32_t hash_put __P((const DB *, DBT *, const DBT *, u_int32_t));
+static int32_t hash_seq __P((const DB *, DBT *, DBT *, u_int32_t));
+static int32_t hash_sync __P((const DB *, u_int32_t));
+static int32_t hdestroy __P((HTAB *));
+static int32_t cursor_get __P((const DB *, CURSOR *, DBT *, DBT *, \
+	u_int32_t));
+static int32_t cursor_delete __P((const DB *, CURSOR *, u_int32_t));
+static HTAB *init_hash __P((HTAB *, const char *, const HASHINFO *));
+static int32_t init_htab __P((HTAB *, int32_t));
+#if DB_BYTE_ORDER == DB_LITTLE_ENDIAN
+static void swap_header __P((HTAB *));
+static void swap_header_copy __P((HASHHDR *, HASHHDR *));
+#endif
+static u_int32_t hget_header __P((HTAB *, u_int32_t));
+static void hput_header __P((HTAB *));
+
+#define RETURN_ERROR(ERR, LOC)	{ save_errno = ERR; goto LOC; }
+
+/* Return values */
+#define	SUCCESS	 (0)
+#define	ERROR	(-1)
+#define	ABNORMAL (1)
+
+#ifdef HASH_STATISTICS
+u_int32_t hash_accesses, hash_collisions, hash_expansions, hash_overflows,
+	hash_bigpages;
+#endif
+
+/************************** INTERFACE ROUTINES ***************************/
+/* OPEN/CLOSE */
+
+extern DB *
+__kdb2_hash_open(file, flags, mode, info, dflags)
+	const char *file;
+	int flags, mode, dflags;
+	const HASHINFO *info;	/* Special directives for create */
+{
+	struct stat statbuf;
+	DB *dbp;
+	DBT mpool_key;
+	HTAB *hashp;
+	int32_t bpages, csize, new_table, save_errno;
+
+	if (!file || (flags & O_ACCMODE) == O_WRONLY) {
+		errno = EINVAL;
+		return (NULL);
+	}
+	if (!(hashp = (HTAB *)calloc(1, sizeof(HTAB))))
+		return (NULL);
+	hashp->fp = -1;
+	/*
+	 * Even if user wants write only, we need to be able to read
+	 * the actual file, so we need to open it read/write. But, the
+	 * field in the hashp structure needs to be accurate so that
+	 * we can check accesses.
+	 */
+	hashp->flags = flags;
+	hashp->save_file = hashp->flags & O_RDWR;
+
+	new_table = 0;
+	if (!file || (flags & O_TRUNC) ||
+	    (stat(file, &statbuf) && (errno == ENOENT))) {
+		if (errno == ENOENT)
+			errno = 0;	/* In case someone looks at errno. */
+		new_table = 1;
+	}
+	if (file) {
+		if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1)
+			RETURN_ERROR(errno, error0);
+		(void)fcntl(hashp->fp, F_SETFD, 1);
+	}
+
+	/* Process arguments to set up hash table header. */
+	if (new_table) {
+		if (!(hashp = init_hash(hashp, file, info)))
+			RETURN_ERROR(errno, error1);
+	} else {
+		/* Table already exists */
+		if (info && info->hash)
+			hashp->hash = info->hash;
+		else
+			hashp->hash = __default_hash;
+
+		/* copy metadata from page into header */
+		if (hget_header(hashp,
+		    (info && info->bsize ? info->bsize : DEF_BUCKET_SIZE)) !=
+		    sizeof(HASHHDR))
+			RETURN_ERROR(EFTYPE, error1);
+
+		/* Verify file type, versions and hash function */
+		if (hashp->hdr.magic != HASHMAGIC)
+			RETURN_ERROR(EFTYPE, error1);
+#define	OLDHASHVERSION	1
+		if (hashp->hdr.version != HASHVERSION &&
+		    hashp->hdr.version != OLDHASHVERSION)
+			RETURN_ERROR(EFTYPE, error1);
+		if (hashp->hash(CHARKEY, sizeof(CHARKEY))
+		    != hashp->hdr.h_charkey)
+			RETURN_ERROR(EFTYPE, error1);
+		/*
+		 * Figure out how many segments we need.  Max_Bucket is the
+		 * maximum bucket number, so the number of buckets is
+		 * max_bucket + 1.
+		 */
+
+		/* Read in bitmaps */
+		bpages = (hashp->hdr.spares[hashp->hdr.ovfl_point] +
+		    (hashp->hdr.bsize << BYTE_SHIFT) - 1) >>
+		    (hashp->hdr.bshift + BYTE_SHIFT);
+
+		hashp->nmaps = bpages;
+		(void)memset(&hashp->mapp[0], 0, bpages * sizeof(u_int32_t *));
+	}
+
+	/* start up mpool */
+	mpool_key.data = (u_int8_t *)file;
+	mpool_key.size = strlen(file);
+
+	if (info && info->cachesize)
+		csize = info->cachesize / hashp->hdr.bsize;
+	else
+		csize = DEF_CACHESIZE / hashp->hdr.bsize;
+	hashp->mp = mpool_open(&mpool_key, hashp->fp, hashp->hdr.bsize, csize);
+
+	if (!hashp->mp)
+		RETURN_ERROR(errno, error1);
+	mpool_filter(hashp->mp, __pgin_routine, __pgout_routine, hashp);
+
+	/*
+	 * For a new table, set up the bitmaps.
+	 */
+	if (new_table &&
+	   init_htab(hashp, info && info->nelem ? info->nelem : 1))
+		goto error2;
+
+	/* initialize the cursor queue */
+	TAILQ_INIT(&hashp->curs_queue);
+	hashp->seq_cursor = NULL;
+
+
+	/* get a chunk of memory for our split buffer */
+	hashp->split_buf = (PAGE16 *)malloc(hashp->hdr.bsize);
+	if (!hashp->split_buf)
+		goto error2;
+
+	hashp->new_file = new_table;
+
+	if (!(dbp = (DB *)malloc(sizeof(DB))))
+		goto error2;
+
+	dbp->internal = hashp;
+	dbp->close = hash_close;
+	dbp->del = hash_delete;
+	dbp->fd = hash_fd;
+	dbp->get = hash_get;
+	dbp->put = hash_put;
+	dbp->seq = hash_seq;
+	dbp->sync = hash_sync;
+	dbp->type = DB_HASH;
+
+#ifdef DEBUG
+	(void)fprintf(stderr,
+	    "%s\n%s%lx\n%s%d\n%s%d\n%s%d\n%s%d\n%s%d\n%s%x\n%s%x\n%s%d\n%s%d\n",
+	    "init_htab:",
+	    "TABLE POINTER   ", (void *)hashp,
+	    "BUCKET SIZE     ", hashp->hdr.bsize,
+	    "BUCKET SHIFT    ", hashp->hdr.bshift,
+	    "FILL FACTOR     ", hashp->hdr.ffactor,
+	    "MAX BUCKET      ", hashp->hdr.max_bucket,
+	    "OVFL POINT      ", hashp->hdr.ovfl_point,
+	    "LAST FREED      ", hashp->hdr.last_freed,
+	    "HIGH MASK       ", hashp->hdr.high_mask,
+	    "LOW  MASK       ", hashp->hdr.low_mask,
+	    "NKEYS           ", hashp->hdr.nkeys);
+#endif
+#ifdef HASH_STATISTICS
+	hash_overflows = hash_accesses = hash_collisions = hash_expansions = 0;
+	hash_bigpages = 0;
+#endif
+	return (dbp);
+
+error2:
+	save_errno = errno;
+	hdestroy(hashp);
+	errno = save_errno;
+	return (NULL);
+
+error1:
+	if (hashp != NULL)
+		(void)close(hashp->fp);
+
+error0:
+	free(hashp);
+	errno = save_errno;
+	return (NULL);
+}
+
+static int32_t
+hash_close(dbp)
+	DB *dbp;
+{
+	HTAB *hashp;
+	int32_t retval;
+
+	if (!dbp)
+		return (ERROR);
+
+	hashp = (HTAB *)dbp->internal;
+	retval = hdestroy(hashp);
+	free(dbp);
+	return (retval);
+}
+
+static int32_t
+hash_fd(dbp)
+	const DB *dbp;
+{
+	HTAB *hashp;
+
+	if (!dbp)
+		return (ERROR);
+
+	hashp = (HTAB *)dbp->internal;
+	if (hashp->fp == -1) {
+		errno = ENOENT;
+		return (-1);
+	}
+	return (hashp->fp);
+}
+
+/************************** LOCAL CREATION ROUTINES **********************/
+static HTAB *
+init_hash(hashp, file, info)
+	HTAB *hashp;
+	const char *file;
+	const HASHINFO *info;
+{
+	struct stat statbuf;
+
+	hashp->hdr.nkeys = 0;
+	hashp->hdr.lorder = DB_BYTE_ORDER;
+	hashp->hdr.bsize = DEF_BUCKET_SIZE;
+	hashp->hdr.bshift = DEF_BUCKET_SHIFT;
+	hashp->hdr.ffactor = DEF_FFACTOR;
+	hashp->hash = __default_hash;
+	memset(hashp->hdr.spares, 0, sizeof(hashp->hdr.spares));
+	memset(hashp->hdr.bitmaps, 0, sizeof(hashp->hdr.bitmaps));
+
+	/* Fix bucket size to be optimal for file system */
+	if (file != NULL) {
+		if (stat(file, &statbuf))
+			return (NULL);
+		hashp->hdr.bsize = statbuf.st_blksize;
+		if (hashp->hdr.bsize > MAX_BSIZE)
+		    hashp->hdr.bsize = MAX_BSIZE;
+		hashp->hdr.bshift = __log2(hashp->hdr.bsize);
+	}
+	if (info) {
+		if (info->bsize) {
+			/* Round pagesize up to power of 2 */
+			hashp->hdr.bshift = __log2(info->bsize);
+			hashp->hdr.bsize = 1 << hashp->hdr.bshift;
+			if (hashp->hdr.bsize > MAX_BSIZE) {
+				errno = EINVAL;
+				return (NULL);
+			}
+		}
+		if (info->ffactor)
+			hashp->hdr.ffactor = info->ffactor;
+		if (info->hash)
+			hashp->hash = info->hash;
+		if (info->lorder) {
+			if ((info->lorder != DB_BIG_ENDIAN) &&
+			    (info->lorder != DB_LITTLE_ENDIAN)) {
+				errno = EINVAL;
+				return (NULL);
+			}
+			hashp->hdr.lorder = info->lorder;
+		}
+	}
+	return (hashp);
+}
+
+/*
+ * Returns 0 on No Error
+ */
+static int32_t
+init_htab(hashp, nelem)
+	HTAB *hashp;
+	int32_t nelem;
+{
+	int32_t l2, nbuckets;
+
+	/*
+	 * Divide number of elements by the fill factor and determine a
+	 * desired number of buckets.  Allocate space for the next greater
+	 * power of two number of buckets.
+	 */
+	nelem = (nelem - 1) / hashp->hdr.ffactor + 1;
+
+	l2 = __log2(MAX(nelem, 2));
+	nbuckets = 1 << l2;
+
+	hashp->hdr.spares[l2] = l2 + 1;
+	hashp->hdr.spares[l2 + 1] = l2 + 1;
+	hashp->hdr.ovfl_point = l2;
+	hashp->hdr.last_freed = 2;
+
+	hashp->hdr.max_bucket = hashp->hdr.low_mask = nbuckets - 1;
+	hashp->hdr.high_mask = (nbuckets << 1) - 1;
+
+	/*
+	 * The number of header pages is the size of the header divided by
+	 * the amount of freespace on header pages (the page size - the
+	 * size of 1 integer where the length of the header info on that
+	 * page is stored) plus another page if it didn't divide evenly.
+	 */
+	hashp->hdr.hdrpages =
+	    (sizeof(HASHHDR) / (hashp->hdr.bsize - HEADER_OVERHEAD)) +
+	    (((sizeof(HASHHDR) % (hashp->hdr.bsize - HEADER_OVERHEAD)) == 0)
+	    ? 0 : 1);
+
+	/* Create pages for these buckets */
+	/*
+	for (i = 0; i <= hashp->hdr.max_bucket; i++) {
+		if (__new_page(hashp, (u_int32_t)i, A_BUCKET) != 0)
+			return (-1);
+	}
+	*/
+
+	/* First bitmap page is at: splitpoint l2 page offset 1 */
+	if (__ibitmap(hashp, OADDR_OF(l2, 1), l2 + 1, 0))
+		return (-1);
+
+	return (0);
+}
+
+/*
+ * Functions to get/put hash header.  We access the file directly.
+ */
+static u_int32_t
+hget_header(hashp, page_size)
+	HTAB *hashp;
+	u_int32_t page_size;
+{
+	u_int32_t num_copied;
+	u_int8_t *hdr_dest;
+
+	num_copied = 0;
+
+	hdr_dest = (u_int8_t *)&hashp->hdr;
+
+	/*
+	 * XXX
+	 * This should not be printing to stderr on a "normal" error case.
+	 */
+	lseek(hashp->fp, 0, SEEK_SET);
+	num_copied = read(hashp->fp, hdr_dest, sizeof(HASHHDR));
+	if (num_copied != sizeof(HASHHDR)) {
+		fprintf(stderr, "hash: could not retrieve header");
+		return (0);
+	}
+#if DB_BYTE_ORDER == DB_LITTLE_ENDIAN
+	swap_header(hashp);
+#endif
+	return (num_copied);
+}
+
+static void
+hput_header(hashp)
+	HTAB *hashp;
+{
+	HASHHDR *whdrp;
+#if DB_BYTE_ORDER == DB_LITTLE_ENDIAN
+	HASHHDR whdr;
+#endif
+	u_int32_t num_copied;
+
+	num_copied = 0;
+
+	whdrp = &hashp->hdr;
+#if DB_BYTE_ORDER == DB_LITTLE_ENDIAN
+	whdrp = &whdr;
+	swap_header_copy(&hashp->hdr, whdrp);
+#endif
+
+	lseek(hashp->fp, 0, SEEK_SET);
+	num_copied = write(hashp->fp, whdrp, sizeof(HASHHDR));
+	if (num_copied != sizeof(HASHHDR))
+		(void)fprintf(stderr, "hash: could not write hash header");
+	return;
+}
+
+/********************** DESTROY/CLOSE ROUTINES ************************/
+
+/*
+ * Flushes any changes to the file if necessary and destroys the hashp
+ * structure, freeing all allocated space.
+ */
+static int32_t
+hdestroy(hashp)
+	HTAB *hashp;
+{
+	int32_t save_errno;
+
+	save_errno = 0;
+
+#ifdef HASH_STATISTICS
+	{ int i;
+	(void)fprintf(stderr, "hdestroy: accesses %ld collisions %ld\n",
+	    hash_accesses, hash_collisions);
+	(void)fprintf(stderr,
+	    "hdestroy: expansions %ld\n", hash_expansions);
+	(void)fprintf(stderr,
+	    "hdestroy: overflows %ld\n", hash_overflows);
+	(void)fprintf(stderr,
+	    "hdestroy: big key/data pages %ld\n", hash_bigpages);
+	(void)fprintf(stderr,
+	    "keys %ld maxp %d\n", hashp->hdr.nkeys, hashp->hdr.max_bucket);
+
+	for (i = 0; i < NCACHED; i++)
+		(void)fprintf(stderr,
+		    "spares[%d] = %d\n", i, hashp->hdr.spares[i]);
+	}
+#endif
+
+	if (flush_meta(hashp) && !save_errno)
+		save_errno = errno;
+
+	/* Free the split page */
+	if (hashp->split_buf)
+		free(hashp->split_buf);
+
+	/* Free the big key and big data returns */
+	if (hashp->bigkey_buf)
+		free(hashp->bigkey_buf);
+	if (hashp->bigdata_buf)
+		free(hashp->bigdata_buf);
+
+	/* XXX This should really iterate over the cursor queue, but
+	   it's not clear how to do that, and the only cursor a hash
+	   table ever creates is the one used by hash_seq().  Passing
+	   NULL as the first arg is also a kludge, but I know that
+	   it's never used, so I do it.  The intent is to plug the
+	   memory leak.  Correctness can come later. */
+
+	if (hashp->seq_cursor)
+		hashp->seq_cursor->delete(NULL, hashp->seq_cursor, 0);
+
+	/* shut down mpool */
+	mpool_sync(hashp->mp);
+	mpool_close(hashp->mp);
+
+	if (hashp->fp != -1)
+		(void)close(hashp->fp);
+
+	/*
+	 * *** This may cause problems if hashp->fname is set in any case
+	 * other than the case that we are generating a temporary file name.
+	 * Note that the new version of mpool should support temporary
+	 * files within mpool itself.
+	 */
+	if (hashp->fname && !hashp->save_file) {
+#ifdef DEBUG
+		fprintf(stderr, "Unlinking file %s.\n", hashp->fname);
+#endif
+		/* we need to chmod the file to allow it to be deleted... */
+		chmod(hashp->fname, 0700);
+		unlink(hashp->fname);
+	}
+	free(hashp);
+
+	if (save_errno) {
+		errno = save_errno;
+		return (ERROR);
+	}
+	return (SUCCESS);
+}
+
+/*
+ * Write modified pages to disk
+ *
+ * Returns:
+ *	 0 == OK
+ *	-1 ERROR
+ */
+static int32_t
+hash_sync(dbp, flags)
+	const DB *dbp;
+	u_int32_t flags;
+{
+	HTAB *hashp;
+
+	hashp = (HTAB *)dbp->internal;
+
+	/*
+	 * XXX
+	 * Check success/failure conditions.
+	 */
+	return (flush_meta(hashp) || mpool_sync(hashp->mp));
+}
+
+/*
+ * Returns:
+ *	 0 == OK
+ *	-1 indicates that errno should be set
+ */
+static int32_t
+flush_meta(hashp)
+	HTAB *hashp;
+{
+	int32_t i;
+
+	if (!hashp->save_file)
+		return (0);
+	hashp->hdr.magic = HASHMAGIC;
+	hashp->hdr.version = HASHVERSION;
+	hashp->hdr.h_charkey = hashp->hash(CHARKEY, sizeof(CHARKEY));
+
+	/* write out metadata */
+	hput_header(hashp);
+
+	for (i = 0; i < NCACHED; i++)
+		if (hashp->mapp[i]) {
+			if (__put_page(hashp,
+			    (PAGE16 *)hashp->mapp[i], A_BITMAP, 1))
+				return (-1);
+			hashp->mapp[i] = NULL;
+		}
+	return (0);
+}
+
+/*******************************SEARCH ROUTINES *****************************/
+/*
+ * All the access routines return
+ *
+ * Returns:
+ *	 0 on SUCCESS
+ *	 1 to indicate an external ERROR (i.e. key not found, etc)
+ *	-1 to indicate an internal ERROR (i.e. out of memory, etc)
+ */
+
+/* *** make sure this is true! */
+
+static int32_t
+hash_get(dbp, key, data, flag)
+	const DB *dbp;
+	const DBT *key;
+	DBT *data;
+	u_int32_t flag;
+{
+	HTAB *hashp;
+
+	hashp = (HTAB *)dbp->internal;
+	if (flag) {
+		hashp->local_errno = errno = EINVAL;
+		return (ERROR);
+	}
+	return (hash_access(hashp, HASH_GET, key, data));
+}
+
+static int32_t
+hash_put(dbp, key, data, flag)
+	const DB *dbp;
+	DBT *key;
+	const DBT *data;
+	u_int32_t flag;
+{
+	HTAB *hashp;
+
+	hashp = (HTAB *)dbp->internal;
+	if (flag && flag != R_NOOVERWRITE) {
+		hashp->local_errno = errno = EINVAL;
+		return (ERROR);
+	}
+	if ((hashp->flags & O_ACCMODE) == O_RDONLY) {
+		hashp->local_errno = errno = EPERM;
+		return (ERROR);
+	}
+	return (hash_access(hashp, flag == R_NOOVERWRITE ?
+		HASH_PUTNEW : HASH_PUT, key, (DBT *)data));
+}
+
+static int32_t
+hash_delete(dbp, key, flag)
+	const DB *dbp;
+	const DBT *key;
+	u_int32_t flag;		/* Ignored */
+{
+	HTAB *hashp;
+
+	hashp = (HTAB *)dbp->internal;
+	if (flag) {
+		hashp->local_errno = errno = EINVAL;
+		return (ERROR);
+	}
+	if ((hashp->flags & O_ACCMODE) == O_RDONLY) {
+		hashp->local_errno = errno = EPERM;
+		return (ERROR);
+	}
+
+	return (hash_access(hashp, HASH_DELETE, key, NULL));
+}
+
+/*
+ * Assume that hashp has been set in wrapper routine.
+ */
+static int32_t
+hash_access(hashp, action, key, val)
+	HTAB *hashp;
+	ACTION action;
+	const DBT *key;
+	DBT *val;
+{
+	DBT page_key, page_val;
+	CURSOR cursor;
+	ITEM_INFO item_info;
+	u_int32_t bucket;
+	u_int32_t num_items;
+
+#ifdef HASH_STATISTICS
+	hash_accesses++;
+#endif
+
+	num_items = 0;
+
+	/*
+	 * Set up item_info so that we're looking for space to add an item
+	 * as we cycle through the pages looking for the key.
+	 */
+	if (action == HASH_PUT || action == HASH_PUTNEW) {
+		if (ISBIG(key->size + val->size, hashp))
+			item_info.seek_size = PAIR_OVERHEAD;
+		else
+			item_info.seek_size = key->size + val->size;
+	} else
+		item_info.seek_size = 0;
+	item_info.seek_found_page = 0;
+
+	bucket = __call_hash(hashp, (int8_t *)key->data, key->size);
+
+	cursor.pagep = NULL;
+	__get_item_reset(hashp, &cursor);
+
+	cursor.bucket = bucket;
+	while (1) {
+		__get_item_next(hashp, &cursor, &page_key, &page_val, &item_info);
+		if (item_info.status == ITEM_ERROR)
+			return (ABNORMAL);
+		if (item_info.status == ITEM_NO_MORE)
+			break;
+		num_items++;
+		if (item_info.key_off == BIGPAIR) {
+			/*
+			 * !!!
+			 * 0 is a valid index.
+			 */
+			if (__find_bigpair(hashp, &cursor, (int8_t *)key->data,
+			    key->size) > 0)
+				goto found;
+		} else if (key->size == page_key.size &&
+		    !memcmp(key->data, page_key.data, key->size))
+			goto found;
+	}
+#ifdef HASH_STATISTICS
+	hash_collisions++;
+#endif
+	__get_item_done(hashp, &cursor);
+
+	/*
+	 * At this point, item_info will list either the last page in
+	 * the chain, or the last page in the chain plus a pgno for where
+	 * to find the first page in the chain with space for the
+	 * item we wish to add.
+	 */
+
+	/* Not found */
+	switch (action) {
+	case HASH_PUT:
+	case HASH_PUTNEW:
+		if (__addel(hashp, &item_info, key, val, num_items, 0))
+			return (ERROR);
+		break;
+	case HASH_GET:
+	case HASH_DELETE:
+	default:
+		return (ABNORMAL);
+	}
+
+	if (item_info.caused_expand)
+		__expand_table(hashp);
+	return (SUCCESS);
+
+found:	__get_item_done(hashp, &cursor);
+
+	switch (action) {
+	case HASH_PUTNEW:
+		/* mpool_put(hashp->mp, pagep, 0); */
+		return (ABNORMAL);
+	case HASH_GET:
+		if (item_info.key_off == BIGPAIR) {
+			if (__big_return(hashp, &item_info, val, 0))
+				return (ERROR);
+		} else {
+			val->data = page_val.data;
+			val->size = page_val.size;
+		}
+		/* *** data may not be available! */
+		break;
+	case HASH_PUT:
+		if (__delpair(hashp, &cursor, &item_info) ||
+		    __addel(hashp, &item_info, key, val, UNKNOWN, 0))
+			return (ERROR);
+		__get_item_done(hashp, &cursor);
+		if (item_info.caused_expand)
+			__expand_table(hashp);
+		break;
+	case HASH_DELETE:
+		if (__delpair(hashp, &cursor, &item_info))
+			return (ERROR);
+		break;
+	default:
+		abort();
+	}
+	return (SUCCESS);
+}
+
+/* ****************** CURSORS ********************************** */
+CURSOR *
+__cursor_creat(dbp)
+	const DB *dbp;
+{
+	CURSOR *new_curs;
+	HTAB *hashp;
+
+	new_curs = (CURSOR *)malloc(sizeof(struct cursor_t));
+	if (!new_curs)
+		return NULL;
+	new_curs->internal =
+	    (struct item_info *)malloc(sizeof(struct item_info));
+	if (!new_curs->internal) {
+		free(new_curs);
+		return NULL;
+	}
+	new_curs->get = cursor_get;
+	new_curs->delete = cursor_delete;
+
+	new_curs->bucket = 0;
+	new_curs->pgno = INVALID_PGNO;
+	new_curs->ndx = 0;
+	new_curs->pgndx = 0;
+	new_curs->pagep = NULL;
+
+	/* place onto queue of cursors */
+	hashp = (HTAB *)dbp->internal;
+	TAILQ_INSERT_TAIL(&hashp->curs_queue, new_curs, queue);
+
+	return new_curs;
+}
+
+static int32_t
+cursor_get(dbp, cursorp, key, val, flags)
+	const DB *dbp;
+	CURSOR *cursorp;
+	DBT *key, *val;
+	u_int32_t flags;
+{
+	HTAB *hashp;
+	ITEM_INFO item_info;
+
+	hashp = (HTAB *)dbp->internal;
+
+	if (flags && flags != R_FIRST && flags != R_NEXT) {
+		hashp->local_errno = errno = EINVAL;
+		return (ERROR);
+	}
+#ifdef HASH_STATISTICS
+	hash_accesses++;
+#endif
+
+	item_info.seek_size = 0;
+
+	if (flags == R_FIRST)
+		__get_item_first(hashp, cursorp, key, val, &item_info);
+	else
+		__get_item_next(hashp, cursorp, key, val, &item_info);
+
+	/*
+	 * This needs to be changed around.  As is, get_item_next advances
+	 * the pointers on the page but this function actually advances
+	 * bucket pointers.  This works, since the only other place we
+	 * use get_item_next is in hash_access which only deals with one
+	 * bucket at a time.  However, there is the problem that certain other
+	 * functions (such as find_bigpair and delpair) depend on the
+	 * pgndx member of the cursor.  Right now, they are using pngdx - 1
+	 * since indices refer to the __next__ item that is to be fetched
+	 * from the page.  This is ugly, as you may have noticed, whoever
+	 * you are.  The best solution would be to depend on item_infos to
+	 * deal with _current_ information, and have the cursors only
+	 * deal with _next_ information.  In that scheme, get_item_next
+	 * would also advance buckets.  Version 3...
+	 */
+
+
+	/*
+	 * Must always enter this loop to do error handling and
+	 * check for big key/data pair.
+	 */
+	while (1) {
+		if (item_info.status == ITEM_OK) {
+			if (item_info.key_off == BIGPAIR &&
+			    __big_keydata(hashp, cursorp->pagep, key, val,
+			    item_info.pgndx))
+				return (ABNORMAL);
+
+			break;
+		} else if (item_info.status != ITEM_NO_MORE)
+			return (ABNORMAL);
+
+		__put_page(hashp, cursorp->pagep, A_RAW, 0);
+		cursorp->ndx = cursorp->pgndx = 0;
+		cursorp->bucket++;
+		cursorp->pgno = INVALID_PGNO;
+		cursorp->pagep = NULL;
+		if (cursorp->bucket > hashp->hdr.max_bucket)
+			return (ABNORMAL);
+		__get_item_next(hashp, cursorp, key, val, &item_info);
+	}
+
+	__get_item_done(hashp, cursorp);
+	return (0);
+}
+
+static int32_t
+cursor_delete(dbp, cursor, flags)
+	const DB *dbp;
+	CURSOR *cursor;
+	u_int32_t flags;
+{
+	/* XXX this is empirically determined, so it might not be completely
+	   correct, but it seems to work.  At the very least it fixes
+	   a memory leak */
+
+	free(cursor->internal);
+	free(cursor);
+
+	return (0);
+}
+
+static int32_t
+hash_seq(dbp, key, val, flag)
+	const DB *dbp;
+	DBT *key, *val;
+	u_int32_t flag;
+{
+	HTAB *hashp;
+
+	/*
+	 * Seq just uses the default cursor to go sequecing through the
+	 * database.  Note that the default cursor is the first in the list.
+	 */
+
+	hashp = (HTAB *)dbp->internal;
+	if (!hashp->seq_cursor)
+		hashp->seq_cursor = __cursor_creat(dbp);
+
+	return (hashp->seq_cursor->get(dbp, hashp->seq_cursor, key, val, flag));
+}
+
+/********************************* UTILITIES ************************/
+
+/*
+ * Returns:
+ *	 0 ==> OK
+ *	-1 ==> Error
+ */
+int32_t
+__expand_table(hashp)
+	HTAB *hashp;
+{
+	u_int32_t old_bucket, new_bucket;
+	int32_t spare_ndx;
+
+#ifdef HASH_STATISTICS
+	hash_expansions++;
+#endif
+	new_bucket = ++hashp->hdr.max_bucket;
+	old_bucket = (hashp->hdr.max_bucket & hashp->hdr.low_mask);
+
+	/* Get a page for this new bucket */
+	if (__new_page(hashp, new_bucket, A_BUCKET) != 0)
+		return (-1);
+
+	/*
+	 * If the split point is increasing (hdr.max_bucket's log base 2
+	 * increases), we need to copy the current contents of the spare
+	 * split bucket to the next bucket.
+	 */
+	spare_ndx = __log2(hashp->hdr.max_bucket + 1);
+	if (spare_ndx > hashp->hdr.ovfl_point) {
+		hashp->hdr.spares[spare_ndx] = hashp->hdr.spares[hashp->hdr.ovfl_point];
+		hashp->hdr.ovfl_point = spare_ndx;
+	}
+	if (new_bucket > hashp->hdr.high_mask) {
+		/* Starting a new doubling */
+		hashp->hdr.low_mask = hashp->hdr.high_mask;
+		hashp->hdr.high_mask = new_bucket | hashp->hdr.low_mask;
+	}
+	if (BUCKET_TO_PAGE(new_bucket) > MAX_PAGES(hashp)) {
+		fprintf(stderr, "hash: Cannot allocate new bucket.  Pages exhausted.\n");
+		return (-1);
+	}
+	/* Relocate records to the new bucket */
+	return (__split_page(hashp, old_bucket, new_bucket));
+}
+
+u_int32_t
+__call_hash(hashp, k, len)
+	HTAB *hashp;
+	int8_t *k;
+	int32_t len;
+{
+	u_int32_t n, bucket;
+
+	n = hashp->hash(k, len);
+	bucket = n & hashp->hdr.high_mask;
+	if (bucket > hashp->hdr.max_bucket)
+		bucket = bucket & hashp->hdr.low_mask;
+	return (bucket);
+}
+
+#if DB_BYTE_ORDER == DB_LITTLE_ENDIAN
+/*
+ * Hashp->hdr needs to be byteswapped.
+ */
+static void
+swap_header_copy(srcp, destp)
+	HASHHDR *srcp, *destp;
+{
+	int32_t i;
+
+	P_32_COPY(srcp->magic, destp->magic);
+	P_32_COPY(srcp->version, destp->version);
+	P_32_COPY(srcp->lorder, destp->lorder);
+	P_32_COPY(srcp->bsize, destp->bsize);
+	P_32_COPY(srcp->bshift, destp->bshift);
+	P_32_COPY(srcp->ovfl_point, destp->ovfl_point);
+	P_32_COPY(srcp->last_freed, destp->last_freed);
+	P_32_COPY(srcp->max_bucket, destp->max_bucket);
+	P_32_COPY(srcp->high_mask, destp->high_mask);
+	P_32_COPY(srcp->low_mask, destp->low_mask);
+	P_32_COPY(srcp->ffactor, destp->ffactor);
+	P_32_COPY(srcp->nkeys, destp->nkeys);
+	P_32_COPY(srcp->hdrpages, destp->hdrpages);
+	P_32_COPY(srcp->h_charkey, destp->h_charkey);
+	for (i = 0; i < NCACHED; i++) {
+		P_32_COPY(srcp->spares[i], destp->spares[i]);
+		P_16_COPY(srcp->bitmaps[i], destp->bitmaps[i]);
+	}
+}
+
+static void
+swap_header(hashp)
+	HTAB *hashp;
+{
+	HASHHDR *hdrp;
+	int32_t i;
+
+	hdrp = &hashp->hdr;
+
+	M_32_SWAP(hdrp->magic);
+	M_32_SWAP(hdrp->version);
+	M_32_SWAP(hdrp->lorder);
+	M_32_SWAP(hdrp->bsize);
+	M_32_SWAP(hdrp->bshift);
+	M_32_SWAP(hdrp->ovfl_point);
+	M_32_SWAP(hdrp->last_freed);
+	M_32_SWAP(hdrp->max_bucket);
+	M_32_SWAP(hdrp->high_mask);
+	M_32_SWAP(hdrp->low_mask);
+	M_32_SWAP(hdrp->ffactor);
+	M_32_SWAP(hdrp->nkeys);
+	M_32_SWAP(hdrp->hdrpages);
+	M_32_SWAP(hdrp->h_charkey);
+	for (i = 0; i < NCACHED; i++) {
+		M_32_SWAP(hdrp->spares[i]);
+		M_16_SWAP(hdrp->bitmaps[i]);
+	}
+}
+#endif /* DB_BYTE_ORDER == DB_LITTLE_ENDIAN */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c.patch b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c.patch
new file mode 100644
index 00000000..b72cc0d2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c.patch
@@ -0,0 +1,109 @@
+*** /tmp/,RCSt1a21714	Wed Apr  3 11:49:15 1996
+--- hash.c	Wed Apr  3 08:43:04 1996
+***************
+*** 399,405
+  	/* Create pages for these buckets */
+  	/*
+  	for (i = 0; i <= hashp->hdr.max_bucket; i++) {
+! 		if (__new_page(hashp, i, A_BUCKET) != 0)
+  			return (-1);
+  	}
+  	*/
+
+--- 399,405 -----
+  	/* Create pages for these buckets */
+  	/*
+  	for (i = 0; i <= hashp->hdr.max_bucket; i++) {
+! 		if (__new_page(hashp, (u_int32_t)i, A_BUCKET) != 0)
+  			return (-1);
+  	}
+  	*/
+***************
+*** 560,567
+  	 * XXX
+  	 * Check success/failure conditions.
+  	 */
+! 	mpool_sync(hashp->mp);
+! 	return (0);
+  }
+  
+  /*
+
+--- 560,566 -----
+  	 * XXX
+  	 * Check success/failure conditions.
+  	 */
+! 	return (flush_meta(hashp) || mpool_sync(hashp->mp));
+  }
+  
+  /*
+***************
+*** 585,591
+  	hput_header(hashp);
+  
+  	for (i = 0; i < NCACHED; i++)
+! 		if (hashp->mapp[i])
+  			if (__put_page(hashp,
+  			    (PAGE16 *)hashp->mapp[i], A_BITMAP, 1))
+  				return (-1);
+
+--- 584,590 -----
+  	hput_header(hashp);
+  
+  	for (i = 0; i < NCACHED; i++)
+! 		if (hashp->mapp[i]) {
+  			if (__put_page(hashp,
+  			    (PAGE16 *)hashp->mapp[i], A_BITMAP, 1))
+  				return (-1);
+***************
+*** 589,594
+  			if (__put_page(hashp,
+  			    (PAGE16 *)hashp->mapp[i], A_BITMAP, 1))
+  				return (-1);
+  	return (0);
+  }
+  
+
+--- 588,595 -----
+  			if (__put_page(hashp,
+  			    (PAGE16 *)hashp->mapp[i], A_BITMAP, 1))
+  				return (-1);
++ 			hashp->mapp[i] = NULL;
++ 		}
+  	return (0);
+  }
+  
+***************
+*** 726,732
+  #ifdef HASH_STATISTICS
+  	hash_collisions++;
+  #endif
+- 
+  	__get_item_done(hashp, &cursor);
+  
+  	/*
+
+--- 727,732 -----
+  #ifdef HASH_STATISTICS
+  	hash_collisions++;
+  #endif
+  	__get_item_done(hashp, &cursor);
+  
+  	/*
+***************
+*** 773,778
+  		if (__delpair(hashp, &cursor, &item_info) ||
+  		    __addel(hashp, &item_info, key, val, UNKNOWN, 0))
+  			return (ERROR);
+  		if (item_info.caused_expand)
+  			__expand_table(hashp);
+  		break;
+
+--- 773,779 -----
+  		if (__delpair(hashp, &cursor, &item_info) ||
+  		    __addel(hashp, &item_info, key, val, UNKNOWN, 0))
+  			return (ERROR);
++ 		__get_item_done(hashp, &cursor);
+  		if (item_info.caused_expand)
+  			__expand_table(hashp);
+  		break;
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.h
new file mode 100644
index 00000000..2f1e47bf
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.h
@@ -0,0 +1,196 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)hash.h	8.4 (Berkeley) 11/2/95
+ */
+
+#include "mpool.h"
+#include "db-queue.h"
+
+/* Operations */
+typedef enum {
+	HASH_GET, HASH_PUT, HASH_PUTNEW, HASH_DELETE, HASH_FIRST, HASH_NEXT
+} ACTION;
+
+/* cursor structure */
+typedef struct cursor_t {
+	TAILQ_ENTRY(cursor_t) queue;
+	int (*get)	__P((const DB *, struct cursor_t *, DBT *, DBT *, \
+			     u_int32_t));
+	int (*delete) __P((const DB *, struct cursor_t *, u_int32_t));
+	db_pgno_t	bucket;
+	db_pgno_t	pgno;
+	indx_t	ndx;
+	indx_t	pgndx;
+	u_int16_t *pagep;
+	void *internal;
+} CURSOR;
+
+
+#define IS_BUCKET(X)	((X) & BUF_BUCKET)
+#define IS_VALID(X)     (!((X) & BUF_INVALID))
+
+/* Hash Table Information */
+typedef struct hashhdr {	/* Disk resident portion */
+	int32_t	magic;		/* Magic NO for hash tables */
+	int32_t	version;	/* Version ID */
+	int32_t	lorder;		/* Byte Order */
+	u_int32_t	bsize;	/* Bucket/Page Size */
+	int32_t	bshift;		/* Bucket shift */
+	int32_t	ovfl_point;	/* Where overflow pages are being allocated */
+	u_int32_t	last_freed;	/* Last overflow page freed */
+	u_int32_t	max_bucket;	/* ID of Maximum bucket in use */
+	u_int32_t	high_mask;	/* Mask to modulo into entire table */
+	u_int32_t	low_mask;	/* Mask to modulo into lower half of table */
+	u_int32_t	ffactor;	/* Fill factor */
+	int32_t	nkeys;		/* Number of keys in hash table */
+	u_int32_t	hdrpages;	/* Size of table header */
+	u_int32_t	h_charkey;	/* value of hash(CHARKEY) */
+#define NCACHED	32		/* number of bit maps and spare points */
+	u_int32_t	spares[NCACHED];/* spare pages for overflow */
+	u_int16_t	bitmaps[NCACHED];	/* address of overflow page bitmaps */
+} HASHHDR;
+
+typedef struct htab {		/* Memory resident data structure */
+	TAILQ_HEAD(_cursor_queue, cursor_t) curs_queue;
+	HASHHDR hdr;		/* Header */
+	u_int32_t (*hash) __P((const void *, size_t)); /* Hash Function */
+	int32_t	flags;		/* Flag values */
+	int32_t	fp;		/* File pointer */
+	const char *fname;        	/* File path */
+	u_int8_t *bigdata_buf;	/* Temporary Buffer for BIG data */
+	u_int8_t *bigkey_buf;	/* Temporary Buffer for BIG keys */
+	u_int16_t  *split_buf;	/* Temporary buffer for splits */
+	CURSOR	*seq_cursor;	/* Cursor used for hash_seq */
+	int32_t	local_errno;	/* Error Number -- for DBM compatibility */
+	int32_t	new_file;	/* Indicates if fd is backing store or no */
+	int32_t	save_file;	/* Indicates whether we need to flush file at
+				 * exit */
+	u_int32_t *mapp[NCACHED];/* Pointers to page maps */
+	int32_t	nmaps;		/* Initial number of bitmaps */
+	MPOOL	*mp;		/* mpool for buffer management */
+} HTAB;
+
+/*
+ * Constants
+ */
+#define	MAX_BSIZE		65536		/* 2^16 */
+#define MIN_BUFFERS		6
+#define MINHDRSIZE		512
+#define DEF_CACHESIZE	65536
+#define DEF_BUCKET_SHIFT	12		/* log2(BUCKET) */
+#define DEF_BUCKET_SIZE		(1<<DEF_BUCKET_SHIFT)
+#define DEF_SEGSIZE_SHIFT	8		/* log2(SEGSIZE)	 */
+#define DEF_SEGSIZE		(1<<DEF_SEGSIZE_SHIFT)
+#define DEF_DIRSIZE		256
+#define DEF_FFACTOR		65536
+#define MIN_FFACTOR		4
+#define SPLTMAX			8
+#define CHARKEY			"%$sniglet^&"
+#define NUMKEY			1038583
+#define BYTE_SHIFT		3
+#define INT32_T_TO_BYTE		2
+#define INT32_T_BYTE_SHIFT		5
+#define ALL_SET			((u_int32_t)0xFFFFFFFF)
+#define ALL_CLEAR		0
+
+#define PTROF(X)	((BUFHEAD *)((ptr_t)(X)&~0x3))
+#define ISMOD(X)	((ptr_t)(X)&0x1)
+#define DOMOD(X)	((X) = (int8_t *)((ptr_t)(X)|0x1))
+#define ISDISK(X)	((ptr_t)(X)&0x2)
+#define DODISK(X)	((X) = (int8_t *)((ptr_t)(X)|0x2))
+
+#define BITS_PER_MAP	32
+
+/* Given the address of the beginning of a big map, clear/set the nth bit */
+#define CLRBIT(A, N)	((A)[(N)/BITS_PER_MAP] &= ~(1<<((N)%BITS_PER_MAP)))
+#define SETBIT(A, N)	((A)[(N)/BITS_PER_MAP] |= (1<<((N)%BITS_PER_MAP)))
+#define ISSET(A, N)	((A)[(N)/BITS_PER_MAP] & (1<<((N)%BITS_PER_MAP)))
+
+/* Overflow management */
+/*
+ * Overflow page numbers are allocated per split point.  At each doubling of
+ * the table, we can allocate extra pages.  So, an overflow page number has
+ * the top 5 bits indicate which split point and the lower 11 bits indicate
+ * which page at that split point is indicated (pages within split points are
+ * numberered starting with 1).
+ */
+
+#define SPLITSHIFT	11
+#define SPLITMASK	0x7FF
+#define SPLITNUM(N)	(((u_int32_t)(N)) >> SPLITSHIFT)
+#define OPAGENUM(N)	((N) & SPLITMASK)
+#define	OADDR_OF(S,O)	((u_int32_t)((u_int32_t)(S) << SPLITSHIFT) + (O))
+
+#define BUCKET_TO_PAGE(B) \
+	((B) + hashp->hdr.hdrpages + ((B) \
+	    ? hashp->hdr.spares[__log2((B)+1)-1] : 0))
+#define OADDR_TO_PAGE(B) 	\
+	(BUCKET_TO_PAGE ( (1 << SPLITNUM((B))) -1 ) + OPAGENUM((B)))
+
+#define POW2(N)  (1 << (N))
+
+#define MAX_PAGES(H) (DB_OFF_T_MAX / (H)->hdr.bsize)
+
+/* Shorthands for accessing structure */
+#define METADATA_PGNO 0
+#define SPLIT_PGNO 0xFFFF
+
+typedef struct item_info {
+	db_pgno_t 		pgno;
+	db_pgno_t		bucket;
+	indx_t		ndx;
+	indx_t		pgndx;
+	u_int8_t	status;
+	u_int32_t	seek_size;
+	db_pgno_t		seek_found_page;
+	indx_t		key_off;
+	indx_t		data_off;
+	u_int8_t	caused_expand;
+} ITEM_INFO;
+
+
+#define	ITEM_ERROR	0
+#define	ITEM_OK		1
+#define	ITEM_NO_MORE	2
+
+#define	ITEM_GET_FIRST	0
+#define	ITEM_GET_NEXT	1
+#define	ITEM_GET_RESET	2
+#define	ITEM_GET_DONE	3
+#define	ITEM_GET_N	4
+
+#define	UNKNOWN		0xffffffff		/* for num_items */
+#define	NO_EXPAND	0xfffffffe
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c
new file mode 100644
index 00000000..4b95278f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c
@@ -0,0 +1,481 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_bigkey.c	8.5 (Berkeley) 11/2/95";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * PACKAGE: hash
+ * DESCRIPTION:
+ *	Big key/data handling for the hashing package.
+ *
+ * ROUTINES:
+ * External
+ *	__big_keydata
+ *	__big_split
+ *	__big_insert
+ *	__big_return
+ *	__big_delete
+ *	__find_last_page
+ * Internal
+ *	collect_key
+ *	collect_data
+ */
+#include <sys/types.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef DEBUG
+#include <assert.h>
+#endif
+
+#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
+
+static int32_t collect_key __P((HTAB *, PAGE16 *, int32_t, db_pgno_t *));
+static int32_t collect_data __P((HTAB *, PAGE16 *, int32_t));
+
+/*
+ * Big_insert
+ *
+ * You need to do an insert and the key/data pair is greater than
+ * MINFILL * the bucket size
+ *
+ * Returns:
+ *	 0 ==> OK
+ *	-1 ==> ERROR
+ */
+int32_t
+__big_insert(hashp, pagep, key, val)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	const DBT *key, *val;
+{
+	size_t  key_size, val_size;
+	indx_t  key_move_bytes, val_move_bytes;
+	int8_t *key_data, *val_data, base_page;
+
+	key_data = (int8_t *)key->data;
+	key_size = key->size;
+	val_data = (int8_t *)val->data;
+	val_size = val->size;
+
+	NUM_ENT(pagep) = NUM_ENT(pagep) + 1;
+
+	for (base_page = 1; key_size + val_size;) {
+		/* Add a page! */
+		pagep =
+		    __add_bigpage(hashp, pagep, NUM_ENT(pagep) - 1, base_page);
+		if (!pagep)
+			return (-1);
+
+		/* There's just going to be one entry on this page. */
+		NUM_ENT(pagep) = 1;
+
+		/* Move the key's data. */
+		key_move_bytes = MIN(FREESPACE(pagep), key_size);
+		/* Mark the page as to how much key & data is on this page. */
+		BIGKEYLEN(pagep) = key_move_bytes;
+		val_move_bytes =
+		    MIN(FREESPACE(pagep) - key_move_bytes, val_size);
+		BIGDATALEN(pagep) = val_move_bytes;
+
+		/* Note big pages build beginning --> end, not vice versa. */
+		if (key_move_bytes)
+			memmove(BIGKEY(pagep), key_data, key_move_bytes);
+		if (val_move_bytes)
+			memmove(BIGDATA(pagep), val_data, val_move_bytes);
+
+		key_size -= key_move_bytes;
+		key_data += key_move_bytes;
+		val_size -= val_move_bytes;
+		val_data += val_move_bytes;
+
+		base_page = 0;
+	}
+	__put_page(hashp, pagep, A_RAW, 1);
+	return (0);
+}
+
+/*
+ * Called when we need to delete a big pair.
+ *
+ * Returns:
+ *	 0 => OK
+ *	-1 => ERROR
+ */
+int32_t
+#ifdef __STDC__
+__big_delete(HTAB *hashp, PAGE16 *pagep, indx_t ndx)
+#else
+__big_delete(hashp, pagep, ndx)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	u_int32_t ndx;		/* Index of big pair on base page. */
+#endif
+{
+	PAGE16 *last_pagep;
+
+	/* Get first page with big key/data. */
+	pagep = __get_page(hashp, OADDR_TO_PAGE(DATA_OFF(pagep, ndx)), A_RAW);
+	if (!pagep)
+		return (-1);
+
+	/*
+	 * Traverse through the pages, freeing the previous one (except
+	 * the first) at each new page.
+	 */
+	while (NEXT_PGNO(pagep) != INVALID_PGNO) {
+		last_pagep = pagep;
+		pagep = __get_page(hashp, NEXT_PGNO(pagep), A_RAW);
+		if (!pagep)
+			return (-1);
+		__delete_page(hashp, last_pagep, A_OVFL);
+	}
+
+	/* Free the last page in the chain. */
+	__delete_page(hashp, pagep, A_OVFL);
+	return (0);
+}
+
+/*
+ * Given a key, indicates whether the big key at cursorp matches the
+ * given key.
+ *
+ * Returns:
+ *	 1 = Found!
+ *	 0 = Key not found
+ *	-1 error
+ */
+int32_t
+__find_bigpair(hashp, cursorp, key, size)
+	HTAB *hashp;
+	CURSOR *cursorp;
+	int8_t *key;
+	int32_t size;
+{
+	PAGE16 *pagep, *hold_pagep;
+	db_pgno_t  next_pgno;
+	int32_t ksize;
+	int8_t *kkey;
+
+	ksize = size;
+	kkey = key;
+
+	hold_pagep = NULL;
+	/* Chances are, hashp->cpage is the base page. */
+	if (cursorp->pagep)
+		pagep = hold_pagep = cursorp->pagep;
+	else {
+		pagep = __get_page(hashp, cursorp->pgno, A_RAW);
+		if (!pagep)
+			return (-1);
+	}
+
+	/*
+	 * Now, get the first page with the big stuff on it.
+	 *
+	 * XXX
+	 * KLUDGE: we know that cursor is looking at the _next_ item, so
+	 * we have to look at pgndx - 1.
+	 */
+	next_pgno = OADDR_TO_PAGE(DATA_OFF(pagep, (cursorp->pgndx - 1)));
+	if (!hold_pagep)
+		__put_page(hashp, pagep, A_RAW, 0);
+	pagep = __get_page(hashp, next_pgno, A_RAW);
+	if (!pagep)
+		return (-1);
+
+	/* While there are both keys to compare. */
+	while ((ksize > 0) && (BIGKEYLEN(pagep))) {
+		if (ksize < KEY_OFF(pagep, 0) ||
+		    memcmp(BIGKEY(pagep), kkey, BIGKEYLEN(pagep))) {
+			__put_page(hashp, pagep, A_RAW, 0);
+			return (0);
+		}
+		kkey += BIGKEYLEN(pagep);
+		ksize -= BIGKEYLEN(pagep);
+		if (NEXT_PGNO(pagep) != INVALID_PGNO) {
+			next_pgno = NEXT_PGNO(pagep);
+			__put_page(hashp, pagep, A_RAW, 0);
+			pagep = __get_page(hashp, next_pgno, A_RAW);
+			if (!pagep)
+				return (-1);
+		}
+	}
+	__put_page(hashp, pagep, A_RAW, 0);
+#ifdef DEBUG
+	assert(ksize >= 0);
+#endif
+	if (ksize != 0) {
+#ifdef HASH_STATISTICS
+		++hash_collisions;
+#endif
+		return (0);
+	} else
+		return (1);
+}
+
+/*
+ * Fill in the key and data for this big pair.
+ */
+int32_t
+__big_keydata(hashp, pagep, key, val, ndx)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	DBT *key, *val;
+	int32_t ndx;
+{
+	ITEM_INFO ii;
+	PAGE16 *key_pagep;
+	db_pgno_t last_page;
+
+	key_pagep =
+	    __get_page(hashp, OADDR_TO_PAGE(DATA_OFF(pagep, ndx)), A_RAW);
+	if (!key_pagep)
+		return (-1);
+	key->size = collect_key(hashp, key_pagep, 0, &last_page);
+	key->data = hashp->bigkey_buf;
+	__put_page(hashp, key_pagep, A_RAW, 0);
+
+	if (key->size == (size_t)-1)
+		return (-1);
+
+	/* Create an item_info to direct __big_return to the beginning pgno. */
+	ii.pgno = last_page;
+	return (__big_return(hashp, &ii, val, 1));
+}
+
+/*
+ * Return the big key on page, ndx.
+ */
+int32_t
+#ifdef __STDC__
+__get_bigkey(HTAB *hashp, PAGE16 *pagep, indx_t ndx, DBT *key)
+#else
+__get_bigkey(hashp, pagep, ndx, key)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	u_int32_t ndx;
+	DBT *key;
+#endif
+{
+	PAGE16 *key_pagep;
+
+	key_pagep =
+	    __get_page(hashp, OADDR_TO_PAGE(DATA_OFF(pagep, ndx)), A_RAW);
+	if (!key_pagep)
+		return (-1);
+	key->size = collect_key(hashp, key_pagep, 0, NULL);
+	key->data = hashp->bigkey_buf;
+
+	__put_page(hashp, key_pagep, A_RAW, 0);
+
+	return (0);
+}
+
+/*
+ * Return the big key and data indicated in item_info.
+ */
+int32_t
+__big_return(hashp, item_info, val, on_bigkey_page)
+	HTAB *hashp;
+	ITEM_INFO *item_info;
+	DBT *val;
+	int32_t on_bigkey_page;
+{
+	PAGE16 *pagep;
+	db_pgno_t next_pgno;
+
+	if (!on_bigkey_page) {
+		/* Get first page with big pair on it. */
+		pagep = __get_page(hashp,
+		    OADDR_TO_PAGE(item_info->data_off), A_RAW);
+		if (!pagep)
+			return (-1);
+	} else {
+		pagep = __get_page(hashp, item_info->pgno, A_RAW);
+		if (!pagep)
+			return (-1);
+	}
+
+	/* Traverse through the bigkey pages until a page with data is found. */
+	while (!BIGDATALEN(pagep)) {
+		next_pgno = NEXT_PGNO(pagep);
+		__put_page(hashp, pagep, A_RAW, 0);
+		pagep = __get_page(hashp, next_pgno, A_RAW);
+		if (!pagep)
+			return (-1);
+	}
+
+	val->size = collect_data(hashp, pagep, 0);
+	if (val->size < 1)
+		return (-1);
+	val->data = (void *)hashp->bigdata_buf;
+
+	__put_page(hashp, pagep, A_RAW, 0);
+	return (0);
+}
+
+/*
+ * Given a page with a big key on it, traverse through the pages counting data
+ * length, and collect all of the data on the way up.  Store the key in
+ * hashp->bigkey_buf.  last_page indicates to the calling function what the
+ * last page with key on it is; this will help if you later want to retrieve
+ * the data portion.
+ *
+ * Does the work for __get_bigkey.
+ *
+ * Return total length of data; -1 if error.
+ */
+static int32_t
+collect_key(hashp, pagep, len, last_page)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	int32_t len;
+	db_pgno_t *last_page;
+{
+	PAGE16 *next_pagep;
+	int32_t totlen, retval;
+	db_pgno_t next_pgno;
+#ifdef DEBUG
+	db_pgno_t save_addr;
+#endif
+
+	/* If this is the last page with key. */
+	if (BIGDATALEN(pagep)) {
+		totlen = len + BIGKEYLEN(pagep);
+		if (hashp->bigkey_buf)
+			free(hashp->bigkey_buf);
+		hashp->bigkey_buf = (u_int8_t *)malloc(totlen);
+		if (!hashp->bigkey_buf)
+			return (-1);
+		memcpy(hashp->bigkey_buf + len,
+		    BIGKEY(pagep), BIGKEYLEN(pagep));
+		if (last_page)
+			*last_page = ADDR(pagep);
+		return (totlen);
+	}
+
+	/* Key filled up all of last key page, so we've gone 1 too far. */
+	if (BIGKEYLEN(pagep) == 0) {
+		if (hashp->bigkey_buf)
+			free(hashp->bigkey_buf);
+		hashp->bigkey_buf = (u_int8_t *)malloc(len);
+		return (hashp->bigkey_buf ? len : -1);
+	}
+	totlen = len + BIGKEYLEN(pagep);
+
+	/* Set pagep to the next page in the chain. */
+	if (last_page)
+		*last_page = ADDR(pagep);
+	next_pgno = NEXT_PGNO(pagep);
+	next_pagep = __get_page(hashp, next_pgno, A_RAW);
+	if (!next_pagep)
+		return (-1);
+#ifdef DEBUG
+	save_addr = ADDR(pagep);
+#endif
+	retval = collect_key(hashp, next_pagep, totlen, last_page);
+
+#ifdef DEBUG
+	assert(save_addr == ADDR(pagep));
+#endif
+	memcpy(hashp->bigkey_buf + len, BIGKEY(pagep), BIGKEYLEN(pagep));
+	__put_page(hashp, next_pagep, A_RAW, 0);
+
+	return (retval);
+}
+
+/*
+ * Given a page with big data on it, recur through the pages counting data
+ * length, and collect all of the data on the way up.  Store the data in
+ * hashp->bigdata_buf.
+ *
+ * Does the work for __big_return.
+ *
+ * Return total length of data; -1 if error.
+ */
+static int32_t
+collect_data(hashp, pagep, len)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	int32_t len;
+{
+	PAGE16 *next_pagep;
+	int32_t totlen, retval;
+	db_pgno_t next_pgno;
+#ifdef DEBUG
+	db_pgno_t save_addr;
+#endif
+
+	/* If there is no next page. */
+	if (NEXT_PGNO(pagep) == INVALID_PGNO) {
+		if (hashp->bigdata_buf)
+			free(hashp->bigdata_buf);
+		totlen = len + BIGDATALEN(pagep);
+		hashp->bigdata_buf = (u_int8_t *)malloc(totlen);
+		if (!hashp->bigdata_buf)
+			return (-1);
+		memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep),
+		    BIGDATA(pagep), BIGDATALEN(pagep));
+		return (totlen);
+	}
+	totlen = len + BIGDATALEN(pagep);
+
+	/* Set pagep to the next page in the chain. */
+	next_pgno = NEXT_PGNO(pagep);
+	next_pagep = __get_page(hashp, next_pgno, A_RAW);
+	if (!next_pagep)
+		return (-1);
+
+#ifdef DEBUG
+	save_addr = ADDR(pagep);
+#endif
+	retval = collect_data(hashp, next_pagep, totlen);
+#ifdef DEBUG
+	assert(save_addr == ADDR(pagep));
+#endif
+	memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep),
+	    BIGDATA(pagep), BIGDATALEN(pagep));
+	__put_page(hashp, next_pagep, A_RAW, 0);
+
+	return (retval);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_debug.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_debug.c
new file mode 100644
index 00000000..43f537f5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_debug.c
@@ -0,0 +1,106 @@
+/*-
+ * Copyright (c) 1995
+ *	The President and Fellows of Harvard University
+ *
+ * This code is derived from software contributed to Harvard by
+ * Jeremy Rassen.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_debug.c	8.4 (Berkeley) 11/7/95";
+#endif /* LIBC_SCCS and not lint */
+
+#ifdef DEBUG
+/*
+ * PACKAGE:  hashing
+ *
+ * DESCRIPTION:
+ *	Debug routines.
+ *
+ * ROUTINES:
+ *
+ * External
+ *	__dump_bucket
+ */
+#include <stdio.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
+
+void
+__dump_bucket(hashp, bucket)
+	HTAB *hashp;
+	u_int32_t bucket;
+{
+	CURSOR cursor;
+	DBT key, val;
+	ITEM_INFO item_info;
+	int var;
+	char *cp;
+
+	cursor.pagep = NULL;
+	item_info.seek_size = 0;
+	item_info.seek_found_page = 0;
+
+	__get_item_reset(hashp, &cursor);
+
+	cursor.bucket = bucket;
+	for (;;) {
+		__get_item_next(hashp, &cursor, &key, &val, &item_info);
+		if (item_info.status == ITEM_ERROR) {
+			(void)printf("get_item_next returned error\n");
+			break;
+		} else if (item_info.status == ITEM_NO_MORE)
+			break;
+
+		if (item_info.key_off == BIGPAIR) {
+			if (__big_keydata(hashp, cursor.pagep, &key, &val,
+			    item_info.pgndx)) {
+				(void)printf("__big_keydata returned error\n");
+				break;
+			}
+		}
+
+		if (key.size == sizeof(int)) {
+			memcpy(&var, key.data, sizeof(int));
+			(void)printf("%d\n", var);
+		} else {
+			for (cp = (char *)key.data; key.size--; cp++)
+				(void)printf("%c", *cp);
+			(void)printf("\n");
+		}
+	}
+	__get_item_done(hashp, &cursor);
+}
+#endif /* DEBUG */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_func.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_func.c
new file mode 100644
index 00000000..1dee6946
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_func.c
@@ -0,0 +1,201 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_func.c	8.4 (Berkeley) 11/7/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
+
+#if 0
+static u_int32_t hash1 __P((const void *, size_t));
+static u_int32_t hash2 __P((const void *, size_t));
+static u_int32_t hash3 __P((const void *, size_t));
+#endif
+static u_int32_t hash4 __P((const void *, size_t));
+
+/* Default hash function. */
+u_int32_t (*__default_hash) __P((const void *, size_t)) = hash4;
+
+/*
+ * Assume that we've already split the bucket to which this key hashes,
+ * calculate that bucket, and check that in fact we did already split it.
+ *
+ * EJB's original hsearch hash.
+ */
+#define PRIME1		37
+#define PRIME2		1048583
+
+#if 0
+static u_int32_t
+hash1(key, len)
+	const void *key;
+	size_t len;
+{
+	u_int32_t h;
+	u_int8_t *k;
+
+	h = 0;
+	k = (u_int8_t *)key;
+	/* Convert string to integer */
+	while (len--)
+		h = h * PRIME1 ^ (*k++ - ' ');
+	h %= PRIME2;
+	return (h);
+}
+
+/*
+ * Phong Vo's linear congruential hash
+ */
+#define dcharhash(h, c)	((h) = 0x63c63cd9*(h) + 0x9c39c33d + (c))
+
+static u_int32_t
+hash2(key, len)
+	const void *key;
+	size_t len;
+{
+	u_int32_t h;
+	u_int8_t *e, c, *k;
+
+	k = (u_int8_t *)key;
+	e = k + len;
+	for (h = 0; k != e;) {
+		c = *k++;
+		if (!c && k > e)
+			break;
+		dcharhash(h, c);
+	}
+	return (h);
+}
+
+/*
+ * This is INCREDIBLY ugly, but fast.  We break the string up into 8 byte
+ * units.  On the first time through the loop we get the "leftover bytes"
+ * (strlen % 8).  On every other iteration, we perform 8 HASHC's so we handle
+ * all 8 bytes.  Essentially, this saves us 7 cmp & branch instructions.  If
+ * this routine is heavily used enough, it's worth the ugly coding.
+ *
+ * Ozan Yigit's original sdbm hash.
+ */
+static u_int32_t
+hash3(key, len)
+	const void *key;
+	size_t len;
+{
+	u_int32_t n, loop;
+	u_int8_t *k;
+
+#define HASHC   n = *k++ + 65599 * n
+
+	n = 0;
+	k = (u_int8_t *)key;
+	if (len > 0) {
+		loop = (len + 8 - 1) >> 3;
+
+		switch (len & (8 - 1)) {
+		case 0:
+			do {	/* All fall throughs */
+				HASHC;
+		case 7:
+				HASHC;
+		case 6:
+				HASHC;
+		case 5:
+				HASHC;
+		case 4:
+				HASHC;
+		case 3:
+				HASHC;
+		case 2:
+				HASHC;
+		case 1:
+				HASHC;
+			} while (--loop);
+		}
+
+	}
+	return (n);
+}
+#endif
+
+
+/* Chris Torek's hash function. */
+static u_int32_t
+hash4(key, len)
+	const void *key;
+	size_t len;
+{
+	u_int32_t h, loop;
+	const u_int8_t *k;
+
+#define HASH4a   h = (h << 5) - h + *k++;
+#define HASH4b   h = (h << 5) + h + *k++;
+#define HASH4 HASH4b
+
+	h = 0;
+	k = (const u_int8_t *)key;
+	if (len > 0) {
+		loop = (len + 8 - 1) >> 3;
+
+		switch (len & (8 - 1)) {
+		case 0:
+			do {	/* All fall throughs */
+				HASH4;
+		case 7:
+				HASH4;
+		case 6:
+				HASH4;
+		case 5:
+				HASH4;
+		case 4:
+				HASH4;
+		case 3:
+				HASH4;
+		case 2:
+				HASH4;
+		case 1:
+				HASH4;
+			} while (--loop);
+		}
+
+	}
+	return (h);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_log2.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_log2.c
new file mode 100644
index 00000000..8c710e5d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_log2.c
@@ -0,0 +1,55 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_log2.c	8.4 (Berkeley) 11/7/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
+
+u_int32_t
+__kdb2_log2(num)
+	u_int32_t num;
+{
+	u_int32_t i, limit;
+
+	limit = 1;
+	for (i = 0; limit < num; limit = limit << 1, i++);
+	return (i);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c
new file mode 100644
index 00000000..0da35710
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c
@@ -0,0 +1,1362 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_page.c	8.11 (Berkeley) 11/7/95";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * PACKAGE:  hashing
+ *
+ * DESCRIPTION:
+ *      Page manipulation for hashing package.
+ *
+ * ROUTINES:
+ *
+ * External
+ *      __get_page
+ *      __add_ovflpage
+ * Internal
+ *      overflow_page
+ *      open_temp
+ */
+
+#include <sys/types.h>
+
+#ifdef DEBUG
+#include <assert.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "hash.h"
+#include "page.h"
+#include "extern.h"
+
+static int32_t	 add_bigptr __P((HTAB *, ITEM_INFO *, indx_t));
+static u_int32_t *fetch_bitmap __P((HTAB *, int32_t));
+static u_int32_t first_free __P((u_int32_t));
+static u_int16_t overflow_page __P((HTAB *));
+static void	 page_init __P((HTAB *, PAGE16 *, db_pgno_t, u_int8_t));
+static indx_t	 prev_realkey __P((PAGE16 *, indx_t));
+static void	 putpair __P((PAGE8 *, const DBT *, const DBT *));
+static void	 swap_page_header_in __P((PAGE16 *));
+static void	 swap_page_header_out __P((PAGE16 *));
+
+#ifdef DEBUG_SLOW
+static void	 account_page(HTAB *, db_pgno_t, int);
+#endif
+
+u_int32_t
+__get_item(hashp, cursorp, key, val, item_info)
+	HTAB *hashp;
+	CURSOR *cursorp;
+	DBT *key, *val;
+	ITEM_INFO *item_info;
+{
+	db_pgno_t next_pgno;
+	int32_t i;
+
+	/* Check if we need to get a page. */
+	if (!cursorp->pagep) {
+		if (cursorp->pgno == INVALID_PGNO) {
+			cursorp->pagep =
+			    __get_page(hashp, cursorp->bucket, A_BUCKET);
+			cursorp->pgno = ADDR(cursorp->pagep);
+			cursorp->ndx = 0;
+			cursorp->pgndx = 0;
+		} else
+			cursorp->pagep =
+			    __get_page(hashp, cursorp->pgno, A_RAW);
+		if (!cursorp->pagep) {
+			item_info->status = ITEM_ERROR;
+			return (-1);
+		}
+	}
+	if (item_info->seek_size &&
+	    FREESPACE(cursorp->pagep) > item_info->seek_size)
+		item_info->seek_found_page = cursorp->pgno;
+
+	if (cursorp->pgndx == NUM_ENT(cursorp->pagep)) {
+		/* Fetch next page. */
+		if (NEXT_PGNO(cursorp->pagep) == INVALID_PGNO) {
+			item_info->status = ITEM_NO_MORE;
+			return (-1);
+		}
+		next_pgno = NEXT_PGNO(cursorp->pagep);
+		cursorp->pgndx = 0;
+		__put_page(hashp, cursorp->pagep, A_RAW, 0);
+		cursorp->pagep = __get_page(hashp, next_pgno, A_RAW);
+		if (!cursorp->pagep) {
+			item_info->status = ITEM_ERROR;
+			return (-1);
+		}
+		cursorp->pgno = next_pgno;
+	}
+	if (KEY_OFF(cursorp->pagep, cursorp->pgndx) != BIGPAIR) {
+		if ((i = prev_realkey(cursorp->pagep, cursorp->pgndx)) ==
+		    cursorp->pgndx)
+			key->size = hashp->hdr.bsize -
+			    KEY_OFF(cursorp->pagep, cursorp->pgndx);
+		else
+			key->size = DATA_OFF(cursorp->pagep, i) -
+			    KEY_OFF(cursorp->pagep, cursorp->pgndx);
+	}
+
+	/*
+	 * All of this information will be set incorrectly for big keys, but
+	 * it will be ignored anyway.
+	 */
+	val->size = KEY_OFF(cursorp->pagep, cursorp->pgndx) -
+	    DATA_OFF(cursorp->pagep, cursorp->pgndx);
+	key->data = KEY(cursorp->pagep, cursorp->pgndx);
+	val->data = DATA(cursorp->pagep, cursorp->pgndx);
+	item_info->pgno = cursorp->pgno;
+	item_info->bucket = cursorp->bucket;
+	item_info->ndx = cursorp->ndx;
+	item_info->pgndx = cursorp->pgndx;
+	item_info->key_off = KEY_OFF(cursorp->pagep, cursorp->pgndx);
+	item_info->data_off = DATA_OFF(cursorp->pagep, cursorp->pgndx);
+	item_info->status = ITEM_OK;
+
+	return (0);
+}
+
+u_int32_t
+__get_item_reset(hashp, cursorp)
+	HTAB *hashp;
+	CURSOR *cursorp;
+{
+	if (cursorp->pagep)
+		__put_page(hashp, cursorp->pagep, A_RAW, 0);
+	cursorp->pagep = NULL;
+	cursorp->bucket = -1;
+	cursorp->ndx = 0;
+	cursorp->pgndx = 0;
+	cursorp->pgno = INVALID_PGNO;
+	return (0);
+}
+
+u_int32_t
+__get_item_done(hashp, cursorp)
+	HTAB *hashp;
+	CURSOR *cursorp;
+{
+	if (cursorp->pagep)
+		__put_page(hashp, cursorp->pagep, A_RAW, 0);
+	cursorp->pagep = NULL;
+
+	/*
+	 * We don't throw out the page number since we might want to
+	 * continue getting on this page.
+	 */
+	return (0);
+}
+
+u_int32_t
+__get_item_first(hashp, cursorp, key, val, item_info)
+	HTAB *hashp;
+	CURSOR *cursorp;
+	DBT *key, *val;
+	ITEM_INFO *item_info;
+{
+	__get_item_reset(hashp, cursorp);
+	cursorp->bucket = 0;
+	return (__get_item_next(hashp, cursorp, key, val, item_info));
+}
+
+/*
+ * Returns a pointer to key/data pair on a page.  In the case of bigkeys,
+ * just returns the page number and index of the bigkey pointer pair.
+ */
+u_int32_t
+__get_item_next(hashp, cursorp, key, val, item_info)
+	HTAB *hashp;
+	CURSOR *cursorp;
+	DBT *key, *val;
+	ITEM_INFO *item_info;
+{
+	int status;
+
+	status = __get_item(hashp, cursorp, key, val, item_info);
+	cursorp->ndx++;
+	cursorp->pgndx++;
+	return (status);
+}
+
+/*
+ * Put a non-big pair on a page.
+ */
+static void
+putpair(p, key, val)
+	PAGE8 *p;
+	const DBT *key, *val;
+{
+	u_int16_t *pagep, n, off;
+
+	pagep = (PAGE16 *)(void *)p;
+
+	/* Items on the page are 0-indexed. */
+	n = NUM_ENT(pagep);
+	off = OFFSET(pagep) - key->size + 1;
+	memmove(p + off, key->data, key->size);
+	KEY_OFF(pagep, n) = off;
+
+	off -= val->size;
+	memmove(p + off, val->data, val->size);
+	DATA_OFF(pagep, n) = off;
+
+	/* Adjust page info. */
+	NUM_ENT(pagep) = n + 1;
+	OFFSET(pagep) = off - 1;
+}
+
+/*
+ * Returns the index of the previous non-bigkey pair after n on the page.
+ * Returns n if there are no previous non-big things on the page.
+ */
+static indx_t
+#ifdef __STDC__
+prev_realkey(PAGE16 * pagep, indx_t n)
+#else
+prev_realkey(pagep, n)
+	PAGE16 *pagep;
+	u_int32_t n;
+#endif
+{
+	int32_t i;
+
+	/* Need a signed value to do the compare properly. */
+	for (i = n - 1; i > -1; i--)
+		if (KEY_OFF(pagep, i) != BIGPAIR)
+			return (i);
+	return (n);
+}
+
+/*
+ * Returns:
+ *       0 OK
+ *      -1 error
+ */
+extern int32_t
+__delpair(hashp, cursorp, item_info)
+	HTAB *hashp;
+	CURSOR *cursorp;
+	ITEM_INFO *item_info;
+{
+	PAGE16 *pagep;
+	indx_t ndx;
+	short check_ndx;
+	int16_t delta, len;
+	int32_t n;
+	u_int8_t *src, *dest;
+
+	ndx = cursorp->pgndx;
+	if (!cursorp->pagep) {
+		pagep = __get_page(hashp, cursorp->pgno, A_RAW);
+		if (!pagep)
+			return (-1);
+		/*
+		 * KLUGE: pgndx has gone one too far, because cursor points
+		 * to the _next_ item.  Use pgndx - 1.
+		 */
+		--ndx;
+	} else
+		pagep = cursorp->pagep;
+#ifdef DEBUG
+	assert(ADDR(pagep) == cursorp->pgno);
+#endif
+
+	if (KEY_OFF(pagep, ndx) == BIGPAIR) {
+		delta = 0;
+		__big_delete(hashp, pagep, ndx);
+	} else {
+		/*
+		 * Compute "delta", the amount we have to shift all of the
+		 * offsets.  To find the delta, we need to make sure that
+		 * we aren't looking at the DATA_OFF of a big/keydata pair.
+		 */
+		for (check_ndx = (short)(ndx - 1);
+		    check_ndx >= 0 && KEY_OFF(pagep, check_ndx) == BIGPAIR;
+		    check_ndx--);
+		if (check_ndx < 0)
+			delta = hashp->hdr.bsize - DATA_OFF(pagep, ndx);
+		else
+			delta =
+			    DATA_OFF(pagep, check_ndx) - DATA_OFF(pagep, ndx);
+
+		/*
+		 * The hard case: we want to remove something other than
+		 * the last item on the page.  We need to shift data and
+		 * offsets down.
+		 */
+		if (ndx != NUM_ENT(pagep) - 1) {
+			/*
+			 * Move the data: src is the address of the last data
+			 * item on the page.
+			 */
+			src = (u_int8_t *)pagep + OFFSET(pagep) + 1;
+			/*
+			 * Length is the distance between where to start
+			 * deleting and end of the data on the page.
+			 */
+			len = DATA_OFF(pagep, ndx) - (OFFSET(pagep) + 1);
+			/*
+			 * Dest is the location of the to-be-deleted item
+			 * occupied - length.
+			 */
+			if (check_ndx < 0)
+				dest =
+				    (u_int8_t *)pagep + hashp->hdr.bsize - len;
+			else
+				dest = (u_int8_t *)pagep +
+				    DATA_OFF(pagep, (check_ndx)) - len;
+			memmove(dest, src, len);
+		}
+	}
+
+	/* Adjust the offsets. */
+	for (n = ndx; n < NUM_ENT(pagep) - 1; n++)
+		if (KEY_OFF(pagep, (n + 1)) != BIGPAIR) {
+			KEY_OFF(pagep, n) = KEY_OFF(pagep, (n + 1)) + delta;
+			DATA_OFF(pagep, n) = DATA_OFF(pagep, (n + 1)) + delta;
+		} else {
+			KEY_OFF(pagep, n) = KEY_OFF(pagep, (n + 1));
+			DATA_OFF(pagep, n) = DATA_OFF(pagep, (n + 1));
+		}
+
+	/* Adjust page metadata. */
+	OFFSET(pagep) = OFFSET(pagep) + delta;
+	NUM_ENT(pagep) = NUM_ENT(pagep) - 1;
+
+	--hashp->hdr.nkeys;
+
+	/* Is this page now an empty overflow page?  If so, free it. */
+	if (TYPE(pagep) == HASH_OVFLPAGE && NUM_ENT(pagep) == 0) {
+		PAGE16 *empty_page;
+		db_pgno_t to_find, next_pgno, link_page;
+
+		/*
+		 * We need to go back to the first page in the chain and
+		 * look for this page so that we can update the previous
+		 * page's NEXT_PGNO field.
+		 */
+		to_find = ADDR(pagep);
+		empty_page = pagep;
+		link_page = NEXT_PGNO(empty_page);
+		pagep = __get_page(hashp, item_info->bucket, A_BUCKET);
+		if (!pagep)
+			return (-1);
+		while (NEXT_PGNO(pagep) != to_find) {
+			next_pgno = NEXT_PGNO(pagep);
+#ifdef DEBUG
+			assert(next_pgno != INVALID_PGNO);
+#endif
+			__put_page(hashp, pagep, A_RAW, 0);
+			pagep = __get_page(hashp, next_pgno, A_RAW);
+			if (!pagep)
+				return (-1);
+		}
+
+		/*
+		 * At this point, pagep should point to the page before the
+		 * page to be deleted.
+		 */
+		NEXT_PGNO(pagep) = link_page;
+		if (item_info->pgno == to_find) {
+			item_info->pgno = ADDR(pagep);
+			item_info->pgndx = NUM_ENT(pagep);
+			item_info->seek_found_page = ADDR(pagep);
+		}
+		__delete_page(hashp, empty_page, A_OVFL);
+	}
+	__put_page(hashp, pagep, A_RAW, 1);
+
+	return (0);
+}
+
+extern int32_t
+__split_page(hashp, obucket, nbucket)
+	HTAB *hashp;
+	u_int32_t obucket, nbucket;
+{
+	DBT key, val;
+	ITEM_INFO old_ii, new_ii;
+	PAGE16 *old_pagep, *temp_pagep;
+	db_pgno_t next_pgno;
+	int32_t off;
+	u_int16_t n;
+	int8_t base_page;
+
+	off = hashp->hdr.bsize;
+	old_pagep = __get_page(hashp, obucket, A_BUCKET);
+
+	base_page = 1;
+
+	temp_pagep = hashp->split_buf;
+	memcpy(temp_pagep, old_pagep, hashp->hdr.bsize);
+
+	page_init(hashp, old_pagep, ADDR(old_pagep), HASH_PAGE);
+	__put_page(hashp, old_pagep, A_RAW, 1);
+
+	old_ii.pgno = BUCKET_TO_PAGE(obucket);
+	new_ii.pgno = BUCKET_TO_PAGE(nbucket);
+	old_ii.bucket = obucket;
+	new_ii.bucket = nbucket;
+	old_ii.seek_found_page = new_ii.seek_found_page = 0;
+
+	while (temp_pagep != 0) {
+		off = hashp->hdr.bsize;
+		for (n = 0; n < NUM_ENT(temp_pagep); n++) {
+			if (KEY_OFF(temp_pagep, n) == BIGPAIR) {
+				__get_bigkey(hashp, temp_pagep, n, &key);
+				if (__call_hash(hashp,
+				    key.data, key.size) == obucket)
+					add_bigptr(hashp, &old_ii,
+					    DATA_OFF(temp_pagep, n));
+				else
+					add_bigptr(hashp, &new_ii,
+					    DATA_OFF(temp_pagep, n));
+			} else {
+				key.size = off - KEY_OFF(temp_pagep, n);
+				key.data = KEY(temp_pagep, n);
+				off = KEY_OFF(temp_pagep, n);
+				val.size = off - DATA_OFF(temp_pagep, n);
+				val.data = DATA(temp_pagep, n);
+				if (__call_hash(hashp,
+				    key.data, key.size) == obucket)
+					__addel(hashp, &old_ii, &key, &val,
+					    NO_EXPAND, 1);
+				else
+					__addel(hashp, &new_ii, &key, &val,
+					    NO_EXPAND, 1);
+				off = DATA_OFF(temp_pagep, n);
+			}
+		}
+		next_pgno = NEXT_PGNO(temp_pagep);
+
+		/* Clear temp_page; if it's an overflow page, free it. */
+		if (!base_page)
+			__delete_page(hashp, temp_pagep, A_OVFL);
+		else
+			base_page = 0;
+		if (next_pgno != INVALID_PGNO)
+			temp_pagep = __get_page(hashp, next_pgno, A_RAW);
+		else
+			break;
+	}
+	return (0);
+}
+
+/*
+ * Add the given pair to the page.
+ *
+ *
+ * Returns:
+ *       0 ==> OK
+ *	-1 ==> failure
+ */
+extern  int32_t
+#ifdef __STDC__
+__addel(HTAB *hashp, ITEM_INFO *item_info, const DBT *key, const DBT *val,
+    u_int32_t num_items, const u_int8_t expanding)
+#else
+__addel(hashp, item_info, key, val, num_items, expanding)
+	HTAB *hashp;
+	ITEM_INFO *item_info;
+	const DBT *key, *val;
+	u_int32_t num_items;
+	const u_int32_t expanding;
+#endif
+{
+	PAGE16 *pagep;
+	int32_t do_expand;
+	db_pgno_t next_pgno;
+
+	do_expand = 0;
+
+	pagep = __get_page(hashp,
+	    item_info->seek_found_page != 0 ?
+	    item_info->seek_found_page : item_info->pgno, A_RAW);
+	if (!pagep)
+		return (-1);
+
+	/* Advance to first page in chain with room for item. */
+	while (NUM_ENT(pagep) && NEXT_PGNO(pagep) != INVALID_PGNO) {
+		/*
+		 * This may not be the end of the chain, but the pair may fit
+		 * anyway.
+		 */
+		if (ISBIG(PAIRSIZE(key, val), hashp) && BIGPAIRFITS(pagep))
+			break;
+		if (PAIRFITS(pagep, key, val))
+			break;
+		next_pgno = NEXT_PGNO(pagep);
+		__put_page(hashp, pagep, A_RAW, 0);
+		pagep = (PAGE16 *)__get_page(hashp, next_pgno, A_RAW);
+		if (!pagep)
+			return (-1);
+	}
+
+	if ((ISBIG(PAIRSIZE(key, val), hashp) &&
+	     !BIGPAIRFITS(pagep)) ||
+	    (!ISBIG(PAIRSIZE(key, val), hashp) &&
+	     !PAIRFITS(pagep, key, val))) {
+		do_expand = 1;
+		pagep = __add_ovflpage(hashp, pagep);
+		if (!pagep)
+			return (-1);
+
+		if ((ISBIG(PAIRSIZE(key, val), hashp) &&
+		     !BIGPAIRFITS(pagep)) ||
+		    (!ISBIG(PAIRSIZE(key, val), hashp) &&
+		     !PAIRFITS(pagep, key, val))) {
+			__put_page(hashp, pagep, A_RAW, 0);
+			return (-1);
+		}
+	}
+
+	/* At this point, we know the page fits, so we just add it */
+
+	if (ISBIG(PAIRSIZE(key, val), hashp)) {
+		if (__big_insert(hashp, pagep, key, val))
+			return (-1);
+	} else {
+		putpair((PAGE8 *)pagep, key, val);
+	}
+
+	/*
+	 * For splits, we are going to update item_info's page number
+	 * field, so that we can easily return to the same page the
+	 * next time we come in here.  For other operations, this shouldn't
+	 * matter, since adds are the last thing that happens before we
+	 * return to the user program.
+	 */
+	item_info->pgno = ADDR(pagep);
+
+	if (!expanding)
+		hashp->hdr.nkeys++;
+
+	/* Kludge: if this is a big page, then it's already been put. */
+	if (!ISBIG(PAIRSIZE(key, val), hashp))
+		__put_page(hashp, pagep, A_RAW, 1);
+
+	if (expanding)
+		item_info->caused_expand = 0;
+	else
+		switch (num_items) {
+		case NO_EXPAND:
+			item_info->caused_expand = 0;
+			break;
+		case UNKNOWN:
+			item_info->caused_expand |=
+			    (hashp->hdr.nkeys / hashp->hdr.max_bucket) >
+			    hashp->hdr.ffactor ||
+			    item_info->pgndx > hashp->hdr.ffactor;
+			break;
+		default:
+			item_info->caused_expand =
+			    num_items > hashp->hdr.ffactor ? 1 : do_expand;
+			break;
+		}
+	return (0);
+}
+
+/*
+ * Special __addel used in big splitting; this one just puts the pointer
+ * to an already-allocated big page in the appropriate bucket.
+ */
+static int32_t
+#ifdef __STDC__
+add_bigptr(HTAB * hashp, ITEM_INFO * item_info, indx_t big_pgno)
+#else
+add_bigptr(hashp, item_info, big_pgno)
+	HTAB *hashp;
+	ITEM_INFO *item_info;
+	u_int32_t big_pgno;
+#endif
+{
+	PAGE16 *pagep;
+	db_pgno_t next_pgno;
+
+	pagep = __get_page(hashp, item_info->bucket, A_BUCKET);
+	if (!pagep)
+		return (-1);
+
+	/*
+	 * Note: in __addel(), we used item_info->pgno for the beginning of
+	 * our search for space.  Now, we use item_info->bucket, since we
+	 * know that the space required by a big pair on the base page is
+	 * quite small, and we may very well find that space early in the
+	 * chain.
+	 */
+
+	/* Find first page in chain that has space for a big pair. */
+	while (NUM_ENT(pagep) && (NEXT_PGNO(pagep) != INVALID_PGNO)) {
+		if (BIGPAIRFITS(pagep))
+			break;
+		next_pgno = NEXT_PGNO(pagep);
+		__put_page(hashp, pagep, A_RAW, 0);
+		pagep = __get_page(hashp, next_pgno, A_RAW);
+		if (!pagep)
+			return (-1);
+	}
+	if (!BIGPAIRFITS(pagep)) {
+		pagep = __add_ovflpage(hashp, pagep);
+		if (!pagep)
+			return (-1);
+#ifdef DEBUG
+		assert(BIGPAIRFITS(pagep));
+#endif
+	}
+	KEY_OFF(pagep, NUM_ENT(pagep)) = BIGPAIR;
+	DATA_OFF(pagep, NUM_ENT(pagep)) = big_pgno;
+	NUM_ENT(pagep) = NUM_ENT(pagep) + 1;
+
+	__put_page(hashp, pagep, A_RAW, 1);
+
+	return (0);
+}
+
+/*
+ *
+ * Returns:
+ *      pointer on success
+ *      NULL on error
+ */
+extern PAGE16 *
+__add_ovflpage(hashp, pagep)
+	HTAB *hashp;
+	PAGE16 *pagep;
+{
+	PAGE16 *new_pagep;
+	u_int16_t ovfl_num;
+
+	/* Check if we are dynamically determining the fill factor. */
+	if (hashp->hdr.ffactor == DEF_FFACTOR) {
+		hashp->hdr.ffactor = NUM_ENT(pagep) >> 1;
+		if (hashp->hdr.ffactor < MIN_FFACTOR)
+			hashp->hdr.ffactor = MIN_FFACTOR;
+	}
+	ovfl_num = overflow_page(hashp);
+	if (!ovfl_num)
+		return (NULL);
+
+	if (__new_page(hashp, (u_int32_t)ovfl_num, A_OVFL) != 0)
+		return (NULL);
+
+	if (!ovfl_num || !(new_pagep = __get_page(hashp, ovfl_num, A_OVFL)))
+		return (NULL);
+
+	NEXT_PGNO(pagep) = (db_pgno_t)OADDR_TO_PAGE(ovfl_num);
+	TYPE(new_pagep) = HASH_OVFLPAGE;
+
+	__put_page(hashp, pagep, A_RAW, 1);
+
+#ifdef HASH_STATISTICS
+	hash_overflows++;
+#endif
+	return (new_pagep);
+}
+
+/*
+ *
+ * Returns:
+ *      pointer on success
+ *      NULL on error
+ */
+extern PAGE16 *
+#ifdef __STDC__
+__add_bigpage(HTAB * hashp, PAGE16 * pagep, indx_t ndx, const u_int8_t
+    is_basepage)
+#else
+__add_bigpage(hashp, pagep, ndx, is_basepage)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	u_int32_t ndx;
+	const u_int32_t is_basepage;
+#endif
+{
+	PAGE16 *new_pagep;
+	u_int16_t ovfl_num;
+
+	ovfl_num = overflow_page(hashp);
+	if (!ovfl_num)
+		return (NULL);
+
+	if (__new_page(hashp, (u_int32_t)ovfl_num, A_OVFL) != 0)
+		return (NULL);
+
+	if (!ovfl_num || !(new_pagep = __get_page(hashp, ovfl_num, A_OVFL)))
+		return (NULL);
+
+	if (is_basepage) {
+		KEY_OFF(pagep, ndx) = BIGPAIR;
+		DATA_OFF(pagep, ndx) = (indx_t)ovfl_num;
+	} else
+		NEXT_PGNO(pagep) = ADDR(new_pagep);
+
+	__put_page(hashp, pagep, A_RAW, 1);
+
+	TYPE(new_pagep) = HASH_BIGPAGE;
+
+#ifdef HASH_STATISTICS
+	hash_bigpages++;
+#endif
+	return (new_pagep);
+}
+
+static void
+#ifdef __STDC__
+page_init(HTAB * hashp, PAGE16 * pagep, db_pgno_t pgno, u_int8_t type)
+#else
+page_init(hashp, pagep, pgno, type)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	db_pgno_t pgno;
+	u_int32_t type;
+#endif
+{
+	NUM_ENT(pagep) = 0;
+	PREV_PGNO(pagep) = NEXT_PGNO(pagep) = INVALID_PGNO;
+	TYPE(pagep) = type;
+	OFFSET(pagep) = hashp->hdr.bsize - 1;
+	/*
+	 * Note: since in the current version ADDR(pagep) == PREV_PGNO(pagep),
+	 * make sure that ADDR(pagep) is set after resetting PREV_PGNO(pagep).
+	 * We reset PREV_PGNO(pagep) just in case the macros are changed.
+	 */
+	ADDR(pagep) = pgno;
+
+	return;
+}
+
+int32_t
+__new_page(hashp, addr, addr_type)
+	HTAB *hashp;
+	u_int32_t addr;
+	int32_t addr_type;
+{
+	db_pgno_t paddr;
+	PAGE16 *pagep;
+
+	switch (addr_type) {		/* Convert page number. */
+	case A_BUCKET:
+		paddr = BUCKET_TO_PAGE(addr);
+		break;
+	case A_OVFL:
+	case A_BITMAP:
+		paddr = OADDR_TO_PAGE(addr);
+		break;
+	default:
+		paddr = addr;
+		break;
+	}
+	pagep = mpool_new(hashp->mp, &paddr, MPOOL_PAGE_REQUEST);
+	if (!pagep)
+		return (-1);
+#if DEBUG_SLOW
+	account_page(hashp, paddr, 1);
+#endif
+
+	if (addr_type != A_BITMAP)
+		page_init(hashp, pagep, paddr, HASH_PAGE);
+
+	__put_page(hashp, pagep, addr_type, 1);
+
+	return (0);
+}
+
+int32_t
+__delete_page(hashp, pagep, page_type)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	int32_t page_type;
+{
+	if (page_type == A_OVFL)
+		__free_ovflpage(hashp, pagep);
+	return (mpool_delete(hashp->mp, pagep));
+}
+
+static u_int8_t
+is_bitmap_pgno(hashp, pgno)
+	HTAB *hashp;
+	db_pgno_t pgno;
+{
+	int32_t i;
+
+	for (i = 0; i < hashp->nmaps; i++)
+		if (OADDR_TO_PAGE(hashp->hdr.bitmaps[i]) == pgno)
+			return (1);
+	return (0);
+}
+
+void
+__pgin_routine(pg_cookie, pgno, page)
+	void *pg_cookie;
+	db_pgno_t pgno;
+	void *page;
+{
+	HTAB *hashp;
+	PAGE16 *pagep;
+	int32_t max, i;
+
+	pagep = (PAGE16 *)page;
+	hashp = (HTAB *)pg_cookie;
+
+	/*
+	 * There are the following cases for swapping:
+	 * 0) New page that may be unitialized.
+	 * 1) Bucket page or overflow page.  Either swap
+	 *	the header or initialize the page.
+	 * 2) Bitmap page.  Swap the whole page!
+	 * 3) Header pages.  Not handled here; these are written directly
+	 *    to the file.
+	 */
+
+	if (NUM_ENT(pagep) == 0 && NEXT_PGNO(pagep) == 0 &&
+	    !is_bitmap_pgno(hashp, pgno)) {
+		/* XXX check for !0 LSN */
+		page_init(hashp, pagep, pgno, HASH_PAGE);
+		return;
+	}
+
+	if (hashp->hdr.lorder == DB_BYTE_ORDER)
+		return;
+	if (is_bitmap_pgno(hashp, pgno)) {
+		max = hashp->hdr.bsize >> 2;	/* divide by 4 bytes */
+		for (i = 0; i < max; i++)
+			M_32_SWAP(((int32_t *)(void *)pagep)[i]);
+	} else
+		swap_page_header_in(pagep);
+}
+
+void
+__pgout_routine(pg_cookie, pgno, page)
+	void *pg_cookie;
+	db_pgno_t pgno;
+	void *page;
+{
+	HTAB *hashp;
+	PAGE16 *pagep;
+	int32_t i, max;
+
+	pagep = (PAGE16 *)page;
+	hashp = (HTAB *)pg_cookie;
+
+	/*
+	 * There are the following cases for swapping:
+	 * 1) Bucket page or overflow page.  Just swap the header.
+	 * 2) Bitmap page.  Swap the whole page!
+	 * 3) Header pages.  Not handled here; these are written directly
+	 *    to the file.
+	 */
+
+	if (hashp->hdr.lorder == DB_BYTE_ORDER)
+		return;
+	if (is_bitmap_pgno(hashp, pgno)) {
+		max = hashp->hdr.bsize >> 2;	/* divide by 4 bytes */
+		for (i = 0; i < max; i++)
+			M_32_SWAP(((int32_t *)(void *)pagep)[i]);
+	} else
+		swap_page_header_out(pagep);
+}
+
+/*
+ *
+ * Returns:
+ *       0 ==> OK
+ *      -1 ==>failure
+ */
+extern int32_t
+__put_page(hashp, pagep, addr_type, is_dirty)
+	HTAB *hashp;
+	PAGE16 *pagep;
+	int32_t addr_type, is_dirty;
+{
+#if DEBUG_SLOW
+	account_page(hashp,
+	    ((BKT *)((char *)pagep - sizeof(BKT)))->pgno, -1);
+#endif
+
+	return (mpool_put(hashp->mp, pagep, (is_dirty ? MPOOL_DIRTY : 0)));
+}
+
+/*
+ * Returns:
+ *       0 indicates SUCCESS
+ *      -1 indicates FAILURE
+ */
+extern PAGE16 *
+__get_page(hashp, addr, addr_type)
+	HTAB *hashp;
+	u_int32_t addr;
+	int32_t addr_type;
+{
+	PAGE16 *pagep;
+	db_pgno_t paddr;
+
+	switch (addr_type) {			/* Convert page number. */
+	case A_BUCKET:
+		paddr = BUCKET_TO_PAGE(addr);
+		break;
+	case A_OVFL:
+	case A_BITMAP:
+		paddr = OADDR_TO_PAGE(addr);
+		break;
+	default:
+		paddr = addr;
+		break;
+	}
+	pagep = (PAGE16 *)mpool_get(hashp->mp, paddr, 0);
+
+#if DEBUG_SLOW
+	account_page(hashp, paddr, 1);
+#endif
+#ifdef DEBUG
+	assert(ADDR(pagep) == paddr || ADDR(pagep) == 0 ||
+	    addr_type == A_BITMAP || addr_type == A_HEADER);
+#endif
+
+	return (pagep);
+}
+
+static void
+swap_page_header_in(pagep)
+	PAGE16 *pagep;
+{
+	u_int32_t i;
+
+	/* can leave type and filler alone, since they're 1-byte quantities */
+
+	M_32_SWAP(PREV_PGNO(pagep));
+	M_32_SWAP(NEXT_PGNO(pagep));
+	M_16_SWAP(NUM_ENT(pagep));
+	M_16_SWAP(OFFSET(pagep));
+
+	for (i = 0; i < NUM_ENT(pagep); i++) {
+		M_16_SWAP(KEY_OFF(pagep, i));
+		M_16_SWAP(DATA_OFF(pagep, i));
+	}
+}
+
+static void
+swap_page_header_out(pagep)
+	PAGE16 *pagep;
+{
+	u_int32_t i;
+
+	for (i = 0; i < NUM_ENT(pagep); i++) {
+		M_16_SWAP(KEY_OFF(pagep, i));
+		M_16_SWAP(DATA_OFF(pagep, i))
+	}
+
+	/* can leave type and filler alone, since they're 1-byte quantities */
+
+	M_32_SWAP(PREV_PGNO(pagep));
+	M_32_SWAP(NEXT_PGNO(pagep));
+	M_16_SWAP(NUM_ENT(pagep));
+	M_16_SWAP(OFFSET(pagep));
+}
+
+#define BYTE_MASK	((1 << INT32_T_BYTE_SHIFT) -1)
+/*
+ * Initialize a new bitmap page.  Bitmap pages are left in memory
+ * once they are read in.
+ */
+extern int32_t
+__ibitmap(hashp, pnum, nbits, ndx)
+	HTAB *hashp;
+	int32_t pnum, nbits, ndx;
+{
+	u_int32_t *ip;
+	int32_t clearbytes, clearints;
+
+	/* make a new bitmap page */
+	if (__new_page(hashp, pnum, A_BITMAP) != 0)
+		return (1);
+	if (!(ip = (u_int32_t *)(void *)__get_page(hashp, pnum, A_BITMAP)))
+		return (1);
+	hashp->nmaps++;
+	clearints = ((nbits - 1) >> INT32_T_BYTE_SHIFT) + 1;
+	clearbytes = clearints << INT32_T_TO_BYTE;
+	(void)memset((int8_t *)ip, 0, clearbytes);
+	(void)memset((int8_t *)ip + clearbytes,
+	    0xFF, hashp->hdr.bsize - clearbytes);
+	ip[clearints - 1] = ALL_SET << (nbits & BYTE_MASK);
+	SETBIT(ip, 0);
+	hashp->hdr.bitmaps[ndx] = (u_int16_t)pnum;
+	hashp->mapp[ndx] = ip;
+	return (0);
+}
+
+static u_int32_t
+first_free(map)
+	u_int32_t map;
+{
+	u_int32_t i, mask;
+
+	for (mask = 0x1, i = 0; i < BITS_PER_MAP; i++) {
+		if (!(mask & map))
+			return (i);
+		mask = mask << 1;
+	}
+	return (i);
+}
+
+/*
+ * returns 0 on error
+ */
+static u_int16_t
+overflow_page(hashp)
+	HTAB *hashp;
+{
+	u_int32_t *freep;
+	u_int32_t bit, first_page, free_bit, free_page, i, in_use_bits, j;
+	u_int32_t max_free, offset, splitnum;
+	u_int16_t addr;
+#ifdef DEBUG2
+	int32_t tmp1, tmp2;
+#endif
+
+	splitnum = hashp->hdr.ovfl_point;
+	max_free = hashp->hdr.spares[splitnum];
+
+	free_page = (max_free - 1) >> (hashp->hdr.bshift + BYTE_SHIFT);
+	free_bit = (max_free - 1) & ((hashp->hdr.bsize << BYTE_SHIFT) - 1);
+
+	/*
+	 * Look through all the free maps to find the first free block.
+ 	 * The compiler under -Wall will complain that freep may be used
+	 * before being set, however, this loop will ALWAYS get executed
+	 * at least once, so freep is guaranteed to be set.
+	 */
+	freep = NULL;
+	first_page = hashp->hdr.last_freed >> (hashp->hdr.bshift + BYTE_SHIFT);
+	for (i = first_page; i <= free_page; i++) {
+		if (!(freep = fetch_bitmap(hashp, i)))
+			return (0);
+		if (i == free_page)
+			in_use_bits = free_bit;
+		else
+			in_use_bits = (hashp->hdr.bsize << BYTE_SHIFT) - 1;
+
+		if (i == first_page) {
+			bit = hashp->hdr.last_freed &
+			    ((hashp->hdr.bsize << BYTE_SHIFT) - 1);
+			j = bit / BITS_PER_MAP;
+			bit = bit & ~(BITS_PER_MAP - 1);
+		} else {
+			bit = 0;
+			j = 0;
+		}
+		for (; bit <= in_use_bits; j++, bit += BITS_PER_MAP)
+			if (freep[j] != ALL_SET)
+				goto found;
+	}
+
+	/* No Free Page Found */
+	hashp->hdr.last_freed = hashp->hdr.spares[splitnum];
+	hashp->hdr.spares[splitnum]++;
+	offset = hashp->hdr.spares[splitnum] -
+	    (splitnum ? hashp->hdr.spares[splitnum - 1] : 0);
+
+#define	OVMSG	"HASH: Out of overflow pages.  Increase page size\n"
+
+	if (offset > SPLITMASK) {
+		if (++splitnum >= NCACHED) {
+			(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
+			return (0);
+		}
+		hashp->hdr.ovfl_point = splitnum;
+		hashp->hdr.spares[splitnum] = hashp->hdr.spares[splitnum - 1];
+		hashp->hdr.spares[splitnum - 1]--;
+		offset = 1;
+	}
+	/* Check if we need to allocate a new bitmap page. */
+	if (free_bit == (hashp->hdr.bsize << BYTE_SHIFT) - 1) {
+		free_page++;
+		if (free_page >= NCACHED) {
+			(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
+			return (0);
+		}
+		/*
+		 * This is tricky.  The 1 indicates that you want the new page
+		 * allocated with 1 clear bit.  Actually, you are going to
+		 * allocate 2 pages from this map.  The first is going to be
+		 * the map page, the second is the overflow page we were
+		 * looking for.  The __ibitmap routine automatically, sets
+		 * the first bit of itself to indicate that the bitmap itself
+		 * is in use.  We would explicitly set the second bit, but
+		 * don't have to if we tell __ibitmap not to leave it clear
+		 * in the first place.
+		 */
+		if (__ibitmap(hashp,
+		    (int32_t)OADDR_OF(splitnum, offset), 1, free_page))
+			return (0);
+		hashp->hdr.spares[splitnum]++;
+#ifdef DEBUG2
+		free_bit = 2;
+#endif
+		offset++;
+		if (offset > SPLITMASK) {
+			if (++splitnum >= NCACHED) {
+				(void)write(STDERR_FILENO,
+				    OVMSG, sizeof(OVMSG) - 1);
+				return (0);
+			}
+			hashp->hdr.ovfl_point = splitnum;
+			hashp->hdr.spares[splitnum] =
+			    hashp->hdr.spares[splitnum - 1];
+			hashp->hdr.spares[splitnum - 1]--;
+			offset = 0;
+		}
+	} else {
+		/*
+		 * Free_bit addresses the last used bit.  Bump it to address
+		 * the first available bit.
+		 */
+		free_bit++;
+		SETBIT(freep, free_bit);
+	}
+
+	/* Calculate address of the new overflow page */
+	addr = OADDR_OF(splitnum, offset);
+#ifdef DEBUG2
+	(void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n",
+	    addr, free_bit, free_page);
+#endif
+
+	if (OADDR_TO_PAGE(addr) > MAX_PAGES(hashp)) {
+		(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
+		return (0);
+	}
+	return (addr);
+
+found:
+	bit = bit + first_free(freep[j]);
+	SETBIT(freep, bit);
+#ifdef DEBUG2
+	tmp1 = bit;
+	tmp2 = i;
+#endif
+	/*
+	 * Bits are addressed starting with 0, but overflow pages are addressed
+	 * beginning at 1. Bit is a bit address number, so we need to increment
+	 * it to convert it to a page number.
+	 */
+	bit = 1 + bit + (i * (hashp->hdr.bsize << BYTE_SHIFT));
+	if (bit >= hashp->hdr.last_freed)
+		hashp->hdr.last_freed = bit - 1;
+
+	/* Calculate the split number for this page */
+	for (i = 0; i < splitnum && (bit > hashp->hdr.spares[i]); i++);
+	offset = (i ? bit - hashp->hdr.spares[i - 1] : bit);
+	if (offset >= SPLITMASK)
+		return (0);	/* Out of overflow pages */
+	addr = OADDR_OF(i, offset);
+#ifdef DEBUG2
+	(void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n",
+	    addr, tmp1, tmp2);
+#endif
+
+	if (OADDR_TO_PAGE(addr) > MAX_PAGES(hashp)) {
+		(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
+		return (0);
+	}
+	/* Allocate and return the overflow page */
+	return (addr);
+}
+
+#ifdef DEBUG
+int
+bucket_to_page(hashp, n)
+	HTAB *hashp;
+	int n;
+{
+	int ret_val;
+
+	ret_val = n + hashp->hdr.hdrpages;
+	if (n != 0)
+		ret_val += hashp->hdr.spares[__log2(n + 1) - 1];
+	return (ret_val);
+}
+
+int32_t
+oaddr_to_page(hashp, n)
+	HTAB *hashp;
+	int n;
+{
+	int ret_val, temp;
+
+	temp = (1 << SPLITNUM(n)) - 1;
+	ret_val = bucket_to_page(hashp, temp);
+	ret_val += (n & SPLITMASK);
+
+	return (ret_val);
+}
+#endif /* DEBUG */
+
+static indx_t
+page_to_oaddr(hashp, pgno)
+	HTAB *hashp;
+	db_pgno_t pgno;
+{
+	int32_t sp, ret_val;
+
+	/*
+	 * To convert page number to overflow address:
+	 *
+	 * 1.  Find a starting split point -- use 0 since there are only
+	 *     32 split points.
+	 * 2.  Find the split point s.t. 2^sp + hdr.spares[sp] < pgno and
+	 *     2^(sp+1) = hdr.spares[sp+1] > pgno.  The overflow address will
+	 *     be located at sp.
+	 * 3.  return...
+	 */
+	pgno -= hashp->hdr.hdrpages;
+	for (sp = 0; sp < NCACHED - 1; sp++)
+		if (POW2(sp) + hashp->hdr.spares[sp] < pgno &&
+		    (POW2(sp + 1) + hashp->hdr.spares[sp + 1]) > pgno)
+			break;
+
+	ret_val = OADDR_OF(sp + 1,
+	    pgno - ((POW2(sp + 1) - 1) + hashp->hdr.spares[sp]));
+#ifdef DEBUG
+	assert(OADDR_TO_PAGE(ret_val) == (pgno + hashp->hdr.hdrpages));
+#endif
+	return (ret_val);
+}
+
+/*
+ * Mark this overflow page as free.
+ */
+extern void
+__free_ovflpage(hashp, pagep)
+	HTAB *hashp;
+	PAGE16 *pagep;
+{
+	u_int32_t *freep;
+	u_int32_t bit_address, free_page, free_bit;
+	u_int16_t addr, ndx;
+
+	addr = page_to_oaddr(hashp, ADDR(pagep));
+
+#ifdef DEBUG2
+	(void)fprintf(stderr, "Freeing %d\n", addr);
+#endif
+	ndx = ((u_int16_t)addr) >> SPLITSHIFT;
+	bit_address =
+	    (ndx ? hashp->hdr.spares[ndx - 1] : 0) + (addr & SPLITMASK) - 1;
+	if (bit_address < hashp->hdr.last_freed)
+		hashp->hdr.last_freed = bit_address;
+	free_page = (bit_address >> (hashp->hdr.bshift + BYTE_SHIFT));
+	free_bit = bit_address & ((hashp->hdr.bsize << BYTE_SHIFT) - 1);
+
+	freep = fetch_bitmap(hashp, free_page);
+#ifdef DEBUG
+	/*
+	 * This had better never happen.  It means we tried to read a bitmap
+	 * that has already had overflow pages allocated off it, and we
+	 * failed to read it from the file.
+	 */
+	if (!freep)
+		assert(0);
+#endif
+	CLRBIT(freep, free_bit);
+#ifdef DEBUG2
+	(void)fprintf(stderr, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n",
+	    obufp->addr, free_bit, free_page);
+#endif
+}
+
+static u_int32_t *
+fetch_bitmap(hashp, ndx)
+	HTAB *hashp;
+	int32_t ndx;
+{
+	if (ndx >= hashp->nmaps)
+		return (NULL);
+	if (!hashp->mapp[ndx])
+	    hashp->mapp[ndx] = (u_int32_t *)(void *)__get_page(hashp,
+	        hashp->hdr.bitmaps[ndx], A_BITMAP);
+
+	return (hashp->mapp[ndx]);
+}
+
+#ifdef DEBUG_SLOW
+static void
+account_page(hashp, pgno, inout)
+	HTAB *hashp;
+	db_pgno_t pgno;
+	int inout;
+{
+	static struct {
+		db_pgno_t pgno;
+		int times;
+	} list[100];
+	static int last;
+	int i, j;
+
+	if (inout == -1)			/* XXX: Kluge */
+		inout = 0;
+
+	/* Find page in list. */
+	for (i = 0; i < last; i++)
+		if (list[i].pgno == pgno)
+			break;
+	/* Not found. */
+	if (i == last) {
+		list[last].times = inout;
+		list[last].pgno = pgno;
+		last++;
+	}
+	list[i].times = inout;
+	if (list[i].times == 0) {
+		for (j = i; j < last; j++)
+			list[j] = list[j + 1];
+		last--;
+	}
+	for (i = 0; i < last; i++, list[i].times++)
+		if (list[i].times > 20 && !is_bitmap_pgno(hashp, list[i].pgno))
+			(void)fprintf(stderr,
+			    "Warning: pg %d has been out for %d times\n",
+			    list[i].pgno, list[i].times);
+}
+#endif /* DEBUG_SLOW */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hsearch.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hsearch.c
new file mode 100644
index 00000000..02ff7ef8
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hsearch.c
@@ -0,0 +1,107 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hsearch.c	8.5 (Berkeley) 9/21/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <fcntl.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "search.h"
+
+static DB *dbp = NULL;
+static ENTRY retval;
+
+extern int
+hcreate(nel)
+	u_int nel;
+{
+	HASHINFO info;
+
+	info.nelem = nel;
+	info.bsize = 256;
+	info.ffactor = 8;
+	info.cachesize = 0;
+	info.hash = NULL;
+	info.lorder = 0;
+	dbp = (DB *)__hash_open(NULL, O_CREAT | O_RDWR | O_BINARY, 0600, &info, 0);
+	return (dbp != NULL);
+}
+
+extern ENTRY *
+hsearch(item, action)
+	ENTRY item;
+	ACTION action;
+{
+	DBT key, val;
+	int status;
+
+	if (!dbp)
+		return (NULL);
+	key.data = (u_char *)item.key;
+	key.size = strlen(item.key) + 1;
+
+	if (action == ENTER) {
+		val.data = (u_char *)item.data;
+		val.size = strlen(item.data) + 1;
+		status = (dbp->put)(dbp, &key, &val, R_NOOVERWRITE);
+		if (status)
+			return (NULL);
+	} else {
+		/* FIND */
+		status = (dbp->get)(dbp, &key, &val, 0);
+		if (status)
+			return (NULL);
+		else
+			item.data = (char *)val.data;
+	}
+	retval.key = item.key;
+	retval.data = item.data;
+	return (&retval);
+}
+
+extern void
+hdestroy()
+{
+	if (dbp) {
+		(void)(dbp->close)(dbp);
+		dbp = NULL;
+	}
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/page.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/page.h
new file mode 100644
index 00000000..8cfdf004
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/page.h
@@ -0,0 +1,178 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)page.h	8.4 (Berkeley) 11/7/95
+ */
+
+#define HI_MASK 0xFFFF0000
+#define LO_MASK (~HI_MASK)
+
+#define HI(N) ((u_int16_t)(((N) & HI_MASK) >> 16))
+#define LO(N) ((u_int16_t)((N) & LO_MASK))
+
+/* Constants for big key page overhead information. */
+#define NUMSHORTS	0
+#define KEYLEN		1
+#define DATALEN 	2
+#define NEXTPAGE 	3
+
+/*
+ * Hash pages store meta-data beginning at the top of the page (offset 0)
+ * and key/data values beginning at the bottom of the page (offset pagesize).
+ * Fields are always accessed via macros so that we can change the page
+ * format without too much pain.  The only changes that will require massive
+ * code changes are if we no longer store key/data offsets next to each
+ * other (since we use that fact to compute key lengths).  In the accessor
+ * macros below, P means a pointer to the page, I means an index of the
+ * particular entry being accessed.
+ *
+ * Hash base page format
+ * BYTE ITEM			NBYTES 	TYPE		ACCESSOR MACRO
+ * ---- ------------------	------	--------	--------------
+ * 0	previous page number 	4	db_pgno_t		PREV_PGNO(P)
+ * 4	next page number	4	db_pgno_t		NEXT_PGNO(P)
+ * 8	# pairs on page		2	indx_t		NUM_ENT(P)
+ * 10	page type		1	u_int8_t	TYPE(P)
+ * 11	padding			1	u_int8_t	none
+ * 12	highest free byte	2	indx_t		OFFSET(P)
+ * 14	key offset 0		2	indx_t		KEY_OFF(P, I)
+ * 16	data offset 0		2	indx_t		DATA_OFF(P, I)
+ * 18	key  offset 1		2	indx_t		KEY_OFF(P, I)
+ * 20	data offset 1		2	indx_t		DATA_OFF(P, I)
+ * ...etc...
+ */
+
+/* Indices (in bytes) of the beginning of each of these entries */
+#define I_PREV_PGNO	 0
+#define I_NEXT_PGNO	 4
+#define I_ENTRIES	 8
+#define I_TYPE		10
+#define I_HF_OFFSET	12
+
+/* Overhead is everything prior to the first key/data pair. */
+#define PAGE_OVERHEAD	(I_HF_OFFSET + sizeof(indx_t))
+
+/* To allocate a pair, we need room for one key offset and one data offset. */
+#define PAIR_OVERHEAD	((sizeof(indx_t) << 1))
+
+/* Use this macro to extract a value of type T from page P at offset O. */
+#define REFERENCE(P, T, O)  (((T *)(void *)((u_int8_t *)(void *)(P) + O))[0])
+
+/*
+ * Use these macros to access fields on a page; P is a PAGE16 *.
+ */
+#define NUM_ENT(P)	(REFERENCE((P), indx_t, I_ENTRIES))
+#define PREV_PGNO(P)	(REFERENCE((P), db_pgno_t, I_PREV_PGNO))
+#define NEXT_PGNO(P)	(REFERENCE((P), db_pgno_t, I_NEXT_PGNO))
+#define TYPE(P)		(REFERENCE((P), u_int8_t, I_TYPE))
+#define OFFSET(P)	(REFERENCE((P), indx_t, I_HF_OFFSET))
+/*
+ * We need to store a page's own address on each page (unlike the Btree
+ * access method which needs the previous page).  We use the PREV_PGNO
+ * field to store our own page number.
+ */
+#define ADDR(P)		(PREV_PGNO((P)))
+
+/* Extract key/data offsets and data for a given index. */
+#define DATA_OFF(P, N) \
+	REFERENCE(P, indx_t, PAGE_OVERHEAD + N * PAIR_OVERHEAD + sizeof(indx_t))
+#define KEY_OFF(P, N) \
+	REFERENCE(P, indx_t, PAGE_OVERHEAD + N * PAIR_OVERHEAD)
+
+#define KEY(P, N)	(((PAGE8 *)(P)) + KEY_OFF((P), (N)))
+#define DATA(P, N)	(((PAGE8 *)(P)) + DATA_OFF((P), (N)))
+
+/*
+ * Macros used to compute various sizes on a page.
+ */
+#define	PAIRSIZE(K, D)	(PAIR_OVERHEAD + (K)->size + (D)->size)
+#define BIGOVERHEAD	(4 * sizeof(u_int16_t))
+#define KEYSIZE(K)	(4 * sizeof(u_int16_t) + (K)->size);
+#define OVFLSIZE	(2 * sizeof(u_int16_t))
+#define BIGPAGEOVERHEAD (4 * sizeof(u_int16_t))
+#define BIGPAGEOFFSET   4
+#define BIGPAGESIZE(P)	((P)->BSIZE - BIGPAGEOVERHEAD)
+
+#define PAGE_META(N)	(((N) + 3) * sizeof(u_int16_t))
+#define MINFILL 0.75
+#define ISBIG(N, P)	(((N) > ((P)->hdr.bsize * MINFILL)) ? 1 : 0)
+
+#define ITEMSIZE(I)    (sizeof(u_int16_t) + (I)->size)
+
+/*
+ * Big key/data pages use a different page format.  They have a single
+ * key/data "pair" containing the length of the key and data instead
+ * of offsets.
+ */
+#define BIGKEYLEN(P)	(KEY_OFF((P), 0))
+#define BIGDATALEN(P)	(DATA_OFF((P), 0))
+#define BIGKEY(P)	(((PAGE8 *)(P)) + PAGE_OVERHEAD + PAIR_OVERHEAD)
+#define BIGDATA(P) \
+	(((PAGE8 *)(P)) + PAGE_OVERHEAD + PAIR_OVERHEAD + KEY_OFF((P), 0))
+
+
+#define OVFLPAGE	0
+#define BIGPAIR		0
+#define INVALID_PGNO	0xFFFFFFFF
+
+typedef unsigned short PAGE16;
+typedef unsigned char  PAGE8;
+
+#define A_BUCKET	0
+#define A_OVFL		1
+#define A_BITMAP	2
+#define A_RAW		4
+#define A_HEADER	5
+
+#define PAIRFITS(P,K,D)	((PAIRSIZE((K),(D))) <= FREESPACE((P)))
+#define BIGPAIRFITS(P)	((FREESPACE((P)) >= PAIR_OVERHEAD))
+/*
+ * Since these are all unsigned, we need to guarantee that we never go
+ * negative.  Offset values are 0-based and overheads are one based (i.e.
+ * one byte of overhead is 1, not 0), so we need to convert OFFSETs to
+ * 1-based counting before subtraction.
+ */
+#define FREESPACE(P) \
+	((OFFSET((P)) + 1 - PAGE_OVERHEAD - (NUM_ENT((P)) * PAIR_OVERHEAD)))
+
+/*
+ * Overhead on header pages is just one word -- the length of the
+ * header info stored on that page.
+ */
+#define HEADER_OVERHEAD 4
+
+#define HASH_PAGE	2
+#define HASH_BIGPAGE	3
+#define HASH_OVFLPAGE	4
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/page.h.patch b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/page.h.patch
new file mode 100644
index 00000000..4a0311fe
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/page.h.patch
@@ -0,0 +1,42 @@
+*** /tmp/,RCSt1a21720	Wed Apr  3 11:49:55 1996
+--- page.h	Wed Apr  3 08:42:25 1996
+***************
+*** 158,163
+  
+  #define PAIRFITS(P,K,D)	((PAIRSIZE((K),(D))) <= FREESPACE((P)))
+  #define BIGPAIRFITS(P)	((FREESPACE((P)) >= PAIR_OVERHEAD))
+  #define FREESPACE(P) \
+  	((OFFSET((P)) - PAGE_OVERHEAD - (NUM_ENT((P)) * PAIR_OVERHEAD)))
+  
+
+--- 158,169 -----
+  
+  #define PAIRFITS(P,K,D)	((PAIRSIZE((K),(D))) <= FREESPACE((P)))
+  #define BIGPAIRFITS(P)	((FREESPACE((P)) >= PAIR_OVERHEAD))
++ /*
++  * Since these are all unsigned, we need to guarantee that we never go
++  * negative.  Offset values are 0-based and overheads are one based (i.e.
++  * one byte of overhead is 1, not 0), so we need to convert OFFSETs to
++  * 1-based counting before subtraction.
++  */
+  #define FREESPACE(P) \
+  	((OFFSET((P)) + 1 - PAGE_OVERHEAD - (NUM_ENT((P)) * PAIR_OVERHEAD)))
+  
+***************
+*** 159,165
+  #define PAIRFITS(P,K,D)	((PAIRSIZE((K),(D))) <= FREESPACE((P)))
+  #define BIGPAIRFITS(P)	((FREESPACE((P)) >= PAIR_OVERHEAD))
+  #define FREESPACE(P) \
+! 	((OFFSET((P)) - PAGE_OVERHEAD - (NUM_ENT((P)) * PAIR_OVERHEAD)))
+  
+  /* 
+   * Overhead on header pages is just one word -- the length of the
+
+--- 165,171 -----
+   * 1-based counting before subtraction.
+   */
+  #define FREESPACE(P) \
+! 	((OFFSET((P)) + 1 - PAGE_OVERHEAD - (NUM_ENT((P)) * PAIR_OVERHEAD)))
+  
+  /* 
+   * Overhead on header pages is just one word -- the length of the
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/search.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/search.h
new file mode 100644
index 00000000..6d6a0a82
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/search.h
@@ -0,0 +1,55 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)search.h	8.1 (Berkeley) 6/4/93
+ */
+
+/* Backward compatibility to hsearch interface. */
+typedef struct entry {
+	char *key;
+	char *data;
+} ENTRY;
+
+typedef enum {
+	FIND, ENTER
+} ACTION;
+
+#define hcreate		kdb2_hcreate
+#define hdestroy	kdb2_hdestroy
+#define hsearch		kdb2_hsearch
+
+int	 hcreate __P((unsigned int));
+void	 hdestroy __P((void));
+ENTRY	*hsearch __P((ENTRY, ACTION));
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/config.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/config.h
new file mode 100644
index 00000000..b4ace4e0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/config.h
@@ -0,0 +1,23 @@
+/* This includes autoconf.h and defines u_int32_t.  */
+#include "db-config.h"
+
+#ifndef HAVE_U_INT16_T
+#define u_int16_t unsigned short
+#endif
+#ifndef HAVE_INT16_T
+#define int16_t short
+#endif
+
+#ifndef HAVE_INT8_T
+#define int8_t signed char
+#endif
+#ifndef HAVE_U_INT8_T
+#define u_int8_t unsigned char
+#endif
+#ifndef HAVE_INT32_T
+#define int32_t int
+#endif
+
+#ifndef HAVE_SSIZE_T
+#define ssize_t int
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-config.hin b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-config.hin
new file mode 100644
index 00000000..0ac7c916
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-config.hin
@@ -0,0 +1,17 @@
+#include "autoconf.h"
+
+#ifndef HAVE_U_CHAR
+#define u_char unsigned char
+#endif
+
+#ifndef HAVE_U_INT
+#define u_int unsigned int
+#endif
+
+#ifndef HAVE_U_LONG
+#define u_long unsigned long
+#endif
+
+#ifndef HAVE_U_INT32_T
+#define u_int32_t unsigned int
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-dbm.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-dbm.h
new file mode 100644
index 00000000..28c93786
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-dbm.h
@@ -0,0 +1,23 @@
+#ifndef _DBM_H_
+#define	_DBM_H_
+
+#include "db.h"
+
+#define dbminit		kdb2_dbminit
+#define fetch		kdb2_fetch
+#define firstkey	kdb2_firstkey
+#define nextkey		kdb2_nextkey
+#define delete		kdb2_delete
+#define store		kdb2_store
+
+__BEGIN_DECLS
+int	 dbminit __P((char *));
+datum	 fetch __P((datum));
+datum	 firstkey __P((void));
+datum	 nextkey __P((datum));
+int	 delete __P((datum));
+int	 store __P((datum, datum));
+__END_DECLS
+
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-int.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-int.h
new file mode 100644
index 00000000..7e981d4a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-int.h
@@ -0,0 +1,283 @@
+/*-
+ * Copyright (c) 1991, 1993, 2007
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)compat.h	8.13 (Berkeley) 2/21/94
+ */
+
+#ifndef	_DB_INT_H_
+#define	_DB_INT_H_
+
+#include "config.h"
+#include "db.h"
+
+/* deal with autoconf-based stuff */
+
+#define DB_LITTLE_ENDIAN 1234
+#define DB_BIG_ENDIAN 4321
+
+#include <stdlib.h>
+#ifdef HAVE_ENDIAN_H
+# include <endian.h>
+#endif
+#ifdef HAVE_MACHINE_ENDIAN_H
+# include <machine/endian.h>
+#endif
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+/* Handle both BIG and LITTLE defined and BYTE_ORDER matches one, or
+   just one defined; both with and without leading underscores.
+
+   Ignore "PDP endian" machines, this code doesn't support them
+   anyways.  */
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef __LITTLE_ENDIAN__
+#  define LITTLE_ENDIAN __LITTLE_ENDIAN__
+# endif
+# ifdef __BIG_ENDIAN__
+#  define BIG_ENDIAN __BIG_ENDIAN__
+# endif
+#endif
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef _LITTLE_ENDIAN
+#  define LITTLE_ENDIAN _LITTLE_ENDIAN
+# endif
+# ifdef _BIG_ENDIAN
+#  define BIG_ENDIAN _BIG_ENDIAN
+# endif
+# ifdef _BYTE_ORDER
+#  define BYTE_ORDER _BYTE_ORDER
+# endif
+#endif
+#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) && !defined(BYTE_ORDER)
+# ifdef __LITTLE_ENDIAN
+#  define LITTLE_ENDIAN __LITTLE_ENDIAN
+# endif
+# ifdef __BIG_ENDIAN
+#  define BIG_ENDIAN __BIG_ENDIAN
+# endif
+# ifdef __BYTE_ORDER
+#  define BYTE_ORDER __BYTE_ORDER
+# endif
+#endif
+
+#if defined(_MIPSEL) && !defined(LITTLE_ENDIAN)
+# define LITTLE_ENDIAN
+#endif
+#if defined(_MIPSEB) && !defined(BIG_ENDIAN)
+# define BIG_ENDIAN
+#endif
+
+#if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN) && defined(BYTE_ORDER)
+# if LITTLE_ENDIAN == BYTE_ORDER
+#  define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+# elif BIG_ENDIAN == BYTE_ORDER
+#  define DB_BYTE_ORDER DB_BIG_ENDIAN
+# else
+#  error "LITTLE_ENDIAN and BIG_ENDIAN defined, but can't determine byte order"
+# endif
+#elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
+# define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+#elif defined(BIG_ENDIAN) && !defined(LITTLE_ENDIAN)
+# define DB_BYTE_ORDER DB_BIG_ENDIAN
+#else
+# error "can't determine byte order from included system headers"
+#endif
+
+#if 0
+#ifdef WORDS_BIGENDIAN
+#define DB_BYTE_ORDER DB_BIG_ENDIAN
+#else
+#define DB_BYTE_ORDER DB_LITTLE_ENDIAN
+#endif
+#endif
+
+/* end autoconf-based stuff */
+
+/* include necessary system header files */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <limits.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+
+/* types and constants used for database structure */
+
+#define	MAX_PAGE_NUMBER	0xffffffff	/* >= # of pages in a file */
+typedef u_int32_t	db_pgno_t;
+#define	MAX_PAGE_OFFSET	65535		/* >= # of bytes in a page */
+typedef u_int16_t	indx_t;
+#define	MAX_REC_NUMBER	0xffffffff	/* >= # of records in a tree */
+typedef u_int32_t	recno_t;
+
+/*
+ * Little endian <==> big endian 32-bit swap macros.
+ *	M_32_SWAP	swap a memory location
+ *	P_32_SWAP	swap a referenced memory location
+ *	P_32_COPY	swap from one location to another
+ */
+#define	M_32_SWAP(a) {							\
+	u_int32_t _tmp = a;						\
+	((char *)&a)[0] = ((char *)&_tmp)[3];				\
+	((char *)&a)[1] = ((char *)&_tmp)[2];				\
+	((char *)&a)[2] = ((char *)&_tmp)[1];				\
+	((char *)&a)[3] = ((char *)&_tmp)[0];				\
+}
+#define	P_32_SWAP(a) {							\
+	char _tmp[4];							\
+	_tmp[0] = ((char *)a)[0];					\
+	_tmp[1] = ((char *)a)[1];					\
+	_tmp[2] = ((char *)a)[2];					\
+	_tmp[3] = ((char *)a)[3];					\
+	((char *)a)[0] = _tmp[3];					\
+	((char *)a)[1] = _tmp[2];					\
+	((char *)a)[2] = _tmp[1];					\
+	((char *)a)[3] = _tmp[0];					\
+}
+#define	P_32_COPY(a, b) {						\
+	((char *)&(b))[0] = ((char *)&(a))[3];				\
+	((char *)&(b))[1] = ((char *)&(a))[2];				\
+	((char *)&(b))[2] = ((char *)&(a))[1];				\
+	((char *)&(b))[3] = ((char *)&(a))[0];				\
+}
+
+/*
+ * Little endian <==> big endian 16-bit swap macros.
+ *	M_16_SWAP	swap a memory location
+ *	P_16_SWAP	swap a referenced memory location
+ *	P_16_COPY	swap from one location to another
+ */
+#define	M_16_SWAP(a) {							\
+	u_int16_t _tmp = a;						\
+	((char *)&a)[0] = ((char *)&_tmp)[1];				\
+	((char *)&a)[1] = ((char *)&_tmp)[0];				\
+}
+#define	P_16_SWAP(a) {							\
+	char _tmp[2];							\
+	_tmp[0] = ((char *)a)[0];					\
+	_tmp[1] = ((char *)a)[1];					\
+	((char *)a)[0] = _tmp[1];					\
+	((char *)a)[1] = _tmp[0];					\
+}
+#define	P_16_COPY(a, b) {						\
+	((char *)&(b))[0] = ((char *)&(a))[1];				\
+	((char *)&(b))[1] = ((char *)&(a))[0];				\
+}
+
+/* open functions for each database type, used in dbopen() */
+
+#define __bt_open	__kdb2_bt_open
+#define __hash_open	__kdb2_hash_open
+#define __rec_open	__kdb2_rec_open
+#define __dbpanic	__kdb2_dbpanic
+
+DB	*__bt_open __P((const char *, int, int, const BTREEINFO *, int));
+DB	*__hash_open __P((const char *, int, int, const HASHINFO *, int));
+DB	*__rec_open __P((const char *, int, int, const RECNOINFO *, int));
+void	 __dbpanic __P((DB *dbp));
+
+/*
+ * There is no portable way to figure out the maximum value of a file
+ * offset, so we put it here.
+ */
+#ifdef	OFF_T_MAX
+#define	DB_OFF_T_MAX	OFF_T_MAX
+#else
+#define	DB_OFF_T_MAX	LONG_MAX
+#endif
+
+#ifndef O_ACCMODE			/* POSIX 1003.1 access mode mask. */
+#define	O_ACCMODE	(O_RDONLY|O_WRONLY|O_RDWR)
+#endif
+
+/*
+ * If you can't provide lock values in the open(2) call.  Note, this
+ * allows races to happen.
+ */
+#ifndef O_EXLOCK			/* 4.4BSD extension. */
+#define	O_EXLOCK	0
+#endif
+
+#ifndef O_SHLOCK			/* 4.4BSD extension. */
+#define	O_SHLOCK	0
+#endif
+
+#ifndef EFTYPE
+#define	EFTYPE		EINVAL		/* POSIX 1003.1 format errno. */
+#endif
+
+#ifndef	STDERR_FILENO
+#define	STDIN_FILENO	0		/* ANSI C #defines */
+#define	STDOUT_FILENO	1
+#define	STDERR_FILENO	2
+#endif
+
+#ifndef SEEK_END
+#define	SEEK_SET	0		/* POSIX 1003.1 seek values */
+#define	SEEK_CUR	1
+#define	SEEK_END	2
+#endif
+
+#ifndef NULL				/* ANSI C #defines NULL everywhere. */
+#define	NULL		0
+#endif
+
+#ifndef	MAX				/* Usually found in <sys/param.h>. */
+#define	MAX(_a,_b)	((_a)<(_b)?(_b):(_a))
+#endif
+#ifndef	MIN				/* Usually found in <sys/param.h>. */
+#define	MIN(_a,_b)	((_a)<(_b)?(_a):(_b))
+#endif
+
+#ifndef S_ISDIR				/* POSIX 1003.1 file type tests. */
+#define	S_ISDIR(m)	((m & 0170000) == 0040000)	/* directory */
+#define	S_ISCHR(m)	((m & 0170000) == 0020000)	/* char special */
+#define	S_ISBLK(m)	((m & 0170000) == 0060000)	/* block special */
+#define	S_ISREG(m)	((m & 0170000) == 0100000)	/* regular file */
+#define	S_ISFIFO(m)	((m & 0170000) == 0010000)	/* fifo */
+#endif
+#ifndef S_ISLNK				/* BSD POSIX 1003.1 extensions */
+#define	S_ISLNK(m)	((m & 0170000) == 0120000)	/* symbolic link */
+#define	S_ISSOCK(m)	((m & 0170000) == 0140000)	/* socket */
+#endif
+
+#ifndef O_BINARY
+#define O_BINARY	0		/* Needed for Win32 compiles */
+#endif
+#endif /* _DB_INT_H_ */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-ndbm.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-ndbm.h
new file mode 100644
index 00000000..e99f46fd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-ndbm.h
@@ -0,0 +1,91 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)ndbm.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _NDBM_H_
+#define	_NDBM_H_
+
+#include "db.h"
+
+/* Map dbm interface onto db(3). */
+#define DBM_RDONLY	O_RDONLY
+
+/* Flags to dbm_store(). */
+#define DBM_INSERT      0
+#define DBM_REPLACE     1
+
+/*
+ * The db(3) support for ndbm(3) always appends this suffix to the
+ * file name to avoid overwriting the user's original database.
+ */
+#define	DBM_SUFFIX	".db"
+
+typedef struct {
+	char *dptr;
+	int dsize;
+} datum;
+
+typedef DB DBM;
+#define	dbm_pagfno(a)	DBM_PAGFNO_NOT_AVAILABLE
+
+#define dbm_close	kdb2_dbm_close
+#define dbm_delete	kdb2_dbm_delete
+#define dbm_fetch	kdb2_dbm_fetch
+#define dbm_firstkey	kdb2_dbm_firstkey
+#define dbm_forder	kdb2_dbm_forder
+#define dbm_nextkey	kdb2_dbm_nextkey
+#define dbm_open	kdb2_dbm_open
+#define dbm_store	kdb2_dbm_store
+#define dbm_dirfno	kdb2_dbm_dirfno
+#define dbm_error	kdb2_dbm_error
+#define dbm_clearerr	kdb2_dbm_clearerr
+
+__BEGIN_DECLS
+void	 dbm_close __P((DBM *));
+int	 dbm_delete __P((DBM *, datum));
+datum	 dbm_fetch __P((DBM *, datum));
+datum	 dbm_firstkey __P((DBM *));
+long	 dbm_forder __P((DBM *, datum));
+datum	 dbm_nextkey __P((DBM *));
+DBM	*dbm_open __P((const char *, int, int));
+int	 dbm_store __P((DBM *, datum, datum, int));
+int	 dbm_dirfno __P((DBM *));
+int	 dbm_error __P((DBM *db));
+int	 dbm_clearerr __P((DBM *db));
+__END_DECLS
+
+#endif /* !_NDBM_H_ */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-queue.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-queue.h
new file mode 100644
index 00000000..65612ce6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db-queue.h
@@ -0,0 +1,245 @@
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)queue.h	8.3 (Berkeley) 12/13/93
+ */
+
+#ifndef	_QUEUE_H_
+#define	_QUEUE_H_
+
+/*
+ * This file defines three types of data structures: lists, tail queues,
+ * and circular queues.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list after
+ * an existing element or at the head of the list. A list may only be
+ * traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list after
+ * an existing element, at the head of the list, or at the end of the
+ * list. A tail queue may only be traversed in the forward direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ */
+
+/*
+ * List definitions.
+ */
+#define LIST_HEAD(name, type)						\
+struct name {								\
+	struct type *lh_first;	/* first element */			\
+}
+
+#define LIST_ENTRY(type)						\
+struct {								\
+	struct type *le_next;	/* next element */			\
+	struct type **le_prev;	/* address of previous next element */	\
+}
+
+/*
+ * List functions.
+ */
+#define	LIST_INIT(head) {						\
+	(head)->lh_first = NULL;					\
+}
+
+#define LIST_INSERT_AFTER(listelm, elm, field) {			\
+	if (((elm)->field.le_next = (listelm)->field.le_next) != NULL)	\
+		(listelm)->field.le_next->field.le_prev =		\
+		    &(elm)->field.le_next;				\
+	(listelm)->field.le_next = (elm);				\
+	(elm)->field.le_prev = &(listelm)->field.le_next;		\
+}
+
+#define LIST_INSERT_HEAD(head, elm, field) {				\
+	if (((elm)->field.le_next = (head)->lh_first) != NULL)		\
+		(head)->lh_first->field.le_prev = &(elm)->field.le_next;\
+	(head)->lh_first = (elm);					\
+	(elm)->field.le_prev = &(head)->lh_first;			\
+}
+
+#define LIST_REMOVE(elm, field) {					\
+	if ((elm)->field.le_next != NULL)				\
+		(elm)->field.le_next->field.le_prev = 			\
+		    (elm)->field.le_prev;				\
+	*(elm)->field.le_prev = (elm)->field.le_next;			\
+}
+
+/*
+ * Tail queue definitions.
+ */
+#define TAILQ_HEAD(name, type)						\
+struct name {								\
+	struct type *tqh_first;	/* first element */			\
+	struct type **tqh_last;	/* addr of last next element */		\
+}
+
+#define TAILQ_ENTRY(type)						\
+struct {								\
+	struct type *tqe_next;	/* next element */			\
+	struct type **tqe_prev;	/* address of previous next element */	\
+}
+
+/*
+ * Tail queue functions.
+ */
+#define	TAILQ_INIT(head) {						\
+	(head)->tqh_first = NULL;					\
+	(head)->tqh_last = &(head)->tqh_first;				\
+}
+
+#define TAILQ_INSERT_HEAD(head, elm, field) {				\
+	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
+		(elm)->field.tqe_next->field.tqe_prev =			\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(head)->tqh_first = (elm);					\
+	(elm)->field.tqe_prev = &(head)->tqh_first;			\
+}
+
+#define TAILQ_INSERT_TAIL(head, elm, field) {				\
+	(elm)->field.tqe_next = NULL;					\
+	(elm)->field.tqe_prev = (head)->tqh_last;			\
+	*(head)->tqh_last = (elm);					\
+	(head)->tqh_last = &(elm)->field.tqe_next;			\
+}
+
+#define TAILQ_INSERT_AFTER(head, listelm, elm, field) {			\
+	if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+		(elm)->field.tqe_next->field.tqe_prev = 		\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(listelm)->field.tqe_next = (elm);				\
+	(elm)->field.tqe_prev = &(listelm)->field.tqe_next;		\
+}
+
+#define TAILQ_REMOVE(head, elm, field) {				\
+	if (((elm)->field.tqe_next) != NULL)				\
+		(elm)->field.tqe_next->field.tqe_prev = 		\
+		    (elm)->field.tqe_prev;				\
+	else								\
+		(head)->tqh_last = (elm)->field.tqe_prev;		\
+	*(elm)->field.tqe_prev = (elm)->field.tqe_next;			\
+}
+
+/*
+ * Circular queue definitions.
+ */
+#define CIRCLEQ_HEAD(name, type)					\
+struct name {								\
+	struct type *cqh_first;		/* first element */		\
+	struct type *cqh_last;		/* last element */		\
+}
+
+#define CIRCLEQ_ENTRY(type)						\
+struct {								\
+	struct type *cqe_next;		/* next element */		\
+	struct type *cqe_prev;		/* previous element */		\
+}
+
+/*
+ * Circular queue functions.
+ */
+#define	CIRCLEQ_INIT(head) {						\
+	(head)->cqh_first = (void *)(head);				\
+	(head)->cqh_last = (void *)(head);				\
+}
+
+#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) {		\
+	(elm)->field.cqe_next = (listelm)->field.cqe_next;		\
+	(elm)->field.cqe_prev = (listelm);				\
+	if ((listelm)->field.cqe_next == (void *)(head))		\
+		(head)->cqh_last = (elm);				\
+	else								\
+		(listelm)->field.cqe_next->field.cqe_prev = (elm);	\
+	(listelm)->field.cqe_next = (elm);				\
+}
+
+#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) {		\
+	(elm)->field.cqe_next = (listelm);				\
+	(elm)->field.cqe_prev = (listelm)->field.cqe_prev;		\
+	if ((listelm)->field.cqe_prev == (void *)(head))		\
+		(head)->cqh_first = (elm);				\
+	else								\
+		(listelm)->field.cqe_prev->field.cqe_next = (elm);	\
+	(listelm)->field.cqe_prev = (elm);				\
+}
+
+#define CIRCLEQ_INSERT_HEAD(head, elm, field) {				\
+	(elm)->field.cqe_next = (head)->cqh_first;			\
+	(elm)->field.cqe_prev = (void *)(head);				\
+	if ((head)->cqh_last == (void *)(head))				\
+		(head)->cqh_last = (elm);				\
+	else								\
+		(head)->cqh_first->field.cqe_prev = (elm);		\
+	(head)->cqh_first = (elm);					\
+}
+
+#define CIRCLEQ_INSERT_TAIL(head, elm, field) {				\
+	(elm)->field.cqe_next = (void *)(head);				\
+	(elm)->field.cqe_prev = (head)->cqh_last;			\
+	if ((head)->cqh_first == (void *)(head))			\
+		(head)->cqh_first = (elm);				\
+	else								\
+		(head)->cqh_last->field.cqe_next = (elm);		\
+	(head)->cqh_last = (elm);					\
+}
+
+#define	CIRCLEQ_REMOVE(head, elm, field) {				\
+	if ((elm)->field.cqe_next == (void *)(head))			\
+		(head)->cqh_last = (elm)->field.cqe_prev;		\
+	else								\
+		(elm)->field.cqe_next->field.cqe_prev =			\
+		    (elm)->field.cqe_prev;				\
+	if ((elm)->field.cqe_prev == (void *)(head))			\
+		(head)->cqh_first = (elm)->field.cqe_next;		\
+	else								\
+		(elm)->field.cqe_prev->field.cqe_next =			\
+		    (elm)->field.cqe_next;				\
+}
+#endif	/* !_QUEUE_H_ */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db.hin b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db.hin
new file mode 100644
index 00000000..9ae8f8be
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/include/db.hin
@@ -0,0 +1,190 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)db.h	8.8 (Berkeley) 11/2/95
+ */
+
+#ifndef _DB_H_
+#define	_DB_H_
+
+#include <db-config.h>
+
+#include <sys/types.h>
+
+#define	RET_ERROR	-1		/* Return values. */
+#define	RET_SUCCESS	 0
+#define	RET_SPECIAL	 1
+
+/* Key/data structure -- a Data-Base Thang. */
+typedef struct {
+	void	*data;			/* data */
+	size_t	 size;			/* data length */
+} DBT;
+
+/* Routine flags. */
+#define	R_CURSOR	1		/* del, put, seq */
+#define	__R_UNUSED	2		/* UNUSED */
+#define	R_FIRST		3		/* seq */
+#define	R_IAFTER	4		/* put (RECNO) */
+#define	R_IBEFORE	5		/* put (RECNO) */
+#define	R_LAST		6		/* seq (BTREE, RECNO) */
+#define	R_NEXT		7		/* seq */
+#define	R_NOOVERWRITE	8		/* put */
+#define	R_PREV		9		/* seq (BTREE, RECNO) */
+#define	R_SETCURSOR	10		/* put (RECNO) */
+#define	R_RECNOSYNC	11		/* sync (RECNO) */
+
+/*
+ * Recursive sequential scan.
+ *
+ * This avoids using sibling pointers, permitting (possibly partial)
+ * recovery from some kinds of btree corruption.  Start a sequential
+ * scan as usual, but use R_RNEXT or R_RPREV to move forward or
+ * backward.
+ *
+ * This probably doesn't work with btrees that allow duplicate keys.
+ * Database modifications during the scan can also modify the parent
+ * page stack needed for correct functioning.  Intermixing
+ * non-recursive traversal by using R_NEXT or R_PREV can also make the
+ * page stack inconsistent with the cursor and cause problems.
+ */
+#define R_RNEXT		128		/* seq (BTREE, RECNO) */
+#define R_RPREV		129		/* seq (BTREE, RECNO) */
+
+typedef enum { DB_BTREE, DB_HASH, DB_RECNO } DBTYPE;
+
+/*
+ * !!!
+ * The following flags are included in the dbopen(3) call as part of the
+ * open(2) flags.  In order to avoid conflicts with the open flags, start
+ * at the top of the 16 or 32-bit number space and work our way down.  If
+ * the open flags were significantly expanded in the future, it could be
+ * a problem.  Wish I'd left another flags word in the dbopen call.
+ *
+ * !!!
+ * None of this stuff is implemented yet.  The only reason that it's here
+ * is so that the access methods can skip copying the key/data pair when
+ * the DB_LOCK flag isn't set.
+ */
+#if UINT_MAX >= 0xffffffffUL
+#define	DB_LOCK		0x20000000	/* Do locking. */
+#define	DB_SHMEM	0x40000000	/* Use shared memory. */
+#define	DB_TXN		0x80000000	/* Do transactions. */
+#else
+#define	DB_LOCK		    0x2000	/* Do locking. */
+#define	DB_SHMEM	    0x4000	/* Use shared memory. */
+#define	DB_TXN		    0x8000	/* Do transactions. */
+#endif
+
+/* deal with turning prototypes on and off */
+
+#ifndef __P
+#if defined(__STDC__) || defined(__cplusplus)
+#define	__P(protos)	protos		/* full-blown ANSI C */
+#else	/* !(__STDC__ || __cplusplus) */
+#define	__P(protos)	()		/* traditional C preprocessor */
+#endif
+#endif /* no __P from system */
+
+/* Access method description structure. */
+typedef struct __db {
+	DBTYPE type;			/* Underlying db type. */
+	int (*close)	__P((struct __db *));
+	int (*del)	__P((const struct __db *, const DBT *, u_int));
+	int (*get)	__P((const struct __db *, const DBT *, DBT *, u_int));
+	int (*put)	__P((const struct __db *, DBT *, const DBT *, u_int));
+	int (*seq)	__P((const struct __db *, DBT *, DBT *, u_int));
+	int (*sync)	__P((const struct __db *, u_int));
+	void *internal;			/* Access method private. */
+	int (*fd)	__P((const struct __db *));
+} DB;
+
+#define	BTREEMAGIC	0x053162
+#define	BTREEVERSION	3
+
+/* Structure used to pass parameters to the btree routines. */
+typedef struct {
+#define	R_DUP		0x01	/* duplicate keys */
+	u_long	flags;
+	u_int	cachesize;	/* bytes to cache */
+	int	maxkeypage;	/* maximum keys per page */
+	int	minkeypage;	/* minimum keys per page */
+	u_int	psize;		/* page size */
+	int	(*compare)	/* comparison function */
+	    __P((const DBT *, const DBT *));
+	size_t	(*prefix)	/* prefix function */
+	    __P((const DBT *, const DBT *));
+	int	lorder;		/* byte order */
+} BTREEINFO;
+
+#define	HASHMAGIC	0x061561
+#define	HASHVERSION	3
+
+/* Structure used to pass parameters to the hashing routines. */
+typedef struct {
+	u_int	bsize;		/* bucket size */
+	u_int	ffactor;	/* fill factor */
+	u_int	nelem;		/* number of elements */
+	u_int	cachesize;	/* bytes to cache */
+	u_int32_t		/* hash function */
+		(*hash) __P((const void *, size_t));
+	int	lorder;		/* byte order */
+} HASHINFO;
+
+/* Structure used to pass parameters to the record routines. */
+typedef struct {
+#define	R_FIXEDLEN	0x01	/* fixed-length records */
+#define	R_NOKEY		0x02	/* key not required */
+#define	R_SNAPSHOT	0x04	/* snapshot the input */
+	u_long	flags;
+	u_int	cachesize;	/* bytes to cache */
+	u_int	psize;		/* page size */
+	int	lorder;		/* byte order */
+	size_t	reclen;		/* record length (fixed-length records) */
+	u_char	bval;		/* delimiting byte (variable-length records */
+	char	*bfname;	/* btree file name */
+} RECNOINFO;
+
+#if defined(__cplusplus)
+#define	__BEGIN_DECLS	extern "C" {
+#define	__END_DECLS	};
+#else
+#define	__BEGIN_DECLS
+#define	__END_DECLS
+#endif
+
+#define dbopen	kdb2_dbopen
+__BEGIN_DECLS
+DB *dbopen __P((const char *, int, int, DBTYPE, const void *));
+__END_DECLS
+
+#endif /* !_DB_H_ */
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/libdb.exports b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/libdb.exports
new file mode 100644
index 00000000..0c168918
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/libdb.exports
@@ -0,0 +1,105 @@
+__default_hash
+__kdb2_add_bigpage
+__kdb2_add_ovflpage
+__kdb2_addel
+__kdb2_big_delete
+__kdb2_big_insert
+__kdb2_big_keydata
+__kdb2_big_return
+__kdb2_bt_close
+__kdb2_bt_cmp
+__kdb2_bt_defcmp
+__kdb2_bt_defpfx
+__kdb2_bt_deleaf
+__kdb2_bt_delete
+__kdb2_bt_dmpage
+__kdb2_bt_dnpage
+__kdb2_bt_dpage
+__kdb2_bt_dump
+__kdb2_bt_fd
+__kdb2_bt_free
+__kdb2_bt_get
+__kdb2_bt_new
+__kdb2_bt_open
+__kdb2_bt_pgin
+__kdb2_bt_pgout
+__kdb2_bt_put
+__kdb2_bt_relink
+__kdb2_bt_ret
+__kdb2_bt_search
+__kdb2_bt_seq
+__kdb2_bt_setcur
+__kdb2_bt_split
+__kdb2_bt_stat
+__kdb2_bt_sync
+__kdb2_call_hash
+__kdb2_cursor_creat
+__kdb2_dbpanic
+__kdb2_delete_page
+__kdb2_delpair
+__kdb2_expand_table
+__kdb2_find_bigpair
+__kdb2_free_ovflpage
+__kdb2_get_bigkey
+__kdb2_get_item
+__kdb2_get_item_done
+__kdb2_get_item_first
+__kdb2_get_item_next
+__kdb2_get_item_reset
+__kdb2_get_page
+__kdb2_hash_open
+__kdb2_ibitmap
+__kdb2_log2
+__kdb2_new_page
+__kdb2_ovfl_delete
+__kdb2_ovfl_get
+__kdb2_ovfl_put
+__kdb2_pgin_routine
+__kdb2_pgout_routine
+__kdb2_put_page
+__kdb2_rec_close
+__kdb2_rec_delete
+__kdb2_rec_dleaf
+__kdb2_rec_fd
+__kdb2_rec_fmap
+__kdb2_rec_fpipe
+__kdb2_rec_get
+__kdb2_rec_iput
+__kdb2_rec_open
+__kdb2_rec_put
+__kdb2_rec_ret
+__kdb2_rec_search
+__kdb2_rec_seq
+__kdb2_rec_sync
+__kdb2_rec_vmap
+__kdb2_rec_vpipe
+__kdb2_split_page
+kdb2_dbm_clearerr
+kdb2_dbm_close
+kdb2_dbm_delete
+kdb2_dbm_dirfno
+kdb2_dbm_error
+kdb2_dbm_fetch
+kdb2_dbm_firstkey
+kdb2_dbm_nextkey
+kdb2_dbm_open
+kdb2_dbm_store
+kdb2_dbminit
+kdb2_dbopen
+kdb2_delete
+kdb2_fetch
+kdb2_firstkey
+kdb2_hcreate
+kdb2_hdestroy
+kdb2_hsearch
+kdb2_mpool_close
+kdb2_mpool_delete
+kdb2_mpool_filter
+kdb2_mpool_get
+kdb2_mpool_new
+kdb2_mpool_open
+kdb2_mpool_put
+kdb2_mpool_stat
+kdb2_mpool_sync
+kdb2_nextkey
+kdb2_store
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/Makefile.inc
new file mode 100644
index 00000000..f85cba1f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/Makefile.inc
@@ -0,0 +1,7 @@
+#       @(#)Makefile.inc	8.2 (Berkeley) 11/14/94
+
+.PATH: ${.CURDIR}/db/man
+
+MAN3+=	db_btree.0 db_hash.0 db_lock.0 db_log.0 db_mpool.0 db_open.0 \
+	db_recno.0
+MLINKS+=db_open.3 db.3 db_open.3 dbopen.3
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db.man.ps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db.man.ps
new file mode 100644
index 00000000..23feea6e
Binary files /dev/null and b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db.man.ps differ
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_btree.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_btree.3
new file mode 100644
index 00000000..25e289f3
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_btree.3
@@ -0,0 +1,246 @@
+.\" Copyright (c) 1990, 1993, 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_btree.3	8.11 (Berkeley) 8/1/95
+.\"
+.TH DB_BTREE 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_btree \- btree database access method
+.SH DESCRIPTION
+.so db.so
+.GN
+specific details of the btree access method.
+.PP
+The btree data structure is a sorted, balanced tree structure storing
+associated key/data pairs.
+Searches, insertions, and deletions in the btree will all complete in
+O lg base N where base is the average fill factor.
+Often, inserting ordered data into btrees results in a low fill factor.
+This implementation has been modified to make ordered insertion the best
+case, resulting in a much better than normal page fill factor.
+.SH "ACCESS METHOD SPECIFIC INFORMATION"
+The btree access method specific data structure provided to
+.I db_open
+is typedef'd and named BTREEINFO.
+A BTREEINFO structure has at least the following fields,
+which may be initialized before calling
+.IR db_open :
+.TP 5
+u_int cachesize;
+A suggested maximum size (in bytes) of the memory cache.
+This value is
+.B only
+advisory, and the access method will allocate more memory rather than fail.
+Since every search examines the root page of the tree, caching the most
+recently used pages substantially improves access time.
+In addition, physical writes are delayed as long as possible, so a moderate
+cache can reduce the number of I/O operations significantly.
+Obviously, using a cache increases (but only increases) the likelihood of
+corruption or lost data if the system crashes while a tree is being modified.
+If
+.I cachesize
+is 0 (no size is specified) a default cache is used.
+.TP 5
+int (*compare)(const DBT *, const DBT *);
+Compare is the key comparison function.
+It must return an integer less than, equal to, or greater than zero if the
+first key argument is considered to be respectively less than, equal to,
+or greater than the second key argument.
+The same comparison function must be used on a given tree every time it
+is opened.
+If
+.I compare
+is NULL (no comparison function is specified), the keys are compared
+lexically, with shorter keys considered less than longer keys.
+.TP 5
+u_long flags;
+The flag value is specified by
+.IR or 'ing
+any of the following values:
+.RS
+.TP 5
+R_DUP
+Permit duplicate keys in the tree, i.e. permit insertion if the key to be
+inserted already exists in the tree.
+The default behavior, as described in
+.IR db_open (3),
+is to overwrite a matching key when inserting a new key or to fail if
+the R_NOOVERWRITE flag is specified.
+The R_DUP flag is overridden by the R_NOOVERWRITE flag, and if the
+R_NOOVERWRITE flag is specified, attempts to insert duplicate keys into
+the tree will fail.
+.IP
+If the database contains duplicate keys, the order of retrieval of
+key/data pairs is undefined if the
+.I get
+function is used, however,
+.I seq
+function calls with the R_CURSOR flag set will always return the logical
+``first'' of any group of duplicate keys.
+.RE
+.TP 5
+int lorder;
+The byte order for integers in the stored database metadata.
+The number should represent the order as an integer; for example, 
+big endian order would be the number 4,321.
+If
+.I lorder
+is 0 (no order is specified) the current host order is used.
+.TP 5
+int maxkeypage;
+The maximum number of keys which will be stored on any single page.
+This functionality is not currently implemented.
+.\" The maximum number of keys which will be stored on any single page.
+.\" Because of the way the btree data structure works,
+.\" .I maxkeypage
+.\" must always be greater than or equal to 2.
+.\" If
+.\" .I maxkeypage
+.\" is 0 (no maximum number of keys is specified) the page fill factor is
+.\" made as large as possible (which is almost invariably what is wanted).
+.TP 5
+int minkeypage;
+The minimum number of keys which will be stored on any single page.
+This value is used to determine which keys will be stored on overflow
+pages, i.e. if a key or data item is longer than the pagesize divided
+by the minkeypage value, it will be stored on overflow pages instead
+of in the page itself.
+If
+.I minkeypage
+is 0 (no minimum number of keys is specified) a value of 2 is used.
+.TP 5
+size_t (*prefix)(const DBT *, const DBT *);
+Prefix is the prefix comparison function.
+If specified, this function must return the number of bytes of the second key
+argument which are necessary to determine that it is greater than the first
+key argument.
+If the keys are equal, the key length should be returned.
+Note, the usefulness of this function is very data dependent, but, in some
+data sets can produce significantly reduced tree sizes and search times.
+If
+.I prefix
+is NULL (no prefix function is specified),
+.B and
+no comparison function is specified, a default lexical comparison function
+is used.
+If
+.I prefix
+is NULL and a comparison function is specified, no prefix comparison is
+done.
+.TP 5
+u_int psize;
+Page size is the size (in bytes) of the pages used for nodes in the tree.
+The minimum page size is 512 bytes and the maximum page size is 64K.
+If
+.I psize
+is 0 (no page size is specified) a page size is chosen based on the
+underlying file system I/O block size.
+.PP
+If the file already exists (and the O_TRUNC flag is not specified), the
+values specified for the parameters flags, lorder and psize are ignored
+in favor of the values used when the tree was created.
+.SH "DB OPERATIONS"
+The functions returned by
+.I db_open
+for the btree access method are as described in
+.IR db_open (3),
+with the following exceptions and additions:
+.TP 5
+type
+The type is DB_BTREE.
+.TP 5
+del
+Space freed up by deleting key/data pairs from the tree is never reclaimed,
+although it is reused where possible.
+This means that the btree storage structure is grow-only.
+The only solutions are to avoid excessive deletions, or to create a fresh
+tree periodically from a scan of an existing one.
+.TP 5
+put
+The
+.I put
+function takes the following additional flags:
+.RS
+.TP 5
+R_SETCURSOR
+Store the key/data pair, setting or initializing the position of the
+cursor to reference it.
+.RE
+.TP 5
+seq
+Forward sequential scans of a tree are from the least key to the greatest.
+.IP
+The returned key for the
+.I seq
+function is not necessarily an exact match for the specified key in
+the btree access method.
+The returned key is the smallest key greater than or equal to the
+specified key, permitting partial key matches and range searches.
+.IP
+The
+.I seq
+function takes the following additional flags:
+.RS
+.TP 5
+R_LAST
+The last key/data pair of the database is returned, and the cursor
+is set or initialized to reference it.
+.TP 5
+R_PREV
+Retrieve the key/data pair immediately before the cursor.
+If the cursor is not yet set, this is the same as the R_LAST flag.
+.RE
+.SH ERRORS
+The
+.I btree
+access method functions may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR db_open (3).
+.SH "SEE ALSO"
+.IR db_hash (3),
+.IR db_lock (3),
+.IR db_log (3),
+.IR db_mpool (3),
+.IR db_open (3),
+.IR db_recno (3),
+.IR db_txn (3)
+.sp
+.IR "The Ubiquitous B-tree" ,
+Douglas Comer, ACM Comput. Surv. 11, 2 (June 1979), 121-138.
+.sp
+.IR "Prefix B-trees" ,
+Bayer and Unterauer, ACM Transactions on Database Systems, Vol. 2, 1
+(March 1977), 11-26.
+.sp
+.IR "The Art of Computer Programming Vol. 3: Sorting and Searching" , 
+D.E. Knuth, 1968, pp 471-480.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_hash.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_hash.3
new file mode 100644
index 00000000..adb88fca
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_hash.3
@@ -0,0 +1,138 @@
+.\" Copyright (c) 1990, 1993, 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_hash.3	8.13 (Berkeley) 8/1/95
+.\"
+.TH DB_HASH 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_hash \- hash database access method
+.SH DESCRIPTION
+.so db.so
+.GN
+specific details of the hashing access method.
+.PP
+The hash data structure is an extensible, dynamic hashing scheme.
+Backward compatible interfaces to the functions described in
+.IR dbm (3),
+and
+.IR ndbm (3)
+are provided, however these interfaces are not compatible with
+previous file formats.
+.SH "ACCESS METHOD SPECIFIC INFORMATION"
+The hash access method specific data structure provided to
+.I db_open
+is typedef'd and named HASHINFO.
+A HASHINFO structure has at least the following fields,
+which may be initialized before calling
+.IR db_open :
+.TP 5
+u_int bsize;
+.I Bsize
+defines the hash table bucket size, and is, by default, 256 bytes.
+It may be preferable to increase the page size for disk-resident tables
+and tables with large data items.
+.TP 5
+u_int cachesize;
+A suggested maximum size, in bytes, of the memory cache.
+This value is
+.B only
+advisory, and the access method will allocate more memory rather
+than fail.
+.TP 5
+u_int ffactor;
+.I Ffactor
+indicates a desired density within the hash table.
+It is an approximation of the number of keys allowed to accumulate in any
+one bucket, determining when the hash table grows or shrinks.
+The default value is 8.
+.TP 5
+u_int32_t (*hash)(const void *, size_t);
+.I Hash
+is a user defined hash function.
+Since no hash function performs equally well on all possible data, the
+user may find that the built-in hash function does poorly on a particular
+data set.
+User specified hash functions must take two arguments (a pointer to a byte
+string and a length) and return a 32-bit quantity to be used as the hash
+value.
+.IP
+If a hash function is specified,
+.I hash_open
+will attempt to determine if the hash function specified is the same as
+the one with which the database was created, and will fail if it is not.
+.TP 5
+int lorder;
+The byte order for integers in the stored database metadata.
+The number should represent the order as an integer; for example, 
+big endian order would be the number 4,321.
+If
+.I lorder
+is 0 (no order is specified) the current host order is used.
+If the  file already exists, the specified value is ignored and the
+value specified when the tree was created is used.
+.TP 5
+u_int nelem;
+.I Nelem
+is an estimate of the final size of the hash table.
+If not set or set too low, hash tables will expand gracefully as keys
+are entered, although a slight performance degradation may be noticed.
+The default value is 1.
+.PP
+If the file already exists (and the O_TRUNC flag is not specified), the
+values specified for the parameters bsize, ffactor, lorder and nelem are
+ignored and the values specified when the tree was created are used.
+.SH "DB OPERATIONS"
+The functions returned by
+.I db_open
+for the hash access method are as described in
+.IR db_open (3).
+.SH ERRORS
+The
+.I hash
+access method functions may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR db_open (3).
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_lock (3),
+.IR db_log (3),
+.IR db_mpool (3),
+.IR db_open (3),
+.IR db_recno (3),
+.IR db_txn (3)
+.sp
+.IR "Dynamic Hash Tables" ,
+Per-Ake Larson, Communications of the ACM, April 1988.
+.sp
+.IR "A New Hash Package for UNIX" ,
+Margo Seltzer, USENIX Proceedings, Winter 1991.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_lock.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_lock.3
new file mode 100644
index 00000000..b18a38c6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_lock.3
@@ -0,0 +1,462 @@
+.\" Copyright (c) 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_lock.3	8.14 (Berkeley) 8/1/95
+.\"
+.TH DB_LOCK 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_lock \- general purpose lock manager
+.SH SYNOPSIS
+.nf
+.ft B
+#include <db_lock.h>
+
+int
+lock_create(const char *path, mode_t mode,
+.ti +5
+int lock_modes, const int8_t conflicts[][], u_int maxlocks);
+
+LOCK_TABLE_T *
+lock_open(const char *path);
+
+int
+lock_vec(LOCK_TABLE_T *lt, DBT *locker, struct timespec *timeout,
+.ti +5
+LOCK_REQ_T list[], int nlist, LOCK_REQ_T **elistp, DBT *conflict);
+
+int
+lock_get(LOCK_TABLE_T *lt, const DBT *locker,
+.ti +5
+const DBT *obj, const lock_mode_t lock_mode, LOCK_T **lockp);
+
+int
+lock_put(LOCK_T *lockp);
+
+int
+lock_close(LOCK_TABLE_T *lt);
+
+int
+lock_unlink(const char *path, int force);
+.ft R
+.fi
+.SH DESCRIPTION
+.so db.so
+.GN
+specific details of the locking interface.
+.PP
+.I Db_lock
+is the library interface intended to provide general-purpose locking. 
+While designed to work with the other DB functions, these functions are
+also useful for more general locking purposes.
+Locks can be shared between processes.
+.PP
+.CR "lock table" lock
+.PP
+The parameter
+.I lock_modes
+is the number of lock modes to be recognized by the lock table
+(including the ``not-granted'' mode).
+The parameter
+.I conflicts
+is an
+.I lock_modes
+by
+.I lock_modes
+array.
+A non-0 value for:
+.sp
+.ti +5
+conflicts[requested_mode][held_mode]
+.sp
+indicates that
+.I requested_mode
+and
+.I held_mode
+conflict.
+The ``not-granted'' mode must be represented by 0.
+.PP
+The include file <db_lock.h> declares two commonly used conflict arrays:
+.TP 5
+int lock_sx_n;
+.br
+.ns
+.TP 5
+const int8_t lock_sx_c[lock_sx_n][lock_sx_n];
+These variables specify a conflict array
+for a simple scheme using shared and exclusive lock modes.
+.TP 5
+int lock_g_n;
+.br
+.ns
+.TP 5
+const int8_t lock_g_c[lock_g_n][lock_g_n];
+These variables specify a conflict array that involves various intent
+lock modes (e.g. intent shared) that are used for multigranularity locking.
+.PP
+In addition,
+<db_lock.h> defines the following macros that name lock modes for use with
+the standard tables above:
+.RS
+.TP 5
+LOCK_IS
+intent shared
+.br
+.ns
+.TP 5
+LOCK_IX
+intent exclusive
+.br
+.ns
+.TP 5
+LOCK_NG
+not granted (always 0)
+.br
+.ns
+.TP 5
+LOCK_S
+shared
+.br
+.ns
+.TP 5
+LOCK_SIX
+shared/intent exclusive
+.br
+.ns
+.TP 5
+LOCK_X
+exclusive
+.RE
+.PP
+.I Maxlocks
+is the maximum number of locks to be held or requested in the table,
+and is used by
+.I lock_create
+to estimate how much space to allocate for various lock-table data
+structures.
+.PP
+.RT lock_create
+.PP
+.OP "lock table" lock
+.PP
+The function
+.I lock_vec
+atomically obtains and releases one or more locks from the designated
+table.
+The function
+.I lock_vec
+is intended to support acquisition or trading of multiple locks
+under one lock table semaphore, as is needed for lock coupling or
+in multigranularity locking for lock escalation.
+.PP
+If any of the requested locks cannot be acquired
+or any of the locks to be released cannot be released,
+no locks are acquired and no locks are released, and
+.I lock_vec
+returns an error.
+The function
+.I lock_vec
+returns 0 on success.
+If an error occurs,
+.I lock_vec
+returns one of the following values.
+In addition, if
+.I elistp
+is not NULL, it is set to point to the LOCK_REQ_T entry which
+was being processed when the error occurred.
+.TP 5
+LOCK_GET_DEADLOCK
+The specified
+.I locker
+was selected as a victim in order to resolve a deadlock.
+In this case, if the
+.I conflict
+argument is non-NULL, it is set to reference the identity of a
+locker holding the lock referenced by
+.I elistp
+at the time the request was denied.
+(This identity resides in static memory and may be overwritten by
+subsequent calls to
+.IR lock_vec ).
+.TP 5
+LOCK_GET_ERROR
+An error occurred and the external variable
+.I errno
+has been set to indicate the error.
+.TP 5
+LOCK_GET_NOTHELD
+The lock cannot be released, as it was not held by the
+.IR locker .
+.TP 5
+LOCK_GET_RESOURCE
+The lock manager is unable to grant the requested locks because of
+limited internal resources.
+(Releasing locks may allow future calls to
+.I lock_vec
+to succeed.)
+.TP 5
+LOCK_GET_TIMEOUT
+A timeout argument was specified, and the requested locks were not
+available soon enough.
+In this case, if the
+.I conflict
+argument is non-NULL, it is set to reference the identity of a
+locker holding the lock referenced by
+.I elistp
+at the time the request was denied.
+(This identity resides in static memory and may be overwritten by
+subsequent calls to
+.IR lock_vec ).
+.PP
+The
+.I locker
+argument specified to
+.I lock_vec
+is a pointer to an untyped byte string which identifies the entity
+requesting or releasing the lock.
+If
+.I locker
+is NULL, the calling process' pid is used instead.
+.PP
+The
+.I timeout
+argument provided to
+.I lock_vec
+specifies a maximum interval to wait for the locks to be granted.
+If
+.I timeout
+is NULL, it is ignored, and
+.I lock_vec
+will not return until all of the locks are acquired or an error has
+occurred.
+.PP
+The
+.I list
+array provided to 
+.I lock_vec
+is typedef'd in <db_lock.h> as LOCK_REQ_T.
+A LOCK_REQ_T structure has at least the following fields,
+which must be initialized before calling
+.IR lock_vec :
+.TP 5
+enum lockop op;
+The operation to be performed, which must be set to one of the
+following values:
+.RS
+.TP 5
+LOCK_GET
+Get a lock, as defined by the values of
+.IR locker ,
+.I obj
+and
+.IR lock_mode .
+Upon return from
+.IR lock_vec ,
+if the
+.I lockp
+field is non-NULL, a reference to the acquired lock is stored there.
+(This reference is invalidated by any call to
+.I lock_vec
+or
+.I lock_put
+which releases the lock.)
+.TP 5
+LOCK_PUT
+The lock referenced by the contents of the
+.I lockp
+field is released.
+.TP 5
+LOCK_PUT_ALL
+All locks held by the
+.I locker
+are released.
+(Any locks acquired as a part of the current call to
+.I lock_vec
+are not considered for this operation).
+.TP 5
+LOCK_PUT_OBJ
+All locks held by the
+.IR locker ,
+on the object
+.IR obj ,
+with the mode specified by
+.IR lock_mode ,
+are released.
+A
+.I lock_mode
+of LOCK_NG indicates that all locks on the object should be released.
+(Any locks acquired as a part of the current call to
+.I lock_vec
+are not considered for this operation).
+.RE
+.TP 5
+const DBT obj;
+An untyped byte string which specifies the object to be locked or
+released.
+.TP 5
+const lock_mode_t lock_mode;
+The lock mode, used as an index into
+.IR lt 's
+conflict array.
+.TP 5
+LOCK_T **lockp;
+A pointer to a pointer to a lock reference.
+.PP
+The
+.I nlist
+argument specifies the number of elements in the
+.I list
+array.
+.PP
+The function
+.I lock_get
+is a simple interface to the
+.I lock_vec
+functionality, and is equivalent to calling the
+.I lock_vec
+function with the
+.I lt
+and
+.I locker
+arguments, NULL
+.IR timeout , 
+.I elistp
+and
+.I conflict
+arguments, and a single element
+.I list
+array, for which the
+.I op
+field is LOCK_GET, and the
+.IR obj ,
+.I lock_mode
+and
+.I lockp
+fields are represented by the arguments of the same name.
+Note that the type of the
+.I obj
+argument to
+.I lock_get
+is different from the
+.I obj
+element found in the LOCK_REQ_T structure.
+The
+.I lock_get
+function returns success and failure as described for the
+.I lock_vec
+function.
+.PP
+The function
+.I lock_put
+is a simple interface to the
+.I lock_vec
+functionality, and is equivalent to calling the
+.I lock_vec 
+function with a single element
+.I list
+array, for which the
+.I op
+field is LOCK_PUT and the
+.I lockp
+field is represented by the argument of the same name.
+Note that the type of the
+.I lockp
+argument to
+.I lock_put
+is different from the
+.I lockp
+element found in the LOCK_REQ_T structure.
+The
+.I lock_put
+function returns success and failure as described for the
+.I lock_vec
+function.
+.PP
+The function
+.I lock_close
+disassociates the calling process from the lock table
+.IR lt ,
+after releasing all locks held or requested by that process.
+.RT lock_close
+.PP
+.UN "lock table" lock
+.SH "ERRORS"
+The
+.I lock_create
+function may fail and set
+.I errno
+for any of the errors specified for the library routines
+.IR mmap (2),
+.IR open (2)
+and
+.IR malloc (3).
+.PP
+The
+.I lock_open
+function may fail and set
+.I errno
+for any of the errors specified for the library routine
+.IR mmap (2)
+and
+.IR open (2).
+.PP
+The
+.I lock_close
+function may fail and set
+.I errno
+for any of the errors specified for the library routine
+.IR close (2)
+and
+.IR munmap (2).
+.PP
+The
+.I lock_unlink
+function may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR unlink (2)
+or the following:
+.TP 5
+[EBUSY]
+The lock table was in use and the force flag was not set.
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_log (3),
+.IR db_mpool (3),
+.IR db_open (3),
+.IR db_recno (3),
+.IR db_txn (3)
+.SH BUGS
+The
+.I maxlocks
+parameter is a kluge, and should be deleted in favor of dynamically
+expanding the lock table.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_log.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_log.3
new file mode 100644
index 00000000..34c4d1f5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_log.3
@@ -0,0 +1,290 @@
+.\" Copyright (c) 1990, 1993, 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_log.3	8.15 (Berkeley) 8/3/95
+.\"
+.TH DB_LOG 3 "August 3, 1995"
+.UC 7
+.SH NAME
+db_log \- log-manager access method
+.SH DESCRIPTION
+.so db.so
+.GN
+specific details of the logging access method.
+.PP
+These functions provide a general-purpose logging facility sufficient
+for transaction management.
+Logs can be shared by multiple processes.
+.PP
+A log is represented by the directory,
+.IR "not the file" ,
+named by the first argument to
+.IR db_open (3).
+The first argument must be non-NULL,
+and the directory must already exist
+.I db_open
+is called.
+In that directory, the log is stored in one or more files named
+in the format ``log.YYYY.MM.DD.HH.MM.SS'', where ``YYYY.MM.DD.HH.SS''
+is the approximate creation time of the log file, and is guaranteed
+to be unique in the directory.
+.PP
+The group of the created files is based on the system and directory
+defaults, and is not further specified by the log access method.
+All files are created with the
+.I mode
+specified to
+.IR db_open ,
+(as described in
+.IR chmod (2))
+and modified by the process' umask value (see
+.IR umask (2)).
+.PP
+The
+.I flags
+argument to
+.I db_open
+must be 0 for the
+.I db_log
+access method.
+.SH "ACCESS METHOD SPECIFIC INFORMATION"
+The log access method specific data structure provided to
+.I db_open
+is typedef'd and named LOGINFO.
+A LOGINFO structure has at least the following fields,
+which may be initialized before calling
+.IR db_open :
+.TP 5
+off_t max_file_size;
+The maximum size of a single file in the log.
+If not specified, the maximum size defaults to an implementation-specific
+value.
+.TP 5
+int lorder;
+The byte order for integers in the stored database metadata.
+The number should represent the order as an integer; for example, 
+big endian order would be the number 4,321.
+If
+.I lorder
+is 0 (no order is specified) the current host order is used.
+.PP
+If the log already exists, the values specified for the parameters
+max_file_size and lorder are ignored in favor of the values used
+when the log was created.
+.SH "DB OPERATIONS"
+The data part of the key/data pair used by the log access method
+is the same as for other access methods.
+The key is different.
+Each log record is identified by a log sequence number (LSN),
+which is stored in a DBT, and which is used as the
+.I key
+for all log functions that take
+.I key
+arguments.
+Applications cannot create LSN's, and all LSN's provided to functions
+as arguments must first be retrieved using the
+.I put
+or
+.I seq
+functions.
+To provide a distinguished value for applications, it is guaranteed that
+no valid LSN will ever have a size of 0.
+.PP
+Applications can compare LSN's using the
+.I log_lsn_compare
+function (see below).
+.PP
+Applications can associate LSN's with specific log files.
+The function
+.I log_lsn_file
+(see below), returns the name of the log file containing the
+record with a specified LSN.
+(The mapping of LSN to file is needed for database administration.
+For example, a transaction manager typically records the earliest LSN
+needed for restart, and the database administrator may want to archive
+log files to tape when they contain only LSN's before the earliest one
+needed for restart.)
+.PP
+Applications can truncate the log file up to a specific LSN using the 
+.I log_trunc
+function (see below).
+.PP
+The functions returned by
+.I db_open
+for the log access method are as described in
+.IR db_open ,
+with the following exceptions and additions:
+.TP 5
+type
+The type is DB_LOG.
+.TP 5
+del
+The
+.I del
+function always returns an error for the log-manager access method,
+setting
+.I errno
+to EINVAL.
+.TP 5
+int (*log_flush)(const DB *db, const DBT *lsn);
+The
+.I log_flush
+function flushes the log up to and including the log record
+.IR lsn .
+.RT log_flush
+.TP 5
+int (*log_lsn_compare)(const DB *,
+.ti +5
+const DBT *lsn1, const DBT *lsn2);
+A pointer to a function which is provided to permit applications to
+compare LSN's.
+The
+.I log_lsn_compare
+function returns an integer less than, equal to, or greater than zero
+if the first LSN is considered to be respectively less than, equal to,
+or greater than the second LSN.
+.TP 5
+int (*log_lsn_file)(const DB *db,
+.ti +5
+const DBT *lsn, char *name);
+.br
+The
+.I log_lsn_file
+function stores a pointer to the name of the file containing
+.I lsn
+in the address referenced by
+.IR name.
+This pointer is to an internal static object, and subsequent calls to
+the same function will modify the same object.
+.IP
+.RT log_lsn_file
+.TP 5
+int (*log_unlink)(const char *path, int force);
+The
+.I log_unlink
+function destroys the log represented by
+.IR path .
+If the
+.I force
+parameter is not set to 1 and there are other processes using the
+log, then
+.I log_unlink
+will return -1, setting
+.IR errno
+to EBUSY.
+If
+.I force is not set or there are no processes using the log, then all files
+used by the log are destroyed.
+.I log_unlink
+will return -1 on failure, setting
+.IR errno ,
+and 0 on success.
+.TP 5
+int (*log_trunc)(const DB *db, const DBT *lsn);
+The
+.I log_trunc
+function truncates the log up to an LSN which is less than
+.IR lsn .
+.RT log_trunc
+.TP 5
+put
+A log record containing
+.I data
+is appended to the log.
+Unlike the
+.I put
+functions for other access methods, the key parameter is not initialized
+by the application, instead, the LSN assigned to the data is returned in
+the
+.I key
+parameter.
+.IP
+The caller is responsible for providing any necessary structure to
+.I data .
+(For example, in a write-ahead logging protocol, the application must
+understand what part of
+.I data
+is an operation code, what part is redo information, and what part is
+undo information.
+In addition, most transaction managers will store in
+.I data
+the LSN of the previous log record for the same transaction,
+to support chaining back through the transaction's log records
+during undo.)
+.IP
+The parameter
+.I flag
+must be set to 0 or exactly one of the following values:
+.RS
+.TP 5
+R_CHECKPOINT
+Specify the key/data pair of the current call as the one to be returned
+when the
+.I seq
+function is next called with the R_CHECKPOINT flag.
+.TP 5
+R_FLUSH
+Flush immediately (ignoring any possibility for group commit).
+.RE
+.TP 5
+seq
+The
+.I seq
+function takes the following additional flag:
+.RS
+.TP 5
+R_CHECKPOINT
+The last key/data pair stored by the
+.I put
+function (using the R_CHECKPOINT flag) is returned,
+and the cursor is set or initialized to reference it.
+The expected use of this flag is during restart and to determine what
+part of the log must be available for restart.
+Therefore, the log record retrieved with R_CHECKPOINT should contain
+all the information that the transaction manager will need for this
+purpose.
+.RE
+.TP 5
+sync
+The
+.I sync
+function always returns an error for the log-manager access method,
+setting
+.I errno
+to EINVAL.
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_lock (3),
+.IR db_mpool (3),
+.IR db_open (3),
+.IR db_recno (3),
+.IR db_txn (3)
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_mpool.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_mpool.3
new file mode 100644
index 00000000..4b683b61
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_mpool.3
@@ -0,0 +1,403 @@
+.\" Copyright (c) 1990, 1993, 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_mpool.3	8.14 (Berkeley) 8/1/95
+.\"
+.TH DB_MPOOL 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_mpool \- general purpose shared memory buffer pool
+.SH SYNOPSIS
+.nf
+.ft B
+#include <db.h>
+#include <mpool.h>
+
+int
+mpool_create(char *path, mode_t mode, size_t cachesize, u_long flags);
+
+MPOOL *
+mpool_open(char *path);
+
+int
+mpool_close(MPOOL *mp);
+
+MPOOLFILE *
+mpool_fopen(MPOOL *mp, char *path, size_t pagesize, void *pgcookie,
+.ti +5
+int (*pgin)(MPOOLFILE *mpf,
+.ti +8
+pgno_t pgno, void *pgaddr, void *pgcookie),
+.ti +5
+int (*pgout)(MPOOLFILE *mpf,
+.ti +8
+pgno_t pgno, void *pgaddr, void *pgcookie);
+
+int
+mpool_fclose(MPOOLFILE *mpf);
+
+void *
+mpool_get(MPOOLFILE *mpf, pgno_t *pgnoaddr, u_long flags,
+.ti +5
+int (*callback)(MPOOLFILE *mpf, pgno_t pgno));
+
+int
+mpool_put(MPOOLFILE *mpf, void *pgaddr, u_long flags);
+
+int
+mpool_sync(MPOOLFILE *mpf);
+
+int
+mpool_unlink(const char *path, int force);
+
+void
+mpool_stat(MPOOL *mp, FILE *fp);
+.ft R
+.fi
+.SH DESCRIPTION
+.so db.so
+.GN
+specific details of the memory pool interface.
+.PP
+The
+.I db_mpool
+function is the library interface intended to provide general-purpose,
+page-oriented buffer management of one or more files.
+While designed to work with the other DB functions, these functions are
+also useful for more general purposes.
+The memory pools (MPOOL's) are referred to in this document as
+simply ``pools''.
+Pools may be shared between processes.
+Pools are usually filled by pages from one or more files (MPOOLFILE's).
+Pages in the pool are replaced in LRU (least-recently-used) order,
+with each new page replacing the page which has been unused the longest.
+Pages retrieved from the pool using
+.I mpool_get
+are ``pinned'' in memory, by default,
+until they are returned to the pool using the
+.I mpool_put
+function.
+.PP
+.CR "memory pool" mpool
+.PP
+The
+.I cachesize
+argument specifies the size of the pool in bytes,
+and should be the size of the normal working set of the application with
+some small amount of additional memory for unusual situations.
+If the number of bytes currently ``pinned'' in memory exceeds
+.IR cachesize ,
+the
+.I db_mpool
+functions will attempt to allocate more memory and do not necessarily fail,
+although they may suffer performance degradation.
+.PP
+The
+.I flags
+argument is set by
+.IR or 'ing
+any of the following values:
+.TP
+MPOOL_PRIVATE
+The pool is not shared by other processes or threads,
+so no locking of pool resources is required.
+.PP
+.OP "memory pool" mpool
+.PP
+The
+.I mpool_close
+function closes the pool indicated by the MPOOL pointer
+.IR mp ,
+as returned by
+.IR mpool_open .
+This function does
+.B not
+imply a call to
+.I mpool_sync
+(or to
+.IR mpool_fclose )
+i.e. no pages are written to the source file as as a result of calling
+.IR mpool_close .
+.RT mpool_close
+.PP
+The function
+.I mpool_fopen
+opens a file for buffering in the pool specified by the MPOOL
+argument.
+The
+.I path
+argument is the name of the file to be opened.
+The
+.I pagesize
+argument is the size, in bytes, of the unit of transfer between the
+application and the pool, although not necessarily the unit of transfer
+between the pool and the source file.
+Applications not knowing the page size of the source file should
+retrieve the metadata from the file using a page size that is correct
+for the metadata, then close and reopen the file, or,
+otherwise determine the page size before calling
+.IR mpool_fopen .
+.PP
+If the
+.I pgin
+function is specified, it is called each time a page is read into
+the memory pool from the source file.
+If the
+.I pgout
+function is specified, it is called each time a page is written
+to the source file.
+Both functions are called with the MPOOLFILE pointer returned from
+.IR mpool_fopen ,
+the page number, a pointer to the page being read or written, and
+the argument
+.IR pgcookie .
+If either function fails, it should return non-zero and set
+.IR errno ,
+in which case the
+.I db_mpool
+function calling it will also fail, leaving
+.I errno
+intact.
+.PP
+The
+.I mpool_fclose
+function closes the source file indicated by the MPOOLFILE pointer
+.IR mpf .
+This function does
+.B not
+imply a call to
+.IR mpool_sync ,
+i.e. no pages are written to the source file as as a result of calling
+.IR mpool_fclose .
+.RT mpool_fclose
+.\"
+.\".PP
+.\"int
+.\"mpool_fd (MPOOLFILE *mpf);
+.\"
+.\".PP
+.\"The function
+.\".I mpool_fd
+.\"takes an MPOOLFILE pointer and returns the file descriptor being
+.\"used to read/write that file
+.\"to/from the pool.
+.PP
+The function
+.I mpool_get
+returns a pointer to the page with the page number specified by
+.IR pgnoaddr ,
+from the source file specified by the MPOOLFILE pointer
+.IR mpf .
+If the page does not exist or cannot be retrieved,
+.I mpool_get
+returns NULL and sets errno.
+.PP
+The
+.I flags
+argument is set by 
+.IR or 'ing
+any of the following values:
+.TP 5
+MPOOL_CALLBACK
+After the page number has been determined, but before any other
+process or thread can access the page, the function specified by
+the
+.I callback
+argument is called.
+If the function fails, it should return non-zero and set
+.IR errno ,
+in which case
+.I mpool_get
+will also fail, leaving
+.I errno
+intact.
+The
+.I callback
+function is called with the MPOOLFILE pointer returned from
+.I mpool_fopen
+and the page number.
+This functionality is commonly used when page locking is required,
+but the page number of the page being retrieved is not known.
+.TP 5
+MPOOL_CREATE
+If the specified page does not exist, create it.
+.TP 5
+MPOOL_LAST
+Return the last page of the source file and copy its page number
+to the location referenced by
+.IR pgnoaddr .
+.TP 5
+MPOOL_NEW
+Create a new page in the file and copy its page number to the location
+referenced by
+.IR pgnoaddr .
+.TP 5
+MPOOL_NOPIN
+Don't pin the page into memory.
+(This flag is intended for debugging purposes, when it's often useful
+to examine pages which are currently held by other parts of the
+application.
+Pages retrieved in this manner don't need to be returned to the
+memory pool, i.e. they should
+.B not
+be specified as arguments to the
+.IR mpool_put
+routine.)
+.PP
+Created pages have all their bytes set to 0.
+.PP
+All pages returned by
+.I mpool_get
+(unless the MPOOL_NOPIN flag is specified),
+will be retained (i.e. ``pinned'') in the pool until a subsequent
+call to
+.IR mpool_put .
+.PP
+The function
+.I mpool_put
+indicates that the page referenced by
+.I pgaddr
+can be evicted from the pool.
+.I Pgaddr
+must be an address previously returned by
+.IR mpool_get .
+.PP
+The flag value is specified by
+.IR or 'ing
+any of the following values:
+.TP 5
+MPOOL_DIRTY
+The page has been modified and must be written to the source file
+before being evicted from the pool.
+.TP 5
+MPOOL_DISCARD
+The page is unlikely to be useful in the near future, and should be
+discarded before other pages in the pool.
+.PP
+.RT mpool_put
+.PP
+The function
+.I mpool_sync
+writes all pages associated with the MPOOLFILE pointer
+.IR mpf ,
+which were specified as arguments to the
+.I mpool_put
+function with an associated flag of
+MPOOL_DIRTY,
+to the source file.
+.RT mpool_sync
+.PP
+.UN "memory pool" mpool
+.PP
+The function
+.I mpool_stat
+writes statistics for the memory pool
+.I mp
+to the file specified by
+.IR fp .
+These statistics include the number of files participating in the pool,
+the active pages in the pool, and numbers as to how effective the cache
+has been.
+.SH ERRORS
+The
+.IR mpool_create ,
+.I mpool_open
+and
+.I mpool_fopen
+functions may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR open (2),
+.IR read (2),
+and
+.IR malloc (3).
+.PP
+The
+.I mpool_close
+and
+.I mpool_fclose
+functions may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR close (2)
+and
+.IR free (3).
+.PP
+The
+.I mpool_get
+function may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR read (2),
+.IR write (2),
+and
+.IR malloc (3)
+or the following:
+.TP 5
+[EINVAL]
+The requested page does not exist and MPOOL_CREATE was not set.
+.PP
+The
+.I mpool_put
+function may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR write (2)
+or the following:
+.TP 5
+[EACCES]
+The source file was not opened for writing.
+.PP
+The
+.I mpool_sync
+function may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR write (2).
+.PP
+The
+.I mpool_unlink
+function may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR unlink (2)
+or the following:
+.TP 5
+[EBUSY]
+The memory pool was in use and the force flag was not set.
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_lock (3),
+.IR db_log (3),
+.IR db_open (3),
+.IR db_recno (3),
+.IR db_txn (3)
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_open.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_open.3
new file mode 100644
index 00000000..f988ef92
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_open.3
@@ -0,0 +1,574 @@
+.\" Copyright (c) 1990, 1993, 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_open.3	8.15 (Berkeley) 8/1/95
+.\"
+.TH DB_OPEN 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_open \- database access methods
+.SH SYNOPSIS
+.nf
+.ft B
+#include <db.h>
+
+DB *
+db_open(const char *file, int flags, int mode,
+.ti +5
+DBTYPE type, DBINFO *dbinfo, const void *openinfo);
+.ft R
+.fi
+.SH DESCRIPTION
+.so db.so
+.GN
+the overall structure of the available access methods.
+.PP
+The currently supported file formats are btree, hashed, log and recno
+(i.e. flat-file oriented).
+The btree format is a representation of a sorted, balanced tree structure.
+The hashed format is an extensible, dynamic hashing scheme.
+The log format is a general-purpose logging facility.
+The recno format is a byte stream file with fixed or variable length
+records.
+The formats and other, format specific information are described in detail
+in their respective manual pages:
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_log (3),
+and
+.IR db_recno (3).
+.PP
+Db_open opens
+.I file
+for reading and/or writing.
+Files never intended to be preserved on disk may be created by setting
+the file parameter to NULL.
+(Note, while most of the access methods use
+.I file
+as the name of an underlying file on disk, this is not guaranteed.
+See the manual pages for the individual access methods for more
+information.)
+.PP
+The
+.I flags
+and
+.I mode arguments
+are as specified to the
+.IR open (2)
+function, however, only the O_CREAT, O_EXCL, O_EXLOCK, O_NONBLOCK,
+O_RDONLY, O_RDWR, O_SHLOCK and O_TRUNC flags are meaningful.
+(Note, opening a database file O_WRONLY is not possible.)
+.\"Three additional options may be specified by
+.\".IR or 'ing
+.\"them into the
+.\".I flags
+.\"argument.
+.\".TP
+.\"DB_LOCK
+.\"Do the necessary locking in the database to support concurrent access.
+.\"If concurrent access isn't needed or the database is read-only this
+.\"flag should not be set, as it tends to have an associated performance
+.\"penalty.
+.\".TP
+.\"DB_SHMEM
+.\"Place the underlying memory pool used by the database in shared
+.\"memory.
+.\"Necessary for concurrent access.
+.\".TP
+.\"DB_TXN
+.\"Support transactions in the database.
+.\"The DB_LOCK and DB_SHMEM flags must be set as well.
+.PP
+The
+.I type
+argument is of type DBTYPE (as defined in the <db.h> include file) and
+may be set to DB_BTREE, DB_HASH, DB_LOG or DB_RECNO.
+.PP
+The
+.I dbinfo 
+argument is a pointer to a structure containing references to locking,
+logging, transaction, and shared-memory buffer pool information.
+If 
+.I dbinfo
+is NULL, then the access method may still use these subsystems,
+but the usage will be private to the application and managed by DB.
+If
+.I dbinfo
+is non-NULL,
+then the module referenced by each of the non-NULL fields is used by DB
+as necessary.
+The fields of the DBINFO structure are defined as follows:
+.TP 5
+const char *errpfx;
+A prefix to prepend to error messages; used only if
+.I errfile
+is non-NULL.
+.TP 5
+FILE *errfile;
+The
+.IR stdio (3)
+file stream to which error messages are logged.
+.sp
+When any error occurs in the
+.I db_open
+function, or in any function called using a field of the returned DB
+structure, an error value is returned by the function,
+and the global variable
+.I errno
+is set appropriately.
+In some cases, however, the
+.I errno
+value may be insufficient to describe the cause of the error.
+In these cases, if
+.I errfile
+is non-NULL, additional error information will be written to the file
+stream it represents, preceded by the string, if any, specified by
+.IR errpfx .
+This error logging facility should not be required for normal operation,
+but may be useful in debugging applications.
+.TP 5
+char *errbuf;
+The buffer to which error messages are copied.
+If non-NULL,
+.I errbuf
+behaves as described for
+.IR errfile ,
+except that the
+.I errpfx
+field is ignored and the error message is copied into the specified
+buffer instead of being written to the FILE stream.
+The DB routines assume that the associated buffer is at least 1024 bytes
+in length.
+.TP 5
+LOCK_TABLE_T *lockinfo;
+If locking is required for the file being opened (as in the case of
+buffers being maintained in a shared memory buffer pool),
+the
+.I lockinfo
+field contains a return value from the function
+.I lock_open
+that should be used
+(see
+.IR db_lock (3)).
+If
+.I lockinfo
+is NULL, no locking is done.
+.TP 5
+DB *loginfo;
+If modifications to the file being opened should be logged, the
+.I loginfo
+field contains a return value from the function
+.IR dbopen ,
+when opening a DB file of type DB_LOG.
+If
+.I loginfo
+is NULL, no logging is done.
+.TP 5
+MPOOL *mpoolinfo;
+If the cache for the file being opened should be maintained in a shared
+buffer pool, the
+.I mpoolinfo
+field contains a return value from the function 
+.I mpool_open
+that should be used
+(see
+.IR db_mpool (3)).
+If
+.I mpoolinfo
+is NULL, a memory pool may still be created,
+but it will be private to the application and managed by DB.
+.TP 5
+TXNMGR *txninfo;
+If the accesses to the file being opened should take place in the context
+of transactions (providing atomicity and complete error recovery), the
+.I txninfo
+field contains a return value from the function
+.I txn_open
+(see
+.IR db_txn (3)).
+If transactions are specified,
+the application is responsible for making suitable calls to 
+.IR txn_begin ,
+.IR txn_abort ,
+and
+.IR txn_commit .
+If
+.I txninfo
+is NULL, no transaction support is done.
+.PP
+The
+.I openinfo
+argument is a pointer to an access method specific structure described
+in the access method's manual page.
+If
+.I openinfo
+is NULL, each access method will use defaults appropriate for the system
+and the access method.
+.SH "KEY/DATA PAIRS"
+Access to all access methods is based on key/data pairs.
+Both keys and data are represented by the following data structure:
+.PP
+typedef struct {
+.RS
+void *data;
+.br
+size_t size;
+.RE
+} DBT;
+.PP
+The elements of the DBT structure are defined as follows:
+.TP 5
+data
+A pointer to a byte string.
+.ns
+.br
+.TP 5
+size
+The length of
+.IR data ,
+in bytes.
+.PP
+Key and data byte strings may reference strings of essentially unlimited
+length, although any two of them must fit into available memory at the
+same time.
+.PP
+The access methods provide no guarantees about byte string alignment,
+and applications are responsible for maintaining any necessary alignment.
+.SH "DB OPERATIONS"
+.I Db_open
+returns a pointer to a DB structure (as defined in the <db.h> include file)
+on success, and NULL on error.
+The DB structure describes a database type, and includes a set of functions
+to perform various actions, as described below.
+Each of these functions takes a pointer to a DB structure, and may take
+one or more DBT *'s and a flag value as well.
+Individual access methods specify additional functions and flags which
+are specific to the method.
+The fields of the DB structure are as follows:
+.TP 5
+DBTYPE type;
+The type of the underlying access method (and file format).
+.TP 5
+int (*close)(const DB *db);
+A pointer to a function to flush any cached information to disk,
+free any allocated resources, and close any underlying files.
+Since key/data pairs are cached in memory, failing to sync the
+file with the
+.I close
+or
+.I sync
+function may result in inconsistent or lost information.
+.IP
+The
+.I close
+functions return -1 on failure, setting
+.IR errno ,
+and 0 on success.
+.TP 5
+int (*del)(const DB *db, TXN *txnid,
+.ti +5
+const DBT *key, u_int flags);
+.br
+A pointer to a function to remove key/data pairs from the database.
+The key/data pair associated with the specified
+.I key
+are discarded from the database.
+.IP
+The
+.I txnid
+parameter contains a transaction ID returned from
+.IR txn_begin ,
+if the file is being accessed under transaction protection,
+or NULL if transactions are not in effect.
+.IP
+The parameter
+.I flag
+must be set to 0 or exactly one of the following values:
+.RS
+.TP 5
+R_CURSOR
+Delete the record referenced by the cursor.
+The cursor must have previously been initialized.
+.RE
+.IP
+The
+.I delete
+functions return -1 on error, setting
+.IR errno ,
+0 on success, and 1 if the specified
+.I key
+did not exist in the file.
+.TP 5
+int (*fd)(const DB *db);
+A pointer to a function which returns a file descriptor representative
+of the underlying database.
+A file descriptor referencing the same file will be returned to all
+processes which call
+.I db_open
+with the same
+.I file
+name.
+This file descriptor may be safely used as an argument to the
+.IR fcntl (2)
+and
+.IR flock (2)
+locking functions.
+The file descriptor is not necessarily associated with any of the
+underlying files used by the access method.
+No file descriptor is available for in memory databases.
+.IP
+The
+.I fd
+functions return -1 on error, setting
+.IR errno ,
+and the file descriptor on success.
+.TP 5
+int (*get)(const DB *db, TXN *txnid,
+.ti +5
+const DBT *key, DBT *data, u_int flags);
+.br
+A pointer to a function which is the interface for keyed retrieval from
+the database.
+The address and length of the data associated with the specified
+.I key
+are returned in the structure referenced by
+.IR data .
+.IP
+The
+.I txnid
+parameter contains a transaction ID returned from
+.IR txn_begin ,
+if the file is being accessed under transaction protection,
+or NULL if transactions are not in effect.
+.IP
+The
+.I get
+functions return -1 on error, setting
+.IR errno ,
+0 on success, and 1 if the
+.I key
+was not found.
+.TP 5
+int (*put)(const DB *db, TXN *txnid,
+.ti +5
+DBT *key, const DBT *data, u_int flags);
+.br
+A pointer to a function to store key/data pairs in the database.
+.IP
+The
+.I txnid
+parameter contains a transaction ID returned from
+.IR txn_begin ,
+if the file is being accessed under transaction protection,
+or NULL if transactions are not in effect.
+.IP
+The parameter
+.I flag
+must be set to 0 or exactly one of the following values:
+.RS
+.TP 5
+R_CURSOR
+Replace the key/data pair referenced by the cursor.
+The cursor must have previously been initialized.
+.TP 5
+R_NOOVERWRITE
+Enter the new key/data pair only if the key does not previously exist.
+.RE
+.IP
+The default behavior of the
+.I put
+functions is to enter the new key/data pair, replacing any previously
+existing key.
+.IP
+The
+.I put
+functions return -1 on error, setting
+.IR errno ,
+0 on success, and 1 if the R_NOOVERWRITE
+.I flag
+was set and the key already exists in the file.
+.TP 5
+int (*seq)(const DB *db, TXN *txnid,
+.ti +5
+DBT *key, DBT *data, u_int flags);
+.br
+A pointer to a function which is the interface for sequential
+retrieval from the database.
+The address and length of the key are returned in the structure
+referenced by
+.IR key ,
+and the address and length of the data are returned in the
+structure referenced
+by
+.IR data .
+.IP
+The
+.I txnid
+parameter contains a transaction ID returned from
+.IR txn_begin ,
+if the file is being accessed under transaction protection,
+or NULL if transactions are not in effect.
+.IP
+Sequential key/data pair retrieval may begin at any time, and the
+logical position of the ``cursor'' is not affected by calls to the
+.IR del ,
+.IR get ,
+.IR put ,
+or
+.I sync
+functions.
+Modifications to the database during a sequential scan will be reflected
+in the scan, i.e. records inserted behind the cursor will not be returned
+while records inserted in front of the cursor will be returned.
+.IP
+The parameter
+.I flag
+must be set to 0 or exactly one of the following values:
+.RS
+.TP 5
+R_CURSOR
+The data associated with the specified key is returned.
+This differs from the
+.I get
+functions in that it sets or initializes the cursor to the location of
+the key as well.
+.TP 5
+R_FIRST
+The first key/data pair of the database is returned, and the cursor
+is set or initialized to reference it.
+.TP 5
+R_NEXT
+Retrieve the key/data pair immediately after the cursor.
+If the cursor is not yet set, this is the same as the R_FIRST flag.
+.RE
+.IP
+The
+.I seq
+functions return -1 on error, setting
+.IR errno ,
+0 on success,
+and 1 if there are no key/data pairs less than or greater than the
+specified or current key.
+.TP 5
+int (*sync)(const DB *db, u_int flags);
+A pointer to a function to flush any cached information to disk.
+If the database is in memory only, the
+.I sync
+function has no effect and will always succeed.
+.IP
+The parameter
+.I flag
+must be set to 0 or a value specified by an access method specific
+manual page.
+.IP
+The
+.I sync
+functions return -1 on failure, setting
+.IR errno ,
+and 0 on success.
+.SH ERRORS
+The
+.I db_open
+function may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR open (2),
+.IR malloc (3)
+or the following:
+.TP 5
+[EFTYPE]
+A file is incorrectly formatted.
+.TP 5
+[EINVAL]
+A parameter has been specified (hash function, recno pad byte etc.)
+that is incompatible with the current file specification or, a flag
+to a function which is not meaningful for the function (for example,
+use of the cursor without prior initialization) or there is a mismatch
+between the version number of file and the software.
+.PP
+The
+.I close
+functions may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR close (2),
+.IR read (2),
+.IR write (2),
+.IR free (3),
+or
+.IR fsync (2).
+.PP
+The
+.IR del ,
+.IR get ,
+.I put
+and
+.I seq
+functions may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR read (2),
+.IR write (2),
+.IR free (3)
+or
+.IR malloc (3).
+.PP
+The
+.I fd
+functions will fail and set
+.I errno
+to ENOENT for in memory databases.
+.PP
+The
+.I sync
+functions may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR fsync (2).
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_lock (3),
+.IR db_log (3),
+.IR db_mpool (3),
+.IR db_recno (3),
+.IR db_txn (3)
+.SH BUGS
+The name DBT is a mnemonic for ``data base thang'', and was used
+because noone could think of a reasonable name that wasn't already
+in use somewhere else.
+.PP
+The
+.I fd
+function interface is a kluge,
+and will be deleted in a future version of the interface.
+.PP
+Only big and little endian byte order is supported.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_recno.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_recno.3
new file mode 100644
index 00000000..6b93b3f5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_recno.3
@@ -0,0 +1,268 @@
+.\" Copyright (c) 1990, 1993, 1994, 1995
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_recno.3	8.12 (Berkeley) 8/1/95
+.\"
+.TH DB_RECNO 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_recno \- record number database access method
+.SH DESCRIPTION
+.so db.so
+specific details of the recno access method.
+.SH "ACCESS METHOD SPECIFIC INFORMATION"
+The recno access method specific data structure provided to
+.I db_open
+is typedef'd and named RECNOINFO.
+A RECNOINFO structure has at least the following fields,
+which may be initialized before calling
+.IR db_open :
+.TP 5
+u_int8_t bval;
+The delimiting byte to be used to mark the end of a record for
+variable-length records, and the pad character for fixed-length
+records.
+If no value is specified, newlines (``\en'') are used to mark the end
+of variable-length records and fixed-length records are padded with
+spaces.
+.TP 5
+char *bfname;
+The recno access method stores the in-memory copies of its records
+in a btree.
+If bfname is non-NULL, it specifies the name of the btree file,
+as if specified as the file name for a
+.I db_open
+of a btree file.
+.TP 5
+u_int cachesize;
+A suggested maximum size, in bytes, of the memory cache.
+This value is
+.B only
+advisory, and the access method will allocate more memory rather than fail.
+If
+.I cachesize
+is  0 (no size is specified) a default size is used.
+.TP 5
+u_long flags;
+The flag value is specified by
+.IR or 'ing
+any of the following values:
+.RS
+.TP 5
+R_FIXEDLEN
+The records are fixed-length, not byte delimited.
+The structure element
+.I reclen
+specifies the length of the record, and the structure element
+.I bval
+is used as the pad character.
+Any records, inserted into the database, that are less than
+.I reclen
+bytes long are automatically padded.
+.TP 5
+R_NOKEY
+In the interface specified by
+.IR db_open ,
+the sequential record retrieval fills in both the caller's key and
+data structures.
+If the R_NOKEY flag is specified, the
+.I cursor
+functions are not required to fill in the key structure.
+This permits applications to retrieve records at the end of files without
+reading all of the intervening records.
+.TP 5
+R_SNAPSHOT
+This flag requires that a snapshot of the file be taken when
+.I db_open
+is called, instead of permitting any unmodified records to be read from
+the original file.
+.RE
+.TP 5
+int lorder;
+The byte order for integers in the stored database metadata.
+The number should represent the order as an integer; for example,
+big endian order would be the number 4,321.
+If
+.I lorder
+is 0 (no order is specified) the current host order is used.
+.TP 5
+u_int psize;
+The recno access method stores the in-memory copies of its records
+in a btree.
+This value is the size (in bytes) of the pages used for nodes in that tree.
+If
+.I psize
+is 0 (no page size is specified) a page size is chosen based on the
+underlying file system I/O block size.
+See
+.IR btree (3)
+for more information.
+.TP 5
+size_t reclen;
+The length of a fixed-length record.
+.SH "DB OPERATIONS"
+The data part of the key/data pair used by the recno access method
+is the same as other access methods.
+The key is different.
+The
+.I data
+field of the key should be a pointer to a memory location of type
+.IR recno_t ,
+as defined in the <db.h> include file.
+This type is normally the largest unsigned integral type available to
+the implementation.
+The
+.I size
+field of the key should be the size of that type.
+.PP
+The record number data structure is either variable or fixed-length
+records stored in a flat-file format, accessed by the logical record
+number.
+The existence of record number five requires the existence of records
+one through four, and the deletion of record number one causes
+record number five to be renumbered to record number four, as well
+as the cursor, if positioned after record number one, to shift down
+one record.
+The creation of record number five when records one through four do
+not exist causes the logical creation of them with zero-length data.
+.PP
+Because there is no meta-data associated with the underlying recno access
+method files, any changes made to the default values (e.g. fixed record
+length or byte separator value) must be explicitly specified each time the
+file is opened.
+.PP
+The functions returned by
+.I db_open
+for the btree access method are as described in
+.IR db_open (3),
+with the following exceptions and additions:
+.TP 5
+type
+The type is DB_RECNO.
+.TP 5
+put
+Using the
+.I put
+interface to create a new record will cause the creation of multiple,
+empty records if the record number is more than one greater than the
+largest record currently in the database.
+.IP
+The
+.I put
+function takes the following additional flags:
+.RS
+.TP 5
+R_IAFTER
+Append the data immediately after the data referenced by
+.IR key ,
+creating a new key/data pair.
+The record number of the appended key/data pair is returned in the
+.I key
+structure.
+.TP 5
+R_IBEFORE
+Insert the data immediately before the data referenced by
+.IR key ,
+creating a new key/data pair.
+The record number of the inserted key/data pair is returned in the
+.I key
+structure.
+.TP 5
+R_SETCURSOR
+Store the key/data pair, setting or initializing the position of the
+cursor to reference it.
+.RE
+.TP 5
+seq
+The
+.I seq
+function takes the following additional flags:
+.RS
+.TP 5
+R_LAST
+The last key/data pair of the database is returned, and the cursor
+is set or initialized to reference it.
+.TP 5
+R_PREV
+Retrieve the key/data pair immediately before the cursor.
+If the cursor is not yet set, this is the same as the R_LAST flag.
+.RE
+.IP
+If the database file is a character special file and no complete
+key/data pairs are currently available, the
+.I seq
+function returns 2.
+.TP 5
+sync
+The
+.I sync
+function takes the following additional flag:
+.RS
+.TP 5
+R_RECNOSYNC
+This flag causes the
+.I sync
+function to apply to the btree file which underlies the recno file,
+not the recno file itself.
+(See the
+.I bfname
+field of RECNOINFO
+structure, above, for more information.)
+.RE
+.SH ERRORS
+The
+.I recno
+access method functions may fail and set
+.I errno
+for any of the errors specified for the library function
+.IR db_open (3)
+or the following:
+.TP 5
+[EINVAL]
+An attempt was made to add a record to a fixed-length database that
+was too large to fit.
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_lock (3),
+.IR db_log (3),
+.IR db_mpool (3),
+.IR db_open (3),
+.IR db_txn (3)
+.sp
+.IR "Document Processing in a Relational Database System" ,
+Michael Stonebraker, Heidi Stettner, Joseph Kalash, Antonin Guttman,
+Nadene Lynn, Memorandum No. UCB/ERL M82/32, May 1982.
+.SH BUGS
+The
+.I sync
+function's R_RECNOSYNC interface is a kluge,
+and will be deleted in a future version of the interface.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_txn.3 b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_txn.3
new file mode 100644
index 00000000..18ad6469
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/db_txn.3
@@ -0,0 +1,373 @@
+.\" Copyright (c) 1994, 1995
+.\"	The President and Fellows of Harvard University.  All rights reserved.
+.\" Copyright (c) 1994, 1995
+.\"	Margo I. Selzer.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	@(#)db_txn.3	8.8 (Harvard) 8/1/95
+.\"
+.TH DB_TXN 3 "August 1, 1995"
+.UC 7
+.SH NAME
+db_txn \- transaction management functions
+.SH SYNOPSIS
+.nf
+.ft B
+#include <db.h>
+#include <db_lock.h>
+
+int
+txn_create(const char *path, mode_t mode, u_int maxtxns, u_int flags);
+
+TXNMGR *
+txn_open(const char *path, DBT *logp, LOCK_TABLE_T *lockp,
+.ti +5
+int (*recover)(DBT *lsn, DBT *log_entry, int isundo));
+
+TXN *
+txn_begin(TXNMGR *txnp);
+
+int
+txn_commit(TXN *tid);
+
+int
+txn_prepare(TXN *tid);
+
+int
+txn_abort(TXN *tid);
+
+int
+txn_close(TXNMGR *txnp);
+
+int
+txn_unlink(const char *path, int force);
+.ft R
+.fi
+.SH DESCRIPTION
+.so db.so
+specific details of the transaction support.
+.PP
+.I Db_txn
+is the library interface that provides transaction semantics.
+Full transaction support is provided by a collection of modules
+that provide well defined interfaces to the services required for
+transaction processing.
+These services are recovery (see
+.IR db_log (3)),
+concurrency control (see
+.IR db_lock (3)),
+and the management of shared data (see
+.IR db_mpool (3)).
+Transaction semantics can be applied to the access methods described in
+.IR db (3)
+through function call parameters.
+.PP
+The model intended for transactional use (and that is used by the
+access methods) is that write-ahead logging is provided by
+.IR db_log (3)
+to record both before- and after-image logging.
+Locking follows a two-phase protocol and is implemented by
+.IR db_lock (3).
+.PP
+.CR "transaction region" txn
+Any necessary,
+associated log and lock regions are created as well (see
+.IR db_log (3)
+and
+.IR db_lock (3)).
+.PP
+The
+.I maxtxns
+argument specifies the maximum number of simultaneous transactions that
+are supported.
+This bounds the size of backing files and is used to derive limits for
+the size of the lock region and logfiles.
+When there are more than
+.I maxtxns
+concurrent transactions, calls to
+.I txn_begin
+may fail.
+.PP
+Default locking and logging protocols are provided only if the
+backing files exist.
+If the backing files do not exist, the
+.I flags
+parameter must indicate both a logging mode and locking mode specified by 
+.IR or 'ing
+together at most one flag from each of the TXN_LOCK and TXN_LOG classes
+as follows:
+.TP 5
+TXN_LOCK_2PL
+Use two-phase locking.
+.TP 5
+TXN_LOCK_OPTIMISTIC
+Use optimistic locking (not currently implemented).
+.TP 5
+TXN_LOG_REDO
+Provide redo-only logging (not currently implemented).
+.TP 5
+TXN_LOG_UNDO
+Provide undo-only logging (not currently implemented).
+.TP 5
+TXN_LOG_UNDOREDO
+Provide undo/redo write-ahead logging.
+.PP
+.RT txn_create
+.PP
+.OP "transaction region" txn
+.PP
+The
+.I recover
+argument specifies a function that is called by
+.I txn_abort
+during transaction abort.
+This function takes three arguments:
+.TP 5
+lsn
+A log sequence number (LSN).
+.TP 5
+log_entry
+A log record.
+.TP 5
+isundo
+An undo flag set to 0 if the operation is a redo and set to 1 if the
+operation an undo.
+.PP
+As discussed in the
+.I db_log (3)
+manual page,
+the application is responsible for providing any necessary structure
+to the log record.
+For example, the application must understand what part of the log
+record is an operation code, what part is redo information, and what
+part is undo information.
+.PP
+The
+.I txn_begin 
+function creates a new transaction in the designated transaction
+manager, returning a pointer to a TXN that uniquely identifies it.
+.PP
+The
+.I txn_commit
+function ends the transaction specified by the
+.I tid
+argument.
+Any locks held by the transaction are released.
+If logging is enabled, a commit log record is written and flushed to disk.
+.PP
+The
+.I txn_abort
+function causes an abnormal termination of the transaction.
+If logging is enabled, the log is played backwards and any recovery
+operations are initiated through the
+.I recover
+function specified to
+.IR txn_open .
+After recovery is completed, all locks held by the transaction are released.
+.PP
+The 
+.I txn_close
+function detaches a process from the transaction environment specified
+by the TXNMGR pointer.
+All mapped regions are unmapped and any allocated resources are freed.
+Any uncommitted transactions are aborted.
+.PP
+.UN "transaction region" txn
+.PP
+The
+.I txn_prepare
+function initiates the beginning of a two phase commit.
+In a distributed transaction,
+the prepare directive should be issued to all participating
+transaction managers.
+Each manager must take whatever action is necessary to guarantee
+that a future call to
+.I txn_commit
+on the specified
+.I tid
+will succeed.
+.SH "SYSTEM INTEGRATION"
+This model can be applied to data bases other than the provided access
+methods.
+For example, consider an application that provides transaction semantics
+to data stored in regular files accessed using the 
+.IR read (2)
+and
+.IR write (2)
+system calls.
+The operations for which transaction protection is desired are bracketed
+by calls to
+.I txn_begin
+and
+.IR txn_commit .
+.PP
+Before data are referenced, a call is made to the lock manager,
+.IR db_lock ,
+for a lock of the appropriate type (e.g. read)
+on the object being locked.
+The object might be a page in the file, a byte, a range of bytes,
+or some key.
+Before a write is performed, the application makes a call to the
+log manager,
+.IR db_log ,
+to record enough information to redo the operation in case of
+failure after commit and to undo the operation in case of abort.
+After the log message is written, the write system calls are issued.
+After all requests are issued, the application calls
+.IR txn_commit .
+When
+.I txn_commit
+returns, the caller is guaranteed that all necessary log writes have
+been written to disk. 
+.PP
+At any time, the application may call
+.IR txn_abort ,
+which will result in the appropriate calls to the
+.I recover
+routine to restore the ``database'' to a consistent pre-transaction
+state.
+(The recover routine must be able to either reapply or undo the update
+depending on the context, for each different type of log record.)
+.PP
+If the application should crash, the recovery process uses the
+.I db_log
+interface to read the log and call the
+.I recover
+routine to restore the database to a consistent state.
+.PP
+The
+.I txn_prepare 
+function provides the core functionality to implement distributed
+transactions,
+but it does not actually manage the notification of distributed
+transaction managers.
+The caller is responsible for issuing 
+.I txn_prepare
+calls to all sites participating in the transaction.
+If all responses are positive, the caller can issue a
+.IR txn_commit .
+If any of the responses are negative, the caller should issue a
+.IR txn_abort .
+In general, the 
+.I txn_prepare
+call requires that the transaction log be flushed to disk.
+.PP
+The structure of the transaction support allows application designers
+to trade off performance and protection.
+Since DB manages many structures in shared memory,
+its information is subject to corruption by applications when the library
+is linked directly with the application.
+For this reason, DB is designed to allow compilation into a separate
+server process that may be accessed via a socket interface.
+In this way DB's data structures are protected from application code,
+but communication overhead is increased.
+When applications are trusted, DB may be compiled directly into the
+application for increased performance.
+.SH ERRORS
+The
+.I txn_create
+function may fail and set
+.I errno
+for any of the errors specified for the library functions
+.IR open (2),
+.IR write (2),
+.IR malloc (3),
+.IR lock_create (3),
+and
+.IR log_create (3).
+.PP
+The
+.I txn_open
+function may fail and set
+.I errno
+to any of the errors specified for the library functions
+.IR open (2),
+.IR write (2),
+.IR malloc (3),
+.IR lock_open (3),
+and
+.IR log_open (3).
+.PP
+The
+.I txn_begin
+function may fail and set
+.I errno
+to ENOSPC indicating that the maximum number of concurrent
+transactions has been reached.
+.PP
+The
+.I txn_commit
+function may fail and set
+.I errno
+to EINVAL indicating that the transaction was aborted.
+.PP
+The
+.I txn_close
+function may fail and set
+.I errno
+to any of the errors specified for the library functions
+.IR close (2),
+.IR read (2),
+.IR write (2),
+.IR free (3),
+.IR fsync (2),
+.IR lock_close (3)
+or
+.IR log_close (3).
+.PP
+The
+.I txn_unlink
+function may fail and set
+.I errno
+to any of the errors specified for the library functions
+.IR unlink (2),
+.IR lock_unlink (3),
+and
+.IR log_unlink (3),
+or the following:
+.TP 5
+[EBUSY]
+The transaction region was in use and the force flag was not set.
+.SH "SEE ALSO"
+.IR db_btree (3),
+.IR db_hash (3),
+.IR db_lock (3),
+.IR db_log (3),
+.IR db_mpool (3),
+.IR db_open (3),
+.IR db_recno (3)
+.sp
+.IR "LIBTP: Portable, Modular Transactions for UNIX" ,
+Margo Seltzer, Michael Olson, USENIX proceedings, Winter 1992.
+.SH BUGS
+The
+.I maxtxns
+parameter is a kluge, and should be deleted in favor of dynamically
+expanding the transaction region.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/spell.ok b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/spell.ok
new file mode 100644
index 00000000..794b00bf
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/man/spell.ok
@@ -0,0 +1,170 @@
+Ake
+Antonin
+BTREE
+BTREEINFO
+Bsize
+CALLBACK
+Comput
+D.E
+DB
+DB's
+DBINFO
+DBT
+DBTYPE
+Db
+EACCES
+EBUSY
+EFTYPE
+EINVAL
+ENOENT
+ENOSPC
+ERL
+EXCL
+EXLOCK
+FIXEDLEN
+Ffactor
+Guttman
+HASHINFO
+Heidi
+IAFTER
+IBEFORE
+Kalash
+Knuth
+LIBTP
+LOGINFO
+LRU
+LSN
+LSN's
+MPOOL
+MPOOL's
+MPOOLFILE
+MPOOLFILE's
+Maxlocks
+Mpool
+NG
+NOKEY
+NOOVERWRITE
+NOPIN
+NOTHELD
+Nadene
+Nelem
+Nelems
+OBJ
+Pgaddr
+RDONLY
+RDWR
+RECNO
+RECNOINFO
+RECNOSYNC
+REQ
+SETCURSOR
+SHLOCK
+Stettner
+Stonebraker
+Surv
+TMPDIR
+TRUNC
+TXN
+TXNMGR
+Txn
+UCB
+UNDOREDO
+USENIX
+Unterauer
+Vol
+WAL
+WRONLY
+XACT
+YYYY.MM.DD.HH.SS
+al
+bfname
+bsize
+btree
+btrees
+bval
+cachesize
+callback
+const
+db
+db.h
+dbinfo
+dbopen
+del
+elistp
+endian
+enum
+errbuf
+errfile
+errno
+errpfx
+fd
+ffactor
+getv
+ing
+int
+int32
+int8
+isundo
+kluge
+lastlsn
+lg
+lock.h
+lockinfo
+lockop
+lockp
+log.YYYY.MM.DD.HH.MM.SS
+logfiles
+loginfo
+logp
+lreq
+lsn
+lsn1
+lsn2
+lt
+maxcache
+maxkeypage
+maxlocks
+maxtxns
+meta
+minkeypage
+mmap
+mpf
+mpool
+mpool.h
+mpoolinfo
+munmap
+nacquire
+nelem
+nelems
+nmodes
+noone
+nrelease
+obj
+op
+openinfo
+pathname
+pgaddr
+pgcookie
+pgin
+pgno
+pgnoaddr
+pgout
+pid
+pp
+psize
+queue.h
+reclen
+recno
+sx
+thang
+timespec
+tmp
+trunc
+txn
+txnid
+txninfo
+txnp
+typedef
+typedef'd
+vec
+writeable
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/Makefile.in
new file mode 100644
index 00000000..cacff78d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/Makefile.in
@@ -0,0 +1,12 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2$(S)mpool
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+STLIBOBJS=mpool.o
+
+LOCALINCLUDES=	-I. -I$(srcdir)/../include -I../include -I$(srcdir)/../db
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+@libobj_frag@
+
+SRCS= $(STLIBOBJS:.o=.c)
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/Makefile.inc
new file mode 100644
index 00000000..93210c89
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/Makefile.inc
@@ -0,0 +1,5 @@
+#	@(#)Makefile.inc	8.1 (Berkeley) 6/4/93
+
+.PATH: ${.CURDIR}/db/mpool
+
+SRCS+=	mpool.c
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/README b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/README
new file mode 100644
index 00000000..0f01fbcd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/README
@@ -0,0 +1,7 @@
+#	@(#)README	8.1 (Berkeley) 6/4/93
+
+These are the current memory pool routines.
+They aren't ready for prime time, yet, and
+the interface is expected to change.
+
+--keith
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/deps
new file mode 100644
index 00000000..86afee67
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/deps
@@ -0,0 +1,6 @@
+#
+# Generated makefile dependencies follow.
+#
+mpool.so mpool.po $(OUTPRE)mpool.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h mpool.c mpool.h
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/mpool.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/mpool.c
new file mode 100644
index 00000000..0fcfd4ac
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/mpool.c
@@ -0,0 +1,527 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)mpool.c	8.7 (Berkeley) 11/2/95";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "mpool.h"
+
+static BKT *mpool_bkt __P((MPOOL *));
+static BKT *mpool_look __P((MPOOL *, db_pgno_t));
+static int  mpool_write __P((MPOOL *, BKT *));
+
+/*
+ * mpool_open --
+ *	Initialize a memory pool.
+ */
+MPOOL *
+mpool_open(key, fd, pagesize, maxcache)
+	void *key;
+	int fd;
+	db_pgno_t pagesize, maxcache;
+{
+	struct stat sb;
+	MPOOL *mp;
+	int entry;
+
+	/*
+	 * Get information about the file.
+	 *
+	 * XXX
+	 * We don't currently handle pipes, although we should.
+	 */
+	if (fstat(fd, &sb))
+		return (NULL);
+	if (!S_ISREG(sb.st_mode)) {
+		errno = ESPIPE;
+		return (NULL);
+	}
+
+	/* Allocate and initialize the MPOOL cookie. */
+	if ((mp = (MPOOL *)calloc(1, sizeof(MPOOL))) == NULL)
+		return (NULL);
+	TAILQ_INIT(&mp->lqh);
+	for (entry = 0; entry < HASHSIZE; ++entry)
+		TAILQ_INIT(&mp->hqh[entry]);
+	mp->maxcache = maxcache;
+	mp->npages = sb.st_size / pagesize;
+	mp->pagesize = pagesize;
+	mp->fd = fd;
+	return (mp);
+}
+
+/*
+ * mpool_filter --
+ *	Initialize input/output filters.
+ */
+void
+mpool_filter(mp, pgin, pgout, pgcookie)
+	MPOOL *mp;
+	void (*pgin) __P((void *, db_pgno_t, void *));
+	void (*pgout) __P((void *, db_pgno_t, void *));
+	void *pgcookie;
+{
+	mp->pgin = pgin;
+	mp->pgout = pgout;
+	mp->pgcookie = pgcookie;
+}
+
+/*
+ * mpool_new --
+ *	Get a new page of memory.
+ */
+void *
+mpool_new(mp, pgnoaddr, flags)
+	MPOOL *mp;
+	db_pgno_t *pgnoaddr;
+	u_int flags;
+{
+	struct _hqh *head;
+	BKT *bp;
+
+	if (mp->npages == MAX_PAGE_NUMBER) {
+		(void)fprintf(stderr, "mpool_new: page allocation overflow.\n");
+		abort();
+	}
+#ifdef STATISTICS
+	++mp->pagenew;
+#endif
+	/*
+	 * Get a BKT from the cache.  Assign a new page number, attach
+	 * it to the head of the hash chain, the tail of the lru chain,
+	 * and return.
+	 */
+	if ((bp = mpool_bkt(mp)) == NULL)
+		return (NULL);
+	if (flags == MPOOL_PAGE_REQUEST) {
+		mp->npages++;
+		bp->pgno = *pgnoaddr;
+	} else
+		bp->pgno = *pgnoaddr = mp->npages++;
+
+	bp->flags = MPOOL_PINNED | MPOOL_INUSE;
+
+	head = &mp->hqh[HASHKEY(bp->pgno)];
+	TAILQ_INSERT_HEAD(head, bp, hq);
+	TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+	return (bp->page);
+}
+
+int
+mpool_delete(mp, page)
+	MPOOL *mp;
+	void *page;
+{
+	struct _hqh *head;
+	BKT *bp;
+
+	bp = (void *)((char *)page - sizeof(BKT));
+
+#ifdef DEBUG
+	if (!(bp->flags & MPOOL_PINNED)) {
+		(void)fprintf(stderr,
+		    "mpool_delete: page %d not pinned\n", bp->pgno);
+		abort();
+	}
+#endif
+
+	/* Remove from the hash and lru queues. */
+	head = &mp->hqh[HASHKEY(bp->pgno)];
+	TAILQ_REMOVE(head, bp, hq);
+	TAILQ_REMOVE(&mp->lqh, bp, q);
+
+	free(bp);
+	return (RET_SUCCESS);
+}
+
+/*
+ * mpool_get
+ *	Get a page.
+ */
+void *
+mpool_get(mp, pgno, flags)
+	MPOOL *mp;
+	db_pgno_t pgno;
+	u_int flags;				/* XXX not used? */
+{
+	struct _hqh *head;
+	BKT *bp;
+	off_t off;
+	int nr;
+
+#ifdef STATISTICS
+	++mp->pageget;
+#endif
+
+	/* Check for a page that is cached. */
+	if ((bp = mpool_look(mp, pgno)) != NULL) {
+#ifdef DEBUG
+		if (!(flags & MPOOL_IGNOREPIN) && bp->flags & MPOOL_PINNED) {
+			(void)fprintf(stderr,
+			    "mpool_get: page %d already pinned\n", bp->pgno);
+			abort();
+		}
+#endif
+		/*
+		 * Move the page to the head of the hash chain and the tail
+		 * of the lru chain.
+		 */
+		head = &mp->hqh[HASHKEY(bp->pgno)];
+		TAILQ_REMOVE(head, bp, hq);
+		TAILQ_INSERT_HEAD(head, bp, hq);
+		TAILQ_REMOVE(&mp->lqh, bp, q);
+		TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+
+		/* Return a pinned page. */
+		if (!(flags & MPOOL_IGNOREPIN))
+			bp->flags |= MPOOL_PINNED;
+		return (bp->page);
+	}
+
+	/* Get a page from the cache. */
+	if ((bp = mpool_bkt(mp)) == NULL)
+		return (NULL);
+
+	/* Read in the contents. */
+#ifdef STATISTICS
+	++mp->pageread;
+#endif
+	off = mp->pagesize * pgno;
+	if (off / mp->pagesize != pgno) {
+	    /* Run past the end of the file, or at least the part we
+	       can address without large-file support?  */
+	    errno = E2BIG;
+	    return NULL;
+	}
+	if (lseek(mp->fd, off, SEEK_SET) != off)
+		return (NULL);
+
+	if ((nr = read(mp->fd, bp->page, mp->pagesize)) !=
+	    (ssize_t)mp->pagesize) {
+		if (nr > 0) {
+			/* A partial read is definitely bad. */
+			errno = EINVAL;
+			return (NULL);
+		} else {
+			/*
+			 * A zero-length reads, means you need to create a
+			 * new page.
+			 */
+			memset(bp->page, 0, mp->pagesize);
+		}
+	}
+
+	/* Set the page number, pin the page. */
+	bp->pgno = pgno;
+	if (!(flags & MPOOL_IGNOREPIN))
+		bp->flags = MPOOL_PINNED;
+	bp->flags |= MPOOL_INUSE;
+
+	/*
+	 * Add the page to the head of the hash chain and the tail
+	 * of the lru chain.
+	 */
+	head = &mp->hqh[HASHKEY(bp->pgno)];
+	TAILQ_INSERT_HEAD(head, bp, hq);
+	TAILQ_INSERT_TAIL(&mp->lqh, bp, q);
+
+	/* Run through the user's filter. */
+	if (mp->pgin != NULL)
+		(mp->pgin)(mp->pgcookie, bp->pgno, bp->page);
+
+	return (bp->page);
+}
+
+/*
+ * mpool_put
+ *	Return a page.
+ */
+int
+mpool_put(mp, page, flags)
+	MPOOL *mp;
+	void *page;
+	u_int flags;
+{
+	BKT *bp;
+
+#ifdef STATISTICS
+	++mp->pageput;
+#endif
+	bp = (void *)((char *)page - sizeof(BKT));
+#ifdef DEBUG
+	if (!(bp->flags & MPOOL_PINNED)) {
+		(void)fprintf(stderr,
+		    "mpool_put: page %d not pinned\n", bp->pgno);
+		abort();
+	}
+#endif
+	bp->flags &= ~MPOOL_PINNED;
+	if (flags & MPOOL_DIRTY)
+		bp->flags |= flags & MPOOL_DIRTY;
+	return (RET_SUCCESS);
+}
+
+/*
+ * mpool_close
+ *	Close the buffer pool.
+ */
+int
+mpool_close(mp)
+	MPOOL *mp;
+{
+	BKT *bp;
+
+	/* Free up any space allocated to the lru pages. */
+	while ((bp = mp->lqh.tqh_first) != NULL) {
+		TAILQ_REMOVE(&mp->lqh, mp->lqh.tqh_first, q);
+		free(bp);
+	}
+
+	/* Free the MPOOL cookie. */
+	free(mp);
+	return (RET_SUCCESS);
+}
+
+/*
+ * mpool_sync
+ *	Sync the pool to disk.
+ */
+int
+mpool_sync(mp)
+	MPOOL *mp;
+{
+	BKT *bp;
+
+	/* Walk the lru chain, flushing any dirty pages to disk. */
+	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next)
+		if (bp->flags & MPOOL_DIRTY &&
+		    mpool_write(mp, bp) == RET_ERROR)
+			return (RET_ERROR);
+
+	/* Sync the file descriptor. */
+	return (fsync(mp->fd) ? RET_ERROR : RET_SUCCESS);
+}
+
+/*
+ * mpool_bkt
+ *	Get a page from the cache (or create one).
+ */
+static BKT *
+mpool_bkt(mp)
+	MPOOL *mp;
+{
+	struct _hqh *head;
+	BKT *bp;
+
+	/* If under the max cached, always create a new page. */
+	if (mp->curcache < mp->maxcache)
+		goto new;
+
+	/*
+	 * If the cache is max'd out, walk the lru list for a buffer we
+	 * can flush.  If we find one, write it (if necessary) and take it
+	 * off any lists.  If we don't find anything we grow the cache anyway.
+	 * The cache never shrinks.
+	 */
+	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next)
+		if (!(bp->flags & MPOOL_PINNED)) {
+			/* Flush if dirty. */
+			if (bp->flags & MPOOL_DIRTY &&
+			    mpool_write(mp, bp) == RET_ERROR)
+				return (NULL);
+#ifdef STATISTICS
+			++mp->pageflush;
+#endif
+			/* Remove from the hash and lru queues. */
+			head = &mp->hqh[HASHKEY(bp->pgno)];
+			TAILQ_REMOVE(head, bp, hq);
+			TAILQ_REMOVE(&mp->lqh, bp, q);
+#if defined(DEBUG) && !defined(DEBUG_IDX0SPLIT)
+			{ void *spage;
+				spage = bp->page;
+				memset(bp, 0xff, sizeof(BKT) + mp->pagesize);
+				bp->page = spage;
+			}
+#endif
+			bp->flags = 0;
+			return (bp);
+		}
+
+new:	if ((bp = (BKT *)malloc(sizeof(BKT) + mp->pagesize)) == NULL)
+		return (NULL);
+#ifdef STATISTICS
+	++mp->pagealloc;
+#endif
+#if defined(DEBUG) || defined(PURIFY) || 1
+	memset(bp, 0xff, sizeof(BKT) + mp->pagesize);
+#endif
+	bp->page = (char *)bp + sizeof(BKT);
+	bp->flags = 0;
+	++mp->curcache;
+	return (bp);
+}
+
+/*
+ * mpool_write
+ *	Write a page to disk.
+ */
+static int
+mpool_write(mp, bp)
+	MPOOL *mp;
+	BKT *bp;
+{
+	off_t off;
+
+#ifdef STATISTICS
+	++mp->pagewrite;
+#endif
+
+	/* Run through the user's filter. */
+	if (mp->pgout)
+		(mp->pgout)(mp->pgcookie, bp->pgno, bp->page);
+
+	off = mp->pagesize * bp->pgno;
+	if (off / mp->pagesize != bp->pgno) {
+	    /* Run past the end of the file, or at least the part we
+	       can address without large-file support?  */
+	    errno = E2BIG;
+	    return RET_ERROR;
+	}
+	if (lseek(mp->fd, off, SEEK_SET) != off)
+		return (RET_ERROR);
+	if (write(mp->fd, bp->page, mp->pagesize) !=
+	    (ssize_t)mp->pagesize)
+		return (RET_ERROR);
+
+	/*
+	 * Re-run through the input filter since this page may soon be
+	 * accessed via the cache, and whatever the user's output filter
+	 * did may screw things up if we don't let the input filter
+	 * restore the in-core copy.
+	 */
+	if (mp->pgin)
+		(mp->pgin)(mp->pgcookie, bp->pgno, bp->page);
+	bp->flags &= ~MPOOL_DIRTY;
+	return (RET_SUCCESS);
+}
+
+/*
+ * mpool_look
+ *	Lookup a page in the cache.
+ */
+static BKT *
+mpool_look(mp, pgno)
+	MPOOL *mp;
+	db_pgno_t pgno;
+{
+	struct _hqh *head;
+	BKT *bp;
+
+	head = &mp->hqh[HASHKEY(pgno)];
+	for (bp = head->tqh_first; bp != NULL; bp = bp->hq.tqe_next)
+		if ((bp->pgno == pgno) && (bp->flags & MPOOL_INUSE)) {
+#ifdef STATISTICS
+			++mp->cachehit;
+#endif
+			return (bp);
+		}
+#ifdef STATISTICS
+	++mp->cachemiss;
+#endif
+	return (NULL);
+}
+
+#ifdef STATISTICS
+/*
+ * mpool_stat
+ *	Print out cache statistics.
+ */
+void
+mpool_stat(mp)
+	MPOOL *mp;
+{
+	BKT *bp;
+	int cnt;
+	char *sep;
+
+	(void)fprintf(stderr, "%lu pages in the file\n", mp->npages);
+	(void)fprintf(stderr,
+	    "page size %lu, cacheing %lu pages of %lu page max cache\n",
+	    mp->pagesize, mp->curcache, mp->maxcache);
+	(void)fprintf(stderr, "%lu page puts, %lu page gets, %lu page new\n",
+	    mp->pageput, mp->pageget, mp->pagenew);
+	(void)fprintf(stderr, "%lu page allocs, %lu page flushes\n",
+	    mp->pagealloc, mp->pageflush);
+	if (mp->cachehit + mp->cachemiss)
+		(void)fprintf(stderr,
+		    "%.0f%% cache hit rate (%lu hits, %lu misses)\n",
+		    ((double)mp->cachehit / (mp->cachehit + mp->cachemiss))
+		    * 100, mp->cachehit, mp->cachemiss);
+	(void)fprintf(stderr, "%lu page reads, %lu page writes\n",
+	    mp->pageread, mp->pagewrite);
+
+	sep = "";
+	cnt = 0;
+	for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next) {
+		(void)fprintf(stderr, "%s%d", sep, bp->pgno);
+		if (bp->flags & MPOOL_DIRTY)
+			(void)fprintf(stderr, "d");
+		if (bp->flags & MPOOL_PINNED)
+			(void)fprintf(stderr, "P");
+		if (++cnt == 10) {
+			sep = "\n";
+			cnt = 0;
+		} else
+			sep = ", ";
+
+	}
+	(void)fprintf(stderr, "\n");
+}
+#else
+void
+mpool_stat(mp)
+	MPOOL *mp;
+{
+}
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/mpool.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/mpool.h
new file mode 100644
index 00000000..7957df69
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/mpool/mpool.h
@@ -0,0 +1,117 @@
+/*-
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)mpool.h	8.4 (Berkeley) 11/2/95
+ */
+
+#include "db-queue.h"
+
+/*
+ * The memory pool scheme is a simple one.  Each in-memory page is referenced
+ * by a bucket which is threaded in up to two of three ways.  All active pages
+ * are threaded on a hash chain (hashed by page number) and an lru chain.
+ * Inactive pages are threaded on a free chain.  Each reference to a memory
+ * pool is handed an opaque MPOOL cookie which stores all of this information.
+ */
+#define	HASHSIZE	128
+#define	HASHKEY(pgno)	((pgno - 1) % HASHSIZE)
+
+/* The BKT structures are the elements of the queues. */
+typedef struct _bkt {
+	TAILQ_ENTRY(_bkt) hq;		/* hash queue */
+	TAILQ_ENTRY(_bkt) q;		/* lru queue */
+	void    *page;			/* page */
+	db_pgno_t   pgno;			/* page number */
+
+#define	MPOOL_DIRTY	0x01		/* page needs to be written */
+#define	MPOOL_PINNED	0x02		/* page is pinned into memory */
+#define	MPOOL_INUSE	0x04		/* page address is valid */
+	u_int8_t flags;			/* flags */
+} BKT;
+
+typedef struct MPOOL {
+	TAILQ_HEAD(_lqh, _bkt) lqh;	/* lru queue head */
+					/* hash queue array */
+	TAILQ_HEAD(_hqh, _bkt) hqh[HASHSIZE];
+	db_pgno_t	curcache;		/* current number of cached pages */
+	db_pgno_t	maxcache;		/* max number of cached pages */
+	db_pgno_t	npages;			/* number of pages in the file */
+	u_long	pagesize;		/* file page size */
+	int	fd;			/* file descriptor */
+					/* page in conversion routine */
+	void    (*pgin) __P((void *, db_pgno_t, void *));
+					/* page out conversion routine */
+	void    (*pgout) __P((void *, db_pgno_t, void *));
+	void	*pgcookie;		/* cookie for page in/out routines */
+#ifdef STATISTICS
+	u_long	cachehit;
+	u_long	cachemiss;
+	u_long	pagealloc;
+	u_long	pageflush;
+	u_long	pageget;
+	u_long	pagenew;
+	u_long	pageput;
+	u_long	pageread;
+	u_long	pagewrite;
+#endif
+} MPOOL;
+
+#define	MPOOL_IGNOREPIN	0x01		/* Ignore if the page is pinned. */
+#define	MPOOL_PAGE_REQUEST	0x01	/* Allocate a new page with a
+					   specific page number. */
+#define	MPOOL_PAGE_NEXT		0x02	/* Allocate a new page with the next
+					  page number. */
+
+#define mpool_open	kdb2_mpool_open
+#define mpool_filter	kdb2_mpool_filter
+#define mpool_new	kdb2_mpool_new
+#define mpool_get	kdb2_mpool_get
+#define mpool_delete	kdb2_mpool_delete
+#define mpool_put	kdb2_mpool_put
+#define mpool_sync	kdb2_mpool_sync
+#define mpool_close	kdb2_mpool_close
+#define mpool_stat	kdb2_mpool_stat
+
+__BEGIN_DECLS
+MPOOL	*mpool_open __P((void *, int, db_pgno_t, db_pgno_t));
+void	 mpool_filter __P((MPOOL *, void (*)(void *, db_pgno_t, void *),
+	    void (*)(void *, db_pgno_t, void *), void *));
+void	*mpool_new __P((MPOOL *, db_pgno_t *, u_int));
+void	*mpool_get __P((MPOOL *, db_pgno_t, u_int));
+int	 mpool_delete __P((MPOOL *, void *));
+int	 mpool_put __P((MPOOL *, void *, u_int));
+int	 mpool_sync __P((MPOOL *));
+int	 mpool_close __P((MPOOL *));
+
+void	 mpool_stat __P((MPOOL *));
+
+__END_DECLS
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/Makefile.in
new file mode 100644
index 00000000..2a9db95f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/Makefile.in
@@ -0,0 +1,14 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2$(S)recno
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+STLIBOBJS=	rec_close.o rec_delete.o rec_get.o rec_open.o rec_put.o \
+		rec_search.o rec_seq.o rec_utils.o
+
+LOCALINCLUDES=	-I. -I$(srcdir)/../include -I../include -I$(srcdir)/../mpool \
+		-I$(srcdir)/../db
+
+all-unix: all-libobjs
+clean-unix:: clean-libobjs
+@libobj_frag@
+
+SRCS= $(STLIBOBJS:.o=.c)
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/Makefile.inc b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/Makefile.inc
new file mode 100644
index 00000000..e49e2255
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/Makefile.inc
@@ -0,0 +1,6 @@
+#       @(#)Makefile.inc	8.1 (Berkeley) 6/4/93
+
+.PATH: ${.CURDIR}/db/recno
+
+SRCS+=	rec_close.c rec_delete.c rec_get.c rec_open.c rec_put.c rec_search.c \
+	rec_seq.c rec_utils.c
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/deps
new file mode 100644
index 00000000..3756fb77
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/deps
@@ -0,0 +1,43 @@
+#
+# Generated makefile dependencies follow.
+#
+rec_close.so rec_close.po $(OUTPRE)rec_close.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../btree/btree.h \
+  $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h rec_close.c recno.h
+rec_delete.so rec_delete.po $(OUTPRE)rec_delete.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../btree/btree.h \
+  $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h rec_delete.c recno.h
+rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \
+  $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  extern.h rec_get.c recno.h
+rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../btree/btree.h \
+  $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h rec_open.c recno.h
+rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \
+  $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  extern.h rec_put.c recno.h
+rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../btree/btree.h \
+  $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h rec_search.c recno.h
+rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(DB_DEPS) $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \
+  $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  extern.h rec_seq.c recno.h
+rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../btree/btree.h \
+  $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \
+  $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \
+  $(srcdir)/../mpool/mpool.h extern.h rec_utils.c recno.h
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/extern.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/extern.h
new file mode 100644
index 00000000..98e382c3
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/extern.h
@@ -0,0 +1,72 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)extern.h	8.3 (Berkeley) 6/4/94
+ */
+
+#include "../btree/extern.h"
+
+#define __rec_close	__kdb2_rec_close
+#define __rec_delete	__kdb2_rec_delete
+#define __rec_dleaf	__kdb2_rec_dleaf
+#define __rec_fd	__kdb2_rec_fd
+#define __rec_fmap	__kdb2_rec_fmap
+#define __rec_fout	__kdb2_rec_fout
+#define __rec_fpipe	__kdb2_rec_fpipe
+#define __rec_get	__kdb2_rec_get
+#define __rec_iput	__kdb2_rec_iput
+#define __rec_put	__kdb2_rec_put
+#define __rec_ret	__kdb2_rec_ret
+#define __rec_search	__kdb2_rec_search
+#define __rec_seq	__kdb2_rec_seq
+#define __rec_sync	__kdb2_rec_sync
+#define __rec_vmap	__kdb2_rec_vmap
+#define __rec_vout	__kdb2_rec_vout
+#define __rec_vpipe	__kdb2_rec_vpipe
+
+int	 __rec_close __P((DB *));
+int	 __rec_delete __P((const DB *, const DBT *, u_int));
+int	 __rec_dleaf __P((BTREE *, PAGE *, u_int32_t));
+int	 __rec_fd __P((const DB *));
+int	 __rec_fmap __P((BTREE *, recno_t));
+int	 __rec_fout __P((BTREE *));
+int	 __rec_fpipe __P((BTREE *, recno_t));
+int	 __rec_get __P((const DB *, const DBT *, DBT *, u_int));
+int	 __rec_iput __P((BTREE *, recno_t, const DBT *, u_int));
+int	 __rec_put __P((const DB *dbp, DBT *, const DBT *, u_int));
+int	 __rec_ret __P((BTREE *, EPG *, recno_t, DBT *, DBT *));
+EPG	*__rec_search __P((BTREE *, recno_t, enum SRCHOP));
+int	 __rec_seq __P((const DB *, DBT *, DBT *, u_int));
+int	 __rec_sync __P((const DB *, u_int));
+int	 __rec_vmap __P((BTREE *, recno_t));
+int	 __rec_vout __P((BTREE *));
+int	 __rec_vpipe __P((BTREE *, recno_t));
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_close.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_close.c
new file mode 100644
index 00000000..4ef4dd1b
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_close.c
@@ -0,0 +1,188 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_close.c	8.9 (Berkeley) 11/18/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/uio.h>
+#ifdef RECNO_USE_MMAP
+#include <sys/mman.h>
+#endif
+
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+/*
+ * __REC_CLOSE -- Close a recno tree.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__rec_close(dbp)
+	DB *dbp;
+{
+	BTREE *t;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	if (__rec_sync(dbp, 0) == RET_ERROR)
+		return (RET_ERROR);
+
+	/* Committed to closing. */
+	status = RET_SUCCESS;
+#ifdef	RECNO_USE_MMAP
+	if (F_ISSET(t, R_MEMMAPPED) && munmap(t->bt_smap, t->bt_msize))
+		status = RET_ERROR;
+#endif
+
+	if (!F_ISSET(t, R_INMEM)) {
+		if (F_ISSET(t, R_CLOSEFP)) {
+			if (fclose(t->bt_rfp))
+				status = RET_ERROR;
+		} else
+			if (close(t->bt_rfd))
+				status = RET_ERROR;
+	}
+
+	if (__bt_close(dbp) == RET_ERROR)
+		status = RET_ERROR;
+
+	return (status);
+}
+
+/*
+ * __REC_SYNC -- sync the recno tree to disk.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+int
+__rec_sync(dbp, flags)
+	const DB *dbp;
+	u_int flags;
+{
+	struct iovec iov[2];
+	BTREE *t;
+	DBT data, key;
+	off_t off;
+	recno_t scursor, trec;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	if (flags == R_RECNOSYNC)
+		return (__bt_sync(dbp, 0));
+
+	if (F_ISSET(t, R_RDONLY | R_INMEM) || !F_ISSET(t, R_MODIFIED))
+		return (RET_SUCCESS);
+
+	/* Read any remaining records into the tree. */
+	if (!F_ISSET(t, R_EOF) && t->bt_irec(t, MAX_REC_NUMBER) == RET_ERROR)
+		return (RET_ERROR);
+
+	/* Rewind the file descriptor. */
+	if (lseek(t->bt_rfd, (off_t)0, SEEK_SET) != 0)
+		return (RET_ERROR);
+
+	/* Save the cursor. */
+	scursor = t->bt_cursor.rcursor;
+
+	key.size = sizeof(recno_t);
+	key.data = &trec;
+
+	if (F_ISSET(t, R_FIXLEN)) {
+		/*
+		 * We assume that fixed length records are all fixed length.
+		 * Any that aren't are either EINVAL'd or corrected by the
+		 * record put code.
+		 */
+		status = (dbp->seq)(dbp, &key, &data, R_FIRST);
+		while (status == RET_SUCCESS) {
+			if (write(t->bt_rfd, data.data, data.size) !=
+			    (ssize_t)data.size)
+				return (RET_ERROR);
+			status = (dbp->seq)(dbp, &key, &data, R_NEXT);
+		}
+	} else {
+		iov[1].iov_base = &t->bt_bval;
+		iov[1].iov_len = 1;
+
+		status = (dbp->seq)(dbp, &key, &data, R_FIRST);
+		while (status == RET_SUCCESS) {
+			iov[0].iov_base = data.data;
+			iov[0].iov_len = data.size;
+			if (writev(t->bt_rfd, iov, 2) != (ssize_t)data.size + 1)
+				return (RET_ERROR);
+			status = (dbp->seq)(dbp, &key, &data, R_NEXT);
+		}
+	}
+
+	/* Restore the cursor. */
+	t->bt_cursor.rcursor = scursor;
+
+	if (status == RET_ERROR)
+		return (RET_ERROR);
+	if ((off = lseek(t->bt_rfd, (off_t)0, SEEK_CUR)) == -1)
+		return (RET_ERROR);
+	if (ftruncate(t->bt_rfd, off))
+		return (RET_ERROR);
+	F_CLR(t, R_MODIFIED);
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_delete.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_delete.c
new file mode 100644
index 00000000..b69c9ad7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_delete.c
@@ -0,0 +1,197 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_delete.c	8.7 (Berkeley) 7/14/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+static int rec_rdelete __P((BTREE *, recno_t));
+
+/*
+ * __REC_DELETE -- Delete the item(s) referenced by a key.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key to delete
+ *	flags:	R_CURSOR if deleting what the cursor references
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found.
+ */
+int
+__rec_delete(dbp, key, flags)
+	const DB *dbp;
+	const DBT *key;
+	u_int flags;
+{
+	BTREE *t;
+	recno_t nrec;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	switch(flags) {
+	case 0:
+		if ((nrec = *(recno_t *)key->data) == 0)
+			goto einval;
+		if (nrec > t->bt_nrecs)
+			return (RET_SPECIAL);
+		--nrec;
+		status = rec_rdelete(t, nrec);
+		break;
+	case R_CURSOR:
+		if (!F_ISSET(&t->bt_cursor, CURS_INIT))
+			goto einval;
+		if (t->bt_nrecs == 0)
+			return (RET_SPECIAL);
+		status = rec_rdelete(t, t->bt_cursor.rcursor - 1);
+		if (status == RET_SUCCESS)
+			--t->bt_cursor.rcursor;
+		break;
+	default:
+einval:		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	if (status == RET_SUCCESS)
+		F_SET(t, B_MODIFIED | R_MODIFIED);
+	return (status);
+}
+
+/*
+ * REC_RDELETE -- Delete the data matching the specified key.
+ *
+ * Parameters:
+ *	tree:	tree
+ *	nrec:	record to delete
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found.
+ */
+static int
+rec_rdelete(t, nrec)
+	BTREE *t;
+	recno_t nrec;
+{
+	EPG *e;
+	PAGE *h;
+	int status;
+
+	/* Find the record; __rec_search pins the page. */
+	if ((e = __rec_search(t, nrec, SDELETE)) == NULL)
+		return (RET_ERROR);
+
+	/* Delete the record. */
+	h = e->page;
+	status = __rec_dleaf(t, h, e->index);
+	if (status != RET_SUCCESS) {
+		mpool_put(t->bt_mp, h, 0);
+		return (status);
+	}
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+	return (RET_SUCCESS);
+}
+
+/*
+ * __REC_DLEAF -- Delete a single record from a recno leaf page.
+ *
+ * Parameters:
+ *	t:	tree
+ *	idx:	index on current page to delete
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+int
+__rec_dleaf(t, h, idx)
+	BTREE *t;
+	PAGE *h;
+	u_int32_t idx;
+{
+	RLEAF *rl;
+	indx_t *ip, cnt, offset;
+	u_int32_t nbytes;
+	char *from;
+	void *to;
+
+	/*
+	 * Delete a record from a recno leaf page.  Internal records are never
+	 * deleted from internal pages, regardless of the records that caused
+	 * them to be added being deleted.  Pages made empty by deletion are
+	 * not reclaimed.  They are, however, made available for reuse.
+	 *
+	 * Pack the remaining entries at the end of the page, shift the indices
+	 * down, overwriting the deleted record and its index.  If the record
+	 * uses overflow pages, make them available for reuse.
+	 */
+	to = rl = GETRLEAF(h, idx);
+	if (rl->flags & P_BIGDATA && __ovfl_delete(t, rl->bytes) == RET_ERROR)
+		return (RET_ERROR);
+	nbytes = NRLEAF(rl);
+
+	/*
+	 * Compress the key/data pairs.  Compress and adjust the [BR]LEAF
+	 * offsets.  Reset the headers.
+	 */
+	from = (char *)h + h->upper;
+	memmove(from + nbytes, from, (char *)to - from);
+	h->upper += nbytes;
+
+	offset = h->linp[idx];
+	for (cnt = &h->linp[idx] - (ip = &h->linp[0]); cnt--; ++ip)
+		if (ip[0] < offset)
+			ip[0] += nbytes;
+	for (cnt = &h->linp[NEXTINDEX(h)] - ip; --cnt; ++ip)
+		ip[0] = ip[1] < offset ? ip[1] + nbytes : ip[1];
+	h->lower -= sizeof(indx_t);
+	--t->bt_nrecs;
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_get.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_get.c
new file mode 100644
index 00000000..230b2d4f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_get.c
@@ -0,0 +1,311 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_get.c	8.9 (Berkeley) 8/18/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+/*
+ * __REC_GET -- Get a record from the btree.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key to find
+ *	data:	data to return
+ *	flag:	currently unused
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found.
+ */
+int
+__rec_get(dbp, key, data, flags)
+	const DB *dbp;
+	const DBT *key;
+	DBT *data;
+	u_int flags;
+{
+	BTREE *t;
+	EPG *e;
+	recno_t nrec;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* Get currently doesn't take any flags, and keys of 0 are illegal. */
+	if (flags || (nrec = *(recno_t *)key->data) == 0) {
+		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	/*
+	 * If we haven't seen this record yet, try to find it in the
+	 * original file.
+	 */
+	if (nrec > t->bt_nrecs) {
+		if (F_ISSET(t, R_EOF | R_INMEM))
+			return (RET_SPECIAL);
+		if ((status = t->bt_irec(t, nrec)) != RET_SUCCESS)
+			return (status);
+	}
+
+	--nrec;
+	if ((e = __rec_search(t, nrec, SEARCH)) == NULL)
+		return (RET_ERROR);
+
+	status = __rec_ret(t, e, 0, NULL, data);
+	if (F_ISSET(t, B_DB_LOCK))
+		mpool_put(t->bt_mp, e->page, 0);
+	else
+		t->bt_pinned = e->page;
+	return (status);
+}
+
+/*
+ * __REC_FPIPE -- Get fixed length records from a pipe.
+ *
+ * Parameters:
+ *	t:	tree
+ *	cnt:	records to read
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__rec_fpipe(t, top)
+	BTREE *t;
+	recno_t top;
+{
+	DBT data;
+	recno_t nrec;
+	size_t len;
+	int ch;
+	u_char *p;
+
+	if (t->bt_rdata.size < t->bt_reclen) {
+		t->bt_rdata.data = t->bt_rdata.data == NULL ?
+		    malloc(t->bt_reclen) :
+		    realloc(t->bt_rdata.data, t->bt_reclen);
+		if (t->bt_rdata.data == NULL)
+			return (RET_ERROR);
+		t->bt_rdata.size = t->bt_reclen;
+	}
+	data.data = t->bt_rdata.data;
+	data.size = t->bt_reclen;
+
+	for (nrec = t->bt_nrecs; nrec < top;) {
+		len = t->bt_reclen;
+		for (p = t->bt_rdata.data;; *p++ = ch)
+			if ((ch = getc(t->bt_rfp)) == EOF || !--len) {
+				if (ch != EOF)
+					*p = ch;
+				if (len != 0)
+					memset(p, t->bt_bval, len);
+				if (__rec_iput(t,
+				    nrec, &data, 0) != RET_SUCCESS)
+					return (RET_ERROR);
+				++nrec;
+				break;
+			}
+		if (ch == EOF)
+			break;
+	}
+	if (nrec < top) {
+		F_SET(t, R_EOF);
+		return (RET_SPECIAL);
+	}
+	return (RET_SUCCESS);
+}
+
+/*
+ * __REC_VPIPE -- Get variable length records from a pipe.
+ *
+ * Parameters:
+ *	t:	tree
+ *	cnt:	records to read
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__rec_vpipe(t, top)
+	BTREE *t;
+	recno_t top;
+{
+	DBT data;
+	recno_t nrec;
+	indx_t len;
+	size_t sz;
+	int bval, ch;
+	u_char *p;
+
+	bval = t->bt_bval;
+	for (nrec = t->bt_nrecs; nrec < top; ++nrec) {
+		for (p = t->bt_rdata.data,
+		    sz = t->bt_rdata.size;; *p++ = ch, --sz) {
+			if ((ch = getc(t->bt_rfp)) == EOF || ch == bval) {
+				data.data = t->bt_rdata.data;
+				data.size = p - (u_char *)t->bt_rdata.data;
+				if (ch == EOF && data.size == 0)
+					break;
+				if (__rec_iput(t, nrec, &data, 0)
+				    != RET_SUCCESS)
+					return (RET_ERROR);
+				break;
+			}
+			if (sz == 0) {
+				len = p - (u_char *)t->bt_rdata.data;
+				t->bt_rdata.size += (sz = 256);
+				t->bt_rdata.data = t->bt_rdata.data == NULL ?
+				    malloc(t->bt_rdata.size) :
+				    realloc(t->bt_rdata.data, t->bt_rdata.size);
+				if (t->bt_rdata.data == NULL)
+					return (RET_ERROR);
+				p = (u_char *)t->bt_rdata.data + len;
+			}
+		}
+		if (ch == EOF)
+			break;
+	}
+	if (nrec < top) {
+		F_SET(t, R_EOF);
+		return (RET_SPECIAL);
+	}
+	return (RET_SUCCESS);
+}
+
+/*
+ * __REC_FMAP -- Get fixed length records from a file.
+ *
+ * Parameters:
+ *	t:	tree
+ *	cnt:	records to read
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__rec_fmap(t, top)
+	BTREE *t;
+	recno_t top;
+{
+	DBT data;
+	recno_t nrec;
+	u_char *sp, *ep, *p;
+	size_t len;
+
+	if (t->bt_rdata.size < t->bt_reclen) {
+		t->bt_rdata.data = t->bt_rdata.data == NULL ?
+		    malloc(t->bt_reclen) :
+		    realloc(t->bt_rdata.data, t->bt_reclen);
+		if (t->bt_rdata.data == NULL)
+			return (RET_ERROR);
+		t->bt_rdata.size = t->bt_reclen;
+	}
+	data.data = t->bt_rdata.data;
+	data.size = t->bt_reclen;
+
+	sp = (u_char *)t->bt_cmap;
+	ep = (u_char *)t->bt_emap;
+	for (nrec = t->bt_nrecs; nrec < top; ++nrec) {
+		if (sp >= ep) {
+			F_SET(t, R_EOF);
+			return (RET_SPECIAL);
+		}
+		len = t->bt_reclen;
+		for (p = t->bt_rdata.data;
+		    sp < ep && len > 0; *p++ = *sp++, --len);
+		if (len != 0)
+			memset(p, t->bt_bval, len);
+		if (__rec_iput(t, nrec, &data, 0) != RET_SUCCESS)
+			return (RET_ERROR);
+	}
+	t->bt_cmap = (caddr_t)sp;
+	return (RET_SUCCESS);
+}
+
+/*
+ * __REC_VMAP -- Get variable length records from a file.
+ *
+ * Parameters:
+ *	t:	tree
+ *	cnt:	records to read
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__rec_vmap(t, top)
+	BTREE *t;
+	recno_t top;
+{
+	DBT data;
+	u_char *sp, *ep;
+	recno_t nrec;
+	int bval;
+
+	sp = (u_char *)t->bt_cmap;
+	ep = (u_char *)t->bt_emap;
+	bval = t->bt_bval;
+
+	for (nrec = t->bt_nrecs; nrec < top; ++nrec) {
+		if (sp >= ep) {
+			F_SET(t, R_EOF);
+			return (RET_SPECIAL);
+		}
+		for (data.data = sp; sp < ep && *sp != bval; ++sp);
+		data.size = sp - (u_char *)data.data;
+		if (__rec_iput(t, nrec, &data, 0) != RET_SUCCESS)
+			return (RET_ERROR);
+		++sp;
+	}
+	t->bt_cmap = (caddr_t)sp;
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c
new file mode 100644
index 00000000..d8b26e70
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c
@@ -0,0 +1,248 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_open.c	8.12 (Berkeley) 11/18/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#ifdef RECNO_USE_MMAP
+#include <sys/mman.h>
+#endif
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+DB *
+__rec_open(fname, flags, mode, openinfo, dflags)
+	const char *fname;
+	int flags, mode, dflags;
+	const RECNOINFO *openinfo;
+{
+	BTREE *t;
+	BTREEINFO btopeninfo;
+	DB *dbp;
+	PAGE *h;
+	struct stat sb;
+	int rfd = -1, sverrno;
+
+	/* Open the user's file -- if this fails, we're done. */
+	if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
+		return (NULL);
+
+	if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
+		close(rfd);
+		return NULL;
+	}
+
+	/* Create a btree in memory (backed by disk). */
+	dbp = NULL;
+	if (openinfo) {
+		if (openinfo->flags & ~(R_FIXEDLEN | R_NOKEY | R_SNAPSHOT))
+			goto einval;
+		btopeninfo.flags = 0;
+		btopeninfo.cachesize = openinfo->cachesize;
+		btopeninfo.maxkeypage = 0;
+		btopeninfo.minkeypage = 0;
+		btopeninfo.psize = openinfo->psize;
+		btopeninfo.compare = NULL;
+		btopeninfo.prefix = NULL;
+		btopeninfo.lorder = openinfo->lorder;
+		dbp = __bt_open(openinfo->bfname,
+		    O_RDWR | O_BINARY, S_IRUSR | S_IWUSR, &btopeninfo, dflags);
+	} else
+		dbp = __bt_open(NULL, O_RDWR | O_BINARY, S_IRUSR | S_IWUSR, NULL, dflags);
+	if (dbp == NULL)
+		goto err;
+
+	/*
+	 * Some fields in the tree structure are recno specific.  Fill them
+	 * in and make the btree structure look like a recno structure.  We
+	 * don't change the bt_ovflsize value, it's close enough and slightly
+	 * bigger.
+	 */
+	t = dbp->internal;
+	if (openinfo) {
+		if (openinfo->flags & R_FIXEDLEN) {
+			F_SET(t, R_FIXLEN);
+			t->bt_reclen = openinfo->reclen;
+			if (t->bt_reclen == 0)
+				goto einval;
+		}
+		t->bt_bval = openinfo->bval;
+	} else
+		t->bt_bval = '\n';
+
+	F_SET(t, R_RECNO);
+	if (fname == NULL)
+		F_SET(t, R_EOF | R_INMEM);
+	else
+		t->bt_rfd = rfd;
+
+	if (fname != NULL) {
+		/*
+		 * In 4.4BSD, stat(2) returns true for ISSOCK on pipes.
+		 * Unfortunately, that's not portable, so we use lseek
+		 * and check the errno values.
+		 */
+		errno = 0;
+		if (lseek(rfd, (off_t)0, SEEK_CUR) == -1 && errno == ESPIPE) {
+			switch (flags & O_ACCMODE) {
+			case O_RDONLY:
+				F_SET(t, R_RDONLY);
+				break;
+			default:
+				goto einval;
+			}
+slow:			if ((t->bt_rfp = fdopen(rfd, "rb")) == NULL)
+				goto err;
+			F_SET(t, R_CLOSEFP);
+			t->bt_irec =
+			    F_ISSET(t, R_FIXLEN) ? __rec_fpipe : __rec_vpipe;
+		} else {
+			switch (flags & O_ACCMODE) {
+			case O_RDONLY:
+				F_SET(t, R_RDONLY);
+				break;
+			case O_RDWR:
+				break;
+			default:
+				goto einval;
+			}
+
+			if (fstat(rfd, &sb))
+				goto err;
+			/*
+			 * Kluge -- we'd like to test to see if the file is too
+			 * big to mmap.  Since, we don't know what size or type
+			 * off_t's or size_t's are, what the largest unsigned
+			 * integral type is, or what random insanity the local
+			 * C compiler will perpetrate, doing the comparison in
+			 * a portable way is flatly impossible.  Hope that mmap
+			 * fails if the file is too large.
+			 */
+			if (sb.st_size == 0)
+				F_SET(t, R_EOF);
+			else {
+#ifdef RECNO_USE_MMAP
+				/*
+				 * XXX
+				 * Mmap doesn't work correctly on many current
+				 * systems.  In particular, it can fail subtly,
+				 * with cache coherency problems.  Don't use it
+				 * for now.
+				 */
+				t->bt_msize = sb.st_size;
+				if ((t->bt_smap = mmap(NULL, t->bt_msize,
+				    PROT_READ, MAP_PRIVATE, rfd,
+				    (off_t)0)) == (caddr_t)-1)
+					goto slow;
+				t->bt_cmap = t->bt_smap;
+				t->bt_emap = t->bt_smap + sb.st_size;
+				t->bt_irec = F_ISSET(t, R_FIXLEN) ?
+				    __rec_fmap : __rec_vmap;
+				F_SET(t, R_MEMMAPPED);
+#else
+				goto slow;
+#endif
+			}
+		}
+	}
+
+	/* Use the recno routines. */
+	dbp->close = __rec_close;
+	dbp->del = __rec_delete;
+	dbp->fd = __rec_fd;
+	dbp->get = __rec_get;
+	dbp->put = __rec_put;
+	dbp->seq = __rec_seq;
+	dbp->sync = __rec_sync;
+
+	/* If the root page was created, reset the flags. */
+	if ((h = mpool_get(t->bt_mp, P_ROOT, 0)) == NULL)
+		goto err;
+	if ((h->flags & P_TYPE) == P_BLEAF) {
+		F_CLR(h, P_TYPE);
+		F_SET(h, P_RLEAF);
+		mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+	} else
+		mpool_put(t->bt_mp, h, 0);
+
+	if (openinfo && openinfo->flags & R_SNAPSHOT &&
+	    !F_ISSET(t, R_EOF | R_INMEM) &&
+	    t->bt_irec(t, MAX_REC_NUMBER) == RET_ERROR)
+                goto err;
+	return (dbp);
+
+einval:	errno = EINVAL;
+err:	sverrno = errno;
+	if (dbp != NULL)
+		(void)__bt_close(dbp);
+	if (fname != NULL)
+		(void)close(rfd);
+	errno = sverrno;
+	return (NULL);
+}
+
+int
+__rec_fd(dbp)
+	const DB *dbp;
+{
+	BTREE *t;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/* In-memory database can't have a file descriptor. */
+	if (F_ISSET(t, R_INMEM)) {
+		errno = ENOENT;
+		return (-1);
+	}
+	return (t->bt_rfd);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c
new file mode 100644
index 00000000..c53c9578
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c
@@ -0,0 +1,281 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_put.c	8.7 (Berkeley) 8/18/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+/*
+ * __REC_PUT -- Add a recno item to the tree.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key
+ *	data:	data
+ *	flag:	R_CURSOR, R_IAFTER, R_IBEFORE, R_NOOVERWRITE
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key is
+ *	already in the tree and R_NOOVERWRITE specified.
+ */
+int
+__rec_put(dbp, key, data, flags)
+	const DB *dbp;
+	DBT *key;
+	const DBT *data;
+	u_int flags;
+{
+	BTREE *t;
+	DBT fdata, tdata;
+	recno_t nrec;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	/*
+	 * If using fixed-length records, and the record is long, return
+	 * EINVAL.  If it's short, pad it out.  Use the record data return
+	 * memory, it's only short-term.
+	 */
+	if (F_ISSET(t, R_FIXLEN) && data->size != t->bt_reclen) {
+		if (data->size > t->bt_reclen)
+			goto einval;
+
+		if (t->bt_rdata.size < t->bt_reclen) {
+			t->bt_rdata.data = t->bt_rdata.data == NULL ?
+			    malloc(t->bt_reclen) :
+			    realloc(t->bt_rdata.data, t->bt_reclen);
+			if (t->bt_rdata.data == NULL)
+				return (RET_ERROR);
+			t->bt_rdata.size = t->bt_reclen;
+		}
+		memmove(t->bt_rdata.data, data->data, data->size);
+		memset((char *)t->bt_rdata.data + data->size,
+		    t->bt_bval, t->bt_reclen - data->size);
+		fdata.data = t->bt_rdata.data;
+		fdata.size = t->bt_reclen;
+	} else {
+		fdata.data = data->data;
+		fdata.size = data->size;
+	}
+
+	switch (flags) {
+	case R_CURSOR:
+		if (!F_ISSET(&t->bt_cursor, CURS_INIT))
+			goto einval;
+		nrec = t->bt_cursor.rcursor;
+		break;
+	case R_SETCURSOR:
+		if ((nrec = *(recno_t *)key->data) == 0)
+			goto einval;
+		break;
+	case R_IAFTER:
+		if ((nrec = *(recno_t *)key->data) == 0) {
+			nrec = 1;
+			flags = R_IBEFORE;
+		}
+		break;
+	case 0:
+	case R_IBEFORE:
+		if ((nrec = *(recno_t *)key->data) == 0)
+			goto einval;
+		break;
+	case R_NOOVERWRITE:
+		if ((nrec = *(recno_t *)key->data) == 0)
+			goto einval;
+		if (nrec <= t->bt_nrecs)
+			return (RET_SPECIAL);
+		break;
+	default:
+einval:		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	/*
+	 * Make sure that records up to and including the put record are
+	 * already in the database.  If skipping records, create empty ones.
+	 */
+	if (nrec > t->bt_nrecs) {
+		if (!F_ISSET(t, R_EOF | R_INMEM) &&
+		    t->bt_irec(t, nrec) == RET_ERROR)
+			return (RET_ERROR);
+		if (nrec > t->bt_nrecs + 1) {
+			if (F_ISSET(t, R_FIXLEN)) {
+				if ((tdata.data =
+				    (void *)malloc(t->bt_reclen)) == NULL)
+					return (RET_ERROR);
+				tdata.size = t->bt_reclen;
+				memset(tdata.data, t->bt_bval, tdata.size);
+			} else {
+				tdata.data = NULL;
+				tdata.size = 0;
+			}
+			while (nrec > t->bt_nrecs + 1)
+				if (__rec_iput(t,
+				    t->bt_nrecs, &tdata, 0) != RET_SUCCESS)
+					return (RET_ERROR);
+			if (F_ISSET(t, R_FIXLEN))
+				free(tdata.data);
+		}
+	}
+
+	if ((status = __rec_iput(t, nrec - 1, &fdata, flags)) != RET_SUCCESS)
+		return (status);
+
+	if (flags == R_SETCURSOR)
+		t->bt_cursor.rcursor = nrec;
+
+	F_SET(t, R_MODIFIED);
+	return (__rec_ret(t, NULL, nrec, key, NULL));
+}
+
+/*
+ * __REC_IPUT -- Add a recno item to the tree.
+ *
+ * Parameters:
+ *	t:	tree
+ *	nrec:	record number
+ *	data:	data
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS
+ */
+int
+__rec_iput(t, nrec, data, flags)
+	BTREE *t;
+	recno_t nrec;
+	const DBT *data;
+	u_int flags;
+{
+	DBT tdata;
+	EPG *e;
+	PAGE *h;
+	indx_t idx, nxtindex;
+	db_pgno_t pg;
+	u_int32_t nbytes;
+	int dflags, status;
+	char *dest, db[NOVFLSIZE];
+
+	/*
+	 * If the data won't fit on a page, store it on indirect pages.
+	 *
+	 * XXX
+	 * If the insert fails later on, these pages aren't recovered.
+	 */
+	if (data->size > t->bt_ovflsize) {
+		if (__ovfl_put(t, data, &pg) == RET_ERROR)
+			return (RET_ERROR);
+		tdata.data = db;
+		tdata.size = NOVFLSIZE;
+		memcpy(db, &pg, sizeof(pg));
+		*(u_int32_t *)(void *)(db + sizeof(db_pgno_t)) = data->size;
+		dflags = P_BIGDATA;
+		data = &tdata;
+	} else
+		dflags = 0;
+
+	/* __rec_search pins the returned page. */
+	if ((e = __rec_search(t, nrec,
+	    nrec > t->bt_nrecs || flags == R_IAFTER || flags == R_IBEFORE ?
+	    SINSERT : SEARCH)) == NULL)
+		return (RET_ERROR);
+
+	h = e->page;
+	idx = e->index;
+
+	/*
+	 * Add the specified key/data pair to the tree.  The R_IAFTER and
+	 * R_IBEFORE flags insert the key after/before the specified key.
+	 *
+	 * Pages are split as required.
+	 */
+	switch (flags) {
+	case R_IAFTER:
+		++idx;
+		break;
+	case R_IBEFORE:
+		break;
+	default:
+		if (nrec < t->bt_nrecs &&
+		    __rec_dleaf(t, h, idx) == RET_ERROR) {
+			mpool_put(t->bt_mp, h, 0);
+			return (RET_ERROR);
+		}
+		break;
+	}
+
+	/*
+	 * If not enough room, split the page.  The split code will insert
+	 * the key and data and unpin the current page.  If inserting into
+	 * the offset array, shift the pointers up.
+	 */
+	nbytes = NRLEAFDBT(data->size);
+	if ((u_int32_t)h->upper - (u_int32_t)h->lower
+	    < nbytes + sizeof(indx_t)) {
+		status = __bt_split(t, h, NULL, data, dflags, nbytes, idx);
+		if (status == RET_SUCCESS)
+			++t->bt_nrecs;
+		return (status);
+	}
+
+	if (idx < (nxtindex = NEXTINDEX(h)))
+		memmove(h->linp + idx + 1, h->linp + idx,
+		    (nxtindex - idx) * sizeof(indx_t));
+	h->lower += sizeof(indx_t);
+
+	h->linp[idx] = h->upper -= nbytes;
+	dest = (char *)h + h->upper;
+	WR_RLEAF(dest, data, dflags);
+
+	++t->bt_nrecs;
+	F_SET(t, B_MODIFIED);
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_search.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_search.c
new file mode 100644
index 00000000..244d79f3
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_search.c
@@ -0,0 +1,126 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_search.c	8.4 (Berkeley) 7/14/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdio.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+/*
+ * __REC_SEARCH -- Search a btree for a key.
+ *
+ * Parameters:
+ *	t:	tree to search
+ *	recno:	key to find
+ *	op: 	search operation
+ *
+ * Returns:
+ *	EPG for matching record, if any, or the EPG for the location of the
+ *	key, if it were inserted into the tree.
+ *
+ * Returns:
+ *	The EPG for matching record, if any, or the EPG for the location
+ *	of the key, if it were inserted into the tree, is entered into
+ *	the bt_cur field of the tree.  A pointer to the field is returned.
+ */
+EPG *
+__rec_search(t, recno, op)
+	BTREE *t;
+	recno_t recno;
+	enum SRCHOP op;
+{
+	indx_t idx;
+	PAGE *h;
+	EPGNO *parent;
+	RINTERNAL *r;
+	db_pgno_t pg;
+	indx_t top;
+	recno_t total;
+	int sverrno;
+
+	BT_CLR(t);
+	for (pg = P_ROOT, total = 0;;) {
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			goto err;
+		if (h->flags & P_RLEAF) {
+			t->bt_cur.page = h;
+			t->bt_cur.index = recno - total;
+			return (&t->bt_cur);
+		}
+		for (idx = 0, top = NEXTINDEX(h);;) {
+			r = GETRINTERNAL(h, idx);
+			if (++idx == top || total + r->nrecs > recno)
+				break;
+			total += r->nrecs;
+		}
+
+		BT_PUSH(t, pg, idx - 1);
+
+		pg = r->pgno;
+		switch (op) {
+		case SDELETE:
+			--GETRINTERNAL(h, (idx - 1))->nrecs;
+			mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+			break;
+		case SINSERT:
+			++GETRINTERNAL(h, (idx - 1))->nrecs;
+			mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+			break;
+		case SEARCH:
+			mpool_put(t->bt_mp, h, 0);
+			break;
+		}
+
+	}
+	/* Try and recover the tree. */
+err:	sverrno = errno;
+	if (op != SEARCH)
+		while  ((parent = BT_POP(t)) != NULL) {
+			if ((h = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
+				break;
+			if (op == SINSERT)
+				--GETRINTERNAL(h, parent->index)->nrecs;
+			else
+				++GETRINTERNAL(h, parent->index)->nrecs;
+                        mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+                }
+	errno = sverrno;
+	return (NULL);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_seq.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_seq.c
new file mode 100644
index 00000000..8af1378c
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_seq.c
@@ -0,0 +1,131 @@
+/*-
+ * Copyright (c) 1991, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_seq.c	8.3 (Berkeley) 7/14/94";
+#endif /* not lint */
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+/*
+ * __REC_SEQ -- Recno sequential scan interface.
+ *
+ * Parameters:
+ *	dbp:	pointer to access method
+ *	key:	key for positioning and return value
+ *	data:	data return value
+ *	flags:	R_CURSOR, R_FIRST, R_LAST, R_NEXT, R_PREV.
+ *
+ * Returns:
+ *	RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key.
+ */
+int
+__rec_seq(dbp, key, data, flags)
+	const DB *dbp;
+	DBT *key, *data;
+	u_int flags;
+{
+	BTREE *t;
+	EPG *e;
+	recno_t nrec;
+	int status;
+
+	t = dbp->internal;
+
+	/* Toss any page pinned across calls. */
+	if (t->bt_pinned != NULL) {
+		mpool_put(t->bt_mp, t->bt_pinned, 0);
+		t->bt_pinned = NULL;
+	}
+
+	switch(flags) {
+	case R_CURSOR:
+		if ((nrec = *(recno_t *)key->data) == 0)
+			goto einval;
+		break;
+	case R_NEXT:
+		if (F_ISSET(&t->bt_cursor, CURS_INIT)) {
+			nrec = t->bt_cursor.rcursor + 1;
+			break;
+		}
+		/* FALLTHROUGH */
+	case R_FIRST:
+		nrec = 1;
+		break;
+	case R_PREV:
+		if (F_ISSET(&t->bt_cursor, CURS_INIT)) {
+			if ((nrec = t->bt_cursor.rcursor - 1) == 0)
+				return (RET_SPECIAL);
+			break;
+		}
+		/* FALLTHROUGH */
+	case R_LAST:
+		if (!F_ISSET(t, R_EOF | R_INMEM) &&
+		    t->bt_irec(t, MAX_REC_NUMBER) == RET_ERROR)
+			return (RET_ERROR);
+		nrec = t->bt_nrecs;
+		break;
+	default:
+einval:		errno = EINVAL;
+		return (RET_ERROR);
+	}
+
+	if (t->bt_nrecs == 0 || nrec > t->bt_nrecs) {
+		if (!F_ISSET(t, R_EOF | R_INMEM) &&
+		    (status = t->bt_irec(t, nrec)) != RET_SUCCESS)
+			return (status);
+		if (t->bt_nrecs == 0 || nrec > t->bt_nrecs)
+			return (RET_SPECIAL);
+	}
+
+	if ((e = __rec_search(t, nrec - 1, SEARCH)) == NULL)
+		return (RET_ERROR);
+
+	F_SET(&t->bt_cursor, CURS_INIT);
+	t->bt_cursor.rcursor = nrec;
+
+	status = __rec_ret(t, e, nrec, key, data);
+	if (F_ISSET(t, B_DB_LOCK))
+		mpool_put(t->bt_mp, e->page, 0);
+	else
+		t->bt_pinned = e->page;
+	return (status);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_utils.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_utils.c
new file mode 100644
index 00000000..f757a724
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_utils.c
@@ -0,0 +1,122 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)rec_utils.c	8.6 (Berkeley) 7/16/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "db-int.h"
+#include "recno.h"
+
+/*
+ * __rec_ret --
+ *	Build return data.
+ *
+ * Parameters:
+ *	t:	tree
+ *	e:	key/data pair to be returned
+ *   nrec:	record number
+ *    key:	user's key structure
+ *	data:	user's data structure
+ *
+ * Returns:
+ *	RET_SUCCESS, RET_ERROR.
+ */
+int
+__rec_ret(t, e, nrec, key, data)
+	BTREE *t;
+	EPG *e;
+	recno_t nrec;
+	DBT *key, *data;
+{
+	RLEAF *rl;
+	void *p;
+
+	if (key == NULL)
+		goto dataonly;
+
+	/* We have to copy the key, it's not on the page. */
+	if (sizeof(recno_t) > t->bt_rkey.size) {
+		p = (void *)(t->bt_rkey.data == NULL ?
+		    malloc(sizeof(recno_t)) :
+		    realloc(t->bt_rkey.data, sizeof(recno_t)));
+		if (p == NULL)
+			return (RET_ERROR);
+		t->bt_rkey.data = p;
+		t->bt_rkey.size = sizeof(recno_t);
+	}
+	memmove(t->bt_rkey.data, &nrec, sizeof(recno_t));
+	key->size = sizeof(recno_t);
+	key->data = t->bt_rkey.data;
+
+dataonly:
+	if (data == NULL)
+		return (RET_SUCCESS);
+
+	/*
+	 * We must copy big keys/data to make them contigous.  Otherwise,
+	 * leave the page pinned and don't copy unless the user specified
+	 * concurrent access.
+	 */
+	rl = GETRLEAF(e->page, e->index);
+	if (rl->flags & P_BIGDATA) {
+		if (__ovfl_get(t, rl->bytes,
+		    &data->size, &t->bt_rdata.data, &t->bt_rdata.size))
+			return (RET_ERROR);
+		data->data = t->bt_rdata.data;
+	} else if (F_ISSET(t, B_DB_LOCK)) {
+		/* Use +1 in case the first record retrieved is 0 length. */
+		if (rl->dsize + 1 > t->bt_rdata.size) {
+			p = (void *)(t->bt_rdata.data == NULL ?
+			    malloc(rl->dsize + 1) :
+			    realloc(t->bt_rdata.data, rl->dsize + 1));
+			if (p == NULL)
+				return (RET_ERROR);
+			t->bt_rdata.data = p;
+			t->bt_rdata.size = rl->dsize + 1;
+		}
+		memmove(t->bt_rdata.data, rl->bytes, rl->dsize);
+		data->size = rl->dsize;
+		data->data = t->bt_rdata.data;
+	} else {
+		data->size = rl->dsize;
+		data->data = rl->bytes;
+	}
+	return (RET_SUCCESS);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/recno.h b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/recno.h
new file mode 100644
index 00000000..bec772c2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/recno.h
@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)recno.h	8.1 (Berkeley) 6/4/93
+ */
+
+enum SRCHOP { SDELETE, SINSERT, SEARCH};	/* Rec_search operation. */
+
+#include "../btree/btree.h"
+#include "extern.h"
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/Makefile.in b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/Makefile.in
new file mode 100644
index 00000000..d7a22b1f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/Makefile.in
@@ -0,0 +1,37 @@
+mydir=plugins$(S)kdb$(S)db2$(S)libdb2$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
+
+FCTSH = @FCTSH@
+TMPDIR=.
+
+LOCALINCLUDES=	-I. -I$(srcdir)/../include -I../include -I$(srcdir)/../mpool \
+		-I$(srcdir)/../btree -I$(srcdir)/../hash -I$(srcdir)/../db
+
+PROG_LIBPATH=-L.. -L$(TOPLIBD)
+
+DB_LIB		= -ldb $(SUPPORT_LIB)
+DB_DEPLIB	= ../libdb$(DEPLIBEXT) $(SUPPORT_DEPLIB)
+
+all:
+
+dbtest: dbtest.o $(DB_DEPLIB)
+	$(CC_LINK) -o $@ dbtest.o $(STRERROR_OBJ) $(DB_LIB)
+
+t.be.db: $(srcdir)/t.be.txt
+t.le.db: $(srcdir)/t.le.txt
+t.be.db t.le.db:
+	$(PERL) -ne 'chomp; print pack("H*", $$_);' $? > $@
+
+check: dbtest t.be.db t.le.db runenv.sh
+	$(RUN_SETUP) srcdir=$(srcdir) TMPDIR=$(TMPDIR) $(VALGRIND) $(FCTSH) $(srcdir)/run.test
+
+bttest.o: $(srcdir)/btree.tests/main.c
+	$(CC) $(ALL_CFLAGS) -c $(srcdir)/btree.tests/main.c -o $@
+
+bttest: bttest.o $(DB_DEPLIB)
+	$(CC_LINK) -o $@ bttest.o $(STRERROR_OBJ) $(DB_LIB)
+
+clean-unix::
+	$(RM) dbtest.o dbtest __dbtest
+	$(RM) bttest.o bttest
+	$(RM) t.be.db t.le.db
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/README b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/README
new file mode 100644
index 00000000..0c0cd13d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/README
@@ -0,0 +1,74 @@
+#	@(#)README	8.8 (Berkeley) 7/31/94
+
+To build this portably, try something like:
+
+    make PORTDIR="../PORT/MACH"
+
+where MACH is the machine, i.e. "sunos.4.1.1".
+
+To run the tests, enter "sh run.test".  If your system dictionary isn't
+in /usr/share/dict/words, edit run.test to reflect the correct place.
+
+Fairly large files (the command files) are built in this directory during
+the test runs, and even larger files (the database files) are created in
+"/var/tmp".  If the latter directory doesn't exist, set the environmental
+variable TMPDIR to a directory where the files can be built.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+The script file consists of lines with an initial character which is
+the command for that line, or an initial character indicating a key
+or data entry for a previous command.
+
+Legal command characters are as follows:
+
+c: compare a record
+	+ must be followed by [kK][dD]; the data value in the database
+	  associated with the specified key is compared to the specified
+	  data value.
+e: echo a string
+	+ writes out the rest of the line into the output file; if the
+	  last character is not a carriage-return, a newline is appended.
+f: set the flags for the next command
+	+ no value zero's the flags
+g: do a get command
+	+ must be followed by [kK]
+	+ writes out the retrieved data DBT.
+o [r]: dump [reverse]
+	+ dump the database out, if 'r' is set, in reverse order.
+p: do a put command
+	+ must be followed by [kK][dD]
+r: do a del command
+	+ must be followed by [kK] unless R_CURSOR flag set.
+S: sync the database
+s: do a seq command
+	+ must be followed by [kK] if R_CURSOR flag set.
+	+ writes out the retrieved data DBT.
+
+Legal key/data characters are as follows:
+
+D [file]: data file
+	+ set the current data value to the contents of the file
+d [data]:
+	+ set the current key value to the contents of the line.
+K [file]: key file
+	+ set the current key value to the contents of the file
+k [data]:
+	+ set the current key value to the contents of the line.
+
+Blank lines, lines with leading white space, and lines with leading
+hash marks (#) are ignored.
+
+Options to dbtest are as follows:
+
+	-d: Set the DB_LOCK flag.
+	-f: Use the file argument as the database file.
+	-i: Use the rest of the argument to set elements in the info
+	    structure.  If the type is btree, then "-i cachesize=10240"
+	    will set BTREEINFO.cachesize to 10240.
+	-o: The rest of the argument is the output file instead of
+	    using stdout.
+	-s: Don't delete the database file before opening it, i.e.
+	    use the database file from a previous run.
+
+Dbtest requires two arguments, the type of access "hash", "recno"
+or "btree", and the script name or "-" to indicate stdin.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/data b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/data
new file mode 100644
index 00000000..37a51853
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/data
@@ -0,0 +1,8 @@
+A000027875A000135891
+A000059165A000130168
+A000060256A000133490
+A040025906A000136770
+A040027881A000135829
+A040028611A000137873
+A040032413A000056974
+A040050163A000126233
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/mbox b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/mbox
new file mode 100644
index 00000000..9d5d49d0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/mbox
@@ -0,0 +1,399 @@
+From wiggans@aipl.arsusda.gov Mon Sep 12 11:05:58 1994
+Received: from vangogh.CS.Berkeley.EDU by python.bostic.com (8.6.9.Beta4/2.6)
+	id OAA16853; Mon, 12 Sep 1994 14:05:42 -0400
+From: wiggans@aipl.arsusda.gov
+Received: from hofmann.CS.Berkeley.EDU (hofmann.CS.Berkeley.EDU [128.32.34.35]) by vangogh.CS.Berkeley.EDU (8.7.Alpha.1/8.6.9.Beta0) with ESMTP id LAA15825 for <bostic@vangogh.CS.Berkeley.EDU>; Mon, 12 Sep 1994 11:05:20 -0700 (PDT)
+Received: from uu7.psi.com (uu7.psi.com [38.145.204.6]) by hofmann.CS.Berkeley.EDU (8.6.9/8.6.6.Beta11) with SMTP id LAA25681 for <bostic@cs.berkeley.edu>; Mon, 12 Sep 1994 11:05:44 -0700
+Received: from AIPL.ARSUSDA.GOV by uu7.psi.com (5.65b/4.0.071791-PSI/PSINet) via SMTP;
+        id AA00699 for bostic@cs.berkeley.edu; Mon, 12 Sep 94 14:06:15 -0400
+Received: by aipl.arsusda.gov (AIX 3.2/UCB 5.64/4.03)
+          id AA14802; Mon, 12 Sep 1994 14:05:48 -0400
+Message-Id: <9409121805.AA14802@aipl.arsusda.gov>
+Subject: db 1.85 problem
+To: bostic@cs.berkeley.edu (Keith Bostic)
+Date: Mon, 12 Sep 1994 14:05:47 -0400 (EDT)
+X-Mailer: ELM [version 2.4 PL22]
+Content-Type: text
+Content-Length: 2553      
+Status: RO
+
+In using the btree option to sequentially read and then write a file, we
+are having a problem with 1.85.  When compiled with 1.73 there is no
+problem.  The problem is that the seq call keeps reading the same record. 
+The code follows:
+
+/* chkseq.c  Check sequential read and write */
+
+#include <stdio.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <stdlib.h>
+#include <fcntl.h>    /* O_CREAT,  O_RDWR */
+#include <errno.h>    /* Error numbers */
+#include <db.h>
+ 
+extern int errno;
+extern char *sys_errlist[];
+ 
+typedef struct idst {
+  char id1[7];
+} id;
+
+void cvtid(char *, char *);
+ 
+void main() {
+  char anim10[11], datastor[212],keystor[10], *pc;
+  int i;
+  long in = 0L;
+  DB *dbp, *dbpo;
+  DBT key, data, keyo, datao;
+
+  if ((dbp = dbopen("bullxrf.db", O_RDWR, 0664
+       , DB_BTREE, NULL )) == NULL) {
+    printf("\n Error on dbopen %d %s\n",errno,strerror(errno));
+    exit(61);
+  }
+  key.size = 7;
+  keyo.size = 7;
+
+  while (dbp->seq(dbp, &key, &data,R_NEXT) == 0) {
+    in++;
+     if (in > 20) break; 
+/*      pc = (char *) key.data; 
+for (i=0;i<key.size;i++) printf("%02x",pc[i]); printf("\n"); */
+      cvtid(anim10,key.data); printf("%s\n",anim10); 
+    memcpy(keystor,key.data,key.size);
+/* for (i=0;i<key.size;i++) printf("%02x",keystor[i]); printf("\n"); */
+    memcpy(datastor,data.data,data.size);
+/* for (i=0;i<8;i++) printf("%02x",datastor[i]); printf("\n"); */
+    keyo.data = keystor;
+    datao.data = datastor;
+    datao.size = data.size;
+/*
+    if (in % 1000 == 1) {
+        cvtid(anim10,key.data); printf("%5d %s\n",in,anim10);  */
+      if (dbp->put(dbp, &keyo, &datao,0) != 0) {
+        printf("Write failed at %d\n",in);
+        exit(85);
+      }
+/*  }
+ */
+  }  
+  printf("%d Records copied\n",in);
+  dbp->close(dbp);
+}
+
+I am running on an RS/6000 AIX 3.2.5.  The section of the make file
+follows:
+
+# Make file
+all: chkseq
+
+chkseq: chkseq.c 
+	cc -gO3 -lm -o chkseq\
+  -L /data6/hash/include/sys/lib -l db  -I /data6/hash/include \
+  chkseq.c cvtid.o ascii.o
+#  -L /data12/db.1.85 -l db  -I /data12/db.1.85/include \
+
+We would appreciate your help.
+Thanks,
+
+-- 
+George Wiggans           I================================================I
+                         |Animal Improvement Programs Laboratory          |
+Phone:   301-504-8407    |Bldg 263 Beltsville Agricultural Research Center|
+FAX:     301-504-8092    |Beltsville, MD 20705-2350  USA                  |
+wiggans@aipl.arsusda.gov |                                                |
+=========================I================================================I
+
+From wiggans@aipl.arsusda.gov Fri Sep 16 20:27:22 1994
+Received: from vangogh.CS.Berkeley.EDU by python.bostic.com (8.6.9.Beta4/2.6)
+	id XAA09260; Fri, 16 Sep 1994 23:27:09 -0400
+From: wiggans@aipl.arsusda.gov
+Received: from hofmann.CS.Berkeley.EDU (hofmann.CS.Berkeley.EDU [128.32.34.35]) by vangogh.CS.Berkeley.EDU (8.7.Alpha.1/8.6.9.Beta0) with ESMTP id UAA25674 for <bostic@vangogh.CS.Berkeley.EDU>; Fri, 16 Sep 1994 20:27:03 -0700 (PDT)
+Received: from uu7.psi.com (uu7.psi.com [38.145.204.6]) by hofmann.CS.Berkeley.EDU (8.6.9/8.6.6.Beta11) with SMTP id UAA15043 for <bostic@cs.berkeley.edu>; Fri, 16 Sep 1994 20:27:16 -0700
+Received: from AIPL.ARSUSDA.GOV by uu7.psi.com (5.65b/4.0.071791-PSI/PSINet) via SMTP;
+        id AA18737 for bostic@cs.berkeley.edu; Fri, 16 Sep 94 23:27:14 -0400
+Received: by aipl.arsusda.gov (AIX 3.2/UCB 5.64/4.03)
+          id AA10907; Fri, 16 Sep 1994 23:26:18 -0400
+Message-Id: <9409170326.AA10907@aipl.arsusda.gov>
+Subject: Test case
+To: bostic@cs.berkeley.edu (Keith Bostic)
+Date: Fri, 16 Sep 1994 23:26:16 -0400 (EDT)
+X-Mailer: ELM [version 2.4 PL22]
+Content-Type: text
+Content-Length: 3713      
+Status: RO
+
+The following program loads 2 10 character animal ID which are used to
+change an animal's ID.  After loading, it closes, then opens and
+sequentially reads and rewrites the file changing the first character of
+the 2nd ID to U.  Failure is observed when the update part gets stuck on
+the first record, rereading it.  The last step displays the updated file.
+The name of the data file is a command line argument.
+
+The data:
+A000027875A000135891
+A000059165A000130168
+A000060256A000133490
+A040025906A000136770
+A040027881A000135829
+A040028611A000137873
+A040032413A000056974
+A040050163A000126233
+A040050329A000126177
+A040050411A000119017
+A040050995A000116767
+A040051022A000126669
+A040051276A000127444
+A040051514A000120563
+A040051597A000127287
+A040051627A000127284
+A040051700A000126914
+A040051810A000127286
+A040051964A000118834
+A040052164A000135104
+A040052165A000127688
+A040052186A000126926
+A040052530A000126287
+A040052560A000119160
+A040052892A000125334
+A040053004A000127684
+A040053359A000128628
+A040053378A000137680
+A040053416A000128825
+A040053589A000120369
+A040053620A000128460
+A040053751A000123525
+A040053754A000126736
+A040054191A000126286
+A040054251A000121745
+A040054253A000127848
+A040054596A000130931
+A040054981A000128731
+A040055000A000127689
+
+The program:
+/* chkseq.c  Check sequential read and write */
+
+#include <stdio.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <stdlib.h>
+#include <fcntl.h>    /* O_CREAT,  O_RDWR */
+#include <errno.h>    /* Error numbers */
+#include <db.h>
+ 
+extern int errno;
+extern char *sys_errlist[];
+ 
+ 
+void main(int argc, char *argv[]) {
+  char id1[] = {"          "}, id2[] = {"          "};
+  int i;
+  long in = 0L, out = 0L;
+  DB *dbp, *dbpo;
+  DBT key, data, keyo, datao;
+  FILE *fopen(), *fin;
+
+  if ((fin = fopen(argv[1],"r")) == NULL) {
+    printf("Unable to open %s\n",argv[1]);
+    exit(25);
+  }
+  if ((dbp = dbopen("test.db",O_RDWR | O_CREAT, 0664
+       , DB_BTREE, NULL )) == NULL) {
+    printf("\n Open error on test.db %d %s\n",errno,strerror(errno));
+    exit(25);
+  }
+   
+  while (fscanf(fin," %10s%10s",id1,id2) > 0) {
+    key.size = 11;
+    data.size = 11;
+    key.data = id1;
+    data.data = id2;
+    printf("%10s %10s\n",key.data,data.data); 
+    if (dbp->put(dbp, &key, &data,R_NOOVERWRITE) != 0) {
+      printf("Error writing output\n");
+    }
+    out++;
+  }
+  printf("%d Records in\n",out);
+  dbp->close(dbp);
+  
+  if ((dbp = dbopen("test.db", O_RDWR, 0664
+       , DB_BTREE, NULL )) == NULL) {
+    printf("\n Error on dbopen %d %s\n",errno,strerror(errno));
+    exit(61);
+  }
+
+  while (dbp->seq(dbp, &key, &data,R_NEXT) == 0) {
+    strcpy(id1,key.data);
+    keyo.size = 11;
+    datao.size = 11;
+    keyo.data = id1;
+    strcpy(id2,data.data);
+    id2[0] = 'U';
+    datao.data=id2;
+    printf("%10s %10s\n",key.data,data.data); 
+    in++;
+    if (in > 50) break;
+    if (dbp->put(dbp, &keyo, &datao,0) != 0) {
+        printf("Write failed at %d\n",in);
+        exit(85);
+    }
+  }
+  printf("%d Records copied\n",in);
+  in = 0;
+    dbp->seq(dbp, &key, &data,R_FIRST);
+    printf("%10s %10s\n",key.data,data.data); 
+    in++;
+  while (dbp->seq(dbp, &key, &data,R_NEXT) == 0) {
+    in++;
+    printf("%10s %10s\n",key.data,data.data); 
+  }
+  printf("%d Records read\n",in);
+  dbp->close(dbp);
+}
+
+
+-- 
+George Wiggans           I================================================I
+                         |Animal Improvement Programs Laboratory          |
+Phone:   301-504-8407    |Bldg 263 Beltsville Agricultural Research Center|
+FAX:     301-504-8092    |Beltsville, MD 20705-2350  USA                  |
+wiggans@aipl.arsusda.gov |                                                |
+=========================I================================================I
+
+From bostic Fri Sep 23 08:44:56 1994
+To: wiggans@aipl.arsusda.gov /usr/src/local/db/test/SEQ_TEST/mbox
+Subject: Re: Test case
+
+
+OK, I've attached a tentative patch for the bug, that appears
+to fix it on my local system.  Please let me know if you have
+any further problems with this.
+
+There are a couple of issues here.  The first, is that to some
+extent, the btree code is correct.  You aren't replacing the
+cursor in your test program, you're adding a new key, which
+just happens to be where the cursor was.  So, the btree code
+is doing you a favor by returning the new key as part of the
+cursor walk, and it's not its fault.  ;-}
+
+However, because a put to the cursor record is done using a
+delete/add pair, doing it the "right" way will result in the
+exact same behavior as you saw doing it "wrong".
+
+Thinking about this further, there's another bug that's going to
+hit eventually -- if you have duplicate records, the current
+scheme of doing delete/add to replace the cursor record can result
+in a record being returned twice, which is tacky at best, if not
+actually wrong.
+
+I think I may have to revisit how duplicate records are stored.
+Which does not make me happy. ;-{
+
+--keith
+
+*** db/btree/bt_seq.c.orig	Fri Sep 23 08:35:06 1994
+--- db/btree/bt_seq.c	Fri Sep 23 08:34:58 1994
+***************
+*** 35,41 ****
+   */
+  
+  #if defined(LIBC_SCCS) && !defined(lint)
+! static char sccsid[] = "@(#)bt_seq.c	8.7 (Berkeley) 7/20/94";
+  #endif /* LIBC_SCCS and not lint */
+  
+  #include <sys/types.h>
+--- 35,41 ----
+   */
+  
+  #if defined(LIBC_SCCS) && !defined(lint)
+! static char sccsid[] = "@(#)bt_seq.c	8.8 (Berkeley) 9/23/94";
+  #endif /* LIBC_SCCS and not lint */
+  
+  #include <sys/types.h>
+***************
+*** 246,252 ****
+  	PAGE *h;
+  	indx_t index;
+  	pgno_t pg;
+! 	int exact;
+  
+  	/*
+  	 * There are a couple of states that we can be in.  The cursor has
+--- 246,252 ----
+  	PAGE *h;
+  	indx_t index;
+  	pgno_t pg;
+! 	int exact, rval;
+  
+  	/*
+  	 * There are a couple of states that we can be in.  The cursor has
+***************
+*** 255,269 ****
+  	c = &t->bt_cursor;
+  
+  	/*
+! 	 * The cursor was deleted where there weren't any duplicate records,
+! 	 * so the key was saved.  Find out where that key would go in the
+! 	 * current tree.  It doesn't matter if the returned key is an exact
+! 	 * match or not -- if it's an exact match, the record was added after
+! 	 * the delete so we can just return it.  If not, as long as there's
+! 	 * a record there, return it.
+  	 */
+! 	if (F_ISSET(c, CURS_ACQUIRE))
+! 		return (__bt_first(t, &c->key, ep, &exact));
+  
+  	/* Get the page referenced by the cursor. */
+  	if ((h = mpool_get(t->bt_mp, c->pg.pgno, 0)) == NULL)
+--- 255,299 ----
+  	c = &t->bt_cursor;
+  
+  	/*
+! 	 * The cursor was deleted and there weren't any duplicate records,
+! 	 * so the cursor's key was saved.  Find out where that key would
+! 	 * be in the current tree.  If the returned key is an exact match,
+! 	 * it means that a key/data pair was inserted into the tree after
+! 	 * the delete.  We could reasonably return the key, but the problem
+! 	 * is that this is the access pattern we'll see if the user is
+! 	 * doing seq(..., R_NEXT)/put(..., 0) pairs, i.e. the put deletes
+! 	 * the cursor record and then replaces it, so the cursor was saved,
+! 	 * and we'll simply return the same "new" record until the user
+! 	 * notices and doesn't do a put() of it.  Since the key is an exact
+! 	 * match, we could as easily put the new record before the cursor,
+! 	 * and we've made no guarantee to return it.  So, move forward or
+! 	 * back a record if it's an exact match.
+! 	 *
+! 	 * XXX
+! 	 * In the current implementation, put's to the cursor are done with
+! 	 * delete/add pairs.  This has two consequences.  First, it means
+! 	 * that seq(..., R_NEXT)/put(..., R_CURSOR) pairs are going to exhibit
+! 	 * the same behavior as above.  Second, you can return the same key
+! 	 * twice if you have duplicate records.  The scenario is that the
+! 	 * cursor record is deleted, moving the cursor forward or backward
+! 	 * to a duplicate.  The add then inserts the new record at a location
+! 	 * ahead of the cursor because duplicates aren't sorted in any way,
+! 	 * and the new record is later returned.  This has to be fixed at some
+! 	 * point.
+  	 */
+! 	if (F_ISSET(c, CURS_ACQUIRE)) {
+! 		if (rval = __bt_first(t, &c->key, ep, &exact))
+! 			return (RET_ERROR);
+! 		if (!exact)
+! 			return (rval);
+! 		/*
+! 		 * XXX
+! 		 * Kluge -- get, release, get the page.
+! 		 */
+! 		c->pg.pgno = ep->page->pgno;
+! 		c->pg.index = ep->index;
+! 		mpool_put(t->bt_mp, ep->page, 0);
+! 	}
+  
+  	/* Get the page referenced by the cursor. */
+  	if ((h = mpool_get(t->bt_mp, c->pg.pgno, 0)) == NULL)
+
+
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
new file mode 100644
index 00000000..cfd1a421
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
@@ -0,0 +1,85 @@
+/* chkseq.c  Check sequential read and write */
+
+#include <sys/stat.h>
+#include "db-int.h"
+#include <errno.h>    /* Error numbers */
+#include <fcntl.h>    /* O_CREAT,  O_RDWR */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+void main(int argc, char *argv[]) {
+  char id1[] = {"          "}, id2[] = {"          "};
+  int i;
+  long in = 0L, out = 0L;
+  DB *dbp, *dbpo;
+  DBT key, data, keyo, datao;
+  FILE *fopen(), *fin;
+
+  unlink("test.db");
+  if ((fin = fopen("data","r")) == NULL) {
+    printf("Unable to open %s\n","data");
+    exit(25);
+  }
+  if ((dbp = dbopen("test.db",O_RDWR | O_CREAT | O_BINARY, 0664
+       , DB_BTREE, NULL )) == NULL) {
+    printf("\n Open error on test.db %d %s\n",errno,strerror(errno));
+    exit(25);
+  }
+
+  while (fscanf(fin," %10s%10s",id1,id2) > 0) {
+    key.size = 11;
+    data.size = 11;
+    key.data = id1;
+    data.data = id2;
+    printf("%10s %10s\n",key.data,data.data);
+    if (dbp->put(dbp, &key, &data,R_NOOVERWRITE) != 0) {
+      printf("Error writing output\n");
+    }
+    out++;
+  }
+  printf("%d Records in\n",out);
+  dbp->close(dbp);
+
+  if ((dbp = dbopen("test.db", O_RDWR | O_BINARY, 0664
+       , DB_BTREE, NULL )) == NULL) {
+    printf("\n Error on dbopen %d %s\n",errno,strerror(errno));
+    exit(61);
+  }
+
+  while (dbp->seq(dbp, &key, &data,R_NEXT) == 0) {
+    strcpy(id1,key.data);
+    keyo.size = 11;
+    datao.size = 11;
+    keyo.data = id1;
+    strcpy(id2,data.data);
+    id2[0] = 'U';
+    datao.data=id2;
+    printf("%10s %10s\n",key.data,data.data);
+    in++;
+    if (in > 10) break;
+#ifdef notdef
+    if (dbp->put(dbp, &keyo, &datao,0) != 0) {
+        printf("Write failed at %d\n",in);
+        exit(85);
+    }
+#else
+    if (dbp->put(dbp, &keyo, &datao,R_CURSOR) != 0) {
+        printf("Write failed at %d\n",in);
+        exit(85);
+    }
+#endif
+  }
+  printf("%d Records copied\n",in);
+  in = 0;
+    dbp->seq(dbp, &key, &data,R_FIRST);
+    printf("%10s %10s\n",key.data,data.data);
+    in++;
+  while (dbp->seq(dbp, &key, &data,R_NEXT) == 0) {
+    in++;
+    printf("%10s %10s\n",key.data,data.data);
+  }
+  printf("%d Records read\n",in);
+  dbp->close(dbp);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
new file mode 100644
index 00000000..088f9032
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
@@ -0,0 +1,973 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Mike Olson.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)main.c	8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <fcntl.h>
+#include "db-int.h"
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include "btree.h"
+
+typedef struct cmd_table {
+	char *cmd;
+	int nargs;
+	int rconv;
+	void (*func) __P((DB *, char **));
+	char *usage, *descrip;
+} cmd_table;
+
+int stopstop;
+DB *globaldb;
+
+#if 0
+void append	__P((DB *, char **));
+#endif
+#ifdef STATISTICS
+void bstat	__P((DB *, char **));
+#endif
+void cursor	__P((DB *, char **));
+void delcur	__P((DB *, char **));
+void delete	__P((DB *, char **));
+#ifdef DEBUG
+void dump	__P((DB *, char **));
+#endif
+void first	__P((DB *, char **));
+void get	__P((DB *, char **));
+void help	__P((DB *, char **));
+void iafter	__P((DB *, char **));
+void ibefore	__P((DB *, char **));
+void icursor	__P((DB *, char **));
+void insert	__P((DB *, char **));
+void keydata	__P((DBT *, DBT *));
+void last	__P((DB *, char **));
+void list	__P((DB *, char **));
+#if 0
+void load	__P((DB *, char **));
+#endif
+#ifdef STATISTICS
+void mstat	__P((DB *, char **));
+#endif
+void next	__P((DB *, char **));
+int  parse	__P((char *, char **, int));
+void previous	__P((DB *, char **));
+#ifdef DEBUG
+void show	__P((DB *, char **));
+#endif
+void rlist	__P((DB *, char **));
+void rnext	__P((DB *, char **));
+void rprev	__P((DB *, char **));
+void usage	__P((void));
+void user	__P((DB *));
+void unlinkpg	__P((DB *, char **));
+
+cmd_table commands[] = {
+	"?",	0, 0, help, "help", NULL,
+#if 0
+	"a",	2, 1, append, "append key def", "append key with data def",
+#endif
+#ifdef STATISTICS
+	"b",	0, 0, bstat, "bstat", "stat btree",
+#endif
+	"c",	1, 1, cursor,  "cursor word", "move cursor to word",
+	"delc",	0, 0, delcur, "delcur", "delete key the cursor references",
+	"dele",	1, 1, delete, "delete word", "delete word",
+#ifdef DEBUG
+	"d",	0, 0, dump, "dump", "dump database",
+#endif
+	"f",	0, 0, first, "first", "move cursor to first record",
+	"g",	1, 1, get, "get key", "locate key",
+	"h",	0, 0, help, "help", "print command summary",
+	"ia",	2, 1, iafter, "iafter key data", "insert data after key",
+	"ib",	2, 1, ibefore, "ibefore key data", "insert data before key",
+	"ic",	2, 1, icursor, "icursor key data", "replace cursor",
+	"in",	2, 1, insert, "insert key def", "insert key with data def",
+	"la",	0, 0, last, "last", "move cursor to last record",
+	"li",	1, 1, list, "list file", "list to a file",
+#if 0
+	"loa",	1, 0, load, "load file", NULL,
+#endif
+	"loc",	1, 1, get, "get key", NULL,
+#ifdef STATISTICS
+	"m",	0, 0, mstat, "mstat", "stat memory pool",
+#endif
+	"n",	0, 0, next, "next", "move cursor forward one record",
+	"p",	0, 0, previous, "previous", "move cursor back one record",
+	"q",	0, 0, NULL, "quit", "quit",
+	"rli",	1, 1, rlist, "rlist file", "list to a file (recursive)",
+	"rn",	0, 0, rnext, "rnext", "move cursor forward one record (recursive)",
+	"rp",	0, 0, rprev, "rprev", "move cursor back one record (recursive)",
+#ifdef DEBUG
+	"sh",	1, 0, show, "show page", "dump a page",
+#endif
+	"u",	1, 0, unlinkpg, "unlink pgno|internal|leaf", "unlink a page",
+
+	{ NULL },
+};
+
+int recno;					/* use record numbers */
+char *dict = "words";				/* default dictionary */
+char *progname;
+
+int
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	int c;
+	int omode;
+	DB *db;
+	BTREEINFO b;
+
+	progname = *argv;
+
+	omode = O_RDONLY;
+	b.flags = 0;
+	b.cachesize = 0;
+	b.maxkeypage = 0;
+	b.minkeypage = 0;
+	b.psize = 0;
+	b.compare = NULL;
+	b.prefix = NULL;
+	b.lorder = 0;
+
+	while ((c = getopt(argc, argv, "bc:di:lp:ruw")) != -1) {
+		switch (c) {
+		case 'b':
+			b.lorder = DB_BIG_ENDIAN;
+			break;
+		case 'c':
+			b.cachesize = atoi(optarg);
+			break;
+		case 'd':
+			b.flags |= R_DUP;
+			break;
+		case 'i':
+			dict = optarg;
+			break;
+		case 'l':
+			b.lorder = DB_LITTLE_ENDIAN;
+			break;
+		case 'p':
+			b.psize = atoi(optarg);
+			break;
+		case 'r':
+			recno = 1;
+			break;
+		case 'u':
+			b.flags = 0;
+			break;
+		case 'w':
+			omode = O_RDWR;
+			break;
+		default:
+			usage();
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	if (recno)
+		db = dbopen(*argv == NULL ? NULL : *argv, omode|O_BINARY,
+		    0, DB_RECNO, NULL);
+	else
+		db = dbopen(*argv == NULL ? NULL : *argv, O_CREAT|omode|O_BINARY,
+		    0600, DB_BTREE, &b);
+
+	if (db == NULL) {
+		(void)fprintf(stderr, "dbopen: %s\n", strerror(errno));
+		exit(1);
+	}
+	globaldb = db;
+	user(db);
+	exit(0);
+	/* NOTREACHED */
+}
+
+void
+user(db)
+	DB *db;
+{
+	FILE *ifp;
+	int argc, i, last;
+	char *lbuf, *argv[4], buf[512];
+
+	if ((ifp = fopen("/dev/tty", "r")) == NULL) {
+		(void)fprintf(stderr,
+		    "/dev/tty: %s\n", strerror(errno));
+		exit(1);
+	}
+	for (last = 0;;) {
+		(void)printf("> ");
+		(void)fflush(stdout);
+		if ((lbuf = fgets(&buf[0], 512, ifp)) == NULL) {
+			(void)printf("\n");
+			if (ferror(ifp) && errno == EINTR) {
+				clearerr(ifp);
+				continue;
+			}
+			break;
+		}
+		if (lbuf[0] == '\n') {
+			i = last;
+			goto uselast;
+		}
+		lbuf[strlen(lbuf) - 1] = '\0';
+
+		if (lbuf[0] == 'q')
+			break;
+
+		argc = parse(lbuf, &argv[0], 3);
+		if (argc == 0)
+			continue;
+
+		for (i = 0; commands[i].cmd != NULL; i++)
+			if (strncmp(commands[i].cmd, argv[0],
+			    strlen(commands[i].cmd)) == 0)
+				break;
+
+		if (commands[i].cmd == NULL) {
+			(void)fprintf(stderr,
+			    "%s: command unknown ('help' for help)\n", lbuf);
+			continue;
+		}
+
+		if (commands[i].nargs != argc - 1) {
+			(void)fprintf(stderr, "usage: %s\n", commands[i].usage);
+			continue;
+		}
+
+		if (recno && commands[i].rconv) {
+			static recno_t nlong;
+			nlong = atoi(argv[1]);
+			argv[1] = (char *)&nlong;
+		}
+uselast:	last = i;
+		(*commands[i].func)(db, argv);
+	}
+	if ((db->sync)(db, 0) == RET_ERROR)
+		perror("dbsync");
+	else if ((db->close)(db) == RET_ERROR)
+		perror("dbclose");
+}
+
+int
+parse(lbuf, argv, maxargc)
+	char *lbuf, **argv;
+	int maxargc;
+{
+	int argc = 0;
+	char *c;
+
+	c = lbuf;
+	while (isspace(*c))
+		c++;
+	while (*c != '\0' && argc < maxargc) {
+		*argv++ = c;
+		argc++;
+		while (!isspace(*c) && *c != '\0') {
+			c++;
+		}
+		while (isspace(*c))
+			*c++ = '\0';
+	}
+	return (argc);
+}
+
+#if 0
+void
+append(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT key, data;
+	int status;
+
+	if (!recno) {
+		(void)fprintf(stderr,
+		    "append only available for recno db's.\n");
+		return;
+	}
+	key.data = argv[1];
+	key.size = sizeof(recno_t);
+	data.data = argv[2];
+	data.size = strlen(data.data);
+	status = (db->put)(db, &key, &data, R_APPEND);
+	switch (status) {
+	case RET_ERROR:
+		perror("append/put");
+		break;
+	case RET_SPECIAL:
+		(void)printf("%s (duplicate key)\n", argv[1]);
+		break;
+	case RET_SUCCESS:
+		break;
+	}
+}
+#endif
+
+void
+cursor(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	key.data = argv[1];
+	if (recno)
+		key.size = sizeof(recno_t);
+	else
+		key.size = strlen(argv[1]) + 1;
+	status = (*db->seq)(db, &key, &data, R_CURSOR);
+	switch (status) {
+	case RET_ERROR:
+		perror("cursor/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("key not found\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+delcur(db, argv)
+	DB *db;
+	char **argv;
+{
+	int status;
+
+	status = (*db->del)(db, NULL, R_CURSOR);
+
+	if (status == RET_ERROR)
+		perror("delcur/del");
+}
+
+void
+delete(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT key;
+	int status;
+
+	key.data = argv[1];
+	if (recno)
+		key.size = sizeof(recno_t);
+	else
+		key.size = strlen(argv[1]) + 1;
+
+	status = (*db->del)(db, &key, 0);
+	switch (status) {
+	case RET_ERROR:
+		perror("delete/del");
+		break;
+	case RET_SPECIAL:
+		(void)printf("key not found\n");
+		break;
+	case RET_SUCCESS:
+		break;
+	}
+}
+
+#ifdef DEBUG
+void
+dump(db, argv)
+	DB *db;
+	char **argv;
+{
+	__bt_dump(db);
+}
+#endif
+
+void
+first(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	status = (*db->seq)(db, &key, &data, R_FIRST);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("first/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("no more keys\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+get(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	key.data = argv[1];
+	if (recno)
+		key.size = sizeof(recno_t);
+	else
+		key.size = strlen(argv[1]) + 1;
+
+	status = (*db->get)(db, &key, &data, 0);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("get/get");
+		break;
+	case RET_SPECIAL:
+		(void)printf("key not found\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+help(db, argv)
+	DB *db;
+	char **argv;
+{
+	int i;
+
+	for (i = 0; commands[i].cmd; i++)
+		if (commands[i].descrip)
+			(void)printf("%s: %s\n",
+			    commands[i].usage, commands[i].descrip);
+}
+
+void
+iafter(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT key, data;
+	int status;
+
+	if (!recno) {
+		(void)fprintf(stderr,
+		    "iafter only available for recno db's.\n");
+		return;
+	}
+	key.data = argv[1];
+	key.size = sizeof(recno_t);
+	data.data = argv[2];
+	data.size = strlen(data.data);
+	status = (db->put)(db, &key, &data, R_IAFTER);
+	switch (status) {
+	case RET_ERROR:
+		perror("iafter/put");
+		break;
+	case RET_SPECIAL:
+		(void)printf("%s (duplicate key)\n", argv[1]);
+		break;
+	case RET_SUCCESS:
+		break;
+	}
+}
+
+void
+ibefore(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT key, data;
+	int status;
+
+	if (!recno) {
+		(void)fprintf(stderr,
+		    "ibefore only available for recno db's.\n");
+		return;
+	}
+	key.data = argv[1];
+	key.size = sizeof(recno_t);
+	data.data = argv[2];
+	data.size = strlen(data.data);
+	status = (db->put)(db, &key, &data, R_IBEFORE);
+	switch (status) {
+	case RET_ERROR:
+		perror("ibefore/put");
+		break;
+	case RET_SPECIAL:
+		(void)printf("%s (duplicate key)\n", argv[1]);
+		break;
+	case RET_SUCCESS:
+		break;
+	}
+}
+
+void
+icursor(db, argv)
+	DB *db;
+	char **argv;
+{
+	int status;
+	DBT data, key;
+
+	key.data = argv[1];
+	if (recno)
+		key.size = sizeof(recno_t);
+	else
+		key.size = strlen(argv[1]) + 1;
+	data.data = argv[2];
+	data.size = strlen(argv[2]) + 1;
+
+	status = (*db->put)(db, &key, &data, R_CURSOR);
+	switch (status) {
+	case RET_ERROR:
+		perror("icursor/put");
+		break;
+	case RET_SPECIAL:
+		(void)printf("%s (duplicate key)\n", argv[1]);
+		break;
+	case RET_SUCCESS:
+		break;
+	}
+}
+
+void
+insert(db, argv)
+	DB *db;
+	char **argv;
+{
+	int status;
+	DBT data, key;
+
+	key.data = argv[1];
+	if (recno)
+		key.size = sizeof(recno_t);
+	else
+		key.size = strlen(argv[1]) + 1;
+	data.data = argv[2];
+	data.size = strlen(argv[2]) + 1;
+
+	status = (*db->put)(db, &key, &data, R_NOOVERWRITE);
+	switch (status) {
+	case RET_ERROR:
+		perror("insert/put");
+		break;
+	case RET_SPECIAL:
+		(void)printf("%s (duplicate key)\n", argv[1]);
+		break;
+	case RET_SUCCESS:
+		break;
+	}
+}
+
+void
+last(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	status = (*db->seq)(db, &key, &data, R_LAST);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("last/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("no more keys\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+list(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	FILE *fp;
+	int status;
+
+	if ((fp = fopen(argv[1], "w")) == NULL) {
+		(void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+		return;
+	}
+	status = (*db->seq)(db, &key, &data, R_FIRST);
+	while (status == RET_SUCCESS) {
+		(void)fprintf(fp, "%.*s\n", (int)key.size, key.data);
+		status = (*db->seq)(db, &key, &data, R_NEXT);
+	}
+	(void)fclose(fp);
+	if (status == RET_ERROR)
+		perror("list/seq");
+}
+
+void
+rlist(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	FILE *fp;
+	int status;
+
+	if ((fp = fopen(argv[1], "w")) == NULL) {
+		(void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+		return;
+	}
+	status = (*db->seq)(db, &key, &data, R_FIRST);
+	while (status == RET_SUCCESS) {
+		(void)fprintf(fp, "%.*s\n", (int)key.size, key.data);
+		status = (*db->seq)(db, &key, &data, R_RNEXT);
+	}
+	(void)fclose(fp);
+	if (status == RET_ERROR)
+		perror("list/seq");
+}
+
+#if 0
+DB *BUGdb;
+void
+load(db, argv)
+	DB *db;
+	char **argv;
+{
+	char *p, *t;
+	FILE *fp;
+	DBT data, key;
+	recno_t cnt;
+	size_t len;
+	int status;
+	char *lp, buf[16 * 1024];
+
+	BUGdb = db;
+	if ((fp = fopen(argv[1], "r")) == NULL) {
+		(void)fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
+		return;
+	}
+	(void)printf("loading %s...\n", argv[1]);
+
+	for (cnt = 1; (lp = fgetline(fp, &len)) != NULL; ++cnt) {
+		if (recno) {
+			key.data = &cnt;
+			key.size = sizeof(recno_t);
+			data.data = lp;
+			data.size = len + 1;
+		} else {
+			key.data = lp;
+			key.size = len + 1;
+			for (p = lp + len - 1, t = buf; p >= lp; *t++ = *p--);
+			*t = '\0';
+			data.data = buf;
+			data.size = len + 1;
+		}
+
+		status = (*db->put)(db, &key, &data, R_NOOVERWRITE);
+		switch (status) {
+		case RET_ERROR:
+			perror("load/put");
+			exit(1);
+		case RET_SPECIAL:
+			if (recno)
+				(void)fprintf(stderr,
+				    "duplicate: %ld {%s}\n", cnt, data.data);
+			else
+				(void)fprintf(stderr,
+				    "duplicate: %ld {%s}\n", cnt, key.data);
+			exit(1);
+		case RET_SUCCESS:
+			break;
+		}
+	}
+	(void)fclose(fp);
+}
+#endif
+
+void
+next(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	status = (*db->seq)(db, &key, &data, R_NEXT);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("next/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("no more keys\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+previous(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	status = (*db->seq)(db, &key, &data, R_PREV);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("previous/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("no more keys\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+rnext(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	status = (*db->seq)(db, &key, &data, R_RNEXT);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("rnext/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("no more keys\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+void
+rprev(db, argv)
+	DB *db;
+	char **argv;
+{
+	DBT data, key;
+	int status;
+
+	status = (*db->seq)(db, &key, &data, R_RPREV);
+
+	switch (status) {
+	case RET_ERROR:
+		perror("rprev/seq");
+		break;
+	case RET_SPECIAL:
+		(void)printf("no more keys\n");
+		break;
+	case RET_SUCCESS:
+		keydata(&key, &data);
+		break;
+	}
+}
+
+#ifdef DEBUG
+void
+show(db, argv)
+	DB *db;
+	char **argv;
+{
+	BTREE *t;
+	PAGE *h;
+	db_pgno_t pg;
+
+	pg = atoi(argv[1]);
+	t = db->internal;
+	if ((h = mpool_get(t->bt_mp, pg, MPOOL_IGNOREPIN)) == NULL) {
+		(void)printf("getpage of %ld failed\n", pg);
+		return;
+	}
+	if (pg == 0)
+		__bt_dmpage(h);
+	else
+		__bt_dpage(db, h);
+}
+#endif
+
+#ifdef STATISTICS
+void
+bstat(db, argv)
+	DB *db;
+	char **argv;
+{
+	(void)printf("BTREE\n");
+	__bt_stat(db);
+}
+
+void
+mstat(db, argv)
+	DB *db;
+	char **argv;
+{
+	(void)printf("MPOOL\n");
+	mpool_stat(((BTREE *)db->internal)->bt_mp);
+}
+#endif
+
+void
+keydata(key, data)
+	DBT *key, *data;
+{
+	if (!recno && key->size > 0)
+		(void)printf("%.*s/", (int)key->size, key->data);
+	if (data->size > 0)
+		(void)printf("%.*s", (int)data->size, data->data);
+	(void)printf("\n");
+}
+
+void
+usage()
+{
+	(void)fprintf(stderr,
+	    "usage: %s [-bdluw] [-c cache] [-i file] [-p page] [file]\n",
+	    progname);
+	exit (1);
+}
+
+/* Find a candidate page to unlink. */
+static PAGE *
+candidatepg(BTREE *t, char *arg)
+{
+	PAGE *h = NULL;
+	db_pgno_t pg;
+	u_int32_t sflags;
+
+	if (arg[0] == 'i')
+		sflags = P_BINTERNAL | P_RINTERNAL;
+	if (arg[0] == 'l')
+		sflags = P_BLEAF | P_RLEAF;
+	for (pg = P_ROOT; pg < t->bt_mp->npages;
+	     mpool_put(t->bt_mp, h, 0), pg++) {
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			return h;
+		/* Look for a nonempty page of the correct
+		 * type that has both left and right siblings. */
+		if (h->prevpg == P_INVALID || h->nextpg == P_INVALID)
+			continue;
+		if ((h->flags & sflags) && NEXTINDEX(h) != 0)
+			break;
+	}
+	if (pg == t->bt_mp->npages)
+		h = NULL;
+	return h;
+}
+
+void
+unlinkpg(DB *db, char **argv)
+{
+	BTREE *t = db->internal;
+	PAGE *h = NULL;
+	db_pgno_t pg;
+
+	pg = atoi(argv[1]);
+	if (pg == 0)
+		h = candidatepg(t, argv[1]);
+	else
+		h = mpool_get(t->bt_mp, pg, 0);
+
+	if (h == NULL) {
+		fprintf(stderr, "unable to find appropriate page to unlink\n");
+		return;
+	}
+	printf("chain %d <- %d -> %d\n", h->prevpg, h->pgno, h->nextpg);
+	if (__bt_relink(t, h) != 0) {
+		perror("unlinkpg");
+		goto cleanup;
+	}
+	h->prevpg = P_INVALID;
+	h->nextpg = P_INVALID;
+cleanup:
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/dbtest.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/dbtest.c
new file mode 100644
index 00000000..5d76b1dd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/dbtest.c
@@ -0,0 +1,842 @@
+/*-
+ * Copyright (c) 1992, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if !defined(lint) && defined(LIBC_SCCS)
+static char copyright[] =
+"@(#) Copyright (c) 1992, 1993, 1994\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#if !defined(lint) && defined(LIBC_SCCS)
+static char sccsid[] = "@(#)dbtest.c	8.17 (Berkeley) 9/1/94";
+#endif /* not lint */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "db-int.h"
+#include "btree.h"
+
+enum S { COMMAND, COMPARE, GET, PUT, REMOVE, SEQ, SEQFLAG, KEY, DATA };
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+#define ATTR(x) __attribute__(x)
+#else
+#define ATTR(x)
+#endif
+
+void	 compare __P((DBT *, DBT *));
+DBTYPE	 dbtype __P((char *));
+void	 dump __P((DB *, int, int));
+void	 err __P((const char *, ...)) ATTR ((__format__(__printf__,1,2))) ATTR ((__noreturn__));
+void	 get __P((DB *, DBT *));
+void	 getdata __P((DB *, DBT *, DBT *));
+void	 put __P((DB *, DBT *, DBT *));
+void	 rem __P((DB *, DBT *));
+char	*sflags __P((int));
+void	 synk __P((DB *));
+void	*rfile __P((char *, size_t *));
+void	 seq __P((DB *, DBT *));
+u_int	 setflags __P((char *));
+void	*setinfo __P((DBTYPE, char *));
+void	 unlinkpg __P((DB *));
+void	 usage __P((void));
+void	*xmalloc __P((char *, size_t));
+
+DBTYPE type;				/* Database type. */
+void *infop;				/* Iflags. */
+u_long lineno;				/* Current line in test script. */
+u_int flags;				/* Current DB flags. */
+int ofd = STDOUT_FILENO;		/* Standard output fd. */
+
+DB *XXdbp;				/* Global for gdb. */
+u_long XXlineno;			/* Fast breakpoint for gdb. */
+
+int
+main(argc, argv)
+	int argc;
+	char *argv[];
+{
+	extern int optind;
+	extern char *optarg;
+	enum S command = COMMAND, state;
+	DB *dbp;
+	DBT data, key, keydata;
+	size_t len;
+	int ch, oflags, sflag;
+	char *fname, *infoarg, *p, *t, buf[8 * 1024];
+
+	infoarg = NULL;
+	fname = NULL;
+	oflags = O_CREAT | O_RDWR | O_BINARY;
+	sflag = 0;
+	while ((ch = getopt(argc, argv, "f:i:lo:s")) != -1)
+		switch (ch) {
+		case 'f':
+			fname = optarg;
+			break;
+		case 'i':
+			infoarg = optarg;
+			break;
+		case 'l':
+			oflags |= DB_LOCK;
+			break;
+		case 'o':
+			if ((ofd = open(optarg,
+			    O_WRONLY|O_CREAT|O_TRUNC, 0666)) < 0)
+				err("%s: %s", optarg, strerror(errno));
+			break;
+		case 's':
+			sflag = 1;
+			break;
+		case '?':
+		default:
+			usage();
+		}
+	argc -= optind;
+	argv += optind;
+
+	if (argc != 2)
+		usage();
+
+	/* Set the type. */
+	type = dbtype(*argv++);
+
+	/* Open the descriptor file. */
+        if (strcmp(*argv, "-") && freopen(*argv, "r", stdin) == NULL)
+	    err("%s: %s", *argv, strerror(errno));
+
+	/* Set up the db structure as necessary. */
+	if (infoarg == NULL)
+		infop = NULL;
+	else
+		for (p = strtok(infoarg, ",\t "); p != NULL;
+		    p = strtok(0, ",\t "))
+			if (*p != '\0')
+				infop = setinfo(type, p);
+
+	/*
+	 * Open the DB.  Delete any preexisting copy, you almost never
+	 * want it around, and it often screws up tests.
+	 */
+	if (fname == NULL) {
+		p = getenv("TMPDIR");
+		if (p == NULL)
+			p = "/var/tmp";
+		(void)snprintf(buf, sizeof(buf), "%s/__dbtest", p);
+		fname = buf;
+		(void)unlink(buf);
+	} else  if (!sflag)
+		(void)unlink(fname);
+
+	if ((dbp = dbopen(fname,
+	    oflags, S_IRUSR | S_IWUSR, type, infop)) == NULL)
+		err("dbopen: %s", strerror(errno));
+	XXdbp = dbp;
+
+	state = COMMAND;
+	for (lineno = 1;
+	    (p = fgets(buf, sizeof(buf), stdin)) != NULL; ++lineno) {
+		/* Delete the newline, displaying the key/data is easier. */
+		if (ofd == STDOUT_FILENO && (t = strchr(p, '\n')) != NULL)
+			*t = '\0';
+		if ((len = strlen(buf)) == 0 || isspace((int) *p) || *p == '#')
+			continue;
+
+		/* Convenient gdb break point. */
+		if (XXlineno == lineno)
+			XXlineno = 1;
+		switch (*p) {
+		case 'c':			/* compare */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+			state = KEY;
+			command = COMPARE;
+			break;
+		case 'e':			/* echo */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+			/* Don't display the newline, if CR at EOL. */
+			if (p[len - 2] == '\r')
+				--len;
+			if (write(ofd, p + 1, len - 1) != (ssize_t)len - 1 ||
+			    write(ofd, "\n", 1) != 1)
+				err("write: %s", strerror(errno));
+			break;
+		case 'g':			/* get */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+			state = KEY;
+			command = GET;
+			break;
+		case 'p':			/* put */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+			state = KEY;
+			command = PUT;
+			break;
+		case 'r':			/* remove */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+                        if (flags == R_CURSOR) {
+				rem(dbp, &key);
+				state = COMMAND;
+                        } else {
+				state = KEY;
+				command = REMOVE;
+			}
+			break;
+		case 'S':			/* sync */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+			synk(dbp);
+			state = COMMAND;
+			break;
+		case 's':			/* seq */
+			if (state != COMMAND)
+				err("line %lu: not expecting command", lineno);
+			if (flags == R_CURSOR) {
+				state = KEY;
+				command = SEQ;
+			} else
+				seq(dbp, &key);
+			break;
+		case 'f':
+			flags = setflags(p + 1);
+			break;
+		case 'D':			/* data file */
+			if (state != DATA)
+				err("line %lu: not expecting data", lineno);
+			data.data = rfile(p + 1, &data.size);
+			goto ldata;
+		case 'd':			/* data */
+			if (state != DATA)
+				err("line %lu: not expecting data", lineno);
+			data.data = xmalloc(p + 1, len - 1);
+			data.size = len - 1;
+ldata:			switch (command) {
+			case COMPARE:
+				compare(&keydata, &data);
+				break;
+			case PUT:
+				put(dbp, &key, &data);
+				break;
+			default:
+				err("line %lu: command doesn't take data",
+				    lineno);
+			}
+			if (type != DB_RECNO)
+				free(key.data);
+			free(data.data);
+			state = COMMAND;
+			break;
+		case 'K':			/* key file */
+			if (state != KEY)
+				err("line %lu: not expecting a key", lineno);
+			if (type == DB_RECNO)
+				err("line %lu: 'K' not available for recno",
+				    lineno);
+			key.data = rfile(p + 1, &key.size);
+			goto lkey;
+		case 'k':			/* key */
+			if (state != KEY)
+				err("line %lu: not expecting a key", lineno);
+			if (type == DB_RECNO) {
+				static recno_t recno;
+				recno = atoi(p + 1);
+				key.data = &recno;
+				key.size = sizeof(recno);
+			} else {
+				key.data = xmalloc(p + 1, len - 1);
+				key.size = len - 1;
+			}
+lkey:			switch (command) {
+			case COMPARE:
+				getdata(dbp, &key, &keydata);
+				state = DATA;
+				break;
+			case GET:
+				get(dbp, &key);
+				if (type != DB_RECNO)
+					free(key.data);
+				state = COMMAND;
+				break;
+			case PUT:
+				state = DATA;
+				break;
+			case REMOVE:
+				rem(dbp, &key);
+				if ((type != DB_RECNO) && (flags != R_CURSOR))
+					free(key.data);
+				state = COMMAND;
+				break;
+			case SEQ:
+				seq(dbp, &key);
+				if ((type != DB_RECNO) && (flags != R_CURSOR))
+					free(key.data);
+				state = COMMAND;
+				break;
+			default:
+				err("line %lu: command doesn't take a key",
+				    lineno);
+			}
+			break;
+		case 'o':
+			dump(dbp, p[1] == 'r', 0);
+			break;
+		case 'O':
+			dump(dbp, p[1] == 'r', 1);
+			break;
+		case 'u':
+			unlinkpg(dbp);
+			break;
+		default:
+			err("line %lu: %s: unknown command character",
+			    lineno, p);
+		}
+	}
+#ifdef STATISTICS
+	/*
+	 * -l must be used (DB_LOCK must be set) for this to be
+	 * used, otherwise a page will be locked and it will fail.
+	 */
+	if (type == DB_BTREE && oflags & DB_LOCK)
+		__bt_stat(dbp);
+#endif
+	if (dbp->close(dbp))
+		err("db->close: %s", strerror(errno));
+	(void)close(ofd);
+	exit(0);
+}
+
+#define	NOOVERWRITE	"put failed, would overwrite key\n"
+
+void
+compare(db1, db2)
+	DBT *db1, *db2;
+{
+	size_t len;
+	u_char *p1, *p2;
+
+	if (db1->size != db2->size) {
+		printf("compare failed: key->data len %lu != data len %lu\n",
+		    (u_long) db1->size, (u_long) db2->size);
+		exit (1);
+	}
+
+	len = MIN(db1->size, db2->size);
+	for (p1 = db1->data, p2 = db2->data; len--;)
+		if (*p1++ != *p2++) {
+			err("compare failed at offset %d\n",
+			    (int)(p1 - (u_char *)db1->data));
+			break;
+		}
+}
+
+void
+get(dbp, kp)
+	DB *dbp;
+	DBT *kp;
+{
+	DBT data;
+
+	switch (dbp->get(dbp, kp, &data, flags)) {
+	case 0:
+		if (write(ofd, data.data, data.size) != (ssize_t)data.size)
+			err("write: %s", strerror(errno));
+		if (ofd == STDOUT_FILENO) {
+			if (write(ofd, "\n", 1) != 1)
+				err("write: %s", strerror(errno));
+		}
+		break;
+	case -1:
+		err("line %lu: get: %s", lineno, strerror(errno));
+		/* NOTREACHED */
+	case 1:
+#define	NOSUCHKEY	"get failed, no such key\n"
+		if (ofd != STDOUT_FILENO) {
+			if (write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1) !=
+			    sizeof(NOSUCHKEY) - 1)
+				err("write: %s", strerror(errno));
+			exit(1);
+		} else
+			(void)fprintf(stderr, "%lu: %.*s: %s",
+			    lineno, (int) MIN(kp->size, 20), (char *) kp->data,
+				      NOSUCHKEY);
+#undef	NOSUCHKEY
+		break;
+	}
+}
+
+void
+getdata(dbp, kp, dp)
+	DB *dbp;
+	DBT *kp, *dp;
+{
+	switch (dbp->get(dbp, kp, dp, flags)) {
+	case 0:
+		return;
+	case -1:
+		err("line %lu: getdata: %s", lineno, strerror(errno));
+		/* NOTREACHED */
+	case 1:
+		err("line %lu: getdata failed, no such key", lineno);
+		/* NOTREACHED */
+	}
+}
+
+void
+put(dbp, kp, dp)
+	DB *dbp;
+	DBT *kp, *dp;
+{
+	switch (dbp->put(dbp, kp, dp, flags)) {
+	case 0:
+		break;
+	case -1:
+		err("line %lu: put: %s", lineno, strerror(errno));
+		/* NOTREACHED */
+	case 1:
+		if (write(ofd, NOOVERWRITE, sizeof(NOOVERWRITE) - 1) !=
+		    sizeof(NOOVERWRITE) - 1)
+			err("write: %s", strerror(errno));
+		break;
+	}
+}
+
+void
+rem(dbp, kp)
+	DB *dbp;
+	DBT *kp;
+{
+	switch (dbp->del(dbp, kp, flags)) {
+	case 0:
+		break;
+	case -1:
+		err("line %lu: rem: %s", lineno, strerror(errno));
+		/* NOTREACHED */
+	case 1:
+#define	NOSUCHKEY	"rem failed, no such key\n"
+		if (ofd != STDOUT_FILENO) {
+			if (write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1) !=
+			    sizeof(NOSUCHKEY) - 1)
+				err("write: %s", strerror(errno));
+		} else if (flags != R_CURSOR)
+			(void)fprintf(stderr, "%lu: %.*s: %s",
+			    lineno, (int) MIN(kp->size, 20), (char *) kp->data,
+				      NOSUCHKEY);
+		else
+			(void)fprintf(stderr,
+			    "%lu: rem of cursor failed\n", lineno);
+#undef	NOSUCHKEY
+		break;
+	}
+}
+
+void
+synk(dbp)
+	DB *dbp;
+{
+	switch (dbp->sync(dbp, flags)) {
+	case 0:
+		break;
+	case -1:
+		err("line %lu: synk: %s", lineno, strerror(errno));
+		/* NOTREACHED */
+	}
+}
+
+void
+seq(dbp, kp)
+	DB *dbp;
+	DBT *kp;
+{
+	DBT data;
+
+	switch (dbp->seq(dbp, kp, &data, flags)) {
+	case 0:
+		if (write(ofd, data.data, data.size) != (ssize_t)data.size)
+			err("write: %s", strerror(errno));
+		if (ofd == STDOUT_FILENO)
+			if (write(ofd, "\n", 1) != 1)
+				err("write: %s", strerror(errno));
+		break;
+	case -1:
+		err("line %lu: seq: %s", lineno, strerror(errno));
+		/* NOTREACHED */
+	case 1:
+#define	NOSUCHKEY	"seq failed, no such key\n"
+		if (ofd != STDOUT_FILENO) {
+			if (write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1) !=
+			    sizeof(NOSUCHKEY) - 1)
+				err("write: %s", strerror(errno));
+		} else if (flags == R_CURSOR)
+			(void)fprintf(stderr, "%lu: %.*s: %s",
+			    lineno, (int) MIN(kp->size, 20), (char *) kp->data,
+				      NOSUCHKEY);
+		else
+			(void)fprintf(stderr,
+			    "%lu: seq (%s) failed\n", lineno, sflags(flags));
+#undef	NOSUCHKEY
+		break;
+	}
+}
+
+void
+dump(dbp, rev, recurse)
+	DB *dbp;
+	int rev;
+	int recurse;
+{
+	DBT key, data;
+	int lflags, nflags;
+
+	if (rev) {
+		lflags = R_LAST;
+		nflags = recurse ? R_RPREV : R_PREV;
+	} else {
+		lflags = R_FIRST;
+		nflags = recurse ? R_RNEXT : R_NEXT;
+	}
+	for (;; lflags = nflags)
+		switch (dbp->seq(dbp, &key, &data, lflags)) {
+		case 0:
+			if (write(ofd, data.data, data.size) !=
+			    (ssize_t)data.size)
+				err("write: %s", strerror(errno));
+			if (ofd == STDOUT_FILENO) {
+				if (write(ofd, "\n", 1) != 1)
+					err("write: %s", strerror(errno));
+			}
+			break;
+		case 1:
+			goto done;
+		case -1:
+			err("line %lu: (dump) seq: %s",
+			    lineno, strerror(errno));
+			/* NOTREACHED */
+		}
+done:	return;
+}
+
+void
+unlinkpg(dbp)
+	DB *dbp;
+{
+	BTREE *t = dbp->internal;
+	PAGE *h = NULL;
+	db_pgno_t pg;
+
+	for (pg = P_ROOT; pg < t->bt_mp->npages;
+	     mpool_put(t->bt_mp, h, 0), pg++) {
+		if ((h = mpool_get(t->bt_mp, pg, 0)) == NULL)
+			break;
+		/* Look for a nonempty leaf page that has both left
+		 * and right siblings. */
+		if (h->prevpg == P_INVALID || h->nextpg == P_INVALID)
+			continue;
+		if (NEXTINDEX(h) == 0)
+			continue;
+		if ((h->flags & (P_BLEAF | P_RLEAF)))
+			break;
+	}
+	if (h == NULL || pg == t->bt_mp->npages) {
+		fprintf(stderr, "unlinkpg: no appropriate page found\n");
+		return;
+	}
+	if (__bt_relink(t, h) != 0) {
+		perror("unlinkpg");
+		goto cleanup;
+	}
+	h->prevpg = P_INVALID;
+	h->nextpg = P_INVALID;
+cleanup:
+	mpool_put(t->bt_mp, h, MPOOL_DIRTY);
+}
+
+u_int
+setflags(s)
+	char *s;
+{
+	char *p;
+
+	for (; isspace((int) *s); ++s);
+	if (*s == '\n' || *s == '\0')
+		return (0);
+	if ((p = strchr(s, '\n')) != NULL)
+		*p = '\0';
+	if (!strcmp(s, "R_CURSOR"))		return (R_CURSOR);
+	if (!strcmp(s, "R_FIRST"))		return (R_FIRST);
+	if (!strcmp(s, "R_IAFTER")) 		return (R_IAFTER);
+	if (!strcmp(s, "R_IBEFORE")) 		return (R_IBEFORE);
+	if (!strcmp(s, "R_LAST")) 		return (R_LAST);
+	if (!strcmp(s, "R_NEXT")) 		return (R_NEXT);
+	if (!strcmp(s, "R_NOOVERWRITE"))	return (R_NOOVERWRITE);
+	if (!strcmp(s, "R_PREV"))		return (R_PREV);
+	if (!strcmp(s, "R_SETCURSOR"))		return (R_SETCURSOR);
+
+	err("line %lu: %s: unknown flag", lineno, s);
+	/* NOTREACHED */
+}
+
+char *
+sflags(lflags)
+	int lflags;
+{
+	switch (lflags) {
+	case R_CURSOR:		return ("R_CURSOR");
+	case R_FIRST:		return ("R_FIRST");
+	case R_IAFTER:		return ("R_IAFTER");
+	case R_IBEFORE:		return ("R_IBEFORE");
+	case R_LAST:		return ("R_LAST");
+	case R_NEXT:		return ("R_NEXT");
+	case R_NOOVERWRITE:	return ("R_NOOVERWRITE");
+	case R_PREV:		return ("R_PREV");
+	case R_SETCURSOR:	return ("R_SETCURSOR");
+	}
+
+	return ("UNKNOWN!");
+}
+
+DBTYPE
+dbtype(s)
+	char *s;
+{
+	if (!strcmp(s, "btree"))
+		return (DB_BTREE);
+	if (!strcmp(s, "hash"))
+		return (DB_HASH);
+	if (!strcmp(s, "recno"))
+		return (DB_RECNO);
+	err("%s: unknown type (use btree, hash or recno)", s);
+	/* NOTREACHED */
+}
+
+void *
+setinfo(db_type, s)
+	DBTYPE db_type;
+	char *s;
+{
+	static BTREEINFO ib;
+	static HASHINFO ih;
+	static RECNOINFO rh;
+	char *eq;
+
+	if ((eq = strchr(s, '=')) == NULL)
+		err("%s: illegal structure set statement", s);
+	*eq++ = '\0';
+	if (!isdigit((int) *eq))
+		err("%s: structure set statement must be a number", s);
+
+	switch (db_type) {
+	case DB_BTREE:
+		if (!strcmp("flags", s)) {
+			ib.flags = atoi(eq);
+			return (&ib);
+		}
+		if (!strcmp("cachesize", s)) {
+			ib.cachesize = atoi(eq);
+			return (&ib);
+		}
+		if (!strcmp("maxkeypage", s)) {
+			ib.maxkeypage = atoi(eq);
+			return (&ib);
+		}
+		if (!strcmp("minkeypage", s)) {
+			ib.minkeypage = atoi(eq);
+			return (&ib);
+		}
+		if (!strcmp("lorder", s)) {
+			ib.lorder = atoi(eq);
+			return (&ib);
+		}
+		if (!strcmp("psize", s)) {
+			ib.psize = atoi(eq);
+			return (&ib);
+		}
+		break;
+	case DB_HASH:
+		if (!strcmp("bsize", s)) {
+			ih.bsize = atoi(eq);
+			return (&ih);
+		}
+		if (!strcmp("ffactor", s)) {
+			ih.ffactor = atoi(eq);
+			return (&ih);
+		}
+		if (!strcmp("nelem", s)) {
+			ih.nelem = atoi(eq);
+			return (&ih);
+		}
+		if (!strcmp("cachesize", s)) {
+			ih.cachesize = atoi(eq);
+			return (&ih);
+		}
+		if (!strcmp("lorder", s)) {
+			ih.lorder = atoi(eq);
+			return (&ih);
+		}
+		break;
+	case DB_RECNO:
+		if (!strcmp("flags", s)) {
+			rh.flags = atoi(eq);
+			return (&rh);
+		}
+		if (!strcmp("cachesize", s)) {
+			rh.cachesize = atoi(eq);
+			return (&rh);
+		}
+		if (!strcmp("lorder", s)) {
+			rh.lorder = atoi(eq);
+			return (&rh);
+		}
+		if (!strcmp("reclen", s)) {
+			rh.reclen = atoi(eq);
+			return (&rh);
+		}
+		if (!strcmp("bval", s)) {
+			rh.bval = atoi(eq);
+			return (&rh);
+		}
+		if (!strcmp("psize", s)) {
+			rh.psize = atoi(eq);
+			return (&rh);
+		}
+		break;
+	}
+	err("%s: unknown structure value", s);
+	/* NOTREACHED */
+}
+
+void *
+rfile(name, lenp)
+	char *name;
+	size_t *lenp;
+{
+	struct stat sb;
+	void *p;
+	int fd;
+	char *np;
+
+	for (; isspace((int) *name); ++name);
+	if ((np = strchr(name, '\n')) != NULL)
+		*np = '\0';
+	if ((fd = open(name, O_RDONLY, 0)) < 0 ||
+	    fstat(fd, &sb))
+		err("%s: %s\n", name, strerror(errno));
+#ifdef NOT_PORTABLE
+	if (sb.st_size > (off_t)SIZE_T_MAX)
+		err("%s: %s\n", name, strerror(E2BIG));
+#endif
+	if ((p = (void *)malloc((u_int)sb.st_size)) == NULL)
+		err("%s", strerror(errno));
+	if (read(fd, p, (int)sb.st_size) == -1)
+		err("%s", strerror(errno));
+	*lenp = sb.st_size;
+	(void)close(fd);
+	return (p);
+}
+
+void *
+xmalloc(text, len)
+	char *text;
+	size_t len;
+{
+	void *p;
+
+	if ((p = (void *)malloc(len)) == NULL)
+		err("%s", strerror(errno));
+	memmove(p, text, len);
+	return (p);
+}
+
+void
+usage()
+{
+	(void)fprintf(stderr,
+	    "usage: dbtest [-l] [-f file] [-i info] [-o file] type script\n");
+	exit(1);
+}
+
+#include <stdarg.h>
+
+void
+err(const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	(void)fprintf(stderr, "dbtest: ");
+	(void)vfprintf(stderr, fmt, ap);
+	va_end(ap);
+	(void)fprintf(stderr, "\n");
+	exit(1);
+	/* NOTREACHED */
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/deps b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/dictionary b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/dictionary
new file mode 100644
index 00000000..53640f01
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/dictionary
@@ -0,0 +1,308 @@
+abintrme
+ablatweo
+agdbevea
+aglamber
+aicehayt
+alerover
+anadanth
+ancmirtt
+ancthada
+angcther
+antasikt
+arathmsm
+arescofa
+arthatea
+asallyth
+asathedl
+ascelass
+athaneal
+atheneri
+atheryit
+athiopep
+athysidc
+atyhtiti
+auletard
+aytthepr
+bedthesa
+beiofttw
+bemofrda
+bertedud
+bessdide
+bestiemb
+blllanof
+bllssunt
+blstther
+bttelthh
+bulyousi
+bupedire
+buseatsd
+butritat
+byeditam
+cedvecur
+censaith
+centhfro
+centitar
+ceourire
+cetheaso
+chancora
+chavengl
+chederas
+chemsywh
+civadayo
+ckedacag
+ckstiptr
+colither
+congchin
+corepppl
+cronoria
+cthilath
+cthouthe
+ctofowon
+cumetbry
+dbethere
+degeerin
+detherai
+dingthin
+dryslyse
+dscesild
+ealecerm
+edftserh
+efosondi
+eherrreg
+emidesja
+ereananm
+estersns
+etedtili
+evermerh
+falsuran
+faringsi
+fawerist
+fcedethe
+fedhessh
+fedlerca
+feupbori
+ffeedift
+fllbasia
+foftabll
+fomehage
+fotsenki
+fwisudls
+ggeuptha
+gswofryt
+hedcecou
+hereacun
+huvedpth
+iabengre
+ianfovin
+iaresice
+iasmived
+idengedi
+ilftisut
+ilinefem
+imeorran
+imsstoft
+inararto
+indanrei
+ingelaly
+ingeored
+inmotiom
+inoatlfr
+inoviler
+insedihe
+intaspan
+intowade
+inyfeprt
+iobloinc
+ionepuse
+iourofig
+ireeingi
+irreland
+irsfandb
+isewhell
+isocisad
+isriacth
+istaverr
+ithmblet
+itoingri
+itongala
+itsgrint
+ivyttisa
+laltthea
+lanesmef
+lanonepi
+lerithay
+lllmeris
+lysatspa
+lysceert
+masishio
+mathmmat
+meastrei
+medengny
+medwindb
+membonam
+moronash
+mpeotlin
+msomirei
+msrmstri
+mstirtis
+nbempeef
+ncheckno
+nddtthec
+ndilymor
+nditheiv
+ndoncath
+nenkingo
+ngryasth
+nichelnd
+nndarrof
+nongeatt
+noviearc
+npecheca
+nsttmema
+nwiowhan
+oalsaldt
+obullury
+odtenens
+offorind
+ofoditin
+ogarofab
+olossofe
+olspooth
+omajorul
+omantrvi
+omawevat
+onotorit
+oorendbe
+oosarang
+othowong
+otinffte
+ouatheno
+ountshep
+ouputope
+owhesatu
+owiaindh
+padisath
+pangream
+pawicofa
+pendamam
+pepofond
+peroncti
+perysege
+petotith
+plocarov
+pomasbor
+powholyi
+ppllosof
+pptinoma
+psenesff
+puiondit
+reestand
+rendlabl
+rerathsy
+rewathat
+rirndiff
+ritricui
+samasome
+satameer
+sathecur
+sbespral
+sconbeis
+sedfinhe
+sharveon
+shhoftrd
+sianthem
+sieaveve
+simedera
+sinandff
+sinulsma
+sllobofl
+sndfermh
+soffatic
+soingris
+songiorb
+sthottsa
+suewemat
+swicales
+tagttisf
+tanalatt
+tancodbo
+tarethal
+tbisesia
+teftyall
+tengstwh
+tepeshth
+teranand
+tevinohi
+tgthehal
+thansirs
+thecequs
+thereaco
+therimut
+therorea
+thestiom
+theveame
+thhastth
+thiasatt
+thidirve
+thingbaa
+thithbed
+thovires
+thswenpe
+thublthe
+tiamarss
+tincthes
+tindtofo
+tinedave
+tisanwex
+tlarnste
+tleicorb
+tnymesie
+toftemal
+tombeasw
+torarsen
+totheheo
+toudanty
+tremywel
+treonove
+trhandfy
+trrhmont
+trysnter
+tssasofo
+ttemaith
+ttiserds
+ttorissa
+tuiabeoi
+twirfton
+tyhentha
+tyngorti
+tyoarich
+ucatbouc
+ungyconh
+untinore
+uopsaren
+upecmuit
+ureaidrb
+usinittr
+ussofedt
+usunochp
+utbapofo
+veveplel
+vimathea
+walondui
+wavairet
+waysioft
+wceempil
+wealttig
+wefondio
+werdtian
+weswevar
+whaclthe
+wheanler
+wheiforv
+whisurtr
+whrithat
+wiesulci
+wirofrec
+witthile
+wtserodr
+ybutherr
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/Makefile b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/Makefile
new file mode 100644
index 00000000..348a8f81
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/Makefile
@@ -0,0 +1,43 @@
+#	@(#)Makefile	8.16 (Berkeley) 11/20/95
+
+ALL = driver2 tcreat3 tdel thash4 tread2 tseq tverify
+OBJ = driver2.o tcreat3.o tdel.o thash4.o tread2.o tseq.o tverify.o
+CC = gcc
+
+all: ${ALL}
+
+# Uncomment the STAT line get hash and btree statistical use info.  This
+# also forces ld to load the btree debug functions for use by gdb, which
+# is useful.  The db library has to be compiled with -DSTATISTICS as well.
+INC=	-I${PORTDIR}/include -I${PORTDIR}
+OORG=	-g
+#STAT=	-DSTATISTICS
+CFLAGS=	-D__DBINTERFACE_PRIVATE -DDEBUG ${STAT} ${OORG} ${INC}
+
+tcreat3: tcreat3.o ${PORTDIR}/libdb.a
+	${CC} -o $@ tcreat3.o ${PORTDIR}/libdb.a
+
+tdel: tdel.o ${PORTDIR}/libdb.a
+	${CC} -o $@ tdel.o ${PORTDIR}/libdb.a
+
+thash4: thash4.o ${PORTDIR}/libdb.a
+	${CC} -o $@ thash4.o ${PORTDIR}/libdb.a
+
+tread2: tread2.o ${PORTDIR}/libdb.a
+	${CC} -o $@ tread2.o ${PORTDIR}/libdb.a
+
+tseq: tseq.o ${PORTDIR}/libdb.a
+	${CC} -o $@ tseq.o ${PORTDIR}/libdb.a
+
+tverify: tverify.o ${PORTDIR}/libdb.a
+	${CC} -o $@ tverify.o ${PORTDIR}/libdb.a
+
+driver2: driver2.o ${PORTDIR}/libdb.a
+	${CC} -o $@ driver2.o ${PORTDIR}/libdb.a
+
+strerror.o: ${PORTDIR}/clib/strerror.c
+	${CC} -c ${PORTDIR}/clib/strerror.c
+
+clean:
+	rm -f *.core gmon.out ${ALL} ${OBJ} t1 t2 t3
+
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c
new file mode 100644
index 00000000..02982b16
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c
@@ -0,0 +1,111 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)driver2.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+/*
+ * Test driver, to try to tackle the large ugly-split problem.
+ */
+
+#include <sys/file.h>
+#include <stdio.h>
+#include "ndbm.h"
+
+int my_hash(key, len)
+	char	*key;
+	int	len;
+{
+	return(17);		/* So I'm cruel... */
+}
+
+main(argc, argv)
+	int	argc;
+{
+	DB	*db;
+	DBT	key, content;
+	char	keybuf[2049];
+	char	contentbuf[2049];
+	char	buf[256];
+	int	i;
+	HASHINFO	info;
+
+	info.bsize = 1024;
+	info.ffactor = 5;
+	info.nelem = 1;
+	info.cachesize = NULL;
+#ifdef HASH_ID_PROGRAM_SPECIFIED
+	info.hash_id = HASH_ID_PROGRAM_SPECIFIED;
+	info.hash_func = my_hash;
+#else
+	info.hash = my_hash;
+#endif
+	info.lorder = 0;
+	if (!(db = dbopen("bigtest", O_RDWR | O_CREAT | O_BINARY, 0644, DB_HASH, &info))) {
+		snprintf(buf, sizeof(buf), "dbopen: failed on file bigtest");
+		perror(buf);
+		exit(1);
+	}
+	srand(17);
+	key.data = keybuf;
+	content.data = contentbuf;
+	memset(keybuf, '\0', sizeof(keybuf));
+	memset(contentbuf, '\0', sizeof(contentbuf));
+	for (i=1; i <= 500; i++) {
+		key.size = 128 + (rand()&1023);
+		content.size = 128 + (rand()&1023);
+/*		printf("%d: Key size %d, data size %d\n", i, key.size,
+		       content.size); */
+		snprintf(keybuf, sizeof(keybuf), "Key #%d", i);
+		snprintf(contentbuf, sizeof(contentbuf), "Contents #%d", i);
+		if ((db->put)(db, &key, &content, R_NOOVERWRITE)) {
+			snprintf(buf, sizeof(buf), "dbm_store #%d", i);
+			perror(buf);
+		}
+	}
+	if ((db->close)(db)) {
+		perror("closing hash file");
+		exit(1);
+	}
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/makedb.sh b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/makedb.sh
new file mode 100644
index 00000000..15901de1
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/makedb.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+#	@(#)makedb.sh	8.1 (Berkeley) 6/4/93
+
+awk '{i++; print $0; print i;}' /usr/local/lib/dict/words > WORDS
+ls /bin /usr/bin /usr/ucb /etc | egrep '^(...|....|.....|......)$' | \
+sort | uniq | \
+awk '{
+	printf "%s\n", $0
+	for (i = 0; i < 1000; i++)
+		printf "%s+", $0
+	printf "\n"
+}' > LONG.DATA
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c
new file mode 100644
index 00000000..6767de5e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c
@@ -0,0 +1,105 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)tcreat3.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <stdio.h>
+#include "db-int.h"
+
+#define INITIAL	25000
+#define MAXWORDS    25000	       /* # of elements in search table */
+
+char	wp1[8192];
+char	wp2[8192];
+main(argc, argv)
+char **argv;
+{
+	DBT item, key;
+	DB	*dbp;
+	HASHINFO ctl;
+	FILE *fp;
+	int	trash;
+
+	int i = 0;
+
+	argv++;
+	ctl.hash = NULL;
+	ctl.bsize = atoi(*argv++);
+	ctl.ffactor = atoi(*argv++);
+	ctl.nelem = atoi(*argv++);
+	ctl.lorder = 0;
+	if (!(dbp = dbopen( "hashtest",
+	    O_CREAT|O_TRUNC|O_RDWR|O_BINARY, 0600, DB_HASH, &ctl))){
+		/* create table */
+		fprintf(stderr, "cannot create: hash table (size %d)\n",
+			INITIAL);
+		exit(1);
+	}
+
+	key.data = wp1;
+	item.data = wp2;
+	while ( fgets(wp1, 8192, stdin) &&
+		fgets(wp2, 8192, stdin) &&
+		i++ < MAXWORDS) {
+/*
+* put info in structure, and structure in the item
+*/
+		key.size = strlen(wp1);
+		item.size = strlen(wp2);
+
+/*
+ * enter key/data pair into the table
+ */
+		if ((dbp->put)(dbp, &key, &item, R_NOOVERWRITE) != NULL) {
+			fprintf(stderr, "cannot enter: key %s\n",
+				item.data);
+			exit(1);
+		}
+	}
+
+	(dbp->close)(dbp);
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
new file mode 100644
index 00000000..32d8250f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
@@ -0,0 +1,122 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)tdel.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include "db-int.h"
+#include <stdio.h>
+
+#define INITIAL	25000
+#define MAXWORDS    25000	       /* # of elements in search table */
+
+/* Usage: thash pagesize fillfactor file */
+char	wp1[8192];
+char	wp2[8192];
+main(argc, argv)
+char **argv;
+{
+	DBT item, key;
+	DB	*dbp;
+	HASHINFO ctl;
+	FILE *fp;
+	int	stat;
+
+	int i = 0;
+
+	argv++;
+	ctl.nelem = INITIAL;
+	ctl.hash = NULL;
+	ctl.bsize = atoi(*argv++);
+	ctl.ffactor = atoi(*argv++);
+	ctl.cachesize = 1024 * 1024;	/* 1 MEG */
+	ctl.lorder = 0;
+	argc -= 2;
+	if (!(dbp = dbopen( NULL, O_CREAT|O_RDWR|O_BINARY, 0400, DB_HASH, &ctl))) {
+		/* create table */
+		fprintf(stderr, "cannot create: hash table size %d)\n",
+			INITIAL);
+		exit(1);
+	}
+
+	key.data = wp1;
+	item.data = wp2;
+	while ( fgets(wp1, 8192, stdin) &&
+		fgets(wp2, 8192, stdin) &&
+		i++ < MAXWORDS) {
+/*
+* put info in structure, and structure in the item
+*/
+		key.size = strlen(wp1);
+		item.size = strlen(wp2);
+
+/*
+ * enter key/data pair into the table
+ */
+		if ((dbp->put)(dbp, &key, &item, R_NOOVERWRITE) != NULL) {
+			fprintf(stderr, "cannot enter: key %s\n",
+				item.data);
+			exit(1);
+		}
+	}
+
+	if ( --argc ) {
+		fp = fopen ( argv[0], "r");
+		i = 0;
+		while ( fgets(wp1, 8192, fp) &&
+			fgets(wp2, 8192, fp) &&
+			i++ < MAXWORDS) {
+		    key.size = strlen(wp1);
+		    stat = (dbp->del)(dbp, &key, 0);
+		    if (stat) {
+			fprintf ( stderr, "Error retrieving %s\n", key.data );
+			exit(1);
+		    }
+		}
+		fclose(fp);
+	}
+	(dbp->close)(dbp);
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/testit b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/testit
new file mode 100644
index 00000000..c80dc4e6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/testit
@@ -0,0 +1,154 @@
+#!/bin/csh -f
+#
+#	@(#)testit	8.1 (Berkeley) 6/4/93
+#
+
+echo ""
+echo "PAGE FILL "
+set name=WORDS
+	set i = 256
+	foreach j ( 11 14 21 )
+	    echo "thash4 $i $j"
+	    ./thash4 $i $j 25000 65536 $name < $name
+	end
+	set i = 512
+	foreach j ( 21 28 43 )
+	    echo "thash4 $i $j"
+	    ./thash4 $i $j 25000 65536  $name < $name
+	end
+	set i = 1024
+	foreach j ( 43 57 85 )
+	    echo "thash4 $i $j"
+	    ./thash4 $i $j 25000 65536 $name < $name
+	end
+	set i = 2048
+	foreach j ( 85 114 171 )
+	    echo "thash4 $i $j"
+	    ./thash4 $i $j 25000 65536 $name < $name
+	end
+	set i = 4096
+	foreach j ( 171 228 341 )
+	    echo "thash4 $i $j"
+	    ./thash4 $i $j 25000 65536 $name < $name
+	end
+	set i = 8192
+	foreach j ( 341 455 683 )
+	    echo "thash4 $i $j"
+	    ./thash4 $i $j 25000 65536 $name < $name
+	end
+	echo "PAGE FILL "
+	set i = 256
+	foreach j ( 11 14 21 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 25000 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 512
+	foreach j ( 21 28 43 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 25000 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 1024
+	foreach j ( 43 57 85 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 25000 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 2048
+	foreach j ( 85 114 171 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 25000 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 4096
+	foreach j ( 171 228 341 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 25000 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 8192
+	foreach j ( 341 455 683 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 25000 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+set name=LONG.DATA
+	set i = 1024
+	foreach j ( 1 2 4 )
+	    echo ./thash4 $i $j 600 65536 $name 
+	    ./thash4 $i $j 600 65536 $name < $name
+	end
+
+	set i = 2048
+	foreach j ( 1 2 4 )
+	    echo ./thash4 $i $j 600 65536 $name 
+	    ./thash4 $i $j 600 65536 $name < $name
+	end
+	set i = 4096
+	foreach j ( 1 2 4 )
+	    echo ./thash4 $i $j 600 65536 $name 
+	    ./thash4 $i $j 600 65536 $name < $name
+	end
+	set i = 8192
+	foreach j ( 2 4 8 )
+	    echo ./thash4 $i $j 600 65536 $name 
+	    ./thash4 $i $j 600 65536 $name < $name
+	end
+	echo "PAGE FILL "
+	set i = 1024
+	foreach j ( 1 2 4 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 600 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 2048
+	foreach j ( 1 2 4 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 600 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 4096
+	foreach j ( 1 2 4 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 600 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+	set i = 8192
+	foreach j ( 2 4 8 )
+	    echo "$i"_"$j"
+	    ./tcreat3 $i $j 600 $name < $name
+	    ./tread2 65536 < $name
+	    ./tverify $name < $name
+	    ./tseq > /dev/null
+	    ./tdel $i $j  $name < $name
+	end
+
+./driver2
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
new file mode 100644
index 00000000..830d7a18
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
@@ -0,0 +1,131 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)thash4.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <stdio.h>
+#include <errno.h>
+#include "db-int.h"
+
+#define INITIAL	25000
+#define MAXWORDS    25000	       /* # of elements in search table */
+
+/* Usage: thash pagesize fillfactor file */
+char	wp1[8192];
+char	wp2[8192];
+main(argc, argv)
+char **argv;
+{
+	DBT item, key, res;
+	DB *dbp;
+	HASHINFO ctl;
+	FILE *fp;
+	int	stat;
+	time_t	t;
+
+	int i = 0;
+
+	argv++;
+	ctl.hash = NULL;
+	ctl.bsize = atoi(*argv++);
+	ctl.ffactor = atoi(*argv++);
+	ctl.nelem = atoi(*argv++);
+	ctl.cachesize = atoi(*argv++);
+	ctl.lorder = 0;
+	if (!(dbp = dbopen( NULL, O_CREAT|O_RDWR|O_BINARY, 0400, DB_HASH, &ctl))) {
+		/* create table */
+		fprintf(stderr, "cannot create: hash table size %d)\n",
+			INITIAL);
+		fprintf(stderr, "\terrno: %d\n", errno);
+		exit(1);
+	}
+
+	key.data = wp1;
+	item.data = wp2;
+	while ( fgets(wp1, 8192, stdin) &&
+		fgets(wp2, 8192, stdin) &&
+		i++ < MAXWORDS) {
+/*
+* put info in structure, and structure in the item
+*/
+		key.size = strlen(wp1);
+		item.size = strlen(wp2);
+
+/*
+ * enter key/data pair into the table
+ */
+		if ((dbp->put)(dbp, &key, &item, R_NOOVERWRITE) != NULL) {
+			fprintf(stderr, "cannot enter: key %s\n",
+				item.data);
+			fprintf(stderr, "\terrno: %d\n", errno);
+			exit(1);
+		}
+	}
+
+	if ( --argc ) {
+		fp = fopen ( argv[0], "r");
+		i = 0;
+		while ( fgets(wp1, 256, fp) &&
+			fgets(wp2, 8192, fp) &&
+			i++ < MAXWORDS) {
+
+		    key.size = strlen(wp1);
+		    stat = (dbp->get)(dbp, &key, &res, 0);
+		    if (stat < 0 ) {
+			fprintf ( stderr, "Error retrieving %s\n", key.data );
+			fprintf(stderr, "\terrno: %d\n", errno);
+			exit(1);
+		    } else if ( stat > 0 ) {
+			fprintf ( stderr, "%s not found\n", key.data );
+			fprintf(stderr, "\terrno: %d\n", errno);
+			exit(1);
+		    }
+		}
+		fclose(fp);
+	}
+	dbp->close(dbp);
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c
new file mode 100644
index 00000000..1e2cc4c5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c
@@ -0,0 +1,105 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)tread2.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <stdio.h>
+#include "db-int.h"
+
+#define INITIAL	25000
+#define MAXWORDS    25000	       /* # of elements in search table */
+
+typedef struct {		       /* info to be stored */
+	int num, siz;
+} info;
+
+char	wp1[8192];
+char	wp2[8192];
+main(argc, argv)
+char **argv;
+{
+	DBT item, key, res;
+	DB	*dbp;
+	HASHINFO ctl;
+	int	stat;
+
+	int i = 0;
+
+	ctl.nelem = INITIAL;
+	ctl.hash = NULL;
+	ctl.bsize = 64;
+	ctl.ffactor = 1;
+	ctl.cachesize = atoi(*argv++);
+	ctl.lorder = 0;
+	if (!(dbp = dbopen( "hashtest", O_RDONLY|O_BINARY, 0400, DB_HASH, &ctl))) {
+		/* create table */
+		fprintf(stderr, "cannot open: hash table\n" );
+		exit(1);
+	}
+
+	key.data = wp1;
+	item.data = wp2;
+	while ( fgets(wp1, 8192, stdin) &&
+		fgets(wp2, 8192, stdin) &&
+		i++ < MAXWORDS) {
+/*
+* put info in structure, and structure in the item
+*/
+		key.size = strlen(wp1);
+		item.size = strlen(wp2);
+
+		stat = (dbp->get)(dbp, &key, &res,0);
+		if (stat < 0) {
+		    fprintf ( stderr, "Error retrieving %s\n", key.data );
+		    exit(1);
+		} else if ( stat > 0 ) {
+		    fprintf ( stderr, "%s not found\n", key.data );
+		    exit(1);
+		}
+	}
+	(dbp->close)(dbp);
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c
new file mode 100644
index 00000000..bee41961
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c
@@ -0,0 +1,88 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)tseq.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <stdio.h>
+#include "db-int.h"
+
+#define INITIAL	25000
+#define MAXWORDS    25000	       /* # of elements in search table */
+
+
+char	wp[8192];
+char	cp[8192];
+main(argc, argv)
+char **argv;
+{
+	DBT item, key, res;
+	DB	*dbp;
+	FILE *fp;
+	int	stat;
+
+	if (!(dbp = dbopen( "hashtest", O_RDONLY|O_BINARY, 0400, DB_HASH, NULL))) {
+		/* create table */
+		fprintf(stderr, "cannot open: hash table\n" );
+		exit(1);
+	}
+
+/*
+* put info in structure, and structure in the item
+*/
+	for ( stat = (dbp->seq) (dbp, &res, &item, 1 );
+	      stat == 0;
+	      stat = (dbp->seq) (dbp, &res, &item, 0 ) ) {
+
+	      memcpy ( wp, res.data, res.size );
+	      wp[res.size] = 0;
+	      memcpy ( cp, item.data, item.size );
+	      cp[item.size] = 0;
+
+	      printf ( "%s %s\n", wp, cp );
+	}
+	(dbp->close)(dbp);
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c
new file mode 100644
index 00000000..4747804f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c
@@ -0,0 +1,107 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char copyright[] =
+"@(#) Copyright (c) 1991, 1993\n\
+	The Regents of the University of California.  All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)tverify.c	8.1 (Berkeley) 6/4/93";
+#endif /* not lint */
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <stdio.h>
+#include "db-int.h"
+
+#define INITIAL	25000
+#define MAXWORDS    25000	       /* # of elements in search table */
+
+typedef struct {		       /* info to be stored */
+	int num, siz;
+} info;
+
+char	wp1[8192];
+char	wp2[8192];
+main(argc, argv)
+char **argv;
+{
+	DBT key, res;
+	DB	*dbp;
+	HASHINFO ctl;
+	int	trash;
+	int	stat;
+
+	int i = 0;
+
+	ctl.nelem = INITIAL;
+	ctl.hash = NULL;
+	ctl.bsize = 64;
+	ctl.ffactor = 1;
+	ctl.cachesize = 1024 * 1024;	/* 1 MEG */
+	ctl.lorder = 0;
+	if (!(dbp = dbopen( "hashtest", O_RDONLY|O_BINARY, 0400, DB_HASH, &ctl))) {
+		/* create table */
+		fprintf(stderr, "cannot open: hash table\n" );
+		exit(1);
+	}
+
+	key.data = wp1;
+	while ( fgets(wp1, 8192, stdin) &&
+		fgets(wp2, 8192, stdin) &&
+		i++ < MAXWORDS) {
+/*
+* put info in structure, and structure in the item
+*/
+		key.size = strlen(wp1);
+
+		stat = (dbp->get)(dbp, &key, &res,0);
+		if (stat < 0) {
+		    fprintf ( stderr, "Error retrieving %s\n", key.data );
+		    exit(1);
+		} else if ( stat > 0 ) {
+		    fprintf ( stderr, "%s not found\n", key.data );
+		    exit(1);
+		}
+		if ( memcmp ( res.data, wp2, res.size ) ) {
+		    fprintf ( stderr, "data for %s is incorrect.  Data was %s.  Should have been %s\n", key.data, res.data, wp2 );
+		}
+	}
+	(dbp->close)(dbp);
+	exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/README b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/README
new file mode 100644
index 00000000..f29ccf7e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/README
@@ -0,0 +1,72 @@
+#	@(#)README	8.1 (Berkeley) 6/4/93
+
+This package implements a superset of the hsearch and dbm/ndbm libraries.
+
+Test Programs:
+	All test programs which need key/data pairs expect them entered
+	with key and data on separate lines
+
+	tcreat3.c	
+		Takes 
+			bucketsize (bsize), 
+			fill factor (ffactor), and
+			initial number of elements (nelem).  
+		Creates a hash table named hashtest containing the 
+		keys/data pairs entered from standard in.
+	thash4.c
+		Takes
+			bucketsize (bsize), 
+			fill factor (ffactor), 
+			initial number of elements (nelem)
+			bytes of cache (ncached), and
+			file from which to read data  (fname)
+		Creates a table from the key/data pairs on standard in and
+		then does a read of each key/data in fname
+	tdel.c
+		Takes
+			bucketsize (bsize), and
+			fill factor (ffactor).
+			file from which to read data (fname)
+		Reads each key/data pair from fname and deletes the
+		key from the hash table hashtest
+	tseq.c
+		Reads the key/data pairs in the file hashtest and writes them
+		to standard out.
+	tread2.c
+		Takes
+			butes of cache (ncached).
+		Reads key/data pairs from standard in and looks them up
+		in the file hashtest.
+	tverify.c
+		Reads key/data pairs from standard in, looks them up
+		in the file hashtest, and verifies that the data is
+		correct.
+
+NOTES:
+
+The file search.h is provided for using the hsearch compatible interface
+on BSD systems.  On System V derived systems, search.h should appear in 
+/usr/include.
+
+The man page ../man/db.3 explains the interface to the hashing system.
+The file hash.ps is a postscript copy of a paper explaining
+the history, implementation, and performance of the hash package.
+
+"bugs" or idiosyncracies
+
+If you have a lot of overflows, it is possible to run out of overflow
+pages.  Currently, this will cause a message to be printed on stderr.
+Eventually, this will be indicated by a return error code.
+
+If you are using the ndbm interface and exit without flushing or closing the
+file, you may lose updates since the package buffers all writes.  Also,
+the db interface only creates a single database file.  To avoid overwriting
+the user's original file, the suffix ".db" is appended to the file name
+passed to dbm_open.  Additionally, if your code "knows" about the historic
+.dir and .pag files, it will break.  
+
+There is a fundamental difference between this package and the old hsearch.
+Hsearch requires the user to maintain the keys and data in the application's
+allocated memory while hash takes care of all storage management.  The down
+side is that the byte strings passed in the ENTRY structure must be null
+terminated (both the keys and the data).
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c
new file mode 100644
index 00000000..c8070c50
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c
@@ -0,0 +1,75 @@
+#include "db-int.h"
+#include <stdio.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <stdlib.h>
+
+int
+main(void)
+{
+	HASHINFO info;
+	DB *db;
+	DBT key, value, returned;
+	int *data;
+	int n, i;
+
+	info.bsize = 512;
+	info.cachesize = 500;
+	info.lorder = 0;
+	info.ffactor = 4;
+	info.nelem = 0;
+	info.hash = NULL;
+
+	db = dbopen("big2.db", O_RDWR|O_CREAT|O_TRUNC|O_BINARY, 0664, DB_HASH, &info);
+	data = malloc(800 * sizeof(int));
+	for (n = 0; n < 800; n++)
+		data[n] = 0xDEADBEEF;
+	key.size = sizeof(int);
+	key.data = &n;
+	value.size = 800 * sizeof(int);
+	value.data = (void *)data;
+
+	for (n = 0; n < 200000; n++) {
+		returned.data = NULL;
+		if (n == 4627)
+			printf("");
+		if (n % 50 == 0)
+			printf("put n = %d\n", n);
+		if (db->put(db, &key, &value, 0) != 0)
+			printf("put error, n = %d\n", n);
+		if (db->get(db, &key, &returned, 0) != 0)
+			printf("Immediate get error, n = %d\n", n);
+		assert (returned.size == 3200);
+		for (i = 0; i < 800; i++)
+			if (((int *)returned.data)[i] != 0xDEADBEEF)
+				printf("ERRORRRRRR!!!\n");
+
+	}
+
+	for (n = 0; n < 200000; n++) {
+		if (n % 50 == 0)
+			printf("seq n = %d\n", n);
+		if ((db->seq(db, &key, &returned, 0)) != 0)
+			printf("Seq error, n = %d\n", n);
+
+		assert(returned.size == 3200);
+
+		for (i = 0; i < 800; i++)
+			if (((int *)returned.data)[i] != 0xDEADBEEF)
+				printf("ERRORRRRRR!!! seq %d\n", n);
+	}
+
+	for (n = 0; n < 2000; n++) {
+		if (n % 50 == 0)
+			printf("get n = %d\n", n);
+		if (db->get(db, &key, &returned, 0) != 0)
+			printf("Late get error, n = %d\n", n);
+		assert(returned.size == 1200);
+		for (i = 0; i < 300; i++)
+			if (((int *)returned.data)[i] != 0xDEADBEEF)
+				printf("ERRORRRRRR!!!, get %d\n", n);
+	}
+   	db->close(db);
+	free(value.data);
+	return(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
new file mode 100644
index 00000000..43895a42
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
@@ -0,0 +1,184 @@
+#include "db-int.h"
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+
+extern int hash_expansions;
+
+int
+main(void)
+{
+    FILE *keys, *vals;
+    DB *db;
+    DBT key, val;
+    char *key_line, *val_line, *get_key, *get_val, *old, *key2;
+    HASHINFO passwd;
+    int n = 0, i = 0, expected;
+
+    key_line = (char *)malloc(100);
+    val_line = (char *)malloc(300);
+    old = (char *)malloc(300);
+
+    keys = fopen("yp.keys", "rt");
+    vals = fopen("yp.total", "rt");
+
+    passwd.bsize =  1024;
+    passwd.cachesize = 1024 * 1024;
+    passwd.ffactor = 10;
+    passwd.hash = NULL;
+    passwd.nelem = 0;
+    passwd.lorder = 4321;
+
+
+    db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_CREAT|O_TRUNC|O_BINARY, 0664, DB_HASH,
+		&passwd);
+    if (!db) {
+	fprintf(stderr, "create_db: couldn't create database file\n");
+	exit(1);
+    }
+
+    while ((key_line = fgets(key_line, 100, keys)) != NULL) {
+	if (n % 1000 == 0)
+	  fprintf(stderr, "Putting #%d.\n", n);
+	n++;
+	fgets(val_line, 300, vals);
+	key.size = strlen(key_line);
+	key.data = (void *)key_line;
+	val.size = strlen(val_line);
+	val.data = (void *)val_line;
+	if (db->put(db, &key, &val, 0) != 0)
+	  fprintf(stderr, "Put error, n = %d\n", n);
+	if (db->get(db, &key, &val, 0) != 0)
+	  fprintf(stderr, "Immediate get error, n = %d\n", n);
+    }
+    fprintf(stderr, "Done with put!\n");
+    free(key_line);
+    free(val_line);
+    fclose(keys);
+    fclose(vals);
+    db->close(db);
+
+
+
+
+    keys = fopen("yp.keys", "rt");
+    vals = fopen("yp.total", "rt");
+    get_key = (char *)malloc(100);
+    get_val = (char *)malloc(300);
+
+    db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
+    if (!db)
+      fprintf(stderr, "Could not open db!\n");
+    n = 0;
+    while ((get_key = fgets(get_key, 100, keys)) != NULL) {
+	n++;
+	if (n % 1000 == 0)
+	  fprintf(stderr, "Getting #%d.\n", n);
+	key.size = strlen(get_key);
+	key.data = (void *)get_key;
+	if (db->get(db, &key, &val, 0) != 0)
+	  fprintf(stderr, "Retrieval error on %s\n", get_key);
+	fgets(get_val, 300, vals);
+	if (memcmp(val.data, (void *)get_val, val.size)) {
+	    fprintf(stderr, "Unmatched get on %s.\n", get_key);
+	    fprintf(stderr, "Input = %s\nOutput = %s\n", get_val,
+		    (char *)val.data);
+	}
+    }
+    expected = n;
+    fclose(vals);
+    fclose(keys);
+    free(get_key);
+    free(get_val);
+    db->close(db);
+
+
+
+
+    get_key = (char *)malloc(100);
+    get_val = (char *)malloc(300);
+
+    db = dbopen("/usr/tmp/passwd.db", O_RDWR, 0664, DB_HASH, &passwd);
+    if (!db)
+      fprintf(stderr, "Could not open db!\n");
+    n = 0;
+    for (;;) {
+	n++;
+	if (n % 1000 == 0)
+	  fprintf(stderr, "Sequence getting #%d.\n", n);
+	if (db->seq(db, &key, &val, 0) != 0) {
+	    fprintf(stderr,
+		    "Exiting sequence retrieve; n = %d, expected = %d\n",
+		    n - 1 , expected);
+	    break;
+	}
+    }
+    free(get_key);
+    free(get_val);
+    db->close(db);
+
+    get_key = (char *)malloc(100);
+    key2 = (char *)malloc(100);
+
+    keys = fopen("yp.keys", "rt");
+    vals = fopen("yp.total", "rt");
+
+    db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
+    n = 0;
+    while ((get_key = fgets(get_key, 100, keys)) != NULL) {
+	if (n % 1000 == 0)
+	  fprintf(stderr, "Deleting #%d.\n", n);
+	n+=2;
+	key2 = fgets(get_key, 100, keys);
+	if (!key2)
+	  break;
+	key.data = (void *)key2;
+	key.size = strlen(key2);
+	if (db->del(db, &key, 0) != 0)
+	  fprintf(stderr, "Delete error on %d", n);
+    }
+
+    db->close(db);
+    free(get_key);
+    free(key2);
+    fclose(keys);
+    fclose(vals);
+
+    get_key = (char *)malloc(100);
+    key2 = (char *)malloc(100);
+    get_val = (char *)malloc(300);
+
+    keys = fopen("yp.keys", "rt");
+    vals = fopen("yp.total", "rt");
+
+    db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
+    n = 0;
+    while ((get_key = fgets(get_key, 100, keys)) != NULL) {
+	n += 2;
+	if (n % 1000 == 0)
+	  fprintf(stderr, "Re-retrieving #%d.\n", n);
+	key2 = fgets(key2, 100, keys);
+	if (!key2)
+	  break;
+	key.data = (void *)get_key;
+	key.size = strlen(get_key);
+	if (db->get(db, &key, &val, 0) != 0)
+	  fprintf(stderr, "Retrieval after delete error on %d\n", n);
+	fgets(get_val, 300, vals);
+	if (memcmp(val.data, (void *)get_val, val.size)) {
+	    fprintf(stderr, "Unmatched get after delete on %s.\n", get_key);
+	    fprintf(stderr, "Input = %s\nOutput = %s\n", get_val,
+		    (char *)val.data);
+	}
+	fgets(get_val, 300, vals);
+    }
+
+    db->close(db);
+    free(get_key);
+    free(key2);
+    free(get_val);
+    fclose(keys);
+    fclose(vals);
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c
new file mode 100644
index 00000000..7d03e609
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void
+main(int argc, char **argv)
+{
+	int i,j,n;
+	char *pass[8], r;
+
+	n = atoi(argv[1]);
+
+	srandom(101173);
+	for (i = 0; i < n; i++) {
+		for (j = 0; j < 8; j++) {
+			r = random() % 122;
+			while (r < 48)
+				r += random() % (122 - r);
+			printf("%c", r);
+		}
+		printf("\n");
+	}
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/run.test b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/run.test
new file mode 100644
index 00000000..ebce8e27
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/run.test
@@ -0,0 +1,1036 @@
+#!/bin/sh -
+#
+#	@(#)run.test	8.13 (Berkeley) 11/2/95
+#
+
+. ./runenv.sh
+
+# db regression tests
+main()
+{
+
+	PROG=./dbtest
+	TMP1=${TMPDIR-.}/t1
+	TMP2=${TMPDIR-.}/t2
+	TMP3=${TMPDIR-.}/t3
+	BINFILES=${TMPDIR-.}/binfiles
+
+	if [ \! -z "$WORDLIST" -a -f "$WORDLIST" ]; then
+		DICT=$WORDLIST
+	elif [ -f /usr/local/lib/dict/words ]; then
+		DICT=/usr/local/lib/dict/words
+	elif [ -f /usr/share/dict/words ]; then
+		DICT=/usr/share/dict/words
+	elif [ -f /usr/dict/words ]; then
+		DICT=/usr/dict/words
+	elif [ -f /usr/share/lib/dict/words ]; then
+		DICT=/usr/share/lib/dict/words
+	elif [ -f $srcdir/../test/dictionary ]; then
+		DICT=`cd $srcdir/../test && pwd`/dictionary
+	else
+		echo 'run.test: no dictionary'
+		exit 1
+	fi
+	
+	dictsize=`wc -l < $DICT`
+
+	bindir=/bin/.
+	find $bindir -type f -exec test -r {} \; -print | head -100 > $BINFILES
+
+	if [ $# -eq 0 ]; then
+		for t in 1 2 3 4 5 6 7 8 9 10 11 12 13 20 40 41 50 60 61 62 63; do
+			test$t
+		done
+	else
+		while [ $# -gt 0 ]
+			do case "$1" in
+			test*)
+				$1;;
+			[0-9]*)
+				test$1;;
+			btree)
+				for t in 1 2 3 7 8 9 10 12 13 40 41 50 60 61 62 63; do
+					test$t
+				done;;
+			hash)
+				for t in 1 2 3 8 13 20; do
+					test$t
+				done;;
+			recno)
+				for t in 1 2 3 4 5 6 7 10 11; do
+					test$t
+				done;;
+			*)
+				echo "run.test: unknown test $1"
+				echo "usage: run.test test# | type"
+				exit 1
+			esac
+			shift
+		done
+	fi
+	rm -f $TMP1 $TMP2 $TMP3 $BINFILES
+	exit 0
+}
+
+getnwords() {
+	# Delete blank lines because the db code appears not to like
+	# empty keys.  Omit lines with non-alphanumeric characters to
+	# avoid shell metacharacters and non-ASCII characters which
+	# could cause 'rev' to choke.
+	LC_ALL=C sed -e '/^$/d' -e '/[^A-Za-z]/d' < $DICT | sed -e ${1}q
+}
+
+# Take the first hundred entries in the dictionary, and make them
+# be key/data pairs.
+test1()
+{
+	echo "Test 1: btree, hash: small key, small data pairs"
+	getnwords 200 > $TMP1
+	for type in btree hash; do
+		rm -f $TMP2 $TMP3
+		for i in `cat $TMP1`; do
+			echo p
+			echo k$i
+			echo d$i
+			echo g
+			echo k$i
+		done > $TMP2
+		$PROG -o $TMP3 $type $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test1: type $type: failed"
+			exit 1
+		fi
+	done
+	echo "Test 1: recno: small key, small data pairs"
+	rm -f $TMP2 $TMP3
+	awk '{ 
+		++i;
+		printf("p\nk%d\nd%s\ng\nk%d\n", i, $0, i);
+	}' < $TMP1 > $TMP2
+	$PROG -o $TMP3 recno $TMP2
+	if (cmp -s $TMP1 $TMP3) ; then :
+	else
+		echo "test1: type recno: failed"
+		exit 1
+	fi
+}
+
+# Take the first 200 entries in the dictionary, and give them
+# each a medium size data entry.
+test2()
+{
+	echo "Test 2: btree, hash: small key, medium data pairs"
+	mdata=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
+	echo $mdata |
+	awk '{ for (i = 1; i < 201; ++i) print $0 }' > $TMP1
+	for type in hash btree; do
+		rm -f $TMP2 $TMP3
+		for i in `getnwords 200`; do
+			echo p
+			echo k$i
+			echo d$mdata
+			echo g
+			echo k$i
+		done > $TMP2
+		$PROG -o $TMP3 $type $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test2: type $type: failed"
+			exit 1
+		fi
+	done
+	echo "Test 2: recno: small key, medium data pairs"
+	rm -f $TMP2 $TMP3
+	echo $mdata | 
+	awk '{  for (i = 1; i < 201; ++i)
+		printf("p\nk%d\nd%s\ng\nk%d\n", i, $0, i);
+	}' > $TMP2
+	$PROG -o $TMP3 recno $TMP2
+	if (cmp -s $TMP1 $TMP3) ; then :
+	else
+		echo "test2: type recno: failed"
+		exit 1
+	fi
+}
+
+# Insert the programs in $bindir with their paths as their keys.
+test3()
+{
+	echo "Test 3: hash: small key, big data pairs"
+	rm -f $TMP1
+	xargs cat < $BINFILES > $TMP1
+	for type in hash; do
+		rm -f $TMP2 $TMP3
+		for i in `cat $BINFILES`; do
+			echo p
+			echo k$i
+			echo D$i
+			echo g
+			echo k$i
+		done > $TMP2
+		$PROG -o $TMP3 $type $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test3: $type: failed"
+			exit 1
+		fi
+	done
+	echo "Test 3: btree: small key, big data pairs"
+	for psize in 512 16384 65536; do
+		echo "    page size $psize"
+		for type in btree; do
+			rm -f $TMP2 $TMP3
+			for i in `cat $BINFILES`; do
+				echo p
+				echo k$i
+				echo D$i
+				echo g
+				echo k$i
+			done > $TMP2
+			$PROG -i psize=$psize -o $TMP3 $type $TMP2
+			if (cmp -s $TMP1 $TMP3) ; then :
+			else
+				echo "test3: $type: page size $psize: failed"
+				exit 1
+			fi
+		done
+	done
+	echo "Test 3: recno: big data pairs"
+	rm -f $TMP2 $TMP3
+	awk '{
+		++i;
+		printf("p\nk%d\nD%s\ng\nk%d\n", i, $0, i);
+	}' < $BINFILES > $TMP2
+	for psize in 512 16384 65536; do
+		echo "    page size $psize"
+		$PROG -i psize=$psize -o $TMP3 recno $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test3: recno: page size $psize: failed"
+			exit 1
+		fi
+	done
+}
+
+# Do random recno entries.
+test4()
+{
+	echo "Test 4: recno: random entries"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk '{
+		for (i = 37; i <= 37 + 88 * 17; i += 17) {
+			if (i % 41)
+				s = substr($0, 1, i % 41);
+			else
+				s = substr($0, 1);
+			printf("input key %d: %s\n", i, s);
+		}
+		for (i = 1; i <= 15; ++i) {
+			if (i % 41)
+				s = substr($0, 1, i % 41);
+			else
+				s = substr($0, 1);
+			printf("input key %d: %s\n", i, s);
+		}
+		for (i = 19234; i <= 19234 + 61 * 27; i += 27) {
+			if (i % 41)
+				s = substr($0, 1, i % 41);
+			else
+				s = substr($0, 1);
+			printf("input key %d: %s\n", i, s);
+		}
+		exit
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+	cat $TMP1 |
+	awk 'BEGIN {
+			i = 37;
+			incr = 17;
+		}
+		{
+			printf("p\nk%d\nd%s\n", i, $0);
+			if (i == 19234 + 61 * 27)
+				exit;
+			if (i == 37 + 88 * 17) {
+				i = 1;
+				incr = 1;
+			} else if (i == 15) {
+				i = 19234;
+				incr = 27;
+			} else
+				i += incr;
+		}
+		END {
+			for (i = 37; i <= 37 + 88 * 17; i += 17)
+				printf("g\nk%d\n", i);
+			for (i = 1; i <= 15; ++i)
+				printf("g\nk%d\n", i);
+			for (i = 19234; i <= 19234 + 61 * 27; i += 27)
+				printf("g\nk%d\n", i);
+		}' > $TMP2
+	$PROG -o $TMP3 recno $TMP2
+	if (cmp -s $TMP1 $TMP3) ; then :
+	else
+		echo "test4: type recno: failed"
+		exit 1
+	fi
+}
+
+# Do reverse order recno entries.
+test5()
+{
+	echo "Test 5: recno: reverse order entries"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk ' {
+		for (i = 1500; i; --i) {
+			if (i % 34)
+				s = substr($0, 1, i % 34);
+			else
+				s = substr($0, 1);
+			printf("input key %d: %s\n", i, s);
+		}
+		exit;
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+	cat $TMP1 |
+	awk 'BEGIN {
+			i = 1500;
+		}
+		{
+			printf("p\nk%d\nd%s\n", i, $0);
+			--i;
+		}
+		END {
+			for (i = 1500; i; --i) 
+				printf("g\nk%d\n", i);
+		}' > $TMP2
+	$PROG -o $TMP3 recno $TMP2
+	if (cmp -s $TMP1 $TMP3) ; then :
+	else
+		echo "test5: type recno: failed"
+		exit 1
+	fi
+}
+		
+# Do alternating order recno entries.
+test6()
+{
+	echo "Test 6: recno: alternating order entries"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk ' {
+		for (i = 1; i < 1200; i += 2) {
+			if (i % 34)
+				s = substr($0, 1, i % 34);
+			else
+				s = substr($0, 1);
+			printf("input key %d: %s\n", i, s);
+		}
+		for (i = 2; i < 1200; i += 2) {
+			if (i % 34)
+				s = substr($0, 1, i % 34);
+			else
+				s = substr($0, 1);
+			printf("input key %d: %s\n", i, s);
+		}
+		exit;
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+	cat $TMP1 |
+	awk 'BEGIN {
+			i = 1;
+			even = 0;
+		}
+		{
+			printf("p\nk%d\nd%s\n", i, $0);
+			i += 2;
+			if (i >= 1200) {
+				if (even == 1)
+					exit;
+				even = 1;
+				i = 2;
+			}
+		}
+		END {
+			for (i = 1; i < 1200; ++i) 
+				printf("g\nk%d\n", i);
+		}' > $TMP2
+	$PROG -o $TMP3 recno $TMP2
+	sort -o $TMP1 $TMP1
+	sort -o $TMP3 $TMP3
+	if (cmp -s $TMP1 $TMP3) ; then :
+	else
+		echo "test6: type recno: failed"
+		exit 1
+	fi
+}
+
+# Delete cursor record
+test7()
+{
+	echo "Test 7: btree, recno: delete cursor record"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk '{
+		for (i = 1; i <= 120; ++i)
+			printf("%05d: input key %d: %s\n", i, i, $0);
+		printf("%05d: input key %d: %s\n", 120, 120, $0);
+		printf("seq failed, no such key\n");
+		printf("%05d: input key %d: %s\n", 1, 1, $0);
+		printf("%05d: input key %d: %s\n", 2, 2, $0);
+		exit;
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+
+	for type in btree recno; do
+		cat $TMP1 |
+		awk '{
+			if (i == 120)
+				exit;
+			printf("p\nk%d\nd%s\n", ++i, $0);
+		}
+		END {
+			printf("fR_NEXT\n");
+			for (i = 1; i <= 120; ++i)
+				printf("s\n");
+			printf("fR_CURSOR\ns\nk120\n");
+			printf("r\n");
+			printf("fR_NEXT\ns\n");
+			printf("fR_CURSOR\ns\nk1\n");
+			printf("r\n");
+			printf("fR_FIRST\ns\n");
+		}' > $TMP2
+		$PROG -o $TMP3 recno $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test7: type $type: failed"
+			exit 1
+		fi
+	done
+}
+
+# Make sure that overflow pages are reused.
+test8()
+{
+	echo "Test 8: btree: repeated small key, big data pairs"
+	rm -f $TMP1
+	# /bin/csh is no longer ubiquitous - find a substitute
+	# The test stores contents of a known file
+	tfile=""
+	for tp in /bin/csh /bin/ls /usr/bin/ls /bin/cat /usr/bin/cat; do
+	    if [ "x$tfile" = "x" -a -f $tp ]; then
+		tfile=$tp
+	    fi
+	done
+	if [ "x$tfile" = "x" ]; then
+	    echo "No suitable file for testing purposes"
+	    exit 1
+	fi
+	echo "" | 
+	awk 'BEGIN {
+		for (i = 1; i <= 10; ++i) {
+			printf("p\nkkey1\nD/bin/sh\n");
+			printf("p\nkkey2\nD'$tfile'\n");
+			if (i % 8 == 0) {
+				printf("c\nkkey2\nD'$tfile'\n");
+				printf("c\nkkey1\nD/bin/sh\n");
+				printf("e\t%d of 10 (comparison)\n", i);
+			} else
+				printf("e\t%d of 10             \n", i);
+			printf("r\nkkey1\nr\nkkey2\n");
+		}
+	}' > $TMP1
+	if $PROG btree $TMP1 ; then
+	    true
+	else
+	    echo "test8: btree tests failed"
+	    exit 1
+	fi
+#	$PROG hash $TMP1
+	# No explicit test for success.
+}
+
+# Test btree duplicate keys
+test9()
+{
+	echo "Test 9: btree: duplicate keys"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk '{
+		for (i = 1; i <= 543; ++i)
+			printf("%05d: input key %d: %s\n", i, i, $0);
+		exit;
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+
+	for type in btree; do
+		cat $TMP1 | 
+		awk '{
+			if (i++ % 2)
+				printf("p\nkduplicatekey\nd%s\n", $0);
+			else
+				printf("p\nkunique%dkey\nd%s\n", i, $0);
+		}
+		END {
+				printf("o\n");
+		}' > $TMP2
+		$PROG -iflags=1 -o $TMP3 $type $TMP2
+		sort -o $TMP3 $TMP3
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test9: type $type: failed"
+			exit 1
+		fi
+	done
+}
+
+# Test use of cursor flags without initialization
+test10()
+{
+	echo "Test 10: btree, recno: test cursor flag use"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk '{
+		for (i = 1; i <= 20; ++i)
+			printf("%05d: input key %d: %s\n", i, i, $0);
+		exit;
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+
+	# Test that R_CURSOR doesn't succeed before cursor initialized
+	for type in btree recno; do
+		cat $TMP1 |
+		awk '{
+			if (i == 10)
+				exit;
+			printf("p\nk%d\nd%s\n", ++i, $0);
+		}
+		END {
+			printf("fR_CURSOR\nr\n");
+			printf("eR_CURSOR SHOULD HAVE FAILED\n");
+		}' > $TMP2
+		$PROG -o $TMP3 $type $TMP2 > /dev/null 2>&1
+		if [ -s $TMP3 ] ; then
+			echo "Test 10: delete: R_CURSOR SHOULD HAVE FAILED"
+			exit 1
+		fi
+	done
+	for type in btree recno; do
+		cat $TMP1 |
+		awk '{
+			if (i == 10)
+				exit;
+			printf("p\nk%d\nd%s\n", ++i, $0);
+		}
+		END {
+			printf("fR_CURSOR\np\nk1\ndsome data\n");
+			printf("eR_CURSOR SHOULD HAVE FAILED\n");
+		}' > $TMP2
+		$PROG -o $TMP3 $type $TMP2 > /dev/null 2>&1
+		if [ -s $TMP3 ] ; then
+			echo "Test 10: put: R_CURSOR SHOULD HAVE FAILED"
+			exit 1
+		fi
+	done
+}
+
+# Test insert in reverse order.
+test11()
+{
+	echo "Test 11: recno: reverse order insert"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk '{
+		for (i = 1; i <= 779; ++i)
+			printf("%05d: input key %d: %s\n", i, i, $0);
+		exit;
+	}' > $TMP1
+	rm -f $TMP2 $TMP3
+
+	for type in recno; do
+		cat $TMP1 |
+		awk '{
+			if (i == 0) {
+				i = 1;
+				printf("p\nk1\nd%s\n", $0);
+				printf("%s\n", "fR_IBEFORE");
+			} else
+				printf("p\nk1\nd%s\n", $0);
+		}
+		END {
+				printf("or\n");
+		}' > $TMP2
+		$PROG -o $TMP3 $type $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test11: type $type: failed"
+			exit 1
+		fi
+	done
+}
+
+# Take the first 20000 entries in the dictionary, reverse them, and give
+# them each a small size data entry.  Use a small page size to make sure
+# the btree split code gets hammered.
+test12()
+{
+	if ( rev < /dev/null ) > /dev/null 2>&1 ; then
+		:
+	else
+		echo "Test 12: skipped, rev not found"
+		return
+	fi
+	if test $dictsize -lt 20001 ; then
+		echo "Test 12: skipped, dictionary too small"
+		return
+	else
+		:
+	fi
+	echo "Test 12: btree: lots of keys, small page size"
+	mdata=abcdefghijklmnopqrstuvwxy
+	echo $mdata |
+	awk '{ for (i = 1; i < 20001; ++i) print $0 }' > $TMP1
+	for type in btree; do
+		rm -f $TMP2 $TMP3
+		for i in `getnwords 20000 | rev`; do
+			echo p
+			echo k$i
+			echo d$mdata
+			echo g
+			echo k$i
+		done > $TMP2
+		$PROG -i psize=512 -o $TMP3 $type $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test12: type $type: failed"
+			exit 1
+		fi
+	done
+}
+
+# Test different byte orders.
+test13()
+{
+	echo "Test 13: btree, hash: differing byte orders"
+	getnwords 50 > $TMP1
+	for order in 1234 4321; do
+		for type in btree hash; do
+			rm -f byte.file $TMP2 $TMP3
+			for i in `cat $TMP1`; do
+				echo p
+				echo k$i
+				echo d$i
+				echo S
+				echo g
+				echo k$i
+			done > $TMP2
+			$PROG -ilorder=$order -f byte.file -o $TMP3 $type $TMP2
+			if (cmp -s $TMP1 $TMP3) ; then :
+			else
+				echo "test13: $type/$order put failed"
+				exit 1
+			fi
+			for i in `cat $TMP1`; do
+				echo g
+				echo k$i
+			done > $TMP2
+			$PROG -s \
+			    -ilorder=$order -f byte.file -o $TMP3 $type $TMP2
+			if (cmp -s $TMP1 $TMP3) ; then :
+			else
+				echo "test13: $type/$order get failed"
+				exit 1
+			fi
+		done
+	done
+	rm -f byte.file
+}
+
+# Try a variety of bucketsizes and fill factors for hashing
+test20()
+{
+	if test $dictsize -lt 10001 ; then
+		echo "Test 20: skipped, dictionary too small"
+		return
+	else
+		:
+	fi
+	echo\
+    "Test 20: hash: bucketsize, fill factor; nelem 25000 cachesize 65536"
+	echo "abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg" |
+	awk '{
+		for (i = 1; i <= 10000; ++i) {
+			if (i % 34)
+				s = substr($0, 1, i % 34);
+			else
+				s = substr($0, 1);
+			printf("%s\n", s);
+		}
+		exit;
+	}' > $TMP1
+	getnwords 10000 |
+	awk 'BEGIN {
+		ds="abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg abcdefg"
+	}
+	{
+		if (++i % 34)
+			s = substr(ds, 1, i % 34);
+		else
+			s = substr(ds, 1);
+		printf("p\nk%s\nd%s\n", $0, s);
+	}' > $TMP2
+	getnwords 10000 |
+	awk '{
+		++i;
+		printf("g\nk%s\n", $0);
+	}' >> $TMP2
+	bsize=256
+	for ffactor in 11 14 21; do
+		echo "    bucketsize $bsize, fill factor $ffactor"
+		$PROG -o$TMP3 \
+		    -ibsize=$bsize,ffactor=$ffactor,nelem=25000,cachesize=65536\
+		    hash $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test20: type hash:\
+bsize=$bsize ffactor=$ffactor nelem=25000 cachesize=65536 failed"
+			exit 1
+		fi
+	done
+	bsize=512
+	for ffactor in 21 28 43; do
+		echo "    bucketsize $bsize, fill factor $ffactor"
+		$PROG -o$TMP3 \
+		    -ibsize=$bsize,ffactor=$ffactor,nelem=25000,cachesize=65536\
+		    hash $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test20: type hash:\
+bsize=$bsize ffactor=$ffactor nelem=25000 cachesize=65536 failed"
+			exit 1
+		fi
+	done
+	bsize=1024
+	for ffactor in 43 57 85; do
+		echo "    bucketsize $bsize, fill factor $ffactor"
+		$PROG -o$TMP3 \
+		    -ibsize=$bsize,ffactor=$ffactor,nelem=25000,cachesize=65536\
+		    hash $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test20: type hash:\
+bsize=$bsize ffactor=$ffactor nelem=25000 cachesize=65536 failed"
+			exit 1
+		fi
+	done
+	bsize=2048
+	for ffactor in 85 114 171; do
+		echo "    bucketsize $bsize, fill factor $ffactor"
+		$PROG -o$TMP3 \
+		    -ibsize=$bsize,ffactor=$ffactor,nelem=25000,cachesize=65536\
+		    hash $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test20: type hash:\
+bsize=$bsize ffactor=$ffactor nelem=25000 cachesize=65536 failed"
+			exit 1
+		fi
+	done
+	bsize=4096
+	for ffactor in 171 228 341; do
+		echo "    bucketsize $bsize, fill factor $ffactor"
+		$PROG -o$TMP3 \
+		    -ibsize=$bsize,ffactor=$ffactor,nelem=25000,cachesize=65536\
+		    hash $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test20: type hash:\
+bsize=$bsize ffactor=$ffactor nelem=25000 cachesize=65536 failed"
+			exit 1
+		fi
+	done
+	bsize=8192
+	for ffactor in 341 455 683; do
+		echo "    bucketsize $bsize, fill factor $ffactor"
+		$PROG -o$TMP3 \
+		    -ibsize=$bsize,ffactor=$ffactor,nelem=25000,cachesize=65536\
+		    hash $TMP2
+		if (cmp -s $TMP1 $TMP3) ; then :
+		else
+			echo "test20: type hash:\
+bsize=$bsize ffactor=$ffactor nelem=25000 cachesize=65536 failed"
+			exit 1
+		fi
+	done
+}
+
+# Test for a weird page split condition where an insertion into index
+# 0 of a page that would cause the new item to be the only item on the
+# left page results in index 0 of the right page being erroneously
+# skipped; this only happens with one particular key+data length for
+# each page size.
+test40 () {
+	echo "Test 40: btree: page split on index 0"
+	e=:
+	for psize in 512 1024 2048 4096 8192; do
+		echo "    page size $psize"
+		kdsizes=`awk 'BEGIN {
+			psize = '$psize'; hsize = int(psize/2);
+			for (kdsize = hsize-40; kdsize <= hsize; kdsize++) {
+				print kdsize;
+			}
+		}' /dev/null`
+
+		# Use a series of keylen+datalen values in the right
+		# neighborhood to find the one that triggers the bug.
+		# We could compute the exact size that triggers the
+		# bug but this additional fuzz may be useful.
+
+		# Insert keys in reverse order to maximize the chances
+		# for a split on index 0.
+
+		for kdsize in $kdsizes; do
+			awk 'BEGIN {
+				kdsize = '$kdsize';
+				for (i = 8; i-- > 0; ) {
+					s = sprintf("a%03d:%09d", i, kdsize);
+					for (j = 0; j < kdsize-20; j++) {
+						s = s "x";
+					}
+					printf("p\nka%03d\nd%s\n", i, s);
+				}
+				print "o";
+			}' /dev/null > $TMP2
+			sed -n 's/^d//p' $TMP2 | sort > $TMP1
+			$PROG -o $TMP3 -i psize=$psize btree $TMP2
+			if (cmp -s $TMP1 $TMP3); then :
+			else
+				echo "test40: btree: page size $psize, \
+keylen+datalen=$kdsize failed"
+				e='exit 1'
+			fi
+		done
+	done
+	$e
+}
+
+# Extremely tricky test attempting to replicate some unusual database
+# corruption seen in the field: pieces of the database becoming
+# inaccessible to random access, sequential access, or both.  The
+# hypothesis is that at least some of these are triggered by the bug
+# in page splits on index 0 with a particular exact keylen+datalen.
+# (See Test 40.)  For psize=4096, this size is exactly 2024.
+
+# The order of operations here relies on very specific knowledge of
+# the internals of the btree access method in order to place records
+# at specific offsets in a page and to create certain keys on internal
+# pages.  The to-be-split page immediately prior to the bug-triggering
+# split has the following properties:
+#
+# * is not the leftmost leaf page
+# * key on the parent page is compares less than the key of the item
+#   on index 0
+# * triggering record's key also compares greater than the key on the
+#   parent page
+
+# Additionally, we prime the mpool LRU chain so that the head page on
+# the chain has the following properties:
+#
+# * record at index 0 is located where it will not get overwritten by
+#   items written to the right-hand page during the split
+# * key of the record at index 0 compares less than the key of the
+#   bug-triggering record
+
+# If the page-split bug exists, this test appears to create a database
+# where some records are inaccessible to a search, but still remain in
+# the file and are accessible by sequential traversal.  At least one
+# record gets duplicated out of sequence.
+
+test41 () {
+	echo "Test 41: btree: no unsearchables due to page split on index 0"
+	# list of individual retrievals in a variable for easy reuse
+	list=`(for i in a b c d; do
+			for j in 990 998 999; do
+				echo g ${i}${j} 1024
+			done
+		done;
+		echo g y997 2014
+		for i in y z; do
+			for j in 998 999; do
+				echo g ${i}${j} 1024
+			done
+		done)`
+	# Exact number for trigger condition accounts for newlines
+	# retained by dbtest with -ofile but not without; we use
+	# -ofile, so count newlines.  keylen=5,datalen=5+2014 for
+	# psize=4096 here.
+	(cat - <<EOF
+p z999 1024
+p z998 1024
+p y999 1024
+p y990 1024
+p d999 1024
+p d990 1024
+p c999 1024
+p c990 1024
+p b999 1024
+p b990 1024
+p a999 1024
+p a990 1024
+p y998 1024
+r y990
+p d998 1024
+p d990 1024
+p c998 1024
+p c990 1024
+p b998 1024
+p b990 1024
+p a998 1024
+p a990 1024
+p y997 2014
+S
+o
+EOF
+	echo "$list") |
+	# awk script input:
+	# {p|g|r} key [datasize]
+	awk '/^[pgr]/{
+		printf("%s\nk%s\n", $1, $2);
+	}
+	/^p/{
+		s = $2;
+		for (i = 0; i < $3; i++) {
+			s = s "x";
+		}
+		printf("d%s\n", s);
+	}
+	!/^[pgr]/{
+		print $0;
+	}' > $TMP2
+	(echo "$list"; echo "$list") | awk '{
+		s = $2;
+		for (i = 0; i < $3; i++) {
+			s = s "x";
+		}
+		print s;
+	}' > $TMP1
+	$PROG -o $TMP3 -i psize=4096 btree $TMP2
+	if (cmp -s $TMP1 $TMP3); then :
+	else
+		echo "test41: btree: failed"
+		exit 1
+	fi
+}
+
+# Test for recursive traversal successfully retrieving records that
+# are inaccessible to normal sequential (sibling-link) traversal.
+# This works by unlinking a few leaf pages but leaving their parent
+# links intact.  To verify that the unlink actually makes records
+# inaccessible, the test first uses "o" to do a normal sequential
+# traversal, followed by "O" to do a recursive traversal.
+test50 () {
+	echo "Test 50: btree: recursive traversal"
+	fill="abcdefghijklmnopqrstuvwxyzy"
+	script='{
+		for (i = 0; i < 20000; i++) {
+			printf("p\nkAA%05d\nd%05d%s\n", i, i, $0);
+		}
+		print "u";
+		print "u";
+		print "u";
+		print "u";
+	}'
+	(echo $fill | awk "$script"; echo o) > $TMP2
+	echo $fill |
+	awk '{
+		for (i = 0; i < 20000; i++) {
+			printf("%05d%s\n", i, $0);
+		}
+	}' > $TMP1
+	$PROG -o $TMP3 -i psize=512 btree $TMP2
+	if (cmp -s $TMP1 $TMP3); then
+		echo "test50: btree: unexpected success after unlinking pages"
+		exit 1
+	fi
+	(echo $fill | awk "$script"; echo O) > $TMP2
+	$PROG -o $TMP3 -i psize=512 btree $TMP2
+	if (cmp -s $TMP1 $TMP3); then :
+	else
+		echo "test50: btree: failed"
+		exit 1
+	fi
+}
+
+test60 () {
+	echo "Test 60: btree: big key, small data, byteswap unaligned access"
+	# 488 = 512 - 20 (header) - 3 ("foo") - 1 (newline)
+	(echo foo; echo bar) |
+	awk '{
+		s = $0
+		for (i = 0; i < 488; i++) {
+			s = s "x";
+		}
+		printf("p\nk%s\ndx\n", s);
+	}' > $TMP2
+	for order in 1234 4321; do
+		$PROG -o $TMP3 -i psize=512,lorder=$order btree $TMP2
+	done
+}
+
+test61 () {
+	echo "Test 61: btree: small key, big data, byteswap unaligned access"
+	# 484 = 512 - 20 (header) - 7 ("foo1234") - 1 (newline)
+	(echo foo1234; echo bar1234) |
+	awk '{
+		s = $0
+		for (i = 0; i < 484; i++) {
+			s = s "x";
+		}
+		printf("p\nk%s\nd%s\n", $0, s);
+	}' > $TMP2
+	for order in 1234 4321; do
+		$PROG -o $TMP3 -i psize=512,lorder=$order btree $TMP2
+	done
+}
+
+test62 () {
+	echo "Test 62: btree: small key, big data, known byte order files"
+	(echo foo1234; echo bar1234) |
+	awk '{
+		s = $0
+		for (i = 0; i < 484; i++) {
+			s = s "x";
+		}
+		printf("%s\n", s);
+	}' > $TMP1
+	(echo g; echo kfoo1234; echo g; echo kbar1234) > $TMP2
+	for f in t.le.db t.be.db; do
+		echo "    $f"
+		$PROG -f $f -s -o $TMP3 btree $TMP2
+		if (cmp -s $TMP1 $TMP3); then :
+		else
+			echo "test62: btree: failed"
+			exit 1
+		fi
+	done
+}
+
+test63 () {
+	echo "Test 63: btree: big key, medium data, bt_split unaligned access"
+	# 488 = 512 - 20 (header) - 3 ("foo") - 1 (newline)
+	# 223 = 232 - 8 (key pointer)
+	# 232 = bt_ovflsize = (512 - 20 (header)) / 2 (DEFMINKEYPAGE)
+	#	- (2 (indx_t) + 12 (NBLEAFDBT(0,0)))
+	awk 'BEGIN {
+		s = "";
+		for (i = 0; i < 488; i++) {
+			s = s "x";
+		}
+		d = "";
+		for (i = 0; i < 223; i++) {
+			d = d "x";
+		}
+		for (i = 0; i < 128; i++) {
+			printf("p\nk%s%03d\nd%s\n", s, i, d);
+		}
+	}' /dev/null > $TMP2
+	$PROG -o $TMP3 -i psize=512 btree $TMP2
+}
+
+main $*
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/t.be.txt b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/t.be.txt
new file mode 100644
index 00000000..4c60e2e2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/t.be.txt
@@ -0,0 +1,64 @@
+0005316200000003000002000000000000000000000000200000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+00000001000000000000000000000002001801C801C801E4FFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFF000000080000000801626172313233340A00000003000001
+ECFFFFFF000000080000000801666F6F313233340A00000002000001ECFFFFFF
+0000000200000000000000000000000400000000666F6F313233347878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+787878787878787878787878787878787878787878787878787878787878780A
+0000000300000000000000000000000400000000626172313233347878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+787878787878787878787878787878787878787878787878787878787878780A
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/t.le.txt b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/t.le.txt
new file mode 100644
index 00000000..ad1154b0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/libdb2/test/t.le.txt
@@ -0,0 +1,64 @@
+6231050003000000000200000000000000000000200000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+010000000000000000000000020000001800C801C801E401FFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFF080000000800000001626172313233340A03000000EC0100
+00FFFFFF080000000800000001666F6F313233340A02000000EC010000FFFFFF
+0200000000000000000000000400000000000000666F6F313233347878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+787878787878787878787878787878787878787878787878787878787878780A
+0300000000000000000000000400000000000000626172313233347878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+7878787878787878787878787878787878787878787878787878787878787878
+787878787878787878787878787878787878787878787878787878787878780A
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/lockout.c b/krb5-1.21.3/src/plugins/kdb/db2/lockout.c
new file mode 100644
index 00000000..30fb554d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/lockout.c
@@ -0,0 +1,222 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/db2/lockout.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include <stdio.h>
+#include <errno.h>
+#include <kadm5/server_internal.h>
+#include "kdb5.h"
+#include "kdb_db2.h"
+
+/*
+ * Helper routines for databases that wish to use the default
+ * principal lockout functionality.
+ */
+
+static krb5_error_code
+lookup_lockout_policy(krb5_context context,
+                      krb5_db_entry *entry,
+                      krb5_kvno *pw_max_fail,
+                      krb5_deltat *pw_failcnt_interval,
+                      krb5_deltat *pw_lockout_duration)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    osa_princ_ent_rec adb;
+    XDR xdrs;
+
+    *pw_max_fail = 0;
+    *pw_failcnt_interval = 0;
+    *pw_lockout_duration = 0;
+
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+
+    code = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (code != 0 || tl_data.tl_data_length == 0)
+        return code;
+
+    memset(&adb, 0, sizeof(adb));
+    xdrmem_create(&xdrs, (char *)tl_data.tl_data_contents,
+                  tl_data.tl_data_length, XDR_DECODE);
+    if (!xdr_osa_princ_ent_rec(&xdrs, &adb)) {
+        xdr_destroy(&xdrs);
+        return KADM5_XDR_FAILURE;
+    }
+
+    if (adb.policy != NULL) {
+        osa_policy_ent_t policy = NULL;
+
+        code = krb5_db2_get_policy(context, adb.policy, &policy);
+        if (code == 0) {
+            *pw_max_fail = policy->pw_max_fail;
+            *pw_failcnt_interval = policy->pw_failcnt_interval;
+            *pw_lockout_duration = policy->pw_lockout_duration;
+            krb5_db_free_policy(context, policy);
+        }
+    }
+
+    xdr_destroy(&xdrs);
+
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+    xdr_osa_princ_ent_rec(&xdrs, &adb);
+    xdr_destroy(&xdrs);
+
+    return 0;
+}
+
+/* draft-behera-ldap-password-policy-10.txt 7.1 */
+static krb5_boolean
+locked_check_p(krb5_context context,
+               krb5_timestamp stamp,
+               krb5_kvno max_fail,
+               krb5_timestamp lockout_duration,
+               krb5_db_entry *entry)
+{
+    krb5_timestamp unlock_time;
+
+    /* If the entry was unlocked since the last failure, it's not locked. */
+    if (krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time) == 0 &&
+        !ts_after(entry->last_failed, unlock_time))
+        return FALSE;
+
+    if (max_fail == 0 || entry->fail_auth_count < max_fail)
+        return FALSE;
+
+    if (lockout_duration == 0)
+        return TRUE; /* principal permanently locked */
+
+    return ts_after(ts_incr(entry->last_failed, lockout_duration), stamp);
+}
+
+krb5_error_code
+krb5_db2_lockout_check_policy(krb5_context context,
+                              krb5_db_entry *entry,
+                              krb5_timestamp stamp)
+{
+    krb5_error_code code;
+    krb5_kvno max_fail = 0;
+    krb5_deltat failcnt_interval = 0;
+    krb5_deltat lockout_duration = 0;
+    krb5_db2_context *db_ctx = context->dal_handle->db_context;
+
+    if (db_ctx->disable_lockout)
+        return 0;
+
+    code = lookup_lockout_policy(context, entry, &max_fail,
+                                 &failcnt_interval,
+                                 &lockout_duration);
+    if (code != 0)
+        return code;
+
+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+        return KRB5KDC_ERR_CLIENT_REVOKED;
+
+    return 0;
+}
+
+krb5_error_code
+krb5_db2_lockout_audit(krb5_context context,
+                       krb5_db_entry *entry,
+                       krb5_timestamp stamp,
+                       krb5_error_code status)
+{
+    krb5_error_code code;
+    krb5_kvno max_fail = 0;
+    krb5_deltat failcnt_interval = 0;
+    krb5_deltat lockout_duration = 0;
+    krb5_db2_context *db_ctx = context->dal_handle->db_context;
+    krb5_boolean need_update = FALSE;
+    krb5_timestamp unlock_time;
+
+    switch (status) {
+    case 0:
+    case KRB5KDC_ERR_PREAUTH_FAILED:
+    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+        break;
+    default:
+        return 0;
+    }
+
+    if (entry == NULL)
+        return 0;
+
+    if (!db_ctx->disable_lockout) {
+        code = lookup_lockout_policy(context, entry, &max_fail,
+                                     &failcnt_interval, &lockout_duration);
+        if (code != 0)
+            return code;
+    }
+
+    /*
+     * Don't continue to modify the DB for an already locked account.
+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
+     * this check is unneeded, but in rare cases, we can fail with an
+     * integrity error or preauth failure before a policy check.)
+     */
+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+        return 0;
+
+    /* Only mark the authentication as successful if the entry
+     * required preauthentication, otherwise we have no idea. */
+    if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
+        if (!db_ctx->disable_lockout && entry->fail_auth_count != 0) {
+            entry->fail_auth_count = 0;
+            need_update = TRUE;
+        }
+        if (!db_ctx->disable_last_success) {
+            entry->last_success = stamp;
+            need_update = TRUE;
+        }
+    } else if (!db_ctx->disable_lockout &&
+               (status == KRB5KDC_ERR_PREAUTH_FAILED ||
+                status == KRB5KRB_AP_ERR_BAD_INTEGRITY)) {
+        if (krb5_dbe_lookup_last_admin_unlock(context, entry,
+                                              &unlock_time) == 0 &&
+            !ts_after(entry->last_failed, unlock_time)) {
+            /* Reset fail_auth_count after administrative unlock. */
+            entry->fail_auth_count = 0;
+        }
+
+        if (failcnt_interval != 0 &&
+            ts_after(stamp, ts_incr(entry->last_failed, failcnt_interval))) {
+            /* Reset fail_auth_count after failcnt_interval. */
+            entry->fail_auth_count = 0;
+        }
+
+        entry->last_failed = stamp;
+        entry->fail_auth_count++;
+        need_update = TRUE;
+    }
+
+    if (need_update) {
+        code = krb5_db2_put_principal(context, entry, NULL);
+        if (code != 0)
+            return code;
+    }
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/pol_xdr.c b/krb5-1.21.3/src/plugins/kdb/db2/pol_xdr.c
new file mode 100644
index 00000000..e8576337
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/pol_xdr.c
@@ -0,0 +1,89 @@
+#include <sys/types.h>
+#include <krb5.h>
+#include <gssrpc/rpc.h>
+#include <kdb.h>
+#include <kadm5/admin_xdr.h>
+#include "policy_db.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <string.h>
+
+static int
+osa_policy_min_vers(osa_policy_ent_t objp)
+{
+    if (objp->attributes ||
+        objp->max_life ||
+        objp->max_renewable_life ||
+        objp->allowed_keysalts ||
+        objp->n_tl_data)
+        return OSA_ADB_POLICY_VERSION_3;
+
+    if (objp->pw_max_fail ||
+        objp->pw_failcnt_interval ||
+        objp->pw_lockout_duration)
+        return OSA_ADB_POLICY_VERSION_2;
+
+    return OSA_ADB_POLICY_VERSION_1;
+}
+
+bool_t
+xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
+{
+    switch (xdrs->x_op) {
+    case XDR_ENCODE:
+	 objp->version = osa_policy_min_vers(objp);
+	 /* fall through */
+    case XDR_FREE:
+	 if (!xdr_int(xdrs, &objp->version))
+	      return FALSE;
+	 break;
+    case XDR_DECODE:
+	 if (!xdr_int(xdrs, &objp->version))
+	      return FALSE;
+	 if (objp->version != OSA_ADB_POLICY_VERSION_1 &&
+             objp->version != OSA_ADB_POLICY_VERSION_2 &&
+             objp->version != OSA_ADB_POLICY_VERSION_3)
+	      return FALSE;
+	 break;
+    }
+
+    if(!xdr_nullstring(xdrs, &objp->name))
+	return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_min_life))
+	return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_max_life))
+	return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_min_length))
+	return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_min_classes))
+	return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_history_num))
+	return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->policy_refcnt))
+	return (FALSE);
+    if (objp->version > OSA_ADB_POLICY_VERSION_1) {
+        if (!xdr_u_int32(xdrs, &objp->pw_max_fail))
+	    return (FALSE);
+        if (!xdr_u_int32(xdrs, &objp->pw_failcnt_interval))
+	    return (FALSE);
+        if (!xdr_u_int32(xdrs, &objp->pw_lockout_duration))
+	    return (FALSE);
+    }
+    if (objp->version > OSA_ADB_POLICY_VERSION_2) {
+        if (!xdr_u_int32(xdrs, &objp->attributes))
+	    return (FALSE);
+        if (!xdr_u_int32(xdrs, &objp->max_life))
+	    return (FALSE);
+        if (!xdr_u_int32(xdrs, &objp->max_renewable_life))
+	    return (FALSE);
+        if (!xdr_nullstring(xdrs, &objp->allowed_keysalts))
+	    return (FALSE);
+        if (!xdr_short(xdrs, &objp->n_tl_data))
+            return (FALSE);
+        if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+                          xdr_krb5_tl_data))
+            return FALSE;
+    }
+    return (TRUE);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/db2/policy_db.h b/krb5-1.21.3/src/plugins/kdb/db2/policy_db.h
new file mode 100644
index 00000000..62d11464
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/db2/policy_db.h
@@ -0,0 +1,107 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Data Types for policy and principal information that
+ * exists in the respective databases.
+ *
+ * $Header$
+ *
+ * This file was originally created with rpcgen.
+ * It has been hacked up since then.
+ */
+
+#ifndef __ADB_H__
+#define __ADB_H__
+#include <sys/types.h>
+#include <errno.h>
+#include <krb5.h>
+#include <kdb.h>
+/* Okay, this is a bit obscure.  The libdb2 configure script doesn't
+   detect it, but on Tru64 5.1, netinet/in.h causes sys/bittypes.h to
+   be included, and that has a typedef for u_int32_t.  Because the
+   configure script doesn't detect it, it causes db-config.h to have a
+   #define for u_int32_t, so including db.h and then netinet/in.h
+   causes compilation to fail.
+
+   Since gssrpc/types.h includes netinet/in.h, including that first
+   will cause the typedef to be seen before the macro definition,
+   which still isn't quite right, but is close enough for now.
+
+   A better fix might be for db.h to include netinet/in.h if that's
+   where we find u_int32_t.  */
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include <db.h>
+#include "adb_err.h"
+#include <com_err.h>
+
+/* DB2 uses EFTYPE to indicate a database file of the wrong format, and falls
+ * back to EINVAL if the platform does not define EFTYPE. */
+#ifdef EFTYPE
+#define IS_EFTYPE(e) ((e) == EFTYPE || (e) == EINVAL)
+#else
+#define IS_EFTYPE(e) ((e) == EINVAL)
+#endif
+
+typedef long            osa_adb_ret_t;
+
+#define OSA_ADB_POLICY_DB_MAGIC 0x12345A00
+
+#define OSA_ADB_POLICY_VERSION_MASK     0x12345D00
+#define OSA_ADB_POLICY_VERSION_1        0x12345D01
+#define OSA_ADB_POLICY_VERSION_2        0x12345D02
+#define OSA_ADB_POLICY_VERSION_3        0x12345D03
+
+
+
+typedef struct _osa_adb_db_lock_ent_t {
+    FILE     *lockfile;
+    char     *filename;
+    int      refcnt, lockmode, lockcnt;
+    krb5_context context;
+} osa_adb_lock_ent, *osa_adb_lock_t;
+
+typedef struct _osa_adb_db_ent_t {
+    int        magic;
+    DB         *db;
+    HASHINFO   info;
+    BTREEINFO  btinfo;
+    char       *filename;
+    osa_adb_lock_t lock;
+    int        opencnt;
+} osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t;
+
+/*
+ * Return Code (the rest are in adb_err.h)
+ */
+
+#define OSA_ADB_OK              0
+
+/*
+ * Functions
+ */
+
+krb5_error_code osa_adb_create_db(char *filename, char *lockfile, int magic);
+krb5_error_code osa_adb_destroy_db(char *filename, char *lockfile, int magic);
+krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
+                                char *lockfile, int magic);
+krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic);
+krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode);
+krb5_error_code osa_adb_release_lock(osa_adb_db_t db);
+krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype);
+krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db);
+krb5_error_code osa_adb_create_policy(osa_adb_policy_t db,
+                                      osa_policy_ent_t entry);
+krb5_error_code osa_adb_destroy_policy(osa_adb_policy_t db,
+                                       char * name);
+krb5_error_code osa_adb_get_policy(osa_adb_policy_t db, char *name,
+                                   osa_policy_ent_t *entry);
+krb5_error_code osa_adb_put_policy(osa_adb_policy_t db,
+                                   osa_policy_ent_t entry);
+krb5_error_code osa_adb_iter_policy(osa_adb_policy_t db,
+                                    osa_adb_iter_policy_func func,
+                                    void * data);
+void osa_free_policy_ent(osa_policy_ent_t val);
+
+bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
+
+#endif /* __ADB_H__ */
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/Makefile.in b/krb5-1.21.3/src/plugins/kdb/ldap/Makefile.in
new file mode 100644
index 00000000..69c120eb
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/Makefile.in
@@ -0,0 +1,36 @@
+mydir=plugins$(S)kdb$(S)ldap
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_DB_MODULE_DIR)
+
+SUBDIRS= libkdb_ldap
+
+LOCALINCLUDES = -I../../../lib/kdb -I$(srcdir)/../../../lib/kdb \
+	-I$(srcdir)/libkdb_ldap
+
+LIBBASE=kldap
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kdb/ldap
+# Depends on libk5crypto and libkrb5
+# Also on gssrpc, for xdr stuff.
+SHLIB_EXPDEPS = \
+	$(TOPLIBD)/libkdb_ldap$(SHLIBEXT) \
+	$(GSSRPC_DEPLIBS) \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT) \
+	$(TOPLIBD)/lib$(SUPPORT_LIBNAME)$(SHLIBEXT)
+SHLIB_EXPLIBS= -lkdb_ldap $(GSSRPC_LIBS) -lkrb5 $(COM_ERR_LIB) -lk5crypto -lkrb5support $(LIBS)
+
+SRCS= 	$(srcdir)/ldap_exp.c
+
+$(TOPLIBD)/libkdb_ldap$(SHLIBEXT) : all-recurse
+
+STLIBOBJS= ldap_exp.o
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/deps b/krb5-1.21.3/src/plugins/kdb/ldap/deps
new file mode 100644
index 00000000..40668289
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/deps
@@ -0,0 +1,27 @@
+#
+# Generated makefile dependencies follow.
+#
+ldap_exp.so ldap_exp.po $(OUTPRE)ldap_exp.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../lib/kdb/kdb5.h \
+  $(srcdir)/libkdb_ldap/kdb_ldap.h $(srcdir)/libkdb_ldap/ldap_krbcontainer.h \
+  $(srcdir)/libkdb_ldap/ldap_principal.h $(srcdir)/libkdb_ldap/ldap_pwd_policy.h \
+  $(srcdir)/libkdb_ldap/ldap_realm.h $(srcdir)/libkdb_ldap/ldap_tkt_policy.h \
+  $(srcdir)/libkdb_ldap/princ_xdr.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ldap_exp.c
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/kldap.exports b/krb5-1.21.3/src/plugins/kdb/ldap/kldap.exports
new file mode 100644
index 00000000..f2b7c111
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/kldap.exports
@@ -0,0 +1 @@
+kdb_function_table
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_exp.c b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_exp.c
new file mode 100644
index 00000000..d5cd82bb
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_exp.c
@@ -0,0 +1,86 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_exp.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <stdio.h>
+#include <errno.h>
+#include <utime.h>
+#include <kdb5.h>
+#include "kdb_ldap.h"
+#include "ldap_principal.h"
+#include "ldap_pwd_policy.h"
+
+
+/*
+ *      Exposed API
+ */
+
+kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = {
+    KRB5_KDB_DAL_MAJOR_VERSION,             /* major version number */
+    0,                                      /* minor version number 0 */
+    /* init_library */                      krb5_ldap_lib_init,
+    /* fini_library */                      krb5_ldap_lib_cleanup,
+    /* init_module */                       krb5_ldap_open,
+    /* fini_module */                       krb5_ldap_close,
+    /* create */                            krb5_ldap_create,
+    /* destroy */                           krb5_ldap_delete_realm_1,
+    /* get_age */                           krb5_ldap_get_age,
+    /* lock */                              krb5_ldap_lock,
+    /* unlock */                            krb5_ldap_unlock,
+    /* get_principal */                     krb5_ldap_get_principal,
+    /* put_principal */                     krb5_ldap_put_principal,
+    /* delete_principal */                  krb5_ldap_delete_principal,
+    /* rename_principal */                  krb5_ldap_rename_principal,
+    /* iterate */                           krb5_ldap_iterate,
+    /* create_policy */                     krb5_ldap_create_password_policy,
+    /* get_policy */                        krb5_ldap_get_password_policy,
+    /* put_policy */                        krb5_ldap_put_password_policy,
+    /* iter_policy */                       krb5_ldap_iterate_password_policy,
+    /* delete_policy */                     krb5_ldap_delete_password_policy,
+    /* optional functions */
+    /* fetch_master_key */                  NULL /* krb5_ldap_fetch_mkey */,
+    /* fetch_master_key_list */             NULL,
+    /* store_master_key_list */             NULL,
+    /* Search enc type */                   NULL,
+    /* Change pwd   */                      NULL,
+    /* promote_db */                        NULL,
+    /* decrypt_key_data */                  NULL,
+    /* encrypt_key_data */                  NULL,
+    /* check_transited_realms */            NULL,
+    /* check_policy_as */                   krb5_ldap_check_policy_as,
+    /* check_policy_tgs */                  NULL,
+    /* audit_as_req */                      krb5_ldap_audit_as_req,
+    /* refresh_config */                    NULL,
+    /* check_allowed_to_delegate */         krb5_ldap_check_allowed_to_delegate
+
+};
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/Makefile.in b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/Makefile.in
new file mode 100644
index 00000000..8669c243
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/Makefile.in
@@ -0,0 +1,29 @@
+mydir=plugins$(S)kdb$(S)ldap$(S)ldap_util
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+DEFINES = -DKDB4_DISABLE
+LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(top_srcdir)/lib/kdb
+#KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
+KDB_DEP_LIB=$(DL_LIB) -lkdb_ldap $(THREAD_LINKOPTS)
+
+PROG = kdb5_ldap_util
+SRCS = kdb5_ldap_util.c kdb5_ldap_list.c kdb5_ldap_realm.c kdb5_ldap_policy.c kdb5_ldap_services.c getdate.c
+OBJS = kdb5_ldap_util.o kdb5_ldap_list.o kdb5_ldap_realm.o kdb5_ldap_policy.o kdb5_ldap_services.o getdate.o
+
+GETDATE = $(srcdir)/../../../../kadmin/cli/getdate.y
+
+all: $(PROG)
+
+$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE)
+	$(CC_LINK) -o $(PROG) $(OBJS) \
+		$(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
+
+getdate.c: $(GETDATE)
+	$(RM) getdate.c y.tab.c
+	$(YACC) $(GETDATE)
+	$(MV) y.tab.c getdate.c
+
+install:
+	$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
+
+clean:
+	$(RM) $(PROG) $(OBJS) getdate.c
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/deps b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/deps
new file mode 100644
index 00000000..a641fe8e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/deps
@@ -0,0 +1,104 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdb5_ldap_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../libkdb_ldap/kdb_ldap.h \
+  $(srcdir)/../libkdb_ldap/ldap_krbcontainer.h $(srcdir)/../libkdb_ldap/ldap_misc.h \
+  $(srcdir)/../libkdb_ldap/ldap_realm.h $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb5_ldap_policy.h kdb5_ldap_realm.h kdb5_ldap_services.h \
+  kdb5_ldap_util.c kdb5_ldap_util.h
+$(OUTPRE)kdb5_ldap_list.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_ldap_list.c \
+  kdb5_ldap_list.h
+$(OUTPRE)kdb5_ldap_realm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../libkdb_ldap/kdb_ldap.h \
+  $(srcdir)/../libkdb_ldap/ldap_krbcontainer.h $(srcdir)/../libkdb_ldap/ldap_misc.h \
+  $(srcdir)/../libkdb_ldap/ldap_principal.h $(srcdir)/../libkdb_ldap/ldap_realm.h \
+  $(srcdir)/../libkdb_ldap/ldap_tkt_policy.h $(srcdir)/../libkdb_ldap/princ_xdr.h \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb5_ldap_list.h kdb5_ldap_policy.h \
+  kdb5_ldap_realm.c kdb5_ldap_realm.h kdb5_ldap_services.h \
+  kdb5_ldap_util.h
+$(OUTPRE)kdb5_ldap_policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../libkdb_ldap/kdb_ldap.h \
+  $(srcdir)/../libkdb_ldap/ldap_krbcontainer.h $(srcdir)/../libkdb_ldap/ldap_misc.h \
+  $(srcdir)/../libkdb_ldap/ldap_realm.h $(srcdir)/../libkdb_ldap/ldap_tkt_policy.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb5_ldap_list.h kdb5_ldap_policy.c kdb5_ldap_policy.h \
+  kdb5_ldap_realm.h kdb5_ldap_services.h kdb5_ldap_util.h
+$(OUTPRE)kdb5_ldap_services.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../libkdb_ldap/kdb_ldap.h \
+  $(srcdir)/../libkdb_ldap/ldap_krbcontainer.h $(srcdir)/../libkdb_ldap/ldap_misc.h \
+  $(srcdir)/../libkdb_ldap/ldap_realm.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb5_ldap_list.h kdb5_ldap_policy.h kdb5_ldap_realm.h \
+  kdb5_ldap_services.c kdb5_ldap_services.h kdb5_ldap_util.h
+$(OUTPRE)getdate.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  getdate.c
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
new file mode 100644
index 00000000..52375a22
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
@@ -0,0 +1,275 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Miscellaneous functions for managing the string and integer lists
+ */
+
+#include <k5-int.h>
+#include "kdb5_ldap_list.h"
+
+/*
+ * Counts the number of entries in the given array of strings
+ */
+int
+list_count_str_array(char **list)
+{
+    int i = 0;
+
+    if (list == NULL)
+        return 0;
+
+    for (i = 0; *list != NULL; list++) {
+        i++;
+    }
+
+    return i;
+}
+
+
+/*
+ * Counts the number of entries in the given array of integers
+ */
+int
+list_count_int_array(int *list)
+{
+    int i = 0;
+
+    if (list == NULL)
+        return 0;
+
+    for (i = 0; *list != END_OF_LIST; list++) {
+        i++;
+    }
+
+    return i;
+}
+
+
+/*
+ * Frees the entries in a given list and not the list pointer
+ */
+void
+krb5_free_list_entries(char **list)
+{
+    if (list == NULL)
+        return;
+    for (; *list != NULL; list++) {
+        free(*list);
+        *list = NULL;
+    }
+
+    return;
+}
+
+
+/*
+ * Tokenize the given string based on the delimiter provided
+ * and return the result as a list
+ */
+krb5_error_code
+krb5_parse_list(char *buffer, char *delimiter, char **list)
+{
+    char *str = NULL;
+    char *token = NULL;
+    char *ptrptr = NULL;
+    char **plist = list;
+    krb5_error_code retval = 0;
+    int count = 0;
+
+    if ((buffer == NULL) || (list == NULL) || (delimiter == NULL)) {
+        return EINVAL;
+    }
+
+    str = strdup(buffer);
+    if (str == NULL)
+        return ENOMEM;
+
+    token = strtok_r(str, delimiter, &ptrptr);
+    for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES));
+         plist++, count++) {
+        *plist = strdup(token);
+        if (*plist == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        token = strtok_r(NULL, delimiter, &ptrptr);
+    }
+    *plist = NULL;
+
+cleanup:
+    if (str) {
+        free(str);
+        str = NULL;
+    }
+    if (retval)
+        krb5_free_list_entries(list);
+
+    return retval;
+}
+
+
+int
+compare_int(const void *m1, const void *m2)
+{
+    int mi1 = *(const int *)m1;
+    int mi2 = *(const int *)m2;
+
+    return (mi1 - mi2);
+}
+
+
+/*
+ * Modifies the destination list to contain or not to contain the
+ * entries present in the source list, depending on the mode
+ * (ADD or DELETE).
+ */
+void
+list_modify_str_array(char ***destlist, const char **sourcelist, int mode)
+{
+    char **dlist = NULL, **tmplist = NULL;
+    const char **slist = NULL;
+    int dcount = 0, scount = 0, copycount = 0;
+
+    if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
+        return;
+
+    /* We need to add every entry present in the source list to
+     * the destination list */
+    if (mode == LIST_MODE_ADD) {
+        /* Traverse through the end of destlist for appending */
+        for (dlist = *destlist, dcount = 0; *dlist != NULL;
+             dlist++, dcount++) {
+            ;   /* NULL statement */
+        }
+        /* Count the number of entries in the source list */
+        for (slist = sourcelist, scount = 0; *slist != NULL;
+             slist++, scount++) {
+            ;   /* NULL statement */
+        }
+        /* Reset the slist pointer to the start of source list */
+        slist = sourcelist;
+
+        /* Now append the source list to the existing destlist */
+        if ((dcount + scount) < MAX_LIST_ENTRIES)
+            copycount = scount;
+        else
+            /* Leave the last entry for list terminator(=NULL) */
+            copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+        memcpy(dlist, slist, (sizeof(char *) * copycount));
+        dlist += copycount;
+        *dlist = NULL;
+    } else if (mode == LIST_MODE_DELETE) {
+        /* We need to delete every entry present in the source list
+         * from the destination list */
+        for (slist = sourcelist; *slist != NULL; slist++) {
+            for (dlist = *destlist; *dlist != NULL; dlist++) {
+                /* DN is case insensitive string */
+                if (strcasecmp(*dlist, *slist) == 0) {
+                    free(*dlist);
+                    /* Advance the rest of the entries by one */
+                    for (tmplist = dlist; *tmplist != NULL; tmplist++) {
+                        *tmplist = *(tmplist+1);
+                    }
+                    break;
+                }
+            }
+        }
+    }
+
+    return;
+}
+
+
+/*
+ * Modifies the destination list to contain or not to contain the
+ * entries present in the source list, depending on the mode
+ * (ADD or DELETE). where the list is array of integers.
+ */
+int
+list_modify_int_array(int *destlist, const int *sourcelist, int mode)
+{
+    int *dlist = NULL, *tmplist = NULL;
+    const int *slist = NULL;
+    int dcount = 0, scount = 0, copycount = 0;
+    int tcount = 0;
+
+    if ((destlist == NULL) || (sourcelist == NULL))
+        return 0;
+
+    /* We need to add every entry present in the source list to the
+     * destination list */
+    if (mode == LIST_MODE_ADD) {
+        /* Traverse through the end of destlist for appending */
+        for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
+             dlist++, dcount++)
+            ;   /* NULL statement */
+
+        /* Count the number of entries in the source list */
+        for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
+             slist++, scount++)
+            ;   /* NULL statement */
+
+        /* Reset the slist pointer to the start of source list */
+        slist = sourcelist;
+
+        /* Now append the source list to the existing destlist */
+        if ((dcount + scount) < MAX_LIST_ENTRIES)
+            copycount = scount;
+        else
+            /* Leave the last entry for list terminator(=NULL) */
+            copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+        memcpy(dlist, slist, (sizeof(int) * copycount));
+        dlist += copycount;
+        *dlist = END_OF_LIST;
+        tcount = dcount + copycount;
+    } else if (mode == LIST_MODE_DELETE) {
+        /* We need to delete every entry present in the source list from
+         * the destination list */
+        for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
+            for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
+                if (*dlist == *slist) {
+                    /* Advance the rest of the entries by one */
+                    for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
+                        *tmplist = *(tmplist+1);
+                    }
+                    break;
+                }
+            }
+        }
+        /* count the number of entries */
+        for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
+            tcount++;
+        }
+    }
+
+    return tcount;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
new file mode 100644
index 00000000..a729318b
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
@@ -0,0 +1,44 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#define MAX_LIST_ENTRIES        64
+#define END_OF_LIST             -1      /* End of List */
+#define LIST_DELIMITER          ":"     /* List entry separator */
+#define LIST_MODE_ADD           0x701   /* Add to the List */
+#define LIST_MODE_DELETE        0x702   /* Delete from the list */
+#define MAX_LEN_LIST_ENTRY      512     /* Max len of an entry */
+
+extern krb5_error_code krb5_parse_list(char *buffer, char *delimiter, char **list);
+extern void krb5_free_list_entries(char **list);
+extern void list_modify_str_array(char ***destlist, const char **sourcelist, int mode);
+extern int list_modify_int_array(int *destlist, const int *sourcelist, int mode);
+extern int list_count_str_array(char **list);
+extern int list_count_int_array(int *list);
+extern int compare_int(const void*, const void *);
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
new file mode 100644
index 00000000..c642e174
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
@@ -0,0 +1,866 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Create / Delete / Modify / View / List policy objects.
+ */
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+#include "kdb5_ldap_util.h"
+#include "kdb5_ldap_list.h"
+#include "ldap_tkt_policy.h"
+extern time_t get_date(char *); /* kadmin/cli/getdate.o */
+
+static void print_policy_params(krb5_ldap_policy_params *policyparams, int mask);
+static char *strdur(time_t duration);
+
+extern char *yes;
+extern kadm5_config_params global_params;
+
+static krb5_error_code
+init_ldap_realm(int argc, char *argv[])
+{
+    /* This operation is being performed in the context of a realm. So,
+     * initialize the realm */
+    int mask = 0;
+    krb5_error_code retval = 0;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+
+    dal_handle = util_context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!ldap_context) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    if (ldap_context->container_dn == NULL) {
+        retval = krb5_ldap_read_krbcontainer_dn(util_context,
+                                                &ldap_context->container_dn);
+        if (retval != 0) {
+            com_err(progname, retval,
+                    _("while reading kerberos container information"));
+            goto cleanup;
+        }
+    }
+
+    if (ldap_context->lrparams == NULL) {
+        retval = krb5_ldap_read_realm_params(util_context,
+                                             global_params.realm,
+                                             &(ldap_context->lrparams),
+                                             &mask);
+
+        if (retval != 0) {
+            goto cleanup;
+        }
+    }
+cleanup:
+    return retval;
+}
+
+/*
+ * This function will create a ticket policy object with the
+ * specified attributes.
+ */
+void
+kdb5_ldap_create_policy(int argc, char *argv[])
+{
+    char *me = progname;
+    krb5_error_code retval = 0;
+    krb5_ldap_policy_params *policyparams = NULL;
+    krb5_boolean print_usage = FALSE;
+    krb5_boolean no_msg = FALSE;
+    int mask = 0;
+    time_t date = 0;
+    time_t now = 0;
+    int i = 0;
+
+    /* Check for number of arguments */
+    if ((argc < 2) || (argc > 16)) {
+        goto err_usage;
+    }
+
+    /* Allocate memory for policy parameters structure */
+    policyparams = (krb5_ldap_policy_params*) calloc(1, sizeof(krb5_ldap_policy_params));
+    if (policyparams == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    /* Get current time */
+    time (&now);
+
+    /* Parse all arguments */
+    for (i = 1; i < argc; i++) {
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err(me, retval, _("while providing time specification"));
+                goto err_nomsg;
+            }
+
+            policyparams->maxtktlife = date - now;
+
+            mask |= LDAP_POLICY_MAXTKTLIFE;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err(me, retval, _("while providing time specification"));
+                goto err_nomsg;
+            }
+
+            policyparams->maxrenewlife = date - now;
+
+            mask |= LDAP_POLICY_MAXRENEWLIFE;
+        } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "needchange")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
+            if (policyparams->policy != NULL)
+                goto err_usage;
+
+            /* If not present already, fill up policy DN */
+            policyparams->policy = strdup(argv[i]);
+            if (policyparams->policy == NULL) {
+                retval = ENOMEM;
+                com_err(me, retval, _("while creating policy object"));
+                goto err_nomsg;
+            }
+        }
+    }
+
+    /* policy DN is a mandatory argument. If not provided, print usage */
+    if (policyparams->policy == NULL)
+        goto err_usage;
+
+    if ((retval = init_ldap_realm (argc, argv))) {
+        com_err(me, retval, _("while reading realm information"));
+        goto err_nomsg;
+    }
+
+    /* Create object with all attributes provided */
+    if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
+        goto cleanup;
+
+    goto cleanup;
+
+err_usage:
+    print_usage = TRUE;
+
+err_nomsg:
+    no_msg = TRUE;
+
+cleanup:
+    /* Clean-up structure */
+    krb5_ldap_free_policy (util_context, policyparams);
+
+    if (print_usage)
+        db_usage(CREATE_POLICY);
+
+    if (retval) {
+        if (!no_msg)
+            com_err(me, retval, _("while creating policy object"));
+
+        exit_status++;
+    }
+
+    return;
+}
+
+
+/*
+ * This function will destroy the specified ticket policy
+ * object interactively, unless forced through an option.
+ */
+void
+kdb5_ldap_destroy_policy(int argc, char *argv[])
+{
+    char *me = progname;
+    krb5_error_code retval = 0;
+    krb5_ldap_policy_params *policyparams = NULL;
+    krb5_boolean print_usage = FALSE;
+    krb5_boolean no_msg = FALSE;
+    char *policy = NULL;
+    int mask = 0;
+    int force = 0;
+    char buf[5] = {0};
+    int i = 0;
+
+    if ((argc < 2) || (argc > 3)) {
+        goto err_usage;
+    }
+
+    for (i = 1; i < argc; i++) {
+        if (strcmp(argv[i], "-force") == 0) {
+            force++;
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
+            if (policy != NULL)
+                goto err_usage;
+
+            /* If not present already, fill up policy DN */
+            policy = strdup(argv[i]);
+            if (policy == NULL) {
+                retval = ENOMEM;
+                com_err(me, retval, _("while destroying policy object"));
+                goto err_nomsg;
+            }
+        }
+    }
+
+    if (policy == NULL)
+        goto err_usage;
+
+    if (!force) {
+        printf(_("This will delete the policy object '%s', are you sure?\n"),
+               policy);
+        printf(_("(type 'yes' to confirm)? "));
+
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            retval = EINVAL;
+            goto cleanup;
+        }
+
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            goto cleanup;
+        }
+    }
+
+    if ((retval = init_ldap_realm (argc, argv)))
+        goto err_nomsg;
+
+    if ((retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &mask)))
+        goto cleanup;
+
+
+    if ((retval = krb5_ldap_delete_policy(util_context, policy)))
+        goto cleanup;
+
+    printf("** policy object '%s' deleted.\n", policy);
+    goto cleanup;
+
+
+err_usage:
+    print_usage = TRUE;
+
+err_nomsg:
+    no_msg = TRUE;
+
+cleanup:
+    /* Clean-up structure */
+    krb5_ldap_free_policy (util_context, policyparams);
+
+    if (policy) {
+        free (policy);
+    }
+
+    if (print_usage) {
+        db_usage(DESTROY_POLICY);
+    }
+
+    if (retval) {
+        if (!no_msg)
+            com_err(me, retval, _("while destroying policy object"));
+
+        exit_status++;
+    }
+
+    return;
+}
+
+
+/*
+ * This function will modify the attributes of a given ticket
+ * policy object.
+ */
+void
+kdb5_ldap_modify_policy(int argc, char *argv[])
+{
+    char *me = progname;
+    krb5_error_code retval = 0;
+    krb5_ldap_policy_params *policyparams = NULL;
+    krb5_boolean print_usage = FALSE;
+    krb5_boolean no_msg = FALSE;
+    char *policy = NULL;
+    int in_mask = 0, out_mask = 0;
+    time_t date = 0;
+    time_t now = 0;
+    int i = 0;
+
+    /* Check for number of arguments -- minimum is 3
+       since at least one parameter should be given in
+       addition to 'modify_policy' and policy DN */
+    if ((argc < 3) || (argc > 16)) {
+        goto err_usage;
+    }
+
+    /* Parse all arguments, only to pick up policy DN (Pass 1) */
+    for (i = 1; i < argc; i++) {
+        /* Skip arguments next to 'maxtktlife'
+           and 'maxrenewlife' arguments */
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            ++i;
+        }
+        /* Do nothing for ticket flag arguments */
+        else if (!strcmp((argv[i] + 1), "allow_postdated") ||
+                 !strcmp((argv[i] + 1), "allow_forwardable") ||
+                 !strcmp((argv[i] + 1), "allow_renewable") ||
+                 !strcmp((argv[i] + 1), "allow_proxiable") ||
+                 !strcmp((argv[i] + 1), "allow_dup_skey") ||
+                 !strcmp((argv[i] + 1), "requires_preauth") ||
+                 !strcmp((argv[i] + 1), "requires_hwauth") ||
+                 !strcmp((argv[i] + 1), "allow_svr") ||
+                 !strcmp((argv[i] + 1), "allow_tgs_req") ||
+                 !strcmp((argv[i] + 1), "allow_tix") ||
+                 !strcmp((argv[i] + 1), "needchange") ||
+                 !strcmp((argv[i] + 1), "password_changing_service")) {
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
+            if (policy != NULL)
+                goto err_usage;
+
+            /* If not present already, fill up policy DN */
+            policy = strdup(argv[i]);
+            if (policy == NULL) {
+                retval = ENOMEM;
+                com_err(me, retval, _("while modifying policy object"));
+                goto err_nomsg;
+            }
+        }
+    }
+
+    if (policy == NULL)
+        goto err_usage;
+
+    if ((retval = init_ldap_realm (argc, argv)))
+        goto cleanup;
+
+    retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &in_mask);
+    if (retval) {
+        com_err(me, retval, _("while reading information of policy '%s'"),
+                policy);
+        goto err_nomsg;
+    }
+
+    /* Get current time */
+    time (&now);
+
+    /* Parse all arguments, but skip policy DN (Pass 2) */
+    for (i = 1; i < argc; i++) {
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err(me, retval, _("while providing time specification"));
+                goto err_nomsg;
+            }
+
+            policyparams->maxtktlife = date - now;
+
+            out_mask |= LDAP_POLICY_MAXTKTLIFE;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err(me, retval, _("while providing time specification"));
+                goto err_nomsg;
+            }
+
+            policyparams->maxrenewlife = date - now;
+
+            out_mask |= LDAP_POLICY_MAXRENEWLIFE;
+        } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "needchange")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else {
+            /* Any other argument must be policy DN
+               -- skip it */
+        }
+    }
+
+    /* Modify attributes of object */
+    if ((retval = krb5_ldap_modify_policy(util_context, policyparams, out_mask)))
+        goto cleanup;
+
+    goto cleanup;
+
+err_usage:
+    print_usage = TRUE;
+
+err_nomsg:
+    no_msg = TRUE;
+
+cleanup:
+    /* Clean-up structure */
+    krb5_ldap_free_policy (util_context, policyparams);
+
+    if (policy)
+        free (policy);
+
+    if (print_usage)
+        db_usage(MODIFY_POLICY);
+
+    if (retval) {
+        if (!no_msg)
+            com_err(me, retval, _("while modifying policy object"));
+
+        exit_status++;
+    }
+
+    return;
+}
+
+
+/*
+ * This function will display information about the given policy object,
+ * fetching the information from the LDAP Server.
+ */
+void
+kdb5_ldap_view_policy(int argc, char *argv[])
+{
+    char *me = progname;
+    krb5_ldap_policy_params *policyparams = NULL;
+    krb5_error_code retval = 0;
+    krb5_boolean print_usage = FALSE;
+    char *policy = NULL;
+    int mask = 0;
+
+    if (argc != 2) {
+        goto err_usage;
+    }
+
+    policy = strdup(argv[1]);
+    if (policy == NULL) {
+        com_err(me, ENOMEM, _("while viewing policy"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    if ((retval = init_ldap_realm (argc, argv)))
+        goto cleanup;
+
+    if ((retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &mask))) {
+        com_err(me, retval, _("while viewing policy '%s'"), policy);
+        exit_status++;
+        goto cleanup;
+    }
+
+    print_policy_params (policyparams, mask);
+
+    goto cleanup;
+
+err_usage:
+    print_usage = TRUE;
+
+cleanup:
+    krb5_ldap_free_policy (util_context, policyparams);
+
+    if (policy)
+        free (policy);
+
+    if (print_usage) {
+        db_usage(VIEW_POLICY);
+    }
+
+    return;
+}
+
+
+/*
+ * This function will print the policy object information to the
+ * standard output.
+ */
+static void
+print_policy_params(krb5_ldap_policy_params *policyparams, int mask)
+{
+    /* Print the policy DN */
+    printf("%25s: %s\n", "Ticket policy", policyparams->policy);
+
+    /* Print max. ticket life and max. renewable life, if present */
+    if (mask & LDAP_POLICY_MAXTKTLIFE)
+        printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
+    if (mask & LDAP_POLICY_MAXRENEWLIFE)
+        printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
+
+    /* Service flags are printed */
+    printf("%25s: ", "Ticket flags");
+    if (mask & LDAP_POLICY_TKTFLAGS) {
+        int ticketflags = policyparams->tktflags;
+
+        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+            printf("%s ","DISALLOW_POSTDATED");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+            printf("%s ","DISALLOW_FORWARDABLE");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+            printf("%s ","DISALLOW_RENEWABLE");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+            printf("%s ","DISALLOW_PROXIABLE");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+            printf("%s ","DISALLOW_DUP_SKEY");
+
+        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+            printf("%s ","REQUIRES_PRE_AUTH");
+
+        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+            printf("%s ","REQUIRES_HW_AUTH");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+            printf("%s ","DISALLOW_SVR");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+            printf("%s ","DISALLOW_TGT_BASED");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+            printf("%s ","DISALLOW_ALL_TIX");
+
+        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+            printf("%s ","REQUIRES_PWCHANGE");
+
+        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+            printf("%s ","PWCHANGE_SERVICE");
+    }
+    printf("\n");
+
+    return;
+}
+
+
+/*
+ * This function will list the DNs of policy objects under a specific
+ * sub-tree (entire tree by default)
+ */
+void
+kdb5_ldap_list_policies(int argc, char *argv[])
+{
+    char *me = progname;
+    krb5_error_code retval = 0;
+    krb5_boolean print_usage = FALSE;
+    char **list = NULL;
+    char **plist = NULL;
+
+    /* Check for number of arguments */
+    if ((argc != 1) && (argc != 3)) {
+        goto err_usage;
+    }
+
+    if ((retval = init_ldap_realm (argc, argv)))
+        goto cleanup;
+
+    retval = krb5_ldap_list_policy(util_context, NULL, &list);
+    if ((retval != 0) || (list == NULL))
+        goto cleanup;
+
+    for (plist = list; *plist != NULL; plist++) {
+        printf("%s\n", *plist);
+    }
+
+    goto cleanup;
+
+err_usage:
+    print_usage = TRUE;
+
+cleanup:
+    if (list != NULL) {
+        krb5_free_list_entries (list);
+        free (list);
+    }
+
+    if (print_usage) {
+        db_usage(LIST_POLICY);
+    }
+
+    if (retval) {
+        com_err(me, retval, _("while listing policy objects"));
+        exit_status++;
+    }
+
+    return;
+}
+
+
+/* Reproduced from kadmin.c, instead of linking
+   the entire kadmin.o */
+static char *
+strdur(time_t duration)
+{
+    static char out[50];
+    int neg, days, hours, minutes, seconds;
+
+    if (duration < 0) {
+        duration *= -1;
+        neg = 1;
+    } else
+        neg = 0;
+    days = duration / (24 * 3600);
+    duration %= 24 * 3600;
+    hours = duration / 3600;
+    duration %= 3600;
+    minutes = duration / 60;
+    duration %= 60;
+    seconds = duration;
+    snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
+             days, days == 1 ? "day" : "days", hours, minutes, seconds);
+    return out;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
new file mode 100644
index 00000000..0d3948de
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
@@ -0,0 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+extern void kdb5_ldap_create_policy(int argc, char **argv);
+extern void kdb5_ldap_destroy_policy(int argc, char **argv);
+extern void kdb5_ldap_modify_policy(int argc, char **argv);
+extern void kdb5_ldap_view_policy(int argc, char **argv);
+extern void kdb5_ldap_list_policies(int argc, char **argv);
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
new file mode 100644
index 00000000..bba550ac
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -0,0 +1,1484 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c */
+/*
+ * Copyright 1990,1991,2001, 2002, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Create / Modify / Destroy / View / List realm(s)
+ */
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include "kdb5_ldap_util.h"
+#include "kdb5_ldap_list.h"
+#include <ldap_principal.h>
+#include <ldap_krbcontainer.h>
+extern time_t get_date(char *); /* kadmin/cli/getdate.o */
+
+char *yes = "yes\n"; /* \n to compare against result of fgets */
+
+krb5_data tgt_princ_entries[] = {
+    {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
+    {0, 0, 0} };
+
+krb5_data db_creator_entries[] = {
+    {0, sizeof("db_creation")-1, "db_creation"} };
+
+
+static krb5_principal_data db_create_princ = {
+    0,                                  /* magic number */
+    {0, 0, 0},                          /* krb5_data realm */
+    db_creator_entries,                 /* krb5_data *data */
+    1,                                  /* int length */
+    KRB5_NT_SRV_INST                    /* int type */
+};
+
+extern char *mkey_password;
+extern char *progname;
+extern kadm5_config_params global_params;
+
+static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
+static int kdb_ldap_create_principal (krb5_context context, krb5_principal
+                                      princ, enum ap_op op,
+                                      struct realm_info *pblock,
+                                      const krb5_keyblock *master_keyblock);
+
+
+static char *strdur(time_t duration);
+static int get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],int argc);
+static krb5_error_code krb5_dbe_update_mod_princ_data_new (krb5_context context, krb5_db_entry *entry, krb5_timestamp mod_date, krb5_const_principal mod_princ);
+static krb5_error_code krb5_dbe_update_tl_data_new ( krb5_context context, krb5_db_entry *entry, krb5_tl_data *new_tl_data);
+
+#define ADMIN_LIFETIME 60*60*3 /* 3 hours */
+#define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
+
+static int
+get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+                  int argc)
+{
+    time_t date;
+    time_t now;
+    int mask = 0;
+    krb5_error_code retval = 0;
+    char *me = progname;
+
+    time(&now);
+    if (!strcmp(argv[*i], "-maxtktlife")) {
+        if (++(*i) > argc-1)
+            return 0;
+        date = get_date(argv[*i]);
+        if (date == (time_t)(-1)) {
+            retval = EINVAL;
+            com_err(me, retval, _("while providing time specification"));
+            return 0;
+        }
+        rparams->max_life = date-now;
+        mask |= LDAP_REALM_MAXTICKETLIFE;
+    }
+
+
+    else if (!strcmp(argv[*i], "-maxrenewlife")) {
+        if (++(*i) > argc-1)
+            return 0;
+
+        date = get_date(argv[*i]);
+        if (date == (time_t)(-1)) {
+            retval = EINVAL;
+            com_err(me, retval, _("while providing time specification"));
+            return 0;
+        }
+        rparams->max_renewable_life = date-now;
+        mask |= LDAP_REALM_MAXRENEWLIFE;
+    } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    }
+
+    else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "needchange")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+        else
+            return 0;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+        else
+            return 0;
+
+        mask |=LDAP_REALM_KRBTICKETFLAGS;
+    }
+
+    return mask;
+}
+
+/* Create a special principal using two specified components. */
+static krb5_error_code
+create_fixed_special(krb5_context context, struct realm_info *rinfo,
+                     krb5_keyblock *mkey, const char *comp1, const char *comp2)
+{
+    krb5_error_code ret;
+    krb5_principal princ;
+    const char *realm = global_params.realm;
+
+    ret = krb5_build_principal(context, &princ, strlen(realm), realm, comp1,
+                               comp2, (const char *)NULL);
+    if (ret)
+        return ret;
+    ret = kdb_ldap_create_principal(context, princ, TGT_KEY, rinfo, mkey);
+    krb5_free_principal(context, princ);
+    return ret;
+
+}
+
+/* Create all special principals for the realm. */
+static krb5_error_code
+create_special_princs(krb5_context context, krb5_principal master_princ,
+                      krb5_keyblock *mkey)
+{
+    krb5_error_code ret;
+    struct realm_info rblock;
+
+    rblock.max_life = global_params.max_life;
+    rblock.max_rlife = global_params.max_rlife;
+    rblock.expiration = global_params.expiration;
+    rblock.flags = global_params.flags;
+    rblock.key = mkey;
+    rblock.nkslist = global_params.num_keysalts;
+    rblock.kslist = global_params.keysalts;
+
+    /* Create master principal. */
+    rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
+    ret = kdb_ldap_create_principal(context, master_princ, MASTER_KEY, &rblock,
+                                    mkey);
+    if (ret)
+        return ret;
+
+    /* Create local krbtgt principal. */
+    rblock.flags = 0;
+    ret = create_fixed_special(context, &rblock, mkey, KRB5_TGS_NAME,
+                               global_params.realm);
+    if (ret)
+        return ret;
+
+    /* Create kadmin/admin. */
+    rblock.max_life = ADMIN_LIFETIME;
+    rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
+    ret = create_fixed_special(context, &rblock, mkey, "kadmin", "admin");
+    if (ret)
+        return ret;
+
+    /* Create kadmin/changepw. */
+    rblock.max_life = CHANGEPW_LIFETIME;
+    rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED | KRB5_KDB_PWCHANGE_SERVICE;
+    ret = create_fixed_special(context, &rblock, mkey, "kadmin", "changepw");
+    if (ret)
+        return ret;
+
+    /* Create kadmin/history. */
+    rblock.max_life = global_params.max_life;
+    rblock.flags = 0;
+    return create_fixed_special(context, &rblock, mkey, "kadmin", "history");
+}
+
+/*
+ * This function will create a realm on the LDAP Server, with
+ * the specified attributes.
+ */
+void
+kdb5_ldap_create(int argc, char *argv[])
+{
+    krb5_error_code retval = 0;
+    krb5_keyblock master_keyblock;
+    krb5_ldap_realm_params *rparams = NULL;
+    krb5_principal master_princ = NULL;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    krb5_boolean realm_obj_created = FALSE;
+    krb5_boolean create_complete = FALSE;
+    krb5_boolean print_usage = FALSE;
+    krb5_boolean no_msg = FALSE;
+    char *oldcontainerref=NULL;
+    char pw_str[1024];
+    int do_stash = 0;
+    int i = 0;
+    int mask = 0, ret_mask = 0;
+    char **list = NULL;
+
+    memset(&master_keyblock, 0, sizeof(master_keyblock));
+
+    rparams = (krb5_ldap_realm_params *)malloc(
+        sizeof(krb5_ldap_realm_params));
+    if (rparams == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    memset(rparams, 0, sizeof(krb5_ldap_realm_params));
+
+    /* Parse the arguments */
+    for (i = 1; i < argc; i++) {
+        if (!strcmp(argv[i], "-subtrees")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if (strncmp(argv[i], "", strlen(argv[i]))!=0) {
+                list = (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    free(list);
+                    list = NULL;
+                    goto cleanup;
+                }
+
+                rparams->subtreecount=0;
+                while (list[rparams->subtreecount]!=NULL)
+                    (rparams->subtreecount)++;
+                rparams->subtree = list;
+            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow subtree value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        _("for subtree while creating realm '%s'"),
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->subtree[rparams->subtreecount] = NULL;
+            mask |= LDAP_REALM_SUBTREE;
+        } else if (!strcmp(argv[i], "-containerref")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow containerref value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        _("for container reference while creating realm '%s'"),
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            free(rparams->containerref);
+            rparams->containerref = strdup(argv[i]);
+            if (rparams->containerref == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_CONTREF;
+        } else if (!strcmp(argv[i], "-sscope")) {
+            if (++i > argc-1)
+                goto err_usage;
+            /* Possible values for search scope are
+             * one (or 1) and sub (or 2)
+             */
+            if (!strcasecmp(argv[i], "one")) {
+                rparams->search_scope = 1;
+            } else if (!strcasecmp(argv[i], "sub")) {
+                rparams->search_scope = 2;
+            } else {
+                rparams->search_scope = atoi(argv[i]);
+                if ((rparams->search_scope != 1) &&
+                    (rparams->search_scope != 2)) {
+                    com_err(progname, EINVAL, _("invalid search scope while "
+                                                "creating realm '%s'"),
+                            global_params.realm);
+                    goto err_nomsg;
+                }
+            }
+            mask |= LDAP_REALM_SEARCHSCOPE;
+        }
+        else if (!strcmp(argv[i], "-s")) {
+            do_stash = 1;
+        } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+            mask|=ret_mask;
+        }
+
+        else {
+            printf(_("'%s' is an invalid option\n"), argv[i]);
+            goto err_usage;
+        }
+    }
+
+    krb5_princ_set_realm_data(util_context, &db_create_princ, global_params.realm);
+    krb5_princ_set_realm_length(util_context, &db_create_princ, strlen(global_params.realm));
+
+    printf(_("Initializing database for realm '%s'\n"), global_params.realm);
+
+    if (!mkey_password) {
+        unsigned int pw_size;
+        printf(_("You will be prompted for the database Master Password.\n"));
+        printf(_("It is important that you NOT FORGET this password.\n"));
+        fflush(stdout);
+
+        pw_size = sizeof (pw_str);
+        memset(pw_str, 0, pw_size);
+
+        retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
+                                    pw_str, &pw_size);
+        if (retval) {
+            com_err(progname, retval,
+                    _("while reading master key from keyboard"));
+            goto err_nomsg;
+        }
+        mkey_password = pw_str;
+    }
+
+    rparams->realm_name = strdup(global_params.realm);
+    if (rparams->realm_name == NULL) {
+        retval = ENOMEM;
+        com_err(progname, ENOMEM, _("while creating realm '%s'"),
+                global_params.realm);
+        goto err_nomsg;
+    }
+
+    dal_handle = util_context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!ldap_context) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    /* read the kerberos container */
+    retval = krb5_ldap_read_krbcontainer_dn(util_context,
+                                            &ldap_context->container_dn);
+    if (retval) {
+        /* Prompt the user for entering the DN of Kerberos container */
+        char krb_location[MAX_KRB_CONTAINER_LEN];
+        int krb_location_len = 0;
+
+        printf(_("Enter DN of Kerberos container: "));
+        if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
+            /* Remove the newline character at the end */
+            krb_location_len = strlen(krb_location);
+            if ((krb_location[krb_location_len - 1] == '\n') ||
+                (krb_location[krb_location_len - 1] == '\r')) {
+                krb_location[krb_location_len - 1] = '\0';
+                krb_location_len--;
+            }
+            ldap_context->container_dn = strdup(krb_location);
+            if (ldap_context->container_dn == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+        }
+    }
+
+    /* create the kerberos container if it doesn't exist */
+    retval = krb5_ldap_create_krbcontainer(util_context,
+                                           ldap_context->container_dn);
+    if (retval)
+        goto cleanup;
+
+    if ((retval = krb5_ldap_create_realm(util_context,
+                                         /* global_params.realm, */ rparams, mask))) {
+        goto cleanup;
+    }
+
+    /* We just created the Realm container. Here starts our transaction tracking */
+    realm_obj_created = TRUE;
+
+    if ((retval = krb5_ldap_read_realm_params(util_context,
+                                              global_params.realm,
+                                              &(ldap_context->lrparams),
+                                              &mask))) {
+        com_err(progname, retval, _("while reading information of realm '%s'"),
+                global_params.realm);
+        goto err_nomsg;
+    }
+    free(ldap_context->lrparams->realm_name);
+    ldap_context->lrparams->realm_name = strdup(global_params.realm);
+    if (ldap_context->lrparams->realm_name == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    /* assemble & parse the master key name */
+    if ((retval = krb5_db_setup_mkey_name(util_context,
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          0, &master_princ))) {
+        com_err(progname, retval, _("while setting up master key name"));
+        goto err_nomsg;
+    }
+
+    /* Obtain master key from master password */
+    {
+        krb5_data master_salt, pwd;
+
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(util_context, master_princ, &master_salt);
+        if (retval) {
+            com_err(progname, retval, _("while calculating master key salt"));
+            goto err_nomsg;
+        }
+
+        retval = krb5_c_string_to_key(util_context, global_params.enctype,
+                                      &pwd, &master_salt, &master_keyblock);
+
+        if (master_salt.data)
+            free(master_salt.data);
+
+        if (retval) {
+            com_err(progname, retval,
+                    _("while transforming master key from password"));
+            goto err_nomsg;
+        }
+    }
+
+    /* Create special principals (not in the container reference). */
+    oldcontainerref = ldap_context->lrparams->containerref;
+    ldap_context->lrparams->containerref = NULL;
+    retval = create_special_princs(util_context, master_princ,
+                                   &master_keyblock);
+    ldap_context->lrparams->containerref = oldcontainerref;
+    if (retval) {
+        com_err(progname, retval, _("while adding entries to the database"));
+        goto err_nomsg;
+    }
+
+    /* The Realm creation is completed. Here is the end of transaction */
+    create_complete = TRUE;
+
+    /* Stash the master key only if '-s' option is specified */
+    if (do_stash || global_params.mask & KADM5_CONFIG_STASH_FILE) {
+        krb5_kvno mkey_kvno;
+        /*
+         * Determine the kvno to use, it must be that used to create the master
+         * key princ.
+         */
+        if (global_params.mask & KADM5_CONFIG_KVNO)
+            mkey_kvno = global_params.kvno; /* user specified */
+        else
+            mkey_kvno = 1;  /* Default */
+
+        retval = krb5_db_store_master_key(util_context,
+                                          global_params.stash_file,
+                                          master_princ,
+                                          mkey_kvno,
+                                          &master_keyblock, NULL);
+        if (retval) {
+            com_err(progname, errno, _("while storing key"));
+            printf(_("Warning: couldn't stash master key.\n"));
+        }
+    }
+
+    goto cleanup;
+
+
+err_usage:
+    print_usage = TRUE;
+
+err_nomsg:
+    no_msg = TRUE;
+
+cleanup:
+    /* If the Realm creation is not complete, do the roll-back here */
+    if ((realm_obj_created) && (!create_complete))
+        krb5_ldap_delete_realm(util_context, global_params.realm);
+
+    if (rparams)
+        krb5_ldap_free_realm_params(rparams);
+
+    memset (pw_str, 0, sizeof (pw_str));
+
+    if (print_usage)
+        db_usage(CREATE_REALM);
+
+    if (retval) {
+        if (!no_msg) {
+            com_err(progname, retval, _("while creating realm '%s'"),
+                    global_params.realm);
+        }
+        exit_status++;
+    }
+
+    krb5_free_keyblock_contents(util_context, &master_keyblock);
+    krb5_free_principal(util_context, master_princ);
+}
+
+
+/*
+ * This function will modify the attributes of a given realm object
+ */
+void
+kdb5_ldap_modify(int argc, char *argv[])
+{
+    krb5_error_code retval = 0;
+    krb5_ldap_realm_params *rparams = NULL;
+    krb5_boolean print_usage = FALSE;
+    krb5_boolean no_msg = FALSE;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    int i = 0;
+    int mask = 0, rmask = 0, ret_mask = 0;
+    char **slist = {NULL};
+
+    dal_handle = util_context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!(ldap_context)) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    retval = krb5_ldap_read_krbcontainer_dn(util_context,
+                                            &ldap_context->container_dn);
+    if (retval) {
+        com_err(progname, retval,
+                _("while reading Kerberos container information"));
+        goto err_nomsg;
+    }
+
+    retval = krb5_ldap_read_realm_params(util_context,
+                                         global_params.realm, &rparams, &rmask);
+    if (retval)
+        goto cleanup;
+    /* Parse the arguments */
+    for (i = 1; i < argc; i++) {
+        int k = 0;
+        if (!strcmp(argv[i], "-subtrees")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if (rmask & LDAP_REALM_SUBTREE) {
+                if (rparams->subtree) {
+                    for (k=0; k<rparams->subtreecount && rparams->subtree[k]; k++)
+                        free(rparams->subtree[k]);
+                    free(rparams->subtree);
+                    rparams->subtreecount=0;
+                    rparams->subtree = NULL;
+                }
+            }
+            if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
+                slist =  (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
+                if (slist == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, slist))) {
+                    free(slist);
+                    slist = NULL;
+                    goto cleanup;
+                }
+
+                rparams->subtreecount=0;
+                while (slist[rparams->subtreecount]!=NULL)
+                    (rparams->subtreecount)++;
+                rparams->subtree =  slist;
+            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow subtree value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        _("for subtree while modifying realm '%s'"),
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->subtree[rparams->subtreecount] = NULL;
+            mask |= LDAP_REALM_SUBTREE;
+        } else if (!strncmp(argv[i], "-containerref", strlen(argv[i]))) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow containerref value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL, _("for container reference while "
+                                            "modifying realm '%s'"),
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            free(rparams->containerref);
+            rparams->containerref = strdup(argv[i]);
+            if (rparams->containerref == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_CONTREF;
+        } else if (!strcmp(argv[i], "-sscope")) {
+            if (++i > argc-1)
+                goto err_usage;
+            /* Possible values for search scope are
+             * one (or 1) and sub (or 2)
+             */
+            if (strcasecmp(argv[i], "one") == 0) {
+                rparams->search_scope = 1;
+            } else if (strcasecmp(argv[i], "sub") == 0) {
+                rparams->search_scope = 2;
+            } else {
+                rparams->search_scope = atoi(argv[i]);
+                if ((rparams->search_scope != 1) &&
+                    (rparams->search_scope != 2)) {
+                    retval = EINVAL;
+                    com_err(progname, retval,
+                            _("specified for search scope while modifying "
+                              "information of realm '%s'"),
+                            global_params.realm);
+                    goto err_nomsg;
+                }
+            }
+            mask |= LDAP_REALM_SEARCHSCOPE;
+        }
+        else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+            mask|=ret_mask;
+        } else {
+            printf(_("'%s' is an invalid option\n"), argv[i]);
+            goto err_usage;
+        }
+    }
+
+    if ((retval = krb5_ldap_modify_realm(util_context,
+                                         /* global_params.realm, */ rparams, mask))) {
+        goto cleanup;
+    }
+
+    goto cleanup;
+
+err_usage:
+    print_usage = TRUE;
+
+err_nomsg:
+    no_msg = TRUE;
+
+cleanup:
+    krb5_ldap_free_realm_params(rparams);
+
+    if (print_usage) {
+        db_usage(MODIFY_REALM);
+    }
+
+    if (retval) {
+        if (!no_msg)
+            com_err(progname, retval,
+                    _("while modifying information of realm '%s'"),
+                    global_params.realm);
+        exit_status++;
+    }
+
+    return;
+}
+
+
+
+/*
+ * This function displays the attributes of a Realm
+ */
+void
+kdb5_ldap_view(int argc, char *argv[])
+{
+    krb5_ldap_realm_params *rparams = NULL;
+    krb5_error_code retval = 0;
+    kdb5_dal_handle *dal_handle=NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    int mask = 0;
+
+    dal_handle = util_context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!(ldap_context)) {
+        retval = EINVAL;
+        com_err(progname, retval, _("while initializing database"));
+        exit_status++;
+        return;
+    }
+
+    /* Read the kerberos container information */
+    retval = krb5_ldap_read_krbcontainer_dn(util_context,
+                                            &ldap_context->container_dn);
+    if (retval) {
+        com_err(progname, retval,
+                _("while reading kerberos container information"));
+        exit_status++;
+        return;
+    }
+
+    if ((retval = krb5_ldap_read_realm_params(util_context,
+                                              global_params.realm, &rparams, &mask)) || (!rparams)) {
+        com_err(progname, retval, _("while reading information of realm '%s'"),
+                global_params.realm);
+        exit_status++;
+        return;
+    }
+    print_realm_params(rparams, mask);
+    krb5_ldap_free_realm_params(rparams);
+
+    return;
+}
+
+static char *
+strdur(time_t duration)
+{
+    static char out[50];
+    int neg, days, hours, minutes, seconds;
+
+    if (duration < 0) {
+        duration *= -1;
+        neg = 1;
+    } else
+        neg = 0;
+    days = duration / (24 * 3600);
+    duration %= 24 * 3600;
+    hours = duration / 3600;
+    duration %= 3600;
+    minutes = duration / 60;
+    duration %= 60;
+    seconds = duration;
+    snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
+             days, days == 1 ? "day" : "days",
+             hours, minutes, seconds);
+    return out;
+}
+
+/*
+ * This function prints the attributes of a given realm to the
+ * standard output.
+ */
+static void
+print_realm_params(krb5_ldap_realm_params *rparams, int mask)
+{
+    char **slist = NULL;
+    unsigned int num_entry_printed = 0, i = 0;
+
+    /* Print the Realm Attributes on the standard output */
+    printf("%25s: %-50s\n", _("Realm Name"), global_params.realm);
+    if (mask & LDAP_REALM_SUBTREE) {
+        for (i=0; rparams->subtree[i]!=NULL; i++)
+            printf("%25s: %-50s\n", _("Subtree"), rparams->subtree[i]);
+    }
+    if (mask & LDAP_REALM_CONTREF)
+        printf("%25s: %-50s\n", _("Principal Container Reference"),
+               rparams->containerref);
+    if (mask & LDAP_REALM_SEARCHSCOPE) {
+        if ((rparams->search_scope != 1) &&
+            (rparams->search_scope != 2)) {
+            printf("%25s: %-50s\n", _("SearchScope"), _("Invalid !"));
+        } else {
+            printf("%25s: %-50s\n", _("SearchScope"),
+                   (rparams->search_scope == 1) ? "ONE" : "SUB");
+        }
+    }
+    if (mask & LDAP_REALM_KDCSERVERS) {
+        printf("%25s:", _("KDC Services"));
+        if (rparams->kdcservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->kdcservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
+    }
+    if (mask & LDAP_REALM_ADMINSERVERS) {
+        printf("%25s:", _("Admin Services"));
+        if (rparams->adminservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->adminservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
+    }
+    if (mask & LDAP_REALM_PASSWDSERVERS) {
+        printf("%25s:", _("Passwd Services"));
+        if (rparams->passwdservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->passwdservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
+    }
+
+    if (mask & LDAP_REALM_MAXTICKETLIFE) {
+        printf("%25s:", _("Maximum Ticket Life"));
+        printf(" %s \n", strdur(rparams->max_life));
+    }
+
+    if (mask & LDAP_REALM_MAXRENEWLIFE) {
+        printf("%25s:", _("Maximum Renewable Life"));
+        printf(" %s \n", strdur(rparams->max_renewable_life));
+    }
+
+    if (mask & LDAP_REALM_KRBTICKETFLAGS) {
+        int ticketflags = rparams->tktflags;
+
+        printf("%25s: ", _("Ticket flags"));
+        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+            printf("%s ","DISALLOW_POSTDATED");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+            printf("%s ","DISALLOW_FORWARDABLE");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+            printf("%s ","DISALLOW_RENEWABLE");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+            printf("%s ","DISALLOW_PROXIABLE");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+            printf("%s ","DISALLOW_DUP_SKEY");
+
+        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+            printf("%s ","REQUIRES_PRE_AUTH");
+
+        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+            printf("%s ","REQUIRES_HW_AUTH");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+            printf("%s ","DISALLOW_SVR");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+            printf("%s ","DISALLOW_TGT_BASED");
+
+        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+            printf("%s ","DISALLOW_ALL_TIX");
+
+        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+            printf("%s ","REQUIRES_PWCHANGE");
+
+        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+            printf("%s ","PWCHANGE_SERVICE");
+
+        printf("\n");
+    }
+
+
+    return;
+}
+
+
+
+/*
+ * This function lists the Realm(s) present under the Kerberos container
+ * on the LDAP Server.
+ */
+void
+kdb5_ldap_list(int argc, char *argv[])
+{
+    char **list = NULL;
+    char **plist = NULL;
+    krb5_error_code retval = 0;
+    kdb5_dal_handle *dal_handle=NULL;
+    krb5_ldap_context *ldap_context=NULL;
+
+    dal_handle = util_context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!(ldap_context)) {
+        retval = EINVAL;
+        exit_status++;
+        return;
+    }
+
+    /* Read the kerberos container information */
+    retval = krb5_ldap_read_krbcontainer_dn(util_context,
+                                            &ldap_context->container_dn);
+    if (retval) {
+        com_err(progname, retval,
+                _("while reading kerberos container information"));
+        exit_status++;
+        return;
+    }
+
+    retval = krb5_ldap_list_realm(util_context, &list);
+    if (retval != 0) {
+        com_err(progname, retval, _("while listing realms"));
+        exit_status++;
+        return;
+    }
+    /* This is to handle the case of realm not present */
+    if (list == NULL)
+        return;
+
+    for (plist = list; *plist != NULL; plist++) {
+        printf("%s\n", *plist);
+    }
+    krb5_free_list_entries(list);
+    free(list);
+
+    return;
+}
+
+/*
+ * Duplicating the following two functions here because
+ * 'krb5_dbe_update_tl_data' uses backend specific memory allocation. The catch
+ * here is that the backend is not initialized - kdb5_ldap_util doesn't go
+ * through DAL.
+ * 1. krb5_dbe_update_tl_data
+ * 2. krb5_dbe_update_mod_princ_data
+ */
+
+/* Start duplicate code ... */
+
+static krb5_error_code
+krb5_dbe_update_tl_data_new(krb5_context context, krb5_db_entry *entry,
+                            krb5_tl_data *new_tl_data)
+{
+    krb5_tl_data *tl_data = NULL;
+    krb5_octet *tmp;
+
+    /* copy the new data first, so we can fail cleanly if malloc()
+     * fails */
+    if ((tmp = (krb5_octet *) malloc (new_tl_data->tl_data_length)) == NULL)
+        return (ENOMEM);
+
+    /* Find an existing entry of the specified type and point at
+     * it, or NULL if not found */
+
+    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */
+        for (tl_data = entry->tl_data; tl_data;
+             tl_data = tl_data->tl_data_next)
+            if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+                break;
+    }
+
+    /* if necessary, chain a new record in the beginning and point at it */
+
+    if (!tl_data) {
+        if ((tl_data = (krb5_tl_data *) malloc (sizeof(krb5_tl_data))) == NULL) {
+            free(tmp);
+            return (ENOMEM);
+        }
+        memset(tl_data, 0, sizeof(krb5_tl_data));
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
+    }
+
+    /* fill in the record */
+
+    free(tl_data->tl_data_contents);
+
+    tl_data->tl_data_type = new_tl_data->tl_data_type;
+    tl_data->tl_data_length = new_tl_data->tl_data_length;
+    tl_data->tl_data_contents = tmp;
+    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
+
+    return (0);
+}
+
+static krb5_error_code
+krb5_dbe_update_mod_princ_data_new(krb5_context context, krb5_db_entry *entry,
+                                   krb5_timestamp mod_date,
+                                   krb5_const_principal mod_princ)
+{
+    krb5_tl_data          tl_data;
+
+    krb5_error_code       retval = 0;
+    krb5_octet          * nextloc = 0;
+    char                * unparse_mod_princ = 0;
+    unsigned int        unparse_mod_princ_size;
+
+    if ((retval = krb5_unparse_name(context, mod_princ,
+                                    &unparse_mod_princ)))
+        return(retval);
+
+    unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
+
+    if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
+        == NULL) {
+        free(unparse_mod_princ);
+        return(ENOMEM);
+    }
+
+    tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
+    tl_data.tl_data_length = unparse_mod_princ_size + 4;
+    tl_data.tl_data_contents = nextloc;
+
+    /* Mod Date */
+    krb5_kdb_encode_int32(mod_date, nextloc);
+
+    /* Mod Princ */
+    memcpy(nextloc+4, unparse_mod_princ, unparse_mod_princ_size);
+
+    retval = krb5_dbe_update_tl_data_new(context, entry, &tl_data);
+
+    free(unparse_mod_princ);
+    free(nextloc);
+
+    return(retval);
+}
+
+static krb5_error_code
+kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr)
+{
+    krb5_context        context;
+    krb5_error_code     kret;
+    struct iterate_args *iargs;
+    krb5_keyblock       key;
+    krb5_int32          ind;
+    krb5_data   pwd;
+    krb5_db_entry       *entry;
+
+    iargs = (struct iterate_args *) ptr;
+    kret = 0;
+
+    context = iargs->ctx;
+    entry = iargs->dbentp;
+
+    /*
+     * Convert the master key password into a key for this particular
+     * encryption system.
+     */
+    pwd.data = mkey_password;
+    pwd.length = strlen(mkey_password);
+    kret = krb5_c_random_seed(context, &pwd);
+    if (kret)
+        return kret;
+
+    /*if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {*/
+    if ((entry->key_data =
+         (krb5_key_data *) realloc(entry->key_data,
+                                   (sizeof(krb5_key_data) *
+                                    (entry->n_key_data + 1)))) == NULL)
+        return (ENOMEM);
+
+    memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
+    ind = entry->n_key_data++;
+
+    if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
+                                        &key))) {
+        kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key, &key,
+                                         NULL, 1, &entry->key_data[ind]);
+        krb5_free_keyblock_contents(context, &key);
+    }
+    /*}*/
+
+    return(kret);
+}
+/* End duplicate code */
+
+/*
+ * This function creates service principals when
+ * creating the realm object.
+ */
+static int
+kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
+                          enum ap_op op, struct realm_info *pblock,
+                          const krb5_keyblock *master_keyblock)
+{
+    int              retval=0, currlen=0, princtype = 2 /* Service Principal */;
+    unsigned char    *curr=NULL;
+    krb5_tl_data     *tl_data=NULL;
+    krb5_db_entry    entry;
+    long             mask = 0;
+    krb5_keyblock    key;
+    int              kvno = 0;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    struct iterate_args   iargs;
+    krb5_data       *pdata;
+    krb5_timestamp now;
+    krb5_actkvno_node     actkvno;
+
+    memset(&entry, 0, sizeof(entry));
+
+    if ((pblock == NULL) || (context == NULL)) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+    dal_handle = context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!(ldap_context)) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    tl_data = malloc(sizeof(*tl_data));
+    if (tl_data == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    memset(tl_data, 0, sizeof(*tl_data));
+    tl_data->tl_data_length = 1 + 2 + 2 + 1 + 2 + 4;
+    tl_data->tl_data_type = 7; /* KDB_TL_USER_INFO */
+    curr = tl_data->tl_data_contents = malloc(tl_data->tl_data_length);
+    if (tl_data->tl_data_contents == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    memset(curr, 1, 1); /* Passing the mask as principal type */
+    curr += 1;
+    currlen = 2;
+    STORE16_INT(curr, currlen);
+    curr += currlen;
+    STORE16_INT(curr, princtype);
+    curr += currlen;
+
+    mask |= KADM5_PRINCIPAL;
+    mask |= KADM5_ATTRIBUTES ;
+    mask |= KADM5_MAX_LIFE ;
+    mask |= KADM5_MAX_RLIFE ;
+    mask |= KADM5_PRINC_EXPIRE_TIME ;
+    mask |= KADM5_KEY_DATA;
+
+    entry.tl_data = tl_data;
+    entry.n_tl_data += 1;
+    /* Set the creator's name */
+    if ((retval = krb5_timeofday(context, &now)))
+        goto cleanup;
+    if ((retval = krb5_dbe_update_mod_princ_data_new(context, &entry,
+                                                     now, &db_create_princ)))
+        goto cleanup;
+
+    entry.attributes = pblock->flags | KRB5_KDB_LOCKDOWN_KEYS;
+    entry.max_life = pblock->max_life;
+    entry.max_renewable_life = pblock->max_rlife;
+    entry.expiration = pblock->expiration;
+    entry.mask = mask;
+    if ((retval = krb5_copy_principal(context, princ, &entry.princ)))
+        goto cleanup;
+
+
+    switch (op) {
+    case TGT_KEY:
+        if ((pdata = krb5_princ_component(context, princ, 1)) &&
+            pdata->length == strlen("history") &&
+            !memcmp(pdata->data, "history", strlen("history"))) {
+
+            /* Allocate memory for storing the key */
+            if ((entry.key_data = (krb5_key_data *) malloc(
+                     sizeof(krb5_key_data))) == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            memset(entry.key_data, 0, sizeof(krb5_key_data));
+            entry.n_key_data++;
+
+            retval = krb5_c_make_random_key(context, global_params.enctype, &key);
+            if (retval) {
+                goto cleanup;
+            }
+            kvno = 1; /* New key is getting set */
+            retval = krb5_dbe_encrypt_key_data(context, master_keyblock,
+                                               &key, NULL, kvno,
+                                               &entry.key_data[entry.n_key_data - 1]);
+            krb5_free_keyblock_contents(context, &key);
+            if (retval) {
+                goto cleanup;
+            }
+        } else {
+            /*retval = krb5_c_make_random_key(context, 16, &key) ;*/
+            iargs.ctx = context;
+            iargs.rblock = pblock;
+            iargs.dbentp = &entry;
+
+            /*
+             * Iterate through the key/salt list, ignoring salt types.
+             */
+            if ((retval = krb5_keysalt_iterate(pblock->kslist,
+                                               pblock->nkslist,
+                                               1,
+                                               kdb_ldap_tgt_keysalt_iterate,
+                                               (krb5_pointer) &iargs)))
+                return retval;
+        }
+        break;
+
+    case MASTER_KEY:
+        /* Allocate memory for storing the key */
+        if ((entry.key_data = (krb5_key_data *) malloc(
+                 sizeof(krb5_key_data))) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+
+        memset(entry.key_data, 0, sizeof(krb5_key_data));
+        entry.n_key_data++;
+        kvno = 1; /* New key is getting set */
+        retval = krb5_dbe_encrypt_key_data(context, pblock->key,
+                                           master_keyblock, NULL, kvno,
+                                           &entry.key_data[entry.n_key_data - 1]);
+        if (retval) {
+            goto cleanup;
+        }
+        /*
+         * There should always be at least one "active" mkey so creating the
+         * KRB5_TL_ACTKVNO entry now so the initial mkey is active.
+         */
+        actkvno.next = NULL;
+        actkvno.act_kvno = kvno;
+        actkvno.act_time = now;
+        retval = krb5_dbe_update_actkvno(context, &entry, &actkvno);
+        if (retval)
+            goto cleanup;
+
+        break;
+
+    case NULL_KEY:
+    default:
+        break;
+    } /* end of switch */
+
+    retval = krb5_ldap_put_principal(context, &entry, NULL);
+    if (retval) {
+        com_err(NULL, retval, _("while adding entries to database"));
+        goto cleanup;
+    }
+
+cleanup:
+    krb5_dbe_free_contents(context, &entry);
+    return retval;
+}
+
+
+/*
+ * This function destroys the realm object and the associated principals
+ */
+void
+kdb5_ldap_destroy(int argc, char *argv[])
+{
+    extern char *optarg;
+    extern int optind;
+    int optchar = 0;
+    char buf[5] = {0};
+    krb5_error_code retval = 0;
+    int force = 0;
+    int mask = 0;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context = NULL;
+
+    optind = 1;
+    while ((optchar = getopt(argc, argv, "f")) != -1) {
+        switch (optchar) {
+        case 'f':
+            force++;
+            break;
+        case '?':
+        default:
+            db_usage(DESTROY_REALM);
+            return;
+            /*NOTREACHED*/
+        }
+    }
+
+    if (!force) {
+        printf(_("Deleting KDC database of '%s', are you sure?\n"),
+               global_params.realm);
+        printf(_("(type 'yes' to confirm)? "));
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++;
+            return;
+        }
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            return;
+        }
+        printf(_("OK, deleting database of '%s'...\n"), global_params.realm);
+    }
+
+    dal_handle = util_context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    if (!(ldap_context)) {
+        com_err(progname, EINVAL, _("while initializing database"));
+        exit_status++;
+        return;
+    }
+
+    /* Read the kerberos container DN */
+    retval = krb5_ldap_read_krbcontainer_dn(util_context,
+                                            &ldap_context->container_dn);
+    if (retval) {
+        com_err(progname, retval,
+                _("while reading kerberos container information"));
+        exit_status++;
+        return;
+    }
+
+    /* Read the Realm information from the LDAP Server */
+    if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
+                                              &(ldap_context->lrparams), &mask)) != 0) {
+        com_err(progname, retval, _("while reading realm information"));
+        exit_status++;
+        return;
+    }
+
+    /* Delete the realm container and all the associated principals */
+    retval = krb5_ldap_delete_realm(util_context, global_params.realm);
+    if (retval) {
+        com_err(progname, retval,
+                _("deleting database of '%s'"), global_params.realm);
+        exit_status++;
+        return;
+    }
+
+    printf(_("** Database of '%s' destroyed.\n"), global_params.realm);
+
+    return;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
new file mode 100644
index 00000000..aa086fe6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
@@ -0,0 +1,59 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define BUFF_LEN                64      /* Max len of enctype string */
+#define MAX_PRINC_SIZE          256
+
+enum ap_op {
+    NULL_KEY,   /* setup null keys */
+    MASTER_KEY, /* use master key as new key */
+    TGT_KEY     /* special handling for tgt key */
+};
+
+struct realm_info {
+    krb5_deltat max_life;
+    krb5_deltat max_rlife;
+    krb5_timestamp expiration;
+    krb5_flags flags;
+    krb5_keyblock *key;
+    krb5_int32 nkslist;
+    krb5_key_salt_tuple *kslist;
+};
+
+struct iterate_args {
+    krb5_context        ctx;
+    struct realm_info   *rblock;
+    krb5_db_entry       *dbentp;
+};
+
+extern void kdb5_ldap_create(int argc, char **argv);
+extern void kdb5_ldap_destroy(int argc, char **argv);
+extern void kdb5_ldap_modify(int argc, char **argv);
+extern void kdb5_ldap_view(int argc, char **argv);
+extern void kdb5_ldap_list(int argc, char **argv);
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
new file mode 100644
index 00000000..e87688d6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -0,0 +1,319 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Create / Delete / Modify / View / List service objects.
+ */
+
+/*
+ * Service objects have rights over realm objects and principals. The following
+ * functions manage the service objects.
+ */
+
+#include <k5-int.h>
+#include <k5-hex.h>
+#include "kdb5_ldap_util.h"
+#include "kdb5_ldap_list.h"
+
+/* Get the configured LDAP service password file.  The caller should free the
+ * result with profile_release_string(). */
+static krb5_error_code
+get_conf_service_file(profile_t profile, const char *realm, char **path_out)
+{
+    char *subsection, *path;
+    long ret;
+
+    *path_out = NULL;
+
+    /* Get the [dbmodules] subsection for realm. */
+    ret = profile_get_string(profile, KDB_REALM_SECTION, realm,
+                             KDB_MODULE_POINTER, realm, &subsection);
+    if (ret)
+        return ret;
+
+    /* Look up the password file in the [dbmodules] subsection. */
+    ret = profile_get_string(profile, KDB_MODULE_SECTION, subsection,
+                             KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE, NULL,
+                             &path);
+    profile_release_string(subsection);
+    if (ret)
+        return ret;
+
+    if (path == NULL) {
+        /* Look up the password file in [dbdefaults] as a fallback. */
+        ret = profile_get_string(profile, KDB_MODULE_DEF_SECTION,
+                                 KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE, NULL,
+                                 NULL, &path);
+        if (ret)
+            return ret;
+    }
+
+    if (path == NULL) {
+        k5_setmsg(util_context, ENOENT,
+                  _("ldap_service_password_file not configured"));
+        return ENOENT;
+    }
+
+    *path_out = path;
+    return 0;
+}
+
+/*
+ * Convert the user supplied password into hexadecimal and stash it. Only a
+ * little more secure than storing plain password in the file ...
+ */
+void
+kdb5_ldap_stash_service_password(int argc, char **argv)
+{
+    int ret = 0;
+    unsigned int passwd_len = 0;
+    char *me = progname;
+    char *service_object = NULL;
+    char *file_name = NULL, *tmp_file = NULL;
+    char passwd[MAX_SERVICE_PASSWD_LEN];
+    char *str = NULL, *hexpasswd = NULL;
+    char line[MAX_LEN];
+    FILE *pfile = NULL;
+    krb5_boolean print_usage = FALSE;
+    mode_t old_mode = 0;
+
+    /*
+     * Format:
+     *   stashsrvpw [-f filename] service_dn
+     * where
+     *   'service_dn' is the DN of the service object
+     *   'filename' is the path of the stash file
+     */
+    if (argc != 2 && argc != 4) {
+        print_usage = TRUE;
+        goto cleanup;
+    }
+
+    if (argc == 4) {
+        /* Find the stash file name */
+        if (strcmp (argv[1], "-f") == 0) {
+            if (((file_name = strdup (argv[2])) == NULL) ||
+                ((service_object = strdup (argv[3])) == NULL)) {
+                com_err(me, ENOMEM,
+                        _("while setting service object password"));
+                goto cleanup;
+            }
+        } else if (strcmp (argv[2], "-f") == 0) {
+            if (((file_name = strdup (argv[3])) == NULL) ||
+                ((service_object = strdup (argv[1])) == NULL)) {
+                com_err(me, ENOMEM,
+                        _("while setting service object password"));
+                goto cleanup;
+            }
+        } else {
+            print_usage = TRUE;
+            goto cleanup;
+        }
+    } else { /* argc == 2 */
+        service_object = strdup (argv[1]);
+        if (service_object == NULL) {
+            com_err(me, ENOMEM, _("while setting service object password"));
+            goto cleanup;
+        }
+
+        ret = get_conf_service_file(util_context->profile,
+                                    util_context->default_realm, &file_name);
+        if (ret) {
+            com_err(me, ret, _("while getting service password filename"));
+            goto cleanup;
+        }
+    }
+
+    /* Get password from user */
+    {
+        char prompt1[256], prompt2[256];
+
+        /* Get the service object password from the terminal */
+        memset(passwd, 0, sizeof (passwd));
+        passwd_len = sizeof (passwd);
+
+        snprintf(prompt1, sizeof(prompt1), _("Password for \"%s\""),
+                 service_object);
+
+        snprintf(prompt2, sizeof(prompt2), _("Re-enter password for \"%s\""),
+                 service_object);
+
+        ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+        if (ret != 0) {
+            com_err(me, ret, _("while setting service object password"));
+            memset(passwd, 0, sizeof (passwd));
+            goto cleanup;
+        }
+
+        if (passwd_len == 0) {
+            printf(_("%s: Invalid password\n"), me);
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
+    }
+
+    /* Convert the password to hexadecimal */
+    ret = k5_hex_encode(passwd, passwd_len, FALSE, &hexpasswd);
+    zap(passwd, passwd_len);
+    if (ret != 0) {
+        com_err(me, ret, _("Failed to convert the password to hexadecimal"));
+        goto cleanup;
+    }
+
+    /* TODO: file lock for the service password file */
+
+    /* set password in the file */
+    old_mode = umask(0177);
+    pfile = fopen(file_name, "a+");
+    if (pfile == NULL) {
+        com_err(me, errno, _("Failed to open file %s: %s"), file_name,
+                strerror (errno));
+        goto cleanup;
+    }
+    set_cloexec_file(pfile);
+    rewind (pfile);
+    umask(old_mode);
+
+    while (fgets (line, MAX_LEN, pfile) != NULL) {
+        if ((str = strstr (line, service_object)) != NULL) {
+            /* White spaces not allowed */
+            if (line [strlen (service_object)] == '#')
+                break;
+            str = NULL;
+        }
+    }
+
+    if (str == NULL) {
+        if (feof(pfile)) {
+            /* If the service object dn is not present in the service password file */
+            if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd) < 0) {
+                com_err(me, errno,
+                        _("Failed to write service object password to file"));
+                fclose(pfile);
+                goto cleanup;
+            }
+        } else {
+            com_err(me, errno,
+                    _("Error reading service object password file"));
+            fclose(pfile);
+            goto cleanup;
+        }
+        fclose(pfile);
+    } else {
+        /*
+         * Password entry for the service object is already present in the file
+         * Delete the existing entry and add the new entry
+         */
+        FILE *newfile;
+
+        mode_t omask;
+
+        /* Create a new file with the extension .tmp */
+        if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
+            com_err(me, ENOMEM, _("while setting service object password"));
+            fclose(pfile);
+            goto cleanup;
+        }
+
+        omask = umask(077);
+        newfile = fopen(tmp_file, "w");
+        umask (omask);
+        if (newfile == NULL) {
+            com_err(me, errno, _("Error creating file %s"), tmp_file);
+            fclose(pfile);
+            goto cleanup;
+        }
+        set_cloexec_file(newfile);
+
+        fseek(pfile, 0, SEEK_SET);
+        while (fgets(line, MAX_LEN, pfile) != NULL) {
+            if (((str = strstr(line, service_object)) != NULL) &&
+                (line[strlen(service_object)] == '#')) {
+                if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd) < 0) {
+                    com_err(me, errno, _("Failed to write service object "
+                                         "password to file"));
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    fclose(pfile);
+                    goto cleanup;
+                }
+            } else {
+                if (fprintf (newfile, "%s", line) < 0) {
+                    com_err(me, errno, _("Failed to write service object "
+                                         "password to file"));
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    fclose(pfile);
+                    goto cleanup;
+                }
+            }
+        }
+
+        if (!feof(pfile)) {
+            com_err(me, errno,
+                    _("Error reading service object password file"));
+            fclose(newfile);
+            unlink(tmp_file);
+            fclose(pfile);
+            goto cleanup;
+        }
+
+        /* TODO: file lock for the service password file */
+
+        fclose(pfile);
+        fclose(newfile);
+
+        ret = rename(tmp_file, file_name);
+        if (ret != 0) {
+            com_err(me, errno,
+                    _("Failed to write service object password to file"));
+            goto cleanup;
+        }
+    }
+    ret = 0;
+
+cleanup:
+
+    zapfreestr(hexpasswd);
+
+    if (service_object)
+        free(service_object);
+
+    profile_release_string(file_name);
+
+    if (tmp_file)
+        free(tmp_file);
+
+    if (print_usage)
+        usage();
+/*      db_usage(STASH_SRV_PW); */
+
+    if (ret)
+        exit_status++;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
new file mode 100644
index 00000000..08af62e1
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
@@ -0,0 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "ldap_misc.h"
+
+#define MAX_LEN                 1024
+#define MAX_SERVICE_PASSWD_LEN  256
+
+extern void kdb5_ldap_stash_service_password(int argc, char **argv);
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
new file mode 100644
index 00000000..0b56ba86
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
@@ -0,0 +1,608 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c */
+/*
+ * (C) Copyright 1990,1991, 1996, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-int.h>
+#include <locale.h>
+#include <time.h>
+#include <kadm5/admin.h>
+#include <adm_proto.h>
+#include "kdb5_ldap_util.h"
+
+typedef void (*cmd_func)(int, char **);
+int cmd_index(char *name);
+
+char *mkey_password = 0;
+int exit_status = 0;
+krb5_context util_context;
+kadm5_config_params global_params;
+krb5_boolean db_inited = FALSE;
+
+char *progname;
+krb5_boolean manual_mkey = FALSE;
+
+/*
+ * This function prints the usage of kdb5_ldap_util, which is
+ * the LDAP configuration utility.
+ */
+void
+usage(void)
+{
+    fprintf(stderr,
+            _("Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri] "
+              "[-r realm]\n"
+              "\tcmd [cmd_options]\n"
+
+/* Create realm */
+              "create          [-subtrees subtree_dn_list] [-sscope search_scope]\n"
+              "\t\t[-containerref container_reference_dn]\n"
+              "\t\t[-m|-P password|-sf stashfilename] [-s]\n"
+              "\t\t[-k mkeytype] [-kv mkeyVNO] [-M mkeyname]\n"
+              "\t\t[-maxtktlife max_ticket_life]\n"
+              "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
+
+/* modify realm */
+              "modify          [-subtrees subtree_dn_list] [-sscope search_scope]\n"
+              "\t\t[-containerref container_reference_dn]\n"
+              "\t\t[-maxtktlife max_ticket_life]\n"
+              "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
+/* View realm */
+              "view\n"
+
+/* Destroy realm */
+              "destroy         [-f]\n"
+
+/* List realms */
+              "list\n"
+
+/* Stash the service password */
+              "stashsrvpw      [-f filename] service_dn\n"
+
+/* Create policy */
+              "create_policy   [-maxtktlife max_ticket_life]\n"
+              "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+
+/* Modify policy */
+              "modify_policy   [-maxtktlife max_ticket_life]\n"
+              "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+
+/* View policy */
+              "view_policy     policy\n"
+
+/* Destroy policy */
+              "destroy_policy  [-force] policy\n"
+
+/* List policies */
+              "list_policy\n"));
+}
+
+void
+db_usage(int type)
+{
+    /*
+     * This should print usage of 'type' command. For now, we will print usage
+     * of all commands.
+     */
+    usage ();
+}
+
+/* The help messages for all sub-commands should be in the
+ * same order as listed in this table.
+ */
+static struct _cmd_table {
+    char *name;
+    cmd_func func;
+    int opendb;
+} cmd_table[] = {
+    {"create", kdb5_ldap_create, 1},
+    {"modify", kdb5_ldap_modify, 1},
+    {"view", kdb5_ldap_view, 1},
+    {"destroy", kdb5_ldap_destroy, 1},
+    {"list", kdb5_ldap_list, 1},
+    {"stashsrvpw", kdb5_ldap_stash_service_password, 0},
+    {"create_policy", kdb5_ldap_create_policy, 1},
+    {"modify_policy", kdb5_ldap_modify_policy, 1},
+    {"view_policy", kdb5_ldap_view_policy, 1},
+    {"destroy_policy", kdb5_ldap_destroy_policy, 1},
+    {"list_policy", kdb5_ldap_list_policies, 1},
+    {NULL, NULL, 0},
+};
+
+
+/*
+ * The function cmd_lookup returns the structure matching the
+ * command name and returns NULL if nothing matches.
+ */
+static struct _cmd_table *cmd_lookup(name)
+    char *name;
+{
+    int i;
+
+    for (i = 0; cmd_table[i].name != NULL; i++)
+        if (strcmp(cmd_table[i].name, name) == 0)
+            return &cmd_table[i];
+
+    return NULL;
+}
+
+
+/*
+ * The function cmd_index provides the offset of the command
+ * in the command table, which can be used to get the corresponding
+ * help from the help message table.
+ */
+int
+cmd_index(char *name)
+{
+    int i;
+
+    if (name == NULL)
+        return -1;
+
+    for (i = 0; cmd_table[i].name != NULL; i++)
+        if (strcmp(cmd_table[i].name, name) == 0)
+            return i;
+
+    return -1;
+}
+
+static void
+extended_com_err_fn(const char *myprog, errcode_t code, const char *fmt,
+                    va_list args)
+{
+    const char *emsg;
+    emsg = krb5_get_error_message (util_context, code);
+    fprintf (stderr, "%s: %s ", myprog, emsg);
+    krb5_free_error_message (util_context, emsg);
+    vfprintf (stderr, fmt, args);
+    fprintf (stderr, "\n");
+}
+
+int
+main(int argc, char *argv[])
+{
+    struct _cmd_table *cmd = NULL;
+    char *koptarg = NULL, **cmd_argv = NULL;
+    int cmd_argc = 0;
+    krb5_error_code retval;
+    int usage_print = 0;
+    int gp_is_static = 1;
+    krb5_error_code db_retval = 1;
+    char *bind_dn = NULL;
+    char *passwd = NULL;
+    char *ldap_server = NULL;
+    unsigned int ldapmask = 0;
+    unsigned int passwd_len = 0;
+    char *prompt = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    char *value = NULL, *conf_section = NULL;
+    krb5_boolean realm_name_required = TRUE;
+    krb5_boolean print_help_message = FALSE;
+
+    /*
+     * Ensure that "progname" is set before calling com_err.
+     */
+    setlocale(LC_ALL, "");
+    progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
+
+    retval = kadm5_init_krb5_context(&util_context);
+    set_com_err_hook(extended_com_err_fn);
+    if (retval) {
+        com_err(progname, retval, _("while initializing Kerberos code"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    cmd_argv = (char **) malloc(sizeof(char *)*argc);
+    if (cmd_argv == NULL) {
+        com_err(progname, ENOMEM, _("while creating sub-command arguments"));
+        exit_status++;
+        goto cleanup;
+    }
+    memset(cmd_argv, 0, sizeof(char *)*argc);
+    cmd_argc = 1;
+
+    memset(&global_params, 0, sizeof(kadm5_config_params));
+
+    argv++; argc--;
+    while (*argv) {
+        if (strcmp(*argv, "--help") == 0) {
+            print_help_message = TRUE;
+        }
+        if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+            mkey_password = koptarg;
+            manual_mkey = TRUE;
+        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+            global_params.realm = koptarg;
+            global_params.mask |= KADM5_CONFIG_REALM;
+            /* not sure this is really necessary */
+            if ((retval = krb5_set_default_realm(util_context,
+                                                 global_params.realm))) {
+                com_err(progname, retval,
+                        _("while setting default realm name"));
+                exit_status++;
+                goto cleanup;
+            }
+        } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+            if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
+                com_err(progname, EINVAL,
+                        _(": %s is an invalid enctype"), koptarg);
+                exit_status++;
+                goto cleanup;
+            } else
+                global_params.mask |= KADM5_CONFIG_ENCTYPE;
+        } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
+            global_params.kvno = (krb5_kvno) atoi(koptarg);
+            if (global_params.kvno == IGNORE_VNO) {
+                com_err(progname, EINVAL,
+                        _(": %s is an invalid mkeyVNO"), koptarg);
+                exit_status++;
+                goto cleanup;
+            } else
+                global_params.mask |= KADM5_CONFIG_KVNO;
+        } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+            global_params.mkey_name = koptarg;
+            global_params.mask |= KADM5_CONFIG_MKEY_NAME;
+        } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+            global_params.stash_file = koptarg;
+            global_params.mask |= KADM5_CONFIG_STASH_FILE;
+        } else if (strcmp(*argv, "-m") == 0) {
+            manual_mkey = TRUE;
+            global_params.mkey_from_kbd = 1;
+            global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
+            bind_dn = koptarg;
+            if (bind_dn == NULL) {
+                com_err(progname, ENOMEM, _("while reading ldap parameters"));
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_D;
+        } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
+            passwd = strdup(koptarg);
+            if (passwd == NULL) {
+                com_err(progname, ENOMEM, _("while reading ldap parameters"));
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_W;
+        } else if (strcmp(*argv, "-H") == 0 && ARG_VAL) {
+            ldap_server = koptarg;
+            if (ldap_server == NULL) {
+                com_err(progname, ENOMEM, _("while reading ldap parameters"));
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_H;
+        } else if (cmd_lookup(*argv) != NULL) {
+            if (cmd_argv[0] == NULL)
+                cmd_argv[0] = *argv;
+            else {
+                free(cmd_argv);
+                cmd_argv = NULL;
+                usage();
+                goto cleanup;
+            }
+        } else {
+            cmd_argv[cmd_argc++] = *argv;
+        }
+        argv++; argc--;
+    }
+
+    if (cmd_argv[0] == NULL) {
+        free(cmd_argv);
+        cmd_argv = NULL;
+        usage();
+        goto cleanup;
+    }
+
+    /* if we need to print the help message (because of --help option)
+     * we will print the help corresponding to the sub-command.
+     */
+    if (print_help_message) {
+        free(cmd_argv);
+        cmd_argv = NULL;
+        usage();
+        goto cleanup;
+    }
+
+    /* We need to check for the presence of default realm name only in
+     * the case of realm related operations like create, destroy etc.
+     */
+    if ((strcmp(cmd_argv[0], "list") == 0) ||
+        (strcmp(cmd_argv[0], "stashsrvpw") == 0)) {
+        realm_name_required = FALSE;
+    }
+
+    if (!util_context->default_realm) {
+        char *temp = NULL;
+        retval = krb5_get_default_realm(util_context, &temp);
+        if (retval) {
+            if (realm_name_required) {
+                com_err (progname, retval, _("while getting default realm"));
+                exit_status++;
+                goto cleanup;
+            }
+        }
+        krb5_free_default_realm(util_context, temp);
+    }
+    /* If we have the realm name, we can safely say that
+     * realm_name is required so that we don't neglect any information.
+     */
+    else
+        realm_name_required = TRUE;
+
+    retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
+                                util_context->default_realm, KDB_MODULE_POINTER,
+                                NULL,
+                                &value);
+
+    if (!(value)) {
+        retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                                    KDB_MODULE_POINTER, NULL,
+                                    NULL,
+                                    &value);
+        if (!(value)) {
+            if (util_context->default_realm)
+                conf_section = strdup(util_context->default_realm);
+        } else {
+            conf_section = strdup(value);
+            free(value);
+        }
+    } else {
+        conf_section = strdup(value);
+        free(value);
+    }
+
+    if (realm_name_required) {
+        retval = kadm5_get_config_params(util_context, 1,
+                                         &global_params, &global_params);
+        if (retval) {
+            com_err(progname, retval,
+                    _("while retrieving configuration parameters"));
+            exit_status++;
+            goto cleanup;
+        }
+        gp_is_static = 0;
+    }
+
+    if ((retval = krb5_ldap_lib_init()) != 0) {
+        com_err(progname, retval, _("while initializing error handling"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    /* Initialize the ldap context */
+    ldap_context = calloc(sizeof(krb5_ldap_context), 1);
+    if (ldap_context == NULL) {
+        com_err(progname, ENOMEM, _("while initializing ldap handle"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    ldap_context->kcontext = util_context;
+
+    /* If LDAP parameters are specified, replace them with the values from config */
+    if (ldapmask & CMD_LDAP_D) {
+        /* If password is not specified, prompt for it */
+        if (passwd == NULL) {
+            passwd = (char *)malloc(MAX_PASSWD_LEN);
+            if (passwd == NULL) {
+                com_err(progname, ENOMEM,
+                        _("while retrieving ldap configuration"));
+                exit_status++;
+                goto cleanup;
+            }
+            prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
+            if (prompt == NULL) {
+                free(passwd);
+                passwd = NULL;
+                com_err(progname, ENOMEM,
+                        _("while retrieving ldap configuration"));
+                exit_status++;
+                goto cleanup;
+            }
+            memset(passwd, 0, MAX_PASSWD_LEN);
+            passwd_len = MAX_PASSWD_LEN - 1;
+            snprintf(prompt, MAX_PASSWD_PROMPT_LEN,
+                     _("Password for \"%s\""), bind_dn);
+
+            db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
+
+            if ((db_retval) || (passwd_len == 0)) {
+                com_err(progname, ENOMEM,
+                        _("while retrieving ldap configuration"));
+                free(passwd);
+                passwd = NULL;
+                exit_status++;
+                goto cleanup;
+            }
+        }
+
+        ldap_context->bind_pwd = passwd;
+        passwd = NULL;
+    }
+
+    /* If ldaphost is specified, release entry filled by configuration & use this */
+    if (ldapmask & CMD_LDAP_H) {
+
+        ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
+        if (ldap_context->server_info_list == NULL) {
+            com_err(progname, ENOMEM, _("while initializing server list"));
+            exit_status++;
+            goto cleanup;
+        }
+
+        ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+        if (ldap_context->server_info_list[0] == NULL) {
+            com_err(progname, ENOMEM, _("while initializing server list"));
+            exit_status++;
+            goto cleanup;
+        }
+
+        ldap_context->server_info_list[0]->server_status = NOTSET;
+
+        ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
+        if (ldap_context->server_info_list[0]->server_name == NULL) {
+            com_err(progname, ENOMEM, _("while initializing server list"));
+            exit_status++;
+            goto cleanup;
+        }
+    }
+    if (bind_dn) {
+        ldap_context->bind_dn = strdup(bind_dn);
+        if (ldap_context->bind_dn == NULL) {
+            com_err(progname, ENOMEM,
+                    _("while retrieving ldap configuration"));
+            exit_status++;
+            goto cleanup;
+        }
+    } else
+        ldap_context->bind_dn = NULL;
+
+    ldap_context->service_type = SERVICE_DN_TYPE_CLIENT;
+
+    if (realm_name_required) {
+        if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
+            (!krb5_c_valid_enctype(global_params.enctype))) {
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                    _("while setting up enctype %d"), global_params.enctype);
+        }
+    }
+
+    cmd = cmd_lookup(cmd_argv[0]);
+
+    /* Setup DAL handle to access the database */
+    db_retval = krb5_db_setup_lib_handle(util_context);
+    if (db_retval) {
+        com_err(progname, db_retval, _("while setting up lib handle"));
+        exit_status++;
+        goto cleanup;
+    }
+    util_context->dal_handle->db_context = ldap_context;
+    ldap_context = NULL;
+
+    db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
+    if (db_retval) {
+        com_err(progname, db_retval, _("while reading ldap configuration"));
+        exit_status++;
+        goto cleanup;
+    }
+
+    if (cmd->opendb) {
+        db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context *)util_context->dal_handle->db_context);
+        if (db_retval) {
+            com_err(progname, db_retval, _("while initializing database"));
+            exit_status++;
+            goto cleanup;
+        }
+        db_inited = TRUE;
+    }
+    (*cmd->func)(cmd_argc, cmd_argv);
+
+    goto cleanup;
+
+cleanup:
+    if (passwd) {
+        memset(passwd, 0, strlen(passwd));
+        free(passwd);
+    }
+
+    if (ldap_context) {
+        krb5_ldap_free_server_context_params(ldap_context);
+        free(ldap_context);
+    }
+
+    if (util_context) {
+        if (gp_is_static == 0)
+            kadm5_free_config_params(util_context, &global_params);
+        krb5_db_fini(util_context);
+        krb5_free_context(util_context);
+    }
+
+    if (cmd_argv)
+        free(cmd_argv);
+    if (prompt)
+        free(prompt);
+    if (conf_section)
+        free(conf_section);
+
+    if (usage_print) {
+        usage();
+    }
+
+    return exit_status;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
new file mode 100644
index 00000000..dd626314
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
@@ -0,0 +1,69 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h */
+/* Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "kdb_ldap.h"
+#include "kdb5_ldap_realm.h"
+#include "kdb5_ldap_services.h"
+#include "kdb5_ldap_policy.h"
+
+#define MAIN_HELP            -1
+#define CREATE_REALM          1
+#define MODIFY_REALM          2
+#define VIEW_REALM            3
+#define DESTROY_REALM         4
+#define LIST_REALM            5
+
+#define STASH_SRV_PW          17
+
+#define CREATE_POLICY         11
+#define MODIFY_POLICY         12
+#define VIEW_POLICY           13
+#define DESTROY_POLICY        14
+#define LIST_POLICY           15
+
+extern char *progname;
+
+extern int exit_status;
+extern krb5_context util_context;
+
+extern void usage(void);
+extern void db_usage(int);
+
+#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(db_usage(MAIN_HELP), NULL))
+
+/* Following are the bitmaps that indicate which of the options among -D, -w, -h, -p & -t
+ * were specified on the command line.
+ */
+#define CMD_LDAP_D      0x1     /* set if -D option is specified */
+#define CMD_LDAP_W      0x2     /* set if -w option is specified */
+#define CMD_LDAP_H      0x4     /* set if -h option is specified */
+#define CMD_LDAP_P      0x8     /* set if -p option is specified */
+
+#define MAX_PASSWD_LEN          1024
+#define MAX_PASSWD_PROMPT_LEN   276     /* max_dn_size(=256) + strlen("Password for \" \"")=20 */
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
new file mode 100644
index 00000000..b40d6399
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
@@ -0,0 +1,70 @@
+mydir=plugins$(S)kdb$(S)ldap$(S)libkdb_ldap
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+# Lots of ugliness here because of duplicated symbol names.
+# Can I just punt the duplicates and import from libkdb5, or
+# is keeping them separate important?
+DEFINES = \
+	-Dkrb5_dbe_lookup_last_pwd_change=kdb_ldap_dbe_lookup_last_pwd_change \
+	-Dkrb5_dbe_lookup_tl_data=kdb_ldap_dbe_lookup_tl_data \
+	-Dkrb5_dbe_update_last_pwd_change=kdb_ldap_dbe_update_last_pwd_change \
+	-Dkrb5_dbe_update_tl_data=kdb_ldap_dbe_update_tl_data
+
+LOCALINCLUDES = -I$(top_srcdir)/lib/kdb -I$(top_srcdir)/lib/krb5/asn.1
+
+LIBBASE=kdb_ldap
+LIBMAJOR=1
+LIBMINOR=0
+RELDIR=../plugins/kdb/ldap/libkdb_ldap
+# Depends on libk5crypto and libkrb5
+# Also on gssrpc, for xdr stuff.
+SHLIB_EXPDEPS = \
+	$(GSSRPC_DEPLIBS) \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(SUPPORT_DEPLIB) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS= $(KADMSRV_LIBS) -lkrb5 -lk5crypto $(COM_ERR_LIB) $(SUPPORT_LIB) $(LDAP_LIBS) $(LIBS)
+
+LIBINITFUNC= kldap_init_fn
+LIBFINIFUNC=
+
+SRCS= 	$(srcdir)/kdb_ldap.c \
+	$(srcdir)/kdb_ldap_conn.c \
+	$(srcdir)/ldap_realm.c \
+	$(srcdir)/ldap_create.c \
+	$(srcdir)/ldap_krbcontainer.c \
+	$(srcdir)/ldap_principal.c \
+	$(srcdir)/ldap_principal2.c \
+	$(srcdir)/ldap_pwd_policy.c \
+	$(srcdir)/ldap_misc.c \
+	$(srcdir)/ldap_handle.c \
+	$(srcdir)/ldap_tkt_policy.c \
+	$(srcdir)/princ_xdr.c \
+	$(srcdir)/ldap_service_stash.c \
+	$(srcdir)/kdb_xdr.c \
+	$(srcdir)/ldap_err.c \
+	$(srcdir)/lockout.c \
+
+STLIBOBJS= kdb_ldap.o \
+	kdb_ldap_conn.o \
+	ldap_realm.o \
+	ldap_create.o \
+	ldap_krbcontainer.o \
+	ldap_principal.o \
+	ldap_principal2.o \
+	ldap_pwd_policy.o \
+	ldap_misc.o \
+	ldap_handle.o \
+	ldap_tkt_policy.o \
+	princ_xdr.o \
+	ldap_service_stash.o \
+	kdb_xdr.o \
+	ldap_err.o \
+	lockout.o
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libobjs clean-libs
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/deps b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/deps
new file mode 100644
index 00000000..6a6ab280
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/deps
@@ -0,0 +1,277 @@
+#
+# Generated makefile dependencies follow.
+#
+kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.c kdb_ldap.h \
+  ldap_err.h ldap_krbcontainer.h ldap_misc.h ldap_realm.h
+kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb_ldap.h kdb_ldap_conn.c ldap_handle.h ldap_krbcontainer.h \
+  ldap_main.h ldap_misc.h ldap_realm.h ldap_service_stash.h
+ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h \
+  ldap_handle.h ldap_krbcontainer.h ldap_main.h ldap_misc.h \
+  ldap_principal.h ldap_pwd_policy.h ldap_realm.c ldap_realm.h \
+  ldap_tkt_policy.h princ_xdr.h
+ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_create.c \
+  ldap_err.h ldap_handle.h ldap_krbcontainer.h ldap_main.h \
+  ldap_misc.h ldap_principal.h ldap_realm.h ldap_tkt_policy.h \
+  princ_xdr.h
+ldap_krbcontainer.so ldap_krbcontainer.po $(OUTPRE)ldap_krbcontainer.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.c \
+  ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h
+ldap_principal.so ldap_principal.po $(OUTPRE)ldap_principal.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h \
+  ldap_handle.h ldap_krbcontainer.h ldap_main.h ldap_misc.h \
+  ldap_principal.c ldap_principal.h ldap_realm.h ldap_tkt_policy.h \
+  princ_xdr.h
+ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h \
+  ldap_handle.h ldap_krbcontainer.h ldap_main.h ldap_misc.h \
+  ldap_principal.h ldap_principal2.c ldap_pwd_policy.h \
+  ldap_realm.h ldap_tkt_policy.h princ_xdr.h
+ldap_pwd_policy.so ldap_pwd_policy.po $(OUTPRE)ldap_pwd_policy.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \
+  ldap_main.h ldap_misc.h ldap_pwd_policy.c ldap_pwd_policy.h \
+  ldap_realm.h
+ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h \
+  ldap_handle.h ldap_krbcontainer.h ldap_misc.c ldap_misc.h \
+  ldap_principal.h ldap_pwd_policy.h ldap_realm.h ldap_tkt_policy.h \
+  princ_xdr.h
+ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb_ldap.h ldap_handle.c ldap_handle.h ldap_krbcontainer.h \
+  ldap_main.h ldap_misc.h ldap_realm.h
+ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
+  kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \
+  ldap_main.h ldap_misc.h ldap_realm.h ldap_tkt_policy.c \
+  ldap_tkt_policy.h
+princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_krbcontainer.h \
+  ldap_principal.h ldap_realm.h ldap_tkt_policy.h princ_xdr.c \
+  princ_xdr.h
+ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_handle.h \
+  ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \
+  ldap_service_stash.c ldap_service_stash.h
+kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb_xdr.c
+ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  ldap_err.c ldap_err.h
+lockout.so lockout.po $(OUTPRE)lockout.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_krbcontainer.h \
+  ldap_principal.h ldap_pwd_policy.h ldap_realm.h ldap_tkt_policy.h \
+  lockout.c princ_xdr.h
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
new file mode 100644
index 00000000..1f0c8684
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -0,0 +1,317 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <ctype.h>
+#include "kdb_ldap.h"
+#include "ldap_misc.h"
+#include <kdb5.h>
+#include <kadm5/admin.h>
+
+/*
+ * ldap get age
+ */
+krb5_error_code
+krb5_ldap_get_age(context, db_name, age)
+    krb5_context context;
+    char *db_name;
+    time_t *age;
+{
+    time (age);
+    return 0;
+}
+
+/*
+ * read startup information - kerberos and realm container
+ */
+krb5_error_code
+krb5_ldap_read_startup_information(krb5_context context)
+{
+    krb5_error_code      retval = 0;
+    kdb5_dal_handle      *dal_handle=NULL;
+    krb5_ldap_context    *ldap_context=NULL;
+    int                  mask = 0;
+
+    SETUP_CONTEXT();
+    if ((retval=krb5_ldap_read_krbcontainer_dn(context, &(ldap_context->container_dn)))) {
+        k5_prependmsg(context, retval, _("Unable to read Kerberos container"));
+        goto cleanup;
+    }
+
+    if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) {
+        k5_prependmsg(context, retval, _("Unable to read Realm"));
+        goto cleanup;
+    }
+
+    if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0)
+        || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
+        kadm5_config_params  params_in, params_out;
+
+        memset(&params_in, 0, sizeof(params_in));
+        memset(&params_out, 0, sizeof(params_out));
+
+        retval = kadm5_get_config_params(context, 1, &params_in, &params_out);
+        if (retval) {
+            if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+                ldap_context->lrparams->max_life = 24 * 60 * 60; /* 1 day */
+            }
+            if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+                ldap_context->lrparams->max_renewable_life = 0;
+            }
+            if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+                ldap_context->lrparams->tktflags = KRB5_KDB_DEF_FLAGS;
+            }
+            retval = 0;
+            goto cleanup;
+        }
+
+        if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+            if (params_out.mask & KADM5_CONFIG_MAX_LIFE)
+                ldap_context->lrparams->max_life = params_out.max_life;
+        }
+
+        if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+            if (params_out.mask & KADM5_CONFIG_MAX_RLIFE)
+                ldap_context->lrparams->max_renewable_life = params_out.max_rlife;
+        }
+
+        if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+            if (params_out.mask & KADM5_CONFIG_FLAGS)
+                ldap_context->lrparams->tktflags = params_out.flags;
+        }
+
+        kadm5_free_config_params(context, &params_out);
+    }
+
+cleanup:
+    return retval;
+}
+
+
+/* Interrogate the root DSE (zero length DN) for an attribute value assertion.
+ * Return true if it is present, false if it is absent or we can't tell. */
+static krb5_boolean
+has_rootdse_ava(krb5_context context, const char *server_name,
+                const char *attribute, const char *value)
+{
+    krb5_boolean result = FALSE;
+    char *attrs[2], **values = NULL;
+    int i, st;
+    LDAP *ld = NULL;
+    LDAPMessage *msg, *res = NULL;
+    struct berval cred;
+
+    attrs[0] = (char *)attribute;
+    attrs[1] = NULL;
+
+    st = ldap_initialize(&ld, server_name);
+    if (st != LDAP_SUCCESS)
+        goto cleanup;
+
+    /* Bind anonymously. */
+    cred.bv_val = "";
+    cred.bv_len = 0;
+    st = ldap_sasl_bind_s(ld, "", NULL, &cred, NULL, NULL, NULL);
+    if (st != LDAP_SUCCESS)
+        goto cleanup;
+
+    st = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, NULL,
+                           NULL, NULL, 0, &res);
+    if (st != LDAP_SUCCESS)
+        goto cleanup;
+
+    msg = ldap_first_message(ld, res);
+    if (msg == NULL)
+        goto cleanup;
+
+    values = ldap_get_values(ld, msg, attribute);
+    if (values == NULL)
+        goto cleanup;
+
+    for (i = 0; values[i] != NULL; i++) {
+        if (strcmp(values[i], value) == 0) {
+            result = TRUE;
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    ldap_value_free(values);
+    ldap_msgfree(res);
+    ldap_unbind_ext_s(ld, NULL, NULL);
+
+    return result;
+}
+
+krb5_boolean
+has_modify_increment(krb5_context context, const char *server_name)
+{
+    return has_rootdse_ava(context, server_name, "supportedFeatures",
+                           "1.3.6.1.1.14");
+}
+
+void *
+krb5_ldap_alloc(krb5_context context, void *ptr, size_t size)
+{
+    return realloc(ptr, size);
+}
+
+void
+krb5_ldap_free(krb5_context context, void *ptr)
+{
+    free(ptr);
+}
+
+krb5_error_code
+krb5_ldap_open(krb5_context context, char *conf_section, char **db_args,
+               int mode)
+{
+    krb5_error_code status  = 0;
+    krb5_ldap_context *ldap_context=NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    ldap_context = k5alloc(sizeof(krb5_ldap_context), &status);
+    if (ldap_context == NULL)
+        goto clean_n_exit;
+    context->dal_handle->db_context = ldap_context;
+    ldap_context->kcontext = context;
+
+    status = krb5_ldap_parse_db_params(context, db_args);
+    if (status) {
+        k5_prependmsg(context, status, _("Error processing LDAP DB params"));
+        goto clean_n_exit;
+    }
+
+    status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300);
+    if (status) {
+        k5_prependmsg(context, status, _("Error reading LDAP server params"));
+        goto clean_n_exit;
+    }
+    if ((status=krb5_ldap_db_init(context, ldap_context)) != 0) {
+        goto clean_n_exit;
+    }
+
+    if ((status=krb5_ldap_read_startup_information(context)) != 0) {
+        goto clean_n_exit;
+    }
+
+clean_n_exit:
+    /* may be clearing up is not required  db_fini might do it for us, check out */
+    if (status) {
+        krb5_ldap_close(context);
+    }
+    return status;
+}
+
+#include "ldap_err.h"
+int
+set_ldap_error(krb5_context ctx, int st, int op)
+{
+    int translated_st = translate_ldap_error(st, op);
+    k5_setmsg(ctx, translated_st, "%s", ldap_err2string(st));
+    return translated_st;
+}
+
+extern krb5int_access accessor;
+MAKE_INIT_FUNCTION(kldap_init_fn);
+
+int
+kldap_init_fn(void)
+{
+    /* Global (per-module) initialization.  */
+    return krb5int_accessor (&accessor, KRB5INT_ACCESS_VERSION);
+}
+
+int
+kldap_ensure_initialized(void)
+{
+    return CALL_INIT_FUNCTION (kldap_init_fn);
+}
+
+krb5_error_code
+krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                          krb5_db_entry *client, krb5_db_entry *server,
+                          krb5_timestamp kdc_time, const char **status,
+                          krb5_pa_data ***e_data)
+{
+    krb5_error_code retval;
+
+    retval = krb5_ldap_lockout_check_policy(kcontext, client, kdc_time);
+    if (retval == KRB5KDC_ERR_CLIENT_REVOKED)
+        *status = "LOCKED_OUT";
+    return retval;
+}
+
+void
+krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+                       const krb5_address *local_addr,
+                       const krb5_address *remote_addr, krb5_db_entry *client,
+                       krb5_db_entry *server, krb5_timestamp authtime,
+                       krb5_error_code error_code)
+{
+    (void) krb5_ldap_lockout_audit(kcontext, client, authtime, error_code);
+}
+
+krb5_error_code
+krb5_ldap_check_allowed_to_delegate(krb5_context context,
+                                    krb5_const_principal client,
+                                    const krb5_db_entry *server,
+                                    krb5_const_principal proxy)
+{
+    krb5_error_code code;
+    krb5_tl_data *tlp;
+
+    code = KRB5KDC_ERR_BADOPTION;
+
+    for (tlp = server->tl_data; tlp != NULL; tlp = tlp->tl_data_next) {
+        krb5_principal acl;
+
+        if (tlp->tl_data_type != KRB5_TL_CONSTRAINED_DELEGATION_ACL)
+            continue;
+
+        if (krb5_parse_name(context, (char *)tlp->tl_data_contents, &acl) != 0)
+            continue;
+
+        if (proxy == NULL || krb5_principal_compare(context, proxy, acl)) {
+            code = 0;
+            krb5_free_principal(context, acl);
+            break;
+        }
+        krb5_free_principal(context, acl);
+    }
+
+    return code;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
new file mode 100644
index 00000000..8b8420fa
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -0,0 +1,316 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* */
+#ifndef _KDB_LDAP_H
+#define _KDB_LDAP_H 1
+
+#include "k5-int.h"
+#include <k5-thread.h>
+#include <kdb5.h>
+#include "ldap_krbcontainer.h"
+#include "ldap_realm.h"
+
+/* We want the interfaces marked "deprecated" in OpenLDAP.  */
+#define LDAP_DEPRECATED 1
+#include <ldap.h>
+
+/* Check for acceptable versions.
+
+   OpenLDAP version 2.2.6 is known to have some kind of problem that
+   is tickled by the use of multiple handles in this code.  Version
+   2.2.19 in Mac OS 10.4.7 seems to be buggy as well.  Version 2.2.24
+   doesn't have this problem.  Other in-between versions have not been
+   tested.  */
+#ifndef BUILD_WITH_BROKEN_LDAP
+# if defined(LDAP_API_FEATURE_X_OPENLDAP)
+#  if LDAP_VENDOR_VERSION < 20224
+#   error This code triggers bugs in old OpenLDAP implementations.  Please update to 2.2.24 or later.
+#  endif
+# endif
+#endif /* BUILD_WITH_BROKEN_LDAP */
+
+extern struct timeval timelimit;
+
+#define  DEFAULT_CONNS_PER_SERVER    5
+#define  REALM_READ_REFRESH_INTERVAL (5 * 60)
+
+#if !defined(LDAP_OPT_RESULT_CODE) && defined(LDAP_OPT_ERROR_NUMBER)
+#define LDAP_OPT_RESULT_CODE LDAP_OPT_ERROR_NUMBER
+#endif
+
+#define MAXINTLEN  10
+
+#define IGNORE_STATUS              0
+#define CHECK_STATUS               1
+
+#define SETUP_CONTEXT() if (context == NULL || context->dal_handle == NULL \
+                            || context->dal_handle->db_context == NULL) { \
+        return EINVAL;                                                  \
+    }                                                                   \
+    dal_handle = context->dal_handle;                                   \
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;        \
+    if (ldap_context == NULL || ldap_context->server_info_list == NULL) \
+        return KRB5_KDB_DBNOTINITED;
+
+#define GET_HANDLE()  ld = NULL;                                        \
+    st = krb5_ldap_request_handle_from_pool(ldap_context, &ldap_server_handle); \
+    if (st != 0) {                                                      \
+        k5_wrapmsg(context, st, KRB5_KDB_ACCESS_ERROR,                  \
+                   "LDAP handle unavailable");                          \
+        st = KRB5_KDB_ACCESS_ERROR;                                     \
+        goto cleanup;                                                   \
+    }                                                                   \
+    ld = ldap_server_handle->ldap_handle;
+
+extern int set_ldap_error (krb5_context ctx, int st, int op);
+
+#define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
+
+#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \
+    tempst = 0;                                                         \
+    st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL,     \
+                           NULL, &timelimit, LDAP_NO_LIMIT, &result);   \
+    if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+        tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle);   \
+        if (ldap_server_handle)                                         \
+            ld = ldap_server_handle->ldap_handle;                       \
+        if (tempst == 0)                                                \
+            st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0,   \
+                                   NULL, NULL, &timelimit,              \
+                                   LDAP_NO_LIMIT, &result);             \
+    }                                                                   \
+                                                                        \
+    if (status_check != IGNORE_STATUS) {                                \
+        if (tempst != 0) {                                              \
+            k5_wrapmsg(context, st, KRB5_KDB_ACCESS_ERROR,              \
+                       "LDAP handle unavailable");                      \
+            st = KRB5_KDB_ACCESS_ERROR;                                 \
+            goto cleanup;                                               \
+        }                                                               \
+        if (st != LDAP_SUCCESS) {                                       \
+            st = set_ldap_error(context, st, OP_SEARCH);                \
+            goto cleanup;                                               \
+        }                                                               \
+    }
+
+
+#define CHECK_CLASS_VALIDITY(st, mask, str)                             \
+    if (st != 0 || mask == 0) {                                         \
+        if (st == 0 && mask == 0) {                                     \
+            st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
+        }                                                               \
+        k5_prependmsg(context, st, str);                                \
+        goto cleanup;                                                   \
+    }
+
+#define CHECK_NULL(ptr) if (ptr == NULL) {      \
+        st = ENOMEM;                            \
+        goto cleanup;                           \
+    }
+
+#define  STORE16_INT(ptr, val)  store_16_be(val, ptr)
+#define  STORE32_INT(ptr, val)  store_32_be(val, ptr)
+#define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
+#define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
+
+#define  KDB_TL_USER_INFO      0xff
+
+#define KDB_TL_PRINCTYPE          0x01
+#define KDB_TL_PRINCCOUNT         0x02
+#define KDB_TL_USERDN             0x03
+#define KDB_TL_KEYINFO            0x04
+#define KDB_TL_MASK               0x05
+/* 0x06 was KDB_TL_CONTAINERDN but is no longer used */
+#define KDB_TL_LINKDN             0x07
+
+
+#define CHECK_LDAP_HANDLE(lcontext)     if (!(ldap_context              \
+                                              && ldap_context->server_info_list)) { \
+        return KRB5_KDB_DBNOTINITED;                                    \
+    }
+
+#define HNDL_LOCK(lcontext) k5_mutex_lock(&lcontext->hndl_lock)
+#define HNDL_UNLOCK(lcontext) k5_mutex_unlock(&lcontext->hndl_lock)
+
+/* ldap server info structure */
+
+typedef enum _server_type {PRIMARY, SECONDARY} krb5_ldap_server_type;
+
+typedef enum _server_status {OFF, ON, NOTSET} krb5_ldap_server_status;
+
+typedef struct _krb5_ldap_server_info krb5_ldap_server_info;
+
+typedef struct  _krb5_ldap_server_handle {
+    int                              msgid;
+    LDAP                             *ldap_handle;
+    krb5_ldap_server_info            *server_info;
+    struct _krb5_ldap_server_handle  *next;
+} krb5_ldap_server_handle;
+
+struct _krb5_ldap_server_info {
+    krb5_ldap_server_type        server_type;
+    krb5_ldap_server_status      server_status;
+    krb5_ui_4                    num_conns;
+    krb5_ldap_server_handle      *ldap_server_handles;
+    time_t                       downtime;
+    char                        *server_name;
+    int                          modify_increment;
+    struct _krb5_ldap_server_info *next;
+};
+
+
+/* ldap server structure */
+
+typedef enum {SERVICE_DN_TYPE_SERVER, SERVICE_DN_TYPE_CLIENT} krb5_ldap_servicetype;
+
+typedef struct _krb5_ldap_context {
+    krb5_ldap_servicetype         service_type;
+    krb5_ldap_server_info         **server_info_list;
+    krb5_ui_4                     max_server_conns;
+    char                          *conf_section;
+    char                          *bind_dn;
+    char                          *bind_pwd;
+    char                          *service_password_file;
+    char                          *sasl_mech;
+    char                          *sasl_authcid;
+    char                          *sasl_authzid;
+    char                          *sasl_realm;
+    char                          *root_certificate_file;
+    krb5_ui_4                     cert_count; /* certificate count */
+    k5_mutex_t                    hndl_lock;
+    char                          *container_dn;
+    krb5_ldap_realm_params        *lrparams;
+    krb5_boolean                  disable_last_success;
+    krb5_boolean                  disable_lockout;
+    int                           ldap_debug;
+    krb5_context                  kcontext;   /* to set the error code and message */
+} krb5_ldap_context;
+
+
+typedef struct {
+    int           nkey;
+    struct berval **keys;
+}KEY;
+
+#define k5ldap_inited(c) (c && c->db_context                            \
+                          && ((kdb5_dal_handle*)c->db_context)->db_context \
+                          && ((krb5_ldap_context *) ((kdb5_dal_handle*)c->db_context)->db_context))
+
+
+/* misc functions */
+
+krb5_error_code
+krb5_ldap_db_init(krb5_context, krb5_ldap_context *);
+
+krb5_error_code
+krb5_ldap_db_single_init(krb5_ldap_context *);
+
+krb5_error_code
+krb5_ldap_rebind(krb5_ldap_context *, krb5_ldap_server_handle **);
+
+krb5_error_code
+krb5_ldap_get_age(krb5_context, char *, time_t *);
+
+krb5_error_code
+krb5_ldap_lib_init(void);
+
+krb5_error_code
+krb5_ldap_lib_cleanup(void);
+
+void *
+krb5_ldap_alloc( krb5_context kcontext,  void *ptr, size_t size );
+
+void
+krb5_ldap_free( krb5_context kcontext, void *ptr );
+
+krb5_error_code
+krb5_ldap_create(krb5_context , char *, char **);
+
+krb5_error_code
+krb5_ldap_open( krb5_context , char *,
+                char **db_args,
+                int mode );
+krb5_error_code
+krb5_ldap_close( krb5_context );
+
+krb5_error_code
+krb5_ldap_free_ldap_context(krb5_ldap_context *);
+
+krb5_error_code
+krb5_ldap_read_startup_information(krb5_context );
+
+krb5_boolean
+has_modify_increment(krb5_context, const char *);
+
+void
+krb5_ldap_free_server_context_params(krb5_ldap_context *ldap_context);
+
+krb5_error_code
+krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                          krb5_db_entry *client, krb5_db_entry *server,
+                          krb5_timestamp kdc_time, const char **status,
+                          krb5_pa_data ***e_data);
+
+void
+krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
+                       const krb5_address *local_addr,
+                       const krb5_address *remote_addr, krb5_db_entry *client,
+                       krb5_db_entry *server, krb5_timestamp authtime,
+                       krb5_error_code error_code);
+
+krb5_error_code
+krb5_ldap_check_allowed_to_delegate(krb5_context context,
+                                    krb5_const_principal client,
+                                    const krb5_db_entry *server,
+                                    krb5_const_principal proxy);
+
+/* DAL functions */
+
+
+krb5_error_code
+krb5_ldap_lock( krb5_context, int );
+
+krb5_error_code
+krb5_ldap_unlock( krb5_context );
+
+/* lockout.c */
+krb5_error_code
+krb5_ldap_lockout_check_policy(krb5_context context,
+                               krb5_db_entry *entry,
+                               krb5_timestamp stamp);
+
+krb5_error_code
+krb5_ldap_lockout_audit(krb5_context context,
+                        krb5_db_entry *entry,
+                        krb5_timestamp stamp,
+                        krb5_error_code status);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
new file mode 100644
index 00000000..cee4b7b8
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -0,0 +1,364 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "ldap_main.h"
+#include "ldap_service_stash.h"
+#include <kdb5.h>
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#endif
+
+/* Ensure that we have the parameters we need to authenticate to the LDAP
+ * server.  Read the password if necessary. */
+static krb5_error_code
+validate_context(krb5_context context, krb5_ldap_context *ctx)
+{
+    krb5_error_code ret;
+
+    if (ctx->sasl_mech != NULL) {
+        /* Read the password for use as the SASL secret if we can, but do not
+         * require one as not all mechanisms need it. */
+        if (ctx->bind_pwd == NULL && ctx->sasl_authcid != NULL &&
+            ctx->service_password_file != NULL) {
+            (void)krb5_ldap_readpassword(context, ctx->service_password_file,
+                                         ctx->sasl_authcid, &ctx->bind_pwd);
+        }
+        return 0;
+    }
+
+    /* For a simple bind, a DN and password are required. */
+
+    if (ctx->bind_dn == NULL) {
+        k5_setmsg(context, EINVAL, _("LDAP bind dn value missing"));
+        return EINVAL;
+    }
+
+    if (ctx->bind_pwd == NULL && ctx->service_password_file == NULL) {
+        k5_setmsg(context, EINVAL, _("LDAP bind password value missing"));
+        return EINVAL;
+    }
+
+    if (ctx->bind_pwd == NULL && ctx->service_password_file != NULL) {
+        ret = krb5_ldap_readpassword(context, ctx->service_password_file,
+                                     ctx->bind_dn, &ctx->bind_pwd);
+        if (ret) {
+            k5_prependmsg(context, ret,
+                          _("Error reading password from stash"));
+            return ret;
+        }
+    }
+
+    /* An empty password is not allowed. */
+    if (*ctx->bind_pwd == '\0') {
+        k5_setmsg(context, EINVAL, _("Service password length is zero"));
+        return EINVAL;
+    }
+
+    return 0;
+}
+
+/*
+ * Internal Functions called by init functions.
+ */
+
+#ifdef HAVE_SASL_SASL_H
+
+static int
+interact(LDAP *ld, unsigned flags, void *defaults, void *sin)
+{
+    sasl_interact_t *in = NULL;
+    krb5_ldap_context *ctx = defaults;
+
+    for (in = sin; in != NULL && in->id != SASL_CB_LIST_END; in++) {
+        if (in->id == SASL_CB_AUTHNAME)
+            in->result = ctx->sasl_authcid;
+        else if (in->id == SASL_CB_USER)
+            in->result = ctx->sasl_authzid;
+        else if (in->id == SASL_CB_GETREALM)
+            in->result = ctx->sasl_realm;
+        else if (in->id == SASL_CB_PASS)
+            in->result = ctx->bind_pwd;
+        else
+            return LDAP_OTHER;
+        in->len = (in->result != NULL) ? strlen(in->result) : 0;
+    }
+
+    return LDAP_SUCCESS;
+}
+
+#else /* HAVE_SASL_SASL_H */
+
+/* We can't define an interaction function, so only non-interactive mechs like
+ * EXTERNAL can work. */
+static int
+interact(LDAP *ld, unsigned flags, void *defaults, void *sin)
+{
+    return LDAP_OTHER;
+}
+
+#endif
+
+static krb5_error_code
+authenticate(krb5_ldap_context *ctx, krb5_ldap_server_handle *server)
+{
+    int st;
+    struct berval bv;
+
+    if (ctx->sasl_mech != NULL) {
+        st = ldap_sasl_interactive_bind_s(server->ldap_handle, NULL,
+                                          ctx->sasl_mech, NULL, NULL,
+                                          LDAP_SASL_QUIET, interact, ctx);
+        if (st != LDAP_SUCCESS) {
+            k5_setmsg(ctx->kcontext, KRB5_KDB_ACCESS_ERROR,
+                      _("Cannot bind to LDAP server '%s' with SASL mechanism "
+                        "'%s': %s"), server->server_info->server_name,
+                      ctx->sasl_mech, ldap_err2string(st));
+            return KRB5_KDB_ACCESS_ERROR;
+        }
+    } else {
+        /* Do a simple bind with DN and password. */
+        bv.bv_val = ctx->bind_pwd;
+        bv.bv_len = strlen(ctx->bind_pwd);
+        st = ldap_sasl_bind_s(server->ldap_handle, ctx->bind_dn, NULL, &bv,
+                              NULL, NULL, NULL);
+        if (st != LDAP_SUCCESS) {
+            k5_setmsg(ctx->kcontext, KRB5_KDB_ACCESS_ERROR,
+                      _("Cannot bind to LDAP server '%s' as '%s': %s"),
+                      server->server_info->server_name, ctx->bind_dn,
+                      ldap_err2string(st));
+            return KRB5_KDB_ACCESS_ERROR;
+        }
+    }
+    return 0;
+}
+
+static krb5_error_code
+initialize_server(krb5_ldap_context *ldap_context, krb5_ldap_server_info *info)
+{
+    krb5_ldap_server_handle *server;
+    krb5_error_code ret;
+    int st;
+
+    server = calloc(1, sizeof(krb5_ldap_server_handle));
+    if (server == NULL)
+        return ENOMEM;
+    server->server_info = info;
+
+    st = ldap_initialize(&server->ldap_handle, info->server_name);
+    if (st) {
+        free(server);
+        k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR,
+                  _("Cannot create LDAP handle for '%s': %s"),
+                  info->server_name, ldap_err2string(st));
+        return KRB5_KDB_ACCESS_ERROR;
+    }
+
+    ret = authenticate(ldap_context, server);
+    if (ret) {
+        info->server_status = OFF;
+        time(&info->downtime);
+        free(server);
+        return ret;
+    }
+
+    server->next = info->ldap_server_handles;
+    info->ldap_server_handles = server;
+    info->num_conns++;
+    info->server_status = ON;
+    return 0;
+}
+
+/*
+ * initialization for data base routines.
+ */
+
+krb5_error_code
+krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ctx)
+{
+    krb5_error_code ret;
+    int i, version = LDAP_VERSION3;
+    unsigned int conns;
+    krb5_ldap_server_info *info;
+    struct timeval local_timelimit = { 10, 0 };
+
+    ret = validate_context(context, ctx);
+    if (ret)
+        return ret;
+
+#ifdef LDAP_OPT_DEBUG_LEVEL
+    ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ctx->ldap_debug);
+#endif
+    ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+    ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit);
+#elif defined LDAP_X_OPT_CONNECT_TIMEOUT
+    ldap_set_option(NULL, LDAP_X_OPT_CONNECT_TIMEOUT, &local_timelimit);
+#endif
+
+    HNDL_LOCK(ctx);
+    for (i = 0; ctx->server_info_list[i] != NULL; i++) {
+        info = ctx->server_info_list[i];
+        if (info->server_status == NOTSET) {
+            krb5_clear_error_message(context);
+
+#ifdef LDAP_MOD_INCREMENT
+            info->modify_increment = has_modify_increment(context,
+                                                          info->server_name);
+#else
+            info->modify_increment = 0;
+#endif
+
+            for (conns = 0; conns < ctx->max_server_conns; conns++) {
+                ret = initialize_server(ctx, info);
+                if (ret)
+                    break;
+            }
+
+            /* If we opened a connection, don't try any more servers. */
+            if (info->server_status == ON)
+                break;
+        }
+    }
+    HNDL_UNLOCK(ctx);
+
+    return ret;
+}
+
+
+/*
+ * get a single handle. Do not lock the mutex
+ */
+
+krb5_error_code
+krb5_ldap_db_single_init(krb5_ldap_context *ldap_context)
+{
+    krb5_error_code             st=0;
+    int                         cnt=0;
+    krb5_ldap_server_info       *server_info=NULL;
+
+    while (ldap_context->server_info_list[cnt] != NULL) {
+        server_info = ldap_context->server_info_list[cnt];
+        if ((server_info->server_status == NOTSET || server_info->server_status == ON)) {
+            if (server_info->num_conns < ldap_context->max_server_conns-1) {
+                st = initialize_server(ldap_context, server_info);
+                if (st == LDAP_SUCCESS)
+                    goto cleanup;
+            }
+        }
+        ++cnt;
+    }
+
+    /* If we are here, try to connect to all the servers */
+
+    cnt = 0;
+    while (ldap_context->server_info_list[cnt] != NULL) {
+        server_info = ldap_context->server_info_list[cnt];
+        st = initialize_server(ldap_context, server_info);
+        if (st == LDAP_SUCCESS)
+            goto cleanup;
+        ++cnt;
+    }
+cleanup:
+    return (st);
+}
+
+krb5_error_code
+krb5_ldap_rebind(krb5_ldap_context *ldap_context,
+                 krb5_ldap_server_handle **ldap_server_handle)
+{
+    krb5_ldap_server_handle *handle = *ldap_server_handle;
+
+    ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL);
+    if (ldap_initialize(&handle->ldap_handle,
+                        handle->server_info->server_name) != LDAP_SUCCESS ||
+        authenticate(ldap_context, handle) != 0) {
+        return krb5_ldap_request_next_handle_from_pool(ldap_context,
+                                                       ldap_server_handle);
+    }
+    return LDAP_SUCCESS;
+}
+
+/*
+ *     DAL API functions
+ */
+krb5_error_code
+krb5_ldap_lib_init()
+{
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_lib_cleanup()
+{
+    /* right now, no cleanup required */
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_free_ldap_context(krb5_ldap_context *ldap_context)
+{
+    if (ldap_context == NULL)
+        return 0;
+
+    free(ldap_context->container_dn);
+    ldap_context->container_dn = NULL;
+
+    krb5_ldap_free_realm_params(ldap_context->lrparams);
+    ldap_context->lrparams = NULL;
+
+    krb5_ldap_free_server_params(ldap_context);
+
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_close(krb5_context context)
+{
+    kdb5_dal_handle  *dal_handle=NULL;
+    krb5_ldap_context *ldap_context=NULL;
+
+    if (context == NULL ||
+        context->dal_handle == NULL ||
+        context->dal_handle->db_context == NULL)
+        return 0;
+
+    dal_handle = context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+    dal_handle->db_context = NULL;
+
+    krb5_ldap_free_ldap_context(ldap_context);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
new file mode 100644
index 00000000..ae51905a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
@@ -0,0 +1,141 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c */
+/*
+ * Copyright 1995 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <kdb.h>
+
+#define safe_realloc(p,n) ((p)?(realloc(p,n)):(malloc(n)))
+
+krb5_error_code
+krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *new_tl_data)
+{
+    krb5_tl_data        * tl_data;
+    krb5_octet          * tmp;
+
+    /* copy the new data first, so we can fail cleanly if malloc()
+       fails */
+
+    if ((tmp = (krb5_octet *) malloc(new_tl_data->tl_data_length)) == NULL)
+        return(ENOMEM);
+
+    /* Find an existing entry of the specified type and point at
+       it, or NULL if not found */
+
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next)
+        if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+            break;
+
+    /* if necessary, chain a new record in the beginning and point at it */
+
+    if (!tl_data) {
+        if ((tl_data = (krb5_tl_data *) calloc(1, sizeof(krb5_tl_data)))
+            == NULL) {
+            free(tmp);
+            return(ENOMEM);
+        }
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
+    }
+
+    /* fill in the record */
+
+    if (tl_data->tl_data_contents)
+        free(tl_data->tl_data_contents);
+
+    tl_data->tl_data_type = new_tl_data->tl_data_type;
+    tl_data->tl_data_length = new_tl_data->tl_data_length;
+    tl_data->tl_data_contents = tmp;
+    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
+
+    return(0);
+}
+
+krb5_error_code
+krb5_dbe_lookup_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *ret_tl_data)
+{
+    krb5_tl_data *tl_data;
+
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
+        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+            *ret_tl_data = *tl_data;
+            return(0);
+        }
+    }
+
+    /* if the requested record isn't found, return zero bytes.
+       if it ever means something to have a zero-length tl_data,
+       this code and its callers will have to be changed */
+
+    ret_tl_data->tl_data_length = 0;
+    ret_tl_data->tl_data_contents = NULL;
+    return(0);
+}
+
+krb5_error_code
+krb5_dbe_update_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp stamp)
+{
+    krb5_tl_data        tl_data;
+    krb5_octet          buf[4]; /* this is the encoded size of an int32 */
+
+    tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+    tl_data.tl_data_length = sizeof(buf);
+    krb5_kdb_encode_int32((krb5_int32) stamp, buf);
+    tl_data.tl_data_contents = buf;
+
+    return(krb5_dbe_update_tl_data(context, entry, &tl_data));
+}
+
+krb5_error_code
+krb5_dbe_lookup_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp *stamp)
+{
+    krb5_tl_data        tl_data;
+    krb5_error_code     code;
+    krb5_int32          tmp;
+
+    tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return(code);
+
+    if (tl_data.tl_data_length != 4) {
+        *stamp = 0;
+        return(0);
+    }
+
+    krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
+
+    *stamp = (krb5_timestamp) tmp;
+
+    return(0);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
new file mode 100644
index 00000000..4224f085
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
@@ -0,0 +1,905 @@
+# Novell Kerberos Schema Definitions
+# Novell Inc.
+# 1800 South Novell Place
+# Provo, UT 84606
+#
+# VeRsIoN=1.0
+# CoPyRiGhT=(c) Copyright 2006, Novell, Inc.  All rights reserved
+#
+# OIDs:
+#    joint-iso-ccitt(2)
+#      country(16)
+#        us(840)
+#          organization(1)
+#            Novell(113719)
+#              applications(1)
+#                kerberos(301)
+#                 Kerberos Attribute Type(4) attr# version#
+#                    specific attribute definitions
+#                 Kerberos Attribute Syntax(5)
+#                    specific syntax definitions
+#                 Kerberos Object Class(6) class# version#
+#                    specific class definitions
+#
+#    iso(1)
+#      member-body(2)
+#        United States(840)
+#          mit (113554)
+#            infosys(1)
+#              ldap(4)
+#                attributeTypes(1)
+#                  Kerberos(6)
+
+########################################################################
+
+
+########################################################################
+#                     Attribute Type Definitions                       #
+########################################################################
+
+##### This is the principal name in the RFC 1964 specified format
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.1.1
+                NAME 'krbPrincipalName'
+                EQUALITY caseExactIA5Match
+                SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+
+##### If there are multiple krbPrincipalName values for an entry, this
+##### is the canonical principal name in the RFC 1964 specified
+##### format.  (If this attribute does not exist, then all
+##### krbPrincipalName values are treated as canonical.)
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.2.840.113554.1.4.1.6.1
+                NAME 'krbCanonicalName'
+                EQUALITY caseExactIA5Match
+                SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+                SINGLE-VALUE )
+
+##### This specifies the type of the principal, the types could be any of
+##### the types mentioned in section 6.2 of RFC 4120
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.3.1
+                NAME 'krbPrincipalType'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### This flag is used to find whether directory User Password has to be used
+##### as kerberos password.
+##### TRUE, if User Password is to be used as the kerberos password.
+##### FALSE, if User Password and the kerberos password are different.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.5.1
+                NAME 'krbUPEnabled'
+                DESC 'Boolean'
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+                SINGLE-VALUE )
+
+
+##### The time at which the principal expires
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.6.1
+                NAME 'krbPrincipalExpiration'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE )
+
+
+##### The krbTicketFlags attribute holds information about the kerberos flags for a principal
+##### The values (0x00000001 - 0x00800000) are reserved for standards and 
+##### values (0x01000000 - 0x80000000) can be used for proprietary extensions.
+##### The flags and values as per RFC 4120 and MIT implementation are,
+##### DISALLOW_POSTDATED        0x00000001
+##### DISALLOW_FORWARDABLE      0x00000002
+##### DISALLOW_TGT_BASED        0x00000004
+##### DISALLOW_RENEWABLE        0x00000008
+##### DISALLOW_PROXIABLE        0x00000010
+##### DISALLOW_DUP_SKEY         0x00000020
+##### DISALLOW_ALL_TIX          0x00000040
+##### REQUIRES_PRE_AUTH         0x00000080
+##### REQUIRES_HW_AUTH          0x00000100
+##### REQUIRES_PWCHANGE         0x00000200
+##### DISALLOW_SVR              0x00001000
+##### PWCHANGE_SERVICE          0x00002000
+
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.8.1
+                NAME 'krbTicketFlags'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### The maximum ticket lifetime for a principal in seconds
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.9.1
+                NAME 'krbMaxTicketLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Maximum renewable lifetime for a principal's ticket in seconds
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.10.1
+                NAME 'krbMaxRenewableAge'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Forward reference to the Realm object.
+##### (FDN of the krbRealmContainer object).
+##### Example:   cn=ACME.COM, cn=Kerberos, cn=Security
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.14.1
+                NAME 'krbRealmReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### List of LDAP servers that kerberos servers can contact.
+##### The attribute holds data in the ldap uri format,
+##### Example: ldaps://acme.com:636
+#####
+##### The values of this attribute need to be updated, when
+##### the LDAP servers listed here are renamed, moved or deleted.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.15.1
+                NAME 'krbLdapServers'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##### A set of forward references to the KDC Service objects.
+##### (FDNs of the krbKdcService objects).
+##### Example:   cn=kdc - server 1, ou=uvw, o=xyz
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.17.1
+                NAME 'krbKdcServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### A set of forward references to the Password Service objects.
+##### (FDNs of the krbPwdService objects).
+##### Example:   cn=kpasswdd - server 1, ou=uvw, o=xyz
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.18.1
+                NAME 'krbPwdServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### This attribute holds the Host Name or the ip address, 
+##### transport protocol and ports of the kerberos service host
+##### The format is host_name-or-ip_address#protocol#port
+##### Protocol can be 0 or 1. 0 is for UDP. 1 is for TCP.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.24.1
+                NAME 'krbHostServer'
+                EQUALITY caseExactIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+
+##### This attribute holds the scope for searching the principals
+##### under krbSubTree attribute of krbRealmContainer
+##### The value can either be 1 (ONE) or 2 (SUB_TREE).
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.25.1
+                NAME 'krbSearchScope'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### FDNs pointing to Kerberos principals
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.26.1
+                NAME 'krbPrincipalReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### This attribute specifies which attribute of the user objects  
+##### be used as the principal name component for Kerberos.
+##### The allowed values are cn, sn, uid, givenname, fullname.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.28.1
+                NAME 'krbPrincNamingAttr'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+                SINGLE-VALUE )
+
+
+##### A set of forward references to the Administration Service objects.
+##### (FDNs of the krbAdmService objects).
+##### Example:   cn=kadmindd - server 1, ou=uvw, o=xyz
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.29.1
+                NAME 'krbAdmServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### Maximum lifetime of a principal's password
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.30.1
+                NAME 'krbMaxPwdLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE )
+
+
+##### Minimum lifetime of a principal's password
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.31.1
+                NAME 'krbMinPwdLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE )
+
+
+##### Minimum number of character clases allowed in a password
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.32.1
+                NAME 'krbPwdMinDiffChars' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE )
+
+
+##### Minimum length of the password
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.33.1
+                NAME 'krbPwdMinLength' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE )
+
+
+##### Number of previous versions of passwords that are stored
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.34.1
+                NAME 'krbPwdHistoryLength' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE )
+
+
+##### Number of consecutive pre-authentication failures before lockout
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.5322.21.2.1
+                NAME 'krbPwdMaxFailure' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Period after which bad preauthentication count will be reset
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.5322.21.2.2
+                NAME 'krbPwdFailureCountInterval' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Period in which lockout is enforced
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.5322.21.2.3
+                NAME 'krbPwdLockoutDuration' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Policy attribute flags
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.2.840.113554.1.4.1.6.2
+                NAME 'krbPwdAttributes'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Policy maximum ticket lifetime
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.2.840.113554.1.4.1.6.3
+                NAME 'krbPwdMaxLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Policy maximum ticket renewable lifetime
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.2.840.113554.1.4.1.6.4
+                NAME 'krbPwdMaxRenewableLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE )
+
+
+##### Allowed enctype:salttype combinations for key changes
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.2.840.113554.1.4.1.6.5
+                NAME 'krbPwdAllowedKeysalts'
+                EQUALITY caseIgnoreIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+                SINGLE-VALUE )
+
+
+##### FDN pointing to a Kerberos Password Policy object
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.36.1
+                NAME 'krbPwdPolicyReference'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+                SINGLE-VALUE )
+
+
+##### The time at which the principal's password expires
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.37.1
+                NAME 'krbPasswordExpiration'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE )
+
+
+##### This attribute holds the principal's key (krbPrincipalKey) that is encrypted with
+##### the master key (krbMKey). 
+##### The attribute is ASN.1 encoded.
+#####
+##### The format of the value for this attribute is explained below,
+##### KrbKeySet ::= SEQUENCE {
+##### attribute-major-vno       [0] UInt16,
+##### attribute-minor-vno       [1] UInt16,
+##### kvno                      [2] UInt32,
+##### mkvno                     [3] UInt32 OPTIONAL,
+##### keys                      [4] SEQUENCE OF KrbKey,
+##### ...
+##### }
+#####
+##### KrbKey ::= SEQUENCE {
+##### salt      [0] KrbSalt OPTIONAL,
+##### key       [1] EncryptionKey,
+##### s2kparams [2] OCTET STRING OPTIONAL,
+##### ...
+##### }
+#####
+##### KrbSalt ::= SEQUENCE {
+##### type      [0] Int32,
+##### salt      [1] OCTET STRING OPTIONAL
+##### }
+#####
+##### EncryptionKey ::= SEQUENCE {
+##### keytype   [0] Int32,
+##### keyvalue  [1] OCTET STRING
+##### }
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.39.1
+                NAME 'krbPrincipalKey'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+
+##### FDN pointing to a Kerberos Ticket Policy object.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.40.1
+                NAME 'krbTicketPolicyReference'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+                SINGLE-VALUE )
+
+
+##### Forward reference to an entry that starts sub-trees
+##### where principals and other kerberos objects in the realm are configured.
+##### Example:   ou=acme, ou=pq, o=xyz
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.41.1
+                NAME 'krbSubTrees'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### Holds the default encryption/salt type combinations of principals for
+##### the Realm. Stores in the form of key:salt strings.
+##### Example: aes256-cts-hmac-sha384-192:normal
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.42.1
+                NAME 'krbDefaultEncSaltTypes'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##### Holds the Supported encryption/salt type combinations of principals for
+##### the Realm. Stores in the form of key:salt strings.
+##### The supported encryption types are mentioned in RFC 3961
+##### The supported salt types are,
+##### NORMAL          
+##### V4              
+##### NOREALM         
+##### ONLYREALM       
+##### SPECIAL         
+##### AFS3            
+##### Example: aes256-cts-hmac-sha384-192:normal
+#####
+##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
+##### attributes.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.43.1
+                NAME 'krbSupportedEncSaltTypes'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##### This attribute holds the principal's old keys (krbPwdHistory) that is encrypted with
+##### the kadmin/history key.
+##### The attribute is ASN.1 encoded.
+#####
+##### The format of the value for this attribute is explained below,
+##### KrbKeySet ::= SEQUENCE {
+##### attribute-major-vno       [0] UInt16,
+##### attribute-minor-vno       [1] UInt16,
+##### kvno                      [2] UInt32,
+##### mkvno                     [3] UInt32 OPTIONAL -- actually kadmin/history key,
+##### keys                      [4] SEQUENCE OF KrbKey,
+##### ...
+##### }
+#####
+##### KrbKey ::= SEQUENCE {
+##### salt      [0] KrbSalt OPTIONAL,
+##### key       [1] EncryptionKey,
+##### s2kparams [2] OCTET STRING OPTIONAL,
+##### ...
+##### }
+#####
+##### KrbSalt ::= SEQUENCE {
+##### type      [0] Int32,
+##### salt      [1] OCTET STRING OPTIONAL
+##### }
+#####
+##### EncryptionKey ::= SEQUENCE {
+##### keytype   [0] Int32,
+##### keyvalue  [1] OCTET STRING
+##### }
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.44.1
+                NAME 'krbPwdHistory'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+
+##### The time at which the principal's password last password change happened.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.45.1
+                NAME 'krbLastPwdChange'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE )
+
+##### The time at which the principal was last administratively unlocked.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.5322.21.2.5
+                NAME 'krbLastAdminUnlock'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE )
+
+##### This attribute holds the kerberos master key.
+##### This can be used to encrypt principal keys. 
+##### This attribute has to be secured in directory.
+#####
+##### This attribute is ASN.1 encoded.
+##### The format of the value for this attribute is explained below,
+##### KrbMKey ::= SEQUENCE {
+##### kvno    [0] UInt32,
+##### key     [1] MasterKey
+##### }
+#####
+##### MasterKey ::= SEQUENCE {
+##### keytype         [0] Int32,
+##### keyvalue        [1] OCTET STRING
+##### }
+
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.46.1
+                NAME 'krbMKey'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+
+##### This stores the alternate principal names for the principal in the RFC 1961 specified format
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.47.1
+                NAME 'krbPrincipalAliases'
+                EQUALITY caseExactIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+
+##### The time at which the principal's last successful authentication happened.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.48.1
+                NAME 'krbLastSuccessfulAuth'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE )
+
+
+##### The time at which the principal's last failed authentication happened.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.49.1
+                NAME 'krbLastFailedAuth'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE )
+
+
+##### This attribute stores the number of failed authentication attempts
+##### happened for the principal since the last successful authentication.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.50.1
+                NAME 'krbLoginFailedCount' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE )
+
+
+
+##### This attribute holds the application specific data.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.51.1
+                NAME 'krbExtraData'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+
+##### This attributes holds references to the set of directory objects.
+##### This stores the DNs of the directory objects to which the 
+##### principal object belongs to.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.52.1
+                NAME 'krbObjectReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### This attribute holds references to a Container object where 
+##### the additional principal objects and stand alone principal 
+##### objects (krbPrincipal) can be created.
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113719.1.301.4.53.1
+                NAME 'krbPrincContainerRef'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+
+##### A list of authentication indicator strings, one of which must be satisfied
+##### to authenticate to the principal as a service.
+##### FreeIPA OID:
+#####  joint-iso-ccitt(3) country(16) us(840) organization(1) netscape(113730)
+#####  ldap(3) freeipa(8) krb5(15) attributes(2)
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 2.16.840.1.113730.3.8.15.2.1
+                NAME 'krbPrincipalAuthInd'
+                EQUALITY caseExactMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+
+##### A list of services to which a service principal can delegate.
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.5322.21.2.4
+                NAME 'krbAllowedToDelegateTo'
+                EQUALITY caseExactIA5Match
+                SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+########################################################################
+########################################################################
+#                       Object Class Definitions                       #
+########################################################################
+
+#### This is a kerberos container for all the realms in a tree.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.1.1
+                NAME 'krbContainer'
+                SUP top
+                MUST ( cn ) )
+
+
+##### The krbRealmContainer is created per realm and holds realm specific data.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.2.1
+                NAME 'krbRealmContainer'
+                SUP top
+                MUST ( cn )
+                MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $krbPwdPolicyReference $ krbPrincContainerRef ) )
+
+
+##### An instance of a class derived from krbService is created per
+##### kerberos authentication or administration server in an realm and holds
+##### references to the realm objects. These references is used to further read
+##### realm specific data to service AS/TGS requests. Additionally this object
+##### contains some server specific data like pathnames and ports that the
+##### server uses. This is the identity the kerberos server logs in with. A key
+##### pair for the same is created and the kerberos server logs in with the same.
+#####
+##### krbKdcService, krbAdmService and krbPwdService derive from this class.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.3.1
+                NAME 'krbService'
+                ABSTRACT
+                SUP ( top )
+                MUST ( cn )
+                MAY ( krbHostServer $ krbRealmReferences ) )
+
+
+##### Representative object for the KDC server to bind into a LDAP directory
+##### and have a connection to access Kerberos data with the required 
+##### access rights.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.4.1
+                NAME 'krbKdcService'
+                SUP ( krbService ) )
+
+
+##### Representative object for the Kerberos Password server to bind into a LDAP directory
+##### and have a connection to access Kerberos data with the required
+##### access rights.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.5.1
+                NAME 'krbPwdService'
+                SUP ( krbService ) )
+
+
+###### The principal data auxiliary class. Holds principal information
+###### and is used to store principal information for Person, Service objects.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.8.1
+                NAME 'krbPrincipalAux'
+                AUXILIARY
+                MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbLastAdminUnlock $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo $ krbPrincipalAuthInd ) )
+
+
+###### This class is used to create additional principals and stand alone principals.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.9.1
+                NAME 'krbPrincipal'
+                SUP ( top )
+                MUST ( krbPrincipalName )
+                MAY ( krbObjectReferences ) )
+
+
+###### The principal references auxiliary class. Holds all principals referred
+###### from a service
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.11.1
+                NAME 'krbPrincRefAux'
+                SUP top
+                AUXILIARY
+                MAY krbPrincipalReferences )
+
+
+##### Representative object for the Kerberos Administration server to bind into a LDAP directory
+##### and have a connection Id to access Kerberos data with the required access rights.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.13.1
+                NAME 'krbAdmService'
+                SUP ( krbService ) )
+
+
+##### The krbPwdPolicy object is a template password policy that 
+##### can be applied to principals when they are created. 
+##### These policy attributes will be in effect, when the Kerberos
+##### passwords are different from users' passwords (UP).
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.14.1
+                NAME 'krbPwdPolicy' 
+                SUP top
+                MUST ( cn )
+                MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) )
+
+
+##### The krbTicketPolicyAux holds Kerberos ticket policy attributes.
+##### This class can be attached to a principal object or realm object.
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.16.1
+                NAME 'krbTicketPolicyAux'
+                AUXILIARY
+                MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) )
+
+
+##### The krbTicketPolicy object is an effective ticket policy that is associated with a realm or a principal
+
+dn: cn=schema
+changetype: modify
+add: objectclasses
+objectClasses: ( 2.16.840.1.113719.1.301.6.17.1
+                NAME 'krbTicketPolicy'
+                SUP top
+                MUST ( cn ) )
+
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif
new file mode 100644
index 00000000..830277d7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif
@@ -0,0 +1,68 @@
+# This LDIF version of the Kerberos schema can be loaded into an
+# OpenLDAP database.  It was originally converted semi-automatically
+# from kerberos.schema using slaptest.
+
+dn: cn=kerberos,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: kerberos
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.1.1 NAME 'krbPrincipalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.1 NAME 'krbCanonicalName' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.3.1 NAME 'krbPrincipalType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.5.1 NAME 'krbUPEnabled' DESC 'Boolean' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.6.1 NAME 'krbPrincipalExpiration' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.8.1 NAME 'krbTicketFlags' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.9.1 NAME 'krbMaxTicketLife' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.10.1 NAME 'krbMaxRenewableAge' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.14.1 NAME 'krbRealmReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.15.1 NAME 'krbLdapServers' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.17.1 NAME 'krbKdcServers' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.18.1 NAME 'krbPwdServers' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.24.1 NAME 'krbHostServer' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.25.1 NAME 'krbSearchScope' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.26.1 NAME 'krbPrincipalReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.28.1 NAME 'krbPrincNamingAttr' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.29.1 NAME 'krbAdmServers' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.30.1 NAME 'krbMaxPwdLife' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.31.1 NAME 'krbMinPwdLife' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.32.1 NAME 'krbPwdMinDiffChars' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.33.1 NAME 'krbPwdMinLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.34.1 NAME 'krbPwdHistoryLength' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.5322.21.2.1 NAME 'krbPwdMaxFailure' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.5322.21.2.2 NAME 'krbPwdFailureCountInterval' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.5322.21.2.3 NAME 'krbPwdLockoutDuration' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.2 NAME 'krbPwdAttributes' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.3 NAME 'krbPwdMaxLife' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.4 NAME 'krbPwdMaxRenewableLife' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 1.2.840.113554.1.4.1.6.5 NAME 'krbPwdAllowedKeysalts' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.36.1 NAME 'krbPwdPolicyReference' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.37.1 NAME 'krbPasswordExpiration' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.39.1 NAME 'krbPrincipalKey' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.40.1 NAME 'krbTicketPolicyReference' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.41.1 NAME 'krbSubTrees' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.42.1 NAME 'krbDefaultEncSaltTypes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.43.1 NAME 'krbSupportedEncSaltTypes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.44.1 NAME 'krbPwdHistory' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.45.1 NAME 'krbLastPwdChange' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.5322.21.2.5 NAME 'krbLastAdminUnlock' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.46.1 NAME 'krbMKey' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.47.1 NAME 'krbPrincipalAliases' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.48.1 NAME 'krbLastSuccessfulAuth' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.49.1 NAME 'krbLastFailedAuth' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.50.1 NAME 'krbLoginFailedCount' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.51.1 NAME 'krbExtraData' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.52.1 NAME 'krbObjectReferences' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113719.1.301.4.53.1 NAME 'krbPrincContainerRef' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 2.16.840.1.113730.3.8.15.2.1 NAME 'krbPrincipalAuthInd' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 1.3.6.1.4.1.5322.21.2.4 NAME 'krbAllowedToDelegateTo' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.1.1 NAME 'krbContainer' SUP top STRUCTURAL MUST cn )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.2.1 NAME 'krbRealmContainer' SUP top STRUCTURAL MUST cn MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.3.1 NAME 'krbService' SUP top ABSTRACT MUST cn MAY ( krbHostServer $ krbRealmReferences ) )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.4.1 NAME 'krbKdcService' SUP krbService STRUCTURAL )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.5.1 NAME 'krbPwdService' SUP krbService STRUCTURAL )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.8.1 NAME 'krbPrincipalAux' SUP top AUXILIARY MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbLastAdminUnlock $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo $ krbPrincipalAuthInd ) )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.9.1 NAME 'krbPrincipal' SUP top STRUCTURAL MUST krbPrincipalName MAY krbObjectReferences )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.11.1 NAME 'krbPrincRefAux' SUP top AUXILIARY MAY krbPrincipalReferences )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.13.1 NAME 'krbAdmService' SUP krbService STRUCTURAL )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.14.1 NAME 'krbPwdPolicy' SUP top STRUCTURAL MUST cn MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.16.1 NAME 'krbTicketPolicyAux' SUP top AUXILIARY MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) )
+olcObjectClasses: ( 2.16.840.1.113719.1.301.6.17.1 NAME 'krbTicketPolicy' SUP top STRUCTURAL MUST cn )
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
new file mode 100644
index 00000000..171f6692
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
@@ -0,0 +1,726 @@
+# Novell Kerberos Schema Definitions
+# Novell Inc.
+# 1800 South Novell Place
+# Provo, UT 84606
+#
+# VeRsIoN=1.0
+# CoPyRiGhT=(c) Copyright 2006, Novell, Inc.  All rights reserved
+#
+# OIDs:
+#    joint-iso-ccitt(2)
+#      country(16)
+#        us(840)
+#          organization(1)
+#            Novell(113719)
+#              applications(1)
+#                kerberos(301)
+#                 Kerberos Attribute Type(4) attr# version#
+#                    specific attribute definitions
+#                 Kerberos Attribute Syntax(5)
+#                    specific syntax definitions
+#                 Kerberos Object Class(6) class# version#
+#                    specific class definitions
+#
+#    iso(1)
+#      member-body(2)
+#        United States(840)
+#          mit (113554)
+#            infosys(1)
+#              ldap(4)
+#                attributeTypes(1)
+#                  Kerberos(6)
+
+########################################################################
+
+
+########################################################################
+#                     Attribute Type Definitions                       #
+########################################################################
+
+##### This is the principal name in the RFC 1964 specified format
+
+attributetype ( 2.16.840.1.113719.1.301.4.1.1
+                NAME 'krbPrincipalName'
+                EQUALITY caseExactIA5Match
+                SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+##### If there are multiple krbPrincipalName values for an entry, this
+##### is the canonical principal name in the RFC 1964 specified
+##### format.  (If this attribute does not exist, then all
+##### krbPrincipalName values are treated as canonical.)
+
+attributetype ( 1.2.840.113554.1.4.1.6.1
+                NAME 'krbCanonicalName'
+                EQUALITY caseExactIA5Match
+                SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+                SINGLE-VALUE)
+
+##### This specifies the type of the principal, the types could be any of
+##### the types mentioned in section 6.2 of RFC 4120
+
+attributetype ( 2.16.840.1.113719.1.301.4.3.1
+                NAME 'krbPrincipalType'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### This flag is used to find whether directory User Password has to be used
+##### as kerberos password.
+##### TRUE, if User Password is to be used as the kerberos password.
+##### FALSE, if User Password and the kerberos password are different.
+
+attributetype ( 2.16.840.1.113719.1.301.4.5.1
+                NAME 'krbUPEnabled'
+                DESC 'Boolean'
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+                SINGLE-VALUE)
+
+
+##### The time at which the principal expires
+
+attributetype ( 2.16.840.1.113719.1.301.4.6.1
+                NAME 'krbPrincipalExpiration'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+
+
+##### The krbTicketFlags attribute holds information about the kerberos flags for a principal
+##### The values (0x00000001 - 0x00800000) are reserved for standards and 
+##### values (0x01000000 - 0x80000000) can be used for proprietary extensions.
+##### The flags and values as per RFC 4120 and MIT implementation are,
+##### DISALLOW_POSTDATED        0x00000001
+##### DISALLOW_FORWARDABLE      0x00000002
+##### DISALLOW_TGT_BASED        0x00000004
+##### DISALLOW_RENEWABLE        0x00000008
+##### DISALLOW_PROXIABLE        0x00000010
+##### DISALLOW_DUP_SKEY         0x00000020
+##### DISALLOW_ALL_TIX          0x00000040
+##### REQUIRES_PRE_AUTH         0x00000080
+##### REQUIRES_HW_AUTH          0x00000100
+##### REQUIRES_PWCHANGE         0x00000200
+##### DISALLOW_SVR              0x00001000
+##### PWCHANGE_SERVICE          0x00002000
+
+
+attributetype ( 2.16.840.1.113719.1.301.4.8.1
+                NAME 'krbTicketFlags'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### The maximum ticket lifetime for a principal in seconds
+
+attributetype ( 2.16.840.1.113719.1.301.4.9.1
+                NAME 'krbMaxTicketLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Maximum renewable lifetime for a principal's ticket in seconds
+
+attributetype ( 2.16.840.1.113719.1.301.4.10.1
+                NAME 'krbMaxRenewableAge'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Forward reference to the Realm object.
+##### (FDN of the krbRealmContainer object).
+##### Example:   cn=ACME.COM, cn=Kerberos, cn=Security
+
+attributetype ( 2.16.840.1.113719.1.301.4.14.1
+                NAME 'krbRealmReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### List of LDAP servers that kerberos servers can contact.
+##### The attribute holds data in the ldap uri format,
+##### Examples: acme.com#636, 164.164.164.164#1636, ldaps://acme.com:636
+#####
+##### The values of this attribute need to be updated, when
+##### the LDAP servers listed here are renamed, moved or deleted.
+
+attributetype ( 2.16.840.1.113719.1.301.4.15.1
+                NAME 'krbLdapServers'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+
+##### A set of forward references to the KDC Service objects.
+##### (FDNs of the krbKdcService objects).
+##### Example:   cn=kdc - server 1, ou=uvw, o=xyz
+
+attributetype ( 2.16.840.1.113719.1.301.4.17.1
+                NAME 'krbKdcServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### A set of forward references to the Password Service objects.
+##### (FDNs of the krbPwdService objects).
+##### Example:   cn=kpasswdd - server 1, ou=uvw, o=xyz
+
+attributetype ( 2.16.840.1.113719.1.301.4.18.1
+                NAME 'krbPwdServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### This attribute holds the Host Name or the ip address, 
+##### transport protocol and ports of the kerberos service host
+##### The format is host_name-or-ip_address#protocol#port
+##### Protocol can be 0 or 1. 0 is for UDP. 1 is for TCP.
+
+attributetype ( 2.16.840.1.113719.1.301.4.24.1
+                NAME 'krbHostServer'
+                EQUALITY caseExactIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+
+##### This attribute holds the scope for searching the principals
+##### under krbSubTree attribute of krbRealmContainer
+##### The value can either be 1 (ONE) or 2 (SUB_TREE).
+
+attributetype ( 2.16.840.1.113719.1.301.4.25.1
+                NAME 'krbSearchScope'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### FDNs pointing to Kerberos principals
+
+attributetype ( 2.16.840.1.113719.1.301.4.26.1
+                NAME 'krbPrincipalReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### This attribute specifies which attribute of the user objects  
+##### be used as the principal name component for Kerberos.
+##### The allowed values are cn, sn, uid, givenname, fullname.
+
+attributetype ( 2.16.840.1.113719.1.301.4.28.1
+                NAME 'krbPrincNamingAttr'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+                SINGLE-VALUE)
+
+
+##### A set of forward references to the Administration Service objects.
+##### (FDNs of the krbAdmService objects).
+##### Example:   cn=kadmindd - server 1, ou=uvw, o=xyz
+
+attributetype ( 2.16.840.1.113719.1.301.4.29.1
+                NAME 'krbAdmServers'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### Maximum lifetime of a principal's password
+
+attributetype ( 2.16.840.1.113719.1.301.4.30.1
+                NAME 'krbMaxPwdLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+
+
+##### Minimum lifetime of a principal's password
+
+attributetype ( 2.16.840.1.113719.1.301.4.31.1
+                NAME 'krbMinPwdLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+
+
+##### Minimum number of character clases allowed in a password
+
+attributetype ( 2.16.840.1.113719.1.301.4.32.1
+                NAME 'krbPwdMinDiffChars' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+
+
+##### Minimum length of the password
+
+attributetype ( 2.16.840.1.113719.1.301.4.33.1
+                NAME 'krbPwdMinLength' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+
+
+##### Number of previous versions of passwords that are stored
+
+attributetype ( 2.16.840.1.113719.1.301.4.34.1
+                NAME 'krbPwdHistoryLength' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+
+
+##### Number of consecutive pre-authentication failures before lockout
+
+attributetype ( 1.3.6.1.4.1.5322.21.2.1
+                NAME 'krbPwdMaxFailure' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Period after which bad preauthentication count will be reset
+
+attributetype ( 1.3.6.1.4.1.5322.21.2.2
+                NAME 'krbPwdFailureCountInterval' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Period in which lockout is enforced
+
+attributetype ( 1.3.6.1.4.1.5322.21.2.3
+                NAME 'krbPwdLockoutDuration' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Policy attribute flags
+
+attributetype ( 1.2.840.113554.1.4.1.6.2
+                NAME 'krbPwdAttributes'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Policy maximum ticket lifetime
+
+attributetype ( 1.2.840.113554.1.4.1.6.3
+                NAME 'krbPwdMaxLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Policy maximum ticket renewable lifetime
+
+attributetype ( 1.2.840.113554.1.4.1.6.4
+                NAME 'krbPwdMaxRenewableLife'
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+                SINGLE-VALUE)
+
+
+##### Allowed enctype:salttype combinations for key changes
+
+attributetype ( 1.2.840.113554.1.4.1.6.5
+                NAME 'krbPwdAllowedKeysalts'
+                EQUALITY caseIgnoreIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+                SINGLE-VALUE)
+
+
+##### FDN pointing to a Kerberos Password Policy object
+
+attributetype ( 2.16.840.1.113719.1.301.4.36.1
+                NAME 'krbPwdPolicyReference'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+                SINGLE-VALUE)
+
+
+##### The time at which the principal's password expires
+
+attributetype ( 2.16.840.1.113719.1.301.4.37.1
+                NAME 'krbPasswordExpiration'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+
+
+##### This attribute holds the principal's key (krbPrincipalKey) that is encrypted with
+##### the master key (krbMKey). 
+##### The attribute is ASN.1 encoded.
+#####
+##### The format of the value for this attribute is explained below,
+##### KrbKeySet ::= SEQUENCE {
+##### attribute-major-vno       [0] UInt16,
+##### attribute-minor-vno       [1] UInt16,
+##### kvno                      [2] UInt32,
+##### mkvno                     [3] UInt32 OPTIONAL,
+##### keys                      [4] SEQUENCE OF KrbKey,
+##### ...
+##### }
+#####
+##### KrbKey ::= SEQUENCE {
+##### salt      [0] KrbSalt OPTIONAL,
+##### key       [1] EncryptionKey,
+##### s2kparams [2] OCTET STRING OPTIONAL,
+##### ...
+##### }
+#####
+##### KrbSalt ::= SEQUENCE {
+##### type      [0] Int32,
+##### salt      [1] OCTET STRING OPTIONAL
+##### }
+#####
+##### EncryptionKey ::= SEQUENCE {
+##### keytype   [0] Int32,
+##### keyvalue  [1] OCTET STRING
+##### }
+
+attributetype ( 2.16.840.1.113719.1.301.4.39.1
+                NAME 'krbPrincipalKey'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+
+##### FDN pointing to a Kerberos Ticket Policy object.
+
+attributetype ( 2.16.840.1.113719.1.301.4.40.1
+                NAME 'krbTicketPolicyReference'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+                SINGLE-VALUE)
+
+
+##### Forward reference to an entry that starts sub-trees
+##### where principals and other kerberos objects in the realm are configured.
+##### Example:   ou=acme, ou=pq, o=xyz
+
+attributetype ( 2.16.840.1.113719.1.301.4.41.1
+                NAME 'krbSubTrees'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### Holds the default encryption/salt type combinations of principals for
+##### the Realm. Stores in the form of key:salt strings. This will be
+##### subset of the supported encryption/salt types.
+##### Example: aes256-cts-hmac-sha384-192:normal
+
+attributetype ( 2.16.840.1.113719.1.301.4.42.1
+                NAME 'krbDefaultEncSaltTypes'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+
+##### Holds the supported encryption/salt type combinations of principals for
+##### the Realm. Stores in the form of key:salt strings.
+##### The supported encryption types are mentioned in RFC 3961
+##### The supported salt types are,
+##### NORMAL          
+##### V4              
+##### NOREALM         
+##### ONLYREALM       
+##### SPECIAL         
+##### AFS3            
+##### Example: aes256-cts-hmac-sha384-192:normal
+
+attributetype ( 2.16.840.1.113719.1.301.4.43.1
+                NAME 'krbSupportedEncSaltTypes'
+                EQUALITY caseIgnoreMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+
+##### This attribute holds the principal's old keys (krbPwdHistory) that is encrypted with
+##### the kadmin/history key.
+##### The attribute is ASN.1 encoded.
+#####
+##### The format of the value for this attribute is explained below,
+##### KrbKeySet ::= SEQUENCE {
+##### attribute-major-vno       [0] UInt16,
+##### attribute-minor-vno       [1] UInt16,
+##### kvno                      [2] UInt32,
+##### mkvno                     [3] UInt32 OPTIONAL -- actually kadmin/history key,
+##### keys                      [4] SEQUENCE OF KrbKey,
+##### ...
+##### }
+#####
+##### KrbKey ::= SEQUENCE {
+##### salt      [0] KrbSalt OPTIONAL,
+##### key       [1] EncryptionKey,
+##### s2kparams [2] OCTET STRING OPTIONAL,
+##### ...
+##### }
+#####
+##### KrbSalt ::= SEQUENCE {
+##### type      [0] Int32,
+##### salt      [1] OCTET STRING OPTIONAL
+##### }
+#####
+##### EncryptionKey ::= SEQUENCE {
+##### keytype   [0] Int32,
+##### keyvalue  [1] OCTET STRING
+##### }
+
+attributetype ( 2.16.840.1.113719.1.301.4.44.1
+                NAME 'krbPwdHistory'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+
+##### The time at which the principal's password last password change happened.
+
+attributetype ( 2.16.840.1.113719.1.301.4.45.1
+                NAME 'krbLastPwdChange'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+
+##### The time at which the principal was last administratively unlocked.
+
+attributetype ( 1.3.6.1.4.1.5322.21.2.5
+                NAME 'krbLastAdminUnlock'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+
+##### This attribute holds the kerberos master key.
+##### This can be used to encrypt principal keys. 
+##### This attribute has to be secured in directory.
+#####
+##### This attribute is ASN.1 encoded.
+##### The format of the value for this attribute is explained below,
+##### KrbMKey ::= SEQUENCE {
+##### kvno    [0] UInt32,
+##### key     [1] MasterKey
+##### }
+#####
+##### MasterKey ::= SEQUENCE {
+##### keytype         [0] Int32,
+##### keyvalue        [1] OCTET STRING
+##### }
+
+
+attributetype ( 2.16.840.1.113719.1.301.4.46.1
+                NAME 'krbMKey'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+
+##### This stores the alternate principal names for the principal in the RFC 1964 specified format
+
+attributetype ( 2.16.840.1.113719.1.301.4.47.1
+                NAME 'krbPrincipalAliases'
+                EQUALITY caseExactIA5Match
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+
+##### The time at which the principal's last successful authentication happened.
+
+attributetype ( 2.16.840.1.113719.1.301.4.48.1
+                NAME 'krbLastSuccessfulAuth'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+
+
+##### The time at which the principal's last failed authentication happened.
+
+attributetype ( 2.16.840.1.113719.1.301.4.49.1
+                NAME 'krbLastFailedAuth'
+                EQUALITY generalizedTimeMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+                SINGLE-VALUE)
+
+
+##### This attribute stores the number of failed authentication attempts
+##### happened for the principal since the last successful authentication.
+
+attributetype ( 2.16.840.1.113719.1.301.4.50.1
+                NAME 'krbLoginFailedCount' 
+                EQUALITY integerMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+                SINGLE-VALUE)
+
+
+
+##### This attribute holds the application specific data.
+
+attributetype ( 2.16.840.1.113719.1.301.4.51.1
+                NAME 'krbExtraData'
+                EQUALITY octetStringMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+
+##### This attributes holds references to the set of directory objects.
+##### This stores the DNs of the directory objects to which the 
+##### principal object belongs to.
+
+attributetype ( 2.16.840.1.113719.1.301.4.52.1
+                NAME 'krbObjectReferences'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### This attribute holds references to a Container object where 
+##### the additional principal objects and stand alone principal 
+##### objects (krbPrincipal) can be created.
+
+attributetype ( 2.16.840.1.113719.1.301.4.53.1
+                NAME 'krbPrincContainerRef'
+                EQUALITY distinguishedNameMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+
+##### A list of authentication indicator strings, one of which must be satisfied
+##### to authenticate to the principal as a service.
+##### FreeIPA OID:
+#####  joint-iso-ccitt(3) country(16) us(840) organization(1) netscape(113730)
+#####  ldap(3) freeipa(8) krb5(15) attributes(2)
+attributetype ( 2.16.840.1.113730.3.8.15.2.1
+                NAME 'krbPrincipalAuthInd'
+                EQUALITY caseExactMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+
+##### A list of services to which a service principal can delegate.
+attributetype ( 1.3.6.1.4.1.5322.21.2.4
+                NAME 'krbAllowedToDelegateTo'
+                EQUALITY caseExactIA5Match
+                SUBSTR caseExactSubstringsMatch
+                SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+########################################################################
+########################################################################
+#                       Object Class Definitions                       #
+########################################################################
+
+#### This is a kerberos container for all the realms in a tree.
+
+objectclass ( 2.16.840.1.113719.1.301.6.1.1
+                NAME 'krbContainer'
+                SUP top
+                STRUCTURAL
+                MUST ( cn ) )
+
+
+##### The krbRealmContainer is created per realm and holds realm specific data.
+
+objectclass ( 2.16.840.1.113719.1.301.6.2.1
+                NAME 'krbRealmContainer'
+                SUP top
+                STRUCTURAL
+                MUST ( cn )
+                MAY ( krbMKey $ krbUPEnabled $ krbSubTrees $ krbSearchScope $ krbLdapServers $ krbSupportedEncSaltTypes $ krbDefaultEncSaltTypes $ krbTicketPolicyReference $ krbKdcServers $ krbPwdServers $ krbAdmServers $ krbPrincNamingAttr $ krbPwdPolicyReference $ krbPrincContainerRef ) )
+
+
+##### An instance of a class derived from krbService is created per
+##### kerberos authentication or administration server in an realm and holds
+##### references to the realm objects. These references is used to further read
+##### realm specific data to service AS/TGS requests. Additionally this object
+##### contains some server specific data like pathnames and ports that the
+##### server uses. This is the identity the kerberos server logs in with. A key
+##### pair for the same is created and the kerberos server logs in with the same.
+#####
+##### krbKdcService, krbAdmService and krbPwdService derive from this class.
+
+objectclass ( 2.16.840.1.113719.1.301.6.3.1
+                NAME 'krbService'
+                SUP top
+                ABSTRACT
+                MUST ( cn )
+                MAY ( krbHostServer $ krbRealmReferences ) )
+
+
+##### Representative object for the KDC server to bind into a LDAP directory
+##### and have a connection to access Kerberos data with the required 
+##### access rights.
+
+objectclass ( 2.16.840.1.113719.1.301.6.4.1
+                NAME 'krbKdcService'
+                SUP krbService
+                STRUCTURAL )
+
+
+##### Representative object for the Kerberos Password server to bind into a LDAP directory
+##### and have a connection to access Kerberos data with the required
+##### access rights.
+
+objectclass ( 2.16.840.1.113719.1.301.6.5.1
+                NAME 'krbPwdService'
+                SUP krbService
+                STRUCTURAL )
+
+
+###### The principal data auxiliary class. Holds principal information
+###### and is used to store principal information for Person, Service objects.
+
+objectclass ( 2.16.840.1.113719.1.301.6.8.1
+                NAME 'krbPrincipalAux'
+                SUP top
+                AUXILIARY
+                MAY ( krbPrincipalName $ krbCanonicalName $ krbUPEnabled $ krbPrincipalKey $ krbTicketPolicyReference $ krbPrincipalExpiration $ krbPasswordExpiration $ krbPwdPolicyReference $ krbPrincipalType $ krbPwdHistory $ krbLastPwdChange $ krbLastAdminUnlock $ krbPrincipalAliases $ krbLastSuccessfulAuth $ krbLastFailedAuth $ krbLoginFailedCount $ krbExtraData $ krbAllowedToDelegateTo $ krbPrincipalAuthInd ) )
+
+
+###### This class is used to create additional principals and stand alone principals.
+
+objectclass ( 2.16.840.1.113719.1.301.6.9.1
+                NAME 'krbPrincipal'
+                SUP top
+                MUST ( krbPrincipalName )
+                MAY ( krbObjectReferences ) )
+
+
+###### The principal references auxiliary class. Holds all principals referred
+###### from a service
+
+objectclass ( 2.16.840.1.113719.1.301.6.11.1
+                NAME 'krbPrincRefAux'
+                SUP top
+                AUXILIARY
+                MAY krbPrincipalReferences )
+
+
+##### Representative object for the Kerberos Administration server to bind into a LDAP directory
+##### and have a connection Id to access Kerberos data with the required access rights.
+
+objectclass ( 2.16.840.1.113719.1.301.6.13.1
+                NAME 'krbAdmService'
+                SUP krbService 
+                STRUCTURAL )
+
+
+##### The krbPwdPolicy object is a template password policy that 
+##### can be applied to principals when they are created. 
+##### These policy attributes will be in effect, when the Kerberos
+##### passwords are different from users' passwords (UP).
+
+objectclass ( 2.16.840.1.113719.1.301.6.14.1
+                NAME 'krbPwdPolicy' 
+                SUP top
+                MUST ( cn )
+                MAY ( krbMaxPwdLife $ krbMinPwdLife $ krbPwdMinDiffChars $ krbPwdMinLength $ krbPwdHistoryLength $ krbPwdMaxFailure $ krbPwdFailureCountInterval $ krbPwdLockoutDuration $ krbPwdAttributes $ krbPwdMaxLife $ krbPwdMaxRenewableLife $ krbPwdAllowedKeysalts ) )
+
+
+##### The krbTicketPolicyAux holds Kerberos ticket policy attributes.
+##### This class can be attached to a principal object or realm object.
+
+objectclass ( 2.16.840.1.113719.1.301.6.16.1
+                NAME 'krbTicketPolicyAux'
+                SUP top
+                AUXILIARY
+                MAY ( krbTicketFlags $ krbMaxTicketLife $ krbMaxRenewableAge ) )
+
+
+##### The krbTicketPolicy object is an effective ticket policy that is associated with a realm or a principal
+
+objectclass ( 2.16.840.1.113719.1.301.6.17.1
+                NAME 'krbTicketPolicy'
+                SUP top
+                MUST ( cn ) )
+
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
new file mode 100644
index 00000000..2d660566
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
@@ -0,0 +1,125 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_create.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "ldap_main.h"
+#include "ldap_realm.h"
+#include "ldap_principal.h"
+#include "ldap_krbcontainer.h"
+#include "ldap_err.h"
+
+/*
+ * ******************************************************************************
+ * DAL functions
+ * ******************************************************************************
+ */
+
+/*
+ * This function will create a krbcontainer and realm on the LDAP Server, with
+ * the specified attributes.
+ */
+krb5_error_code
+krb5_ldap_create(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code status = 0;
+    krb5_ldap_realm_params *rparams = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    int mask = 0;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    ldap_context = k5alloc(sizeof(krb5_ldap_context), &status);
+    if (ldap_context == NULL)
+        goto cleanup;
+    context->dal_handle->db_context = ldap_context;
+    ldap_context->kcontext = context;
+
+    status = krb5_ldap_parse_db_params(context, db_args);
+    if (status) {
+        k5_prependmsg(context, status, _("Error processing LDAP DB params"));
+        goto cleanup;
+    }
+
+    status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN);
+    if (status) {
+        k5_prependmsg(context, status, _("Error reading LDAP server params"));
+        goto cleanup;
+    }
+    status = krb5_ldap_db_init(context, ldap_context);
+    if (status) {
+        goto cleanup;
+    }
+
+    /* read the kerberos container */
+    status = krb5_ldap_read_krbcontainer_dn(context,
+                                            &ldap_context->container_dn);
+    if (status)
+        goto cleanup;
+
+    status = krb5_ldap_create_krbcontainer(context,
+                                           ldap_context->container_dn);
+    if (status)
+        goto cleanup;
+
+    rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params));
+    if (rparams == NULL) {
+        status = ENOMEM;
+        goto cleanup;
+    }
+    memset(rparams, 0, sizeof(*rparams));
+    rparams->realm_name = strdup(context->default_realm);
+    if (rparams->realm_name == NULL) {
+        status = ENOMEM;
+        goto cleanup;
+    }
+
+    if ((status = krb5_ldap_create_realm(context, rparams, mask)))
+        goto cleanup;
+
+    /* verify realm object */
+    if ((status = krb5_ldap_read_realm_params(context,
+                                              rparams->realm_name,
+                                              &(ldap_context->lrparams),
+                                              &mask)))
+        goto cleanup;
+
+cleanup:
+    if (rparams)
+        krb5_ldap_free_realm_params(rparams);
+
+    if (status)
+        krb5_ldap_close(context);
+    return(status);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
new file mode 100644
index 00000000..16f9dccd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
@@ -0,0 +1,195 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <ldap.h>
+#include <errno.h>
+#include <krb5.h>
+#include "ldap_err.h"
+#ifndef LDAP_X_ERROR
+#define LDAP_X_ERROR(x) (0)
+#endif
+
+#ifndef LDAP_NAME_ERROR
+#ifdef NAME_ERROR
+#define LDAP_NAME_ERROR NAME_ERROR
+#else
+#define LDAP_NAME_ERROR(x) (0)
+#endif
+#endif
+
+#ifndef LDAP_SECURITY_ERROR
+#define LDAP_SECURITY_ERROR(x) (0)
+#endif
+
+#ifndef LDAP_SERVICE_ERROR
+#define LDAP_SERVICE_ERROR(x) (0)
+#endif
+
+#ifndef LDAP_API_ERROR
+#define LDAP_API_ERROR(x) (0)
+#endif
+
+#ifndef LDAP_UPDATE_ERROR
+#define LDAP_UPDATE_ERROR(x) (0)
+#endif
+
+/*
+ * The possible KDB errors are
+ * 1. KRB5_KDB_UK_RERROR
+ * 2. KRB5_KDB_UK_SERROR
+ * 3. KRB5_KDB_NOENTRY
+ * 4. KRB5_KDB_TRUNCATED_RECORD
+ * 5. KRB5_KDB_UNAUTH
+ * 6. KRB5_KDB_DB_CORRUPT
+ * 7. KRB5_KDB_ACCESS_ERROR             (NEW)
+ * 8. KRB5_KDB_INTERNAL_ERROR           (NEW)
+ * 9. KRB5_KDB_SERVER_INTERNAL_ERR      (NEW)
+ * 10. KRB5_KDB_CONSTRAINT_VIOLATION    (NEW)
+ *
+ */
+
+/*
+ * op :
+ *  0          => not specified
+ *  OP_INIT    => ldap_init
+ *  OP_BIND    => ldap_bind
+ *  OP_UNBIND  => ldap_unbind
+ *  OP_ADD     => ldap_add
+ *  OP_MOD     => ldap_modify
+ *  OP_DEL     => ldap_delete
+ *  OP_SEARCH  => ldap_search
+ *  OP_CMP     => ldap_compare
+ *  OP_ABANDON => ldap_abandon
+ */
+
+int
+translate_ldap_error(int err, int op) {
+
+    switch (err) {
+    case LDAP_SUCCESS:
+        return 0;
+
+    case LDAP_OPERATIONS_ERROR:
+        /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
+         * unable to respond with a more specific error and is also unable
+         * to properly respond to a request */
+    case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
+        /* LDAP server was unable to satisfy a request because one or more
+         * critical extensions were not available */
+        /* This might mean that the schema was not extended ... */
+    case LDAP_UNDEFINED_TYPE:
+        /* The attribute specified in the modify or add operation does not
+         * exist in the LDAP server's schema. */
+        return KRB5_KDB_INTERNAL_ERROR;
+
+
+    case LDAP_INAPPROPRIATE_MATCHING:
+        /* The matching rule specified in the search filter does not match a
+         * rule defined for the attribute's syntax */
+        return KRB5_KDB_UK_RERROR;
+
+    case LDAP_CONSTRAINT_VIOLATION:
+        /* The attribute value specified in a modify, add, or modify DN
+         * operation violates constraints placed on the attribute */
+    case LDAP_TYPE_OR_VALUE_EXISTS:
+        /* The attribute value specified in a modify or add operation
+         * already exists as a value for that attribute */
+        return KRB5_KDB_UK_SERROR;
+
+    case LDAP_INVALID_SYNTAX:
+        /* The attribute value specified in an add, compare, or modify
+         * operation is an unrecognized or invalid syntax for the attribute */
+        if (op == OP_ADD || op == OP_MOD)
+            return KRB5_KDB_UK_SERROR;
+        else /* OP_CMP */
+            return KRB5_KDB_UK_RERROR;
+
+        /* Ensure that the following don't occur in the DAL-LDAP code.
+         * Don't rely on the LDAP server to catch it */
+    case LDAP_SASL_BIND_IN_PROGRESS:
+        /* This is not an error. So, this function should not be called */
+    case LDAP_COMPARE_FALSE:
+    case LDAP_COMPARE_TRUE:
+        /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
+         * function should not be invoked for them */
+    case LDAP_RESULTS_TOO_LARGE: /* CLDAP */
+    case LDAP_TIMELIMIT_EXCEEDED:
+    case LDAP_SIZELIMIT_EXCEEDED:
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
+
+    case LDAP_INVALID_DN_SYNTAX:
+        /* The syntax of the DN is incorrect */
+        return EINVAL;
+
+    case LDAP_PROTOCOL_ERROR:
+        /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
+         * invalid or malformed request from the client */
+    case LDAP_CONFIDENTIALITY_REQUIRED:
+
+        /* Bind problems ... */
+    case LDAP_AUTH_METHOD_NOT_SUPPORTED:
+/*      case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */
+    case LDAP_INAPPROPRIATE_AUTH:
+    case LDAP_INVALID_CREDENTIALS:
+    case LDAP_UNAVAILABLE:
+        return KRB5_KDB_ACCESS_ERROR;
+
+    case LDAP_STRONG_AUTH_REQUIRED:
+        if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
+            return KRB5_KDB_ACCESS_ERROR;
+        else /* Client requested an operation such that requires strong authentication */
+            return KRB5_KDB_CONSTRAINT_VIOLATION;
+
+    case LDAP_REFERRAL:
+        return KRB5_KDB_NOENTRY;
+
+    case LDAP_ADMINLIMIT_EXCEEDED:
+        /* An LDAP server limit set by an administrative authority has been
+         * exceeded */
+        return KRB5_KDB_CONSTRAINT_VIOLATION;
+    case LDAP_UNWILLING_TO_PERFORM:
+        /* The LDAP server cannot process the request because of
+         * server-defined restrictions */
+        return KRB5_KDB_CONSTRAINT_VIOLATION;
+
+
+    case LDAP_NO_SUCH_ATTRIBUTE:
+        /* Indicates that the attribute specified in the modify or compare
+         * operation does not exist in the entry */
+        if (op == OP_MOD)
+            return KRB5_KDB_UK_SERROR;
+        else /* OP_CMP */
+            return KRB5_KDB_TRUNCATED_RECORD;
+
+
+    case LDAP_ALIAS_DEREF_PROBLEM:
+        /* Either the client does not have access rights to read the aliased
+         * object's name or dereferencing is not allowed */
+#ifdef LDAP_PROXY_AUTHZ_FAILURE
+    case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ?
+#endif
+    case LDAP_INSUFFICIENT_ACCESS:
+        /* Caller does not have sufficient rights to perform the requested
+         * operation */
+        return KRB5_KDB_UNAUTH;
+
+    case LDAP_LOOP_DETECT:
+        /* Client discovered an alias or referral loop */
+        return KRB5_KDB_DB_CORRUPT;
+
+    default:
+
+        if (LDAP_NAME_ERROR (err))
+            return KRB5_KDB_NOENTRY;
+
+        if (LDAP_SECURITY_ERROR (err))
+            return KRB5_KDB_UNAUTH;
+
+        if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
+            return KRB5_KDB_ACCESS_ERROR;
+
+        if (LDAP_UPDATE_ERROR(err))
+            return KRB5_KDB_UK_SERROR;
+
+        /* LDAP_OTHER */
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
+    }
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
new file mode 100644
index 00000000..1f866925
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
@@ -0,0 +1,13 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#define OP_INIT 1
+#define OP_BIND 2
+#define OP_UNBIND 3
+#define OP_ADD 4
+#define OP_MOD 5
+#define OP_DEL 6
+#define OP_SEARCH 7
+#define OP_CMP 8
+#define OP_ABANDON 9
+
+
+int translate_ldap_error(int err, int op);
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
new file mode 100644
index 00000000..49d684ec
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
@@ -0,0 +1,175 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_handle.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "ldap_main.h"
+
+/*
+ * Return ldap server handle from the pool. If the pool is exhausted return NULL.
+ * Do not lock the mutex, caller should lock it
+ */
+
+static krb5_ldap_server_handle *
+krb5_get_ldap_handle(krb5_ldap_context *ldap_context)
+{
+    krb5_ldap_server_handle    *ldap_server_handle=NULL;
+    krb5_ldap_server_info      *ldap_server_info=NULL;
+    int                        cnt=0;
+
+    while (ldap_context->server_info_list[cnt] != NULL) {
+        ldap_server_info = ldap_context->server_info_list[cnt];
+        if (ldap_server_info->server_status != OFF) {
+            if (ldap_server_info->ldap_server_handles != NULL) {
+                ldap_server_handle = ldap_server_info->ldap_server_handles;
+                ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+                break;
+            }
+        }
+        ++cnt;
+    }
+    return ldap_server_handle;
+}
+
+/*
+ * This is called in case krb5_get_ldap_handle returns NULL.
+ * Try getting a single connection (handle) and return the same by
+ * calling krb5_get_ldap_handle function.
+ * Do not lock the mutex here. The caller should lock it
+ */
+
+static krb5_ldap_server_handle *
+krb5_retry_get_ldap_handle(krb5_ldap_context *ldap_context,
+                           krb5_error_code *st)
+{
+    krb5_ldap_server_handle    *ldap_server_handle=NULL;
+
+    if ((*st=krb5_ldap_db_single_init(ldap_context)) != 0)
+        return NULL;
+
+    ldap_server_handle = krb5_get_ldap_handle(ldap_context);
+    return ldap_server_handle;
+}
+
+/*
+ * Put back the ldap server handle to the front of the list of handles of the
+ * ldap server info structure.
+ * Do not lock the mutex here. The caller should lock it.
+ */
+
+static krb5_error_code
+krb5_put_ldap_handle(krb5_ldap_server_handle *ldap_server_handle)
+{
+
+    if (ldap_server_handle == NULL)
+        return 0;
+
+    ldap_server_handle->next = ldap_server_handle->server_info->ldap_server_handles;
+    ldap_server_handle->server_info->ldap_server_handles = ldap_server_handle;
+    return 0;
+}
+
+/*
+ * Free up all the ldap server handles of the server info.
+ * This function is called when the ldap server returns LDAP_SERVER_DOWN.
+ */
+
+static krb5_error_code
+krb5_ldap_cleanup_handles(krb5_ldap_server_info *ldap_server_info)
+{
+    krb5_ldap_server_handle    *ldap_server_handle = NULL;
+
+    while (ldap_server_info->ldap_server_handles != NULL) {
+        ldap_server_handle = ldap_server_info->ldap_server_handles;
+        ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+        /* ldap_unbind_s(ldap_server_handle); */
+        free (ldap_server_handle);
+        ldap_server_handle = NULL;
+    }
+    return 0;
+}
+
+/*
+ * wrapper function called from outside to get a handle.
+ */
+
+krb5_error_code
+krb5_ldap_request_handle_from_pool(krb5_ldap_context *ldap_context,
+                                   krb5_ldap_server_handle **
+                                   ldap_server_handle)
+{
+    krb5_error_code            st=0;
+
+    *ldap_server_handle = NULL;
+
+    HNDL_LOCK(ldap_context);
+    if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
+        (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
+    HNDL_UNLOCK(ldap_context);
+    return st;
+}
+
+/*
+ * wrapper function wrapper called to get the next ldap server handle, when the current
+ * ldap server handle returns LDAP_SERVER_DOWN.
+ */
+
+krb5_error_code
+krb5_ldap_request_next_handle_from_pool(krb5_ldap_context *ldap_context,
+                                        krb5_ldap_server_handle **
+                                        ldap_server_handle)
+{
+    krb5_error_code            st=0;
+
+    HNDL_LOCK(ldap_context);
+    (*ldap_server_handle)->server_info->server_status = OFF;
+    time(&(*ldap_server_handle)->server_info->downtime);
+    krb5_put_ldap_handle(*ldap_server_handle);
+    krb5_ldap_cleanup_handles((*ldap_server_handle)->server_info);
+
+    if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
+        (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
+    HNDL_UNLOCK(ldap_context);
+    return st;
+}
+
+/*
+ * wrapper function to call krb5_put_ldap_handle.
+ */
+
+void
+krb5_ldap_put_handle_to_pool(krb5_ldap_context *ldap_context,
+                             krb5_ldap_server_handle *ldap_server_handle)
+{
+    if (ldap_server_handle != NULL) {
+        HNDL_LOCK(ldap_context);
+        krb5_put_ldap_handle(ldap_server_handle);
+        HNDL_UNLOCK(ldap_context);
+    }
+    return;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
new file mode 100644
index 00000000..f56dead3
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
@@ -0,0 +1,43 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_handle.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LDAP_HANDLE_H_
+#define _LDAP_HANDLE_H_
+
+krb5_error_code
+krb5_ldap_request_handle_from_pool(krb5_ldap_context *, krb5_ldap_server_handle **);
+
+krb5_error_code
+krb5_ldap_request_next_handle_from_pool(krb5_ldap_context *, krb5_ldap_server_handle **);
+
+void
+krb5_ldap_put_handle_to_pool(krb5_ldap_context *, krb5_ldap_server_handle *);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
new file mode 100644
index 00000000..a810e633
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
@@ -0,0 +1,84 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "ldap_main.h"
+#include "kdb_ldap.h"
+#include "ldap_err.h"
+
+/*
+ * Read the kerberos container location from krb5.conf.
+ */
+
+krb5_error_code
+krb5_ldap_read_krbcontainer_dn(krb5_context context, char **container_dn)
+{
+    krb5_error_code                 st=0;
+    char                            *dn=NULL;
+    kdb5_dal_handle                 *dal_handle=NULL;
+    krb5_ldap_context               *ldap_context=NULL;
+    krb5_ldap_server_handle         *ldap_server_handle=NULL;
+
+    *container_dn = NULL;
+    SETUP_CONTEXT();
+
+    /* read kerberos container location from [dbmodules] section of krb5.conf file */
+    if (ldap_context->conf_section) {
+        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
+                                   KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
+                                   &dn)) != 0) {
+            k5_setmsg(context, st, _("Error reading kerberos container "
+                                     "location from krb5.conf"));
+            goto cleanup;
+        }
+    }
+
+    /* read kerberos container location from [dbdefaults] section of krb5.conf file */
+    if (dn == NULL) {
+        if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                   KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
+                                   NULL, &dn)) != 0) {
+            k5_setmsg(context, st, _("Error reading kerberos container "
+                                     "location from krb5.conf"));
+            goto cleanup;
+        }
+    }
+
+    if (dn == NULL) {
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        k5_setmsg(context, st, _("Kerberos container location not specified"));
+        goto cleanup;
+    }
+
+    *container_dn = dn;
+
+cleanup:
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
new file mode 100644
index 00000000..549f8ce9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LDAP_KRBCONTAINER_H_
+#define _LDAP_KRBCONTAINER_H_ 1
+
+#define MAX_KRB_CONTAINER_LEN   256
+
+/* kerberos container structure */
+
+krb5_error_code
+krb5_ldap_read_krbcontainer_dn(krb5_context, char **);
+
+krb5_error_code
+krb5_ldap_create_krbcontainer(krb5_context, const char *);
+
+krb5_error_code
+krb5_ldap_delete_krbcontainer(krb5_context, const char *);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
new file mode 100644
index 00000000..722dd869
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
@@ -0,0 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_main.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LDAP_MAIN_H
+#define LDAP_MAIN_H 1
+
+#include "kdb_ldap.h"
+#include "ldap_misc.h"
+#include "ldap_handle.h"
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
new file mode 100644
index 00000000..b3bf1ba6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -0,0 +1,1701 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_misc.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+#include "kdb_ldap.h"
+#include "ldap_misc.h"
+#include "ldap_handle.h"
+#include "ldap_err.h"
+#include "ldap_principal.h"
+#include "princ_xdr.h"
+#include "ldap_pwd_policy.h"
+#include <time.h>
+#include <ctype.h>
+#include <kadm5/admin.h>
+
+#ifdef NEED_STRPTIME_PROTO
+extern char *strptime(const char *, const char *, struct tm *);
+#endif
+
+static void remove_overlapping_subtrees(char **listin, int *subtcount,
+                                        int sscope);
+
+/* Set an extended error message about being unable to read name. */
+static krb5_error_code
+attr_read_error(krb5_context ctx, krb5_error_code code, const char *name)
+{
+    k5_setmsg(ctx, code, _("Error reading '%s' attribute: %s"), name,
+              error_message(code));
+    return code;
+}
+
+/* Get integer or string values from the config section, falling back to the
+ * default section, then to hard-coded values. */
+static krb5_error_code
+prof_get_integer_def(krb5_context ctx, const char *conf_section,
+                     const char *name, int dfl, krb5_ui_4 *out)
+{
+    krb5_error_code ret;
+    int val;
+
+    ret = profile_get_integer(ctx->profile, KDB_MODULE_SECTION, conf_section,
+                              name, 0, &val);
+    if (ret)
+        return attr_read_error(ctx, ret, name);
+    if (val != 0) {
+        *out = val;
+        return 0;
+    }
+    ret = profile_get_integer(ctx->profile, KDB_MODULE_DEF_SECTION, name, NULL,
+                              dfl, &val);
+    if (ret)
+        return attr_read_error(ctx, ret, name);
+    *out = val;
+    return 0;
+}
+
+/* Get integer or string values from the config section, falling back to the
+ * default section, then to hard-coded values. */
+static krb5_error_code
+prof_get_boolean_def(krb5_context ctx, const char *conf_section,
+                     const char *name, krb5_boolean dfl, krb5_boolean *out)
+{
+    krb5_error_code ret;
+    int val = 0;
+
+    ret = profile_get_boolean(ctx->profile, KDB_MODULE_SECTION, conf_section,
+                              name, -1, &val);
+    if (ret)
+        return attr_read_error(ctx, ret, name);
+    if (val != -1) {
+        *out = val;
+        return 0;
+    }
+    ret = profile_get_boolean(ctx->profile, KDB_MODULE_DEF_SECTION, name, NULL,
+                              dfl, &val);
+    if (ret)
+        return attr_read_error(ctx, ret, name);
+    *out = val;
+    return 0;
+}
+
+/* We don't have non-null defaults in any of our calls, so don't bother with
+ * the extra argument. */
+static krb5_error_code
+prof_get_string_def(krb5_context ctx, const char *conf_section,
+                    const char *name, char **out)
+{
+    krb5_error_code ret;
+
+    ret = profile_get_string(ctx->profile, KDB_MODULE_SECTION, conf_section,
+                             name, NULL, out);
+    if (ret)
+        return attr_read_error(ctx, ret, name);
+    if (*out != NULL)
+        return 0;
+    ret = profile_get_string(ctx->profile, KDB_MODULE_DEF_SECTION, name, NULL,
+                             NULL, out);
+    if (ret)
+        return attr_read_error(ctx, ret, name);
+    return 0;
+}
+
+static krb5_error_code
+get_db_opt(const char *input, char **opt_out, char **val_out)
+{
+    krb5_error_code ret;
+    const char *pos;
+    char *opt, *val = NULL;
+    size_t len;
+
+    *opt_out = *val_out = NULL;
+    pos = strchr(input, '=');
+    if (pos == NULL) {
+        opt = strdup(input);
+        if (opt == NULL)
+            return ENOMEM;
+    } else {
+        len = pos - input;
+        /* Ignore trailing spaces. */
+        while (len > 0 && isspace((unsigned char)input[len - 1]))
+            len--;
+        opt = k5memdup0(input, len, &ret);
+        if (opt == NULL)
+            return ret;
+
+        pos++;                  /* Move past '='. */
+        while (isspace(*pos))   /* Ignore leading spaces. */
+            pos++;
+        if (*pos != '\0') {
+            val = strdup(pos);
+            if (val == NULL) {
+                free(opt);
+                return ENOMEM;
+            }
+        }
+    }
+    *opt_out = opt;
+    *val_out = val;
+    return 0;
+}
+
+static krb5_error_code
+add_server_entry(krb5_context context, const char *name)
+{
+    krb5_ldap_context *ctx = context->dal_handle->db_context;
+    krb5_ldap_server_info **sp, **list, *server;
+    size_t count = 0;
+
+    /* Allocate list space for the new entry and null terminator. */
+    for (sp = ctx->server_info_list; sp != NULL && *sp != NULL; sp++)
+        count++;
+    list = realloc(ctx->server_info_list, (count + 2) * sizeof(*list));
+    if (list == NULL)
+        return ENOMEM;
+    ctx->server_info_list = list;
+
+    server = calloc(1, sizeof(krb5_ldap_server_info));
+    if (server == NULL)
+        return ENOMEM;
+    server->server_status = NOTSET;
+    server->server_name = strdup(name);
+    if (server->server_name == NULL) {
+        free(server);
+        return ENOMEM;
+    }
+    list[count] = server;
+    list[count + 1] = NULL;
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_parse_db_params(krb5_context context, char **db_args)
+{
+    char *opt = NULL, *val = NULL;
+    krb5_error_code ret = 0;
+    krb5_ldap_context *ctx = context->dal_handle->db_context;
+
+    if (db_args == NULL)
+        return 0;
+    for (; *db_args != NULL; db_args++) {
+        ret = get_db_opt(*db_args, &opt, &val);
+        if (ret)
+            goto cleanup;
+
+        /* Check for options which don't require values. */
+        if (!strcmp(opt, "temporary")) {
+            /* "temporary" is passed by kdb5_util load without -update,
+             * which we don't support. */
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("KDB module requires -update argument"));
+            goto cleanup;
+        }
+
+        if (val == NULL) {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("'%s' value missing"), opt);
+            goto cleanup;
+        }
+
+        /* Check for options which do require arguments. */
+        if (!strcmp(opt, "binddn")) {
+            free(ctx->bind_dn);
+            ctx->bind_dn = strdup(val);
+            if (ctx->bind_dn == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        } else if (!strcmp(opt, "nconns")) {
+            ctx->max_server_conns = atoi(val) ? atoi(val) :
+                DEFAULT_CONNS_PER_SERVER;
+        } else if (!strcmp(opt, "bindpwd")) {
+            free(ctx->bind_pwd);
+            ctx->bind_pwd = strdup(val);
+            if (ctx->bind_pwd == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        } else if (!strcmp(opt, "sasl_mech")) {
+            free(ctx->sasl_mech);
+            ctx->sasl_mech = strdup(val);
+            if (ctx->sasl_mech == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        } else if (!strcmp(opt, "sasl_authcid")) {
+            free(ctx->sasl_authcid);
+            ctx->sasl_authcid = strdup(val);
+            if (ctx->sasl_authcid == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        } else if (!strcmp(opt, "sasl_authzid")) {
+            free(ctx->sasl_authzid);
+            ctx->sasl_authzid = strdup(val);
+            if (ctx->sasl_authzid == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        } else if (!strcmp(opt, "sasl_realm")) {
+            free(ctx->sasl_realm);
+            ctx->sasl_realm = strdup(val);
+            if (ctx->sasl_realm == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+        } else if (!strcmp(opt, "host")) {
+            ret = add_server_entry(context, val);
+            if (ret)
+                goto cleanup;
+        } else if (!strcmp(opt, "debug")) {
+            ctx->ldap_debug = atoi(val);
+        } else {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("unknown option '%s'"), opt);
+            goto cleanup;
+        }
+
+        free(opt);
+        free(val);
+        opt = val = NULL;
+    }
+
+cleanup:
+    free(opt);
+    free(val);
+    return ret;
+}
+
+/* Pick kdc_var or kadmind_var depending on the server type. */
+static inline const char *
+choose_var(int srv_type, const char *kdc_var, const char *kadmind_var)
+{
+    return (srv_type == KRB5_KDB_SRV_TYPE_KDC) ? kdc_var : kadmind_var;
+}
+
+/*
+ * This function reads the parameters from the krb5.conf file. The
+ * parameters read here are DAL-LDAP specific attributes. Some of
+ * these are ldap_server ....
+ */
+krb5_error_code
+krb5_ldap_read_server_params(krb5_context context, char *conf_section,
+                             int srv_type)
+{
+    char *servers, *save_ptr, *item;
+    const char *delims = "\t\n\f\v\r ,", *name;
+    krb5_error_code ret = 0;
+    kdb5_dal_handle *dal_handle = context->dal_handle;
+    krb5_ldap_context *ldap_context = dal_handle->db_context;
+
+    /* copy the conf_section into ldap_context for later use */
+    if (conf_section != NULL) {
+        ldap_context->conf_section = strdup(conf_section);
+        if (ldap_context->conf_section == NULL)
+            return ENOMEM;
+    }
+
+    /* This mutex is used in the LDAP connection pool. */
+    if (k5_mutex_init(&(ldap_context->hndl_lock)) != 0)
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
+
+    /* Read the maximum number of LDAP connections per server. */
+    if (ldap_context->max_server_conns == 0) {
+        ret = prof_get_integer_def(context, conf_section,
+                                   KRB5_CONF_LDAP_CONNS_PER_SERVER,
+                                   DEFAULT_CONNS_PER_SERVER,
+                                   &ldap_context->max_server_conns);
+        if (ret)
+            return ret;
+    }
+
+    if (ldap_context->max_server_conns < 2) {
+        k5_setmsg(context, EINVAL,
+                  _("Minimum connections required per server is 2"));
+        return EINVAL;
+    }
+
+    /* Read the DN used to connect to the LDAP server. */
+    if (ldap_context->bind_dn == NULL) {
+        name = choose_var(srv_type, KRB5_CONF_LDAP_KDC_DN,
+                          KRB5_CONF_LDAP_KADMIND_DN);
+        ret = prof_get_string_def(context, conf_section, name,
+                                  &ldap_context->bind_dn);
+        if (ret)
+            return ret;
+    }
+
+    /* Read the filename containing stashed DN passwords. */
+    if (ldap_context->service_password_file == NULL) {
+        ret = prof_get_string_def(context, conf_section,
+                                  KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE,
+                                  &ldap_context->service_password_file);
+        if (ret)
+            return ret;
+    }
+
+    if (ldap_context->sasl_mech == NULL) {
+        name = choose_var(srv_type, KRB5_CONF_LDAP_KDC_SASL_MECH,
+                          KRB5_CONF_LDAP_KADMIND_SASL_MECH);
+        ret = prof_get_string_def(context, conf_section, name,
+                                  &ldap_context->sasl_mech);
+        if (ret)
+            return ret;
+    }
+
+    if (ldap_context->sasl_authcid == NULL) {
+        name = choose_var(srv_type, KRB5_CONF_LDAP_KDC_SASL_AUTHCID,
+                          KRB5_CONF_LDAP_KADMIND_SASL_AUTHCID);
+        ret = prof_get_string_def(context, conf_section, name,
+                                  &ldap_context->sasl_authcid);
+        if (ret)
+            return ret;
+    }
+
+    if (ldap_context->sasl_authzid == NULL) {
+        name = choose_var(srv_type, KRB5_CONF_LDAP_KDC_SASL_AUTHZID,
+                          KRB5_CONF_LDAP_KADMIND_SASL_AUTHZID);
+        ret = prof_get_string_def(context, conf_section, name,
+                                  &ldap_context->sasl_authzid);
+        if (ret)
+            return ret;
+    }
+
+    if (ldap_context->sasl_realm == NULL) {
+        name = choose_var(srv_type, KRB5_CONF_LDAP_KDC_SASL_REALM,
+                          KRB5_CONF_LDAP_KADMIND_SASL_REALM);
+        ret = prof_get_string_def(context, conf_section, name,
+                                  &ldap_context->sasl_realm);
+        if (ret)
+            return ret;
+    }
+
+    /* Read the LDAP server URL list. */
+    if (ldap_context->server_info_list == NULL) {
+        ret = profile_get_string(context->profile, KDB_MODULE_SECTION,
+                                 conf_section, KRB5_CONF_LDAP_SERVERS, NULL,
+                                 &servers);
+        if (ret)
+            return attr_read_error(context, ret, KRB5_CONF_LDAP_SERVERS);
+
+        if (servers == NULL) {
+            ret = add_server_entry(context, "ldapi://");
+            if (ret)
+                return ret;
+        } else {
+            item = strtok_r(servers, delims, &save_ptr);
+            while (item != NULL) {
+                ret = add_server_entry(context, item);
+                if (ret) {
+                    profile_release_string(servers);
+                    return ret;
+                }
+                item = strtok_r(NULL, delims, &save_ptr);
+            }
+            profile_release_string(servers);
+        }
+    }
+
+    ret = prof_get_boolean_def(context, conf_section,
+                               KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE,
+                               &ldap_context->disable_last_success);
+    if (ret)
+        return ret;
+
+    return prof_get_boolean_def(context, conf_section,
+                                KRB5_CONF_DISABLE_LOCKOUT, FALSE,
+                                &ldap_context->disable_lockout);
+}
+
+void
+krb5_ldap_free_server_context_params(krb5_ldap_context *ctx)
+{
+    int i;
+    krb5_ldap_server_info **list;
+    krb5_ldap_server_handle *h, *next;
+
+    if (ctx == NULL)
+        return;
+
+    list = ctx->server_info_list;
+    for (i = 0; list != NULL && list[i] != NULL; i++) {
+        free(list[i]->server_name);
+        for (h = list[i]->ldap_server_handles; h != NULL; h = next) {
+            next = h->next;
+            ldap_unbind_ext_s(h->ldap_handle, NULL, NULL);
+            free(h);
+        }
+        free(list[i]);
+    }
+    free(list);
+    ctx->server_info_list = NULL;
+
+    free(ctx->sasl_mech);
+    free(ctx->sasl_authcid);
+    free(ctx->sasl_authzid);
+    free(ctx->sasl_realm);
+    free(ctx->conf_section);
+    free(ctx->bind_dn);
+    zapfreestr(ctx->bind_pwd);
+    free(ctx->service_password_file);
+    ctx->conf_section = ctx->bind_dn = ctx->bind_pwd = NULL;
+    ctx->service_password_file = NULL;
+}
+
+void
+krb5_ldap_free_server_params(krb5_ldap_context *ctx)
+{
+    if (ctx == NULL)
+        return;
+    krb5_ldap_free_server_context_params(ctx);
+    k5_mutex_destroy(&ctx->hndl_lock);
+    free(ctx);
+}
+
+/* Return true if princ is in the default realm of ldap_context or is a
+ * cross-realm TGS principal for that realm. */
+krb5_boolean
+is_principal_in_realm(krb5_ldap_context *ldap_context,
+                      krb5_const_principal princ)
+{
+    const char *realm = ldap_context->lrparams->realm_name;
+
+    if (princ->length == 2 &&
+        data_eq_string(princ->data[0], "krbtgt") &&
+        data_eq_string(princ->data[1], realm))
+        return TRUE;
+    return data_eq_string(princ->realm, realm);
+}
+
+/*
+ * Deduce the subtree information from the context. A realm can have
+ * multiple subtrees.
+ * 1. the Realm container
+ * 2. the actual subtrees associated with the Realm
+ *
+ * However, there are some conditions to be considered to deduce the
+ * actual subtree/s associated with the realm.  The conditions are as
+ * follows:
+ * 1. If the subtree information of the Realm is [Root] or NULL (that
+ *    is internal a [Root]) then the realm has only one subtree
+ *    i.e [Root], i.e. whole of the tree.
+ * 2. If the subtree information of the Realm is missing/absent, then the
+ *    realm has only one, i.e., the Realm container.  NOTE: In all cases
+ *    Realm container SHOULD be the one among the subtrees or the only
+ *    one subtree.
+ * 3. The subtree information of the realm is overlapping the realm
+ *    container of the realm, then the realm has only one subtree and
+ *    it is the subtree information associated with the realm.
+ */
+krb5_error_code
+krb5_get_subtree_info(krb5_ldap_context *ldap_context, char ***subtreearr,
+                      unsigned int *ntree)
+{
+    krb5_error_code ret;
+    int subtreecount, count = 0, search_scope;
+    char **subtree, *realm_cont_dn, *containerref;
+    char **subtarr = NULL;
+
+    containerref = ldap_context->lrparams->containerref;
+    subtree = ldap_context->lrparams->subtree;
+    realm_cont_dn = ldap_context->lrparams->realmdn;
+    subtreecount = ldap_context->lrparams->subtreecount;
+    search_scope = ldap_context->lrparams->search_scope;
+
+    /* Leave space for realm DN, containerref, and null terminator. */
+    subtarr = k5calloc(subtreecount + 3, sizeof(char *), &ret);
+    if (subtarr == NULL)
+        goto cleanup;
+
+    /* Get the complete subtree list. */
+    while (count < subtreecount && subtree[count] != NULL) {
+        subtarr[count] = strdup(subtree[count]);
+        if (subtarr[count++] == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+    }
+
+    subtarr[count] = strdup(realm_cont_dn);
+    if (subtarr[count++] == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    if (containerref != NULL) {
+        subtarr[count] = strdup(containerref);
+        if (subtarr[count++] == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+    }
+
+    remove_overlapping_subtrees(subtarr, &count, search_scope);
+    *ntree = count;
+    *subtreearr = subtarr;
+    subtarr = NULL;
+    count = 0;
+
+cleanup:
+    while (count > 0)
+        free(subtarr[--count]);
+    free(subtarr);
+    return ret;
+}
+
+/* Reallocate tl and return a pointer to the new space, or NULL on failure. */
+static unsigned char *
+expand_tl_data(krb5_tl_data *tl, uint16_t len)
+{
+    unsigned char *newptr;
+
+    if (len > UINT16_MAX - tl->tl_data_length)
+        return NULL;
+    newptr = realloc(tl->tl_data_contents, tl->tl_data_length + len);
+    if (newptr == NULL)
+        return NULL;
+    tl->tl_data_contents = newptr;
+    tl->tl_data_length += len;
+    return tl->tl_data_contents + tl->tl_data_length - len;
+}
+
+/* Append a one-byte type, a two-byte length, and a value to a KDB_TL_USER_INFO
+ * tl_data item.  The length is inferred from type and value. */
+krb5_error_code
+store_tl_data(krb5_tl_data *tl, int type, void *value)
+{
+    unsigned char *ptr;
+    int ival;
+    char *str;
+    size_t len;
+
+    tl->tl_data_type = KDB_TL_USER_INFO;
+    switch (type) {
+    case KDB_TL_PRINCCOUNT:
+    case KDB_TL_PRINCTYPE:
+    case KDB_TL_MASK:
+        ival = *(int *)value;
+        if (ival > UINT16_MAX)
+            return EINVAL;
+        ptr = expand_tl_data(tl, 5);
+        if (ptr == NULL)
+            return ENOMEM;
+        *ptr = type;
+        store_16_be(2, ptr + 1);
+        store_16_be(ival, ptr + 3);
+        break;
+
+    case KDB_TL_USERDN:
+    case KDB_TL_LINKDN:
+        str = value;
+        len = strlen(str);
+        if (len > UINT16_MAX - 3)
+            return ENOMEM;
+        ptr = expand_tl_data(tl, 3 + len);
+        if (ptr == NULL)
+            return ENOMEM;
+        *ptr = type;
+        store_16_be(len, ptr + 1);
+        memcpy(ptr + 3, str, len);
+        break;
+
+    default:
+        return EINVAL;
+    }
+    return 0;
+}
+
+/* Scan tl for a value of the given type and return it in allocated memory.
+ * For KDB_TL_LINKDN, return a list of all values found. */
+static krb5_error_code
+decode_tl_data(krb5_tl_data *tl, int type, void **data_out)
+{
+    krb5_error_code ret;
+    const unsigned char *ptr, *end;
+    uint16_t len;
+    size_t linkcount = 0, i;
+    char **dnlist = NULL, **newlist;
+    int *intptr;
+
+    *data_out = NULL;
+
+    /* Find the first matching subfield or return ENOENT.  For KDB_TL_LINKDN,
+     * keep iterating after finding a match as it may be repeated. */
+    ptr = tl->tl_data_contents;
+    end = ptr + tl->tl_data_length;
+    for (;;) {
+        if (end - ptr < 3)
+            break;
+        len = load_16_be(ptr + 1);
+        if (len > (end - ptr) - 3)
+            break;
+        if (*ptr != type) {
+            ptr += 3 + len;
+            continue;
+        }
+        ptr += 3;
+
+        switch (type) {
+        case KDB_TL_PRINCCOUNT:
+        case KDB_TL_PRINCTYPE:
+        case KDB_TL_MASK:
+            if (len != 2)
+                return EINVAL;
+            intptr = malloc(sizeof(int));
+            if (intptr == NULL)
+                return ENOMEM;
+            *intptr = load_16_be(ptr);
+            *data_out = intptr;
+            return 0;
+
+        case KDB_TL_USERDN:
+            *data_out = k5memdup0(ptr, len, &ret);
+            return ret;
+
+        case KDB_TL_LINKDN:
+            newlist = realloc(dnlist, (linkcount + 2) * sizeof(char *));
+            if (newlist == NULL)
+                goto oom;
+            dnlist = newlist;
+            dnlist[linkcount] = k5memdup0(ptr, len, &ret);
+            if (dnlist[linkcount] == NULL)
+                goto oom;
+            dnlist[linkcount + 1] = NULL;
+            linkcount++;
+            break;
+        }
+
+        ptr += len;
+    }
+
+    if (type != KDB_TL_LINKDN || dnlist == NULL)
+        return ENOENT;
+    *data_out = dnlist;
+    return 0;
+
+oom:
+    for (i = 0; i < linkcount; i++)
+        free(dnlist[i]);
+    free(dnlist);
+    return ENOMEM;
+}
+
+/*
+ * wrapper routines for decode_tl_data
+ */
+static krb5_error_code
+get_int_from_tl_data(krb5_context context, krb5_db_entry *entry, int type,
+                     int *intval)
+{
+    krb5_error_code ret;
+    krb5_tl_data tl_data;
+    void *ptr;
+    int *intptr;
+
+    *intval = 0;
+
+    tl_data.tl_data_type = KDB_TL_USER_INFO;
+    ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (ret || tl_data.tl_data_length == 0)
+        return ret;
+
+    if (decode_tl_data(&tl_data, type, &ptr) == 0) {
+        intptr = ptr;
+        *intval = *intptr;
+        free(intptr);
+    }
+
+    return 0;
+}
+
+/*
+ * Get the mask representing the attributes set on the directory
+ * object (user, policy ...).
+ */
+krb5_error_code
+krb5_get_attributes_mask(krb5_context context, krb5_db_entry *entry,
+                         int *mask)
+{
+    return get_int_from_tl_data(context, entry, KDB_TL_MASK, mask);
+}
+
+krb5_error_code
+krb5_get_princ_type(krb5_context context, krb5_db_entry *entry, int *ptype)
+{
+    return get_int_from_tl_data(context, entry, KDB_TL_PRINCTYPE, ptype);
+}
+
+krb5_error_code
+krb5_get_princ_count(krb5_context context, krb5_db_entry *entry, int *pcount)
+{
+    return get_int_from_tl_data(context, entry, KDB_TL_PRINCCOUNT, pcount);
+}
+
+krb5_error_code
+krb5_get_linkdn(krb5_context context, krb5_db_entry *entry, char ***link_dn)
+{
+    krb5_error_code ret;
+    krb5_tl_data tl_data;
+    void *ptr;
+
+    *link_dn = NULL;
+    tl_data.tl_data_type = KDB_TL_USER_INFO;
+    ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (ret || tl_data.tl_data_length == 0)
+        return ret;
+
+    if (decode_tl_data(&tl_data, KDB_TL_LINKDN, &ptr) == 0)
+        *link_dn = ptr;
+
+    return 0;
+}
+
+static krb5_error_code
+get_str_from_tl_data(krb5_context context, krb5_db_entry *entry, int type,
+                     char **strval)
+{
+    krb5_error_code ret;
+    krb5_tl_data tl_data;
+    void *ptr;
+
+    if (type != KDB_TL_USERDN)
+        return EINVAL;
+
+    tl_data.tl_data_type = KDB_TL_USER_INFO;
+    ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (ret || tl_data.tl_data_length == 0)
+        return ret;
+
+    if (decode_tl_data(&tl_data, type, &ptr) == 0)
+        *strval = ptr;
+
+    return 0;
+}
+
+/*
+ * Replace the relative DN component of dn with newrdn.
+ */
+krb5_error_code
+replace_rdn(krb5_context context, const char *dn, const char *newrdn,
+            char **newdn_out)
+{
+    krb5_error_code ret;
+    LDAPDN ldn = NULL;
+    LDAPRDN lrdn = NULL;
+    char *next;
+
+    *newdn_out = NULL;
+
+    ret = ldap_str2dn(dn, &ldn, LDAP_DN_FORMAT_LDAPV3);
+    if (ret != LDAP_SUCCESS || ldn[0] == NULL) {
+        ret = EINVAL;
+        goto cleanup;
+    }
+
+    ret = ldap_str2rdn(newrdn, &lrdn, &next, LDAP_DN_FORMAT_LDAPV3);
+    if (ret != LDAP_SUCCESS) {
+        ret = EINVAL;
+        goto cleanup;
+    }
+
+    ldap_rdnfree(ldn[0]);
+    ldn[0] = lrdn;
+    lrdn = NULL;
+
+    ret = ldap_dn2str(ldn, newdn_out, LDAP_DN_FORMAT_LDAPV3);
+    if (ret != LDAP_SUCCESS)
+        ret = KRB5_KDB_SERVER_INTERNAL_ERR;
+
+cleanup:
+    if (ldn != NULL)
+        ldap_dnfree(ldn);
+    if (lrdn != NULL)
+        ldap_rdnfree(lrdn);
+    return ret;
+}
+
+krb5_error_code
+krb5_get_userdn(krb5_context context, krb5_db_entry *entry, char **userdn)
+{
+    *userdn = NULL;
+    return get_str_from_tl_data(context, entry, KDB_TL_USERDN, userdn);
+}
+
+/*
+ * If attribute or attrvalues is NULL, just check for the existence of dn.
+ * Otherwise, read values for attribute from dn; then set the bit 1<<n in mask
+ * for each attrvalues[n] which is present in the values read.
+ */
+krb5_error_code
+checkattributevalue(LDAP *ld, char *dn, char *attribute, char **attrvalues,
+                    int *mask)
+{
+    krb5_error_code ret;
+    int one = 1, i, j;
+    char **values = NULL, *attributes[2] = { NULL };
+    LDAPMessage *result = NULL, *entry;
+
+    if (strlen(dn) == 0)
+        return set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
+
+    attributes[0] = attribute;
+
+    /* Read values for attribute from the dn, or check for its existence. */
+    ret = ldap_search_ext_s(ld, dn, LDAP_SCOPE_BASE, 0, attributes, 0, NULL,
+                            NULL, &timelimit, LDAP_NO_LIMIT, &result);
+    if (ret != LDAP_SUCCESS) {
+        ldap_msgfree(result);
+        return set_ldap_error(0, ret, OP_SEARCH);
+    }
+
+    /* Don't touch *mask if we are only checking for existence. */
+    if (attribute == NULL || attrvalues == NULL)
+        goto done;
+
+    *mask = 0;
+
+    entry = ldap_first_entry(ld, result);
+    if (entry == NULL)
+        goto done;
+    values = ldap_get_values(ld, entry, attribute);
+    if (values == NULL)
+        goto done;
+
+    /* Set bits in mask for each matching value we read. */
+    for (i = 0; attrvalues[i]; i++) {
+        for (j = 0; values[j]; j++) {
+            if (strcasecmp(attrvalues[i], values[j]) == 0) {
+                *mask |= (one << i);
+                break;
+            }
+        }
+    }
+
+done:
+    ldap_msgfree(result);
+    ldap_value_free(values);
+    return 0;
+}
+
+static krb5_error_code
+getepochtime(char *strtime, krb5_timestamp *epochtime)
+{
+    struct tm tme;
+
+    memset(&tme, 0, sizeof(tme));
+    if (strptime(strtime,"%Y%m%d%H%M%SZ", &tme) == NULL) {
+        *epochtime = 0;
+        return EINVAL;
+    }
+    *epochtime = krb5int_gmt_mktime(&tme);
+    return 0;
+}
+
+/* Get the integer value of attribute from int.  If it is not found, return
+ * ENOENT and set *val_out to 0. */
+krb5_error_code
+krb5_ldap_get_value(LDAP *ld, LDAPMessage *ent, char *attribute, int *val_out)
+{
+    char **values;
+
+    *val_out = 0;
+    values = ldap_get_values(ld, ent, attribute);
+    if (values == NULL)
+        return ENOENT;
+    if (values[0] != NULL)
+        *val_out = atoi(values[0]);
+    ldap_value_free(values);
+    return 0;
+}
+
+/* Return the first string value of attribute in ent. */
+krb5_error_code
+krb5_ldap_get_string(LDAP *ld, LDAPMessage *ent, char *attribute,
+                     char **str_out, krb5_boolean *attr_present)
+{
+    char **values;
+    krb5_error_code ret = 0;
+
+    *str_out = NULL;
+    if (attr_present != NULL)
+        *attr_present = FALSE;
+
+    values = ldap_get_values(ld, ent, attribute);
+    if (values == NULL)
+        return 0;
+    if (values[0] != NULL) {
+        if (attr_present != NULL)
+            *attr_present = TRUE;
+        *str_out = strdup(values[0]);
+        if (*str_out == NULL)
+            ret = ENOMEM;
+    }
+    ldap_value_free(values);
+    return ret;
+}
+
+static krb5_error_code
+get_time(LDAP *ld, LDAPMessage *ent, char *attribute, krb5_timestamp *time_out,
+         krb5_boolean *attr_present)
+{
+    char **values = NULL;
+    krb5_error_code ret = 0;
+
+    *time_out = 0;
+    *attr_present = FALSE;
+
+    values = ldap_get_values(ld, ent, attribute);
+    if (values == NULL)
+        return 0;
+    if (values[0] != NULL) {
+        *attr_present = TRUE;
+        ret = getepochtime(values[0], time_out);
+    }
+    ldap_value_free(values);
+    return ret;
+}
+
+/* Add an entry to *list_inout and return it in *mod_out. */
+static krb5_error_code
+alloc_mod(LDAPMod ***list_inout, LDAPMod **mod_out)
+{
+    size_t count;
+    LDAPMod **mods = *list_inout;
+
+    *mod_out = NULL;
+
+    for (count = 0; mods != NULL && mods[count] != NULL; count++);
+    mods = realloc(mods, (count + 2) * sizeof(*mods));
+    if (mods == NULL)
+        return ENOMEM;
+    *list_inout = mods;
+
+    mods[count] = calloc(1, sizeof(LDAPMod));
+    if (mods[count] == NULL)
+        return ENOMEM;
+    mods[count + 1] = NULL;
+    *mod_out = mods[count];
+    return 0;
+}
+
+krb5_error_code
+krb5_add_str_mem_ldap_mod(LDAPMod ***list, char *attribute, int op,
+                          char **values)
+{
+    krb5_error_code ret;
+    LDAPMod *mod;
+    size_t count, i;
+
+    ret = alloc_mod(list, &mod);
+    if (ret)
+        return ret;
+
+    mod->mod_type = strdup(attribute);
+    if (mod->mod_type == NULL)
+        return ENOMEM;
+    mod->mod_op = op;
+
+    mod->mod_values = NULL;
+    if (values == NULL)
+        return 0;
+
+    for (count = 0; values[count] != NULL; count++);
+    mod->mod_values = calloc(count + 1, sizeof(char *));
+    if (mod->mod_values == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < count; i++) {
+        mod->mod_values[i] = strdup(values[i]);
+        if (mod->mod_values[i] == NULL)
+            return ENOMEM;
+    }
+    mod->mod_values[i] = NULL;
+    return 0;
+}
+
+krb5_error_code
+krb5_add_ber_mem_ldap_mod(LDAPMod ***list, char *attribute, int op,
+                          struct berval **ber_values)
+{
+    krb5_error_code ret;
+    LDAPMod *mod;
+    size_t count, i;
+
+    ret = alloc_mod(list, &mod);
+    if (ret)
+        return ret;
+
+    mod->mod_type = strdup(attribute);
+    if (mod->mod_type == NULL)
+        return ENOMEM;
+    mod->mod_op = op;
+
+    for (count = 0; ber_values[count] != NULL; count++);
+    mod->mod_bvalues = calloc(count + 1, sizeof(struct berval *));
+    if (mod->mod_bvalues == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < count; i++) {
+        mod->mod_bvalues[i] = calloc(1, sizeof(struct berval));
+        if (mod->mod_bvalues[i] == NULL)
+            return ENOMEM;
+
+        mod->mod_bvalues[i]->bv_len = ber_values[i]->bv_len;
+        mod->mod_bvalues[i]->bv_val = k5memdup(ber_values[i]->bv_val,
+                                               ber_values[i]->bv_len, &ret);
+        if (mod->mod_bvalues[i]->bv_val == NULL)
+            return ret;
+    }
+    mod->mod_bvalues[i] = NULL;
+    return 0;
+}
+
+static inline char *
+format_d(int val)
+{
+    char tmpbuf[3 * sizeof(val) + 2];
+
+    snprintf(tmpbuf, sizeof(tmpbuf), "%d", val);
+    return strdup(tmpbuf);
+}
+
+krb5_error_code
+krb5_add_int_mem_ldap_mod(LDAPMod ***list, char *attribute, int op, int value)
+{
+    krb5_error_code ret;
+    LDAPMod *mod;
+
+    ret = alloc_mod(list, &mod);
+    if (ret)
+        return ret;
+
+    mod->mod_type = strdup(attribute);
+    if (mod->mod_type == NULL)
+        return ENOMEM;
+
+    mod->mod_op = op;
+    mod->mod_values = calloc(2, sizeof(char *));
+    if (mod->mod_values == NULL)
+        return ENOMEM;
+    mod->mod_values[0] = format_d(value);
+    if (mod->mod_values[0] == NULL)
+        return ENOMEM;
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_modify_ext(krb5_context context, LDAP *ld, const char *dn,
+                     LDAPMod **mods, int op)
+{
+    int ret;
+
+    ret = ldap_modify_ext_s(ld, dn, mods, NULL, NULL);
+    return (ret == LDAP_SUCCESS) ? 0 : set_ldap_error(context, ret, op);
+}
+
+krb5_error_code
+krb5_ldap_lock(krb5_context kcontext, int mode)
+{
+    krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
+
+    k5_setmsg(kcontext, status, "LDAP %s", error_message(status));
+    return status;
+}
+
+krb5_error_code
+krb5_ldap_unlock(krb5_context kcontext)
+{
+    krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
+
+    k5_setmsg(kcontext, status, "LDAP %s", error_message(status));
+    return status;
+}
+
+
+/*
+ * Get the number of times an object has been referred to in a realm.  This is
+ * needed to find out if deleting the attribute will cause dangling links.
+ *
+ * An LDAP handle may be optionally specified to prevent race condition - there
+ * are a limited number of LDAP handles.
+ */
+krb5_error_code
+krb5_ldap_get_reference_count(krb5_context context, char *dn, char *refattr,
+                              int *count, LDAP *ld)
+{
+    int n, st, tempst, gothandle = 0;
+    unsigned int i, ntrees = 0;
+    char *refcntattr[2];
+    char *filter = NULL, *corrected = NULL, **subtree = NULL;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context = NULL;
+    krb5_ldap_server_handle *ldap_server_handle = NULL;
+    LDAPMessage *result = NULL;
+
+    if (dn == NULL || refattr == NULL) {
+        st = EINVAL;
+        goto cleanup;
+    }
+
+    SETUP_CONTEXT();
+    if (ld == NULL) {
+        GET_HANDLE();
+        gothandle = 1;
+    }
+
+    refcntattr[0] = refattr;
+    refcntattr[1] = NULL;
+
+    corrected = ldap_filter_correct(dn);
+    if (corrected == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    if (asprintf(&filter, "%s=%s", refattr, corrected) < 0) {
+        filter = NULL;
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees);
+    if (st)
+        goto cleanup;
+
+    for (i = 0, *count = 0; i < ntrees; i++) {
+        LDAP_SEARCH(subtree[i], LDAP_SCOPE_SUBTREE, filter, refcntattr);
+        n = ldap_count_entries(ld, result);
+        if (n == -1) {
+            int ret, errcode = 0;
+            ret = ldap_parse_result(ld, result, &errcode, NULL, NULL, NULL,
+                                    NULL, 0);
+            if (ret != LDAP_SUCCESS)
+                errcode = ret;
+            st = translate_ldap_error(errcode, OP_SEARCH);
+            goto cleanup;
+        }
+
+        ldap_msgfree(result);
+        result = NULL;
+
+        *count += n;
+    }
+
+cleanup:
+    free(filter);
+    ldap_msgfree(result);
+    for (i = 0; i < ntrees; i++)
+        free(subtree[i]);
+    free(subtree);
+    free(corrected);
+    if (gothandle)
+        krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+/* Extract a name from policy_dn, which must be directly under the realm
+ * container. */
+krb5_error_code
+krb5_ldap_policydn_to_name(krb5_context context, const char *policy_dn,
+                           char **name_out)
+{
+    size_t len1, len2, plen;
+    krb5_error_code ret;
+    kdb5_dal_handle *dal_handle;
+    krb5_ldap_context *ldap_context;
+    const char *realmdn;
+    char *rdn;
+    LDAPDN dn;
+
+    *name_out = NULL;
+    SETUP_CONTEXT();
+
+    realmdn = ldap_context->lrparams->realmdn;
+    if (realmdn == NULL)
+        return EINVAL;
+
+    /* policyn_dn should be "cn=<policyname>,<realmdn>". */
+    len1 = strlen(realmdn);
+    len2 = strlen(policy_dn);
+    if (len1 == 0 || len2 == 0 || len1 + 1 >= len2)
+        return EINVAL;
+    plen = len2 - len1 - 1;
+    if (policy_dn[plen] != ',' || strcmp(realmdn, policy_dn + plen + 1) != 0)
+        return EINVAL;
+
+    rdn = k5memdup0(policy_dn, plen, &ret);
+    if (rdn == NULL)
+        return ret;
+    ret = ldap_str2dn(rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC);
+    free(rdn);
+    if (ret)
+        return EINVAL;
+    if (dn[0] == NULL || dn[1] != NULL || dn[0][0]->la_attr.bv_len != 2 ||
+        strncasecmp(dn[0][0]->la_attr.bv_val, "cn", 2) != 0) {
+        ret = EINVAL;
+    } else {
+        *name_out = k5memdup0(dn[0][0]->la_value.bv_val,
+                              dn[0][0]->la_value.bv_len, &ret);
+    }
+    ldap_dnfree(dn);
+    return ret;
+}
+
+/* Compute the policy DN for the given policy name. */
+krb5_error_code
+krb5_ldap_name_to_policydn(krb5_context context, char *name, char **policy_dn)
+{
+    int st;
+    char *corrected;
+    kdb5_dal_handle *dal_handle;
+    krb5_ldap_context *ldap_context;
+
+    *policy_dn = NULL;
+
+    /* Used for removing policy reference from an object */
+    if (name[0] == '\0') {
+        *policy_dn = strdup("");
+        return (*policy_dn == NULL) ? ENOMEM : 0;
+    }
+
+    SETUP_CONTEXT();
+
+    if (ldap_context->lrparams->realmdn == NULL)
+        return EINVAL;
+
+    corrected = ldap_filter_correct(name);
+    if (corrected == NULL)
+        return ENOMEM;
+
+    st = asprintf(policy_dn, "cn=%s,%s", corrected,
+                  ldap_context->lrparams->realmdn);
+    free(corrected);
+    if (st == -1) {
+        *policy_dn = NULL;
+        return ENOMEM;
+    }
+    return 0;
+}
+
+/* Return true if dn1 is a subtree of dn2. */
+static inline krb5_boolean
+is_subtree(const char *dn1, size_t len1, const char *dn2, size_t len2)
+{
+    return len1 > len2 && dn1[len1 - len2 - 1] == ',' &&
+        strcasecmp(dn1 + (len1 - len2), dn2) == 0;
+}
+
+/* Remove overlapping and repeated subtree entries from the list of subtrees.
+ * If sscope is not 2 (sub), only remove repeated entries. */
+static void
+remove_overlapping_subtrees(char **list, int *subtcount, int sscope)
+{
+    size_t ilen, jlen;
+    int i, j;
+    int count = *subtcount;
+
+    for (i = 0; i < count && list[i] != NULL; i++) {
+        ilen = strlen(list[i]);
+        for (j = i + 1; j < count && list[j] != NULL; j++) {
+            jlen = strlen(list[j]);
+            /* Remove list[j] if it is identical to list[i] or a subtree of it.
+             * Remove list[i] if it is a subtree of list[j]. */
+            if ((ilen == jlen && strcasecmp(list[j], list[i]) == 0) ||
+                (sscope == 2 && is_subtree(list[j], jlen, list[i], ilen))) {
+                free(list[j]);
+                list[j--] = list[count - 1];
+                list[--count] = NULL;
+            } else if (sscope == 2 &&
+                       is_subtree(list[i], ilen, list[j], jlen)) {
+                free(list[i]);
+                list[i--] = list[count - 1];
+                list[--count] = NULL;
+                break;
+            }
+        }
+    }
+    *subtcount = count;
+}
+
+static void
+free_princ_ent_contents(osa_princ_ent_t princ_ent)
+{
+    unsigned int i;
+
+    for (i = 0; i < princ_ent->old_key_len; i++) {
+        k5_free_key_data(princ_ent->old_keys[i].n_key_data,
+                         princ_ent->old_keys[i].key_data);
+        princ_ent->old_keys[i].n_key_data = 0;
+        princ_ent->old_keys[i].key_data = NULL;
+    }
+    free(princ_ent->old_keys);
+    princ_ent->old_keys = NULL;
+    princ_ent->old_key_len = 0;
+}
+
+/* Get any auth indicator values from LDAP and update the "require_auth"
+ * string. */
+static krb5_error_code
+get_ldap_auth_ind(krb5_context context, LDAP *ld, LDAPMessage *ldap_ent,
+                  krb5_db_entry *entry, unsigned int *mask)
+{
+    krb5_error_code ret;
+    int i;
+    char **auth_inds = NULL, *indstr;
+    struct k5buf buf = EMPTY_K5BUF;
+
+    auth_inds = ldap_get_values(ld, ldap_ent, "krbPrincipalAuthInd");
+    if (auth_inds == NULL)
+        return 0;
+
+    k5_buf_init_dynamic(&buf);
+
+    /* Make a space-separated list of indicators. */
+    for (i = 0; auth_inds[i] != NULL; i++) {
+        k5_buf_add(&buf, auth_inds[i]);
+        if (auth_inds[i + 1] != NULL)
+            k5_buf_add(&buf, " ");
+    }
+
+    indstr = k5_buf_cstring(&buf);
+    if (indstr == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    ret = krb5_dbe_set_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
+                              indstr);
+    if (!ret)
+        *mask |= KDB_AUTH_IND_ATTR;
+
+cleanup:
+    k5_buf_free(&buf);
+    ldap_value_free(auth_inds);
+    return ret;
+}
+
+/*
+ * Fill out a krb5_db_entry princ entry struct given a LDAP message containing
+ * the results of a principal search of the directory.
+ */
+krb5_error_code
+populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
+                       LDAP *ld, LDAPMessage *ent, krb5_const_principal princ,
+                       krb5_db_entry *entry)
+{
+    krb5_error_code ret;
+    unsigned int mask = 0;
+    int val, i, pcount, objtype;
+    krb5_boolean attr_present;
+    krb5_kvno mkvno = 0;
+    krb5_timestamp lastpwdchange, unlock_time;
+    char *policydn = NULL, *pwdpolicydn = NULL, *polname = NULL, *user = NULL;
+    char *tktpolname = NULL, *dn = NULL, **link_references = NULL;
+    char **pnvalues = NULL, **ocvalues = NULL, **a2d2 = NULL;
+    struct berval **ber_key_data = NULL, **ber_tl_data = NULL;
+    krb5_tl_data userinfo_tl_data = { NULL }, **endp, *tl;
+    osa_princ_ent_rec princ_ent;
+    char *is_login_disabled = NULL;
+
+    memset(&princ_ent, 0, sizeof(princ_ent));
+
+    ret = krb5_copy_principal(context, princ, &entry->princ);
+    if (ret)
+        goto cleanup;
+
+    /* get the associated directory user information */
+    pnvalues = ldap_get_values(ld, ent, "krbprincipalname");
+    if (pnvalues != NULL) {
+        ret = krb5_unparse_name(context, princ, &user);
+        if (ret)
+            goto cleanup;
+
+        pcount = 0;
+        for (i = 0; pnvalues[i] != NULL; i++) {
+            if (strcasecmp(pnvalues[i], user) == 0) {
+                pcount = ldap_count_values(pnvalues);
+                break;
+            }
+        }
+
+        dn = ldap_get_dn(ld, ent);
+        if (dn == NULL) {
+            ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &ret);
+            ret = set_ldap_error(context, ret, 0);
+            goto cleanup;
+        }
+
+        ocvalues = ldap_get_values(ld, ent, "objectclass");
+        if (ocvalues != NULL) {
+            for (i = 0; ocvalues[i] != NULL; i++) {
+                if (strcasecmp(ocvalues[i], "krbprincipal") == 0) {
+                    objtype = KDB_STANDALONE_PRINCIPAL_OBJECT;
+                    ret = store_tl_data(&userinfo_tl_data, KDB_TL_PRINCTYPE,
+                                        &objtype);
+                    if (ret)
+                        goto cleanup;
+                    break;
+                }
+            }
+        }
+
+        /* Add principalcount, DN and principaltype user information to
+         * tl_data */
+        ret = store_tl_data(&userinfo_tl_data, KDB_TL_PRINCCOUNT, &pcount);
+        if (ret)
+            goto cleanup;
+        ret = store_tl_data(&userinfo_tl_data, KDB_TL_USERDN, dn);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = get_time(ld, ent, "krbLastSuccessfulAuth", &entry->last_success,
+                   &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present)
+        mask |= KDB_LAST_SUCCESS_ATTR;
+
+    ret = get_time(ld, ent, "krbLastFailedAuth", &entry->last_failed,
+                   &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present)
+        mask |= KDB_LAST_FAILED_ATTR;
+
+    if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount", &val) == 0) {
+        entry->fail_auth_count = val;
+        mask |= KDB_FAIL_AUTH_COUNT_ATTR;
+    }
+    if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
+        entry->max_life = val;
+        mask |= KDB_MAX_LIFE_ATTR;
+    }
+    if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
+        entry->max_renewable_life = val;
+        mask |= KDB_MAX_RLIFE_ATTR;
+    }
+    if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
+        entry->attributes = val;
+        mask |= KDB_TKT_FLAGS_ATTR;
+    }
+    ret = get_time(ld, ent, "krbprincipalexpiration", &entry->expiration,
+                   &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present)
+        mask |= KDB_PRINC_EXPIRE_TIME_ATTR;
+
+    ret = get_time(ld, ent, "krbpasswordexpiration", &entry->pw_expiration,
+                   &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present)
+        mask |= KDB_PWD_EXPIRE_TIME_ATTR;
+
+    ret = krb5_ldap_get_string(ld, ent, "krbticketpolicyreference", &policydn,
+                               &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present) {
+        mask |= KDB_POL_REF_ATTR;
+        /* Ensure that the policy is inside the realm container. */
+        ret = krb5_ldap_policydn_to_name(context, policydn, &tktpolname);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = krb5_ldap_get_string(ld, ent, "krbpwdpolicyreference", &pwdpolicydn,
+                               &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present) {
+        mask |= KDB_PWD_POL_REF_ATTR;
+
+        /* Ensure that the policy is inside the realm container. */
+        ret = krb5_ldap_policydn_to_name(context, pwdpolicydn, &polname);
+        if (ret)
+            goto cleanup;
+        princ_ent.policy = polname;
+        princ_ent.aux_attributes |= KADM5_POLICY;
+    }
+
+    ber_key_data = ldap_get_values_len(ld, ent, "krbpwdhistory");
+    if (ber_key_data != NULL) {
+        mask |= KDB_PWD_HISTORY_ATTR;
+        ret = krb5_decode_histkey(context, ber_key_data, &princ_ent);
+        if (ret)
+            goto cleanup;
+        ldap_value_free_len(ber_key_data);
+    }
+
+    if (princ_ent.aux_attributes) {
+        ret = krb5_update_tl_kadm_data(context, entry, &princ_ent);
+        if (ret)
+            goto cleanup;
+    }
+
+    ber_key_data = ldap_get_values_len(ld, ent, "krbprincipalkey");
+    if (ber_key_data != NULL) {
+        mask |= KDB_SECRET_KEY_ATTR;
+        ret = krb5_decode_krbsecretkey(context, entry, ber_key_data, &mkvno);
+        if (ret)
+            goto cleanup;
+        if (mkvno != 0) {
+            ret = krb5_dbe_update_mkvno(context, entry, mkvno);
+            if (ret)
+                goto cleanup;
+        }
+    }
+
+    ret = get_time(ld, ent, "krbLastPwdChange", &lastpwdchange, &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present) {
+        ret = krb5_dbe_update_last_pwd_change(context, entry, lastpwdchange);
+        if (ret)
+            goto cleanup;
+        mask |= KDB_LAST_PWD_CHANGE_ATTR;
+    }
+
+    ret = get_time(ld, ent, "krbLastAdminUnlock", &unlock_time, &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present) {
+        ret = krb5_dbe_update_last_admin_unlock(context, entry, unlock_time);
+        if (ret)
+            goto cleanup;
+        mask |= KDB_LAST_ADMIN_UNLOCK_ATTR;
+    }
+
+    a2d2 = ldap_get_values(ld, ent, "krbAllowedToDelegateTo");
+    if (a2d2 != NULL) {
+        for (endp = &entry->tl_data; *endp; endp = &(*endp)->tl_data_next);
+        for (i = 0; a2d2[i] != NULL; i++) {
+            tl = k5alloc(sizeof(*tl), &ret);
+            if (tl == NULL)
+                goto cleanup;
+            tl->tl_data_type = KRB5_TL_CONSTRAINED_DELEGATION_ACL;
+            tl->tl_data_length = strlen(a2d2[i]);
+            tl->tl_data_contents = (unsigned char *)strdup(a2d2[i]);
+            if (tl->tl_data_contents == NULL) {
+                ret = ENOMEM;
+                free(tl);
+                goto cleanup;
+            }
+            tl->tl_data_next = NULL;
+            *endp = tl;
+            endp = &tl->tl_data_next;
+        }
+    }
+
+    link_references = ldap_get_values(ld, ent, "krbobjectreferences");
+    if (link_references != NULL) {
+        for (i = 0; link_references[i] != NULL; i++) {
+            ret = store_tl_data(&userinfo_tl_data, KDB_TL_LINKDN,
+                                link_references[i]);
+            if (ret)
+                goto cleanup;
+        }
+    }
+
+    ber_tl_data = ldap_get_values_len(ld, ent, "krbExtraData");
+    if (ber_tl_data != NULL) {
+        for (i = 0; ber_tl_data[i] != NULL; i++) {
+            ret = berval2tl_data(ber_tl_data[i], &tl);
+            if (ret)
+                goto cleanup;
+            ret = krb5_dbe_update_tl_data(context, entry, tl);
+            free(tl->tl_data_contents);
+            free(tl);
+            if (ret)
+                goto cleanup;
+        }
+        mask |= KDB_EXTRA_DATA_ATTR;
+    }
+
+    /* Auth indicators from krbPrincipalAuthInd will replace those from
+     * krbExtraData. */
+    ret = get_ldap_auth_ind(context, ld, ent, entry, &mask);
+    if (ret)
+        goto cleanup;
+
+    /* Update the mask of attributes present on the directory object to the
+     * tl_data. */
+    ret = store_tl_data(&userinfo_tl_data, KDB_TL_MASK, &mask);
+    if (ret)
+        goto cleanup;
+    ret = krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data);
+    if (ret)
+        goto cleanup;
+
+    /*
+     * 389ds and other Netscape directory server derivatives support an
+     * attribute "nsAccountLock" which functions similarly to eDirectory's
+     * "loginDisabled".  When the user's account object is also a
+     * krbPrincipalAux object, the kdb entry should be treated as if
+     * DISALLOW_ALL_TIX has been set.
+     */
+    ret = krb5_ldap_get_string(ld, ent, "nsAccountLock", &is_login_disabled,
+                               &attr_present);
+    if (ret)
+        goto cleanup;
+    if (attr_present == TRUE) {
+        if (strcasecmp(is_login_disabled, "TRUE") == 0)
+            entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+        free(is_login_disabled);
+    }
+
+    ret = krb5_read_tkt_policy(context, ldap_context, entry, tktpolname);
+    if (ret)
+        goto cleanup;
+
+    /* For compatibility with DB2 principals. */
+    entry->len = KRB5_KDB_V1_BASE_LENGTH;
+
+cleanup:
+    ldap_memfree(dn);
+    ldap_value_free_len(ber_key_data);
+    ldap_value_free_len(ber_tl_data);
+    ldap_value_free(pnvalues);
+    ldap_value_free(ocvalues);
+    ldap_value_free(link_references);
+    ldap_value_free(a2d2);
+    free(userinfo_tl_data.tl_data_contents);
+    free(pwdpolicydn);
+    free(polname);
+    free(tktpolname);
+    free(policydn);
+    krb5_free_unparsed_name(context, user);
+    free_princ_ent_contents(&princ_ent);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
new file mode 100644
index 00000000..9ea5dd5c
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
@@ -0,0 +1,125 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_misc.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#ifndef _HAVE_LDAP_MISC_H
+#define _HAVE_LDAP_MISC_H 1
+
+/* misc functions */
+
+krb5_boolean
+is_principal_in_realm(krb5_ldap_context *, krb5_const_principal);
+
+krb5_error_code
+checkattributevalue(LDAP *, char *, char *, char **, int *);
+
+krb5_error_code
+krb5_get_attributes_mask(krb5_context, krb5_db_entry *, int *);
+
+krb5_error_code
+krb5_get_princ_type(krb5_context, krb5_db_entry *, int *);
+
+krb5_error_code
+krb5_get_princ_count(krb5_context, krb5_db_entry *, int *);
+
+krb5_error_code
+krb5_get_linkdn(krb5_context, krb5_db_entry *, char ***);
+
+krb5_error_code
+krb5_get_userdn(krb5_context, krb5_db_entry *, char **);
+
+krb5_error_code
+replace_rdn(krb5_context context, const char *dn, const char *newrdn,
+            char **newdn);
+
+krb5_error_code
+store_tl_data(krb5_tl_data *, int, void *);
+
+krb5_error_code
+krb5_get_subtree_info(krb5_ldap_context *, char ***, unsigned int *);
+
+krb5_error_code
+krb5_ldap_parse_db_params(krb5_context, char **);
+
+krb5_error_code
+krb5_ldap_read_server_params(krb5_context , char *, int);
+
+void
+krb5_ldap_free_server_params(krb5_ldap_context *);
+
+krb5_error_code
+krb5_ldap_list(krb5_context, char ***, char *, char *);
+
+krb5_error_code
+krb5_ldap_get_value(LDAP *, LDAPMessage *, char *, int *);
+
+krb5_error_code
+krb5_ldap_get_string(LDAP *, LDAPMessage *, char *, char **, krb5_boolean *);
+
+krb5_error_code
+krb5_add_str_mem_ldap_mod(LDAPMod  ***, char *, int, char **);
+
+krb5_error_code
+krb5_add_ber_mem_ldap_mod(LDAPMod  ***, char *, int, struct berval **);
+
+krb5_error_code
+krb5_add_int_mem_ldap_mod(LDAPMod  ***, char *, int , int);
+
+krb5_error_code
+krb5_ldap_modify_ext(krb5_context context, LDAP *ld, const char *dn,
+                     LDAPMod **mods, int op);
+
+krb5_error_code
+krb5_ldap_free_mod_array(LDAPMod **);
+
+krb5_error_code
+krb5_ldap_get_reference_count (krb5_context, char *, char *, int *, LDAP *);
+
+krb5_error_code
+krb5_ldap_policydn_to_name (krb5_context, const char *, char **);
+
+krb5_error_code
+krb5_ldap_name_to_policydn (krb5_context, char *, char **);
+
+krb5_error_code
+populate_krb5_db_entry(krb5_context context,
+                       krb5_ldap_context *ldap_context,
+                       LDAP *ld,
+                       LDAPMessage *ent,
+                       krb5_const_principal princ,
+                       krb5_db_entry *entry);
+
+int kldap_ensure_initialized (void);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
new file mode 100644
index 00000000..6328fbe2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -0,0 +1,628 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_principal.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "ldap_main.h"
+#include "kdb_ldap.h"
+#include "ldap_principal.h"
+#include "princ_xdr.h"
+#include "ldap_err.h"
+
+struct timeval timelimit = {300, 0};  /* 5 minutes */
+char     *principal_attributes[] = { "krbprincipalname",
+                                     "krbcanonicalname",
+                                     "objectclass",
+                                     "krbprincipalkey",
+                                     "krbmaxrenewableage",
+                                     "krbmaxticketlife",
+                                     "krbticketflags",
+                                     "krbprincipalexpiration",
+                                     "krbticketpolicyreference",
+                                     "krbUpEnabled",
+                                     "krbpwdpolicyreference",
+                                     "krbpasswordexpiration",
+                                     "krbLastFailedAuth",
+                                     "krbLoginFailedCount",
+                                     "krbLastSuccessfulAuth",
+                                     "nsAccountLock",
+                                     "krbLastPwdChange",
+                                     "krbLastAdminUnlock",
+                                     "krbPrincipalAuthInd",
+                                     "krbExtraData",
+                                     "krbObjectReferences",
+                                     "krbAllowedToDelegateTo",
+                                     "krbPwdHistory",
+                                     NULL };
+
+/* Must match KDB_*_ATTR macros in ldap_principal.h.  */
+static char *attributes_set[] = { "krbmaxticketlife",
+                                  "krbmaxrenewableage",
+                                  "krbticketflags",
+                                  "krbprincipalexpiration",
+                                  "krbticketpolicyreference",
+                                  "krbPrincipalAuthInd",
+                                  "krbpwdpolicyreference",
+                                  "krbpasswordexpiration",
+                                  "krbprincipalkey",
+                                  "krblastpwdchange",
+                                  "krbextradata",
+                                  "krbLastSuccessfulAuth",
+                                  "krbLastFailedAuth",
+                                  "krbLoginFailedCount",
+                                  "krbLastAdminUnlock",
+                                  "krbPwdHistory",
+                                  NULL };
+
+
+static void
+k5_free_key_data_contents(krb5_key_data *key)
+{
+    int16_t i;
+
+    for (i = 0; i < key->key_data_ver; i++) {
+        zapfree(key->key_data_contents[i], key->key_data_length[i]);
+        key->key_data_contents[i] = NULL;
+    }
+}
+
+void
+k5_free_key_data(krb5_int16 n_key_data, krb5_key_data *key_data)
+{
+    int16_t i;
+
+    if (key_data == NULL)
+        return;
+    for (i = 0; i < n_key_data; i++)
+        k5_free_key_data_contents(&key_data[i]);
+    free(key_data);
+}
+
+void
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry)
+{
+    krb5_tl_data        *tl_data_next=NULL;
+    krb5_tl_data        *tl_data=NULL;
+
+    if (entry->e_data)
+        free(entry->e_data);
+    if (entry->princ)
+        krb5_free_principal(context, entry->princ);
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
+        tl_data_next = tl_data->tl_data_next;
+        if (tl_data->tl_data_contents)
+            free(tl_data->tl_data_contents);
+        free(tl_data);
+    }
+    k5_free_key_data(entry->n_key_data, entry->key_data);
+    memset(entry, 0, sizeof(*entry));
+    return;
+}
+
+
+krb5_error_code
+krb5_ldap_iterate(krb5_context context, char *match_expr,
+                  krb5_error_code (*func)(krb5_pointer, krb5_db_entry *),
+                  krb5_pointer func_arg, krb5_flags iterflags)
+{
+    krb5_db_entry            entry;
+    krb5_principal           principal;
+    char                     **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL;
+    unsigned int             tree=0, ntree=1, i=0;
+    krb5_error_code          st=0, tempst=0;
+    LDAP                     *ld=NULL;
+    LDAPMessage              *result=NULL, *ent=NULL;
+    kdb5_dal_handle          *dal_handle=NULL;
+    krb5_ldap_context        *ldap_context=NULL;
+    krb5_ldap_server_handle  *ldap_server_handle=NULL;
+    char                     *default_match_expr = "*";
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    memset(&entry, 0, sizeof(krb5_db_entry));
+    SETUP_CONTEXT();
+
+    realm = ldap_context->lrparams->realm_name;
+    if (realm == NULL) {
+        realm = context->default_realm;
+        if (realm == NULL) {
+            st = EINVAL;
+            k5_setmsg(context, st, _("Default realm not set"));
+            goto cleanup;
+        }
+    }
+
+    /*
+     * If no match_expr then iterate through all krb princs like the db2 plugin
+     */
+    if (match_expr == NULL)
+        match_expr = default_match_expr;
+
+    if (asprintf(&filter, FILTER"%s))", match_expr) < 0)
+        filter = NULL;
+    CHECK_NULL(filter);
+
+    if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0)
+        goto cleanup;
+
+    GET_HANDLE();
+
+    for (tree=0; tree < ntree; ++tree) {
+
+        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
+        for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
+            values=ldap_get_values(ld, ent, "krbcanonicalname");
+            if (values == NULL)
+                values=ldap_get_values(ld, ent, "krbprincipalname");
+            if (values != NULL) {
+                for (i=0; values[i] != NULL; ++i) {
+                    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
+                        continue;
+                    st = krb5_parse_name(context, princ_name, &principal);
+                    free(princ_name);
+                    if (st)
+                        continue;
+
+                    if (is_principal_in_realm(ldap_context, principal)) {
+                        st = populate_krb5_db_entry(context, ldap_context, ld,
+                                                    ent, principal, &entry);
+                        krb5_free_principal(context, principal);
+                        if (st)
+                            goto cleanup;
+                        (*func)(func_arg, &entry);
+                        krb5_dbe_free_contents(context, &entry);
+                        break;
+                    }
+                    (void) krb5_free_principal(context, principal);
+                }
+                ldap_value_free(values);
+            }
+        } /* end of for (ent= ... */
+        ldap_msgfree(result);
+        result = NULL;
+    } /* end of for (tree= ... */
+
+cleanup:
+    if (filter)
+        free (filter);
+
+    for (;ntree; --ntree)
+        if (subtree[ntree-1])
+            free (subtree[ntree-1]);
+    free(subtree);
+
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+ * delete a principal from the directory.
+ */
+krb5_error_code
+krb5_ldap_delete_principal(krb5_context context,
+                           krb5_const_principal searchfor)
+{
+    char                      *user=NULL, *DN=NULL, *strval[10] = {NULL};
+    LDAPMod                   **mods=NULL;
+    LDAP                      *ld=NULL;
+    int                       j=0, ptype=0, pcount=0, attrsetmask=0;
+    krb5_error_code           st=0;
+    krb5_boolean              singleentry=FALSE;
+    kdb5_dal_handle           *dal_handle=NULL;
+    krb5_ldap_context         *ldap_context=NULL;
+    krb5_ldap_server_handle   *ldap_server_handle=NULL;
+    krb5_db_entry             *entry = NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    SETUP_CONTEXT();
+    /* get the principal info */
+    if ((st=krb5_ldap_get_principal(context, searchfor, 0, &entry)))
+        goto cleanup;
+
+    if (((st=krb5_get_princ_type(context, entry, &(ptype))) != 0) ||
+        ((st=krb5_get_attributes_mask(context, entry, &(attrsetmask))) != 0) ||
+        ((st=krb5_get_princ_count(context, entry, &(pcount))) != 0) ||
+        ((st=krb5_get_userdn(context, entry, &(DN))) != 0))
+        goto cleanup;
+
+    if (DN == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("DN information missing"));
+        goto cleanup;
+    }
+
+    GET_HANDLE();
+
+    if (ptype == KDB_STANDALONE_PRINCIPAL_OBJECT) {
+        st = ldap_delete_ext_s(ld, DN, NULL, NULL);
+        if (st != LDAP_SUCCESS) {
+            st = set_ldap_error (context, st, OP_DEL);
+            goto cleanup;
+        }
+    } else {
+        if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
+            || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+            goto cleanup;
+
+        memset(strval, 0, sizeof(strval));
+        strval[0] = user;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
+                                          strval)) != 0)
+            goto cleanup;
+
+        singleentry = (pcount == 1) ? TRUE: FALSE;
+        if (singleentry == TRUE) {
+            /*
+             * If the Kerberos user principal to be deleted happens to be the last one associated
+             * with the directory user object, then it is time to delete the other kerberos
+             * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
+             * From the attrsetmask value, identify the attributes set on the directory user
+             * object and delete them.
+             * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
+             * other principals' keys are existing/left-over. So delete all the values.
+             */
+            while (attrsetmask) {
+                if (attrsetmask & 1) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
+                                                      NULL)) != 0)
+                        goto cleanup;
+                }
+                attrsetmask >>= 1;
+                ++j;
+            }
+
+            /* the same should be done with the objectclass attributes */
+            {
+                char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
+/*              char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};  */
+                int p, q, r=0, amask=0;
+
+                if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
+                    goto cleanup;
+                memset(strval, 0, sizeof(strval));
+                for (p=1, q=0; p<=4; p<<=1, ++q)
+                    if (p & amask)
+                        strval[r++] = attrvalues[q];
+                strval[r] = NULL;
+                if (r > 0) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
+                                                      strval)) != 0)
+                        goto cleanup;
+                }
+            }
+        }
+        st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
+        if (st != LDAP_SUCCESS) {
+            st = set_ldap_error(context, st, OP_MOD);
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    if (user)
+        free (user);
+
+    if (DN)
+        free (DN);
+
+    krb5_db_free_principal(context, entry);
+
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+/*
+ * Set *res will to 1 if entry is a standalone principal entry, 0 if not.  On
+ * error, the value of *res is not defined.
+ */
+static inline krb5_error_code
+is_standalone_principal(krb5_context kcontext, krb5_db_entry *entry, int *res)
+{
+    krb5_error_code code;
+
+    code = krb5_get_princ_type(kcontext, entry, res);
+    if (!code)
+        *res = (*res == KDB_STANDALONE_PRINCIPAL_OBJECT) ? 1 : 0;
+    return code;
+}
+
+/*
+ * Unparse princ in the format used for LDAP attributes, and set *user to the
+ * result.
+ */
+static krb5_error_code
+unparse_principal_name(krb5_context context, krb5_const_principal princ,
+                       char **user_out)
+{
+    krb5_error_code st;
+    char *luser = NULL;
+
+    *user_out = NULL;
+
+    st = krb5_unparse_name(context, princ, &luser);
+    if (st)
+        goto cleanup;
+
+    st = krb5_ldap_unparse_principal_name(luser);
+    if (st)
+        goto cleanup;
+
+    *user_out = luser;
+    luser = NULL;
+
+cleanup:
+    free(luser);
+    return st;
+}
+
+/*
+ * Rename a principal's rdn.
+ *
+ * NOTE: Not every LDAP ds supports deleting the old rdn. If that is desired,
+ * it will have to be deleted afterwards.
+ */
+static krb5_error_code
+rename_principal_rdn(krb5_context context, LDAP *ld, const char *dn,
+                     const char *newprinc, char **newdn_out)
+{
+    int ret;
+    char *newrdn = NULL;
+
+    *newdn_out = NULL;
+
+    ret = asprintf(&newrdn, "krbprincipalname=%s", newprinc);
+    if (ret < 0)
+        return ENOMEM;
+
+    /*
+     * ldap_rename_s takes a deleteoldrdn parameter, but setting it to 1 fails
+     * on 389 Directory Server (as of version 1.3.5.4) if the old RDN value
+     * contains uppercase letters.  Instead, change the RDN without deleting
+     * the old value and delete it later.
+     */
+    ret = ldap_rename_s(ld, dn, newrdn, NULL, 0, NULL, NULL);
+    if (ret == -1) {
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ret);
+        ret = set_ldap_error(context, ret, OP_MOD);
+        goto cleanup;
+    }
+
+    ret = replace_rdn(context, dn, newrdn, newdn_out);
+
+cleanup:
+    free(newrdn);
+    return ret;
+}
+
+/*
+ * Rename a principal.
+ */
+krb5_error_code
+krb5_ldap_rename_principal(krb5_context context, krb5_const_principal source,
+                           krb5_const_principal target)
+{
+    int is_standalone;
+    krb5_error_code st;
+    char *suser = NULL, *tuser = NULL, *strval[2], *dn = NULL, *newdn = NULL;
+    krb5_db_entry *entry = NULL;
+    krb5_kvno mkvno;
+    struct berval **bersecretkey = NULL;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context = NULL;
+    krb5_ldap_server_handle *ldap_server_handle = NULL;
+    LDAP *ld = NULL;
+    LDAPMod **mods = NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    SETUP_CONTEXT();
+    if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL)
+        return EINVAL;
+
+    /* get ldap handle */
+    GET_HANDLE();
+
+    /* Pass no flags.  Principal aliases won't be returned, which is a good
+     * thing since we don't support renaming aliases. */
+    st = krb5_ldap_get_principal(context, source, 0, &entry);
+    if (st)
+        goto cleanup;
+
+    st = is_standalone_principal(context, entry, &is_standalone);
+    if (st)
+        goto cleanup;
+
+    st = krb5_get_userdn(context, entry, &dn);
+    if (st)
+        goto cleanup;
+    if (dn == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("dn information missing"));
+        goto cleanup;
+    }
+
+    st = unparse_principal_name(context, source, &suser);
+    if (st)
+        goto cleanup;
+    st = unparse_principal_name(context, target, &tuser);
+    if (st)
+        goto cleanup;
+
+    /* Specialize the salt and store it first so that in case of an error the
+     * correct salt will still be used. */
+    st = krb5_dbe_specialize_salt(context, entry);
+    if (st)
+        goto cleanup;
+
+    st = krb5_dbe_lookup_mkvno(context, entry, &mkvno);
+    if (st)
+        goto cleanup;
+
+    bersecretkey = krb5_encode_krbsecretkey(entry->key_data, entry->n_key_data,
+                                            mkvno);
+    if (bersecretkey == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    st = krb5_add_ber_mem_ldap_mod(&mods, "krbPrincipalKey",
+                                   LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
+                                   bersecretkey);
+    if (st != 0)
+        goto cleanup;
+
+    /* Update the principal. */
+    st = krb5_ldap_modify_ext(context, ld, dn, mods, OP_MOD);
+    if (st)
+        goto cleanup;
+    ldap_mods_free(mods, 1);
+    mods = NULL;
+
+    /* If this is a standalone principal, we want to rename the DN of the LDAP
+     * entry.  If not, we will modify the entry without changing its DN. */
+    if (is_standalone) {
+        st = rename_principal_rdn(context, ld, dn, tuser, &newdn);
+        if (st)
+            goto cleanup;
+        free(dn);
+        dn = newdn;
+        newdn = NULL;
+    }
+
+    /* There can be more than one krbPrincipalName, so we have to delete
+     * the old one and add the new one. */
+    strval[0] = suser;
+    strval[1] = NULL;
+    st = krb5_add_str_mem_ldap_mod(&mods, "krbPrincipalName", LDAP_MOD_DELETE,
+                                   strval);
+    if (st)
+        goto cleanup;
+
+    strval[0] = tuser;
+    strval[1] = NULL;
+    if (!is_standalone) {
+        st = krb5_add_str_mem_ldap_mod(&mods, "krbPrincipalName", LDAP_MOD_ADD,
+                                       strval);
+        if (st)
+            goto cleanup;
+    }
+
+    st = krb5_add_str_mem_ldap_mod(&mods, "krbCanonicalName", LDAP_MOD_REPLACE,
+                                   strval);
+    if (st)
+        goto cleanup;
+
+    /* Update the principal. */
+    st = krb5_ldap_modify_ext(context, ld, dn, mods, OP_MOD);
+    if (st)
+        goto cleanup;
+
+cleanup:
+    free(dn);
+    free(suser);
+    free(tuser);
+    free_berdata(bersecretkey);
+    krb5_db_free_principal(context, entry);
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+/*
+ * Function: krb5_ldap_unparse_principal_name
+ *
+ * Purpose: Removes '\\' that comes before every occurrence of '@'
+ *          in the principal name component.
+ *
+ * Arguments:
+ *       user_name     (input/output)      Principal name
+ *
+ */
+
+krb5_error_code
+krb5_ldap_unparse_principal_name(char *user_name)
+{
+    char *in, *out;
+
+    out = user_name;
+    for (in = user_name; *in; in++) {
+        if (*in == '\\' && *(in + 1) == '@')
+            continue;
+        *out++ = *in;
+    }
+    *out = '\0';
+
+    return 0;
+}
+
+
+/*
+ * Function: krb5_ldap_parse_principal_name
+ *
+ * Purpose: Inserts '\\' before every occurrence of '@'
+ *          in the principal name component.
+ *
+ * Arguments:
+ *       i_princ_name     (input)      Principal name without '\\'
+ *       o_princ_name     (output)     Principal name with '\\'
+ *
+ * Note: The caller has to free the memory allocated for o_princ_name.
+ */
+
+krb5_error_code
+krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
+{
+    const char *at_rlm_name, *p;
+    struct k5buf buf;
+
+    at_rlm_name = strrchr(i_princ_name, '@');
+    if (!at_rlm_name) {
+        *o_princ_name = strdup(i_princ_name);
+    } else {
+        k5_buf_init_dynamic(&buf);
+        for (p = i_princ_name; p < at_rlm_name; p++) {
+            if (*p == '@')
+                k5_buf_add(&buf, "\\");
+            k5_buf_add_len(&buf, p, 1);
+        }
+        k5_buf_add(&buf, at_rlm_name);
+        *o_princ_name = k5_buf_cstring(&buf);
+    }
+    return (*o_princ_name == NULL) ? ENOMEM : 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
new file mode 100644
index 00000000..72a9f960
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
@@ -0,0 +1,152 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_principal.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LDAP_PRINCIPAL_H
+#define _LDAP_PRINCIPAL_H 1
+
+#include "ldap_tkt_policy.h"
+#include "princ_xdr.h"
+
+#define  KEYHEADER  12
+
+#define  NOOFKEYS(ptr)          ((ptr[10]<<8) | ptr[11])
+
+#define  PRINCIPALLEN(ptr)      ((ptr[0]<<8) | ptr[1])
+#define  PRINCIPALNAME(ptr)     (ptr + KEYHEADER + (NOOFKEYS(ptr) *8))
+
+#define  KEYBODY(ptr)           PRINCIPALNAME(ptr) + PRINCIPALLEN(ptr)
+
+#define  PKEYVER(ptr)           ((ptr[2]<<8) | ptr[3])
+#define  MKEYVER(ptr)           ((ptr[4]<<8) | ptr[5])
+
+#define  KEYTYPE(ptr,j)         ((ptr[KEYHEADER+(j*8)]<<8) | ptr[KEYHEADER+1+(j*8)])
+#define  KEYLENGTH(ptr,j)       ((ptr[KEYHEADER+2+(j*8)]<<8) | ptr[KEYHEADER+3+(j*8)])
+#define  SALTTYPE(ptr,j)        ((ptr[KEYHEADER+4+(j*8)]<<8) | ptr[KEYHEADER+5+(j*8)])
+#define  SALTLENGTH(ptr,j)      ((ptr[KEYHEADER+6+(j*8)]<<8) | ptr[KEYHEADER+7+(j*8)])
+
+#define MAX_KEY_LENGTH         1024
+#define CONTAINERDN_ARG        "containerdn"
+#define USERDN_ARG             "dn"
+#define TKTPOLICY_ARG          "tktpolicy"
+#define LINKDN_ARG             "linkdn"
+
+/* #define FILTER   "(&(objectclass=krbprincipalaux)(krbprincipalname=" */
+#define FILTER   "(&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal))(krbprincipalname="
+
+#define  KDB_USER_PRINCIPAL    0x01
+#define  KDB_SERVICE_PRINCIPAL 0x02
+#define KDB_STANDALONE_PRINCIPAL_OBJECT 0x01
+
+/* these will be consumed only by krb5_ldap_delete_principal*/
+/* these will be set by krb5_ldap_get_principal and fed into the tl_data */
+
+/* See also attributes_set[] in ldap_principal.c.  */
+#define KDB_MAX_LIFE_ATTR                    0x000001
+#define KDB_MAX_RLIFE_ATTR                   0x000002
+#define KDB_TKT_FLAGS_ATTR                   0x000004
+#define KDB_PRINC_EXPIRE_TIME_ATTR           0x000008
+#define KDB_POL_REF_ATTR                     0x000010
+#define KDB_AUTH_IND_ATTR                    0x000020
+#define KDB_PWD_POL_REF_ATTR                 0x000040
+#define KDB_PWD_EXPIRE_TIME_ATTR             0x000080
+#define KDB_SECRET_KEY_ATTR                  0x000100
+#define KDB_LAST_PWD_CHANGE_ATTR             0x000200
+#define KDB_EXTRA_DATA_ATTR                  0x000400
+#define KDB_LAST_SUCCESS_ATTR                0x000800
+#define KDB_LAST_FAILED_ATTR                 0x001000
+#define KDB_FAIL_AUTH_COUNT_ATTR             0x002000
+#define KDB_LAST_ADMIN_UNLOCK_ATTR           0x004000
+#define KDB_PWD_HISTORY_ATTR                 0x008000
+
+/*
+ * This is a private contract between krb5_ldap_lockout_audit()
+ * and krb5_ldap_put_principal(). If present, it means that the
+ * krbPwdMaxFailure attribute should be incremented by one.
+ */
+#define KADM5_FAIL_AUTH_COUNT_INCREMENT      0x080000 /* KADM5_CPW_FUNCTION */
+
+extern struct timeval timeout;
+extern char *policyclass[];
+
+krb5_error_code
+krb5_ldap_put_principal(krb5_context, krb5_db_entry *, char **);
+
+krb5_error_code
+krb5_ldap_get_principal(krb5_context , krb5_const_principal ,
+                        unsigned int, krb5_db_entry **);
+
+krb5_error_code
+krb5_ldap_delete_principal(krb5_context, krb5_const_principal);
+
+krb5_error_code
+krb5_ldap_rename_principal(krb5_context context, krb5_const_principal source,
+                           krb5_const_principal target);
+
+krb5_error_code
+krb5_ldap_iterate(krb5_context, char *,
+                  krb5_error_code (*)(krb5_pointer, krb5_db_entry *),
+                  krb5_pointer, krb5_flags);
+
+void
+k5_free_key_data(krb5_int16 n_key_data, krb5_key_data *key_data);
+
+void
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry);
+
+void
+krb5_dbe_free_contents(krb5_context, krb5_db_entry *);
+
+krb5_error_code
+krb5_ldap_unparse_principal_name(char *);
+
+krb5_error_code
+krb5_ldap_parse_principal_name(char *, char **);
+
+struct berval**
+krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data,
+                         krb5_kvno mkvno);
+
+krb5_error_code
+krb5_decode_histkey(krb5_context, struct berval **, osa_princ_ent_rec *);
+
+krb5_error_code
+krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
+                         krb5_kvno *);
+
+void
+free_berdata(struct berval **array);
+
+krb5_error_code
+berval2tl_data(struct berval *in, krb5_tl_data **out);
+
+krb5_error_code
+krb5_read_tkt_policy(krb5_context, krb5_ldap_context *, krb5_db_entry *,
+                     char *);
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
new file mode 100644
index 00000000..ff705a2c
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -0,0 +1,1751 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "ldap_main.h"
+#include "kdb_ldap.h"
+#include "ldap_principal.h"
+#include "princ_xdr.h"
+#include "ldap_tkt_policy.h"
+#include "ldap_pwd_policy.h"
+#include "ldap_err.h"
+#include <kadm5/admin.h>
+#include <time.h>
+
+extern char* principal_attributes[];
+extern char* max_pwd_life_attr[];
+
+static char *
+getstringtime(krb5_timestamp);
+
+krb5_error_code
+berval2tl_data(struct berval *in, krb5_tl_data **out)
+{
+    *out = (krb5_tl_data *) malloc (sizeof (krb5_tl_data));
+    if (*out == NULL)
+        return ENOMEM;
+
+    (*out)->tl_data_length = in->bv_len - 2;
+    (*out)->tl_data_contents =  (krb5_octet *) malloc
+        ((*out)->tl_data_length * sizeof (krb5_octet));
+    if ((*out)->tl_data_contents == NULL) {
+        free (*out);
+        return ENOMEM;
+    }
+
+    UNSTORE16_INT (in->bv_val, (*out)->tl_data_type);
+    memcpy ((*out)->tl_data_contents, in->bv_val + 2, (*out)->tl_data_length);
+
+    return 0;
+}
+
+/*
+ * look up a principal in the directory.
+ */
+
+krb5_error_code
+krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+                        unsigned int flags, krb5_db_entry **entry_ptr)
+{
+    char                        *user=NULL, *filter=NULL, *filtuser=NULL;
+    unsigned int                tree=0, ntrees=1, princlen=0;
+    krb5_error_code             tempst=0, st=0;
+    char                        **values=NULL, **subtree=NULL, *cname=NULL;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+    krb5_principal              cprinc=NULL;
+    krb5_boolean                found=FALSE;
+    krb5_db_entry               *entry = NULL;
+
+    *entry_ptr = NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    if (searchfor == NULL)
+        return EINVAL;
+
+    dal_handle = context->dal_handle;
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
+
+    CHECK_LDAP_HANDLE(ldap_context);
+
+    if (!is_principal_in_realm(ldap_context, searchfor)) {
+        st = KRB5_KDB_NOENTRY;
+        k5_setmsg(context, st, _("Principal does not belong to realm"));
+        goto cleanup;
+    }
+
+    if ((st=krb5_unparse_name(context, searchfor, &user)) != 0)
+        goto cleanup;
+
+    if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
+        goto cleanup;
+
+    filtuser = ldap_filter_correct(user);
+    if (filtuser == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */
+    if ((filter = malloc(princlen)) == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+    snprintf(filter, princlen, FILTER"%s))", filtuser);
+
+    if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
+        goto cleanup;
+
+    GET_HANDLE();
+    for (tree=0; tree < ntrees && !found; ++tree) {
+
+        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
+        for (ent=ldap_first_entry(ld, result); ent != NULL && !found; ent=ldap_next_entry(ld, ent)) {
+
+            /* get the associated directory user information */
+            if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+                int i;
+
+                /* a wild-card in a principal name can return a list of kerberos principals.
+                 * Make sure that the correct principal is returned.
+                 * NOTE: a principalname k* in ldap server will return all the principals starting with a k
+                 */
+                for (i=0; values[i] != NULL; ++i) {
+                    if (strcmp(values[i], user) == 0) {
+                        found = TRUE;
+                        break;
+                    }
+                }
+                ldap_value_free(values);
+
+                if (!found) /* no matching principal found */
+                    continue;
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbcanonicalname")) != NULL) {
+                if (values[0] && strcmp(values[0], user) != 0) {
+                    /* We matched an alias, not the canonical name. */
+                    st = krb5_ldap_parse_principal_name(values[0], &cname);
+                    if (st != 0)
+                        goto cleanup;
+                    st = krb5_parse_name(context, cname, &cprinc);
+                    if (st != 0)
+                        goto cleanup;
+                }
+                ldap_value_free(values);
+                if (!found)
+                    continue;
+            }
+
+            entry = k5alloc(sizeof(*entry), &st);
+            if (entry == NULL)
+                goto cleanup;
+            if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent,
+                                             cprinc ? cprinc : searchfor,
+                                             entry)) != 0)
+                goto cleanup;
+        }
+        ldap_msgfree(result);
+        result = NULL;
+    } /* for (tree=0 ... */
+
+    if (found) {
+        *entry_ptr = entry;
+        entry = NULL;
+    } else
+        st = KRB5_KDB_NOENTRY;
+
+cleanup:
+    ldap_msgfree(result);
+    krb5_db_free_principal(context, entry);
+
+    if (filter)
+        free (filter);
+
+    if (subtree) {
+        for (; ntrees; --ntrees)
+            if (subtree[ntrees-1])
+                free (subtree[ntrees-1]);
+        free (subtree);
+    }
+
+    if (ldap_server_handle)
+        krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+
+    if (user)
+        free(user);
+
+    if (filtuser)
+        free(filtuser);
+
+    if (cname)
+        free(cname);
+
+    if (cprinc)
+        krb5_free_principal(context, cprinc);
+
+    return st;
+}
+
+typedef enum{ ADD_PRINCIPAL, MODIFY_PRINCIPAL } OPERATION;
+/*
+ * ptype is creating confusions. Additionally the logic
+ * surronding ptype is redundunt and can be achevied
+ * with the help of dn and containerdn members.
+ * so dropping the ptype member
+ */
+
+typedef struct _xargs_t {
+    char           *dn;
+    char           *linkdn;
+    krb5_boolean   dn_from_kbd;
+    char           *containerdn;
+    char           *tktpolicydn;
+}xargs_t;
+
+static void
+free_xargs(xargs_t xargs)
+{
+    if (xargs.dn)
+        free (xargs.dn);
+    if (xargs.linkdn)
+        free(xargs.linkdn);
+    if (xargs.containerdn)
+        free (xargs.containerdn);
+    if (xargs.tktpolicydn)
+        free (xargs.tktpolicydn);
+}
+
+static krb5_error_code
+process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
+                OPERATION optype)
+{
+    int                   i=0;
+    krb5_error_code       st=0;
+    char                  *arg=NULL, *arg_val=NULL;
+    char                  **dptr=NULL;
+    unsigned int          arg_val_len=0;
+
+    if (db_args) {
+        for (i=0; db_args[i]; ++i) {
+            arg = strtok_r(db_args[i], "=", &arg_val);
+            arg = (arg != NULL) ? arg : "";
+            if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+                dptr = &xargs->tktpolicydn;
+            } else {
+                if (strcmp(arg, USERDN_ARG) == 0) {
+                    if (optype == MODIFY_PRINCIPAL ||
+                        xargs->dn != NULL || xargs->containerdn != NULL ||
+                        xargs->linkdn != NULL) {
+                        st = EINVAL;
+                        k5_setmsg(context, st, _("%s option not supported"),
+                                  arg);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->dn;
+                } else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
+                    if (optype == MODIFY_PRINCIPAL ||
+                        xargs->dn != NULL || xargs->containerdn != NULL) {
+                        st = EINVAL;
+                        k5_setmsg(context, st, _("%s option not supported"),
+                                  arg);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->containerdn;
+                } else if (strcmp(arg, LINKDN_ARG) == 0) {
+                    if (xargs->dn != NULL || xargs->linkdn != NULL) {
+                        st = EINVAL;
+                        k5_setmsg(context, st, _("%s option not supported"),
+                                  arg);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->linkdn;
+                } else {
+                    st = EINVAL;
+                    k5_setmsg(context, st, _("unknown option: %s"), arg);
+                    goto cleanup;
+                }
+
+                xargs->dn_from_kbd = TRUE;
+                if (arg_val == NULL || strlen(arg_val) == 0) {
+                    st = EINVAL;
+                    k5_setmsg(context, st, _("%s option value missing"), arg);
+                    goto cleanup;
+                }
+            }
+
+            if (arg_val == NULL) {
+                st = EINVAL;
+                k5_setmsg(context, st, _("%s option value missing"), arg);
+                goto cleanup;
+            }
+            arg_val_len = strlen(arg_val) + 1;
+
+            if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+                if ((st = krb5_ldap_name_to_policydn (context,
+                                                      arg_val,
+                                                      dptr)) != 0)
+                    goto cleanup;
+            } else {
+                *dptr = k5memdup(arg_val, arg_val_len, &st);
+                if (*dptr == NULL)
+                    goto cleanup;
+            }
+        }
+    }
+
+cleanup:
+    return st;
+}
+
+krb5int_access accessor;
+
+static krb5_error_code
+asn1_encode_sequence_of_keys(krb5_key_data *key_data, krb5_int16 n_key_data,
+                             krb5_int32 mkvno, krb5_data **code)
+{
+    krb5_error_code err;
+    ldap_seqof_key_data val;
+
+    /*
+     * This should be pushed back into other library initialization
+     * code.
+     */
+    err = kldap_ensure_initialized ();
+    if (err)
+        return err;
+
+    val.key_data = key_data;
+    val.n_key_data = n_key_data;
+    val.mkvno = mkvno;
+    val.kvno = key_data[0].key_data_kvno;
+
+    return accessor.asn1_ldap_encode_sequence_of_keys(&val, code);
+}
+
+static krb5_error_code
+asn1_decode_sequence_of_keys(krb5_data *in, ldap_seqof_key_data *out)
+{
+    krb5_error_code err;
+    ldap_seqof_key_data *p;
+    int i;
+
+    memset(out, 0, sizeof(*out));
+
+    /*
+     * This should be pushed back into other library initialization
+     * code.
+     */
+    err = kldap_ensure_initialized ();
+    if (err)
+        return err;
+
+    err = accessor.asn1_ldap_decode_sequence_of_keys(in, &p);
+    if (err)
+        return err;
+
+    /* Set kvno and key_data_ver in each key_data element. */
+    for (i = 0; i < p->n_key_data; i++) {
+        p->key_data[i].key_data_kvno = p->kvno;
+        /* The decoder sets key_data_ver to 1 if no salt is present, but leaves
+         * it at 0 if salt is present. */
+        if (p->key_data[i].key_data_ver == 0)
+            p->key_data[i].key_data_ver = 2;
+    }
+
+    *out = *p;
+    free(p);
+    return 0;
+}
+
+/*
+ * Free a NULL-terminated struct berval *array[] and all its contents.
+ * Does not set array to NULL after freeing it.
+ */
+void
+free_berdata(struct berval **array)
+{
+    int i;
+
+    if (array != NULL) {
+        for (i = 0; array[i] != NULL; i++) {
+            if (array[i]->bv_val != NULL)
+                free(array[i]->bv_val);
+            free(array[i]);
+        }
+        free(array);
+    }
+}
+
+/*
+ * Encode krb5_key_data into a berval struct for insertion into LDAP.
+ */
+static krb5_error_code
+encode_keys(krb5_key_data *key_data_in, int n_key_data, krb5_kvno mkvno,
+            struct berval **bval_out)
+{
+    krb5_error_code err = 0;
+    int i;
+    krb5_key_data *key_data = NULL;
+    struct berval *bval = NULL;
+    krb5_data *code;
+
+    *bval_out = NULL;
+    if (n_key_data <= 0) {
+        err = EINVAL;
+        goto cleanup;
+    }
+
+    /* Make a shallow copy of the key data so we can alter it. */
+    key_data = k5calloc(n_key_data, sizeof(*key_data), &err);
+    if (key_data == NULL)
+        goto cleanup;
+    memcpy(key_data, key_data_in, n_key_data * sizeof(*key_data));
+
+    /* Unpatched krb5 1.11 and 1.12 cannot decode KrbKey sequences with no salt
+     * field.  For compatibility, always encode a salt field. */
+    for (i = 0; i < n_key_data; i++) {
+        if (key_data[i].key_data_ver == 1) {
+            key_data[i].key_data_ver = 2;
+            key_data[i].key_data_type[1] = KRB5_KDB_SALTTYPE_NORMAL;
+            key_data[i].key_data_length[1] = 0;
+            key_data[i].key_data_contents[1] = NULL;
+        }
+    }
+
+    bval = k5alloc(sizeof(struct berval), &err);
+    if (bval == NULL)
+        goto cleanup;
+
+    err = asn1_encode_sequence_of_keys(key_data, n_key_data, mkvno, &code);
+    if (err)
+        goto cleanup;
+
+    /* Steal the data pointer from code for bval and discard code. */
+    bval->bv_len = code->length;
+    bval->bv_val = code->data;
+    free(code);
+
+    *bval_out = bval;
+    bval = NULL;
+
+cleanup:
+    free(key_data);
+    free(bval);
+    return err;
+}
+
+/* Decoding ASN.1 encoded key */
+struct berval **
+krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data,
+                         krb5_kvno mkvno)
+{
+    struct berval **ret = NULL;
+    int currkvno;
+    int num_versions = 0;
+    int i, j, last;
+    krb5_error_code err = 0;
+
+    if (n_key_data < 0)
+        return NULL;
+
+    /* Find the number of key versions */
+    if (n_key_data > 0) {
+        for (i = 0, num_versions = 1; i < n_key_data - 1; i++) {
+            if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno)
+                num_versions++;
+        }
+    }
+
+    ret = calloc(num_versions + 1, sizeof(struct berval *));
+    if (ret == NULL) {
+        err = ENOMEM;
+        goto cleanup;
+    }
+    ret[num_versions] = NULL;
+
+    /* n_key_data may be 0 if a principal is created without a key. */
+    if (n_key_data == 0)
+        goto cleanup;
+
+    currkvno = key_data[0].key_data_kvno;
+    for (i = 0, last = 0, j = 0; i < n_key_data; i++) {
+        if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
+            err = encode_keys(key_data + last, (krb5_int16)i - last + 1, mkvno,
+                              &ret[j]);
+            if (err)
+                goto cleanup;
+            j++;
+            last = i + 1;
+
+            if (i < n_key_data - 1)
+                currkvno = key_data[i + 1].key_data_kvno;
+        }
+    }
+
+cleanup:
+    if (err != 0) {
+        free_berdata(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+/*
+ * Encode a principal's key history for insertion into ldap.
+ */
+static struct berval **
+krb5_encode_histkey(osa_princ_ent_rec *princ_ent)
+{
+    unsigned int i;
+    krb5_error_code err = 0;
+    struct berval **ret = NULL;
+
+    if (princ_ent->old_key_len <= 0)
+        return NULL;
+
+    ret = k5calloc(princ_ent->old_key_len + 1, sizeof(struct berval *), &err);
+    if (ret == NULL)
+        goto cleanup;
+
+    for (i = 0; i < princ_ent->old_key_len; i++) {
+        if (princ_ent->old_keys[i].n_key_data <= 0) {
+            err = EINVAL;
+            goto cleanup;
+        }
+        err = encode_keys(princ_ent->old_keys[i].key_data,
+                          princ_ent->old_keys[i].n_key_data,
+                          princ_ent->admin_history_kvno, &ret[i]);
+        if (err)
+            goto cleanup;
+    }
+
+    ret[princ_ent->old_key_len] = NULL;
+
+cleanup:
+    if (err != 0) {
+        free_berdata(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+static krb5_error_code
+tl_data2berval (krb5_tl_data *in, struct berval **out)
+{
+    *out = (struct berval *) malloc (sizeof (struct berval));
+    if (*out == NULL)
+        return ENOMEM;
+
+    (*out)->bv_len = in->tl_data_length + 2;
+    (*out)->bv_val =  (char *) malloc ((*out)->bv_len);
+    if ((*out)->bv_val == NULL) {
+        free (*out);
+        return ENOMEM;
+    }
+
+    STORE16_INT((*out)->bv_val, in->tl_data_type);
+    memcpy ((*out)->bv_val + 2, in->tl_data_contents, in->tl_data_length);
+
+    return 0;
+}
+
+/* Parse the "require_auth" string for auth indicators, adding them to the
+ * krbPrincipalAuthInd attribute. */
+static krb5_error_code
+update_ldap_mod_auth_ind(krb5_context context, krb5_db_entry *entry,
+                         LDAPMod ***mods)
+{
+    int i = 0;
+    krb5_error_code ret;
+    char *auth_ind = NULL;
+    char *strval[10] = { 0 };
+    char *ai, *ai_save = NULL;
+    int mask, sv_num = sizeof(strval) / sizeof(*strval);
+
+    ret = krb5_dbe_get_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
+                              &auth_ind);
+    if (ret)
+        return ret;
+    if (auth_ind == NULL) {
+        /* If we know krbPrincipalAuthInd attributes are present from loading
+         * the entry, delete them. */
+        ret = krb5_get_attributes_mask(context, entry, &mask);
+        if (!ret && (mask & KDB_AUTH_IND_ATTR)) {
+            return krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
+                                             LDAP_MOD_DELETE, NULL);
+        }
+        return 0;
+    }
+
+    ai = strtok_r(auth_ind, " ", &ai_save);
+    while (ai != NULL && i < sv_num) {
+        strval[i++] = ai;
+        ai = strtok_r(NULL, " ", &ai_save);
+    }
+
+    ret = krb5_add_str_mem_ldap_mod(mods, "krbPrincipalAuthInd",
+                                    LDAP_MOD_REPLACE, strval);
+    krb5_dbe_free_string(context, auth_ind);
+    return ret;
+}
+
+static krb5_error_code
+check_dn_in_container(krb5_context context, const char *dn,
+                      char *const *subtrees, unsigned int ntrees)
+{
+    unsigned int i;
+    size_t dnlen = strlen(dn), stlen;
+
+    for (i = 0; i < ntrees; i++) {
+        if (subtrees[i] == NULL || *subtrees[i] == '\0')
+            return 0;
+        stlen = strlen(subtrees[i]);
+        if (dnlen >= stlen &&
+            strcasecmp(dn + dnlen - stlen, subtrees[i]) == 0 &&
+            (dnlen == stlen || dn[dnlen - stlen - 1] == ','))
+            return 0;
+    }
+
+    k5_setmsg(context, EINVAL, _("DN is out of the realm subtree"));
+    return EINVAL;
+}
+
+static krb5_error_code
+check_dn_exists(krb5_context context,
+                krb5_ldap_server_handle *ldap_server_handle,
+                const char *dn, krb5_boolean nonkrb_only)
+{
+    krb5_error_code st = 0, tempst;
+    krb5_ldap_context *ldap_context = context->dal_handle->db_context;
+    LDAP *ld = ldap_server_handle->ldap_handle;
+    LDAPMessage *result = NULL, *ent;
+    char *attrs[] = { "krbticketpolicyreference", "krbprincipalname", NULL };
+    char **values;
+
+    LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attrs, IGNORE_STATUS);
+    if (st != LDAP_SUCCESS)
+        return set_ldap_error(context, st, OP_SEARCH);
+
+    ent = ldap_first_entry(ld, result);
+    CHECK_NULL(ent);
+
+    values = ldap_get_values(ld, ent, "krbticketpolicyreference");
+    if (values != NULL)
+        ldap_value_free(values);
+
+    values = ldap_get_values(ld, ent, "krbprincipalname");
+    if (values != NULL) {
+        ldap_value_free(values);
+        if (nonkrb_only) {
+            st = EINVAL;
+            k5_setmsg(context, st, _("ldap object is already kerberized"));
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    ldap_msgfree(result);
+    return st;
+}
+
+static krb5_error_code
+validate_xargs(krb5_context context,
+               krb5_ldap_server_handle *ldap_server_handle,
+               const xargs_t *xargs, const char *standalone_dn,
+               char *const *subtrees, unsigned int ntrees)
+{
+    krb5_error_code st;
+
+    if (xargs->dn != NULL) {
+        /* The supplied dn must be within a realm container. */
+        st = check_dn_in_container(context, xargs->dn, subtrees, ntrees);
+        if (st)
+            return st;
+        /* The supplied dn must exist without Kerberos attributes. */
+        st = check_dn_exists(context, ldap_server_handle, xargs->dn, TRUE);
+        if (st)
+            return st;
+    }
+
+    if (xargs->linkdn != NULL) {
+        /* The supplied linkdn must be within a realm container. */
+        st = check_dn_in_container(context, xargs->linkdn, subtrees, ntrees);
+        if (st)
+            return st;
+        /* The supplied linkdn must exist. */
+        st = check_dn_exists(context, ldap_server_handle, xargs->linkdn,
+                             FALSE);
+        if (st)
+            return st;
+    }
+
+    if (xargs->containerdn != NULL && standalone_dn != NULL) {
+        /* standalone_dn (likely composed using containerdn) must be within a
+         * container. */
+        st = check_dn_in_container(context, standalone_dn, subtrees, ntrees);
+        if (st)
+            return st;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
+                        char **db_args)
+{
+    int                         l=0, kerberos_principal_object_type=0;
+    unsigned int                ntrees=0, tre=0;
+    krb5_error_code             st=0, tempst=0;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
+    char                        **subtreelist = NULL;
+    char                        *user=NULL, *subtree=NULL, *principal_dn=NULL;
+    char                        *strval[10]={NULL}, errbuf[1024];
+    char                        *filtuser=NULL;
+    struct berval               **bersecretkey=NULL;
+    LDAPMod                     **mods=NULL;
+    krb5_boolean                create_standalone=FALSE;
+    krb5_boolean                establish_links=FALSE;
+    char                        *standalone_principal_dn=NULL;
+    krb5_tl_data                *tl_data=NULL;
+    krb5_key_data               **keys=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+    osa_princ_ent_rec           princ_ent = {0};
+    xargs_t                     xargs = {0};
+    char                        *polname = NULL;
+    OPERATION optype;
+    krb5_boolean                found_entry = FALSE;
+    char                        *filter = NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    SETUP_CONTEXT();
+    if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL)
+        return EINVAL;
+
+    /* get ldap handle */
+    GET_HANDLE();
+
+    if (!is_principal_in_realm(ldap_context, entry->princ)) {
+        st = EINVAL;
+        k5_setmsg(context, st,
+                  _("Principal does not belong to the default realm"));
+        goto cleanup;
+    }
+
+    /* get the principal information to act on */
+    if (((st=krb5_unparse_name(context, entry->princ, &user)) != 0) ||
+        ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+        goto cleanup;
+    filtuser = ldap_filter_correct(user);
+    if (filtuser == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    /* Identity the type of operation, it can be
+     * add principal or modify principal.
+     * hack if the entry->mask has KRB_PRINCIPAL flag set
+     * then it is a add operation
+     */
+    if (entry->mask & KADM5_PRINCIPAL)
+        optype = ADD_PRINCIPAL;
+    else
+        optype = MODIFY_PRINCIPAL;
+
+    if (((st=krb5_get_princ_type(context, entry, &kerberos_principal_object_type)) != 0) ||
+        ((st=krb5_get_userdn(context, entry, &principal_dn)) != 0))
+        goto cleanup;
+
+    if ((st=process_db_args(context, db_args, &xargs, optype)) != 0)
+        goto cleanup;
+
+    if (entry->mask & KADM5_LOAD) {
+        unsigned int     tree = 0;
+        int              numlentries = 0;
+
+        /*  A load operation is special, will do a mix-in (add krbprinc
+         *  attrs to a non-krb object entry) if an object exists with a
+         *  matching krbprincipalname attribute so try to find existing
+         *  object and set principal_dn.  This assumes that the
+         *  krbprincipalname attribute is unique (only one object entry has
+         *  a particular krbprincipalname attribute).
+         */
+        if (asprintf(&filter, FILTER"%s))", filtuser) < 0) {
+            filter = NULL;
+            st = ENOMEM;
+            goto cleanup;
+        }
+
+        /* get the current subtree list */
+        if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
+            goto cleanup;
+
+        found_entry = FALSE;
+        /* search for entry with matching krbprincipalname attribute */
+        for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) {
+            if (principal_dn == NULL) {
+                LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS);
+            } else {
+                /* just look for entry with principal_dn */
+                LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS);
+            }
+            if (st == LDAP_SUCCESS) {
+                numlentries = ldap_count_entries(ld, result);
+                if (numlentries > 1) {
+                    st = EINVAL;
+                    k5_setmsg(context, st,
+                              _("operation can not continue, more than one "
+                                "entry with principal name \"%s\" found"),
+                              user);
+                    goto cleanup;
+                } else if (numlentries == 1) {
+                    found_entry = TRUE;
+                    if (principal_dn == NULL) {
+                        ent = ldap_first_entry(ld, result);
+                        if (ent != NULL) {
+                            /* setting principal_dn will cause that entry to be modified further down */
+                            if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) {
+                                ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
+                                st = set_ldap_error (context, st, 0);
+                                goto cleanup;
+                            }
+                        }
+                    }
+                }
+            } else if (st != LDAP_NO_SUCH_OBJECT) {
+                /* could not perform search, return with failure */
+                st = set_ldap_error (context, st, 0);
+                goto cleanup;
+            }
+            ldap_msgfree(result);
+            result = NULL;
+            /*
+             * If it isn't found then assume a standalone princ entry is to
+             * be created.
+             */
+        } /* end for (tree = 0; principal_dn == ... */
+
+        if (found_entry == FALSE && principal_dn != NULL) {
+            /*
+             * if principal_dn is null then there is code further down to
+             * deal with setting standalone_principal_dn.  Also note that
+             * this will set create_standalone true for
+             * non-mix-in entries which is okay if loading from a dump.
+             */
+            create_standalone = TRUE;
+            standalone_principal_dn = strdup(principal_dn);
+            CHECK_NULL(standalone_principal_dn);
+        }
+    } /* end if (entry->mask & KADM5_LOAD */
+
+    /* time to generate the DN information with the help of
+     * containerdn, principalcontainerreference or
+     * realmcontainerdn information
+     */
+    if (principal_dn == NULL && xargs.dn == NULL) { /* creation of standalone principal */
+        /* get the subtree information */
+        if (entry->princ->length == 2 && entry->princ->data[0].length == strlen("krbtgt") &&
+            strncmp(entry->princ->data[0].data, "krbtgt", entry->princ->data[0].length) == 0) {
+            /* if the principal is a inter-realm principal, always created in the realm container */
+            subtree = strdup(ldap_context->lrparams->realmdn);
+        } else if (xargs.containerdn) {
+            if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) {
+                if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
+                    int ost = st;
+                    st = EINVAL;
+                    k5_wrapmsg(context, ost, st, _("'%s' not found"),
+                               xargs.containerdn);
+                }
+                goto cleanup;
+            }
+            subtree = strdup(xargs.containerdn);
+        } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) {
+            /*
+             * Here the subtree should be changed with
+             * principalcontainerreference attribute value
+             */
+            subtree = strdup(ldap_context->lrparams->containerref);
+        } else {
+            subtree = strdup(ldap_context->lrparams->realmdn);
+        }
+        CHECK_NULL(subtree);
+
+        if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s",
+                     filtuser, subtree) < 0)
+            standalone_principal_dn = NULL;
+        CHECK_NULL(standalone_principal_dn);
+        /*
+         * free subtree when you are done using the subtree
+         * set the boolean create_standalone to TRUE
+         */
+        create_standalone = TRUE;
+        free(subtree);
+        subtree = NULL;
+    }
+
+    /*
+     * If the DN information is presented by the user, time to
+     * validate the input to ensure that the DN falls under
+     * any of the subtrees
+     */
+    if (xargs.dn_from_kbd == TRUE) {
+        /* Get the current subtree list if we haven't already done so. */
+        if (subtreelist == NULL) {
+            st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees);
+            if (st)
+                goto cleanup;
+        }
+
+        st = validate_xargs(context, ldap_server_handle, &xargs,
+                            standalone_principal_dn, subtreelist, ntrees);
+        if (st)
+            goto cleanup;
+    }
+
+    if (xargs.linkdn != NULL) {
+        /*
+         * link information can be changed using modprinc.
+         * However, link information can be changed only on the
+         * standalone kerberos principal objects. A standalone
+         * kerberos principal object is of type krbprincipal
+         * structural objectclass.
+         *
+         * NOTE: kerberos principals on an ldap object can't be
+         * linked to other ldap objects.
+         */
+        if (optype == MODIFY_PRINCIPAL &&
+            kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) {
+            st = EINVAL;
+            snprintf(errbuf, sizeof(errbuf),
+                     _("link information can not be set/updated as the "
+                       "kerberos principal belongs to an ldap object"));
+            k5_setmsg(context, st, "%s", errbuf);
+            goto cleanup;
+        }
+        /*
+         * Check the link information. If there is already a link
+         * existing then this operation is not allowed.
+         */
+        {
+            char **linkdns=NULL;
+            int  j=0;
+
+            if ((st=krb5_get_linkdn(context, entry, &linkdns)) != 0) {
+                snprintf(errbuf, sizeof(errbuf),
+                         _("Failed getting object references"));
+                k5_setmsg(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+            if (linkdns != NULL) {
+                st = EINVAL;
+                snprintf(errbuf, sizeof(errbuf),
+                         _("kerberos principal is already linked to a ldap "
+                           "object"));
+                k5_setmsg(context, st, "%s", errbuf);
+                for (j=0; linkdns[j] != NULL; ++j)
+                    free (linkdns[j]);
+                free (linkdns);
+                goto cleanup;
+            }
+        }
+
+        establish_links = TRUE;
+    }
+
+    if (entry->mask & KADM5_LAST_SUCCESS) {
+        memset(strval, 0, sizeof(strval));
+        if ((strval[0]=getstringtime(entry->last_success)) == NULL)
+            goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastSuccessfulAuth", LDAP_MOD_REPLACE, strval)) != 0) {
+            free (strval[0]);
+            goto cleanup;
+        }
+        free (strval[0]);
+    }
+
+    if (entry->mask & KADM5_LAST_FAILED) {
+        memset(strval, 0, sizeof(strval));
+        if ((strval[0]=getstringtime(entry->last_failed)) == NULL)
+            goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastFailedAuth", LDAP_MOD_REPLACE, strval)) != 0) {
+            free (strval[0]);
+            goto cleanup;
+        }
+        free(strval[0]);
+    }
+
+    if (entry->mask & KADM5_FAIL_AUTH_COUNT) {
+        krb5_kvno fail_auth_count;
+
+        fail_auth_count = entry->fail_auth_count;
+        if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
+            fail_auth_count++;
+
+        st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                       LDAP_MOD_REPLACE,
+                                       fail_auth_count);
+        if (st != 0)
+            goto cleanup;
+    } else if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) {
+        int attr_mask = 0;
+        krb5_boolean has_fail_count;
+
+        /* Check if the krbLoginFailedCount attribute exists.  (Through
+         * krb5 1.8.1, it wasn't set in new entries.) */
+        st = krb5_get_attributes_mask(context, entry, &attr_mask);
+        if (st != 0)
+            goto cleanup;
+        has_fail_count = ((attr_mask & KDB_FAIL_AUTH_COUNT_ATTR) != 0);
+
+        /*
+         * If the client library and server supports RFC 4525,
+         * then use it to increment by one the value of the
+         * krbLoginFailedCount attribute. Otherwise, assert the
+         * (provided) old value by deleting it before adding.
+         */
+#ifdef LDAP_MOD_INCREMENT
+        if (ldap_server_handle->server_info->modify_increment &&
+            has_fail_count) {
+            st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                           LDAP_MOD_INCREMENT, 1);
+            if (st != 0)
+                goto cleanup;
+        } else {
+#endif /* LDAP_MOD_INCREMENT */
+            if (has_fail_count) {
+                st = krb5_add_int_mem_ldap_mod(&mods,
+                                               "krbLoginFailedCount",
+                                               LDAP_MOD_DELETE,
+                                               entry->fail_auth_count);
+                if (st != 0)
+                    goto cleanup;
+            }
+            st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                           LDAP_MOD_ADD,
+                                           entry->fail_auth_count + 1);
+            if (st != 0)
+                goto cleanup;
+#ifdef LDAP_MOD_INCREMENT
+        }
+#endif
+    } else if (optype == ADD_PRINCIPAL) {
+        /* Initialize krbLoginFailedCount in new entries to help avoid a
+         * race during the first failed login. */
+        st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                       LDAP_MOD_ADD, 0);
+    }
+
+    if (entry->mask & KADM5_MAX_LIFE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entry->max_life)) != 0)
+            goto cleanup;
+    }
+
+    if (entry->mask & KADM5_MAX_RLIFE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                          entry->max_renewable_life)) != 0)
+            goto cleanup;
+    }
+
+    if (entry->mask & KADM5_ATTRIBUTES) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
+                                          entry->attributes)) != 0)
+            goto cleanup;
+    }
+
+    if (entry->mask & KADM5_PRINCIPAL) {
+        memset(strval, 0, sizeof(strval));
+        strval[0] = user;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0)
+            goto cleanup;
+    }
+
+    if (entry->mask & KADM5_PRINC_EXPIRE_TIME) {
+        memset(strval, 0, sizeof(strval));
+        if ((strval[0]=getstringtime(entry->expiration)) == NULL)
+            goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalexpiration", LDAP_MOD_REPLACE, strval)) != 0) {
+            free (strval[0]);
+            goto cleanup;
+        }
+        free (strval[0]);
+    }
+
+    if (entry->mask & KADM5_PW_EXPIRATION) {
+        memset(strval, 0, sizeof(strval));
+        if ((strval[0]=getstringtime(entry->pw_expiration)) == NULL)
+            goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration",
+                                          LDAP_MOD_REPLACE,
+                                          strval)) != 0) {
+            free (strval[0]);
+            goto cleanup;
+        }
+        free (strval[0]);
+    }
+
+    if (entry->mask & KADM5_POLICY || entry->mask & KADM5_KEY_HIST) {
+        memset(&princ_ent, 0, sizeof(princ_ent));
+        for (tl_data=entry->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
+            if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
+                if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
+                    goto cleanup;
+                }
+                break;
+            }
+        }
+    }
+
+    if (entry->mask & KADM5_POLICY) {
+        if (princ_ent.aux_attributes & KADM5_POLICY) {
+            memset(strval, 0, sizeof(strval));
+            if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0)
+                goto cleanup;
+            strval[0] = polname;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            k5_setmsg(context, st, "Password policy value null");
+            goto cleanup;
+        }
+    } else if (entry->mask & KADM5_LOAD && found_entry == TRUE) {
+        /*
+         * a load is special in that existing entries must have attrs that
+         * removed.
+         */
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, NULL)) != 0)
+            goto cleanup;
+    }
+
+    if (entry->mask & KADM5_POLICY_CLR) {
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
+            goto cleanup;
+    }
+
+    if (entry->mask & KADM5_KEY_HIST) {
+        bersecretkey = krb5_encode_histkey(&princ_ent);
+        if (bersecretkey == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
+
+        st = krb5_add_ber_mem_ldap_mod(&mods, "krbpwdhistory",
+                                       LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
+                                       bersecretkey);
+        if (st != 0)
+            goto cleanup;
+        free_berdata(bersecretkey);
+        bersecretkey = NULL;
+    }
+
+    if (entry->mask & KADM5_KEY_DATA || entry->mask & KADM5_KVNO) {
+        krb5_kvno mkvno;
+
+        if ((st=krb5_dbe_lookup_mkvno(context, entry, &mkvno)) != 0)
+            goto cleanup;
+        bersecretkey = krb5_encode_krbsecretkey (entry->key_data,
+                                                 entry->n_key_data, mkvno);
+
+        if (bersecretkey == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
+        /* An empty list of bervals is only accepted for modify operations,
+         * not add operations. */
+        if (bersecretkey[0] != NULL || !create_standalone) {
+            st = krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
+                                           LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
+                                           bersecretkey);
+            if (st != 0)
+                goto cleanup;
+        }
+
+        /* Update last password change whenever a new key is set */
+        {
+            krb5_timestamp last_pw_changed;
+            if ((st=krb5_dbe_lookup_last_pwd_change(context, entry,
+                                                    &last_pw_changed)) != 0)
+                goto cleanup;
+
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0] = getstringtime(last_pw_changed)) == NULL)
+                goto cleanup;
+
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastPwdChange",
+                                              LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+    } /* Modify Key data ends here */
+
+    /* Set tl_data */
+    if (entry->tl_data != NULL) {
+        int count = 0;
+        struct berval **ber_tl_data = NULL;
+        krb5_tl_data *ptr;
+        krb5_timestamp unlock_time;
+
+        /* Normalize required auth indicators, but also store them as string
+         * attributes within krbExtraData. */
+        st = update_ldap_mod_auth_ind(context, entry, &mods);
+        if (st != 0)
+            goto cleanup;
+
+        for (ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+            if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+#ifdef SECURID
+                || ptr->tl_data_type == KRB5_TL_DB_ARGS
+#endif
+                || ptr->tl_data_type == KRB5_TL_KADM_DATA
+                || ptr->tl_data_type == KDB_TL_USER_INFO
+                || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL
+                || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK)
+                continue;
+            count++;
+        }
+        if (count != 0) {
+            int j;
+            ber_tl_data = (struct berval **) calloc (count + 1,
+                                                     sizeof (struct berval*));
+            if (ber_tl_data == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            for (j = 0, ptr = entry->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+                /* Ignore tl_data that are stored in separate directory
+                 * attributes */
+                if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+#ifdef SECURID
+                    || ptr->tl_data_type == KRB5_TL_DB_ARGS
+#endif
+                    || ptr->tl_data_type == KRB5_TL_KADM_DATA
+                    || ptr->tl_data_type == KDB_TL_USER_INFO
+                    || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL
+                    || ptr->tl_data_type == KRB5_TL_LAST_ADMIN_UNLOCK)
+                    continue;
+                if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0)
+                    break;
+                j++;
+            }
+            if (st == 0) {
+                ber_tl_data[count] = NULL;
+                st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
+                                             LDAP_MOD_REPLACE |
+                                             LDAP_MOD_BVALUES, ber_tl_data);
+            }
+            free_berdata(ber_tl_data);
+            if (st != 0)
+                goto cleanup;
+        }
+        if ((st=krb5_dbe_lookup_last_admin_unlock(context, entry,
+                                                  &unlock_time)) != 0)
+            goto cleanup;
+        if (unlock_time != 0) {
+            /* Update last admin unlock */
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0] = getstringtime(unlock_time)) == NULL)
+                goto cleanup;
+
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastAdminUnlock",
+                                              LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+    }
+
+    /* Directory specific attribute */
+    if (xargs.tktpolicydn != NULL) {
+        int tmask=0;
+
+        if (strlen(xargs.tktpolicydn) != 0) {
+            st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
+            CHECK_CLASS_VALIDITY(st, tmask, _("ticket policy object value: "));
+
+            strval[0] = xargs.tktpolicydn;
+            strval[1] = NULL;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                goto cleanup;
+
+        } else {
+            /* if xargs.tktpolicydn is a empty string, then delete
+             * already existing krbticketpolicyreference attr */
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
+                goto cleanup;
+        }
+
+    }
+
+    if (establish_links == TRUE) {
+        memset(strval, 0, sizeof(strval));
+        strval[0] = xargs.linkdn;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbObjectReferences", LDAP_MOD_REPLACE, strval)) != 0)
+            goto cleanup;
+    }
+
+    /*
+     * in case mods is NULL then return
+     * not sure but can happen in a modprinc
+     * so no need to return an error
+     * addprinc will at least have the principal name
+     * and the keys passed in
+     */
+    if (mods == NULL)
+        goto cleanup;
+
+    if (create_standalone == TRUE) {
+        memset(strval, 0, sizeof(strval));
+        strval[0] = "krbprincipal";
+        strval[1] = "krbprincipalaux";
+        strval[2] = "krbTicketPolicyAux";
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+            goto cleanup;
+
+        st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
+        if (st == LDAP_ALREADY_EXISTS && entry->mask & KADM5_LOAD) {
+            /* a load operation must replace an existing entry */
+            st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL);
+            if (st != LDAP_SUCCESS) {
+                snprintf(errbuf, sizeof(errbuf),
+                         _("Principal delete failed (trying to replace "
+                           "entry): %s"), ldap_err2string(st));
+                st = translate_ldap_error (st, OP_ADD);
+                k5_setmsg(context, st, "%s", errbuf);
+                goto cleanup;
+            } else {
+                st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
+            }
+        }
+        if (st != LDAP_SUCCESS) {
+            snprintf(errbuf, sizeof(errbuf), _("Principal add failed: %s"),
+                     ldap_err2string(st));
+            st = translate_ldap_error (st, OP_ADD);
+            k5_setmsg(context, st, "%s", errbuf);
+            goto cleanup;
+        }
+    } else {
+        /*
+         * Here existing ldap object is modified and can be related
+         * to any attribute, so always ensure that the ldap
+         * object is extended with all the kerberos related
+         * objectclasses so that there are no constraint
+         * violations.
+         */
+        {
+            char *attrvalues[] = {"krbprincipalaux", "krbTicketPolicyAux", NULL};
+            int p, q, r=0, amask=0;
+
+            if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
+                                        "objectclass", attrvalues, &amask)) != 0)
+                goto cleanup;
+
+            memset(strval, 0, sizeof(strval));
+            for (p=1, q=0; p<=2; p<<=1, ++q) {
+                if ((p & amask) == 0)
+                    strval[r++] = attrvalues[q];
+            }
+            if (r != 0) {
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+                    goto cleanup;
+            }
+        }
+        if (xargs.dn != NULL)
+            st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL);
+        else
+            st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL);
+
+        if (st != LDAP_SUCCESS) {
+            snprintf(errbuf, sizeof(errbuf), _("User modification failed: %s"),
+                     ldap_err2string(st));
+            st = translate_ldap_error (st, OP_MOD);
+            k5_setmsg(context, st, "%s", errbuf);
+            goto cleanup;
+        }
+
+        if (entry->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
+            entry->fail_auth_count++;
+    }
+
+cleanup:
+    free(filter);
+    if (user)
+        free(user);
+
+    if (filtuser)
+        free(filtuser);
+
+    free_xargs(xargs);
+
+    if (standalone_principal_dn)
+        free(standalone_principal_dn);
+
+    if (principal_dn)
+        free (principal_dn);
+
+    if (polname != NULL)
+        free(polname);
+
+    for (tre = 0; tre < ntrees; tre++)
+        free(subtreelist[tre]);
+    free(subtreelist);
+
+    if (subtree)
+        free (subtree);
+
+    if (bersecretkey) {
+        for (l=0; bersecretkey[l]; ++l) {
+            if (bersecretkey[l]->bv_val)
+                free (bersecretkey[l]->bv_val);
+            free (bersecretkey[l]);
+        }
+        free (bersecretkey);
+    }
+
+    if (keys)
+        free (keys);
+
+    ldap_mods_free(mods, 1);
+    ldap_osa_free_princ_ent(&princ_ent);
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return(st);
+}
+
+krb5_error_code
+krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context,
+                     krb5_db_entry *entries, char *policy)
+{
+    krb5_error_code             st=0;
+    int                         mask=0, omask=0;
+    int                         tkt_mask=(KDB_MAX_LIFE_ATTR | KDB_MAX_RLIFE_ATTR | KDB_TKT_FLAGS_ATTR);
+    krb5_ldap_policy_params     *tktpoldnparam=NULL;
+
+    if ((st=krb5_get_attributes_mask(context, entries, &mask)) != 0)
+        goto cleanup;
+
+    if ((mask & tkt_mask) == tkt_mask)
+        goto cleanup;
+
+    if (policy != NULL) {
+        st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask);
+        if (st && st != KRB5_KDB_NOENTRY) {
+            k5_prependmsg(context, st, _("Error reading ticket policy"));
+            goto cleanup;
+        }
+
+        st = 0; /* reset the return status */
+    }
+
+    if ((mask & KDB_MAX_LIFE_ATTR) == 0) {
+        if ((omask & KDB_MAX_LIFE_ATTR) ==  KDB_MAX_LIFE_ATTR)
+            entries->max_life = tktpoldnparam->maxtktlife;
+        else if (ldap_context->lrparams->max_life)
+            entries->max_life = ldap_context->lrparams->max_life;
+    }
+
+    if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
+        if ((omask & KDB_MAX_RLIFE_ATTR) == KDB_MAX_RLIFE_ATTR)
+            entries->max_renewable_life = tktpoldnparam->maxrenewlife;
+        else if (ldap_context->lrparams->max_renewable_life)
+            entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
+    }
+
+    if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {
+        if ((omask & KDB_TKT_FLAGS_ATTR) == KDB_TKT_FLAGS_ATTR)
+            entries->attributes = tktpoldnparam->tktflags;
+        else if (ldap_context->lrparams->tktflags)
+            entries->attributes |= ldap_context->lrparams->tktflags;
+    }
+    krb5_ldap_free_policy(context, tktpoldnparam);
+
+cleanup:
+    return st;
+}
+
+static void
+free_ldap_seqof_key_data(ldap_seqof_key_data *keysets, krb5_int16 n_keysets)
+{
+    int i;
+
+    if (keysets == NULL)
+        return;
+
+    for (i = 0; i < n_keysets; i++)
+        k5_free_key_data(keysets[i].n_key_data, keysets[i].key_data);
+    free(keysets);
+}
+
+/*
+ * Decode keys from ldap search results.
+ *
+ * Arguments:
+ *  - bvalues
+ *      The ldap search results containing the key data.
+ *  - mkvno
+ *      The master kvno that the keys were encrypted with.
+ *  - keysets_out
+ *      The decoded keys in a ldap_seqof_key_data struct.  Must be freed using
+ *      free_ldap_seqof_key_data.
+ *  - n_keysets_out
+ *      The number of entries in keys_out.
+ *  - total_keys_out
+ *      An optional argument that if given will be set to the total number of
+ *      keys found throughout all the entries: sum(keys_out.n_key_data)
+ *      May be NULL.
+ */
+static krb5_error_code
+decode_keys(struct berval **bvalues, ldap_seqof_key_data **keysets_out,
+            krb5_int16 *n_keysets_out, krb5_int16 *total_keys_out)
+{
+    krb5_error_code err = 0;
+    krb5_int16 n_keys, i, ki, total_keys;
+    ldap_seqof_key_data *keysets = NULL;
+
+    *keysets_out = NULL;
+    *n_keysets_out = 0;
+    if (total_keys_out)
+        *total_keys_out = 0;
+
+    /* Precount the number of keys. */
+    for (n_keys = 0, i = 0; bvalues[i] != NULL; i++) {
+        if (bvalues[i]->bv_len > 0)
+            n_keys++;
+    }
+
+    keysets = k5calloc(n_keys, sizeof(ldap_seqof_key_data), &err);
+    if (keysets == NULL)
+        goto cleanup;
+    memset(keysets, 0, n_keys * sizeof(ldap_seqof_key_data));
+
+    for (i = 0, ki = 0, total_keys = 0; bvalues[i] != NULL; i++) {
+        krb5_data in;
+
+        if (bvalues[i]->bv_len == 0)
+            continue;
+        in.length = bvalues[i]->bv_len;
+        in.data = bvalues[i]->bv_val;
+
+        err = asn1_decode_sequence_of_keys(&in, &keysets[ki]);
+        if (err)
+            goto cleanup;
+
+        if (total_keys_out)
+            total_keys += keysets[ki].n_key_data;
+        ki++;
+    }
+
+    if (total_keys_out)
+        *total_keys_out = total_keys;
+
+    *n_keysets_out = n_keys;
+    *keysets_out = keysets;
+    keysets = NULL;
+    n_keys = 0;
+
+cleanup:
+    free_ldap_seqof_key_data(keysets, n_keys);
+    return err;
+}
+
+krb5_error_code
+krb5_decode_krbsecretkey(krb5_context context, krb5_db_entry *entries,
+                         struct berval **bvalues, krb5_kvno *mkvno)
+{
+    krb5_key_data *key_data = NULL, *tmp;
+    krb5_error_code err = 0;
+    ldap_seqof_key_data *keysets = NULL;
+    krb5_int16 i, n_keysets = 0, total_keys = 0;
+
+    err = decode_keys(bvalues, &keysets, &n_keysets, &total_keys);
+    if (err != 0) {
+        k5_prependmsg(context, err,
+                      _("unable to decode stored principal key data"));
+        goto cleanup;
+    }
+
+    key_data = k5calloc(total_keys, sizeof(krb5_key_data), &err);
+    if (key_data == NULL)
+        goto cleanup;
+    memset(key_data, 0, total_keys * sizeof(krb5_key_data));
+
+    if (n_keysets > 0)
+        *mkvno = keysets[0].mkvno;
+
+    /* Transfer key data values from keysets to a flat list in entries. */
+    tmp = key_data;
+    for (i = 0; i < n_keysets; i++) {
+        memcpy(tmp, keysets[i].key_data,
+               sizeof(krb5_key_data) * keysets[i].n_key_data);
+        tmp += keysets[i].n_key_data;
+        keysets[i].n_key_data = 0;
+    }
+    entries->n_key_data = total_keys;
+    entries->key_data = key_data;
+    key_data = NULL;
+
+cleanup:
+    free_ldap_seqof_key_data(keysets, n_keysets);
+    k5_free_key_data(total_keys, key_data);
+    return err;
+}
+
+static int
+compare_osa_pw_hist_ent(const void *left_in, const void *right_in)
+{
+    int kvno_left, kvno_right;
+    osa_pw_hist_ent *left = (osa_pw_hist_ent *)left_in;
+    osa_pw_hist_ent *right = (osa_pw_hist_ent *)right_in;
+
+    kvno_left = left->n_key_data ? left->key_data[0].key_data_kvno : 0;
+    kvno_right = right->n_key_data ? right->key_data[0].key_data_kvno : 0;
+    return kvno_left - kvno_right;
+}
+
+/*
+ * Decode the key history entries from an LDAP search.
+ *
+ * NOTE: the caller must free princ_ent->old_keys even on error.
+ */
+krb5_error_code
+krb5_decode_histkey(krb5_context context, struct berval **bvalues,
+                    osa_princ_ent_rec *princ_ent)
+{
+    krb5_error_code err = 0;
+    krb5_int16 i, n_keysets = 0;
+    ldap_seqof_key_data *keysets = NULL;
+
+    err = decode_keys(bvalues, &keysets, &n_keysets, NULL);
+    if (err != 0) {
+        k5_prependmsg(context, err,
+                      _("unable to decode stored principal pw history"));
+        goto cleanup;
+    }
+
+    princ_ent->old_keys = k5calloc(n_keysets, sizeof(osa_pw_hist_ent), &err);
+    if (princ_ent->old_keys == NULL)
+        goto cleanup;
+    princ_ent->old_key_len = n_keysets;
+
+    if (n_keysets > 0)
+        princ_ent->admin_history_kvno = keysets[0].mkvno;
+
+    /* Transfer key data pointers from keysets to princ_ent. */
+    for (i = 0; i < n_keysets; i++) {
+        princ_ent->old_keys[i].n_key_data = keysets[i].n_key_data;
+        princ_ent->old_keys[i].key_data = keysets[i].key_data;
+        keysets[i].n_key_data = 0;
+        keysets[i].key_data = NULL;
+    }
+
+    /* Sort the principal entries by kvno in ascending order. */
+    qsort(princ_ent->old_keys, princ_ent->old_key_len, sizeof(osa_pw_hist_ent),
+          &compare_osa_pw_hist_ent);
+
+    princ_ent->aux_attributes |= KADM5_KEY_HIST;
+
+    /* Set the next key to the end of the list.  The queue will be lengthened
+     * if it isn't full yet; the first entry will be replaced if it is full. */
+    princ_ent->old_key_next = princ_ent->old_key_len;
+
+cleanup:
+    free_ldap_seqof_key_data(keysets, n_keysets);
+    return err;
+}
+
+static char *
+getstringtime(krb5_timestamp epochtime)
+{
+    struct tm           tme;
+    char                *strtime=NULL;
+    time_t              posixtime = ts2tt(epochtime);
+
+    if (gmtime_r(&posixtime, &tme) == NULL)
+        return NULL;
+
+    strtime = calloc(50, 1);
+    if (strtime == NULL)
+        return NULL;
+    if (strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme) == 0) {
+        free(strtime);
+        return NULL;
+    }
+    return strtime;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
new file mode 100644
index 00000000..838583a1
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@ -0,0 +1,469 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "ldap_main.h"
+#include "kdb_ldap.h"
+#include "ldap_pwd_policy.h"
+#include "ldap_err.h"
+
+static char *password_policy_attributes[] = { "cn", "krbmaxpwdlife", "krbminpwdlife",
+                                              "krbpwdmindiffchars", "krbpwdminlength",
+                                              "krbpwdhistorylength", "krbpwdmaxfailure",
+                                              "krbpwdfailurecountinterval",
+                                              "krbpwdlockoutduration",
+                                              "krbpwdattributes",
+                                              "krbpwdmaxlife",
+                                              "krbpwdmaxrenewablelife",
+                                              "krbpwdallowedkeysalts", NULL };
+
+/* Fill in mods with LDAP operations for the fields of policy, using the
+ * modification type op.  mods must be freed by the caller on error. */
+static krb5_error_code
+add_policy_mods(krb5_context context, LDAPMod ***mods, osa_policy_ent_t policy,
+                int op)
+{
+    krb5_error_code st;
+    char *strval[2] = { NULL };
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbmaxpwdlife", op,
+                                   (int)policy->pw_max_life);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbminpwdlife", op,
+                                   (int)policy->pw_min_life);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdmindiffchars", op,
+                                   (int)policy->pw_min_classes);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdminlength", op,
+                                   (int)policy->pw_min_length);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdhistorylength", op,
+                                   (int)policy->pw_history_num);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdmaxfailure", op,
+                                   (int)policy->pw_max_fail);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdfailurecountinterval", op,
+                                   (int)policy->pw_failcnt_interval);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdlockoutduration", op,
+                                   (int)policy->pw_lockout_duration);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdattributes", op,
+                                   (int)policy->attributes);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdmaxlife", op,
+                                   (int)policy->max_life);
+    if (st)
+        return st;
+
+    st = krb5_add_int_mem_ldap_mod(mods, "krbpwdmaxrenewablelife", op,
+                                   (int)policy->max_renewable_life);
+    if (st)
+        return st;
+
+    if (policy->allowed_keysalts != NULL) {
+        strval[0] = policy->allowed_keysalts;
+        st = krb5_add_str_mem_ldap_mod(mods, "krbpwdallowedkeysalts",
+                                       op, strval);
+        if (st)
+            return st;
+    }
+
+    /*
+     * Each policy tl-data type we add should be explicitly marshalled here.
+     * Unlike principals, we do not marshal unrecognized policy tl-data.
+     */
+
+    return 0;
+}
+
+/*
+ * Function to create password policy object.
+ */
+
+krb5_error_code
+krb5_ldap_create_password_policy(krb5_context context, osa_policy_ent_t policy)
+{
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    LDAPMod                     **mods={NULL};
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+    char                        *strval[2]={NULL}, *policy_dn=NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    /* validate the input parameters */
+    if (policy == NULL || policy->name == NULL)
+        return EINVAL;
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    st = krb5_ldap_name_to_policydn (context, policy->name, &policy_dn);
+    if (st != 0)
+        goto cleanup;
+
+    strval[0] = policy->name;
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    strval[0] = "krbPwdPolicy";
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    st = add_policy_mods(context, &mods, policy, LDAP_MOD_ADD);
+    if (st)
+        goto cleanup;
+
+    /* password policy object creation */
+    if ((st=ldap_add_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
+    }
+
+cleanup:
+    free(policy_dn);
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return(st);
+}
+
+/*
+ * Function to modify password policy object.
+ */
+
+krb5_error_code
+krb5_ldap_put_password_policy(krb5_context context, osa_policy_ent_t policy)
+{
+    char                        *policy_dn=NULL;
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    LDAPMod                     **mods=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    /* validate the input parameters */
+    if (policy == NULL || policy->name == NULL)
+        return EINVAL;
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    st = krb5_ldap_name_to_policydn (context, policy->name, &policy_dn);
+    if (st != 0)
+        goto cleanup;
+
+    st = add_policy_mods(context, &mods, policy, LDAP_MOD_REPLACE);
+    if (st)
+        goto cleanup;
+
+    /* modify the password policy object. */
+    /*
+     * This will fail if the 'policy_dn' is anywhere other than under the realm
+     * container. This is correct behaviour. 'kdb5_ldap_util' will support
+     * management of only such policy objects.
+     */
+    if ((st=ldap_modify_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
+    }
+
+cleanup:
+    free(policy_dn);
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return(st);
+}
+
+static void
+get_ui4(LDAP *ld, LDAPMessage *ent, char *name, krb5_ui_4 *out)
+{
+    int val;
+
+    krb5_ldap_get_value(ld, ent, name, &val);
+    *out = val;
+}
+
+static krb5_error_code
+populate_policy(krb5_context context,
+                LDAP *ld,
+                LDAPMessage *ent,
+                char *pol_name,
+                osa_policy_ent_t pol_entry)
+{
+    int st = 0;
+
+    pol_entry->name = strdup(pol_name);
+    CHECK_NULL(pol_entry->name);
+    pol_entry->version = 1;
+
+    get_ui4(ld, ent, "krbmaxpwdlife", &pol_entry->pw_max_life);
+    get_ui4(ld, ent, "krbminpwdlife", &pol_entry->pw_min_life);
+    get_ui4(ld, ent, "krbpwdmindiffchars", &pol_entry->pw_min_classes);
+    get_ui4(ld, ent, "krbpwdminlength", &pol_entry->pw_min_length);
+    get_ui4(ld, ent, "krbpwdhistorylength", &pol_entry->pw_history_num);
+    get_ui4(ld, ent, "krbpwdmaxfailure", &pol_entry->pw_max_fail);
+    get_ui4(ld, ent, "krbpwdfailurecountinterval",
+            &pol_entry->pw_failcnt_interval);
+    get_ui4(ld, ent, "krbpwdlockoutduration", &pol_entry->pw_lockout_duration);
+    get_ui4(ld, ent, "krbpwdattributes", &pol_entry->attributes);
+    get_ui4(ld, ent, "krbpwdmaxlife", &pol_entry->max_life);
+    get_ui4(ld, ent, "krbpwdmaxrenewablelife", &pol_entry->max_renewable_life);
+
+    st = krb5_ldap_get_string(ld, ent, "krbpwdallowedkeysalts",
+                              &(pol_entry->allowed_keysalts), NULL);
+    if (st)
+        goto cleanup;
+    /*
+     * We don't store the policy refcnt, because principals might be maintained
+     * outside of kadmin.  Instead, we will check for principal references when
+     * policies are deleted.
+     */
+    pol_entry->policy_refcnt = 0;
+
+cleanup:
+    return st;
+}
+
+static krb5_error_code
+krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name,
+                                      char *pol_dn, osa_policy_ent_t *policy)
+{
+    krb5_error_code             st=0, tempst=0;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL,*ent=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    /* validate the input parameters */
+    if (pol_dn == NULL)
+        return EINVAL;
+
+    *policy = NULL;
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    *(policy) = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
+    if (*policy == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+    memset(*policy, 0, sizeof(osa_policy_ent_rec));
+
+    LDAP_SEARCH(pol_dn, LDAP_SCOPE_BASE, "(objectclass=krbPwdPolicy)", password_policy_attributes);
+
+    ent=ldap_first_entry(ld, result);
+    if (ent == NULL) {
+        st = KRB5_KDB_NOENTRY;
+        goto cleanup;
+    }
+    st = populate_policy(context, ld, ent, pol_name, *policy);
+
+cleanup:
+    ldap_msgfree(result);
+    if (st != 0) {
+        if (*policy != NULL) {
+            krb5_db_free_policy(context, *policy);
+            *policy = NULL;
+        }
+    }
+
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+/*
+ * Convert 'name' into a directory DN and call
+ * 'krb5_ldap_get_password_policy_from_dn'
+ */
+krb5_error_code
+krb5_ldap_get_password_policy(krb5_context context, char *name,
+                              osa_policy_ent_t *policy)
+{
+    krb5_error_code             st = 0;
+    char                        *policy_dn = NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    /* validate the input parameters */
+    if (name == NULL) {
+        st = EINVAL;
+        goto cleanup;
+    }
+
+    st = krb5_ldap_name_to_policydn(context, name, &policy_dn);
+    if (st != 0)
+        goto cleanup;
+
+    st = krb5_ldap_get_password_policy_from_dn(context, name, policy_dn,
+                                               policy);
+
+cleanup:
+    free(policy_dn);
+    return st;
+}
+
+krb5_error_code
+krb5_ldap_delete_password_policy(krb5_context context, char *policy)
+{
+    int                         mask = 0;
+    char                        *policy_dn = NULL, *class[] = {"krbpwdpolicy", NULL};
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    /* validate the input parameters */
+    if (policy == NULL)
+        return EINVAL;
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    st = krb5_ldap_name_to_policydn (context, policy, &policy_dn);
+    if (st != 0)
+        goto cleanup;
+
+    /* Ensure that the object is a password policy */
+    if ((st=checkattributevalue(ld, policy_dn, "objectclass", class, &mask)) != 0)
+        goto cleanup;
+
+    if (mask == 0) {
+        st = KRB5_KDB_NOENTRY;
+        goto cleanup;
+    }
+
+    if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != LDAP_SUCCESS) {
+        st = set_ldap_error (context, st, OP_DEL);
+        goto cleanup;
+    }
+
+cleanup:
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    free(policy_dn);
+
+    return st;
+}
+
+krb5_error_code
+krb5_ldap_iterate_password_policy(krb5_context context, char *match_expr,
+                                  void (*func)(krb5_pointer, osa_policy_ent_t),
+                                  krb5_pointer func_arg)
+{
+    osa_policy_ent_rec          *entry=NULL;
+    char                        *policy=NULL;
+    krb5_error_code             st=0, tempst=0;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    if (ldap_context->lrparams->realmdn == NULL) {
+        st = EINVAL;
+        goto cleanup;
+    }
+
+    LDAP_SEARCH(ldap_context->lrparams->realmdn, LDAP_SCOPE_ONELEVEL, "(objectclass=krbpwdpolicy)", password_policy_attributes);
+    for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
+        krb5_boolean attr_present;
+
+        st = krb5_ldap_get_string(ld, ent, "cn", &policy, &attr_present);
+        if (st != 0)
+            goto cleanup;
+        if (attr_present == FALSE)
+            continue;
+
+        entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
+        CHECK_NULL(entry);
+        memset(entry, 0, sizeof(osa_policy_ent_rec));
+        if ((st = populate_policy(context, ld, ent, policy, entry)) != 0)
+            goto cleanup;
+
+        (*func)(func_arg, entry);
+        krb5_db_free_policy(context, entry);
+        entry = NULL;
+
+        free(policy);
+        policy = NULL;
+    }
+
+cleanup:
+    free(entry);
+    free(policy);
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
new file mode 100644
index 00000000..81c56596
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
@@ -0,0 +1,51 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LDAP_KRBPWDPOLICY_H_
+#define _LDAP_KRBPWDPOLICY_H_
+
+krb5_error_code
+krb5_ldap_get_password_policy(krb5_context, char *, osa_policy_ent_t *);
+
+krb5_error_code
+krb5_ldap_create_password_policy(krb5_context, osa_policy_ent_t);
+
+krb5_error_code
+krb5_ldap_put_password_policy(krb5_context kcontext, osa_policy_ent_t policy);
+
+krb5_error_code
+krb5_ldap_delete_password_policy (krb5_context kcontext, char *policy);
+
+krb5_error_code
+krb5_ldap_iterate_password_policy(krb5_context, char *,
+                                  void (*)(krb5_pointer, osa_policy_ent_t),
+                                  krb5_pointer);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
new file mode 100644
index 00000000..753929b0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -0,0 +1,926 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_realm.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#include "ldap_main.h"
+#include "ldap_realm.h"
+#include "ldap_principal.h"
+#include "ldap_pwd_policy.h"
+#include "ldap_err.h"
+
+#define END_OF_LIST -1
+char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef",
+                             "krbMaxTicketLife", "krbMaxRenewableAge",
+                             "krbTicketFlags", "krbUpEnabled",
+                             "krbLdapServers",
+                             "krbKdcServers",  "krbAdmServers",
+                             "krbPwdServers", NULL};
+
+
+char  *policy_attributes[] = { "krbMaxTicketLife",
+                               "krbMaxRenewableAge",
+                               "krbTicketFlags",
+                               NULL };
+
+
+
+char  *policyclass[] =     { "krbTicketPolicy", NULL };
+char  *kdcclass[] =        { "krbKdcService", NULL };
+char  *adminclass[] =      { "krbAdmService", NULL };
+char  *pwdclass[] =        { "krbPwdService", NULL };
+char  *subtreeclass[] =    { "Organization", "OrganizationalUnit", "Domain", "krbContainer",
+                             "krbRealmContainer", "Country", "Locality", NULL };
+
+
+char  *krbContainerRefclass[] = { "krbContainerRefAux", NULL};
+
+/*
+ * list realms from eDirectory
+ */
+
+/* Return a copy of in, quoting all characters which are special in an LDAP
+ * filter (RFC 4515) or DN string (RFC 4514).  Return NULL on failure. */
+char *
+ldap_filter_correct (char *in)
+{
+    size_t count;
+    const char special[] = "*()\\ #\"+,;<>";
+    struct k5buf buf;
+
+    k5_buf_init_dynamic(&buf);
+    while (TRUE) {
+        count = strcspn(in, special);
+        k5_buf_add_len(&buf, in, count);
+        in += count;
+        if (*in == '\0')
+            break;
+        k5_buf_add_fmt(&buf, "\\%2x", (unsigned char)*in++);
+    }
+    return k5_buf_cstring(&buf);
+}
+
+static int
+principal_in_realm_2(krb5_principal principal, char *realm) {
+    /* Cross realm trust ... */
+    if (principal->length == 2 &&
+        principal->data[0].length == sizeof ("krbtgt") &&
+        strncasecmp (principal->data[0].data, "krbtgt", sizeof ("krbtgt")) &&
+        principal->data[1].length == strlen (realm) &&
+        strncasecmp (principal->data[1].data, realm, strlen (realm)))
+        return 0;
+
+    if (strlen(realm) != principal->realm.length)
+        return 1;
+
+    if (strncasecmp(realm, principal->realm.data, principal->realm.length) != 0)
+        return 1;
+
+    return 0;
+}
+
+/*
+ * Lists the realms in the Directory.
+ */
+
+krb5_error_code
+krb5_ldap_list_realm(krb5_context context, char ***realms)
+{
+    char                        **values = NULL;
+    unsigned int                i = 0;
+    int                         count = 0;
+    krb5_error_code             st = 0, tempst = 0;
+    LDAP                        *ld = NULL;
+    LDAPMessage                 *result = NULL, *ent = NULL;
+    kdb5_dal_handle             *dal_handle = NULL;
+    krb5_ldap_context           *ldap_context = NULL;
+    krb5_ldap_server_handle     *ldap_server_handle = NULL;
+
+    SETUP_CONTEXT ();
+
+    /* get the kerberos container DN information */
+    if (ldap_context->container_dn == NULL) {
+        if ((st = krb5_ldap_read_krbcontainer_dn(context,
+                                                 &(ldap_context->container_dn))) != 0)
+            goto cleanup;
+    }
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    {
+        char *cn[] = {"cn", NULL};
+        LDAP_SEARCH(ldap_context->container_dn,
+                    LDAP_SCOPE_ONELEVEL,
+                    "(objectclass=krbRealmContainer)",
+                    cn);
+    }
+
+    *realms = NULL;
+
+    count = ldap_count_entries (ld, result);
+    if (count == -1) {
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
+        st = set_ldap_error (context, st, OP_SEARCH);
+        goto cleanup;
+    }
+
+    *realms = calloc((unsigned int) count+1, sizeof (char *));
+    CHECK_NULL(*realms);
+
+    for (ent = ldap_first_entry(ld, result), count = 0; ent != NULL;
+         ent = ldap_next_entry(ld, ent)) {
+
+        if ((values = ldap_get_values (ld, ent, "cn")) != NULL) {
+
+            (*realms)[count] = strdup(values[0]);
+            CHECK_NULL((*realms)[count]);
+            count += 1;
+
+            ldap_value_free(values);
+        }
+    } /* for (ent= ... */
+
+cleanup:
+
+    /* some error, free up all the memory */
+    if (st != 0) {
+        if (*realms) {
+            for (i=0; (*realms)[i] != NULL; ++i) {
+                free ((*realms)[i]);
+            }
+            free (*realms);
+            *realms = NULL;
+        }
+    }
+
+    /* If there are no elements, still return a NULL terminated array */
+
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+/*
+ * Delete the realm along with the principals belonging to the realm in the Directory.
+ */
+
+static void
+delete_password_policy (krb5_pointer ptr, osa_policy_ent_t pol)
+{
+    krb5_ldap_delete_password_policy ((krb5_context)ptr, pol->name);
+}
+
+krb5_error_code
+krb5_ldap_delete_realm (krb5_context context, char *lrealm)
+{
+    LDAP                        *ld = NULL;
+    krb5_error_code             st = 0, tempst=0;
+    char                        **values=NULL, **subtrees=NULL, **policy=NULL;
+    LDAPMessage                 **result_arr=NULL, *result = NULL, *ent = NULL;
+    krb5_principal              principal;
+    unsigned int                l=0, ntree=0;
+    int                         i=0, j=0, mask=0;
+    kdb5_dal_handle             *dal_handle = NULL;
+    krb5_ldap_context           *ldap_context = NULL;
+    krb5_ldap_server_handle     *ldap_server_handle = NULL;
+    krb5_ldap_realm_params      *rparam=NULL;
+
+    SETUP_CONTEXT ();
+
+    if (lrealm == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Realm information not available"));
+        goto cleanup;
+    }
+
+    if ((st=krb5_ldap_read_realm_params(context, lrealm, &rparam, &mask)) != 0)
+        goto cleanup;
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    /* delete all the principals belonging to the realm in the tree */
+    {
+        char *attr[] = {"krbprincipalname", NULL}, *realm=NULL, filter[256];
+        krb5_ldap_context lcontext;
+
+        realm = ldap_filter_correct (lrealm);
+        assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") +
+                strlen (realm) + 2 /* "*@" */ + 1);
+
+        snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm);
+        free (realm);
+
+        /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */
+        memset(&lcontext, 0, sizeof(krb5_ldap_context));
+        lcontext.lrparams = rparam;
+        if ((st=krb5_get_subtree_info(&lcontext, &subtrees, &ntree)) != 0)
+            goto cleanup;
+
+        result_arr = (LDAPMessage **)  calloc((unsigned int)ntree+1,
+                                              sizeof(LDAPMessage *));
+        if (result_arr == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
+
+        for (l=0; l < ntree; ++l) {
+            LDAP_SEARCH(subtrees[l], rparam->search_scope, filter, attr);
+            result_arr[l] = result;
+        }
+    }
+
+    /* NOTE: Here all the principals should be cached and the ldap handle should be freed,
+     * as a DAL-LDAP interface is called right down here. Caching might be constrained by
+     * availability of the memory. The caching is not done, however there would be limit
+     * on the minimum number of handles for a server and it is 2. As the DAL-LDAP is not
+     * thread-safe this should suffice.
+     */
+    for (j=0; (result=result_arr[j]) != NULL; ++j) {
+        for (ent = ldap_first_entry (ld, result); ent != NULL;
+             ent = ldap_next_entry (ld, ent)) {
+            if ((values = ldap_get_values(ld, ent, "krbPrincipalName")) != NULL) {
+                for (i = 0; values[i] != NULL; ++i) {
+                    krb5_parse_name(context, values[i], &principal);
+                    if (principal_in_realm_2(principal, lrealm) == 0) {
+                        st=krb5_ldap_delete_principal(context, principal);
+                        if (st && st != KRB5_KDB_NOENTRY)
+                            goto cleanup;
+                    }
+                    krb5_free_principal(context, principal);
+                }
+                ldap_value_free(values);
+            }
+        }
+    }
+
+    /* Delete all password policies */
+    krb5_ldap_iterate_password_policy (context, "*", delete_password_policy, context);
+
+    /* Delete all ticket policies */
+    {
+        if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
+            k5_prependmsg(context, st, _("Error reading ticket policy"));
+            goto cleanup;
+        }
+
+        for (i = 0; policy [i] != NULL; i++)
+            krb5_ldap_delete_policy(context, policy[i]);
+    }
+
+    /* Delete the realm object */
+    if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) {
+        int ost = st;
+        st = translate_ldap_error (st, OP_DEL);
+        k5_setmsg(context, st, _("Realm Delete FAILED: %s"),
+                  ldap_err2string(ost));
+    }
+
+cleanup:
+    if (subtrees) {
+        for (l=0; l < ntree; ++l) {
+            if (subtrees[l])
+                free (subtrees[l]);
+        }
+        free (subtrees);
+    }
+
+    if (result_arr != NULL) {
+        for (l = 0; l < ntree; l++)
+            ldap_msgfree(result_arr[l]);
+        free(result_arr);
+    }
+
+    if (policy != NULL) {
+        for (i = 0; policy[i] != NULL; i++)
+            free (policy[i]);
+        free (policy);
+    }
+
+    krb5_ldap_free_realm_params(rparam);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+ * Modify the realm attributes in the Directory.
+ */
+
+krb5_error_code
+krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
+                       int mask)
+{
+    LDAP                  *ld=NULL;
+    krb5_error_code       st=0;
+    char                  **strval=NULL, *strvalprc[5]={NULL};
+    LDAPMod               **mods = NULL;
+    int                   objectmask=0,k=0;
+    kdb5_dal_handle       *dal_handle=NULL;
+    krb5_ldap_context     *ldap_context=NULL;
+    krb5_ldap_server_handle *ldap_server_handle=NULL;
+
+    if (mask == 0)
+        return 0;
+
+    if (rparams == NULL) {
+        st = EINVAL;
+        return st;
+    }
+
+    SETUP_CONTEXT ();
+
+    /* Check validity of arguments */
+    if (ldap_context->container_dn == NULL ||
+        rparams->tl_data == NULL ||
+        rparams->tl_data->tl_data_contents == NULL ||
+        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
+        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
+        0) {
+        st = EINVAL;
+        goto cleanup;
+    }
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    /* SUBTREE ATTRIBUTE */
+    if (mask & LDAP_REALM_SUBTREE) {
+        if ( rparams->subtree!=NULL)  {
+            /*replace the subtrees with the present if the subtrees are present*/
+            for(k=0;k<rparams->subtreecount && rparams->subtree[k]!=NULL;k++) {
+                if (strlen(rparams->subtree[k]) != 0) {
+                    st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
+                                             &objectmask);
+                    CHECK_CLASS_VALIDITY(st, objectmask, _("subtree value: "));
+                }
+            }
+            strval = rparams->subtree;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_REPLACE,
+                                              strval)) != 0) {
+                goto cleanup;
+            }
+        }
+    }
+
+    /* CONTAINERREF ATTRIBUTE */
+    if (mask & LDAP_REALM_CONTREF) {
+        if (strlen(rparams->containerref) != 0 ) {
+            st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask,
+                                 _("container reference value: "));
+            strvalprc[0] = rparams->containerref;
+            strvalprc[1] = NULL;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_REPLACE,
+                                              strvalprc)) != 0)
+                goto cleanup;
+        }
+    }
+
+    /* SEARCHSCOPE ATTRIBUTE */
+    if (mask & LDAP_REALM_SEARCHSCOPE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
+                                          (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                           || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                          rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+            goto cleanup;
+    }
+
+    if (mask & LDAP_REALM_MAXRENEWLIFE) {
+
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
+                                          rparams->max_renewable_life)) != 0)
+            goto cleanup;
+    }
+
+    /* krbMaxTicketLife ATTRIBUTE */
+
+    if (mask & LDAP_REALM_MAXTICKETLIFE) {
+
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
+                                          rparams->max_life)) != 0)
+            goto cleanup;
+    }
+
+    /* krbTicketFlags ATTRIBUTE */
+
+    if (mask & LDAP_REALM_KRBTICKETFLAGS) {
+
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
+                                          rparams->tktflags)) != 0)
+            goto cleanup;
+    }
+
+
+    /* Realm modify operation */
+    if (mods != NULL) {
+        if ((st=ldap_modify_ext_s(ld, rparams->realmdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+            st = set_ldap_error (context, st, OP_MOD);
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+
+/*
+ * Create the Kerberos container in the Directory if it does not exist
+ */
+
+krb5_error_code
+krb5_ldap_create_krbcontainer(krb5_context context, const char *dn)
+{
+    LDAP                        *ld=NULL;
+    char                        *strval[2]={NULL}, **rdns=NULL;
+    LDAPMod                     **mods = NULL;
+    krb5_error_code             st=0;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    SETUP_CONTEXT ();
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    if (dn == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Kerberos Container information is missing"));
+        goto cleanup;
+    }
+
+    strval[0] = "krbContainer";
+    strval[1] = NULL;
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    rdns = ldap_explode_dn(dn, 1);
+    if (rdns == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Invalid Kerberos container DN"));
+        goto cleanup;
+    }
+
+    strval[0] = rdns[0];
+    strval[1] = NULL;
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    /* create the kerberos container */
+    st = ldap_add_ext_s(ld, dn, mods, NULL, NULL);
+    if (st == LDAP_ALREADY_EXISTS)
+        st = LDAP_SUCCESS;
+    if (st != LDAP_SUCCESS) {
+        int ost = st;
+        st = translate_ldap_error (st, OP_ADD);
+        k5_setmsg(context, st, _("Kerberos Container create FAILED: %s"),
+                  ldap_err2string(ost));
+        goto cleanup;
+    }
+
+cleanup:
+
+    if (rdns)
+        ldap_value_free (rdns);
+
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return(st);
+}
+
+/*
+ * Delete the Kerberos container in the Directory
+ */
+
+krb5_error_code
+krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn)
+{
+    LDAP                        *ld=NULL;
+    krb5_error_code             st=0;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    SETUP_CONTEXT ();
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    if (dn == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Kerberos Container information is missing"));
+        goto cleanup;
+    }
+
+    /* delete the kerberos container */
+    if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) {
+        int ost = st;
+        st = translate_ldap_error (st, OP_ADD);
+        k5_setmsg(context, st, _("Kerberos Container delete FAILED: %s"),
+                  ldap_err2string(ost));
+        goto cleanup;
+    }
+
+cleanup:
+
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return(st);
+}
+
+
+/*
+ * Create Realm in eDirectory. This is used by kdb5_util
+ */
+
+krb5_error_code
+krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams,
+                       int mask)
+{
+    LDAP                        *ld=NULL;
+    krb5_error_code             st=0;
+    char                        *dn=NULL;
+    char                        *strval[4]={NULL};
+    char                        *contref[2]={NULL};
+    LDAPMod                     **mods = NULL;
+    int                         i=0, objectmask=0, subtreecount=0;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+    char                        *realm_name;
+
+    SETUP_CONTEXT ();
+
+    /* Check input validity ... */
+    if (ldap_context->container_dn == NULL ||
+        rparams == NULL ||
+        rparams->realm_name == NULL ||
+        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
+        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
+        0) {
+        st = EINVAL;
+        return st;
+    }
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    realm_name = rparams->realm_name;
+
+    if (asprintf(&dn, "cn=%s,%s", realm_name, ldap_context->container_dn) < 0)
+        dn = NULL;
+    CHECK_NULL(dn);
+
+    strval[0] = realm_name;
+    strval[1] = NULL;
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    strval[0] = "top";
+    strval[1] = "krbrealmcontainer";
+    strval[2] = "krbticketpolicyaux";
+    strval[3] = NULL;
+
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    /* SUBTREE ATTRIBUTE */
+    if (mask & LDAP_REALM_SUBTREE) {
+        if ( rparams->subtree!=NULL)  {
+            subtreecount = rparams->subtreecount;
+            for (i=0; rparams->subtree[i]!=NULL && i<subtreecount; i++) {
+                if (strlen(rparams->subtree[i]) != 0) {
+                    st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass,
+                                             &objectmask);
+                    CHECK_CLASS_VALIDITY(st, objectmask,
+                                         _("realm object value: "));
+                }
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD,
+                                              rparams->subtree)) != 0) {
+                goto cleanup;
+            }
+        }
+    }
+
+    /* CONTAINER REFERENCE ATTRIBUTE */
+    if (mask & LDAP_REALM_CONTREF) {
+        if (strlen(rparams->containerref) != 0 ) {
+            st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
+            contref[0] = rparams->containerref;
+            contref[1] = NULL;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_ADD,
+                                              contref)) != 0)
+                goto cleanup;
+        }
+    }
+
+    /* SEARCHSCOPE ATTRIBUTE */
+    if (mask & LDAP_REALM_SEARCHSCOPE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
+                                          (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                           || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                          rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+            goto cleanup;
+    }
+    if (mask & LDAP_REALM_MAXRENEWLIFE) {
+
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
+                                          rparams->max_renewable_life)) != 0)
+            goto cleanup;
+    }
+
+    /* krbMaxTicketLife ATTRIBUTE */
+
+    if (mask & LDAP_REALM_MAXTICKETLIFE) {
+
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
+                                          rparams->max_life)) != 0)
+            goto cleanup;
+    }
+
+    /* krbTicketFlags ATTRIBUTE */
+
+    if (mask & LDAP_REALM_KRBTICKETFLAGS) {
+
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
+                                          rparams->tktflags)) != 0)
+            goto cleanup;
+    }
+
+
+    /* realm creation operation */
+    if ((st=ldap_add_ext_s(ld, dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
+    }
+
+cleanup:
+
+    if (dn)
+        free(dn);
+
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+/*
+ * Read the realm container configuration from eDirectory for the specified realm.
+ */
+
+krb5_error_code
+krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
+                            krb5_ldap_realm_params **rlparamp, int *mask)
+{
+    char                   **values=NULL;
+    krb5_error_code        st=0, tempst=0;
+    LDAP                   *ld=NULL;
+    LDAPMessage            *result=NULL,*ent=NULL;
+    krb5_ldap_realm_params *rlparams=NULL;
+    kdb5_dal_handle        *dal_handle=NULL;
+    krb5_ldap_context      *ldap_context=NULL;
+    krb5_ldap_server_handle *ldap_server_handle=NULL;
+    int x=0;
+
+    SETUP_CONTEXT ();
+
+    /* validate the input parameter */
+    if (lrealm == NULL || ldap_context->container_dn == NULL) {
+        st = EINVAL;
+        goto cleanup;
+    }
+
+    /* get ldap handle */
+    GET_HANDLE ();
+
+    /* Initialize realm container structure */
+    rlparams =(krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params));
+    CHECK_NULL(rlparams);
+    memset(rlparams, 0, sizeof(krb5_ldap_realm_params));
+
+    /* allocate tl_data structure to store MASK information */
+    rlparams->tl_data = malloc (sizeof(krb5_tl_data));
+    if (rlparams->tl_data == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+    memset(rlparams->tl_data, 0, sizeof(krb5_tl_data));
+    rlparams->tl_data->tl_data_type = KDB_TL_USER_INFO;
+
+    /* set the mask parameter to 0 */
+    *mask = 0;
+
+    /* set default values */
+    rlparams->search_scope = LDAP_SCOPE_SUBTREE;
+
+    if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm,
+                 ldap_context->container_dn) < 0) {
+        rlparams->realmdn = NULL;
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    /* populate the realm name in the structure */
+    rlparams->realm_name = strdup(lrealm);
+    CHECK_NULL(rlparams->realm_name);
+
+    LDAP_SEARCH(rlparams->realmdn, LDAP_SCOPE_BASE, "(objectclass=krbRealmContainer)", realm_attributes);
+
+    if ((st = ldap_count_entries(ld, result)) <= 0) {
+        /* This could happen when the DN used to bind and read the realm object
+         * does not have sufficient rights to read its attributes
+         */
+        st = KRB5_KDB_ACCESS_ERROR; /* return some other error ? */
+        goto cleanup;
+    }
+
+    ent = ldap_first_entry (ld, result);
+    if (ent == NULL) {
+        ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, (void *) &st);
+        goto cleanup;
+    }
+
+    /* Read the attributes */
+    {
+        if ((values=ldap_get_values(ld, ent, "krbSubTrees")) != NULL) {
+            rlparams->subtreecount = ldap_count_values(values);
+            rlparams->subtree = (char **) malloc(sizeof(char *) * (rlparams->subtreecount + 1));
+            if (rlparams->subtree == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            for (x=0; x<rlparams->subtreecount; x++) {
+                rlparams->subtree[x] = strdup(values[x]);
+                if (rlparams->subtree[x] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+            }
+            rlparams->subtree[rlparams->subtreecount] = NULL;
+            *mask |= LDAP_REALM_SUBTREE;
+            ldap_value_free(values);
+        }
+
+        if((values=ldap_get_values(ld, ent, "krbPrincContainerRef")) != NULL) {
+            rlparams->containerref = strdup(values[0]);
+            if(rlparams->containerref == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            *mask |= LDAP_REALM_CONTREF;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
+            rlparams->search_scope=atoi(values[0]);
+            /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */
+            if (!(rlparams->search_scope==1 || rlparams->search_scope==2))
+                rlparams->search_scope = LDAP_SCOPE_SUBTREE;
+            *mask |= LDAP_REALM_SEARCHSCOPE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
+            rlparams->max_life = atoi(values[0]);
+            *mask |= LDAP_REALM_MAXTICKETLIFE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
+            rlparams->max_renewable_life = atoi(values[0]);
+            *mask |= LDAP_REALM_MAXRENEWLIFE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
+            rlparams->tktflags = atoi(values[0]);
+            *mask |= LDAP_REALM_KRBTICKETFLAGS;
+            ldap_value_free(values);
+        }
+
+    }
+
+    rlparams->mask = *mask;
+    *rlparamp = rlparams;
+    st = store_tl_data(rlparams->tl_data, KDB_TL_MASK, mask);
+
+cleanup:
+
+    /* if there is an error, free allocated structures */
+    if (st != 0) {
+        krb5_ldap_free_realm_params(rlparams);
+        *rlparamp=NULL;
+    }
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+  Free the krb5_ldap_realm_params.
+*/
+void
+krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams)
+{
+    int i=0;
+
+    if (rparams) {
+        if (rparams->realmdn)
+            free(rparams->realmdn);
+
+        if (rparams->realm_name)
+            free(rparams->realm_name);
+
+        if (rparams->subtree) {
+            for (i=0; i<rparams->subtreecount && rparams->subtree[i] ; i++)
+                free(rparams->subtree[i]);
+            free(rparams->subtree);
+        }
+
+        if (rparams->containerref)
+            free(rparams->containerref);
+
+        if (rparams->kdcservers) {
+            for (i=0; rparams->kdcservers[i]; ++i)
+                free(rparams->kdcservers[i]);
+            free(rparams->kdcservers);
+        }
+
+        if (rparams->adminservers) {
+            for (i=0; rparams->adminservers[i]; ++i)
+                free(rparams->adminservers[i]);
+            free(rparams->adminservers);
+        }
+
+        if (rparams->passwdservers) {
+            for (i=0; rparams->passwdservers[i]; ++i)
+                free(rparams->passwdservers[i]);
+            free(rparams->passwdservers);
+        }
+
+        if (rparams->tl_data) {
+            if (rparams->tl_data->tl_data_contents)
+                free(rparams->tl_data->tl_data_contents);
+            free(rparams->tl_data);
+        }
+
+        free(rparams);
+    }
+    return;
+}
+
+/*
+ * ******************************************************************************
+ * DAL functions
+ * ******************************************************************************
+ */
+
+krb5_error_code
+krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section,
+                         char **db_args)
+{
+    krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
+    k5_setmsg(kcontext, status, "LDAP %s", error_message(status));
+    return status;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
new file mode 100644
index 00000000..2f1b7aaf
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
@@ -0,0 +1,98 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_realm.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LDAP_REALM_H
+#define _LDAP_REALM_H 1
+
+/* realm specific mask */
+#define LDAP_REALM_SUBTREE            0x0001
+#define LDAP_REALM_SEARCHSCOPE        0x0002
+/* 0x0004 was LDAP_REALM_POLICYREFERENCE but it was unused */
+#define LDAP_REALM_UPENABLED          0x0008
+#define LDAP_REALM_LDAPSERVERS        0x0010
+#define LDAP_REALM_KDCSERVERS         0x0020
+#define LDAP_REALM_ADMINSERVERS       0x0040
+#define LDAP_REALM_PASSWDSERVERS      0x0080
+#define LDAP_REALM_MAXTICKETLIFE      0x0100
+#define LDAP_REALM_MAXRENEWLIFE       0x0200
+#define LDAP_REALM_KRBTICKETFLAGS     0x0400
+#define LDAP_REALM_CONTREF            0x0800
+
+extern char *policy_attributes[];
+
+extern char *realm_attributes[];
+
+/* realm container structure */
+
+typedef struct _krb5_ldap_realm_params {
+    char          *realmdn;
+    char          *realm_name;
+    char          **subtree;
+    char          *containerref;
+    int           search_scope;
+    int           upenabled;
+    int           subtreecount;
+    krb5_int32    max_life;
+    krb5_int32    max_renewable_life;
+    krb5_int32    tktflags;
+    char          **kdcservers;
+    char          **adminservers;
+    char          **passwdservers;
+    krb5_tl_data  *tl_data;
+    long          mask;
+} krb5_ldap_realm_params;
+
+
+krb5_error_code
+krb5_ldap_list_realm(krb5_context , char ***);
+
+krb5_error_code
+krb5_ldap_delete_realm(krb5_context, char *);
+
+krb5_error_code
+krb5_ldap_modify_realm(krb5_context, krb5_ldap_realm_params *, int);
+
+krb5_error_code
+krb5_ldap_create_realm(krb5_context, krb5_ldap_realm_params *, int);
+
+krb5_error_code
+krb5_ldap_read_realm_params(krb5_context, char *, krb5_ldap_realm_params **,
+                            int *);
+
+void
+krb5_ldap_free_realm_params(krb5_ldap_realm_params *);
+
+krb5_error_code
+krb5_ldap_delete_realm_1(krb5_context, char *, char **);
+
+char *
+ldap_filter_correct(char *);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
new file mode 100644
index 00000000..cb30f4a7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
@@ -0,0 +1,115 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "ldap_main.h"
+#include "kdb_ldap.h"
+#include "ldap_service_stash.h"
+#include <k5-hex.h>
+#include <ctype.h>
+
+/* Decode a password of the form {HEX}<hexstring>. */
+static krb5_error_code
+dec_password(krb5_context context, const char *str, char **password_out)
+{
+    krb5_error_code ret;
+    uint8_t *bytes;
+    size_t len;
+
+    *password_out = NULL;
+
+    if (strncmp(str, "{HEX}", 5) != 0) {
+        k5_setmsg(context, EINVAL, _("Not a hexadecimal password"));
+        return EINVAL;
+    }
+
+    ret = k5_hex_decode(str + 5, &bytes, &len);
+    if (ret) {
+        if (ret == EINVAL)
+            k5_setmsg(context, ret, _("Password corrupt"));
+        return ret;
+    }
+
+    *password_out = (char *)bytes;
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_readpassword(krb5_context context, const char *filename,
+                       const char *name, char **password_out)
+{
+    krb5_error_code ret;
+    char line[RECORDLEN], *end;
+    const char *start, *sep, *val = NULL;
+    int namelen = strlen(name);
+    FILE *fp;
+
+    *password_out = NULL;
+
+    fp = fopen(filename, "r");
+    if (fp == NULL) {
+        ret = errno;
+        k5_setmsg(context, ret, _("Cannot open LDAP password file '%s': %s"),
+                  filename, error_message(ret));
+        return ret;
+    }
+    set_cloexec_file(fp);
+
+    while (fgets(line, RECORDLEN, fp) != NULL) {
+        /* Remove trailing newline. */
+        end = line + strlen(line);
+        if (end > line && end[-1] == '\n')
+            end[-1] = '\0';
+
+        /* Skip past leading whitespace. */
+        for (start = line; isspace(*start); ++start);
+
+        /* Ignore comment lines */
+        if (*start == '!' || *start == '#')
+            continue;
+
+        sep = strchr(start, '#');
+        if (sep != NULL && sep - start == namelen &&
+            strncasecmp(start, name, namelen) == 0) {
+            val = sep + 1;
+            break;
+        }
+    }
+    fclose(fp);
+
+    if (val == NULL) {
+        k5_setmsg(context, KRB5_KDB_SERVER_INTERNAL_ERR,
+                  _("Bind DN entry '%s' missing in LDAP password file '%s'"),
+                  name, filename);
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
+    }
+
+    /* Extract the plain password information. */
+    return dec_password(context, val, password_out);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
new file mode 100644
index 00000000..03cf9a1f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
@@ -0,0 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LDAP_SERVICE_STASH_H
+#define LDAP_SERVICE_STASH_H 1
+
+#define RECORDLEN 1024
+
+krb5_error_code
+krb5_ldap_readpassword(krb5_context context, const char *filename,
+                       const char *name, char **password_out);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
new file mode 100644
index 00000000..4f48fd6a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -0,0 +1,498 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "ldap_main.h"
+#include "kdb_ldap.h"
+#include "ldap_tkt_policy.h"
+#include "ldap_err.h"
+
+/* Ticket policy object management */
+
+static void
+free_list(char **list)
+{
+    int i;
+
+    for (i = 0; list != NULL && list[i] != NULL; i++)
+        free(list[i]);
+    free(list);
+}
+
+/*
+ * create the Ticket policy object in Directory.
+ */
+krb5_error_code
+krb5_ldap_create_policy(krb5_context context, krb5_ldap_policy_params *policy,
+                        int mask)
+{
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    char                        *strval[3]={NULL}, *policy_dn = NULL;
+    LDAPMod                     **mods=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* validate the input parameters */
+    if (policy == NULL || policy->policy == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Ticket Policy Name missing"));
+        goto cleanup;
+    }
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
+        goto cleanup;
+
+    memset(strval, 0, sizeof(strval));
+    strval[0] = policy->policy;
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    memset(strval, 0, sizeof(strval));
+    strval[0] = "krbTicketPolicy";
+    strval[1] = "krbTicketPolicyaux";
+    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+        goto cleanup;
+
+    if (mask & LDAP_POLICY_MAXTKTLIFE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
+                                          policy->maxtktlife)) != 0)
+            goto cleanup;
+    }
+
+    if (mask & LDAP_POLICY_MAXRENEWLIFE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
+                                          policy->maxrenewlife)) != 0)
+            goto cleanup;
+    }
+
+    if (mask & LDAP_POLICY_TKTFLAGS) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD,
+                                          policy->tktflags)) != 0)
+            goto cleanup;
+    }
+
+    /* ldap add operation */
+    if ((st=ldap_add_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
+    }
+
+cleanup:
+    if (policy_dn != NULL)
+        free(policy_dn);
+
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+ * modify the Ticket policy object in Directory.
+ */
+
+krb5_error_code
+krb5_ldap_modify_policy(krb5_context context, krb5_ldap_policy_params *policy,
+                        int mask)
+{
+    int                         objectmask=0;
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    char                        *attrvalues[]={"krbTicketPolicy", "krbTicketPolicyAux", NULL}, *strval[2]={NULL};
+    char                        *policy_dn = NULL;
+    LDAPMod                     **mods=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* validate the input parameters */
+    if (policy == NULL || policy->policy==NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Ticket Policy Name missing"));
+        goto cleanup;
+    }
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
+        goto cleanup;
+
+    /* the policydn object should be of the krbTicketPolicy object class */
+    st = checkattributevalue(ld, policy_dn, "objectClass", attrvalues, &objectmask);
+    CHECK_CLASS_VALIDITY(st, objectmask, _("ticket policy object: "));
+
+    if ((objectmask & 0x02) == 0) { /* add krbticketpolicyaux to the object class list */
+        memset(strval, 0, sizeof(strval));
+        strval[0] = "krbTicketPolicyAux";
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+            goto cleanup;
+    }
+
+    if (mask & LDAP_POLICY_MAXTKTLIFE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE,
+                                          policy->maxtktlife)) != 0)
+            goto cleanup;
+    }
+
+    if (mask & LDAP_POLICY_MAXRENEWLIFE) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                          policy->maxrenewlife)) != 0)
+            goto cleanup;
+    }
+
+    if (mask & LDAP_POLICY_TKTFLAGS) {
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
+                                          policy->tktflags)) != 0)
+            goto cleanup;
+    }
+
+    if ((st=ldap_modify_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
+    }
+
+cleanup:
+    if (policy_dn != NULL)
+        free(policy_dn);
+
+    ldap_mods_free(mods, 1);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+ * Read the policy object from the Directory and populate the krb5_ldap_policy_params
+ * structure.
+ */
+
+krb5_error_code
+krb5_ldap_read_policy(krb5_context context, char *policyname,
+                      krb5_ldap_policy_params **policy, int *omask)
+{
+    krb5_error_code             st=0, tempst=0;
+    int                         objectmask=0, val=0;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL,*ent=NULL;
+    char                        *attributes[] = { "krbMaxTicketLife", "krbMaxRenewableAge", "krbTicketFlags", NULL};
+    char                        *attrvalues[] = { "krbTicketPolicy", NULL}, *policy_dn = NULL;
+    krb5_ldap_policy_params     *lpolicy=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    /* validate the input parameters */
+    if (policyname == NULL  || policy == NULL) {
+        st = EINVAL;
+        k5_setmsg(context, st, _("Ticket Policy Object information missing"));
+        goto cleanup;
+    }
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    if ((st = krb5_ldap_name_to_policydn (context, policyname, &policy_dn)) != 0)
+        goto cleanup;
+
+    /* the policydn object should be of the krbTicketPolicy object class */
+    st = checkattributevalue(ld, policy_dn, "objectClass", attrvalues, &objectmask);
+    CHECK_CLASS_VALIDITY(st, objectmask, _("ticket policy object: "));
+
+    /* Initialize ticket policy structure */
+    lpolicy =(krb5_ldap_policy_params *) malloc(sizeof(krb5_ldap_policy_params));
+    CHECK_NULL(lpolicy);
+    memset(lpolicy, 0, sizeof(krb5_ldap_policy_params));
+
+    if ((lpolicy->policy = strdup (policyname)) == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    lpolicy->tl_data = calloc (1, sizeof(*lpolicy->tl_data));
+    CHECK_NULL(lpolicy->tl_data);
+    lpolicy->tl_data->tl_data_type = KDB_TL_USER_INFO;
+
+    LDAP_SEARCH(policy_dn, LDAP_SCOPE_BASE, "(objectclass=krbTicketPolicy)", attributes);
+
+    *omask = 0;
+
+    ent=ldap_first_entry(ld, result);
+    if (ent != NULL) {
+        if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
+            lpolicy->maxtktlife = val;
+            *omask |= LDAP_POLICY_MAXTKTLIFE;
+        }
+        if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
+            lpolicy->maxrenewlife = val;
+            *omask |= LDAP_POLICY_MAXRENEWLIFE;
+        }
+        if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
+            lpolicy->tktflags = val;
+            *omask |= LDAP_POLICY_TKTFLAGS;
+        }
+    }
+
+    lpolicy->mask = *omask;
+    store_tl_data(lpolicy->tl_data, KDB_TL_MASK, omask);
+    *policy = lpolicy;
+
+cleanup:
+    if (st != 0) {
+        krb5_ldap_free_policy(context, lpolicy);
+        *policy = NULL;
+    }
+    free(policy_dn);
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+ * Function to delete ticket policy object from the directory.  Before
+ * calling this function krb5_ldap_read_policy should be called to
+ * check the existence of the object.  This serves one major purpose,
+ * i.e., if the object to be is anything other than the ticket policy
+ * object then the krb5_ldap_read_policy returns an error and thus is
+ * not accidentally deleted in this function.
+ *
+ * NOTE: Other kerberos objects (user/realm object) might be having
+ * references to the policy object to be deleted. This situation is
+ * not handled here, instead is taken care of at all the places where
+ * the deleted policy object is read, to ignore a return status of
+ * LDAP_NO_SUCH_OBJECT and continue.
+ */
+
+krb5_error_code
+krb5_ldap_delete_policy(krb5_context context, char *policyname)
+{
+    int                         refcount = 0;
+    char                        *policy_dn = NULL;
+    krb5_error_code             st = 0;
+    LDAP                        *ld = NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    if (policyname == NULL) {
+        st = EINVAL;
+        k5_prependmsg(context, st, _("Ticket Policy Object DN missing"));
+        goto cleanup;
+    }
+
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    if ((st = krb5_ldap_name_to_policydn (context, policyname, &policy_dn)) != 0)
+        goto cleanup;
+
+    /* Checking for policy count for 0 and will not permit delete if
+     * it is greater than 0.  */
+
+    if ((st = krb5_ldap_get_reference_count (context, policy_dn,
+                                             "krbTicketPolicyReference", &refcount, ld)) != 0)
+        goto cleanup;
+
+    if (refcount == 0) {
+        if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) {
+            k5_prependmsg(context, st, "%s", ldap_err2string(st));
+
+            goto cleanup;
+        }
+    } else {
+        st = EINVAL;
+        k5_prependmsg(context, st,
+                      _("Delete Failed: One or more Principals associated "
+                        "with the Ticket Policy"));
+        goto cleanup;
+    }
+
+cleanup:
+    if (policy_dn != NULL)
+        free (policy_dn);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
+
+
+/*
+ * list policy objects from Directory
+ */
+
+krb5_error_code
+krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
+{
+    int                         i, j, count;
+    char                        **list = NULL;
+    char                        *policycontainerdn = containerdn;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_error_code             st=0;
+
+    SETUP_CONTEXT();
+    if (policycontainerdn == NULL) {
+        policycontainerdn = ldap_context->lrparams->realmdn;
+    }
+
+    if ((st = krb5_ldap_list(context, &list, "krbTicketPolicy", policycontainerdn)) != 0)
+        goto cleanup;
+
+    for (i = 0; list[i] != NULL; i++);
+
+    count = i;
+
+    *policy = (char **) calloc ((unsigned) count + 1, sizeof(char *));
+    if (*policy == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    for (i = 0, j = 0; list[i] != NULL; i++, j++) {
+        int ret;
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        if (ret != 0)
+            j--;
+    }
+
+cleanup:
+    free_list(list);
+    return st;
+}
+
+/*
+ * Function to free the ticket policy object structure.
+ * Note: this function assumes that memory of the policy structure is dynamically allocated and hence the whole
+ * structure is freed up. Care should be taken not to call this function on a static structure
+ */
+
+krb5_error_code
+krb5_ldap_free_policy(krb5_context context, krb5_ldap_policy_params *policy)
+{
+
+    krb5_error_code st=0;
+
+    if (policy == NULL)
+        return st;
+
+    if (policy->policy)
+        free (policy->policy);
+
+    if (policy->tl_data) {
+        if (policy->tl_data->tl_data_contents)
+            free (policy->tl_data->tl_data_contents);
+        free (policy->tl_data);
+    }
+    free (policy);
+
+    return st;
+}
+
+/*
+ * This function is general object listing routine.  It is currently
+ * used for ticket policy object listing.
+ */
+
+krb5_error_code
+krb5_ldap_list(krb5_context context, char ***list, char *objectclass,
+               char *containerdn)
+{
+    char                        *filter=NULL, *dn=NULL;
+    krb5_error_code             st=0, tempst=0;
+    int                         count=0, filterlen=0;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL,*ent=NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+
+    SETUP_CONTEXT();
+    GET_HANDLE();
+
+    /* check if the containerdn exists */
+    if (containerdn) {
+        if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) {
+            k5_prependmsg(context, st, _("Error reading container object"));
+            goto cleanup;
+        }
+    }
+
+    /* set the filter for the search operation */
+    filterlen = strlen("(objectclass=") + strlen(objectclass) + 1 + 1;
+    filter = malloc ((unsigned) filterlen);
+    if (filter == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+    snprintf(filter, (unsigned) filterlen,"(objectclass=%s)",objectclass);
+
+    LDAP_SEARCH(containerdn, LDAP_SCOPE_SUBTREE, filter, NULL);
+
+    count = ldap_count_entries(ld, result);
+    if (count == -1) {
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
+        st = set_ldap_error(context, st, OP_SEARCH);
+        goto cleanup;
+    }
+    *list = (char **) calloc ((unsigned) count+1, sizeof(char *));
+    if (*list == NULL) {
+        st = ENOMEM;
+        goto cleanup;
+    }
+
+    for (ent=ldap_first_entry(ld, result), count=0; ent != NULL; ent=ldap_next_entry(ld, ent), ++count) {
+        if ((dn=ldap_get_dn(ld, ent)) == NULL)
+            continue;
+        if (((*list)[count] = strdup(dn)) == NULL) {
+            ldap_memfree (dn);
+            st = ENOMEM;
+            goto cleanup;
+        }
+        ldap_memfree(dn);
+    }
+
+cleanup:
+    if (filter)
+        free (filter);
+
+    /* some error, free up all the memory */
+    if (st != 0) {
+        free_list(*list);
+        *list = NULL;
+    }
+    ldap_msgfree(result);
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
new file mode 100644
index 00000000..712adae4
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
@@ -0,0 +1,75 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h */
+/*
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LDAP_POLICY_H
+#define _LDAP_POLICY_H 1
+
+/* policy specific mask */
+
+#define LDAP_POLICY_MAXTKTLIFE        0x0001
+#define LDAP_POLICY_MAXRENEWLIFE      0x0002
+#define LDAP_POLICY_TKTFLAGS          0x0004
+#define LDAP_POLICY_COUNT             0x0008
+/* policy object structure */
+
+typedef struct _krb5_ldap_policy_params {
+    char                  *policy;
+    long                  mask;
+    long                  maxtktlife;
+    long                  maxrenewlife;
+    long                  tktflags;
+    krb5_tl_data          *tl_data;
+}krb5_ldap_policy_params;
+
+krb5_error_code
+krb5_ldap_create_policy(krb5_context, krb5_ldap_policy_params *, int);
+
+krb5_error_code
+krb5_ldap_modify_policy(krb5_context, krb5_ldap_policy_params *, int);
+
+krb5_error_code
+krb5_ldap_read_policy(krb5_context, char *, krb5_ldap_policy_params **, int *);
+
+krb5_error_code
+krb5_ldap_delete_policy(krb5_context, char *);
+
+krb5_error_code
+krb5_ldap_clear_policy(krb5_context, char *);
+
+krb5_error_code
+krb5_ldap_list_policy(krb5_context, char *, char ***);
+
+krb5_error_code
+krb5_ldap_free_policy(krb5_context, krb5_ldap_policy_params *);
+
+krb5_error_code
+krb5_ldap_change_count(krb5_context, char *, int);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
new file mode 100644
index 00000000..5376d345
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
@@ -0,0 +1,41 @@
+krb5_ldap_open
+krb5_ldap_close
+krb5_ldap_db_init
+krb5_ldap_lib_init
+krb5_ldap_lib_cleanup
+krb5_ldap_get_age
+krb5_ldap_read_server_params
+krb5_ldap_put_principal
+krb5_ldap_get_principal
+krb5_ldap_delete_principal
+krb5_ldap_rename_principal
+krb5_ldap_iterate
+krb5_ldap_read_krbcontainer_dn
+krb5_ldap_list_realm
+krb5_ldap_read_realm_params
+krb5_ldap_free_realm_params
+krb5_ldap_modify_realm
+krb5_ldap_create_krbcontainer
+krb5_ldap_create_realm
+krb5_ldap_delete_realm
+krb5_ldap_list_policy
+krb5_ldap_free_policy
+krb5_ldap_read_policy
+krb5_ldap_modify_policy
+krb5_ldap_delete_policy
+krb5_ldap_create_policy
+krb5_ldap_create_password_policy
+krb5_ldap_put_password_policy
+krb5_ldap_get_password_policy
+krb5_ldap_delete_password_policy
+krb5_ldap_iterate_password_policy
+krb5_dbe_free_contents
+krb5_ldap_free_server_params
+krb5_ldap_free_server_context_params
+krb5_ldap_delete_realm_1
+krb5_ldap_lock
+krb5_ldap_unlock
+krb5_ldap_create
+krb5_ldap_check_policy_as
+krb5_ldap_audit_as_req
+krb5_ldap_check_allowed_to_delegate
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
new file mode 100644
index 00000000..094b8902
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
@@ -0,0 +1,220 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/ldap/libkdb_ldap/lockout.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+#include <kdb.h>
+
+#include "kdb_ldap.h"
+#include "princ_xdr.h"
+#include "ldap_principal.h"
+#include "ldap_pwd_policy.h"
+#include "ldap_tkt_policy.h"
+
+static krb5_error_code
+lookup_lockout_policy(krb5_context context,
+                      krb5_db_entry *entry,
+                      krb5_kvno *pw_max_fail,
+                      krb5_deltat *pw_failcnt_interval,
+                      krb5_deltat *pw_lockout_duration)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    osa_princ_ent_rec adb;
+
+    *pw_max_fail = 0;
+    *pw_failcnt_interval = 0;
+    *pw_lockout_duration = 0;
+
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+
+    code = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (code != 0 || tl_data.tl_data_length == 0)
+        return code;
+
+    memset(&adb, 0, sizeof(adb));
+
+    code = krb5_lookup_tl_kadm_data(&tl_data, &adb);
+    if (code != 0)
+        return code;
+
+    if (adb.policy != NULL) {
+        osa_policy_ent_t policy = NULL;
+
+        code = krb5_ldap_get_password_policy(context, adb.policy, &policy);
+        if (code == 0) {
+            *pw_max_fail = policy->pw_max_fail;
+            *pw_failcnt_interval = policy->pw_failcnt_interval;
+            *pw_lockout_duration = policy->pw_lockout_duration;
+        }
+        krb5_db_free_policy(context, policy);
+    }
+
+    ldap_osa_free_princ_ent(&adb);
+
+    return 0;
+}
+
+/* draft-behera-ldap-password-policy-10.txt 7.1 */
+static krb5_boolean
+locked_check_p(krb5_context context,
+               krb5_timestamp stamp,
+               krb5_kvno max_fail,
+               krb5_timestamp lockout_duration,
+               krb5_db_entry *entry)
+{
+    krb5_timestamp unlock_time;
+
+    /* If the entry was unlocked since the last failure, it's not locked. */
+    if (krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time) == 0 &&
+        !ts_after(entry->last_failed, unlock_time))
+        return FALSE;
+
+    if (max_fail == 0 || entry->fail_auth_count < max_fail)
+        return FALSE;
+
+    if (lockout_duration == 0)
+        return TRUE; /* principal permanently locked */
+
+    return ts_after(ts_incr(entry->last_failed, lockout_duration), stamp);
+}
+
+krb5_error_code
+krb5_ldap_lockout_check_policy(krb5_context context,
+                               krb5_db_entry *entry,
+                               krb5_timestamp stamp)
+{
+    krb5_error_code code;
+    kdb5_dal_handle *dal_handle;
+    krb5_ldap_context *ldap_context;
+    krb5_kvno max_fail = 0;
+    krb5_deltat failcnt_interval = 0;
+    krb5_deltat lockout_duration = 0;
+
+    SETUP_CONTEXT();
+    if (ldap_context->disable_lockout)
+        return 0;
+
+    code = lookup_lockout_policy(context, entry, &max_fail,
+                                 &failcnt_interval,
+                                 &lockout_duration);
+    if (code != 0)
+        return code;
+
+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+        return KRB5KDC_ERR_CLIENT_REVOKED;
+
+    return 0;
+}
+
+krb5_error_code
+krb5_ldap_lockout_audit(krb5_context context,
+                        krb5_db_entry *entry,
+                        krb5_timestamp stamp,
+                        krb5_error_code status)
+{
+    krb5_error_code code;
+    kdb5_dal_handle *dal_handle;
+    krb5_ldap_context *ldap_context;
+    krb5_kvno max_fail = 0;
+    krb5_deltat failcnt_interval = 0;
+    krb5_deltat lockout_duration = 0;
+    krb5_timestamp unlock_time;
+
+    SETUP_CONTEXT();
+
+    switch (status) {
+    case 0:
+    case KRB5KDC_ERR_PREAUTH_FAILED:
+    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+        break;
+    default:
+        return 0;
+    }
+
+    if (entry == NULL)
+        return 0;
+
+    if (!ldap_context->disable_lockout) {
+        code = lookup_lockout_policy(context, entry, &max_fail,
+                                     &failcnt_interval,
+                                     &lockout_duration);
+        if (code != 0)
+            return code;
+    }
+
+    /*
+     * Don't continue to modify the DB for an already locked account.
+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
+     * this check is unneeded, but in rare cases, we can fail with an
+     * integrity error or preauth failure before a policy check.)
+     */
+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+        return 0;
+
+    entry->mask = 0;
+
+    /* Only mark the authentication as successful if the entry
+     * required preauthentication, otherwise we have no idea. */
+    if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
+        if (!ldap_context->disable_lockout && entry->fail_auth_count != 0) {
+            entry->fail_auth_count = 0;
+            entry->mask |= KADM5_FAIL_AUTH_COUNT;
+        }
+        if (!ldap_context->disable_last_success) {
+            entry->last_success = stamp;
+            entry->mask |= KADM5_LAST_SUCCESS;
+        }
+    } else if (!ldap_context->disable_lockout &&
+               (status == KRB5KDC_ERR_PREAUTH_FAILED ||
+                status == KRB5KRB_AP_ERR_BAD_INTEGRITY)) {
+        if (krb5_dbe_lookup_last_admin_unlock(context, entry,
+                                              &unlock_time) == 0 &&
+            !ts_after(entry->last_failed, unlock_time)) {
+            /* Reset fail_auth_count after administrative unlock. */
+            entry->fail_auth_count = 0;
+            entry->mask |= KADM5_FAIL_AUTH_COUNT;
+        }
+
+        if (failcnt_interval != 0 &&
+            ts_after(stamp, ts_incr(entry->last_failed, failcnt_interval))) {
+            /* Reset fail_auth_count after failcnt_interval */
+            entry->fail_auth_count = 0;
+            entry->mask |= KADM5_FAIL_AUTH_COUNT;
+        }
+
+        entry->last_failed = stamp;
+        entry->mask |= KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT_INCREMENT;
+    }
+
+    if (entry->mask) {
+        code = krb5_ldap_put_principal(context, entry, NULL);
+        if (code != 0)
+            return code;
+    }
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
new file mode 100644
index 00000000..20c399d9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
@@ -0,0 +1,55 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#include "kdb_ldap.h"
+#include "ldap_principal.h"
+#include "princ_xdr.h"
+#include <kadm5/admin.h>
+#include <kadm5/server_internal.h>
+
+void
+ldap_osa_free_princ_ent(osa_princ_ent_t val)
+{
+    XDR xdrs;
+
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+    xdr_osa_princ_ent_rec(&xdrs, val);
+    xdr_destroy(&xdrs);
+}
+
+krb5_error_code
+krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data, osa_princ_ent_rec *princ_entry)
+{
+
+    XDR xdrs;
+
+    xdrmem_create(&xdrs, (caddr_t)tl_data->tl_data_contents,
+                  tl_data->tl_data_length, XDR_DECODE);
+    if (!xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
+        xdr_destroy(&xdrs);
+        return KADM5_XDR_FAILURE;
+    }
+    xdr_destroy(&xdrs);
+
+    return 0;
+}
+
+krb5_error_code
+krb5_update_tl_kadm_data(krb5_context context, krb5_db_entry *entry,
+                         osa_princ_ent_rec *princ_entry)
+{
+    XDR xdrs;
+    krb5_tl_data tl_data;
+    krb5_error_code retval;
+
+    xdralloc_create(&xdrs, XDR_ENCODE);
+    if (!xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
+        xdr_destroy(&xdrs);
+        return KADM5_XDR_FAILURE;
+    }
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+    tl_data.tl_data_length = xdr_getpos(&xdrs);
+    tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
+    retval = krb5_dbe_update_tl_data(context, entry, &tl_data);
+    xdr_destroy(&xdrs);
+    return retval;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
new file mode 100644
index 00000000..29e9b80e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
@@ -0,0 +1,21 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#ifndef _PRINC_XDR_H
+#define _PRINC_XDR_H 1
+
+#include <krb5.h>
+#include <kdb.h>
+#include <kadm5/server_internal.h>
+
+void
+ldap_osa_free_princ_ent(osa_princ_ent_t val);
+
+krb5_error_code
+krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data,
+                         osa_princ_ent_rec *princ_entry);
+
+krb5_error_code
+krb5_update_tl_kadm_data(krb5_context context, krb5_db_entry *entry,
+                         osa_princ_ent_rec *princ_entry);
+
+#endif
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/Makefile.in b/krb5-1.21.3/src/plugins/kdb/lmdb/Makefile.in
new file mode 100644
index 00000000..8e68b17d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/Makefile.in
@@ -0,0 +1,27 @@
+mydir=plugins$(S)kdb$(S)lmdb
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_DB_MODULE_DIR)
+
+LOCALINCLUDES = -I$(srcdir)/../../../lib/kdb
+
+LIBBASE=klmdb
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kdb/lmdb
+# Depends on libk5crypto and libkrb5
+# Also on gssrpc, for xdr stuff.
+SHLIB_EXPDEPS = $(KADMSRV_DEPLIBS) $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS = $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(LMDB_LIBS)
+
+DBDIR = liblmdb
+
+SRCS=$(srcdir)/kdb_lmdb.c $(srcdir)/lockout.c $(srcdir)/marshal.c
+
+STLIBOBJS=kdb_lmdb.o lockout.o marshal.o
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/deps b/krb5-1.21.3/src/plugins/kdb/lmdb/deps
new file mode 100644
index 00000000..e4212f79
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/deps
@@ -0,0 +1,53 @@
+#
+# Generated makefile dependencies follow.
+#
+kdb_lmdb.so kdb_lmdb.po $(OUTPRE)kdb_lmdb.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../../lib/kdb/kdb5.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_lmdb.c klmdb-int.h
+lockout.so lockout.po $(OUTPRE)lockout.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  klmdb-int.h lockout.c
+marshal.so marshal.po $(OUTPRE)marshal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h klmdb-int.h marshal.c
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/kdb_lmdb.c b/krb5-1.21.3/src/plugins/kdb/lmdb/kdb_lmdb.c
new file mode 100644
index 00000000..bd288e22
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/kdb_lmdb.c
@@ -0,0 +1,1143 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/lmdb/klmdb.c - KDB module using LMDB */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Thread-safety note: unlike the other two in-tree KDB modules, this module
+ * performs no mutex locking to ensure thread safety.  As the KDC and kadmind
+ * are single-threaded, and applications are not allowed to access the same
+ * krb5_context in multiple threads simultaneously, there is no current need
+ * for this code to be thread-safe.  If a need arises in the future, mutex
+ * locking should be added around the read_txn and load_txn fields of
+ * lmdb_context to ensure that only one thread at a time accesses those
+ * transactions.
+ */
+
+/*
+ * This KDB module stores principal and policy data using LMDB (Lightning
+ * Memory-Mapped Database).  We use two LMDB environments, the first to hold
+ * the majority of principal and policy data (suffix ".mdb") in the "principal"
+ * and "policy" databases, and the second to hold the three non-replicated
+ * account lockout attributes (suffix ".lockout.mdb") in the "lockout"
+ * database.  The KDC only needs to write to the lockout database.
+ *
+ * For iteration we create a read transaction in the main environment for the
+ * cursor.  Because the iteration callback might need to create its own
+ * transactions for write operations (e.g. for kdb5_util
+ * update_princ_encryption), we set the MDB_NOTLS flag on the main environment,
+ * so that a thread can hold multiple transactions.
+ *
+ * To mitigate the overhead from MDB_NOTLS, we keep around a read_txn handle
+ * in the database context for get operations, using mdb_txn_reset() and
+ * mdb_txn_renew() between calls.
+ *
+ * For database loads, kdb5_util calls the create() method with the "temporary"
+ * db_arg, and then promotes the finished contents at the end with the
+ * promote_db() method.  In this case we create or open the same LMDB
+ * environments as above, open a write_txn handle for the lifetime of the
+ * context, and empty out the principal and policy databases.  On promote_db()
+ * we commit the transaction.  We do not empty the lockout database and write
+ * to it non-transactionally during the load so that we don't block writes by
+ * the KDC; this isn't ideal if the load is aborted, but it shouldn't cause any
+ * practical issues.
+ *
+ * For iprop loads, kdb5_util also includes the "merge_nra" db_arg, signifying
+ * that the lockout attributes from existing principal entries should be
+ * preserved.  This attribute is noted in the LMDB context, and put_principal
+ * operations will not write to the lockout database if an existing lockout
+ * entry is already present for the principal.
+ */
+
+#include "k5-int.h"
+#include <kadm5/admin.h>
+#include "kdb5.h"
+#include "klmdb-int.h"
+#include <lmdb.h>
+
+/* The presence of any of these mask bits indicates a change to one of the
+ * three principal lockout attributes. */
+#define LOCKOUT_MASK (KADM5_LAST_SUCCESS | KADM5_LAST_FAILED |  \
+                      KADM5_FAIL_AUTH_COUNT)
+
+/* The default map size (for both environments) in megabytes. */
+#define DEFAULT_MAPSIZE 128
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
+typedef struct {
+    char *path;
+    char *lockout_path;
+    krb5_boolean temporary;     /* save changes until promote_db */
+    krb5_boolean merge_nra;     /* preserve existing lockout attributes */
+    krb5_boolean disable_last_success;
+    krb5_boolean disable_lockout;
+    krb5_boolean nosync;
+    size_t mapsize;
+    unsigned int maxreaders;
+
+    MDB_env *env;
+    MDB_env *lockout_env;
+    MDB_dbi princ_db;
+    MDB_dbi policy_db;
+    MDB_dbi lockout_db;
+
+    /* Used for get operations; each transaction is short-lived but we save the
+     * handle between calls to reduce overhead from MDB_NOTLS. */
+    MDB_txn *read_txn;
+
+    /* Write transaction for load operations (create() with the "temporary"
+     * db_arg).  */
+    MDB_txn *load_txn;
+} klmdb_context;
+
+static krb5_error_code
+klerr(krb5_context context, int err, const char *msg)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+
+    /* Pass through system errors; map MDB errors to a com_err code. */
+    ret = (err > 0) ? err : KRB5_KDB_ACCESS_ERROR;
+
+    k5_setmsg(context, ret, _("%s (path: %s): %s"), msg, dbc->path,
+              mdb_strerror(err));
+    return ret;
+}
+
+/* Using db_args and the profile, create a DB context inside context and
+ * initialize its configurable parameters. */
+static krb5_error_code
+configure_context(krb5_context context, const char *conf_section,
+                  char *const *db_args)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc;
+    char *pval = NULL;
+    const char *path = NULL;
+    profile_t profile = context->profile;
+    int i, bval, ival;
+
+    dbc = k5alloc(sizeof(*dbc), &ret);
+    if (dbc == NULL)
+        return ret;
+    context->dal_handle->db_context = dbc;
+
+    for (i = 0; db_args != NULL && db_args[i] != NULL; i++) {
+        if (strcmp(db_args[i], "temporary") == 0) {
+            dbc->temporary = TRUE;
+        } else if (strcmp(db_args[i], "merge_nra") == 0) {
+            dbc->merge_nra = TRUE;
+        } else if (strncmp(db_args[i], "dbname=", 7) == 0) {
+            path = db_args[i] + 7;
+        } else {
+            ret = EINVAL;
+            k5_setmsg(context, ret, _("Unsupported argument \"%s\" for LMDB"),
+                      db_args[i]);
+            goto cleanup;
+        }
+    }
+
+    if (path == NULL) {
+        /* Check for database_name in the db_module section. */
+        ret = profile_get_string(profile, KDB_MODULE_SECTION, conf_section,
+                                 KRB5_CONF_DATABASE_NAME, NULL, &pval);
+        if (!ret && pval == NULL) {
+            /* For compatibility, check for database_name in the realm. */
+            ret = profile_get_string(profile, KDB_REALM_SECTION,
+                                     KRB5_DB_GET_REALM(context),
+                                     KRB5_CONF_DATABASE_NAME, DEFAULT_KDB_FILE,
+                                     &pval);
+        }
+        if (ret)
+            goto cleanup;
+        path = pval;
+    }
+
+    if (asprintf(&dbc->path, "%s.mdb", path) < 0) {
+        dbc->path = NULL;
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    if (asprintf(&dbc->lockout_path, "%s.lockout.mdb", path) < 0) {
+        dbc->lockout_path = NULL;
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    ret = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
+                              KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval);
+    if (ret)
+        goto cleanup;
+    dbc->disable_last_success = bval;
+
+    ret = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
+                              KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval);
+    if (ret)
+        goto cleanup;
+    dbc->disable_lockout = bval;
+
+    ret = profile_get_integer(profile, KDB_MODULE_SECTION, conf_section,
+                              KRB5_CONF_MAPSIZE, DEFAULT_MAPSIZE, &ival);
+    if (ret)
+        goto cleanup;
+    dbc->mapsize = (size_t)ival * 1024 * 1024;
+
+    ret = profile_get_integer(profile, KDB_MODULE_SECTION, conf_section,
+                              KRB5_CONF_MAX_READERS, 0, &ival);
+    if (ret)
+        goto cleanup;
+    dbc->maxreaders = ival;
+
+    ret = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
+                              KRB5_CONF_NOSYNC, FALSE, &bval);
+    if (ret)
+        goto cleanup;
+    dbc->nosync = bval;
+
+cleanup:
+    profile_release_string(pval);
+    return ret;
+}
+
+static krb5_error_code
+open_lmdb_env(krb5_context context, klmdb_context *dbc,
+              krb5_boolean is_lockout, krb5_boolean readonly,
+              MDB_env **env_out)
+{
+    krb5_error_code ret;
+    const char *path = is_lockout ? dbc->lockout_path : dbc->path;
+    unsigned int flags;
+    MDB_env *env = NULL;
+    int err;
+
+    *env_out = NULL;
+
+    err = mdb_env_create(&env);
+    if (err)
+        goto lmdb_error;
+
+    /* Use a pair of files instead of a subdirectory. */
+    flags = MDB_NOSUBDIR;
+
+    /*
+     * For the primary database, tie read transaction locktable slots to the
+     * transaction and not the thread, so read transactions for iteration
+     * cursors can coexist with short-lived transactions for operations invoked
+     * by the iteration callback..
+     */
+    if (!is_lockout)
+        flags |= MDB_NOTLS;
+
+    if (readonly)
+        flags |= MDB_RDONLY;
+
+    /* Durability for lockout records is never worth the performance penalty.
+     * For the primary environment it might be, so we make it configurable. */
+    if (is_lockout || dbc->nosync)
+        flags |= MDB_NOSYNC;
+
+    /* We use one database in the lockout env, two in the primary env. */
+    err = mdb_env_set_maxdbs(env, is_lockout ? 1 : 2);
+    if (err)
+        goto lmdb_error;
+
+    if (dbc->mapsize) {
+        err = mdb_env_set_mapsize(env, dbc->mapsize);
+        if (err)
+            goto lmdb_error;
+    }
+
+    if (dbc->maxreaders) {
+        err = mdb_env_set_maxreaders(env, dbc->maxreaders);
+        if (err)
+            goto lmdb_error;
+    }
+
+    err = mdb_env_open(env, path, flags, S_IRUSR | S_IWUSR);
+    if (err)
+        goto lmdb_error;
+
+    *env_out = env;
+    return 0;
+
+lmdb_error:
+    ret = klerr(context, err, _("LMDB environment open failure"));
+    mdb_env_close(env);
+    return ret;
+}
+
+/* Read a key from the primary environment, using a saved read transaction from
+ * the database context.  Return KRB5_KDB_NOENTRY if the key is not found. */
+static krb5_error_code
+fetch(krb5_context context, MDB_dbi db, MDB_val *key, MDB_val *val_out)
+{
+    krb5_error_code ret = 0;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    int err;
+
+    if (dbc->read_txn == NULL)
+        err = mdb_txn_begin(dbc->env, NULL, MDB_RDONLY, &dbc->read_txn);
+    else
+        err = mdb_txn_renew(dbc->read_txn);
+
+    if (!err)
+        err = mdb_get(dbc->read_txn, db, key, val_out);
+
+    if (err == MDB_NOTFOUND)
+        ret = KRB5_KDB_NOENTRY;
+    else if (err)
+        ret = klerr(context, err, _("LMDB read failure"));
+
+    mdb_txn_reset(dbc->read_txn);
+    return ret;
+}
+
+/* If we are using a lockout database, try to fetch the lockout attributes for
+ * key and set them in entry. */
+static void
+fetch_lockout(krb5_context context, MDB_val *key, krb5_db_entry *entry)
+{
+    klmdb_context *dbc = context->dal_handle->db_context;
+    MDB_txn *txn = NULL;
+    MDB_val val;
+    int err;
+
+    if (dbc->lockout_env == NULL)
+        return;
+    err = mdb_txn_begin(dbc->lockout_env, NULL, MDB_RDONLY, &txn);
+    if (!err)
+        err = mdb_get(txn, dbc->lockout_db, key, &val);
+    if (!err && val.mv_size >= LOCKOUT_RECORD_LEN)
+        klmdb_decode_princ_lockout(context, entry, val.mv_data);
+    mdb_txn_abort(txn);
+}
+
+/*
+ * Store a value for key in the specified database within the primary
+ * environment.  Use the saved load transaction if one is present, or a
+ * temporary write transaction if not.  If no_overwrite is true and the key
+ * already exists, return KRB5_KDB_INUSE.  If must_overwrite is true and the
+ * key does not already exist, return KRB5_KDB_NOENTRY.
+ */
+static krb5_error_code
+put(krb5_context context, MDB_dbi db, char *keystr, uint8_t *bytes, size_t len,
+    krb5_boolean no_overwrite, krb5_boolean must_overwrite)
+{
+    klmdb_context *dbc = context->dal_handle->db_context;
+    unsigned int putflags = no_overwrite ? MDB_NOOVERWRITE : 0;
+    MDB_txn *temp_txn = NULL, *txn;
+    MDB_val key = { strlen(keystr), keystr }, val = { len, bytes }, dummy;
+    int err;
+
+    if (dbc->load_txn != NULL) {
+        txn = dbc->load_txn;
+    } else {
+        err = mdb_txn_begin(dbc->env, NULL, 0, &temp_txn);
+        if (err)
+            goto error;
+        txn = temp_txn;
+    }
+
+    if (must_overwrite && mdb_get(txn, db, &key, &dummy) == MDB_NOTFOUND) {
+        mdb_txn_abort(temp_txn);
+        return KRB5_KDB_NOENTRY;
+    }
+
+    err = mdb_put(txn, db, &key, &val, putflags);
+    if (err)
+        goto error;
+
+    if (temp_txn != NULL) {
+        err = mdb_txn_commit(temp_txn);
+        temp_txn = NULL;
+        if (err)
+            goto error;
+    }
+
+    return 0;
+
+error:
+    mdb_txn_abort(temp_txn);
+    if (err == MDB_KEYEXIST)
+        return KRB5_KDB_INUSE;
+    else
+        return klerr(context, err, _("LMDB write failure"));
+}
+
+/* Delete an entry from the specified env and database, using a temporary write
+ * transaction.  Return KRB5_KDB_NOENTRY if the key does not exist. */
+static krb5_error_code
+del(krb5_context context, MDB_env *env, MDB_dbi db, char *keystr)
+{
+    krb5_error_code ret = 0;
+    MDB_txn *txn = NULL;
+    MDB_val key = { strlen(keystr), keystr };
+    int err;
+
+    err = mdb_txn_begin(env, NULL, 0, &txn);
+    if (!err)
+        err = mdb_del(txn, db, &key, NULL);
+    if (!err) {
+        err = mdb_txn_commit(txn);
+        txn = NULL;
+    }
+
+    if (err == MDB_NOTFOUND)
+        ret = KRB5_KDB_NOENTRY;
+    else if (err)
+        ret = klerr(context, err, _("LMDB delete failure"));
+
+    mdb_txn_abort(txn);
+    return ret;
+}
+
+/* Zero out and unlink filename. */
+static krb5_error_code
+destroy_file(const char *filename)
+{
+    krb5_error_code ret;
+    struct stat st;
+    ssize_t len;
+    off_t pos;
+    uint8_t buf[BUFSIZ], zbuf[BUFSIZ] = { 0 };
+    int fd;
+
+    fd = open(filename, O_RDWR | O_CLOEXEC, 0);
+    if (fd < 0)
+        return errno;
+    set_cloexec_fd(fd);
+    if (fstat(fd, &st) == -1)
+        goto error;
+
+    memset(zbuf, 0, BUFSIZ);
+    pos = 0;
+    while (pos < st.st_size) {
+        len = read(fd, buf, BUFSIZ);
+        if (len < 0)
+            goto error;
+        /* Only rewrite the block if it's not already zeroed, in case the file
+         * is sparse. */
+        if (memcmp(buf, zbuf, len) != 0) {
+            (void)lseek(fd, pos, SEEK_SET);
+            len = write(fd, zbuf, len);
+            if (len < 0)
+                goto error;
+        }
+        pos += len;
+    }
+    close(fd);
+
+    if (unlink(filename) != 0)
+        return errno;
+    return 0;
+
+error:
+    ret = errno;
+    close(fd);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_lib_init()
+{
+    return 0;
+}
+
+static krb5_error_code
+klmdb_lib_cleanup()
+{
+    return 0;
+}
+
+static krb5_error_code
+klmdb_fini(krb5_context context)
+{
+    klmdb_context *dbc;
+
+    dbc = context->dal_handle->db_context;
+    if (dbc == NULL)
+        return 0;
+    mdb_txn_abort(dbc->read_txn);
+    mdb_txn_abort(dbc->load_txn);
+    mdb_env_close(dbc->env);
+    mdb_env_close(dbc->lockout_env);
+    free(dbc->path);
+    free(dbc->lockout_path);
+    free(dbc);
+    context->dal_handle->db_context = NULL;
+    return 0;
+}
+
+static krb5_error_code
+klmdb_open(krb5_context context, char *conf_section, char **db_args, int mode)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc;
+    krb5_boolean readonly;
+    MDB_txn *txn = NULL;
+    struct stat st;
+    int err;
+
+    if (context->dal_handle->db_context != NULL)
+        return 0;
+
+    ret = configure_context(context, conf_section, db_args);
+    if (ret)
+        return ret;
+    dbc = context->dal_handle->db_context;
+
+    if (stat(dbc->path, &st) != 0) {
+        ret = ENOENT;
+        k5_setmsg(context, ret, _("LMDB file %s does not exist"), dbc->path);
+        goto error;
+    }
+
+    /* Open the primary environment and databases.  The KDC can open this
+     * environment read-only. */
+    readonly = (mode & KRB5_KDB_OPEN_RO) || (mode & KRB5_KDB_SRV_TYPE_KDC);
+    ret = open_lmdb_env(context, dbc, FALSE, readonly, &dbc->env);
+    if (ret)
+        goto error;
+    err = mdb_txn_begin(dbc->env, NULL, MDB_RDONLY, &txn);
+    if (err)
+        goto lmdb_error;
+    err = mdb_dbi_open(txn, "principal", 0, &dbc->princ_db);
+    if (err)
+        goto lmdb_error;
+    err = mdb_dbi_open(txn, "policy", 0, &dbc->policy_db);
+    if (err)
+        goto lmdb_error;
+    err = mdb_txn_commit(txn);
+    txn = NULL;
+    if (err)
+        goto lmdb_error;
+
+    /* Open the lockout environment and database if we will need it. */
+    if (!dbc->disable_last_success || !dbc->disable_lockout) {
+        readonly = !!(mode & KRB5_KDB_OPEN_RO);
+        ret = open_lmdb_env(context, dbc, TRUE, readonly, &dbc->lockout_env);
+        if (ret)
+            goto error;
+        err = mdb_txn_begin(dbc->lockout_env, NULL, MDB_RDONLY, &txn);
+        if (err)
+            goto lmdb_error;
+        err = mdb_dbi_open(txn, "lockout", 0, &dbc->lockout_db);
+        if (err)
+            goto lmdb_error;
+        err = mdb_txn_commit(txn);
+        txn = NULL;
+        if (err)
+            goto lmdb_error;
+    }
+
+    return 0;
+
+lmdb_error:
+    ret = klerr(context, err, _("LMDB open failure"));
+error:
+    mdb_txn_abort(txn);
+    klmdb_fini(context);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_create(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc;
+    MDB_txn *txn = NULL;
+    struct stat st;
+    int err;
+
+    if (context->dal_handle->db_context != NULL)
+        return 0;
+
+    ret = configure_context(context, conf_section, db_args);
+    if (ret)
+        return ret;
+    dbc = context->dal_handle->db_context;
+
+    if (!dbc->temporary) {
+        if (stat(dbc->path, &st) == 0) {
+            ret = ENOENT;
+            k5_setmsg(context, ret, _("LMDB file %s already exists"),
+                      dbc->path);
+            goto error;
+        }
+    }
+
+    /* Open (and create if necessary) the LMDB environments. */
+    ret = open_lmdb_env(context, dbc, FALSE, FALSE, &dbc->env);
+    if (ret)
+        goto error;
+    ret = open_lmdb_env(context, dbc, TRUE, FALSE, &dbc->lockout_env);
+    if (ret)
+        goto error;
+
+    /* Open the primary databases, creating them if they don't exist. */
+    err = mdb_txn_begin(dbc->env, NULL, 0, &txn);
+    if (err)
+        goto lmdb_error;
+    err = mdb_dbi_open(txn, "principal", MDB_CREATE, &dbc->princ_db);
+    if (err)
+        goto lmdb_error;
+    err = mdb_dbi_open(txn, "policy", MDB_CREATE, &dbc->policy_db);
+    if (err)
+        goto lmdb_error;
+    err = mdb_txn_commit(txn);
+    txn = NULL;
+    if (err)
+        goto lmdb_error;
+
+    /* Create the lockout database if it doesn't exist. */
+    err = mdb_txn_begin(dbc->lockout_env, NULL, 0, &txn);
+    if (err)
+        goto lmdb_error;
+    err = mdb_dbi_open(txn, "lockout", MDB_CREATE, &dbc->lockout_db);
+    if (err)
+        goto lmdb_error;
+    err = mdb_txn_commit(txn);
+    txn = NULL;
+    if (err)
+        goto lmdb_error;
+
+    if (dbc->temporary) {
+        /* Create a load transaction and empty the primary databases within
+         * it. */
+        err = mdb_txn_begin(dbc->env, NULL, 0, &dbc->load_txn);
+        if (err)
+            goto lmdb_error;
+        err = mdb_drop(dbc->load_txn, dbc->princ_db, 0);
+        if (err)
+            goto lmdb_error;
+        err = mdb_drop(dbc->load_txn, dbc->policy_db, 0);
+        if (err)
+            goto lmdb_error;
+    }
+
+    /* Close the lockout environment if we won't need it. */
+    if (dbc->disable_last_success && dbc->disable_lockout) {
+        mdb_env_close(dbc->lockout_env);
+        dbc->lockout_env = NULL;
+        dbc->lockout_db = 0;
+    }
+
+    return 0;
+
+lmdb_error:
+    ret = klerr(context, err, _("LMDB create error"));
+error:
+    mdb_txn_abort(txn);
+    klmdb_fini(context);
+    return ret;
+}
+
+/* Unlink the "-lock" extension of path. */
+static krb5_error_code
+unlink_lock_file(krb5_context context, const char *path)
+{
+    char *lock_path;
+    int st;
+
+    if (asprintf(&lock_path, "%s-lock", path) < 0)
+        return ENOMEM;
+    st = unlink(lock_path);
+    if (st)
+        k5_prependmsg(context, st, _("Could not unlink %s"), lock_path);
+    free(lock_path);
+    return st;
+}
+
+static krb5_error_code
+klmdb_destroy(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc;
+
+    if (context->dal_handle->db_context != NULL)
+        klmdb_fini(context);
+    ret = configure_context(context, conf_section, db_args);
+    if (ret)
+        goto cleanup;
+    dbc = context->dal_handle->db_context;
+
+    ret = destroy_file(dbc->path);
+    if (ret)
+        goto cleanup;
+    ret = unlink_lock_file(context, dbc->path);
+    if (ret)
+        goto cleanup;
+
+    ret = destroy_file(dbc->lockout_path);
+    if (ret)
+        goto cleanup;
+    ret = unlink_lock_file(context, dbc->lockout_path);
+
+cleanup:
+    klmdb_fini(context);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_get_principal(krb5_context context, krb5_const_principal searchfor,
+                    unsigned int flags, krb5_db_entry **entry_out)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    MDB_val key, val;
+    char *name = NULL;
+
+    *entry_out = NULL;
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    ret = krb5_unparse_name(context, searchfor, &name);
+    if (ret)
+        goto cleanup;
+
+    key.mv_data = name;
+    key.mv_size = strlen(name);
+    ret = fetch(context, dbc->princ_db, &key, &val);
+    if (ret)
+        goto cleanup;
+
+    ret = klmdb_decode_princ(context, name, strlen(name),
+                             val.mv_data, val.mv_size, entry_out);
+    if (ret)
+        goto cleanup;
+
+    fetch_lockout(context, &key, *entry_out);
+
+cleanup:
+    krb5_free_unparsed_name(context, name);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_put_principal(krb5_context context, krb5_db_entry *entry, char **db_args)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    MDB_val key, val, dummy;
+    MDB_txn *txn = NULL;
+    uint8_t lockout[LOCKOUT_RECORD_LEN], *enc;
+    size_t len;
+    char *name = NULL;
+    int err;
+
+    if (db_args != NULL) {
+        /* This module does not support DB arguments for put_principal. */
+        k5_setmsg(context, EINVAL, _("Unsupported argument \"%s\" for lmdb"),
+                  db_args[0]);
+        return EINVAL;
+    }
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    ret = krb5_unparse_name(context, entry->princ, &name);
+    if (ret)
+        goto cleanup;
+
+    ret = klmdb_encode_princ(context, entry, &enc, &len);
+    if (ret)
+        goto cleanup;
+    ret = put(context, dbc->princ_db, name, enc, len, FALSE, FALSE);
+    free(enc);
+    if (ret)
+        goto cleanup;
+
+    /*
+     * Write the lockout attributes to the lockout database if we are using
+     * one.  During a load operation, changes to lockout attributes will become
+     * visible before the load is finished, which is an acceptable compromise
+     * on load atomicity.
+     */
+    if (dbc->lockout_env != NULL &&
+        (entry->mask & (LOCKOUT_MASK | KADM5_PRINCIPAL))) {
+        key.mv_data = name;
+        key.mv_size = strlen(name);
+        klmdb_encode_princ_lockout(context, entry, lockout);
+        val.mv_data = lockout;
+        val.mv_size = sizeof(lockout);
+        err = mdb_txn_begin(dbc->lockout_env, NULL, 0, &txn);
+        if (!err && dbc->merge_nra) {
+            /* During an iprop load, do not change existing lockout entries. */
+            if (mdb_get(txn, dbc->lockout_db, &key, &dummy) == 0)
+                goto cleanup;
+        }
+        if (!err)
+            err = mdb_put(txn, dbc->lockout_db, &key, &val, 0);
+        if (!err) {
+            err = mdb_txn_commit(txn);
+            txn = NULL;
+        }
+        if (err) {
+            ret = klerr(context, err, _("LMDB lockout write failure"));
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    mdb_txn_abort(txn);
+    krb5_free_unparsed_name(context, name);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_delete_principal(krb5_context context, krb5_const_principal searchfor)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    char *name;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    ret = krb5_unparse_name(context, searchfor, &name);
+    if (ret)
+        return ret;
+
+    ret = del(context, dbc->env, dbc->princ_db, name);
+    if (!ret && dbc->lockout_env != NULL)
+        (void)del(context, dbc->lockout_env, dbc->lockout_db, name);
+
+    krb5_free_unparsed_name(context, name);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_iterate(krb5_context context, char *match_expr,
+              krb5_error_code (*func)(void *, krb5_db_entry *), void *arg,
+              krb5_flags iterflags)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    krb5_db_entry *entry;
+    MDB_txn *txn = NULL;
+    MDB_cursor *cursor = NULL;
+    MDB_val key, val;
+    MDB_cursor_op op = (iterflags & KRB5_DB_ITER_REV) ? MDB_PREV : MDB_NEXT;
+    int err;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    err = mdb_txn_begin(dbc->env, NULL, MDB_RDONLY, &txn);
+    if (err)
+        goto lmdb_error;
+    err = mdb_cursor_open(txn, dbc->princ_db, &cursor);
+    if (err)
+        goto lmdb_error;
+    for (;;) {
+        err = mdb_cursor_get(cursor, &key, &val, op);
+        if (err == MDB_NOTFOUND)
+            break;
+        if (err)
+            goto lmdb_error;
+        ret = klmdb_decode_princ(context, key.mv_data, key.mv_size,
+                                 val.mv_data, val.mv_size, &entry);
+        if (ret)
+            goto cleanup;
+        fetch_lockout(context, &key, entry);
+        ret = (*func)(arg, entry);
+        krb5_db_free_principal(context, entry);
+        if (ret)
+            goto cleanup;
+    }
+    ret = 0;
+    goto cleanup;
+
+lmdb_error:
+    ret = klerr(context, err, _("LMDB principal iteration failure"));
+cleanup:
+    mdb_cursor_close(cursor);
+    mdb_txn_abort(txn);
+    return ret;
+}
+
+krb5_error_code
+klmdb_get_policy(krb5_context context, char *name, osa_policy_ent_t *policy)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    MDB_val key, val;
+
+    *policy = NULL;
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    key.mv_data = name;
+    key.mv_size = strlen(name);
+    ret = fetch(context, dbc->policy_db, &key, &val);
+    if (ret)
+        return ret;
+    return klmdb_decode_policy(context, name, strlen(name),
+                               val.mv_data, val.mv_size, policy);
+}
+
+static krb5_error_code
+klmdb_create_policy(krb5_context context, osa_policy_ent_t policy)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    uint8_t *enc;
+    size_t len;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    ret = klmdb_encode_policy(context, policy, &enc, &len);
+    if (ret)
+        return ret;
+    ret = put(context, dbc->policy_db, policy->name, enc, len, TRUE, FALSE);
+    free(enc);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_put_policy(krb5_context context, osa_policy_ent_t policy)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    uint8_t *enc;
+    size_t len;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    ret = klmdb_encode_policy(context, policy, &enc, &len);
+    if (ret)
+        return ret;
+    ret = put(context, dbc->policy_db, policy->name, enc, len, FALSE, TRUE);
+    free(enc);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_iter_policy(krb5_context context, char *match_entry,
+                  osa_adb_iter_policy_func func, void *arg)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    osa_policy_ent_t pol;
+    MDB_txn *txn = NULL;
+    MDB_cursor *cursor = NULL;
+    MDB_val key, val;
+    int err;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+
+    err = mdb_txn_begin(dbc->env, NULL, MDB_RDONLY, &txn);
+    if (err)
+        goto lmdb_error;
+    err = mdb_cursor_open(txn, dbc->policy_db, &cursor);
+    if (err)
+        goto lmdb_error;
+    for (;;) {
+        err = mdb_cursor_get(cursor, &key, &val, MDB_NEXT);
+        if (err == MDB_NOTFOUND)
+            break;
+        if (err)
+            goto lmdb_error;
+        ret = klmdb_decode_policy(context, key.mv_data, key.mv_size,
+                                  val.mv_data, val.mv_size, &pol);
+        if (ret)
+            goto cleanup;
+        (*func)(arg, pol);
+        krb5_db_free_policy(context, pol);
+    }
+    ret = 0;
+    goto cleanup;
+
+lmdb_error:
+    ret = klerr(context, err, _("LMDB policy iteration failure"));
+cleanup:
+    mdb_cursor_close(cursor);
+    mdb_txn_abort(txn);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_delete_policy(krb5_context context, char *policy)
+{
+    klmdb_context *dbc = context->dal_handle->db_context;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+    return del(context, dbc->env, dbc->policy_db, policy);
+}
+
+static krb5_error_code
+klmdb_promote_db(krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code ret = 0;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    int err;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+    if (dbc->load_txn == NULL)
+        return EINVAL;
+    err = mdb_txn_commit(dbc->load_txn);
+    dbc->load_txn = NULL;
+    if (err)
+        ret = klerr(context, err, _("LMDB transaction commit failure"));
+    klmdb_fini(context);
+    return ret;
+}
+
+static krb5_error_code
+klmdb_check_policy_as(krb5_context context, krb5_kdc_req *request,
+                      krb5_db_entry *client, krb5_db_entry *server,
+                      krb5_timestamp kdc_time, const char **status,
+                      krb5_pa_data ***e_data)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+
+    if (dbc->disable_lockout)
+        return 0;
+
+    ret = klmdb_lockout_check_policy(context, client, kdc_time);
+    if (ret == KRB5KDC_ERR_CLIENT_REVOKED)
+        *status = "LOCKED_OUT";
+    return ret;
+}
+
+static void
+klmdb_audit_as_req(krb5_context context, krb5_kdc_req *request,
+                   const krb5_address *local_addr,
+                   const krb5_address *remote_addr, krb5_db_entry *client,
+                   krb5_db_entry *server, krb5_timestamp authtime,
+                   krb5_error_code status)
+{
+    klmdb_context *dbc = context->dal_handle->db_context;
+
+    (void)klmdb_lockout_audit(context, client, authtime, status,
+                              dbc->disable_last_success, dbc->disable_lockout);
+}
+
+krb5_error_code
+klmdb_update_lockout(krb5_context context, krb5_db_entry *entry,
+                     krb5_timestamp stamp, krb5_boolean zero_fail_count,
+                     krb5_boolean set_last_success,
+                     krb5_boolean set_last_failure)
+{
+    krb5_error_code ret;
+    klmdb_context *dbc = context->dal_handle->db_context;
+    krb5_db_entry dummy = { 0 };
+    uint8_t lockout[LOCKOUT_RECORD_LEN];
+    MDB_txn *txn = NULL;
+    MDB_val key, val;
+    char *name = NULL;
+    int err;
+
+    if (dbc == NULL)
+        return KRB5_KDB_DBNOTINITED;
+    if (dbc->lockout_env == NULL)
+        return 0;
+    if (!zero_fail_count && !set_last_success && !set_last_failure)
+        return 0;
+
+    ret = krb5_unparse_name(context, entry->princ, &name);
+    if (ret)
+        goto cleanup;
+    key.mv_data = name;
+    key.mv_size = strlen(name);
+
+    err = mdb_txn_begin(dbc->lockout_env, NULL, 0, &txn);
+    if (err)
+        goto lmdb_error;
+    /* Fetch base lockout info within txn so we update transactionally. */
+    err = mdb_get(txn, dbc->lockout_db, &key, &val);
+    if (!err && val.mv_size >= LOCKOUT_RECORD_LEN) {
+        klmdb_decode_princ_lockout(context, &dummy, val.mv_data);
+    } else {
+        dummy.last_success = entry->last_success;
+        dummy.last_failed = entry->last_failed;
+        dummy.fail_auth_count = entry->fail_auth_count;
+    }
+
+    if (zero_fail_count)
+        dummy.fail_auth_count = 0;
+    if (set_last_success)
+        dummy.last_success = stamp;
+    if (set_last_failure) {
+        dummy.last_failed = stamp;
+        dummy.fail_auth_count++;
+    }
+
+    klmdb_encode_princ_lockout(context, &dummy, lockout);
+    val.mv_data = lockout;
+    val.mv_size = sizeof(lockout);
+    err = mdb_put(txn, dbc->lockout_db, &key, &val, 0);
+    if (err)
+        goto lmdb_error;
+    err = mdb_txn_commit(txn);
+    txn = NULL;
+    if (err)
+        goto lmdb_error;
+    goto cleanup;
+
+lmdb_error:
+    ret = klerr(context, err, _("LMDB lockout update failure"));
+cleanup:
+    krb5_free_unparsed_name(context, name);
+    mdb_txn_abort(txn);
+    return 0;
+}
+
+kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_lmdb, kdb_function_table) = {
+    .maj_ver = KRB5_KDB_DAL_MAJOR_VERSION,
+    .min_ver = 0,
+    .init_library = klmdb_lib_init,
+    .fini_library = klmdb_lib_cleanup,
+    .init_module = klmdb_open,
+    .fini_module = klmdb_fini,
+    .create = klmdb_create,
+    .destroy = klmdb_destroy,
+    .get_principal = klmdb_get_principal,
+    .put_principal = klmdb_put_principal,
+    .delete_principal = klmdb_delete_principal,
+    .iterate = klmdb_iterate,
+    .create_policy = klmdb_create_policy,
+    .get_policy = klmdb_get_policy,
+    .put_policy = klmdb_put_policy,
+    .iter_policy = klmdb_iter_policy,
+    .delete_policy = klmdb_delete_policy,
+    .promote_db = klmdb_promote_db,
+    .check_policy_as = klmdb_check_policy_as,
+    .audit_as_req = klmdb_audit_as_req
+};
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/klmdb-int.h b/krb5-1.21.3/src/plugins/kdb/lmdb/klmdb-int.h
new file mode 100644
index 00000000..29bceae6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/klmdb-int.h
@@ -0,0 +1,78 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/lmdb/klmdb-int.h - internal declarations for LMDB KDB module */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef LMDB_INT_H
+#define LMDB_INT_H
+
+/* Length of a principal lockout record (three 32-bit fields) */
+#define LOCKOUT_RECORD_LEN 12
+
+krb5_error_code klmdb_encode_princ(krb5_context context,
+                                   const krb5_db_entry *entry,
+                                   uint8_t **enc_out, size_t *len_out);
+void klmdb_encode_princ_lockout(krb5_context context,
+                                const krb5_db_entry *entry,
+                                uint8_t buf[LOCKOUT_RECORD_LEN]);
+krb5_error_code klmdb_encode_policy(krb5_context context,
+                                    const osa_policy_ent_rec *pol,
+                                    uint8_t **enc_out, size_t *len_out);
+
+krb5_error_code klmdb_decode_princ(krb5_context context,
+                                   const void *key, size_t key_len,
+                                   const void *enc, size_t enc_len,
+                                   krb5_db_entry **entry_out);
+void klmdb_decode_princ_lockout(krb5_context context, krb5_db_entry *entry,
+                                const uint8_t buf[LOCKOUT_RECORD_LEN]);
+krb5_error_code klmdb_decode_policy(krb5_context context,
+                                    const void *key, size_t key_len,
+                                    const void *enc, size_t enc_len,
+                                    osa_policy_ent_t *pol_out);
+
+krb5_error_code klmdb_lockout_check_policy(krb5_context context,
+                                           krb5_db_entry *entry,
+                                           krb5_timestamp stamp);
+krb5_error_code klmdb_lockout_audit(krb5_context context, krb5_db_entry *entry,
+                                    krb5_timestamp stamp,
+                                    krb5_error_code status,
+                                    krb5_boolean disable_last_success,
+                                    krb5_boolean disable_lockout);
+krb5_error_code klmdb_update_lockout(krb5_context context,
+                                     krb5_db_entry *entry,
+                                     krb5_timestamp stamp,
+                                     krb5_boolean zero_fail_count,
+                                     krb5_boolean set_last_success,
+                                     krb5_boolean set_last_failure);
+
+krb5_error_code klmdb_get_policy(krb5_context context, char *name,
+                                 osa_policy_ent_t *policy);
+
+#endif /* LMDB_INT_H */
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/klmdb.exports b/krb5-1.21.3/src/plugins/kdb/lmdb/klmdb.exports
new file mode 100644
index 00000000..f2b7c111
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/klmdb.exports
@@ -0,0 +1 @@
+kdb_function_table
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/lockout.c b/krb5-1.21.3/src/plugins/kdb/lmdb/lockout.c
new file mode 100644
index 00000000..380d8b30
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/lockout.c
@@ -0,0 +1,180 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/lmdb/lockout.c */
+/*
+ * Copyright (C) 2009, 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include <kadm5/server_internal.h>
+#include "kdb5.h"
+#include "klmdb-int.h"
+
+static krb5_error_code
+lookup_lockout_policy(krb5_context context, krb5_db_entry *entry,
+                      krb5_kvno *pw_max_fail, krb5_deltat *pw_failcnt_interval,
+                      krb5_deltat *pw_lockout_duration)
+{
+    krb5_tl_data tl_data;
+    krb5_error_code code;
+    osa_princ_ent_rec adb;
+    XDR xdrs;
+
+    *pw_max_fail = 0;
+    *pw_failcnt_interval = 0;
+    *pw_lockout_duration = 0;
+
+    tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+
+    code = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
+    if (code != 0 || tl_data.tl_data_length == 0)
+        return code;
+
+    memset(&adb, 0, sizeof(adb));
+    xdrmem_create(&xdrs, (char *)tl_data.tl_data_contents,
+                  tl_data.tl_data_length, XDR_DECODE);
+    if (!xdr_osa_princ_ent_rec(&xdrs, &adb)) {
+        xdr_destroy(&xdrs);
+        return KADM5_XDR_FAILURE;
+    }
+
+    if (adb.policy != NULL) {
+        osa_policy_ent_t policy = NULL;
+
+        code = klmdb_get_policy(context, adb.policy, &policy);
+        if (code == 0) {
+            *pw_max_fail = policy->pw_max_fail;
+            *pw_failcnt_interval = policy->pw_failcnt_interval;
+            *pw_lockout_duration = policy->pw_lockout_duration;
+            krb5_db_free_policy(context, policy);
+        }
+    }
+
+    xdr_destroy(&xdrs);
+
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+    xdr_osa_princ_ent_rec(&xdrs, &adb);
+    xdr_destroy(&xdrs);
+
+    return 0;
+}
+
+/* draft-behera-ldap-password-policy-10.txt 7.1 */
+static krb5_boolean
+locked_check_p(krb5_context context, krb5_timestamp stamp, krb5_kvno max_fail,
+               krb5_timestamp lockout_duration, krb5_db_entry *entry)
+{
+    krb5_timestamp unlock_time;
+
+    /* If the entry was unlocked since the last failure, it's not locked. */
+    if (krb5_dbe_lookup_last_admin_unlock(context, entry, &unlock_time) == 0 &&
+        !ts_after(entry->last_failed, unlock_time))
+        return FALSE;
+
+    if (max_fail == 0 || entry->fail_auth_count < max_fail)
+        return FALSE;
+
+    if (lockout_duration == 0)
+        return TRUE; /* principal permanently locked */
+
+    return ts_after(ts_incr(entry->last_failed, lockout_duration), stamp);
+}
+
+krb5_error_code
+klmdb_lockout_check_policy(krb5_context context, krb5_db_entry *entry,
+                           krb5_timestamp stamp)
+{
+    krb5_error_code code;
+    krb5_kvno max_fail = 0;
+    krb5_deltat failcnt_interval = 0;
+    krb5_deltat lockout_duration = 0;
+
+    code = lookup_lockout_policy(context, entry, &max_fail, &failcnt_interval,
+                                 &lockout_duration);
+    if (code != 0)
+        return code;
+
+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+        return KRB5KDC_ERR_CLIENT_REVOKED;
+
+    return 0;
+}
+
+krb5_error_code
+klmdb_lockout_audit(krb5_context context, krb5_db_entry *entry,
+                    krb5_timestamp stamp, krb5_error_code status,
+                    krb5_boolean disable_last_success,
+                    krb5_boolean disable_lockout)
+{
+    krb5_error_code ret;
+    krb5_kvno max_fail = 0;
+    krb5_deltat failcnt_interval = 0, lockout_duration = 0;
+    krb5_boolean zero_fail_count = FALSE;
+    krb5_boolean set_last_success = FALSE, set_last_failure = FALSE;
+    krb5_timestamp unlock_time;
+
+    if (status != 0 && status != KRB5KDC_ERR_PREAUTH_FAILED &&
+        status != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+        return 0;
+
+    if (!disable_lockout) {
+        ret = lookup_lockout_policy(context, entry, &max_fail,
+                                    &failcnt_interval, &lockout_duration);
+        if (ret)
+            return ret;
+    }
+
+    /*
+     * Don't continue to modify the DB for an already locked account.
+     * (In most cases, status will be KRB5KDC_ERR_CLIENT_REVOKED, and
+     * this check is unneeded, but in rare cases, we can fail with an
+     * integrity error or preauth failure before a policy check.)
+     */
+    if (locked_check_p(context, stamp, max_fail, lockout_duration, entry))
+        return 0;
+
+    /* Only mark the authentication as successful if the entry
+     * required preauthentication; otherwise we have no idea. */
+    if (status == 0 && (entry->attributes & KRB5_KDB_REQUIRES_PRE_AUTH)) {
+        if (!disable_lockout && entry->fail_auth_count != 0)
+            zero_fail_count = TRUE;
+        if (!disable_last_success)
+            set_last_success = TRUE;
+    } else if (status != 0 && !disable_lockout) {
+        /* Reset the failure counter after an administrative unlock. */
+        if (krb5_dbe_lookup_last_admin_unlock(context, entry,
+                                              &unlock_time) == 0 &&
+            !ts_after(entry->last_failed, unlock_time))
+            zero_fail_count = TRUE;
+
+        /* Reset the failure counter after failcnt_interval. */
+        if (failcnt_interval != 0 &&
+            ts_after(stamp, ts_incr(entry->last_failed, failcnt_interval)))
+            zero_fail_count = TRUE;
+
+        set_last_failure = TRUE;
+    }
+
+    return klmdb_update_lockout(context, entry, stamp, zero_fail_count,
+                                set_last_success, set_last_failure);
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/lmdb/marshal.c b/krb5-1.21.3/src/plugins/kdb/lmdb/marshal.c
new file mode 100644
index 00000000..433bb816
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/lmdb/marshal.c
@@ -0,0 +1,321 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/kdb/kdb_xdr.c */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-input.h"
+#include <kdb.h>
+#include "klmdb-int.h"
+
+static void
+put_tl_data(struct k5buf *buf, const krb5_tl_data *tl)
+{
+    for (; tl != NULL; tl = tl->tl_data_next) {
+        k5_buf_add_uint16_le(buf, tl->tl_data_type);
+        k5_buf_add_uint16_le(buf, tl->tl_data_length);
+        k5_buf_add_len(buf, tl->tl_data_contents, tl->tl_data_length);
+    }
+}
+
+krb5_error_code
+klmdb_encode_princ(krb5_context context, const krb5_db_entry *entry,
+                   uint8_t **enc_out, size_t *len_out)
+{
+    struct k5buf buf;
+    const krb5_key_data *kd;
+    int i, j;
+
+    *enc_out = NULL;
+    *len_out = 0;
+
+    k5_buf_init_dynamic(&buf);
+
+    k5_buf_add_uint32_le(&buf, entry->attributes);
+    k5_buf_add_uint32_le(&buf, entry->max_life);
+    k5_buf_add_uint32_le(&buf, entry->max_renewable_life);
+    k5_buf_add_uint32_le(&buf, entry->expiration);
+    k5_buf_add_uint32_le(&buf, entry->pw_expiration);
+    k5_buf_add_uint16_le(&buf, entry->n_tl_data);
+    k5_buf_add_uint16_le(&buf, entry->n_key_data);
+    put_tl_data(&buf, entry->tl_data);
+    for (i = 0; i < entry->n_key_data; i++) {
+        kd = &entry->key_data[i];
+        k5_buf_add_uint16_le(&buf, kd->key_data_ver);
+        k5_buf_add_uint16_le(&buf, kd->key_data_kvno);
+        for (j = 0; j < kd->key_data_ver; j++) {
+            k5_buf_add_uint16_le(&buf, kd->key_data_type[j]);
+            k5_buf_add_uint16_le(&buf, kd->key_data_length[j]);
+            if (kd->key_data_length[j] > 0) {
+                k5_buf_add_len(&buf, kd->key_data_contents[j],
+                               kd->key_data_length[j]);
+            }
+        }
+    }
+
+    if (k5_buf_status(&buf) != 0)
+        return ENOMEM;
+
+    *enc_out = buf.data;
+    *len_out = buf.len;
+    return 0;
+}
+
+void
+klmdb_encode_princ_lockout(krb5_context context, const krb5_db_entry *entry,
+                           uint8_t buf[LOCKOUT_RECORD_LEN])
+{
+    store_32_le(entry->last_success, buf);
+    store_32_le(entry->last_failed, buf + 4);
+    store_32_le(entry->fail_auth_count, buf + 8);
+}
+
+krb5_error_code
+klmdb_encode_policy(krb5_context context, const osa_policy_ent_rec *pol,
+                    uint8_t **enc_out, size_t *len_out)
+{
+    struct k5buf buf;
+
+    *enc_out = NULL;
+    *len_out = 0;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_uint32_le(&buf, pol->pw_min_life);
+    k5_buf_add_uint32_le(&buf, pol->pw_max_life);
+    k5_buf_add_uint32_le(&buf, pol->pw_min_length);
+    k5_buf_add_uint32_le(&buf, pol->pw_min_classes);
+    k5_buf_add_uint32_le(&buf, pol->pw_history_num);
+    k5_buf_add_uint32_le(&buf, pol->pw_max_fail);
+    k5_buf_add_uint32_le(&buf, pol->pw_failcnt_interval);
+    k5_buf_add_uint32_le(&buf, pol->pw_lockout_duration);
+    k5_buf_add_uint32_le(&buf, pol->attributes);
+    k5_buf_add_uint32_le(&buf, pol->max_life);
+    k5_buf_add_uint32_le(&buf, pol->max_renewable_life);
+
+    if (pol->allowed_keysalts == NULL) {
+        k5_buf_add_uint32_le(&buf, 0);
+    } else {
+        k5_buf_add_uint32_le(&buf, strlen(pol->allowed_keysalts));
+        k5_buf_add(&buf, pol->allowed_keysalts);
+    }
+
+    k5_buf_add_uint16_le(&buf, pol->n_tl_data);
+    put_tl_data(&buf, pol->tl_data);
+
+    if (k5_buf_status(&buf) != 0)
+        return ENOMEM;
+
+    *enc_out = buf.data;
+    *len_out = buf.len;
+    return 0;
+}
+
+static krb5_error_code
+get_tl_data(struct k5input *in, size_t count, krb5_tl_data **tl)
+{
+    krb5_error_code ret;
+    const uint8_t *contents;
+    size_t i, len;
+
+    for (i = 0; i < count; i++) {
+        *tl = k5alloc(sizeof(**tl), &ret);
+        if (*tl == NULL)
+            return ret;
+        (*tl)->tl_data_type = k5_input_get_uint16_le(in);
+        len = (*tl)->tl_data_length = k5_input_get_uint16_le(in);
+        contents = k5_input_get_bytes(in, len);
+        if (contents == NULL)
+            return KRB5_KDB_TRUNCATED_RECORD;
+        (*tl)->tl_data_contents = k5memdup(contents, len, &ret);
+        if ((*tl)->tl_data_contents == NULL)
+            return ret;
+        tl = &(*tl)->tl_data_next;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+klmdb_decode_princ(krb5_context context, const void *key, size_t key_len,
+                   const void *enc, size_t enc_len, krb5_db_entry **entry_out)
+{
+    krb5_error_code ret;
+    struct k5input in;
+    krb5_db_entry *entry = NULL;
+    char *princname = NULL;
+    const uint8_t *contents;
+    int i, j;
+    size_t len;
+    krb5_key_data *kd;
+
+    *entry_out = NULL;
+
+    entry = k5alloc(sizeof(*entry), &ret);
+    if (entry == NULL)
+        goto cleanup;
+
+    princname = k5memdup0(key, key_len, &ret);
+    if (princname == NULL)
+        goto cleanup;
+    ret = krb5_parse_name(context, princname, &entry->princ);
+    if (ret)
+        goto cleanup;
+
+    k5_input_init(&in, enc, enc_len);
+    entry->attributes = k5_input_get_uint32_le(&in);
+    entry->max_life = k5_input_get_uint32_le(&in);
+    entry->max_renewable_life = k5_input_get_uint32_le(&in);
+    entry->expiration = k5_input_get_uint32_le(&in);
+    entry->pw_expiration = k5_input_get_uint32_le(&in);
+    entry->n_tl_data = k5_input_get_uint16_le(&in);
+    entry->n_key_data = k5_input_get_uint16_le(&in);
+    if (entry->n_tl_data < 0 || entry->n_key_data < 0) {
+        ret = KRB5_KDB_TRUNCATED_RECORD;
+        goto cleanup;
+    }
+
+    ret = get_tl_data(&in, entry->n_tl_data, &entry->tl_data);
+    if (ret)
+        goto cleanup;
+
+    if (entry->n_key_data > 0) {
+        entry->key_data = k5calloc(entry->n_key_data, sizeof(*entry->key_data),
+                                   &ret);
+        if (entry->key_data == NULL)
+            goto cleanup;
+    }
+    for (i = 0; i < entry->n_key_data; i++) {
+        kd = &entry->key_data[i];
+        kd->key_data_ver = k5_input_get_uint16_le(&in);
+        kd->key_data_kvno = k5_input_get_uint16_le(&in);
+        if (kd->key_data_ver < 0 &&
+            kd->key_data_ver > KRB5_KDB_V1_KEY_DATA_ARRAY) {
+            ret = KRB5_KDB_BAD_VERSION;
+            goto cleanup;
+        }
+        for (j = 0; j < kd->key_data_ver; j++) {
+            kd->key_data_type[j] = k5_input_get_uint16_le(&in);
+            len = kd->key_data_length[j] = k5_input_get_uint16_le(&in);
+            contents = k5_input_get_bytes(&in, len);
+            if (contents == NULL) {
+                ret = KRB5_KDB_TRUNCATED_RECORD;
+                goto cleanup;
+            }
+            if (len > 0) {
+                kd->key_data_contents[j] = k5memdup(contents, len, &ret);
+                if (kd->key_data_contents[j] == NULL)
+                    goto cleanup;
+            }
+        }
+    }
+
+    ret = in.status;
+    if (ret)
+        goto cleanup;
+
+    entry->len = KRB5_KDB_V1_BASE_LENGTH;
+    *entry_out = entry;
+    entry = NULL;
+
+cleanup:
+    free(princname);
+    krb5_db_free_principal(context, entry);
+    return ret;
+}
+
+void
+klmdb_decode_princ_lockout(krb5_context context, krb5_db_entry *entry,
+                           const uint8_t buf[LOCKOUT_RECORD_LEN])
+{
+    entry->last_success = load_32_le(buf);
+    entry->last_failed = load_32_le(buf + 4);
+    entry->fail_auth_count = load_32_le(buf + 8);
+}
+
+krb5_error_code
+klmdb_decode_policy(krb5_context context, const void *key, size_t key_len,
+                    const void *enc, size_t enc_len, osa_policy_ent_t *pol_out)
+{
+    krb5_error_code ret;
+    osa_policy_ent_t pol = NULL;
+    struct k5input in;
+    const char *str;
+    size_t len;
+
+    *pol_out = NULL;
+    pol = k5alloc(sizeof(*pol), &ret);
+    if (pol == NULL)
+        goto error;
+
+    pol->name = k5memdup0(key, key_len, &ret);
+    if (pol->name == NULL)
+        goto error;
+
+    k5_input_init(&in, enc, enc_len);
+    pol->pw_min_life = k5_input_get_uint32_le(&in);
+    pol->pw_max_life = k5_input_get_uint32_le(&in);
+    pol->pw_min_length = k5_input_get_uint32_le(&in);
+    pol->pw_min_classes = k5_input_get_uint32_le(&in);
+    pol->pw_history_num = k5_input_get_uint32_le(&in);
+    pol->pw_max_fail = k5_input_get_uint32_le(&in);
+    pol->pw_failcnt_interval = k5_input_get_uint32_le(&in);
+    pol->pw_lockout_duration = k5_input_get_uint32_le(&in);
+    pol->attributes = k5_input_get_uint32_le(&in);
+    pol->max_life = k5_input_get_uint32_le(&in);
+    pol->max_renewable_life = k5_input_get_uint32_le(&in);
+
+    len = k5_input_get_uint32_le(&in);
+    if (len > 0) {
+        str = (char *)k5_input_get_bytes(&in, len);
+        if (str == NULL) {
+            ret = KRB5_KDB_TRUNCATED_RECORD;
+            goto error;
+        }
+        pol->allowed_keysalts = k5memdup0(str, len, &ret);
+        if (pol->allowed_keysalts == NULL)
+            goto error;
+    }
+
+    pol->n_tl_data = k5_input_get_uint16_le(&in);
+    ret = get_tl_data(&in, pol->n_tl_data, &pol->tl_data);
+    if (ret)
+        goto error;
+
+    ret = in.status;
+    if (ret)
+        goto error;
+
+    *pol_out = pol;
+    return 0;
+
+error:
+    krb5_db_free_policy(context, pol);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/plugins/kdb/test/Makefile.in b/krb5-1.21.3/src/plugins/kdb/test/Makefile.in
new file mode 100644
index 00000000..90060231
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/test/Makefile.in
@@ -0,0 +1,21 @@
+mydir=plugins$(S)kdb$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kdb/test
+SHLIB_EXPDEPS=$(KADMSRV_DEPLIB) $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+LOCALINCLUDES=-I../../../lib/kdb -I$(srcdir)/../../../lib/kdb
+
+SRCS = $(srcdir)/kdb_test.c
+
+STLIBOBJS = kdb_test.o
+
+all-unix: all-liblinks
+install-unix:
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/kdb/test/deps b/krb5-1.21.3/src/plugins/kdb/test/deps
new file mode 100644
index 00000000..fcd40b65
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/test/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+kdb_test.so kdb_test.po $(OUTPRE)kdb_test.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_test.c
diff --git a/krb5-1.21.3/src/plugins/kdb/test/kdb_test.c b/krb5-1.21.3/src/plugins/kdb/test/kdb_test.c
new file mode 100644
index 00000000..f4d4380d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/test/kdb_test.c
@@ -0,0 +1,820 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/kdb/test/kdb_test.c - Test KDB module */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is a read-only KDB module intended to help test KDC behavior which
+ * cannot be exercised with the DB2 module.  Responses are read from the
+ * dbmodules subsection according to this example:
+ *
+ *     [dbmodules]
+ *         test = {
+ *             alias = {
+ *                 aliasname = canonname
+ *                 # For cross-realm aliases, only the realm part will
+ *                 # matter to the client.
+ *                 aliasname = @FOREIGN_REALM
+ *                 enterprise@PRINC = @FOREIGN_REALM
+ *             }
+ *             princs = {
+ *                 krbtgt/KRBTEST.COM = {
+ *                     flags = +preauth +ok-to-auth-as-delegate
+ *                     maxlife = 1d
+ *                     maxrenewlife = 7d
+ *                     expiration = 14d # relative to current time
+ *                     pwexpiration = 1h
+ *                     # Initial number is kvno; defaults to 1.
+ *                     keys = 3 aes256-cts aes128-cts:normal
+ *                     keys = 2 rc4-hmac
+ *                     strings = key1:value1
+ *                     strings = key2:value2
+ *                 }
+ *             }
+ *             delegation = {
+ *                 # Traditional constrained delegation; target_service
+ *                 # must be in the same realm.
+ *                 intermediate_service = target_service
+ *             }
+ *             rbcd = {
+ *                 # Resource-based constrained delegation;
+ *                 # intermediate_service may be in a different realm.
+ *                 target_service = intermediate_service
+ *             }
+ *         }
+ *
+ * Key values are generated using a hash of the kvno, enctype, salt type,
+ * principal name, and lookup realm.  This module does not use master key
+ * encryption, so it serves as a partial test of the DAL's ability to avoid
+ * that.
+ *
+ * Inbound cross-realm TGT entries are currently implicit; they will use the
+ * same configuration and key enctypes as the local krbtgt principal, although
+ * they will use different keys (because the lookup realm is hashed in).
+ * Outgoing cross-realm TGT entries must be added explicitly
+ * (krbtgt/OTHER_REALM).
+ */
+
+#include "k5-int.h"
+#include "kdb5.h"
+#include "adm_proto.h"
+#include <ctype.h>
+
+#define TEST_AD_TYPE -456
+
+#define IS_TGS_PRINC(p) ((p)->length == 2 &&                            \
+                         data_eq_string((p)->data[0], KRB5_TGS_NAME))
+
+typedef struct {
+    void *profile;
+    char *section;
+    const char *names[6];
+} *testhandle;
+
+static void *
+ealloc(size_t sz)
+{
+    void *p = calloc(sz, 1);
+
+    if (p == NULL)
+        abort();
+    return p;
+}
+
+static char *
+estrdup(const char *s)
+{
+    char *copy = strdup(s);
+
+    if (copy == NULL)
+        abort();
+    return copy;
+}
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0)
+        abort();
+}
+
+/* Set up for a profile query using h->names.  Look up s1 -> s2 -> s3 (some of
+ * which may be NULL) within this database's dbmodules section. */
+static void
+set_names(testhandle h, const char *s1, const char *s2, const char *s3)
+{
+    h->names[0] = KDB_MODULE_SECTION;
+    h->names[1] = h->section;
+    h->names[2] = s1;
+    h->names[3] = s2;
+    h->names[4] = s3;
+    h->names[5] = NULL;
+}
+
+/* Look up a string within this database's dbmodules section. */
+static char *
+get_string(testhandle h, const char *s1, const char *s2, const char *s3)
+{
+    krb5_error_code ret;
+    char **values, *val;
+
+    set_names(h, s1, s2, s3);
+    ret = profile_get_values(h->profile, h->names, &values);
+    if (ret == PROF_NO_RELATION)
+        return NULL;
+    if (ret)
+        abort();
+    val = estrdup(values[0]);
+    profile_free_list(values);
+    return val;
+}
+
+/* Look up a duration within this database's dbmodules section. */
+static krb5_deltat
+get_duration(testhandle h, const char *s1, const char *s2, const char *s3)
+{
+    char *strval = get_string(h, s1, s2, s3);
+    krb5_deltat val;
+
+    if (strval == NULL)
+        return 0;
+    check(krb5_string_to_deltat(strval, &val));
+    free(strval);
+    return val;
+}
+
+/* Look up an absolute time within this database's dbmodules section.  The time
+ * is expressed in the profile as an interval relative to the current time. */
+static krb5_timestamp
+get_time(testhandle h, const char *s1, const char *s2, const char *s3)
+{
+    char *strval = get_string(h, s1, s2, s3);
+    krb5_deltat val;
+
+    if (strval == NULL)
+        return 0;
+    check(krb5_string_to_deltat(strval, &val));
+    free(strval);
+    return val + time(NULL);
+}
+
+/* Initialize kb_out with a key of type etype, using a hash of kvno, etype,
+ * salttype, and princstr for the key bytes. */
+static void
+make_keyblock(krb5_kvno kvno, krb5_enctype etype, int32_t salttype,
+              const char *princstr, const krb5_data *realm,
+              krb5_keyblock *kb_out)
+{
+    size_t keybytes, keylength, pos, n;
+    char *hashstr;
+    krb5_data d, rndin;
+    krb5_checksum cksum;
+
+    check(krb5_c_keylengths(NULL, etype, &keybytes, &keylength));
+    alloc_data(&rndin, keybytes);
+
+    /* Hash the kvno, enctype, salt type, and principal name together. */
+    if (asprintf(&hashstr, "%d %d %d %s %.*s", (int)kvno, (int)etype,
+                 (int)salttype, princstr, (int)realm->length, realm->data) < 0)
+        abort();
+    d = string2data(hashstr);
+    check(krb5_c_make_checksum(NULL, CKSUMTYPE_SHA1, NULL, 0, &d, &cksum));
+
+    /* Make the appropriate number of input bytes from the hash result. */
+    for (pos = 0; pos < keybytes; pos += n) {
+        n = (cksum.length < keybytes - pos) ? cksum.length : keybytes - pos;
+        memcpy(rndin.data + pos, cksum.contents, n);
+    }
+
+    kb_out->enctype = etype;
+    kb_out->length = keylength;
+    kb_out->contents = ealloc(keylength);
+    check(krb5_c_random_to_key(NULL, etype, &rndin, kb_out));
+    free(cksum.contents);
+    free(rndin.data);
+    free(hashstr);
+}
+
+/* Return key data for the given key/salt tuple strings, using hashes of the
+ * enctypes, salts, and princstr for the key contents. */
+static void
+make_keys(char **strings, const char *princstr, const krb5_data *realm,
+          krb5_db_entry *ent)
+{
+    krb5_key_data *key_data, *kd;
+    krb5_keyblock kb;
+    int32_t *ks_list_sizes, nstrings, nkeys, i, j;
+    krb5_key_salt_tuple **ks_lists, *ks;
+    krb5_kvno *kvnos;
+    char *s;
+
+    for (nstrings = 0; strings[nstrings] != NULL; nstrings++);
+    ks_lists = ealloc(nstrings * sizeof(*ks_lists));
+    ks_list_sizes = ealloc(nstrings * sizeof(*ks_list_sizes));
+    kvnos = ealloc(nstrings * sizeof(*kvnos));
+
+    /* Convert each string into a key/salt tuple list and count the total
+     * number of key data structures needed. */
+    nkeys = 0;
+    for (i = 0; i < nstrings; i++) {
+        s = strings[i];
+        /* Read a leading kvno if present; otherwise assume kvno 1. */
+        if (isdigit(*s)) {
+            kvnos[i] = strtol(s, &s, 10);
+            while (isspace(*s))
+                s++;
+        } else {
+            kvnos[i] = 1;
+        }
+        check(krb5_string_to_keysalts(s, NULL, NULL, FALSE, &ks_lists[i],
+                                      &ks_list_sizes[i]));
+        nkeys += ks_list_sizes[i];
+    }
+
+    /* Turn each key/salt tuple into a key data entry. */
+    kd = key_data = ealloc(nkeys * sizeof(*kd));
+    for (i = 0; i < nstrings; i++) {
+        ks = ks_lists[i];
+        for (j = 0; j < ks_list_sizes[i]; j++) {
+            make_keyblock(kvnos[i], ks[j].ks_enctype, ks[j].ks_salttype,
+                          princstr, realm, &kb);
+            kd->key_data_ver = 2;
+            kd->key_data_kvno = kvnos[i];
+            kd->key_data_type[0] = ks[j].ks_enctype;
+            kd->key_data_length[0] = kb.length;
+            kd->key_data_contents[0] = kb.contents;
+            kd->key_data_type[1] = ks[j].ks_salttype;
+            kd++;
+        }
+    }
+
+    for (i = 0; i < nstrings; i++)
+        free(ks_lists[i]);
+    free(ks_lists);
+    free(ks_list_sizes);
+    free(kvnos);
+    ent->key_data = key_data;
+    ent->n_key_data = nkeys;
+}
+
+static void
+make_strings(char **stringattrs, krb5_db_entry *ent)
+{
+    struct k5buf buf;
+    char **p;
+    const char *str, *sep;
+    krb5_tl_data *tl;
+
+    k5_buf_init_dynamic(&buf);
+    for (p = stringattrs; *p != NULL; p++) {
+        str = *p;
+        sep = strchr(str, ':');
+        assert(sep != NULL);
+        k5_buf_add_len(&buf, str, sep - str);
+        k5_buf_add_len(&buf, "\0", 1);
+        k5_buf_add_len(&buf, sep + 1, strlen(sep + 1) + 1);
+    }
+    assert(buf.data != NULL);
+
+    tl = ealloc(sizeof(*ent->tl_data));
+    tl->tl_data_next = NULL;
+    tl->tl_data_type = KRB5_TL_STRING_ATTRS;
+    tl->tl_data_length = buf.len;
+    tl->tl_data_contents = buf.data;
+    ent->tl_data = tl;
+}
+
+static krb5_error_code
+test_init()
+{
+    return 0;
+}
+
+static krb5_error_code
+test_cleanup()
+{
+    return 0;
+}
+
+static krb5_error_code
+test_open(krb5_context context, char *conf_section, char **db_args, int mode)
+{
+    testhandle h;
+
+    h = ealloc(sizeof(*h));
+    h->profile = context->profile;
+    h->section = estrdup(conf_section);
+    context->dal_handle->db_context = h;
+    return 0;
+}
+
+static krb5_error_code
+test_close(krb5_context context)
+{
+    testhandle h = context->dal_handle->db_context;
+
+    free(h->section);
+    free(h);
+    return 0;
+}
+
+/* Return the principal name krbtgt/tgs_realm@our_realm. */
+static krb5_principal
+tgtname(krb5_context context, const krb5_data *tgs_realm,
+        const krb5_data *our_realm)
+{
+    krb5_principal princ;
+
+    check(krb5_build_principal_ext(context, &princ,
+                                   our_realm->length, our_realm->data,
+                                   KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                   tgs_realm->length, tgs_realm->data, 0));
+    princ->type = KRB5_NT_SRV_INST;
+    return princ;
+}
+
+/* Return true if search_for is within context's default realm or is an
+ * incoming cross-realm TGS name. */
+static krb5_boolean
+request_for_us(krb5_context context, krb5_const_principal search_for)
+{
+    char *defrealm;
+    krb5_data realm;
+    krb5_boolean for_us;
+    krb5_principal local_tgs;
+
+    check(krb5_get_default_realm(context, &defrealm));
+    realm = string2data(defrealm);
+    local_tgs = tgtname(context, &realm, &realm);
+    krb5_free_default_realm(context, defrealm);
+
+    for_us = krb5_realm_compare(context, local_tgs, search_for) ||
+        krb5_principal_compare_any_realm(context, local_tgs, search_for);
+    krb5_free_principal(context, local_tgs);
+    return for_us;
+}
+
+static krb5_error_code
+test_get_principal(krb5_context context, krb5_const_principal search_for,
+                   unsigned int flags, krb5_db_entry **entry)
+{
+    krb5_error_code ret;
+    krb5_principal princ = NULL, tgtprinc;
+    krb5_principal_data empty_princ = { KV5M_PRINCIPAL };
+    testhandle h = context->dal_handle->db_context;
+    char *search_name = NULL, *canon = NULL, *flagstr;
+    char **names, **key_strings, **stringattrs;
+    const char *ename;
+    krb5_db_entry *ent;
+
+    *entry = NULL;
+
+    if (!request_for_us(context, search_for))
+        return KRB5_KDB_NOENTRY;
+
+    check(krb5_unparse_name_flags(context, search_for,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &search_name));
+    canon = get_string(h, "alias", search_name, NULL);
+    if (canon != NULL) {
+        check(krb5_parse_name(context, canon, &princ));
+        if (!krb5_realm_compare(context, search_for, princ)) {
+            /* Out of realm */
+            if ((flags & KRB5_KDB_FLAG_CLIENT) &&
+                (flags & KRB5_KDB_FLAG_REFERRAL_OK)) {
+                /* Return a client referral by creating an entry with only the
+                 * principal set. */
+                *entry = ealloc(sizeof(**entry));
+                (*entry)->princ = princ;
+                princ = NULL;
+                ret = 0;
+                goto cleanup;
+            } else if (flags & KRB5_KDB_FLAG_REFERRAL_OK) {
+                /* Generate a server referral by looking up the TGT for the
+                 * canonical name's realm. */
+                tgtprinc = tgtname(context, &princ->realm, &search_for->realm);
+                krb5_free_principal(context, princ);
+                princ = tgtprinc;
+
+                krb5_free_unparsed_name(context, search_name);
+                check(krb5_unparse_name_flags(context, princ,
+                                              KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                              &search_name));
+                ename = search_name;
+            } else {
+                ret = KRB5_KDB_NOENTRY;
+                goto cleanup;
+            }
+        } else {
+            ename = canon;
+        }
+    } else {
+        check(krb5_copy_principal(context, search_for, &princ));
+        ename = search_name;
+    }
+
+    /* Check that the entry exists. */
+    set_names(h, "princs", ename, NULL);
+    ret = profile_get_relation_names(h->profile, h->names, &names);
+    if (ret == PROF_NO_RELATION) {
+        ret = KRB5_KDB_NOENTRY;
+        goto cleanup;
+    }
+    profile_free_list(names);
+
+    /* No error exits after this point. */
+
+    ent = ealloc(sizeof(*ent));
+    ent->princ = princ;
+    princ = NULL;
+
+    flagstr = get_string(h, "princs", ename, "flags");
+    if (flagstr != NULL) {
+        check(krb5_flagspec_to_mask(flagstr, &ent->attributes,
+                                    &ent->attributes));
+    }
+    free(flagstr);
+
+    ent->max_life = get_duration(h, "princs", ename, "maxlife");
+    ent->max_renewable_life = get_duration(h, "princs", ename, "maxrenewlife");
+    ent->expiration = get_time(h, "princs", ename, "expiration");
+    ent->pw_expiration = get_time(h, "princs", ename, "pwexpiration");
+
+    /* Leave last_success, last_failed, fail_auth_count zeroed. */
+    /* Leave e_data empty. */
+
+    set_names(h, "princs", ename, "keys");
+    ret = profile_get_values(h->profile, h->names, &key_strings);
+    if (ret != PROF_NO_RELATION) {
+        make_keys(key_strings, ename, &search_for->realm, ent);
+        profile_free_list(key_strings);
+    }
+
+    set_names(h, "princs", ename, "strings");
+    ret = profile_get_values(h->profile, h->names, &stringattrs);
+    if (ret != PROF_NO_RELATION) {
+        make_strings(stringattrs, ent);
+        profile_free_list(stringattrs);
+    }
+
+    /* We must include mod-princ data or kadm5_get_principal() won't work and
+     * we can't extract keys with kadmin.local. */
+    check(krb5_dbe_update_mod_princ_data(context, ent, 0, &empty_princ));
+
+    *entry = ent;
+    ret = 0;
+
+cleanup:
+    krb5_free_unparsed_name(context, search_name);
+    krb5_free_principal(context, princ);
+    free(canon);
+    return ret;
+}
+
+static void
+lookup_princ_by_cert(krb5_context context, const krb5_data *client_cert,
+                     krb5_principal *princ)
+{
+    krb5_error_code ret;
+    char *cert_princ_name;
+
+    /* The test client sends a principal string instead of a cert. */
+    cert_princ_name = k5memdup0(client_cert->data, client_cert->length, &ret);
+    check(ret);
+
+    check(krb5_parse_name_flags(context, cert_princ_name,
+                                KRB5_PRINCIPAL_PARSE_ENTERPRISE, princ));
+    free(cert_princ_name);
+}
+
+static krb5_error_code
+test_get_s4u_x509_principal(krb5_context context, const krb5_data *client_cert,
+                            krb5_const_principal princ, unsigned int flags,
+                            krb5_db_entry **entry)
+{
+    krb5_error_code ret;
+    krb5_principal cert_princ, canon_princ;
+    testhandle h = context->dal_handle->db_context;
+    krb5_boolean match;
+    char *canon, *princ_name;
+
+    lookup_princ_by_cert(context, client_cert, &cert_princ);
+
+    ret = test_get_principal(context, cert_princ, flags, entry);
+    krb5_free_principal(context, cert_princ);
+    if (ret || (flags & KRB5_KDB_FLAG_REFERRAL_OK))
+        return ret;
+
+    if (!krb5_realm_compare(context, princ, (*entry)->princ))
+        abort();
+
+    if (princ->length == 0 ||
+        krb5_principal_compare(context, princ, (*entry)->princ))
+        return 0;
+
+    match = FALSE;
+    check(krb5_unparse_name_flags(context, princ,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &princ_name));
+    canon = get_string(h, "alias", princ_name, NULL);
+    krb5_free_unparsed_name(context, princ_name);
+    if (canon != NULL) {
+        check(krb5_parse_name(context, canon, &canon_princ));
+        match = krb5_principal_compare(context, canon_princ, (*entry)->princ);
+        krb5_free_principal(context, canon_princ);
+    }
+
+    free(canon);
+    return match ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+}
+
+static krb5_error_code
+test_fetch_master_key(krb5_context context, krb5_principal mname,
+                      krb5_keyblock *key_out, krb5_kvno *kvno_out,
+                      char *db_args)
+{
+    memset(key_out, 0, sizeof(*key_out));
+    *kvno_out = 0;
+    return 0;
+}
+
+static krb5_error_code
+test_fetch_master_key_list(krb5_context context, krb5_principal mname,
+                           const krb5_keyblock *key,
+                           krb5_keylist_node **mkeys_out)
+{
+    /* krb5_dbe_get_mkvno() returns an error if we produce NULL, so return an
+     * empty node to make kadm5_get_principal() work. */
+    *mkeys_out = ealloc(sizeof(**mkeys_out));
+    return 0;
+}
+
+static krb5_error_code
+test_decrypt_key_data(krb5_context context, const krb5_keyblock *mkey,
+                      const krb5_key_data *kd, krb5_keyblock *key_out,
+                      krb5_keysalt *salt_out)
+{
+    key_out->magic = KV5M_KEYBLOCK;
+    key_out->enctype = kd->key_data_type[0];
+    key_out->length = kd->key_data_length[0];
+    key_out->contents = ealloc(key_out->length);
+    memcpy(key_out->contents, kd->key_data_contents[0], key_out->length);
+    if (salt_out != NULL) {
+        salt_out->type = (kd->key_data_ver > 1) ? kd->key_data_type[1] :
+            KRB5_KDB_SALTTYPE_NORMAL;
+        salt_out->data = empty_data();
+    }
+    return 0;
+}
+
+static krb5_error_code
+test_encrypt_key_data(krb5_context context, const krb5_keyblock *mkey,
+                      const krb5_keyblock *key, const krb5_keysalt *salt,
+                      int kvno, krb5_key_data *kd_out)
+{
+    memset(kd_out, 0, sizeof(*kd_out));
+    kd_out->key_data_ver = 2;
+    kd_out->key_data_kvno = kvno;
+    kd_out->key_data_type[0] = key->enctype;
+    kd_out->key_data_length[0] = key->length;
+    kd_out->key_data_contents[0] = ealloc(key->length);
+    memcpy(kd_out->key_data_contents[0], key->contents, key->length);
+    kd_out->key_data_type[1] = (salt != NULL) ? salt->type :
+        KRB5_KDB_SALTTYPE_NORMAL;
+    return 0;
+}
+
+static void
+change_auth_indicators(krb5_context context, krb5_data ***auth_indicators)
+{
+    krb5_data **inds, d;
+    int i, val;
+
+    /* If we see an auth indicator "dbincrX", replace the whole indicator list
+     * with "dbincr{X+1}". */
+    inds = *auth_indicators;
+    for (i = 0; inds != NULL && inds[i] != NULL; i++) {
+        if (inds[i]->length == 7 && memcmp(inds[i]->data, "dbincr", 6) == 0) {
+            val = inds[i]->data[6];
+            k5_free_data_ptr_list(inds);
+            inds = ealloc(2 * sizeof(*inds));
+            d = string2data("dbincr0");
+            check(krb5_copy_data(context, &d, &inds[0]));
+            inds[0]->data[6] = val + 1;
+            inds[1] = NULL;
+            *auth_indicators = inds;
+            break;
+        }
+    }
+}
+
+static krb5_error_code
+test_issue_pac(krb5_context context, unsigned int flags, krb5_db_entry *client,
+               krb5_keyblock *replaced_reply_key, krb5_db_entry *server,
+               krb5_db_entry *krb5tgt, krb5_timestamp authtime,
+               krb5_pac old_pac, krb5_pac new_pac,
+               krb5_data ***auth_indicators)
+{
+    krb5_data data = empty_data();
+    krb5_boolean found_logon_info = FALSE;
+    krb5_ui_4 *types = NULL;
+    size_t num_buffers = 0, i;
+
+    change_auth_indicators(context, auth_indicators);
+
+    if (old_pac == NULL ||
+        (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
+        /* Generating an initial PAC. */
+        assert(client != NULL);
+        data = string2data("fake");
+        check(krb5_pac_add_buffer(context, new_pac, KRB5_PAC_LOGON_INFO,
+                                  &data));
+
+        if (replaced_reply_key != NULL) {
+            /* Add a fake PAC_CREDENTIALS_INFO buffer so we can test whether
+             * this parameter was set. */
+            data = string2data("fake credinfo");
+            check(krb5_pac_add_buffer(context, new_pac,
+                                      KRB5_PAC_CREDENTIALS_INFO, &data));
+        }
+        return 0;
+    } else {
+        /* Field copying - my favorite! */
+        if (old_pac != NULL)
+            check(krb5_pac_get_types(context, old_pac, &num_buffers, &types));
+
+        for (i = 0; i < num_buffers; i++) {
+            /* Skip buffer types handled by KDC. */
+            if (types[i] == KRB5_PAC_SERVER_CHECKSUM ||
+                types[i] == KRB5_PAC_PRIVSVR_CHECKSUM ||
+                types[i] == KRB5_PAC_TICKET_CHECKSUM ||
+                types[i] == KRB5_PAC_CLIENT_INFO ||
+                types[i] == KRB5_PAC_DELEGATION_INFO)
+                continue;
+
+            check(krb5_pac_get_buffer(context, old_pac, types[i], &data));
+
+            if (types[i] == KRB5_PAC_LOGON_INFO) {
+                found_logon_info = TRUE;
+                assert(data_eq_string(data, "fake"));
+            }
+
+            check(krb5_pac_add_buffer(context, new_pac, types[i], &data));
+            krb5_free_data_contents(context, &data);
+        }
+
+        if (old_pac != NULL)
+            assert(found_logon_info);
+
+        free(types);
+    }
+
+    return 0;
+}
+
+static krb5_boolean
+match_in_table(krb5_context context, const char *table, const char *sprinc,
+               const char *tprinc)
+{
+    testhandle h = context->dal_handle->db_context;
+    krb5_error_code ret;
+    char **values, **v;
+    krb5_boolean found = FALSE;
+
+    set_names(h, table, sprinc, NULL);
+    ret = profile_get_values(h->profile, h->names, &values);
+    assert(ret == 0 || ret == PROF_NO_RELATION);
+    if (ret)
+        return FALSE;
+    for (v = values; *v != NULL; v++) {
+        if (tprinc == NULL || strcmp(*v, tprinc) == 0) {
+            found = TRUE;
+            break;
+        }
+    }
+    profile_free_list(values);
+    return found;
+}
+
+static krb5_error_code
+test_check_allowed_to_delegate(krb5_context context,
+                               krb5_const_principal client,
+                               const krb5_db_entry *server,
+                               krb5_const_principal proxy)
+{
+    char *sprinc, *tprinc = NULL;
+    krb5_boolean found = FALSE;
+
+    check(krb5_unparse_name_flags(context, server->princ,
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM, &sprinc));
+    if (proxy != NULL) {
+        check(krb5_unparse_name_flags(context, proxy,
+                                      KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                      &tprinc));
+    }
+    found = match_in_table(context, "delegation", sprinc, tprinc);
+    krb5_free_unparsed_name(context, sprinc);
+    krb5_free_unparsed_name(context, tprinc);
+    return found ? 0 : KRB5KDC_ERR_BADOPTION;
+}
+
+static krb5_error_code
+test_allowed_to_delegate_from(krb5_context context,
+                              krb5_const_principal client,
+                              krb5_const_principal server,
+                              krb5_pac server_pac,
+                              const krb5_db_entry *proxy)
+{
+    char *proxy_princ, *server_princ, *pac_client_princ, *client_princ;
+    krb5_boolean found = FALSE;
+
+    assert(server_pac != NULL);
+
+    check(krb5_unparse_name(context, proxy->princ, &proxy_princ));
+    check(krb5_unparse_name(context, server, &server_princ));
+    check(krb5_unparse_name(context, client, &client_princ));
+
+    check(krb5_pac_get_client_info(context, server_pac, NULL,
+                                   &pac_client_princ));
+
+    /* Skip realm portion if not present in PAC. */
+    assert(strncmp(pac_client_princ, server_princ,
+                   strlen(pac_client_princ)) == 0);
+
+    free(pac_client_princ);
+
+    found = match_in_table(context, "rbcd", proxy_princ, server_princ);
+    krb5_free_unparsed_name(context, proxy_princ);
+    krb5_free_unparsed_name(context, server_princ);
+    krb5_free_unparsed_name(context, client_princ);
+    return found ? 0 : KRB5KDC_ERR_BADOPTION;
+}
+
+kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_test, kdb_function_table) = {
+    KRB5_KDB_DAL_MAJOR_VERSION,             /* major version number */
+    0,                                      /* minor version number */
+    test_init,
+    test_cleanup,
+    test_open,
+    test_close,
+    NULL, /* create */
+    NULL, /* destroy */
+    NULL, /* get_age */
+    NULL, /* lock */
+    NULL, /* unlock */
+    test_get_principal,
+    NULL, /* put_principal */
+    NULL, /* delete_principal */
+    NULL, /* rename_principal */
+    NULL, /* iterate */
+    NULL, /* create_policy */
+    NULL, /* get_policy */
+    NULL, /* put_policy */
+    NULL, /* iter_policy */
+    NULL, /* delete_policy */
+    test_fetch_master_key,
+    test_fetch_master_key_list,
+    NULL, /* store_master_key_list */
+    NULL, /* dbe_search_enctype */
+    NULL, /* change_pwd */
+    NULL, /* promote_db */
+    test_decrypt_key_data,
+    test_encrypt_key_data,
+    NULL, /* check_transited_realms */
+    NULL, /* check_policy_as */
+    NULL, /* check_policy_tgs */
+    NULL, /* audit_as_req */
+    NULL, /* refresh_config */
+    test_check_allowed_to_delegate,
+    NULL, /* free_principal_e_data */
+    test_get_s4u_x509_principal,
+    test_allowed_to_delegate_from,
+    test_issue_pac,
+};
diff --git a/krb5-1.21.3/src/plugins/kdb/test/test.exports b/krb5-1.21.3/src/plugins/kdb/test/test.exports
new file mode 100644
index 00000000..f2b7c111
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdb/test/test.exports
@@ -0,0 +1 @@
+kdb_function_table
diff --git a/krb5-1.21.3/src/plugins/kdcpolicy/test/Makefile.in b/krb5-1.21.3/src/plugins/kdcpolicy/test/Makefile.in
new file mode 100644
index 00000000..ea3484e1
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdcpolicy/test/Makefile.in
@@ -0,0 +1,20 @@
+mydir=plugins$(S)kdcpolicy$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=kdcpolicy_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/kdcpolicy/test
+SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(KRB5_BASE_LIBS)
+
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/kdcpolicy/test/deps b/krb5-1.21.3/src/plugins/kdcpolicy/test/deps
new file mode 100644
index 00000000..4ecf533f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdcpolicy/test/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpolicy_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h main.c
diff --git a/krb5-1.21.3/src/plugins/kdcpolicy/test/kdcpolicy_test.exports b/krb5-1.21.3/src/plugins/kdcpolicy/test/kdcpolicy_test.exports
new file mode 100644
index 00000000..9682ec74
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdcpolicy/test/kdcpolicy_test.exports
@@ -0,0 +1 @@
+kdcpolicy_test_initvt
diff --git a/krb5-1.21.3/src/plugins/kdcpolicy/test/main.c b/krb5-1.21.3/src/plugins/kdcpolicy/test/main.c
new file mode 100644
index 00000000..86c80895
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/kdcpolicy/test/main.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/krb5/kdcpolicy_plugin.h - KDC policy plugin interface */
+/*
+ * Copyright (C) 2017 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include <krb5/kdcpolicy_plugin.h>
+
+static krb5_error_code
+output_from_indicator(const char *const *auth_indicators, int divisor,
+                      krb5_deltat *lifetime_out,
+                      krb5_deltat *renew_lifetime_out,
+                      const char **status)
+{
+    if (auth_indicators[0] == NULL) {
+        *status = NULL;
+        return 0;
+    }
+
+    if (strcmp(auth_indicators[0], "ONE_HOUR") == 0) {
+        *lifetime_out = 3600 / divisor;
+        *renew_lifetime_out = *lifetime_out * 2;
+        return 0;
+    } else if (strcmp(auth_indicators[0], "SEVEN_HOURS") == 0) {
+        *lifetime_out = 7 * 3600 / divisor;
+        *renew_lifetime_out = *lifetime_out * 2;
+        return 0;
+    }
+
+    *status = "LOCAL_POLICY";
+    return KRB5KDC_ERR_POLICY;
+}
+
+static krb5_error_code
+test_check_as(krb5_context context, krb5_kdcpolicy_moddata moddata,
+              const krb5_kdc_req *request, const krb5_db_entry *client,
+              const krb5_db_entry *server, const char *const *auth_indicators,
+              const char **status, krb5_deltat *lifetime_out,
+              krb5_deltat *renew_lifetime_out)
+{
+    if (request->client != NULL && request->client->length >= 1 &&
+        data_eq_string(request->client->data[0], "fail")) {
+        *status = "LOCAL_POLICY";
+        return KRB5KDC_ERR_POLICY;
+    }
+    return output_from_indicator(auth_indicators, 1, lifetime_out,
+                                 renew_lifetime_out, status);
+}
+
+static krb5_error_code
+test_check_tgs(krb5_context context, krb5_kdcpolicy_moddata moddata,
+               const krb5_kdc_req *request, const krb5_db_entry *server,
+               const krb5_ticket *ticket, const char *const *auth_indicators,
+               const char **status, krb5_deltat *lifetime_out,
+               krb5_deltat *renew_lifetime_out)
+{
+    if (request->server != NULL && request->server->length >= 1 &&
+        data_eq_string(request->server->data[0], "fail")) {
+        *status = "LOCAL_POLICY";
+        return KRB5KDC_ERR_POLICY;
+    }
+    return output_from_indicator(auth_indicators, 2, lifetime_out,
+                                 renew_lifetime_out, status);
+}
+
+krb5_error_code
+kdcpolicy_test_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+krb5_error_code
+kdcpolicy_test_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_kdcpolicy_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+
+    vt = (krb5_kdcpolicy_vtable)vtable;
+    vt->name = "test";
+    vt->check_as = test_check_as;
+    vt->check_tgs = test_check_tgs;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/localauth/test/Makefile.in b/krb5-1.21.3/src/plugins/localauth/test/Makefile.in
new file mode 100644
index 00000000..2a12d141
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/localauth/test/Makefile.in
@@ -0,0 +1,20 @@
+mydir=plugins$(S)localauth$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=localauth_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/localauth/test
+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS=$(SUPPORT_LIB) $(LIBS)
+
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/localauth/test/deps b/krb5-1.21.3/src/plugins/localauth/test/deps
new file mode 100644
index 00000000..0d3b2d82
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/localauth/test/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/localauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  main.c
diff --git a/krb5-1.21.3/src/plugins/localauth/test/localauth_test.exports b/krb5-1.21.3/src/plugins/localauth/test/localauth_test.exports
new file mode 100644
index 00000000..63c1396c
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/localauth/test/localauth_test.exports
@@ -0,0 +1,2 @@
+localauth_test1_initvt
+localauth_test2_initvt
diff --git a/krb5-1.21.3/src/plugins/localauth/test/main.c b/krb5-1.21.3/src/plugins/localauth/test/main.c
new file mode 100644
index 00000000..9e96900b
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/localauth/test/main.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/localauth/test/main.c - test modules for localauth interface */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This file implements two testing localauth modules, each implementing
+ * clearly recognizable behavior for the localauth test script. */
+
+#include "k5-int.h"
+#include <krb5/localauth_plugin.h>
+
+struct krb5_localauth_moddata_st {
+    int a;
+    int b;
+};
+
+static krb5_error_code
+init_test(krb5_context context, krb5_localauth_moddata *data_out)
+{
+    krb5_localauth_moddata d;
+
+    *data_out = NULL;
+    d = malloc(sizeof(*d));
+    if (d == NULL)
+        return ENOMEM;
+    d->a = 3;
+    d->b = 4;
+    *data_out = d;
+    return 0;
+}
+
+static void
+fini_test(krb5_context context, krb5_localauth_moddata data)
+{
+    assert(data->a == 3);
+    assert(data->b == 4);
+    free(data);
+}
+
+static krb5_error_code
+an2ln_test(krb5_context context, krb5_localauth_moddata data, const char *type,
+           const char *residual, krb5_const_principal aname, char **lname_out)
+{
+    krb5_error_code ret;
+    char *lname = NULL;
+
+    *lname_out = NULL;
+    if (data != NULL) {
+        assert(data->a == 3);
+        assert(data->b == 4);
+    }
+    if (type == NULL) {
+        /* Map any three-component test/___/___ principal to its realm name. */
+        if (aname->length == 3 && data_eq_string(aname->data[0], "test")) {
+            lname = k5memdup0(aname->realm.data, aname->realm.length, &ret);
+            if (lname == NULL)
+                return ret;
+        }
+    } else if (strcmp(type, "TYPEA") == 0) {
+        /* Map any two-component principal to its second component. */
+        if (aname->length == 2) {
+            lname = k5memdup0(aname->data[1].data, aname->data[1].length,
+                              &ret);
+            if (lname == NULL)
+                return ret;
+        }
+    } else {
+        assert(strcmp(type, "TYPEB") == 0);
+        /* Map to the residual string. */
+        lname = strdup(residual == NULL ? "(null)" : residual);
+        if (lname == NULL)
+            return ENOMEM;
+    }
+    if (lname == NULL)
+        return KRB5_LNAME_NOTRANS;
+    *lname_out = lname;
+    return 0;
+}
+
+static krb5_error_code
+userok_test(krb5_context context, krb5_localauth_moddata data,
+            krb5_const_principal aname, const char *lname)
+{
+    if (data != NULL) {
+        assert(data->a == 3);
+        assert(data->b == 4);
+    }
+
+    /* Return success if the number of components in the principal is equal to
+     * the length of the local name. */
+    if ((size_t)aname->length == strlen(lname))
+        return 0;
+
+    /* Pass control down if the first component is "pass". */
+    if (aname->length >= 1 && data_eq_string(aname->data[0], "pass"))
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Otherwise reject. */
+    return EPERM;
+}
+
+static void
+freestr(krb5_context context, krb5_localauth_moddata data, char *str)
+{
+    free(str);
+}
+
+krb5_error_code
+localauth_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+krb5_error_code
+localauth_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+
+krb5_error_code
+localauth_test1_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+
+    vt->init = init_test;
+    vt->fini = fini_test;
+    vt->name = "test1";
+    vt->an2ln = an2ln_test;
+    vt->userok = userok_test;
+    vt->free_string = freestr;
+    return 0;
+}
+
+krb5_error_code
+localauth_test2_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_localauth_vtable vt = (krb5_localauth_vtable)vtable;
+    static const char *types[] = { "TYPEA", "TYPEB", NULL };
+
+    vt->name = "test2";
+    vt->an2ln_types = types;
+    vt->an2ln = an2ln_test;
+    vt->free_string = freestr;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/otp/Makefile.in b/krb5-1.21.3/src/plugins/preauth/otp/Makefile.in
new file mode 100644
index 00000000..a5e137d9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/otp/Makefile.in
@@ -0,0 +1,31 @@
+mydir=plugins$(S)preauth$(S)otp
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
+
+LIBBASE=otp
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/preauth/otp
+
+SHLIB_EXPDEPS = $(VERTO_DEPLIBS) $(KRB5_BASE_DEPLIBS) \
+	$(TOPLIBD)/libkrad$(SHLIBEXT)
+
+SHLIB_EXPLIBS= -lkrad $(VERTO_LIBS) $(KRB5_BASE_LIBS)
+
+STLIBOBJS = \
+	otp_state.o \
+	main.o
+
+SRCS = \
+	$(srcdir)/otp_state.c \
+	$(srcdir)/main.c
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+clean:
+	$(RM) lib$(LIBBASE)$(SO_EXT)
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/preauth/otp/deps b/krb5-1.21.3/src/plugins/preauth/otp/deps
new file mode 100644
index 00000000..d8e023bf
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/otp/deps
@@ -0,0 +1,28 @@
+#
+# Generated makefile dependencies follow.
+#
+otp_state.so otp_state.po $(OUTPRE)otp_state.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(VERTO_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krad.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h otp_state.c otp_state.h
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  main.c otp_state.h
diff --git a/krb5-1.21.3/src/plugins/preauth/otp/main.c b/krb5-1.21.3/src/plugins/preauth/otp/main.c
new file mode 100644
index 00000000..0e682aae
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/otp/main.c
@@ -0,0 +1,390 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/otp/main.c - OTP kdcpreauth module definition */
+/*
+ * Copyright 2011 NORDUnet A/S.  All rights reserved.
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-json.h"
+#include <krb5/preauth_plugin.h>
+#include "otp_state.h"
+
+#include <errno.h>
+#include <ctype.h>
+
+static krb5_preauthtype otp_pa_type_list[] =
+  { KRB5_PADATA_OTP_REQUEST, 0 };
+
+struct request_state {
+    krb5_context context;
+    krb5_kdcpreauth_verify_respond_fn respond;
+    void *arg;
+    krb5_enc_tkt_part *enc_tkt_reply;
+    krb5_kdcpreauth_callbacks preauth_cb;
+    krb5_kdcpreauth_rock rock;
+};
+
+static krb5_error_code
+decrypt_encdata(krb5_context context, krb5_keyblock *armor_key,
+                krb5_pa_otp_req *req, krb5_data *out)
+{
+    krb5_error_code retval;
+    krb5_data plaintext;
+
+    if (req == NULL)
+        return EINVAL;
+
+    retval = alloc_data(&plaintext, req->enc_data.ciphertext.length);
+    if (retval)
+        return retval;
+
+    retval = krb5_c_decrypt(context, armor_key, KRB5_KEYUSAGE_PA_OTP_REQUEST,
+                            NULL, &req->enc_data, &plaintext);
+    if (retval != 0) {
+        com_err("otp", retval, "Unable to decrypt encData in PA-OTP-REQUEST");
+        free(plaintext.data);
+        return retval;
+    }
+
+    *out = plaintext;
+    return 0;
+}
+
+static krb5_error_code
+nonce_verify(krb5_context ctx, krb5_keyblock *armor_key,
+             const krb5_data *nonce)
+{
+    krb5_error_code retval;
+    krb5_timestamp ts;
+    krb5_data *er = NULL;
+
+    if (armor_key == NULL || nonce->data == NULL) {
+        retval = EINVAL;
+        goto out;
+    }
+
+    /* Decode the PA-OTP-ENC-REQUEST structure. */
+    retval = decode_krb5_pa_otp_enc_req(nonce, &er);
+    if (retval != 0)
+        goto out;
+
+    /* Make sure the nonce is exactly the same size as the one generated. */
+    if (er->length != armor_key->length + sizeof(krb5_timestamp))
+        goto out;
+
+    /* Check to make sure the timestamp at the beginning is still valid. */
+    ts = load_32_be(er->data);
+    retval = krb5_check_clockskew(ctx, ts);
+
+out:
+    krb5_free_data(ctx, er);
+    return retval;
+}
+
+static krb5_error_code
+timestamp_verify(krb5_context ctx, const krb5_data *nonce)
+{
+    krb5_error_code retval = EINVAL;
+    krb5_pa_enc_ts *et = NULL;
+
+    if (nonce->data == NULL)
+        goto out;
+
+    /* Decode the PA-ENC-TS-ENC structure. */
+    retval = decode_krb5_pa_enc_ts(nonce, &et);
+    if (retval != 0)
+        goto out;
+
+    /* Check the clockskew. */
+    retval = krb5_check_clockskew(ctx, et->patimestamp);
+
+out:
+    krb5_free_pa_enc_ts(ctx, et);
+    return retval;
+}
+
+static krb5_error_code
+nonce_generate(krb5_context ctx, unsigned int length, krb5_data *nonce_out)
+{
+    krb5_data nonce;
+    krb5_error_code retval;
+    krb5_timestamp now;
+
+    retval = krb5_timeofday(ctx, &now);
+    if (retval != 0)
+        return retval;
+
+    retval = alloc_data(&nonce, sizeof(now) + length);
+    if (retval != 0)
+        return retval;
+
+    retval = krb5_c_random_make_octets(ctx, &nonce);
+    if (retval != 0) {
+        free(nonce.data);
+        return retval;
+    }
+
+    store_32_be(now, nonce.data);
+    *nonce_out = nonce;
+    return 0;
+}
+
+static void
+on_response(void *data, krb5_error_code retval, otp_response response,
+            char *const *indicators)
+{
+    struct request_state rs = *(struct request_state *)data;
+    krb5_context context = rs.context;
+    krb5_keyblock *armor_key;
+    char *const *ind;
+
+    free(data);
+
+    if (retval == 0 && response != otp_response_success)
+        retval = KRB5_PREAUTH_FAILED;
+    if (retval)
+        goto done;
+
+    rs.enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+    armor_key = rs.preauth_cb->fast_armor(context, rs.rock);
+    if (armor_key == NULL) {
+        retval = ENOENT;
+        goto done;
+    }
+
+    retval = rs.preauth_cb->replace_reply_key(context, rs.rock, armor_key,
+                                              FALSE);
+    if (retval)
+        goto done;
+
+    for (ind = indicators; ind != NULL && *ind != NULL; ind++) {
+        retval = rs.preauth_cb->add_auth_indicator(context, rs.rock, *ind);
+        if (retval)
+            goto done;
+    }
+
+done:
+    rs.respond(rs.arg, retval, NULL, NULL, NULL);
+}
+
+static krb5_error_code
+otp_init(krb5_context context, krb5_kdcpreauth_moddata *moddata_out,
+         const char **realmnames)
+{
+    krb5_error_code retval;
+    otp_state *state;
+
+    retval = otp_state_new(context, &state);
+    if (retval)
+        return retval;
+    *moddata_out = (krb5_kdcpreauth_moddata)state;
+    return 0;
+}
+
+static void
+otp_fini(krb5_context context, krb5_kdcpreauth_moddata moddata)
+{
+    otp_state_free((otp_state *)moddata);
+}
+
+static int
+otp_flags(krb5_context context, krb5_preauthtype pa_type)
+{
+    return PA_REPLACES_KEY;
+}
+
+static void
+otp_edata(krb5_context context, krb5_kdc_req *request,
+          krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+          krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
+          krb5_kdcpreauth_edata_respond_fn respond, void *arg)
+{
+    krb5_otp_tokeninfo ti, *tis[2] = { &ti, NULL };
+    krb5_keyblock *armor_key = NULL;
+    krb5_pa_otp_challenge chl;
+    krb5_pa_data *pa = NULL;
+    krb5_error_code retval;
+    krb5_data *encoding, nonce = empty_data();
+    char *config;
+
+    /* Determine if otp is enabled for the user. */
+    retval = cb->get_string(context, rock, "otp", &config);
+    if (retval == 0 && config == NULL)
+        retval = ENOENT;
+    if (retval != 0)
+        goto out;
+    cb->free_string(context, rock, config);
+
+    /* Get the armor key.  This indicates the length of random data to use in
+     * the nonce. */
+    armor_key = cb->fast_armor(context, rock);
+    if (armor_key == NULL) {
+        retval = ENOENT;
+        goto out;
+    }
+
+    /* Build the (mostly empty) challenge. */
+    memset(&ti, 0, sizeof(ti));
+    memset(&chl, 0, sizeof(chl));
+    chl.tokeninfo = tis;
+    ti.format = -1;
+    ti.length = -1;
+    ti.iteration_count = -1;
+
+    /* Generate the nonce. */
+    retval = nonce_generate(context, armor_key->length, &nonce);
+    if (retval != 0)
+        goto out;
+    chl.nonce = nonce;
+
+    /* Build the output pa-data. */
+    retval = encode_krb5_pa_otp_challenge(&chl, &encoding);
+    if (retval != 0)
+        goto out;
+    pa = k5alloc(sizeof(krb5_pa_data), &retval);
+    if (pa == NULL) {
+        krb5_free_data(context, encoding);
+        goto out;
+    }
+    pa->pa_type = KRB5_PADATA_OTP_CHALLENGE;
+    pa->contents = (krb5_octet *)encoding->data;
+    pa->length = encoding->length;
+    free(encoding);
+
+out:
+    krb5_free_data_contents(context, &nonce);
+    (*respond)(arg, retval, pa);
+}
+
+static void
+otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+           krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *pa,
+           krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+           krb5_kdcpreauth_moddata moddata,
+           krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_keyblock *armor_key = NULL;
+    krb5_pa_otp_req *req = NULL;
+    struct request_state *rs;
+    krb5_error_code retval;
+    krb5_data d, plaintext;
+    char *config;
+
+    /* Get the FAST armor key. */
+    armor_key = cb->fast_armor(context, rock);
+    if (armor_key == NULL) {
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        com_err("otp", retval, "No armor key found when verifying padata");
+        goto error;
+    }
+
+    /* Decode the request. */
+    d = make_data(pa->contents, pa->length);
+    retval = decode_krb5_pa_otp_req(&d, &req);
+    if (retval != 0) {
+        com_err("otp", retval, "Unable to decode OTP request");
+        goto error;
+    }
+
+    /* Decrypt the nonce from the request. */
+    retval = decrypt_encdata(context, armor_key, req, &plaintext);
+    if (retval != 0) {
+        com_err("otp", retval, "Unable to decrypt nonce");
+        goto error;
+    }
+
+    /* Verify the nonce or timestamp. */
+    retval = nonce_verify(context, armor_key, &plaintext);
+    if (retval != 0)
+        retval = timestamp_verify(context, &plaintext);
+    krb5_free_data_contents(context, &plaintext);
+    if (retval != 0) {
+        com_err("otp", retval, "Unable to verify nonce or timestamp");
+        goto error;
+    }
+
+    /* Create the request state.  Save the response callback, and the
+     * enc_tkt_reply pointer so we can set the TKT_FLG_PRE_AUTH flag later. */
+    rs = k5alloc(sizeof(struct request_state), &retval);
+    if (rs == NULL)
+        goto error;
+    rs->context = context;
+    rs->arg = arg;
+    rs->respond = respond;
+    rs->enc_tkt_reply = enc_tkt_reply;
+    rs->preauth_cb = cb;
+    rs->rock = rock;
+
+    /* Get the principal's OTP configuration string. */
+    retval = cb->get_string(context, rock, "otp", &config);
+    if (retval == 0 && config == NULL)
+        retval = KRB5_PREAUTH_FAILED;
+    if (retval != 0) {
+        free(rs);
+        goto error;
+    }
+
+    /* Send the request. */
+    otp_state_verify((otp_state *)moddata, cb->event_context(context, rock),
+                     cb->client_name(context, rock), config, req, on_response,
+                     rs);
+    cb->free_string(context, rock, config);
+
+    k5_free_pa_otp_req(context, req);
+    return;
+
+error:
+    k5_free_pa_otp_req(context, req);
+    (*respond)(arg, retval, NULL, NULL, NULL);
+}
+
+krb5_error_code
+kdcpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver,
+                      krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "otp";
+    vt->pa_type_list = otp_pa_type_list;
+    vt->init = otp_init;
+    vt->fini = otp_fini;
+    vt->flags = otp_flags;
+    vt->edata = otp_edata;
+    vt->verify = otp_verify;
+
+    com_err("otp", 0, "Loaded");
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/otp/otp.exports b/krb5-1.21.3/src/plugins/preauth/otp/otp.exports
new file mode 100644
index 00000000..26aa19d4
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/otp/otp.exports
@@ -0,0 +1 @@
+kdcpreauth_otp_initvt
diff --git a/krb5-1.21.3/src/plugins/preauth/otp/otp_state.c b/krb5-1.21.3/src/plugins/preauth/otp/otp_state.c
new file mode 100644
index 00000000..20cd18ab
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/otp/otp_state.c
@@ -0,0 +1,740 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/otp/otp_state.c - Verify OTP token values using RADIUS */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "otp_state.h"
+
+#include <krad.h>
+#include <k5-json.h>
+
+#include <ctype.h>
+
+#ifndef HOST_NAME_MAX
+/* SUSv2 */
+#define HOST_NAME_MAX 255
+#endif
+
+#define DEFAULT_TYPE_NAME "DEFAULT"
+#define DEFAULT_SOCKET_FMT KDC_RUN_DIR "/%s.socket"
+#define DEFAULT_TIMEOUT 5
+#define DEFAULT_RETRIES 3
+#define MAX_SECRET_LEN 1024
+
+typedef struct token_type_st {
+    char *name;
+    char *server;
+    char *secret;
+    int timeout;
+    size_t retries;
+    krb5_boolean strip_realm;
+    char **indicators;
+} token_type;
+
+typedef struct token_st {
+    const token_type *type;
+    krb5_data username;
+    char **indicators;
+} token;
+
+typedef struct request_st {
+    otp_state *state;
+    token *tokens;
+    ssize_t index;
+    otp_cb cb;
+    void *data;
+    krad_attrset *attrs;
+} request;
+
+struct otp_state_st {
+    krb5_context ctx;
+    token_type *types;
+    krad_client *radius;
+    krad_attrset *attrs;
+};
+
+static void request_send(request *req);
+
+static krb5_error_code
+read_secret_file(const char *secret_file, char **secret)
+{
+    char buf[MAX_SECRET_LEN];
+    krb5_error_code retval;
+    char *filename = NULL;
+    FILE *file;
+    size_t i, j;
+
+    *secret = NULL;
+
+    retval = k5_path_join(KDC_DIR, secret_file, &filename);
+    if (retval != 0) {
+        com_err("otp", retval, "Unable to resolve secret file '%s'", filename);
+        goto cleanup;
+    }
+
+    file = fopen(filename, "r");
+    if (file == NULL) {
+        retval = errno;
+        com_err("otp", retval, "Unable to open secret file '%s'", filename);
+        goto cleanup;
+    }
+
+    if (fgets(buf, sizeof(buf), file) == NULL)
+        retval = EIO;
+    fclose(file);
+    if (retval != 0) {
+        com_err("otp", retval, "Unable to read secret file '%s'", filename);
+        goto cleanup;
+    }
+
+    /* Strip whitespace. */
+    for (i = 0; buf[i] != '\0'; i++) {
+        if (!isspace(buf[i]))
+            break;
+    }
+    for (j = strlen(buf); j > i; j--) {
+        if (!isspace(buf[j - 1]))
+            break;
+    }
+
+    *secret = k5memdup0(&buf[i], j - i, &retval);
+
+cleanup:
+    free(filename);
+    return retval;
+}
+
+/* Free the contents of a single token type. */
+static void
+token_type_free(token_type *type)
+{
+    if (type == NULL)
+        return;
+
+    free(type->name);
+    free(type->server);
+    free(type->secret);
+    profile_free_list(type->indicators);
+}
+
+/* Construct the internal default token type. */
+static krb5_error_code
+token_type_default(token_type *out)
+{
+    char *name = NULL, *server = NULL, *secret = NULL;
+
+    memset(out, 0, sizeof(*out));
+
+    name = strdup(DEFAULT_TYPE_NAME);
+    if (name == NULL)
+        goto oom;
+    if (asprintf(&server, DEFAULT_SOCKET_FMT, name) < 0)
+        goto oom;
+    secret = strdup("");
+    if (secret == NULL)
+        goto oom;
+
+    out->name = name;
+    out->server = server;
+    out->secret = secret;
+    out->timeout = DEFAULT_TIMEOUT * 1000;
+    out->retries = DEFAULT_RETRIES;
+    out->strip_realm = FALSE;
+    return 0;
+
+oom:
+    free(name);
+    free(server);
+    free(secret);
+    return ENOMEM;
+}
+
+/* Decode a single token type from the profile. */
+static krb5_error_code
+token_type_decode(profile_t profile, const char *name, token_type *out)
+{
+    char *server = NULL, *name_copy = NULL, *secret = NULL, *pstr = NULL;
+    char **indicators = NULL;
+    const char *keys[4];
+    int strip_realm, timeout, retries;
+    krb5_error_code retval;
+
+    memset(out, 0, sizeof(*out));
+
+    /* Set the name. */
+    name_copy = strdup(name);
+    if (name_copy == NULL)
+        return ENOMEM;
+
+    /* Set strip_realm. */
+    retval = profile_get_boolean(profile, "otp", name, "strip_realm", TRUE,
+                                 &strip_realm);
+    if (retval != 0)
+        goto cleanup;
+
+    /* Set the server. */
+    retval = profile_get_string(profile, "otp", name, "server", NULL, &pstr);
+    if (retval != 0)
+        goto cleanup;
+    if (pstr != NULL) {
+        server = strdup(pstr);
+        profile_release_string(pstr);
+        if (server == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+    } else if (asprintf(&server, DEFAULT_SOCKET_FMT, name) < 0) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    /* Get the secret (optional for Unix-domain sockets). */
+    retval = profile_get_string(profile, "otp", name, "secret", NULL, &pstr);
+    if (retval != 0)
+        goto cleanup;
+    if (pstr != NULL) {
+        retval = read_secret_file(pstr, &secret);
+        profile_release_string(pstr);
+        if (retval != 0)
+            goto cleanup;
+    } else {
+        if (server[0] != '/') {
+            com_err("otp", EINVAL, "Secret missing (token type '%s')", name);
+            retval = EINVAL;
+            goto cleanup;
+        }
+
+        /* Use the default empty secret for UNIX domain stream sockets. */
+        secret = strdup("");
+        if (secret == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+    }
+
+    /* Get the timeout (profile value in seconds, result in milliseconds). */
+    retval = profile_get_integer(profile, "otp", name, "timeout",
+                                 DEFAULT_TIMEOUT, &timeout);
+    if (retval != 0)
+        goto cleanup;
+    timeout *= 1000;
+
+    /* Get the number of retries. */
+    retval = profile_get_integer(profile, "otp", name, "retries",
+                                 DEFAULT_RETRIES, &retries);
+    if (retval != 0)
+        goto cleanup;
+
+    /* Get the authentication indicators to assert if this token is used. */
+    keys[0] = "otp";
+    keys[1] = name;
+    keys[2] = "indicator";
+    keys[3] = NULL;
+    retval = profile_get_values(profile, keys, &indicators);
+    if (retval == PROF_NO_RELATION)
+        retval = 0;
+    if (retval != 0)
+        goto cleanup;
+
+    out->name = name_copy;
+    out->server = server;
+    out->secret = secret;
+    out->timeout = timeout;
+    out->retries = retries;
+    out->strip_realm = strip_realm;
+    out->indicators = indicators;
+    name_copy = server = secret = NULL;
+    indicators = NULL;
+
+cleanup:
+    free(name_copy);
+    free(server);
+    free(secret);
+    profile_free_list(indicators);
+    return retval;
+}
+
+/* Free an array of token types. */
+static void
+token_types_free(token_type *types)
+{
+    size_t i;
+
+    if (types == NULL)
+        return;
+
+    for (i = 0; types[i].server != NULL; i++)
+        token_type_free(&types[i]);
+
+    free(types);
+}
+
+/* Decode an array of token types from the profile. */
+static krb5_error_code
+token_types_decode(profile_t profile, token_type **out)
+{
+    const char *hier[2] = { "otp", NULL };
+    token_type *types = NULL;
+    char **names = NULL;
+    krb5_error_code retval;
+    size_t i, pos;
+    krb5_boolean have_default = FALSE;
+
+    retval = profile_get_subsection_names(profile, hier, &names);
+    if (retval != 0)
+        return retval;
+
+    /* Check if any of the profile subsections overrides the default. */
+    for (i = 0; names[i] != NULL; i++) {
+        if (strcmp(names[i], DEFAULT_TYPE_NAME) == 0)
+            have_default = TRUE;
+    }
+
+    /* Leave space for the default (possibly) and the terminator. */
+    types = k5calloc(i + 2, sizeof(token_type), &retval);
+    if (types == NULL)
+        goto cleanup;
+
+    /* If no default has been specified, use our internal default. */
+    pos = 0;
+    if (!have_default) {
+        retval = token_type_default(&types[pos++]);
+        if (retval != 0)
+            goto cleanup;
+    }
+
+    /* Decode each profile section into a token type element. */
+    for (i = 0; names[i] != NULL; i++) {
+        retval = token_type_decode(profile, names[i], &types[pos++]);
+        if (retval != 0)
+            goto cleanup;
+    }
+
+    *out = types;
+    types = NULL;
+
+cleanup:
+    profile_free_list(names);
+    token_types_free(types);
+    return retval;
+}
+
+/* Free a null-terminated array of strings. */
+static void
+free_strings(char **list)
+{
+    char **p;
+
+    for (p = list; p != NULL && *p != NULL; p++)
+        free(*p);
+    free(list);
+}
+
+/* Free the contents of a single token. */
+static void
+token_free_contents(token *t)
+{
+    if (t == NULL)
+        return;
+    free(t->username.data);
+    free_strings(t->indicators);
+}
+
+/* Decode a JSON array of strings into a null-terminated list of C strings. */
+static krb5_error_code
+indicators_decode(krb5_context ctx, k5_json_value val, char ***indicators_out)
+{
+    k5_json_array arr;
+    k5_json_value obj;
+    char **indicators;
+    size_t len, i;
+
+    *indicators_out = NULL;
+
+    if (k5_json_get_tid(val) != K5_JSON_TID_ARRAY)
+        return EINVAL;
+    arr = val;
+    len = k5_json_array_length(arr);
+    indicators = calloc(len + 1, sizeof(*indicators));
+    if (indicators == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < len; i++) {
+        obj = k5_json_array_get(arr, i);
+        if (k5_json_get_tid(obj) != K5_JSON_TID_STRING) {
+            free_strings(indicators);
+            return EINVAL;
+        }
+        indicators[i] = strdup(k5_json_string_utf8(obj));
+        if (indicators[i] == NULL) {
+            free_strings(indicators);
+            return ENOMEM;
+        }
+    }
+
+    *indicators_out = indicators;
+    return 0;
+}
+
+/* Decode a single token from a JSON token object. */
+static krb5_error_code
+token_decode(krb5_context ctx, krb5_const_principal princ,
+             const token_type *types, k5_json_object obj, token *out)
+{
+    const char *typename = DEFAULT_TYPE_NAME;
+    const token_type *type = NULL;
+    char *username = NULL, **indicators = NULL;
+    krb5_error_code retval;
+    k5_json_value val;
+    size_t i;
+    int flags;
+
+    memset(out, 0, sizeof(*out));
+
+    /* Find the token type. */
+    val = k5_json_object_get(obj, "type");
+    if (val != NULL && k5_json_get_tid(val) == K5_JSON_TID_STRING)
+        typename = k5_json_string_utf8(val);
+    for (i = 0; types[i].server != NULL; i++) {
+        if (strcmp(typename, types[i].name) == 0)
+            type = &types[i];
+    }
+    if (type == NULL)
+        return EINVAL;
+
+    /* Get the username, either from obj or from unparsing the principal. */
+    val = k5_json_object_get(obj, "username");
+    if (val != NULL && k5_json_get_tid(val) == K5_JSON_TID_STRING) {
+        username = strdup(k5_json_string_utf8(val));
+        if (username == NULL)
+            return ENOMEM;
+    } else {
+        flags = type->strip_realm ? KRB5_PRINCIPAL_UNPARSE_NO_REALM : 0;
+        retval = krb5_unparse_name_flags(ctx, princ, flags, &username);
+        if (retval != 0)
+            return retval;
+    }
+
+    /* Get the authentication indicators if specified. */
+    val = k5_json_object_get(obj, "indicators");
+    if (val != NULL) {
+        retval = indicators_decode(ctx, val, &indicators);
+        if (retval != 0) {
+            free(username);
+            return retval;
+        }
+    }
+
+    out->type = type;
+    out->username = string2data(username);
+    out->indicators = indicators;
+    return 0;
+}
+
+/* Free an array of tokens. */
+static void
+tokens_free(token *tokens)
+{
+    size_t i;
+
+    if (tokens == NULL)
+        return;
+
+    for (i = 0; tokens[i].type != NULL; i++)
+        token_free_contents(&tokens[i]);
+
+    free(tokens);
+}
+
+/* Decode a principal config string into a JSON array.  Treat an empty string
+ * or array as if it were "[{}]" which uses the default token type. */
+static krb5_error_code
+decode_config_json(const char *config, k5_json_array *out)
+{
+    krb5_error_code retval;
+    k5_json_value val;
+    k5_json_object obj;
+
+    *out = NULL;
+
+    /* Decode the config string and make sure it's an array. */
+    retval = k5_json_decode((config != NULL) ? config : "[{}]", &val);
+    if (retval != 0)
+        goto error;
+    if (k5_json_get_tid(val) != K5_JSON_TID_ARRAY) {
+        retval = EINVAL;
+        goto error;
+    }
+
+    /* If the array is empty, add in an empty object. */
+    if (k5_json_array_length(val) == 0) {
+        retval = k5_json_object_create(&obj);
+        if (retval != 0)
+            goto error;
+        retval = k5_json_array_add(val, obj);
+        k5_json_release(obj);
+        if (retval != 0)
+            goto error;
+    }
+
+    *out = val;
+    return 0;
+
+error:
+    k5_json_release(val);
+    return retval;
+}
+
+/* Decode an array of tokens from the configuration string. */
+static krb5_error_code
+tokens_decode(krb5_context ctx, krb5_const_principal princ,
+              const token_type *types, const char *config, token **out)
+{
+    krb5_error_code retval;
+    k5_json_array arr = NULL;
+    k5_json_value obj;
+    token *tokens = NULL;
+    size_t len, i;
+
+    retval = decode_config_json(config, &arr);
+    if (retval != 0)
+        return retval;
+    len = k5_json_array_length(arr);
+
+    tokens = k5calloc(len + 1, sizeof(token), &retval);
+    if (tokens == NULL)
+        goto cleanup;
+
+    for (i = 0; i < len; i++) {
+        obj = k5_json_array_get(arr, i);
+        if (k5_json_get_tid(obj) != K5_JSON_TID_OBJECT) {
+            retval = EINVAL;
+            goto cleanup;
+        }
+        retval = token_decode(ctx, princ, types, obj, &tokens[i]);
+        if (retval != 0)
+            goto cleanup;
+    }
+
+    *out = tokens;
+    tokens = NULL;
+
+cleanup:
+    k5_json_release(arr);
+    tokens_free(tokens);
+    return retval;
+}
+
+static void
+request_free(request *req)
+{
+    if (req == NULL)
+        return;
+
+    krad_attrset_free(req->attrs);
+    tokens_free(req->tokens);
+    free(req);
+}
+
+krb5_error_code
+otp_state_new(krb5_context ctx, otp_state **out)
+{
+    char hostname[HOST_NAME_MAX + 1];
+    krb5_error_code retval;
+    profile_t profile;
+    krb5_data hndata;
+    otp_state *self;
+
+    retval = gethostname(hostname, sizeof(hostname));
+    if (retval != 0)
+        return retval;
+
+    self = calloc(1, sizeof(otp_state));
+    if (self == NULL)
+        return ENOMEM;
+
+    retval = krb5_get_profile(ctx, &profile);
+    if (retval != 0)
+        goto error;
+
+    retval = token_types_decode(profile, &self->types);
+    profile_abandon(profile);
+    if (retval != 0)
+        goto error;
+
+    retval = krad_attrset_new(ctx, &self->attrs);
+    if (retval != 0)
+        goto error;
+
+    hndata = make_data(hostname, strlen(hostname));
+    retval = krad_attrset_add(self->attrs,
+                              krad_attr_name2num("NAS-Identifier"), &hndata);
+    if (retval != 0)
+        goto error;
+
+    retval = krad_attrset_add_number(self->attrs,
+                                     krad_attr_name2num("Service-Type"),
+                                     KRAD_SERVICE_TYPE_AUTHENTICATE_ONLY);
+    if (retval != 0)
+        goto error;
+
+    self->ctx = ctx;
+    *out = self;
+    return 0;
+
+error:
+    otp_state_free(self);
+    return retval;
+}
+
+void
+otp_state_free(otp_state *self)
+{
+    if (self == NULL)
+        return;
+
+    krad_attrset_free(self->attrs);
+    krad_client_free(self->radius);
+    token_types_free(self->types);
+    free(self);
+}
+
+static void
+callback(krb5_error_code retval, const krad_packet *rqst,
+         const krad_packet *resp, void *data)
+{
+    request *req = data;
+    token *tok = &req->tokens[req->index];
+    char *const *indicators;
+
+    req->index++;
+
+    if (retval != 0)
+        goto error;
+
+    /* If we received an accept packet, success! */
+    if (krad_packet_get_code(resp) ==
+        krad_code_name2num("Access-Accept")) {
+        indicators = tok->indicators;
+        if (indicators == NULL)
+            indicators = tok->type->indicators;
+        req->cb(req->data, retval, otp_response_success, indicators);
+        request_free(req);
+        return;
+    }
+
+    /* If we have no more tokens to try, failure! */
+    if (req->tokens[req->index].type == NULL)
+        goto error;
+
+    /* Try the next token. */
+    request_send(req);
+    return;
+
+error:
+    req->cb(req->data, retval, otp_response_fail, NULL);
+    request_free(req);
+}
+
+static void
+request_send(request *req)
+{
+    krb5_error_code retval;
+    token *tok = &req->tokens[req->index];
+    const token_type *t = tok->type;
+
+    retval = krad_attrset_add(req->attrs, krad_attr_name2num("User-Name"),
+                              &tok->username);
+    if (retval != 0)
+        goto error;
+
+    retval = krad_client_send(req->state->radius,
+                              krad_code_name2num("Access-Request"), req->attrs,
+                              t->server, t->secret, t->timeout, t->retries,
+                              callback, req);
+    krad_attrset_del(req->attrs, krad_attr_name2num("User-Name"), 0);
+    if (retval != 0)
+        goto error;
+
+    return;
+
+error:
+    req->cb(req->data, retval, otp_response_fail, NULL);
+    request_free(req);
+}
+
+void
+otp_state_verify(otp_state *state, verto_ctx *ctx, krb5_const_principal princ,
+                 const char *config, const krb5_pa_otp_req *req,
+                 otp_cb cb, void *data)
+{
+    krb5_error_code retval;
+    request *rqst = NULL;
+    char *name;
+
+    if (state->radius == NULL) {
+        retval = krad_client_new(state->ctx, ctx, &state->radius);
+        if (retval != 0)
+            goto error;
+    }
+
+    rqst = calloc(1, sizeof(request));
+    if (rqst == NULL) {
+        (*cb)(data, ENOMEM, otp_response_fail, NULL);
+        return;
+    }
+    rqst->state = state;
+    rqst->data = data;
+    rqst->cb = cb;
+
+    retval = krad_attrset_copy(state->attrs, &rqst->attrs);
+    if (retval != 0)
+        goto error;
+
+    retval = krad_attrset_add(rqst->attrs, krad_attr_name2num("User-Password"),
+                              &req->otp_value);
+    if (retval != 0)
+        goto error;
+
+    retval = tokens_decode(state->ctx, princ, state->types, config,
+                           &rqst->tokens);
+    if (retval != 0) {
+        if (krb5_unparse_name(state->ctx, princ, &name) == 0) {
+            com_err("otp", retval,
+                    "Can't decode otp config string for principal '%s'", name);
+            krb5_free_unparsed_name(state->ctx, name);
+        }
+        goto error;
+    }
+
+    request_send(rqst);
+    return;
+
+error:
+    (*cb)(data, retval, otp_response_fail, NULL);
+    request_free(rqst);
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/otp/otp_state.h b/krb5-1.21.3/src/plugins/preauth/otp/otp_state.h
new file mode 100644
index 00000000..da57ad9d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/otp/otp_state.h
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/otp/otp_state.h - Internal declarations for OTP module */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef OTP_H_
+#define OTP_H_
+
+#include <k5-int.h>
+#include <verto.h>
+
+#include <com_err.h>
+
+typedef enum otp_response {
+    otp_response_fail = 0,
+    otp_response_success
+    /* Other values reserved for responses like next token or new pin. */
+} otp_response;
+
+typedef struct otp_state_st otp_state;
+typedef void
+(*otp_cb)(void *data, krb5_error_code retval, otp_response response,
+          char *const *indicators);
+
+krb5_error_code
+otp_state_new(krb5_context ctx, otp_state **self);
+
+void
+otp_state_free(otp_state *self);
+
+void
+otp_state_verify(otp_state *state, verto_ctx *ctx, krb5_const_principal princ,
+                 const char *config, const krb5_pa_otp_req *request,
+                 otp_cb cb, void *data);
+
+#endif /* OTP_H_ */
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/Makefile.in b/krb5-1.21.3/src/plugins/preauth/pkinit/Makefile.in
new file mode 100644
index 00000000..86f143d7
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/Makefile.in
@@ -0,0 +1,53 @@
+mydir=plugins$(S)preauth$(S)pkinit
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
+
+LIBBASE=pkinit
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/preauth/pkinit
+# Depends on libk5crypto and libkrb5
+SHLIB_EXPDEPS = \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS= -lkrb5 $(COM_ERR_LIB) -lk5crypto -lcrypto $(DL_LIB) $(SUPPORT_LIB) $(LIBS)
+
+STLIBOBJS= \
+	pkinit_accessor.o \
+	pkinit_srv.o \
+	pkinit_lib.o \
+	pkinit_clnt.o \
+	pkinit_constants.o \
+	pkinit_profile.o \
+	pkinit_identity.o \
+	pkinit_matching.o \
+	pkinit_crypto_openssl.o
+
+SRCS= \
+	$(srcdir)/pkinit_accessor.c \
+	$(srcdir)/pkinit_srv.c \
+	$(srcdir)/pkinit_lib.c \
+	$(srcdir)/pkinit_kdf_test.c \
+	$(srcdir)/pkinit_constants.c \
+	$(srcdir)/pkinit_clnt.c \
+	$(srcdir)/pkinit_profile.c \
+	$(srcdir)/pkinit_identity.c \
+	$(srcdir)/pkinit_matching.c \
+	$(srcdir)/pkinit_crypto_openssl.c
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+clean:
+	$(RM) pkinit_kdf_test pkinit_kdf_test.o
+
+check-unix: pkinit_kdf_test
+	$(RUN_TEST) ./pkinit_kdf_test
+
+pkinit_kdf_test: pkinit_kdf_test.o $(STLIBOBJS) $(SHLIB_EXPDEPS)
+	$(CC_LINK) -o $@ pkinit_kdf_test.o $(STLIBOBJS) $(SHLIB_EXPLIBS)
+
+@libnover_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/deps b/krb5-1.21.3/src/plugins/preauth/pkinit/deps
new file mode 100644
index 00000000..58320aa8
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/deps
@@ -0,0 +1,115 @@
+#
+# Generated makefile dependencies follow.
+#
+pkinit_accessor.so pkinit_accessor.po $(OUTPRE)pkinit_accessor.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pkinit_accessor.c pkinit_accessor.h
+pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/certauth_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
+  pkinit_srv.c pkinit_trace.h
+pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_lib.c \
+  pkinit_trace.h
+pkinit_kdf_test.so pkinit_kdf_test.po $(OUTPRE)pkinit_kdf_test.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_kdf_test.c \
+  pkinit_trace.h
+pkinit_constants.so pkinit_constants.po $(OUTPRE)pkinit_constants.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_constants.c pkinit_crypto.h \
+  pkinit_trace.h
+pkinit_clnt.so pkinit_clnt.po $(OUTPRE)pkinit_clnt.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pkcs11.h pkinit.h pkinit_accessor.h pkinit_clnt.c pkinit_crypto.h \
+  pkinit_trace.h
+pkinit_profile.so pkinit_profile.po $(OUTPRE)pkinit_profile.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h pkcs11.h pkinit.h \
+  pkinit_accessor.h pkinit_crypto.h pkinit_profile.c \
+  pkinit_trace.h
+pkinit_identity.so pkinit_identity.po $(OUTPRE)pkinit_identity.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_identity.c \
+  pkinit_trace.h
+pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5/clpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_matching.c \
+  pkinit_trace.h
+pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
+  pkinit_crypto_openssl.c pkinit_crypto_openssl.h pkinit_trace.h
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkcs11.h b/krb5-1.21.3/src/plugins/preauth/pkinit/pkcs11.h
new file mode 100644
index 00000000..e3d28463
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkcs11.h
@@ -0,0 +1,1353 @@
+/*
+   Copyright 2006 g10 Code GmbH
+   Copyright 2006 Andreas Jellinghaus
+
+   This file is free software; as a special exception the author gives
+   unlimited permission to copy and/or distribute it, with or without
+   modifications, as long as this notice is preserved.
+
+   This file is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+   the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+   PURPOSE.  */
+
+/* Please submit changes back to the Scute project at
+   https://www.scute.org/ (or send them to marcus@g10code.com), so that
+   they can be picked up by other projects from there as well.  */
+
+/* This file is a modified implementation of the PKCS #11 standard by
+   RSA Security Inc.  It is mostly a drop-in replacement, with the
+   following change:
+
+   This header file does not require any macro definitions by the user
+   (like CK_DEFINE_FUNCTION etc).  In fact, it defines those macros
+   for you (if useful, some are missing, let me know if you need
+   more).
+
+   There is an additional API available that does comply better to the
+   GNU coding standard.  It can be switched on by defining
+   CRYPTOKI_GNU before including this header file.  For this, the
+   following changes are made to the specification:
+
+   All structure types are changed to a "struct ck_foo" where CK_FOO
+   is the type name in PKCS #11.
+
+   All non-structure types are changed to ck_foo_t where CK_FOO is the
+   lowercase version of the type name in PKCS #11.  The basic types
+   (CK_ULONG et al.) are removed without substitute.
+
+   All members of structures are modified in the following way: Type
+   indication prefixes are removed, and underscore characters are
+   inserted before words.  Then the result is lowercased.
+
+   Note that function names are still in the original case, as they
+   need for ABI compatibility.
+
+   CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute.  Use
+   <stdbool.h>.
+
+   If CRYPTOKI_COMPAT is defined before including this header file,
+   then none of the API changes above take place, and the API is the
+   one defined by the PKCS #11 standard.  */
+
+#ifndef PKCS11_H
+#define PKCS11_H 1
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* The version of cryptoki we implement.  The revision is changed with
+   each modification of this file.  If you do not use the "official"
+   version of this file, please consider deleting the revision macro
+   (you may use a macro with a different name to keep track of your
+   versions).  */
+#define CRYPTOKI_VERSION_MAJOR		2
+#define CRYPTOKI_VERSION_MINOR		20
+#define CRYPTOKI_VERSION_REVISION	6
+
+
+/* Compatibility interface is default, unless CRYPTOKI_GNU is
+   given.  */
+#ifndef CRYPTOKI_GNU
+#ifndef CRYPTOKI_COMPAT
+#define CRYPTOKI_COMPAT 1
+#endif
+#endif
+
+/* System dependencies.  */
+
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+
+/* There is a matching pop below.  */
+#pragma pack(push, cryptoki, 1)
+
+#ifdef CRYPTOKI_EXPORTS
+#define CK_SPEC __declspec(dllexport)
+#else
+#define CK_SPEC __declspec(dllimport)
+#endif
+
+#else
+
+#define CK_SPEC
+
+#endif
+
+#ifdef CRYPTOKI_COMPAT
+  /* If we are in compatibility mode, switch all exposed names to the
+     PKCS #11 variant.  There are corresponding #undefs below.  */
+
+#define ck_flags_t CK_FLAGS
+#define ck_version _CK_VERSION
+
+#define ck_info _CK_INFO
+#define cryptoki_version cryptokiVersion
+#define manufacturer_id manufacturerID
+#define library_description libraryDescription
+#define library_version libraryVersion
+
+#define ck_notification_t CK_NOTIFICATION
+#define ck_slot_id_t CK_SLOT_ID
+
+#define ck_slot_info _CK_SLOT_INFO
+#define slot_description slotDescription
+#define hardware_version hardwareVersion
+#define firmware_version firmwareVersion
+
+#define ck_token_info _CK_TOKEN_INFO
+#define serial_number serialNumber
+#define max_session_count ulMaxSessionCount
+#define session_count ulSessionCount
+#define max_rw_session_count ulMaxRwSessionCount
+#define rw_session_count ulRwSessionCount
+#define max_pin_len ulMaxPinLen
+#define min_pin_len ulMinPinLen
+#define total_public_memory ulTotalPublicMemory
+#define free_public_memory ulFreePublicMemory
+#define total_private_memory ulTotalPrivateMemory
+#define free_private_memory ulFreePrivateMemory
+#define utc_time utcTime
+
+#define ck_session_handle_t CK_SESSION_HANDLE
+#define ck_user_type_t CK_USER_TYPE
+#define ck_state_t CK_STATE
+
+#define ck_session_info _CK_SESSION_INFO
+#define slot_id slotID
+#define device_error ulDeviceError
+
+#define ck_object_handle_t CK_OBJECT_HANDLE
+#define ck_object_class_t CK_OBJECT_CLASS
+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
+#define ck_key_type_t CK_KEY_TYPE
+#define ck_certificate_type_t CK_CERTIFICATE_TYPE
+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
+
+#define ck_attribute _CK_ATTRIBUTE
+#define value pValue
+#define value_len ulValueLen
+
+#define ck_date _CK_DATE
+
+#define ck_mechanism_type_t CK_MECHANISM_TYPE
+
+#define ck_mechanism _CK_MECHANISM
+#define parameter pParameter
+#define parameter_len ulParameterLen
+
+#define ck_mechanism_info _CK_MECHANISM_INFO
+#define min_key_size ulMinKeySize
+#define max_key_size ulMaxKeySize
+
+#define ck_rv_t CK_RV
+#define ck_notify_t CK_NOTIFY
+
+#define ck_function_list _CK_FUNCTION_LIST
+
+#define ck_createmutex_t CK_CREATEMUTEX
+#define ck_destroymutex_t CK_DESTROYMUTEX
+#define ck_lockmutex_t CK_LOCKMUTEX
+#define ck_unlockmutex_t CK_UNLOCKMUTEX
+
+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
+#define create_mutex CreateMutex
+#define destroy_mutex DestroyMutex
+#define lock_mutex LockMutex
+#define unlock_mutex UnlockMutex
+#define reserved pReserved
+
+#endif	/* CRYPTOKI_COMPAT */
+
+
+typedef unsigned long ck_flags_t;
+
+struct ck_version
+{
+  unsigned char major;
+  unsigned char minor;
+};
+
+
+struct ck_info
+{
+  struct ck_version cryptoki_version;
+  unsigned char manufacturer_id[32];
+  ck_flags_t flags;
+  unsigned char library_description[32];
+  struct ck_version library_version;
+};
+
+
+typedef unsigned long ck_notification_t;
+
+#define CKN_SURRENDER	(0)
+
+
+typedef unsigned long ck_slot_id_t;
+
+
+struct ck_slot_info
+{
+  unsigned char slot_description[64];
+  unsigned char manufacturer_id[32];
+  ck_flags_t flags;
+  struct ck_version hardware_version;
+  struct ck_version firmware_version;
+};
+
+
+#define CKF_TOKEN_PRESENT	(1 << 0)
+#define CKF_REMOVABLE_DEVICE	(1 << 1)
+#define CKF_HW_SLOT		(1 << 2)
+#define CKF_ARRAY_ATTRIBUTE	(1 << 30)
+
+
+struct ck_token_info
+{
+  unsigned char label[32];
+  unsigned char manufacturer_id[32];
+  unsigned char model[16];
+  unsigned char serial_number[16];
+  ck_flags_t flags;
+  unsigned long max_session_count;
+  unsigned long session_count;
+  unsigned long max_rw_session_count;
+  unsigned long rw_session_count;
+  unsigned long max_pin_len;
+  unsigned long min_pin_len;
+  unsigned long total_public_memory;
+  unsigned long free_public_memory;
+  unsigned long total_private_memory;
+  unsigned long free_private_memory;
+  struct ck_version hardware_version;
+  struct ck_version firmware_version;
+  unsigned char utc_time[16];
+};
+
+
+#define CKF_RNG					(1 << 0)
+#define CKF_WRITE_PROTECTED			(1 << 1)
+#define CKF_LOGIN_REQUIRED			(1 << 2)
+#define CKF_USER_PIN_INITIALIZED		(1 << 3)
+#define CKF_RESTORE_KEY_NOT_NEEDED		(1 << 5)
+#define CKF_CLOCK_ON_TOKEN			(1 << 6)
+#define CKF_PROTECTED_AUTHENTICATION_PATH	(1 << 8)
+#define CKF_DUAL_CRYPTO_OPERATIONS		(1 << 9)
+#define CKF_TOKEN_INITIALIZED			(1 << 10)
+#define CKF_SECONDARY_AUTHENTICATION		(1 << 11)
+#define CKF_USER_PIN_COUNT_LOW			(1 << 16)
+#define CKF_USER_PIN_FINAL_TRY			(1 << 17)
+#define CKF_USER_PIN_LOCKED			(1 << 18)
+#define CKF_USER_PIN_TO_BE_CHANGED		(1 << 19)
+#define CKF_SO_PIN_COUNT_LOW			(1 << 20)
+#define CKF_SO_PIN_FINAL_TRY			(1 << 21)
+#define CKF_SO_PIN_LOCKED			(1 << 22)
+#define CKF_SO_PIN_TO_BE_CHANGED		(1 << 23)
+
+#define CK_UNAVAILABLE_INFORMATION	((unsigned long) -1)
+#define CK_EFFECTIVELY_INFINITE		(0)
+
+
+typedef unsigned long ck_session_handle_t;
+
+#define CK_INVALID_HANDLE	(0)
+
+
+typedef unsigned long ck_user_type_t;
+
+#define CKU_SO			(0)
+#define CKU_USER		(1)
+#define CKU_CONTEXT_SPECIFIC	(2)
+
+
+typedef unsigned long ck_state_t;
+
+#define CKS_RO_PUBLIC_SESSION	(0)
+#define CKS_RO_USER_FUNCTIONS	(1)
+#define CKS_RW_PUBLIC_SESSION	(2)
+#define CKS_RW_USER_FUNCTIONS	(3)
+#define CKS_RW_SO_FUNCTIONS	(4)
+
+
+struct ck_session_info
+{
+  ck_slot_id_t slot_id;
+  ck_state_t state;
+  ck_flags_t flags;
+  unsigned long device_error;
+};
+
+#define CKF_RW_SESSION		(1 << 1)
+#define CKF_SERIAL_SESSION	(1 << 2)
+
+
+typedef unsigned long ck_object_handle_t;
+
+
+typedef unsigned long ck_object_class_t;
+
+#define CKO_DATA		(0)
+#define CKO_CERTIFICATE		(1)
+#define CKO_PUBLIC_KEY		(2)
+#define CKO_PRIVATE_KEY		(3)
+#define CKO_SECRET_KEY		(4)
+#define CKO_HW_FEATURE		(5)
+#define CKO_DOMAIN_PARAMETERS	(6)
+#define CKO_MECHANISM		(7)
+#define CKO_VENDOR_DEFINED	((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_hw_feature_type_t;
+
+#define CKH_MONOTONIC_COUNTER	(1)
+#define CKH_CLOCK		(2)
+#define CKH_USER_INTERFACE	(3)
+#define CKH_VENDOR_DEFINED	((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_key_type_t;
+
+#define CKK_RSA			(0)
+#define CKK_DSA			(1)
+#define CKK_DH			(2)
+#define CKK_ECDSA		(3)
+#define CKK_EC			(3)
+#define CKK_X9_42_DH		(4)
+#define CKK_KEA			(5)
+#define CKK_GENERIC_SECRET	(0x10)
+#define CKK_RC2			(0x11)
+#define CKK_RC4			(0x12)
+#define CKK_DES			(0x13)
+#define CKK_DES2		(0x14)
+#define CKK_DES3		(0x15)
+#define CKK_CAST		(0x16)
+#define CKK_CAST3		(0x17)
+#define CKK_CAST128		(0x18)
+#define CKK_RC5			(0x19)
+#define CKK_IDEA		(0x1a)
+#define CKK_SKIPJACK		(0x1b)
+#define CKK_BATON		(0x1c)
+#define CKK_JUNIPER		(0x1d)
+#define CKK_CDMF		(0x1e)
+#define CKK_AES			(0x1f)
+#define CKK_BLOWFISH		(0x20)
+#define CKK_TWOFISH		(0x21)
+#define CKK_VENDOR_DEFINED	((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_certificate_type_t;
+
+#define CKC_X_509		(0)
+#define CKC_X_509_ATTR_CERT	(1)
+#define CKC_WTLS		(2)
+#define CKC_VENDOR_DEFINED	((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_attribute_type_t;
+
+#define CKA_CLASS			(0)
+#define CKA_TOKEN			(1)
+#define CKA_PRIVATE			(2)
+#define CKA_LABEL			(3)
+#define CKA_APPLICATION			(0x10)
+#define CKA_VALUE			(0x11)
+#define CKA_OBJECT_ID			(0x12)
+#define CKA_CERTIFICATE_TYPE		(0x80)
+#define CKA_ISSUER			(0x81)
+#define CKA_SERIAL_NUMBER		(0x82)
+#define CKA_AC_ISSUER			(0x83)
+#define CKA_OWNER			(0x84)
+#define CKA_ATTR_TYPES			(0x85)
+#define CKA_TRUSTED			(0x86)
+#define CKA_CERTIFICATE_CATEGORY	(0x87)
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN	(0x88)
+#define CKA_URL				(0x89)
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY	(0x8a)
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY	(0x8b)
+#define CKA_CHECK_VALUE			(0x90)
+#define CKA_KEY_TYPE			(0x100)
+#define CKA_SUBJECT			(0x101)
+#define CKA_ID				(0x102)
+#define CKA_SENSITIVE			(0x103)
+#define CKA_ENCRYPT			(0x104)
+#define CKA_DECRYPT			(0x105)
+#define CKA_WRAP			(0x106)
+#define CKA_UNWRAP			(0x107)
+#define CKA_SIGN			(0x108)
+#define CKA_SIGN_RECOVER		(0x109)
+#define CKA_VERIFY			(0x10a)
+#define CKA_VERIFY_RECOVER		(0x10b)
+#define CKA_DERIVE			(0x10c)
+#define CKA_START_DATE			(0x110)
+#define CKA_END_DATE			(0x111)
+#define CKA_MODULUS			(0x120)
+#define CKA_MODULUS_BITS		(0x121)
+#define CKA_PUBLIC_EXPONENT		(0x122)
+#define CKA_PRIVATE_EXPONENT		(0x123)
+#define CKA_PRIME_1			(0x124)
+#define CKA_PRIME_2			(0x125)
+#define CKA_EXPONENT_1			(0x126)
+#define CKA_EXPONENT_2			(0x127)
+#define CKA_COEFFICIENT			(0x128)
+#define CKA_PRIME			(0x130)
+#define CKA_SUBPRIME			(0x131)
+#define CKA_BASE			(0x132)
+#define CKA_PRIME_BITS			(0x133)
+#define CKA_SUB_PRIME_BITS		(0x134)
+#define CKA_VALUE_BITS			(0x160)
+#define CKA_VALUE_LEN			(0x161)
+#define CKA_EXTRACTABLE			(0x162)
+#define CKA_LOCAL			(0x163)
+#define CKA_NEVER_EXTRACTABLE		(0x164)
+#define CKA_ALWAYS_SENSITIVE		(0x165)
+#define CKA_KEY_GEN_MECHANISM		(0x166)
+#define CKA_MODIFIABLE			(0x170)
+#define CKA_ECDSA_PARAMS		(0x180)
+#define CKA_EC_PARAMS			(0x180)
+#define CKA_EC_POINT			(0x181)
+#define CKA_SECONDARY_AUTH		(0x200)
+#define CKA_AUTH_PIN_FLAGS		(0x201)
+#define CKA_ALWAYS_AUTHENTICATE		(0x202)
+#define CKA_WRAP_WITH_TRUSTED		(0x210)
+#define CKA_HW_FEATURE_TYPE		(0x300)
+#define CKA_RESET_ON_INIT		(0x301)
+#define CKA_HAS_RESET			(0x302)
+#define CKA_PIXEL_X			(0x400)
+#define CKA_PIXEL_Y			(0x401)
+#define CKA_RESOLUTION			(0x402)
+#define CKA_CHAR_ROWS			(0x403)
+#define CKA_CHAR_COLUMNS		(0x404)
+#define CKA_COLOR			(0x405)
+#define CKA_BITS_PER_PIXEL		(0x406)
+#define CKA_CHAR_SETS			(0x480)
+#define CKA_ENCODING_METHODS		(0x481)
+#define CKA_MIME_TYPES			(0x482)
+#define CKA_MECHANISM_TYPE		(0x500)
+#define CKA_REQUIRED_CMS_ATTRIBUTES	(0x501)
+#define CKA_DEFAULT_CMS_ATTRIBUTES	(0x502)
+#define CKA_SUPPORTED_CMS_ATTRIBUTES	(0x503)
+#define CKA_WRAP_TEMPLATE		(CKF_ARRAY_ATTRIBUTE | 0x211)
+#define CKA_UNWRAP_TEMPLATE		(CKF_ARRAY_ATTRIBUTE | 0x212)
+#define CKA_ALLOWED_MECHANISMS		(CKF_ARRAY_ATTRIBUTE | 0x600)
+#define CKA_VENDOR_DEFINED		((unsigned long) (1 << 31))
+
+
+struct ck_attribute
+{
+  ck_attribute_type_t type;
+  void *value;
+  unsigned long value_len;
+};
+
+
+struct ck_date
+{
+  unsigned char year[4];
+  unsigned char month[2];
+  unsigned char day[2];
+};
+
+
+typedef unsigned long ck_mechanism_type_t;
+
+#define CKM_RSA_PKCS_KEY_PAIR_GEN	(0)
+#define CKM_RSA_PKCS			(1)
+#define CKM_RSA_9796			(2)
+#define CKM_RSA_X_509			(3)
+#define CKM_MD2_RSA_PKCS		(4)
+#define CKM_MD5_RSA_PKCS		(5)
+#define CKM_SHA1_RSA_PKCS		(6)
+#define CKM_RIPEMD128_RSA_PKCS		(7)
+#define CKM_RIPEMD160_RSA_PKCS		(8)
+#define CKM_RSA_PKCS_OAEP		(9)
+#define CKM_RSA_X9_31_KEY_PAIR_GEN	(0xa)
+#define CKM_RSA_X9_31			(0xb)
+#define CKM_SHA1_RSA_X9_31		(0xc)
+#define CKM_RSA_PKCS_PSS		(0xd)
+#define CKM_SHA1_RSA_PKCS_PSS		(0xe)
+#define CKM_DSA_KEY_PAIR_GEN		(0x10)
+#define	CKM_DSA				(0x11)
+#define CKM_DSA_SHA1			(0x12)
+#define CKM_DH_PKCS_KEY_PAIR_GEN	(0x20)
+#define CKM_DH_PKCS_DERIVE		(0x21)
+#define	CKM_X9_42_DH_KEY_PAIR_GEN	(0x30)
+#define CKM_X9_42_DH_DERIVE		(0x31)
+#define CKM_X9_42_DH_HYBRID_DERIVE	(0x32)
+#define CKM_X9_42_MQV_DERIVE		(0x33)
+#define CKM_SHA256_RSA_PKCS		(0x40)
+#define CKM_SHA384_RSA_PKCS		(0x41)
+#define CKM_SHA512_RSA_PKCS		(0x42)
+#define CKM_SHA256_RSA_PKCS_PSS		(0x43)
+#define CKM_SHA384_RSA_PKCS_PSS		(0x44)
+#define CKM_SHA512_RSA_PKCS_PSS		(0x45)
+#define CKM_RC2_KEY_GEN			(0x100)
+#define CKM_RC2_ECB			(0x101)
+#define	CKM_RC2_CBC			(0x102)
+#define	CKM_RC2_MAC			(0x103)
+#define CKM_RC2_MAC_GENERAL		(0x104)
+#define CKM_RC2_CBC_PAD			(0x105)
+#define CKM_RC4_KEY_GEN			(0x110)
+#define CKM_RC4				(0x111)
+#define CKM_DES_KEY_GEN			(0x120)
+#define CKM_DES_ECB			(0x121)
+#define CKM_DES_CBC			(0x122)
+#define CKM_DES_MAC			(0x123)
+#define CKM_DES_MAC_GENERAL		(0x124)
+#define CKM_DES_CBC_PAD			(0x125)
+#define CKM_DES2_KEY_GEN		(0x130)
+#define CKM_DES3_KEY_GEN		(0x131)
+#define CKM_DES3_ECB			(0x132)
+#define CKM_DES3_CBC			(0x133)
+#define CKM_DES3_MAC			(0x134)
+#define CKM_DES3_MAC_GENERAL		(0x135)
+#define CKM_DES3_CBC_PAD		(0x136)
+#define CKM_CDMF_KEY_GEN		(0x140)
+#define CKM_CDMF_ECB			(0x141)
+#define CKM_CDMF_CBC			(0x142)
+#define CKM_CDMF_MAC			(0x143)
+#define CKM_CDMF_MAC_GENERAL		(0x144)
+#define CKM_CDMF_CBC_PAD		(0x145)
+#define CKM_MD2				(0x200)
+#define CKM_MD2_HMAC			(0x201)
+#define CKM_MD2_HMAC_GENERAL		(0x202)
+#define CKM_MD5				(0x210)
+#define CKM_MD5_HMAC			(0x211)
+#define CKM_MD5_HMAC_GENERAL		(0x212)
+#define CKM_SHA_1			(0x220)
+#define CKM_SHA_1_HMAC			(0x221)
+#define CKM_SHA_1_HMAC_GENERAL		(0x222)
+#define CKM_RIPEMD128			(0x230)
+#define CKM_RIPEMD128_HMAC		(0x231)
+#define CKM_RIPEMD128_HMAC_GENERAL	(0x232)
+#define CKM_RIPEMD160			(0x240)
+#define CKM_RIPEMD160_HMAC		(0x241)
+#define CKM_RIPEMD160_HMAC_GENERAL	(0x242)
+#define CKM_SHA256			(0x250)
+#define CKM_SHA256_HMAC			(0x251)
+#define CKM_SHA256_HMAC_GENERAL		(0x252)
+#define CKM_SHA384			(0x260)
+#define CKM_SHA384_HMAC			(0x261)
+#define CKM_SHA384_HMAC_GENERAL		(0x262)
+#define CKM_SHA512			(0x270)
+#define CKM_SHA512_HMAC			(0x271)
+#define CKM_SHA512_HMAC_GENERAL		(0x272)
+#define CKM_CAST_KEY_GEN		(0x300)
+#define CKM_CAST_ECB			(0x301)
+#define CKM_CAST_CBC			(0x302)
+#define CKM_CAST_MAC			(0x303)
+#define CKM_CAST_MAC_GENERAL		(0x304)
+#define CKM_CAST_CBC_PAD		(0x305)
+#define CKM_CAST3_KEY_GEN		(0x310)
+#define CKM_CAST3_ECB			(0x311)
+#define CKM_CAST3_CBC			(0x312)
+#define CKM_CAST3_MAC			(0x313)
+#define CKM_CAST3_MAC_GENERAL		(0x314)
+#define CKM_CAST3_CBC_PAD		(0x315)
+#define CKM_CAST5_KEY_GEN		(0x320)
+#define CKM_CAST128_KEY_GEN		(0x320)
+#define CKM_CAST5_ECB			(0x321)
+#define CKM_CAST128_ECB			(0x321)
+#define CKM_CAST5_CBC			(0x322)
+#define CKM_CAST128_CBC			(0x322)
+#define CKM_CAST5_MAC			(0x323)
+#define	CKM_CAST128_MAC			(0x323)
+#define CKM_CAST5_MAC_GENERAL		(0x324)
+#define CKM_CAST128_MAC_GENERAL		(0x324)
+#define CKM_CAST5_CBC_PAD		(0x325)
+#define CKM_CAST128_CBC_PAD		(0x325)
+#define CKM_RC5_KEY_GEN			(0x330)
+#define CKM_RC5_ECB			(0x331)
+#define CKM_RC5_CBC			(0x332)
+#define CKM_RC5_MAC			(0x333)
+#define CKM_RC5_MAC_GENERAL		(0x334)
+#define CKM_RC5_CBC_PAD			(0x335)
+#define CKM_IDEA_KEY_GEN		(0x340)
+#define CKM_IDEA_ECB			(0x341)
+#define	CKM_IDEA_CBC			(0x342)
+#define CKM_IDEA_MAC			(0x343)
+#define CKM_IDEA_MAC_GENERAL		(0x344)
+#define CKM_IDEA_CBC_PAD		(0x345)
+#define CKM_GENERIC_SECRET_KEY_GEN	(0x350)
+#define CKM_CONCATENATE_BASE_AND_KEY	(0x360)
+#define CKM_CONCATENATE_BASE_AND_DATA	(0x362)
+#define CKM_CONCATENATE_DATA_AND_BASE	(0x363)
+#define CKM_XOR_BASE_AND_DATA		(0x364)
+#define CKM_EXTRACT_KEY_FROM_KEY	(0x365)
+#define CKM_SSL3_PRE_MASTER_KEY_GEN	(0x370)
+#define CKM_SSL3_MASTER_KEY_DERIVE	(0x371)
+#define CKM_SSL3_KEY_AND_MAC_DERIVE	(0x372)
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH	(0x373)
+#define CKM_TLS_PRE_MASTER_KEY_GEN	(0x374)
+#define CKM_TLS_MASTER_KEY_DERIVE	(0x375)
+#define CKM_TLS_KEY_AND_MAC_DERIVE	(0x376)
+#define CKM_TLS_MASTER_KEY_DERIVE_DH	(0x377)
+#define CKM_SSL3_MD5_MAC		(0x380)
+#define CKM_SSL3_SHA1_MAC		(0x381)
+#define CKM_MD5_KEY_DERIVATION		(0x390)
+#define CKM_MD2_KEY_DERIVATION		(0x391)
+#define CKM_SHA1_KEY_DERIVATION		(0x392)
+#define CKM_PBE_MD2_DES_CBC		(0x3a0)
+#define CKM_PBE_MD5_DES_CBC		(0x3a1)
+#define CKM_PBE_MD5_CAST_CBC		(0x3a2)
+#define CKM_PBE_MD5_CAST3_CBC		(0x3a3)
+#define CKM_PBE_MD5_CAST5_CBC		(0x3a4)
+#define CKM_PBE_MD5_CAST128_CBC		(0x3a4)
+#define CKM_PBE_SHA1_CAST5_CBC		(0x3a5)
+#define CKM_PBE_SHA1_CAST128_CBC	(0x3a5)
+#define CKM_PBE_SHA1_RC4_128		(0x3a6)
+#define CKM_PBE_SHA1_RC4_40		(0x3a7)
+#define CKM_PBE_SHA1_DES3_EDE_CBC	(0x3a8)
+#define CKM_PBE_SHA1_DES2_EDE_CBC	(0x3a9)
+#define CKM_PBE_SHA1_RC2_128_CBC	(0x3aa)
+#define CKM_PBE_SHA1_RC2_40_CBC		(0x3ab)
+#define CKM_PKCS5_PBKD2			(0x3b0)
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC	(0x3c0)
+#define CKM_KEY_WRAP_LYNKS		(0x400)
+#define CKM_KEY_WRAP_SET_OAEP		(0x401)
+#define CKM_SKIPJACK_KEY_GEN		(0x1000)
+#define CKM_SKIPJACK_ECB64		(0x1001)
+#define CKM_SKIPJACK_CBC64		(0x1002)
+#define CKM_SKIPJACK_OFB64		(0x1003)
+#define CKM_SKIPJACK_CFB64		(0x1004)
+#define CKM_SKIPJACK_CFB32		(0x1005)
+#define CKM_SKIPJACK_CFB16		(0x1006)
+#define CKM_SKIPJACK_CFB8		(0x1007)
+#define CKM_SKIPJACK_WRAP		(0x1008)
+#define CKM_SKIPJACK_PRIVATE_WRAP	(0x1009)
+#define CKM_SKIPJACK_RELAYX		(0x100a)
+#define CKM_KEA_KEY_PAIR_GEN		(0x1010)
+#define CKM_KEA_KEY_DERIVE		(0x1011)
+#define CKM_FORTEZZA_TIMESTAMP		(0x1020)
+#define CKM_BATON_KEY_GEN		(0x1030)
+#define CKM_BATON_ECB128		(0x1031)
+#define CKM_BATON_ECB96			(0x1032)
+#define CKM_BATON_CBC128		(0x1033)
+#define CKM_BATON_COUNTER		(0x1034)
+#define CKM_BATON_SHUFFLE		(0x1035)
+#define CKM_BATON_WRAP			(0x1036)
+#define CKM_ECDSA_KEY_PAIR_GEN		(0x1040)
+#define CKM_EC_KEY_PAIR_GEN		(0x1040)
+#define CKM_ECDSA			(0x1041)
+#define CKM_ECDSA_SHA1			(0x1042)
+#define CKM_ECDH1_DERIVE		(0x1050)
+#define CKM_ECDH1_COFACTOR_DERIVE	(0x1051)
+#define CKM_ECMQV_DERIVE		(0x1052)
+#define CKM_JUNIPER_KEY_GEN		(0x1060)
+#define CKM_JUNIPER_ECB128		(0x1061)
+#define CKM_JUNIPER_CBC128		(0x1062)
+#define CKM_JUNIPER_COUNTER		(0x1063)
+#define CKM_JUNIPER_SHUFFLE		(0x1064)
+#define CKM_JUNIPER_WRAP		(0x1065)
+#define CKM_FASTHASH			(0x1070)
+#define CKM_AES_KEY_GEN			(0x1080)
+#define CKM_AES_ECB			(0x1081)
+#define CKM_AES_CBC			(0x1082)
+#define CKM_AES_MAC			(0x1083)
+#define CKM_AES_MAC_GENERAL		(0x1084)
+#define CKM_AES_CBC_PAD			(0x1085)
+#define CKM_DSA_PARAMETER_GEN		(0x2000)
+#define CKM_DH_PKCS_PARAMETER_GEN	(0x2001)
+#define CKM_X9_42_DH_PARAMETER_GEN	(0x2002)
+#define CKM_VENDOR_DEFINED		((unsigned long) (1 << 31))
+
+
+struct ck_mechanism
+{
+  ck_mechanism_type_t mechanism;
+  void *parameter;
+  unsigned long parameter_len;
+};
+
+
+struct ck_mechanism_info
+{
+  unsigned long min_key_size;
+  unsigned long max_key_size;
+  ck_flags_t flags;
+};
+
+#define CKF_HW			(1 << 0)
+#define CKF_ENCRYPT		(1 << 8)
+#define CKF_DECRYPT		(1 << 9)
+#define CKF_DIGEST		(1 << 10)
+#define CKF_SIGN		(1 << 11)
+#define CKF_SIGN_RECOVER	(1 << 12)
+#define CKF_VERIFY		(1 << 13)
+#define CKF_VERIFY_RECOVER	(1 << 14)
+#define CKF_GENERATE		(1 << 15)
+#define CKF_GENERATE_KEY_PAIR	(1 << 16)
+#define CKF_WRAP		(1 << 17)
+#define CKF_UNWRAP		(1 << 18)
+#define CKF_DERIVE		(1 << 19)
+#define CKF_EXTENSION		((unsigned long) (1 << 31))
+
+
+/* Flags for C_WaitForSlotEvent.  */
+#define CKF_DONT_BLOCK				(1)
+
+
+typedef unsigned long ck_rv_t;
+
+
+typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+				ck_notification_t event, void *application);
+
+/* Forward reference.  */
+struct ck_function_list;
+
+#define _CK_DECLARE_FUNCTION(name, args)	\
+typedef ck_rv_t (*CK_ ## name) args;		\
+ck_rv_t CK_SPEC name args
+
+_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
+_CK_DECLARE_FUNCTION (C_GetFunctionList,
+		      (struct ck_function_list **function_list));
+
+_CK_DECLARE_FUNCTION (C_GetSlotList,
+		      (unsigned char token_present, ck_slot_id_t *slot_list,
+		       unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetSlotInfo,
+		      (ck_slot_id_t slot_id, struct ck_slot_info *info));
+_CK_DECLARE_FUNCTION (C_GetTokenInfo,
+		      (ck_slot_id_t slot_id, struct ck_token_info *info));
+_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+		      (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
+_CK_DECLARE_FUNCTION (C_GetMechanismList,
+		      (ck_slot_id_t slot_id,
+		       ck_mechanism_type_t *mechanism_list,
+		       unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+		      (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+		       struct ck_mechanism_info *info));
+_CK_DECLARE_FUNCTION (C_InitToken,
+		      (ck_slot_id_t slot_id, unsigned char *pin,
+		       unsigned long pin_len, unsigned char *label));
+_CK_DECLARE_FUNCTION (C_InitPIN,
+		      (ck_session_handle_t session, unsigned char *pin,
+		       unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_SetPIN,
+		      (ck_session_handle_t session, unsigned char *old_pin,
+		       unsigned long old_len, unsigned char *new_pin,
+		       unsigned long new_len));
+
+_CK_DECLARE_FUNCTION (C_OpenSession,
+		      (ck_slot_id_t slot_id, ck_flags_t flags,
+		       void *application, ck_notify_t notify,
+		       ck_session_handle_t *session));
+_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+_CK_DECLARE_FUNCTION (C_GetSessionInfo,
+		      (ck_session_handle_t session,
+		       struct ck_session_info *info));
+_CK_DECLARE_FUNCTION (C_GetOperationState,
+		      (ck_session_handle_t session,
+		       unsigned char *operation_state,
+		       unsigned long *operation_state_len));
+_CK_DECLARE_FUNCTION (C_SetOperationState,
+		      (ck_session_handle_t session,
+		       unsigned char *operation_state,
+		       unsigned long operation_state_len,
+		       ck_object_handle_t encryption_key,
+		       ck_object_handle_t authentiation_key));
+_CK_DECLARE_FUNCTION (C_Login,
+		      (ck_session_handle_t session, ck_user_type_t user_type,
+		       unsigned char *pin, unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_CreateObject,
+		      (ck_session_handle_t session,
+		       struct ck_attribute *templ,
+		       unsigned long count, ck_object_handle_t *object));
+_CK_DECLARE_FUNCTION (C_CopyObject,
+		      (ck_session_handle_t session, ck_object_handle_t object,
+		       struct ck_attribute *templ, unsigned long count,
+		       ck_object_handle_t *new_object));
+_CK_DECLARE_FUNCTION (C_DestroyObject,
+		      (ck_session_handle_t session,
+		       ck_object_handle_t object));
+_CK_DECLARE_FUNCTION (C_GetObjectSize,
+		      (ck_session_handle_t session,
+		       ck_object_handle_t object,
+		       unsigned long *size));
+_CK_DECLARE_FUNCTION (C_GetAttributeValue,
+		      (ck_session_handle_t session,
+		       ck_object_handle_t object,
+		       struct ck_attribute *templ,
+		       unsigned long count));
+_CK_DECLARE_FUNCTION (C_SetAttributeValue,
+		      (ck_session_handle_t session,
+		       ck_object_handle_t object,
+		       struct ck_attribute *templ,
+		       unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjectsInit,
+		      (ck_session_handle_t session,
+		       struct ck_attribute *templ,
+		       unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjects,
+		      (ck_session_handle_t session,
+		       ck_object_handle_t *object,
+		       unsigned long max_object_count,
+		       unsigned long *object_count));
+_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
+		      (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_EncryptInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Encrypt,
+		      (ck_session_handle_t session,
+		       unsigned char *data, unsigned long data_len,
+		       unsigned char *encrypted_data,
+		       unsigned long *encrypted_data_len));
+_CK_DECLARE_FUNCTION (C_EncryptUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *part, unsigned long part_len,
+		       unsigned char *encrypted_part,
+		       unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_EncryptFinal,
+		      (ck_session_handle_t session,
+		       unsigned char *last_encrypted_part,
+		       unsigned long *last_encrypted_part_len));
+
+_CK_DECLARE_FUNCTION (C_DecryptInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Decrypt,
+		      (ck_session_handle_t session,
+		       unsigned char *encrypted_data,
+		       unsigned long encrypted_data_len,
+		       unsigned char *data, unsigned long *data_len));
+_CK_DECLARE_FUNCTION (C_DecryptUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *encrypted_part,
+		       unsigned long encrypted_part_len,
+		       unsigned char *part, unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_DecryptFinal,
+		      (ck_session_handle_t session,
+		       unsigned char *last_part,
+		       unsigned long *last_part_len));
+
+_CK_DECLARE_FUNCTION (C_DigestInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism));
+_CK_DECLARE_FUNCTION (C_Digest,
+		      (ck_session_handle_t session,
+		       unsigned char *data, unsigned long data_len,
+		       unsigned char *digest,
+		       unsigned long *digest_len));
+_CK_DECLARE_FUNCTION (C_DigestUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_DigestKey,
+		      (ck_session_handle_t session, ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_DigestFinal,
+		      (ck_session_handle_t session,
+		       unsigned char *digest,
+		       unsigned long *digest_len));
+
+_CK_DECLARE_FUNCTION (C_SignInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Sign,
+		      (ck_session_handle_t session,
+		       unsigned char *data, unsigned long data_len,
+		       unsigned char *signature,
+		       unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_SignFinal,
+		      (ck_session_handle_t session,
+		       unsigned char *signature,
+		       unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignRecoverInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_SignRecover,
+		      (ck_session_handle_t session,
+		       unsigned char *data, unsigned long data_len,
+		       unsigned char *signature,
+		       unsigned long *signature_len));
+
+_CK_DECLARE_FUNCTION (C_VerifyInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Verify,
+		      (ck_session_handle_t session,
+		       unsigned char *data, unsigned long data_len,
+		       unsigned char *signature,
+		       unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_VerifyFinal,
+		      (ck_session_handle_t session,
+		       unsigned char *signature,
+		       unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_VerifyRecover,
+		      (ck_session_handle_t session,
+		       unsigned char *signature,
+		       unsigned long signature_len,
+		       unsigned char *data,
+		       unsigned long *data_len));
+
+_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *part, unsigned long part_len,
+		       unsigned char *encrypted_part,
+		       unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *encrypted_part,
+		       unsigned long encrypted_part_len,
+		       unsigned char *part,
+		       unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *part, unsigned long part_len,
+		       unsigned char *encrypted_part,
+		       unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+		      (ck_session_handle_t session,
+		       unsigned char *encrypted_part,
+		       unsigned long encrypted_part_len,
+		       unsigned char *part,
+		       unsigned long *part_len));
+
+_CK_DECLARE_FUNCTION (C_GenerateKey,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       struct ck_attribute *templ,
+		       unsigned long count,
+		       ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       struct ck_attribute *public_key_template,
+		       unsigned long public_key_attribute_count,
+		       struct ck_attribute *private_key_template,
+		       unsigned long private_key_attribute_count,
+		       ck_object_handle_t *public_key,
+		       ck_object_handle_t *private_key));
+_CK_DECLARE_FUNCTION (C_WrapKey,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t wrapping_key,
+		       ck_object_handle_t key,
+		       unsigned char *wrapped_key,
+		       unsigned long *wrapped_key_len));
+_CK_DECLARE_FUNCTION (C_UnwrapKey,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t unwrapping_key,
+		       unsigned char *wrapped_key,
+		       unsigned long wrapped_key_len,
+		       struct ck_attribute *templ,
+		       unsigned long attribute_count,
+		       ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_DeriveKey,
+		      (ck_session_handle_t session,
+		       struct ck_mechanism *mechanism,
+		       ck_object_handle_t base_key,
+		       struct ck_attribute *templ,
+		       unsigned long attribute_count,
+		       ck_object_handle_t *key));
+
+_CK_DECLARE_FUNCTION (C_SeedRandom,
+		      (ck_session_handle_t session, unsigned char *seed,
+		       unsigned long seed_len));
+_CK_DECLARE_FUNCTION (C_GenerateRandom,
+		      (ck_session_handle_t session,
+		       unsigned char *random_data,
+		       unsigned long random_len));
+
+_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+struct ck_function_list
+{
+  struct ck_version version;
+  CK_C_Initialize C_Initialize;
+  CK_C_Finalize C_Finalize;
+  CK_C_GetInfo C_GetInfo;
+  CK_C_GetFunctionList C_GetFunctionList;
+  CK_C_GetSlotList C_GetSlotList;
+  CK_C_GetSlotInfo C_GetSlotInfo;
+  CK_C_GetTokenInfo C_GetTokenInfo;
+  CK_C_GetMechanismList C_GetMechanismList;
+  CK_C_GetMechanismInfo C_GetMechanismInfo;
+  CK_C_InitToken C_InitToken;
+  CK_C_InitPIN C_InitPIN;
+  CK_C_SetPIN C_SetPIN;
+  CK_C_OpenSession C_OpenSession;
+  CK_C_CloseSession C_CloseSession;
+  CK_C_CloseAllSessions C_CloseAllSessions;
+  CK_C_GetSessionInfo C_GetSessionInfo;
+  CK_C_GetOperationState C_GetOperationState;
+  CK_C_SetOperationState C_SetOperationState;
+  CK_C_Login C_Login;
+  CK_C_Logout C_Logout;
+  CK_C_CreateObject C_CreateObject;
+  CK_C_CopyObject C_CopyObject;
+  CK_C_DestroyObject C_DestroyObject;
+  CK_C_GetObjectSize C_GetObjectSize;
+  CK_C_GetAttributeValue C_GetAttributeValue;
+  CK_C_SetAttributeValue C_SetAttributeValue;
+  CK_C_FindObjectsInit C_FindObjectsInit;
+  CK_C_FindObjects C_FindObjects;
+  CK_C_FindObjectsFinal C_FindObjectsFinal;
+  CK_C_EncryptInit C_EncryptInit;
+  CK_C_Encrypt C_Encrypt;
+  CK_C_EncryptUpdate C_EncryptUpdate;
+  CK_C_EncryptFinal C_EncryptFinal;
+  CK_C_DecryptInit C_DecryptInit;
+  CK_C_Decrypt C_Decrypt;
+  CK_C_DecryptUpdate C_DecryptUpdate;
+  CK_C_DecryptFinal C_DecryptFinal;
+  CK_C_DigestInit C_DigestInit;
+  CK_C_Digest C_Digest;
+  CK_C_DigestUpdate C_DigestUpdate;
+  CK_C_DigestKey C_DigestKey;
+  CK_C_DigestFinal C_DigestFinal;
+  CK_C_SignInit C_SignInit;
+  CK_C_Sign C_Sign;
+  CK_C_SignUpdate C_SignUpdate;
+  CK_C_SignFinal C_SignFinal;
+  CK_C_SignRecoverInit C_SignRecoverInit;
+  CK_C_SignRecover C_SignRecover;
+  CK_C_VerifyInit C_VerifyInit;
+  CK_C_Verify C_Verify;
+  CK_C_VerifyUpdate C_VerifyUpdate;
+  CK_C_VerifyFinal C_VerifyFinal;
+  CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+  CK_C_VerifyRecover C_VerifyRecover;
+  CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+  CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+  CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+  CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+  CK_C_GenerateKey C_GenerateKey;
+  CK_C_GenerateKeyPair C_GenerateKeyPair;
+  CK_C_WrapKey C_WrapKey;
+  CK_C_UnwrapKey C_UnwrapKey;
+  CK_C_DeriveKey C_DeriveKey;
+  CK_C_SeedRandom C_SeedRandom;
+  CK_C_GenerateRandom C_GenerateRandom;
+  CK_C_GetFunctionStatus C_GetFunctionStatus;
+  CK_C_CancelFunction C_CancelFunction;
+  CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+};
+
+
+typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+struct ck_c_initialize_args
+{
+  ck_createmutex_t create_mutex;
+  ck_destroymutex_t destroy_mutex;
+  ck_lockmutex_t lock_mutex;
+  ck_unlockmutex_t unlock_mutex;
+  ck_flags_t flags;
+  void *reserved;
+};
+
+
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS	(1 << 0)
+#define CKF_OS_LOCKING_OK			(1 << 1)
+
+#define CKR_OK					(0)
+#define CKR_CANCEL				(1)
+#define CKR_HOST_MEMORY				(2)
+#define CKR_SLOT_ID_INVALID			(3)
+#define CKR_GENERAL_ERROR			(5)
+#define CKR_FUNCTION_FAILED			(6)
+#define CKR_ARGUMENTS_BAD			(7)
+#define CKR_NO_EVENT				(8)
+#define CKR_NEED_TO_CREATE_THREADS		(9)
+#define CKR_CANT_LOCK				(0xa)
+#define CKR_ATTRIBUTE_READ_ONLY			(0x10)
+#define CKR_ATTRIBUTE_SENSITIVE			(0x11)
+#define CKR_ATTRIBUTE_TYPE_INVALID		(0x12)
+#define CKR_ATTRIBUTE_VALUE_INVALID		(0x13)
+#define CKR_DATA_INVALID			(0x20)
+#define CKR_DATA_LEN_RANGE			(0x21)
+#define CKR_DEVICE_ERROR			(0x30)
+#define CKR_DEVICE_MEMORY			(0x31)
+#define CKR_DEVICE_REMOVED			(0x32)
+#define CKR_ENCRYPTED_DATA_INVALID		(0x40)
+#define CKR_ENCRYPTED_DATA_LEN_RANGE		(0x41)
+#define CKR_FUNCTION_CANCELED			(0x50)
+#define CKR_FUNCTION_NOT_PARALLEL		(0x51)
+#define CKR_FUNCTION_NOT_SUPPORTED		(0x54)
+#define CKR_KEY_HANDLE_INVALID			(0x60)
+#define CKR_KEY_SIZE_RANGE			(0x62)
+#define CKR_KEY_TYPE_INCONSISTENT		(0x63)
+#define CKR_KEY_NOT_NEEDED			(0x64)
+#define CKR_KEY_CHANGED				(0x65)
+#define CKR_KEY_NEEDED				(0x66)
+#define CKR_KEY_INDIGESTIBLE			(0x67)
+#define CKR_KEY_FUNCTION_NOT_PERMITTED		(0x68)
+#define CKR_KEY_NOT_WRAPPABLE			(0x69)
+#define CKR_KEY_UNEXTRACTABLE			(0x6a)
+#define CKR_MECHANISM_INVALID			(0x70)
+#define CKR_MECHANISM_PARAM_INVALID		(0x71)
+#define CKR_OBJECT_HANDLE_INVALID		(0x82)
+#define CKR_OPERATION_ACTIVE			(0x90)
+#define CKR_OPERATION_NOT_INITIALIZED		(0x91)
+#define CKR_PIN_INCORRECT			(0xa0)
+#define CKR_PIN_INVALID				(0xa1)
+#define CKR_PIN_LEN_RANGE			(0xa2)
+#define CKR_PIN_EXPIRED				(0xa3)
+#define CKR_PIN_LOCKED				(0xa4)
+#define CKR_SESSION_CLOSED			(0xb0)
+#define CKR_SESSION_COUNT			(0xb1)
+#define CKR_SESSION_HANDLE_INVALID		(0xb3)
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED	(0xb4)
+#define CKR_SESSION_READ_ONLY			(0xb5)
+#define CKR_SESSION_EXISTS			(0xb6)
+#define CKR_SESSION_READ_ONLY_EXISTS		(0xb7)
+#define CKR_SESSION_READ_WRITE_SO_EXISTS	(0xb8)
+#define CKR_SIGNATURE_INVALID			(0xc0)
+#define CKR_SIGNATURE_LEN_RANGE			(0xc1)
+#define CKR_TEMPLATE_INCOMPLETE			(0xd0)
+#define CKR_TEMPLATE_INCONSISTENT		(0xd1)
+#define CKR_TOKEN_NOT_PRESENT			(0xe0)
+#define CKR_TOKEN_NOT_RECOGNIZED		(0xe1)
+#define CKR_TOKEN_WRITE_PROTECTED		(0xe2)
+#define	CKR_UNWRAPPING_KEY_HANDLE_INVALID	(0xf0)
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE		(0xf1)
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT	(0xf2)
+#define CKR_USER_ALREADY_LOGGED_IN		(0x100)
+#define CKR_USER_NOT_LOGGED_IN			(0x101)
+#define CKR_USER_PIN_NOT_INITIALIZED		(0x102)
+#define CKR_USER_TYPE_INVALID			(0x103)
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN	(0x104)
+#define CKR_USER_TOO_MANY_TYPES			(0x105)
+#define CKR_WRAPPED_KEY_INVALID			(0x110)
+#define CKR_WRAPPED_KEY_LEN_RANGE		(0x112)
+#define CKR_WRAPPING_KEY_HANDLE_INVALID		(0x113)
+#define CKR_WRAPPING_KEY_SIZE_RANGE		(0x114)
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT	(0x115)
+#define CKR_RANDOM_SEED_NOT_SUPPORTED		(0x120)
+#define CKR_RANDOM_NO_RNG			(0x121)
+#define CKR_DOMAIN_PARAMS_INVALID		(0x130)
+#define CKR_BUFFER_TOO_SMALL			(0x150)
+#define CKR_SAVED_STATE_INVALID			(0x160)
+#define CKR_INFORMATION_SENSITIVE		(0x170)
+#define CKR_STATE_UNSAVEABLE			(0x180)
+#define CKR_CRYPTOKI_NOT_INITIALIZED		(0x190)
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED	(0x191)
+#define CKR_MUTEX_BAD				(0x1a0)
+#define CKR_MUTEX_NOT_LOCKED			(0x1a1)
+#define CKR_FUNCTION_REJECTED			(0x200)
+#define CKR_VENDOR_DEFINED			((unsigned long) (1 << 31))
+
+
+/* Compatibility layer.  */
+
+#ifdef CRYPTOKI_COMPAT
+
+#undef CK_DEFINE_FUNCTION
+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
+
+/* For NULL.  */
+#include <stddef.h>
+
+typedef unsigned char CK_BYTE;
+typedef unsigned char CK_CHAR;
+typedef unsigned char CK_UTF8CHAR;
+typedef unsigned char CK_BBOOL;
+typedef unsigned long int CK_ULONG;
+typedef long int CK_LONG;
+typedef CK_BYTE *CK_BYTE_PTR;
+typedef CK_CHAR *CK_CHAR_PTR;
+typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+typedef CK_ULONG *CK_ULONG_PTR;
+typedef void *CK_VOID_PTR;
+typedef void **CK_VOID_PTR_PTR;
+#define CK_FALSE 0
+#define CK_TRUE 1
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+#endif
+
+typedef struct ck_version CK_VERSION;
+typedef struct ck_version *CK_VERSION_PTR;
+
+typedef struct ck_info CK_INFO;
+typedef struct ck_info *CK_INFO_PTR;
+
+typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+
+typedef struct ck_slot_info CK_SLOT_INFO;
+typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+
+typedef struct ck_token_info CK_TOKEN_INFO;
+typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+
+typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+
+typedef struct ck_session_info CK_SESSION_INFO;
+typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+
+typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+
+typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+
+typedef struct ck_attribute CK_ATTRIBUTE;
+typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+
+typedef struct ck_date CK_DATE;
+typedef struct ck_date *CK_DATE_PTR;
+
+typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
+typedef struct ck_mechanism CK_MECHANISM;
+typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
+typedef struct ck_function_list CK_FUNCTION_LIST;
+typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
+typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+#define NULL_PTR NULL
+
+/* Delete the helper macros defined at the top of the file.  */
+#undef ck_flags_t
+#undef ck_version
+
+#undef ck_info
+#undef cryptoki_version
+#undef manufacturer_id
+#undef library_description
+#undef library_version
+
+#undef ck_notification_t
+#undef ck_slot_id_t
+
+#undef ck_slot_info
+#undef slot_description
+#undef hardware_version
+#undef firmware_version
+
+#undef ck_token_info
+#undef serial_number
+#undef max_session_count
+#undef session_count
+#undef max_rw_session_count
+#undef rw_session_count
+#undef max_pin_len
+#undef min_pin_len
+#undef total_public_memory
+#undef free_public_memory
+#undef total_private_memory
+#undef free_private_memory
+#undef utc_time
+
+#undef ck_session_handle_t
+#undef ck_user_type_t
+#undef ck_state_t
+
+#undef ck_session_info
+#undef slot_id
+#undef device_error
+
+#undef ck_object_handle_t
+#undef ck_object_class_t
+#undef ck_hw_feature_type_t
+#undef ck_key_type_t
+#undef ck_certificate_type_t
+#undef ck_attribute_type_t
+
+#undef ck_attribute
+#undef value
+#undef value_len
+
+#undef ck_date
+
+#undef ck_mechanism_type_t
+
+#undef ck_mechanism
+#undef parameter
+#undef parameter_len
+
+#undef ck_mechanism_info
+#undef min_key_size
+#undef max_key_size
+
+#undef ck_rv_t
+#undef ck_notify_t
+
+#undef ck_function_list
+
+#undef ck_createmutex_t
+#undef ck_destroymutex_t
+#undef ck_lockmutex_t
+#undef ck_unlockmutex_t
+
+#undef ck_c_initialize_args
+#undef create_mutex
+#undef destroy_mutex
+#undef lock_mutex
+#undef unlock_mutex
+#undef reserved
+
+#endif	/* CRYPTOKI_COMPAT */
+
+/* System dependencies.  */
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+#pragma pack(pop, cryptoki)
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif	/* PKCS11_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit.exports b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit.exports
new file mode 100644
index 00000000..e77fa3ef
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit.exports
@@ -0,0 +1,2 @@
+clpreauth_pkinit_initvt
+kdcpreauth_pkinit_initvt
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit.h b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit.h
new file mode 100644
index 00000000..66f92d8f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit.h
@@ -0,0 +1,385 @@
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#ifndef _PKINIT_H
+#define _PKINIT_H
+
+#include <k5-platform.h>
+#include <krb5/krb5.h>
+#include <krb5/preauth_plugin.h>
+#include <k5-int-pkinit.h>
+#include <profile.h>
+#include "pkinit_accessor.h"
+#include "pkinit_trace.h"
+
+#ifndef WITHOUT_PKCS11
+#include "pkcs11.h"
+
+#define PK_SIGLEN_GUESS 1000
+#define PK_NOSLOT 999999
+#endif
+
+#define DH_PROTOCOL     1
+#define RSA_PROTOCOL    2
+
+#define TD_TRUSTED_CERTIFIERS 104
+#define TD_INVALID_CERTIFICATES 105
+#define TD_DH_PARAMETERS 109
+
+#define PKINIT_CTX_MAGIC	0x05551212
+#define PKINIT_REQ_CTX_MAGIC	0xdeadbeef
+#define PKINIT_DEFERRED_ID_MAGIC    0x3ca20d21
+
+#define PKINIT_DEFAULT_DH_MIN_BITS  2048
+#define PKINIT_DH_MIN_CONFIG_BITS   1024
+
+#define KRB5_CONF_KDCDEFAULTS                   "kdcdefaults"
+#define KRB5_CONF_LIBDEFAULTS                   "libdefaults"
+#define KRB5_CONF_REALMS                        "realms"
+#define KRB5_CONF_PKINIT_ALLOW_UPN              "pkinit_allow_upn"
+#define KRB5_CONF_PKINIT_ANCHORS                "pkinit_anchors"
+#define KRB5_CONF_PKINIT_INDICATOR              "pkinit_indicator"
+#define KRB5_CONF_PKINIT_CERT_MATCH             "pkinit_cert_match"
+#define KRB5_CONF_PKINIT_DH_MIN_BITS            "pkinit_dh_min_bits"
+#define KRB5_CONF_PKINIT_EKU_CHECKING           "pkinit_eku_checking"
+#define KRB5_CONF_PKINIT_IDENTITIES             "pkinit_identities"
+#define KRB5_CONF_PKINIT_IDENTITY               "pkinit_identity"
+#define KRB5_CONF_PKINIT_KDC_HOSTNAME           "pkinit_kdc_hostname"
+/* pkinit_kdc_ocsp has been removed */
+#define KRB5_CONF_PKINIT_KDC_OCSP               "pkinit_kdc_ocsp"
+#define KRB5_CONF_PKINIT_POOL                   "pkinit_pool"
+#define KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING   "pkinit_require_crl_checking"
+#define KRB5_CONF_PKINIT_REQUIRE_FRESHNESS      "pkinit_require_freshness"
+#define KRB5_CONF_PKINIT_REVOKE                 "pkinit_revoke"
+
+/* Make pkiDebug(fmt,...) print, or not.  */
+#ifdef DEBUG
+#define pkiDebug	printf
+#else
+/* Still evaluates for side effects.  */
+static inline void pkiDebug (const char *fmt, ...) { }
+/* This is better if the compiler doesn't inline variadic functions
+   well, but gcc will warn about "left-hand operand of comma
+   expression has no effect".  Still evaluates for side effects.  */
+/* #define pkiDebug	(void) */
+#endif
+
+/* Solaris compiler doesn't grok __FUNCTION__
+ * hack for now.  Fix all the uses eventually. */
+#define __FUNCTION__ __func__
+
+/* Macros to deal with converting between various data types... */
+#define PADATA_TO_KRB5DATA(pad, k5d) \
+    (k5d)->length = (pad)->length; (k5d)->data = (char *)(pad)->contents;
+#define OCTETDATA_TO_KRB5DATA(octd, k5d) \
+    (k5d)->length = (octd)->length; (k5d)->data = (char *)(octd)->data;
+
+extern const krb5_data dh_oid;
+
+/*
+ * notes about crypto contexts:
+ *
+ * the basic idea is that there are crypto contexts that live at
+ * both the plugin level and request level. the identity context (that
+ * keeps info about your own certs and such) is separate because
+ * it is needed at different levels for the kdc and and the client.
+ * (the kdc's identity is at the plugin level, the client's identity
+ * information could change per-request.)
+ * the identity context is meant to have the entity's cert,
+ * a list of trusted and intermediate cas, a list of crls, and any
+ * pkcs11 information.  the req context is meant to have the
+ * received certificate and the DH related information. the plugin
+ * context is meant to have global crypto information, i.e., OIDs
+ * and constant DH parameter information.
+ */
+
+/*
+ * plugin crypto context should keep plugin common information,
+ * eg., OIDs, known DHparams
+ */
+typedef struct _pkinit_plg_crypto_context *pkinit_plg_crypto_context;
+
+/*
+ * request crypto context should keep reqyest common information,
+ * eg., received credentials, DH parameters of this request
+ */
+typedef struct _pkinit_req_crypto_context *pkinit_req_crypto_context;
+
+/*
+ * identity context should keep information about credentials
+ * for the request, eg., my credentials, trusted ca certs,
+ * intermediate ca certs, crls, pkcs11 info
+ */
+typedef struct _pkinit_identity_crypto_context *pkinit_identity_crypto_context;
+
+/*
+ * this structure keeps information about the config options
+ */
+typedef struct _pkinit_plg_opts {
+    int require_eku;	    /* require EKU checking (default is true) */
+    int accept_secondary_eku;/* accept secondary EKU (default is false) */
+    int allow_upn;	    /* allow UPN-SAN instead of pkinit-SAN */
+    int dh_or_rsa;	    /* selects DH or RSA based pkinit */
+    int require_crl_checking; /* require CRL for a CA (default is false) */
+    int require_freshness;  /* require freshness token (default is false) */
+    int disable_freshness;  /* disable freshness token on client for testing */
+    int dh_min_bits;	    /* minimum DH modulus size allowed */
+} pkinit_plg_opts;
+
+/*
+ * this structure keeps options used for a given request
+ */
+typedef struct _pkinit_req_opts {
+    int require_eku;
+    int accept_secondary_eku;
+    int allow_upn;
+    int dh_or_rsa;
+    int require_crl_checking;
+    int dh_size;	    /* initial request DH modulus size (default=1024) */
+    int require_hostname_match;
+    int disable_freshness;
+} pkinit_req_opts;
+
+/*
+ * information about identity from config file or command line
+ */
+
+typedef struct _pkinit_identity_opts {
+    char *identity;
+    char **identity_alt;
+    char **anchors;
+    char **intermediates;
+    char **crls;
+    int  idtype;
+    char *cert_filename;
+    char *key_filename;
+#ifndef WITHOUT_PKCS11
+    char *p11_module_name;
+    CK_SLOT_ID slotid;
+    char *token_label;
+    char *cert_id_string;
+    char *cert_label;
+#endif
+} pkinit_identity_opts;
+
+
+/*
+ * Client's plugin context
+ */
+struct _pkinit_context {
+    int magic;
+    pkinit_plg_crypto_context cryptoctx;
+    pkinit_plg_opts *opts;
+    pkinit_identity_opts *idopts;
+};
+typedef struct _pkinit_context *pkinit_context;
+
+/*
+ * Client's per-request context
+ */
+struct _pkinit_req_context {
+    unsigned int magic;
+    pkinit_req_crypto_context cryptoctx;
+    pkinit_req_opts *opts;
+    pkinit_identity_crypto_context idctx;
+    pkinit_identity_opts *idopts;
+    int do_identity_matching;
+    krb5_preauthtype pa_type;
+    int rfc6112_kdc;
+    int identity_initialized;
+    int identity_prompted;
+    krb5_error_code identity_prompt_retval;
+    krb5_data *freshness_token;
+};
+typedef struct _pkinit_req_context *pkinit_req_context;
+
+/*
+ * KDC's (per-realm) plugin context
+ */
+struct _pkinit_kdc_context {
+    int magic;
+    pkinit_plg_crypto_context cryptoctx;
+    pkinit_plg_opts *opts;
+    pkinit_identity_crypto_context idctx;
+    pkinit_identity_opts *idopts;
+    char *realmname;
+    unsigned int realmname_len;
+    char **auth_indicators;
+};
+typedef struct _pkinit_kdc_context *pkinit_kdc_context;
+
+/*
+ * KDC's per-request context
+ */
+struct _pkinit_kdc_req_context {
+    int magic;
+    pkinit_req_crypto_context cryptoctx;
+    krb5_auth_pack *rcv_auth_pack;
+    krb5_preauthtype pa_type;
+};
+typedef struct _pkinit_kdc_req_context *pkinit_kdc_req_context;
+
+/*
+ * Functions in pkinit_lib.c
+ */
+
+krb5_error_code pkinit_init_req_opts(pkinit_req_opts **);
+void pkinit_fini_req_opts(pkinit_req_opts *);
+
+krb5_error_code pkinit_init_plg_opts(pkinit_plg_opts **);
+void pkinit_fini_plg_opts(pkinit_plg_opts *);
+
+krb5_error_code pkinit_init_identity_opts(pkinit_identity_opts **idopts);
+void pkinit_fini_identity_opts(pkinit_identity_opts *idopts);
+krb5_error_code pkinit_dup_identity_opts(pkinit_identity_opts *src_opts,
+					 pkinit_identity_opts **dest_opts);
+
+/*
+ * Functions in pkinit_identity.c
+ */
+char * idtype2string(int idtype);
+char * catype2string(int catype);
+
+krb5_error_code pkinit_identity_initialize
+	(krb5_context context,				/* IN */
+	 pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	 pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	 pkinit_identity_opts *idopts,			/* IN */
+	 pkinit_identity_crypto_context id_cryptoctx,	/* IN/OUT */
+	 krb5_clpreauth_callbacks cb,			/* IN/OUT */
+	 krb5_clpreauth_rock rock,			/* IN/OUT */
+	 krb5_principal princ);				/* IN (optional) */
+
+krb5_error_code pkinit_identity_prompt
+	(krb5_context context,				/* IN */
+	 pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	 pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	 pkinit_identity_opts *idopts,			/* IN */
+	 pkinit_identity_crypto_context id_cryptoctx,	/* IN/OUT */
+	 krb5_clpreauth_callbacks cb,			/* IN/OUT */
+	 krb5_clpreauth_rock rock,			/* IN/OUT */
+	 int do_matching,				/* IN */
+	 krb5_principal princ);				/* IN (optional) */
+
+krb5_error_code pkinit_cert_matching
+	(krb5_context context,
+	pkinit_plg_crypto_context plg_cryptoctx,
+	pkinit_req_crypto_context req_cryptoctx,
+	pkinit_identity_crypto_context id_cryptoctx,
+	krb5_principal princ);
+
+krb5_error_code pkinit_client_cert_match
+	(krb5_context context,
+	pkinit_plg_crypto_context plgctx,
+	pkinit_req_crypto_context reqctx,
+	const char *match_rule,
+	krb5_boolean *matched);
+
+/*
+ * Client's list of identities for which it needs PINs or passwords
+ */
+struct _pkinit_deferred_id {
+    int magic;
+    char *identity;
+    unsigned long ck_flags;
+    char *password;
+};
+typedef struct _pkinit_deferred_id *pkinit_deferred_id;
+
+krb5_error_code pkinit_set_deferred_id
+	(pkinit_deferred_id **identities, const char *identity,
+	 unsigned long ck_flags, const char *password);
+const char * pkinit_find_deferred_id
+	(pkinit_deferred_id *identities, const char *identity);
+unsigned long pkinit_get_deferred_id_flags
+	(pkinit_deferred_id *identities, const char *identity);
+void pkinit_free_deferred_ids(pkinit_deferred_id *identities);
+
+/*
+ * initialization and free functions
+ */
+void init_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in);
+void init_krb5_reply_key_pack(krb5_reply_key_pack **in);
+
+void init_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
+
+void free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in);
+void free_krb5_reply_key_pack(krb5_reply_key_pack **in);
+void free_krb5_auth_pack(krb5_auth_pack **in);
+void free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
+void free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in);
+void free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in);
+void free_krb5_algorithm_identifier(krb5_algorithm_identifier *in);
+void free_krb5_kdc_dh_key_info(krb5_kdc_dh_key_info **in);
+krb5_error_code pkinit_copy_krb5_data(krb5_data *dst, const krb5_data *src);
+
+
+/*
+ * Functions in pkinit_profile.c
+ */
+krb5_error_code pkinit_kdcdefault_strings
+	(krb5_context context, const char *realmname, const char *option,
+	 char ***ret_value);
+krb5_error_code pkinit_kdcdefault_string
+	(krb5_context context, const char *realmname, const char *option,
+	 char **ret_value);
+krb5_error_code pkinit_kdcdefault_boolean
+	(krb5_context context, const char *realmname, const char *option,
+	 int default_value, int *ret_value);
+krb5_error_code pkinit_kdcdefault_integer
+	(krb5_context context, const char *realmname, const char *option,
+	 int default_value, int *ret_value);
+
+
+krb5_error_code pkinit_libdefault_strings
+	(krb5_context context, const krb5_data *realm,
+	 const char *option, char ***ret_value);
+krb5_error_code pkinit_libdefault_string
+	(krb5_context context, const krb5_data *realm,
+	 const char *option, char **ret_value);
+krb5_error_code pkinit_libdefault_boolean
+	(krb5_context context, const krb5_data *realm, const char *option,
+	 int default_value, int *ret_value);
+krb5_error_code pkinit_libdefault_integer
+	(krb5_context context, const krb5_data *realm, const char *option,
+	 int default_value, int *ret_value);
+
+/*
+ * debugging functions
+ */
+void print_buffer(const unsigned char *, unsigned int);
+void print_buffer_bin(unsigned char *, unsigned int, char *);
+
+/*
+ * Now get crypto function declarations
+ */
+#include "pkinit_crypto.h"
+
+#endif	/* _PKINIT_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_accessor.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_accessor.c
new file mode 100644
index 00000000..0908f1b9
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_accessor.c
@@ -0,0 +1,110 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include <k5-int.h>
+#include "pkinit_accessor.h"
+
+#define DEF_FUNC_PTRS(type)                                             \
+    krb5_error_code (*k5int_encode_##type)(const type *, krb5_data **); \
+    krb5_error_code (*k5int_decode_##type)(const krb5_data *, type **)
+
+#define DEF_FUNC_PTRS_ARRAY(type)                                       \
+    krb5_error_code (*k5int_encode_##type)(const type **, krb5_data **); \
+    krb5_error_code (*k5int_decode_##type)(const krb5_data *, type ***)
+
+DEF_FUNC_PTRS(krb5_auth_pack);
+DEF_FUNC_PTRS(krb5_kdc_dh_key_info);
+DEF_FUNC_PTRS(krb5_pa_pk_as_rep);
+DEF_FUNC_PTRS(krb5_pa_pk_as_req);
+DEF_FUNC_PTRS(krb5_reply_key_pack);
+
+/* special cases... */
+krb5_error_code
+(*k5int_decode_krb5_principal_name)(const krb5_data *, krb5_principal_data **);
+
+krb5_error_code
+(*k5int_encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
+                                      krb5_data **code);
+krb5_error_code
+(*k5int_decode_krb5_td_dh_parameters)(const krb5_data *,
+                                      krb5_algorithm_identifier ***);
+
+krb5_error_code
+(*k5int_encode_krb5_td_trusted_certifiers)
+(krb5_external_principal_identifier *const *, krb5_data **code);
+
+krb5_error_code
+(*k5int_decode_krb5_td_trusted_certifiers)
+(const krb5_data *,
+ krb5_external_principal_identifier ***);
+
+krb5_error_code
+(*k5int_encode_krb5_kdc_req_body)(const krb5_kdc_req *rep, krb5_data **code);
+
+void KRB5_CALLCONV
+(*k5int_krb5_free_kdc_req)(krb5_context, krb5_kdc_req * );
+
+void
+(*k5int_set_prompt_types)(krb5_context, krb5_prompt_type *);
+
+
+/*
+ * Grab internal function pointers from the krb5int_accessor
+ * structure and make them available
+ */
+krb5_error_code
+pkinit_accessor_init(void)
+{
+    krb5_error_code retval;
+    krb5int_access k5int;
+
+    retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION);
+    if (retval)
+        return retval;
+#define SET_PTRS(type)                          \
+    k5int_encode_##type = k5int.encode_##type;  \
+    k5int_decode_##type = k5int.decode_##type;
+
+    SET_PTRS(krb5_auth_pack);
+    SET_PTRS(krb5_kdc_dh_key_info);
+    SET_PTRS(krb5_pa_pk_as_rep);
+    SET_PTRS(krb5_pa_pk_as_req);
+    SET_PTRS(krb5_reply_key_pack);
+    SET_PTRS(krb5_td_dh_parameters);
+    SET_PTRS(krb5_td_trusted_certifiers);
+
+    /* special cases... */
+    k5int_decode_krb5_principal_name = k5int.decode_krb5_principal_name;
+    k5int_encode_krb5_kdc_req_body = k5int.encode_krb5_kdc_req_body;
+    k5int_krb5_free_kdc_req = k5int.free_kdc_req;
+    k5int_set_prompt_types = k5int.set_prompt_types;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_accessor.h b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_accessor.h
new file mode 100644
index 00000000..e510ab62
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_accessor.h
@@ -0,0 +1,74 @@
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#ifndef _PKINIT_ACCESSOR_H
+#define _PKINIT_ACCESSOR_H
+
+/*
+ * Function prototypes
+ */
+krb5_error_code pkinit_accessor_init(void);
+
+#define DEF_EXT_FUNC_PTRS(type) \
+extern krb5_error_code (*k5int_encode_##type)(const type *, krb5_data **); \
+extern krb5_error_code (*k5int_decode_##type)(const krb5_data *, type **)
+
+#define DEF_EXT_FUNC_PTRS_ARRAY(type) \
+extern krb5_error_code (*k5int_encode_##type)(const type **, krb5_data **); \
+extern krb5_error_code (*k5int_decode_##type)(const krb5_data *, type ***)
+
+DEF_EXT_FUNC_PTRS(krb5_auth_pack);
+DEF_EXT_FUNC_PTRS(krb5_kdc_dh_key_info);
+DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_rep);
+DEF_EXT_FUNC_PTRS(krb5_pa_pk_as_req);
+DEF_EXT_FUNC_PTRS(krb5_reply_key_pack);
+
+/* special cases... */
+extern krb5_error_code (*k5int_decode_krb5_principal_name)
+	(const krb5_data *, krb5_principal_data **);
+
+extern krb5_error_code (*k5int_encode_krb5_td_dh_parameters)
+	(krb5_algorithm_identifier *const *, krb5_data **code);
+extern krb5_error_code (*k5int_decode_krb5_td_dh_parameters)
+	(const krb5_data *, krb5_algorithm_identifier ***);
+
+extern krb5_error_code (*k5int_encode_krb5_td_trusted_certifiers)
+	(krb5_external_principal_identifier *const *, krb5_data **code);
+extern krb5_error_code (*k5int_decode_krb5_td_trusted_certifiers)
+	(const krb5_data *, krb5_external_principal_identifier ***);
+
+extern krb5_error_code (*k5int_encode_krb5_kdc_req_body)
+	(const krb5_kdc_req *rep, krb5_data **code);
+extern void KRB5_CALLCONV (*k5int_krb5_free_kdc_req)
+	(krb5_context, krb5_kdc_req * );
+extern void (*k5int_set_prompt_types)
+	(krb5_context, krb5_prompt_type *);
+
+#endif /* _PKINIT_ACCESSOR_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_clnt.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_clnt.c
new file mode 100644
index 00000000..725d5bc4
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -0,0 +1,1514 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include "k5-int.h"
+#include "pkinit.h"
+#include "k5-json.h"
+
+#include <unistd.h>
+#include <sys/stat.h>
+
+/**
+ * Return true if we should use ContentInfo rather than SignedData. This
+ * happens if we are talking to what might be an old (pre-6112) MIT KDC and
+ * we're using anonymous.
+ */
+static int
+use_content_info(krb5_context context, pkinit_req_context req,
+                 krb5_principal client)
+{
+    if (req->rfc6112_kdc)
+        return 0;
+    if (krb5_principal_compare_any_realm(context, client,
+                                         krb5_anonymous_principal()))
+        return 1;
+    return 0;
+}
+
+static krb5_error_code
+pkinit_as_req_create(krb5_context context, pkinit_context plgctx,
+                     pkinit_req_context reqctx, krb5_timestamp ctsec,
+                     krb5_int32 cusec, krb5_ui_4 nonce,
+                     const krb5_checksum *cksum,
+                     krb5_principal client, krb5_principal server,
+                     krb5_data **as_req);
+
+static krb5_error_code
+pkinit_as_rep_parse(krb5_context context, pkinit_context plgctx,
+                    pkinit_req_context reqctx, krb5_preauthtype pa_type,
+                    krb5_kdc_req *request, const krb5_data *as_rep,
+                    krb5_keyblock *key_block, krb5_enctype etype, krb5_data *);
+
+static void pkinit_client_plugin_fini(krb5_context context,
+                                      krb5_clpreauth_moddata moddata);
+
+static krb5_error_code
+pa_pkinit_gen_req(krb5_context context,
+                  pkinit_context plgctx,
+                  pkinit_req_context reqctx,
+                  krb5_clpreauth_callbacks cb,
+                  krb5_clpreauth_rock rock,
+                  krb5_kdc_req * request,
+                  krb5_preauthtype pa_type,
+                  krb5_pa_data *** out_padata,
+                  krb5_prompter_fct prompter,
+                  void *prompter_data,
+                  krb5_get_init_creds_opt *gic_opt)
+{
+
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    krb5_data *out_data = NULL;
+    krb5_timestamp ctsec = 0;
+    krb5_int32 cusec = 0;
+    krb5_ui_4 nonce = 0;
+    krb5_checksum cksum;
+    krb5_data *der_req = NULL;
+    krb5_pa_data **return_pa_data = NULL;
+
+    memset(&cksum, 0, sizeof(cksum));
+    reqctx->pa_type = pa_type;
+
+    pkiDebug("kdc_options = 0x%x  till = %d\n",
+             request->kdc_options, request->till);
+    /* If we don't have a client, we're done */
+    if (request->client == NULL) {
+        pkiDebug("No request->client; aborting PKINIT\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    retval = pkinit_get_kdc_cert(context, plgctx->cryptoctx, reqctx->cryptoctx,
+                                 reqctx->idctx, request->server);
+    if (retval) {
+        pkiDebug("pkinit_get_kdc_cert returned %d\n", retval);
+        goto cleanup;
+    }
+
+    /* checksum of the encoded KDC-REQ-BODY */
+    retval = k5int_encode_krb5_kdc_req_body(request, &der_req);
+    if (retval) {
+        pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
+        goto cleanup;
+    }
+
+    retval = krb5_c_make_checksum(context, CKSUMTYPE_SHA1, NULL, 0, der_req,
+                                  &cksum);
+    if (retval)
+        goto cleanup;
+    TRACE_PKINIT_CLIENT_REQ_CHECKSUM(context, &cksum);
+#ifdef DEBUG_CKSUM
+    pkiDebug("calculating checksum on buf size (%d)\n", der_req->length);
+    print_buffer(der_req->data, der_req->length);
+#endif
+
+    retval = cb->get_preauth_time(context, rock, TRUE, &ctsec, &cusec);
+    if (retval)
+        goto cleanup;
+
+    /* XXX PKINIT RFC says that nonce in PKAuthenticator doesn't have be the
+     * same as in the AS_REQ. However, if we pick a different nonce, then we
+     * need to remember that info when AS_REP is returned. I'm choosing to
+     * reuse the AS_REQ nonce.
+     */
+    nonce = request->nonce;
+
+    retval = pkinit_as_req_create(context, plgctx, reqctx, ctsec, cusec,
+                                  nonce, &cksum, request->client, request->server, &out_data);
+    if (retval) {
+        pkiDebug("error %d on pkinit_as_req_create; aborting PKINIT\n",
+                 (int) retval);
+        goto cleanup;
+    }
+
+    return_pa_data = k5calloc(2, sizeof(*return_pa_data), &retval);
+    if (return_pa_data == NULL)
+        goto cleanup;
+
+    return_pa_data[0] = k5alloc(sizeof(*return_pa_data[0]), &retval);
+    if (return_pa_data[0] == NULL)
+        goto cleanup;
+
+    return_pa_data[0]->magic = KV5M_PA_DATA;
+
+    return_pa_data[0]->pa_type = pa_type;
+    return_pa_data[0]->length = out_data->length;
+    return_pa_data[0]->contents = (krb5_octet *) out_data->data;
+    *out_data = empty_data();
+
+    *out_padata = return_pa_data;
+    return_pa_data = NULL;
+    cb->disable_fallback(context, rock);
+
+cleanup:
+    krb5_free_data(context, der_req);
+    krb5_free_checksum_contents(context, &cksum);
+    krb5_free_data(context, out_data);
+    krb5_free_pa_data(context, return_pa_data);
+    return retval;
+}
+
+static krb5_error_code
+pkinit_as_req_create(krb5_context context,
+                     pkinit_context plgctx,
+                     pkinit_req_context reqctx,
+                     krb5_timestamp ctsec,
+                     krb5_int32 cusec,
+                     krb5_ui_4 nonce,
+                     const krb5_checksum * cksum,
+                     krb5_principal client,
+                     krb5_principal server,
+                     krb5_data ** as_req)
+{
+    krb5_error_code retval = ENOMEM;
+    krb5_data spki = empty_data(), *coded_auth_pack = NULL;
+    krb5_auth_pack auth_pack;
+    krb5_pa_pk_as_req *req = NULL;
+    krb5_algorithm_identifier **cmstypes = NULL;
+    int protocol = reqctx->opts->dh_or_rsa;
+
+    pkiDebug("pkinit_as_req_create pa_type = %d\n", reqctx->pa_type);
+
+    /* Create the authpack */
+    memset(&auth_pack, 0, sizeof(auth_pack));
+    auth_pack.pkAuthenticator.ctime = ctsec;
+    auth_pack.pkAuthenticator.cusec = cusec;
+    auth_pack.pkAuthenticator.nonce = nonce;
+    auth_pack.pkAuthenticator.paChecksum = *cksum;
+    if (!reqctx->opts->disable_freshness)
+        auth_pack.pkAuthenticator.freshnessToken = reqctx->freshness_token;
+    auth_pack.clientDHNonce.length = 0;
+    auth_pack.supportedKDFs = (krb5_data **)supported_kdf_alg_ids;
+
+    /* add List of CMS algorithms */
+    retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
+                                           reqctx->cryptoctx,
+                                           reqctx->idctx, &cmstypes);
+    auth_pack.supportedCMSTypes = cmstypes;
+    if (retval)
+        goto cleanup;
+
+    switch(protocol) {
+    case DH_PROTOCOL:
+        TRACE_PKINIT_CLIENT_REQ_DH(context);
+        pkiDebug("as_req: DH key transport algorithm\n");
+
+        /* create client-side DH keys */
+        retval = client_create_dh(context, plgctx->cryptoctx,
+                                  reqctx->cryptoctx, reqctx->idctx,
+                                  reqctx->opts->dh_size, &spki);
+        auth_pack.clientPublicValue = spki;
+        if (retval != 0) {
+            pkiDebug("failed to create dh parameters\n");
+            goto cleanup;
+        }
+        break;
+    case RSA_PROTOCOL:
+        TRACE_PKINIT_CLIENT_REQ_RSA(context);
+        pkiDebug("as_req: RSA key transport algorithm\n");
+        break;
+    default:
+        pkiDebug("as_req: unknown key transport protocol %d\n",
+                 protocol);
+        retval = -1;
+        goto cleanup;
+    }
+
+    retval = k5int_encode_krb5_auth_pack(&auth_pack, &coded_auth_pack);
+    if (retval) {
+        pkiDebug("failed to encode the AuthPack %d\n", retval);
+        goto cleanup;
+    }
+#ifdef DEBUG_ASN1
+    print_buffer_bin((unsigned char *)coded_auth_pack->data,
+                     coded_auth_pack->length,
+                     "/tmp/client_auth_pack");
+#endif
+
+    /* create PKCS7 object from authpack */
+    init_krb5_pa_pk_as_req(&req);
+    if (req == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    if (use_content_info(context, reqctx, client)) {
+        retval = cms_contentinfo_create(context, plgctx->cryptoctx,
+                                        reqctx->cryptoctx, reqctx->idctx,
+                                        CMS_SIGN_CLIENT,
+                                        (unsigned char *)
+                                        coded_auth_pack->data,
+                                        coded_auth_pack->length,
+                                        (unsigned char **)
+                                        &req->signedAuthPack.data,
+                                        &req->signedAuthPack.length);
+    } else {
+        retval = cms_signeddata_create(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, reqctx->idctx,
+                                       CMS_SIGN_CLIENT,
+                                       (unsigned char *)
+                                       coded_auth_pack->data,
+                                       coded_auth_pack->length,
+                                       (unsigned char **)
+                                       &req->signedAuthPack.data,
+                                       &req->signedAuthPack.length);
+    }
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin((unsigned char *)req->signedAuthPack.data,
+                     req->signedAuthPack.length,
+                     "/tmp/client_signed_data");
+#endif
+
+    krb5_free_data(context, coded_auth_pack);
+    if (retval) {
+        pkiDebug("failed to create pkcs7 signed data\n");
+        goto cleanup;
+    }
+
+    /* create a list of trusted CAs */
+    retval = create_krb5_trustedCertifiers(context, plgctx->cryptoctx,
+                                           reqctx->cryptoctx, reqctx->idctx,
+                                           &req->trustedCertifiers);
+    if (retval)
+        goto cleanup;
+    retval = create_issuerAndSerial(context, plgctx->cryptoctx,
+                                    reqctx->cryptoctx, reqctx->idctx,
+                                    (unsigned char **)&req->kdcPkId.data,
+                                    &req->kdcPkId.length);
+    if (retval)
+        goto cleanup;
+
+    /* Encode the as-req */
+    retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
+
+#ifdef DEBUG_ASN1
+    if (!retval)
+        print_buffer_bin((unsigned char *)(*as_req)->data, (*as_req)->length,
+                         "/tmp/client_as_req");
+#endif
+
+cleanup:
+    free_krb5_algorithm_identifiers(&cmstypes);
+    free_krb5_pa_pk_as_req(&req);
+    krb5_free_data_contents(context, &spki);
+
+    pkiDebug("pkinit_as_req_create retval=%d\n", (int) retval);
+
+    return retval;
+}
+
+static krb5_error_code
+pa_pkinit_parse_rep(krb5_context context,
+                    pkinit_context plgctx,
+                    pkinit_req_context reqctx,
+                    krb5_kdc_req * request,
+                    krb5_pa_data * in_padata,
+                    krb5_enctype etype,
+                    krb5_keyblock * as_key,
+                    krb5_data *encoded_request)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    krb5_data asRep = { 0, 0, NULL};
+
+    /*
+     * One way or the other - success or failure - no other PA systems can
+     * work if the server sent us a PKINIT reply, since only we know how to
+     * decrypt the key.
+     */
+    if ((in_padata == NULL) || (in_padata->length == 0)) {
+        pkiDebug("pa_pkinit_parse_rep: no in_padata\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    asRep.data = (char *) in_padata->contents;
+    asRep.length = in_padata->length;
+
+    retval =
+        pkinit_as_rep_parse(context, plgctx, reqctx, in_padata->pa_type,
+                            request, &asRep, as_key, etype, encoded_request);
+    if (retval) {
+        pkiDebug("pkinit_as_rep_parse returned %d (%s)\n",
+                 retval, error_message(retval));
+        goto cleanup;
+    }
+
+    retval = 0;
+
+cleanup:
+
+    return retval;
+}
+
+static krb5_error_code
+verify_kdc_san(krb5_context context,
+               pkinit_context plgctx,
+               pkinit_req_context reqctx,
+               krb5_principal kdcprinc,
+               int *valid_san,
+               int *need_eku_checking)
+{
+    krb5_error_code retval;
+    char **certhosts = NULL, **cfghosts = NULL, **hostptr;
+    krb5_principal *princs = NULL;
+    unsigned char ***get_dns;
+    int i, j;
+
+    *valid_san = 0;
+    *need_eku_checking = 1;
+
+    retval = pkinit_libdefault_strings(context,
+                                       krb5_princ_realm(context, kdcprinc),
+                                       KRB5_CONF_PKINIT_KDC_HOSTNAME,
+                                       &cfghosts);
+    if (retval || cfghosts == NULL) {
+        pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n",
+                 __FUNCTION__);
+        get_dns = NULL;
+    } else {
+        pkiDebug("%s: pkinit_kdc_hostname values found in config file\n",
+                 __FUNCTION__);
+        for (hostptr = cfghosts; *hostptr != NULL; hostptr++)
+            TRACE_PKINIT_CLIENT_SAN_CONFIG_DNSNAME(context, *hostptr);
+        get_dns = (unsigned char ***)&certhosts;
+    }
+
+    retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, reqctx->idctx,
+                                       &princs, NULL, get_dns);
+    if (retval) {
+        pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
+        TRACE_PKINIT_CLIENT_SAN_ERR(context);
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto out;
+    }
+    for (i = 0; princs != NULL && princs[i] != NULL; i++)
+        TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, princs[i]);
+    if (certhosts != NULL) {
+        for (hostptr = certhosts; *hostptr != NULL; hostptr++)
+            TRACE_PKINIT_CLIENT_SAN_KDCCERT_DNSNAME(context, *hostptr);
+    }
+
+    pkiDebug("%s: Checking pkinit sans\n", __FUNCTION__);
+    for (i = 0; princs != NULL && princs[i] != NULL; i++) {
+        if (krb5_principal_compare(context, princs[i], kdcprinc)) {
+            TRACE_PKINIT_CLIENT_SAN_MATCH_PRINC(context, kdcprinc);
+            pkiDebug("%s: pkinit san match found\n", __FUNCTION__);
+            *valid_san = 1;
+            *need_eku_checking = 0;
+            retval = 0;
+            goto out;
+        }
+    }
+    pkiDebug("%s: no pkinit san match found\n", __FUNCTION__);
+
+    if (certhosts == NULL) {
+        pkiDebug("%s: no certhosts (or we wouldn't accept them anyway)\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto out;
+    }
+
+    for (i = 0; certhosts[i] != NULL; i++) {
+        for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) {
+            pkiDebug("%s: comparing cert name '%s' with config name '%s'\n",
+                     __FUNCTION__, certhosts[i], cfghosts[j]);
+            if (strcasecmp(certhosts[i], cfghosts[j]) == 0) {
+                TRACE_PKINIT_CLIENT_SAN_MATCH_DNSNAME(context, certhosts[i]);
+                pkiDebug("%s: we have a dnsName match\n", __FUNCTION__);
+                *valid_san = 1;
+                retval = 0;
+                goto out;
+            }
+        }
+    }
+    TRACE_PKINIT_CLIENT_SAN_MATCH_NONE(context);
+    pkiDebug("%s: no dnsName san match found\n", __FUNCTION__);
+
+    /* We found no match */
+    retval = 0;
+
+out:
+    if (princs != NULL) {
+        for (i = 0; princs[i] != NULL; i++)
+            krb5_free_principal(context, princs[i]);
+        free(princs);
+    }
+    if (certhosts != NULL) {
+        for (i = 0; certhosts[i] != NULL; i++)
+            free(certhosts[i]);
+        free(certhosts);
+    }
+    if (cfghosts != NULL)
+        profile_free_list(cfghosts);
+
+    pkiDebug("%s: returning retval %d, valid_san %d, need_eku_checking %d\n",
+             __FUNCTION__, retval, *valid_san, *need_eku_checking);
+    return retval;
+}
+
+static krb5_error_code
+verify_kdc_eku(krb5_context context,
+               pkinit_context plgctx,
+               pkinit_req_context reqctx,
+               int *eku_accepted)
+{
+    krb5_error_code retval;
+
+    *eku_accepted = 0;
+
+    if (reqctx->opts->require_eku == 0) {
+        TRACE_PKINIT_CLIENT_EKU_SKIP(context);
+        pkiDebug("%s: configuration requests no EKU checking\n", __FUNCTION__);
+        *eku_accepted = 1;
+        retval = 0;
+        goto out;
+    }
+    retval = crypto_check_cert_eku(context, plgctx->cryptoctx,
+                                   reqctx->cryptoctx, reqctx->idctx,
+                                   1, /* kdc cert */
+                                   reqctx->opts->accept_secondary_eku,
+                                   eku_accepted);
+    if (retval) {
+        pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto out;
+    }
+
+out:
+    if (*eku_accepted)
+        TRACE_PKINIT_CLIENT_EKU_ACCEPT(context);
+    else
+        TRACE_PKINIT_CLIENT_EKU_REJECT(context);
+    pkiDebug("%s: returning retval %d, eku_accepted %d\n",
+             __FUNCTION__, retval, *eku_accepted);
+    return retval;
+}
+
+/*
+ * Parse PA-PK-AS-REP message. Optionally evaluates the message's
+ * certificate chain.
+ * Optionally returns various components.
+ */
+static krb5_error_code
+pkinit_as_rep_parse(krb5_context context,
+                    pkinit_context plgctx,
+                    pkinit_req_context reqctx,
+                    krb5_preauthtype pa_type,
+                    krb5_kdc_req *request,
+                    const krb5_data *as_rep,
+                    krb5_keyblock *key_block,
+                    krb5_enctype etype,
+                    krb5_data *encoded_request)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    krb5_principal kdc_princ = NULL;
+    krb5_pa_pk_as_rep *kdc_reply = NULL;
+    krb5_kdc_dh_key_info *kdc_dh = NULL;
+    krb5_reply_key_pack *key_pack = NULL;
+    krb5_data dh_data = { 0, 0, NULL };
+    unsigned char *client_key = NULL, *kdc_hostname = NULL;
+    unsigned int client_key_len = 0;
+    krb5_checksum cksum = {0, 0, 0, NULL};
+    krb5_data k5data;
+    krb5_data secret;
+    int valid_san = 0;
+    int valid_eku = 0;
+    int need_eku_checking = 1;
+
+    assert((as_rep != NULL) && (key_block != NULL));
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin((unsigned char *)as_rep->data, as_rep->length,
+                     "/tmp/client_as_rep");
+#endif
+
+    if ((retval = k5int_decode_krb5_pa_pk_as_rep(as_rep, &kdc_reply))) {
+        pkiDebug("decode_krb5_as_rep failed %d\n", retval);
+        return retval;
+    }
+
+    switch(kdc_reply->choice) {
+    case choice_pa_pk_as_rep_dhInfo:
+        pkiDebug("as_rep: DH key transport algorithm\n");
+#ifdef DEBUG_ASN1
+        print_buffer_bin(kdc_reply->u.dh_Info.dhSignedData.data,
+                         kdc_reply->u.dh_Info.dhSignedData.length, "/tmp/client_kdc_signeddata");
+#endif
+        if ((retval = cms_signeddata_verify(context, plgctx->cryptoctx,
+                                            reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_SERVER,
+                                            reqctx->opts->require_crl_checking,
+                                            (unsigned char *)
+                                            kdc_reply->u.dh_Info.dhSignedData.data,
+                                            kdc_reply->u.dh_Info.dhSignedData.length,
+                                            (unsigned char **)&dh_data.data,
+                                            &dh_data.length,
+                                            NULL, NULL, NULL)) != 0) {
+            pkiDebug("failed to verify pkcs7 signed data\n");
+            TRACE_PKINIT_CLIENT_REP_DH_FAIL(context);
+            goto cleanup;
+        }
+        TRACE_PKINIT_CLIENT_REP_DH(context);
+        break;
+    case choice_pa_pk_as_rep_encKeyPack:
+        pkiDebug("as_rep: RSA key transport algorithm\n");
+        if ((retval = cms_envelopeddata_verify(context, plgctx->cryptoctx,
+                                               reqctx->cryptoctx, reqctx->idctx, pa_type,
+                                               reqctx->opts->require_crl_checking,
+                                               (unsigned char *)
+                                               kdc_reply->u.encKeyPack.data,
+                                               kdc_reply->u.encKeyPack.length,
+                                               (unsigned char **)&dh_data.data,
+                                               &dh_data.length)) != 0) {
+            pkiDebug("failed to verify pkcs7 enveloped data\n");
+            TRACE_PKINIT_CLIENT_REP_RSA_FAIL(context);
+            goto cleanup;
+        }
+        TRACE_PKINIT_CLIENT_REP_RSA(context);
+        break;
+    default:
+        pkiDebug("unknown as_rep type %d\n", kdc_reply->choice);
+        retval = -1;
+        goto cleanup;
+    }
+    retval = krb5_build_principal_ext(context, &kdc_princ,
+                                      request->server->realm.length,
+                                      request->server->realm.data,
+                                      strlen(KRB5_TGS_NAME), KRB5_TGS_NAME,
+                                      request->server->realm.length,
+                                      request->server->realm.data,
+                                      0);
+    if (retval)
+        goto cleanup;
+    retval = verify_kdc_san(context, plgctx, reqctx, kdc_princ,
+                            &valid_san, &need_eku_checking);
+    if (retval)
+        goto cleanup;
+    if (!valid_san) {
+        pkiDebug("%s: did not find an acceptable SAN in KDC certificate\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto cleanup;
+    }
+
+    if (need_eku_checking) {
+        retval = verify_kdc_eku(context, plgctx, reqctx,
+                                &valid_eku);
+        if (retval)
+            goto cleanup;
+        if (!valid_eku) {
+            pkiDebug("%s: did not find an acceptable EKU in KDC certificate\n",
+                     __FUNCTION__);
+            retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
+            goto cleanup;
+        }
+    } else
+        pkiDebug("%s: skipping EKU check\n", __FUNCTION__);
+
+    OCTETDATA_TO_KRB5DATA(&dh_data, &k5data);
+
+    switch(kdc_reply->choice) {
+    case choice_pa_pk_as_rep_dhInfo:
+#ifdef DEBUG_ASN1
+        print_buffer_bin(dh_data.data, dh_data.length,
+                         "/tmp/client_dh_key");
+#endif
+        if ((retval = k5int_decode_krb5_kdc_dh_key_info(&k5data,
+                                                        &kdc_dh)) != 0) {
+            pkiDebug("failed to decode kdc_dh_key_info\n");
+            goto cleanup;
+        }
+
+        /* client after KDC reply */
+        if ((retval = client_process_dh(context, plgctx->cryptoctx,
+                                        reqctx->cryptoctx, reqctx->idctx,
+                                        (unsigned char *)
+                                        kdc_dh->subjectPublicKey.data,
+                                        kdc_dh->subjectPublicKey.length,
+                                        &client_key, &client_key_len)) != 0) {
+            pkiDebug("failed to process dh params\n");
+            goto cleanup;
+        }
+
+        /* If we have a KDF algorithm ID, call the algorithm agility KDF... */
+        if (kdc_reply->u.dh_Info.kdfID) {
+            secret.length = client_key_len;
+            secret.data = (char *)client_key;
+
+            retval = pkinit_alg_agility_kdf(context, &secret,
+                                            kdc_reply->u.dh_Info.kdfID,
+                                            request->client, request->server,
+                                            etype, encoded_request,
+                                            (krb5_data *)as_rep, key_block);
+
+            if (retval) {
+                pkiDebug("failed to create key pkinit_alg_agility_kdf %s\n",
+                         error_message(retval));
+                goto cleanup;
+            }
+            TRACE_PKINIT_CLIENT_KDF_ALG(context, kdc_reply->u.dh_Info.kdfID,
+                                        key_block);
+
+            /* ...otherwise, use the older octetstring2key function. */
+        } else {
+
+            retval = pkinit_octetstring2key(context, etype, client_key,
+                                            client_key_len, key_block);
+            if (retval) {
+                pkiDebug("failed to create key pkinit_octetstring2key %s\n",
+                         error_message(retval));
+                goto cleanup;
+            }
+            TRACE_PKINIT_CLIENT_KDF_OS2K(context, key_block);
+        }
+
+        break;
+    case choice_pa_pk_as_rep_encKeyPack:
+#ifdef DEBUG_ASN1
+        print_buffer_bin(dh_data.data, dh_data.length,
+                         "/tmp/client_key_pack");
+#endif
+        retval = k5int_decode_krb5_reply_key_pack(&k5data, &key_pack);
+        if (retval) {
+            pkiDebug("failed to decode reply_key_pack\n");
+            goto cleanup;
+        }
+        retval = krb5_c_make_checksum(context,
+                                      key_pack->asChecksum.checksum_type,
+                                      &key_pack->replyKey,
+                                      KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                      encoded_request, &cksum);
+        if (retval) {
+            pkiDebug("failed to make a checksum\n");
+            goto cleanup;
+        }
+
+        if ((cksum.length != key_pack->asChecksum.length) ||
+            k5_bcmp(cksum.contents, key_pack->asChecksum.contents,
+                    cksum.length) != 0) {
+            TRACE_PKINIT_CLIENT_REP_CHECKSUM_FAIL(context, &cksum,
+                                                  &key_pack->asChecksum);
+            pkiDebug("failed to match the checksums\n");
+#ifdef DEBUG_CKSUM
+            pkiDebug("calculating checksum on buf size (%d)\n",
+                     encoded_request->length);
+            print_buffer(encoded_request->data, encoded_request->length);
+            pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length);
+            print_buffer(key_pack->replyKey.contents,
+                         key_pack->replyKey.length);
+            pkiDebug("received checksum type=%d size=%d ",
+                     key_pack->asChecksum.checksum_type,
+                     key_pack->asChecksum.length);
+            print_buffer(key_pack->asChecksum.contents,
+                         key_pack->asChecksum.length);
+            pkiDebug("expected checksum type=%d size=%d ",
+                     cksum.checksum_type, cksum.length);
+            print_buffer(cksum.contents, cksum.length);
+#endif
+            goto cleanup;
+        } else
+            pkiDebug("checksums match\n");
+
+        krb5_copy_keyblock_contents(context, &key_pack->replyKey,
+                                    key_block);
+        TRACE_PKINIT_CLIENT_REP_RSA_KEY(context, key_block, &cksum);
+
+        break;
+    default:
+        pkiDebug("unknown as_rep type %d\n", kdc_reply->choice);
+        goto cleanup;
+    }
+
+    retval = 0;
+
+cleanup:
+    free(dh_data.data);
+    krb5_free_principal(context, kdc_princ);
+    free(client_key);
+    free_krb5_kdc_dh_key_info(&kdc_dh);
+    free_krb5_pa_pk_as_rep(&kdc_reply);
+
+    if (key_pack != NULL) {
+        free_krb5_reply_key_pack(&key_pack);
+        free(cksum.contents);
+    }
+
+    free(kdc_hostname);
+
+    pkiDebug("pkinit_as_rep_parse returning %d (%s)\n",
+             retval, error_message(retval));
+    return retval;
+}
+
+static void
+pkinit_client_profile(krb5_context context,
+                      pkinit_context plgctx,
+                      pkinit_req_context reqctx,
+                      krb5_clpreauth_callbacks cb,
+                      krb5_clpreauth_rock rock,
+                      const krb5_data *realm)
+{
+    const char *configured_identity;
+    char *eku_string = NULL;
+
+    pkiDebug("pkinit_client_profile %p %p %p %p\n",
+             context, plgctx, reqctx, realm);
+
+    pkinit_libdefault_boolean(context, realm,
+                              KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
+                              reqctx->opts->require_crl_checking,
+                              &reqctx->opts->require_crl_checking);
+    pkinit_libdefault_integer(context, realm,
+                              KRB5_CONF_PKINIT_DH_MIN_BITS,
+                              reqctx->opts->dh_size,
+                              &reqctx->opts->dh_size);
+    if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048
+        && reqctx->opts->dh_size != 4096) {
+        pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
+                 "using default value (%d) instead\n", __FUNCTION__,
+                 reqctx->opts->dh_size, PKINIT_DEFAULT_DH_MIN_BITS);
+        reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
+    }
+    pkinit_libdefault_string(context, realm,
+                             KRB5_CONF_PKINIT_EKU_CHECKING,
+                             &eku_string);
+    if (eku_string != NULL) {
+        if (strcasecmp(eku_string, "kpKDC") == 0) {
+            reqctx->opts->require_eku = 1;
+            reqctx->opts->accept_secondary_eku = 0;
+        } else if (strcasecmp(eku_string, "kpServerAuth") == 0) {
+            reqctx->opts->require_eku = 1;
+            reqctx->opts->accept_secondary_eku = 1;
+        } else if (strcasecmp(eku_string, "none") == 0) {
+            reqctx->opts->require_eku = 0;
+            reqctx->opts->accept_secondary_eku = 0;
+        } else {
+            pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
+                     __FUNCTION__, eku_string);
+        }
+        free(eku_string);
+    }
+
+    /* Only process anchors here if they were not specified on command line */
+    if (reqctx->idopts->anchors == NULL)
+        pkinit_libdefault_strings(context, realm,
+                                  KRB5_CONF_PKINIT_ANCHORS,
+                                  &reqctx->idopts->anchors);
+    pkinit_libdefault_strings(context, realm,
+                              KRB5_CONF_PKINIT_POOL,
+                              &reqctx->idopts->intermediates);
+    pkinit_libdefault_strings(context, realm,
+                              KRB5_CONF_PKINIT_REVOKE,
+                              &reqctx->idopts->crls);
+    pkinit_libdefault_strings(context, realm,
+                              KRB5_CONF_PKINIT_IDENTITIES,
+                              &reqctx->idopts->identity_alt);
+    reqctx->do_identity_matching = TRUE;
+
+    /* If we had a primary identity in the stored configuration, pick it up. */
+    configured_identity = cb->get_cc_config(context, rock,
+                                            "X509_user_identity");
+    if (configured_identity != NULL) {
+        free(reqctx->idopts->identity);
+        reqctx->idopts->identity = strdup(configured_identity);
+        reqctx->do_identity_matching = FALSE;
+    }
+}
+
+/*
+ * Convert a PKCS11 token flags value to the subset that we're interested in
+ * passing along to our API callers.
+ */
+static long long
+pkinit_client_get_token_flags(unsigned long pkcs11_token_flags)
+{
+    long long flags = 0;
+
+    if (pkcs11_token_flags & CKF_USER_PIN_COUNT_LOW)
+        flags |= KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW;
+    if (pkcs11_token_flags & CKF_USER_PIN_FINAL_TRY)
+        flags |= KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY;
+    if (pkcs11_token_flags & CKF_USER_PIN_LOCKED)
+        flags |= KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED;
+    return flags;
+}
+
+/*
+ * Phase one of loading client identity information - call
+ * identity_initialize() to load any identities which we can without requiring
+ * help from the calling user, and use their names of those which we can't load
+ * to construct the challenge for the responder callback.
+ */
+static krb5_error_code
+pkinit_client_prep_questions(krb5_context context,
+                             krb5_clpreauth_moddata moddata,
+                             krb5_clpreauth_modreq modreq,
+                             krb5_get_init_creds_opt *opt,
+                             krb5_clpreauth_callbacks cb,
+                             krb5_clpreauth_rock rock,
+                             krb5_kdc_req *request,
+                             krb5_data *encoded_request_body,
+                             krb5_data *encoded_previous_request,
+                             krb5_pa_data *pa_data)
+{
+    krb5_error_code retval;
+    pkinit_context plgctx = (pkinit_context)moddata;
+    pkinit_req_context reqctx = (pkinit_req_context)modreq;
+    int i, n;
+    const pkinit_deferred_id *deferred_ids;
+    const char *identity;
+    unsigned long ck_flags;
+    char *encoded;
+    k5_json_object jval = NULL;
+    k5_json_number jflag = NULL;
+
+    /* Don't ask questions for the informational padata items or when the
+     * ticket is issued. */
+    if (pa_data->pa_type != KRB5_PADATA_PK_AS_REQ)
+        return 0;
+
+    if (!reqctx->identity_initialized) {
+        pkinit_client_profile(context, plgctx, reqctx, cb, rock,
+                              &request->server->realm);
+        retval = pkinit_identity_initialize(context, plgctx->cryptoctx,
+                                            reqctx->cryptoctx, reqctx->idopts,
+                                            reqctx->idctx, cb, rock,
+                                            request->client);
+        if (retval != 0) {
+            TRACE_PKINIT_CLIENT_NO_IDENTITY(context);
+            pkiDebug("pkinit_identity_initialize returned %d (%s)\n",
+                     retval, error_message(retval));
+        }
+
+        reqctx->identity_initialized = TRUE;
+        if (retval != 0) {
+            pkiDebug("%s: not asking responder question\n", __FUNCTION__);
+            retval = 0;
+            goto cleanup;
+        }
+    }
+
+    deferred_ids = crypto_get_deferred_ids(context, reqctx->idctx);
+    for (i = 0; deferred_ids != NULL && deferred_ids[i] != NULL; i++)
+        continue;
+    n = i;
+
+    /* Make sure we don't just return an empty challenge. */
+    if (n == 0) {
+        pkiDebug("%s: no questions to ask\n", __FUNCTION__);
+        retval = 0;
+        goto cleanup;
+    }
+
+    /* Create the top-level object. */
+    retval = k5_json_object_create(&jval);
+    if (retval != 0)
+        goto cleanup;
+
+    for (i = 0; i < n; i++) {
+        /* Add an entry to the top-level object for the identity. */
+        identity = deferred_ids[i]->identity;
+        ck_flags = deferred_ids[i]->ck_flags;
+        /* Calculate the flags value for the bits that that we care about. */
+        retval = k5_json_number_create(pkinit_client_get_token_flags(ck_flags),
+                                       &jflag);
+        if (retval != 0)
+            goto cleanup;
+        retval = k5_json_object_set(jval, identity, jflag);
+        if (retval != 0)
+            goto cleanup;
+        k5_json_release(jflag);
+        jflag = NULL;
+    }
+
+    /* Encode and done. */
+    retval = k5_json_encode(jval, &encoded);
+    if (retval == 0) {
+        cb->ask_responder_question(context, rock,
+                                   KRB5_RESPONDER_QUESTION_PKINIT,
+                                   encoded);
+        pkiDebug("%s: asking question '%s'\n", __FUNCTION__, encoded);
+        free(encoded);
+    }
+
+cleanup:
+    k5_json_release(jval);
+    k5_json_release(jflag);
+
+    pkiDebug("%s returning %d\n", __FUNCTION__, retval);
+
+    return retval;
+}
+
+/*
+ * Parse data supplied by the application's responder callback, saving off any
+ * PINs and passwords for identities which we noted needed them.
+ */
+struct save_one_password_data {
+    krb5_context context;
+    krb5_clpreauth_modreq modreq;
+    const char *caller;
+};
+
+static void
+save_one_password(void *arg, const char *key, k5_json_value val)
+{
+    struct save_one_password_data *data = arg;
+    pkinit_req_context reqctx = (pkinit_req_context)data->modreq;
+    const char *password;
+
+    if (k5_json_get_tid(val) == K5_JSON_TID_STRING) {
+        password = k5_json_string_utf8(val);
+        pkiDebug("%s: \"%s\": %p\n", data->caller, key, password);
+        crypto_set_deferred_id(data->context, reqctx->idctx, key, password);
+    }
+}
+
+static krb5_error_code
+pkinit_client_parse_answers(krb5_context context,
+                            krb5_clpreauth_moddata moddata,
+                            krb5_clpreauth_modreq modreq,
+                            krb5_clpreauth_callbacks cb,
+                            krb5_clpreauth_rock rock)
+{
+    krb5_error_code retval;
+    const char *encoded;
+    k5_json_value jval;
+    struct save_one_password_data data;
+
+    data.context = context;
+    data.modreq = modreq;
+    data.caller = __FUNCTION__;
+
+    encoded = cb->get_responder_answer(context, rock,
+                                       KRB5_RESPONDER_QUESTION_PKINIT);
+    if (encoded == NULL)
+        return 0;
+
+    pkiDebug("pkinit_client_parse_answers: %s\n", encoded);
+
+    retval = k5_json_decode(encoded, &jval);
+    if (retval != 0)
+        goto cleanup;
+
+    /* Expect that the top-level answer is an object. */
+    if (k5_json_get_tid(jval) != K5_JSON_TID_OBJECT) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    /* Store the passed-in per-identity passwords. */
+    k5_json_object_iterate(jval, &save_one_password, &data);
+    retval = 0;
+
+cleanup:
+    if (jval != NULL)
+        k5_json_release(jval);
+    return retval;
+}
+
+static krb5_error_code
+pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata,
+                      krb5_clpreauth_modreq modreq,
+                      krb5_get_init_creds_opt *gic_opt,
+                      krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                      krb5_kdc_req *request, krb5_data *encoded_request_body,
+                      krb5_data *encoded_previous_request,
+                      krb5_pa_data *in_padata,
+                      krb5_prompter_fct prompter, void *prompter_data,
+                      krb5_pa_data ***out_padata)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    krb5_enctype enctype = -1;
+    int processing_request = 0;
+    pkinit_context plgctx = (pkinit_context)moddata;
+    pkinit_req_context reqctx = (pkinit_req_context)modreq;
+    krb5_keyblock as_key;
+    krb5_data d;
+
+    pkiDebug("pkinit_client_process %p %p %p %p\n",
+             context, plgctx, reqctx, request);
+
+
+    if (plgctx == NULL || reqctx == NULL)
+        return EINVAL;
+
+    switch ((int) in_padata->pa_type) {
+    case KRB5_PADATA_PKINIT_KX:
+        reqctx->rfc6112_kdc = 1;
+        return 0;
+    case KRB5_PADATA_AS_FRESHNESS:
+        TRACE_PKINIT_CLIENT_FRESHNESS_TOKEN(context);
+        krb5_free_data(context, reqctx->freshness_token);
+        reqctx->freshness_token = NULL;
+        d = make_data(in_padata->contents, in_padata->length);
+        return krb5_copy_data(context, &d, &reqctx->freshness_token);
+    case KRB5_PADATA_PK_AS_REQ:
+        pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
+        processing_request = 1;
+        break;
+
+    case KRB5_PADATA_PK_AS_REP:
+        pkiDebug("processing KRB5_PADATA_PK_AS_REP\n");
+        break;
+    default:
+        pkiDebug("unrecognized patype = %d for PKINIT\n",
+                 in_padata->pa_type);
+        return EINVAL;
+    }
+
+    if (processing_request) {
+        if (reqctx->idopts->anchors == NULL) {
+            krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                                   _("No pkinit_anchors supplied"));
+            return KRB5_PREAUTH_FAILED;
+        }
+        /* Pull in PINs and passwords for identities which we deferred
+         * loading earlier. */
+        retval = pkinit_client_parse_answers(context, moddata, modreq,
+                                             cb, rock);
+        if (retval) {
+            if (retval == KRB5KRB_ERR_GENERIC)
+                pkiDebug("pkinit responder answers were invalid\n");
+            return retval;
+        }
+        if (!reqctx->identity_prompted) {
+            reqctx->identity_prompted = TRUE;
+            /*
+             * Load identities (again, potentially), prompting, if we can, for
+             * anything for which we didn't get an answer from the responder
+             * callback.
+             */
+            pkinit_identity_set_prompter(reqctx->idctx, prompter,
+                                         prompter_data);
+            retval = pkinit_identity_prompt(context, plgctx->cryptoctx,
+                                            reqctx->cryptoctx, reqctx->idopts,
+                                            reqctx->idctx, cb, rock,
+                                            reqctx->do_identity_matching,
+                                            request->client);
+            pkinit_identity_set_prompter(reqctx->idctx, NULL, NULL);
+            reqctx->identity_prompt_retval = retval;
+            if (retval) {
+                TRACE_PKINIT_CLIENT_NO_IDENTITY(context);
+                pkiDebug("pkinit_identity_prompt returned %d (%s)\n",
+                         retval, error_message(retval));
+                return retval;
+            }
+        } else if (reqctx->identity_prompt_retval) {
+            retval = reqctx->identity_prompt_retval;
+            TRACE_PKINIT_CLIENT_NO_IDENTITY(context);
+            pkiDebug("pkinit_identity_prompt previously returned %d (%s)\n",
+                     retval, error_message(retval));
+            return retval;
+        }
+        retval = pa_pkinit_gen_req(context, plgctx, reqctx, cb, rock, request,
+                                   in_padata->pa_type, out_padata, prompter,
+                                   prompter_data, gic_opt);
+    } else {
+        /*
+         * Get the enctype of the reply.
+         */
+        enctype = cb->get_etype(context, rock);
+        retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request,
+                                     in_padata, enctype, &as_key,
+                                     encoded_previous_request);
+        if (retval == 0) {
+            retval = cb->set_as_key(context, rock, &as_key);
+            krb5_free_keyblock_contents(context, &as_key);
+        }
+    }
+
+    pkiDebug("pkinit_client_process: returning %d (%s)\n",
+             retval, error_message(retval));
+    return retval;
+}
+
+static krb5_error_code
+pkinit_client_tryagain(krb5_context context, krb5_clpreauth_moddata moddata,
+                       krb5_clpreauth_modreq modreq,
+                       krb5_get_init_creds_opt *gic_opt,
+                       krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                       krb5_kdc_req *request, krb5_data *encoded_request_body,
+                       krb5_data *encoded_previous_request,
+                       krb5_preauthtype pa_type, krb5_error *err_reply,
+                       krb5_pa_data **err_padata, krb5_prompter_fct prompter,
+                       void *prompter_data, krb5_pa_data ***out_padata)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    pkinit_context plgctx = (pkinit_context)moddata;
+    pkinit_req_context reqctx = (pkinit_req_context)modreq;
+    krb5_pa_data *pa;
+    krb5_data scratch;
+    krb5_external_principal_identifier **certifiers = NULL;
+    krb5_algorithm_identifier **algId = NULL;
+    int do_again = 0;
+
+    pkiDebug("pkinit_client_tryagain %p %p %p %p\n",
+             context, plgctx, reqctx, request);
+
+    if (reqctx->pa_type != pa_type || err_padata == NULL)
+        return retval;
+
+    for (; *err_padata != NULL && !do_again; err_padata++) {
+        pa = *err_padata;
+        PADATA_TO_KRB5DATA(pa, &scratch);
+        switch (pa->pa_type) {
+        case TD_TRUSTED_CERTIFIERS:
+        case TD_INVALID_CERTIFICATES:
+            retval = k5int_decode_krb5_td_trusted_certifiers(&scratch,
+                                                             &certifiers);
+            if (retval) {
+                pkiDebug("failed to decode sequence of trusted certifiers\n");
+                goto cleanup;
+            }
+            retval = pkinit_process_td_trusted_certifiers(context,
+                                                          plgctx->cryptoctx,
+                                                          reqctx->cryptoctx,
+                                                          reqctx->idctx,
+                                                          certifiers,
+                                                          pa->pa_type);
+            if (!retval)
+                do_again = 1;
+            break;
+        case TD_DH_PARAMETERS:
+            retval = k5int_decode_krb5_td_dh_parameters(&scratch, &algId);
+            if (retval) {
+                pkiDebug("failed to decode td_dh_parameters\n");
+                goto cleanup;
+            }
+            retval = pkinit_process_td_dh_params(context, plgctx->cryptoctx,
+                                                 reqctx->cryptoctx,
+                                                 reqctx->idctx, algId,
+                                                 &reqctx->opts->dh_size);
+            if (!retval)
+                do_again = 1;
+            break;
+        default:
+            break;
+        }
+    }
+
+    if (do_again) {
+        TRACE_PKINIT_CLIENT_TRYAGAIN(context);
+        retval = pa_pkinit_gen_req(context, plgctx, reqctx, cb, rock, request,
+                                   pa_type, out_padata, prompter,
+                                   prompter_data, gic_opt);
+        if (retval)
+            goto cleanup;
+    }
+
+    retval = 0;
+cleanup:
+    if (certifiers != NULL)
+        free_krb5_external_principal_identifier(&certifiers);
+
+    if (algId != NULL)
+        free_krb5_algorithm_identifiers(&algId);
+
+    pkiDebug("pkinit_client_tryagain: returning %d (%s)\n",
+             retval, error_message(retval));
+    return retval;
+}
+
+static int
+pkinit_client_get_flags(krb5_context kcontext, krb5_preauthtype patype)
+{
+    if (patype == KRB5_PADATA_PKINIT_KX || patype == KRB5_PADATA_AS_FRESHNESS)
+        return PA_INFO;
+    return PA_REAL;
+}
+
+/*
+ * We want to be notified about KRB5_PADATA_PKINIT_KX in addition to the actual
+ * pkinit patypes because RFC 6112 requires anonymous KDCs to send it. We use
+ * that to determine whether to use the broken MIT 1.9 behavior of sending
+ * ContentInfo rather than SignedData or the RFC 6112 behavior
+ */
+static krb5_preauthtype supported_client_pa_types[] = {
+    KRB5_PADATA_PK_AS_REP,
+    KRB5_PADATA_PK_AS_REQ,
+    KRB5_PADATA_PKINIT_KX,
+    KRB5_PADATA_AS_FRESHNESS,
+    0
+};
+
+static void
+pkinit_client_req_init(krb5_context context,
+                       krb5_clpreauth_moddata moddata,
+                       krb5_clpreauth_modreq *modreq_out)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_req_context reqctx = NULL;
+    pkinit_context plgctx = (pkinit_context)moddata;
+
+    *modreq_out = NULL;
+
+    reqctx = malloc(sizeof(*reqctx));
+    if (reqctx == NULL)
+        return;
+    memset(reqctx, 0, sizeof(*reqctx));
+
+    reqctx->magic = PKINIT_REQ_CTX_MAGIC;
+    reqctx->cryptoctx = NULL;
+    reqctx->opts = NULL;
+    reqctx->idctx = NULL;
+    reqctx->idopts = NULL;
+    reqctx->freshness_token = NULL;
+
+    retval = pkinit_init_req_opts(&reqctx->opts);
+    if (retval)
+        goto cleanup;
+
+    reqctx->opts->require_eku = plgctx->opts->require_eku;
+    reqctx->opts->accept_secondary_eku = plgctx->opts->accept_secondary_eku;
+    reqctx->opts->dh_or_rsa = plgctx->opts->dh_or_rsa;
+    reqctx->opts->allow_upn = plgctx->opts->allow_upn;
+    reqctx->opts->require_crl_checking = plgctx->opts->require_crl_checking;
+    reqctx->opts->disable_freshness = plgctx->opts->disable_freshness;
+
+    retval = pkinit_init_req_crypto(&reqctx->cryptoctx);
+    if (retval)
+        goto cleanup;
+
+    retval = pkinit_init_identity_crypto(&reqctx->idctx);
+    if (retval)
+        goto cleanup;
+
+    retval = pkinit_dup_identity_opts(plgctx->idopts, &reqctx->idopts);
+    if (retval)
+        goto cleanup;
+
+    *modreq_out = (krb5_clpreauth_modreq)reqctx;
+    pkiDebug("%s: returning reqctx at %p\n", __FUNCTION__, reqctx);
+
+cleanup:
+    if (retval) {
+        if (reqctx->idctx != NULL)
+            pkinit_fini_identity_crypto(reqctx->idctx);
+        if (reqctx->cryptoctx != NULL)
+            pkinit_fini_req_crypto(reqctx->cryptoctx);
+        if (reqctx->opts != NULL)
+            pkinit_fini_req_opts(reqctx->opts);
+        if (reqctx->idopts != NULL)
+            pkinit_fini_identity_opts(reqctx->idopts);
+        free(reqctx);
+    }
+
+    return;
+}
+
+static void
+pkinit_client_req_fini(krb5_context context, krb5_clpreauth_moddata moddata,
+                       krb5_clpreauth_modreq modreq)
+{
+    pkinit_req_context reqctx = (pkinit_req_context)modreq;
+
+    pkiDebug("%s: received reqctx at %p\n", __FUNCTION__, reqctx);
+    if (reqctx == NULL)
+        return;
+    if (reqctx->magic != PKINIT_REQ_CTX_MAGIC) {
+        pkiDebug("%s: Bad magic value (%x) in req ctx\n",
+                 __FUNCTION__, reqctx->magic);
+        return;
+    }
+    if (reqctx->opts != NULL)
+        pkinit_fini_req_opts(reqctx->opts);
+
+    if (reqctx->cryptoctx != NULL)
+        pkinit_fini_req_crypto(reqctx->cryptoctx);
+
+    if (reqctx->idctx != NULL)
+        pkinit_fini_identity_crypto(reqctx->idctx);
+
+    if (reqctx->idopts != NULL)
+        pkinit_fini_identity_opts(reqctx->idopts);
+
+    krb5_free_data(context, reqctx->freshness_token);
+
+    free(reqctx);
+    return;
+}
+
+static int
+pkinit_client_plugin_init(krb5_context context,
+                          krb5_clpreauth_moddata *moddata_out)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_context ctx = NULL;
+
+    ctx = calloc(1, sizeof(*ctx));
+    if (ctx == NULL)
+        return ENOMEM;
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->magic = PKINIT_CTX_MAGIC;
+    ctx->opts = NULL;
+    ctx->cryptoctx = NULL;
+    ctx->idopts = NULL;
+
+    retval = pkinit_accessor_init();
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_plg_opts(&ctx->opts);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_plg_crypto(&ctx->cryptoctx);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_identity_opts(&ctx->idopts);
+    if (retval)
+        goto errout;
+
+    *moddata_out = (krb5_clpreauth_moddata)ctx;
+
+    pkiDebug("%s: returning plgctx at %p\n", __FUNCTION__, ctx);
+
+errout:
+    if (retval)
+        pkinit_client_plugin_fini(context, (krb5_clpreauth_moddata)ctx);
+
+    return retval;
+}
+
+static void
+pkinit_client_plugin_fini(krb5_context context, krb5_clpreauth_moddata moddata)
+{
+    pkinit_context ctx = (pkinit_context)moddata;
+
+    if (ctx == NULL || ctx->magic != PKINIT_CTX_MAGIC) {
+        pkiDebug("pkinit_lib_fini: got bad plgctx (%p)!\n", ctx);
+        return;
+    }
+    pkiDebug("%s: got plgctx at %p\n", __FUNCTION__, ctx);
+
+    pkinit_fini_identity_opts(ctx->idopts);
+    pkinit_fini_plg_crypto(ctx->cryptoctx);
+    pkinit_fini_plg_opts(ctx->opts);
+    free(ctx);
+
+}
+
+static krb5_error_code
+add_string_to_array(krb5_context context, char ***array, const char *addition)
+{
+    char **a = *array;
+    size_t len;
+
+    for (len = 0; a != NULL && a[len] != NULL; len++);
+    a = realloc(a, (len + 2) * sizeof(char *));
+    if (a == NULL)
+        return ENOMEM;
+    *array = a;
+    a[len] = strdup(addition);
+    if (a[len] == NULL)
+        return ENOMEM;
+    a[len + 1] = NULL;
+    return 0;
+}
+
+static krb5_error_code
+handle_gic_opt(krb5_context context,
+               pkinit_context plgctx,
+               const char *attr,
+               const char *value)
+{
+    krb5_error_code retval;
+
+    if (strcmp(attr, "X509_user_identity") == 0) {
+        if (plgctx->idopts->identity != NULL) {
+            krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                                   "X509_user_identity can not be given twice\n");
+            return KRB5_PREAUTH_FAILED;
+        }
+        plgctx->idopts->identity = strdup(value);
+        if (plgctx->idopts->identity == NULL) {
+            krb5_set_error_message(context, ENOMEM,
+                                   "Could not duplicate X509_user_identity value\n");
+            return ENOMEM;
+        }
+    } else if (strcmp(attr, "X509_anchors") == 0) {
+        retval = add_string_to_array(context, &plgctx->idopts->anchors, value);
+        if (retval)
+            return retval;
+    } else if (strcmp(attr, "flag_RSA_PROTOCOL") == 0) {
+        if (strcmp(value, "yes") == 0) {
+            pkiDebug("Setting flag to use RSA_PROTOCOL\n");
+            plgctx->opts->dh_or_rsa = RSA_PROTOCOL;
+        }
+    } else if (strcmp(attr, "disable_freshness") == 0) {
+        if (strcmp(value, "yes") == 0)
+            plgctx->opts->disable_freshness = 1;
+    }
+    return 0;
+}
+
+static krb5_error_code
+pkinit_client_gic_opt(krb5_context context, krb5_clpreauth_moddata moddata,
+                      krb5_get_init_creds_opt *gic_opt,
+                      const char *attr,
+                      const char *value)
+{
+    krb5_error_code retval;
+    pkinit_context plgctx = (pkinit_context)moddata;
+
+    pkiDebug("(pkinit) received '%s' = '%s'\n", attr, value);
+    retval = handle_gic_opt(context, plgctx, attr, value);
+    if (retval)
+        return retval;
+
+    return 0;
+}
+
+krb5_error_code
+clpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+                        krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+                        krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "pkinit";
+    vt->pa_type_list = supported_client_pa_types;
+    vt->init = pkinit_client_plugin_init;
+    vt->fini = pkinit_client_plugin_fini;
+    vt->flags = pkinit_client_get_flags;
+    vt->request_init = pkinit_client_req_init;
+    vt->prep_questions = pkinit_client_prep_questions;
+    vt->request_fini = pkinit_client_req_fini;
+    vt->process = pkinit_client_process;
+    vt->tryagain = pkinit_client_tryagain;
+    vt->gic_opts = pkinit_client_gic_opt;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_constants.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_constants.c
new file mode 100644
index 00000000..1da482e0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_constants.c
@@ -0,0 +1,325 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/pkinit/pkinit_constants.c */
+/*
+ * Copyright (C) 2011,2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "pkinit.h"
+
+/* RFC 8636 id-pkinit-kdf-ah-sha1: iso(1) identified-organization(3) dod(6)
+ * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha1(1) */
+static char sha1_oid[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x01 };
+/* RFC 8636 id-pkinit-kdf-ah-sha256: iso(1) identified-organization(3) dod(6)
+ * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha256(2) */
+static char sha256_oid[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x02 };
+/* RFC 8636 id-pkinit-kdf-ah-sha512: iso(1) identified-organization(3) dod(6)
+ * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha512(3) */
+static char sha512_oid[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x03 };
+
+const krb5_data sha1_id = { KV5M_DATA, sizeof(sha1_oid), sha1_oid };
+const krb5_data sha256_id = { KV5M_DATA, sizeof(sha256_oid), sha256_oid };
+const krb5_data sha512_id = { KV5M_DATA, sizeof(sha512_oid), sha512_oid };
+
+krb5_data const * const supported_kdf_alg_ids[] = {
+    &sha256_id,
+    &sha1_id,
+    &sha512_id,
+    NULL
+};
+
+/* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840)
+ * rsadsi(113549) pkcs(1) 1 11 */
+static char sha256WithRSAEncr_oid[9] = {
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b
+};
+/* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840)
+ * rsadsi(113549) pkcs(1) 1 13 */
+static char sha512WithRSAEncr_oid[9] = {
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d
+};
+
+const krb5_data sha256WithRSAEncr_id = {
+    KV5M_DATA, sizeof(sha256WithRSAEncr_oid), sha256WithRSAEncr_oid
+};
+const krb5_data sha512WithRSAEncr_id = {
+    KV5M_DATA, sizeof(sha512WithRSAEncr_oid), sha512WithRSAEncr_oid
+};
+
+krb5_data const * const supported_cms_algs[] = {
+    &sha512WithRSAEncr_id,
+    &sha256WithRSAEncr_id,
+    NULL
+};
+
+/* RFC 2412 section E.2 (well-known group 2) parameters, DER-encoded as
+ * DomainParameters (RFC 3279 section 2.3.3). */
+static const uint8_t o1024[] = {
+    0x30, 0x82, 0x01, 0x0A, 0x02, 0x81, 0x81, 0x00,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0x02, 0x01, 0x02, 0x02, 0x81, 0x80, 0x7F, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE4, 0x87,
+    0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A, 0x62, 0x63,
+    0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68, 0x94, 0x81,
+    0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A, 0x01, 0x05,
+    0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91, 0x28, 0xA5,
+    0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E, 0xF7, 0xCA,
+    0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D, 0x98, 0x15,
+    0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B, 0xA7, 0xF0,
+    0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22, 0xF2, 0x42,
+    0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63, 0x7A, 0x26,
+    0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5, 0x85, 0xFF,
+    0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6, 0xF7, 0x1C,
+    0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2, 0xD7, 0x4F,
+    0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3, 0x24, 0x94,
+    0x33, 0x28, 0xF6, 0x73, 0x29, 0xC0, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+/* RFC 3526 section 3 (2048-bit MODP Group), RFC 3279 encoding */
+static const uint8_t o2048[] = {
+    0x30, 0x82, 0x02, 0x0C, 0x02, 0x82, 0x01, 0x01,
+    0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2,
+    0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C,
+    0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC,
+    0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B,
+    0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04,
+    0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43,
+    0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
+    0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2,
+    0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E,
+    0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED,
+    0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7,
+    0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F,
+    0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F,
+    0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B,
+    0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF,
+    0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
+    0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
+    0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD,
+    0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52,
+    0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96,
+    0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98,
+    0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21,
+    0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE,
+    0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86,
+    0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
+    0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52,
+    0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17,
+    0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A,
+    0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05,
+    0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA,
+    0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x02, 0x01, 0x02, 0x02, 0x82, 0x01, 0x00,
+    0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
+    0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
+    0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
+    0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
+    0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
+    0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
+    0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
+    0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
+    0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
+    0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
+    0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
+    0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
+    0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
+    0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
+    0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
+    0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
+    0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
+    0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
+    0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
+    0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
+    0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
+    0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
+    0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
+    0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
+    0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
+    0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
+    0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
+    0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
+    0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
+    0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x56, 0x55, 0x34,
+    0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+/* RFC 3526 section 5 (4096-bit MODP Group), RFC 3279 encoding */
+static const uint8_t o4096[] = {
+    0x30, 0x82, 0x04, 0x0C, 0x02, 0x82, 0x02, 0x01,
+    0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2,
+    0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C,
+    0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC,
+    0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B,
+    0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04,
+    0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43,
+    0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14,
+    0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2,
+    0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E,
+    0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED,
+    0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7,
+    0xED, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F,
+    0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F,
+    0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B,
+    0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF,
+    0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3,
+    0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF,
+    0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD,
+    0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52,
+    0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96,
+    0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98,
+    0x04, 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21,
+    0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE,
+    0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86,
+    0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2,
+    0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52,
+    0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17,
+    0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A,
+    0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05,
+    0x10, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4,
+    0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A,
+    0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA,
+    0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF,
+    0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C,
+    0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4,
+    0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33,
+    0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61,
+    0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE,
+    0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08,
+    0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A,
+    0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20,
+    0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D,
+    0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46,
+    0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB,
+    0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10,
+    0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08,
+    0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6,
+    0xD7, 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B,
+    0x26, 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2,
+    0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B,
+    0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C,
+    0xE8, 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E,
+    0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA,
+    0xA6, 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0,
+    0x5D, 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3,
+    0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7,
+    0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7,
+    0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48,
+    0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A,
+    0xA9, 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD,
+    0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0,
+    0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31,
+    0x99, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x02, 0x01, 0x02, 0x02, 0x82, 0x02, 0x00,
+    0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE4, 0x87, 0xED, 0x51, 0x10, 0xB4, 0x61, 0x1A,
+    0x62, 0x63, 0x31, 0x45, 0xC0, 0x6E, 0x0E, 0x68,
+    0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xE6, 0x3A,
+    0x01, 0x05, 0xDF, 0x53, 0x1D, 0x89, 0xCD, 0x91,
+    0x28, 0xA5, 0x04, 0x3C, 0xC7, 0x1A, 0x02, 0x6E,
+    0xF7, 0xCA, 0x8C, 0xD9, 0xE6, 0x9D, 0x21, 0x8D,
+    0x98, 0x15, 0x85, 0x36, 0xF9, 0x2F, 0x8A, 0x1B,
+    0xA7, 0xF0, 0x9A, 0xB6, 0xB6, 0xA8, 0xE1, 0x22,
+    0xF2, 0x42, 0xDA, 0xBB, 0x31, 0x2F, 0x3F, 0x63,
+    0x7A, 0x26, 0x21, 0x74, 0xD3, 0x1B, 0xF6, 0xB5,
+    0x85, 0xFF, 0xAE, 0x5B, 0x7A, 0x03, 0x5B, 0xF6,
+    0xF7, 0x1C, 0x35, 0xFD, 0xAD, 0x44, 0xCF, 0xD2,
+    0xD7, 0x4F, 0x92, 0x08, 0xBE, 0x25, 0x8F, 0xF3,
+    0x24, 0x94, 0x33, 0x28, 0xF6, 0x72, 0x2D, 0x9E,
+    0xE1, 0x00, 0x3E, 0x5C, 0x50, 0xB1, 0xDF, 0x82,
+    0xCC, 0x6D, 0x24, 0x1B, 0x0E, 0x2A, 0xE9, 0xCD,
+    0x34, 0x8B, 0x1F, 0xD4, 0x7E, 0x92, 0x67, 0xAF,
+    0xC1, 0xB2, 0xAE, 0x91, 0xEE, 0x51, 0xD6, 0xCB,
+    0x0E, 0x31, 0x79, 0xAB, 0x10, 0x42, 0xA9, 0x5D,
+    0xCF, 0x6A, 0x94, 0x83, 0xB8, 0x4B, 0x4B, 0x36,
+    0xB3, 0x86, 0x1A, 0xA7, 0x25, 0x5E, 0x4C, 0x02,
+    0x78, 0xBA, 0x36, 0x04, 0x65, 0x0C, 0x10, 0xBE,
+    0x19, 0x48, 0x2F, 0x23, 0x17, 0x1B, 0x67, 0x1D,
+    0xF1, 0xCF, 0x3B, 0x96, 0x0C, 0x07, 0x43, 0x01,
+    0xCD, 0x93, 0xC1, 0xD1, 0x76, 0x03, 0xD1, 0x47,
+    0xDA, 0xE2, 0xAE, 0xF8, 0x37, 0xA6, 0x29, 0x64,
+    0xEF, 0x15, 0xE5, 0xFB, 0x4A, 0xAC, 0x0B, 0x8C,
+    0x1C, 0xCA, 0xA4, 0xBE, 0x75, 0x4A, 0xB5, 0x72,
+    0x8A, 0xE9, 0x13, 0x0C, 0x4C, 0x7D, 0x02, 0x88,
+    0x0A, 0xB9, 0x47, 0x2D, 0x45, 0x55, 0x62, 0x16,
+    0xD6, 0x99, 0x8B, 0x86, 0x82, 0x28, 0x3D, 0x19,
+    0xD4, 0x2A, 0x90, 0xD5, 0xEF, 0x8E, 0x5D, 0x32,
+    0x76, 0x7D, 0xC2, 0x82, 0x2C, 0x6D, 0xF7, 0x85,
+    0x45, 0x75, 0x38, 0xAB, 0xAE, 0x83, 0x06, 0x3E,
+    0xD9, 0xCB, 0x87, 0xC2, 0xD3, 0x70, 0xF2, 0x63,
+    0xD5, 0xFA, 0xD7, 0x46, 0x6D, 0x84, 0x99, 0xEB,
+    0x8F, 0x46, 0x4A, 0x70, 0x25, 0x12, 0xB0, 0xCE,
+    0xE7, 0x71, 0xE9, 0x13, 0x0D, 0x69, 0x77, 0x35,
+    0xF8, 0x97, 0xFD, 0x03, 0x6C, 0xC5, 0x04, 0x32,
+    0x6C, 0x3B, 0x01, 0x39, 0x9F, 0x64, 0x35, 0x32,
+    0x29, 0x0F, 0x95, 0x8C, 0x0B, 0xBD, 0x90, 0x06,
+    0x5D, 0xF0, 0x8B, 0xAB, 0xBD, 0x30, 0xAE, 0xB6,
+    0x3B, 0x84, 0xC4, 0x60, 0x5D, 0x6C, 0xA3, 0x71,
+    0x04, 0x71, 0x27, 0xD0, 0x3A, 0x72, 0xD5, 0x98,
+    0xA1, 0xED, 0xAD, 0xFE, 0x70, 0x7E, 0x88, 0x47,
+    0x25, 0xC1, 0x68, 0x90, 0x54, 0x90, 0x84, 0x00,
+    0x8D, 0x39, 0x1E, 0x09, 0x53, 0xC3, 0xF3, 0x6B,
+    0xC4, 0x38, 0xCD, 0x08, 0x5E, 0xDD, 0x2D, 0x93,
+    0x4C, 0xE1, 0x93, 0x8C, 0x35, 0x7A, 0x71, 0x1E,
+    0x0D, 0x4A, 0x34, 0x1A, 0x5B, 0x0A, 0x85, 0xED,
+    0x12, 0xC1, 0xF4, 0xE5, 0x15, 0x6A, 0x26, 0x74,
+    0x6D, 0xDD, 0xE1, 0x6D, 0x82, 0x6F, 0x47, 0x7C,
+    0x97, 0x47, 0x7E, 0x0A, 0x0F, 0xDF, 0x65, 0x53,
+    0x14, 0x3E, 0x2C, 0xA3, 0xA7, 0x35, 0xE0, 0x2E,
+    0xCC, 0xD9, 0x4B, 0x27, 0xD0, 0x48, 0x61, 0xD1,
+    0x11, 0x9D, 0xD0, 0xC3, 0x28, 0xAD, 0xF3, 0xF6,
+    0x8F, 0xB0, 0x94, 0xB8, 0x67, 0x71, 0x6B, 0xD7,
+    0xDC, 0x0D, 0xEE, 0xBB, 0x10, 0xB8, 0x24, 0x0E,
+    0x68, 0x03, 0x48, 0x93, 0xEA, 0xD8, 0x2D, 0x54,
+    0xC9, 0xDA, 0x75, 0x4C, 0x46, 0xC7, 0xEE, 0xE0,
+    0xC3, 0x7F, 0xDB, 0xEE, 0x48, 0x53, 0x60, 0x47,
+    0xA6, 0xFA, 0x1A, 0xE4, 0x9A, 0x03, 0x18, 0xCC,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+const krb5_data oakley_1024 = { KV5M_DATA, sizeof(o1024), (char *)o1024 };
+const krb5_data oakley_2048 = { KV5M_DATA, sizeof(o2048), (char *)o2048 };
+const krb5_data oakley_4096 = { KV5M_DATA, sizeof(o4096), (char *)o4096 };
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto.h b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto.h
new file mode 100644
index 00000000..e22798f6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto.h
@@ -0,0 +1,631 @@
+/*
+ * COPYRIGHT (C) 2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+/*
+ * This header defines the cryptographic interface
+ */
+
+#ifndef _PKINIT_CRYPTO_H
+#define _PKINIT_CRYPTO_H
+
+#include <krb5/krb5.h>
+#include <krb5/preauth_plugin.h>
+#include <k5-int-pkinit.h>
+#include <profile.h>
+#include "pkinit_accessor.h"
+
+/*
+ * these describe the CMS message types
+ */
+enum cms_msg_types {
+    CMS_SIGN_CLIENT,
+    CMS_SIGN_SERVER,
+    CMS_ENVEL_SERVER
+};
+
+/*
+ * storage types for identity information
+ */
+#define IDTYPE_FILE     1
+#define IDTYPE_DIR      2
+#define IDTYPE_PKCS11   3
+#define IDTYPE_ENVVAR   4
+#define IDTYPE_PKCS12   5
+
+/*
+ * ca/crl types
+ */
+#define CATYPE_ANCHORS          1
+#define CATYPE_INTERMEDIATES    2
+#define CATYPE_CRLS             3
+
+/*
+ * The following represent Key Usage values that we
+ * may care about in a certificate
+ */
+#define PKINIT_KU_DIGITALSIGNATURE      0x80000000
+#define PKINIT_KU_KEYENCIPHERMENT       0x40000000
+
+/*
+ * The following represent Extended Key Usage oid values
+ * that we may care about in a certificate
+ */
+#define PKINIT_EKU_PKINIT               0x80000000
+#define PKINIT_EKU_MSSCLOGIN            0x40000000
+#define PKINIT_EKU_CLIENTAUTH           0x20000000
+#define PKINIT_EKU_EMAILPROTECTION      0x10000000
+
+
+/* Handle to cert, opaque above crypto interface */
+typedef struct _pkinit_cert_info *pkinit_cert_handle;
+
+/* Handle to cert iteration information, opaque above crypto interface */
+typedef struct _pkinit_cert_iter_info *pkinit_cert_iter_handle;
+
+#define PKINIT_ITER_NO_MORE	0x11111111  /* XXX */
+
+typedef struct _pkinit_cert_matching_data {
+    char *subject_dn;	    /* rfc2253-style subject name string */
+    char *issuer_dn;	    /* rfc2253-style issuer name string */
+    unsigned int ku_bits;   /* key usage information */
+    unsigned int eku_bits;  /* extended key usage information */
+    krb5_principal *sans;   /* Null-terminated array of PKINIT SANs */
+    char **upns;	    /* Null-terimnated array of UPN SANs */
+} pkinit_cert_matching_data;
+
+/*
+ * Functions to initialize and cleanup crypto contexts
+ */
+krb5_error_code pkinit_init_plg_crypto(pkinit_plg_crypto_context *);
+void pkinit_fini_plg_crypto(pkinit_plg_crypto_context);
+
+krb5_error_code pkinit_init_req_crypto(pkinit_req_crypto_context *);
+void pkinit_fini_req_crypto(pkinit_req_crypto_context);
+
+krb5_error_code pkinit_init_identity_crypto(pkinit_identity_crypto_context *);
+void pkinit_fini_identity_crypto(pkinit_identity_crypto_context);
+/**Create a pkinit ContentInfo*/
+krb5_error_code cms_contentinfo_create
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	int cms_msg_type,
+	unsigned char *in_data, unsigned int in_length,
+	unsigned char **out_data, unsigned int *out_data_len);
+
+/*
+ * this function creates a CMS message where eContentType is SignedData
+ */
+krb5_error_code cms_signeddata_create
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	int cms_msg_type,				/* IN
+		    specifies CMS_SIGN_CLIENT for client-side CMS message
+		    and CMS_SIGN_SERVER for kdc-side */
+	unsigned char *auth_pack,			/* IN
+		    contains DER encoded AuthPack (CMS_SIGN_CLIENT)
+		    or DER encoded DHRepInfo (CMS_SIGN_SERVER) */
+	unsigned int auth_pack_len,			/* IN
+		    contains length of auth_pack */
+	unsigned char **signed_data,			/* OUT
+		    for CMS_SIGN_CLIENT receives DER encoded
+		    SignedAuthPack (CMS_SIGN_CLIENT) or DER
+		    encoded DHInfo (CMS_SIGN_SERVER) */
+	unsigned int *signed_data_len);			/* OUT
+		    receives length of signed_data */
+
+/*
+ * this function verifies a CMS message where eContentType is SignedData
+ */
+krb5_error_code cms_signeddata_verify
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	int cms_msg_type,				/* IN
+		    specifies CMS_SIGN_CLIENT for client-side
+		    CMS message and CMS_SIGN_SERVER for kdc-side */
+	int require_crl_checking,			/* IN
+		    specifies whether CRL checking should be
+		    strictly enforced, i.e. if no CRLs available
+		    for the CA then fail verification.
+		    note, if the value is 0, crls are still
+		    checked if present */
+	unsigned char *signed_data,			/* IN
+		    contains DER encoded SignedAuthPack (CMS_SIGN_CLIENT)
+		    or DER encoded DHInfo (CMS_SIGN_SERVER) */
+	unsigned int signed_data_len,			/* IN
+		    contains length of signed_data*/
+	unsigned char **auth_pack,			/* OUT
+		    receives DER encoded AuthPack (CMS_SIGN_CLIENT)
+		    or DER encoded DHRepInfo (CMS_SIGN_SERVER)*/
+	unsigned int *auth_pack_len,			/* OUT
+		    receives length of auth_pack */
+	unsigned char **authz_data,			/* OUT
+		    receives required authorization data that
+		    contains the verified certificate chain
+		    (only used by the KDC) */
+	unsigned int *authz_data_len,			/* OUT
+		    receives length of authz_data */
+	int *is_signed);                                /* OUT
+		    receives whether message is signed */
+
+/*
+ * this function creates a CMS message where eContentType is EnvelopedData
+ */
+krb5_error_code cms_envelopeddata_create
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_preauthtype pa_type,			/* IN */
+	unsigned char *key_pack,			/* IN
+		    contains DER encoded ReplyKeyPack */
+	unsigned int key_pack_len,			/* IN
+		    contains length of key_pack */
+	unsigned char **envel_data,			/* OUT
+		    receives DER encoded encKeyPack */
+	unsigned int *envel_data_len);			/* OUT
+		    receives length of envel_data */
+
+/*
+ * this function creates a CMS message where eContentType is EnvelopedData
+ */
+krb5_error_code cms_envelopeddata_verify
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_preauthtype pa_type,			/* IN */
+	int require_crl_checking,			/* IN
+		    specifies whether CRL checking should be
+		    strictly enforced */
+	unsigned char *envel_data,			/* IN
+		    contains DER encoded encKeyPack */
+	unsigned int envel_data_len,			/* IN
+		    contains length of envel_data */
+	unsigned char **signed_data,			/* OUT
+		    receives ReplyKeyPack */
+	unsigned int *signed_data_len);			/* OUT
+		    receives length of signed_data */
+
+/*
+ * This function retrieves the signer's identity, in a form that could
+ * be passed back in to a future invocation of this module as a candidate
+ * client identity location.
+ */
+krb5_error_code crypto_retrieve_signer_identity
+	(krb5_context context,				/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	const char **identity);				/* OUT */
+
+/*
+ * this function returns SAN information found in the
+ * received certificate.  at least one of pkinit_sans,
+ * upn_sans, or kdc_hostnames must be non-NULL.
+ */
+krb5_error_code crypto_retrieve_cert_sans
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_principal **pkinit_sans,			/* OUT
+		    if non-NULL, a null-terminated array of
+		    id-pkinit-san values found in the certificate
+		    are returned */
+	char ***upn_sans,				/* OUT
+		    if non-NULL, a null-terminated array of
+		    id-ms-upn-san values found in the certificate
+		    are returned */
+	unsigned char ***kdc_hostname);			/* OUT
+		    if non-NULL, a null-terminated array of
+		    dNSName (hostname) SAN values found in the
+		    certificate are returned */
+
+/*
+ * this function checks for acceptable key usage values
+ * in the received certificate.
+ *
+ * when checking a received kdc certificate, it looks for
+ * the kpKdc key usage.  if allow_secondary_usage is
+ * non-zero, it will also accept kpServerAuth.
+ *
+ * when checking a received user certificate, it looks for
+ * kpClientAuth key usage.  if allow_secondary_usage is
+ * non-zero, it will also accept id-ms-sc-logon EKU.
+ *
+ * this function must also assert that the digitalSignature
+ * key usage is consistent.
+ */
+krb5_error_code crypto_check_cert_eku
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	int checking_kdc_cert,				/* IN
+		    specifies if the received certificate is
+		    a KDC certificate (non-zero),
+		    or a user certificate (zero) */
+	int allow_secondary_usage,			/* IN
+		    specifies if the secondary key usage
+		    should be accepted or not (see above) */
+	int *eku_valid);				/* OUT
+		    receives non-zero if an acceptable EKU was found */
+
+/*
+ * this functions takes in generated DH secret key and converts
+ * it in to a kerberos session key. it takes into the account the
+ * enc type and then follows the procedure specified in the RFC p 22.
+ */
+krb5_error_code pkinit_octetstring2key
+	(krb5_context context,				/* IN */
+	krb5_enctype etype,				/* IN
+		    specifies the enc type */
+	unsigned char *key,				/* IN
+		    contains the DH secret key */
+	unsigned int key_len,				/* IN
+		    contains length of key */
+	krb5_keyblock * krb5key);			/* OUT
+		    receives kerberos session key */
+
+/*
+ * this function implements clients first part of the DH protocol.
+ * client selects its DH parameters and pub key
+ */
+krb5_error_code client_create_dh
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	int dh_size,					/* IN
+		    specifies the DH modulous, eg 1024, 2048, or 4096 */
+	krb5_data *spki_out);				/* OUT
+		    receives SubjectPublicKeyInfo encoding */
+
+/*
+ * this function completes client's the DH protocol. client
+ * processes received DH pub key from the KDC and computes
+ * the DH secret key
+ */
+krb5_error_code client_process_dh
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	unsigned char *dh_pubkey,			/* IN
+		    contains client's DER encoded DH pub key */
+	unsigned int dh_pubkey_len,			/* IN
+		    contains length of dh_pubkey */
+	unsigned char **client_key_out,			/* OUT
+		    receives DH secret key */
+	unsigned int *client_key_len_out);		/* OUT
+		    receives length of DH secret key */
+
+/*
+ * this function implements the KDC first part of the DH protocol.
+ * it decodes the client's DH parameters and pub key and checks
+ * if they are acceptable.
+ */
+krb5_error_code server_check_dh
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	const krb5_data *client_spki,			/* IN
+		    SubjectPublicKeyInfo encoding from client */
+	int minbits);					/* IN
+		    the minimum number of key bits acceptable */
+
+/*
+ * this function completes the KDC's DH protocol. The KDC generates
+ * its DH pub key and computes the DH secret key
+ */
+krb5_error_code server_process_dh
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	unsigned char **dh_pubkey_out,			/* OUT
+		    receives KDC's DER encoded DH pub key */
+	unsigned int *dh_pubkey_len_out,		/* OUT
+		    receives length of dh_pubkey */
+	unsigned char **server_key_out,			/* OUT
+		    receives DH secret key */
+	unsigned int *server_key_len_out);		/* OUT
+		    receives length of DH secret key */
+
+/*
+ * this functions takes in crypto specific representation of
+ * supportedCMSTypes and creates a list of
+ * krb5_algorithm_identifier
+ */
+krb5_error_code create_krb5_supportedCMSTypes
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_algorithm_identifier ***supportedCMSTypes); /* OUT */
+
+/*
+ * this functions takes in crypto specific representation of
+ * trustedCertifiers and creates a list of
+ * krb5_external_principal_identifier
+ */
+krb5_error_code create_krb5_trustedCertifiers
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_external_principal_identifier ***trustedCertifiers); /* OUT */
+
+/*
+ * this functions takes in crypto specific representation of the
+ * KDC's certificate and creates a DER encoded kdcPKId
+ */
+krb5_error_code create_issuerAndSerial
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	unsigned char **kdcId_buf,			/* OUT
+		    receives DER encoded kdcPKId */
+	unsigned int *kdcId_len);			/* OUT
+		    receives length of encoded kdcPKId */
+
+/*
+ * These functions manipulate the deferred-identities list in the identity
+ * context, which is opaque outside of the crypto-specific bits.
+ */
+const pkinit_deferred_id * crypto_get_deferred_ids
+	(krb5_context context, pkinit_identity_crypto_context id_cryptoctx);
+krb5_error_code crypto_set_deferred_id
+	(krb5_context context,
+	 pkinit_identity_crypto_context id_cryptoctx,
+	 const char *identity, const char *password);
+
+/*
+ * process the values from idopts and obtain the cert(s)
+ * specified by those options, populating the id_cryptoctx.
+ */
+krb5_error_code crypto_load_certs
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_opts *idopts,			/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN/OUT */
+	krb5_principal princ,				/* IN */
+	krb5_boolean defer_id_prompts);			/* IN */
+
+/*
+ * Free up information held from crypto_load_certs()
+ */
+krb5_error_code crypto_free_cert_info
+	(krb5_context context,
+	pkinit_plg_crypto_context plg_cryptoctx,
+	pkinit_req_crypto_context req_cryptoctx,
+	pkinit_identity_crypto_context id_cryptoctx);
+
+
+/*
+ * Get a null-terminated list of certificate matching data objects for the
+ * certificates loaded in id_cryptoctx.
+ */
+krb5_error_code
+crypto_cert_get_matching_data(krb5_context context,
+			      pkinit_plg_crypto_context plg_cryptoctx,
+			      pkinit_req_crypto_context req_cryptoctx,
+			      pkinit_identity_crypto_context id_cryptoctx,
+			      pkinit_cert_matching_data ***md_out);
+
+/*
+ * Free a matching data object.
+ */
+void
+crypto_cert_free_matching_data(krb5_context context,
+			       pkinit_cert_matching_data *md);
+
+/*
+ * Free a list of matching data objects.
+ */
+void
+crypto_cert_free_matching_data_list(krb5_context context,
+				    pkinit_cert_matching_data **matchdata);
+
+/*
+ * Choose one of the certificates loaded in idctx to use for PKINIT client
+ * operations.  cred_index must be an index into the array of matching objects
+ * returned by crypto_cert_get_matching_data().
+ */
+krb5_error_code
+crypto_cert_select(krb5_context context, pkinit_identity_crypto_context idctx,
+		   size_t cred_index);
+
+/*
+ * Select the default certificate as "the chosen one"
+ */
+krb5_error_code crypto_cert_select_default
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx);	/* IN */
+
+/*
+ * process the values from idopts and obtain the anchor or
+ * intermediate certificates, or crls specified by idtype,
+ * catype, and id
+ */
+krb5_error_code crypto_load_cas_and_crls
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_opts *idopts,			/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN/OUT */
+	int idtype,					/* IN
+		    defines the storage type (file, directory, etc) */
+	int catype,					/* IN
+		    defines the ca type (anchor, intermediate, crls) */
+	char *id);					/* IN
+		    defines the location (filename, directory name, etc) */
+
+/*
+ * on the client, obtain the kdc's certificate to include
+ * in a request
+ */
+krb5_error_code pkinit_get_kdc_cert
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN/OUT */
+	krb5_principal princ);				/* IN */
+
+/*
+ * this function creates edata that contains TD-DH-PARAMETERS
+ */
+krb5_error_code pkinit_create_td_dh_parameters
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	pkinit_plg_opts *opts,				/* IN */
+	krb5_pa_data ***e_data_out);			/* OUT */
+
+/*
+ * this function processes edata that contains TD-DH-PARAMETERS.
+ * the client processes the received acceptable by KDC DH
+ * parameters and picks the first acceptable to it. it matches
+ * them against the known DH parameters.
+ */
+krb5_error_code pkinit_process_td_dh_params
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_algorithm_identifier **algId,		/* IN */
+	int *new_dh_size);				/* OUT
+		    receives the new DH modulus to use in the new AS-REQ */
+
+/*
+ * this function creates edata that contains TD-INVALID-CERTIFICATES
+ */
+krb5_error_code pkinit_create_td_invalid_certificate
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_pa_data ***e_data_out);			/* OUT */
+
+/*
+ * this function creates edata that contains TD-TRUSTED-CERTIFIERS
+ */
+krb5_error_code pkinit_create_td_trusted_certifiers
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_pa_data ***e_data_out);			/* OUT */
+
+/*
+ * this function processes edata that contains either
+ * TD-TRUSTED-CERTIFICATES or TD-INVALID-CERTIFICATES.
+ * current implementation only decodes the received message
+ * but does not act on it
+ */
+krb5_error_code pkinit_process_td_trusted_certifiers
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_external_principal_identifier **trustedCertifiers, /* IN */
+	int td_type);					/* IN */
+
+/*
+ * this function checks if the received kdcPKId matches
+ * the KDC's certificate
+ */
+krb5_error_code pkinit_check_kdc_pkid
+	(krb5_context context,				/* IN */
+	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
+	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	unsigned char *pdid_buf,			/* IN
+		    contains DER encoded kdcPKId */
+	unsigned int pkid_len,				/* IN
+		    contains length of pdid_buf */
+	int *valid_kdcPkId);				/* OUT
+		    1 if kdcPKId matches, otherwise 0 */
+
+krb5_error_code pkinit_identity_set_prompter
+	(pkinit_identity_crypto_context id_cryptoctx,	/* IN */
+	krb5_prompter_fct prompter,			/* IN */
+	void *prompter_data);				/* IN */
+
+krb5_error_code
+pkinit_alg_agility_kdf(krb5_context context,
+                       krb5_data *secret,
+                       krb5_data *alg_oid,
+                       krb5_const_principal party_u_info,
+                       krb5_const_principal party_v_info,
+                       krb5_enctype enctype,
+                       krb5_data *as_req,
+                       krb5_data *pk_as_rep,
+                       krb5_keyblock *key_block);
+
+extern const krb5_data sha1_id;
+extern const krb5_data sha256_id;
+extern const krb5_data sha512_id;
+extern const krb5_data oakley_1024;
+extern const krb5_data oakley_2048;
+extern const krb5_data oakley_4096;
+
+/**
+ * An ordered set of OIDs, stored as krb5_data, of KDF algorithms
+ * supported by this implementation. The order of this array controls
+ * the order in which the server will pick.
+ */
+extern krb5_data const * const supported_kdf_alg_ids[];
+
+/* CMS signature algorithms supported by this implementation, in order of
+ * decreasing preference. */
+extern krb5_data const * const supported_cms_algs[];
+
+krb5_error_code
+crypto_encode_der_cert(krb5_context context, pkinit_req_crypto_context reqctx,
+		       uint8_t **der_out, size_t *der_len);
+
+krb5_error_code
+crypto_req_cert_matching_data(krb5_context context,
+			      pkinit_plg_crypto_context plgctx,
+			      pkinit_req_crypto_context reqctx,
+			      pkinit_cert_matching_data **md_out);
+
+#endif	/* _PKINIT_CRYPTO_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
new file mode 100644
index 00000000..cb9c7962
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -0,0 +1,5814 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include "k5-int.h"
+#include "pkinit_crypto_openssl.h"
+#include "k5-buf.h"
+#include "k5-err.h"
+#include "k5-hex.h"
+#include <unistd.h>
+#include <dirent.h>
+#include <arpa/inet.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#include <openssl/kdf.h>
+#include <openssl/params.h>
+#endif
+
+static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context );
+static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context );
+
+static krb5_error_code pkinit_init_dh_params(pkinit_plg_crypto_context );
+static void pkinit_fini_dh_params(pkinit_plg_crypto_context );
+
+static krb5_error_code pkinit_init_certs(pkinit_identity_crypto_context ctx);
+static void pkinit_fini_certs(pkinit_identity_crypto_context ctx);
+
+static krb5_error_code pkinit_init_pkcs11(pkinit_identity_crypto_context ctx);
+static void pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx);
+
+static krb5_error_code pkinit_sign_data
+(krb5_context context, pkinit_identity_crypto_context cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **sig, unsigned int *sig_len);
+
+static krb5_error_code create_signature
+(unsigned char **, unsigned int *, unsigned char *, unsigned int,
+ EVP_PKEY *pkey);
+
+static krb5_error_code pkinit_decode_data
+(krb5_context context, pkinit_identity_crypto_context cryptoctx,
+ const uint8_t *data, unsigned int data_len, uint8_t **decoded,
+ unsigned int *decoded_len);
+
+#ifdef DEBUG_DH
+static void print_dh(DH *, char *);
+static void print_pubkey(BIGNUM *, char *);
+#endif
+
+static int prepare_enc_data
+(const uint8_t *indata, int indata_len, uint8_t **outdata, int *outdata_len);
+
+static int openssl_callback (int, X509_STORE_CTX *);
+static int openssl_callback_ignore_crls (int, X509_STORE_CTX *);
+
+static int pkcs7_decrypt
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, PKCS7 *p7,
+ unsigned char **data_out, unsigned int *len_out);
+
+static ASN1_OBJECT * pkinit_pkcs7type2oid
+(pkinit_plg_crypto_context plg_cryptoctx, int pkcs7_type);
+
+static krb5_error_code pkinit_create_sequence_of_principal_identifiers
+(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx,
+ pkinit_req_crypto_context req_cryptoctx,
+ pkinit_identity_crypto_context id_cryptoctx,
+ int type, krb5_pa_data ***e_data_out);
+
+#ifndef WITHOUT_PKCS11
+static krb5_error_code pkinit_find_private_key
+(pkinit_identity_crypto_context, CK_ATTRIBUTE_TYPE usage,
+ CK_OBJECT_HANDLE *objp);
+static krb5_error_code pkinit_login
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ CK_TOKEN_INFO *tip, const char *password);
+static krb5_error_code pkinit_open_session
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx);
+#ifdef SILLYDECRYPT
+CK_RV pkinit_C_Decrypt
+(pkinit_identity_crypto_context id_cryptoctx,
+ CK_BYTE_PTR pEncryptedData, CK_ULONG  ulEncryptedDataLen,
+ CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
+#endif
+
+static krb5_error_code pkinit_sign_data_pkcs11
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **sig, unsigned int *sig_len);
+static krb5_error_code pkinit_decode_data_pkcs11
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ const uint8_t *data, unsigned int data_len, uint8_t **decoded_data,
+ unsigned int *decoded_data_len);
+#endif  /* WITHOUT_PKCS11 */
+
+static krb5_error_code pkinit_sign_data_fs
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ unsigned char *data, unsigned int data_len,
+ unsigned char **sig, unsigned int *sig_len);
+static krb5_error_code pkinit_decode_data_fs
+(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+ const uint8_t *data, unsigned int data_len, uint8_t **decoded_data,
+ unsigned int *decoded_data_len);
+
+static krb5_error_code
+create_krb5_invalidCertificates(krb5_context context,
+                                pkinit_plg_crypto_context plg_cryptoctx,
+                                pkinit_req_crypto_context req_cryptoctx,
+                                pkinit_identity_crypto_context id_cryptoctx,
+                                krb5_external_principal_identifier *** ids);
+
+static krb5_error_code
+create_identifiers_from_stack(STACK_OF(X509) *sk,
+                              krb5_external_principal_identifier *** ids);
+static int
+wrap_signeddata(unsigned char *data, unsigned int data_len,
+                unsigned char **out, unsigned int *out_len);
+
+static const char *
+pkcs11err(int err);
+
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/* 1.1 standardizes constructor and destructor names, renaming
+ * EVP_MD_CTX_{create,destroy} and deprecating ASN1_STRING_data. */
+
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define ASN1_STRING_get0_data ASN1_STRING_data
+
+/*
+ * 1.1 adds DHX support, which uses the RFC 3279 DomainParameters encoding we
+ * need for PKINIT.  For 1.0 we must use the original DH type when creating
+ * EVP_PKEY objects.
+ */
+#define EVP_PKEY_DHX EVP_PKEY_DH
+
+/* 1.1 makes many handle types opaque and adds accessors.  Add compatibility
+ * versions of the new accessors we use for pre-1.1. */
+
+#define OBJ_get0_data(o) ((o)->data)
+#define OBJ_length(o) ((o)->length)
+
+#define DH_set0_key compat_dh_set0_key
+static int
+compat_dh_set0_key(DH *dh, BIGNUM *pub, BIGNUM *priv)
+{
+    if (pub != NULL) {
+        BN_clear_free(dh->pub_key);
+        dh->pub_key = pub;
+    }
+    if (priv != NULL) {
+        BN_clear_free(dh->priv_key);
+        dh->priv_key = priv;
+    }
+    return 1;
+}
+
+#define DH_get0_key compat_dh_get0_key
+static void compat_dh_get0_key(const DH *dh, const BIGNUM **pub,
+                               const BIGNUM **priv)
+{
+    if (pub != NULL)
+        *pub = dh->pub_key;
+    if (priv != NULL)
+        *priv = dh->priv_key;
+}
+
+#define EVP_PKEY_get0_DH compat_get0_DH
+static DH *
+compat_get0_DH(const EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DH)
+        return NULL;
+    return pkey->pkey.dh;
+
+}
+
+/* Return true if the cert c includes a key usage which doesn't include u.
+ * Define using direct member access for pre-1.1. */
+#define ku_reject(c, u)                                                 \
+    (((c)->ex_flags & EXFLAG_KUSAGE) && !((c)->ex_kusage & (u)))
+
+#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+
+/* Return true if the cert x includes a key usage which doesn't include u. */
+#define ku_reject(c, u) (!(X509_get_key_usage(c) & (u)))
+
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+/* OpenSSL 3.0 changes several preferred function names. */
+#define EVP_PKEY_parameters_eq EVP_PKEY_cmp_parameters
+#define EVP_MD_CTX_get0_md EVP_MD_CTX_md
+#define EVP_PKEY_get_size EVP_PKEY_size
+#define EVP_PKEY_get_bits EVP_PKEY_bits
+
+/*
+ * Convert *dh to an EVP_PKEY object, taking ownership of *dh and setting it to
+ * NULL.  On error, return NULL and do not take ownership of or change *dh.
+ * OpenSSL 3.0 deprecates the low-level DH interfaces, so this helper will only
+ * be used with prior versions.
+ */
+static EVP_PKEY *
+dh_to_pkey(DH **dh)
+{
+    EVP_PKEY *pkey;
+
+    pkey = EVP_PKEY_new();
+    if (pkey == NULL)
+        return NULL;
+    if (!EVP_PKEY_assign(pkey, EVP_PKEY_DHX, *dh)) {
+        EVP_PKEY_free(pkey);
+        return NULL;
+    }
+    *dh = NULL;
+    return pkey;
+}
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+/* Encode a bignum as an ASN.1 integer in DER. */
+static int
+encode_bn_der(const BIGNUM *bn, uint8_t **der_out, int *len_out)
+{
+    ASN1_INTEGER *intval;
+    int len;
+    uint8_t *der = NULL, *outptr;
+
+    intval = BN_to_ASN1_INTEGER(bn, NULL);
+    if (intval == NULL)
+        return 0;
+    len = i2d_ASN1_INTEGER(intval, NULL);
+    if (len > 0 && (outptr = der = malloc(len)) != NULL)
+        (void)i2d_ASN1_INTEGER(intval, &outptr);
+    ASN1_INTEGER_free(intval);
+    if (der == NULL)
+        return 0;
+    *der_out = der;
+    *len_out = len;
+    return 1;
+}
+
+/* Decode an ASN.1 integer, returning a bignum. */
+static BIGNUM *
+decode_bn_der(const uint8_t *der, size_t len)
+{
+    ASN1_INTEGER *intval;
+    BIGNUM *bn;
+
+    intval = d2i_ASN1_INTEGER(NULL, &der, len);
+    if (intval == NULL)
+        return NULL;
+    bn = ASN1_INTEGER_to_BN(intval, NULL);
+    ASN1_INTEGER_free(intval);
+    return bn;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+static int
+params_valid(EVP_PKEY *params)
+{
+    EVP_PKEY_CTX *ctx;
+    int result;
+
+    ctx = EVP_PKEY_CTX_new(params, NULL);
+    if (ctx == NULL)
+        return 0;
+    result = EVP_PKEY_param_check(ctx);
+    EVP_PKEY_CTX_free(ctx);
+    return result == 1;
+}
+#else
+static int
+params_valid(EVP_PKEY *params)
+{
+    DH *dh;
+    int codes;
+
+    dh = EVP_PKEY_get0_DH(params);
+    return (dh == NULL) ? 0 : (DH_check(dh, &codes) && codes == 0);
+}
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static EVP_PKEY *
+decode_dh_params(const krb5_data *params_der)
+{
+    EVP_PKEY *pkey = NULL;
+    const uint8_t *inptr = (uint8_t *)params_der->data;
+    size_t len = params_der->length;
+    OSSL_DECODER_CTX *dctx;
+    int ok;
+
+    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "type-specific", "DHX",
+                                         EVP_PKEY_KEY_PARAMETERS, NULL, NULL);
+    if (dctx == NULL)
+        return NULL;
+
+    ok = OSSL_DECODER_from_data(dctx, &inptr, &len);
+    OSSL_DECODER_CTX_free(dctx);
+    return ok ? pkey : NULL;
+}
+#else
+static EVP_PKEY *
+decode_dh_params(const krb5_data *params_der)
+{
+    const uint8_t *p = (uint8_t *)params_der->data;
+    DH *dh;
+    EVP_PKEY *pkey;
+
+    dh = d2i_DHxparams(NULL, &p, params_der->length);
+    pkey = dh_to_pkey(&dh);
+    DH_free(dh);
+    return pkey;
+}
+#endif
+
+static krb5_error_code
+encode_spki(EVP_PKEY *pkey, krb5_data *spki_out)
+{
+    krb5_error_code ret = ENOMEM;
+    int len;
+    uint8_t *outptr;
+
+    len = i2d_PUBKEY(pkey, NULL);
+    ret = alloc_data(spki_out, len);
+    if (ret)
+        goto cleanup;
+    outptr = (uint8_t *)spki_out->data;
+    (void)i2d_PUBKEY(pkey, &outptr);
+
+cleanup:
+    return ret;
+}
+
+static EVP_PKEY *
+decode_spki(const krb5_data *spki)
+{
+    const uint8_t *inptr = (uint8_t *)spki->data;
+
+    return d2i_PUBKEY(NULL, &inptr, spki->length);
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+/*
+ * OpenSSL 1.0 has no DHX support, so we need a custom decoder for RFC 3279
+ * DomainParameters, and we need to use X509_PUBKEY values to marshal
+ * SubjectPublicKeyInfo.
+ */
+
+typedef struct {
+    ASN1_BIT_STRING *seed;
+    BIGNUM *counter;
+} int_dhvparams;
+
+typedef struct {
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *g;
+    BIGNUM *j;
+    int_dhvparams *vparams;
+} int_dhxparams;
+
+ASN1_SEQUENCE(int_dhvparams) = {
+    ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+    ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} ASN1_SEQUENCE_END(int_dhvparams);
+
+ASN1_SEQUENCE(int_dhxparams) = {
+    ASN1_SIMPLE(int_dhxparams, p, BIGNUM),
+    ASN1_SIMPLE(int_dhxparams, g, BIGNUM),
+    ASN1_SIMPLE(int_dhxparams, q, BIGNUM),
+    ASN1_OPT(int_dhxparams, j, BIGNUM),
+    ASN1_OPT(int_dhxparams, vparams, int_dhvparams)
+} ASN1_SEQUENCE_END(int_dhxparams);
+
+static EVP_PKEY *
+decode_dh_params(const krb5_data *params_der)
+{
+    int_dhxparams *params;
+    DH *dh;
+    EVP_PKEY *pkey;
+    const uint8_t *p;
+
+    dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+
+    p = (uint8_t *)params_der->data;
+    params = (int_dhxparams *)ASN1_item_d2i(NULL, &p, params_der->length,
+                                            ASN1_ITEM_rptr(int_dhxparams));
+    if (params == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+
+    /* Steal p, q, and g from dhparams for dh.  Ignore j and vparams. */
+    dh->p = params->p;
+    dh->q = params->q;
+    dh->g = params->g;
+    params->p = params->q = params->g = NULL;
+    ASN1_item_free((ASN1_VALUE *)params, ASN1_ITEM_rptr(int_dhxparams));
+    pkey = dh_to_pkey(&dh);
+    DH_free(dh);
+    return pkey;
+}
+
+static krb5_error_code
+encode_spki(EVP_PKEY *pkey, krb5_data *spki_out)
+{
+    krb5_error_code ret = ENOMEM;
+    const DH *dh;
+    uint8_t *param_der = NULL, *pubkey_der = NULL, *outptr;
+    int param_der_len, pubkey_der_len, len;
+    X509_PUBKEY pubkey;
+    int_dhxparams dhxparams;
+    X509_ALGOR algor;
+    ASN1_OBJECT algorithm;
+    ASN1_TYPE parameter;
+    ASN1_STRING param_str, pubkey_str;
+
+    dh = EVP_PKEY_get0_DH(pkey);
+    if (dh == NULL)
+        goto cleanup;
+
+    dhxparams.p = dh->p;
+    dhxparams.q = dh->q;
+    dhxparams.g = dh->g;
+    dhxparams.j = NULL;
+    dhxparams.vparams = NULL;
+    param_der_len = ASN1_item_i2d((ASN1_VALUE *)&dhxparams, &param_der,
+                                  ASN1_ITEM_rptr(int_dhxparams));
+    if (param_der_len < 0)
+        goto cleanup;
+    param_str.length = param_der_len;
+    param_str.type = V_ASN1_SEQUENCE;
+    param_str.data = param_der;
+    param_str.flags = 0;
+    parameter.type = V_ASN1_SEQUENCE;
+    parameter.value.sequence = &param_str;
+
+    memset(&algorithm, 0, sizeof(algorithm));
+    algorithm.data = (uint8_t *)dh_oid.data;
+    algorithm.length = dh_oid.length;
+
+    algor.algorithm = &algorithm;
+    algor.parameter = &parameter;
+
+    if (!encode_bn_der(dh->pub_key, &pubkey_der, &pubkey_der_len))
+        goto cleanup;
+    pubkey_str.length = pubkey_der_len;
+    pubkey_str.type = V_ASN1_BIT_STRING;
+    pubkey_str.data = pubkey_der;
+    pubkey_str.flags = ASN1_STRING_FLAG_BITS_LEFT;
+
+    pubkey.algor = &algor;
+    pubkey.public_key = &pubkey_str;
+    len = i2d_X509_PUBKEY(&pubkey, NULL);
+    if (len < 0)
+        goto cleanup;
+    ret = alloc_data(spki_out, len);
+    if (ret)
+        goto cleanup;
+    outptr = (uint8_t *)spki_out->data;
+    i2d_X509_PUBKEY(&pubkey, &outptr);
+
+cleanup:
+    OPENSSL_free(param_der);
+    free(pubkey_der);
+    return ret;
+}
+
+static EVP_PKEY *
+decode_spki(const krb5_data *spki)
+{
+    X509_PUBKEY *pubkey = NULL;
+    const uint8_t *inptr;
+    DH *dh;
+    EVP_PKEY *pkey = NULL, *pkey_ret = NULL;
+    const ASN1_STRING *params;
+    const ASN1_BIT_STRING *public_key;
+    krb5_data d;
+
+    inptr = (uint8_t *)spki->data;
+    pubkey = d2i_X509_PUBKEY(NULL, &inptr, spki->length);
+    if (pubkey == NULL)
+        goto cleanup;
+
+    if (pubkey->algor->parameter->type != V_ASN1_SEQUENCE)
+        goto cleanup;
+    params = pubkey->algor->parameter->value.sequence;
+    d = make_data(params->data, params->length);
+    pkey = decode_dh_params(&d);
+    if (pkey == NULL)
+        goto cleanup;
+    dh = EVP_PKEY_get0_DH(pkey);
+    if (dh == NULL)
+        goto cleanup;
+    public_key = pubkey->public_key;
+    dh->pub_key = decode_bn_der(public_key->data, public_key->length);
+    if (dh->pub_key == NULL)
+        goto cleanup;
+
+    pkey_ret = pkey;
+    pkey = NULL;
+
+cleanup:
+    X509_PUBKEY_free(pubkey);
+    EVP_PKEY_free(pkey);
+    return pkey_ret;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+/* Attempt to specify padded Diffie-Hellman result derivation.  Don't error out
+ * if this fails since we also detect short results and adjust them. */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static void
+set_padded_derivation(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY_CTX_set_dh_pad(ctx, 1);
+}
+#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
+static void
+set_padded_derivation(EVP_PKEY_CTX *ctx)
+{
+    /* We would use EVP_PKEY_CTX_set_dh_pad() but it doesn't work with DHX. */
+    EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE,
+                      EVP_PKEY_CTRL_DH_PAD, 1, NULL);
+}
+#else
+static void
+set_padded_derivation(EVP_PKEY_CTX *ctx)
+{
+    /* There's no support for padded derivation in 1.0. */
+}
+#endif
+
+static int
+dh_result(EVP_PKEY *pkey, EVP_PKEY *peer,
+          uint8_t **result_out, unsigned int *len_out)
+{
+    EVP_PKEY_CTX *derive_ctx = NULL;
+    int ok = 0;
+    uint8_t *buf = NULL;
+    size_t len, dh_size = EVP_PKEY_get_size(pkey);
+
+    *result_out = NULL;
+    *len_out = 0;
+
+    derive_ctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (derive_ctx == NULL)
+        goto cleanup;
+    if (EVP_PKEY_derive_init(derive_ctx) <= 0)
+        goto cleanup;
+    set_padded_derivation(derive_ctx);
+    if (EVP_PKEY_derive_set_peer(derive_ctx, peer) <= 0)
+        goto cleanup;
+
+    buf = malloc(dh_size);
+    if (buf == NULL)
+        goto cleanup;
+    len = dh_size;
+    if (EVP_PKEY_derive(derive_ctx, buf, &len) <= 0)
+        goto cleanup;
+    if (len < dh_size) {        /* only possible without padded derivation */
+        memmove(buf + (dh_size - len), buf, len);
+        memset(buf, 0, dh_size - len);
+    }
+
+    ok = 1;
+    *result_out = buf;
+    *len_out = dh_size;
+    buf = NULL;
+
+cleanup:
+    EVP_PKEY_CTX_free(derive_ctx);
+    free(buf);
+    return ok;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static int
+dh_pubkey_der(EVP_PKEY *pkey, uint8_t **pubkey_out, unsigned int *len_out)
+{
+    BIGNUM *pubkey_bn = NULL;
+    int len, ok;
+    uint8_t *buf;
+
+    if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pubkey_bn))
+        return 0;
+    ok = encode_bn_der(pubkey_bn, &buf, &len);
+    BN_free(pubkey_bn);
+    if (ok) {
+        *pubkey_out = buf;
+        *len_out = len;
+    }
+    return ok;
+}
+#else
+static int
+dh_pubkey_der(EVP_PKEY *pkey, uint8_t **pubkey_out, unsigned int *len_out)
+{
+    const DH *dh;
+    const BIGNUM *pubkey_bn;
+    uint8_t *buf;
+    int len;
+
+    dh = EVP_PKEY_get0_DH(pkey);
+    if (dh == NULL)
+        return 0;
+    DH_get0_key(dh, &pubkey_bn, NULL);
+    if (!encode_bn_der(pubkey_bn, &buf, &len))
+        return 0;
+    *pubkey_out = buf;
+    *len_out = len;
+    return 1;
+}
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+/* OpenSSL 1.1 and later will copy the q parameter when generating keys. */
+static int
+copy_q_openssl10(EVP_PKEY *src, EVP_PKEY *dest)
+{
+    return 1;
+}
+#else
+/* OpenSSL 1.0 won't copy the q parameter, so we have to do it. */
+static int
+copy_q_openssl10(EVP_PKEY *src, EVP_PKEY *dest)
+{
+    DH *dhsrc = EVP_PKEY_get0_DH(src), *dhdest = EVP_PKEY_get0_DH(dest);
+
+    if (dhsrc == NULL || dhsrc->q == NULL || dhdest == NULL)
+        return 0;
+    if (dhdest->q != NULL)
+        return 1;
+    dhdest->q = BN_dup(dhsrc->q);
+    return dhdest->q != NULL;
+}
+#endif
+
+static EVP_PKEY *
+generate_dh_pkey(EVP_PKEY *params)
+{
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    ctx = EVP_PKEY_CTX_new(params, NULL);
+    if (ctx == NULL)
+        goto cleanup;
+    if (EVP_PKEY_keygen_init(ctx) <= 0)
+        goto cleanup;
+    if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+        goto cleanup;
+    if (!copy_q_openssl10(params, pkey)) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+cleanup:
+    EVP_PKEY_CTX_free(ctx);
+    return pkey;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+static EVP_PKEY *
+compose_dh_pkey(EVP_PKEY *params, const uint8_t *pubkey_der, size_t der_len)
+{
+    EVP_PKEY *pkey = NULL, *pkey_ret = NULL;
+    BIGNUM *pubkey_bn = NULL;
+    uint8_t *pubkey_bin = NULL;
+    int binlen;
+
+    pkey = EVP_PKEY_dup(params);
+    if (pkey == NULL)
+        goto cleanup;
+
+    pubkey_bn = decode_bn_der(pubkey_der, der_len);
+    if (pubkey_bn == NULL)
+        goto cleanup;
+    binlen = EVP_PKEY_get_size(pkey);
+    pubkey_bin = malloc(binlen);
+    if (pubkey_bin == NULL)
+        goto cleanup;
+    if (BN_bn2binpad(pubkey_bn, pubkey_bin, binlen) != binlen)
+        goto cleanup;
+    if (EVP_PKEY_set1_encoded_public_key(pkey, pubkey_bin, binlen) != 1)
+        goto cleanup;
+
+    pkey_ret = pkey;
+    pkey = NULL;
+
+cleanup:
+    EVP_PKEY_free(pkey);
+    BN_free(pubkey_bn);
+    free(pubkey_bin);
+    return pkey_ret;
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+static DH *
+dup_dh_params(DH *src)
+{
+    return DHparams_dup(src);
+}
+#else
+/* DHparams_dup() won't copy q in OpenSSL 1.0. */
+static DH *
+dup_dh_params(DH *src)
+{
+    DH *dh;
+
+    dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dh->p = BN_dup(src->p);
+    dh->q = BN_dup(src->q);
+    dh->g = BN_dup(src->g);
+    if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+    return dh;
+}
+#endif
+
+static EVP_PKEY *
+compose_dh_pkey(EVP_PKEY *params, const uint8_t *pubkey_der, size_t der_len)
+{
+    DH *dhparams, *dh = NULL;
+    EVP_PKEY *pkey = NULL;
+    BIGNUM *pubkey_bn = NULL;
+
+    pubkey_bn = decode_bn_der(pubkey_der, der_len);
+    if (pubkey_bn == NULL)
+        goto cleanup;
+
+    dhparams = EVP_PKEY_get0_DH(params);
+    if (dhparams == NULL)
+        goto cleanup;
+    dh = dup_dh_params(dhparams);
+    if (dh == NULL)
+        goto cleanup;
+    if (!DH_set0_key(dh, pubkey_bn, NULL))
+        goto cleanup;
+    pubkey_bn = NULL;
+
+    pkey = dh_to_pkey(&dh);
+
+cleanup:
+    BN_free(pubkey_bn);
+    DH_free(dh);
+    return pkey;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+static struct pkcs11_errstrings {
+    short code;
+    char *text;
+} pkcs11_errstrings[] = {
+    { 0x0,      "ok" },
+    { 0x1,      "cancel" },
+    { 0x2,      "host memory" },
+    { 0x3,      "slot id invalid" },
+    { 0x5,      "general error" },
+    { 0x6,      "function failed" },
+    { 0x7,      "arguments bad" },
+    { 0x8,      "no event" },
+    { 0x9,      "need to create threads" },
+    { 0xa,      "cant lock" },
+    { 0x10,     "attribute read only" },
+    { 0x11,     "attribute sensitive" },
+    { 0x12,     "attribute type invalid" },
+    { 0x13,     "attribute value invalid" },
+    { 0x20,     "data invalid" },
+    { 0x21,     "data len range" },
+    { 0x30,     "device error" },
+    { 0x31,     "device memory" },
+    { 0x32,     "device removed" },
+    { 0x40,     "encrypted data invalid" },
+    { 0x41,     "encrypted data len range" },
+    { 0x50,     "function canceled" },
+    { 0x51,     "function not parallel" },
+    { 0x54,     "function not supported" },
+    { 0x60,     "key handle invalid" },
+    { 0x62,     "key size range" },
+    { 0x63,     "key type inconsistent" },
+    { 0x64,     "key not needed" },
+    { 0x65,     "key changed" },
+    { 0x66,     "key needed" },
+    { 0x67,     "key indigestible" },
+    { 0x68,     "key function not permitted" },
+    { 0x69,     "key not wrappable" },
+    { 0x6a,     "key unextractable" },
+    { 0x70,     "mechanism invalid" },
+    { 0x71,     "mechanism param invalid" },
+    { 0x82,     "object handle invalid" },
+    { 0x90,     "operation active" },
+    { 0x91,     "operation not initialized" },
+    { 0xa0,     "pin incorrect" },
+    { 0xa1,     "pin invalid" },
+    { 0xa2,     "pin len range" },
+    { 0xa3,     "pin expired" },
+    { 0xa4,     "pin locked" },
+    { 0xb0,     "session closed" },
+    { 0xb1,     "session count" },
+    { 0xb3,     "session handle invalid" },
+    { 0xb4,     "session parallel not supported" },
+    { 0xb5,     "session read only" },
+    { 0xb6,     "session exists" },
+    { 0xb7,     "session read only exists" },
+    { 0xb8,     "session read write so exists" },
+    { 0xc0,     "signature invalid" },
+    { 0xc1,     "signature len range" },
+    { 0xd0,     "template incomplete" },
+    { 0xd1,     "template inconsistent" },
+    { 0xe0,     "token not present" },
+    { 0xe1,     "token not recognized" },
+    { 0xe2,     "token write protected" },
+    { 0xf0,     "unwrapping key handle invalid" },
+    { 0xf1,     "unwrapping key size range" },
+    { 0xf2,     "unwrapping key type inconsistent" },
+    { 0x100,    "user already logged in" },
+    { 0x101,    "user not logged in" },
+    { 0x102,    "user pin not initialized" },
+    { 0x103,    "user type invalid" },
+    { 0x104,    "user another already logged in" },
+    { 0x105,    "user too many types" },
+    { 0x110,    "wrapped key invalid" },
+    { 0x112,    "wrapped key len range" },
+    { 0x113,    "wrapping key handle invalid" },
+    { 0x114,    "wrapping key size range" },
+    { 0x115,    "wrapping key type inconsistent" },
+    { 0x120,    "random seed not supported" },
+    { 0x121,    "random no rng" },
+    { 0x130,    "domain params invalid" },
+    { 0x150,    "buffer too small" },
+    { 0x160,    "saved state invalid" },
+    { 0x170,    "information sensitive" },
+    { 0x180,    "state unsaveable" },
+    { 0x190,    "cryptoki not initialized" },
+    { 0x191,    "cryptoki already initialized" },
+    { 0x1a0,    "mutex bad" },
+    { 0x1a1,    "mutex not locked" },
+    { 0x200,    "function rejected" },
+    { -1,       NULL }
+};
+
+MAKE_INIT_FUNCTION(pkinit_openssl_init);
+
+static krb5_error_code oerr(krb5_context context, krb5_error_code code,
+                            const char *fmt, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+
+/*
+ * Set an error string containing the formatted arguments and the first pending
+ * OpenSSL error.  Write the formatted arguments and all pending OpenSSL error
+ * messages to the trace log.  Return code, or KRB5KDC_ERR_PREAUTH_FAILED if
+ * code is 0.
+ */
+static krb5_error_code
+oerr(krb5_context context, krb5_error_code code, const char *fmt, ...)
+{
+    unsigned long err;
+    va_list ap;
+    char *str, buf[128];
+    int r;
+
+    if (!code)
+        code = KRB5KDC_ERR_PREAUTH_FAILED;
+
+    va_start(ap, fmt);
+    r = vasprintf(&str, fmt, ap);
+    va_end(ap);
+    if (r < 0)
+        return code;
+
+    err = ERR_peek_error();
+    if (err) {
+        krb5_set_error_message(context, code, _("%s: %s"), str,
+                               ERR_reason_error_string(err));
+    } else {
+        krb5_set_error_message(context, code, "%s", str);
+    }
+
+    TRACE_PKINIT_OPENSSL_ERROR(context, str);
+    while ((err = ERR_get_error()) != 0) {
+        ERR_error_string_n(err, buf, sizeof(buf));
+        TRACE_PKINIT_OPENSSL_ERROR(context, buf);
+    }
+
+    free(str);
+    return code;
+}
+
+/*
+ * Set an appropriate error string containing msg for a certificate
+ * verification failure from certctx.  Write the message and all pending
+ * OpenSSL error messages to the trace log.  Return code, or
+ * KRB5KDC_ERR_PREAUTH_FAILED if code is 0.
+ */
+static krb5_error_code
+oerr_cert(krb5_context context, krb5_error_code code, X509_STORE_CTX *certctx,
+          const char *msg)
+{
+    int depth = X509_STORE_CTX_get_error_depth(certctx);
+    int err = X509_STORE_CTX_get_error(certctx);
+    const char *errstr = X509_verify_cert_error_string(err);
+
+    return oerr(context, code, _("%s (depth %d): %s"), msg, depth, errstr);
+}
+
+krb5_error_code
+pkinit_init_plg_crypto(pkinit_plg_crypto_context *cryptoctx)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_plg_crypto_context ctx = NULL;
+
+    (void)CALL_INIT_FUNCTION(pkinit_openssl_init);
+
+    ctx = malloc(sizeof(*ctx));
+    if (ctx == NULL)
+        goto out;
+    memset(ctx, 0, sizeof(*ctx));
+
+    pkiDebug("%s: initializing openssl crypto context at %p\n",
+             __FUNCTION__, ctx);
+    retval = pkinit_init_pkinit_oids(ctx);
+    if (retval)
+        goto out;
+
+    retval = pkinit_init_dh_params(ctx);
+    if (retval)
+        goto out;
+
+    *cryptoctx = ctx;
+
+out:
+    if (retval && ctx != NULL)
+        pkinit_fini_plg_crypto(ctx);
+
+    return retval;
+}
+
+void
+pkinit_fini_plg_crypto(pkinit_plg_crypto_context cryptoctx)
+{
+    pkiDebug("%s: freeing context at %p\n", __FUNCTION__, cryptoctx);
+
+    if (cryptoctx == NULL)
+        return;
+    pkinit_fini_pkinit_oids(cryptoctx);
+    pkinit_fini_dh_params(cryptoctx);
+    free(cryptoctx);
+}
+
+krb5_error_code
+pkinit_init_identity_crypto(pkinit_identity_crypto_context *idctx)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_identity_crypto_context ctx = NULL;
+
+    ctx = malloc(sizeof(*ctx));
+    if (ctx == NULL)
+        goto out;
+    memset(ctx, 0, sizeof(*ctx));
+
+    ctx->identity = NULL;
+
+    retval = pkinit_init_certs(ctx);
+    if (retval)
+        goto out;
+
+    retval = pkinit_init_pkcs11(ctx);
+    if (retval)
+        goto out;
+
+    pkiDebug("%s: returning ctx at %p\n", __FUNCTION__, ctx);
+    *idctx = ctx;
+
+out:
+    if (retval) {
+        if (ctx)
+            pkinit_fini_identity_crypto(ctx);
+    }
+
+    return retval;
+}
+
+void
+pkinit_fini_identity_crypto(pkinit_identity_crypto_context idctx)
+{
+    if (idctx == NULL)
+        return;
+
+    pkiDebug("%s: freeing ctx at %p\n", __FUNCTION__, idctx);
+    if (idctx->deferred_ids != NULL)
+        pkinit_free_deferred_ids(idctx->deferred_ids);
+    free(idctx->identity);
+    pkinit_fini_certs(idctx);
+    pkinit_fini_pkcs11(idctx);
+    free(idctx);
+}
+
+krb5_error_code
+pkinit_init_req_crypto(pkinit_req_crypto_context *cryptoctx)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_req_crypto_context ctx = NULL;
+
+    ctx = malloc(sizeof(*ctx));
+    if (ctx == NULL)
+        goto out;
+    memset(ctx, 0, sizeof(*ctx));
+
+    ctx->client_pkey = NULL;
+    ctx->received_params = NULL;
+    ctx->received_cert = NULL;
+
+    *cryptoctx = ctx;
+
+    pkiDebug("%s: returning ctx at %p\n", __FUNCTION__, ctx);
+    retval = 0;
+out:
+    if (retval)
+        free(ctx);
+
+    return retval;
+}
+
+void
+pkinit_fini_req_crypto(pkinit_req_crypto_context req_cryptoctx)
+{
+    if (req_cryptoctx == NULL)
+        return;
+
+    pkiDebug("%s: freeing ctx at %p\n", __FUNCTION__, req_cryptoctx);
+    EVP_PKEY_free(req_cryptoctx->client_pkey);
+    EVP_PKEY_free(req_cryptoctx->received_params);
+    X509_free(req_cryptoctx->received_cert);
+
+    free(req_cryptoctx);
+}
+
+static krb5_error_code
+pkinit_init_pkinit_oids(pkinit_plg_crypto_context ctx)
+{
+    ctx->id_pkinit_san = OBJ_txt2obj("1.3.6.1.5.2.2", 1);
+    if (ctx->id_pkinit_san == NULL)
+        return ENOMEM;
+
+    ctx->id_pkinit_authData = OBJ_txt2obj("1.3.6.1.5.2.3.1", 1);
+    if (ctx->id_pkinit_authData == NULL)
+        return ENOMEM;
+
+    ctx->id_pkinit_DHKeyData = OBJ_txt2obj("1.3.6.1.5.2.3.2", 1);
+    if (ctx->id_pkinit_DHKeyData == NULL)
+        return ENOMEM;
+
+    ctx->id_pkinit_rkeyData = OBJ_txt2obj("1.3.6.1.5.2.3.3", 1);
+    if (ctx->id_pkinit_rkeyData == NULL)
+        return ENOMEM;
+
+    ctx->id_pkinit_KPClientAuth = OBJ_txt2obj("1.3.6.1.5.2.3.4", 1);
+    if (ctx->id_pkinit_KPClientAuth == NULL)
+        return ENOMEM;
+
+    ctx->id_pkinit_KPKdc = OBJ_txt2obj("1.3.6.1.5.2.3.5", 1);
+    if (ctx->id_pkinit_KPKdc == NULL)
+        return ENOMEM;
+
+    ctx->id_ms_kp_sc_logon = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.2", 1);
+    if (ctx->id_ms_kp_sc_logon == NULL)
+        return ENOMEM;
+
+    ctx->id_ms_san_upn = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1);
+    if (ctx->id_ms_san_upn == NULL)
+        return ENOMEM;
+
+    ctx->id_kp_serverAuth = OBJ_txt2obj("1.3.6.1.5.5.7.3.1", 1);
+    if (ctx->id_kp_serverAuth == NULL)
+        return ENOMEM;
+
+    return 0;
+}
+
+static krb5_error_code
+get_cert(char *filename, X509 **retcert)
+{
+    X509 *cert = NULL;
+    BIO *tmp = NULL;
+    int code;
+    krb5_error_code retval;
+
+    if (filename == NULL || retcert == NULL)
+        return EINVAL;
+
+    *retcert = NULL;
+
+    tmp = BIO_new(BIO_s_file());
+    if (tmp == NULL)
+        return ENOMEM;
+
+    code = BIO_read_filename(tmp, filename);
+    if (code == 0) {
+        retval = errno;
+        goto cleanup;
+    }
+
+    cert = (X509 *) PEM_read_bio_X509(tmp, NULL, NULL, NULL);
+    if (cert == NULL) {
+        retval = EIO;
+        pkiDebug("failed to read certificate from %s\n", filename);
+        goto cleanup;
+    }
+    *retcert = cert;
+    retval = 0;
+cleanup:
+    if (tmp != NULL)
+        BIO_free(tmp);
+    return retval;
+}
+
+struct get_key_cb_data {
+    krb5_context context;
+    pkinit_identity_crypto_context id_cryptoctx;
+    const char *fsname;
+    char *filename;
+    const char *password;
+};
+
+static int
+get_key_cb(char *buf, int size, int rwflag, void *userdata)
+{
+    struct get_key_cb_data *data = userdata;
+    pkinit_identity_crypto_context id_cryptoctx;
+    krb5_data rdat;
+    krb5_prompt kprompt;
+    krb5_prompt_type prompt_type;
+    krb5_error_code retval;
+    char *prompt;
+
+    if (data->id_cryptoctx->defer_id_prompt) {
+        /* Supply the identity name to be passed to a responder callback. */
+        pkinit_set_deferred_id(&data->id_cryptoctx->deferred_ids,
+                               data->fsname, 0, NULL);
+        return -1;
+    }
+    if (data->password == NULL) {
+        /* We don't already have a password to use, so prompt for one. */
+        if (data->id_cryptoctx->prompter == NULL)
+            return -1;
+        if (asprintf(&prompt, "%s %s", _("Pass phrase for"),
+                     data->filename) < 0)
+            return -1;
+        rdat.data = buf;
+        rdat.length = size;
+        kprompt.prompt = prompt;
+        kprompt.hidden = 1;
+        kprompt.reply = &rdat;
+        prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+
+        /* PROMPTER_INVOCATION */
+        k5int_set_prompt_types(data->context, &prompt_type);
+        id_cryptoctx = data->id_cryptoctx;
+        retval = (data->id_cryptoctx->prompter)(data->context,
+                                                id_cryptoctx->prompter_data,
+                                                NULL, NULL, 1, &kprompt);
+        k5int_set_prompt_types(data->context, 0);
+        free(prompt);
+        if (retval != 0)
+            return -1;
+    } else {
+        /* Just use the already-supplied password. */
+        rdat.length = strlen(data->password);
+        if ((int)rdat.length >= size)
+            return -1;
+        snprintf(buf, size, "%s", data->password);
+    }
+    return (int)rdat.length;
+}
+
+static krb5_error_code
+get_key(krb5_context context, pkinit_identity_crypto_context id_cryptoctx,
+        char *filename, const char *fsname, EVP_PKEY **retkey,
+        const char *password)
+{
+    EVP_PKEY *pkey = NULL;
+    BIO *tmp = NULL;
+    struct get_key_cb_data cb_data;
+    int code;
+    krb5_error_code retval;
+
+    if (filename == NULL || retkey == NULL)
+        return EINVAL;
+
+    tmp = BIO_new(BIO_s_file());
+    if (tmp == NULL)
+        return ENOMEM;
+
+    code = BIO_read_filename(tmp, filename);
+    if (code == 0) {
+        retval = errno;
+        goto cleanup;
+    }
+    cb_data.context = context;
+    cb_data.id_cryptoctx = id_cryptoctx;
+    cb_data.filename = filename;
+    cb_data.fsname = fsname;
+    cb_data.password = password;
+    pkey = PEM_read_bio_PrivateKey(tmp, NULL, get_key_cb, &cb_data);
+    if (pkey == NULL && !id_cryptoctx->defer_id_prompt) {
+        retval = EIO;
+        pkiDebug("failed to read private key from %s\n", filename);
+        goto cleanup;
+    }
+    *retkey = pkey;
+    retval = 0;
+cleanup:
+    if (tmp != NULL)
+        BIO_free(tmp);
+    return retval;
+}
+
+static void
+pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ctx)
+{
+    if (ctx == NULL)
+        return;
+    ASN1_OBJECT_free(ctx->id_pkinit_san);
+    ASN1_OBJECT_free(ctx->id_pkinit_authData);
+    ASN1_OBJECT_free(ctx->id_pkinit_DHKeyData);
+    ASN1_OBJECT_free(ctx->id_pkinit_rkeyData);
+    ASN1_OBJECT_free(ctx->id_pkinit_KPClientAuth);
+    ASN1_OBJECT_free(ctx->id_pkinit_KPKdc);
+    ASN1_OBJECT_free(ctx->id_ms_kp_sc_logon);
+    ASN1_OBJECT_free(ctx->id_ms_san_upn);
+    ASN1_OBJECT_free(ctx->id_kp_serverAuth);
+}
+
+static krb5_error_code
+pkinit_init_dh_params(pkinit_plg_crypto_context plgctx)
+{
+    krb5_error_code retval = ENOMEM;
+
+    plgctx->dh_1024 = decode_dh_params(&oakley_1024);
+    if (plgctx->dh_1024 == NULL)
+        goto cleanup;
+
+    plgctx->dh_2048 = decode_dh_params(&oakley_2048);
+    if (plgctx->dh_2048 == NULL)
+        goto cleanup;
+
+    plgctx->dh_4096 = decode_dh_params(&oakley_4096);
+    if (plgctx->dh_4096 == NULL)
+        goto cleanup;
+
+    retval = 0;
+
+cleanup:
+    if (retval)
+        pkinit_fini_dh_params(plgctx);
+
+    return retval;
+}
+
+static void
+pkinit_fini_dh_params(pkinit_plg_crypto_context plgctx)
+{
+    EVP_PKEY_free(plgctx->dh_1024);
+    EVP_PKEY_free(plgctx->dh_2048);
+    EVP_PKEY_free(plgctx->dh_4096);
+    plgctx->dh_1024 = plgctx->dh_2048 = plgctx->dh_4096 = NULL;
+}
+
+static krb5_error_code
+pkinit_init_certs(pkinit_identity_crypto_context ctx)
+{
+    krb5_error_code retval = ENOMEM;
+    int i;
+
+    for (i = 0; i < MAX_CREDS_ALLOWED; i++)
+        ctx->creds[i] = NULL;
+    ctx->my_certs = NULL;
+    ctx->cert_index = 0;
+    ctx->my_key = NULL;
+    ctx->trustedCAs = NULL;
+    ctx->intermediateCAs = NULL;
+    ctx->revoked = NULL;
+
+    retval = 0;
+    return retval;
+}
+
+static void
+pkinit_fini_certs(pkinit_identity_crypto_context ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    if (ctx->my_certs != NULL)
+        sk_X509_pop_free(ctx->my_certs, X509_free);
+
+    if (ctx->my_key != NULL)
+        EVP_PKEY_free(ctx->my_key);
+
+    if (ctx->trustedCAs != NULL)
+        sk_X509_pop_free(ctx->trustedCAs, X509_free);
+
+    if (ctx->intermediateCAs != NULL)
+        sk_X509_pop_free(ctx->intermediateCAs, X509_free);
+
+    if (ctx->revoked != NULL)
+        sk_X509_CRL_pop_free(ctx->revoked, X509_CRL_free);
+}
+
+static krb5_error_code
+pkinit_init_pkcs11(pkinit_identity_crypto_context ctx)
+{
+    krb5_error_code retval = ENOMEM;
+
+#ifndef WITHOUT_PKCS11
+    ctx->p11_module_name = strdup(PKCS11_MODNAME);
+    if (ctx->p11_module_name == NULL)
+        return retval;
+    ctx->p11_module = NULL;
+    ctx->slotid = PK_NOSLOT;
+    ctx->token_label = NULL;
+    ctx->cert_label = NULL;
+    ctx->session = CK_INVALID_HANDLE;
+    ctx->p11 = NULL;
+#endif
+    ctx->pkcs11_method = 0;
+
+    retval = 0;
+    return retval;
+}
+
+static void
+pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx)
+{
+#ifndef WITHOUT_PKCS11
+    if (ctx == NULL)
+        return;
+
+    if (ctx->p11 != NULL) {
+        if (ctx->session != CK_INVALID_HANDLE) {
+            ctx->p11->C_CloseSession(ctx->session);
+            ctx->session = CK_INVALID_HANDLE;
+        }
+        ctx->p11->C_Finalize(NULL_PTR);
+        ctx->p11 = NULL;
+    }
+    if (ctx->p11_module != NULL) {
+        krb5int_close_plugin(ctx->p11_module);
+        ctx->p11_module = NULL;
+    }
+    free(ctx->p11_module_name);
+    free(ctx->token_label);
+    free(ctx->cert_id);
+    free(ctx->cert_label);
+#endif
+}
+
+krb5_error_code
+pkinit_identity_set_prompter(pkinit_identity_crypto_context id_cryptoctx,
+                             krb5_prompter_fct prompter,
+                             void *prompter_data)
+{
+    id_cryptoctx->prompter = prompter;
+    id_cryptoctx->prompter_data = prompter_data;
+
+    return 0;
+}
+
+/* Create a CMS ContentInfo of type oid containing the octet string in data. */
+static krb5_error_code
+create_contentinfo(krb5_context context, ASN1_OBJECT *oid,
+                   unsigned char *data, size_t data_len, PKCS7 **p7_out)
+{
+    PKCS7 *p7 = NULL;
+    ASN1_OCTET_STRING *ostr = NULL;
+
+    *p7_out = NULL;
+
+    ostr = ASN1_OCTET_STRING_new();
+    if (ostr == NULL)
+        goto oom;
+    if (!ASN1_OCTET_STRING_set(ostr, (unsigned char *)data, data_len))
+        goto oom;
+
+    p7 = PKCS7_new();
+    if (p7 == NULL)
+        goto oom;
+    p7->type = OBJ_dup(oid);
+    if (p7->type == NULL)
+        goto oom;
+
+    p7->d.other = ASN1_TYPE_new();
+    if (p7->d.other == NULL)
+        goto oom;
+    p7->d.other->type = V_ASN1_OCTET_STRING;
+    p7->d.other->value.octet_string = ostr;
+
+    *p7_out = p7;
+    return 0;
+
+oom:
+    if (ostr != NULL)
+        ASN1_OCTET_STRING_free(ostr);
+    if (p7 != NULL)
+        PKCS7_free(p7);
+    return ENOMEM;
+}
+
+krb5_error_code
+cms_contentinfo_create(krb5_context context,                          /* IN */
+                       pkinit_plg_crypto_context plg_cryptoctx,       /* IN */
+                       pkinit_req_crypto_context req_cryptoctx,       /* IN */
+                       pkinit_identity_crypto_context id_cryptoctx,   /* IN */
+                       int cms_msg_type,
+                       unsigned char *data, unsigned int data_len,
+                       unsigned char **out_data, unsigned int *out_data_len)
+{
+    krb5_error_code retval = ENOMEM;
+    ASN1_OBJECT *oid;
+    PKCS7 *p7 = NULL;
+    unsigned char *p;
+
+    /* Pick the correct oid for the eContentInfo. */
+    oid = pkinit_pkcs7type2oid(plg_cryptoctx, cms_msg_type);
+    if (oid == NULL)
+        goto cleanup;
+    retval = create_contentinfo(context, oid, data, data_len, &p7);
+    if (retval != 0)
+        goto cleanup;
+    *out_data_len = i2d_PKCS7(p7, NULL);
+    if (!(*out_data_len)) {
+        retval = oerr(context, 0, _("Failed to DER encode PKCS7"));
+        goto cleanup;
+    }
+    retval = ENOMEM;
+    if ((p = *out_data = malloc(*out_data_len)) == NULL)
+        goto cleanup;
+
+    /* DER encode PKCS7 data */
+    retval = i2d_PKCS7(p7, &p);
+    if (!retval) {
+        retval = oerr(context, 0, _("Failed to DER encode PKCS7"));
+        goto cleanup;
+    }
+    retval = 0;
+cleanup:
+    if (p7)
+        PKCS7_free(p7);
+    return retval;
+}
+
+
+
+krb5_error_code
+cms_signeddata_create(krb5_context context,
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      int cms_msg_type,
+                      unsigned char *data,
+                      unsigned int data_len,
+                      unsigned char **signed_data,
+                      unsigned int *signed_data_len)
+{
+    krb5_error_code retval = ENOMEM;
+    PKCS7  *p7 = NULL, *inner_p7 = NULL;
+    PKCS7_SIGNED *p7s = NULL;
+    PKCS7_SIGNER_INFO *p7si = NULL;
+    unsigned char *p;
+    STACK_OF(X509) * cert_stack = NULL;
+    ASN1_OCTET_STRING *digest_attr = NULL;
+    EVP_MD_CTX *ctx;
+    const EVP_MD *md_tmp = NULL;
+    unsigned char md_data[EVP_MAX_MD_SIZE], md_data2[EVP_MAX_MD_SIZE];
+    unsigned char *digestInfo_buf = NULL, *abuf = NULL;
+    unsigned int md_len, md_len2, alen, digestInfo_len;
+    STACK_OF(X509_ATTRIBUTE) * sk;
+    unsigned char *sig = NULL;
+    unsigned int sig_len = 0;
+    X509_ALGOR *alg = NULL;
+    ASN1_OCTET_STRING *digest = NULL;
+    unsigned int alg_len = 0, digest_len = 0;
+    unsigned char *y = NULL;
+    X509 *cert = NULL;
+    ASN1_OBJECT *oid = NULL, *oid_copy;
+
+    /* Start creating PKCS7 data. */
+    if ((p7 = PKCS7_new()) == NULL)
+        goto cleanup;
+    p7->type = OBJ_nid2obj(NID_pkcs7_signed);
+
+    if ((p7s = PKCS7_SIGNED_new()) == NULL)
+        goto cleanup;
+    p7->d.sign = p7s;
+    if (!ASN1_INTEGER_set(p7s->version, 3))
+        goto cleanup;
+
+    /* pick the correct oid for the eContentInfo */
+    oid = pkinit_pkcs7type2oid(plg_cryptoctx, cms_msg_type);
+    if (oid == NULL)
+        goto cleanup;
+
+    if (id_cryptoctx->my_certs != NULL) {
+        X509_STORE *certstore = NULL;
+        X509_STORE_CTX *certctx;
+        STACK_OF(X509) *certstack = NULL;
+        char buf[DN_BUF_LEN];
+        unsigned int i = 0, size = 0;
+
+        /* create a cert chain */
+        if ((cert_stack = sk_X509_new_null()) == NULL)
+            goto cleanup;
+
+        cert = sk_X509_value(id_cryptoctx->my_certs, id_cryptoctx->cert_index);
+
+        certstore = X509_STORE_new();
+        if (certstore == NULL)
+            goto cleanup;
+        pkiDebug("building certificate chain\n");
+        X509_STORE_set_verify_cb(certstore, openssl_callback);
+        certctx = X509_STORE_CTX_new();
+        if (certctx == NULL)
+            goto cleanup;
+        X509_STORE_CTX_init(certctx, certstore, cert,
+                            id_cryptoctx->intermediateCAs);
+        X509_STORE_CTX_trusted_stack(certctx, id_cryptoctx->trustedCAs);
+        if (!X509_verify_cert(certctx)) {
+            retval = oerr_cert(context, 0, certctx,
+                               _("Failed to verify own certificate"));
+            goto cleanup;
+        }
+        certstack = X509_STORE_CTX_get1_chain(certctx);
+        size = sk_X509_num(certstack);
+        for (i = 0; i < size - 1; i++) {
+            X509 *x = sk_X509_value(certstack, i);
+            X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
+            TRACE_PKINIT_CERT_CHAIN_NAME(context, (int)i, buf);
+            sk_X509_push(cert_stack, X509_dup(x));
+        }
+        X509_STORE_CTX_free(certctx);
+        X509_STORE_free(certstore);
+        sk_X509_pop_free(certstack, X509_free);
+
+        p7s->cert = cert_stack;
+
+        /* fill-in PKCS7_SIGNER_INFO */
+        if ((p7si = PKCS7_SIGNER_INFO_new()) == NULL)
+            goto cleanup;
+        if (!ASN1_INTEGER_set(p7si->version, 1))
+            goto cleanup;
+        if (!X509_NAME_set(&p7si->issuer_and_serial->issuer,
+                           X509_get_issuer_name(cert)))
+            goto cleanup;
+        /* because ASN1_INTEGER_set is used to set a 'long' we will do
+         * things the ugly way. */
+        ASN1_INTEGER_free(p7si->issuer_and_serial->serial);
+        if (!(p7si->issuer_and_serial->serial =
+              ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
+            goto cleanup;
+
+        /* will not fill-out EVP_PKEY because it's on the smartcard */
+
+        /* Set digest algs */
+        p7si->digest_alg->algorithm = OBJ_nid2obj(NID_sha256);
+
+        if (p7si->digest_alg->parameter != NULL)
+            ASN1_TYPE_free(p7si->digest_alg->parameter);
+        if ((p7si->digest_alg->parameter = ASN1_TYPE_new()) == NULL)
+            goto cleanup;
+        p7si->digest_alg->parameter->type = V_ASN1_NULL;
+
+        /* Set sig algs */
+        if (p7si->digest_enc_alg->parameter != NULL)
+            ASN1_TYPE_free(p7si->digest_enc_alg->parameter);
+        p7si->digest_enc_alg->algorithm =
+            OBJ_nid2obj(NID_sha256WithRSAEncryption);
+        if (!(p7si->digest_enc_alg->parameter = ASN1_TYPE_new()))
+            goto cleanup;
+        p7si->digest_enc_alg->parameter->type = V_ASN1_NULL;
+
+        /* add signed attributes */
+        /* compute sha256 digest over the EncapsulatedContentInfo */
+        ctx = EVP_MD_CTX_new();
+        if (ctx == NULL)
+            goto cleanup;
+        EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
+        EVP_DigestUpdate(ctx, data, data_len);
+        md_tmp = EVP_MD_CTX_get0_md(ctx);
+        EVP_DigestFinal_ex(ctx, md_data, &md_len);
+        EVP_MD_CTX_free(ctx);
+
+        /* create a message digest attr */
+        digest_attr = ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(digest_attr, md_data, (int)md_len);
+        PKCS7_add_signed_attribute(p7si, NID_pkcs9_messageDigest,
+                                   V_ASN1_OCTET_STRING, (char *)digest_attr);
+
+        /* create a content-type attr */
+        oid_copy = OBJ_dup(oid);
+        if (oid_copy == NULL)
+            goto cleanup2;
+        PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
+                                   V_ASN1_OBJECT, oid_copy);
+
+        /* create the signature over signed attributes. get DER encoded value */
+        /* This is the place where smartcard signature needs to be calculated */
+        sk = p7si->auth_attr;
+        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+        if (abuf == NULL)
+            goto cleanup2;
+
+#ifndef WITHOUT_PKCS11
+        /*
+         * Some tokens can only do RSAEncryption without a hash.  To compute
+         * sha256WithRSAEncryption, encode the algorithm ID for the hash
+         * function and the hash value into an ASN.1 value of type DigestInfo:
+         * DigestInfo ::= SEQUENCE {
+         *   digestAlgorithm  AlgorithmIdentifier,
+         *   digest  OCTET STRING
+         * }
+         */
+        if (id_cryptoctx->pkcs11_method == 1 &&
+            id_cryptoctx->mech == CKM_RSA_PKCS) {
+            pkiDebug("mech = CKM_RSA_PKCS\n");
+            ctx = EVP_MD_CTX_new();
+            if (ctx == NULL)
+                goto cleanup;
+            EVP_DigestInit_ex(ctx, md_tmp, NULL);
+            EVP_DigestUpdate(ctx, abuf, alen);
+            EVP_DigestFinal_ex(ctx, md_data2, &md_len2);
+            EVP_MD_CTX_free(ctx);
+
+            alg = X509_ALGOR_new();
+            if (alg == NULL)
+                goto cleanup2;
+            X509_ALGOR_set0(alg, OBJ_nid2obj(NID_sha256), V_ASN1_NULL, NULL);
+            alg_len = i2d_X509_ALGOR(alg, NULL);
+
+            digest = ASN1_OCTET_STRING_new();
+            if (digest == NULL)
+                goto cleanup2;
+            ASN1_OCTET_STRING_set(digest, md_data2, (int)md_len2);
+            digest_len = i2d_ASN1_OCTET_STRING(digest, NULL);
+
+            digestInfo_len = ASN1_object_size(1, (int)(alg_len + digest_len),
+                                              V_ASN1_SEQUENCE);
+            y = digestInfo_buf = malloc(digestInfo_len);
+            if (digestInfo_buf == NULL)
+                goto cleanup2;
+            ASN1_put_object(&y, 1, (int)(alg_len + digest_len), V_ASN1_SEQUENCE,
+                            V_ASN1_UNIVERSAL);
+            i2d_X509_ALGOR(alg, &y);
+            i2d_ASN1_OCTET_STRING(digest, &y);
+#ifdef DEBUG_SIG
+            pkiDebug("signing buffer\n");
+            print_buffer(digestInfo_buf, digestInfo_len);
+            print_buffer_bin(digestInfo_buf, digestInfo_len, "/tmp/pkcs7_tosign");
+#endif
+            retval = pkinit_sign_data(context, id_cryptoctx, digestInfo_buf,
+                                      digestInfo_len, &sig, &sig_len);
+        } else
+#endif
+        {
+            pkiDebug("mech = %s\n",
+                     id_cryptoctx->pkcs11_method == 1 ? "CKM_SHA256_RSA_PKCS" : "FS");
+            retval = pkinit_sign_data(context, id_cryptoctx, abuf, alen,
+                                      &sig, &sig_len);
+        }
+#ifdef DEBUG_SIG
+        print_buffer(sig, sig_len);
+#endif
+        free(abuf);
+        if (retval)
+            goto cleanup2;
+
+        /* Add signature */
+        if (!ASN1_STRING_set(p7si->enc_digest, (unsigned char *) sig,
+                             (int)sig_len)) {
+            retval = oerr(context, 0, _("Failed to add digest attribute"));
+            goto cleanup2;
+        }
+        /* adder signer_info to pkcs7 signed */
+        if (!PKCS7_add_signer(p7, p7si))
+            goto cleanup2;
+    } /* we have a certificate */
+
+    /* start on adding data to the pkcs7 signed */
+    retval = create_contentinfo(context, oid, data, data_len, &inner_p7);
+    if (p7s->contents != NULL)
+        PKCS7_free(p7s->contents);
+    p7s->contents = inner_p7;
+
+    *signed_data_len = i2d_PKCS7(p7, NULL);
+    if (!(*signed_data_len)) {
+        retval = oerr(context, 0, _("Failed to DER encode PKCS7"));
+        goto cleanup2;
+    }
+    retval = ENOMEM;
+    if ((p = *signed_data = malloc(*signed_data_len)) == NULL)
+        goto cleanup2;
+
+    /* DER encode PKCS7 data */
+    retval = i2d_PKCS7(p7, &p);
+    if (!retval) {
+        retval = oerr(context, 0, _("Failed to DER encode PKCS7"));
+        goto cleanup2;
+    }
+    retval = 0;
+
+#ifdef DEBUG_ASN1
+    if (cms_msg_type == CMS_SIGN_CLIENT) {
+        print_buffer_bin(*signed_data, *signed_data_len,
+                         "/tmp/client_pkcs7_signeddata");
+    } else {
+        print_buffer_bin(*signed_data, *signed_data_len,
+                         "/tmp/kdc_pkcs7_signeddata");
+    }
+#endif
+
+cleanup2:
+    if (p7si) {
+#ifndef WITHOUT_PKCS11
+        if (id_cryptoctx->pkcs11_method == 1 &&
+            id_cryptoctx->mech == CKM_RSA_PKCS) {
+            free(digestInfo_buf);
+            if (digest != NULL)
+                ASN1_OCTET_STRING_free(digest);
+        }
+#endif
+        if (alg != NULL)
+            X509_ALGOR_free(alg);
+    }
+cleanup:
+    if (p7 != NULL)
+        PKCS7_free(p7);
+    free(sig);
+
+    return retval;
+}
+
+krb5_error_code
+cms_signeddata_verify(krb5_context context,
+                      pkinit_plg_crypto_context plgctx,
+                      pkinit_req_crypto_context reqctx,
+                      pkinit_identity_crypto_context idctx,
+                      int cms_msg_type,
+                      int require_crl_checking,
+                      unsigned char *signed_data,
+                      unsigned int signed_data_len,
+                      unsigned char **data,
+                      unsigned int *data_len,
+                      unsigned char **authz_data,
+                      unsigned int *authz_data_len,
+                      int *is_signed)
+{
+    /*
+     * Warning: Since most openssl functions do not set retval, large chunks of
+     * this function assume that retval is always a failure and may go to
+     * cleanup without setting retval explicitly. Make sure retval is not set
+     * to 0 or errors such as signature verification failure may be converted
+     * to success with significant security consequences.
+     */
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    CMS_ContentInfo *cms = NULL;
+    BIO *out = NULL;
+    int flags = CMS_NO_SIGNER_CERT_VERIFY;
+    int valid_oid = 0;
+    unsigned int i = 0;
+    unsigned int vflags = 0, size = 0;
+    const unsigned char *p = signed_data;
+    STACK_OF(CMS_SignerInfo) *si_sk = NULL;
+    CMS_SignerInfo *si = NULL;
+    X509 *x = NULL;
+    X509_STORE *store = NULL;
+    X509_STORE_CTX *cert_ctx;
+    STACK_OF(X509) *signerCerts = NULL;
+    STACK_OF(X509) *intermediateCAs = NULL;
+    STACK_OF(X509_CRL) *signerRevoked = NULL;
+    STACK_OF(X509_CRL) *revoked = NULL;
+    STACK_OF(X509) *verified_chain = NULL;
+    ASN1_OBJECT *oid = NULL;
+    const ASN1_OBJECT *type = NULL, *etype = NULL;
+    ASN1_OCTET_STRING **octets;
+    krb5_external_principal_identifier **krb5_verified_chain = NULL;
+    krb5_data *authz = NULL;
+    char buf[DN_BUF_LEN];
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin(signed_data, signed_data_len,
+                     "/tmp/client_received_pkcs7_signeddata");
+#endif
+    if (is_signed)
+        *is_signed = 1;
+
+    oid = pkinit_pkcs7type2oid(plgctx, cms_msg_type);
+    if (oid == NULL)
+        goto cleanup;
+
+    /* decode received CMS message */
+    if ((cms = d2i_CMS_ContentInfo(NULL, &p, (int)signed_data_len)) == NULL) {
+        retval = oerr(context, 0, _("Failed to decode CMS message"));
+        goto cleanup;
+    }
+    etype = CMS_get0_eContentType(cms);
+
+    /*
+     * Prior to 1.10 the MIT client incorrectly emitted the pkinit structure
+     * directly in a CMS ContentInfo rather than using SignedData with no
+     * signers. Handle that case.
+     */
+    type = CMS_get0_type(cms);
+    if (is_signed && !OBJ_cmp(type, oid)) {
+        unsigned char *d;
+        *is_signed = 0;
+        octets = CMS_get0_content(cms);
+        if (!octets || ((*octets)->type != V_ASN1_OCTET_STRING)) {
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_set_error_message(context, retval,
+                                   _("Invalid pkinit packet: octet string "
+                                     "expected"));
+            goto cleanup;
+        }
+        *data_len = ASN1_STRING_length(*octets);
+        d = malloc(*data_len);
+        if (d == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(d, ASN1_STRING_get0_data(*octets), *data_len);
+        *data = d;
+        goto out;
+    } else {
+        /* Verify that the received message is CMS SignedData message. */
+        if (OBJ_obj2nid(type) != NID_pkcs7_signed) {
+            pkiDebug("Expected id-signedData CMS msg (received type = %d)\n",
+                     OBJ_obj2nid(type));
+            krb5_set_error_message(context, retval, _("wrong oid\n"));
+            goto cleanup;
+        }
+    }
+
+    /* setup to verify X509 certificate used to sign CMS message */
+    if (!(store = X509_STORE_new()))
+        goto cleanup;
+
+    /* check if we are inforcing CRL checking */
+    vflags = X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+    if (require_crl_checking)
+        X509_STORE_set_verify_cb(store, openssl_callback);
+    else
+        X509_STORE_set_verify_cb(store, openssl_callback_ignore_crls);
+    X509_STORE_set_flags(store, vflags);
+
+    /*
+     * Get the signer's information from the CMS message.  Match signer ID
+     * against anchors and intermediate CAs in case no certs are present in the
+     * SignedData.  If we start sending kdcPkId values in requests, we'll need
+     * to match against the source of that information too.
+     */
+    CMS_set1_signers_certs(cms, NULL, 0);
+    CMS_set1_signers_certs(cms, idctx->trustedCAs, CMS_NOINTERN);
+    CMS_set1_signers_certs(cms, idctx->intermediateCAs, CMS_NOINTERN);
+    if (((si_sk = CMS_get0_SignerInfos(cms)) == NULL) ||
+        ((si = sk_CMS_SignerInfo_value(si_sk, 0)) == NULL)) {
+        /* Not actually signed; anonymous case */
+        if (!is_signed)
+            goto cleanup;
+        *is_signed = 0;
+        /* We cannot use CMS_dataInit because there may be no digest */
+        octets = CMS_get0_content(cms);
+        if (octets)
+            out = BIO_new_mem_buf((*octets)->data, (*octets)->length);
+        if (out == NULL)
+            goto cleanup;
+    } else {
+        CMS_SignerInfo_get0_algs(si, NULL, &x, NULL, NULL);
+        if (x == NULL)
+            goto cleanup;
+
+        /* create available CRL information (get local CRLs and include CRLs
+         * received in the CMS message
+         */
+        signerRevoked = CMS_get1_crls(cms);
+        if (idctx->revoked == NULL)
+            revoked = signerRevoked;
+        else if (signerRevoked == NULL)
+            revoked = idctx->revoked;
+        else {
+            size = sk_X509_CRL_num(idctx->revoked);
+            revoked = sk_X509_CRL_new_null();
+            for (i = 0; i < size; i++)
+                sk_X509_CRL_push(revoked, sk_X509_CRL_value(idctx->revoked, i));
+            size = sk_X509_CRL_num(signerRevoked);
+            for (i = 0; i < size; i++)
+                sk_X509_CRL_push(revoked, sk_X509_CRL_value(signerRevoked, i));
+        }
+
+        /* create available intermediate CAs chains (get local intermediateCAs and
+         * include the CA chain received in the CMS message
+         */
+        signerCerts = CMS_get1_certs(cms);
+        if (idctx->intermediateCAs == NULL)
+            intermediateCAs = signerCerts;
+        else if (signerCerts == NULL)
+            intermediateCAs = idctx->intermediateCAs;
+        else {
+            size = sk_X509_num(idctx->intermediateCAs);
+            intermediateCAs = sk_X509_new_null();
+            for (i = 0; i < size; i++) {
+                sk_X509_push(intermediateCAs,
+                             sk_X509_value(idctx->intermediateCAs, i));
+            }
+            size = sk_X509_num(signerCerts);
+            for (i = 0; i < size; i++) {
+                sk_X509_push(intermediateCAs, sk_X509_value(signerCerts, i));
+            }
+        }
+
+        /* initialize x509 context with the received certificate and
+         * trusted and intermediate CA chains and CRLs
+         */
+        cert_ctx = X509_STORE_CTX_new();
+        if (cert_ctx == NULL)
+            goto cleanup;
+        if (!X509_STORE_CTX_init(cert_ctx, store, x, intermediateCAs))
+            goto cleanup;
+
+        X509_STORE_CTX_set0_crls(cert_ctx, revoked);
+
+        /* add trusted CAs certificates for cert verification */
+        if (idctx->trustedCAs != NULL)
+            X509_STORE_CTX_trusted_stack(cert_ctx, idctx->trustedCAs);
+        else {
+            pkiDebug("unable to find any trusted CAs\n");
+            goto cleanup;
+        }
+#ifdef DEBUG_CERTCHAIN
+        if (intermediateCAs != NULL) {
+            size = sk_X509_num(intermediateCAs);
+            pkiDebug("untrusted cert chain of size %d\n", size);
+            for (i = 0; i < size; i++) {
+                X509_NAME_oneline(X509_get_subject_name(
+                                      sk_X509_value(intermediateCAs, i)), buf, sizeof(buf));
+                pkiDebug("cert #%d: %s\n", i, buf);
+            }
+        }
+        if (idctx->trustedCAs != NULL) {
+            size = sk_X509_num(idctx->trustedCAs);
+            pkiDebug("trusted cert chain of size %d\n", size);
+            for (i = 0; i < size; i++) {
+                X509_NAME_oneline(X509_get_subject_name(
+                                      sk_X509_value(idctx->trustedCAs, i)), buf, sizeof(buf));
+                pkiDebug("cert #%d: %s\n", i, buf);
+            }
+        }
+        if (revoked != NULL) {
+            size = sk_X509_CRL_num(revoked);
+            pkiDebug("CRL chain of size %d\n", size);
+            for (i = 0; i < size; i++) {
+                X509_CRL *crl = sk_X509_CRL_value(revoked, i);
+                X509_NAME_oneline(X509_CRL_get_issuer(crl), buf, sizeof(buf));
+                pkiDebug("crls by CA #%d: %s\n", i , buf);
+            }
+        }
+#endif
+
+        i = X509_verify_cert(cert_ctx);
+        if (i <= 0) {
+            int j = X509_STORE_CTX_get_error(cert_ctx);
+            X509 *cert;
+
+            cert = X509_STORE_CTX_get_current_cert(cert_ctx);
+            reqctx->received_cert = X509_dup(cert);
+            switch(j) {
+            case X509_V_ERR_CERT_REVOKED:
+                retval = KRB5KDC_ERR_REVOKED_CERTIFICATE;
+                break;
+            case X509_V_ERR_UNABLE_TO_GET_CRL:
+                retval = KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN;
+                break;
+            case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+            case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+                retval = KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE;
+                break;
+            default:
+                retval = KRB5KDC_ERR_INVALID_CERTIFICATE;
+            }
+            (void)oerr_cert(context, retval, cert_ctx,
+                            _("Failed to verify received certificate"));
+            if (reqctx->received_cert == NULL)
+                strlcpy(buf, "(none)", sizeof(buf));
+            else
+                X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert),
+                                  buf, sizeof(buf));
+            pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
+                     X509_verify_cert_error_string(j));
+#ifdef DEBUG_CERTCHAIN
+            size = sk_X509_num(signerCerts);
+            pkiDebug("received cert chain of size %d\n", size);
+            for (j = 0; j < size; j++) {
+                X509 *tmp_cert = sk_X509_value(signerCerts, j);
+                X509_NAME_oneline(X509_get_subject_name(tmp_cert), buf, sizeof(buf));
+                pkiDebug("cert #%d: %s\n", j, buf);
+            }
+#endif
+        } else {
+            /* retrieve verified certificate chain */
+            if (cms_msg_type == CMS_SIGN_CLIENT)
+                verified_chain = X509_STORE_CTX_get1_chain(cert_ctx);
+        }
+        X509_STORE_CTX_free(cert_ctx);
+        if (i <= 0)
+            goto cleanup;
+        out = BIO_new(BIO_s_mem());
+        if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) {
+            if (ERR_peek_last_error() == CMS_R_VERIFICATION_FAILURE)
+                retval = KRB5KDC_ERR_INVALID_SIG;
+            else
+                retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
+            (void)oerr(context, retval, _("Failed to verify CMS message"));
+            goto cleanup;
+        }
+    } /* message was signed */
+    if (!OBJ_cmp(etype, oid))
+        valid_oid = 1;
+
+    if (valid_oid)
+        pkiDebug("CMS Verification successful\n");
+    else {
+        pkiDebug("wrong oid in eContentType\n");
+        print_buffer(OBJ_get0_data(etype), OBJ_length(etype));
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        krb5_set_error_message(context, retval, "wrong oid\n");
+        goto cleanup;
+    }
+
+    /* transfer the data from CMS message into return buffer */
+    for (size = 0;;) {
+        int remain;
+        retval = ENOMEM;
+        if ((*data = realloc(*data, size + 1024 * 10)) == NULL)
+            goto cleanup;
+        remain = BIO_read(out, &((*data)[size]), 1024 * 10);
+        if (remain <= 0)
+            break;
+        else
+            size += remain;
+    }
+    *data_len = size;
+
+    if (x) {
+        reqctx->received_cert = X509_dup(x);
+
+        /* generate authorization data */
+        if (cms_msg_type == CMS_SIGN_CLIENT) {
+
+            if (authz_data == NULL || authz_data_len == NULL)
+                goto out;
+
+            *authz_data = NULL;
+            retval = create_identifiers_from_stack(verified_chain,
+                                                   &krb5_verified_chain);
+            if (retval) {
+                pkiDebug("create_identifiers_from_stack failed\n");
+                goto cleanup;
+            }
+
+            retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_verified_chain, &authz);
+            if (retval) {
+                pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
+                goto cleanup;
+            }
+#ifdef DEBUG_ASN1
+            print_buffer_bin((unsigned char *)authz->data, authz->length,
+                             "/tmp/kdc_ad_initial_verified_cas");
+#endif
+            *authz_data = malloc(authz->length);
+            if (*authz_data == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memcpy(*authz_data, authz->data, authz->length);
+            *authz_data_len = authz->length;
+        }
+    }
+out:
+    retval = 0;
+
+cleanup:
+    if (out != NULL)
+        BIO_free(out);
+    if (store != NULL)
+        X509_STORE_free(store);
+    if (cms != NULL) {
+        if (signerCerts != NULL)
+            sk_X509_pop_free(signerCerts, X509_free);
+        if (idctx->intermediateCAs != NULL && signerCerts)
+            sk_X509_free(intermediateCAs);
+        if (signerRevoked != NULL)
+            sk_X509_CRL_pop_free(signerRevoked, X509_CRL_free);
+        if (idctx->revoked != NULL && signerRevoked)
+            sk_X509_CRL_free(revoked);
+        CMS_ContentInfo_free(cms);
+    }
+    if (verified_chain != NULL)
+        sk_X509_pop_free(verified_chain, X509_free);
+    if (krb5_verified_chain != NULL)
+        free_krb5_external_principal_identifier(&krb5_verified_chain);
+    if (authz != NULL)
+        krb5_free_data(context, authz);
+
+    return retval;
+}
+
+krb5_error_code
+cms_envelopeddata_create(krb5_context context,
+                         pkinit_plg_crypto_context plgctx,
+                         pkinit_req_crypto_context reqctx,
+                         pkinit_identity_crypto_context idctx,
+                         krb5_preauthtype pa_type,
+                         unsigned char *key_pack,
+                         unsigned int key_pack_len,
+                         unsigned char **out,
+                         unsigned int *out_len)
+{
+
+    krb5_error_code retval = ENOMEM;
+    PKCS7 *p7 = NULL;
+    BIO *in = NULL;
+    unsigned char *p = NULL, *signed_data = NULL, *enc_data = NULL;
+    int signed_data_len = 0, enc_data_len = 0, flags = PKCS7_BINARY;
+    STACK_OF(X509) *encerts = NULL;
+    const EVP_CIPHER *cipher = NULL;
+
+    retval = cms_signeddata_create(context, plgctx, reqctx, idctx,
+                                   CMS_ENVEL_SERVER, key_pack, key_pack_len,
+                                   &signed_data,
+                                   (unsigned int *)&signed_data_len);
+    if (retval) {
+        pkiDebug("failed to create pkcs7 signed data\n");
+        goto cleanup;
+    }
+
+    /* check we have client's certificate */
+    if (reqctx->received_cert == NULL) {
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+    encerts = sk_X509_new_null();
+    sk_X509_push(encerts, reqctx->received_cert);
+
+    cipher = EVP_des_ede3_cbc();
+    in = BIO_new(BIO_s_mem());
+    prepare_enc_data(signed_data, signed_data_len, &enc_data,
+                     &enc_data_len);
+    retval = BIO_write(in, enc_data, enc_data_len);
+    if (retval != enc_data_len) {
+        pkiDebug("BIO_write only wrote %d\n", retval);
+        goto cleanup;
+    }
+
+    p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+    if (p7 == NULL) {
+        retval = oerr(context, 0, _("Failed to encrypt PKCS7 object"));
+        goto cleanup;
+    }
+    p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_signed);
+
+    *out_len = i2d_PKCS7(p7, NULL);
+    if (!*out_len || (p = *out = malloc(*out_len)) == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    retval = i2d_PKCS7(p7, &p);
+    if (!retval) {
+        retval = oerr(context, 0, _("Failed to DER encode PKCS7"));
+        goto cleanup;
+    }
+    retval = 0;
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin(*out, *out_len, "/tmp/kdc_enveloped_data");
+#endif
+
+cleanup:
+    if (p7 != NULL)
+        PKCS7_free(p7);
+    if (in != NULL)
+        BIO_free(in);
+    free(signed_data);
+    free(enc_data);
+    if (encerts != NULL)
+        sk_X509_free(encerts);
+
+    return retval;
+}
+
+krb5_error_code
+cms_envelopeddata_verify(krb5_context context,
+                         pkinit_plg_crypto_context plg_cryptoctx,
+                         pkinit_req_crypto_context req_cryptoctx,
+                         pkinit_identity_crypto_context id_cryptoctx,
+                         krb5_preauthtype pa_type,
+                         int require_crl_checking,
+                         unsigned char *enveloped_data,
+                         unsigned int enveloped_data_len,
+                         unsigned char **data,
+                         unsigned int *data_len)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    PKCS7 *p7 = NULL;
+    const unsigned char *p = enveloped_data;
+    unsigned int tmp_buf_len = 0, tmp_buf2_len = 0, vfy_buf_len = 0;
+    unsigned char *tmp_buf = NULL, *tmp_buf2 = NULL, *vfy_buf = NULL;
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin(enveloped_data, enveloped_data_len,
+                     "/tmp/client_envelopeddata");
+#endif
+    /* decode received PKCS7 message */
+    if ((p7 = d2i_PKCS7(NULL, &p, (int)enveloped_data_len)) == NULL) {
+        retval = oerr(context, 0, _("Failed to decode PKCS7"));
+        goto cleanup;
+    }
+
+    /* verify that the received message is PKCS7 EnvelopedData message */
+    if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped ||
+        p7->d.enveloped == NULL ||
+        p7->d.enveloped->enc_data->enc_data == NULL) {
+        pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
+                 OBJ_obj2nid(p7->type));
+        krb5_set_error_message(context, retval, "wrong oid\n");
+        goto cleanup;
+    }
+
+    /* decrypt received PKCS7 message */
+    if (pkcs7_decrypt(context, id_cryptoctx, p7, &tmp_buf, &tmp_buf_len)) {
+        pkiDebug("PKCS7 decryption successful\n");
+    } else {
+        retval = oerr(context, 0, _("Failed to decrypt PKCS7 message"));
+        goto cleanup;
+    }
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin(tmp_buf, tmp_buf_len, "/tmp/client_enc_keypack");
+#endif
+    /* verify PKCS7 SignedData message */
+    /* Wrap the signed data to make decoding easier in the verify routine. */
+    retval = wrap_signeddata(tmp_buf, tmp_buf_len, &tmp_buf2, &tmp_buf2_len);
+    if (retval) {
+        pkiDebug("failed to encode signeddata\n");
+        goto cleanup;
+    }
+    vfy_buf = tmp_buf2;
+    vfy_buf_len = tmp_buf2_len;
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin(vfy_buf, vfy_buf_len, "/tmp/client_enc_keypack2");
+#endif
+
+    retval = cms_signeddata_verify(context, plg_cryptoctx, req_cryptoctx,
+                                   id_cryptoctx, CMS_ENVEL_SERVER,
+                                   require_crl_checking,
+                                   vfy_buf, vfy_buf_len,
+                                   data, data_len, NULL, NULL, NULL);
+
+    if (!retval)
+        pkiDebug("PKCS7 Verification Success\n");
+    else {
+        pkiDebug("PKCS7 Verification Failure\n");
+        goto cleanup;
+    }
+
+    retval = 0;
+
+cleanup:
+
+    if (p7 != NULL)
+        PKCS7_free(p7);
+    free(tmp_buf);
+    free(tmp_buf2);
+
+    return retval;
+}
+
+static krb5_error_code
+crypto_retrieve_X509_sans(krb5_context context,
+                          pkinit_plg_crypto_context plgctx,
+                          pkinit_req_crypto_context reqctx,
+                          X509 *cert,
+                          krb5_principal **princs_ret, char ***upn_ret,
+                          unsigned char ***dns_ret)
+{
+    krb5_error_code retval = EINVAL;
+    char buf[DN_BUF_LEN];
+    int p = 0, u = 0, d = 0, ret = 0, l;
+    krb5_principal *princs = NULL;
+    char **upns = NULL;
+    unsigned char **dnss = NULL;
+    unsigned int i, num_sans = 0;
+    X509_EXTENSION *ext = NULL;
+    GENERAL_NAMES *ialt = NULL;
+    GENERAL_NAME *gen = NULL;
+
+    if (princs_ret != NULL)
+        *princs_ret = NULL;
+    if (upn_ret != NULL)
+        *upn_ret = NULL;
+    if (dns_ret != NULL)
+        *dns_ret = NULL;
+
+    if (princs_ret == NULL && upn_ret == NULL && dns_ret == NULL) {
+        pkiDebug("%s: nowhere to return any values!\n", __FUNCTION__);
+        return retval;
+    }
+
+    if (cert == NULL) {
+        pkiDebug("%s: no certificate!\n", __FUNCTION__);
+        return retval;
+    }
+
+    X509_NAME_oneline(X509_get_subject_name(cert),
+                      buf, sizeof(buf));
+
+    l = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
+    if (l < 0)
+        return 0;
+
+    if (!(ext = X509_get_ext(cert, l)) || !(ialt = X509V3_EXT_d2i(ext))) {
+        TRACE_PKINIT_SAN_CERT_NONE(context, buf);
+        goto cleanup;
+    }
+    num_sans = sk_GENERAL_NAME_num(ialt);
+
+    /* OK, we're likely returning something. Allocate return values */
+    if (princs_ret != NULL) {
+        princs = calloc(num_sans + 1, sizeof(krb5_principal));
+        if (princs == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+    }
+    if (upn_ret != NULL) {
+        upns = calloc(num_sans + 1, sizeof(*upns));
+        if (upns == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+    }
+    if (dns_ret != NULL) {
+        dnss = calloc(num_sans + 1, sizeof(*dnss));
+        if (dnss == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+    }
+
+    for (i = 0; i < num_sans; i++) {
+        krb5_data name = { 0, 0, NULL };
+
+        gen = sk_GENERAL_NAME_value(ialt, i);
+        switch (gen->type) {
+        case GEN_OTHERNAME:
+            name.length = gen->d.otherName->value->value.sequence->length;
+            name.data = (char *)gen->d.otherName->value->value.sequence->data;
+            if (princs != NULL &&
+                OBJ_cmp(plgctx->id_pkinit_san,
+                        gen->d.otherName->type_id) == 0) {
+#ifdef DEBUG_ASN1
+                print_buffer_bin((unsigned char *)name.data, name.length,
+                                 "/tmp/pkinit_san");
+#endif
+                ret = k5int_decode_krb5_principal_name(&name, &princs[p]);
+                if (ret) {
+                    pkiDebug("%s: failed decoding pkinit san value\n",
+                             __FUNCTION__);
+                } else {
+                    p++;
+                }
+            } else if (upns != NULL &&
+                       OBJ_cmp(plgctx->id_ms_san_upn,
+                               gen->d.otherName->type_id) == 0) {
+                /* Prevent abuse of embedded null characters. */
+                if (memchr(name.data, '\0', name.length))
+                    break;
+                upns[u] = k5memdup0(name.data, name.length, &ret);
+                if (upns[u] == NULL)
+                    goto cleanup;
+                u++;
+            } else {
+                pkiDebug("%s: unrecognized othername oid in SAN\n",
+                         __FUNCTION__);
+                continue;
+            }
+
+            break;
+        case GEN_DNS:
+            if (dnss != NULL) {
+                /* Prevent abuse of embedded null characters. */
+                if (memchr(gen->d.dNSName->data, '\0', gen->d.dNSName->length))
+                    break;
+                pkiDebug("%s: found dns name = %s\n", __FUNCTION__,
+                         gen->d.dNSName->data);
+                dnss[d] = (unsigned char *)
+                    strdup((char *)gen->d.dNSName->data);
+                if (dnss[d] == NULL) {
+                    pkiDebug("%s: failed to duplicate dns name\n",
+                             __FUNCTION__);
+                } else {
+                    d++;
+                }
+            }
+            break;
+        default:
+            pkiDebug("%s: SAN type = %d expecting %d\n", __FUNCTION__,
+                     gen->type, GEN_OTHERNAME);
+        }
+    }
+    sk_GENERAL_NAME_pop_free(ialt, GENERAL_NAME_free);
+
+    TRACE_PKINIT_SAN_CERT_COUNT(context, (int)num_sans, p, u, d, buf);
+
+    retval = 0;
+    if (princs != NULL && *princs != NULL) {
+        *princs_ret = princs;
+        princs = NULL;
+    }
+    if (upns != NULL && *upns != NULL) {
+        *upn_ret = upns;
+        upns = NULL;
+    }
+    if (dnss != NULL && *dnss != NULL) {
+        *dns_ret = dnss;
+        dnss = NULL;
+    }
+
+cleanup:
+    for (i = 0; princs != NULL && princs[i] != NULL; i++)
+        krb5_free_principal(context, princs[i]);
+    free(princs);
+    for (i = 0; upns != NULL && upns[i] != NULL; i++)
+        free(upns[i]);
+    free(upns);
+    for (i = 0; dnss != NULL && dnss[i] != NULL; i++)
+        free(dnss[i]);
+    free(dnss);
+    return retval;
+}
+
+krb5_error_code
+crypto_retrieve_signer_identity(krb5_context context,
+                                pkinit_identity_crypto_context id_cryptoctx,
+                                const char **identity)
+{
+    *identity = id_cryptoctx->identity;
+    if (*identity == NULL)
+        return ENOENT;
+    return 0;
+}
+
+krb5_error_code
+crypto_retrieve_cert_sans(krb5_context context,
+                          pkinit_plg_crypto_context plgctx,
+                          pkinit_req_crypto_context reqctx,
+                          pkinit_identity_crypto_context idctx,
+                          krb5_principal **princs_ret, char ***upn_ret,
+                          unsigned char ***dns_ret)
+{
+    krb5_error_code retval = EINVAL;
+
+    if (reqctx->received_cert == NULL) {
+        pkiDebug("%s: No certificate!\n", __FUNCTION__);
+        return retval;
+    }
+
+    return crypto_retrieve_X509_sans(context, plgctx, reqctx,
+                                     reqctx->received_cert, princs_ret,
+                                     upn_ret, dns_ret);
+}
+
+krb5_error_code
+crypto_check_cert_eku(krb5_context context,
+                      pkinit_plg_crypto_context plgctx,
+                      pkinit_req_crypto_context reqctx,
+                      pkinit_identity_crypto_context idctx,
+                      int checking_kdc_cert,
+                      int allow_secondary_usage,
+                      int *valid_eku)
+{
+    char buf[DN_BUF_LEN];
+    int found_eku = 0;
+    krb5_error_code retval = EINVAL;
+    int i;
+
+    *valid_eku = 0;
+    if (reqctx->received_cert == NULL)
+        goto cleanup;
+
+    X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert),
+                      buf, sizeof(buf));
+
+    if ((i = X509_get_ext_by_NID(reqctx->received_cert,
+                                 NID_ext_key_usage, -1)) >= 0) {
+        EXTENDED_KEY_USAGE *extusage;
+
+        extusage = X509_get_ext_d2i(reqctx->received_cert, NID_ext_key_usage,
+                                    NULL, NULL);
+        if (extusage) {
+            pkiDebug("%s: found eku info in the cert\n", __FUNCTION__);
+            for (i = 0; found_eku == 0 && i < sk_ASN1_OBJECT_num(extusage); i++) {
+                ASN1_OBJECT *tmp_oid;
+
+                tmp_oid = sk_ASN1_OBJECT_value(extusage, i);
+                pkiDebug("%s: checking eku %d of %d, allow_secondary = %d\n",
+                         __FUNCTION__, i+1, sk_ASN1_OBJECT_num(extusage),
+                         allow_secondary_usage);
+                if (checking_kdc_cert) {
+                    if ((OBJ_cmp(tmp_oid, plgctx->id_pkinit_KPKdc) == 0)
+                        || (allow_secondary_usage
+                            && OBJ_cmp(tmp_oid, plgctx->id_kp_serverAuth) == 0))
+                        found_eku = 1;
+                } else {
+                    if ((OBJ_cmp(tmp_oid, plgctx->id_pkinit_KPClientAuth) == 0)
+                        || (allow_secondary_usage
+                            && OBJ_cmp(tmp_oid, plgctx->id_ms_kp_sc_logon) == 0))
+                        found_eku = 1;
+                }
+            }
+        }
+        EXTENDED_KEY_USAGE_free(extusage);
+
+        if (found_eku) {
+            ASN1_BIT_STRING *usage = NULL;
+
+            /* check that digitalSignature KeyUsage is present */
+            X509_check_ca(reqctx->received_cert);
+            if ((usage = X509_get_ext_d2i(reqctx->received_cert,
+                                          NID_key_usage, NULL, NULL))) {
+
+                if (!ku_reject(reqctx->received_cert,
+                               X509v3_KU_DIGITAL_SIGNATURE)) {
+                    TRACE_PKINIT_EKU(context);
+                    *valid_eku = 1;
+                } else
+                    TRACE_PKINIT_EKU_NO_KU(context);
+            }
+            ASN1_BIT_STRING_free(usage);
+        }
+    }
+    retval = 0;
+cleanup:
+    pkiDebug("%s: returning retval %d, valid_eku %d\n",
+             __FUNCTION__, retval, *valid_eku);
+    return retval;
+}
+
+krb5_error_code
+pkinit_octetstring2key(krb5_context context,
+                       krb5_enctype etype,
+                       unsigned char *key,
+                       unsigned int dh_key_len,
+                       krb5_keyblock *key_block)
+{
+    krb5_error_code retval;
+    unsigned char *buf = NULL;
+    unsigned char md[SHA_DIGEST_LENGTH];
+    unsigned char counter;
+    size_t keybytes, keylength, offset;
+    krb5_data random_data;
+    EVP_MD_CTX *sha1_ctx = NULL;
+
+    buf = k5alloc(dh_key_len, &retval);
+    if (buf == NULL)
+        goto cleanup;
+
+    sha1_ctx = EVP_MD_CTX_new();
+    if (sha1_ctx == NULL) {
+        retval = KRB5_CRYPTO_INTERNAL;
+        goto cleanup;
+    }
+
+    counter = 0;
+    offset = 0;
+    do {
+        if (!EVP_DigestInit(sha1_ctx, EVP_sha1()) ||
+            !EVP_DigestUpdate(sha1_ctx, &counter, 1) ||
+            !EVP_DigestUpdate(sha1_ctx, key, dh_key_len) ||
+            !EVP_DigestFinal(sha1_ctx, md, NULL)) {
+            retval = KRB5_CRYPTO_INTERNAL;
+            goto cleanup;
+        }
+
+        if (dh_key_len - offset < sizeof(md))
+            memcpy(buf + offset, md, dh_key_len - offset);
+        else
+            memcpy(buf + offset, md, sizeof(md));
+
+        offset += sizeof(md);
+        counter++;
+    } while (offset < dh_key_len);
+
+    key_block->magic = 0;
+    key_block->enctype = etype;
+
+    retval = krb5_c_keylengths(context, etype, &keybytes, &keylength);
+    if (retval)
+        goto cleanup;
+
+    key_block->length = keylength;
+    key_block->contents = k5alloc(keylength, &retval);
+    if (key_block->contents == NULL)
+        goto cleanup;
+
+    random_data.length = keybytes;
+    random_data.data = (char *)buf;
+
+    retval = krb5_c_random_to_key(context, etype, &random_data, key_block);
+
+cleanup:
+    EVP_MD_CTX_free(sha1_ctx);
+    free(buf);
+    /* If this is an error return, free the allocated keyblock, if any */
+    if (retval) {
+        krb5_free_keyblock_contents(context, key_block);
+    }
+
+    return retval;
+}
+
+
+/* Return the OpenSSL descriptor for the given RFC 5652 OID specified in RFC
+ * 8636.  RFC 8636 defines a SHA384 variant, but we don't use it. */
+static const EVP_MD *
+algid_to_md(const krb5_data *alg_id)
+{
+    if (data_eq(*alg_id, sha1_id))
+        return EVP_sha1();
+    if (data_eq(*alg_id, sha256_id))
+        return EVP_sha256();
+    if (data_eq(*alg_id, sha512_id))
+        return EVP_sha512();
+    return NULL;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+#define sskdf openssl_sskdf
+static krb5_error_code
+openssl_sskdf(krb5_context context, const EVP_MD *md, krb5_data *key,
+              krb5_data *info, size_t len, krb5_data *out)
+{
+    krb5_error_code ret;
+    EVP_KDF *kdf = NULL;
+    EVP_KDF_CTX *kctx = NULL;
+    OSSL_PARAM params[4], *p = params;
+
+    ret = alloc_data(out, len);
+    if (ret)
+        goto cleanup;
+
+    kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
+    if (kdf == NULL) {
+        ret = oerr(context, KRB5_CRYPTO_INTERNAL, _("Failed to fetch SSKDF"));
+        goto cleanup;
+    }
+
+    kctx = EVP_KDF_CTX_new(kdf);
+    if (!kctx) {
+        ret = oerr(context, KRB5_CRYPTO_INTERNAL,
+                   _("Failed to instantiate SSKDF"));
+        goto cleanup;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
+                                            (char *)EVP_MD_get0_name(md), 0);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+                                             key->data, key->length);
+    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+                                             info->data, info->length);
+    *p = OSSL_PARAM_construct_end();
+    if (EVP_KDF_derive(kctx, (uint8_t *)out->data, len, params) <= 0) {
+        ret = oerr(context, KRB5_CRYPTO_INTERNAL,
+                   _("Failed to derive key using SSKDF"));
+        goto cleanup;
+    }
+
+    ret = 0;
+
+cleanup:
+    EVP_KDF_free(kdf);
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
+#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+#define sskdf builtin_sskdf
+static krb5_error_code
+builtin_sskdf(krb5_context context, const EVP_MD *md, krb5_data *key,
+              krb5_data *info, size_t len, krb5_data *out)
+{
+    krb5_error_code ret;
+    uint32_t counter = 1, reps;
+    uint8_t be_counter[4], *outptr;
+    EVP_MD_CTX *ctx = NULL;
+    unsigned int s, hash_len;
+
+    hash_len = EVP_MD_size(md);
+
+    /* 1.  reps = keydatalen (K) / hash length (H) rounded up. */
+    reps = (len + hash_len - 1) / hash_len;
+
+    /* Allocate enough space in the random data buffer to hash directly into
+     * it, even if the last hash will make it bigger than the key length. */
+    ret = alloc_data(out, reps * hash_len);
+    if (ret)
+        goto cleanup;
+    out->length = len;
+
+    /*
+     * 2.  Initialize a 32-bit, big-endian bit string counter as 1.
+     * 3.  For i = 1 to reps by 1, do the following:
+     *     -   Compute Hashi = H(counter || Z || OtherInfo).
+     *     -   Increment counter (modulo 2^32)
+     * 4.  Set key = Hash1 || Hash2 || ... so that length of key is K
+     *     bytes.
+     */
+    outptr = (uint8_t *)out->data;
+    for (counter = 1; counter <= reps; counter++) {
+        store_32_be(counter, be_counter);
+
+        ctx = EVP_MD_CTX_new();
+        if (ctx == NULL) {
+            ret = KRB5_CRYPTO_INTERNAL;
+            goto cleanup;
+        }
+
+        /* -   Compute Hashi = H(counter || Z || OtherInfo). */
+        if (!EVP_DigestInit(ctx, md) ||
+            !EVP_DigestUpdate(ctx, be_counter, 4) ||
+            !EVP_DigestUpdate(ctx, key->data, key->length) ||
+            !EVP_DigestUpdate(ctx, info->data, info->length) ||
+            !EVP_DigestFinal(ctx, outptr, &s)) {
+            ret = oerr(context, KRB5_CRYPTO_INTERNAL,
+                       _("Failed to compute digest"));
+            goto cleanup;
+        }
+
+        assert(s == hash_len);
+        outptr += s;
+
+        EVP_MD_CTX_free(ctx);
+        ctx = NULL;
+    }
+
+cleanup:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+
+/* id-pkinit-kdf family, as specified by RFC 8636. */
+krb5_error_code
+pkinit_alg_agility_kdf(krb5_context context, krb5_data *secret,
+                       krb5_data *alg_oid, krb5_const_principal party_u_info,
+                       krb5_const_principal party_v_info,
+                       krb5_enctype enctype, krb5_data *as_req,
+                       krb5_data *pk_as_rep, krb5_keyblock *key_block)
+{
+    krb5_error_code ret;
+    size_t rand_len = 0, key_len = 0;
+    const EVP_MD *md;
+    krb5_sp80056a_other_info other_info_fields;
+    krb5_pkinit_supp_pub_info supp_pub_info_fields;
+    krb5_data *other_info = NULL, *supp_pub_info = NULL;
+    krb5_data random_data = empty_data();
+    krb5_algorithm_identifier alg_id;
+    char *hash_name = NULL;
+
+    ret = krb5_c_keylengths(context, enctype, &rand_len, &key_len);
+    if (ret)
+        goto cleanup;
+
+    /* Allocate and initialize the key block. */
+    key_block->magic = 0;
+    key_block->enctype = enctype;
+    key_block->length = key_len;
+    key_block->contents = k5calloc(key_block->length, 1, &ret);
+    if (key_block->contents == NULL)
+        goto cleanup;
+
+    /* If this is anonymous pkinit, use the anonymous principle for
+     * party_u_info. */
+    if (party_u_info &&
+        krb5_principal_compare_any_realm(context, party_u_info,
+                                         krb5_anonymous_principal())) {
+        party_u_info = (krb5_principal)krb5_anonymous_principal();
+    }
+
+    md = algid_to_md(alg_oid);
+    if (md == NULL) {
+        krb5_set_error_message(context, KRB5_ERR_BAD_S2K_PARAMS,
+                               "Bad algorithm ID passed to PK-INIT KDF.");
+        return KRB5_ERR_BAD_S2K_PARAMS;
+    }
+
+    /* Encode the ASN.1 octet string for "SuppPubInfo". */
+    supp_pub_info_fields.enctype = enctype;
+    supp_pub_info_fields.as_req = *as_req;
+    supp_pub_info_fields.pk_as_rep = *pk_as_rep;
+    ret = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields,
+                                           &supp_pub_info);
+    if (ret)
+        goto cleanup;
+
+    /* Now encode the ASN.1 octet string for "OtherInfo". */
+    memset(&alg_id, 0, sizeof(alg_id));
+    alg_id.algorithm = *alg_oid;
+    other_info_fields.algorithm_identifier = alg_id;
+    other_info_fields.party_u_info = (krb5_principal)party_u_info;
+    other_info_fields.party_v_info = (krb5_principal)party_v_info;
+    other_info_fields.supp_pub_info = *supp_pub_info;
+    ret = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info);
+    if (ret)
+        goto cleanup;
+
+    ret = sskdf(context, md, secret, other_info, rand_len, &random_data);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_c_random_to_key(context, enctype, &random_data, key_block);
+
+cleanup:
+    if (ret)
+        krb5_free_keyblock_contents(context, key_block);
+    free(hash_name);
+    zapfree(random_data.data, random_data.length);
+    krb5_free_data(context, other_info);
+    krb5_free_data(context, supp_pub_info);
+    return ret;
+}
+
+krb5_error_code
+client_create_dh(krb5_context context,
+                 pkinit_plg_crypto_context plg_cryptoctx,
+                 pkinit_req_crypto_context cryptoctx,
+                 pkinit_identity_crypto_context id_cryptoctx,
+                 int dh_size, krb5_data *spki_out)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    EVP_PKEY *params = NULL, *pkey = NULL;
+
+    *spki_out = empty_data();
+
+    if (cryptoctx->received_params != NULL)
+        params = cryptoctx->received_params;
+    else if (dh_size == 1024)
+        params = plg_cryptoctx->dh_1024;
+    else if (dh_size == 2048)
+        params = plg_cryptoctx->dh_2048;
+    else if (dh_size == 4096)
+        params = plg_cryptoctx->dh_4096;
+    else
+        goto cleanup;
+
+    pkey = generate_dh_pkey(params);
+    if (pkey == NULL)
+        goto cleanup;
+
+    retval = encode_spki(pkey, spki_out);
+    if (retval)
+        goto cleanup;
+
+    EVP_PKEY_free(cryptoctx->client_pkey);
+    cryptoctx->client_pkey = pkey;
+    pkey = NULL;
+
+cleanup:
+    EVP_PKEY_free(pkey);
+    return retval;
+}
+
+krb5_error_code
+client_process_dh(krb5_context context,
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context cryptoctx,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  unsigned char *subjectPublicKey_data,
+                  unsigned int subjectPublicKey_length,
+                  unsigned char **client_key_out,
+                  unsigned int *client_key_len_out)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    EVP_PKEY *server_pkey = NULL;
+    uint8_t *client_key = NULL;
+    unsigned int client_key_len;
+
+    *client_key_out = NULL;
+    *client_key_len_out = 0;
+
+    server_pkey = compose_dh_pkey(cryptoctx->client_pkey,
+                                  subjectPublicKey_data,
+                                  subjectPublicKey_length);
+    if (server_pkey == NULL)
+        goto cleanup;
+
+    if (!dh_result(cryptoctx->client_pkey, server_pkey,
+                   &client_key, &client_key_len))
+        goto cleanup;
+
+#ifdef DEBUG_DH
+    print_pubkey(server_pub_key, "server's pub_key=");
+    pkiDebug("client computed key (%d)= ", client_key_len);
+    print_buffer(client_key, client_key_len);
+#endif
+
+    *client_key_out = client_key;
+    *client_key_len_out = client_key_len;
+    client_key = NULL;
+
+    retval = 0;
+
+cleanup:
+    EVP_PKEY_free(server_pkey);
+    free(client_key);
+    return retval;
+}
+
+/* Return 1 if dh is a permitted well-known group, otherwise return 0. */
+static int
+check_dh_wellknown(pkinit_plg_crypto_context cryptoctx, EVP_PKEY *pkey,
+                   int nbits)
+{
+    if (nbits == 1024)
+        return EVP_PKEY_parameters_eq(cryptoctx->dh_1024, pkey) == 1;
+    else if (nbits == 2048)
+        return EVP_PKEY_parameters_eq(cryptoctx->dh_2048, pkey) == 1;
+    else if (nbits == 4096)
+        return EVP_PKEY_parameters_eq(cryptoctx->dh_4096, pkey) == 1;
+    return 0;
+}
+
+krb5_error_code
+server_check_dh(krb5_context context,
+                pkinit_plg_crypto_context cryptoctx,
+                pkinit_req_crypto_context req_cryptoctx,
+                pkinit_identity_crypto_context id_cryptoctx,
+                const krb5_data *client_spki,
+                int minbits)
+{
+    EVP_PKEY *client_pkey = NULL;
+    int dh_prime_bits;
+    krb5_error_code retval = KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
+
+    client_pkey = decode_spki(client_spki);
+    if (client_pkey == NULL) {
+        pkiDebug("failed to decode dhparams\n");
+        goto cleanup;
+    }
+
+    /* KDC SHOULD check to see if the key parameters satisfy its policy */
+    dh_prime_bits = EVP_PKEY_get_bits(client_pkey);
+    if (minbits && dh_prime_bits < minbits) {
+        pkiDebug("client sent dh params with %d bits, we require %d\n",
+                 dh_prime_bits, minbits);
+        goto cleanup;
+    }
+
+    if (check_dh_wellknown(cryptoctx, client_pkey, dh_prime_bits))
+        retval = 0;
+
+cleanup:
+    if (retval == 0)
+        req_cryptoctx->client_pkey = client_pkey;
+    else
+        EVP_PKEY_free(client_pkey);
+
+    return retval;
+}
+
+/* kdc's dh function */
+krb5_error_code
+server_process_dh(krb5_context context,
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context cryptoctx,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  unsigned char **dh_pubkey_out,
+                  unsigned int *dh_pubkey_len_out,
+                  unsigned char **server_key_out,
+                  unsigned int *server_key_len_out)
+{
+    krb5_error_code retval = ENOMEM;
+    EVP_PKEY *server_pkey = NULL;
+    unsigned char *dh_pubkey = NULL, *server_key = NULL;
+    unsigned int dh_pubkey_len = 0, server_key_len = 0;
+
+    *dh_pubkey_out = *server_key_out = NULL;
+    *dh_pubkey_len_out = *server_key_len_out = 0;
+
+    /* Generate a server DH key with the same parameters as the client key. */
+    server_pkey = generate_dh_pkey(cryptoctx->client_pkey);
+    if (server_pkey == NULL)
+        goto cleanup;
+
+    if (!dh_result(server_pkey, cryptoctx->client_pkey, &server_key,
+                   &server_key_len))
+        goto cleanup;
+
+    if (!dh_pubkey_der(server_pkey, &dh_pubkey, &dh_pubkey_len))
+        goto cleanup;
+
+    *dh_pubkey_out = dh_pubkey;
+    *dh_pubkey_len_out = dh_pubkey_len;
+    *server_key_out = server_key;
+    *server_key_len_out = server_key_len;
+    dh_pubkey = server_key = NULL;
+
+    retval = 0;
+
+cleanup:
+    EVP_PKEY_free(server_pkey);
+    free(dh_pubkey);
+    free(server_key);
+
+    return retval;
+}
+
+int
+pkinit_openssl_init()
+{
+    /* Initialize OpenSSL. */
+    ERR_load_crypto_strings();
+    OpenSSL_add_all_algorithms();
+    return 0;
+}
+
+static krb5_error_code
+pkinit_create_sequence_of_principal_identifiers(
+    krb5_context context,
+    pkinit_plg_crypto_context plg_cryptoctx,
+    pkinit_req_crypto_context req_cryptoctx,
+    pkinit_identity_crypto_context id_cryptoctx,
+    int type,
+    krb5_pa_data ***e_data_out)
+{
+    krb5_error_code retval = KRB5KRB_ERR_GENERIC;
+    krb5_external_principal_identifier **krb5_trusted_certifiers = NULL;
+    krb5_data *td_certifiers = NULL;
+    krb5_pa_data **pa_data = NULL;
+
+    switch(type) {
+    case TD_TRUSTED_CERTIFIERS:
+        retval = create_krb5_trustedCertifiers(context, plg_cryptoctx,
+                                               req_cryptoctx, id_cryptoctx, &krb5_trusted_certifiers);
+        if (retval) {
+            pkiDebug("create_krb5_trustedCertifiers failed\n");
+            goto cleanup;
+        }
+        break;
+    case TD_INVALID_CERTIFICATES:
+        retval = create_krb5_invalidCertificates(context, plg_cryptoctx,
+                                                 req_cryptoctx, id_cryptoctx, &krb5_trusted_certifiers);
+        if (retval) {
+            pkiDebug("create_krb5_invalidCertificates failed\n");
+            goto cleanup;
+        }
+        break;
+    default:
+        retval = -1;
+        goto cleanup;
+    }
+
+    retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_trusted_certifiers, &td_certifiers);
+    if (retval) {
+        pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
+        goto cleanup;
+    }
+#ifdef DEBUG_ASN1
+    print_buffer_bin((unsigned char *)td_certifiers->data,
+                     td_certifiers->length, "/tmp/kdc_td_certifiers");
+#endif
+    pa_data = malloc(2 * sizeof(krb5_pa_data *));
+    if (pa_data == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    pa_data[1] = NULL;
+    pa_data[0] = malloc(sizeof(krb5_pa_data));
+    if (pa_data[0] == NULL) {
+        free(pa_data);
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    pa_data[0]->pa_type = type;
+    pa_data[0]->length = td_certifiers->length;
+    pa_data[0]->contents = (krb5_octet *)td_certifiers->data;
+    *e_data_out = pa_data;
+    retval = 0;
+
+cleanup:
+    if (krb5_trusted_certifiers != NULL)
+        free_krb5_external_principal_identifier(&krb5_trusted_certifiers);
+    free(td_certifiers);
+    return retval;
+}
+
+krb5_error_code
+pkinit_create_td_trusted_certifiers(krb5_context context,
+                                    pkinit_plg_crypto_context plg_cryptoctx,
+                                    pkinit_req_crypto_context req_cryptoctx,
+                                    pkinit_identity_crypto_context id_cryptoctx,
+                                    krb5_pa_data ***e_data_out)
+{
+    krb5_error_code retval = KRB5KRB_ERR_GENERIC;
+
+    retval = pkinit_create_sequence_of_principal_identifiers(context,
+                                                             plg_cryptoctx, req_cryptoctx, id_cryptoctx,
+                                                             TD_TRUSTED_CERTIFIERS, e_data_out);
+
+    return retval;
+}
+
+krb5_error_code
+pkinit_create_td_invalid_certificate(
+    krb5_context context,
+    pkinit_plg_crypto_context plg_cryptoctx,
+    pkinit_req_crypto_context req_cryptoctx,
+    pkinit_identity_crypto_context id_cryptoctx,
+    krb5_pa_data ***e_data_out)
+{
+    krb5_error_code retval = KRB5KRB_ERR_GENERIC;
+
+    retval = pkinit_create_sequence_of_principal_identifiers(context,
+                                                             plg_cryptoctx, req_cryptoctx, id_cryptoctx,
+                                                             TD_INVALID_CERTIFICATES, e_data_out);
+
+    return retval;
+}
+
+krb5_error_code
+pkinit_create_td_dh_parameters(krb5_context context,
+                               pkinit_plg_crypto_context plg_cryptoctx,
+                               pkinit_req_crypto_context req_cryptoctx,
+                               pkinit_identity_crypto_context id_cryptoctx,
+                               pkinit_plg_opts *opts,
+                               krb5_pa_data ***e_data_out)
+{
+    krb5_error_code ret;
+    int i;
+    krb5_pa_data **pa_data = NULL;
+    krb5_data *der_alglist = NULL;
+    krb5_algorithm_identifier alg_1024 = { dh_oid, oakley_1024 };
+    krb5_algorithm_identifier alg_2048 = { dh_oid, oakley_2048 };
+    krb5_algorithm_identifier alg_4096 = { dh_oid, oakley_4096 };
+    krb5_algorithm_identifier *alglist[4];
+
+    if (opts->dh_min_bits > 4096) {
+        ret = KRB5KRB_ERR_GENERIC;
+        goto cleanup;
+    }
+
+    i = 0;
+    if (opts->dh_min_bits <= 2048)
+        alglist[i++] = &alg_2048;
+    alglist[i++] = &alg_4096;
+    if (opts->dh_min_bits <= 1024)
+        alglist[i++] = &alg_1024;
+    alglist[i] = NULL;
+
+    ret = k5int_encode_krb5_td_dh_parameters(alglist, &der_alglist);
+    if (ret)
+        goto cleanup;
+
+    pa_data = k5calloc(2, sizeof(*pa_data), &ret);
+    if (pa_data == NULL)
+        goto cleanup;
+    pa_data[1] = NULL;
+    pa_data[0] = k5alloc(sizeof(*pa_data[0]), &ret);
+    if (pa_data[0] == NULL) {
+        free(pa_data);
+        goto cleanup;
+    }
+    pa_data[0]->pa_type = TD_DH_PARAMETERS;
+    pa_data[0]->length = der_alglist->length;
+    pa_data[0]->contents = (krb5_octet *)der_alglist->data;
+    der_alglist->data = NULL;
+    *e_data_out = pa_data;
+
+cleanup:
+    krb5_free_data(context, der_alglist);
+    return ret;
+}
+
+krb5_error_code
+pkinit_check_kdc_pkid(krb5_context context,
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      unsigned char *pdid_buf,
+                      unsigned int pkid_len,
+                      int *valid_kdcPkId)
+{
+    PKCS7_ISSUER_AND_SERIAL *is = NULL;
+    const unsigned char *p = pdid_buf;
+    int status = 1;
+    X509 *kdc_cert = sk_X509_value(id_cryptoctx->my_certs, id_cryptoctx->cert_index);
+
+    *valid_kdcPkId = 0;
+    pkiDebug("found kdcPkId in AS REQ\n");
+    is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len);
+    if (is == NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer);
+    if (!status) {
+        status = ASN1_INTEGER_cmp(X509_get_serialNumber(kdc_cert), is->serial);
+        if (!status)
+            *valid_kdcPkId = 1;
+    }
+
+    X509_NAME_free(is->issuer);
+    ASN1_INTEGER_free(is->serial);
+    free(is);
+
+    return 0;
+}
+
+krb5_error_code
+pkinit_process_td_dh_params(krb5_context context,
+                            pkinit_plg_crypto_context cryptoctx,
+                            pkinit_req_crypto_context req_cryptoctx,
+                            pkinit_identity_crypto_context id_cryptoctx,
+                            krb5_algorithm_identifier **algId,
+                            int *new_dh_size)
+{
+    krb5_error_code retval = KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
+    EVP_PKEY *params = NULL;
+    int i, dh_prime_bits, old_dh_size;
+
+    pkiDebug("dh parameters\n");
+
+    EVP_PKEY_free(req_cryptoctx->received_params);
+    req_cryptoctx->received_params = NULL;
+
+    old_dh_size = *new_dh_size;
+
+    for (i = 0; algId[i] != NULL; i++) {
+        /* Free any parameters from the previous iteration. */
+        EVP_PKEY_free(params);
+        params = NULL;
+
+        /* Skip any parameters for algorithms other than DH. */
+        if (algId[i]->algorithm.length != dh_oid.length ||
+            memcmp(algId[i]->algorithm.data, dh_oid.data, dh_oid.length))
+            continue;
+
+        params = decode_dh_params(&algId[i]->parameters);
+        if (params == NULL)
+            continue;
+        dh_prime_bits = EVP_PKEY_get_bits(params);
+        /* Skip any parameters shorter than the previous size. */
+        if (dh_prime_bits < old_dh_size)
+            continue;
+        pkiDebug("client sent %d DH bits server prefers %d DH bits\n",
+                 *new_dh_size, dh_prime_bits);
+
+        /* If this is one of our well-known groups, just save the new size; we
+         * will use our own copy of the parameters. */
+        if (check_dh_wellknown(cryptoctx, params, dh_prime_bits)) {
+            *new_dh_size = dh_prime_bits;
+            retval = 0;
+            goto cleanup;
+        }
+
+        /* If the parameters aren't well-known but check out, save them. */
+        if (params_valid(params)) {
+            req_cryptoctx->received_params = params;
+            params = NULL;
+            retval = 0;
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    EVP_PKEY_free(params);
+    return retval;
+}
+
+static int
+openssl_callback(int ok, X509_STORE_CTX * ctx)
+{
+#ifdef DEBUG
+    if (!ok) {
+        X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+        int err = X509_STORE_CTX_get_error(ctx);
+        const char *errmsg = X509_verify_cert_error_string(err);
+        char buf[DN_BUF_LEN];
+
+        X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
+        pkiDebug("cert = %s\n", buf);
+        pkiDebug("callback function: %d (%s)\n", err, errmsg);
+    }
+#endif
+    return ok;
+}
+
+static int
+openssl_callback_ignore_crls(int ok, X509_STORE_CTX * ctx)
+{
+    if (ok)
+        return ok;
+    return X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL;
+}
+
+static ASN1_OBJECT *
+pkinit_pkcs7type2oid(pkinit_plg_crypto_context cryptoctx, int pkcs7_type)
+{
+    switch (pkcs7_type) {
+    case CMS_SIGN_CLIENT:
+        return cryptoctx->id_pkinit_authData;
+    case CMS_SIGN_SERVER:
+        return cryptoctx->id_pkinit_DHKeyData;
+    case CMS_ENVEL_SERVER:
+        return cryptoctx->id_pkinit_rkeyData;
+    default:
+        return NULL;
+    }
+
+}
+
+static int
+wrap_signeddata(unsigned char *data, unsigned int data_len,
+                unsigned char **out, unsigned int *out_len)
+{
+
+    unsigned int orig_len = 0, oid_len = 0, tot_len = 0;
+    ASN1_OBJECT *oid = NULL;
+    unsigned char *p = NULL;
+
+    /* Get length to wrap the original data with SEQUENCE tag */
+    tot_len = orig_len = ASN1_object_size(1, (int)data_len, V_ASN1_SEQUENCE);
+
+    /* Add the signedData OID and adjust lengths */
+    oid = OBJ_nid2obj(NID_pkcs7_signed);
+    oid_len = i2d_ASN1_OBJECT(oid, NULL);
+
+    tot_len = ASN1_object_size(1, (int)(orig_len+oid_len), V_ASN1_SEQUENCE);
+
+    p = *out = malloc(tot_len);
+    if (p == NULL) return -1;
+
+    ASN1_put_object(&p, 1, (int)(orig_len+oid_len),
+                    V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+
+    i2d_ASN1_OBJECT(oid, &p);
+
+    ASN1_put_object(&p, 1, (int)data_len, 0, V_ASN1_CONTEXT_SPECIFIC);
+    memcpy(p, data, data_len);
+
+    *out_len = tot_len;
+
+    return 0;
+}
+
+static int
+prepare_enc_data(const uint8_t *indata, int indata_len, uint8_t **outdata,
+                 int *outdata_len)
+{
+    int tag, class;
+    long tlen, slen;
+    const uint8_t *p = indata, *oldp;
+
+    if (ASN1_get_object(&p, &slen, &tag, &class, indata_len) & 0x80)
+        return EINVAL;
+    if (tag != V_ASN1_SEQUENCE)
+        return EINVAL;
+
+    oldp = p;
+    if (ASN1_get_object(&p, &tlen, &tag, &class, slen) & 0x80)
+        return EINVAL;
+    p += tlen;
+    slen -= (p - oldp);
+
+    if (ASN1_get_object(&p, &tlen, &tag, &class, slen) & 0x80)
+        return EINVAL;
+
+    *outdata = malloc(tlen);
+    if (*outdata == NULL)
+        return ENOMEM;
+    memcpy(*outdata, p, tlen);
+    *outdata_len = tlen;
+    return 0;
+}
+
+#ifndef WITHOUT_PKCS11
+static struct plugin_file_handle *
+load_pkcs11_module(krb5_context context, const char *modname,
+                   CK_FUNCTION_LIST_PTR_PTR p11p)
+{
+    struct plugin_file_handle *handle = NULL;
+    CK_RV (*getflist)(CK_FUNCTION_LIST_PTR_PTR);
+    struct errinfo einfo = EMPTY_ERRINFO;
+    const char *errmsg = NULL;
+    void (*sym)();
+    long err;
+    CK_RV rv;
+
+    TRACE_PKINIT_PKCS11_OPEN(context, modname);
+    err = krb5int_open_plugin(modname, &handle, &einfo);
+    if (err) {
+        errmsg = k5_get_error(&einfo, err);
+        TRACE_PKINIT_PKCS11_OPEN_FAILED(context, errmsg);
+        goto error;
+    }
+
+    err = krb5int_get_plugin_func(handle, "C_GetFunctionList", &sym, &einfo);
+    if (err) {
+        errmsg = k5_get_error(&einfo, err);
+        TRACE_PKINIT_PKCS11_GETSYM_FAILED(context, errmsg);
+        goto error;
+    }
+
+    getflist = (CK_RV (*)())sym;
+    rv = (*getflist)(p11p);
+    if (rv != CKR_OK) {
+        TRACE_PKINIT_PKCS11_GETFLIST_FAILED(context, pkcs11err(rv));
+        goto error;
+    }
+
+    return handle;
+
+error:
+    k5_free_error(&einfo, errmsg);
+    k5_clear_error(&einfo);
+    if (handle != NULL)
+        krb5int_close_plugin(handle);
+    return NULL;
+}
+
+static krb5_error_code
+pkinit_login(krb5_context context,
+             pkinit_identity_crypto_context id_cryptoctx,
+             CK_TOKEN_INFO *tip, const char *password)
+{
+    krb5_data rdat;
+    char *prompt;
+    const char *warning;
+    krb5_prompt kprompt;
+    krb5_prompt_type prompt_type;
+    int r = 0;
+
+    if (tip->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
+        rdat.data = NULL;
+        rdat.length = 0;
+    } else if (password != NULL) {
+        rdat.data = strdup(password);
+        rdat.length = strlen(password);
+    } else if (id_cryptoctx->prompter == NULL) {
+        r = KRB5_LIBOS_CANTREADPWD;
+        rdat.data = NULL;
+    } else {
+        if (tip->flags & CKF_USER_PIN_LOCKED)
+            warning = " (Warning: PIN locked)";
+        else if (tip->flags & CKF_USER_PIN_FINAL_TRY)
+            warning = " (Warning: PIN final try)";
+        else if (tip->flags & CKF_USER_PIN_COUNT_LOW)
+            warning = " (Warning: PIN count low)";
+        else
+            warning = "";
+        if (asprintf(&prompt, "%.*s PIN%s", (int) sizeof (tip->label),
+                     tip->label, warning) < 0)
+            return ENOMEM;
+        rdat.data = malloc(tip->ulMaxPinLen + 2);
+        rdat.length = tip->ulMaxPinLen + 1;
+
+        kprompt.prompt = prompt;
+        kprompt.hidden = 1;
+        kprompt.reply = &rdat;
+        prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+
+        /* PROMPTER_INVOCATION */
+        k5int_set_prompt_types(context, &prompt_type);
+        r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
+                                      NULL, NULL, 1, &kprompt);
+        k5int_set_prompt_types(context, 0);
+        free(prompt);
+    }
+
+    if (r == 0) {
+        r = id_cryptoctx->p11->C_Login(id_cryptoctx->session, CKU_USER,
+                                       (u_char *) rdat.data, rdat.length);
+
+        if (r != CKR_OK) {
+            TRACE_PKINIT_PKCS11_LOGIN_FAILED(context, pkcs11err(r));
+            r = KRB5KDC_ERR_PREAUTH_FAILED;
+        }
+    }
+    free(rdat.data);
+
+    return r;
+}
+
+static krb5_error_code
+pkinit_open_session(krb5_context context,
+                    pkinit_identity_crypto_context cctx)
+{
+    CK_ULONG i, pret;
+    unsigned char *cp;
+    size_t label_len;
+    CK_ULONG count = 0;
+    CK_SLOT_ID_PTR slotlist = NULL;
+    CK_TOKEN_INFO tinfo;
+    char *p11name = NULL;
+    const char *password;
+    krb5_error_code ret;
+
+    if (cctx->p11_module != NULL)
+        return 0; /* session already open */
+
+    /* Load module */
+    cctx->p11_module = load_pkcs11_module(context, cctx->p11_module_name,
+                                          &cctx->p11);
+    if (cctx->p11_module == NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    /* Init */
+    pret = cctx->p11->C_Initialize(NULL);
+    if (pret != CKR_OK) {
+        pkiDebug("C_Initialize: %s\n", pkcs11err(pret));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    /* Get the list of available slots */
+    if (cctx->p11->C_GetSlotList(TRUE, NULL, &count) != CKR_OK)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    if (count == 0) {
+        TRACE_PKINIT_PKCS11_NO_TOKEN(context);
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+    slotlist = calloc(count, sizeof(CK_SLOT_ID));
+    if (slotlist == NULL)
+        return ENOMEM;
+    if (cctx->p11->C_GetSlotList(TRUE, slotlist, &count) != CKR_OK) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    /* Look for the given token label, or if none given take the first one */
+    for (i = 0; i < count; i++) {
+        /* Skip slots that don't match the specified slotid, if given. */
+        if (cctx->slotid != PK_NOSLOT && cctx->slotid != slotlist[i])
+            continue;
+
+        /* Open session */
+        pret = cctx->p11->C_OpenSession(slotlist[i], CKF_SERIAL_SESSION,
+                                        NULL, NULL, &cctx->session);
+        if (pret != CKR_OK) {
+            pkiDebug("C_OpenSession: %s\n", pkcs11err(pret));
+            ret = KRB5KDC_ERR_PREAUTH_FAILED;
+            goto cleanup;
+        }
+
+        /* Get token info */
+        pret = cctx->p11->C_GetTokenInfo(slotlist[i], &tinfo);
+        if (pret != CKR_OK) {
+            pkiDebug("C_GetTokenInfo: %s\n", pkcs11err(pret));
+            ret = KRB5KDC_ERR_PREAUTH_FAILED;
+            goto cleanup;
+        }
+
+        /* tinfo.label is zero-filled but not necessarily zero-terminated.
+         * Find the length, ignoring any trailing spaces. */
+        for (cp = tinfo.label + sizeof(tinfo.label); cp > tinfo.label; cp--) {
+            if (cp[-1] != '\0' && cp[-1] != ' ')
+                break;
+        }
+        label_len = cp - tinfo.label;
+
+        TRACE_PKINIT_PKCS11_SLOT(context, (int)slotlist[i], (int)label_len,
+                                 tinfo.label);
+        if (cctx->token_label == NULL ||
+            (strlen(cctx->token_label) == label_len &&
+             memcmp(cctx->token_label, tinfo.label, label_len) == 0))
+            break;
+        cctx->p11->C_CloseSession(cctx->session);
+    }
+    if (i >= count) {
+        TRACE_PKINIT_PKCS11_NO_MATCH_TOKEN(context);
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+    cctx->slotid = slotlist[i];
+    pkiDebug("open_session: slotid %d (%lu of %d)\n", (int)cctx->slotid,
+             i + 1, (int) count);
+
+    /* Login if needed */
+    if (tinfo.flags & CKF_LOGIN_REQUIRED) {
+        if (cctx->p11_module_name != NULL) {
+            if (cctx->slotid != PK_NOSLOT) {
+                if (asprintf(&p11name,
+                             "PKCS11:module_name=%s:slotid=%ld:token=%.*s",
+                             cctx->p11_module_name, (long)cctx->slotid,
+                             (int)label_len, tinfo.label) < 0)
+                    p11name = NULL;
+            } else {
+                if (asprintf(&p11name,
+                             "PKCS11:module_name=%s,token=%.*s",
+                             cctx->p11_module_name,
+                             (int)label_len, tinfo.label) < 0)
+                    p11name = NULL;
+            }
+        }
+        if (cctx->defer_id_prompt) {
+            /* Supply the identity name to be passed to the responder. */
+            pkinit_set_deferred_id(&cctx->deferred_ids,
+                                   p11name, tinfo.flags, NULL);
+            ret = 0;
+            goto cleanup;
+        }
+        /* Look up a responder-supplied password for the token. */
+        password = pkinit_find_deferred_id(cctx->deferred_ids, p11name);
+        ret = pkinit_login(context, cctx, &tinfo, password);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = 0;
+cleanup:
+    free(slotlist);
+    free(p11name);
+    return ret;
+}
+
+/*
+ * Look for a key that's:
+ * 1. private
+ * 2. capable of the specified operation (usually signing or decrypting)
+ * 3. RSA (this may be wrong but it's all we can do for now)
+ * 4. matches the id of the cert we chose
+ *
+ * You must call pkinit_get_certs before calling pkinit_find_private_key
+ * (that's because we need the ID of the private key)
+ *
+ * pkcs11 says the id of the key doesn't have to match that of the cert, but
+ * I can't figure out any other way to decide which key to use.
+ *
+ * We should only find one key that fits all the requirements.
+ * If there are more than one, we just take the first one.
+ */
+
+krb5_error_code
+pkinit_find_private_key(pkinit_identity_crypto_context id_cryptoctx,
+                        CK_ATTRIBUTE_TYPE usage,
+                        CK_OBJECT_HANDLE *objp)
+{
+    CK_OBJECT_CLASS cls;
+    CK_ATTRIBUTE attrs[4];
+    CK_ULONG count;
+    CK_KEY_TYPE keytype;
+    unsigned int nattrs = 0;
+    int r;
+#ifdef PKINIT_USE_KEY_USAGE
+    CK_BBOOL true_false;
+#endif
+
+    cls = CKO_PRIVATE_KEY;
+    attrs[nattrs].type = CKA_CLASS;
+    attrs[nattrs].pValue = &cls;
+    attrs[nattrs].ulValueLen = sizeof cls;
+    nattrs++;
+
+#ifdef PKINIT_USE_KEY_USAGE
+    /*
+     * Some cards get confused if you try to specify a key usage,
+     * so don't, and hope for the best. This will fail if you have
+     * several keys with the same id and different usages but I have
+     * not seen this on real cards.
+     */
+    true_false = TRUE;
+    attrs[nattrs].type = usage;
+    attrs[nattrs].pValue = &true_false;
+    attrs[nattrs].ulValueLen = sizeof true_false;
+    nattrs++;
+#endif
+
+    keytype = CKK_RSA;
+    attrs[nattrs].type = CKA_KEY_TYPE;
+    attrs[nattrs].pValue = &keytype;
+    attrs[nattrs].ulValueLen = sizeof keytype;
+    nattrs++;
+
+    attrs[nattrs].type = CKA_ID;
+    attrs[nattrs].pValue = id_cryptoctx->cert_id;
+    attrs[nattrs].ulValueLen = id_cryptoctx->cert_id_len;
+    nattrs++;
+
+    r = id_cryptoctx->p11->C_FindObjectsInit(id_cryptoctx->session, attrs, nattrs);
+    if (r != CKR_OK) {
+        pkiDebug("krb5_pkinit_sign_data: C_FindObjectsInit: %s\n",
+                 pkcs11err(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    r = id_cryptoctx->p11->C_FindObjects(id_cryptoctx->session, objp, 1, &count);
+    id_cryptoctx->p11->C_FindObjectsFinal(id_cryptoctx->session);
+    pkiDebug("found %d private keys (%s)\n", (int)count, pkcs11err(r));
+    if (r != CKR_OK || count < 1)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    return 0;
+}
+#endif
+
+static krb5_error_code
+pkinit_decode_data_fs(krb5_context context,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      const uint8_t *data, unsigned int data_len,
+                      uint8_t **decoded_data, unsigned int *decoded_data_len)
+{
+    X509 *cert = sk_X509_value(id_cryptoctx->my_certs,
+                               id_cryptoctx->cert_index);
+    EVP_PKEY *pkey = id_cryptoctx->my_key;
+    EVP_PKEY_CTX *ctx = NULL;
+    uint8_t *buf = NULL;
+    size_t buf_len = 0;
+    int ok;
+
+    *decoded_data = NULL;
+    *decoded_data_len = 0;
+
+    if (cert != NULL && !X509_check_private_key(cert, pkey)) {
+        pkiDebug("private key does not match certificate\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    ctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (ctx == NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    ok = EVP_PKEY_decrypt_init(ctx);
+    if (!ok)
+        goto cleanup;
+
+    /* Get the length of the eventual output. */
+    ok = EVP_PKEY_decrypt(ctx, NULL, &buf_len, data, data_len);
+    if (!ok) {
+        pkiDebug("unable to decrypt received data\n");
+        goto cleanup;
+    }
+
+    buf = malloc(buf_len);
+    if (buf == NULL) {
+        ok = 0;
+        goto cleanup;
+    }
+
+    ok = EVP_PKEY_decrypt(ctx, buf, &buf_len, data, data_len);
+    if (!ok) {
+        pkiDebug("unable to decrypt received data\n");
+        goto cleanup;
+    }
+
+    *decoded_data = buf;
+    *decoded_data_len = buf_len;
+    buf = NULL;
+cleanup:
+    zapfree(buf, buf_len);
+    EVP_PKEY_CTX_free(ctx);
+    return ok ? 0 : KRB5KDC_ERR_PREAUTH_FAILED;
+}
+
+#ifndef WITHOUT_PKCS11
+/*
+ * When using the ActivCard Linux pkcs11 library (v2.0.1), the decrypt function
+ * fails.  By inserting an extra function call, which serves nothing but to
+ * change the stack, we were able to work around the issue.  If the ActivCard
+ * library is fixed in the future, this function can be inlined back into the
+ * caller.
+ */
+static CK_RV
+pkinit_C_Decrypt(pkinit_identity_crypto_context id_cryptoctx,
+                 CK_BYTE_PTR pEncryptedData,
+                 CK_ULONG  ulEncryptedDataLen,
+                 CK_BYTE_PTR pData,
+                 CK_ULONG_PTR pulDataLen)
+{
+    CK_RV rv = CKR_OK;
+
+    rv = id_cryptoctx->p11->C_Decrypt(id_cryptoctx->session, pEncryptedData,
+                                      ulEncryptedDataLen, pData, pulDataLen);
+    if (rv == CKR_OK) {
+        pkiDebug("pData %p *pulDataLen %d\n", (void *) pData,
+                 (int) *pulDataLen);
+    }
+    return rv;
+}
+
+static krb5_error_code
+pkinit_decode_data_pkcs11(krb5_context context,
+                          pkinit_identity_crypto_context id_cryptoctx,
+                          const uint8_t *data, unsigned int data_len,
+                          uint8_t **decoded_data,
+                          unsigned int *decoded_data_len)
+{
+    CK_OBJECT_HANDLE obj;
+    CK_ULONG len;
+    CK_MECHANISM mech;
+    uint8_t *cp;
+    int r;
+
+    *decoded_data = NULL;
+    *decoded_data_len = 0;
+
+    if (pkinit_open_session(context, id_cryptoctx)) {
+        pkiDebug("can't open pkcs11 session\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    pkinit_find_private_key(id_cryptoctx, CKA_DECRYPT, &obj);
+
+    mech.mechanism = CKM_RSA_PKCS;
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+
+    if ((r = id_cryptoctx->p11->C_DecryptInit(id_cryptoctx->session, &mech,
+                                              obj)) != CKR_OK) {
+        pkiDebug("C_DecryptInit: 0x%x\n", (int) r);
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+    pkiDebug("data_len = %d\n", data_len);
+    cp = malloc((size_t) data_len);
+    if (cp == NULL)
+        return ENOMEM;
+    len = data_len;
+    pkiDebug("session %p edata %p edata_len %d data %p datalen @%p %d\n",
+             (void *) id_cryptoctx->session, (void *) data, (int) data_len,
+             (void *) cp, (void *) &len, (int) len);
+    r = pkinit_C_Decrypt(id_cryptoctx, (CK_BYTE_PTR) data, (CK_ULONG) data_len,
+                         cp, &len);
+    if (r != CKR_OK) {
+        pkiDebug("C_Decrypt: %s\n", pkcs11err(r));
+        if (r == CKR_BUFFER_TOO_SMALL)
+            pkiDebug("decrypt %d needs %d\n", (int) data_len, (int) len);
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+    pkiDebug("decrypt %d -> %d\n", (int) data_len, (int) len);
+    *decoded_data_len = len;
+    *decoded_data = cp;
+
+    return 0;
+}
+#endif
+
+krb5_error_code
+pkinit_decode_data(krb5_context context,
+                   pkinit_identity_crypto_context id_cryptoctx,
+                   const uint8_t *data, unsigned int data_len,
+                   uint8_t **decoded_data, unsigned int *decoded_data_len)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+
+    *decoded_data = NULL;
+    *decoded_data_len = 0;
+
+    if (id_cryptoctx->pkcs11_method != 1)
+        retval = pkinit_decode_data_fs(context, id_cryptoctx, data, data_len,
+                                       decoded_data, decoded_data_len);
+#ifndef WITHOUT_PKCS11
+    else
+        retval = pkinit_decode_data_pkcs11(context, id_cryptoctx, data,
+                                           data_len, decoded_data, decoded_data_len);
+#endif
+
+    return retval;
+}
+
+static krb5_error_code
+pkinit_sign_data_fs(krb5_context context,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    unsigned char *data,
+                    unsigned int data_len,
+                    unsigned char **sig,
+                    unsigned int *sig_len)
+{
+    if (create_signature(sig, sig_len, data, data_len,
+                         id_cryptoctx->my_key) != 0) {
+        pkiDebug("failed to create the signature\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+    return 0;
+}
+
+#ifndef WITHOUT_PKCS11
+static krb5_error_code
+pkinit_sign_data_pkcs11(krb5_context context,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        unsigned char *data,
+                        unsigned int data_len,
+                        unsigned char **sig,
+                        unsigned int *sig_len)
+{
+    CK_OBJECT_HANDLE obj;
+    CK_ULONG len;
+    CK_MECHANISM mech;
+    unsigned char *cp;
+    int r;
+
+    if (pkinit_open_session(context, id_cryptoctx)) {
+        pkiDebug("can't open pkcs11 session\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    pkinit_find_private_key(id_cryptoctx, CKA_SIGN, &obj);
+
+    mech.mechanism = id_cryptoctx->mech;
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+
+    if ((r = id_cryptoctx->p11->C_SignInit(id_cryptoctx->session, &mech,
+                                           obj)) != CKR_OK) {
+        pkiDebug("C_SignInit: %s\n", pkcs11err(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    /*
+     * Key len would give an upper bound on sig size, but there's no way to
+     * get that. So guess, and if it's too small, re-malloc.
+     */
+    len = PK_SIGLEN_GUESS;
+    cp = malloc((size_t) len);
+    if (cp == NULL)
+        return ENOMEM;
+
+    r = id_cryptoctx->p11->C_Sign(id_cryptoctx->session, data,
+                                  (CK_ULONG) data_len, cp, &len);
+    if (r == CKR_BUFFER_TOO_SMALL || (r == CKR_OK && len >= PK_SIGLEN_GUESS)) {
+        free(cp);
+        pkiDebug("C_Sign realloc %d\n", (int) len);
+        cp = malloc((size_t) len);
+        r = id_cryptoctx->p11->C_Sign(id_cryptoctx->session, data,
+                                      (CK_ULONG) data_len, cp, &len);
+    }
+    if (r != CKR_OK) {
+        pkiDebug("C_Sign: %s\n", pkcs11err(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+    pkiDebug("sign %d -> %d\n", (int) data_len, (int) len);
+    *sig_len = len;
+    *sig = cp;
+
+    return 0;
+}
+#endif
+
+krb5_error_code
+pkinit_sign_data(krb5_context context,
+                 pkinit_identity_crypto_context id_cryptoctx,
+                 unsigned char *data,
+                 unsigned int data_len,
+                 unsigned char **sig,
+                 unsigned int *sig_len)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+
+    if (id_cryptoctx == NULL || id_cryptoctx->pkcs11_method != 1)
+        retval = pkinit_sign_data_fs(context, id_cryptoctx, data, data_len,
+                                     sig, sig_len);
+#ifndef WITHOUT_PKCS11
+    else
+        retval = pkinit_sign_data_pkcs11(context, id_cryptoctx, data, data_len,
+                                         sig, sig_len);
+#endif
+
+    return retval;
+}
+
+
+static krb5_error_code
+create_signature(unsigned char **sig, unsigned int *sig_len,
+                 unsigned char *data, unsigned int data_len, EVP_PKEY *pkey)
+{
+    krb5_error_code retval = ENOMEM;
+    EVP_MD_CTX *ctx;
+
+    if (pkey == NULL)
+        return retval;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+    EVP_SignInit(ctx, EVP_sha256());
+    EVP_SignUpdate(ctx, data, data_len);
+    *sig_len = EVP_PKEY_size(pkey);
+    if ((*sig = malloc(*sig_len)) == NULL)
+        goto cleanup;
+    EVP_SignFinal(ctx, *sig, sig_len, pkey);
+
+    retval = 0;
+
+cleanup:
+    EVP_MD_CTX_free(ctx);
+
+    return retval;
+}
+
+/*
+ * Note:
+ * This is not the routine the KDC uses to get its certificate.
+ * This routine is intended to be called by the client
+ * to obtain the KDC's certificate from some local storage
+ * to be sent as a hint in its request to the KDC.
+ */
+krb5_error_code
+pkinit_get_kdc_cert(krb5_context context,
+                    pkinit_plg_crypto_context plg_cryptoctx,
+                    pkinit_req_crypto_context req_cryptoctx,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    krb5_principal princ)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+
+    req_cryptoctx->received_cert = NULL;
+    retval = 0;
+    return retval;
+}
+
+static char *
+reassemble_pkcs12_name(const char *filename)
+{
+    char *ret;
+
+    if (asprintf(&ret, "PKCS12:%s", filename) < 0)
+        return NULL;
+    return ret;
+}
+
+static krb5_error_code
+pkinit_get_certs_pkcs12(krb5_context context,
+                        pkinit_plg_crypto_context plg_cryptoctx,
+                        pkinit_req_crypto_context req_cryptoctx,
+                        pkinit_identity_opts *idopts,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        krb5_principal princ)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    char *prompt_string = NULL;
+    X509 *x = NULL;
+    PKCS12 *p12 = NULL;
+    int ret;
+    FILE *fp;
+    EVP_PKEY *y = NULL;
+
+    if (idopts->cert_filename == NULL) {
+        pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
+        goto cleanup;
+    }
+
+    if (idopts->key_filename == NULL) {
+        pkiDebug("%s: failed to get user's private key location\n", __FUNCTION__);
+        goto cleanup;
+    }
+
+    fp = fopen(idopts->cert_filename, "rb");
+    if (fp == NULL) {
+        TRACE_PKINIT_PKCS_OPEN_FAIL(context, idopts->cert_filename, errno);
+        goto cleanup;
+    }
+    set_cloexec_file(fp);
+
+    p12 = d2i_PKCS12_fp(fp, NULL);
+    fclose(fp);
+    if (p12 == NULL) {
+        TRACE_PKINIT_PKCS_DECODE_FAIL(context, idopts->cert_filename);
+        goto cleanup;
+    }
+    /*
+     * Try parsing with no pass phrase first.  If that fails,
+     * prompt for the pass phrase and try again.
+     */
+    ret = PKCS12_parse(p12, NULL, &y, &x, NULL);
+    if (ret == 0) {
+        krb5_data rdat;
+        krb5_prompt kprompt;
+        krb5_prompt_type prompt_type;
+        krb5_error_code r;
+        char prompt_reply[128];
+        char *prompt_prefix = _("Pass phrase for");
+        char *p12name = reassemble_pkcs12_name(idopts->cert_filename);
+        const char *tmp;
+
+        TRACE_PKINIT_PKCS_PARSE_FAIL_FIRST(context);
+
+        if (id_cryptoctx->defer_id_prompt) {
+            /* Supply the identity name to be passed to the responder. */
+            pkinit_set_deferred_id(&id_cryptoctx->deferred_ids, p12name, 0,
+                                   NULL);
+            free(p12name);
+            retval = 0;
+            goto cleanup;
+        }
+        /* Try to read a responder-supplied password. */
+        tmp = pkinit_find_deferred_id(id_cryptoctx->deferred_ids, p12name);
+        free(p12name);
+        if (tmp != NULL) {
+            /* Try using the responder-supplied password. */
+            rdat.data = (char *)tmp;
+            rdat.length = strlen(tmp);
+        } else if (id_cryptoctx->prompter == NULL) {
+            /* We can't use a prompter. */
+            goto cleanup;
+        } else {
+            /* Ask using a prompter. */
+            memset(prompt_reply, '\0', sizeof(prompt_reply));
+            rdat.data = prompt_reply;
+            rdat.length = sizeof(prompt_reply);
+
+            if (asprintf(&prompt_string, "%s %s", prompt_prefix,
+                         idopts->cert_filename) < 0) {
+                prompt_string = NULL;
+                goto cleanup;
+            }
+            kprompt.prompt = prompt_string;
+            kprompt.hidden = 1;
+            kprompt.reply = &rdat;
+            prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+            /* PROMPTER_INVOCATION */
+            k5int_set_prompt_types(context, &prompt_type);
+            r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
+                                          NULL, NULL, 1, &kprompt);
+            k5int_set_prompt_types(context, 0);
+            if (r) {
+                TRACE_PKINIT_PKCS_PROMPT_FAIL(context);
+                goto cleanup;
+            }
+        }
+
+        ret = PKCS12_parse(p12, rdat.data, &y, &x, NULL);
+        if (ret == 0) {
+            TRACE_PKINIT_PKCS_PARSE_FAIL_SECOND(context);
+            goto cleanup;
+        }
+    }
+    id_cryptoctx->creds[0] = malloc(sizeof(struct _pkinit_cred_info));
+    if (id_cryptoctx->creds[0] == NULL)
+        goto cleanup;
+    id_cryptoctx->creds[0]->name =
+        reassemble_pkcs12_name(idopts->cert_filename);
+    id_cryptoctx->creds[0]->cert = x;
+#ifndef WITHOUT_PKCS11
+    id_cryptoctx->creds[0]->cert_id = NULL;
+    id_cryptoctx->creds[0]->cert_id_len = 0;
+#endif
+    id_cryptoctx->creds[0]->key = y;
+    id_cryptoctx->creds[1] = NULL;
+
+    retval = 0;
+
+cleanup:
+    free(prompt_string);
+    if (p12)
+        PKCS12_free(p12);
+    if (retval) {
+        if (x != NULL)
+            X509_free(x);
+        if (y != NULL)
+            EVP_PKEY_free(y);
+    }
+    return retval;
+}
+
+static char *
+reassemble_files_name(const char *certfile, const char *keyfile)
+{
+    char *ret;
+
+    if (keyfile != NULL) {
+        if (asprintf(&ret, "FILE:%s,%s", certfile, keyfile) < 0)
+            return NULL;
+    } else {
+        if (asprintf(&ret, "FILE:%s", certfile) < 0)
+            return NULL;
+    }
+    return ret;
+}
+
+static krb5_error_code
+pkinit_load_fs_cert_and_key(krb5_context context,
+                            pkinit_identity_crypto_context id_cryptoctx,
+                            char *certname,
+                            char *keyname,
+                            int cindex)
+{
+    krb5_error_code retval;
+    X509 *x = NULL;
+    EVP_PKEY *y = NULL;
+    char *fsname = NULL;
+    const char *password;
+
+    fsname = reassemble_files_name(certname, keyname);
+
+    /* Try to read a responder-supplied password. */
+    password = pkinit_find_deferred_id(id_cryptoctx->deferred_ids, fsname);
+
+    /* Load the certificate. */
+    retval = get_cert(certname, &x);
+    if (retval) {
+        retval = oerr(context, retval, _("Cannot read certificate file '%s'"),
+                      certname);
+    }
+    if (retval || x == NULL)
+        goto cleanup;
+    /* Load the key. */
+    retval = get_key(context, id_cryptoctx, keyname, fsname, &y, password);
+    if (retval)
+        retval = oerr(context, retval, _("Cannot read key file '%s'"), fsname);
+    if (retval || y == NULL)
+        goto cleanup;
+
+    id_cryptoctx->creds[cindex] = malloc(sizeof(struct _pkinit_cred_info));
+    if (id_cryptoctx->creds[cindex] == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    id_cryptoctx->creds[cindex]->name = reassemble_files_name(certname,
+                                                              keyname);
+    id_cryptoctx->creds[cindex]->cert = x;
+#ifndef WITHOUT_PKCS11
+    id_cryptoctx->creds[cindex]->cert_id = NULL;
+    id_cryptoctx->creds[cindex]->cert_id_len = 0;
+#endif
+    id_cryptoctx->creds[cindex]->key = y;
+    id_cryptoctx->creds[cindex+1] = NULL;
+
+    retval = 0;
+
+cleanup:
+    free(fsname);
+    if (retval != 0 || y == NULL) {
+        if (x != NULL)
+            X509_free(x);
+        if (y != NULL)
+            EVP_PKEY_free(y);
+    }
+    return retval;
+}
+
+static krb5_error_code
+pkinit_get_certs_fs(krb5_context context,
+                    pkinit_plg_crypto_context plg_cryptoctx,
+                    pkinit_req_crypto_context req_cryptoctx,
+                    pkinit_identity_opts *idopts,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    krb5_principal princ)
+{
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+
+    if (idopts->cert_filename == NULL) {
+        pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
+        goto cleanup;
+    }
+
+    if (idopts->key_filename == NULL) {
+        TRACE_PKINIT_NO_PRIVKEY(context);
+        goto cleanup;
+    }
+
+    retval = pkinit_load_fs_cert_and_key(context, id_cryptoctx,
+                                         idopts->cert_filename,
+                                         idopts->key_filename, 0);
+cleanup:
+    return retval;
+}
+
+static krb5_error_code
+pkinit_get_certs_dir(krb5_context context,
+                     pkinit_plg_crypto_context plg_cryptoctx,
+                     pkinit_req_crypto_context req_cryptoctx,
+                     pkinit_identity_opts *idopts,
+                     pkinit_identity_crypto_context id_cryptoctx,
+                     krb5_principal princ)
+{
+    krb5_error_code retval = ENOMEM;
+    DIR *d = NULL;
+    struct dirent *dentry = NULL;
+    char certname[1024];
+    char keyname[1024];
+    int i = 0, len;
+    char *dirname, *suf;
+
+    if (idopts->cert_filename == NULL) {
+        TRACE_PKINIT_NO_CERT(context);
+        return ENOENT;
+    }
+
+    dirname = idopts->cert_filename;
+    d = opendir(dirname);
+    if (d == NULL)
+        return errno;
+
+    /*
+     * We'll assume that certs are named XXX.crt and the corresponding
+     * key is named XXX.key
+     */
+    while ((i < MAX_CREDS_ALLOWED) &&  (dentry = readdir(d)) != NULL) {
+        /* Ignore subdirectories and anything starting with a dot */
+#ifdef DT_DIR
+        if (dentry->d_type == DT_DIR)
+            continue;
+#endif
+        if (dentry->d_name[0] == '.')
+            continue;
+        len = strlen(dentry->d_name);
+        if (len < 5)
+            continue;
+        suf = dentry->d_name + (len - 4);
+        if (strncmp(suf, ".crt", 4) != 0)
+            continue;
+
+        /* Checked length */
+        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(certname)) {
+            pkiDebug("%s: Path too long -- directory '%s' and file '%s'\n",
+                     __FUNCTION__, dirname, dentry->d_name);
+            continue;
+        }
+        snprintf(certname, sizeof(certname), "%s/%s", dirname, dentry->d_name);
+        snprintf(keyname, sizeof(keyname), "%s/%s", dirname, dentry->d_name);
+        len = strlen(keyname);
+        keyname[len - 3] = 'k';
+        keyname[len - 2] = 'e';
+        keyname[len - 1] = 'y';
+
+        retval = pkinit_load_fs_cert_and_key(context, id_cryptoctx,
+                                             certname, keyname, i);
+        if (retval == 0) {
+            TRACE_PKINIT_LOADED_CERT(context, dentry->d_name);
+            i++;
+        }
+        else
+            continue;
+    }
+
+    if (!id_cryptoctx->defer_id_prompt && i == 0) {
+        TRACE_PKINIT_NO_CERT_AND_KEY(context, idopts->cert_filename);
+        retval = ENOENT;
+        goto cleanup;
+    }
+
+    retval = 0;
+
+cleanup:
+    if (d)
+        closedir(d);
+
+    return retval;
+}
+
+#ifndef WITHOUT_PKCS11
+static char *
+reassemble_pkcs11_name(pkinit_identity_opts *idopts)
+{
+    struct k5buf buf;
+    int n = 0;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add(&buf, "PKCS11:");
+    n = 0;
+    if (idopts->p11_module_name != NULL) {
+        k5_buf_add_fmt(&buf, "%smodule_name=%s", n++ ? ":" : "",
+                       idopts->p11_module_name);
+    }
+    if (idopts->token_label != NULL) {
+        k5_buf_add_fmt(&buf, "%stoken=%s", n++ ? ":" : "",
+                       idopts->token_label);
+    }
+    if (idopts->cert_label != NULL) {
+        k5_buf_add_fmt(&buf, "%scertlabel=%s", n++ ? ":" : "",
+                       idopts->cert_label);
+    }
+    if (idopts->cert_id_string != NULL) {
+        k5_buf_add_fmt(&buf, "%scertid=%s", n++ ? ":" : "",
+                       idopts->cert_id_string);
+    }
+    if (idopts->slotid != PK_NOSLOT) {
+        k5_buf_add_fmt(&buf, "%sslotid=%ld", n++ ? ":" : "",
+                       (long)idopts->slotid);
+    }
+    return k5_buf_cstring(&buf);
+}
+
+static krb5_error_code
+load_one_cert(CK_FUNCTION_LIST_PTR p11, CK_SESSION_HANDLE session,
+              pkinit_identity_opts *idopts, pkinit_cred_info *cred_out)
+{
+    krb5_error_code ret;
+    CK_ATTRIBUTE attrs[2];
+    CK_BYTE_PTR cert = NULL, cert_id = NULL;
+    CK_RV pret;
+    const unsigned char *cp;
+    CK_OBJECT_HANDLE obj;
+    CK_ULONG count;
+    X509 *x = NULL;
+    pkinit_cred_info cred;
+
+    *cred_out = NULL;
+
+    /* Look for X.509 cert. */
+    pret = p11->C_FindObjects(session, &obj, 1, &count);
+    if (pret != CKR_OK || count <= 0)
+        return 0;
+
+    /* Get cert and id len. */
+    attrs[0].type = CKA_VALUE;
+    attrs[0].pValue = NULL;
+    attrs[0].ulValueLen = 0;
+    attrs[1].type = CKA_ID;
+    attrs[1].pValue = NULL;
+    attrs[1].ulValueLen = 0;
+    pret = p11->C_GetAttributeValue(session, obj, attrs, 2);
+    if (pret != CKR_OK && pret != CKR_BUFFER_TOO_SMALL) {
+        pkiDebug("C_GetAttributeValue: %s\n", pkcs11err(pret));
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    /* Allocate buffers and read the cert and id. */
+    cert = k5alloc(attrs[0].ulValueLen + 1, &ret);
+    if (cert == NULL)
+        goto cleanup;
+    cert_id = k5alloc(attrs[1].ulValueLen + 1, &ret);
+    if (cert_id == NULL)
+        goto cleanup;
+    attrs[0].type = CKA_VALUE;
+    attrs[0].pValue = cert;
+    attrs[1].type = CKA_ID;
+    attrs[1].pValue = cert_id;
+    pret = p11->C_GetAttributeValue(session, obj, attrs, 2);
+    if (pret != CKR_OK) {
+        pkiDebug("C_GetAttributeValue: %s\n", pkcs11err(pret));
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    pkiDebug("cert: size %d, id %d, idlen %d\n", (int)attrs[0].ulValueLen,
+             (int)cert_id[0], (int)attrs[1].ulValueLen);
+
+    cp = (unsigned char *)cert;
+    x = d2i_X509(NULL, &cp, (int)attrs[0].ulValueLen);
+    if (x == NULL) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    cred = k5alloc(sizeof(struct _pkinit_cred_info), &ret);
+    if (cred == NULL)
+        goto cleanup;
+
+    cred->name = reassemble_pkcs11_name(idopts);
+    cred->cert = x;
+    cred->key = NULL;
+    cred->cert_id = cert_id;
+    cred->cert_id_len = attrs[1].ulValueLen;
+
+    *cred_out = cred;
+    cert_id = NULL;
+    ret = 0;
+
+cleanup:
+    free(cert);
+    free(cert_id);
+    return ret;
+}
+
+static krb5_error_code
+pkinit_get_certs_pkcs11(krb5_context context,
+                        pkinit_plg_crypto_context plg_cryptoctx,
+                        pkinit_req_crypto_context req_cryptoctx,
+                        pkinit_identity_opts *idopts,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        krb5_principal princ)
+{
+    CK_OBJECT_CLASS cls;
+    CK_ATTRIBUTE attrs[4];
+    CK_CERTIFICATE_TYPE certtype;
+    int i;
+    unsigned int nattrs;
+    krb5_error_code ret;
+    CK_RV pret;
+
+    /* Copy stuff from idopts -> id_cryptoctx */
+    if (idopts->p11_module_name != NULL) {
+        free(id_cryptoctx->p11_module_name);
+        id_cryptoctx->p11_module_name = strdup(idopts->p11_module_name);
+        if (id_cryptoctx->p11_module_name == NULL)
+            return ENOMEM;
+    }
+    if (idopts->token_label != NULL) {
+        id_cryptoctx->token_label = strdup(idopts->token_label);
+        if (id_cryptoctx->token_label == NULL)
+            return ENOMEM;
+    }
+    if (idopts->cert_label != NULL) {
+        id_cryptoctx->cert_label = strdup(idopts->cert_label);
+        if (id_cryptoctx->cert_label == NULL)
+            return ENOMEM;
+    }
+    /* Convert the ascii cert_id string into a binary blob */
+    if (idopts->cert_id_string != NULL) {
+        ret = k5_hex_decode(idopts->cert_id_string, &id_cryptoctx->cert_id,
+                            &id_cryptoctx->cert_id_len);
+        if (ret) {
+            pkiDebug("Failed to convert certid string [%s]\n",
+                     idopts->cert_id_string);
+            return ret;
+        }
+    }
+    id_cryptoctx->slotid = idopts->slotid;
+    id_cryptoctx->pkcs11_method = 1;
+
+    ret = pkinit_open_session(context, id_cryptoctx);
+    if (ret)
+        return ret;
+    if (id_cryptoctx->defer_id_prompt) {
+        /*
+         * We need to reset all of the PKCS#11 state, so that the next time we
+         * poke at it, it'll be in as close to the state it was in after we
+         * loaded it the first time as we can make it.
+         */
+        pkinit_fini_pkcs11(id_cryptoctx);
+        pkinit_init_pkcs11(id_cryptoctx);
+        return 0;
+    }
+
+    /*
+     * We'd like to use CKM_SHA256_RSA_PKCS for signing if it's available, but
+     * historically many cards seem to be confused about whether they are
+     * capable of mechanisms or not. The safe thing seems to be to ignore the
+     * mechanism list, always use CKM_RSA_PKCS and calculate the sha256 digest
+     * ourselves.
+     */
+    id_cryptoctx->mech = CKM_RSA_PKCS;
+
+    cls = CKO_CERTIFICATE;
+    attrs[0].type = CKA_CLASS;
+    attrs[0].pValue = &cls;
+    attrs[0].ulValueLen = sizeof(cls);
+
+    certtype = CKC_X_509;
+    attrs[1].type = CKA_CERTIFICATE_TYPE;
+    attrs[1].pValue = &certtype;
+    attrs[1].ulValueLen = sizeof(certtype);
+
+    nattrs = 2;
+
+    /* If a cert id and/or label were given, use them too */
+    if (id_cryptoctx->cert_id_len > 0) {
+        attrs[nattrs].type = CKA_ID;
+        attrs[nattrs].pValue = id_cryptoctx->cert_id;
+        attrs[nattrs].ulValueLen = id_cryptoctx->cert_id_len;
+        nattrs++;
+    }
+    if (id_cryptoctx->cert_label != NULL) {
+        attrs[nattrs].type = CKA_LABEL;
+        attrs[nattrs].pValue = id_cryptoctx->cert_label;
+        attrs[nattrs].ulValueLen = strlen(id_cryptoctx->cert_label);
+        nattrs++;
+    }
+
+    pret = id_cryptoctx->p11->C_FindObjectsInit(id_cryptoctx->session, attrs,
+                                                nattrs);
+    if (pret != CKR_OK) {
+        pkiDebug("C_FindObjectsInit: %s\n", pkcs11err(pret));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    for (i = 0; i < MAX_CREDS_ALLOWED; i++) {
+        ret = load_one_cert(id_cryptoctx->p11, id_cryptoctx->session, idopts,
+                            &id_cryptoctx->creds[i]);
+        if (ret)
+            return ret;
+        if (id_cryptoctx->creds[i] == NULL)
+            break;
+    }
+    if (i == MAX_CREDS_ALLOWED)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    id_cryptoctx->p11->C_FindObjectsFinal(id_cryptoctx->session);
+
+    /* Check if we found no certs. */
+    if (id_cryptoctx->creds[0] == NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    return 0;
+}
+
+#endif /* !WITHOUT_PKCS11 */
+
+
+static void
+free_cred_info(krb5_context context,
+               pkinit_identity_crypto_context id_cryptoctx,
+               struct _pkinit_cred_info *cred)
+{
+    if (cred != NULL) {
+        if (cred->cert != NULL)
+            X509_free(cred->cert);
+        if (cred->key != NULL)
+            EVP_PKEY_free(cred->key);
+#ifndef WITHOUT_PKCS11
+        free(cred->cert_id);
+#endif
+        free(cred->name);
+        free(cred);
+    }
+}
+
+krb5_error_code
+crypto_free_cert_info(krb5_context context,
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx)
+{
+    int i;
+
+    if (id_cryptoctx == NULL)
+        return EINVAL;
+
+    for (i = 0; i < MAX_CREDS_ALLOWED; i++) {
+        if (id_cryptoctx->creds[i] != NULL) {
+            free_cred_info(context, id_cryptoctx, id_cryptoctx->creds[i]);
+            id_cryptoctx->creds[i] = NULL;
+        }
+    }
+    return 0;
+}
+
+krb5_error_code
+crypto_load_certs(krb5_context context,
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context req_cryptoctx,
+                  pkinit_identity_opts *idopts,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  krb5_principal princ,
+                  krb5_boolean defer_id_prompts)
+{
+    krb5_error_code retval;
+
+    id_cryptoctx->defer_id_prompt = defer_id_prompts;
+
+    switch(idopts->idtype) {
+    case IDTYPE_FILE:
+        retval = pkinit_get_certs_fs(context, plg_cryptoctx,
+                                     req_cryptoctx, idopts,
+                                     id_cryptoctx, princ);
+        break;
+    case IDTYPE_DIR:
+        retval = pkinit_get_certs_dir(context, plg_cryptoctx,
+                                      req_cryptoctx, idopts,
+                                      id_cryptoctx, princ);
+        break;
+#ifndef WITHOUT_PKCS11
+    case IDTYPE_PKCS11:
+        retval = pkinit_get_certs_pkcs11(context, plg_cryptoctx,
+                                         req_cryptoctx, idopts,
+                                         id_cryptoctx, princ);
+        break;
+#endif
+    case IDTYPE_PKCS12:
+        retval = pkinit_get_certs_pkcs12(context, plg_cryptoctx,
+                                         req_cryptoctx, idopts,
+                                         id_cryptoctx, princ);
+        break;
+    default:
+        retval = EINVAL;
+    }
+    if (retval)
+        goto cleanup;
+
+cleanup:
+    return retval;
+}
+
+/*
+ * Get certificate Key Usage and Extended Key Usage
+ */
+static krb5_error_code
+crypto_retrieve_X509_key_usage(krb5_context context,
+                               pkinit_plg_crypto_context plgcctx,
+                               pkinit_req_crypto_context reqcctx,
+                               X509 *x,
+                               unsigned int *ret_ku_bits,
+                               unsigned int *ret_eku_bits)
+{
+    krb5_error_code retval = 0;
+    int i;
+    unsigned int eku_bits = 0, ku_bits = 0;
+    ASN1_BIT_STRING *usage = NULL;
+
+    if (ret_ku_bits == NULL && ret_eku_bits == NULL)
+        return EINVAL;
+
+    if (ret_eku_bits)
+        *ret_eku_bits = 0;
+    else {
+        pkiDebug("%s: EKUs not requested, not checking\n", __FUNCTION__);
+        goto check_kus;
+    }
+
+    /* Start with Extended Key usage */
+    i = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
+    if (i >= 0) {
+        EXTENDED_KEY_USAGE *eku;
+
+        eku = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL);
+        if (eku) {
+            for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+                ASN1_OBJECT *certoid;
+                certoid = sk_ASN1_OBJECT_value(eku, i);
+                if ((OBJ_cmp(certoid, plgcctx->id_pkinit_KPClientAuth)) == 0)
+                    eku_bits |= PKINIT_EKU_PKINIT;
+                else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_ms_smartcard_login))) == 0)
+                    eku_bits |= PKINIT_EKU_MSSCLOGIN;
+                else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_client_auth))) == 0)
+                    eku_bits |= PKINIT_EKU_CLIENTAUTH;
+                else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_email_protect))) == 0)
+                    eku_bits |= PKINIT_EKU_EMAILPROTECTION;
+            }
+            EXTENDED_KEY_USAGE_free(eku);
+        }
+    }
+    pkiDebug("%s: returning eku 0x%08x\n", __FUNCTION__, eku_bits);
+    *ret_eku_bits = eku_bits;
+
+check_kus:
+    /* Now the Key Usage bits */
+    if (ret_ku_bits)
+        *ret_ku_bits = 0;
+    else {
+        pkiDebug("%s: KUs not requested, not checking\n", __FUNCTION__);
+        goto out;
+    }
+
+    /* Make sure usage exists before checking bits */
+    X509_check_ca(x);
+    usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL);
+    if (usage) {
+        if (!ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
+            ku_bits |= PKINIT_KU_DIGITALSIGNATURE;
+        if (!ku_reject(x, X509v3_KU_KEY_ENCIPHERMENT))
+            ku_bits |= PKINIT_KU_KEYENCIPHERMENT;
+        ASN1_BIT_STRING_free(usage);
+    }
+
+    pkiDebug("%s: returning ku 0x%08x\n", __FUNCTION__, ku_bits);
+    *ret_ku_bits = ku_bits;
+    retval = 0;
+out:
+    return retval;
+}
+
+static krb5_error_code
+rfc2253_name(X509_NAME *name, char **str_out)
+{
+    BIO *b = NULL;
+    char *str;
+
+    *str_out = NULL;
+    b = BIO_new(BIO_s_mem());
+    if (b == NULL)
+        return ENOMEM;
+    if (X509_NAME_print_ex(b, name, 0, XN_FLAG_SEP_COMMA_PLUS) < 0)
+        goto error;
+    str = calloc(BIO_number_written(b) + 1, 1);
+    if (str == NULL)
+        goto error;
+    BIO_read(b, str, BIO_number_written(b));
+    BIO_free(b);
+    *str_out = str;
+    return 0;
+
+error:
+    BIO_free(b);
+    return ENOMEM;
+}
+
+/*
+ * Get number of certificates available after crypto_load_certs()
+ */
+static krb5_error_code
+crypto_cert_get_count(pkinit_identity_crypto_context id_cryptoctx,
+                      int *cert_count)
+{
+    int count;
+
+    *cert_count = 0;
+    if (id_cryptoctx == NULL || id_cryptoctx->creds[0] == NULL)
+        return EINVAL;
+
+    for (count = 0;
+         count <= MAX_CREDS_ALLOWED && id_cryptoctx->creds[count] != NULL;
+         count++);
+    *cert_count = count;
+    return 0;
+}
+
+void
+crypto_cert_free_matching_data(krb5_context context,
+                               pkinit_cert_matching_data *md)
+{
+    int i;
+
+    if (md == NULL)
+        return;
+    free(md->subject_dn);
+    free(md->issuer_dn);
+    for (i = 0; md->sans != NULL && md->sans[i] != NULL; i++)
+        krb5_free_principal(context, md->sans[i]);
+    free(md->sans);
+    for (i = 0; md->upns != NULL && md->upns[i] != NULL; i++)
+        free(md->upns[i]);
+    free(md->upns);
+    free(md);
+}
+
+/*
+ * Free certificate matching data.
+ */
+void
+crypto_cert_free_matching_data_list(krb5_context context,
+                                    pkinit_cert_matching_data **list)
+{
+    int i;
+
+    for (i = 0; list != NULL && list[i] != NULL; i++)
+        crypto_cert_free_matching_data(context, list[i]);
+    free(list);
+}
+
+/*
+ * Get certificate matching data for cert.
+ */
+static krb5_error_code
+get_matching_data(krb5_context context,
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context req_cryptoctx, X509 *cert,
+                  pkinit_cert_matching_data **md_out)
+{
+    krb5_error_code ret = ENOMEM;
+    pkinit_cert_matching_data *md = NULL;
+
+    *md_out = NULL;
+
+    md = calloc(1, sizeof(*md));
+    if (md == NULL)
+        goto cleanup;
+
+    ret = rfc2253_name(X509_get_subject_name(cert), &md->subject_dn);
+    if (ret)
+        goto cleanup;
+    ret = rfc2253_name(X509_get_issuer_name(cert), &md->issuer_dn);
+    if (ret)
+        goto cleanup;
+
+    /* Get the SAN data. */
+    ret = crypto_retrieve_X509_sans(context, plg_cryptoctx, req_cryptoctx,
+                                    cert, &md->sans, &md->upns, NULL);
+    if (ret)
+        goto cleanup;
+
+    /* Get the KU and EKU data. */
+    ret = crypto_retrieve_X509_key_usage(context, plg_cryptoctx,
+                                         req_cryptoctx, cert, &md->ku_bits,
+                                         &md->eku_bits);
+    if (ret)
+        goto cleanup;
+
+    *md_out = md;
+    md = NULL;
+
+cleanup:
+    crypto_cert_free_matching_data(context, md);
+    return ret;
+}
+
+krb5_error_code
+crypto_cert_get_matching_data(krb5_context context,
+                              pkinit_plg_crypto_context plg_cryptoctx,
+                              pkinit_req_crypto_context req_cryptoctx,
+                              pkinit_identity_crypto_context id_cryptoctx,
+                              pkinit_cert_matching_data ***md_out)
+{
+    krb5_error_code ret;
+    pkinit_cert_matching_data **md_list = NULL;
+    int count, i;
+
+    ret = crypto_cert_get_count(id_cryptoctx, &count);
+    if (ret)
+        goto cleanup;
+
+    md_list = calloc(count + 1, sizeof(*md_list));
+    if (md_list == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    for (i = 0; i < count; i++) {
+        ret = get_matching_data(context, plg_cryptoctx, req_cryptoctx,
+                                id_cryptoctx->creds[i]->cert, &md_list[i]);
+        if (ret) {
+            pkiDebug("%s: crypto_cert_get_matching_data error %d, %s\n",
+                     __FUNCTION__, ret, error_message(ret));
+            goto cleanup;
+        }
+    }
+
+    *md_out = md_list;
+    md_list = NULL;
+
+cleanup:
+    crypto_cert_free_matching_data_list(context, md_list);
+    return ret;
+}
+
+/*
+ * Set the certificate in idctx->creds[cred_index] as the selected certificate.
+ */
+krb5_error_code
+crypto_cert_select(krb5_context context, pkinit_identity_crypto_context idctx,
+                   size_t cred_index)
+{
+    pkinit_cred_info ci = NULL;
+
+    if (cred_index >= MAX_CREDS_ALLOWED || idctx->creds[cred_index] == NULL)
+        return ENOENT;
+
+    ci = idctx->creds[cred_index];
+    /* copy the selected cert into our id_cryptoctx */
+    if (idctx->my_certs != NULL)
+        sk_X509_pop_free(idctx->my_certs, X509_free);
+    idctx->my_certs = sk_X509_new_null();
+    sk_X509_push(idctx->my_certs, ci->cert);
+    free(idctx->identity);
+    /* hang on to the selected credential name */
+    if (ci->name != NULL)
+        idctx->identity = strdup(ci->name);
+    else
+        idctx->identity = NULL;
+
+    ci->cert = NULL;       /* Don't free it twice */
+    idctx->cert_index = 0;
+    if (idctx->pkcs11_method != 1) {
+        idctx->my_key = ci->key;
+        ci->key = NULL;    /* Don't free it twice */
+    }
+#ifndef WITHOUT_PKCS11
+    else {
+        idctx->cert_id = ci->cert_id;
+        ci->cert_id = NULL; /* Don't free it twice */
+        idctx->cert_id_len = ci->cert_id_len;
+    }
+#endif
+    return 0;
+}
+
+/*
+ * Choose the default certificate as "the chosen one"
+ */
+krb5_error_code
+crypto_cert_select_default(krb5_context context,
+                           pkinit_plg_crypto_context plg_cryptoctx,
+                           pkinit_req_crypto_context req_cryptoctx,
+                           pkinit_identity_crypto_context id_cryptoctx)
+{
+    krb5_error_code retval;
+    int cert_count;
+
+    retval = crypto_cert_get_count(id_cryptoctx, &cert_count);
+    if (retval)
+        goto errout;
+
+    if (cert_count != 1) {
+        TRACE_PKINIT_NO_DEFAULT_CERT(context, cert_count);
+        retval = EINVAL;
+        goto errout;
+    }
+    /* copy the selected cert into our id_cryptoctx */
+    if (id_cryptoctx->my_certs != NULL) {
+        sk_X509_pop_free(id_cryptoctx->my_certs, X509_free);
+    }
+    id_cryptoctx->my_certs = sk_X509_new_null();
+    sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
+    id_cryptoctx->creds[0]->cert = NULL;        /* Don't free it twice */
+    id_cryptoctx->cert_index = 0;
+    /* hang on to the selected credential name */
+    if (id_cryptoctx->creds[0]->name != NULL)
+        id_cryptoctx->identity = strdup(id_cryptoctx->creds[0]->name);
+    else
+        id_cryptoctx->identity = NULL;
+
+    if (id_cryptoctx->pkcs11_method != 1) {
+        id_cryptoctx->my_key = id_cryptoctx->creds[0]->key;
+        id_cryptoctx->creds[0]->key = NULL;     /* Don't free it twice */
+    }
+#ifndef WITHOUT_PKCS11
+    else {
+        id_cryptoctx->cert_id = id_cryptoctx->creds[0]->cert_id;
+        id_cryptoctx->creds[0]->cert_id = NULL; /* Don't free it twice */
+        id_cryptoctx->cert_id_len = id_cryptoctx->creds[0]->cert_id_len;
+    }
+#endif
+    retval = 0;
+errout:
+    return retval;
+}
+
+
+
+static krb5_error_code
+load_cas_and_crls(krb5_context context,
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context req_cryptoctx,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  int catype,
+                  char *filename)
+{
+    STACK_OF(X509_INFO) *sk = NULL;
+    STACK_OF(X509) *ca_certs = NULL;
+    STACK_OF(X509_CRL) *ca_crls = NULL;
+    BIO *in = NULL;
+    krb5_error_code retval = ENOMEM;
+    int i = 0;
+
+    /* If there isn't already a stack in the context,
+     * create a temporary one now */
+    switch(catype) {
+    case CATYPE_ANCHORS:
+        if (id_cryptoctx->trustedCAs != NULL)
+            ca_certs = id_cryptoctx->trustedCAs;
+        else {
+            ca_certs = sk_X509_new_null();
+            if (ca_certs == NULL)
+                return ENOMEM;
+        }
+        break;
+    case CATYPE_INTERMEDIATES:
+        if (id_cryptoctx->intermediateCAs != NULL)
+            ca_certs = id_cryptoctx->intermediateCAs;
+        else {
+            ca_certs = sk_X509_new_null();
+            if (ca_certs == NULL)
+                return ENOMEM;
+        }
+        break;
+    case CATYPE_CRLS:
+        if (id_cryptoctx->revoked != NULL)
+            ca_crls = id_cryptoctx->revoked;
+        else {
+            ca_crls = sk_X509_CRL_new_null();
+            if (ca_crls == NULL)
+                return ENOMEM;
+        }
+        break;
+    default:
+        return ENOTSUP;
+    }
+
+    if (!(in = BIO_new_file(filename, "r"))) {
+        retval = oerr(context, 0, _("Cannot open file '%s'"), filename);
+        goto cleanup;
+    }
+
+    /* This loads from a file, a stack of x509/crl/pkey sets */
+    if ((sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL)) == NULL) {
+        pkiDebug("%s: error reading file '%s'\n", __FUNCTION__, filename);
+        retval = oerr(context, 0, _("Cannot read file '%s'"), filename);
+        goto cleanup;
+    }
+
+    /* scan over the stack created from loading the file contents,
+     * weed out duplicates, and push new ones onto the return stack
+     */
+    for (i = 0; i < sk_X509_INFO_num(sk); i++) {
+        X509_INFO *xi = sk_X509_INFO_value(sk, i);
+        if (xi != NULL && xi->x509 != NULL && catype != CATYPE_CRLS) {
+            int j = 0, size = sk_X509_num(ca_certs), flag = 0;
+
+            if (!size) {
+                sk_X509_push(ca_certs, xi->x509);
+                xi->x509 = NULL;
+                continue;
+            }
+            for (j = 0; j < size; j++) {
+                X509 *x = sk_X509_value(ca_certs, j);
+                flag = X509_cmp(x, xi->x509);
+                if (flag == 0)
+                    break;
+                else
+                    continue;
+            }
+            if (flag != 0) {
+                sk_X509_push(ca_certs, X509_dup(xi->x509));
+            }
+        } else if (xi != NULL && xi->crl != NULL && catype == CATYPE_CRLS) {
+            int j = 0, size = sk_X509_CRL_num(ca_crls), flag = 0;
+            if (!size) {
+                sk_X509_CRL_push(ca_crls, xi->crl);
+                xi->crl = NULL;
+                continue;
+            }
+            for (j = 0; j < size; j++) {
+                X509_CRL *x = sk_X509_CRL_value(ca_crls, j);
+                flag = X509_CRL_cmp(x, xi->crl);
+                if (flag == 0)
+                    break;
+                else
+                    continue;
+            }
+            if (flag != 0) {
+                sk_X509_CRL_push(ca_crls, X509_CRL_dup(xi->crl));
+            }
+        }
+    }
+
+    /* If we added something and there wasn't a stack in the
+     * context before, add the temporary stack to the context.
+     */
+    switch(catype) {
+    case CATYPE_ANCHORS:
+        if (sk_X509_num(ca_certs) == 0) {
+            TRACE_PKINIT_NO_CA_ANCHOR(context, filename);
+            if (id_cryptoctx->trustedCAs == NULL)
+                sk_X509_free(ca_certs);
+        } else {
+            if (id_cryptoctx->trustedCAs == NULL)
+                id_cryptoctx->trustedCAs = ca_certs;
+        }
+        break;
+    case CATYPE_INTERMEDIATES:
+        if (sk_X509_num(ca_certs) == 0) {
+            TRACE_PKINIT_NO_CA_INTERMEDIATE(context, filename);
+            if (id_cryptoctx->intermediateCAs == NULL)
+                sk_X509_free(ca_certs);
+        } else {
+            if (id_cryptoctx->intermediateCAs == NULL)
+                id_cryptoctx->intermediateCAs = ca_certs;
+        }
+        break;
+    case CATYPE_CRLS:
+        if (sk_X509_CRL_num(ca_crls) == 0) {
+            TRACE_PKINIT_NO_CRL(context, filename);
+            if (id_cryptoctx->revoked == NULL)
+                sk_X509_CRL_free(ca_crls);
+        } else {
+            if (id_cryptoctx->revoked == NULL)
+                id_cryptoctx->revoked = ca_crls;
+        }
+        break;
+    default:
+        /* Should have been caught above! */
+        retval = EINVAL;
+        goto cleanup;
+        break;
+    }
+
+    retval = 0;
+
+cleanup:
+    if (in != NULL)
+        BIO_free(in);
+    if (sk != NULL)
+        sk_X509_INFO_pop_free(sk, X509_INFO_free);
+
+    return retval;
+}
+
+static krb5_error_code
+load_cas_and_crls_dir(krb5_context context,
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      int catype,
+                      char *dirname)
+{
+    krb5_error_code retval = EINVAL;
+    DIR *d = NULL;
+    struct dirent *dentry = NULL;
+    char filename[1024];
+
+    if (dirname == NULL)
+        return EINVAL;
+
+    d = opendir(dirname);
+    if (d == NULL)
+        return ENOENT;
+
+    while ((dentry = readdir(d))) {
+        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(filename)) {
+            pkiDebug("%s: Path too long -- directory '%s' and file '%s'\n",
+                     __FUNCTION__, dirname, dentry->d_name);
+            goto cleanup;
+        }
+        /* Ignore subdirectories and anything starting with a dot */
+#ifdef DT_DIR
+        if (dentry->d_type == DT_DIR)
+            continue;
+#endif
+        if (dentry->d_name[0] == '.')
+            continue;
+        snprintf(filename, sizeof(filename), "%s/%s", dirname, dentry->d_name);
+
+        retval = load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,
+                                   id_cryptoctx, catype, filename);
+        if (retval)
+            goto cleanup;
+    }
+
+    retval = 0;
+
+cleanup:
+    if (d != NULL)
+        closedir(d);
+
+    return retval;
+}
+
+krb5_error_code
+crypto_load_cas_and_crls(krb5_context context,
+                         pkinit_plg_crypto_context plg_cryptoctx,
+                         pkinit_req_crypto_context req_cryptoctx,
+                         pkinit_identity_opts *idopts,
+                         pkinit_identity_crypto_context id_cryptoctx,
+                         int idtype,
+                         int catype,
+                         char *id)
+{
+    switch (idtype) {
+    case IDTYPE_FILE:
+        TRACE_PKINIT_LOAD_FROM_FILE(context, id);
+        return load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,
+                                 id_cryptoctx, catype, id);
+        break;
+    case IDTYPE_DIR:
+        TRACE_PKINIT_LOAD_FROM_DIR(context, id);
+        return load_cas_and_crls_dir(context, plg_cryptoctx, req_cryptoctx,
+                                     id_cryptoctx, catype, id);
+        break;
+    default:
+        return ENOTSUP;
+        break;
+    }
+}
+
+static krb5_error_code
+create_identifiers_from_stack(STACK_OF(X509) *sk,
+                              krb5_external_principal_identifier *** ids)
+{
+    int i = 0, sk_size = sk_X509_num(sk);
+    krb5_external_principal_identifier **krb5_cas = NULL;
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    unsigned char *p = NULL;
+    int len = 0;
+    PKCS7_ISSUER_AND_SERIAL *is = NULL;
+    char buf[DN_BUF_LEN];
+
+    *ids = NULL;
+
+    krb5_cas = calloc(sk_size + 1, sizeof(*krb5_cas));
+    if (krb5_cas == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < sk_size; i++) {
+        krb5_cas[i] = malloc(sizeof(krb5_external_principal_identifier));
+
+        x = sk_X509_value(sk, i);
+
+        X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
+        pkiDebug("#%d cert= %s\n", i, buf);
+
+        /* fill-in subjectName */
+        krb5_cas[i]->subjectName.magic = 0;
+        krb5_cas[i]->subjectName.length = 0;
+        krb5_cas[i]->subjectName.data = NULL;
+
+        xn = X509_get_subject_name(x);
+        len = i2d_X509_NAME(xn, NULL);
+        if ((p = malloc((size_t) len)) == NULL)
+            goto oom;
+        krb5_cas[i]->subjectName.data = (char *)p;
+        i2d_X509_NAME(xn, &p);
+        krb5_cas[i]->subjectName.length = len;
+
+        /* fill-in issuerAndSerialNumber */
+        krb5_cas[i]->issuerAndSerialNumber.length = 0;
+        krb5_cas[i]->issuerAndSerialNumber.magic = 0;
+        krb5_cas[i]->issuerAndSerialNumber.data = NULL;
+
+        is = PKCS7_ISSUER_AND_SERIAL_new();
+        if (is == NULL)
+            goto oom;
+        X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
+        ASN1_INTEGER_free(is->serial);
+        is->serial = ASN1_INTEGER_dup(X509_get_serialNumber(x));
+        if (is->serial == NULL)
+            goto oom;
+        len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
+        p = malloc(len);
+        if (p == NULL)
+            goto oom;
+        krb5_cas[i]->issuerAndSerialNumber.data = (char *)p;
+        i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
+        krb5_cas[i]->issuerAndSerialNumber.length = len;
+
+        /* fill-in subjectKeyIdentifier */
+        krb5_cas[i]->subjectKeyIdentifier.length = 0;
+        krb5_cas[i]->subjectKeyIdentifier.magic = 0;
+        krb5_cas[i]->subjectKeyIdentifier.data = NULL;
+
+        if (X509_get_ext_by_NID(x, NID_subject_key_identifier, -1) >= 0) {
+            ASN1_OCTET_STRING *ikeyid;
+
+            ikeyid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL,
+                                      NULL);
+            if (ikeyid != NULL) {
+                len = i2d_ASN1_OCTET_STRING(ikeyid, NULL);
+                p = malloc(len);
+                if (p == NULL)
+                    goto oom;
+                krb5_cas[i]->subjectKeyIdentifier.data = (char *)p;
+                i2d_ASN1_OCTET_STRING(ikeyid, &p);
+                krb5_cas[i]->subjectKeyIdentifier.length = len;
+                ASN1_OCTET_STRING_free(ikeyid);
+            }
+        }
+        PKCS7_ISSUER_AND_SERIAL_free(is);
+        is = NULL;
+    }
+
+    *ids = krb5_cas;
+    return 0;
+
+oom:
+    free_krb5_external_principal_identifier(&krb5_cas);
+    PKCS7_ISSUER_AND_SERIAL_free(is);
+    return ENOMEM;
+}
+
+static krb5_error_code
+create_krb5_invalidCertificates(krb5_context context,
+                                pkinit_plg_crypto_context plg_cryptoctx,
+                                pkinit_req_crypto_context req_cryptoctx,
+                                pkinit_identity_crypto_context id_cryptoctx,
+                                krb5_external_principal_identifier *** ids)
+{
+
+    krb5_error_code retval = ENOMEM;
+    STACK_OF(X509) *sk = NULL;
+
+    *ids = NULL;
+    if (req_cryptoctx->received_cert == NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    sk = sk_X509_new_null();
+    if (sk == NULL)
+        goto cleanup;
+    sk_X509_push(sk, req_cryptoctx->received_cert);
+
+    retval = create_identifiers_from_stack(sk, ids);
+
+    sk_X509_free(sk);
+cleanup:
+
+    return retval;
+}
+
+krb5_error_code
+create_krb5_supportedCMSTypes(krb5_context context,
+                              pkinit_plg_crypto_context plg_cryptoctx,
+                              pkinit_req_crypto_context req_cryptoctx,
+                              pkinit_identity_crypto_context id_cryptoctx,
+                              krb5_algorithm_identifier ***algs_out)
+{
+    krb5_error_code ret;
+    krb5_algorithm_identifier **algs = NULL;
+    size_t i, count;
+
+    *algs_out = NULL;
+
+    /* Count supported OIDs and allocate list (including null terminator). */
+    for (count = 0; supported_cms_algs[count] != NULL; count++);
+    algs = k5calloc(count + 1, sizeof(*algs), &ret);
+    if (algs == NULL)
+        goto cleanup;
+
+    /* Add an algorithm identifier for each OID, with no parameters. */
+    for (i = 0; i < count; i++) {
+        algs[i] = k5alloc(sizeof(*algs[i]), &ret);
+        if (algs[i] == NULL)
+            goto cleanup;
+        ret = krb5int_copy_data_contents(context, supported_cms_algs[i],
+                                         &algs[i]->algorithm);
+        if (ret)
+            goto cleanup;
+        algs[i]->parameters = empty_data();
+    }
+
+    *algs_out = algs;
+    algs = NULL;
+
+cleanup:
+    free_krb5_algorithm_identifiers(&algs);
+    return ret;
+}
+
+krb5_error_code
+create_krb5_trustedCertifiers(krb5_context context,
+                              pkinit_plg_crypto_context plg_cryptoctx,
+                              pkinit_req_crypto_context req_cryptoctx,
+                              pkinit_identity_crypto_context id_cryptoctx,
+                              krb5_external_principal_identifier *** ids)
+{
+
+    krb5_error_code retval = ENOMEM;
+    STACK_OF(X509) *sk = id_cryptoctx->trustedCAs;
+
+    *ids = NULL;
+    if (id_cryptoctx->trustedCAs == NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    retval = create_identifiers_from_stack(sk, ids);
+
+    return retval;
+}
+
+krb5_error_code
+create_issuerAndSerial(krb5_context context,
+                       pkinit_plg_crypto_context plg_cryptoctx,
+                       pkinit_req_crypto_context req_cryptoctx,
+                       pkinit_identity_crypto_context id_cryptoctx,
+                       unsigned char **out,
+                       unsigned int *out_len)
+{
+    unsigned char *p = NULL;
+    PKCS7_ISSUER_AND_SERIAL *is = NULL;
+    int len = 0;
+    krb5_error_code retval = ENOMEM;
+    X509 *cert = req_cryptoctx->received_cert;
+
+    *out = NULL;
+    *out_len = 0;
+    if (req_cryptoctx->received_cert == NULL)
+        return 0;
+
+    is = PKCS7_ISSUER_AND_SERIAL_new();
+    X509_NAME_set(&is->issuer, X509_get_issuer_name(cert));
+    ASN1_INTEGER_free(is->serial);
+    is->serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+    len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
+    if ((p = *out = malloc((size_t) len)) == NULL)
+        goto cleanup;
+    i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
+    *out_len = len;
+    retval = 0;
+
+cleanup:
+    X509_NAME_free(is->issuer);
+    ASN1_INTEGER_free(is->serial);
+    free(is);
+
+    return retval;
+}
+
+krb5_error_code
+pkinit_process_td_trusted_certifiers(
+    krb5_context context,
+    pkinit_plg_crypto_context plg_cryptoctx,
+    pkinit_req_crypto_context req_cryptoctx,
+    pkinit_identity_crypto_context id_cryptoctx,
+    krb5_external_principal_identifier **krb5_trusted_certifiers,
+    int td_type)
+{
+    krb5_error_code retval = ENOMEM;
+    STACK_OF(X509_NAME) *sk_xn = NULL;
+    X509_NAME *xn = NULL;
+    PKCS7_ISSUER_AND_SERIAL *is = NULL;
+    ASN1_OCTET_STRING *id = NULL;
+    const unsigned char *p = NULL;
+    char buf[DN_BUF_LEN];
+    int i = 0;
+
+    if (td_type == TD_TRUSTED_CERTIFIERS)
+        pkiDebug("received trusted certifiers\n");
+    else
+        pkiDebug("received invalid certificate\n");
+
+    sk_xn = sk_X509_NAME_new_null();
+    while(krb5_trusted_certifiers[i] != NULL) {
+        if (krb5_trusted_certifiers[i]->subjectName.data != NULL) {
+            p = (unsigned char *)krb5_trusted_certifiers[i]->subjectName.data;
+            xn = d2i_X509_NAME(NULL, &p,
+                               (int)krb5_trusted_certifiers[i]->subjectName.length);
+            if (xn == NULL)
+                goto cleanup;
+            X509_NAME_oneline(xn, buf, sizeof(buf));
+            if (td_type == TD_TRUSTED_CERTIFIERS)
+                pkiDebug("#%d cert = %s is trusted by kdc\n", i, buf);
+            else
+                pkiDebug("#%d cert = %s is invalid\n", i, buf);
+            sk_X509_NAME_push(sk_xn, xn);
+        }
+
+        if (krb5_trusted_certifiers[i]->issuerAndSerialNumber.data != NULL) {
+            p = (unsigned char *)
+                krb5_trusted_certifiers[i]->issuerAndSerialNumber.data;
+            is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p,
+                                             (int)krb5_trusted_certifiers[i]->issuerAndSerialNumber.length);
+            if (is == NULL)
+                goto cleanup;
+            X509_NAME_oneline(is->issuer, buf, sizeof(buf));
+            if (td_type == TD_TRUSTED_CERTIFIERS)
+                pkiDebug("#%d issuer = %s serial = %ld is trusted bu kdc\n", i,
+                         buf, ASN1_INTEGER_get(is->serial));
+            else
+                pkiDebug("#%d issuer = %s serial = %ld is invalid\n", i, buf,
+                         ASN1_INTEGER_get(is->serial));
+            PKCS7_ISSUER_AND_SERIAL_free(is);
+        }
+
+        if (krb5_trusted_certifiers[i]->subjectKeyIdentifier.data != NULL) {
+            p = (unsigned char *)
+                krb5_trusted_certifiers[i]->subjectKeyIdentifier.data;
+            id = d2i_ASN1_OCTET_STRING(NULL, &p,
+                                       (int)krb5_trusted_certifiers[i]->subjectKeyIdentifier.length);
+            if (id == NULL)
+                goto cleanup;
+            /* XXX */
+            ASN1_OCTET_STRING_free(id);
+        }
+        i++;
+    }
+    /* XXX Since we not doing anything with received trusted certifiers
+     * return an error. this is the place where we can pick a different
+     * client certificate based on the information in td_trusted_certifiers
+     */
+    retval = KRB5KDC_ERR_PREAUTH_FAILED;
+cleanup:
+    if (sk_xn != NULL)
+        sk_X509_NAME_pop_free(sk_xn, X509_NAME_free);
+
+    return retval;
+}
+
+/* Originally based on OpenSSL's PKCS7_dataDecode(), now modified to remove the
+ * use of BIO objects and to fit the PKINIT internal interfaces. */
+static int
+pkcs7_decrypt(krb5_context context,
+              pkinit_identity_crypto_context id_cryptoctx, PKCS7 *p7,
+              unsigned char **data_out, unsigned int *len_out)
+{
+    krb5_error_code ret;
+    int ok = 0, plaintext_len = 0, final_len;
+    unsigned int keylen = 0, eklen = 0, blocksize;
+    unsigned char *ek = NULL, *tkey = NULL, *plaintext = NULL, *use_key;
+    ASN1_OCTET_STRING *data_body = p7->d.enveloped->enc_data->enc_data;
+    const EVP_CIPHER *evp_cipher;
+    EVP_CIPHER_CTX *evp_ctx = NULL;
+    X509_ALGOR *enc_alg = p7->d.enveloped->enc_data->algorithm;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = p7->d.enveloped->recipientinfo;
+    PKCS7_RECIP_INFO *ri = NULL;
+
+    *data_out = NULL;
+    *len_out = 0;
+
+    p7->state = PKCS7_S_HEADER;
+
+    /* RFC 4556 section 3.2.3.2 requires that there be exactly one
+     * recipientInfo. */
+    if (sk_PKCS7_RECIP_INFO_num(rsk) != 1) {
+        pkiDebug("invalid number of EnvelopedData RecipientInfos\n");
+        return 0;
+    }
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
+
+    evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+    if (evp_cipher == NULL)
+        goto cleanup;
+    keylen = EVP_CIPHER_key_length(evp_cipher);
+    blocksize = EVP_CIPHER_block_size(evp_cipher);
+
+    evp_ctx = EVP_CIPHER_CTX_new();
+    if (evp_ctx == NULL)
+        goto cleanup;
+    if (!EVP_DecryptInit(evp_ctx, evp_cipher, NULL, NULL) ||
+        EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0)
+        goto cleanup;
+
+    /* Generate a random symmetric key to avoid exposing timing data if RSA
+     * decryption fails the padding check. */
+    tkey = malloc(keylen);
+    if (tkey == NULL || !EVP_CIPHER_CTX_rand_key(evp_ctx, tkey))
+        goto cleanup;
+
+    /* Decrypt the secret key with the private key. */
+    ret = pkinit_decode_data(context, id_cryptoctx,
+                             ASN1_STRING_get0_data(ri->enc_key),
+                             ASN1_STRING_length(ri->enc_key), &ek, &eklen);
+    use_key = (ret || eklen != keylen) ? tkey : ek;
+
+    /* Allocate a plaintext buffer and decrypt data_body into it. */
+    plaintext = malloc(data_body->length + blocksize);
+    if (plaintext == NULL)
+        goto cleanup;
+    if (!EVP_DecryptInit(evp_ctx, NULL, use_key, NULL))
+        goto cleanup;
+    if (!EVP_DecryptUpdate(evp_ctx, plaintext, &plaintext_len,
+                           data_body->data, data_body->length))
+        goto cleanup;
+    if (!EVP_DecryptFinal(evp_ctx, plaintext + plaintext_len, &final_len))
+        goto cleanup;
+    plaintext_len += final_len;
+
+    *len_out = plaintext_len;
+    *data_out = plaintext;
+    plaintext = NULL;
+    ok = 1;
+
+cleanup:
+    EVP_CIPHER_CTX_free(evp_ctx);
+    zapfree(plaintext, plaintext_len);
+    zapfree(ek, eklen);
+    zapfree(tkey, keylen);
+    return ok;
+}
+
+#ifdef DEBUG_DH
+static void
+print_dh(DH * dh, char *msg)
+{
+    BIO *bio_err = NULL;
+
+    bio_err = BIO_new(BIO_s_file());
+    BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (msg)
+        BIO_puts(bio_err, (const char *)msg);
+    if (dh)
+        DHparams_print(bio_err, dh);
+
+    BIO_puts(bio_err, "private key: ");
+    BN_print(bio_err, dh->priv_key);
+    BIO_puts(bio_err, (const char *)"\n");
+    BIO_free(bio_err);
+
+}
+
+static void
+print_pubkey(BIGNUM * key, char *msg)
+{
+    BIO *bio_err = NULL;
+
+    bio_err = BIO_new(BIO_s_file());
+    BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (msg)
+        BIO_puts(bio_err, (const char *)msg);
+    if (key)
+        BN_print(bio_err, key);
+    BIO_puts(bio_err, "\n");
+
+    BIO_free(bio_err);
+
+}
+#endif
+
+static const char *
+pkcs11err(int err)
+{
+    int i;
+
+    for (i = 0; pkcs11_errstrings[i].text != NULL; i++)
+        if (pkcs11_errstrings[i].code == err)
+            break;
+    if (pkcs11_errstrings[i].text != NULL)
+        return (pkcs11_errstrings[i].text);
+
+    return "unknown PKCS11 error";
+}
+
+/*
+ * Add an item to the pkinit_identity_crypto_context's list of deferred
+ * identities.
+ */
+krb5_error_code
+crypto_set_deferred_id(krb5_context context,
+                       pkinit_identity_crypto_context id_cryptoctx,
+                       const char *identity, const char *password)
+{
+    unsigned long ck_flags;
+
+    ck_flags = pkinit_get_deferred_id_flags(id_cryptoctx->deferred_ids,
+                                            identity);
+    return pkinit_set_deferred_id(&id_cryptoctx->deferred_ids,
+                                  identity, ck_flags, password);
+}
+
+/*
+ * Retrieve a read-only copy of the pkinit_identity_crypto_context's list of
+ * deferred identities, sure to be valid only until the next time someone calls
+ * either pkinit_set_deferred_id() or crypto_set_deferred_id().
+ */
+const pkinit_deferred_id *
+crypto_get_deferred_ids(krb5_context context,
+                        pkinit_identity_crypto_context id_cryptoctx)
+{
+    pkinit_deferred_id *deferred;
+    const pkinit_deferred_id *ret;
+
+    deferred = id_cryptoctx->deferred_ids;
+    ret = (const pkinit_deferred_id *)deferred;
+    return ret;
+}
+
+/* Return the received certificate as DER-encoded data. */
+krb5_error_code
+crypto_encode_der_cert(krb5_context context, pkinit_req_crypto_context reqctx,
+                       uint8_t **der_out, size_t *der_len)
+{
+    int len;
+    unsigned char *der, *p;
+
+    *der_out = NULL;
+    *der_len = 0;
+
+    if (reqctx->received_cert == NULL)
+        return EINVAL;
+    p = NULL;
+    len = i2d_X509(reqctx->received_cert, NULL);
+    if (len <= 0)
+        return EINVAL;
+    p = der = malloc(len);
+    if (der == NULL)
+        return ENOMEM;
+    if (i2d_X509(reqctx->received_cert, &p) <= 0) {
+        free(der);
+        return EINVAL;
+    }
+    *der_out = der;
+    *der_len = len;
+    return 0;
+}
+
+/*
+ * Get the certificate matching data from the request certificate.
+ */
+krb5_error_code
+crypto_req_cert_matching_data(krb5_context context,
+                              pkinit_plg_crypto_context plgctx,
+                              pkinit_req_crypto_context reqctx,
+                              pkinit_cert_matching_data **md_out)
+{
+    *md_out = NULL;
+
+    if (reqctx == NULL || reqctx->received_cert == NULL)
+        return ENOENT;
+
+    return get_matching_data(context, plgctx, reqctx, reqctx->received_cert,
+                             md_out);
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
new file mode 100644
index 00000000..c807f044
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
@@ -0,0 +1,119 @@
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#ifndef _PKINIT_CRYPTO_OPENSSL_H
+#define _PKINIT_CRYPTO_OPENSSL_H
+
+#include "pkinit.h"
+
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pkcs12.h>
+#include <openssl/obj_mac.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/asn1t.h>
+#include <openssl/cms.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#include <openssl/decoder.h>
+#endif
+
+#define DN_BUF_LEN  256
+#define MAX_CREDS_ALLOWED 20
+
+struct _pkinit_cred_info {
+    char *name;
+    X509 *cert;
+    EVP_PKEY *key;
+#ifndef WITHOUT_PKCS11
+    CK_BYTE_PTR cert_id;
+    int cert_id_len;
+#endif
+};
+typedef struct _pkinit_cred_info * pkinit_cred_info;
+
+struct _pkinit_identity_crypto_context {
+    pkinit_cred_info creds[MAX_CREDS_ALLOWED+1];
+    STACK_OF(X509) *my_certs;   /* available user certs */
+    char *identity;             /* identity name for user cert */
+    int cert_index;             /* cert to use out of available certs*/
+    EVP_PKEY *my_key;           /* available user keys if in filesystem */
+    STACK_OF(X509) *trustedCAs; /* available trusted ca certs */
+    STACK_OF(X509) *intermediateCAs;   /* available intermediate ca certs */
+    STACK_OF(X509_CRL) *revoked;    /* available crls */
+    int pkcs11_method;
+    krb5_prompter_fct prompter;
+    void *prompter_data;
+#ifndef WITHOUT_PKCS11
+    char *p11_module_name;
+    CK_SLOT_ID slotid;
+    char *token_label;
+    char *cert_label;
+    /* These are crypto-specific */
+    struct plugin_file_handle *p11_module;
+    CK_SESSION_HANDLE session;
+    CK_FUNCTION_LIST_PTR p11;
+    uint8_t *cert_id;
+    size_t cert_id_len;
+    CK_MECHANISM_TYPE mech;
+#endif
+    krb5_boolean defer_id_prompt;
+    pkinit_deferred_id *deferred_ids;
+};
+
+struct _pkinit_plg_crypto_context {
+    EVP_PKEY *dh_1024;
+    EVP_PKEY *dh_2048;
+    EVP_PKEY *dh_4096;
+    ASN1_OBJECT *id_pkinit_authData;
+    ASN1_OBJECT *id_pkinit_DHKeyData;
+    ASN1_OBJECT *id_pkinit_rkeyData;
+    ASN1_OBJECT *id_pkinit_san;
+    ASN1_OBJECT *id_ms_san_upn;
+    ASN1_OBJECT *id_pkinit_KPClientAuth;
+    ASN1_OBJECT *id_pkinit_KPKdc;
+    ASN1_OBJECT *id_ms_kp_sc_logon;
+    ASN1_OBJECT *id_kp_serverAuth;
+};
+
+struct _pkinit_req_crypto_context {
+    X509 *received_cert;
+    EVP_PKEY *client_pkey;
+    EVP_PKEY *received_params;
+};
+
+#endif	/* _PKINIT_CRYPTO_OPENSSL_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_identity.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_identity.c
new file mode 100644
index 00000000..a5a979f2
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_identity.c
@@ -0,0 +1,791 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include "pkinit.h"
+#include <dirent.h>
+
+static void
+free_list(char **list)
+{
+    int i;
+
+    if (list == NULL)
+        return;
+
+    for (i = 0; list[i] != NULL; i++)
+        free(list[i]);
+    free(list);
+}
+
+static krb5_error_code
+copy_list(char ***dst, char **src)
+{
+    int i;
+    char **newlist;
+
+    if (dst == NULL)
+        return EINVAL;
+    *dst = NULL;
+
+    if (src == NULL)
+        return 0;
+
+    for (i = 0; src[i] != NULL; i++);
+
+    newlist = calloc(1, (i + 1) * sizeof(*newlist));
+    if (newlist == NULL)
+        return ENOMEM;
+
+    for (i = 0; src[i] != NULL; i++) {
+        newlist[i] = strdup(src[i]);
+        if (newlist[i] == NULL)
+            goto cleanup;
+    }
+    newlist[i] = NULL;
+    *dst = newlist;
+    return 0;
+cleanup:
+    free_list(newlist);
+    return ENOMEM;
+}
+
+char *
+idtype2string(int idtype)
+{
+    switch(idtype) {
+    case IDTYPE_FILE: return "FILE"; break;
+    case IDTYPE_DIR: return "DIR"; break;
+    case IDTYPE_PKCS11: return "PKCS11"; break;
+    case IDTYPE_PKCS12: return "PKCS12"; break;
+    case IDTYPE_ENVVAR: return "ENV"; break;
+    default: return "INVALID"; break;
+    }
+}
+
+char *
+catype2string(int catype)
+{
+    switch(catype) {
+    case CATYPE_ANCHORS: return "ANCHORS"; break;
+    case CATYPE_INTERMEDIATES: return "INTERMEDIATES"; break;
+    case CATYPE_CRLS: return "CRLS"; break;
+    default: return "INVALID"; break;
+    }
+}
+
+krb5_error_code
+pkinit_init_identity_opts(pkinit_identity_opts **idopts)
+{
+    pkinit_identity_opts *opts = NULL;
+
+    *idopts = NULL;
+    opts = calloc(1, sizeof(pkinit_identity_opts));
+    if (opts == NULL)
+        return ENOMEM;
+
+    opts->identity = NULL;
+    opts->anchors = NULL;
+    opts->intermediates = NULL;
+    opts->crls = NULL;
+
+    opts->cert_filename = NULL;
+    opts->key_filename = NULL;
+#ifndef WITHOUT_PKCS11
+    opts->p11_module_name = NULL;
+    opts->slotid = PK_NOSLOT;
+    opts->token_label = NULL;
+    opts->cert_id_string = NULL;
+    opts->cert_label = NULL;
+#endif
+
+    *idopts = opts;
+
+    return 0;
+}
+
+krb5_error_code
+pkinit_dup_identity_opts(pkinit_identity_opts *src_opts,
+                         pkinit_identity_opts **dest_opts)
+{
+    pkinit_identity_opts *newopts;
+    krb5_error_code retval;
+
+    *dest_opts = NULL;
+    retval = pkinit_init_identity_opts(&newopts);
+    if (retval)
+        return retval;
+
+    retval = ENOMEM;
+
+    if (src_opts->identity != NULL) {
+        newopts->identity = strdup(src_opts->identity);
+        if (newopts->identity == NULL)
+            goto cleanup;
+    }
+
+    retval = copy_list(&newopts->anchors, src_opts->anchors);
+    if (retval)
+        goto cleanup;
+
+    retval = copy_list(&newopts->intermediates,src_opts->intermediates);
+    if (retval)
+        goto cleanup;
+
+    retval = copy_list(&newopts->crls, src_opts->crls);
+    if (retval)
+        goto cleanup;
+
+    if (src_opts->cert_filename != NULL) {
+        newopts->cert_filename = strdup(src_opts->cert_filename);
+        if (newopts->cert_filename == NULL)
+            goto cleanup;
+    }
+
+    if (src_opts->key_filename != NULL) {
+        newopts->key_filename = strdup(src_opts->key_filename);
+        if (newopts->key_filename == NULL)
+            goto cleanup;
+    }
+
+#ifndef WITHOUT_PKCS11
+    if (src_opts->p11_module_name != NULL) {
+        newopts->p11_module_name = strdup(src_opts->p11_module_name);
+        if (newopts->p11_module_name == NULL)
+            goto cleanup;
+    }
+
+    newopts->slotid = src_opts->slotid;
+
+    if (src_opts->token_label != NULL) {
+        newopts->token_label = strdup(src_opts->token_label);
+        if (newopts->token_label == NULL)
+            goto cleanup;
+    }
+
+    if (src_opts->cert_id_string != NULL) {
+        newopts->cert_id_string = strdup(src_opts->cert_id_string);
+        if (newopts->cert_id_string == NULL)
+            goto cleanup;
+    }
+
+    if (src_opts->cert_label != NULL) {
+        newopts->cert_label = strdup(src_opts->cert_label);
+        if (newopts->cert_label == NULL)
+            goto cleanup;
+    }
+#endif
+
+
+    *dest_opts = newopts;
+    return 0;
+cleanup:
+    pkinit_fini_identity_opts(newopts);
+    return retval;
+}
+
+void
+pkinit_fini_identity_opts(pkinit_identity_opts *idopts)
+{
+    if (idopts == NULL)
+        return;
+
+    if (idopts->identity != NULL)
+        free(idopts->identity);
+    free_list(idopts->anchors);
+    free_list(idopts->intermediates);
+    free_list(idopts->crls);
+    free_list(idopts->identity_alt);
+
+    free(idopts->cert_filename);
+    free(idopts->key_filename);
+#ifndef WITHOUT_PKCS11
+    free(idopts->p11_module_name);
+    free(idopts->token_label);
+    free(idopts->cert_id_string);
+    free(idopts->cert_label);
+#endif
+    free(idopts);
+}
+
+#ifndef WITHOUT_PKCS11
+static krb5_error_code
+parse_pkcs11_options(krb5_context context,
+                     pkinit_identity_opts *idopts,
+                     const char *residual)
+{
+    char *s, *cp, *vp, *save;
+    krb5_error_code retval = ENOMEM;
+
+    if (residual == NULL || residual[0] == '\0')
+        return 0;
+
+    /* Split string into attr=value substrings */
+    s = strdup(residual);
+    if (s == NULL)
+        return retval;
+
+    for (cp = strtok_r(s, ":", &save); cp; cp = strtok_r(NULL, ":", &save)) {
+        vp = strchr(cp, '=');
+
+        /* If there is no "=", this is a pkcs11 module name */
+        if (vp == NULL) {
+            free(idopts->p11_module_name);
+            idopts->p11_module_name = strdup(cp);
+            if (idopts->p11_module_name == NULL)
+                goto cleanup;
+            continue;
+        }
+        *vp++ = '\0';
+        if (!strcmp(cp, "module_name")) {
+            free(idopts->p11_module_name);
+            idopts->p11_module_name = strdup(vp);
+            if (idopts->p11_module_name == NULL)
+                goto cleanup;
+        } else if (!strcmp(cp, "slotid")) {
+            long slotid = strtol(vp, NULL, 10);
+            if ((slotid == LONG_MIN || slotid == LONG_MAX) && errno != 0) {
+                retval = EINVAL;
+                goto cleanup;
+            }
+            if ((long) (int) slotid != slotid) {
+                retval = EINVAL;
+                goto cleanup;
+            }
+            idopts->slotid = slotid;
+        } else if (!strcmp(cp, "token")) {
+            free(idopts->token_label);
+            idopts->token_label = strdup(vp);
+            if (idopts->token_label == NULL)
+                goto cleanup;
+        } else if (!strcmp(cp, "certid")) {
+            free(idopts->cert_id_string);
+            idopts->cert_id_string = strdup(vp);
+            if (idopts->cert_id_string == NULL)
+                goto cleanup;
+        } else if (!strcmp(cp, "certlabel")) {
+            free(idopts->cert_label);
+            idopts->cert_label = strdup(vp);
+            if (idopts->cert_label == NULL)
+                goto cleanup;
+        }
+    }
+    retval = 0;
+cleanup:
+    free(s);
+    return retval;
+}
+#endif
+
+static krb5_error_code
+parse_fs_options(krb5_context context,
+                 pkinit_identity_opts *idopts,
+                 const char *residual)
+{
+    char *certname, *keyname, *save;
+    char *copy = NULL, *cert_filename = NULL, *key_filename = NULL;
+    krb5_error_code retval = ENOMEM;
+
+    if (residual == NULL || residual[0] == '\0' || residual[0] == ',')
+        return EINVAL;
+
+    copy = strdup(residual);
+    if (copy == NULL)
+        goto cleanup;
+
+    certname = strtok_r(copy, ",", &save);
+    if (certname == NULL)
+        goto cleanup;
+    keyname = strtok_r(NULL, ",", &save);
+
+    cert_filename = strdup(certname);
+    if (cert_filename == NULL)
+        goto cleanup;
+
+    key_filename = strdup((keyname != NULL) ? keyname : certname);
+    if (key_filename == NULL)
+        goto cleanup;
+
+    free(idopts->cert_filename);
+    free(idopts->key_filename);
+    idopts->cert_filename = cert_filename;
+    idopts->key_filename = key_filename;
+    cert_filename = key_filename = NULL;
+    retval = 0;
+
+cleanup:
+    free(copy);
+    free(cert_filename);
+    free(key_filename);
+    return retval;
+}
+
+static krb5_error_code
+parse_pkcs12_options(krb5_context context,
+                     pkinit_identity_opts *idopts,
+                     const char *residual)
+{
+    krb5_error_code retval = ENOMEM;
+
+    if (residual == NULL || residual[0] == '\0')
+        return 0;
+
+    free(idopts->cert_filename);
+    idopts->cert_filename = strdup(residual);
+    if (idopts->cert_filename == NULL)
+        goto cleanup;
+
+    free(idopts->key_filename);
+    idopts->key_filename = strdup(residual);
+    if (idopts->key_filename == NULL)
+        goto cleanup;
+
+    pkiDebug("%s: cert_filename '%s' key_filename '%s'\n",
+             __FUNCTION__, idopts->cert_filename,
+             idopts->key_filename);
+    retval = 0;
+cleanup:
+    return retval;
+}
+
+static krb5_error_code
+process_option_identity(krb5_context context,
+                        pkinit_plg_crypto_context plg_cryptoctx,
+                        pkinit_req_crypto_context req_cryptoctx,
+                        pkinit_identity_opts *idopts,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        krb5_principal princ, const char *value)
+{
+    const char *residual;
+    int idtype;
+    krb5_error_code retval = 0;
+
+    TRACE_PKINIT_IDENTITY_OPTION(context, value);
+    if (value == NULL)
+        return EINVAL;
+
+    residual = strchr(value, ':');
+    if (residual != NULL) {
+        unsigned int typelen;
+        residual++; /* skip past colon */
+        typelen = residual - value;
+        if (strncmp(value, "FILE:", typelen) == 0) {
+            idtype = IDTYPE_FILE;
+#ifndef WITHOUT_PKCS11
+        } else if (strncmp(value, "PKCS11:", typelen) == 0) {
+            idtype = IDTYPE_PKCS11;
+#endif
+        } else if (strncmp(value, "PKCS12:", typelen) == 0) {
+            idtype = IDTYPE_PKCS12;
+        } else if (strncmp(value, "DIR:", typelen) == 0) {
+            idtype = IDTYPE_DIR;
+        } else if (strncmp(value, "ENV:", typelen) == 0) {
+            idtype = IDTYPE_ENVVAR;
+        } else {
+            pkiDebug("%s: Unsupported type while processing '%s'\n",
+                     __FUNCTION__, value);
+            krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                                   _("Unsupported type while processing "
+                                     "'%s'\n"), value);
+            return KRB5_PREAUTH_FAILED;
+        }
+    } else {
+        idtype = IDTYPE_FILE;
+        residual = value;
+    }
+
+    idopts->idtype = idtype;
+    pkiDebug("%s: idtype is %s\n", __FUNCTION__, idtype2string(idopts->idtype));
+    switch (idtype) {
+    case IDTYPE_ENVVAR:
+        return process_option_identity(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx, princ,
+                                       secure_getenv(residual));
+        break;
+    case IDTYPE_FILE:
+        retval = parse_fs_options(context, idopts, residual);
+        break;
+    case IDTYPE_PKCS12:
+        retval = parse_pkcs12_options(context, idopts, residual);
+        break;
+#ifndef WITHOUT_PKCS11
+    case IDTYPE_PKCS11:
+        retval = parse_pkcs11_options(context, idopts, residual);
+        break;
+#endif
+    case IDTYPE_DIR:
+        free(idopts->cert_filename);
+        idopts->cert_filename = strdup(residual);
+        if (idopts->cert_filename == NULL)
+            retval = ENOMEM;
+        break;
+    default:
+        krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                               _("Internal error parsing "
+                                 "X509_user_identity\n"));
+        retval = EINVAL;
+        break;
+    }
+    if (retval)
+        return retval;
+
+    retval = crypto_load_certs(context, plg_cryptoctx, req_cryptoctx, idopts,
+                               id_cryptoctx, princ, TRUE);
+    if (retval)
+        return retval;
+
+    crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx, id_cryptoctx);
+    return 0;
+}
+
+static krb5_error_code
+process_option_ca_crl(krb5_context context,
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_opts *idopts,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      const char *value,
+                      int catype)
+{
+    char *residual;
+    unsigned int typelen;
+    int idtype;
+
+    pkiDebug("%s: processing catype %s, value '%s'\n",
+             __FUNCTION__, catype2string(catype), value);
+    residual = strchr(value, ':');
+    if (residual == NULL) {
+        pkiDebug("No type given for '%s'\n", value);
+        return EINVAL;
+    }
+    residual++; /* skip past colon */
+    typelen = residual - value;
+    if (strncmp(value, "FILE:", typelen) == 0) {
+        idtype = IDTYPE_FILE;
+    } else if (strncmp(value, "DIR:", typelen) == 0) {
+        idtype = IDTYPE_DIR;
+    } else {
+        return ENOTSUP;
+    }
+    return crypto_load_cas_and_crls(context,
+                                    plg_cryptoctx,
+                                    req_cryptoctx,
+                                    idopts, id_cryptoctx,
+                                    idtype, catype, residual);
+}
+
+/*
+ * Load any identity information which doesn't require us to ask a controlling
+ * user any questions, and record the names of anything else which would
+ * require us to ask questions.
+ */
+krb5_error_code
+pkinit_identity_initialize(krb5_context context,
+                           pkinit_plg_crypto_context plg_cryptoctx,
+                           pkinit_req_crypto_context req_cryptoctx,
+                           pkinit_identity_opts *idopts,
+                           pkinit_identity_crypto_context id_cryptoctx,
+                           krb5_clpreauth_callbacks cb,
+                           krb5_clpreauth_rock rock,
+                           krb5_principal princ)
+{
+    krb5_error_code retval = EINVAL;
+    int i;
+
+    pkiDebug("%s: %p %p %p\n", __FUNCTION__, context, idopts, id_cryptoctx);
+    if (!(princ &&
+          krb5_principal_compare_any_realm(context, princ,
+                                           krb5_anonymous_principal()))) {
+        if (idopts == NULL || id_cryptoctx == NULL)
+            goto errout;
+
+        /*
+         * If identity was specified, use that.  (For the kdc, this
+         * is specified as pkinit_identity in the kdc.conf.  For users,
+         * this is specified on the command line via X509_user_identity.)
+         * If a user did not specify identity on the command line,
+         * then we will try alternatives which may have been specified
+         * in the config file.
+         */
+        if (idopts->identity != NULL) {
+            retval = process_option_identity(context, plg_cryptoctx,
+                                             req_cryptoctx, idopts,
+                                             id_cryptoctx, princ,
+                                             idopts->identity);
+        } else if (idopts->identity_alt != NULL) {
+            for (i = 0; retval != 0 && idopts->identity_alt[i] != NULL; i++) {
+                retval = process_option_identity(context, plg_cryptoctx,
+                                                 req_cryptoctx, idopts,
+                                                 id_cryptoctx, princ,
+                                                 idopts->identity_alt[i]);
+            }
+        } else {
+            retval = KRB5_PREAUTH_FAILED;
+            krb5_set_error_message(context, retval,
+                                   _("No user identity options specified"));
+            pkiDebug("%s: no user identity options specified\n", __FUNCTION__);
+            goto errout;
+        }
+    } else {
+        /* We're the anonymous principal. */
+        retval = 0;
+    }
+
+errout:
+    return retval;
+}
+
+/*
+ * Load identity information, including that which requires us to ask a
+ * controlling user any questions.  If we have PIN/password values which
+ * correspond to a given identity, use that, otherwise, if one is available,
+ * we'll use the prompter callback.
+ */
+krb5_error_code
+pkinit_identity_prompt(krb5_context context,
+                       pkinit_plg_crypto_context plg_cryptoctx,
+                       pkinit_req_crypto_context req_cryptoctx,
+                       pkinit_identity_opts *idopts,
+                       pkinit_identity_crypto_context id_cryptoctx,
+                       krb5_clpreauth_callbacks cb,
+                       krb5_clpreauth_rock rock,
+                       int do_matching,
+                       krb5_principal princ)
+{
+    krb5_error_code retval = 0;
+    const char *signer_identity;
+    krb5_boolean valid;
+    int i;
+
+    pkiDebug("%s: %p %p %p\n", __FUNCTION__, context, idopts, id_cryptoctx);
+    if (!(princ &&
+          krb5_principal_compare_any_realm(context, princ,
+                                           krb5_anonymous_principal()))) {
+        retval = crypto_load_certs(context, plg_cryptoctx, req_cryptoctx,
+                                   idopts, id_cryptoctx, princ, FALSE);
+        if (retval)
+            goto errout;
+
+        if (do_matching) {
+            /*
+             * Try to select exactly one certificate based on matching
+             * criteria.  Typical used for clients.
+             */
+            retval = pkinit_cert_matching(context, plg_cryptoctx,
+                                          req_cryptoctx, id_cryptoctx, princ);
+            if (retval) {
+                crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
+                                      id_cryptoctx);
+                goto errout;
+            }
+        } else {
+            /*
+             * Tell crypto code to use the "default" identity.  Typically used
+             * for KDCs.
+             */
+            retval = crypto_cert_select_default(context, plg_cryptoctx,
+                                                req_cryptoctx, id_cryptoctx);
+            if (retval) {
+                crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
+                                      id_cryptoctx);
+                goto errout;
+            }
+        }
+
+        if (rock != NULL && cb != NULL && retval == 0) {
+            /* Save the signer identity if we're the client. */
+            if (crypto_retrieve_signer_identity(context, id_cryptoctx,
+                                                &signer_identity) == 0) {
+                cb->set_cc_config(context, rock, "X509_user_identity",
+                                  signer_identity);
+            }
+        }
+
+        retval = crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
+                                       id_cryptoctx);
+        if (retval)
+            goto errout;
+    } /* Not anonymous principal */
+
+    /* Require at least one successful anchor if any are specified. */
+    valid = FALSE;
+    for (i = 0; idopts->anchors != NULL && idopts->anchors[i] != NULL; i++) {
+        retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx,
+                                       idopts->anchors[i], CATYPE_ANCHORS);
+        if (!retval)
+            valid = TRUE;
+    }
+    if (retval && !valid)
+        goto errout;
+    krb5_clear_error_message(context);
+    retval = 0;
+
+    /* Require at least one successful intermediate if any are specified. */
+    valid = FALSE;
+    for (i = 0; idopts->intermediates != NULL
+             && idopts->intermediates[i] != NULL; i++) {
+        retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx,
+                                       idopts->intermediates[i],
+                                       CATYPE_INTERMEDIATES);
+        if (!retval)
+            valid = TRUE;
+    }
+    if (retval && !valid)
+        goto errout;
+    krb5_clear_error_message(context);
+    retval = 0;
+
+    for (i = 0; idopts->crls != NULL && idopts->crls[i] != NULL; i++) {
+        retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx, idopts->crls[i],
+                                       CATYPE_CRLS);
+        if (retval)
+            goto errout;
+    }
+
+errout:
+    return retval;
+}
+
+/*
+ * Create an entry in the passed-in list for the named identity, optionally
+ * with the specified token flag value and/or supplied password, replacing any
+ * existing entry with the same identity name.
+ */
+krb5_error_code
+pkinit_set_deferred_id(pkinit_deferred_id **identities,
+                       const char *identity, unsigned long ck_flags,
+                       const char *password)
+{
+    int i;
+    pkinit_deferred_id *out = NULL, *ids;
+    char *tmp;
+
+    /* Search for an entry that's already in the list. */
+    ids = *identities;
+    for (i = 0; ids != NULL && ids[i] != NULL; i++) {
+        if (strcmp(ids[i]->identity, identity) == 0) {
+            /* Replace its password value, then we're done. */
+            tmp = password ? strdup(password) : NULL;
+            if (password != NULL && tmp == NULL)
+                return ENOMEM;
+            ids[i]->ck_flags = ck_flags;
+            free(ids[i]->password);
+            ids[i]->password = tmp;
+            return 0;
+        }
+    }
+
+    /* Resize the list. */
+    out = realloc(ids, sizeof(*ids) * (i + 2));
+    if (out == NULL)
+        goto oom;
+    *identities = out;
+
+    /* Allocate the new final entry. */
+    out[i] = malloc(sizeof(*(out[i])));
+    if (out[i] == NULL)
+        goto oom;
+
+    /* Populate the new entry. */
+    out[i]->magic = PKINIT_DEFERRED_ID_MAGIC;
+    out[i]->identity = strdup(identity);
+    if (out[i]->identity == NULL)
+        goto oom;
+
+    out[i]->ck_flags = ck_flags;
+    out[i]->password = password ? strdup(password) : NULL;
+    if (password != NULL && out[i]->password == NULL)
+        goto oom;
+
+    /* Terminate the list. */
+    out[i + 1] = NULL;
+    return 0;
+
+oom:
+    if (out != NULL && out[i] != NULL) {
+        free(out[i]->identity);
+        free(out[i]);
+        out[i] = NULL;
+    }
+    return ENOMEM;
+}
+
+/*
+ * Return a password which we've associated with the named identity, if we've
+ * stored one.  Otherwise return NULL.
+ */
+const char *
+pkinit_find_deferred_id(pkinit_deferred_id *identities,
+                        const char *identity)
+{
+    int i;
+
+    for (i = 0; identities != NULL && identities[i] != NULL; i++) {
+        if (strcmp(identities[i]->identity, identity) == 0)
+            return identities[i]->password;
+    }
+    return NULL;
+}
+
+/*
+ * Return the flags associated with the specified identity, or 0 if we don't
+ * have such an identity.
+ */
+unsigned long
+pkinit_get_deferred_id_flags(pkinit_deferred_id *identities,
+                             const char *identity)
+{
+    int i;
+
+    for (i = 0; identities != NULL && identities[i] != NULL; i++) {
+        if (strcmp(identities[i]->identity, identity) == 0)
+            return identities[i]->ck_flags;
+    }
+    return 0;
+}
+
+/*
+ * Free a deferred_id list.
+ */
+void
+pkinit_free_deferred_ids(pkinit_deferred_id *identities)
+{
+    int i;
+
+    for (i = 0; identities != NULL && identities[i] != NULL; i++) {
+        free(identities[i]->identity);
+        free(identities[i]->password);
+        free(identities[i]);
+    }
+    free(identities);
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_kdf_test.c
new file mode 100644
index 00000000..7f38e849
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_kdf_test.c
@@ -0,0 +1,227 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/pkinit/pkinit_kdf_test.c */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * pkinit_kdf_test.c -- Test to verify the correctness of the function
+ * pkinit_alg_agility_kdf() in pkinit_crypto_openssl, which implements
+ * the Key Derivation Function from the PKInit Algorithm Agility
+ * document, currently draft-ietf-krb-wg-pkinit-alg-agility-04.txt.
+ */
+
+#include "k5-platform.h"
+#include "pkinit.h"
+
+/**
+ * Initialize a krb5_data from @a s, a constant string. Note @a s is evaluated
+ * multiple times; this is acceptable for constants.
+ */
+#define DATA_FROM_STRING(s)                     \
+    {0, sizeof(s)-1, (char *) s}
+
+
+/* values from test vectors in the pkinit-alg-agility draft */
+int secret_len = 256;
+char twenty_as[10];
+char eighteen_bs[9];
+char party_u_name[] = "lha@SU.SE";
+char party_v_name[] = "krbtgt/SU.SE@SU.SE";
+int enctype_aes = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+int enctype_des3 = ENCTYPE_DES3_CBC_SHA1;
+const krb5_data lha_data = DATA_FROM_STRING("lha");
+
+krb5_octet key1_hex[] =
+{0xe6, 0xAB, 0x38, 0xC9, 0x41, 0x3E, 0x03, 0x5B,
+ 0xB0, 0x79, 0x20, 0x1E, 0xD0, 0xB6, 0xB7, 0x3D,
+ 0x8D, 0x49, 0xA8, 0x14, 0xA7, 0x37, 0xC0, 0x4E,
+ 0xE6, 0x64, 0x96, 0x14, 0x20, 0x6F, 0x73, 0xAD};
+
+krb5_octet key2_hex[] =
+{0x77, 0xEF, 0x4E, 0x48, 0xC4, 0x20, 0xAE, 0x3F,
+ 0xEC, 0x75, 0x10, 0x9D, 0x79, 0x81, 0x69, 0x7E,
+ 0xED, 0x5D, 0x29, 0x5C, 0x90, 0xc6, 0x25, 0x64,
+ 0xF7, 0xBF, 0xD1, 0x01, 0xFA, 0x9b, 0xC1, 0xD5};
+
+krb5_octet key3_hex[] =
+{0xD3, 0xC7, 0x8A, 0x79, 0xD6, 0x52, 0x13, 0xEF,
+ 0xE9, 0xA8, 0x26, 0xF7, 0x5D, 0xFB, 0x01, 0xF7,
+ 0x23, 0x62, 0xFB, 0x16, 0xFB, 0x01, 0xDA, 0xD6};
+
+int
+main(int argc, char **argv)
+{
+    /* arguments for calls to pkinit_alg_agility_kdf() */
+    krb5_context context = 0;
+    krb5_data secret;
+    krb5_algorithm_identifier alg_id;
+    krb5_data as_req;
+    krb5_data pk_as_rep;
+    krb5_keyblock key_block;
+
+    /* other local variables */
+    int retval = 0;
+    krb5_enctype enctype = 0;
+    krb5_principal u_principal = NULL;
+    krb5_principal v_principal = NULL;
+
+    /* initialize variables that get malloc'ed, so cleanup is safe */
+    krb5_init_context (&context);
+    memset(&alg_id, 0, sizeof(alg_id));
+    memset(&as_req, 0, sizeof(as_req));
+    memset(&pk_as_rep, 0, sizeof(pk_as_rep));
+    memset(&key_block, 0, sizeof(key_block));
+
+    /* set up a 256-byte, ALL-ZEROS secret */
+    if (NULL == (secret.data = malloc(secret_len))) {
+        printf("ERROR in pkinit_kdf_test: Memory allocation failed.");
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    secret.length = secret_len;
+    memset(secret.data, 0, secret_len);
+
+    /* set-up the partyUInfo and partyVInfo principals */
+    if ((0 != (retval = krb5_parse_name(context, party_u_name,
+                                        &u_principal))) ||
+        (0 != (retval = krb5_parse_name(context, party_v_name,
+                                        &v_principal)))) {
+        printf("ERROR in pkinit_kdf_test: Error parsing names, retval = %d",
+               retval);
+        goto cleanup;
+    }
+
+    /* The test vectors in RFC 8636 implicitly use NT-PRINCIPAL names. */
+    u_principal->type = KRB5_NT_PRINCIPAL;
+    v_principal->type = KRB5_NT_PRINCIPAL;
+
+    /* set-up the as_req and and pk_as_rep data */
+    memset(twenty_as, 0xaa, sizeof(twenty_as));
+    memset(eighteen_bs, 0xbb, sizeof(eighteen_bs));
+    as_req.length = sizeof(twenty_as);
+    as_req.data = twenty_as;
+
+    pk_as_rep.length = sizeof(eighteen_bs);
+    pk_as_rep.data = eighteen_bs;
+
+    /* TEST 1:  SHA-1/AES */
+    /* set up algorithm id */
+    alg_id.algorithm = sha1_id;
+
+    enctype = enctype_aes;
+
+    /* call pkinit_alg_agility_kdf() with test vector values*/
+    if (0 != (retval = pkinit_alg_agility_kdf(context, &secret,
+                                              &alg_id.algorithm,
+                                              u_principal, v_principal,
+                                              enctype, &as_req, &pk_as_rep,
+                                              &key_block))) {
+        printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d\n",
+               retval);
+        goto cleanup;
+    }
+
+    /* compare key to expected key value */
+
+    if ((key_block.length == sizeof(key1_hex)) &&
+        (0 == memcmp(key_block.contents, key1_hex, key_block.length))) {
+        printf("SUCCESS: TEST 1 (SHA-1/AES), Correct key value generated.\n");
+        retval = 0;
+        /* free the keyblock contents, so we can use it for the next test */
+        krb5_free_keyblock_contents(context, &key_block);
+    } else {
+        printf("FAILURE: TEST 1 (SHA-1/AES), Incorrect key value generated!\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    /* TEST 2: SHA-256/AES */
+    /* set up algorithm id */
+    alg_id.algorithm = sha256_id;
+
+    enctype = enctype_aes;
+
+    /* call pkinit_alg_agility_kdf() with test vector values*/
+    if (0 != (retval = pkinit_alg_agility_kdf(context, &secret,
+                                              &alg_id.algorithm,
+                                              u_principal, v_principal,
+                                              enctype, &as_req, &pk_as_rep,
+                                              &key_block))) {
+        printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d\n",
+               retval);
+        goto cleanup;
+    }
+
+    /* compare key to expected key value */
+
+    if ((key_block.length == sizeof(key2_hex)) &&
+        (0 == memcmp(key_block.contents, key2_hex, key_block.length))) {
+        printf("SUCCESS: TEST 2 (SHA-256/AES), Correct key value generated.\n");
+        retval = 0;
+        /* free the keyblock contents, so we can use it for the next test */
+        krb5_free_keyblock_contents(context, &key_block);
+    } else {
+        printf("FAILURE: TEST 2 (SHA-256/AES), Incorrect key value generated!\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+    /* TEST 3: SHA-512/DES3 */
+    /* set up algorithm id */
+    alg_id.algorithm = sha512_id;
+
+    enctype = enctype_des3;
+
+    /* call pkinit_alg_agility_kdf() with test vector values*/
+    if (0 != (retval = pkinit_alg_agility_kdf(context, &secret,
+                                              &alg_id.algorithm,
+                                              u_principal, v_principal,
+                                              enctype, &as_req, &pk_as_rep,
+                                              &key_block))) {
+        printf("ERROR in pkinit_kdf_test: kdf call failed, retval = %d\n",
+               retval);
+        goto cleanup;
+    }
+
+    /* compare key to expected key value */
+
+    if ((key_block.length == sizeof(key3_hex)) &&
+        (0 == memcmp(key_block.contents, key3_hex, key_block.length))) {
+        printf("SUCCESS: TEST 3 (SHA-512/DES3), Correct key value generated.\n");
+        retval = 0;
+    } else {
+        printf("FAILURE: TEST 2 (SHA-512/DES3), Incorrect key value generated!\n");
+        retval = 1;
+        goto cleanup;
+    }
+
+cleanup:
+    /* release all allocated resources, whether good or bad return */
+    free(secret.data);
+    krb5_free_principal(context, u_principal);
+    krb5_free_principal(context, v_principal);
+    krb5_free_keyblock_contents(context, &key_block);
+    krb5_free_context(context);
+    return retval ? 1 : 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c
new file mode 100644
index 00000000..4c3d46bf
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c
@@ -0,0 +1,290 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include "pkinit.h"
+
+#define FAKECERT
+
+const krb5_data dh_oid = { 0, 7, "\x2A\x86\x48\xce\x3e\x02\x01" };
+
+
+krb5_error_code
+pkinit_init_req_opts(pkinit_req_opts **reqopts)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_req_opts *opts = NULL;
+
+    *reqopts = NULL;
+    opts = calloc(1, sizeof(*opts));
+    if (opts == NULL)
+        return retval;
+
+    opts->require_eku = 1;
+    opts->accept_secondary_eku = 0;
+    opts->allow_upn = 0;
+    opts->dh_or_rsa = DH_PROTOCOL;
+    opts->require_crl_checking = 0;
+    opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
+
+    *reqopts = opts;
+
+    return 0;
+}
+
+void
+pkinit_fini_req_opts(pkinit_req_opts *opts)
+{
+    free(opts);
+    return;
+}
+
+krb5_error_code
+pkinit_init_plg_opts(pkinit_plg_opts **plgopts)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_plg_opts *opts = NULL;
+
+    *plgopts = NULL;
+    opts = calloc(1, sizeof(pkinit_plg_opts));
+    if (opts == NULL)
+        return retval;
+
+    opts->require_eku = 1;
+    opts->accept_secondary_eku = 0;
+    opts->dh_or_rsa = DH_PROTOCOL;
+    opts->allow_upn = 0;
+    opts->require_crl_checking = 0;
+    opts->require_freshness = 0;
+    opts->disable_freshness = 0;
+
+    opts->dh_min_bits = PKINIT_DEFAULT_DH_MIN_BITS;
+
+    *plgopts = opts;
+
+    return 0;
+}
+
+void
+pkinit_fini_plg_opts(pkinit_plg_opts *opts)
+{
+    free(opts);
+    return;
+}
+
+void
+free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in)
+{
+    if (*in == NULL) return;
+    free((*in)->signedAuthPack.data);
+    if ((*in)->trustedCertifiers != NULL)
+        free_krb5_external_principal_identifier(&(*in)->trustedCertifiers);
+    free((*in)->kdcPkId.data);
+    free(*in);
+}
+
+void
+free_krb5_reply_key_pack(krb5_reply_key_pack **in)
+{
+    if (*in == NULL) return;
+    free((*in)->replyKey.contents);
+    free((*in)->asChecksum.contents);
+    free(*in);
+}
+
+void
+free_krb5_auth_pack(krb5_auth_pack **in)
+{
+    if ((*in) == NULL) return;
+    krb5_free_data_contents(NULL, &(*in)->clientPublicValue);
+    free((*in)->pkAuthenticator.paChecksum.contents);
+    krb5_free_data(NULL, (*in)->pkAuthenticator.freshnessToken);
+    if ((*in)->supportedCMSTypes != NULL)
+        free_krb5_algorithm_identifiers(&((*in)->supportedCMSTypes));
+    if ((*in)->supportedKDFs) {
+        krb5_data **supportedKDFs = (*in)->supportedKDFs;
+        unsigned i;
+        for (i = 0; supportedKDFs[i]; i++)
+            krb5_free_data(NULL, supportedKDFs[i]);
+        free(supportedKDFs);
+    }
+    free(*in);
+}
+
+void
+free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in)
+{
+    if (*in == NULL) return;
+    switch ((*in)->choice) {
+    case choice_pa_pk_as_rep_dhInfo:
+        krb5_free_data(NULL, (*in)->u.dh_Info.kdfID);
+        free((*in)->u.dh_Info.dhSignedData.data);
+        break;
+    case choice_pa_pk_as_rep_encKeyPack:
+        free((*in)->u.encKeyPack.data);
+        break;
+    default:
+        break;
+    }
+    free(*in);
+}
+
+void
+free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in)
+{
+    int i = 0;
+    if (*in == NULL) return;
+    while ((*in)[i] != NULL) {
+        free((*in)[i]->subjectName.data);
+        free((*in)[i]->issuerAndSerialNumber.data);
+        free((*in)[i]->subjectKeyIdentifier.data);
+        free((*in)[i]);
+        i++;
+    }
+    free(*in);
+}
+
+void
+free_krb5_algorithm_identifier(krb5_algorithm_identifier *in)
+{
+    if (in == NULL)
+        return;
+    free(in->algorithm.data);
+    free(in->parameters.data);
+    free(in);
+}
+
+void
+free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in)
+{
+    int i;
+    if (in == NULL || *in == NULL)
+        return;
+    for (i = 0; (*in)[i] != NULL; i++) {
+        free_krb5_algorithm_identifier((*in)[i]);
+    }
+    free(*in);
+}
+
+void
+free_krb5_kdc_dh_key_info(krb5_kdc_dh_key_info **in)
+{
+    if (*in == NULL) return;
+    free((*in)->subjectPublicKey.data);
+    free(*in);
+}
+
+void
+init_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in)
+{
+    (*in) = malloc(sizeof(krb5_pa_pk_as_req));
+    if ((*in) == NULL) return;
+    (*in)->signedAuthPack.data = NULL;
+    (*in)->signedAuthPack.length = 0;
+    (*in)->trustedCertifiers = NULL;
+    (*in)->kdcPkId.data = NULL;
+    (*in)->kdcPkId.length = 0;
+}
+
+void
+init_krb5_reply_key_pack(krb5_reply_key_pack **in)
+{
+    (*in) = malloc(sizeof(krb5_reply_key_pack));
+    if ((*in) == NULL) return;
+    (*in)->replyKey.contents = NULL;
+    (*in)->replyKey.length = 0;
+    (*in)->asChecksum.contents = NULL;
+    (*in)->asChecksum.length = 0;
+}
+
+void
+init_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in)
+{
+    (*in) = malloc(sizeof(krb5_pa_pk_as_rep));
+    if ((*in) == NULL) return;
+    (*in)->u.dh_Info.serverDHNonce.length = 0;
+    (*in)->u.dh_Info.serverDHNonce.data = NULL;
+    (*in)->u.dh_Info.dhSignedData.length = 0;
+    (*in)->u.dh_Info.dhSignedData.data = NULL;
+    (*in)->u.encKeyPack.length = 0;
+    (*in)->u.encKeyPack.data = NULL;
+    (*in)->u.dh_Info.kdfID = NULL;
+}
+
+krb5_error_code
+pkinit_copy_krb5_data(krb5_data *dst, const krb5_data *src)
+{
+    if (dst == NULL || src == NULL)
+        return EINVAL;
+    if (src->data == NULL) {
+        dst->data = NULL;
+        dst->length = 0;
+        return 0;
+    }
+    dst->data = malloc(src->length);
+    if (dst->data == NULL)
+        return ENOMEM;
+    memcpy(dst->data, src->data, src->length);
+    dst->length = src->length;
+    return 0;
+}
+
+/* debugging functions */
+void
+print_buffer(const unsigned char *buf, unsigned int len)
+{
+    unsigned  i = 0;
+    if (len <= 0)
+        return;
+
+    for (i = 0; i < len; i++)
+        pkiDebug("%02x ", buf[i]);
+    pkiDebug("\n");
+}
+
+void
+print_buffer_bin(unsigned char *buf, unsigned int len, char *filename)
+{
+    FILE *f = NULL;
+    unsigned int i = 0;
+
+    if (len <= 0 || filename == NULL)
+        return;
+
+    if ((f = fopen(filename, "w")) == NULL)
+        return;
+
+    set_cloexec_file(f);
+
+    for (i = 0; i < len; i++)
+        fputc(buf[i], f);
+
+    fclose(f);
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c
new file mode 100644
index 00000000..b42485a5
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c
@@ -0,0 +1,751 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <regex.h>
+#include "pkinit.h"
+
+typedef struct _pkinit_cert_info pkinit_cert_info;
+
+typedef enum {
+    kw_undefined = 0,
+    kw_subject = 1,
+    kw_issuer = 2,
+    kw_san = 3,
+    kw_eku = 4,
+    kw_ku = 5
+} keyword_type;
+
+static char *
+keyword2string(unsigned int kw)
+{
+    switch(kw) {
+    case kw_undefined: return "NONE"; break;
+    case kw_subject: return "SUBJECT"; break;
+    case kw_issuer: return "ISSUER"; break;
+    case kw_san: return "SAN"; break;
+    case kw_eku: return "EKU"; break;
+    case kw_ku: return "KU"; break;
+    default: return "INVALID"; break;
+    }
+}
+typedef enum {
+    relation_none = 0,
+    relation_and = 1,
+    relation_or = 2
+} relation_type;
+
+static char *
+relation2string(unsigned int rel)
+{
+    switch(rel) {
+    case relation_none: return "NONE"; break;
+    case relation_and: return "AND"; break;
+    case relation_or: return "OR"; break;
+    default: return "INVALID"; break;
+    }
+}
+
+typedef enum {
+    kwvaltype_undefined = 0,
+    kwvaltype_regexp = 1,
+    kwvaltype_list = 2
+} kw_value_type;
+
+static char *
+kwval2string(unsigned int kwval)
+{
+    switch(kwval) {
+    case kwvaltype_undefined: return "NONE"; break;
+    case kwvaltype_regexp: return "REGEXP"; break;
+    case kwvaltype_list: return "LIST"; break;
+    default: return "INVALID"; break;
+    }
+}
+
+struct keyword_desc {
+    const char *value;
+    size_t length;
+    keyword_type kwtype;
+    kw_value_type kwvaltype;
+} matching_keywords[] = {
+    { "<KU>",       4, kw_ku, kwvaltype_list },
+    { "<EKU>",      5, kw_eku, kwvaltype_list },
+    { "<SAN>",      5, kw_san, kwvaltype_regexp },
+    { "<ISSUER>",   8, kw_issuer, kwvaltype_regexp },
+    { "<SUBJECT>",  9, kw_subject, kwvaltype_regexp },
+    { NULL, 0, kw_undefined, kwvaltype_undefined},
+};
+
+struct ku_desc {
+    const char *value;
+    size_t length;
+    unsigned int bitval;
+};
+
+struct ku_desc ku_keywords[] = {
+    { "digitalSignature",   16, PKINIT_KU_DIGITALSIGNATURE },
+    { "keyEncipherment",    15, PKINIT_KU_KEYENCIPHERMENT },
+    { NULL, 0, 0 },
+};
+
+struct ku_desc  eku_keywords[] = {
+    { "pkinit",             6,  PKINIT_EKU_PKINIT },
+    { "msScLogin",          9,  PKINIT_EKU_MSSCLOGIN },
+    { "clientAuth",         10, PKINIT_EKU_CLIENTAUTH },
+    { "emailProtection",    15, PKINIT_EKU_EMAILPROTECTION },
+    { NULL, 0, 0 },
+};
+
+/* Rule component */
+typedef struct _rule_component {
+    struct _rule_component *next;
+    keyword_type kw_type;
+    kw_value_type kwval_type;
+    regex_t regexp;         /* Compiled regular expression */
+    char *regsrc;           /* The regular expression source (for debugging) */
+    unsigned int ku_bits;
+    unsigned int eku_bits;
+} rule_component;
+
+/* Set rule components */
+typedef struct _rule_set {
+    relation_type relation;
+    int num_crs;
+    rule_component *crs;
+} rule_set;
+
+static krb5_error_code
+free_rule_component(krb5_context context,
+                    rule_component *rc)
+{
+    if (rc == NULL)
+        return 0;
+
+    if (rc->kwval_type == kwvaltype_regexp) {
+        free(rc->regsrc);
+        regfree(&rc->regexp);
+    }
+    free(rc);
+    return 0;
+}
+
+static krb5_error_code
+free_rule_set(krb5_context context,
+              rule_set *rs)
+{
+    rule_component *rc, *trc;
+
+    if (rs == NULL)
+        return 0;
+    for (rc = rs->crs; rc != NULL;) {
+        trc = rc->next;
+        free_rule_component(context, rc);
+        rc = trc;
+    }
+    free(rs);
+    return 0;
+}
+
+static krb5_error_code
+parse_list_value(krb5_context context,
+                 keyword_type type,
+                 char *value,
+                 rule_component *rc)
+{
+    krb5_error_code retval;
+    char *comma;
+    struct ku_desc *ku = NULL;
+    int found;
+    size_t len;
+    unsigned int *bitptr;
+
+
+    if (value == NULL || value[0] == '\0') {
+        pkiDebug("%s: Missing or empty value for list keyword type %d\n",
+                 __FUNCTION__, type);
+        retval = EINVAL;
+        goto out;
+    }
+
+    if (type == kw_eku) {
+        bitptr = &rc->eku_bits;
+    } else if (type == kw_ku) {
+        bitptr = &rc->ku_bits;
+    } else {
+        pkiDebug("%s: Unknown list keyword type %d\n", __FUNCTION__, type);
+        retval = EINVAL;
+        goto out;
+    }
+
+    do {
+        found = 0;
+        comma = strchr(value, ',');
+        if (comma != NULL)
+            len = comma - value;
+        else
+            len = strlen(value);
+
+        if (type == kw_eku) {
+            ku = eku_keywords;
+        } else if (type == kw_ku) {
+            ku = ku_keywords;
+        }
+
+        for (; ku->value != NULL; ku++) {
+            if (strncasecmp(value, ku->value, len) == 0) {
+                *bitptr |= ku->bitval;
+                found = 1;
+                pkiDebug("%s: Found value '%s', bitfield is now 0x%x\n",
+                         __FUNCTION__, ku->value, *bitptr);
+                break;
+            }
+        }
+        if (found) {
+            value += ku->length;
+            if (*value == ',')
+                value += 1;
+        } else {
+            pkiDebug("%s: Urecognized value '%s'\n", __FUNCTION__, value);
+            retval = EINVAL;
+            goto out;
+        }
+    } while (found && *value != '\0');
+
+    retval = 0;
+out:
+    pkiDebug("%s: returning %d\n", __FUNCTION__, retval);
+    return retval;
+}
+
+static krb5_error_code
+parse_rule_component(krb5_context context,
+                     const char **rule,
+                     int *remaining,
+                     rule_component **ret_rule)
+{
+    krb5_error_code retval;
+    rule_component *rc = NULL;
+    keyword_type kw_type;
+    kw_value_type kwval_type;
+    char err_buf[128];
+    int ret;
+    struct keyword_desc *kw, *nextkw;
+    char *nk;
+    int found_next_kw = 0;
+    char *value = NULL;
+    size_t len;
+
+    for (kw = matching_keywords; kw->value != NULL; kw++) {
+        if (strncmp(*rule, kw->value, kw->length) == 0) {
+            kw_type = kw->kwtype;
+            kwval_type = kw->kwvaltype;
+            *rule += kw->length;
+            *remaining -= kw->length;
+            break;
+        }
+    }
+    if (kw->value == NULL) {
+        pkiDebug("%s: Missing or invalid keyword in rule '%s'\n",
+                 __FUNCTION__, *rule);
+        retval = ENOENT;
+        goto out;
+    }
+
+    pkiDebug("%s: found keyword '%s'\n", __FUNCTION__, kw->value);
+
+    rc = calloc(1, sizeof(*rc));
+    if (rc == NULL) {
+        retval = ENOMEM;
+        goto out;
+    }
+    rc->next = NULL;
+    rc->kw_type = kw_type;
+    rc->kwval_type = kwval_type;
+
+    /*
+     * Before processing the value for this keyword,
+     * (compiling the regular expression or processing the list)
+     * we need to find the end of it.  That means parsing for the
+     * beginning of the next keyword (or the end of the rule).
+     */
+    nk = strchr(*rule, '<');
+    while (nk != NULL) {
+        /* Possibly another keyword, check it out */
+        for (nextkw = matching_keywords; nextkw->value != NULL; nextkw++) {
+            if (strncmp(nk, nextkw->value, nextkw->length) == 0) {
+                /* Found a keyword, nk points to the beginning */
+                found_next_kw = 1;
+                break;  /* Need to break out of the while! */
+            }
+        }
+        if (!found_next_kw)
+            nk = strchr(nk+1, '<');     /* keep looking */
+        else
+            break;
+    }
+
+    if (nk != NULL && found_next_kw)
+        len = (nk - *rule);
+    else
+        len = (*remaining);
+
+    if (len == 0) {
+        pkiDebug("%s: Missing value for keyword '%s'\n",
+                 __FUNCTION__, kw->value);
+        retval = EINVAL;
+        goto out;
+    }
+
+    value = calloc(1, len+1);
+    if (value == NULL) {
+        retval = ENOMEM;
+        goto out;
+    }
+    memcpy(value, *rule, len);
+    *remaining -= len;
+    *rule += len;
+    pkiDebug("%s: found value '%s'\n", __FUNCTION__, value);
+
+    if (kw->kwvaltype == kwvaltype_regexp) {
+        ret = regcomp(&rc->regexp, value, REG_EXTENDED);
+        if (ret) {
+            regerror(ret, &rc->regexp, err_buf, sizeof(err_buf));
+            pkiDebug("%s: Error compiling reg-exp '%s': %s\n",
+                     __FUNCTION__, value, err_buf);
+            retval = ret;
+            goto out;
+        }
+        rc->regsrc = strdup(value);
+        if (rc->regsrc == NULL) {
+            retval = ENOMEM;
+            goto out;
+        }
+    } else if (kw->kwvaltype == kwvaltype_list) {
+        retval = parse_list_value(context, rc->kw_type, value, rc);
+        if (retval) {
+            pkiDebug("%s: Error %d, parsing list values for keyword %s\n",
+                     __FUNCTION__, retval, kw->value);
+            goto out;
+        }
+    }
+
+    *ret_rule = rc;
+    retval = 0;
+out:
+    free(value);
+    if (retval && rc != NULL)
+        free_rule_component(context, rc);
+    pkiDebug("%s: returning %d\n", __FUNCTION__, retval);
+    return retval;
+}
+
+static krb5_error_code
+parse_rule_set(krb5_context context,
+               const char *rule_in,
+               rule_set **out_rs)
+{
+    const char *rule;
+    int remaining;
+    krb5_error_code ret, retval;
+    rule_component *rc = NULL, *trc;
+    rule_set *rs;
+
+
+    if (rule_in == NULL)
+        return EINVAL;
+    rule = rule_in;
+    remaining = strlen(rule);
+
+    rs = calloc(1, sizeof(*rs));
+    if (rs == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+
+    rs->relation = relation_none;
+    if (remaining > 1) {
+        if (rule[0] == '&' && rule[1] == '&') {
+            rs->relation = relation_and;
+            rule += 2;
+            remaining -= 2;
+        } else if (rule_in[0] == '|' && rule_in[1] == '|') {
+            rs->relation = relation_or;
+            rule +=2;
+            remaining -= 2;
+        }
+    }
+    rs->num_crs = 0;
+    while (remaining > 0) {
+        if (rs->relation == relation_none && rs->num_crs > 0) {
+            pkiDebug("%s: Assuming AND relation for multiple components in rule '%s'\n",
+                     __FUNCTION__, rule_in);
+            rs->relation = relation_and;
+        }
+        ret = parse_rule_component(context, &rule, &remaining, &rc);
+        if (ret) {
+            retval = ret;
+            goto cleanup;
+        }
+        pkiDebug("%s: After parse_rule_component, remaining %d, rule '%s'\n",
+                 __FUNCTION__, remaining, rule);
+        rs->num_crs++;
+
+        /*
+         * Chain the new component on the end (order matters since
+         * we can short-circuit an OR or an AND relation if an
+         * earlier check passes
+         */
+        for (trc = rs->crs; trc != NULL && trc->next != NULL; trc = trc->next);
+        if (trc == NULL)
+            rs->crs = rc;
+        else {
+            trc->next = rc;
+        }
+    }
+
+    *out_rs = rs;
+
+    retval = 0;
+cleanup:
+    if (retval && rs != NULL) {
+        free_rule_set(context, rs);
+    }
+    pkiDebug("%s: returning %d\n", __FUNCTION__, retval);
+    return retval;
+}
+
+static int
+regexp_match(krb5_context context, rule_component *rc, char *value, int idx)
+{
+    int code;
+
+    code = regexec(&rc->regexp, value, 0, NULL, 0);
+
+    if (code == 0) {
+        TRACE_PKINIT_REGEXP_MATCH(context, keyword2string(rc->kw_type),
+                                  rc->regsrc, value, idx);
+    } else {
+        TRACE_PKINIT_REGEXP_NOMATCH(context, keyword2string(rc->kw_type),
+                                    rc->regsrc, value, idx);
+    }
+
+    return (code == 0 ? 1: 0);
+}
+
+static int
+component_match(krb5_context context, rule_component *rc,
+                pkinit_cert_matching_data *md, int idx)
+{
+    int match = 0;
+    int i;
+    char *princ_string;
+
+    switch (rc->kwval_type) {
+    case kwvaltype_regexp:
+        switch (rc->kw_type) {
+        case kw_subject:
+            match = regexp_match(context, rc, md->subject_dn, idx);
+            break;
+        case kw_issuer:
+            match = regexp_match(context, rc, md->issuer_dn, idx);
+            break;
+        case kw_san:
+            for (i = 0; md->sans != NULL && md->sans[i] != NULL; i++) {
+                krb5_unparse_name(context, md->sans[i], &princ_string);
+                match = regexp_match(context, rc, princ_string, idx);
+                krb5_free_unparsed_name(context, princ_string);
+                if (match)
+                    break;
+            }
+            for (i = 0; md->upns != NULL && md->upns[i] != NULL; i++) {
+                match = regexp_match(context, rc, md->upns[i], idx);
+                if (match)
+                    break;
+            }
+            break;
+        default:
+            pkiDebug("%s: keyword %s, keyword value %s mismatch\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     kwval2string(kwvaltype_regexp));
+            break;
+        }
+        break;
+    case kwvaltype_list:
+        switch(rc->kw_type) {
+        case kw_eku:
+            pkiDebug("%s: checking %s: rule 0x%08x, cert 0x%08x\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     rc->eku_bits, md->eku_bits);
+            if ((rc->eku_bits & md->eku_bits) == rc->eku_bits)
+                match = 1;
+            break;
+        case kw_ku:
+            pkiDebug("%s: checking %s: rule 0x%08x, cert 0x%08x\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     rc->ku_bits, md->ku_bits);
+            if ((rc->ku_bits & md->ku_bits) == rc->ku_bits)
+                match = 1;
+            break;
+        default:
+            pkiDebug("%s: keyword %s, keyword value %s mismatch\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     kwval2string(kwvaltype_regexp));
+            break;
+        }
+        break;
+    default:
+        pkiDebug("%s: unknown keyword value type %d\n",
+                 __FUNCTION__, rc->kwval_type);
+        break;
+    }
+    pkiDebug("%s: returning match = %d\n", __FUNCTION__, match);
+    return match;
+}
+/*
+ * Returns match_found == 1 only if exactly one certificate matches
+ * the given rule
+ */
+static krb5_error_code
+check_all_certs(krb5_context context,
+                pkinit_plg_crypto_context plg_cryptoctx,
+                pkinit_req_crypto_context req_cryptoctx,
+                pkinit_identity_crypto_context id_cryptoctx,
+                krb5_principal princ,
+                rule_set *rs,   /* rule to check */
+                pkinit_cert_matching_data **matchdata,
+                int *match_found,
+                size_t *match_index)
+{
+    krb5_error_code retval;
+    pkinit_cert_matching_data *md;
+    int i;
+    int comp_match = 0;
+    int total_cert_matches = 0;
+    rule_component *rc;
+    int certs_checked = 0;
+    size_t save_index = 0;
+
+    if (match_found == NULL || match_index == NULL)
+        return EINVAL;
+
+    *match_index = 0;
+    *match_found = 0;
+
+    pkiDebug("%s: matching rule relation is %s with %d components\n",
+             __FUNCTION__, relation2string(rs->relation), rs->num_crs);
+
+    /*
+     * Loop through all the certs available and count
+     * how many match the rule
+     */
+    for (i = 0, md = matchdata[i]; md != NULL; md = matchdata[++i]) {
+        pkiDebug("%s: subject: '%s'\n", __FUNCTION__, md->subject_dn);
+        certs_checked++;
+        for (rc = rs->crs; rc != NULL; rc = rc->next) {
+            comp_match = component_match(context, rc, md, i);
+            if (comp_match) {
+                pkiDebug("%s: match for keyword type %s\n",
+                         __FUNCTION__, keyword2string(rc->kw_type));
+            }
+            if (comp_match && rs->relation == relation_or) {
+                pkiDebug("%s: cert matches rule (OR relation)\n",
+                         __FUNCTION__);
+                total_cert_matches++;
+                save_index = i;
+                goto nextcert;
+            }
+            if (!comp_match && rs->relation == relation_and) {
+                pkiDebug("%s: cert does not match rule (AND relation)\n",
+                         __FUNCTION__);
+                goto nextcert;
+            }
+        }
+        if (rc == NULL && comp_match) {
+            pkiDebug("%s: cert matches rule (AND relation)\n", __FUNCTION__);
+            total_cert_matches++;
+            save_index = i;
+        }
+    nextcert:
+        continue;
+    }
+    TRACE_PKINIT_CERT_NUM_MATCHING(context, certs_checked, total_cert_matches);
+    if (total_cert_matches == 1) {
+        *match_found = 1;
+        *match_index = save_index;
+    }
+
+    retval = 0;
+
+    pkiDebug("%s: returning %d, match_found %d\n",
+             __FUNCTION__, retval, *match_found);
+    return retval;
+}
+
+krb5_error_code
+pkinit_cert_matching(krb5_context context,
+                     pkinit_plg_crypto_context plg_cryptoctx,
+                     pkinit_req_crypto_context req_cryptoctx,
+                     pkinit_identity_crypto_context id_cryptoctx,
+                     krb5_principal princ)
+{
+
+    krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
+    int x;
+    char **rules = NULL;
+    rule_set *rs = NULL;
+    int match_found = 0;
+    pkinit_cert_matching_data **matchdata = NULL;
+    size_t match_index = 0;
+
+    /* If no matching rules, select the default cert and we're done */
+    pkinit_libdefault_strings(context, krb5_princ_realm(context, princ),
+                              KRB5_CONF_PKINIT_CERT_MATCH, &rules);
+    if (rules == NULL) {
+        pkiDebug("%s: no matching rules found in config file\n", __FUNCTION__);
+        retval = crypto_cert_select_default(context, plg_cryptoctx,
+                                            req_cryptoctx, id_cryptoctx);
+        goto cleanup;
+    }
+
+    /* parse each rule line one at a time and check all the certs against it */
+    for (x = 0; rules[x] != NULL; x++) {
+        TRACE_PKINIT_CERT_RULE(context, rules[x]);
+
+        /* Free rules from previous time through... */
+        if (rs != NULL) {
+            free_rule_set(context, rs);
+            rs = NULL;
+        }
+        retval = parse_rule_set(context, rules[x], &rs);
+        if (retval) {
+            if (retval == EINVAL) {
+                TRACE_PKINIT_CERT_RULE_INVALID(context, rules[x]);
+                continue;
+            }
+            goto cleanup;
+        }
+
+        /*
+         * Optimize so that we do not get cert info unless we have
+         * valid rules to check.  Once obtained, keep it around
+         * until we are done.
+         */
+        if (matchdata == NULL) {
+            retval = crypto_cert_get_matching_data(context, plg_cryptoctx,
+                                                   req_cryptoctx, id_cryptoctx,
+                                                   &matchdata);
+            if (retval || matchdata == NULL) {
+                pkiDebug("%s: Error %d obtaining certificate information\n",
+                         __FUNCTION__, retval);
+                retval = ENOENT;
+                goto cleanup;
+            }
+        }
+
+        retval = check_all_certs(context, plg_cryptoctx, req_cryptoctx,
+                                 id_cryptoctx, princ, rs, matchdata,
+                                 &match_found, &match_index);
+        if (retval) {
+            pkiDebug("%s: Error %d, checking certs against rule '%s'\n",
+                     __FUNCTION__, retval, rules[x]);
+            goto cleanup;
+        }
+        if (match_found) {
+            pkiDebug("%s: We have an exact match with rule '%s'\n",
+                     __FUNCTION__, rules[x]);
+            break;
+        }
+    }
+
+    if (match_found) {
+        pkiDebug("%s: Selecting the matching cert!\n", __FUNCTION__);
+        retval = crypto_cert_select(context, id_cryptoctx, match_index);
+        if (retval) {
+            pkiDebug("%s: crypto_cert_select error %d, %s\n",
+                     __FUNCTION__, retval, error_message(retval));
+            goto cleanup;
+        }
+    } else {
+        TRACE_PKINIT_NO_MATCHING_CERT(context);
+        retval = ENOENT;    /* XXX */
+        goto cleanup;
+    }
+
+    retval = 0;
+
+cleanup:
+    profile_free_list(rules);
+    free_rule_set(context, rs);
+    crypto_cert_free_matching_data_list(context, matchdata);
+    return retval;
+}
+
+krb5_error_code
+pkinit_client_cert_match(krb5_context context,
+                         pkinit_plg_crypto_context plgctx,
+                         pkinit_req_crypto_context reqctx,
+                         const char *match_rule,
+                         krb5_boolean *matched)
+{
+    krb5_error_code ret;
+    pkinit_cert_matching_data *md = NULL;
+    rule_component *rc = NULL;
+    int comp_match = 0;
+    rule_set *rs = NULL;
+
+    *matched = FALSE;
+    ret = parse_rule_set(context, match_rule, &rs);
+    if (ret)
+        goto cleanup;
+
+    ret = crypto_req_cert_matching_data(context, plgctx, reqctx, &md);
+    if (ret)
+        goto cleanup;
+
+    for (rc = rs->crs; rc != NULL; rc = rc->next) {
+        comp_match = component_match(context, rc, md, 0);
+        if ((comp_match && rs->relation == relation_or) ||
+            (!comp_match && rs->relation == relation_and)) {
+            break;
+        }
+    }
+    *matched = comp_match;
+
+cleanup:
+    free_rule_set(context, rs);
+    crypto_cert_free_matching_data(context, md);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_profile.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_profile.c
new file mode 100644
index 00000000..334e54ab
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_profile.c
@@ -0,0 +1,368 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include "k5-int.h"
+#include "pkinit.h"
+
+/*
+ * Routines for handling profile [config file] options
+ */
+
+/* Forward prototypes */
+static int _krb5_conf_boolean(const char *s);
+
+/*
+ * XXX
+ * The following is duplicated verbatim from src/lib/krb5/krb/get_in_tkt.c,
+ * which is duplicated from somewhere else. :-/
+ * XXX
+ */
+static const char *const conf_yes[] = {
+    "y", "yes", "true", "t", "1", "on",
+    0,
+};
+
+static const char *const conf_no[] = {
+    "n", "no", "false", "nil", "0", "off",
+    0,
+};
+
+static int
+_krb5_conf_boolean(const char *s)
+{
+    const char *const *p;
+
+    for(p=conf_yes; *p; p++) {
+        if (strcasecmp(*p,s) == 0)
+            return 1;
+    }
+
+    for(p=conf_no; *p; p++) {
+        if (strcasecmp(*p,s) == 0)
+            return 0;
+    }
+
+    /* Default to "no" */
+    return 0;
+}
+
+/*
+ * XXX
+ * End duplicated code from src/lib/krb5/krb/get_in_tkt.c
+ * XXX
+ */
+
+/*
+ * The following are based on krb5_libdefault_* functions in
+ * src/lib/krb5/krb/get_in_tkt.c
+ * N.B.  This assumes that context->default_realm has
+ * already been established.
+ */
+krb5_error_code
+pkinit_kdcdefault_strings(krb5_context context, const char *realmname,
+                          const char *option, char ***ret_value)
+{
+    profile_t profile = NULL;
+    const char *names[5];
+    char **values = NULL;
+    krb5_error_code retval;
+
+    if (context == NULL)
+        return KV5M_CONTEXT;
+
+    profile = context->profile;
+
+    if (realmname != NULL) {
+        /*
+         * Try number one:
+         *
+         * [realms]
+         *          REALM = {
+         *              option = <value>
+         *          }
+         */
+
+        names[0] = KRB5_CONF_REALMS;
+        names[1] = realmname;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &values);
+        if (retval == 0 && values != NULL)
+            goto goodbye;
+    }
+
+    /*
+     * Try number two:
+     *
+     * [kdcdefaults]
+     *      option = <value>
+     */
+
+    names[0] = KRB5_CONF_KDCDEFAULTS;
+    names[1] = option;
+    names[2] = 0;
+    retval = profile_get_values(profile, names, &values);
+    if (retval == 0 && values != NULL)
+        goto goodbye;
+
+goodbye:
+    if (values == NULL)
+        retval = ENOENT;
+
+    *ret_value = values;
+
+    return retval;
+
+}
+
+krb5_error_code
+pkinit_kdcdefault_string(krb5_context context, const char *realmname,
+                         const char *option, char **ret_value)
+{
+    krb5_error_code retval;
+    char **values = NULL;
+
+    retval = pkinit_kdcdefault_strings(context, realmname, option, &values);
+    if (retval)
+        return retval;
+
+    if (values[0] == NULL) {
+        retval = ENOENT;
+    } else {
+        *ret_value = strdup(values[0]);
+        if (*ret_value == NULL)
+            retval = ENOMEM;
+    }
+
+    profile_free_list(values);
+    return retval;
+}
+
+krb5_error_code
+pkinit_kdcdefault_boolean(krb5_context context, const char *realmname,
+                          const char *option, int default_value, int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = pkinit_kdcdefault_string(context, realmname, option, &string);
+
+    if (retval == 0) {
+        *ret_value = _krb5_conf_boolean(string);
+        free(string);
+    } else
+        *ret_value = default_value;
+
+    return 0;
+}
+
+krb5_error_code
+pkinit_kdcdefault_integer(krb5_context context, const char *realmname,
+                          const char *option, int default_value, int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = pkinit_kdcdefault_string(context, realmname, option, &string);
+
+    if (retval == 0) {
+        char *endptr;
+        long l;
+        l = strtol(string, &endptr, 0);
+        if (endptr == string)
+            *ret_value = default_value;
+        else
+            *ret_value = l;
+        free(string);
+    } else
+        *ret_value = default_value;
+
+    return 0;
+}
+
+
+/*
+ * krb5_libdefault_string() is defined as static in
+ * src/lib/krb5/krb/get_in_tkt.c.  Create local versions of
+ * krb5_libdefault_* functions here.  We need a libdefaults_strings()
+ * function which is not currently supported there anyway.  Also,
+ * add the ability to supply a default value for the boolean and
+ * integer functions.
+ */
+
+krb5_error_code
+pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
+                          const char *option, char ***ret_value)
+{
+    profile_t profile;
+    const char *names[5];
+    char **values = NULL;
+    krb5_error_code retval;
+    char realmstr[1024];
+
+    if (realm != NULL && realm->length > sizeof(realmstr)-1)
+        return EINVAL;
+
+    if (realm != NULL) {
+        strncpy(realmstr, realm->data, realm->length);
+        realmstr[realm->length] = '\0';
+    }
+
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
+
+    profile = context->profile;
+
+
+    if (realm != NULL) {
+        /*
+         * Try number one:
+         *
+         * [libdefaults]
+         *        REALM = {
+         *                option = <value>
+         *        }
+         */
+
+        names[0] = KRB5_CONF_LIBDEFAULTS;
+        names[1] = realmstr;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &values);
+        if (retval == 0 && values != NULL && values[0] != NULL)
+            goto goodbye;
+
+        /*
+         * Try number two:
+         *
+         * [realms]
+         *      REALM = {
+         *              option = <value>
+         *      }
+         */
+
+        names[0] = KRB5_CONF_REALMS;
+        names[1] = realmstr;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &values);
+        if (retval == 0 && values != NULL && values[0] != NULL)
+            goto goodbye;
+    }
+
+    /*
+     * Try number three:
+     *
+     * [libdefaults]
+     *        option = <value>
+     */
+
+    names[0] = KRB5_CONF_LIBDEFAULTS;
+    names[1] = option;
+    names[2] = 0;
+    retval = profile_get_values(profile, names, &values);
+    if (retval == 0 && values != NULL && values[0] != NULL)
+        goto goodbye;
+
+goodbye:
+    if (values == NULL)
+        return ENOENT;
+
+    *ret_value = values;
+
+    return retval;
+}
+
+krb5_error_code
+pkinit_libdefault_string(krb5_context context, const krb5_data *realm,
+                         const char *option, char **ret_value)
+{
+    krb5_error_code retval;
+    char **values = NULL;
+
+    retval = pkinit_libdefault_strings(context, realm, option, &values);
+    if (retval)
+        return retval;
+
+    if (values[0] == NULL) {
+        retval = ENOENT;
+    } else {
+        *ret_value = strdup(values[0]);
+        if (*ret_value == NULL)
+            retval = ENOMEM;
+    }
+
+    profile_free_list(values);
+    return retval;
+}
+
+krb5_error_code
+pkinit_libdefault_boolean(krb5_context context, const krb5_data *realm,
+                          const char *option, int default_value,
+                          int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = pkinit_libdefault_string(context, realm, option, &string);
+
+    if (retval == 0) {
+        *ret_value = _krb5_conf_boolean(string);
+        free(string);
+    } else
+        *ret_value = default_value;
+
+    return 0;
+}
+
+krb5_error_code
+pkinit_libdefault_integer(krb5_context context, const krb5_data *realm,
+                          const char *option, int default_value,
+                          int *ret_value)
+{
+    char *string = NULL;
+    krb5_error_code retval;
+
+    retval = pkinit_libdefault_string(context, realm, option, &string);
+
+    if (retval == 0) {
+        char *endptr;
+        long l;
+        l = strtol(string, &endptr, 0);
+        if (endptr == string)
+            *ret_value = default_value;
+        else
+            *ret_value = l;
+        free(string);
+    }
+
+    return retval;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c
new file mode 100644
index 00000000..1b3bf6d4
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -0,0 +1,1646 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * COPYRIGHT (C) 2006,2007
+ * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
+ * ALL RIGHTS RESERVED
+ *
+ * Permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of The University of
+ * Michigan is not used in any advertising or publicity
+ * pertaining to the use of distribution of this software
+ * without specific, written prior authorization.  If the
+ * above copyright notice or any other identification of the
+ * University of Michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
+ * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
+ * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
+ * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
+ * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
+ * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
+ * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
+ * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
+ * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGES.
+ */
+
+#include <k5-int.h>
+#include "pkinit.h"
+#include "krb5/certauth_plugin.h"
+
+/* Aliases used by the built-in certauth modules */
+struct certauth_req_opts {
+    krb5_kdcpreauth_callbacks cb;
+    krb5_kdcpreauth_rock rock;
+    pkinit_kdc_context plgctx;
+    pkinit_kdc_req_context reqctx;
+};
+
+typedef struct certauth_module_handle_st {
+    struct krb5_certauth_vtable_st vt;
+    krb5_certauth_moddata moddata;
+} *certauth_handle;
+
+struct krb5_kdcpreauth_moddata_st {
+    pkinit_kdc_context *realm_contexts;
+    certauth_handle *certauth_modules;
+};
+
+static krb5_error_code
+pkinit_init_kdc_req_context(krb5_context, pkinit_kdc_req_context *blob);
+
+static void
+pkinit_fini_kdc_req_context(krb5_context context, void *blob);
+
+static void
+pkinit_server_plugin_fini_realm(krb5_context context,
+                                pkinit_kdc_context plgctx);
+
+static void
+pkinit_server_plugin_fini(krb5_context context,
+                          krb5_kdcpreauth_moddata moddata);
+
+static pkinit_kdc_context
+pkinit_find_realm_context(krb5_context context,
+                          krb5_kdcpreauth_moddata moddata,
+                          krb5_principal princ);
+
+static void
+free_realm_contexts(krb5_context context, pkinit_kdc_context *realm_contexts)
+{
+    int i;
+
+    if (realm_contexts == NULL)
+        return;
+    for (i = 0; realm_contexts[i] != NULL; i++)
+        pkinit_server_plugin_fini_realm(context, realm_contexts[i]);
+    pkiDebug("%s: freeing context at %p\n", __FUNCTION__, realm_contexts);
+    free(realm_contexts);
+}
+
+static void
+free_certauth_handles(krb5_context context, certauth_handle *list)
+{
+    int i;
+
+    if (list == NULL)
+        return;
+    for (i = 0; list[i] != NULL; i++) {
+        if (list[i]->vt.fini != NULL)
+            list[i]->vt.fini(context, list[i]->moddata);
+        free(list[i]);
+    }
+    free(list);
+}
+
+static krb5_error_code
+pkinit_create_edata(krb5_context context,
+                    pkinit_plg_crypto_context plg_cryptoctx,
+                    pkinit_req_crypto_context req_cryptoctx,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    pkinit_plg_opts *opts,
+                    krb5_error_code err_code,
+                    krb5_pa_data ***e_data_out)
+{
+    krb5_error_code retval = KRB5KRB_ERR_GENERIC;
+
+    pkiDebug("pkinit_create_edata: creating edata for error %d (%s)\n",
+             err_code, error_message(err_code));
+    switch(err_code) {
+    case KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE:
+        retval = pkinit_create_td_trusted_certifiers(context,
+                                                     plg_cryptoctx, req_cryptoctx, id_cryptoctx, e_data_out);
+        break;
+    case KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED:
+        retval = pkinit_create_td_dh_parameters(context, plg_cryptoctx,
+                                                req_cryptoctx, id_cryptoctx, opts, e_data_out);
+        break;
+    case KRB5KDC_ERR_INVALID_CERTIFICATE:
+    case KRB5KDC_ERR_REVOKED_CERTIFICATE:
+        retval = pkinit_create_td_invalid_certificate(context,
+                                                      plg_cryptoctx, req_cryptoctx, id_cryptoctx, e_data_out);
+        break;
+    default:
+        pkiDebug("no edata needed for error %d (%s)\n",
+                 err_code, error_message(err_code));
+        retval = 0;
+        goto cleanup;
+    }
+
+cleanup:
+
+    return retval;
+}
+
+static void
+pkinit_server_get_edata(krb5_context context,
+                        krb5_kdc_req *request,
+                        krb5_kdcpreauth_callbacks cb,
+                        krb5_kdcpreauth_rock rock,
+                        krb5_kdcpreauth_moddata moddata,
+                        krb5_preauthtype pa_type,
+                        krb5_kdcpreauth_edata_respond_fn respond,
+                        void *arg)
+{
+    krb5_error_code retval = 0;
+    pkinit_kdc_context plgctx = NULL;
+
+    pkiDebug("pkinit_server_get_edata: entered!\n");
+
+
+    /*
+     * If we don't have a realm context for the given realm,
+     * don't tell the client that we support pkinit!
+     */
+    plgctx = pkinit_find_realm_context(context, moddata, request->server);
+    if (plgctx == NULL)
+        retval = EINVAL;
+
+    /* Send a freshness token if the client requested one. */
+    if (!retval)
+        cb->send_freshness_token(context, rock);
+
+    (*respond)(arg, retval, NULL);
+}
+
+static krb5_error_code
+verify_client_san(krb5_context context,
+                  pkinit_kdc_context plgctx,
+                  pkinit_kdc_req_context reqctx,
+                  krb5_kdcpreauth_callbacks cb,
+                  krb5_kdcpreauth_rock rock,
+                  krb5_const_principal client,
+                  int *valid_san)
+{
+    krb5_error_code retval;
+    krb5_principal *princs = NULL, upn;
+    krb5_boolean match;
+    char **upns = NULL;
+    int i;
+#ifdef DEBUG_SAN_INFO
+    char *client_string = NULL, *san_string;
+#endif
+
+    *valid_san = 0;
+    retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, plgctx->idctx,
+                                       &princs,
+                                       plgctx->opts->allow_upn ? &upns : NULL,
+                                       NULL);
+    if (retval) {
+        pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        goto out;
+    }
+
+    if (princs == NULL && upns == NULL) {
+        TRACE_PKINIT_SERVER_NO_SAN(context);
+        retval = ENOENT;
+        goto out;
+    }
+
+#ifdef DEBUG_SAN_INFO
+    krb5_unparse_name(context, client, &client_string);
+#endif
+    pkiDebug("%s: Checking pkinit sans\n", __FUNCTION__);
+    for (i = 0; princs != NULL && princs[i] != NULL; i++) {
+#ifdef DEBUG_SAN_INFO
+        krb5_unparse_name(context, princs[i], &san_string);
+        pkiDebug("%s: Comparing client '%s' to pkinit san value '%s'\n",
+                 __FUNCTION__, client_string, san_string);
+        krb5_free_unparsed_name(context, san_string);
+#endif
+        if (cb->match_client(context, rock, princs[i])) {
+            TRACE_PKINIT_SERVER_MATCHING_SAN_FOUND(context);
+            *valid_san = 1;
+            retval = 0;
+            goto out;
+        }
+    }
+    pkiDebug("%s: no pkinit san match found\n", __FUNCTION__);
+    /*
+     * XXX if cert has names but none match, should we
+     * be returning KRB5KDC_ERR_CLIENT_NAME_MISMATCH here?
+     */
+
+    if (upns == NULL) {
+        pkiDebug("%s: no upn sans (or we wouldn't accept them anyway)\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        goto out;
+    }
+
+    pkiDebug("%s: Checking upn sans\n", __FUNCTION__);
+    for (i = 0; upns[i] != NULL; i++) {
+#ifdef DEBUG_SAN_INFO
+        pkiDebug("%s: Comparing client '%s' to upn san value '%s'\n",
+                 __FUNCTION__, client_string, upns[i]);
+#endif
+        retval = krb5_parse_name_flags(context, upns[i],
+                                       KRB5_PRINCIPAL_PARSE_ENTERPRISE, &upn);
+        if (retval) {
+            TRACE_PKINIT_SERVER_UPN_PARSE_FAIL(context, upns[i], retval);
+            continue;
+        }
+        match = cb->match_client(context, rock, upn);
+        krb5_free_principal(context, upn);
+        if (match) {
+            TRACE_PKINIT_SERVER_MATCHING_UPN_FOUND(context);
+            *valid_san = 1;
+            retval = 0;
+            goto out;
+        }
+    }
+    pkiDebug("%s: no upn san match found\n", __FUNCTION__);
+
+    retval = 0;
+out:
+    if (princs != NULL) {
+        for (i = 0; princs[i] != NULL; i++)
+            krb5_free_principal(context, princs[i]);
+        free(princs);
+    }
+    if (upns != NULL) {
+        for (i = 0; upns[i] != NULL; i++)
+            free(upns[i]);
+        free(upns);
+    }
+#ifdef DEBUG_SAN_INFO
+    if (client_string != NULL)
+        krb5_free_unparsed_name(context, client_string);
+#endif
+    pkiDebug("%s: returning retval %d, valid_san %d\n",
+             __FUNCTION__, retval, *valid_san);
+    return retval;
+}
+
+static krb5_error_code
+verify_client_eku(krb5_context context,
+                  pkinit_kdc_context plgctx,
+                  pkinit_kdc_req_context reqctx,
+                  int *eku_accepted)
+{
+    krb5_error_code retval;
+
+    *eku_accepted = 0;
+
+    if (plgctx->opts->require_eku == 0) {
+        TRACE_PKINIT_SERVER_EKU_SKIP(context);
+        *eku_accepted = 1;
+        retval = 0;
+        goto out;
+    }
+
+    retval = crypto_check_cert_eku(context, plgctx->cryptoctx,
+                                   reqctx->cryptoctx, plgctx->idctx,
+                                   0, /* kdc cert */
+                                   plgctx->opts->accept_secondary_eku,
+                                   eku_accepted);
+    if (retval) {
+        pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto out;
+    }
+
+out:
+    pkiDebug("%s: returning retval %d, eku_accepted %d\n",
+             __FUNCTION__, retval, *eku_accepted);
+    return retval;
+}
+
+
+/* Run the received, verified certificate through certauth modules, to verify
+ * that it is authorized to authenticate as client. */
+static krb5_error_code
+authorize_cert(krb5_context context, certauth_handle *certauth_modules,
+               pkinit_kdc_context plgctx, pkinit_kdc_req_context reqctx,
+               krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+               krb5_principal client, krb5_boolean *hwauth_out)
+{
+    krb5_error_code ret;
+    certauth_handle h;
+    struct certauth_req_opts opts;
+    krb5_boolean accepted = FALSE, hwauth = FALSE;
+    uint8_t *cert;
+    size_t i, cert_len;
+    void *db_ent = NULL;
+    char **ais = NULL, **ai = NULL;
+
+    /* Re-encode the received certificate into DER, which is extra work, but
+     * avoids creating an X.509 library dependency in the interface. */
+    ret = crypto_encode_der_cert(context, reqctx->cryptoctx, &cert, &cert_len);
+    if (ret)
+        goto cleanup;
+
+    /* Set options for the builtin module. */
+    opts.plgctx = plgctx;
+    opts.reqctx = reqctx;
+    opts.cb = cb;
+    opts.rock = rock;
+
+    db_ent = cb->client_entry(context, rock);
+
+    /*
+     * Check the certificate against each certauth module.  For the certificate
+     * to be authorized at least one module must return 0 or
+     * KRB5_CERTAUTH_HWAUTH, and no module can return an error code other than
+     * KRB5_PLUGIN_NO_HANDLE (pass) or KRB5_CERTAUTH_HWAUTH_PASS (pass but
+     * set hw-authent).  Add indicators from all modules.
+     */
+    ret = KRB5_PLUGIN_NO_HANDLE;
+    for (i = 0; certauth_modules != NULL && certauth_modules[i] != NULL; i++) {
+        h = certauth_modules[i];
+        TRACE_PKINIT_SERVER_CERT_AUTH(context, h->vt.name);
+        ret = h->vt.authorize(context, h->moddata, cert, cert_len, client,
+                              &opts, db_ent, &ais);
+        if (ret == 0)
+            accepted = TRUE;
+        else if (ret == KRB5_CERTAUTH_HWAUTH)
+            accepted = hwauth = TRUE;
+        else if (ret == KRB5_CERTAUTH_HWAUTH_PASS)
+            hwauth = TRUE;
+        else if (ret != KRB5_PLUGIN_NO_HANDLE)
+            goto cleanup;
+
+        if (ais != NULL) {
+            /* Assert authentication indicators from the module. */
+            for (ai = ais; *ai != NULL; ai++) {
+                ret = cb->add_auth_indicator(context, rock, *ai);
+                if (ret)
+                    goto cleanup;
+            }
+            h->vt.free_ind(context, h->moddata, ais);
+            ais = NULL;
+        }
+    }
+
+    *hwauth_out = hwauth;
+    ret = accepted ? 0 : KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+
+cleanup:
+    free(cert);
+    return ret;
+}
+
+/* Return an error if freshness tokens are required and one was not received.
+ * Log an appropriate message indicating whether a valid token was received. */
+static krb5_error_code
+check_log_freshness(krb5_context context, pkinit_kdc_context plgctx,
+                    krb5_kdc_req *request, krb5_boolean valid_freshness_token)
+{
+    krb5_error_code ret;
+    char *name = NULL;
+
+    ret = krb5_unparse_name(context, request->client, &name);
+    if (ret)
+        return ret;
+    if (plgctx->opts->require_freshness && !valid_freshness_token) {
+        com_err("", 0, _("PKINIT: no freshness token, rejecting auth from %s"),
+                name);
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+    } else if (valid_freshness_token) {
+        com_err("", 0, _("PKINIT: freshness token received from %s"), name);
+    } else {
+        com_err("", 0, _("PKINIT: no freshness token received from %s"), name);
+    }
+    krb5_free_unparsed_name(context, name);
+    return ret;
+}
+
+static void
+pkinit_server_verify_padata(krb5_context context,
+                            krb5_data *req_pkt,
+                            krb5_kdc_req * request,
+                            krb5_enc_tkt_part * enc_tkt_reply,
+                            krb5_pa_data * data,
+                            krb5_kdcpreauth_callbacks cb,
+                            krb5_kdcpreauth_rock rock,
+                            krb5_kdcpreauth_moddata moddata,
+                            krb5_kdcpreauth_verify_respond_fn respond,
+                            void *arg)
+{
+    krb5_error_code retval = 0;
+    krb5_data authp_data = {0, 0, NULL}, krb5_authz = {0, 0, NULL};
+    krb5_pa_pk_as_req *reqp = NULL;
+    krb5_auth_pack *auth_pack = NULL;
+    pkinit_kdc_context plgctx = NULL;
+    pkinit_kdc_req_context reqctx = NULL;
+    krb5_checksum cksum = {0, 0, 0, NULL};
+    krb5_data *der_req = NULL;
+    krb5_data k5data, *ftoken;
+    int is_signed = 1;
+    krb5_pa_data **e_data = NULL;
+    krb5_kdcpreauth_modreq modreq = NULL;
+    krb5_boolean valid_freshness_token = FALSE, hwauth = FALSE;
+    char **sp;
+
+    pkiDebug("pkinit_verify_padata: entered!\n");
+    if (data == NULL || data->length <= 0 || data->contents == NULL) {
+        (*respond)(arg, EINVAL, NULL, NULL, NULL);
+        return;
+    }
+
+
+    if (moddata == NULL) {
+        (*respond)(arg, EINVAL, NULL, NULL, NULL);
+        return;
+    }
+
+    plgctx = pkinit_find_realm_context(context, moddata, request->server);
+    if (plgctx == NULL) {
+        (*respond)(arg, EINVAL, NULL, NULL, NULL);
+        return;
+    }
+
+#ifdef DEBUG_ASN1
+    print_buffer_bin(data->contents, data->length, "/tmp/kdc_as_req");
+#endif
+    /* create a per-request context */
+    retval = pkinit_init_kdc_req_context(context, &reqctx);
+    if (retval)
+        goto cleanup;
+    reqctx->pa_type = data->pa_type;
+
+    PADATA_TO_KRB5DATA(data, &k5data);
+
+    if (data->pa_type != KRB5_PADATA_PK_AS_REQ) {
+        pkiDebug("unrecognized pa_type = %d\n", data->pa_type);
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    TRACE_PKINIT_SERVER_PADATA_VERIFY(context);
+    retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp);
+    if (retval) {
+        pkiDebug("decode_krb5_pa_pk_as_req failed\n");
+        goto cleanup;
+    }
+#ifdef DEBUG_ASN1
+    print_buffer_bin(reqp->signedAuthPack.data, reqp->signedAuthPack.length,
+                     "/tmp/kdc_signed_data");
+#endif
+    retval = cms_signeddata_verify(context, plgctx->cryptoctx,
+                                   reqctx->cryptoctx, plgctx->idctx,
+                                   CMS_SIGN_CLIENT,
+                                   plgctx->opts->require_crl_checking,
+                                   (unsigned char *)reqp->signedAuthPack.data,
+                                   reqp->signedAuthPack.length,
+                                   (unsigned char **)&authp_data.data,
+                                   &authp_data.length,
+                                   (unsigned char **)&krb5_authz.data,
+                                   &krb5_authz.length, &is_signed);
+    if (retval) {
+        TRACE_PKINIT_SERVER_PADATA_VERIFY_FAIL(context);
+        goto cleanup;
+    }
+    if (is_signed) {
+        retval = authorize_cert(context, moddata->certauth_modules, plgctx,
+                                reqctx, cb, rock, request->client, &hwauth);
+        if (retval)
+            goto cleanup;
+
+    } else { /* !is_signed */
+        if (!krb5_principal_compare(context, request->client,
+                                    krb5_anonymous_principal())) {
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_set_error_message(context, retval,
+                                   _("Pkinit request not signed, but client "
+                                     "not anonymous."));
+            goto cleanup;
+        }
+    }
+#ifdef DEBUG_ASN1
+    print_buffer_bin(authp_data.data, authp_data.length, "/tmp/kdc_auth_pack");
+#endif
+
+    OCTETDATA_TO_KRB5DATA(&authp_data, &k5data);
+    retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack);
+    if (retval) {
+        pkiDebug("failed to decode krb5_auth_pack\n");
+        goto cleanup;
+    }
+
+    retval = krb5_check_clockskew(context, auth_pack->pkAuthenticator.ctime);
+    if (retval)
+        goto cleanup;
+
+    /* check dh parameters */
+    if (auth_pack->clientPublicValue.length > 0) {
+        retval = server_check_dh(context, plgctx->cryptoctx,
+                                 reqctx->cryptoctx, plgctx->idctx,
+                                 &auth_pack->clientPublicValue,
+                                 plgctx->opts->dh_min_bits);
+        if (retval) {
+            pkiDebug("bad dh parameters\n");
+            goto cleanup;
+        }
+    } else if (!is_signed) {
+        /*Anonymous pkinit requires DH*/
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        krb5_set_error_message(context, retval,
+                               _("Anonymous pkinit without DH public "
+                                 "value not supported."));
+        goto cleanup;
+    }
+    der_req = cb->request_body(context, rock);
+    retval = krb5_c_make_checksum(context, CKSUMTYPE_SHA1, NULL, 0, der_req,
+                                  &cksum);
+    if (retval) {
+        pkiDebug("unable to calculate AS REQ checksum\n");
+        goto cleanup;
+    }
+    if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length ||
+        k5_bcmp(cksum.contents, auth_pack->pkAuthenticator.paChecksum.contents,
+                cksum.length) != 0) {
+        pkiDebug("failed to match the checksum\n");
+#ifdef DEBUG_CKSUM
+        pkiDebug("calculating checksum on buf size (%d)\n", req_pkt->length);
+        print_buffer(req_pkt->data, req_pkt->length);
+        pkiDebug("received checksum type=%d size=%d ",
+                 auth_pack->pkAuthenticator.paChecksum.checksum_type,
+                 auth_pack->pkAuthenticator.paChecksum.length);
+        print_buffer(auth_pack->pkAuthenticator.paChecksum.contents,
+                     auth_pack->pkAuthenticator.paChecksum.length);
+        pkiDebug("expected checksum type=%d size=%d ",
+                 cksum.checksum_type, cksum.length);
+        print_buffer(cksum.contents, cksum.length);
+#endif
+
+        retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
+        goto cleanup;
+    }
+
+    ftoken = auth_pack->pkAuthenticator.freshnessToken;
+    if (ftoken != NULL) {
+        retval = cb->check_freshness_token(context, rock, ftoken);
+        if (retval)
+            goto cleanup;
+        valid_freshness_token = TRUE;
+    }
+
+    /* check if kdcPkId present and match KDC's subjectIdentifier */
+    if (reqp->kdcPkId.data != NULL) {
+        int valid_kdcPkId = 0;
+        retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, plgctx->idctx,
+                                       (unsigned char *)reqp->kdcPkId.data,
+                                       reqp->kdcPkId.length, &valid_kdcPkId);
+        if (retval)
+            goto cleanup;
+        if (!valid_kdcPkId) {
+            pkiDebug("kdcPkId in AS_REQ does not match KDC's cert; "
+                     "RFC says to ignore and proceed\n");
+        }
+    }
+    /* remember the decoded auth_pack for verify_padata routine */
+    reqctx->rcv_auth_pack = auth_pack;
+    auth_pack = NULL;
+
+    if (is_signed) {
+        retval = check_log_freshness(context, plgctx, request,
+                                     valid_freshness_token);
+        if (retval)
+            goto cleanup;
+    }
+
+    if (is_signed && plgctx->auth_indicators != NULL) {
+        /* Assert configured authentication indicators. */
+        for (sp = plgctx->auth_indicators; *sp != NULL; sp++) {
+            retval = cb->add_auth_indicator(context, rock, *sp);
+            if (retval)
+                goto cleanup;
+        }
+    }
+
+    /* remember to set the PREAUTH flag in the reply */
+    enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+    if (hwauth)
+        enc_tkt_reply->flags |= TKT_FLG_HW_AUTH;
+    modreq = (krb5_kdcpreauth_modreq)reqctx;
+    reqctx = NULL;
+
+cleanup:
+    if (retval && data->pa_type == KRB5_PADATA_PK_AS_REQ) {
+        pkiDebug("pkinit_verify_padata failed: creating e-data\n");
+        if (pkinit_create_edata(context, plgctx->cryptoctx, reqctx->cryptoctx,
+                                plgctx->idctx, plgctx->opts, retval, &e_data))
+            pkiDebug("pkinit_create_edata failed\n");
+    }
+
+    free_krb5_pa_pk_as_req(&reqp);
+    free(cksum.contents);
+    free(authp_data.data);
+    free(krb5_authz.data);
+    if (reqctx != NULL)
+        pkinit_fini_kdc_req_context(context, reqctx);
+    free_krb5_auth_pack(&auth_pack);
+
+    (*respond)(arg, retval, modreq, e_data, NULL);
+}
+static krb5_error_code
+return_pkinit_kx(krb5_context context, krb5_kdc_req *request,
+                 krb5_kdc_rep *reply, krb5_keyblock *encrypting_key,
+                 krb5_pa_data **out_padata)
+{
+    krb5_error_code ret = 0;
+    krb5_keyblock *session = reply->ticket->enc_part2->session;
+    krb5_keyblock *new_session = NULL;
+    krb5_pa_data *pa = NULL;
+    krb5_enc_data enc;
+    krb5_data *scratch = NULL;
+
+    *out_padata = NULL;
+    enc.ciphertext.data = NULL;
+    if (!krb5_principal_compare(context, request->client,
+                                krb5_anonymous_principal()))
+        return 0;
+    /*
+     * The KDC contribution key needs to be a fresh key of an enctype supported
+     * by the client and server. The existing session key meets these
+     * requirements so we use it.
+     */
+    ret = krb5_c_fx_cf2_simple(context, session, "PKINIT",
+                               encrypting_key, "KEYEXCHANGE",
+                               &new_session);
+    if (ret)
+        goto cleanup;
+    ret = encode_krb5_encryption_key( session, &scratch);
+    if (ret)
+        goto cleanup;
+    ret = krb5_encrypt_helper(context, encrypting_key,
+                              KRB5_KEYUSAGE_PA_PKINIT_KX, scratch, &enc);
+    if (ret)
+        goto cleanup;
+    memset(scratch->data, 0, scratch->length);
+    krb5_free_data(context, scratch);
+    scratch = NULL;
+    ret = encode_krb5_enc_data(&enc, &scratch);
+    if (ret)
+        goto cleanup;
+    pa = malloc(sizeof(krb5_pa_data));
+    if (pa == NULL) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+    pa->pa_type = KRB5_PADATA_PKINIT_KX;
+    pa->length = scratch->length;
+    pa->contents = (krb5_octet *) scratch->data;
+    *out_padata = pa;
+    scratch->data = NULL;
+    memset(session->contents, 0, session->length);
+    krb5_free_keyblock_contents(context, session);
+    *session = *new_session;
+    new_session->contents = NULL;
+cleanup:
+    krb5_free_data_contents(context, &enc.ciphertext);
+    krb5_free_keyblock(context, new_session);
+    krb5_free_data(context, scratch);
+    return ret;
+}
+
+static krb5_error_code
+pkinit_pick_kdf_alg(krb5_context context, krb5_data **kdf_list,
+                    krb5_data **alg_oid)
+{
+    krb5_error_code retval = 0;
+    krb5_data *req_oid = NULL;
+    const krb5_data *supp_oid = NULL;
+    krb5_data *tmp_oid = NULL;
+    int i, j = 0;
+
+    /* if we don't find a match, return NULL value */
+    *alg_oid = NULL;
+
+    /* for each of the OIDs that the server supports... */
+    for (i = 0; NULL != (supp_oid = supported_kdf_alg_ids[i]); i++) {
+        /* if the requested OID is in the client's list, use it. */
+        for (j = 0; NULL != (req_oid = kdf_list[j]); j++) {
+            if ((req_oid->length == supp_oid->length) &&
+                (0 == memcmp(req_oid->data, supp_oid->data, req_oid->length))) {
+                tmp_oid = k5alloc(sizeof(krb5_data), &retval);
+                if (retval)
+                    goto cleanup;
+                tmp_oid->data = k5memdup(supp_oid->data, supp_oid->length,
+                                         &retval);
+                if (retval)
+                    goto cleanup;
+                tmp_oid->length = supp_oid->length;
+                *alg_oid = tmp_oid;
+                /* don't free the OID in clean-up if we are returning it */
+                tmp_oid = NULL;
+                goto cleanup;
+            }
+        }
+    }
+cleanup:
+    if (tmp_oid)
+        krb5_free_data(context, tmp_oid);
+    return retval;
+}
+
+static krb5_error_code
+pkinit_server_return_padata(krb5_context context,
+                            krb5_pa_data * padata,
+                            krb5_data *req_pkt,
+                            krb5_kdc_req * request,
+                            krb5_kdc_rep * reply,
+                            krb5_keyblock * encrypting_key,
+                            krb5_pa_data ** send_pa,
+                            krb5_kdcpreauth_callbacks cb,
+                            krb5_kdcpreauth_rock rock,
+                            krb5_kdcpreauth_moddata moddata,
+                            krb5_kdcpreauth_modreq modreq)
+{
+    krb5_error_code retval = 0;
+    krb5_data scratch = {0, 0, NULL};
+    krb5_pa_pk_as_req *reqp = NULL;
+    int i = 0;
+
+    unsigned char *dh_pubkey = NULL, *server_key = NULL;
+    unsigned int server_key_len = 0, dh_pubkey_len = 0;
+    krb5_keyblock reply_key = { 0 };
+
+    krb5_kdc_dh_key_info dhkey_info;
+    krb5_data *encoded_dhkey_info = NULL;
+    krb5_pa_pk_as_rep *rep = NULL;
+    krb5_data *out_data = NULL;
+    krb5_data secret;
+
+    krb5_enctype enctype = -1;
+
+    krb5_reply_key_pack *key_pack = NULL;
+    krb5_data *encoded_key_pack = NULL;
+
+    pkinit_kdc_context plgctx;
+    pkinit_kdc_req_context reqctx;
+
+    *send_pa = NULL;
+    if (padata->pa_type == KRB5_PADATA_PKINIT_KX) {
+        return return_pkinit_kx(context, request, reply,
+                                encrypting_key, send_pa);
+    }
+    if (padata->length <= 0 || padata->contents == NULL)
+        return 0;
+
+    if (modreq == NULL) {
+        pkiDebug("missing request context \n");
+        return EINVAL;
+    }
+
+    plgctx = pkinit_find_realm_context(context, moddata, request->server);
+    if (plgctx == NULL) {
+        pkiDebug("Unable to locate correct realm context\n");
+        return ENOENT;
+    }
+
+    TRACE_PKINIT_SERVER_RETURN_PADATA(context);
+    reqctx = (pkinit_kdc_req_context)modreq;
+
+    for(i = 0; i < request->nktypes; i++) {
+        enctype = request->ktype[i];
+        if (!krb5_c_valid_enctype(enctype))
+            continue;
+        else {
+            pkiDebug("KDC picked etype = %d\n", enctype);
+            break;
+        }
+    }
+
+    if (i == request->nktypes) {
+        retval = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto cleanup;
+    }
+
+    init_krb5_pa_pk_as_rep(&rep);
+    if (rep == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    /* let's assume it's RSA. we'll reset it to DH if needed */
+    rep->choice = choice_pa_pk_as_rep_encKeyPack;
+
+    if (reqctx->rcv_auth_pack != NULL &&
+        reqctx->rcv_auth_pack->clientPublicValue.length > 0) {
+        rep->choice = choice_pa_pk_as_rep_dhInfo;
+
+        pkiDebug("received DH key delivery AS REQ\n");
+        retval = server_process_dh(context, plgctx->cryptoctx,
+                                   reqctx->cryptoctx, plgctx->idctx,
+                                   &dh_pubkey, &dh_pubkey_len,
+                                   &server_key, &server_key_len);
+        if (retval) {
+            pkiDebug("failed to process/create dh parameters\n");
+            goto cleanup;
+        }
+
+        /*
+         * This is DH, so don't generate the key until after we
+         * encode the reply, because the encoded reply is needed
+         * to generate the key in some cases.
+         */
+
+        dhkey_info.subjectPublicKey.length = dh_pubkey_len;
+        dhkey_info.subjectPublicKey.data = (char *)dh_pubkey;
+        dhkey_info.nonce = request->nonce;
+        dhkey_info.dhKeyExpiration = 0;
+
+        retval = k5int_encode_krb5_kdc_dh_key_info(&dhkey_info,
+                                                   &encoded_dhkey_info);
+        if (retval) {
+            pkiDebug("encode_krb5_kdc_dh_key_info failed\n");
+            goto cleanup;
+        }
+#ifdef DEBUG_ASN1
+        print_buffer_bin((unsigned char *)encoded_dhkey_info->data,
+                         encoded_dhkey_info->length,
+                         "/tmp/kdc_dh_key_info");
+#endif
+
+        retval = cms_signeddata_create(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, plgctx->idctx,
+                                       CMS_SIGN_SERVER,
+                                       (unsigned char *)
+                                       encoded_dhkey_info->data,
+                                       encoded_dhkey_info->length,
+                                       (unsigned char **)
+                                       &rep->u.dh_Info.dhSignedData.data,
+                                       &rep->u.dh_Info.dhSignedData.length);
+        if (retval) {
+            pkiDebug("failed to create pkcs7 signed data\n");
+            goto cleanup;
+        }
+
+    } else {
+        pkiDebug("received RSA key delivery AS REQ\n");
+
+        init_krb5_reply_key_pack(&key_pack);
+        if (key_pack == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+
+        retval = krb5_c_make_random_key(context, enctype, &key_pack->replyKey);
+        if (retval) {
+            pkiDebug("unable to make a session key\n");
+            goto cleanup;
+        }
+
+        retval = krb5_c_make_checksum(context, 0, &key_pack->replyKey,
+                                      KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                      req_pkt, &key_pack->asChecksum);
+        if (retval) {
+            pkiDebug("unable to calculate AS REQ checksum\n");
+            goto cleanup;
+        }
+#ifdef DEBUG_CKSUM
+        pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length);
+        print_buffer(req_pkt->data, req_pkt->length);
+        pkiDebug("checksum size = %d\n", key_pack->asChecksum.length);
+        print_buffer(key_pack->asChecksum.contents,
+                     key_pack->asChecksum.length);
+        pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length);
+        print_buffer(key_pack->replyKey.contents, key_pack->replyKey.length);
+#endif
+
+        retval = k5int_encode_krb5_reply_key_pack(key_pack,
+                                                  &encoded_key_pack);
+        if (retval) {
+            pkiDebug("failed to encode reply_key_pack\n");
+            goto cleanup;
+        }
+
+        rep->choice = choice_pa_pk_as_rep_encKeyPack;
+        retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
+                                          reqctx->cryptoctx, plgctx->idctx,
+                                          padata->pa_type,
+                                          (unsigned char *)
+                                          encoded_key_pack->data,
+                                          encoded_key_pack->length,
+                                          (unsigned char **)
+                                          &rep->u.encKeyPack.data,
+                                          &rep->u.encKeyPack.length);
+        if (retval) {
+            pkiDebug("failed to create pkcs7 enveloped data: %s\n",
+                     error_message(retval));
+            goto cleanup;
+        }
+#ifdef DEBUG_ASN1
+        print_buffer_bin((unsigned char *)encoded_key_pack->data,
+                         encoded_key_pack->length,
+                         "/tmp/kdc_key_pack");
+        print_buffer_bin(rep->u.encKeyPack.data, rep->u.encKeyPack.length,
+                         "/tmp/kdc_enc_key_pack");
+#endif
+
+        retval = cb->replace_reply_key(context, rock, &key_pack->replyKey,
+                                       FALSE);
+        if (retval)
+            goto cleanup;
+    }
+
+    if (rep->choice == choice_pa_pk_as_rep_dhInfo &&
+        ((reqctx->rcv_auth_pack != NULL &&
+          reqctx->rcv_auth_pack->supportedKDFs != NULL))) {
+
+        /* If using the alg-agility KDF, put the algorithm in the reply
+         * before encoding it.
+         */
+        if (reqctx->rcv_auth_pack != NULL &&
+            reqctx->rcv_auth_pack->supportedKDFs != NULL) {
+            retval = pkinit_pick_kdf_alg(context, reqctx->rcv_auth_pack->supportedKDFs,
+                                         &(rep->u.dh_Info.kdfID));
+            if (retval) {
+                pkiDebug("pkinit_pick_kdf_alg failed: %s\n",
+                         error_message(retval));
+                goto cleanup;
+            }
+        }
+    }
+
+    retval = k5int_encode_krb5_pa_pk_as_rep(rep, &out_data);
+    if (retval) {
+        pkiDebug("failed to encode AS_REP\n");
+        goto cleanup;
+    }
+#ifdef DEBUG_ASN1
+    if (out_data != NULL)
+        print_buffer_bin((unsigned char *)out_data->data, out_data->length,
+                         "/tmp/kdc_as_rep");
+#endif
+
+    /* If this is DH, we haven't computed the key yet, so do it now. */
+    if (rep->choice == choice_pa_pk_as_rep_dhInfo) {
+
+        /* If mutually supported KDFs were found, use the algorithm agility
+         * KDF. */
+        if (rep->u.dh_Info.kdfID) {
+            secret.data = (char *)server_key;
+            secret.length = server_key_len;
+
+            retval = pkinit_alg_agility_kdf(context, &secret,
+                                            rep->u.dh_Info.kdfID,
+                                            request->client, request->server,
+                                            enctype, req_pkt, out_data,
+                                            &reply_key);
+            if (retval) {
+                pkiDebug("pkinit_alg_agility_kdf failed: %s\n",
+                         error_message(retval));
+                goto cleanup;
+            }
+
+            /* Otherwise, use the older octetstring2key() function */
+        } else {
+            retval = pkinit_octetstring2key(context, enctype, server_key,
+                                            server_key_len, &reply_key);
+            if (retval) {
+                pkiDebug("pkinit_octetstring2key failed: %s\n",
+                         error_message(retval));
+                goto cleanup;
+            }
+        }
+        retval = cb->replace_reply_key(context, rock, &reply_key, FALSE);
+        if (retval)
+            goto cleanup;
+    }
+
+    *send_pa = malloc(sizeof(krb5_pa_data));
+    if (*send_pa == NULL) {
+        retval = ENOMEM;
+        free(out_data->data);
+        free(out_data);
+        out_data = NULL;
+        goto cleanup;
+    }
+    (*send_pa)->magic = KV5M_PA_DATA;
+    (*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP;
+    (*send_pa)->length = out_data->length;
+    (*send_pa)->contents = (krb5_octet *) out_data->data;
+
+cleanup:
+    free(scratch.data);
+    free(out_data);
+    if (encoded_dhkey_info != NULL)
+        krb5_free_data(context, encoded_dhkey_info);
+    if (encoded_key_pack != NULL)
+        krb5_free_data(context, encoded_key_pack);
+    free(dh_pubkey);
+    free(server_key);
+    free_krb5_pa_pk_as_req(&reqp);
+    free_krb5_pa_pk_as_rep(&rep);
+    free_krb5_reply_key_pack(&key_pack);
+    krb5_free_keyblock_contents(context, &reply_key);
+
+    if (retval)
+        pkiDebug("pkinit_verify_padata failure");
+
+    return retval;
+}
+
+static int
+pkinit_server_get_flags(krb5_context kcontext, krb5_preauthtype patype)
+{
+    if (patype == KRB5_PADATA_PKINIT_KX)
+        return PA_INFO;
+    /* PKINIT does not normally set the hw-authent ticket flag, but a
+     * certauth module can cause it to do so. */
+    return PA_SUFFICIENT | PA_REPLACES_KEY | PA_TYPED_E_DATA | PA_HARDWARE;
+}
+
+static krb5_preauthtype supported_server_pa_types[] = {
+    KRB5_PADATA_PK_AS_REQ,
+    KRB5_PADATA_PKINIT_KX,
+    0
+};
+
+static void
+pkinit_fini_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
+{
+    /*
+     * There is nothing currently allocated by pkinit_init_kdc_profile()
+     * which needs to be freed here.
+     */
+}
+
+static krb5_error_code
+pkinit_init_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
+{
+    krb5_error_code retval;
+    char *eku_string = NULL, *ocsp_check = NULL;
+
+    pkiDebug("%s: entered for realm %s\n", __FUNCTION__, plgctx->realmname);
+    retval = pkinit_kdcdefault_string(context, plgctx->realmname,
+                                      KRB5_CONF_PKINIT_IDENTITY,
+                                      &plgctx->idopts->identity);
+    if (retval != 0 || NULL == plgctx->idopts->identity) {
+        retval = EINVAL;
+        krb5_set_error_message(context, retval,
+                               _("No pkinit_identity supplied for realm %s"),
+                               plgctx->realmname);
+        goto errout;
+    }
+
+    retval = pkinit_kdcdefault_strings(context, plgctx->realmname,
+                                       KRB5_CONF_PKINIT_ANCHORS,
+                                       &plgctx->idopts->anchors);
+    if (retval != 0 || NULL == plgctx->idopts->anchors) {
+        retval = EINVAL;
+        krb5_set_error_message(context, retval,
+                               _("No pkinit_anchors supplied for realm %s"),
+                               plgctx->realmname);
+        goto errout;
+    }
+
+    pkinit_kdcdefault_strings(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_POOL,
+                              &plgctx->idopts->intermediates);
+
+    pkinit_kdcdefault_strings(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_REVOKE,
+                              &plgctx->idopts->crls);
+
+    pkinit_kdcdefault_string(context, plgctx->realmname,
+                             KRB5_CONF_PKINIT_KDC_OCSP,
+                             &ocsp_check);
+    if (ocsp_check != NULL) {
+        free(ocsp_check);
+        retval = ENOTSUP;
+        krb5_set_error_message(context, retval,
+                               _("OCSP is not supported: (realm: %s)"),
+                               plgctx->realmname);
+        goto errout;
+    }
+
+    pkinit_kdcdefault_integer(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_DH_MIN_BITS,
+                              PKINIT_DEFAULT_DH_MIN_BITS,
+                              &plgctx->opts->dh_min_bits);
+    if (plgctx->opts->dh_min_bits < PKINIT_DH_MIN_CONFIG_BITS) {
+        pkiDebug("%s: invalid value (%d < %d) for pkinit_dh_min_bits, "
+                 "using default value (%d) instead\n", __FUNCTION__,
+                 plgctx->opts->dh_min_bits, PKINIT_DH_MIN_CONFIG_BITS,
+                 PKINIT_DEFAULT_DH_MIN_BITS);
+        plgctx->opts->dh_min_bits = PKINIT_DEFAULT_DH_MIN_BITS;
+    }
+
+    pkinit_kdcdefault_boolean(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_ALLOW_UPN,
+                              0, &plgctx->opts->allow_upn);
+
+    pkinit_kdcdefault_boolean(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
+                              0, &plgctx->opts->require_crl_checking);
+
+    pkinit_kdcdefault_boolean(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_REQUIRE_FRESHNESS,
+                              0, &plgctx->opts->require_freshness);
+
+    pkinit_kdcdefault_string(context, plgctx->realmname,
+                             KRB5_CONF_PKINIT_EKU_CHECKING,
+                             &eku_string);
+    if (eku_string != NULL) {
+        if (strcasecmp(eku_string, "kpClientAuth") == 0) {
+            plgctx->opts->require_eku = 1;
+            plgctx->opts->accept_secondary_eku = 0;
+        } else if (strcasecmp(eku_string, "scLogin") == 0) {
+            plgctx->opts->require_eku = 1;
+            plgctx->opts->accept_secondary_eku = 1;
+        } else if (strcasecmp(eku_string, "none") == 0) {
+            plgctx->opts->require_eku = 0;
+            plgctx->opts->accept_secondary_eku = 0;
+        } else {
+            pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
+                     __FUNCTION__, eku_string);
+        }
+        free(eku_string);
+    }
+
+    pkinit_kdcdefault_strings(context, plgctx->realmname,
+                              KRB5_CONF_PKINIT_INDICATOR,
+                              &plgctx->auth_indicators);
+
+    return 0;
+errout:
+    pkinit_fini_kdc_profile(context, plgctx);
+    return retval;
+}
+
+static pkinit_kdc_context
+pkinit_find_realm_context(krb5_context context,
+                          krb5_kdcpreauth_moddata moddata,
+                          krb5_principal princ)
+{
+    int i;
+    pkinit_kdc_context *realm_contexts;
+
+    if (moddata == NULL)
+        return NULL;
+
+    realm_contexts = moddata->realm_contexts;
+    if (realm_contexts == NULL)
+        return NULL;
+
+    for (i = 0; realm_contexts[i] != NULL; i++) {
+        pkinit_kdc_context p = realm_contexts[i];
+
+        if ((p->realmname_len == princ->realm.length) &&
+            (strncmp(p->realmname, princ->realm.data, p->realmname_len) == 0)) {
+            pkiDebug("%s: returning context at %p for realm '%s'\n",
+                     __FUNCTION__, p, p->realmname);
+            return p;
+        }
+    }
+    pkiDebug("%s: unable to find realm context for realm '%.*s'\n",
+             __FUNCTION__, princ->realm.length, princ->realm.data);
+    return NULL;
+}
+
+static int
+pkinit_server_plugin_init_realm(krb5_context context, const char *realmname,
+                                pkinit_kdc_context *pplgctx)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_kdc_context plgctx = NULL;
+
+    *pplgctx = NULL;
+
+    plgctx = calloc(1, sizeof(*plgctx));
+    if (plgctx == NULL)
+        goto errout;
+
+    pkiDebug("%s: initializing context at %p for realm '%s'\n",
+             __FUNCTION__, plgctx, realmname);
+    memset(plgctx, 0, sizeof(*plgctx));
+    plgctx->magic = PKINIT_CTX_MAGIC;
+
+    plgctx->realmname = strdup(realmname);
+    if (plgctx->realmname == NULL)
+        goto errout;
+    plgctx->realmname_len = strlen(plgctx->realmname);
+
+    retval = pkinit_init_plg_crypto(&plgctx->cryptoctx);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_plg_opts(&plgctx->opts);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_identity_crypto(&plgctx->idctx);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_identity_opts(&plgctx->idopts);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_init_kdc_profile(context, plgctx);
+    if (retval)
+        goto errout;
+
+    retval = pkinit_identity_initialize(context, plgctx->cryptoctx, NULL,
+                                        plgctx->idopts, plgctx->idctx,
+                                        NULL, NULL, NULL);
+    if (retval)
+        goto errout;
+    retval = pkinit_identity_prompt(context, plgctx->cryptoctx, NULL,
+                                    plgctx->idopts, plgctx->idctx,
+                                    NULL, NULL, 0, NULL);
+    if (retval)
+        goto errout;
+
+    pkiDebug("%s: returning context at %p for realm '%s'\n",
+             __FUNCTION__, plgctx, realmname);
+    *pplgctx = plgctx;
+    retval = 0;
+
+errout:
+    if (retval)
+        pkinit_server_plugin_fini_realm(context, plgctx);
+
+    return retval;
+}
+
+static krb5_error_code
+pkinit_san_authorize(krb5_context context, krb5_certauth_moddata moddata,
+                     const uint8_t *cert, size_t cert_len,
+                     krb5_const_principal princ, const void *opts,
+                     const struct _krb5_db_entry_new *db_entry,
+                     char ***authinds_out)
+{
+    krb5_error_code ret;
+    int valid_san;
+    const struct certauth_req_opts *req_opts = opts;
+
+    *authinds_out = NULL;
+
+    ret = verify_client_san(context, req_opts->plgctx, req_opts->reqctx,
+                            req_opts->cb, req_opts->rock, princ, &valid_san);
+    if (ret == ENOENT)
+        return KRB5_PLUGIN_NO_HANDLE;
+    else if (ret)
+        return ret;
+
+    if (!valid_san) {
+        TRACE_PKINIT_SERVER_SAN_REJECT(context);
+        return KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+pkinit_eku_authorize(krb5_context context, krb5_certauth_moddata moddata,
+                     const uint8_t *cert, size_t cert_len,
+                     krb5_const_principal princ, const void *opts,
+                     const struct _krb5_db_entry_new *db_entry,
+                     char ***authinds_out)
+{
+    krb5_error_code ret;
+    int valid_eku;
+    const struct certauth_req_opts *req_opts = opts;
+
+    *authinds_out = NULL;
+
+    /* Verify the client EKU. */
+    ret = verify_client_eku(context, req_opts->plgctx, req_opts->reqctx,
+                            &valid_eku);
+    if (ret)
+        return ret;
+
+    if (!valid_eku) {
+        TRACE_PKINIT_SERVER_EKU_REJECT(context);
+        return KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
+    }
+
+    return KRB5_PLUGIN_NO_HANDLE;
+}
+
+static krb5_error_code
+certauth_pkinit_san_initvt(krb5_context context, int maj_ver, int min_ver,
+                           krb5_plugin_vtable vtable)
+{
+    krb5_certauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_certauth_vtable)vtable;
+    vt->name = "pkinit_san";
+    vt->authorize = pkinit_san_authorize;
+    return 0;
+}
+
+static krb5_error_code
+certauth_pkinit_eku_initvt(krb5_context context, int maj_ver, int min_ver,
+                           krb5_plugin_vtable vtable)
+{
+    krb5_certauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_certauth_vtable)vtable;
+    vt->name = "pkinit_eku";
+    vt->authorize = pkinit_eku_authorize;
+    return 0;
+}
+
+/*
+ * Do certificate auth based on a match expression in the pkinit_cert_match
+ * attribute string.  An expression should be in the same form as those used
+ * for the pkinit_cert_match configuration option.
+ */
+static krb5_error_code
+dbmatch_authorize(krb5_context context, krb5_certauth_moddata moddata,
+                  const uint8_t *cert, size_t cert_len,
+                  krb5_const_principal princ, const void *opts,
+                  const struct _krb5_db_entry_new *db_entry,
+                  char ***authinds_out)
+{
+    krb5_error_code ret;
+    const struct certauth_req_opts *req_opts = opts;
+    char *pattern;
+    krb5_boolean matched;
+
+    *authinds_out = NULL;
+
+    /* Fetch the matching pattern.  Pass if it isn't specified. */
+    ret = req_opts->cb->get_string(context, req_opts->rock,
+                                   "pkinit_cert_match", &pattern);
+    if (ret)
+        return ret;
+    if (pattern == NULL)
+        return KRB5_PLUGIN_NO_HANDLE;
+
+    /* Check the certificate against the match expression. */
+    ret = pkinit_client_cert_match(context, req_opts->plgctx->cryptoctx,
+                                   req_opts->reqctx->cryptoctx, pattern,
+                                   &matched);
+    req_opts->cb->free_string(context, req_opts->rock, pattern);
+    if (ret)
+        return ret;
+    return matched ? 0 : KRB5KDC_ERR_CERTIFICATE_MISMATCH;
+}
+
+static krb5_error_code
+certauth_dbmatch_initvt(krb5_context context, int maj_ver, int min_ver,
+                        krb5_plugin_vtable vtable)
+{
+    krb5_certauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_certauth_vtable)vtable;
+    vt->name = "dbmatch";
+    vt->authorize = dbmatch_authorize;
+    return 0;
+}
+
+static krb5_error_code
+load_certauth_plugins(krb5_context context, const char *const *realmnames,
+                      certauth_handle **handle_out)
+{
+    krb5_error_code ret;
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    certauth_handle *list = NULL, h;
+    size_t count;
+
+    /* Register the builtin modules. */
+    ret = k5_plugin_register(context, PLUGIN_INTERFACE_CERTAUTH,
+                             "pkinit_san", certauth_pkinit_san_initvt);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_plugin_register(context, PLUGIN_INTERFACE_CERTAUTH,
+                             "pkinit_eku", certauth_pkinit_eku_initvt);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_plugin_register(context, PLUGIN_INTERFACE_CERTAUTH, "dbmatch",
+                             certauth_dbmatch_initvt);
+    if (ret)
+        goto cleanup;
+
+    ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_CERTAUTH, &modules);
+    if (ret)
+        goto cleanup;
+
+    /* Allocate handle list. */
+    for (count = 0; modules[count]; count++);
+    list = k5calloc(count + 1, sizeof(*list), &ret);
+    if (list == NULL)
+        goto cleanup;
+
+    /* Initialize each module, ignoring ones that fail. */
+    count = 0;
+    for (mod = modules; *mod != NULL; mod++) {
+        h = k5calloc(1, sizeof(*h), &ret);
+        if (h == NULL)
+            goto cleanup;
+
+        ret = (*mod)(context, 1, 2, (krb5_plugin_vtable)&h->vt);
+        if (ret) {
+            TRACE_CERTAUTH_VTINIT_FAIL(context, ret);
+            free(h);
+            continue;
+        }
+        h->moddata = NULL;
+        if (h->vt.init_ex != NULL)
+            ret = h->vt.init_ex(context, realmnames, &h->moddata);
+        else if (h->vt.init != NULL)
+            ret = h->vt.init(context, &h->moddata);
+        if (ret) {
+            TRACE_CERTAUTH_INIT_FAIL(context, h->vt.name, ret);
+            free(h);
+            continue;
+        }
+        list[count++] = h;
+        list[count] = NULL;
+    }
+    list[count] = NULL;
+
+    ret = 0;
+    *handle_out = list;
+    list = NULL;
+
+cleanup:
+    k5_plugin_free_modules(context, modules);
+    free_certauth_handles(context, list);
+    return ret;
+}
+
+static int
+pkinit_server_plugin_init(krb5_context context,
+                          krb5_kdcpreauth_moddata *moddata_out,
+                          const char **realmnames)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_kdc_context plgctx, *realm_contexts = NULL;
+    certauth_handle *certauth_modules = NULL;
+    krb5_kdcpreauth_moddata moddata;
+    size_t  i, j;
+    size_t numrealms;
+
+    retval = pkinit_accessor_init();
+    if (retval)
+        return retval;
+
+    /* Determine how many realms we may need to support */
+    for (i = 0; realmnames[i] != NULL; i++) {};
+    numrealms = i;
+
+    realm_contexts = calloc(numrealms+1, sizeof(pkinit_kdc_context));
+    if (realm_contexts == NULL)
+        return ENOMEM;
+
+    for (i = 0, j = 0; i < numrealms; i++) {
+        TRACE_PKINIT_SERVER_INIT_REALM(context, realmnames[i]);
+        krb5_clear_error_message(context);
+        retval = pkinit_server_plugin_init_realm(context, realmnames[i],
+                                                 &plgctx);
+        if (retval)
+            TRACE_PKINIT_SERVER_INIT_FAIL(context, realmnames[i], retval);
+        else
+            realm_contexts[j++] = plgctx;
+    }
+
+    if (j == 0) {
+        if (numrealms == 1) {
+            k5_prependmsg(context, retval, "PKINIT initialization failed");
+        } else {
+            retval = EINVAL;
+            k5_setmsg(context, retval,
+                      _("No realms configured correctly for pkinit support"));
+        }
+        goto errout;
+    }
+
+    retval = load_certauth_plugins(context, realmnames, &certauth_modules);
+    if (retval)
+        goto errout;
+
+    moddata = k5calloc(1, sizeof(*moddata), &retval);
+    if (moddata == NULL)
+        goto errout;
+    moddata->realm_contexts = realm_contexts;
+    moddata->certauth_modules = certauth_modules;
+    *moddata_out = moddata;
+    pkiDebug("%s: returning context at %p\n", __FUNCTION__, moddata);
+    return 0;
+
+errout:
+    free_realm_contexts(context, realm_contexts);
+    free_certauth_handles(context, certauth_modules);
+    return retval;
+}
+
+static void
+pkinit_server_plugin_fini_realm(krb5_context context, pkinit_kdc_context plgctx)
+{
+    char **sp;
+
+    if (plgctx == NULL)
+        return;
+
+    pkinit_fini_kdc_profile(context, plgctx);
+    pkinit_fini_identity_opts(plgctx->idopts);
+    pkinit_fini_identity_crypto(plgctx->idctx);
+    pkinit_fini_plg_crypto(plgctx->cryptoctx);
+    pkinit_fini_plg_opts(plgctx->opts);
+    for (sp = plgctx->auth_indicators; sp != NULL && *sp != NULL; sp++)
+        free(*sp);
+    free(plgctx->auth_indicators);
+    free(plgctx->realmname);
+    free(plgctx);
+}
+
+static void
+pkinit_server_plugin_fini(krb5_context context,
+                          krb5_kdcpreauth_moddata moddata)
+{
+    if (moddata == NULL)
+        return;
+    free_realm_contexts(context, moddata->realm_contexts);
+    free_certauth_handles(context, moddata->certauth_modules);
+    free(moddata);
+}
+
+static krb5_error_code
+pkinit_init_kdc_req_context(krb5_context context, pkinit_kdc_req_context *ctx)
+{
+    krb5_error_code retval = ENOMEM;
+    pkinit_kdc_req_context reqctx = NULL;
+
+    reqctx = malloc(sizeof(*reqctx));
+    if (reqctx == NULL)
+        return retval;
+    memset(reqctx, 0, sizeof(*reqctx));
+    reqctx->magic = PKINIT_CTX_MAGIC;
+
+    retval = pkinit_init_req_crypto(&reqctx->cryptoctx);
+    if (retval)
+        goto cleanup;
+    reqctx->rcv_auth_pack = NULL;
+
+    pkiDebug("%s: returning reqctx at %p\n", __FUNCTION__, reqctx);
+    *ctx = reqctx;
+    retval = 0;
+cleanup:
+    if (retval)
+        pkinit_fini_kdc_req_context(context, reqctx);
+
+    return retval;
+}
+
+static void
+pkinit_fini_kdc_req_context(krb5_context context, void *ctx)
+{
+    pkinit_kdc_req_context reqctx = (pkinit_kdc_req_context)ctx;
+
+    if (reqctx == NULL || reqctx->magic != PKINIT_CTX_MAGIC) {
+        pkiDebug("pkinit_fini_kdc_req_context: got bad reqctx (%p)!\n", reqctx);
+        return;
+    }
+    pkiDebug("%s: freeing reqctx at %p\n", __FUNCTION__, reqctx);
+
+    pkinit_fini_req_crypto(reqctx->cryptoctx);
+    if (reqctx->rcv_auth_pack != NULL)
+        free_krb5_auth_pack(&reqctx->rcv_auth_pack);
+
+    free(reqctx);
+}
+
+static void
+pkinit_free_modreq(krb5_context context, krb5_kdcpreauth_moddata moddata,
+                   krb5_kdcpreauth_modreq modreq)
+{
+    pkinit_fini_kdc_req_context(context, modreq);
+}
+
+krb5_error_code
+kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "pkinit";
+    vt->pa_type_list = supported_server_pa_types;
+    vt->init = pkinit_server_plugin_init;
+    vt->fini = pkinit_server_plugin_fini;
+    vt->flags = pkinit_server_get_flags;
+    vt->edata = pkinit_server_get_edata;
+    vt->verify = pkinit_server_verify_padata;
+    vt->return_padata = pkinit_server_return_padata;
+    vt->free_modreq = pkinit_free_modreq;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_trace.h b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_trace.h
new file mode 100644
index 00000000..259e95c6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_trace.h
@@ -0,0 +1,214 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/pkinit/pkinit_trace.h - PKINIT tracing macros */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef PKINIT_TRACE_H
+#define PKINIT_TRACE_H
+
+#include "k5-trace.h"
+
+#define TRACE_PKINIT_CLIENT_EKU_ACCEPT(c)                       \
+    TRACE(c, "PKINIT client found acceptable EKU in KDC cert")
+#define TRACE_PKINIT_CLIENT_EKU_REJECT(c)                               \
+    TRACE(c, "PKINIT client found no acceptable EKU in KDC cert")
+#define TRACE_PKINIT_CLIENT_EKU_SKIP(c)                                 \
+    TRACE(c, "PKINIT client skipping EKU check due to configuration")
+#define TRACE_PKINIT_CLIENT_FRESHNESS_TOKEN(c)                  \
+    TRACE(c, "PKINIT client received freshness token from KDC")
+#define TRACE_PKINIT_CLIENT_KDF_ALG(c, kdf, keyblock)                   \
+    TRACE(c, "PKINIT client used KDF {hexdata} to compute reply key "   \
+          "{keyblock}", kdf, keyblock)
+#define TRACE_PKINIT_CLIENT_KDF_OS2K(c, keyblock)                       \
+    TRACE(c, "PKINIT client used octetstring2key to compute reply key " \
+          "{keyblock}", keyblock)
+#define TRACE_PKINIT_CLIENT_NO_IDENTITY(c)                              \
+    TRACE(c, "PKINIT client has no configured identity; giving up")
+#define TRACE_PKINIT_CLIENT_REP_CHECKSUM_FAIL(c, expected, received)    \
+    TRACE(c, "PKINIT client checksum mismatch: expected {cksum}, "      \
+          "received {cksum}", expected, received)
+#define TRACE_PKINIT_CLIENT_REP_DH(c)           \
+    TRACE(c, "PKINIT client verified DH reply")
+#define TRACE_PKINIT_CLIENT_REP_DH_FAIL(c)              \
+    TRACE(c, "PKINIT client could not verify DH reply")
+#define TRACE_PKINIT_CLIENT_REP_RSA(c)                  \
+    TRACE(c, "PKINIT client verified RSA reply")
+#define TRACE_PKINIT_CLIENT_REP_RSA_KEY(c, keyblock, cksum)             \
+    TRACE(c, "PKINIT client retrieved reply key {keyblock} from RSA "   \
+          "reply (checksum {cksum})", keyblock, cksum)
+#define TRACE_PKINIT_CLIENT_REP_RSA_FAIL(c)                     \
+    TRACE(c, "PKINIT client could not verify RSA reply")
+#define TRACE_PKINIT_CLIENT_REQ_CHECKSUM(c, cksum)                      \
+    TRACE(c, "PKINIT client computed kdc-req-body checksum {cksum}", cksum)
+#define TRACE_PKINIT_CLIENT_REQ_DH(c)                           \
+    TRACE(c, "PKINIT client making DH request")
+#define TRACE_PKINIT_CLIENT_REQ_RSA(c)                  \
+    TRACE(c, "PKINIT client making RSA request")
+#define TRACE_PKINIT_CLIENT_SAN_CONFIG_DNSNAME(c, host)                 \
+    TRACE(c, "PKINIT client config accepts KDC dNSName SAN {str}", host)
+#define TRACE_PKINIT_CLIENT_SAN_MATCH_DNSNAME(c, host)                  \
+    TRACE(c, "PKINIT client matched KDC hostname {str} against "     \
+          "dNSName SAN; EKU check still required", host)
+#define TRACE_PKINIT_CLIENT_SAN_MATCH_NONE(c)                           \
+    TRACE(c, "PKINIT client found no acceptable SAN in KDC cert")
+#define TRACE_PKINIT_CLIENT_SAN_MATCH_PRINC(c, princ)                   \
+    TRACE(c, "PKINIT client matched KDC principal {princ} against "     \
+          "id-pkinit-san; no EKU check required", princ)
+#define TRACE_PKINIT_CLIENT_SAN_ERR(c)                          \
+    TRACE(c, "PKINIT client failed to decode SANs in KDC cert")
+#define TRACE_PKINIT_CLIENT_SAN_KDCCERT_DNSNAME(c, host)                \
+    TRACE(c, "PKINIT client found dNSName SAN in KDC cert: {str}", host)
+#define TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(c, princ)                 \
+    TRACE(c, "PKINIT client found id-pkinit-san in KDC cert: {princ}", princ)
+#define TRACE_PKINIT_CLIENT_TRYAGAIN(c)                                 \
+    TRACE(c, "PKINIT client trying again with KDC-provided parameters")
+
+#define TRACE_PKINIT_OPENSSL_ERROR(c, msg)              \
+    TRACE(c, "PKINIT OpenSSL error: {str}", msg)
+
+#define TRACE_PKINIT_PKCS11_GETFLIST_FAILED(c, errstr)                  \
+    TRACE(c, "PKINIT PKCS11 C_GetFunctionList failed: {str}", errstr)
+#define TRACE_PKINIT_PKCS11_GETSYM_FAILED(c, errstr)                    \
+    TRACE(c, "PKINIT unable to find PKCS11 plugin symbol "              \
+          "C_GetFunctionList: {str}", errstr)
+#define TRACE_PKINIT_PKCS11_LOGIN_FAILED(c, errstr)             \
+    TRACE(c, "PKINIT PKCS11 C_Login failed: {str}", errstr)
+#define TRACE_PKINIT_PKCS11_NO_MATCH_TOKEN(c)                   \
+    TRACE(c, "PKINIT PKCS#11 module has no matching tokens")
+#define TRACE_PKINIT_PKCS11_NO_TOKEN(c)                                 \
+    TRACE(c, "PKINIT PKCS#11 module shows no slots with tokens")
+#define TRACE_PKINIT_PKCS11_OPEN(c, name)                       \
+    TRACE(c, "PKINIT opening PKCS#11 module \"{str}\"", name)
+#define TRACE_PKINIT_PKCS11_OPEN_FAILED(c, errstr)                      \
+    TRACE(c, "PKINIT PKCS#11 module open failed: {str}", errstr)
+#define TRACE_PKINIT_PKCS11_SLOT(c, slot, len, label)            \
+    TRACE(c, "PKINIT PKCS#11 slotid {int} token {lenstr}",       \
+          slot, len, label)
+
+#define TRACE_PKINIT_SERVER_CERT_AUTH(c, modname)                       \
+    TRACE(c, "PKINIT server authorizing cert with module {str}",        \
+          modname)
+#define TRACE_PKINIT_SERVER_EKU_REJECT(c)                               \
+    TRACE(c, "PKINIT server found no acceptable EKU in client cert")
+#define TRACE_PKINIT_SERVER_EKU_SKIP(c)                                 \
+    TRACE(c, "PKINIT server skipping EKU check due to configuration")
+#define TRACE_PKINIT_SERVER_INIT_REALM(c, realm)                \
+    TRACE(c, "PKINIT server initializing realm {str}", realm)
+#define TRACE_PKINIT_SERVER_INIT_FAIL(c, realm, retval)                 \
+    TRACE(c, "PKINIT server initialization failed for realm {str}: {kerr}", \
+          realm, retval)
+#define TRACE_PKINIT_SERVER_MATCHING_UPN_FOUND(c)                       \
+    TRACE(c, "PKINIT server found a matching UPN SAN in client cert")
+#define TRACE_PKINIT_SERVER_MATCHING_SAN_FOUND(c)                       \
+    TRACE(c, "PKINIT server found a matching SAN in client cert")
+#define TRACE_PKINIT_SERVER_NO_SAN(c)                           \
+    TRACE(c, "PKINIT server found no SAN in client cert")
+#define TRACE_PKINIT_SERVER_PADATA_VERIFY(c)                    \
+    TRACE(c, "PKINIT server verifying KRB5_PADATA_PK_AS_REQ")
+#define TRACE_PKINIT_SERVER_PADATA_VERIFY_FAIL(c)       \
+    TRACE(c, "PKINIT server failed to verify PA data")
+#define TRACE_PKINIT_SERVER_RETURN_PADATA(c)    \
+    TRACE(c, "PKINIT server returning PA data")
+#define TRACE_PKINIT_SERVER_SAN_REJECT(c)                               \
+    TRACE(c, "PKINIT server found no acceptable SAN in client cert")
+#define TRACE_PKINIT_SERVER_UPN_PARSE_FAIL(c, upn, ret)                 \
+    TRACE(c, "PKINIT server could not parse UPN \"{str}\": {kerr}",     \
+          upn, ret)
+
+#define TRACE_PKINIT_CERT_CHAIN_NAME(c, index, name)    \
+    TRACE(c, "PKINIT chain cert #{int}: {str}", index, name)
+#define TRACE_PKINIT_CERT_NUM_MATCHING(c, total, nummatch)              \
+    TRACE(c, "PKINIT client checked {int} certs, found {int} matches",  \
+          total, nummatch)
+#define TRACE_PKINIT_CERT_RULE(c, rule)                                 \
+    TRACE(c, "PKINIT client matching rule '{str}' against certificates", rule)
+#define TRACE_PKINIT_CERT_RULE_INVALID(c, rule)                         \
+    TRACE(c, "PKINIT client ignoring invalid rule '{str}'", rule)
+
+#define TRACE_PKINIT_EKU(c)                                             \
+    TRACE(c, "PKINIT found acceptable EKU and digitalSignature KU")
+#define TRACE_PKINIT_EKU_NO_KU(c)                                       \
+    TRACE(c, "PKINIT found acceptable EKU but no digitalSignature KU")
+#define TRACE_PKINIT_IDENTITY_OPTION(c, name)           \
+    TRACE(c, "PKINIT loading identity {str}", name)
+#define TRACE_PKINIT_LOADED_CERT(c, name)                       \
+    TRACE(c, "PKINIT loaded cert and key for {str}", name)
+#define TRACE_PKINIT_LOAD_FROM_FILE(c, name)                            \
+    TRACE(c, "PKINIT loading CA certs and CRLs from FILE {str}", name)
+#define TRACE_PKINIT_LOAD_FROM_DIR(c, name)                             \
+    TRACE(c, "PKINIT loading CA certs and CRLs from DIR {str}", name)
+#define TRACE_PKINIT_NO_CA_ANCHOR(c, file)              \
+    TRACE(c, "PKINIT no anchor CA in file {str}", file)
+#define TRACE_PKINIT_NO_CA_INTERMEDIATE(c, file)                \
+    TRACE(c, "PKINIT no intermediate CA in file {str}", file)
+#define TRACE_PKINIT_NO_CERT(c)                 \
+    TRACE(c, "PKINIT no certificate provided")
+#define TRACE_PKINIT_NO_CERT_AND_KEY(c, dirname)                        \
+    TRACE(c, "PKINIT no cert and key pair found in directory {str}",    \
+          dirname)
+#define TRACE_PKINIT_NO_CRL(c, file)                    \
+    TRACE(c, "PKINIT no CRL in file {str}", file)
+#define TRACE_PKINIT_NO_DEFAULT_CERT(c, count)                          \
+    TRACE(c, "PKINIT error: There are {int} certs, but there must "     \
+          "be exactly one.", count)
+#define TRACE_PKINIT_NO_MATCHING_CERT(c)                \
+    TRACE(c, "PKINIT no matching certificate found")
+#define TRACE_PKINIT_NO_PRIVKEY(c)              \
+    TRACE(c, "PKINIT no private key provided")
+#define TRACE_PKINIT_PKCS_DECODE_FAIL(c, name)                          \
+    TRACE(c, "PKINIT failed to decode PKCS12 file {str} contents", name)
+#define TRACE_PKINIT_PKCS_OPEN_FAIL(c, name, err)                       \
+    TRACE(c, "PKINIT failed to open PKCS12 file {str}: err {errno}",    \
+          name, err)
+#define TRACE_PKINIT_PKCS_PARSE_FAIL_FIRST(c)                           \
+    TRACE(c, "PKINIT initial PKCS12_parse with no password failed")
+#define TRACE_PKINIT_PKCS_PARSE_FAIL_SECOND(c)                          \
+    TRACE(c, "PKINIT second PKCS12_parse with password failed")
+#define TRACE_PKINIT_PKCS_PROMPT_FAIL(c)                        \
+    TRACE(c, "PKINIT failed to prompt for PKCS12 password")
+#define TRACE_PKINIT_REGEXP_MATCH(c, keyword, comp, value, idx)         \
+    TRACE(c, "PKINIT matched {str} rule '{str}' with "                  \
+          "value '{str}' in cert #{int}", keyword, comp, value, (idx) + 1)
+#define TRACE_PKINIT_REGEXP_NOMATCH(c, keyword, comp, value, idx)       \
+    TRACE(c, "PKINIT didn't match {str} rule '{str}' with "             \
+          "value '{str}' in cert #{int}", keyword, comp, value, (idx) + 1)
+#define TRACE_PKINIT_SAN_CERT_COUNT(c, count, princ, upns, dns, cert)   \
+    TRACE(c, "PKINIT client found {int} SANs ({int} princs, {int} "     \
+          "UPNs, {int} DNS names) in certificate {str}", count, princ,   \
+          upns, dns, cert)
+#define TRACE_PKINIT_SAN_CERT_NONE(c, cert)                             \
+    TRACE(c, "PKINIT client found no SANs in certificate {str}", cert)
+
+#define TRACE_CERTAUTH_VTINIT_FAIL(c, ret)                              \
+    TRACE(c, "certauth module failed to init vtable: {kerr}", ret)
+#define TRACE_CERTAUTH_INIT_FAIL(c, name, ret)                          \
+    TRACE(c, "certauth module {str} failed to init: {kerr}", name, ret)
+
+#endif /* PKINIT_TRACE_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/Makefile.in b/krb5-1.21.3/src/plugins/preauth/securid_sam2/Makefile.in
new file mode 100644
index 00000000..af34c15a
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/Makefile.in
@@ -0,0 +1,27 @@
+mydir=plugins$(S)preauth$(S)securid_sam2
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
+DEFINES=-DARL_SECURID_PREAUTH
+
+LIBBASE=securid_sam2
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/preauth/securid_sam2
+# Depends on libk5crypto and libkrb5
+SHLIB_EXPDEPS = \
+	$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+	$(TOPLIBD)/libkrb5$(SHLIBEXT) $(KADMSRV_DEPLIBS)
+ACELIB= -laceclnt
+SHLIB_EXPLIBS= -lkrb5 $(COM_ERR_LIB) -lk5crypto $(SUPPORT_LIB) \
+	$(KADMSRV_LIBS) $(LIBS) $(ACELIB)
+
+STLIBOBJS=securid_sam2_main.o securid2.o grail.o
+
+SRCS= $(srcdir)/securid_sam2_main.c $(srcdir)/securid2.c $(srcdir)/grail.c
+
+all-unix: all-libs
+install-unix: install-libs
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/README b/krb5-1.21.3/src/plugins/preauth/securid_sam2/README
new file mode 100644
index 00000000..8fc10284
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/README
@@ -0,0 +1,17 @@
+SecurID Preauth Support
+
+In order to build this library you will need the RSA 's ACE Agent
+SDK. Set the LDFLAGS and CPPFLAGS environment variables to include the
+appropriate paths for your SDK before running configure. If libaceclnt
+is found then the plugin will be enabled.
+For example:
+
+../src/configure CC='gcc -m32' CFLAGS=-g --prefix=/usr/local/krb5 \
+     --disable-rpath LDFLAGS=-L/home/developer/ace/ACEAgentSDK/lib/lnx \
+    CPPFLAGS=-I/home/developer/ace/ACEAgentSDK/inc
+
+
+Once the plugin is installed, set the requires_preauth and potentially
+requires_hwauth flags for a principal.  Then create principal/SECURID
+as a new principal with a random key. That principal will now require
+SecurID authentication.
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/deps b/krb5-1.21.3/src/plugins/preauth/securid_sam2/deps
new file mode 100644
index 00000000..e69de29b
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/extern.h b/krb5-1.21.3/src/plugins/preauth/securid_sam2/extern.h
new file mode 100644
index 00000000..c8c76dd0
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/extern.h
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/securid_sam2/extern.h */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Declarations for SecurID SAM2 plugin.
+ */
+
+krb5_error_code sam_get_db_entry(krb5_context , krb5_principal,
+                                 int *, krb5_db_entry **);
+
+krb5_error_code sam_make_challenge(krb5_context context,
+                                   krb5_sam_challenge_2_body *sc2b,
+                                   krb5_keyblock *cksum_key,
+                                   krb5_sam_challenge_2 *sc2_out);
+
+krb5_error_code get_securid_edata_2(krb5_context context,
+                                    krb5_db_entry *client,
+                                    krb5_keyblock *client_key,
+                                    krb5_sam_challenge_2 *sc2);
+
+krb5_error_code verify_securid_data_2(krb5_context context,
+                                      krb5_db_entry *client,
+                                      krb5_sam_response_2 *sr2,
+                                      krb5_enc_tkt_part *enc_tkt_reply,
+                                      krb5_pa_data *pa,
+                                      krb5_sam_challenge_2 **sc2_out);
+
+krb5_error_code get_grail_edata(krb5_context context, krb5_db_entry *client,
+                                krb5_keyblock *client_key,
+                                krb5_sam_challenge_2 *sc2_out);
+
+krb5_error_code verify_grail_data(krb5_context context, krb5_db_entry *client,
+                                  krb5_sam_response_2 *sr2,
+                                  krb5_enc_tkt_part *enc_tkt_reply,
+                                  krb5_pa_data *pa,
+                                  krb5_sam_challenge_2 **sc2_out);
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/grail.c b/krb5-1.21.3/src/plugins/preauth/securid_sam2/grail.c
new file mode 100644
index 00000000..48b61b0d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/grail.c
@@ -0,0 +1,272 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/securid_sam2/grail.c - Test method for SAM-2 preauth */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This test method exists to exercise the client SAM-2 code and some of the
+ * KDC SAM-2 code.  We make up a weakly random number and presents it to the
+ * client in the prompt (in plain text), as well as encrypted in the track ID.
+ * To verify, we compare the decrypted track ID to the entered value.
+ *
+ * Do not use this method in production; it is not secure.
+ */
+
+#ifdef GRAIL_PREAUTH
+
+#include "k5-int.h"
+#include <kdb.h>
+#include <adm_proto.h>
+#include <ctype.h>
+#include "extern.h"
+
+static krb5_error_code
+get_grail_key(krb5_context context, krb5_db_entry *client,
+              krb5_keyblock *key_out)
+{
+    krb5_db_entry *grail_entry = NULL;
+    krb5_key_data *kd;
+    int sam_type = PA_SAM_TYPE_GRAIL;
+    krb5_error_code ret = 0;
+
+    ret = sam_get_db_entry(context, client->princ, &sam_type, &grail_entry);
+    if (ret)
+        return KRB5_PREAUTH_NO_KEY;
+    ret = krb5_dbe_find_enctype(context, grail_entry, -1, -1, -1, &kd);
+    if (ret)
+        goto cleanup;
+    ret = krb5_dbe_decrypt_key_data(context, NULL, kd, key_out, NULL);
+    if (ret)
+        goto cleanup;
+
+cleanup:
+    if (grail_entry)
+        krb5_db_free_principal(context, grail_entry);
+    return ret;
+}
+
+static krb5_error_code
+decrypt_track_data(krb5_context context, krb5_db_entry *client,
+                   krb5_data *enc_track_data, krb5_data *output)
+{
+    krb5_error_code ret;
+    krb5_keyblock sam_key;
+    krb5_enc_data enc;
+    krb5_data result = empty_data();
+
+    sam_key.contents = NULL;
+    *output = empty_data();
+
+    ret = get_grail_key(context, client, &sam_key);
+    if (ret != 0)
+        return ret;
+    enc.ciphertext = *enc_track_data;
+    enc.enctype = ENCTYPE_UNKNOWN;
+    enc.kvno = 0;
+    ret = alloc_data(&result, enc_track_data->length);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_decrypt(context, &sam_key,
+                         KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID, 0, &enc,
+                         &result);
+    if (ret)
+        goto cleanup;
+
+    *output = result;
+    result = empty_data();
+
+cleanup:
+    krb5_free_keyblock_contents(context, &sam_key);
+    krb5_free_data_contents(context, &result);
+    return ret;
+}
+
+static krb5_error_code
+encrypt_track_data(krb5_context context, krb5_db_entry *client,
+                   krb5_data *track_data, krb5_data *output)
+{
+    krb5_error_code ret;
+    size_t olen;
+    krb5_keyblock sam_key;
+    krb5_enc_data enc;
+
+    *output = empty_data();
+    enc.ciphertext = empty_data();
+    sam_key.contents = NULL;
+
+    ret = get_grail_key(context, client, &sam_key);
+    if (ret != 0)
+        return ret;
+
+    ret = krb5_c_encrypt_length(context, sam_key.enctype,
+                                   track_data->length, &olen);
+    if (ret != 0)
+        goto cleanup;
+    assert(olen <= 65536);
+    ret = alloc_data(&enc.ciphertext, olen);
+    if (ret)
+        goto cleanup;
+    enc.enctype = sam_key.enctype;
+    enc.kvno = 0;
+
+    ret = krb5_c_encrypt(context, &sam_key,
+                         KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID, 0,
+                         track_data, &enc);
+    if (ret)
+        goto cleanup;
+
+    *output = enc.ciphertext;
+    enc.ciphertext = empty_data();
+
+cleanup:
+    krb5_free_keyblock_contents(context, &sam_key);
+    krb5_free_data_contents(context, &enc.ciphertext);
+    return ret;
+}
+
+krb5_error_code
+get_grail_edata(krb5_context context, krb5_db_entry *client,
+                krb5_keyblock *client_key, krb5_sam_challenge_2 *sc2_out)
+{
+    krb5_error_code ret;
+    krb5_data tmp_data, track_id = empty_data();
+    int tval = time(NULL) % 77777;
+    krb5_sam_challenge_2_body sc2b;
+    char tval_string[256], prompt[256];
+
+    snprintf(tval_string, sizeof(tval_string), "%d", tval);
+    snprintf(prompt, sizeof(prompt), "Enter %d", tval);
+
+    memset(&sc2b, 0, sizeof(sc2b));
+    sc2b.magic = KV5M_SAM_CHALLENGE_2;
+    sc2b.sam_track_id = empty_data();
+    sc2b.sam_flags = KRB5_SAM_SEND_ENCRYPTED_SAD;
+    sc2b.sam_type_name = empty_data();
+    sc2b.sam_challenge_label = empty_data();
+    sc2b.sam_challenge = empty_data();
+    sc2b.sam_response_prompt = string2data(prompt);
+    sc2b.sam_pk_for_sad = empty_data();
+    sc2b.sam_type = PA_SAM_TYPE_GRAIL;
+    sc2b.sam_etype = client_key->enctype;
+
+    tmp_data = string2data(tval_string);
+    ret = encrypt_track_data(context, client, &tmp_data, &track_id);
+    if (ret)
+        goto cleanup;
+    sc2b.sam_track_id = track_id;
+
+    tmp_data = make_data(&sc2b.sam_nonce, sizeof(sc2b.sam_nonce));
+    ret = krb5_c_random_make_octets(context, &tmp_data);
+    if (ret)
+        goto cleanup;
+
+    ret = sam_make_challenge(context, &sc2b, client_key, sc2_out);
+
+cleanup:
+    krb5_free_data_contents(context, &track_id);
+    return ret;
+}
+
+krb5_error_code
+verify_grail_data(krb5_context context, krb5_db_entry *client,
+                  krb5_sam_response_2 *sr2, krb5_enc_tkt_part *enc_tkt_reply,
+                  krb5_pa_data *pa, krb5_sam_challenge_2 **sc2_out)
+{
+    krb5_error_code ret;
+    krb5_key_data *client_key_data = NULL;
+    krb5_keyblock client_key;
+    krb5_data scratch = empty_data(), track_id_data = empty_data();
+    krb5_enc_sam_response_enc_2 *esre2 = NULL;
+
+    *sc2_out = NULL;
+    memset(&client_key, 0, sizeof(client_key));
+
+    if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) ||
+        (sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0))
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    ret = krb5_dbe_find_enctype(context, client,
+                                sr2->sam_enc_nonce_or_sad.enctype, -1,
+                                sr2->sam_enc_nonce_or_sad.kvno,
+                                &client_key_data);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_dbe_decrypt_key_data(context, NULL, client_key_data,
+                                    &client_key, NULL);
+    if (ret)
+        goto cleanup;
+    ret = alloc_data(&scratch, sr2->sam_enc_nonce_or_sad.ciphertext.length);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_decrypt(context, &client_key, KRB5_KEYUSAGE_PA_SAM_RESPONSE,
+                         NULL, &sr2->sam_enc_nonce_or_sad, &scratch);
+    if (ret)
+        goto cleanup;
+
+    ret = decode_krb5_enc_sam_response_enc_2(&scratch, &esre2);
+    if (ret)
+        goto cleanup;
+
+    if (sr2->sam_nonce != esre2->sam_nonce) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    if (esre2->sam_sad.length == 0 || esre2->sam_sad.data == NULL) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    ret = decrypt_track_data(context, client, &sr2->sam_track_id,
+                             &track_id_data);
+    if (ret)
+        goto cleanup;
+
+    /* Some enctypes aren't length-preserving; try to work anyway. */
+    while (track_id_data.length > 0 &&
+           !isdigit(track_id_data.data[track_id_data.length - 1]))
+        track_id_data.length--;
+
+    if (!data_eq(track_id_data, esre2->sam_sad)) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    enc_tkt_reply->flags |= (TKT_FLG_HW_AUTH | TKT_FLG_PRE_AUTH);
+
+cleanup:
+    krb5_free_keyblock_contents(context, &client_key);
+    krb5_free_data_contents(context, &scratch);
+    krb5_free_enc_sam_response_enc_2(context, esre2);
+    return ret;
+}
+
+#endif /* GRAIL_PREAUTH */
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid2.c b/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid2.c
new file mode 100644
index 00000000..ef7a8bfc
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid2.c
@@ -0,0 +1,669 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/securid_sam2/securid2.c */
+/*
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2002 Naval Research Laboratory (NRL/CCS)
+ *
+ * Permission to use, copy, modify and distribute this software and its
+ * documentation is hereby granted, provided that both the copyright
+ * notice and this permission notice appear in all copies of the software,
+ * derivative works or modified versions, and any portions thereof.
+ *
+ * NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND
+ * DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
+ * RESULTING FROM THE USE OF THIS SOFTWARE.
+ */
+
+#ifdef ARL_SECURID_PREAUTH
+
+#include "k5-int.h"
+#include <kdb.h>
+#include <stdio.h>
+#include <adm_proto.h>
+#include <syslog.h>
+#include <acexport.h>
+#include <sdi_defs.h>
+#include <sdi_athd.h>
+#include "extern.h"
+
+#define KRB5_SAM_SECURID_NEXT_CHALLENGE_MAGIC 0x5ec1d000
+struct securid_track_data {
+    SDI_HANDLE handle;
+    char state;
+    char passcode[LENPRNST+1];
+    long hostid;
+};
+
+#define SECURID_STATE_NEW_PIN           1       /* Ask for a new pin */
+#define SECURID_STATE_NEW_PIN_AGAIN     2       /* Ask for new pin again */
+#define SECURID_STATE_NEXT_CODE         3       /* Ask for the next pin code */
+#define SECURID_STATE_INITIAL           4
+
+static char *PASSCODE_message =         "SecurID Passcode";
+static char *NEXT_PASSCODE_message =    "Next Passcode";
+static char *NEW_PIN_AGAIN_message =    "New PIN Again";
+static char PIN_message[64];            /* Max length should be 50 chars */
+
+/*
+ * krb5_error_code get_securid_key():
+ *   inputs:  context:  from KDC process
+ *            client:   database entry of client executing
+ *                      SecurID SAM preauthentication
+ *   outputs: client_securid_key: pointer to krb5_keyblock
+ *                      which is key for the client's SecurID
+ *                      database entry.
+ *   returns: 0 on success
+ *            KRB5 error codes otherwise
+ *
+ *   builds principal name with final instance of "SECURID" and
+ *   finds the database entry, decrypts the key out of the database
+ *   and passes the key back to the calling process
+ */
+
+static krb5_error_code
+get_securid_key(krb5_context context, krb5_db_entry *client,
+                krb5_keyblock *client_securid_key)
+{
+    krb5_db_entry *sam_securid_entry = NULL;
+    krb5_key_data *client_securid_key_data = NULL;
+    int sam_type = PA_SAM_TYPE_SECURID;
+    krb5_error_code retval = 0;
+
+    if (!client_securid_key)
+        return KRB5_PREAUTH_NO_KEY;
+
+    retval = sam_get_db_entry(context, client->princ,
+                              &sam_type, &sam_securid_entry);
+    if (retval)
+        return KRB5_PREAUTH_NO_KEY;
+
+    /* Find key with key_type = salt_type = kvno = -1.  This finds the  */
+    /* latest kvno in the list.                                         */
+
+    retval = krb5_dbe_find_enctype(context, sam_securid_entry,
+                                   -1, -1, -1, &client_securid_key_data);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while getting key from client's SAM SecurID entry");
+        goto cleanup;
+    }
+    retval = krb5_dbe_decrypt_key_data(context, NULL, client_securid_key_data,
+                                       client_securid_key, NULL);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while decrypting key from client's SAM SecurID entry");
+        goto cleanup;
+    }
+cleanup:
+    if (sam_securid_entry)
+        krb5_db_free_principal(context, sam_securid_entry);
+    return retval;
+}
+
+static krb5_error_code
+securid_decrypt_track_data_2(krb5_context context, krb5_db_entry *client,
+                             krb5_data *enc_track_data, krb5_data *output)
+{
+    krb5_error_code retval;
+    krb5_keyblock sam_key;
+    krb5_enc_data tmp_enc_data;
+    sam_key.contents = NULL;
+
+    retval = get_securid_key(context, client, &sam_key);
+    if (retval != 0)
+        return retval;
+
+    tmp_enc_data.ciphertext = *enc_track_data;
+    tmp_enc_data.enctype = ENCTYPE_UNKNOWN;
+    tmp_enc_data.kvno = 0;
+
+    output->length = tmp_enc_data.ciphertext.length;
+    free(output->data);
+    output->data = k5alloc(output->length, &retval);
+    if (output->data == NULL)
+        goto cleanup;
+    retval = krb5_c_decrypt(context, &sam_key,
+                            KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID, 0,
+                            &tmp_enc_data, output);
+cleanup:
+    krb5_free_keyblock_contents(context, &sam_key);
+
+    if (retval) {
+        output->length = 0;
+        free(output->data);
+        output->data = NULL;
+        return retval;
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+securid_encrypt_track_data_2(krb5_context context, krb5_db_entry *client,
+                             krb5_data *track_data, krb5_data *output)
+{
+    krb5_error_code retval;
+    size_t olen;
+    krb5_keyblock sam_key;
+    krb5_enc_data tmp_enc_data;
+
+    output->data = NULL;
+
+    retval = get_securid_key(context,client, &sam_key);
+    if (retval != 0)
+        return retval;
+
+    retval = krb5_c_encrypt_length(context, sam_key.enctype,
+                                   track_data->length, &olen);
+    if (retval  != 0)
+        goto cleanup;
+    assert(olen <= 65536);
+    output->length = olen;
+    output->data = k5alloc(output->length, &retval);
+    if (retval)
+        goto cleanup;
+    tmp_enc_data.ciphertext = *output;
+    tmp_enc_data.enctype = sam_key.enctype;
+    tmp_enc_data.kvno = 0;
+
+    retval = krb5_c_encrypt(context, &sam_key,
+                            KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID, 0,
+                            track_data, &tmp_enc_data);
+cleanup:
+    krb5_free_keyblock_contents(context, &sam_key);
+
+    if (retval) {
+        output->length = 0;
+        free(output->data);
+        output->data = NULL;
+        return retval;
+    }
+    return 0;
+}
+
+
+krb5_error_code
+get_securid_edata_2(krb5_context context, krb5_db_entry *client,
+                    krb5_keyblock *client_key, krb5_sam_challenge_2 *sc2)
+{
+    krb5_error_code retval;
+    krb5_data scratch, track_id = empty_data();
+    char *user = NULL;
+    char *def_user = "<unknown user>";
+    struct securid_track_data sid_track_data;
+    krb5_data tmp_data;
+    krb5_sam_challenge_2_body sc2b;
+
+    scratch.data = NULL;
+
+    retval = krb5_unparse_name(context, client->princ, &user);
+    if (retval)
+        goto cleanup;
+
+    memset(&sc2b, 0, sizeof(sc2b));
+    sc2b.magic = KV5M_SAM_CHALLENGE_2;
+    sc2b.sam_flags = KRB5_SAM_SEND_ENCRYPTED_SAD;
+    sc2b.sam_type_name.length = 0;
+    sc2b.sam_challenge_label.length = 0;
+    sc2b.sam_challenge.length = 0;
+    sc2b.sam_response_prompt.data = PASSCODE_message;
+    sc2b.sam_response_prompt.length = strlen(sc2b.sam_response_prompt.data);
+    sc2b.sam_pk_for_sad.length = 0;
+    sc2b.sam_type = PA_SAM_TYPE_SECURID;
+
+    sid_track_data.state = SECURID_STATE_INITIAL;
+    sid_track_data.hostid = gethostid();
+    tmp_data.data = (char *)&sid_track_data;
+    tmp_data.length = sizeof(sid_track_data);
+    retval = securid_encrypt_track_data_2(context, client, &tmp_data,
+                                          &track_id);
+    if (retval != 0) {
+        com_err("krb5kdc", retval, "while encrypting nonce track data");
+        goto cleanup;
+    }
+    sc2b.sam_track_id = track_id;
+
+    scratch.data = (char *)&sc2b.sam_nonce;
+    scratch.length = sizeof(sc2b.sam_nonce);
+    retval = krb5_c_random_make_octets(context, &scratch);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while generating nonce data in get_securid_edata_2 (%s)",
+                user ? user : def_user);
+        goto cleanup;
+    }
+
+    /* Get the client's key */
+    sc2b.sam_etype = client_key->enctype;
+
+    retval = sam_make_challenge(context, &sc2b, client_key, sc2);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while making SAM_CHALLENGE_2 checksum (%s)",
+                user ? user : def_user);
+    }
+
+cleanup:
+    free(user);
+    krb5_free_data_contents(context, &track_id);
+    return retval;
+}
+
+krb5_error_code
+verify_securid_data_2(krb5_context context, krb5_db_entry *client,
+                      krb5_sam_response_2 *sr2,
+                      krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *pa,
+                      krb5_sam_challenge_2 **sc2_out)
+{
+    krb5_error_code retval;
+    int new_pin = 0;
+    krb5_key_data *client_key_data = NULL;
+    krb5_keyblock client_key;
+    krb5_data scratch;
+    krb5_enc_sam_response_enc_2 *esre2 = NULL;
+    struct securid_track_data sid_track_data, *trackp = NULL;
+    krb5_data tmp_data;
+    SDI_HANDLE sd_handle = SDI_HANDLE_NONE;
+    krb5_sam_challenge_2 *sc2p = NULL;
+    char *cp, *user = NULL;
+    char *securid_user = NULL;
+    char passcode[LENPRNST+1];
+    char max_pin_len, min_pin_len, alpha_pin;
+
+    memset(&client_key, 0, sizeof(client_key));
+    memset(&scratch, 0, sizeof(scratch));
+    *sc2_out = NULL;
+
+    retval = krb5_unparse_name(context, client->princ, &user);
+    if (retval != 0) {
+        com_err("krb5kdc", retval,
+                "while unparsing client name in verify_securid_data_2");
+        return retval;
+    }
+
+    if ((sr2->sam_enc_nonce_or_sad.ciphertext.data == NULL) ||
+        (sr2->sam_enc_nonce_or_sad.ciphertext.length <= 0)) {
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        k5_setmsg(context, retval,
+                  "No preauth data supplied in verify_securid_data_2 (%s)",
+                  user);
+        goto cleanup;
+    }
+
+    retval = krb5_dbe_find_enctype(context, client,
+                                   sr2->sam_enc_nonce_or_sad.enctype, -1,
+                                   sr2->sam_enc_nonce_or_sad.kvno,
+                                   &client_key_data);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while getting client key in verify_securid_data_2 (%s)",
+                user);
+        goto cleanup;
+    }
+
+    retval = krb5_dbe_decrypt_key_data(context, NULL, client_key_data,
+                                       &client_key, NULL);
+    if (retval != 0) {
+        com_err("krb5kdc", retval,
+                "while decrypting client key in verify_securid_data_2 (%s)",
+                user);
+        goto cleanup;
+    }
+
+    scratch.length = sr2->sam_enc_nonce_or_sad.ciphertext.length;
+    scratch.data = k5alloc(scratch.length, &retval);
+    if (retval)
+        goto cleanup;
+    retval = krb5_c_decrypt(context, &client_key,
+                            KRB5_KEYUSAGE_PA_SAM_RESPONSE, 0,
+                            &sr2->sam_enc_nonce_or_sad, &scratch);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while decrypting SAD in verify_securid_data_2 (%s)", user);
+        goto cleanup;
+    }
+
+    retval = decode_krb5_enc_sam_response_enc_2(&scratch, &esre2);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while decoding SAD in verify_securid_data_2 (%s)", user);
+        esre2 = NULL;
+        goto cleanup;
+    }
+
+    if (sr2->sam_nonce != esre2->sam_nonce) {
+        com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
+                "while checking nonce in verify_securid_data_2 (%s)", user);
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    if (esre2->sam_sad.length == 0 || esre2->sam_sad.data == NULL) {
+        com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
+                "No SecurID passcode in verify_securid_data_2 (%s)", user);
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    /* Copy out SAD to null-terminated buffer */
+    memset(passcode, 0, sizeof(passcode));
+    if (esre2->sam_sad.length > (sizeof(passcode) - 1)) {
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        com_err("krb5kdc", retval,
+                "SecurID passcode/PIN too long (%d bytes) in "
+                "verify_securid_data_2 (%s)",
+                esre2->sam_sad.length, user);
+        goto cleanup;
+    }
+    if (esre2->sam_sad.length > 0)
+        memcpy(passcode, esre2->sam_sad.data, esre2->sam_sad.length);
+
+    securid_user = strdup(user);
+    if (!securid_user) {
+        retval = ENOMEM;
+        com_err("krb5kdc", ENOMEM,
+                "while copying user name in verify_securid_data_2 (%s)", user);
+        goto cleanup;
+    }
+    cp = strchr(securid_user, '@');
+    if (cp != NULL)
+        *cp = '\0';
+
+    /* Check for any track_id data that may have state from a previous attempt
+     * at SecurID authentication. */
+
+    if (sr2->sam_track_id.data && (sr2->sam_track_id.length > 0)) {
+        krb5_data track_id_data;
+
+        memset(&track_id_data, 0, sizeof(track_id_data));
+        retval = securid_decrypt_track_data_2(context, client,
+                                              &sr2->sam_track_id,
+                                              &track_id_data);
+        if (retval) {
+            com_err("krb5kdc", retval,
+                    "while decrypting SecurID trackID in "
+                    "verify_securid_data_2 (%s)", user);
+            goto cleanup;
+        }
+        if (track_id_data.length < sizeof (struct securid_track_data)) {
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            com_err("krb5kdc", retval, "Length of track data incorrect");
+            goto cleanup;
+        }
+        trackp = (struct securid_track_data *)track_id_data.data;
+
+        if(trackp->hostid != gethostid()) {
+            krb5_klog_syslog(LOG_INFO, "Unexpected challenge response");
+            retval = KRB5KDC_ERR_DISCARD;
+            goto cleanup;
+        }
+
+        switch(trackp->state) {
+        case SECURID_STATE_INITIAL:
+            goto initial;
+            break;
+        case SECURID_STATE_NEW_PIN_AGAIN:
+        {
+            int pin1_len, pin2_len;
+
+            trackp->handle = ntohl(trackp->handle);
+            pin2_len = strlen(passcode);
+            pin1_len = strlen(trackp->passcode);
+
+            if ((pin1_len != pin2_len) ||
+                (memcmp(passcode, trackp->passcode, pin1_len) != 0)) {
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+                krb5_klog_syslog(LOG_INFO, "New SecurID PIN Failed for user "
+                                 "%s: PIN mismatch", user);
+                break;
+            }
+            retval = SD_Pin(trackp->handle, passcode);
+            SD_Close(trackp->handle);
+            if (retval == ACM_NEW_PIN_ACCEPTED) {
+                enc_tkt_reply->flags|=  TKT_FLG_HW_AUTH;
+                enc_tkt_reply->flags|=  TKT_FLG_PRE_AUTH;
+                krb5_klog_syslog(LOG_INFO, "SecurID PIN Accepted for %s in "
+                                 "verify_securid_data_2",
+                                 securid_user);
+                retval = 0;
+            } else {
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+                krb5_klog_syslog(LOG_INFO,
+                                 "SecurID PIN Failed for user %s (AceServer "
+                                 "returns %d) in verify_securid_data_2",
+                                 user, retval);
+            }
+            break;
+        }
+        case SECURID_STATE_NEW_PIN: {
+            krb5_sam_challenge_2_body sc2b;
+            sc2p = k5alloc(sizeof *sc2p, &retval);
+            if (retval)
+                goto cleanup;
+            memset(sc2p, 0, sizeof(*sc2p));
+            memset(&sc2b, 0, sizeof(sc2b));
+            sc2b.sam_type = PA_SAM_TYPE_SECURID;
+            sc2b.sam_response_prompt.data = NEW_PIN_AGAIN_message;
+            sc2b.sam_response_prompt.length =
+                strlen(sc2b.sam_response_prompt.data);
+            sc2b.sam_flags = KRB5_SAM_SEND_ENCRYPTED_SAD;
+            sc2b.sam_etype = client_key.enctype;
+
+            tmp_data.data = (char *)&sc2b.sam_nonce;
+            tmp_data.length = sizeof(sc2b.sam_nonce);
+            if ((retval = krb5_c_random_make_octets(context, &tmp_data))) {
+                com_err("krb5kdc", retval,
+                        "while making nonce for SecurID new "
+                        "PIN2 SAM_CHALLENGE_2 (%s)", user);
+                goto cleanup;
+            }
+            sid_track_data.state = SECURID_STATE_NEW_PIN_AGAIN;
+            sid_track_data.handle = trackp->handle;
+            sid_track_data.hostid = gethostid();
+            /* Should we complain if sizes don't work ??  */
+            memcpy(sid_track_data.passcode, passcode,
+                   sizeof(sid_track_data.passcode));
+            tmp_data.data = (char *)&sid_track_data;
+            tmp_data.length = sizeof(sid_track_data);
+            if ((retval = securid_encrypt_track_data_2(context, client,
+                                                       &tmp_data,
+                                                       &sc2b.sam_track_id))) {
+                com_err("krb5kdc", retval,
+                        "while encrypting NEW PIN2 SecurID "
+                        "track data for SAM_CHALLENGE_2 (%s)",
+                        securid_user);
+                goto cleanup;
+            }
+            retval = sam_make_challenge(context, &sc2b, &client_key, sc2p);
+            if (retval) {
+                com_err("krb5kdc", retval,
+                        "while making cksum for "
+                        "SAM_CHALLENGE_2 (new PIN2) (%s)", securid_user);
+                goto cleanup;
+            }
+            krb5_klog_syslog(LOG_INFO,
+                             "Requesting verification of new PIN for user %s",
+                             securid_user);
+            *sc2_out = sc2p;
+            sc2p = NULL;
+            /*sc2_out may be set even on error path*/
+            retval = KRB5KDC_ERR_PREAUTH_REQUIRED;
+            goto cleanup;
+        }
+        case SECURID_STATE_NEXT_CODE:
+            trackp->handle = ntohl(trackp->handle);
+            retval = SD_Next(trackp->handle, passcode);
+            SD_Close(trackp->handle);
+            if (retval == ACM_OK) {
+                enc_tkt_reply->flags |=  TKT_FLG_HW_AUTH | TKT_FLG_PRE_AUTH;
+
+                krb5_klog_syslog(LOG_INFO, "Next SecurID Code Accepted for "
+                                 "user %s", securid_user);
+                retval = 0;
+            } else {
+                krb5_klog_syslog(LOG_INFO, "Next SecurID Code Failed for user "
+                                 "%s (AceServer returns %d) in "
+                                 "verify_securid_data_2", user, retval);
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            }
+            break;
+        }
+    } else {            /* No track data, this is first of N attempts */
+    initial:
+        retval = SD_Init(&sd_handle);
+        if (retval) {
+            com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
+                    "SD_Init() returns error %d in verify_securid_data_2 (%s)",
+                    retval, securid_user);
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            goto cleanup;
+        }
+
+        retval = SD_Lock(sd_handle, securid_user);
+        if (retval != ACM_OK) {
+            SD_Close(sd_handle);
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_klog_syslog(LOG_INFO,
+                             "SD_Lock() failed (AceServer returns %d) for %s",
+                             retval, securid_user);
+            goto cleanup;
+        }
+
+        retval = SD_Check(sd_handle, passcode, securid_user);
+        switch (retval) {
+        case ACM_OK:
+            SD_Close(sd_handle);
+            enc_tkt_reply->flags|=  TKT_FLG_HW_AUTH;
+            enc_tkt_reply->flags|=  TKT_FLG_PRE_AUTH;
+            krb5_klog_syslog(LOG_INFO, "SecurID passcode accepted for user %s",
+                             user);
+            retval = 0;
+            break;
+        case ACM_ACCESS_DENIED:
+            SD_Close(sd_handle);
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_klog_syslog(LOG_INFO, "AceServer returns Access Denied for "
+                             "user %s (SAM2)", user);
+            goto cleanup;
+        case ACM_NEW_PIN_REQUIRED:
+            new_pin = 1;
+            /*fall through*/
+        case ACM_NEXT_CODE_REQUIRED: {
+            krb5_sam_challenge_2_body sc2b;
+            sc2p = k5alloc(sizeof *sc2p, &retval);
+            if (retval)
+                goto cleanup;
+
+            memset(sc2p, 0, sizeof(*sc2p));
+            memset(&sc2b, 0, sizeof(sc2b));
+
+            sc2b.sam_type = PA_SAM_TYPE_SECURID;
+            sc2b.sam_response_prompt.data = NEXT_PASSCODE_message;
+            sc2b.sam_response_prompt.length =
+                strlen(sc2b.sam_response_prompt.data);
+            sc2b.sam_flags = KRB5_SAM_SEND_ENCRYPTED_SAD;
+            sc2b.sam_etype = client_key.enctype;
+            if (new_pin) {
+                if ((AceGetMaxPinLen(sd_handle, &max_pin_len) == ACE_SUCCESS)
+                    && (AceGetMinPinLen(sd_handle,
+                                        &min_pin_len) == ACE_SUCCESS)
+                    && (AceGetAlphanumeric(sd_handle,
+                                           &alpha_pin) == ACE_SUCCESS)) {
+                    sprintf(PIN_message,
+                            "New PIN must contain %d to %d %sdigits",
+                            min_pin_len, max_pin_len,
+                            (alpha_pin == 0) ? "" : "alphanumeric ");
+                    sc2b.sam_challenge_label.data = PIN_message;
+                    sc2b.sam_challenge_label.length =
+                        strlen(sc2b.sam_challenge_label.data);
+                } else {
+                    sc2b.sam_challenge_label.length = 0;
+                }
+            }
+
+            tmp_data.data = (char *)&sc2b.sam_nonce;
+            tmp_data.length = sizeof(sc2b.sam_nonce);
+            if ((retval = krb5_c_random_make_octets(context, &tmp_data))) {
+                com_err("krb5kdc", retval,
+                        "while making nonce for SecurID SAM_CHALLENGE_2 (%s)",
+                        user);
+                goto cleanup;
+            }
+            if (new_pin)
+                sid_track_data.state = SECURID_STATE_NEW_PIN;
+            else
+                sid_track_data.state = SECURID_STATE_NEXT_CODE;
+            sid_track_data.handle = htonl(sd_handle);
+            sid_track_data.hostid = gethostid();
+            tmp_data.data = (char *)&sid_track_data;
+            tmp_data.length = sizeof(sid_track_data);
+            retval = securid_encrypt_track_data_2(context, client, &tmp_data,
+                                                  &sc2b.sam_track_id);
+            if (retval) {
+                com_err("krb5kdc", retval,
+                        "while encrypting SecurID track "
+                        "data for SAM_CHALLENGE_2 (%s)",
+                        securid_user);
+                goto cleanup;
+            }
+            retval = sam_make_challenge(context, &sc2b, &client_key, sc2p);
+            if (retval) {
+                com_err("krb5kdc", retval,
+                        "while making cksum for SAM_CHALLENGE_2 (%s)",
+                        securid_user);
+            }
+            if (new_pin)
+                krb5_klog_syslog(LOG_INFO, "New SecurID PIN required for "
+                                 "user %s", securid_user);
+            else
+                krb5_klog_syslog(LOG_INFO, "Next SecurID passcode required "
+                                 "for user %s", securid_user);
+            *sc2_out = sc2p;
+            sc2p = NULL;
+            retval = KRB5KDC_ERR_PREAUTH_REQUIRED;
+            /*sc2_out is permitted as an output on error path*/
+            goto cleanup;
+        }
+        default:
+            com_err("krb5kdc", KRB5KDC_ERR_PREAUTH_FAILED,
+                    "AceServer returns unknown error code %d "
+                    "in verify_securid_data_2\n", retval);
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            goto cleanup;
+        }
+    }   /* no track_id data */
+
+cleanup:
+    krb5_free_keyblock_contents(context, &client_key);
+    free(scratch.data);
+    krb5_free_enc_sam_response_enc_2(context, esre2);
+    free(user);
+    free(securid_user);
+    free(trackp);
+    krb5_free_sam_challenge_2(context, sc2p);
+    return retval;
+}
+
+#endif /* ARL_SECURID_PREAUTH */
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid_sam2.exports b/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid_sam2.exports
new file mode 100644
index 00000000..9abae919
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid_sam2.exports
@@ -0,0 +1 @@
+kdcpreauth_securid_sam2_initvt
diff --git a/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid_sam2_main.c
new file mode 100644
index 00000000..5dcd2ebf
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/securid_sam2/securid_sam2_main.c
@@ -0,0 +1,378 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/securid_sam2/securid_sam2_main.c */
+/*
+ * Copyright (C) 2009, 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 2002 Naval Research Laboratory (NRL/CCS)
+ *
+ * Permission to use, copy, modify and distribute this software and its
+ * documentation is hereby granted, provided that both the copyright
+ * notice and this permission notice appear in all copies of the software,
+ * derivative works or modified versions, and any portions thereof.
+ *
+ * NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND
+ * DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
+ * RESULTING FROM THE USE OF THIS SOFTWARE.
+ */
+
+#include <k5-int.h>
+#include <krb5/preauth_plugin.h>
+#include <kdb.h>
+#include "extern.h"
+
+static struct {
+    char* name;
+    int   sam_type;
+} *sam_ptr, sam_inst_map[] = {
+    { "SECURID", PA_SAM_TYPE_SECURID, },
+    { "GRAIL", PA_SAM_TYPE_GRAIL, },
+    { 0, 0 },
+};
+
+krb5_error_code
+sam_get_db_entry(krb5_context context, krb5_principal client,
+                 int *sam_type, struct _krb5_db_entry_new **db_entry)
+{
+    struct _krb5_db_entry_new *assoc = NULL;
+    krb5_principal newp = NULL;
+    int probeslot;
+    void *ptr = NULL;
+    krb5_error_code retval;
+
+    if (db_entry)
+        *db_entry = NULL;
+    retval = krb5_copy_principal(context, client, &newp);
+    if (retval) {
+        com_err("krb5kdc", retval, "copying client name for preauth probe");
+        return retval;
+    }
+
+    probeslot = krb5_princ_size(context, newp)++;
+    ptr = realloc(krb5_princ_name(context, newp),
+                  krb5_princ_size(context, newp) * sizeof(krb5_data));
+    if (ptr == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    krb5_princ_name(context, newp) = ptr;
+
+    for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
+        if (*sam_type && *sam_type != sam_ptr->sam_type)
+            continue;
+
+        krb5_princ_component(context,newp,probeslot)->data = sam_ptr->name;
+        krb5_princ_component(context,newp,probeslot)->length =
+            strlen(sam_ptr->name);
+        retval = krb5_db_get_principal(context, newp, 0, &assoc);
+        if (!retval)
+            break;
+    }
+cleanup:
+    if (ptr) {
+        krb5_princ_component(context,newp,probeslot)->data = 0;
+        krb5_princ_component(context,newp,probeslot)->length = 0;
+        krb5_free_principal(context, newp);
+    }
+    if (probeslot)
+        krb5_princ_size(context, newp)--;
+    if (retval)
+        return retval;
+    if (sam_ptr->sam_type)  {
+        /* Found entry of type sam_ptr->sam_type */
+        if (sam_type)
+            *sam_type = sam_ptr->sam_type;
+        if (db_entry)
+            *db_entry = assoc;
+        else
+            krb5_db_free_principal(context, assoc);
+        return 0;
+    } else {
+        return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+    }
+}
+
+krb5_error_code
+sam_make_challenge(krb5_context context, krb5_sam_challenge_2_body *sc2b,
+                   krb5_keyblock *cksum_key, krb5_sam_challenge_2 *sc2_out)
+{
+    krb5_error_code retval;
+    krb5_checksum **cksum_array = NULL;
+    krb5_checksum *cksum = NULL;
+    krb5_cksumtype cksumtype;
+    krb5_data *encoded_challenge_body = NULL;
+
+    if (!cksum_key)
+        return KRB5_PREAUTH_NO_KEY;
+    if (!sc2_out || !sc2b)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    retval = encode_krb5_sam_challenge_2_body(sc2b, &encoded_challenge_body);
+    if (retval || !encoded_challenge_body) {
+        encoded_challenge_body = NULL;
+        goto cksum_cleanup;
+    }
+
+    cksum_array = calloc(2, sizeof(krb5_checksum *));
+    if (!cksum_array) {
+        retval = ENOMEM;
+        goto cksum_cleanup;
+    }
+
+    cksum = (krb5_checksum *)k5alloc(sizeof(krb5_checksum), &retval);
+    if (retval)
+        goto cksum_cleanup;
+    cksum_array[0] = cksum;
+    cksum_array[1] = NULL;
+
+    retval = krb5int_c_mandatory_cksumtype(context, cksum_key->enctype,
+                                           &cksumtype);
+    if (retval)
+        goto cksum_cleanup;
+
+    retval = krb5_c_make_checksum(context, cksumtype, cksum_key,
+                                  KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
+                                  encoded_challenge_body, cksum);
+    if (retval)
+        goto cksum_cleanup;
+
+    sc2_out->sam_cksum = cksum_array;
+    sc2_out->sam_challenge_2_body = *encoded_challenge_body;
+    return 0;
+
+cksum_cleanup:
+    krb5_free_data(context, encoded_challenge_body);
+    free(cksum_array);
+    free(cksum);
+    return retval;
+}
+
+static void
+kdc_include_padata(krb5_context context, krb5_kdc_req *request,
+                   krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+                   krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
+                   krb5_kdcpreauth_edata_respond_fn respond, void *arg)
+{
+    krb5_error_code retval;
+    krb5_keyblock *client_key = NULL;
+    krb5_sam_challenge_2 sc2;
+    int sam_type = 0;             /* unknown */
+    krb5_db_entry *sam_db_entry = NULL, *client;
+    krb5_data *encoded_challenge = NULL;
+    krb5_pa_data *pa_data = NULL;
+
+    memset(&sc2, 0, sizeof(sc2));
+
+    client = cb->client_entry(context, rock);
+    retval = sam_get_db_entry(context, client->princ, &sam_type,
+                              &sam_db_entry);
+    if (retval)
+        goto cleanup;
+    retval = cb->client_keys(context, rock, &client_key);
+    if (retval)
+        goto cleanup;
+    if (client_key->enctype == 0) {
+        retval = KRB5KDC_ERR_ETYPE_NOSUPP;
+        com_err("krb5kdc", retval,
+                "No client keys found in processing SAM2 challenge");
+        goto cleanup;
+    }
+
+    if (sam_type == 0) {
+        retval = KRB5_PREAUTH_BAD_TYPE;
+        goto cleanup;
+    }
+
+    /*
+     * Defer getting the key for the SAM principal associated with the client
+     * until the mechanism-specific code.  The mechanism may want to get a
+     * specific keytype.
+     */
+
+    switch (sam_type) {
+#ifdef ARL_SECURID_PREAUTH
+    case PA_SAM_TYPE_SECURID:
+        retval = get_securid_edata_2(context, client, client_key, &sc2);
+        if (retval)
+            goto cleanup;
+        break;
+#endif  /* ARL_SECURID_PREAUTH */
+#ifdef GRAIL_PREAUTH
+    case PA_SAM_TYPE_GRAIL:
+        retval = get_grail_edata(context, client, client_key, &sc2);
+        if (retval)
+            goto cleanup;
+        break;
+#endif /* GRAIL_PREAUTH */
+    default:
+        retval = KRB5_PREAUTH_BAD_TYPE;
+        goto cleanup;
+    }
+
+    retval = encode_krb5_sam_challenge_2(&sc2, &encoded_challenge);
+    if (retval) {
+        com_err("krb5kdc", retval,
+                "while encoding SECURID SAM_CHALLENGE_2");
+        goto cleanup;
+    }
+
+    pa_data = k5alloc(sizeof(*pa_data), &retval);
+    if (pa_data == NULL)
+        goto cleanup;
+    pa_data->magic = KV5M_PA_DATA;
+    pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE_2;
+    pa_data->contents = (krb5_octet *)encoded_challenge->data;
+    pa_data->length = encoded_challenge->length;
+    encoded_challenge->data = NULL;
+
+cleanup:
+    krb5_free_data(context, encoded_challenge);
+    if (sam_db_entry)
+        krb5_db_free_principal(context, sam_db_entry);
+    cb->free_keys(context, rock, client_key);
+    (*respond)(arg, retval, pa_data);
+}
+
+static void
+kdc_verify_preauth(krb5_context context, krb5_data *req_pkt,
+                   krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+                   krb5_pa_data *pa_data, krb5_kdcpreauth_callbacks cb,
+                   krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
+                   krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_error_code retval, saved_retval = 0;
+    krb5_sam_response_2 *sr2 = NULL;
+    krb5_data scratch, *scratch2, *e_data = NULL;
+    char *client_name = NULL;
+    krb5_sam_challenge_2 *out_sc2 = NULL;
+    krb5_db_entry *client = cb->client_entry(context, rock);
+
+    scratch.data = (char *) pa_data->contents;
+    scratch.length = pa_data->length;
+
+    retval = krb5_unparse_name(context, client->princ, &client_name);
+    if (retval)
+        goto cleanup;
+
+    retval = decode_krb5_sam_response_2(&scratch, &sr2);
+    if (retval) {
+        com_err("krb5kdc",  retval,
+                "while decoding SAM_RESPONSE_2 in verify_sam_response_2");
+        sr2 = NULL;
+        goto cleanup;
+    }
+
+    switch (sr2->sam_type) {
+#ifdef ARL_SECURID_PREAUTH
+    case PA_SAM_TYPE_SECURID:
+        retval = verify_securid_data_2(context, client, sr2, enc_tkt_reply,
+                                       pa_data, &out_sc2);
+        if (retval)
+            goto cleanup;
+        break;
+#endif  /* ARL_SECURID_PREAUTH */
+#ifdef GRAIL_PREAUTH
+    case PA_SAM_TYPE_GRAIL:
+        retval = verify_grail_data(context, client, sr2, enc_tkt_reply,
+                                   pa_data, &out_sc2);
+        if (retval)
+            goto cleanup;
+        break;
+#endif /* GRAIL_PREAUTH */
+    default:
+        retval = KRB5_PREAUTH_BAD_TYPE;
+        com_err("krb5kdc", retval, "while verifying SAM 2 data");
+        break;
+    }
+
+    /*
+     * It is up to the method-specific verify routine to set the
+     * ticket flags to indicate TKT_FLG_HW_AUTH and/or
+     * TKT_FLG_PRE_AUTH.  Some methods may require more than one round
+     * of dialog with the client and must return successfully from
+     * their verify routine.  If does not set the TGT flags, the
+     * required_preauth conditions will not be met and it will try
+     * again to get enough preauth data from the client.  Do not set
+     * TGT flags here.
+     */
+cleanup:
+    /*
+     * Note that e_data is an output even in error conditions.  If we
+     * successfully encode the output e_data, we return whatever error is
+     * received above.  Otherwise we return the encoding error.
+     */
+    saved_retval = retval;
+    if (out_sc2) {
+        krb5_pa_data pa_out;
+        krb5_pa_data *pa_array[2];
+        pa_array[0] = &pa_out;
+        pa_array[1] = NULL;
+        pa_out.pa_type = KRB5_PADATA_SAM_CHALLENGE_2;
+        retval = encode_krb5_sam_challenge_2(out_sc2, &scratch2);
+        krb5_free_sam_challenge_2(context, out_sc2);
+        if (retval)
+            goto encode_error;
+        pa_out.contents = (krb5_octet *) scratch2->data;
+        pa_out.length = scratch2->length;
+        retval = encode_krb5_padata_sequence(pa_array, &e_data);
+        krb5_free_data(context, scratch2);
+    }
+encode_error:
+    krb5_free_sam_response_2(context, sr2);
+    free(client_name);
+    if (retval == 0)
+        retval = saved_retval;
+
+    (*respond)(arg, retval, NULL, NULL, NULL);
+}
+
+
+static int
+kdc_preauth_flags(krb5_context context, krb5_preauthtype patype)
+{
+    return PA_HARDWARE;
+}
+
+krb5_preauthtype supported_pa_types[] = {
+    KRB5_PADATA_SAM_RESPONSE_2, 0};
+
+krb5_error_code
+kdcpreauth_securid_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
+                               krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_securid_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
+                               krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "securid_sam2";
+    vt->pa_type_list = supported_pa_types;
+    vt->flags = kdc_preauth_flags;
+    vt->edata = kdc_include_padata;
+    vt->verify = kdc_verify_preauth;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/AUTHORS b/krb5-1.21.3/src/plugins/preauth/spake/AUTHORS
new file mode 100644
index 00000000..31d71c21
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/AUTHORS
@@ -0,0 +1,16 @@
+# This is the official list of fiat-crypto authors for copyright purposes.
+# This file is distinct from the CONTRIBUTORS files.
+# See the latter for an explanation.
+
+# Names should be added to this file as one of
+#     Organization's name
+#     Individual's name <submission email address>
+#     Individual's name <submission email address> <email2> <emailN>
+# See CONTRIBUTORS for the meaning of multiple email addresses.
+
+# Please keep the list sorted.
+
+Andres Erbsen <andreser@mit.edu>
+Google Inc.
+Jade Philipoom <jadep@mit.edu> <jade.philipoom@gmail.com>
+Massachusetts Institute of Technology
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/Makefile.in b/krb5-1.21.3/src/plugins/preauth/spake/Makefile.in
new file mode 100644
index 00000000..b51d4d69
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/Makefile.in
@@ -0,0 +1,60 @@
+mydir=plugins$(S)preauth$(S)spake
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
+
+# Like RUN_TEST, but use t_krb5.conf from this directory.
+RUN_TEST_LOCAL_CONF=$(RUN_SETUP) KRB5_CONFIG=$(srcdir)/t_krb5.conf LC_ALL=C \
+	$(VALGRIND)
+
+LIBBASE=spake
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/preauth/spake
+SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(KRB5_BASE_LIBS) $(SPAKE_OPENSSL_LIBS)
+
+WINLIBS = $(SLIB) $(KLIB) $(CLIB)
+
+STLIBOBJS=util.o iana.o groups.o openssl.o edwards25519.o \
+	spake_client.o spake_kdc.o
+
+SRCS= \
+	$(srcdir)/util.c \
+	$(srcdir)/iana.c \
+	$(srcdir)/groups.c \
+	$(srcdir)/openssl.c \
+	$(srcdir)/edwards25519.c \
+	$(srcdir)/spake_client.c \
+	$(srcdir)/spake_kdc.c
+
+# Don't include spake_kdc.c in the Windows object list since we don't
+# need it.
+OBJS=	$(OUTPRE)util.$(OBJEXT) \
+	$(OUTPRE)iana.$(OBJEXT) \
+	$(OUTPRE)groups.$(OBJEXT) \
+	$(OUTPRE)openssl.$(OBJEXT) \
+	$(OUTPRE)edwards25519.$(OBJEXT) \
+	$(OUTPRE)spake_client.$(OBJEXT)
+
+t_vectors: t_vectors.o $(STLIBOBJS) $(SHLIB_EXPDEPS)
+	$(CC_LINK) -o $@ t_vectors.o $(STLIBOBJS) $(SHLIB_EXPLIBS)
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+clean:
+	$(RM) t_vectors t_vectors.o $(STLIBOBJS)
+
+check-unix: t_vectors
+	$(RUN_TEST_LOCAL_CONF) ./t_vectors
+
+all-windows: $(OUTPRE)$(SPAKELIB).dll
+clean-windows::
+	$(RM) $(OUTPRE)$(SPAKELIB).dll
+
+$(OUTPRE)$(SPAKELIB).dll: spake.def $(OBJS)
+	link /dll $(LOPTS) -def:spake.def -out:$*.dll $(OBJS) $(WINLIBS)
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/deps b/krb5-1.21.3/src/plugins/preauth/spake/deps
new file mode 100644
index 00000000..695ad973
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/deps
@@ -0,0 +1,74 @@
+#
+# Generated makefile dependencies follow.
+#
+util.so util.po $(OUTPRE)util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h groups.h iana.h \
+  trace.h util.c util.h
+iana.so iana.po $(OUTPRE)iana.$(OBJEXT): iana.c iana.h
+groups.so groups.po $(OUTPRE)groups.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h groups.c groups.h \
+  iana.h trace.h
+openssl.so openssl.po $(OUTPRE)openssl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h groups.h iana.h \
+  openssl.c
+edwards25519.so edwards25519.po $(OUTPRE)edwards25519.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  edwards25519.c edwards25519_fiat.h edwards25519_tables.h \
+  groups.h iana.h
+spake_client.so spake_client.po $(OUTPRE)spake_client.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-spake.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  groups.h iana.h spake_client.c trace.h util.h
+spake_kdc.so spake_kdc.po $(OUTPRE)spake_kdc.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-input.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h groups.h iana.h \
+  spake_kdc.c trace.h util.h
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/edwards25519.c b/krb5-1.21.3/src/plugins/preauth/spake/edwards25519.c
new file mode 100644
index 00000000..20394115
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/edwards25519.c
@@ -0,0 +1,1753 @@
+/* -*- mode: c; c-basic-offset: 2; indent-tabs-mode: nil -*- */
+/* This file is adapted from the SPAKE edwards25519 code in BoringSSL. */
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file).
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+/*
+ * Copyright (c) 2015-2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This code is adapted from the BoringSSL edwards25519 SPAKE2 implementation
+ * from third_party/fiat and crypto/spake25519.c, with the following
+ * adaptations:
+ *
+ * - The M and N points are the ones from draft-irtf-cfrg-spake2-05.  The
+ *   BoringSSL M and N points were determined similarly, but were not
+ *   restricted to members of the generator subgroup, so they use only one hash
+ *   iteration for both points.  The intent in BoringSSL had been to multiply w
+ *   by the cofactor so that wM and wN would be in the subgroup, but as that
+ *   step was accidentally omitted, a hack had to be introduced after the fact
+ *   to add multiples of the prime order to the scalar.  That hack is not
+ *   present in this code, and the SPAKE preauth spec does not multiply w by
+ *   the cofactor as it is unnecessary if M and N are chosen from the subgroup.
+ *
+ * - The SPAKE code is modified to fit the groups.h interface and the SPAKE
+ *   preauth spec.
+ *
+ * - The required declarations and code are all here in one file (except for
+ *   the generator point table, which is still in a separate header), so all of
+ *   the functions are declared static.
+ *
+ * - BORINGSSL_CURVE25519_64BIT is defined here using autoconf tests.
+ *
+ * - curve25519_32.h and curve25519_64.h are combined into edwards25519_fiat.h
+ *   (conditionalized on BORINGSSL_CURVE25519_64BIT) for predictable dependency
+ *   generation.  The fiat_25519_selectznz and fiat_25519_carry_scmul_121666
+ *   functions were removed from both branches as they are not used here (the
+ *   former because it is not used by the BoringSSL code and the latter because
+ *   it is only used by the X25519 code).  The fiat_25519_int128 and
+ *   fiat_25519_uint128 typedefs were adjusted to work with older versions of
+ *   gcc.
+ *
+ * - fe_cmov() has the initial "Silence an unused function warning" part
+ *   removed, as we removed fiat_25519_selectznz instead.
+ *
+ * - The field element bounds assertion checks are disabled by default, as they
+ *   slow the code down by roughly a factor of two.  The
+ *   OPENSSL_COMPILE_ASSERT() in fe_copy_lt() is changed to a regular assert
+ *   and is also conditionalized.  Do a build and "make check" with
+ *   EDWARDS25519_ASSERTS defined when updating this code.
+ *
+ * - The copyright comments at the top are formatted the way we do so in other
+ *   source files, for ease of extraction.
+ *
+ * - Declarations in for loops conflict with our compiler configuration in
+ *   older versions of gcc, so they are moved outside of the for loop.
+ *
+ * - The preprocessor symbol OPENSSL_SMALL is changed to CONFIG_SMALL.
+ *
+ * - OPENSSL_memset and OPENSSL_memmove are changed to memset and memmove, in
+ *   each case verifying that they are used with nonzero length arguments.
+ *
+ * - CRYPTO_memcmp is changed to k5_bcmp.
+ *
+ * - Functions used only by X25519 or Ed25519 interfaces but not SPAKE are
+ *   removed, taking care to check for unused functions in both the 64-bit and
+ *   32-bit preprocessor branches.  ge_p3_dbl() is unused here if CONFIG_SMALL
+ *   is defined, so it is placed inside #ifndef CONFIG_SMALL.
+ */
+
+// Some of this code is taken from the ref10 version of Ed25519 in SUPERCOP
+// 20141124 (https://bench.cr.yp.to/supercop.html). That code is released as
+// public domain but parts have been replaced with code generated by Fiat
+// (https://github.com/mit-plv/fiat-crypto), which is MIT licensed.
+
+#include "groups.h"
+#include "iana.h"
+
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wdeclaration-after-statement"
+#endif
+
+#if SIZEOF_SIZE_T >= 8 && defined(HAVE___INT128_T) && defined(HAVE___UINT128_T)
+#define BORINGSSL_CURVE25519_64BIT
+typedef __int128_t int128_t;
+typedef __uint128_t uint128_t;
+#endif
+
+/* From BoringSSL third-party/fiat/internal.h */
+
+#if defined(BORINGSSL_CURVE25519_64BIT)
+// fe means field element. Here the field is \Z/(2^255-19). An element t,
+// entries t[0]...t[4], represents the integer t[0]+2^51 t[1]+2^102 t[2]+2^153
+// t[3]+2^204 t[4].
+// fe limbs are bounded by 1.125*2^51.
+// Multiplication and carrying produce fe from fe_loose.
+typedef struct fe { uint64_t v[5]; } fe;
+
+// fe_loose limbs are bounded by 3.375*2^51.
+// Addition and subtraction produce fe_loose from (fe, fe).
+typedef struct fe_loose { uint64_t v[5]; } fe_loose;
+#else
+// fe means field element. Here the field is \Z/(2^255-19). An element t,
+// entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+// t[3]+2^102 t[4]+...+2^230 t[9].
+// fe limbs are bounded by 1.125*2^26,1.125*2^25,1.125*2^26,1.125*2^25,etc.
+// Multiplication and carrying produce fe from fe_loose.
+typedef struct fe { uint32_t v[10]; } fe;
+
+// fe_loose limbs are bounded by 3.375*2^26,3.375*2^25,3.375*2^26,3.375*2^25,etc.
+// Addition and subtraction produce fe_loose from (fe, fe).
+typedef struct fe_loose { uint32_t v[10]; } fe_loose;
+#endif
+
+// ge means group element.
+//
+// Here the group is the set of pairs (x,y) of field elements (see fe.h)
+// satisfying -x^2 + y^2 = 1 + d x^2y^2
+// where d = -121665/121666.
+//
+// Representations:
+//   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+//   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+//   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+//   ge_precomp (Duif): (y+x,y-x,2dxy)
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+} ge_p2;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p3;
+
+typedef struct {
+  fe_loose X;
+  fe_loose Y;
+  fe_loose Z;
+  fe_loose T;
+} ge_p1p1;
+
+typedef struct {
+  fe_loose yplusx;
+  fe_loose yminusx;
+  fe_loose xy2d;
+} ge_precomp;
+
+typedef struct {
+  fe_loose YplusX;
+  fe_loose YminusX;
+  fe_loose Z;
+  fe_loose T2d;
+} ge_cached;
+
+#include "edwards25519_tables.h"
+#include "edwards25519_fiat.h"
+
+/* From BoringSSL third-party/fiat/curve25519.c */
+
+static uint64_t load_3(const uint8_t *in) {
+  uint64_t result;
+  result = (uint64_t)in[0];
+  result |= ((uint64_t)in[1]) << 8;
+  result |= ((uint64_t)in[2]) << 16;
+  return result;
+}
+
+static uint64_t load_4(const uint8_t *in) {
+  uint64_t result;
+  result = (uint64_t)in[0];
+  result |= ((uint64_t)in[1]) << 8;
+  result |= ((uint64_t)in[2]) << 16;
+  result |= ((uint64_t)in[3]) << 24;
+  return result;
+}
+
+
+// Field operations.
+
+#if defined(BORINGSSL_CURVE25519_64BIT)
+
+typedef uint64_t fe_limb_t;
+#define FE_NUM_LIMBS 5
+
+// assert_fe asserts that |f| satisfies bounds:
+//
+//  [[0x0 ~> 0x8cccccccccccc],
+//   [0x0 ~> 0x8cccccccccccc],
+//   [0x0 ~> 0x8cccccccccccc],
+//   [0x0 ~> 0x8cccccccccccc],
+//   [0x0 ~> 0x8cccccccccccc]]
+//
+// See comments in edwards25519_fiat.h for which functions use these bounds for
+// inputs or outputs.
+#define assert_fe(f)                                                    \
+  do {                                                                  \
+    for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \
+      assert(f[_assert_fe_i] <= UINT64_C(0x8cccccccccccc));             \
+    }                                                                   \
+  } while (0)
+
+// assert_fe_loose asserts that |f| satisfies bounds:
+//
+//  [[0x0 ~> 0x1a666666666664],
+//   [0x0 ~> 0x1a666666666664],
+//   [0x0 ~> 0x1a666666666664],
+//   [0x0 ~> 0x1a666666666664],
+//   [0x0 ~> 0x1a666666666664]]
+//
+// See comments in edwards25519_fiat.h for which functions use these bounds for
+// inputs or outputs.
+#define assert_fe_loose(f)                                              \
+  do {                                                                  \
+    for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \
+      assert(f[_assert_fe_i] <= UINT64_C(0x1a666666666664));            \
+    }                                                                   \
+  } while (0)
+
+#else
+
+typedef uint32_t fe_limb_t;
+#define FE_NUM_LIMBS 10
+
+// assert_fe asserts that |f| satisfies bounds:
+//
+//  [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
+//   [0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
+//   [0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
+//   [0x0 ~> 0x4666666], [0x0 ~> 0x2333333],
+//   [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+//
+// See comments in edwards25519_fiat.h for which functions use these bounds for
+// inputs or outputs.
+#define assert_fe(f)                                                     \
+  do {                                                                   \
+    for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \
+      assert(f[_assert_fe_i] <=                                          \
+             ((_assert_fe_i & 1) ? 0x2333333u : 0x4666666u));            \
+    }                                                                    \
+  } while (0)
+
+// assert_fe_loose asserts that |f| satisfies bounds:
+//
+//  [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
+//   [0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
+//   [0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
+//   [0x0 ~> 0xd333332], [0x0 ~> 0x6999999],
+//   [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+//
+// See comments in edwards25519_fiat.h for which functions use these bounds for
+// inputs or outputs.
+#define assert_fe_loose(f)                                               \
+  do {                                                                   \
+    for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \
+      assert(f[_assert_fe_i] <=                                          \
+             ((_assert_fe_i & 1) ? 0x6999999u : 0xd333332u));            \
+    }                                                                    \
+  } while (0)
+
+#endif  // BORINGSSL_CURVE25519_64BIT
+
+#ifndef EDWARDS25519_ASSERTS
+#undef assert_fe
+#undef assert_fe_loose
+#define assert_fe(f)
+#define assert_fe_loose(f)
+#endif
+
+static void fe_frombytes_strict(fe *h, const uint8_t s[32]) {
+  // |fiat_25519_from_bytes| requires the top-most bit be clear.
+  assert((s[31] & 0x80) == 0);
+  fiat_25519_from_bytes(h->v, s);
+  assert_fe(h->v);
+}
+
+static void fe_frombytes(fe *h, const uint8_t s[32]) {
+  uint8_t s_copy[32];
+  memcpy(s_copy, s, 32);
+  s_copy[31] &= 0x7f;
+  fe_frombytes_strict(h, s_copy);
+}
+
+static void fe_tobytes(uint8_t s[32], const fe *f) {
+  assert_fe(f->v);
+  fiat_25519_to_bytes(s, f->v);
+}
+
+// h = 0
+static void fe_0(fe *h) {
+  memset(h, 0, sizeof(fe));
+}
+
+static void fe_loose_0(fe_loose *h) {
+  memset(h, 0, sizeof(fe_loose));
+}
+
+// h = 1
+static void fe_1(fe *h) {
+  memset(h, 0, sizeof(fe));
+  h->v[0] = 1;
+}
+
+static void fe_loose_1(fe_loose *h) {
+  memset(h, 0, sizeof(fe_loose));
+  h->v[0] = 1;
+}
+
+// h = f + g
+// Can overlap h with f or g.
+static void fe_add(fe_loose *h, const fe *f, const fe *g) {
+  assert_fe(f->v);
+  assert_fe(g->v);
+  fiat_25519_add(h->v, f->v, g->v);
+  assert_fe_loose(h->v);
+}
+
+// h = f - g
+// Can overlap h with f or g.
+static void fe_sub(fe_loose *h, const fe *f, const fe *g) {
+  assert_fe(f->v);
+  assert_fe(g->v);
+  fiat_25519_sub(h->v, f->v, g->v);
+  assert_fe_loose(h->v);
+}
+
+static void fe_carry(fe *h, const fe_loose* f) {
+  assert_fe_loose(f->v);
+  fiat_25519_carry(h->v, f->v);
+  assert_fe(h->v);
+}
+
+static void fe_mul_impl(fe_limb_t out[FE_NUM_LIMBS],
+                        const fe_limb_t in1[FE_NUM_LIMBS],
+                        const fe_limb_t in2[FE_NUM_LIMBS]) {
+  assert_fe_loose(in1);
+  assert_fe_loose(in2);
+  fiat_25519_carry_mul(out, in1, in2);
+  assert_fe(out);
+}
+
+static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+
+static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+
+static void fe_mul_ttt(fe *h, const fe *f, const fe *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+
+static void fe_mul_tlt(fe *h, const fe_loose *f, const fe *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+
+static void fe_mul_ttl(fe *h, const fe *f, const fe_loose *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+
+static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+
+static void fe_sq_tl(fe *h, const fe_loose *f) {
+  assert_fe_loose(f->v);
+  fiat_25519_carry_square(h->v, f->v);
+  assert_fe(h->v);
+}
+
+static void fe_sq_tt(fe *h, const fe *f) {
+  assert_fe_loose(f->v);
+  fiat_25519_carry_square(h->v, f->v);
+  assert_fe(h->v);
+}
+
+// h = -f
+static void fe_neg(fe_loose *h, const fe *f) {
+  assert_fe(f->v);
+  fiat_25519_opp(h->v, f->v);
+  assert_fe_loose(h->v);
+}
+
+// Replace (f,g) with (g,g) if b == 1;
+// replace (f,g) with (f,g) if b == 0.
+//
+// Preconditions: b in {0,1}.
+static void fe_cmov(fe_loose *f, const fe_loose *g, fe_limb_t b) {
+  b = 0-b;
+  unsigned i;
+  for (i = 0; i < FE_NUM_LIMBS; i++) {
+    fe_limb_t x = f->v[i] ^ g->v[i];
+    x &= b;
+    f->v[i] ^= x;
+  }
+}
+
+// h = f
+static void fe_copy(fe *h, const fe *f) {
+  memmove(h, f, sizeof(fe));
+}
+
+static void fe_copy_lt(fe_loose *h, const fe *f) {
+#ifdef EDWARDS25519_ASSERTS
+  assert(sizeof(fe_loose) == sizeof(fe));
+#endif
+  memmove(h, f, sizeof(fe));
+}
+#if !defined(CONFIG_SMALL)
+static void fe_copy_ll(fe_loose *h, const fe_loose *f) {
+  memmove(h, f, sizeof(fe_loose));
+}
+#endif // !defined(CONFIG_SMALL)
+
+static void fe_loose_invert(fe *out, const fe_loose *z) {
+  fe t0;
+  fe t1;
+  fe t2;
+  fe t3;
+  int i;
+
+  fe_sq_tl(&t0, z);
+  fe_sq_tt(&t1, &t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_tlt(&t1, z, &t1);
+  fe_mul_ttt(&t0, &t0, &t1);
+  fe_sq_tt(&t2, &t0);
+  fe_mul_ttt(&t1, &t1, &t2);
+  fe_sq_tt(&t2, &t1);
+  for (i = 1; i < 5; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t1, &t2, &t1);
+  fe_sq_tt(&t2, &t1);
+  for (i = 1; i < 10; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t2, &t2, &t1);
+  fe_sq_tt(&t3, &t2);
+  for (i = 1; i < 20; ++i) {
+    fe_sq_tt(&t3, &t3);
+  }
+  fe_mul_ttt(&t2, &t3, &t2);
+  fe_sq_tt(&t2, &t2);
+  for (i = 1; i < 10; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t1, &t2, &t1);
+  fe_sq_tt(&t2, &t1);
+  for (i = 1; i < 50; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t2, &t2, &t1);
+  fe_sq_tt(&t3, &t2);
+  for (i = 1; i < 100; ++i) {
+    fe_sq_tt(&t3, &t3);
+  }
+  fe_mul_ttt(&t2, &t3, &t2);
+  fe_sq_tt(&t2, &t2);
+  for (i = 1; i < 50; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t1, &t2, &t1);
+  fe_sq_tt(&t1, &t1);
+  for (i = 1; i < 5; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(out, &t1, &t0);
+}
+
+static void fe_invert(fe *out, const fe *z) {
+  fe_loose l;
+  fe_copy_lt(&l, z);
+  fe_loose_invert(out, &l);
+}
+
+// return 0 if f == 0
+// return 1 if f != 0
+static int fe_isnonzero(const fe_loose *f) {
+  fe tight;
+  fe_carry(&tight, f);
+  uint8_t s[32];
+  fe_tobytes(s, &tight);
+
+  static const uint8_t zero[32] = {0};
+  return k5_bcmp(s, zero, sizeof(zero)) != 0;
+}
+
+// return 1 if f is in {1,3,5,...,q-2}
+// return 0 if f is in {0,2,4,...,q-1}
+static int fe_isnegative(const fe *f) {
+  uint8_t s[32];
+  fe_tobytes(s, f);
+  return s[0] & 1;
+}
+
+static void fe_sq2_tt(fe *h, const fe *f) {
+  // h = f^2
+  fe_sq_tt(h, f);
+
+  // h = h + h
+  fe_loose tmp;
+  fe_add(&tmp, h, h);
+  fe_carry(h, &tmp);
+}
+
+static void fe_pow22523(fe *out, const fe *z) {
+  fe t0;
+  fe t1;
+  fe t2;
+  int i;
+
+  fe_sq_tt(&t0, z);
+  fe_sq_tt(&t1, &t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(&t1, z, &t1);
+  fe_mul_ttt(&t0, &t0, &t1);
+  fe_sq_tt(&t0, &t0);
+  fe_mul_ttt(&t0, &t1, &t0);
+  fe_sq_tt(&t1, &t0);
+  for (i = 1; i < 5; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(&t0, &t1, &t0);
+  fe_sq_tt(&t1, &t0);
+  for (i = 1; i < 10; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(&t1, &t1, &t0);
+  fe_sq_tt(&t2, &t1);
+  for (i = 1; i < 20; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t1, &t2, &t1);
+  fe_sq_tt(&t1, &t1);
+  for (i = 1; i < 10; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(&t0, &t1, &t0);
+  fe_sq_tt(&t1, &t0);
+  for (i = 1; i < 50; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(&t1, &t1, &t0);
+  fe_sq_tt(&t2, &t1);
+  for (i = 1; i < 100; ++i) {
+    fe_sq_tt(&t2, &t2);
+  }
+  fe_mul_ttt(&t1, &t2, &t1);
+  fe_sq_tt(&t1, &t1);
+  for (i = 1; i < 50; ++i) {
+    fe_sq_tt(&t1, &t1);
+  }
+  fe_mul_ttt(&t0, &t1, &t0);
+  fe_sq_tt(&t0, &t0);
+  for (i = 1; i < 2; ++i) {
+    fe_sq_tt(&t0, &t0);
+  }
+  fe_mul_ttt(out, &t0, z);
+}
+
+
+// Group operations.
+
+static void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h) {
+  fe recip;
+  fe x;
+  fe y;
+
+  fe_invert(&recip, &h->Z);
+  fe_mul_ttt(&x, &h->X, &recip);
+  fe_mul_ttt(&y, &h->Y, &recip);
+  fe_tobytes(s, &y);
+  s[31] ^= fe_isnegative(&x) << 7;
+}
+
+static int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) {
+  fe u;
+  fe_loose v;
+  fe v3;
+  fe vxx;
+  fe_loose check;
+
+  fe_frombytes(&h->Y, s);
+  fe_1(&h->Z);
+  fe_sq_tt(&v3, &h->Y);
+  fe_mul_ttt(&vxx, &v3, &d);
+  fe_sub(&v, &v3, &h->Z);  // u = y^2-1
+  fe_carry(&u, &v);
+  fe_add(&v, &vxx, &h->Z);  // v = dy^2+1
+
+  fe_sq_tl(&v3, &v);
+  fe_mul_ttl(&v3, &v3, &v);  // v3 = v^3
+  fe_sq_tt(&h->X, &v3);
+  fe_mul_ttl(&h->X, &h->X, &v);
+  fe_mul_ttt(&h->X, &h->X, &u);  // x = uv^7
+
+  fe_pow22523(&h->X, &h->X);  // x = (uv^7)^((q-5)/8)
+  fe_mul_ttt(&h->X, &h->X, &v3);
+  fe_mul_ttt(&h->X, &h->X, &u);  // x = uv^3(uv^7)^((q-5)/8)
+
+  fe_sq_tt(&vxx, &h->X);
+  fe_mul_ttl(&vxx, &vxx, &v);
+  fe_sub(&check, &vxx, &u);
+  if (fe_isnonzero(&check)) {
+    fe_add(&check, &vxx, &u);
+    if (fe_isnonzero(&check)) {
+      return 0;
+    }
+    fe_mul_ttt(&h->X, &h->X, &sqrtm1);
+  }
+
+  if (fe_isnegative(&h->X) != (s[31] >> 7)) {
+    fe_loose t;
+    fe_neg(&t, &h->X);
+    fe_carry(&h->X, &t);
+  }
+
+  fe_mul_ttt(&h->T, &h->X, &h->Y);
+  return 1;
+}
+
+static void ge_p2_0(ge_p2 *h) {
+  fe_0(&h->X);
+  fe_1(&h->Y);
+  fe_1(&h->Z);
+}
+
+static void ge_p3_0(ge_p3 *h) {
+  fe_0(&h->X);
+  fe_1(&h->Y);
+  fe_1(&h->Z);
+  fe_0(&h->T);
+}
+
+static void ge_cached_0(ge_cached *h) {
+  fe_loose_1(&h->YplusX);
+  fe_loose_1(&h->YminusX);
+  fe_loose_1(&h->Z);
+  fe_loose_0(&h->T2d);
+}
+
+static void ge_precomp_0(ge_precomp *h) {
+  fe_loose_1(&h->yplusx);
+  fe_loose_1(&h->yminusx);
+  fe_loose_0(&h->xy2d);
+}
+
+// r = p
+static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) {
+  fe_copy(&r->X, &p->X);
+  fe_copy(&r->Y, &p->Y);
+  fe_copy(&r->Z, &p->Z);
+}
+
+// r = p
+static void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p) {
+  fe_add(&r->YplusX, &p->Y, &p->X);
+  fe_sub(&r->YminusX, &p->Y, &p->X);
+  fe_copy_lt(&r->Z, &p->Z);
+  fe_mul_ltt(&r->T2d, &p->T, &d2);
+}
+
+// r = p
+static void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) {
+  fe_mul_tll(&r->X, &p->X, &p->T);
+  fe_mul_tll(&r->Y, &p->Y, &p->Z);
+  fe_mul_tll(&r->Z, &p->Z, &p->T);
+}
+
+// r = p
+static void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) {
+  fe_mul_tll(&r->X, &p->X, &p->T);
+  fe_mul_tll(&r->Y, &p->Y, &p->Z);
+  fe_mul_tll(&r->Z, &p->Z, &p->T);
+  fe_mul_tll(&r->T, &p->X, &p->Y);
+}
+
+// r = p
+static void ge_p1p1_to_cached(ge_cached *r, const ge_p1p1 *p) {
+  ge_p3 t;
+  x25519_ge_p1p1_to_p3(&t, p);
+  x25519_ge_p3_to_cached(r, &t);
+}
+
+// r = 2 * p
+static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) {
+  fe trX, trZ, trT;
+  fe t0;
+
+  fe_sq_tt(&trX, &p->X);
+  fe_sq_tt(&trZ, &p->Y);
+  fe_sq2_tt(&trT, &p->Z);
+  fe_add(&r->Y, &p->X, &p->Y);
+  fe_sq_tl(&t0, &r->Y);
+
+  fe_add(&r->Y, &trZ, &trX);
+  fe_sub(&r->Z, &trZ, &trX);
+  fe_carry(&trZ, &r->Y);
+  fe_sub(&r->X, &t0, &trZ);
+  fe_carry(&trZ, &r->Z);
+  fe_sub(&r->T, &trT, &trZ);
+}
+
+#ifndef CONFIG_SMALL
+// r = 2 * p
+static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) {
+  ge_p2 q;
+  ge_p3_to_p2(&q, p);
+  ge_p2_dbl(r, &q);
+}
+#endif
+
+// r = p + q
+static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) {
+  fe trY, trZ, trT;
+
+  fe_add(&r->X, &p->Y, &p->X);
+  fe_sub(&r->Y, &p->Y, &p->X);
+  fe_mul_tll(&trZ, &r->X, &q->yplusx);
+  fe_mul_tll(&trY, &r->Y, &q->yminusx);
+  fe_mul_tlt(&trT, &q->xy2d, &p->T);
+  fe_add(&r->T, &p->Z, &p->Z);
+  fe_sub(&r->X, &trZ, &trY);
+  fe_add(&r->Y, &trZ, &trY);
+  fe_carry(&trZ, &r->T);
+  fe_add(&r->Z, &trZ, &trT);
+  fe_sub(&r->T, &trZ, &trT);
+}
+
+// r = p + q
+static void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
+  fe trX, trY, trZ, trT;
+
+  fe_add(&r->X, &p->Y, &p->X);
+  fe_sub(&r->Y, &p->Y, &p->X);
+  fe_mul_tll(&trZ, &r->X, &q->YplusX);
+  fe_mul_tll(&trY, &r->Y, &q->YminusX);
+  fe_mul_tlt(&trT, &q->T2d, &p->T);
+  fe_mul_ttl(&trX, &p->Z, &q->Z);
+  fe_add(&r->T, &trX, &trX);
+  fe_sub(&r->X, &trZ, &trY);
+  fe_add(&r->Y, &trZ, &trY);
+  fe_carry(&trZ, &r->T);
+  fe_add(&r->Z, &trZ, &trT);
+  fe_sub(&r->T, &trZ, &trT);
+}
+
+// r = p - q
+static void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
+  fe trX, trY, trZ, trT;
+
+  fe_add(&r->X, &p->Y, &p->X);
+  fe_sub(&r->Y, &p->Y, &p->X);
+  fe_mul_tll(&trZ, &r->X, &q->YminusX);
+  fe_mul_tll(&trY, &r->Y, &q->YplusX);
+  fe_mul_tlt(&trT, &q->T2d, &p->T);
+  fe_mul_ttl(&trX, &p->Z, &q->Z);
+  fe_add(&r->T, &trX, &trX);
+  fe_sub(&r->X, &trZ, &trY);
+  fe_add(&r->Y, &trZ, &trY);
+  fe_carry(&trZ, &r->T);
+  fe_sub(&r->Z, &trZ, &trT);
+  fe_add(&r->T, &trZ, &trT);
+}
+
+static uint8_t equal(signed char b, signed char c) {
+  uint8_t ub = b;
+  uint8_t uc = c;
+  uint8_t x = ub ^ uc;  // 0: yes; 1..255: no
+  uint32_t y = x;       // 0: yes; 1..255: no
+  y -= 1;               // 4294967295: yes; 0..254: no
+  y >>= 31;             // 1: yes; 0: no
+  return y;
+}
+
+static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
+  fe_cmov(&t->yplusx, &u->yplusx, b);
+  fe_cmov(&t->yminusx, &u->yminusx, b);
+  fe_cmov(&t->xy2d, &u->xy2d, b);
+}
+
+static void x25519_ge_scalarmult_small_precomp(
+    ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]) {
+  // precomp_table is first expanded into matching |ge_precomp|
+  // elements.
+  ge_precomp multiples[15];
+
+  unsigned i;
+  for (i = 0; i < 15; i++) {
+    // The precomputed table is assumed to already clear the top bit, so
+    // |fe_frombytes_strict| may be used directly.
+    const uint8_t *bytes = &precomp_table[i*(2 * 32)];
+    fe x, y;
+    fe_frombytes_strict(&x, bytes);
+    fe_frombytes_strict(&y, bytes + 32);
+
+    ge_precomp *out = &multiples[i];
+    fe_add(&out->yplusx, &y, &x);
+    fe_sub(&out->yminusx, &y, &x);
+    fe_mul_ltt(&out->xy2d, &x, &y);
+    fe_mul_llt(&out->xy2d, &out->xy2d, &d2);
+  }
+
+  // See the comment above |k25519SmallPrecomp| about the structure of the
+  // precomputed elements. This loop does 64 additions and 64 doublings to
+  // calculate the result.
+  ge_p3_0(h);
+
+  for (i = 63; i < 64; i--) {
+    unsigned j;
+    signed char index = 0;
+
+    for (j = 0; j < 4; j++) {
+      const uint8_t bit = 1 & (a[(8 * j) + (i / 8)] >> (i & 7));
+      index |= (bit << j);
+    }
+
+    ge_precomp e;
+    ge_precomp_0(&e);
+
+    for (j = 1; j < 16; j++) {
+      cmov(&e, &multiples[j-1], equal(index, j));
+    }
+
+    ge_cached cached;
+    ge_p1p1 r;
+    x25519_ge_p3_to_cached(&cached, h);
+    x25519_ge_add(&r, h, &cached);
+    x25519_ge_p1p1_to_p3(h, &r);
+
+    ge_madd(&r, h, &e);
+    x25519_ge_p1p1_to_p3(h, &r);
+  }
+}
+
+#if defined(CONFIG_SMALL)
+
+static void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
+  x25519_ge_scalarmult_small_precomp(h, a, k25519SmallPrecomp);
+}
+
+#else
+
+static uint8_t negative(signed char b) {
+  uint32_t x = b;
+  x >>= 31;  // 1: yes; 0: no
+  return x;
+}
+
+static void table_select(ge_precomp *t, int pos, signed char b) {
+  ge_precomp minust;
+  uint8_t bnegative = negative(b);
+  uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+
+  ge_precomp_0(t);
+  cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
+  cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
+  cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
+  cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
+  cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
+  cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
+  cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
+  cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
+  fe_copy_ll(&minust.yplusx, &t->yminusx);
+  fe_copy_ll(&minust.yminusx, &t->yplusx);
+
+  // NOTE: the input table is canonical, but types don't encode it
+  fe tmp;
+  fe_carry(&tmp, &t->xy2d);
+  fe_neg(&minust.xy2d, &tmp);
+
+  cmov(t, &minust, bnegative);
+}
+
+// h = a * B
+// where a = a[0]+256*a[1]+...+256^31 a[31]
+// B is the Ed25519 base point (x,4/5) with x positive.
+//
+// Preconditions:
+//   a[31] <= 127
+static void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
+  signed char e[64];
+  signed char carry;
+  ge_p1p1 r;
+  ge_p2 s;
+  ge_precomp t;
+  int i;
+
+  for (i = 0; i < 32; ++i) {
+    e[2 * i + 0] = (a[i] >> 0) & 15;
+    e[2 * i + 1] = (a[i] >> 4) & 15;
+  }
+  // each e[i] is between 0 and 15
+  // e[63] is between 0 and 7
+
+  carry = 0;
+  for (i = 0; i < 63; ++i) {
+    e[i] += carry;
+    carry = e[i] + 8;
+    carry >>= 4;
+    e[i] -= carry << 4;
+  }
+  e[63] += carry;
+  // each e[i] is between -8 and 8
+
+  ge_p3_0(h);
+  for (i = 1; i < 64; i += 2) {
+    table_select(&t, i / 2, e[i]);
+    ge_madd(&r, h, &t);
+    x25519_ge_p1p1_to_p3(h, &r);
+  }
+
+  ge_p3_dbl(&r, h);
+  x25519_ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  x25519_ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  x25519_ge_p1p1_to_p2(&s, &r);
+  ge_p2_dbl(&r, &s);
+  x25519_ge_p1p1_to_p3(h, &r);
+
+  for (i = 0; i < 64; i += 2) {
+    table_select(&t, i / 2, e[i]);
+    ge_madd(&r, h, &t);
+    x25519_ge_p1p1_to_p3(h, &r);
+  }
+}
+
+#endif
+
+static void cmov_cached(ge_cached *t, ge_cached *u, uint8_t b) {
+  fe_cmov(&t->YplusX, &u->YplusX, b);
+  fe_cmov(&t->YminusX, &u->YminusX, b);
+  fe_cmov(&t->Z, &u->Z, b);
+  fe_cmov(&t->T2d, &u->T2d, b);
+}
+
+// r = scalar * A.
+// where a = a[0]+256*a[1]+...+256^31 a[31].
+static void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar,
+                                 const ge_p3 *A) {
+  ge_p2 Ai_p2[8];
+  ge_cached Ai[16];
+  ge_p1p1 t;
+
+  ge_cached_0(&Ai[0]);
+  x25519_ge_p3_to_cached(&Ai[1], A);
+  ge_p3_to_p2(&Ai_p2[1], A);
+
+  unsigned i;
+  for (i = 2; i < 16; i += 2) {
+    ge_p2_dbl(&t, &Ai_p2[i / 2]);
+    ge_p1p1_to_cached(&Ai[i], &t);
+    if (i < 8) {
+      x25519_ge_p1p1_to_p2(&Ai_p2[i], &t);
+    }
+    x25519_ge_add(&t, A, &Ai[i]);
+    ge_p1p1_to_cached(&Ai[i + 1], &t);
+    if (i < 7) {
+      x25519_ge_p1p1_to_p2(&Ai_p2[i + 1], &t);
+    }
+  }
+
+  ge_p2_0(r);
+  ge_p3 u;
+
+  for (i = 0; i < 256; i += 4) {
+    ge_p2_dbl(&t, r);
+    x25519_ge_p1p1_to_p2(r, &t);
+    ge_p2_dbl(&t, r);
+    x25519_ge_p1p1_to_p2(r, &t);
+    ge_p2_dbl(&t, r);
+    x25519_ge_p1p1_to_p2(r, &t);
+    ge_p2_dbl(&t, r);
+    x25519_ge_p1p1_to_p3(&u, &t);
+
+    uint8_t index = scalar[31 - i/8];
+    index >>= 4 - (i & 4);
+    index &= 0xf;
+
+    unsigned j;
+    ge_cached selected;
+    ge_cached_0(&selected);
+    for (j = 0; j < 16; j++) {
+      cmov_cached(&selected, &Ai[j], equal(j, index));
+    }
+
+    x25519_ge_add(&t, &u, &selected);
+    x25519_ge_p1p1_to_p2(r, &t);
+  }
+}
+
+// int64_lshift21 returns |a << 21| but is defined when shifting bits into the
+// sign bit. This works around a language flaw in C.
+static inline int64_t int64_lshift21(int64_t a) {
+  return (int64_t)((uint64_t)a << 21);
+}
+
+// The set of scalars is \Z/l
+// where l = 2^252 + 27742317777372353535851937790883648493.
+
+// Input:
+//   s[0]+256*s[1]+...+256^63*s[63] = s
+//
+// Output:
+//   s[0]+256*s[1]+...+256^31*s[31] = s mod l
+//   where l = 2^252 + 27742317777372353535851937790883648493.
+//   Overwrites s in place.
+static void x25519_sc_reduce(uint8_t s[64]) {
+  int64_t s0 = 2097151 & load_3(s);
+  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
+  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
+  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
+  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
+  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
+  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
+  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
+  int64_t s8 = 2097151 & load_3(s + 21);
+  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
+  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
+  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
+  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
+  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
+  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
+  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
+  int64_t s16 = 2097151 & load_3(s + 42);
+  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
+  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
+  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
+  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
+  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
+  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
+  int64_t s23 = (load_4(s + 60) >> 3);
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= int64_lshift21(carry6);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= int64_lshift21(carry8);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= int64_lshift21(carry10);
+  carry12 = (s12 + (1 << 20)) >> 21;
+  s13 += carry12;
+  s12 -= int64_lshift21(carry12);
+  carry14 = (s14 + (1 << 20)) >> 21;
+  s15 += carry14;
+  s14 -= int64_lshift21(carry14);
+  carry16 = (s16 + (1 << 20)) >> 21;
+  s17 += carry16;
+  s16 -= int64_lshift21(carry16);
+
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= int64_lshift21(carry7);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= int64_lshift21(carry9);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= int64_lshift21(carry11);
+  carry13 = (s13 + (1 << 20)) >> 21;
+  s14 += carry13;
+  s13 -= int64_lshift21(carry13);
+  carry15 = (s15 + (1 << 20)) >> 21;
+  s16 += carry15;
+  s15 -= int64_lshift21(carry15);
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1 << 20)) >> 21;
+  s1 += carry0;
+  s0 -= int64_lshift21(carry0);
+  carry2 = (s2 + (1 << 20)) >> 21;
+  s3 += carry2;
+  s2 -= int64_lshift21(carry2);
+  carry4 = (s4 + (1 << 20)) >> 21;
+  s5 += carry4;
+  s4 -= int64_lshift21(carry4);
+  carry6 = (s6 + (1 << 20)) >> 21;
+  s7 += carry6;
+  s6 -= int64_lshift21(carry6);
+  carry8 = (s8 + (1 << 20)) >> 21;
+  s9 += carry8;
+  s8 -= int64_lshift21(carry8);
+  carry10 = (s10 + (1 << 20)) >> 21;
+  s11 += carry10;
+  s10 -= int64_lshift21(carry10);
+
+  carry1 = (s1 + (1 << 20)) >> 21;
+  s2 += carry1;
+  s1 -= int64_lshift21(carry1);
+  carry3 = (s3 + (1 << 20)) >> 21;
+  s4 += carry3;
+  s3 -= int64_lshift21(carry3);
+  carry5 = (s5 + (1 << 20)) >> 21;
+  s6 += carry5;
+  s5 -= int64_lshift21(carry5);
+  carry7 = (s7 + (1 << 20)) >> 21;
+  s8 += carry7;
+  s7 -= int64_lshift21(carry7);
+  carry9 = (s9 + (1 << 20)) >> 21;
+  s10 += carry9;
+  s9 -= int64_lshift21(carry9);
+  carry11 = (s11 + (1 << 20)) >> 21;
+  s12 += carry11;
+  s11 -= int64_lshift21(carry11);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= int64_lshift21(carry0);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= int64_lshift21(carry1);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= int64_lshift21(carry2);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= int64_lshift21(carry3);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= int64_lshift21(carry4);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= int64_lshift21(carry5);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= int64_lshift21(carry6);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= int64_lshift21(carry7);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= int64_lshift21(carry8);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= int64_lshift21(carry9);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= int64_lshift21(carry10);
+  carry11 = s11 >> 21;
+  s12 += carry11;
+  s11 -= int64_lshift21(carry11);
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21;
+  s1 += carry0;
+  s0 -= int64_lshift21(carry0);
+  carry1 = s1 >> 21;
+  s2 += carry1;
+  s1 -= int64_lshift21(carry1);
+  carry2 = s2 >> 21;
+  s3 += carry2;
+  s2 -= int64_lshift21(carry2);
+  carry3 = s3 >> 21;
+  s4 += carry3;
+  s3 -= int64_lshift21(carry3);
+  carry4 = s4 >> 21;
+  s5 += carry4;
+  s4 -= int64_lshift21(carry4);
+  carry5 = s5 >> 21;
+  s6 += carry5;
+  s5 -= int64_lshift21(carry5);
+  carry6 = s6 >> 21;
+  s7 += carry6;
+  s6 -= int64_lshift21(carry6);
+  carry7 = s7 >> 21;
+  s8 += carry7;
+  s7 -= int64_lshift21(carry7);
+  carry8 = s8 >> 21;
+  s9 += carry8;
+  s8 -= int64_lshift21(carry8);
+  carry9 = s9 >> 21;
+  s10 += carry9;
+  s9 -= int64_lshift21(carry9);
+  carry10 = s10 >> 21;
+  s11 += carry10;
+  s10 -= int64_lshift21(carry10);
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | (s1 << 5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | (s2 << 2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | (s3 << 7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | (s4 << 4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | (s5 << 1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | (s6 << 6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | (s7 << 3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | (s9 << 5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | (s10 << 2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | (s11 << 7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+}
+
+/* Loosely from BoringSSL crypto/curve25519/spake25519.c */
+
+/*
+ * Here BoringSSL uses different points, not restricted to the generator
+ * subgroup, while we use the draft-irtf-cfrg-spake2-05 points.  The Python
+ * code is modified to add the subgroup restriction.
+ */
+
+// The following precomputation tables are for the following
+// points:
+//
+// N (found in 7 iterations):
+//   x: 10742253510813957597047979962966927467575235974254765187031601461055699024931
+//   y: 19796686047937480651099107989427797822652529149428697746066532921705571401683
+//   encoded: d3bfb518f44f3430f29d0c92af503865a1ed3281dc69b35dd868ba85f886c4ab
+//
+// M (found in 21 iterations):
+//   x: 8158688967149231307266666683326742915289288280191350817196911733632187385319
+//   y: 21622333750659878624441478467798461427617029906629724657331223068277098105040
+//   encoded: d048032c6ea0b6d697ddc2e86bda85a33adac920f1bf18e1b0c6d166a5cecdaf
+//
+// These points and their precomputation tables are generated with the
+// following Python code.
+
+/*
+import hashlib
+import ed25519 as E  # https://ed25519.cr.yp.to/python/ed25519.py
+
+SEED_N = 'edwards25519 point generation seed (N)'
+SEED_M = 'edwards25519 point generation seed (M)'
+
+def genpoint(seed):
+    v = hashlib.sha256(seed).digest()
+    it = 1
+    while True:
+        try:
+            x,y = E.decodepoint(v)
+            if E.scalarmult((x,y), E.l) != [0, 1]:
+                raise Exception('point has wrong order')
+        except Exception, e:
+            print e
+            it += 1
+            v = hashlib.sha256(v).digest()
+            continue
+        print "Found in %d iterations:" % it
+        print "  x = %d" % x
+        print "  y = %d" % y
+        print " Encoded (hex)"
+        print E.encodepoint((x,y)).encode('hex')
+        return (x,y)
+
+def gentable(P):
+    t = []
+    for i in range(1,16):
+        k = (i >> 3 & 1) * (1 << 192) + \
+            (i >> 2 & 1) * (1 << 128) + \
+            (i >> 1 & 1) * (1 <<  64) + \
+            (i      & 1)
+        t.append(E.scalarmult(P, k))
+    return ''.join(E.encodeint(x) + E.encodeint(y) for (x,y) in t)
+
+def printtable(table, name):
+    print "static const uint8_t %s[15 * 2 * 32] = {" % name,
+    for i in range(15 * 2 * 32):
+        if i % 12 == 0:
+            print "\n   ",
+        print " 0x%02x," % ord(table[i]),
+    print "\n};"
+
+if __name__ == "__main__":
+    print "Searching for N"
+    N = genpoint(SEED_N)
+    print "Generating precomputation table for N"
+    Ntable = gentable(N)
+    printtable(Ntable, "kSpakeNSmallPrecomp")
+
+    print "Searching for M"
+    M = genpoint(SEED_M)
+    print "Generating precomputation table for M"
+    Mtable = gentable(M)
+    printtable(Mtable, "kSpakeMSmallPrecomp")
+*/
+
+static const uint8_t kSpakeNSmallPrecomp[15 * 2 * 32] = {
+    0x23, 0xfc, 0x27, 0x6c, 0x55, 0xaf, 0xb3, 0x9c, 0xd8, 0x99, 0x3a, 0x0d,
+    0x7f, 0x08, 0xc9, 0xeb, 0x4d, 0x6e, 0x90, 0x99, 0x2f, 0x3c, 0x15, 0x2b,
+    0x89, 0x5a, 0x0f, 0xf2, 0x67, 0xe6, 0xbf, 0x17, 0xd3, 0xbf, 0xb5, 0x18,
+    0xf4, 0x4f, 0x34, 0x30, 0xf2, 0x9d, 0x0c, 0x92, 0xaf, 0x50, 0x38, 0x65,
+    0xa1, 0xed, 0x32, 0x81, 0xdc, 0x69, 0xb3, 0x5d, 0xd8, 0x68, 0xba, 0x85,
+    0xf8, 0x86, 0xc4, 0x2b, 0x53, 0x93, 0xb1, 0x99, 0x90, 0x30, 0xca, 0xb0,
+    0xbd, 0xea, 0x14, 0x4c, 0x6f, 0x2b, 0x81, 0x1e, 0x23, 0x45, 0xb2, 0x32,
+    0x2e, 0x2d, 0xe6, 0xb8, 0x5d, 0xc5, 0x15, 0x91, 0x63, 0x39, 0x18, 0x5b,
+    0x62, 0x63, 0x9b, 0xf4, 0x8b, 0xe0, 0x34, 0xa2, 0x95, 0x11, 0x92, 0x68,
+    0x54, 0xb7, 0xf3, 0x91, 0xca, 0x22, 0xad, 0x08, 0xd8, 0x9c, 0xa2, 0xf0,
+    0xdc, 0x9c, 0x2c, 0x84, 0x32, 0x26, 0xe0, 0x17, 0x89, 0x53, 0x6b, 0xfd,
+    0x76, 0x97, 0x25, 0xea, 0x99, 0x94, 0xf8, 0x29, 0x7c, 0xc4, 0x53, 0xc0,
+    0x98, 0x9a, 0x20, 0xdc, 0x70, 0x01, 0x50, 0xaa, 0x05, 0xa3, 0x40, 0x50,
+    0x66, 0x87, 0x30, 0x19, 0x12, 0xc3, 0xb8, 0x2d, 0x28, 0x8b, 0x7b, 0x48,
+    0xf7, 0x7b, 0xab, 0x45, 0x70, 0x2e, 0xbb, 0x85, 0xc1, 0x6c, 0xdd, 0x35,
+    0x00, 0x83, 0x20, 0x13, 0x82, 0x08, 0xaa, 0xa3, 0x03, 0x0f, 0xca, 0x27,
+    0x3e, 0x8b, 0x52, 0xc2, 0xd7, 0xb1, 0x8c, 0x22, 0xfe, 0x04, 0x4a, 0xf2,
+    0xe8, 0xac, 0xee, 0x2e, 0xd7, 0x77, 0x34, 0x49, 0xf2, 0xe9, 0xeb, 0x8c,
+    0xa6, 0xc8, 0xc6, 0xcd, 0x8a, 0x8f, 0x7c, 0x5d, 0x51, 0xc8, 0xfa, 0x6f,
+    0xb3, 0x93, 0xdb, 0x71, 0xef, 0x3e, 0x6e, 0xa7, 0x85, 0xc7, 0xd4, 0x3e,
+    0xa2, 0xe2, 0xc0, 0xaa, 0x17, 0xb3, 0xa4, 0x7c, 0xc2, 0x3f, 0x7c, 0x7a,
+    0xdd, 0x26, 0xde, 0x3e, 0xf1, 0x99, 0x06, 0xf7, 0x69, 0x1b, 0xc9, 0x20,
+    0x55, 0x4f, 0x86, 0x7a, 0x93, 0x89, 0x68, 0xe9, 0x2b, 0x2d, 0xbc, 0x08,
+    0x15, 0x5d, 0x2d, 0x0b, 0x4f, 0x1a, 0xb3, 0xd4, 0x8e, 0x77, 0x79, 0x2a,
+    0x25, 0xf9, 0xb6, 0x46, 0xfb, 0x87, 0x02, 0xa6, 0xe0, 0xd3, 0xba, 0x84,
+    0xea, 0x3e, 0x58, 0xa5, 0x7f, 0x8f, 0x8c, 0x39, 0x79, 0x28, 0xb5, 0xcf,
+    0xe4, 0xca, 0x63, 0xdc, 0xac, 0xed, 0x4b, 0x74, 0x1e, 0x94, 0x85, 0x8c,
+    0xe5, 0xf4, 0x76, 0x6f, 0x20, 0x67, 0x8b, 0xd8, 0xd6, 0x4b, 0xe7, 0x2d,
+    0xa0, 0xbd, 0xcc, 0x1f, 0xdf, 0x46, 0x9c, 0xa2, 0x49, 0x64, 0xdf, 0x24,
+    0x00, 0x11, 0x11, 0x45, 0x62, 0x5c, 0xd7, 0x8a, 0x00, 0x02, 0xf5, 0x9b,
+    0x4f, 0x53, 0x42, 0xc5, 0xd5, 0x55, 0x80, 0x73, 0x9a, 0x5b, 0x31, 0x5a,
+    0xbd, 0x3a, 0x43, 0xe9, 0x33, 0xe5, 0xaf, 0x1d, 0x92, 0x5e, 0x59, 0x37,
+    0xae, 0x57, 0xfa, 0x3b, 0xd2, 0x31, 0xae, 0xa6, 0xf9, 0xc9, 0xc1, 0x82,
+    0xa6, 0xa5, 0xed, 0x24, 0x53, 0x4b, 0x38, 0x22, 0xf2, 0x85, 0x8d, 0x13,
+    0xa6, 0x5e, 0xd6, 0x57, 0x17, 0xd3, 0x33, 0x38, 0x8d, 0x65, 0xd3, 0xcb,
+    0x1a, 0xa2, 0x3a, 0x2b, 0xbb, 0x61, 0x53, 0xd7, 0xff, 0xcd, 0x20, 0xb6,
+    0xbb, 0x8c, 0xab, 0x63, 0xef, 0xb8, 0x26, 0x7e, 0x81, 0x65, 0xaf, 0x90,
+    0xfc, 0xd2, 0xb6, 0x72, 0xdb, 0xe9, 0x23, 0x78, 0x12, 0x04, 0xc0, 0x03,
+    0x82, 0xa8, 0x7a, 0x0f, 0x48, 0x6f, 0x82, 0x7f, 0x81, 0xcd, 0xa7, 0x89,
+    0xdd, 0x86, 0xea, 0x5e, 0xa1, 0x50, 0x14, 0x34, 0x17, 0x64, 0x82, 0x0f,
+    0xc4, 0x40, 0x20, 0x1d, 0x8f, 0xfe, 0xfa, 0x99, 0xaf, 0x5b, 0xc1, 0x5d,
+    0xc8, 0x47, 0x07, 0x54, 0x4a, 0x22, 0x56, 0x57, 0xf1, 0x2c, 0x3b, 0x62,
+    0x7f, 0x12, 0x62, 0xaf, 0xfd, 0xf8, 0x04, 0x11, 0xa8, 0x51, 0xf0, 0x46,
+    0x5d, 0x79, 0x66, 0xff, 0x8a, 0x06, 0xef, 0x54, 0x64, 0x1b, 0x84, 0x3e,
+    0x41, 0xf3, 0xfe, 0x19, 0x51, 0xf7, 0x44, 0x9c, 0x16, 0xd3, 0x7a, 0x09,
+    0x59, 0xf5, 0x47, 0x45, 0xd0, 0x31, 0xef, 0x96, 0x2c, 0xc5, 0xc0, 0xd0,
+    0x56, 0xef, 0x3f, 0x07, 0x2b, 0xb7, 0x28, 0x49, 0xf5, 0xb1, 0x42, 0x18,
+    0xcf, 0x77, 0xd8, 0x2b, 0x71, 0x74, 0x80, 0xba, 0x34, 0x52, 0xce, 0x11,
+    0xfe, 0xc4, 0xb9, 0xeb, 0xf9, 0xc4, 0x5e, 0x1f, 0xd3, 0xde, 0x4b, 0x14,
+    0xe3, 0x6e, 0xe7, 0xd7, 0x83, 0x59, 0x98, 0xe8, 0x3d, 0x8e, 0xd6, 0x7d,
+    0xc0, 0x9a, 0x79, 0xb9, 0x83, 0xf1, 0xc1, 0x00, 0x5d, 0x16, 0x1b, 0x44,
+    0xe9, 0x02, 0xce, 0x99, 0x1e, 0x77, 0xef, 0xca, 0xbc, 0xf0, 0x6a, 0xb9,
+    0x65, 0x3f, 0x3c, 0xd9, 0xe1, 0x63, 0x0b, 0xbf, 0xaa, 0xa7, 0xe6, 0x6d,
+    0x6d, 0x3f, 0x44, 0x29, 0xa3, 0x8b, 0x6d, 0xc4, 0x81, 0xa9, 0xc3, 0x5a,
+    0x90, 0x55, 0x72, 0x61, 0x17, 0x22, 0x7f, 0x3e, 0x5f, 0xfc, 0xba, 0xb3,
+    0x7a, 0x99, 0x76, 0xe9, 0x20, 0xe5, 0xc5, 0xe8, 0x55, 0x56, 0x0f, 0x7a,
+    0x48, 0xe7, 0xbc, 0xe1, 0x13, 0xf4, 0x90, 0xef, 0x97, 0x6c, 0x02, 0x89,
+    0x4d, 0x22, 0x48, 0xda, 0xd3, 0x52, 0x45, 0x31, 0x26, 0xcc, 0xe8, 0x9e,
+    0x5d, 0xdd, 0x75, 0xe4, 0x1d, 0xbc, 0xb1, 0x08, 0x55, 0xaf, 0x54, 0x70,
+    0x0d, 0x0c, 0xf3, 0x50, 0xbc, 0x40, 0x83, 0xee, 0xdc, 0x6d, 0x8b, 0x40,
+    0x79, 0x62, 0x18, 0x37, 0xc4, 0x78, 0x02, 0x58, 0x7c, 0x78, 0xd3, 0x54,
+    0xed, 0x31, 0xbd, 0x7d, 0x48, 0xcf, 0xb6, 0x11, 0x27, 0x37, 0x9c, 0x86,
+    0xf7, 0x2e, 0x00, 0x7a, 0x48, 0x1b, 0xa6, 0x72, 0x70, 0x7b, 0x44, 0x45,
+    0xeb, 0x49, 0xbf, 0xbe, 0x09, 0x78, 0x66, 0x71, 0x12, 0x7f, 0x3d, 0x78,
+    0x51, 0x24, 0x82, 0xa2, 0xf0, 0x1e, 0x83, 0x81, 0x81, 0x45, 0x53, 0xfd,
+    0x5e, 0xf3, 0x03, 0x74, 0xbd, 0x23, 0x35, 0xf6, 0x10, 0xdd, 0x7c, 0x73,
+    0x46, 0x32, 0x09, 0x54, 0x99, 0x95, 0x91, 0x25, 0xb8, 0x32, 0x09, 0xd8,
+    0x2f, 0x97, 0x50, 0xa3, 0xf5, 0xd6, 0xb1, 0xed, 0x97, 0x51, 0x06, 0x42,
+    0x12, 0x0c, 0x69, 0x38, 0x09, 0xa0, 0xd8, 0x19, 0x70, 0xf7, 0x8f, 0x61,
+    0x0d, 0x56, 0x43, 0x66, 0x22, 0x8b, 0x0e, 0x0e, 0xf9, 0x81, 0x9f, 0xac,
+    0x6f, 0xbf, 0x7d, 0x04, 0x13, 0xf2, 0xe4, 0xeb, 0xfd, 0xbe, 0x4e, 0x56,
+    0xda, 0xe0, 0x22, 0x6d, 0x1b, 0x25, 0xc8, 0xa5, 0x9c, 0x05, 0x45, 0x52,
+    0x3c, 0x3a, 0xde, 0x6b, 0xac, 0x9b, 0xf8, 0x81, 0x97, 0x21, 0x46, 0xac,
+    0x7e, 0x89, 0xf8, 0x49, 0x58, 0xbb, 0x45, 0xac, 0xa2, 0xc4, 0x90, 0x1f,
+    0xb2, 0xb4, 0xf8, 0xe0, 0xcd, 0xa1, 0x9d, 0x1c, 0xf2, 0xf1, 0xdf, 0xfb,
+    0x88, 0x4e, 0xe5, 0x41, 0xd8, 0x6e, 0xac, 0x07, 0x87, 0x95, 0x35, 0xa6,
+    0x12, 0x08, 0x5d, 0x57, 0x5e, 0xaf, 0x71, 0x0f, 0x07, 0x4e, 0x81, 0x77,
+    0xf1, 0xef, 0xb5, 0x35, 0x5c, 0xfa, 0xf4, 0x4e, 0x42, 0xdc, 0x19, 0xfe,
+    0xe4, 0xd2, 0xb4, 0x27, 0xfb, 0x34, 0x1f, 0xb2, 0x6f, 0xf2, 0x95, 0xcc,
+    0xd4, 0x47, 0x63, 0xdc, 0x7e, 0x4f, 0x97, 0x2b, 0x7a, 0xe0, 0x80, 0x31,
+};
+
+static const uint8_t kSpakeMSmallPrecomp[15 * 2 * 32] = {
+    0xe7, 0x45, 0x7e, 0x47, 0x49, 0x69, 0xbd, 0x1b, 0x35, 0x1c, 0x2c, 0x98,
+    0x03, 0xf3, 0xb3, 0x37, 0xde, 0x39, 0xa5, 0xda, 0xc0, 0x2e, 0xa4, 0xac,
+    0x7d, 0x08, 0x26, 0xfc, 0x80, 0xa7, 0x09, 0x12, 0xd0, 0x48, 0x03, 0x2c,
+    0x6e, 0xa0, 0xb6, 0xd6, 0x97, 0xdd, 0xc2, 0xe8, 0x6b, 0xda, 0x85, 0xa3,
+    0x3a, 0xda, 0xc9, 0x20, 0xf1, 0xbf, 0x18, 0xe1, 0xb0, 0xc6, 0xd1, 0x66,
+    0xa5, 0xce, 0xcd, 0x2f, 0x80, 0xa8, 0x4e, 0xc3, 0x81, 0xae, 0x68, 0x3b,
+    0x0d, 0xdb, 0x56, 0x32, 0x2f, 0xa8, 0x97, 0xa0, 0x5c, 0x15, 0xc1, 0xcb,
+    0x6f, 0x7a, 0x5f, 0xc5, 0x32, 0xfb, 0x49, 0x17, 0x18, 0xfa, 0x85, 0x08,
+    0x85, 0xf1, 0xe3, 0x11, 0x8e, 0x3d, 0x70, 0x20, 0x38, 0x4e, 0x0c, 0x17,
+    0xa1, 0xa8, 0x20, 0xd2, 0xb1, 0x1d, 0x05, 0x8d, 0x0f, 0xc9, 0x96, 0x18,
+    0x9d, 0x8c, 0x89, 0x8f, 0x46, 0x6a, 0x6c, 0x6e, 0x72, 0x03, 0xb2, 0x75,
+    0x87, 0xd8, 0xa9, 0x60, 0x93, 0x2b, 0x8b, 0x66, 0xee, 0xaf, 0xce, 0x98,
+    0xcd, 0x6b, 0x7c, 0x6a, 0xbe, 0x19, 0xda, 0x66, 0x7c, 0xda, 0x53, 0xa0,
+    0xe3, 0x9a, 0x0e, 0x53, 0x3a, 0x7c, 0x73, 0x4a, 0x37, 0xa6, 0x53, 0x23,
+    0x67, 0x31, 0xce, 0x8a, 0xab, 0xee, 0x72, 0x76, 0xc2, 0xb5, 0x54, 0x42,
+    0xcf, 0x4b, 0xc7, 0x53, 0x24, 0x59, 0xaf, 0x76, 0x53, 0x10, 0x7e, 0x25,
+    0x94, 0x5c, 0x23, 0xa6, 0x5e, 0x05, 0xea, 0x14, 0xad, 0x2b, 0xce, 0x50,
+    0x77, 0xb3, 0x7a, 0x88, 0x4c, 0xf7, 0x74, 0x04, 0x35, 0xa4, 0x0c, 0x9e,
+    0xee, 0x6a, 0x4c, 0x3c, 0xc1, 0x6a, 0x35, 0x4d, 0x6d, 0x8f, 0x94, 0x95,
+    0xe4, 0x10, 0xca, 0x46, 0x4e, 0xfa, 0x38, 0x40, 0xeb, 0x1a, 0x1b, 0x5a,
+    0xff, 0x73, 0x4d, 0xe9, 0xf2, 0xbe, 0x89, 0xf5, 0xd1, 0x72, 0xd0, 0x1a,
+    0x7b, 0x82, 0x08, 0x19, 0xda, 0x54, 0x44, 0xa5, 0x3d, 0xd8, 0x10, 0x1c,
+    0xcf, 0x3b, 0xc7, 0x54, 0xd5, 0x11, 0xd7, 0x2a, 0x69, 0x3f, 0xa6, 0x58,
+    0x74, 0xfd, 0x90, 0xb2, 0xf4, 0xc2, 0x0e, 0xf3, 0x19, 0x8f, 0x51, 0x7c,
+    0x31, 0x12, 0x79, 0x61, 0x16, 0xb4, 0x2f, 0x2f, 0xd0, 0x88, 0x97, 0xf2,
+    0xc3, 0x8c, 0xa6, 0xa3, 0x29, 0xff, 0x7e, 0x12, 0x46, 0x2a, 0x9c, 0x09,
+    0x7c, 0x5f, 0x87, 0x07, 0x6b, 0xa1, 0x9a, 0x57, 0x55, 0x8e, 0xb0, 0x56,
+    0x5d, 0xc9, 0x4c, 0x5b, 0xae, 0xd3, 0xd0, 0x8e, 0xb8, 0xac, 0xba, 0xe8,
+    0x54, 0x45, 0x30, 0x14, 0xf6, 0x59, 0x20, 0xc4, 0x03, 0xb7, 0x7a, 0x5d,
+    0x6b, 0x5a, 0xcb, 0x28, 0x60, 0xf8, 0xef, 0x61, 0x60, 0x78, 0x6b, 0xf5,
+    0x21, 0x4b, 0x75, 0xc2, 0x77, 0xba, 0x0e, 0x38, 0x98, 0xe0, 0xfb, 0xb7,
+    0x5f, 0x75, 0x87, 0x04, 0x0c, 0xb4, 0x5c, 0x09, 0x04, 0x00, 0x38, 0x4e,
+    0x4f, 0x7b, 0x73, 0xe5, 0xdb, 0xdb, 0xf1, 0xf4, 0x5c, 0x64, 0x68, 0xfd,
+    0xb1, 0x86, 0xe8, 0x89, 0xbe, 0x9c, 0xd4, 0x96, 0x1d, 0xcb, 0xdc, 0x5c,
+    0xef, 0xd4, 0x33, 0x28, 0xb9, 0xb6, 0xaf, 0x3b, 0xcf, 0x8d, 0x30, 0xba,
+    0xe8, 0x08, 0xcf, 0x84, 0xba, 0x61, 0x10, 0x9b, 0x62, 0xf6, 0x18, 0x79,
+    0x66, 0x87, 0x82, 0x7c, 0xaa, 0x71, 0xac, 0xd0, 0xd0, 0x32, 0xb0, 0x54,
+    0x03, 0xa4, 0xad, 0x3f, 0x72, 0xca, 0x22, 0xff, 0x01, 0x87, 0x08, 0x36,
+    0x61, 0x22, 0xaa, 0x18, 0xab, 0x3a, 0xbc, 0xf2, 0x78, 0x05, 0xe1, 0x99,
+    0xa3, 0x59, 0x98, 0xcc, 0x21, 0xc6, 0x2b, 0x51, 0x6d, 0x43, 0x0a, 0x46,
+    0x50, 0xae, 0x11, 0x7e, 0xd5, 0x23, 0x56, 0xef, 0x83, 0xc8, 0xbf, 0x42,
+    0xf0, 0x45, 0x52, 0x1f, 0x34, 0xbc, 0x2f, 0xb0, 0xf0, 0xce, 0xf0, 0xec,
+    0xd0, 0x99, 0x59, 0x2e, 0x1f, 0xab, 0xa8, 0x1e, 0x4b, 0xce, 0x1b, 0x9a,
+    0x75, 0xc6, 0xc4, 0x71, 0x86, 0xf0, 0x8d, 0xec, 0xb0, 0x30, 0xb9, 0x62,
+    0xb3, 0xb7, 0xdd, 0x96, 0x29, 0xc8, 0xbf, 0xe9, 0xb0, 0x74, 0x78, 0x7b,
+    0xf7, 0xea, 0xa3, 0x14, 0x12, 0x56, 0xe0, 0xf3, 0x35, 0x7a, 0x26, 0x4a,
+    0x4c, 0xe6, 0xdf, 0x13, 0xb5, 0x52, 0xb0, 0x2a, 0x5f, 0x2e, 0xac, 0x34,
+    0xab, 0x5f, 0x1a, 0x01, 0xe4, 0x15, 0x1a, 0xd1, 0xbf, 0xc9, 0x95, 0x0a,
+    0xac, 0x1d, 0xe7, 0x53, 0x59, 0x8d, 0xc3, 0x21, 0x78, 0x5e, 0x12, 0x97,
+    0x8f, 0x4e, 0x1d, 0xf9, 0xe5, 0xe2, 0xc2, 0xc4, 0xba, 0xfb, 0x50, 0x96,
+    0x5b, 0x43, 0xe8, 0xf7, 0x0d, 0x1b, 0x64, 0x58, 0xbe, 0xd3, 0x95, 0x7f,
+    0x8e, 0xf1, 0x85, 0x35, 0xba, 0x25, 0x55, 0x2e, 0x02, 0x46, 0x5c, 0xad,
+    0x1f, 0xc5, 0x03, 0xcc, 0xd0, 0x43, 0x4c, 0xf2, 0x5e, 0x64, 0x0a, 0x89,
+    0xd9, 0xfd, 0x23, 0x7d, 0x4f, 0xbe, 0x2f, 0x0f, 0x1e, 0x12, 0x4a, 0xd9,
+    0xf8, 0x82, 0xde, 0x8f, 0x4f, 0x98, 0xb9, 0x90, 0xf6, 0xfa, 0xd1, 0x11,
+    0xa6, 0xdc, 0x7e, 0x32, 0x48, 0x6a, 0x8a, 0x14, 0x5e, 0x73, 0xb9, 0x6c,
+    0x0e, 0xc2, 0xf9, 0xcc, 0xf0, 0x32, 0xc8, 0xb5, 0x56, 0xaa, 0x5d, 0xd2,
+    0x07, 0xf1, 0x6f, 0x33, 0x6f, 0x05, 0x70, 0x49, 0x60, 0x49, 0x23, 0x23,
+    0x14, 0x0e, 0x4c, 0x58, 0x92, 0xad, 0xa9, 0x50, 0xb1, 0x59, 0x43, 0x96,
+    0x7b, 0xc1, 0x51, 0x45, 0xef, 0x0d, 0xef, 0xd1, 0xe4, 0xd0, 0xce, 0xdf,
+    0x6a, 0xbc, 0x1b, 0xbf, 0x7a, 0x87, 0x4e, 0x47, 0x17, 0x9c, 0x34, 0x38,
+    0xb0, 0x3c, 0xa1, 0x04, 0xfb, 0xe2, 0x66, 0xce, 0xb6, 0x82, 0xbb, 0xad,
+    0xc3, 0x8e, 0x12, 0x35, 0xbc, 0x17, 0xce, 0x01, 0x2d, 0xa3, 0xa6, 0xb9,
+    0xfa, 0x84, 0xc2, 0x2f, 0x5a, 0x4a, 0x8c, 0x4c, 0x11, 0x4e, 0xa8, 0x14,
+    0xcb, 0xb8, 0x99, 0xaa, 0x2e, 0x8c, 0xa0, 0xc9, 0x5f, 0x62, 0x2a, 0x84,
+    0x66, 0x60, 0x0a, 0x7e, 0xdc, 0x93, 0x17, 0x45, 0x19, 0xb3, 0x93, 0x4c,
+    0xdc, 0xd0, 0xd5, 0x5c, 0x25, 0xd2, 0xcd, 0x4e, 0x84, 0x4c, 0x73, 0xb3,
+    0x90, 0xa4, 0x22, 0x05, 0x2c, 0x7c, 0x39, 0x2b, 0x70, 0xd9, 0x61, 0x76,
+    0xb2, 0x03, 0x71, 0xe9, 0x0e, 0xf8, 0x57, 0x85, 0xad, 0xb1, 0x2f, 0x34,
+    0xa5, 0x66, 0xb0, 0x0f, 0x75, 0x94, 0x6e, 0x26, 0x79, 0x99, 0xb4, 0xe2,
+    0xe2, 0xa3, 0x58, 0xdd, 0xb4, 0xfb, 0x74, 0xf4, 0xa1, 0xca, 0xc3, 0x30,
+    0xe7, 0x86, 0xb2, 0xa2, 0x2c, 0x11, 0xc9, 0x58, 0xe3, 0xc1, 0xa6, 0x5f,
+    0x86, 0x6a, 0xe7, 0x75, 0xd5, 0xd8, 0x63, 0x95, 0x64, 0x59, 0xbc, 0xb8,
+    0xb7, 0xf5, 0x12, 0xe3, 0x03, 0xc6, 0x17, 0xea, 0x4e, 0xcb, 0xee, 0x4c,
+    0xae, 0x03, 0xd1, 0x33, 0xd0, 0x39, 0x36, 0x00, 0x0f, 0xf4, 0x9c, 0xbd,
+    0x35, 0x96, 0xfd, 0x0d, 0x26, 0xb7, 0x9e, 0xf4, 0x4b, 0x6f, 0x4b, 0xf1,
+    0xec, 0x11, 0x00, 0x16, 0x21, 0x1e, 0xd4, 0x43, 0x23, 0x8c, 0x4a, 0xfa,
+    0x9e, 0xd4, 0x2b, 0x36, 0x9a, 0x43, 0x1e, 0x58, 0x31, 0xe8, 0x1f, 0x83,
+    0x15, 0x20, 0x31, 0x68, 0xfe, 0x27, 0xd3, 0xd8, 0x9b, 0x43, 0x81, 0x8f,
+    0x57, 0x32, 0x14, 0xe6, 0x9e, 0xbf, 0xd1, 0xfb, 0xdf, 0xad, 0x7a, 0x52,
+};
+
+/* left_shift_3 sets |n| to |n|*8, where |n| is represented in little-endian
+ * order. */
+static void left_shift_3(uint8_t n[32]) {
+  uint8_t carry = 0;
+  unsigned i;
+
+  for (i = 0; i < 32; i++) {
+    const uint8_t next_carry = n[i] >> 5;
+    n[i] = (n[i] << 3) | carry;
+    carry = next_carry;
+  }
+}
+
+static krb5_error_code
+builtin_edwards25519_keygen(krb5_context context, groupdata *gdata,
+                            const uint8_t *wbytes, krb5_boolean use_m,
+                            uint8_t *priv_out, uint8_t *pub_out)
+{
+  uint8_t private[64];
+  krb5_data data = make_data(private, 32);
+  krb5_error_code ret;
+
+  /* Pick x or y uniformly from [0, p*h) divisible by h. */
+  ret = krb5_c_random_make_octets(context, &data);
+  if (ret)
+    return ret;
+  memset(private + 32, 0, 32);
+  x25519_sc_reduce(private);
+  left_shift_3(private);
+
+  /* Compute X=x*G or Y=y*G. */
+  ge_p3 P;
+  x25519_ge_scalarmult_base(&P, private);
+
+  /* Compute w mod p. */
+  uint8_t wreduced[64];
+  memcpy(wreduced, wbytes, 32);
+  memset(wreduced + 32, 0, 32);
+  x25519_sc_reduce(wreduced);
+
+  /* Compute the mask, w*M or w*N. */
+  ge_p3 mask;
+  x25519_ge_scalarmult_small_precomp(&mask, wreduced,
+                                     use_m ? kSpakeMSmallPrecomp :
+                                     kSpakeNSmallPrecomp);
+
+  /* Compute the masked point T=w*M+X or S=w*N+Y. */
+  ge_cached mask_cached;
+  x25519_ge_p3_to_cached(&mask_cached, &mask);
+  ge_p1p1 Pmasked;
+  x25519_ge_add(&Pmasked, &P, &mask_cached);
+
+  /* Encode T or S into pub_out. */
+  ge_p2 Pmasked_proj;
+  x25519_ge_p1p1_to_p2(&Pmasked_proj, &Pmasked);
+  x25519_ge_tobytes(pub_out, &Pmasked_proj);
+
+  /* Remember the private key in priv_out. */
+  memcpy(priv_out, private, 32);
+  return 0;
+}
+
+static krb5_error_code
+builtin_edwards25519_result(krb5_context context, groupdata *gdata,
+                            const uint8_t *wbytes, const uint8_t *ourpriv,
+                            const uint8_t *theirpub, krb5_boolean use_m,
+                            uint8_t *elem_out)
+{
+  /*
+   * Check if the point received from peer is on the curve.  This does not
+   * verify that it is in the generator subgroup, but since our private key is
+   * a multiple of the cofactor, the shared point will be in the generator
+   * subgroup even if a rogue peer sends a point which is not.
+   */
+  ge_p3 Qmasked;
+  if (!x25519_ge_frombytes_vartime(&Qmasked, theirpub))
+    return EINVAL;
+
+  /* Compute w mod p. */
+  uint8_t wreduced[64];
+  memcpy(wreduced, wbytes, 32);
+  memset(wreduced + 32, 0, 32);
+  x25519_sc_reduce(wreduced);
+
+  /* Compute the peer's mask, w*M or w*N. */
+  ge_p3 peers_mask;
+  x25519_ge_scalarmult_small_precomp(&peers_mask, wreduced,
+                                     use_m ? kSpakeMSmallPrecomp :
+                                     kSpakeNSmallPrecomp);
+
+  ge_cached peers_mask_cached;
+  x25519_ge_p3_to_cached(&peers_mask_cached, &peers_mask);
+
+  /* Compute the peer's unmasked point, T-w*M or S-w*N. */
+  ge_p1p1 Qcompl;
+  ge_p3 Qunmasked;
+  x25519_ge_sub(&Qcompl, &Qmasked, &peers_mask_cached);
+  x25519_ge_p1p1_to_p3(&Qunmasked, &Qcompl);
+
+  /* Multiply by our private value to compute K=x*(S-w*N) or K=y*(T-w*M). */
+  ge_p2 K;
+  x25519_ge_scalarmult(&K, ourpriv, &Qunmasked);
+
+  /* Encode K into elem_out. */
+  x25519_ge_tobytes(elem_out, &K);
+  return 0;
+}
+
+static krb5_error_code
+builtin_sha256(krb5_context context, groupdata *gdata, const krb5_data *dlist,
+               size_t ndata, uint8_t *result_out)
+{
+  return k5_sha256(dlist, ndata, result_out);
+}
+
+groupdef builtin_edwards25519 = {
+  .reg = &spake_iana_edwards25519,
+  .keygen = builtin_edwards25519_keygen,
+  .result = builtin_edwards25519_result,
+  .hash = builtin_sha256
+};
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/edwards25519_fiat.h b/krb5-1.21.3/src/plugins/preauth/spake/edwards25519_fiat.h
new file mode 100644
index 00000000..48ade921
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/edwards25519_fiat.h
@@ -0,0 +1,1289 @@
+#if defined(BORINGSSL_CURVE25519_64BIT)
+
+/* Autogenerated */
+/* curve description: 25519 */
+/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */
+/* n = 5 (from "5") */
+/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */
+/* c = [(1, 19)] (from "1,19") */
+/* machine_wordsize = 64 (from "64") */
+
+#include <stdint.h>
+typedef unsigned char fiat_25519_uint1;
+typedef signed char fiat_25519_int1;
+typedef int128_t fiat_25519_int128;
+typedef uint128_t fiat_25519_uint128;
+
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x7ffffffffffff]
+ *   arg3: [0x0 ~> 0x7ffffffffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x7ffffffffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
+  uint64_t x1 = ((arg1 + arg2) + arg3);
+  uint64_t x2 = (x1 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 51);
+  *out1 = x2;
+  *out2 = x3;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x7ffffffffffff]
+ *   arg3: [0x0 ~> 0x7ffffffffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x7ffffffffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
+  int64_t x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3);
+  fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 51);
+  uint64_t x3 = (x1 & UINT64_C(0x7ffffffffffff));
+  *out1 = x3;
+  *out2 = (fiat_25519_uint1)(0x0 - x2);
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0xffffffffffffffff]
+ *   arg3: [0x0 ~> 0xffffffffffffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0xffffffffffffffff]
+ */
+static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
+  fiat_25519_uint1 x1 = (!(!arg1));
+  uint64_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff));
+  uint64_t x3 = ((x2 & arg3) | ((~x2) & arg2));
+  *out1 = x3;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ *   arg2: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ */
+static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
+  fiat_25519_uint128 x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) * (uint64_t)UINT8_C(0x13)));
+  fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[4]) * (arg2[0]));
+  fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[3]) * (arg2[1]));
+  fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[3]) * (arg2[0]));
+  fiat_25519_uint128 x14 = ((fiat_25519_uint128)(arg1[2]) * (arg2[2]));
+  fiat_25519_uint128 x15 = ((fiat_25519_uint128)(arg1[2]) * (arg2[1]));
+  fiat_25519_uint128 x16 = ((fiat_25519_uint128)(arg1[2]) * (arg2[0]));
+  fiat_25519_uint128 x17 = ((fiat_25519_uint128)(arg1[1]) * (arg2[3]));
+  fiat_25519_uint128 x18 = ((fiat_25519_uint128)(arg1[1]) * (arg2[2]));
+  fiat_25519_uint128 x19 = ((fiat_25519_uint128)(arg1[1]) * (arg2[1]));
+  fiat_25519_uint128 x20 = ((fiat_25519_uint128)(arg1[1]) * (arg2[0]));
+  fiat_25519_uint128 x21 = ((fiat_25519_uint128)(arg1[0]) * (arg2[4]));
+  fiat_25519_uint128 x22 = ((fiat_25519_uint128)(arg1[0]) * (arg2[3]));
+  fiat_25519_uint128 x23 = ((fiat_25519_uint128)(arg1[0]) * (arg2[2]));
+  fiat_25519_uint128 x24 = ((fiat_25519_uint128)(arg1[0]) * (arg2[1]));
+  fiat_25519_uint128 x25 = ((fiat_25519_uint128)(arg1[0]) * (arg2[0]));
+  fiat_25519_uint128 x26 = (x25 + (x10 + (x9 + (x7 + x4))));
+  uint64_t x27 = (uint64_t)(x26 >> 51);
+  uint64_t x28 = (uint64_t)(x26 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x29 = (x21 + (x17 + (x14 + (x12 + x11))));
+  fiat_25519_uint128 x30 = (x22 + (x18 + (x15 + (x13 + x1))));
+  fiat_25519_uint128 x31 = (x23 + (x19 + (x16 + (x5 + x2))));
+  fiat_25519_uint128 x32 = (x24 + (x20 + (x8 + (x6 + x3))));
+  fiat_25519_uint128 x33 = (x27 + x32);
+  uint64_t x34 = (uint64_t)(x33 >> 51);
+  uint64_t x35 = (uint64_t)(x33 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x36 = (x34 + x31);
+  uint64_t x37 = (uint64_t)(x36 >> 51);
+  uint64_t x38 = (uint64_t)(x36 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x39 = (x37 + x30);
+  uint64_t x40 = (uint64_t)(x39 >> 51);
+  uint64_t x41 = (uint64_t)(x39 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x42 = (x40 + x29);
+  uint64_t x43 = (uint64_t)(x42 >> 51);
+  uint64_t x44 = (uint64_t)(x42 & UINT64_C(0x7ffffffffffff));
+  uint64_t x45 = (x43 * (uint64_t)UINT8_C(0x13));
+  uint64_t x46 = (x28 + x45);
+  uint64_t x47 = (x46 >> 51);
+  uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff));
+  uint64_t x49 = (x47 + x35);
+  uint64_t x50 = (x49 >> 51);
+  uint64_t x51 = (x49 & UINT64_C(0x7ffffffffffff));
+  uint64_t x52 = (x50 + x38);
+  out1[0] = x48;
+  out1[1] = x51;
+  out1[2] = x52;
+  out1[3] = x41;
+  out1[4] = x44;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ */
+static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) {
+  uint64_t x1 = ((arg1[4]) * (uint64_t)UINT8_C(0x13));
+  uint64_t x2 = (x1 * (uint64_t)0x2);
+  uint64_t x3 = ((arg1[4]) * (uint64_t)0x2);
+  uint64_t x4 = ((arg1[3]) * (uint64_t)UINT8_C(0x13));
+  uint64_t x5 = (x4 * (uint64_t)0x2);
+  uint64_t x6 = ((arg1[3]) * (uint64_t)0x2);
+  uint64_t x7 = ((arg1[2]) * (uint64_t)0x2);
+  uint64_t x8 = ((arg1[1]) * (uint64_t)0x2);
+  fiat_25519_uint128 x9 = ((fiat_25519_uint128)(arg1[4]) * x1);
+  fiat_25519_uint128 x10 = ((fiat_25519_uint128)(arg1[3]) * x2);
+  fiat_25519_uint128 x11 = ((fiat_25519_uint128)(arg1[3]) * x4);
+  fiat_25519_uint128 x12 = ((fiat_25519_uint128)(arg1[2]) * x2);
+  fiat_25519_uint128 x13 = ((fiat_25519_uint128)(arg1[2]) * x5);
+  fiat_25519_uint128 x14 = ((fiat_25519_uint128)(arg1[2]) * (arg1[2]));
+  fiat_25519_uint128 x15 = ((fiat_25519_uint128)(arg1[1]) * x2);
+  fiat_25519_uint128 x16 = ((fiat_25519_uint128)(arg1[1]) * x6);
+  fiat_25519_uint128 x17 = ((fiat_25519_uint128)(arg1[1]) * x7);
+  fiat_25519_uint128 x18 = ((fiat_25519_uint128)(arg1[1]) * (arg1[1]));
+  fiat_25519_uint128 x19 = ((fiat_25519_uint128)(arg1[0]) * x3);
+  fiat_25519_uint128 x20 = ((fiat_25519_uint128)(arg1[0]) * x6);
+  fiat_25519_uint128 x21 = ((fiat_25519_uint128)(arg1[0]) * x7);
+  fiat_25519_uint128 x22 = ((fiat_25519_uint128)(arg1[0]) * x8);
+  fiat_25519_uint128 x23 = ((fiat_25519_uint128)(arg1[0]) * (arg1[0]));
+  fiat_25519_uint128 x24 = (x23 + (x15 + x13));
+  uint64_t x25 = (uint64_t)(x24 >> 51);
+  uint64_t x26 = (uint64_t)(x24 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x27 = (x19 + (x16 + x14));
+  fiat_25519_uint128 x28 = (x20 + (x17 + x9));
+  fiat_25519_uint128 x29 = (x21 + (x18 + x10));
+  fiat_25519_uint128 x30 = (x22 + (x12 + x11));
+  fiat_25519_uint128 x31 = (x25 + x30);
+  uint64_t x32 = (uint64_t)(x31 >> 51);
+  uint64_t x33 = (uint64_t)(x31 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x34 = (x32 + x29);
+  uint64_t x35 = (uint64_t)(x34 >> 51);
+  uint64_t x36 = (uint64_t)(x34 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x37 = (x35 + x28);
+  uint64_t x38 = (uint64_t)(x37 >> 51);
+  uint64_t x39 = (uint64_t)(x37 & UINT64_C(0x7ffffffffffff));
+  fiat_25519_uint128 x40 = (x38 + x27);
+  uint64_t x41 = (uint64_t)(x40 >> 51);
+  uint64_t x42 = (uint64_t)(x40 & UINT64_C(0x7ffffffffffff));
+  uint64_t x43 = (x41 * (uint64_t)UINT8_C(0x13));
+  uint64_t x44 = (x26 + x43);
+  uint64_t x45 = (x44 >> 51);
+  uint64_t x46 = (x44 & UINT64_C(0x7ffffffffffff));
+  uint64_t x47 = (x45 + x33);
+  uint64_t x48 = (x47 >> 51);
+  uint64_t x49 = (x47 & UINT64_C(0x7ffffffffffff));
+  uint64_t x50 = (x48 + x36);
+  out1[0] = x46;
+  out1[1] = x49;
+  out1[2] = x50;
+  out1[3] = x39;
+  out1[4] = x42;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ */
+static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) {
+  uint64_t x1 = (arg1[0]);
+  uint64_t x2 = ((x1 >> 51) + (arg1[1]));
+  uint64_t x3 = ((x2 >> 51) + (arg1[2]));
+  uint64_t x4 = ((x3 >> 51) + (arg1[3]));
+  uint64_t x5 = ((x4 >> 51) + (arg1[4]));
+  uint64_t x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) * (uint64_t)UINT8_C(0x13)));
+  uint64_t x7 = ((x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff)));
+  uint64_t x8 = (x6 & UINT64_C(0x7ffffffffffff));
+  uint64_t x9 = (x7 & UINT64_C(0x7ffffffffffff));
+  uint64_t x10 = ((x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff)));
+  uint64_t x11 = (x4 & UINT64_C(0x7ffffffffffff));
+  uint64_t x12 = (x5 & UINT64_C(0x7ffffffffffff));
+  out1[0] = x8;
+  out1[1] = x9;
+  out1[2] = x10;
+  out1[3] = x11;
+  out1[4] = x12;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ *   arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ */
+static void fiat_25519_add(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
+  uint64_t x1 = ((arg1[0]) + (arg2[0]));
+  uint64_t x2 = ((arg1[1]) + (arg2[1]));
+  uint64_t x3 = ((arg1[2]) + (arg2[2]));
+  uint64_t x4 = ((arg1[3]) + (arg2[3]));
+  uint64_t x5 = ((arg1[4]) + (arg2[4]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ *   arg2: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ */
+static void fiat_25519_sub(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) {
+  uint64_t x1 = ((UINT64_C(0xfffffffffffda) + (arg1[0])) - (arg2[0]));
+  uint64_t x2 = ((UINT64_C(0xffffffffffffe) + (arg1[1])) - (arg2[1]));
+  uint64_t x3 = ((UINT64_C(0xffffffffffffe) + (arg1[2])) - (arg2[2]));
+  uint64_t x4 = ((UINT64_C(0xffffffffffffe) + (arg1[3])) - (arg2[3]));
+  uint64_t x5 = ((UINT64_C(0xffffffffffffe) + (arg1[4])) - (arg2[4]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664], [0x0 ~> 0x1a666666666664]]
+ */
+static void fiat_25519_opp(uint64_t out1[5], const uint64_t arg1[5]) {
+  uint64_t x1 = (UINT64_C(0xfffffffffffda) - (arg1[0]));
+  uint64_t x2 = (UINT64_C(0xffffffffffffe) - (arg1[1]));
+  uint64_t x3 = (UINT64_C(0xffffffffffffe) - (arg1[2]));
+  uint64_t x4 = (UINT64_C(0xffffffffffffe) - (arg1[3]));
+  uint64_t x5 = (UINT64_C(0xffffffffffffe) - (arg1[4]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
+ */
+static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) {
+  uint64_t x1;
+  fiat_25519_uint1 x2;
+  fiat_25519_subborrowx_u51(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0x7ffffffffffed));
+  uint64_t x3;
+  fiat_25519_uint1 x4;
+  fiat_25519_subborrowx_u51(&x3, &x4, x2, (arg1[1]), UINT64_C(0x7ffffffffffff));
+  uint64_t x5;
+  fiat_25519_uint1 x6;
+  fiat_25519_subborrowx_u51(&x5, &x6, x4, (arg1[2]), UINT64_C(0x7ffffffffffff));
+  uint64_t x7;
+  fiat_25519_uint1 x8;
+  fiat_25519_subborrowx_u51(&x7, &x8, x6, (arg1[3]), UINT64_C(0x7ffffffffffff));
+  uint64_t x9;
+  fiat_25519_uint1 x10;
+  fiat_25519_subborrowx_u51(&x9, &x10, x8, (arg1[4]), UINT64_C(0x7ffffffffffff));
+  uint64_t x11;
+  fiat_25519_cmovznz_u64(&x11, x10, 0x0, UINT64_C(0xffffffffffffffff));
+  uint64_t x12;
+  fiat_25519_uint1 x13;
+  fiat_25519_addcarryx_u51(&x12, &x13, 0x0, (x11 & UINT64_C(0x7ffffffffffed)), x1);
+  uint64_t x14;
+  fiat_25519_uint1 x15;
+  fiat_25519_addcarryx_u51(&x14, &x15, x13, (x11 & UINT64_C(0x7ffffffffffff)), x3);
+  uint64_t x16;
+  fiat_25519_uint1 x17;
+  fiat_25519_addcarryx_u51(&x16, &x17, x15, (x11 & UINT64_C(0x7ffffffffffff)), x5);
+  uint64_t x18;
+  fiat_25519_uint1 x19;
+  fiat_25519_addcarryx_u51(&x18, &x19, x17, (x11 & UINT64_C(0x7ffffffffffff)), x7);
+  uint64_t x20;
+  fiat_25519_uint1 x21;
+  fiat_25519_addcarryx_u51(&x20, &x21, x19, (x11 & UINT64_C(0x7ffffffffffff)), x9);
+  uint64_t x22 = (x20 << 4);
+  uint64_t x23 = (x18 * (uint64_t)0x2);
+  uint64_t x24 = (x16 << 6);
+  uint64_t x25 = (x14 << 3);
+  uint64_t x26 = (x12 >> 8);
+  uint8_t x27 = (uint8_t)(x12 & UINT8_C(0xff));
+  uint64_t x28 = (x26 >> 8);
+  uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff));
+  uint64_t x30 = (x28 >> 8);
+  uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff));
+  uint64_t x32 = (x30 >> 8);
+  uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff));
+  uint64_t x34 = (x32 >> 8);
+  uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff));
+  uint8_t x36 = (uint8_t)(x34 >> 8);
+  uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff));
+  uint64_t x38 = (x36 + x25);
+  uint64_t x39 = (x38 >> 8);
+  uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff));
+  uint64_t x41 = (x39 >> 8);
+  uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff));
+  uint64_t x43 = (x41 >> 8);
+  uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff));
+  uint64_t x45 = (x43 >> 8);
+  uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff));
+  uint64_t x47 = (x45 >> 8);
+  uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff));
+  uint8_t x49 = (uint8_t)(x47 >> 8);
+  uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff));
+  uint64_t x51 = (x49 + x24);
+  uint64_t x52 = (x51 >> 8);
+  uint8_t x53 = (uint8_t)(x51 & UINT8_C(0xff));
+  uint64_t x54 = (x52 >> 8);
+  uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff));
+  uint64_t x56 = (x54 >> 8);
+  uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff));
+  uint64_t x58 = (x56 >> 8);
+  uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff));
+  uint64_t x60 = (x58 >> 8);
+  uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff));
+  uint64_t x62 = (x60 >> 8);
+  uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff));
+  fiat_25519_uint1 x64 = (fiat_25519_uint1)(x62 >> 8);
+  uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff));
+  uint64_t x66 = (x64 + x23);
+  uint64_t x67 = (x66 >> 8);
+  uint8_t x68 = (uint8_t)(x66 & UINT8_C(0xff));
+  uint64_t x69 = (x67 >> 8);
+  uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff));
+  uint64_t x71 = (x69 >> 8);
+  uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff));
+  uint64_t x73 = (x71 >> 8);
+  uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff));
+  uint64_t x75 = (x73 >> 8);
+  uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff));
+  uint8_t x77 = (uint8_t)(x75 >> 8);
+  uint8_t x78 = (uint8_t)(x75 & UINT8_C(0xff));
+  uint64_t x79 = (x77 + x22);
+  uint64_t x80 = (x79 >> 8);
+  uint8_t x81 = (uint8_t)(x79 & UINT8_C(0xff));
+  uint64_t x82 = (x80 >> 8);
+  uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff));
+  uint64_t x84 = (x82 >> 8);
+  uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff));
+  uint64_t x86 = (x84 >> 8);
+  uint8_t x87 = (uint8_t)(x84 & UINT8_C(0xff));
+  uint64_t x88 = (x86 >> 8);
+  uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff));
+  uint8_t x90 = (uint8_t)(x88 >> 8);
+  uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff));
+  out1[0] = x27;
+  out1[1] = x29;
+  out1[2] = x31;
+  out1[3] = x33;
+  out1[4] = x35;
+  out1[5] = x37;
+  out1[6] = x40;
+  out1[7] = x42;
+  out1[8] = x44;
+  out1[9] = x46;
+  out1[10] = x48;
+  out1[11] = x50;
+  out1[12] = x53;
+  out1[13] = x55;
+  out1[14] = x57;
+  out1[15] = x59;
+  out1[16] = x61;
+  out1[17] = x63;
+  out1[18] = x65;
+  out1[19] = x68;
+  out1[20] = x70;
+  out1[21] = x72;
+  out1[22] = x74;
+  out1[23] = x76;
+  out1[24] = x78;
+  out1[25] = x81;
+  out1[26] = x83;
+  out1[27] = x85;
+  out1[28] = x87;
+  out1[29] = x89;
+  out1[30] = x91;
+  out1[31] = x90;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc], [0x0 ~> 0x8cccccccccccc]]
+ */
+static void fiat_25519_from_bytes(uint64_t out1[5], const uint8_t arg1[32]) {
+  uint64_t x1 = ((uint64_t)(arg1[31]) << 44);
+  uint64_t x2 = ((uint64_t)(arg1[30]) << 36);
+  uint64_t x3 = ((uint64_t)(arg1[29]) << 28);
+  uint64_t x4 = ((uint64_t)(arg1[28]) << 20);
+  uint64_t x5 = ((uint64_t)(arg1[27]) << 12);
+  uint64_t x6 = ((uint64_t)(arg1[26]) << 4);
+  uint64_t x7 = ((uint64_t)(arg1[25]) << 47);
+  uint64_t x8 = ((uint64_t)(arg1[24]) << 39);
+  uint64_t x9 = ((uint64_t)(arg1[23]) << 31);
+  uint64_t x10 = ((uint64_t)(arg1[22]) << 23);
+  uint64_t x11 = ((uint64_t)(arg1[21]) << 15);
+  uint64_t x12 = ((uint64_t)(arg1[20]) << 7);
+  uint64_t x13 = ((uint64_t)(arg1[19]) << 50);
+  uint64_t x14 = ((uint64_t)(arg1[18]) << 42);
+  uint64_t x15 = ((uint64_t)(arg1[17]) << 34);
+  uint64_t x16 = ((uint64_t)(arg1[16]) << 26);
+  uint64_t x17 = ((uint64_t)(arg1[15]) << 18);
+  uint64_t x18 = ((uint64_t)(arg1[14]) << 10);
+  uint64_t x19 = ((uint64_t)(arg1[13]) << 2);
+  uint64_t x20 = ((uint64_t)(arg1[12]) << 45);
+  uint64_t x21 = ((uint64_t)(arg1[11]) << 37);
+  uint64_t x22 = ((uint64_t)(arg1[10]) << 29);
+  uint64_t x23 = ((uint64_t)(arg1[9]) << 21);
+  uint64_t x24 = ((uint64_t)(arg1[8]) << 13);
+  uint64_t x25 = ((uint64_t)(arg1[7]) << 5);
+  uint64_t x26 = ((uint64_t)(arg1[6]) << 48);
+  uint64_t x27 = ((uint64_t)(arg1[5]) << 40);
+  uint64_t x28 = ((uint64_t)(arg1[4]) << 32);
+  uint64_t x29 = ((uint64_t)(arg1[3]) << 24);
+  uint64_t x30 = ((uint64_t)(arg1[2]) << 16);
+  uint64_t x31 = ((uint64_t)(arg1[1]) << 8);
+  uint8_t x32 = (arg1[0]);
+  uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + x26))))));
+  uint8_t x34 = (uint8_t)(x33 >> 51);
+  uint64_t x35 = (x33 & UINT64_C(0x7ffffffffffff));
+  uint64_t x36 = (x6 + (x5 + (x4 + (x3 + (x2 + x1)))));
+  uint64_t x37 = (x12 + (x11 + (x10 + (x9 + (x8 + x7)))));
+  uint64_t x38 = (x19 + (x18 + (x17 + (x16 + (x15 + (x14 + x13))))));
+  uint64_t x39 = (x25 + (x24 + (x23 + (x22 + (x21 + x20)))));
+  uint64_t x40 = (x34 + x39);
+  uint8_t x41 = (uint8_t)(x40 >> 51);
+  uint64_t x42 = (x40 & UINT64_C(0x7ffffffffffff));
+  uint64_t x43 = (x41 + x38);
+  uint8_t x44 = (uint8_t)(x43 >> 51);
+  uint64_t x45 = (x43 & UINT64_C(0x7ffffffffffff));
+  uint64_t x46 = (x44 + x37);
+  uint8_t x47 = (uint8_t)(x46 >> 51);
+  uint64_t x48 = (x46 & UINT64_C(0x7ffffffffffff));
+  uint64_t x49 = (x47 + x36);
+  out1[0] = x35;
+  out1[1] = x42;
+  out1[2] = x45;
+  out1[3] = x48;
+  out1[4] = x49;
+}
+
+#else /* defined(BORINGSSL_CURVE25519_64BIT) */
+
+/* Autogenerated */
+/* curve description: 25519 */
+/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */
+/* n = 10 (from "10") */
+/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */
+/* c = [(1, 19)] (from "1,19") */
+/* machine_wordsize = 32 (from "32") */
+
+#include <stdint.h>
+typedef unsigned char fiat_25519_uint1;
+typedef signed char fiat_25519_int1;
+
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x3ffffff]
+ *   arg3: [0x0 ~> 0x3ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x3ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  uint32_t x1 = ((arg1 + arg2) + arg3);
+  uint32_t x2 = (x1 & UINT32_C(0x3ffffff));
+  fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 26);
+  *out1 = x2;
+  *out2 = x3;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x3ffffff]
+ *   arg3: [0x0 ~> 0x3ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x3ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
+  fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 26);
+  uint32_t x3 = (x1 & UINT32_C(0x3ffffff));
+  *out1 = x3;
+  *out2 = (fiat_25519_uint1)(0x0 - x2);
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x1ffffff]
+ *   arg3: [0x0 ~> 0x1ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x1ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  uint32_t x1 = ((arg1 + arg2) + arg3);
+  uint32_t x2 = (x1 & UINT32_C(0x1ffffff));
+  fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 25);
+  *out1 = x2;
+  *out2 = x3;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x1ffffff]
+ *   arg3: [0x0 ~> 0x1ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x1ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
+  fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 25);
+  uint32_t x3 = (x1 & UINT32_C(0x1ffffff));
+  *out1 = x3;
+  *out2 = (fiat_25519_uint1)(0x0 - x2);
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0xffffffff]
+ *   arg3: [0x0 ~> 0xffffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0xffffffff]
+ */
+static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  fiat_25519_uint1 x1 = (!(!arg1));
+  uint32_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff));
+  uint32_t x3 = ((x2 & arg3) | ((~x2) & arg2));
+  *out1 = x3;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ *   arg2: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
+  uint64_t x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x46 = ((uint64_t)(arg1[9]) * (arg2[0]));
+  uint64_t x47 = ((uint64_t)(arg1[8]) * (arg2[1]));
+  uint64_t x48 = ((uint64_t)(arg1[8]) * (arg2[0]));
+  uint64_t x49 = ((uint64_t)(arg1[7]) * (arg2[2]));
+  uint64_t x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x51 = ((uint64_t)(arg1[7]) * (arg2[0]));
+  uint64_t x52 = ((uint64_t)(arg1[6]) * (arg2[3]));
+  uint64_t x53 = ((uint64_t)(arg1[6]) * (arg2[2]));
+  uint64_t x54 = ((uint64_t)(arg1[6]) * (arg2[1]));
+  uint64_t x55 = ((uint64_t)(arg1[6]) * (arg2[0]));
+  uint64_t x56 = ((uint64_t)(arg1[5]) * (arg2[4]));
+  uint64_t x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * (uint32_t)0x2));
+  uint64_t x58 = ((uint64_t)(arg1[5]) * (arg2[2]));
+  uint64_t x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x60 = ((uint64_t)(arg1[5]) * (arg2[0]));
+  uint64_t x61 = ((uint64_t)(arg1[4]) * (arg2[5]));
+  uint64_t x62 = ((uint64_t)(arg1[4]) * (arg2[4]));
+  uint64_t x63 = ((uint64_t)(arg1[4]) * (arg2[3]));
+  uint64_t x64 = ((uint64_t)(arg1[4]) * (arg2[2]));
+  uint64_t x65 = ((uint64_t)(arg1[4]) * (arg2[1]));
+  uint64_t x66 = ((uint64_t)(arg1[4]) * (arg2[0]));
+  uint64_t x67 = ((uint64_t)(arg1[3]) * (arg2[6]));
+  uint64_t x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * (uint32_t)0x2));
+  uint64_t x69 = ((uint64_t)(arg1[3]) * (arg2[4]));
+  uint64_t x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * (uint32_t)0x2));
+  uint64_t x71 = ((uint64_t)(arg1[3]) * (arg2[2]));
+  uint64_t x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x73 = ((uint64_t)(arg1[3]) * (arg2[0]));
+  uint64_t x74 = ((uint64_t)(arg1[2]) * (arg2[7]));
+  uint64_t x75 = ((uint64_t)(arg1[2]) * (arg2[6]));
+  uint64_t x76 = ((uint64_t)(arg1[2]) * (arg2[5]));
+  uint64_t x77 = ((uint64_t)(arg1[2]) * (arg2[4]));
+  uint64_t x78 = ((uint64_t)(arg1[2]) * (arg2[3]));
+  uint64_t x79 = ((uint64_t)(arg1[2]) * (arg2[2]));
+  uint64_t x80 = ((uint64_t)(arg1[2]) * (arg2[1]));
+  uint64_t x81 = ((uint64_t)(arg1[2]) * (arg2[0]));
+  uint64_t x82 = ((uint64_t)(arg1[1]) * (arg2[8]));
+  uint64_t x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * (uint32_t)0x2));
+  uint64_t x84 = ((uint64_t)(arg1[1]) * (arg2[6]));
+  uint64_t x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * (uint32_t)0x2));
+  uint64_t x86 = ((uint64_t)(arg1[1]) * (arg2[4]));
+  uint64_t x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * (uint32_t)0x2));
+  uint64_t x88 = ((uint64_t)(arg1[1]) * (arg2[2]));
+  uint64_t x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x90 = ((uint64_t)(arg1[1]) * (arg2[0]));
+  uint64_t x91 = ((uint64_t)(arg1[0]) * (arg2[9]));
+  uint64_t x92 = ((uint64_t)(arg1[0]) * (arg2[8]));
+  uint64_t x93 = ((uint64_t)(arg1[0]) * (arg2[7]));
+  uint64_t x94 = ((uint64_t)(arg1[0]) * (arg2[6]));
+  uint64_t x95 = ((uint64_t)(arg1[0]) * (arg2[5]));
+  uint64_t x96 = ((uint64_t)(arg1[0]) * (arg2[4]));
+  uint64_t x97 = ((uint64_t)(arg1[0]) * (arg2[3]));
+  uint64_t x98 = ((uint64_t)(arg1[0]) * (arg2[2]));
+  uint64_t x99 = ((uint64_t)(arg1[0]) * (arg2[1]));
+  uint64_t x100 = ((uint64_t)(arg1[0]) * (arg2[0]));
+  uint64_t x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9)))))))));
+  uint64_t x102 = (x101 >> 26);
+  uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
+  uint64_t x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46)))))))));
+  uint64_t x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1)))))))));
+  uint64_t x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2)))))))));
+  uint64_t x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3)))))))));
+  uint64_t x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4)))))))));
+  uint64_t x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5)))))))));
+  uint64_t x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6)))))))));
+  uint64_t x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7)))))))));
+  uint64_t x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8)))))))));
+  uint64_t x113 = (x102 + x112);
+  uint64_t x114 = (x113 >> 25);
+  uint32_t x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff));
+  uint64_t x116 = (x114 + x111);
+  uint64_t x117 = (x116 >> 26);
+  uint32_t x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff));
+  uint64_t x119 = (x117 + x110);
+  uint64_t x120 = (x119 >> 25);
+  uint32_t x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff));
+  uint64_t x122 = (x120 + x109);
+  uint64_t x123 = (x122 >> 26);
+  uint32_t x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff));
+  uint64_t x125 = (x123 + x108);
+  uint64_t x126 = (x125 >> 25);
+  uint32_t x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff));
+  uint64_t x128 = (x126 + x107);
+  uint64_t x129 = (x128 >> 26);
+  uint32_t x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff));
+  uint64_t x131 = (x129 + x106);
+  uint64_t x132 = (x131 >> 25);
+  uint32_t x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff));
+  uint64_t x134 = (x132 + x105);
+  uint64_t x135 = (x134 >> 26);
+  uint32_t x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff));
+  uint64_t x137 = (x135 + x104);
+  uint64_t x138 = (x137 >> 25);
+  uint32_t x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff));
+  uint64_t x140 = (x138 * (uint64_t)UINT8_C(0x13));
+  uint64_t x141 = (x103 + x140);
+  uint32_t x142 = (uint32_t)(x141 >> 26);
+  uint32_t x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff));
+  uint32_t x144 = (x142 + x115);
+  uint32_t x145 = (x144 >> 25);
+  uint32_t x146 = (x144 & UINT32_C(0x1ffffff));
+  uint32_t x147 = (x145 + x118);
+  out1[0] = x143;
+  out1[1] = x146;
+  out1[2] = x147;
+  out1[3] = x121;
+  out1[4] = x124;
+  out1[5] = x127;
+  out1[6] = x130;
+  out1[7] = x133;
+  out1[8] = x136;
+  out1[9] = x139;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint32_t x1 = ((arg1[9]) * (uint32_t)UINT8_C(0x13));
+  uint32_t x2 = (x1 * (uint32_t)0x2);
+  uint32_t x3 = ((arg1[9]) * (uint32_t)0x2);
+  uint32_t x4 = ((arg1[8]) * (uint32_t)UINT8_C(0x13));
+  uint64_t x5 = (x4 * (uint64_t)0x2);
+  uint32_t x6 = ((arg1[8]) * (uint32_t)0x2);
+  uint32_t x7 = ((arg1[7]) * (uint32_t)UINT8_C(0x13));
+  uint32_t x8 = (x7 * (uint32_t)0x2);
+  uint32_t x9 = ((arg1[7]) * (uint32_t)0x2);
+  uint32_t x10 = ((arg1[6]) * (uint32_t)UINT8_C(0x13));
+  uint64_t x11 = (x10 * (uint64_t)0x2);
+  uint32_t x12 = ((arg1[6]) * (uint32_t)0x2);
+  uint32_t x13 = ((arg1[5]) * (uint32_t)UINT8_C(0x13));
+  uint32_t x14 = ((arg1[5]) * (uint32_t)0x2);
+  uint32_t x15 = ((arg1[4]) * (uint32_t)0x2);
+  uint32_t x16 = ((arg1[3]) * (uint32_t)0x2);
+  uint32_t x17 = ((arg1[2]) * (uint32_t)0x2);
+  uint32_t x18 = ((arg1[1]) * (uint32_t)0x2);
+  uint64_t x19 = ((uint64_t)(arg1[9]) * (x1 * (uint32_t)0x2));
+  uint64_t x20 = ((uint64_t)(arg1[8]) * x2);
+  uint64_t x21 = ((uint64_t)(arg1[8]) * x4);
+  uint64_t x22 = ((arg1[7]) * (x2 * (uint64_t)0x2));
+  uint64_t x23 = ((arg1[7]) * x5);
+  uint64_t x24 = ((uint64_t)(arg1[7]) * (x7 * (uint32_t)0x2));
+  uint64_t x25 = ((uint64_t)(arg1[6]) * x2);
+  uint64_t x26 = ((arg1[6]) * x5);
+  uint64_t x27 = ((uint64_t)(arg1[6]) * x8);
+  uint64_t x28 = ((uint64_t)(arg1[6]) * x10);
+  uint64_t x29 = ((arg1[5]) * (x2 * (uint64_t)0x2));
+  uint64_t x30 = ((arg1[5]) * x5);
+  uint64_t x31 = ((arg1[5]) * (x8 * (uint64_t)0x2));
+  uint64_t x32 = ((arg1[5]) * x11);
+  uint64_t x33 = ((uint64_t)(arg1[5]) * (x13 * (uint32_t)0x2));
+  uint64_t x34 = ((uint64_t)(arg1[4]) * x2);
+  uint64_t x35 = ((arg1[4]) * x5);
+  uint64_t x36 = ((uint64_t)(arg1[4]) * x8);
+  uint64_t x37 = ((arg1[4]) * x11);
+  uint64_t x38 = ((uint64_t)(arg1[4]) * x14);
+  uint64_t x39 = ((uint64_t)(arg1[4]) * (arg1[4]));
+  uint64_t x40 = ((arg1[3]) * (x2 * (uint64_t)0x2));
+  uint64_t x41 = ((arg1[3]) * x5);
+  uint64_t x42 = ((arg1[3]) * (x8 * (uint64_t)0x2));
+  uint64_t x43 = ((uint64_t)(arg1[3]) * x12);
+  uint64_t x44 = ((uint64_t)(arg1[3]) * (x14 * (uint32_t)0x2));
+  uint64_t x45 = ((uint64_t)(arg1[3]) * x15);
+  uint64_t x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * (uint32_t)0x2));
+  uint64_t x47 = ((uint64_t)(arg1[2]) * x2);
+  uint64_t x48 = ((arg1[2]) * x5);
+  uint64_t x49 = ((uint64_t)(arg1[2]) * x9);
+  uint64_t x50 = ((uint64_t)(arg1[2]) * x12);
+  uint64_t x51 = ((uint64_t)(arg1[2]) * x14);
+  uint64_t x52 = ((uint64_t)(arg1[2]) * x15);
+  uint64_t x53 = ((uint64_t)(arg1[2]) * x16);
+  uint64_t x54 = ((uint64_t)(arg1[2]) * (arg1[2]));
+  uint64_t x55 = ((arg1[1]) * (x2 * (uint64_t)0x2));
+  uint64_t x56 = ((uint64_t)(arg1[1]) * x6);
+  uint64_t x57 = ((uint64_t)(arg1[1]) * (x9 * (uint32_t)0x2));
+  uint64_t x58 = ((uint64_t)(arg1[1]) * x12);
+  uint64_t x59 = ((uint64_t)(arg1[1]) * (x14 * (uint32_t)0x2));
+  uint64_t x60 = ((uint64_t)(arg1[1]) * x15);
+  uint64_t x61 = ((uint64_t)(arg1[1]) * (x16 * (uint32_t)0x2));
+  uint64_t x62 = ((uint64_t)(arg1[1]) * x17);
+  uint64_t x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * (uint32_t)0x2));
+  uint64_t x64 = ((uint64_t)(arg1[0]) * x3);
+  uint64_t x65 = ((uint64_t)(arg1[0]) * x6);
+  uint64_t x66 = ((uint64_t)(arg1[0]) * x9);
+  uint64_t x67 = ((uint64_t)(arg1[0]) * x12);
+  uint64_t x68 = ((uint64_t)(arg1[0]) * x14);
+  uint64_t x69 = ((uint64_t)(arg1[0]) * x15);
+  uint64_t x70 = ((uint64_t)(arg1[0]) * x16);
+  uint64_t x71 = ((uint64_t)(arg1[0]) * x17);
+  uint64_t x72 = ((uint64_t)(arg1[0]) * x18);
+  uint64_t x73 = ((uint64_t)(arg1[0]) * (arg1[0]));
+  uint64_t x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33)))));
+  uint64_t x75 = (x74 >> 26);
+  uint32_t x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff));
+  uint64_t x77 = (x64 + (x56 + (x49 + (x43 + x38))));
+  uint64_t x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19)))));
+  uint64_t x79 = (x66 + (x58 + (x51 + (x45 + x20))));
+  uint64_t x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21)))));
+  uint64_t x81 = (x68 + (x60 + (x53 + (x25 + x23))));
+  uint64_t x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24)))));
+  uint64_t x83 = (x70 + (x62 + (x34 + (x30 + x27))));
+  uint64_t x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28)))));
+  uint64_t x85 = (x72 + (x47 + (x41 + (x36 + x32))));
+  uint64_t x86 = (x75 + x85);
+  uint64_t x87 = (x86 >> 25);
+  uint32_t x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff));
+  uint64_t x89 = (x87 + x84);
+  uint64_t x90 = (x89 >> 26);
+  uint32_t x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff));
+  uint64_t x92 = (x90 + x83);
+  uint64_t x93 = (x92 >> 25);
+  uint32_t x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff));
+  uint64_t x95 = (x93 + x82);
+  uint64_t x96 = (x95 >> 26);
+  uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff));
+  uint64_t x98 = (x96 + x81);
+  uint64_t x99 = (x98 >> 25);
+  uint32_t x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff));
+  uint64_t x101 = (x99 + x80);
+  uint64_t x102 = (x101 >> 26);
+  uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
+  uint64_t x104 = (x102 + x79);
+  uint64_t x105 = (x104 >> 25);
+  uint32_t x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff));
+  uint64_t x107 = (x105 + x78);
+  uint64_t x108 = (x107 >> 26);
+  uint32_t x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff));
+  uint64_t x110 = (x108 + x77);
+  uint64_t x111 = (x110 >> 25);
+  uint32_t x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff));
+  uint64_t x113 = (x111 * (uint64_t)UINT8_C(0x13));
+  uint64_t x114 = (x76 + x113);
+  uint32_t x115 = (uint32_t)(x114 >> 26);
+  uint32_t x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff));
+  uint32_t x117 = (x115 + x88);
+  uint32_t x118 = (x117 >> 25);
+  uint32_t x119 = (x117 & UINT32_C(0x1ffffff));
+  uint32_t x120 = (x118 + x91);
+  out1[0] = x116;
+  out1[1] = x119;
+  out1[2] = x120;
+  out1[3] = x94;
+  out1[4] = x97;
+  out1[5] = x100;
+  out1[6] = x103;
+  out1[7] = x106;
+  out1[8] = x109;
+  out1[9] = x112;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint32_t x1 = (arg1[0]);
+  uint32_t x2 = ((x1 >> 26) + (arg1[1]));
+  uint32_t x3 = ((x2 >> 25) + (arg1[2]));
+  uint32_t x4 = ((x3 >> 26) + (arg1[3]));
+  uint32_t x5 = ((x4 >> 25) + (arg1[4]));
+  uint32_t x6 = ((x5 >> 26) + (arg1[5]));
+  uint32_t x7 = ((x6 >> 25) + (arg1[6]));
+  uint32_t x8 = ((x7 >> 26) + (arg1[7]));
+  uint32_t x9 = ((x8 >> 25) + (arg1[8]));
+  uint32_t x10 = ((x9 >> 26) + (arg1[9]));
+  uint32_t x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * (uint32_t)UINT8_C(0x13)));
+  uint32_t x12 = ((x11 >> 26) + (x2 & UINT32_C(0x1ffffff)));
+  uint32_t x13 = (x11 & UINT32_C(0x3ffffff));
+  uint32_t x14 = (x12 & UINT32_C(0x1ffffff));
+  uint32_t x15 = ((x12 >> 25) + (x3 & UINT32_C(0x3ffffff)));
+  uint32_t x16 = (x4 & UINT32_C(0x1ffffff));
+  uint32_t x17 = (x5 & UINT32_C(0x3ffffff));
+  uint32_t x18 = (x6 & UINT32_C(0x1ffffff));
+  uint32_t x19 = (x7 & UINT32_C(0x3ffffff));
+  uint32_t x20 = (x8 & UINT32_C(0x1ffffff));
+  uint32_t x21 = (x9 & UINT32_C(0x3ffffff));
+  uint32_t x22 = (x10 & UINT32_C(0x1ffffff));
+  out1[0] = x13;
+  out1[1] = x14;
+  out1[2] = x15;
+  out1[3] = x16;
+  out1[4] = x17;
+  out1[5] = x18;
+  out1[6] = x19;
+  out1[7] = x20;
+  out1[8] = x21;
+  out1[9] = x22;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ *   arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ */
+static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
+  uint32_t x1 = ((arg1[0]) + (arg2[0]));
+  uint32_t x2 = ((arg1[1]) + (arg2[1]));
+  uint32_t x3 = ((arg1[2]) + (arg2[2]));
+  uint32_t x4 = ((arg1[3]) + (arg2[3]));
+  uint32_t x5 = ((arg1[4]) + (arg2[4]));
+  uint32_t x6 = ((arg1[5]) + (arg2[5]));
+  uint32_t x7 = ((arg1[6]) + (arg2[6]));
+  uint32_t x8 = ((arg1[7]) + (arg2[7]));
+  uint32_t x9 = ((arg1[8]) + (arg2[8]));
+  uint32_t x10 = ((arg1[9]) + (arg2[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ *   arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ */
+static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
+  uint32_t x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0]));
+  uint32_t x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1]));
+  uint32_t x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2]));
+  uint32_t x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3]));
+  uint32_t x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4]));
+  uint32_t x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5]));
+  uint32_t x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6]));
+  uint32_t x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7]));
+  uint32_t x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8]));
+  uint32_t x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ */
+static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint32_t x1 = (UINT32_C(0x7ffffda) - (arg1[0]));
+  uint32_t x2 = (UINT32_C(0x3fffffe) - (arg1[1]));
+  uint32_t x3 = (UINT32_C(0x7fffffe) - (arg1[2]));
+  uint32_t x4 = (UINT32_C(0x3fffffe) - (arg1[3]));
+  uint32_t x5 = (UINT32_C(0x7fffffe) - (arg1[4]));
+  uint32_t x6 = (UINT32_C(0x3fffffe) - (arg1[5]));
+  uint32_t x7 = (UINT32_C(0x7fffffe) - (arg1[6]));
+  uint32_t x8 = (UINT32_C(0x3fffffe) - (arg1[7]));
+  uint32_t x9 = (UINT32_C(0x7fffffe) - (arg1[8]));
+  uint32_t x10 = (UINT32_C(0x3fffffe) - (arg1[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
+ */
+static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) {
+  uint32_t x1;
+  fiat_25519_uint1 x2;
+  fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed));
+  uint32_t x3;
+  fiat_25519_uint1 x4;
+  fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff));
+  uint32_t x5;
+  fiat_25519_uint1 x6;
+  fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff));
+  uint32_t x7;
+  fiat_25519_uint1 x8;
+  fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff));
+  uint32_t x9;
+  fiat_25519_uint1 x10;
+  fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff));
+  uint32_t x11;
+  fiat_25519_uint1 x12;
+  fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff));
+  uint32_t x13;
+  fiat_25519_uint1 x14;
+  fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff));
+  uint32_t x15;
+  fiat_25519_uint1 x16;
+  fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff));
+  uint32_t x17;
+  fiat_25519_uint1 x18;
+  fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff));
+  uint32_t x19;
+  fiat_25519_uint1 x20;
+  fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff));
+  uint32_t x21;
+  fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff));
+  uint32_t x22;
+  fiat_25519_uint1 x23;
+  fiat_25519_addcarryx_u26(&x22, &x23, 0x0, (x21 & UINT32_C(0x3ffffed)), x1);
+  uint32_t x24;
+  fiat_25519_uint1 x25;
+  fiat_25519_addcarryx_u25(&x24, &x25, x23, (x21 & UINT32_C(0x1ffffff)), x3);
+  uint32_t x26;
+  fiat_25519_uint1 x27;
+  fiat_25519_addcarryx_u26(&x26, &x27, x25, (x21 & UINT32_C(0x3ffffff)), x5);
+  uint32_t x28;
+  fiat_25519_uint1 x29;
+  fiat_25519_addcarryx_u25(&x28, &x29, x27, (x21 & UINT32_C(0x1ffffff)), x7);
+  uint32_t x30;
+  fiat_25519_uint1 x31;
+  fiat_25519_addcarryx_u26(&x30, &x31, x29, (x21 & UINT32_C(0x3ffffff)), x9);
+  uint32_t x32;
+  fiat_25519_uint1 x33;
+  fiat_25519_addcarryx_u25(&x32, &x33, x31, (x21 & UINT32_C(0x1ffffff)), x11);
+  uint32_t x34;
+  fiat_25519_uint1 x35;
+  fiat_25519_addcarryx_u26(&x34, &x35, x33, (x21 & UINT32_C(0x3ffffff)), x13);
+  uint32_t x36;
+  fiat_25519_uint1 x37;
+  fiat_25519_addcarryx_u25(&x36, &x37, x35, (x21 & UINT32_C(0x1ffffff)), x15);
+  uint32_t x38;
+  fiat_25519_uint1 x39;
+  fiat_25519_addcarryx_u26(&x38, &x39, x37, (x21 & UINT32_C(0x3ffffff)), x17);
+  uint32_t x40;
+  fiat_25519_uint1 x41;
+  fiat_25519_addcarryx_u25(&x40, &x41, x39, (x21 & UINT32_C(0x1ffffff)), x19);
+  uint32_t x42 = (x40 << 6);
+  uint32_t x43 = (x38 << 4);
+  uint32_t x44 = (x36 << 3);
+  uint32_t x45 = (x34 * (uint32_t)0x2);
+  uint32_t x46 = (x30 << 6);
+  uint32_t x47 = (x28 << 5);
+  uint32_t x48 = (x26 << 3);
+  uint32_t x49 = (x24 << 2);
+  uint32_t x50 = (x22 >> 8);
+  uint8_t x51 = (uint8_t)(x22 & UINT8_C(0xff));
+  uint32_t x52 = (x50 >> 8);
+  uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff));
+  uint8_t x54 = (uint8_t)(x52 >> 8);
+  uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff));
+  uint32_t x56 = (x54 + x49);
+  uint32_t x57 = (x56 >> 8);
+  uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff));
+  uint32_t x59 = (x57 >> 8);
+  uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff));
+  uint8_t x61 = (uint8_t)(x59 >> 8);
+  uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff));
+  uint32_t x63 = (x61 + x48);
+  uint32_t x64 = (x63 >> 8);
+  uint8_t x65 = (uint8_t)(x63 & UINT8_C(0xff));
+  uint32_t x66 = (x64 >> 8);
+  uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff));
+  uint8_t x68 = (uint8_t)(x66 >> 8);
+  uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff));
+  uint32_t x70 = (x68 + x47);
+  uint32_t x71 = (x70 >> 8);
+  uint8_t x72 = (uint8_t)(x70 & UINT8_C(0xff));
+  uint32_t x73 = (x71 >> 8);
+  uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff));
+  uint8_t x75 = (uint8_t)(x73 >> 8);
+  uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff));
+  uint32_t x77 = (x75 + x46);
+  uint32_t x78 = (x77 >> 8);
+  uint8_t x79 = (uint8_t)(x77 & UINT8_C(0xff));
+  uint32_t x80 = (x78 >> 8);
+  uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff));
+  uint8_t x82 = (uint8_t)(x80 >> 8);
+  uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff));
+  uint8_t x84 = (uint8_t)(x82 & UINT8_C(0xff));
+  uint32_t x85 = (x32 >> 8);
+  uint8_t x86 = (uint8_t)(x32 & UINT8_C(0xff));
+  uint32_t x87 = (x85 >> 8);
+  uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff));
+  fiat_25519_uint1 x89 = (fiat_25519_uint1)(x87 >> 8);
+  uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff));
+  uint32_t x91 = (x89 + x45);
+  uint32_t x92 = (x91 >> 8);
+  uint8_t x93 = (uint8_t)(x91 & UINT8_C(0xff));
+  uint32_t x94 = (x92 >> 8);
+  uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff));
+  uint8_t x96 = (uint8_t)(x94 >> 8);
+  uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff));
+  uint32_t x98 = (x96 + x44);
+  uint32_t x99 = (x98 >> 8);
+  uint8_t x100 = (uint8_t)(x98 & UINT8_C(0xff));
+  uint32_t x101 = (x99 >> 8);
+  uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff));
+  uint8_t x103 = (uint8_t)(x101 >> 8);
+  uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff));
+  uint32_t x105 = (x103 + x43);
+  uint32_t x106 = (x105 >> 8);
+  uint8_t x107 = (uint8_t)(x105 & UINT8_C(0xff));
+  uint32_t x108 = (x106 >> 8);
+  uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff));
+  uint8_t x110 = (uint8_t)(x108 >> 8);
+  uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff));
+  uint32_t x112 = (x110 + x42);
+  uint32_t x113 = (x112 >> 8);
+  uint8_t x114 = (uint8_t)(x112 & UINT8_C(0xff));
+  uint32_t x115 = (x113 >> 8);
+  uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff));
+  uint8_t x117 = (uint8_t)(x115 >> 8);
+  uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff));
+  out1[0] = x51;
+  out1[1] = x53;
+  out1[2] = x55;
+  out1[3] = x58;
+  out1[4] = x60;
+  out1[5] = x62;
+  out1[6] = x65;
+  out1[7] = x67;
+  out1[8] = x69;
+  out1[9] = x72;
+  out1[10] = x74;
+  out1[11] = x76;
+  out1[12] = x79;
+  out1[13] = x81;
+  out1[14] = x83;
+  out1[15] = x84;
+  out1[16] = x86;
+  out1[17] = x88;
+  out1[18] = x90;
+  out1[19] = x93;
+  out1[20] = x95;
+  out1[21] = x97;
+  out1[22] = x100;
+  out1[23] = x102;
+  out1[24] = x104;
+  out1[25] = x107;
+  out1[26] = x109;
+  out1[27] = x111;
+  out1[28] = x114;
+  out1[29] = x116;
+  out1[30] = x118;
+  out1[31] = x117;
+}
+
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) {
+  uint32_t x1 = ((uint32_t)(arg1[31]) << 18);
+  uint32_t x2 = ((uint32_t)(arg1[30]) << 10);
+  uint32_t x3 = ((uint32_t)(arg1[29]) << 2);
+  uint32_t x4 = ((uint32_t)(arg1[28]) << 20);
+  uint32_t x5 = ((uint32_t)(arg1[27]) << 12);
+  uint32_t x6 = ((uint32_t)(arg1[26]) << 4);
+  uint32_t x7 = ((uint32_t)(arg1[25]) << 21);
+  uint32_t x8 = ((uint32_t)(arg1[24]) << 13);
+  uint32_t x9 = ((uint32_t)(arg1[23]) << 5);
+  uint32_t x10 = ((uint32_t)(arg1[22]) << 23);
+  uint32_t x11 = ((uint32_t)(arg1[21]) << 15);
+  uint32_t x12 = ((uint32_t)(arg1[20]) << 7);
+  uint32_t x13 = ((uint32_t)(arg1[19]) << 24);
+  uint32_t x14 = ((uint32_t)(arg1[18]) << 16);
+  uint32_t x15 = ((uint32_t)(arg1[17]) << 8);
+  uint8_t x16 = (arg1[16]);
+  uint32_t x17 = ((uint32_t)(arg1[15]) << 18);
+  uint32_t x18 = ((uint32_t)(arg1[14]) << 10);
+  uint32_t x19 = ((uint32_t)(arg1[13]) << 2);
+  uint32_t x20 = ((uint32_t)(arg1[12]) << 19);
+  uint32_t x21 = ((uint32_t)(arg1[11]) << 11);
+  uint32_t x22 = ((uint32_t)(arg1[10]) << 3);
+  uint32_t x23 = ((uint32_t)(arg1[9]) << 21);
+  uint32_t x24 = ((uint32_t)(arg1[8]) << 13);
+  uint32_t x25 = ((uint32_t)(arg1[7]) << 5);
+  uint32_t x26 = ((uint32_t)(arg1[6]) << 22);
+  uint32_t x27 = ((uint32_t)(arg1[5]) << 14);
+  uint32_t x28 = ((uint32_t)(arg1[4]) << 6);
+  uint32_t x29 = ((uint32_t)(arg1[3]) << 24);
+  uint32_t x30 = ((uint32_t)(arg1[2]) << 16);
+  uint32_t x31 = ((uint32_t)(arg1[1]) << 8);
+  uint8_t x32 = (arg1[0]);
+  uint32_t x33 = (x32 + (x31 + (x30 + x29)));
+  uint8_t x34 = (uint8_t)(x33 >> 26);
+  uint32_t x35 = (x33 & UINT32_C(0x3ffffff));
+  uint32_t x36 = (x3 + (x2 + x1));
+  uint32_t x37 = (x6 + (x5 + x4));
+  uint32_t x38 = (x9 + (x8 + x7));
+  uint32_t x39 = (x12 + (x11 + x10));
+  uint32_t x40 = (x16 + (x15 + (x14 + x13)));
+  uint32_t x41 = (x19 + (x18 + x17));
+  uint32_t x42 = (x22 + (x21 + x20));
+  uint32_t x43 = (x25 + (x24 + x23));
+  uint32_t x44 = (x28 + (x27 + x26));
+  uint32_t x45 = (x34 + x44);
+  uint8_t x46 = (uint8_t)(x45 >> 25);
+  uint32_t x47 = (x45 & UINT32_C(0x1ffffff));
+  uint32_t x48 = (x46 + x43);
+  uint8_t x49 = (uint8_t)(x48 >> 26);
+  uint32_t x50 = (x48 & UINT32_C(0x3ffffff));
+  uint32_t x51 = (x49 + x42);
+  uint8_t x52 = (uint8_t)(x51 >> 25);
+  uint32_t x53 = (x51 & UINT32_C(0x1ffffff));
+  uint32_t x54 = (x52 + x41);
+  uint32_t x55 = (x54 & UINT32_C(0x3ffffff));
+  uint8_t x56 = (uint8_t)(x40 >> 25);
+  uint32_t x57 = (x40 & UINT32_C(0x1ffffff));
+  uint32_t x58 = (x56 + x39);
+  uint8_t x59 = (uint8_t)(x58 >> 26);
+  uint32_t x60 = (x58 & UINT32_C(0x3ffffff));
+  uint32_t x61 = (x59 + x38);
+  uint8_t x62 = (uint8_t)(x61 >> 25);
+  uint32_t x63 = (x61 & UINT32_C(0x1ffffff));
+  uint32_t x64 = (x62 + x37);
+  uint8_t x65 = (uint8_t)(x64 >> 26);
+  uint32_t x66 = (x64 & UINT32_C(0x3ffffff));
+  uint32_t x67 = (x65 + x36);
+  out1[0] = x35;
+  out1[1] = x47;
+  out1[2] = x50;
+  out1[3] = x53;
+  out1[4] = x55;
+  out1[5] = x57;
+  out1[6] = x60;
+  out1[7] = x63;
+  out1[8] = x66;
+  out1[9] = x67;
+}
+
+#endif /* not defined(BORINGSSL_CURVE25519_64BIT) */
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/edwards25519_tables.h b/krb5-1.21.3/src/plugins/preauth/spake/edwards25519_tables.h
new file mode 100644
index 00000000..c6c50137
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/edwards25519_tables.h
@@ -0,0 +1,7881 @@
+/* -*- mode: c; c-basic-offset: 2; indent-tabs-mode: nil -*- */
+/*
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file).
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* From BoringSSL third-party/fiat/curve25519_tables.h */
+
+static const fe d = {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+    929955233495203, 466365720129213, 1662059464998953, 2033849074728123,
+    1442794654840575
+#else
+    56195235, 13857412, 51736253, 6949390, 114729, 24766616, 60832955, 30306712,
+    48412415, 21499315
+#endif
+}};
+
+static const fe sqrtm1 = {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+    1718705420411056, 234908883556509, 2233514472574048, 2117202627021982,
+    765476049583133
+#else
+    34513072, 25610706, 9377949, 3500415, 12389472, 33281959, 41962654,
+    31548777, 326685, 11406482
+#endif
+}};
+
+static const fe d2 = {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+    1859910466990425, 932731440258426, 1072319116312658, 1815898335770999,
+    633789495995903
+#else
+    45281625, 27714825, 36363642, 13898781, 229458, 15978800, 54557047,
+    27058993, 29715967, 9444199
+#endif
+}};
+
+#if defined(CONFIG_SMALL)
+
+// This block of code replaces the standard base-point table with a much smaller
+// one. The standard table is 30,720 bytes while this one is just 960.
+//
+// This table contains 15 pairs of group elements, (x, y), where each field
+// element is serialised with |fe_tobytes|. If |i| is the index of the group
+// element then consider i+1 as a four-bit number: (i₀, i�, i₂, i₃) (where i₀
+// is the most significant bit). The value of the group element is then:
+// (i₀×2^192 + i�×2^128 + i₂×2^64 + i₃)G, where G is the generator.
+static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = {
+    0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95,
+    0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
+    0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21, 0x58, 0x66, 0x66, 0x66,
+    0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+    0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+    0x66, 0x66, 0x66, 0x66, 0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e,
+    0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4,
+    0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62,
+    0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba,
+    0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd,
+    0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03, 0xa2, 0xfb, 0xcc, 0x61,
+    0x67, 0x06, 0x70, 0x1a, 0xc4, 0x78, 0x3a, 0xff, 0x32, 0x62, 0xdd, 0x2c,
+    0xab, 0x50, 0x19, 0x3b, 0xf2, 0x9b, 0x7d, 0xb8, 0xfd, 0x4f, 0x29, 0x9c,
+    0xa7, 0x91, 0xba, 0x0e, 0x46, 0x5e, 0x51, 0xfe, 0x1d, 0xbf, 0xe5, 0xe5,
+    0x9b, 0x95, 0x0d, 0x67, 0xf8, 0xd1, 0xb5, 0x5a, 0xa1, 0x93, 0x2c, 0xc3,
+    0xde, 0x0e, 0x97, 0x85, 0x2d, 0x7f, 0xea, 0xab, 0x3e, 0x47, 0x30, 0x18,
+    0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2,
+    0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95,
+    0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c, 0x6b, 0xa6, 0xf5, 0x4b,
+    0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90,
+    0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52,
+    0xe6, 0x99, 0x2c, 0x5f, 0x9a, 0x96, 0x0c, 0x68, 0x29, 0xfd, 0xe2, 0xfb,
+    0xe6, 0xbc, 0xec, 0x31, 0x08, 0xec, 0xe6, 0xb0, 0x53, 0x60, 0xc3, 0x8c,
+    0xbe, 0xc1, 0xb3, 0x8a, 0x8f, 0xe4, 0x88, 0x2b, 0x55, 0xe5, 0x64, 0x6e,
+    0x9b, 0xd0, 0xaf, 0x7b, 0x64, 0x2a, 0x35, 0x25, 0x10, 0x52, 0xc5, 0x9e,
+    0x58, 0x11, 0x39, 0x36, 0x45, 0x51, 0xb8, 0x39, 0x93, 0xfc, 0x9d, 0x6a,
+    0xbe, 0x58, 0xcb, 0xa4, 0x0f, 0x51, 0x3c, 0x38, 0x05, 0xca, 0xab, 0x43,
+    0x63, 0x0e, 0xf3, 0x8b, 0x41, 0xa6, 0xf8, 0x9b, 0x53, 0x70, 0x80, 0x53,
+    0x86, 0x5e, 0x8f, 0xe3, 0xc3, 0x0d, 0x18, 0xc8, 0x4b, 0x34, 0x1f, 0xd8,
+    0x1d, 0xbc, 0xf2, 0x6d, 0x34, 0x3a, 0xbe, 0xdf, 0xd9, 0xf6, 0xf3, 0x89,
+    0xa1, 0xe1, 0x94, 0x9f, 0x5d, 0x4c, 0x5d, 0xe9, 0xa1, 0x49, 0x92, 0xef,
+    0x0e, 0x53, 0x81, 0x89, 0x58, 0x87, 0xa6, 0x37, 0xf1, 0xdd, 0x62, 0x60,
+    0x63, 0x5a, 0x9d, 0x1b, 0x8c, 0xc6, 0x7d, 0x52, 0xea, 0x70, 0x09, 0x6a,
+    0xe1, 0x32, 0xf3, 0x73, 0x21, 0x1f, 0x07, 0x7b, 0x7c, 0x9b, 0x49, 0xd8,
+    0xc0, 0xf3, 0x25, 0x72, 0x6f, 0x9d, 0xed, 0x31, 0x67, 0x36, 0x36, 0x54,
+    0x40, 0x92, 0x71, 0xe6, 0x11, 0x28, 0x11, 0xad, 0x93, 0x32, 0x85, 0x7b,
+    0x3e, 0xb7, 0x3b, 0x49, 0x13, 0x1c, 0x07, 0xb0, 0x2e, 0x93, 0xaa, 0xfd,
+    0xfd, 0x28, 0x47, 0x3d, 0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb,
+    0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c,
+    0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b,
+    0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63,
+    0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a,
+    0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61, 0x38, 0x68, 0xb0, 0x07,
+    0xa3, 0xfc, 0xcc, 0x85, 0x10, 0x7f, 0x4c, 0x65, 0x65, 0xb3, 0xfa, 0xfa,
+    0xa5, 0x53, 0x6f, 0xdb, 0x74, 0x4c, 0x56, 0x46, 0x03, 0xe2, 0xd5, 0x7a,
+    0x29, 0x1c, 0xc6, 0x02, 0xbc, 0x59, 0xf2, 0x04, 0x75, 0x63, 0xc0, 0x84,
+    0x2f, 0x60, 0x1c, 0x67, 0x76, 0xfd, 0x63, 0x86, 0xf3, 0xfa, 0xbf, 0xdc,
+    0xd2, 0x2d, 0x90, 0x91, 0xbd, 0x33, 0xa9, 0xe5, 0x66, 0x0c, 0xda, 0x42,
+    0x27, 0xca, 0xf4, 0x66, 0xc2, 0xec, 0x92, 0x14, 0x57, 0x06, 0x63, 0xd0,
+    0x4d, 0x15, 0x06, 0xeb, 0x69, 0x58, 0x4f, 0x77, 0xc5, 0x8b, 0xc7, 0xf0,
+    0x8e, 0xed, 0x64, 0xa0, 0xb3, 0x3c, 0x66, 0x71, 0xc6, 0x2d, 0xda, 0x0a,
+    0x0d, 0xfe, 0x70, 0x27, 0x64, 0xf8, 0x27, 0xfa, 0xf6, 0x5f, 0x30, 0xa5,
+    0x0d, 0x6c, 0xda, 0xf2, 0x62, 0x5e, 0x78, 0x47, 0xd3, 0x66, 0x00, 0x1c,
+    0xfd, 0x56, 0x1f, 0x5d, 0x3f, 0x6f, 0xf4, 0x4c, 0xd8, 0xfd, 0x0e, 0x27,
+    0xc9, 0x5c, 0x2b, 0xbc, 0xc0, 0xa4, 0xe7, 0x23, 0x29, 0x02, 0x9f, 0x31,
+    0xd6, 0xe9, 0xd7, 0x96, 0xf4, 0xe0, 0x5e, 0x0b, 0x0e, 0x13, 0xee, 0x3c,
+    0x09, 0xed, 0xf2, 0x3d, 0x76, 0x91, 0xc3, 0xa4, 0x97, 0xae, 0xd4, 0x87,
+    0xd0, 0x5d, 0xf6, 0x18, 0x47, 0x1f, 0x1d, 0x67, 0xf2, 0xcf, 0x63, 0xa0,
+    0x91, 0x27, 0xf8, 0x93, 0x45, 0x75, 0x23, 0x3f, 0xd1, 0xf1, 0xad, 0x23,
+    0xdd, 0x64, 0x93, 0x96, 0x41, 0x70, 0x7f, 0xf7, 0xf5, 0xa9, 0x89, 0xa2,
+    0x34, 0xb0, 0x8d, 0x1b, 0xae, 0x19, 0x15, 0x49, 0x58, 0x23, 0x6d, 0x87,
+    0x15, 0x4f, 0x81, 0x76, 0xfb, 0x23, 0xb5, 0xea, 0xcf, 0xac, 0x54, 0x8d,
+    0x4e, 0x42, 0x2f, 0xeb, 0x0f, 0x63, 0xdb, 0x68, 0x37, 0xa8, 0xcf, 0x8b,
+    0xab, 0xf5, 0xa4, 0x6e, 0x96, 0x2a, 0xb2, 0xd6, 0xbe, 0x9e, 0xbd, 0x0d,
+    0xb4, 0x42, 0xa9, 0xcf, 0x01, 0x83, 0x8a, 0x17, 0x47, 0x76, 0xc4, 0xc6,
+    0x83, 0x04, 0x95, 0x0b, 0xfc, 0x11, 0xc9, 0x62, 0xb8, 0x0c, 0x76, 0x84,
+    0xd9, 0xb9, 0x37, 0xfa, 0xfc, 0x7c, 0xc2, 0x6d, 0x58, 0x3e, 0xb3, 0x04,
+    0xbb, 0x8c, 0x8f, 0x48, 0xbc, 0x91, 0x27, 0xcc, 0xf9, 0xb7, 0x22, 0x19,
+    0x83, 0x2e, 0x09, 0xb5, 0x72, 0xd9, 0x54, 0x1c, 0x4d, 0xa1, 0xea, 0x0b,
+    0xf1, 0xc6, 0x08, 0x72, 0x46, 0x87, 0x7a, 0x6e, 0x80, 0x56, 0x0a, 0x8a,
+    0xc0, 0xdd, 0x11, 0x6b, 0xd6, 0xdd, 0x47, 0xdf, 0x10, 0xd9, 0xd8, 0xea,
+    0x7c, 0xb0, 0x8f, 0x03, 0x00, 0x2e, 0xc1, 0x8f, 0x44, 0xa8, 0xd3, 0x30,
+    0x06, 0x89, 0xa2, 0xf9, 0x34, 0xad, 0xdc, 0x03, 0x85, 0xed, 0x51, 0xa7,
+    0x82, 0x9c, 0xe7, 0x5d, 0x52, 0x93, 0x0c, 0x32, 0x9a, 0x5b, 0xe1, 0xaa,
+    0xca, 0xb8, 0x02, 0x6d, 0x3a, 0xd4, 0xb1, 0x3a, 0xf0, 0x5f, 0xbe, 0xb5,
+    0x0d, 0x10, 0x6b, 0x38, 0x32, 0xac, 0x76, 0x80, 0xbd, 0xca, 0x94, 0x71,
+    0x7a, 0xf2, 0xc9, 0x35, 0x2a, 0xde, 0x9f, 0x42, 0x49, 0x18, 0x01, 0xab,
+    0xbc, 0xef, 0x7c, 0x64, 0x3f, 0x58, 0x3d, 0x92, 0x59, 0xdb, 0x13, 0xdb,
+    0x58, 0x6e, 0x0a, 0xe0, 0xb7, 0x91, 0x4a, 0x08, 0x20, 0xd6, 0x2e, 0x3c,
+    0x45, 0xc9, 0x8b, 0x17, 0x79, 0xe7, 0xc7, 0x90, 0x99, 0x3a, 0x18, 0x25,
+};
+
+#else
+
+// k25519Precomp[i][j] = (j+1)*256^i*B
+static const ge_precomp k25519Precomp[32][8] = {
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1288382639258501, 245678601348599, 269427782077623,
+                1462984067271730, 137412439391563
+#else
+                25967493, 19198397, 29566455, 3660896, 54414519, 4014786,
+                27544626, 21800161, 61029707, 2047604
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                62697248952638, 204681361388450, 631292143396476,
+                338455783676468, 1213667448819585
+#else
+                54563134, 934261, 64385954, 3049989, 66381436, 9406985,
+                12720692, 5043384, 19500929, 18085054
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                301289933810280, 1259582250014073, 1422107436869536,
+                796239922652654, 1953934009299142
+#else
+                58370664, 4489569, 9688441, 18769238, 10184608, 21191052,
+                29287918, 11864899, 42594502, 29115885
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1380971894829527, 790832306631236, 2067202295274102,
+                1995808275510000, 1566530869037010
+#else
+                54292951, 20578084, 45527620, 11784319, 41753206, 30803714,
+                55390960, 29739860, 66750418, 23343128
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                463307831301544, 432984605774163, 1610641361907204,
+                750899048855000, 1894842303421586
+#else
+                45405608, 6903824, 27185491, 6451973, 37531140, 24000426,
+                51492312, 11189267, 40279186, 28235350
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                748439484463711, 1033211726465151, 1396005112841647,
+                1611506220286469, 1972177495910992
+#else
+                26966623, 11152617, 32442495, 15396054, 14353839, 20802097,
+                63980037, 24013313, 51636816, 29387734
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1601611775252272, 1720807796594148, 1132070835939856,
+                1260455018889551, 2147779492816911
+#else
+                15636272, 23865875, 24204772, 25642034, 616976, 16869170,
+                27787599, 18782243, 28944399, 32004408
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                316559037616741, 2177824224946892, 1459442586438991,
+                1461528397712656, 751590696113597
+#else
+                16568933, 4717097, 55552716, 32452109, 15682895, 21747389,
+                16354576, 21778470, 7689661, 11199574
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1850748884277385, 1200145853858453, 1068094770532492,
+                672251375690438, 1586055907191707
+#else
+                30464137, 27578307, 55329429, 17883566, 23220364, 15915852,
+                7512774, 10017326, 49359771, 23634074
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                934282339813791, 1846903124198670, 1172395437954843,
+                1007037127761661, 1830588347719256
+#else
+                50071967, 13921891, 10945806, 27521001, 27105051, 17470053,
+                38182653, 15006022, 3284568, 27277892
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1694390458783935, 1735906047636159, 705069562067493,
+                648033061693059, 696214010414170
+#else
+                23599295, 25248385, 55915199, 25867015, 13236773, 10506355,
+                7464579, 9656445, 13059162, 10374397
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1121406372216585, 192876649532226, 190294192191717,
+                1994165897297032, 2245000007398739
+#else
+                7798537, 16710257, 3033922, 2874086, 28997861, 2835604,
+                32406664, 29715387, 66467155, 33453106
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                769950342298419, 132954430919746, 844085933195555,
+                974092374476333, 726076285546016
+#else
+                10861363, 11473154, 27284546, 1981175, 37044515, 12577860,
+                32867885, 14515107, 51670560, 10819379
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                425251763115706, 608463272472562, 442562545713235,
+                837766094556764, 374555092627893
+#else
+                4708026, 6336745, 20377586, 9066809, 55836755, 6594695,
+                41455196, 12483687, 54440373, 5581305
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1086255230780037, 274979815921559, 1960002765731872,
+                929474102396301, 1190409889297339
+#else
+                19563141, 16186464, 37722007, 4097518, 10237984, 29206317,
+                28542349, 13850243, 43430843, 17738489
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1388594989461809, 316767091099457, 394298842192982,
+                1230079486801005, 1440737038838979
+#else
+                51736881, 20691677, 32573249, 4720197, 40672342, 5875510,
+                47920237, 18329612, 57289923, 21468654
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                7380825640100, 146210432690483, 304903576448906,
+                1198869323871120, 997689833219095
+#else
+                58559652, 109982, 15149363, 2178705, 22900618, 4543417, 3044240,
+                17864545, 1762327, 14866737
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1181317918772081, 114573476638901, 262805072233344,
+                265712217171332, 294181933805782
+#else
+                48909169, 17603008, 56635573, 1707277, 49922944, 3916100,
+                38872452, 3959420, 27914454, 4383652
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                665000864555967, 2065379846933859, 370231110385876,
+                350988370788628, 1233371373142985
+#else
+                5153727, 9909285, 1723747, 30776558, 30523604, 5516873,
+                19480852, 5230134, 43156425, 18378665
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2019367628972465, 676711900706637, 110710997811333,
+                1108646842542025, 517791959672113
+#else
+                36839857, 30090922, 7665485, 10083793, 28475525, 1649722,
+                20654025, 16520125, 30598449, 7715701
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                965130719900578, 247011430587952, 526356006571389,
+                91986625355052, 2157223321444601
+#else
+                28881826, 14381568, 9657904, 3680757, 46927229, 7843315,
+                35708204, 1370707, 29794553, 32145132
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2068619540119183, 1966274918058806, 957728544705549,
+                729906502578991, 159834893065166
+#else
+                14499471, 30824833, 33917750, 29299779, 28494861, 14271267,
+                30290735, 10876454, 33954766, 2381725
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2073601412052185, 31021124762708, 264500969797082,
+                248034690651703, 1030252227928288
+#else
+                59913433, 30899068, 52378708, 462250, 39384538, 3941371,
+                60872247, 3696004, 34808032, 15351954
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                551790716293402, 1989538725166328, 801169423371717,
+                2052451893578887, 678432056995012
+#else
+                27431194, 8222322, 16448760, 29646437, 48401861, 11938354,
+                34147463, 30583916, 29551812, 10109425
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1368953770187805, 790347636712921, 437508475667162,
+                2142576377050580, 1932081720066286
+#else
+                53451805, 20399000, 35825113, 11777097, 21447386, 6519384,
+                64730580, 31926875, 10092782, 28790261
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                953638594433374, 1092333936795051, 1419774766716690,
+                805677984380077, 859228993502513
+#else
+                27939166, 14210322, 4677035, 16277044, 44144402, 21156292,
+                34600109, 12005537, 49298737, 12803509
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1200766035879111, 20142053207432, 1465634435977050,
+                1645256912097844, 295121984874596
+#else
+                17228999, 17892808, 65875336, 300139, 65883994, 21839654,
+                30364212, 24516238, 18016356, 4397660
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1735718747031557, 1248237894295956, 1204753118328107,
+                976066523550493, 65943769534592
+#else
+                56150021, 25864224, 4776340, 18600194, 27850027, 17952220,
+                40489757, 14544524, 49631360, 982638
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1060098822528990, 1586825862073490, 212301317240126,
+                1975302711403555, 666724059764335
+#else
+                29253598, 15796703, 64244882, 23645547, 10057022, 3163536,
+                7332899, 29434304, 46061167, 9934962
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1091990273418756, 1572899409348578, 80968014455247,
+                306009358661350, 1520450739132526
+#else
+                5793284, 16271923, 42977250, 23438027, 29188559, 1206517,
+                52360934, 4559894, 36984942, 22656481
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1480517209436112, 1511153322193952, 1244343858991172,
+                304788150493241, 369136856496443
+#else
+                39464912, 22061425, 16282656, 22517939, 28414020, 18542168,
+                24191033, 4541697, 53770555, 5500567
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2151330273626164, 762045184746182, 1688074332551515,
+                823046109005759, 907602769079491
+#else
+                12650548, 32057319, 9052870, 11355358, 49428827, 25154267,
+                49678271, 12264342, 10874051, 13524335
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2047386910586836, 168470092900250, 1552838872594810,
+                340951180073789, 360819374702533
+#else
+                25556948, 30508442, 714650, 2510400, 23394682, 23139102,
+                33119037, 5080568, 44580805, 5376627
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1982622644432056, 2014393600336956, 128909208804214,
+                1617792623929191, 105294281913815
+#else
+                41020600, 29543379, 50095164, 30016803, 60382070, 1920896,
+                44787559, 24106988, 4535767, 1569007
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                980234343912898, 1712256739246056, 588935272190264,
+                204298813091998, 841798321043288
+#else
+                64853442, 14606629, 45416424, 25514613, 28430648, 8775819,
+                36614302, 3044289, 31848280, 12543772
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                197561292938973, 454817274782871, 1963754960082318,
+                2113372252160468, 971377527342673
+#else
+                45080285, 2943892, 35251351, 6777305, 13784462, 29262229,
+                39731668, 31491700, 7718481, 14474653
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                164699448829328, 3127451757672, 1199504971548753,
+                1766155447043652, 1899238924683527
+#else
+                2385296, 2454213, 44477544, 46602, 62670929, 17874016, 656964,
+                26317767, 24316167, 28300865
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                732262946680281, 1674412764227063, 2182456405662809,
+                1350894754474250, 558458873295247
+#else
+                13741529, 10911568, 33875447, 24950694, 46931033, 32521134,
+                33040650, 20129900, 46379407, 8321685
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2103305098582922, 1960809151316468, 715134605001343,
+                1454892949167181, 40827143824949
+#else
+                21060490, 31341688, 15712756, 29218333, 1639039, 10656336,
+                23845965, 21679594, 57124405, 608371
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1239289043050212, 1744654158124578, 758702410031698,
+                1796762995074688, 1603056663766
+#else
+                53436132, 18466845, 56219170, 25997372, 61071954, 11305546,
+                1123968, 26773855, 27229398, 23887
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2232056027107988, 987343914584615, 2115594492994461,
+                1819598072792159, 1119305654014850
+#else
+                43864724, 33260226, 55364135, 14712570, 37643165, 31524814,
+                12797023, 27114124, 65475458, 16678953
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                320153677847348, 939613871605645, 641883205761567,
+                1930009789398224, 329165806634126
+#else
+                37608244, 4770661, 51054477, 14001337, 7830047, 9564805,
+                65600720, 28759386, 49939598, 4904952
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                980930490474130, 1242488692177893, 1251446316964684,
+                1086618677993530, 1961430968465772
+#else
+                24059538, 14617003, 19037157, 18514524, 19766092, 18648003,
+                5169210, 16191880, 2128236, 29227599
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                276821765317453, 1536835591188030, 1305212741412361,
+                61473904210175, 2051377036983058
+#else
+                50127693, 4124965, 58568254, 22900634, 30336521, 19449185,
+                37302527, 916032, 60226322, 30567899
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                833449923882501, 1750270368490475, 1123347002068295,
+                185477424765687, 278090826653186
+#else
+                44477957, 12419371, 59974635, 26081060, 50629959, 16739174,
+                285431, 2763829, 15736322, 4143876
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                794524995833413, 1849907304548286, 53348672473145,
+                1272368559505217, 1147304168324779
+#else
+                2379333, 11839345, 62998462, 27565766, 11274297, 794957, 212801,
+                18959769, 23527083, 17096164
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1504846112759364, 1203096289004681, 562139421471418,
+                274333017451844, 1284344053775441
+#else
+                33431108, 22423954, 49269897, 17927531, 8909498, 8376530,
+                34483524, 4087880, 51919953, 19138217
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                483048732424432, 2116063063343382, 30120189902313,
+                292451576741007, 1156379271702225
+#else
+                1767664, 7197987, 53903638, 31531796, 54017513, 448825, 5799055,
+                4357868, 62334673, 17231393
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                928372153029038, 2147692869914564, 1455665844462196,
+                1986737809425946, 185207050258089
+#else
+                6721966, 13833823, 43585476, 32003117, 26354292, 21691111,
+                23365146, 29604700, 7390889, 2759800
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                137732961814206, 706670923917341, 1387038086865771,
+                1965643813686352, 1384777115696347
+#else
+                4409022, 2052381, 23373853, 10530217, 7676779, 20668478,
+                21302352, 29290375, 1244379, 20634787
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                481144981981577, 2053319313589856, 2065402289827512,
+                617954271490316, 1106602634668125
+#else
+                62687625, 7169618, 4982368, 30596842, 30256824, 30776892,
+                14086412, 9208236, 15886429, 16489664
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                696298019648792, 893299659040895, 1148636718636009,
+                26734077349617, 2203955659340681
+#else
+                1996056, 10375649, 14346367, 13311202, 60234729, 17116020,
+                53415665, 398368, 36502409, 32841498
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                657390353372855, 998499966885562, 991893336905797,
+                810470207106761, 343139804608786
+#else
+                41801399, 9795879, 64331450, 14878808, 33577029, 14780362,
+                13348553, 12076947, 36272402, 5113181
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                791736669492960, 934767652997115, 824656780392914,
+                1759463253018643, 361530362383518
+#else
+                49338080, 11797795, 31950843, 13929123, 41220562, 12288343,
+                36767763, 26218045, 13847710, 5387222
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2022541353055597, 2094700262587466, 1551008075025686,
+                242785517418164, 695985404963562
+#else
+                48526701, 30138214, 17824842, 31213466, 22744342, 23111821,
+                8763060, 3617786, 47508202, 10370990
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1287487199965223, 2215311941380308, 1552928390931986,
+                1664859529680196, 1125004975265243
+#else
+                20246567, 19185054, 22358228, 33010720, 18507282, 23140436,
+                14554436, 24808340, 32232923, 16763880
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                677434665154918, 989582503122485, 1817429540898386,
+                1052904935475344, 1143826298169798
+#else
+                9648486, 10094563, 26416693, 14745928, 36734546, 27081810,
+                11094160, 15689506, 3140038, 17044340
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                367266328308408, 318431188922404, 695629353755355,
+                634085657580832, 24581612564426
+#else
+                50948792, 5472694, 31895588, 4744994, 8823515, 10365685,
+                39884064, 9448612, 38334410, 366294
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                773360688841258, 1815381330538070, 363773437667376,
+                539629987070205, 783280434248437
+#else
+                19153450, 11523972, 56012374, 27051289, 42461232, 5420646,
+                28344573, 8041113, 719605, 11671788
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                180820816194166, 168937968377394, 748416242794470,
+                1227281252254508, 1567587861004268
+#else
+                8678006, 2694440, 60300850, 2517371, 4964326, 11152271,
+                51675948, 18287915, 27000812, 23358879
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                478775558583645, 2062896624554807, 699391259285399,
+                358099408427873, 1277310261461761
+#else
+                51950941, 7134311, 8639287, 30739555, 59873175, 10421741,
+                564065, 5336097, 6750977, 19033406
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1984740906540026, 1079164179400229, 1056021349262661,
+                1659958556483663, 1088529069025527
+#else
+                11836410, 29574944, 26297893, 16080799, 23455045, 15735944,
+                1695823, 24735310, 8169719, 16220347
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                580736401511151, 1842931091388998, 1177201471228238,
+                2075460256527244, 1301133425678027
+#else
+                48993007, 8653646, 17578566, 27461813, 59083086, 17541668,
+                55964556, 30926767, 61118155, 19388398
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1515728832059182, 1575261009617579, 1510246567196186,
+                191078022609704, 116661716289141
+#else
+                43800366, 22586119, 15213227, 23473218, 36255258, 22504427,
+                27884328, 2847284, 2655861, 1738395
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1295295738269652, 1714742313707026, 545583042462581,
+                2034411676262552, 1513248090013606
+#else
+                39571412, 19301410, 41772562, 25551651, 57738101, 8129820,
+                21651608, 30315096, 48021414, 22549153
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                230710545179830, 30821514358353, 760704303452229,
+                390668103790604, 573437871383156
+#else
+                1533110, 3437855, 23735889, 459276, 29970501, 11335377,
+                26030092, 5821408, 10478196, 8544890
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1169380107545646, 263167233745614, 2022901299054448,
+                819900753251120, 2023898464874585
+#else
+                32173102, 17425121, 24896206, 3921497, 22579056, 30143578,
+                19270448, 12217473, 17789017, 30158437
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2102254323485823, 1570832666216754, 34696906544624,
+                1993213739807337, 70638552271463
+#else
+                36555903, 31326030, 51530034, 23407230, 13243888, 517024,
+                15479401, 29701199, 30460519, 1052596
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                894132856735058, 548675863558441, 845349339503395,
+                1942269668326667, 1615682209874691
+#else
+                55493970, 13323617, 32618793, 8175907, 51878691, 12596686,
+                27491595, 28942073, 3179267, 24075541
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1287670217537834, 1222355136884920, 1846481788678694,
+                1150426571265110, 1613523400722047
+#else
+                31947050, 19187781, 62468280, 18214510, 51982886, 27514722,
+                52352086, 17142691, 19072639, 24043372
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                793388516527298, 1315457083650035, 1972286999342417,
+                1901825953052455, 338269477222410
+#else
+                11685058, 11822410, 3158003, 19601838, 33402193, 29389366,
+                5977895, 28339415, 473098, 5040608
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                550201530671806, 778605267108140, 2063911101902983,
+                115500557286349, 2041641272971022
+#else
+                46817982, 8198641, 39698732, 11602122, 1290375, 30754672,
+                28326861, 1721092, 47550222, 30422825
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                717255318455100, 519313764361315, 2080406977303708,
+                541981206705521, 774328150311600
+#else
+                7881532, 10687937, 7578723, 7738378, 48157852, 31000479,
+                21820785, 8076149, 39240368, 11538388
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                261715221532238, 1795354330069993, 1496878026850283,
+                499739720521052, 389031152673770
+#else
+                47173198, 3899860, 18283497, 26752864, 51380203, 22305220,
+                8754524, 7446702, 61432810, 5797015
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1997217696294013, 1717306351628065, 1684313917746180,
+                1644426076011410, 1857378133465451
+#else
+                55813245, 29760862, 51326753, 25589858, 12708868, 25098233,
+                2014098, 24503858, 64739691, 27677090
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1475434724792648, 76931896285979, 1116729029771667,
+                2002544139318042, 725547833803938
+#else
+                44636488, 21985690, 39426843, 1146374, 18956691, 16640559,
+                1192730, 29840233, 15123618, 10811505
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2022306639183567, 726296063571875, 315345054448644,
+                1058733329149221, 1448201136060677
+#else
+                14352079, 30134717, 48166819, 10822654, 32750596, 4699007,
+                67038501, 15776355, 38222085, 21579878
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1710065158525665, 1895094923036397, 123988286168546,
+                1145519900776355, 1607510767693874
+#else
+                38867681, 25481956, 62129901, 28239114, 29416930, 1847569,
+                46454691, 17069576, 4714546, 23953777
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                561605375422540, 1071733543815037, 131496498800990,
+                1946868434569999, 828138133964203
+#else
+                15200332, 8368572, 19679101, 15970074, 35236190, 1959450,
+                24611599, 29010600, 55362987, 12340219
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1548495173745801, 442310529226540, 998072547000384,
+                553054358385281, 644824326376171
+#else
+                12876937, 23074376, 33134380, 6590940, 60801088, 14872439,
+                9613953, 8241152, 15370987, 9608631
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1445526537029440, 2225519789662536, 914628859347385,
+                1064754194555068, 1660295614401091
+#else
+                62965568, 21540023, 8446280, 33162829, 4407737, 13629032,
+                59383996, 15866073, 38898243, 24740332
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1199690223111956, 24028135822341, 66638289244341,
+                57626156285975, 565093967979607
+#else
+                26660628, 17876777, 8393733, 358047, 59707573, 992987, 43204631,
+                858696, 20571223, 8420556
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                876926774220824, 554618976488214, 1012056309841565,
+                839961821554611, 1414499340307677
+#else
+                14620696, 13067227, 51661590, 8264466, 14106269, 15080814,
+                33531827, 12516406, 45534429, 21077682
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                703047626104145, 1266841406201770, 165556500219173,
+                486991595001879, 1011325891650656
+#else
+                236881, 10476226, 57258, 18877408, 6472997, 2466984, 17258519,
+                7256740, 8791136, 15069930
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1622861044480487, 1156394801573634, 1869132565415504,
+                327103985777730, 2095342781472284
+#else
+                1276391, 24182514, 22949634, 17231625, 43615824, 27852245,
+                14711874, 4874229, 36445724, 31223040
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                334886927423922, 489511099221528, 129160865966726,
+                1720809113143481, 619700195649254
+#else
+                5855666, 4990204, 53397016, 7294283, 59304582, 1924646,
+                65685689, 25642053, 34039526, 9234252
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1646545795166119, 1758370782583567, 714746174550637,
+                1472693650165135, 898994790308209
+#else
+                20590503, 24535444, 31529743, 26201766, 64402029, 10650547,
+                31559055, 21944845, 18979185, 13396066
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                333403773039279, 295772542452938, 1693106465353610,
+                912330357530760, 471235657950362
+#else
+                24474287, 4968103, 22267082, 4407354, 24063882, 25229252,
+                48291976, 13594781, 33514650, 7021958
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1811196219982022, 1068969825533602, 289602974833439,
+                1988956043611592, 863562343398367
+#else
+                55541958, 26988926, 45743778, 15928891, 40950559, 4315420,
+                41160136, 29637754, 45628383, 12868081
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                906282429780072, 2108672665779781, 432396390473936,
+                150625823801893, 1708930497638539
+#else
+                38473832, 13504660, 19988037, 31421671, 21078224, 6443208,
+                45662757, 2244499, 54653067, 25465048
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                925664675702328, 21416848568684, 1831436641861340,
+                601157008940113, 371818055044496
+#else
+                36513336, 13793478, 61256044, 319135, 41385692, 27290532,
+                33086545, 8957937, 51875216, 5540520
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1479786007267725, 1738881859066675, 68646196476567,
+                2146507056100328, 1247662817535471
+#else
+                55478669, 22050529, 58989363, 25911358, 2620055, 1022908,
+                43398120, 31985447, 50980335, 18591624
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                52035296774456, 939969390708103, 312023458773250,
+                59873523517659, 1231345905848899
+#else
+                23152952, 775386, 27395463, 14006635, 57407746, 4649511,
+                1689819, 892185, 55595587, 18348483
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                643355106415761, 290186807495774, 2013561737429023,
+                319648069511546, 393736678496162
+#else
+                9770129, 9586738, 26496094, 4324120, 1556511, 30004408,
+                27453818, 4763127, 47929250, 5867133
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                129358342392716, 1932811617704777, 1176749390799681,
+                398040349861790, 1170779668090425
+#else
+                34343820, 1927589, 31726409, 28801137, 23962433, 17534932,
+                27846558, 5931263, 37359161, 17445976
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2051980782668029, 121859921510665, 2048329875753063,
+                1235229850149665, 519062146124755
+#else
+                27461885, 30576896, 22380809, 1815854, 44075111, 30522493,
+                7283489, 18406359, 47582163, 7734628
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1608170971973096, 415809060360428, 1350468408164766,
+                2038620059057678, 1026904485989112
+#else
+                59098600, 23963614, 55988460, 6196037, 29344158, 20123547,
+                7585294, 30377806, 18549496, 15302069
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1837656083115103, 1510134048812070, 906263674192061,
+                1821064197805734, 565375124676301
+#else
+                34450527, 27383209, 59436070, 22502750, 6258877, 13504381,
+                10458790, 27135971, 58236621, 8424745
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                578027192365650, 2034800251375322, 2128954087207123,
+                478816193810521, 2196171989962750
+#else
+                24687186, 8613276, 36441818, 30320886, 1863891, 31723888,
+                19206233, 7134917, 55824382, 32725512
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1633188840273139, 852787172373708, 1548762607215796,
+                1266275218902681, 1107218203325133
+#else
+                11334899, 24336410, 8025292, 12707519, 17523892, 23078361,
+                10243737, 18868971, 62042829, 16498836
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                462189358480054, 1784816734159228, 1611334301651368,
+                1303938263943540, 707589560319424
+#else
+                8911542, 6887158, 57524604, 26595841, 11145640, 24010752,
+                17303924, 19430194, 6536640, 10543906
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1038829280972848, 38176604650029, 753193246598573,
+                1136076426528122, 595709990562434
+#else
+                38162480, 15479762, 49642029, 568875, 65611181, 11223453,
+                64439674, 16928857, 39873154, 8876770
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1408451820859834, 2194984964010833, 2198361797561729,
+                1061962440055713, 1645147963442934
+#else
+                41365946, 20987567, 51458897, 32707824, 34082177, 32758143,
+                33627041, 15824473, 66504438, 24514614
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                4701053362120, 1647641066302348, 1047553002242085,
+                1923635013395977, 206970314902065
+#else
+                10330056, 70051, 7957388, 24551765, 9764901, 15609756, 27698697,
+                28664395, 1657393, 3084098
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1750479161778571, 1362553355169293, 1891721260220598,
+                966109370862782, 1024913988299801
+#else
+                10477963, 26084172, 12119565, 20303627, 29016246, 28188843,
+                31280318, 14396151, 36875289, 15272408
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                212699049131723, 1117950018299775, 1873945661751056,
+                1403802921984058, 130896082652698
+#else
+                54820555, 3169462, 28813183, 16658753, 25116432, 27923966,
+                41934906, 20918293, 42094106, 1950503
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                636808533673210, 1262201711667560, 390951380330599,
+                1663420692697294, 561951321757406
+#else
+                40928506, 9489186, 11053416, 18808271, 36055143, 5825629,
+                58724558, 24786899, 15341278, 8373727
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                520731594438141, 1446301499955692, 273753264629267,
+                1565101517999256, 1019411827004672
+#else
+                28685821, 7759505, 52730348, 21551571, 35137043, 4079241,
+                298136, 23321830, 64230656, 15190419
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                926527492029409, 1191853477411379, 734233225181171,
+                184038887541270, 1790426146325343
+#else
+                34175969, 13806335, 52771379, 17760000, 43104243, 10940927,
+                8669718, 2742393, 41075551, 26679428
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1464651961852572, 1483737295721717, 1519450561335517,
+                1161429831763785, 405914998179977
+#else
+                65528476, 21825014, 41129205, 22109408, 49696989, 22641577,
+                9291593, 17306653, 54954121, 6048604
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                996126634382301, 796204125879525, 127517800546509,
+                344155944689303, 615279846169038
+#else
+                36803549, 14843443, 1539301, 11864366, 20201677, 1900163,
+                13934231, 5128323, 11213262, 9168384
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                738724080975276, 2188666632415296, 1961313708559162,
+                1506545807547587, 1151301638969740
+#else
+                40828332, 11007846, 19408960, 32613674, 48515898, 29225851,
+                62020803, 22449281, 20470156, 17155731
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                622917337413835, 1218989177089035, 1284857712846592,
+                970502061709359, 351025208117090
+#else
+                43972811, 9282191, 14855179, 18164354, 59746048, 19145871,
+                44324911, 14461607, 14042978, 5230683
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2067814584765580, 1677855129927492, 2086109782475197,
+                235286517313238, 1416314046739645
+#else
+                29969548, 30812838, 50396996, 25001989, 9175485, 31085458,
+                21556950, 3506042, 61174973, 21104723
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                586844262630358, 307444381952195, 458399356043426,
+                602068024507062, 1028548203415243
+#else
+                63964118, 8744660, 19704003, 4581278, 46678178, 6830682,
+                45824694, 8971512, 38569675, 15326562
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                678489922928203, 2016657584724032, 90977383049628,
+                1026831907234582, 615271492942522
+#else
+                47644235, 10110287, 49846336, 30050539, 43608476, 1355668,
+                51585814, 15300987, 46594746, 9168259
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                301225714012278, 1094837270268560, 1202288391010439,
+                644352775178361, 1647055902137983
+#else
+                61755510, 4488612, 43305616, 16314346, 7780487, 17915493,
+                38160505, 9601604, 33087103, 24543045
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1210746697896478, 1416608304244708, 686487477217856,
+                1245131191434135, 1051238336855737
+#else
+                47665694, 18041531, 46311396, 21109108, 37284416, 10229460,
+                39664535, 18553900, 61111993, 15664671
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1135604073198207, 1683322080485474, 769147804376683,
+                2086688130589414, 900445683120379
+#else
+                23294591, 16921819, 44458082, 25083453, 27844203, 11461195,
+                13099750, 31094076, 18151675, 13417686
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1971518477615628, 401909519527336, 448627091057375,
+                1409486868273821, 1214789035034363
+#else
+                42385932, 29377914, 35958184, 5988918, 40250079, 6685064,
+                1661597, 21002991, 15271675, 18101767
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1364039144731711, 1897497433586190, 2203097701135459,
+                145461396811251, 1349844460790699
+#else
+                11433023, 20325767, 8239630, 28274915, 65123427, 32828713,
+                48410099, 2167543, 60187563, 20114249
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1045230323257973, 818206601145807, 630513189076103,
+                1672046528998132, 807204017562437
+#else
+                35672693, 15575145, 30436815, 12192228, 44645511, 9395378,
+                57191156, 24915434, 12215109, 12028277
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                439961968385997, 386362664488986, 1382706320807688,
+                309894000125359, 2207801346498567
+#else
+                14098381, 6555944, 23007258, 5757252, 51681032, 20603929,
+                30123439, 4617780, 50208775, 32898803
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1229004686397588, 920643968530863, 123975893911178,
+                681423993215777, 1400559197080973
+#else
+                63082644, 18313596, 11893167, 13718664, 52299402, 1847384,
+                51288865, 10154008, 23973261, 20869958
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2003766096898049, 170074059235165, 1141124258967971,
+                1485419893480973, 1573762821028725
+#else
+                40577025, 29858441, 65199965, 2534300, 35238307, 17004076,
+                18341389, 22134481, 32013173, 23450893
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                729905708611432, 1270323270673202, 123353058984288,
+                426460209632942, 2195574535456672
+#else
+                41629544, 10876442, 55337778, 18929291, 54739296, 1838103,
+                21911214, 6354752, 4425632, 32716610
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1271140255321235, 2044363183174497, 52125387634689,
+                1445120246694705, 942541986339084
+#else
+                56675475, 18941465, 22229857, 30463385, 53917697, 776728,
+                49693489, 21533969, 4725004, 14044970
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1761608437466135, 583360847526804, 1586706389685493,
+                2157056599579261, 1170692369685772
+#else
+                19268631, 26250011, 1555348, 8692754, 45634805, 23643767,
+                6347389, 32142648, 47586572, 17444675
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                871476219910823, 1878769545097794, 2241832391238412,
+                548957640601001, 690047440233174
+#else
+                42244775, 12986007, 56209986, 27995847, 55796492, 33405905,
+                19541417, 8180106, 9282262, 10282508
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                297194732135507, 1366347803776820, 1301185512245601,
+                561849853336294, 1533554921345731
+#else
+                40903763, 4428546, 58447668, 20360168, 4098401, 19389175,
+                15522534, 8372215, 5542595, 22851749
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                999628998628371, 1132836708493400, 2084741674517453,
+                469343353015612, 678782988708035
+#else
+                56546323, 14895632, 26814552, 16880582, 49628109, 31065071,
+                64326972, 6993760, 49014979, 10114654
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2189427607417022, 699801937082607, 412764402319267,
+                1478091893643349, 2244675696854460
+#else
+                47001790, 32625013, 31422703, 10427861, 59998115, 6150668,
+                38017109, 22025285, 25953724, 33448274
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1712292055966563, 204413590624874, 1405738637332841,
+                408981300829763, 861082219276721
+#else
+                62874467, 25515139, 57989738, 3045999, 2101609, 20947138,
+                19390019, 6094296, 63793585, 12831124
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                508561155940631, 966928475686665, 2236717801150132,
+                424543858577297, 2089272956986143
+#else
+                51110167, 7578151, 5310217, 14408357, 33560244, 33329692,
+                31575953, 6326196, 7381791, 31132593
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                221245220129925, 1156020201681217, 491145634799213,
+                542422431960839, 828100817819207
+#else
+                46206085, 3296810, 24736065, 17226043, 18374253, 7318640,
+                6295303, 8082724, 51746375, 12339663
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                153756971240384, 1299874139923977, 393099165260502,
+                1058234455773022, 996989038681183
+#else
+                27724736, 2291157, 6088201, 19369634, 1792726, 5857634,
+                13848414, 15768922, 25091167, 14856294
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                559086812798481, 573177704212711, 1629737083816402,
+                1399819713462595, 1646954378266038
+#else
+                48242193, 8331042, 24373479, 8541013, 66406866, 24284974,
+                12927299, 20858939, 44926390, 24541532
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1887963056288059, 228507035730124, 1468368348640282,
+                930557653420194, 613513962454686
+#else
+                55685435, 28132841, 11632844, 3405020, 30536730, 21880393,
+                39848098, 13866389, 30146206, 9142070
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1224529808187553, 1577022856702685, 2206946542980843,
+                625883007765001, 279930793512158
+#else
+                3924129, 18246916, 53291741, 23499471, 12291819, 32886066,
+                39406089, 9326383, 58871006, 4171293
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1076287717051609, 1114455570543035, 187297059715481,
+                250446884292121, 1885187512550540
+#else
+                51186905, 16037936, 6713787, 16606682, 45496729, 2790943,
+                26396185, 3731949, 345228, 28091483
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                902497362940219, 76749815795675, 1657927525633846,
+                1420238379745202, 1340321636548352
+#else
+                45781307, 13448258, 25284571, 1143661, 20614966, 24705045,
+                2031538, 21163201, 50855680, 19972348
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1129576631190784, 1281994010027327, 996844254743018,
+                257876363489249, 1150850742055018
+#else
+                31016192, 16832003, 26371391, 19103199, 62081514, 14854136,
+                17477601, 3842657, 28012650, 17149012
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                628740660038789, 1943038498527841, 467786347793886,
+                1093341428303375, 235413859513003
+#else
+                62033029, 9368965, 58546785, 28953529, 51858910, 6970559,
+                57918991, 16292056, 58241707, 3507939
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                237425418909360, 469614029179605, 1512389769174935,
+                1241726368345357, 441602891065214
+#else
+                29439664, 3537914, 23333589, 6997794, 49553303, 22536363,
+                51899661, 18503164, 57943934, 6580395
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1736417953058555, 726531315520508, 1833335034432527,
+                1629442561574747, 624418919286085
+#else
+                54923003, 25874643, 16438268, 10826160, 58412047, 27318820,
+                17860443, 24280586, 65013061, 9304566
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1960754663920689, 497040957888962, 1909832851283095,
+                1271432136996826, 2219780368020940
+#else
+                20714545, 29217521, 29088194, 7406487, 11426967, 28458727,
+                14792666, 18945815, 5289420, 33077305
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1537037379417136, 1358865369268262, 2130838645654099,
+                828733687040705, 1999987652890901
+#else
+                50443312, 22903641, 60948518, 20248671, 9192019, 31751970,
+                17271489, 12349094, 26939669, 29802138
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                629042105241814, 1098854999137608, 887281544569320,
+                1423102019874777, 7911258951561
+#else
+                54218966, 9373457, 31595848, 16374215, 21471720, 13221525,
+                39825369, 21205872, 63410057, 117886
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1811562332665373, 1501882019007673, 2213763501088999,
+                359573079719636, 36370565049116
+#else
+                22263325, 26994382, 3984569, 22379786, 51994855, 32987646,
+                28311252, 5358056, 43789084, 541963
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                218907117361280, 1209298913016966, 1944312619096112,
+                1130690631451061, 1342327389191701
+#else
+                16259200, 3261970, 2309254, 18019958, 50223152, 28972515,
+                24134069, 16848603, 53771797, 20002236
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1369976867854704, 1396479602419169, 1765656654398856,
+                2203659200586299, 998327836117241
+#else
+                9378160, 20414246, 44262881, 20809167, 28198280, 26310334,
+                64709179, 32837080, 690425, 14876244
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2230701885562825, 1348173180338974, 2172856128624598,
+                1426538746123771, 444193481326151
+#else
+                24977353, 33240048, 58884894, 20089345, 28432342, 32378079,
+                54040059, 21257083, 44727879, 6618998
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                784210426627951, 918204562375674, 1284546780452985,
+                1324534636134684, 1872449409642708
+#else
+                65570671, 11685645, 12944378, 13682314, 42719353, 19141238,
+                8044828, 19737104, 32239828, 27901670
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                319638829540294, 596282656808406, 2037902696412608,
+                1557219121643918, 341938082688094
+#else
+                48505798, 4762989, 66182614, 8885303, 38696384, 30367116,
+                9781646, 23204373, 32779358, 5095274
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1901860206695915, 2004489122065736, 1625847061568236,
+                973529743399879, 2075287685312905
+#else
+                34100715, 28339925, 34843976, 29869215, 9460460, 24227009,
+                42507207, 14506723, 21639561, 30924196
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1371853944110545, 1042332820512553, 1949855697918254,
+                1791195775521505, 37487364849293
+#else
+                50707921, 20442216, 25239337, 15531969, 3987758, 29055114,
+                65819361, 26690896, 17874573, 558605
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                687200189577855, 1082536651125675, 644224940871546,
+                340923196057951, 343581346747396
+#else
+                53508735, 10240080, 9171883, 16131053, 46239610, 9599699,
+                33499487, 5080151, 2085892, 5119761
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2082717129583892, 27829425539422, 145655066671970,
+                1690527209845512, 1865260509673478
+#else
+                44903700, 31034903, 50727262, 414690, 42089314, 2170429,
+                30634760, 25190818, 35108870, 27794547
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1059729620568824, 2163709103470266, 1440302280256872,
+                1769143160546397, 869830310425069
+#else
+                60263160, 15791201, 8550074, 32241778, 29928808, 21462176,
+                27534429, 26362287, 44757485, 12961481
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1609516219779025, 777277757338817, 2101121130363987,
+                550762194946473, 1905542338659364
+#else
+                42616785, 23983660, 10368193, 11582341, 43711571, 31309144,
+                16533929, 8206996, 36914212, 28394793
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2024821921041576, 426948675450149, 595133284085473,
+                471860860885970, 600321679413000
+#else
+                55987368, 30172197, 2307365, 6362031, 66973409, 8868176,
+                50273234, 7031274, 7589640, 8945490
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                598474602406721, 1468128276358244, 1191923149557635,
+                1501376424093216, 1281662691293476
+#else
+                34956097, 8917966, 6661220, 21876816, 65916803, 17761038,
+                7251488, 22372252, 24099108, 19098262
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1721138489890707, 1264336102277790, 433064545421287,
+                1359988423149466, 1561871293409447
+#else
+                5019539, 25646962, 4244126, 18840076, 40175591, 6453164,
+                47990682, 20265406, 60876967, 23273695
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                719520245587143, 393380711632345, 132350400863381,
+                1543271270810729, 1819543295798660
+#else
+                10853575, 10721687, 26480089, 5861829, 44113045, 1972174,
+                65242217, 22996533, 63745412, 27113307
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                396397949784152, 1811354474471839, 1362679985304303,
+                2117033964846756, 498041172552279
+#else
+                50106456, 5906789, 221599, 26991285, 7828207, 20305514,
+                24362660, 31546264, 53242455, 7421391
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1812471844975748, 1856491995543149, 126579494584102,
+                1036244859282620, 1975108050082550
+#else
+                8139908, 27007935, 32257645, 27663886, 30375718, 1886181,
+                45933756, 15441251, 28826358, 29431403
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                650623932407995, 1137551288410575, 2125223403615539,
+                1725658013221271, 2134892965117796
+#else
+                6267067, 9695052, 7709135, 16950835, 34239795, 31668296,
+                14795159, 25714308, 13746020, 31812384
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                522584000310195, 1241762481390450, 1743702789495384,
+                2227404127826575, 1686746002148897
+#else
+                28584883, 7787108, 60375922, 18503702, 22846040, 25983196,
+                63926927, 33190907, 4771361, 25134474
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                427904865186312, 1703211129693455, 1585368107547509,
+                1436984488744336, 761188534613978
+#else
+                24949256, 6376279, 39642383, 25379823, 48462709, 23623825,
+                33543568, 21412737, 3569626, 11342593
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                318101947455002, 248138407995851, 1481904195303927,
+                309278454311197, 1258516760217879
+#else
+                26514970, 4740088, 27912651, 3697550, 19331575, 22082093,
+                6809885, 4608608, 7325975, 18753361
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1275068538599310, 513726919533379, 349926553492294,
+                688428871968420, 1702400196000666
+#else
+                55490446, 19000001, 42787651, 7655127, 65739590, 5214311,
+                39708324, 10258389, 49462170, 25367739
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1061864036265233, 961611260325381, 321859632700838,
+                1045600629959517, 1985130202504038
+#else
+                11431185, 15823007, 26570245, 14329124, 18029990, 4796082,
+                35662685, 15580663, 9280358, 29580745
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1558816436882417, 1962896332636523, 1337709822062152,
+                1501413830776938, 294436165831932
+#else
+                66948081, 23228174, 44253547, 29249434, 46247496, 19933429,
+                34297962, 22372809, 51563772, 4387440
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                818359826554971, 1862173000996177, 626821592884859,
+                573655738872376, 1749691246745455
+#else
+                46309467, 12194511, 3937617, 27748540, 39954043, 9340369,
+                42594872, 8548136, 20617071, 26072431
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1988022651432119, 1082111498586040, 1834020786104821,
+                1454826876423687, 692929915223122
+#else
+                66170039, 29623845, 58394552, 16124717, 24603125, 27329039,
+                53333511, 21678609, 24345682, 10325460
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2146513703733331, 584788900394667, 464965657279958,
+                2183973639356127, 238371159456790
+#else
+                47253587, 31985546, 44906155, 8714033, 14007766, 6928528,
+                16318175, 32543743, 4766742, 3552007
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1129007025494441, 2197883144413266, 265142755578169,
+                971864464758890, 1983715884903702
+#else
+                45357481, 16823515, 1351762, 32751011, 63099193, 3950934,
+                3217514, 14481909, 10988822, 29559670
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1291366624493075, 381456718189114, 1711482489312444,
+                1815233647702022, 892279782992467
+#else
+                15564307, 19242862, 3101242, 5684148, 30446780, 25503076,
+                12677126, 27049089, 58813011, 13296004
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                444548969917454, 1452286453853356, 2113731441506810,
+                645188273895859, 810317625309512
+#else
+                57666574, 6624295, 36809900, 21640754, 62437882, 31497052,
+                31521203, 9614054, 37108040, 12074673
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2242724082797924, 1373354730327868, 1006520110883049,
+                2147330369940688, 1151816104883620
+#else
+                4771172, 33419193, 14290748, 20464580, 27992297, 14998318,
+                65694928, 31997715, 29832612, 17163397
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1745720200383796, 1911723143175317, 2056329390702074,
+                355227174309849, 879232794371100
+#else
+                7064884, 26013258, 47946901, 28486894, 48217594, 30641695,
+                25825241, 5293297, 39986204, 13101589
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                163723479936298, 115424889803150, 1156016391581227,
+                1894942220753364, 1970549419986329
+#else
+                64810282, 2439669, 59642254, 1719964, 39841323, 17225986,
+                32512468, 28236839, 36752793, 29363474
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                681981452362484, 267208874112496, 1374683991933094,
+                638600984916117, 646178654558546
+#else
+                37102324, 10162315, 33928688, 3981722, 50626726, 20484387,
+                14413973, 9515896, 19568978, 9628812
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                13378654854251, 106237307029567, 1944412051589651,
+                1841976767925457, 230702819835573
+#else
+                33053803, 199357, 15894591, 1583059, 27380243, 28973997,
+                49269969, 27447592, 60817077, 3437739
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                260683893467075, 854060306077237, 913639551980112,
+                4704576840123, 280254810808712
+#else
+                48129987, 3884492, 19469877, 12726490, 15913552, 13614290,
+                44147131, 70103, 7463304, 4176122
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                715374893080287, 1173334812210491, 1806524662079626,
+                1894596008000979, 398905715033393
+#else
+                39984863, 10659916, 11482427, 17484051, 12771466, 26919315,
+                34389459, 28231680, 24216881, 5944158
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                500026409727661, 1596431288195371, 1420380351989370,
+                985211561521489, 392444930785633
+#else
+                8894125, 7450974, 64444715, 23788679, 39028346, 21165316,
+                19345745, 14680796, 11632993, 5847885
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2096421546958141, 1922523000950363, 789831022876840,
+                427295144688779, 320923973161730
+#else
+                26942781, 31239115, 9129563, 28647825, 26024104, 11769399,
+                55590027, 6367193, 57381634, 4782139
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1927770723575450, 1485792977512719, 1850996108474547,
+                551696031508956, 2126047405475647
+#else
+                19916442, 28726022, 44198159, 22140040, 25606323, 27581991,
+                33253852, 8220911, 6358847, 31680575
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2112099158080148, 742570803909715, 6484558077432,
+                1951119898618916, 93090382703416
+#else
+                801428, 31472730, 16569427, 11065167, 29875704, 96627, 7908388,
+                29073952, 53570360, 1387154
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                383905201636970, 859946997631870, 855623867637644,
+                1017125780577795, 794250831877809
+#else
+                19646058, 5720633, 55692158, 12814208, 11607948, 12749789,
+                14147075, 15156355, 45242033, 11835259
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                77571826285752, 999304298101753, 487841111777762,
+                1038031143212339, 339066367948762
+#else
+                19299512, 1155910, 28703737, 14890794, 2925026, 7269399,
+                26121523, 15467869, 40548314, 5052482
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                674994775520533, 266035846330789, 826951213393478,
+                1405007746162285, 1781791018620876
+#else
+                64091413, 10058205, 1980837, 3964243, 22160966, 12322533,
+                60677741, 20936246, 12228556, 26550755
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1001412661522686, 348196197067298, 1666614366723946,
+                888424995032760, 580747687801357
+#else
+                32944382, 14922211, 44263970, 5188527, 21913450, 24834489,
+                4001464, 13238564, 60994061, 8653814
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1939560076207777, 1409892634407635, 552574736069277,
+                383854338280405, 190706709864139
+#else
+                22865569, 28901697, 27603667, 21009037, 14348957, 8234005,
+                24808405, 5719875, 28483275, 2841751
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2177087163428741, 1439255351721944, 1208070840382793,
+                2230616362004769, 1396886392021913
+#else
+                50687877, 32441126, 66781144, 21446575, 21886281, 18001658,
+                65220897, 33238773, 19932057, 20815229
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                676962063230039, 1880275537148808, 2046721011602706,
+                888463247083003, 1318301552024067
+#else
+                55452759, 10087520, 58243976, 28018288, 47830290, 30498519,
+                3999227, 13239134, 62331395, 19644223
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1466980508178206, 617045217998949, 652303580573628,
+                757303753529064, 207583137376902
+#else
+                1382174, 21859713, 17266789, 9194690, 53784508, 9720080,
+                20403944, 11284705, 53095046, 3093229
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1511056752906902, 105403126891277, 493434892772846,
+                1091943425335976, 1802717338077427
+#else
+                16650902, 22516500, 66044685, 1570628, 58779118, 7352752,
+                66806440, 16271224, 43059443, 26862581
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1853982405405128, 1878664056251147, 1528011020803992,
+                1019626468153565, 1128438412189035
+#else
+                45197768, 27626490, 62497547, 27994275, 35364760, 22769138,
+                24123613, 15193618, 45456747, 16815042
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1963939888391106, 293456433791664, 697897559513649,
+                985882796904380, 796244541237972
+#else
+                57172930, 29264984, 41829040, 4372841, 2087473, 10399484,
+                31870908, 14690798, 17361620, 11864968
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                416770998629779, 389655552427054, 1314476859406756,
+                1749382513022778, 1161905598739491
+#else
+                55801235, 6210371, 13206574, 5806320, 38091172, 19587231,
+                54777658, 26067830, 41530403, 17313742
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1428358296490651, 1027115282420478, 304840698058337,
+                441410174026628, 1819358356278573
+#else
+                14668443, 21284197, 26039038, 15305210, 25515617, 4542480,
+                10453892, 6577524, 9145645, 27110552
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                204943430200135, 1554861433819175, 216426658514651,
+                264149070665950, 2047097371738319
+#else
+                5974855, 3053895, 57675815, 23169240, 35243739, 3225008,
+                59136222, 3936127, 61456591, 30504127
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1934415182909034, 1393285083565062, 516409331772960,
+                1157690734993892, 121039666594268
+#else
+                30625386, 28825032, 41552902, 20761565, 46624288, 7695098,
+                17097188, 17250936, 39109084, 1803631
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                662035583584445, 286736105093098, 1131773000510616,
+                818494214211439, 472943792054479
+#else
+                63555773, 9865098, 61880298, 4272700, 61435032, 16864731,
+                14911343, 12196514, 45703375, 7047411
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                665784778135882, 1893179629898606, 808313193813106,
+                276797254706413, 1563426179676396
+#else
+                20093258, 9920966, 55970670, 28210574, 13161586, 12044805,
+                34252013, 4124600, 34765036, 23296865
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                945205108984232, 526277562959295, 1324180513733566,
+                1666970227868664, 153547609289173
+#else
+                46320040, 14084653, 53577151, 7842146, 19119038, 19731827,
+                4752376, 24839792, 45429205, 2288037
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2031433403516252, 203996615228162, 170487168837083,
+                981513604791390, 843573964916831
+#else
+                40289628, 30270716, 29965058, 3039786, 52635099, 2540456,
+                29457502, 14625692, 42289247, 12570231
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1476570093962618, 838514669399805, 1857930577281364,
+                2017007352225784, 317085545220047
+#else
+                66045306, 22002608, 16920317, 12494842, 1278292, 27685323,
+                45948920, 30055751, 55134159, 4724942
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1461557121912842, 1600674043318359, 2157134900399597,
+                1670641601940616, 127765583803283
+#else
+                17960970, 21778898, 62967895, 23851901, 58232301, 32143814,
+                54201480, 24894499, 37532563, 1903855
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1293543509393474, 2143624609202546, 1058361566797508,
+                214097127393994, 946888515472729
+#else
+                23134274, 19275300, 56426866, 31942495, 20684484, 15770816,
+                54119114, 3190295, 26955097, 14109738
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                357067959932916, 1290876214345711, 521245575443703,
+                1494975468601005, 800942377643885
+#else
+                15308788, 5320727, 36995055, 19235554, 22902007, 7767164,
+                29425325, 22276870, 31960941, 11934971
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                566116659100033, 820247422481740, 994464017954148,
+                327157611686365, 92591318111744
+#else
+                39713153, 8435795, 4109644, 12222639, 42480996, 14818668,
+                20638173, 4875028, 10491392, 1379718
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                617256647603209, 1652107761099439, 1857213046645471,
+                1085597175214970, 817432759830522
+#else
+                53949449, 9197840, 3875503, 24618324, 65725151, 27674630,
+                33518458, 16176658, 21432314, 12180697
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                771808161440705, 1323510426395069, 680497615846440,
+                851580615547985, 1320806384849017
+#else
+                55321537, 11500837, 13787581, 19721842, 44678184, 10140204,
+                1465425, 12689540, 56807545, 19681548
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1219260086131915, 647169006596815, 79601124759706,
+                2161724213426748, 404861897060198
+#else
+                5414091, 18168391, 46101199, 9643569, 12834970, 1186149,
+                64485948, 32212200, 26128230, 6032912
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1327968293887866, 1335500852943256, 1401587164534264,
+                558137311952440, 1551360549268902
+#else
+                40771450, 19788269, 32496024, 19900513, 17847800, 20885276,
+                3604024, 8316894, 41233830, 23117073
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                417621685193956, 1429953819744454, 396157358457099,
+                1940470778873255, 214000046234152
+#else
+                3296484, 6223048, 24680646, 21307972, 44056843, 5903204,
+                58246567, 28915267, 12376616, 3188849
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1268047918491973, 2172375426948536, 1533916099229249,
+                1761293575457130, 1590622667026765
+#else
+                29190469, 18895386, 27549112, 32370916, 3520065, 22857131,
+                32049514, 26245319, 50999629, 23702124
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1627072914981959, 2211603081280073, 1912369601616504,
+                1191770436221309, 2187309757525860
+#else
+                52364359, 24245275, 735817, 32955454, 46701176, 28496527,
+                25246077, 17758763, 18640740, 32593455
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1149147819689533, 378692712667677, 828475842424202,
+                2218619146419342, 70688125792186
+#else
+                60180029, 17123636, 10361373, 5642961, 4910474, 12345252,
+                35470478, 33060001, 10530746, 1053335
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1299739417079761, 1438616663452759, 1536729078504412,
+                2053896748919838, 1008421032591246
+#else
+                37842897, 19367626, 53570647, 21437058, 47651804, 22899047,
+                35646494, 30605446, 24018830, 15026644
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2040723824657366, 399555637875075, 632543375452995,
+                872649937008051, 1235394727030233
+#else
+                44516310, 30409154, 64819587, 5953842, 53668675, 9425630,
+                25310643, 13003497, 64794073, 18408815
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2211311599327900, 2139787259888175, 938706616835350,
+                12609661139114, 2081897930719789
+#else
+                39688860, 32951110, 59064879, 31885314, 41016598, 13987818,
+                39811242, 187898, 43942445, 31022696
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1324994503390450, 336982330582631, 1183998925654177,
+                1091654665913274, 48727673971319
+#else
+                45364466, 19743956, 1844839, 5021428, 56674465, 17642958,
+                9716666, 16266922, 62038647, 726098
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1845522914617879, 1222198248335542, 150841072760134,
+                1927029069940982, 1189913404498011
+#else
+                29370903, 27500434, 7334070, 18212173, 9385286, 2247707,
+                53446902, 28714970, 30007387, 17731091
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1079559557592645, 2215338383666441, 1903569501302605,
+                49033973033940, 305703433934152
+#else
+                66172485, 16086690, 23751945, 33011114, 65941325, 28365395,
+                9137108, 730663, 9835848, 4555336
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                94653405416909, 1386121349852999, 1062130477891762,
+                36553947479274, 833669648948846
+#else
+                43732429, 1410445, 44855111, 20654817, 30867634, 15826977,
+                17693930, 544696, 55123566, 12422645
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1432015813136298, 440364795295369, 1395647062821501,
+                1976874522764578, 934452372723352
+#else
+                31117226, 21338698, 53606025, 6561946, 57231997, 20796761,
+                61990178, 29457725, 29120152, 13924425
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1296625309219774, 2068273464883862, 1858621048097805,
+                1492281814208508, 2235868981918946
+#else
+                49707966, 19321222, 19675798, 30819676, 56101901, 27695611,
+                57724924, 22236731, 7240930, 33317044
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1490330266465570, 1858795661361448, 1436241134969763,
+                294573218899647, 1208140011028933
+#else
+                35747106, 22207651, 52101416, 27698213, 44655523, 21401660,
+                1222335, 4389483, 3293637, 18002689
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1282462923712748, 741885683986255, 2027754642827561,
+                518989529541027, 1826610009555945
+#else
+                50424044, 19110186, 11038543, 11054958, 53307689, 30215898,
+                42789283, 7733546, 12796905, 27218610
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1525827120027511, 723686461809551, 1597702369236987,
+                244802101764964, 1502833890372311
+#else
+                58349431, 22736595, 41689999, 10783768, 36493307, 23807620,
+                38855524, 3647835, 3222231, 22393970
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                113622036244513, 1233740067745854, 674109952278496,
+                2114345180342965, 166764512856263
+#else
+                18606113, 1693100, 41660478, 18384159, 4112352, 10045021,
+                23603893, 31506198, 59558087, 2484984
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2041668749310338, 2184405322203901, 1633400637611036,
+                2110682505536899, 2048144390084644
+#else
+                9255298, 30423235, 54952701, 32550175, 13098012, 24339566,
+                16377219, 31451620, 47306788, 30519729
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                503058759232932, 760293024620937, 2027152777219493,
+                666858468148475, 1539184379870952
+#else
+                44379556, 7496159, 61366665, 11329248, 19991973, 30206930,
+                35390715, 9936965, 37011176, 22935634
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1916168475367211, 915626432541343, 883217071712575,
+                363427871374304, 1976029821251593
+#else
+                21878571, 28553135, 4338335, 13643897, 64071999, 13160959,
+                19708896, 5415497, 59748361, 29445138
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                678039535434506, 570587290189340, 1605302676614120,
+                2147762562875701, 1706063797091704
+#else
+                27736842, 10103576, 12500508, 8502413, 63695848, 23920873,
+                10436917, 32004156, 43449720, 25422331
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1439489648586438, 2194580753290951, 832380563557396,
+                561521973970522, 584497280718389
+#else
+                19492550, 21450067, 37426887, 32701801, 63900692, 12403436,
+                30066266, 8367329, 13243957, 8709688
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                187989455492609, 681223515948275, 1933493571072456,
+                1872921007304880, 488162364135671
+#else
+                12015105, 2801261, 28198131, 10151021, 24818120, 28811299,
+                55914672, 27908697, 5150967, 7274186
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1413466089534451, 410844090765630, 1397263346404072,
+                408227143123410, 1594561803147811
+#else
+                2831347, 21062286, 1478974, 6122054, 23825128, 20820846,
+                31097298, 6083058, 31021603, 23760822
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2102170800973153, 719462588665004, 1479649438510153,
+                1097529543970028, 1302363283777685
+#else
+                64578913, 31324785, 445612, 10720828, 53259337, 22048494,
+                43601132, 16354464, 15067285, 19406725
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                942065717847195, 1069313679352961, 2007341951411051,
+                70973416446291, 1419433790163706
+#else
+                7840923, 14037873, 33744001, 15934015, 66380651, 29911725,
+                21403987, 1057586, 47729402, 21151211
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1146565545556377, 1661971299445212, 406681704748893,
+                564452436406089, 1109109865829139
+#else
+                915865, 17085158, 15608284, 24765302, 42751837, 6060029,
+                49737545, 8410996, 59888403, 16527024
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2214421081775077, 1165671861210569, 1890453018796184,
+                3556249878661, 442116172656317
+#else
+                32922597, 32997445, 20336073, 17369864, 10903704, 28169945,
+                16957573, 52992, 23834301, 6588044
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                753830546620811, 1666955059895019, 1530775289309243,
+                1119987029104146, 2164156153857580
+#else
+                32752011, 11232950, 3381995, 24839566, 22652987, 22810329,
+                17159698, 16689107, 46794284, 32248439
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                615171919212796, 1523849404854568, 854560460547503,
+                2067097370290715, 1765325848586042
+#else
+                62419196, 9166775, 41398568, 22707125, 11576751, 12733943,
+                7924251, 30802151, 1976122, 26305405
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1094538949313667, 1796592198908825, 870221004284388,
+                2025558921863561, 1699010892802384
+#else
+                21251203, 16309901, 64125849, 26771309, 30810596, 12967303,
+                156041, 30183180, 12331344, 25317235
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1951351290725195, 1916457206844795, 198025184438026,
+                1909076887557595, 1938542290318919
+#else
+                8651595, 29077400, 51023227, 28557437, 13002506, 2950805,
+                29054427, 28447462, 10008135, 28886531
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1014323197538413, 869150639940606, 1756009942696599,
+                1334952557375672, 1544945379082874
+#else
+                31486061, 15114593, 52847614, 12951353, 14369431, 26166587,
+                16347320, 19892343, 8684154, 23021480
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                764055910920305, 1603590757375439, 146805246592357,
+                1843313433854297, 954279890114939
+#else
+                19443825, 11385320, 24468943, 23895364, 43189605, 2187568,
+                40845657, 27467510, 31316347, 14219878
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                80113526615750, 764536758732259, 1055139345100233,
+                469252651759390, 617897512431515
+#else
+                38514374, 1193784, 32245219, 11392485, 31092169, 15722801,
+                27146014, 6992409, 29126555, 9207390
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                74497112547268, 740094153192149, 1745254631717581,
+                727713886503130, 1283034364416928
+#else
+                32382916, 1110093, 18477781, 11028262, 39697101, 26006320,
+                62128346, 10843781, 59151264, 19118701
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                525892105991110, 1723776830270342, 1476444848991936,
+                573789489857760, 133864092632978
+#else
+                2814918, 7836403, 27519878, 25686276, 46214848, 22000742,
+                45614304, 8550129, 28346258, 1994730
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                542611720192581, 1986812262899321, 1162535242465837,
+                481498966143464, 544600533583622
+#else
+                47530565, 8085544, 53108345, 29605809, 2785837, 17323125,
+                47591912, 7174893, 22628102, 8115180
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                64123227344372, 1239927720647794, 1360722983445904,
+                222610813654661, 62429487187991
+#else
+                36703732, 955510, 55975026, 18476362, 34661776, 20276352,
+                41457285, 3317159, 57165847, 930271
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1793193323953132, 91096687857833, 70945970938921,
+                2158587638946380, 1537042406482111
+#else
+                51805164, 26720662, 28856489, 1357446, 23421993, 1057177,
+                24091212, 32165462, 44343487, 22903716
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1895854577604609, 1394895708949416, 1728548428495944,
+                1140864900240149, 563645333603061
+#else
+                44357633, 28250434, 54201256, 20785565, 51297352, 25757378,
+                52269845, 17000211, 65241845, 8398969
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                141358280486863, 91435889572504, 1087208572552643,
+                1829599652522921, 1193307020643647
+#else
+                35139535, 2106402, 62372504, 1362500, 12813763, 16200670,
+                22981545, 27263159, 18009407, 17781660
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1611230858525381, 950720175540785, 499589887488610,
+                2001656988495019, 88977313255908
+#else
+                49887941, 24009210, 39324209, 14166834, 29815394, 7444469,
+                29551787, 29827013, 19288548, 1325865
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1189080501479658, 2184348804772597, 1040818725742319,
+                2018318290311834, 1712060030915354
+#else
+                15100138, 17718680, 43184885, 32549333, 40658671, 15509407,
+                12376730, 30075286, 33166106, 25511682
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                873966876953756, 1090638350350440, 1708559325189137,
+                672344594801910, 1320437969700239
+#else
+                20909212, 13023121, 57899112, 16251777, 61330449, 25459517,
+                12412150, 10018715, 2213263, 19676059
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1508590048271766, 1131769479776094, 101550868699323,
+                428297785557897, 561791648661744
+#else
+                32529814, 22479743, 30361438, 16864679, 57972923, 1513225,
+                22922121, 6382134, 61341936, 8371347
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                756417570499462, 237882279232602, 2136263418594016,
+                1701968045454886, 703713185137472
+#else
+                9923462, 11271500, 12616794, 3544722, 37110496, 31832805,
+                12891686, 25361300, 40665920, 10486143
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1781187809325462, 1697624151492346, 1381393690939988,
+                175194132284669, 1483054666415238
+#else
+                44511638, 26541766, 8587002, 25296571, 4084308, 20584370,
+                361725, 2610596, 43187334, 22099236
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2175517777364616, 708781536456029, 955668231122942,
+                1967557500069555, 2021208005604118
+#else
+                5408392, 32417741, 62139741, 10561667, 24145918, 14240566,
+                31319731, 29318891, 19985174, 30118346
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1115135966606887, 224217372950782, 915967306279222,
+                593866251291540, 561747094208006
+#else
+                53114407, 16616820, 14549246, 3341099, 32155958, 13648976,
+                49531796, 8849296, 65030, 8370684
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1443163092879439, 391875531646162, 2180847134654632,
+                464538543018753, 1594098196837178
+#else
+                58787919, 21504805, 31204562, 5839400, 46481576, 32497154,
+                47665921, 6922163, 12743482, 23753914
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                850858855888869, 319436476624586, 327807784938441,
+                740785849558761, 17128415486016
+#else
+                64747493, 12678784, 28815050, 4759974, 43215817, 4884716,
+                23783145, 11038569, 18800704, 255233
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2132756334090067, 536247820155645, 48907151276867,
+                608473197600695, 1261689545022784
+#else
+                61839187, 31780545, 13957885, 7990715, 23132995, 728773,
+                13393847, 9066957, 19258688, 18800639
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1525176236978354, 974205476721062, 293436255662638,
+                148269621098039, 137961998433963
+#else
+                64172210, 22726896, 56676774, 14516792, 63468078, 4372540,
+                35173943, 2209389, 65584811, 2055793
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1121075518299410, 2071745529082111, 1265567917414828,
+                1648196578317805, 496232102750820
+#else
+                580882, 16705327, 5468415, 30871414, 36182444, 18858431,
+                59905517, 24560042, 37087844, 7394434
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                122321229299801, 1022922077493685, 2001275453369484,
+                2017441881607947, 993205880778002
+#else
+                23838809, 1822728, 51370421, 15242726, 8318092, 29821328,
+                45436683, 30062226, 62287122, 14799920
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                654925550560074, 1168810995576858, 575655959430926,
+                905758704861388, 496774564663534
+#else
+                13345610, 9759151, 3371034, 17416641, 16353038, 8577942,
+                31129804, 13496856, 58052846, 7402517
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1954109525779738, 2117022646152485, 338102630417180,
+                1194140505732026, 107881734943492
+#else
+                2286874, 29118501, 47066405, 31546095, 53412636, 5038121,
+                11006906, 17794080, 8205060, 1607563
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1714785840001267, 2036500018681589, 1876380234251966,
+                2056717182974196, 1645855254384642
+#else
+                14414067, 25552300, 3331829, 30346215, 22249150, 27960244,
+                18364660, 30647474, 30019586, 24525154
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                106431476499341, 62482972120563, 1513446655109411,
+                807258751769522, 538491469114
+#else
+                39420813, 1585952, 56333811, 931068, 37988643, 22552112,
+                52698034, 12029092, 9944378, 8024
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2002850762893643, 1243624520538135, 1486040410574605,
+                2184752338181213, 378495998083531
+#else
+                4368715, 29844802, 29874199, 18531449, 46878477, 22143727,
+                50994269, 32555346, 58966475, 5640029
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                922510868424903, 1089502620807680, 402544072617374,
+                1131446598479839, 1290278588136533
+#else
+                10299591, 13746483, 11661824, 16234854, 7630238, 5998374,
+                9809887, 16859868, 15219797, 19226649
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1867998812076769, 715425053580701, 39968586461416,
+                2173068014586163, 653822651801304
+#else
+                27425505, 27835351, 3055005, 10660664, 23458024, 595578,
+                51710259, 32381236, 48766680, 9742716
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                162892278589453, 182585796682149, 75093073137630,
+                497037941226502, 133871727117371
+#else
+                6744077, 2427284, 26042789, 2720740, 66260958, 1118973,
+                32324614, 7406442, 12420155, 1994844
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1914596576579670, 1608999621851578, 1987629837704609,
+                1519655314857977, 1819193753409464
+#else
+                14012502, 28529712, 48724410, 23975962, 40623521, 29617992,
+                54075385, 22644628, 24319928, 27108099
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1949315551096831, 1069003344994464, 1939165033499916,
+                1548227205730856, 1933767655861407
+#else
+                16412671, 29047065, 10772640, 15929391, 50040076, 28895810,
+                10555944, 23070383, 37006495, 28815383
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1730519386931635, 1393284965610134, 1597143735726030,
+                416032382447158, 1429665248828629
+#else
+                22397363, 25786748, 57815702, 20761563, 17166286, 23799296,
+                39775798, 6199365, 21880021, 21303672
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                360275475604565, 547835731063078, 215360904187529,
+                596646739879007, 332709650425085
+#else
+                62825557, 5368522, 35991846, 8163388, 36785801, 3209127,
+                16557151, 8890729, 8840445, 4957760
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                47602113726801, 1522314509708010, 437706261372925,
+                814035330438027, 335930650933545
+#else
+                51661137, 709326, 60189418, 22684253, 37330941, 6522331,
+                45388683, 12130071, 52312361, 5005756
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1291597595523886, 1058020588994081, 402837842324045,
+                1363323695882781, 2105763393033193
+#else
+                64994094, 19246303, 23019041, 15765735, 41839181, 6002751,
+                10183197, 20315106, 50713577, 31378319
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                109521982566564, 1715257748585139, 1112231216891516,
+                2046641005101484, 134249157157013
+#else
+                48083108, 1632004, 13466291, 25559332, 43468412, 16573536,
+                35094956, 30497327, 22208661, 2000468
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2156991030936798, 2227544497153325, 1869050094431622,
+                754875860479115, 1754242344267058
+#else
+                3065054, 32141671, 41510189, 33192999, 49425798, 27851016,
+                58944651, 11248526, 63417650, 26140247
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1846089562873800, 98894784984326, 1412430299204844,
+                171351226625762, 1100604760929008
+#else
+                10379208, 27508878, 8877318, 1473647, 37817580, 21046851,
+                16690914, 2553332, 63976176, 16400288
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                84172382130492, 499710970700046, 425749630620778,
+                1762872794206857, 612842602127960
+#else
+                15716668, 1254266, 48636174, 7446273, 58659946, 6344163,
+                45011593, 26268851, 26894936, 9132066
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                868309334532756, 1703010512741873, 1952690008738057,
+                4325269926064, 2071083554962116
+#else
+                24158868, 12938817, 11085297, 25376834, 39045385, 29097348,
+                36532400, 64451, 60291780, 30861549
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                523094549451158, 401938899487815, 1407690589076010,
+                2022387426254453, 158660516411257
+#else
+                13488534, 7794716, 22236231, 5989356, 25426474, 20976224,
+                2350709, 30135921, 62420857, 2364225
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                612867287630009, 448212612103814, 571629077419196,
+                1466796750919376, 1728478129663858
+#else
+                16335033, 9132434, 25640582, 6678888, 1725628, 8517937,
+                55301840, 21856974, 15445874, 25756331
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1723848973783452, 2208822520534681, 1718748322776940,
+                1974268454121942, 1194212502258141
+#else
+                29004188, 25687351, 28661401, 32914020, 54314860, 25611345,
+                31863254, 29418892, 66830813, 17795152
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1254114807944608, 977770684047110, 2010756238954993,
+                1783628927194099, 1525962994408256
+#else
+                60986784, 18687766, 38493958, 14569918, 56250865, 29962602,
+                10343411, 26578142, 37280576, 22738620
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                232464058235826, 1948628555342434, 1835348780427694,
+                1031609499437291, 64472106918373
+#else
+                27081650, 3463984, 14099042, 29036828, 1616302, 27348828,
+                29542635, 15372179, 17293797, 960709
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                767338676040683, 754089548318405, 1523192045639075,
+                435746025122062, 512692508440385
+#else
+                20263915, 11434237, 61343429, 11236809, 13505955, 22697330,
+                50997518, 6493121, 47724353, 7639713
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1255955808701983, 1700487367990941, 1166401238800299,
+                1175121994891534, 1190934801395380
+#else
+                64278047, 18715199, 25403037, 25339236, 58791851, 17380732,
+                18006286, 17510682, 29994676, 17746311
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                349144008168292, 1337012557669162, 1475912332999108,
+                1321618454900458, 47611291904320
+#else
+                9769828, 5202651, 42951466, 19923039, 39057860, 21992807,
+                42495722, 19693649, 35924288, 709463
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                877519947135419, 2172838026132651, 272304391224129,
+                1655143327559984, 886229406429814
+#else
+                12286395, 13076066, 45333675, 32377809, 42105665, 4057651,
+                35090736, 24663557, 16102006, 13205847
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                375806028254706, 214463229793940, 572906353144089,
+                572168269875638, 697556386112979
+#else
+                13733362, 5599946, 10557076, 3195751, 61550873, 8536969,
+                41568694, 8525971, 10151379, 10394400
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1168827102357844, 823864273033637, 2071538752104697,
+                788062026895924, 599578340743362
+#else
+                4024660, 17416881, 22436261, 12276534, 58009849, 30868332,
+                19698228, 11743039, 33806530, 8934413
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1948116082078088, 2054898304487796, 2204939184983900,
+                210526805152138, 786593586607626
+#else
+                51229064, 29029191, 58528116, 30620370, 14634844, 32856154,
+                57659786, 3137093, 55571978, 11721157
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1915320147894736, 156481169009469, 655050471180417,
+                592917090415421, 2165897438660879
+#else
+                17555920, 28540494, 8268605, 2331751, 44370049, 9761012,
+                9319229, 8835153, 57903375, 32274386
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1726336468579724, 1119932070398949, 1929199510967666,
+                33918788322959, 1836837863503150
+#else
+                66647436, 25724417, 20614117, 16688288, 59594098, 28747312,
+                22300303, 505429, 6108462, 27371017
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                829996854845988, 217061778005138, 1686565909803640,
+                1346948817219846, 1723823550730181
+#else
+                62038564, 12367916, 36445330, 3234472, 32617080, 25131790,
+                29880582, 20071101, 40210373, 25686972
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                384301494966394, 687038900403062, 2211195391021739,
+                254684538421383, 1245698430589680
+#else
+                35133562, 5726538, 26934134, 10237677, 63935147, 32949378,
+                24199303, 3795095, 7592688, 18562353
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1247567493562688, 1978182094455847, 183871474792955,
+                806570235643435, 288461518067916
+#else
+                21594432, 18590204, 17466407, 29477210, 32537083, 2739898,
+                6407723, 12018833, 38852812, 4298411
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1449077384734201, 38285445457996, 2136537659177832,
+                2146493000841573, 725161151123125
+#else
+                46458361, 21592935, 39872588, 570497, 3767144, 31836892,
+                13891941, 31985238, 13717173, 10805743
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1201928866368855, 800415690605445, 1703146756828343,
+                997278587541744, 1858284414104014
+#else
+                52432215, 17910135, 15287173, 11927123, 24177847, 25378864,
+                66312432, 14860608, 40169934, 27690595
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                356468809648877, 782373916933152, 1718002439402870,
+                1392222252219254, 663171266061951
+#else
+                12962541, 5311799, 57048096, 11658279, 18855286, 25600231,
+                13286262, 20745728, 62727807, 9882021
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                759628738230460, 1012693474275852, 353780233086498,
+                246080061387552, 2030378857679162
+#else
+                18512060, 11319350, 46985740, 15090308, 18818594, 5271736,
+                44380960, 3666878, 43141434, 30255002
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2040672435071076, 888593182036908, 1298443657189359,
+                1804780278521327, 354070726137060
+#else
+                60319844, 30408388, 16192428, 13241070, 15898607, 19348318,
+                57023983, 26893321, 64705764, 5276064
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1894938527423184, 1463213041477277, 474410505497651,
+                247294963033299, 877975941029128
+#else
+                30169808, 28236784, 26306205, 21803573, 27814963, 7069267,
+                7152851, 3684982, 1449224, 13082861
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                207937160991127, 12966911039119, 820997788283092,
+                1010440472205286, 1701372890140810
+#else
+                10342807, 3098505, 2119311, 193222, 25702612, 12233820,
+                23697382, 15056736, 46092426, 25352431
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                218882774543183, 533427444716285, 1233243976733245,
+                435054256891319, 1509568989549904
+#else
+                33958735, 3261607, 22745853, 7948688, 19370557, 18376767,
+                40936887, 6482813, 56808784, 22494330
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1888838535711826, 1052177758340622, 1213553803324135,
+                169182009127332, 463374268115872
+#else
+                32869458, 28145887, 25609742, 15678670, 56421095, 18083360,
+                26112420, 2521008, 44444576, 6904814
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                299137589460312, 1594371588983567, 868058494039073,
+                257771590636681, 1805012993142921
+#else
+                29506904, 4457497, 3377935, 23757988, 36598817, 12935079,
+                1561737, 3841096, 38105225, 26896789
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1806842755664364, 2098896946025095, 1356630998422878,
+                1458279806348064, 347755825962072
+#else
+                10340844, 26924055, 48452231, 31276001, 12621150, 20215377,
+                30878496, 21730062, 41524312, 5181965
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1402334161391744, 1560083671046299, 1008585416617747,
+                1147797150908892, 1420416683642459
+#else
+                25940096, 20896407, 17324187, 23247058, 58437395, 15029093,
+                24396252, 17103510, 64786011, 21165857
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                665506704253369, 273770475169863, 799236974202630,
+                848328990077558, 1811448782807931
+#else
+                45343161, 9916822, 65808455, 4079497, 66080518, 11909558,
+                1782390, 12641087, 20603771, 26992690
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1468412523962641, 771866649897997, 1931766110147832,
+                799561180078482, 524837559150077
+#else
+                48226577, 21881051, 24849421, 11501709, 13161720, 28785558,
+                1925522, 11914390, 4662781, 7820689
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2223212657821850, 630416247363666, 2144451165500328,
+                816911130947791, 1024351058410032
+#else
+                12241050, 33128450, 8132690, 9393934, 32846760, 31954812,
+                29749455, 12172924, 16136752, 15264020
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1266603897524861, 156378408858100, 1275649024228779,
+                447738405888420, 253186462063095
+#else
+                56758909, 18873868, 58896884, 2330219, 49446315, 19008651,
+                10658212, 6671822, 19012087, 3772772
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2022215964509735, 136144366993649, 1800716593296582,
+                1193970603800203, 871675847064218
+#else
+                3753511, 30133366, 10617073, 2028709, 14841030, 26832768,
+                28718731, 17791548, 20527770, 12988982
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1862751661970328, 851596246739884, 1519315554814041,
+                1542798466547449, 1417975335901520
+#else
+                52286360, 27757162, 63400876, 12689772, 66209881, 22639565,
+                42925817, 22989488, 3299664, 21129479
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1228168094547481, 334133883362894, 587567568420081,
+                433612590281181, 603390400373205
+#else
+                50331161, 18301130, 57466446, 4978982, 3308785, 8755439,
+                6943197, 6461331, 41525717, 8991217
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                121893973206505, 1843345804916664, 1703118377384911,
+                497810164760654, 101150811654673
+#else
+                49882601, 1816361, 65435576, 27467992, 31783887, 25378441,
+                34160718, 7417949, 36866577, 1507264
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                458346255946468, 290909935619344, 1452768413850679,
+                550922875254215, 1537286854336538
+#else
+                29692644, 6829891, 56610064, 4334895, 20945975, 21647936,
+                38221255, 8209390, 14606362, 22907359
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                584322311184395, 380661238802118, 114839394528060,
+                655082270500073, 2111856026034852
+#else
+                63627275, 8707080, 32188102, 5672294, 22096700, 1711240,
+                34088169, 9761486, 4170404, 31469107
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                996965581008991, 2148998626477022, 1012273164934654,
+                1073876063914522, 1688031788934939
+#else
+                55521375, 14855944, 62981086, 32022574, 40459774, 15084045,
+                22186522, 16002000, 52832027, 25153633
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                923487018849600, 2085106799623355, 528082801620136,
+                1606206360876188, 735907091712524
+#else
+                62297408, 13761028, 35404987, 31070512, 63796392, 7869046,
+                59995292, 23934339, 13240844, 10965870
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1697697887804317, 1335343703828273, 831288615207040,
+                949416685250051, 288760277392022
+#else
+                59366301, 25297669, 52340529, 19898171, 43876480, 12387165,
+                4498947, 14147411, 29514390, 4302863
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1419122478109648, 1325574567803701, 602393874111094,
+                2107893372601700, 1314159682671307
+#else
+                53695440, 21146572, 20757301, 19752600, 14785142, 8976368,
+                62047588, 31410058, 17846987, 19582505
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2201150872731804, 2180241023425241, 97663456423163,
+                1633405770247824, 848945042443986
+#else
+                64864412, 32799703, 62511833, 32488122, 60861691, 1455298,
+                45461136, 24339642, 61886162, 12650266
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1173339555550611, 818605084277583, 47521504364289,
+                924108720564965, 735423405754506
+#else
+                57202067, 17484121, 21134159, 12198166, 40044289, 708125,
+                387813, 13770293, 47974538, 10958662
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                830104860549448, 1886653193241086, 1600929509383773,
+                1475051275443631, 286679780900937
+#else
+                22470984, 12369526, 23446014, 28113323, 45588061, 23855708,
+                55336367, 21979976, 42025033, 4271861
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1577111294832995, 1030899169768747, 144900916293530,
+                1964672592979567, 568390100955250
+#else
+                41939299, 23500789, 47199531, 15361594, 61124506, 2159191,
+                75375, 29275903, 34582642, 8469672
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                278388655910247, 487143369099838, 927762205508727,
+                181017540174210, 1616886700741287
+#else
+                15854951, 4148314, 58214974, 7259001, 11666551, 13824734,
+                36577666, 2697371, 24154791, 24093489
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1191033906638969, 940823957346562, 1606870843663445,
+                861684761499847, 658674867251089
+#else
+                15446137, 17747788, 29759746, 14019369, 30811221, 23944241,
+                35526855, 12840103, 24913809, 9815020
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1875032594195546, 1427106132796197, 724736390962158,
+                901860512044740, 635268497268760
+#else
+                62399578, 27940162, 35267365, 21265538, 52665326, 10799413,
+                58005188, 13438768, 18735128, 9466238
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                622869792298357, 1903919278950367, 1922588621661629,
+                1520574711600434, 1087100760174640
+#else
+                11933045, 9281483, 5081055, 28370608, 64480701, 28648802,
+                59381042, 22658328, 44380208, 16199063
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                25465949416618, 1693639527318811, 1526153382657203,
+                125943137857169, 145276964043999
+#else
+                14576810, 379472, 40322331, 25237195, 37682355, 22741457,
+                67006097, 1876698, 30801119, 2164795
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                214739857969358, 920212862967915, 1939901550972269,
+                1211862791775221, 85097515720120
+#else
+                15995086, 3199873, 13672555, 13712240, 47730029, 28906785,
+                54027253, 18058162, 53616056, 1268051
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2006245852772938, 734762734836159, 254642929763427,
+                1406213292755966, 239303749517686
+#else
+                56818250, 29895392, 63822271, 10948817, 23037027, 3794475,
+                63638526, 20954210, 50053494, 3565903
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1619678837192149, 1919424032779215, 1357391272956794,
+                1525634040073113, 1310226789796241
+#else
+                29210069, 24135095, 61189071, 28601646, 10834810, 20226706,
+                50596761, 22733718, 39946641, 19523900
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1040763709762123, 1704449869235352, 605263070456329,
+                1998838089036355, 1312142911487502
+#else
+                53946955, 15508587, 16663704, 25398282, 38758921, 9019122,
+                37925443, 29785008, 2244110, 19552453
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1996723311435669, 1844342766567060, 985455700466044,
+                1165924681400960, 311508689870129
+#else
+                61955989, 29753495, 57802388, 27482848, 16243068, 14684434,
+                41435776, 17373631, 13491505, 4641841
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                43173156290518, 2202883069785309, 1137787467085917,
+                1733636061944606, 1394992037553852
+#else
+                10813398, 643330, 47920349, 32825515, 30292061, 16954354,
+                27548446, 25833190, 14476988, 20787001
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                670078326344559, 555655025059356, 471959386282438,
+                2141455487356409, 849015953823125
+#else
+                10292079, 9984945, 6481436, 8279905, 59857350, 7032742,
+                27282937, 31910173, 39196053, 12651323
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2197214573372804, 794254097241315, 1030190060513737,
+                267632515541902, 2040478049202624
+#else
+                35923332, 32741048, 22271203, 11835308, 10201545, 15351028,
+                17099662, 3988035, 21721536, 30405492
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1812516004670529, 1609256702920783, 1706897079364493,
+                258549904773295, 996051247540686
+#else
+                10202177, 27008593, 35735631, 23979793, 34958221, 25434748,
+                54202543, 3852693, 13216206, 14842320
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1540374301420584, 1764656898914615, 1810104162020396,
+                923808779163088, 664390074196579
+#else
+                51293224, 22953365, 60569911, 26295436, 60124204, 26972653,
+                35608016, 13765823, 39674467, 9900183
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1323460699404750, 1262690757880991, 871777133477900,
+                1060078894988977, 1712236889662886
+#else
+                14465486, 19721101, 34974879, 18815558, 39665676, 12990491,
+                33046193, 15796406, 60056998, 25514317
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1696163952057966, 1391710137550823, 608793846867416,
+                1034391509472039, 1780770894075012
+#else
+                30924398, 25274812, 6359015, 20738097, 16508376, 9071735,
+                41620263, 15413634, 9524356, 26535554
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1367603834210841, 2131988646583224, 890353773628144,
+                1908908219165595, 270836895252891
+#else
+                12274201, 20378885, 32627640, 31769106, 6736624, 13267305,
+                5237659, 28444949, 15663515, 4035784
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                597536315471731, 40375058742586, 1942256403956049,
+                1185484645495932, 312666282024145
+#else
+                64157555, 8903984, 17349946, 601635, 50676049, 28941875,
+                53376124, 17665097, 44850385, 4659090
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1919411405316294, 1234508526402192, 1066863051997083,
+                1008444703737597, 1348810787701552
+#else
+                50192582, 28601458, 36715152, 18395610, 20774811, 15897498,
+                5736189, 15026997, 64930608, 20098846
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2102881477513865, 1570274565945361, 1573617900503708,
+                18662635732583, 2232324307922098
+#else
+                58249865, 31335375, 28571665, 23398914, 66634396, 23448733,
+                63307367, 278094, 23440562, 33264224
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1853931367696942, 8107973870707, 350214504129299,
+                775206934582587, 1752317649166792
+#else
+                10226222, 27625730, 15139955, 120818, 52241171, 5218602,
+                32937275, 11551483, 50536904, 26111567
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1417148368003523, 721357181628282, 505725498207811,
+                373232277872983, 261634707184480
+#else
+                17932739, 21117156, 43069306, 10749059, 11316803, 7535897,
+                22503767, 5561594, 63462240, 3898660
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2186733281493267, 2250694917008620, 1014829812957440,
+                479998161452389, 83566193876474
+#else
+                7749907, 32584865, 50769132, 33537967, 42090752, 15122142,
+                65535333, 7152529, 21831162, 1245233
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1268116367301224, 560157088142809, 802626839600444,
+                2210189936605713, 1129993785579988
+#else
+                26958440, 18896406, 4314585, 8346991, 61431100, 11960071,
+                34519569, 32934396, 36706772, 16838219
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                615183387352312, 917611676109240, 878893615973325,
+                978940963313282, 938686890583575
+#else
+                54942968, 9166946, 33491384, 13673479, 29787085, 13096535,
+                6280834, 14587357, 44770839, 13987524
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                522024729211672, 1045059315315808, 1892245413707790,
+                1907891107684253, 2059998109500714
+#else
+                42758936, 7778774, 21116000, 15572597, 62275598, 28196653,
+                62807965, 28429792, 59639082, 30696363
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1799679152208884, 912132775900387, 25967768040979,
+                432130448590461, 274568990261996
+#else
+                9681908, 26817309, 35157219, 13591837, 60225043, 386949,
+                31622781, 6439245, 52527852, 4091396
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                98698809797682, 2144627600856209, 1907959298569602,
+                811491302610148, 1262481774981493
+#else
+                58682418, 1470726, 38999185, 31957441, 3978626, 28430809,
+                47486180, 12092162, 29077877, 18812444
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1791451399743152, 1713538728337276, 118349997257490,
+                1882306388849954, 158235232210248
+#else
+                5269168, 26694706, 53878652, 25533716, 25932562, 1763552,
+                61502754, 28048550, 47091016, 2357888
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1217809823321928, 2173947284933160, 1986927836272325,
+                1388114931125539, 12686131160169
+#else
+                32264008, 18146780, 61721128, 32394338, 65017541, 29607531,
+                23104803, 20684524, 5727337, 189038
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1650875518872272, 1136263858253897, 1732115601395988,
+                734312880662190, 1252904681142109
+#else
+                14609104, 24599962, 61108297, 16931650, 52531476, 25810533,
+                40363694, 10942114, 41219933, 18669734
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                372986456113865, 525430915458171, 2116279931702135,
+                501422713587815, 1907002872974925
+#else
+                20513481, 5557931, 51504251, 7829530, 26413943, 31535028,
+                45729895, 7471780, 13913677, 28416557
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                803147181835288, 868941437997146, 316299302989663,
+                943495589630550, 571224287904572
+#else
+                41534488, 11967825, 29233242, 12948236, 60354399, 4713226,
+                58167894, 14059179, 12878652, 8511905
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                227742695588364, 1776969298667369, 628602552821802,
+                457210915378118, 2041906378111140
+#else
+                41452044, 3393630, 64153449, 26478905, 64858154, 9366907,
+                36885446, 6812973, 5568676, 30426776
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                815000523470260, 913085688728307, 1052060118271173,
+                1345536665214223, 541623413135555
+#else
+                11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
+                49700111, 20050058, 52713667, 8070817
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1580216071604333, 1877997504342444, 857147161260913,
+                703522726778478, 2182763974211603
+#else
+                27117677, 23547054, 35826092, 27984343, 1127281, 12772488,
+                37262958, 10483305, 55556115, 32525717
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1870080310923419, 71988220958492, 1783225432016732,
+                615915287105016, 1035570475990230
+#else
+                10637467, 27866368, 5674780, 1072708, 40765276, 26572129,
+                65424888, 9177852, 39615702, 15431202
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                730987750830150, 857613889540280, 1083813157271766,
+                1002817255970169, 1719228484436074
+#else
+                20525126, 10892566, 54366392, 12779442, 37615830, 16150074,
+                38868345, 14943141, 52052074, 25618500
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                377616581647602, 1581980403078513, 804044118130621,
+                2034382823044191, 643844048472185
+#else
+                37084402, 5626925, 66557297, 23573344, 753597, 11981191,
+                25244767, 30314666, 63752313, 9594023
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                176957326463017, 1573744060478586, 528642225008045,
+                1816109618372371, 1515140189765006
+#else
+                43356201, 2636869, 61944954, 23450613, 585133, 7877383,
+                11345683, 27062142, 13352334, 22577348
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1888911448245718, 1387110895611080, 1924503794066429,
+                1731539523700949, 2230378382645454
+#else
+                65177046, 28146973, 3304648, 20669563, 17015805, 28677341,
+                37325013, 25801949, 53893326, 33235227
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                443392177002051, 233793396845137, 2199506622312416,
+                1011858706515937, 974676837063129
+#else
+                20239939, 6607058, 6203985, 3483793, 48721888, 32775202,
+                46385121, 15077869, 44358105, 14523816
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1846351103143623, 1949984838808427, 671247021915253,
+                1946756846184401, 1929296930380217
+#else
+                27406023, 27512775, 27423595, 29057038, 4996213, 10002360,
+                38266833, 29008937, 36936121, 28748764
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                849646212452002, 1410198775302919, 73767886183695,
+                1641663456615812, 762256272452411
+#else
+                11374242, 12660715, 17861383, 21013599, 10935567, 1099227,
+                53222788, 24462691, 39381819, 11358503
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                692017667358279, 723305578826727, 1638042139863265,
+                748219305990306, 334589200523901
+#else
+                54378055, 10311866, 1510375, 10778093, 64989409, 24408729,
+                32676002, 11149336, 40985213, 4985767
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                22893968530686, 2235758574399251, 1661465835630252,
+                925707319443452, 1203475116966621
+#else
+                48012542, 341146, 60911379, 33315398, 15756972, 24757770,
+                66125820, 13794113, 47694557, 17933176
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                801299035785166, 1733292596726131, 1664508947088596,
+                467749120991922, 1647498584535623
+#else
+                6490062, 11940286, 25495923, 25828072, 8668372, 24803116,
+                3367602, 6970005, 65417799, 24549641
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                903105258014366, 427141894933047, 561187017169777,
+                1884330244401954, 1914145708422219
+#else
+                1656478, 13457317, 15370807, 6364910, 13605745, 8362338,
+                47934242, 28078708, 50312267, 28522993
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1344191060517578, 1960935031767890, 1518838929955259,
+                1781502350597190, 1564784025565682
+#else
+                44835530, 20030007, 67044178, 29220208, 48503227, 22632463,
+                46537798, 26546453, 67009010, 23317098
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                673723351748086, 1979969272514923, 1175287312495508,
+                1187589090978666, 1881897672213940
+#else
+                17747446, 10039260, 19368299, 29503841, 46478228, 17513145,
+                31992682, 17696456, 37848500, 28042460
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1917185587363432, 1098342571752737, 5935801044414,
+                2000527662351839, 1538640296181569
+#else
+                31932008, 28568291, 47496481, 16366579, 22023614, 88450,
+                11371999, 29810185, 4882241, 22927527
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2495540013192, 678856913479236, 224998292422872,
+                219635787698590, 1972465269000940
+#else
+                29796488, 37186, 19818052, 10115756, 55279832, 3352735,
+                18551198, 3272828, 61917932, 29392022
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                271413961212179, 1353052061471651, 344711291283483,
+                2014925838520662, 2006221033113941
+#else
+                12501267, 4044383, 58495907, 20162046, 34678811, 5136598,
+                47878486, 30024734, 330069, 29895023
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                194583029968109, 514316781467765, 829677956235672,
+                1676415686873082, 810104584395840
+#else
+                6384877, 2899513, 17807477, 7663917, 64749976, 12363164,
+                25366522, 24980540, 66837568, 12071498
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1980510813313589, 1948645276483975, 152063780665900,
+                129968026417582, 256984195613935
+#else
+                58743349, 29511910, 25133447, 29037077, 60897836, 2265926,
+                34339246, 1936674, 61949167, 3829362
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1860190562533102, 1936576191345085, 461100292705964,
+                1811043097042830, 957486749306835
+#else
+                28425966, 27718999, 66531773, 28857233, 52891308, 6870929,
+                7921550, 26986645, 26333139, 14267664
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                796664815624365, 1543160838872951, 1500897791837765,
+                1667315977988401, 599303877030711
+#else
+                56041645, 11871230, 27385719, 22994888, 62522949, 22365119,
+                10004785, 24844944, 45347639, 8930323
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1151480509533204, 2136010406720455, 738796060240027,
+                319298003765044, 1150614464349587
+#else
+                45911060, 17158396, 25654215, 31829035, 12282011, 11008919,
+                1541940, 4757911, 40617363, 17145491
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1731069268103150, 735642447616087, 1364750481334268,
+                417232839982871, 927108269127661
+#else
+                13537262, 25794942, 46504023, 10961926, 61186044, 20336366,
+                53952279, 6217253, 51165165, 13814989
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1017222050227968, 1987716148359, 2234319589635701,
+                621282683093392, 2132553131763026
+#else
+                49686272, 15157789, 18705543, 29619, 24409717, 33293956,
+                27361680, 9257833, 65152338, 31777517
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1567828528453324, 1017807205202360, 565295260895298,
+                829541698429100, 307243822276582
+#else
+                42063564, 23362465, 15366584, 15166509, 54003778, 8423555,
+                37937324, 12361134, 48422886, 4578289
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                249079270936248, 1501514259790706, 947909724204848,
+                944551802437487, 552658763982480
+#else
+                24579768, 3711570, 1342322, 22374306, 40103728, 14124955,
+                44564335, 14074918, 21964432, 8235257
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2089966982947227, 1854140343916181, 2151980759220007,
+                2139781292261749, 158070445864917
+#else
+                60580251, 31142934, 9442965, 27628844, 12025639, 32067012,
+                64127349, 31885225, 13006805, 2355433
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1338766321464554, 1906702607371284, 1519569445519894,
+                115384726262267, 1393058953390992
+#else
+                50803946, 19949172, 60476436, 28412082, 16974358, 22643349,
+                27202043, 1719366, 1141648, 20758196
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1364621558265400, 1512388234908357, 1926731583198686,
+                2041482526432505, 920401122333774
+#else
+                54244920, 20334445, 58790597, 22536340, 60298718, 28710537,
+                13475065, 30420460, 32674894, 13715045
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1884844597333588, 601480070269079, 620203503079537,
+                1079527400117915, 1202076693132015
+#else
+                11423316, 28086373, 32344215, 8962751, 24989809, 9241752,
+                53843611, 16086211, 38367983, 17912338
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                840922919763324, 727955812569642, 1303406629750194,
+                522898432152867, 294161410441865
+#else
+                65699196, 12530727, 60740138, 10847386, 19531186, 19422272,
+                55399715, 7791793, 39862921, 4383346
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                353760790835310, 1598361541848743, 1122905698202299,
+                1922533590158905, 419107700666580
+#else
+                38137966, 5271446, 65842855, 23817442, 54653627, 16732598,
+                62246457, 28647982, 27193556, 6245191
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                359856369838236, 180914355488683, 861726472646627,
+                218807937262986, 575626773232501
+#else
+                51914908, 5362277, 65324971, 2695833, 4960227, 12840725,
+                23061898, 3260492, 22510453, 8577507
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                755467689082474, 909202735047934, 730078068932500,
+                936309075711518, 2007798262842972
+#else
+                54476394, 11257345, 34415870, 13548176, 66387860, 10879010,
+                31168030, 13952092, 37537372, 29918525
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1609384177904073, 362745185608627, 1335318541768201,
+                800965770436248, 547877979267412
+#else
+                3877321, 23981693, 32416691, 5405324, 56104457, 19897796,
+                3759768, 11935320, 5611860, 8164018
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                984339177776787, 815727786505884, 1645154585713747,
+                1659074964378553, 1686601651984156
+#else
+                50833043, 14667796, 15906460, 12155291, 44997715, 24514713,
+                32003001, 24722143, 5773084, 25132323
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1697863093781930, 599794399429786, 1104556219769607,
+                830560774794755, 12812858601017
+#else
+                43320746, 25300131, 1950874, 8937633, 18686727, 16459170,
+                66203139, 12376319, 31632953, 190926
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1168737550514982, 897832437380552, 463140296333799,
+                302564600022547, 2008360505135501
+#else
+                42515238, 17415546, 58684872, 13378745, 14162407, 6901328,
+                58820115, 4508563, 41767309, 29926903
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1856930662813910, 678090852002597, 1920179140755167,
+                1259527833759868, 55540971895511
+#else
+                8884438, 27670423, 6023973, 10104341, 60227295, 28612898,
+                18722940, 18768427, 65436375, 827624
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1158643631044921, 476554103621892, 178447851439725,
+                1305025542653569, 103433927680625
+#else
+                34388281, 17265135, 34605316, 7101209, 13354605, 2659080,
+                65308289, 19446395, 42230385, 1541285
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2176793111709008, 1576725716350391, 2009350167273523,
+                2012390194631546, 2125297410909580
+#else
+                2901328, 32436745, 3880375, 23495044, 49487923, 29941650,
+                45306746, 29986950, 20456844, 31669399
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                825403285195098, 2144208587560784, 1925552004644643,
+                1915177840006985, 1015952128947864
+#else
+                27019610, 12299467, 53450576, 31951197, 54247203, 28692960,
+                47568713, 28538373, 29439640, 15138866
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1807108316634472, 1534392066433717, 347342975407218,
+                1153820745616376, 7375003497471
+#else
+                21536104, 26928012, 34661045, 22864223, 44700786, 5175813,
+                61688824, 17193268, 7779327, 109896
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                983061001799725, 431211889901241, 2201903782961093,
+                817393911064341, 2214616493042167
+#else
+                30279725, 14648750, 59063993, 6425557, 13639621, 32810923,
+                28698389, 12180118, 23177719, 33000357
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                228567918409756, 865093958780220, 358083886450556,
+                159617889659320, 1360637926292598
+#else
+                26572828, 3405927, 35407164, 12890904, 47843196, 5335865,
+                60615096, 2378491, 4439158, 20275085
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                234147501399755, 2229469128637390, 2175289352258889,
+                1397401514549353, 1885288963089922
+#else
+                44392139, 3489069, 57883598, 33221678, 18875721, 32414337,
+                14819433, 20822905, 49391106, 28092994
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1111762412951562, 252849572507389, 1048714233823341,
+                146111095601446, 1237505378776770
+#else
+                62052362, 16566550, 15953661, 3767752, 56672365, 15627059,
+                66287910, 2177224, 8550082, 18440267
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1113790697840279, 1051167139966244, 1045930658550944,
+                2011366241542643, 1686166824620755
+#else
+                48635543, 16596774, 66727204, 15663610, 22860960, 15585581,
+                39264755, 29971692, 43848403, 25125843
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1054097349305049, 1872495070333352, 182121071220717,
+                1064378906787311, 100273572924182
+#else
+                34628313, 15707274, 58902952, 27902350, 29464557, 2713815,
+                44383727, 15860481, 45206294, 1494192
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1306410853171605, 1627717417672447, 50983221088417,
+                1109249951172250, 870201789081392
+#else
+                47546773, 19467038, 41524991, 24254879, 13127841, 759709,
+                21923482, 16529112, 8742704, 12967017
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                104233794644221, 1548919791188248, 2224541913267306,
+                2054909377116478, 1043803389015153
+#else
+                38643965, 1553204, 32536856, 23080703, 42417258, 33148257,
+                58194238, 30620535, 37205105, 15553882
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                216762189468802, 707284285441622, 190678557969733,
+                973969342604308, 1403009538434867
+#else
+                21877890, 3230008, 9881174, 10539357, 62311749, 2841331,
+                11543572, 14513274, 19375923, 20906471
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1279024291038477, 344776835218310, 273722096017199,
+                1834200436811442, 634517197663804
+#else
+                8832269, 19058947, 13253510, 5137575, 5037871, 4078777,
+                24880818, 27331716, 2862652, 9455043
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                343805853118335, 1302216857414201, 566872543223541,
+                2051138939539004, 321428858384280
+#else
+                29306751, 5123106, 20245049, 19404543, 9592565, 8447059,
+                65031740, 30564351, 15511448, 4789663
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                470067171324852, 1618629234173951, 2000092177515639,
+                7307679772789, 1117521120249968
+#else
+                46429108, 7004546, 8824831, 24119455, 63063159, 29803695,
+                61354101, 108892, 23513200, 16652362
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                278151578291475, 1810282338562947, 1771599529530998,
+                1383659409671631, 685373414471841
+#else
+                33852691, 4144781, 62632835, 26975308, 10770038, 26398890,
+                60458447, 20618131, 48789665, 10212859
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                577009397403102, 1791440261786291, 2177643735971638,
+                174546149911960, 1412505077782326
+#else
+                2756062, 8598110, 7383731, 26694540, 22312758, 32449420,
+                21179800, 2600940, 57120566, 21047965
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                893719721537457, 1201282458018197, 1522349501711173,
+                58011597740583, 1130406465887139
+#else
+                42463153, 13317461, 36659605, 17900503, 21365573, 22684775,
+                11344423, 864440, 64609187, 16844368
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                412607348255453, 1280455764199780, 2233277987330768,
+                14180080401665, 331584698417165
+#else
+                40676061, 6148328, 49924452, 19080277, 18782928, 33278435,
+                44547329, 211299, 2719757, 4940997
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                262483770854550, 990511055108216, 526885552771698,
+                571664396646158, 354086190278723
+#else
+                65784982, 3911312, 60160120, 14759764, 37081714, 7851206,
+                21690126, 8518463, 26699843, 5276295
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1820352417585487, 24495617171480, 1547899057533253,
+                10041836186225, 480457105094042
+#else
+                53958991, 27125364, 9396248, 365013, 24703301, 23065493,
+                1321585, 149635, 51656090, 7159368
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2023310314989233, 637905337525881, 2106474638900687,
+                557820711084072, 1687858215057826
+#else
+                9987761, 30149673, 17507961, 9505530, 9731535, 31388918,
+                22356008, 8312176, 22477218, 25151047
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1144168702609745, 604444390410187, 1544541121756138,
+                1925315550126027, 626401428894002
+#else
+                18155857, 17049442, 19744715, 9006923, 15154154, 23015456,
+                24256459, 28689437, 44560690, 9334108
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1922168257351784, 2018674099908659, 1776454117494445,
+                956539191509034, 36031129147635
+#else
+                2986088, 28642539, 10776627, 30080588, 10620589, 26471229,
+                45695018, 14253544, 44521715, 536905
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                544644538748041, 1039872944430374, 876750409130610,
+                710657711326551, 1216952687484972
+#else
+                4377737, 8115836, 24567078, 15495314, 11625074, 13064599,
+                7390551, 10589625, 10838060, 18134008
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                58242421545916, 2035812695641843, 2118491866122923,
+                1191684463816273, 46921517454099
+#else
+                47766460, 867879, 9277171, 30335973, 52677291, 31567988,
+                19295825, 17757482, 6378259, 699185
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                272268252444639, 1374166457774292, 2230115177009552,
+                1053149803909880, 1354288411641016
+#else
+                7895007, 4057113, 60027092, 20476675, 49222032, 33231305,
+                66392824, 15693154, 62063800, 20180469
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1857910905368338, 1754729879288912, 885945464109877,
+                1516096106802166, 1602902393369811
+#else
+                59371282, 27685029, 52542544, 26147512, 11385653, 13201616,
+                31730678, 22591592, 63190227, 23885106
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1193437069800958, 901107149704790, 999672920611411,
+                477584824802207, 364239578697845
+#else
+                10188286, 17783598, 59772502, 13427542, 22223443, 14896287,
+                30743455, 7116568, 45322357, 5427592
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                886299989548838, 1538292895758047, 1590564179491896,
+                1944527126709657, 837344427345298
+#else
+                696102, 13206899, 27047647, 22922350, 15285304, 23701253,
+                10798489, 28975712, 19236242, 12477404
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                754558365378305, 1712186480903618, 1703656826337531,
+                750310918489786, 518996040250900
+#else
+                55879425, 11243795, 50054594, 25513566, 66320635, 25386464,
+                63211194, 11180503, 43939348, 7733643
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1309847803895382, 1462151862813074, 211370866671570,
+                1544595152703681, 1027691798954090
+#else
+                17800790, 19518253, 40108434, 21787760, 23887826, 3149671,
+                23466177, 23016261, 10322026, 15313801
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                803217563745370, 1884799722343599, 1357706345069218,
+                2244955901722095, 730869460037413
+#else
+                26246234, 11968874, 32263343, 28085704, 6830754, 20231401,
+                51314159, 33452449, 42659621, 10890803
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                689299471295966, 1831210565161071, 1375187341585438,
+                1106284977546171, 1893781834054269
+#else
+                35743198, 10271362, 54448239, 27287163, 16690206, 20491888,
+                52126651, 16484930, 25180797, 28219548
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                696351368613042, 1494385251239250, 738037133616932,
+                636385507851544, 927483222611406
+#else
+                66522290, 10376443, 34522450, 22268075, 19801892, 10997610,
+                2276632, 9482883, 316878, 13820577
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1949114198209333, 1104419699537997, 783495707664463,
+                1747473107602770, 2002634765788641
+#else
+                57226037, 29044064, 64993357, 16457135, 56008783, 11674995,
+                30756178, 26039378, 30696929, 29841583
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1607325776830197, 530883941415333, 1451089452727895,
+                1581691157083423, 496100432831154
+#else
+                32988917, 23951020, 12499365, 7910787, 56491607, 21622917,
+                59766047, 23569034, 34759346, 7392472
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1068900648804224, 2006891997072550, 1134049269345549,
+                1638760646180091, 2055396084625778
+#else
+                58253184, 15927860, 9866406, 29905021, 64711949, 16898650,
+                36699387, 24419436, 25112946, 30627788
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2222475519314561, 1870703901472013, 1884051508440561,
+                1344072275216753, 1318025677799069
+#else
+                64604801, 33117465, 25621773, 27875660, 15085041, 28074555,
+                42223985, 20028237, 5537437, 19640113
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                155711679280656, 681100400509288, 389811735211209,
+                2135723811340709, 408733211204125
+#else
+                55883280, 2320284, 57524584, 10149186, 33664201, 5808647,
+                52232613, 31824764, 31234589, 6090599
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                7813206966729, 194444201427550, 2071405409526507,
+                1065605076176312, 1645486789731291
+#else
+                57475529, 116425, 26083934, 2897444, 60744427, 30866345, 609720,
+                15878753, 60138459, 24519663
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                16625790644959, 1647648827778410, 1579910185572704,
+                436452271048548, 121070048451050
+#else
+                39351007, 247743, 51914090, 24551880, 23288160, 23542496,
+                43239268, 6503645, 20650474, 1804084
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1037263028552531, 568385780377829, 297953104144430,
+                1558584511931211, 2238221839292471
+#else
+                39519059, 15456423, 8972517, 8469608, 15640622, 4439847,
+                3121995, 23224719, 27842615, 33352104
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                190565267697443, 672855706028058, 338796554369226,
+                337687268493904, 853246848691734
+#else
+                51801891, 2839643, 22530074, 10026331, 4602058, 5048462,
+                28248656, 5031932, 55733782, 12714368
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1763863028400139, 766498079432444, 1321118624818005,
+                69494294452268, 858786744165651
+#else
+                20807691, 26283607, 29286140, 11421711, 39232341, 19686201,
+                45881388, 1035545, 47375635, 12796919
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1292056768563024, 1456632109855638, 1100631247050184,
+                1386133165675321, 1232898350193752
+#else
+                12076880, 19253146, 58323862, 21705509, 42096072, 16400683,
+                49517369, 20654993, 3480664, 18371617
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                366253102478259, 525676242508811, 1449610995265438,
+                1183300845322183, 185960306491545
+#else
+                34747315, 5457596, 28548107, 7833186, 7303070, 21600887,
+                42745799, 17632556, 33734809, 2771024
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                28315355815982, 460422265558930, 1799675876678724,
+                1969256312504498, 1051823843138725
+#else
+                45719598, 421931, 26597266, 6860826, 22486084, 26817260,
+                49971378, 29344205, 42556581, 15673396
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                156914999361983, 1606148405719949, 1665208410108430,
+                317643278692271, 1383783705665320
+#else
+                46924223, 2338215, 19788685, 23933476, 63107598, 24813538,
+                46837679, 4733253, 3727144, 20619984
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                54684536365732, 2210010038536222, 1194984798155308,
+                535239027773705, 1516355079301361
+#else
+                6120100, 814863, 55314462, 32931715, 6812204, 17806661, 2019593,
+                7975683, 31123697, 22595451
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1484387703771650, 198537510937949, 2186282186359116,
+                617687444857508, 647477376402122
+#else
+                30069250, 22119100, 30434653, 2958439, 18399564, 32578143,
+                12296868, 9204260, 50676426, 9648164
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2147715541830533, 500032538445817, 646380016884826,
+                352227855331122, 1488268620408052
+#else
+                32705413, 32003455, 30705657, 7451065, 55303258, 9631812,
+                3305266, 5248604, 41100532, 22176930
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                159386186465542, 1877626593362941, 618737197060512,
+                1026674284330807, 1158121760792685
+#else
+                17219846, 2375039, 35537917, 27978816, 47649184, 9219902,
+                294711, 15298639, 2662509, 17257359
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1744544377739822, 1964054180355661, 1685781755873170,
+                2169740670377448, 1286112621104591
+#else
+                65935918, 25995736, 62742093, 29266687, 45762450, 25120105,
+                32087528, 32331655, 32247247, 19164571
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                81977249784993, 1667943117713086, 1668983819634866,
+                1605016835177615, 1353960708075544
+#else
+                14312609, 1221556, 17395390, 24854289, 62163122, 24869796,
+                38911119, 23916614, 51081240, 20175586
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1602253788689063, 439542044889886, 2220348297664483,
+                657877410752869, 157451572512238
+#else
+                65680039, 23875441, 57873182, 6549686, 59725795, 33085767,
+                23046501, 9803137, 17597934, 2346211
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1029287186166717, 65860128430192, 525298368814832,
+                1491902500801986, 1461064796385400
+#else
+                18510781, 15337574, 26171504, 981392, 44867312, 7827555,
+                43617730, 22231079, 3059832, 21771562
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                408216988729246, 2121095722306989, 913562102267595,
+                1879708920318308, 241061448436731
+#else
+                10141598, 6082907, 17829293, 31606789, 9830091, 13613136,
+                41552228, 28009845, 33606651, 3592095
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1185483484383269, 1356339572588553, 584932367316448,
+                102132779946470, 1792922621116791
+#else
+                33114149, 17665080, 40583177, 20211034, 33076704, 8716171,
+                1151462, 1521897, 66126199, 26716628
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1966196870701923, 2230044620318636, 1425982460745905,
+                261167817826569, 46517743394330
+#else
+                34169699, 29298616, 23947180, 33230254, 34035889, 21248794,
+                50471177, 3891703, 26353178, 693168
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                107077591595359, 884959942172345, 27306869797400,
+                2224911448949390, 964352058245223
+#else
+                30374239, 1595580, 50224825, 13186930, 4600344, 406904, 9585294,
+                33153764, 31375463, 14369965
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1730194207717538, 431790042319772, 1831515233279467,
+                1372080552768581, 1074513929381760
+#else
+                52738210, 25781902, 1510300, 6434173, 48324075, 27291703,
+                32732229, 20445593, 17901440, 16011505
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1450880638731607, 1019861580989005, 1229729455116861,
+                1174945729836143, 826083146840706
+#else
+                18171223, 21619806, 54608461, 15197121, 56070717, 18324396,
+                47936623, 17508055, 8764034, 12309598
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1899935429242705, 1602068751520477, 940583196550370,
+                82431069053859, 1540863155745696
+#else
+                5975889, 28311244, 47649501, 23872684, 55567586, 14015781,
+                43443107, 1228318, 17544096, 22960650
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2136688454840028, 2099509000964294, 1690800495246475,
+                1217643678575476, 828720645084218
+#else
+                5811932, 31839139, 3442886, 31285122, 48741515, 25194890,
+                49064820, 18144304, 61543482, 12348899
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                765548025667841, 462473984016099, 998061409979798,
+                546353034089527, 2212508972466858
+#else
+                35709185, 11407554, 25755363, 6891399, 63851926, 14872273,
+                42259511, 8141294, 56476330, 32968952
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                46575283771160, 892570971573071, 1281983193144090,
+                1491520128287375, 75847005908304
+#else
+                54433560, 694025, 62032719, 13300343, 14015258, 19103038,
+                57410191, 22225381, 30944592, 1130208
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1801436127943107, 1734436817907890, 1268728090345068,
+                167003097070711, 2233597765834956
+#else
+                8247747, 26843490, 40546482, 25845122, 52706924, 18905521,
+                4652151, 2488540, 23550156, 33283200
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1997562060465113, 1048700225534011, 7615603985628,
+                1855310849546841, 2242557647635213
+#else
+                17294297, 29765994, 7026747, 15626851, 22990044, 113481,
+                2267737, 27646286, 66700045, 33416712
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1161017320376250, 492624580169043, 2169815802355237,
+                976496781732542, 1770879511019629
+#else
+                16091066, 17300506, 18599251, 7340678, 2137637, 32332775,
+                63744702, 14550935, 3260525, 26388161
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1357044908364776, 729130645262438, 1762469072918979,
+                1365633616878458, 181282906404941
+#else
+                62198760, 20221544, 18550886, 10864893, 50649539, 26262835,
+                44079994, 20349526, 54360141, 2701325
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1080413443139865, 1155205815510486, 1848782073549786,
+                622566975152580, 124965574467971
+#else
+                58534169, 16099414, 4629974, 17213908, 46322650, 27548999,
+                57090500, 9276970, 11329923, 1862132
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1184526762066993, 247622751762817, 692129017206356,
+                820018689412496, 2188697339828085
+#else
+                14763057, 17650824, 36190593, 3689866, 3511892, 10313526,
+                45157776, 12219230, 58070901, 32614131
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2020536369003019, 202261491735136, 1053169669150884,
+                2056531979272544, 778165514694311
+#else
+                8894987, 30108338, 6150752, 3013931, 301220, 15693451, 35127648,
+                30644714, 51670695, 11595569
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                237404399610207, 1308324858405118, 1229680749538400,
+                720131409105291, 1958958863624906
+#else
+                15214943, 3537601, 40870142, 19495559, 4418656, 18323671,
+                13947275, 10730794, 53619402, 29190761
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                515583508038846, 17656978857189, 1717918437373989,
+                1568052070792483, 46975803123923
+#else
+                64570558, 7682792, 32759013, 263109, 37124133, 25598979,
+                44776739, 23365796, 977107, 699994
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                281527309158085, 36970532401524, 866906920877543,
+                2222282602952734, 1289598729589882
+#else
+                54642373, 4195083, 57897332, 550903, 51543527, 12917919,
+                19118110, 33114591, 36574330, 19216518
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1278207464902042, 494742455008756, 1262082121427081,
+                1577236621659884, 1888786707293291
+#else
+                31788442, 19046775, 4799988, 7372237, 8808585, 18806489,
+                9408236, 23502657, 12493931, 28145115
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                353042527954210, 1830056151907359, 1111731275799225,
+                174960955838824, 404312815582675
+#else
+                41428258, 5260743, 47873055, 27269961, 63412921, 16566086,
+                27218280, 2607121, 29375955, 6024730
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2064251142068628, 1666421603389706, 1419271365315441,
+                468767774902855, 191535130366583
+#else
+                842132, 30759739, 62345482, 24831616, 26332017, 21148791,
+                11831879, 6985184, 57168503, 2854095
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1716987058588002, 1859366439773457, 1767194234188234,
+                64476199777924, 1117233614485261
+#else
+                62261602, 25585100, 2516241, 27706719, 9695690, 26333246,
+                16512644, 960770, 12121869, 16648078
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                984292135520292, 135138246951259, 2220652137473167,
+                1722843421165029, 190482558012909
+#else
+                51890212, 14667095, 53772635, 2013716, 30598287, 33090295,
+                35603941, 25672367, 20237805, 2838411
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                298845952651262, 1166086588952562, 1179896526238434,
+                1347812759398693, 1412945390096208
+#else
+                47820798, 4453151, 15298546, 17376044, 22115042, 17581828,
+                12544293, 20083975, 1068880, 21054527
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1143239552672925, 906436640714209, 2177000572812152,
+                2075299936108548, 325186347798433
+#else
+                57549981, 17035596, 33238497, 13506958, 30505848, 32439836,
+                58621956, 30924378, 12521377, 4845654
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                721024854374772, 684487861263316, 1373438744094159,
+                2193186935276995, 1387043709851261
+#else
+                38910324, 10744107, 64150484, 10199663, 7759311, 20465832,
+                3409347, 32681032, 60626557, 20668561
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                418098668140962, 715065997721283, 1471916138376055,
+                2168570337288357, 937812682637044
+#else
+                43547042, 6230155, 46726851, 10655313, 43068279, 21933259,
+                10477733, 32314216, 63995636, 13974497
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1043584187226485, 2143395746619356, 2209558562919611,
+                482427979307092, 847556718384018
+#else
+                12966261, 15550616, 35069916, 31939085, 21025979, 32924988,
+                5642324, 7188737, 18895762, 12629579
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1248731221520759, 1465200936117687, 540803492710140,
+                52978634680892, 261434490176109
+#else
+                14741879, 18607545, 22177207, 21833195, 1279740, 8058600,
+                11758140, 789443, 32195181, 3895677
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1057329623869501, 620334067429122, 461700859268034,
+                2012481616501857, 297268569108938
+#else
+                10758205, 15755439, 62598914, 9243697, 62229442, 6879878,
+                64904289, 29988312, 58126794, 4429646
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1055352180870759, 1553151421852298, 1510903185371259,
+                1470458349428097, 1226259419062731
+#else
+                64654951, 15725972, 46672522, 23143759, 61304955, 22514211,
+                59972993, 21911536, 18047435, 18272689
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1492988790301668, 790326625573331, 1190107028409745,
+                1389394752159193, 1620408196604194
+#else
+                41935844, 22247266, 29759955, 11776784, 44846481, 17733976,
+                10993113, 20703595, 49488162, 24145963
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                47000654413729, 1004754424173864, 1868044813557703,
+                173236934059409, 588771199737015
+#else
+                21987233, 700364, 42603816, 14972007, 59334599, 27836036,
+                32155025, 2581431, 37149879, 8773374
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                30498470091663, 1082245510489825, 576771653181956,
+                806509986132686, 1317634017056939
+#else
+                41540495, 454462, 53896929, 16126714, 25240068, 8594567,
+                20656846, 12017935, 59234475, 19634276
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                420308055751555, 1493354863316002, 165206721528088,
+                1884845694919786, 2065456951573059
+#else
+                6028163, 6263078, 36097058, 22252721, 66289944, 2461771,
+                35267690, 28086389, 65387075, 30777706
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1115636332012334, 1854340990964155, 83792697369514,
+                1972177451994021, 457455116057587
+#else
+                54829870, 16624276, 987579, 27631834, 32908202, 1248608,
+                7719845, 29387734, 28408819, 6816612
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1698968457310898, 1435137169051090, 1083661677032510,
+                938363267483709, 340103887207182
+#else
+                56750770, 25316602, 19549650, 21385210, 22082622, 16147817,
+                20613181, 13982702, 56769294, 5067942
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1995325341336574, 911500251774648, 164010755403692,
+                855378419194762, 1573601397528842
+#else
+                36602878, 29732664, 12074680, 13582412, 47230892, 2443950,
+                47389578, 12746131, 5331210, 23448488
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                241719380661528, 310028521317150, 1215881323380194,
+                1408214976493624, 2141142156467363
+#else
+                30528792, 3601899, 65151774, 4619784, 39747042, 18118043,
+                24180792, 20984038, 27679907, 31905504
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1315157046163473, 727368447885818, 1363466668108618,
+                1668921439990361, 1398483384337907
+#else
+                9402385, 19597367, 32834042, 10838634, 40528714, 20317236,
+                26653273, 24868867, 22611443, 20839026
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                75029678299646, 1015388206460473, 1849729037055212,
+                1939814616452984, 444404230394954
+#else
+                22190590, 1118029, 22736441, 15130463, 36648172, 27563110,
+                19189624, 28905490, 4854858, 6622139
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2053597130993710, 2024431685856332, 2233550957004860,
+                2012407275509545, 872546993104440
+#else
+                58798126, 30600981, 58846284, 30166382, 56707132, 33282502,
+                13424425, 29987205, 26404408, 13001963
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1217269667678610, 599909351968693, 1390077048548598,
+                1471879360694802, 739586172317596
+#else
+                35867026, 18138731, 64114613, 8939345, 11562230, 20713762,
+                41044498, 21932711, 51703708, 11020692
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1718318639380794, 1560510726633958, 904462881159922,
+                1418028351780052, 94404349451937
+#else
+                1866042, 25604943, 59210214, 23253421, 12483314, 13477547,
+                3175636, 21130269, 28761761, 1406734
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2132502667405250, 214379346175414, 1502748313768060,
+                1960071701057800, 1353971822643138
+#else
+                66660290, 31776765, 13018550, 3194501, 57528444, 22392694,
+                24760584, 29207344, 25577410, 20175752
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                319394212043702, 2127459436033571, 717646691535162,
+                663366796076914, 318459064945314
+#else
+                42818486, 4759344, 66418211, 31701615, 2066746, 10693769,
+                37513074, 9884935, 57739938, 4745409
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                405989424923593, 1960452633787083, 667349034401665,
+                1492674260767112, 1451061489880787
+#else
+                57967561, 6049713, 47577803, 29213020, 35848065, 9944275,
+                51646856, 22242579, 10931923, 21622501
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                947085906234007, 323284730494107, 1485778563977200,
+                728576821512394, 901584347702286
+#else
+                50547351, 14112679, 59096219, 4817317, 59068400, 22139825,
+                44255434, 10856640, 46638094, 13434653
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1575783124125742, 2126210792434375, 1569430791264065,
+                1402582372904727, 1891780248341114
+#else
+                22759470, 23480998, 50342599, 31683009, 13637441, 23386341,
+                1765143, 20900106, 28445306, 28189722
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                838432205560695, 1997703511451664, 1018791879907867,
+                1662001808174331, 78328132957753
+#else
+                29875063, 12493613, 2795536, 29768102, 1710619, 15181182,
+                56913147, 24765756, 9074233, 1167180
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                739152638255629, 2074935399403557, 505483666745895,
+                1611883356514088, 628654635394878
+#else
+                40903181, 11014232, 57266213, 30918946, 40200743, 7532293,
+                48391976, 24018933, 3843902, 9367684
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1822054032121349, 643057948186973, 7306757352712,
+                577249257962099, 284735863382083
+#else
+                56139269, 27150720, 9591133, 9582310, 11349256, 108879,
+                16235123, 8601684, 66969667, 4242894
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1366558556363930, 1448606567552086, 1478881020944768,
+                165803179355898, 1115718458123498
+#else
+                22092954, 20363309, 65066070, 21585919, 32186752, 22037044,
+                60534522, 2470659, 39691498, 16625500
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                204146226972102, 1630511199034723, 2215235214174763,
+                174665910283542, 956127674017216
+#else
+                56051142, 3042015, 13770083, 24296510, 584235, 33009577,
+                59338006, 2602724, 39757248, 14247412
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1562934578796716, 1070893489712745, 11324610642270,
+                958989751581897, 2172552325473805
+#else
+                6314156, 23289540, 34336361, 15957556, 56951134, 168749,
+                58490057, 14290060, 27108877, 32373552
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1770564423056027, 735523631664565, 1326060113795289,
+                1509650369341127, 65892421582684
+#else
+                58522267, 26383465, 13241781, 10960156, 34117849, 19759835,
+                33547975, 22495543, 39960412, 981873
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                623682558650637, 1337866509471512, 990313350206649,
+                1314236615762469, 1164772974270275
+#else
+                22833421, 9293594, 34459416, 19935764, 57971897, 14756818,
+                44180005, 19583651, 56629059, 17356469
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                223256821462517, 723690150104139, 1000261663630601,
+                933280913953265, 254872671543046
+#else
+                59340277, 3326785, 38997067, 10783823, 19178761, 14905060,
+                22680049, 13906969, 51175174, 3797898
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1969087237026041, 624795725447124, 1335555107635969,
+                2069986355593023, 1712100149341902
+#else
+                21721337, 29341686, 54902740, 9310181, 63226625, 19901321,
+                23740223, 30845200, 20491982, 25512280
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1236103475266979, 1837885883267218, 1026072585230455,
+                1025865513954973, 1801964901432134
+#else
+                9209251, 18419377, 53852306, 27386633, 66377847, 15289672,
+                25947805, 15286587, 30997318, 26851369
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1115241013365517, 1712251818829143, 2148864332502771,
+                2096001471438138, 2235017246626125
+#else
+                7392013, 16618386, 23946583, 25514540, 53843699, 32020573,
+                52911418, 31232855, 17649997, 33304352
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1299268198601632, 2047148477845621, 2165648650132450,
+                1612539282026145, 514197911628890
+#else
+                57807776, 19360604, 30609525, 30504889, 41933794, 32270679,
+                51867297, 24028707, 64875610, 7662145
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                118352772338543, 1067608711804704, 1434796676193498,
+                1683240170548391, 230866769907437
+#else
+                49550191, 1763593, 33994528, 15908609, 37067994, 21380136,
+                7335079, 25082233, 63934189, 3440182
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1850689576796636, 1601590730430274, 1139674615958142,
+                1954384401440257, 76039205311
+#else
+                47219164, 27577423, 42997570, 23865561, 10799742, 16982475,
+                40449, 29122597, 4862399, 1133
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1723387471374172, 997301467038410, 533927635123657,
+                20928644693965, 1756575222802513
+#else
+                34252636, 25680474, 61686474, 14860949, 50789833, 7956141,
+                7258061, 311861, 36513873, 26175010
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2146711623855116, 503278928021499, 625853062251406,
+                1109121378393107, 1033853809911861
+#else
+                63335436, 31988495, 28985339, 7499440, 24445838, 9325937,
+                29727763, 16527196, 18278453, 15405622
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                571005965509422, 2005213373292546, 1016697270349626,
+                56607856974274, 914438579435146
+#else
+                62726958, 8508651, 47210498, 29880007, 61124410, 15149969,
+                53795266, 843522, 45233802, 13626196
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1346698876211176, 2076651707527589, 1084761571110205,
+                265334478828406, 1068954492309671
+#else
+                2281448, 20067377, 56193445, 30944521, 1879357, 16164207,
+                56324982, 3953791, 13340839, 15928663
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1769967932677654, 1695893319756416, 1151863389675920,
+                1781042784397689, 400287774418285
+#else
+                31727126, 26374577, 48671360, 25270779, 2875792, 17164102,
+                41838969, 26539605, 43656557, 5964752
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1851867764003121, 403841933237558, 820549523771987,
+                761292590207581, 1743735048551143
+#else
+                4100401, 27594980, 49929526, 6017713, 48403027, 12227140,
+                40424029, 11344143, 2538215, 25983677
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                410915148140008, 2107072311871739, 1004367461876503,
+                99684895396761, 1180818713503224
+#else
+                57675240, 6123112, 11159803, 31397824, 30016279, 14966241,
+                46633881, 1485420, 66479608, 17595569
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                285945406881439, 648174397347453, 1098403762631981,
+                1366547441102991, 1505876883139217
+#else
+                40304287, 4260918, 11851389, 9658551, 35091757, 16367491,
+                46903439, 20363143, 11659921, 22439314
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                672095903120153, 1675918957959872, 636236529315028,
+                1569297300327696, 2164144194785875
+#else
+                26180377, 10015009, 36264640, 24973138, 5418196, 9480663,
+                2231568, 23384352, 33100371, 32248261
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1902708175321798, 1035343530915438, 1178560808893263,
+                301095684058146, 1280977479761118
+#else
+                15121094, 28352561, 56718958, 15427820, 39598927, 17561924,
+                21670946, 4486675, 61177054, 19088051
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1615357281742403, 404257611616381, 2160201349780978,
+                1160947379188955, 1578038619549541
+#else
+                16166467, 24070699, 56004733, 6023907, 35182066, 32189508,
+                2340059, 17299464, 56373093, 23514607
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2013087639791217, 822734930507457, 1785668418619014,
+                1668650702946164, 389450875221715
+#else
+                28042865, 29997343, 54982337, 12259705, 63391366, 26608532,
+                6766452, 24864833, 18036435, 5803270
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                453918449698368, 106406819929001, 2072540975937135,
+                308588860670238, 1304394580755385
+#else
+                66291264, 6763911, 11803561, 1585585, 10958447, 30883267,
+                23855390, 4598332, 60949433, 19436993
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1295082798350326, 2091844511495996, 1851348972587817,
+                3375039684596, 789440738712837
+#else
+                36077558, 19298237, 17332028, 31170912, 31312681, 27587249,
+                696308, 50292, 47013125, 11763583
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2083069137186154, 848523102004566, 993982213589257,
+                1405313299916317, 1532824818698468
+#else
+                66514282, 31040148, 34874710, 12643979, 12650761, 14811489,
+                665117, 20940800, 47335652, 22840869
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1495961298852430, 1397203457344779, 1774950217066942,
+                139302743555696, 66603584342787
+#else
+                30464590, 22291560, 62981387, 20819953, 19835326, 26448819,
+                42712688, 2075772, 50088707, 992470
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1782411379088302, 1096724939964781, 27593390721418,
+                542241850291353, 1540337798439873
+#else
+                18357166, 26559999, 7766381, 16342475, 37783946, 411173,
+                14578841, 8080033, 55534529, 22952821
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                693543956581437, 171507720360750, 1557908942697227,
+                1074697073443438, 1104093109037196
+#else
+                19598397, 10334610, 12555054, 2555664, 18821899, 23214652,
+                21873262, 16014234, 26224780, 16452269
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                345288228393419, 1099643569747172, 134881908403743,
+                1740551994106740, 248212179299770
+#else
+                36884939, 5145195, 5944548, 16385966, 3976735, 2009897,
+                55731060, 25936245, 46575034, 3698649
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                231429562203065, 1526290236421172, 2021375064026423,
+                1520954495658041, 806337791525116
+#else
+                14187449, 3448569, 56472628, 22743496, 44444983, 30120835,
+                7268409, 22663988, 27394300, 12015369
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1079623667189886, 872403650198613, 766894200588288,
+                2163700860774109, 2023464507911816
+#else
+                19695742, 16087646, 28032085, 12999827, 6817792, 11427614,
+                20244189, 32241655, 53849736, 30151970
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                854645372543796, 1936406001954827, 151460662541253,
+                825325739271555, 1554306377287556
+#else
+                30860084, 12735208, 65220619, 28854697, 50133957, 2256939,
+                58942851, 12298311, 58558340, 23160969
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1497138821904622, 1044820250515590, 1742593886423484,
+                1237204112746837, 849047450816987
+#else
+                61389038, 22309106, 65198214, 15569034, 26642876, 25966672,
+                61319509, 18435777, 62132699, 12651792
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                667962773375330, 1897271816877105, 1399712621683474,
+                1143302161683099, 2081798441209593
+#else
+                64260450, 9953420, 11531313, 28271553, 26895122, 20857343,
+                53990043, 17036529, 9768697, 31021214
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                127147851567005, 1936114012888110, 1704424366552046,
+                856674880716312, 716603621335359
+#else
+                42389405, 1894650, 66821166, 28850346, 15348718, 25397902,
+                32767512, 12765450, 4940095, 10678226
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1072409664800960, 2146937497077528, 1508780108920651,
+                935767602384853, 1112800433544068
+#else
+                18860224, 15980149, 48121624, 31991861, 40875851, 22482575,
+                59264981, 13944023, 42736516, 16582018
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                333549023751292, 280219272863308, 2104176666454852,
+                1036466864875785, 536135186520207
+#else
+                51604604, 4970267, 37215820, 4175592, 46115652, 31354675,
+                55404809, 15444559, 56105103, 7989036
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                373666279883137, 146457241530109, 304116267127857,
+                416088749147715, 1258577131183391
+#else
+                31490433, 5568061, 64696061, 2182382, 34772017, 4531685,
+                35030595, 6200205, 47422751, 18754260
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1186115062588401, 2251609796968486, 1098944457878953,
+                1153112761201374, 1791625503417267
+#else
+                49800177, 17674491, 35586086, 33551600, 34221481, 16375548,
+                8680158, 17182719, 28550067, 26697300
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1870078460219737, 2129630962183380, 852283639691142,
+                292865602592851, 401904317342226
+#else
+                38981977, 27866340, 16837844, 31733974, 60258182, 12700015,
+                37068883, 4364037, 1155602, 5988841
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1361070124828035, 815664541425524, 1026798897364671,
+                1951790935390647, 555874891834790
+#else
+                21890435, 20281525, 54484852, 12154348, 59276991, 15300495,
+                23148983, 29083951, 24618406, 8283181
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1546301003424277, 459094500062839, 1097668518375311,
+                1780297770129643, 720763293687608
+#else
+                33972757, 23041680, 9975415, 6841041, 35549071, 16356535,
+                3070187, 26528504, 1466168, 10740210
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1212405311403990, 1536693382542438, 61028431067459,
+                1863929423417129, 1223219538638038
+#else
+                65599446, 18066246, 53605478, 22898515, 32799043, 909394,
+                53169961, 27774712, 34944214, 18227391
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1294303766540260, 1183557465955093, 882271357233093,
+                63854569425375, 2213283684565087
+#else
+                3960804, 19286629, 39082773, 17636380, 47704005, 13146867,
+                15567327, 951507, 63848543, 32980496
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                339050984211414, 601386726509773, 413735232134068,
+                966191255137228, 1839475899458159
+#else
+                24740822, 5052253, 37014733, 8961360, 25877428, 6165135,
+                42740684, 14397371, 59728495, 27410326
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                235605972169408, 2174055643032978, 1538335001838863,
+                1281866796917192, 1815940222628465
+#else
+                38220480, 3510802, 39005586, 32395953, 55870735, 22922977,
+                51667400, 19101303, 65483377, 27059617
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1632352921721536, 1833328609514701, 2092779091951987,
+                1923956201873226, 2210068022482919
+#else
+                793280, 24323954, 8836301, 27318725, 39747955, 31184838,
+                33152842, 28669181, 57202663, 32932579
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                35271216625062, 1712350667021807, 983664255668860,
+                98571260373038, 1232645608559836
+#else
+                5666214, 525582, 20782575, 25516013, 42570364, 14657739,
+                16099374, 1468826, 60937436, 18367850
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1998172393429622, 1798947921427073, 784387737563581,
+                1589352214827263, 1589861734168180
+#else
+                62249590, 29775088, 64191105, 26806412, 7778749, 11688288,
+                36704511, 23683193, 65549940, 23690785
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1733739258725305, 31715717059538, 201969945218860,
+                992093044556990, 1194308773174556
+#else
+                10896313, 25834728, 824274, 472601, 47648556, 3009586, 25248958,
+                14783338, 36527388, 17796587
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                846415389605137, 746163495539180, 829658752826080,
+                592067705956946, 957242537821393
+#else
+                10566929, 12612572, 35164652, 11118702, 54475488, 12362878,
+                21752402, 8822496, 24003793, 14264025
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1758148849754419, 619249044817679, 168089007997045,
+                1371497636330523, 1867101418880350
+#else
+                27713843, 26198459, 56100623, 9227529, 27050101, 2504721,
+                23886875, 20436907, 13958494, 27821979
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                326633984209635, 261759506071016, 1700682323676193,
+                1577907266349064, 1217647663383016
+#else
+                43627235, 4867225, 39861736, 3900520, 29838369, 25342141,
+                35219464, 23512650, 7340520, 18144364
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1714182387328607, 1477856482074168, 574895689942184,
+                2159118410227270, 1555532449716575
+#else
+                4646495, 25543308, 44342840, 22021777, 23184552, 8566613,
+                31366726, 32173371, 52042079, 23179239
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                853828206885131, 998498946036955, 1835887550391235,
+                207627336608048, 258363815956050
+#else
+                49838347, 12723031, 50115803, 14878793, 21619651, 27356856,
+                27584816, 3093888, 58265170, 3849920
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                141141474651677, 1236728744905256, 643101419899887,
+                1646615130509173, 1208239602291765
+#else
+                58043933, 2103171, 25561640, 18428694, 61869039, 9582957,
+                32477045, 24536477, 5002293, 18004173
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1501663228068911, 1354879465566912, 1444432675498247,
+                897812463852601, 855062598754348
+#else
+                55051311, 22376525, 21115584, 20189277, 8808711, 21523724,
+                16489529, 13378448, 41263148, 12741425
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                714380763546606, 1032824444965790, 1774073483745338,
+                1063840874947367, 1738680636537158
+#else
+                61162478, 10645102, 36197278, 15390283, 63821882, 26435754,
+                24306471, 15852464, 28834118, 25908360
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1640635546696252, 633168953192112, 2212651044092396,
+                30590958583852, 368515260889378
+#else
+                49773116, 24447374, 42577584, 9434952, 58636780, 32971069,
+                54018092, 455840, 20461858, 5491305
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1171650314802029, 1567085444565577, 1453660792008405,
+                757914533009261, 1619511342778196
+#else
+                13669229, 17458950, 54626889, 23351392, 52539093, 21661233,
+                42112877, 11293806, 38520660, 24132599
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                420958967093237, 971103481109486, 2169549185607107,
+                1301191633558497, 1661514101014240
+#else
+                28497909, 6272777, 34085870, 14470569, 8906179, 32328802,
+                18504673, 19389266, 29867744, 24758489
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                907123651818302, 1332556122804146, 1824055253424487,
+                1367614217442959, 1982558335973172
+#else
+                50901822, 13517195, 39309234, 19856633, 24009063, 27180541,
+                60741263, 20379039, 22853428, 29542421
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1121533090144639, 1021251337022187, 110469995947421,
+                1511059774758394, 2110035908131662
+#else
+                24191359, 16712145, 53177067, 15217830, 14542237, 1646131,
+                18603514, 22516545, 12876622, 31441985
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                303213233384524, 2061932261128138, 352862124777736,
+                40828818670255, 249879468482660
+#else
+                17902668, 4518229, 66697162, 30725184, 26878216, 5258055,
+                54248111, 608396, 16031844, 3723494
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                856559257852200, 508517664949010, 1378193767894916,
+                1723459126947129, 1962275756614521
+#else
+                38476072, 12763727, 46662418, 7577503, 33001348, 20536687,
+                17558841, 25681542, 23896953, 29240187
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1445691340537320, 40614383122127, 402104303144865,
+                485134269878232, 1659439323587426
+#else
+                47103464, 21542479, 31520463, 605201, 2543521, 5991821,
+                64163800, 7229063, 57189218, 24727572
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                20057458979482, 1183363722525800, 2140003847237215,
+                2053873950687614, 2112017736174909
+#else
+                28816026, 298879, 38943848, 17633493, 19000927, 31888542,
+                54428030, 30605106, 49057085, 31471516
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2228654250927986, 1483591363415267, 1368661293910956,
+                1076511285177291, 526650682059608
+#else
+                16000882, 33209536, 3493091, 22107234, 37604268, 20394642,
+                12577739, 16041268, 47393624, 7847706
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                709481497028540, 531682216165724, 316963769431931,
+                1814315888453765, 258560242424104
+#else
+                10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
+                34252933, 27035413, 57088296, 3852847
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1053447823660455, 1955135194248683, 1010900954918985,
+                1182614026976701, 1240051576966610
+#else
+                55678375, 15697595, 45987307, 29133784, 5386313, 15063598,
+                16514493, 17622322, 29330898, 18478208
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1957943897155497, 1788667368028035, 137692910029106,
+                1039519607062, 826404763313028
+#else
+                41609129, 29175637, 51885955, 26653220, 16615730, 2051784,
+                3303702, 15490, 39560068, 12314390
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1848942433095597, 1582009882530495, 1849292741020143,
+                1068498323302788, 2001402229799484
+#else
+                15683501, 27551389, 18109119, 23573784, 15337967, 27556609,
+                50391428, 15921865, 16103996, 29823217
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1528282417624269, 2142492439828191, 2179662545816034,
+                362568973150328, 1591374675250271
+#else
+                43939021, 22773182, 13588191, 31925625, 63310306, 32479502,
+                47835256, 5402698, 37293151, 23713330
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                160026679434388, 232341189218716, 2149181472355545,
+                598041771119831, 183859001910173
+#else
+                23190676, 2384583, 34394524, 3462153, 37205209, 32025299,
+                55842007, 8911516, 41903005, 2739712
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2013278155187349, 662660471354454, 793981225706267,
+                411706605985744, 804490933124791
+#else
+                21374101, 30000182, 33584214, 9874410, 15377179, 11831242,
+                33578960, 6134906, 4931255, 11987849
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2051892037280204, 488391251096321, 2230187337030708,
+                930221970662692, 679002758255210
+#else
+                67101132, 30575573, 50885377, 7277596, 105524, 33232381,
+                35628324, 13861387, 37032554, 10117929
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1530723630438670, 875873929577927, 341560134269988,
+                449903119530753, 1055551308214179
+#else
+                37607694, 22809559, 40945095, 13051538, 41483300, 5089642,
+                60783361, 6704078, 12890019, 15728940
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1461835919309432, 1955256480136428, 180866187813063,
+                1551979252664528, 557743861963950
+#else
+                45136504, 21783052, 66157804, 29135591, 14704839, 2695116,
+                903376, 23126293, 12885166, 8311031
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                359179641731115, 1324915145732949, 902828372691474,
+                294254275669987, 1887036027752957
+#else
+                49592363, 5352193, 10384213, 19742774, 7506450, 13453191,
+                26423267, 4384730, 1888765, 28119028
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2043271609454323, 2038225437857464, 1317528426475850,
+                1398989128982787, 2027639881006861
+#else
+                41291507, 30447119, 53614264, 30371925, 30896458, 19632703,
+                34857219, 20846562, 47644429, 30214188
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2072902725256516, 312132452743412, 309930885642209,
+                996244312618453, 1590501300352303
+#else
+                43500868, 30888657, 66582772, 4651135, 5765089, 4618330,
+                6092245, 14845197, 17151279, 23700316
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1397254305160710, 695734355138021, 2233992044438756,
+                1776180593969996, 1085588199351115
+#else
+                42278406, 20820711, 51942885, 10367249, 37577956, 33289075,
+                22825804, 26467153, 50242379, 16176524
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                440567051331029, 254894786356681, 493869224930222,
+                1556322069683366, 1567456540319218
+#else
+                43525589, 6564960, 20063689, 3798228, 62368686, 7359224,
+                2006182, 23191006, 38362610, 23356922
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1950722461391320, 1907845598854797, 1822757481635527,
+                2121567704750244, 73811931471221
+#else
+                56482264, 29068029, 53788301, 28429114, 3432135, 27161203,
+                23632036, 31613822, 32808309, 1099883
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                387139307395758, 2058036430315676, 1220915649965325,
+                1794832055328951, 1230009312169328
+#else
+                15030958, 5768825, 39657628, 30667132, 60681485, 18193060,
+                51830967, 26745081, 2051440, 18328567
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1765973779329517, 659344059446977, 19821901606666,
+                1301928341311214, 1116266004075885
+#else
+                63746541, 26315059, 7517889, 9824992, 23555850, 295369, 5148398,
+                19400244, 44422509, 16633659
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1127572801181483, 1224743760571696, 1276219889847274,
+                1529738721702581, 1589819666871853
+#else
+                4577067, 16802144, 13249840, 18250104, 19958762, 19017158,
+                18559669, 22794883, 8402477, 23690159
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2181229378964934, 2190885205260020, 1511536077659137,
+                1246504208580490, 668883326494241
+#else
+                38702534, 32502850, 40318708, 32646733, 49896449, 22523642,
+                9453450, 18574360, 17983009, 9967138
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                437866655573314, 669026411194768, 81896997980338,
+                523874406393178, 245052060935236
+#else
+                41346370, 6524721, 26585488, 9969270, 24709298, 1220360,
+                65430874, 7806336, 17507396, 3651560
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1975438052228868, 1071801519999806, 594652299224319,
+                1877697652668809, 1489635366987285
+#else
+                56688388, 29436320, 14584638, 15971087, 51340543, 8861009,
+                26556809, 27979875, 48555541, 22197296
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                958592545673770, 233048016518599, 851568750216589,
+                567703851596087, 1740300006094761
+#else
+                2839082, 14284142, 4029895, 3472686, 14402957, 12689363,
+                40466743, 8459446, 61503401, 25932490
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2014540178270324, 192672779514432, 213877182641530,
+                2194819933853411, 1716422829364835
+#else
+                62269556, 30018987, 9744960, 2871048, 25113978, 3187018,
+                41998051, 32705365, 17258083, 25576693
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1540769606609725, 2148289943846077, 1597804156127445,
+                1230603716683868, 815423458809453
+#else
+                18164541, 22959256, 49953981, 32012014, 19237077, 23809137,
+                23357532, 18337424, 26908269, 12150756
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1738560251245018, 1779576754536888, 1783765347671392,
+                1880170990446751, 1088225159617541
+#else
+                36843994, 25906566, 5112248, 26517760, 65609056, 26580174,
+                43167, 28016731, 34806789, 16215818
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                659303913929492, 1956447718227573, 1830568515922666,
+                841069049744408, 1669607124206368
+#else
+                60209940, 9824393, 54804085, 29153342, 35711722, 27277596,
+                32574488, 12532905, 59605792, 24879084
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1143465490433355, 1532194726196059, 1093276745494697,
+                481041706116088, 2121405433561163
+#else
+                39765323, 17038963, 39957339, 22831480, 946345, 16291093,
+                254968, 7168080, 21676107, 31611404
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1686424298744462, 1451806974487153, 266296068846582,
+                1834686947542675, 1720762336132256
+#else
+                21260942, 25129680, 50276977, 21633609, 43430902, 3968120,
+                63456915, 27338965, 63552672, 25641356
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                889217026388959, 1043290623284660, 856125087551909,
+                1669272323124636, 1603340330827879
+#else
+                16544735, 13250366, 50304436, 15546241, 62525861, 12757257,
+                64646556, 24874095, 48201831, 23891632
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1206396181488998, 333158148435054, 1402633492821422,
+                1120091191722026, 1945474114550509
+#else
+                64693606, 17976703, 18312302, 4964443, 51836334, 20900867,
+                26820650, 16690659, 25459437, 28989823
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                766720088232571, 1512222781191002, 1189719893490790,
+                2091302129467914, 2141418006894941
+#else
+                41964155, 11425019, 28423002, 22533875, 60963942, 17728207,
+                9142794, 31162830, 60676445, 31909614
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                419663647306612, 1998875112167987, 1426599870253707,
+                1154928355379510, 486538532138187
+#else
+                44004212, 6253475, 16964147, 29785560, 41994891, 21257994,
+                39651638, 17209773, 6335691, 7249989
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                938160078005954, 1421776319053174, 1941643234741774,
+                180002183320818, 1414380336750546
+#else
+                36775618, 13979674, 7503222, 21186118, 55152142, 28932738,
+                36836594, 2682241, 25993170, 21075909
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                398001940109652, 1577721237663248, 1012748649830402,
+                1540516006905144, 1011684812884559
+#else
+                4364628, 5930691, 32304656, 23509878, 59054082, 15091130,
+                22857016, 22955477, 31820367, 15075278
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1653276489969630, 6081825167624, 1921777941170836,
+                1604139841794531, 861211053640641
+#else
+                31879134, 24635739, 17258760, 90626, 59067028, 28636722,
+                24162787, 23903546, 49138625, 12833044
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                996661541407379, 1455877387952927, 744312806857277,
+                139213896196746, 1000282908547789
+#else
+                19073683, 14851414, 42705695, 21694263, 7625277, 11091125,
+                47489674, 2074448, 57694925, 14905376
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1450817495603008, 1476865707053229, 1030490562252053,
+                620966950353376, 1744760161539058
+#else
+                24483648, 21618865, 64589997, 22007013, 65555733, 15355505,
+                41826784, 9253128, 27628530, 25998952
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                559728410002599, 37056661641185, 2038622963352006,
+                1637244893271723, 1026565352238948
+#else
+                17597607, 8340603, 19355617, 552187, 26198470, 30377849,
+                4593323, 24396850, 52997988, 15297015
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                962165956135846, 1116599660248791, 182090178006815,
+                1455605467021751, 196053588803284
+#else
+                510886, 14337390, 35323607, 16638631, 6328095, 2713355,
+                46891447, 21690211, 8683220, 2921426
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                796863823080135, 1897365583584155, 420466939481601,
+                2165972651724672, 932177357788289
+#else
+                18606791, 11874196, 27155355, 28272950, 43077121, 6265445,
+                41930624, 32275507, 4674689, 13890525
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                877047233620632, 1375632631944375, 643773611882121,
+                660022738847877, 19353932331831
+#else
+                13609624, 13069022, 39736503, 20498523, 24360585, 9592974,
+                14977157, 9835105, 4389687, 288396
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2216943882299338, 394841323190322, 2222656898319671,
+                558186553950529, 1077236877025190
+#else
+                9922506, 33035038, 13613106, 5883594, 48350519, 33120168,
+                54804801, 8317627, 23388070, 16052080
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                801118384953213, 1914330175515892, 574541023311511,
+                1471123787903705, 1526158900256288
+#else
+                12719997, 11937594, 35138804, 28525742, 26900119, 8561328,
+                46953177, 21921452, 52354592, 22741539
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                949617889087234, 2207116611267331, 912920039141287,
+                501158539198789, 62362560771472
+#else
+                15961858, 14150409, 26716931, 32888600, 44314535, 13603568,
+                11829573, 7467844, 38286736, 929274
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1474518386765335, 1760793622169197, 1157399790472736,
+                1622864308058898, 165428294422792
+#else
+                11038231, 21972036, 39798381, 26237869, 56610336, 17246600,
+                43629330, 24182562, 45715720, 2465073
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1961673048027128, 102619413083113, 1051982726768458,
+                1603657989805485, 1941613251499678
+#else
+                20017144, 29231206, 27915241, 1529148, 12396362, 15675764,
+                13817261, 23896366, 2463390, 28932292
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1401939116319266, 335306339903072, 72046196085786,
+                862423201496006, 850518754531384
+#else
+                50749986, 20890520, 55043680, 4996453, 65852442, 1073571,
+                9583558, 12851107, 4003896, 12673717
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1234706593321979, 1083343891215917, 898273974314935,
+                1640859118399498, 157578398571149
+#else
+                65377275, 18398561, 63845933, 16143081, 19294135, 13385325,
+                14741514, 24450706, 7903885, 2348101
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1143483057726416, 1992614991758919, 674268662140796,
+                1773370048077526, 674318359920189
+#else
+                24536016, 17039225, 12715591, 29692277, 1511292, 10047386,
+                63266518, 26425272, 38731325, 10048126
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1835401379538542, 173900035308392, 818247630716732,
+                1762100412152786, 1021506399448291
+#else
+                54486638, 27349611, 30718824, 2591312, 56491836, 12192839,
+                18873298, 26257342, 34811107, 15221631
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1506632088156630, 2127481795522179, 513812919490255,
+                140643715928370, 442476620300318
+#else
+                40630742, 22450567, 11546243, 31701949, 9180879, 7656409,
+                45764914, 2095754, 29769758, 6593415
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2056683376856736, 219094741662735, 2193541883188309,
+                1841182310235800, 556477468664293
+#else
+                35114656, 30646970, 4176911, 3264766, 12538965, 32686321,
+                26312344, 27435754, 30958053, 8292160
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1315019427910827, 1049075855992603, 2066573052986543,
+                266904467185534, 2040482348591520
+#else
+                31429803, 19595316, 29173531, 15632448, 12174511, 30794338,
+                32808830, 3977186, 26143136, 30405556
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                94096246544434, 922482381166992, 24517828745563,
+                2139430508542503, 2097139044231004
+#else
+                22648882, 1402143, 44308880, 13746058, 7936347, 365344,
+                58440231, 31879998, 63350620, 31249806
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                537697207950515, 1399352016347350, 1563663552106345,
+                2148749520888918, 549922092988516
+#else
+                51616947, 8012312, 64594134, 20851969, 43143017, 23300402,
+                65496150, 32018862, 50444388, 8194477
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1747985413252434, 680511052635695, 1809559829982725,
+                594274250930054, 201673170745982
+#else
+                27338066, 26047012, 59694639, 10140404, 48082437, 26964542,
+                27277190, 8855376, 28572286, 3005164
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                323583936109569, 1973572998577657, 1192219029966558,
+                79354804385273, 1374043025560347
+#else
+                26287105, 4821776, 25476601, 29408529, 63344350, 17765447,
+                49100281, 1182478, 41014043, 20474836
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                213277331329947, 416202017849623, 1950535221091783,
+                1313441578103244, 2171386783823658
+#else
+                59937691, 3178079, 23970071, 6201893, 49913287, 29065239,
+                45232588, 19571804, 32208682, 32356184
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                189088804229831, 993969372859110, 895870121536987,
+                1547301535298256, 1477373024911350
+#else
+                50451143, 2817642, 56822502, 14811297, 6024667, 13349505,
+                39793360, 23056589, 39436278, 22014573
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1620578418245010, 541035331188469, 2235785724453865,
+                2154865809088198, 1974627268751826
+#else
+                15941010, 24148500, 45741813, 8062054, 31876073, 33315803,
+                51830470, 32110002, 15397330, 29424239
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1346805451740245, 1350981335690626, 942744349501813,
+                2155094562545502, 1012483751693409
+#else
+                8934485, 20068965, 43822466, 20131190, 34662773, 14047985,
+                31170398, 32113411, 39603297, 15087183
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2107080134091762, 1132567062788208, 1824935377687210,
+                769194804343737, 1857941799971888
+#else
+                48751602, 31397940, 24524912, 16876564, 15520426, 27193656,
+                51606457, 11461895, 16788528, 27685490
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1074666112436467, 249279386739593, 1174337926625354,
+                1559013532006480, 1472287775519121
+#else
+                65161459, 16013772, 21750665, 3714552, 49707082, 17498998,
+                63338576, 23231111, 31322513, 21938797
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1872620123779532, 1892932666768992, 1921559078394978,
+                1270573311796160, 1438913646755037
+#else
+                21426636, 27904214, 53460576, 28206894, 38296674, 28633461,
+                48833472, 18933017, 13040861, 21441484
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                837390187648199, 1012253300223599, 989780015893987,
+                1351393287739814, 328627746545550
+#else
+                11293895, 12478086, 39972463, 15083749, 37801443, 14748871,
+                14555558, 20137329, 1613710, 4896935
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1028328827183114, 1711043289969857, 1350832470374933,
+                1923164689604327, 1495656368846911
+#else
+                41213962, 15323293, 58619073, 25496531, 25967125, 20128972,
+                2825959, 28657387, 43137087, 22287016
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1900828492104143, 430212361082163, 687437570852799,
+                832514536673512, 1685641495940794
+#else
+                51184079, 28324551, 49665331, 6410663, 3622847, 10243618,
+                20615400, 12405433, 43355834, 25118015
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                842632847936398, 605670026766216, 290836444839585,
+                163210774892356, 2213815011799645
+#else
+                60017550, 12556207, 46917512, 9025186, 50036385, 4333800,
+                4378436, 2432030, 23097949, 32988414
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1176336383453996, 1725477294339771, 12700622672454,
+                678015708818208, 162724078519879
+#else
+                4565804, 17528778, 20084411, 25711615, 1724998, 189254,
+                24767264, 10103221, 48596551, 2424777
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1448049969043497, 1789411762943521, 385587766217753,
+                90201620913498, 832999441066823
+#else
+                366633, 21577626, 8173089, 26664313, 30788633, 5745705,
+                59940186, 1344108, 63466311, 12412658
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                516086333293313, 2240508292484616, 1351669528166508,
+                1223255565316488, 750235824427138
+#else
+                43107073, 7690285, 14929416, 33386175, 34898028, 20141445,
+                24162696, 18227928, 63967362, 11179384
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1263624896582495, 1102602401673328, 526302183714372,
+                2152015839128799, 1483839308490010
+#else
+                18289503, 18829478, 8056944, 16430056, 45379140, 7842513,
+                61107423, 32067534, 48424218, 22110928
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                442991718646863, 1599275157036458, 1925389027579192,
+                899514691371390, 350263251085160
+#else
+                476239, 6601091, 60956074, 23831056, 17503544, 28690532,
+                27672958, 13403813, 11052904, 5219329
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1689713572022143, 593854559254373, 978095044791970,
+                1985127338729499, 1676069120347625
+#else
+                20678527, 25178694, 34436965, 8849122, 62099106, 14574751,
+                31186971, 29580702, 9014761, 24975376
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1557207018622683, 340631692799603, 1477725909476187,
+                614735951619419, 2033237123746766
+#else
+                53464795, 23204192, 51146355, 5075807, 65594203, 22019831,
+                34006363, 9160279, 8473550, 30297594
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                968764929340557, 1225534776710944, 662967304013036,
+                1155521416178595, 791142883466590
+#else
+                24900749, 14435722, 17209120, 18261891, 44516588, 9878982,
+                59419555, 17218610, 42540382, 11788947
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1487081286167458, 993039441814934, 1792378982844640,
+                698652444999874, 2153908693179754
+#else
+                63990690, 22159237, 53306774, 14797440, 9652448, 26708528,
+                47071426, 10410732, 42540394, 32095740
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1123181311102823, 685575944875442, 507605465509927,
+                1412590462117473, 568017325228626
+#else
+                51449703, 16736705, 44641714, 10215877, 58011687, 7563910,
+                11871841, 21049238, 48595538, 8464117
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                560258797465417, 2193971151466401, 1824086900849026,
+                579056363542056, 1690063960036441
+#else
+                43708233, 8348506, 52522913, 32692717, 63158658, 27181012,
+                14325288, 8628612, 33313881, 25183915
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1918407319222416, 353767553059963, 1930426334528099,
+                1564816146005724, 1861342381708096
+#else
+                46921872, 28586496, 22367355, 5271547, 66011747, 28765593,
+                42303196, 23317577, 58168128, 27736162
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2131325168777276, 1176636658428908, 1756922641512981,
+                1390243617176012, 1966325177038383
+#else
+                60160060, 31759219, 34483180, 17533252, 32635413, 26180187,
+                15989196, 20716244, 28358191, 29300528
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2063958120364491, 2140267332393533, 699896251574968,
+                273268351312140, 375580724713232
+#else
+                43547083, 30755372, 34757181, 31892468, 57961144, 10429266,
+                50471180, 4072015, 61757200, 5596588
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2024297515263178, 416959329722687, 1079014235017302,
+                171612225573183, 1031677520051053
+#else
+                38872266, 30164383, 12312895, 6213178, 3117142, 16078565,
+                29266239, 2557221, 1768301, 15373193
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2033900009388450, 1744902869870788, 2190580087917640,
+                1949474984254121, 231049754293748
+#else
+                59865506, 30307471, 62515396, 26001078, 66980936, 32642186,
+                66017961, 29049440, 42448372, 3442909
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                343868674606581, 550155864008088, 1450580864229630,
+                481603765195050, 896972360018042
+#else
+                36898293, 5124042, 14181784, 8197961, 18964734, 21615339,
+                22597930, 7176455, 48523386, 13365929
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2151139328380127, 314745882084928, 59756825775204,
+                1676664391494651, 2048348075599360
+#else
+                59231455, 32054473, 8324672, 4690079, 6261860, 890446, 24538107,
+                24984246, 57419264, 30522764
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1528930066340597, 1605003907059576, 1055061081337675,
+                1458319101947665, 1234195845213142
+#else
+                25008885, 22782833, 62803832, 23916421, 16265035, 15721635,
+                683793, 21730648, 15723478, 18390951
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                830430507734812, 1780282976102377, 1425386760709037,
+                362399353095425, 2168861579799910
+#else
+                57448220, 12374378, 40101865, 26528283, 59384749, 21239917,
+                11879681, 5400171, 519526, 32318556
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1155762232730333, 980662895504006, 2053766700883521,
+                490966214077606, 510405877041357
+#else
+                22258397, 17222199, 59239046, 14613015, 44588609, 30603508,
+                46754982, 7315966, 16648397, 7605640
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1683750316716132, 652278688286128, 1221798761193539,
+                1897360681476669, 319658166027343
+#else
+                59027556, 25089834, 58885552, 9719709, 19259459, 18206220,
+                23994941, 28272877, 57640015, 4763277
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                618808732869972, 72755186759744, 2060379135624181,
+                1730731526741822, 48862757828238
+#else
+                45409620, 9220968, 51378240, 1084136, 41632757, 30702041,
+                31088446, 25789909, 55752334, 728111
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1463171970593505, 1143040711767452, 614590986558883,
+                1409210575145591, 1882816996436803
+#else
+                26047201, 21802961, 60208540, 17032633, 24092067, 9158119,
+                62835319, 20998873, 37743427, 28056159
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2230133264691131, 563950955091024, 2042915975426398,
+                827314356293472, 672028980152815
+#else
+                17510331, 33231575, 5854288, 8403524, 17133918, 30441820,
+                38997856, 12327944, 10750447, 10014012
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                264204366029760, 1654686424479449, 2185050199932931,
+                2207056159091748, 506015669043634
+#else
+                56796096, 3936951, 9156313, 24656749, 16498691, 32559785,
+                39627812, 32887699, 3424690, 7540221
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1784446333136569, 1973746527984364, 334856327359575,
+                1156769775884610, 1023950124675478
+#else
+                30322361, 26590322, 11361004, 29411115, 7433303, 4989748,
+                60037442, 17237212, 57864598, 15258045
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2065270940578383, 31477096270353, 306421879113491,
+                181958643936686, 1907105536686083
+#else
+                13054543, 30774935, 19155473, 469045, 54626067, 4566041,
+                5631406, 2711395, 1062915, 28418087
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1496516440779464, 1748485652986458, 872778352227340,
+                818358834654919, 97932669284220
+#else
+                47868616, 22299832, 37599834, 26054466, 61273100, 13005410,
+                61042375, 12194496, 32960380, 1459310
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                471636015770351, 672455402793577, 1804995246884103,
+                1842309243470804, 1501862504981682
+#else
+                19852015, 7027924, 23669353, 10020366, 8586503, 26896525,
+                394196, 27452547, 18638002, 22379495
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1013216974933691, 538921919682598, 1915776722521558,
+                1742822441583877, 1886550687916656
+#else
+                31395515, 15098109, 26581030, 8030562, 50580950, 28547297,
+                9012485, 25970078, 60465776, 28111795
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2094270000643336, 303971879192276, 40801275554748,
+                649448917027930, 1818544418535447
+#else
+                57916680, 31207054, 65111764, 4529533, 25766844, 607986,
+                67095642, 9677542, 34813975, 27098423
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2241737709499165, 549397817447461, 838180519319392,
+                1725686958520781, 1705639080897747
+#else
+                64664349, 33404494, 29348901, 8186665, 1873760, 12489863,
+                36174285, 25714739, 59256019, 25416002
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1216074541925116, 50120933933509, 1565829004133810,
+                721728156134580, 349206064666188
+#else
+                51872508, 18120922, 7766469, 746860, 26346930, 23332670,
+                39775412, 10754587, 57677388, 5203575
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                948617110470858, 346222547451945, 1126511960599975,
+                1759386906004538, 493053284802266
+#else
+                31834314, 14135496, 66338857, 5159117, 20917671, 16786336,
+                59640890, 26216907, 31809242, 7347066
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1454933046815146, 874696014266362, 1467170975468588,
+                1432316382418897, 2111710746366763
+#else
+                57502122, 21680191, 20414458, 13033986, 13716524, 21862551,
+                19797969, 21343177, 15192875, 31466942
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2105387117364450, 1996463405126433, 1303008614294500,
+                851908115948209, 1353742049788635
+#else
+                54445282, 31372712, 1168161, 29749623, 26747876, 19416341,
+                10609329, 12694420, 33473243, 20172328
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                750300956351719, 1487736556065813, 15158817002104,
+                1511998221598392, 971739901354129
+#else
+                33184999, 11180355, 15832085, 22169002, 65475192, 225883,
+                15089336, 22530529, 60973201, 14480052
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1874648163531693, 2124487685930551, 1810030029384882,
+                918400043048335, 586348627300650
+#else
+                31308717, 27934434, 31030839, 31657333, 15674546, 26971549,
+                5496207, 13685227, 27595050, 8737275
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1235084464747900, 1166111146432082, 1745394857881591,
+                1405516473883040, 4463504151617
+#else
+                46790012, 18404192, 10933842, 17376410, 8335351, 26008410,
+                36100512, 20943827, 26498113, 66511
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1663810156463827, 327797390285791, 1341846161759410,
+                1964121122800605, 1747470312055380
+#else
+                22644435, 24792703, 50437087, 4884561, 64003250, 19995065,
+                30540765, 29267685, 53781076, 26039336
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                660005247548233, 2071860029952887, 1358748199950107,
+                911703252219107, 1014379923023831
+#else
+                39091017, 9834844, 18617207, 30873120, 63706907, 20246925,
+                8205539, 13585437, 49981399, 15115438
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2206641276178231, 1690587809721504, 1600173622825126,
+                2156096097634421, 1106822408548216
+#else
+                23711543, 32881517, 31206560, 25191721, 6164646, 23844445,
+                33572981, 32128335, 8236920, 16492939
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1344788193552206, 1949552134239140, 1735915881729557,
+                675891104100469, 1834220014427292
+#else
+                43198286, 20038905, 40809380, 29050590, 25005589, 25867162,
+                19574901, 10071562, 6708380, 27332008
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1920949492387964, 158885288387530, 70308263664033,
+                626038464897817, 1468081726101009
+#else
+                2101372, 28624378, 19702730, 2367575, 51681697, 1047674,
+                5301017, 9328700, 29955601, 21876122
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                622221042073383, 1210146474039168, 1742246422343683,
+                1403839361379025, 417189490895736
+#else
+                3096359, 9271816, 45488000, 18032587, 52260867, 25961494,
+                41216721, 20918836, 57191288, 6216607
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                22727256592983, 168471543384997, 1324340989803650,
+                1839310709638189, 504999476432775
+#else
+                34493015, 338662, 41913253, 2510421, 37895298, 19734218,
+                24822829, 27407865, 40341383, 7525078
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1313240518756327, 1721896294296942, 52263574587266,
+                2065069734239232, 804910473424630
+#else
+                44042215, 19568808, 16133486, 25658254, 63719298, 778787,
+                66198528, 30771936, 47722230, 11994100
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1337466662091884, 1287645354669772, 2018019646776184,
+                652181229374245, 898011753211715
+#else
+                21691500, 19929806, 66467532, 19187410, 3285880, 30070836,
+                42044197, 9718257, 59631427, 13381417
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1969792547910734, 779969968247557, 2011350094423418,
+                1823964252907487, 1058949448296945
+#else
+                18445390, 29352196, 14979845, 11622458, 65381754, 29971451,
+                23111647, 27179185, 28535281, 15779576
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                207343737062002, 1118176942430253, 758894594548164,
+                806764629546266, 1157700123092949
+#else
+                30098034, 3089662, 57874477, 16662134, 45801924, 11308410,
+                53040410, 12021729, 9955285, 17251076
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1273565321399022, 1638509681964574, 759235866488935,
+                666015124346707, 897983460943405
+#else
+                9734894, 18977602, 59635230, 24415696, 2060391, 11313496,
+                48682835, 9924398, 20194861, 13380996
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1717263794012298, 1059601762860786, 1837819172257618,
+                1054130665797229, 680893204263559
+#else
+                40730762, 25589224, 44941042, 15789296, 49053522, 27385639,
+                65123949, 15707770, 26342023, 10146099
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2237039662793603, 2249022333361206, 2058613546633703,
+                149454094845279, 2215176649164582
+#else
+                41091971, 33334488, 21339190, 33513044, 19745255, 30675732,
+                37471583, 2227039, 21612326, 33008704
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                79472182719605, 1851130257050174, 1825744808933107,
+                821667333481068, 781795293511946
+#else
+                54031477, 1184227, 23562814, 27583990, 46757619, 27205717,
+                25764460, 12243797, 46252298, 11649657
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                755822026485370, 152464789723500, 1178207602290608,
+                410307889503239, 156581253571278
+#else
+                57077370, 11262625, 27384172, 2271902, 26947504, 17556661,
+                39943, 6114064, 33514190, 2333242
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1418185496130297, 484520167728613, 1646737281442950,
+                1401487684670265, 1349185550126961
+#else
+                45675257, 21132610, 8119781, 7219913, 45278342, 24538297,
+                60429113, 20883793, 24350577, 20104431
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1495380034400429, 325049476417173, 46346894893933,
+                1553408840354856, 828980101835683
+#else
+                62992557, 22282898, 43222677, 4843614, 37020525, 690622,
+                35572776, 23147595, 8317859, 12352766
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1280337889310282, 2070832742866672, 1640940617225222,
+                2098284908289951, 450929509534434
+#else
+                18200138, 19078521, 34021104, 30857812, 43406342, 24451920,
+                43556767, 31266881, 20712162, 6719373
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                407703353998781, 126572141483652, 286039827513621,
+                1999255076709338, 2030511179441770
+#else
+                26656189, 6075253, 59250308, 1886071, 38764821, 4262325,
+                11117530, 29791222, 26224234, 30256974
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1254958221100483, 1153235960999843, 942907704968834,
+                637105404087392, 1149293270147267
+#else
+                49939907, 18700334, 63713187, 17184554, 47154818, 14050419,
+                21728352, 9493610, 18620611, 17125804
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                894249020470196, 400291701616810, 406878712230981,
+                1599128793487393, 1145868722604026
+#else
+                53785524, 13325348, 11432106, 5964811, 18609221, 6062965,
+                61839393, 23828875, 36407290, 17074774
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1497955250203334, 110116344653260, 1128535642171976,
+                1900106496009660, 129792717460909
+#else
+                43248326, 22321272, 26961356, 1640861, 34695752, 16816491,
+                12248508, 28313793, 13735341, 1934062
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                452487513298665, 1352120549024569, 1173495883910956,
+                1999111705922009, 367328130454226
+#else
+                25089769, 6742589, 17081145, 20148166, 21909292, 17486451,
+                51972569, 29789085, 45830866, 5473615
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1717539401269642, 1475188995688487, 891921989653942,
+                836824441505699, 1885988485608364
+#else
+                31883658, 25593331, 1083431, 21982029, 22828470, 13290673,
+                59983779, 12469655, 29111212, 28103418
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1241784121422547, 187337051947583, 1118481812236193,
+                428747751936362, 30358898927325
+#else
+                24244947, 18504025, 40845887, 2791539, 52111265, 16666677,
+                24367466, 6388839, 56813277, 452382
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2022432361201842, 1088816090685051, 1977843398539868,
+                1854834215890724, 564238862029357
+#else
+                41468082, 30136590, 5217915, 16224624, 19987036, 29472163,
+                42872612, 27639183, 15766061, 8407814
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                938868489100585, 1100285072929025, 1017806255688848,
+                1957262154788833, 152787950560442
+#else
+                46701865, 13990230, 15495425, 16395525, 5377168, 15166495,
+                58191841, 29165478, 59040954, 2276717
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                867319417678923, 620471962942542, 226032203305716,
+                342001443957629, 1761675818237336
+#else
+                30157899, 12924066, 49396814, 9245752, 19895028, 3368142,
+                43281277, 5096218, 22740376, 26251015
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1295072362439987, 931227904689414, 1355731432641687,
+                922235735834035, 892227229410209
+#else
+                2041139, 19298082, 7783686, 13876377, 41161879, 20201972,
+                24051123, 13742383, 51471265, 13295221
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1680989767906154, 535362787031440, 2136691276706570,
+                1942228485381244, 1267350086882274
+#else
+                33338218, 25048699, 12532112, 7977527, 9106186, 31839181,
+                49388668, 28941459, 62657506, 18884987
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                366018233770527, 432660629755596, 126409707644535,
+                1973842949591662, 645627343442376
+#else
+                47063583, 5454096, 52762316, 6447145, 28862071, 1883651,
+                64639598, 29412551, 7770568, 9620597
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                535509430575217, 546885533737322, 1524675609547799,
+                2138095752851703, 1260738089896827
+#else
+                23208049, 7979712, 33071466, 8149229, 1758231, 22719437,
+                30945527, 31860109, 33606523, 18786461
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1159906385590467, 2198530004321610, 714559485023225,
+                81880727882151, 1484020820037082
+#else
+                1439939, 17283952, 66028874, 32760649, 4625401, 10647766,
+                62065063, 1220117, 30494170, 22113633
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1377485731340769, 2046328105512000, 1802058637158797,
+                62146136768173, 1356993908853901
+#else
+                62071265, 20526136, 64138304, 30492664, 15640973, 26852766,
+                40369837, 926049, 65424525, 20220784
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2013612215646735, 1830770575920375, 536135310219832,
+                609272325580394, 270684344495013
+#else
+                13908495, 30005160, 30919927, 27280607, 45587000, 7989038,
+                9021034, 9078865, 3353509, 4033511
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1237542585982777, 2228682050256790, 1385281931622824,
+                593183794882890, 493654978552689
+#else
+                37445433, 18440821, 32259990, 33209950, 24295848, 20642309,
+                23161162, 8839127, 27485041, 7356032
+#endif
+            }},
+        },
+    },
+    {
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                47341488007760, 1891414891220257, 983894663308928,
+                176161768286818, 1126261115179708
+#else
+                9661008, 705443, 11980065, 28184278, 65480320, 14661172,
+                60762722, 2625014, 28431036, 16782598
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1694030170963455, 502038567066200, 1691160065225467,
+                949628319562187, 275110186693066
+#else
+                43269631, 25243016, 41163352, 7480957, 49427195, 25200248,
+                44562891, 14150564, 15970762, 4099461
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1124515748676336, 1661673816593408, 1499640319059718,
+                1584929449166988, 558148594103306
+#else
+                29262576, 16756590, 26350592, 24760869, 8529670, 22346382,
+                13617292, 23617289, 11465738, 8317062
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1784525599998356, 1619698033617383, 2097300287550715,
+                258265458103756, 1905684794832758
+#else
+                41615764, 26591503, 32500199, 24135381, 44070139, 31252209,
+                14898636, 3848455, 20969334, 28396916
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1288941072872766, 931787902039402, 190731008859042,
+                2006859954667190, 1005931482221702
+#else
+                46724414, 19206718, 48772458, 13884721, 34069410, 2842113,
+                45498038, 29904543, 11177094, 14989547
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1465551264822703, 152905080555927, 680334307368453,
+                173227184634745, 666407097159852
+#else
+                42612143, 21838415, 16959895, 2278463, 12066309, 10137771,
+                13515641, 2581286, 38621356, 9930239
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2111017076203943, 1378760485794347, 1248583954016456,
+                1352289194864422, 1895180776543896
+#else
+                49357223, 31456605, 16544299, 20545132, 51194056, 18605350,
+                18345766, 20150679, 16291480, 28240394
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                171348223915638, 662766099800389, 462338943760497,
+                466917763340314, 656911292869115
+#else
+                33879670, 2553287, 32678213, 9875984, 8534129, 6889387,
+                57432090, 6957616, 4368891, 9788741
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                488623681976577, 866497561541722, 1708105560937768,
+                1673781214218839, 1506146329818807
+#else
+                16660737, 7281060, 56278106, 12911819, 20108584, 25452756,
+                45386327, 24941283, 16250551, 22443329
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                160425464456957, 950394373239689, 430497123340934,
+                711676555398832, 320964687779005
+#else
+                47343357, 2390525, 50557833, 14161979, 1905286, 6414907,
+                4689584, 10604807, 36918461, 4782746
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                988979367990485, 1359729327576302, 1301834257246029,
+                294141160829308, 29348272277475
+#else
+                65754325, 14736940, 59741422, 20261545, 7710541, 19398842,
+                57127292, 4383044, 22546403, 437323
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1434382743317910, 100082049942065, 221102347892623,
+                186982837860588, 1305765053501834
+#else
+                31665558, 21373968, 50922033, 1491338, 48740239, 3294681,
+                27343084, 2786261, 36475274, 19457415
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                2205916462268190, 499863829790820, 961960554686616,
+                158062762756985, 1841471168298305
+#else
+                52641566, 32870716, 33734756, 7448551, 19294360, 14334329,
+                47418233, 2355318, 47824193, 27440058
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1191737341426592, 1847042034978363, 1382213545049056,
+                1039952395710448, 788812858896859
+#else
+                15121312, 17758270, 6377019, 27523071, 56310752, 20596586,
+                18952176, 15496498, 37728731, 11754227
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1346965964571152, 1291881610839830, 2142916164336056,
+                786821641205979, 1571709146321039
+#else
+                64471568, 20071356, 8488726, 19250536, 12728760, 31931939,
+                7141595, 11724556, 22761615, 23420291
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                787164375951248, 202869205373189, 1356590421032140,
+                1431233331032510, 786341368775957
+#else
+                16918416, 11729663, 49025285, 3022986, 36093132, 20214772,
+                38367678, 21327038, 32851221, 11717399
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                492448143532951, 304105152670757, 1761767168301056,
+                233782684697790, 1981295323106089
+#else
+                11166615, 7338049, 60386341, 4531519, 37640192, 26252376,
+                31474878, 3483633, 65915689, 29523600
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                665807507761866, 1343384868355425, 895831046139653,
+                439338948736892, 1986828765695105
+#else
+                66923210, 9921304, 31456609, 20017994, 55095045, 13348922,
+                33142652, 6546660, 47123585, 29606055
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                756096210874553, 1721699973539149, 258765301727885,
+                1390588532210645, 1212530909934781
+#else
+                34648249, 11266711, 55911757, 25655328, 31703693, 3855903,
+                58571733, 20721383, 36336829, 18068118
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                852891097972275, 1816988871354562, 1543772755726524,
+                1174710635522444, 202129090724628
+#else
+                49102387, 12709067, 3991746, 27075244, 45617340, 23004006,
+                35973516, 17504552, 10928916, 3011958
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1205281565824323, 22430498399418, 992947814485516,
+                1392458699738672, 688441466734558
+#else
+                60151107, 17960094, 31696058, 334240, 29576716, 14796075,
+                36277808, 20749251, 18008030, 10258577
+#endif
+            }},
+        },
+        {
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1050627428414972, 1955849529137135, 2171162376368357,
+                91745868298214, 447733118757826
+#else
+                44660220, 15655568, 7018479, 29144429, 36794597, 32352840,
+                65255398, 1367119, 25127874, 6671743
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1287181461435438, 622722465530711, 880952150571872,
+                741035693459198, 311565274989772
+#else
+                29701166, 19180498, 56230743, 9279287, 67091296, 13127209,
+                21382910, 11042292, 25838796, 4642684
+#endif
+            }},
+            {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+                1003649078149734, 545233927396469, 1849786171789880,
+                1318943684880434, 280345687170552
+#else
+                46678630, 14955536, 42982517, 8124618, 61739576, 27563961,
+                30468146, 19653792, 18423288, 4177476
+#endif
+            }},
+        },
+    },
+};
+
+#endif  // CONFIG_SMALL
+
+// Bi[i] = (2*i+1)*B
+static const ge_precomp Bi[8] = {
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1288382639258501, 245678601348599, 269427782077623,
+            1462984067271730, 137412439391563
+#else
+            25967493, 19198397, 29566455, 3660896, 54414519, 4014786, 27544626,
+            21800161, 61029707, 2047604
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            62697248952638, 204681361388450, 631292143396476, 338455783676468,
+            1213667448819585
+#else
+            54563134, 934261, 64385954, 3049989, 66381436, 9406985, 12720692,
+            5043384, 19500929, 18085054
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            301289933810280, 1259582250014073, 1422107436869536,
+            796239922652654, 1953934009299142
+#else
+            58370664, 4489569, 9688441, 18769238, 10184608, 21191052, 29287918,
+            11864899, 42594502, 29115885
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1601611775252272, 1720807796594148, 1132070835939856,
+            1260455018889551, 2147779492816911
+#else
+            15636272, 23865875, 24204772, 25642034, 616976, 16869170, 27787599,
+            18782243, 28944399, 32004408
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            316559037616741, 2177824224946892, 1459442586438991,
+            1461528397712656, 751590696113597
+#else
+            16568933, 4717097, 55552716, 32452109, 15682895, 21747389, 16354576,
+            21778470, 7689661, 11199574
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1850748884277385, 1200145853858453, 1068094770532492,
+            672251375690438, 1586055907191707
+#else
+            30464137, 27578307, 55329429, 17883566, 23220364, 15915852, 7512774,
+            10017326, 49359771, 23634074
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            769950342298419, 132954430919746, 844085933195555, 974092374476333,
+            726076285546016
+#else
+            10861363, 11473154, 27284546, 1981175, 37044515, 12577860, 32867885,
+            14515107, 51670560, 10819379
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            425251763115706, 608463272472562, 442562545713235, 837766094556764,
+            374555092627893
+#else
+            4708026, 6336745, 20377586, 9066809, 55836755, 6594695, 41455196,
+            12483687, 54440373, 5581305
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1086255230780037, 274979815921559, 1960002765731872,
+            929474102396301, 1190409889297339
+#else
+            19563141, 16186464, 37722007, 4097518, 10237984, 29206317, 28542349,
+            13850243, 43430843, 17738489
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            665000864555967, 2065379846933859, 370231110385876, 350988370788628,
+            1233371373142985
+#else
+            5153727, 9909285, 1723747, 30776558, 30523604, 5516873, 19480852,
+            5230134, 43156425, 18378665
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            2019367628972465, 676711900706637, 110710997811333,
+            1108646842542025, 517791959672113
+#else
+            36839857, 30090922, 7665485, 10083793, 28475525, 1649722, 20654025,
+            16520125, 30598449, 7715701
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            965130719900578, 247011430587952, 526356006571389, 91986625355052,
+            2157223321444601
+#else
+            28881826, 14381568, 9657904, 3680757, 46927229, 7843315, 35708204,
+            1370707, 29794553, 32145132
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1802695059465007, 1664899123557221, 593559490740857,
+            2160434469266659, 927570450755031
+#else
+            44589871, 26862249, 14201701, 24808930, 43598457, 8844725, 18474211,
+            32192982, 54046167, 13821876
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1725674970513508, 1933645953859181, 1542344539275782,
+            1767788773573747, 1297447965928905
+#else
+            60653668, 25714560, 3374701, 28813570, 40010246, 22982724, 31655027,
+            26342105, 18853321, 19333481
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1381809363726107, 1430341051343062, 2061843536018959,
+            1551778050872521, 2036394857967624
+#else
+            4566811, 20590564, 38133974, 21313742, 59506191, 30723862, 58594505,
+            23123294, 2207752, 30344648
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1970894096313054, 528066325833207, 1619374932191227,
+            2207306624415883, 1169170329061080
+#else
+            41954014, 29368610, 29681143, 7868801, 60254203, 24130566, 54671499,
+            32891431, 35997400, 17421995
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            2070390218572616, 1458919061857835, 624171843017421,
+            1055332792707765, 433987520732508
+#else
+            25576264, 30851218, 7349803, 21739588, 16472781, 9300885, 3844789,
+            15725684, 171356, 6466918
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            893653801273833, 1168026499324677, 1242553501121234,
+            1306366254304474, 1086752658510815
+#else
+            23103977, 13316479, 9739013, 17404951, 817874, 18515490, 8965338,
+            19466374, 36393951, 16193876
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            213454002618221, 939771523987438, 1159882208056014, 317388369627517,
+            621213314200687
+#else
+            33587053, 3180712, 64714734, 14003686, 50205390, 17283591, 17238397,
+            4729455, 49034351, 9256799
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1971678598905747, 338026507889165, 762398079972271, 655096486107477,
+            42299032696322
+#else
+            41926547, 29380300, 32336397, 5036987, 45872047, 11360616, 22616405,
+            9761698, 47281666, 630304
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            177130678690680, 1754759263300204, 1864311296286618,
+            1180675631479880, 1292726903152791
+#else
+            53388152, 2639452, 42871404, 26147950, 9494426, 27780403, 60554312,
+            17593437, 64659607, 19263131
+#endif
+        }},
+    },
+    {
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1913163449625248, 460779200291993, 2193883288642314,
+            1008900146920800, 1721983679009502
+#else
+            63957664, 28508356, 9282713, 6866145, 35201802, 32691408, 48168288,
+            15033783, 25105118, 25659556
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            1070401523076875, 1272492007800961, 1910153608563310,
+            2075579521696771, 1191169788841221
+#else
+            42782475, 15950225, 35307649, 18961608, 55446126, 28463506, 1573891,
+            30928545, 2198789, 17749813
+#endif
+        }},
+        {{
+#if defined(BORINGSSL_CURVE25519_64BIT)
+            692896803108118, 500174642072499, 2068223309439677,
+            1162190621851337, 1426986007309901
+#else
+            64009494, 10324966, 64867251, 7453182, 61661885, 30818928, 53296841,
+            17317989, 34647629, 21263748
+#endif
+        }},
+    },
+};
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/groups.c b/krb5-1.21.3/src/plugins/preauth/spake/groups.c
new file mode 100644
index 00000000..a195cc19
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/groups.c
@@ -0,0 +1,442 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/groups.c - SPAKE group interfaces */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The SPAKE2 algorithm works as follows:
+ *
+ * 1. The parties agree on a group, a base element G, and constant elements M
+ *    and N.  In this mechanism, these parameters are determined by the
+ *    registered group number.
+ * 2. Both parties derive a scalar value w from the initial key.
+ * 3. The first party (the KDC, in this mechanism) chooses a random secret
+ *    scalar x and sends T=xG+wM.
+ * 4. The second party (the client, in this mechanism) chooses a random
+ *    secret scalar y and sends S=yG+wN.
+ * 5. The first party computes K=x(S-wN).
+ * 6. The second party computes the same value as K=y(T-wM).
+ * 7. Both parties derive a key from a random oracle whose input incorporates
+ *    the party identities, w, T, S, and K.
+ *
+ * We implement the algorithm using a vtable for each group, where the primary
+ * vtable methods are "keygen" (corresponding to step 3 or 4) and "result"
+ * (corresponding to step 5 or 6).  We use the term "private scalar" to refer
+ * to x or y, and "public element" to refer to S or T.
+ */
+
+#include "iana.h"
+#include "trace.h"
+#include "groups.h"
+
+#define DEFAULT_GROUPS_CLIENT "edwards25519"
+#define DEFAULT_GROUPS_KDC ""
+
+typedef struct groupent_st {
+    const groupdef *gdef;
+    groupdata *gdata;
+} groupent;
+
+struct groupstate_st {
+    krb5_boolean is_kdc;
+
+    /* Permitted and groups, from configuration */
+    int32_t *permitted;
+    size_t npermitted;
+
+    /* Optimistic challenge group, from configuration */
+    int32_t challenge_group;
+
+    /* Lazily-initialized list of gdata objects. */
+    groupent *data;
+    size_t ndata;
+};
+
+extern groupdef builtin_edwards25519;
+#ifdef SPAKE_OPENSSL
+extern groupdef ossl_P256;
+extern groupdef ossl_P384;
+extern groupdef ossl_P521;
+#endif
+
+static const groupdef *groupdefs[] = {
+    &builtin_edwards25519,
+#ifdef SPAKE_OPENSSL
+    &ossl_P256,
+    &ossl_P384,
+    &ossl_P521,
+#endif
+    NULL
+};
+
+/* Find a groupdef structure by group number.  Return NULL on failure. */
+static const groupdef *
+find_gdef(int32_t group)
+{
+    size_t i;
+
+    for (i = 0; groupdefs[i] != NULL; i++) {
+        if (groupdefs[i]->reg->id == group)
+            return groupdefs[i];
+    }
+
+    return NULL;
+}
+
+/* Find a group number by name.  Return 0 on failure. */
+static int32_t
+find_gnum(const char *name)
+{
+    size_t i;
+
+    for (i = 0; groupdefs[i] != NULL; i++) {
+        if (strcasecmp(name, groupdefs[i]->reg->name) == 0)
+            return groupdefs[i]->reg->id;
+    }
+    return 0;
+}
+
+static krb5_boolean
+in_grouplist(const int32_t *list, size_t count, int32_t group)
+{
+    size_t i;
+
+    for (i = 0; i < count; i++) {
+        if (list[i] == group)
+            return TRUE;
+    }
+
+    return FALSE;
+}
+
+/* Retrieve a group data object for group within gstate, lazily initializing it
+ * if necessary. */
+static krb5_error_code
+get_gdata(krb5_context context, groupstate *gstate, const groupdef *gdef,
+          groupdata **gdata_out)
+{
+    krb5_error_code ret;
+    groupent *ent, *newptr;
+
+    *gdata_out = NULL;
+
+    /* Look for an existing entry. */
+    for (ent = gstate->data; ent < gstate->data + gstate->ndata; ent++) {
+        if (ent->gdef == gdef) {
+            *gdata_out = ent->gdata;
+            return 0;
+        }
+    }
+
+    /* Make a new entry. */
+    newptr = realloc(gstate->data, (gstate->ndata + 1) * sizeof(groupent));
+    if (newptr == NULL)
+        return ENOMEM;
+    gstate->data = newptr;
+    ent = &gstate->data[gstate->ndata];
+    ent->gdef = gdef;
+    ent->gdata = NULL;
+    if (gdef->init != NULL) {
+        ret = gdef->init(context, gdef, &ent->gdata);
+        if (ret)
+            return ret;
+    }
+    gstate->ndata++;
+    *gdata_out = ent->gdata;
+    return 0;
+}
+
+/* Destructively parse str into a list of group numbers. */
+static krb5_error_code
+parse_groups(krb5_context context, char *str, int32_t **list_out,
+             size_t *count_out)
+{
+    const char *const delim = " \t\r\n,";
+    char *token, *save = NULL;
+    int32_t group, *newptr, *list = NULL;
+    size_t count = 0;
+
+    *list_out = NULL;
+    *count_out = 0;
+
+    /* Walk through the words in profstr. */
+    for (token = strtok_r(str, delim, &save); token != NULL;
+         token = strtok_r(NULL, delim, &save)) {
+        group = find_gnum(token);
+        if (!group) {
+            TRACE_SPAKE_UNKNOWN_GROUP(context, token);
+            continue;
+        }
+        if (in_grouplist(list, count, group))
+            continue;
+        newptr = realloc(list, (count + 1) * sizeof(*list));
+        if (newptr == NULL) {
+            free(list);
+            return ENOMEM;
+        }
+        list = newptr;
+        list[count++] = group;
+    }
+
+    *list_out = list;
+    *count_out = count;
+    return 0;
+}
+
+krb5_error_code
+group_init_state(krb5_context context, krb5_boolean is_kdc,
+                 groupstate **gstate_out)
+{
+    krb5_error_code ret;
+    groupstate *gstate;
+    const char *defgroups;
+    char *profstr1 = NULL, *profstr2 = NULL;
+    int32_t *permitted = NULL, challenge_group = 0;
+    size_t npermitted;
+
+    *gstate_out = NULL;
+
+    defgroups = is_kdc ? DEFAULT_GROUPS_KDC : DEFAULT_GROUPS_CLIENT;
+    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                             KRB5_CONF_SPAKE_PREAUTH_GROUPS, NULL, defgroups,
+                             &profstr1);
+    if (ret)
+        goto cleanup;
+    ret = parse_groups(context, profstr1, &permitted, &npermitted);
+    if (ret)
+        goto cleanup;
+    if (npermitted == 0) {
+        ret = KRB5_PLUGIN_OP_NOTSUPP;
+        k5_setmsg(context, ret, _("No SPAKE preauth groups configured"));
+        goto cleanup;
+    }
+
+    if (is_kdc) {
+        /*
+         * Check for a configured optimistic challenge group.  If one is set,
+         * the KDC will send a challenge in the PREAUTH_REQUIRED method data,
+         * before receiving the list of supported groups.
+         */
+        ret = profile_get_string(context->profile, KRB5_CONF_KDCDEFAULTS,
+                                 KRB5_CONF_SPAKE_PREAUTH_KDC_CHALLENGE, NULL,
+                                 NULL, &profstr2);
+        if (ret)
+            goto cleanup;
+        if (profstr2 != NULL) {
+            challenge_group = find_gnum(profstr2);
+            if (!in_grouplist(permitted, npermitted, challenge_group)) {
+                ret = KRB5_PLUGIN_OP_NOTSUPP;
+                k5_setmsg(context, ret,
+                          _("SPAKE challenge group not a permitted group: %s"),
+                          profstr2);
+                goto cleanup;
+            }
+        }
+    }
+
+    gstate = k5alloc(sizeof(*gstate), &ret);
+    if (gstate == NULL)
+        goto cleanup;
+    gstate->is_kdc = is_kdc;
+    gstate->permitted = permitted;
+    gstate->npermitted = npermitted;
+    gstate->challenge_group = challenge_group;
+    permitted = NULL;
+    gstate->data = NULL;
+    gstate->ndata = 0;
+    *gstate_out = gstate;
+
+cleanup:
+    profile_release_string(profstr1);
+    profile_release_string(profstr2);
+    free(permitted);
+    return ret;
+}
+
+
+void
+group_free_state(groupstate *gstate)
+{
+    groupent *ent;
+
+    for (ent = gstate->data; ent < gstate->data + gstate->ndata; ent++) {
+        if (ent->gdata != NULL && ent->gdef->fini != NULL)
+            ent->gdef->fini(ent->gdata);
+    }
+
+    free(gstate->permitted);
+    free(gstate->data);
+    free(gstate);
+}
+
+krb5_boolean
+group_is_permitted(groupstate *gstate, int32_t group)
+{
+    return in_grouplist(gstate->permitted, gstate->npermitted, group);
+}
+
+void
+group_get_permitted(groupstate *gstate, int32_t **list_out, int32_t *count_out)
+{
+    *list_out = gstate->permitted;
+    *count_out = gstate->npermitted;
+}
+
+krb5_int32
+group_optimistic_challenge(groupstate *gstate)
+{
+    assert(gstate->is_kdc);
+    return gstate->challenge_group;
+}
+
+krb5_error_code
+group_mult_len(int32_t group, size_t *len_out)
+{
+    const groupdef *gdef;
+
+    *len_out = 0;
+    gdef = find_gdef(group);
+    if (gdef == NULL)
+        return EINVAL;
+    *len_out = gdef->reg->mult_len;
+    return 0;
+}
+
+krb5_error_code
+group_keygen(krb5_context context, groupstate *gstate, int32_t group,
+             const krb5_data *wbytes, krb5_data *priv_out, krb5_data *pub_out)
+{
+    krb5_error_code ret;
+    const groupdef *gdef;
+    groupdata *gdata;
+    uint8_t *priv = NULL, *pub = NULL;
+
+    *priv_out = empty_data();
+    *pub_out = empty_data();
+    gdef = find_gdef(group);
+    if (gdef == NULL || wbytes->length != gdef->reg->mult_len)
+        return EINVAL;
+    ret = get_gdata(context, gstate, gdef, &gdata);
+    if (ret)
+        return ret;
+
+    priv = k5alloc(gdef->reg->mult_len, &ret);
+    if (priv == NULL)
+        goto cleanup;
+    pub = k5alloc(gdef->reg->elem_len, &ret);
+    if (pub == NULL)
+        goto cleanup;
+
+    ret = gdef->keygen(context, gdata, (uint8_t *)wbytes->data, gstate->is_kdc,
+                       priv, pub);
+    if (ret)
+        goto cleanup;
+
+    *priv_out = make_data(priv, gdef->reg->mult_len);
+    *pub_out = make_data(pub, gdef->reg->elem_len);
+    priv = pub = NULL;
+    TRACE_SPAKE_KEYGEN(context, pub_out);
+
+cleanup:
+    zapfree(priv, gdef->reg->mult_len);
+    free(pub);
+    return ret;
+}
+
+krb5_error_code
+group_result(krb5_context context, groupstate *gstate, int32_t group,
+             const krb5_data *wbytes, const krb5_data *ourpriv,
+             const krb5_data *theirpub, krb5_data *spakeresult_out)
+{
+    krb5_error_code ret;
+    const groupdef *gdef;
+    groupdata *gdata;
+    uint8_t *spakeresult = NULL;
+
+    *spakeresult_out = empty_data();
+    gdef = find_gdef(group);
+    if (gdef == NULL || wbytes->length != gdef->reg->mult_len)
+        return EINVAL;
+    if (ourpriv->length != gdef->reg->mult_len ||
+        theirpub->length != gdef->reg->elem_len)
+        return EINVAL;
+    ret = get_gdata(context, gstate, gdef, &gdata);
+    if (ret)
+        return ret;
+
+    spakeresult = k5alloc(gdef->reg->elem_len, &ret);
+    if (spakeresult == NULL)
+        goto cleanup;
+
+    /* Invert is_kdc here to use the other party's constant. */
+    ret = gdef->result(context, gdata, (uint8_t *)wbytes->data,
+                       (uint8_t *)ourpriv->data, (uint8_t *)theirpub->data,
+                       !gstate->is_kdc, spakeresult);
+    if (ret)
+        goto cleanup;
+
+    *spakeresult_out = make_data(spakeresult, gdef->reg->elem_len);
+    spakeresult = NULL;
+    TRACE_SPAKE_RESULT(context, spakeresult_out);
+
+cleanup:
+    zapfree(spakeresult, gdef->reg->elem_len);
+    return ret;
+}
+
+krb5_error_code
+group_hash_len(int32_t group, size_t *len_out)
+{
+    const groupdef *gdef;
+
+    *len_out = 0;
+    gdef = find_gdef(group);
+    if (gdef == NULL)
+        return EINVAL;
+    *len_out = gdef->reg->hash_len;
+    return 0;
+}
+
+krb5_error_code
+group_hash(krb5_context context, groupstate *gstate, int32_t group,
+           const krb5_data *dlist, size_t ndata, uint8_t *result_out)
+{
+    krb5_error_code ret;
+    const groupdef *gdef;
+    groupdata *gdata;
+
+    gdef = find_gdef(group);
+    if (gdef == NULL)
+        return EINVAL;
+    ret = get_gdata(context, gstate, gdef, &gdata);
+    if (ret)
+        return ret;
+    return gdef->hash(context, gdata, dlist, ndata, result_out);
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/groups.h b/krb5-1.21.3/src/plugins/preauth/spake/groups.h
new file mode 100644
index 00000000..3add6949
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/groups.h
@@ -0,0 +1,148 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/groups.h - SPAKE group interfaces */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GROUPS_H
+#define GROUPS_H
+
+#include "k5-int.h"
+#include "iana.h"
+
+typedef struct groupstate_st groupstate;
+typedef struct groupdata_st groupdata;
+typedef struct groupdef_st groupdef;
+
+struct groupdef_st {
+    const spake_iana *reg;
+
+    /*
+     * Optional: create a per-group data object to allow more efficient keygen
+     * and result computations.  Saving a reference to gdef is okay; its
+     * lifetime will always be longer than the resulting object.
+     */
+    krb5_error_code (*init)(krb5_context context, const groupdef *gdef,
+                            groupdata **gdata_out);
+
+    /* Optional: release a group data object. */
+    void (*fini)(groupdata *gdata);
+
+    /*
+     * Mandatory: generate a random private scalar (x or y) and a public
+     * element (T or S), using wbytes for the w value.  If use_m is true, use
+     * the M element (generating T); otherwise use the N element (generating
+     * S).  wbytes and priv_out have length reg->mult_len; pub_out has length
+     * reg->elem_len.  priv_out and pub_out are caller-allocated.
+     */
+    krb5_error_code (*keygen)(krb5_context context, groupdata *gdata,
+                              const uint8_t *wbytes, krb5_boolean use_m,
+                              uint8_t *priv_out, uint8_t *pub_out);
+
+    /*
+     * Mandatory: compute K given a private scalar (x or y) and the other
+     * party's public element (S or T), using wbytes for the w value.  If use_m
+     * is true, use the M element (computing K from y and T); otherwise use the
+     * N element (computing K from x and S).  wbytes and ourpriv have length
+     * reg->mult_len; theirpub and elem_out have length reg->elem_len.
+     * elem_out is caller-allocated.
+     */
+    krb5_error_code (*result)(krb5_context context, groupdata *gdata,
+                              const uint8_t *wbytes, const uint8_t *ourpriv,
+                              const uint8_t *theirpub, krb5_boolean use_m,
+                              uint8_t *elem_out);
+
+    /*
+     * Mandatory: compute the group's specified hash function over datas (with
+     * ndata elements), placing the result in result_out.  result_out is
+     * caller-allocated with length reg->hash_len.
+     */
+    krb5_error_code (*hash)(krb5_context context, groupdata *gdata,
+                            const krb5_data *datas, size_t ndata,
+                            uint8_t *result_out);
+};
+
+/* Initialize an object which holds group configuration and pre-computation
+ * state for each group.  is_kdc is true for KDCs, false for clients. */
+krb5_error_code group_init_state(krb5_context context, krb5_boolean is_kdc,
+                                 groupstate **out);
+
+/* Release resources held by gstate. */
+void group_free_state(groupstate *gstate);
+
+/* Return true if group is permitted by configuration. */
+krb5_boolean group_is_permitted(groupstate *gstate, int32_t group);
+
+/* Set *list_out and *count_out to the list of groups permitted by
+ * configuration. */
+void group_get_permitted(groupstate *gstate, int32_t **list_out,
+                         int32_t *count_out);
+
+/* Return the KDC optimistic challenge group if one is configured.  Valid for
+ * KDC groupstate objects only. */
+krb5_int32 group_optimistic_challenge(groupstate *gstate);
+
+/* Set *len_out to the multiplier length for group. */
+krb5_error_code group_mult_len(int32_t group, size_t *len_out);
+
+/*
+ * Generate a SPAKE private scalar (x or y) and public element (T or S), given
+ * an input multiplier wbytes.  Use constant M if gstate is a KDC groupstate
+ * object, N if it is a client object.  Allocate storage and place the results
+ * in *priv_out and *pub_out.
+ */
+krb5_error_code group_keygen(krb5_context context, groupstate *gstate,
+                             int32_t group, const krb5_data *wbytes,
+                             krb5_data *priv_out, krb5_data *pub_out);
+
+/*
+ * Compute the SPAKE result K from our private scalar (x or y) and their public
+ * key (S or T), deriving the input scalar w from ikey.  Use the other party's
+ * constant, N if gstate is a KDC groupstate object or M if it is a client
+ * object.  Allocate storage and place the result in *spakeresult_out.
+ */
+krb5_error_code group_result(krb5_context context, groupstate *gstate,
+                             int32_t group, const krb5_data *wbytes,
+                             const krb5_data *ourpriv,
+                             const krb5_data *theirpub,
+                             krb5_data *spakeresult_out);
+
+/* Set *result_out to the hash output length for group. */
+krb5_error_code group_hash_len(int32_t group, size_t *result_out);
+
+/*
+ * Compute the group's specified hash function over dlist (with ndata
+ * elements).  result_out is caller-allocated with enough bytes for the hash
+ * output as given by group_hash_len().
+ */
+krb5_error_code group_hash(krb5_context context, groupstate *gstate,
+                           int32_t group, const krb5_data *dlist, size_t ndata,
+                           uint8_t *result_out);
+
+#endif /* GROUPS_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/iana.c b/krb5-1.21.3/src/plugins/preauth/spake/iana.c
new file mode 100644
index 00000000..e7901ded
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/iana.c
@@ -0,0 +1,108 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/iana.c - SPAKE IANA registry contents */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "iana.h"
+
+static uint8_t edwards25519_M[] = {
+    0xD0, 0x48, 0x03, 0x2C, 0x6E, 0xA0, 0xB6, 0xD6, 0x97, 0xDD, 0xC2, 0xE8,
+    0x6B, 0xDA, 0x85, 0xA3, 0x3A, 0xDA, 0xC9, 0x20, 0xF1, 0xBF, 0x18, 0xE1,
+    0xB0, 0xC6, 0xD1, 0x66, 0xA5, 0xCE, 0xCD, 0xAF
+};
+
+static uint8_t edwards25519_N[] = {
+    0xD3, 0xBF, 0xB5, 0x18, 0xF4, 0x4F, 0x34, 0x30, 0xF2, 0x9D, 0x0C, 0x92,
+    0xAF, 0x50, 0x38, 0x65, 0xA1, 0xED, 0x32, 0x81, 0xDC, 0x69, 0xB3, 0x5D,
+    0xD8, 0x68, 0xBA, 0x85, 0xF8, 0x86, 0xC4, 0xAB
+};
+
+static uint8_t P256_M[] = {
+    0x02, 0x88, 0x6E, 0x2F, 0x97, 0xAC, 0xE4, 0x6E, 0x55, 0xBA, 0x9D, 0xD7,
+    0x24, 0x25, 0x79, 0xF2, 0x99, 0x3B, 0x64, 0xE1, 0x6E, 0xF3, 0xDC, 0xAB,
+    0x95, 0xAF, 0xD4, 0x97, 0x33, 0x3D, 0x8F, 0xA1, 0x2F
+};
+
+static uint8_t P256_N[] = {
+    0x03, 0xD8, 0xBB, 0xD6, 0xC6, 0x39, 0xC6, 0x29, 0x37, 0xB0, 0x4D, 0x99,
+    0x7F, 0x38, 0xC3, 0x77, 0x07, 0x19, 0xC6, 0x29, 0xD7, 0x01, 0x4D, 0x49,
+    0xA2, 0x4B, 0x4F, 0x98, 0xBA, 0xA1, 0x29, 0x2B, 0x49
+};
+
+static uint8_t P384_M[] = {
+    0x03, 0x0F, 0xF0, 0x89, 0x5A, 0xE5, 0xEB, 0xF6, 0x18, 0x70, 0x80, 0xA8,
+    0x2D, 0x82, 0xB4, 0x2E, 0x27, 0x65, 0xE3, 0xB2, 0xF8, 0x74, 0x9C, 0x7E,
+    0x05, 0xEB, 0xA3, 0x66, 0x43, 0x4B, 0x36, 0x3D, 0x3D, 0xC3, 0x6F, 0x15,
+    0x31, 0x47, 0x39, 0x07, 0x4D, 0x2E, 0xB8, 0x61, 0x3F, 0xCE, 0xEC, 0x28,
+    0x53
+};
+
+static uint8_t P384_N[] = {
+    0x02, 0xC7, 0x2C, 0xF2, 0xE3, 0x90, 0x85, 0x3A, 0x1C, 0x1C, 0x4A, 0xD8,
+    0x16, 0xA6, 0x2F, 0xD1, 0x58, 0x24, 0xF5, 0x60, 0x78, 0x91, 0x8F, 0x43,
+    0xF9, 0x22, 0xCA, 0x21, 0x51, 0x8F, 0x9C, 0x54, 0x3B, 0xB2, 0x52, 0xC5,
+    0x49, 0x02, 0x14, 0xCF, 0x9A, 0xA3, 0xF0, 0xBA, 0xAB, 0x4B, 0x66, 0x5C,
+    0x10
+};
+
+static uint8_t P521_M[] = {
+    0x02, 0x00, 0x3F, 0x06, 0xF3, 0x81, 0x31, 0xB2, 0xBA, 0x26, 0x00, 0x79,
+    0x1E, 0x82, 0x48, 0x8E, 0x8D, 0x20, 0xAB, 0x88, 0x9A, 0xF7, 0x53, 0xA4,
+    0x18, 0x06, 0xC5, 0xDB, 0x18, 0xD3, 0x7D, 0x85, 0x60, 0x8C, 0xFA, 0xE0,
+    0x6B, 0x82, 0xE4, 0xA7, 0x2C, 0xD7, 0x44, 0xC7, 0x19, 0x19, 0x35, 0x62,
+    0xA6, 0x53, 0xEA, 0x1F, 0x11, 0x9E, 0xEF, 0x93, 0x56, 0x90, 0x7E, 0xDC,
+    0x9B, 0x56, 0x97, 0x99, 0x62, 0xD7, 0xAA
+};
+
+static uint8_t P521_N[] = {
+    0x02, 0x00, 0xC7, 0x92, 0x4B, 0x9E, 0xC0, 0x17, 0xF3, 0x09, 0x45, 0x62,
+    0x89, 0x43, 0x36, 0xA5, 0x3C, 0x50, 0x16, 0x7B, 0xA8, 0xC5, 0x96, 0x38,
+    0x76, 0x88, 0x05, 0x42, 0xBC, 0x66, 0x9E, 0x49, 0x4B, 0x25, 0x32, 0xD7,
+    0x6C, 0x5B, 0x53, 0xDF, 0xB3, 0x49, 0xFD, 0xF6, 0x91, 0x54, 0xB9, 0xE0,
+    0x04, 0x8C, 0x58, 0xA4, 0x2E, 0x8E, 0xD0, 0x4C, 0xEF, 0x05, 0x2A, 0x3B,
+    0xC3, 0x49, 0xD9, 0x55, 0x75, 0xCD, 0x25
+};
+
+const spake_iana spake_iana_edwards25519 = {
+    SPAKE_GROUP_EDWARDS25519, "edwards25519", 32, 32,
+    edwards25519_M, edwards25519_N, 32
+};
+
+const spake_iana spake_iana_p256 = {
+    SPAKE_GROUP_P256, "P-256", 32, 33, P256_M, P256_N, 32
+};
+
+const spake_iana spake_iana_p384 = {
+    SPAKE_GROUP_P384, "P-384", 48, 49, P384_M, P384_N, 48
+};
+
+const spake_iana spake_iana_p521 = {
+    SPAKE_GROUP_P521, "P-521", 66, 67, P521_M, P521_N, 64
+};
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/iana.h b/krb5-1.21.3/src/plugins/preauth/spake/iana.h
new file mode 100644
index 00000000..1d99c4dd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/iana.h
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/iana.h - SPAKE IANA registry contents */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef IANA_H
+#define IANA_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+typedef enum {
+    SPAKE_SF_NONE = 1,
+} spake_sf_type;
+
+typedef enum {
+    SPAKE_GROUP_EDWARDS25519 = 1,
+    SPAKE_GROUP_P256 = 2,
+    SPAKE_GROUP_P384 = 3,
+    SPAKE_GROUP_P521 = 4,
+} spake_group;
+
+typedef struct {
+    int32_t id;
+    const char *name;
+    size_t mult_len;
+    size_t elem_len;
+    const uint8_t *m;
+    const uint8_t *n;
+    size_t hash_len;
+} spake_iana;
+
+extern const spake_iana spake_iana_edwards25519;
+extern const spake_iana spake_iana_p256;
+extern const spake_iana spake_iana_p384;
+extern const spake_iana spake_iana_p521;
+
+#endif /* IANA_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/openssl.c b/krb5-1.21.3/src/plugins/preauth/spake/openssl.c
new file mode 100644
index 00000000..f2e4b53e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/openssl.c
@@ -0,0 +1,316 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/openssl.c - SPAKE implementations using OpenSSL */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+#include "groups.h"
+#include "iana.h"
+
+#ifdef SPAKE_OPENSSL
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/obj_mac.h>
+#include <openssl/evp.h>
+
+/* OpenSSL 1.1 standardizes constructor and destructor names, renaming
+ * EVP_MD_CTX_create and EVP_MD_CTX_destroy. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
+struct groupdata_st {
+    const groupdef *gdef;
+    EC_GROUP *group;
+    BIGNUM *order;
+    BN_CTX *ctx;
+    EC_POINT *M;
+    EC_POINT *N;
+    const EVP_MD *md;
+};
+
+static void
+ossl_fini(groupdata *gd)
+{
+    if (gd == NULL)
+        return;
+
+    EC_GROUP_free(gd->group);
+    EC_POINT_free(gd->M);
+    EC_POINT_free(gd->N);
+    BN_CTX_free(gd->ctx);
+    BN_free(gd->order);
+    free(gd);
+}
+
+static krb5_error_code
+ossl_init(krb5_context context, const groupdef *gdef, groupdata **gdata_out)
+{
+    const spake_iana *reg = gdef->reg;
+    const EVP_MD *md;
+    groupdata *gd;
+    int nid;
+
+    switch (reg->id) {
+    case SPAKE_GROUP_P256:
+        nid = NID_X9_62_prime256v1;
+        md = EVP_sha256();
+        break;
+    case SPAKE_GROUP_P384:
+        nid = NID_secp384r1;
+        md = EVP_sha384();
+        break;
+    case SPAKE_GROUP_P521:
+        nid = NID_secp521r1;
+        md = EVP_sha512();
+        break;
+    default:
+        return EINVAL;
+    };
+
+    gd = calloc(1, sizeof(*gd));
+    if (gd == NULL)
+        return ENOMEM;
+    gd->gdef = gdef;
+
+    gd->group = EC_GROUP_new_by_curve_name(nid);
+    if (gd->group == NULL)
+        goto error;
+
+    gd->ctx = BN_CTX_new();
+    if (gd->ctx == NULL)
+        goto error;
+
+    gd->order = BN_new();
+    if (gd->order == NULL)
+        goto error;
+    if (!EC_GROUP_get_order(gd->group, gd->order, gd->ctx))
+        goto error;
+
+    gd->M = EC_POINT_new(gd->group);
+    if (gd->M == NULL)
+        goto error;
+    if (!EC_POINT_oct2point(gd->group, gd->M, reg->m, reg->elem_len, gd->ctx))
+        goto error;
+
+    gd->N = EC_POINT_new(gd->group);
+    if (gd->N == NULL)
+        goto error;
+    if (!EC_POINT_oct2point(gd->group, gd->N, reg->n, reg->elem_len, gd->ctx))
+        goto error;
+
+    gd->md = md;
+
+    *gdata_out = gd;
+    return 0;
+
+error:
+    ossl_fini(gd);
+    return ENOMEM;
+}
+
+/* Convert pseudo-random bytes into a scalar value in constant time.
+ * Return NULL on failure. */
+static BIGNUM *
+unmarshal_w(const groupdata *gdata, const uint8_t *wbytes)
+{
+    const spake_iana *reg = gdata->gdef->reg;
+    BIGNUM *w = NULL;
+
+    w = BN_new();
+    if (w == NULL)
+        return NULL;
+
+    BN_set_flags(w, BN_FLG_CONSTTIME);
+
+    if (BN_bin2bn(wbytes, reg->mult_len, w) &&
+        BN_div(NULL, w, w, gdata->order, gdata->ctx))
+        return w;
+
+    BN_free(w);
+    return NULL;
+}
+
+static krb5_error_code
+ossl_keygen(krb5_context context, groupdata *gdata, const uint8_t *wbytes,
+            krb5_boolean use_m, uint8_t *priv_out, uint8_t *pub_out)
+{
+    const spake_iana *reg = gdata->gdef->reg;
+    const EC_POINT *constant = use_m ? gdata->M : gdata->N;
+    krb5_boolean success = FALSE;
+    EC_POINT *pub = NULL;
+    BIGNUM *priv = NULL, *w = NULL;
+    size_t len;
+
+    w = unmarshal_w(gdata, wbytes);
+    if (w == NULL)
+        goto cleanup;
+
+    pub = EC_POINT_new(gdata->group);
+    if (pub == NULL)
+        goto cleanup;
+
+    priv = BN_new();
+    if (priv == NULL)
+        goto cleanup;
+
+    if (!BN_rand_range(priv, gdata->order))
+        goto cleanup;
+
+    /* Compute priv*G + w*constant; EC_POINT_mul() does this in one call. */
+    if (!EC_POINT_mul(gdata->group, pub, priv, constant, w, gdata->ctx))
+        goto cleanup;
+
+    /* Marshal priv into priv_out. */
+    memset(priv_out, 0, reg->mult_len);
+    BN_bn2bin(priv, &priv_out[reg->mult_len - BN_num_bytes(priv)]);
+
+    /* Marshal pub into pub_out. */
+    len = EC_POINT_point2oct(gdata->group, pub, POINT_CONVERSION_COMPRESSED,
+                             pub_out, reg->elem_len, gdata->ctx);
+    if (len != reg->elem_len)
+        goto cleanup;
+
+    success = TRUE;
+
+cleanup:
+    EC_POINT_free(pub);
+    BN_clear_free(priv);
+    BN_clear_free(w);
+    return success ? 0 : ENOMEM;
+}
+
+static krb5_error_code
+ossl_result(krb5_context context, groupdata *gdata, const uint8_t *wbytes,
+            const uint8_t *ourpriv, const uint8_t *theirpub,
+            krb5_boolean use_m, uint8_t *elem_out)
+{
+    const spake_iana *reg = gdata->gdef->reg;
+    const EC_POINT *constant = use_m ? gdata->M : gdata->N;
+    krb5_boolean success = FALSE, invalid = FALSE;
+    EC_POINT *result = NULL, *pub = NULL;
+    BIGNUM *priv = NULL, *w = NULL;
+    size_t len;
+
+    w = unmarshal_w(gdata, wbytes);
+    if (w == NULL)
+        goto cleanup;
+
+    priv = BN_bin2bn(ourpriv, reg->mult_len, NULL);
+    if (priv == NULL)
+        goto cleanup;
+
+    pub = EC_POINT_new(gdata->group);
+    if (pub == NULL)
+        goto cleanup;
+    if (!EC_POINT_oct2point(gdata->group, pub, theirpub, reg->elem_len,
+                            gdata->ctx)) {
+        invalid = TRUE;
+        goto cleanup;
+    }
+
+    /* Compute result = priv*(pub - w*constant), using result to hold the
+     * intermediate steps. */
+    result = EC_POINT_new(gdata->group);
+    if (result == NULL)
+        goto cleanup;
+    if (!EC_POINT_mul(gdata->group, result, NULL, constant, w, gdata->ctx))
+        goto cleanup;
+    if (!EC_POINT_invert(gdata->group, result, gdata->ctx))
+        goto cleanup;
+    if (!EC_POINT_add(gdata->group, result, pub, result, gdata->ctx))
+        goto cleanup;
+    if (!EC_POINT_mul(gdata->group, result, NULL, result, priv, gdata->ctx))
+        goto cleanup;
+
+    /* Marshal result into elem_out. */
+    len = EC_POINT_point2oct(gdata->group, result, POINT_CONVERSION_COMPRESSED,
+                             elem_out, reg->elem_len, gdata->ctx);
+    if (len != reg->elem_len)
+        goto cleanup;
+
+    success = TRUE;
+
+cleanup:
+    BN_clear_free(priv);
+    BN_clear_free(w);
+    EC_POINT_free(pub);
+    EC_POINT_clear_free(result);
+    return invalid ? EINVAL : (success ? 0 : ENOMEM);
+}
+
+static krb5_error_code
+ossl_hash(krb5_context context, groupdata *gdata, const krb5_data *dlist,
+          size_t ndata, uint8_t *result_out)
+{
+    EVP_MD_CTX *ctx;
+    size_t i;
+    int ok;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return ENOMEM;
+    ok = EVP_DigestInit_ex(ctx, gdata->md, NULL);
+    for (i = 0; i < ndata; i++)
+        ok = ok && EVP_DigestUpdate(ctx, dlist[i].data, dlist[i].length);
+    ok = ok && EVP_DigestFinal_ex(ctx, result_out, NULL);
+    EVP_MD_CTX_free(ctx);
+    return ok ? 0 : ENOMEM;
+}
+
+groupdef ossl_P256 = {
+    .reg = &spake_iana_p256,
+    .init = ossl_init,
+    .fini = ossl_fini,
+    .keygen = ossl_keygen,
+    .result = ossl_result,
+    .hash = ossl_hash,
+};
+
+groupdef ossl_P384 = {
+    .reg = &spake_iana_p384,
+    .init = ossl_init,
+    .fini = ossl_fini,
+    .keygen = ossl_keygen,
+    .result = ossl_result,
+    .hash = ossl_hash,
+};
+
+groupdef ossl_P521 = {
+    .reg = &spake_iana_p521,
+    .init = ossl_init,
+    .fini = ossl_fini,
+    .keygen = ossl_keygen,
+    .result = ossl_result,
+    .hash = ossl_hash,
+};
+#endif /* SPAKE_OPENSSL */
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/spake.def b/krb5-1.21.3/src/plugins/preauth/spake/spake.def
new file mode 100644
index 00000000..1b2cf4dc
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/spake.def
@@ -0,0 +1,3 @@
+EXPORTS
+
+	clpreauth_spake_initvt
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/spake.exports b/krb5-1.21.3/src/plugins/preauth/spake/spake.exports
new file mode 100644
index 00000000..81d10022
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/spake.exports
@@ -0,0 +1,2 @@
+clpreauth_spake_initvt
+kdcpreauth_spake_initvt
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/spake_client.c b/krb5-1.21.3/src/plugins/preauth/spake/spake_client.c
new file mode 100644
index 00000000..00734a13
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/spake_client.c
@@ -0,0 +1,388 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/spake_client.c - SPAKE clpreauth module */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-spake.h"
+#include "trace.h"
+#include "util.h"
+#include "iana.h"
+#include "groups.h"
+#include <krb5/clpreauth_plugin.h>
+
+typedef struct reqstate_st {
+    krb5_pa_spake *msg;         /* set in prep_questions, used in process */
+    krb5_keyblock *initial_key;
+    krb5_data *support;
+    krb5_data thash;
+    krb5_data spakeresult;
+} reqstate;
+
+/* Return true if SF-NONE is present in factors. */
+static krb5_boolean
+contains_sf_none(krb5_spake_factor **factors)
+{
+    int i;
+
+    for (i = 0; factors != NULL && factors[i] != NULL; i++) {
+        if (factors[i]->type == SPAKE_SF_NONE)
+            return TRUE;
+    }
+    return FALSE;
+}
+
+static krb5_error_code
+spake_init(krb5_context context, krb5_clpreauth_moddata *moddata_out)
+{
+    krb5_error_code ret;
+    groupstate *gstate;
+
+    ret = group_init_state(context, FALSE, &gstate);
+    if (ret)
+        return ret;
+    *moddata_out = (krb5_clpreauth_moddata)gstate;
+    return 0;
+}
+
+static void
+spake_fini(krb5_context context, krb5_clpreauth_moddata moddata)
+{
+    group_free_state((groupstate *)moddata);
+}
+
+static void
+spake_request_init(krb5_context context, krb5_clpreauth_moddata moddata,
+                   krb5_clpreauth_modreq *modreq_out)
+{
+    *modreq_out = calloc(1, sizeof(reqstate));
+}
+
+static void
+spake_request_fini(krb5_context context, krb5_clpreauth_moddata moddata,
+                   krb5_clpreauth_modreq modreq)
+{
+    reqstate *st = (reqstate *)modreq;
+
+    k5_free_pa_spake(context, st->msg);
+    krb5_free_keyblock(context, st->initial_key);
+    krb5_free_data(context, st->support);
+    krb5_free_data_contents(context, &st->thash);
+    zapfree(st->spakeresult.data, st->spakeresult.length);
+    free(st);
+}
+
+static krb5_error_code
+spake_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
+                     krb5_clpreauth_modreq modreq,
+                     krb5_get_init_creds_opt *opt, krb5_clpreauth_callbacks cb,
+                     krb5_clpreauth_rock rock, krb5_kdc_req *req,
+                     krb5_data *enc_req, krb5_data *enc_prev_req,
+                     krb5_pa_data *pa_data)
+{
+    krb5_error_code ret;
+    groupstate *gstate = (groupstate *)moddata;
+    reqstate *st = (reqstate *)modreq;
+    krb5_data in_data;
+    krb5_spake_challenge *ch;
+
+    if (st == NULL)
+        return ENOMEM;
+
+    /* We don't need to ask any questions to send a support message. */
+    if (pa_data->length == 0)
+        return 0;
+
+    /* Decode the incoming message, replacing any previous one in the request
+     * state.  If we can't decode it, we have no questions to ask. */
+    k5_free_pa_spake(context, st->msg);
+    st->msg = NULL;
+    in_data = make_data(pa_data->contents, pa_data->length);
+    ret = decode_krb5_pa_spake(&in_data, &st->msg);
+    if (ret)
+        return (ret == ENOMEM) ? ENOMEM : 0;
+
+    if (st->msg->choice == SPAKE_MSGTYPE_CHALLENGE) {
+        ch = &st->msg->u.challenge;
+        if (!group_is_permitted(gstate, ch->group))
+            return 0;
+        /* When second factor support is implemented, we should ask questions
+         * based on the factors in the challenge. */
+        if (!contains_sf_none(ch->factors))
+            return 0;
+        /* We will need the AS key to respond to the challenge. */
+        cb->need_as_key(context, rock);
+    } else if (st->msg->choice == SPAKE_MSGTYPE_ENCDATA) {
+        /* When second factor support is implemented, we should decrypt the
+         * encdata message and ask questions based on the factor data. */
+    }
+    return 0;
+}
+
+/*
+ * Output a PA-SPAKE support message indicating which groups we support.  This
+ * may be done for optimistic preauth, in response to an empty message, or in
+ * response to a challenge using a group we do not support.  Save the support
+ * message in st->support.
+ */
+static krb5_error_code
+send_support(krb5_context context, groupstate *gstate, reqstate *st,
+             krb5_pa_data ***pa_out)
+{
+    krb5_error_code ret;
+    krb5_data *support;
+    krb5_pa_spake msg;
+
+    msg.choice = SPAKE_MSGTYPE_SUPPORT;
+    group_get_permitted(gstate, &msg.u.support.groups, &msg.u.support.ngroups);
+    ret = encode_krb5_pa_spake(&msg, &support);
+    if (ret)
+        return ret;
+
+    /* Save the support message for later use in the transcript hash. */
+    ret = krb5_copy_data(context, support, &st->support);
+    if (ret) {
+        krb5_free_data(context, support);
+        return ret;
+    }
+
+    TRACE_SPAKE_SEND_SUPPORT(context);
+    return convert_to_padata(support, pa_out);
+}
+
+static krb5_error_code
+process_challenge(krb5_context context, groupstate *gstate, reqstate *st,
+                  krb5_spake_challenge *ch, const krb5_data *der_msg,
+                  krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                  krb5_prompter_fct prompter, void *prompter_data,
+                  const krb5_data *der_req, krb5_pa_data ***pa_out)
+{
+    krb5_error_code ret;
+    krb5_keyblock *k0 = NULL, *k1 = NULL, *as_key;
+    krb5_spake_factor factor;
+    krb5_pa_spake msg;
+    krb5_data *der_factor = NULL, *response;
+    krb5_data clpriv = empty_data(), clpub = empty_data();
+    krb5_data wbytes = empty_data();
+    krb5_enc_data enc_factor;
+
+    enc_factor.ciphertext = empty_data();
+
+    /* Not expected if we processed a challenge and didn't reject it. */
+    if (st->initial_key != NULL)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    if (!group_is_permitted(gstate, ch->group)) {
+        TRACE_SPAKE_REJECT_CHALLENGE(context, ch->group);
+        /* No point in sending a second support message. */
+        if (st->support != NULL)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        return send_support(context, gstate, st, pa_out);
+    }
+
+    /* Initialize and update the transcript with the concatenation of the
+     * support message (if we sent one) and the received challenge. */
+    ret = update_thash(context, gstate, ch->group, &st->thash, st->support,
+                       der_msg);
+    if (ret)
+        return ret;
+
+    TRACE_SPAKE_RECEIVE_CHALLENGE(context, ch->group, &ch->pubkey);
+
+    /* When second factor support is implemented, we should check for a
+     * supported factor type instead of just checking for SF-NONE. */
+    if (!contains_sf_none(ch->factors))
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    ret = cb->get_as_key(context, rock, &as_key);
+    if (ret)
+        goto cleanup;
+    ret = krb5_copy_keyblock(context, as_key, &st->initial_key);
+    if (ret)
+        goto cleanup;
+    ret = derive_wbytes(context, ch->group, st->initial_key, &wbytes);
+    if (ret)
+        goto cleanup;
+    ret = group_keygen(context, gstate, ch->group, &wbytes, &clpriv, &clpub);
+    if (ret)
+        goto cleanup;
+    ret = group_result(context, gstate, ch->group, &wbytes, &clpriv,
+                       &ch->pubkey, &st->spakeresult);
+    if (ret)
+        goto cleanup;
+
+    ret = update_thash(context, gstate, ch->group, &st->thash, &clpub, NULL);
+    if (ret)
+        goto cleanup;
+    TRACE_SPAKE_CLIENT_THASH(context, &st->thash);
+
+    /* Replace the reply key with K'[0]. */
+    ret = derive_key(context, gstate, ch->group, st->initial_key, &wbytes,
+                     &st->spakeresult, &st->thash, der_req, 0, &k0);
+    if (ret)
+        goto cleanup;
+    ret = cb->set_as_key(context, rock, k0);
+    if (ret)
+        goto cleanup;
+
+    /* Encrypt a SPAKESecondFactor message with K'[1]. */
+    ret = derive_key(context, gstate, ch->group, st->initial_key, &wbytes,
+                     &st->spakeresult, &st->thash, der_req, 1, &k1);
+    if (ret)
+        goto cleanup;
+    /* When second factor support is implemented, we should construct an
+     * appropriate factor here instead of hardcoding SF-NONE. */
+    factor.type = SPAKE_SF_NONE;
+    factor.data = NULL;
+    ret = encode_krb5_spake_factor(&factor, &der_factor);
+    if (ret)
+        goto cleanup;
+    ret = krb5_encrypt_helper(context, k1, KRB5_KEYUSAGE_SPAKE, der_factor,
+                              &enc_factor);
+    if (ret)
+        goto cleanup;
+
+    /* Encode and output a response message. */
+    msg.choice = SPAKE_MSGTYPE_RESPONSE;
+    msg.u.response.pubkey = clpub;
+    msg.u.response.factor = enc_factor;
+    ret = encode_krb5_pa_spake(&msg, &response);
+    if (ret)
+        goto cleanup;
+    TRACE_SPAKE_SEND_RESPONSE(context);
+    ret = convert_to_padata(response, pa_out);
+    if (ret)
+        goto cleanup;
+
+    cb->disable_fallback(context, rock);
+
+cleanup:
+    krb5_free_keyblock(context, k0);
+    krb5_free_keyblock(context, k1);
+    krb5_free_data_contents(context, &enc_factor.ciphertext);
+    krb5_free_data_contents(context, &clpub);
+    zapfree(clpriv.data, clpriv.length);
+    zapfree(wbytes.data, wbytes.length);
+    if (der_factor != NULL) {
+        zapfree(der_factor->data, der_factor->length);
+        free(der_factor);
+    }
+    return ret;
+}
+
+static krb5_error_code
+process_encdata(krb5_context context, reqstate *st, krb5_enc_data *enc,
+                krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+                krb5_prompter_fct prompter, void *prompter_data,
+                const krb5_data *der_prev_req, const krb5_data *der_req,
+                krb5_pa_data ***pa_out)
+{
+    /* Not expected if we haven't sent a response yet. */
+    if (st->initial_key == NULL || st->spakeresult.length == 0)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+
+    /*
+     * When second factor support is implemented, we should process encdata
+     * messages according to the factor type.  We should make sure to re-derive
+     * K'[0] and replace the reply key again, in case the request has changed.
+     * We should use der_prev_req to derive K'[n] to decrypt factor from the
+     * KDC.  We should use der_req to derive K'[n+1] for the next message to
+     * send to the KDC.
+     */
+    return KRB5_PLUGIN_OP_NOTSUPP;
+}
+
+static krb5_error_code
+spake_process(krb5_context context, krb5_clpreauth_moddata moddata,
+              krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+              krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+              krb5_kdc_req *req, krb5_data *der_req, krb5_data *der_prev_req,
+              krb5_pa_data *pa_in, krb5_prompter_fct prompter,
+              void *prompter_data, krb5_pa_data ***pa_out)
+{
+    krb5_error_code ret;
+    groupstate *gstate = (groupstate *)moddata;
+    reqstate *st = (reqstate *)modreq;
+    krb5_data in_data;
+
+    if (st == NULL)
+        return ENOMEM;
+
+    if (pa_in->length == 0) {
+        /* Not expected if we already sent a support message. */
+        if (st->support != NULL)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        return send_support(context, gstate, st, pa_out);
+    }
+
+    if (st->msg == NULL) {
+        /* The message failed to decode in spake_prep_questions(). */
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+    } else if (st->msg->choice == SPAKE_MSGTYPE_CHALLENGE) {
+        in_data = make_data(pa_in->contents, pa_in->length);
+        ret = process_challenge(context, gstate, st, &st->msg->u.challenge,
+                                &in_data, cb, rock, prompter, prompter_data,
+                                der_req, pa_out);
+    } else if (st->msg->choice == SPAKE_MSGTYPE_ENCDATA) {
+        ret = process_encdata(context, st, &st->msg->u.encdata, cb, rock,
+                              prompter, prompter_data, der_prev_req, der_req,
+                              pa_out);
+    } else {
+        /* Unexpected message type */
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+    }
+
+    return ret;
+}
+
+krb5_error_code
+clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+                       krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+    static krb5_preauthtype pa_types[] = { KRB5_PADATA_SPAKE, 0 };
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "spake";
+    vt->pa_type_list = pa_types;
+    vt->init = spake_init;
+    vt->fini = spake_fini;
+    vt->request_init = spake_request_init;
+    vt->request_fini = spake_request_fini;
+    vt->process = spake_process;
+    vt->prep_questions = spake_prep_questions;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c b/krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c
new file mode 100644
index 00000000..1a772d45
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c
@@ -0,0 +1,562 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/spake_kdc.c - SPAKE kdcpreauth module */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-input.h"
+#include "k5-spake.h"
+
+#include "groups.h"
+#include "trace.h"
+#include "iana.h"
+#include "util.h"
+
+#include <krb5/kdcpreauth_plugin.h>
+
+/*
+ * The SPAKE kdcpreauth module uses a secure cookie containing the following
+ * concatenated fields (all integer fields are big-endian):
+ *
+ *     version (16-bit unsigned integer)
+ *     stage (16-bit unsigned integer)
+ *     group (32-bit signed integer)
+ *     SPAKE value (32-bit unsigned length, followed by data)
+ *     Transcript hash (32-bit unsigned length, followed by data)
+ *     Zero or more instances of:
+ *         second-factor number (32-bit signed integer)
+ *         second-factor data (32-bit unsigned length, followed by data)
+ *
+ * The only currently supported version is 1.  stage is 0 if the cookie was
+ * sent with a challenge message.  stage is n>0 if the cookie was sent with an
+ * encdata message encrypted in K'[2n].  group indicates the group number used
+ * in the SPAKE challenge.  The SPAKE value is the KDC private key for a
+ * stage-0 cookie, represented in the scalar marshalling form of the group; for
+ * other cookies, the SPAKE value is the SPAKE result K, represented in the
+ * group element marshalling form.  The transcript hash is the intermediate
+ * hash after updating with the support and challenge messages for a stage-0
+ * cookie, or the final hash for other cookies.  For a stage 0 cookie, there
+ * may be any number of second-factor records, including none (no record is
+ * generated for SF-NONE); for other cookies, there must be exactly one
+ * second-factor record corresponding to the factor type chosen by the client.
+ */
+
+/* From a k5input structure representing the remainder of a secure cookie
+ * plaintext, parse a four-byte length and data. */
+static void
+parse_data(struct k5input *in, krb5_data *out)
+{
+    out->length = k5_input_get_uint32_be(in);
+    out->data = (char *)k5_input_get_bytes(in, out->length);
+    out->magic = KV5M_DATA;
+}
+
+/* Parse a received cookie into its components.  The pointers stored in the
+ * krb5_data outputs are aliases into cookie and should not be freed. */
+static krb5_error_code
+parse_cookie(const krb5_data *cookie, int *stage_out, int32_t *group_out,
+             krb5_data *spake_out, krb5_data *thash_out,
+             krb5_data *factors_out)
+{
+    struct k5input in;
+    int version, stage;
+    int32_t group;
+    krb5_data thash, spake, factors;
+
+    *spake_out = *thash_out = *factors_out = empty_data();
+    k5_input_init(&in, cookie->data, cookie->length);
+
+    /* Parse and check the version, and read the other integer fields. */
+    version = k5_input_get_uint16_be(&in);
+    if (version != 1)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
+    stage = k5_input_get_uint16_be(&in);
+    group = k5_input_get_uint32_be(&in);
+
+    /* Parse the data fields.  The factor data is anything remaining after the
+     * transcript hash. */
+    parse_data(&in, &spake);
+    parse_data(&in, &thash);
+    if (in.status)
+        return in.status;
+    factors = make_data((char *)in.ptr, in.len);
+
+    *stage_out = stage;
+    *group_out = group;
+    *spake_out = spake;
+    *thash_out = thash;
+    *factors_out = factors;
+    return 0;
+}
+
+/* Marshal data into buf as a four-byte length followed by the contents. */
+static void
+marshal_data(struct k5buf *buf, const krb5_data *data)
+{
+    k5_buf_add_uint32_be(buf, data->length);
+    k5_buf_add_len(buf, data->data, data->length);
+}
+
+/* Marshal components into a cookie. */
+static krb5_error_code
+make_cookie(int stage, int32_t group, const krb5_data *spake,
+            const krb5_data *thash, krb5_data *cookie_out)
+{
+    struct k5buf buf;
+
+    *cookie_out = empty_data();
+    k5_buf_init_dynamic_zap(&buf);
+
+    /* Marshal the version, stage, and group. */
+    k5_buf_add_uint16_be(&buf, 1);
+    k5_buf_add_uint16_be(&buf, stage);
+    k5_buf_add_uint32_be(&buf, group);
+
+    /* Marshal the data fields. */
+    marshal_data(&buf, spake);
+    marshal_data(&buf, thash);
+
+    /* When second factor support is implemented, we should add factor data
+     * here. */
+
+    if (buf.data == NULL)
+        return ENOMEM;
+    *cookie_out = make_data(buf.data, buf.len);
+    return 0;
+}
+
+/* Add authentication indicators if any are configured for SPAKE. */
+static krb5_error_code
+add_indicators(krb5_context context, const krb5_data *realm,
+               krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock)
+{
+    krb5_error_code ret;
+    const char *keys[4];
+    char *realmstr, **indicators, **ind;
+
+    realmstr = k5memdup0(realm->data, realm->length, &ret);
+    if (realmstr == NULL)
+        return ret;
+    keys[0] = KRB5_CONF_REALMS;
+    keys[1] = realmstr;
+    keys[2] = KRB5_CONF_SPAKE_PREAUTH_INDICATOR;
+    keys[3] = NULL;
+    ret = profile_get_values(context->profile, keys, &indicators);
+    free(realmstr);
+    if (ret == PROF_NO_RELATION)
+        return 0;
+    if (ret)
+        return ret;
+
+    for (ind = indicators; *ind != NULL && !ret; ind++)
+        ret = cb->add_auth_indicator(context, rock, *ind);
+
+    profile_free_list(indicators);
+    return ret;
+}
+
+/* Initialize a SPAKE module data object. */
+static krb5_error_code
+spake_init(krb5_context context, krb5_kdcpreauth_moddata *moddata_out,
+           const char **realmnames)
+{
+    krb5_error_code ret;
+    groupstate *gstate;
+
+    ret = group_init_state(context, TRUE, &gstate);
+    if (ret)
+        return ret;
+    *moddata_out = (krb5_kdcpreauth_moddata)gstate;
+    return 0;
+}
+
+/* Release a SPAKE module data object. */
+static void
+spake_fini(krb5_context context, krb5_kdcpreauth_moddata moddata)
+{
+    group_free_state((groupstate *)moddata);
+}
+
+/*
+ * Generate a SPAKE challenge message for the specified group.  Use cb and rock
+ * to retrieve the initial reply key and to set a stage-0 cookie.  Invoke
+ * either erespond or vrespond with the result.
+ */
+static void
+send_challenge(krb5_context context, groupstate *gstate, int32_t group,
+               krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+               const krb5_data *support,
+               krb5_kdcpreauth_edata_respond_fn erespond,
+               krb5_kdcpreauth_verify_respond_fn vrespond, void *arg)
+{
+    krb5_error_code ret;
+    const krb5_keyblock *ikey;
+    krb5_pa_data **padata = NULL, *pa;
+    krb5_data kdcpriv = empty_data(), kdcpub = empty_data(), *der_msg = NULL;
+    krb5_data thash = empty_data(), cookie = empty_data();
+    krb5_data wbytes = empty_data();
+    krb5_spake_factor f, *flist[2];
+    krb5_pa_spake msg;
+
+    ikey = cb->client_keyblock(context, rock);
+    if (ikey == NULL) {
+        ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto cleanup;
+    }
+
+    ret = derive_wbytes(context, group, ikey, &wbytes);
+    if (ret)
+        goto cleanup;
+    ret = group_keygen(context, gstate, group, &wbytes, &kdcpriv, &kdcpub);
+    if (ret)
+        goto cleanup;
+
+    /* Encode the challenge.  When second factor support is implemented, we
+     * should construct a factor list instead of hardcoding SF-NONE. */
+    f.type = SPAKE_SF_NONE;
+    f.data = NULL;
+    flist[0] = &f;
+    flist[1] = NULL;
+    msg.choice = SPAKE_MSGTYPE_CHALLENGE;
+    msg.u.challenge.group = group;
+    msg.u.challenge.pubkey = kdcpub;
+    msg.u.challenge.factors = flist;
+    ret = encode_krb5_pa_spake(&msg, &der_msg);
+    if (ret)
+        goto cleanup;
+
+    /* Initialize and update the transcript hash with the support message (if
+     * we received one) and challenge message. */
+    ret = update_thash(context, gstate, group, &thash, support, der_msg);
+    if (ret)
+        goto cleanup;
+
+    /* Save the group, transcript hash, and private key in a stage-0 cookie.
+     * When second factor support is implemented, also save factor state. */
+    ret = make_cookie(0, group, &kdcpriv, &thash, &cookie);
+    if (ret)
+        goto cleanup;
+    ret = cb->set_cookie(context, rock, KRB5_PADATA_SPAKE, &cookie);
+    if (ret)
+        goto cleanup;
+
+    ret = convert_to_padata(der_msg, &padata);
+    der_msg = NULL;
+    TRACE_SPAKE_SEND_CHALLENGE(context, group);
+
+cleanup:
+    zapfree(wbytes.data, wbytes.length);
+    zapfree(kdcpriv.data, kdcpriv.length);
+    zapfree(cookie.data, cookie.length);
+    krb5_free_data_contents(context, &kdcpub);
+    krb5_free_data_contents(context, &thash);
+    krb5_free_data(context, der_msg);
+
+    if (erespond != NULL) {
+        assert(vrespond == NULL);
+        /* Grab the first pa-data element from the list, if we made one. */
+        pa = (padata == NULL) ? NULL : padata[0];
+        free(padata);
+        (*erespond)(arg, ret, pa);
+    } else {
+        assert(vrespond != NULL);
+        if (!ret)
+            ret = KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED;
+        (*vrespond)(arg, ret, NULL, padata, NULL);
+    }
+}
+
+/* Generate the METHOD-DATA entry indicating support for SPAKE.  Include an
+ * optimistic challenge if configured to do so. */
+static void
+spake_edata(krb5_context context, krb5_kdc_req *req,
+            krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+            krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
+            krb5_kdcpreauth_edata_respond_fn respond, void *arg)
+{
+    const krb5_keyblock *ikey;
+    groupstate *gstate = (groupstate *)moddata;
+    krb5_data empty = empty_data();
+    int32_t group;
+
+    /* SPAKE requires a client key, which cannot be a single-DES key. */
+    ikey = cb->client_keyblock(context, rock);
+    if (ikey == NULL) {
+        (*respond)(arg, KRB5KDC_ERR_ETYPE_NOSUPP, NULL);
+        return;
+    }
+
+    group = group_optimistic_challenge(gstate);
+    if (group) {
+        send_challenge(context, gstate, group, cb, rock, &empty, respond, NULL,
+                       arg);
+    } else {
+        /* No optimistic challenge configured; send an empty pa-data value. */
+        (*respond)(arg, 0, NULL);
+    }
+}
+
+/* Choose a group from the client's support message and generate a
+ * challenge. */
+static void
+verify_support(krb5_context context, groupstate *gstate,
+               krb5_spake_support *support, const krb5_data *der_msg,
+               krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+               krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    int32_t i, group;
+
+    for (i = 0; i < support->ngroups; i++) {
+        if (group_is_permitted(gstate, support->groups[i]))
+            break;
+    }
+    if (i == support->ngroups) {
+        TRACE_SPAKE_REJECT_SUPPORT(context);
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto error;
+    }
+    group = support->groups[i];
+    TRACE_SPAKE_RECEIVE_SUPPORT(context, group);
+
+    send_challenge(context, gstate, group, cb, rock, der_msg, NULL, respond,
+                   arg);
+    return;
+
+error:
+    (*respond)(arg, ret, NULL, NULL, NULL);
+}
+
+/*
+ * From the client's response message, compute the SPAKE result and decrypt the
+ * factor reply.  On success, either mark the reply as pre-authenticated and
+ * set a reply key in the pre-request module data, or generate an additional
+ * factor challenge and ask for another round of pre-authentication.
+ */
+static void
+verify_response(krb5_context context, groupstate *gstate,
+                krb5_spake_response *resp, const krb5_data *realm,
+                krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+                krb5_enc_tkt_part *enc_tkt_reply,
+                krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    const krb5_keyblock *ikey;
+    krb5_keyblock *k1 = NULL, *reply_key = NULL;
+    krb5_data cookie, thash_in, kdcpriv, factors, *der_req;
+    krb5_data thash = empty_data(), der_factor = empty_data();
+    krb5_data wbytes = empty_data(), spakeresult = empty_data();
+    krb5_spake_factor *factor = NULL;
+    int stage;
+    int32_t group;
+
+    ikey = cb->client_keyblock(context, rock);
+    if (ikey == NULL) {
+        ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto cleanup;
+    }
+
+    /* Fetch the stage-0 cookie and parse it.  (All of the krb5_data results
+     * are aliases into memory owned by rock). */
+    if (!cb->get_cookie(context, rock, KRB5_PADATA_SPAKE, &cookie)) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+    ret = parse_cookie(&cookie, &stage, &group, &kdcpriv, &thash_in, &factors);
+    if (ret)
+        goto cleanup;
+    if (stage != 0) {
+        /* The received cookie wasn't sent with a challenge. */
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+    TRACE_SPAKE_RECEIVE_RESPONSE(context, &resp->pubkey);
+
+    /* Update the transcript hash with the client public key. */
+    ret = krb5int_copy_data_contents(context, &thash_in, &thash);
+    if (ret)
+        goto cleanup;
+    ret = update_thash(context, gstate, group, &thash, &resp->pubkey, NULL);
+    if (ret)
+        goto cleanup;
+    TRACE_SPAKE_KDC_THASH(context, &thash);
+
+    ret = derive_wbytes(context, group, ikey, &wbytes);
+    if (ret)
+        goto cleanup;
+    ret = group_result(context, gstate, group, &wbytes, &kdcpriv,
+                       &resp->pubkey, &spakeresult);
+    if (ret)
+        goto cleanup;
+
+    /* Decrypt the response factor field using K'[1].  If the decryption
+     * integrity check fails, the client probably used the wrong password. */
+    der_req = cb->request_body(context, rock);
+    ret = derive_key(context, gstate, group, ikey, &wbytes, &spakeresult,
+                     &thash, der_req, 1, &k1);
+    if (ret)
+        goto cleanup;
+    ret = alloc_data(&der_factor, resp->factor.ciphertext.length);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_decrypt(context, k1, KRB5_KEYUSAGE_SPAKE, NULL, &resp->factor,
+                         &der_factor);
+    if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+    if (ret)
+        goto cleanup;
+    ret = decode_krb5_spake_factor(&der_factor, &factor);
+    if (ret)
+        goto cleanup;
+
+    /*
+     * When second factor support is implemented, we should verify the factor
+     * data here, and possibly generate an encdata message for another hop.
+     * This function may need to be split at this point to allow for
+     * asynchronous verification of the second-factor value.  We might also
+     * need to collect authentication indicators from the second-factor module;
+     * alternatively the module could have access to cb and rock so that it can
+     * add indicators itself.
+     */
+    if (factor->type != SPAKE_SF_NONE) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    ret = add_indicators(context, realm, cb, rock);
+    if (ret)
+        goto cleanup;
+
+    enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+
+    ret = derive_key(context, gstate, group, ikey, &wbytes, &spakeresult,
+                     &thash, der_req, 0, &reply_key);
+    if (ret)
+        goto cleanup;
+
+    ret = cb->replace_reply_key(context, rock, reply_key, TRUE);
+
+cleanup:
+    zapfree(wbytes.data, wbytes.length);
+    zapfree(der_factor.data, der_factor.length);
+    zapfree(spakeresult.data, spakeresult.length);
+    krb5_free_data_contents(context, &thash);
+    krb5_free_keyblock(context, k1);
+    krb5_free_keyblock(context, reply_key);
+    k5_free_spake_factor(context, factor);
+    (*respond)(arg, ret, NULL, NULL, NULL);
+}
+
+/*
+ * Decrypt and validate an additional second-factor reply.  On success, either
+ * mark the reply as pre-authenticated and set a reply key in the pre-request
+ * module data, or generate an additional factor challenge and ask for another
+ * round of pre-authentication.
+ */
+static void
+verify_encdata(krb5_context context, krb5_enc_data *enc,
+               krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+               krb5_enc_tkt_part *enc_tkt_reply,
+               krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    /*
+     * When second factor support is implemented, we should process encdata
+     * message according to the factor type recorded in the cookie.  If the
+     * second factor exchange finishes successfully, we should set
+     * TKT_FLG_PRE_AUTH, set the reply key to K'[0], and add any auth
+     * indicators from configuration (with a call to add_indicators()) or the
+     * second factor module (unless the module has access to cb and rock and
+     * can add indicators itself).
+     */
+    (*respond)(arg, KRB5KDC_ERR_PREAUTH_FAILED, NULL, NULL, NULL);
+}
+
+/*
+ * Respond to a client padata message, either by generating a SPAKE challenge,
+ * generating an additional second-factor challenge, or marking the reply as
+ * pre-authenticated and setting an additional reply key in the pre-request
+ * module data.
+ */
+static void
+spake_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+             krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
+             krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+             krb5_kdcpreauth_moddata moddata,
+             krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    krb5_pa_spake *pa_spake = NULL;
+    krb5_data in_data = make_data(data->contents, data->length);
+    groupstate *gstate = (groupstate *)moddata;
+
+    ret = decode_krb5_pa_spake(&in_data, &pa_spake);
+    if (ret) {
+        (*respond)(arg, ret, NULL, NULL, NULL);
+    } else if (pa_spake->choice == SPAKE_MSGTYPE_SUPPORT) {
+        verify_support(context, gstate, &pa_spake->u.support, &in_data, cb,
+                       rock, respond, arg);
+    } else if (pa_spake->choice == SPAKE_MSGTYPE_RESPONSE) {
+        verify_response(context, gstate, &pa_spake->u.response,
+                        &request->server->realm, cb, rock, enc_tkt_reply,
+                        respond, arg);
+    } else if (pa_spake->choice == SPAKE_MSGTYPE_ENCDATA) {
+        verify_encdata(context, &pa_spake->u.encdata, cb, rock, enc_tkt_reply,
+                       respond, arg);
+    } else {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+        k5_setmsg(context, ret, _("Unknown SPAKE request type"));
+        (*respond)(arg, ret, NULL, NULL, NULL);
+    }
+
+    k5_free_pa_spake(context, pa_spake);
+}
+
+krb5_error_code
+kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+                        krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_spake_initvt(krb5_context context, int maj_ver, int min_ver,
+                        krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+    static krb5_preauthtype pa_types[] = { KRB5_PADATA_SPAKE, 0 };
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "spake";
+    vt->pa_type_list = pa_types;
+    vt->init = spake_init;
+    vt->fini = spake_fini;
+    vt->edata = spake_edata;
+    vt->verify = spake_verify;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/t_krb5.conf b/krb5-1.21.3/src/plugins/preauth/spake/t_krb5.conf
new file mode 100644
index 00000000..65fdaec6
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/t_krb5.conf
@@ -0,0 +1,2 @@
+[libdefaults]
+	spake_preauth_groups = edwards25519
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/t_vectors.c b/krb5-1.21.3/src/plugins/preauth/spake/t_vectors.c
new file mode 100644
index 00000000..2279202d
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/t_vectors.c
@@ -0,0 +1,476 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/t_vectors.c - SPAKE test vector verification */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-hex.h"
+#include "groups.h"
+#include "iana.h"
+#include "util.h"
+#include <ctype.h>
+
+struct test {
+    krb5_enctype enctype;
+    int32_t group;
+    const char *ikey;
+    const char *w;
+    const char *x;
+    const char *y;
+    const char *T;
+    const char *S;
+    const char *K;
+    const char *support;
+    const char *challenge;
+    const char *thash;
+    const char *body;
+    const char *K0;
+    const char *K1;
+    const char *K2;
+    const char *K3;
+} tests[] = {
+    { ENCTYPE_DES3_CBC_SHA1, SPAKE_GROUP_EDWARDS25519,
+      /* initial key, w, x, y, T, S, K */
+      "850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E",
+      "686D84730CB8679AE95416C6567C6A63F2C9CEF124F7A3371AE81E11CAD42A37",
+      "201012D07BFD48DDFA33C4AAC4FB1E229FB0D043CFE65EBFB14399091C71A723",
+      "500B294797B8B042ACA1BEDC0F5931A4F52C537B3608B2D05CC8A2372F439F25",
+      "18F511E750C97B592ACD30DB7D9E5FCA660389102E6BF610C1BFBED4616C8362",
+      "5D10705E0D1E43D5DBF30240CCFBDE4A0230C70D4C79147AB0B317EDAD2F8AE7",
+      "25BDE0D875F0FEB5755F45BA5E857889D916ECF7476F116AA31DC3E037EC4292",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020101",
+      "A1363034A003020101A122042018F511E750C97B592ACD30DB7D9E5FCA660389"
+      "102E6BF610C1BFBED4616C8362A20930073005A003020101",
+      "EAAA08807D0616026FF51C849EFBF35BA0CE3C5300E7D486DA46351B13D4605B",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020110",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "BAF12FAE7CD958CBF1A29BFBC71F89CE49E03E295D89DAFD",
+      "64F73DD9C41908206BCEC1F719026B574F9D13463D7A2520",
+      "0454520B086B152C455829E6BAEFF78A61DFE9E3D04A895D",
+      "4A92260B25E3EF94C125D5C24C3E5BCED5B37976E67F25C4",
+    },
+
+    { ENCTYPE_ARCFOUR_HMAC, SPAKE_GROUP_EDWARDS25519,
+      /* initial key, w, x, y, T, S, K */
+      "8846F7EAEE8FB117AD06BDD830B7586C",
+      "7C86659D29CF2B2EA93BFE79C3CEFB8850E82215B3EA6FCD896561D48048F49C",
+      "C8A62E7B626F44CAD807B2D695450697E020D230A738C5CD5691CC781DCE8754",
+      "18FE7C1512708C7FD06DB270361F04593775BC634CEAF45347E5C11C38AAE017",
+      "7DB465F1C08C64983A19F560BCE966FE5306C4B447F70A5BCA14612A92DA1D63",
+      "38F8D4568090148EBC9FD17C241B4CC2769505A7CA6F3F7104417B72B5B5CF54",
+      "03E75EDD2CD7E7677642DD68736E91700953AC55DC650E3C2A1B3B4ACDB800F8",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020101",
+      "A1363034A003020101A12204207DB465F1C08C64983A19F560BCE966FE5306C4"
+      "B447F70A5BCA14612A92DA1D63A20930073005A003020101",
+      "F4B208458017DE6EF7F6A307D47D87DB6C2AF1D291B726860F68BC08BFEF440A",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020117",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "770B720C82384CBB693E85411EEDECBA",
+      "621DEEC88E2865837C4D3462BB50A1D5",
+      "1CC8F6333B9FA3B42662FD9914FBD5BB",
+      "EDB4032B7FC3806D5211A534DCBC390C",
+    },
+
+    { ENCTYPE_AES128_CTS_HMAC_SHA1_96, SPAKE_GROUP_EDWARDS25519,
+      /* initial key, w, x, y, T, S, K */
+      "FCA822951813FB252154C883F5EE1CF4",
+      "0D591B197B667E083C2F5F98AC891D3C9F99E710E464E62F1FB7C9B67936F3EB",
+      "50BE049A5A570FA1459FB9F666E6FD80602E4E87790A0E567F12438A2C96C138",
+      "B877AFE8612B406D96BE85BD9F19D423E95BE96C0E1E0B5824127195C3ED5917",
+      "9E9311D985C1355E022D7C3C694AD8D6F7AD6D647B68A90B0FE46992818002DA",
+      "FBE08F7F96CD5D4139E7C9ECCB95E79B8ACE41E270A60198C007DF18525B628E",
+      "C2F7F99997C585E6B686CEB62DB42F17CC70932DEF3BB4CF009E36F22EA5473D",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020101",
+      "A1363034A003020101A12204209E9311D985C1355E022D7C3C694AD8D6F7AD6D"
+      "647B68A90B0FE46992818002DAA20930073005A003020101",
+      "951285F107C87F0169B9C918A1F51F60CB1A75B9F8BB799A99F53D03ADD94B5F",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020111",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "548022D58A7C47EAE8C49DCCF6BAA407",
+      "B2C9BA0E13FC8AB3A9D96B51B601CF4A",
+      "69F0EE5FDB6C237E7FCD38D9F87DF1BD",
+      "78F91E2240B5EE528A5CC8D7CBEBFBA5",
+    },
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, SPAKE_GROUP_EDWARDS25519,
+      /* initial key, w, x, y, T, S, K */
+      "01B897121D933AB44B47EB5494DB15E50EB74530DBDAE9B634D65020FF5D88C1",
+      "E902341590A1B4BB4D606A1C643CCCB3F2108F1B6AA97B381012B9400C9E3F4E",
+      "88C6C0A4F0241EF217C9788F02C32D00B72E4310748CD8FB5F94717607E6417D",
+      "88B859DF58EF5C69BACDFE681C582754EAAB09A74DC29CFF50B328613C232F55",
+      "6F301AACAE1220E91BE42868C163C5009AEEA1E9D9E28AFCFC339CDA5E7105B5",
+      "9E2CC32908FC46273279EC75354B4AEAFA70C3D99A4D507175ED70D80B255DDA",
+      "CF57F58F6E60169D2ECC8F20BB923A8E4C16E5BC95B9E64B5DC870DA7026321B",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020101",
+      "A1363034A003020101A12204206F301AACAE1220E91BE42868C163C5009AEEA1"
+      "E9D9E28AFCFC339CDA5E7105B5A20930073005A003020101",
+      "1C605649D4658B58CBE79A5FAF227ACC16C355C58B7DADE022F90C158FE5ED8E",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020112",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "A9BFA71C95C575756F922871524B65288B3F695573CCC0633E87449568210C23",
+      "1865A9EE1EF0640EC28AC007391CAC624C42639C714767A974E99AA10003015F",
+      "E57781513FEFDB978E374E156B0DA0C1A08148F5EB26B8E157AC3C077E28BF49",
+      "008E6487293C3CC9FABBBCDD8B392D6DCB88222317FD7FE52D12FBC44FA047F1",
+    },
+
+#ifdef SPAKE_OPENSSL
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, SPAKE_GROUP_P256,
+      /* initial key, w, x, y, T, S, K */
+      "01B897121D933AB44B47EB5494DB15E50EB74530DBDAE9B634D65020FF5D88C1",
+      "EB2984AF18703F94DD5288B8596CD36988D0D4E83BFB2B44DE14D0E95E2090BD",
+      "935DDD725129FB7C6288E1A5CC45782198A6416D1775336D71EACD0549A3E80E",
+      "E07405EB215663ABC1F254B8ADC0DA7A16FEBAA011AF923D79FDEF7C42930B33",
+      "024F62078CEB53840D02612195494D0D0D88DE21FEEB81187C71CBF3D01E71788D",
+      "021D07DC31266FC7CFD904CE2632111A169B7EC730E5F74A7E79700F86638E13C8",
+      "0268489D7A9983F2FDE69C6E6A1307E9D252259264F5F2DFC32F58CCA19671E79B",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020102",
+      "A1373035A003020102A1230421024F62078CEB53840D02612195494D0D0D88DE"
+      "21FEEB81187C71CBF3D01E71788DA20930073005A003020101",
+      "20AD3C1A9A90FC037D1963A1C4BFB15AB4484D7B6CF07B12D24984F14652DE60",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020112",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "7D3B906F7BE49932DB22CD3463F032D06C9C078BE4B1D076D201FC6E61EF531E",
+      "17D74E36F8993841FBB7FEB12FA4F011243D3AE4D2ACE55B39379294BBC4DB2C",
+      "D192C9044081A2AA6A97A6C69E2724E8E5671C2C9CE073DD439CDBAF96D7DAB0",
+      "41E5BAD6B67F12C53CE0E2720DD6A9887F877BF9463C2D5209C74C36F8D776B7",
+    },
+
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, SPAKE_GROUP_P384,
+      /* initial key, w, x, y, T, S, K */
+      "01B897121D933AB44B47EB5494DB15E50EB74530DBDAE9B634D65020FF5D88C1",
+      "0304CFC55151C6BBE889653DB96DBFE0BA4ACAFC024C1E8840CB3A486F6D80C1"
+      "6E1B8974016AA4B7FA43042A9B3825B1",
+      "F323CA74D344749096FD35D0ADF20806E521460637176E84D977E9933C49D76F"
+      "CFC6E62585940927468FF53D864A7A50",
+      "5B7C709ACB175A5AFB82860DEABCA8D0B341FACDFF0AC0F1A425799AA905D750"
+      "7E1EA9C573581A81467437419466E472",
+      "02A1524603EF14F184696F854229D3397507A66C63F841BA748451056BE07879"
+      "AC298912387B1C5CDFF6381C264701BE57",
+      "020D5ADFDB92BC377041CF5837412574C5D13E0F4739208A4F0C859A0A302BC6"
+      "A533440A245B9D97A0D34AF5016A20053D",
+      "0264AA8C61DA9600DFB0BEB5E46550D63740E4EF29E73F1A30D543EB43C25499"
+      "037AD16538586552761B093CF0E37C703A",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020103",
+      "A1473045A003020103A133043102A1524603EF14F184696F854229D3397507A6"
+      "6C63F841BA748451056BE07879AC298912387B1C5CDFF6381C264701BE57A209"
+      "30073005A003020101",
+      "5AC0D99EF9E5A73998797FE64F074673E3952DEC4C7D1AACCE8B75F64D2B0276"
+      "A901CB8539B4E8ED69E4DB0CE805B47B",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020112",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "B917D37C16DD1D8567FBE379F64E1EE36CA3FD127AA4E60F97E4AFA3D9E56D91",
+      "93D40079DAB229B9C79366829F4E7E7282E6A4B943AC7BAC69922D516673F49A",
+      "BFC4F16F12F683E71589F9A888E232875EF293AC9793DB6C919567CD7B94BCD4",
+      "3630E2B5B99938E7506733141E8EC344166F6407E5FC2EF107C156E764D1BC20",
+    },
+
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, SPAKE_GROUP_P521,
+      /* initial key, w, x, y, T, S, K */
+      "01B897121D933AB44B47EB5494DB15E50EB74530DBDAE9B634D65020FF5D88C1",
+      "DE3A095A2B2386EFF3EB15B735398DA1CAF95BC8425665D82370AFF58B0471F3"
+      "4A57BCCDDF1EBF0A2965B58A93EE5B45E85D1A5435D1C8C83662999722D54283"
+      "1F9A",
+      "017C38701A14B490B6081DFC83524562BE7FBB42E0B20426465E3E37952D30BC"
+      "AB0ED857010255D44936A1515607964A870C7C879B741D878F9F9CDF5A865306"
+      "F3F5",
+      "003E2E2950656FA231E959ACDD984D125E7FA59CEC98126CBC8F3888447911EB"
+      "CD49428A1C22D5FDB76A19FBEB1D9EDFA3DA6CF55B158B53031D05D51433ADE9"
+      "B2B4",
+      "02017D3DE19A3EC53D0174905665EF37947D142535102CD9809C0DFBD0DFE007"
+      "353D54CF406CE2A59950F2BB540DF6FBE75F8BBBEF811C9BA06CC275ADBD9675"
+      "6696EC",
+      "02004D142D87477841F6BA053C8F651F3395AD264B7405CA5911FB9A55ABD454"
+      "FEF658A5F9ED97D1EFAC68764E9092FA15B9E0050880D78E95FD03ABF5931791"
+      "6822B5",
+      "03007C303F62F09282CC849490805BD4457A6793A832CBEB55DF427DB6A31E99"
+      "B055D5DC99756D24D47B70AD8B6015B0FB8742A718462ED423B90FA3FE631AC1"
+      "3FA916",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020104",
+      "A1593057A003020104A145044302017D3DE19A3EC53D0174905665EF37947D14"
+      "2535102CD9809C0DFBD0DFE007353D54CF406CE2A59950F2BB540DF6FBE75F8B"
+      "BBEF811C9BA06CC275ADBD96756696ECA20930073005A003020101",
+      "8D6A89AE4D80CC4E47B6F4E48EA3E57919CC69598D0D3DC7C8BD49B6F1DB1409"
+      "CA0312944CD964E213ABA98537041102237CFF5B331E5347A0673869B412302E",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020112",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "1EB3D10BEE8FAB483ADCD3EB38F3EBF1F4FEB8DB96ECC035F563CF2E1115D276",
+      "482B92781CE57F49176E4C94153CC622FE247A7DBE931D1478315F856F085890",
+      "A2C215126DD3DF280AAB5A27E1E0FB7E594192CBFF8D6D8E1B6F1818D9BB8FAC",
+      "CC06603DE984324013A01F888DE6D43B410A4DA2DEA53509F30E433C352FB668",
+    },
+#endif /* SPAKE_OPENSSL */
+
+    /* Successful optimistic challenge (no support message in transcript) */
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, SPAKE_GROUP_EDWARDS25519,
+      /* initial key, w, x, y, T, S, K */
+      "01B897121D933AB44B47EB5494DB15E50EB74530DBDAE9B634D65020FF5D88C1",
+      "E902341590A1B4BB4D606A1C643CCCB3F2108F1B6AA97B381012B9400C9E3F4E",
+      "70937207344CAFBC53C8A55070E399C584CBAFCE00B836980DD4E7E74FAD2A64",
+      "785D6801A2490DF028903AC6449B105F2FF0DB895B252953CDC2076649526103",
+      "83523B35F1565006CBFC4F159885467C2FB9BC6FE23D36CB1DA43D199F1A3118",
+      "2A8F70F46CEE9030700037B77F22CEC7970DCC238E3E066D9D726BAF183992C6",
+      "D3C5E4266AA6D1B2873A97CE8AF91C7E4D7A7AC456ACCED7908D34C561AD8FA6",
+      /* support, challenge, thash, body */
+      NULL,
+      "A1363034A003020101A122042083523B35F1565006CBFC4F159885467C2FB9BC"
+      "6FE23D36CB1DA43D199F1A3118A20930073005A003020101",
+      "26F07F9F8965307434D11EA855461D41E0CBABCC0A1BAB48ECEE0C6C1A4292B7",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020112",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "4569EC08B5DE5C3CC19D941725913ACE8D74524B521A341DC746ACD5C3784D92",
+      "0D96CE1A4AC0F2E280A0CFC31742B06461D83D04AE45433DB2D80478DD882A4C",
+      "58018C19315A1BA5D5BB9813B58029F0AEC18A6F9CA59E0847DE1C60BC25945C",
+      "ED7E9BFFD68C54D86FB19CD3C03F317F88A71AD9A5E94C28581D93FC4EC72B6A",
+    },
+
+#ifdef SPAKE_OPENSSL
+    /* Rejected optimistic challenge (no support message in transcript),
+     * falling back from edwards25519 to P-521 */
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96, SPAKE_GROUP_P521,
+      /* initial key, w, x, y, T, S, K */
+      "01B897121D933AB44B47EB5494DB15E50EB74530DBDAE9B634D65020FF5D88C1",
+      "DE3A095A2B2386EFF3EB15B735398DA1CAF95BC8425665D82370AFF58B0471F3"
+      "4A57BCCDDF1EBF0A2965B58A93EE5B45E85D1A5435D1C8C83662999722D54283"
+      "1F9A",
+      "01687B59051BF40048D7C31D5A973D792FA12284B7A447E7F5938B5885CA0BB2"
+      "C3F0BD30291A55FEA08E143E2E04BDD7D19B753C7C99032F06CAB0D9C2AA8F83"
+      "7EF7",
+      "01DED675EBF74FE30C9A53710F577E9CF84F09F6048FE245A4600004884CC167"
+      "733F9A9E43108FB83BABE8754CD37CBD7025E28BC9FF870F084C7244F536285E"
+      "25B4",
+      "02014CB2E5B592ECE5990F0EF30D308C061DE1598BC4272B4A6599BED466FD15"
+      "21693642ABCF4DBE36CE1A2D13967DE45F6C4F8D0FA8E14428BF03FB96EF5F1E"
+      "D3E645",
+      "02016C64995E804416F748FD5FA3AA678CBC7CBB596A4F523132DC8AF7CE84E5"
+      "41F484A2C74808C6B21DCF7775BAEFA6753398425BECC7B838B210AC5DAA0CB0"
+      "B710E2",
+      "0200997F4848AE2E7A98C23D14AC662030743AB37FCCC2A45F1C721114F40BCC"
+      "80FE6EC6ABA49868F8AEA1AA994D50E81B86D3E4D3C1130C8695B68907C673D9"
+      "E5886A",
+      /* support, challenge, thash, body */
+      "A0093007A0053003020104",
+      "A1593057A003020104A145044302014CB2E5B592ECE5990F0EF30D308C061DE1"
+      "598BC4272B4A6599BED466FD1521693642ABCF4DBE36CE1A2D13967DE45F6C4F"
+      "8D0FA8E14428BF03FB96EF5F1ED3E645A20930073005A003020101",
+      "D0EFED5E3E2C39C26034756D92A66FEC3082AD793D0197F3F89AD36026F146A3"
+      "996E548AA3FC49E2E82F8CAC5D132C505AA475B39E7BE79CDED22C26C41AA777",
+      "3075A00703050000000000A1143012A003020101A10B30091B07726165627572"
+      "6EA2101B0E415448454E412E4D49542E454455A3233021A003020102A11A3018"
+      "1B066B72627467741B0E415448454E412E4D49542E454455A511180F31393730"
+      "303130313030303030305AA703020100A8053003020112",
+      /* K'[0], K'[1], K'[2], K'[3] */
+      "631FCC8596E7F40E59045950D72AA0B7BAC2810A07B767050E983841CF3A2D4C",
+      "881464920117074DBC67155A8F3341D1121EF65F78EA0380BFA81A134C1C47B1",
+      "377B72AC3AF2CAAD582D73AE4682FD56B531EE56706200DD6C38C42B8219837A",
+      "35AD8E4D580ED3F0D15AD928329773C081BD19F9A56363F3A5F77C7E66108C26",
+    },
+#endif /* SPAKE_OPENSSL */
+};
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        assert(errmsg != NULL);
+        abort();
+    }
+}
+
+static void
+check_key_equal(const krb5_keyblock *kb1, const krb5_keyblock *kb2)
+{
+    assert(kb1->enctype == kb2->enctype);
+    assert(kb1->length == kb2->length);
+    assert(memcmp(kb1->contents, kb2->contents, kb1->length) == 0);
+}
+
+static krb5_data *
+decode_data(const char *s)
+{
+    uint8_t *bytes;
+    size_t len;
+    krb5_data *d;
+
+    if (k5_hex_decode(s, &bytes, &len) != 0)
+        abort();
+    d = malloc(sizeof(*d));
+    assert(d != NULL);
+    *d = make_data(bytes, len);
+    return d;
+}
+
+static krb5_keyblock *
+decode_keyblock(krb5_enctype enctype, const char *s)
+{
+    uint8_t *bytes;
+    size_t len;
+    krb5_keyblock *kb;
+
+    if (k5_hex_decode(s, &bytes, &len) != 0)
+        abort();
+    kb = malloc(sizeof(*kb));
+    kb->magic = KV5M_KEYBLOCK;
+    kb->enctype = enctype;
+    kb->length = len;
+    kb->contents = bytes;
+    return kb;
+}
+
+static void
+run_test(const struct test *t)
+{
+    groupstate *gstate;
+    krb5_keyblock *ikey, *K0, *K1, *K2, *K3, *kb;
+    krb5_data *w, *x, *y, *T, *S, *K, *support, *challenge, *thash;
+    krb5_data *body, wbytes, result, hash, empty = empty_data();
+
+    /* Decode hex strings into keyblocks and byte strings. */
+    ikey = decode_keyblock(t->enctype, t->ikey);
+    w = decode_data(t->w);
+    x = decode_data(t->x);
+    y = decode_data(t->y);
+    T = decode_data(t->T);
+    S = decode_data(t->S);
+    K = decode_data(t->K);
+    support = (t->support != NULL) ? decode_data(t->support) : NULL;
+    challenge = decode_data(t->challenge);
+    thash = decode_data(t->thash);
+    body = decode_data(t->body);
+    K0 = decode_keyblock(t->enctype, t->K0);
+    K1 = decode_keyblock(t->enctype, t->K1);
+    K2 = decode_keyblock(t->enctype, t->K2);
+    K3 = decode_keyblock(t->enctype, t->K3);
+
+    check(derive_wbytes(ctx, t->group, ikey, &wbytes));
+    assert(data_eq(*w, wbytes));
+
+    /* Verify KDC-side result computation. */
+    check(group_init_state(ctx, TRUE, &gstate));
+    check(group_result(ctx, gstate, t->group, &wbytes, x, S, &result));
+    assert(data_eq(*K, result));
+    krb5_free_data_contents(ctx, &result);
+    group_free_state(gstate);
+
+    /* Verify client-side result computation. */
+    check(group_init_state(ctx, FALSE, &gstate));
+    check(group_result(ctx, gstate, t->group, &wbytes, y, T, &result));
+    assert(data_eq(*K, result));
+    krb5_free_data_contents(ctx, &result);
+
+    /* Verify transcript hash. */
+    hash = empty_data();
+    check(update_thash(ctx, gstate, t->group, &hash, support, challenge));
+    check(update_thash(ctx, gstate, t->group, &hash, S, &empty));
+    assert(data_eq(*thash, hash));
+    krb5_free_data_contents(ctx, &hash);
+
+    /* Verify derived keys. */
+    check(derive_key(ctx, gstate, t->group, ikey, &wbytes, K, thash, body, 0,
+                     &kb));
+    check_key_equal(K0, kb);
+    krb5_free_keyblock(ctx, kb);
+    check(derive_key(ctx, gstate, t->group, ikey, &wbytes, K, thash, body, 1,
+                     &kb));
+    check_key_equal(K1, kb);
+    krb5_free_keyblock(ctx, kb);
+    check(derive_key(ctx, gstate, t->group, ikey, &wbytes, K, thash, body, 2,
+                     &kb));
+    check_key_equal(K2, kb);
+    krb5_free_keyblock(ctx, kb);
+    check(derive_key(ctx, gstate, t->group, ikey, &wbytes, K, thash, body, 3,
+                     &kb));
+    check_key_equal(K3, kb);
+    krb5_free_keyblock(ctx, kb);
+
+    group_free_state(gstate);
+    krb5_free_data_contents(ctx, &wbytes);
+    krb5_free_keyblock(ctx, ikey);
+    krb5_free_data(ctx, w);
+    krb5_free_data(ctx, x);
+    krb5_free_data(ctx, y);
+    krb5_free_data(ctx, T);
+    krb5_free_data(ctx, S);
+    krb5_free_data(ctx, K);
+    krb5_free_data(ctx, support);
+    krb5_free_data(ctx, challenge);
+    krb5_free_data(ctx, thash);
+    krb5_free_data(ctx, body);
+    krb5_free_keyblock(ctx, K0);
+    krb5_free_keyblock(ctx, K1);
+    krb5_free_keyblock(ctx, K2);
+    krb5_free_keyblock(ctx, K3);
+}
+
+int
+main()
+{
+    size_t i;
+
+    check(krb5_init_context(&ctx));
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++)
+        run_test(&tests[i]);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/trace.h b/krb5-1.21.3/src/plugins/preauth/spake/trace.h
new file mode 100644
index 00000000..c6e01087
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/trace.h
@@ -0,0 +1,74 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/internal.h - SPAKE internal function declarations */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef TRACE_H
+#define TRACE_H
+
+#include "k5-int.h"
+
+/*
+ * Possible improvements at the cost of more code:
+ * - Groups could be displayed by name instead of number
+ * - We could display the group list when tracing support messages
+ */
+
+#define TRACE_SPAKE_CLIENT_THASH(c, thash)                      \
+    TRACE(c, "SPAKE final transcript hash: {hexdata}", thash)
+#define TRACE_SPAKE_DERIVE_KEY(c, n, kb)                        \
+    TRACE(c, "SPAKE derived K'[{int}] = {keyblock}", n, kb)
+#define TRACE_SPAKE_KDC_THASH(c, thash)                         \
+    TRACE(c, "SPAKE final transcript hash: {hexdata}", thash)
+#define TRACE_SPAKE_KEYGEN(c, pubkey)                                   \
+    TRACE(c, "SPAKE key generated with pubkey {hexdata}", pubkey)
+#define TRACE_SPAKE_RECEIVE_CHALLENGE(c, group, pubkey)                 \
+    TRACE(c, "SPAKE challenge received with group {int}, pubkey {hexdata}", \
+          group, pubkey)
+#define TRACE_SPAKE_RECEIVE_RESPONSE(c, pubkey)                         \
+    TRACE(c, "SPAKE response received with pubkey {hexdata}", pubkey)
+#define TRACE_SPAKE_RECEIVE_SUPPORT(c, group)                           \
+    TRACE(c, "SPAKE support message received, selected group {int}", group)
+#define TRACE_SPAKE_REJECT_CHALLENGE(c, group)                          \
+    TRACE(c, "SPAKE challenge with group {int} rejected", (int)group)
+#define TRACE_SPAKE_REJECT_SUPPORT(c)           \
+    TRACE(c, "SPAKE support message rejected")
+#define TRACE_SPAKE_RESULT(c, result)                           \
+    TRACE(c, "SPAKE algorithm result: {hexdata}", result)
+#define TRACE_SPAKE_SEND_CHALLENGE(c, group)                    \
+    TRACE(c, "Sending SPAKE challenge with group {int}", group)
+#define TRACE_SPAKE_SEND_RESPONSE(c)            \
+    TRACE(c, "Sending SPAKE response")
+#define TRACE_SPAKE_SEND_SUPPORT(c)             \
+    TRACE(c, "Sending SPAKE support message")
+#define TRACE_SPAKE_UNKNOWN_GROUP(c, name)                      \
+    TRACE(c, "Unrecognized SPAKE group name: {str}", name)
+
+#endif /* TRACE_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/util.c b/krb5-1.21.3/src/plugins/preauth/spake/util.c
new file mode 100644
index 00000000..b72ae67f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/util.c
@@ -0,0 +1,212 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/util.c - Utility functions for SPAKE preauth module */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "trace.h"
+#include "util.h"
+#include "groups.h"
+
+/* Use data to construct a single-element pa-data list of type
+ * KRB5_PADATA_SPAKE.  Claim data's memory on success or failure. */
+krb5_error_code
+convert_to_padata(krb5_data *data, krb5_pa_data ***pa_out)
+{
+    krb5_pa_data *pa = NULL, **list = NULL;
+
+    list = calloc(2, sizeof(*list));
+    if (list == NULL)
+        goto fail;
+    pa = calloc(1, sizeof(*pa));
+    if (pa == NULL)
+        goto fail;
+    pa->magic = KV5M_PA_DATA;
+    pa->pa_type = KRB5_PADATA_SPAKE;
+    pa->length = data->length;
+    pa->contents = (uint8_t *)data->data;
+    list[0] = pa;
+    list[1] = NULL;
+    *pa_out = list;
+    free(data);
+    return 0;
+
+fail:
+    free(list);
+    free(pa);
+    free(data->data);
+    free(data);
+    return ENOMEM;
+}
+
+/*
+ * Update the transcript hash thash with its current value and the
+ * concatenation of data1 and data2, using the hash function for group.  Either
+ * data1 or data2 may be NULL to omit it.  Allocate thash if it is empty.
+ */
+krb5_error_code
+update_thash(krb5_context context, groupstate *gstate, int32_t group,
+             krb5_data *thash, const krb5_data *data1, const krb5_data *data2)
+{
+    krb5_error_code ret;
+    size_t hashlen;
+    krb5_data dlist[3];
+    const krb5_data empty = empty_data();
+
+    if (thash->length == 0) {
+        /* Initialize the transcript hash to all zeros. */
+        ret = group_hash_len(group, &hashlen);
+        if (ret)
+            return ret;
+        ret = alloc_data(thash, hashlen);
+        if (ret)
+            return ret;
+    }
+
+    /* Set up the data array and hash it with the group's hash function. */
+    dlist[0] = *thash;
+    dlist[1] = (data1 != NULL) ? *data1 : empty;
+    dlist[2] = (data2 != NULL) ? *data2 : empty;
+    return group_hash(context, gstate, group, dlist, 3,
+                      (uint8_t *)thash->data);
+}
+
+/* Derive a byte vector for the SPAKE w multiplier input from ikey.  Place
+ * result in allocated storage in *wbytes_out. */
+krb5_error_code
+derive_wbytes(krb5_context context, int32_t group, const krb5_keyblock *ikey,
+              krb5_data *wbytes_out)
+{
+    krb5_error_code ret;
+    const char prefix[] = "SPAKEsecret";
+    size_t mult_len, prefix_len = sizeof(prefix) - 1;
+    krb5_data prf_input = empty_data(), wbytes = empty_data();
+
+    *wbytes_out = empty_data();
+
+    /* Allocate space for a multiplier. */
+    ret = group_mult_len(group, &mult_len);
+    if (ret)
+        goto cleanup;
+    ret = alloc_data(&wbytes, mult_len);
+    if (ret)
+        goto cleanup;
+
+    /* Compose the PRF input string. */
+    ret = alloc_data(&prf_input, prefix_len + 4);
+    if (ret)
+        goto cleanup;
+    memcpy(prf_input.data, prefix, prefix_len);
+    store_32_be(group, prf_input.data + prefix_len);
+
+    /* Derive the SPAKE input from the initial reply key with PRF+. */
+    ret = krb5_c_prfplus(context, ikey, &prf_input, &wbytes);
+    if (ret)
+        goto cleanup;
+
+    *wbytes_out = wbytes;
+    wbytes = empty_data();
+
+cleanup:
+    free(prf_input.data);
+    zapfree(wbytes.data, wbytes.length);
+    return ret;
+}
+
+/*
+ * Derive K'[n] from the group number, the initial key enctype, the initial
+ * multiplier, the SPAKE result, the transcript hash, and the encoded
+ * KDC-REQ-BODY.  Place the result in allocated storage in *out.
+ */
+krb5_error_code
+derive_key(krb5_context context, groupstate *gstate, int32_t group,
+           const krb5_keyblock *ikey, const krb5_data *wbytes,
+           const krb5_data *spakeresult, const krb5_data *thash,
+           const krb5_data *der_req, uint32_t n, krb5_keyblock **out)
+{
+    krb5_error_code ret;
+    krb5_data dlist[9], seed = empty_data(), d;
+    uint8_t groupnbuf[4], etypenbuf[4], nbuf[4], bcount;
+    size_t hashlen, seedlen, keylen, nblocks, i;
+    size_t ndata = sizeof(dlist) / sizeof(*dlist);
+    krb5_keyblock *hkey = NULL;
+
+    *out = NULL;
+
+    store_32_be(group, groupnbuf);
+    store_32_be(n, nbuf);
+    store_32_be(ikey->enctype, etypenbuf);
+    dlist[0] = string2data("SPAKEkey");
+    dlist[1] = make_data(groupnbuf, sizeof(groupnbuf));
+    dlist[2] = make_data(etypenbuf, sizeof(etypenbuf));
+    dlist[3] = *wbytes;
+    dlist[4] = *spakeresult;
+    dlist[5] = *thash;
+    dlist[6] = *der_req;
+    dlist[7] = make_data(nbuf, sizeof(nbuf));
+    dlist[8] = make_data(&bcount, 1);
+
+    /* Count the number of hash blocks required (should be 1 for all current
+     * scenarios) and allocate space. */
+    ret = group_hash_len(group, &hashlen);
+    if (ret)
+        goto cleanup;
+    ret = krb5_c_keylengths(context, ikey->enctype, &seedlen, &keylen);
+    if (ret)
+        goto cleanup;
+    nblocks = (seedlen + hashlen - 1) / hashlen;
+    ret = alloc_data(&seed, nblocks * hashlen);
+    if (ret)
+        goto cleanup;
+
+    /* Compute and concatenate hash blocks to fill the seed buffer. */
+    for (i = 0; i < nblocks; i++) {
+        bcount = i + 1;
+        ret = group_hash(context, gstate, group, dlist, ndata,
+                         (uint8_t *)seed.data + i * hashlen);
+        if (ret)
+            goto cleanup;
+    }
+
+    ret = krb5_init_keyblock(context, ikey->enctype, keylen, &hkey);
+    if (ret)
+        goto cleanup;
+    d = make_data(seed.data, seedlen);
+    ret = krb5_c_random_to_key(context, ikey->enctype, &d, hkey);
+    if (ret)
+        goto cleanup;
+
+    ret = krb5_c_fx_cf2_simple(context, ikey, "SPAKE", hkey, "keyderiv", out);
+
+cleanup:
+    zapfree(seed.data, seed.length);
+    krb5_free_keyblock(context, hkey);
+    return ret;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/spake/util.h b/krb5-1.21.3/src/plugins/preauth/spake/util.h
new file mode 100644
index 00000000..3ab2bead
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/spake/util.h
@@ -0,0 +1,56 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/spake/internal.h - SPAKE internal function declarations */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef UTIL_H
+#define UTIL_H
+
+#include "k5-int.h"
+#include "groups.h"
+
+krb5_error_code convert_to_padata(krb5_data *data, krb5_pa_data ***pa_out);
+
+krb5_error_code update_thash(krb5_context context, groupstate *gstate,
+                             int32_t group, krb5_data *thash,
+                             const krb5_data *data1, const krb5_data *data2);
+
+krb5_error_code derive_wbytes(krb5_context context, int32_t group,
+                              const krb5_keyblock *ikey,
+                              krb5_data *wbytes_out);
+
+krb5_error_code derive_key(krb5_context context, groupstate *gstate,
+                           int32_t group, const krb5_keyblock *ikey,
+                           const krb5_data *wbytes,
+                           const krb5_data *spakeresult,
+                           const krb5_data *thash, const krb5_data *der_req,
+                           uint32_t n, krb5_keyblock **out);
+
+#endif /* UTIL_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/test/Makefile.in b/krb5-1.21.3/src/plugins/preauth/test/Makefile.in
new file mode 100644
index 00000000..77321b60
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/Makefile.in
@@ -0,0 +1,21 @@
+mydir=plugins$(S)preauth$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
+
+LIBBASE=test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/preauth/test
+SHLIB_EXPDEPS=$(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS=$(KRB5_BASE_LIBS)
+
+STLIBOBJS=cltest.o kdctest.o common.o
+
+SRCS= $(srcdir)/cltest.c $(srcdir)/kdctest.c $(srcdir)/common.c
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/preauth/test/cltest.c b/krb5-1.21.3/src/plugins/preauth/test/cltest.c
new file mode 100644
index 00000000..51b84848
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/cltest.c
@@ -0,0 +1,253 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/test/cltest.c - Test clpreauth module */
+/*
+ * Copyright (C) 2015, 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This module is used to test preauth interface features.  At this time, the
+ * clpreauth module does the following:
+ *
+ * - It decrypts a message from the initial KDC pa-data using the reply key and
+ *   prints it to stdout.  (The unencrypted message "no key" can also be
+ *   displayed.)
+ *
+ * - If a second round trip is requested, it prints the pa-data contents
+ *   accompanying the second round trip request.
+ *
+ * - It pulls an "indicators" attribute from the gic preauth options and sends
+ *   it to the server, instructing the kdcpreauth module to assert one or more
+ *   space-separated authentication indicators.  (This string is sent on both
+ *   round trips if a second round trip is requested.)
+ *
+ * - If a KDC_ERR_ENCTYPE_NOSUPP error with e-data is received, it prints the
+ *   accompanying error padata and sends a follow-up request containing
+ *   "tryagain".
+ *
+ * - If the "fail_optimistic", "fail_2rt", or "fail_tryagain" gic options are
+ *   set, it fails with a recognizable error string at the requested point in
+ *   processing.
+ *
+ * - If the "disable_fallback" gic option is set, fallback is disabled when a
+ *   client message is generated.
+ */
+
+#include "k5-int.h"
+#include <krb5/clpreauth_plugin.h>
+#include "common.h"
+
+static krb5_preauthtype pa_types[] = { TEST_PA_TYPE, 0 };
+
+struct client_state {
+    char *indicators;
+    krb5_boolean fail_optimistic;
+    krb5_boolean fail_2rt;
+    krb5_boolean fail_tryagain;
+    krb5_boolean disable_fallback;
+};
+
+struct client_request_state {
+    krb5_boolean second_round_trip;
+};
+
+static krb5_error_code
+test_init(krb5_context context, krb5_clpreauth_moddata *moddata_out)
+{
+    struct client_state *st;
+
+    st = malloc(sizeof(*st));
+    assert(st != NULL);
+    st->indicators = NULL;
+    st->fail_optimistic = st->fail_2rt = st->fail_tryagain = FALSE;
+    st->disable_fallback = FALSE;
+    *moddata_out = (krb5_clpreauth_moddata)st;
+    return 0;
+}
+
+static void
+test_fini(krb5_context context, krb5_clpreauth_moddata moddata)
+{
+    struct client_state *st = (struct client_state *)moddata;
+
+    free(st->indicators);
+    free(st);
+}
+
+static void
+test_request_init(krb5_context context, krb5_clpreauth_moddata moddata,
+                  krb5_clpreauth_modreq *modreq_out)
+{
+    struct client_request_state *reqst;
+
+    reqst = malloc(sizeof(*reqst));
+    assert(reqst != NULL);
+    reqst->second_round_trip = FALSE;
+    *modreq_out = (krb5_clpreauth_modreq)reqst;
+}
+
+static void
+test_request_fini(krb5_context context, krb5_clpreauth_moddata moddata,
+                  krb5_clpreauth_modreq modreq)
+{
+    free(modreq);
+}
+
+static krb5_error_code
+test_process(krb5_context context, krb5_clpreauth_moddata moddata,
+             krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+             krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+             krb5_kdc_req *request, krb5_data *encoded_request_body,
+             krb5_data *encoded_previous_request, krb5_pa_data *pa_data,
+             krb5_prompter_fct prompter, void *prompter_data,
+             krb5_pa_data ***out_pa_data)
+{
+    struct client_state *st = (struct client_state *)moddata;
+    struct client_request_state *reqst = (struct client_request_state *)modreq;
+    krb5_error_code ret;
+    krb5_keyblock *k;
+    krb5_enc_data enc;
+    krb5_data plain;
+    const char *indstr;
+
+    if (pa_data->length == 0) {
+        /* This is an optimistic preauth test.  Send a recognizable padata
+         * value so the KDC knows not to expect a cookie. */
+        if (st->fail_optimistic) {
+            k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced optimistic fail");
+            return KRB5_PREAUTH_FAILED;
+        }
+        *out_pa_data = make_pa_list("optimistic", 10);
+        if (st->disable_fallback)
+            cb->disable_fallback(context, rock);
+        return 0;
+    } else if (reqst->second_round_trip) {
+        printf("2rt: %.*s\n", pa_data->length, pa_data->contents);
+        if (st->fail_2rt) {
+            k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced 2rt fail");
+            return KRB5_PREAUTH_FAILED;
+        }
+    } else if (pa_data->length == 6 &&
+               memcmp(pa_data->contents, "no key", 6) == 0) {
+        printf("no key\n");
+    } else {
+        /* This fails during s4u_identify_user(), so don't assert. */
+        ret = cb->get_as_key(context, rock, &k);
+        if (ret)
+            return ret;
+        ret = alloc_data(&plain, pa_data->length);
+        assert(!ret);
+        enc.enctype = k->enctype;
+        enc.ciphertext = make_data(pa_data->contents, pa_data->length);
+        ret = krb5_c_decrypt(context, k, 1024, NULL, &enc, &plain);
+        assert(!ret);
+        printf("%.*s\n", plain.length, plain.data);
+        free(plain.data);
+    }
+    reqst->second_round_trip = TRUE;
+
+    indstr = (st->indicators != NULL) ? st->indicators : "";
+    *out_pa_data = make_pa_list(indstr, strlen(indstr));
+    if (st->disable_fallback)
+        cb->disable_fallback(context, rock);
+    return 0;
+}
+
+static krb5_error_code
+test_tryagain(krb5_context context, krb5_clpreauth_moddata moddata,
+              krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+              krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock,
+              krb5_kdc_req *request, krb5_data *enc_req, krb5_data *enc_prev,
+              krb5_preauthtype pa_type, krb5_error *error,
+              krb5_pa_data **padata, krb5_prompter_fct prompter,
+              void *prompter_data, krb5_pa_data ***padata_out)
+{
+    struct client_state *st = (struct client_state *)moddata;
+    int i;
+
+    *padata_out = NULL;
+    if (st->fail_tryagain) {
+        k5_setmsg(context, KRB5_PREAUTH_FAILED, "induced tryagain fail");
+        return KRB5_PREAUTH_FAILED;
+    }
+    if (error->error != KDC_ERR_ENCTYPE_NOSUPP)
+        return KRB5_PREAUTH_FAILED;
+    for (i = 0; padata[i] != NULL; i++) {
+        if (padata[i]->pa_type == TEST_PA_TYPE)
+            printf("tryagain: %.*s\n", padata[i]->length, padata[i]->contents);
+    }
+    *padata_out = make_pa_list("tryagain", 8);
+    return 0;
+}
+
+static krb5_error_code
+test_gic_opt(krb5_context kcontext, krb5_clpreauth_moddata moddata,
+             krb5_get_init_creds_opt *opt, const char *attr, const char *value)
+{
+    struct client_state *st = (struct client_state *)moddata;
+
+    if (strcmp(attr, "indicators") == 0) {
+        free(st->indicators);
+        st->indicators = strdup(value);
+        assert(st->indicators != NULL);
+    } else if (strcmp(attr, "fail_optimistic") == 0) {
+        st->fail_optimistic = TRUE;
+    } else if (strcmp(attr, "fail_2rt") == 0) {
+        st->fail_2rt = TRUE;
+    } else if (strcmp(attr, "fail_tryagain") == 0) {
+        st->fail_tryagain = TRUE;
+    } else if (strcmp(attr, "disable_fallback") == 0) {
+        st->disable_fallback = TRUE;
+    }
+    return 0;
+}
+
+krb5_error_code
+clpreauth_test_initvt(krb5_context context, int maj_ver,
+                            int min_ver, krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_test_initvt(krb5_context context, int maj_ver,
+                            int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_clpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_clpreauth_vtable)vtable;
+    vt->name = "test";
+    vt->pa_type_list = pa_types;
+    vt->init = test_init;
+    vt->fini = test_fini;
+    vt->request_init = test_request_init;
+    vt->request_fini = test_request_fini;
+    vt->process = test_process;
+    vt->tryagain = test_tryagain;
+    vt->gic_opts = test_gic_opt;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/test/common.c b/krb5-1.21.3/src/plugins/preauth/test/common.c
new file mode 100644
index 00000000..4d1f49df
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/common.c
@@ -0,0 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/test/common.c - common functions for test preauth module */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "common.h"
+
+krb5_pa_data *
+make_pa(const char *contents, size_t len)
+{
+    krb5_error_code ret;
+    krb5_pa_data *pa;
+
+    pa = calloc(1, sizeof(*pa));
+    assert(pa != NULL);
+    pa->pa_type = TEST_PA_TYPE;
+    pa->contents = k5memdup(contents, len, &ret);
+    assert(!ret);
+    pa->length = len;
+    return pa;
+}
+
+/* Make a one-element padata list of type TEST_PA_TYPE. */
+krb5_pa_data **
+make_pa_list(const char *contents, size_t len)
+{
+    krb5_pa_data **list;
+
+    list = calloc(2, sizeof(*list));
+    assert(list != NULL);
+    list[0] = make_pa(contents, len);
+    return list;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/test/common.h b/krb5-1.21.3/src/plugins/preauth/test/common.h
new file mode 100644
index 00000000..b748e087
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/common.h
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/test/common.h - Declarations for test preauth module */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#define TEST_PA_TYPE -123
+
+krb5_pa_data *make_pa(const char *contents, size_t len);
+krb5_pa_data **make_pa_list(const char *contents, size_t len);
+
+#endif /* COMMON_H */
diff --git a/krb5-1.21.3/src/plugins/preauth/test/deps b/krb5-1.21.3/src/plugins/preauth/test/deps
new file mode 100644
index 00000000..b1429e9e
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/deps
@@ -0,0 +1,35 @@
+#
+# Generated makefile dependencies follow.
+#
+cltest.so cltest.po $(OUTPRE)cltest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/clpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cltest.c common.h
+kdctest.so kdctest.po $(OUTPRE)kdctest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  common.h kdctest.c
+common.so common.po $(OUTPRE)common.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h common.c common.h
diff --git a/krb5-1.21.3/src/plugins/preauth/test/kdctest.c b/krb5-1.21.3/src/plugins/preauth/test/kdctest.c
new file mode 100644
index 00000000..66b77969
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/kdctest.c
@@ -0,0 +1,220 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/preauth/test/kdctest.c - Test kdcpreauth module */
+/*
+ * Copyright (C) 2015, 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This module is used to test preauth interface features.  Currently, the
+ * kdcpreauth module does the following:
+ *
+ * - When generating initial method-data, it retrieves the "teststring"
+ *   attribute from the client principal and sends it to the client, encrypted
+ *   in the reply key.  (The plain text "no key" is sent if there is no reply
+ *   key; the encrypted message "no attr" is sent if there is no string
+ *   attribute.)  It also sets a cookie containing "method-data".
+ *
+ * - If the "err" attribute is set on the client principal, the verify method
+ *   returns an KDC_ERR_ETYPE_NOSUPP error on the first try, with the contents
+ *   of the err attribute as pa-data.  If the client tries again with the
+ *   padata value "tryagain", the verify method preuthenticates successfully
+ *   with no additional processing.
+ *
+ * - If the "failopt" attribute is set on the client principal, the verify
+ *   method returns KDC_ERR_PREAUTH_FAILED on optimistic preauth attempts.
+ *
+ * - If the "2rt" attribute is set on client principal, the verify method sends
+ *   the client a KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error with the contents of
+ *   the 2rt attribute as pa-data, and sets a cookie containing "more".  If the
+ *   "fail2rt" attribute is set on the client principal, the client's second
+ *   try results in a KDC_ERR_PREAUTH_FAILED error.
+ *
+ * - It receives a space-separated list from the clpreauth module and asserts
+ *   each string as an authentication indicator.  It always succeeds in
+ *   pre-authenticating the request.
+ */
+
+#include "k5-int.h"
+#include <krb5/kdcpreauth_plugin.h>
+#include "common.h"
+
+#define TEST_PA_TYPE -123
+
+static krb5_preauthtype pa_types[] = { TEST_PA_TYPE, 0 };
+
+static void
+test_edata(krb5_context context, krb5_kdc_req *req,
+           krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+           krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
+           krb5_kdcpreauth_edata_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    const krb5_keyblock *k = cb->client_keyblock(context, rock);
+    krb5_pa_data *pa;
+    size_t enclen;
+    krb5_enc_data enc;
+    krb5_data d;
+    char *attr;
+
+    ret = cb->get_string(context, rock, "teststring", &attr);
+    assert(!ret);
+    if (k != NULL) {
+        d = string2data((attr != NULL) ? attr : "no attr");
+        ret = krb5_c_encrypt_length(context, k->enctype, d.length, &enclen);
+        assert(!ret);
+        ret = alloc_data(&enc.ciphertext, enclen);
+        assert(!ret);
+        ret = krb5_c_encrypt(context, k, 1024, NULL, &d, &enc);
+        assert(!ret);
+        pa = make_pa(enc.ciphertext.data, enc.ciphertext.length);
+        free(enc.ciphertext.data);
+    } else {
+        pa = make_pa("no key", 6);
+    }
+
+    /* Exercise setting a cookie information from the edata method. */
+    d = string2data("method-data");
+    ret = cb->set_cookie(context, rock, TEST_PA_TYPE, &d);
+    assert(!ret);
+
+    cb->free_string(context, rock, attr);
+    (*respond)(arg, 0, pa);
+}
+
+static void
+test_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
+            krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
+            krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+            krb5_kdcpreauth_moddata moddata,
+            krb5_kdcpreauth_verify_respond_fn respond, void *arg)
+{
+    krb5_error_code ret;
+    krb5_boolean second_round_trip = FALSE, optimistic = FALSE;
+    krb5_pa_data **list = NULL;
+    krb5_data cookie_data, d;
+    char *str, *ind, *toksave = NULL;
+    char *attr_err, *attr_2rt, *attr_fail2rt, *attr_failopt;
+
+    ret = cb->get_string(context, rock, "err", &attr_err);
+    assert(!ret);
+    ret = cb->get_string(context, rock, "2rt", &attr_2rt);
+    assert(!ret);
+    ret = cb->get_string(context, rock, "fail2rt", &attr_fail2rt);
+    assert(!ret);
+    ret = cb->get_string(context, rock, "failopt", &attr_failopt);
+    assert(!ret);
+
+    /* Check the incoming cookie value. */
+    if (!cb->get_cookie(context, rock, TEST_PA_TYPE, &cookie_data)) {
+        /* Make sure we are seeing optimistic preauth and not a lost cookie. */
+        d = make_data(data->contents, data->length);
+        assert(data_eq_string(d, "optimistic"));
+        optimistic = TRUE;
+    } else if (data_eq_string(cookie_data, "more")) {
+        second_round_trip = TRUE;
+    } else {
+        assert(data_eq_string(cookie_data, "method-data") ||
+               data_eq_string(cookie_data, "err"));
+    }
+
+    if (attr_err != NULL) {
+        d = make_data(data->contents, data->length);
+        if (data_eq_string(d, "tryagain")) {
+            /* Authenticate successfully. */
+            enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+        } else {
+            d = string2data("err");
+            ret = cb->set_cookie(context, rock, TEST_PA_TYPE, &d);
+            assert(!ret);
+            ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+            list = make_pa_list(attr_err, strlen(attr_err));
+        }
+    } else if (attr_2rt != NULL && !second_round_trip) {
+        d = string2data("more");
+        ret = cb->set_cookie(context, rock, TEST_PA_TYPE, &d);
+        assert(!ret);
+        ret = KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED;
+        list = make_pa_list(attr_2rt, strlen(attr_2rt));
+    } else if ((attr_fail2rt != NULL && second_round_trip) ||
+               (attr_failopt != NULL && optimistic)) {
+        ret = KRB5KDC_ERR_PREAUTH_FAILED;
+    } else {
+        /* Parse and assert the indicators. */
+        str = k5memdup0(data->contents, data->length, &ret);
+        if (ret)
+            abort();
+        ind = strtok_r(str, " ", &toksave);
+        while (ind != NULL) {
+            cb->add_auth_indicator(context, rock, ind);
+            ind = strtok_r(NULL, " ", &toksave);
+        }
+        free(str);
+        enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
+    }
+
+    cb->free_string(context, rock, attr_err);
+    cb->free_string(context, rock, attr_2rt);
+    cb->free_string(context, rock, attr_fail2rt);
+    cb->free_string(context, rock, attr_failopt);
+    (*respond)(arg, ret, NULL, list, NULL);
+}
+
+static krb5_error_code
+test_return(krb5_context context, krb5_pa_data *padata, krb5_data *req_pkt,
+            krb5_kdc_req *request, krb5_kdc_rep *reply,
+            krb5_keyblock *encrypting_key, krb5_pa_data **send_pa_out,
+            krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
+            krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq)
+{
+    const krb5_keyblock *k = cb->client_keyblock(context, rock);
+
+    assert(k == encrypting_key || k == NULL);
+    return 0;
+}
+
+krb5_error_code
+kdcpreauth_test_initvt(krb5_context context, int maj_ver,
+                             int min_ver, krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_test_initvt(krb5_context context, int maj_ver,
+                             int min_ver, krb5_plugin_vtable vtable)
+{
+    krb5_kdcpreauth_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_kdcpreauth_vtable)vtable;
+    vt->name = "test";
+    vt->pa_type_list = pa_types;
+    vt->edata = test_edata;
+    vt->verify = test_verify;
+    vt->return_padata = test_return;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/preauth/test/test.exports b/krb5-1.21.3/src/plugins/preauth/test/test.exports
new file mode 100644
index 00000000..94ba3749
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/preauth/test/test.exports
@@ -0,0 +1,2 @@
+clpreauth_test_initvt
+kdcpreauth_test_initvt
diff --git a/krb5-1.21.3/src/plugins/pwqual/test/Makefile.in b/krb5-1.21.3/src/plugins/pwqual/test/Makefile.in
new file mode 100644
index 00000000..12725035
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/pwqual/test/Makefile.in
@@ -0,0 +1,21 @@
+mydir=plugins$(S)pwqual$(S)test
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LIBBASE=pwqual_test
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/pwqual/test
+# Depends on libkrb5 and possibly libkrb5support
+SHLIB_EXPDEPS= $(KRB5_BASE_DEPLIBS)
+SHLIB_EXPLIBS= $(KRB5_BASE_LIBS)
+
+STLIBOBJS=main.o
+
+SRCS= $(srcdir)/main.c
+
+all-unix: all-libs
+install-unix:
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/pwqual/test/deps b/krb5-1.21.3/src/plugins/pwqual/test/deps
new file mode 100644
index 00000000..85372e09
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/pwqual/test/deps
@@ -0,0 +1,16 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/pwqual_plugin.h main.c
diff --git a/krb5-1.21.3/src/plugins/pwqual/test/main.c b/krb5-1.21.3/src/plugins/pwqual/test/main.c
new file mode 100644
index 00000000..e1e39c72
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/pwqual/test/main.c
@@ -0,0 +1,220 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/pwqual/test/main.c - test module for password quality interface */
+/*
+ * Copyright (C) 2010,2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements a module named "combo" which tests whether a password
+ * matches a pair of words in the dictionary.  It also implements several dummy
+ * modules named "dyn1", "dyn2", and "dyn3" which are used for ordering tests.
+ */
+
+#include <k5-platform.h>
+#include <krb5/pwqual_plugin.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+typedef struct combo_moddata_st {
+    const char **word_list;     /* list of word pointers */
+    char *word_block;           /* actual word data */
+} *combo_moddata;
+
+static krb5_error_code
+init_dict(combo_moddata dict, const char *dict_file)
+{
+    int fd;
+    size_t count, len, i;
+    char *p, *t;
+    struct stat sb;
+
+    /* Read the dictionary file into memory in one blob. */
+    if (dict_file == NULL)
+        return 0;
+    fd = open(dict_file, O_RDONLY);
+    if (fd == -1)
+        return (errno == ENOENT) ? 0 : errno;
+    if (fstat(fd, &sb) == -1) {
+        close(fd);
+        return errno;
+    }
+    dict->word_block = malloc(sb.st_size + 1);
+    if (dict->word_block == NULL)
+        return ENOMEM;
+    if (read(fd, dict->word_block, sb.st_size) != sb.st_size)
+        return errno;
+    close(fd);
+    dict->word_block[sb.st_size] = '\0';
+
+    /* Decompose the blob into newline-separated words. */
+    p = dict->word_block;
+    len = sb.st_size;
+    count = 0;
+    while (len > 0 && (t = memchr(p, '\n', len)) != NULL) {
+        *t = '\0';
+        len -= t - p + 1;
+        p = t + 1;
+        count++;
+    }
+    dict->word_list = calloc(count + 1, sizeof(char *));
+    if (dict->word_list == NULL)
+        return ENOMEM;
+    p = dict->word_block;
+    for (i = 0; i < count; i++) {
+        dict->word_list[i] = p;
+        p += strlen(p) + 1;
+    }
+    return 0;
+}
+
+static void
+destroy_dict(combo_moddata dict)
+{
+    if (dict == NULL)
+        return;
+    free(dict->word_list);
+    free(dict->word_block);
+    free(dict);
+}
+
+static krb5_error_code
+combo_open(krb5_context context, const char *dict_file,
+           krb5_pwqual_moddata *data)
+{
+    krb5_error_code ret;
+    combo_moddata dict;
+
+    *data = NULL;
+
+    /* Allocate and initialize a dictionary structure. */
+    dict = malloc(sizeof(*dict));
+    if (dict == NULL)
+        return ENOMEM;
+    dict->word_list = NULL;
+    dict->word_block = NULL;
+
+    /* Fill in the dictionary structure with data from dict_file. */
+    ret = init_dict(dict, dict_file);
+    if (ret != 0) {
+        destroy_dict(dict);
+        return ret;
+    }
+
+    *data = (krb5_pwqual_moddata)dict;
+    return 0;
+}
+
+static krb5_error_code
+combo_check(krb5_context context, krb5_pwqual_moddata data,
+            const char *password, const char *policy_name,
+            krb5_principal princ, const char **languages)
+{
+    combo_moddata dict = (combo_moddata)data;
+    const char *remainder, **word1, **word2;
+
+    if (dict->word_list == NULL)
+        return 0;
+
+    for (word1 = dict->word_list; *word1 != NULL; word1++) {
+        if (strncasecmp(password, *word1, strlen(*word1)) != 0)
+            continue;
+        remainder = password + strlen(*word1);
+        for (word2 = dict->word_list; *word2 != NULL; word2++) {
+            if (strcasecmp(remainder, *word2) == 0) {
+                krb5_set_error_message(context, KADM5_PASS_Q_DICT,
+                                       "Password may not be a pair of "
+                                       "dictionary words");
+                return KADM5_PASS_Q_DICT;
+            }
+        }
+    }
+
+    return 0;
+}
+
+static void
+combo_close(krb5_context context, krb5_pwqual_moddata data)
+{
+    destroy_dict((combo_moddata)data);
+}
+
+krb5_error_code
+pwqual_combo_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable);
+krb5_error_code
+pwqual_dyn1_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable);
+krb5_error_code
+pwqual_dyn2_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable);
+krb5_error_code
+pwqual_dyn3_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable);
+
+krb5_error_code
+pwqual_combo_initvt(krb5_context context, int maj_ver, int min_ver,
+                    krb5_plugin_vtable vtable)
+{
+    krb5_pwqual_vtable vt;
+
+    if (maj_ver != 1)
+        return KRB5_PLUGIN_VER_NOTSUPP;
+    vt = (krb5_pwqual_vtable)vtable;
+    vt->name = "combo";
+    vt->open = combo_open;
+    vt->check = combo_check;
+    vt->close = combo_close;
+    return 0;
+}
+
+krb5_error_code
+pwqual_dyn1_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable)
+{
+    ((krb5_pwqual_vtable)vtable)->name = "dyn1";
+    return 0;
+}
+
+krb5_error_code
+pwqual_dyn2_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable)
+{
+    ((krb5_pwqual_vtable)vtable)->name = "dyn2";
+    return 0;
+}
+
+krb5_error_code
+pwqual_dyn3_initvt(krb5_context context, int maj_ver, int min_ver,
+                   krb5_plugin_vtable vtable)
+{
+    ((krb5_pwqual_vtable)vtable)->name = "dyn3";
+    return 0;
+}
diff --git a/krb5-1.21.3/src/plugins/pwqual/test/pwqual_test.exports b/krb5-1.21.3/src/plugins/pwqual/test/pwqual_test.exports
new file mode 100644
index 00000000..8a5638ce
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/pwqual/test/pwqual_test.exports
@@ -0,0 +1,4 @@
+pwqual_combo_initvt
+pwqual_dyn1_initvt
+pwqual_dyn2_initvt
+pwqual_dyn3_initvt
diff --git a/krb5-1.21.3/src/plugins/tls/k5tls/Makefile.in b/krb5-1.21.3/src/plugins/tls/k5tls/Makefile.in
new file mode 100644
index 00000000..9f2de7dd
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/tls/k5tls/Makefile.in
@@ -0,0 +1,22 @@
+mydir=plugins$(S)tls$(S)k5tls
+BUILDTOP=$(REL)..$(S)..$(S)..
+MODULE_INSTALL_DIR = $(KRB5_TLS_MODULE_DIR)
+LOCALINCLUDES= $(TLS_IMPL_CFLAGS)
+
+LIBBASE=k5tls
+LIBMAJOR=0
+LIBMINOR=0
+RELDIR=../plugins/tls/k5tls
+SHLIB_EXPDEPS= $(KRB5_DEPLIB) $(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(TLS_IMPL_LIBS)
+
+STLIBOBJS=openssl.o notls.o
+
+SRCS=$(srcdir)/openssl.c $(srcdir)/notls.c
+
+all-unix: all-liblinks
+install-unix: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/plugins/tls/k5tls/deps b/krb5-1.21.3/src/plugins/tls/k5tls/deps
new file mode 100644
index 00000000..a6088a7f
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/tls/k5tls/deps
@@ -0,0 +1,25 @@
+#
+# Generated makefile dependencies follow.
+#
+openssl.so openssl.po $(OUTPRE)openssl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-tls.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h openssl.c
+notls.so notls.po $(OUTPRE)notls.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-tls.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h notls.c
diff --git a/krb5-1.21.3/src/plugins/tls/k5tls/k5tls.exports b/krb5-1.21.3/src/plugins/tls/k5tls/k5tls.exports
new file mode 100644
index 00000000..d67d928c
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/tls/k5tls/k5tls.exports
@@ -0,0 +1 @@
+tls_k5tls_initvt
diff --git a/krb5-1.21.3/src/plugins/tls/k5tls/notls.c b/krb5-1.21.3/src/plugins/tls/k5tls/notls.c
new file mode 100644
index 00000000..357af811
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/tls/k5tls/notls.c
@@ -0,0 +1,53 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plus/tls/k5tls/none.c - Stub TLS module implementation */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This dummy module is used if no TLS implemented is selected. */
+
+#include "k5-int.h"
+#include "k5-utf8.h"
+#include "k5-tls.h"
+
+#ifdef TLS_IMPL_NONE
+
+krb5_error_code
+tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
+                 krb5_plugin_vtable vtable);
+
+krb5_error_code
+tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
+                 krb5_plugin_vtable vtable)
+{
+    /* Leave all vtable functions nulled. */
+    return 0;
+}
+
+#endif /* TLS_IMPL_NONE */
diff --git a/krb5-1.21.3/src/plugins/tls/k5tls/openssl.c b/krb5-1.21.3/src/plugins/tls/k5tls/openssl.c
new file mode 100644
index 00000000..99fda7ff
--- /dev/null
+++ b/krb5-1.21.3/src/plugins/tls/k5tls/openssl.c
@@ -0,0 +1,585 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* plugins/tls/k5tls/openssl.c - OpenSSL TLS module implementation */
+/*
+ * Copyright 2013,2014 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "k5-utf8.h"
+#include "k5-tls.h"
+
+#ifdef TLS_IMPL_OPENSSL
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <dirent.h>
+
+struct k5_tls_handle_st {
+    SSL *ssl;
+    char *servername;
+};
+
+static int ex_context_id = -1;
+static int ex_handle_id = -1;
+
+MAKE_INIT_FUNCTION(init_openssl);
+
+int
+init_openssl()
+{
+    SSL_library_init();
+    SSL_load_error_strings();
+    OpenSSL_add_all_algorithms();
+    ex_context_id = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+    ex_handle_id = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
+    return 0;
+}
+
+static void
+flush_errors(krb5_context context)
+{
+    unsigned long err;
+    char buf[128];
+
+    while ((err = ERR_get_error()) != 0) {
+        ERR_error_string_n(err, buf, sizeof(buf));
+        TRACE_TLS_ERROR(context, buf);
+    }
+}
+
+/* Return the passed-in character, lower-cased if it's an ASCII character. */
+static inline char
+ascii_tolower(char p)
+{
+    if (KRB5_UPPER(p))
+        return p + ('a' - 'A');
+    return p;
+}
+
+/*
+ * Check a single label.  If allow_wildcard is true, and the presented name
+ * includes a wildcard, return true and note that we matched a wildcard.
+ * Otherwise, for both the presented and expected values, do a case-insensitive
+ * comparison of ASCII characters, and a case-sensitive comparison of
+ * everything else.
+ */
+static krb5_boolean
+label_match(const char *presented, size_t plen, const char *expected,
+            size_t elen, krb5_boolean allow_wildcard, krb5_boolean *wildcard)
+{
+    unsigned int i;
+
+    if (allow_wildcard && plen == 1 && presented[0] == '*') {
+        *wildcard = TRUE;
+        return TRUE;
+    }
+
+    if (plen != elen)
+        return FALSE;
+
+    for (i = 0; i < elen; i++) {
+        if (ascii_tolower(presented[i]) != ascii_tolower(expected[i]))
+            return FALSE;
+    }
+    return TRUE;
+}
+
+/* Break up the two names and check them, label by label. */
+static krb5_boolean
+domain_match(const char *presented, size_t plen, const char *expected)
+{
+    const char *p, *q, *r, *s;
+    int n_label;
+    krb5_boolean used_wildcard = FALSE;
+
+    n_label = 0;
+    p = presented;
+    r = expected;
+    while (p < presented + plen && *r != '\0') {
+        q = memchr(p, '.', plen - (p - presented));
+        if (q == NULL)
+            q = presented + plen;
+        s = r + strcspn(r, ".");
+        if (!label_match(p, q - p, r, s - r, n_label == 0, &used_wildcard))
+            return FALSE;
+        p = q < presented + plen ? q + 1 : q;
+        r = *s ? s + 1 : s;
+        n_label++;
+    }
+    if (used_wildcard && n_label <= 2)
+        return FALSE;
+    if (p == presented + plen && *r == '\0')
+        return TRUE;
+    return FALSE;
+}
+
+/* Fetch the list of subjectAltNames from a certificate. */
+static GENERAL_NAMES *
+get_cert_sans(X509 *x)
+{
+    int ext;
+    X509_EXTENSION *san_ext;
+
+    ext = X509_get_ext_by_NID(x, NID_subject_alt_name, -1);
+    if (ext < 0)
+        return NULL;
+    san_ext = X509_get_ext(x, ext);
+    if (san_ext == NULL)
+        return NULL;
+    return X509V3_EXT_d2i(san_ext);
+}
+
+/* Fetch a CN value from the subjct name field, returning its length, or -1 if
+ * there is no subject name or it contains no CN value. */
+static int
+get_cert_cn(X509 *x, char *buf, size_t bufsize)
+{
+    X509_NAME *name;
+
+    name = X509_get_subject_name(x);
+    if (name == NULL)
+        return -1;
+    return X509_NAME_get_text_by_NID(name, NID_commonName, buf, bufsize);
+}
+
+/* Return true if text matches any of the addresses we can recover from x. */
+static krb5_boolean
+check_cert_address(X509 *x, const char *text)
+{
+    char buf[1024];
+    GENERAL_NAMES *sans;
+    GENERAL_NAME *san = NULL;
+    ASN1_OCTET_STRING *ip;
+    krb5_boolean found_ip_san = FALSE, matched = FALSE;
+    int n_sans, i;
+    int name_length;
+    struct in_addr sin;
+    struct in6_addr sin6;
+
+    /* Parse the IP address into an octet string. */
+    ip = ASN1_OCTET_STRING_new();
+    if (ip == NULL)
+        return FALSE;
+    if (inet_pton(AF_INET, text, &sin)) {
+        ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin, sizeof(sin));
+    } else if (inet_pton(AF_INET6, text, &sin6)) {
+        ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin6, sizeof(sin6));
+    } else {
+        ASN1_OCTET_STRING_free(ip);
+        return FALSE;
+    }
+
+    /* Check for matches in ipaddress subjectAltName values. */
+    sans = get_cert_sans(x);
+    if (sans != NULL) {
+        n_sans = sk_GENERAL_NAME_num(sans);
+        for (i = 0; i < n_sans; i++) {
+            san = sk_GENERAL_NAME_value(sans, i);
+            if (san->type != GEN_IPADD)
+                continue;
+            found_ip_san = TRUE;
+            matched = (ASN1_OCTET_STRING_cmp(ip, san->d.iPAddress) == 0);
+            if (matched)
+                break;
+        }
+        sk_GENERAL_NAME_pop_free(sans, GENERAL_NAME_free);
+    }
+    ASN1_OCTET_STRING_free(ip);
+
+    if (found_ip_san)
+        return matched;
+
+    /* Check for a match against the CN value in the peer's subject name. */
+    name_length = get_cert_cn(x, buf, sizeof(buf));
+    if (name_length >= 0) {
+        /* Do a string compare to check if it's an acceptable value. */
+        return strlen(text) == (size_t)name_length &&
+               strncmp(text, buf, name_length) == 0;
+    }
+
+    /* We didn't find a match. */
+    return FALSE;
+}
+
+/* Return true if expected matches any of the names we can recover from x. */
+static krb5_boolean
+check_cert_servername(X509 *x, const char *expected)
+{
+    char buf[1024];
+    GENERAL_NAMES *sans;
+    GENERAL_NAME *san = NULL;
+    unsigned char *dnsname;
+    krb5_boolean found_dns_san = FALSE, matched = FALSE;
+    int name_length, n_sans, i;
+
+    /* Check for matches in dnsname subjectAltName values. */
+    sans = get_cert_sans(x);
+    if (sans != NULL) {
+        n_sans = sk_GENERAL_NAME_num(sans);
+        for (i = 0; i < n_sans; i++) {
+            san = sk_GENERAL_NAME_value(sans, i);
+            if (san->type != GEN_DNS)
+                continue;
+            found_dns_san = TRUE;
+            dnsname = NULL;
+            name_length = ASN1_STRING_to_UTF8(&dnsname, san->d.dNSName);
+            if (dnsname == NULL)
+                continue;
+            matched = domain_match((char *)dnsname, name_length, expected);
+            OPENSSL_free(dnsname);
+            if (matched)
+                break;
+        }
+        sk_GENERAL_NAME_pop_free(sans, GENERAL_NAME_free);
+    }
+
+    if (matched)
+        return TRUE;
+    if (found_dns_san)
+        return matched;
+
+    /* Check for a match against the CN value in the peer's subject name. */
+    name_length = get_cert_cn(x, buf, sizeof(buf));
+    if (name_length >= 0)
+        return domain_match(buf, name_length, expected);
+
+    /* We didn't find a match. */
+    return FALSE;
+}
+
+static krb5_boolean
+check_cert_name_or_ip(X509 *x, const char *expected_name)
+{
+    struct in_addr in;
+    struct in6_addr in6;
+
+    if (inet_pton(AF_INET, expected_name, &in) != 0 ||
+        inet_pton(AF_INET6, expected_name, &in6) != 0) {
+        return check_cert_address(x, expected_name);
+    } else {
+        return check_cert_servername(x, expected_name);
+    }
+}
+
+static int
+verify_callback(int preverify_ok, X509_STORE_CTX *store_ctx)
+{
+    X509 *x;
+    SSL *ssl;
+    BIO *bio;
+    krb5_context context;
+    int err, depth;
+    k5_tls_handle handle;
+    const char *cert = NULL, *errstr, *expected_name;
+    size_t count;
+
+    ssl = X509_STORE_CTX_get_ex_data(store_ctx,
+                                     SSL_get_ex_data_X509_STORE_CTX_idx());
+    context = SSL_get_ex_data(ssl, ex_context_id);
+    handle = SSL_get_ex_data(ssl, ex_handle_id);
+    assert(context != NULL && handle != NULL);
+    /* We do have the peer's cert, right? */
+    x = X509_STORE_CTX_get_current_cert(store_ctx);
+    if (x == NULL) {
+        TRACE_TLS_NO_REMOTE_CERTIFICATE(context);
+        return 0;
+    }
+    /* Figure out where we are. */
+    depth = X509_STORE_CTX_get_error_depth(store_ctx);
+    if (depth < 0)
+        return 0;
+    /* If there's an error at this level that we're not ignoring, fail. */
+    err = X509_STORE_CTX_get_error(store_ctx);
+    if (err != X509_V_OK) {
+        bio = BIO_new(BIO_s_mem());
+        if (bio != NULL) {
+            X509_NAME_print_ex(bio, X509_get_subject_name(x), 0, 0);
+            count = BIO_get_mem_data(bio, &cert);
+            errstr = X509_verify_cert_error_string(err);
+            TRACE_TLS_CERT_ERROR(context, depth, count, cert, err, errstr);
+            BIO_free(bio);
+        }
+        return 0;
+    }
+    /* If we're not looking at the peer, we're done and everything's ok. */
+    if (depth != 0)
+        return 1;
+    /* Check if the name we expect to find is in the certificate. */
+    expected_name = handle->servername;
+    if (check_cert_name_or_ip(x, expected_name)) {
+        TRACE_TLS_SERVER_NAME_MATCH(context, expected_name);
+        return 1;
+    } else {
+        TRACE_TLS_SERVER_NAME_MISMATCH(context, expected_name);
+    }
+    /* The name didn't match. */
+    return 0;
+}
+
+static krb5_error_code
+load_anchor_file(X509_STORE *store, const char *path)
+{
+    FILE *fp;
+    STACK_OF(X509_INFO) *sk = NULL;
+    X509_INFO *xi;
+    int i;
+
+    fp = fopen(path, "r");
+    if (fp == NULL)
+        return errno;
+    sk = PEM_X509_INFO_read(fp, NULL, NULL, NULL);
+    fclose(fp);
+    if (sk == NULL)
+        return ENOENT;
+    for (i = 0; i < sk_X509_INFO_num(sk); i++) {
+        xi = sk_X509_INFO_value(sk, i);
+        if (xi->x509 != NULL)
+            X509_STORE_add_cert(store, xi->x509);
+    }
+    sk_X509_INFO_pop_free(sk, X509_INFO_free);
+    return 0;
+}
+
+static krb5_error_code
+load_anchor_dir(X509_STORE *store, const char *path)
+{
+    DIR *d = NULL;
+    struct dirent *dentry = NULL;
+    char filename[1024];
+    krb5_boolean found_any = FALSE;
+
+    d = opendir(path);
+    if (d == NULL)
+        return ENOENT;
+    while ((dentry = readdir(d)) != NULL) {
+        if (dentry->d_name[0] != '.') {
+            snprintf(filename, sizeof(filename), "%s/%s",
+                     path, dentry->d_name);
+            if (load_anchor_file(store, filename) == 0)
+                found_any = TRUE;
+        }
+    }
+    closedir(d);
+    return found_any ? 0 : ENOENT;
+}
+
+static krb5_error_code
+load_anchor(SSL_CTX *ctx, const char *location)
+{
+    X509_STORE *store;
+    const char *envloc;
+
+    store = SSL_CTX_get_cert_store(ctx);
+    if (strncmp(location, "FILE:", 5) == 0) {
+        return load_anchor_file(store, location + 5);
+    } else if (strncmp(location, "DIR:", 4) == 0) {
+        return load_anchor_dir(store, location + 4);
+    } else if (strncmp(location, "ENV:", 4) == 0) {
+        envloc = secure_getenv(location + 4);
+        if (envloc == NULL)
+            return ENOENT;
+        return load_anchor(ctx, envloc);
+    }
+    return EINVAL;
+}
+
+static krb5_error_code
+load_anchors(krb5_context context, char **anchors, SSL_CTX *sctx)
+{
+    unsigned int i;
+    krb5_error_code ret;
+
+    if (anchors != NULL) {
+        for (i = 0; anchors[i] != NULL; i++) {
+            ret = load_anchor(sctx, anchors[i]);
+            if (ret)
+                return ret;
+        }
+    } else {
+        /* Use the library defaults. */
+        if (SSL_CTX_set_default_verify_paths(sctx) != 1)
+            return ENOENT;
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+setup(krb5_context context, SOCKET fd, const char *servername,
+      char **anchors, k5_tls_handle *handle_out)
+{
+    int e;
+    long options = SSL_OP_NO_SSLv2;
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    k5_tls_handle handle = NULL;
+
+    *handle_out = NULL;
+
+    (void)CALL_INIT_FUNCTION(init_openssl);
+    if (ex_context_id == -1 || ex_handle_id == -1)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
+    /* Do general SSL library setup. */
+    ctx = SSL_CTX_new(SSLv23_client_method());
+    if (ctx == NULL)
+        goto error;
+
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+    /*
+     * For OpenSSL 3 and later, mark close_notify alerts as optional.  We don't
+     * need to worry about truncation attacks because the protocols this module
+     * is used with (Kerberos and change-password) receive a single
+     * length-delimited message from the server.  For prior versions of OpenSSL
+     * we check for SSL_ERROR_SYSCALL when reading instead (this error changes
+     * to SSL_ERROR_SSL in OpenSSL 3).
+     */
+    options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
+    SSL_CTX_set_options(ctx, options);
+
+    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
+    X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), 0);
+    e = load_anchors(context, anchors, ctx);
+    if (e != 0)
+        goto error;
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto error;
+
+    if (!SSL_set_fd(ssl, fd))
+        goto error;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    if (!SSL_set_tlsext_host_name(ssl, servername))
+        goto error;
+#endif
+    SSL_set_connect_state(ssl);
+
+    /* Create a handle and allow verify_callback to access it. */
+    handle = malloc(sizeof(*handle));
+    if (handle == NULL || !SSL_set_ex_data(ssl, ex_handle_id, handle))
+        goto error;
+
+    handle->ssl = ssl;
+    handle->servername = strdup(servername);
+    if (handle->servername == NULL)
+        goto error;
+    *handle_out = handle;
+    SSL_CTX_free(ctx);
+    return 0;
+
+error:
+    flush_errors(context);
+    free(handle);
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+    return KRB5_PLUGIN_OP_NOTSUPP;
+}
+
+static k5_tls_status
+write_tls(krb5_context context, k5_tls_handle handle, const void *data,
+          size_t len)
+{
+    int nwritten, e;
+
+    /* Try to transmit our request; allow verify_callback to access context. */
+    if (!SSL_set_ex_data(handle->ssl, ex_context_id, context))
+        return ERROR_TLS;
+    nwritten = SSL_write(handle->ssl, data, len);
+    (void)SSL_set_ex_data(handle->ssl, ex_context_id, NULL);
+    if (nwritten > 0)
+        return DONE;
+
+    e = SSL_get_error(handle->ssl, nwritten);
+    if (e == SSL_ERROR_WANT_READ)
+        return WANT_READ;
+    else if (e == SSL_ERROR_WANT_WRITE)
+        return WANT_WRITE;
+    flush_errors(context);
+    return ERROR_TLS;
+}
+
+static k5_tls_status
+read_tls(krb5_context context, k5_tls_handle handle, void *data,
+         size_t data_size, size_t *len_out)
+{
+    ssize_t nread;
+    int e;
+
+    *len_out = 0;
+
+    /* Try to read response data; allow verify_callback to access context. */
+    if (!SSL_set_ex_data(handle->ssl, ex_context_id, context))
+        return ERROR_TLS;
+    nread = SSL_read(handle->ssl, data, data_size);
+    (void)SSL_set_ex_data(handle->ssl, ex_context_id, NULL);
+    if (nread > 0) {
+        *len_out = nread;
+        return DATA_READ;
+    }
+
+    e = SSL_get_error(handle->ssl, nread);
+    if (e == SSL_ERROR_WANT_READ)
+        return WANT_READ;
+    else if (e == SSL_ERROR_WANT_WRITE)
+        return WANT_WRITE;
+
+    if (e == SSL_ERROR_ZERO_RETURN || (e == SSL_ERROR_SYSCALL && nread == 0))
+        return DONE;
+
+    flush_errors(context);
+    return ERROR_TLS;
+}
+
+static void
+free_handle(krb5_context context, k5_tls_handle handle)
+{
+    SSL_free(handle->ssl);
+    free(handle->servername);
+    free(handle);
+}
+
+krb5_error_code
+tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
+                 krb5_plugin_vtable vtable);
+
+krb5_error_code
+tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
+                 krb5_plugin_vtable vtable)
+{
+    k5_tls_vtable vt;
+
+    vt = (k5_tls_vtable)vtable;
+    vt->setup = setup;
+    vt->write = write_tls;
+    vt->read = read_tls;
+    vt->free_handle = free_handle;
+    return 0;
+}
+
+#endif /* TLS_IMPL_OPENSSL */
diff --git a/krb5-1.21.3/src/po/Makefile.in b/krb5-1.21.3/src/po/Makefile.in
new file mode 100644
index 00000000..055a93a5
--- /dev/null
+++ b/krb5-1.21.3/src/po/Makefile.in
@@ -0,0 +1,52 @@
+mydir=po
+BUILDTOP=$(REL)..
+VER=@PACKAGE_VERSION@
+
+DOMAIN=mit-krb5
+POTFILE=$(srcdir)/$(DOMAIN).pot
+XGETTEXT=xgettext --foreign-user --package-name=mit-krb5 \
+	--package-version=$(VER) --copyright-holder=MIT
+ETSRCS=	$(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.c \
+	$(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.c \
+	$(BUILDTOP)/lib/kadm5/chpass_util_strings.c \
+	$(BUILDTOP)/lib/kadm5/kadm_err.c \
+	$(BUILDTOP)/lib/kdb/adb_err.c \
+	$(BUILDTOP)/lib/krb5/error_tables/k5e1_err.c \
+	$(BUILDTOP)/lib/krb5/error_tables/krb5_err.c \
+	$(BUILDTOP)/lib/krb5/error_tables/kdb5_err.c \
+	$(BUILDTOP)/lib/krb5/error_tables/asn1_err.c \
+	$(BUILDTOP)/lib/krb5/error_tables/kv5m_err.c \
+	$(BUILDTOP)/lib/krb5/error_tables/krb524_err.c
+CATALOGS=en_US.mo de.mo ka.mo
+
+.SUFFIXES: .po .mo
+.po.mo:
+	msgfmt -o $@ $<
+
+all: $(CATALOGS)
+
+update-po: csrcs check_et_@COM_ERR_VERSION@
+	$(XGETTEXT) -k_ -kN_ -o $(POTFILE) -f csrcs
+	$(XGETTEXT) -kN_ -j -o $(POTFILE) $(ETSRCS)
+
+csrcs: always
+	find $(top_srcdir) -name "*.c" -print | LC_ALL=C sort > $@
+
+check_et_k5 check_et_intlsys:
+check_et_sys:
+	@echo 1>&2 error: cannot update po file with this version of compile_et
+	@exit 1
+
+always:
+
+install:
+	for c in $(CATALOGS); do \
+	  lang=`basename $$c .mo`; \
+	  $(top_srcdir)/config/mkinstalldirs \
+	    $(DESTDIR)$(KRB5_LOCALEDIR)/$$lang/LC_MESSAGES; \
+	  $(INSTALL_DATA) $$c \
+	    $(DESTDIR)$(KRB5_LOCALEDIR)/$$lang/LC_MESSAGES/$(DOMAIN).mo; \
+	done
+
+clean:
+	$(RM) $(CATALOGS)
diff --git a/krb5-1.21.3/src/po/de.po b/krb5-1.21.3/src/po/de.po
new file mode 100644
index 00000000..6c48f35f
--- /dev/null
+++ b/krb5-1.21.3/src/po/de.po
@@ -0,0 +1,9300 @@
+# German translation of mit-krb5.
+# This file is distributed under the same license as the mit-krb5 package.
+# Copyright (C) 1985-2013 by the Massachusetts Institute of Technology.
+# Copyright (C) of this file 2014-2016 Chris Leick <c.leick@vollbio.de>.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: mit-krb5 13.2\n"
+"Report-Msgid-Bugs-To: krbdev@mit.edu\n"
+"POT-Creation-Date: 2015-05-06 14:59-0400\n"
+"PO-Revision-Date: 2016-04-07 08:15+0200\n"
+"Last-Translator: Chris Leick <c.leick@vollbio.de>\n"
+"Language-Team: German <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:62
+#, c-format
+msgid "Usage: %s [-A] [-q] [-c cache_name]\n"
+msgstr "Aufruf: %s [-A] [-q] [-c Zwischenspeichername]\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:63
+#, c-format
+msgid "\t-A destroy all credential caches in collection\n"
+msgstr "\t-A vernichtet alle Anmeldedatenzwischenspeicher in der Sammlung.\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:64
+#, c-format
+msgid "\t-q quiet mode\n"
+msgstr "\t-q stiller Modus\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:65
+#: ../../src/clients/kswitch/kswitch.c:45
+#, c-format
+msgid "\t-c specify name of credentials cache\n"
+msgstr "\t-c gibt den Namen des Zwischenspeichers für Anmeldedaten an.\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:98
+#: ../../src/clients/kinit/kinit.c:383 ../../src/clients/ksu/main.c:284
+#, c-format
+msgid "Only one -c option allowed\n"
+msgstr "Nur eine »-c«-Option ist erlaubt.\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:105
+#: ../../src/clients/kinit/kinit.c:412 ../../src/clients/klist/klist.c:182
+#, c-format
+msgid "Kerberos 4 is no longer supported\n"
+msgstr "Kerberos 4 wird nicht mehr unterstützt.\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:126
+#: ../../src/clients/klist/klist.c:253 ../../src/clients/ksu/main.c:131
+#: ../../src/clients/ksu/main.c:137 ../../src/clients/kswitch/kswitch.c:97
+#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:926
+#: ../../src/slave/kprop.c:102 ../../src/slave/kpropd.c:1052
+msgid "while initializing krb5"
+msgstr "beim Initialisieren von Krb5"
+
+#: ../../src/clients/kdestroy/kdestroy.c:133
+msgid "while listing credential caches"
+msgstr "beim Auflisten der Anmeldedatenzwischenspeicher"
+
+#: ../../src/clients/kdestroy/kdestroy.c:140
+msgid "composing ccache name"
+msgstr "Ccache-Name wird zusammengesetzt."
+
+#: ../../src/clients/kdestroy/kdestroy.c:145
+#, c-format
+msgid "while destroying cache %s"
+msgstr "beim Zerstören des Zwischenspeichers %s"
+
+#: ../../src/clients/kdestroy/kdestroy.c:157
+#: ../../src/clients/kswitch/kswitch.c:104
+#, c-format
+msgid "while resolving %s"
+msgstr "beim Auflösen von %s"
+
+#: ../../src/clients/kdestroy/kdestroy.c:163
+#: ../../src/clients/kinit/kinit.c:501 ../../src/clients/klist/klist.c:460
+msgid "while getting default ccache"
+msgstr "beim Holen des Standard-Ccaches"
+
+#: ../../src/clients/kdestroy/kdestroy.c:170 ../../src/clients/ksu/main.c:986
+msgid "while destroying cache"
+msgstr "beim Zerstören des Zwischenspeichers"
+
+#: ../../src/clients/kdestroy/kdestroy.c:173
+#, c-format
+msgid "Ticket cache NOT destroyed!\n"
+msgstr "Ticketzwischenspeicher NICHT vernichtet!\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:175
+#, c-format
+msgid "Ticket cache %cNOT%c destroyed!\n"
+msgstr "Ticketzwischenspeicher %cNICHT%c vernichtet!\n"
+
+#: ../../src/clients/kinit/kinit.c:213
+#, c-format
+msgid "\t-V verbose\n"
+msgstr "\t-V detaillierte Ausgabe\n"
+
+#: ../../src/clients/kinit/kinit.c:214
+#, c-format
+msgid "\t-l lifetime\n"
+msgstr "\t-l Lebensdauer\n"
+
+#: ../../src/clients/kinit/kinit.c:215
+#, c-format
+msgid "\t-s start time\n"
+msgstr "\t-s Startzeit\n"
+
+#: ../../src/clients/kinit/kinit.c:216
+#, c-format
+msgid "\t-r renewable lifetime\n"
+msgstr "\t-r verlängerbare Lebensdauer\n"
+
+#: ../../src/clients/kinit/kinit.c:217
+#, c-format
+msgid "\t-f forwardable\n"
+msgstr "\t-f weiterleitbar\n"
+
+#: ../../src/clients/kinit/kinit.c:218
+#, c-format
+msgid "\t-F not forwardable\n"
+msgstr "\t-F nicht weiterleitbar\n"
+
+#: ../../src/clients/kinit/kinit.c:219
+#, c-format
+msgid "\t-p proxiable\n"
+msgstr "\t-p Proxy nutzbar\n"
+
+#: ../../src/clients/kinit/kinit.c:220
+#, c-format
+msgid "\t-P not proxiable\n"
+msgstr "\t-P Proxy nicht nutzbar\n"
+
+#: ../../src/clients/kinit/kinit.c:221
+#, c-format
+msgid "\t-n anonymous\n"
+msgstr "\t-n anonym\n"
+
+#: ../../src/clients/kinit/kinit.c:222
+#, c-format
+msgid "\t-a include addresses\n"
+msgstr "\t-a bezieht Adressen ein.\n"
+
+#: ../../src/clients/kinit/kinit.c:223
+#, c-format
+msgid "\t-A do not include addresses\n"
+msgstr "\t-a bezieht Adressen nicht ein.\n"
+
+#: ../../src/clients/kinit/kinit.c:224
+#, c-format
+msgid "\t-v validate\n"
+msgstr "\t-v überprüft\n"
+
+#: ../../src/clients/kinit/kinit.c:225
+#, c-format
+msgid "\t-R renew\n"
+msgstr "\t-R erneuert\n"
+
+#: ../../src/clients/kinit/kinit.c:226
+#, c-format
+msgid "\t-C canonicalize\n"
+msgstr "\t-C bringt in Normalform\n"
+
+#: ../../src/clients/kinit/kinit.c:227
+#, c-format
+msgid "\t-E client is enterprise principal name\n"
+msgstr "\t-E Client ist der Principal-Name des Unternehmens\n"
+
+#: ../../src/clients/kinit/kinit.c:228
+#, c-format
+msgid "\t-k use keytab\n"
+msgstr "\t-k verwendet Schlüsseltabelle\n"
+
+#: ../../src/clients/kinit/kinit.c:229
+#, c-format
+msgid "\t-i use default client keytab (with -k)\n"
+msgstr "\t-i verwendet die Standardschlüsseltabelle des Clients (mit -k).\n"
+
+#: ../../src/clients/kinit/kinit.c:230
+#, c-format
+msgid "\t-t filename of keytab to use\n"
+msgstr "\t-t Dateiname der zu verwendenden Schlüsseltabelle\n"
+
+#: ../../src/clients/kinit/kinit.c:231
+#, c-format
+msgid "\t-c Kerberos 5 cache name\n"
+msgstr "\t-c Kerberos-5-Zwischenspeichername\n"
+
+#: ../../src/clients/kinit/kinit.c:232
+#, c-format
+msgid "\t-S service\n"
+msgstr "\t-S Dienst\n"
+
+#: ../../src/clients/kinit/kinit.c:233
+#, c-format
+msgid "\t-T armor credential cache\n"
+msgstr "\t-T gehärteter Anmeldedatenzwischenspeicher\n"
+
+#: ../../src/clients/kinit/kinit.c:234
+#, c-format
+msgid "\t-X <attribute>[=<value>]\n"
+msgstr "\t-X <Attribut>[=<Wert>]\n"
+
+#: ../../src/clients/kinit/kinit.c:301 ../../src/clients/kinit/kinit.c:309
+#, c-format
+msgid "Bad lifetime value %s\n"
+msgstr "falscher Wert für die Lebensdauer %s\n"
+
+#: ../../src/clients/kinit/kinit.c:343
+#, c-format
+msgid "Bad start time value %s\n"
+msgstr "falscher Wert für die Startzeit %s\n"
+
+#: ../../src/clients/kinit/kinit.c:362
+#, c-format
+msgid "Only one -t option allowed.\n"
+msgstr "Nur eine -t-Option ist erlaubt.\n"
+
+#: ../../src/clients/kinit/kinit.c:370
+#, c-format
+msgid "Only one armor_ccache\n"
+msgstr "nur ein gehärteter Ccache\n"
+
+#: ../../src/clients/kinit/kinit.c:391
+#, c-format
+msgid "Only one -I option allowed\n"
+msgstr "Nur eine -I-Option ist erlaubt.\n"
+
+#: ../../src/clients/kinit/kinit.c:401
+msgid "while adding preauth option"
+msgstr "beim Hinzufügen der Option »preauth«"
+
+#: ../../src/clients/kinit/kinit.c:425
+#, c-format
+msgid "Only one of -f and -F allowed\n"
+msgstr "Nur eine der Optionen -f und -F ist erlaubt.\n"
+
+#: ../../src/clients/kinit/kinit.c:430
+#, c-format
+msgid "Only one of -p and -P allowed\n"
+msgstr "Nur eine der Optionen -p und -P ist erlaubt.\n"
+
+#: ../../src/clients/kinit/kinit.c:435
+#, c-format
+msgid "Only one of -a and -A allowed\n"
+msgstr "Nur eine der Optionen -a und -A ist erlaubt.\n"
+
+#: ../../src/clients/kinit/kinit.c:440
+#, c-format
+msgid "Only one of -t and -i allowed\n"
+msgstr "Nur eine der Optionen -t und-i ist erlaubt.\n"
+
+#: ../../src/clients/kinit/kinit.c:447
+#, c-format
+msgid "keytab specified, forcing -k\n"
+msgstr "Schlüsseltabelle angegeben, -k wird erzwungen\n"
+
+#: ../../src/clients/kinit/kinit.c:451 ../../src/clients/klist/klist.c:221
+#, c-format
+msgid "Extra arguments (starting with \"%s\").\n"
+msgstr "zusätzliche Argumente (beginnend mit »%s«)\n"
+
+#: ../../src/clients/kinit/kinit.c:480
+msgid "while initializing Kerberos 5 library"
+msgstr "beim Initialisieren der Kerberos-5-Bibliothek"
+
+#: ../../src/clients/kinit/kinit.c:488 ../../src/clients/kinit/kinit.c:644
+#, c-format
+msgid "resolving ccache %s"
+msgstr "Ccache %s wird ermittelt"
+
+#: ../../src/clients/kinit/kinit.c:493
+#, c-format
+msgid "Using specified cache: %s\n"
+msgstr "Angegebener Zwischenspeicher wird verwendet: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:515 ../../src/clients/kinit/kinit.c:595
+#: ../../src/clients/kpasswd/kpasswd.c:28 ../../src/clients/ksu/main.c:238
+#, c-format
+msgid "when parsing name %s"
+msgstr "wenn der Name %s ausgewertet wird"
+
+#: ../../src/clients/kinit/kinit.c:523 ../../src/kadmin/dbutil/kdb5_util.c:307
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391
+#: ../../src/slave/kprop.c:203
+msgid "while getting default realm"
+msgstr "beim Holen des Standard-Realms"
+
+#: ../../src/clients/kinit/kinit.c:535
+msgid "while building principal"
+msgstr "beim Erstellen des Principals"
+
+#: ../../src/clients/kinit/kinit.c:543
+msgid "When resolving the default client keytab"
+msgstr "beim Auflösen der Standardschlüsseltabelle des Clients"
+
+#: ../../src/clients/kinit/kinit.c:550
+msgid "When determining client principal name from keytab"
+msgstr "beim Bestimmen des Dienst-Principal-Namens anhand der Schlüsseltabelle"
+
+#: ../../src/clients/kinit/kinit.c:559
+msgid "when creating default server principal name"
+msgstr "wenn der Standard-Principal-Name des Servers erstellt wird"
+
+#: ../../src/clients/kinit/kinit.c:566
+#, c-format
+msgid "(principal %s)"
+msgstr "(Principal %s)"
+
+#: ../../src/clients/kinit/kinit.c:569
+msgid "for local services"
+msgstr "für lokale Dienste"
+
+#: ../../src/clients/kinit/kinit.c:590 ../../src/clients/kpasswd/kpasswd.c:42
+#, c-format
+msgid "Unable to identify user\n"
+msgstr "Benutzer kann nicht identifiziert werden\n"
+
+#: ../../src/clients/kinit/kinit.c:605 ../../src/clients/kswitch/kswitch.c:116
+#, c-format
+msgid "while searching for ccache for %s"
+msgstr "beim Suchen nach Ccache für %s"
+
+#: ../../src/clients/kinit/kinit.c:611
+#, c-format
+msgid "Using existing cache: %s\n"
+msgstr "Existierender Zwischenspeicher wird verwendet: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:620
+msgid "while generating new ccache"
+msgstr "beim Erstellen von neuem Ccache"
+
+#: ../../src/clients/kinit/kinit.c:624
+#, c-format
+msgid "Using new cache: %s\n"
+msgstr "Neuer Zwischenspeicher wird verwendet: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:636
+#, c-format
+msgid "Using default cache: %s\n"
+msgstr "Standardzwischenspeicher wird verwendet: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:649
+#, c-format
+msgid "Using specified input cache: %s\n"
+msgstr "Angegebener Eingabezwischenspeicher wird verwendet: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:657 ../../src/clients/ksu/krb_auth_su.c:160
+msgid "when unparsing name"
+msgstr "beim Rückgängigmachen der Auswertung des Namens"
+
+#: ../../src/clients/kinit/kinit.c:661
+#, c-format
+msgid "Using principal: %s\n"
+msgstr "verwendeter Principal: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:752
+msgid "getting local addresses"
+msgstr "Lokale Adressen werden geholt."
+
+#: ../../src/clients/kinit/kinit.c:771
+#, c-format
+msgid "while setting up KDB keytab for realm %s"
+msgstr "beim Einrichten der KDB-Schlüsseltabelle für Realm %s"
+
+#: ../../src/clients/kinit/kinit.c:780 ../../src/clients/kvno/kvno.c:201
+#, c-format
+msgid "resolving keytab %s"
+msgstr "Schlüsseltabelle wird ermittelt: %s"
+
+#: ../../src/clients/kinit/kinit.c:785
+#, c-format
+msgid "Using keytab: %s\n"
+msgstr "Schlüsseltabelle wird verwendet: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:789
+msgid "resolving default client keytab"
+msgstr "Standardschlüsseltabelle des Clients wird ermittelt."
+
+#: ../../src/clients/kinit/kinit.c:799
+#, c-format
+msgid "while setting '%s'='%s'"
+msgstr "beim Setzen von »%s«=»%s«"
+
+#: ../../src/clients/kinit/kinit.c:804
+#, c-format
+msgid "PA Option %s = %s\n"
+msgstr "PA-Option %s = %s\n"
+
+#: ../../src/clients/kinit/kinit.c:849
+msgid "getting initial credentials"
+msgstr "Anfängliche Anmeldedaten werden geholt."
+
+#: ../../src/clients/kinit/kinit.c:852
+msgid "validating credentials"
+msgstr "Anmeldedaten werden geprüft."
+
+#: ../../src/clients/kinit/kinit.c:855
+msgid "renewing credentials"
+msgstr "Anmeldedaten werden erneuert."
+
+#: ../../src/clients/kinit/kinit.c:860
+#, c-format
+msgid "%s: Password incorrect while %s\n"
+msgstr "%s: Passwort bei %s falsch\n"
+
+#: ../../src/clients/kinit/kinit.c:863
+#, c-format
+msgid "while %s"
+msgstr "bei %s"
+
+#: ../../src/clients/kinit/kinit.c:871 ../../src/slave/kprop.c:224
+#, c-format
+msgid "when initializing cache %s"
+msgstr "beim Initialisieren des Zwischenspeichers %s"
+
+#: ../../src/clients/kinit/kinit.c:876
+#, c-format
+msgid "Initialized cache\n"
+msgstr "initialisierter Zwischenspeicher\n"
+
+#: ../../src/clients/kinit/kinit.c:880
+msgid "while storing credentials"
+msgstr "beim Speichern der Anmeldedaten"
+
+#: ../../src/clients/kinit/kinit.c:884
+#, c-format
+msgid "Stored credentials\n"
+msgstr "gespeicherte Anmeldedaten\n"
+
+#: ../../src/clients/kinit/kinit.c:891
+msgid "while switching to new ccache"
+msgstr "beim Wechsel zum neuen Ccache"
+
+#: ../../src/clients/kinit/kinit.c:946
+#, c-format
+msgid "Authenticated to Kerberos v5\n"
+msgstr "Authentifiziert für Kerberos v5\n"
+
+#: ../../src/clients/klist/klist.c:91
+#, c-format
+msgid ""
+"Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] "
+"[name]\n"
+msgstr ""
+"Aufruf: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-t] [-"
+"K]] [Name]\n"
+
+#: ../../src/clients/klist/klist.c:93
+#, c-format
+msgid "\t-c specifies credentials cache\n"
+msgstr "\t-c gibt den Anmeldedatenzwischenspeicher an\n"
+
+#: ../../src/clients/klist/klist.c:94
+#, c-format
+msgid "\t-k specifies keytab\n"
+msgstr "\t-k gibt die Schlüsseltabelle an.\n"
+
+#: ../../src/clients/klist/klist.c:95
+#, c-format
+msgid "\t   (Default is credentials cache)\n"
+msgstr "\t   (Voreinstellung ist Anmeldedatenzwischenspeicher)\n"
+
+#: ../../src/clients/klist/klist.c:96
+#, c-format
+msgid "\t-i uses default client keytab if no name given\n"
+msgstr ""
+"\t-i verwendet die Standardschlüsseltabelle des Clients, falls kein Name "
+"angegeben wurde.\n"
+
+#: ../../src/clients/klist/klist.c:97
+#, c-format
+msgid "\t-l lists credential caches in collection\n"
+msgstr "\t-l listet gesammelte Anmeldedatenzwischenspeicher auf.\n"
+
+#: ../../src/clients/klist/klist.c:98
+#, c-format
+msgid "\t-A shows content of all credential caches\n"
+msgstr "\t-A zeigt den Inhalt aller Anmeldedatenzwischenspeicher an.\n"
+
+#: ../../src/clients/klist/klist.c:99
+#, c-format
+msgid "\t-e shows the encryption type\n"
+msgstr "\t-e zeigt den Verschlüsselungstyp.\n"
+
+#: ../../src/clients/klist/klist.c:100
+#, c-format
+msgid "\t-V shows the Kerberos version and exits\n"
+msgstr "\t-V zeigt die Kerberos-Version und wird beendet.\n"
+
+#: ../../src/clients/klist/klist.c:101
+#, c-format
+msgid "\toptions for credential caches:\n"
+msgstr "\tOptionen für Anmeldedatenzwischenspeicher:\n"
+
+#: ../../src/clients/klist/klist.c:102
+#, c-format
+msgid "\t\t-d shows the submitted authorization data types\n"
+msgstr "\t\t-d zeigt die übertragenen Autorisierungsdatentypen.\n"
+
+#: ../../src/clients/klist/klist.c:104
+#, c-format
+msgid "\t\t-f shows credentials flags\n"
+msgstr "t\t-f zeigt die Anmeldedatenschalter.\n"
+
+#: ../../src/clients/klist/klist.c:105
+#, c-format
+msgid "\t\t-s sets exit status based on valid tgt existence\n"
+msgstr ""
+"\t\t-s setzt den Exit-Status auf Basis der Existenz eines gültigen TGTs.\n"
+
+#: ../../src/clients/klist/klist.c:107
+#, c-format
+msgid "\t\t-a displays the address list\n"
+msgstr "\t\t-a zeigt die Adressliste.\n"
+
+#: ../../src/clients/klist/klist.c:108
+#, c-format
+msgid "\t\t\t-n do not reverse-resolve\n"
+msgstr "\t\t\t-n löst nicht rückwärts auf.\n"
+
+#: ../../src/clients/klist/klist.c:109
+#, c-format
+msgid "\toptions for keytabs:\n"
+msgstr "\tOptionen für Schlüsseltabellen:\n"
+
+#: ../../src/clients/klist/klist.c:110
+#, c-format
+msgid "\t\t-t shows keytab entry timestamps\n"
+msgstr "\t\t-t zeigt die Zeitstempel der Schlüsseltabelleneinträge.\n"
+
+#: ../../src/clients/klist/klist.c:111
+#, c-format
+msgid "\t\t-K shows keytab entry keys\n"
+msgstr "\t\t-K zeigt die Schlüssel der Schlüsseltabelleneinträge.\n"
+
+#: ../../src/clients/klist/klist.c:230
+#, c-format
+msgid "%s version %s\n"
+msgstr "%s Version %s\n"
+
+#: ../../src/clients/klist/klist.c:282
+msgid "while getting default client keytab"
+msgstr "beim Holen der Standardschlüsseltabelle des Clients"
+
+#: ../../src/clients/klist/klist.c:287
+msgid "while getting default keytab"
+msgstr "beim Holen der Standardschlüsseltabelle"
+
+#: ../../src/clients/klist/klist.c:292 ../../src/kadmin/cli/keytab.c:108
+#, c-format
+msgid "while resolving keytab %s"
+msgstr "beim Ermitteln der Schlüsseltabelle %s"
+
+#: ../../src/clients/klist/klist.c:298 ../../src/kadmin/cli/keytab.c:92
+msgid "while getting keytab name"
+msgstr "beim Holen des Schlüsseltabellennamens"
+
+#: ../../src/clients/klist/klist.c:305 ../../src/kadmin/cli/keytab.c:399
+msgid "while starting keytab scan"
+msgstr "beim Start des Schlüsseltabellen-Scans"
+
+#: ../../src/clients/klist/klist.c:326 ../../src/clients/klist/klist.c:500
+#: ../../src/clients/ksu/ccache.c:465 ../../src/kadmin/dbutil/dump.c:550
+msgid "while unparsing principal name"
+msgstr "beim Rückgängigmachen des Auswertens des Principal-Namens"
+
+#: ../../src/clients/klist/klist.c:350 ../../src/kadmin/cli/keytab.c:443
+msgid "while scanning keytab"
+msgstr "beim Scannen der Schlüsseltabelle"
+
+#: ../../src/clients/klist/klist.c:354 ../../src/kadmin/cli/keytab.c:448
+msgid "while ending keytab scan"
+msgstr "beim Beenden des Schlüsseltabellen-Scans"
+
+#: ../../src/clients/klist/klist.c:371 ../../src/clients/klist/klist.c:434
+msgid "while listing ccache collection"
+msgstr "beim Aufführen der Ccache-Sammlung"
+
+#: ../../src/clients/klist/klist.c:411
+msgid "(Expired)"
+msgstr "(abgelaufen)"
+
+#: ../../src/clients/klist/klist.c:466
+#, c-format
+msgid "while resolving ccache %s"
+msgstr "beim Ermitteln des Ccaches %s"
+
+#: ../../src/clients/klist/klist.c:504
+#, c-format
+msgid ""
+"Ticket cache: %s:%s\n"
+"Default principal: %s\n"
+"\n"
+msgstr ""
+"Ticketzwischenspeicher: %s:%s\n"
+"Standard-Principal: %s\n"
+"\n"
+
+#: ../../src/clients/klist/klist.c:518
+msgid "while starting to retrieve tickets"
+msgstr "während das Abfragen der Tickets beginnt"
+
+#: ../../src/clients/klist/klist.c:539
+msgid "while finishing ticket retrieval"
+msgstr "während das Abfragem der Tickets endet"
+
+#: ../../src/clients/klist/klist.c:545
+msgid "while closing ccache"
+msgstr "beim Schließen des Ccaches"
+
+#: ../../src/clients/klist/klist.c:555
+msgid "while retrieving a ticket"
+msgstr "beim Abfragen eines Tickets"
+
+#: ../../src/clients/klist/klist.c:667 ../../src/clients/ksu/ccache.c:450
+#: ../../src/slave/kpropd.c:1225 ../../src/slave/kpropd.c:1285
+msgid "while unparsing client name"
+msgstr "beim Rückgängigmachen des Auswertens des Client-Namens"
+
+#: ../../src/clients/klist/klist.c:672 ../../src/clients/ksu/ccache.c:455
+#: ../../src/slave/kprop.c:240
+msgid "while unparsing server name"
+msgstr "beim Rückgängigmachen des Auswertens des Server-Namens"
+
+#: ../../src/clients/klist/klist.c:701 ../../src/clients/ksu/ccache.c:480
+#, c-format
+msgid "\tfor client %s"
+msgstr "\tfür Client %s"
+
+#: ../../src/clients/klist/klist.c:713 ../../src/clients/ksu/ccache.c:489
+msgid "renew until "
+msgstr "erneuern bis "
+
+#: ../../src/clients/klist/klist.c:730 ../../src/clients/ksu/ccache.c:499
+#, c-format
+msgid "Flags: %s"
+msgstr "Schalter: %s"
+
+#: ../../src/clients/klist/klist.c:749
+#, c-format
+msgid "Etype (skey, tkt): %s, "
+msgstr "Etype (Skey, TKT): %s, "
+
+#: ../../src/clients/klist/klist.c:766
+#, c-format
+msgid "AD types: "
+msgstr "AD-Typen"
+
+#: ../../src/clients/klist/klist.c:783
+#, c-format
+msgid "\tAddresses: (none)\n"
+msgstr "\tAdressen: (keine)\n"
+
+#: ../../src/clients/klist/klist.c:785
+#, c-format
+msgid "\tAddresses: "
+msgstr "\tAdressen: "
+
+#: ../../src/clients/klist/klist.c:818
+#, c-format
+msgid "broken address (type %d length %d)"
+msgstr "kaputte Adresse (Typ %d Länge %d)"
+
+#: ../../src/clients/klist/klist.c:838
+#, c-format
+msgid "unknown addrtype %d"
+msgstr "unbekannter »addrtype« %d"
+
+#: ../../src/clients/klist/klist.c:847
+#, c-format
+msgid "unprintable address (type %d, error %d %s)"
+msgstr "nicht druckbare Adresse (Typ %d Fehler %d %s)"
+
+#: ../../src/clients/kpasswd/kpasswd.c:12 ../../src/lib/krb5/krb/gic_pwd.c:396
+msgid "Enter new password"
+msgstr "Geben Sie ein neues Passwort ein."
+
+#: ../../src/clients/kpasswd/kpasswd.c:13 ../../src/lib/krb5/krb/gic_pwd.c:404
+msgid "Enter it again"
+msgstr "Geben Sie es erneut ein."
+
+#: ../../src/clients/kpasswd/kpasswd.c:33
+#, c-format
+msgid "Unable to identify user from password file\n"
+msgstr ""
+"Der Benutzer kann nicht anhand der Passwortdatei identifiziert werden.\n"
+
+#: ../../src/clients/kpasswd/kpasswd.c:65
+#, c-format
+msgid "usage: %s [principal]\n"
+msgstr "Aufruf: %s [Principal]\n"
+
+#: ../../src/clients/kpasswd/kpasswd.c:73
+msgid "initializing kerberos library"
+msgstr "Kerberos-Bibliothek wird initialisiert."
+
+#: ../../src/clients/kpasswd/kpasswd.c:77
+msgid "allocating krb5_get_init_creds_opt"
+msgstr "krb5_get_init_creds_opt wird reserviert."
+
+#: ../../src/clients/kpasswd/kpasswd.c:92
+msgid "opening default ccache"
+msgstr "Standard-Ccache wird geöffnet."
+
+#: ../../src/clients/kpasswd/kpasswd.c:97
+msgid "getting principal from ccache"
+msgstr "Principal wird vom Ccache geholt."
+
+#: ../../src/clients/kpasswd/kpasswd.c:104
+msgid "while setting FAST ccache"
+msgstr "beim Setzen des FAST-Ccaches"
+
+#: ../../src/clients/kpasswd/kpasswd.c:111
+msgid "closing ccache"
+msgstr "Ccache wird geschlossen."
+
+#: ../../src/clients/kpasswd/kpasswd.c:118
+msgid "parsing client name"
+msgstr "Client-Name wird ausgewertet."
+
+#: ../../src/clients/kpasswd/kpasswd.c:135
+msgid "Password incorrect while getting initial ticket"
+msgstr "Passwort beim Holen des anfänglichen Tickets falsch"
+
+#: ../../src/clients/kpasswd/kpasswd.c:137
+msgid "getting initial ticket"
+msgstr "Anfängliches Ticket wird geholt."
+
+#: ../../src/clients/kpasswd/kpasswd.c:144
+msgid "while reading password"
+msgstr "beim Lesen des Passworts"
+
+#: ../../src/clients/kpasswd/kpasswd.c:152
+msgid "changing password"
+msgstr "Passwort wird geändert."
+
+#: ../../src/clients/kpasswd/kpasswd.c:174
+#: ../lib/kadm5/chpass_util_strings.c:30
+#, c-format
+msgid "Password changed.\n"
+msgstr "Passwort geändert\n"
+
+#: ../../src/clients/ksu/authorization.c:369
+#, c-format
+msgid ""
+"Error: bad entry - %s in %s file, must be either full path or just the cmd "
+"name\n"
+msgstr ""
+"Fehler: falscher Eintrag – %s in Datei %s muss entweder ein vollständiger "
+"Pfad oder nur ein Befehlsname sein.\n"
+
+#: ../../src/clients/ksu/authorization.c:377
+#, c-format
+msgid ""
+"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH "
+"must be defined \n"
+msgstr ""
+"Fehler: falscher Eintrag – %s in Datei %s. Da %s nur ein Befehlsname ist, "
+"muss CMD_PATH definiert sein.\n"
+
+#: ../../src/clients/ksu/authorization.c:392
+#, c-format
+msgid "Error: bad entry - %s in %s file, CMD_PATH contains no paths \n"
+msgstr ""
+"Fehler: falscher Eintrag – %s in Datei %s. CMD_PATH enthält keine Pfade.\n"
+
+#: ../../src/clients/ksu/authorization.c:401
+#, c-format
+msgid "Error: bad path %s in CMD_PATH for %s must start with '/' \n"
+msgstr "Fehler: falscher Pfad %s in CMD_PATH für %s muss mit »/« beginnen\n"
+
+#: ../../src/clients/ksu/authorization.c:517
+msgid "Error: not found -> "
+msgstr "Fehler: nicht gefunden -> "
+
+#: ../../src/clients/ksu/authorization.c:723
+#, c-format
+msgid "home directory name `%s' too long, can't search for .k5login\n"
+msgstr ""
+"Name des Home-Verzeichnisses »%s« ist zu lang, Suche nach .k5login nicht "
+"möglich\n"
+
+#: ../../src/clients/ksu/ccache.c:368
+#, c-format
+msgid "home directory path for %s too long\n"
+msgstr "Home-Verzeichnispfad für %s zu lang\n"
+
+#: ../../src/clients/ksu/ccache.c:461
+msgid "while retrieving principal name"
+msgstr "beim Abfragen des Principal-Namens"
+
+#: ../../src/clients/ksu/krb_auth_su.c:57
+#: ../../src/clients/ksu/krb_auth_su.c:62 ../../src/slave/kprop.c:247
+msgid "while copying client principal"
+msgstr "beim Kopieren des Client-Principals"
+
+#: ../../src/clients/ksu/krb_auth_su.c:69
+msgid "while creating tgt for local realm"
+msgstr "beim Erstellen des TGTs für lokalen Realm"
+
+#: ../../src/clients/ksu/krb_auth_su.c:84
+msgid "while retrieving creds from cache"
+msgstr "beim Abfragen der Anmeldedaten aus dem Zwischenspeicher"
+
+#: ../../src/clients/ksu/krb_auth_su.c:95
+msgid "while switching to target uid"
+msgstr "beim Umschalten auf die Ziel-UID"
+
+#: ../../src/clients/ksu/krb_auth_su.c:100
+#, c-format
+msgid ""
+"WARNING: Your password may be exposed if you enter it here and are logged \n"
+msgstr ""
+"WARNUNG: Ihr Passwort könnte offengelegt werden, falls Sie es hier eingeben "
+"und\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:102
+#, c-format
+msgid "         in remotely using an unsecure (non-encrypted) channel. \n"
+msgstr ""
+"         in der Ferne mittels eines unsicheren (unverschlüsselten) Kanals\n"
+"         angemeldet sind.\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:464
+msgid "while reclaiming root uid"
+msgstr "beim erneuten Beanspruchen der Root-UID"
+
+#: ../../src/clients/ksu/krb_auth_su.c:121
+#, c-format
+msgid "does not have any appropriate tickets in the cache.\n"
+msgstr "hat keine geeigneten Tickets im Zwischenspeicher.\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:133
+msgid "while verifying ticket for server"
+msgstr "beim Prüfen des Tickets für Server"
+
+#: ../../src/clients/ksu/krb_auth_su.c:167
+msgid "while getting time of day"
+msgstr "beim Holen der Tageszeit"
+
+#: ../../src/clients/ksu/krb_auth_su.c:171
+#, c-format
+msgid "Kerberos password for %s: "
+msgstr "Kerberos-Passwort für %s: "
+
+#: ../../src/clients/ksu/krb_auth_su.c:175
+#, c-format
+msgid "principal name %s too long for internal buffer space\n"
+msgstr "Principal-Name %s für den internen Pufferbereich zu groß\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:184
+#, c-format
+msgid "while reading password for '%s'\n"
+msgstr "beim Lesen des Passworts für »%s«\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:191
+#, c-format
+msgid "No password given\n"
+msgstr "kein Passwort angegeben\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:204
+#, c-format
+msgid "%s: Password incorrect\n"
+msgstr "%s: Passwort falsch\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:206
+msgid "while getting initial credentials"
+msgstr "beim Holen der Anfangsanmeldedaten"
+
+#: ../../src/clients/ksu/krb_auth_su.c:226
+#: ../../src/clients/ksu/krb_auth_su.c:240
+#, c-format
+msgid " %s while unparsing name\n"
+msgstr "%s beim Rückgängigmachen der Namensauswertung\n"
+
+#: ../../src/clients/ksu/main.c:68
+#, c-format
+msgid ""
+"Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r "
+"time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a "
+"[args... ] ]\n"
+msgstr ""
+"Aufruf: %s [Zielbenutzer] [-n Principal] [-c Quellenzwischenspeichername] [-"
+"k] [-D] [-r Zeit] [-pf] [-l Lebensdauer] [-zZ] [-q] [-e Befehl [Argumente "
+"…] ] [-a [Argumente …] ]\n"
+
+#: ../../src/clients/ksu/main.c:147
+msgid ""
+"program name too long - quitting to avoid triggering system logging bugs"
+msgstr ""
+"Programmname zu lang – wird beendet, um das Auslösen von "
+"Systemprotokollierungsfehlern zu vermeiden"
+
+#: ../../src/clients/ksu/main.c:173
+msgid "while allocating memory"
+msgstr "bei Reservieren von Speicher"
+
+#: ../../src/clients/ksu/main.c:186
+msgid "while setting euid to source user"
+msgstr "beim Setzen der EUID auf dem Quellbenutzer"
+
+#: ../../src/clients/ksu/main.c:196 ../../src/clients/ksu/main.c:231
+#, c-format
+msgid "Bad lifetime value (%s hours?)\n"
+msgstr "falscher Wert für Lebensdauer (%s Stunden?)\n"
+
+#: ../../src/clients/ksu/main.c:208 ../../src/clients/ksu/main.c:292
+msgid "when gathering parameters"
+msgstr "beim Zusammenstellen der Parameter"
+
+#: ../../src/clients/ksu/main.c:251
+#, c-format
+msgid "-z option is mutually exclusive with -Z.\n"
+msgstr "Die Optionen -z und -Z schließen sich gegenseitig aus.\n"
+
+#: ../../src/clients/ksu/main.c:259
+#, c-format
+msgid "-Z option is mutually exclusive with -z.\n"
+msgstr "Die Optionen -Z und -z schließen sich gegenseitig aus.\n"
+
+#: ../../src/clients/ksu/main.c:272
+#, c-format
+msgid "while looking for credentials cache %s"
+msgstr "beim Suchen nach dem Anmeldedatenzwischenspeicher %s"
+
+#: ../../src/clients/ksu/main.c:278
+#, c-format
+msgid "malformed credential cache name %s\n"
+msgstr "falsch gebildeter Anmeldedatenzwischenspeichername %s\n"
+
+# ksu ist eine Kerberos-Variante von su
+#: ../../src/clients/ksu/main.c:336
+#, c-format
+msgid "ksu: who are you?\n"
+msgstr "ksu: Wer sind Sie?\n"
+
+#: ../../src/clients/ksu/main.c:340
+#, c-format
+msgid "Your uid doesn't match your passwd entry?!\n"
+msgstr "Ihre UID passt nicht zu Ihrem Passworteintrag.\n"
+
+#: ../../src/clients/ksu/main.c:355
+#, c-format
+msgid "ksu: unknown login %s\n"
+msgstr "ksu: unbekannter Anmeldename %s\n"
+
+#: ../../src/clients/ksu/main.c:375
+msgid "while getting source cache"
+msgstr "beim Holen des Quellenzwischenspeichers"
+
+#: ../../src/clients/ksu/main.c:381 ../../src/clients/kvno/kvno.c:194
+msgid "while opening ccache"
+msgstr "beim Öffnen des Ccaches"
+
+#: ../../src/clients/ksu/main.c:389
+msgid "while selecting the best principal"
+msgstr "beim Auswählen des besten Principals"
+
+#: ../../src/clients/ksu/main.c:397
+msgid "while returning to source uid after finding best principal"
+msgstr ""
+"bei der Rückkehr zur Quell-UID, nachdem der beste Principal gefunden wurde"
+
+#: ../../src/clients/ksu/main.c:417
+#, c-format
+msgid "account %s: authorization failed\n"
+msgstr "Konto %s: Autorisierung fehlgeschlagen\n"
+
+#: ../../src/clients/ksu/main.c:442
+msgid "while parsing temporary name"
+msgstr "beim Auswertens des temporären Namens"
+
+#: ../../src/clients/ksu/main.c:447
+msgid "while creating temporary cache"
+msgstr "bei Erstellen des temporären Zwischenspeichers"
+
+#: ../../src/clients/ksu/main.c:453 ../../src/clients/ksu/main.c:693
+#, c-format
+msgid "while copying cache %s to %s"
+msgstr "beim Kopieren des Zwischenspeichers %s nach %s"
+
+#: ../../src/clients/ksu/main.c:471
+#, c-format
+msgid ""
+"WARNING: Your password may be exposed if you enter it here and are logged\n"
+msgstr ""
+"WARNUNG: Ihr Passwort könnte offengelegt werden, falls Sie es hier eingeben "
+"und\n"
+
+#: ../../src/clients/ksu/main.c:473
+#, c-format
+msgid "         in remotely using an unsecure (non-encrypted) channel.\n"
+msgstr ""
+"         in der Ferne über einen unsicheren (unverschlüsselten) Kanal "
+"angemeldet\n"
+"sind.\n"
+
+#: ../../src/clients/ksu/main.c:479
+#, c-format
+msgid "Goodbye\n"
+msgstr "Auf Wiedersehen\n"
+
+#: ../../src/clients/ksu/main.c:483
+#, c-format
+msgid "Could not get a tgt for "
+msgstr "Es konnte kein TGT geholt werden für "
+
+#: ../../src/clients/ksu/main.c:505
+#, c-format
+msgid "Authentication failed.\n"
+msgstr "Authentifizierung fehlgeschlagen.\n"
+
+#: ../../src/clients/ksu/main.c:513
+msgid "When unparsing name"
+msgstr "beim Rückgängigmachen der Namensauswertung"
+
+#: ../../src/clients/ksu/main.c:517
+#, c-format
+msgid "Authenticated %s\n"
+msgstr "Authentifiziert %s\n"
+
+#: ../../src/clients/ksu/main.c:524
+msgid "while switching to target for authorization check"
+msgstr "beim Wechsel des Ziels der Autorisierungsprüfung"
+
+#: ../../src/clients/ksu/main.c:531
+msgid "while checking authorization"
+msgstr "beim Prüfen der Autorisierung"
+
+#: ../../src/clients/ksu/main.c:537
+msgid "while switching back from target after authorization check"
+msgstr "beim Zurückwechsel vom Ziel nach der Autorisierungsprüfung"
+
+#: ../../src/clients/ksu/main.c:544
+#, c-format
+msgid "Account %s: authorization for %s for execution of\n"
+msgstr "Konto %s: Autorisierung für %s zum Ausführen von\n"
+
+#: ../../src/clients/ksu/main.c:546
+#, c-format
+msgid "               %s successful\n"
+msgstr "               %s erfolgreich\n"
+
+#: ../../src/clients/ksu/main.c:552
+#, c-format
+msgid "Account %s: authorization for %s successful\n"
+msgstr "Konto %s: Autorisierung für %s erfolgreich\n"
+
+#: ../../src/clients/ksu/main.c:564
+#, c-format
+msgid "Account %s: authorization for %s for execution of %s failed\n"
+msgstr "Konto %s: Autorisierung für %s zum Ausführen von %s fehlgeschlagen\n"
+
+#: ../../src/clients/ksu/main.c:572
+#, c-format
+msgid "Account %s: authorization of %s failed\n"
+msgstr "Konto %s: Autorisierung von %s fehlgeschlagen\n"
+
+#: ../../src/clients/ksu/main.c:587
+msgid "while calling cc_filter"
+msgstr "beim Aufruf von »cc_filter«"
+
+#: ../../src/clients/ksu/main.c:595
+msgid "while erasing target cache"
+msgstr "bei Löschen des Zielzwischenspeichers"
+
+#: ../../src/clients/ksu/main.c:615
+#, c-format
+msgid "ksu: permission denied (shell).\n"
+msgstr "ksu: Zugriff verweigert (Shell)\n"
+
+#: ../../src/clients/ksu/main.c:624
+#, c-format
+msgid "ksu: couldn't set environment variable USER\n"
+msgstr "ksu: Umgebungsvariable USER kann nicht gesetzt werden\n"
+
+#: ../../src/clients/ksu/main.c:630
+#, c-format
+msgid "ksu: couldn't set environment variable HOME\n"
+msgstr "ksu: Umgebungsvariable HOME kann nicht gesetzt werden\n"
+
+#: ../../src/clients/ksu/main.c:635
+#, c-format
+msgid "ksu: couldn't set environment variable SHELL\n"
+msgstr "ksu: Umgebungsvariable SHELL kann nicht gesetzt werden\n"
+
+#: ../../src/clients/ksu/main.c:646
+#, c-format
+msgid "ksu: initgroups failed.\n"
+msgstr "ksu: »initgroups« fehlgeschlagen\n"
+
+#: ../../src/clients/ksu/main.c:651
+#, c-format
+msgid "Leaving uid as %s (%ld)\n"
+msgstr "UID bleibt %s (%ld)\n"
+
+#: ../../src/clients/ksu/main.c:654
+#, c-format
+msgid "Changing uid to %s (%ld)\n"
+msgstr "UID wird zu %s (%ld) geändert\n"
+
+#: ../../src/clients/ksu/main.c:680
+msgid "while getting name of target ccache"
+msgstr "beim Holen des Ziel-Ccache-Namens"
+
+#: ../../src/clients/ksu/main.c:700
+#, c-format
+msgid "%s does not have correct permissions for %s, %s aborted"
+msgstr "%s hat nicht die korrekten Rechte für %s, %s wird abgebrochen."
+
+#: ../../src/clients/ksu/main.c:721
+#, c-format
+msgid "Internal error: command %s did not get resolved\n"
+msgstr "Interner Fehler: Befehl %s wurde nicht aufgelöst\n"
+
+#: ../../src/clients/ksu/main.c:738 ../../src/clients/ksu/main.c:774
+#, c-format
+msgid "while trying to execv %s"
+msgstr "beim Versuch von »execv %s«"
+
+#: ../../src/clients/ksu/main.c:764
+msgid "while calling waitpid"
+msgstr "beim Aufruf von »waitpid«"
+
+#: ../../src/clients/ksu/main.c:769
+msgid "while trying to fork."
+msgstr "beim Versuch zu verzweigen."
+
+#: ../../src/clients/ksu/main.c:791
+msgid "while reading cache name from ccache"
+msgstr "beim Lesen des Zwischenspeichernamens aus dem Ccache"
+
+#: ../../src/clients/ksu/main.c:797
+#, c-format
+msgid "ksu: couldn't set environment variable %s\n"
+msgstr "ksu: Umgebungsvariable %s kann nicht gesetzt werden\n"
+
+#: ../../src/clients/ksu/main.c:820
+#, c-format
+msgid "while clearing the value of %s"
+msgstr "beim Leeren des Werts von %s"
+
+#: ../../src/clients/ksu/main.c:828
+msgid "while resetting target ccache name"
+msgstr "beim Zurücksetzen des Ziel-Ccache-Namens"
+
+#: ../../src/clients/ksu/main.c:842
+msgid "while determining target ccache name"
+msgstr "beim Bestimmen des Ziel-Ccache-Namens"
+
+#: ../../src/clients/ksu/main.c:881
+msgid "while generating part of the target ccache name"
+msgstr "beim Erzeugen eines Teils des Ziel-Ccache-Namens"
+
+#: ../../src/clients/ksu/main.c:887
+msgid "while allocating memory for the target ccache name"
+msgstr "beim Reservieren von Speicher für den Ziel-Ccache-Namen"
+
+#: ../../src/clients/ksu/main.c:906
+msgid "while creating new target ccache"
+msgstr "bei Erstellen von neuem Ziel-Ccache"
+
+#: ../../src/clients/ksu/main.c:912
+msgid "while initializing target cache"
+msgstr "beim Initialisieren des Zielzwischenspeichers"
+
+#: ../../src/clients/ksu/main.c:952
+#, c-format
+msgid "terminal name %s too long\n"
+msgstr "Terminal-Name %s ist zu lang.\n"
+
+#: ../../src/clients/ksu/main.c:980
+msgid "while changing to target uid for destroying ccache"
+msgstr "beim Ändern der Ziel-UID für das Zerstören von Ccache"
+
+#: ../../src/clients/kswitch/kswitch.c:44
+#, c-format
+msgid "Usage: %s {-c cache_name | -p principal}\n"
+msgstr "Aufruf: %s {-c Zwischenspeichername | -p Principal}\n"
+
+#: ../../src/clients/kswitch/kswitch.c:46
+#, c-format
+msgid "\t-p specify name of principal\n"
+msgstr "\t-p gibt den Namen des Principals an.\n"
+
+#: ../../src/clients/kswitch/kswitch.c:69
+#, c-format
+msgid "Only one -c or -p option allowed\n"
+msgstr "Nur eine der Optionen -c oder -p ist erlaubt.\n"
+
+#: ../../src/clients/kswitch/kswitch.c:88
+#, c-format
+msgid "One of -c or -p must be specified\n"
+msgstr "Entweder -c oder -p muss angegeben werden.\n"
+
+#: ../../src/clients/kswitch/kswitch.c:110 ../../src/clients/kvno/kvno.c:211
+#: ../../src/clients/kvno/kvno.c:245 ../../src/kadmin/cli/keytab.c:350
+#: ../../src/kadmin/dbutil/kdb5_util.c:576
+#, c-format
+msgid "while parsing principal name %s"
+msgstr "beim Auswerten des Principal-Namens %s"
+
+#: ../../src/clients/kswitch/kswitch.c:124
+msgid "while switching to credential cache"
+msgstr "beim Wechsel auf den Anmeldedatenzwischenspeicher"
+
+#: ../../src/clients/kvno/kvno.c:46
+#, c-format
+msgid "usage: %s [-C] [-u] [-c ccache] [-e etype]\n"
+msgstr "Aufruf: %s [-C] [-u] [-c Ccache] [-e Etype]\n"
+
+#: ../../src/clients/kvno/kvno.c:47
+#, c-format
+msgid "\t[-k keytab] [-S sname] [-U for_user [-P]]\n"
+msgstr "\t[-k Schlüsseltabelle] [-S Sname] [-U für_Benutzer [-P]]\n"
+
+#: ../../src/clients/kvno/kvno.c:48
+#, c-format
+msgid "\tservice1 service2 ...\n"
+msgstr "\tDienst1 Dienst2 …\n"
+
+#: ../../src/clients/kvno/kvno.c:103 ../../src/clients/kvno/kvno.c:111
+#, c-format
+msgid "Options -u and -S are mutually exclusive\n"
+msgstr "Die Optionen -u und -S schließen sich gegenseitig aus.\n"
+
+#: ../../src/clients/kvno/kvno.c:126
+#, c-format
+msgid "Option -P (constrained delegation) requires keytab to be specified\n"
+msgstr ""
+"Die Option -P (eingeschränkte Abtretung) erfordert zur Angabe eine "
+"Schlüsseltabelle.\n"
+
+#: ../../src/clients/kvno/kvno.c:130
+#, c-format
+msgid ""
+"Option -P (constrained delegation) requires option -U (protocol transition)\n"
+msgstr ""
+"Die Option -P (eingeschränkte Abtretung) erfordert die Option -U "
+"(Protokollübergang)\n"
+
+#: ../../src/clients/kvno/kvno.c:175 ../../src/kadmin/cli/kadmin.c:280
+msgid "while initializing krb5 library"
+msgstr "beim Initialisieren der Krb5-Bibliothek"
+
+#: ../../src/clients/kvno/kvno.c:182
+msgid "while converting etype"
+msgstr "bei der Etype-Umwandlung"
+
+#: ../../src/clients/kvno/kvno.c:218
+msgid "while getting client principal name"
+msgstr "beim Holen des Client-Principal-Namens"
+
+#: ../../src/clients/kvno/kvno.c:256
+#, c-format
+msgid "while formatting parsed principal name for '%s'"
+msgstr "beim Formatieren des ausgewerteten Principal-Namens für »%s«"
+
+#: ../../src/clients/kvno/kvno.c:267
+msgid "client and server principal names must match"
+msgstr "Die Principal-Namen von Client und Server müssen übereinstimmen."
+
+#: ../../src/clients/kvno/kvno.c:284
+#, c-format
+msgid "while getting credentials for %s"
+msgstr "beim Holen der Anmeldedaten für %s"
+
+#: ../../src/clients/kvno/kvno.c:291
+#, c-format
+msgid "while decoding ticket for %s"
+msgstr "beim Dekodieren des Tickets für %s"
+
+#: ../../src/clients/kvno/kvno.c:302
+#, c-format
+msgid "while decrypting ticket for %s"
+msgstr "beim Entschlüsseln des Tickets für %s"
+
+#: ../../src/clients/kvno/kvno.c:306
+#, c-format
+msgid "%s: kvno = %d, keytab entry valid\n"
+msgstr "%s: KVNO = %d, Schlüsseltabelleneintrag gültig\n"
+
+#: ../../src/clients/kvno/kvno.c:324
+#, c-format
+msgid "%s: constrained delegation failed"
+msgstr "%s: eingeschränkte Abtretung fehlgeschlagen"
+
+#: ../../src/clients/kvno/kvno.c:330
+#, c-format
+msgid "%s: kvno = %d\n"
+msgstr "%s: KVNO = %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:118
+#, c-format
+msgid ""
+"Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
+"\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n]\n"
+"\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"Aufruf: %s [-r Realm] [-p Principal] [-q Abfrage] [clnt|lokale Argumente]\n"
+"\tclnt Argumente: [-s Admin-Server[:Port]] [[-c Ccache]|\n"
+"\t[-k [-t Schlüsseltabelle]]]|[-n] lokale Argumente: [-x DB-Argumente]*\n"
+"\t[-d Datenbankname] [-e \"enc:Salt …\"] [-m]\n"
+"wobei\n"
+"\t[-x DB-Argumente]* - eine beliebige Anzahl datenbankspezifischer "
+"Argumente\n"
+"\tist. Die unterstützten Argumente finden Sie in den jeweiligen "
+"\tDatenbankdokumentationen\n"
+
+#: ../../src/kadmin/cli/kadmin.c:292 ../../src/kadmin/cli/kadmin.c:333
+#, c-format
+msgid "%s: Cannot initialize. Not enough memory\n"
+msgstr "%s: Zu wenig Speicher zum Initialisieren\n"
+
+#: ../../src/kadmin/cli/kadmin.c:353 ../../src/kadmin/cli/kadmin.c:804
+#: ../../src/kadmin/cli/kadmin.c:1084 ../../src/kadmin/cli/kadmin.c:1634
+#: ../../src/kadmin/cli/keytab.c:159 ../../src/kadmin/dbutil/kdb5_util.c:591
+#, c-format
+msgid "while parsing keysalts %s"
+msgstr "beim Auswerten der Schlüssel-Salts %s"
+
+#: ../../src/kadmin/cli/kadmin.c:376
+#, c-format
+msgid "%s: unable to get default realm\n"
+msgstr "%s: Standard-Realm kann nicht geholt werden\n"
+
+#: ../../src/kadmin/cli/kadmin.c:396
+msgid "while opening default credentials cache"
+msgstr "beim Öffnen des Standardanmeldedatenzwischenspeichers"
+
+#: ../../src/kadmin/cli/kadmin.c:402
+#, c-format
+msgid "while opening credentials cache %s"
+msgstr "beim Öffnen des Anmeldedatenzwischenspeichers %s"
+
+#: ../../src/kadmin/cli/kadmin.c:424 ../../src/kadmin/cli/kadmin.c:479
+#: ../../src/kadmin/cli/kadmin.c:487 ../../src/kadmin/cli/kadmin.c:494
+#, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: Speicherplatz reicht nicht aus\n"
+
+#: ../../src/kadmin/cli/kadmin.c:433 ../../src/kadmin/cli/kadmin.c:448
+#: ../../src/slave/kpropd.c:681
+msgid "while canonicalizing principal name"
+msgstr "während der Principal-Name in die normale Form gebracht wird"
+
+#: ../../src/kadmin/cli/kadmin.c:442
+msgid "creating host service principal"
+msgstr "Principal des Rechnerdienstes wird erstellt"
+
+#: ../../src/kadmin/cli/kadmin.c:455
+#, c-format
+msgid "%s: unable to canonicalize principal\n"
+msgstr "%s: Principal kann nicht in die normale Form gebracht werden\n"
+
+#: ../../src/kadmin/cli/kadmin.c:499
+#, c-format
+msgid "%s: unable to figure out a principal name\n"
+msgstr "%s: Es kann kein Principal-Name herausgefunden werden.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:507
+msgid "while setting up logging"
+msgstr "beim Einrichten der Protokollierung"
+
+#: ../../src/kadmin/cli/kadmin.c:516
+#, c-format
+msgid "Authenticating as principal %s with existing credentials.\n"
+msgstr "Authentifizierung als Principal %s mit existierenden Anmeldedaten\n"
+
+#: ../../src/kadmin/cli/kadmin.c:522
+#, c-format
+msgid "Authenticating as principal %s with password; anonymous requested.\n"
+msgstr ""
+"Authentifizierung als Principal %s mit Passwort; Anonymität erwünscht\n"
+
+#: ../../src/kadmin/cli/kadmin.c:529
+#, c-format
+msgid "Authenticating as principal %s with keytab %s.\n"
+msgstr "Authentifizierung als Principal %s mit Schlüsseltabelle %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:532
+#, c-format
+msgid "Authenticating as principal %s with default keytab.\n"
+msgstr "Authentifizierung als Principal %s mit Standardschlüsseltabelle\n"
+
+#: ../../src/kadmin/cli/kadmin.c:538
+#, c-format
+msgid "Authenticating as principal %s with password.\n"
+msgstr "Authentifizierung als Principal %s mit Passwort\n"
+
+#: ../../src/kadmin/cli/kadmin.c:546 ../../src/slave/kpropd.c:728
+#, c-format
+msgid "while initializing %s interface"
+msgstr "beim Initialisieren der Schnittstelle %s"
+
+#: ../../src/kadmin/cli/kadmin.c:560
+#, c-format
+msgid "while closing ccache %s"
+msgstr "beim Schließen von Ccache %s"
+
+#: ../../src/kadmin/cli/kadmin.c:566
+msgid "while mapping update log"
+msgstr "beim Abbilden des Aktualisierungsprotokolls"
+
+#: ../../src/kadmin/cli/kadmin.c:581
+msgid "while unlocking locked database"
+msgstr "beim Entsperren der Datenbank"
+
+#: ../../src/kadmin/cli/kadmin.c:590
+msgid "Administration credentials NOT DESTROYED.\n"
+msgstr "Verwaltungsanmeldedaten NICHT VERNICHTET\n"
+
+#: ../../src/kadmin/cli/kadmin.c:639
+#, c-format
+msgid "usage: delete_principal [-force] principal\n"
+msgstr "Aufruf: delete_principal [-force] Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:644 ../../src/kadmin/cli/kadmin.c:819
+msgid "while parsing principal name"
+msgstr "beim Auswerten des Principal-Namens"
+
+#: ../../src/kadmin/cli/kadmin.c:650 ../../src/kadmin/cli/kadmin.c:825
+#: ../../src/kadmin/cli/kadmin.c:1217 ../../src/kadmin/cli/kadmin.c:1339
+#: ../../src/kadmin/cli/kadmin.c:1409 ../../src/kadmin/cli/kadmin.c:1858
+#: ../../src/kadmin/cli/kadmin.c:1902 ../../src/kadmin/cli/kadmin.c:1948
+#: ../../src/kadmin/cli/kadmin.c:1988
+msgid "while canonicalizing principal"
+msgstr "während der Principal in die normale Form gebracht wird"
+
+#: ../../src/kadmin/cli/kadmin.c:654
+#, c-format
+msgid "Are you sure you want to delete the principal \"%s\"? (yes/no): "
+msgstr ""
+"Sind Sie sicher, dass Sie den Principal »%s« löschen möchten? (yes/no): "
+
+#: ../../src/kadmin/cli/kadmin.c:658
+#, c-format
+msgid "Principal \"%s\" not deleted\n"
+msgstr "Principal »%s« nicht gelöscht\n"
+
+#: ../../src/kadmin/cli/kadmin.c:665
+#, c-format
+msgid "while deleting principal \"%s\""
+msgstr "beim Löschen von Principal »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:668
+#, c-format
+msgid "Principal \"%s\" deleted.\n"
+msgstr "Principal »%s« gelöscht\n"
+
+#: ../../src/kadmin/cli/kadmin.c:669
+#, c-format
+msgid ""
+"Make sure that you have removed this principal from all ACLs before "
+"reusing.\n"
+msgstr ""
+"Stellen Sie sicher, dass Sie diesen Principal aus allen ACLs entfernt haben, "
+"bevor Sie ihn erneut benutzen.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:686
+#, c-format
+msgid "usage: rename_principal [-force] old_principal new_principal\n"
+msgstr "Aufruf: rename_principal [-force] alter_Principal neuer_Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:693
+msgid "while parsing old principal name"
+msgstr "beim Auswerten des alten Principal-Namens"
+
+#: ../../src/kadmin/cli/kadmin.c:699
+msgid "while parsing new principal name"
+msgstr "beim Auswerten des neuen Principal-Namens"
+
+#: ../../src/kadmin/cli/kadmin.c:705
+msgid "while canonicalizing old principal"
+msgstr "während der alte Principal in die normale Form gebracht wird"
+
+#: ../../src/kadmin/cli/kadmin.c:711
+msgid "while canonicalizing new principal"
+msgstr "während der neue Principal in die normale Form gebracht wird"
+
+#: ../../src/kadmin/cli/kadmin.c:715
+#, c-format
+msgid ""
+"Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): "
+msgstr ""
+"Sind Sie sicher, dass Sie den Principal »%s« in »%s« umbenennen möchten? "
+"(yes/no): "
+
+#: ../../src/kadmin/cli/kadmin.c:719
+#, c-format
+msgid "Principal \"%s\" not renamed\n"
+msgstr "Principal »%s« wurde nicht umbenannt.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:726
+#, c-format
+msgid "while renaming principal \"%s\" to \"%s\""
+msgstr "beim Umbenennen von Principal »%s« in »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:730
+#, c-format
+msgid "Principal \"%s\" renamed to \"%s\".\n"
+msgstr "Principal »%s« wurde in »%s« umbenannt.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:731
+#, c-format
+msgid ""
+"Make sure that you have removed the old principal from all ACLs before "
+"reusing.\n"
+msgstr ""
+"Stellen Sie sicher, dass Sie den alten Principal aus allen ACLs entfernt "
+"haben, bevor Sie ihn erneut benutzen.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:746
+#, c-format
+msgid ""
+"usage: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw password] "
+"principal\n"
+msgstr ""
+"Aufruf: change_password [-randkey] [-keepold] [-e Schlüssel-Salt-Liste] [-pw "
+"Passwort] Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:772
+msgid "change_password: missing db argument"
+msgstr "change_password: fehlendes Datenbankargument"
+
+#: ../../src/kadmin/cli/kadmin.c:778
+#, c-format
+msgid "change_password: Not enough memory\n"
+msgstr "change_password: zu wenig Speicher\n"
+
+#: ../../src/kadmin/cli/kadmin.c:786
+msgid "change_password: missing password arg"
+msgstr "change_password: fehlendes Passwortargument"
+
+#: ../../src/kadmin/cli/kadmin.c:797
+msgid "change_password: missing keysaltlist arg"
+msgstr "change_password: fehlendes Schlüssel-Salt-Listenargument"
+
+#: ../../src/kadmin/cli/kadmin.c:813
+msgid "missing principal name"
+msgstr "fehlender Principal-Name"
+
+#: ../../src/kadmin/cli/kadmin.c:837 ../../src/kadmin/cli/kadmin.c:874
+#, c-format
+msgid "while changing password for \"%s\"."
+msgstr "beim Ändern des Passworts von »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:840 ../../src/kadmin/cli/kadmin.c:877
+#, c-format
+msgid "Password for \"%s\" changed.\n"
+msgstr "Passwort von »%s« geändert\n"
+
+#: ../../src/kadmin/cli/kadmin.c:846 ../../src/kadmin/cli/kadmin.c:1290
+#, c-format
+msgid "while randomizing key for \"%s\"."
+msgstr "beim Erzeugen eines zufälligen Schlüssels für »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:849
+#, c-format
+msgid "Key for \"%s\" randomized.\n"
+msgstr "Es wurde ein zufälliger Schlüssel für %s erzeugt\n"
+
+#: ../../src/kadmin/cli/kadmin.c:854 ../../src/kadmin/cli/kadmin.c:1250
+#, c-format
+msgid "Enter password for principal \"%s\""
+msgstr "Geben Sie das Passwort für Principal »%s« ein."
+
+#: ../../src/kadmin/cli/kadmin.c:856 ../../src/kadmin/cli/kadmin.c:1252
+#, c-format
+msgid "Re-enter password for principal \"%s\""
+msgstr "Geben Sie das Passwort für Principal »%s« erneut ein."
+
+#: ../../src/kadmin/cli/kadmin.c:861 ../../src/kadmin/cli/kadmin.c:1256
+#, c-format
+msgid "while reading password for \"%s\"."
+msgstr "beim Lesen des Passworts von »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:915
+#, c-format
+msgid "Not enough memory\n"
+msgstr "Speicher reicht nicht aus\n"
+
+#: ../../src/kadmin/cli/kadmin.c:945 ../../src/kadmin/dbutil/kdb5_util.c:623
+msgid "while getting time"
+msgstr "beim Holen der Zeit"
+
+#: ../../src/kadmin/cli/kadmin.c:994 ../../src/kadmin/cli/kadmin.c:1007
+#: ../../src/kadmin/cli/kadmin.c:1020 ../../src/kadmin/cli/kadmin.c:1033
+#: ../../src/kadmin/cli/kadmin.c:1546 ../../src/kadmin/cli/kadmin.c:1558
+#: ../../src/kadmin/cli/kadmin.c:1601 ../../src/kadmin/cli/kadmin.c:1618
+#, c-format
+msgid "Invalid date specification \"%s\".\n"
+msgstr "ungültige Datumsangabe »%s«\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1118 ../../src/kadmin/cli/kadmin.c:1333
+#: ../../src/kadmin/cli/kadmin.c:1404 ../../src/kadmin/cli/kadmin.c:1852
+#: ../../src/kadmin/cli/kadmin.c:1896 ../../src/kadmin/cli/kadmin.c:1942
+#: ../../src/kadmin/cli/kadmin.c:1982
+msgid "while parsing principal"
+msgstr "beim Auswerten des Principals"
+
+#: ../../src/kadmin/cli/kadmin.c:1127
+#, c-format
+msgid "usage: add_principal [options] principal\n"
+msgstr "Aufruf: add_principal [Optionen] Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1128 ../../src/kadmin/cli/kadmin.c:1155
+#: ../../src/kadmin/cli/kadmin.c:1657
+#, c-format
+msgid "\toptions are:\n"
+msgstr "\tEs gibt folgende Optionen:\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1130
+#, c-format
+msgid ""
+"\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire "
+"pwexpdate] [-maxlife maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+"\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+"\t\t[-e keysaltlist]\n"
+"\t\t[{+|-}attribute]\n"
+msgstr ""
+"\t\t[-randkey|-nokey] [-x DB-Principal-Argumente]* [-expire Ablaufdatum] [-"
+"pwexpire Passwortablaufdatum] [-maxlife maximale_Ticketlebensdauer]\n"
+"\t\t[-kvno KVNO] [-policy Richtlinie] [-clearpolicy]\n"
+"\t\t[-pw Passwort] [-maxrenewlife maximale_Dauer_bis_zum_Erneuern]\n"
+"\t\t[-e Schlüssel-Salt-Liste]\n"
+"\t\t[{+|-}Attribut]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1136
+#, c-format
+msgid "\tattributes are:\n"
+msgstr "\tEs gibt folgende Attribute:\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1138 ../../src/kadmin/cli/kadmin.c:1164
+#, c-format
+msgid ""
+"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
+"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+"\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+"\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+"\n"
+"where,\n"
+"\t[-x db_princ_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
+"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+"\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+"\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+"\n"
+"wobei\n"
+"\t[-x DB-Principal-Argumente]* - eine beliebige Zahl\n"
+"\tdatenbankspezifischer Argumente ist.\n"
+"\t\t\tDie unterstützten Argumente finden Sie in der jeweiligen\n"
+"Datenbankdokumentation.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1154
+#, c-format
+msgid "usage: modify_principal [options] principal\n"
+msgstr "Aufruf: modify_principal [Optionen] Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1157
+#, c-format
+msgid ""
+"\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife "
+"maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+"\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n"
+msgstr ""
+"\t\t[-x DB-Principal-Argumente]* [-expire Ablaufdatum] [-pwexpire "
+"Passwortablaufdatum] [-maxlife maximale_Ticketlebensdauer]\n"
+"\t\t[-kvno KVNO] [-policy Richtlinie] [-clearpolicy]\n"
+"\t\t[-maxrenewlife maximale_Dauer_bis_zum_Erneuern] [-unlock] [{+|-}"
+"Attribut]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1224 ../../src/kadmin/cli/kadmin.c:1362
+#, c-format
+msgid "WARNING: policy \"%s\" does not exist\n"
+msgstr "WARNUNG: Richtlinie »%s« existiert nicht.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1230
+#, c-format
+msgid "No policy specified for %s; assigning \"default\"\n"
+msgstr ""
+"Für %s wurde keine Richtlinie angegeben, es wird »default« "
+"zugewiesen\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1235
+#, c-format
+msgid "No policy specified for %s; defaulting to no policy\n"
+msgstr ""
+"Für %s wurde keine Richtlinie angegeben, es wird die Vorgabe "
+"»keine\n"
+"Richtlinie« verwandt.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1276
+#, c-format
+msgid "Admin server does not support -nokey while creating \"%s\"\n"
+msgstr ""
+"Der Administrationsrechner unterstützt beim Erstellen von »%s« kein -nokey\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1298
+#, c-format
+msgid "while clearing DISALLOW_ALL_TIX for \"%s\"."
+msgstr "beim Löschen von DISALLOW_ALL_TIX für »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:1345
+#, c-format
+msgid "while getting \"%s\"."
+msgstr "beim Holen von »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:1371
+#, c-format
+msgid "while modifying \"%s\"."
+msgstr "beim Ändern von »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:1375
+#, c-format
+msgid "Principal \"%s\" modified.\n"
+msgstr "Principal »%s« wurde geändert.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1396
+#, c-format
+msgid "usage: get_principal [-terse] principal\n"
+msgstr "Aufruf: get_principal [-terse] Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1415
+#, c-format
+msgid "while retrieving \"%s\"."
+msgstr "beim Abfragen von »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:1420 ../../src/kadmin/cli/kadmin.c:1425
+msgid "while unparsing principal"
+msgstr "beim Rückgängigmachen der Auswertung des Principals"
+
+#: ../../src/kadmin/cli/kadmin.c:1429
+#, c-format
+msgid "Principal: %s\n"
+msgstr "Principal: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1430
+#, c-format
+msgid "Expiration date: %s\n"
+msgstr "Ablaufdatum: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1431 ../../src/kadmin/cli/kadmin.c:1433
+#: ../../src/kadmin/cli/kadmin.c:1444
+msgid "[never]"
+msgstr "[niemals]"
+
+#: ../../src/kadmin/cli/kadmin.c:1432
+#, c-format
+msgid "Last password change: %s\n"
+msgstr "Letzte Passwortänderung: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1434
+#, c-format
+msgid "Password expiration date: %s\n"
+msgstr "Passwortablaufdatum: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1436 ../../src/kadmin/cli/kadmin.c:1478
+msgid "[none]"
+msgstr "[keins]"
+
+#: ../../src/kadmin/cli/kadmin.c:1437
+#, c-format
+msgid "Maximum ticket life: %s\n"
+msgstr "maximale Ticketlebensdauer: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1438
+#, c-format
+msgid "Maximum renewable life: %s\n"
+msgstr "maximale verlängerbare Lebensdauer: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1440
+#, c-format
+msgid "Last modified: %s (%s)\n"
+msgstr "zuletzt geändert: %s (%s)\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1442
+#, c-format
+msgid "Last successful authentication: %s\n"
+msgstr "letzte erfolgreiche Authentifizierung: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1448
+#, c-format
+msgid "Failed password attempts: %d\n"
+msgstr "Fehlgeschlagene Anmeldeversuche: %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1450
+#, c-format
+msgid "Number of keys: %d\n"
+msgstr "Anzahl der Schlüssel: %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1457
+#, c-format
+msgid "<Encryption type 0x%x>"
+msgstr "<Verschlüsselungstyp 0x%x>"
+
+#: ../../src/kadmin/cli/kadmin.c:1464
+#, c-format
+msgid "<Salt type 0x%x>"
+msgstr "<Salt-Typ 0x%x>"
+
+#: ../../src/kadmin/cli/kadmin.c:1470
+#, c-format
+msgid "MKey: vno %d\n"
+msgstr "MKey: vno %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1472
+#, c-format
+msgid "Attributes:"
+msgstr "Attribute:"
+
+#: ../../src/kadmin/cli/kadmin.c:1480
+msgid " [does not exist]"
+msgstr " [existiert nicht]"
+
+#: ../../src/kadmin/cli/kadmin.c:1481
+#, c-format
+msgid "Policy: %s%s\n"
+msgstr "Richtlinie: %s%s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1517
+#, c-format
+msgid "usage: get_principals [expression]\n"
+msgstr "Aufruf: get_principals [Ausdruck]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1522 ../../src/kadmin/cli/kadmin.c:1794
+msgid "while retrieving list."
+msgstr "beim Abfragen der Liste."
+
+#: ../../src/kadmin/cli/kadmin.c:1647
+#, c-format
+msgid "%s: parser lost count!\n"
+msgstr "%s: Auswertungsprogramm verlor Anzahl!\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1656
+#, c-format
+msgid "usage; %s [options] policy\n"
+msgstr "Aufruf: %s [Optionen] Richtlinie\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1659
+#, c-format
+msgid ""
+"\t\t[-maxlife time] [-minlife time] [-minlength length]\n"
+"\t\t[-minclasses number] [-history number]\n"
+"\t\t[-maxfailure number] [-failurecountinterval time]\n"
+"\t\t[-allowedkeysalts keysalts]\n"
+msgstr ""
+"\t\t[-maxlife Zeit] [-minlife Zeit] [-minlength Länge]\n"
+"\t\t[-minclasses Anzahl] [-history Nummer]\n"
+"\t\t[-maxfailure Anzahl] [-failurecountinterval Zeit]\n"
+"\t\t[-allowedkeysalts Schlüssel-Salts]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1663
+#, c-format
+msgid "\t\t[-lockoutduration time]\n"
+msgstr "\t\t[-lockoutduration Dauer]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1682
+#, c-format
+msgid "while creating policy \"%s\"."
+msgstr "beim Erstellen der Richtlinie »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1703
+#, c-format
+msgid "while modifying policy \"%s\"."
+msgstr "beim Ändern der Richtlinie »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1715
+#, c-format
+msgid "usage: delete_policy [-force] policy\n"
+msgstr "Aufruf: delete_policy [-force] Richtlinie\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1719
+#, c-format
+msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): "
+msgstr ""
+"Sind Sie sicher, dass Sie die Richtlinie »%s« löschen möchten? (yes/no): "
+
+#: ../../src/kadmin/cli/kadmin.c:1723
+#, c-format
+msgid "Policy \"%s\" not deleted.\n"
+msgstr "Richtlinie »%s« nicht gelöscht\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1729
+#, c-format
+msgid "while deleting policy \"%s\""
+msgstr "bei Löschen der Richtlinie »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1741
+#, c-format
+msgid "usage: get_policy [-terse] policy\n"
+msgstr "Aufruf: get_policy [-terse] Richtlinie\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1746
+#, c-format
+msgid "while retrieving policy \"%s\"."
+msgstr "beim Abfragen der Richtlinie »%s«."
+
+#: ../../src/kadmin/cli/kadmin.c:1751
+#, c-format
+msgid "Policy: %s\n"
+msgstr "Richtlinie: »%s«\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1752
+#, c-format
+msgid "Maximum password life: %ld\n"
+msgstr "maximale Passwortlebensdauer: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1753
+#, c-format
+msgid "Minimum password life: %ld\n"
+msgstr "minimale Passwortlebensdauer: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1754
+#, c-format
+msgid "Minimum password length: %ld\n"
+msgstr "minimale Passwortlänge: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1755
+#, c-format
+msgid "Minimum number of password character classes: %ld\n"
+msgstr "minimale Anzahl von Passwortzeichenklassen: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1757
+#, c-format
+msgid "Number of old keys kept: %ld\n"
+msgstr "Anzahl aufbewahrter alter Schlüssel: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1758
+#, c-format
+msgid "Maximum password failures before lockout: %lu\n"
+msgstr "maximale Anzahl falscher Passworteingaben vor dem Sperren: %lu\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1760
+#, c-format
+msgid "Password failure count reset interval: %s\n"
+msgstr "Rücksetzintervall für zu viele falsch eingebene Passwörter: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1762
+#, c-format
+msgid "Password lockout duration: %s\n"
+msgstr "Passwortsperrdauer: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1765
+#, c-format
+msgid "Allowed key/salt types: %s\n"
+msgstr "erlaubte Schlüssel-/Salt-Typen: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1789
+#, c-format
+msgid "usage: get_policies [expression]\n"
+msgstr "Aufruf: get_policies [Ausdruck]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1811
+#, c-format
+msgid "usage: get_privs\n"
+msgstr "Aufruf: get_privs\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1816
+msgid "while retrieving privileges"
+msgstr "beim Abfragen von Rechten"
+
+#: ../../src/kadmin/cli/kadmin.c:1819
+#, c-format
+msgid "current privileges:"
+msgstr "aktuelle Rechte:"
+
+#: ../../src/kadmin/cli/kadmin.c:1845
+#, c-format
+msgid "usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal\n"
+msgstr ""
+"Aufruf: purgekeys [-all|-keepkvno älteste_KVNO_die_behalten_wird] Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1865
+#, c-format
+msgid "while purging keys for principal \"%s\""
+msgstr "beim vollständigen Löschen der Schlüssel für Principal »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1870
+#, c-format
+msgid "All keys for principal \"%s\" removed.\n"
+msgstr "Alle Schlüssel für Principal »%s« wurden entfernt.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1872
+#, c-format
+msgid "Old keys for principal \"%s\" purged.\n"
+msgstr "Alte Schlüssel für Principal »%s« wurden entfernt.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1889
+#, c-format
+msgid "usage: get_strings principal\n"
+msgstr "Aufruf: get_strings Principal\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1909
+#, c-format
+msgid "while getting attributes for principal \"%s\""
+msgstr "beim Holen von Attributen für Principal »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1914
+#, c-format
+msgid "(No string attributes.)\n"
+msgstr "(keine Zeichenkettenattribute)\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1933
+#, c-format
+msgid "usage: set_string principal key value\n"
+msgstr "Aufruf: set_string Principal Schlüssel Wert\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1955
+#, c-format
+msgid "while setting attribute on principal \"%s\""
+msgstr "beim Setzen eines Attributes für Principal »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1959
+#, c-format
+msgid "Attribute set for principal \"%s\".\n"
+msgstr "Attribute für Principal »%s« wurden gesetzt.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1974
+#, c-format
+msgid "usage: del_string principal key\n"
+msgstr "Aufruf: del_string Principal Schlüssel\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1995
+#, c-format
+msgid "while deleting attribute from principal \"%s\""
+msgstr "beim Löschen eines Attributs von Principal »%s«"
+
+#: ../../src/kadmin/cli/kadmin.c:1999
+#, c-format
+msgid "Attribute removed from principal \"%s\".\n"
+msgstr "Attribut von Principal »%s« wurde gelöscht.\n"
+
+#: ../../src/kadmin/cli/keytab.c:56
+#, c-format
+msgid ""
+"Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] "
+"[principal | -glob princ-exp] [...]\n"
+msgstr ""
+"Aufruf: ktadd [-k[eytab] Schlüsseltabelle] [-q] [-e Schlüssel-Salt-Liste] [-"
+"norandkey] [Principal | -glob Principal-Ausdruck] […]\n"
+
+#: ../../src/kadmin/cli/keytab.c:59
+#, c-format
+msgid ""
+"Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [principal | -glob "
+"princ-exp] [...]\n"
+msgstr ""
+"Aufruf: ktadd [-k[eytab] Schlüsseltabelle] [-q] [-e Schlüssel-Salt-Liste] "
+"[Principal | -glob Principal-Ausdruck] […]\n"
+
+#: ../../src/kadmin/cli/keytab.c:67
+#, c-format
+msgid ""
+"Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n"
+msgstr ""
+"Aufruf: ktremove [-k[eytab] Schlüsseltabelle] [-q] Principal "
+"[kvno|»all«|»old«]\n"
+
+#: ../../src/kadmin/cli/keytab.c:81 ../../src/kadmin/cli/keytab.c:102
+msgid "while creating keytab name"
+msgstr "beim Erstellen des Schlüsseltabellennamens"
+
+#: ../../src/kadmin/cli/keytab.c:86
+msgid "while opening default keytab"
+msgstr "beim Öffnen der Standardschlüsseltabelle"
+
+#: ../../src/kadmin/cli/keytab.c:147
+#, c-format
+msgid "-norandkey option only valid for kadmin.local\n"
+msgstr "Die Option »-norandkey« ist nur für »kadmin.local« gültig.\n"
+
+#: ../../src/kadmin/cli/keytab.c:176
+#, c-format
+msgid "cannot specify keysaltlist when not changing key\n"
+msgstr ""
+"Schlüssel-Salt-Liste kann nicht angegeben werden, wenn der Schlüssel nicht "
+"geändert wird\n"
+
+#: ../../src/kadmin/cli/keytab.c:192
+#, c-format
+msgid "while expanding expression \"%s\"."
+msgstr "beim Expandieren des Ausdrucks »%s«."
+
+#: ../../src/kadmin/cli/keytab.c:211 ../../src/kadmin/cli/keytab.c:251
+msgid "while closing keytab"
+msgstr "beim Schließen der Schlüsseltabelle"
+
+#: ../../src/kadmin/cli/keytab.c:275
+#, c-format
+msgid "while parsing -add principal name %s"
+msgstr "beim Auswerten von »-add Principal-Name %s«"
+
+#: ../../src/kadmin/cli/keytab.c:289
+#, c-format
+msgid "%s: Principal %s does not exist.\n"
+msgstr "%s: Principal %s existiert nicht.\n"
+
+#: ../../src/kadmin/cli/keytab.c:292
+#, c-format
+msgid "while changing %s's key"
+msgstr "beim Ändern des Schlüssels von %s"
+
+#: ../../src/kadmin/cli/keytab.c:299
+msgid "while retrieving principal"
+msgstr "beim Abfragen des Principals"
+
+#: ../../src/kadmin/cli/keytab.c:311
+msgid "while adding key to keytab"
+msgstr "beim Hinzufügen des Schlüssels zur Schlüsseltabelle"
+
+#: ../../src/kadmin/cli/keytab.c:317
+#, c-format
+msgid ""
+"Entry for principal %s with kvno %d, encryption type %s added to keytab %s.\n"
+msgstr ""
+"Der Eintrag für Principal %s mit KVNO %d und Verschlüsselungstyp %s wurde "
+"der Schlüsseltabelle %s hinzugefügt.\n"
+
+#: ../../src/kadmin/cli/keytab.c:326
+msgid "while freeing principal entry"
+msgstr "beim Freigeben des Principal-Eintrags"
+
+#: ../../src/kadmin/cli/keytab.c:373
+#, c-format
+msgid "%s: Keytab %s does not exist.\n"
+msgstr "%s: Schlüsseltabelle %s existiert nicht.\n"
+
+#: ../../src/kadmin/cli/keytab.c:377
+#, c-format
+msgid "%s: No entry for principal %s exists in keytab %s\n"
+msgstr ""
+"%s: Für Principal %s existiert kein Eintrag in der Schlüsseltabelle %s.\n"
+
+#: ../../src/kadmin/cli/keytab.c:381
+#, c-format
+msgid "%s: No entry for principal %s with kvno %d exists in keytab %s\n"
+msgstr ""
+"%s: Für den Principal %s mit der KVNO %d existiert kein Eintrag in der "
+"Schlüsseltabelle %s.\n"
+
+#: ../../src/kadmin/cli/keytab.c:387
+msgid "while retrieving highest kvno from keytab"
+msgstr "beim Abfragen der höchsten KVNO der Schlüsseltabelle"
+
+#: ../../src/kadmin/cli/keytab.c:420
+msgid "while temporarily ending keytab scan"
+msgstr "beim Unterbrechen des Schlüsseltabellen-Scans"
+
+#: ../../src/kadmin/cli/keytab.c:425
+msgid "while deleting entry from keytab"
+msgstr "beim Löschen eines Eintrags aus der Schlüsseltabelle"
+
+#: ../../src/kadmin/cli/keytab.c:430
+msgid "while restarting keytab scan"
+msgstr "bei der Wiederaufnahme des Schlüsseltabellen-Scans"
+
+#: ../../src/kadmin/cli/keytab.c:436
+#, c-format
+msgid "Entry for principal %s with kvno %d removed from keytab %s.\n"
+msgstr ""
+"Der Eintrag für Principal %s mit KVNO %d wurde aus der Schlüsseltabelle %s "
+"entfernt.\n"
+
+#: ../../src/kadmin/cli/keytab.c:458
+#, c-format
+msgid "%s: There is only one entry for principal %s in keytab %s\n"
+msgstr ""
+"%s: Es gibt nur einen Eintrag für Principal %s in der Schlüsseltabelle %s.\n"
+
+#: ../../src/kadmin/cli/ss_wrapper.c:49 ../../src/kadmin/ktutil/ktutil.c:58
+msgid "creating invocation"
+msgstr "Aufruf wird erstellt"
+
+#: ../../src/kadmin/dbutil/dump.c:165
+msgid "while allocating temporary filename dump"
+msgstr "beim Reservieren des temporären Dateinamenspeicherauszugs"
+
+#: ../../src/kadmin/dbutil/dump.c:176
+msgid "while renaming dump file into place"
+msgstr "während das Umbenennen der Auszugsdateien Gestalt annimmt"
+
+#: ../../src/kadmin/dbutil/dump.c:192
+msgid "while allocating dump_ok filename"
+msgstr "beim Reservieren des »dump_ok«-Dateinamens"
+
+#: ../../src/kadmin/dbutil/dump.c:199
+#, c-format
+msgid "while creating 'ok' file, '%s'"
+msgstr "beim Erstellen der Datei »ok«, »%s«"
+
+#: ../../src/kadmin/dbutil/dump.c:206
+#, c-format
+msgid "while locking 'ok' file, '%s'"
+msgstr "beim Sperren der Datei »ok«, »%s«"
+
+#: ../../src/kadmin/dbutil/dump.c:248 ../../src/kadmin/dbutil/dump.c:277
+#, c-format
+msgid "%s: regular expression error: %s\n"
+msgstr "%s: Fehler im regulären Ausdruck: %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:260
+#, c-format
+msgid "%s: regular expression match error: %s\n"
+msgstr "%s: Fehler beim Abgleich mit regulärem Ausdruck: %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:361
+#, c-format
+msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
+msgstr ""
+"%s: Unstimmigkeit in der markierten Datenliste für %s (%d gezählt, %d "
+"gespeichert)\n"
+
+#: ../../src/kadmin/dbutil/dump.c:519
+#, c-format
+msgid ""
+"Warning!  Multiple DES-CBC-CRC keys for principal %s; skipping duplicates.\n"
+msgstr ""
+"Warnung! Mehrere DES-CBC-CRC-Schlüssel für Principal %s, Duplikate werden "
+"übersprungen.\n"
+
+#: ../../src/kadmin/dbutil/dump.c:530
+#, c-format
+msgid ""
+"Warning!  No DES-CBC-CRC key for principal %s, cannot generate OV-compatible "
+"record; skipping\n"
+msgstr ""
+"Warnung! Kein DES-CBC-CRC-Schlüssel für Principal %s, es kann kein OV-"
+"kompatibler Datensatz erzeugt werden, wird übersprungen\n"
+
+#: ../../src/kadmin/dbutil/dump.c:558
+#, c-format
+msgid "while converting %s to new master key"
+msgstr "beim Umwandeln von %s in den neuen Hauptschlüssel"
+
+#: ../../src/kadmin/dbutil/dump.c:579
+#, c-format
+msgid "%s(%d): %s\n"
+msgstr "%s(%d): %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:622
+#, c-format
+msgid "%s(%d): ignoring trash at end of line: "
+msgstr "%s(%d): Müll am Zeilenende wird ignoriert: "
+
+#: ../../src/kadmin/dbutil/dump.c:685
+msgid "cannot read tagged data type and length"
+msgstr "Markierter Datentyp und Länge können nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:692
+msgid "cannot read tagged data contents"
+msgstr "Inhalt der markierten Daten kann nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:726
+msgid "cannot match size tokens"
+msgstr "Größenmerkmale können nicht zugeordnet werden."
+
+#: ../../src/kadmin/dbutil/dump.c:755
+msgid "cannot read name string"
+msgstr "Namenszeichenkette kann nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:760
+#, c-format
+msgid "while parsing name %s"
+msgstr "beim Auswerten des Namens %s"
+
+#: ../../src/kadmin/dbutil/dump.c:768
+msgid "cannot read principal attributes"
+msgstr "Principal-Attribute können nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:821
+msgid "cannot read key size and version"
+msgstr "Schlüssellänge und -version können nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:832
+msgid "cannot read key type and length"
+msgstr "Schlüsseltyp und -länge können nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:838
+msgid "cannot read key data"
+msgstr "Schlüsseldaten können nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:848
+msgid "cannot read extra data"
+msgstr "Zusätzliche Daten können nicht gelesen werden."
+
+#: ../../src/kadmin/dbutil/dump.c:857
+#, c-format
+msgid "while storing %s"
+msgstr "beim Speichern von %s"
+
+#: ../../src/kadmin/dbutil/dump.c:896 ../../src/kadmin/dbutil/dump.c:935
+#: ../../src/kadmin/dbutil/dump.c:981
+#, c-format
+msgid "cannot parse policy (%d read)\n"
+msgstr "Richtlinie kann nicht ausgewertet werden (%d gelesen)\n"
+
+#: ../../src/kadmin/dbutil/dump.c:904 ../../src/kadmin/dbutil/dump.c:943
+#: ../../src/kadmin/dbutil/dump.c:1001
+msgid "while creating policy"
+msgstr "beim Erstellen der Richtlinie"
+
+#: ../../src/kadmin/dbutil/dump.c:908
+#, c-format
+msgid "created policy %s\n"
+msgstr "erstellte Richtlinie %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1038
+#, c-format
+msgid "unknown record type \"%s\"\n"
+msgstr "unbekannter Datensatztyp »%s«\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1167
+#, c-format
+msgid "%s: Unknown iprop dump version %d\n"
+msgstr "%s: unbekannte Iprop-Auszugsversion %d\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1270 ../../src/kadmin/dbutil/dump.c:1498
+#, c-format
+msgid "Iprop not enabled\n"
+msgstr "Iprop nicht aktiviert\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1308
+msgid "Conditional dump is an undocumented option for use only for iprop dumps"
+msgstr ""
+"Bedingter Auszug ist eine nicht dokumentierte Option, die nur für Iprop-"
+"Auszüge benutzt wird."
+
+#: ../../src/kadmin/dbutil/dump.c:1321
+msgid "Database not currently opened!"
+msgstr "Die Datenbank ist zur Zeit nicht geöffnet!"
+
+#: ../../src/kadmin/dbutil/dump.c:1335
+#: ../../src/kadmin/dbutil/kdb5_stash.c:116
+#: ../../src/kadmin/dbutil/kdb5_util.c:479
+msgid "while reading master key"
+msgstr "beim Lesen des Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/dump.c:1341
+msgid "while verifying master key"
+msgstr "beim Prüfen des Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/dump.c:1360 ../../src/kadmin/dbutil/dump.c:1370
+msgid "while reading new master key"
+msgstr "beim Lesen des neuen Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/dump.c:1364
+#, c-format
+msgid "Please enter new master key....\n"
+msgstr "Bitte geben Sie den neuen Hauptschlüssel ein …\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1388
+#, c-format
+msgid "while opening %s for writing"
+msgstr "beim Öffnen von %s zum Schreiben"
+
+#: ../../src/kadmin/dbutil/dump.c:1403
+msgid "while reading update log header"
+msgstr "beim Lesen der Aktualisierungsprotokollkopfzeilen"
+
+#: ../../src/kadmin/dbutil/dump.c:1418 ../../src/kadmin/dbutil/dump.c:1425
+#, c-format
+msgid "performing %s dump"
+msgstr "Auszug von %s wird durchgeführt"
+
+#: ../../src/kadmin/dbutil/dump.c:1455
+#, c-format
+msgid "%s: error processing line %d of %s\n"
+msgstr "%s: Fehler beim Verarbeiten von Zeile %d von %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1507
+msgid "while parsing options"
+msgstr "beim Auswerten der Optionen"
+
+#: ../../src/kadmin/dbutil/dump.c:1522
+#, c-format
+msgid "while opening %s"
+msgstr "beim Öffnen von %s"
+
+#: ../../src/kadmin/dbutil/dump.c:1527 ../../src/kadmin/dbutil/dump.c:1626
+msgid "standard input"
+msgstr "Standardeingabe"
+
+#: ../../src/kadmin/dbutil/dump.c:1532
+#, c-format
+msgid "%s: can't read dump header in %s\n"
+msgstr "%s: Kopfzeilen des Auszugs in %s können nicht gelesen werden.\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1540 ../../src/kadmin/dbutil/dump.c:1557
+#, c-format
+msgid "%s: dump header bad in %s\n"
+msgstr "%s: falsche Kopfzeilen des Auszugs in %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1566
+#, c-format
+msgid "Could not open iprop ulog\n"
+msgstr "Iprop-Ulog kann nicht geöffnet werden.\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1571
+#, c-format
+msgid "%s: dump version %s can only be loaded with the -update flag\n"
+msgstr ""
+"%s: Die Auszugsversion %s kann nur mit dem Schalter -update geladen werden.\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1580 ../../src/kadmin/dbutil/dump.c:1585
+msgid "computing parameters for database"
+msgstr "Parameter für die Datenbank werden berechnet."
+
+#: ../../src/kadmin/dbutil/dump.c:1591
+msgid "while creating database"
+msgstr "beim Erstellen der Datenbank"
+
+#: ../../src/kadmin/dbutil/dump.c:1600
+msgid "while opening database"
+msgstr "beim Öffnen der Datenbank"
+
+#: ../../src/kadmin/dbutil/dump.c:1610
+msgid "while permanently locking database"
+msgstr "beim dauerhaften Sperren der Datenbank"
+
+#: ../../src/kadmin/dbutil/dump.c:1628
+#, c-format
+msgid "%s: %s restore failed\n"
+msgstr "%s: Wiederherstellen von %s fehlgeschlagen\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1633
+msgid "while unlocking database"
+msgstr "beim Aufheben der Datenbanksperre"
+
+#: ../../src/kadmin/dbutil/dump.c:1643 ../../src/kadmin/dbutil/dump.c:1662
+msgid "while reinitializing update log"
+msgstr "beim erneuten Initialisieren des Aktualisierungsprotokolls"
+
+#: ../../src/kadmin/dbutil/dump.c:1653
+msgid "while making newly loaded database live"
+msgstr "beim Aktivieren der neu geladenen Datenbank"
+
+#: ../../src/kadmin/dbutil/dump.c:1669
+msgid "while writing update log header"
+msgstr "beim Schreiben der Aktualisierungsprotokollkopfzeilen"
+
+#: ../../src/kadmin/dbutil/dump.c:1683
+#, c-format
+msgid "while deleting bad database %s"
+msgstr "beim Löschen der falschen Datenbank %s"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:84
+msgid "while looking up the Kerberos configuration"
+msgstr "beim Nachschlagen der Kerberos-Konfiguration"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:111
+msgid "while initializing the Kerberos admin interface"
+msgstr "beim Initialisieren der Kerberos-Administrationsoberfläche"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:169
+#, c-format
+msgid "getaddrinfo(%s): Cannot determine canonical hostname.\n"
+msgstr ""
+"getaddrinfo(%s): Die Normalform des Rechnernamens kann nicht bestimmt "
+"werden.\n"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:190
+#: ../../src/kadmin/dbutil/kadm5_create.c:196
+#, c-format
+msgid "Out of memory\n"
+msgstr "Speicherplatz reicht nicht aus.\n"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:270
+msgid "while appending realm to principal"
+msgstr "beim Anhängen des Realms an den Principal"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:275
+msgid "while parsing admin principal name"
+msgstr "beim Auswerten des Principal-Namens des Administrators"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:286
+#, c-format
+msgid "while creating principal %s"
+msgstr "beim Erstellen des Principals %s"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:175
+#: ../../src/kadmin/dbutil/kdb5_util.c:241
+#: ../../src/kadmin/dbutil/kdb5_util.c:248
+msgid "while parsing command arguments\n"
+msgstr "beim Auswerten der Befehlsargumente\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:198
+#, c-format
+msgid "Loading random data\n"
+msgstr "Zufällige Daten werden geladen.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:201
+msgid "Loading random data"
+msgstr "Zufällige Daten werden geladen."
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:211
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:242
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:435
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:591
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1149
+#: ../../src/kadmin/dbutil/kdb5_util.c:423
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:606
+msgid "while setting up master key name"
+msgstr "beim Einrichten des Hauptschlüsselnamens"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:222
+#, c-format
+msgid ""
+"Initializing database '%s' for realm '%s',\n"
+"master key name '%s'\n"
+msgstr ""
+"Datenbank »%s« für Realm »%s« wird initialisiert,\n"
+"Hauptschlüsselname »%s«\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:227
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:516
+#, c-format
+msgid "You will be prompted for the database Master Password.\n"
+msgstr "Sie werden nach dem Master-Passwort der Datenbank gefragt.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:228
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:260
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:517
+#, c-format
+msgid "It is important that you NOT FORGET this password.\n"
+msgstr "Es ist wichtig, dass Sie dieses Passwort NICHT VERGESSEN.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:234
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:266
+msgid "while creating new master key"
+msgstr "beim Erstellen des neuen Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:242
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:527
+msgid "while reading master key from keyboard"
+msgstr "beim Lesen des Hauptschlüssels von der Tastatur"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:252
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:285
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:618
+msgid "while calculating master key salt"
+msgstr "beim Berechnen des Hauptschlüssel-Salts"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:260
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:294
+#: ../../src/kadmin/dbutil/kdb5_util.c:465
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:630
+msgid "while transforming master key from password"
+msgstr "beim Umwandeln des Hauptschlüssels vom Passwort"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:270
+msgid "while initializing random key generator"
+msgstr "beim Initialisieren des Zufallsschlüsselgenerators"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:275
+#, c-format
+msgid "while creating database '%s'"
+msgstr "beim Erstellen der Datenbank »%s«"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:293
+msgid "while creating update log"
+msgstr "beim Erstellen des Aktualisierungsprotokolls"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:304
+msgid "while initializing update log"
+msgstr "beim Initialisieren des Aktualisierungsprotokolls"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:320
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:642
+msgid "while adding entries to the database"
+msgstr "beim Hinzufügen von Einträgen in die Datenbank"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:348
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:339
+#: ../../src/kadmin/dbutil/kdb5_stash.c:133
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:667
+msgid "while storing key"
+msgstr "beim Speichern des Schlüssels"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:349
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:340
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:668
+#, c-format
+msgid "Warning: couldn't stash master key.\n"
+msgstr "Warnung: Hauptschlüssel kann nicht gelagert werden.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:57
+msgid "while initializing krb5_context"
+msgstr "beim Initialisieren von »krb5_context«"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:63
+#: ../../src/kadmin/dbutil/kdb5_util.c:259
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:291
+msgid "while setting default realm name"
+msgstr "beim Einstellen des Standard-Realm-Namens"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:83
+#, c-format
+msgid "Deleting KDC database stored in '%s', are you sure?\n"
+msgstr ""
+"Die in »%s« gespeicherte KDC-Datenbank wird gelöscht. Sind Sie sicher?\n"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:85
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1166
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1482
+#, c-format
+msgid "(type 'yes' to confirm)? "
+msgstr "(Geben Sie als Bestätigung »yes« ein)? "
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:92
+#, c-format
+msgid "OK, deleting database '%s'...\n"
+msgstr "OK, Datenbank »%s« wird gelöscht …\n"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:97
+#, c-format
+msgid "deleting database '%s'"
+msgstr "Datenbank »%s« wird gelöscht."
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:106
+#, c-format
+msgid "** Database '%s' destroyed.\n"
+msgstr "** Datenbank »%s« vernichtet\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:218
+#, c-format
+msgid "%s is an invalid enctype"
+msgstr "%s ist ein ungültiger Verschlüsselungstyp"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:250
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:443
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:599
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:986
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1157
+#, c-format
+msgid "while getting master key principal %s"
+msgstr "beim Holen des Hauptschlüssels von Principal %s"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:256
+#, c-format
+msgid "Creating new master key for master key principal '%s'\n"
+msgstr ""
+"Es wird ein neuer Hauptschlüssel für den Hauptschlüssel-Principal »%s« "
+"erstellt.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:259
+#, c-format
+msgid "You will be prompted for a new database Master Password.\n"
+msgstr "Sie werden nach einem neuen Datenbank-Master-Passwort gefragt.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:275
+msgid "while reading new master key from keyboard"
+msgstr "beim Lesen des neuen Hauptschlüssels von der Tastatur"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:304
+msgid "adding new master key to master principal"
+msgstr "dem Haupt-Principal wird ein neuer Hauptschlüssel hinzugefügt"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:310
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:402
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:843
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1356
+msgid "while getting current time"
+msgstr "beim Holen der aktuellen Zeit"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:317
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:544
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1363
+msgid "while updating the master key principal modification time"
+msgstr "beim Aktulisieren der Änderungszeit des Hauptschlüssel-Principals"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:325
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:553
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1374
+msgid "while adding master key entry to the database"
+msgstr "beim Hinzufügen des Hauptschlüsseleintrags zur Datenbank"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:383
+msgid "0 is an invalid KVNO value"
+msgstr "0 ist kein gültiger KVNO-Wert"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:394
+#, c-format
+msgid "%d is an invalid KVNO value"
+msgstr "%d ist kein gültiger KVNO-Wert"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:410
+#, c-format
+msgid "could not parse date-time string '%s'"
+msgstr "»date-time«-Zeichenkette »%s« konnte nicht ausgewertet werden"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:452
+msgid "while looking up active version of master key"
+msgstr "beim Nachschlagen der aktiven Version des Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:491
+msgid "while adding new master key"
+msgstr "beim Hinzufügen eines neuen Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:529
+msgid "there must be one master key currently active"
+msgstr "ein Hauptschlüssel muss derzeit aktiv sein"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:537
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1342
+msgid "while updating actkvno data for master principal entry"
+msgstr "beim Aktualisieren der Actkvno-Daten für den Haupt-Principal-Eintrag"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:581
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:948
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1116
+msgid "master keylist not initialized"
+msgstr "Hauptschlüsselliste ist nicht initialisiert"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:607
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:994
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1254
+msgid "while looking up active kvno list"
+msgstr "beim Nachschlagen der Liste aktiver KVNOs"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:615
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1002
+msgid "while looking up active master key"
+msgstr "beim Nachschlagen des aktiven Hauptschlüssels"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:627
+msgid "while getting enctype description"
+msgstr "beim Holen des Verschlüsselungsbeschreibung"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:644
+#, c-format
+msgid "KVNO: %d, Enctype: %s, Active on: %s *\n"
+msgstr "KVNO: %d, Verschlüsselungstyp: %s, aktiviert auf: %s *\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:649
+#, c-format
+msgid "KVNO: %d, Enctype: %s, Active on: %s\n"
+msgstr "KVNO: %d, Verschlüsselungstyp: %s, aktiviert auf: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:653
+#, c-format
+msgid "KVNO: %d, Enctype: %s, No activate time set\n"
+msgstr "KVNO: %d, Verschlüsselungstyp: %s, keine Aktivierungszeit gesetzt\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:658
+msgid "asprintf could not allocate enough memory to hold output"
+msgstr ""
+"Asprintf konnte nicht genug Speicher reservieren, um die Ausgabe "
+"bereitzuhalten"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:793
+msgid "getting string representation of principal name"
+msgstr "Principal-Name wird im Klartext geholt"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:817
+#, c-format
+msgid "determining master key used for principal '%s'"
+msgstr "Hauptschlüssel, der für Principal »%s« benutzt wird, wird bestimmt"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:823
+#, c-format
+msgid "would skip:   %s\n"
+msgstr "würde übersprungen:   %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:825
+#, c-format
+msgid "skipping: %s\n"
+msgstr "wird übersprungen: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:831
+#, c-format
+msgid "would update: %s\n"
+msgstr "würde aktualisiert: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:835
+#, c-format
+msgid "updating: %s\n"
+msgstr "wird aktualisiert: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:839
+#, c-format
+msgid "error re-encrypting key for principal '%s'"
+msgstr "Fehler beim erneuten Verschlüsseln des Schlüssels für Principal »%s«"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:850
+#, c-format
+msgid "while updating principal '%s' modification time"
+msgstr "beim Aktualisieren der Änderungszeit von Principal »%s«"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:857
+#, c-format
+msgid "while updating principal '%s' key data in the database"
+msgstr ""
+"beim Aktualisieren der Schlüsseldaten von Principal »%s« in der Datenbank"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:889
+#, c-format
+msgid ""
+"\n"
+"(type 'yes' to confirm)? "
+msgstr ""
+"\n"
+"(Geben Sie als Bestätigung »yes« ein) "
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:942
+msgid "while formatting master principal name"
+msgstr "beim Formatieren des Haupt-Principal-Namens"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:959
+#, c-format
+msgid "converting glob pattern '%s' to regular expression"
+msgstr "Platzhalter »%s« wird in einen regulären Ausdruck umgewandelt"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:977
+#, c-format
+msgid "error compiling converted regexp '%s'"
+msgstr "Fehler beim Kompilieren des umgewandelten regulären Ausdrucks »%s«"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1010
+#, c-format
+msgid "Re-encrypt all keys not using master key vno %u?"
+msgstr ""
+"Sollen alle Schlüssel neu verschlüsselt werden, die nicht die Hauptschlüssel-"
+"VNO %u verwenden?"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1012
+#, c-format
+msgid "OK, doing nothing.\n"
+msgstr "Ok, es wird nichts getan.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1018
+#, c-format
+msgid "Principals whose keys WOULD BE re-encrypted to master key vno %u:\n"
+msgstr ""
+"Principals, deren Schlüssel mit dem Hauptschlüssel VNO %u neu verschlüsselt "
+"WÃœRDEN:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1021
+#, c-format
+msgid ""
+"Principals whose keys are being re-encrypted to master key vno %u if "
+"necessary:\n"
+msgstr ""
+"Principals, deren Schlüssel mit dem Hauptschlüssel VNO %u neu verschlüsselt "
+"werden, falls nötig:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1037
+msgid "trying to process principal database"
+msgstr "es wird versucht, die Principal-Datenbank zu verarbeiten"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1042
+#, c-format
+msgid "%u principals processed: %u would be updated, %u already current\n"
+msgstr ""
+"%u Principals verarbeitet: %u würden aktualisiert, %u bereits aktuell\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1046
+#, c-format
+msgid "%u principals processed: %u updated, %u already current\n"
+msgstr "%u Principals verarbeitet: %u aktualisiert, %u bereits aktuell\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1164
+#, c-format
+msgid ""
+"Will purge all unused master keys stored in the '%s' principal, are you "
+"sure?\n"
+msgstr ""
+"Sind Sie sicher, dass alle nicht verwendeten Hauptschlüssel, die für "
+"Principal »%s« gespeichert sind, vollständig entfernt werden sollen?\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1175
+#, c-format
+msgid "OK, purging unused master keys from '%s'...\n"
+msgstr ""
+"Ok, die nicht verwendeten Hauptschlüssel von »%s« werden vollständig "
+"entfernt …\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1183
+#, c-format
+msgid "There is only one master key which can not be purged.\n"
+msgstr ""
+"Es gibt nur einen einzigen Hauptschlüssel, der nicht vollständig entfernt "
+"werden kann.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1192
+msgid "while allocating args.kvnos"
+msgstr "beim Reservieren von »args.kvnos«"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1208
+msgid "while finding master keys in use"
+msgstr "bei der Suche nach den gerade verwendeten Hauptschlüsseln"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1217
+#, c-format
+msgid "Would purge the following master key(s) from %s:\n"
+msgstr ""
+"Der/Die folgende(n) Hauptschlüssel würden/würde von %s vollständig "
+"entfernt:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1220
+#, c-format
+msgid "Purging the following master key(s) from %s:\n"
+msgstr ""
+"Der/Die folgende(n) Hauptschlüssel werden/wird von %s vollständig entfernt:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1232
+msgid "master key stash file needs updating, command aborting"
+msgstr ""
+"Ablagedatei des Hauptschlüssels erfordert Aktualisierung, Befehl abgebrochen"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1238
+#, c-format
+msgid "KVNO: %d\n"
+msgstr "KVNO: %d\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1243
+#, c-format
+msgid "All keys in use, nothing purged.\n"
+msgstr "Alle Schlüssel sind in Gebrauch, keiner wurde vollständig entfernt.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1248
+#, c-format
+msgid "%d key(s) would be purged.\n"
+msgstr "%d Schlüssel würde(n) vollständig entfernt.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1261
+msgid "while looking up mkey aux data list"
+msgstr "beim Nachschlagen der Mkey-Aux-Datenliste"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1269
+msgid "while allocating key_data"
+msgstr "beim Reservieren von »key_data«"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1350
+msgid "while updating mkey_aux data for master principal entry"
+msgstr "beim Aktualisieren der Mkey-Aux-Daten für den Haupt-Principal-Eintrag"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1378
+#, c-format
+msgid "%d key(s) purged.\n"
+msgstr "%d Schlüssel vollständig entfernt\n"
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:97
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:538
+#, c-format
+msgid "while setting up enctype %d"
+msgstr "beim Einrichten des Verschlüsselungstyps %d"
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:123
+msgid "while getting master key list"
+msgstr "beim Holen der Hauptschlüsselliste"
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:127
+#, c-format
+msgid "Using existing stashed keys to update stash file.\n"
+msgstr ""
+"Zur Aktualisierung der Ablagedatei werden existierende gelagert Schlüssel "
+"verwendet.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:80
+#, c-format
+msgid ""
+"Usage: kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M "
+"mkeyname]\n"
+"\t        [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n"
+"\tcreate  [-s]\n"
+"\tdestroy [-f]\n"
+"\tstash   [-f keyfile]\n"
+"\tdump    [-old|-ov|-b6|-b7|-r13|-r18] [-verbose]\n"
+"\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
+"\t        [-rev] [-recurse] [filename [princs...]]\n"
+"\tload    [-old|-ov|-b6|-b7|-r13|-r18] [-verbose] [-update] filename\n"
+"\tark     [-e etype_list] principal\n"
+"\tadd_mkey [-e etype] [-s]\n"
+"\tuse_mkey kvno [time]\n"
+"\tlist_mkeys\n"
+msgstr ""
+"Aufruf: kdb5_util [-x Datenbankargumente]* [-r Realm] [-d Datenbankname] [-k "
+"Mkeytype] [-M Mkeyname]\n"
+"\t        [-kv MkeyVNO] [-sf Ablagedateiname] [-m] Befehl [Befehlsoptionen]\n"
+"\tcreate  [-s]\n"
+"\tdestroy [-f]\n"
+"\tstash   [-f Schlüsseldatei]\n"
+"\tdump    [-old|-ov|-b6|-b7|-r13|-r18] [-verbose]\n"
+"\t        [-mkey_convert] [-new_mkey_file mkey-Datei]\n"
+"\t        [-rev] [-recurse] [Dateiname [Principals …]]\n"
+"\tload    [-old|-ov|-b6|-b7|-r13|-r18] [-verbose] [-update] Dateiname\n"
+"\tark     [-e Etype-Liste] Principal\n"
+"\tadd_mkey [-e Etype] [-s]\n"
+"\tuse_mkey kvno [Zeit]\n"
+"\tlist_mkeys\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:98
+#, c-format
+msgid ""
+"\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
+"\tpurge_mkeys [-f] [-n] [-v]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"\tupdate_princ_encryption [-f] [-n] [-v] [Principal-Muster]\n"
+"\tpurge_mkeys [-f] [-n] [-v]\n"
+"\n"
+"dabei sind\n"
+"\t[-x Datenbankargumente]* - eine beliebige Anzahl datenbankspezifischer "
+"Argumente.\n"
+"\t\t\tWelche Argumente unterstützt werden, finden Sie in der Dokumentation "
+"der jeweiligen Datenbank.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:211
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:260
+msgid "while initializing Kerberos code"
+msgstr "beim Initialisieren von Kerberos-Code"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:217
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:267
+msgid "while creating sub-command arguments"
+msgstr "beim Erstellen von Unterbefehlsargumenten"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:235
+msgid "while parsing command arguments"
+msgstr "beim Auswerten von Befehlsargumenten"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:264
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:298
+#, c-format
+msgid ": %s is an invalid enctype"
+msgstr ": %s ist kein gültiger Verschlüsselungstyp"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:272
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:307
+#, c-format
+msgid ": %s is an invalid mkeyVNO"
+msgstr ": %s ist kein gültiger MkeyVNO"
+
+# FIXME s/retreiving/retrieving/
+#: ../../src/kadmin/dbutil/kdb5_util.c:317
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:431
+msgid "while retreiving configuration parameters"
+msgstr "beim Abfragen der Konfigurationsparameter"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:368
+msgid "Too few arguments"
+msgstr "zu wenige Argumente"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:369
+#, c-format
+msgid "Usage: %s dbpathname realmname"
+msgstr "Aufruf: %s Datenbankpfadname Realm-Name"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:375
+msgid "while closing previous database"
+msgstr "beim Schließen der vorherigen Datenbank"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:412
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:877
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1497
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:564
+msgid "while initializing database"
+msgstr "beim Initialisieren der Datenbank"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:429
+msgid "while retrieving master entry"
+msgstr "beim Abfragen des Haupteintrags"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:448
+msgid "while calculated master key salt"
+msgstr "beim Berechnen des Hauptschlüssel-Salts"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:480
+msgid "Warning: proceeding without master key"
+msgstr "Warnung: Es wird ohne Hauptschlüssel fortgefahren"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:498
+msgid "while seeding random number generator"
+msgstr "beim Erzeugen des Startwerts des Zufallszahlengenerators"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:508
+#, c-format
+msgid "%s: Could not map log\n"
+msgstr "%s: Protokolldatei konnte nicht abgebildet werden\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:535
+msgid "while closing database"
+msgstr "beim Schließen der Datenbank"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:582
+#, c-format
+msgid "while fetching principal %s"
+msgstr "beim Abrufen von Principal %s"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:605
+msgid "while finding mkey"
+msgstr "beim Suchen nach Mkey"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:630
+msgid "while setting changetime"
+msgstr "beim Setzen der Änderungszeit der Datei"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:638
+#, c-format
+msgid "while saving principal %s"
+msgstr "beim Speichern von Principal %s"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:642
+#, c-format
+msgid "%s changed\n"
+msgstr "%s geändert\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:73
+#, c-format
+msgid "%s: invalid arguments\n"
+msgstr "%s: ungültige Argumente\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:78
+msgid "while freeing ktlist"
+msgstr "beim Freigeben von »ktlist«"
+
+#: ../../src/kadmin/ktutil/ktutil.c:89
+#, c-format
+msgid "%s: must specify keytab to read\n"
+msgstr ""
+"%s: Die Schlüsseltabelle, die gelesen werden soll, muss angegeben werden.\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:94
+#, c-format
+msgid "while reading keytab \"%s\""
+msgstr "beim Lesen der Schlüsseltabelle »%s«"
+
+#: ../../src/kadmin/ktutil/ktutil.c:104
+#, c-format
+msgid "%s: must specify the srvtab to read\n"
+msgstr "%s: Die zu lesende Dienstschlüsseltabelle muss angegeben werden.\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:109
+#, c-format
+msgid "while reading srvtab \"%s\""
+msgstr "beim Lesen der Dienstschlüsseltabelle »%s«"
+
+#: ../../src/kadmin/ktutil/ktutil.c:119
+#, c-format
+msgid "%s: must specify keytab to write\n"
+msgstr "%s: Die zu schreibende Schlüsseltabelle muss angegeben werden.\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:124
+#, c-format
+msgid "while writing keytab \"%s\""
+msgstr "beim Schreiben der Schlüsseltabelle »%s«"
+
+#: ../../src/kadmin/ktutil/ktutil.c:131
+#, c-format
+msgid "%s: writing srvtabs is no longer supported\n"
+msgstr ""
+"%s: Schreiben der Dienstschlüsseltabelle wird nicht länger unterstützt\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:169
+#, c-format
+msgid "usage: %s (-key | -password) -p principal -k kvno -e enctype\n"
+msgstr ""
+"Aufruf: %s (-key | -password) -p Principal -k KVNO -e Verschlüsselungstyp\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:176
+msgid "while adding new entry"
+msgstr "beim Hinzufügen eines neuen Eintrags"
+
+#: ../../src/kadmin/ktutil/ktutil.c:186
+#, c-format
+msgid "%s: must specify entry to delete\n"
+msgstr "%s: zu löschender Eintrag muss angegeben werden\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:191
+#, c-format
+msgid "while deleting entry %d"
+msgstr "beim Löschen von Eintrag %d"
+
+#: ../../src/kadmin/ktutil/ktutil.c:219
+#, c-format
+msgid "%s: usage: %s [-t] [-k] [-e]\n"
+msgstr "%s: Aufruf: %s [-t] [-k] [-e]\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:259
+msgid "While converting enctype to string"
+msgstr "beim Umwandeln des Verschlüsselungstyps in eine Zeichenkette"
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:162
+#, c-format
+msgid "Password for %.1000s"
+msgstr "Passwort für %.1000s"
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:179
+#, c-format
+msgid "Key for %s (hex): "
+msgstr "Schlüssel für %s (hexadezimal): "
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:191
+#, c-format
+msgid "addent: Error reading key.\n"
+msgstr "addent: Fehler beim Lesen des Schlüssels\n"
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:206
+#, c-format
+msgid "addent: Illegal character in key.\n"
+msgstr "addent: unerlaubtes Zeichen im Schlüssel\n"
+
+#: ../../src/kadmin/server/ipropd_svc.c:48
+#, c-format
+msgid "Unauthorized request: %s, client=%s, service=%s, addr=%s"
+msgstr "unberechtigte Anfrage: %s, Client=%s, Dienst=%s, Adresse=%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:49
+#: ../../src/kadmin/server/ipropd_svc.c:212
+#, c-format
+msgid "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
+msgstr "Anfrage: %s, %s, %s, Client=%s, Dienst=%s, Adresse=%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:146
+#: ../../src/kadmin/server/ipropd_svc.c:271
+#, c-format
+msgid "%s: server handle is NULL"
+msgstr "%s: Server-Identifikator ist NULL"
+
+#: ../../src/kadmin/server/ipropd_svc.c:156
+#: ../../src/kadmin/server/ipropd_svc.c:284
+#, c-format
+msgid "%s: setup_gss_names failed"
+msgstr "%s: setup_gss_names fehlgeschlagen"
+
+#: ../../src/kadmin/server/ipropd_svc.c:166
+#: ../../src/kadmin/server/ipropd_svc.c:295
+#, c-format
+msgid "%s: out of memory recording principal names"
+msgstr "%s: Speicher reicht nicht zur Aufzeichnung der Principal-Namen aus"
+
+#: ../../src/kadmin/server/ipropd_svc.c:195
+#, c-format
+msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=%lu"
+msgstr "%s; eingehende Seriennummer=%lu; ausgehende Seriennummer=%lu"
+
+#: ../../src/kadmin/server/ipropd_svc.c:201
+#, c-format
+msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=N/A"
+msgstr "%s; eingehende Seriennummer=%lu; ausgehende Seriennummer=N/A"
+
+#: ../../src/kadmin/server/ipropd_svc.c:320
+#, c-format
+msgid "%s: getclhoststr failed"
+msgstr "%s: getclhoststr fehlgeschlagen"
+
+#: ../../src/kadmin/server/ipropd_svc.c:342
+#, c-format
+msgid "%s: cannot construct kdb5 util dump string too long; out of memory"
+msgstr ""
+"Ausgabenzeichenkette des KDB5-Hilfswerkzeugs nicht konstruierbar, da zu "
+"lang; Speicher reicht nicht aus.%s: Die Ausgabezeichenkette des KDB5-"
+"Hilfswerkzeugs kann nicht erstellt werden, weil sie zu lang ist. Der "
+"Speicherplatz reicht nicht aus."
+
+#: ../../src/kadmin/server/ipropd_svc.c:362
+#, c-format
+msgid "%s: fork failed: %s"
+msgstr "%s: Verzweigen fehlgeschlagen: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:374
+#, c-format
+msgid "%s: popen failed: %s"
+msgstr "%s: popen fehlgeschlagen: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:388
+#, c-format
+msgid "%s: pclose(popen) failed: %s"
+msgstr "%s: pclose(popen) fehlgeschlagen: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:405
+#, c-format
+msgid "%s: exec failed: %s"
+msgstr "%s: exec fehlgeschlagen: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:421
+#, c-format
+msgid "Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"
+msgstr ""
+"Anfrage: %s, hervorgebrachter Neusynchronisationsprozess %d, Client=%s, "
+"Dienst=%s, Adresse=%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:485
+#: ../../src/kadmin/server/kadm_rpc_svc.c:275
+#, c-format
+msgid "check_rpcsec_auth: failed inquire_context, stat=%u"
+msgstr "check_rpcsec_auth: inquire_context fehlgeschlagen, Stat=%u"
+
+#: ../../src/kadmin/server/ipropd_svc.c:515
+#: ../../src/kadmin/server/kadm_rpc_svc.c:304
+#, c-format
+msgid "bad service principal %.*s%s"
+msgstr "falscher Dienst-Principal %.*s%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:538
+#, c-format
+msgid "authentication attempt failed: %s, RPC authentication flavor %d"
+msgstr ""
+"Authentifizierungsversuche gescheitert: %s, PRC-Authentifizierungsvariante %d"
+
+#: ../../src/kadmin/server/ipropd_svc.c:572
+#, c-format
+msgid "RPC unknown request: %d (%s)"
+msgstr "unbekannte PRC-Anfrage: %d (%s)"
+
+#: ../../src/kadmin/server/ipropd_svc.c:580
+#, c-format
+msgid "RPC svc_getargs failed (%s)"
+msgstr "RPC-»svc_getargs« fehlgeschlagen (%s)"
+
+#: ../../src/kadmin/server/ipropd_svc.c:590
+#, c-format
+msgid "RPC svc_sendreply failed (%s)"
+msgstr "RPC-»svc_sendreply« fehlgeschlagen (%s)"
+
+#: ../../src/kadmin/server/ipropd_svc.c:596
+#, c-format
+msgid "RPC svc_freeargs failed (%s)"
+msgstr "RPC-»svc_freeargs« fehlgeschlagen (%s)"
+
+#: ../../src/kadmin/server/kadm_rpc_svc.c:325
+#, c-format
+msgid "gss_to_krb5_name: failed display_name status %d"
+msgstr "gss_to_krb5_name: display_name fehlgeschlagen, Status %d"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:86
+#, c-format
+msgid ""
+"Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] [-port port-number]\n"
+"\t\t[-proponly] [-p path-to-kdb5_util] [-F dump-file]\n"
+"\t\t[-K path-to-kprop] [-P pid_file]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"Aufruf: kadmind [-x Datenbankargumente]* [-r Realm] [-m] [-nofork]\n"
+"\t\t[-port Portummer] [-p Pfad_zum_KDB5-Hilfswerkzeug] [-F Auszugsdatei]\n"
+"\t\t[-K Pfad_zu_Kprop] [-P PID-Datei]\n"
+"\n"
+"dabei sind\n"
+"\t[-x Datenbankargumente]* - eine beliebige Anzahl datenbankspezifischer "
+"Argumente.\n"
+"\t\t\tWelche Argumente unterstützt werden, finden Sie in der Dokumentation "
+"der jeweiligen Datenbank.\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:111
+#, c-format
+msgid "%s: %s while %s, aborting\n"
+msgstr "%s: %s bei %s, wird abgebrochen\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:113
+#, c-format
+msgid "%s while %s, aborting\n"
+msgstr "%s bei %s, wird abgebrochen\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:115
+#, c-format
+msgid "%s: %s, aborting\n"
+msgstr "%s: %s, wird abgebrochen\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:116
+#, c-format
+msgid "%s, aborting"
+msgstr "%s, wird abgebrochen"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:282
+#, c-format
+msgid ""
+"WARNING! Forged/garbled request: %s, claimed client = %.*s%s, server = %.*s"
+"%s, addr = %s"
+msgstr ""
+"WARNUNG! Gefälschte/verstümmelte Anfrage: %s, geforderter Client = %.*s%s, "
+"Server = %.*s%s, Adresse = %s"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:288
+#, c-format
+msgid ""
+"WARNING! Forged/garbled request: %d, claimed client = %.*s%s, server = %.*s"
+"%s, addr = %s"
+msgstr ""
+"WARNUNG! Gefälschte/verstümmelte Anfrage: %d,   Client = %.*s%s, Server = "
+"%.*s%s, Adresse = %s"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:302
+#, c-format
+msgid "Miscellaneous RPC error: %s, %s"
+msgstr "sonstiger PRC-Fehler: %s, %s"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:318
+#, c-format
+msgid "%s Cannot decode status %d"
+msgstr "%s: Status %d kann nicht dekodiert werden"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:336
+#, c-format
+msgid "Authentication attempt failed: %s, GSS-API error strings are:"
+msgstr "Authentifizierungsversuch fehlgeschlagen: %s, GSS-API-Fehlermeldungen:"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:341
+msgid "   GSS-API error strings complete."
+msgstr "   GSS-API-Fehlermeldungen vollständig"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:378
+#, c-format
+msgid "%s: cannot initialize. Not enough memory\n"
+msgstr "%s: kann nicht initialisiert werden: Speicher reicht nicht aus.\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:445
+#, c-format
+msgid "%s: %s while initializing context, aborting\n"
+msgstr "%s: %s beim Initialisieren des Kontextes, wird abgebrochen\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:456
+msgid "initializing"
+msgstr "wird initialisiert"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:460
+msgid "getting config parameters"
+msgstr "beim Holen der Konfigurationsparameter"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:462
+msgid "Missing required realm configuration"
+msgstr "erforderliche Realm-Konfiguration fehlt"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:464
+msgid "Missing required ACL file configuration"
+msgstr "erforderliche ACL-Dateikonfiguration fehlt"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:468
+msgid "initializing network"
+msgstr "Netzwerk wird initialisiert"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:473
+msgid "Cannot build GSSAPI auth names"
+msgstr "GSS-API-Authentifizierungsnamen können nicht gebildet werden."
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:477
+msgid "Cannot set up KDB keytab"
+msgstr "Die KDB-Schlüsseltabelle kann nicht eingerichtet werden."
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:480
+msgid "Cannot set GSSAPI authentication names"
+msgstr "GSS-API-Authentifizierungsnamen können nicht gesetzt werden."
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:497
+msgid "Cannot initialize GSSAPI service name"
+msgstr "GSSAPI-Dienstname kann nicht initialisiert werden"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:501
+msgid "initializing ACL file"
+msgstr "ACL-Datei wird initialisiert"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:504
+msgid "spawning daemon process"
+msgstr "Daemon-Prozess wird erzeugt"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:508
+msgid "creating PID file"
+msgstr "PID-Datei wird erstellt"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:511
+msgid "Seeding random number generator"
+msgstr "Startwert des Zufallszahlengenerators wird erzeugt"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:514
+msgid "getting random seed"
+msgstr "Zufallsstartwert wird geholt"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:521
+msgid "mapping update log"
+msgstr "Aktualisierungsprotokoll wird abgebildet"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:525
+#, c-format
+msgid "%s: create IPROP svc (PROG=%d, VERS=%d)\n"
+msgstr "%s: IPROP-Dienst wird erstellt (PROG=%d, VERS=%d)\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:530
+msgid "starting"
+msgstr "startet"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:532 ../../src/kdc/main.c:1061
+#, c-format
+msgid "%s: starting...\n"
+msgstr "%s: startet …\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:535
+msgid "finished, exiting"
+msgstr "fertig, wird beendet"
+
+#: ../../src/kadmin/server/schpw.c:282
+#, c-format
+msgid "setpw request from %s by %.*s%s for %.*s%s: %s"
+msgstr "»setpw«-Anfrage von %s durch %.*s%s für %.*s%s: %s"
+
+#: ../../src/kadmin/server/schpw.c:287
+#, c-format
+msgid "chpw request from %s for %.*s%s: %s"
+msgstr "»chpw«-Anfrage von %s für %.*s%s: %s"
+
+#: ../../src/kadmin/server/schpw.c:464
+#, c-format
+msgid "chpw: Couldn't open admin keytab %s"
+msgstr "chpw«: Administratorschlüsseltabelle %s konnte nicht geöffnet werden"
+
+#: ../../src/kadmin/server/server_stubs.c:293
+#, c-format
+msgid ""
+"Unauthorized request: %s, %.*s%s, client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr ""
+"Unauthorisierte Anfrage: %s, %.*s%s, Client=%.*s%s, Dienst=%.*s%s, Adresse=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:314
+#: ../../src/kadmin/server/server_stubs.c:649
+#: ../../src/kadmin/server/server_stubs.c:1792
+msgid "success"
+msgstr "erfolgreich"
+
+#: ../../src/kadmin/server/server_stubs.c:324
+#, c-format
+msgid "Request: %s, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr "Anfrage: %s, %.*s%s, %s, Client=%.*s%s, Dienst=%.*s%s, Adresse=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:628
+#, c-format
+msgid ""
+"Unauthorized request: kadm5_rename_principal, %.*s%s to %.*s%s, client=%.*s"
+"%s, service=%.*s%s, addr=%s"
+msgstr ""
+"Unauthorisierte Anfrage: kadm5_rename_principal, %.*s%s bis %.*s%s, Client="
+"%.*s%s, Dienst=%.*s%s, Adresse=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:644
+#, c-format
+msgid ""
+"Request: kadm5_rename_principal, %.*s%s to %.*s%s, %s, client=%.*s%s, "
+"service=%.*s%s, addr=%s"
+msgstr ""
+"Anfrage: kadm5_rename_principal, %.*s%s bis %.*s%s, %s, Client=%.*s%s, "
+"Dienst=%.*s%s, Adresse=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:1788
+#, c-format
+msgid ""
+"Request: kadm5_init, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s, "
+"vers=%d, flavor=%d"
+msgstr ""
+"Anfrage: kadm5_init, %.*s%s, %s, Client=%.*s%s, Dienst=%.*s%s, Adresse=%s, "
+"Version=%d, Variante=%d"
+
+#: ../../src/kdc/do_as_req.c:273
+#, c-format
+msgid "AS_REQ : handle_authdata (%d)"
+msgstr "AS_REQ: handle_authdata (%d)"
+
+#: ../../src/kdc/do_tgs_req.c:593
+#, c-format
+msgid "TGS_REQ : handle_authdata (%d)"
+msgstr "TGS_REQ: handle_authdata (%d)"
+
+#: ../../src/kdc/do_tgs_req.c:655
+msgid "not checking transit path"
+msgstr "Übergangspfad wird nicht geprüft"
+
+#: ../../src/kdc/fast_util.c:62
+#, c-format
+msgid "%s while handling ap-request armor"
+msgstr "%s bei der Handhabung des »ap-request«-Schutzes"
+
+#: ../../src/kdc/fast_util.c:71
+msgid "ap-request armor for something other than the local TGS"
+msgstr "»ap-request«-Schutz für etwas anderes als den lokalen TGS"
+
+#: ../../src/kdc/fast_util.c:80
+msgid "ap-request armor without subkey"
+msgstr "»ap-request«-Schutz ohne Unterschlüssel"
+
+#: ../../src/kdc/fast_util.c:162
+msgid "Ap-request armor not permitted with TGS"
+msgstr "»ap-request«-Schutz nicht mit TGS gestattet"
+
+#: ../../src/kdc/fast_util.c:169
+#, c-format
+msgid "Unknown FAST armor type %d"
+msgstr "unbekanntet FAST-Schutztyp %d"
+
+#: ../../src/kdc/fast_util.c:183
+msgid "No armor key but FAST armored request present"
+msgstr "Es gibt keinen Schutzschlüssel aber eine FAST-geschützte Anfrage"
+
+#: ../../src/kdc/fast_util.c:219
+msgid "FAST req_checksum invalid; request modified"
+msgstr "FAST-»req_checksum« ungültig; Anfrage geändert"
+
+#: ../../src/kdc/fast_util.c:225
+msgid "Unkeyed checksum used in fast_req"
+msgstr "in fast_req wurde eine Prüfsumme ohne Schlüssel benutzt"
+
+#: ../../src/kdc/kdc_audit.c:110
+#, c-format
+msgid "audit plugin %s failed to open. error=%i"
+msgstr "Öffnen der Audit-Erweiterung %s fehlgeschlagen. Fehler=%i"
+
+#: ../../src/kdc/kdc_authdata.c:292 ../../src/kdc/kdc_authdata.c:328
+#, c-format
+msgid "authdata %s failed to initialize: %s"
+msgstr "Initialisieren von »authdata« %s fehlgeschlagen: %s"
+
+#: ../../src/kdc/kdc_authdata.c:779
+#, c-format
+msgid "authdata (%s) handling failure: %s"
+msgstr "Handhabung von »authdata« %s fehlgeschlagen: %s"
+
+#: ../../src/kdc/kdc_log.c:82
+#, c-format
+msgid "AS_REQ (%s) %s: ISSUE: authtime %d, %s, %s for %s"
+msgstr "AS_REQ (%s) %s: PROBLEM: Authentifizierungszeit %d, %s, %s für %s"
+
+#: ../../src/kdc/kdc_log.c:88
+#, c-format
+msgid "AS_REQ (%s) %s: %s: %s for %s%s%s"
+msgstr "AS_REQ (%s) %s: %s: %s für %s%s%s"
+
+#: ../../src/kdc/kdc_log.c:159
+#, c-format
+msgid "TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s"
+msgstr "TGS_REQ (%s) %s: %s: Authentifizierungszeit %d, %s%s %s für %s%s%s"
+
+#: ../../src/kdc/kdc_log.c:166
+#, c-format
+msgid "... PROTOCOL-TRANSITION s4u-client=%s"
+msgstr "… PROTOKOLLÜBERGANG s4u-client=%s"
+
+#: ../../src/kdc/kdc_log.c:170
+#, c-format
+msgid "... CONSTRAINED-DELEGATION s4u-client=%s"
+msgstr "…  EINHESCHRÄNKTE DELEGIERUNG s4u-client=%s"
+
+#: ../../src/kdc/kdc_log.c:174
+#, c-format
+msgid "TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s"
+msgstr "TGS_REQ %s: %s: Authentifizierungszeit %d, %s für %s, 2. TKT-Client %s"
+
+#: ../../src/kdc/kdc_log.c:208
+#, c-format
+msgid "bad realm transit path from '%s' to '%s' via '%.*s%s'"
+msgstr "falscher Realm-Übergangspfad von »%s« zu »%s« über »%.*s%s«"
+
+#: ../../src/kdc/kdc_log.c:214
+#, c-format
+msgid "unexpected error checking transit from '%s' to '%s' via '%.*s%s': %s"
+msgstr ""
+"unerwarteter Fehler bei der Prüfung des Übergangs von »%s« zu »%s« über »%.*s"
+"%s«: %s"
+
+#: ../../src/kdc/kdc_log.c:232
+msgid "TGS_REQ: issuing alternate <un-unparseable> TGT"
+msgstr "TGS_REQ: alternativer <nicht nicht auswertbarer> TGT wird erstellt"
+
+#: ../../src/kdc/kdc_log.c:235
+#, c-format
+msgid "TGS_REQ: issuing TGT %s"
+msgstr "TGS_REQ: TGT %s wird erstellt"
+
+#: ../../src/kdc/kdc_preauth.c:328
+#, c-format
+msgid "preauth %s failed to initialize: %s"
+msgstr "Initialisieren von »preauth« %s fehlgeschlagen: %s"
+
+#: ../../src/kdc/kdc_preauth.c:339
+#, c-format
+msgid "preauth %s failed to setup loop: %s"
+msgstr "Einrichten der Schleife von »preauth« %s fehlgeschlagen: %s"
+
+#: ../../src/kdc/kdc_preauth.c:760
+#, c-format
+msgid "%spreauth required but hint list is empty"
+msgstr "%spreauth benötigt, aber Hinweisliste ist leer"
+
+#: ../../src/kdc/kdc_preauth_ec.c:75
+msgid "Encrypted Challenge used outside of FAST tunnel"
+msgstr "verschlüsselte Aufforderung wurde außerhalb des FAST-Tunnels verwendet"
+
+#: ../../src/kdc/kdc_preauth_ec.c:110
+msgid "Incorrect password in encrypted challenge"
+msgstr "falsches Passwort in verschlüsselter Aufforderung"
+
+#: ../../src/kdc/kdc_util.c:236
+msgid "TGS_REQ: SESSION KEY or MUTUAL"
+msgstr "TGS_REQ: SITZUNGSSCHLÃœSSEL oder BEIDERSEITIG"
+
+#: ../../src/kdc/kdc_util.c:314
+msgid "PROCESS_TGS: failed lineage check"
+msgstr "PROCESS_TGS: Abstammungsprüfung fehlgeschlagen"
+
+#: ../../src/kdc/kdc_util.c:468
+#, c-format
+msgid "TGS_REQ: UNKNOWN SERVER: server='%s'"
+msgstr "TGS_REQ: UNBEKANNTER SERVER: Server=»%s«"
+
+#: ../../src/kdc/main.c:231
+#, c-format
+msgid "while getting context for realm %s"
+msgstr "beim Holen des Kontextes für Realm %s"
+
+#: ../../src/kdc/main.c:329
+#, c-format
+msgid "while setting default realm to %s"
+msgstr "beim Setzen des Standard-Realms auf %s"
+
+#: ../../src/kdc/main.c:337
+#, c-format
+msgid "while initializing database for realm %s"
+msgstr "beim Initialisieren der Datenbank für Realm %s"
+
+#: ../../src/kdc/main.c:346
+#, c-format
+msgid "while setting up master key name %s for realm %s"
+msgstr "beim Einrichten des Hauptschlüsselnamens %s für Realm %s"
+
+#: ../../src/kdc/main.c:359
+#, c-format
+msgid "while fetching master key %s for realm %s"
+msgstr "beim Abholen des Hauptschlüssels %s für Realm %s"
+
+#: ../../src/kdc/main.c:367
+#, c-format
+msgid "while fetching master keys list for realm %s"
+msgstr "beim Abholen der Hauptschlüsselliste für Realm %s"
+
+#: ../../src/kdc/main.c:376
+#, c-format
+msgid "while resolving kdb keytab for realm %s"
+msgstr "beim Ermitteln der KDB-Schlüsseltabelle für Realm %s"
+
+#: ../../src/kdc/main.c:385
+#, c-format
+msgid "while building TGS name for realm %s"
+msgstr "beim Bilden des TGS-Namens für Realm %s"
+
+#: ../../src/kdc/main.c:503
+#, c-format
+msgid "creating %d worker processes"
+msgstr "%d Arbeitsprozesse werden erzeugt"
+
+#: ../../src/kdc/main.c:513
+msgid "Unable to reinitialize main loop"
+msgstr "Hauptschleife konnte nicht neu initialisiert werden"
+
+#: ../../src/kdc/main.c:518
+#, c-format
+msgid "Unable to initialize signal handlers in pid %d"
+msgstr ""
+"Signalbehandlungsprogramme in PID %d konnten nicht initialisiert werden"
+
+#: ../../src/kdc/main.c:548
+#, c-format
+msgid "worker %ld exited with status %d"
+msgstr "Arbeitsprozess %ld endete mit Status %d"
+
+#: ../../src/kdc/main.c:572
+#, c-format
+msgid "signal %d received in supervisor"
+msgstr "Ãœberwachungsprogramm empfing Signal %d"
+
+#: ../../src/kdc/main.c:591
+#, c-format
+msgid ""
+"usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n"
+"\t\t[-R replaycachename] [-m] [-k masterenctype]\n"
+"\t\t[-M masterkeyname] [-p port] [-P pid_file]\n"
+"\t\t[-n] [-w numworkers] [/]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - Any number of database specific arguments.\n"
+"\t\t\tLook at each database module documentation for \t\t\tsupported "
+"arguments\n"
+msgstr ""
+"Aufruf: %s [-x Datenbankargumente]* [-d Datenbankpfadname]\n"
+"\t\t[-r Datenbank-Realm-Name] [-m] [-k Hauptverschlüsselungstyp]\n"
+"\t\t[-M Hauptschlüsselname] [-p Port] [-P PID-Datei]\n"
+"\t\t[-n] [-w Arbeitsprozessanzahl] [/]\n"
+"\n"
+"dabei sind\n"
+"\t[-x Datenbankargumente]* - eine beliebige Anzahl datenbankspezifischer "
+"Argumente.\n"
+"\t\t\tWelche Argumente unterstützt werden, finden Sie in der Dokumentation "
+"der jeweiligen Datenbank.\n"
+
+#: ../../src/kdc/main.c:653 ../../src/kdc/main.c:660 ../../src/kdc/main.c:774
+#, c-format
+msgid " KDC cannot initialize. Not enough memory\n"
+msgstr "KDC kann nicht initialisiert werden. Speicher reicht nicht aus\n"
+
+#: ../../src/kdc/main.c:679 ../../src/kdc/main.c:722 ../../src/kdc/main.c:733
+#, c-format
+msgid "%s: KDC cannot initialize. Not enough memory\n"
+msgstr "%s: KDC kann nicht initialisiert werden. Speicher reicht nicht aus\n"
+
+#: ../../src/kdc/main.c:699 ../../src/kdc/main.c:816
+#, c-format
+msgid "%s: cannot initialize realm %s - see log file for details\n"
+msgstr ""
+"%s: Realm %s kann nicht initialisiert werden - Einzelheiten finden Sie in "
+"der Protokolldatei\n"
+
+#: ../../src/kdc/main.c:710
+#, c-format
+msgid "%s: cannot initialize realm %s. Not enough memory\n"
+msgstr ""
+"%s: Realm %s kann nicht initialisiert werden. Speicher reicht nicht aus\n"
+
+#: ../../src/kdc/main.c:761
+#, c-format
+msgid "invalid enctype %s"
+msgstr "ungültiger Verschlüsselungstyp %s"
+
+#: ../../src/kdc/main.c:804
+msgid "while attempting to retrieve default realm"
+msgstr "beim Versuch, den Standard-Realm abzufragen"
+
+#: ../../src/kdc/main.c:806
+#, c-format
+msgid "%s: %s, attempting to retrieve default realm\n"
+msgstr "%s: %s, es wird versucht, den Standard-Realm abzufragen\n"
+
+#: ../../src/kdc/main.c:912
+#, c-format
+msgid "%s: cannot get memory for realm list\n"
+msgstr "%s: Speicher für die Realm-Liste kann nicht erlangt werden\n"
+
+#: ../../src/kdc/main.c:947
+msgid "while initializing lookaside cache"
+msgstr "beim Initialisieren des Lookaside-Zwischenspeichers"
+
+#: ../../src/kdc/main.c:955
+msgid "while creating main loop"
+msgstr "beim Erzeugen der Hauptschleife"
+
+# SAM=Security Accounts Manager
+#: ../../src/kdc/main.c:965
+msgid "while initializing SAM"
+msgstr "beim Initialisieren des SAMs"
+
+#: ../../src/kdc/main.c:1011
+msgid "while initializing routing socket"
+msgstr "beim Initialisieren des Routing-Sockets"
+
+#: ../../src/kdc/main.c:1017
+msgid "while initializing signal handlers"
+msgstr "beim Initialisieren des Signalbehandlungsprogramms"
+
+#: ../../src/kdc/main.c:1024
+msgid "while initializing network"
+msgstr "beim Initialisieren des Netzwerks"
+
+#: ../../src/kdc/main.c:1029
+msgid "while detaching from tty"
+msgstr "beim Lösen vom Terminal"
+
+#: ../../src/kdc/main.c:1036
+msgid "while creating PID file"
+msgstr "beim Erstellen der PID-Datei"
+
+#: ../../src/kdc/main.c:1045
+msgid "creating worker processes"
+msgstr "Arbeitsprozesse werden erzeugt"
+
+#: ../../src/kdc/main.c:1055
+msgid "while loading audit plugin module(s)"
+msgstr "beim Laden des/der Auditerweiterungsmoduls/Auditerweiterungsmodule"
+
+#: ../../src/kdc/main.c:1059
+msgid "commencing operation"
+msgstr "Aktion wird begonnen"
+
+#: ../../src/kdc/main.c:1067
+msgid "shutting down"
+msgstr "wird heruntergefahren"
+
+#: ../../src/lib/apputils/net-server.c:258
+msgid "Got signal to request exit"
+msgstr "Signal zur Anfrage des Beendens empfangen"
+
+#: ../../src/lib/apputils/net-server.c:272
+msgid "Got signal to reset"
+msgstr "Signal zum Zurücksetzen empfangen"
+
+#: ../../src/lib/apputils/net-server.c:429
+#, c-format
+msgid "closing down fd %d"
+msgstr "Dateideskriptor %d wird geschlossen"
+
+#: ../../src/lib/apputils/net-server.c:443
+#, c-format
+msgid "descriptor %d closed but still in svc_fdset"
+msgstr "Deskriptor %d geschlossen, aber immer noch in »svc_fdset«"
+
+#: ../../src/lib/apputils/net-server.c:469
+msgid "cannot create io event"
+msgstr "E/A-Ereignis kann nicht erzeugt werden"
+
+#: ../../src/lib/apputils/net-server.c:475
+msgid "cannot save event"
+msgstr "Ereignis kann nicht gesichert werden"
+
+#: ../../src/lib/apputils/net-server.c:495
+#, c-format
+msgid "file descriptor number %d too high"
+msgstr "Dateideskriptornummer %d zu hoch"
+
+#: ../../src/lib/apputils/net-server.c:503
+msgid "cannot allocate storage for connection info"
+msgstr "Speicher für Verbindungsinformation kann nicht reserviert werden"
+
+#: ../../src/lib/apputils/net-server.c:562
+#, c-format
+msgid "Cannot create TCP server socket on %s"
+msgstr "Auf %s kann kein TCP-Server-Socket erstellt werden."
+
+#: ../../src/lib/apputils/net-server.c:571
+#, c-format
+msgid "TCP socket fd number %d (for %s) too high"
+msgstr "TCP-Socket-Deskriptornummer %d (für %s) zu hoch"
+
+#: ../../src/lib/apputils/net-server.c:579
+#, c-format
+msgid "Cannot enable SO_REUSEADDR on fd %d"
+msgstr "SO_REUSEADDR kann nicht für Dateideskriptor %d aktiviert werden"
+
+#: ../../src/lib/apputils/net-server.c:586
+#, c-format
+msgid "setsockopt(%d,IPV6_V6ONLY,1) failed"
+msgstr "setsockopt(%d,IPV6_V6ONLY,1) fehlgeschlagen"
+
+#: ../../src/lib/apputils/net-server.c:588
+#, c-format
+msgid "setsockopt(%d,IPV6_V6ONLY,1) worked"
+msgstr "setsockopt(%d,IPV6_V6ONLY,1) funktioniert"
+
+#: ../../src/lib/apputils/net-server.c:591
+msgid "no IPV6_V6ONLY socket option support"
+msgstr "keine Socket-Option für IPV6_V6ONLY unterstützt"
+
+#: ../../src/lib/apputils/net-server.c:597
+#, c-format
+msgid "Cannot bind server socket on %s"
+msgstr "Server-Socket kann nicht an %s gebunden werden"
+
+#: ../../src/lib/apputils/net-server.c:624
+#, c-format
+msgid "Cannot create RPC service: %s; continuing"
+msgstr "RPC-Dienst kann nicht erstellt werden: %s; es wird fortgefahren"
+
+#: ../../src/lib/apputils/net-server.c:633
+#, c-format
+msgid "Cannot register RPC service: %s; continuing"
+msgstr "RPC-Dienst kann nicht registriert werden: %s; es wird fortgefahren"
+
+#: ../../src/lib/apputils/net-server.c:682
+#, c-format
+msgid "Cannot listen on TCP server socket on %s"
+msgstr ""
+"Auf dem TCP-Server-Socket kann nicht auf eine Verbindung gewartet werden auf "
+"%s."
+
+#: ../../src/lib/apputils/net-server.c:688
+#, c-format
+msgid "cannot set listening tcp socket on %s non-blocking"
+msgstr ""
+"Das auf eine Verbindung wartende TCP-Socket kann nicht auf nicht-"
+"blockierendes %s gesetzt werden."
+
+#: ../../src/lib/apputils/net-server.c:695
+#, c-format
+msgid "disabling SO_LINGER on TCP socket on %s"
+msgstr "SO_LINGER auf dem TCP-Socket auf %s wird deaktiviert"
+
+#: ../../src/lib/apputils/net-server.c:743
+#: ../../src/lib/apputils/net-server.c:752
+#, c-format
+msgid "listening on fd %d: tcp %s"
+msgstr "auf Dateideskriptor %d wird auf eine Verbindung gewartet: TCP %s"
+
+#: ../../src/lib/apputils/net-server.c:757
+msgid "assuming IPv6 socket accepts IPv4"
+msgstr "es wird davon ausgegangen, dass das IPv6-Socket IPv4 akzeptiert"
+
+#: ../../src/lib/apputils/net-server.c:791
+#: ../../src/lib/apputils/net-server.c:804
+#, c-format
+msgid "listening on fd %d: rpc %s"
+msgstr "auf Dateideskriptor %d wird auf eine Verbindung gewartet: RPC %s"
+
+#: ../../src/lib/apputils/net-server.c:883
+#, c-format
+msgid "Cannot request packet info for udp socket address %s port %d"
+msgstr ""
+"Paketinformation für UDP-Socket-Adresse %s, Port %d, kann nicht abgefragt "
+"werden"
+
+#: ../../src/lib/apputils/net-server.c:889
+#, c-format
+msgid "listening on fd %d: udp %s%s"
+msgstr "auf Dateideskriptor %d wird auf eine Verbindung gewartet: UDP %s%s"
+
+#: ../../src/lib/apputils/net-server.c:918
+msgid "Failed to reconfigure network, exiting"
+msgstr "Neukonfiguration des Netzwerks fehlgeschlagen, wird beendet"
+
+#: ../../src/lib/apputils/net-server.c:979
+#, c-format
+msgid ""
+"unhandled routing message type %d, will reconfigure just for the fun of it"
+msgstr ""
+"nicht behandelter Routing-Meldungstyp %d, es wird es nur zum Spaß neu "
+"konfiguriert"
+
+#: ../../src/lib/apputils/net-server.c:1013
+#, c-format
+msgid "short read (%d/%d) from routing socket"
+msgstr "ungenügende Daten (%d/%d) vom Routing-Socket gelesen"
+
+#: ../../src/lib/apputils/net-server.c:1023
+#, c-format
+msgid "read %d from routing socket but msglen is %d"
+msgstr "%d vom Routing-Socket gelesen, Nachrichtenlänge ist jedoch %d"
+
+#: ../../src/lib/apputils/net-server.c:1055
+#, c-format
+msgid "couldn't set up routing socket: %s"
+msgstr "Routing-Socket konnte nicht eingerichtet werden: %s"
+
+#: ../../src/lib/apputils/net-server.c:1058
+#, c-format
+msgid "routing socket is fd %d"
+msgstr "Das Routing-Socket hat den Dateideskriptor %d."
+
+#: ../../src/lib/apputils/net-server.c:1084
+msgid "setting up network..."
+msgstr "Netzwerk wird eingerichtet …"
+
+#: ../../src/lib/apputils/net-server.c:1101
+#, c-format
+msgid "set up %d sockets"
+msgstr "%d Sockets werden eingerichtet"
+
+#: ../../src/lib/apputils/net-server.c:1103
+msgid "no sockets set up?"
+msgstr "keine Sockets eingerichtet?"
+
+#: ../../src/lib/apputils/net-server.c:1351
+#: ../../src/lib/apputils/net-server.c:1405
+msgid "while dispatching (udp)"
+msgstr "beim Versenden (UDP)"
+
+#: ../../src/lib/apputils/net-server.c:1380
+#, c-format
+msgid "while sending reply to %s/%s from %s"
+msgstr "beim Senden der Antwort zu %s/%s von %s"
+
+#: ../../src/lib/apputils/net-server.c:1385
+#, c-format
+msgid "short reply write %d vs %d\n"
+msgstr "ungenügende Ausgabe der Antwort %d gegenüber %d\n"
+
+#: ../../src/lib/apputils/net-server.c:1430
+msgid "while receiving from network"
+msgstr "beim Empfangen vom Netzwerk"
+
+#: ../../src/lib/apputils/net-server.c:1446
+#, c-format
+msgid "pktinfo says local addr is %s"
+msgstr "Pktinfo sagt, die lokale Adresse sei %s"
+
+#: ../../src/lib/apputils/net-server.c:1479
+msgid "too many connections"
+msgstr "zu viele Verbindungen"
+
+#: ../../src/lib/apputils/net-server.c:1502
+#, c-format
+msgid "dropping %s fd %d from %s"
+msgstr "%s Dateideskriptor %d von %s wird verworfen"
+
+#: ../../src/lib/apputils/net-server.c:1580
+#, c-format
+msgid "allocating buffer for new TCP session from %s"
+msgstr "Puffer für neue TCP-Sitzung von %s wird reserviert"
+
+#: ../../src/lib/apputils/net-server.c:1610
+msgid "while dispatching (tcp)"
+msgstr "beim Versenden (TCP)"
+
+#: ../../src/lib/apputils/net-server.c:1642
+msgid "error allocating tcp dispatch private!"
+msgstr "Fehler beim Reservieren zum nicht öffentlichen TCP-Versand!"
+
+#: ../../src/lib/apputils/net-server.c:1689
+#, c-format
+msgid "TCP client %s wants %lu bytes, cap is %lu"
+msgstr "TCP-Client %s will %lu Byte, Cap ist %lu"
+
+#: ../../src/lib/apputils/net-server.c:1697
+#, c-format
+msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s"
+msgstr "Fehler beim Erzeugen des KRB_ERR_FIELD_TOOLONG-Fehlers! %s"
+
+#: ../../src/lib/apputils/net-server.c:1876
+#, c-format
+msgid "accepted RPC connection on socket %d from %s"
+msgstr "akzeptierte PRC-Verbindung auf Socket %d von %s"
+
+# pseudo random function
+#: ../../src/lib/crypto/krb/cf2.c:114
+#, c-format
+msgid "Enctype %d has no PRF"
+msgstr "Verschlüsselungstyp %d hat keine PRF"
+
+#: ../../src/lib/crypto/krb/prng_fortuna.c:428
+msgid "Random number generator could not be seeded"
+msgstr "Zufallszahlengenerator konnte kein Startwert zugewiesen werden"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:43
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:165
+msgid "A required input parameter could not be read"
+msgstr "Ein benötigter Eingabeparameter konnte nicht gelesen werden."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:44
+msgid "A required input parameter could not be written"
+msgstr "Ein benötigter Eingabeparameter konnte nicht geschrieben werden."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:45
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:175
+msgid "A parameter was malformed"
+msgstr "Ein Parameter hatte eine falsche Form"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:48
+msgid "calling error"
+msgstr "Aufruffehler"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:59
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:195
+msgid "An unsupported mechanism was requested"
+msgstr "Ein nicht unterstützter Mechanismus wurde angefordert."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:60
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:199
+msgid "An invalid name was supplied"
+msgstr "Ein ungültiger Name wurde übergeben."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:61
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:203
+msgid "A supplied name was of an unsupported type"
+msgstr "Ein übergebener Name hatte einen nicht unterstützten Typ."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:62
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:208
+msgid "Incorrect channel bindings were supplied"
+msgstr "Falsche Kanalbindungen wurden übergeben."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:63
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:179
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:274
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:334
+msgid "An invalid status code was supplied"
+msgstr "Ein ungültiger Statuscode wurde übergeben."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:64
+msgid "A token had an invalid signature"
+msgstr "Ein Merkmal hatte eine ungültige Signatur."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:65
+msgid "No credentials were supplied"
+msgstr "Es wurden keine Anmeldedaten übergeben."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:66
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:223
+msgid "No context has been established"
+msgstr "Es wurde keine Kontext etabliert."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:67
+msgid "A token was invalid"
+msgstr "Ein Merkmal war ungültig."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:68
+msgid "A credential was invalid"
+msgstr "Eine der Anmeldedaten war ungültig."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:69
+msgid "The referenced credentials have expired"
+msgstr "Die referenzierten Anmeldedaten sind abgelaufen."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:70
+msgid "The context has expired"
+msgstr "Der Kontext ist abgelaufen."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:71
+msgid "Miscellaneous failure"
+msgstr "sonstiger Fehlschlag"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:72
+msgid "The quality-of-protection requested could not be provided"
+msgstr ""
+"Die angeforderte Qualität des Schutzes konnte nicht bereitgestellt werden."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:73
+msgid "The operation is forbidden by the local security policy"
+msgstr "Die Aktion wird durch die lokale Sicherheitsrichtinie verboten."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:74
+msgid "The operation or option is not available"
+msgstr "Die Aktion oder Option ist nicht verfügbar."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:77
+msgid "routine error"
+msgstr "Fehler in einer Routine"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:89
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:311
+msgid "The routine must be called again to complete its function"
+msgstr ""
+"Die Routine muss erneut aufgerufen werden, um ihre Funktion zu "
+"vervollständigen."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:90
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:316
+msgid "The token was a duplicate of an earlier token"
+msgstr "Das Merkmal war ein Zweitexemplar eines früheren Merkmals."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:91
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:321
+msgid "The token's validity period has expired"
+msgstr "Die Gültigkeitsperiode des Merkmals ist abgelaufen."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:92
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:325
+msgid "A later token has already been processed"
+msgstr "Es wurde bereits ein neueres Merkmal verarbeitet."
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:95
+msgid "supplementary info code"
+msgstr "zusätzlicher Informationscode"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:106
+#: ../lib/krb5/error_tables/krb5_err.c:23
+msgid "No error"
+msgstr "kein Fehler"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:107
+#, c-format
+msgid "Unknown %s (field = %d)"
+msgstr "%s unbekannt (Feld = %d)"
+
+#: ../../src/lib/gssapi/krb5/acquire_cred.c:165
+#, c-format
+msgid "No key table entry found matching %s"
+msgstr "Es wurde kein zu %s passender Schlüsseltabelleneintrag gefunden."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:161
+msgid "The routine completed successfully"
+msgstr "Die Routine wurde erfolgreich abgeschlossen"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:170
+msgid "A required output parameter could not be written"
+msgstr "Ein erforderlicher Ausgabeparameter konnte nicht geschrieben werden."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:212
+msgid "A token had an invalid Message Integrity Check (MIC)"
+msgstr ""
+"Ein Merkmal hatte eine ungültige Meldungsintegritätsprüfung (Message "
+"Integrity Check/MIC)."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:217
+msgid ""
+"No credentials were supplied, or the credentials were unavailable or "
+"inaccessible"
+msgstr ""
+"Es wurden keine Anmeldedaten übergeben oder die Anmeldedaten waren nicht "
+"verfügbar bzw. ein Zugriff darauf nicht möglich."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:227
+msgid "Invalid token was supplied"
+msgstr "Es wurde ein ungültiges Token übergeben."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:231
+msgid "Invalid credential was supplied"
+msgstr "ungültige Anmeldedaten wurden übergeben"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:235
+msgid "The referenced credential has expired"
+msgstr "Die referenzierten Anmeldedaten sind abgelaufen."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:239
+msgid "The referenced context has expired"
+msgstr "Der referenzierte Kontext ist abgelaufen."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:243
+msgid "Unspecified GSS failure.  Minor code may provide more information"
+msgstr ""
+"nicht spezifizierter GSS-Fehlschlag. Möglicherweise stellt der "
+"untergeordnete Code weitere Informationen bereit."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:248
+msgid "The quality-of-protection (QOP) requested could not be provided"
+msgstr ""
+"Die Qualität des Schutzes (quality-of-protection/QOP) konnte nicht "
+"bereitgestellt werden."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:253
+msgid "The operation is forbidden by local  security policy"
+msgstr "Die Aktion wird durch die lokale Sicherheitsrichtinie verboten."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:258
+msgid "The operation or option is not available or unsupported"
+msgstr ""
+"Die Aktion oder Option ist nicht verfügbar oder wird nicht unterstützt."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:263
+msgid "The requested credential element already exists"
+msgstr "Das angeforderte Anmeldedatenelement existiert bereits."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:268
+msgid "The provided name was not mechanism specific (MN)"
+msgstr "Der bereitgestellte Name war nicht mechanismusspezifisch (MN)."
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:329
+msgid "An expected per-message token was not received"
+msgstr "Ein erwartetes nachrichtenspezifisches Token wurde nicht empfangen."
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1860
+msgid "SPNEGO cannot find mechanisms to negotiate"
+msgstr "SPNEGO kann keine Mechanismen zum Aushandeln finden."
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1865
+msgid "SPNEGO failed to acquire creds"
+msgstr "SPNEGO ist beim Beschaffen von Anmeldedaten gescheitert"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1870
+msgid "SPNEGO acceptor did not select a mechanism"
+msgstr "SPNEGO-Abnehmer hat keinen Mechanismus ausgewählt"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1875
+msgid "SPNEGO failed to negotiate a mechanism"
+msgstr "SPNEGO ist beim Aushandeln eines Mechanismus gescheitert."
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1880
+msgid "SPNEGO acceptor did not return a valid token"
+msgstr "SPNEGO-Abnehmer hat kein gültiges Token zurückgeliefert"
+
+#: ../../src/lib/kadm5/alt_prof.c:854
+#, c-format
+msgid "Cannot resolve address of admin server \"%s\" for realm \"%s\""
+msgstr ""
+"Adresse des Admin-Servers »%s« für Realm »%s« kann nicht ermittelt werden"
+
+#: ../../src/lib/kadm5/logger.c:56
+#, c-format
+msgid "%s: cannot parse <%s>\n"
+msgstr "%s: <%s> kann nicht ausgewertet werden\n"
+
+#: ../../src/lib/kadm5/logger.c:57
+#, c-format
+msgid "%s: warning - logging entry syntax error\n"
+msgstr "%s: Warnung – Syntaxfehler bei Protokolleintrag\n"
+
+#: ../../src/lib/kadm5/logger.c:58
+#, c-format
+msgid "%s: error writing to %s\n"
+msgstr "%s: Fehler beim Schreiben auf %s\n"
+
+#: ../../src/lib/kadm5/logger.c:59
+#, c-format
+msgid "%s: error writing to %s device\n"
+msgstr "%s: Fehler beim Schreiben auf Gerät %s\n"
+
+#: ../../src/lib/kadm5/logger.c:61
+msgid "EMERGENCY"
+msgstr "NOTFALL"
+
+#: ../../src/lib/kadm5/logger.c:62
+msgid "ALERT"
+msgstr "ALARM"
+
+#: ../../src/lib/kadm5/logger.c:63
+msgid "CRITICAL"
+msgstr "KRITISCH"
+
+#: ../../src/lib/kadm5/logger.c:64
+msgid "Error"
+msgstr "Fehler"
+
+#: ../../src/lib/kadm5/logger.c:65
+msgid "Warning"
+msgstr "Warnung"
+
+#: ../../src/lib/kadm5/logger.c:66
+msgid "Notice"
+msgstr "Hinweis"
+
+#: ../../src/lib/kadm5/logger.c:67
+msgid "info"
+msgstr "Information"
+
+#: ../../src/lib/kadm5/logger.c:68
+msgid "debug"
+msgstr "Fehlersuchmeldung"
+
+#: ../../src/lib/kadm5/logger.c:967
+#, c-format
+msgid "Couldn't open log file %s: %s\n"
+msgstr "Protokolldatei %s konnte nicht geöffnet werden: %s\n"
+
+#: ../../src/lib/kadm5/srv/kadm5_hook.c:119
+#, c-format
+msgid "kadm5_hook %s failed postcommit %s: %s"
+msgstr "»kadm5_hook« %s ist beim Nach-Commit %s gescheitert: %s"
+
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:106
+msgid "No dictionary file specified, continuing without one."
+msgstr "keine Wörterbuchdatei angegeben, es wird ohne fortgefahren"
+
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:113
+#, c-format
+msgid "WARNING!  Cannot find dictionary file %s, continuing without one."
+msgstr ""
+"WARNUNG! Wörterbuchdatei %s kann nicht gefunden werden, es wird ohne "
+"fortgefahren"
+
+#: ../../src/lib/kadm5/srv/pwqual_empty.c:42
+msgid "Empty passwords are not allowed"
+msgstr "Leere Passwörter sind nicht erlaubt."
+
+#: ../../src/lib/kadm5/srv/pwqual_hesiod.c:114
+msgid "Password may not match user information."
+msgstr "Das Passwort darf keinen Anwenderdaten entsprechen."
+
+#: ../../src/lib/kadm5/srv/pwqual_princ.c:54
+msgid "Password may not match principal name"
+msgstr "Das Passwort darf nicht mit dem Principal-Namen übereinstimmen."
+
+#: ../../src/lib/kadm5/srv/server_acl.c:89
+#, c-format
+msgid "%s: line %d too long, truncated"
+msgstr "%s: Zeile %d zu lang, wurde gekürzt"
+
+#: ../../src/lib/kadm5/srv/server_acl.c:90
+#, c-format
+msgid "Unrecognized ACL operation '%c' in %s"
+msgstr "unbekannte ACL-Aktion »%c« in %s"
+
+#: ../../src/lib/kadm5/srv/server_acl.c:92
+#, c-format
+msgid "%s: syntax error at line %d <%10s...>"
+msgstr "%s: Syntaxfehler in Zeile %d <%10s …>"
+
+#: ../../src/lib/kadm5/srv/server_acl.c:94
+#, c-format
+msgid "%s while opening ACL file %s"
+msgstr "%s beim Öffnen der ACL-Datei %s"
+
+#: ../../src/lib/kadm5/srv/server_acl.c:353
+#, c-format
+msgid "%s: invalid restrictions: %s"
+msgstr "%s: ungültige Beschränkung: %s"
+
+#: ../../src/lib/kadm5/srv/server_kdb.c:192
+msgid "History entry contains no key data"
+msgstr "Chronikeintrag enthält keine Schlüsseldaten"
+
+#: ../../src/lib/kadm5/srv/server_misc.c:128
+#, c-format
+msgid "password quality module %s rejected password for %s: %s"
+msgstr ""
+"Das Modul %s für Passwortqualität hat das Passwort für %s abgelehnt: %s"
+
+#: ../../src/lib/kadm5/str_conv.c:80
+msgid "Not Postdateable"
+msgstr "nicht vordatierbar"
+
+#: ../../src/lib/kadm5/str_conv.c:81
+msgid "Not Forwardable"
+msgstr "nicht weiterleitbar"
+
+#: ../../src/lib/kadm5/str_conv.c:82
+msgid "No TGT-based requests"
+msgstr "keine TGT-basierten Anfragen"
+
+#: ../../src/lib/kadm5/str_conv.c:83
+msgid "Not renewable"
+msgstr "nicht erneuerbar"
+
+#: ../../src/lib/kadm5/str_conv.c:84
+msgid "Not proxiable"
+msgstr "Proxy nicht nutzbar"
+
+#: ../../src/lib/kadm5/str_conv.c:85
+msgid "No DUP_SKEY requests"
+msgstr "keine DUP_SKEY-Anfragen"
+
+#: ../../src/lib/kadm5/str_conv.c:86
+msgid "All Tickets Disallowed"
+msgstr "keine Tickets erlaubt"
+
+#: ../../src/lib/kadm5/str_conv.c:87
+msgid "Preauthentication required"
+msgstr "Vorauthentifizierung erforderlich"
+
+#: ../../src/lib/kadm5/str_conv.c:88
+msgid "HW authentication required"
+msgstr "HW-Authentifizierung erforderlich"
+
+#: ../../src/lib/kadm5/str_conv.c:89
+msgid "OK as Delegate"
+msgstr "OK als Vertreter"
+
+#: ../../src/lib/kadm5/str_conv.c:90
+msgid "Password Change required"
+msgstr "Passwortänderung erforderlich"
+
+#: ../../src/lib/kadm5/str_conv.c:91
+msgid "Service Disabled"
+msgstr "Dienst deaktiviert"
+
+#: ../../src/lib/kadm5/str_conv.c:92
+msgid "Password Changing Service"
+msgstr "Passwortänderungsdienst"
+
+#: ../../src/lib/kadm5/str_conv.c:93
+msgid "RSA-MD5 supported"
+msgstr "RSA-MD5 unterstützt"
+
+#: ../../src/lib/kadm5/str_conv.c:94
+msgid "Protocol transition with delegation allowed"
+msgstr "Protokollübergang mit Vertretung erlaubt"
+
+#: ../../src/lib/kadm5/str_conv.c:95
+msgid "No authorization data required"
+msgstr "keine Autorisierungsdaten erforderlich"
+
+#: ../../src/lib/kdb/kdb5.c:219
+msgid "No default realm set; cannot initialize KDB"
+msgstr "kein Standard-Realm gesetzt; KDB kann nicht initialisiert werden"
+
+#: ../../src/lib/kdb/kdb5.c:324 ../../src/lib/kdb/kdb5.c:406
+#, c-format
+msgid "Unable to find requested database type: %s"
+msgstr "angeforderter Datenbanktyp kann nicht gefunden werden. %s"
+
+#: ../../src/lib/kdb/kdb5.c:416
+#, c-format
+msgid "plugin symbol 'kdb_function_table' lookup failed: %s"
+msgstr ""
+"Nachschlagen des Erweiterungssymbols »kdb_function_table« fehlgeschlagen: %s"
+
+#: ../../src/lib/kdb/kdb5.c:426
+#, c-format
+msgid ""
+"Unable to load requested database module '%s': plugin symbol "
+"'kdb_function_table' not found"
+msgstr ""
+"angefordertes Datenbankmodul »%s« kann nicht geladen werden: "
+"Erweiterungssymbol »kdb_function_table« nicht gefunden"
+
+#: ../../src/lib/kdb/kdb5.c:1650
+#, c-format
+msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n"
+msgstr "Ungültige Versionsnummer für KRB5_TL_MKEY_AUX %d\n"
+
+#: ../../src/lib/kdb/kdb5.c:1819
+#, c-format
+msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n"
+msgstr "Ungültige Versionsnummer für KRB5_TL_ACTKVNO %d\n"
+
+#: ../../src/lib/kdb/kdb_default.c:164
+#, c-format
+msgid "keyfile (%s) is not a regular file: %s"
+msgstr "Schlüsseldatei (%s) ist keine normale Datei: %s"
+
+#: ../../src/lib/kdb/kdb_default.c:177
+msgid "Could not create temp keytab file name."
+msgstr "Temporärer Schlüsseltabellendateiname konnte nicht erstellt werden."
+
+#: ../../src/lib/kdb/kdb_default.c:202
+#, c-format
+msgid "Temporary stash file already exists: %s."
+msgstr "Temporäre Ablagedatei existiert bereits: %s."
+
+#: ../../src/lib/kdb/kdb_default.c:230
+#, c-format
+msgid "rename of temporary keyfile (%s) to (%s) failed: %s"
+msgstr ""
+"Umbenennen von temporärer Schlüsseldatei (%s) in (%s) fehlgeschlagen: %s"
+
+#: ../../src/lib/kdb/kdb_default.c:419
+#, c-format
+msgid "Can not fetch master key (error: %s)."
+msgstr "Hauptschlüssel kann nicht abgeholt werden (Fehler: %s)"
+
+#: ../../src/lib/kdb/kdb_default.c:482
+msgid "Unable to decrypt latest master key with the provided master key\n"
+msgstr ""
+"Letzter Hauptschlüssel kann nicht mit dem bereitgestellten Hauptschlüssel "
+"entschlüsselt werden.\n"
+
+#: ../../src/lib/kdb/kdb_log.c:83
+msgid "could not sync ulog header to disk"
+msgstr "Ulog-Kopfzeilen konnten nicht auf die Platte synchronisiert werden"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:122
+#, c-format
+msgid "Subsidiary cache path %s has no parent directory"
+msgstr ""
+"Ergänzender Zwischenspeicherpfad %s hat kein übergeordnetes Verzeichnis."
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:128
+#, c-format
+msgid "Subsidiary cache path %s filename does not begin with \"tkt\""
+msgstr ""
+"Dateiname des ergänzenden Zwischenspeicherpfads %s beginnt nicht mit »tkt«"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:169
+#, c-format
+msgid "%s contains invalid filename"
+msgstr "%s enthält einen ungültigen Dateinamen."
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:229
+#, c-format
+msgid "Credential cache directory %s does not exist"
+msgstr "Anmeldedatenzwischenspeicherverzeichnis %s existiert nicht."
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:235
+#, c-format
+msgid "Credential cache directory %s exists but is not a directory"
+msgstr ""
+"Anmeldedatenzwischenspeicherverzeichnis %s existiert, ist jedoch kein "
+"Verzeichnis"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:400
+msgid ""
+"Can't create new subsidiary cache because default cache is not a directory "
+"collection"
+msgstr ""
+"Der neue ergänzende Zwischenspeicher kann nicht erstellt werden, da der "
+"Standardzwischenspeicher keine Ansammlung von Verzeichnissen ist."
+
+#: ../../src/lib/krb5/ccache/cc_file.c:569
+#, c-format
+msgid "Credentials cache file '%s' not found"
+msgstr "Anmeldedatenzwischenspeicherdatei »%s« nicht gefunden"
+
+#: ../../src/lib/krb5/ccache/cc_file.c:1575
+#, c-format
+msgid "Credentials cache I/O operation failed (%s)"
+msgstr "Anmeldedatenzwischenspeicher-E/A-Aktion fehlgeschlagen (%s)"
+
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1151
+msgid ""
+"Can't create new subsidiary cache because default cache is already a "
+"subsidiary"
+msgstr ""
+"Der neue ergänzende Zwischenspeicher kann nicht erstellt werden, da der "
+"Standardzwischenspeicher bereits eine Ergänzung ist."
+
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1219
+#, c-format
+msgid "Credentials cache keyring '%s' not found"
+msgstr "Schlüsselbund %s des Anmeldedatenzwischenspeichers nicht gefunden"
+
+#: ../../src/lib/krb5/ccache/cccursor.c:212
+#, c-format
+msgid "Can't find client principal %s in cache collection"
+msgstr ""
+"Client-Principal %s kann nicht in der Zwischenspeicheransammlung gefunden "
+"werden"
+
+#: ../../src/lib/krb5/ccache/cccursor.c:253
+msgid "No Kerberos credentials available"
+msgstr "keine Kerberos-Anmeldedaten verfügbar"
+
+#: ../../src/lib/krb5/keytab/kt_file.c:398
+#, c-format
+msgid "No key table entry found for %s"
+msgstr "Für %s wurde kein Schlüsseltabelleneintrag gefunden."
+
+#: ../../src/lib/krb5/keytab/kt_file.c:815
+#: ../../src/lib/krb5/keytab/kt_file.c:848
+msgid "Cannot change keytab with keytab iterators active"
+msgstr ""
+"Schlüsseltabelle mit aktiven Schlüsseltabelleniteratoren kann nicht geändert "
+"werden"
+
+#: ../../src/lib/krb5/keytab/kt_file.c:1047
+#, c-format
+msgid "Key table file '%s' not found"
+msgstr "Schlüsseltabellendatei »%s« nicht gefunden"
+
+#: ../../src/lib/krb5/keytab/ktfns.c:127
+#, c-format
+msgid "Keytab %s is nonexistent or empty"
+msgstr "Schlüsseltabelle %s existiert nicht oder ist leer"
+
+#: ../../src/lib/krb5/krb/chpw.c:251
+msgid "Malformed request error"
+msgstr "Fehler wegen Anfrage in falscher Form"
+
+#: ../../src/lib/krb5/krb/chpw.c:254 ../lib/krb5/error_tables/kdb5_err.c:58
+msgid "Server error"
+msgstr "Serverfehler"
+
+#: ../../src/lib/krb5/krb/chpw.c:257
+msgid "Authentication error"
+msgstr "Authentifizierungsfehler"
+
+#: ../../src/lib/krb5/krb/chpw.c:260
+msgid "Password change rejected"
+msgstr "Passwortänderung abgelehnt"
+
+#: ../../src/lib/krb5/krb/chpw.c:263
+msgid "Access denied"
+msgstr "Zugriff verweigert"
+
+#: ../../src/lib/krb5/krb/chpw.c:266
+msgid "Wrong protocol version"
+msgstr "falsche Protokollversion"
+
+#: ../../src/lib/krb5/krb/chpw.c:269
+msgid "Initial password required"
+msgstr "Erstpasswort erforderlich"
+
+#: ../../src/lib/krb5/krb/chpw.c:272
+msgid "Success"
+msgstr "Erfolg"
+
+#: ../../src/lib/krb5/krb/chpw.c:275 ../lib/krb5/error_tables/krb5_err.c:257
+msgid "Password change failed"
+msgstr "Ändern des Passworts fehlgeschlagen"
+
+#: ../../src/lib/krb5/krb/chpw.c:433
+msgid ""
+"The password must include numbers or symbols.  Don't include any part of "
+"your name in the password."
+msgstr ""
+"Das Passwort muss Zahlen oder Symbole enthalten. Fügen Sie keinen Teil Ihres "
+"Namens in das Passwort ein."
+
+#: ../../src/lib/krb5/krb/chpw.c:439
+#, c-format
+msgid "The password must contain at least %d character."
+msgid_plural "The password must contain at least %d characters."
+msgstr[0] "Das Passwort muss mindestens %d Zeichen enthalten."
+msgstr[1] "Das Passwort muss mindestens %d Zeichen enthalten."
+
+#: ../../src/lib/krb5/krb/chpw.c:448
+#, c-format
+msgid "The password must be different from the previous password."
+msgid_plural "The password must be different from the previous %d passwords."
+msgstr[0] "Das Passwort muss sich vom vorhergehenden Passwort unterscheiden."
+msgstr[1] ""
+"Das Passwort muss sich von den vorhergehenden %d Passwörtern unterscheiden."
+
+#: ../../src/lib/krb5/krb/chpw.c:460
+#, c-format
+msgid "The password can only be changed once a day."
+msgid_plural "The password can only be changed every %d days."
+msgstr[0] "Das Passwort kann nur einmal täglich geändert werden."
+msgstr[1] "Das Passwort kann nur alle %d Tage geändert werden."
+
+#: ../../src/lib/krb5/krb/chpw.c:506
+msgid "Try a more complex password, or contact your administrator."
+msgstr ""
+"Versuchen Sie es mit einem etwas komplexeren Passwort oder wenden Sie sich "
+"an Ihren Administrator."
+
+#: ../../src/lib/krb5/krb/fast.c:217
+#, c-format
+msgid "%s constructing AP-REQ armor"
+msgstr "%s-Konstruktion von AP-REQ-Schutz"
+
+#: ../../src/lib/krb5/krb/fast.c:399
+#, c-format
+msgid "%s while decrypting FAST reply"
+msgstr "%s beim Entschlüsseln der FAST-Antwort"
+
+#: ../../src/lib/krb5/krb/fast.c:408
+msgid "nonce modified in FAST response: KDC response modified"
+msgstr ""
+"Nummer für einmaligen Gebrauch in der FAST-Anwort geändert: KDC-Anwort "
+"geändert"
+
+#: ../../src/lib/krb5/krb/fast.c:474
+msgid "Expecting FX_ERROR pa-data inside FAST container"
+msgstr "Innerhalb des FAST-Containers wird »FX_ERROR pa-data« erwartet."
+
+#: ../../src/lib/krb5/krb/fast.c:545
+msgid "FAST response missing finish message in KDC reply"
+msgstr "Der FAST-Anwort fehlt die Beendigungsnachricht in der KDC-Anwort"
+
+#: ../../src/lib/krb5/krb/fast.c:558
+msgid "Ticket modified in KDC reply"
+msgstr "Ticket in der KDC-Antwort verändert"
+
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:208
+#, c-format
+msgid "KDC returned error string: %.*s"
+msgstr "KDC gab eine Fehlermeldung zurück: %.*s"
+
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:217
+#, c-format
+msgid "Server %s not found in Kerberos database"
+msgstr "Server %s wurde nicht in der Kerberos-Datenbank gefunden"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:133
+msgid "Reply has wrong form of session key for anonymous request"
+msgstr ""
+"Antwort hat die falsche Form des Sitzungschlüssels für eine anonyme Anfrage"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1628
+#, c-format
+msgid "%s while storing credentials"
+msgstr "%s beim Speichern der Anmeldedaten"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1715
+#, c-format
+msgid "Client '%s' not found in Kerberos database"
+msgstr "Client »%s« wurde nicht in der Kerberos-Datenbank gefunden"
+
+#: ../../src/lib/krb5/krb/gic_keytab.c:207
+#, c-format
+msgid "Keytab contains no suitable keys for %s"
+msgstr "Schlüsseltabelle enthält keine passenden Schlüssel für %s"
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:75
+#, c-format
+msgid "Password for %s"
+msgstr "Passwort für %s"
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:227
+#, c-format
+msgid "Warning: Your password will expire in less than one hour on %s"
+msgstr ""
+"Warnung: Ihr Passwort auf %s wird in weniger als einer Stunde ablaufen."
+
+# FIXME in German impossible; plural without »s«
+#: ../../src/lib/krb5/krb/gic_pwd.c:231
+#, c-format
+msgid "Warning: Your password will expire in %d hour%s on %s"
+msgstr "Warnung: Ihr Passwort wird in %d Stunden%s am %s ablaufen."
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:235
+#, c-format
+msgid "Warning: Your password will expire in %d days on %s"
+msgstr "Warnung: Ihr Passwort wird in %d Tagen am %s ablaufen."
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:409
+msgid "Password expired.  You must change it now."
+msgstr "Passwort abgelaufen. Sie müssen es nun ändern."
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:428 ../../src/lib/krb5/krb/gic_pwd.c:432
+#, c-format
+msgid "%s.  Please try again."
+msgstr "%s. Bitte versuchen Sie es erneut."
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:471
+#, c-format
+msgid "%.*s%s%s.  Please try again.\n"
+msgstr "%.*s%s%s. Bitte versuchen Sie es erneut.\n"
+
+#: ../../src/lib/krb5/krb/parse.c:203
+#, c-format
+msgid "Principal %s is missing required realm"
+msgstr "Principal %s fehlt erforderlicher Realm"
+
+#: ../../src/lib/krb5/krb/parse.c:215
+#, c-format
+msgid "Principal %s has realm present"
+msgstr "Für Principal %s ist Realm vorhanden"
+
+#: ../../src/lib/krb5/krb/plugin.c:165
+#, c-format
+msgid "Invalid module specifier %s"
+msgstr "ungültiger Modulbezeichner %s"
+
+#: ../../src/lib/krb5/krb/plugin.c:402
+#, c-format
+msgid "Could not find %s plugin module named '%s'"
+msgstr "Das Erweiterungsmodul %s namens »%s« konnte nicht gefunden werden."
+
+#: ../../src/lib/krb5/krb/preauth2.c:1018
+msgid "Unable to initialize preauth context"
+msgstr "Vorauthentifizierungskontext konnte nicht initialisiert werden."
+
+#: ../../src/lib/krb5/krb/preauth2.c:1032
+#, c-format
+msgid "Preauth module %s: %s"
+msgstr "Vorauthentifizierungsmodul %s: %s"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:510
+msgid "Please choose from the following:\n"
+msgstr "Bitte wählen Sie aus dem Folgenden aus:\n"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:511
+msgid "Vendor:"
+msgstr "Anbieter:"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:523
+msgid "Enter #"
+msgstr "Geben Sie # ein"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:559
+msgid "OTP Challenge:"
+msgstr "Anforderung des Einwegpassworts:"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:588
+msgid "OTP Token PIN"
+msgstr "Einwegpasswort-Token-PIN"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:702
+msgid "OTP value doesn't match any token formats"
+msgstr "Wert des Einwegpassworts entspricht keinem Token-Format"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:769
+msgid "Enter OTP Token Value"
+msgstr "Geben Sie den Wert des Einwegpasswort-Tokens an"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:914
+msgid "No supported tokens"
+msgstr "keine unterstützten Token"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:49
+msgid "Challenge for Enigma Logic mechanism"
+msgstr "Anforderung für Enigma-Logic-Mechanismus"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:53
+msgid "Challenge for Digital Pathways mechanism"
+msgstr "Anforderung für Digital-Pathway-Mechanismus"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:57
+msgid "Challenge for Activcard mechanism"
+msgstr "Anforderung für Activcard-Mechanismus"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:60
+msgid "Challenge for Enhanced S/Key mechanism"
+msgstr "Anforderung für erweiterten S/Key-Mechanismus"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:63
+msgid "Challenge for Traditional S/Key mechanism"
+msgstr "Anforderung für traditionellen S/Key-Mechanismus"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:66
+#: ../../src/lib/krb5/krb/preauth_sam2.c:69
+msgid "Challenge for Security Dynamics mechanism"
+msgstr "Anforderung für Security-Dynamics-Mechanismus"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:72
+msgid "Challenge from authentication server"
+msgstr "Anforderung vom Authentifizierungsserver"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:166
+msgid "SAM Authentication"
+msgstr "SAM-Authentifizierung"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:145
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab"
+msgstr ""
+"Schlüssel für %s-KNVO %d kann nicht in der Schlüsseltabelle gefunden werden"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:150
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab (request ticket server %s)"
+msgstr ""
+"Schlüssel für %s-KNVO %d kann nicht in der Schlüsseltabelle gefunden werden "
+"(angefragter Ticketserver %s)"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:175
+#, c-format
+msgid "Cannot decrypt ticket for %s using keytab key for %s"
+msgstr ""
+"Ticket für %s kann nicht mittels des Schlüsseltabellenschlüssels für %s "
+"entschlüsselt werden"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:197
+#, c-format
+msgid "Server principal %s does not match request ticket server %s"
+msgstr "Server-Principal %s passt nicht zum abgefragten Ticketserver %s"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:226
+msgid "No keys in keytab"
+msgstr "keine Schlüssel in der Schlüsseltabelle"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:229
+#, c-format
+msgid "Server principal %s does not match any keys in keytab"
+msgstr ""
+"Server-Principal %s hat keinen passenden Schlüssel in der Schlüsseltabelle"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:236
+#, c-format
+msgid ""
+"Request ticket server %s found in keytab but does not match server principal "
+"%s"
+msgstr ""
+"abgefragter Ticketserver %s wurde in der Schlüsseltabelle gefunden, er passte "
+"jedoch nicht zu Server-Principal %s"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:241
+#, c-format
+msgid "Request ticket server %s not found in keytab (ticket kvno %d)"
+msgstr ""
+"Abgefragter Ticketserver %s wurde nicht in der Schlüsseltabelle gefunden "
+"(Ticket KVNO %d)."
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:247
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; ticket is likely out "
+"of date"
+msgstr ""
+"Abgefragter Ticketserver %s KVNO %d wurde nicht in der Schlüsseltabelle "
+"gefunden; Ticket ist wahrscheinlich abgelaufen."
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:252
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; keytab is likely out "
+"of date"
+msgstr ""
+"Abgefragter Ticketserver %s KVNO %d wurde nicht in der Schlüsseltabelle "
+"gefunden; Schlüsseltabelle ist wahrscheinlich nicht mehr aktuell."
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:261
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d found in keytab but not with enctype %s"
+msgstr ""
+"Abgefragter Ticketserver %s KVNO %d wurde in der Schlüsseltabelle gefunden, "
+"jedoch nicht mit Verschlüsselungstyp %s."
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:266
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d enctype %s found in keytab but cannot "
+"decrypt ticket"
+msgstr ""
+"Abgefragter Ticketserver %s KVNO %d mit Verschlüsselungstyp %s in der "
+"Schlüsseltabelle gefunden, Ticket kann jedoch nicht entschlüsselt werden."
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:897
+#, c-format
+msgid "Encryption type %s not permitted"
+msgstr "Verschlüsselungstyp %s nicht erlaubt"
+
+#: ../../src/lib/krb5/os/expand_path.c:316
+#, c-format
+msgid "Can't find username for uid %lu"
+msgstr "Zu UID %lu kann kein Benutzername gefunden werden."
+
+#: ../../src/lib/krb5/os/expand_path.c:405
+#: ../../src/lib/krb5/os/expand_path.c:421
+msgid "Invalid token"
+msgstr "ungültiges Token"
+
+#: ../../src/lib/krb5/os/expand_path.c:506
+msgid "variable missing }"
+msgstr "Variable fehlt }"
+
+#: ../../src/lib/krb5/os/locate_kdc.c:660
+#, c-format
+msgid "Cannot find KDC for realm \"%.*s\""
+msgstr "KDC für Realm »%.*s« kann nicht gefunden werden"
+
+#: ../../src/lib/krb5/os/sendto_kdc.c:475
+#, c-format
+msgid "Cannot contact any KDC for realm '%.*s'"
+msgstr "für Realm »%.*s« kann nicht KDC kontaktiert werden"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:106
+#, c-format
+msgid "Cannot fstat replay cache file %s: %s"
+msgstr "»fstat« für Antwortzwischenspeicherdatei %s nicht möglich: %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:112
+#, c-format
+msgid ""
+"Insecure mkstemp() file mode for replay cache file %s; try running this "
+"program with umask 077"
+msgstr ""
+"unsicherer mkstemp()-Dateimodus für Antwortzwischenspeicherdatei %s; "
+"versuchen Sie, dieses Programm mit der Umask 077 auszuführen"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:144
+#, c-format
+msgid "Cannot %s replay cache file %s: %s"
+msgstr "%s der Wiederholungszwischenspeicherdatei %s nicht möglich: %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:149
+#, c-format
+msgid "Cannot %s replay cache: %s"
+msgstr "%s des Wiederholungszwischenspeichers nicht möglich: %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:272
+#, c-format
+msgid "Insecure file mode for replay cache file %s"
+msgstr "unsicherer Dateimodus für Wiederholungszwischenspeicherdatei %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:278
+#, c-format
+msgid "rcache not owned by %d"
+msgstr "Rcache gehört nicht %d"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:402 ../../src/lib/krb5/rcache/rc_io.c:406
+#: ../../src/lib/krb5/rcache/rc_io.c:411
+#, c-format
+msgid "Can't write to replay cache: %s"
+msgstr ""
+"in Wiederholungszwischenspeicherdatei kann nicht geschrieben werden: %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:432
+#, c-format
+msgid "Cannot sync replay cache file: %s"
+msgstr ""
+"Wiederholungszwischenspeicherdatei kann nicht synchronisiert werden: %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:451
+#, c-format
+msgid "Can't read from replay cache: %s"
+msgstr "aus dem Wiederholungszwischenspeicher kann nicht gelesen werden: %s"
+
+#: ../../src/lib/krb5/rcache/rc_io.c:482 ../../src/lib/krb5/rcache/rc_io.c:488
+#: ../../src/lib/krb5/rcache/rc_io.c:493
+#, c-format
+msgid "Can't destroy replay cache: %s"
+msgstr "Wiederholungszwischenspeicher kann nicht vernichtet werden: %s"
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:245
+#: ../../src/plugins/kdb/db2/kdb_db2.c:830
+#, c-format
+msgid "Unsupported argument \"%s\" for db2"
+msgstr "nicht unterstütztes Argument »%s« für DB2"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:69
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:887
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1088
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1507
+msgid "while reading kerberos container information"
+msgstr "beim Lesen der Kerberos-Container-Information"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:518
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:151
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:166
+msgid "while providing time specification"
+msgstr "beim Bereitstellen der Zeitspezifikation"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:304
+msgid "while creating policy object"
+msgstr "beim Erstellen des Richtlinienobjekts"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1515
+msgid "while reading realm information"
+msgstr "beim Lesen der Realm-Information"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:348
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:407
+msgid "while destroying policy object"
+msgstr "beim Zerstören des Richtlinienobjekts"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:358
+#, c-format
+msgid "This will delete the policy object '%s', are you sure?\n"
+msgstr "Dies wird das Richtlinienobjekt »%s« löschen, sind Sie sicher?\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:473
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:663
+msgid "while modifying policy object"
+msgstr "beim Ändern des Richtlinienobjekts"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:487
+#, c-format
+msgid "while reading information of policy '%s'"
+msgstr "beim Lesen der Information der Richtlinie »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:692
+msgid "while viewing policy"
+msgstr "beim Betrachten der Richtlinie"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:701
+#, c-format
+msgid "while viewing policy '%s'"
+msgstr "beim Betrachten der Richtlinie »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:835
+msgid "while listing policy objects"
+msgstr "beim Auflisten der Richtlinienobjekte"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:453
+#, c-format
+msgid "for subtree while creating realm '%s'"
+msgstr "für einen Teilbaum beim Erstellen von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:465
+#, c-format
+msgid "for container reference while creating realm '%s'"
+msgstr "für Container-Bezug beim Erstellen von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:489
+#, c-format
+msgid "invalid search scope while creating realm '%s'"
+msgstr "ungültiger Suchbereich beim Erstellen von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:823
+#, c-format
+msgid "'%s' is an invalid option\n"
+msgstr "»%s« ist keine gültige Option\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:512
+#, c-format
+msgid "Initializing database for realm '%s'\n"
+msgstr "Datenbank für Realm »%s« wird initialisiert\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:536
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:696
+#, c-format
+msgid "while creating realm '%s'"
+msgstr "beim Erstellen von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:556
+#, c-format
+msgid "Enter DN of Kerberos container: "
+msgstr "Geben Sie die den DN des Kerberos-Containers ein: "
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:591
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:894
+#, c-format
+msgid "while reading information of realm '%s'"
+msgstr "beim Lesen der Information von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:733
+msgid "while reading Kerberos container information"
+msgstr "beim Lesen der Kerberos-Container-Information"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:774
+#, c-format
+msgid "for subtree while modifying realm '%s'"
+msgstr "für einen Teilbaum beim Ändern von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:785
+#, c-format
+msgid "for container reference while modifying realm '%s'"
+msgstr "für Container-Bezug beim Ändern von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:812
+#, c-format
+msgid "specified for search scope while modifying information of realm '%s'"
+msgstr ""
+"angegeben für Suchbereich, während die Information für Realm »%s« geändert "
+"wird"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:851
+#, c-format
+msgid "while modifying information of realm '%s'"
+msgstr "beim Ändern der Information von Realm »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:940
+msgid "Realm Name"
+msgstr "Realm-Name"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:943
+msgid "Subtree"
+msgstr "Teilbaum"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:946
+msgid "Principal Container Reference"
+msgstr "Principal-Container-Bezug"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:951
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:953
+msgid "SearchScope"
+msgstr "Suchbereich"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:951
+msgid "Invalid !"
+msgstr "ungültig!"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:958
+msgid "KDC Services"
+msgstr "KDC-Dienste"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:973
+msgid "Admin Services"
+msgstr "Administratordienste"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:988
+msgid "Passwd Services"
+msgstr "Passwortdienste"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1004
+msgid "Maximum Ticket Life"
+msgstr "maximale Ticketlebensdauer"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1009
+msgid "Maximum Renewable Life"
+msgstr "maximale verlängerbare Lebensdauer"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1016
+msgid "Ticket flags"
+msgstr "Ticket-Flags"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1095
+msgid "while listing realms"
+msgstr "beim Auflisten der Realms"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1439
+msgid "while adding entries to database"
+msgstr "beim Hinzufügen von Einträgen zur Datenbank"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1480
+#, c-format
+msgid "Deleting KDC database of '%s', are you sure?\n"
+msgstr ""
+"Sind Sie sicher, dass die KDC-Datenbank von »%s« gelöscht werden soll?\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1491
+#, c-format
+msgid "OK, deleting database of '%s'...\n"
+msgstr "OK, die Datenbank von »%s« wird gelöscht …\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1524
+#, c-format
+msgid "deleting database of '%s'"
+msgstr "Die Datenbank von »%s« wird gelöscht."
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1529
+#, c-format
+msgid "** Database of '%s' destroyed.\n"
+msgstr "** Datenbank von »%s« vernichtet\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:81
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:88
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:96
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:104
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:120
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:148
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:227
+msgid "while setting service object password"
+msgstr "beim Setzen des Passworts für das Dienstobjekt"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:140
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:477
+#, c-format
+msgid "Password for \"%s\""
+msgstr "Passwort für »%s«"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:143
+#, c-format
+msgid "Re-enter password for \"%s\""
+msgstr "Geben Sie das Passwort für »%s« erneut ein."
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:154
+#, c-format
+msgid "%s: Invalid password\n"
+msgstr "%s: ungültiges Passwort\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:170
+msgid "Failed to convert the password to hexadecimal"
+msgstr "Das Umwandeln des Passworts in Dezimalschreibweise ist fehlgeschlagen."
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:183
+#, c-format
+msgid "Failed to open file %s: %s"
+msgstr "Datei %s konnte nicht geöffnet werden: %s"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:205
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:256
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:283
+msgid "Failed to write service object password to file"
+msgstr ""
+"Schreiben des Passworts für das Dienstobjekt in eine Datei fehlgeschlagen"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:211
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:268
+msgid "Error reading service object password file"
+msgstr "Fehler beim Lesen der Passwortdatei für das Dienstobjekt"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:236
+#, c-format
+msgid "Error creating file %s"
+msgstr "Fehler beim Erstellen der Datei %s"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:105
+#, c-format
+msgid ""
+"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
+"\tcmd [cmd_options]\n"
+"create          [-subtrees subtree_dn_list] [-sscope search_scope] [-"
+"containerref container_reference_dn]\n"
+"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
+"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+"\t\t[ticket_flags] [-r realm]\n"
+"modify          [-subtrees subtree_dn_list] [-sscope search_scope] [-"
+"containerref container_reference_dn]\n"
+"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+"\t\t[ticket_flags] [-r realm]\n"
+"view            [-r realm]\n"
+"destroy                [-f] [-r realm]\n"
+"list\n"
+"stashsrvpw      [-f filename] service_dn\n"
+"create_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"modify_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"view_policy     [-r realm] policy\n"
+"destroy_policy  [-r realm] [-force] policy\n"
+"list_policy     [-r realm]\n"
+msgstr ""
+"Aufruf: kdb5_ldap_util [-D Benutzer-DN [-w Passwort]] [-H LDAP-URI]\n"
+"\tcmd [Befehlsoptionen]\n"
+"create          [-subtrees DN-Liste_Teilbäume] [-sscope Suchbereich] [-"
+"containerref Container-Bezug-DN]\n"
+"\t\t[-m|-P Passwort|-sf Ablagedateiname] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
+"\t\t[-maxtktlife maximale_Ticketlebensdauer]\n"
+"\t\t[-maxrenewlife maximale_Dauer_bis_zum_Erneuern_des_Tickets]\n"
+"\t\t[Ticket_Flags] [-r Realm]\n"
+"modify          [-subtrees DN-Liste_Teilbäume] [-sscope Suchbereich] [-"
+"containerref Container-Bezug-DN]\n"
+"\t\t[-maxtktlife maximale_Ticketlebensdauer]\n"
+"\t\t[-maxrenewlife maximale_Dauer_bis_zum_Erneuern_des_Tickets]\n"
+"\t\t[Ticket_Flags] [-r Realm]\n"
+"view            [-r Realm]\n"
+"destroy                [-f] [-r Realm]\n"
+"list\n"
+"stashsrvpw      [-f Dateiname] Dienst-DN\n"
+"create_policy   [-r Realm] [-maxtktlife maximale_Ticketlebensdauer]\n"
+"\t\t[-maxrenewlife maximale_Dauer_bis_zum_Erneuern_des_Tickets]\n"
+"\t\t[Ticket_Flags] Richtlinie\n"
+"modify_policy   [-r Realm] [-maxtktlife maximale_Ticketlebensdauer]\n"
+"\t\t[-maxrenewlife maximale_Dauer_bis_zum_Erneuern_des_Tickets]\n"
+"\t\t[Ticket_Flags] Richtlinie\n"
+"view_policy     [-r Realm] Richtlinie\n"
+"destroy_policy  [-r Realm] [-force] Richtlinie\n"
+"list_policy     [-r Realm]\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:325
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:333
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:341
+msgid "while reading ldap parameters"
+msgstr "beim Lesen der LDAP-Parameter"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:439
+msgid "while initializing error handling"
+msgstr "beim Initialisieren der Fehlerbehandlung"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:447
+msgid "while initializing ldap handle"
+msgstr "beim Initialisieren des LDAP-Identifikators"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:461
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:470
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:483
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:525
+msgid "while retrieving ldap configuration"
+msgstr "beim Abfragen der LDAP-Konfiguration"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:500
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:507
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:516
+msgid "while initializing server list"
+msgstr "beim Initialisieren der Serverliste"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:547
+msgid "while setting up lib handle"
+msgstr "ein Einrichten der BibliotheksIdentifikators"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:556
+msgid "while reading ldap configuration"
+msgstr "beim Lesen der LDAP-Konfiguration"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:68
+msgid "Unable to read Kerberos container"
+msgstr "Kerberos-Container kann nicht gelesen werden"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:74
+msgid "Unable to read Realm"
+msgstr "Realm kann nicht gelesen werden"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:215
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:73
+msgid "Error processing LDAP DB params:"
+msgstr "Fehler beim Verarbeiten der LDAP-Datenbankparameter:"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:222
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:80
+msgid "Error reading LDAP server params:"
+msgstr "Fehler beim Lesen der LDAP-Server-Parameters:"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:64
+msgid "LDAP bind dn value missing"
+msgstr "LDAP-Bindungs-DN-Wert fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:69
+msgid "LDAP bind password value missing"
+msgstr "LDAP-Bindungs-Passwortwert fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:77
+msgid "Error reading password from stash: "
+msgstr "Fehler beim Lesen des Passworts aus der Ablage: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:85
+msgid "Service password length is zero"
+msgstr "Länge des Dienstpassworts ist Null"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:145
+#, c-format
+msgid "Cannot bind to LDAP server '%s' with SASL mechanism '%s': %s"
+msgstr ""
+"mit LDAP-Server »%s« kann keine Verbindung mit SASL-Mechanismus »%s« "
+"hergestellt werden: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:158
+#, c-format
+msgid "Cannot bind to LDAP server '%s' as '%s': %s"
+msgstr ""
+"mit LDAP-Server »%s« kann keine Verbindung als »%s« hergestellt werden: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:183
+#, c-format
+msgid "Cannot create LDAP handle for '%s': %s"
+msgstr "LDAP-Identifikator für »%s« kann nicht erstellt werden: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:131
+msgid "could not complete roll-back, error deleting Kerberos Container"
+msgstr ""
+"Zurücksetzen kann nicht abgeschlossen werden, Fehler beim Löschen des "
+"Kerberos-Containers"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:56
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:67
+msgid "Error reading kerberos container location from krb5.conf"
+msgstr ""
+"Fehler beim Lesen des Kerberos-Container-Speicherorts aus der »krb5.conf«."
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:75
+msgid "Kerberos container location not specified"
+msgstr "Kerberos-Container-Speicherort nicht angegeben"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:55
+#, c-format
+msgid "Error reading '%s' attribute: %s"
+msgstr "Fehler beim Lesen des Attributs »%s«: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:218
+msgid "KDB module requires -update argument"
+msgstr "KDB-Modul benötigt Argument »-update«"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:224
+#, c-format
+msgid "'%s' value missing"
+msgstr "Wert »%s« fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:282
+#, c-format
+msgid "unknown option '%s'"
+msgstr "unbekannte Option »%s«"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:342
+msgid "Minimum connections required per server is 2"
+msgstr "Die benötigte Mindestanzahl von Verbindungen pro Server ist zwei"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:159
+msgid "Default realm not set"
+msgstr "Standard-Realm nicht gesetzt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:262
+msgid "DN information missing"
+msgstr "DN-Information fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:108
+msgid "Principal does not belong to realm"
+msgstr "Principal gehört nicht zum Realm"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:278
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:287
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:295
+#, c-format
+msgid "%s option not supported"
+msgstr "Option %s wird nicht unterstützt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:302
+#, c-format
+msgid "unknown option: %s"
+msgstr "unbekannte Option: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:309
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:316
+#, c-format
+msgid "%s option value missing"
+msgstr "Wert der Option %s fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:542
+msgid "Principal does not belong to the default realm"
+msgstr "Principal gehört nicht zum Standard-Realm"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:610
+#, c-format
+msgid ""
+"operation can not continue, more than one entry with principal name \"%s\" "
+"found"
+msgstr ""
+"Die Aktion kann nicht fortfahren, da mehr als ein Principal namens »%s« "
+"gefunden wurde."
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:673
+#, c-format
+msgid "'%s' not found: "
+msgstr "»%s« nicht gefunden: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:751
+msgid "DN is out of the realm subtree"
+msgstr "DN liegt außerhalb ders Teilbaums des Realms"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:807
+#, c-format
+msgid "ldap object is already kerberized"
+msgstr "LDAP-Objekt ist bereits an Kerberos angepasst"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:827
+#, c-format
+msgid ""
+"link information can not be set/updated as the kerberos principal belongs to "
+"an ldap object"
+msgstr ""
+"Verweisinformation kann nicht eingerichtet/aktualisiert werden, da der "
+"Kerberos-Principal zu einem LDAP-Objekt gehört."
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:842
+#, c-format
+msgid "Failed getting object references"
+msgstr "Holen von Objektbezügen fehlgeschlagen"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:849
+#, c-format
+msgid "kerberos principal is already linked to a ldap object"
+msgstr "Kerberos-Principal ist bereits mit einem LDAP-Objekt verknüpft"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1167
+msgid "ticket policy object value: "
+msgstr "Wert des Ticket-Richtlinienobjekts: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1215
+#, c-format
+msgid "Principal delete failed (trying to replace entry): %s"
+msgstr ""
+"Löschen des Principals fehlgeschlagen (es wird versucht, den Eintrag zu "
+"ersetzen): %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1225
+#, c-format
+msgid "Principal add failed: %s"
+msgstr "Hinzufügen des Principals fehlgeschlagen: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1263
+#, c-format
+msgid "User modification failed: %s"
+msgstr "Änderung des Benutzers fehlgeschlagen: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1336
+msgid "Error reading ticket policy. "
+msgstr "Fehler beim Lesen der Ticket-Richtlinie"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1402
+#, c-format
+msgid "unable to decode stored principal key data (%s)"
+msgstr ""
+"Die gespeicherten Schlüsseldaten des Principals (%s) konnten nicht "
+"dekodiert werden."
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:223
+msgid "Realm information not available"
+msgstr "Realm-Information nicht verfügbar"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294
+msgid "Error reading ticket policy: "
+msgstr "Fehler beim Lesen der Ticket-Richtlinie:"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:307
+#, c-format
+msgid "Realm Delete FAILED: %s"
+msgstr "Löschen des Realms FEHLGESCHLAGEN: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:387
+msgid "subtree value: "
+msgstr "Wert des Teilbaums: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:404
+msgid "container reference value: "
+msgstr "Wert des Container-Bezugs: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:487
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:550
+msgid "Kerberos Container information is missing"
+msgstr "Kerberos-Container-Information fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:499
+msgid "Invalid Kerberos container DN"
+msgstr "ungültiger Kerberos-Container-DN"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:515
+#, c-format
+msgid "Kerberos Container create FAILED: %s"
+msgstr "Erstellen des Kerberos-Containers FEHLGESCHLAGEN: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:558
+#, c-format
+msgid "Kerberos Container delete FAILED: %s"
+msgstr "Löschen des Kerberos-Containers FEHLGESCHLAGEN: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:634
+msgid "realm object value: "
+msgstr "Wert des Realm-Objekts: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:48
+msgid "Not a hexadecimal password"
+msgstr "kein hexadezimales Passwort"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:55
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:66
+msgid "Password corrupt"
+msgstr "Passwort beschädigt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:93
+#, c-format
+msgid "Cannot open LDAP password file '%s': %s"
+msgstr "LDAP-Passwortdatei »%s« kann nicht geöffnet werden: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:123
+#, c-format
+msgid "Bind DN entry '%s' missing in LDAP password file '%s'"
+msgstr "Bind-DN-Eintrag »%s« fehlt in der LDAP-Passwortdatei »%s«"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:56
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:132
+msgid "Ticket Policy Name missing"
+msgstr "Ticket-Richtlinienname fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:144
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:221
+msgid "ticket policy object: "
+msgstr "Ticket-Richtlinienobjekt: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:209
+msgid "Ticket Policy Object information missing"
+msgstr "Ticket-Richtlinienobjekt-Information fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:300
+msgid "Ticket Policy Object DN missing"
+msgstr "DN des Ticket-Richtlinienobjekts fehlt"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:327
+msgid "Delete Failed: One or more Principals associated with the Ticket Policy"
+msgstr ""
+"Löschen fehlgeschlagen: Ein oder mehrere Principals gehören zur Ticket-"
+"Richtlinie."
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:435
+msgid "Error reading container object: "
+msgstr "Fehler beim Lesen des Container-Objekts: "
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_nss.c:667
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:652
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4153
+msgid "Pass phrase for"
+msgstr "Passphrase für"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1081
+#, c-format
+msgid "Cannot create cert chain: %s"
+msgstr "Zertifikatskette kann nicht erstellt werden: %s"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1408
+msgid "Invalid pkinit packet: octet string expected"
+msgstr "ungültiges Pkinit-Paket: Achtbit-Zeichenkette erwartet"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1427
+msgid "wrong oid\n"
+msgstr "falsche OID\n"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5994
+#, c-format
+msgid "unknown code 0x%x"
+msgstr "unbekannter Code 0x%x"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:424
+#, c-format
+msgid "Unsupported type while processing '%s'\n"
+msgstr "nicht unterstützter Typ bei der Verarbeitung von »%s«\n"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:465
+msgid "Internal error parsing X509_user_identity\n"
+msgstr "interner Fehler beim Auswerten von »X509_user_identity«\n"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:560
+msgid "No user identity options specified"
+msgstr "keine Optionen der Nutzeridentität angegeben"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:414
+msgid "Pkinit request not signed, but client not anonymous."
+msgstr "Pkinit-Anfrage nicht signiert, Client ist jedoch nicht anonym"
+
+# DH = Diffie-Hellman
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:447
+msgid "Anonymous pkinit without DH public value not supported."
+msgstr "Anonymes Pkinit wird nicht ohne öffentlichen DH-Wert unterstützt."
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1147
+#, c-format
+msgid "No pkinit_identity supplied for realm %s"
+msgstr "Für Realm %s wird keine »pkinit_identity« bereitgestellt."
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1158
+#, c-format
+msgid "No pkinit_anchors supplied for realm %s"
+msgstr "Für Realm %s werden keine »pkinit_anchors« bereitgestellt."
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1346
+msgid "No realms configured correctly for pkinit support"
+msgstr "Für Pkinit-Unterstützung wurden keine Realms korrekt konfiguriert."
+
+#: ../../src/slave/kprop.c:85
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s srvtab] slave_host\n"
+"\n"
+msgstr ""
+"\n"
+"Aufruf: %s [-r Realm] [-f Datei] [-d] [-P Port] [-s Dienstschlüsseltabelle] "
+"untergeordneter_Rechner\n"
+"\n"
+
+#: ../../src/slave/kprop.c:114
+#, c-format
+msgid "Database propagation to %s: SUCCEEDED\n"
+msgstr "Datenbankverbreitung auf %s: ERFOLGREICH\n"
+
+#: ../../src/slave/kprop.c:187
+msgid "while setting client principal name"
+msgstr "beim Setzen des Client-Principal-Namens"
+
+#: ../../src/slave/kprop.c:194 ../../src/slave/kprop.c:209
+msgid "while setting client principal realm"
+msgstr "beim Setzen des Client-Principal-Realms"
+
+#: ../../src/slave/kprop.c:217
+#, c-format
+msgid "while opening credential cache %s"
+msgstr "beim Öffnen des Anmeldedatenzwischenspeichers %s"
+
+#: ../../src/slave/kprop.c:233
+msgid "while setting server principal name"
+msgstr "beim Setzen des Server-Principal-Namens"
+
+#: ../../src/slave/kprop.c:255
+msgid "while resolving keytab"
+msgstr "beim Ermitteln der Schlüsseltabelle"
+
+#: ../../src/slave/kprop.c:264
+msgid "while getting initial credentials\n"
+msgstr "beim Holen der Anfangsanmeldedaten\n"
+
+#: ../../src/slave/kprop.c:301
+msgid "while creating socket"
+msgstr "beim Erstellen eines Sockets"
+
+#: ../../src/slave/kprop.c:317
+msgid "while converting server address"
+msgstr "beim Umwandeln der Server-Adresse"
+
+#: ../../src/slave/kprop.c:327
+msgid "while connecting to server"
+msgstr "beim Verbinden mit dem Server"
+
+#: ../../src/slave/kprop.c:334 ../../src/slave/kpropd.c:1215
+msgid "while getting local socket address"
+msgstr "beim Holen der lokalen Socket-Adresse"
+
+#: ../../src/slave/kprop.c:339
+msgid "while converting local address"
+msgstr "beim Umwandeln der lokalen Socket-Adresse"
+
+#: ../../src/slave/kprop.c:362
+msgid "in krb5_auth_con_setaddrs"
+msgstr "in »krb5_auth_con_setaddrs«"
+
+#: ../../src/slave/kprop.c:370
+msgid "while authenticating to server"
+msgstr "beim Authentifizieren am Server"
+
+#: ../../src/slave/kprop.c:374 ../../src/slave/kprop.c:573
+#: ../../src/slave/kpropd.c:1521
+#, c-format
+msgid "Generic remote error: %s\n"
+msgstr "allgemeiner ferner Fehler: %s\n"
+
+#: ../../src/slave/kprop.c:380 ../../src/slave/kprop.c:579
+msgid "signalled from server"
+msgstr "signalisiert vom Server"
+
+#: ../../src/slave/kprop.c:382 ../../src/slave/kprop.c:581
+#, c-format
+msgid "Error text from server: %s\n"
+msgstr "Fehlermeldung vom Server: %s\n"
+
+#: ../../src/slave/kprop.c:410
+#, c-format
+msgid "allocating database file name '%s'"
+msgstr "Datenbankdateiname »%s« wird reserviert"
+
+#: ../../src/slave/kprop.c:416
+#, c-format
+msgid "while trying to open %s"
+msgstr "beim Versuch, %s zu öffnen"
+
+#: ../../src/slave/kprop.c:423
+msgid "database locked"
+msgstr "Datenbank gesperrt"
+
+#: ../../src/slave/kprop.c:426 ../../src/slave/kpropd.c:525
+#, c-format
+msgid "while trying to lock '%s'"
+msgstr "beim Versuch, »%s« zu sperren"
+
+#: ../../src/slave/kprop.c:430 ../../src/slave/kprop.c:438
+#, c-format
+msgid "while trying to stat %s"
+msgstr "beim Versuch, »stat« für %s auszuführen"
+
+#: ../../src/slave/kprop.c:434
+msgid "while trying to malloc data_ok_fn"
+msgstr "beim Versuch, Speicher für »data_ok_fn« zu reservieren"
+
+#: ../../src/slave/kprop.c:443
+#, c-format
+msgid "'%s' more recent than '%s'."
+msgstr "»%s« ist aktueller als »%s«."
+
+#: ../../src/slave/kprop.c:459
+#, c-format
+msgid "while unlocking database '%s'"
+msgstr "beim Entsperren von Datenbank »%s«"
+
+#: ../../src/slave/kprop.c:492 ../../src/slave/kprop.c:493
+msgid "while encoding database size"
+msgstr "beim Aufbereiten der Datenbankgröße"
+
+#: ../../src/slave/kprop.c:501
+msgid "while sending database size"
+msgstr "beim Senden der Datenbankgröße"
+
+#: ../../src/slave/kprop.c:511
+msgid "while allocating i_vector"
+msgstr "beim Reservieren von »i_vector«"
+
+#: ../../src/slave/kprop.c:534
+#, c-format
+msgid "while sending database block starting at %d"
+msgstr "beim Senden des Datenbankblocks, der bei %d beginnt"
+
+#: ../../src/slave/kprop.c:544
+msgid "Premature EOF found for database file!"
+msgstr "vorzeitiges EOF für Datenbankdatei gefunden!"
+
+#: ../../src/slave/kprop.c:557
+msgid "while reading response from server"
+msgstr "beim Lesen der Antwort vom Servers"
+
+#: ../../src/slave/kprop.c:568
+msgid "while decoding error response from server"
+msgstr "beim Aufschlüsseln der Fehlerantwort vom Server"
+
+#: ../../src/slave/kprop.c:599
+#, c-format
+msgid "Kpropd sent database size %d, expecting %d"
+msgstr "Kpropd sendet Datenbankgröße %d, erwartet wurde %d"
+
+#: ../../src/slave/kprop.c:643
+msgid "while allocating filename for update_last_prop_file"
+msgstr "beim Reservieren des Dateinamens für »update_last_prop_file«"
+
+#: ../../src/slave/kprop.c:648
+#, c-format
+msgid "while creating 'last_prop' file, '%s'"
+msgstr "beim Erstellen der Datei »last_prop«, »%s«"
+
+#: ../../src/slave/kpropd.c:170
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-s srvtab] [-dS] [-f slave_file]\n"
+msgstr ""
+"\n"
+"Aufruf: %s [-r Realm] [-s Dienstschlüsseltabelle] [-dS] [-f "
+"untergeordnete_Datei]\n"
+
+#: ../../src/slave/kpropd.c:172
+#, c-format
+msgid "\t[-F kerberos_db_file ] [-p kdb5_util_pathname]\n"
+msgstr "\t[-F Kerberos-Datenbankdatei ] [-p KDB5-Hilfswerkzeugpfadname]\n"
+
+#: ../../src/slave/kpropd.c:173
+#, c-format
+msgid "\t[-x db_args]* [-P port] [-a acl_file]\n"
+msgstr "\t[-x Datenbankargumente]* [-P Port] [-a ACL-Datei]\n"
+
+#: ../../src/slave/kpropd.c:174
+#, c-format
+msgid "\t[-A admin_server]\n"
+msgstr "\t[-A Serveradministrator]\n"
+
+#: ../../src/slave/kpropd.c:215
+#, c-format
+msgid "Killing fullprop child (%d)\n"
+msgstr "Beenden des Fullprop-Kindprozesses (%d) wird erzwungen\n"
+
+#: ../../src/slave/kpropd.c:244
+msgid "while checking if stdin is a socket"
+msgstr "beim Prüfen, ob die Standardeingabe ein Socket ist"
+
+#: ../../src/slave/kpropd.c:262
+#, c-format
+msgid "ready\n"
+msgstr "bereit\n"
+
+#: ../../src/slave/kpropd.c:272
+#, c-format
+msgid "Could not open /dev/null: %s"
+msgstr "/dev/null konnte nicht geöffnet werden: %s"
+
+#: ../../src/slave/kpropd.c:279
+#, c-format
+msgid "Could not dup the inetd socket: %s"
+msgstr "Das Inetd-Socket konnte nicht dupliziert werden: %s"
+
+#: ../../src/slave/kpropd.c:314 ../../src/slave/kpropd.c:327
+msgid "do_iprop failed.\n"
+msgstr "»do_iprop« fehlgeschlagen\n"
+
+#: ../../src/slave/kpropd.c:366
+#, c-format
+msgid "getaddrinfo: %s\n"
+msgstr "getaddrinfo: %s\n"
+
+#: ../../src/slave/kpropd.c:372
+msgid "while obtaining socket"
+msgstr "beim Erlangen des Sockets"
+
+#: ../../src/slave/kpropd.c:378
+msgid "while setting SO_REUSEADDR option"
+msgstr "beim Setzen der Option SO_REUSEADDR"
+
+#: ../../src/slave/kpropd.c:386
+msgid "while unsetting IPV6_V6ONLY option"
+msgstr "beim Entfernen der Option IPV6_V6ONLY"
+
+#: ../../src/slave/kpropd.c:391
+msgid "while binding listener socket"
+msgstr "beim Anbinden an das auf Verbindung wartende Socket"
+
+#: ../../src/slave/kpropd.c:402
+#, c-format
+msgid "waiting for a kprop connection\n"
+msgstr "warten auf Kprop-Verbindung\n"
+
+#: ../../src/slave/kpropd.c:408
+msgid "while accepting connection"
+msgstr "beim Akzeptieren der Verbindung"
+
+#: ../../src/slave/kpropd.c:414
+msgid "while forking"
+msgstr "beim Erzeugen eines Kindprozesses"
+
+#: ../../src/slave/kpropd.c:429
+#, c-format
+msgid "waitpid() failed to wait for doit() (%d %s)\n"
+msgstr "waitpid() schlug beim Warten auf doit() fehl (%d %s)\n"
+
+#: ../../src/slave/kpropd.c:433
+msgid "while waiting to receive database"
+msgstr "beim Warten auf den Erhalt der Datenbank"
+
+#: ../../src/slave/kpropd.c:437
+#, c-format
+msgid "Database load process for full propagation completed.\n"
+msgstr ""
+"Der Datenbankladeprozess für eine vollständige Verbreitung ist "
+"abgeschlossen.\n"
+
+#: ../../src/slave/kpropd.c:471
+#, c-format
+msgid ""
+"%s: Standard input does not appear to be a network socket.\n"
+"\t(Not run from inetd, and missing the -S option?)\n"
+msgstr ""
+"%s: Bei der Standardeingabe scheint es sich nicht um ein Netzwerk-Socket zu\n"
+"\thandeln (läuft nicht aus Inetd und die Option -S fehlt?).\n"
+
+#: ../../src/slave/kpropd.c:485
+msgid "while attempting setsockopt (SO_KEEPALIVE)"
+msgstr "beim Versuch, »setsockopt« auszuführen (SO_KEEPALIVE)"
+
+#: ../../src/slave/kpropd.c:490
+#, c-format
+msgid "Connection from %s"
+msgstr "Verbindung von %s"
+
+#: ../../src/slave/kpropd.c:510
+#, c-format
+msgid "Rejected connection from unauthorized principal %s\n"
+msgstr "Zurückgewiesene Verbindung von nicht autorisiertem Principal %s\n"
+
+#: ../../src/slave/kpropd.c:514
+#, c-format
+msgid "Rejected connection from unauthorized principal %s"
+msgstr "Zurückgewiesene Verbindung von nicht authorisiertem Principal %s"
+
+#: ../../src/slave/kpropd.c:531
+#, c-format
+msgid "while opening database file, '%s'"
+msgstr "beim Öffnen der Datenbankdatei, »%s«"
+
+#: ../../src/slave/kpropd.c:537
+#, c-format
+msgid "while renaming %s to %s"
+msgstr "beim Umbenennen von %s in %s"
+
+#: ../../src/slave/kpropd.c:543
+#, c-format
+msgid "while downgrading lock on '%s'"
+msgstr "beim Downgrade der Sperre auf »%s«"
+
+#: ../../src/slave/kpropd.c:550
+#, c-format
+msgid "while unlocking '%s'"
+msgstr "beim Aufheben der Sperre »%s«"
+
+#: ../../src/slave/kpropd.c:562
+msgid "while sending # of received bytes"
+msgstr "beim Senden n empfangener Byte"
+
+#: ../../src/slave/kpropd.c:568
+msgid "while trying to close database file"
+msgstr "beim Versuch, die Datenbankdatei zu schließen"
+
+#: ../../src/slave/kpropd.c:624
+#, c-format
+msgid "Incremental propagation enabled\n"
+msgstr "inkrementelle Verbreitung aktiviert\n"
+
+#: ../../src/slave/kpropd.c:634
+msgid "Unable to get default realm"
+msgstr "Standard-Realm kann nicht geholt werden"
+
+#: ../../src/slave/kpropd.c:647
+#, c-format
+msgid "%s: unable to get kiprop host based service name for realm %s\n"
+msgstr ""
+"%s: Kiprop-rechnerbasierter Dienstname für Realm %s kann nicht geholt "
+"werden\n"
+
+#: ../../src/slave/kpropd.c:658
+msgid "while trying to construct host service principal"
+msgstr "beim Versuch, den Rechnerdienst-Principal zu erstellen"
+
+#: ../../src/slave/kpropd.c:672
+msgid "while determining local service principal name"
+msgstr "beim Bestimmen des lokalen Dienst-Principal-Namens"
+
+#: ../../src/slave/kpropd.c:692
+#, c-format
+msgid "Initializing kadm5 as client %s\n"
+msgstr "Kadm5 wird als Client %s initialisiert\n"
+
+#: ../../src/slave/kpropd.c:706
+#, c-format
+msgid "kadm5 initialization failed!\n"
+msgstr "Initialisierung von Kadm5 fehlgeschlagen!\n"
+
+#: ../../src/slave/kpropd.c:715
+msgid "while attempting to connect to master KDC ... retrying"
+msgstr ""
+"beim Versuch, eine Verbindung zum Master-KDC aufzubauen … wird erneut "
+"versucht"
+
+#: ../../src/slave/kpropd.c:719
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n"
+msgstr ""
+"Um Kadm5 neu zu initialisieren, wird %d Sekunden gewartet (RPC-FEHLER).\n"
+
+#: ../../src/slave/kpropd.c:735
+#, c-format
+msgid "while initializing %s interface, retrying"
+msgstr "beim Initialisieren der Schnittstelle %s, wird erneut versucht"
+
+#: ../../src/slave/kpropd.c:739
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n"
+msgstr ""
+"Um Kadm5 neu zu initialisieren, wird %d Sekunden gewartet (läuft Krb5kdc "
+"nicht?).\n"
+
+#: ../../src/slave/kpropd.c:749
+#, c-format
+msgid "kadm5 initialization succeeded\n"
+msgstr "Initialisieren von Kadm5 erfolgreich\n"
+
+#: ../../src/slave/kpropd.c:771
+msgid "reading update log header"
+msgstr "Aktualisierungsprotokollkopfzeilen werden gelesen"
+
+#: ../../src/slave/kpropd.c:782
+#, c-format
+msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n"
+msgstr "»iprop_get_updates_1()« wird aufgerufen (sno=%u sec=%u usec=%u)\n"
+
+#: ../../src/slave/kpropd.c:792
+msgid "iprop_get_updates call failed"
+msgstr "Aufruf von »iprop_get_updates« fehlgeschlagen"
+
+#: ../../src/slave/kpropd.c:798
+#, c-format
+msgid "Reinitializing iprop because get updates failed\n"
+msgstr ""
+"Iprop wird neu initialisiert, da Aktualisierungen fehlgeschlagen sind\n"
+
+#: ../../src/slave/kpropd.c:819
+#, c-format
+msgid "Still waiting for full resync\n"
+msgstr ""
+"Es wird immer noch auf das vollständige erneute Synchronisieren gewartet.\n"
+
+#: ../../src/slave/kpropd.c:824
+#, c-format
+msgid "Full resync needed\n"
+msgstr "erneutes vollständiges Synchronisieren erforderlich\n"
+
+#: ../../src/slave/kpropd.c:825
+msgid "kpropd: Full resync needed."
+msgstr "Kpropd: erneutes vollständiges Synchronisieren erforderlich"
+
+#: ../../src/slave/kpropd.c:830
+msgid "iprop_full_resync call failed"
+msgstr "Aufruf von »iprop_full_resync« fehlgeschlagen"
+
+#: ../../src/slave/kpropd.c:841
+#, c-format
+msgid "Full resync request granted\n"
+msgstr "Anfrage nach vollständigem erneuten Synchronisieren genehmigt\n"
+
+#: ../../src/slave/kpropd.c:842
+msgid "Full resync request granted."
+msgstr "Anfrage nach vollständigem erneuten Synchronisieren genehmigt"
+
+# FIXME s/backoff/back-off/
+#: ../../src/slave/kpropd.c:851
+#, c-format
+msgid "Exponential backoff\n"
+msgstr "exponentieller Wartezyklus\n"
+
+#: ../../src/slave/kpropd.c:857
+#, c-format
+msgid "Full resync permission denied\n"
+msgstr "vollständiges erneutes Synchronisieren nicht gestattet\n"
+
+#: ../../src/slave/kpropd.c:858
+msgid "Full resync, permission denied."
+msgstr "vollständiges erneutes Synchronisieren, nicht gestattet"
+
+#: ../../src/slave/kpropd.c:863
+#, c-format
+msgid "Full resync error from master\n"
+msgstr "Fehler beim vollständigen erneuten Synchronisieren vom Master\n"
+
+#: ../../src/slave/kpropd.c:864
+msgid " Full resync, error returned from master KDC."
+msgstr ""
+"vollständiges erneutes Synchronisieren, das Master-KDC gab einen Fehler "
+"zurück"
+
+#: ../../src/slave/kpropd.c:872
+#, c-format
+msgid "Full resync invalid result from master\n"
+msgstr ""
+"Beim vollständigen erneuten Synchronisieren gab der Master ein ungültiges "
+"Ergebnis zurück.\n"
+
+#: ../../src/slave/kpropd.c:874
+msgid "Full resync, invalid return from master KDC."
+msgstr ""
+"vollständiges erneutes Synchronisieren, ungültiger Rückgabewert vom Master-"
+"KDC"
+
+#: ../../src/slave/kpropd.c:890
+#, c-format
+msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n"
+msgstr ""
+"inkrementelle Aktualisierungen erhalten (sno=%u sec=%u usec=%u)\n"
+
+#: ../../src/slave/kpropd.c:902
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered\n"
+msgstr ""
+"»ulog_replay« fehlgeschlagen (%s), Aktualisierungen nicht registriert\n"
+
+#: ../../src/slave/kpropd.c:905
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered."
+msgstr "»ulog_replay« fehlgeschlagen (%s), Aktualisierungen nicht registriert"
+
+#: ../../src/slave/kpropd.c:914
+#, c-format
+msgid "Incremental updates: %d updates / %lu us"
+msgstr "inkrementelle Aktualisierungen: %d Aktualisierungen / %lu us"
+
+#: ../../src/slave/kpropd.c:917
+#, c-format
+msgid "Incremental updates: %d updates / %lu us\n"
+msgstr "inkrementelle Aktualisierungen: %d Aktualisierungen / %lu us\n"
+
+#: ../../src/slave/kpropd.c:925
+#, c-format
+msgid "get_updates permission denied\n"
+msgstr "Zugriff bei »get_updates« verweigert\n"
+
+#: ../../src/slave/kpropd.c:926
+msgid "get_updates, permission denied."
+msgstr "»get_updates«, Zugriff verweigert"
+
+#: ../../src/slave/kpropd.c:931
+#, c-format
+msgid "get_updates error from master\n"
+msgstr "»get_updates«-Fehler vom Master\n"
+
+#: ../../src/slave/kpropd.c:932
+msgid "get_updates, error returned from master KDC."
+msgstr "Vom Master-KDC wurde ein »get_updates«-Fehler zurückgegeben."
+
+# FIXME s/backoff/back-off/
+#: ../../src/slave/kpropd.c:940
+#, c-format
+msgid "get_updates master busy; backoff\n"
+msgstr "»get_updates«-Master ausgelastet; hält sich zurück\n"
+
+#: ../../src/slave/kpropd.c:949
+#, c-format
+msgid "KDC is synchronized with master.\n"
+msgstr "KDC wurde mit dem Master synchronisiert.\n"
+
+#: ../../src/slave/kpropd.c:957
+#, c-format
+msgid "get_updates invalid result from master\n"
+msgstr "ungültiges »get_updates«-Ergebnis vom Master\n"
+
+#: ../../src/slave/kpropd.c:958
+msgid "get_updates, invalid return from master KDC."
+msgstr "»get_updates«, ungültiger Rückgabewert vom Master-KDC"
+
+# FIXME s/backoff/back-off/
+#: ../../src/slave/kpropd.c:973
+#, c-format
+msgid "Busy signal received from master, backoff for %d secs\n"
+msgstr ""
+"Vom Master wurde ein Signal empfangen, dass er ausgelastet ist, "
+"Zurückhaltung für %d Sekunden\n"
+
+#: ../../src/slave/kpropd.c:980
+#, c-format
+msgid "Waiting for %d seconds before checking for updates again\n"
+msgstr ""
+"vor der erneuten Prufung auf Aktualisierungen wird %d Sekunden gewartet\n"
+
+#: ../../src/slave/kpropd.c:991
+#, c-format
+msgid "ERROR returned by master, bailing\n"
+msgstr "FEHLER vom Master zurückgegeben, Ausstieg\n"
+
+#: ../../src/slave/kpropd.c:992
+msgid "ERROR returned by master KDC, bailing.\n"
+msgstr "FEHLER vom Master-KDC zurückgegeben, Ausstieg\n"
+
+#: ../../src/slave/kpropd.c:1134
+msgid "copying db args"
+msgstr "Datenbankargumente werden kopiert"
+
+#: ../../src/slave/kpropd.c:1161
+msgid "while trying to construct my service name"
+msgstr "beim Versuch, meinen Dienstnamen zu erstellen"
+
+#: ../../src/slave/kpropd.c:1167
+msgid "while constructing my service realm"
+msgstr "beim Erstellen meines Dienst-Realms"
+
+#: ../../src/slave/kpropd.c:1175
+msgid "while allocating filename for temp file"
+msgstr "beim Reservieren des Dateinamens für die temporäre Datei"
+
+#: ../../src/slave/kpropd.c:1181
+msgid "while initializing"
+msgstr "bei der Initialisierung"
+
+#: ../../src/slave/kpropd.c:1189
+msgid "Unable to map log!\n"
+msgstr "Protokoll kann nicht abgebildet werden!\n"
+
+#: ../../src/slave/kpropd.c:1235
+#, c-format
+msgid "Error in krb5_auth_con_ini: %s"
+msgstr "Fehler in »krb5_auth_con_ini«: %s"
+
+#: ../../src/slave/kpropd.c:1243
+#, c-format
+msgid "Error in krb5_auth_con_setflags: %s"
+msgstr "Fehler in »krb5_auth_con_setflags«: %s"
+
+#: ../../src/slave/kpropd.c:1251
+#, c-format
+msgid "Error in krb5_auth_con_setaddrs: %s"
+msgstr "Fehler in »krb5_auth_con_setaddrs«: %s"
+
+#: ../../src/slave/kpropd.c:1259
+#, c-format
+msgid "Error in krb5_kt_resolve: %s"
+msgstr "Fehler in »krb5_kt_resolve«: %s"
+
+#: ../../src/slave/kpropd.c:1268
+#, c-format
+msgid "Error in krb5_recvauth: %s"
+msgstr "Fehler in »krb5_recvauth«: %s"
+
+#: ../../src/slave/kpropd.c:1275
+#, c-format
+msgid "Error in krb5_copy_prinicpal: %s"
+msgstr "Fehler in »krb5_copy_prinicpal«: %s"
+
+#: ../../src/slave/kpropd.c:1291
+msgid "while unparsing ticket etype"
+msgstr "beim Rückgängigmachen der Auswertung des »etype«s des Tickets"
+
+#: ../../src/slave/kpropd.c:1295
+#, c-format
+msgid "authenticated client: %s (etype == %s)\n"
+msgstr "Authentifizierter Client: %s (etype == %s)\n"
+
+#: ../../src/slave/kpropd.c:1374
+msgid "while reading size of database from client"
+msgstr "beim Lesen der Datenbankgröße vom Client"
+
+#: ../../src/slave/kpropd.c:1384
+msgid "while decoding database size from client"
+msgstr "beim Dekodieren der Datenbankgröße vom Client"
+
+#: ../../src/slave/kpropd.c:1397
+msgid "while initializing i_vector"
+msgstr "beim Initialisieren von »i_vector«"
+
+#: ../../src/slave/kpropd.c:1402
+#, c-format
+msgid "Full propagation transfer started.\n"
+msgstr "vollständige Verbreitungsübertragung gestartet\n"
+
+#: ../../src/slave/kpropd.c:1455
+#, c-format
+msgid "Full propagation transfer finished.\n"
+msgstr "vollständige Verbreitungsübertragung beendet\n"
+
+#: ../../src/slave/kpropd.c:1516
+msgid "while decoding error packet from client"
+msgstr "beim Dekodieren des Fehlerpakets vom Client"
+
+#: ../../src/slave/kpropd.c:1525
+msgid "signaled from server"
+msgstr "signalisiert vom Server"
+
+#: ../../src/slave/kpropd.c:1527
+#, c-format
+msgid "Error text from client: %s\n"
+msgstr "Fehlermeldung vom Client: %s\n"
+
+#: ../../src/slave/kpropd.c:1576
+#, c-format
+msgid "while trying to fork %s"
+msgstr "beim Versuch, einen Kindprozess von %s zu erzeugen"
+
+#: ../../src/slave/kpropd.c:1580
+#, c-format
+msgid "while trying to exec %s"
+msgstr "beim Versuch, %s auszuführen"
+
+#: ../../src/slave/kpropd.c:1587
+#, c-format
+msgid "while waiting for %s"
+msgstr "beim Warten auf %s"
+
+#: ../../src/slave/kpropd.c:1593
+#, c-format
+msgid "%s load terminated"
+msgstr "Laden von %s beendet"
+
+#: ../../src/slave/kpropd.c:1599
+#, c-format
+msgid "%s returned a bad exit status (%d)"
+msgstr "%s gab einen falschen Exit-Status (%d) zurück"
+
+#: ../../src/slave/kproplog.c:27
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-h] [-v] [-v] [-e num]\n"
+"\t%s -R\n"
+"\n"
+msgstr ""
+"\n"
+"Aufruf: %s [-h] [-v] [-v] [-e Zahl]\n"
+"\t%s -R\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:129
+#, c-format
+msgid ""
+"\n"
+"Couldn't allocate memory"
+msgstr ""
+"\n"
+"Speicher konnte nicht reserviert werden"
+
+#: ../../src/slave/kproplog.c:223
+#, c-format
+msgid "\t\tAttribute flags\n"
+msgstr "\t\tAttributschalter\n"
+
+#: ../../src/slave/kproplog.c:228
+#, c-format
+msgid "\t\tMaximum ticket life\n"
+msgstr "\t\tmaximale Ticketlebensdauer\n"
+
+#: ../../src/slave/kproplog.c:233
+#, c-format
+msgid "\t\tMaximum renewable life\n"
+msgstr "\t\tmaximale verlängerbare Lebensdauer\n"
+
+#: ../../src/slave/kproplog.c:238
+#, c-format
+msgid "\t\tPrincipal expiration\n"
+msgstr "\t\tAblauf des Principals\n"
+
+#: ../../src/slave/kproplog.c:243
+#, c-format
+msgid "\t\tPassword expiration\n"
+msgstr "\t\tAblauf des Passworts\n"
+
+#: ../../src/slave/kproplog.c:248
+#, c-format
+msgid "\t\tLast successful auth\n"
+msgstr "\t\tletzte erfolgreiche Authentifizierung\n"
+
+#: ../../src/slave/kproplog.c:253
+#, c-format
+msgid "\t\tLast failed auth\n"
+msgstr "\t\tletzte fehlgeschlagene Authentifizierung\n"
+
+#: ../../src/slave/kproplog.c:258
+#, c-format
+msgid "\t\tFailed passwd attempt\n"
+msgstr "\t\tfehlgeschlagener Passwortversuch\n"
+
+#: ../../src/slave/kproplog.c:263
+#, c-format
+msgid "\t\tPrincipal\n"
+msgstr "\t\tPrincipal\n"
+
+#: ../../src/slave/kproplog.c:268
+#, c-format
+msgid "\t\tKey data\n"
+msgstr "\t\tSchlüsseldaten\n"
+
+#: ../../src/slave/kproplog.c:275
+#, c-format
+msgid "\t\tTL data\n"
+msgstr "\t\tTL-Daten\n"
+
+#: ../../src/slave/kproplog.c:282
+#, c-format
+msgid "\t\tLength\n"
+msgstr "\t\tLänge\n"
+
+#: ../../src/slave/kproplog.c:287
+#, c-format
+msgid "\t\tPassword last changed\n"
+msgstr "\t\tletzte Passwortänderung\n"
+
+#: ../../src/slave/kproplog.c:292
+#, c-format
+msgid "\t\tModifying principal\n"
+msgstr "\t\ttPrincipal wird geändert\n"
+
+#: ../../src/slave/kproplog.c:297
+#, c-format
+msgid "\t\tModification time\n"
+msgstr "\t\tÄnderungszeit\n"
+
+#: ../../src/slave/kproplog.c:302
+#, c-format
+msgid "\t\tModified where\n"
+msgstr "\t\tGeändert wobei\n"
+
+#: ../../src/slave/kproplog.c:307
+#, c-format
+msgid "\t\tPassword policy\n"
+msgstr "\t\tPasswortrichtlinie\n"
+
+#: ../../src/slave/kproplog.c:312
+#, c-format
+msgid "\t\tPassword policy switch\n"
+msgstr "\t\tPasswortrichtlinienumschalter\n"
+
+#: ../../src/slave/kproplog.c:317
+#, c-format
+msgid "\t\tPassword history KVNO\n"
+msgstr "\t\tPasswortchronik KVNO\n"
+
+#: ../../src/slave/kproplog.c:322
+#, c-format
+msgid "\t\tPassword history\n"
+msgstr "\t\tPasswortchronik\n"
+
+#: ../../src/slave/kproplog.c:356
+#, c-format
+msgid ""
+"Corrupt update entry\n"
+"\n"
+msgstr ""
+"beschädigter Aktualisierungseintrag\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:364
+#, c-format
+msgid ""
+"Entry data decode failure\n"
+"\n"
+msgstr ""
+"Dekodieren der eingetragenen Daten fehlgeschlagen\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:369
+#, c-format
+msgid "Update Entry\n"
+msgstr "Aktualisierungseintrag\n"
+
+#: ../../src/slave/kproplog.c:371
+#, c-format
+msgid "\tUpdate serial # : %u\n"
+msgstr "\tAktualisierung der Seriennummer: %u\n"
+
+#: ../../src/slave/kproplog.c:373
+#, c-format
+msgid "\tUpdate operation : "
+msgstr "\tAktualisierungsaktion: "
+
+#: ../../src/slave/kproplog.c:375
+#, c-format
+msgid "Delete\n"
+msgstr "Löschen\n"
+
+#: ../../src/slave/kproplog.c:377
+#, c-format
+msgid "Add\n"
+msgstr "Hinzufügen\n"
+
+#: ../../src/slave/kproplog.c:381
+#, c-format
+msgid ""
+"Could not allocate principal name\n"
+"\n"
+msgstr ""
+"Der Principal-Name konnte nicht reserviert werden.\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:387
+#, c-format
+msgid "\tUpdate principal : %s\n"
+msgstr "\tAktualisierung des Principals: %s\n"
+
+#: ../../src/slave/kproplog.c:389
+#, c-format
+msgid "\tUpdate size : %u\n"
+msgstr "\tGröße der Aktualisierung: %u\n"
+
+#: ../../src/slave/kproplog.c:390
+#, c-format
+msgid "\tUpdate committed : %s\n"
+msgstr "\tAktualisierung übergeben: %s\n"
+
+#: ../../src/slave/kproplog.c:394
+#, c-format
+msgid "\tUpdate time stamp : None\n"
+msgstr "\tZeitstempel der Aktualisierung: keiner\n"
+
+#: ../../src/slave/kproplog.c:396
+#, c-format
+msgid "\tUpdate time stamp : %s"
+msgstr "\tZeitstempel der Aktualisierung: %s"
+
+#: ../../src/slave/kproplog.c:400
+#, c-format
+msgid "\tAttributes changed : %d\n"
+msgstr "\tgeänderte Attribute: %d\n"
+
+#: ../../src/slave/kproplog.c:465
+#, c-format
+msgid ""
+"Unable to initialize Kerberos\n"
+"\n"
+msgstr ""
+"Kerberos kann nicht initialisiert werden\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:472
+#, c-format
+msgid ""
+"Couldn't read database_name\n"
+"\n"
+msgstr ""
+"»database_name« kann nicht gelesen werden\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:476
+#, c-format
+msgid ""
+"\n"
+"Kerberos update log (%s)\n"
+msgstr ""
+"\n"
+"Kerberos-Aktualisierungsprotokoll (%s)\n"
+
+#: ../../src/slave/kproplog.c:480 ../../src/slave/kproplog.c:495
+#, c-format
+msgid ""
+"Unable to map log file %s\n"
+"\n"
+msgstr ""
+"Protokolldatei %s kann nicht abgebildet werden\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:485
+#, c-format
+msgid ""
+"Couldn't reinitialize ulog file %s\n"
+"\n"
+msgstr ""
+"Ulog-Datei %s konnte nicht neu initialisiert werden\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:489
+#, c-format
+msgid "Reinitialized the ulog.\n"
+msgstr "Das Ulog wurde neu initialisiert.\n"
+
+#: ../../src/slave/kproplog.c:501
+#, c-format
+msgid ""
+"Corrupt header log, exiting\n"
+"\n"
+msgstr ""
+"beschädigtes Kopfzeilenprotokoll, wird beendet\n"
+"\n"
+
+#: ../../src/slave/kproplog.c:505
+#, c-format
+msgid "Update log dump :\n"
+msgstr "Aktualisierungsprotokollauszug :\n"
+
+#: ../../src/slave/kproplog.c:506
+#, c-format
+msgid "\tLog version # : %u\n"
+msgstr "\tProtokollversion #:  %u\n"
+
+#: ../../src/slave/kproplog.c:507
+#, c-format
+msgid "\tLog state : "
+msgstr "\tProtokollstatus: "
+
+#: ../../src/slave/kproplog.c:510
+#, c-format
+msgid "Stable\n"
+msgstr "stabil\n"
+
+#: ../../src/slave/kproplog.c:513
+#, c-format
+msgid "Unstable\n"
+msgstr "instabil\n"
+
+#: ../../src/slave/kproplog.c:516
+#, c-format
+msgid "Corrupt\n"
+msgstr "beschädigt\n"
+
+#: ../../src/slave/kproplog.c:519
+#, c-format
+msgid "Unknown state: %d\n"
+msgstr "unbekannter Status: %d\n"
+
+#: ../../src/slave/kproplog.c:522
+#, c-format
+msgid "\tEntry block size : %u\n"
+msgstr "\tBlockgrößeneintrag: %u\n"
+
+#: ../../src/slave/kproplog.c:523
+#, c-format
+msgid "\tNumber of entries : %u\n"
+msgstr "\tAnzahl der Einträge: %u\n"
+
+#: ../../src/slave/kproplog.c:526
+#, c-format
+msgid "\tLast serial # : None\n"
+msgstr "\tletzte Seriennummer: keine\n"
+
+#: ../../src/slave/kproplog.c:529
+#, c-format
+msgid "\tFirst serial # : None\n"
+msgstr "\terste Seriennummer: keine\n"
+
+#: ../../src/slave/kproplog.c:531
+#, c-format
+msgid "\tFirst serial # : "
+msgstr "\terste Seriennummer: "
+
+#: ../../src/slave/kproplog.c:535
+#, c-format
+msgid "\tLast serial # : "
+msgstr "\tletzte Seriennummer: "
+
+#: ../../src/slave/kproplog.c:540
+#, c-format
+msgid "\tLast time stamp : None\n"
+msgstr "\tletzter Zeitstempel: keiner\n"
+
+#: ../../src/slave/kproplog.c:543
+#, c-format
+msgid "\tFirst time stamp : None\n"
+msgstr "\terster Zeitstempel: keiner\n"
+
+#: ../../src/slave/kproplog.c:545
+#, c-format
+msgid "\tFirst time stamp : %s"
+msgstr "\terster Zeitstempel: %s"
+
+#: ../../src/slave/kproplog.c:549
+#, c-format
+msgid "\tLast time stamp : %s\n"
+msgstr "\tletzter Zeitstempel: %s\n"
+
+#: ../../src/util/support/errors.c:77
+msgid "Kerberos library initialization failure"
+msgstr "Initialisieren der Kerberos-Bibliothek fehlgeschlagen"
+
+#: ../../src/util/support/errors.c:93
+#, c-format
+msgid "error %ld"
+msgstr "Fehler %ld"
+
+#: ../../src/util/support/plugins.c:186
+#, c-format
+msgid "unable to find plugin [%s]: %s"
+msgstr "Erweiterung [%s] konnte nicht gefunden werden: %s"
+
+#: ../../src/util/support/plugins.c:274
+msgid "unknown failure"
+msgstr "unbekannter Fehlschlag"
+
+#: ../../src/util/support/plugins.c:277
+#, c-format
+msgid "unable to load plugin [%s]: %s"
+msgstr "Erweiterung [%s] konnte nicht geladen werden: %s"
+
+#: ../../src/util/support/plugins.c:300
+#, c-format
+msgid "unable to load DLL [%s]"
+msgstr "DLL [%s] konnte nicht geladen werden"
+
+#: ../../src/util/support/plugins.c:316
+#, c-format
+msgid "plugin unavailable: %s"
+msgstr "Erweiterung nicht verfügbar: %s"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:23
+msgid "No @ in SERVICE-NAME name string"
+msgstr "keine @ in der Namenszeichenkette SERVICE-NAME"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:24
+msgid "STRING-UID-NAME contains nondigits"
+msgstr "STRING-UID-NAME enthält etwas anderes als Ziffern"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:25
+msgid "UID does not resolve to username"
+msgstr "UID lässt sich nicht zu Benutzernamen ermitteln"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:26
+msgid "Validation error"
+msgstr "Überprüfungsfehler"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:27
+msgid "Couldn't allocate gss_buffer_t data"
+msgstr "»gss_buffer_t«-Daten konnten reserviert werden"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:28
+msgid "Message context invalid"
+msgstr "Nachrichtenkontext ungültig"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:29
+msgid "Buffer is the wrong size"
+msgstr "Puffer hat die falsche Größe"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:30
+msgid "Credential usage type is unknown"
+msgstr "Typ des Anmeldedatenaufrufs ist unbekannt"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:31
+msgid "Unknown quality of protection specified"
+msgstr "unbekannte Schutzqualität angegeben"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:32
+msgid "Local host name could not be determined"
+msgstr "lokaler Rechnername konnte nicht bestimmt werden"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:33
+msgid "Hostname in SERVICE-NAME string could not be canonicalized"
+msgstr ""
+"Rechnername in der Zeichenkette »SERVICE-NAME« konnte nicht in Normalform "
+"gebracht werden"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:34
+msgid "Mechanism is incorrect"
+msgstr "Mechanismus ist nicht korrekt"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:35
+msgid "Token header is malformed or corrupt"
+msgstr "Token-Kopfzeilen haben die falsche Form oder sind beschädigt"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:36
+msgid "Packet was replayed in wrong direction"
+msgstr "Paket wurde in falscher Richtung erneut abgespielt"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:37
+msgid "Token is missing data"
+msgstr "dem Token fehlen Daten"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:38
+msgid "Token was reflected"
+msgstr "Token wurde zurückgeworfen"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:39
+msgid "Received token ID does not match expected token ID"
+msgstr "Die empfangene Token-Kennung passt nicht zur erwarteten Token-Kennung."
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:40
+msgid "The given credential's usage does not match the requested usage"
+msgstr ""
+"Die Verwendung der angegebenen Anmeldedaten passt nicht zur angeforderten "
+"Verwendung."
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:41
+msgid "Storing of acceptor credentials is not supported by the mechanism"
+msgstr ""
+"Das Speichern von Abnehmeranmeldedaten wird nicht durch den Mechanismus "
+"unterstützt."
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:42
+msgid "Storing of non-default credentials is not supported by the mechanism"
+msgstr ""
+"Das Speichern von Nichtstandardanmeldedaten wird nicht durch den Mechanismus "
+"unterstützt."
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:23
+msgid "Principal in credential cache does not match desired name"
+msgstr ""
+"Principal im Anmeldedatenzwischenspeicher entspricht nicht dem gewünschten "
+"Namen"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:24
+msgid "No principal in keytab matches desired name"
+msgstr "Kein Principal in der Schlüsseltabelle passt zum gewünschten Namen."
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:25
+msgid "Credential cache has no TGT"
+msgstr "Anmeldedatenzwischenspeicher hat kein TGT"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:26
+msgid "Authenticator has no subkey"
+msgstr "Schlüsselziffer hat keinen Unterschlüssel"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:27
+msgid "Context is already fully established"
+msgstr "Kontext wurde bereits vollständig eingerichtet"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:28
+msgid "Unknown signature type in token"
+msgstr "unbekannter Signaturtyp im Token"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:29
+msgid "Invalid field length in token"
+msgstr "falsche Feldlänge im Token"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:30
+msgid "Attempt to use incomplete security context"
+msgstr ""
+"Es wurde versucht, einen unvollständigen Sicherheitskontext zu verwenden."
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:31
+msgid "Bad magic number for krb5_gss_ctx_id_t"
+msgstr "falsche magische Zahl für »krb5_gss_ctx_id_t«"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:32
+msgid "Bad magic number for krb5_gss_cred_id_t"
+msgstr "falsche magische Zahl für »krb5_gss_cred_id_t«"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:33
+msgid "Bad magic number for krb5_gss_enc_desc"
+msgstr "falsche magische Zahl für »krb5_gss_enc_desc«"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:34
+msgid "Sequence number in token is corrupt"
+msgstr "Sequnznummer im Token ist beschädigt"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:35
+msgid "Credential cache is empty"
+msgstr "Anmeldedatenzwischenspeicher ist leer"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:36
+msgid "Acceptor and Initiator share no checksum types"
+msgstr "Abnehmer und Initiator haben keinen gemeinsamen Prüfsummentyp"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:37
+msgid "Requested lucid context version not supported"
+msgstr "angeforderte »lucid«-Kontextversion nicht unterstützt"
+
+# PRF = Pseudo Random Function
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:38
+msgid "PRF input too long"
+msgstr "PRF-Eingabe zu lang"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:39
+msgid "Bad magic number for iakerb_ctx_id_t"
+msgstr "falsche magische Zahl für »iakerb_ctx_id_t«"
+
+#: ../lib/kadm5/chpass_util_strings.c:23
+msgid "while getting policy info."
+msgstr "beim Holen der Richtlinieninformation."
+
+#: ../lib/kadm5/chpass_util_strings.c:24
+msgid "while getting principal info."
+msgstr "beim Holen der Principal-Information."
+
+#: ../lib/kadm5/chpass_util_strings.c:25
+msgid "New passwords do not match - password not changed.\n"
+msgstr "neue Passwörter stimmen nicht überein – Passwort nicht geändert\n"
+
+#: ../lib/kadm5/chpass_util_strings.c:26
+msgid "New password"
+msgstr "neues Passwort"
+
+#: ../lib/kadm5/chpass_util_strings.c:27
+msgid "New password (again)"
+msgstr "neues Passwort (erneut)"
+
+#: ../lib/kadm5/chpass_util_strings.c:28
+msgid ""
+"You must type a password. Passwords must be at least one character long.\n"
+msgstr ""
+"Sie müssen ein Passwort eingeben. Passwörter müssen mindestens ein Zeichen "
+"lang sein.\n"
+
+#: ../lib/kadm5/chpass_util_strings.c:29
+msgid "yet no policy set!  Contact your system security administrator."
+msgstr ""
+"noch keine Richtlinie gesetzt! Kontaktieren Sie Ihren "
+"Systemsicherheitsadministrator"
+
+#: ../lib/kadm5/chpass_util_strings.c:31
+msgid ""
+"New password was found in a dictionary of possible passwords and\n"
+"therefore may be easily guessed. Please choose another password.\n"
+"See the kpasswd man page for help in choosing a good password."
+msgstr ""
+"Das neue Passwort wurde in einem Wörterbuch mit möglichen Passwörtern "
+"gefunden\n"
+"und kann daher leicht erraten werden. Bitte wählen Sie ein anderes "
+"Passwort.\n"
+"Hilfe bei der Wahl guter Passwörter finden Sie in der Handbuchseite von\n"
+"»kpasswd«."
+
+#: ../lib/kadm5/chpass_util_strings.c:32
+msgid "Password not changed."
+msgstr "Passwort nicht geändert"
+
+#: ../lib/kadm5/chpass_util_strings.c:33
+#, c-format
+msgid ""
+"New password is too short.\n"
+"Please choose a password which is at least %d characters long."
+msgstr ""
+"Das neue Passwort ist zu kurz.\n"
+"Bitte wählen Sie ein Passwort, das mindestens %d Zeichen lang ist."
+
+#: ../lib/kadm5/chpass_util_strings.c:34
+#, c-format
+msgid ""
+"New password does not have enough character classes.\n"
+"The character classes are:\n"
+"\t- lower-case letters,\n"
+"\t- upper-case letters,\n"
+"\t- digits,\n"
+"\t- punctuation, and\n"
+"\t- all other characters (e.g., control characters).\n"
+"Please choose a password with at least %d character classes."
+msgstr ""
+"Das neue Passwort besteht aus zu wenigen Zeichenklassen.\n"
+"Die Zeichenklassen sind:\n"
+"\t- Kleinbuchstaben,\n"
+"\t- Großbuchstaben,\n"
+"\t- Ziffern,\n"
+"\t- Satzzeichen und\n"
+"\t- alle anderen Zeichen (z.B. Steuerzeichen).\n"
+"Bitte wählen Sie ein Passwort mit mindestens %d Zeichenklassen."
+
+#: ../lib/kadm5/chpass_util_strings.c:35
+#, c-format
+msgid ""
+"Password cannot be changed because it was changed too recently.\n"
+"Please wait until %s before you change it.\n"
+"If you need to change your password before then, contact your system\n"
+"security administrator."
+msgstr ""
+"Das Passwort kann nicht geändert werden, da es erst vor kurzem geändert "
+"wurde.\n"
+"Bitte warten Sie bis %s, ehe Sie es ändern.\n"
+"Falls Sie es vorher ändern müssen, kontaktieren Sie Ihren\n"
+"Systemsicherheitsadministrator."
+
+#: ../lib/kadm5/chpass_util_strings.c:36
+msgid "New password was used previously. Please choose a different password."
+msgstr ""
+"Das neue Passwort wurde zuvor schon benutzt. Bitte wählen Sie ein anderes "
+"Passwort."
+
+#: ../lib/kadm5/chpass_util_strings.c:37
+msgid "while trying to change password."
+msgstr "beim Versuch, das Passwort zu ändern."
+
+#: ../lib/kadm5/chpass_util_strings.c:38
+msgid "while reading new password."
+msgstr "beim Lesen des neuen Passworts."
+
+#: ../lib/kadm5/kadm_err.c:23
+msgid "Operation failed for unspecified reason"
+msgstr "Aktion aus nicht näher beschriebenem Grund fehlgeschlagen"
+
+#: ../lib/kadm5/kadm_err.c:24
+msgid "Operation requires ``get'' privilege"
+msgstr "Aktion erfordert »get«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:25
+msgid "Operation requires ``add'' privilege"
+msgstr "Aktion erfordert »add«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:26
+msgid "Operation requires ``modify'' privilege"
+msgstr "Aktion erfordert »modify«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:27
+msgid "Operation requires ``delete'' privilege"
+msgstr "Aktion erfordert »delete«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:28
+msgid "Insufficient authorization for operation"
+msgstr "unzureichende Berechtigung für diese Aktion"
+
+#: ../lib/kadm5/kadm_err.c:29 ../lib/kdb/adb_err.c:29
+msgid "Database inconsistency detected"
+msgstr "Datenbankinkonsistenz entdeckt"
+
+#: ../lib/kadm5/kadm_err.c:30 ../lib/kdb/adb_err.c:24
+msgid "Principal or policy already exists"
+msgstr "Principal oder Richtlinie existiert bereits"
+
+#: ../lib/kadm5/kadm_err.c:31
+msgid "Communication failure with server"
+msgstr "Kommunikation mit dem Server fehlgeschlagen"
+
+#: ../lib/kadm5/kadm_err.c:32
+msgid "No administration server found for realm"
+msgstr "kein Administrationsserver für den Realm gefunden"
+
+#: ../lib/kadm5/kadm_err.c:33
+msgid "Password history principal key version mismatch"
+msgstr "Die Passwortchronikschlüssel des Principals passen nicht zusammen."
+
+#: ../lib/kadm5/kadm_err.c:34
+msgid "Connection to server not initialized"
+msgstr "Verbindung zum Server nicht initialisiert"
+
+#: ../lib/kadm5/kadm_err.c:35
+msgid "Principal does not exist"
+msgstr "Principal existiert nicht"
+
+#: ../lib/kadm5/kadm_err.c:36
+msgid "Policy does not exist"
+msgstr "Richtlinie existiert nicht"
+
+#: ../lib/kadm5/kadm_err.c:37
+msgid "Invalid field mask for operation"
+msgstr "ungültige Feldmaske für Aktion"
+
+#: ../lib/kadm5/kadm_err.c:38
+msgid "Invalid number of character classes"
+msgstr "ungültige Anzahl von Zeichenklassen"
+
+#: ../lib/kadm5/kadm_err.c:39
+msgid "Invalid password length"
+msgstr "ungültige Passwortlänge"
+
+#: ../lib/kadm5/kadm_err.c:40
+msgid "Illegal policy name"
+msgstr "unzulässiger Richtlinienname"
+
+#: ../lib/kadm5/kadm_err.c:41
+msgid "Illegal principal name"
+msgstr "unzulässiger Principal-Name"
+
+# FIXME s/auxillary/auxilary/
+#: ../lib/kadm5/kadm_err.c:42
+msgid "Invalid auxillary attributes"
+msgstr "ungültige Zusatzattribute"
+
+#: ../lib/kadm5/kadm_err.c:43
+msgid "Invalid password history count"
+msgstr "ungültige Passwortchronikanzahl"
+
+#: ../lib/kadm5/kadm_err.c:44
+msgid "Password minimum life is greater than password maximum life"
+msgstr "Die minimale Lebensdauer des Passworts ist größer als die maximale."
+
+#: ../lib/kadm5/kadm_err.c:45
+msgid "Password is too short"
+msgstr "Das Passwort ist zu kurz."
+
+#: ../lib/kadm5/kadm_err.c:46
+msgid "Password does not contain enough character classes"
+msgstr "Das Passwort enthält nicht genug Zeichenklassen."
+
+#: ../lib/kadm5/kadm_err.c:47
+msgid "Password is in the password dictionary"
+msgstr "Das Passwort steht im Passwortwörterbuch."
+
+#: ../lib/kadm5/kadm_err.c:48
+msgid "Cannot reuse password"
+msgstr "Das Passwort kann nicht erneut verwendet werden."
+
+#: ../lib/kadm5/kadm_err.c:49
+msgid "Current password's minimum life has not expired"
+msgstr "Die aktuell minimale Lebensdauer des Passworts ist nicht abgelaufen."
+
+#: ../lib/kadm5/kadm_err.c:50 ../lib/krb5/error_tables/kdb5_err.c:67
+msgid "Policy is in use"
+msgstr "Richtlinie ist in Benutzung"
+
+#: ../lib/kadm5/kadm_err.c:51
+msgid "Connection to server already initialized"
+msgstr "Verbindung zum Server ist bereits initialisiert"
+
+#: ../lib/kadm5/kadm_err.c:52
+msgid "Incorrect password"
+msgstr "falsches Passwort"
+
+#: ../lib/kadm5/kadm_err.c:53
+msgid "Cannot change protected principal"
+msgstr "geschützter Principal kann nicht geändert werden"
+
+#: ../lib/kadm5/kadm_err.c:54
+msgid "Programmer error! Bad Admin server handle"
+msgstr "Fehler des Programmierers! Falscher Admin-Server-Identifikator"
+
+#: ../lib/kadm5/kadm_err.c:55
+msgid "Programmer error! Bad API structure version"
+msgstr "Fehler des Programmierers! Falsche API-Strukturversion"
+
+#: ../lib/kadm5/kadm_err.c:56
+msgid ""
+"API structure version specified by application is no longer supported (to "
+"fix, recompile application against current KADM5 API header files and "
+"libraries)"
+msgstr ""
+"Die von der Anwendung angegebene Version der API-Struktur wird nicht länger "
+"unterstützt. (Kompilieren Sie die Anwendung mit den aktuellen KADM5-API-"
+"Header-Dateien und -Bibliotheken, um dies zu beheben.)"
+
+#: ../lib/kadm5/kadm_err.c:57
+msgid ""
+"API structure version specified by application is unknown to libraries (to "
+"fix, obtain current KADM5 API header files and libraries and recompile "
+"application)"
+msgstr ""
+"Die von der Anwendung angegebene Version der API-Struktur ist den "
+"Bibliotheken unbekannt. (Besorgen Sie sich die aktuellen KADM5-API-Header-"
+"Dateien und -Bibliotheken und kompilieren Sie die Anwendung neu, um dies zu "
+"beheben.)"
+
+#: ../lib/kadm5/kadm_err.c:58
+msgid "Programmer error! Bad API version"
+msgstr "Fehler des Programmierers! Falsche API-Version"
+
+#: ../lib/kadm5/kadm_err.c:59
+msgid ""
+"API version specified by application is no longer supported by libraries (to "
+"fix, update application to adhere to current API version and recompile)"
+msgstr ""
+"Die von der Anwendung angegebene Version der API-Struktur wird nicht länger "
+"von den Bibliotheken unterstützt. (Aktualisieren Sie die Anwendung, dass sie "
+"zu der aktuellen API-Version passt, und kompilieren Sie sie, um dies zu "
+"beheben.)"
+
+#: ../lib/kadm5/kadm_err.c:60
+msgid ""
+"API version specified by application is no longer supported by server (to "
+"fix, update application to adhere to current API version and recompile)"
+msgstr ""
+"Die von der Anwendung angegebene Version der API-Struktur wird nicht länger "
+"vom Server unterstützt. (Aktualisieren Sie die Anwendung, dass sie zu der "
+"aktuellen API-Version passt, und kompilieren Sie sie, um dies zu beheben.)"
+
+#: ../lib/kadm5/kadm_err.c:61
+msgid ""
+"API version specified by application is unknown to libraries (to fix, obtain "
+"current KADM5 API header files and libraries and recompile application)"
+msgstr ""
+"Die von der Anwendung angegebenene API-Version ist den Bibliotheken "
+"unbekannt. (Besorgen Sie sich die aktuellen KADM5-API-Header-Dateien und -"
+"Bibliotheken und kompilieren Sie die Anwendung neu, um dies zu beheben.)"
+
+#: ../lib/kadm5/kadm_err.c:62
+msgid ""
+"API version specified by application is unknown to server (to fix, obtain "
+"and install newest KADM5 Admin Server)"
+msgstr ""
+"Die von der Anwendung angegebene API-Version ist dem Server unbekannt. "
+"(Besorgen und installieren Sie sich den neuesten KADM5-Admin-Server, um dies "
+"zu beheben.)"
+
+#: ../lib/kadm5/kadm_err.c:63
+msgid "Database error! Required KADM5 principal missing"
+msgstr "Datenbankfehler! Erforderlicher KADM5-Principal fehlt"
+
+#: ../lib/kadm5/kadm_err.c:64
+msgid "The salt type of the specified principal does not support renaming"
+msgstr "Der Salt-Typ des angegebenen Principals unterstützt kein Umbenennen."
+
+#: ../lib/kadm5/kadm_err.c:65
+msgid "Illegal configuration parameter for remote KADM5 client"
+msgstr "widerrechtlicher Konfigurationsparameter für fernen KADM5-Client"
+
+#: ../lib/kadm5/kadm_err.c:66
+msgid "Illegal configuration parameter for local KADM5 client"
+msgstr "widerrechtlicher Konfigurationsparameter für lokalen KADM5-Client"
+
+#: ../lib/kadm5/kadm_err.c:67
+msgid "Operation requires ``list'' privilege"
+msgstr "Aktion erfordert das »list«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:68
+msgid "Operation requires ``change-password'' privilege"
+msgstr "Aktion erfordert das »change-password«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:69
+msgid "GSS-API (or Kerberos) error"
+msgstr "GSS-API- (oder Kerberos-) Fehler"
+
+#: ../lib/kadm5/kadm_err.c:70
+msgid "Programmer error! Illegal tagged data list type"
+msgstr ""
+"Fehler des Programmierers! Widerrechlicher Listentyp für gekennzeichnete "
+"Daten"
+
+#: ../lib/kadm5/kadm_err.c:71
+msgid "Required parameters in kdc.conf missing"
+msgstr "erforderliche Parameter in »kdc.conf« fehlen"
+
+#: ../lib/kadm5/kadm_err.c:72
+msgid "Bad krb5 admin server hostname"
+msgstr "falscher Rechnername des KRB5-Admin-Servers"
+
+#: ../lib/kadm5/kadm_err.c:73
+msgid "Operation requires ``set-key'' privilege"
+msgstr "Aktion erfordert das »set-key«-Recht"
+
+#: ../lib/kadm5/kadm_err.c:74
+msgid "Multiple values for single or folded enctype"
+msgstr ""
+"mehrere Werte für einzelnen Verschlüsselungstyp oder Verschlüsselungstyp mit "
+"Salt"
+
+#: ../lib/kadm5/kadm_err.c:75
+msgid "Invalid enctype for setv4key"
+msgstr "widerrechtlicher Verschlüsselungstyp für Setv4key"
+
+#: ../lib/kadm5/kadm_err.c:76
+msgid "Mismatched enctypes for setkey3"
+msgstr "nicht zusammenpassende Verschlüsselungstypen für Setkey3"
+
+#: ../lib/kadm5/kadm_err.c:77
+msgid "Missing parameters in krb5.conf required for kadmin client"
+msgstr "für Kadmin-Client benötigte Parameter fehlen in »krb5.conf«"
+
+#: ../lib/kadm5/kadm_err.c:78 ../lib/kdb/adb_err.c:30
+msgid "XDR encoding error"
+msgstr "XDR-Verschlüsselungsfehler"
+
+#: ../lib/kadm5/kadm_err.c:79
+msgid "Cannot resolve network address for admin server in requested realm"
+msgstr ""
+"Die Netzwerkadresse für den Admin-Server im angeforderten Realm kann nicht "
+"aufgelöst werden."
+
+#: ../lib/kadm5/kadm_err.c:80
+msgid "Unspecified password quality failure"
+msgstr "nicht näher angegebener Passwortqualitätsfehlschlag"
+
+#: ../lib/kadm5/kadm_err.c:81
+msgid "Invalid key/salt tuples"
+msgstr "ungültige Schlüssel-/Salt-Tupel"
+
+#: ../lib/kdb/adb_err.c:23
+msgid "No Error"
+msgstr "kein Fehler"
+
+#: ../lib/kdb/adb_err.c:25
+msgid "Principal or policy does not exist"
+msgstr "Principal oder Richtlinie existiert nicht"
+
+#: ../lib/kdb/adb_err.c:26
+msgid "Database not initialized"
+msgstr "Datenbank nicht initialisiert"
+
+#: ../lib/kdb/adb_err.c:27
+msgid "Invalid policy name"
+msgstr "ungültiger Richtlinienname"
+
+#: ../lib/kdb/adb_err.c:28
+msgid "Invalid principal name"
+msgstr "ungültiger Principal-Name"
+
+#: ../lib/kdb/adb_err.c:31
+msgid "Failure!"
+msgstr "Fehlschlag!"
+
+#: ../lib/kdb/adb_err.c:32
+msgid "Bad lock mode"
+msgstr "falscher Sperrmodus"
+
+#: ../lib/kdb/adb_err.c:33
+msgid "Cannot lock database"
+msgstr "Datenbank kann nicht gesperrt werden"
+
+#: ../lib/kdb/adb_err.c:34
+msgid "Database not locked"
+msgstr "Datenbank nicht gesperrt"
+
+#: ../lib/kdb/adb_err.c:35
+msgid "KADM5 administration database lock file missing"
+msgstr "Sperrdatei der KADM5-Verwaltungsdatenbank fehlt"
+
+#: ../lib/kdb/adb_err.c:36
+msgid "Insufficient permission to lock file"
+msgstr "keine ausreichenden Rechte zum Sperren der Datei"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:23
+msgid "Plugin does not support interface version"
+msgstr "Erweiterung unterstützt nicht die Schnittstellenversion"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:24
+msgid "Invalid module specifier"
+msgstr "ungültige Modulangabe"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:25
+msgid "Plugin module name not found"
+msgstr "Erweiterungsmodulname nicht gefunden"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:26
+msgid "The KDC should discard this request"
+msgstr "Das KDC sollte diese Anfrage verwerfen"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:27
+msgid "Can't create new subsidiary cache"
+msgstr "Der neue ergänzende Zwischenspeicher kann nicht erzeugt werden"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:28
+msgid "Invalid keyring anchor name"
+msgstr "ungültiger Schlüsselbundverankerungsname"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:29
+msgid "Unknown keyring collection version"
+msgstr "unbekannte Schlüsselbundsammlungsversion"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:30
+msgid "Invalid UID in persistent keyring name"
+msgstr "ungültige UID im beständigen Schlüsselbundnamen"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:31
+msgid "Malformed reply from KCM daemon"
+msgstr "Antwort des KCM-Daemons hat die falsche Form"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:32
+msgid "Mach RPC error communicating with KCM daemon"
+msgstr "Mach-RPC-Fehler beim der Kommunikation mit dem KCM-Daemon"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:33
+msgid "KCM daemon reply too big"
+msgstr "Antwort des KCM-Daemons zu groß"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:34
+msgid "No KCM server found"
+msgstr "Kein KCM-Server gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:24
+msgid "Client's entry in database has expired"
+msgstr "Eintrag des Clients in der Datenbank ist abgelaufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:25
+msgid "Server's entry in database has expired"
+msgstr "Eintrag des Servers in der Datenbank ist abgelaufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:26
+msgid "Requested protocol version not supported"
+msgstr "angeforderte Protokollversion nicht unterstützt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:27
+msgid "Client's key is encrypted in an old master key"
+msgstr ""
+"Der Schlüssel des Clients wurde mit einem alten Hauptschlüssel verschlüsselt."
+
+#: ../lib/krb5/error_tables/krb5_err.c:28
+msgid "Server's key is encrypted in an old master key"
+msgstr ""
+"Der Schlüssel des Servers wurde mit einem alten Hauptschlüssel verschlüsselt."
+
+#: ../lib/krb5/error_tables/krb5_err.c:29
+msgid "Client not found in Kerberos database"
+msgstr "Client nicht in der Kerberos-Datenbank gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:30
+msgid "Server not found in Kerberos database"
+msgstr "Server nicht in der Kerberos-Datenbank gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:31
+msgid "Principal has multiple entries in Kerberos database"
+msgstr "Principal hat in der Kerberos-Datenbank mehrere Einträge"
+
+#: ../lib/krb5/error_tables/krb5_err.c:32
+msgid "Client or server has a null key"
+msgstr "Client oder Server hat einen Nullschlüssel"
+
+#: ../lib/krb5/error_tables/krb5_err.c:33
+msgid "Ticket is ineligible for postdating"
+msgstr "Ticket ist zum Vordatieren ungeeignet"
+
+#: ../lib/krb5/error_tables/krb5_err.c:34
+msgid "Requested effective lifetime is negative or too short"
+msgstr "Die angeforderte effektive Lebensdauer ist negativ oder zu kurz."
+
+#: ../lib/krb5/error_tables/krb5_err.c:35
+msgid "KDC policy rejects request"
+msgstr "KDC-Richtlinie weist die Anfrage zurück"
+
+#: ../lib/krb5/error_tables/krb5_err.c:36
+msgid "KDC can't fulfill requested option"
+msgstr "KDC kann erforderliche Option nicht erfüllen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:37
+msgid "KDC has no support for encryption type"
+msgstr "KDC unterstützt diesen Verschlüsselungstyp nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:38
+msgid "KDC has no support for checksum type"
+msgstr "KDC unterstützt diesen Prüfsummentyp nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:39
+msgid "KDC has no support for padata type"
+msgstr "KDC unterstützt diesen Padata-Typ nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:40
+msgid "KDC has no support for transited type"
+msgstr "KDC unterstützt diesen Übergangstyp nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:41
+msgid "Clients credentials have been revoked"
+msgstr "Anmeldedaten des Clients wurden widerrufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:42
+msgid "Credentials for server have been revoked"
+msgstr "Anmeldedaten für den Server wurden widerrufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:43
+msgid "TGT has been revoked"
+msgstr "TGT wurde widerrufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:44
+msgid "Client not yet valid - try again later"
+msgstr "Client noch nicht gültig – versuchen Sie es später noch einmal"
+
+#: ../lib/krb5/error_tables/krb5_err.c:45
+msgid "Server not yet valid - try again later"
+msgstr "Server noch nicht gültig – versuchen Sie es später noch einmal"
+
+#: ../lib/krb5/error_tables/krb5_err.c:46
+msgid "Password has expired"
+msgstr "Passwort ist abgelaufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:47
+msgid "Preauthentication failed"
+msgstr "Vorauthentifizierung fehlgeschlagen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:48
+msgid "Additional pre-authentication required"
+msgstr "zusätzlich Vorauthentifizierung erforderlich"
+
+#: ../lib/krb5/error_tables/krb5_err.c:49
+msgid "Requested server and ticket don't match"
+msgstr "abgefragter Server und Ticket passen nicht zusammen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:50
+msgid "Server principal valid for user2user only"
+msgstr "Der Server-Principal ist nur für »user2user« gültig"
+
+#: ../lib/krb5/error_tables/krb5_err.c:51
+msgid "KDC policy rejects transited path"
+msgstr "KDC-Richtlinie verwirft durchgereichten Pfad"
+
+#: ../lib/krb5/error_tables/krb5_err.c:52
+msgid "A service is not available that is required to process the request"
+msgstr ""
+"Ein Dienst, der zum Verarbeiten der Abfrage erforderlich ist, ist nicht "
+"verfügbar."
+
+#: ../lib/krb5/error_tables/krb5_err.c:53
+msgid "KRB5 error code 30"
+msgstr "KRB5-Fehlercode 30"
+
+#: ../lib/krb5/error_tables/krb5_err.c:54
+msgid "Decrypt integrity check failed"
+msgstr "Entschlüsselungsintegritätsprüfung fehlgeschlagen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:55
+msgid "Ticket expired"
+msgstr "Ticket abgelaufen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:56
+msgid "Ticket not yet valid"
+msgstr "Ticket noch nicht gültig"
+
+#: ../lib/krb5/error_tables/krb5_err.c:57
+msgid "Request is a replay"
+msgstr "Anfrage ist eine Wiederholung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:58
+msgid "The ticket isn't for us"
+msgstr "Das Ticket ist nicht für uns."
+
+#: ../lib/krb5/error_tables/krb5_err.c:59
+msgid "Ticket/authenticator don't match"
+msgstr "Ticket/Schlüsselziffer passen nicht zueinander"
+
+#: ../lib/krb5/error_tables/krb5_err.c:60
+msgid "Clock skew too great"
+msgstr "Uhrzeitabweichung zu groß"
+
+#: ../lib/krb5/error_tables/krb5_err.c:61
+msgid "Incorrect net address"
+msgstr "falsche Netzwerkadresse"
+
+#: ../lib/krb5/error_tables/krb5_err.c:62
+msgid "Protocol version mismatch"
+msgstr "Protokollversion passt nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:63
+msgid "Invalid message type"
+msgstr "ungültiger Nachrichtentyp"
+
+#: ../lib/krb5/error_tables/krb5_err.c:64
+msgid "Message stream modified"
+msgstr "Nachrichtendatenstrom geändert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:65
+msgid "Message out of order"
+msgstr "Nachricht nicht in Ordnung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:66
+msgid "Illegal cross-realm ticket"
+msgstr "Widerrechliches Realm-übergreifendes Ticket"
+
+#: ../lib/krb5/error_tables/krb5_err.c:67
+msgid "Key version is not available"
+msgstr "Schlüsselversion ist nicht verfügbar"
+
+#: ../lib/krb5/error_tables/krb5_err.c:68
+msgid "Service key not available"
+msgstr "Dienstschlüssel nicht verfügbar"
+
+#: ../lib/krb5/error_tables/krb5_err.c:69
+#: ../lib/krb5/error_tables/krb5_err.c:181
+msgid "Mutual authentication failed"
+msgstr "gegenseitige Authentifizierung fehlgeschlagen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:70
+msgid "Incorrect message direction"
+msgstr "falsche Nachrichtenrichtung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:71
+msgid "Alternative authentication method required"
+msgstr "alternative Authentifizierungsmethode erforderlich"
+
+#: ../lib/krb5/error_tables/krb5_err.c:72
+msgid "Incorrect sequence number in message"
+msgstr "falsche Sequenznummer in der Nachricht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:73
+msgid "Inappropriate type of checksum in message"
+msgstr "ungeeigneter Prüfsummentyp in der Nachricht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:74
+msgid "Policy rejects transited path"
+msgstr "Richtlinie verwirft durchgereichten Pfad"
+
+#: ../lib/krb5/error_tables/krb5_err.c:75
+msgid "Response too big for UDP, retry with TCP"
+msgstr "Antwort für UDP zu groß, erneuter Versuch mit TCP"
+
+#: ../lib/krb5/error_tables/krb5_err.c:76
+msgid "KRB5 error code 53"
+msgstr "KRB5-Fehlercode 53"
+
+#: ../lib/krb5/error_tables/krb5_err.c:77
+msgid "KRB5 error code 54"
+msgstr "KRB5-Fehlercode 54"
+
+#: ../lib/krb5/error_tables/krb5_err.c:78
+msgid "KRB5 error code 55"
+msgstr "KRB5-Fehlercode 55"
+
+#: ../lib/krb5/error_tables/krb5_err.c:79
+msgid "KRB5 error code 56"
+msgstr "KRB5-Fehlercode 56"
+
+#: ../lib/krb5/error_tables/krb5_err.c:80
+msgid "KRB5 error code 57"
+msgstr "KRB5-Fehlercode 57"
+
+#: ../lib/krb5/error_tables/krb5_err.c:81
+msgid "KRB5 error code 58"
+msgstr "KRB5-Fehlercode 58"
+
+#: ../lib/krb5/error_tables/krb5_err.c:82
+msgid "KRB5 error code 59"
+msgstr "KRB5-Fehlercode 59"
+
+#: ../lib/krb5/error_tables/krb5_err.c:83
+msgid "Generic error (see e-text)"
+msgstr "allgemeiner Fehler (siehe E-Text)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:84
+msgid "Field is too long for this implementation"
+msgstr "Feld ist für diese Implementierung zu lang"
+
+#: ../lib/krb5/error_tables/krb5_err.c:85
+msgid "Client not trusted"
+msgstr "Client nicht vertrauenswürdig"
+
+#: ../lib/krb5/error_tables/krb5_err.c:86
+msgid "KDC not trusted"
+msgstr "KDC nicht vertrauenswürdig"
+
+#: ../lib/krb5/error_tables/krb5_err.c:87
+msgid "Invalid signature"
+msgstr "ungültige Signatur"
+
+#: ../lib/krb5/error_tables/krb5_err.c:88
+msgid "Key parameters not accepted"
+msgstr "Schlüsselparameter nicht akzeptiert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:89
+msgid "Certificate mismatch"
+msgstr "Zertifikat passt nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:90
+msgid "No ticket granting ticket"
+msgstr "kein ticketgewährendes Ticket"
+
+#: ../lib/krb5/error_tables/krb5_err.c:91
+msgid "Realm not local to KDC"
+msgstr "Realm für KDC nicht lokal"
+
+#: ../lib/krb5/error_tables/krb5_err.c:92
+msgid "User to user required"
+msgstr "Benutzer-zu-Benutzer erforderlich"
+
+#: ../lib/krb5/error_tables/krb5_err.c:93
+msgid "Can't verify certificate"
+msgstr "Zertifikat kann nicht überprüft werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:94
+msgid "Invalid certificate"
+msgstr "ungültiges Zertifikat"
+
+#: ../lib/krb5/error_tables/krb5_err.c:95
+msgid "Revoked certificate"
+msgstr "widerrufenes Zertifikat"
+
+#: ../lib/krb5/error_tables/krb5_err.c:96
+msgid "Revocation status unknown"
+msgstr "Widerrufsstatus unbekannt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:97
+msgid "Revocation status unavailable"
+msgstr "Widerrufsstatus nicht verfügbar"
+
+#: ../lib/krb5/error_tables/krb5_err.c:98
+msgid "Client name mismatch"
+msgstr "Client-Name passt nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:99
+msgid "KDC name mismatch"
+msgstr "KDC-Name passt nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:100
+msgid "Inconsistent key purpose"
+msgstr "inkonstistenter Schlüsselzweck"
+
+#: ../lib/krb5/error_tables/krb5_err.c:101
+msgid "Digest in certificate not accepted"
+msgstr "Kurzfassung im Zertifikat nicht akzeptiert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:102
+msgid "Checksum must be included"
+msgstr "Prüfsumme muss enthalten sein"
+
+#: ../lib/krb5/error_tables/krb5_err.c:103
+msgid "Digest in signed-data not accepted"
+msgstr "Kurzfassung in signierten Daten nicht akzeptiert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:104
+msgid "Public key encryption not supported"
+msgstr "Asymetrische Verschlüsselung nicht unterstützt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:105
+msgid "KRB5 error code 82"
+msgstr "KRB5-Fehlercode 82"
+
+#: ../lib/krb5/error_tables/krb5_err.c:106
+msgid "KRB5 error code 83"
+msgstr "KRB5-Fehlercode 83"
+
+#: ../lib/krb5/error_tables/krb5_err.c:107
+msgid "KRB5 error code 84"
+msgstr "KRB5-Fehlercode 84"
+
+#: ../lib/krb5/error_tables/krb5_err.c:108
+msgid "The IAKERB proxy could not find a KDC"
+msgstr "Der IAKERB-Proxy konnte kein KDC finden."
+
+#: ../lib/krb5/error_tables/krb5_err.c:109
+msgid "The KDC did not respond to the IAKERB proxy"
+msgstr "Das KDC anwortete dem IAKERB-Proxy nicht."
+
+#: ../lib/krb5/error_tables/krb5_err.c:110
+msgid "KRB5 error code 87"
+msgstr "KRB5-Fehlercode 87"
+
+#: ../lib/krb5/error_tables/krb5_err.c:111
+msgid "KRB5 error code 88"
+msgstr "KRB5-Fehlercode 88"
+
+#: ../lib/krb5/error_tables/krb5_err.c:112
+msgid "KRB5 error code 89"
+msgstr "KRB5-Fehlercode 89"
+
+#: ../lib/krb5/error_tables/krb5_err.c:113
+msgid "KRB5 error code 90"
+msgstr "KRB5-Fehlercode 90"
+
+#: ../lib/krb5/error_tables/krb5_err.c:114
+msgid "KRB5 error code 91"
+msgstr "KRB5-Fehlercode 91"
+
+#: ../lib/krb5/error_tables/krb5_err.c:115
+msgid "KRB5 error code 92"
+msgstr "KRB5-Fehlercode 92"
+
+#: ../lib/krb5/error_tables/krb5_err.c:116
+msgid "An unsupported critical FAST option was requested"
+msgstr "Es wurde eine nicht unterstützte kritische FAST-Aktion angefordert."
+
+#: ../lib/krb5/error_tables/krb5_err.c:117
+msgid "KRB5 error code 94"
+msgstr "KRB5-Fehlercode 94"
+
+#: ../lib/krb5/error_tables/krb5_err.c:118
+msgid "KRB5 error code 95"
+msgstr "KRB5-Fehlercode 95"
+
+#: ../lib/krb5/error_tables/krb5_err.c:119
+msgid "KRB5 error code 96"
+msgstr "KRB5-Fehlercode 96"
+
+#: ../lib/krb5/error_tables/krb5_err.c:120
+msgid "KRB5 error code 97"
+msgstr "KRB5-Fehlercode 97"
+
+#: ../lib/krb5/error_tables/krb5_err.c:121
+msgid "KRB5 error code 98"
+msgstr "KRB5-Fehlercode 98"
+
+#: ../lib/krb5/error_tables/krb5_err.c:122
+msgid "KRB5 error code 99"
+msgstr "KRB5-Fehlercode 99"
+
+#: ../lib/krb5/error_tables/krb5_err.c:123
+msgid "No acceptable KDF offered"
+msgstr "kein akzeptables KDF angeboten"
+
+#: ../lib/krb5/error_tables/krb5_err.c:124
+msgid "KRB5 error code 101"
+msgstr "KRB5-Fehlercode 101"
+
+#: ../lib/krb5/error_tables/krb5_err.c:125
+msgid "KRB5 error code 102"
+msgstr "KRB5-Fehlercode 102"
+
+#: ../lib/krb5/error_tables/krb5_err.c:126
+msgid "KRB5 error code 103"
+msgstr "KRB5-Fehlercode 103"
+
+#: ../lib/krb5/error_tables/krb5_err.c:127
+msgid "KRB5 error code 104"
+msgstr "KRB5-Fehlercode 104"
+
+#: ../lib/krb5/error_tables/krb5_err.c:128
+msgid "KRB5 error code 105"
+msgstr "KRB5-Fehlercode 105"
+
+#: ../lib/krb5/error_tables/krb5_err.c:129
+msgid "KRB5 error code 106"
+msgstr "KRB5-Fehlercode 106"
+
+#: ../lib/krb5/error_tables/krb5_err.c:130
+msgid "KRB5 error code 107"
+msgstr "KRB5-Fehlercode 107"
+
+#: ../lib/krb5/error_tables/krb5_err.c:131
+msgid "KRB5 error code 108"
+msgstr "KRB5-Fehlercode 108"
+
+#: ../lib/krb5/error_tables/krb5_err.c:132
+msgid "KRB5 error code 109"
+msgstr "KRB5-Fehlercode 109"
+
+#: ../lib/krb5/error_tables/krb5_err.c:133
+msgid "KRB5 error code 110"
+msgstr "KRB5-Fehlercode 110"
+
+#: ../lib/krb5/error_tables/krb5_err.c:134
+msgid "KRB5 error code 111"
+msgstr "KRB5-Fehlercode 111"
+
+#: ../lib/krb5/error_tables/krb5_err.c:135
+msgid "KRB5 error code 112"
+msgstr "KRB5-Fehlercode 112"
+
+#: ../lib/krb5/error_tables/krb5_err.c:136
+msgid "KRB5 error code 113"
+msgstr "KRB5-Fehlercode 113"
+
+#: ../lib/krb5/error_tables/krb5_err.c:137
+msgid "KRB5 error code 114"
+msgstr "KRB5-Fehlercode 114"
+
+#: ../lib/krb5/error_tables/krb5_err.c:138
+msgid "KRB5 error code 115"
+msgstr "KRB5-Fehlercode 115"
+
+#: ../lib/krb5/error_tables/krb5_err.c:139
+msgid "KRB5 error code 116"
+msgstr "KRB5-Fehlercode 116"
+
+#: ../lib/krb5/error_tables/krb5_err.c:140
+msgid "KRB5 error code 117"
+msgstr "KRB5-Fehlercode 117"
+
+#: ../lib/krb5/error_tables/krb5_err.c:141
+msgid "KRB5 error code 118"
+msgstr "KRB5-Fehlercode 118"
+
+#: ../lib/krb5/error_tables/krb5_err.c:142
+msgid "KRB5 error code 119"
+msgstr "KRB5-Fehlercode 119"
+
+#: ../lib/krb5/error_tables/krb5_err.c:143
+msgid "KRB5 error code 120"
+msgstr "KRB5-Fehlercode 120"
+
+#: ../lib/krb5/error_tables/krb5_err.c:144
+msgid "KRB5 error code 121"
+msgstr "KRB5-Fehlercode 121"
+
+#: ../lib/krb5/error_tables/krb5_err.c:145
+msgid "KRB5 error code 122"
+msgstr "KRB5-Fehlercode 122"
+
+#: ../lib/krb5/error_tables/krb5_err.c:146
+msgid "KRB5 error code 123"
+msgstr "KRB5-Fehlercode 123"
+
+#: ../lib/krb5/error_tables/krb5_err.c:147
+msgid "KRB5 error code 124"
+msgstr "KRB5-Fehlercode 124"
+
+#: ../lib/krb5/error_tables/krb5_err.c:148
+msgid "KRB5 error code 125"
+msgstr "KRB5-Fehlercode 125"
+
+#: ../lib/krb5/error_tables/krb5_err.c:149
+msgid "KRB5 error code 126"
+msgstr "KRB5-Fehlercode 126"
+
+#: ../lib/krb5/error_tables/krb5_err.c:150
+msgid "KRB5 error code 127"
+msgstr "KRB5-Fehlercode 127"
+
+#: ../lib/krb5/error_tables/krb5_err.c:151
+#: ../lib/krb5/error_tables/kdb5_err.c:23
+msgid "$Id$"
+msgstr "$Id$"
+
+#: ../lib/krb5/error_tables/krb5_err.c:152
+msgid "Invalid flag for file lock mode"
+msgstr "ungültiger Schalter für den Datei-Sperrmodus"
+
+#: ../lib/krb5/error_tables/krb5_err.c:153
+msgid "Cannot read password"
+msgstr "Passwort kann nicht gelesen werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:154
+msgid "Password mismatch"
+msgstr "Passwort stimmt nicht überein"
+
+#: ../lib/krb5/error_tables/krb5_err.c:155
+msgid "Password read interrupted"
+msgstr "Lesen des Passworts unterbrochen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:156
+msgid "Illegal character in component name"
+msgstr "ungültiges Zeichen in Komponentenname"
+
+#: ../lib/krb5/error_tables/krb5_err.c:157
+msgid "Malformed representation of principal"
+msgstr "Darstellung des Principals in falscher Form"
+
+#: ../lib/krb5/error_tables/krb5_err.c:158
+msgid "Can't open/find Kerberos configuration file"
+msgstr "Kerberos-Konfigurationsdatei kann nicht geöffnet/gefunden werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:159
+msgid "Improper format of Kerberos configuration file"
+msgstr "Format der Kerberos-Konfigurationsdatei ist ungeeignet"
+
+#: ../lib/krb5/error_tables/krb5_err.c:160
+msgid "Insufficient space to return complete information"
+msgstr "Platz reicht nicht zur Rückgabe aller Informationen aus"
+
+#: ../lib/krb5/error_tables/krb5_err.c:161
+msgid "Invalid message type specified for encoding"
+msgstr "der zum Kodieren angegebene Nachrichtentyp ist ungültig"
+
+#: ../lib/krb5/error_tables/krb5_err.c:162
+msgid "Credential cache name malformed"
+msgstr "falsche Form des Anmeldedatenzwischenspeichernamens"
+
+#: ../lib/krb5/error_tables/krb5_err.c:163
+msgid "Unknown credential cache type"
+msgstr "unbekannter Anmeldedatenzwischenspeichertyp"
+
+#: ../lib/krb5/error_tables/krb5_err.c:164
+msgid "Matching credential not found"
+msgstr "keine passenden Anmeldedaten gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:165
+msgid "End of credential cache reached"
+msgstr "Ende des Anmeldedatenzwischenspeichers erreicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:166
+msgid "Request did not supply a ticket"
+msgstr "Anfrage lieferte kein Ticket"
+
+#: ../lib/krb5/error_tables/krb5_err.c:167
+msgid "Wrong principal in request"
+msgstr "falscher Principal in der Anfrage"
+
+#: ../lib/krb5/error_tables/krb5_err.c:168
+msgid "Ticket has invalid flag set"
+msgstr "Das Ticket hat einen falsch gesetzten Schalter."
+
+#: ../lib/krb5/error_tables/krb5_err.c:169
+msgid "Requested principal and ticket don't match"
+msgstr "angeforderter Principal und Ticket passen nicht zusammen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:170
+msgid "KDC reply did not match expectations"
+msgstr "KDC-Antwort entsprach nicht den Erwartungen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:171
+msgid "Clock skew too great in KDC reply"
+msgstr "Zeitversatz in der KDC-Antwort zu groß"
+
+#: ../lib/krb5/error_tables/krb5_err.c:172
+msgid "Client/server realm mismatch in initial ticket request"
+msgstr ""
+"Client-/Server-Realm passen in der anfänglichen Ticketanfrage nicht zusammen."
+
+#: ../lib/krb5/error_tables/krb5_err.c:173
+msgid "Program lacks support for encryption type"
+msgstr ""
+"Dem Programm fehlt es an der Unterstützung für den Verschlüsselungstyp."
+
+#: ../lib/krb5/error_tables/krb5_err.c:174
+msgid "Program lacks support for key type"
+msgstr "Dem Programm fehlt es an der Unterstützung für den Schlüsseltyp."
+
+#: ../lib/krb5/error_tables/krb5_err.c:175
+msgid "Requested encryption type not used in message"
+msgstr ""
+"Der angeforderte Verschlüsselungstyp wird in der Nachricht nicht verwendet."
+
+#: ../lib/krb5/error_tables/krb5_err.c:176
+msgid "Program lacks support for checksum type"
+msgstr "Dem Programm fehlt es an der Unterstützung für den Prüfsummentyp."
+
+#: ../lib/krb5/error_tables/krb5_err.c:177
+msgid "Cannot find KDC for requested realm"
+msgstr "KDC für angeforderten Realm kann nicht gefunden werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:178
+msgid "Kerberos service unknown"
+msgstr "Kerberos-Dienst unbekannt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:179
+msgid "Cannot contact any KDC for requested realm"
+msgstr "Für den angeforderten Realm kann kein KDC kontaktiert werden."
+
+#: ../lib/krb5/error_tables/krb5_err.c:180
+msgid "No local name found for principal name"
+msgstr "Für den Principal-Namen wurde kein lokaler Name gefunden."
+
+#: ../lib/krb5/error_tables/krb5_err.c:182
+msgid "Replay cache type is already registered"
+msgstr "Wiederholungszwischenspeichertyp ist bereits registriert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:183
+msgid "No more memory to allocate (in replay cache code)"
+msgstr ""
+"kein Speicher mehr zu reservieren (im Wiederholungszwischenspeichercode)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:184
+msgid "Replay cache type is unknown"
+msgstr "Wiederholungszwischenspeichertyp ist unbekannt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:185
+msgid "Generic unknown RC error"
+msgstr "allgemeiner unbekannter Wiederholungszwischenspeicherfehler"
+
+#: ../lib/krb5/error_tables/krb5_err.c:186
+msgid "Message is a replay"
+msgstr "Nachricht ist eine Wiederholung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:187
+msgid "Replay cache I/O operation failed"
+msgstr "Wiederholungszwischenspeicher-E/A-Aktion fehlgeschlagen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:188
+msgid "Replay cache type does not support non-volatile storage"
+msgstr ""
+"Wiederholungszwischenspeichertyp unterstützt keinen beständigen Speicher"
+
+#: ../lib/krb5/error_tables/krb5_err.c:189
+msgid "Replay cache name parse/format error"
+msgstr "Auswerte-/Formatfehler im Wiederholungszwischenspeichernamens"
+
+#: ../lib/krb5/error_tables/krb5_err.c:190
+msgid "End-of-file on replay cache I/O"
+msgstr "Dateiende bei der E/A des Wiederholungszwischenspeichers"
+
+#: ../lib/krb5/error_tables/krb5_err.c:191
+msgid "No more memory to allocate (in replay cache I/O code)"
+msgstr ""
+"kein weiterer Speicher reservierbar (im Wiederholungszwischenspeicher-E/A-"
+"Code)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:192
+msgid "Permission denied in replay cache code"
+msgstr "Zugriff im Wiederholungszwischenspeichercode verweigert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:193
+msgid "I/O error in replay cache i/o code"
+msgstr "E/A-Fehler im Wiederholungszwischenspeicher-E/A-Code"
+
+#: ../lib/krb5/error_tables/krb5_err.c:194
+msgid "Generic unknown RC/IO error"
+msgstr "allgemeiner unbekannter Wiederholungszwischenspeicher-/E/A-Fehler"
+
+#: ../lib/krb5/error_tables/krb5_err.c:195
+msgid "Insufficient system space to store replay information"
+msgstr ""
+"Platz im System reicht nicht zum Speichern der Wiederholungsinformationen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:196
+msgid "Can't open/find realm translation file"
+msgstr "Realm-Übersetzungsdatei kann nicht geöffnet/gefunden werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:197
+msgid "Improper format of realm translation file"
+msgstr "Format der Realm-Ãœbersetzungsdatei ist ungeeignet"
+
+#: ../lib/krb5/error_tables/krb5_err.c:198
+msgid "Can't open/find lname translation database"
+msgstr "die Lname-Übersetzungsdatenbank kann nicht geöffnet/gefunden werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:199
+msgid "No translation available for requested principal"
+msgstr "Für den angeforderten Principal ist keine Übersetzung verfügbar."
+
+#: ../lib/krb5/error_tables/krb5_err.c:200
+msgid "Improper format of translation database entry"
+msgstr "Format des Eintrags der Ãœbersetzungsdatenbank ist ungeeignet"
+
+#: ../lib/krb5/error_tables/krb5_err.c:201
+msgid "Cryptosystem internal error"
+msgstr "interner Fehler des Verschlüsselungssystems"
+
+#: ../lib/krb5/error_tables/krb5_err.c:202
+msgid "Key table name malformed"
+msgstr "falsche Form des Schlüsseltabellennamens"
+
+#: ../lib/krb5/error_tables/krb5_err.c:203
+msgid "Unknown Key table type"
+msgstr "unbekannter Schlüsseltabellentyp"
+
+#: ../lib/krb5/error_tables/krb5_err.c:204
+msgid "Key table entry not found"
+msgstr "Schlüsseltabelleneintrag nicht gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:205
+msgid "End of key table reached"
+msgstr "Ende der Schlüsseltabelle erreicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:206
+msgid "Cannot write to specified key table"
+msgstr "in angegebene Schlüsseltabelle kann nicht geschrieben werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:207
+msgid "Error writing to key table"
+msgstr "Fehler beim Schreiben in Schlüsseltabelle"
+
+#: ../lib/krb5/error_tables/krb5_err.c:208
+msgid "Cannot find ticket for requested realm"
+msgstr "Ticket für angeforderten Realm kann nicht gefunden werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:209
+msgid "DES key has bad parity"
+msgstr "DES-Schlüssel hat falsche Parität"
+
+#: ../lib/krb5/error_tables/krb5_err.c:210
+msgid "DES key is a weak key"
+msgstr "DES-Schlüssel ist schwach"
+
+#: ../lib/krb5/error_tables/krb5_err.c:211
+msgid "Bad encryption type"
+msgstr "falscher Verschlüsselungstyp"
+
+#: ../lib/krb5/error_tables/krb5_err.c:212
+msgid "Key size is incompatible with encryption type"
+msgstr "Schlüssellänge ist nicht mit dem Verschlüsselungstyp kompatibel"
+
+#: ../lib/krb5/error_tables/krb5_err.c:213
+msgid "Message size is incompatible with encryption type"
+msgstr "Nachrichtengröße ist nicht mit Verschlüsselungstyp kompatibel"
+
+#: ../lib/krb5/error_tables/krb5_err.c:214
+msgid "Credentials cache type is already registered."
+msgstr "Anmeldedatenzwischenspeichertyp ist bereits registriert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:215
+msgid "Key table type is already registered."
+msgstr "Schlüsseltabellentyp ist bereits registriert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:216
+msgid "Credentials cache I/O operation failed XXX"
+msgstr "E/A-Aktion für Anmeldedatenzwischenspeicher fehlgeschlagen XXX"
+
+#: ../lib/krb5/error_tables/krb5_err.c:217
+msgid "Credentials cache permissions incorrect"
+msgstr "Anmeldedatenzwischenspeicherrechte nicht korrekt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:218
+msgid "No credentials cache found"
+msgstr "kein Anmeldedatenzwischenspeicher gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:219
+msgid "Internal credentials cache error"
+msgstr "interner Anmeldedatenzwischenspeicherfehler"
+
+#: ../lib/krb5/error_tables/krb5_err.c:220
+msgid "Error writing to credentials cache"
+msgstr "Fehler beim Schreiben in den Anmeldedatenzwischenspeicher"
+
+#: ../lib/krb5/error_tables/krb5_err.c:221
+msgid "No more memory to allocate (in credentials cache code)"
+msgstr ""
+"kein weiterer Speicher zu reservieren (im Anmeldedatenzwischenspeichercode)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:222
+msgid "Bad format in credentials cache"
+msgstr "falsches Format im Anmeldedatenzwischenspeicher"
+
+#: ../lib/krb5/error_tables/krb5_err.c:223
+msgid "No credentials found with supported encryption types"
+msgstr "keine Anmeldedaten mit unterstützten Verschlüsselungstypen gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:224
+msgid "Invalid KDC option combination (library internal error)"
+msgstr "ungültige Kombination von KDC-Optionen (interner Bibliotheksfehler)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:225
+msgid "Request missing second ticket"
+msgstr "Der Anfrage fehlt das zweite Ticket."
+
+#: ../lib/krb5/error_tables/krb5_err.c:226
+msgid "No credentials supplied to library routine"
+msgstr "der Bibliotheks-Routine wurden keine Anmeldedaten geliefert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:227
+msgid "Bad sendauth version was sent"
+msgstr "Es wurde eine falsche Sendauth-Version verschickt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:228
+msgid "Bad application version was sent (via sendauth)"
+msgstr "Es wurde eine falsche Anwendungsversion (über Sendauth) verschickt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:229
+msgid "Bad response (during sendauth exchange)"
+msgstr "falsche Antwort (beim Sendauth-Austausch)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:230
+msgid "Server rejected authentication (during sendauth exchange)"
+msgstr "Server wies Authentifizierung (beim Sendauth-Austausch) zurück"
+
+#: ../lib/krb5/error_tables/krb5_err.c:231
+msgid "Unsupported preauthentication type"
+msgstr "nicht unterstützter Vorauthentifizierungstyp"
+
+#: ../lib/krb5/error_tables/krb5_err.c:232
+msgid "Required preauthentication key not supplied"
+msgstr "erforderlicher Vorauthentifizierungsschlüssel nicht bereitgestellt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:233
+msgid "Generic preauthentication failure"
+msgstr "allgemeiner Fehlschlag der Vorauthentifizierung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:234
+msgid "Unsupported replay cache format version number"
+msgstr ""
+"nicht unterstütztes Versionsnummernformat des Wiederholungszwischenspeichers"
+
+#: ../lib/krb5/error_tables/krb5_err.c:235
+msgid "Unsupported credentials cache format version number"
+msgstr ""
+"nicht unterstütztes Versionsnummernformat des Anmeldedatenzwischenspeichers"
+
+#: ../lib/krb5/error_tables/krb5_err.c:236
+msgid "Unsupported key table format version number"
+msgstr "nicht unterstütztes Versionsnummernformat der Schlüsseltabelle"
+
+#: ../lib/krb5/error_tables/krb5_err.c:237
+msgid "Program lacks support for address type"
+msgstr "Dem Programm fehlt es an der Unterstützung des Adresstyps."
+
+#: ../lib/krb5/error_tables/krb5_err.c:238
+msgid "Message replay detection requires rcache parameter"
+msgstr "Erkennung der Antwortnachricht erfordert den Parameter »rcache«"
+
+#: ../lib/krb5/error_tables/krb5_err.c:239
+msgid "Hostname cannot be canonicalized"
+msgstr "Rechnername kann nicht in Normalform gebracht werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:240
+msgid "Cannot determine realm for host"
+msgstr "Realm für Rechner kann nicht bestimmt werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:241
+msgid "Conversion to service principal undefined for name type"
+msgstr "Umwandlung in Dienst-Principal für Namenstyp nicht definiert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:242
+msgid "Initial Ticket response appears to be Version 4 error"
+msgstr "anfängliche Ticket-Antwort scheint ein Fehler der Version 4 zu sein"
+
+#: ../lib/krb5/error_tables/krb5_err.c:243
+msgid "Cannot resolve network address for KDC in requested realm"
+msgstr ""
+"Netzwerkadresse für KDC im angeforderten Realm kann nicht aufgelöst werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:244
+msgid "Requesting ticket can't get forwardable tickets"
+msgstr "anforderndes Ticket kann keine weiterleitbaren Tickets holen"
+
+#: ../lib/krb5/error_tables/krb5_err.c:245
+msgid "Bad principal name while trying to forward credentials"
+msgstr "falscher Principal beim Versuch, Anmeldedaten weiterzuleiten"
+
+#: ../lib/krb5/error_tables/krb5_err.c:246
+msgid "Looping detected inside krb5_get_in_tkt"
+msgstr "Schleife innerhalb von »krb5_get_in_tkt« entdeckt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:247
+msgid "Configuration file does not specify default realm"
+msgstr "Konfigurationsdatei gibt keinen Standard-Realm an"
+
+#: ../lib/krb5/error_tables/krb5_err.c:248
+msgid "Bad SAM flags in obtain_sam_padata"
+msgstr "falsche SAM-Schalter in »obtain_sam_padata«"
+
+#: ../lib/krb5/error_tables/krb5_err.c:249
+msgid "Invalid encryption type in SAM challenge"
+msgstr "ungültiger Verschlüsselungstyp in der SAM-Aufforderung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:250
+msgid "Missing checksum in SAM challenge"
+msgstr "fehlende Prüfsumme in der SAM-Aufforderung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:251
+msgid "Bad checksum in SAM challenge"
+msgstr "falsche Prüfsumme in der SAM-Aufforderung"
+
+#: ../lib/krb5/error_tables/krb5_err.c:252
+msgid "Keytab name too long"
+msgstr "Schlüsseltabellennamen zu lang"
+
+#: ../lib/krb5/error_tables/krb5_err.c:253
+msgid "Key version number for principal in key table is incorrect"
+msgstr ""
+"Schlüsselversionsnummer des Principals in der Schlüsseltabelle ist nicht "
+"korrekt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:254
+msgid "This application has expired"
+msgstr "Diese Anwendung ist abgelaufen."
+
+#: ../lib/krb5/error_tables/krb5_err.c:255
+msgid "This Krb5 library has expired"
+msgstr "Diese Krb5-Bibliothek ist abgelaufen."
+
+#: ../lib/krb5/error_tables/krb5_err.c:256
+msgid "New password cannot be zero length"
+msgstr "Das neue Passwort kann nicht die Länge Null haben."
+
+#: ../lib/krb5/error_tables/krb5_err.c:258
+msgid "Bad format in keytab"
+msgstr "falsches Format in der Schlüsseltabelle"
+
+#: ../lib/krb5/error_tables/krb5_err.c:259
+msgid "Encryption type not permitted"
+msgstr "Verschlüsselungstyp nicht erlaubt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:260
+msgid "No supported encryption types (config file error?)"
+msgstr ""
+"keine unterstützten Verschlüsselungstypen (Fehler in der "
+"Konfigurationsdatei?)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:261
+msgid "Program called an obsolete, deleted function"
+msgstr "Das Programm rief eine veraltete, gelöschte Funktion auf."
+
+#: ../lib/krb5/error_tables/krb5_err.c:262
+msgid "unknown getaddrinfo failure"
+msgstr "unbekannter Getaddrinfo-Fehlschlag"
+
+#: ../lib/krb5/error_tables/krb5_err.c:263
+msgid "no data available for host/domain name"
+msgstr "keine Daten für Rechner/Domain-Namen verfügbar"
+
+#: ../lib/krb5/error_tables/krb5_err.c:264
+msgid "host/domain name not found"
+msgstr "Rechner/Domain-Name nicht gefunden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:265
+msgid "service name unknown"
+msgstr "Dienstname unbekannt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:266
+msgid "Cannot determine realm for numeric host address"
+msgstr "Realm für numerische Rechneradresse kann nicht bestimmt werden"
+
+#: ../lib/krb5/error_tables/krb5_err.c:267
+msgid "Invalid key generation parameters from KDC"
+msgstr "ungültige Parameter zum Erzeugen von Schlüsseln vom KDC"
+
+#: ../lib/krb5/error_tables/krb5_err.c:268
+msgid "service not available"
+msgstr "Dienst nicht verfügbar"
+
+#: ../lib/krb5/error_tables/krb5_err.c:269
+msgid "Ccache function not supported: read-only ccache type"
+msgstr "Ccache-Funktion nicht unterstützt: Ccache-Typ nur lesbar"
+
+#: ../lib/krb5/error_tables/krb5_err.c:270
+msgid "Ccache function not supported: not implemented"
+msgstr "Ccache-Funktion nicht unterstützt: nicht implementiert"
+
+#: ../lib/krb5/error_tables/krb5_err.c:271
+msgid "Invalid format of Kerberos lifetime or clock skew string"
+msgstr ""
+"ungültiges Format der Kerberos-Lebensdauer oder der Zeitversatzzeichenkette"
+
+#: ../lib/krb5/error_tables/krb5_err.c:272
+msgid "Supplied data not handled by this plugin"
+msgstr ""
+"Die bereitgestellten Daten werden nicht von dieser Erweiterung behandelt."
+
+#: ../lib/krb5/error_tables/krb5_err.c:273
+msgid "Plugin does not support the operation"
+msgstr "Erweiterung unterstützt diese Aktion nicht"
+
+#: ../lib/krb5/error_tables/krb5_err.c:274
+msgid "Invalid UTF-8 string"
+msgstr "ungültige UTF-8-Zeichenkette"
+
+#: ../lib/krb5/error_tables/krb5_err.c:275
+msgid "FAST protected pre-authentication required but not supported by KDC"
+msgstr ""
+"FAST-geschützte Vorauthentifizierung erforderlich, aber nicht vom KDC "
+"unterstützt"
+
+#: ../lib/krb5/error_tables/krb5_err.c:276
+msgid "Auth context must contain local address"
+msgstr "Authentifizierungskontext muss lokale Adresse enthalten"
+
+#: ../lib/krb5/error_tables/krb5_err.c:277
+msgid "Auth context must contain remote address"
+msgstr "Authentifizierungskontext muss ferne Adresse enthalten"
+
+#: ../lib/krb5/error_tables/krb5_err.c:278
+msgid "Tracing unsupported"
+msgstr "Verfolgung nicht unterstützt"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:24
+msgid "Entry already exists in database"
+msgstr "Eintrag existiert bereits in der Datenbank"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:25
+msgid "Database store error"
+msgstr "Datenbank-Speicherfehler"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:26
+msgid "Database read error"
+msgstr "Datenbank-Lesefehler"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:27
+msgid "Insufficient access to perform requested operation"
+msgstr "Zugriffsrechte reichen nicht zur Durchführung der angeforderten Aktion"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:28
+msgid "No such entry in the database"
+msgstr "kein derartiger Eintrag in der Datenbank"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:29
+msgid "Illegal use of wildcard"
+msgstr "ungültige Verwendung eines Platzhalters"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:30
+msgid "Database is locked or in use--try again later"
+msgstr ""
+"Datenbank ist gesperrt oder wird gerade benutzt – versuchen Sie es später "
+"wieder"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:31
+msgid "Database was modified during read"
+msgstr "Datenbank wurde während des Lesens geändert"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:32
+msgid "Database record is incomplete or corrupted"
+msgstr "Datensatz ist unvollständig oder beschädigt"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:33
+msgid "Attempt to lock database twice"
+msgstr "Es wurde zweimal versucht, die Datenbank zu sperren."
+
+#: ../lib/krb5/error_tables/kdb5_err.c:34
+msgid "Attempt to unlock database when not locked"
+msgstr ""
+"Es wurde versucht, die Datenbank zu entsperren, obwohl sie nicht gesperrt "
+"ist."
+
+#: ../lib/krb5/error_tables/kdb5_err.c:35
+msgid "Invalid kdb lock mode"
+msgstr "ungültiger KDB-Sperrmodus"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:36
+msgid "Database has not been initialized"
+msgstr "Datenbank wurde nicht initialisiert"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:37
+msgid "Database has already been initialized"
+msgstr "Datenbank wurde bereits initialisiert"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:38
+msgid "Bad direction for converting keys"
+msgstr "falsche Richtung zum Umwandeln von Schlüsseln"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:39
+msgid "Cannot find master key record in database"
+msgstr "Hauptschlüsseldatensatz kann nicht in der Datenbank gefunden werden"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:40
+msgid "Master key does not match database"
+msgstr "Hauptschlüssel passt nicht zur Datenbank"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:41
+msgid "Key size in database is invalid"
+msgstr "Die Schlüssellänge in der Datenbank ist ungültig,"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:42
+msgid "Cannot find/read stored master key"
+msgstr "Der gespeicherte Hauptschlüssel kann nicht gefunden/gelesen werden."
+
+#: ../lib/krb5/error_tables/kdb5_err.c:43
+msgid "Stored master key is corrupted"
+msgstr "Der gespeicherte Hauptschlüssel ist beschädigt."
+
+#: ../lib/krb5/error_tables/kdb5_err.c:44
+msgid "Cannot find active master key"
+msgstr "Der aktive Hauptschlüssel kann nicht gefunden werden."
+
+#: ../lib/krb5/error_tables/kdb5_err.c:45
+msgid "KVNO of new master key does not match expected value"
+msgstr "KVNO des neuen Hauptschlüssels passt nicht zum erwarteten Wert"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:46
+msgid "Stored master key is not current"
+msgstr "gespeicherter Hauptschlüssel ist nicht aktuell"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:47
+msgid "Insufficient access to lock database"
+msgstr "keine ausreichenden Zugriffsrechte zum Sperren der Datenbank"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:48
+msgid "Database format error"
+msgstr "fehlerhaftes Datenbankformat"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:49
+msgid "Unsupported version in database entry"
+msgstr "nicht unterstützte Version im Datenbankeintrag"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:50
+msgid "Unsupported salt type"
+msgstr "nicht unterstützter Salt-Typ"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:51
+msgid "Unsupported encryption type"
+msgstr "nicht unterstützter Verschlüsselungstyp"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:52
+msgid "Bad database creation flags"
+msgstr "falsche Schalter zum Erstellen der Datenbank"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:53
+msgid "No matching key in entry having a permitted enctype"
+msgstr ""
+"kein passender Schlüssel in einem Eintrag mit erlaubtem Verschlüsselungstyp"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:54
+msgid "No matching key in entry"
+msgstr "kein passender Schlüssel im Eintrag"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:55
+msgid "Unable to find requested database type"
+msgstr "angeforderter Datenbanktyp kann nicht gefunden werden"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:56
+msgid "Database type not supported"
+msgstr "Datenbanktyp nicht unterstützt"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:57
+msgid "Database library failed to initialize"
+msgstr "Initialisieren der Datenbankbibliothek fehlgeschlagen"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:59
+msgid "Unable to access Kerberos database"
+msgstr "auf die Kerberos-Datenbank kann nicht zugegriffen werden"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:60
+msgid "Kerberos database internal error"
+msgstr "interner Kerberos-Datenbankfehler"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:61
+msgid "Kerberos database constraints violated"
+msgstr "Kerberos-Datenbankbeschränkungen verletzt"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:62
+msgid "Update log conversion error"
+msgstr "Fehler beim Umwandeln des Aktualisierungsprotokolls"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:63
+msgid "Update log is unstable"
+msgstr "Aktualisierungsprotokoll ist instabil"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:64
+msgid "Update log is corrupt"
+msgstr "Aktualisierungsprotokoll ist beschädigt"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:65
+msgid "Generic update log error"
+msgstr "allgemeiner Aktualisierungsprotokollfehler"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:66
+msgid "Database module does not match KDC version"
+msgstr "Datenbankmodul passt nicht zur KDC-Version"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:68
+msgid "Too much string mapping data"
+msgstr "zu viele zeichenkettenabbildenden Daten"
+
+#: ../lib/krb5/error_tables/asn1_err.c:23
+msgid "ASN.1 failed call to system time library"
+msgstr "ASN.1 beim Aufruf der Systemzeitbibliothek gescheitert"
+
+#: ../lib/krb5/error_tables/asn1_err.c:24
+msgid "ASN.1 structure is missing a required field"
+msgstr "ein erforderliches Feld fehlt in der ASN.1-Struktur"
+
+#: ../lib/krb5/error_tables/asn1_err.c:25
+msgid "ASN.1 unexpected field number"
+msgstr "ASN.1 unerwartete Feldnummer"
+
+#: ../lib/krb5/error_tables/asn1_err.c:26
+msgid "ASN.1 type numbers are inconsistent"
+msgstr "ASN.1-Typnummern sind inkonsistent"
+
+#: ../lib/krb5/error_tables/asn1_err.c:27
+msgid "ASN.1 value too large"
+msgstr "ASN.1-Wert zu groß"
+
+#: ../lib/krb5/error_tables/asn1_err.c:28
+msgid "ASN.1 encoding ended unexpectedly"
+msgstr "ASN.1-Kodierung endete unerwartet"
+
+#: ../lib/krb5/error_tables/asn1_err.c:29
+msgid "ASN.1 identifier doesn't match expected value"
+msgstr "ASN.1-Bezeichner passt nicht zum erwarteten Wert"
+
+#: ../lib/krb5/error_tables/asn1_err.c:30
+msgid "ASN.1 length doesn't match expected value"
+msgstr "Länge von ASN.1 passt nicht zum erwarteten Wert"
+
+#: ../lib/krb5/error_tables/asn1_err.c:31
+msgid "ASN.1 badly-formatted encoding"
+msgstr "fehlerhaft formatierte ASN.1-Kodierung"
+
+#: ../lib/krb5/error_tables/asn1_err.c:32
+msgid "ASN.1 parse error"
+msgstr "ASN.1-Auswertungsfehler"
+
+#: ../lib/krb5/error_tables/asn1_err.c:33
+msgid "ASN.1 bad return from gmtime"
+msgstr "ASN.1 falscher Rückgabewert von Gmtime"
+
+#: ../lib/krb5/error_tables/asn1_err.c:34
+msgid "ASN.1 non-constructed indefinite encoding"
+msgstr "nicht konstruierte unbestimmte ASN.1-Kodierung"
+
+#: ../lib/krb5/error_tables/asn1_err.c:35
+msgid "ASN.1 missing expected EOC"
+msgstr "ASN.1 fehlt erwartetes EOC"
+
+#: ../lib/krb5/error_tables/asn1_err.c:36
+msgid "ASN.1 object omitted in sequence"
+msgstr "ASN.1-Objekt in Sequenz ausgelassen"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:23
+msgid "Kerberos V5 magic number table"
+msgstr "Tabelle magischer Zahlen von Kerberos V5"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:24
+msgid "Bad magic number for krb5_principal structure"
+msgstr "falsche magische Zahl für Krb5_principal-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:25
+msgid "Bad magic number for krb5_data structure"
+msgstr "falsche magische Zahl für Krb5_data-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:26
+msgid "Bad magic number for krb5_keyblock structure"
+msgstr "falsche magische Zahl für Krb5_krb5_keyblock-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:27
+msgid "Bad magic number for krb5_checksum structure"
+msgstr "falsche magische Zahl für Krb5_krb5_checksum-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:28
+msgid "Bad magic number for krb5_encrypt_block structure"
+msgstr "falsche magische Zahl für Krb5_encrypt_bloc-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:29
+msgid "Bad magic number for krb5_enc_data structure"
+msgstr "falsche magische Zahl für Krb5_enc_data-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:30
+msgid "Bad magic number for krb5_cryptosystem_entry structure"
+msgstr "falsche magische Zahl für Krb5_cryptosystem_entry-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:31
+msgid "Bad magic number for krb5_cs_table_entry structure"
+msgstr "falsche magische Zahl für Krb5_cs_table_entry-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:32
+msgid "Bad magic number for krb5_checksum_entry structure"
+msgstr "falsche magische Zahl für Krb5_checksum_entry-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:33
+msgid "Bad magic number for krb5_authdata structure"
+msgstr "falsche magische Zahl für Krb5_authdata-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:34
+msgid "Bad magic number for krb5_transited structure"
+msgstr "falsche magische Zahl für Krb5_transited-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:35
+msgid "Bad magic number for krb5_enc_tkt_part structure"
+msgstr "falsche magische Zahl für Krb5_enc_tkt_part-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:36
+msgid "Bad magic number for krb5_ticket structure"
+msgstr "falsche magische Zahl für Krb5_ticket-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:37
+msgid "Bad magic number for krb5_authenticator structure"
+msgstr "falsche magische Zahl für Krb5_authenticator-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:38
+msgid "Bad magic number for krb5_tkt_authent structure"
+msgstr "falsche magische Zahl für Krb5_tkt_authent-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:39
+msgid "Bad magic number for krb5_creds structure"
+msgstr "falsche magische Zahl für Krb5_creds-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:40
+msgid "Bad magic number for krb5_last_req_entry structure"
+msgstr "falsche magische Zahl für Krb5_last_req_entry-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:41
+msgid "Bad magic number for krb5_pa_data structure"
+msgstr "falsche magische Zahl für Krb5_pa_data-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:42
+msgid "Bad magic number for krb5_kdc_req structure"
+msgstr "falsche magische Zahl für Krb5_kdc_req-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:43
+msgid "Bad magic number for krb5_enc_kdc_rep_part structure"
+msgstr "falsche magische Zahl für Krb5_enc_kdc_rep_part-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:44
+msgid "Bad magic number for krb5_kdc_rep structure"
+msgstr "falsche magische Zahl für Krb5_kdc_rep-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:45
+msgid "Bad magic number for krb5_error structure"
+msgstr "falsche magische Zahl für Krb5_error-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:46
+msgid "Bad magic number for krb5_ap_req structure"
+msgstr "falsche magische Zahl für Krb5_ap_req-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:47
+msgid "Bad magic number for krb5_ap_rep structure"
+msgstr "falsche magische Zahl für Krb5_ap_rep-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:48
+msgid "Bad magic number for krb5_ap_rep_enc_part structure"
+msgstr "falsche magische Zahl für Krb5_ap_rep_enc_part-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:49
+msgid "Bad magic number for krb5_response structure"
+msgstr "falsche magische Zahl für Krb5_response-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:50
+msgid "Bad magic number for krb5_safe structure"
+msgstr "falsche magische Zahl für Krb5_safe-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:51
+msgid "Bad magic number for krb5_priv structure"
+msgstr "falsche magische Zahl für Krb5_priv-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:52
+msgid "Bad magic number for krb5_priv_enc_part structure"
+msgstr "falsche magische Zahl für Krb5_priv_enc_part-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:53
+msgid "Bad magic number for krb5_cred structure"
+msgstr "falsche magische Zahl für Krb5_cred-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:54
+msgid "Bad magic number for krb5_cred_info structure"
+msgstr "falsche magische Zahl für Krb5_cred_info-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:55
+msgid "Bad magic number for krb5_cred_enc_part structure"
+msgstr "falsche magische Zahl für Krb5_cred_enc_part-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:56
+msgid "Bad magic number for krb5_pwd_data structure"
+msgstr "falsche magische Zahl für Krb5_pwd_data-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:57
+msgid "Bad magic number for krb5_address structure"
+msgstr "falsche magische Zahl für Krb5_address-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:58
+msgid "Bad magic number for krb5_keytab_entry structure"
+msgstr "falsche magische Zahl für Krb5_keytab_entry-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:59
+msgid "Bad magic number for krb5_context structure"
+msgstr "falsche magische Zahl für Krb5_context-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:60
+msgid "Bad magic number for krb5_os_context structure"
+msgstr "falsche magische Zahl für Krb5_os_context-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:61
+msgid "Bad magic number for krb5_alt_method structure"
+msgstr "falsche magische Zahl für Krb5_alt_method-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:62
+msgid "Bad magic number for krb5_etype_info_entry structure"
+msgstr "falsche magische Zahl für Krb5_etype_info_entry-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:63
+msgid "Bad magic number for krb5_db_context structure"
+msgstr "falsche magische Zahl für Krb5_db_context-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:64
+msgid "Bad magic number for krb5_auth_context structure"
+msgstr "falsche magische Zahl für Krb5_auth_context-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:65
+msgid "Bad magic number for krb5_keytab structure"
+msgstr "falsche magische Zahl für Krb5_keytab-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:66
+msgid "Bad magic number for krb5_rcache structure"
+msgstr "falsche magische Zahl für Krb5_rcache-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:67
+msgid "Bad magic number for krb5_ccache structure"
+msgstr "falsche magische Zahl für Krb5_ccache-Struktur"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:68
+msgid "Bad magic number for krb5_preauth_ops"
+msgstr "falsche magische Zahl für Krb5_preauth_ops"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:69
+msgid "Bad magic number for krb5_sam_challenge"
+msgstr "falsche magische Zahl für Krb5_sam_challenge"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:70
+msgid "Bad magic number for krb5_sam_challenge_2"
+msgstr "falsche magische Zahl für Krb5_sam_challenge_2"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:71
+msgid "Bad magic number for krb5_sam_key"
+msgstr "falsche magische Zahl für Krb5_sam_key"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:72
+#: ../lib/krb5/error_tables/kv5m_err.c:73
+msgid "Bad magic number for krb5_enc_sam_response_enc"
+msgstr "falsche magische Zahl für Krb5_enc_sam_response_enc"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:74
+msgid "Bad magic number for krb5_sam_response"
+msgstr "falsche magische Zahl für Krb5_sam_response"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:75
+msgid "Bad magic number for krb5_sam_response 2"
+msgstr "falsche magische Zahl für Krb5_sam_response 2"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:76
+msgid "Bad magic number for krb5_predicted_sam_response"
+msgstr "falsche magische Zahl für Krb5_predicted_sam_response"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:77
+msgid "Bad magic number for passwd_phrase_element"
+msgstr "falsche magische Zahl für Passwd_phrase_element"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:78
+msgid "Bad magic number for GSSAPI OID"
+msgstr "falsche magische Zahl für GSSAPI OID"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:79
+msgid "Bad magic number for GSSAPI QUEUE"
+msgstr "falsche magische Zahl für GSSAPI QUEUE"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:80
+msgid "Bad magic number for fast armored request"
+msgstr "falsche magische Zahl für per FAST geschützte Anfrage"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:81
+msgid "Bad magic number for FAST request"
+msgstr "falsche magische Zahl für FAST-Anfrage"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:82
+msgid "Bad magic number for FAST response"
+msgstr "falsche magische Zahl für FAST-Antwort"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:83
+msgid "Bad magic number for krb5_authdata_context"
+msgstr "falsche magische Zahl für Krb5_authdata_context"
+
+#: ../lib/krb5/error_tables/krb524_err.c:23
+msgid "Cannot convert V5 keyblock"
+msgstr "V5-Schlüsselblock kann nicht umgewandelt werden"
+
+#: ../lib/krb5/error_tables/krb524_err.c:24
+msgid "Cannot convert V5 address information"
+msgstr "V5-Adressinformationen können nicht umgewandelt werden"
+
+#: ../lib/krb5/error_tables/krb524_err.c:25
+msgid "Cannot convert V5 principal"
+msgstr "V5-Principal kann nicht umgewandelt werden"
+
+#: ../lib/krb5/error_tables/krb524_err.c:26
+msgid "V5 realm name longer than V4 maximum"
+msgstr "V5-Realm-Name ist länger als die V4-Maximallänge"
+
+#: ../lib/krb5/error_tables/krb524_err.c:27
+msgid "Kerberos V4 error"
+msgstr "Kerberos-V4-Fehler"
+
+#: ../lib/krb5/error_tables/krb524_err.c:28
+msgid "Encoding too large"
+msgstr "Kodierung zu lang"
+
+#: ../lib/krb5/error_tables/krb524_err.c:29
+msgid "Decoding out of data"
+msgstr "Dekodieren außerhalb der Daten"
+
+#: ../lib/krb5/error_tables/krb524_err.c:30
+msgid "Service not responding"
+msgstr "Dienst antwortet nicht"
+
+#: ../lib/krb5/error_tables/krb524_err.c:31
+msgid "Kerberos version 4 support is disabled"
+msgstr "Kerberos 4 Unterstützung ist deaktiviert"
+
+#~ msgid "while creating server %s principal name"
+#~ msgstr "beim Erstellen des Principal-Namens für Server %s"
+
+# KDC = Key Distribution Center
+#~ msgid "while getting credentials from kdc"
+#~ msgstr "beim Holen der Anmeldedaten vom KDC"
+
+# FIXME s/Retrieving/retrieving/
+#~ msgid "while Retrieving credentials"
+#~ msgstr "beim Abfragen der Anmeldedaten"
+
+#~ msgid "while copying principal"
+#~ msgstr "beim Kopieren des Principals"
+
+#~ msgid "%s does not have correct permissions for %s\n"
+#~ msgstr "%s hat nicht die erforderlichen Zugriffsrechte für %s\n"
+
+#~ msgid "no salt\n"
+#~ msgstr "kein Salt\n"
+
+#~ msgid "%s: Couldn't grab lock\n"
+#~ msgstr "%s: Es konnte keine Sperre erlangt werden.\n"
+
+#~ msgid "%s: Loads disallowed when iprop is enabled and a ulog is present\n"
+#~ msgstr ""
+#~ "%s: Wenn Iprop aktiviert und Ulog vorhanden ist, ist Laden nicht "
+#~ "möglich.\n"
+
+#~ msgid "trying to lock database"
+#~ msgstr "es wird versucht, die Datenbank zu sperren"
+
+#~ msgid "GSS-API error %s: %s\n"
+#~ msgstr "GSS-API-Fehler %s: %s\n"
+
+#~ msgid "Couldn't create KRB5 Name NameType OID\n"
+#~ msgstr "KRB5 Name NameType OID konnte nicht erstellt werden.\n"
+
+#~ msgid "%s: %s while initializing, aborting"
+#~ msgstr "%s: %s beim Initialisieren, wird abgebrochen"
+
+#~ msgid ""
+#~ "%s: Missing required configuration values (%lx) while initializing, "
+#~ "aborting"
+#~ msgstr ""
+#~ "%s: Beim Initialisieren fehlen die erforderlichen Konfigurationswerte "
+#~ "(%lx), wird abgebrochen"
+
+#~ msgid ""
+#~ "%s: Missing required configuration values (%lx) while initializing, "
+#~ "aborting\n"
+#~ msgstr ""
+#~ "%s: Beim Initialisieren fehlen die erforderlichen Konfigurationswerte "
+#~ "(%lx), wird abgebrochen\n"
+
+#~ msgid "%s: could not initialize loop, aborting"
+#~ msgstr "%s: Schleife konnte nicht initialisiert werden, wird abgebrochen"
+
+#~ msgid "%s: could not initialize loop, aborting\n"
+#~ msgstr "%s: Schleife konnte nicht initialisiert werden, wird abgebrochen\n"
+
+#~ msgid "%s: %s while initializing signal handlers, aborting"
+#~ msgstr ""
+#~ "%s: %s beim Initialisieren des Signalbehandlungsprogramms, wird "
+#~ "abgebrochen"
+
+#~ msgid "%s: %s while initializing signal handlers, aborting\n"
+#~ msgstr ""
+#~ "%s: %s beim Initialisieren des Signalbehandlungsprogramms, wird "
+#~ "abgebrochen\n"
+
+#~ msgid "%s: %s while initializing network, aborting"
+#~ msgstr "%s: %s beim Initialisieren des Netzwerks, wird abgebrochen"
+
+#~ msgid "%s: %s while initializing network, aborting\n"
+#~ msgstr "%s: %s beim Initialisieren des Netzwerks, wird abgebrochen\n"
+
+#~ msgid "Cannot build GSS-API authentication names, failing."
+#~ msgstr ""
+#~ "GSS-API-Authentifizierungsnamen können nicht gebildet werden, "
+#~ "fehlgeschlagen"
+
+#~ msgid "Can't set kdb keytab's internal context."
+#~ msgstr ""
+#~ "Der interne Kontext von KDBs Schlüsseltabelle kann nicht gesetzt werden."
+
+#~ msgid "Can't register kdb keytab."
+#~ msgstr "Die KDB-Schlüsseltabelle kann nicht registriert werden."
+
+#~ msgid "Can't register acceptor keytab."
+#~ msgstr "Die Empfängerschlüsseltabelle kann nicht registriert werden."
+
+#~ msgid ""
+#~ "Cannot set GSS-API authentication names (keytab not present?), failing."
+#~ msgstr ""
+#~ "GSS-API-Authentifizierungsnamen können nicht gesetzt werden "
+#~ "(Schlüsseltabelle nicht vorhanden?), fehlgeschlagen"
+
+#~ msgid "Cannot initialize acl file: %s"
+#~ msgstr "ACL-Datei kann nicht initialisiert werden: %s"
+
+#~ msgid "%s: Cannot initialize acl file: %s\n"
+#~ msgstr "%s: ACL-Datei kann nicht initialisiert werden: %s\n"
+
+#~ msgid "Cannot detach from tty: %s"
+#~ msgstr "kann nicht vom Terminal gelöst werden: %s"
+
+#~ msgid "Cannot create PID file %s: %s"
+#~ msgstr "PID-Datei %s kann nicht erstellt werden: %s"
+
+#~ msgid "%s: %s while mapping update log (`%s.ulog')\n"
+#~ msgstr "%s: %s beim Abbilden des Aktualisierungsprotokolls (»%s.ulog«)\n"
+
+#~ msgid "%s while mapping update log (`%s.ulog')"
+#~ msgstr "%s beim Abbilden des Aktualisierungsprotokolls (»%s.ulog«)"
+
+#~ msgid "%s: Cannot create IProp RPC service (PROG=%d, VERS=%d)\n"
+#~ msgstr ""
+#~ "%s: IProp-RPC-Dienst kann nicht erstellt werden (PROG=%d, VERS=%d)\n"
+
+#~ msgid "Cannot create IProp RPC service (PROG=%d, VERS=%d), failing."
+#~ msgstr ""
+#~ "IProp-RPC-Dienst kann nicht erstellt werden (PROG=%d, VERS=%d), "
+#~ "fehlgeschlagen"
+
+#~ msgid "%s while getting IProp svc name, failing"
+#~ msgstr "%s beim Holen des IProp-Dienstnamens, fehlgeschlagen"
+
+#~ msgid "%s: %s while getting IProp svc name, failing\n"
+#~ msgstr "%s: %s beim Holen des IProp-Dienstnamens, fehlgeschlagen\n"
+
+#~ msgid "Unable to set RPCSEC_GSS service name (`%s'), failing."
+#~ msgstr ""
+#~ "der RPCSEC_GSS-Dienstname (»%s«) kann nicht gesetzt werden, fehlgeschlagen"
+
+#~ msgid "%s: Unable to set RPCSEC_GSS service name (`%s'), failing.\n"
+#~ msgstr ""
+#~ "%s: der RPCSEC_GSS-Dienstname (»%s«) kann nicht gesetzt werden, "
+#~ "fehlgeschlagen\n"
+
+#~ msgid "GSS-API authentication error %.*s: recursive failure!"
+#~ msgstr "GSS-API-Authentifizierungsfehler %.*s: rekursiver Fehlschlag!"
+
+#~ msgid "skipping unrecognized local address family %d"
+#~ msgstr "nicht erkannte lokale Adressfamilie %d wird übersprungen"
+
+#~ msgid "got routing msg type %d(%s) v%d"
+#~ msgstr "Routing-Meldungstyp %d(%s) v%d erhalten"
+
+#~ msgid "Could not create temp stash file: %s"
+#~ msgstr "Temporäre Ablagedatei konnte nicht erstellt werden: %s"
+
+#~ msgid "ulog_sync_header: could not sync to disk"
+#~ msgstr "ulog_sync_header: kann nicht auf Platte sychronisiert werden"
+
+#~ msgid "%s: attempt to convert non-extended krb5_get_init_creds_opt"
+#~ msgstr ""
+#~ "%s: Es wird versucht, nicht erweiterte »krb5_get_init_creds_opt« "
+#~ "umzuwandeln"
+
+#~ msgid "krb5_sname_to_principal, while adding entries to the database"
+#~ msgstr ""
+#~ "»krb5_sname_to_principal« beim Hinzufügen von Einträgen zur Datenbank"
+
+#~ msgid "krb5_copy_principal, while adding entries to the database"
+#~ msgstr "»krb5_copy_principal« beim Hinzufügen von Einträgen zur Datenbank"
+
+#~ msgid ""
+#~ "Unable to check if SASL EXTERNAL mechanism is supported by LDAP server. "
+#~ "Proceeding anyway ..."
+#~ msgstr ""
+#~ "Es konnte nicht geprüft werden, ob der Mechanismus SASL EXTERNAL vom LDAP-"
+#~ "Server unterstützt wird. Es wird trotzdem fortgesetzt …"
+
+#~ msgid ""
+#~ "SASL EXTERNAL mechanism not supported by LDAP server. Can't perform "
+#~ "certificate-based bind."
+#~ msgstr ""
+#~ "Der Mechanismus SASL EXTERNAL wird nicht vom LDAP-Server unterstützt. Es "
+#~ "kann keine zertifikatbasierte Verbindung hergestellt werden."
+
+#~ msgid "Error reading 'ldap_servers' attribute"
+#~ msgstr "Fehler beim Lesen des Attributs »ldap_servers«"
+
+#~ msgid "Stash file entry corrupt"
+#~ msgstr "Eintrag in der Ablagedatei beschädigt"
+
+#~ msgid "while setting server principal realm"
+#~ msgstr "beim Setzen des Server-Principal-Realms"
+
+#~ msgid "while getting initial ticket\n"
+#~ msgstr "beim Holen eines Anfangs-Tickets\n"
+
+#~ msgid "while destroying ticket cache"
+#~ msgstr "beim Zerstören des Ticket-Zwischenspeichers"
+
+#~ msgid "while closing default ccache"
+#~ msgstr "beim Schließen des Standard-Ccaches"
diff --git a/krb5-1.21.3/src/po/deps b/krb5-1.21.3/src/po/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/po/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/po/en_US.po b/krb5-1.21.3/src/po/en_US.po
new file mode 100644
index 00000000..7e11d679
--- /dev/null
+++ b/krb5-1.21.3/src/po/en_US.po
@@ -0,0 +1,17 @@
+# English translations for Kerberos 5 package.
+# Copyright (C) 2011 MIT
+# This file is distributed under the same license as the Kerberos 5 package.
+# Greg Hudson <ghudson@mit.edu>, 2011.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: mit-krb5 1.10-prerelease\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2011-06-06 00:34-0400\n"
+"PO-Revision-Date: 2011-06-06 00:35-0400\n"
+"Last-Translator: Greg Hudson <ghudson@mit.edu>\n"
+"Language-Team: English\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
diff --git a/krb5-1.21.3/src/po/ka.po b/krb5-1.21.3/src/po/ka.po
new file mode 100644
index 00000000..397d2416
--- /dev/null
+++ b/krb5-1.21.3/src/po/ka.po
@@ -0,0 +1,9188 @@
+# Georgian translation for Kerberos.
+# Copyright (C) 2022 MIT
+# This file is distributed under the same license as the mit-krb5 package.
+# Temuri Doghonadze <temuri.doghonadze@gmail.com>, 2022.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: mit-krb5 1.21-prerelease\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-04-26 17:09-0400\n"
+"PO-Revision-Date: 2022-11-09 08:11+0100\n"
+"Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n"
+"Language-Team: Georgian <(nothing)>\n"
+"Language: ka\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.2\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:52
+#, c-format
+msgid "Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n"
+msgstr "გ�მ�ყენებ�: %s [-A] [-q] [-c ქეშის_ს�ხელი] [-p პრინც_ს�ხელი]\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:54
+#, c-format
+msgid "\t-A destroy all credential caches in collection\n"
+msgstr "\t-A კ�ლექცი�ში �ვტ�რიზ�ციის დეტ�ლების ყველ� ქეშის გ�ნ�დგურებ�\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:55
+#, c-format
+msgid "\t-q quiet mode\n"
+msgstr "\t-q ჩუმი რეჟიმი\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:56
+#: ../../src/clients/kswitch/kswitch.c:42
+#, c-format
+msgid "\t-c specify name of credentials cache\n"
+msgstr "\t-c �ვტ�რიზ�ციის დეტ�ლების ქეშის ს�ხელის მითითებ�\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:57
+#, c-format
+msgid "\t-p specify principal name within collection\n"
+msgstr "\t-p კ�ლექცი�ში პრინციპ�ლის ს�ხელის მითითებ� \n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:71
+#: ../../src/clients/kdestroy/kdestroy.c:165
+msgid "while listing credential caches"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშების ჩ�მ�თვლის�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:78
+#, c-format
+msgid "Other credential caches present, use -A to destroy all\n"
+msgstr ""
+"�რსებ�ბს სხვ� �ვტ�რიზ�იცის დეტ�ლის ქეშებიც. გ�ს�ნ�დგურებლ�დ გ�მ�იყენეთ -A\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:110
+#: ../../src/clients/kinit/kinit.c:332 ../../src/clients/ksu/main.c:296
+#, c-format
+msgid "Only one -c option allowed\n"
+msgstr "-c პ�რ�მეტრის მითითებ� ნებ�დ�რთული� მხ�ლ�დ ერთხელ\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:118
+#, c-format
+msgid "Only one -p option allowed\n"
+msgstr "-p პ�რ�მეტრის მითითებ� ნებ�დ�რთული� მხ�ლ�დ ერთხელ\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:125
+#: ../../src/clients/kinit/kinit.c:360 ../../src/clients/klist/klist.c:178
+#, c-format
+msgid "Kerberos 4 is no longer supported\n"
+msgstr ""
+"Kerberos 4 უკვე მხ�რდ�უჭერელი�\n"
+"\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:138
+#, c-format
+msgid "-A option is exclusive with -p option\n"
+msgstr "-A პ�რ�მეტრი ექსკლუზიურ�დ -p -სთ�ნ ერთ�დ უნდ� იქნ�ს გ�მ�ყენებული\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:150
+#: ../../src/clients/klist/klist.c:241 ../../src/clients/ksu/main.c:135
+#: ../../src/clients/ksu/main.c:141 ../../src/clients/kswitch/kswitch.c:94
+#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:929
+#: ../../src/kprop/kprop.c:103 ../../src/kprop/kpropd.c:1058
+msgid "while initializing krb5"
+msgstr "krb5-ის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:157
+#: ../../src/clients/klist/klist.c:248
+msgid "while setting default cache name"
+msgstr "ნ�გულისხმები ქეშის ს�ხელის დ�ყენების�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:172
+msgid "composing ccache name"
+msgstr "ccache-ს ს�ხელის შედგენ�"
+
+#: ../../src/clients/kdestroy/kdestroy.c:177
+#, c-format
+msgid "while destroying cache %s"
+msgstr "ქეშის (%s) გ�ნ�დგურების�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:190
+#: ../../src/clients/kswitch/kswitch.c:107 ../../src/clients/kvno/kvno.c:311
+#: ../../src/clients/kvno/kvno.c:517 ../../src/kadmin/cli/keytab.c:373
+#: ../../src/kadmin/dbutil/kdb5_util.c:544
+#, c-format
+msgid "while parsing principal name %s"
+msgstr "პრინციპ�ლის ს�ხელის (%s) დ�მუშ�ვების�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:196
+#, c-format
+msgid "while finding cache for %s"
+msgstr "%s-სთვის ქეშის ძებნის�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:204
+#: ../../src/clients/klist/klist.c:462
+msgid "while resolving ccache"
+msgstr "ccache-ის �მ�ხსნის�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:1026
+msgid "while destroying cache"
+msgstr "ქეშის გ�ნ�დგურების�ს"
+
+#: ../../src/clients/kdestroy/kdestroy.c:214
+#, c-format
+msgid "Ticket cache NOT destroyed!\n"
+msgstr "ბილეთის ქეში �რ გ�ნ�დგურებულ�!\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:216
+#, c-format
+msgid "Ticket cache %cNOT%c destroyed!\n"
+msgstr "ბილეთის ქეში %cNOT%c გ�ნ�დგურებულ�!\n"
+
+#: ../../src/clients/kinit/kinit.c:143
+#, c-format
+msgid ""
+"Usage: %s [-V] [-l lifetime] [-s start_time] [-r renewable_life]\n"
+"\t[-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]\n"
+"\t[--request-pac | --no-request-pac]\n"
+"\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
+"\t[-S service_name] [-I input_ccache] [-T ticket_armor_cache]\n"
+"\t[-X <attribute>[=<value>]] [principal]\n"
+"\n"
+msgstr ""
+"Usage: %s [-V] [-l lifetime] [-s start_time] [-r renewable_life]\n"
+"\t[-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]\n"
+"\t[--request-pac | --no-request-pac]\n"
+"\t[-v] [-R] [-k [-i|-t keytab_ფ�ილი]] [-c ქეშისს�ხელი]\n"
+"\t[-S სერვისის_ს�ხელი] [-I შეყვ�ნის_ccache] [-T ბილეთის_armor_cache]\n"
+"\t[-X <�ტრიბუტი>[=<მნიშვნელ�ბ�>]] [პრინციპ�ლი]\n"
+"\n"
+
+#: ../../src/clients/kinit/kinit.c:153
+#, c-format
+msgid "\t-V verbose\n"
+msgstr "\t-V დ�მ�ტებითი შეტყ�ბინებები\n"
+
+#: ../../src/clients/kinit/kinit.c:154
+#, c-format
+msgid "\t-l lifetime\n"
+msgstr "\t-l სიც�ცხლისდრ�\n"
+
+#: ../../src/clients/kinit/kinit.c:155
+#, c-format
+msgid "\t-s start time\n"
+msgstr "\t-s გ�შვების დრ�\n"
+
+#: ../../src/clients/kinit/kinit.c:156
+#, c-format
+msgid "\t-r renewable lifetime\n"
+msgstr "\t-r გ�ნ�ხლებ�დი სიც�ცხლის დრ�\n"
+
+#: ../../src/clients/kinit/kinit.c:157
+#, c-format
+msgid "\t-f forwardable\n"
+msgstr "\t-f გ�დ�გზ�ვნ�დი\n"
+
+#: ../../src/clients/kinit/kinit.c:158
+#, c-format
+msgid "\t-F not forwardable\n"
+msgstr "\t-F �რ�გ�დ�გზ�ვნ�დი\n"
+
+#: ../../src/clients/kinit/kinit.c:159
+#, c-format
+msgid "\t-p proxiable\n"
+msgstr "\t-p პრ�ქსირებ�დი\n"
+
+#: ../../src/clients/kinit/kinit.c:160
+#, c-format
+msgid "\t-P not proxiable\n"
+msgstr "\t-P �რ�პრ�ქსირებ�დი\n"
+
+#: ../../src/clients/kinit/kinit.c:161
+#, c-format
+msgid "\t-n anonymous\n"
+msgstr "\t-n �ნ�ნიმური\n"
+
+#: ../../src/clients/kinit/kinit.c:162
+#, c-format
+msgid "\t-a include addresses\n"
+msgstr "\t-a მის�მ�რთების ჩ�თვლით\n"
+
+#: ../../src/clients/kinit/kinit.c:163
+#, c-format
+msgid "\t-A do not include addresses\n"
+msgstr "\t-A მის�მ�რთები �რ ჩ�ითვლებ�\n"
+
+#: ../../src/clients/kinit/kinit.c:164
+#, c-format
+msgid "\t-v validate\n"
+msgstr "\t-v გ�დ�მ�წმებ�\n"
+
+#: ../../src/clients/kinit/kinit.c:165
+#, c-format
+msgid "\t-R renew\n"
+msgstr "\t-R გ�ნ�ხლებ�\n"
+
+#: ../../src/clients/kinit/kinit.c:166
+#, c-format
+msgid "\t-C canonicalize\n"
+msgstr "\t-C კ�ნ�ნიკ�ლიზ�ცი�\n"
+
+#: ../../src/clients/kinit/kinit.c:167
+#, c-format
+msgid "\t-E client is enterprise principal name\n"
+msgstr "\t-E კლიენტი ს�წ�რმ�� პრინციპ�ლის ს�ხელი�\n"
+
+#: ../../src/clients/kinit/kinit.c:168
+#, c-format
+msgid "\t-k use keytab\n"
+msgstr "\t-k keytab-ის გ�მ�ყენებ�\n"
+
+#: ../../src/clients/kinit/kinit.c:169
+#, c-format
+msgid "\t-i use default client keytab (with -k)\n"
+msgstr "\t-i კლიენტის ნ�გულისხმები keytab -ის გ�მ�ყენებ� (-k-ით)\n"
+
+#: ../../src/clients/kinit/kinit.c:170
+#, c-format
+msgid "\t-t filename of keytab to use\n"
+msgstr "\t-t keytab -ის ფ�ილის ს�ხელი\n"
+
+#: ../../src/clients/kinit/kinit.c:171
+#, c-format
+msgid "\t-c Kerberos 5 cache name\n"
+msgstr "\t-c Kerberos 5 -ის ქეშის ს�ხელი\n"
+
+#: ../../src/clients/kinit/kinit.c:172
+#, c-format
+msgid "\t-S service\n"
+msgstr "\t-S სერვისი\n"
+
+#: ../../src/clients/kinit/kinit.c:173
+#, c-format
+msgid "\t-I input credential cache\n"
+msgstr "\t-I შეყვ�ნის �ვტ�რიზ�ციის დეტ�ლების ქეში\n"
+
+#: ../../src/clients/kinit/kinit.c:174
+#, c-format
+msgid "\t-T armor credential cache\n"
+msgstr "\t-T �ბჯრის �ვტ�რიზ�ციის ქეში\n"
+
+#: ../../src/clients/kinit/kinit.c:175
+#, c-format
+msgid "\t-X <attribute>[=<value>]\n"
+msgstr "\t-X <�ტრიბუტი>[=<მნიშვნელ�ბ�>]\n"
+
+#: ../../src/clients/kinit/kinit.c:177
+#, c-format
+msgid "\t--{,no}-request-pac request KDC include/exclude a PAC\n"
+msgstr "\t--{,no}-request-pac KDC -ში PAC -ის ჩ�სმ�/�მ�ღების მ�თხ�ვნ�\n"
+
+#: ../../src/clients/kinit/kinit.c:250 ../../src/clients/kinit/kinit.c:258
+#, c-format
+msgid "Bad lifetime value %s\n"
+msgstr "სიც�ცხლის დრ�ის �რ�სწ�რი მნიშვნელ�ბ� %s\n"
+
+#: ../../src/clients/kinit/kinit.c:292
+#, c-format
+msgid "Bad start time value %s\n"
+msgstr "დ�წყების დრ�ის �რ�სწ�რი მნიშვნელ�ბ� %s\n"
+
+#: ../../src/clients/kinit/kinit.c:310
+#, c-format
+msgid "Only one -t option allowed.\n"
+msgstr "-t პ�რ�მეტრის მითითებ� ნებ�დ�რთული� მხ�ლ�დ ერთხელ\n"
+
+#: ../../src/clients/kinit/kinit.c:318
+#, c-format
+msgid "Only one armor_ccache\n"
+msgstr "მხ�ლ�დ ერთი armor_ccache\n"
+
+#: ../../src/clients/kinit/kinit.c:340
+#, c-format
+msgid "Only one -I option allowed\n"
+msgstr "-l პ�რ�მეტრის მითითებ� ნებ�დ�რთული� მხ�ლ�დ ერთხელ\n"
+
+#: ../../src/clients/kinit/kinit.c:349
+msgid "while adding preauth option"
+msgstr "preauth პ�რ�მეტრის დ�მ�ტების�ს"
+
+#: ../../src/clients/kinit/kinit.c:375
+#, c-format
+msgid "Only one of -f and -F allowed\n"
+msgstr "-f დ� -F პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთ-ერთი მ�თგ�ნის მითითებ� შეგიძლი�თ\n"
+
+#: ../../src/clients/kinit/kinit.c:379
+#, c-format
+msgid "Only one of -p and -P allowed\n"
+msgstr "-p დ� -P პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთი უნდ� იყ�ს მითითებული\n"
+
+#: ../../src/clients/kinit/kinit.c:383
+#, c-format
+msgid "Only one of --request-pac and --no-request-pac allowed\n"
+msgstr ""
+"--request-pac დ� --no-request-pac პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთ-ერთი მ�თგ�ნის "
+"მითითებ� შეგიძლი�თ\n"
+
+#: ../../src/clients/kinit/kinit.c:388
+#, c-format
+msgid "Only one of -a and -A allowed\n"
+msgstr "-a დ� -A პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთ-ერთი მ�თგ�ნის მითითებ� შეგიძლი�თ\n"
+
+#: ../../src/clients/kinit/kinit.c:392
+#, c-format
+msgid "Only one of -t and -i allowed\n"
+msgstr "-t დ� -i პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთ-ერთი მ�თგ�ნის მითითებ� შეგიძლი�თ\n"
+
+#: ../../src/clients/kinit/kinit.c:398
+#, c-format
+msgid "keytab specified, forcing -k\n"
+msgstr "keytab მითითებული�. -k ნ�ძ�ლ�დევი�\n"
+
+#: ../../src/clients/kinit/kinit.c:401 ../../src/clients/klist/klist.c:216
+#, c-format
+msgid "Extra arguments (starting with \"%s\").\n"
+msgstr "დ�მ�ტებითი �რგუმენტები (\"%s\"-ით დ�წყებული).\n"
+
+#: ../../src/clients/kinit/kinit.c:427
+msgid "while initializing Kerberos 5 library"
+msgstr "kerberos5 ბიბლი�თეკის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/clients/kinit/kinit.c:435 ../../src/clients/kinit/kinit.c:578
+#, c-format
+msgid "resolving ccache %s"
+msgstr "ccache-ის (%s) �მ�ხსნ�"
+
+#: ../../src/clients/kinit/kinit.c:440
+#, c-format
+msgid "Using specified cache: %s\n"
+msgstr "გ�მ�იყენებ� მითითებული ქეში: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:448
+msgid "while getting default ccache"
+msgstr "ნ�გულისხმები ccache-ის მიღების�ს"
+
+#: ../../src/clients/kinit/kinit.c:462 ../../src/clients/kinit/kinit.c:530
+#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:249
+#, c-format
+msgid "when parsing name %s"
+msgstr "ს�ხელის (%s) დ�მუშ�ვების�ს"
+
+#: ../../src/clients/kinit/kinit.c:470 ../../src/kadmin/dbutil/kdb5_util.c:309
+#: ../../src/kprop/kprop.c:157
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:395
+msgid "while getting default realm"
+msgstr "ნ�გულისხმები რე�ლმის მიღების�ს"
+
+#: ../../src/clients/kinit/kinit.c:481
+msgid "while building principal"
+msgstr "პრინციპ�ლის �გების�ს"
+
+#: ../../src/clients/kinit/kinit.c:489
+msgid "When resolving the default client keytab"
+msgstr "ნ�გულისხმები კლიენტის keytab-ის �მ�ხსნის�ს"
+
+#: ../../src/clients/kinit/kinit.c:496
+msgid "When determining client principal name from keytab"
+msgstr "კლიენტის პრინციპ�ლის keytab-დ�ნ დ�დგენის�ს"
+
+#: ../../src/clients/kinit/kinit.c:505
+msgid "when creating default server principal name"
+msgstr "ნ�გულისხმები სერვერის პრინციპ�ლის ს�ხელის შექმნის�ს"
+
+#: ../../src/clients/kinit/kinit.c:525 ../../src/clients/kpasswd/kpasswd.c:43
+#, c-format
+msgid "Unable to identify user\n"
+msgstr "მ�მხმ�რებლის იდენტიფიკ�ცი� შეუძლებელი�\n"
+
+#: ../../src/clients/kinit/kinit.c:539 ../../src/clients/kswitch/kswitch.c:113
+#, c-format
+msgid "while searching for ccache for %s"
+msgstr "ccache-ში %s-ის ძებნის�ს"
+
+#: ../../src/clients/kinit/kinit.c:545
+#, c-format
+msgid "Using existing cache: %s\n"
+msgstr "�რსებული ქეშის გ�მ�ყენებ�: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:554
+msgid "while generating new ccache"
+msgstr "�ხ�ლი ccache-ის გენერირების�ს"
+
+#: ../../src/clients/kinit/kinit.c:558
+#, c-format
+msgid "Using new cache: %s\n"
+msgstr "გ�მ�იყენებ� �ხ�ლი ქეში: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:570
+#, c-format
+msgid "Using default cache: %s\n"
+msgstr "გ�მ�იყენებ� ნ�გულისხმები ქეში: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:583
+#, c-format
+msgid "Using specified input cache: %s\n"
+msgstr "გ�მ�იყენებ� შეყვ�ნის მითითებული ქეში: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:590 ../../src/clients/ksu/krb_auth_su.c:160
+msgid "when unparsing name"
+msgstr "ს�ხელის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/clients/kinit/kinit.c:594
+#, c-format
+msgid "Using principal: %s\n"
+msgstr "გ�მ�იყენებ� პრინციპ�ლი: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:677
+msgid "getting local addresses"
+msgstr "ლ�კ�ლური მის�მ�რთების მიღებ�"
+
+#: ../../src/clients/kinit/kinit.c:701
+#, c-format
+msgid "while setting up KDB keytab for realm %s"
+msgstr "რე�ლმისთვის (%s) KBD keytab-ის მ�რგების�ს"
+
+#: ../../src/clients/kinit/kinit.c:710 ../../src/clients/kvno/kvno.c:508
+#, c-format
+msgid "resolving keytab %s"
+msgstr "keytab-ის (%s) �მ�ხსნ�"
+
+#: ../../src/clients/kinit/kinit.c:715
+#, c-format
+msgid "Using keytab: %s\n"
+msgstr "გ�მ�იყენებ� kytab: %s\n"
+
+#: ../../src/clients/kinit/kinit.c:719
+msgid "resolving default client keytab"
+msgstr "ნ�გულისხმები კლიენტის keytab-ის �მ�ხსნ�"
+
+#: ../../src/clients/kinit/kinit.c:729
+#, c-format
+msgid "while setting '%s'='%s'"
+msgstr "დ�ყენების�ს '%s'='%s'"
+
+#: ../../src/clients/kinit/kinit.c:734
+#, c-format
+msgid "PA Option %s = %s\n"
+msgstr "PA პ�რ�მეტრი %s = %s\n"
+
+#: ../../src/clients/kinit/kinit.c:775
+msgid "getting initial credentials"
+msgstr "ს�წყისი �ვტ�რიზ�ციის დეტ�ლების მიღებ�"
+
+#: ../../src/clients/kinit/kinit.c:778
+msgid "validating credentials"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების გ�დ�მ�წმებ�"
+
+#: ../../src/clients/kinit/kinit.c:781
+msgid "renewing credentials"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების გ�ნ�ხლებ�"
+
+#: ../../src/clients/kinit/kinit.c:789
+#, c-format
+msgid "%s: Password incorrect while %s\n"
+msgstr "%s: %s-ის�ს პ�რ�ლი �რ�სწ�რი�\n"
+
+#: ../../src/clients/kinit/kinit.c:792
+#, c-format
+msgid "while %s"
+msgstr "%s-ს�ს"
+
+#: ../../src/clients/kinit/kinit.c:803
+msgid "when creating temporary cache"
+msgstr "დრ�ებითი ქეშის შექმნის�ს"
+
+#: ../../src/clients/kinit/kinit.c:807
+#, c-format
+msgid "Initialized cache\n"
+msgstr "ქეში ინიცი�ლიზებული�\n"
+
+#: ../../src/clients/kinit/kinit.c:811
+msgid "while storing credentials"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების დ�მ�ხს�ვრების�ს"
+
+#: ../../src/clients/kinit/kinit.c:816
+#, c-format
+msgid "while saving to cache %s"
+msgstr "ქეშში (%s) შენ�ხვის�ს"
+
+#: ../../src/clients/kinit/kinit.c:822
+#, c-format
+msgid "Stored credentials\n"
+msgstr "დ�მ�ხს�ვრებული �ვტ�რიზ�ციის დეტ�ლები\n"
+
+#: ../../src/clients/kinit/kinit.c:828
+msgid "while switching to new ccache"
+msgstr "�ხ�ლ ccache-ზე გ�დ�რთვის�ს"
+
+#: ../../src/clients/kinit/kinit.c:885
+#, c-format
+msgid "Authenticated to Kerberos v5\n"
+msgstr "Kerberos v5-თ�ნ �ვტ�რიზ�ცი� წ�რმ�ტებული�\n"
+
+#: ../../src/clients/klist/klist.c:85
+#, c-format
+msgid ""
+"Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-i] [-t] "
+"[-K]] [-C] [name]\n"
+msgstr ""
+"გ�მ�ყენებ�: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-i] "
+"[-t] [-K]] [-C] [ს�ხელი]\n"
+
+#: ../../src/clients/klist/klist.c:88
+#, c-format
+msgid "\t-c specifies credentials cache\n"
+msgstr "\t-c მიუთითებს �ვტ�რიზ�ციის დეტ�ლების ქეშს\n"
+
+#: ../../src/clients/klist/klist.c:89
+#, c-format
+msgid "\t-k specifies keytab\n"
+msgstr "\t-k keytab-ის მითითებ�\n"
+
+#: ../../src/clients/klist/klist.c:90
+#, c-format
+msgid "\t   (Default is credentials cache)\n"
+msgstr "\t   (ნ�გულისხმები� �ვტ�რიზ�ციის დეტ�ლების ქეში)\n"
+
+#: ../../src/clients/klist/klist.c:91
+#, c-format
+msgid "\t-i uses default client keytab if no name given\n"
+msgstr ""
+"\t-i თუ ს�ხელი მითითებული �რ��, ნ�გულისხმები კლიენტის keytab -ის გ�მ�ყენებ�\n"
+
+#: ../../src/clients/klist/klist.c:92
+#, c-format
+msgid "\t-l lists credential caches in collection\n"
+msgstr "\t-l კ�ლექცი�ში �ვტ�რიზ�ციის დეტ�ლების ქეშების ჩ�მ�ნ�თვ�ლის გ�მ�ტ�ნ�\n"
+
+#: ../../src/clients/klist/klist.c:93
+#, c-format
+msgid "\t-A shows content of all credential caches\n"
+msgstr "\t-A ყველ� �ვტ�რიზ�ციის დეტ�ლის ქეშის შემცველ�ბის გ�მ�ტ�ნ�\n"
+
+#: ../../src/clients/klist/klist.c:94
+#, c-format
+msgid "\t-e shows the encryption type\n"
+msgstr "\t-e დ�შიფვრის ტიპის ჩვენებ�\n"
+
+#: ../../src/clients/klist/klist.c:95
+#, c-format
+msgid "\t-V shows the Kerberos version and exits\n"
+msgstr "\t-V Kerberos -ის ვერსიის გ�მ�ტ�ნ� დ� გ�სვლ�\n"
+
+#: ../../src/clients/klist/klist.c:96
+#, c-format
+msgid "\toptions for credential caches:\n"
+msgstr "\tპ�რ�მეტრები �ვტ�რიზ�ციის დეტ�ლების ქეშებისთვის:\n"
+
+#: ../../src/clients/klist/klist.c:97
+#, c-format
+msgid "\t\t-d shows the submitted authorization data types\n"
+msgstr "\t\t-d �ჩვენებს გ�დ�ცემულ �ვტ�რიზ�ციის მ�ნ�ცემების ტიპებს\n"
+
+#: ../../src/clients/klist/klist.c:99
+#, c-format
+msgid "\t\t-f shows credentials flags\n"
+msgstr "\t\t-f �ვტ�რიზ�ციის დეტ�ლების �ლმების ჩვენებ�\n"
+
+#: ../../src/clients/klist/klist.c:100
+#, c-format
+msgid "\t\t-s sets exit status based on valid tgt existence\n"
+msgstr "\t\t-s სწ�რი ს�მიზნის �რსებ�ბის�ს გ�სვლის სტ�ტუსის დ�ყენებ�\n"
+
+#: ../../src/clients/klist/klist.c:102
+#, c-format
+msgid "\t\t-a displays the address list\n"
+msgstr "\t\t-a მის�მ�რთების სიის ჩვენებ�\n"
+
+#: ../../src/clients/klist/klist.c:103
+#, c-format
+msgid "\t\t\t-n do not reverse-resolve\n"
+msgstr "\t\t\t-n უკუ-�მ�ხსნ� �რ მ�ხდებ�\n"
+
+#: ../../src/clients/klist/klist.c:104
+#, c-format
+msgid "\toptions for keytabs:\n"
+msgstr "\tkeytab-ის პ�რ�მეტრები:\n"
+
+#: ../../src/clients/klist/klist.c:105
+#, c-format
+msgid "\t\t-t shows keytab entry timestamps\n"
+msgstr "\t\t-t keytab -ის ჩ�ნ�წერების დრ�ის შტ�მპების ჩვენებ�\n"
+
+#: ../../src/clients/klist/klist.c:106
+#, c-format
+msgid "\t\t-K shows keytab entry keys\n"
+msgstr "\t\t-K keytab ჩ�ნ�წერის გ�ს�ღებების ჩვენებ�\n"
+
+#: ../../src/clients/klist/klist.c:107
+#, c-format
+msgid "\t\t-C includes configuration data entries\n"
+msgstr "\t\t-C კ�ნფიგურ�ციის მ�ნ�ცემების ჩ�ნ�წერების ჩ�თვლ�\n"
+
+#: ../../src/clients/klist/klist.c:225
+#, c-format
+msgid "%s version %s\n"
+msgstr "%s ვერსი� %s\n"
+
+#: ../../src/clients/klist/klist.c:278
+msgid "while getting default client keytab"
+msgstr "ნ�გულისხმები კლიენტის keytab-ის მიღების�ს"
+
+#: ../../src/clients/klist/klist.c:284
+msgid "while getting default keytab"
+msgstr "ნ�გულისხმები keytab-ის მიღების�ს"
+
+#: ../../src/clients/klist/klist.c:290 ../../src/kadmin/cli/keytab.c:103
+#, c-format
+msgid "while resolving keytab %s"
+msgstr "keytab-ის (%s) �მ�ხსნის�ს"
+
+#: ../../src/clients/klist/klist.c:297 ../../src/kadmin/cli/keytab.c:87
+msgid "while getting keytab name"
+msgstr "keytab-ის ს�ხელის მიღების�ს"
+
+#: ../../src/clients/klist/klist.c:305 ../../src/kadmin/cli/keytab.c:422
+msgid "while starting keytab scan"
+msgstr "keytab-ის სკ�ნირების გ�შვების�ს"
+
+#: ../../src/clients/klist/klist.c:328 ../../src/clients/klist/klist.c:484
+#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:487
+#: ../../src/kadmin/dbutil/tabdump.c:549
+msgid "while unparsing principal name"
+msgstr "პრინციპ�ლის ს�ხელის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/clients/klist/klist.c:350 ../../src/kadmin/cli/keytab.c:466
+msgid "while scanning keytab"
+msgstr "keytab-ის სკ�ნირების�ს"
+
+#: ../../src/clients/klist/klist.c:355 ../../src/kadmin/cli/keytab.c:471
+msgid "while ending keytab scan"
+msgstr "keytab-ის სკ�ნირების დ�სრულების�ს"
+
+#: ../../src/clients/klist/klist.c:372 ../../src/clients/klist/klist.c:435
+msgid "while listing ccache collection"
+msgstr "ccache-ის კ�ლექციის ჩ�მ�თვლის�ს"
+
+#: ../../src/clients/klist/klist.c:411
+msgid "(Expired)"
+msgstr "(ვ�დ�გ�სული�)"
+
+#: ../../src/clients/klist/klist.c:488
+#, c-format
+msgid ""
+"Ticket cache: %s:%s\n"
+"Default principal: %s\n"
+"\n"
+msgstr ""
+"ბილეთების ქეში: %s:%s\n"
+"ნ�გულისხმები პრინციპ�ლი: %s\n"
+"\n"
+
+#: ../../src/clients/klist/klist.c:500
+msgid "while starting to retrieve tickets"
+msgstr "ბილეთების მიღების დ�წყების�ს"
+
+#: ../../src/clients/klist/klist.c:514
+msgid "while finishing ticket retrieval"
+msgstr "ბილეთების მიღების დ�სრულების�ს"
+
+#: ../../src/clients/klist/klist.c:519
+msgid "while retrieving a ticket"
+msgstr "ბილეთის მიღების�ს"
+
+#: ../../src/clients/klist/klist.c:674 ../../src/clients/ksu/ccache.c:440
+#: ../../src/kprop/kpropd.c:1205 ../../src/kprop/kpropd.c:1270
+msgid "while unparsing client name"
+msgstr "კლიენტის ს�ხელის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/clients/klist/klist.c:679 ../../src/clients/ksu/ccache.c:445
+#: ../../src/kprop/kprop.c:191
+msgid "while unparsing server name"
+msgstr "სერვერის ს�ხელის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/clients/klist/klist.c:710 ../../src/clients/ksu/ccache.c:470
+#, c-format
+msgid "\tfor client %s"
+msgstr "\tკლიენტისთვის %s"
+
+#: ../../src/clients/klist/klist.c:722 ../../src/clients/ksu/ccache.c:479
+msgid "renew until "
+msgstr "გ�ნ��ხლეთ ვ�დ�მდე "
+
+#: ../../src/clients/klist/klist.c:734 ../../src/clients/ksu/ccache.c:489
+#, c-format
+msgid "Flags: %s"
+msgstr "�ლმები: %s"
+
+#: ../../src/clients/klist/klist.c:749
+#, c-format
+msgid "Etype (skey, tkt): %s, "
+msgstr "Etype (skey, ბლთ): %s, "
+
+#: ../../src/clients/klist/klist.c:761
+#, c-format
+msgid "AD types: "
+msgstr "AD ტიპები: "
+
+#: ../../src/clients/klist/klist.c:777
+#, c-format
+msgid "\tAddresses: (none)\n"
+msgstr "\tმის�მ�რთები: (�რცერთი)\n"
+
+#: ../../src/clients/klist/klist.c:779
+#, c-format
+msgid "\tAddresses: "
+msgstr "\tმის�მ�რთები: "
+
+#: ../../src/clients/klist/klist.c:797
+msgid "while unparsing ticket server name"
+msgstr "ბილეთის სერვერის ს�ხელის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/clients/klist/klist.c:800
+#, c-format
+msgid "\tTicket server: %s\n"
+msgstr "\tბილეთის სერვერი: %s\n"
+
+#: ../../src/clients/klist/klist.c:828 ../../src/clients/klist/klist.c:838
+#, c-format
+msgid "broken address (type %d length %d)"
+msgstr "�რ�სწ�რი მის�მ�რთი (ტიპი %d სიგრძე %d)"
+
+#: ../../src/clients/klist/klist.c:847
+#, c-format
+msgid "unknown addrtype %d"
+msgstr "მის�მ�რთის უცნ�ბი ტიპი %d"
+
+#: ../../src/clients/klist/klist.c:856
+#, c-format
+msgid "unprintable address (type %d, error %d %s)"
+msgstr "მის�მ�რთის დ�ბეჭდვ� შეუძლებელი� (ტიპი %d, შეცდ�მ� %d %s)"
+
+#: ../../src/clients/kpasswd/kpasswd.c:13 ../../src/lib/krb5/krb/gic_pwd.c:288
+msgid "Enter new password"
+msgstr "შეიყვ�ნეთ �ხ�ლი პ�რ�ლი"
+
+#: ../../src/clients/kpasswd/kpasswd.c:14 ../../src/lib/krb5/krb/gic_pwd.c:296
+msgid "Enter it again"
+msgstr "შეიყვ�ნეთ კიდევ ერთხელ"
+
+#: ../../src/clients/kpasswd/kpasswd.c:34
+#, c-format
+msgid "Unable to identify user from password file\n"
+msgstr "მ�მხმ�რების იდენტიფიკ�ცი� პ�რ�ლის ფ�ილიდ�ნ შეუძლებელი�\n"
+
+#: ../../src/clients/kpasswd/kpasswd.c:64
+#, c-format
+msgid "usage: %s [principal]\n"
+msgstr "გ�მ�ყენებ�: %s [პრინციპ�ლი]\n"
+
+#: ../../src/clients/kpasswd/kpasswd.c:72
+msgid "initializing kerberos library"
+msgstr "kerberos -ის ბიბლი�თეკის ინიცი�ლიზ�ცი�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:77
+msgid "allocating krb5_get_init_creds_opt"
+msgstr "krb5_get_init_creds_opt-ის გ�მ�ყ�ფ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:93
+msgid "opening default ccache"
+msgstr "ნ�გულისხმები ccache-ის გ�ხსნ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:98
+msgid "getting principal from ccache"
+msgstr "ccache-დ�ნ პრინციპ�ლის მიღებ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:103
+msgid "while setting FAST ccache"
+msgstr "ccache-ზე FAST-ის დ�ყენების�ს"
+
+#: ../../src/clients/kpasswd/kpasswd.c:109
+msgid "closing ccache"
+msgstr "ccache-ის დ�ხურვ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:117
+msgid "parsing client name"
+msgstr "კლიენტის ს�ხელის დ�მუშ�ვებ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:135
+msgid "Password incorrect while getting initial ticket"
+msgstr "ს�წყისი ბილეთის მიღების�ს პ�რ�ლი �რ�სწ�რი�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:137
+msgid "getting initial ticket"
+msgstr "ს�წყისი ბილეთის მიღებ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:147
+msgid "while reading password"
+msgstr "პ�რ�ლის კითხვის�ს"
+
+#: ../../src/clients/kpasswd/kpasswd.c:155
+msgid "changing password"
+msgstr "პ�რ�ლის შეცვლ�"
+
+#: ../../src/clients/kpasswd/kpasswd.c:175
+#: ../lib/kadm5/chpass_util_strings.c:30
+#, c-format
+msgid "Password changed.\n"
+msgstr "პ�რ�ლი შეიცვ�ლ�.\n"
+
+#: ../../src/clients/ksu/authorization.c:352
+#, c-format
+msgid ""
+"Error: bad entry - %s in %s file, must be either full path or just the cmd "
+"name\n"
+msgstr ""
+"შეცდ�მ�: �რ�სწ�რი ჩ�ნ�წერი - %s %s ფ�ილში, �ნ სრული ბილიკი უნდ� იყ�ს, �ნ "
+"მხ�ლ�დ ბრძ�ნების ს�ხელი\n"
+
+#: ../../src/clients/ksu/authorization.c:360
+#, c-format
+msgid ""
+"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH "
+"must be defined \n"
+msgstr ""
+"შეცდ�მ�: �რ�სწ�რი ჩ�ნ�წერი - %s %s ფ�ილში, რ�დგ�ნ %s უბრ�ლ�დ ბრძ�ნების "
+"ს�ხელი�, CMD_PATH �ღწერილი უნდ� იყ�ს \n"
+
+#: ../../src/clients/ksu/authorization.c:375
+#, c-format
+msgid "Error: bad entry - %s in %s file, CMD_PATH contains no paths \n"
+msgstr ""
+"შეცდ�მ�: �რ�სწ�რი ჩ�ნ�წერი - %s %s ფ�ილში, CMD_PATH ბილიკებს �რ შეიც�ვს \n"
+
+#: ../../src/clients/ksu/authorization.c:384
+#, c-format
+msgid "Error: bad path %s in CMD_PATH for %s must start with '/' \n"
+msgstr ""
+"შეცდ�მ�: �რ�სწ�რი ბილიკი %s CMD_PATH -ში %s -სთვის '/' -ით უნდ� იწყებ�დეს \n"
+
+#: ../../src/clients/ksu/authorization.c:500
+msgid "Error: not found -> "
+msgstr "შეცდ�მ�: ვერ ვიპ�ვე -> "
+
+#: ../../src/clients/ksu/authorization.c:706
+#, c-format
+msgid "home directory name `%s' too long, can't search for .k5login\n"
+msgstr ""
+"ს�წყისი ს�ქ�ღ�ლდის ს�ხელი '%s' ძ�ლი�ნ გრძელი�. .k5login-მდე ვერ მივედი\n"
+
+#: ../../src/clients/ksu/ccache.c:358
+#, c-format
+msgid "home directory path for %s too long\n"
+msgstr "ს�წყისი ს�ქ�ღ�ლდის ბილიკი %s-სთვის ძ�ლი�ნ გრძელი�\n"
+
+#: ../../src/clients/ksu/ccache.c:451
+msgid "while retrieving principal name"
+msgstr "პრინციპ�ლის ს�ხელის მიღების�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:57
+#: ../../src/clients/ksu/krb_auth_su.c:62
+msgid "while copying client principal"
+msgstr "კლიენტის პრინციპ�ლის კ�პირების�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:69
+msgid "while creating tgt for local realm"
+msgstr "ლ�კ�ლური რე�ლმისთვის ს�მიზნის შექმნსი�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:84
+msgid "while retrieving creds from cache"
+msgstr "ქეშიდ�ნ �ვტ.დეტ-ების მიღების�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:95
+msgid "while switching to target uid"
+msgstr "ს�მიზნე uid-ზე გ�დ�რთვის�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:100
+#, c-format
+msgid ""
+"WARNING: Your password may be exposed if you enter it here and are logged \n"
+msgstr ""
+"გ�ფრთხილებ�: თქვენი პ�რ�ლი შეიძლებ� გ�მ�ჩნდეს, თუ �ქ �კრეფთ დ� ის ჟურნ�ლშიც "
+"შეინ�ხებ�\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:102
+#, c-format
+msgid "         in remotely using an unsecure (non-encrypted) channel. \n"
+msgstr "         დ�უცველი (�რ�დ�შიფრული) �რხის გ�მ�ყენებ�ში. \n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:481
+msgid "while reclaiming root uid"
+msgstr "root-ის uid-ის გ�მ�თხ�ვის�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:121
+#, c-format
+msgid "does not have any appropriate tickets in the cache.\n"
+msgstr "ქეშში შეს�ბ�მისი ბილეთები �რ გ�გ�ჩნი�თ.\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:133
+msgid "while verifying ticket for server"
+msgstr "სერვერისთვის ბილეთის გ�დ�მ�წმების�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:167
+msgid "while getting time of day"
+msgstr "დრ�ის მიღების�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:171
+#, c-format
+msgid "Kerberos password for %s: "
+msgstr "Kerberos -ის პ�რ�ლი %s-სთვის: "
+
+#: ../../src/clients/ksu/krb_auth_su.c:175
+#, c-format
+msgid "principal name %s too long for internal buffer space\n"
+msgstr "პრინციპ�ლის ს�ხელი %s ძ�ლი�ნ გრძელი� შიდ� ბუფერის სივრცისთვის\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:184
+#, c-format
+msgid "while reading password for '%s'\n"
+msgstr "'%s'-სთვის პ�რ�ლის წ�კითხვის�ს\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:190
+#, c-format
+msgid "No password given\n"
+msgstr "პ�რ�ლი მითითებული �რ��\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:203
+#, c-format
+msgid "%s: Password incorrect\n"
+msgstr "%s: პ�რ�ლი �რ�სწ�რი�\n"
+
+#: ../../src/clients/ksu/krb_auth_su.c:205
+msgid "while getting initial credentials"
+msgstr "ს�წყისი �ვტ�რიზ�ციის დეტ�ლების მიღების�ს"
+
+#: ../../src/clients/ksu/krb_auth_su.c:225
+#: ../../src/clients/ksu/krb_auth_su.c:239
+#, c-format
+msgid " %s while unparsing name\n"
+msgstr " %s ს�ხელის დ�მუშ�ვების გ�უქმების�ს\n"
+
+#: ../../src/clients/ksu/main.c:69
+#, c-format
+msgid ""
+"Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-r time] "
+"[-p|-P] [-f|-F] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a "
+"[args... ] ]\n"
+msgstr ""
+"გ�მ�ყენებ�: %s [ს�მიზნე მ�მხმ�რებელი] [-n პრინციპ�ლი] [-c ს�წყისი ქეშის "
+"ს�ხელი] [-k] [-r დრ�] [-p|-P] [-f|-F] [-l სიც�ცხლის დრ�] [-zZ] [-q] [-e "
+"ბრძ�ნებ� [�რგუმენტები... ] ] [-a [�რგუმენტები... ] ]\n"
+
+#: ../../src/clients/ksu/main.c:151
+msgid ""
+"program name too long - quitting to avoid triggering system logging bugs"
+msgstr ""
+"პრ�გრ�მის ს�ხელი ძ�ლი�ნ გრძელი� - მუშ��ბის დ�სრულებ� სისტემის ჟურნ�ლის "
+"შეცდ�მების �ღძვრის თ�ვიდ�ნ �ს�ცილებლ�დ"
+
+#: ../../src/clients/ksu/main.c:177
+msgid "while allocating memory"
+msgstr "მეხსიერების გ�მ�ყ�ფის�ს"
+
+#: ../../src/clients/ksu/main.c:190
+msgid "while setting euid to source user"
+msgstr "ს�წყის მ�მხმ�რებელზე euid-ის დ�ყენების�ს"
+
+#: ../../src/clients/ksu/main.c:201 ../../src/clients/ksu/main.c:242
+#, c-format
+msgid "Bad lifetime value (%s hours?)\n"
+msgstr "სიც�ცხლის დრ�ის �რ�სწ�რი მნიშვნელ�ბ� (%s ს��თი?)\n"
+
+#: ../../src/clients/ksu/main.c:213 ../../src/clients/ksu/main.c:304
+msgid "when gathering parameters"
+msgstr "პ�რ�მეტრების შეგრ�ვების�ს"
+
+#: ../../src/clients/ksu/main.c:263
+#, c-format
+msgid "-z option is mutually exclusive with -Z.\n"
+msgstr "-z �რმხრივ�დ გ�მ�რიცხ�ვს -Z -ის მითითებ�ს.\n"
+
+#: ../../src/clients/ksu/main.c:271
+#, c-format
+msgid "-Z option is mutually exclusive with -z.\n"
+msgstr "-Z �რმხრივ�დ გ�მ�რიცხ�ვს -z -ის მითითებ�ს.\n"
+
+#: ../../src/clients/ksu/main.c:284
+#, c-format
+msgid "while looking for credentials cache %s"
+msgstr "�ვტ�რიზ�ციის ქეშში (%s) ძებნის�ს"
+
+#: ../../src/clients/ksu/main.c:290
+#, c-format
+msgid "malformed credential cache name %s\n"
+msgstr "�რ�სწ�რ�დ ფ�რმირებული �ვტ�რიზ�ციის დეტ�ლების ქეშის ს�ხელი %s\n"
+
+#: ../../src/clients/ksu/main.c:348
+#, c-format
+msgid "ksu: who are you?\n"
+msgstr "ksu: ვინ ბრძ�ნდებით?\n"
+
+#: ../../src/clients/ksu/main.c:352
+#, c-format
+msgid "Your uid doesn't match your passwd entry?!\n"
+msgstr "თქვენი uid -ი passwd ფ�ილის ჩ�ნ�წერს �რ ემთხვევ�?!\n"
+
+#: ../../src/clients/ksu/main.c:367
+#, c-format
+msgid "ksu: unknown login %s\n"
+msgstr "ksu: უცნ�ბი მ�მხმ�რებელი %s\n"
+
+#: ../../src/clients/ksu/main.c:387
+msgid "while getting source cache"
+msgstr "ს�წყისი ქეშის მიღების�ს"
+
+#: ../../src/clients/ksu/main.c:396
+msgid "while selecting the best principal"
+msgstr "ს�უკეთეს� პრინციპ�ლის �რჩევის�ს"
+
+#: ../../src/clients/ksu/main.c:404
+msgid "while returning to source uid after finding best principal"
+msgstr "ს�უკეთეს� პრინციპ�ლის �რჩევის შემდეგ ს�წყის uid-ზე დ�ბრუნების�ს"
+
+#: ../../src/clients/ksu/main.c:424
+#, c-format
+msgid "account %s: authorization failed\n"
+msgstr "�ნგ�რიში %s: �ვტ�რიზ�ციის შეცდ�მ�\n"
+
+#: ../../src/clients/ksu/main.c:459
+msgid "while parsing temporary name"
+msgstr "დრ�ებითი ს�ხელის დ�მუშ�ვების�ს"
+
+#: ../../src/clients/ksu/main.c:464
+msgid "while creating temporary cache"
+msgstr "დრ�ებითი ქეშის შექმნის�ს"
+
+#: ../../src/clients/ksu/main.c:470 ../../src/clients/ksu/main.c:710
+#, c-format
+msgid "while copying cache %s to %s"
+msgstr "ქეშის %s-დ�ნ %s-მდე კ�პირების�ს"
+
+#: ../../src/clients/ksu/main.c:488
+#, c-format
+msgid ""
+"WARNING: Your password may be exposed if you enter it here and are logged\n"
+msgstr ""
+"გ�ფრთხილებ�: თქვენი პ�რ�ლი შეიძლებ� გ�მ�ჩნდეს, თუ �ქ �კრეფთ დ� ის ჟურნ�ლშიც "
+"შეინ�ხებ�\n"
+
+#: ../../src/clients/ksu/main.c:490
+#, c-format
+msgid "         in remotely using an unsecure (non-encrypted) channel.\n"
+msgstr "         დ�უცველი (�რ�დ�შიფრული) �რხის გ�მ�ყენებ�ში.\n"
+
+#: ../../src/clients/ksu/main.c:496
+#, c-format
+msgid "Goodbye\n"
+msgstr "ნ�ხვ�მდის\n"
+
+#: ../../src/clients/ksu/main.c:500
+#, c-format
+msgid "Could not get a tgt for "
+msgstr "ს�მიზნის მიღებ� შეუძლებელი� "
+
+#: ../../src/clients/ksu/main.c:522
+#, c-format
+msgid "Authentication failed.\n"
+msgstr "�ვთენტიკ�ციის შეცდ�მ�.\n"
+
+#: ../../src/clients/ksu/main.c:530
+msgid "When unparsing name"
+msgstr "ს�ხელის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/clients/ksu/main.c:534
+#, c-format
+msgid "Authenticated %s\n"
+msgstr "�ვთენტიფიცირებული %s\n"
+
+#: ../../src/clients/ksu/main.c:541
+msgid "while switching to target for authorization check"
+msgstr "�ვთ�რიზ�ციის შემ�წმებისთვის ს�მიზნის გ�დ�რთვის�ს"
+
+#: ../../src/clients/ksu/main.c:548
+msgid "while checking authorization"
+msgstr "�ვტ�რიზ�ციის შემ�წმების�ს"
+
+#: ../../src/clients/ksu/main.c:554
+msgid "while switching back from target after authorization check"
+msgstr "�ვტ�რიზ�ციის შემ�წმების შემდეგ ს�მიზნეზე დ�ბრუნების�ს"
+
+#: ../../src/clients/ksu/main.c:561
+#, c-format
+msgid "Account %s: authorization for %s for execution of\n"
+msgstr "�ნგ�რიში %s: �ვტ�რიზ�ცი� %s-სთვის, რ�მ შესრულდეს\n"
+
+#: ../../src/clients/ksu/main.c:563
+#, c-format
+msgid "               %s successful\n"
+msgstr "               %s წ�რმ�ტებული�\n"
+
+#: ../../src/clients/ksu/main.c:569
+#, c-format
+msgid "Account %s: authorization for %s successful\n"
+msgstr "�ნგ�რიში %s: �ვტ�რიზ�ცი� %s-სთვის წ�რმ�ტებული�\n"
+
+#: ../../src/clients/ksu/main.c:581
+#, c-format
+msgid "Account %s: authorization for %s for execution of %s failed\n"
+msgstr "�ნგ�რიში %s: �ვტ�რიზ�ციის შეცდ�მ� %s-სთვის, %s-ის შეს�სრულებლ�დ\n"
+
+#: ../../src/clients/ksu/main.c:589
+#, c-format
+msgid "Account %s: authorization of %s failed\n"
+msgstr "�ნგ�რიშის %s: %s-ის �ვტ�რიზ�ციის შეცდ�მ�\n"
+
+#: ../../src/clients/ksu/main.c:604
+msgid "while calling cc_filter"
+msgstr "cc_filter-ის გ�მ�ძ�ხების�ს"
+
+#: ../../src/clients/ksu/main.c:612
+msgid "while erasing target cache"
+msgstr "ს�მიზნე ქეშის წ�შლის�ს"
+
+#: ../../src/clients/ksu/main.c:632
+#, c-format
+msgid "ksu: permission denied (shell).\n"
+msgstr "ksu: წვდ�მ� �კრძ�ლული� (გ�რსი).\n"
+
+#: ../../src/clients/ksu/main.c:641
+#, c-format
+msgid "ksu: couldn't set environment variable USER\n"
+msgstr "ksu: გ�რემ�ს ცვლ�დის დ�ყენების შეცდ�მ�: USER\n"
+
+#: ../../src/clients/ksu/main.c:647
+#, c-format
+msgid "ksu: couldn't set environment variable HOME\n"
+msgstr "ksu: გ�რემ�ს ცვლ�დის დ�ყენების შეცდ�მ�: HOME\n"
+
+#: ../../src/clients/ksu/main.c:652
+#, c-format
+msgid "ksu: couldn't set environment variable SHELL\n"
+msgstr "ksu: გ�რემ�ს ცვლ�დის დ�ყენების შეცდ�მ�: SHELL\n"
+
+#: ../../src/clients/ksu/main.c:663
+#, c-format
+msgid "ksu: initgroups failed.\n"
+msgstr "ksu: initgroups -ის შეცდ�მ�.\n"
+
+#: ../../src/clients/ksu/main.c:668
+#, c-format
+msgid "Leaving uid as %s (%ld)\n"
+msgstr "UID-ი დ�რჩებ� %s (%ld)\n"
+
+#: ../../src/clients/ksu/main.c:671
+#, c-format
+msgid "Changing uid to %s (%ld)\n"
+msgstr "UID-ის შეცვლ� %s-ზე (%ld)\n"
+
+#: ../../src/clients/ksu/main.c:697
+msgid "while getting name of target ccache"
+msgstr "ს�მიზნე ccache-ის ს�ხელის მიღების�ს"
+
+#: ../../src/clients/ksu/main.c:717
+#, c-format
+msgid "%s does not have correct permissions for %s, %s aborted"
+msgstr "%s-ს %s-სთვის სწ�რი წვდ�მები �რ გ��ჩნი�. %s �ვ�რიულ�დ დ�სრულდ�"
+
+#: ../../src/clients/ksu/main.c:738
+#, c-format
+msgid "Internal error: command %s did not get resolved\n"
+msgstr "შიდ� შეცდ�მ�: ბრძ�ნებ� %s\n"
+
+#: ../../src/clients/ksu/main.c:755 ../../src/clients/ksu/main.c:791
+#, c-format
+msgid "while trying to execv %s"
+msgstr "%s-ის execv-ის�ს"
+
+#: ../../src/clients/ksu/main.c:781
+msgid "while calling waitpid"
+msgstr "waitpid-ის გ�მ�ძ�ხების�ს"
+
+#: ../../src/clients/ksu/main.c:786
+msgid "while trying to fork."
+msgstr "fork-ის მცდელ�ბის�ს."
+
+#: ../../src/clients/ksu/main.c:836
+msgid "while reading cache name from ccache"
+msgstr "ქეშის ს�ხელის ccache-დ�ნ წ�კითხვის�ს"
+
+#: ../../src/clients/ksu/main.c:842
+#, c-format
+msgid "ksu: couldn't set environment variable %s\n"
+msgstr "ksu: შეცდ�მ� გ�რემ�ს ცვლ�დის დ�ყენების�ს %s\n"
+
+#: ../../src/clients/ksu/main.c:868
+msgid "while resetting target ccache name"
+msgstr "ს�მიზნის ccache-ის ს�ხელის ს�წყის მნიშვნელ�ბ�ზე დ�ყენების�ს"
+
+#: ../../src/clients/ksu/main.c:882
+msgid "while determining target ccache name"
+msgstr "ს�მიზნის ccache-ის ს�ხელის დ�დგენის�ს"
+
+#: ../../src/clients/ksu/main.c:921
+msgid "while generating part of the target ccache name"
+msgstr "ს�მიზნე ccache-ის ს�ხელის ნ�წილის გენერირების�ს"
+
+#: ../../src/clients/ksu/main.c:927
+msgid "while allocating memory for the target ccache name"
+msgstr "ს�მიზნე ccache-ის ს�ხელისთვის მეხსიერების გ�მ�ყ�ფის�ს"
+
+#: ../../src/clients/ksu/main.c:946
+msgid "while creating new target ccache"
+msgstr "�ხ�ლი ს�მიზნე ccache-ის შექმნის�ს"
+
+#: ../../src/clients/ksu/main.c:952
+msgid "while initializing target cache"
+msgstr "ს�მიზნე ქეშის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/clients/ksu/main.c:992
+#, c-format
+msgid "terminal name %s too long\n"
+msgstr "ს�ბ�ლ�� ს�ხელი %s ძ�ლი�ნ გრძელი�\n"
+
+#: ../../src/clients/ksu/main.c:1020
+msgid "while changing to target uid for destroying ccache"
+msgstr "ccache-ის გ�ს�ნ�დგურებლ�დ ს�მიზნე uid-ზე გ�დ�რთვის�ს"
+
+#: ../../src/clients/kswitch/kswitch.c:41
+#, c-format
+msgid "Usage: %s {-c cache_name | -p principal}\n"
+msgstr "გ�მ�ყენებ�: %s {-c ქეშის ს�ხელი | -p პრინციპ�ლი}\n"
+
+#: ../../src/clients/kswitch/kswitch.c:43
+#, c-format
+msgid "\t-p specify name of principal\n"
+msgstr "\t-p მიუთითეთ პრინციპ�ლის ს�ხელი\n"
+
+#: ../../src/clients/kswitch/kswitch.c:66
+#, c-format
+msgid "Only one -c or -p option allowed\n"
+msgstr "-p დ� -c პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთ-ერთი მ�თგ�ნის მითითებ� შეგიძლი�თ\n"
+
+#: ../../src/clients/kswitch/kswitch.c:85
+#, c-format
+msgid "One of -c or -p must be specified\n"
+msgstr "-p დ� -c პ�რ�მეტრებიდ�ნ მხ�ლ�დ ერთი მ�თგ�ნიუნდ� იყ�ს მითითებული\n"
+
+#: ../../src/clients/kswitch/kswitch.c:101
+#, c-format
+msgid "while resolving %s"
+msgstr "%s-ის �მ�ხსნის�ს"
+
+#: ../../src/clients/kswitch/kswitch.c:122
+msgid "while switching to credential cache"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის გ�დ�რთვის�ს"
+
+#: ../../src/clients/kvno/kvno.c:44
+#, c-format
+msgid ""
+"usage: %s [-c ccache] [-e etype] [-k keytab] [-q] [-u | -S sname]\n"
+"\t[[{-F cert_file | {-I | -U} for_user} [-P]] | --u2u ccache]\n"
+"\t[--cached-only] [--no-store] [--out-cache] service1 service2 ...\n"
+msgstr ""
+"გ�მ�ყენებ�: %s [-c ccache] [-e etype] [-k keytab] [-q] [-u | -S sname]\n"
+"\t[[{-F სერტ_ფ�ილი | {-I | -U} მ�მხმ�რებლისთვის} [-P]] | --u2u ccache]\n"
+"\t[--cached-only] [--no-store] [--out-cache] სერვისი1 სერვისი2 ...\n"
+
+#: ../../src/clients/kvno/kvno.c:117 ../../src/clients/kvno/kvno.c:125
+#, c-format
+msgid "Options -u and -S are mutually exclusive\n"
+msgstr "-u დ� -S ურთიერთგ�მ�მრიცხ�ვი პ�რ�მეტრები�\n"
+
+#: ../../src/clients/kvno/kvno.c:159
+#, c-format
+msgid "Options --u2u and -I|-U|-F are mutually exclusive\n"
+msgstr "--u2u დ� -I|-U|-F ურთიერთგ�მ�მრიცხ�ვი პ�რ�მეტრები�\n"
+
+#: ../../src/clients/kvno/kvno.c:165
+#, c-format
+msgid ""
+"Option -P (constrained delegation) requires option -I|-U|-F (protocol "
+"transition)\n"
+msgstr ""
+"პ�რ�მეტრს -P (შეზღუდული დელეგ�ცი�) -I|-U|-F პ�რ�მეტრებიდ�ნ ერთერთი "
+"(პრ�ტ�კ�ლის გ�დ�ცემ�) ეს�ჭირ�ებ�\n"
+
+#: ../../src/clients/kvno/kvno.c:240
+msgid "No begin line not found"
+msgstr "ხ�ზის დ�ს�წყისი ნ�პ�ვნი �რ��"
+
+#: ../../src/clients/kvno/kvno.c:252
+msgid "No end line found"
+msgstr "ხ�ზის ბ�ლ� ნ�პ�ვნი �რ��"
+
+#: ../../src/clients/kvno/kvno.c:263
+msgid "Unexpected header line"
+msgstr "მ�ულ�დნელი თ�ვს�რთის ს�ზი"
+
+#: ../../src/clients/kvno/kvno.c:273
+msgid "Invalid base64"
+msgstr "�რ�სწ�რი base64"
+
+#: ../../src/clients/kvno/kvno.c:319
+#, c-format
+msgid "while formatting parsed principal name for '%s'"
+msgstr "'%s'-სთვის დ�მუშ�ვებული პრინციპ�ლის ს�ხელის ფ�რმ�ტირების�ს"
+
+#: ../../src/clients/kvno/kvno.c:333
+msgid "client and server principal names must match"
+msgstr "კლიენტის� დ� სერვერის პრინციპ�ლის ს�ხელები უნდ� ემთხვე�დეს"
+
+#: ../../src/clients/kvno/kvno.c:349
+#, c-format
+msgid "while getting credentials for %s"
+msgstr "%s-სთვის �ვტ�რიზ�ციის დეტ�ლების მიღების�ს"
+
+#: ../../src/clients/kvno/kvno.c:356
+#, c-format
+msgid "while decoding ticket for %s"
+msgstr "%s-სთვის ბილეთის დეკ�დირების�ს"
+
+#: ../../src/clients/kvno/kvno.c:367
+#, c-format
+msgid "while decrypting ticket for %s"
+msgstr "%s-სთვის ბილეთის გ�შიფვრის�ს"
+
+#: ../../src/clients/kvno/kvno.c:371
+#, c-format
+msgid "%s: kvno = %d, keytab entry valid\n"
+msgstr "%s: kvno = %d, keytab -ის ჩ�ნ�წერი �რ�სწ�რი� \n"
+
+#: ../../src/clients/kvno/kvno.c:376
+#, c-format
+msgid "%s: kvno = %d\n"
+msgstr "%s: kvno = %d\n"
+
+#: ../../src/clients/kvno/kvno.c:391
+#, c-format
+msgid "%s: constrained delegation failed"
+msgstr "%s: შეზღუდული დელეგირების შეცდ�მ�"
+
+#: ../../src/clients/kvno/kvno.c:474 ../../src/kadmin/cli/kadmin.c:311
+msgid "while initializing krb5 library"
+msgstr "krb5-ის ბიბლი�თეკის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/clients/kvno/kvno.c:481
+msgid "while converting etype"
+msgstr "etype-ის გ�რდ�ქმნის�ს"
+
+#: ../../src/clients/kvno/kvno.c:493
+msgid "while opening ccache"
+msgstr "ccache-ის გ�ხნის�ს"
+
+#: ../../src/clients/kvno/kvno.c:500
+msgid "while resolving output ccache"
+msgstr "გ�მ�ტ�ნის ccache-ის �მ�ხსნის�ს"
+
+#: ../../src/clients/kvno/kvno.c:525
+#, c-format
+msgid "while reading certificate file %s"
+msgstr "ფ�ილისთვის %s სერტიფიკ�ტის წ�კითხვის�ს"
+
+#: ../../src/clients/kvno/kvno.c:535
+#, c-format
+msgid "while getting user-to-user ticket from %s"
+msgstr "მ�მხმ�რებლიდ�ნ-მ�მხმ�რებლ�მდე ბილეთის %s-სგ�ნ მიღების�ს"
+
+#: ../../src/clients/kvno/kvno.c:544
+msgid "while getting client principal name"
+msgstr "კლიენტის პრინციპ�ლის ს�ხელის მიღების�ს"
+
+#: ../../src/clients/kvno/kvno.c:551
+msgid "while creating temporary output ccache"
+msgstr "დრ�ებითი გ�მ�ტ�ნის ccache-ის შექმნის�ს"
+
+#: ../../src/clients/kvno/kvno.c:565
+msgid "while initializing output ccache"
+msgstr "გ�მ�ტ�ნის ccache-ის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/clients/kvno/kvno.c:575
+msgid "while storing creds in output ccache"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების გ�მ�ტ�ნის ccache-ში შენ�ხვის�ს"
+
+#: ../../src/clients/kvno/kvno.c:586
+msgid "while writing output ccache"
+msgstr "გ�მ�ტ�ნის ccache-ის შენ�ხვის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:103
+#, c-format
+msgid ""
+"Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
+"              [command args...]\n"
+"\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n] [-"
+"O | -N]\n"
+"\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m] [-w "
+"password] where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"გ�მ�ყენებ�: %s [-r რე�ლმი] [-p პრინციპ�ლი] [-q მ�თხ�ვნ�] [კლიენტი|ლ�კ�ლური "
+"�რგუმენტები]\n"
+"              [ბრძ�ნების �რგუმენტები...]\n"
+"\tკლიენტის �რგუმენტები: [-s �დმინ_სერვერი[:პ�რტი]] [[-c ccache]|[-k [-t "
+"keytab]]]|[-n] [-O | -N]\n"
+"\tლ�კ�ლური �რგუმენტები: [-x ბ�ზის_�რგუმენტები]* [-d ბ�ზსს�ხელი] [-e \"შიფრი:"
+"მ�რილი ...\"] [-m] [-w პ�რ�ლი] ს�დ,\n"
+"\t[-x ბ�ზის_�რგუმენტები]* - ბ�ზის ნებისმიერი პ�რ�მეტრი.\n"
+"\t\t\tმხ�რდ�ჭერილი �რგუმენტებისთვის მიმ�რთეთ ბ�ზის დ�კუმენტ�ცი�ს\n"
+
+#: ../../src/kadmin/cli/kadmin.c:164
+#, c-format
+msgid "Invalid date specification \"%s\".\n"
+msgstr "�რ�სწ�რი მ�ნ�ცემების სპეციფიკ�ცი� \"%s\".\n"
+
+#: ../../src/kadmin/cli/kadmin.c:192
+#, c-format
+msgid "Interval specification \"%s\" is in the past.\n"
+msgstr "ინტერვ�ლის სპეციფიკ�ცი� \"%s\" წ�რსულში�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:322 ../../src/kadmin/cli/kadmin.c:361
+#, c-format
+msgid "%s: Cannot initialize. Not enough memory\n"
+msgstr "%s: ინიცი�ლიზ�ციის შეცდ�მ�. �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:840
+#: ../../src/kadmin/cli/kadmin.c:1109 ../../src/kadmin/cli/kadmin.c:1630
+#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:559
+#, c-format
+msgid "while parsing keysalts %s"
+msgstr "keysalt %s-ის დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:403
+#, c-format
+msgid "%s: -q is exclusive with command-line query"
+msgstr "%s: -q ბრძ�ნების სტრიქ�ნიდ�ნ გ�მ�თხ�ვისთვის ექსკლუზიური�"
+
+#: ../../src/kadmin/cli/kadmin.c:411
+#, c-format
+msgid "%s: unable to get default realm\n"
+msgstr "%s: ნ�გულისხმები რე�ლმის მიღების შეცდ�მ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:431
+msgid "while opening default credentials cache"
+msgstr "ნ�გულისხმები �ვტ�რიზ�ციის დეტ�ლების ქეშის გ�ხსნის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:437
+#, c-format
+msgid "while opening credentials cache %s"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის (%s) გ�ხსნის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:459 ../../src/kadmin/cli/kadmin.c:513
+#: ../../src/kadmin/cli/kadmin.c:521 ../../src/kadmin/cli/kadmin.c:528
+#, c-format
+msgid "%s: out of memory\n"
+msgstr "%s: �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:468 ../../src/kadmin/cli/kadmin.c:483
+#: ../../src/kprop/kpropd.c:677
+msgid "while canonicalizing principal name"
+msgstr "პრინციპ�ლის ს�ხელის კ�ნ�ნიკ�ლიზირების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:477
+msgid "creating host service principal"
+msgstr "ჰ�სტის სერვისის პრინციპ�ლის შექმნ�"
+
+#: ../../src/kadmin/cli/kadmin.c:490
+#, c-format
+msgid "%s: unable to canonicalize principal\n"
+msgstr "%s: პრინციპ�ლის კ�ნ�ნიკ�ლიზ�ციის შეცდ�მ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:533
+#, c-format
+msgid "%s: unable to figure out a principal name\n"
+msgstr "%s: პრინციპ�ლის ს�ხელის გ�რკვევის შეცდ�მ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:540
+msgid "while setting up logging"
+msgstr "ჟურნ�ლის მ�რგების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:549
+#, c-format
+msgid "Authenticating as principal %s with existing credentials.\n"
+msgstr "�ვთენტიკ�ცი�, რ�გ�რც პრინციპ�ლი %s, �რსებული �ვტ�რიზ�ციის დეტ�ლებით.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:555
+#, c-format
+msgid "Authenticating as principal %s with password; anonymous requested.\n"
+msgstr "�ვთენტიკ�ცი�, რ�გ�რც პრინციპ�ლი %s, პ�რ�ლით: �ნ�ნიმური მ�თხ�ვნილი�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:562
+#, c-format
+msgid "Authenticating as principal %s with keytab %s.\n"
+msgstr "�ვთენტიკ�ცი�, რ�გ�რც პრინციპ�ლი %s, keytab-ით %s.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:565
+#, c-format
+msgid "Authenticating as principal %s with default keytab.\n"
+msgstr "�ვთენტიკ�ცი�, რ�გ�რც პრინციპ�ლი %s, ნ�გულისხმები keytab-ით.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:572
+#, c-format
+msgid "Authenticating as principal %s with password.\n"
+msgstr "�ვთენტიკ�ცი�, რ�გ�რც პრინციპ�ლი %s, პ�რ�ლით.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:722
+#, c-format
+msgid "while initializing %s interface"
+msgstr "%s ინტერფეისის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:595
+#, c-format
+msgid "while closing ccache %s"
+msgstr "ccache -ის (%s) დ�ხურვის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:601
+msgid "while mapping update log"
+msgstr "გ�ნ�ხლების ჟურნ�ლის მიბმიბს�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:617
+msgid "while unlocking locked database"
+msgstr "დ�ბლ�კილიბ�ზის გ�ნბლ�კვის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:626
+msgid "Administration credentials NOT DESTROYED.\n"
+msgstr "�დმინისტრ�ტ�რის �ვტ�რიზ�ციის დეტ�ლები �რ გ�ნ�დგურებულ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:675
+msgid "usage: delete_principal [-force] principal\n"
+msgstr "გ�მ�ყენებ�: delete_principal [-force] პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:859
+msgid "while parsing principal name"
+msgstr "პრინციპ�ლის ს�ხელის დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:865
+#: ../../src/kadmin/cli/kadmin.c:1218 ../../src/kadmin/cli/kadmin.c:1343
+#: ../../src/kadmin/cli/kadmin.c:1413 ../../src/kadmin/cli/kadmin.c:1853
+#: ../../src/kadmin/cli/kadmin.c:1897 ../../src/kadmin/cli/kadmin.c:1943
+#: ../../src/kadmin/cli/kadmin.c:1983
+msgid "while canonicalizing principal"
+msgstr "პრინციპ�ლის ს�ხელის კ�ნ�ნიკ�ლიზირების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:690
+#, c-format
+msgid "Are you sure you want to delete the principal \"%s\"? (yes/no): "
+msgstr ""
+"დ�რწმუნებული ბრძ�ნდებით რ�მ გნებ�ვთ პრინციპ�ლი \"%s\"-ის ს�ბ�ლ��დ წ�შლ� "
+"(yes(დი�ხ)/no(�რ�)): "
+
+#: ../../src/kadmin/cli/kadmin.c:694
+#, c-format
+msgid "Principal \"%s\" not deleted\n"
+msgstr "პრინციპ�ლი \"%s\" �რ წ�შლილ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:701
+#, c-format
+msgid "while deleting principal \"%s\""
+msgstr "პრინციპ�ლი \"%s\"-ის წ�შლის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:704
+#, c-format
+msgid "Principal \"%s\" deleted.\n"
+msgstr "პრინციპ�ლი \"%s\" წ�იშ�ლ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:705
+msgid ""
+"Make sure that you have removed this principal from all ACLs before "
+"reusing.\n"
+msgstr ""
+"დ�რწმუნდით, რ�მ თ�ვიდ�ნ გ�მ�ყენებ�მდე პრინციპ�ლი ყველ� ACL-დ�ნ წ�შ�ლეთ\n"
+
+#: ../../src/kadmin/cli/kadmin.c:722
+msgid "usage: rename_principal [-force] old_principal new_principal\n"
+msgstr ""
+"გ�მ�ყენებ�: rename_principal [-force] ძველი_პრინციპ�ლი �ხ�ლი_პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:729
+msgid "while parsing old principal name"
+msgstr "ძველი პრინციპ�ლის ს�ხელის დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:735
+msgid "while parsing new principal name"
+msgstr "�ხ�ლი პრინციპ�ლის ს�ხელის დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:741
+msgid "while canonicalizing old principal"
+msgstr "ძველი პრინციპ�ლის კ�ნ�ნიკ�ლიზირების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:747
+msgid "while canonicalizing new principal"
+msgstr "�ხ�ლი პრინციპ�ლის კ�ნ�ნიკ�ლიზირების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:751
+#, c-format
+msgid ""
+"Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): "
+msgstr ""
+"დ�რწმუნებული ბრძ�ნდებით რ�მ გნებ�ვთ, პრინციპ�ლის ს�ხელის \"%s\"-დ�ნ %s-მდე "
+"გ�დ�რქმევ� (yes(დი�ხ)/no(�რ�)): "
+
+#: ../../src/kadmin/cli/kadmin.c:755
+#, c-format
+msgid "Principal \"%s\" not renamed\n"
+msgstr "პრინციპ�ლი '%s\"-ის ს�ხელი �რ შეცვლილ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:762
+#, c-format
+msgid "while renaming principal \"%s\" to \"%s\""
+msgstr "პრინციპ�ლის ს�ხელის \"%s\"-დ�ნ \"%s\"-მდე გ�დ�რქმევის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:766
+#, c-format
+msgid "Principal \"%s\" renamed to \"%s\".\n"
+msgstr "პრინციპ�ლი \"%s\" -ის ს�ხელი \"%s\"-ზე შეიცვ�ლ�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:767
+msgid ""
+"Make sure that you have removed the old principal from all ACLs before "
+"reusing.\n"
+msgstr ""
+"დ�რწმუნდით, რ�მ თ�ვიდ�ნ გ�მ�ყენებ�მდე ძველი პრინციპ�ლი ყველ� ACL-დ�ნ "
+"წ�შ�ლეთ\n"
+
+#: ../../src/kadmin/cli/kadmin.c:782
+msgid ""
+"usage: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw password] "
+"principal\n"
+msgstr ""
+"გ�მ�ყენებ�: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw "
+"პ�რ�ლი] პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:808
+msgid "change_password: missing db argument"
+msgstr "change_password: ბ�ზის �რგუმენტის გ�ერშე"
+
+#: ../../src/kadmin/cli/kadmin.c:814
+msgid "change_password: Not enough memory\n"
+msgstr "change_password: �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:822
+msgid "change_password: missing password arg"
+msgstr "change_password: �კლი� პ�რ�ლის �რგუმენტი"
+
+#: ../../src/kadmin/cli/kadmin.c:833
+msgid "change_password: missing keysaltlist arg"
+msgstr "change_password: �კლი� keysaltlist �რგუმენტი"
+
+#: ../../src/kadmin/cli/kadmin.c:844
+#, c-format
+msgid "unrecognized option %s"
+msgstr "უცნ�ბი პ�რ�მეტრი %s"
+
+#: ../../src/kadmin/cli/kadmin.c:851
+msgid "missing principal name"
+msgstr "�კლი� პრინციპ�ლის ს�ხელი"
+
+#: ../../src/kadmin/cli/kadmin.c:853
+msgid "too many arguments"
+msgstr "მეტისმეტ�დ ბევრი �რგუმენტი"
+
+#: ../../src/kadmin/cli/kadmin.c:877 ../../src/kadmin/cli/kadmin.c:914
+#, c-format
+msgid "while changing password for \"%s\"."
+msgstr "\"%s\"-სთვის პ�რ�ლის ცვლილების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:880 ../../src/kadmin/cli/kadmin.c:917
+#, c-format
+msgid "Password for \"%s\" changed.\n"
+msgstr "%s-ის პ�რ�ლი შეიცვ�ლ�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:886 ../../src/kadmin/cli/kadmin.c:1294
+#, c-format
+msgid "while randomizing key for \"%s\"."
+msgstr "\"%s\"-ის გ�ს�ღების რ�ნდ�მიზების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:889
+#, c-format
+msgid "Key for \"%s\" randomized.\n"
+msgstr "\"%s\"-ის გ�ს�ღები რ�ნდ�მიზებული�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:894 ../../src/kadmin/cli/kadmin.c:1254
+#, c-format
+msgid "Enter password for principal \"%s\""
+msgstr "შეყვ�ნეთ პ�რ�ლი პრინციპ�ლისთვის \"%s\""
+
+#: ../../src/kadmin/cli/kadmin.c:896 ../../src/kadmin/cli/kadmin.c:1256
+#, c-format
+msgid "Re-enter password for principal \"%s\""
+msgstr "ხელ�ხლ� შეიყვ�ნეთ პ�რ�ლი პრინციპ�ლისთვის \"%s\""
+
+#: ../../src/kadmin/cli/kadmin.c:901 ../../src/kadmin/cli/kadmin.c:1260
+#, c-format
+msgid "while reading password for \"%s\"."
+msgstr "%s-ის პ�რ�ლის წ�კითხვის�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:955
+msgid "Not enough memory\n"
+msgstr "�რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:985 ../../src/kadmin/dbutil/kdb5_util.c:591
+msgid "while getting time"
+msgstr "დრ�ის მიღების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1126 ../../src/kadmin/cli/kadmin.c:1337
+#: ../../src/kadmin/cli/kadmin.c:1408 ../../src/kadmin/cli/kadmin.c:1847
+#: ../../src/kadmin/cli/kadmin.c:1891 ../../src/kadmin/cli/kadmin.c:1937
+#: ../../src/kadmin/cli/kadmin.c:1977
+msgid "while parsing principal"
+msgstr "პრინციპ�ლის დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1135
+msgid "usage: add_principal [options] principal\n"
+msgstr "გ�მ�ყენებ�: add_principal [პ�რ�მეტრები] პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1136 ../../src/kadmin/cli/kadmin.c:1160
+#: ../../src/kadmin/cli/kadmin.c:1653
+msgid "\toptions are:\n"
+msgstr "\tპ�რ�მეტრები�:\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1137
+msgid ""
+"\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire "
+"pwexpdate] [-maxlife maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+"\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+"\t\t[-e keysaltlist]\n"
+"\t\t[{+|-}attribute]\n"
+msgstr ""
+"\t\t[-randkey|-nokey] [-x ბ�ზის_პრინც_�რგუმენტები]* [-expire ვ�დის_თ�რიღი] [-"
+"pwexpire პ�რ�ლის_ვ�დ�] [-maxlife maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy პ�ლიტიკ�] [-clearpolicy]\n"
+"\t\t[-pw პ�რ�ლი] [-maxrenewlife maxrenewlife]\n"
+"\t\t[-e გ�ს�ღების_მ�რილის_სი�]\n"
+"\t\t[{+|-}�ტრიბუტი]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1142 ../../src/kadmin/cli/kadmin.c:1165
+msgid "\tattributes are:\n"
+msgstr "\t�ტრიბუტები�:\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1143 ../../src/kadmin/cli/kadmin.c:1166
+msgid ""
+"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
+"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+"\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+"\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+"\t\tlockdown_keys\n"
+"\n"
+"where,\n"
+"\t[-x db_princ_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
+"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+"\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+"\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+"\t\tlockdown_keys\n"
+"\n"
+"ს�დ�ც,\n"
+"\t[-x ბ�ზის_პრინციპული_�რგუმენტები]* - ბ�ზისთვის გ�დ�ცემული �რგუმენტები.\n"
+"\t\t\tმხ�რდ�ჭერილი �რგუმენტების ს�ნ�ხ�ვ�დ მიმ�რთეთ ბ�ზის დ�კუმენტ�ცი�ს\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1159
+msgid "usage: modify_principal [options] principal\n"
+msgstr "გ�მ�ყენებ�: modify_principal [პ�რ�მეტრები] პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1161
+msgid ""
+"\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife "
+"maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+"\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n"
+msgstr ""
+"\t\t[-x ბ�ზის_პრინციპული_�რგუმენტები]* [-expire ვ�დ�] [-pwexpire "
+"პ�რ�ლის_ვ�დ�] [-maxlife maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy პ�ლიტიკ�] [-clearpolicy]\n"
+"\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}�ტრიბუტი]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1225 ../../src/kadmin/cli/kadmin.c:1366
+#, c-format
+msgid "WARNING: policy \"%s\" does not exist\n"
+msgstr "გ�ფრთხილებ�: პ�ლიტიკ� \"%s\" �რ �რსებ�ბს\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1232
+#, c-format
+msgid "No policy specified for %s; assigning \"default\"\n"
+msgstr "%s-სთვის პ�ლიტიკ� მითითებული �რ��. \"ნ�გულისხმების\" მინიჭებ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1238
+#, c-format
+msgid "No policy specified for %s; defaulting to no policy\n"
+msgstr ""
+"%s-სთვის პ�ლიტიკ� მითიტებული �რ��. ნ�გულისხმებ�დ პ�ლიტიკ� მინიჭებული �რ "
+"იქნებ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1280
+#, c-format
+msgid "Admin server does not support -nokey while creating \"%s\"\n"
+msgstr "�დმინის სერვერს \"%s\"-ის შექმნის�ს -nokey -ის მხ�რდ�ჭერ� �რ გ��ჩნი�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1302
+#, c-format
+msgid "while clearing DISALLOW_ALL_TIX for \"%s\"."
+msgstr "\"%s\"-სთვის DISALLOW_ALL_TIX -ის გ�სუფთ�ვების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1349
+#, c-format
+msgid "while getting \"%s\"."
+msgstr "\"%s\"-ის მიღების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1375
+#, c-format
+msgid "while modifying \"%s\"."
+msgstr "\"%s\"-ის ცვლილების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1379
+#, c-format
+msgid "Principal \"%s\" modified.\n"
+msgstr "პრინციპ�ლი \"%s\" შეიცვ�ლ�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1400
+msgid "usage: get_principal [-terse] principal\n"
+msgstr "გ�მ�ყენებ�: get_principal [-terse] პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1419
+#, c-format
+msgid "while retrieving \"%s\"."
+msgstr "\"%s\"-ის მიღების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1424 ../../src/kadmin/cli/kadmin.c:1429
+msgid "while unparsing principal"
+msgstr "პრინციპ�ლის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1433
+#, c-format
+msgid "Principal: %s\n"
+msgstr "პრინციპ�ლი: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1434
+#, c-format
+msgid "Expiration date: %s\n"
+msgstr "ვ�დის თ�რიღი: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1435 ../../src/kadmin/cli/kadmin.c:1437
+#: ../../src/kadmin/cli/kadmin.c:1440 ../../src/kadmin/cli/kadmin.c:1448
+msgid "[never]"
+msgstr "[�რ�სდრ�ს]"
+
+#: ../../src/kadmin/cli/kadmin.c:1436
+#, c-format
+msgid "Last password change: %s\n"
+msgstr "პ�რ�ლის ბ�ლ� ცვლილებ�: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1438
+#, c-format
+msgid "Password expiration date: %s\n"
+msgstr "პ�რ�ლის �მ�წურვის ვ�დ�: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1441
+#, c-format
+msgid "Maximum ticket life: %s\n"
+msgstr "ბილეთის მ�ქსიმ�ლური სიც�ცხლე: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1442
+#, c-format
+msgid "Maximum renewable life: %s\n"
+msgstr "მ�ქსიმ�ლური გ�ნ�ხლებ�დი სიც�ცხლე: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1444
+#, c-format
+msgid "Last modified: %s (%s)\n"
+msgstr "ბ�ლ� ცვლილებ�: %s (%s)\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1446
+#, c-format
+msgid "Last successful authentication: %s\n"
+msgstr "ბ�ლ� წ�რმ�ტებული �ვთენტიკ�ცი�: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1452
+#, c-format
+msgid "Failed password attempts: %d\n"
+msgstr "პ�რ�ლის წ�რუმ�ტებელი მცდელ�ბები: %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1454
+#, c-format
+msgid "Number of keys: %d\n"
+msgstr "გ�ს�ღებების რ��დენ�ბ�: %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1462
+#, c-format
+msgid "<Encryption type 0x%x>"
+msgstr "<შიფრ�ციის ტიპი 0x%x>"
+
+#: ../../src/kadmin/cli/kadmin.c:1474
+#, c-format
+msgid "<Salt type 0x%x>"
+msgstr "<მ�რილის ტიპი 0x%x>"
+
+#: ../../src/kadmin/cli/kadmin.c:1480
+#, c-format
+msgid "MKey: vno %d\n"
+msgstr "MKey: vno %d\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1482
+#, c-format
+msgid "Attributes:"
+msgstr "�ტრიბუტები:"
+
+#: ../../src/kadmin/cli/kadmin.c:1485
+msgid "while printing flags"
+msgstr "�ლმების გ�მ�ტ�ნის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1494
+msgid "[none]"
+msgstr "[�რცერთი]"
+
+#: ../../src/kadmin/cli/kadmin.c:1496
+msgid " [does not exist]"
+msgstr " [�რ �რსებ�ბს]"
+
+#: ../../src/kadmin/cli/kadmin.c:1497
+#, c-format
+msgid "Policy: %s%s\n"
+msgstr "პ�ლიტიკ�: %s%s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1533
+msgid "usage: get_principals [expression]\n"
+msgstr "გ�მ�ყენებ�: get_principals [გ�მ�ს�ხულებ�]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1538 ../../src/kadmin/cli/kadmin.c:1789
+msgid "while retrieving list."
+msgstr "სიის მიღების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1643
+#, c-format
+msgid "%s: parser lost count!\n"
+msgstr "%s: დ�მმუშ�ვებელმ� ს�თვ�ლ�ვი დ�კ�რგ�!\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1652
+#, c-format
+msgid "usage; %s [options] policy\n"
+msgstr "გ�მ�ყენებ�; %s [პ�რ�მეტრები] პ�ლიტიკ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1654
+msgid ""
+"\t\t[-maxlife time] [-minlife time] [-minlength length]\n"
+"\t\t[-minclasses number] [-history number]\n"
+"\t\t[-maxfailure number] [-failurecountinterval time]\n"
+"\t\t[-allowedkeysalts keysalts]\n"
+msgstr ""
+"\t\t[-maxlife დრ�] [-minlife დრ�] [-minlength სიგრძე]\n"
+"\t\t[-minclasses რიცხვი] [-history რიცხვი]\n"
+"\t\t[-maxfailure რიცხვი] [-failurecountinterval დრ�]\n"
+"\t\t[-allowedkeysalts keysalts]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1658
+msgid "\t\t[-lockoutduration time]\n"
+msgstr "\t\t[-lockoutduration დრ�]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1677
+#, c-format
+msgid "while creating policy \"%s\"."
+msgstr "პ�ლიტიკის (\"%s\") შექმნის�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1698
+#, c-format
+msgid "while modifying policy \"%s\"."
+msgstr "პ�ლიტიკის (\"%s\") ცვლილების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1710
+msgid "usage: delete_policy [-force] policy\n"
+msgstr "გ�მ�ყენებ�: delete_policy [-force] პ�ლიტიკ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1714
+#, c-format
+msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): "
+msgstr ""
+"დ�რწმუნებული ბრძ�ნდებით რ�მ გნებ�ვთ პ�ლიკიტიკს \"%s\" ს�ბ�ლ��დ წ�შლ�? "
+"(yes(დი�ხ)/no(�რ�)): "
+
+#: ../../src/kadmin/cli/kadmin.c:1718
+#, c-format
+msgid "Policy \"%s\" not deleted.\n"
+msgstr "პ�ლიტიკ� \"%s\" �რ წ�შლილ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1724
+#, c-format
+msgid "while deleting policy \"%s\""
+msgstr "პ�ლიტიკის \"%s\" წ�შლის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1736
+msgid "usage: get_policy [-terse] policy\n"
+msgstr "გ�მ�ყენებ�: get_policy [-terse] პ�ლიტიკ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1741
+#, c-format
+msgid "while retrieving policy \"%s\"."
+msgstr "პ�ლიტიკის (\"%s\") მიღების�ს."
+
+#: ../../src/kadmin/cli/kadmin.c:1746
+#, c-format
+msgid "Policy: %s\n"
+msgstr "პ�ლიტიკ�: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1747
+#, c-format
+msgid "Maximum password life: %s\n"
+msgstr "პ�რ�ლის მ�ქსიმ�ლური სიც�ცხლე: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1748
+#, c-format
+msgid "Minimum password life: %s\n"
+msgstr "პ�რ�ლის მინიმ�ლური სიც�ცხლე: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1749
+#, c-format
+msgid "Minimum password length: %ld\n"
+msgstr "პ�რ�ლის მინიმ�ლური სიგრძე: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1750
+#, c-format
+msgid "Minimum number of password character classes: %ld\n"
+msgstr "პ�რ�ლის სიმბ�ლ�ების კლ�სების მინიმ�ლური რიცხვი: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1752
+#, c-format
+msgid "Number of old keys kept: %ld\n"
+msgstr "დ�მ�ხს�ვრებული ძველი გ�ს�ღებები: %ld\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1753
+#, c-format
+msgid "Maximum password failures before lockout: %lu\n"
+msgstr "დ�ბლ�კვ�მდე პ�რ�ლის �რ�სწ�რ�დ შეყვ�ნების რ��დენ�ბ�: %lu\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1755
+#, c-format
+msgid "Password failure count reset interval: %s\n"
+msgstr "პ�რ�ლის �რ�სწ�რ�დ შეყვ�ნის�ს დ�ბლ�კვის გ�ნბლ�კვის ინტერვ�ლი: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1757
+#, c-format
+msgid "Password lockout duration: %s\n"
+msgstr "პ�რ�ლის დ�ბლ�კვის ხ�ნგრძლივ�ბ�: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1760
+#, c-format
+msgid "Allowed key/salt types: %s\n"
+msgstr "მ�რილის/გ�ს�ღების დ�ს�შვები ტიპები: %s\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1784
+msgid "usage: get_policies [expression]\n"
+msgstr "გ�მ�ყენებ�: get_policies [გ�მ�ს�ხულებ�]\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1806
+msgid "usage: get_privs\n"
+msgstr "გ�მ�ყენებ�: get_privs\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1811
+msgid "while retrieving privileges"
+msgstr "პრივილეგიების მიღების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1814
+#, c-format
+msgid "current privileges:"
+msgstr "მიმდინ�რე პრივილეგიები:"
+
+#: ../../src/kadmin/cli/kadmin.c:1840
+msgid "usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal\n"
+msgstr ""
+"გ�მ�ყენებ�: purgekeys [-all|-keepkvno უძველესი_დ�ს�ტ�ვებელი_kvno] "
+"პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1860
+#, c-format
+msgid "while purging keys for principal \"%s\""
+msgstr "პრინციპ�ლისთვის \"%s\" გ�ს�ღებების წ�შლის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1865
+#, c-format
+msgid "All keys for principal \"%s\" removed.\n"
+msgstr "პრინციპ�ლისთვის \"%s\" ყველ� გ�ს�ღები წ�შლილი�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1867
+#, c-format
+msgid "Old keys for principal \"%s\" purged.\n"
+msgstr "პრინციპ�ლისთვის \"%s\" ძველი გ�ს�ღებები წ�შლილი�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1884
+msgid "usage: get_strings principal\n"
+msgstr "გ�მ�ყენებ�: get_strings პრინციპ�ლი\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1904
+#, c-format
+msgid "while getting attributes for principal \"%s\""
+msgstr "�ტრიბუტების მიღების�ს პრინციპ�ლისთვის \"%s\""
+
+#: ../../src/kadmin/cli/kadmin.c:1909
+#, c-format
+msgid "(No string attributes.)\n"
+msgstr "(სტრიქ�ნული �ტრიბუტების გ�რეშე.)\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1928
+msgid "usage: set_string principal key value\n"
+msgstr "გ�მ�ყენებ�: set_string პრინციპ�ლი გ�ს�ღები მნიშვნელ�ბ�\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1950
+#, c-format
+msgid "while setting attribute on principal \"%s\""
+msgstr "პრინციპ�ლზე (\"%s\") �ტრიბუტის დ�ყენების�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1954
+#, c-format
+msgid "Attribute set for principal \"%s\".\n"
+msgstr "პრინციპ�ლზე (\"%s\") �ტრიბუტი დ�ყენებული�.\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1969
+msgid "usage: del_string principal key\n"
+msgstr "გ�მ�ყენებ�: del_string პრინციპ�ლი გ�ს�ღები\n"
+
+#: ../../src/kadmin/cli/kadmin.c:1990
+#, c-format
+msgid "while deleting attribute from principal \"%s\""
+msgstr "პრინციპ�ლიდ�ნ (\"%s\") �ტრიბუტის წ�შლის�ს"
+
+#: ../../src/kadmin/cli/kadmin.c:1994
+#, c-format
+msgid "Attribute removed from principal \"%s\".\n"
+msgstr "პრინციპ�ლიდ�ნ (\"%s\") �ტრიბუტი წ�შლილი�\n"
+
+#: ../../src/kadmin/cli/keytab.c:55
+#, c-format
+msgid ""
+"Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] "
+"[principal | -glob princ-exp] [...]\n"
+msgstr ""
+"გ�მ�ყენებ�: ktadd [-k[eytab] keytab] [-q] [-e გ�ს�ღებისმ�რილებისსი�] [-"
+"norandkey] [პრინციპ�ლი | -glob princ-exp] [...]\n"
+
+#: ../../src/kadmin/cli/keytab.c:62
+#, c-format
+msgid ""
+"Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n"
+msgstr ""
+"გ�მ�ყენებ�: ktremove [-k[eytab] keytab] [-q] პრინციპ�ლი [kvno|\"all\"(ყველ�)|"
+"\"old\"(ძველი)]\n"
+
+#: ../../src/kadmin/cli/keytab.c:76 ../../src/kadmin/cli/keytab.c:97
+msgid "while creating keytab name"
+msgstr "keytab-ის ს�ხელის შექმნის�ს"
+
+#: ../../src/kadmin/cli/keytab.c:81
+msgid "while opening default keytab"
+msgstr "ნ�გულისხმები keytab-ის გ�ხსნის�ს"
+
+#: ../../src/kadmin/cli/keytab.c:165
+#, c-format
+msgid "cannot specify keysaltlist when not changing key\n"
+msgstr "რ�ც� გ�ს�ღბს �რ ცვლით, keysaltlist-ს ვერ მიუთითებთ\n"
+
+#: ../../src/kadmin/cli/keytab.c:181
+#, c-format
+msgid "while expanding expression \"%s\"."
+msgstr "გ�მ�ს�ხულების (\"%s\") გ�ფ�რთ�ების�ს."
+
+#: ../../src/kadmin/cli/keytab.c:200 ../../src/kadmin/cli/keytab.c:240
+msgid "while closing keytab"
+msgstr "keytab-ის დ�ხურვის�ს"
+
+#: ../../src/kadmin/cli/keytab.c:314
+#, c-format
+msgid "while parsing -add principal name %s"
+msgstr "-add პრინციპ�ლის ს�ხელის %s დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/cli/keytab.c:328
+#, c-format
+msgid "%s: Principal %s does not exist.\n"
+msgstr "%s: პრინციპ�ლი %s �რ �რსებ�ბს.\n"
+
+#: ../../src/kadmin/cli/keytab.c:331
+#, c-format
+msgid "while changing %s's key"
+msgstr "%s-ის გ�ს�ღების შეცვლის�ს"
+
+#: ../../src/kadmin/cli/keytab.c:343
+msgid "while adding key to keytab"
+msgstr "გ�ს�ღების keytab-ში ჩ�მ�ტების�ს"
+
+#: ../../src/kadmin/cli/keytab.c:348
+#, c-format
+msgid ""
+"Entry for principal %s with kvno %d, encryption type %s added to keytab %s.\n"
+msgstr ""
+"ჩ�ნ�წერი პრინციპ�ლისთვის %s kvno-ით %d, დ�შიფვრის ტიპი %s დ�მ�ტებული� keytab-"
+"ში %s.\n"
+
+#: ../../src/kadmin/cli/keytab.c:396
+#, c-format
+msgid "%s: Keytab %s does not exist.\n"
+msgstr "%s: Keytab-ი %s �რ �რსებ�ბს.\n"
+
+#: ../../src/kadmin/cli/keytab.c:400
+#, c-format
+msgid "%s: No entry for principal %s exists in keytab %s\n"
+msgstr "%s: პრინციპ�ლისთვის %s keytab-ში %s ჩ�ნ�წერი �რ �რსებ�ბს\n"
+
+#: ../../src/kadmin/cli/keytab.c:404
+#, c-format
+msgid "%s: No entry for principal %s with kvno %d exists in keytab %s\n"
+msgstr "%s: პრინციპ�ლისთვის %s kvno-ით %d, keytab-ში %s ჩ�ნ�წერი �რ �რსებ�ბს\n"
+
+#: ../../src/kadmin/cli/keytab.c:410
+msgid "while retrieving highest kvno from keytab"
+msgstr "keytab-დ�ნ უმ�ღლესი kvno-ის მიღების�ს"
+
+#: ../../src/kadmin/cli/keytab.c:443
+msgid "while temporarily ending keytab scan"
+msgstr "keytab-ის სკ�ნირების დრ�ებით დ�სრულების�ს"
+
+#: ../../src/kadmin/cli/keytab.c:448
+msgid "while deleting entry from keytab"
+msgstr "keytab-დ�ნ ჩ�ნ�წერის წ�შლის�ს"
+
+#: ../../src/kadmin/cli/keytab.c:453
+msgid "while restarting keytab scan"
+msgstr "keytab-ის სკ�ნირების თ�ვიდ�ნ გ�შვების�ს"
+
+#: ../../src/kadmin/cli/keytab.c:459
+#, c-format
+msgid "Entry for principal %s with kvno %d removed from keytab %s.\n"
+msgstr "ჩ�ნ�წერი პრინციპ�ლისთვის %s kvno-ით %d წ�შლილი� keytab-დ�ნ %s.\n"
+
+#: ../../src/kadmin/cli/keytab.c:481
+#, c-format
+msgid "%s: There is only one entry for principal %s in keytab %s\n"
+msgstr "%s: პრინციპ�ლისთვის %s keytab-ში %s მხ�ლ�დ ერთი ჩ�ნ�წერი �რსებ�ბს\n"
+
+#: ../../src/kadmin/cli/ss_wrapper.c:53 ../../src/kadmin/ktutil/ktutil.c:58
+msgid "creating invocation"
+msgstr "ჩ�წ�დების შექმნ�"
+
+#: ../../src/kadmin/dbutil/dump.c:165
+msgid "while allocating temporary filename dump"
+msgstr "დრ�ებითი ფ�ილის ს�ხელის დ�მპის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:176
+msgid "while renaming dump file into place"
+msgstr "დ�მპის ფ�ილის �დგილზე ს�ხელის გ�დ�რქმევის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:196
+msgid "while allocating dump_ok filename"
+msgstr "dump_ok ფ�ილის ს�ხელის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:202
+#, c-format
+msgid "while creating 'ok' file, '%s'"
+msgstr "'ok' ფ�ილის შექმნის�ს, '%s'"
+
+#: ../../src/kadmin/dbutil/dump.c:207
+#, c-format
+msgid "while locking 'ok' file, '%s'"
+msgstr "'ok' ფ�ილის დ�ბლ�კვის�ს. '%s'"
+
+#: ../../src/kadmin/dbutil/dump.c:260 ../../src/kadmin/dbutil/dump.c:289
+#, c-format
+msgid "%s: regular expression error: %s\n"
+msgstr "%s: რეგულ�რული გ�მ�ს�ხულების შეცდ�მ�: %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:272
+#, c-format
+msgid "%s: regular expression match error: %s\n"
+msgstr "%s: რეგულ�რული გ�მ�ს�ხულების დ�მთხვევის შეცდ�მ�: %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:373
+#, c-format
+msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
+msgstr ""
+"%s ჭდის მქ�ნე მ�ნ�ცემების სი� �რ�თ�ნ�მიმდევრული� %s-სთვის (დ�თვლილი� %d, "
+"დ�მ�ხს�ვრებული� %d)\n"
+
+#: ../../src/kadmin/dbutil/dump.c:495
+#, c-format
+msgid "while converting %s to new master key"
+msgstr "%s -ის �ხ�ლ მთ�ვ�რ გ�ს�ღებზე გ�დ�ყვ�ნის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:516
+#, c-format
+msgid "%s(%d): %s\n"
+msgstr "%s(%d): %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:559
+#, c-format
+msgid "%s(%d): ignoring trash at end of line: "
+msgstr "%s(%d): ბ�ლ�ში ნ�გ�ვი იგნ�რირებული�: "
+
+#: ../../src/kadmin/dbutil/dump.c:622
+msgid "cannot read tagged data type and length"
+msgstr "ჭდის მქ�ნე მ�ნ�ცემების ტიპის დ� სიგრძის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:626
+msgid "data type or length overflowed"
+msgstr "მ�ნ�ცემების ტიპი �ნ სიგრძე გ�დ�ვსებული�"
+
+#: ../../src/kadmin/dbutil/dump.c:633
+msgid "cannot read tagged data contents"
+msgstr "ჭდის მქ�ნე მ�ნ�ცემების შემცველ�ბის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:666
+msgid "cannot match size tokens"
+msgstr "კ�დის ზ�მები �რ ემთხვევ�"
+
+#: ../../src/kadmin/dbutil/dump.c:672
+msgid "cannot allocate principal (too large)"
+msgstr "პრინციპ�ლის გ�მ�ყ�ფის შეცდ�მ� (ძ�ლი�ნ დიდი�)"
+
+#: ../../src/kadmin/dbutil/dump.c:681
+msgid "cannot allocate tl_data (too large)"
+msgstr "tl_data-ის გ�მ�ყ�ფის შეცდ�მ� (ძ�ლი�ნ დიდი�)"
+
+#: ../../src/kadmin/dbutil/dump.c:690
+msgid "invalid key_data size"
+msgstr "key_data-ის �რ�სწ�რი ზ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:707
+msgid "cannot read name string"
+msgstr "ს�ხელის სტრიქ�ნის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:712
+#, c-format
+msgid "while parsing name %s"
+msgstr "ს�ხელის (%s) დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:720
+msgid "cannot read principal attributes"
+msgstr "პრინციპ�ლის �ტრიბუტების წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:773
+msgid "cannot read key size and version"
+msgstr "გ�ს�ღების ზ�მის� დ� ვერსიის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:777
+msgid "unsupported key_data_ver version"
+msgstr "key_data_ver -ის მხ�რდ�უჭერელი ვერსი�"
+
+#: ../../src/kadmin/dbutil/dump.c:781
+msgid "invalid kvno"
+msgstr "�რ�სწ�რი kvno"
+
+#: ../../src/kadmin/dbutil/dump.c:792
+msgid "cannot read key type and length"
+msgstr "გ�ს�ღების ტიპის� დ� სიგრძის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:798
+msgid "cannot read key data"
+msgstr "გ�ს�ღების მ�ნ�ცემების წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:808
+msgid "cannot read extra data"
+msgstr "დ�მ�ტებითი მ�ნ�ცემების წ�კითხვის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/dump.c:817
+#, c-format
+msgid "while storing %s"
+msgstr "%s-ის შენ�ხვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:856 ../../src/kadmin/dbutil/dump.c:895
+#: ../../src/kadmin/dbutil/dump.c:941 ../../src/kadmin/dbutil/dump.c:960
+#, c-format
+msgid "cannot parse policy (%d read)\n"
+msgstr "პ�ლიტიკის დ�მუშ�ვების შეცდ�მ� (%d წ�კითხული�)\n"
+
+#: ../../src/kadmin/dbutil/dump.c:864 ../../src/kadmin/dbutil/dump.c:903
+#: ../../src/kadmin/dbutil/dump.c:981
+msgid "while creating policy"
+msgstr "პ�ლიტიკის შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:868
+#, c-format
+msgid "created policy %s\n"
+msgstr "შეიქმნ� პ�ლიტიკ� %s\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1018
+#, c-format
+msgid "unknown record type \"%s\"\n"
+msgstr "ჩ�ნ�წერის უცნ�ბი ტიპი \"%s\"\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1129
+#, c-format
+msgid "%s: Unknown iprop dump version %d\n"
+msgstr "%s: iprop-ის დ�მპის უცნ�ბი ვერსი� %d\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1207 ../../src/kadmin/dbutil/dump.c:1443
+#, c-format
+msgid "OV dump format not supported\n"
+msgstr "OV დ�მპის ფ�რმ�ტი მხ�რდ�უჭერელი�\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1229 ../../src/kadmin/dbutil/dump.c:1455
+#, c-format
+msgid "Iprop not enabled\n"
+msgstr "Iprop ჩ�რთული �რ��\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1266
+msgid "Conditional dump is an undocumented option for use only for iprop dumps"
+msgstr ""
+"პირ�ბითი დ�მპი �რ�დ�კუმენტირებული პ�რ�მეტრი�, რ�მელიც მხ�ლ�დ iprop-ის "
+"დ�მპებისთვის გ�მ�იყენებ�"
+
+#: ../../src/kadmin/dbutil/dump.c:1279
+msgid "Database not currently opened!"
+msgstr "ბ�ზ� �მჟ�მ�დ ღი� �რ��!"
+
+#: ../../src/kadmin/dbutil/dump.c:1293 ../../src/kadmin/dbutil/kdb5_stash.c:116
+#: ../../src/kadmin/dbutil/kdb5_util.c:445
+msgid "while reading master key"
+msgstr "მთ�ვ�რი გ�ს�ღების წ�კითხვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1299
+msgid "while verifying master key"
+msgstr "მთ�ვ�რი გ�ს�ღების გ�დ�მ�წმების�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1318 ../../src/kadmin/dbutil/dump.c:1328
+msgid "while reading new master key"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების წ�კითხვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1322
+#, c-format
+msgid "Please enter new master key....\n"
+msgstr "შეიყვ�ნეთ �ხ�ლი მთ�ვ�რი გ�ს�ღები...\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1346
+#, c-format
+msgid "while opening %s for writing"
+msgstr "%s-ის ჩ�ს�წერ�დ გ�ხსნის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1361
+msgid "while reading update log header"
+msgstr "გ�ნ�ხლების ჟურნ�ლის თ�ვს�რთის წ�კითხვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1376 ../../src/kadmin/dbutil/dump.c:1384
+#, c-format
+msgid "performing %s dump"
+msgstr "მიმდინ�რე�ბს %s-ის დ�მპი"
+
+#: ../../src/kadmin/dbutil/dump.c:1414
+#, c-format
+msgid "%s: error processing line %d of %s\n"
+msgstr "%s: შეცდ�მ� %d ხ�ზის დ�მუშ�ვების�ს, %s-დ�ნ\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1464
+msgid "while parsing options"
+msgstr "პ�რ�მეტრების დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1479
+#, c-format
+msgid "while opening %s"
+msgstr "\"%s\"-ის გ�ხსნის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1484 ../../src/kadmin/dbutil/dump.c:1580
+msgid "standard input"
+msgstr "სტ�ნდ�რტული შეყვ�ნ�"
+
+#: ../../src/kadmin/dbutil/dump.c:1489
+#, c-format
+msgid "%s: can't read dump header in %s\n"
+msgstr "%s: %s-ში დ�მპის თ�ვს�რთის წ�კითხვის შეცდ�მ�\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1497 ../../src/kadmin/dbutil/dump.c:1511
+#, c-format
+msgid "%s: dump header bad in %s\n"
+msgstr "%s: დ�მპის �რ�სწ�რი თ�ვს�რთი %s-ში\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1520
+#, c-format
+msgid "Could not open iprop ulog\n"
+msgstr "შეცდ�მ� iprop ulog-ის გ�ხსნის�ს\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1525
+#, c-format
+msgid "%s: dump version %s can only be loaded with the -update flag\n"
+msgstr "%s: დ�მპის ვერსი� %s მხ�ლ�დ -update �ლმით შეიძლებ� ჩ�იტვირთ�ს\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1534 ../../src/kadmin/dbutil/dump.c:1539
+msgid "computing parameters for database"
+msgstr "ბ�ზისთვის პ�რ�მეტრების გ�მ�თვლ�"
+
+#: ../../src/kadmin/dbutil/dump.c:1545
+msgid "while creating database"
+msgstr "ბ�ზის შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1554
+msgid "while opening database"
+msgstr "ბ�ზის გ�ხსნის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1564
+msgid "while permanently locking database"
+msgstr "ბ�ზის ს�მუდ�მ�დ დ�ბლ�კვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1582
+#, c-format
+msgid "%s: %s restore failed\n"
+msgstr "%s: %s �ღდგენის შეცდ�მ�\n"
+
+#: ../../src/kadmin/dbutil/dump.c:1587
+msgid "while unlocking database"
+msgstr "ბ�ზის გ�ნბლ�კვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1597 ../../src/kadmin/dbutil/dump.c:1616
+msgid "while reinitializing update log"
+msgstr "გ�ნ�ხლების ჟურნ�ლის თ�ვიდ�ნ ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1607
+msgid "while making newly loaded database live"
+msgstr "�ხლ�დ ჩ�ტვირთული ბ�ზის ს�მუშ�� რეჟიმში გ�დ�რთვის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1623
+msgid "while writing update log header"
+msgstr "გ�ნ�ხლების ჟურნ�ლის თ�ვს�რთის ჩ�წერის�ს"
+
+#: ../../src/kadmin/dbutil/dump.c:1637
+#, c-format
+msgid "while deleting bad database %s"
+msgstr "ცუდი ბ�ზის (%s) წ�შლის�ს"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:79
+msgid "while looking up the Kerberos configuration"
+msgstr "kerberos-ის კ�ნფიგურ�ციის ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:105
+msgid "while initializing the Kerberos admin interface"
+msgstr "kerberos-ის �დმინისტრირების ინტერფეისის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:197
+msgid "while appending realm to principal"
+msgstr "რე�ლმის პრინციპ�ლზე მიწერის�ს"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:203
+msgid "while parsing admin principal name"
+msgstr "�დმინის პრინციპ�ლის ს�ხელის დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:215
+#, c-format
+msgid "while creating principal %s"
+msgstr "პრინციპ�ლი \"%s\"-ის შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:186
+#: ../../src/kadmin/dbutil/kdb5_util.c:389
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:574
+msgid "while setting up master key name"
+msgstr "მთ�ვ�რი გ�ს�ღების ს�ხელის დ�ყენების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:197
+#, c-format
+msgid ""
+"Initializing database '%s' for realm '%s',\n"
+"master key name '%s'\n"
+msgstr ""
+"ბ�ზის (\"%s\") ინიცი�ლიზ�ცი� რე�ლმისთვის '%s'.\n"
+"მთ�ვ�რი გ�ს�ღებს ს�ხელი� '%s'\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:202
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:483
+#, c-format
+msgid "You will be prompted for the database Master Password.\n"
+msgstr "ბ�ზის მთ�ვ�რ პ�რ�ლს შეგეკითხებით.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:203
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:255
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:484
+#, c-format
+msgid "It is important that you NOT FORGET this password.\n"
+msgstr "ძ�ლი�ნ მნიშვნელ�ვ�ნი�, რ�მ ეს პ�რ�ლი *�რ�სდრ�ს დ�გ�ვიწყდეთ*.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:209
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:261
+msgid "while creating new master key"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:217
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:494
+msgid "while reading master key from keyboard"
+msgstr "მთ�ვ�რი გ�ს�ღების კლ�ვი�ტურიდ�ნ წ�კითხვის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:227
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:280
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:586
+msgid "while calculating master key salt"
+msgstr "მთ�ვ�რი გ�ს�ღების მ�რილის გ�მ�თვლის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:235
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:289
+#: ../../src/kadmin/dbutil/kdb5_util.c:431
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:598
+msgid "while transforming master key from password"
+msgstr "მთ�ვ�რი გ�ს�ღების პ�რ�ლიდ�ნ გ�რდ�ქმნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:245
+msgid "while initializing random key generator"
+msgstr "შემთხვევითი რიცხვების გენერ�ტ�რის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:250
+#, c-format
+msgid "while creating database '%s'"
+msgstr "ბ�ზის (\"%s\") შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:268
+msgid "while creating update log"
+msgstr "გ�ნ�ხლების ჟურნ�ლის შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:279
+msgid "while initializing update log"
+msgstr "გ�ნ�ხლების ჟურნ�ლის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:294
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:610
+msgid "while adding entries to the database"
+msgstr "ბ�ზ�ში ჩ�ნ�წერების დ�მ�ტების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:322
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:333
+#: ../../src/kadmin/dbutil/kdb5_stash.c:133
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:635
+msgid "while storing key"
+msgstr "გ�ს�ღების შენ�ხვის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:323
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:334
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:636
+#, c-format
+msgid "Warning: couldn't stash master key.\n"
+msgstr "გ�ფრთხილებ�: მთ�ვ�რი გ�ს�ღების მ�გრ�ვების შეცდ�მ�.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:69
+#, c-format
+msgid "Deleting KDC database stored in '%s', are you sure?\n"
+msgstr ""
+"წ�იშლებ� KDC-ის ბ�ზ�, დ�მ�ხს�ვრებული '%s'-ში. დ�რწმუნებული ბრძ�ნდებით?\n"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:71
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1111
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1442
+#, c-format
+msgid "(type 'yes' to confirm)? "
+msgstr "(დ�ს�დ�სტურებლ�დ �კრიფეთ 'yes' (დი�ხ)? "
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:78
+#, c-format
+msgid "OK, deleting database '%s'...\n"
+msgstr "კ�რგი, მიმდინ�რე�ბს ბ�ზის წ�შლ� '%s'...\n"
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:83
+#, c-format
+msgid "deleting database '%s'"
+msgstr "ბ�ზის წ�შლ� '%s'..."
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:92
+#, c-format
+msgid "** Database '%s' destroyed.\n"
+msgstr "** ბ�ზ� '%s' გ�ნ�დგურდ�.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:223
+#, c-format
+msgid "%s is an invalid enctype"
+msgstr "%s �რ�სწ�რი enctype-�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:245
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:421
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:564
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:941
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1102
+#, c-format
+msgid "while getting master key principal %s"
+msgstr "მთ�ვ�რი გ�ს�ღების პრინციპ�ლის (%s) მიღების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:251
+#, c-format
+msgid "Creating new master key for master key principal '%s'\n"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების დ�მ�ტებ� მთ�ვ�რი პრინციპ�ლისთვის '%s'\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:254
+#, c-format
+msgid "You will be prompted for a new database Master Password.\n"
+msgstr "ბ�ზის �ხ�ლ მთ�ვ�რ პ�რ�ლს შეგეკითხებით.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:270
+msgid "while reading new master key from keyboard"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების კლ�ვი�ტურიდ�ნ წ�კითხვის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:299
+msgid "adding new master key to master principal"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების მთ�ვ�რი პრინციპ�ლისთვის დ�მ�ტებ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:305
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:390
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:806
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1305
+msgid "while getting current time"
+msgstr "მიმდინ�რე დრ�ის მიღების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:312
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:522
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1312
+msgid "while updating the master key principal modification time"
+msgstr "მთ�ვ�რი გ�ს�ღების პრინციპ�ლის ცვლილების დრ�ის გ�ნ�ხლების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:319
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:530
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1322
+msgid "while adding master key entry to the database"
+msgstr "მთ�ვ�რი გ�ს�ღების ჩ�ნ�წერის ბ�ზ�ში ჩ�მ�ტების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:371
+msgid "0 is an invalid KVNO value"
+msgstr "0 KVNO-ის �რ�სწ�რი მნიშვნელ�ბ��"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:382
+#, c-format
+msgid "%d is an invalid KVNO value"
+msgstr "%d KVNO-ის �რ�სწ�რი მნიშვნელ�ბ��"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:398
+#, c-format
+msgid "could not parse date-time string '%s'"
+msgstr "თ�რითი-დრ�ის სტრიქ�ნის \"%s\" დ�მუშ�ვების შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:430
+msgid "while looking up active version of master key"
+msgstr "მთ�ვ�რი გ�ს�ღების �ქტიური ვერსიის მ�ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:469
+msgid "while adding new master key"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების დ�მ�ტების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:507
+msgid "there must be one master key currently active"
+msgstr "მიმდინ�რე დრ�ს ერთი მთ�ვ�რი გ�ს�ღები ყ�ველთვის უნდ� იყ�ს �ქტიური"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:515
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1291
+msgid "while updating actkvno data for master principal entry"
+msgstr "მთ�ვ�რი პრინციპ�ლის ც�ნ�წერის actkvno-ის მ�ნ�ცემების გ�ნ�ხლების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:556
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:903
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1072
+msgid "master keylist not initialized"
+msgstr "მთ�ვ�რი keylist ინიცი�ლიზებული �რ��"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:572
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:949
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1199
+msgid "while looking up active kvno list"
+msgstr "�ქტიური kvno-ის სიის ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:580
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:957
+msgid "while looking up active master key"
+msgstr "�ქტიური მთ�ვ�რი გ�ს�ღების ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:592
+msgid "while getting enctype description"
+msgstr "enctype-ის �ღწერის მიღების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:609
+#, c-format
+msgid "KVNO: %d, Enctype: %s, Active on: %s *\n"
+msgstr "KVNO: %d, Enctype: %s, �ქტიური�: %s *\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:614
+#, c-format
+msgid "KVNO: %d, Enctype: %s, Active on: %s\n"
+msgstr "KVNO: %d, Enctype: %s, �ქტიური�: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:618
+#, c-format
+msgid "KVNO: %d, Enctype: %s, No activate time set\n"
+msgstr "KVNO: %d, Enctype: %s, �ქტივირების დრ� მითითებული �რ��\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:623
+msgid "asprintf could not allocate enough memory to hold output"
+msgstr ""
+"asprintf -ის შეცდ�მ� გ�მ�ტ�ნის შეკ�ვებისთვის ს�კმ�რისი მეხსიერების "
+"გ�მ�ყ�ფის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:756
+msgid "getting string representation of principal name"
+msgstr "კლიენტის პრინციპ�ლის ს�ხელის სტრიქ�ნის ს�ხით მიღებ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:780
+#, c-format
+msgid "determining master key used for principal '%s'"
+msgstr "პრინციპ�ლისთვის (%s) გ�მ�ყენებული მთ�ვ�რი გ�ს�ღების გ�ნს�ზღვრ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:786
+#, c-format
+msgid "would skip:   %s\n"
+msgstr "გ�მ�ვტ�ვებდი:   %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:788
+#, c-format
+msgid "skipping: %s\n"
+msgstr "გ�მ�ტ�ვებ�: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:794
+#, c-format
+msgid "would update: %s\n"
+msgstr "გ�ნვ��ხლებდი: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:798
+#, c-format
+msgid "updating: %s\n"
+msgstr "გ�ნ�ხლებ�: %s\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:802
+#, c-format
+msgid "error re-encrypting key for principal '%s'"
+msgstr "შეცდ�მ� პრინციპ�ლისთვის ('%s') გ�ს�ღების თ�ვიდ�ნ დ�შიფვრის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:813
+#, c-format
+msgid "while updating principal '%s' modification time"
+msgstr "პრინციპ�ლის (%s) ცვლილების დრ�ის გ�ნ�ხლების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:820
+#, c-format
+msgid "while updating principal '%s' key data in the database"
+msgstr "ბ��ში პრინციპ�ლის (%s) გ�ს�ღების მ�ნ�ცემების გ�ნ�ხლების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:852
+#, c-format
+msgid ""
+"\n"
+"(type 'yes' to confirm)? "
+msgstr ""
+"\n"
+"(დ�ს�დ�სტურებლ�დ �კრიფეთ 'yes' (დი�ხ)? "
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:914
+#, c-format
+msgid "converting glob pattern '%s' to regular expression"
+msgstr "გლ�ბის შ�ბლ�ნის (%s) რეგულ�რულ გ�მ�ს�ხულებ�დ გ�რდ�ქმნ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:932
+#, c-format
+msgid "error compiling converted regexp '%s'"
+msgstr "გ�რდ�ქმნილი რეგულ�რული გ�მ�ს�ხულების (%s) კ�მპილ�ციის შეცდ�მ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:965
+#, c-format
+msgid "Re-encrypt all keys not using master key vno %u?"
+msgstr ""
+"გ�დ�ვშიფრ� ყველ� გ�ს�ღები, რ�მელიც მთ�ვ�რ გ�ს�ღებს vno %u -ს �რ იყენებს?"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:967
+#, c-format
+msgid "OK, doing nothing.\n"
+msgstr "კ�რგი, �რ�ფერს ვ�კეთებ.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:973
+#, c-format
+msgid "Principals whose keys WOULD BE re-encrypted to master key vno %u:\n"
+msgstr ""
+"პრინციპ�ლები, რ�მლის გ�ს�ღებებიც გ�დ�შიფვრ�დი� მთ�ვ�რი გ�ს�ღებით vno %u: \n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:976
+#, c-format
+msgid ""
+"Principals whose keys are being re-encrypted to master key vno %u if "
+"necessary:\n"
+msgstr ""
+"პრინციპ�ლები, რ�მლის გ�ს�ღებებიც, ს�ჭირ�ების შემთხვევ�ში, გ�დ�იშიფრებ� "
+"მთ�ვ�რი გ�ს�ღებით vno %u:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:992
+msgid "trying to process principal database"
+msgstr "პრინციპ�ლის ბ�ზის დ�მუშ�ვების მცდელ�ბ�"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:996
+#, c-format
+msgid "%u principals processed: %u would be updated, %u already current\n"
+msgstr "დ�მუშ�ვებული� %u პრინციპ�ლი: %u გ�ნ�ხლებ�დი�, %u უკვე გ�ნ�ხლებული�\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1000
+#, c-format
+msgid "%u principals processed: %u updated, %u already current\n"
+msgstr "დ�მუშ�ვებული� %u პრინციპ�ლი: %u გ�ნ�ხლებული�, %u უკვე მიმდინ�რე�\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1109
+#, c-format
+msgid ""
+"Will purge all unused master keys stored in the '%s' principal, are you "
+"sure?\n"
+msgstr ""
+"ყველ� გ�მ�უყენებელი მთ�ვ�რი გ�ს�ღები, დ�მ�ხს�ვრებული %s პრინციპ�ლში, "
+"წ�იშლებ�. დ�რწმუნებული ბრძ�ნდებით?\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1120
+#, c-format
+msgid "OK, purging unused master keys from '%s'...\n"
+msgstr ""
+"კ�რგი. მიმდინ�რე�ბს გ�მ�უყენებელი მთ�ვ�რი გ�ს�ღებების %s-დ�ნ წ�შლ�...\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1128
+#, c-format
+msgid "There is only one master key which can not be purged.\n"
+msgstr "�რსებ�ბს მხ�ლ�დ ერთი მთ�ვ�რი გ�ს�ღები დ� მისი წ�შლ� �კრძ�ლული�.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1137
+msgid "while allocating args.kvnos"
+msgstr "args.kvnos -ის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1153
+msgid "while finding master keys in use"
+msgstr "გ�მ�ყენებული მთ�ვ�რი გ�ს�ღებების ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162
+#, c-format
+msgid "Would purge the following master key(s) from %s:\n"
+msgstr "%s-დ�ნ შემდეგი მთ�ვ�რი გ�ს�ღებები წ�იშლებ�:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1165
+#, c-format
+msgid "Purging the following master key(s) from %s:\n"
+msgstr "%s-დ�ნ შემდეგი მთ�ვ�რი გ�ს�ღებების წ�შლ�:\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1177
+msgid "master key stash file needs updating, command aborting"
+msgstr ""
+"მთ�ვ�რი გ�ს�ღების შეს�გრ�ვებელ ფ�ილს გ�ნ�ხლებ� სჭირდებ�. ბრძ�ნების მუშ��ბის "
+"დ�ს�სრული"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1183
+#, c-format
+msgid "KVNO: %d\n"
+msgstr "KVNO: %d\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1188
+#, c-format
+msgid "All keys in use, nothing purged.\n"
+msgstr "ყველ� გ�ს�ღები გ�მ�იყენებ�. �რ�ფერი წ�შლილ�.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1193
+#, c-format
+msgid "%d key(s) would be purged.\n"
+msgstr "წ�იშლებ�დ� %d გ�ს�ღები.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1206
+msgid "while looking up mkey aux data list"
+msgstr "mkey-ის დ�მ�ტებითი მ�ნ�ცემების სიის ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1214
+msgid "while allocating key_data"
+msgstr "key_data-ის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1299
+msgid "while updating mkey_aux data for master principal entry"
+msgstr ""
+"mkey_aux-ის მ�ნ�ცემების მხ�ლ�დ მთ�ვ�რი პრინციპ�ლის ჩ�ნ�წერის გ�ნ�ხლების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1326
+#, c-format
+msgid "%d key(s) purged.\n"
+msgstr "%d გ�ს�ღები წ�იშ�ლ�.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:97
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:542
+#, c-format
+msgid "while setting up enctype %d"
+msgstr "enctype %d-ის მ�რგების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:123
+msgid "while getting master key list"
+msgstr "მთ�ვ�რი გ�ს�ღებების სიის მიღების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:127
+#, c-format
+msgid "Using existing stashed keys to update stash file.\n"
+msgstr ""
+"�რშებული მ�გრ�ვებული გ�ს�ღებების გ�მ�ყენებ� დ�გრ�ვების ფ�ილის გ�ს��ხლებლ�დ.\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:80
+#, c-format
+msgid ""
+"Usage: kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-kv mkeyVNO]\n"
+"\t        [-M mkeyname] [-m] [-sf stashfilename] [-P password]\n"
+"\t        [-x db_args]* cmd [cmd_options]\n"
+"\tcreate  [-s]\n"
+"\tdestroy [-f]\n"
+"\tstash   [-f keyfile]\n"
+"\tdump    [-b7|-r13|-r18] [-verbose]\n"
+"\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
+"\t        [-rev] [-recurse] [filename [princs...]]\n"
+"\tload    [-b7|-r13|-r18] [-hash] [-verbose] [-update] filename\n"
+"\tark     [-e etype_list] principal\n"
+"\tadd_mkey [-e etype] [-s]\n"
+"\tuse_mkey kvno [time]\n"
+"\tlist_mkeys\n"
+msgstr ""
+"გ�მ�ყენებ�: kdb5_util [-r რე�ლმი] [-d ბ�ზის_ს�ხელი] [-k mkeytype] [-kv "
+"mkeyVNO]\n"
+"\t        [-M mkeyname] [-m] [-sf შეს�გრ�ვებელიფ�ილი] [-P პ�რ�ლი]\n"
+"\t        [-x ბ�ზის_პ�რ�მეტრები]* ბრძნბ [ბრძ�ნების_პ�რ�მეტრები]\n"
+"\tcreate  [-s]\n"
+"\tdestroy [-f]\n"
+"\tstash   [-f keyfile]\n"
+"\tdump    [-b7|-r13|-r18] [-verbose]\n"
+"\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
+"\t        [-rev] [-recurse] [ფ�ილსი ს�ხელი [პრინციპ�ლები...]]\n"
+"\tload    [-b7|-r13|-r18] [-hash] [-verbose] [-update] ფ�ილის ს�ხელი\n"
+"\tark     [-e etype_list] პრინციპ�ლი\n"
+"\tadd_mkey [-e etype] [-s]\n"
+"\tuse_mkey kvno [დრ�]\n"
+"\tlist_mkeys\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:99
+#, c-format
+msgid ""
+"\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
+"\tpurge_mkeys [-f] [-n] [-v]\n"
+"\ttabdump [-H] [-c] [-e] [-n] [-o outfile] dumptype\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
+"\tpurge_mkeys [-f] [-n] [-v]\n"
+"\ttabdump [-H] [-c] [-e] [-n] [-o outfile] dumptype\n"
+"\n"
+"ს�დ�ც,\n"
+"\t[-x ბ�ზის_�რგუმენტები]* - ბ�ზის �რგუმენტების ნებისმიერი რ��დენ�ბ�\n"
+"\t\t\tმ�რდ�ჭერილი �რგუმენტების ს�ნ�ხ�ვ�დ მიმ�რთეთ ბ�ზის დ�კუმენტ�ცი�ს\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:215
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:264
+msgid "while initializing Kerberos code"
+msgstr "kerberos-ის კ�დის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:221
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:271
+msgid "while creating sub-command arguments"
+msgstr "ქვებრძ�ნების �რგუმენტის შექმნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:239
+msgid "while parsing command arguments"
+msgstr "ბრძ�ნების �რგუმენტების დ�მუშ�ვების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:245
+#: ../../src/kadmin/dbutil/kdb5_util.c:252
+msgid "while parsing command arguments\n"
+msgstr "ბრძ�ნების �რგუმენტების დ�მუშ�ვების�ს\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:263
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:295
+msgid "while setting default realm name"
+msgstr "ნ�გულისხმები რე�ლმის ს�ხელის დ�ყენების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:302
+#, c-format
+msgid ": %s is an invalid enctype"
+msgstr ": %s �რ�სწ�რი enctype-�"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:276
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:311
+#, c-format
+msgid ": %s is an invalid mkeyVNO"
+msgstr ": %s �რ�სწ�რი mkeyVNO -ი�"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:319
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:435
+msgid "while retrieving configuration parameters"
+msgstr "კ�ნფიგურ�ციის პ�რ�მეტრების მიღების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:378
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:849
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1457
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:568
+msgid "while initializing database"
+msgstr "ბ�ზის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:395
+msgid "while retrieving master entry"
+msgstr "მთ�ვ�რი ჩ�ნ�წერის მიღების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:414
+msgid "while calculated master key salt"
+msgstr "მთ�ვ�რი გ�ს�ღების მ�რილის გ�მ�თვლის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:446
+msgid "Warning: proceeding without master key"
+msgstr "გ�ფრთხილებ�: ვ�გრძელებ მთ�ვ�რი გ�ს�ღების გ�რეშე"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:464
+msgid "while seeding random number generator"
+msgstr "შემთხვევითი რიცხვების გენერ�ტ�რის თესლის გ�დ�ცემის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:474
+#, c-format
+msgid "%s: Could not map log\n"
+msgstr "%s: ჟურნ�ლის მიბმის შეც�მ�\n"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:503
+msgid "while closing database"
+msgstr "ბ�ზის დ�ხურვის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:550
+#, c-format
+msgid "while fetching principal %s"
+msgstr "პრინციპ�ლის (%s) გ�მ�თხ�ვის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:573
+msgid "while finding mkey"
+msgstr "mkey-ის ძებნის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:598
+msgid "while setting changetime"
+msgstr "changetime-ის დ�ყენების�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:606
+#, c-format
+msgid "while saving principal %s"
+msgstr "პრინციპ�ლის (%s) შენ�ხვის�ს"
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:610
+#, c-format
+msgid "%s changed\n"
+msgstr "%s შეიცვ�ლ�\n"
+
+#: ../../src/kadmin/dbutil/tabdump.c:573
+#, c-format
+msgid "opening %s for writing"
+msgstr "%s-ის ჩ�ს�წერ�დ გ�ხსნ�"
+
+#: ../../src/kadmin/dbutil/tabdump.c:655
+msgid "performing tabular dump"
+msgstr "მიმდინ�რე�ბს ტ�ბულ�რული დ�მპი"
+
+#: ../../src/kadmin/ktutil/ktutil.c:73
+#, c-format
+msgid "%s: invalid arguments\n"
+msgstr "%s: �რ�სწ�რი �რგუმენტები\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:78
+msgid "while freeing ktlist"
+msgstr "ktlist-ის გ�თ�ვისუფლების�ს"
+
+#: ../../src/kadmin/ktutil/ktutil.c:89
+#, c-format
+msgid "%s: must specify keytab to read\n"
+msgstr "%s: წ�ს�კითხი keytab -ის მითითებ� �უცილებელი�\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:94
+#, c-format
+msgid "while reading keytab \"%s\""
+msgstr "keytab-ის (%s) კითხვის�ს"
+
+#: ../../src/kadmin/ktutil/ktutil.c:101
+#, c-format
+msgid "%s: reading srvtabs is no longer supported\n"
+msgstr "%s: srvtabs -ების წ�კითხვ� მხ�რდ�ჭერილი �ღ�რ��\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:112
+#, c-format
+msgid "%s: must specify keytab to write\n"
+msgstr "%s: ჩ�ს�წერი keytab -ის მითითებ� �უცილებელი�\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:117
+#, c-format
+msgid "while writing keytab \"%s\""
+msgstr "keytab-ის \"%s\" ჩ�წერის�ს"
+
+#: ../../src/kadmin/ktutil/ktutil.c:124
+#, c-format
+msgid "%s: writing srvtabs is no longer supported\n"
+msgstr "%s: srvtabs -ების ჩ�წერ� მხ�რდ�ჭერილი �ღ�რ��\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:171
+#, c-format
+msgid ""
+"usage: %s (-key | -password) -p principal -k kvno [-e enctype] [-f|-s salt]\n"
+msgstr ""
+"გ�მ�ყენებ�: %s (-key | -პ�რ�ლი) -p პრინციპ�ლი -k kvno [-e enctype] [-f|-s "
+"მ�რილი]\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:176
+#, c-format
+msgid "enctype must be specified if not using -f\n"
+msgstr "თუ -f -ს �რ იყენებთ, enctype-ის მითითებ� �უცილებელი�\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:183
+msgid "while adding new entry"
+msgstr "�ხ�ლი ჩ�ნ�წერის დ�მ�ტების�ს"
+
+#: ../../src/kadmin/ktutil/ktutil.c:193
+#, c-format
+msgid "%s: must specify entry to delete\n"
+msgstr "%s: წ�ს�შლელი ჩ�ნ�წერის მითითებ� �უცილებელი�\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:198
+#, c-format
+msgid "while deleting entry %d"
+msgstr "%d ჩ�ნ�წერის წ�შლის�ს"
+
+#: ../../src/kadmin/ktutil/ktutil.c:226
+#, c-format
+msgid "%s: usage: %s [-t] [-k] [-e]\n"
+msgstr "%s: გ�მ�ყენებ�: %s [-t] [-k] [-e]\n"
+
+#: ../../src/kadmin/ktutil/ktutil.c:265
+msgid "While converting enctype to string"
+msgstr "Enctype-ის სტრიქ�ნ�დ გ�რდ�ქმნის�ს"
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:196
+#, c-format
+msgid "Password for %.1000s"
+msgstr "პ�რ�ლი %.1000s"
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:214
+#, c-format
+msgid "Key for %s (hex): "
+msgstr "გ�ს�ღები %s -სთვის (თექვსმეტ�ბითი): "
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:226
+#, c-format
+msgid "addent: Error reading key.\n"
+msgstr "addent: გ�ს�ღების წ�კითხვის შეცდ�მ�.\n"
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:234
+#, c-format
+msgid "addent: Illegal character in key.\n"
+msgstr "addent: გ�ს�ღები დ�უშვებელ სიმბ�ლ�ს შეიც�ვს.\n"
+
+#: ../../src/kadmin/server/auth_acl.c:240
+#, c-format
+msgid "%s: invalid restrictions: %s"
+msgstr "%s: �რ�სწ�რი შეზღუდვ�: %s"
+
+#: ../../src/kadmin/server/auth_acl.c:288
+#, c-format
+msgid "Unrecognized ACL operation '%c' in %s"
+msgstr "ACL -ის უცნ�ბი �პერ�ცი�'%c' -ი %s-ში"
+
+#: ../../src/kadmin/server/auth_acl.c:296
+#, c-format
+msgid "Cannot parse client principal '%s'"
+msgstr "კლიენტის პრინციპ�ლის (%s) დ�მუშ�ვების შეცდ�მ�"
+
+#: ../../src/kadmin/server/auth_acl.c:304
+#, c-format
+msgid "Cannot parse target principal '%s'"
+msgstr "ს�მიზნის პრინციპ�ლის (%s) დ�მუშ�ვების შეცდ�მ�"
+
+#: ../../src/kadmin/server/auth_acl.c:400
+#, c-format
+msgid "%s while opening ACL file %s"
+msgstr "%s ACL ფ�ილის (%s) გ�ხსნის�ს"
+
+#: ../../src/kadmin/server/auth_acl.c:403
+#, c-format
+msgid "Cannot open %s: %s"
+msgstr "%s-ის გ�ხსნის შეცდ�მ�: %s"
+
+#: ../../src/kadmin/server/auth_acl.c:419
+#: ../../src/kadmin/server/auth_acl.c:422
+#, c-format
+msgid "%s: syntax error at line %d <%.10s...>"
+msgstr "%s: სინტ�ქსის შეცდ�მ� ხ�ზზე %d <%.10s...>"
+
+#: ../../src/kadmin/server/ipropd_svc.c:49
+#, c-format
+msgid "Unauthorized request: %s, client=%s, service=%s, addr=%s"
+msgstr "�რ��ვტ�რიზებული მ�თხ�ვნ�: %s, კლიენტი=%s, სერვისი=%s, მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:50
+#: ../../src/kadmin/server/ipropd_svc.c:224
+#, c-format
+msgid "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
+msgstr "მ�თხ�ვნ�: %s, %s, %s, კლიენტი=%s, სერვისი=%s, მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:164
+#: ../../src/kadmin/server/ipropd_svc.c:281
+#, c-format
+msgid "%s: server handle is NULL"
+msgstr "%s: სერვერის დ�მმუშ�ვებელი ნულ�ვ�ნი�"
+
+#: ../../src/kadmin/server/ipropd_svc.c:174
+#: ../../src/kadmin/server/ipropd_svc.c:294
+#, c-format
+msgid "%s: setup_gss_names failed"
+msgstr "%s: setup_gss_names -ის შეცდ�მ�"
+
+#: ../../src/kadmin/server/ipropd_svc.c:182
+#: ../../src/kadmin/server/ipropd_svc.c:303
+#, c-format
+msgid "%s: out of memory recording principal names"
+msgstr "%s: �რ�ს�კმ�რისი მეხსიერებ� პრინციპ�ლის ს�ხელების ჩ�წერის�ს"
+
+#: ../../src/kadmin/server/ipropd_svc.c:207
+#, c-format
+msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=%lu"
+msgstr "%s; შემ�მ�ვ�ლი SerialNo=%lu; გ�მ�ვ�ლი SerialNo=%lu"
+
+#: ../../src/kadmin/server/ipropd_svc.c:213
+#, c-format
+msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=N/A"
+msgstr "%s; შემ�მ�ვ�ლი SerialNo=%lu; გ�მ�ვ�ლი SerialNo=N/A"
+
+#: ../../src/kadmin/server/ipropd_svc.c:324
+#, c-format
+msgid "%s: getclhoststr failed"
+msgstr "%s: getclhoststr -ის შეცდ�მ�"
+
+#: ../../src/kadmin/server/ipropd_svc.c:346
+#, c-format
+msgid "%s: cannot construct kdb5 util dump string too long; out of memory"
+msgstr ""
+"%s kdb5 პრ�გრ�მის დ�მპის სტრიქ�ნის �გების შეცდ�მ�: ის ძ�ლი�ნ დიდი�: "
+"�რ�ს�კმ�რისი მეხსიერებ�"
+
+#: ../../src/kadmin/server/ipropd_svc.c:366
+#, c-format
+msgid "%s: fork failed: %s"
+msgstr "%s: გ�ნტ�ტვის შეცდ�მ�: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:378
+#, c-format
+msgid "%s: popen failed: %s"
+msgstr "%s: popen -ის შეცდ�მ�: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:392
+#, c-format
+msgid "%s: pclose(popen) failed: %s"
+msgstr "%s: pclose(popen) -ის შეცდ�მ�: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:412
+#, c-format
+msgid "%s: exec failed: %s"
+msgstr "%s: შესრულების შეცდ�მ�: %s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:428
+#, c-format
+msgid "Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"
+msgstr ""
+"მ�თხ�ვნ�: %s, გ�ჩენილი რესინქრ�ნიზ�ციის პრ�ცესი %d, კლიენტი=%s, სერვისი=%s, "
+"მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:490
+#: ../../src/kadmin/server/kadm_rpc_svc.c:299
+#, c-format
+msgid "check_rpcsec_auth: failed inquire_context, stat=%u"
+msgstr "check_rpcsec_auth: inquire_context-ის შეცდ�მ�, სტ�ტ=%u"
+
+#: ../../src/kadmin/server/ipropd_svc.c:520
+#: ../../src/kadmin/server/kadm_rpc_svc.c:328
+#, c-format
+msgid "bad service principal %.*s%s"
+msgstr "�რ�სწ�რი სერვისის პრინციპ�ლი %.*s%s"
+
+#: ../../src/kadmin/server/ipropd_svc.c:543
+#, c-format
+msgid "authentication attempt failed: %s, RPC authentication flavor %d"
+msgstr "�ვთენტიკ�ციის მცდელ�ბ� წ�რუმ�ტებელი�: %s RPC �ვთენტიკ�ციის ტიპი %d"
+
+#: ../../src/kadmin/server/ipropd_svc.c:577
+#, c-format
+msgid "RPC unknown request: %d (%s)"
+msgstr "RPC უცნ�ბი მ�თხ�ვნ�: %d (%s)"
+
+#: ../../src/kadmin/server/ipropd_svc.c:585
+#, c-format
+msgid "RPC svc_getargs failed (%s)"
+msgstr "RPC svc_getargs -ის შეცდ�მ� (%s)"
+
+#: ../../src/kadmin/server/ipropd_svc.c:595
+#, c-format
+msgid "RPC svc_sendreply failed (%s)"
+msgstr "RPC svc_sendreply -ის შეცდ�მ� (%s)"
+
+#: ../../src/kadmin/server/ipropd_svc.c:601
+#, c-format
+msgid "RPC svc_freeargs failed (%s)"
+msgstr "RPC svc_freeargs -ის შეცდ�მ� (%s)"
+
+#: ../../src/kadmin/server/kadm_rpc_svc.c:349
+#, c-format
+msgid "gss_to_krb5_name: failed display_name status %d"
+msgstr "gss_to_krb5_name: display_name -ის �რ�სწ�რი სტ�ტუსი%d"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:82
+#, c-format
+msgid ""
+"Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] [-port port-number]\n"
+"\t\t[-proponly] [-p path-to-kdb5_util] [-F dump-file]\n"
+"\t\t[-K path-to-kprop] [-k kprop-port] [-P pid_file]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+"გ�მ�ყენებ�: kadmind [-x ბ�ზის_�რგუმენტები]* [-r რე�ლმი] [-m] [-nofork] [-"
+"port პ�რტის-ნ�მერი]\n"
+"\t\t[-proponly] [-p ბილიკი kdb5_util-მდე] [-F დ�მპის_ფ�ილი]\n"
+"\t\t[-K ბილიკი-kprop-მდე] [-k kprop-ის-პ�რტი] [-P pid_ფ�ილი]\n"
+"\n"
+"ს�დ�ც,\n"
+"\t[-x ბ�ზის_�რგუმენტები]* - ბ�ზის �რგუმენტების ნებისმიერი რ��დენ�ბ�.\n"
+"\t\t\tთით�ეული ბ�ზის მიერ მხ�რდ�ჭერილი �რგუმენტების ს�ნ�ხ�ვ�დ იხილეთ მ�თი "
+"დ�კუმენტ�ცი� \n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:106
+#, c-format
+msgid "%s: %s while %s, aborting\n"
+msgstr "%s: %s-ი %s-ს�ს, �ვ�რიული დ�ს�სრული\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:108
+#, c-format
+msgid "%s while %s, aborting\n"
+msgstr "%s-ი %s-ს�ს, �ვ�რიული დ�ს�სრული\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:110
+#, c-format
+msgid "%s: %s, aborting\n"
+msgstr "%s: %s, �ვ�რიული დ�ს�სრული\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:111
+#, c-format
+msgid "%s, aborting"
+msgstr "%s, �ვ�რიული დ�ს�სრული"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:278
+#, c-format
+msgid ""
+"WARNING! Forged/garbled request: %s, claimed client = %.*s%s, server = %.*s"
+"%s, addr = %s"
+msgstr ""
+"გ�ფრთხილებ�! ყ�ლბი/შექმნილი მ�თხ�ვნ�: %s, ნ�მტკიცები კლიენტი = %.*s%s, "
+"სერვერი = %.*s%s, მის�მ�რთი = %s"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:284
+#, c-format
+msgid ""
+"WARNING! Forged/garbled request: %d, claimed client = %.*s%s, server = %.*s"
+"%s, addr = %s"
+msgstr ""
+"გ�ფრთხილებ�! ყ�ლბი/შექმნილი მ�თხ�ვნ�: %d, ნ�მტკიცები კლიენტი = %.*s%s, "
+"სერვერი = %.*s%s, მის�მ�რთი = %s"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:298
+#, c-format
+msgid "Miscellaneous RPC error: %s, %s"
+msgstr "სხვ�დ�სხვ� RPC შეცდ�მ�: %s, %s"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:314
+#, c-format
+msgid "%s Cannot decode status %d"
+msgstr "%s სტ�ტუსის გ�შიფვრ� შეუძლებელი� %d"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:332
+#, c-format
+msgid "Authentication attempt failed: %s, GSS-API error strings are:"
+msgstr ""
+"�ვთენტიკ�ციის მცდელ�ბ� წ�რუმ�ტებელი�: %s, GSS-API-ის შეცდ�მის სტრიქ�ნები�:"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:337
+msgid "   GSS-API error strings complete."
+msgstr "   GSS-API -ის შეცდ�მის სრული სტრიქ�ნები."
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:375
+#, c-format
+msgid "%s: cannot initialize. Not enough memory\n"
+msgstr "%s: ინიცი�ლიზ�ციის შეცდ�მ�. �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:443
+#, c-format
+msgid "%s: %s while initializing context, aborting\n"
+msgstr "%s: %s კ�ნტექსტის ინიცი�ლიზ�ციის�ს. ს�მუშ��ს დ�სრულებ�\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:454
+#: ../../src/kadmin/server/ovsec_kadmd.c:523
+msgid "initializing"
+msgstr "ინიცი�ლიზ�ცი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:458
+msgid "getting config parameters"
+msgstr "კ�ნფიგურ�ციის პ�რ�მეტრების მიღებ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:460
+msgid "Missing required realm configuration"
+msgstr "�კლი� რე�ლმის კ�ნფიგურ�ციის ს�ჭირ� პ�რ�მეტრები"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:462
+msgid "Missing required ACL file configuration"
+msgstr "�კლი� ACL ფ�ილის �უცილებელი კ�ნფიგურ�ცი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:464
+msgid "-proponly can only be used when iprop_enable is true"
+msgstr ""
+"-proponly -ის გ�მ�ყენებ� მხ�ლ�დ მ�შინ შეგიძლი�თ, რ�ც� iprop_enable ჭეშმ�რიტი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:470
+msgid "initializing network"
+msgstr "ქსელის ინიცი�ლიზ�ცი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:475
+msgid "Cannot build GSSAPI auth names"
+msgstr "GSSAPI-ის �ვთენტიკ�ციის ს�ხელების �გებ� შეუძლებელი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:479
+msgid "Cannot set up KDB keytab"
+msgstr "KDB Keytab-ის მ�რგების შეცდ�მ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:482
+msgid "Cannot set GSSAPI authentication names"
+msgstr "GSSAPI-ის �ვთენტიკ�ციის ს�ხელების დ�ყენებ� შეუძლებელი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:499
+msgid "Cannot initialize GSSAPI service name"
+msgstr "GSSAPI-ის სერვისის ს�ხელის ინიცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:504
+msgid "initializing ACL file"
+msgstr "acl ფ�ილის ინიცი�ლიზ�ცი�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:512
+msgid "spawning daemon process"
+msgstr "დემ�ნის პრ�ცესის გ�შვებ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:516
+msgid "creating PID file"
+msgstr "pid ფ�ილის შექმნ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:530
+msgid "mapping update log"
+msgstr "გ�ნ�ხლების ჟურნ�ლის მიბმ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:534
+#, c-format
+msgid "%s: create IPROP svc (PROG=%d, VERS=%d)\n"
+msgstr "%s: IPROP სერვისის შექმნ� (პრ�გ=%d, ვერს=%d)\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:542
+msgid "starting"
+msgstr "გ�შვებ�"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:544 ../../src/kdc/main.c:1040
+#, c-format
+msgid "%s: starting...\n"
+msgstr "%s: გ�შვებ�...\n"
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:547
+msgid "finished, exiting"
+msgstr "დ�ს�სრული. გ�ვდივ�რ"
+
+#: ../../src/kadmin/server/schpw.c:273
+#, c-format
+msgid "setpw request from %s by %.*s%s for %.*s%s: %s"
+msgstr "setpw მ�თხ�ვნ� %s-ი %.*s%s-სგ�ნ %.*s%s: %s-სთვის"
+
+#: ../../src/kadmin/server/schpw.c:278
+#, c-format
+msgid "chpw request from %s for %.*s%s: %s"
+msgstr "chpw მ�თხ�ვნ� %s-ი %.*s%s: %s-სთვის"
+
+#: ../../src/kadmin/server/schpw.c:446
+#, c-format
+msgid "chpw: Couldn't open admin keytab %s"
+msgstr "chpw: �დმინის keytab-ის გ�ხსნის შეცდ�მ� %s"
+
+#: ../../src/kadmin/server/server_stubs.c:396
+#, c-format
+msgid ""
+"Unauthorized request: %s, %.*s%s, client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr ""
+"�რ��ვტ�რიზებული მ�თხ�ვნ�: %s, %.*s%s, კლიენტი=%.*s%s, სერვისი=%.*s%s, "
+"მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:417
+#: ../../src/kadmin/server/server_stubs.c:695
+#: ../../src/kadmin/server/server_stubs.c:1570
+msgid "success"
+msgstr "წ�რმ�ტებ�"
+
+#: ../../src/kadmin/server/server_stubs.c:427
+#, c-format
+msgid "Request: %s, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr "მ�თხ�ვნ�: %s, %.*s%s, %s, კლიენტი=%.*s%s, სერვისი=%.*s%s, მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:675
+#, c-format
+msgid ""
+"Unauthorized request: kadm5_rename_principal, %.*s%s to %.*s%s, client=%.*s"
+"%s, service=%.*s%s, addr=%s"
+msgstr ""
+"�რ��ვტ�რიზებული მ�თხ�ვნ�: kadm5_rename_principal, %.*s%s to %.*s%s, კლიენტი="
+"%.*s%s, სერვისი=%.*s%s, მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:690
+#, c-format
+msgid ""
+"Request: kadm5_rename_principal, %.*s%s to %.*s%s, %s, client=%.*s%s, "
+"service=%.*s%s, addr=%s"
+msgstr ""
+"მ�თხ�ვნ�: kadm5_rename_principal, %.*s%s to %.*s%s, %s, კლიენტი=%.*s%s, "
+"სერვისი=%.*s%s, მის�მ�რთი=%s"
+
+#: ../../src/kadmin/server/server_stubs.c:1566
+#, c-format
+msgid ""
+"Request: kadm5_init, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s, "
+"vers=%d, flavor=%d"
+msgstr ""
+"მ�თხ�ვნ�: kadm5_init, %.*s%s, %s, კლიენტი=%.*s%s, სერვისი=%.*s%s, მის�მ�რთი="
+"%s, vers=%d, ტიპი=%d"
+
+#: ../../src/kdc/do_as_req.c:277
+#, c-format
+msgid "AS_REQ : handle_authdata (%d)"
+msgstr "AS_REQ : handle_authdata (%d)"
+
+#: ../../src/kdc/do_tgs_req.c:581
+msgid "not checking transit path"
+msgstr "ტრ�ნზიტის ბილიკი �რ შემ�წმდებ�"
+
+#: ../../src/kdc/do_tgs_req.c:598
+#, c-format
+msgid "TGS_REQ : handle_authdata (%d)"
+msgstr "TGS_REQ : handle_authdata (%d)"
+
+#: ../../src/kdc/fast_util.c:56
+#, c-format
+msgid "%s while handling ap-request armor"
+msgstr "%s ap-request -ის ჯ�ვშნის დ�მუშ�ვების�ს"
+
+#: ../../src/kdc/fast_util.c:65
+msgid "ap-request armor for something other than the local TGS"
+msgstr "ap-request -ის ჯ�ვშ�ნი რ�მისთვის, TGS-ის გ�რდ�"
+
+#: ../../src/kdc/fast_util.c:74
+msgid "ap-request armor without subkey"
+msgstr "ap-request -ის ჯ�ვშ�ნი subkey-ის გ�რეშე"
+
+#: ../../src/kdc/fast_util.c:162
+msgid "Ap-request armor not permitted with TGS"
+msgstr "Ap-request -ის ჯ�ვშ�ნი ნებ�დ�ურთველი� TGS-თ�ნ ერთ�დ"
+
+#: ../../src/kdc/fast_util.c:169
+#, c-format
+msgid "Unknown FAST armor type %d"
+msgstr "უცნ�ბი FAST ჯ�ვშნის ტიპი %d"
+
+#: ../../src/kdc/fast_util.c:183
+msgid "No armor key but FAST armored request present"
+msgstr "ჯ�ვშნის გ�ს�ღები �რ �რსებ�ბს, მ�გრ�მ FAST დ�ჯ�ვშნული მ�თხ�ვნ� - კი"
+
+#: ../../src/kdc/fast_util.c:218
+msgid "FAST req_checksum invalid; request modified"
+msgstr "FAST req_checksum �რ�სწ�რი�. მ�თხ�ვნ� შეიცვ�ლ�"
+
+#: ../../src/kdc/fast_util.c:224
+msgid "Unkeyed checksum used in fast_req"
+msgstr "Fast_req-ში გ�მ�ყენებული ს�კ�ნტრ�ლ� ჯ�მი გ�ს�ღების გ�რეშე�"
+
+#: ../../src/kdc/kdc_audit.c:110
+#, c-format
+msgid "audit plugin %s failed to open. error=%i"
+msgstr "�უდიტის დ�მ�ტების %s გ�ხსნ� შეუძლებელი�. შეცდ�მ�=%i"
+
+#: ../../src/kdc/kdc_authdata.c:78
+#, c-format
+msgid "while loading authdata module %s"
+msgstr "authdata მ�დულის (%s) ჩ�ტვირთვის�ს"
+
+#: ../../src/kdc/kdc_log.c:83
+#, c-format
+msgid "AS_REQ (%s) %s: ISSUE: authtime %u, %s, %s for %s"
+msgstr "AS_REQ (%s) %s: პრ�ბლემ�: authtime %u, %s, %s-ი %s-სთვის"
+
+#: ../../src/kdc/kdc_log.c:91
+#, c-format
+msgid "AS_REQ (%s) %s: %s: %s for %s%s%s"
+msgstr "AS_REQ (%s) %s: %s: %s-ი %s%s%s-თვის"
+
+#: ../../src/kdc/kdc_log.c:153
+#, c-format
+msgid "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s for %s%s%s"
+msgstr "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s -ი %s%s%s-თვის"
+
+#: ../../src/kdc/kdc_log.c:162
+#, c-format
+msgid "... PROTOCOL-TRANSITION s4u-client=%s"
+msgstr "... PROTOCOL-TRANSITION s4u-client=%s"
+
+#: ../../src/kdc/kdc_log.c:166
+#, c-format
+msgid "... CONSTRAINED-DELEGATION s4u-client=%s"
+msgstr "... CONSTRAINED-DELEGATION s4u-client=%s"
+
+#: ../../src/kdc/kdc_log.c:170
+#, c-format
+msgid "TGS_REQ %s: %s: authtime %u, %s for %s, 2nd tkt client %s"
+msgstr "TGS_REQ %s: %s: authtime %u, %s for %s, მე�რე ბილეთის კლიენტი %s"
+
+#: ../../src/kdc/kdc_log.c:203
+#, c-format
+msgid "bad realm transit path from '%s' to '%s' via '%.*s%s'"
+msgstr "�რ�სწ�რი რე�ლმის გ�დ�ცემის ბილიკი '%s'-დ�ნ '%s'-მდე '%.*s%s'-ის გ�ვლით"
+
+#: ../../src/kdc/kdc_log.c:209
+#, c-format
+msgid "unexpected error checking transit from '%s' to '%s' via '%.*s%s': %s"
+msgstr ""
+"შეცდ�მ� გ�დ�ცემის შემ�წმების�ს: '%s' -ი '%s' -მდე '%.*s%s': %s-ის გ�ვლით"
+
+#: ../../src/kdc/kdc_log.c:227
+msgid "TGS_REQ: issuing alternate <un-unparsable> TGT"
+msgstr "TGS_REQ: გ�მ�იცემ� �ლტერნ�ტიული <დ�უმუშ�ვებლ�დი> TGT"
+
+#: ../../src/kdc/kdc_log.c:230
+#, c-format
+msgid "TGS_REQ: issuing TGT %s"
+msgstr "TGS_REQ: გ�მ�ცემ�: TGT %s"
+
+#: ../../src/kdc/kdc_preauth.c:215
+#, c-format
+msgid "preauth %s failed to initialize: %s"
+msgstr "პრე�ვტ�რიზ�ციის (%s) ინიცი�ლიზ�ციის შეცდ�მ�: %s"
+
+#: ../../src/kdc/kdc_preauth.c:226
+#, c-format
+msgid "preauth %s failed to setup loop: %s"
+msgstr "პრე�ვტ�რიზ�ციის (%s) შეცდ�მ� მ�რყუჟის �წყ�ბის�ს: %s"
+
+#: ../../src/kdc/kdc_preauth.c:903
+#, c-format
+msgid "%spreauth required but hint list is empty"
+msgstr "%sპრე�ვტ�რიზ�ცი� �უცილებელი�, მ�გრ�მ მითითებების სი� ც�რიელი�"
+
+#: ../../src/kdc/kdc_preauth_ec.c:74
+msgid "Encrypted Challenge used outside of FAST tunnel"
+msgstr "დ�შიფრული გ�მ�წვევ� FAST გვირ�ბის გ�რეთ გ�მ�იყენებ�"
+
+#: ../../src/kdc/kdc_preauth_ec.c:117
+msgid "Incorrect password in encrypted challenge"
+msgstr "დ�შიფრული გ�მ�წვევის �რ�სწ�რი პ�რ�ლი"
+
+#: ../../src/kdc/kdc_util.c:182
+msgid "TGS_REQ: SESSION KEY or MUTUAL"
+msgstr "TGS_REQ: SESSION KEY �ნ MUTUAL"
+
+#: ../../src/kdc/kdc_util.c:380
+#, c-format
+msgid "TGS_REQ: UNKNOWN SERVER: server='%s'"
+msgstr "TGS_REQ: უცნ�ბი სერვერი: სერვერი='%s'"
+
+#: ../../src/kdc/kdc_util.c:842
+#, c-format
+msgid "Required auth indicators not present in ticket: %s"
+msgstr "�ვთენტიკ�ციის �უცილებელი ინდიკ�ტ�რები �რ �რსებ�ბს ბილეთში: %s"
+
+#: ../../src/kdc/main.c:225
+#, c-format
+msgid "Requested master password enctype %s in %s is DEPRECATED!\n"
+msgstr "მ�თხ�ვნილი მთ�ვ�რი პ�რ�ლის დ�შიფვრის ტიპი %s-ი %s-ში მ�ძველებული�!\n"
+
+#: ../../src/kdc/main.c:241
+#, c-format
+msgid "while getting context for realm %s"
+msgstr "რე�ლმისთვისთვის (%s) შემცველ�ბის მიღების�ს"
+
+#: ../../src/kdc/main.c:348
+#, c-format
+msgid "while setting default realm to %s"
+msgstr "ნ�გულისხმები რე�ლმის %s-ზე დ�ყენების�ს"
+
+#: ../../src/kdc/main.c:356
+#, c-format
+msgid "while initializing database for realm %s"
+msgstr "რე�ლმისთვის (%s) ბ�ზის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kdc/main.c:365
+#, c-format
+msgid "while setting up master key name %s for realm %s"
+msgstr "მთ�ვ�რი გ�ს�ღების ს�ხელის (%s) რე�ლმისთვის (%s) მ�რგების�ს"
+
+#: ../../src/kdc/main.c:378
+#, c-format
+msgid "while fetching master key %s for realm %s"
+msgstr "მთ�ვ�რი გ�ს�ღების (%s) რე�ლმისთვის (%s) გ�მ�თხ�ვის�ს"
+
+#: ../../src/kdc/main.c:387
+#, c-format
+msgid "Stash file %s uses DEPRECATED enctype %s!\n"
+msgstr "Stash ფ�ილი %s მ�ძველებულ enctype %s-ს იყენებს!\n"
+
+#: ../../src/kdc/main.c:394
+#, c-format
+msgid "while fetching master keys list for realm %s"
+msgstr "რე�ლმისთვის (%s) მთ�ვ�რი გ�ს�ღებების სიის მიღების�ს"
+
+#: ../../src/kdc/main.c:403
+#, c-format
+msgid "while resolving kdb keytab for realm %s"
+msgstr "რე�ლმისთვის (%s) kdb keytab-ის �მ�ხსნის�ს"
+
+#: ../../src/kdc/main.c:412
+#, c-format
+msgid "while building TGS name for realm %s"
+msgstr "რე�ლმისტვის (%s) TGS -ის ს�ხელის �გების�ს"
+
+#: ../../src/kdc/main.c:502
+#, c-format
+msgid "creating %d worker processes"
+msgstr "%d დ�მხმ�რე პრ�ცესის შექმნ�"
+
+#: ../../src/kdc/main.c:512
+msgid "Unable to reinitialize main loop"
+msgstr "მთ�ვ�რი მ�რყუჟის თ�ვიდ�ნ ინიცი�ლიზ�ცი� შეუძლებელი�"
+
+#: ../../src/kdc/main.c:517
+#, c-format
+msgid "Unable to initialize signal handlers in pid %d"
+msgstr "PID-ში %d სიგნ�ლების დ�მმუშ�ვებლის ინიცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../../src/kdc/main.c:547
+#, c-format
+msgid "worker %ld exited with status %d"
+msgstr "დ�მხმ�რე პრ�ცესმ� %ld მუშ��ბ� სტ�ტუსით %d დ��სრულ�"
+
+#: ../../src/kdc/main.c:571
+#, c-format
+msgid "signal %d received in supervisor"
+msgstr "სიგნ�ლი %d მიღებული� სუპერვ�იზ�რში"
+
+#: ../../src/kdc/main.c:583
+#, c-format
+msgid ""
+"usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n"
+"\t\t[-T time_offset] [-m] [-k masterenctype]\n"
+"\t\t[-M masterkeyname] [-p port] [-P pid_file]\n"
+"\t\t[-n] [-w numworkers] [/]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - Any number of database specific arguments.\n"
+"\t\t\tLook at each database module documentation for \t\t\tsupported "
+"arguments\n"
+msgstr ""
+"გ�მ�ყენებ�: %s [-x ბ�ზის_�რგუმენტები]* [-d ბ�ზისბილიკისს�ხელი] [-r "
+"ბ�ზისნ�მდვილის�ხელი]\n"
+"\t\t[-T დრ�ის_წ�ნ�ცვლებ�] [-m] [-k მთ�ვ�რიდ�შიფვრისტიპი]\n"
+"\t\t[-M მთ�ვ�რიგ�ს�ღებისს�ხელი] [-p პ�რტი] [-P pid_ფ�ილი]\n"
+"\t\t[-n] [-w დ�მხმ_პრ�ცეს_რ��დენ�ბ�] [/]\n"
+"\n"
+"ს�დ�ც,\n"
+"\t[-x ბ�ზის_�რგუმენტები]* - ბ�ზის �რგუმენტების ნებისმიერი რ��დენ�ბ�\n"
+"\t\t\tმხ�რდ�ჭერილი �რგუმენტების სიისთვის \t\t\tბ�ზის დ�კუმენტ�ცი�ს მიმ�რთეთ\n"
+
+#: ../../src/kdc/main.c:658 ../../src/kdc/main.c:665 ../../src/kdc/main.c:780
+#, c-format
+msgid " KDC cannot initialize. Not enough memory\n"
+msgstr " KDC-ის ინიცი�ლიზ�ციის შეცდ�მ�. �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kdc/main.c:684 ../../src/kdc/main.c:727 ../../src/kdc/main.c:738
+#, c-format
+msgid "%s: KDC cannot initialize. Not enough memory\n"
+msgstr "%s: KDC-ის ინიცი�ლიზ�ციის შეცდ�მ�. �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kdc/main.c:704 ../../src/kdc/main.c:817
+#, c-format
+msgid "%s: cannot initialize realm %s - see log file for details\n"
+msgstr ""
+"%s: რე�ლმის %s ინიცი�ლიზ�ცი� შეუძლებელი�- დეტ�ლებისთვის იხილეთ ჟურნ�ლის "
+"ფ�ილი\n"
+
+#: ../../src/kdc/main.c:715
+#, c-format
+msgid "%s: cannot initialize realm %s. Not enough memory\n"
+msgstr "%s: რე�ლმის (%s) ინიცი�ლიზ�ციის შეცდ�მ�. �რ�ს�კმ�რისი მეხსიერებ�\n"
+
+#: ../../src/kdc/main.c:766
+#, c-format
+msgid "invalid enctype %s"
+msgstr "�რ�სწ�რი enctype %s"
+
+#: ../../src/kdc/main.c:805
+msgid "while attempting to retrieve default realm"
+msgstr "ნ�გულისხმები რე�ლმის მიღების მცდელ�ბის�ს"
+
+#: ../../src/kdc/main.c:807
+#, c-format
+msgid "%s: %s, attempting to retrieve default realm\n"
+msgstr "%s: %s, ნ�გულისხმები რე�ლმის მიღების მცდელ�ბ�\n"
+
+#: ../../src/kdc/main.c:915
+#, c-format
+msgid "%s: cannot get memory for realm list\n"
+msgstr "%s: რე�ლმის სიისთვის მეხსიერების მიღების შეცდ�მ�\n"
+
+#: ../../src/kdc/main.c:950
+msgid "while initializing lookaside cache"
+msgstr "გვერდზე გ�ხედვის ქეშის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kdc/main.c:958
+msgid "while creating main loop"
+msgstr "მთ�ვ�რი მ�რყუჟის შექმნის�ს"
+
+#: ../../src/kdc/main.c:967
+msgid "while loading KDC policy plugin"
+msgstr "kdc-ის პ�ლიტიკის დ�მ�ტების ჩ�ტვირთვის�ს"
+
+#: ../../src/kdc/main.c:992
+msgid "while initializing signal handlers"
+msgstr "სიგნ�ლის დ�მმუშ�ვებლების ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kdc/main.c:1000
+msgid "while initializing network"
+msgstr "ქსელის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kdc/main.c:1010
+msgid "while detaching from tty"
+msgstr "tty-დ�ნ მ�ხსნის�ს"
+
+#: ../../src/kdc/main.c:1016
+msgid "while creating PID file"
+msgstr "pid ფ�ილის შექმნის�ს"
+
+#: ../../src/kdc/main.c:1024
+msgid "creating worker processes"
+msgstr "მიმდინ�რე�ბს დ�მხმ�რე პრ�ცესების შექმნ�"
+
+#: ../../src/kdc/main.c:1034
+msgid "while loading audit plugin module(s)"
+msgstr "�უდიტის დ�მ�ტების მ�დულების ჩ�ტვირთვის�ს"
+
+#: ../../src/kdc/main.c:1038
+msgid "commencing operation"
+msgstr "�პერ�ციის დ�ს�წყისი"
+
+#: ../../src/kdc/main.c:1046
+msgid "shutting down"
+msgstr "მიმდინ�რე�ბს გ�მ�რთვ�"
+
+#: ../../src/kdc/policy.c:230
+#, c-format
+msgid "while loading policy module %s"
+msgstr "პ�ლიტიკის მ�დულის (%s) ჩ�ტვირთვის�ს"
+
+#: ../../src/kprop/kprop.c:85
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s keytab] replica_host\n"
+"\n"
+msgstr ""
+"\n"
+"გ�მ�ყენებ�: %s [-r რე�ლმი] [-f ფ�ილი] [-d] [-P პ�რტი] [-s keytab] "
+"რეპლიკის_ჰ�სტი\n"
+"\n"
+
+#: ../../src/kprop/kprop.c:115
+#, c-format
+msgid "Database propagation to %s: SUCCEEDED\n"
+msgstr "ბ�ზის %s-მდე გ�ვრცელებ�: წ�რმ�ტებული�\n"
+
+#: ../../src/kprop/kprop.c:176
+msgid "while setting client principal name"
+msgstr "კლიენტის პრინციპ�ლის ს�ხელის დ�ყენების�ს"
+
+#: ../../src/kprop/kprop.c:185
+msgid "while setting server principal name"
+msgstr "სერვერის პრინციპ�ლის ს�ხელის დ�ყენების�ს"
+
+#: ../../src/kprop/kprop.c:198
+msgid "while resolving keytab"
+msgstr "keytab-ის �მ�ხსნის�ს"
+
+#: ../../src/kprop/kprop.c:206
+msgid "while getting initial credentials\n"
+msgstr "ს�წყისი �ვტ�რიზ�ციის დეტ�ლების მიღების�ს\n"
+
+#: ../../src/kprop/kprop.c:242
+msgid "while creating socket"
+msgstr "ს�კეტის შეერთების�ს"
+
+#: ../../src/kprop/kprop.c:262
+msgid "while connecting to server"
+msgstr "სერვერთ�ნ მიერთების�ს"
+
+#: ../../src/kprop/kprop.c:269 ../../src/kprop/kpropd.c:1195
+msgid "while getting local socket address"
+msgstr "ლ�კ�ლური ს�კეტის მის�მ�რთის მიღების�ს"
+
+#: ../../src/kprop/kprop.c:274
+msgid "while converting local address"
+msgstr "ლ�კ�ლური მის�მ�რთის გ�რდ�ქმნის�ს"
+
+#: ../../src/kprop/kprop.c:296
+msgid "in krb5_auth_con_setaddrs"
+msgstr "krb5_auth_con_setaddrs-ში"
+
+#: ../../src/kprop/kprop.c:304
+msgid "while authenticating to server"
+msgstr "სერვერთ�ნ �ვთენტიკ�ციის�ს"
+
+#: ../../src/kprop/kprop.c:308 ../../src/kprop/kprop.c:506
+#: ../../src/kprop/kpropd.c:1515
+#, c-format
+msgid "Generic remote error: %s\n"
+msgstr "ზ�გ�დი დ�შ�რებული შეცდ�მ�: %s\n"
+
+#: ../../src/kprop/kprop.c:314 ../../src/kprop/kprop.c:512
+msgid "signalled from server"
+msgstr "სიგნ�ლი სერვერიდ�ნ"
+
+#: ../../src/kprop/kprop.c:316 ../../src/kprop/kprop.c:514
+#, c-format
+msgid "Error text from server: %s\n"
+msgstr "შეცდ�მის ტექსტი სერვერიდ�ნ: %s\n"
+
+#: ../../src/kprop/kprop.c:344
+#, c-format
+msgid "allocating database file name '%s'"
+msgstr "ბ�ზის ფ�ილის ს�ხელის ('%s') გ�მ�ყ�ფ�"
+
+#: ../../src/kprop/kprop.c:350
+#, c-format
+msgid "while trying to open %s"
+msgstr "%s-ის გ�ხსნის მცდელ�ბის�ს"
+
+#: ../../src/kprop/kprop.c:357
+msgid "database locked"
+msgstr "ბ�ზ� დ�ბლ�კილი�"
+
+#: ../../src/kprop/kprop.c:360 ../../src/kprop/kpropd.c:552
+#, c-format
+msgid "while trying to lock '%s'"
+msgstr "'%s'-ის დ�ბლ�კვის�ს"
+
+#: ../../src/kprop/kprop.c:364 ../../src/kprop/kprop.c:372
+#, c-format
+msgid "while trying to stat %s"
+msgstr "%s-ის �ღმ�ჩენის მცდელ�ბის�ს"
+
+#: ../../src/kprop/kprop.c:368
+msgid "while trying to malloc data_ok_fn"
+msgstr "data_ok_fn-ის malloc-ის მცდელ�ბი�ს"
+
+#: ../../src/kprop/kprop.c:377
+#, c-format
+msgid "'%s' more recent than '%s'."
+msgstr "'%s' უფრ� �ხ�ლი�, ვიდრე '%s'."
+
+#: ../../src/kprop/kprop.c:393
+#, c-format
+msgid "while unlocking database '%s'"
+msgstr "ბ�ზის ('%s') გ�ნბლ�კვის�ს"
+
+#: ../../src/kprop/kprop.c:425 ../../src/kprop/kprop.c:426
+msgid "while encoding database size"
+msgstr "ბ�ზის ზ�მის დ�შიფვრის�ს"
+
+#: ../../src/kprop/kprop.c:434
+msgid "while sending database size"
+msgstr "ბ�ზის ზ�მის გ�გზ�ვნის�ს"
+
+#: ../../src/kprop/kprop.c:444
+msgid "while allocating i_vector"
+msgstr "i_vector-ის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kprop/kprop.c:467
+#, c-format
+msgid "while sending database block starting at %<PRIu64>"
+msgstr "ბ�ზის ბლ�კის, რ�მელიც %<PRIu64>-ზე იწყებ�, გ�გზ�ვნის�ს"
+
+#: ../../src/kprop/kprop.c:477
+msgid "Premature EOF found for database file!"
+msgstr "ბ�ზის ფ�ილში �ღმ�ჩენილი� ნ��დრევი EOF!"
+
+#: ../../src/kprop/kprop.c:490
+msgid "while reading response from server"
+msgstr "შეცდ�მ� სერვერის პ�სუხის წ�კიხვის�ს"
+
+#: ../../src/kprop/kprop.c:501
+msgid "while decoding error response from server"
+msgstr "სერვერის შეცდ�მის შეტყ�ბინების დეკ�დირების�ს"
+
+#: ../../src/kprop/kprop.c:531
+msgid "malformed sent database size message"
+msgstr "�რ�სწ�რ�დ გ�გზ�ვნილი ბ�ზის ზ�მის შეტყ�ბინებ�"
+
+#: ../../src/kprop/kprop.c:535
+#, c-format
+msgid "Kpropd sent database size %<PRIu64>, expecting %<PRIu64>"
+msgstr "Kpropd გ�გზ�ვნილი ბ�ზის ზ�მ� %<PRIu64>, მ�ველ�დი %<PRIu64>"
+
+#: ../../src/kprop/kprop.c:581
+msgid "while allocating filename for update_last_prop_file"
+msgstr "update_last_prop_file-სთვის ფ�ილის ს�ხელის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kprop/kprop.c:586
+#, c-format
+msgid "while creating 'last_prop' file, '%s'"
+msgstr "'last_prop' ფ�ილის შექმნის�ს, '%s'"
+
+#: ../../src/kprop/kpropd.c:171
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-s keytab] [-d] [-D] [-S]\n"
+"\t[-f replica_file] [-F kerberos_db_file ]\n"
+"\t[-p kdb5_util_pathname] [-x db_args]* [-P port]\n"
+"\t[-a acl_file] [-A admin_server] [--pid-file=pid_file]\n"
+msgstr ""
+"\n"
+"გ�მ�ყენებ�: %s [-r რე�ლმი] [-s keytab] [-d] [-D] [-S]\n"
+"\t[-f რეპლიკის_ფ�ილი] [-F kerberos_ის_ბ�ზის_ფ�ილი ]\n"
+"\t[-p kdb5_პრ�გრ�მის_ბილიკი] [-x ბ�ზის_�რგუმენტები]* [-P პ�რტი]\n"
+"\t[-a acl_ფ�ილი] [-A �დმინ_სერვერი] [--pid-file=pid_ფ�ილი]\n"
+
+#: ../../src/kprop/kpropd.c:231
+#, c-format
+msgid "Killing fullprop child (%d)\n"
+msgstr "Fullprop შვილის მ�კვლ� (%d)\n"
+
+#: ../../src/kprop/kpropd.c:260
+msgid "while checking if stdin is a socket"
+msgstr "შემ�წმების�ს, წ�რმ��დგენს თუ �რ� stdin ს�კეტს"
+
+#: ../../src/kprop/kpropd.c:278
+#, c-format
+msgid "ready\n"
+msgstr "მზ�დ��\n"
+
+#: ../../src/kprop/kpropd.c:284
+#, c-format
+msgid "Could not write pid file %s: %s"
+msgstr "PID ფ�ილში (%s) ჩ�წერის შეცდ�მ�: %s"
+
+#: ../../src/kprop/kpropd.c:296
+#, c-format
+msgid "Could not open /dev/null: %s"
+msgstr "/dev/null-ის გ�სნის შეცდ�მ�: %s"
+
+#: ../../src/kprop/kpropd.c:303
+#, c-format
+msgid "Could not dup the inetd socket: %s"
+msgstr "შეცდ�მ� inetd-ის ს�კეტის გ�ხნის�ს: %s"
+
+#: ../../src/kprop/kpropd.c:338 ../../src/kprop/kpropd.c:351
+msgid "do_iprop failed.\n"
+msgstr "do_iprop -ის შეცდ�მ�.\n"
+
+#: ../../src/kprop/kpropd.c:390
+#, c-format
+msgid "getaddrinfo: %s\n"
+msgstr "getaddrinfo: %s\n"
+
+#: ../../src/kprop/kpropd.c:396
+msgid "while obtaining socket"
+msgstr "ს�კეტის მიღების�ს"
+
+#: ../../src/kprop/kpropd.c:402
+msgid "while setting SO_REUSEADDR option"
+msgstr "პ�რ�მეტრის SO_REUSEADDR დ�ყენების�ს"
+
+#: ../../src/kprop/kpropd.c:410
+msgid "while unsetting IPV6_V6ONLY option"
+msgstr "პ�რ�მეტრის IPV6_V6ONLY დ�ყენების�ს"
+
+#: ../../src/kprop/kpropd.c:415
+msgid "while binding listener socket"
+msgstr "მ�მსმენ ს�კეტთ�ნ მიბმის�ს"
+
+#: ../../src/kprop/kpropd.c:426
+#, c-format
+msgid "waiting for a kprop connection\n"
+msgstr "kprop მიერთების მ�ლ�დინი\n"
+
+#: ../../src/kprop/kpropd.c:432
+msgid "while accepting connection"
+msgstr "შერთების მიღების�ს"
+
+#: ../../src/kprop/kpropd.c:438
+msgid "while forking"
+msgstr "გ�ნტ�ტვის�ს"
+
+#: ../../src/kprop/kpropd.c:453
+#, c-format
+msgid "waitpid() failed to wait for doit() (%d %s)\n"
+msgstr "waitpid() ვერ დ�ელ�დ� doit()-ს (%d %s)\n"
+
+#: ../../src/kprop/kpropd.c:457
+msgid "while waiting to receive database"
+msgstr "ბ�ზის მიღების მ�ლ�დინის�ს"
+
+#: ../../src/kprop/kpropd.c:461
+#, c-format
+msgid "Database load process for full propagation completed.\n"
+msgstr "ბ�ზის ჩ�ტვირთვის პრ�ცესი სრულ�დ გ�ვრცელებისთვის დ�სრულებული�.\n"
+
+#: ../../src/kprop/kpropd.c:499
+#, c-format
+msgid ""
+"%s: Standard input does not appear to be a network socket.\n"
+"\t(Not run from inetd, and missing the -S option?)\n"
+msgstr ""
+"%s: სტ�ნდ�რტული შეყვ�ნ� ქსელის ს�კეტს �რ წ��გ�ვს.\n"
+"\t(�რ�� გ�შვებული inetd-დ�ნ დ� �კლი� -S პ�რ�მეტრი?)\n"
+
+#: ../../src/kprop/kpropd.c:512
+msgid "while attempting setsockopt (SO_KEEPALIVE)"
+msgstr "setsockopt (SO_KEEPALIVE)-ის მცდელ�ბის�ს"
+
+#: ../../src/kprop/kpropd.c:517
+#, c-format
+msgid "Connection from %s"
+msgstr "შეერთებ� %s -დ�ნ"
+
+#: ../../src/kprop/kpropd.c:537
+#, c-format
+msgid "Rejected connection from unauthorized principal %s\n"
+msgstr "მიერთებ� უ�რყ�ფილი� �რ��ვტ�რიზებული პრინციპ�ლისთვის %s\n"
+
+#: ../../src/kprop/kpropd.c:541
+#, c-format
+msgid "Rejected connection from unauthorized principal %s"
+msgstr "მიერთებ� უ�რყ�ფილი� �რ��ვტ�რიზებული პრინციპ�ლისთვის %s"
+
+#: ../../src/kprop/kpropd.c:558
+#, c-format
+msgid "while opening database file, '%s'"
+msgstr "ბ�ზის ფ�ილის, '%s', გ�ხსნის�ს"
+
+#: ../../src/kprop/kpropd.c:564
+#, c-format
+msgid "while renaming %s to %s"
+msgstr "ს�ხელის \"%s\"-დ�ნ \"%s\"-მდე გ�დ�რქმევის�ს"
+
+#: ../../src/kprop/kpropd.c:570
+#, c-format
+msgid "while downgrading lock on '%s'"
+msgstr "'%s'-ზე ბლ�კის დ�ქვეითების�ს"
+
+#: ../../src/kprop/kpropd.c:577
+#, c-format
+msgid "while unlocking '%s'"
+msgstr "'%s'-ის გ�ნბლ�კვის�ს"
+
+#: ../../src/kprop/kpropd.c:589
+msgid "while sending # of received bytes"
+msgstr "მიღებული ბ�იტების #-ის გ�გზ�ვნის�ს"
+
+#: ../../src/kprop/kpropd.c:595
+msgid "while trying to close database file"
+msgstr "ბ�ზის ფ�ილის დ�ხურვის მცდელ�ბის�ს"
+
+#: ../../src/kprop/kpropd.c:650
+#, c-format
+msgid "Incremental propagation enabled\n"
+msgstr "ინკრემენტული გ�ვრცელებ� ჩ�რთული�\n"
+
+#: ../../src/kprop/kpropd.c:659
+#, c-format
+msgid "%s: unable to get kiprop host based service name for realm %s\n"
+msgstr ""
+"%s: რე�ლმისთვის (%s) kipropz-ის ჰ�სტზე ბ�ზირებული სერვისის ს�ხელის მიღების "
+"შეცდ�მ�\n"
+
+#: ../../src/kprop/kpropd.c:669
+msgid "while trying to construct host service principal"
+msgstr "ჰ�სტის სერვისის პრინციპ�ლის �შენების მცდელ�ბის�ს"
+
+#: ../../src/kprop/kpropd.c:686
+#, c-format
+msgid "Initializing kadm5 as client %s\n"
+msgstr "Kadm5-ის, რ�გ�რც %s კლიენტის ინიცი�ლიზ�ცი�\n"
+
+#: ../../src/kprop/kpropd.c:700
+#, c-format
+msgid "kadm5 initialization failed!\n"
+msgstr "kadm5 -ის ინიცი�ლიზ�ციის შეცდ�მ�!\n"
+
+#: ../../src/kprop/kpropd.c:709
+msgid "while attempting to connect to primary KDC ... retrying"
+msgstr "ძირით�დ KDC-სთ�ნ მიერთების მცდელ�ბის�ს ... თ�ვიდ�ნ ცდ�"
+
+#: ../../src/kprop/kpropd.c:713
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n"
+msgstr "%d -წ�მი�ნი ძილი kadm5-ის რეინიცი�ლიზ�ციისთვის (RPC-ის შეცდ�მ�)\n"
+
+#: ../../src/kprop/kpropd.c:729
+#, c-format
+msgid "while initializing %s interface, retrying"
+msgstr "%s ინტერფეისის ინიცი�ლიზ�ციის�ს. თ�ვიდ�ნ ცდ�"
+
+#: ../../src/kprop/kpropd.c:733
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n"
+msgstr ""
+"%d -წ�მი�ნი ძილი kadm5-ის რეინიცი�ლიზ�ციისთვის (გ�შვებული� თუ �რ� krb4kdc?)\n"
+
+#: ../../src/kprop/kpropd.c:743
+#, c-format
+msgid "kadm5 initialization succeeded\n"
+msgstr "kadm5 -ის ინიცი�ლიზ�ცი� წ�რმ�ტებული�\n"
+
+#: ../../src/kprop/kpropd.c:765
+msgid "reading update log header"
+msgstr "გ�ნ�ხლების ჟურნ�ლის თ�ვს�რთის წ�კთხვ�"
+
+#: ../../src/kprop/kpropd.c:776
+#, c-format
+msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n"
+msgstr ""
+"მიმდინ�რე�ბს iprop_get_updates_1-ის გ�მ�ძ�ხებ� (sno=%u sec=%u usec=%u)\n"
+
+#: ../../src/kprop/kpropd.c:786
+msgid "iprop_get_updates call failed"
+msgstr "iprop_get_updates -ის გ�მ�ძ�ხების შეცდ�მ�"
+
+#: ../../src/kprop/kpropd.c:792
+#, c-format
+msgid "Reinitializing iprop because get updates failed\n"
+msgstr ""
+"გ�ნ�ხლებების მიღების შეცდ�მის გ�მ� მიმდინ�რე�ბს iprop-ის რეინიცი�ლიზ�ცი�\n"
+
+#: ../../src/kprop/kpropd.c:813
+#, c-format
+msgid "Still waiting for full resync\n"
+msgstr "სრულ რესინქრ�ნიზ�ცი�ს ჯერ კიდევ ველ�დები\n"
+
+#: ../../src/kprop/kpropd.c:818
+#, c-format
+msgid "Full resync needed\n"
+msgstr "ს�ჭირ�� სრული რესინქრ�ნიზ�ცი�\n"
+
+#: ../../src/kprop/kpropd.c:819
+msgid "kpropd: Full resync needed."
+msgstr "kpropd: ს�ჭირ�� სრული რესინქრ�ნიზ�ცი�."
+
+#: ../../src/kprop/kpropd.c:824
+msgid "iprop_full_resync call failed"
+msgstr "iprop_full_resync -ის გ�მ�ძ�ხების შეცდ�მ�"
+
+#: ../../src/kprop/kpropd.c:835
+#, c-format
+msgid "Full resync request granted\n"
+msgstr "სრული ხელ�ხ�ლი სინქრ�ნიზ�ციის მ�თხ�ვნ� დ�კმ�ყ�ფილებული�\n"
+
+#: ../../src/kprop/kpropd.c:836
+msgid "Full resync request granted."
+msgstr "სრული ხელ�ხ�ლი სინქრ�ნიზ�ციის მ�თხ�ვნ� დ�კმ�ყ�ფილებული�."
+
+#: ../../src/kprop/kpropd.c:845
+#, c-format
+msgid "Exponential backoff\n"
+msgstr "ექსპ�ნენტური დ�ბრუნებ�\n"
+
+#: ../../src/kprop/kpropd.c:851
+#, c-format
+msgid "Full resync permission denied\n"
+msgstr "სრული რესინქრ�ნიზ�ციის წვდ�მ� �კრძ�ლული�\n"
+
+#: ../../src/kprop/kpropd.c:852
+msgid "Full resync, permission denied."
+msgstr "სრული რესინქრ�ნიზ�ცი�, წვდ�მ� �კრძ�ლული�."
+
+#: ../../src/kprop/kpropd.c:857
+#, c-format
+msgid "Full resync error from primary\n"
+msgstr ""
+"სრული რესინქრ�ნიზ�ციის შეცდ�მ� ძირით�დიდ�ნ\n"
+"\n"
+
+#: ../../src/kprop/kpropd.c:858
+msgid " Full resync, error returned from primary KDC."
+msgstr " სრული რესინქრ�ნიზ�ცი�, ძირით�დმ� KDC-მ� შეცდ�მ� დ��ბრუნ�."
+
+#: ../../src/kprop/kpropd.c:866
+#, c-format
+msgid "Full resync invalid result from primary\n"
+msgstr "სრული რექსინქრ�ნიზ�ცი�. �რ�სწ�რი პ�სუხი ძირით�დიდ�ნ\n"
+
+#: ../../src/kprop/kpropd.c:868
+msgid "Full resync, invalid return from primary KDC."
+msgstr "სრული რესინქრ�ნიზ�ცი�. �რ�სწ�რი პ�სუხი ძირით�დი KDC-დ�ნ."
+
+#: ../../src/kprop/kpropd.c:884
+#, c-format
+msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n"
+msgstr "მიღებული� ინკრემენტული გ�ნ�ხლებები (sno=%u sec=%u usec=%u)\n"
+
+#: ../../src/kprop/kpropd.c:896
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered\n"
+msgstr "ulog_replay -ის შეცდ�მ� (%s), გ�ნ�ხლებები �რ დ�რეგისტრირებულ�\n"
+
+#: ../../src/kprop/kpropd.c:899
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered."
+msgstr "ulog_replay -ის შეცდ�მ� (%s), გ�ნ�ხლებები �რ დ�რეგისტრირებულ�."
+
+#: ../../src/kprop/kpropd.c:908
+#, c-format
+msgid "Incremental updates: %d updates / %lu us"
+msgstr "ინკრემენტული გ�ნ�ხლებები: %d გ�ნ�ხლებ� / %lu მწმ"
+
+#: ../../src/kprop/kpropd.c:911
+#, c-format
+msgid "Incremental updates: %d updates / %lu us\n"
+msgstr "ინკრემენტული გ�ნ�ხლებები: %d გ�ნ�ხლებ� / %lu მწმ\n"
+
+#: ../../src/kprop/kpropd.c:919
+#, c-format
+msgid "get_updates permission denied\n"
+msgstr "get_updates წვდ�მ� �კრძ�ლული�\n"
+
+#: ../../src/kprop/kpropd.c:920
+msgid "get_updates, permission denied."
+msgstr "get_updates წვდ�მ� �კრძ�ლული�."
+
+#: ../../src/kprop/kpropd.c:925
+#, c-format
+msgid "get_updates error from primary\n"
+msgstr "get_updates შეცდ�მ� ძირით�დიდ�ნ\n"
+
+#: ../../src/kprop/kpropd.c:927
+msgid "get_updates, error returned from primary KDC."
+msgstr "get_updates, ძირით�დმ� KDC-მ� შეცდ�მ� დ��ბრუნ�."
+
+#: ../../src/kprop/kpropd.c:935
+#, c-format
+msgid "get_updates primary busy; backoff\n"
+msgstr "get_updates მთ�ვ�რიდ �კ�ვებული�; დ�ბრუნებ�\n"
+
+#: ../../src/kprop/kpropd.c:944
+#, c-format
+msgid "KDC is synchronized with primary.\n"
+msgstr "KDC სინქრ�ნიზებული� ძირით�დთ�ნ.\n"
+
+#: ../../src/kprop/kpropd.c:953
+#, c-format
+msgid "get_updates invalid result from primary\n"
+msgstr "get_updates �რ�სწ�რი პ�სუხი ძირით�დიდ�ნ\n"
+
+#: ../../src/kprop/kpropd.c:956
+msgid "get_updates, invalid return from primary KDC."
+msgstr "get_updates, �რ�სწ�რი პ�სუხი ძირით�დი KDC -დ�ნ."
+
+#: ../../src/kprop/kpropd.c:971
+#, c-format
+msgid "Busy signal received from primary, backoff for %d secs\n"
+msgstr "მთ�ვ�რიდ�ნ მიღებული� დ�კ�ვებულ�ბის სიგნ�ლი. დ�ბრუნებ� %d წ�მით\n"
+
+#: ../../src/kprop/kpropd.c:978
+#, c-format
+msgid "Waiting for %d seconds before checking for updates again\n"
+msgstr "%d წ�მის მ�ლ�დინი გ�ნ�ხლებების თ�ვის შემ�წმებ�მდე\n"
+
+#: ../../src/kprop/kpropd.c:989
+#, c-format
+msgid "ERROR returned by primary, bailing\n"
+msgstr "მთ�ვ�რმ� შეცდ�მ� დ��ბრუნ�, დ�ნებებ�\n"
+
+#: ../../src/kprop/kpropd.c:990
+msgid "ERROR returned by primary KDC, bailing.\n"
+msgstr "მთ�ვ�რმ� KDC-მ� შეცდ�მ� დ��ბრუნ�. დ�ნებებ�.\n"
+
+#: ../../src/kprop/kpropd.c:1108
+msgid "copying db args"
+msgstr "ბ�ზის �რგუმენტების კ�პირებ�"
+
+#: ../../src/kprop/kpropd.c:1133
+msgid "Unable to get default realm"
+msgstr "ნ�გულისხმები რე�ლმის მიღების შეცდ�მ�"
+
+#: ../../src/kprop/kpropd.c:1140
+msgid "Unable to set default realm"
+msgstr "ნ�გულისხმები რე�ლმის დ�ყენების შეცდ�მ�"
+
+#: ../../src/kprop/kpropd.c:1150
+msgid "while trying to construct my service name"
+msgstr "ჩემი სერვისის ს�ხელის �წყ�ბის მცდელ�ბის�ს"
+
+#: ../../src/kprop/kpropd.c:1157
+msgid "while allocating filename for temp file"
+msgstr "დრ�ებითი ფ�ილის ს�ხელის გ�მ�ყ�ფის�ს"
+
+#: ../../src/kprop/kpropd.c:1165
+msgid "while initializing"
+msgstr "ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kprop/kpropd.c:1173
+msgid "Unable to map log!\n"
+msgstr "ჟურნ�ლის მიბმის შეცდ�მ�!\n"
+
+#: ../../src/kprop/kpropd.c:1215
+#, c-format
+msgid "Error in krb5_auth_con_ini: %s"
+msgstr "შეცდ�მ� krb5_auth_con_ini-ში: %s"
+
+#: ../../src/kprop/kpropd.c:1223
+#, c-format
+msgid "Error in krb5_auth_con_setflags: %s"
+msgstr "შეცდ�მ� krb5_auth_con_setflags-ში: %s"
+
+#: ../../src/kprop/kpropd.c:1236
+#, c-format
+msgid "Error in krb5_auth_con_setaddrs: %s"
+msgstr "შეცდ�მ� krb5_auth_con_setaddrs-ში: %s"
+
+#: ../../src/kprop/kpropd.c:1244
+#, c-format
+msgid "Error in krb5_kt_resolve: %s"
+msgstr "შეცდ�მ� krb5_kt_resolve-ში: %s"
+
+#: ../../src/kprop/kpropd.c:1253
+#, c-format
+msgid "Error in krb5_recvauth: %s"
+msgstr "შეცდ�მ� krb5_recvauth -ში: %s"
+
+#: ../../src/kprop/kpropd.c:1260
+#, c-format
+msgid "Error in krb5_copy_prinicpal: %s"
+msgstr "შეცდ�მ� krb5_copy_prinicpal-ში: %s"
+
+#: ../../src/kprop/kpropd.c:1277
+msgid "while unparsing ticket etype"
+msgstr "ბილეთის etype-ის დ�მუშ�ვების გ�უქმების�ს"
+
+#: ../../src/kprop/kpropd.c:1281
+#, c-format
+msgid "authenticated client: %s (etype == %s)\n"
+msgstr "კლიენტი �ვტ�რიზებული�: %s (etype == %s)\n"
+
+#: ../../src/kprop/kpropd.c:1361
+msgid "while reading size of database from client"
+msgstr "კლიენტიდ�ნ ბ�ზის ზ�მის კითხვის�ს"
+
+#: ../../src/kprop/kpropd.c:1371
+msgid "while decoding database size from client"
+msgstr "კლიენტიდ�ნ ბ�ზის ზ�მის დეკ�დირების�ს"
+
+#: ../../src/kprop/kpropd.c:1379
+msgid "malformed database size message from client"
+msgstr "კლიენტიდ�ნ მიღებული ბ�ზის ზ�მის შეტყ�ბინებ� �რ�სწ�რი�"
+
+#: ../../src/kprop/kpropd.c:1391
+msgid "while initializing i_vector"
+msgstr "i_vector-ის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/kprop/kpropd.c:1396
+#, c-format
+msgid "Full propagation transfer started.\n"
+msgstr "სრული გ�ვრცელების გ�დ�ცემ� დ�წყებული�.\n"
+
+#: ../../src/kprop/kpropd.c:1450
+#, c-format
+msgid "Full propagation transfer finished.\n"
+msgstr "სრული გ�ვრცელების გ�დ�ცემ� დ�სრულდ�.\n"
+
+#: ../../src/kprop/kpropd.c:1510
+msgid "while decoding error packet from client"
+msgstr "კლიენტიდ�ნ მიღებული შეცდ�მის პ�კეტის დეკ�დირების�ს"
+
+#: ../../src/kprop/kpropd.c:1519
+msgid "signaled from server"
+msgstr "სიგნ�ლი სერვერიდ�ნ"
+
+#: ../../src/kprop/kpropd.c:1521
+#, c-format
+msgid "Error text from client: %s\n"
+msgstr "შეცდ�მის ტექსტი კლიენტიდ�ნ: %s\n"
+
+#: ../../src/kprop/kpropd.c:1570
+#, c-format
+msgid "while trying to fork %s"
+msgstr "%s-ის გ�ნტ�ტვის�ს"
+
+#: ../../src/kprop/kpropd.c:1574
+#, c-format
+msgid "while trying to exec %s"
+msgstr "%s-ის exec-ის მცდელ�ბის�ს"
+
+#: ../../src/kprop/kpropd.c:1581
+#, c-format
+msgid "while waiting for %s"
+msgstr "%s-ის მ�ლ�დინის�ს"
+
+#: ../../src/kprop/kpropd.c:1587
+#, c-format
+msgid "%s load terminated"
+msgstr "%s-ის ჩ�ტვირთვ� შეწყვეტილი�"
+
+#: ../../src/kprop/kpropd.c:1593
+#, c-format
+msgid "%s returned a bad exit status (%d)"
+msgstr "%s -მ� გ�სვლის �რ�სწ�რი სტ�ტუსი დ��ბრუნ� (%d)"
+
+#: ../../src/kprop/kproplog.c:29
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-h] [-v] [-v] [-e num]\n"
+"\t%s -R\n"
+"\n"
+msgstr ""
+"\n"
+"გ�მ�ყენებ�: %s [-h] [-v] [-v] [-e რიცხვი]\n"
+"\t%s -R\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:112
+#, c-format
+msgid ""
+"\n"
+"Couldn't allocate memory"
+msgstr ""
+"\n"
+"მეხსიერების გ�მ�ყ�ფის შეცდ�მ�"
+
+#: ../../src/kprop/kproplog.c:206
+#, c-format
+msgid "\t\tAttribute flags\n"
+msgstr "\t\t�ტრიბუტის �ლმები\n"
+
+#: ../../src/kprop/kproplog.c:211
+#, c-format
+msgid "\t\tMaximum ticket life\n"
+msgstr "\t\tბილეთის მ�ქსიმ�ლური სიც�ცხლე\n"
+
+#: ../../src/kprop/kproplog.c:216
+#, c-format
+msgid "\t\tMaximum renewable life\n"
+msgstr "\t\tმ�ქსიმ�ლური გ�ნ�ხლებ�დი სიც�ცხლე\n"
+
+#: ../../src/kprop/kproplog.c:221
+#, c-format
+msgid "\t\tPrincipal expiration\n"
+msgstr "\t\tპრინციპ�ლის ვ�დ�\n"
+
+#: ../../src/kprop/kproplog.c:226
+#, c-format
+msgid "\t\tPassword expiration\n"
+msgstr "\t\tპ�რ�ლის ვ�დ�\n"
+
+#: ../../src/kprop/kproplog.c:231
+#, c-format
+msgid "\t\tLast successful auth\n"
+msgstr "\t\tბ�ლ� წ�რმ�ტებული �ვთენტიკ�ცი�\n"
+
+#: ../../src/kprop/kproplog.c:236
+#, c-format
+msgid "\t\tLast failed auth\n"
+msgstr "\t\tბ�ლ� წ�რუმ�ტებელი �ვთენტიკ�ცი�\n"
+
+#: ../../src/kprop/kproplog.c:241
+#, c-format
+msgid "\t\tFailed passwd attempt\n"
+msgstr "\t\tწ�რუმ�ტებელი პ�რ�ლის მცდელ�ბ�\n"
+
+#: ../../src/kprop/kproplog.c:246
+#, c-format
+msgid "\t\tPrincipal\n"
+msgstr "\t\tპრინციპ�ლი\n"
+
+#: ../../src/kprop/kproplog.c:251
+#, c-format
+msgid "\t\tKey data\n"
+msgstr "\t\tგ�ს�ღების შემცველ�ბ�\n"
+
+#: ../../src/kprop/kproplog.c:258
+#, c-format
+msgid "\t\tTL data\n"
+msgstr "\t\tTL -ის მ�ნ�ცემები\n"
+
+#: ../../src/kprop/kproplog.c:265
+#, c-format
+msgid "\t\tLength\n"
+msgstr "\t\tსიგრძე\n"
+
+#: ../../src/kprop/kproplog.c:270
+#, c-format
+msgid "\t\tPassword last changed\n"
+msgstr "\t\tპ�რ�ლი ბ�ლ�ს შეიცვ�ლ�\n"
+
+#: ../../src/kprop/kproplog.c:275
+#, c-format
+msgid "\t\tModifying principal\n"
+msgstr "\t\tპრინციპ�ლის შეცვლ�\n"
+
+#: ../../src/kprop/kproplog.c:280
+#, c-format
+msgid "\t\tModification time\n"
+msgstr "\t\tცვლილების დრ�\n"
+
+#: ../../src/kprop/kproplog.c:285
+#, c-format
+msgid "\t\tModified where\n"
+msgstr "\t\tცვლილების �დგილი\n"
+
+#: ../../src/kprop/kproplog.c:290
+#, c-format
+msgid "\t\tPassword policy\n"
+msgstr "\t\tპ�რ�ლის პ�ლიტიკ�\n"
+
+#: ../../src/kprop/kproplog.c:295
+#, c-format
+msgid "\t\tPassword policy switch\n"
+msgstr "\t\tპ�რ�ლის პ�ლიტიკის გ�დ�რთვ�\n"
+
+#: ../../src/kprop/kproplog.c:300
+#, c-format
+msgid "\t\tPassword history KVNO\n"
+msgstr "\t\tპ�რ�ლის ისტ�რი� KVNO\n"
+
+#: ../../src/kprop/kproplog.c:305
+#, c-format
+msgid "\t\tPassword history\n"
+msgstr "\t\tპ�რ�ლის ისტ�რი�\n"
+
+#: ../../src/kprop/kproplog.c:339
+#, c-format
+msgid ""
+"Corrupt update entry\n"
+"\n"
+msgstr ""
+"დ�ზი�ნებული ჩ�ნ�წერის გ�ნ�ხლებ�\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:344
+#, c-format
+msgid "Update Entry\n"
+msgstr "ჩ�ნ�წერის გ�ნ�ხლებ�\n"
+
+#: ../../src/kprop/kproplog.c:346
+#, c-format
+msgid "\tUpdate serial # : %u\n"
+msgstr "\tსერი�ლის გ�ნ�ხლებ� # : %u\n"
+
+#: ../../src/kprop/kproplog.c:350
+#, c-format
+msgid "\tDummy entry\n"
+msgstr "\tც�რიელი ჩ�ნ�წერი\n"
+
+#: ../../src/kprop/kproplog.c:358
+#, c-format
+msgid ""
+"Entry data decode failure\n"
+"\n"
+msgstr ""
+"ჩ�ნ�წერის მ�ნ�ცემების დეკ�დირების შეცდ�მ�\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:362
+#, c-format
+msgid "\tUpdate operation : "
+msgstr "\t�პერ�ციის გ�ნ�ხლებ� : "
+
+#: ../../src/kprop/kproplog.c:364
+#, c-format
+msgid "Delete\n"
+msgstr "წ�შლ�\n"
+
+#: ../../src/kprop/kproplog.c:366
+#, c-format
+msgid "Add\n"
+msgstr "დ�მ�ტებ�\n"
+
+#: ../../src/kprop/kproplog.c:370
+#, c-format
+msgid ""
+"Could not allocate principal name\n"
+"\n"
+msgstr ""
+"პრინციპ�ლის ს�ხელის გ�მ�ყ�ფის შეცდ�მ�\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:376
+#, c-format
+msgid "\tUpdate principal : %s\n"
+msgstr "\tპრინცი�ლის გ�ნ�ხლებ� : %s\n"
+
+#: ../../src/kprop/kproplog.c:378
+#, c-format
+msgid "\tUpdate size : %u\n"
+msgstr "\tგ�ნ�ხლების ზ�მ� : %u\n"
+
+#: ../../src/kprop/kproplog.c:379
+#, c-format
+msgid "\tUpdate committed : %s\n"
+msgstr "\tგ�ნ�ხლებ� გ�დ�ცემული� : %s\n"
+
+#: ../../src/kprop/kproplog.c:383
+#, c-format
+msgid "\tUpdate time stamp : None\n"
+msgstr "\tგ�ნ�ხლების დრ�ის შტ�მპი : �რცერთი\n"
+
+#: ../../src/kprop/kproplog.c:385
+#, c-format
+msgid "\tUpdate time stamp : %s"
+msgstr "\tგ�ნ�ხლების დრ�ის შტ�მპი : %s"
+
+#: ../../src/kprop/kproplog.c:389
+#, c-format
+msgid "\tAttributes changed : %d\n"
+msgstr "\t�ტრიბუტები შეიცვ�ლ� : %d\n"
+
+#: ../../src/kprop/kproplog.c:462
+#, c-format
+msgid ""
+"Unable to initialize Kerberos\n"
+"\n"
+msgstr ""
+"Kerberos-ის ინიცი�ლიზ�ციის შეცდ�მ�\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:469
+#, c-format
+msgid ""
+"Couldn't read database_name\n"
+"\n"
+msgstr ""
+"შეცდ�მ� database_name-ის წ�კითხვის�ს\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:473
+#, c-format
+msgid ""
+"\n"
+"Kerberos update log (%s)\n"
+msgstr ""
+"\n"
+"Kerberos -ის გ�ნ�ხლების ჟურნ�ლი (%s)\n"
+
+#: ../../src/kprop/kproplog.c:477 ../../src/kprop/kproplog.c:493
+#, c-format
+msgid ""
+"Unable to map log file %s\n"
+"\n"
+msgstr ""
+"ჟურნ�ლის ფ�ილის %s მიბმის შეცდ�მ�\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:482
+#, c-format
+msgid ""
+"Couldn't reinitialize ulog file %s\n"
+"\n"
+msgstr ""
+"შეცდ�მ� ulog ფ�ილის %s რეინიცი�ლიზ�ციის�ს\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:486
+#, c-format
+msgid "Reinitialized the ulog.\n"
+msgstr "Ulog-ის რეინიცი�ლიზ�ცი� წ�რმ�ტებული�.\n"
+
+#: ../../src/kprop/kproplog.c:499
+#, c-format
+msgid ""
+"Corrupt header log, exiting\n"
+"\n"
+msgstr ""
+"ჟურნ�ლის თ�ვს�რთი დ�ზი�ნებული�. გ�სვლ�\n"
+"\n"
+
+#: ../../src/kprop/kproplog.c:503
+#, c-format
+msgid "Update log dump :\n"
+msgstr "გ�ნ�ხლების ჟურნ�ლის დ�მპი :\n"
+
+#: ../../src/kprop/kproplog.c:504
+#, c-format
+msgid "\tLog version # : %u\n"
+msgstr "\tჟურნ�ლის ვერსი� # : %u\n"
+
+#: ../../src/kprop/kproplog.c:505
+#, c-format
+msgid "\tLog state : "
+msgstr "\tჟურნ�ლის მდგ�მ�რე�ბ� : "
+
+#: ../../src/kprop/kproplog.c:508
+#, c-format
+msgid "Stable\n"
+msgstr "სტ�ბილური\n"
+
+#: ../../src/kprop/kproplog.c:511
+#, c-format
+msgid "Unstable\n"
+msgstr "�რ�სტ�ბილური\n"
+
+#: ../../src/kprop/kproplog.c:514
+#, c-format
+msgid "Corrupt\n"
+msgstr "დ�ზი�ნებული\n"
+
+#: ../../src/kprop/kproplog.c:517
+#, c-format
+msgid "Unknown state: %d\n"
+msgstr "უცნ�ბი მდგ�მ�რე�ბ�: %d\n"
+
+#: ../../src/kprop/kproplog.c:520
+#, c-format
+msgid "\tEntry block size : %u\n"
+msgstr "\tჩ�ნ�წერის ბლ�კის ზ�მ� : %u\n"
+
+#: ../../src/kprop/kproplog.c:521
+#, c-format
+msgid "\tNumber of entries : %u\n"
+msgstr "\tჩ�ნ�წერების რ��დენ�ბ� : %u\n"
+
+#: ../../src/kprop/kproplog.c:524
+#, c-format
+msgid "\tLast serial # : None\n"
+msgstr "\tბ�ლ� სერიული # : �რცერთი\n"
+
+#: ../../src/kprop/kproplog.c:527
+#, c-format
+msgid "\tFirst serial # : None\n"
+msgstr "\tპირველი სერიული # : �რცერთი\n"
+
+#: ../../src/kprop/kproplog.c:529
+#, c-format
+msgid "\tFirst serial # : "
+msgstr "\tპირველი სერიული # : "
+
+#: ../../src/kprop/kproplog.c:533
+#, c-format
+msgid "\tLast serial # : "
+msgstr "\tბ�ლ� სერიული # : "
+
+#: ../../src/kprop/kproplog.c:538
+#, c-format
+msgid "\tLast time stamp : None\n"
+msgstr "\tბ�ლ� დრ�ის შტ�მპი : �რცერთი\n"
+
+#: ../../src/kprop/kproplog.c:541
+#, c-format
+msgid "\tFirst time stamp : None\n"
+msgstr "\tპირველი დრ�ის შტ�მპი : �რცერთი\n"
+
+#: ../../src/kprop/kproplog.c:543
+#, c-format
+msgid "\tFirst time stamp : %s"
+msgstr "\tპირველი დრ�ის შტ�მპი : %s"
+
+#: ../../src/kprop/kproplog.c:547
+#, c-format
+msgid "\tLast time stamp : %s\n"
+msgstr "\tბ�ლ� დრ�ის შტ�მპი : %s\n"
+
+#: ../../src/lib/apputils/net-server.c:231
+msgid "Got signal to request exit"
+msgstr "მიღებული� სიგნ�ლი გ�სვლის მ�თხ�ვნისთვის"
+
+#: ../../src/lib/apputils/net-server.c:245
+msgid "Got signal to reset"
+msgstr "მიღებული� სიგნ�ლი ს�წყის მნიშვნელ�ბებზე დ�ს�ბრუნებლ�დ"
+
+#: ../../src/lib/apputils/net-server.c:311
+#, c-format
+msgid "Invalid port %d"
+msgstr "�რ�სწ�რი პ�რტი %d"
+
+#: ../../src/lib/apputils/net-server.c:324
+#, c-format
+msgid "Removing address %s since wildcard address is being added"
+msgstr "მის�მ�რთი %s წ�იშლებ�, რ�დგ�ნ ს�ჭირ�� ვ�ილდკ�რდი მისმ�რთის დ�მ�ტებ�"
+
+#: ../../src/lib/apputils/net-server.c:331
+msgid "Address already added to server"
+msgstr "მის�მ�რთი სერვერზე უკვე დ�მ�ტებული�"
+
+#: ../../src/lib/apputils/net-server.c:494
+#, c-format
+msgid "closing down fd %d"
+msgstr "fd %d-ის დ�ხურვ�"
+
+#: ../../src/lib/apputils/net-server.c:508
+#, c-format
+msgid "descriptor %d closed but still in svc_fdset"
+msgstr "დესკრიპტ�რი %d დ�ხურული�, მ�გრ�მ ჯერ კიდევ svc_fdset -ში�"
+
+#: ../../src/lib/apputils/net-server.c:534
+msgid "cannot create io event"
+msgstr "io მ�ვლენის შექმნის შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:539
+msgid "cannot save event"
+msgstr "მ�ვლენის შენ�ხვის შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:559
+#, c-format
+msgid "file descriptor number %d too high"
+msgstr "ფ�ილის დესკრიპტ�რის ნ�მერი %d ძ�ლი�ნ მ�ღ�ლი�"
+
+#: ../../src/lib/apputils/net-server.c:566
+msgid "cannot allocate storage for connection info"
+msgstr "შეერთების ინფ�რმ�ციისთვის ს�ც�ვის გ�მ�ყ�ფის შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:601
+#, c-format
+msgid "Cannot create TCP server socket on %s"
+msgstr "%s-ზე TCP სერვერის ს�კეტის შექმნ� შეუძლებელი�"
+
+#: ../../src/lib/apputils/net-server.c:610
+#, c-format
+msgid "TCP socket fd number %d (for %s) too high"
+msgstr "TCP ს�კეტის fd -ის ნ�მერი %d (%s-სთვის) ძ�ლი�ნ მ�ღ�ლი�"
+
+#: ../../src/lib/apputils/net-server.c:617
+#, c-format
+msgid "Cannot enable SO_REUSEADDR on fd %d"
+msgstr "SO_REUSEADDR-ის დ�ყენების შეცდ�მ� fd-ზე %d"
+
+#: ../../src/lib/apputils/net-server.c:622
+#, c-format
+msgid "setsockopt(%d,IPV6_V6ONLY,1) failed"
+msgstr "setsockopt(%d,IPV6_V6ONLY,1) -ის შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:625
+#, c-format
+msgid "setsockopt(%d,IPV6_V6ONLY,1) worked"
+msgstr "setsockopt(%d,IPV6_V6ONLY,1) მუშ��ბს"
+
+#: ../../src/lib/apputils/net-server.c:628
+msgid "no IPV6_V6ONLY socket option support"
+msgstr "ს�კეტს IPV6_V6ONLY პ�რ�მეტრის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../../src/lib/apputils/net-server.c:634
+#, c-format
+msgid "Cannot bind server socket on %s"
+msgstr "სერვერის ს�კეტზე მიბმის შეცდ�მ� %s-ზე"
+
+#: ../../src/lib/apputils/net-server.c:704
+#, c-format
+msgid "Setting up %s socket for address %s"
+msgstr "%s ს�კეტის მ�რგებ� მის�მ�რთისთვის %s"
+
+#: ../../src/lib/apputils/net-server.c:717
+#, c-format
+msgid "Cannot listen on %s server socket on %s"
+msgstr "%s სერვერის ს�კეტზე მ�სმენის შეცდ�მ� %s-ზე"
+
+#: ../../src/lib/apputils/net-server.c:726
+#, c-format
+msgid "cannot set listening %s socket on %s non-blocking"
+msgstr "მ�სმენის %s ს�კეტის %s �რ�ბლ�კირებ�დზე დ�ყენების შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:734
+#, c-format
+msgid "cannot set SO_LINGER on %s socket on %s"
+msgstr "%s ს�კეტზე %s-ზე SO_LINGER-ის დ�ყენების შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:741
+#, c-format
+msgid "Setting pktinfo on socket %s"
+msgstr "ს�კეტზე %s pktinfo-ის დ�ყენებ�"
+
+#: ../../src/lib/apputils/net-server.c:746
+#, c-format
+msgid "Cannot request packet info for UDP socket address %s port %d"
+msgstr ""
+"UDP ს�კეტის მის�მ�რთის %s პ�რტის %d პ�კეტის ინფ�რმ�ციის მ�თხ�ვნის შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:748
+msgid ""
+"System does not support pktinfo yet binding to a wildcard address.  Packets "
+"are not guaranteed to return on the received address."
+msgstr ""
+"სისტემ�ს pktinfo-ის ვ�ილდკ�რდ მის�მ�რთზე მიბმის მხ�რდ�ჭერ� �რ გ��ჩნი�.  "
+"გ�რ�ნტი�, რ�მ პ�კეტები მიმღებ მის�მ�რთზე დ�ბრუნდებ�, �რ �რსებ�ბს."
+
+#: ../../src/lib/apputils/net-server.c:760
+msgid "Error attempting to add verto event"
+msgstr "შეცდ�მ� verto მ�ვლენის დ�მ�ტების მცდელ�ბის�ს"
+
+#: ../../src/lib/apputils/net-server.c:769
+#, c-format
+msgid "Cannot create RPC service: %s"
+msgstr "RPC სერვისის შექმნის შეცდ�მ�: %s"
+
+#: ../../src/lib/apputils/net-server.c:779
+#, c-format
+msgid "Cannot register RPC service: %s"
+msgstr "RPC სერვისის რეგისტრ�ციის შეცდ�მ�: %s"
+
+#: ../../src/lib/apputils/net-server.c:823
+msgid "No addresses added to the net server"
+msgstr "Net სერვერზე მის�მ�რთი �რ დ�მ�ტებულ�"
+
+#: ../../src/lib/apputils/net-server.c:842
+#, c-format
+msgid "Failed getting address info (for %s): %s"
+msgstr "%s-სთვის მის�მ�რთის ინფ�რმ�ციის მიღების შეცდ�მ�: %s"
+
+#: ../../src/lib/apputils/net-server.c:872
+#, c-format
+msgid "Failed setting up a %s socket (for %s)"
+msgstr "%s ს�კეტის მ�რგების�ს (%s-სთვის)"
+
+#: ../../src/lib/apputils/net-server.c:913
+msgid "setting up network..."
+msgstr "ქსელის მ�რგებ�..."
+
+#: ../../src/lib/apputils/net-server.c:916
+msgid "Error setting up network"
+msgstr "ქსელის მ�რგების შეცდ�მ�"
+
+#: ../../src/lib/apputils/net-server.c:919
+#, c-format
+msgid "set up %d sockets"
+msgstr "მ�რგებული� %d ს�კეტი"
+
+#: ../../src/lib/apputils/net-server.c:922
+msgid "no sockets set up?"
+msgstr "ს�კეტები ჩ�რთული �რ��?"
+
+#: ../../src/lib/apputils/net-server.c:985
+#: ../../src/lib/apputils/net-server.c:1039
+msgid "while dispatching (udp)"
+msgstr "გ�გზ�ვნის�ს (udp)"
+
+#: ../../src/lib/apputils/net-server.c:1014
+#, c-format
+msgid "while sending reply to %s/%s from %s"
+msgstr "%s/%s -სთვის %s-დ�ნ პ�სუხის გ�გზ�ვნის�ს"
+
+#: ../../src/lib/apputils/net-server.c:1019
+#, c-format
+msgid "short reply write %d vs %d\n"
+msgstr "მ�კლე პ�სუხის ჩ�წერ� %d-ი %d-ის წინ��ღმდეგ\n"
+
+#: ../../src/lib/apputils/net-server.c:1064
+msgid "while receiving from network"
+msgstr "ქსელიდ�ნ მიღების�ს"
+
+#: ../../src/lib/apputils/net-server.c:1107
+msgid "too many connections"
+msgstr "მეტისმეტ�დ ბევრი მიერთებ�"
+
+#: ../../src/lib/apputils/net-server.c:1125
+#, c-format
+msgid "dropping %s fd %d from %s"
+msgstr "%s fd-ის მ�ცილებ� %d-ი %s-დ�ნ"
+
+#: ../../src/lib/apputils/net-server.c:1195
+#, c-format
+msgid "allocating buffer for new TCP session from %s"
+msgstr "%s-დ�ნ მიღებული სესიისთვის ბუფერის გ�მ�ყ�ფ�"
+
+#: ../../src/lib/apputils/net-server.c:1227
+msgid "while dispatching (tcp)"
+msgstr "გ�გზ�ვნის�ს (tcp)"
+
+#: ../../src/lib/apputils/net-server.c:1259
+msgid "error allocating tcp dispatch private!"
+msgstr "tcp გ�ს�გზ�ვნი პირის გ�მ�ყ�ფის შეცდ�მ�!"
+
+#: ../../src/lib/apputils/net-server.c:1306
+#, c-format
+msgid "TCP client %s wants %lu bytes, cap is %lu"
+msgstr "TCP კლიენტს %s სურს %lu ბ�იტი, ზღვ�რი� %lu"
+
+#: ../../src/lib/apputils/net-server.c:1314
+#, c-format
+msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s"
+msgstr "შეცდ�მ� KRB_ERR_FIELD_TOOLONG შეცდ�მის �წყ�ების�ს! %s"
+
+#: ../../src/lib/apputils/net-server.c:1353
+#, c-format
+msgid "getsockname failed: %s"
+msgstr "getsockname -ის შეცდ�მ�: %s"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:43
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:165
+msgid "A required input parameter could not be read"
+msgstr "�უცილებელი შეყვ�ნის პ�რ�მეტრის წ�კითხვ� შეუძლებელი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:44
+msgid "A required input parameter could not be written"
+msgstr "�უცილებელი შეყვ�ნის პ�რ�მეტრის ჩ�წერ� შეუძლებელი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:45
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:175
+msgid "A parameter was malformed"
+msgstr "პ�რ�მეტრი �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:48
+msgid "calling error"
+msgstr "გ�მ�ძ�ხების შეცდ�მ�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:59
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:195
+msgid "An unsupported mechanism was requested"
+msgstr "მ�თხ�ვნილი მექ�ნიზმი მხ�რდ�უჭერელი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:60
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:199
+msgid "An invalid name was supplied"
+msgstr "მიწ�დებული ს�ხელი �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:61
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:203
+msgid "A supplied name was of an unsupported type"
+msgstr "მითითებული ს�ხელის ტიპი მხ�რდ�უჭერელი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:62
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:208
+msgid "Incorrect channel bindings were supplied"
+msgstr "მიწ�დებული �რხების მიბმ� �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:63
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:179
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:274
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:334
+msgid "An invalid status code was supplied"
+msgstr "მიწ�დებული სტ�ტუსის კ�დი �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:64
+msgid "A token had an invalid signature"
+msgstr "კ�დის ხელმ�წერ� �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:65
+msgid "No credentials were supplied"
+msgstr "�ვტ�რიზ�ციის დეტ�ლები მიწ�დებული �რ��"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:66
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:223
+msgid "No context has been established"
+msgstr "კ�ნტექსტი �წყ�ბილი �რ��"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:67
+msgid "A token was invalid"
+msgstr "კ�დი �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:68
+msgid "A credential was invalid"
+msgstr "�ვტ�რიზ�ციის დეტ�ლები �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:69
+msgid "The referenced credentials have expired"
+msgstr "მიმ�რთული �ვტ�რიზ�ციის დეტ�ლები ვ�დ�გ�სული�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:70
+msgid "The context has expired"
+msgstr "კ�ნტექსტი ვ�დ�გ�სული�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:71
+msgid "Miscellaneous failure"
+msgstr "სხვ�დ�სხვ� შეცდ�მ�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:72
+msgid "The quality-of-protection requested could not be provided"
+msgstr "მ�თხ�ვნილი quality-of-protection -ის მიწ�დებ� შეუძლებელი�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:73
+msgid "The operation is forbidden by the local security policy"
+msgstr "�პერ�ცი� ლ�კ�ლური უს�ფრთხ�ების პ�ლიტიკის მიერ�� �კრძ�ლული"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:74
+msgid "The operation or option is not available"
+msgstr "�პერ�ცი� �ნ პ�რ�მეტრი ხელმის�წვდ�მი �რ��"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:77
+msgid "routine error"
+msgstr "ქვეპრ�გრ�მის შეცდ�მ�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:89
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:311
+msgid "The routine must be called again to complete its function"
+msgstr "მისი ფუნქციის დ�ს�სრულებლ�დ ქვეპრ�გრ�მ� კიდევ ერთხელ უნდ� გ�მ�იძ�ხ�თ"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:90
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:316
+msgid "The token was a duplicate of an earlier token"
+msgstr "ეს კ�დი ძველი კ�დის �სლს წ�რმ��დგენდ�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:91
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:321
+msgid "The token's validity period has expired"
+msgstr "კ�დის ვ�რგისი�ნ�ბის ვ�დ� �მ�წურული�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:92
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:325
+msgid "A later token has already been processed"
+msgstr "უფრ� �ხ�ლი კ�დი უკვე დ�მუშ�ვდ�"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:95
+msgid "supplementary info code"
+msgstr "დ�მ�ტებითი ინფ�რმ�ციის კ�დი"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:106
+#: ../lib/krb5/error_tables/krb5_err.c:23
+msgid "No error"
+msgstr "შეცდ�მის გ�რეშე"
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:107
+#, c-format
+msgid "Unknown %s (field = %d)"
+msgstr "უცნ�ბი %s (ველი = %d)"
+
+#: ../../src/lib/gssapi/krb5/acquire_cred.c:148
+#, c-format
+msgid "No key table entry found matching %s"
+msgstr "%s-ის შეს�ბ�მისი გ�ს�ღების ცხრილის ჩ�ნ�წერი �რ �რსებ�ბს"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:161
+msgid "The routine completed successfully"
+msgstr "ქვეპრ�გრ�მ� წ�რმ�ტებით დ�სრულდ�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:170
+msgid "A required output parameter could not be written"
+msgstr "გ�მ�ტ�ნის �უცილებელი პ�რ�მეტრის ჩ�წერ� შეუძლებელი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:212
+msgid "A token had an invalid Message Integrity Check (MIC)"
+msgstr "კ�დის *შეტყ�ბინების მთლი�ნ�ბის შემ�წმებ�\" (MIC) �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:217
+msgid ""
+"No credentials were supplied, or the credentials were unavailable or "
+"inaccessible"
+msgstr "�ვტ�რიზ�ციის დეტ�ლები მიწ�დებული �რ��, �ნ ისინი მიუწვდ�მელი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:227
+msgid "Invalid token was supplied"
+msgstr "მიწ�დებული კ�დი �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:231
+msgid "Invalid credential was supplied"
+msgstr "მიწ�დებული �ვტ�რიზ�ციის დეტ�ლები �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:235
+msgid "The referenced credential has expired"
+msgstr "მიმ�რთვის �ვტ�რიზ�ციის დეტ�ლების ვ�დ� �მ�წურული�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:239
+msgid "The referenced context has expired"
+msgstr "მიმ�რთვის კ�ნტექსტის ვ�დ� �მ�წურული�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:243
+msgid "Unspecified GSS failure.  Minor code may provide more information"
+msgstr ""
+"GSS-ის უცნ�ბი შეცდ�მ�.  მცირე კ�დს დ�მ�ტებითი ინფ�რმ�ციის მ�წ�დებ� შეუძლი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:248
+msgid "The quality-of-protection (QOP) requested could not be provided"
+msgstr "მ�თხ�ვნილი quality-of-protection -ის (QOP) მიწ�დებ� შეუძლებელი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:253
+msgid "The operation is forbidden by local security policy"
+msgstr "�პერ�ცი� ლ�კ�ლური უს�ფრთხ�ების პ�ლიტიკის მიერ�� �კრძ�ლული"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:258
+msgid "The operation or option is not available or unsupported"
+msgstr "�პერ�ცი� �ნ პ�რ�მეტრი ხელმიუწვდ�მელი �ნ მხ�რდ�უჭერელი�"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:263
+msgid "The requested credential element already exists"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ელემენტი უკვე �რსებ�ბს"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:268
+msgid "The provided name was not mechanism specific (MN)"
+msgstr "მ�წ�დებული ს�ხელი მექ�ნიზმზე მიბმული (MN) �რ��"
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:329
+msgid "An expected per-message token was not received"
+msgstr "თით�ეული შეტყ�ბინების მ�ს�ლ�დნელი კ�დი მიღებული �რ��"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1824
+msgid "SPNEGO cannot find mechanisms to negotiate"
+msgstr "SPNEGO -მ� მ�ს�ლ�პ�რ�კებელი მექ�ნიზმები ვერ იპ�ვ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1826
+msgid "SPNEGO failed to acquire creds"
+msgstr "SPNEGO �ვტ.დეტ�ლების მიღების შეცდ�მ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1828
+msgid "SPNEGO acceptor did not select a mechanism"
+msgstr "SPNEGO �ქსეპტ�რმ� მექ�ნიზმი �რ �ირჩი�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1830
+msgid "SPNEGO failed to negotiate a mechanism"
+msgstr "SPNEGO -მ� მექ�ნიზმის შეთ�ნხმებ� ვერ შეძლ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1832
+msgid "SPNEGO acceptor did not return a valid token"
+msgstr "SPNEGO �ქსეპტ�რმ� სწ�რი კ�დი �რ დ��ბრუნ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1834
+msgid "Invalid NegoEx signature"
+msgstr "�რ�სწ�რი NegoEx ხელმ�წერი�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1836
+msgid "Invalid NegoEx message type"
+msgstr "�რ�სწ�რი NegoEx შეტყ�ბინების ტიპი"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1838
+msgid "Invalid NegoEx message size"
+msgstr "�რ�სწ�რი NegoEx შეტყ�ბინების ზ�მ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1840
+msgid "Invalid NegoEx conversation ID"
+msgstr "�რ�სწ�რი NegoEx ს�უბრის ID"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1842
+msgid "NegoEx authentication scheme not found"
+msgstr "NegoEx -ის �ვთენტიკ�ციის სქემ� ნ�პ�ვნი �რ��"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1844
+msgid "Missing NegoEx negotiate message"
+msgstr "NegoEx-ის მ�ლ�პ�რ�კების შეტყ�ბინებ� ვერ ვიპ�ვე"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1846
+msgid "Missing NegoEx authentication protocol request message"
+msgstr "NegoEx -ის �ვთენტიკ�ციის პრ�ტ�კ�ლის მ�თხ�ვნის შეტყ�ბინებ� ვერ ვიპ�ვე"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1848
+msgid "No mutually supported NegoEx authentication schemes"
+msgstr "�რმხრივ�დ მხ�რდ�ჭერილი NegoEx-ის �ვთენტიკ�ციის სქემების გ�რეშე"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1850
+msgid "No NegoEx verify key"
+msgstr "NegoEx -ის გ�ს�ღების გ�დ�მ�წმების გ�რეშე"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1852
+msgid "Unknown NegoEx checksum scheme"
+msgstr "NegoEx -ის ს�კ�ნტრ�ლ� ჯ�მის უცნ�ბი სქემ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1854
+msgid "Invalid NegoEx checksum"
+msgstr "NegoEx -ის ს�კ�ნტრ�ლ� ჯ�მი �რ�სწ�რი�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1856
+msgid "Unsupported critical NegoEx extension"
+msgstr "მხ�რდ�უჭერელი კრიტიკული NegoEx -ის გ�ფ�რთ�ებ�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1858
+msgid "Unsupported NegoEx version"
+msgstr "NegoEx -ის მხ�რდ�უჭერელი ვერსი�"
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1860
+msgid "NegoEx message out of sequence"
+msgstr "NegoEx -ის შეტყ�ბინებ� მიმდევრ�ბის გ�რეთ��"
+
+#: ../../src/lib/kadm5/logger.c:54
+#, c-format
+msgid "%s: cannot parse <%s>\n"
+msgstr "%s: <%s>-ის დ�მუშ�ვების შეცდ�მ�\n"
+
+#: ../../src/lib/kadm5/logger.c:55
+#, c-format
+msgid "%s: warning - logging entry syntax error\n"
+msgstr "%s: გ�ფრთხილებ� - ჟურნ�ლის ჩ�ნ�წერის სინტ�ქსის შეცდ�მ�\n"
+
+#: ../../src/lib/kadm5/logger.c:56
+#, c-format
+msgid "%s: error writing to %s\n"
+msgstr "%s: %s-ში ჩ�წერის შეცდ�მ�\n"
+
+#: ../../src/lib/kadm5/logger.c:57
+#, c-format
+msgid "%s: error writing to %s device\n"
+msgstr "%s: შეცდ�მ� %s მ�წყ�ბილ�ბ�ში ჩ�წერის�ს\n"
+
+#: ../../src/lib/kadm5/logger.c:59
+msgid "EMERGENCY"
+msgstr "გ�დ�უდებელი"
+
+#: ../../src/lib/kadm5/logger.c:60
+msgid "ALERT"
+msgstr "გ�ნგ�ში"
+
+#: ../../src/lib/kadm5/logger.c:61
+msgid "CRITICAL"
+msgstr "კრიტიკული"
+
+#: ../../src/lib/kadm5/logger.c:62
+msgid "Error"
+msgstr "შეცდ�მ�"
+
+#: ../../src/lib/kadm5/logger.c:63
+msgid "Warning"
+msgstr "ყურ�დღებ�"
+
+#: ../../src/lib/kadm5/logger.c:64
+msgid "Notice"
+msgstr "გ�ფრთხილებ�"
+
+#: ../../src/lib/kadm5/logger.c:65
+msgid "info"
+msgstr "ინფ�"
+
+#: ../../src/lib/kadm5/logger.c:66
+msgid "debug"
+msgstr "გ�მ�რთვ�"
+
+#: ../../src/lib/kadm5/logger.c:784
+#, c-format
+msgid "Couldn't open log file %s: %s\n"
+msgstr "ჟურნ�ლის ფ�ილის (%s) გ�ხსნის შეცდ�მ�: %s\n"
+
+#: ../../src/lib/kadm5/srv/kadm5_hook.c:120
+#, c-format
+msgid "kadm5_hook %s failed postcommit %s: %s"
+msgstr "kadm5_hook %s postcommit-ის შეცდ�მ� %s: %s"
+
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:106
+msgid "No dictionary file specified, continuing without one."
+msgstr "ლექსიკ�ნის ფ�ილი მითითებული �რ��. მის გ�რეშე გ�ვ�გრძელებ."
+
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:113
+#, c-format
+msgid "WARNING!  Cannot find dictionary file %s, continuing without one."
+msgstr "გ�ფრთხილებ�! ლექსიკ�ნი %s ვერ ვიპ�ვე. მის გ�რეშე გ�ვ�გრძელებ."
+
+#: ../../src/lib/kadm5/srv/pwqual_empty.c:42
+msgid "Empty passwords are not allowed"
+msgstr "ც�რიელი პ�რ�ლები დ�უშვებელი�"
+
+#: ../../src/lib/kadm5/srv/pwqual_hesiod.c:114
+msgid "Password may not match user information."
+msgstr "პ�რ�ლი �რ შეიძლებ� მ�მხმ�რებლის ინფ�რმ�ცი�ს ემთხვე�დეს."
+
+#: ../../src/lib/kadm5/srv/pwqual_princ.c:54
+msgid "Password may not match principal name"
+msgstr "პ�რ�ლი �რ შეიძლებ� პრინციპ�ლის ს�ხელს შეიც�ვდეს"
+
+#: ../../src/lib/kadm5/srv/server_kdb.c:197
+msgid "History entry contains no key data"
+msgstr "ისტ�რიის ჩ�ნ�წერი გ�ს�ღების მ�ნ�ცემებს �რ შეიც�ვს"
+
+#: ../../src/lib/kadm5/srv/server_misc.c:128
+#, c-format
+msgid "password quality module %s rejected password for %s: %s"
+msgstr "პ�რ�ლის ხ�რისხის მ�დულმ� %s %s-ის პ�რ�ლი უ�რყ�: %s"
+
+#: ../../src/lib/kdb/kdb5.c:216
+msgid "No default realm set; cannot initialize KDB"
+msgstr "ნ�გულისხმები რე�ლმი დ�ყენებული �რ��. KDB-ის ინიცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../../src/lib/kdb/kdb5.c:370
+#, c-format
+msgid "Unable to find requested database type: %s"
+msgstr "მ�თხ�ვნილი ბ�ზის ტიპის პ�ვნ� შეუძლებელი�: %s"
+
+#: ../../src/lib/kdb/kdb5.c:450 ../lib/krb5/error_tables/kdb5_err.c:55
+msgid "Unable to find requested database type"
+msgstr "მ�თხ�ვნილი ბ�ზის ტიპის პ�ვნ� შეუძლებელი�"
+
+#: ../../src/lib/kdb/kdb5.c:458
+msgid "plugin symbol 'kdb_function_table' lookup failed"
+msgstr "დ�მ�ტების სიმბ�ლ�ს 'kdb_function_table' -ის მ�ძებნის შეცდ�მ�"
+
+#: ../../src/lib/kdb/kdb5.c:466
+#, c-format
+msgid ""
+"Unable to load requested database module '%s': plugin symbol "
+"'kdb_function_table' not found"
+msgstr ""
+"მ�თხ�ვნილი ბ�ზის მ�დულის '%s' ჩ�ტვირთვის შეცდ�მ�: დ�მ�ტების სიმბ�ლ� "
+"'kdb_function_table' ვერ ვიპ�ვე"
+
+#: ../../src/lib/kdb/kdb5.c:604
+msgid "Cannot initialize database library"
+msgstr "ბ�ზის ბიბლი�თეკის ინიცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../../src/lib/kdb/kdb5.c:1770
+#, c-format
+msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n"
+msgstr "KRB5_TL_MKEY_AUX -ის ვერსიის �რ�სწ�რი ნ�მერი %d\n"
+
+#: ../../src/lib/kdb/kdb5.c:1942
+#, c-format
+msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n"
+msgstr "KRB5_TL_ACTKVNO -ის ვერსიის �რ�სწ�რი ნ�მერი %d\n"
+
+#: ../../src/lib/kdb/kdb_default.c:137
+#, c-format
+msgid "keyfile (%s) is not a regular file: %s"
+msgstr "keyfile (%s) ჩვეულებრივი ფ�ილი �რ��: %s"
+
+#: ../../src/lib/kdb/kdb_default.c:150
+msgid "Could not create temp keytab file name."
+msgstr "დრ�ებითი keytab ფ�ილის ს�ხელის შექმნის შეცდ�მ�."
+
+#: ../../src/lib/kdb/kdb_default.c:175
+#, c-format
+msgid "Temporary stash file already exists: %s."
+msgstr "დრ�ებითი Stash ფ�ილი უკვე �რსებ�ბს: %s."
+
+#: ../../src/lib/kdb/kdb_default.c:203
+#, c-format
+msgid "rename of temporary keyfile (%s) to (%s) failed: %s"
+msgstr "დრ�ებითი keyfile-ის (%s)-ის ს�ხელის (%s)-ზე გ�დ�რქმევის შეცდ�მ�: %s"
+
+#: ../../src/lib/kdb/kdb_default.c:388
+#, c-format
+msgid "Can not fetch master key (error: %s)."
+msgstr "მთ�ვ�რი გ�ს�ღების მ�თხ�ვნის შეცდ�მ� (შეცდ�მ�: %s)"
+
+#: ../../src/lib/kdb/kdb_default.c:456
+msgid "Unable to decrypt latest master key with the provided master key\n"
+msgstr ""
+"მიწ�დებული მთ�ვ�რი გ�ს�ღებით უ�ხლესი მთ�ვ�რი გ�ს�ღების გ�შიფვრ� შეუძლებელი�\n"
+
+#: ../../src/lib/kdb/kdb_log.c:87
+msgid "could not sync ulog update to disk"
+msgstr "ulog-ის გ�ნ�ხლების დისკთ�ნ სინქრ�ნიზ�ციის შეცდ�მ�"
+
+#: ../../src/lib/kdb/kdb_log.c:101
+msgid "could not sync ulog header to disk"
+msgstr "ulog-ის თ�ვს�რთის დისკთ�ნ სინქრ�ნიზ�ციის შეცდ�მ�"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:122
+#, c-format
+msgid "Subsidiary cache path %s has no parent directory"
+msgstr "შვილ�ბილი ქეშის ბილიკს %s მშ�ბელი ს�ქ�ღ�ლდე �რ გ��ჩნი�"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:128
+#, c-format
+msgid "Subsidiary cache path %s filename does not begin with \"tkt\""
+msgstr "შვილ�ბილი ქეშის ბილიკის %s ფ�ილის ს�ხელი \"tkt\"-ით �რ იწყებ�"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:169
+#, c-format
+msgid "%s contains invalid filename"
+msgstr "%s �რ�სწ�რ ფ�ილის ს�ხელს შეიც�ვს"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:229
+#, c-format
+msgid "Credential cache directory %s does not exist"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის ს�ქ�ღ�ლდე %s �რ �რსებ�ბს"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:235
+#, c-format
+msgid "Credential cache directory %s exists but is not a directory"
+msgstr ""
+"�ვტ�რიზ�ციის დეტ�ლების ქეშის ს�ქ�ღ�ლდე %s �რსებ�ბს, მ�გრ�მ ს�ქ�ღ�ლდე �რ��"
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:400
+msgid ""
+"Can't create new subsidiary cache because default cache is not a directory "
+"collection"
+msgstr ""
+"�ხ�ლი შვილ�ბილი ქეშის შექმნ� შეუძლებელი� იმიტ�მ, რ�მ ნ�გულისხმები ქეში "
+"ს�ქ�ღ�ლდეების კ�ლექცი�ს �რ წ�რმ��დგენს"
+
+#: ../../src/lib/krb5/ccache/cc_kcm.c:908
+#, c-format
+msgid "Credentials cache 'KCM:%s' not found"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეში 'KCM:%s' ვერ ვიპ�ვე"
+
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1149
+msgid ""
+"Can't create new subsidiary cache because default cache is already a "
+"subsidiary"
+msgstr ""
+"�ხ�ლი შვილ�ბილი ქეშის შექმნ� შეუძლებელი� იმიტ�მ, რ�მ ნ�გულისხმები ქეში უკვე "
+"შვილ�ბილი�"
+
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1217
+#, c-format
+msgid "Credentials cache keyring '%s' not found"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ბრელ�კი '%s' �რ �რსებ�ბს"
+
+#: ../../src/lib/krb5/ccache/cccursor.c:207
+#, c-format
+msgid "Can't find client principal %s in cache collection"
+msgstr "კლიენტის პრინციპ�ლი %s ქეშის კ�ლექცი�ში �რ �რსებ�ბს"
+
+#: ../../src/lib/krb5/ccache/cccursor.c:270
+msgid "No Kerberos credentials available"
+msgstr "Kerberos-ის �ვტ�რიზ�ციის დეტ�ლები ხელმიუწვდ�მელი�"
+
+#: ../../src/lib/krb5/ccache/cccursor.c:276
+#, c-format
+msgid "No Kerberos credentials available (default cache: %s)"
+msgstr "Kerberos-ის �ვტ�რიზ�ციის დეტ�ლები მიუწვდ�მელი� (ნ�გულისხმები ქეში: %s)"
+
+#: ../../src/lib/krb5/keytab/kt_file.c:389
+#, c-format
+msgid "No key table entry found for %s"
+msgstr "გ�ს�ღებების ცხრილის ჩ�ნ�წერი %s-სთვის �რ �რსებ�ბს"
+
+#: ../../src/lib/krb5/keytab/kt_file.c:537
+#: ../../src/lib/krb5/keytab/kt_file.c:570
+msgid "Cannot change keytab with keytab iterators active"
+msgstr "Keytab-ის შეცვლ�, თუ keutab-ის იტერ�ცი� ჩ�რთული�, შეუძლებელი�"
+
+#: ../../src/lib/krb5/keytab/kt_file.c:757
+#, c-format
+msgid "Key table file '%s' not found"
+msgstr "გ�ს�ღებების ცხრილის ფ�ილი \"%s\" �რ �რსებ�ბს"
+
+#: ../../src/lib/krb5/keytab/ktfns.c:129
+#, c-format
+msgid "Keytab %s is nonexistent or empty"
+msgstr "Keytab %s �რ �რსებ�ბს �ნ ც�რიელი�"
+
+#: ../../src/lib/krb5/krb/chpw.c:250
+msgid "Malformed request error"
+msgstr "�რ�სწ�რი მ�თხ�ვნის შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/chpw.c:253 ../lib/krb5/error_tables/kdb5_err.c:58
+msgid "Server error"
+msgstr "სერვერის შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/chpw.c:256
+msgid "Authentication error"
+msgstr "�ვთენტიკ�ციის შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/chpw.c:259
+msgid "Password change rejected"
+msgstr "პ�რ�ლის შეცვლ� უ�რყ�ფილი�"
+
+#: ../../src/lib/krb5/krb/chpw.c:262
+msgid "Access denied"
+msgstr "წვდ�მ� �კრძ�ლული�"
+
+#: ../../src/lib/krb5/krb/chpw.c:265
+msgid "Wrong protocol version"
+msgstr "�რ�სწ�რი პრ�ტ�კ�ლის ვერსი�"
+
+#: ../../src/lib/krb5/krb/chpw.c:268
+msgid "Initial password required"
+msgstr "ს�ჭირ�� ს�წყისი პ�რ�ლი"
+
+#: ../../src/lib/krb5/krb/chpw.c:271
+msgid "Success"
+msgstr "წ�რმ�ტებ�"
+
+#: ../../src/lib/krb5/krb/chpw.c:274 ../lib/krb5/error_tables/krb5_err.c:257
+msgid "Password change failed"
+msgstr "პ�რ�ლის შეცვლის შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/chpw.c:431
+msgid ""
+"The password must include numbers or symbols.  Don't include any part of "
+"your name in the password."
+msgstr ""
+"პ�რ�ლი რიცხვები �ნ სიმბ�ლ�ებს �უცილებლ�დ უნდ� შეიც�ვდეს.  თქვენს ს�ხელს "
+"პ�რ�ლის ნურც ერთ ნ�წილს ნუ მი�წერთ."
+
+#: ../../src/lib/krb5/krb/chpw.c:437
+#, c-format
+msgid "The password must contain at least %d character."
+msgid_plural "The password must contain at least %d characters."
+msgstr[0] "პ�რ�ლი მინიმუმ %d სიმბ�ლ�ს უნდ� შეიც�ვდეს ."
+msgstr[1] "პ�რ�ლი მინიმუმ %d სიმბ�ლ�ს უნდ� შეიც�ვდეს ."
+
+#: ../../src/lib/krb5/krb/chpw.c:446
+#, c-format
+msgid "The password must be different from the previous password."
+msgid_plural "The password must be different from the previous %d passwords."
+msgstr[0] "�ხ�ლი პ�რ�ლი წინ�სგ�ნ უნდ� გ�ნსხვ�ვდებ�დეს."
+msgstr[1] "�ხ�ლი პ�რ�ლი წინ� %d პ�რ�ლისგ�ნ უნდ� გ�ნსხვ�ვდებ�დეს."
+
+#: ../../src/lib/krb5/krb/chpw.c:458
+#, c-format
+msgid "The password can only be changed once a day."
+msgid_plural "The password can only be changed every %d days."
+msgstr[0] "პ�რ�ლი მხ�ლ�დ დღეში ერთხელ შეგიძლი�თ შეცვ�ლ�თ."
+msgstr[1] "პ�რ�ლი მხ�ლ�დ %d დღეში ერთხელ შეგიძლი�თ შეცვ�ლ�თ."
+
+#: ../../src/lib/krb5/krb/chpw.c:504
+msgid "Try a more complex password, or contact your administrator."
+msgstr "სც�დეთ უფრ� რთული პ�რ�ლი �ნ დ�უკ�ვშირდით �დმინისტრ�ტ�რს."
+
+#: ../../src/lib/krb5/krb/fast.c:216
+msgid "Error constructing AP-REQ armor"
+msgstr "შეცდ�მ� AP-REQ �ბჯრის �წყ�ბის�ს"
+
+#: ../../src/lib/krb5/krb/fast.c:394
+msgid "Failed to decrypt FAST reply"
+msgstr "შეცდ�მ� FAST პ�სუხის გ�შიფვრის�ს"
+
+#: ../../src/lib/krb5/krb/fast.c:400
+msgid "nonce modified in FAST response: KDC response modified"
+msgstr "მითითებულ დრ�ს შესწ�რებ� FAST პ�სუხში: KDC-ის პ�სუხი შეიცვ�ლ�"
+
+#: ../../src/lib/krb5/krb/fast.c:466
+msgid "Expecting FX_ERROR pa-data inside FAST container"
+msgstr "FAST კ�ნტენერში FX_ERROR pa-data-ს მ�ველ�დი"
+
+#: ../../src/lib/krb5/krb/fast.c:537
+msgid "FAST response missing finish message in KDC reply"
+msgstr "KDC-ის გ�მ�ხმ�ურებ�ში FAST პ�სუხს დ�სრულების შეტყ�ბინებ� �კლი�"
+
+#: ../../src/lib/krb5/krb/fast.c:550
+msgid "Ticket modified in KDC reply"
+msgstr "KDC-ის პ�სუხში ბილეთი შეიცვ�ლ�"
+
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:198
+#, c-format
+msgid "KDC returned error string: %.*s"
+msgstr "KDC -ის მიერ დ�ბრუნებული შეცდ�მის სტრიქ�ნი: %.*s"
+
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:207
+#, c-format
+msgid "Server %s not found in Kerberos database"
+msgstr "სერვერი %s Kerberos-ის ბ�ზ�ში �რ �რსებ�ბს"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:202
+msgid "Reply has wrong form of session key for anonymous request"
+msgstr "პ�სუხს �ნ�ნიმური მ�თხ�ვნისთვის სესიის გ�ს�ღების �რ�სწ�რი ფ�რმ� გ��ჩნი�"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1570
+#, c-format
+msgid "Warning: Your password will expire in less than one hour on %s"
+msgstr "გ�ფრთხილებ�: თქვენს პ�რ�ლს ვ�დ� ერთ ს��თზე ნ�კლებში, %s-ზე გ�უვ�"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1574
+#, c-format
+msgid "Warning: Your password will expire in %d hour%s on %s"
+msgstr "გ�ფრთხილებ�: თქვენს პ�რ�ლს ვ�დ� %d ს��თში%s %s-ზე გ�უვ�"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1578
+#, c-format
+msgid "Warning: Your password will expire in %d days on %s"
+msgstr "გ�ფრთხილებ�: თქვენს პ�რ�ლს ვ�დ� %d დღეში, %s-ზე გ�უვ�"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1600
+msgid ""
+"Warning: encryption type des3-cbc-sha1 used for authentication is weak and "
+"will be disabled"
+msgstr ""
+"გ�ფრთხილებ�: �ვთენტიკ�ციისთვის გ�მ�ყენებული დ�შიფვრის ტიპი des3-cbc-sha1 "
+"სუსტი� დ� გ�ითიშებ�"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1844
+msgid "Failed to store credentials"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების დ�მ�ხს�ვრების შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1939
+#, c-format
+msgid "Client '%s' not found in Kerberos database"
+msgstr "კლიენტი '%s' Kerberos-ის ბ�ზ�ში ვერ ვიპ�ვე"
+
+#: ../../src/lib/krb5/krb/gic_keytab.c:225
+#, c-format
+msgid "Keytab contains no suitable keys for %s"
+msgstr "Keytab-ი %s-სთვის შეს�ბ�მის გ�ს�ღებებს �რ შეიც�ვს"
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:75
+#, c-format
+msgid "Password for %s"
+msgstr "პ�რ�ლი \"%s\" -სთვის"
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:301
+msgid "Password expired.  You must change it now."
+msgstr "პ�რ�ლის ვ�დ� �მ�იწურ�.  ის �ხლ�ვე უნდ� შეცვ�ლ�თ."
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:320 ../../src/lib/krb5/krb/gic_pwd.c:324
+#, c-format
+msgid "%s.  Please try again."
+msgstr "%s.  თ�ვიდ�ნ სც�დეთ."
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:365
+#, c-format
+msgid "%.*s%s%s.  Please try again.\n"
+msgstr "%.*s%s%s.  თ�ვიდ�ნ სც�დეთ.\n"
+
+#: ../../src/lib/krb5/krb/parse.c:202
+#, c-format
+msgid "Principal %s is missing required realm"
+msgstr "პრინციპ�ლს %s �უცილებელი რე�ლმი �რ გ��ჩნი�"
+
+#: ../../src/lib/krb5/krb/parse.c:214
+#, c-format
+msgid "Principal %s has realm present"
+msgstr "პრინციპ�ლს %s რე�ლმი გ��ჩნი�"
+
+#: ../../src/lib/krb5/krb/plugin.c:169
+#, c-format
+msgid "Invalid module specifier %s"
+msgstr "მ�დულის �რ�სწ�რი მიმთითებელი %s"
+
+#: ../../src/lib/krb5/krb/plugin.c:416
+#, c-format
+msgid "Could not find %s plugin module named '%s'"
+msgstr "%s დ�მ�ტების მ�დული, ს�ხელით '%s' ვერ ვიპ�ვე"
+
+#: ../../src/lib/krb5/krb/preauth2.c:309
+msgid "krb5_init_creds calls must use same library context"
+msgstr ""
+"krb5_init_creds -ის გ�მ�ძ�ხებებმ� იგივე ბიბლი�თეკის კ�ნტექსტი უნდ� გ�მ�იყენ�ნ"
+
+#: ../../src/lib/krb5/krb/preauth2.c:717
+msgid "Pre-authentication failed"
+msgstr "პრე-�ვთენტიკ�ციის შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/preauth2.c:1046
+msgid "Unable to initialize preauth context"
+msgstr "პრე�ვთენტიკ�ციის კ�ნტექსტის ინცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../../src/lib/krb5/krb/preauth2.c:1059
+#, c-format
+msgid "Preauth module %s"
+msgstr "Preauth მ�დული %s"
+
+#: ../../src/lib/krb5/krb/preauth_encts.c:71
+msgid "Encrypted timestamp is disabled"
+msgstr "დ�შიფრული დრ�ის შტ�მპი გ�თიშული�"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:514
+msgid "Please choose from the following:\n"
+msgstr "�ირჩიეთ შემდეგი სიიდ�ნ:\n"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:516
+msgid "Vendor:"
+msgstr "მ�მწ�დებელი:"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:525
+msgid "Enter #"
+msgstr "შეიყვ�ნეთ #"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:561
+msgid "OTP Challenge:"
+msgstr "OTP გ�მ�წვევ�:"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:590
+msgid "OTP Token PIN"
+msgstr "OTP კ�დის PIN"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:704
+msgid "OTP value doesn't match any token formats"
+msgstr "OTP-ის მნიშვნელ�ბ� კ�დის �რც ერთ ფ�რმ�ტს �რ ემთხვევ�"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:771
+msgid "Enter OTP Token Value"
+msgstr "შეიყვ�ნეთ OTP კ�დის მნიშვნელ�ბ�"
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:917
+msgid "No supported tokens"
+msgstr "მხ�რდ�ჭერილი კ�დების გ�რეშე"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:49
+msgid "Challenge for Enigma Logic mechanism"
+msgstr "გ�მ�წვევ� Enigma Logic მექ�ნიზმისთვის"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:53
+msgid "Challenge for Digital Pathways mechanism"
+msgstr "გ�მ�წვევ� Digital Pathways მექ�ნიზმისთვის"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:57
+msgid "Challenge for Activcard mechanism"
+msgstr "გ�მ�წვევ� Activcard მექ�ნიზმისთვის"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:60
+msgid "Challenge for Enhanced S/Key mechanism"
+msgstr "გ�მ�წვევ� გ�ფ�რთ�ებული S/Key მექ�ნიზმისთვის"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:63
+msgid "Challenge for Traditional S/Key mechanism"
+msgstr "გ�მ�წვევ� ტრ�დიციული S/Key მექ�ნიზმისთვის"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:66
+#: ../../src/lib/krb5/krb/preauth_sam2.c:69
+msgid "Challenge for Security Dynamics mechanism"
+msgstr "გ�მ�წვევ� Security Dynamics მექ�ნიზმისთვის"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:72
+msgid "Challenge from authentication server"
+msgstr "გ�მ�წვევ� �ვთენტიკ�ციის სერვერიდ�ნ"
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:164
+msgid "SAM Authentication"
+msgstr "SAM �ვთენტიკ�ცი�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:146
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab"
+msgstr "შეცდ�მ� გ�ს�ღების მ�ძებნის�ს %s kvno %d Keytab-ში"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:151
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab (request ticket server %s)"
+msgstr ""
+"Keytab-ში %s kvno %d-სთვის გ�ს�ღები ვერ ვიპ�ვე (მ�თხ�ვნის ბილეთის სერვერი %s)"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:176
+#, c-format
+msgid "Cannot decrypt ticket for %s using keytab key for %s"
+msgstr ""
+"%s-სთვის ბილეთის გ�შიფვრ� keytab-ის %s-სთვის გ�ნკუთვნილი გ�ს�ღებით "
+"შეუძლებელი�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:198
+#, c-format
+msgid "Server principal %s does not match request ticket server %s"
+msgstr "სერვერის პრინციპ�ლი %s ბილეთების სერვერს %s �რ ემთხვევ�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:227
+msgid "No keys in keytab"
+msgstr "Keytab-ში გ�ს�ღებები �რ��"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:230
+#, c-format
+msgid "Server principal %s does not match any keys in keytab"
+msgstr "სერვერის პრინციპ�ლი %s keytab-ის �რც ერთ გ�ს�ღებს �რ ემთხვევ�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:237
+#, c-format
+msgid ""
+"Request ticket server %s found in keytab but does not match server principal "
+"%s"
+msgstr ""
+"მ�თხ�ვნის ბილეთის სერვერი %s keytab-ში �რსებ�ბს, მ�გრ�მ სერვერის პრინციპ�ლს "
+"%s �რ ემთხვევ�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:242
+#, c-format
+msgid "Request ticket server %s not found in keytab (ticket kvno %d)"
+msgstr "მ�თხ�ვნილი ბილეთის სერვერი %s keytab-ში ვერ ვიპ�ვე (ბილეთის kvno %d)"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:248
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; ticket is likely out "
+"of date"
+msgstr ""
+"მ�თხ�ვნის ბილეთის სერვერი %s kvno %d keytab-ში ვერ ვიპ�ვე. ბილეთი, რ�გ�რც "
+"ჩ�ნს, ვ�დ�გ�სული�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:253
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; keytab is likely out "
+"of date"
+msgstr ""
+"მ�თხ�ვნის ბილეთის სერვერი %s kvno %d keytab-ში ვერ ვიპ�ვე. keytab-ი, რ�გ�რც "
+"ჩ�ნს, ვ�დ�გ�სული�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:262
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d found in keytab but not with enctype %s"
+msgstr ""
+"მ�თხ�ვნილი ბილეთის სერვერი %s kvno %d keytab-ში ვიპ�ვე, მ�გრ�მ მისი enctype "
+"%s �რ��"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:267
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d enctype %s found in keytab but cannot "
+"decrypt ticket"
+msgstr ""
+"მ�თხ�ვნის ბილეთის სერვერი %s kvno %d enctype %s keytab-ში ვიპ�ვე, მ�გრ�მ "
+"ბილეთის გ�შიფვრ� შეუძლებელი�"
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:884
+#, c-format
+msgid "Encryption type %s not permitted"
+msgstr "დ�შიფვრის ტიპი %s დ�უშვებელი�"
+
+#: ../../src/lib/krb5/krb/s4u_creds.c:1043
+msgid "Realm specified but S4U2Proxy must use referral realm"
+msgstr ""
+"რე�ლმი მითითებული�, მ�გრ�მ S4U2Proxy -მ� მიმ�რთული რე�ლმი უნდ� გ�მ�იყენ�ს"
+
+#: ../../src/lib/krb5/os/expand_path.c:316
+#, c-format
+msgid "Can't find username for uid %lu"
+msgstr "მ�მხმ�რებლის ს�ხელის პ�ვნ� uid %lu-სთვის შეუძლებელი�"
+
+#: ../../src/lib/krb5/os/expand_path.c:405
+#: ../../src/lib/krb5/os/expand_path.c:421
+msgid "Invalid token"
+msgstr "�რ�სწ�რი კ�დი"
+
+#: ../../src/lib/krb5/os/expand_path.c:506
+msgid "variable missing }"
+msgstr "ცვლ�დს �კლი� }"
+
+#: ../../src/lib/krb5/os/locate_kdc.c:818
+#, c-format
+msgid "Cannot find KDC for realm \"%.*s\""
+msgstr "შეცდ�მ� KDC -ის ძებნის�ს რე�ლმისთვის \"%.*s\""
+
+#: ../../src/lib/krb5/os/sendto_kdc.c:519
+#, c-format
+msgid "Cannot contact any KDC for realm '%.*s'"
+msgstr "შეცდ�მ� ყველ� KDC-სთ�ნ მიერთების�ს რე�ლმისთვის '%.*s'"
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:245
+#: ../../src/plugins/kdb/db2/kdb_db2.c:819
+#, c-format
+msgid "Unsupported argument \"%s\" for db2"
+msgstr "DB2-ის მხ�რდ�უჭერელი �რგუმენტი \"%s\""
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:387
+#, c-format
+msgid "Cannot open DB2 database '%s'"
+msgstr "შეცდ�მ� DB2-ის ბ�ზის '%s' გ�ხსნის�ს"
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:989
+msgid "Recursive iteration is not supported for hash databases"
+msgstr "ჰეშ-ბ�ზებისთვის რეკურსიული იტერ�ცი� მხ�რდ�უჭერელი�"
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:996
+msgid "Recursive iteration not supported in this version of libdb"
+msgstr "Libdb-ის �მ ვერსი�ში რეკურსიული იტერ�ცი� მხ�რდ�ჭერილი �რ��"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:69
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:859
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1060
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1467
+msgid "while reading kerberos container information"
+msgstr "kerberos-ის კ�ნტეინერის ინფ�რმ�ციის წ�კითხვს�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:518
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:150
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:165
+msgid "while providing time specification"
+msgstr "დრ�ის სპეციფიკ�ციის მიწ�დების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:304
+msgid "while creating policy object"
+msgstr "პ�ლიტიკის �ბიექტის შექმნის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1475
+msgid "while reading realm information"
+msgstr "რე�ლმის ინფ�რმ�ციის წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:348
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:407
+msgid "while destroying policy object"
+msgstr "პ�ლიტიკის �ბიექტის გ�ნ�დგურების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:358
+#, c-format
+msgid "This will delete the policy object '%s', are you sure?\n"
+msgstr "ეს წ�შლის პ�ლიტიკის �ბიექტს '%s'. დ�რწმუნებული ბრძ�ნდებით?\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:473
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:663
+msgid "while modifying policy object"
+msgstr "პ�ლიტიკის �ბიექტის შეცვლის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:487
+#, c-format
+msgid "while reading information of policy '%s'"
+msgstr "პ�ლიტიკის \"%s\" ინფ�რმ�ციის წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:692
+msgid "while viewing policy"
+msgstr "პ�ლიტიკის დ�თვ�ლიერების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:701
+#, c-format
+msgid "while viewing policy '%s'"
+msgstr "პ�ლიტიკის ('%s') დ�თვ�ლიერების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:835
+msgid "while listing policy objects"
+msgstr "პ�ლიტიკის �ბიექტების ჩ�მ�თვლი�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:419
+#, c-format
+msgid "for subtree while creating realm '%s'"
+msgstr "ქვეხისთვის რე�ლმის '%s' შექმნის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:431
+#, c-format
+msgid "for container reference while creating realm '%s'"
+msgstr "კ�ნტეინერის მიმ�რთვისთვის რე�ლმის ('%s') შექმნის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:456
+#, c-format
+msgid "invalid search scope while creating realm '%s'"
+msgstr "ძებნის �რ�სწ�რი დი�პ�ზ�ნი რე�ლმის '%s' შექმნის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:471
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:795
+#, c-format
+msgid "'%s' is an invalid option\n"
+msgstr "'%s' �რ�სწ�რი პ�რ�მეტრი� \n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:479
+#, c-format
+msgid "Initializing database for realm '%s'\n"
+msgstr "ბ�ზის ინიცი�ლიზ�ცი� რე�ლმისთვის '%s'\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:503
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:664
+#, c-format
+msgid "while creating realm '%s'"
+msgstr "რე�ლმის \"%s\" შექმნის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:523
+#, c-format
+msgid "Enter DN of Kerberos container: "
+msgstr "შეიყვ�ნეთ Kerberos-ის კ�ნტეინერის DN: "
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:558
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:866
+#, c-format
+msgid "while reading information of realm '%s'"
+msgstr "რე�ლმის '%s' ინფ�რმ�ციის წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:702
+msgid "while reading Kerberos container information"
+msgstr "kerberos-ის კ�ნტეინერის ინფ�რმ�ციის წ�კითხვს�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:745
+#, c-format
+msgid "for subtree while modifying realm '%s'"
+msgstr "ქვეხისთვის რე�ლმის '%s' ცვლილების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:756
+#, c-format
+msgid "for container reference while modifying realm '%s'"
+msgstr "კ�ნტეინერის მიმ�რთვისთვის რე�ლმის ('%s') ცვლილების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:784
+#, c-format
+msgid "specified for search scope while modifying information of realm '%s'"
+msgstr "მითითებული� ძებნის დი�პ�ზ�ნისთვის რე�ლმის '%s' ინფ�რმ�ციის შეცვლის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:823
+#, c-format
+msgid "while modifying information of realm '%s'"
+msgstr "რე�ლმის '%s' ინფ�რმ�ციის შეცვლის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:912
+msgid "Realm Name"
+msgstr "რე�ლმის ს�ხელი"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:915
+msgid "Subtree"
+msgstr "ქვეხე"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:918
+msgid "Principal Container Reference"
+msgstr "პრინციპ�ლის კ�ნტეინერის მიმ�რთვ�"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:923
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:925
+msgid "SearchScope"
+msgstr "ძებნისდი�პ�ზ�ნი"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:923
+msgid "Invalid !"
+msgstr "�რ�სწ�რი� !"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:930
+msgid "KDC Services"
+msgstr "KDC სერვისები"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:945
+msgid "Admin Services"
+msgstr "�დმინის სერვისები"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:960
+msgid "Passwd Services"
+msgstr "Passwd -ის სერვისები"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:976
+msgid "Maximum Ticket Life"
+msgstr "ბილეთის მ�ქსიმ�ლური სიც�ცხლე"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:981
+msgid "Maximum Renewable Life"
+msgstr "მ�ქსიმ�ლური გ�ნ�ხლებ�დი სიც�ცხლე"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:988
+msgid "Ticket flags"
+msgstr "ბილეთის �ლმები"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1067
+msgid "while listing realms"
+msgstr "რე�ლმების სიის გ�მ�ტ�ნის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1399
+msgid "while adding entries to database"
+msgstr "ბ�ზ�ში ჩ�ნ�წერების დ�მ�ტების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1440
+#, c-format
+msgid "Deleting KDC database of '%s', are you sure?\n"
+msgstr "წ�იშლებ� '%s'-ის KDC-ის ბ�ზ�. დ�რწმუნებული ბრძ�ნდებით?\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1451
+#, c-format
+msgid "OK, deleting database of '%s'...\n"
+msgstr "კ�რგი, მიმდინ�რე�ბს ბ�ზის წ�შლ� '%s'...\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1484
+#, c-format
+msgid "deleting database of '%s'"
+msgstr "%s-ის ბ�ზის წ�შლ�"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1489
+#, c-format
+msgid "** Database of '%s' destroyed.\n"
+msgstr "** ბ�ზ� '%s' გ�ნ�დგურდ�.\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:79
+msgid "ldap_service_password_file not configured"
+msgstr "ldap_service_password_file მ�რგებული �რ��"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:124
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:131
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:141
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:169
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:239
+msgid "while setting service object password"
+msgstr "სერვისის �ბიექტის პ�რ�ლის დ�ყენების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:148
+msgid "while getting service password filename"
+msgstr "სერვისის პ�რ�ლის ფ�ილის ს�ხელის მიღების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:161
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:481
+#, c-format
+msgid "Password for \"%s\""
+msgstr "პ�რ�ლი \"%s\" -სთვის"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:164
+#, c-format
+msgid "Re-enter password for \"%s\""
+msgstr "ხელ�ხლ� შეიყვ�ნეთ �ხ�ლი პ�რ�ლი \"%s\"-სთვის"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:175
+#, c-format
+msgid "%s: Invalid password\n"
+msgstr "%s: �რ�სწ�რი პ�რ�ლი\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:185
+msgid "Failed to convert the password to hexadecimal"
+msgstr "პ�რ�ლის თექვსმეტ�ბითში გ�დ�ყვ�ნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:195
+#, c-format
+msgid "Failed to open file %s: %s"
+msgstr "ფ�ილის (%s) გ�ხსნ� შეუძლებელი�: %s"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:217
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:259
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:295
+msgid "Failed to write service object password to file"
+msgstr "სერვისის �ბიექტის პ�რ�ლის ფ�ილში ჩ�წერის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:223
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:280
+msgid "Error reading service object password file"
+msgstr "შეცდ�მ� სერვისის �ბიეტქის პ�რ�ლის ფ�ილის წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:248
+#, c-format
+msgid "Error creating file %s"
+msgstr "ფ�ილის შექმნის შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:105
+#, c-format
+msgid ""
+"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri] [-r realm]\n"
+"\tcmd [cmd_options]\n"
+"create          [-subtrees subtree_dn_list] [-sscope search_scope]\n"
+"\t\t[-containerref container_reference_dn]\n"
+"\t\t[-m|-P password|-sf stashfilename] [-s]\n"
+"\t\t[-k mkeytype] [-kv mkeyVNO] [-M mkeyname]\n"
+"\t\t[-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
+"modify          [-subtrees subtree_dn_list] [-sscope search_scope]\n"
+"\t\t[-containerref container_reference_dn]\n"
+"\t\t[-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
+"view\n"
+"destroy         [-f]\n"
+"list\n"
+"stashsrvpw      [-f filename] service_dn\n"
+"create_policy   [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"modify_policy   [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"view_policy     policy\n"
+"destroy_policy  [-force] policy\n"
+"list_policy\n"
+msgstr ""
+"გ�მ�ყენებ�: kdb5_ldap_util [-D მ�მხმ�რებლის_dn [-w პ�რ�ლი]] [-H ldapuri] [-r "
+"რე�ლმი]\n"
+"\tბრძ�ნებ� [ბრძ�ნებისპ�რ�მეტრები]\n"
+"create          [-subtrees ქვეხის_dn_ის_სი�\t] [-sscope ძებნის_დი�პ�ზ�ნი]\n"
+"\t\t[-containerref კ�ნტეინერის_მიმ�რთვის_dn]\n"
+"\t\t[-m|-P პ�რ�ლი|-sf stash_ფ�ილისს�ხელი] [-s]\n"
+"\t\t[-k mkeytype] [-kv mkeyVNO] [-M mგ�ს�ღებისს�ხელი]\n"
+"\t\t[-maxtktlife ბილეთის_მ�ქს_სიც�ცხლის_ხ�ნგრძლ]\n"
+"\t\t[-maxrenewlife ბილეთის_მ�ქს_გ�ნ�ხლებ�დი_სიც�ცხლის_ხ�ნგრძლ] "
+"[ბილეთის_�ლმები]\n"
+"modify          [-subtrees ქვეხის_dn_ის_სი�] [-sscope ძებნის_დი�პ�ზ�ნი]\n"
+"\t\t[-containerref კ�ნტეინერის_მიმ�რთვის_dn]\n"
+"\t\t[-maxtktlife ბილეთის_მ�ქს_სიც�ცხლის_ხ�ნგრძლ]\n"
+"\t\t[-maxrenewlife ბილეთის_მ�ქს_გ�ნ�ხლებ�დი_სიც�ცხლის_ხ�ნგრძლ] "
+"[ბილეთის_�ლმები]\n"
+"view\n"
+"destroy         [-f]\n"
+"list\n"
+"stashsrvpw      [-f ფ�ილისს�ხელი] სერვისის_dn\n"
+"create_policy   [-maxtktlife ბილეთის_მ�ქს_სიც�ცხლის_ხ�ნგრძლ]\n"
+"\t\t[-maxrenewlife ბილეთის_მ�ქს_გ�ნ�ხლებ�დი_სიც�ცხლის_ხ�ნგრძლ] "
+"[ბილეთის_�ლმები] პ�ლიტიკ�\n"
+"modify_policy   [-maxtktlife ბილეთის_მ�ქს_სიც�ცხლის_ხ�ნგრძლ]\n"
+"\t\t[-maxrenewlife ბილეთის_მ�ქს_გ�ნ�ხლებ�დი_სიც�ცხლის_ხ�ნგრძლ] "
+"[ბილეთის_�ლმები] პ�ლიტიკ�\n"
+"view_policy     პ�ლიტიკ�\n"
+"destroy_policy  [-force] პ�ლიტიკ�\n"
+"list_policy\n"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:329
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:337
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:345
+msgid "while reading ldap parameters"
+msgstr "ldap-ის პ�რ�მეტრების წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:443
+msgid "while initializing error handling"
+msgstr "შეცდ�მების დ�მუშ�ვებლის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:451
+msgid "while initializing ldap handle"
+msgstr "ldap-ის დ�მმუშ�ვებლის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:465
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:474
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:487
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:529
+msgid "while retrieving ldap configuration"
+msgstr "ldap-ის კ�ნფიგურ�ციის მიღების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:511
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:520
+msgid "while initializing server list"
+msgstr "სერვერების სიის ინიცი�ლიზ�ციის�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:551
+msgid "while setting up lib handle"
+msgstr "ბიბლი�თეკის დ�მმუშ�ვებლის მ�რგების�ს"
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:560
+msgid "while reading ldap configuration"
+msgstr "ldap-ის კ�ნფიგურ�ციის წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:68
+msgid "Unable to read Kerberos container"
+msgstr "Kerberos-ის კ�ნტეინერის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:73
+msgid "Unable to read Realm"
+msgstr "რე�ლმის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:214
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:71
+msgid "Error processing LDAP DB params"
+msgstr "შეცდ�მ� LDAP DB-ის პ�რ�მეტრების დ�მუშ�ვების�ს"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:220
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:77
+msgid "Error reading LDAP server params"
+msgstr "შეცდ�მ� LDAP სერვერის პ�რ�მეტრების წ�კითხვის�ს"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:64
+msgid "LDAP bind dn value missing"
+msgstr "LDAP-ის მის�მ�გრებელი DN-ის მნიშვნელ�ბ� მითითებული �რ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:69
+msgid "LDAP bind password value missing"
+msgstr "LDAP-ის მის�მ�გრებელი პ�რ�ლის მნიშვნელ�ბ� მითითებული �რ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:78
+msgid "Error reading password from stash"
+msgstr "Stash ფ�ილიდ�ნ პ�რ�ლის წ�იკითხვის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:85
+msgid "Service password length is zero"
+msgstr "სერვისის პ�რ�ლის სიგრძე ნულ�ვ�ნი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:145
+#, c-format
+msgid "Cannot bind to LDAP server '%s' with SASL mechanism '%s': %s"
+msgstr "LDAP სერვერთ�ნ '%s' SASL მექ�ნიზმით '%s' მიბმის შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:158
+#, c-format
+msgid "Cannot bind to LDAP server '%s' as '%s': %s"
+msgstr "შეცდ�მ� LDAP სერვერთ�ნ '%s' მიბმის�ს, რ�გ�რც '%s': %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:183
+#, c-format
+msgid "Cannot create LDAP handle for '%s': %s"
+msgstr "'%s'-სთვის LDAP დ�მმუშ�ვებლის შექმნის შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:56
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:67
+msgid "Error reading kerberos container location from krb5.conf"
+msgstr "Krb5.conf-დ�ნ Kerbreros-ის კ�ნტეინერის მდებ�რე�ბის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:75
+msgid "Kerberos container location not specified"
+msgstr "Kerberos-ის კ�ნტეინერის მდებ�რე�ბ� მითითებული �რ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:56
+#, c-format
+msgid "Error reading '%s' attribute: %s"
+msgstr "შეცდ�მ� %s �ტრიბუტის წ�კითხვის�ს: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:219
+msgid "KDB module requires -update argument"
+msgstr "KDB მ�დულისთვის -update �რგუმენტი �უცილებელი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:225
+#, c-format
+msgid "'%s' value missing"
+msgstr "'%s' მნიშვნელ�ბ� �კლი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:283
+#, c-format
+msgid "unknown option '%s'"
+msgstr "უცნ�ბი პ�რ�მეტრი '%s'"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:343
+msgid "Minimum connections required per server is 2"
+msgstr "თით�ეულ სერვერთ�ნ მიერთების მინიმ�ლური რ��დენ�ბ� �რის ტ�ლი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:160
+msgid "Default realm not set"
+msgstr "ნ�გულისხმები რე�ლმი დ�ყენებული �რ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:264
+msgid "DN information missing"
+msgstr "DN ინფ�რმ�ცი� �კლი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:476
+msgid "dn information missing"
+msgstr "dn ინფ�რმ�ცი� �კლი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:137
+msgid "Principal does not belong to realm"
+msgstr "პრინციპ�ლი რე�ლმს �რ ეკუთვნის"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:305
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:314
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:322
+#, c-format
+msgid "%s option not supported"
+msgstr "%s პ�რ�მეტრი მხ�რდ�უჭერელი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:329
+#, c-format
+msgid "unknown option: %s"
+msgstr "უცნ�ბი პ�რ�მეტრი: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:336
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:343
+#, c-format
+msgid "%s option value missing"
+msgstr "%s პ�რ�მეტრის მნიშვნელ�ბ� მითითებული �რ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:676
+msgid "DN is out of the realm subtree"
+msgstr "DN რე�ლმის ქვეხის გ�რეთ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:708
+msgid "ldap object is already kerberized"
+msgstr "ldap �ბიექტი უკვე kerberos-ის მ�რთვის ქვეშ��"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:803
+msgid "Principal does not belong to the default realm"
+msgstr "პრინციპ�ლი ნ�გულისხმებ რე�ლმს �რ ეკუთვნის"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:869
+#, c-format
+msgid ""
+"operation can not continue, more than one entry with principal name \"%s\" "
+"found"
+msgstr ""
+"�პერ�ციის გ�გრძელებ� შეუძლებელი�. ნ�პ�ვნი� პრინციპ�ლის ს�ხელის \"%s\" მქ�ნე "
+"ერთზე მეტი ჩ�ნ�წერი"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:928
+#, c-format
+msgid "'%s' not found"
+msgstr "'%s' �რ �რსებ�ბს"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:992
+#, c-format
+msgid ""
+"link information can not be set/updated as the kerberos principal belongs to "
+"an ldap object"
+msgstr ""
+"ბმულის ინფ�რმ�ციის დ�ყენებ�/გ�ნ�ხლებ� შეუძლებელი�, რ�დგ�ნ kerberos-ის "
+"პრინციპ�ლი ldap �ბიექტს ეკუთვნის"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1007
+#, c-format
+msgid "Failed getting object references"
+msgstr "�ბიექტის მიმ�რთვის მიღების შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1014
+#, c-format
+msgid "kerberos principal is already linked to a ldap object"
+msgstr "kerberos-ის პრინციპ�ლი ldap �ბიექტზე უკვე მიბმული�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1340
+msgid "ticket policy object value: "
+msgstr "ბილეტის პ�ლიტიკის �ბიექტის მნიშვნელ�ბ�: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1388
+#, c-format
+msgid "Principal delete failed (trying to replace entry): %s"
+msgstr "პრინციპ�ლის წ�შლის შეცდ�მ� (ჩ�ნ�წერის ჩ�ნ�ცვლების�ს): %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1398
+#, c-format
+msgid "Principal add failed: %s"
+msgstr "პრინციპ�ლის დ�მ�ტების შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1436
+#, c-format
+msgid "User modification failed: %s"
+msgstr "მ�მხმ�რებლის ცვლილების შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1510
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294
+msgid "Error reading ticket policy"
+msgstr "ბილეტის პ�ლიტიკის წ�კითხვის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1640
+msgid "unable to decode stored principal key data"
+msgstr "დ�მ�ხს�ვრებული პრინციპ�ლის გ�ს�ღების მ�ნ�ცემების გ�შიფვრის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1698
+msgid "unable to decode stored principal pw history"
+msgstr "დ�მ�ხს�ვრებული პრინციპ�ლის პ�რ�ლის ისტ�რიის გ�შიფვრის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:223
+msgid "Realm information not available"
+msgstr "რე�ლმის ინფ�რმ�ცი� მიუწვდ�მელი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:306
+#, c-format
+msgid "Realm Delete FAILED: %s"
+msgstr "რე�ლმის წ�შლის შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:386
+msgid "subtree value: "
+msgstr "ქვეხის მნიშვნელ�ბ�: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:403
+msgid "container reference value: "
+msgstr "შემცველ�ბის მითითების მნიშვნელ�ბ�: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:486
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:549
+msgid "Kerberos Container information is missing"
+msgstr "Kerberos -ის კ�ნტეიერის ინფ�რმ�ცი� �რ �რსებ�ბს"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:498
+msgid "Invalid Kerberos container DN"
+msgstr "�რ�სწ�რი Kerberos-ის შემცველი DN"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:514
+#, c-format
+msgid "Kerberos Container create FAILED: %s"
+msgstr "Kerberos-ის კ�ნტეინერის შექმნის შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:557
+#, c-format
+msgid "Kerberos Container delete FAILED: %s"
+msgstr "Kerberos-ის კ�ნტეინერის წ�შლის შეცდ�მ�: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:633
+msgid "realm object value: "
+msgstr "რე�ლმის �ბიექტის მნიშვნელ�ბ�: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:48
+msgid "Not a hexadecimal password"
+msgstr "თექვსმეტ�ბით პ�რ�ლს �რ წ�რმ��დგენს"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:55
+msgid "Password corrupt"
+msgstr "პ�რ�ლი დ�ზი�ნებული�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:78
+#, c-format
+msgid "Cannot open LDAP password file '%s': %s"
+msgstr "შეცდ�მ� LDAP-ის პ�რ�ლის ფ�ილის ('%s') გ�ხსნის�ს: %s"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:108
+#, c-format
+msgid "Bind DN entry '%s' missing in LDAP password file '%s'"
+msgstr "მის�ბმელი DN-ის ჩ�ნ�წერი '%s' LDAP პ�რ�ლებს ფ�ილში '%s' ვერ ვიპ�ვე"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:66
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:142
+msgid "Ticket Policy Name missing"
+msgstr "�კლი� ბილეთის პ�ლიტიკის ს�ხელი"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:154
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231
+msgid "ticket policy object: "
+msgstr "ბილეთის პ�ლიტიკის �ბიექტი: "
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:219
+msgid "Ticket Policy Object information missing"
+msgstr "�კლი� ბილეთის პ�ლიტიკის �ბიექტის ინფ�რმ�ცი�"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:311
+msgid "Ticket Policy Object DN missing"
+msgstr "�კლი� ბილეთის პ�ლიტიკის �ბიექტის DN"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:338
+msgid "Delete Failed: One or more Principals associated with the Ticket Policy"
+msgstr ""
+"წ�შლის შეცდ�მ�: ბილეთის პ�ლიტიკ�სთ�ნ ერთი �ნ მეტი პრინციპ�ლი� �ს�ცირებული"
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:447
+msgid "Error reading container object"
+msgstr "შემცველი �ბიექტის გ�ხსნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:132
+#, c-format
+msgid "%s (path: %s): %s"
+msgstr "%s (ბილიკი: %s): %s"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:164
+#, c-format
+msgid "Unsupported argument \"%s\" for LMDB"
+msgstr "LMDB-ის მხ�რდ�უჭერელი �რგუმენტი '%s'"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:294
+msgid "LMDB environment open failure"
+msgstr "LMDB გ�რემ�ს გ�ხსნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:319
+msgid "LMDB read failure"
+msgstr "LMDB გ�ხსნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:394
+msgid "LMDB write failure"
+msgstr "LMDB ჩ�წერის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:418
+msgid "LMDB delete failure"
+msgstr "LMDB წ�შლის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:521
+#, c-format
+msgid "LMDB file %s does not exist"
+msgstr "LMDB ფ�ილი %s �რ �რსებ�ბს"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:566
+msgid "LMDB open failure"
+msgstr "LMDB გ�ხსნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:593
+#, c-format
+msgid "LMDB file %s already exists"
+msgstr "LMDB ფ�ილი %s უკვე �რსებ�ბს"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:658
+msgid "LMDB create error"
+msgstr "LMDB შექმნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:676
+#, c-format
+msgid "Could not unlink %s"
+msgstr "ბმის %s მ�ხსნის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:760
+#, c-format
+msgid "Unsupported argument \"%s\" for lmdb"
+msgstr "მხ�რდ�უჭერელი �რგუმენტი \"%s\" lmdb-სთვის"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:806
+msgid "LMDB lockout write failure"
+msgstr "LMDB-ის ბლ�კის ჩ�წერის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:882
+msgid "LMDB principal iteration failure"
+msgstr "LMDB პრინციპ�ლის იტერ�ციის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:985
+msgid "LMDB policy iteration failure"
+msgstr "LMDB პ�ლიტიკის იტერ�ციის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1016
+msgid "LMDB transaction commit failure"
+msgstr "LMDB ტრ�ნზ�ქციის გ�დ�ცემის შეცდ�მ�"
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1115
+msgid "LMDB lockout update failure"
+msgstr "LMDB -ის ბლ�კის გ�ნ�ხლების შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_clnt.c:1088
+msgid "No pkinit_anchors supplied"
+msgstr "\"pkinit_anchors\" მითითებული �რ��"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:957
+#, c-format
+msgid "%s: %s"
+msgstr "%s: %s"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:987
+#, c-format
+msgid "%s (depth %d): %s"
+msgstr "%s (სიღრმე %d): %s"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1230
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4180
+msgid "Pass phrase for"
+msgstr "ს�კვ�ნძ� ფრ�ზ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1516
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1526
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1784
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1794
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2271
+msgid "Failed to DER encode PKCS7"
+msgstr "PKCS7-ის DER-ით დ�შიფვრის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1617
+msgid "Failed to verify own certificate"
+msgstr "ს�კუთ�რი სერტიფიკ�ტის გ�დ�მ�წმების შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1768
+msgid "Failed to add digest attribute"
+msgstr "დ�იჯესტის �ტრიბუტის დ�მ�ტების შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1890
+msgid "Failed to decode CMS message"
+msgstr "შეცდ�მ� CMS-შეტყ�ბინების დეკ�დირების�ს"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1908
+msgid "Invalid pkinit packet: octet string expected"
+msgstr "�რ�სწ�რი pkinit პ�კეტი: მ�ველ�დი �ქტეტ სტრიქ�ნს"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1926
+msgid "wrong oid\n"
+msgstr "�რ�სწ�რი oid\n"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2078
+msgid "Failed to verify received certificate"
+msgstr "მიღებული სერტიფიკ�ტის გ�დ�მ�წმებ� შეუძლებელი�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2114
+msgid "Failed to verify CMS message"
+msgstr "CMS შეტყ�ბინების გ�დ�მ�წმებ� შეუძლებელი�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2259
+msgid "Failed to encrypt PKCS7 object"
+msgstr "PKCS7 �ბიექტის დ�შიფვრის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2317
+msgid "Failed to decode PKCS7"
+msgstr "PKCS7-ის გ�შიფვრის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2333
+msgid "Failed to decrypt PKCS7 message"
+msgstr "PKCS7 შეტყ�ბინების გ�შიფვრის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2756
+msgid "Failed to fetch SSKDF"
+msgstr "SSKDF-ის გ�მ�თხ�ვის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2763
+msgid "Failed to instantiate SSKDF"
+msgstr "SSKDF-ის კ�ნკრეტული მ�გ�ლითის მ�ყვ�ნის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2776
+msgid "Failed to derive key using SSKDF"
+msgstr "შეცდ�მ� SSKDF-ის ს�შუ�ლებით გ�ს�ღების მიღების�ს"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2838
+msgid "Failed to compute digest"
+msgstr "დ�იჯესტის გ�მ�თვლის შეცდ�მ�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4300
+#, c-format
+msgid "Cannot read certificate file '%s'"
+msgstr "სერტიფიკ�ტის ფ�ილის წ�კითხვის შეცდ�მ� \"%s\""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4308
+#, c-format
+msgid "Cannot read key file '%s'"
+msgstr "გ�ს�ღების ფ�ილის წ�კითხვის შეცდ�მ� \"%s\""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5165
+#, c-format
+msgid "Cannot open file '%s'"
+msgstr "ფ�ილის გ�ხსნის შეცდ�მ�: %s"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5172
+#, c-format
+msgid "Cannot read file '%s'"
+msgstr "ფ�ილის წ�კითხვის შეცდ�მ� \"%s\""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:415
+#, c-format
+msgid "Unsupported type while processing '%s'\n"
+msgstr "�რ�სწ�რი ტიპი '%s'-ის დ�მუშ�ვების�ს\n"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:451
+msgid "Internal error parsing X509_user_identity\n"
+msgstr "შიდ� შეცდ�მ� X509_user_identity-ის დ�მუშ�ვების�ს\n"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:552
+msgid "No user identity options specified"
+msgstr "მ�მხმ�რებლის იდენტიფიკ�ციის პ�რ�მეტრები მითითებული �რ��"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:403
+#, c-format
+msgid "PKINIT: no freshness token, rejecting auth from %s"
+msgstr "PKINIT: კ�დი მ�ძველებული�. �ვთენტიკ�ცი� %s -დ�ნ უ�რყ�ფილი�"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:407
+#, c-format
+msgid "PKINIT: freshness token received from %s"
+msgstr "PKINIT: �ხ�ლი კ�დი მიღებული� წყ�რ�დ�ნ: %s"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:409
+#, c-format
+msgid "PKINIT: no freshness token received from %s"
+msgstr "PKINIT: %s-დ�ნ �ხ�ლი კ�დი მიღებული �რ��"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:512
+msgid "Pkinit request not signed, but client not anonymous."
+msgstr "Pkinit მ�თხ�ვნ� ხელმ�წერილი �რ��, მ�გრ�მ კლიენტი �ნ�ნიმური �რ��."
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:546
+msgid "Anonymous pkinit without DH public value not supported."
+msgstr "�ნ�ნიმური pkinit-ი DH-ის ს�ჯ�რ� მნიშვნელ�ბის გ�რეშე მხ�რდ�უჭერელი�."
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1083
+#, c-format
+msgid "No pkinit_identity supplied for realm %s"
+msgstr "\"pkinit_identity\" რე�ლმისთვის %s მითითებული �რ��"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1094
+#, c-format
+msgid "No pkinit_anchors supplied for realm %s"
+msgstr "\"pkinit_anchors\" რე�ლმისთვის %s მითითებული �რ��"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1114
+#, c-format
+msgid "OCSP is not supported: (realm: %s)"
+msgstr "OCSP მხ�რდ�უჭერელი�: (რე�ლმი: %s)"
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1515
+msgid "No realms configured correctly for pkinit support"
+msgstr ""
+"\"pkinit\"-ის მხ�რდ�ჭერისთვის სწ�რ�დ მ�რგებული რე�ლმები �ღმ�ჩენილი �რ��"
+
+#: ../../src/plugins/preauth/spake/groups.c:237
+msgid "No SPAKE preauth groups configured"
+msgstr "SPAKE პრე�ვთენტიკ�ციის ჯგუფები მითითებული �რ��"
+
+#: ../../src/plugins/preauth/spake/groups.c:257
+#, c-format
+msgid "SPAKE challenge group not a permitted group: %s"
+msgstr "SPAKE გ�მ�წვევის ჯგუფი ნებ�დ�რთულ ჯგუფს �რ წ�რმ��დგენს: %s"
+
+#: ../../src/plugins/preauth/spake/spake_kdc.c:533
+msgid "Unknown SPAKE request type"
+msgstr "SPAKE-ის მ�თხ�ვნის უცნ�ბი ტიპი"
+
+#: ../../src/util/support/errors.c:77
+msgid "Kerberos library initialization failure"
+msgstr "Kerberos -ის ბიბლი�თეკის ინიცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../../src/util/support/errors.c:83
+msgid "Error code translation unavailable"
+msgstr "შეცდ�მის კ�დის თ�რგმ�ნი მიუწვდ�მელი�"
+
+#: ../../src/util/support/errors.c:92
+#, c-format
+msgid "error %ld"
+msgstr "შეცდ�მ� %ld"
+
+#: ../../src/util/support/plugins.c:200
+#, c-format
+msgid "unable to find plugin [%s]: %s"
+msgstr "დ�მ�ტების პ�ვნის შეცდ�მ� [%s]: %s"
+
+#: ../../src/util/support/plugins.c:288
+msgid "unknown failure"
+msgstr "უცნ�ბი შეცდ�მ�"
+
+#: ../../src/util/support/plugins.c:291
+#, c-format
+msgid "unable to load plugin [%s]: %s"
+msgstr "დ�მ�ტების ჩ�ტვირთვის შეცდ�მ� [%s]: %s"
+
+#: ../../src/util/support/plugins.c:314
+#, c-format
+msgid "unable to load DLL [%s]"
+msgstr "dll-ის ჩ�ტვირთვის შეცდ�მ� [%s]"
+
+#: ../../src/util/support/plugins.c:330
+#, c-format
+msgid "plugin unavailable: %s"
+msgstr "დ�მ�ტებ� ხელმიუწვდ�მელი�: %s"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:23
+msgid "No @ in SERVICE-NAME name string"
+msgstr "SERVICE-NAME ს�ხელი-სტრიქ�ნში @ �რ �რსებ�ბს"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:24
+msgid "STRING-UID-NAME contains nondigits"
+msgstr "STRING-UID-NAME �რ�ციფრულ მ�ნ�ცემებს შეიც�ვს"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:25
+msgid "UID does not resolve to username"
+msgstr "UID-ი მ�მხმ�რებლის ს�ხელში �რ ით�რგმნებ�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:26
+msgid "Validation error"
+msgstr "შემ�წმების შეცდ�მ�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:27
+msgid "Couldn't allocate gss_buffer_t data"
+msgstr "შეცდ�მ� gss_buffer_t-ის მ�ნ�ცემების გ�მ�ყ�ფის�ს"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:28
+msgid "Message context invalid"
+msgstr "შეტყ�ბინების კ�ნტექსტი �რ�სწ�რი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:29
+msgid "Buffer is the wrong size"
+msgstr "ბუფერს �რ�სწ�რი ზ�მ�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:30
+msgid "Credential usage type is unknown"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების გ�მ�ყენების ტიპი უცნ�ბი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:31
+msgid "Unknown quality of protection specified"
+msgstr "მითითებული� დ�ცვის ხ�რისხი უცნ�ბი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:32
+msgid "Local host name could not be determined"
+msgstr "ლ�კ�ლური ჰ�სტის ს�ხელის დ�დგენ� შეუძლებელი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:33
+msgid "Hostname in SERVICE-NAME string could not be canonicalized"
+msgstr "SERVICE-NAME სტრიქ�ნში ჰ�სტის ს�ხელის კ�ნ�ნიკ�ლიზებ� შეუძლებელი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:34
+msgid "Mechanism is incorrect"
+msgstr "მექ�ნიზმი �რ�სწ�რი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:35
+msgid "Token header is malformed or corrupt"
+msgstr "კ�დის თ�ვს�რთი �რ�სწ�რი �ნ დ�ზი�ნებული�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:36
+msgid "Packet was replayed in wrong direction"
+msgstr "პ�კეტის გ�დ�ცემის მის�მ�რთი �რ�სწ�რი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:37
+msgid "Token is missing data"
+msgstr "კ�დს მ�ნ�ცემები �კლი�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:38
+msgid "Token was reflected"
+msgstr "კ�დი �ირეკლ�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:39
+msgid "Received token ID does not match expected token ID"
+msgstr "მიღებული კ�დის ID მ�ს�ლ�დნელი კ�დის ID-ს �რ ემთხვევ�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:40
+msgid "The given credential's usage does not match the requested usage"
+msgstr ""
+"მითითებული �ვტ�რიზ�ციის დეტ�ლების გ�მ�ყენებ� მ�თხ�ვნილ გ�მ�ყენებ�ს �რ "
+"ემთხვევ�"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:41
+msgid "Storing of acceptor credentials is not supported by the mechanism"
+msgstr ""
+"�ქსეპტ�რის �ვტ�რიზ�ციის დეტ�ლების დ�მ�ხს�ვრებ� მექ�ნიზმის მიერ მხ�რდ�ჭერილი "
+"�რ��"
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:42
+msgid "Storing of non-default credentials is not supported by the mechanism"
+msgstr ""
+"�რ�ნ�გულისხმები �ვტ�რიზ�ციის დეტ�ლების დ�მ�ხს�ვრებ� მექ�ნიზმის მიერ "
+"მხ�რდ�ჭერილი �რ��"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:23
+msgid "Principal in credential cache does not match desired name"
+msgstr ""
+"�ვტ�რიზ�ციის დეტ�ლების ქეშში �რსებული პრინციპ�ლი ს�სურველ ს�ხელს �რ ემთხვევ�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:24
+msgid "No principal in keytab matches desired name"
+msgstr "Keytab-ში �რც ერთი პრინციპ�ლი ს�სურველ ს�ხელს �რ ემთხვევ�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:25
+msgid "Credential cache has no TGT"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშს TGT �რ გ��ჩნი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:26
+msgid "Authenticator has no subkey"
+msgstr "�ვთენტიკ�ტ�რს ქვეგ�ს�ღები �რ გ��ჩნი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:27
+msgid "Context is already fully established"
+msgstr "კ�ნტექსტი უკვე სრულ�დ �წყ�ბილი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:28
+msgid "Unknown signature type in token"
+msgstr "კ�დში �რსებული ხელმ�წერის ტიპი უცნ�ბი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:29
+msgid "Invalid field length in token"
+msgstr "კ�დში ველის �რ�სწ�რი სიგრძე"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:30
+msgid "Attempt to use incomplete security context"
+msgstr "�რ�სრული უს�ფრთხ�ების კ�ნტექსტის გ�მ�ყენების მცდელ�ბ�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:31
+msgid "Bad magic number for krb5_gss_ctx_id_t"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_gss_ctx_id_t-სთვის"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:32
+msgid "Bad magic number for krb5_gss_cred_id_t"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_gss_cred_id_t-სთვის"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:33
+msgid "Bad magic number for krb5_gss_enc_desc"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_gss_enc_desc-სთვის"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:34
+msgid "Sequence number in token is corrupt"
+msgstr "კ�დში მიმდევრ�ბის ნ�მერი �რ�სწ�რი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:35
+msgid "Credential cache is empty"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეში ც�რიელი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:36
+msgid "Acceptor and Initiator share no checksum types"
+msgstr "�ქცეპტ�ნტის დ� ინიცი�ტ�რის ს�კ�ნტრ�ლ� ჯ�მის ტიპები გ�ნსხვ�ვდებ�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:37
+msgid "Requested lucid context version not supported"
+msgstr "მ�თხ�ვნილი lucid-ის კ�ნტექსტის ვერსი� მხ�რდ�უჭერელი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:38
+msgid "PRF input too long"
+msgstr "PRF შეყვ�ნ� ძ�ლი�ნ გრძელი�"
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:39
+msgid "Bad magic number for iakerb_ctx_id_t"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი iakerb_ctx_id_t -სთვის"
+
+#: ../lib/kadm5/chpass_util_strings.c:23
+msgid "while getting policy info."
+msgstr "პ�ლიტიკის ინფ�რმ�ციის მიღების�ს."
+
+#: ../lib/kadm5/chpass_util_strings.c:24
+msgid "while getting principal info."
+msgstr "პრინციპ�ლის ინფ�რმ�ციის მიღების�ს."
+
+#: ../lib/kadm5/chpass_util_strings.c:25
+msgid "New passwords do not match - password not changed.\n"
+msgstr "�ხ�ლი პ�რ�ლები �რ ემთხვევ� - პ�რ�ლი �რ შეცვლილ�.\n"
+
+#: ../lib/kadm5/chpass_util_strings.c:26
+msgid "New password"
+msgstr "�ხ�ლი პ�რ�ლი"
+
+#: ../lib/kadm5/chpass_util_strings.c:27
+msgid "New password (again)"
+msgstr "�ხ�ლი პ�რ�ლი(თ�ვიდ�ნ)"
+
+#: ../lib/kadm5/chpass_util_strings.c:28
+msgid ""
+"You must type a password. Passwords must be at least one character long.\n"
+msgstr ""
+"პ�რ�ლის �კრეფ� �უცილებელი�. პ�რ�ლი მინიმუმ ერთი სიმბ�ლ�ს სიგრძის უნდ� იყ�ს.\n"
+
+#: ../lib/kadm5/chpass_util_strings.c:29
+msgid "yet no policy set!  Contact your system security administrator."
+msgstr ""
+"პ�ლიტიკ� ჯერ დ�ყენებული �რ��!  დ�უკ�ვშირდით თქვენი სისტემის უს�ფრთხ�ების "
+"�დმინისტრ�ტ�რს."
+
+#: ../lib/kadm5/chpass_util_strings.c:31
+msgid ""
+"New password was found in a dictionary of possible passwords and\n"
+"therefore may be easily guessed. Please choose another password.\n"
+"See the kpasswd man page for help in choosing a good password."
+msgstr ""
+"�ხ�ლი პ�რ�ლი შეს�ძლ� პ�რ�ლების ლექსიკ�ნში� �ღმ�ჩენილი დ�\n"
+"�მიტ�მ შეიძლებ� �დვილ�დ გ��რტყ�ნ. �ირჩიეთ სხვ� პ�რ�ლი.\n"
+"კ�რგი პ�რ�ლის შედგენ�ში დ�ს�ხმ�რებლ�დ იხილეთ kpasswd-ის man გვერდი."
+
+#: ../lib/kadm5/chpass_util_strings.c:32
+msgid "Password not changed."
+msgstr "პ�რ�ლი �რ შეცვლილ�."
+
+#: ../lib/kadm5/chpass_util_strings.c:33
+#, c-format
+msgid ""
+"New password is too short.\n"
+"Please choose a password which is at least %d characters long."
+msgstr ""
+"�ხ�ლი პ�რ�ლი მეტისმეტ�დ მ�კლე�.\n"
+"გთხ�ვთ, �ირჩი�თ პ�რ�ლი, რ�მელიც სულ ც�ტ� %d სიმბ�ლ�ს შეიც�ვს."
+
+#: ../lib/kadm5/chpass_util_strings.c:34
+#, c-format
+msgid ""
+"New password does not have enough character classes.\n"
+"The character classes are:\n"
+"\t- lower-case letters,\n"
+"\t- upper-case letters,\n"
+"\t- digits,\n"
+"\t- punctuation, and\n"
+"\t- all other characters (e.g., control characters).\n"
+"Please choose a password with at least %d character classes."
+msgstr ""
+"�ხ�ლ პ�რ�ლს სიმბ�ლ�ს ს�კმ�რისი კლ�სები �რ გ��ჩნი�.\n"
+"სიმბ�ლ�ს კლ�სები�:\n"
+"\t- დ�ბ�ლი რეგისტრის სიმბ�ლ�ები (პ�ტ�რ� �ს�ები),\n"
+"\t- მ�ღ�ლი რეგისტრის სიმბ�ლ�ები (დიდი �ს�ები),\n"
+"\t- ციფრები,\n"
+"\t- პუნქტუ�ციის ნიშნები დ�\n"
+"\t- სხვ� ყველ� სიმბ�ლ� (მ�გ: კ�ნტრ�ლის სიმბ�ლ�ები).\n"
+"შეიყვ�ნეთ პ�რ�ლი, რ�მელიც, ყველ�ზე ც�ტ�, %d სიმბ�ლ�ს კლ�სს შეიც�ვს."
+
+#: ../lib/kadm5/chpass_util_strings.c:35
+#, c-format
+msgid ""
+"Password cannot be changed because it was changed too recently.\n"
+"Please wait until %s before you change it.\n"
+"If you need to change your password before then, contact your system\n"
+"security administrator."
+msgstr ""
+"პ�რ�ლს ვერ შეცვლით, რ�დგ�ნ ის სულ ც�ტ� ხნის წინ შეიცვ�ლ�.\n"
+"მ�ითმინეთ %s-მდე, ს�ნ�მ მისი შეცვლის უფლებ� გექნებ�თ.\n"
+"თუ გჭირდებ�თ, რ�მ პ�რ�ლი მითითებულ თ�რიღ�მდე შეცვ�ლ�თ,\n"
+"თქვენს უს�ფრთხ�ების �დმინისტრ�ტ�რს დ�უკ�ვშირდით."
+
+#: ../lib/kadm5/chpass_util_strings.c:36
+msgid "New password was used previously. Please choose a different password."
+msgstr "�ხ�ლი პ�რ�ლი უკვე იყ� გ�მ�ყენებული. �ირჩიეთ სხვ� პ�რ�ლი."
+
+#: ../lib/kadm5/chpass_util_strings.c:37
+msgid "while trying to change password."
+msgstr "პ�რ�ლის შეცვლის მცდელ�ბის�ს."
+
+#: ../lib/kadm5/chpass_util_strings.c:38
+msgid "while reading new password."
+msgstr "�ხ�ლი პ�რ�ლის წ�კითხვის�ს."
+
+#: ../lib/kadm5/kadm_err.c:23
+msgid "Operation failed for unspecified reason"
+msgstr "�პერ�ცი� მიუთითებელი მიზეზით �ვ�რიულ�დ დ�სრულდ�"
+
+#: ../lib/kadm5/kadm_err.c:24
+msgid "Operation requires ``get'' privilege"
+msgstr "�პერ�ცი�ს \"get\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:25
+msgid "Operation requires ``add'' privilege"
+msgstr "�პერ�ცი�ს \"add\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:26
+msgid "Operation requires ``modify'' privilege"
+msgstr "�პერ�ცი�ს \"modify\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:27
+msgid "Operation requires ``delete'' privilege"
+msgstr "�პერ�ცი�ს \"delete\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:28
+msgid "Insufficient authorization for operation"
+msgstr "�პერ�ციისთვის �რ�ს�კმ�რისი �ვტ�რიზ�ცი�"
+
+#: ../lib/kadm5/kadm_err.c:29 ../lib/kdb/adb_err.c:29
+msgid "Database inconsistency detected"
+msgstr "�ღმ�ჩენილი� ბ�ზის �რ�მდგრ�დ�ბ�"
+
+#: ../lib/kadm5/kadm_err.c:30 ../lib/kdb/adb_err.c:24
+msgid "Principal or policy already exists"
+msgstr "პრინციპ�ლი �ნ პ�ლიტიკ� უკვე �რსებ�ბს"
+
+#: ../lib/kadm5/kadm_err.c:31
+msgid "Communication failure with server"
+msgstr "სერვერთ�ნ ურთიერთ�ბის შეცდ�მ�"
+
+#: ../lib/kadm5/kadm_err.c:32
+msgid "No administration server found for realm"
+msgstr "რე�ლმისთვის �დმინისტრირების სერვერი ვერ ვიპ�ვე"
+
+#: ../lib/kadm5/kadm_err.c:33
+msgid "Password history principal key version mismatch"
+msgstr "პ�რ�ლის ისტ�რიის პრინციპ�ლის გ�ს�ღების ვერსი� �რ ემთხვევ�"
+
+#: ../lib/kadm5/kadm_err.c:34
+msgid "Connection to server not initialized"
+msgstr "სერვერთ�ნ მიერთებ� ინიცი�ლიზებული �რ��"
+
+#: ../lib/kadm5/kadm_err.c:35
+msgid "Principal does not exist"
+msgstr "პრინციპ�ლი �რ �რსებ�ბს"
+
+#: ../lib/kadm5/kadm_err.c:36
+msgid "Policy does not exist"
+msgstr "პ�ლიტიკ� �რ �რსებ�ბს"
+
+#: ../lib/kadm5/kadm_err.c:37
+msgid "Invalid field mask for operation"
+msgstr "ველის ნიღ�ბი �პერ�ციისთვის �რ�სწ�რი�"
+
+#: ../lib/kadm5/kadm_err.c:38
+msgid "Invalid number of character classes"
+msgstr "სიმბ�ლ�ს კლ�სების �რ�სწ�რი რ��დენ�ბ�"
+
+#: ../lib/kadm5/kadm_err.c:39
+msgid "Invalid password length"
+msgstr "�რ�სწ�რი პ�რ�ლის სიგრძე"
+
+#: ../lib/kadm5/kadm_err.c:40
+msgid "Illegal policy name"
+msgstr "პ�ლიტიკის დ�უშვებელი ს�ხელი"
+
+#: ../lib/kadm5/kadm_err.c:41
+msgid "Illegal principal name"
+msgstr "პრინციპ�ლის დ�უშვებელი ს�ხელი"
+
+#: ../lib/kadm5/kadm_err.c:42
+msgid "Invalid auxiliary attributes"
+msgstr "�რ�სწ�რი დ�მხმ�რე �ტრიბუტები"
+
+#: ../lib/kadm5/kadm_err.c:43
+msgid "Invalid password history count"
+msgstr "�რ�სწ�რი პ�რ�ლის ისტ�რიის რ��დენ�ბ�"
+
+#: ../lib/kadm5/kadm_err.c:44
+msgid "Password minimum life is greater than password maximum life"
+msgstr "პ�რ�ლის მინიმ�ლური სიც�ცხლე მ�ქსიმ�ლურ სიც�ცხლეზე დიდი�"
+
+#: ../lib/kadm5/kadm_err.c:45
+msgid "Password is too short"
+msgstr "პ�რ�ლი ძ�ლი�ნ მ�კლე�"
+
+#: ../lib/kadm5/kadm_err.c:46
+msgid "Password does not contain enough character classes"
+msgstr "პ�რ�ლი სიმბ�ლ�ების ს�კმ�რის კლ�სებს �რ შეიც�ვს"
+
+#: ../lib/kadm5/kadm_err.c:47
+msgid "Password is in the password dictionary"
+msgstr "პ�რ�ლი პ�რ�ლების ლექსიკ�ნში�"
+
+#: ../lib/kadm5/kadm_err.c:48
+msgid "Cannot reuse password"
+msgstr "პ�რ�ლს თ�ვიდ�ნ ვერ გ�მ�იყენებთ"
+
+#: ../lib/kadm5/kadm_err.c:49
+msgid "Current password's minimum life has not expired"
+msgstr "მიმდინ�რე პ�რ�ლის სიც�ცხლის მინიმ�ლური ვ�დ� �რ �მ�წურულ�"
+
+#: ../lib/kadm5/kadm_err.c:50 ../lib/krb5/error_tables/kdb5_err.c:67
+msgid "Policy is in use"
+msgstr "პ�ლიტიკ� უკვე გ�მ�იყენებ�"
+
+#: ../lib/kadm5/kadm_err.c:51
+msgid "Connection to server already initialized"
+msgstr "სერვერ�მდე მიერთებ� უკვე ინიცი�ლიზებული�"
+
+#: ../lib/kadm5/kadm_err.c:52
+msgid "Incorrect password"
+msgstr "�რ�სწ�რი პ�რ�ლი"
+
+#: ../lib/kadm5/kadm_err.c:53
+msgid "Cannot change protected principal"
+msgstr "დ�ცული პრინციპ�ლის შეცვლ� შეუძლებელი�"
+
+#: ../lib/kadm5/kadm_err.c:54
+msgid "Programmer error! Bad Admin server handle"
+msgstr "პრ�გრ�მისტის შეცდ�მ�! �დმინისტრირების სერვერის დ�მმუშ�ვებელი �რ�სწ�რი�"
+
+#: ../lib/kadm5/kadm_err.c:55
+msgid "Programmer error! Bad API structure version"
+msgstr "პრ�გრ�მისტის შეცდ�მ�! API-ის სტრუქტურის ვერსი� �რ�სწ�რი�"
+
+#: ../lib/kadm5/kadm_err.c:56
+msgid ""
+"API structure version specified by application is no longer supported (to "
+"fix, recompile application against current KADM5 API header files and "
+"libraries)"
+msgstr ""
+"API-ის სტრუქტურის ვერსი�, რ�მელიც �პლიკ�ცი�ს სჭირდებ�, მხ�რდ�ჭერილი �ღ�რ�� "
+"(პრ�ბლემის გ�მ�ს�სწ�რებლ�დ ს�ჭირ�� �პლიკ�ციის თ�ვიდ�ნ �გებ� მიმდინ�რე KADM5 "
+"API-ის თ�ვს�რთის ფ�ილების� დ� ბიბლი�თეკების გ�მ�ყენებით.)"
+
+#: ../lib/kadm5/kadm_err.c:57
+msgid ""
+"API structure version specified by application is unknown to libraries (to "
+"fix, obtain current KADM5 API header files and libraries and recompile "
+"application)"
+msgstr ""
+"API-ის სტრუქტურის ვერსი�, რ�მელიც �პლიკ�ცი�ს სჭირდებ�, უცნ�ბი� (პრ�ბლემის "
+"გ�მ�ს�სწ�რებლ�დ ს�ჭირ�� �პლიკ�ციის თ�ვიდ�ნ �გებ� მიმდინ�რე KADM5 API-ის "
+"თ�ვს�რთის ფ�ილების� დ� ბიბლი�თეკების გ�მ�ყენებით.)"
+
+#: ../lib/kadm5/kadm_err.c:58
+msgid "Programmer error! Bad API version"
+msgstr "პრ�გრ�მისტის შეცდ�მ�! API-ის ვერსი� �რ�სწ�რი�"
+
+#: ../lib/kadm5/kadm_err.c:59
+msgid ""
+"API version specified by application is no longer supported by libraries (to "
+"fix, update application to adhere to current API version and recompile)"
+msgstr ""
+"API-ის ვერსი�, რ�მელიც �პლიკ�ცი�ს სჭირდებ�, მხ�რდ�ჭერილი �ღ�რ�� (პრ�ბლემის "
+"გ�მ�ს�სწ�რებლ�დ ს�ჭირ�� �პლიკ�ციის თ�ვიდ�ნ �გებ� მიმდინ�რე KADM5 API-ის "
+"თ�ვს�რთის ფ�ილების� დ� ბიბლი�თეკების გ�მ�ყენებით.)"
+
+#: ../lib/kadm5/kadm_err.c:60
+msgid ""
+"API version specified by application is no longer supported by server (to "
+"fix, update application to adhere to current API version and recompile)"
+msgstr ""
+"API-ის ვერსი�, რ�მელიც �პლიკ�ცი�ს სჭირდებ�, სერვერის მიერ მხ�რდ�ჭერილი "
+"�ღ�რ�� (პრ�ბლემის გ�მ�ს�სწ�რებლ�დ �პლიკ�ციის გ�ნ�ხლებ�, რ�მ მიმდინ�რე KADM5 "
+"API-ის თ�ვს�რთის ფ�ილების� დ� ბიბლი�თეკების იყენებდეს დ� �პლიკ�ციის თ�ვიდ�ნ "
+"კ�მპილ�ცი�� ს�ჭირ�)"
+
+#: ../lib/kadm5/kadm_err.c:61
+msgid ""
+"API version specified by application is unknown to libraries (to fix, obtain "
+"current KADM5 API header files and libraries and recompile application)"
+msgstr ""
+"API-ის ვერსი�, რ�მელიც �პლიკ�ცი�ს სჭირდებ�, უცნ�ბი�. (პრ�ბლემის "
+"გ�მ�ს�სწ�რებლ�დ გ�დმ�წერეთ მიმდინ�რე KADM5 API-ის თ�ვს�რთის ფ�ილები დ� "
+"ბიბლი�თეკები დ� �პლიკ�ცი� თ�ვიდ�ნ დ��კ�მპილეთ)"
+
+#: ../lib/kadm5/kadm_err.c:62
+msgid ""
+"API version specified by application is unknown to server (to fix, obtain "
+"and install newest KADM5 Admin Server)"
+msgstr ""
+"API-ს ვერსი�, რ�მელიც �პლიკ�ცი�ს სჭირდებ�, სერვერისთვის უცნ�ბი� (პრ�ბლემის "
+"გ�მ�ს�სწ�რებლ�დ KADM5 �დმინ სერვერის უ�ხლესი ვერსიის დ�ყენებ�� ს�ჭირ�)"
+
+#: ../lib/kadm5/kadm_err.c:63
+msgid "Database error! Required KADM5 principal missing"
+msgstr "ბ�ზის შეცდ�მ�! �უცილებელი KADM5 პრინციპ�ლი �რ �რსებ�ბს"
+
+#: ../lib/kadm5/kadm_err.c:64
+msgid "The salt type of the specified principal does not support renaming"
+msgstr ""
+"მითითებული პრინციპ�ლის მ�რილის ტიპს ს�ხელის გ�დ�რქმევის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/kadm5/kadm_err.c:65
+msgid "Illegal configuration parameter for remote KADM5 client"
+msgstr "�რ�სწ�რი კ�ნფიგურ�ციის პ�რ�მეტრი დ�შ�რებული KADM5 კლიენტისთვის"
+
+#: ../lib/kadm5/kadm_err.c:66
+msgid "Illegal configuration parameter for local KADM5 client"
+msgstr "�რ�სწ�რი კ�ნფიგურ�ციის პ�რ�მეტრი ლ�კ�ლური KADM5 კლიენტისთვის"
+
+#: ../lib/kadm5/kadm_err.c:67
+msgid "Operation requires ``list'' privilege"
+msgstr "�პერ�ცი�ს \"list\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:68
+msgid "Operation requires ``change-password'' privilege"
+msgstr "�პერ�ცი�ს \"change-password\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:69
+msgid "GSS-API (or Kerberos) error"
+msgstr "GSS-API-ის (�ნ Kerberos-ის) შეცდ�მ�"
+
+#: ../lib/kadm5/kadm_err.c:70
+msgid "Programmer error! Illegal tagged data list type"
+msgstr "პრ�გრ�მისტის შეცდ�მ�! ჭდის მქ�ნე მ�ნ�ცემების სიის ტიპი �რ�სწ�რი�"
+
+#: ../lib/kadm5/kadm_err.c:71
+msgid "Required parameters in kdc.conf missing"
+msgstr "შეცდ�მ� kdc.conf-ში ს�ჭირ� პ�რ�მეტრების ძებნის�ს"
+
+#: ../lib/kadm5/kadm_err.c:72
+msgid "Bad krb5 admin server hostname"
+msgstr "Krb5-ის �დმინისტრირების სერვერის �რ�სწ�რი ჰ�სტის ს�ხელი"
+
+#: ../lib/kadm5/kadm_err.c:73
+msgid "Operation requires ``set-key'' privilege"
+msgstr "�პერ�ცი�ს \"set-key\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:74
+msgid "Multiple values for single or folded enctype"
+msgstr "ერთი �ნ დ�კეცილი enctype-ის მრ�ვ�ლი მნიშვნელ�ბ�"
+
+#: ../lib/kadm5/kadm_err.c:75
+msgid "Invalid enctype for setv4key"
+msgstr "Setv4key-ის �რ�სწ�რი enctype"
+
+#: ../lib/kadm5/kadm_err.c:76
+msgid "Mismatched enctypes for setkey3"
+msgstr "Setkey3-თვის შეუთ�ვსებელი enctype-ები"
+
+#: ../lib/kadm5/kadm_err.c:77
+msgid "Missing parameters in krb5.conf required for kadmin client"
+msgstr "Krb5.conf-ში kadmin-ის კლიენტისთვის �უცილებელი პ�რ�მეტრები �რ �რსებ�ბს"
+
+#: ../lib/kadm5/kadm_err.c:78 ../lib/kdb/adb_err.c:30
+msgid "XDR encoding error"
+msgstr "XDR კ�დირების შეცდ�მ�"
+
+#: ../lib/kadm5/kadm_err.c:79
+msgid "Cannot resolve network address for admin server in requested realm"
+msgstr ""
+"მ�თხ�ვნის რე�ლმში �დმინის სერვერისთვის ქსელის მის�მ�რთის �მ�ხსნის შეცდ�მ�"
+
+#: ../lib/kadm5/kadm_err.c:80
+msgid "Unspecified password quality failure"
+msgstr "პ�რ�ლის ხ�რისხის მიუთითებელი შეცდ�მ�"
+
+#: ../lib/kadm5/kadm_err.c:81
+msgid "Invalid key/salt tuples"
+msgstr "�რ�სწ�რი გ�ს�ღები/მ�რილის კ�რტეჟები"
+
+#: ../lib/kadm5/kadm_err.c:82
+msgid "Invalid multiple or duplicate kvnos in setkey operation"
+msgstr "Setkey �პერ�ცი�ში �რ�სწ�რი მრ�ვ�ლი �ნ დუბლირებული �პერ�ცი�� �ღმ�ჩენილი"
+
+#: ../lib/kadm5/kadm_err.c:83
+msgid "Operation requires ``extract-keys'' privilege"
+msgstr "�პერ�ცი�ს \"extract-keys\" პრივილეგი� ეს�ჭირ�ებ�"
+
+#: ../lib/kadm5/kadm_err.c:84
+msgid "Principal keys are locked down"
+msgstr "პრინციპ�ლის გ�ს�ღებები დ�ბლ�კილი�"
+
+#: ../lib/kadm5/kadm_err.c:85
+msgid "Operation requires initial ticket"
+msgstr "�პერ�ცი�ს ს�წყისი გ�ს�ღები ეს�ჭირ�ებ�"
+
+#: ../lib/kdb/adb_err.c:23
+msgid "No Error"
+msgstr "შეცდ�მის გ�რეშე"
+
+#: ../lib/kdb/adb_err.c:25
+msgid "Principal or policy does not exist"
+msgstr "პ�ლიტიკ� �ნ პრინციპ�ლი �რ �რსებ�ბს"
+
+#: ../lib/kdb/adb_err.c:26
+msgid "Database not initialized"
+msgstr "ბ�ზ� ინიცი�ლიზებული �რ��"
+
+#: ../lib/kdb/adb_err.c:27
+msgid "Invalid policy name"
+msgstr "პ�ლიტიკის დ�უშვებელი ს�ხელი"
+
+#: ../lib/kdb/adb_err.c:28
+msgid "Invalid principal name"
+msgstr "პრინციპ�ლის დ�უშვებელი ს�ხელი"
+
+#: ../lib/kdb/adb_err.c:31
+msgid "Failure!"
+msgstr "შეცდ�მ�!"
+
+#: ../lib/kdb/adb_err.c:32
+msgid "Bad lock mode"
+msgstr "დ�ბლ�კვის �რ�სწ�რი რეჟიმი"
+
+#: ../lib/kdb/adb_err.c:33
+msgid "Cannot lock database"
+msgstr "ბ�ზის დ�ბლ�კვ� შეუძლებელი�"
+
+#: ../lib/kdb/adb_err.c:34
+msgid "Database not locked"
+msgstr "ბ�ზ� დ�ბლ�კილი �რ��"
+
+#: ../lib/kdb/adb_err.c:35
+msgid "KADM5 administration database lock file missing"
+msgstr "KADM5 �დმინისტრირების ბ�ზის ბლ�კის ფ�ილი ვერ ვიპ�ვე"
+
+#: ../lib/kdb/adb_err.c:36
+msgid "Insufficient permission to lock file"
+msgstr "თქვენი წვდ�მები ფ�ილის დ�ს�ბლ�კ�დ ს�კმ�რისი �რ��"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:23
+msgid "Plugin does not support interface version"
+msgstr "დ�მ�ტებ�ს ინტერფეისის ვერსიის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:24
+msgid "Invalid module specifier"
+msgstr "მ�დულის �რ�სწ�რი მიმთითებელი"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:25
+msgid "Plugin module name not found"
+msgstr "დ�მ�ტების მ�დულის ს�ხელი ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:26
+msgid "The KDC should discard this request"
+msgstr "KDC-ს უნდ� მ�ეცილებინ� ეს მ�თხ�ვნ�"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:27
+msgid "Can't create new subsidiary cache"
+msgstr "დ�მხმ�რე ქეშის შექმნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:28
+msgid "Invalid keyring anchor name"
+msgstr "�რ�სწ�რი ბრელ�კის ს�მ�გრის ს�ხელი"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:29
+msgid "Unknown keyring collection version"
+msgstr "ბრელ�კის კ�ლექციის უცნ�ბი ვერსი�"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:30
+msgid "Invalid UID in persistent keyring name"
+msgstr "�რ�სწ�რი UID-ი მუდმივი ბრელ�კის ს�ხელში"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:31
+msgid "Malformed reply from KCM daemon"
+msgstr "KCM დემ�ნის �რ�სწ�რ�დ ჩ�მ�ყ�ლიბებული პ�სუხი"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:32
+msgid "Mach RPC error communicating with KCM daemon"
+msgstr "Mac RPC-ის შეცდ�მ� KCM დემ�ნთ�ნ ურთიერთ�ბის�ს"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:33
+msgid "KCM daemon reply too big"
+msgstr "KCM დემ�ნის პ�სუხი ძ�ლი�ნ დიდი�"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:34
+msgid "No KCM server found"
+msgstr "KCM სერვერი ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:35
+msgid "Authorize and set hw-authent ticket flag"
+msgstr "�ვტ�რიზ�ცი� დ� hw-authent ბილეთის �ლმის დ�ყენებ�"
+
+#: ../lib/krb5/error_tables/k5e1_err.c:36
+msgid "Set hw-authent ticket flag but do not authorize"
+msgstr "\"hw-authent\" �ლმის დ�ყენებ�, მ�გრ�მ �ვტ�რიზ�ციის გ�რეშე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:24
+msgid "Client's entry in database has expired"
+msgstr "ბ�ზ�ში კლიენტის ჩ�ნ�წერი ვ�დ�გ�სული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:25
+msgid "Server's entry in database has expired"
+msgstr "ბ�ზ�ში სერვერის ჩ�ნ�წერი ვ�დ�გ�სული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:26
+msgid "Requested protocol version not supported"
+msgstr "მ�თხ�ვნილი პრ�ტ�კ�ლის ვერსი� მხ�რდ�უჭერელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:27
+msgid "Client's key is encrypted in an old master key"
+msgstr "კლიენტის გ�ს�ღები ძველი მთ�ვ�რი გ�ს�ღები�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:28
+msgid "Server's key is encrypted in an old master key"
+msgstr "სერვერის გ�ს�ღები ძველი მთ�ვ�რი გ�ს�ღები�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:29
+msgid "Client not found in Kerberos database"
+msgstr "კლიენტი Kerberos-ის ბ�ზ�ში ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:30
+msgid "Server not found in Kerberos database"
+msgstr "სერვერი Kerberos-ის ბ�ზ�ში ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:31
+msgid "Principal has multiple entries in Kerberos database"
+msgstr "პრინციპ�ლს Kerberos-ის ბ�ზ�ში ერთზე მეტი ჩ�ნ�წერი გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:32
+msgid "Client or server has a null key"
+msgstr "სერვერის �ნ კლიენტის გ�ს�ღები ნულ�ვ�ნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:33
+msgid "Ticket is ineligible for postdating"
+msgstr "ბილეთი მ�რიგი რიცხვით ჩ�წერისთვის შეუფერებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:34
+msgid "Requested effective lifetime is negative or too short"
+msgstr "მ�თხ�ვნილი ეფექტური სიც�ცხლის დრ� უ�რყ�ფითი �ნ მეტისმეტ�დ მ�კლე�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:35
+msgid "KDC policy rejects request"
+msgstr "KDC პ�ლიტიკ� მ�თხ�ვნ�ს უ�რყ�ფს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:36
+msgid "KDC can't fulfill requested option"
+msgstr "KDC მ�თხ�ვნილი პ�რ�მეტრის შევსებ� შეუძლებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:37
+msgid "KDC has no support for encryption type"
+msgstr "KDC -ს დ�შიფვრის ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:38
+msgid "KDC has no support for checksum type"
+msgstr "KDC -ს ს�კ�ნტრ�ლ� ჯ�მის ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:39
+msgid "KDC has no support for padata type"
+msgstr "KDC -ს padata ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:40
+msgid "KDC has no support for transited type"
+msgstr "KDC -ს transited ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:41
+msgid "Client's credentials have been revoked"
+msgstr "კლიენტის �ვტ�რიზ�ციის დეტ�ლები გ�უქმდ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:42
+msgid "Credentials for server have been revoked"
+msgstr "სერვერის �ვტ�რიზ�ციის დეტ�ლები გ�უქმდ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:43
+msgid "TGT has been revoked"
+msgstr "TGT გ�უქმებული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:44
+msgid "Client not yet valid - try again later"
+msgstr "კლიენტი ჯერ �რ�სწ�რი� - მ�გვი�ნებით სც�დეთ"
+
+#: ../lib/krb5/error_tables/krb5_err.c:45
+msgid "Server not yet valid - try again later"
+msgstr "სერვერი ჯერ �რ�სწ�რი� - მ�გვი�ნებით სც�დეთ"
+
+#: ../lib/krb5/error_tables/krb5_err.c:46
+msgid "Password has expired"
+msgstr "პ�რ�ლს ვ�დ� გ�უვიდ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:47
+msgid "Preauthentication failed"
+msgstr "პრე�ვთენტიკ�ციის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:48
+msgid "Additional pre-authentication required"
+msgstr "დ�მ�ტებითი პრე-�ვთენტიკ�ცი� �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:49
+msgid "Requested server and ticket don't match"
+msgstr "მ�თხ�ვნილი სერვერი დ� ბილეთი �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:50
+msgid "Server principal valid for user2user only"
+msgstr "სერვერის პრინციპ�ლი მხ�ლ�დ მ�მხმ�რებლიდ�ნ მ�მხმ�რებლ�მდე� ძ�ლ�ში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:51
+msgid "KDC policy rejects transited path"
+msgstr "KDC-ის პ�ლიტიკ� ტრ�ნზიტულ ბილიკს უ�რყ�ფს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:52
+msgid "A service is not available that is required to process the request"
+msgstr "მ�თხ�ვნის დ�ს�მუშ�ვებლ�დ ს�ჭირ� სერვისი ხელმიუწვდ�მელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:53
+msgid "KRB5 error code 30"
+msgstr "KRB5 შეცდ�მის კ�დი 30"
+
+#: ../lib/krb5/error_tables/krb5_err.c:54
+msgid "Decrypt integrity check failed"
+msgstr "გ�შიფვრის მთლი�ნ�ბის შემ�წმების შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:55
+msgid "Ticket expired"
+msgstr "ბილეთი ვ�დ�გ�სული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:56
+msgid "Ticket not yet valid"
+msgstr "ბილეთი ჯერ �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:57
+msgid "Request is a replay"
+msgstr "პ�სუხის მ�თხ�ვნ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:58
+msgid "The ticket isn't for us"
+msgstr "ბილეტი ჩვენთვის �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:59
+msgid "Ticket/authenticator don't match"
+msgstr "ბილეთი/�ვთენტიკ�ტ�რი �რ ემთხვევი�ნ"
+
+#: ../lib/krb5/error_tables/krb5_err.c:60
+msgid "Clock skew too great"
+msgstr "ს��თის �ცდენ� მეტისმეტ�დ დიდი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:61
+msgid "Incorrect net address"
+msgstr "�რ�სწ�რი ქსელური მის�მ�რთი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:62
+msgid "Protocol version mismatch"
+msgstr "პრ�ტ�კ�ლის ვერსი� �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:63
+msgid "Invalid message type"
+msgstr "შეტყ�ბინების �რ�სწ�რი ტიპი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:64
+msgid "Message stream modified"
+msgstr "შეტყ�ბინების ნ�კ�დი შეიცვ�ლ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:65
+msgid "Message out of order"
+msgstr "შეტყ�ბინებ� რიგს გ�რეთ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:66
+msgid "Illegal cross-realm ticket"
+msgstr "�რ�სწ�რი რე�ლმთშ�რისი ბილეთი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:67
+msgid "Key version is not available"
+msgstr "გ�ს�ღების ვერსი� მიუწვდ�მელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:68
+msgid "Service key not available"
+msgstr "სერვერის გ�ს�ღები ხელმიუწვდ�მელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:69
+#: ../lib/krb5/error_tables/krb5_err.c:181
+msgid "Mutual authentication failed"
+msgstr "�რმხრივი �ვთენტიკ�ციის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:70
+msgid "Incorrect message direction"
+msgstr "შეტყ�ბინების �რ�სწ�რი მიმ�რთულებ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:71
+msgid "Alternative authentication method required"
+msgstr "�ლტერნ�ტიული �ვთენტიკ�ციის მეთ�დი �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:72
+msgid "Incorrect sequence number in message"
+msgstr "მიმდევრ�ბის �რ�სწ�რი რიცხვი შეტყ�ბინებ�ში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:73
+msgid "Inappropriate type of checksum in message"
+msgstr "ს�კ�ნტრ�ლ� ჯ�მის შეუთ�ვსებელი ტიპი შეტყ�ბინებ�ში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:74
+msgid "Policy rejects transited path"
+msgstr "პ�ლიტიკ� ტრ�ნზიტულ ბილიკს უ�რყ�ფს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:75
+msgid "Response too big for UDP, retry with TCP"
+msgstr "პ�სუხი UDP-სთვის ძ�ლი�ნ დიდი�. TCP-ით სც�დეთ"
+
+#: ../lib/krb5/error_tables/krb5_err.c:76
+msgid "KRB5 error code 53"
+msgstr "KRB5 შეცდ�მის კ�დი 53"
+
+#: ../lib/krb5/error_tables/krb5_err.c:77
+msgid "KRB5 error code 54"
+msgstr "KRB5 შეცდ�მის კ�დი 54"
+
+#: ../lib/krb5/error_tables/krb5_err.c:78
+msgid "KRB5 error code 55"
+msgstr "KRB5 შეცდ�მის კ�დი 55"
+
+#: ../lib/krb5/error_tables/krb5_err.c:79
+msgid "KRB5 error code 56"
+msgstr "KRB5 შეცდ�მის კ�დი 56"
+
+#: ../lib/krb5/error_tables/krb5_err.c:80
+msgid "KRB5 error code 57"
+msgstr "KRB5 შეცდ�მის კ�დი 57"
+
+#: ../lib/krb5/error_tables/krb5_err.c:81
+msgid "KRB5 error code 58"
+msgstr "KRB5 შეცდ�მის კ�დი 58"
+
+#: ../lib/krb5/error_tables/krb5_err.c:82
+msgid "KRB5 error code 59"
+msgstr "KRB5 შეცდ�მის კ�დი 59"
+
+#: ../lib/krb5/error_tables/krb5_err.c:83
+msgid "Generic error (see e-text)"
+msgstr "ზ�გ�დი შეცდ�მ� (იხილეთ e-text)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:84
+msgid "Field is too long for this implementation"
+msgstr "�მ გ�ნხ�რციელებისთვის ველი ძ�ლი�ნ გრძელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:85
+msgid "Client not trusted"
+msgstr "კლიენტი ს�ნდ� �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:86
+msgid "KDC not trusted"
+msgstr "KDC ს�ნდ� �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:87
+msgid "Invalid signature"
+msgstr "�რ�სწ�რი ხელმ�წერ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:88
+msgid "Key parameters not accepted"
+msgstr "გ�ს�ღების პ�რ�მეტრები მიუღებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:89
+msgid "Certificate mismatch"
+msgstr "სერტიფიკ�ტები �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:90
+msgid "No ticket granting ticket"
+msgstr "ბილეთის მიმნიჭებელი ბილეთის გ�რეშე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:91
+msgid "Realm not local to KDC"
+msgstr "რე�ლმი KDC-სთვის ლ�კ�ლური �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:92
+msgid "User to user required"
+msgstr "მ�მხმ�რებლისდ�ნ მ�მხმ�რებლ�მდე �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:93
+msgid "Can't verify certificate"
+msgstr "სერტიფიკ�ტის შემ�წმებ� შეუძლებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:94
+msgid "Invalid certificate"
+msgstr "�რ�სწ�რი სერტიფიკ�ტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:95
+msgid "Revoked certificate"
+msgstr "გ�უქმებული სერტიფიკ�ტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:96
+msgid "Revocation status unknown"
+msgstr "გ�უქმების სტ�ტუსი უცნ�ბი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:97
+msgid "Revocation status unavailable"
+msgstr "გ�უქმების სტ�ტუსი მიუწვდ�მელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:98
+msgid "Client name mismatch"
+msgstr "კლიენტის ს�ხელი �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:99
+msgid "KDC name mismatch"
+msgstr "KDC-ის ს�ხელი �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:100
+msgid "Inconsistent key purpose"
+msgstr "გ�ს�ღების დ�ნიშნულებ� �რ�მდგრ�დი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:101
+msgid "Digest in certificate not accepted"
+msgstr "სერტიფიკ�ტის დ�იჯესტი მიუღებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:102
+msgid "Checksum must be included"
+msgstr "ს�კ�ნტრ�ლ� ჯ�მის ქ�ნ� �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:103
+msgid "Digest in signed-data not accepted"
+msgstr "ხელმ�წერილ-მ�ნ�ცემებში გ�მ�ყენებული დ�იჯესტი მიუღებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:104
+msgid "Public key encryption not supported"
+msgstr "ს�ჯ�რ� გ�ს�ღების დ�შიფვრ� მხ�რდ�უჭერელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:105
+msgid "KRB5 error code 82"
+msgstr "KRB5 შეცდ�მის კ�დი 82"
+
+#: ../lib/krb5/error_tables/krb5_err.c:106
+msgid "KRB5 error code 83"
+msgstr "KRB5 შეცდ�მის კ�დი 83"
+
+#: ../lib/krb5/error_tables/krb5_err.c:107
+msgid "KRB5 error code 84"
+msgstr "KRB5 შეცდ�მის კ�დი 84"
+
+#: ../lib/krb5/error_tables/krb5_err.c:108
+msgid "The IAKERB proxy could not find a KDC"
+msgstr "IAKERB პრ�ქსიმ KDC ვერ იპ�ვ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:109
+msgid "The KDC did not respond to the IAKERB proxy"
+msgstr "KDC-მ� IAKERB პრ�ქსის �რ უპ�სუხ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:110
+msgid "KRB5 error code 87"
+msgstr "KRB5 შეცდ�მის კ�დი 87"
+
+#: ../lib/krb5/error_tables/krb5_err.c:111
+msgid "KRB5 error code 88"
+msgstr "KRB5 შეცდ�მის კ�დი 88"
+
+#: ../lib/krb5/error_tables/krb5_err.c:112
+msgid "KRB5 error code 89"
+msgstr "KRB5 შეცდ�მის კ�დი 89"
+
+#: ../lib/krb5/error_tables/krb5_err.c:113
+msgid "Preauthentication expired"
+msgstr "პრე�ვთენტიკ�ცი� ვ�დ�გ�სული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:114
+msgid "More preauthentication data is required"
+msgstr "�უცილებელი� პრე�ვთენტიკ�ციის მ�ნ�ცემები"
+
+#: ../lib/krb5/error_tables/krb5_err.c:115
+msgid "KRB5 error code 92"
+msgstr "KRB5 შეცდ�მის კ�დი 92"
+
+#: ../lib/krb5/error_tables/krb5_err.c:116
+msgid "An unsupported critical FAST option was requested"
+msgstr "მ�თხ�ვნილი� მხ�რდ�უჭერელი კრიტიკული FAST პ�რ�მეტრი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:117
+msgid "KRB5 error code 94"
+msgstr "KRB5 შეცდ�მის კ�დი 94"
+
+#: ../lib/krb5/error_tables/krb5_err.c:118
+msgid "KRB5 error code 95"
+msgstr "KRB5 შეცდ�მის კ�დი 95"
+
+#: ../lib/krb5/error_tables/krb5_err.c:119
+msgid "KRB5 error code 96"
+msgstr "KRB5 შეცდ�მის კ�დი 96"
+
+#: ../lib/krb5/error_tables/krb5_err.c:120
+msgid "KRB5 error code 97"
+msgstr "KRB5 შეცდ�მის კ�დი 97"
+
+#: ../lib/krb5/error_tables/krb5_err.c:121
+msgid "KRB5 error code 98"
+msgstr "KRB5 შეცდ�მის კ�დი 98"
+
+#: ../lib/krb5/error_tables/krb5_err.c:122
+msgid "KRB5 error code 99"
+msgstr "KRB5 შეცდ�მის კ�დი 99"
+
+#: ../lib/krb5/error_tables/krb5_err.c:123
+msgid "No acceptable KDF offered"
+msgstr "დ�მ�კმ�ყ�ფილებელი KDF შემ�თ�ვ�ზებული �რ ყ�ფილ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:124
+msgid "KRB5 error code 101"
+msgstr "KRB5 შეცდ�მის კ�დი 101"
+
+#: ../lib/krb5/error_tables/krb5_err.c:125
+msgid "KRB5 error code 102"
+msgstr "KRB5 შეცდ�მის კ�დი 102"
+
+#: ../lib/krb5/error_tables/krb5_err.c:126
+msgid "KRB5 error code 103"
+msgstr "KRB5 შეცდ�მის კ�დი 103"
+
+#: ../lib/krb5/error_tables/krb5_err.c:127
+msgid "KRB5 error code 104"
+msgstr "KRB5 შეცდ�მის კ�დი 104"
+
+#: ../lib/krb5/error_tables/krb5_err.c:128
+msgid "KRB5 error code 105"
+msgstr "KRB5 შეცდ�მის კ�დი 105"
+
+#: ../lib/krb5/error_tables/krb5_err.c:129
+msgid "KRB5 error code 106"
+msgstr "KRB5 შეცდ�მის კ�დი 106"
+
+#: ../lib/krb5/error_tables/krb5_err.c:130
+msgid "KRB5 error code 107"
+msgstr "KRB5 შეცდ�მის კ�დი 107"
+
+#: ../lib/krb5/error_tables/krb5_err.c:131
+msgid "KRB5 error code 108"
+msgstr "KRB5 შეცდ�მის კ�დი 108"
+
+#: ../lib/krb5/error_tables/krb5_err.c:132
+msgid "KRB5 error code 109"
+msgstr "KRB5 შეცდ�მის კ�დი 109"
+
+#: ../lib/krb5/error_tables/krb5_err.c:133
+msgid "KRB5 error code 110"
+msgstr "KRB5 შეცდ�მის კ�დი 110"
+
+#: ../lib/krb5/error_tables/krb5_err.c:134
+msgid "KRB5 error code 111"
+msgstr "KRB5 შეცდ�მის კ�დი 111"
+
+#: ../lib/krb5/error_tables/krb5_err.c:135
+msgid "KRB5 error code 112"
+msgstr "KRB5 შეცდ�მის კ�დი 112"
+
+#: ../lib/krb5/error_tables/krb5_err.c:136
+msgid "KRB5 error code 113"
+msgstr "KRB5 შეცდ�მის კ�დი 113"
+
+#: ../lib/krb5/error_tables/krb5_err.c:137
+msgid "KRB5 error code 114"
+msgstr "KRB5 შეცდ�მის კ�დი 114"
+
+#: ../lib/krb5/error_tables/krb5_err.c:138
+msgid "KRB5 error code 115"
+msgstr "KRB5 შეცდ�მის კ�დი 115"
+
+#: ../lib/krb5/error_tables/krb5_err.c:139
+msgid "KRB5 error code 116"
+msgstr "KRB5 შეცდ�მის კ�დი 116"
+
+#: ../lib/krb5/error_tables/krb5_err.c:140
+msgid "KRB5 error code 117"
+msgstr "KRB5 შეცდ�მის კ�დი 117"
+
+#: ../lib/krb5/error_tables/krb5_err.c:141
+msgid "KRB5 error code 118"
+msgstr "KRB5 შეცდ�მის კ�დი 118"
+
+#: ../lib/krb5/error_tables/krb5_err.c:142
+msgid "KRB5 error code 119"
+msgstr "KRB5 შეცდ�მის კ�დი 119"
+
+#: ../lib/krb5/error_tables/krb5_err.c:143
+msgid "KRB5 error code 120"
+msgstr "KRB5 შეცდ�მის კ�დი 120"
+
+#: ../lib/krb5/error_tables/krb5_err.c:144
+msgid "KRB5 error code 121"
+msgstr "KRB5 შეცდ�მის კ�დი 121"
+
+#: ../lib/krb5/error_tables/krb5_err.c:145
+msgid "KRB5 error code 122"
+msgstr "KRB5 შეცდ�მის კ�დი 122"
+
+#: ../lib/krb5/error_tables/krb5_err.c:146
+msgid "KRB5 error code 123"
+msgstr "KRB5 შეცდ�მის კ�დი 123"
+
+#: ../lib/krb5/error_tables/krb5_err.c:147
+msgid "KRB5 error code 124"
+msgstr "KRB5 შეცდ�მის კ�დი 124"
+
+#: ../lib/krb5/error_tables/krb5_err.c:148
+msgid "KRB5 error code 125"
+msgstr "KRB5 შეცდ�მის კ�დი 125"
+
+#: ../lib/krb5/error_tables/krb5_err.c:149
+msgid "KRB5 error code 126"
+msgstr "KRB5 შეცდ�მის კ�დი 126"
+
+#: ../lib/krb5/error_tables/krb5_err.c:150
+msgid "KRB5 error code 127"
+msgstr "KRB5 შეცდ�მის კ�დი 127"
+
+#: ../lib/krb5/error_tables/krb5_err.c:151
+#: ../lib/krb5/error_tables/kdb5_err.c:23
+msgid "$Id$"
+msgstr "$Id$"
+
+#: ../lib/krb5/error_tables/krb5_err.c:152
+msgid "Invalid flag for file lock mode"
+msgstr "ფ�ილის დ�ბლ�კვის რეჟიმის �რ�სწ�რი �ლ�მი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:153
+msgid "Cannot read password"
+msgstr "პ�რ�ლის წ�კითხვის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:154
+msgid "Password mismatch"
+msgstr "პ�რ�ლი �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:155
+msgid "Password read interrupted"
+msgstr "პ�რ�ლის წ�კითხვ� შეწყვეტილი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:156
+msgid "Illegal character in component name"
+msgstr "კ�მპ�ნენტის ს�ხელი დ�უშვებელ სიმბ�ლ�ს შეიც�ვს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:157
+msgid "Malformed representation of principal"
+msgstr "პრინციპ�ლის წ�რმ�დგენ� �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:158
+msgid "Can't open/find Kerberos configuration file"
+msgstr "Kernberos-ის კ�ნფიგურ�ციის ფ�ილის გ�ხსნის/პ�ვნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:159
+msgid "Improper format of Kerberos configuration file"
+msgstr "Kerberos-ის კ�ნფიგურ�ციის ფ�ილის �რ�სწ�რი ფ�რმ�ტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:160
+msgid "Insufficient space to return complete information"
+msgstr "სრული ინფ�რმ�ციის დ�ს�ბრუნებლ�დ �დგილი ს�კმ�რისი �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:161
+msgid "Invalid message type specified for encoding"
+msgstr "კ�დირებისთვის მითითებული შეტყ�ბინების ტიპი �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:162
+msgid "Credential cache name malformed"
+msgstr "�რ�სწ�რ�დ ფ�რმირებული �ვტ�რიზ�ციის დეტ�ლების ქეშის ს�ხელი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:163
+msgid "Unknown credential cache type"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის �რ�სწ�რი ტიპი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:164
+msgid "Matching credential not found"
+msgstr "შეს�ბ�მისი �ვტ�რიზ�ციის დეტ�ლები ნ�პ�ვნი �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:165
+msgid "End of credential cache reached"
+msgstr "მივ�ღწიეთ �ვტ�რიზ�ციის დეტ�ლების ქეშის ბ�ლ�ს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:166
+msgid "Request did not supply a ticket"
+msgstr "მ�თხ�ვნ�ს ბილეთი �რ მ�უწ�დები�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:167
+msgid "Wrong principal in request"
+msgstr "მ�თხ�ვნ�ში მითითებული პრინციპ�ლი �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:168
+msgid "Ticket has invalid flag set"
+msgstr "ბილეთზე დ�ყენებული �ლმები �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:169
+msgid "Requested principal and ticket don't match"
+msgstr "მ�თხ�ვნილი პრინციპ�ლი დ� ბილეთი �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:170
+msgid "KDC reply did not match expectations"
+msgstr "KDC-ის პ�სუხი მ�ს�ლ�დნელს �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:171
+msgid "Clock skew too great in KDC reply"
+msgstr "KDC-ის პ�სუხისთვის ს��თის �ცდენ� მეტისმეტ�დ დიდი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:172
+msgid "Client/server realm mismatch in initial ticket request"
+msgstr ""
+"ბილეთის ს�წყის მ�თხ�ვნ�ში კლიენტის� დ� სერვერის რე�ლმები ერთმ�ნეთს �რ "
+"ემთხვევ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:173
+msgid "Program lacks support for encryption type"
+msgstr "პრ�გრ�მ�ს დ�შიფვრის ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:174
+msgid "Program lacks support for key type"
+msgstr "პრ�გრ�მ�ს გ�ს�ღების ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:175
+msgid "Requested encryption type not used in message"
+msgstr "შეტყ�ბინებ�ში მ�თხ�ვნილი დ�შიფვრის ტიპი �რ გ�მ�იყენებ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:176
+msgid "Program lacks support for checksum type"
+msgstr "პრ�გრ�მ�ს ს�კ�ნტრ�ლ� ჯ�მის ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:177
+msgid "Cannot find KDC for requested realm"
+msgstr "მ�თხ�ვნილი რე�ლმისთვის KDC ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:178
+msgid "Kerberos service unknown"
+msgstr "Kerberos -ის უცნ�ბი სერვისი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:179
+msgid "Cannot contact any KDC for requested realm"
+msgstr "მ�თხ�ვნილი რე�ლმისთვის ვერც ერთ KDC-ს ვერ დ�ვუკ�ვშირდი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:180
+msgid "No local name found for principal name"
+msgstr "პრინციპ�ლის ს�ხელისთვის ლ�კ�ლური ს�ხელი ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:182
+msgid "Replay cache type is already registered"
+msgstr "ს�პ�სუხ� ქეშის ტიპი უკვე რეგისტრირებული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:183
+msgid "No more memory to allocate (in replay cache code)"
+msgstr "გ�მ�ს�ყ�ფი მეხსიერებ� �რ �რსებ�ბს (პ�სუხის ქეშის კ�დში)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:184
+msgid "Replay cache type is unknown"
+msgstr "პ�სუხის ქეშის ტიპი უცნ�ბი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:185
+msgid "Generic unknown RC error"
+msgstr "ზ�გ�დი უცნ�ბი RC შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:186
+msgid "Message is a replay"
+msgstr "შეტყ�ბინებ� პ�სუხი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:187
+msgid "Replay cache I/O operation failed"
+msgstr "პ�სუხის ქეშთ�ნ მიმ�ცვლის �პერ�ციის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:188
+msgid "Replay cache type does not support non-volatile storage"
+msgstr "პ�სუხის ქეშის ტიპს �რ��ქრ�ლ�დი ს�ც�ვის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:189
+msgid "Replay cache name parse/format error"
+msgstr "პ�სუხის ქეშის ს�ხელის დ�მუშ�ვების/ფ�რმ�ტის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:190
+msgid "End-of-file on replay cache I/O"
+msgstr "ფ�ილის-ბ�ლ� პ�სუხის ქეშთ�ნ მიმ�ცვლის�ს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:191
+msgid "No more memory to allocate (in replay cache I/O code)"
+msgstr "გ�მ�ს�ყ�ფი მეხსიერებ� �რ �რსებ�ბს (პ�სუხის ქეშთ�ნ მიმ�ცვლის კ�დში)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:192
+msgid "Permission denied in replay cache code"
+msgstr "პ�სუხის ქეშის კ�დის წვდ�მ� �კრძ�ლული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:193
+msgid "I/O error in replay cache i/o code"
+msgstr "მიმ�ცვლის შეცდ�მ� პ�სუხის ქეშის მიმ�ცვლის კ�დში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:194
+msgid "Generic unknown RC/IO error"
+msgstr "ზ�გ�დი უცნ�ბი RC/IO შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:195
+msgid "Insufficient system space to store replay information"
+msgstr "პ�სუხის ინფ�რმ�ციის დ�ს�მ�ხს�ვრებლ�დ სისტემური �დგილი ს�კმ�რისი �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:196
+msgid "Can't open/find realm translation file"
+msgstr "რე�ლმის თ�რგმნის ფ�ილის გ�ხსნის/პ�ვნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:197
+msgid "Improper format of realm translation file"
+msgstr "რე�ლმის თ�რგმ�ნის ფ�ილის �რ�სწ�რი ფ�რმ�ტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:198
+msgid "Can't open/find lname translation database"
+msgstr "Lname-ის თ�რგმ�ნის ბ�ზის პ�ვნის/გ�ხსნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:199
+msgid "No translation available for requested principal"
+msgstr "მ�თხ�ვნილი პრინციპ�ლისთვის თ�რგმ�ნი �რ �რსებ�ბს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:200
+msgid "Improper format of translation database entry"
+msgstr "თ�რგმ�ნის ბ�ზის ჩ�ნ�წერის �რ�სწ�რი ფ�რმ�ტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:201
+msgid "Cryptosystem internal error"
+msgstr "კრიპტ�სისტემის შიდ� შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:202
+msgid "Key table name malformed"
+msgstr "გ�ს�ღების ცხრილის ს�ხელი �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:203
+msgid "Unknown Key table type"
+msgstr "გ�ს�ღების ცხრილის უცნ�ბი ტიპი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:204
+msgid "Key table entry not found"
+msgstr "გ�ს�ღების ცხრილის ჩ�ნ�წერი ვერ ვპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:205
+msgid "End of key table reached"
+msgstr "მიღწეული� გ�ს�ღების ცხრილის ბ�ლ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:206
+msgid "Cannot write to specified key table"
+msgstr "მითითებული გ�ს�ღების ცხრილში ჩ�წერის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:207
+msgid "Error writing to key table"
+msgstr "გ�ს�ღებების ცხრილში ჩ�წერის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:208
+msgid "Cannot find ticket for requested realm"
+msgstr "მ�თხ�ვნილი რე�ლმისთვის ბილეთის პ�ვნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:209
+msgid "DES key has bad parity"
+msgstr "DES გ�ს�ღებსი �რ�სწ�რი პ�რიტეტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:210
+msgid "DES key is a weak key"
+msgstr "DES გ�ს�ღები სუსტი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:211
+msgid "Bad encryption type"
+msgstr "�რ�სწ�რი დ�შიფვრის ტიპი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:212
+msgid "Key size is incompatible with encryption type"
+msgstr "გ�ს�ღების ზ�მ� დ�შიფვრის ტიპთ�ნ შეუთ�ვსებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:213
+msgid "Message size is incompatible with encryption type"
+msgstr "შეტყ�ბინების ზ�მ� დ�შიფვრის ტიპთ�ნ შეუთ�ვსებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:214
+msgid "Credentials cache type is already registered."
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის ტიპი უკვე რეგისტრირებული�."
+
+#: ../lib/krb5/error_tables/krb5_err.c:215
+msgid "Key table type is already registered."
+msgstr "გ�ს�ღებების ცხრილის ტიპი უკვე რეგისტრირებული�."
+
+#: ../lib/krb5/error_tables/krb5_err.c:216
+msgid "Credentials cache I/O operation failed"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშთ�ნ მიმ�ცვლის �პერ�ციის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:217
+msgid "Credentials cache permissions incorrect"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის წვდ�მები �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:218
+msgid "No credentials cache found"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეში �რ �რსებ�ბს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:219
+msgid "Internal credentials cache error"
+msgstr "შიდ� �ვტ�რიზ�ციის დეტ�ლების ქეშის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:220
+msgid "Error writing to credentials cache"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშში ჩ�წერის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:221
+msgid "No more memory to allocate (in credentials cache code)"
+msgstr "გ�მ�ს�ყ�ფი მეხსიერებ� �ღ�რ დ�რჩ� (�ვტ�რიზ�ციის დეტ�ლების ქეშის კ�დში)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:222
+msgid "Bad format in credentials cache"
+msgstr "�რ�სწ�რი ფ�რმ�ტი �ვტ�რიზ�ციის დეტ�ლების ქეშში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:223
+msgid "No credentials found with supported encryption types"
+msgstr "მხ�რდ�ჭერილი დ�შიფვრის ტიპების მქ�ნე �ვტ�რიზ�ციის დეტ�ლები ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:224
+msgid "Invalid KDC option combination (library internal error)"
+msgstr "KDC-ის პ�რ�მეტრების �რ�სწ�რი კ�მბინ�ცი� (ბიბლი�თეკის შიდ� შეცდ�მ�)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:225
+msgid "Request missing second ticket"
+msgstr "მ�თხ�ვნ�ს მე�რე ბილეთი �კლი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:226
+msgid "No credentials supplied to library routine"
+msgstr "ბიბლი�თეკის ქვეპრ�გრ�მისთვის �ვტ�რიზ�ციის დეტ�ლები მიწ�დებული �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:227
+msgid "Bad sendauth version was sent"
+msgstr "გ�გზ�ვნილი sendauth ვერსი� �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:228
+msgid "Bad application version was sent (via sendauth)"
+msgstr "�პლიკ�ციის გ�გზ�ვნილი ვერსი� �რ�სწ�რი� (sendauth-ით)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:229
+msgid "Bad response (during sendauth exchange)"
+msgstr "�რ�სწ�რი პ�სუხი (sendauth-ით გ�ცვლის�ს)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:230
+msgid "Server rejected authentication (during sendauth exchange)"
+msgstr "სერვერმ� �ვტ�რიზ�ცი� უ�რყ� (sendauth-ით გ�ცვლის�ს)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:231
+msgid "Unsupported preauthentication type"
+msgstr "პრე�ვთენტიკ�ციის მხ�რდ�უჭერელი ტიპი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:232
+msgid "Required preauthentication key not supplied"
+msgstr "პრე�ვთენტიკ�ცის გ�ს�ღების მიწ�დებ� �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:233
+msgid "Generic preauthentication failure"
+msgstr "პრე�ვთენტიკ�ციის ზ�გ�დი შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:234
+msgid "Unsupported replay cache format version number"
+msgstr "პ�სუხის ქეშის ფ�რმ�ტის ვერსიის ნ�მერი მხ�რდ�უჭერელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:235
+msgid "Unsupported credentials cache format version number"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების ქეშის ფ�რმ�ტის ვერსიის �რ�სწ�რი ნ�მერი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:236
+msgid "Unsupported key table format version number"
+msgstr "გ�ს�ღებების ცხრილის ფ�რმ�ტის ვერსიის �რ�სწ�რი ნ�მერი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:237
+msgid "Program lacks support for address type"
+msgstr "პრ�გრ�მ�ს მის�მ�რთის ტიპის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:238
+msgid "Message replay detection requires rcache parameter"
+msgstr "შეტყ�ბინებ�ზე პ�სუხის �ღმ�ჩენ�ს rcache პ�რ�მეტრი სჭირდებ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:239
+msgid "Hostname cannot be canonicalized"
+msgstr "ჰ�სტის ს�ხელის კ�ნ�ნიკ�ლიზებ� სეუძლებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:240
+msgid "Cannot determine realm for host"
+msgstr "ჰ�სტისთვის რე�ლმის დ�დგენის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:241
+msgid "Conversion to service principal undefined for name type"
+msgstr "სერვისის პრინციპ�ლზე გ�რდ�ქმნ� ს�ხელის ტიისთვის შეუძლებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:242
+msgid "Initial Ticket response appears to be Version 4 error"
+msgstr "ს�წყისი ბილეთის პ�სუხი მე�თხე ვერსიის შეცდ�მ�ს წ��გ�ვს"
+
+#: ../lib/krb5/error_tables/krb5_err.c:243
+msgid "Cannot resolve network address for KDC in requested realm"
+msgstr "მ�თხ�ვნილ რე�ლმში KDC-ის ქსელური მის�მ�რთის �მ�ხსნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:244
+msgid "Requesting ticket can't get forwardable tickets"
+msgstr "მ�მთხ�ვნი ბილეთები გ�დ�მის�მ�რთებ�დი ბილეთები ვერ იქნებ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:245
+msgid "Bad principal name while trying to forward credentials"
+msgstr "�ვტ�რიზ�ციის დეტ�ლების გ�დ�გზ�ვნის�ს პრინციპ�ლის ს�ხელი �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:246
+msgid "Looping detected inside krb5_get_in_tkt"
+msgstr "Krb5_get_in_tkt_ის შიგნით მ�რყუჟი ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:247
+msgid "Configuration file does not specify default realm"
+msgstr "კ�ნფიგურ�ციის ფ�ილში ნ�გულისხმები რე�ლმი მითითებული �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:248
+msgid "Bad SAM flags in obtain_sam_padata"
+msgstr "�რ�სწ�რი SAM �ლმები obtain_sam_padata-ში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:249
+msgid "Invalid encryption type in SAM challenge"
+msgstr "�რ�სწ�რი დ�შიფვრის ტიპი SAM გ�მ�წვევ�ში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:250
+msgid "Missing checksum in SAM challenge"
+msgstr "SAM გ�მ�წვევ�ში ს�კ�ნტრ�ლ� ჯ�მი ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:251
+msgid "Bad checksum in SAM challenge"
+msgstr "�რ�სწ�რი ს�კ�ნტრ�ლ� ჯ�მი SAM გ�მ�წვევ�ში"
+
+#: ../lib/krb5/error_tables/krb5_err.c:252
+msgid "Keytab name too long"
+msgstr "Keytab -ის ს�ხელი ძ�ლი�ნ გრძელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:253
+msgid "Key version number for principal in key table is incorrect"
+msgstr "პრინციპ�ლისთვის გ�ს�ღებების ცხრილში გ�ს�ღების ვერსიის ნ�მერი �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:254
+msgid "This application has expired"
+msgstr "ეს �პლიკ�ცი� ვ�დ�გ�სული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:255
+msgid "This Krb5 library has expired"
+msgstr "ეს Krb5 ბიბლი�თეკ� ვ�დ�გ�სული�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:256
+msgid "New password cannot be zero length"
+msgstr "�ხ�ლი პ�რ�ლი ნულ�ვ�ნი სიგრძის ვერ იქნებ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:258
+msgid "Bad format in keytab"
+msgstr "Keytab-ის �რ�სწ�რი ფ�რმ�ტი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:259
+msgid "Encryption type not permitted"
+msgstr "დ�შიფვრის ტიპი დ�უშვებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:260
+msgid "No supported encryption types (config file error?)"
+msgstr "მხ�რდ�ჭერილი დ�შიფვრის ტიპების გ�რეშე (კ�ნფიგურ�ციის ფ�ილის შეცდ�მ�?)"
+
+#: ../lib/krb5/error_tables/krb5_err.c:261
+msgid "Program called an obsolete, deleted function"
+msgstr "პრ�გრ�მ�მ მ�ძველებული, წ�შლილი ფუნქცი� გ�მ�იძ�ხ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:262
+msgid "unknown getaddrinfo failure"
+msgstr "getaddrinfo-ის უცნ�ბი შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:263
+msgid "no data available for host/domain name"
+msgstr "ჰ�სტის/დ�მენის ს�ხელისთვის მ�ნ�ცემები ხელმიუწვდ�მელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:264
+msgid "host/domain name not found"
+msgstr "ჰ�სტის/დ�მენის ს�ხელი ვერ ვიპ�ვე"
+
+#: ../lib/krb5/error_tables/krb5_err.c:265
+msgid "service name unknown"
+msgstr "სერვისის ს�ხელი უცნ�ბი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:266
+msgid "Cannot determine realm for numeric host address"
+msgstr "რიცხვითი ჰ�სტის მის�მ�რთისთვის რე�ლმის გ�ნს�ზღვრის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:267
+msgid "Invalid key generation parameters from KDC"
+msgstr "KDC-დ�ნ მიღებული გ�ს�ღების გენერ�ციის პ�რ�მეტრები �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:268
+msgid "service not available"
+msgstr "სერვისი ხელმიუწვდ�მელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:269
+msgid "Ccache function not supported: read-only ccache type"
+msgstr ""
+"Ccache-ის ფუნქცი� გ�ნხ�რციელებული �რ��: ccache-ის ტიპი მხ�ლ�დ წ�კითხვ�დი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:270
+msgid "Ccache function not supported: not implemented"
+msgstr "Ccache-ის ფუნქცი� გ�ნხ�რციელებული �რ��: გ�ნხ�რციელებული �რ��"
+
+#: ../lib/krb5/error_tables/krb5_err.c:271
+msgid "Invalid format of Kerberos lifetime or clock skew string"
+msgstr ""
+"Kerberos-ის სიც�ცხლის დრ�ის �რ�სწ�რი ფ�რმ�ტი �ნ დრ�ის �ცდენ� მეტისმეტ�დ დიდი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:272
+msgid "Supplied data not handled by this plugin"
+msgstr "მ�წ�დებული მ�ნ�ცემები �მ დ�მ�ტების მიერ �რ მუშ�ვდებ�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:273
+msgid "Plugin does not support the operation"
+msgstr "დ�მ�ტებ�ს �მ �პერ�ციის მხ�რდ�ჭერ� �რ გ��ჩნი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:274
+msgid "Invalid UTF-8 string"
+msgstr "�რ�სწ�რი UTF-8 სტრიქ�ნი"
+
+#: ../lib/krb5/error_tables/krb5_err.c:275
+msgid "FAST protected pre-authentication required but not supported by KDC"
+msgstr ""
+"FAST-ით დ�ცული პრე-�ვთენტიკ�ცი� �უცილებელი�, მ�გრ�მ მხ�რდ�უჭერელი� KDC-ის "
+"მიერ"
+
+#: ../lib/krb5/error_tables/krb5_err.c:276
+msgid "Auth context must contain local address"
+msgstr "�ვთენტიკ�ციის კ�ნტექსტისთვის ლ�კ�ლური მის�მ�რთი �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:277
+msgid "Auth context must contain remote address"
+msgstr "�ვთენტიკ�ციის კ�ნტექსტისთვის დ�შ�რებული მის�მ�რთი �უცილებელი�"
+
+#: ../lib/krb5/error_tables/krb5_err.c:278
+msgid "Tracing unsupported"
+msgstr "ტრეისინგი მხ�რდ�უჭერელი�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:24
+msgid "Entry already exists in database"
+msgstr "ჩ�ნ�წერის ბ�ზ�ში უფრ� �რსებ�ბს"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:25
+msgid "Database store error"
+msgstr "ბ�ზის შენ�ხვის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:26
+msgid "Database read error"
+msgstr "ბ�ზის წ�კითხვის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:27
+msgid "Insufficient access to perform requested operation"
+msgstr "�რ�ს�კმ�რისი წვდ�მები მ�თხ�ვნილი ქმედების გ�ნს�ხ�რციელებლ�დ"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:28
+msgid "No such entry in the database"
+msgstr "ბ�ზ�ში �სეთი ჩ�ნ�წერი �რ �რსებ�ბს"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:29
+msgid "Illegal use of wildcard"
+msgstr "ვ�ილდ კ�რდის �რ�სწ�რი გ�მ�ყენებ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:30
+msgid "Database is locked or in use--try again later"
+msgstr "ბ�ზ� დ�ბლ�კილი� �ნ გ�მ�იყენებ�--მ�გვი�ნებით სც�დეთ"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:31
+msgid "Database was modified during read"
+msgstr "ბ�ზ� წ�კითხვის�ს შეიცვ�ლ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:32
+msgid "Database record is incomplete or corrupted"
+msgstr "ბ�ზის ჩ�ნ�წერი დ�უსრულებელი �ნ დ�ზი�ნებული�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:33
+msgid "Attempt to lock database twice"
+msgstr "ბ�ზის �რჯერ დ�ბლ�კვის მცდელ�ბ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:34
+msgid "Attempt to unlock database when not locked"
+msgstr "ბ�ზის, რ�მელიც დ�ბლ�კილი �რ��, გ�ნბლ�კვის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:35
+msgid "Invalid kdb lock mode"
+msgstr "KDB-ის ბლ�კირებს �რ�სწ�რი რეჟიმი"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:36
+msgid "Database has not been initialized"
+msgstr "ბ�ზ� ინიცი�ლიზებული �რ��"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:37
+msgid "Database has already been initialized"
+msgstr "ბ�ზ� უკვე ინიცი�ლიზებული�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:38
+msgid "Bad direction for converting keys"
+msgstr "გ�ს�ღებების გ�რდ�ქმნის �რ�სწ�რი მიმ�რთულებ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:39
+msgid "Cannot find master key record in database"
+msgstr "ბ�ზ�ში მთ�ვ�რი გ�ს�ღების ჩ�ნ�წერის პ�ვნ� შეუძლებელი�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:40
+msgid "Master key does not match database"
+msgstr "მთ�ვ�რი გ�ს�ღები ბ�ზ�ს �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:41
+msgid "Key size in database is invalid"
+msgstr "ბ�ზ�ში ჩ�წერილი გ�ს�ღების ზ�მ� �რ�სწ�რი�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:42
+msgid "Cannot find/read stored master key"
+msgstr "დ�მ�ხს�ვრებული მთ�ვ�რი გ�ს�ღების პ�ვნის/წ�კითხვის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:43
+msgid "Stored master key is corrupted"
+msgstr "დ�მ�ხს�ვრებული მთ�ვ�რი გ�ს�ღები დ�ზი�ნებული�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:44
+msgid "Cannot find active master key"
+msgstr "�ქტიური მთ�ვ�რი გ�ს�ღების პ�ვნ� შეუძლებელი�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:45
+msgid "KVNO of new master key does not match expected value"
+msgstr "�ხ�ლი მთ�ვ�რი გ�ს�ღების KVNO მ�ს�ლ�დნელ მნიშვნელ�ბ�ს �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:46
+msgid "Stored master key is not current"
+msgstr "დ�მ�ხს�ვერებული მთ�ვ�რი გ�ს�ღები მიმდინ�რე �რ��"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:47
+msgid "Insufficient access to lock database"
+msgstr "�რ�ს�კმ�რისი წვდ�მები ბ�ზის დ�ს�ბლ�კ�დ"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:48
+msgid "Database format error"
+msgstr "ბ�ზის ფ�რმ�ტის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:49
+msgid "Unsupported version in database entry"
+msgstr "ბ�ზის ჩ�ნ�წერის მხ�რდ�უჭერელი ვერსი�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:50
+msgid "Unsupported salt type"
+msgstr "მ�რილის მხ�რდ�უჭერელი ტიპი"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:51
+msgid "Unsupported encryption type"
+msgstr "დ�შიფვრის მხ�რდ�უჭერელი ტიპი"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:52
+msgid "Bad database creation flags"
+msgstr "ბ�ზის შექმნის �რ�სწ�რი �ლმები"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:53
+msgid "No matching key in entry having a permitted enctype"
+msgstr "ჩ�ნ�წერში დ�შვებული enctype-ის მქ�ნე გ�სრები �რ �რსებ�ბს"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:54
+msgid "No matching key in entry"
+msgstr "ჩ�ნ�წერში შეს�ბ�მისი გ�ს�ღები �რ �რსებ�ბს"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:56
+msgid "Database type not supported"
+msgstr "ბ�ზის ტიპი მხ�რდ�უჭერელი�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:57
+msgid "Database library failed to initialize"
+msgstr "ბ�ზის ბიბლი�თეკის ინიცი�ლიზ�ციის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:59
+msgid "Unable to access Kerberos database"
+msgstr "შეცდ�მ� Kerberos-ის ბ�ზ�სთ�ნ წვდ�მის�ს"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:60
+msgid "Kerberos database internal error"
+msgstr "Kerberos-ის ბ�ზის შიდ� შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:61
+msgid "Kerberos database constraints violated"
+msgstr "დ�რღვეული� Kerberos-ის ბ�ზის შეზღუდვები"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:62
+msgid "Update log conversion error"
+msgstr "გ�ნ�ხლების ჟურნ�ლის გ�რდ�ქმნის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:63
+msgid "Update log is unstable"
+msgstr "გ�ნ�ხლების ჟურნ�ლი �რ�სტ�ბილური�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:64
+msgid "Update log is corrupt"
+msgstr "გ�ნ�ხლების ჟურნ�ლი დ�ზი�ნებული"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:65
+msgid "Generic update log error"
+msgstr "გ�ნ�ხლების ჟურნ�ლის ს�ერთ� შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:66
+msgid "Database module does not match KDC version"
+msgstr "ბ�ზის მ�დული KDC-ის ვერსი�ს �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/kdb5_err.c:68
+msgid "Too much string mapping data"
+msgstr "მეტისმეტ�დ ბევრი სტრიქ�ნების გ�დ�ბმის მ�ნ�ცემები"
+
+#: ../lib/krb5/error_tables/asn1_err.c:23
+msgid "ASN.1 failed call to system time library"
+msgstr "ASN.1 -ის შეცდ�მ� სისტემური დრ�ის ბიბლი�თეკის გ�მ�ძ�ხების�ს"
+
+#: ../lib/krb5/error_tables/asn1_err.c:24
+msgid "ASN.1 structure is missing a required field"
+msgstr "ASN.1 -ის სტრუქტურ�ს �უცილებელი ველი �კლი�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:25
+msgid "ASN.1 unexpected field number"
+msgstr "ASN.1 ველის მ�ულ�დნელი ნ�მერი"
+
+#: ../lib/krb5/error_tables/asn1_err.c:26
+msgid "ASN.1 type numbers are inconsistent"
+msgstr "ASN.1 ტიპის ნ�მრები �რ�მდგრ�დი�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:27
+msgid "ASN.1 value too large"
+msgstr "ASN.1 მნიშვნელ�ბ� ძ�ლი�ნ დიდი�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:28
+msgid "ASN.1 encoding ended unexpectedly"
+msgstr "ASN.1 დ�შიფვრ� მ�ულ�დნელ�დ დ�სრულდ�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:29
+msgid "ASN.1 identifier doesn't match expected value"
+msgstr "ASN.1 იდენტიფიკ�ტ�რი მ�ს�ლ�დნელ მნიშვნელ�ბ�ს �რ ემთხვევ�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:30
+msgid "ASN.1 length doesn't match expected value"
+msgstr "ASN.1 სიგრძე მ�ს�ლ�დნელ მნიშვნელ�ბ�ს �რ ემთხევ�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:31
+msgid "ASN.1 badly-formatted encoding"
+msgstr "ASN.1 ცუდი ფ�რმ�ტის მქ�ნე დ�შიფვრ�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:32
+msgid "ASN.1 parse error"
+msgstr "ASN.1 დ�მუშ�ვების შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:33
+msgid "ASN.1 bad return from gmtime"
+msgstr "ASN.1 �რ�სწ�რი დ�ბრუნებ� gmtime-დ�ნ"
+
+#: ../lib/krb5/error_tables/asn1_err.c:34
+msgid "ASN.1 indefinite encoding"
+msgstr "ASN.1 დ�უდგენელი დ�შიფვრ�"
+
+#: ../lib/krb5/error_tables/asn1_err.c:35
+msgid "ASN.1 missing expected EOC"
+msgstr "ASN.1 �კლი� მ�ს�ლ�დნელი EOC"
+
+#: ../lib/krb5/error_tables/asn1_err.c:36
+msgid "ASN.1 object omitted in sequence"
+msgstr "ASN.1 მიმდევრ�ბ�ში �ბიექტი �მ�ღებული�"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:23
+msgid "Kerberos V5 magic number table"
+msgstr "Kerberos V5 ჯ�დ�სნური რიცხვების ცხრილი"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:24
+msgid "Bad magic number for krb5_principal structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_principal"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:25
+msgid "Bad magic number for krb5_data structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_data"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:26
+msgid "Bad magic number for krb5_keyblock structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_keyblock"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:27
+msgid "Bad magic number for krb5_checksum structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_checksum"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:28
+msgid "Bad magic number for krb5_encrypt_block structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_encrypt_block"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:29
+msgid "Bad magic number for krb5_enc_data structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_enc_data"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:30
+msgid "Bad magic number for krb5_cryptosystem_entry structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_cryptosystem_entry"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:31
+msgid "Bad magic number for krb5_cs_table_entry structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_cs_table_entry"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:32
+msgid "Bad magic number for krb5_checksum_entry structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_checksum_entry"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:33
+msgid "Bad magic number for krb5_authdata structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_authdata"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:34
+msgid "Bad magic number for krb5_transited structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_tansited"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:35
+msgid "Bad magic number for krb5_enc_tkt_part structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_enc_tkt_part"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:36
+msgid "Bad magic number for krb5_ticket structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_ticket"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:37
+msgid "Bad magic number for krb5_authenticator structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_authenticator"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:38
+msgid "Bad magic number for krb5_tkt_authent structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_tkt_authent"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:39
+msgid "Bad magic number for krb5_creds structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_creds"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:40
+msgid "Bad magic number for krb5_last_req_entry structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_last_req_entry"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:41
+msgid "Bad magic number for krb5_pa_data structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_enc_data"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:42
+msgid "Bad magic number for krb5_kdc_req structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_kdc_req"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:43
+msgid "Bad magic number for krb5_enc_kdc_rep_part structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_enc_kdc_rep_part"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:44
+msgid "Bad magic number for krb5_kdc_rep structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_kdc_rep"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:45
+msgid "Bad magic number for krb5_error structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_error"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:46
+msgid "Bad magic number for krb5_ap_req structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_ap_req"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:47
+msgid "Bad magic number for krb5_ap_rep structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_ap_rep"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:48
+msgid "Bad magic number for krb5_ap_rep_enc_part structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_ap_rep_enc_part"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:49
+msgid "Bad magic number for krb5_response structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_response"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:50
+msgid "Bad magic number for krb5_safe structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_safe"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:51
+msgid "Bad magic number for krb5_priv structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_priv"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:52
+msgid "Bad magic number for krb5_priv_enc_part structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_priv_enc_part"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:53
+msgid "Bad magic number for krb5_cred structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_cred"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:54
+msgid "Bad magic number for krb5_cred_info structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_cred_info"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:55
+msgid "Bad magic number for krb5_cred_enc_part structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_cred_enc_part"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:56
+msgid "Bad magic number for krb5_pwd_data structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_pwd_data"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:57
+msgid "Bad magic number for krb5_address structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_address"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:58
+msgid "Bad magic number for krb5_keytab_entry structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_keytab_entry"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:59
+msgid "Bad magic number for krb5_context structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_context"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:60
+msgid "Bad magic number for krb5_os_context structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_os_context"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:61
+msgid "Bad magic number for krb5_alt_method structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_alt_method"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:62
+msgid "Bad magic number for krb5_etype_info_entry structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_etype_info_entry"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:63
+msgid "Bad magic number for krb5_db_context structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_db_context"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:64
+msgid "Bad magic number for krb5_auth_context structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_auth_context"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:65
+msgid "Bad magic number for krb5_keytab structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_keytab"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:66
+msgid "Bad magic number for krb5_rcache structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_rcache"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:67
+msgid "Bad magic number for krb5_ccache structure"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სტრუქტურისთვის krb5_ccache"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:68
+msgid "Bad magic number for krb5_preauth_ops"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb_preauth_ops -სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:69
+msgid "Bad magic number for krb5_sam_challenge"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_sam_challenge-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:70
+msgid "Bad magic number for krb5_sam_challenge_2"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_sam_challenge_2-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:71
+msgid "Bad magic number for krb5_sam_key"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_sam_key-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:72
+#: ../lib/krb5/error_tables/kv5m_err.c:73
+msgid "Bad magic number for krb5_enc_sam_response_enc"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_enc_sam_reponse_enc-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:74
+msgid "Bad magic number for krb5_sam_response"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_sam_response-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:75
+msgid "Bad magic number for krb5_sam_response 2"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_sam_response 2-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:76
+msgid "Bad magic number for krb5_predicted_sam_response"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_predicted_sam_reponse-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:77
+msgid "Bad magic number for passwd_phrase_element"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი passwd_phrase_element-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:78
+msgid "Bad magic number for GSSAPI OID"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი GSSAPI OID-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:79
+msgid "Bad magic number for GSSAPI QUEUE"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი GSSAPI QUEUE-სთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:80
+msgid "Bad magic number for fast armored request"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სწრ�ფი დ�ჯ�ვშნული მ�თხ�ვნისთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:81
+msgid "Bad magic number for FAST request"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სწრ�ფი მ�თხ�ვნისთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:82
+msgid "Bad magic number for FAST response"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი სწრ�ფი პ�სუხისთვის"
+
+#: ../lib/krb5/error_tables/kv5m_err.c:83
+msgid "Bad magic number for krb5_authdata_context"
+msgstr "�რ�სწ�რი ჯ�დ�სნური რიცხვი krb5_authdata_context-სთვის"
+
+#: ../lib/krb5/error_tables/krb524_err.c:23
+msgid "Cannot convert V5 keyblock"
+msgstr "გ�დ�ყვ�ნ� შეუძლებელი� V5 keyblock"
+
+#: ../lib/krb5/error_tables/krb524_err.c:24
+msgid "Cannot convert V5 address information"
+msgstr "გ�დ�ყვ�ნ� შეუძლებელი� V5 მის�მ�რთის ინფ�რმ�ცი�"
+
+#: ../lib/krb5/error_tables/krb524_err.c:25
+msgid "Cannot convert V5 principal"
+msgstr "გ�დ�ყვ�ნ� შეუძლებელი� V5 პრინციპ�ლი"
+
+#: ../lib/krb5/error_tables/krb524_err.c:26
+msgid "V5 realm name longer than V4 maximum"
+msgstr "V5 რე�ლმის ს�ხელი V4-ის მ�ქსიმუმზე გრძელი�"
+
+#: ../lib/krb5/error_tables/krb524_err.c:27
+msgid "Kerberos V4 error"
+msgstr "Kerberos V4 -ის შეცდ�მ�"
+
+#: ../lib/krb5/error_tables/krb524_err.c:28
+msgid "Encoding too large"
+msgstr "დ�შიფვრ� ძ�ლი�ნ დიდი�"
+
+#: ../lib/krb5/error_tables/krb524_err.c:29
+msgid "Decoding out of data"
+msgstr "დეკ�დერს მ�ნ�ცემები �რ ყ�ფნის"
+
+#: ../lib/krb5/error_tables/krb524_err.c:30
+msgid "Service not responding"
+msgstr "სერვისი �რ პ�სუხ�ბს"
+
+#: ../lib/krb5/error_tables/krb524_err.c:31
+msgid "Kerberos version 4 support is disabled"
+msgstr "Kerberos ვერსი� 4 -ის მხ�რდ�ჭერ� გ�თიშული�"
diff --git a/krb5-1.21.3/src/po/mit-krb5.pot b/krb5-1.21.3/src/po/mit-krb5.pot
new file mode 100644
index 00000000..52a3fb78
--- /dev/null
+++ b/krb5-1.21.3/src/po/mit-krb5.pot
@@ -0,0 +1,8855 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR MIT
+# This file is distributed under the same license as the mit-krb5 package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: mit-krb5 1.21.3\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-06-26 13:09-0400\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+#: ../../src/clients/kdestroy/kdestroy.c:52
+#, c-format
+msgid "Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:54
+#, c-format
+msgid "\t-A destroy all credential caches in collection\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:55
+#, c-format
+msgid "\t-q quiet mode\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:56
+#: ../../src/clients/kswitch/kswitch.c:42
+#, c-format
+msgid "\t-c specify name of credentials cache\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:57
+#, c-format
+msgid "\t-p specify principal name within collection\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:71
+#: ../../src/clients/kdestroy/kdestroy.c:165
+msgid "while listing credential caches"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:78
+#, c-format
+msgid "Other credential caches present, use -A to destroy all\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:110
+#: ../../src/clients/kinit/kinit.c:332 ../../src/clients/ksu/main.c:296
+#, c-format
+msgid "Only one -c option allowed\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:118
+#, c-format
+msgid "Only one -p option allowed\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:125
+#: ../../src/clients/kinit/kinit.c:360 ../../src/clients/klist/klist.c:178
+#, c-format
+msgid "Kerberos 4 is no longer supported\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:138
+#, c-format
+msgid "-A option is exclusive with -p option\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:150
+#: ../../src/clients/klist/klist.c:241 ../../src/clients/ksu/main.c:135
+#: ../../src/clients/ksu/main.c:141 ../../src/clients/kswitch/kswitch.c:94
+#: ../../src/kadmin/ktutil/ktutil.c:52 ../../src/kdc/main.c:925
+#: ../../src/kprop/kprop.c:103 ../../src/kprop/kpropd.c:1059
+msgid "while initializing krb5"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:157
+#: ../../src/clients/klist/klist.c:248
+msgid "while setting default cache name"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:172
+msgid "composing ccache name"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:177
+#, c-format
+msgid "while destroying cache %s"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:190
+#: ../../src/clients/kswitch/kswitch.c:107 ../../src/clients/kvno/kvno.c:316
+#: ../../src/clients/kvno/kvno.c:522 ../../src/kadmin/cli/keytab.c:373
+#: ../../src/kadmin/dbutil/kdb5_util.c:544
+#, c-format
+msgid "while parsing principal name %s"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:196
+#, c-format
+msgid "while finding cache for %s"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:204
+#: ../../src/clients/klist/klist.c:462
+msgid "while resolving ccache"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:211 ../../src/clients/ksu/main.c:1026
+msgid "while destroying cache"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:214
+#, c-format
+msgid "Ticket cache NOT destroyed!\n"
+msgstr ""
+
+#: ../../src/clients/kdestroy/kdestroy.c:216
+#, c-format
+msgid "Ticket cache %cNOT%c destroyed!\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:143
+#, c-format
+msgid ""
+"Usage: %s [-V] [-l lifetime] [-s start_time] [-r renewable_life]\n"
+"\t[-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]\n"
+"\t[--request-pac | --no-request-pac]\n"
+"\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
+"\t[-S service_name] [-I input_ccache] [-T ticket_armor_cache]\n"
+"\t[-X <attribute>[=<value>]] [principal]\n"
+"\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:153
+#, c-format
+msgid "\t-V verbose\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:154
+#, c-format
+msgid "\t-l lifetime\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:155
+#, c-format
+msgid "\t-s start time\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:156
+#, c-format
+msgid "\t-r renewable lifetime\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:157
+#, c-format
+msgid "\t-f forwardable\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:158
+#, c-format
+msgid "\t-F not forwardable\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:159
+#, c-format
+msgid "\t-p proxiable\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:160
+#, c-format
+msgid "\t-P not proxiable\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:161
+#, c-format
+msgid "\t-n anonymous\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:162
+#, c-format
+msgid "\t-a include addresses\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:163
+#, c-format
+msgid "\t-A do not include addresses\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:164
+#, c-format
+msgid "\t-v validate\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:165
+#, c-format
+msgid "\t-R renew\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:166
+#, c-format
+msgid "\t-C canonicalize\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:167
+#, c-format
+msgid "\t-E client is enterprise principal name\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:168
+#, c-format
+msgid "\t-k use keytab\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:169
+#, c-format
+msgid "\t-i use default client keytab (with -k)\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:170
+#, c-format
+msgid "\t-t filename of keytab to use\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:171
+#, c-format
+msgid "\t-c Kerberos 5 cache name\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:172
+#, c-format
+msgid "\t-S service\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:173
+#, c-format
+msgid "\t-I input credential cache\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:174
+#, c-format
+msgid "\t-T armor credential cache\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:175
+#, c-format
+msgid "\t-X <attribute>[=<value>]\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:177
+#, c-format
+msgid "\t--{,no}-request-pac request KDC include/exclude a PAC\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:250 ../../src/clients/kinit/kinit.c:258
+#, c-format
+msgid "Bad lifetime value %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:292
+#, c-format
+msgid "Bad start time value %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:310
+#, c-format
+msgid "Only one -t option allowed.\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:318
+#, c-format
+msgid "Only one armor_ccache\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:340
+#, c-format
+msgid "Only one -I option allowed\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:349
+msgid "while adding preauth option"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:375
+#, c-format
+msgid "Only one of -f and -F allowed\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:379
+#, c-format
+msgid "Only one of -p and -P allowed\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:383
+#, c-format
+msgid "Only one of --request-pac and --no-request-pac allowed\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:388
+#, c-format
+msgid "Only one of -a and -A allowed\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:392
+#, c-format
+msgid "Only one of -t and -i allowed\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:398
+#, c-format
+msgid "keytab specified, forcing -k\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:401 ../../src/clients/klist/klist.c:216
+#, c-format
+msgid "Extra arguments (starting with \"%s\").\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:427
+msgid "while initializing Kerberos 5 library"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:435 ../../src/clients/kinit/kinit.c:578
+#, c-format
+msgid "resolving ccache %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:440
+#, c-format
+msgid "Using specified cache: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:448
+msgid "while getting default ccache"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:462 ../../src/clients/kinit/kinit.c:530
+#: ../../src/clients/kpasswd/kpasswd.c:30 ../../src/clients/ksu/main.c:249
+#, c-format
+msgid "when parsing name %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:470 ../../src/kadmin/dbutil/kdb5_util.c:309
+#: ../../src/kprop/kprop.c:157
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:395
+msgid "while getting default realm"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:481
+msgid "while building principal"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:489
+msgid "When resolving the default client keytab"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:496
+msgid "When determining client principal name from keytab"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:505
+msgid "when creating default server principal name"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:525 ../../src/clients/kpasswd/kpasswd.c:43
+#, c-format
+msgid "Unable to identify user\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:539 ../../src/clients/kswitch/kswitch.c:113
+#, c-format
+msgid "while searching for ccache for %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:545
+#, c-format
+msgid "Using existing cache: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:554
+msgid "while generating new ccache"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:558
+#, c-format
+msgid "Using new cache: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:570
+#, c-format
+msgid "Using default cache: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:583
+#, c-format
+msgid "Using specified input cache: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:590 ../../src/clients/ksu/krb_auth_su.c:160
+msgid "when unparsing name"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:594
+#, c-format
+msgid "Using principal: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:677
+msgid "getting local addresses"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:701
+#, c-format
+msgid "while setting up KDB keytab for realm %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:710 ../../src/clients/kvno/kvno.c:513
+#, c-format
+msgid "resolving keytab %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:715
+#, c-format
+msgid "Using keytab: %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:719
+msgid "resolving default client keytab"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:729
+#, c-format
+msgid "while setting '%s'='%s'"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:734
+#, c-format
+msgid "PA Option %s = %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:775
+msgid "getting initial credentials"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:778
+msgid "validating credentials"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:781
+msgid "renewing credentials"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:789
+#, c-format
+msgid "%s: Password incorrect while %s\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:792
+#, c-format
+msgid "while %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:803
+msgid "when creating temporary cache"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:807
+#, c-format
+msgid "Initialized cache\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:811
+msgid "while storing credentials"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:816
+#, c-format
+msgid "while saving to cache %s"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:822
+#, c-format
+msgid "Stored credentials\n"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:828
+msgid "while switching to new ccache"
+msgstr ""
+
+#: ../../src/clients/kinit/kinit.c:885
+#, c-format
+msgid "Authenticated to Kerberos v5\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:85
+#, c-format
+msgid ""
+"Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] [-a [-n]]] [-k [-i] [-t] "
+"[-K]] [-C] [name]\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:88
+#, c-format
+msgid "\t-c specifies credentials cache\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:89
+#, c-format
+msgid "\t-k specifies keytab\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:90
+#, c-format
+msgid "\t   (Default is credentials cache)\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:91
+#, c-format
+msgid "\t-i uses default client keytab if no name given\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:92
+#, c-format
+msgid "\t-l lists credential caches in collection\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:93
+#, c-format
+msgid "\t-A shows content of all credential caches\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:94
+#, c-format
+msgid "\t-e shows the encryption type\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:95
+#, c-format
+msgid "\t-V shows the Kerberos version and exits\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:96
+#, c-format
+msgid "\toptions for credential caches:\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:97
+#, c-format
+msgid "\t\t-d shows the submitted authorization data types\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:99
+#, c-format
+msgid "\t\t-f shows credentials flags\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:100
+#, c-format
+msgid "\t\t-s sets exit status based on valid tgt existence\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:102
+#, c-format
+msgid "\t\t-a displays the address list\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:103
+#, c-format
+msgid "\t\t\t-n do not reverse-resolve\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:104
+#, c-format
+msgid "\toptions for keytabs:\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:105
+#, c-format
+msgid "\t\t-t shows keytab entry timestamps\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:106
+#, c-format
+msgid "\t\t-K shows keytab entry keys\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:107
+#, c-format
+msgid "\t\t-C includes configuration data entries\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:225
+#, c-format
+msgid "%s version %s\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:278
+msgid "while getting default client keytab"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:284
+msgid "while getting default keytab"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:290 ../../src/kadmin/cli/keytab.c:103
+#, c-format
+msgid "while resolving keytab %s"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:297 ../../src/kadmin/cli/keytab.c:87
+msgid "while getting keytab name"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:305 ../../src/kadmin/cli/keytab.c:422
+msgid "while starting keytab scan"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:328 ../../src/clients/klist/klist.c:484
+#: ../../src/clients/ksu/ccache.c:455 ../../src/kadmin/dbutil/dump.c:487
+#: ../../src/kadmin/dbutil/tabdump.c:549
+msgid "while unparsing principal name"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:350 ../../src/kadmin/cli/keytab.c:466
+msgid "while scanning keytab"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:355 ../../src/kadmin/cli/keytab.c:471
+msgid "while ending keytab scan"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:372 ../../src/clients/klist/klist.c:435
+msgid "while listing ccache collection"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:411
+msgid "(Expired)"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:488
+#, c-format
+msgid ""
+"Ticket cache: %s:%s\n"
+"Default principal: %s\n"
+"\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:500
+msgid "while starting to retrieve tickets"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:514
+msgid "while finishing ticket retrieval"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:519
+msgid "while retrieving a ticket"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:674 ../../src/clients/ksu/ccache.c:440
+#: ../../src/kprop/kpropd.c:1206 ../../src/kprop/kpropd.c:1271
+msgid "while unparsing client name"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:679 ../../src/clients/ksu/ccache.c:445
+#: ../../src/kprop/kprop.c:191
+msgid "while unparsing server name"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:710 ../../src/clients/ksu/ccache.c:470
+#, c-format
+msgid "\tfor client %s"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:722 ../../src/clients/ksu/ccache.c:479
+msgid "renew until "
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:734 ../../src/clients/ksu/ccache.c:489
+#, c-format
+msgid "Flags: %s"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:749
+#, c-format
+msgid "Etype (skey, tkt): %s, "
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:761
+#, c-format
+msgid "AD types: "
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:777
+#, c-format
+msgid "\tAddresses: (none)\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:779
+#, c-format
+msgid "\tAddresses: "
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:797
+msgid "while unparsing ticket server name"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:800
+#, c-format
+msgid "\tTicket server: %s\n"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:828 ../../src/clients/klist/klist.c:838
+#, c-format
+msgid "broken address (type %d length %d)"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:847
+#, c-format
+msgid "unknown addrtype %d"
+msgstr ""
+
+#: ../../src/clients/klist/klist.c:856
+#, c-format
+msgid "unprintable address (type %d, error %d %s)"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:13 ../../src/lib/krb5/krb/gic_pwd.c:288
+msgid "Enter new password"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:14 ../../src/lib/krb5/krb/gic_pwd.c:296
+msgid "Enter it again"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:34
+#, c-format
+msgid "Unable to identify user from password file\n"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:64
+#, c-format
+msgid "usage: %s [principal]\n"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:72
+msgid "initializing kerberos library"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:77
+msgid "allocating krb5_get_init_creds_opt"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:93
+msgid "opening default ccache"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:98
+msgid "getting principal from ccache"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:103
+msgid "while setting FAST ccache"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:109
+msgid "closing ccache"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:117
+msgid "parsing client name"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:135
+msgid "Password incorrect while getting initial ticket"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:137
+msgid "getting initial ticket"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:147
+msgid "while reading password"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:155
+msgid "changing password"
+msgstr ""
+
+#: ../../src/clients/kpasswd/kpasswd.c:175
+#: ../lib/kadm5/chpass_util_strings.c:30
+#, c-format
+msgid "Password changed.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/authorization.c:352
+#, c-format
+msgid ""
+"Error: bad entry - %s in %s file, must be either full path or just the cmd "
+"name\n"
+msgstr ""
+
+#: ../../src/clients/ksu/authorization.c:360
+#, c-format
+msgid ""
+"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH "
+"must be defined \n"
+msgstr ""
+
+#: ../../src/clients/ksu/authorization.c:375
+#, c-format
+msgid "Error: bad entry - %s in %s file, CMD_PATH contains no paths \n"
+msgstr ""
+
+#: ../../src/clients/ksu/authorization.c:384
+#, c-format
+msgid "Error: bad path %s in CMD_PATH for %s must start with '/' \n"
+msgstr ""
+
+#: ../../src/clients/ksu/authorization.c:500
+msgid "Error: not found -> "
+msgstr ""
+
+#: ../../src/clients/ksu/authorization.c:706
+#, c-format
+msgid "home directory name `%s' too long, can't search for .k5login\n"
+msgstr ""
+
+#: ../../src/clients/ksu/ccache.c:358
+#, c-format
+msgid "home directory path for %s too long\n"
+msgstr ""
+
+#: ../../src/clients/ksu/ccache.c:451
+msgid "while retrieving principal name"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:57
+#: ../../src/clients/ksu/krb_auth_su.c:62
+msgid "while copying client principal"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:69
+msgid "while creating tgt for local realm"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:84
+msgid "while retrieving creds from cache"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:95
+msgid "while switching to target uid"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:100
+#, c-format
+msgid ""
+"WARNING: Your password may be exposed if you enter it here and are logged \n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:102
+#, c-format
+msgid "         in remotely using an unsecure (non-encrypted) channel. \n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:114 ../../src/clients/ksu/main.c:481
+msgid "while reclaiming root uid"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:121
+#, c-format
+msgid "does not have any appropriate tickets in the cache.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:133
+msgid "while verifying ticket for server"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:167
+msgid "while getting time of day"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:171
+#, c-format
+msgid "Kerberos password for %s: "
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:175
+#, c-format
+msgid "principal name %s too long for internal buffer space\n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:184
+#, c-format
+msgid "while reading password for '%s'\n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:190
+#, c-format
+msgid "No password given\n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:203
+#, c-format
+msgid "%s: Password incorrect\n"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:205
+msgid "while getting initial credentials"
+msgstr ""
+
+#: ../../src/clients/ksu/krb_auth_su.c:225
+#: ../../src/clients/ksu/krb_auth_su.c:239
+#, c-format
+msgid " %s while unparsing name\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:69
+#, c-format
+msgid ""
+"Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-r time] "
+"[-p|-P] [-f|-F] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a "
+"[args... ] ]\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:151
+msgid ""
+"program name too long - quitting to avoid triggering system logging bugs"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:177
+msgid "while allocating memory"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:190
+msgid "while setting euid to source user"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:201 ../../src/clients/ksu/main.c:242
+#, c-format
+msgid "Bad lifetime value (%s hours?)\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:213 ../../src/clients/ksu/main.c:304
+msgid "when gathering parameters"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:263
+#, c-format
+msgid "-z option is mutually exclusive with -Z.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:271
+#, c-format
+msgid "-Z option is mutually exclusive with -z.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:284
+#, c-format
+msgid "while looking for credentials cache %s"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:290
+#, c-format
+msgid "malformed credential cache name %s\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:348
+#, c-format
+msgid "ksu: who are you?\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:352
+#, c-format
+msgid "Your uid doesn't match your passwd entry?!\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:367
+#, c-format
+msgid "ksu: unknown login %s\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:387
+msgid "while getting source cache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:396
+msgid "while selecting the best principal"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:404
+msgid "while returning to source uid after finding best principal"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:424
+#, c-format
+msgid "account %s: authorization failed\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:459
+msgid "while parsing temporary name"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:464
+msgid "while creating temporary cache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:470 ../../src/clients/ksu/main.c:710
+#, c-format
+msgid "while copying cache %s to %s"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:488
+#, c-format
+msgid ""
+"WARNING: Your password may be exposed if you enter it here and are logged\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:490
+#, c-format
+msgid "         in remotely using an unsecure (non-encrypted) channel.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:496
+#, c-format
+msgid "Goodbye\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:500
+#, c-format
+msgid "Could not get a tgt for "
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:522
+#, c-format
+msgid "Authentication failed.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:530
+msgid "When unparsing name"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:534
+#, c-format
+msgid "Authenticated %s\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:541
+msgid "while switching to target for authorization check"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:548
+msgid "while checking authorization"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:554
+msgid "while switching back from target after authorization check"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:561
+#, c-format
+msgid "Account %s: authorization for %s for execution of\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:563
+#, c-format
+msgid "               %s successful\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:569
+#, c-format
+msgid "Account %s: authorization for %s successful\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:581
+#, c-format
+msgid "Account %s: authorization for %s for execution of %s failed\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:589
+#, c-format
+msgid "Account %s: authorization of %s failed\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:604
+msgid "while calling cc_filter"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:612
+msgid "while erasing target cache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:632
+#, c-format
+msgid "ksu: permission denied (shell).\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:641
+#, c-format
+msgid "ksu: couldn't set environment variable USER\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:647
+#, c-format
+msgid "ksu: couldn't set environment variable HOME\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:652
+#, c-format
+msgid "ksu: couldn't set environment variable SHELL\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:663
+#, c-format
+msgid "ksu: initgroups failed.\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:668
+#, c-format
+msgid "Leaving uid as %s (%ld)\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:671
+#, c-format
+msgid "Changing uid to %s (%ld)\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:697
+msgid "while getting name of target ccache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:717
+#, c-format
+msgid "%s does not have correct permissions for %s, %s aborted"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:738
+#, c-format
+msgid "Internal error: command %s did not get resolved\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:755 ../../src/clients/ksu/main.c:791
+#, c-format
+msgid "while trying to execv %s"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:781
+msgid "while calling waitpid"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:786
+msgid "while trying to fork."
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:836
+msgid "while reading cache name from ccache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:842
+#, c-format
+msgid "ksu: couldn't set environment variable %s\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:868
+msgid "while resetting target ccache name"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:882
+msgid "while determining target ccache name"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:921
+msgid "while generating part of the target ccache name"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:927
+msgid "while allocating memory for the target ccache name"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:946
+msgid "while creating new target ccache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:952
+msgid "while initializing target cache"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:992
+#, c-format
+msgid "terminal name %s too long\n"
+msgstr ""
+
+#: ../../src/clients/ksu/main.c:1020
+msgid "while changing to target uid for destroying ccache"
+msgstr ""
+
+#: ../../src/clients/kswitch/kswitch.c:41
+#, c-format
+msgid "Usage: %s {-c cache_name | -p principal}\n"
+msgstr ""
+
+#: ../../src/clients/kswitch/kswitch.c:43
+#, c-format
+msgid "\t-p specify name of principal\n"
+msgstr ""
+
+#: ../../src/clients/kswitch/kswitch.c:66
+#, c-format
+msgid "Only one -c or -p option allowed\n"
+msgstr ""
+
+#: ../../src/clients/kswitch/kswitch.c:85
+#, c-format
+msgid "One of -c or -p must be specified\n"
+msgstr ""
+
+#: ../../src/clients/kswitch/kswitch.c:101
+#, c-format
+msgid "while resolving %s"
+msgstr ""
+
+#: ../../src/clients/kswitch/kswitch.c:122
+msgid "while switching to credential cache"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:44
+#, c-format
+msgid ""
+"usage: %s [-c ccache] [-e etype] [-k keytab] [-q] [-u | -S sname]\n"
+"\t[[{-F cert_file | {-I | -U} for_user} [-P]] | --u2u ccache]\n"
+"\t[--cached-only] [--no-store] [--out-cache] service1 service2 ...\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:117 ../../src/clients/kvno/kvno.c:125
+#, c-format
+msgid "Options -u and -S are mutually exclusive\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:159
+#, c-format
+msgid "Options --u2u and -I|-U|-F are mutually exclusive\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:165
+#, c-format
+msgid ""
+"Option -P (constrained delegation) requires option -I|-U|-F (protocol "
+"transition)\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:240
+msgid "No begin line not found"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:252
+msgid "No end line found"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:263
+msgid "Unexpected header line"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:278
+msgid "Invalid base64"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:324
+#, c-format
+msgid "while formatting parsed principal name for '%s'"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:338
+msgid "client and server principal names must match"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:354
+#, c-format
+msgid "while getting credentials for %s"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:361
+#, c-format
+msgid "while decoding ticket for %s"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:372
+#, c-format
+msgid "while decrypting ticket for %s"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:376
+#, c-format
+msgid "%s: kvno = %d, keytab entry valid\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:381
+#, c-format
+msgid "%s: kvno = %d\n"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:396
+#, c-format
+msgid "%s: constrained delegation failed"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:479 ../../src/kadmin/cli/kadmin.c:311
+msgid "while initializing krb5 library"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:486
+msgid "while converting etype"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:498
+msgid "while opening ccache"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:505
+msgid "while resolving output ccache"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:530
+#, c-format
+msgid "while reading certificate file %s"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:540
+#, c-format
+msgid "while getting user-to-user ticket from %s"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:549
+msgid "while getting client principal name"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:556
+msgid "while creating temporary output ccache"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:570
+msgid "while initializing output ccache"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:580
+msgid "while storing creds in output ccache"
+msgstr ""
+
+#: ../../src/clients/kvno/kvno.c:591
+msgid "while writing output ccache"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:103
+#, c-format
+msgid ""
+"Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
+"              [command args...]\n"
+"\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n] [-"
+"O | -N]\n"
+"\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m] [-w "
+"password] where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:164
+#, c-format
+msgid "Invalid date specification \"%s\".\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:192
+#, c-format
+msgid "Interval specification \"%s\" is in the past.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:322 ../../src/kadmin/cli/kadmin.c:361
+#, c-format
+msgid "%s: Cannot initialize. Not enough memory\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:380 ../../src/kadmin/cli/kadmin.c:840
+#: ../../src/kadmin/cli/kadmin.c:1109 ../../src/kadmin/cli/kadmin.c:1630
+#: ../../src/kadmin/cli/keytab.c:148 ../../src/kadmin/dbutil/kdb5_util.c:559
+#, c-format
+msgid "while parsing keysalts %s"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:403
+#, c-format
+msgid "%s: -q is exclusive with command-line query"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:411
+#, c-format
+msgid "%s: unable to get default realm\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:431
+msgid "while opening default credentials cache"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:437
+#, c-format
+msgid "while opening credentials cache %s"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:459 ../../src/kadmin/cli/kadmin.c:513
+#: ../../src/kadmin/cli/kadmin.c:521 ../../src/kadmin/cli/kadmin.c:528
+#, c-format
+msgid "%s: out of memory\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:468 ../../src/kadmin/cli/kadmin.c:483
+#: ../../src/kprop/kpropd.c:677
+msgid "while canonicalizing principal name"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:477
+msgid "creating host service principal"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:490
+#, c-format
+msgid "%s: unable to canonicalize principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:533
+#, c-format
+msgid "%s: unable to figure out a principal name\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:540
+msgid "while setting up logging"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:549
+#, c-format
+msgid "Authenticating as principal %s with existing credentials.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:555
+#, c-format
+msgid "Authenticating as principal %s with password; anonymous requested.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:562
+#, c-format
+msgid "Authenticating as principal %s with keytab %s.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:565
+#, c-format
+msgid "Authenticating as principal %s with default keytab.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:572
+#, c-format
+msgid "Authenticating as principal %s with password.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:580 ../../src/kprop/kpropd.c:722
+#, c-format
+msgid "while initializing %s interface"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:595
+#, c-format
+msgid "while closing ccache %s"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:601
+msgid "while mapping update log"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:617
+msgid "while unlocking locked database"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:626
+msgid "Administration credentials NOT DESTROYED.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:675
+msgid "usage: delete_principal [-force] principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:680 ../../src/kadmin/cli/kadmin.c:859
+msgid "while parsing principal name"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:686 ../../src/kadmin/cli/kadmin.c:865
+#: ../../src/kadmin/cli/kadmin.c:1218 ../../src/kadmin/cli/kadmin.c:1343
+#: ../../src/kadmin/cli/kadmin.c:1413 ../../src/kadmin/cli/kadmin.c:1853
+#: ../../src/kadmin/cli/kadmin.c:1897 ../../src/kadmin/cli/kadmin.c:1943
+#: ../../src/kadmin/cli/kadmin.c:1983
+msgid "while canonicalizing principal"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:690
+#, c-format
+msgid "Are you sure you want to delete the principal \"%s\"? (yes/no): "
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:694
+#, c-format
+msgid "Principal \"%s\" not deleted\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:701
+#, c-format
+msgid "while deleting principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:704
+#, c-format
+msgid "Principal \"%s\" deleted.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:705
+msgid ""
+"Make sure that you have removed this principal from all ACLs before "
+"reusing.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:722
+msgid "usage: rename_principal [-force] old_principal new_principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:729
+msgid "while parsing old principal name"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:735
+msgid "while parsing new principal name"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:741
+msgid "while canonicalizing old principal"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:747
+msgid "while canonicalizing new principal"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:751
+#, c-format
+msgid ""
+"Are you sure you want to rename the principal \"%s\" to \"%s\"? (yes/no): "
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:755
+#, c-format
+msgid "Principal \"%s\" not renamed\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:762
+#, c-format
+msgid "while renaming principal \"%s\" to \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:766
+#, c-format
+msgid "Principal \"%s\" renamed to \"%s\".\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:767
+msgid ""
+"Make sure that you have removed the old principal from all ACLs before "
+"reusing.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:782
+msgid ""
+"usage: change_password [-randkey] [-keepold] [-e keysaltlist] [-pw password] "
+"principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:808
+msgid "change_password: missing db argument"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:814
+msgid "change_password: Not enough memory\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:822
+msgid "change_password: missing password arg"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:833
+msgid "change_password: missing keysaltlist arg"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:844
+#, c-format
+msgid "unrecognized option %s"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:851
+msgid "missing principal name"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:853
+msgid "too many arguments"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:877 ../../src/kadmin/cli/kadmin.c:914
+#, c-format
+msgid "while changing password for \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:880 ../../src/kadmin/cli/kadmin.c:917
+#, c-format
+msgid "Password for \"%s\" changed.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:886 ../../src/kadmin/cli/kadmin.c:1294
+#, c-format
+msgid "while randomizing key for \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:889
+#, c-format
+msgid "Key for \"%s\" randomized.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:894 ../../src/kadmin/cli/kadmin.c:1254
+#, c-format
+msgid "Enter password for principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:896 ../../src/kadmin/cli/kadmin.c:1256
+#, c-format
+msgid "Re-enter password for principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:901 ../../src/kadmin/cli/kadmin.c:1260
+#, c-format
+msgid "while reading password for \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:955
+msgid "Not enough memory\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:985 ../../src/kadmin/dbutil/kdb5_util.c:591
+msgid "while getting time"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1126 ../../src/kadmin/cli/kadmin.c:1337
+#: ../../src/kadmin/cli/kadmin.c:1408 ../../src/kadmin/cli/kadmin.c:1847
+#: ../../src/kadmin/cli/kadmin.c:1891 ../../src/kadmin/cli/kadmin.c:1937
+#: ../../src/kadmin/cli/kadmin.c:1977
+msgid "while parsing principal"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1135
+msgid "usage: add_principal [options] principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1136 ../../src/kadmin/cli/kadmin.c:1160
+#: ../../src/kadmin/cli/kadmin.c:1653
+msgid "\toptions are:\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1137
+msgid ""
+"\t\t[-randkey|-nokey] [-x db_princ_args]* [-expire expdate] [-pwexpire "
+"pwexpdate] [-maxlife maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+"\t\t[-pw password] [-maxrenewlife maxrenewlife]\n"
+"\t\t[-e keysaltlist]\n"
+"\t\t[{+|-}attribute]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1142 ../../src/kadmin/cli/kadmin.c:1165
+msgid "\tattributes are:\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1143 ../../src/kadmin/cli/kadmin.c:1166
+msgid ""
+"\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
+"\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+"\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+"\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+"\t\tlockdown_keys\n"
+"\n"
+"where,\n"
+"\t[-x db_princ_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1159
+msgid "usage: modify_principal [options] principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1161
+msgid ""
+"\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife "
+"maxtixlife]\n"
+"\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+"\t\t[-maxrenewlife maxrenewlife] [-unlock] [{+|-}attribute]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1225 ../../src/kadmin/cli/kadmin.c:1366
+#, c-format
+msgid "WARNING: policy \"%s\" does not exist\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1232
+#, c-format
+msgid "No policy specified for %s; assigning \"default\"\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1238
+#, c-format
+msgid "No policy specified for %s; defaulting to no policy\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1280
+#, c-format
+msgid "Admin server does not support -nokey while creating \"%s\"\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1302
+#, c-format
+msgid "while clearing DISALLOW_ALL_TIX for \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1349
+#, c-format
+msgid "while getting \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1375
+#, c-format
+msgid "while modifying \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1379
+#, c-format
+msgid "Principal \"%s\" modified.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1400
+msgid "usage: get_principal [-terse] principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1419
+#, c-format
+msgid "while retrieving \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1424 ../../src/kadmin/cli/kadmin.c:1429
+msgid "while unparsing principal"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1433
+#, c-format
+msgid "Principal: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1434
+#, c-format
+msgid "Expiration date: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1435 ../../src/kadmin/cli/kadmin.c:1437
+#: ../../src/kadmin/cli/kadmin.c:1440 ../../src/kadmin/cli/kadmin.c:1448
+msgid "[never]"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1436
+#, c-format
+msgid "Last password change: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1438
+#, c-format
+msgid "Password expiration date: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1441
+#, c-format
+msgid "Maximum ticket life: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1442
+#, c-format
+msgid "Maximum renewable life: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1444
+#, c-format
+msgid "Last modified: %s (%s)\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1446
+#, c-format
+msgid "Last successful authentication: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1452
+#, c-format
+msgid "Failed password attempts: %d\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1454
+#, c-format
+msgid "Number of keys: %d\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1462
+#, c-format
+msgid "<Encryption type 0x%x>"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1474
+#, c-format
+msgid "<Salt type 0x%x>"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1480
+#, c-format
+msgid "MKey: vno %d\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1482
+#, c-format
+msgid "Attributes:"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1485
+msgid "while printing flags"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1494
+msgid "[none]"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1496
+msgid " [does not exist]"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1497
+#, c-format
+msgid "Policy: %s%s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1533
+msgid "usage: get_principals [expression]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1538 ../../src/kadmin/cli/kadmin.c:1789
+msgid "while retrieving list."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1643
+#, c-format
+msgid "%s: parser lost count!\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1652
+#, c-format
+msgid "usage; %s [options] policy\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1654
+msgid ""
+"\t\t[-maxlife time] [-minlife time] [-minlength length]\n"
+"\t\t[-minclasses number] [-history number]\n"
+"\t\t[-maxfailure number] [-failurecountinterval time]\n"
+"\t\t[-allowedkeysalts keysalts]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1658
+msgid "\t\t[-lockoutduration time]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1677
+#, c-format
+msgid "while creating policy \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1698
+#, c-format
+msgid "while modifying policy \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1710
+msgid "usage: delete_policy [-force] policy\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1714
+#, c-format
+msgid "Are you sure you want to delete the policy \"%s\"? (yes/no): "
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1718
+#, c-format
+msgid "Policy \"%s\" not deleted.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1724
+#, c-format
+msgid "while deleting policy \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1736
+msgid "usage: get_policy [-terse] policy\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1741
+#, c-format
+msgid "while retrieving policy \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1746
+#, c-format
+msgid "Policy: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1747
+#, c-format
+msgid "Maximum password life: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1748
+#, c-format
+msgid "Minimum password life: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1749
+#, c-format
+msgid "Minimum password length: %ld\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1750
+#, c-format
+msgid "Minimum number of password character classes: %ld\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1752
+#, c-format
+msgid "Number of old keys kept: %ld\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1753
+#, c-format
+msgid "Maximum password failures before lockout: %lu\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1755
+#, c-format
+msgid "Password failure count reset interval: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1757
+#, c-format
+msgid "Password lockout duration: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1760
+#, c-format
+msgid "Allowed key/salt types: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1784
+msgid "usage: get_policies [expression]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1806
+msgid "usage: get_privs\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1811
+msgid "while retrieving privileges"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1814
+#, c-format
+msgid "current privileges:"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1840
+msgid "usage: purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1860
+#, c-format
+msgid "while purging keys for principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1865
+#, c-format
+msgid "All keys for principal \"%s\" removed.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1867
+#, c-format
+msgid "Old keys for principal \"%s\" purged.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1884
+msgid "usage: get_strings principal\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1904
+#, c-format
+msgid "while getting attributes for principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1909
+#, c-format
+msgid "(No string attributes.)\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1928
+msgid "usage: set_string principal key value\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1950
+#, c-format
+msgid "while setting attribute on principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1954
+#, c-format
+msgid "Attribute set for principal \"%s\".\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1969
+msgid "usage: del_string principal key\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1990
+#, c-format
+msgid "while deleting attribute from principal \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/cli/kadmin.c:1994
+#, c-format
+msgid "Attribute removed from principal \"%s\".\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:55
+#, c-format
+msgid ""
+"Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [-norandkey] "
+"[principal | -glob princ-exp] [...]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:62
+#, c-format
+msgid ""
+"Usage: ktremove [-k[eytab] keytab] [-q] principal [kvno|\"all\"|\"old\"]\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:76 ../../src/kadmin/cli/keytab.c:97
+msgid "while creating keytab name"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:81
+msgid "while opening default keytab"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:165
+#, c-format
+msgid "cannot specify keysaltlist when not changing key\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:181
+#, c-format
+msgid "while expanding expression \"%s\"."
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:200 ../../src/kadmin/cli/keytab.c:240
+msgid "while closing keytab"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:314
+#, c-format
+msgid "while parsing -add principal name %s"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:328
+#, c-format
+msgid "%s: Principal %s does not exist.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:331
+#, c-format
+msgid "while changing %s's key"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:343
+msgid "while adding key to keytab"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:348
+#, c-format
+msgid ""
+"Entry for principal %s with kvno %d, encryption type %s added to keytab %s.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:396
+#, c-format
+msgid "%s: Keytab %s does not exist.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:400
+#, c-format
+msgid "%s: No entry for principal %s exists in keytab %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:404
+#, c-format
+msgid "%s: No entry for principal %s with kvno %d exists in keytab %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:410
+msgid "while retrieving highest kvno from keytab"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:443
+msgid "while temporarily ending keytab scan"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:448
+msgid "while deleting entry from keytab"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:453
+msgid "while restarting keytab scan"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:459
+#, c-format
+msgid "Entry for principal %s with kvno %d removed from keytab %s.\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/keytab.c:481
+#, c-format
+msgid "%s: There is only one entry for principal %s in keytab %s\n"
+msgstr ""
+
+#: ../../src/kadmin/cli/ss_wrapper.c:53 ../../src/kadmin/ktutil/ktutil.c:58
+msgid "creating invocation"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:165
+msgid "while allocating temporary filename dump"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:176
+msgid "while renaming dump file into place"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:196
+msgid "while allocating dump_ok filename"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:202
+#, c-format
+msgid "while creating 'ok' file, '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:207
+#, c-format
+msgid "while locking 'ok' file, '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:260 ../../src/kadmin/dbutil/dump.c:289
+#, c-format
+msgid "%s: regular expression error: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:272
+#, c-format
+msgid "%s: regular expression match error: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:373
+#, c-format
+msgid "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:495
+#, c-format
+msgid "while converting %s to new master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:516
+#, c-format
+msgid "%s(%d): %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:559
+#, c-format
+msgid "%s(%d): ignoring trash at end of line: "
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:622
+msgid "cannot read tagged data type and length"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:626
+msgid "data type or length overflowed"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:633
+msgid "cannot read tagged data contents"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:666
+msgid "cannot match size tokens"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:672
+msgid "cannot allocate principal (too large)"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:681
+msgid "cannot allocate tl_data (too large)"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:690
+msgid "invalid key_data size"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:707
+msgid "cannot read name string"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:712
+#, c-format
+msgid "while parsing name %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:720
+msgid "cannot read principal attributes"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:773
+msgid "cannot read key size and version"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:777
+msgid "unsupported key_data_ver version"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:781
+msgid "invalid kvno"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:792
+msgid "cannot read key type and length"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:798
+msgid "cannot read key data"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:808
+msgid "cannot read extra data"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:817
+#, c-format
+msgid "while storing %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:856 ../../src/kadmin/dbutil/dump.c:895
+#: ../../src/kadmin/dbutil/dump.c:941 ../../src/kadmin/dbutil/dump.c:960
+#, c-format
+msgid "cannot parse policy (%d read)\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:864 ../../src/kadmin/dbutil/dump.c:903
+#: ../../src/kadmin/dbutil/dump.c:981
+msgid "while creating policy"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:868
+#, c-format
+msgid "created policy %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1018
+#, c-format
+msgid "unknown record type \"%s\"\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1129
+#, c-format
+msgid "%s: Unknown iprop dump version %d\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1207 ../../src/kadmin/dbutil/dump.c:1443
+#, c-format
+msgid "OV dump format not supported\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1229 ../../src/kadmin/dbutil/dump.c:1455
+#, c-format
+msgid "Iprop not enabled\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1266
+msgid "Conditional dump is an undocumented option for use only for iprop dumps"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1279
+msgid "Database not currently opened!"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1293 ../../src/kadmin/dbutil/kdb5_stash.c:116
+#: ../../src/kadmin/dbutil/kdb5_util.c:445
+msgid "while reading master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1299
+msgid "while verifying master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1318 ../../src/kadmin/dbutil/dump.c:1328
+msgid "while reading new master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1322
+#, c-format
+msgid "Please enter new master key....\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1346
+#, c-format
+msgid "while opening %s for writing"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1361
+msgid "while reading update log header"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1376 ../../src/kadmin/dbutil/dump.c:1384
+#, c-format
+msgid "performing %s dump"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1414
+#, c-format
+msgid "%s: error processing line %d of %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1464
+msgid "while parsing options"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1479
+#, c-format
+msgid "while opening %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1484 ../../src/kadmin/dbutil/dump.c:1580
+msgid "standard input"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1489
+#, c-format
+msgid "%s: can't read dump header in %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1497 ../../src/kadmin/dbutil/dump.c:1511
+#, c-format
+msgid "%s: dump header bad in %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1520
+#, c-format
+msgid "Could not open iprop ulog\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1525
+#, c-format
+msgid "%s: dump version %s can only be loaded with the -update flag\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1534 ../../src/kadmin/dbutil/dump.c:1539
+msgid "computing parameters for database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1545
+msgid "while creating database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1554
+msgid "while opening database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1564
+msgid "while permanently locking database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1582
+#, c-format
+msgid "%s: %s restore failed\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1587
+msgid "while unlocking database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1597 ../../src/kadmin/dbutil/dump.c:1616
+msgid "while reinitializing update log"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1607
+msgid "while making newly loaded database live"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1623
+msgid "while writing update log header"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/dump.c:1637
+#, c-format
+msgid "while deleting bad database %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:79
+msgid "while looking up the Kerberos configuration"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:105
+msgid "while initializing the Kerberos admin interface"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:197
+msgid "while appending realm to principal"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:203
+msgid "while parsing admin principal name"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kadm5_create.c:215
+#, c-format
+msgid "while creating principal %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:186
+#: ../../src/kadmin/dbutil/kdb5_util.c:389
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:566
+msgid "while setting up master key name"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:197
+#, c-format
+msgid ""
+"Initializing database '%s' for realm '%s',\n"
+"master key name '%s'\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:202
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:475
+#, c-format
+msgid "You will be prompted for the database Master Password.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:203
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:255
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:476
+#, c-format
+msgid "It is important that you NOT FORGET this password.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:209
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:261
+msgid "while creating new master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:217
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:486
+msgid "while reading master key from keyboard"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:227
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:280
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:578
+msgid "while calculating master key salt"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:235
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:289
+#: ../../src/kadmin/dbutil/kdb5_util.c:431
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:590
+msgid "while transforming master key from password"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:245
+msgid "while initializing random key generator"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:250
+#, c-format
+msgid "while creating database '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:268
+msgid "while creating update log"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:279
+msgid "while initializing update log"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:294
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:602
+msgid "while adding entries to the database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:322
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:333
+#: ../../src/kadmin/dbutil/kdb5_stash.c:133
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:627
+msgid "while storing key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_create.c:323
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:334
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:628
+#, c-format
+msgid "Warning: couldn't stash master key.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:69
+#, c-format
+msgid "Deleting KDC database stored in '%s', are you sure?\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:71
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1111
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:360
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1434
+#, c-format
+msgid "(type 'yes' to confirm)? "
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:78
+#, c-format
+msgid "OK, deleting database '%s'...\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:83
+#, c-format
+msgid "deleting database '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_destroy.c:92
+#, c-format
+msgid "** Database '%s' destroyed.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:223
+#, c-format
+msgid "%s is an invalid enctype"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:245
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:421
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:564
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:941
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1102
+#, c-format
+msgid "while getting master key principal %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:251
+#, c-format
+msgid "Creating new master key for master key principal '%s'\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:254
+#, c-format
+msgid "You will be prompted for a new database Master Password.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:270
+msgid "while reading new master key from keyboard"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:299
+msgid "adding new master key to master principal"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:305
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:390
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:806
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1305
+msgid "while getting current time"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:312
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:522
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1312
+msgid "while updating the master key principal modification time"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:319
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:530
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1322
+msgid "while adding master key entry to the database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:371
+msgid "0 is an invalid KVNO value"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:382
+#, c-format
+msgid "%d is an invalid KVNO value"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:398
+#, c-format
+msgid "could not parse date-time string '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:430
+msgid "while looking up active version of master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:469
+msgid "while adding new master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:507
+msgid "there must be one master key currently active"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:515
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1291
+msgid "while updating actkvno data for master principal entry"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:556
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:903
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1072
+msgid "master keylist not initialized"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:572
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:949
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1199
+msgid "while looking up active kvno list"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:580
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:957
+msgid "while looking up active master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:592
+msgid "while getting enctype description"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:609
+#, c-format
+msgid "KVNO: %d, Enctype: %s, Active on: %s *\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:614
+#, c-format
+msgid "KVNO: %d, Enctype: %s, Active on: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:618
+#, c-format
+msgid "KVNO: %d, Enctype: %s, No activate time set\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:623
+msgid "asprintf could not allocate enough memory to hold output"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:756
+msgid "getting string representation of principal name"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:780
+#, c-format
+msgid "determining master key used for principal '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:786
+#, c-format
+msgid "would skip:   %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:788
+#, c-format
+msgid "skipping: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:794
+#, c-format
+msgid "would update: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:798
+#, c-format
+msgid "updating: %s\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:802
+#, c-format
+msgid "error re-encrypting key for principal '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:813
+#, c-format
+msgid "while updating principal '%s' modification time"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:820
+#, c-format
+msgid "while updating principal '%s' key data in the database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:852
+#, c-format
+msgid ""
+"\n"
+"(type 'yes' to confirm)? "
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:914
+#, c-format
+msgid "converting glob pattern '%s' to regular expression"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:932
+#, c-format
+msgid "error compiling converted regexp '%s'"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:965
+#, c-format
+msgid "Re-encrypt all keys not using master key vno %u?"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:967
+#, c-format
+msgid "OK, doing nothing.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:973
+#, c-format
+msgid "Principals whose keys WOULD BE re-encrypted to master key vno %u:\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:976
+#, c-format
+msgid ""
+"Principals whose keys are being re-encrypted to master key vno %u if "
+"necessary:\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:992
+msgid "trying to process principal database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:996
+#, c-format
+msgid "%u principals processed: %u would be updated, %u already current\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1000
+#, c-format
+msgid "%u principals processed: %u updated, %u already current\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1109
+#, c-format
+msgid ""
+"Will purge all unused master keys stored in the '%s' principal, are you "
+"sure?\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1120
+#, c-format
+msgid "OK, purging unused master keys from '%s'...\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1128
+#, c-format
+msgid "There is only one master key which can not be purged.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1137
+msgid "while allocating args.kvnos"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1153
+msgid "while finding master keys in use"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1162
+#, c-format
+msgid "Would purge the following master key(s) from %s:\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1165
+#, c-format
+msgid "Purging the following master key(s) from %s:\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1177
+msgid "master key stash file needs updating, command aborting"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1183
+#, c-format
+msgid "KVNO: %d\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1188
+#, c-format
+msgid "All keys in use, nothing purged.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1193
+#, c-format
+msgid "%d key(s) would be purged.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1206
+msgid "while looking up mkey aux data list"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1214
+msgid "while allocating key_data"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1299
+msgid "while updating mkey_aux data for master principal entry"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_mkey.c:1326
+#, c-format
+msgid "%d key(s) purged.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:97
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:542
+#, c-format
+msgid "while setting up enctype %d"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:123
+msgid "while getting master key list"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_stash.c:127
+#, c-format
+msgid "Using existing stashed keys to update stash file.\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:80
+#, c-format
+msgid ""
+"Usage: kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-kv mkeyVNO]\n"
+"\t        [-M mkeyname] [-m] [-sf stashfilename] [-P password]\n"
+"\t        [-x db_args]* cmd [cmd_options]\n"
+"\tcreate  [-s]\n"
+"\tdestroy [-f]\n"
+"\tstash   [-f keyfile]\n"
+"\tdump    [-b7|-r13|-r18] [-verbose]\n"
+"\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
+"\t        [-rev] [-recurse] [filename [princs...]]\n"
+"\tload    [-b7|-r13|-r18] [-hash] [-verbose] [-update] filename\n"
+"\tark     [-e etype_list] principal\n"
+"\tadd_mkey [-e etype] [-s]\n"
+"\tuse_mkey kvno [time]\n"
+"\tlist_mkeys\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:99
+#, c-format
+msgid ""
+"\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
+"\tpurge_mkeys [-f] [-n] [-v]\n"
+"\ttabdump [-H] [-c] [-e] [-n] [-o outfile] dumptype\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:215
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:264
+msgid "while initializing Kerberos code"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:221
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:271
+msgid "while creating sub-command arguments"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:239
+msgid "while parsing command arguments"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:245
+#: ../../src/kadmin/dbutil/kdb5_util.c:252
+msgid "while parsing command arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:263
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:295
+msgid "while setting default realm name"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:302
+#, c-format
+msgid ": %s is an invalid enctype"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:276
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:311
+#, c-format
+msgid ": %s is an invalid mkeyVNO"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:319
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:435
+msgid "while retrieving configuration parameters"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:378
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:841
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1449
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:568
+msgid "while initializing database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:395
+msgid "while retrieving master entry"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:414
+msgid "while calculated master key salt"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:446
+msgid "Warning: proceeding without master key"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:464
+msgid "while seeding random number generator"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:474
+#, c-format
+msgid "%s: Could not map log\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:503
+msgid "while closing database"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:550
+#, c-format
+msgid "while fetching principal %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:573
+msgid "while finding mkey"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:598
+msgid "while setting changetime"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:606
+#, c-format
+msgid "while saving principal %s"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/kdb5_util.c:610
+#, c-format
+msgid "%s changed\n"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/tabdump.c:573
+#, c-format
+msgid "opening %s for writing"
+msgstr ""
+
+#: ../../src/kadmin/dbutil/tabdump.c:655
+msgid "performing tabular dump"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:73
+#, c-format
+msgid "%s: invalid arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:78
+msgid "while freeing ktlist"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:89
+#, c-format
+msgid "%s: must specify keytab to read\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:94
+#, c-format
+msgid "while reading keytab \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:101
+#, c-format
+msgid "%s: reading srvtabs is no longer supported\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:112
+#, c-format
+msgid "%s: must specify keytab to write\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:117
+#, c-format
+msgid "while writing keytab \"%s\""
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:124
+#, c-format
+msgid "%s: writing srvtabs is no longer supported\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:171
+#, c-format
+msgid ""
+"usage: %s (-key | -password) -p principal -k kvno [-e enctype] [-f|-s salt]\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:176
+#, c-format
+msgid "enctype must be specified if not using -f\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:183
+msgid "while adding new entry"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:193
+#, c-format
+msgid "%s: must specify entry to delete\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:198
+#, c-format
+msgid "while deleting entry %d"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:226
+#, c-format
+msgid "%s: usage: %s [-t] [-k] [-e]\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil.c:265
+msgid "While converting enctype to string"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:196
+#, c-format
+msgid "Password for %.1000s"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:214
+#, c-format
+msgid "Key for %s (hex): "
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:226
+#, c-format
+msgid "addent: Error reading key.\n"
+msgstr ""
+
+#: ../../src/kadmin/ktutil/ktutil_funcs.c:234
+#, c-format
+msgid "addent: Illegal character in key.\n"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:240
+#, c-format
+msgid "%s: invalid restrictions: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:288
+#, c-format
+msgid "Unrecognized ACL operation '%c' in %s"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:296
+#, c-format
+msgid "Cannot parse client principal '%s'"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:304
+#, c-format
+msgid "Cannot parse target principal '%s'"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:400
+#, c-format
+msgid "%s while opening ACL file %s"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:403
+#, c-format
+msgid "Cannot open %s: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/auth_acl.c:419
+#: ../../src/kadmin/server/auth_acl.c:422
+#, c-format
+msgid "%s: syntax error at line %d <%.10s...>"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:49
+#, c-format
+msgid "Unauthorized request: %s, client=%s, service=%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:50
+#: ../../src/kadmin/server/ipropd_svc.c:224
+#, c-format
+msgid "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:164
+#: ../../src/kadmin/server/ipropd_svc.c:281
+#, c-format
+msgid "%s: server handle is NULL"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:174
+#: ../../src/kadmin/server/ipropd_svc.c:294
+#, c-format
+msgid "%s: setup_gss_names failed"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:182
+#: ../../src/kadmin/server/ipropd_svc.c:303
+#, c-format
+msgid "%s: out of memory recording principal names"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:207
+#, c-format
+msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=%lu"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:213
+#, c-format
+msgid "%s; Incoming SerialNo=%lu; Outgoing SerialNo=N/A"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:324
+#, c-format
+msgid "%s: getclhoststr failed"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:346
+#, c-format
+msgid "%s: cannot construct kdb5 util dump string too long; out of memory"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:366
+#, c-format
+msgid "%s: fork failed: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:378
+#, c-format
+msgid "%s: popen failed: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:392
+#, c-format
+msgid "%s: pclose(popen) failed: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:412
+#, c-format
+msgid "%s: exec failed: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:428
+#, c-format
+msgid "Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:490
+#: ../../src/kadmin/server/kadm_rpc_svc.c:299
+#, c-format
+msgid "check_rpcsec_auth: failed inquire_context, stat=%u"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:520
+#: ../../src/kadmin/server/kadm_rpc_svc.c:328
+#, c-format
+msgid "bad service principal %.*s%s"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:543
+#, c-format
+msgid "authentication attempt failed: %s, RPC authentication flavor %d"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:577
+#, c-format
+msgid "RPC unknown request: %d (%s)"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:585
+#, c-format
+msgid "RPC svc_getargs failed (%s)"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:595
+#, c-format
+msgid "RPC svc_sendreply failed (%s)"
+msgstr ""
+
+#: ../../src/kadmin/server/ipropd_svc.c:601
+#, c-format
+msgid "RPC svc_freeargs failed (%s)"
+msgstr ""
+
+#: ../../src/kadmin/server/kadm_rpc_svc.c:349
+#, c-format
+msgid "gss_to_krb5_name: failed display_name status %d"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:82
+#, c-format
+msgid ""
+"Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] [-port port-number]\n"
+"\t\t[-proponly] [-p path-to-kdb5_util] [-F dump-file]\n"
+"\t\t[-K path-to-kprop] [-k kprop-port] [-P pid_file]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - any number of database specific arguments.\n"
+"\t\t\tLook at each database documentation for supported arguments\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:106
+#, c-format
+msgid "%s: %s while %s, aborting\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:108
+#, c-format
+msgid "%s while %s, aborting\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:110
+#, c-format
+msgid "%s: %s, aborting\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:111
+#, c-format
+msgid "%s, aborting"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:278
+#, c-format
+msgid ""
+"WARNING! Forged/garbled request: %s, claimed client = %.*s%s, server = "
+"%.*s%s, addr = %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:284
+#, c-format
+msgid ""
+"WARNING! Forged/garbled request: %d, claimed client = %.*s%s, server = "
+"%.*s%s, addr = %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:298
+#, c-format
+msgid "Miscellaneous RPC error: %s, %s"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:314
+#, c-format
+msgid "%s Cannot decode status %d"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:332
+#, c-format
+msgid "Authentication attempt failed: %s, GSS-API error strings are:"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:337
+msgid "   GSS-API error strings complete."
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:375
+#, c-format
+msgid "%s: cannot initialize. Not enough memory\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:443
+#, c-format
+msgid "%s: %s while initializing context, aborting\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:454
+#: ../../src/kadmin/server/ovsec_kadmd.c:523
+msgid "initializing"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:458
+msgid "getting config parameters"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:460
+msgid "Missing required realm configuration"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:462
+msgid "Missing required ACL file configuration"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:464
+msgid "-proponly can only be used when iprop_enable is true"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:470
+msgid "initializing network"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:475
+msgid "Cannot build GSSAPI auth names"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:479
+msgid "Cannot set up KDB keytab"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:482
+msgid "Cannot set GSSAPI authentication names"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:499
+msgid "Cannot initialize GSSAPI service name"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:504
+msgid "initializing ACL file"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:512
+msgid "spawning daemon process"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:516
+msgid "creating PID file"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:530
+msgid "mapping update log"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:534
+#, c-format
+msgid "%s: create IPROP svc (PROG=%d, VERS=%d)\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:542
+msgid "starting"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:544 ../../src/kdc/main.c:1036
+#, c-format
+msgid "%s: starting...\n"
+msgstr ""
+
+#: ../../src/kadmin/server/ovsec_kadmd.c:547
+msgid "finished, exiting"
+msgstr ""
+
+#: ../../src/kadmin/server/schpw.c:273
+#, c-format
+msgid "setpw request from %s by %.*s%s for %.*s%s: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/schpw.c:278
+#, c-format
+msgid "chpw request from %s for %.*s%s: %s"
+msgstr ""
+
+#: ../../src/kadmin/server/schpw.c:446
+#, c-format
+msgid "chpw: Couldn't open admin keytab %s"
+msgstr ""
+
+#: ../../src/kadmin/server/server_stubs.c:396
+#, c-format
+msgid ""
+"Unauthorized request: %s, %.*s%s, client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/server_stubs.c:417
+#: ../../src/kadmin/server/server_stubs.c:695
+#: ../../src/kadmin/server/server_stubs.c:1570
+msgid "success"
+msgstr ""
+
+#: ../../src/kadmin/server/server_stubs.c:427
+#, c-format
+msgid "Request: %s, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/server_stubs.c:675
+#, c-format
+msgid ""
+"Unauthorized request: kadm5_rename_principal, %.*s%s to %.*s%s, "
+"client=%.*s%s, service=%.*s%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/server_stubs.c:690
+#, c-format
+msgid ""
+"Request: kadm5_rename_principal, %.*s%s to %.*s%s, %s, client=%.*s%s, "
+"service=%.*s%s, addr=%s"
+msgstr ""
+
+#: ../../src/kadmin/server/server_stubs.c:1566
+#, c-format
+msgid ""
+"Request: kadm5_init, %.*s%s, %s, client=%.*s%s, service=%.*s%s, addr=%s, "
+"vers=%d, flavor=%d"
+msgstr ""
+
+#: ../../src/kdc/do_as_req.c:278
+#, c-format
+msgid "AS_REQ : handle_authdata (%d)"
+msgstr ""
+
+#: ../../src/kdc/do_tgs_req.c:938
+msgid "not checking transit path"
+msgstr ""
+
+#: ../../src/kdc/do_tgs_req.c:1045
+#, c-format
+msgid "TGS_REQ : handle_authdata (%d)"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:57
+#, c-format
+msgid "%s while handling ap-request armor"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:65
+msgid "ap-request armor for something other than the local TGS"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:74
+msgid "ap-request armor without subkey"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:162
+msgid "Ap-request armor not permitted with TGS"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:169
+#, c-format
+msgid "Unknown FAST armor type %d"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:183
+msgid "No armor key but FAST armored request present"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:216
+msgid "FAST req_checksum invalid; request modified"
+msgstr ""
+
+#: ../../src/kdc/fast_util.c:222
+msgid "Unkeyed checksum used in fast_req"
+msgstr ""
+
+#: ../../src/kdc/kdc_audit.c:110
+#, c-format
+msgid "audit plugin %s failed to open. error=%i"
+msgstr ""
+
+#: ../../src/kdc/kdc_authdata.c:78
+#, c-format
+msgid "while loading authdata module %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:83
+#, c-format
+msgid "AS_REQ (%s) %s: ISSUE: authtime %u, %s, %s for %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:91
+#, c-format
+msgid "AS_REQ (%s) %s: %s: %s for %s%s%s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:154
+#, c-format
+msgid "TGS_REQ (%s) %s: %s: authtime %u, %s%s %s for %s%s%s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:163
+#, c-format
+msgid "... PROTOCOL-TRANSITION s4u-client=%s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:167
+#, c-format
+msgid "... CONSTRAINED-DELEGATION s4u-client=%s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:171
+#, c-format
+msgid "TGS_REQ %s: %s: authtime %u, %s for %s, 2nd tkt client %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:204
+#, c-format
+msgid "bad realm transit path from '%s' to '%s' via '%.*s%s'"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:210
+#, c-format
+msgid "unexpected error checking transit from '%s' to '%s' via '%.*s%s': %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:228
+msgid "TGS_REQ: issuing alternate <un-unparsable> TGT"
+msgstr ""
+
+#: ../../src/kdc/kdc_log.c:231
+#, c-format
+msgid "TGS_REQ: issuing TGT %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_preauth.c:215
+#, c-format
+msgid "preauth %s failed to initialize: %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_preauth.c:226
+#, c-format
+msgid "preauth %s failed to setup loop: %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_preauth.c:903
+#, c-format
+msgid "%spreauth required but hint list is empty"
+msgstr ""
+
+#: ../../src/kdc/kdc_preauth_ec.c:74
+msgid "Encrypted Challenge used outside of FAST tunnel"
+msgstr ""
+
+#: ../../src/kdc/kdc_preauth_ec.c:117
+msgid "Incorrect password in encrypted challenge"
+msgstr ""
+
+#: ../../src/kdc/kdc_util.c:179
+msgid "TGS_REQ: SESSION KEY or MUTUAL"
+msgstr ""
+
+#: ../../src/kdc/kdc_util.c:378
+#, c-format
+msgid "TGS_REQ: UNKNOWN SERVER: server='%s'"
+msgstr ""
+
+#: ../../src/kdc/kdc_util.c:541
+#, c-format
+msgid "Invalid pac_privsvr_enctype value %s"
+msgstr ""
+
+#: ../../src/kdc/kdc_util.c:882
+#, c-format
+msgid "Required auth indicators not present in ticket: %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:225
+#, c-format
+msgid "Requested master password enctype %s in %s is DEPRECATED!\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:241
+#, c-format
+msgid "while getting context for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:348
+#, c-format
+msgid "while setting default realm to %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:356
+#, c-format
+msgid "while initializing database for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:365
+#, c-format
+msgid "while setting up master key name %s for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:378
+#, c-format
+msgid "while fetching master key %s for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:387
+#, c-format
+msgid "Stash file %s uses DEPRECATED enctype %s!\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:394
+#, c-format
+msgid "while fetching master keys list for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:403
+#, c-format
+msgid "while resolving kdb keytab for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:412
+#, c-format
+msgid "while building TGS name for realm %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:502
+#, c-format
+msgid "creating %d worker processes"
+msgstr ""
+
+#: ../../src/kdc/main.c:512
+msgid "Unable to reinitialize main loop"
+msgstr ""
+
+#: ../../src/kdc/main.c:517
+#, c-format
+msgid "Unable to initialize signal handlers in pid %d"
+msgstr ""
+
+#: ../../src/kdc/main.c:547
+#, c-format
+msgid "worker %ld exited with status %d"
+msgstr ""
+
+#: ../../src/kdc/main.c:571
+#, c-format
+msgid "signal %d received in supervisor"
+msgstr ""
+
+#: ../../src/kdc/main.c:583
+#, c-format
+msgid ""
+"usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n"
+"\t\t[-T time_offset] [-m] [-k masterenctype]\n"
+"\t\t[-M masterkeyname] [-p port] [-P pid_file]\n"
+"\t\t[-n] [-w numworkers] [/]\n"
+"\n"
+"where,\n"
+"\t[-x db_args]* - Any number of database specific arguments.\n"
+"\t\t\tLook at each database module documentation for \t\t\tsupported "
+"arguments\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:656 ../../src/kdc/main.c:663 ../../src/kdc/main.c:778
+#, c-format
+msgid " KDC cannot initialize. Not enough memory\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:682 ../../src/kdc/main.c:725 ../../src/kdc/main.c:736
+#, c-format
+msgid "%s: KDC cannot initialize. Not enough memory\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:702 ../../src/kdc/main.c:815
+#, c-format
+msgid "%s: cannot initialize realm %s - see log file for details\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:713
+#, c-format
+msgid "%s: cannot initialize realm %s. Not enough memory\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:764
+#, c-format
+msgid "invalid enctype %s"
+msgstr ""
+
+#: ../../src/kdc/main.c:803
+msgid "while attempting to retrieve default realm"
+msgstr ""
+
+#: ../../src/kdc/main.c:805
+#, c-format
+msgid "%s: %s, attempting to retrieve default realm\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:911
+#, c-format
+msgid "%s: cannot get memory for realm list\n"
+msgstr ""
+
+#: ../../src/kdc/main.c:946
+msgid "while initializing lookaside cache"
+msgstr ""
+
+#: ../../src/kdc/main.c:954
+msgid "while creating main loop"
+msgstr ""
+
+#: ../../src/kdc/main.c:963
+msgid "while loading KDC policy plugin"
+msgstr ""
+
+#: ../../src/kdc/main.c:988
+msgid "while initializing signal handlers"
+msgstr ""
+
+#: ../../src/kdc/main.c:996
+msgid "while initializing network"
+msgstr ""
+
+#: ../../src/kdc/main.c:1006
+msgid "while detaching from tty"
+msgstr ""
+
+#: ../../src/kdc/main.c:1012
+msgid "while creating PID file"
+msgstr ""
+
+#: ../../src/kdc/main.c:1020
+msgid "creating worker processes"
+msgstr ""
+
+#: ../../src/kdc/main.c:1030
+msgid "while loading audit plugin module(s)"
+msgstr ""
+
+#: ../../src/kdc/main.c:1034
+msgid "commencing operation"
+msgstr ""
+
+#: ../../src/kdc/main.c:1041
+msgid "shutting down"
+msgstr ""
+
+#: ../../src/kdc/policy.c:230
+#, c-format
+msgid "while loading policy module %s"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:85
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-f file] [-d] [-P port] [-s keytab] replica_host\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:115
+#, c-format
+msgid "Database propagation to %s: SUCCEEDED\n"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:176
+msgid "while setting client principal name"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:185
+msgid "while setting server principal name"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:198
+msgid "while resolving keytab"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:206
+msgid "while getting initial credentials\n"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:242
+msgid "while creating socket"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:262
+msgid "while connecting to server"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:269 ../../src/kprop/kpropd.c:1196
+msgid "while getting local socket address"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:274
+msgid "while converting local address"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:296
+msgid "in krb5_auth_con_setaddrs"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:304
+msgid "while authenticating to server"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:308 ../../src/kprop/kprop.c:506
+#: ../../src/kprop/kpropd.c:1516
+#, c-format
+msgid "Generic remote error: %s\n"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:314 ../../src/kprop/kprop.c:512
+msgid "signalled from server"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:316 ../../src/kprop/kprop.c:514
+#, c-format
+msgid "Error text from server: %s\n"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:344
+#, c-format
+msgid "allocating database file name '%s'"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:350
+#, c-format
+msgid "while trying to open %s"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:357
+msgid "database locked"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:360 ../../src/kprop/kpropd.c:552
+#, c-format
+msgid "while trying to lock '%s'"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:364 ../../src/kprop/kprop.c:372
+#, c-format
+msgid "while trying to stat %s"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:368
+msgid "while trying to malloc data_ok_fn"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:377
+#, c-format
+msgid "'%s' more recent than '%s'."
+msgstr ""
+
+#: ../../src/kprop/kprop.c:393
+#, c-format
+msgid "while unlocking database '%s'"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:425 ../../src/kprop/kprop.c:426
+msgid "while encoding database size"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:434
+msgid "while sending database size"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:444
+msgid "while allocating i_vector"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:467
+#, c-format
+msgid "while sending database block starting at %<PRIu64>"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:477
+msgid "Premature EOF found for database file!"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:490
+msgid "while reading response from server"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:501
+msgid "while decoding error response from server"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:531
+msgid "malformed sent database size message"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:535
+#, c-format
+msgid "Kpropd sent database size %<PRIu64>, expecting %<PRIu64>"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:581
+msgid "while allocating filename for update_last_prop_file"
+msgstr ""
+
+#: ../../src/kprop/kprop.c:586
+#, c-format
+msgid "while creating 'last_prop' file, '%s'"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:171
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-r realm] [-s keytab] [-d] [-D] [-S]\n"
+"\t[-f replica_file] [-F kerberos_db_file ]\n"
+"\t[-p kdb5_util_pathname] [-x db_args]* [-P port]\n"
+"\t[-a acl_file] [-A admin_server] [--pid-file=pid_file]\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:231
+#, c-format
+msgid "Killing fullprop child (%d)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:260
+msgid "while checking if stdin is a socket"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:278
+#, c-format
+msgid "ready\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:284
+#, c-format
+msgid "Could not write pid file %s: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:296
+#, c-format
+msgid "Could not open /dev/null: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:303
+#, c-format
+msgid "Could not dup the inetd socket: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:338 ../../src/kprop/kpropd.c:351
+msgid "do_iprop failed.\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:390
+#, c-format
+msgid "getaddrinfo: %s\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:396
+msgid "while obtaining socket"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:402
+msgid "while setting SO_REUSEADDR option"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:410
+msgid "while unsetting IPV6_V6ONLY option"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:415
+msgid "while binding listener socket"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:426
+#, c-format
+msgid "waiting for a kprop connection\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:432
+msgid "while accepting connection"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:438
+msgid "while forking"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:453
+#, c-format
+msgid "waitpid() failed to wait for doit() (%d %s)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:457
+msgid "while waiting to receive database"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:461
+#, c-format
+msgid "Database load process for full propagation completed.\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:499
+#, c-format
+msgid ""
+"%s: Standard input does not appear to be a network socket.\n"
+"\t(Not run from inetd, and missing the -S option?)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:512
+msgid "while attempting setsockopt (SO_KEEPALIVE)"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:517
+#, c-format
+msgid "Connection from %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:537
+#, c-format
+msgid "Rejected connection from unauthorized principal %s\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:541
+#, c-format
+msgid "Rejected connection from unauthorized principal %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:558
+#, c-format
+msgid "while opening database file, '%s'"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:564
+#, c-format
+msgid "while renaming %s to %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:570
+#, c-format
+msgid "while downgrading lock on '%s'"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:577
+#, c-format
+msgid "while unlocking '%s'"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:589
+msgid "while sending # of received bytes"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:595
+msgid "while trying to close database file"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:650
+#, c-format
+msgid "Incremental propagation enabled\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:659
+#, c-format
+msgid "%s: unable to get kiprop host based service name for realm %s\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:669
+msgid "while trying to construct host service principal"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:686
+#, c-format
+msgid "Initializing kadm5 as client %s\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:700
+#, c-format
+msgid "kadm5 initialization failed!\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:709
+msgid "while attempting to connect to primary KDC ... retrying"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:713
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (RPC ERROR)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:729
+#, c-format
+msgid "while initializing %s interface, retrying"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:733
+#, c-format
+msgid "Sleeping %d seconds to re-initialize kadm5 (krb5kdc not running?)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:743
+#, c-format
+msgid "kadm5 initialization succeeded\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:765
+msgid "reading update log header"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:776
+#, c-format
+msgid "Calling iprop_get_updates_1 (sno=%u sec=%u usec=%u)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:786
+msgid "iprop_get_updates call failed"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:792
+#, c-format
+msgid "Reinitializing iprop because get updates failed\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:813
+#, c-format
+msgid "Still waiting for full resync\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:818
+#, c-format
+msgid "Full resync needed\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:819
+msgid "kpropd: Full resync needed."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:824
+msgid "iprop_full_resync call failed"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:835
+#, c-format
+msgid "Full resync request granted\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:836
+msgid "Full resync request granted."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:845
+#, c-format
+msgid "Exponential backoff\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:851
+#, c-format
+msgid "Full resync permission denied\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:852
+msgid "Full resync, permission denied."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:857
+#, c-format
+msgid "Full resync error from primary\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:858
+msgid " Full resync, error returned from primary KDC."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:866
+#, c-format
+msgid "Full resync invalid result from primary\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:868
+msgid "Full resync, invalid return from primary KDC."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:884
+#, c-format
+msgid "Got incremental updates (sno=%u sec=%u usec=%u)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:896
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:899
+#, c-format
+msgid "ulog_replay failed (%s), updates not registered."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:908
+#, c-format
+msgid "Incremental updates: %d updates / %lu us"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:911
+#, c-format
+msgid "Incremental updates: %d updates / %lu us\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:919
+#, c-format
+msgid "get_updates permission denied\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:920
+msgid "get_updates, permission denied."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:925
+#, c-format
+msgid "get_updates error from primary\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:927
+msgid "get_updates, error returned from primary KDC."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:935
+#, c-format
+msgid "get_updates primary busy; backoff\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:944
+#, c-format
+msgid "KDC is synchronized with primary.\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:953
+#, c-format
+msgid "get_updates invalid result from primary\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:956
+msgid "get_updates, invalid return from primary KDC."
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:971
+#, c-format
+msgid "Busy signal received from primary, backoff for %d secs\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:978
+#, c-format
+msgid "Waiting for %d seconds before checking for updates again\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:989
+#, c-format
+msgid "ERROR returned by primary, bailing\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:990
+msgid "ERROR returned by primary KDC, bailing.\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1109
+msgid "copying db args"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1134
+msgid "Unable to get default realm"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1141
+msgid "Unable to set default realm"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1151
+msgid "while trying to construct my service name"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1158
+msgid "while allocating filename for temp file"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1166
+msgid "while initializing"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1174
+msgid "Unable to map log!\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1216
+#, c-format
+msgid "Error in krb5_auth_con_ini: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1224
+#, c-format
+msgid "Error in krb5_auth_con_setflags: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1237
+#, c-format
+msgid "Error in krb5_auth_con_setaddrs: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1245
+#, c-format
+msgid "Error in krb5_kt_resolve: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1254
+#, c-format
+msgid "Error in krb5_recvauth: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1261
+#, c-format
+msgid "Error in krb5_copy_prinicpal: %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1278
+msgid "while unparsing ticket etype"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1282
+#, c-format
+msgid "authenticated client: %s (etype == %s)\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1362
+msgid "while reading size of database from client"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1372
+msgid "while decoding database size from client"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1380
+msgid "malformed database size message from client"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1392
+msgid "while initializing i_vector"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1397
+#, c-format
+msgid "Full propagation transfer started.\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1451
+#, c-format
+msgid "Full propagation transfer finished.\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1511
+msgid "while decoding error packet from client"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1520
+msgid "signaled from server"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1522
+#, c-format
+msgid "Error text from client: %s\n"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1571
+#, c-format
+msgid "while trying to fork %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1575
+#, c-format
+msgid "while trying to exec %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1582
+#, c-format
+msgid "while waiting for %s"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1588
+#, c-format
+msgid "%s load terminated"
+msgstr ""
+
+#: ../../src/kprop/kpropd.c:1594
+#, c-format
+msgid "%s returned a bad exit status (%d)"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:29
+#, c-format
+msgid ""
+"\n"
+"Usage: %s [-h] [-v] [-v] [-e num]\n"
+"\t%s -R\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:112
+#, c-format
+msgid ""
+"\n"
+"Couldn't allocate memory"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:206
+#, c-format
+msgid "\t\tAttribute flags\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:211
+#, c-format
+msgid "\t\tMaximum ticket life\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:216
+#, c-format
+msgid "\t\tMaximum renewable life\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:221
+#, c-format
+msgid "\t\tPrincipal expiration\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:226
+#, c-format
+msgid "\t\tPassword expiration\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:231
+#, c-format
+msgid "\t\tLast successful auth\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:236
+#, c-format
+msgid "\t\tLast failed auth\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:241
+#, c-format
+msgid "\t\tFailed passwd attempt\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:246
+#, c-format
+msgid "\t\tPrincipal\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:251
+#, c-format
+msgid "\t\tKey data\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:258
+#, c-format
+msgid "\t\tTL data\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:265
+#, c-format
+msgid "\t\tLength\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:270
+#, c-format
+msgid "\t\tPassword last changed\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:275
+#, c-format
+msgid "\t\tModifying principal\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:280
+#, c-format
+msgid "\t\tModification time\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:285
+#, c-format
+msgid "\t\tModified where\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:290
+#, c-format
+msgid "\t\tPassword policy\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:295
+#, c-format
+msgid "\t\tPassword policy switch\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:300
+#, c-format
+msgid "\t\tPassword history KVNO\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:305
+#, c-format
+msgid "\t\tPassword history\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:339
+#, c-format
+msgid ""
+"Corrupt update entry\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:344
+#, c-format
+msgid "Update Entry\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:346
+#, c-format
+msgid "\tUpdate serial # : %u\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:350
+#, c-format
+msgid "\tDummy entry\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:358
+#, c-format
+msgid ""
+"Entry data decode failure\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:362
+#, c-format
+msgid "\tUpdate operation : "
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:364
+#, c-format
+msgid "Delete\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:366
+#, c-format
+msgid "Add\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:370
+#, c-format
+msgid ""
+"Could not allocate principal name\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:376
+#, c-format
+msgid "\tUpdate principal : %s\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:378
+#, c-format
+msgid "\tUpdate size : %u\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:379
+#, c-format
+msgid "\tUpdate committed : %s\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:383
+#, c-format
+msgid "\tUpdate time stamp : None\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:385
+#, c-format
+msgid "\tUpdate time stamp : %s"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:389
+#, c-format
+msgid "\tAttributes changed : %d\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:462
+#, c-format
+msgid ""
+"Unable to initialize Kerberos\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:469
+#, c-format
+msgid ""
+"Couldn't read database_name\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:473
+#, c-format
+msgid ""
+"\n"
+"Kerberos update log (%s)\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:477 ../../src/kprop/kproplog.c:493
+#, c-format
+msgid ""
+"Unable to map log file %s\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:482
+#, c-format
+msgid ""
+"Couldn't reinitialize ulog file %s\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:486
+#, c-format
+msgid "Reinitialized the ulog.\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:499
+#, c-format
+msgid ""
+"Corrupt header log, exiting\n"
+"\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:503
+#, c-format
+msgid "Update log dump :\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:504
+#, c-format
+msgid "\tLog version # : %u\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:505
+#, c-format
+msgid "\tLog state : "
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:508
+#, c-format
+msgid "Stable\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:511
+#, c-format
+msgid "Unstable\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:514
+#, c-format
+msgid "Corrupt\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:517
+#, c-format
+msgid "Unknown state: %d\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:520
+#, c-format
+msgid "\tEntry block size : %u\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:521
+#, c-format
+msgid "\tNumber of entries : %u\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:524
+#, c-format
+msgid "\tLast serial # : None\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:527
+#, c-format
+msgid "\tFirst serial # : None\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:529
+#, c-format
+msgid "\tFirst serial # : "
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:533
+#, c-format
+msgid "\tLast serial # : "
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:538
+#, c-format
+msgid "\tLast time stamp : None\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:541
+#, c-format
+msgid "\tFirst time stamp : None\n"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:543
+#, c-format
+msgid "\tFirst time stamp : %s"
+msgstr ""
+
+#: ../../src/kprop/kproplog.c:547
+#, c-format
+msgid "\tLast time stamp : %s\n"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:231
+msgid "Got signal to request exit"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:245
+msgid "Got signal to reset"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:311
+#, c-format
+msgid "Invalid port %d"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:324
+#, c-format
+msgid "Removing address %s since wildcard address is being added"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:331
+msgid "Address already added to server"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:494
+#, c-format
+msgid "closing down fd %d"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:508
+#, c-format
+msgid "descriptor %d closed but still in svc_fdset"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:534
+msgid "cannot create io event"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:539
+msgid "cannot save event"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:559
+#, c-format
+msgid "file descriptor number %d too high"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:566
+msgid "cannot allocate storage for connection info"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:601
+#, c-format
+msgid "Cannot create TCP server socket on %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:610
+#, c-format
+msgid "TCP socket fd number %d (for %s) too high"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:617
+#, c-format
+msgid "Cannot enable SO_REUSEADDR on fd %d"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:622
+#, c-format
+msgid "setsockopt(%d,IPV6_V6ONLY,1) failed"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:625
+#, c-format
+msgid "setsockopt(%d,IPV6_V6ONLY,1) worked"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:628
+msgid "no IPV6_V6ONLY socket option support"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:634
+#, c-format
+msgid "Cannot bind server socket on %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:704
+#, c-format
+msgid "Setting up %s socket for address %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:717
+#, c-format
+msgid "Cannot listen on %s server socket on %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:726
+#, c-format
+msgid "cannot set listening %s socket on %s non-blocking"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:734
+#, c-format
+msgid "cannot set SO_LINGER on %s socket on %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:741
+#, c-format
+msgid "Setting pktinfo on socket %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:746
+#, c-format
+msgid "Cannot request packet info for UDP socket address %s port %d"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:748
+msgid ""
+"System does not support pktinfo yet binding to a wildcard address.  Packets "
+"are not guaranteed to return on the received address."
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:760
+msgid "Error attempting to add verto event"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:769
+#, c-format
+msgid "Cannot create RPC service: %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:779
+#, c-format
+msgid "Cannot register RPC service: %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:823
+msgid "No addresses added to the net server"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:845
+#, c-format
+msgid "Failed getting address info (for %s): %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:875
+#, c-format
+msgid "Failed setting up a %s socket (for %s)"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:916
+msgid "setting up network..."
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:919
+msgid "Error setting up network"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:922
+#, c-format
+msgid "set up %d sockets"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:925
+msgid "no sockets set up?"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:988
+#: ../../src/lib/apputils/net-server.c:1042
+msgid "while dispatching (udp)"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1017
+#, c-format
+msgid "while sending reply to %s/%s from %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1022
+#, c-format
+msgid "short reply write %d vs %d\n"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1067
+msgid "while receiving from network"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1110
+msgid "too many connections"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1128
+#, c-format
+msgid "dropping %s fd %d from %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1198
+#, c-format
+msgid "allocating buffer for new TCP session from %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1230
+msgid "while dispatching (tcp)"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1262
+msgid "error allocating tcp dispatch private!"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1309
+#, c-format
+msgid "TCP client %s wants %lu bytes, cap is %lu"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1317
+#, c-format
+msgid "error constructing KRB_ERR_FIELD_TOOLONG error! %s"
+msgstr ""
+
+#: ../../src/lib/apputils/net-server.c:1356
+#, c-format
+msgid "getsockname failed: %s"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:43
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:165
+msgid "A required input parameter could not be read"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:44
+msgid "A required input parameter could not be written"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:45
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:175
+msgid "A parameter was malformed"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:48
+msgid "calling error"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:59
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:195
+msgid "An unsupported mechanism was requested"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:60
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:199
+msgid "An invalid name was supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:61
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:203
+msgid "A supplied name was of an unsupported type"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:62
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:208
+msgid "Incorrect channel bindings were supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:63
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:179
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:274
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:334
+msgid "An invalid status code was supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:64
+msgid "A token had an invalid signature"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:65
+msgid "No credentials were supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:66
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:223
+msgid "No context has been established"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:67
+msgid "A token was invalid"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:68
+msgid "A credential was invalid"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:69
+msgid "The referenced credentials have expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:70
+msgid "The context has expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:71
+msgid "Miscellaneous failure"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:72
+msgid "The quality-of-protection requested could not be provided"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:73
+msgid "The operation is forbidden by the local security policy"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:74
+msgid "The operation or option is not available"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:77
+msgid "routine error"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:89
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:311
+msgid "The routine must be called again to complete its function"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:90
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:316
+msgid "The token was a duplicate of an earlier token"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:91
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:321
+msgid "The token's validity period has expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:92
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:325
+msgid "A later token has already been processed"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:95
+msgid "supplementary info code"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:106
+#: ../lib/krb5/error_tables/krb5_err.c:23
+msgid "No error"
+msgstr ""
+
+#: ../../src/lib/gssapi/generic/disp_major_status.c:107
+#, c-format
+msgid "Unknown %s (field = %d)"
+msgstr ""
+
+#: ../../src/lib/gssapi/krb5/acquire_cred.c:148
+#, c-format
+msgid "No key table entry found matching %s"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:161
+msgid "The routine completed successfully"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:170
+msgid "A required output parameter could not be written"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:212
+msgid "A token had an invalid Message Integrity Check (MIC)"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:217
+msgid ""
+"No credentials were supplied, or the credentials were unavailable or "
+"inaccessible"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:227
+msgid "Invalid token was supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:231
+msgid "Invalid credential was supplied"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:235
+msgid "The referenced credential has expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:239
+msgid "The referenced context has expired"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:243
+msgid "Unspecified GSS failure.  Minor code may provide more information"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:248
+msgid "The quality-of-protection (QOP) requested could not be provided"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:253
+msgid "The operation is forbidden by local security policy"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:258
+msgid "The operation or option is not available or unsupported"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:263
+msgid "The requested credential element already exists"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:268
+msgid "The provided name was not mechanism specific (MN)"
+msgstr ""
+
+#: ../../src/lib/gssapi/mechglue/g_dsp_status.c:329
+msgid "An expected per-message token was not received"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1750
+msgid "SPNEGO cannot find mechanisms to negotiate"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1752
+msgid "SPNEGO failed to acquire creds"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1754
+msgid "SPNEGO acceptor did not select a mechanism"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1756
+msgid "SPNEGO failed to negotiate a mechanism"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1758
+msgid "SPNEGO acceptor did not return a valid token"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1760
+msgid "Invalid NegoEx signature"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1762
+msgid "Invalid NegoEx message type"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1764
+msgid "Invalid NegoEx message size"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1766
+msgid "Invalid NegoEx conversation ID"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1768
+msgid "NegoEx authentication scheme not found"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1770
+msgid "Missing NegoEx negotiate message"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1772
+msgid "Missing NegoEx authentication protocol request message"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1774
+msgid "No mutually supported NegoEx authentication schemes"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1776
+msgid "No NegoEx verify key"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1778
+msgid "Unknown NegoEx checksum scheme"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1780
+msgid "Invalid NegoEx checksum"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1782
+msgid "Unsupported critical NegoEx extension"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1784
+msgid "Unsupported NegoEx version"
+msgstr ""
+
+#: ../../src/lib/gssapi/spnego/spnego_mech.c:1786
+msgid "NegoEx message out of sequence"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:54
+#, c-format
+msgid "%s: cannot parse <%s>\n"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:55
+#, c-format
+msgid "%s: warning - logging entry syntax error\n"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:56
+#, c-format
+msgid "%s: error writing to %s\n"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:57
+#, c-format
+msgid "%s: error writing to %s device\n"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:59
+msgid "EMERGENCY"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:60
+msgid "ALERT"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:61
+msgid "CRITICAL"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:62
+msgid "Error"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:63
+msgid "Warning"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:64
+msgid "Notice"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:65
+msgid "info"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:66
+msgid "debug"
+msgstr ""
+
+#: ../../src/lib/kadm5/logger.c:785
+#, c-format
+msgid "Couldn't open log file %s: %s\n"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/kadm5_hook.c:120
+#, c-format
+msgid "kadm5_hook %s failed postcommit %s: %s"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:106
+msgid "No dictionary file specified, continuing without one."
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_dict.c:113
+#, c-format
+msgid "WARNING!  Cannot find dictionary file %s, continuing without one."
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_empty.c:42
+msgid "Empty passwords are not allowed"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_hesiod.c:114
+msgid "Password may not match user information."
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/pwqual_princ.c:54
+msgid "Password may not match principal name"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/server_kdb.c:197
+msgid "History entry contains no key data"
+msgstr ""
+
+#: ../../src/lib/kadm5/srv/server_misc.c:128
+#, c-format
+msgid "password quality module %s rejected password for %s: %s"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:216
+msgid "No default realm set; cannot initialize KDB"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:370
+#, c-format
+msgid "Unable to find requested database type: %s"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:450 ../lib/krb5/error_tables/kdb5_err.c:55
+msgid "Unable to find requested database type"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:458
+msgid "plugin symbol 'kdb_function_table' lookup failed"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:466
+#, c-format
+msgid ""
+"Unable to load requested database module '%s': plugin symbol "
+"'kdb_function_table' not found"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:604
+msgid "Cannot initialize database library"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:1770
+#, c-format
+msgid "Illegal version number for KRB5_TL_MKEY_AUX %d\n"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb5.c:1942
+#, c-format
+msgid "Illegal version number for KRB5_TL_ACTKVNO %d\n"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_default.c:137
+#, c-format
+msgid "keyfile (%s) is not a regular file: %s"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_default.c:150
+msgid "Could not create temp keytab file name."
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_default.c:175
+#, c-format
+msgid "Temporary stash file already exists: %s."
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_default.c:203
+#, c-format
+msgid "rename of temporary keyfile (%s) to (%s) failed: %s"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_default.c:388
+#, c-format
+msgid "Can not fetch master key (error: %s)."
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_default.c:456
+msgid "Unable to decrypt latest master key with the provided master key\n"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_log.c:87
+msgid "could not sync ulog update to disk"
+msgstr ""
+
+#: ../../src/lib/kdb/kdb_log.c:101
+msgid "could not sync ulog header to disk"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:122
+#, c-format
+msgid "Subsidiary cache path %s has no parent directory"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:128
+#, c-format
+msgid "Subsidiary cache path %s filename does not begin with \"tkt\""
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:169
+#, c-format
+msgid "%s contains invalid filename"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:229
+#, c-format
+msgid "Credential cache directory %s does not exist"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:235
+#, c-format
+msgid "Credential cache directory %s exists but is not a directory"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_dir.c:400
+msgid ""
+"Can't create new subsidiary cache because default cache is not a directory "
+"collection"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_kcm.c:946
+#, c-format
+msgid "Credentials cache 'KCM:%s' not found"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1149
+msgid ""
+"Can't create new subsidiary cache because default cache is already a "
+"subsidiary"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cc_keyring.c:1217
+#, c-format
+msgid "Credentials cache keyring '%s' not found"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cccursor.c:207
+#, c-format
+msgid "Can't find client principal %s in cache collection"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cccursor.c:271
+msgid "No Kerberos credentials available"
+msgstr ""
+
+#: ../../src/lib/krb5/ccache/cccursor.c:277
+#, c-format
+msgid "No Kerberos credentials available (default cache: %s)"
+msgstr ""
+
+#: ../../src/lib/krb5/keytab/kt_file.c:389
+#, c-format
+msgid "No key table entry found for %s"
+msgstr ""
+
+#: ../../src/lib/krb5/keytab/kt_file.c:537
+#: ../../src/lib/krb5/keytab/kt_file.c:570
+msgid "Cannot change keytab with keytab iterators active"
+msgstr ""
+
+#: ../../src/lib/krb5/keytab/kt_file.c:757
+#, c-format
+msgid "Key table file '%s' not found"
+msgstr ""
+
+#: ../../src/lib/krb5/keytab/ktfns.c:129
+#, c-format
+msgid "Keytab %s is nonexistent or empty"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:250
+msgid "Malformed request error"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:253 ../lib/krb5/error_tables/kdb5_err.c:58
+msgid "Server error"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:256
+msgid "Authentication error"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:259
+msgid "Password change rejected"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:262
+msgid "Access denied"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:265
+msgid "Wrong protocol version"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:268
+msgid "Initial password required"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:271
+msgid "Success"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:274 ../lib/krb5/error_tables/krb5_err.c:257
+msgid "Password change failed"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:432
+msgid ""
+"The password must include numbers or symbols.  Don't include any part of "
+"your name in the password."
+msgstr ""
+
+#: ../../src/lib/krb5/krb/chpw.c:438
+#, c-format
+msgid "The password must contain at least %d character."
+msgid_plural "The password must contain at least %d characters."
+msgstr[0] ""
+msgstr[1] ""
+
+#: ../../src/lib/krb5/krb/chpw.c:447
+#, c-format
+msgid "The password must be different from the previous password."
+msgid_plural "The password must be different from the previous %d passwords."
+msgstr[0] ""
+msgstr[1] ""
+
+#: ../../src/lib/krb5/krb/chpw.c:459
+#, c-format
+msgid "The password can only be changed once a day."
+msgid_plural "The password can only be changed every %d days."
+msgstr[0] ""
+msgstr[1] ""
+
+#: ../../src/lib/krb5/krb/chpw.c:503
+msgid "Try a more complex password, or contact your administrator."
+msgstr ""
+
+#: ../../src/lib/krb5/krb/fast.c:216
+msgid "Error constructing AP-REQ armor"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/fast.c:394
+msgid "Failed to decrypt FAST reply"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/fast.c:400
+msgid "nonce modified in FAST response: KDC response modified"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/fast.c:466
+msgid "Expecting FX_ERROR pa-data inside FAST container"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/fast.c:537
+msgid "FAST response missing finish message in KDC reply"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/fast.c:550
+msgid "Ticket modified in KDC reply"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:198
+#, c-format
+msgid "KDC returned error string: %.*s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gc_via_tkt.c:207
+#, c-format
+msgid "Server %s not found in Kerberos database"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:202
+msgid "Reply has wrong form of session key for anonymous request"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1569
+#, c-format
+msgid "Warning: Your password will expire in less than one hour on %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1573
+#, c-format
+msgid "Warning: Your password will expire in %d hour%s on %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1577
+#, c-format
+msgid "Warning: Your password will expire in %d days on %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1607
+#, c-format
+msgid ""
+"Warning: encryption type %s used for authentication is deprecated and will "
+"be disabled"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1852
+msgid "Failed to store credentials"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/get_in_tkt.c:1947
+#, c-format
+msgid "Client '%s' not found in Kerberos database"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gic_keytab.c:221
+#, c-format
+msgid "Keytab contains no suitable keys for %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:75
+#, c-format
+msgid "Password for %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:301
+msgid "Password expired.  You must change it now."
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:320 ../../src/lib/krb5/krb/gic_pwd.c:324
+#, c-format
+msgid "%s.  Please try again."
+msgstr ""
+
+#: ../../src/lib/krb5/krb/gic_pwd.c:365
+#, c-format
+msgid "%.*s%s%s.  Please try again.\n"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/parse.c:202
+#, c-format
+msgid "Principal %s is missing required realm"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/parse.c:214
+#, c-format
+msgid "Principal %s has realm present"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/plugin.c:169
+#, c-format
+msgid "Invalid module specifier %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/plugin.c:416
+#, c-format
+msgid "Could not find %s plugin module named '%s'"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth2.c:313
+msgid "krb5_init_creds calls must use same library context"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth2.c:721
+msgid "Pre-authentication failed"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth2.c:1050
+msgid "Unable to initialize preauth context"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth2.c:1063
+#, c-format
+msgid "Preauth module %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_encts.c:71
+msgid "Encrypted timestamp is disabled"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:514
+msgid "Please choose from the following:\n"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:516
+msgid "Vendor:"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:526
+msgid "Enter #"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:562
+msgid "OTP Challenge:"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:591
+msgid "OTP Token PIN"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:705
+msgid "OTP value doesn't match any token formats"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:772
+msgid "Enter OTP Token Value"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_otp.c:918
+msgid "No supported tokens"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:49
+msgid "Challenge for Enigma Logic mechanism"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:53
+msgid "Challenge for Digital Pathways mechanism"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:57
+msgid "Challenge for Activcard mechanism"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:60
+msgid "Challenge for Enhanced S/Key mechanism"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:63
+msgid "Challenge for Traditional S/Key mechanism"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:66
+#: ../../src/lib/krb5/krb/preauth_sam2.c:69
+msgid "Challenge for Security Dynamics mechanism"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:72
+msgid "Challenge from authentication server"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/preauth_sam2.c:164
+msgid "SAM Authentication"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:146
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:151
+#, c-format
+msgid "Cannot find key for %s kvno %d in keytab (request ticket server %s)"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:176
+#, c-format
+msgid "Cannot decrypt ticket for %s using keytab key for %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:198
+#, c-format
+msgid "Server principal %s does not match request ticket server %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:227
+msgid "No keys in keytab"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:230
+#, c-format
+msgid "Server principal %s does not match any keys in keytab"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:237
+#, c-format
+msgid ""
+"Request ticket server %s found in keytab but does not match server principal "
+"%s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:242
+#, c-format
+msgid "Request ticket server %s not found in keytab (ticket kvno %d)"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:248
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; ticket is likely out "
+"of date"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:253
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d not found in keytab; keytab is likely out "
+"of date"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:262
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d found in keytab but not with enctype %s"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:267
+#, c-format
+msgid ""
+"Request ticket server %s kvno %d enctype %s found in keytab but cannot "
+"decrypt ticket"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/rd_req_dec.c:884
+#, c-format
+msgid "Encryption type %s not permitted"
+msgstr ""
+
+#: ../../src/lib/krb5/krb/s4u_creds.c:1043
+msgid "Realm specified but S4U2Proxy must use referral realm"
+msgstr ""
+
+#: ../../src/lib/krb5/os/expand_path.c:316
+#, c-format
+msgid "Can't find username for uid %lu"
+msgstr ""
+
+#: ../../src/lib/krb5/os/expand_path.c:405
+#: ../../src/lib/krb5/os/expand_path.c:421
+msgid "Invalid token"
+msgstr ""
+
+#: ../../src/lib/krb5/os/expand_path.c:506
+msgid "variable missing }"
+msgstr ""
+
+#: ../../src/lib/krb5/os/locate_kdc.c:818
+#, c-format
+msgid "Cannot find KDC for realm \"%.*s\""
+msgstr ""
+
+#: ../../src/lib/krb5/os/sendto_kdc.c:519
+#, c-format
+msgid "Cannot contact any KDC for realm '%.*s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:245
+#: ../../src/plugins/kdb/db2/kdb_db2.c:819
+#, c-format
+msgid "Unsupported argument \"%s\" for db2"
+msgstr ""
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:387
+#, c-format
+msgid "Cannot open DB2 database '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:989
+msgid "Recursive iteration is not supported for hash databases"
+msgstr ""
+
+#: ../../src/plugins/kdb/db2/kdb_db2.c:996
+msgid "Recursive iteration not supported in this version of libdb"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:69
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:851
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1052
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1459
+msgid "while reading kerberos container information"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:518
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:147
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:162
+msgid "while providing time specification"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:304
+msgid "while creating policy object"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1467
+msgid "while reading realm information"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:348
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:407
+msgid "while destroying policy object"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:358
+#, c-format
+msgid "This will delete the policy object '%s', are you sure?\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:473
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:663
+msgid "while modifying policy object"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:487
+#, c-format
+msgid "while reading information of policy '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:692
+msgid "while viewing policy"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:701
+#, c-format
+msgid "while viewing policy '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:835
+msgid "while listing policy objects"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:411
+#, c-format
+msgid "for subtree while creating realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:423
+#, c-format
+msgid "for container reference while creating realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:448
+#, c-format
+msgid "invalid search scope while creating realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:463
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:787
+#, c-format
+msgid "'%s' is an invalid option\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:471
+#, c-format
+msgid "Initializing database for realm '%s'\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:495
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:656
+#, c-format
+msgid "while creating realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:515
+#, c-format
+msgid "Enter DN of Kerberos container: "
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:550
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:858
+#, c-format
+msgid "while reading information of realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:694
+msgid "while reading Kerberos container information"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:737
+#, c-format
+msgid "for subtree while modifying realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:748
+#, c-format
+msgid "for container reference while modifying realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:776
+#, c-format
+msgid "specified for search scope while modifying information of realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:815
+#, c-format
+msgid "while modifying information of realm '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:904
+msgid "Realm Name"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:907
+msgid "Subtree"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:910
+msgid "Principal Container Reference"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:915
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:917
+msgid "SearchScope"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:915
+msgid "Invalid !"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:922
+msgid "KDC Services"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:937
+msgid "Admin Services"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:952
+msgid "Passwd Services"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:968
+msgid "Maximum Ticket Life"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:973
+msgid "Maximum Renewable Life"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:980
+msgid "Ticket flags"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1059
+msgid "while listing realms"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1391
+msgid "while adding entries to database"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1432
+#, c-format
+msgid "Deleting KDC database of '%s', are you sure?\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1443
+#, c-format
+msgid "OK, deleting database of '%s'...\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1476
+#, c-format
+msgid "deleting database of '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1481
+#, c-format
+msgid "** Database of '%s' destroyed.\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:79
+msgid "ldap_service_password_file not configured"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:124
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:131
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:141
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:169
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:239
+msgid "while setting service object password"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:148
+msgid "while getting service password filename"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:161
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:481
+#, c-format
+msgid "Password for \"%s\""
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:164
+#, c-format
+msgid "Re-enter password for \"%s\""
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:175
+#, c-format
+msgid "%s: Invalid password\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:185
+msgid "Failed to convert the password to hexadecimal"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:195
+#, c-format
+msgid "Failed to open file %s: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:217
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:259
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:268
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:295
+msgid "Failed to write service object password to file"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:223
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:280
+msgid "Error reading service object password file"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:248
+#, c-format
+msgid "Error creating file %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:105
+#, c-format
+msgid ""
+"Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri] [-r realm]\n"
+"\tcmd [cmd_options]\n"
+"create          [-subtrees subtree_dn_list] [-sscope search_scope]\n"
+"\t\t[-containerref container_reference_dn]\n"
+"\t\t[-m|-P password|-sf stashfilename] [-s]\n"
+"\t\t[-k mkeytype] [-kv mkeyVNO] [-M mkeyname]\n"
+"\t\t[-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
+"modify          [-subtrees subtree_dn_list] [-sscope search_scope]\n"
+"\t\t[-containerref container_reference_dn]\n"
+"\t\t[-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags]\n"
+"view\n"
+"destroy         [-f]\n"
+"list\n"
+"stashsrvpw      [-f filename] service_dn\n"
+"create_policy   [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"modify_policy   [-maxtktlife max_ticket_life]\n"
+"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+"view_policy     policy\n"
+"destroy_policy  [-force] policy\n"
+"list_policy\n"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:329
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:337
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:345
+msgid "while reading ldap parameters"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:443
+msgid "while initializing error handling"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:451
+msgid "while initializing ldap handle"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:465
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:474
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:487
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:529
+msgid "while retrieving ldap configuration"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:504
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:511
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:520
+msgid "while initializing server list"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:551
+msgid "while setting up lib handle"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:560
+msgid "while reading ldap configuration"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:68
+msgid "Unable to read Kerberos container"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:73
+msgid "Unable to read Realm"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:214
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:71
+msgid "Error processing LDAP DB params"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:220
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:77
+msgid "Error reading LDAP server params"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:64
+msgid "LDAP bind dn value missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:69
+msgid "LDAP bind password value missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:78
+msgid "Error reading password from stash"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:85
+msgid "Service password length is zero"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:145
+#, c-format
+msgid "Cannot bind to LDAP server '%s' with SASL mechanism '%s': %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:158
+#, c-format
+msgid "Cannot bind to LDAP server '%s' as '%s': %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:183
+#, c-format
+msgid "Cannot create LDAP handle for '%s': %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:56
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:67
+msgid "Error reading kerberos container location from krb5.conf"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c:75
+msgid "Kerberos container location not specified"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:56
+#, c-format
+msgid "Error reading '%s' attribute: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:219
+msgid "KDB module requires -update argument"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:225
+#, c-format
+msgid "'%s' value missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:283
+#, c-format
+msgid "unknown option '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:343
+msgid "Minimum connections required per server is 2"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:160
+msgid "Default realm not set"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:264
+msgid "DN information missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:476
+msgid "dn information missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:137
+msgid "Principal does not belong to realm"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:305
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:314
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:322
+#, c-format
+msgid "%s option not supported"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:329
+#, c-format
+msgid "unknown option: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:336
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:343
+#, c-format
+msgid "%s option value missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:676
+msgid "DN is out of the realm subtree"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:708
+msgid "ldap object is already kerberized"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:803
+msgid "Principal does not belong to the default realm"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:869
+#, c-format
+msgid ""
+"operation can not continue, more than one entry with principal name \"%s\" "
+"found"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:928
+#, c-format
+msgid "'%s' not found"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:992
+#, c-format
+msgid ""
+"link information can not be set/updated as the kerberos principal belongs to "
+"an ldap object"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1007
+#, c-format
+msgid "Failed getting object references"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1014
+#, c-format
+msgid "kerberos principal is already linked to a ldap object"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1340
+msgid "ticket policy object value: "
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1388
+#, c-format
+msgid "Principal delete failed (trying to replace entry): %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1398
+#, c-format
+msgid "Principal add failed: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1436
+#, c-format
+msgid "User modification failed: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1510
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:294
+msgid "Error reading ticket policy"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1640
+msgid "unable to decode stored principal key data"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1698
+msgid "unable to decode stored principal pw history"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:223
+msgid "Realm information not available"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:306
+#, c-format
+msgid "Realm Delete FAILED: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:386
+msgid "subtree value: "
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:403
+msgid "container reference value: "
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:486
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:549
+msgid "Kerberos Container information is missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:498
+msgid "Invalid Kerberos container DN"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:514
+#, c-format
+msgid "Kerberos Container create FAILED: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:557
+#, c-format
+msgid "Kerberos Container delete FAILED: %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:633
+msgid "realm object value: "
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:48
+msgid "Not a hexadecimal password"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:55
+msgid "Password corrupt"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:78
+#, c-format
+msgid "Cannot open LDAP password file '%s': %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:108
+#, c-format
+msgid "Bind DN entry '%s' missing in LDAP password file '%s'"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:66
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:142
+msgid "Ticket Policy Name missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:154
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231
+msgid "ticket policy object: "
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:219
+msgid "Ticket Policy Object information missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:311
+msgid "Ticket Policy Object DN missing"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:338
+msgid "Delete Failed: One or more Principals associated with the Ticket Policy"
+msgstr ""
+
+#: ../../src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:447
+msgid "Error reading container object"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:132
+#, c-format
+msgid "%s (path: %s): %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:164
+#, c-format
+msgid "Unsupported argument \"%s\" for LMDB"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:294
+msgid "LMDB environment open failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:319
+msgid "LMDB read failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:394
+msgid "LMDB write failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:418
+msgid "LMDB delete failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:521
+#, c-format
+msgid "LMDB file %s does not exist"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:566
+msgid "LMDB open failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:593
+#, c-format
+msgid "LMDB file %s already exists"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:658
+msgid "LMDB create error"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:676
+#, c-format
+msgid "Could not unlink %s"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:760
+#, c-format
+msgid "Unsupported argument \"%s\" for lmdb"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:806
+msgid "LMDB lockout write failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:882
+msgid "LMDB principal iteration failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:985
+msgid "LMDB policy iteration failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1016
+msgid "LMDB transaction commit failure"
+msgstr ""
+
+#: ../../src/plugins/kdb/lmdb/kdb_lmdb.c:1115
+msgid "LMDB lockout update failure"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_clnt.c:1088
+msgid "No pkinit_anchors supplied"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:920
+#, c-format
+msgid "%s: %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:950
+#, c-format
+msgid "%s (depth %d): %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1193
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4135
+msgid "Pass phrase for"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1479
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1489
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1743
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1753
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2224
+msgid "Failed to DER encode PKCS7"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1576
+msgid "Failed to verify own certificate"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1727
+msgid "Failed to add digest attribute"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1849
+msgid "Failed to decode CMS message"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1867
+msgid "Invalid pkinit packet: octet string expected"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1885
+msgid "wrong oid\n"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2037
+msgid "Failed to verify received certificate"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2068
+msgid "Failed to verify CMS message"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2212
+msgid "Failed to encrypt PKCS7 object"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2270
+msgid "Failed to decode PKCS7"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2288
+msgid "Failed to decrypt PKCS7 message"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2711
+msgid "Failed to fetch SSKDF"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2718
+msgid "Failed to instantiate SSKDF"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2731
+msgid "Failed to derive key using SSKDF"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2793
+msgid "Failed to compute digest"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4255
+#, c-format
+msgid "Cannot read certificate file '%s'"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4263
+#, c-format
+msgid "Cannot read key file '%s'"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5114
+#, c-format
+msgid "Cannot open file '%s'"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5121
+#, c-format
+msgid "Cannot read file '%s'"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:415
+#, c-format
+msgid "Unsupported type while processing '%s'\n"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:451
+msgid "Internal error parsing X509_user_identity\n"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_identity.c:552
+msgid "No user identity options specified"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:403
+#, c-format
+msgid "PKINIT: no freshness token, rejecting auth from %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:407
+#, c-format
+msgid "PKINIT: freshness token received from %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:409
+#, c-format
+msgid "PKINIT: no freshness token received from %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:512
+msgid "Pkinit request not signed, but client not anonymous."
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:546
+msgid "Anonymous pkinit without DH public value not supported."
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1082
+#, c-format
+msgid "No pkinit_identity supplied for realm %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1093
+#, c-format
+msgid "No pkinit_anchors supplied for realm %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1113
+#, c-format
+msgid "OCSP is not supported: (realm: %s)"
+msgstr ""
+
+#: ../../src/plugins/preauth/pkinit/pkinit_srv.c:1516
+msgid "No realms configured correctly for pkinit support"
+msgstr ""
+
+#: ../../src/plugins/preauth/spake/groups.c:237
+msgid "No SPAKE preauth groups configured"
+msgstr ""
+
+#: ../../src/plugins/preauth/spake/groups.c:257
+#, c-format
+msgid "SPAKE challenge group not a permitted group: %s"
+msgstr ""
+
+#: ../../src/plugins/preauth/spake/spake_kdc.c:534
+msgid "Unknown SPAKE request type"
+msgstr ""
+
+#: ../../src/util/support/errors.c:77
+msgid "Kerberos library initialization failure"
+msgstr ""
+
+#: ../../src/util/support/errors.c:83
+msgid "Error code translation unavailable"
+msgstr ""
+
+#: ../../src/util/support/errors.c:92
+#, c-format
+msgid "error %ld"
+msgstr ""
+
+#: ../../src/util/support/plugins.c:94 ../../src/util/support/plugins.c:116
+msgid "unknown failure"
+msgstr ""
+
+#: ../../src/util/support/plugins.c:96
+#, c-format
+msgid "unable to load plugin [%s]: %s"
+msgstr ""
+
+#: ../../src/util/support/plugins.c:142
+#, c-format
+msgid "unable to load DLL [%s]"
+msgstr ""
+
+#: ../../src/util/support/plugins.c:166
+#, c-format
+msgid "unable to get DLL Symbol: %s"
+msgstr ""
+
+#: ../../src/util/support/plugins.c:190
+msgid "plugin loading unavailable"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:23
+msgid "No @ in SERVICE-NAME name string"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:24
+msgid "STRING-UID-NAME contains nondigits"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:25
+msgid "UID does not resolve to username"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:26
+msgid "Validation error"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:27
+msgid "Couldn't allocate gss_buffer_t data"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:28
+msgid "Message context invalid"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:29
+msgid "Buffer is the wrong size"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:30
+msgid "Credential usage type is unknown"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:31
+msgid "Unknown quality of protection specified"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:32
+msgid "Local host name could not be determined"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:33
+msgid "Hostname in SERVICE-NAME string could not be canonicalized"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:34
+msgid "Mechanism is incorrect"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:35
+msgid "Token header is malformed or corrupt"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:36
+msgid "Packet was replayed in wrong direction"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:37
+msgid "Token is missing data"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:38
+msgid "Token was reflected"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:39
+msgid "Received token ID does not match expected token ID"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:40
+msgid "The given credential's usage does not match the requested usage"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:41
+msgid "Storing of acceptor credentials is not supported by the mechanism"
+msgstr ""
+
+#: ../lib/gssapi/generic/gssapi_err_generic.c:42
+msgid "Storing of non-default credentials is not supported by the mechanism"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:23
+msgid "Principal in credential cache does not match desired name"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:24
+msgid "No principal in keytab matches desired name"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:25
+msgid "Credential cache has no TGT"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:26
+msgid "Authenticator has no subkey"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:27
+msgid "Context is already fully established"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:28
+msgid "Unknown signature type in token"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:29
+msgid "Invalid field length in token"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:30
+msgid "Attempt to use incomplete security context"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:31
+msgid "Bad magic number for krb5_gss_ctx_id_t"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:32
+msgid "Bad magic number for krb5_gss_cred_id_t"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:33
+msgid "Bad magic number for krb5_gss_enc_desc"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:34
+msgid "Sequence number in token is corrupt"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:35
+msgid "Credential cache is empty"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:36
+msgid "Acceptor and Initiator share no checksum types"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:37
+msgid "Requested lucid context version not supported"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:38
+msgid "PRF input too long"
+msgstr ""
+
+#: ../lib/gssapi/krb5/gssapi_err_krb5.c:39
+msgid "Bad magic number for iakerb_ctx_id_t"
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:23
+msgid "while getting policy info."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:24
+msgid "while getting principal info."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:25
+msgid "New passwords do not match - password not changed.\n"
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:26
+msgid "New password"
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:27
+msgid "New password (again)"
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:28
+msgid ""
+"You must type a password. Passwords must be at least one character long.\n"
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:29
+msgid "yet no policy set!  Contact your system security administrator."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:31
+msgid ""
+"New password was found in a dictionary of possible passwords and\n"
+"therefore may be easily guessed. Please choose another password.\n"
+"See the kpasswd man page for help in choosing a good password."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:32
+msgid "Password not changed."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:33
+#, c-format
+msgid ""
+"New password is too short.\n"
+"Please choose a password which is at least %d characters long."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:34
+#, c-format
+msgid ""
+"New password does not have enough character classes.\n"
+"The character classes are:\n"
+"\t- lower-case letters,\n"
+"\t- upper-case letters,\n"
+"\t- digits,\n"
+"\t- punctuation, and\n"
+"\t- all other characters (e.g., control characters).\n"
+"Please choose a password with at least %d character classes."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:35
+#, c-format
+msgid ""
+"Password cannot be changed because it was changed too recently.\n"
+"Please wait until %s before you change it.\n"
+"If you need to change your password before then, contact your system\n"
+"security administrator."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:36
+msgid "New password was used previously. Please choose a different password."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:37
+msgid "while trying to change password."
+msgstr ""
+
+#: ../lib/kadm5/chpass_util_strings.c:38
+msgid "while reading new password."
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:23
+msgid "Operation failed for unspecified reason"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:24
+msgid "Operation requires ``get'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:25
+msgid "Operation requires ``add'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:26
+msgid "Operation requires ``modify'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:27
+msgid "Operation requires ``delete'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:28
+msgid "Insufficient authorization for operation"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:29 ../lib/kdb/adb_err.c:29
+msgid "Database inconsistency detected"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:30 ../lib/kdb/adb_err.c:24
+msgid "Principal or policy already exists"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:31
+msgid "Communication failure with server"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:32
+msgid "No administration server found for realm"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:33
+msgid "Password history principal key version mismatch"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:34
+msgid "Connection to server not initialized"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:35
+msgid "Principal does not exist"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:36
+msgid "Policy does not exist"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:37
+msgid "Invalid field mask for operation"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:38
+msgid "Invalid number of character classes"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:39
+msgid "Invalid password length"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:40
+msgid "Illegal policy name"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:41
+msgid "Illegal principal name"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:42
+msgid "Invalid auxiliary attributes"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:43
+msgid "Invalid password history count"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:44
+msgid "Password minimum life is greater than password maximum life"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:45
+msgid "Password is too short"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:46
+msgid "Password does not contain enough character classes"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:47
+msgid "Password is in the password dictionary"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:48
+msgid "Cannot reuse password"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:49
+msgid "Current password's minimum life has not expired"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:50 ../lib/krb5/error_tables/kdb5_err.c:67
+msgid "Policy is in use"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:51
+msgid "Connection to server already initialized"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:52
+msgid "Incorrect password"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:53
+msgid "Cannot change protected principal"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:54
+msgid "Programmer error! Bad Admin server handle"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:55
+msgid "Programmer error! Bad API structure version"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:56
+msgid ""
+"API structure version specified by application is no longer supported (to "
+"fix, recompile application against current KADM5 API header files and "
+"libraries)"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:57
+msgid ""
+"API structure version specified by application is unknown to libraries (to "
+"fix, obtain current KADM5 API header files and libraries and recompile "
+"application)"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:58
+msgid "Programmer error! Bad API version"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:59
+msgid ""
+"API version specified by application is no longer supported by libraries (to "
+"fix, update application to adhere to current API version and recompile)"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:60
+msgid ""
+"API version specified by application is no longer supported by server (to "
+"fix, update application to adhere to current API version and recompile)"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:61
+msgid ""
+"API version specified by application is unknown to libraries (to fix, obtain "
+"current KADM5 API header files and libraries and recompile application)"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:62
+msgid ""
+"API version specified by application is unknown to server (to fix, obtain "
+"and install newest KADM5 Admin Server)"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:63
+msgid "Database error! Required KADM5 principal missing"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:64
+msgid "The salt type of the specified principal does not support renaming"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:65
+msgid "Illegal configuration parameter for remote KADM5 client"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:66
+msgid "Illegal configuration parameter for local KADM5 client"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:67
+msgid "Operation requires ``list'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:68
+msgid "Operation requires ``change-password'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:69
+msgid "GSS-API (or Kerberos) error"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:70
+msgid "Programmer error! Illegal tagged data list type"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:71
+msgid "Required parameters in kdc.conf missing"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:72
+msgid "Bad krb5 admin server hostname"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:73
+msgid "Operation requires ``set-key'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:74
+msgid "Multiple values for single or folded enctype"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:75
+msgid "Invalid enctype for setv4key"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:76
+msgid "Mismatched enctypes for setkey3"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:77
+msgid "Missing parameters in krb5.conf required for kadmin client"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:78 ../lib/kdb/adb_err.c:30
+msgid "XDR encoding error"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:79
+msgid "Cannot resolve network address for admin server in requested realm"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:80
+msgid "Unspecified password quality failure"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:81
+msgid "Invalid key/salt tuples"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:82
+msgid "Invalid multiple or duplicate kvnos in setkey operation"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:83
+msgid "Operation requires ``extract-keys'' privilege"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:84
+msgid "Principal keys are locked down"
+msgstr ""
+
+#: ../lib/kadm5/kadm_err.c:85
+msgid "Operation requires initial ticket"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:23
+msgid "No Error"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:25
+msgid "Principal or policy does not exist"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:26
+msgid "Database not initialized"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:27
+msgid "Invalid policy name"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:28
+msgid "Invalid principal name"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:31
+msgid "Failure!"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:32
+msgid "Bad lock mode"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:33
+msgid "Cannot lock database"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:34
+msgid "Database not locked"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:35
+msgid "KADM5 administration database lock file missing"
+msgstr ""
+
+#: ../lib/kdb/adb_err.c:36
+msgid "Insufficient permission to lock file"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:23
+msgid "Plugin does not support interface version"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:24
+msgid "Invalid module specifier"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:25
+msgid "Plugin module name not found"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:26
+msgid "The KDC should discard this request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:27
+msgid "Can't create new subsidiary cache"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:28
+msgid "Invalid keyring anchor name"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:29
+msgid "Unknown keyring collection version"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:30
+msgid "Invalid UID in persistent keyring name"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:31
+msgid "Malformed reply from KCM daemon"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:32
+msgid "Mach RPC error communicating with KCM daemon"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:33
+msgid "KCM daemon reply too big"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:34
+msgid "No KCM server found"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:35
+msgid "Authorize and set hw-authent ticket flag"
+msgstr ""
+
+#: ../lib/krb5/error_tables/k5e1_err.c:36
+msgid "Set hw-authent ticket flag but do not authorize"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:24
+msgid "Client's entry in database has expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:25
+msgid "Server's entry in database has expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:26
+msgid "Requested protocol version not supported"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:27
+msgid "Client's key is encrypted in an old master key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:28
+msgid "Server's key is encrypted in an old master key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:29
+msgid "Client not found in Kerberos database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:30
+msgid "Server not found in Kerberos database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:31
+msgid "Principal has multiple entries in Kerberos database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:32
+msgid "Client or server has a null key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:33
+msgid "Ticket is ineligible for postdating"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:34
+msgid "Requested effective lifetime is negative or too short"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:35
+msgid "KDC policy rejects request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:36
+msgid "KDC can't fulfill requested option"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:37
+msgid "KDC has no support for encryption type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:38
+msgid "KDC has no support for checksum type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:39
+msgid "KDC has no support for padata type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:40
+msgid "KDC has no support for transited type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:41
+msgid "Client's credentials have been revoked"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:42
+msgid "Credentials for server have been revoked"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:43
+msgid "TGT has been revoked"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:44
+msgid "Client not yet valid - try again later"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:45
+msgid "Server not yet valid - try again later"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:46
+msgid "Password has expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:47
+msgid "Preauthentication failed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:48
+msgid "Additional pre-authentication required"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:49
+msgid "Requested server and ticket don't match"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:50
+msgid "Server principal valid for user2user only"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:51
+msgid "KDC policy rejects transited path"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:52
+msgid "A service is not available that is required to process the request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:53
+msgid "KRB5 error code 30"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:54
+msgid "Decrypt integrity check failed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:55
+msgid "Ticket expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:56
+msgid "Ticket not yet valid"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:57
+msgid "Request is a replay"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:58
+msgid "The ticket isn't for us"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:59
+msgid "Ticket/authenticator don't match"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:60
+msgid "Clock skew too great"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:61
+msgid "Incorrect net address"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:62
+msgid "Protocol version mismatch"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:63
+msgid "Invalid message type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:64
+msgid "Message stream modified"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:65
+msgid "Message out of order"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:66
+msgid "Illegal cross-realm ticket"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:67
+msgid "Key version is not available"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:68
+msgid "Service key not available"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:69
+#: ../lib/krb5/error_tables/krb5_err.c:181
+msgid "Mutual authentication failed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:70
+msgid "Incorrect message direction"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:71
+msgid "Alternative authentication method required"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:72
+msgid "Incorrect sequence number in message"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:73
+msgid "Inappropriate type of checksum in message"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:74
+msgid "Policy rejects transited path"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:75
+msgid "Response too big for UDP, retry with TCP"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:76
+msgid "KRB5 error code 53"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:77
+msgid "KRB5 error code 54"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:78
+msgid "KRB5 error code 55"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:79
+msgid "KRB5 error code 56"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:80
+msgid "KRB5 error code 57"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:81
+msgid "KRB5 error code 58"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:82
+msgid "KRB5 error code 59"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:83
+msgid "Generic error (see e-text)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:84
+msgid "Field is too long for this implementation"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:85
+msgid "Client not trusted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:86
+msgid "KDC not trusted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:87
+msgid "Invalid signature"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:88
+msgid "Key parameters not accepted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:89
+msgid "Certificate mismatch"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:90
+msgid "No ticket granting ticket"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:91
+msgid "Realm not local to KDC"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:92
+msgid "User to user required"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:93
+msgid "Can't verify certificate"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:94
+msgid "Invalid certificate"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:95
+msgid "Revoked certificate"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:96
+msgid "Revocation status unknown"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:97
+msgid "Revocation status unavailable"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:98
+msgid "Client name mismatch"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:99
+msgid "KDC name mismatch"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:100
+msgid "Inconsistent key purpose"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:101
+msgid "Digest in certificate not accepted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:102
+msgid "Checksum must be included"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:103
+msgid "Digest in signed-data not accepted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:104
+msgid "Public key encryption not supported"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:105
+msgid "KRB5 error code 82"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:106
+msgid "KRB5 error code 83"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:107
+msgid "KRB5 error code 84"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:108
+msgid "The IAKERB proxy could not find a KDC"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:109
+msgid "The KDC did not respond to the IAKERB proxy"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:110
+msgid "KRB5 error code 87"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:111
+msgid "KRB5 error code 88"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:112
+msgid "KRB5 error code 89"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:113
+msgid "Preauthentication expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:114
+msgid "More preauthentication data is required"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:115
+msgid "KRB5 error code 92"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:116
+msgid "An unsupported critical FAST option was requested"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:117
+msgid "KRB5 error code 94"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:118
+msgid "KRB5 error code 95"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:119
+msgid "KRB5 error code 96"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:120
+msgid "KRB5 error code 97"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:121
+msgid "KRB5 error code 98"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:122
+msgid "KRB5 error code 99"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:123
+msgid "No acceptable KDF offered"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:124
+msgid "KRB5 error code 101"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:125
+msgid "KRB5 error code 102"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:126
+msgid "KRB5 error code 103"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:127
+msgid "KRB5 error code 104"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:128
+msgid "KRB5 error code 105"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:129
+msgid "KRB5 error code 106"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:130
+msgid "KRB5 error code 107"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:131
+msgid "KRB5 error code 108"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:132
+msgid "KRB5 error code 109"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:133
+msgid "KRB5 error code 110"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:134
+msgid "KRB5 error code 111"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:135
+msgid "KRB5 error code 112"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:136
+msgid "KRB5 error code 113"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:137
+msgid "KRB5 error code 114"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:138
+msgid "KRB5 error code 115"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:139
+msgid "KRB5 error code 116"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:140
+msgid "KRB5 error code 117"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:141
+msgid "KRB5 error code 118"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:142
+msgid "KRB5 error code 119"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:143
+msgid "KRB5 error code 120"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:144
+msgid "KRB5 error code 121"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:145
+msgid "KRB5 error code 122"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:146
+msgid "KRB5 error code 123"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:147
+msgid "KRB5 error code 124"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:148
+msgid "KRB5 error code 125"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:149
+msgid "KRB5 error code 126"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:150
+msgid "KRB5 error code 127"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:151
+#: ../lib/krb5/error_tables/kdb5_err.c:23
+msgid "$Id$"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:152
+msgid "Invalid flag for file lock mode"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:153
+msgid "Cannot read password"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:154
+msgid "Password mismatch"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:155
+msgid "Password read interrupted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:156
+msgid "Illegal character in component name"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:157
+msgid "Malformed representation of principal"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:158
+msgid "Can't open/find Kerberos configuration file"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:159
+msgid "Improper format of Kerberos configuration file"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:160
+msgid "Insufficient space to return complete information"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:161
+msgid "Invalid message type specified for encoding"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:162
+msgid "Credential cache name malformed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:163
+msgid "Unknown credential cache type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:164
+msgid "Matching credential not found"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:165
+msgid "End of credential cache reached"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:166
+msgid "Request did not supply a ticket"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:167
+msgid "Wrong principal in request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:168
+msgid "Ticket has invalid flag set"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:169
+msgid "Requested principal and ticket don't match"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:170
+msgid "KDC reply did not match expectations"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:171
+msgid "Clock skew too great in KDC reply"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:172
+msgid "Client/server realm mismatch in initial ticket request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:173
+msgid "Program lacks support for encryption type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:174
+msgid "Program lacks support for key type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:175
+msgid "Requested encryption type not used in message"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:176
+msgid "Program lacks support for checksum type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:177
+msgid "Cannot find KDC for requested realm"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:178
+msgid "Kerberos service unknown"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:179
+msgid "Cannot contact any KDC for requested realm"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:180
+msgid "No local name found for principal name"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:182
+msgid "Replay cache type is already registered"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:183
+msgid "No more memory to allocate (in replay cache code)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:184
+msgid "Replay cache type is unknown"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:185
+msgid "Generic unknown RC error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:186
+msgid "Message is a replay"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:187
+msgid "Replay cache I/O operation failed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:188
+msgid "Replay cache type does not support non-volatile storage"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:189
+msgid "Replay cache name parse/format error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:190
+msgid "End-of-file on replay cache I/O"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:191
+msgid "No more memory to allocate (in replay cache I/O code)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:192
+msgid "Permission denied in replay cache code"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:193
+msgid "I/O error in replay cache i/o code"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:194
+msgid "Generic unknown RC/IO error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:195
+msgid "Insufficient system space to store replay information"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:196
+msgid "Can't open/find realm translation file"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:197
+msgid "Improper format of realm translation file"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:198
+msgid "Can't open/find lname translation database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:199
+msgid "No translation available for requested principal"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:200
+msgid "Improper format of translation database entry"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:201
+msgid "Cryptosystem internal error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:202
+msgid "Key table name malformed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:203
+msgid "Unknown Key table type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:204
+msgid "Key table entry not found"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:205
+msgid "End of key table reached"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:206
+msgid "Cannot write to specified key table"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:207
+msgid "Error writing to key table"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:208
+msgid "Cannot find ticket for requested realm"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:209
+msgid "DES key has bad parity"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:210
+msgid "DES key is a weak key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:211
+msgid "Bad encryption type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:212
+msgid "Key size is incompatible with encryption type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:213
+msgid "Message size is incompatible with encryption type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:214
+msgid "Credentials cache type is already registered."
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:215
+msgid "Key table type is already registered."
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:216
+msgid "Credentials cache I/O operation failed"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:217
+msgid "Credentials cache permissions incorrect"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:218
+msgid "No credentials cache found"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:219
+msgid "Internal credentials cache error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:220
+msgid "Error writing to credentials cache"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:221
+msgid "No more memory to allocate (in credentials cache code)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:222
+msgid "Bad format in credentials cache"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:223
+msgid "No credentials found with supported encryption types"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:224
+msgid "Invalid KDC option combination (library internal error)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:225
+msgid "Request missing second ticket"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:226
+msgid "No credentials supplied to library routine"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:227
+msgid "Bad sendauth version was sent"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:228
+msgid "Bad application version was sent (via sendauth)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:229
+msgid "Bad response (during sendauth exchange)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:230
+msgid "Server rejected authentication (during sendauth exchange)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:231
+msgid "Unsupported preauthentication type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:232
+msgid "Required preauthentication key not supplied"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:233
+msgid "Generic preauthentication failure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:234
+msgid "Unsupported replay cache format version number"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:235
+msgid "Unsupported credentials cache format version number"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:236
+msgid "Unsupported key table format version number"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:237
+msgid "Program lacks support for address type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:238
+msgid "Message replay detection requires rcache parameter"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:239
+msgid "Hostname cannot be canonicalized"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:240
+msgid "Cannot determine realm for host"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:241
+msgid "Conversion to service principal undefined for name type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:242
+msgid "Initial Ticket response appears to be Version 4 error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:243
+msgid "Cannot resolve network address for KDC in requested realm"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:244
+msgid "Requesting ticket can't get forwardable tickets"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:245
+msgid "Bad principal name while trying to forward credentials"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:246
+msgid "Looping detected inside krb5_get_in_tkt"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:247
+msgid "Configuration file does not specify default realm"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:248
+msgid "Bad SAM flags in obtain_sam_padata"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:249
+msgid "Invalid encryption type in SAM challenge"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:250
+msgid "Missing checksum in SAM challenge"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:251
+msgid "Bad checksum in SAM challenge"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:252
+msgid "Keytab name too long"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:253
+msgid "Key version number for principal in key table is incorrect"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:254
+msgid "This application has expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:255
+msgid "This Krb5 library has expired"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:256
+msgid "New password cannot be zero length"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:258
+msgid "Bad format in keytab"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:259
+msgid "Encryption type not permitted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:260
+msgid "No supported encryption types (config file error?)"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:261
+msgid "Program called an obsolete, deleted function"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:262
+msgid "unknown getaddrinfo failure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:263
+msgid "no data available for host/domain name"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:264
+msgid "host/domain name not found"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:265
+msgid "service name unknown"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:266
+msgid "Cannot determine realm for numeric host address"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:267
+msgid "Invalid key generation parameters from KDC"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:268
+msgid "service not available"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:269
+msgid "Ccache function not supported: read-only ccache type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:270
+msgid "Ccache function not supported: not implemented"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:271
+msgid "Invalid format of Kerberos lifetime or clock skew string"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:272
+msgid "Supplied data not handled by this plugin"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:273
+msgid "Plugin does not support the operation"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:274
+msgid "Invalid UTF-8 string"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:275
+msgid "FAST protected pre-authentication required but not supported by KDC"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:276
+msgid "Auth context must contain local address"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:277
+msgid "Auth context must contain remote address"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb5_err.c:278
+msgid "Tracing unsupported"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:24
+msgid "Entry already exists in database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:25
+msgid "Database store error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:26
+msgid "Database read error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:27
+msgid "Insufficient access to perform requested operation"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:28
+msgid "No such entry in the database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:29
+msgid "Illegal use of wildcard"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:30
+msgid "Database is locked or in use--try again later"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:31
+msgid "Database was modified during read"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:32
+msgid "Database record is incomplete or corrupted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:33
+msgid "Attempt to lock database twice"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:34
+msgid "Attempt to unlock database when not locked"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:35
+msgid "Invalid kdb lock mode"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:36
+msgid "Database has not been initialized"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:37
+msgid "Database has already been initialized"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:38
+msgid "Bad direction for converting keys"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:39
+msgid "Cannot find master key record in database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:40
+msgid "Master key does not match database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:41
+msgid "Key size in database is invalid"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:42
+msgid "Cannot find/read stored master key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:43
+msgid "Stored master key is corrupted"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:44
+msgid "Cannot find active master key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:45
+msgid "KVNO of new master key does not match expected value"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:46
+msgid "Stored master key is not current"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:47
+msgid "Insufficient access to lock database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:48
+msgid "Database format error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:49
+msgid "Unsupported version in database entry"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:50
+msgid "Unsupported salt type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:51
+msgid "Unsupported encryption type"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:52
+msgid "Bad database creation flags"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:53
+msgid "No matching key in entry having a permitted enctype"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:54
+msgid "No matching key in entry"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:56
+msgid "Database type not supported"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:57
+msgid "Database library failed to initialize"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:59
+msgid "Unable to access Kerberos database"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:60
+msgid "Kerberos database internal error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:61
+msgid "Kerberos database constraints violated"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:62
+msgid "Update log conversion error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:63
+msgid "Update log is unstable"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:64
+msgid "Update log is corrupt"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:65
+msgid "Generic update log error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:66
+msgid "Database module does not match KDC version"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kdb5_err.c:68
+msgid "Too much string mapping data"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:23
+msgid "ASN.1 failed call to system time library"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:24
+msgid "ASN.1 structure is missing a required field"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:25
+msgid "ASN.1 unexpected field number"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:26
+msgid "ASN.1 type numbers are inconsistent"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:27
+msgid "ASN.1 value too large"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:28
+msgid "ASN.1 encoding ended unexpectedly"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:29
+msgid "ASN.1 identifier doesn't match expected value"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:30
+msgid "ASN.1 length doesn't match expected value"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:31
+msgid "ASN.1 badly-formatted encoding"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:32
+msgid "ASN.1 parse error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:33
+msgid "ASN.1 bad return from gmtime"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:34
+msgid "ASN.1 indefinite encoding"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:35
+msgid "ASN.1 missing expected EOC"
+msgstr ""
+
+#: ../lib/krb5/error_tables/asn1_err.c:36
+msgid "ASN.1 object omitted in sequence"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:23
+msgid "Kerberos V5 magic number table"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:24
+msgid "Bad magic number for krb5_principal structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:25
+msgid "Bad magic number for krb5_data structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:26
+msgid "Bad magic number for krb5_keyblock structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:27
+msgid "Bad magic number for krb5_checksum structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:28
+msgid "Bad magic number for krb5_encrypt_block structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:29
+msgid "Bad magic number for krb5_enc_data structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:30
+msgid "Bad magic number for krb5_cryptosystem_entry structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:31
+msgid "Bad magic number for krb5_cs_table_entry structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:32
+msgid "Bad magic number for krb5_checksum_entry structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:33
+msgid "Bad magic number for krb5_authdata structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:34
+msgid "Bad magic number for krb5_transited structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:35
+msgid "Bad magic number for krb5_enc_tkt_part structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:36
+msgid "Bad magic number for krb5_ticket structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:37
+msgid "Bad magic number for krb5_authenticator structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:38
+msgid "Bad magic number for krb5_tkt_authent structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:39
+msgid "Bad magic number for krb5_creds structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:40
+msgid "Bad magic number for krb5_last_req_entry structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:41
+msgid "Bad magic number for krb5_pa_data structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:42
+msgid "Bad magic number for krb5_kdc_req structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:43
+msgid "Bad magic number for krb5_enc_kdc_rep_part structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:44
+msgid "Bad magic number for krb5_kdc_rep structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:45
+msgid "Bad magic number for krb5_error structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:46
+msgid "Bad magic number for krb5_ap_req structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:47
+msgid "Bad magic number for krb5_ap_rep structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:48
+msgid "Bad magic number for krb5_ap_rep_enc_part structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:49
+msgid "Bad magic number for krb5_response structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:50
+msgid "Bad magic number for krb5_safe structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:51
+msgid "Bad magic number for krb5_priv structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:52
+msgid "Bad magic number for krb5_priv_enc_part structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:53
+msgid "Bad magic number for krb5_cred structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:54
+msgid "Bad magic number for krb5_cred_info structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:55
+msgid "Bad magic number for krb5_cred_enc_part structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:56
+msgid "Bad magic number for krb5_pwd_data structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:57
+msgid "Bad magic number for krb5_address structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:58
+msgid "Bad magic number for krb5_keytab_entry structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:59
+msgid "Bad magic number for krb5_context structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:60
+msgid "Bad magic number for krb5_os_context structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:61
+msgid "Bad magic number for krb5_alt_method structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:62
+msgid "Bad magic number for krb5_etype_info_entry structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:63
+msgid "Bad magic number for krb5_db_context structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:64
+msgid "Bad magic number for krb5_auth_context structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:65
+msgid "Bad magic number for krb5_keytab structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:66
+msgid "Bad magic number for krb5_rcache structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:67
+msgid "Bad magic number for krb5_ccache structure"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:68
+msgid "Bad magic number for krb5_preauth_ops"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:69
+msgid "Bad magic number for krb5_sam_challenge"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:70
+msgid "Bad magic number for krb5_sam_challenge_2"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:71
+msgid "Bad magic number for krb5_sam_key"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:72
+#: ../lib/krb5/error_tables/kv5m_err.c:73
+msgid "Bad magic number for krb5_enc_sam_response_enc"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:74
+msgid "Bad magic number for krb5_sam_response"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:75
+msgid "Bad magic number for krb5_sam_response 2"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:76
+msgid "Bad magic number for krb5_predicted_sam_response"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:77
+msgid "Bad magic number for passwd_phrase_element"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:78
+msgid "Bad magic number for GSSAPI OID"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:79
+msgid "Bad magic number for GSSAPI QUEUE"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:80
+msgid "Bad magic number for fast armored request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:81
+msgid "Bad magic number for FAST request"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:82
+msgid "Bad magic number for FAST response"
+msgstr ""
+
+#: ../lib/krb5/error_tables/kv5m_err.c:83
+msgid "Bad magic number for krb5_authdata_context"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:23
+msgid "Cannot convert V5 keyblock"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:24
+msgid "Cannot convert V5 address information"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:25
+msgid "Cannot convert V5 principal"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:26
+msgid "V5 realm name longer than V4 maximum"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:27
+msgid "Kerberos V4 error"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:28
+msgid "Encoding too large"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:29
+msgid "Decoding out of data"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:30
+msgid "Service not responding"
+msgstr ""
+
+#: ../lib/krb5/error_tables/krb524_err.c:31
+msgid "Kerberos version 4 support is disabled"
+msgstr ""
diff --git a/krb5-1.21.3/src/prototype/prototype.c b/krb5-1.21.3/src/prototype/prototype.c
new file mode 100644
index 00000000..77cc8c21
--- /dev/null
+++ b/krb5-1.21.3/src/prototype/prototype.c
@@ -0,0 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* prototype/prototype.c - <<< One-line description of file >>> */
+/*
+ * Copyright (C) 2024 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * <<< Longer description of file >>>
+ */
diff --git a/krb5-1.21.3/src/prototype/prototype.h b/krb5-1.21.3/src/prototype/prototype.h
new file mode 100644
index 00000000..c6d42417
--- /dev/null
+++ b/krb5-1.21.3/src/prototype/prototype.h
@@ -0,0 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* prototype/prototype.h - <<< One-line description of file >>> */
+/*
+ * Copyright (C) 2024 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * <<< Longer description of file >>>
+ */
+
+#ifndef <<< include blocker>>>__
+#define <<< include blocker>>>__
+
+#endif /* __<<< include blocker>>>__ */
diff --git a/krb5-1.21.3/src/tests/Makefile.in b/krb5-1.21.3/src/tests/Makefile.in
new file mode 100644
index 00000000..e7cf64e0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/Makefile.in
@@ -0,0 +1,201 @@
+mydir=tests
+BUILDTOP=$(REL)..
+SUBDIRS = asn.1 create hammer verify gssapi shlib gss-threads misc threads \
+	softpkcs11
+
+RUN_DB_TEST = $(RUN_SETUP) KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf \
+	GSS_MECH_CONFIG=mech.conf LC_ALL=C $(VALGRIND)
+
+OBJS= adata.o conccache.o etinfo.o forward.o gcred.o hist.o hooks.o hrealm.o \
+	icinterleave.o icred.o kdbtest.o localauth.o plugorder.o rdreq.o \
+	replay.o responder.o s2p.o s4u2self.o s4u2proxy.o t_inetd.o \
+	unlockiter.o
+EXTRADEPSRCS= adata.c conccache.c etinfo.c forward.c gcred.c hist.c hooks.c \
+	hrealm.c icinterleave.c icred.c kdbtest.c localauth.c plugorder.c \
+	rdreq.c replay.c responder.c s2p.c s4u2self.c s4u2proxy.c t_inetd.c \
+	unlockiter.c
+
+TEST_DB = ./testdb
+TEST_REALM = FOO.TEST.REALM
+TEST_MKEY = footes
+TEST_NUM = 65
+TEST_DEPTH = 5
+TEST_PREFIX = "foo bar"
+
+KADMIN_OPTS= -d $(TEST_DB) -r $(TEST_REALM) -P $(TEST_MKEY)
+KTEST_OPTS= $(KADMIN_OPTS) -p $(TEST_PREFIX) -n $(TEST_NUM) -D $(TEST_DEPTH)
+
+adata: adata.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ adata.o $(KRB5_BASE_LIBS)
+
+conccache: conccache.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ conccache.o $(KRB5_BASE_LIBS)
+
+etinfo: etinfo.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ etinfo.o $(KRB5_BASE_LIBS)
+
+forward: forward.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ forward.o $(KRB5_BASE_LIBS)
+
+gcred: gcred.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ gcred.o $(KRB5_BASE_LIBS)
+
+hist: hist.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ hist.o $(KDB5_LIBS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+
+hooks: hooks.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ hooks.o $(KRB5_BASE_LIBS)
+
+hrealm: hrealm.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ hrealm.o $(KRB5_BASE_LIBS)
+
+icinterleave: icinterleave.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ icinterleave.o $(KRB5_BASE_LIBS)
+
+icred: icred.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ icred.o $(KRB5_BASE_LIBS)
+
+kdbtest: kdbtest.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ kdbtest.o $(KDB5_LIBS) $(KADMSRV_LIBS) \
+		$(KRB5_BASE_LIBS)
+
+localauth: localauth.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ localauth.o $(KRB5_BASE_LIBS)
+
+plugorder: plugorder.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ plugorder.o $(KRB5_BASE_LIBS)
+
+rdreq: rdreq.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ rdreq.o $(KRB5_BASE_LIBS)
+
+replay: replay.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ replay.o $(KRB5_BASE_LIBS)
+
+responder: responder.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ responder.o $(KRB5_BASE_LIBS)
+
+s2p: s2p.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ s2p.o $(KRB5_BASE_LIBS)
+
+s4u2self: s4u2self.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ s4u2self.o $(KRB5_BASE_LIBS)
+
+s4u2proxy: s4u2proxy.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ s4u2proxy.o $(KRB5_BASE_LIBS)
+
+t_inetd: t_inetd.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ t_inetd.o $(LIBS) $(KRB5_BASE_LIBS)
+
+unlockiter: unlockiter.o $(KDB5_DEPLIBS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ unlockiter.o $(KDB5_LIBS) $(KADMSRV_LIBS) \
+		$(KRB5_BASE_LIBS)
+
+all-unix: t_inetd
+
+check-unix: kdb_check
+
+kdc.conf: Makefile
+	rm -rf kdc.conf
+	@echo "[realms]" > kdc.conf
+	@echo "$(TEST_REALM) = {" >> kdc.conf
+	@echo "  key_stash_file = `pwd`/stash_file" >> kdc.conf
+	@echo "}" >> kdc.conf
+
+krb5.conf: Makefile
+	cat $(top_srcdir)/config-files/krb5.conf > krb5.new
+	echo "[dbmodules]" >> krb5.new
+	echo " db_module_dir = `pwd`/../plugins/kdb" >> krb5.new
+	mv krb5.new krb5.conf
+
+kdb_check: kdc.conf krb5.conf
+	$(RM) $(TEST_DB)*
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) create -W
+	$(RUN_DB_TEST) ../tests/create/kdb5_mkdums $(KTEST_OPTS)
+	$(RUN_DB_TEST) ../tests/verify/kdb5_verify $(KTEST_OPTS)
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
+	@echo "====> NOTE!"
+	@echo "The following 'create' command is needed due to a change"
+	@echo "in functionality caused by DAL integration.  See ticket 3973."
+	@echo ====
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) create -W
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) load $(TEST_DB).dump
+	$(RUN_DB_TEST) ../tests/verify/kdb5_verify $(KTEST_OPTS)
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) dump $(TEST_DB).dump2
+	sort $(TEST_DB).dump > $(TEST_DB).sort
+	sort $(TEST_DB).dump2 > $(TEST_DB).sort2
+	cmp $(TEST_DB).sort $(TEST_DB).sort2
+	$(RUN_DB_TEST) ../kadmin/dbutil/kdb5_util $(KADMIN_OPTS) destroy -f
+	$(RM) $(TEST_DB)* stash_file
+
+check-pytests: adata conccache etinfo forward gcred hist hooks hrealm
+check-pytests: icinterleave icred kdbtest localauth plugorder rdreq replay
+check-pytests: responder s2p s4u2proxy unlockiter s4u2self
+	$(RUNPYTEST) $(srcdir)/t_general.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_hooks.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_changepw.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_spake.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kadm5_auth.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_pwqual.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_hostrealm.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdb_locking.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_renprinc.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_sesskeynego.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_crossrealm.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_referral.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_skew.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_keytab.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kadmin.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kadmin_acl.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kadmin_parsing.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdb.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_keydata.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_mkey.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_rdreq.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_sn2princ.py $(PYTESTFLAGS) $(OFFLINE)
+	$(RUNPYTEST) $(srcdir)/t_cve-2012-1014.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_cve-2013-1417.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_cve-2021-36222.py $(PYTESTFLAGS)
+	$(RM) au.log
+	$(RUNPYTEST) $(srcdir)/t_audit.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \
+			-i au.log
+	$(RUNPYTEST) $(srcdir)/t_salt.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_etype_info.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdc_log.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_proxy.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_unlockiter.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_errmsg.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_authdata.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_preauth.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_princflags.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_tabdump.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_certauth.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_y2038.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdcpolicy.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_u2u.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_kdcoptions.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_replay.py $(PYTESTFLAGS)
+
+clean:
+	$(RM) adata conccache etinfo forward gcred hist hooks hrealm
+	$(RM) icinterleave icred kdbtest localauth plugorder rdreq replay
+	$(RM) responder s2p s4u2proxy s4u2self t_inetd unlockiter
+	$(RM) krb5.conf kdc.conf
+	$(RM) -rf kdc_realm/sandbox ldap
+	$(RM) au.log
diff --git a/krb5-1.21.3/src/tests/adata.c b/krb5-1.21.3/src/tests/adata.c
new file mode 100644
index 00000000..58981c97
--- /dev/null
+++ b/krb5-1.21.3/src/tests/adata.c
@@ -0,0 +1,381 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/adata.c - Test harness for KDC authorization data */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage: ./adata [-c ccname] [-p clientprinc] serviceprinc
+ *            [ad-type ad-contents ...]
+ *
+ * This program acquires credentials for the specified service principal, using
+ * the specified or default ccache, possibly including requested authdata.  The
+ * resulting ticket is decrypted using the default keytab, and the authdata in
+ * the ticket are displayed to stdout.
+ *
+ * In the requested authdata types, the type may be prefixed with '?' for an
+ * AD-IF-RELEVANT container, '!' for an AD-MANDATORY-FOR-KDC container, or '^'
+ * for an AD-KDC-ISSUED container checksummed with a random AES256 key.
+ * Multiple prefixes may be specified for nested container.
+ *
+ * In the output, authdata containers will be flattened and displayed with the
+ * above prefixes or '+' for an AD-CAMMAC container.  AD-KDC-ISSUED and
+ * AD-CAMMAC containers will be verified with the appropriate key.  Nested
+ * containers only display the prefix for the innermost container.
+ */
+
+#include <k5-int.h>
+#include <ctype.h>
+
+static krb5_context ctx;
+
+static void display_authdata_list(krb5_authdata **list,
+                                  krb5_enc_tkt_part *enc_tkt,
+                                  krb5_keyblock *tktkey, char prefix_byte,
+                                  krb5_boolean pac_ok);
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static krb5_authdatatype
+get_type_for_prefix(int prefix_byte)
+{
+    if (prefix_byte == '?')
+        return KRB5_AUTHDATA_IF_RELEVANT;
+    if (prefix_byte == '!')
+        return KRB5_AUTHDATA_MANDATORY_FOR_KDC;
+    if (prefix_byte == '^')
+        return KRB5_AUTHDATA_KDC_ISSUED;
+    if (prefix_byte == '+')
+        return KRB5_AUTHDATA_CAMMAC;
+    abort();
+}
+
+static int
+get_prefix_byte(krb5_authdata *ad)
+{
+    if (ad->ad_type == KRB5_AUTHDATA_IF_RELEVANT)
+        return '?';
+    if (ad->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC)
+        return '!';
+    if (ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED)
+        return '^';
+    if (ad->ad_type == KRB5_AUTHDATA_CAMMAC)
+        return '+';
+    abort();
+}
+
+/* Construct a container of type ad_type for the single authdata element
+ * content.  For KDC-ISSUED containers, use a random checksum key. */
+static krb5_authdata *
+make_container(krb5_authdatatype ad_type, krb5_authdata *content)
+{
+    krb5_authdata *list[2], **enclist, *ad;
+    krb5_keyblock kb;
+
+    list[0] = content;
+    list[1] = NULL;
+
+    if (ad_type == KRB5_AUTHDATA_KDC_ISSUED) {
+        check(krb5_c_make_random_key(ctx, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+                                     &kb));
+        check(krb5_make_authdata_kdc_issued(ctx, &kb, NULL, list, &enclist));
+        krb5_free_keyblock_contents(ctx, &kb);
+    } else {
+        check(krb5_encode_authdata_container(ctx, ad_type, list, &enclist));
+    }
+
+    /* Grab the first element from the encoded list and free the array. */
+    ad = enclist[0];
+    free(enclist);
+    return ad;
+}
+
+/* Parse typestr and contents into an authdata element. */
+static krb5_authdata *
+make_authdata(const char *typestr, const char *contents)
+{
+    krb5_authdata *inner_ad, *ad;
+
+    if (*typestr == '?' || *typestr == '!' || *typestr == '^') {
+        inner_ad = make_authdata(typestr + 1, contents);
+        ad = make_container(get_type_for_prefix(*typestr), inner_ad);
+        free(inner_ad->contents);
+        free(inner_ad);
+        return ad;
+    }
+
+    ad = malloc(sizeof(*ad));
+    assert(ad != NULL);
+    ad->magic = KV5M_AUTHDATA;
+    ad->ad_type = atoi(typestr);
+    ad->length = strlen(contents);
+    ad->contents = (unsigned char *)strdup(contents);
+    assert(ad->contents != NULL);
+    return ad;
+}
+
+static krb5_authdata **
+get_container_contents(krb5_authdata *ad, krb5_keyblock *skey,
+                       krb5_keyblock *tktkey)
+{
+    krb5_authdata **inner_ad;
+
+    if (ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED)
+        check(krb5_verify_authdata_kdc_issued(ctx, skey, ad, NULL, &inner_ad));
+    else if (ad->ad_type == KRB5_AUTHDATA_CAMMAC)
+        check(k5_unwrap_cammac_svc(ctx, ad, tktkey, &inner_ad));
+    else
+        check(krb5_decode_authdata_container(ctx, ad->ad_type, ad, &inner_ad));
+    return inner_ad;
+}
+
+static int
+compare_uint32(const void *p1, const void *p2)
+{
+    uint32_t t1 = *(uint32_t *)p1, t2 = *(uint32_t *)p2;
+
+    return (t1 > t2) ? 1 : (t1 == t2) ? 0 : -1;
+}
+
+static void
+display_pac(krb5_authdata *ad, krb5_enc_tkt_part *enc_tkt,
+            krb5_keyblock *tktkey)
+{
+    krb5_pac pac;
+    size_t tlen, i;
+    uint32_t *types;
+
+    assert(ad->ad_type == KRB5_AUTHDATA_WIN2K_PAC);
+    check(krb5_pac_parse(ctx, ad->contents, ad->length, &pac));
+
+    check(krb5_pac_verify(ctx, pac, enc_tkt->times.authtime, enc_tkt->client,
+                          tktkey, NULL));
+
+    check(krb5_pac_get_types(ctx, pac, &tlen, &types));
+    qsort(types, tlen, sizeof(*types), compare_uint32);
+
+    printf("[");
+    for (i = 0; i < tlen; i++) {
+        printf("%d", (int)types[i]);
+        if (i + 1 < tlen)
+            printf(", ");
+    }
+    printf("]");
+
+    free(types);
+    krb5_pac_free(ctx, pac);
+}
+
+/* Decode and display authentication indicator authdata. */
+static void
+display_auth_indicator(krb5_authdata *ad)
+{
+    krb5_data **strs = NULL, **p;
+
+    check(k5_authind_decode(ad, &strs));
+    assert(strs != NULL);
+
+    printf("[");
+    for (p = strs; *p != NULL; p++) {
+        printf("%.*s", (int)(*p)->length, (*p)->data);
+        if (*(p + 1) != NULL)
+            printf(", ");
+    }
+    printf("]");
+    k5_free_data_ptr_list(strs);
+}
+
+/* Display ad as either a hex dump or ASCII text. */
+static void
+display_binary_or_ascii(krb5_authdata *ad)
+{
+    krb5_boolean binary = FALSE;
+    unsigned char *p;
+
+    for (p = ad->contents; p < ad->contents + ad->length; p++) {
+        if (!isascii(*p) || !isprint(*p))
+            binary = TRUE;
+    }
+    if (binary) {
+        for (p = ad->contents; p < ad->contents + ad->length; p++)
+            printf("%02X", *p);
+    } else {
+        printf("%.*s", (int)ad->length, ad->contents);
+    }
+}
+
+/* Display the contents of an authdata element, prefixed by prefix_byte.  skey
+ * must be the ticket session key. */
+static void
+display_authdata(krb5_authdata *ad, krb5_enc_tkt_part *enc_tkt,
+                 krb5_keyblock *tktkey, int prefix_byte, krb5_boolean pac_ok)
+{
+    krb5_authdata **inner_ad;
+
+    if (ad->ad_type == KRB5_AUTHDATA_IF_RELEVANT ||
+        ad->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC ||
+        ad->ad_type == KRB5_AUTHDATA_KDC_ISSUED ||
+        ad->ad_type == KRB5_AUTHDATA_CAMMAC) {
+        if (ad->ad_type != KRB5_AUTHDATA_IF_RELEVANT)
+            pac_ok = FALSE;
+        /* Decode and display the contents. */
+        inner_ad = get_container_contents(ad, enc_tkt->session, tktkey);
+        display_authdata_list(inner_ad, enc_tkt, tktkey, get_prefix_byte(ad),
+                              pac_ok);
+        krb5_free_authdata(ctx, inner_ad);
+        return;
+    }
+
+    assert(pac_ok || ad->ad_type != KRB5_AUTHDATA_WIN2K_PAC);
+
+    printf("%c", prefix_byte);
+    printf("%d: ", (int)ad->ad_type);
+
+    if (ad->ad_type == KRB5_AUTHDATA_WIN2K_PAC)
+        display_pac(ad, enc_tkt, tktkey);
+    else if (ad->ad_type == KRB5_AUTHDATA_AUTH_INDICATOR)
+        display_auth_indicator(ad);
+    else
+        display_binary_or_ascii(ad);
+    printf("\n");
+}
+
+static void
+display_authdata_list(krb5_authdata **list, krb5_enc_tkt_part *tkt_enc,
+                      krb5_keyblock *tktkey, char prefix_byte,
+                      krb5_boolean pac_ok)
+{
+    if (list == NULL)
+        return;
+    /* Only expect a PAC in the first element, if at all. */
+    for (; *list != NULL; list++) {
+        display_authdata(*list, tkt_enc, tktkey, prefix_byte, pac_ok);
+        pac_ok = FALSE;
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *ccname = NULL, *clientname = NULL;
+    krb5_principal client, server;
+    krb5_ccache ccache;
+    krb5_keytab keytab;
+    krb5_creds in_creds, *creds;
+    krb5_ticket *ticket;
+    krb5_authdata **req_authdata = NULL, *ad;
+    krb5_keytab_entry ktent;
+    size_t count;
+    int c;
+
+    check(krb5_init_context(&ctx));
+
+    while ((c = getopt(argc, argv, "+c:p:")) != -1) {
+        switch (c) {
+        case 'c':
+            ccname = optarg;
+            break;
+        case 'p':
+            clientname = optarg;
+            break;
+        default:
+            abort();
+        }
+    }
+    argv += optind;
+    /* Parse arguments. */
+    assert(*argv != NULL);
+    check(krb5_parse_name(ctx, *argv++, &server));
+
+    count = 0;
+    for (; argv[0] != NULL && argv[1] != NULL; argv += 2) {
+        ad = make_authdata(argv[0], argv[1]);
+        req_authdata = realloc(req_authdata,
+                               (count + 2) * sizeof(*req_authdata));
+        assert(req_authdata != NULL);
+        req_authdata[count++] = ad;
+        req_authdata[count] = NULL;
+    }
+    assert(*argv == NULL);
+
+    if (ccname != NULL)
+        check(krb5_cc_resolve(ctx, ccname, &ccache));
+    else
+        check(krb5_cc_default(ctx, &ccache));
+
+    if (clientname != NULL)
+        check(krb5_parse_name(ctx, clientname, &client));
+    else
+        check(krb5_cc_get_principal(ctx, ccache, &client));
+
+    memset(&in_creds, 0, sizeof(in_creds));
+    in_creds.client = client;
+    in_creds.server = server;
+    in_creds.authdata = req_authdata;
+
+    check(krb5_get_credentials(ctx, KRB5_GC_NO_STORE, ccache, &in_creds,
+                               &creds));
+
+    assert(in_creds.authdata == NULL || creds->authdata != NULL);
+
+    check(krb5_decode_ticket(&creds->ticket, &ticket));
+    check(krb5_kt_default(ctx, &keytab));
+    check(krb5_kt_get_entry(ctx, keytab, ticket->server, ticket->enc_part.kvno,
+                            ticket->enc_part.enctype, &ktent));
+    check(krb5_decrypt_tkt_part(ctx, &ktent.key, ticket));
+
+    display_authdata_list(ticket->enc_part2->authorization_data,
+                          ticket->enc_part2, &ktent.key, ' ', TRUE);
+
+    while (count > 0) {
+        free(req_authdata[--count]->contents);
+        free(req_authdata[count]);
+    }
+    free(req_authdata);
+    krb5_free_keytab_entry_contents(ctx, &ktent);
+    krb5_free_creds(ctx, creds);
+    krb5_free_ticket(ctx, ticket);
+    krb5_free_principal(ctx, client);
+    krb5_free_principal(ctx, server);
+    krb5_cc_close(ctx, ccache);
+    krb5_kt_close(ctx, keytab);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/Makefile.in b/krb5-1.21.3/src/tests/asn.1/Makefile.in
new file mode 100644
index 00000000..eabe0bd0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/Makefile.in
@@ -0,0 +1,98 @@
+mydir=tests$(S)asn.1
+BUILDTOP=$(REL)..$(S)..
+LDAP=@LDAP@
+
+SRCS= $(srcdir)/krb5_encode_test.c $(srcdir)/krb5_decode_test.c \
+	$(srcdir)/krb5_decode_leak.c $(srcdir)/ktest.c \
+	$(srcdir)/ktest_equal.c $(srcdir)/utility.c \
+	$(srcdir)/trval.c $(srcdir)/t_trval.c
+
+ASN1SRCS= $(srcdir)/krb5.asn1 $(srcdir)/pkix.asn1 $(srcdir)/otp.asn1 \
+	$(srcdir)/pkinit.asn1 $(srcdir)/pkinit-agility.asn1 \
+	$(srcdir)/cammac.asn1 $(srcdir)/spake.asn1
+
+all: krb5_encode_test krb5_decode_test krb5_decode_leak t_trval
+
+ENCOBJS = krb5_encode_test.o ktest.o ktest_equal.o utility.o trval.o
+
+krb5_encode_test: $(ENCOBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o krb5_encode_test $(ENCOBJS) $(KRB5_BASE_LIBS)
+
+DECOBJS = krb5_decode_test.o ktest.o ktest_equal.o utility.o
+
+krb5_decode_test: $(DECOBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o krb5_decode_test $(DECOBJS) $(KRB5_BASE_LIBS)
+
+LEAKOBJS = krb5_decode_leak.o ktest.o ktest_equal.o utility.o
+
+krb5_decode_leak: $(LEAKOBJS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o krb5_decode_leak $(LEAKOBJS) $(KRB5_BASE_LIBS)
+
+t_trval: t_trval.o
+	$(CC) -o t_trval $(ALL_CFLAGS) t_trval.o
+
+check: check-encode check-encode-trval check-decode check-leak
+
+# Does not actually test for leaks unless using valgrind or a similar
+# tool, but does exercise a bunch of code.
+check-leak: krb5_decode_leak
+	$(RUN_TEST) ./krb5_decode_leak
+
+check-decode: krb5_decode_test
+	$(RUN_TEST) ./krb5_decode_test
+
+PKINIT_ENCODE_OUT=$(PKINIT_ENCODE_OUT-@PKINIT@)
+PKINIT_ENCODE_OUT-yes=$(srcdir)/pkinit_encode.out
+PKINIT_ENCODE_OUT-no=
+LDAP_ENCODE_OUT=$(LDAP_ENCODE_OUT-@LDAP@)
+LDAP_ENCODE_OUT-yes=$(srcdir)/ldap_encode.out
+LDAP_ENCODE_OUT-no=
+expected_encode.out: reference_encode.out pkinit_encode.out ldap_encode.out
+	cat $(srcdir)/reference_encode.out $(PKINIT_ENCODE_OUT) \
+		$(LDAP_ENCODE_OUT) > $@
+
+PKINIT_TRVAL_OUT=$(PKINIT_TRVAL_OUT-@PKINIT@)
+PKINIT_TRVAL_OUT-yes=$(srcdir)/pkinit_trval.out
+PKINIT_TRVAL_OUT-no=
+LDAP_TRVAL_OUT=$(LDAP_TRVAL_OUT-@LDAP@)
+LDAP_TRVAL_OUT-yes=$(srcdir)/ldap_trval.out
+LDAP_TRVAL_OUT-no=
+expected_trval.out: trval_reference.out pkinit_trval.out ldap_trval.out
+	cat $(srcdir)/trval_reference.out $(PKINIT_TRVAL_OUT) \
+		$(LDAP_TRVAL_OUT) > $@
+
+check-encode: krb5_encode_test expected_encode.out
+	$(RUN_TEST) ./krb5_encode_test > test.out
+	cmp test.out expected_encode.out
+
+check-encode-trval: krb5_encode_test expected_trval.out
+	$(RUN_TEST) ./krb5_encode_test -t > trval.out
+	cmp trval.out expected_trval.out
+
+# This target uses asn1c to generate encodings of sample objects, to
+# help ensure that our implementation is correct.  asn1c must be in the
+# path for this to work.
+test-vectors:
+	$(RM) -r vectors
+	mkdir vectors
+	cp $(ASN1SRCS) $(srcdir)/make-vectors.c vectors
+	(cd vectors && asn1c *.asn1 && rm converter-sample.c)
+	(cd vectors && $(CC) -I. -w *.c -o make-vectors)
+	(cd vectors && ./make-vectors)
+
+install:
+
+clean:
+	rm -f *~ *.o krb5_encode_test krb5_decode_test krb5_decode_leak test.out trval t_trval expected_encode.out expected_trval.out trval.out
+
+
+################ Dependencies ################
+krb5_decode_test.o: ktest.h utility.h ktest_equal.h debug.h
+krb5_encode_test.o: utility.h ktest.h debug.h
+trval.o: trval.c
+ktest.o: ktest.h utility.h
+ktest_equal.o: ktest_equal.h
+#utility.o: utility.h
+#utility.h: krbasn1.h asn1buf.h
+##############################################
+
diff --git a/krb5-1.21.3/src/tests/asn.1/README b/krb5-1.21.3/src/tests/asn.1/README
new file mode 100644
index 00000000..2c0c0980
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/README
@@ -0,0 +1,28 @@
+krb5_encode_test runs through all the functions declared in
+ src/include/krb5/asn.1/krb5_encode.h.  It passes various sample
+ inputs to each function and prints the result to standard
+ output.  This output should match the contents of the file
+ "reference_encode.out".
+
+ Each function is first run with a relatively simple, contrived
+ sample structure.  Then if the structure has any optional parts,
+ these parts are cleared and another run is made.
+
+ Some structures (namely, those containing a krb5_kdc_req_body)
+ have a third run, due to the fact that two of the kdc_req_body's
+ optional fields have mutually exclusive conditions under which
+ they may be omitted.
+
+
+krb5_decode_test runs through all the functions declared in
+ src/include/krb5/asn.1/krb5_decode.h.  It has the encodings in
+ reference_encode.out hard-coded into itself.  It sets up the
+ krb5 structures the same way krb5_encode_test does, then passes
+ its hard-coded encoding strings through the krb5 decoders.
+ 
+ The outputs of these functions are compared to the previously
+ set-up structures in memory, and the results are reported to
+ standard output.  If every line comes out prefixed by "OK: ",
+ then the decoders are working properly.  If any decoder produces
+ an anomalous output, then its output line will be prefixed by
+ "ERROR: "
diff --git a/krb5-1.21.3/src/tests/asn.1/cammac.asn1 b/krb5-1.21.3/src/tests/asn.1/cammac.asn1
new file mode 100644
index 00000000..2fc99760
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/cammac.asn1
@@ -0,0 +1,30 @@
+KerberosV5CAMMAC DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+      AuthorizationData, PrincipalName, Checksum, UInt32, Int32
+        FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+          dod(6) internet(1) security(5) kerberosV5(2)
+          modules(4) krb5spec2(2) };
+          -- as defined in RFC 4120.
+
+AD-CAMMAC                   ::= SEQUENCE {
+      elements              [0] AuthorizationData,
+      kdc-verifier          [1] Verifier-MAC OPTIONAL,
+      svc-verifier          [2] Verifier-MAC OPTIONAL,
+      other-verifiers       [3] SEQUENCE (SIZE (1..MAX))
+                                OF Verifier OPTIONAL
+}
+
+Verifier             ::= CHOICE {
+      mac            Verifier-MAC,
+      ...
+}
+
+Verifier-MAC         ::= SEQUENCE {
+      identifier     [0] PrincipalName OPTIONAL,
+      kvno           [1] UInt32 OPTIONAL,
+      enctype        [2] Int32 OPTIONAL,
+      mac            [3] Checksum
+}
+
+END
diff --git a/krb5-1.21.3/src/tests/asn.1/debug.h b/krb5-1.21.3/src/tests/asn.1/debug.h
new file mode 100644
index 00000000..12020164
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/debug.h
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/debug.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __DEBUG_H__
+#define __DEBUG_H__
+
+/*
+  assert utility macro for test programs:
+  If the predicate (pred) is true, then
+  OK: <message> is printed.  Otherwise,
+  ERROR: <message> is printed.
+
+  message should be a printf format string.
+*/
+
+#include <stdio.h>
+
+#define test(pred,message)                      \
+    if(pred) printf("OK: ");                    \
+    else { printf("ERROR: "); error_count++; }  \
+    printf(message);
+
+#endif
diff --git a/krb5-1.21.3/src/tests/asn.1/deps b/krb5-1.21.3/src/tests/asn.1/deps
new file mode 100644
index 00000000..0b44f44a
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/deps
@@ -0,0 +1,75 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)krb5_encode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h debug.h krb5_encode_test.c \
+  ktest.h utility.h
+$(OUTPRE)krb5_decode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h debug.h krb5_decode_test.c \
+  ktest.h ktest_equal.h utility.h
+$(OUTPRE)krb5_decode_leak.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h debug.h krb5_decode_leak.c \
+  ktest.h utility.h
+$(OUTPRE)ktest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktest.c ktest.h \
+  utility.h
+$(OUTPRE)ktest_equal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktest_equal.c \
+  ktest_equal.h
+$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h utility.c utility.h
+$(OUTPRE)trval.$(OBJEXT): trval.c
+$(OUTPRE)t_trval.$(OBJEXT): t_trval.c trval.c
diff --git a/krb5-1.21.3/src/tests/asn.1/krb5.asn1 b/krb5-1.21.3/src/tests/asn.1/krb5.asn1
new file mode 100644
index 00000000..f58637a6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/krb5.asn1
@@ -0,0 +1,392 @@
+KerberosV5Spec2 {
+        iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) kerberosV5(2) modules(4) krb5spec2(2)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+-- OID arc for KerberosV5
+--
+-- This OID may be used to identify Kerberos protocol messages
+-- encapsulated in other protocols.
+--
+-- This OID also designates the OID arc for KerberosV5-related OIDs.
+--
+-- NOTE: RFC 1510 had an incorrect value (5) for "dod" in its OID.
+id-krb5         OBJECT IDENTIFIER ::= {
+        iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) kerberosV5(2)
+}
+
+Int32           ::= INTEGER (-2147483648..2147483647)
+                    -- signed values representable in 32 bits
+
+UInt32          ::= INTEGER (0..4294967295)
+                    -- unsigned 32 bit values
+
+Microseconds    ::= INTEGER (0..999999)
+                    -- microseconds
+
+KerberosString  ::= GeneralString -- (IA5String)
+
+Realm           ::= KerberosString
+
+PrincipalName   ::= SEQUENCE {
+        name-type       [0] Int32,
+        name-string     [1] SEQUENCE OF KerberosString
+}
+
+KerberosTime    ::= GeneralizedTime -- with no fractional seconds
+
+HostAddress     ::= SEQUENCE  {
+        addr-type       [0] Int32,
+        address         [1] OCTET STRING
+}
+
+-- NOTE: HostAddresses is always used as an OPTIONAL field and
+-- should not be empty.
+HostAddresses   -- NOTE: subtly different from rfc1510,
+                -- but has a value mapping and encodes the same
+        ::= SEQUENCE OF HostAddress
+
+-- NOTE: AuthorizationData is always used as an OPTIONAL field and
+-- should not be empty.
+AuthorizationData       ::= SEQUENCE OF SEQUENCE {
+        ad-type         [0] Int32,
+        ad-data         [1] OCTET STRING
+}
+
+PA-DATA         ::= SEQUENCE {
+        -- NOTE: first tag is [1], not [0]
+        padata-type     [1] Int32,
+        padata-value    [2] OCTET STRING -- might be encoded AP-REQ
+}
+
+KerberosFlags   ::= BIT STRING (SIZE (32..MAX))
+                    -- minimum number of bits shall be sent,
+                    -- but no fewer than 32
+
+EncryptedData   ::= SEQUENCE {
+        etype   [0] Int32 -- EncryptionType --,
+        kvno    [1] UInt32 OPTIONAL,
+        cipher  [2] OCTET STRING -- ciphertext
+}
+
+EncryptionKey   ::= SEQUENCE {
+        keytype         [0] Int32 -- actually encryption type --,
+        keyvalue        [1] OCTET STRING
+}
+
+Checksum        ::= SEQUENCE {
+        cksumtype       [0] Int32,
+        checksum        [1] OCTET STRING
+}
+
+Ticket          ::= [APPLICATION 1] SEQUENCE {
+        tkt-vno         [0] INTEGER (5),
+        realm           [1] Realm,
+        sname           [2] PrincipalName,
+        enc-part        [3] EncryptedData -- EncTicketPart
+}
+
+-- Encrypted part of ticket
+EncTicketPart   ::= [APPLICATION 3] SEQUENCE {
+        flags                   [0] TicketFlags,
+        key                     [1] EncryptionKey,
+        crealm                  [2] Realm,
+        cname                   [3] PrincipalName,
+        transited               [4] TransitedEncoding,
+        authtime                [5] KerberosTime,
+        starttime               [6] KerberosTime OPTIONAL,
+        endtime                 [7] KerberosTime,
+        renew-till              [8] KerberosTime OPTIONAL,
+        caddr                   [9] HostAddresses OPTIONAL,
+        authorization-data      [10] AuthorizationData OPTIONAL
+}
+
+-- encoded Transited field
+TransitedEncoding       ::= SEQUENCE {
+        tr-type         [0] Int32 -- must be registered --,
+        contents        [1] OCTET STRING
+}
+
+TicketFlags     ::= KerberosFlags
+        -- reserved(0),
+        -- forwardable(1),
+        -- forwarded(2),
+        -- proxiable(3),
+        -- proxy(4),
+        -- may-postdate(5),
+        -- postdated(6),
+        -- invalid(7),
+        -- renewable(8),
+        -- initial(9),
+        -- pre-authent(10),
+        -- hw-authent(11),
+-- the following are new since 1510
+        -- transited-policy-checked(12),
+        -- ok-as-delegate(13)
+
+AS-REQ          ::= [APPLICATION 10] KDC-REQ
+
+TGS-REQ         ::= [APPLICATION 12] KDC-REQ
+
+KDC-REQ         ::= SEQUENCE {
+        -- NOTE: first tag is [1], not [0]
+        pvno            [1] INTEGER (5) ,
+        msg-type        [2] INTEGER (10 -- AS -- | 12 -- TGS --),
+        padata          [3] SEQUENCE OF PA-DATA OPTIONAL
+                            -- NOTE: not empty --,
+        req-body        [4] KDC-REQ-BODY
+}
+
+KDC-REQ-BODY    ::= SEQUENCE {
+        kdc-options             [0] KDCOptions,
+        cname                   [1] PrincipalName OPTIONAL
+                                    -- Used only in AS-REQ --,
+        realm                   [2] Realm
+                                    -- Server's realm
+                                    -- Also client's in AS-REQ --,
+        sname                   [3] PrincipalName OPTIONAL,
+        from                    [4] KerberosTime OPTIONAL,
+        till                    [5] KerberosTime,
+        rtime                   [6] KerberosTime OPTIONAL,
+        nonce                   [7] UInt32,
+        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
+                                    -- in preference order --,
+        addresses               [9] HostAddresses OPTIONAL,
+        enc-authorization-data  [10] EncryptedData OPTIONAL
+                                    -- AuthorizationData --,
+        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
+                                        -- NOTE: not empty
+}
+
+KDCOptions      ::= KerberosFlags
+        -- reserved(0),
+        -- forwardable(1),
+        -- forwarded(2),
+        -- proxiable(3),
+        -- proxy(4),
+        -- allow-postdate(5),
+        -- postdated(6),
+        -- unused7(7),
+        -- renewable(8),
+        -- unused9(9),
+        -- unused10(10),
+        -- opt-hardware-auth(11),
+        -- unused12(12),
+        -- unused13(13),
+-- 15 is reserved for canonicalize
+        -- unused15(15),
+-- 26 was unused in 1510
+        -- disable-transited-check(26),
+--
+        -- renewable-ok(27),
+        -- enc-tkt-in-skey(28),
+        -- renew(30),
+        -- validate(31)
+
+AS-REP          ::= [APPLICATION 11] KDC-REP
+
+TGS-REP         ::= [APPLICATION 13] KDC-REP
+
+KDC-REP         ::= SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (11 -- AS -- | 13 -- TGS --),
+        padata          [2] SEQUENCE OF PA-DATA OPTIONAL
+                                -- NOTE: not empty --,
+        crealm          [3] Realm,
+        cname           [4] PrincipalName,
+        ticket          [5] Ticket,
+        enc-part        [6] EncryptedData
+                                -- EncASRepPart or EncTGSRepPart,
+                                -- as appropriate
+}
+
+EncASRepPart    ::= [APPLICATION 25] EncKDCRepPart
+
+EncTGSRepPart   ::= [APPLICATION 26] EncKDCRepPart
+
+EncKDCRepPart   ::= SEQUENCE {
+        key             [0] EncryptionKey,
+        last-req        [1] LastReq,
+        nonce           [2] UInt32,
+        key-expiration  [3] KerberosTime OPTIONAL,
+        flags           [4] TicketFlags,
+        authtime        [5] KerberosTime,
+        starttime       [6] KerberosTime OPTIONAL,
+        endtime         [7] KerberosTime,
+        renew-till      [8] KerberosTime OPTIONAL,
+        srealm          [9] Realm,
+        sname           [10] PrincipalName,
+        caddr           [11] HostAddresses OPTIONAL
+}
+
+LastReq         ::=     SEQUENCE OF SEQUENCE {
+        lr-type         [0] Int32,
+        lr-value        [1] KerberosTime
+}
+
+AP-REQ          ::= [APPLICATION 14] SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (14),
+        ap-options      [2] APOptions,
+        ticket          [3] Ticket,
+        authenticator   [4] EncryptedData -- Authenticator
+}
+
+APOptions       ::= KerberosFlags
+        -- reserved(0),
+        -- use-session-key(1),
+        -- mutual-required(2)
+
+-- Unencrypted authenticator
+Authenticator   ::= [APPLICATION 2] SEQUENCE  {
+        authenticator-vno       [0] INTEGER (5),
+        crealm                  [1] Realm,
+        cname                   [2] PrincipalName,
+        cksum                   [3] Checksum OPTIONAL,
+        cusec                   [4] Microseconds,
+        ctime                   [5] KerberosTime,
+        subkey                  [6] EncryptionKey OPTIONAL,
+        seq-number              [7] UInt32 OPTIONAL,
+        authorization-data      [8] AuthorizationData OPTIONAL
+}
+
+AP-REP          ::= [APPLICATION 15] SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (15),
+        enc-part        [2] EncryptedData -- EncAPRepPart
+}
+
+EncAPRepPart    ::= [APPLICATION 27] SEQUENCE {
+        ctime           [0] KerberosTime,
+        cusec           [1] Microseconds,
+        subkey          [2] EncryptionKey OPTIONAL,
+        seq-number      [3] UInt32 OPTIONAL
+}
+
+KRB-SAFE        ::= [APPLICATION 20] SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (20),
+        safe-body       [2] KRB-SAFE-BODY,
+        cksum           [3] Checksum
+}
+
+KRB-SAFE-BODY   ::= SEQUENCE {
+        user-data       [0] OCTET STRING,
+        timestamp       [1] KerberosTime OPTIONAL,
+        usec            [2] Microseconds OPTIONAL,
+        seq-number      [3] UInt32 OPTIONAL,
+        s-address       [4] HostAddress,
+        r-address       [5] HostAddress OPTIONAL
+}
+
+KRB-PRIV        ::= [APPLICATION 21] SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (21),
+                        -- NOTE: there is no [2] tag
+        enc-part        [3] EncryptedData -- EncKrbPrivPart
+}
+
+EncKrbPrivPart  ::= [APPLICATION 28] SEQUENCE {
+        user-data       [0] OCTET STRING,
+        timestamp       [1] KerberosTime OPTIONAL,
+        usec            [2] Microseconds OPTIONAL,
+        seq-number      [3] UInt32 OPTIONAL,
+        s-address       [4] HostAddress -- sender's addr --,
+        r-address       [5] HostAddress OPTIONAL -- recip's addr
+}
+
+KRB-CRED        ::= [APPLICATION 22] SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (22),
+        tickets         [2] SEQUENCE OF Ticket,
+        enc-part        [3] EncryptedData -- EncKrbCredPart
+}
+
+EncKrbCredPart  ::= [APPLICATION 29] SEQUENCE {
+        ticket-info     [0] SEQUENCE OF KrbCredInfo,
+        nonce           [1] UInt32 OPTIONAL,
+        timestamp       [2] KerberosTime OPTIONAL,
+        usec            [3] Microseconds OPTIONAL,
+        s-address       [4] HostAddress OPTIONAL,
+        r-address       [5] HostAddress OPTIONAL
+}
+
+KrbCredInfo     ::= SEQUENCE {
+        key             [0] EncryptionKey,
+        prealm          [1] Realm OPTIONAL,
+        pname           [2] PrincipalName OPTIONAL,
+        flags           [3] TicketFlags OPTIONAL,
+        authtime        [4] KerberosTime OPTIONAL,
+        starttime       [5] KerberosTime OPTIONAL,
+        endtime         [6] KerberosTime OPTIONAL,
+        renew-till      [7] KerberosTime OPTIONAL,
+        srealm          [8] Realm OPTIONAL,
+        sname           [9] PrincipalName OPTIONAL,
+        caddr           [10] HostAddresses OPTIONAL
+}
+
+KRB-ERROR       ::= [APPLICATION 30] SEQUENCE {
+        pvno            [0] INTEGER (5),
+        msg-type        [1] INTEGER (30),
+        ctime           [2] KerberosTime OPTIONAL,
+        cusec           [3] Microseconds OPTIONAL,
+        stime           [4] KerberosTime,
+        susec           [5] Microseconds,
+        error-code      [6] Int32,
+        crealm          [7] Realm OPTIONAL,
+        cname           [8] PrincipalName OPTIONAL,
+        realm           [9] Realm -- service realm --,
+        sname           [10] PrincipalName -- service name --,
+        e-text          [11] KerberosString OPTIONAL,
+        e-data          [12] OCTET STRING OPTIONAL
+}
+
+METHOD-DATA     ::= SEQUENCE OF PA-DATA
+
+TYPED-DATA      ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+        data-type       [0] Int32,
+        data-value      [1] OCTET STRING OPTIONAL
+}
+
+-- preauth stuff follows
+
+PA-ENC-TIMESTAMP        ::= EncryptedData -- PA-ENC-TS-ENC
+
+PA-ENC-TS-ENC           ::= SEQUENCE {
+        patimestamp     [0] KerberosTime -- client's time --,
+        pausec          [1] Microseconds OPTIONAL
+}
+
+ETYPE-INFO-ENTRY        ::= SEQUENCE {
+        etype           [0] Int32,
+        salt            [1] OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO              ::= SEQUENCE OF ETYPE-INFO-ENTRY
+
+ETYPE-INFO2-ENTRY       ::= SEQUENCE {
+        etype           [0] Int32,
+        salt            [1] KerberosString OPTIONAL,
+        s2kparams       [2] OCTET STRING OPTIONAL
+}
+
+ETYPE-INFO2             ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
+
+AD-IF-RELEVANT          ::= AuthorizationData
+
+AD-KDCIssued            ::= SEQUENCE {
+        ad-checksum     [0] Checksum,
+        i-realm         [1] Realm OPTIONAL,
+        i-sname         [2] PrincipalName OPTIONAL,
+        elements        [3] AuthorizationData
+}
+
+AD-AND-OR               ::= SEQUENCE {
+        condition-count [0] Int32,
+        elements        [1] AuthorizationData
+}
+
+AD-MANDATORY-FOR-KDC    ::= AuthorizationData
+
+END
diff --git a/krb5-1.21.3/src/tests/asn.1/krb5_decode_leak.c b/krb5-1.21.3/src/tests/asn.1/krb5_decode_leak.c
new file mode 100644
index 00000000..2a5313b0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/krb5_decode_leak.c
@@ -0,0 +1,676 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/krb5_decode_leak.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This program is intended to help detect memory leaks in the ASN.1
+ * decoder functions by exercising their failure paths.  The setup
+ * code for the test cases is copied from krb5_encode_test.c.
+ *
+ * This code does not actually detect leaks by itself; it must be run
+ * through a leak-detection tool such as valgrind to do so.  Simply
+ * running the program will exercise a bunch of ASN.1 encoder and
+ * decoder code paths but won't validate the results.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "utility.h"
+#include "ktest.h"
+#include "debug.h"
+
+krb5_context test_context;
+
+/*
+ * Contrary to our usual convention, krb5_free_cred_enc_part is a
+ * contents-only free function (and is assumed to be by mk_cred and
+ * rd_cred) and we have no whole-structure free function for that data
+ * type.  So create one here.
+ */
+static void
+free_cred_enc_part_whole(krb5_context ctx,
+                         krb5_cred_enc_part *val)
+{
+    krb5_free_cred_enc_part(ctx, val);
+    free(val);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_data *code;
+    krb5_error_code retval;
+    unsigned int i;
+
+    retval = krb5_init_context(&test_context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+    init_access(argv[0]);
+
+#define encode_run(value,type,typestring,description,encoder)
+
+    /*
+     * Encode a value.  Then attempt to trigger most failure paths of
+     * the decoder function by passing in corrupt encodings, which we
+     * generate by perturbing each byte of the encoding in turn.  Some
+     * of the perturbed encodings are expected to decode successfully,
+     * so we need a free function to discard successful results.  Make
+     * sure to define a pointer named "tmp" of the correct type in the
+     * enclosing block.
+     */
+#define leak_test(value, encoder, decoder, freefn)              \
+    retval = encoder(&(value),&(code));                         \
+    if (retval) {                                               \
+        com_err("krb5_decode_leak", retval, "while encoding");  \
+        exit(1);                                                \
+    }                                                           \
+    for (i = 0; i < code->length; i++) {                        \
+        code->data[i] = (char)~((unsigned char)code->data[i]);  \
+        retval = decoder(code, &tmp);                           \
+        code->data[i] = (char)~((unsigned char)code->data[i]);  \
+        if (retval == 0)                                        \
+            freefn(test_context, tmp);                          \
+    }                                                           \
+    krb5_free_data(test_context, code);
+
+    /****************************************************************/
+    /* encode_krb5_authenticator */
+    {
+        krb5_authenticator authent, *tmp;
+
+        ktest_make_sample_authenticator(&authent);
+        leak_test(authent, encode_krb5_authenticator,
+                  decode_krb5_authenticator, krb5_free_authenticator);
+
+        ktest_destroy_checksum(&(authent.checksum));
+        ktest_destroy_keyblock(&(authent.subkey));
+        authent.seq_number = 0;
+        ktest_empty_authorization_data(authent.authorization_data);
+        leak_test(authent, encode_krb5_authenticator,
+                  decode_krb5_authenticator, krb5_free_authenticator);
+
+        ktest_destroy_authorization_data(&(authent.authorization_data));
+        leak_test(authent, encode_krb5_authenticator,
+                  decode_krb5_authenticator, krb5_free_authenticator);
+        ktest_empty_authenticator(&authent);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ticket */
+    {
+        krb5_ticket tkt, *tmp;
+
+        ktest_make_sample_ticket(&tkt);
+        leak_test(tkt, encode_krb5_ticket, decode_krb5_ticket,
+                  krb5_free_ticket);
+        ktest_empty_ticket(&tkt);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_encryption_key */
+    {
+        krb5_keyblock keyblk, *tmp;
+
+        ktest_make_sample_keyblock(&keyblk);
+        leak_test(keyblk, encode_krb5_encryption_key,
+                  decode_krb5_encryption_key, krb5_free_keyblock);
+        ktest_empty_keyblock(&keyblk);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_tkt_part */
+    {
+        krb5_ticket tkt;
+        krb5_enc_tkt_part *tmp;
+
+        memset(&tkt, 0, sizeof(krb5_ticket));
+        tkt.enc_part2 = ealloc(sizeof(krb5_enc_tkt_part));
+        ktest_make_sample_enc_tkt_part(tkt.enc_part2);
+
+        leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part,
+                  decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
+
+        tkt.enc_part2->times.starttime = 0;
+        tkt.enc_part2->times.renew_till = 0;
+        ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
+        ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
+        ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
+        ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
+
+        /* ISODE version fails on the empty caddrs field */
+        ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
+        ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
+
+        leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part,
+                  decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
+        ktest_empty_ticket(&tkt);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_kdc_rep_part */
+    {
+        krb5_kdc_rep kdcr;
+        krb5_enc_kdc_rep_part *tmp;
+
+        memset(&kdcr, 0, sizeof(kdcr));
+
+        kdcr.enc_part2 = ealloc(sizeof(krb5_enc_kdc_rep_part));
+        ktest_make_sample_enc_kdc_rep_part(kdcr.enc_part2);
+
+        leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part,
+                  decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
+
+        kdcr.enc_part2->key_exp = 0;
+        kdcr.enc_part2->times.starttime = 0;
+        kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
+        ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
+
+        leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part,
+                  decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
+
+        ktest_empty_kdc_rep(&kdcr);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_as_rep */
+    {
+        krb5_kdc_rep kdcr, *tmp;
+
+        ktest_make_sample_kdc_rep(&kdcr);
+        kdcr.msg_type = KRB5_AS_REP;
+        leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep,
+                  krb5_free_kdc_rep);
+
+        ktest_destroy_pa_data_array(&(kdcr.padata));
+        leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep,
+                  krb5_free_kdc_rep);
+
+        ktest_empty_kdc_rep(&kdcr);
+
+    }
+
+    /****************************************************************/
+    /* encode_krb5_tgs_rep */
+    {
+        krb5_kdc_rep kdcr, *tmp;
+
+        ktest_make_sample_kdc_rep(&kdcr);
+        kdcr.msg_type = KRB5_TGS_REP;
+        leak_test(kdcr, encode_krb5_tgs_rep, decode_krb5_tgs_rep,
+                  krb5_free_kdc_rep);
+
+        ktest_destroy_pa_data_array(&(kdcr.padata));
+        leak_test(kdcr, encode_krb5_tgs_rep, decode_krb5_tgs_rep,
+                  krb5_free_kdc_rep);
+
+        ktest_empty_kdc_rep(&kdcr);
+
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ap_req */
+    {
+        krb5_ap_req apreq, *tmp;
+
+        ktest_make_sample_ap_req(&apreq);
+        leak_test(apreq, encode_krb5_ap_req, decode_krb5_ap_req,
+                  krb5_free_ap_req);
+        ktest_empty_ap_req(&apreq);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ap_rep */
+    {
+        krb5_ap_rep aprep, *tmp;
+
+        ktest_make_sample_ap_rep(&aprep);
+        leak_test(aprep, encode_krb5_ap_rep, decode_krb5_ap_rep,
+                  krb5_free_ap_rep);
+        ktest_empty_ap_rep(&aprep);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ap_rep_enc_part */
+    {
+        krb5_ap_rep_enc_part apenc, *tmp;
+
+        ktest_make_sample_ap_rep_enc_part(&apenc);
+        leak_test(apenc, encode_krb5_ap_rep_enc_part,
+                  decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
+
+        ktest_destroy_keyblock(&(apenc.subkey));
+        apenc.seq_number = 0;
+        leak_test(apenc, encode_krb5_ap_rep_enc_part,
+                  decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
+        ktest_empty_ap_rep_enc_part(&apenc);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_as_req */
+    {
+        krb5_kdc_req asreq, *tmp;
+
+        ktest_make_sample_kdc_req(&asreq);
+        asreq.msg_type = KRB5_AS_REQ;
+        asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req,
+                  krb5_free_kdc_req);
+
+        ktest_destroy_pa_data_array(&(asreq.padata));
+        ktest_destroy_principal(&(asreq.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(asreq.server));
+#endif
+        asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        asreq.from = 0;
+        asreq.rtime = 0;
+        ktest_destroy_addresses(&(asreq.addresses));
+        ktest_destroy_enc_data(&(asreq.authorization_data));
+        leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req,
+                  krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(asreq.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(asreq.server));
+#endif
+        asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        leak_test(asreq, encode_krb5_as_req, decode_krb5_as_req,
+                  krb5_free_kdc_req);
+        ktest_empty_kdc_req(&asreq);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_tgs_req */
+    {
+        krb5_kdc_req tgsreq, *tmp;
+
+        ktest_make_sample_kdc_req(&tgsreq);
+        tgsreq.msg_type = KRB5_TGS_REQ;
+        tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req,
+                  krb5_free_kdc_req);
+
+        ktest_destroy_pa_data_array(&(tgsreq.padata));
+        ktest_destroy_principal(&(tgsreq.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(tgsreq.server));
+#endif
+        tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        tgsreq.from = 0;
+        tgsreq.rtime = 0;
+        ktest_destroy_addresses(&(tgsreq.addresses));
+        ktest_destroy_enc_data(&(tgsreq.authorization_data));
+        leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req,
+                  krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(tgsreq.server));
+#endif
+        tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        leak_test(tgsreq, encode_krb5_tgs_req, decode_krb5_tgs_req,
+                  krb5_free_kdc_req);
+        ktest_empty_kdc_req(&tgsreq);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_kdc_req_body */
+    {
+        krb5_kdc_req kdcrb, *tmp;
+
+        memset(&kdcrb, 0, sizeof(kdcrb));
+        ktest_make_sample_kdc_req_body(&kdcrb);
+        kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+                  krb5_free_kdc_req);
+
+        ktest_destroy_principal(&(kdcrb.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(kdcrb.server));
+#endif
+        kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        kdcrb.from = 0;
+        kdcrb.rtime = 0;
+        ktest_destroy_addresses(&(kdcrb.addresses));
+        ktest_destroy_enc_data(&(kdcrb.authorization_data));
+        leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+                  krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(kdcrb.server));
+#endif
+        kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        leak_test(kdcrb, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+                  krb5_free_kdc_req);
+        ktest_empty_kdc_req(&kdcrb);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_safe */
+    {
+        krb5_safe s, *tmp;
+
+        ktest_make_sample_safe(&s);
+        leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe);
+
+        s.timestamp = 0;
+        /* s.usec should be opted out by the timestamp */
+        s.seq_number = 0;
+        ktest_destroy_address(&(s.r_address));
+        leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe);
+        ktest_empty_safe(&s);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_priv */
+    {
+        krb5_priv p, *tmp;
+
+        ktest_make_sample_priv(&p);
+        leak_test(p, encode_krb5_priv, decode_krb5_priv, krb5_free_priv);
+        ktest_empty_priv(&p);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_priv_part */
+    {
+        krb5_priv_enc_part ep, *tmp;
+
+        ktest_make_sample_priv_enc_part(&ep);
+        leak_test(ep, encode_krb5_enc_priv_part, decode_krb5_enc_priv_part,
+                  krb5_free_priv_enc_part);
+
+        ep.timestamp = 0;
+        /* ep.usec should be opted out along with timestamp */
+        ep.seq_number = 0;
+        ktest_destroy_address(&(ep.r_address));
+        leak_test(ep, encode_krb5_enc_priv_part, decode_krb5_enc_priv_part,
+                  krb5_free_priv_enc_part);
+        ktest_empty_priv_enc_part(&ep);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_cred */
+    {
+        krb5_cred c, *tmp;
+
+        ktest_make_sample_cred(&c);
+        leak_test(c, encode_krb5_cred, decode_krb5_cred, krb5_free_cred);
+        ktest_empty_cred(&c);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_cred_part */
+    {
+        krb5_cred_enc_part cep, *tmp;
+
+        ktest_make_sample_cred_enc_part(&cep);
+        leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part,
+                  free_cred_enc_part_whole);
+
+        ktest_destroy_principal(&(cep.ticket_info[0]->client));
+        ktest_destroy_principal(&(cep.ticket_info[0]->server));
+        cep.ticket_info[0]->flags = 0;
+        cep.ticket_info[0]->times.authtime = 0;
+        cep.ticket_info[0]->times.starttime = 0;
+        cep.ticket_info[0]->times.endtime = 0;
+        cep.ticket_info[0]->times.renew_till = 0;
+        ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs));
+        cep.nonce = 0;
+        cep.timestamp = 0;
+        ktest_destroy_address(&(cep.s_address));
+        ktest_destroy_address(&(cep.r_address));
+        leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part,
+                  free_cred_enc_part_whole);
+        ktest_empty_cred_enc_part(&cep);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_error */
+    {
+        krb5_error kerr, *tmp;
+
+        ktest_make_sample_error(&kerr);
+        leak_test(kerr, encode_krb5_error, decode_krb5_error, krb5_free_error);
+
+        kerr.ctime = 0;
+        ktest_destroy_principal(&(kerr.client));
+        ktest_empty_data(&(kerr.text));
+        ktest_empty_data(&(kerr.e_data));
+        leak_test(kerr, encode_krb5_error, decode_krb5_error, krb5_free_error);
+
+        ktest_empty_error(&kerr);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_authdata */
+    {
+        krb5_authdata **ad, **tmp;
+
+        ktest_make_sample_authorization_data(&ad);
+        leak_test(*ad, encode_krb5_authdata, decode_krb5_authdata,
+                  krb5_free_authdata);
+        ktest_destroy_authorization_data(&ad);
+    }
+
+    /****************************************************************/
+    /* encode_padata_sequence and encode_typed_data */
+    {
+        krb5_pa_data **pa, **tmp;
+
+        ktest_make_sample_pa_data_array(&pa);
+        leak_test(*pa, encode_krb5_padata_sequence,
+                  decode_krb5_padata_sequence, krb5_free_pa_data);
+        leak_test(*pa, encode_krb5_typed_data,
+                  decode_krb5_typed_data, krb5_free_pa_data);
+        ktest_destroy_pa_data_array(&pa);
+    }
+
+    /****************************************************************/
+    /* encode_padata_sequence (empty) */
+    {
+        krb5_pa_data **pa, **tmp;
+
+        ktest_make_sample_empty_pa_data_array(&pa);
+        leak_test(*pa, encode_krb5_padata_sequence,
+                  decode_krb5_padata_sequence, krb5_free_pa_data);
+        ktest_destroy_pa_data_array(&pa);
+    }
+
+    /****************************************************************/
+    /* encode_etype_info */
+    {
+        krb5_etype_info_entry **info, **tmp;
+
+        ktest_make_sample_etype_info(&info);
+        leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
+                  krb5_free_etype_info);
+
+        ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+        ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+        leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
+                  krb5_free_etype_info);
+
+        ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;
+        leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
+                  krb5_free_etype_info);
+
+        ktest_destroy_etype_info(info);
+    }
+
+    /* encode_etype_info 2*/
+    {
+        krb5_etype_info_entry **info, **tmp;
+
+        ktest_make_sample_etype_info2(&info);
+        leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2,
+                  krb5_free_etype_info);
+
+        ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+        ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+        leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2,
+                  krb5_free_etype_info);
+
+        ktest_destroy_etype_info(info);
+    }
+
+    /****************************************************************/
+    /* encode_pa_enc_ts */
+    {
+        krb5_pa_enc_ts pa_enc, *tmp;
+
+        ktest_make_sample_pa_enc_ts(&pa_enc);
+        leak_test(pa_enc, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts,
+                  krb5_free_pa_enc_ts);
+        pa_enc.pausec = 0;
+        leak_test(pa_enc, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts,
+                  krb5_free_pa_enc_ts);
+    }
+
+    /****************************************************************/
+    /* encode_enc_data */
+    {
+        krb5_enc_data enc_data, *tmp;
+
+        ktest_make_sample_enc_data(&enc_data);
+        leak_test(enc_data, encode_krb5_enc_data, decode_krb5_enc_data,
+                  krb5_free_enc_data);
+        ktest_destroy_enc_data(&enc_data);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_challenge_2 */
+    {
+        krb5_sam_challenge_2 sam_ch2, *tmp;
+
+        ktest_make_sample_sam_challenge_2(&sam_ch2);
+        leak_test(sam_ch2, encode_krb5_sam_challenge_2,
+                  decode_krb5_sam_challenge_2, krb5_free_sam_challenge_2);
+        ktest_empty_sam_challenge_2(&sam_ch2);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_challenge_2 */
+    {
+        krb5_sam_challenge_2_body body, *tmp;
+
+        ktest_make_sample_sam_challenge_2_body(&body);
+        leak_test(body, encode_krb5_sam_challenge_2_body,
+                  decode_krb5_sam_challenge_2_body,
+                  krb5_free_sam_challenge_2_body);
+        ktest_empty_sam_challenge_2_body(&body);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_response_2 */
+    {
+        krb5_sam_response_2 sam_ch2, *tmp;
+
+        ktest_make_sample_sam_response_2(&sam_ch2);
+        leak_test(sam_ch2, encode_krb5_sam_response_2,
+                  decode_krb5_sam_response_2, krb5_free_sam_response_2);
+        ktest_empty_sam_response_2(&sam_ch2);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_response_enc_2 */
+    {
+        krb5_enc_sam_response_enc_2 sam_ch2, *tmp;
+
+        ktest_make_sample_enc_sam_response_enc_2(&sam_ch2);
+        leak_test(sam_ch2, encode_krb5_enc_sam_response_enc_2,
+                  decode_krb5_enc_sam_response_enc_2,
+                  krb5_free_enc_sam_response_enc_2);
+        ktest_empty_enc_sam_response_enc_2(&sam_ch2);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_for_user */
+    {
+        krb5_pa_for_user foru, *tmp;
+        ktest_make_sample_pa_for_user(&foru);
+        leak_test(foru, encode_krb5_pa_for_user, decode_krb5_pa_for_user,
+                  krb5_free_pa_for_user);
+        ktest_empty_pa_for_user(&foru);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_s4u_x509_user */
+    {
+        krb5_pa_s4u_x509_user s4u, *tmp;
+        ktest_make_sample_pa_s4u_x509_user(&s4u);
+        leak_test(s4u, encode_krb5_pa_s4u_x509_user,
+                  decode_krb5_pa_s4u_x509_user,
+                  krb5_free_pa_s4u_x509_user);
+        ktest_empty_pa_s4u_x509_user(&s4u);
+    }
+    /****************************************************************/
+    /* encode_krb5_ad_kdcissued */
+    {
+        krb5_ad_kdcissued kdci, *tmp;
+        ktest_make_sample_ad_kdcissued(&kdci);
+        leak_test(kdci, encode_krb5_ad_kdcissued,
+                  decode_krb5_ad_kdcissued,
+                  krb5_free_ad_kdcissued);
+        ktest_empty_ad_kdcissued(&kdci);
+    }
+    /****************************************************************/
+    /* encode_krb5_iakerb_header */
+    {
+        krb5_iakerb_header ih, *tmp;
+        ktest_make_sample_iakerb_header(&ih);
+        leak_test(ih, encode_krb5_iakerb_header,
+                  decode_krb5_iakerb_header,
+                  krb5_free_iakerb_header);
+        ktest_empty_iakerb_header(&ih);
+    }
+    /****************************************************************/
+    /* encode_krb5_iakerb_finished */
+    {
+        krb5_iakerb_finished ih, *tmp;
+        ktest_make_sample_iakerb_finished(&ih);
+        leak_test(ih, encode_krb5_iakerb_finished,
+                  decode_krb5_iakerb_finished,
+                  krb5_free_iakerb_finished);
+        ktest_empty_iakerb_finished(&ih);
+    }
+    /****************************************************************/
+    /* encode_krb5_fast_response */
+    {
+        krb5_fast_response fr, *tmp;
+        ktest_make_sample_fast_response(&fr);
+        leak_test(fr, encode_krb5_fast_response, decode_krb5_fast_response,
+                  krb5_free_fast_response);
+        ktest_empty_fast_response(&fr);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_fx_fast_reply */
+    {
+        krb5_enc_data enc, *tmp;
+        ktest_make_sample_enc_data(&enc);
+        leak_test(enc, encode_krb5_pa_fx_fast_reply,
+                  decode_krb5_pa_fx_fast_reply, krb5_free_enc_data);
+        ktest_destroy_enc_data(&enc);
+    }
+    krb5_free_context(test_context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/krb5_decode_test.c b/krb5-1.21.3/src/tests/asn.1/krb5_decode_test.c
new file mode 100644
index 00000000..926aa947
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/krb5_decode_test.c
@@ -0,0 +1,1301 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/krb5_decode_test.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-spake.h"
+#include "ktest.h"
+#include "com_err.h"
+#include "utility.h"
+#include "ktest_equal.h"
+
+#include "debug.h"
+#include <string.h>
+
+krb5_context test_context;
+int error_count = 0;
+
+void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val);
+
+#ifndef DISABLE_PKINIT
+static int equal_principal(krb5_principal *ref, krb5_principal var);
+static void ktest_free_auth_pack(krb5_context context, krb5_auth_pack *val);
+static void ktest_free_kdc_dh_key_info(krb5_context context,
+                                       krb5_kdc_dh_key_info *val);
+static void ktest_free_pa_pk_as_req(krb5_context context,
+                                    krb5_pa_pk_as_req *val);
+static void ktest_free_pa_pk_as_rep(krb5_context context,
+                                    krb5_pa_pk_as_rep *val);
+static void ktest_free_reply_key_pack(krb5_context context,
+                                      krb5_reply_key_pack *val);
+#endif
+static void ktest_free_kkdcp_message(krb5_context context,
+                                     krb5_kkdcp_message *val);
+
+int main(argc, argv)
+    int argc;
+    char **argv;
+{
+    krb5_data code;
+    krb5_error_code retval;
+
+    retval = krb5_init_context(&test_context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+    init_access(argv[0]);
+
+
+#define setup(type,constructor)                                         \
+    type ref, *var;                                                     \
+    constructor(&ref);                                                  \
+    do {} while (0)
+
+#define decode_run(typestring,description,encoding,decoder,comparator,cleanup) do { \
+    retval = krb5_data_hex_parse(&code,encoding);                       \
+    if (retval) {                                                       \
+        com_err("krb5_decode_test", retval, "while parsing %s", typestring); \
+        exit(1);                                                        \
+    }                                                                   \
+    retval = decoder(&code,&var);                                       \
+    if (retval) {                                                       \
+        com_err("krb5_decode_test", retval, "while decoding %s", typestring); \
+        error_count++;                                                  \
+    }                                                                   \
+    test(comparator(&ref,var),typestring);                              \
+    printf("%s\n",description);                                         \
+    krb5_free_data_contents(test_context, &code);                       \
+    cleanup(test_context, var);                                         \
+} while (0)
+
+#define decode_fail(err,typestring,description,encoding,decoder) do {   \
+    retval = krb5_data_hex_parse(&code,encoding);                       \
+    if (retval) {                                                       \
+        com_err("krb5_decode_test", retval, "while parsing %s", typestring); \
+        exit(1);                                                        \
+    }                                                                   \
+    retval = decoder(&code,&var);                                       \
+    if (retval != (err)) {                                              \
+        com_err("krb5_decode_test", retval, "while decoding %s", typestring); \
+        error_count++;                                                  \
+    }                                                                   \
+    test(1,typestring);                                                 \
+    printf("%s\n",description);                                         \
+    krb5_free_data_contents(test_context, &code);                       \
+} while (0)
+
+    /****************************************************************/
+    /* decode_krb5_authenticator */
+    {
+        setup(krb5_authenticator,ktest_make_sample_authenticator);
+
+        decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffff80;
+        decode_run("authenticator","(80 -> seq-number 0xffffff80)",
+                   "62 81 A1 30 81 9E"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 03 02 01 80"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffffff;
+        decode_run("authenticator","(FF -> seq-number 0xffffffff)",
+                   "62 81 A1 30 81 9E"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 03 02 01 FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xff;
+        decode_run("authenticator","(00FF -> seq-number 0xff)",
+                   "62 81 A2 30 81 9F"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 04 02 02 00 FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffffff;
+        decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)",
+                   "62 81 A5 30 81 A2"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 07 02 05 00 FF FF FF FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0x7fffffff;
+        decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)",
+                   "62 81 A4 30 81 A1"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 06 02 04 7F FF FF FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffffff;
+        decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)",
+                   "62 81 A4 30 81 A1"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 06 02 04 FF FF FF FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ktest_destroy_checksum(&(ref.checksum));
+        ktest_destroy_keyblock(&(ref.subkey));
+        ref.seq_number = 0;
+        ktest_empty_authorization_data(ref.authorization_data);
+        decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ktest_destroy_authorization_data(&(ref.authorization_data));
+
+        decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ktest_empty_authenticator(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_ticket */
+    {
+        setup(krb5_ticket,ktest_make_sample_ticket);
+        decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+        decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+
+/*
+  "61 80 30 80 "
+  "  A0 03 02 01 05 "
+  "  A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 "
+  "  A2 80 30 80 "
+  "    A0 03 02 01 01 "
+  "    A1 80 30 80 "
+  "      1B 06 68 66 74 73 61 69 "
+  "      1B 05 65 78 74 72 61 "
+  "    00 00 00 00 "
+  "  00 00 00 00 "
+  "  A3 80 30 80 "
+  "    A0 03 02 01 00 "
+  "    A1 03 02 01 05 "
+  "    A2 17 04 15 6B 72 62 41 53 4E 2E 31 "
+  "      20 74 65 73 74 20 6D 65 73 73 61 67 65 "
+  "  00 00 00 00"
+  "00 00 00 00"
+*/
+        decode_fail(ASN1_INDEF,"ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket);
+/*
+  "61 80 30 80 "
+  "  A0 03 02 01 05 "
+  "  A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 "
+  "  A2 80 30 80 "
+  "    A0 03 02 01 01 "
+  "    A1 80 30 80 "
+  "      1B 06 68 66 74 73 61 69 "
+  "      1B 05 65 78 74 72 61 "
+  "    00 00 00 00 "
+  "  00 00 00 00 "
+  "  A3 80 30 80 "
+  "    A0 03 02 01 00 "
+  "    A1 03 02 01 05 "
+  "    A2 17 04 15 6B 72 62 41 53 4E 2E 31 "
+  "      20 74 65 73 74 20 6D 65 73 73 61 67 65 "
+  "  00 00 00 00"
+  "  A4 03 02 01 01 "
+  "00 00 00 00"
+*/
+        decode_fail(ASN1_INDEF,"ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket);
+
+        ktest_empty_ticket(&ref);
+
+    }
+
+    /****************************************************************/
+    /* decode_krb5_encryption_key */
+    {
+        setup(krb5_keyblock,ktest_make_sample_keyblock);
+
+        decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+
+        decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_fail(ASN1_INDEF,"encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key);
+        decode_fail(ASN1_INDEF,"encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key);
+        decode_fail(ASN1_INDEF,"encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key);
+        decode_fail(ASN1_INDEF,"encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key);
+        ref.enctype = -1;
+        decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = -255;
+        decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = 255;
+        decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = -2147483648U;
+        decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = 2147483647;
+        decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+
+        ktest_empty_keyblock(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_enc_tkt_part */
+    {
+        setup(krb5_enc_tkt_part,ktest_make_sample_enc_tkt_part);
+        decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+        ref.times.starttime = 0;
+        ref.times.renew_till = 0;
+        ktest_destroy_address(&(ref.caddrs[1]));
+        ktest_destroy_address(&(ref.caddrs[0]));
+        ktest_destroy_authdata(&(ref.authorization_data[1]));
+        ktest_destroy_authdata(&(ref.authorization_data[0]));
+        /* ISODE version fails on the empty caddrs field */
+        ktest_destroy_addresses(&(ref.caddrs));
+        ktest_destroy_authorization_data(&(ref.authorization_data));
+
+        decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part);
+
+        decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+        decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+        decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+        ref.flags &= 0xFFFFFF00;
+
+        decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+
+        ktest_empty_enc_tkt_part(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_enc_kdc_rep_part */
+    {
+        setup(krb5_enc_kdc_rep_part,ktest_make_sample_enc_kdc_rep_part);
+
+        decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+
+        ref.key_exp = 0;
+        /* ref.times.starttime = 0;*/
+        ref.times.starttime = ref.times.authtime;
+        ref.times.renew_till = 0;
+        ref.flags &= ~TKT_FLG_RENEWABLE;
+        ktest_destroy_addresses(&(ref.caddrs));
+
+        decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+
+        ktest_empty_enc_kdc_rep_part(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_as_rep */
+    {
+        setup(krb5_kdc_rep,ktest_make_sample_kdc_rep);
+        ref.msg_type = KRB5_AS_REP;
+
+        decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+
+/*
+  6B 80 30 80
+  A0 03 02 01 05
+  A1 03 02 01 0B
+  A2 80 30 80
+  30 80
+  A1 03 02 01 0D
+  A2 09 04 07 70 61 2D 64 61 74 61
+  00 00
+  30 80
+  A1 03 02 01 0D
+  A2 09 04 07 70 61 2D 64 61 74 61
+  00 00
+  00 00 00 00
+  A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55
+  A4 80 30 80
+  A0 03 02 01 01
+  A1 80 30 80
+  1B 06 68 66 74 73 61 69
+  1B 05 65 78 74 72 61
+  00 00 00 00
+  00 00 00 00
+  A5 80 61 80 30 80
+  A0 03 02 01 05
+  A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55
+  A2 80 30 80
+  A0 03 02 01 01
+  A1 80 30 80
+  1B 06 68 66 74 73 61 69
+  1B 05 65 78 74 72 61
+  00 00 00 00
+  00 00 00 00
+  A3 80 30 80
+  A0 03 02 01 00
+  A1 03 02 01 05
+  A2 17 04 15 6B 72 62 41 53 4E 2E 31
+  20 74 65 73 74 20 6D 65
+  73 73 61 67 65
+  00 00 00 00
+  00 00 00 00 00 00
+  A6 80 30 80
+  A0 03 02 01 00
+  A1 03 02 01 05
+  A2 17 04 15 6B 72 62 41 53 4E 2E 31
+  20 74 65 73 74 20 6D 65
+  73 73 61 67 65
+  00 00 00 00
+  00 00 00 00
+*/
+        decode_fail(ASN1_INDEF,"as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep);
+        ktest_destroy_pa_data_array(&(ref.padata));
+        decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+
+        ktest_empty_kdc_rep(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_tgs_rep */
+    {
+        setup(krb5_kdc_rep,ktest_make_sample_kdc_rep);
+        ref.msg_type = KRB5_TGS_REP;
+
+        decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+
+        ktest_destroy_pa_data_array(&(ref.padata));
+        decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+
+        ktest_empty_kdc_rep(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_ap_req */
+    {
+        setup(krb5_ap_req,ktest_make_sample_ap_req);
+        decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req);
+        ktest_empty_ap_req(&ref);
+
+    }
+
+    /****************************************************************/
+    /* decode_krb5_ap_rep */
+    {
+        setup(krb5_ap_rep,ktest_make_sample_ap_rep);
+        decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep);
+        ktest_empty_ap_rep(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_ap_rep_enc_part */
+    {
+        setup(krb5_ap_rep_enc_part,ktest_make_sample_ap_rep_enc_part);
+
+        decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+
+        ktest_destroy_keyblock(&(ref.subkey));
+        ref.seq_number = 0;
+        decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+
+        retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while parsing");
+            exit(1);
+        }
+        retval = decode_krb5_ap_rep_enc_part(&code, &var);
+        if (retval != ASN1_OVERRUN) {
+            printf("ERROR: ");
+            error_count++;
+        } else {
+            printf("OK: ");
+        }
+        printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
+        krb5_free_data_contents(test_context, &code);
+        krb5_free_ap_rep_enc_part(test_context, var);
+
+        ktest_empty_ap_rep_enc_part(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_as_req */
+    {
+        setup(krb5_kdc_req,ktest_make_sample_kdc_req);
+        ref.msg_type = KRB5_AS_REQ;
+
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+
+        ktest_destroy_pa_data_array(&(ref.padata));
+        ktest_destroy_principal(&(ref.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(ref.server));
+#endif
+        ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        ref.from = 0;
+        ref.rtime = 0;
+        ktest_destroy_addresses(&(ref.addresses));
+        ktest_destroy_enc_data(&(ref.authorization_data));
+        decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+        ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(ref.server));
+#endif
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+
+        ktest_empty_kdc_req(&ref);
+
+    }
+
+
+    /****************************************************************/
+    /* decode_krb5_tgs_req */
+    {
+        setup(krb5_kdc_req,ktest_make_sample_kdc_req);
+        ref.msg_type = KRB5_TGS_REQ;
+
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+        ktest_destroy_pa_data_array(&(ref.padata));
+        ktest_destroy_principal(&(ref.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(ref.server));
+#endif
+        ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        ref.from = 0;
+        ref.rtime = 0;
+        ktest_destroy_addresses(&(ref.addresses));
+        ktest_destroy_enc_data(&(ref.authorization_data));
+        decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(ref.server));
+#endif
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+        ktest_empty_kdc_req(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_kdc_req_body */
+    {
+        krb5_kdc_req ref, *var;
+        memset(&ref, 0, sizeof(krb5_kdc_req));
+        ktest_make_sample_kdc_req_body(&ref);
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+        ktest_destroy_principal(&(ref.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(ref.server));
+#endif
+        ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        ref.from = 0;
+        ref.rtime = 0;
+        ktest_destroy_addresses(&(ref.addresses));
+        ktest_destroy_enc_data(&(ref.authorization_data));
+        decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(ref.server));
+#endif
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+        ref.nktypes = 0;
+        free(ref.ktype);
+        ref.ktype = NULL;
+        decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+        ktest_empty_kdc_req(&ref);
+    }
+
+
+    /****************************************************************/
+    /* decode_krb5_safe */
+    {
+        setup(krb5_safe,ktest_make_sample_safe);
+        decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+
+        ref.timestamp = 0;
+        ref.usec = 0;
+        ref.seq_number = 0;
+        ktest_destroy_address(&(ref.r_address));
+        decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+
+        ktest_empty_safe(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_priv */
+    {
+        setup(krb5_priv,ktest_make_sample_priv);
+        decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv);
+        ktest_empty_priv(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_enc_priv_part */
+    {
+        setup(krb5_priv_enc_part,ktest_make_sample_priv_enc_part);
+        decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+
+        ref.timestamp = 0;
+        ref.usec = 0;
+        ref.seq_number = 0;
+        ktest_destroy_address(&(ref.r_address));
+        decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+        ktest_empty_priv_enc_part(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_cred */
+    {
+        setup(krb5_cred,ktest_make_sample_cred);
+        decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred);
+        ktest_empty_cred(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_enc_cred_part */
+    {
+        setup(krb5_cred_enc_part,ktest_make_sample_cred_enc_part);
+        decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+        /* free_cred_enc_part does not free the pointer */
+        free(var);
+        ktest_destroy_principal(&(ref.ticket_info[0]->client));
+        ktest_destroy_principal(&(ref.ticket_info[0]->server));
+        ref.ticket_info[0]->flags = 0;
+        ref.ticket_info[0]->times.authtime = 0;
+        ref.ticket_info[0]->times.starttime = 0;
+        ref.ticket_info[0]->times.endtime = 0;
+        ref.ticket_info[0]->times.renew_till = 0;
+        ktest_destroy_addresses(&(ref.ticket_info[0]->caddrs));
+        ref.nonce = 0;
+        ref.timestamp = 0;
+        ref.usec = 0;
+        ktest_destroy_address(&(ref.s_address));
+        ktest_destroy_address(&(ref.r_address));
+        decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+        /* free_cred_enc_part does not free the pointer */
+        free(var);
+
+        ktest_empty_cred_enc_part(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_error */
+    {
+        setup(krb5_error,ktest_make_sample_error);
+        decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+
+        ref.ctime = 0;
+        ktest_destroy_principal(&(ref.client));
+        ktest_empty_data(&(ref.text));
+        ktest_empty_data(&(ref.e_data));
+        decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+
+        ktest_empty_error(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_authdata and krb5int_get_authdata_containee_types */
+    {
+        krb5_authdata **ref, **var, tmp;
+        unsigned int count;
+        krb5_authdatatype *types = NULL;
+        ktest_make_sample_authorization_data(&ref);
+        retval = krb5_data_hex_parse(&code,"30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72");
+        if (retval) {
+            com_err("parsing authorization_data",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_authdata(&code,&var);
+        if (retval) com_err("decoding authorization_data",retval,"");
+        test(ktest_equal_authorization_data(ref,var),"authorization_data\n");
+        tmp.length = code.length;
+        tmp.contents = (krb5_octet *)code.data;
+        retval = krb5int_get_authdata_containee_types(test_context, &tmp,
+                                                      &count, &types);
+        if (retval) com_err("reading authdata types",retval,"");
+        test(count == 2 && types[0] == 1 && types[1] == 1,
+             "authorization_data(types only)\n");
+        free(types);
+        krb5_free_data_contents(test_context, &code);
+        krb5_free_authdata(test_context, var);
+        ktest_destroy_authorization_data(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_padata_sequence and decode_krb5_typed_data */
+    {
+        krb5_pa_data **ref, **var;
+        ktest_make_sample_pa_data_array(&ref);
+        retval = krb5_data_hex_parse(&code,"30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61");
+        if (retval) {
+            com_err("parsing padata_sequence",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_padata_sequence(&code,&var);
+        if (retval) com_err("decoding padata_sequence",retval,"");
+        test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n");
+        krb5_free_pa_data(test_context, var);
+        krb5_free_data_contents(test_context, &code);
+        retval = krb5_data_hex_parse(&code,"30 24 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61");
+        if (retval) {
+            com_err("parsing padata_sequence",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_typed_data(&code,&var);
+        if (retval) com_err("decoding typed_data",retval,"");
+        test(ktest_equal_sequence_of_pa_data(ref,var),"typed_data\n");
+        krb5_free_pa_data(test_context, var);
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_pa_data_array(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_padata_sequence (empty) */
+    {
+        krb5_pa_data **ref, **var;
+        ktest_make_sample_empty_pa_data_array(&ref);
+        retval = krb5_data_hex_parse(&code,"30 00");
+        if (retval) {
+            com_err("parsing padata_sequence (empty)",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_padata_sequence(&code,&var);
+        if (retval) com_err("decoding padata_sequence (empty)",retval,"");
+        test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n");
+        krb5_free_pa_data(test_context, var);
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_pa_data_array(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_etype_info */
+    {
+        krb5_etype_info ref, var;
+
+        ktest_make_sample_etype_info(&ref);
+        retval = krb5_data_hex_parse(&code,"30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32");
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while parsing etype_info");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while decoding etype_info");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info\n");
+
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info_entry(ref[2]);      ref[2] = 0;
+        ktest_destroy_etype_info_entry(ref[1]);      ref[1] = 0;
+        krb5_free_data_contents(test_context, &code);
+
+        retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30");
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while parsing etype_info (only one)");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while decoding etype_info (only one)");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n");
+
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info_entry(ref[0]);      ref[0] = 0;
+        krb5_free_data_contents(test_context, &code);
+
+        retval = krb5_data_hex_parse(&code,"30 00");
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while parsing etype_info (no info)");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while decoding etype_info (no info)");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info (no info)\n");
+
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info(ref);
+    }
+
+    /****************************************************************/
+    /* decode_etype_info2 */
+    {
+        krb5_etype_info ref, var;
+
+        ktest_make_sample_etype_info2(&ref);
+        retval = krb5_data_hex_parse(&code,"30 51 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32");
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while parsing etype_info2");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info2(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while decoding etype_info2");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info2\n");
+
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info_entry(ref[2]);      ref[2] = 0;
+        ktest_destroy_etype_info_entry(ref[1]);      ref[1] = 0;
+        krb5_free_data_contents(test_context, &code);
+
+        retval = krb5_data_hex_parse(&code,"30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30");
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while parsing etype_info2 (only one)");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info2(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while decoding etype_info2 (only one)");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info2 (only one)\n");
+
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info(ref);
+    }
+
+    /****************************************************************/
+    /* decode_pa_enc_ts */
+    {
+        setup(krb5_pa_enc_ts,ktest_make_sample_pa_enc_ts);
+        decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
+        ref.pausec = 0;
+        decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
+    }
+
+    /****************************************************************/
+    /* decode_enc_data */
+    {
+        setup(krb5_enc_data,ktest_make_sample_enc_data);
+        decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ref.kvno = 0xFF000000;
+        decode_run("enc_data","(MSB-set kvno)","30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ref.kvno = 0xFFFFFFFF;
+        decode_run("enc_data","(kvno=-1)","30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ktest_destroy_enc_data(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_sam_challenge_2 */
+    {
+        setup(krb5_sam_challenge_2,ktest_make_sample_sam_challenge_2);
+        decode_run("sam_challenge_2","","30 22 A0 0D 30 0B 04 09 63 68 61 6C 6C 65 6E 67 65 A1 11 30 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge_2,ktest_equal_sam_challenge_2,krb5_free_sam_challenge_2);
+        ktest_empty_sam_challenge_2(&ref);
+
+    }
+
+    /****************************************************************/
+    /* decode_sam_challenge_2_body */
+    {
+        setup(krb5_sam_challenge_2_body,ktest_make_sample_sam_challenge_2_body);
+        decode_run("sam_challenge_2_body","","30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 14",decode_krb5_sam_challenge_2_body,ktest_equal_sam_challenge_2_body,krb5_free_sam_challenge_2_body);
+        ktest_empty_sam_challenge_2_body(&ref);
+
+    }
+
+    /****************************************************************/
+    /* decode_pa_for_user */
+    {
+        setup(krb5_pa_for_user,ktest_make_sample_pa_for_user);
+        decode_run("pa_for_user","","30 4B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 0A 1B 08 6B 72 62 35 64 61 74 61",decode_krb5_pa_for_user,ktest_equal_pa_for_user,krb5_free_pa_for_user);
+        ktest_empty_pa_for_user(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_pa_s4u_x509_user */
+    {
+        setup(krb5_pa_s4u_x509_user,ktest_make_sample_pa_s4u_x509_user);
+        decode_run("pa_s4u_x509_user","","30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_pa_s4u_x509_user,ktest_equal_pa_s4u_x509_user,krb5_free_pa_s4u_x509_user);
+        ktest_empty_pa_s4u_x509_user(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_pa_pac_req */
+    {
+        /* This type has no encoder and is very simple.  Test two
+         * hand-generated encodings. */
+        krb5_pa_pac_req *req1 = NULL, *req2 = NULL;
+        code = make_data("\x30\x05\xA0\x03\x01\x01\x00", 7);
+        retval = decode_krb5_pa_pac_req(&code, &req1);
+        if (retval) {
+            com_err(argv[0], retval, "while decoding PA-PAC-REQ");
+            exit(1);
+        }
+        code = make_data("\x30\x05\xA0\x03\x01\x01\xFF", 7);
+        retval = decode_krb5_pa_pac_req(&code, &req2);
+        if (retval) {
+            com_err(argv[0], retval, "while decoding PA-PAC-REQ");
+            exit(1);
+        }
+        if (req1->include_pac != 0 || req2->include_pac != 1) {
+            printf("ERROR: ");
+            error_count++;
+        } else {
+            printf("OK: ");
+        }
+        printf("pa_pac_rec\n");
+        free(req1);
+        free(req2);
+    }
+
+    /****************************************************************/
+    /* decode_ad_kdcissued */
+    {
+        setup(krb5_ad_kdcissued,ktest_make_sample_ad_kdcissued);
+        decode_run("ad_kdcissued","","30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_ad_kdcissued,ktest_equal_ad_kdcissued,krb5_free_ad_kdcissued);
+        ktest_empty_ad_kdcissued(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_iakerb_header */
+    {
+        setup(krb5_iakerb_header,ktest_make_sample_iakerb_header);
+        decode_run("iakerb_header","","30 18 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_iakerb_header,ktest_equal_iakerb_header,krb5_free_iakerb_header);
+        ktest_empty_iakerb_header(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_iakerb_finished */
+    {
+        setup(krb5_iakerb_finished,ktest_make_sample_iakerb_finished);
+        decode_run("iakerb_finished","","30 11 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_iakerb_finished,ktest_equal_iakerb_finished,krb5_free_iakerb_finished);
+        ktest_empty_iakerb_finished(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_fast_response */
+    {
+        setup(krb5_fast_response,ktest_make_sample_fast_response);
+        decode_run("fast_response","","30 81 9F A0 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 5B 30 59 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 03 02 01 2A",decode_krb5_fast_response,ktest_equal_fast_response,krb5_free_fast_response);
+        ktest_empty_fast_response(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_pa_fx_fast_reply */
+    {
+        setup(krb5_enc_data,ktest_make_sample_enc_data);
+        decode_run("pa_fx_fast_reply","","A0 29 30 27 A0 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_pa_fx_fast_reply,ktest_equal_enc_data,krb5_free_enc_data);
+        ktest_destroy_enc_data(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_otp_tokeninfo */
+    {
+        setup(krb5_otp_tokeninfo,ktest_make_minimal_otp_tokeninfo);
+        decode_run("otp_tokeninfo","(optionals NULL)","30 07 80 05 00 00 00 00 00",decode_krb5_otp_tokeninfo,ktest_equal_otp_tokeninfo,k5_free_otp_tokeninfo);
+        ktest_empty_otp_tokeninfo(&ref);
+    }
+    {
+        setup(krb5_otp_tokeninfo,ktest_make_maximal_otp_tokeninfo);
+        decode_run("otp_tokeninfo","","30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8",decode_krb5_otp_tokeninfo,ktest_equal_otp_tokeninfo,k5_free_otp_tokeninfo);
+        ktest_empty_otp_tokeninfo(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_pa_otp_challenge */
+    {
+        setup(krb5_pa_otp_challenge,ktest_make_minimal_pa_otp_challenge);
+        decode_run("pa_otp_challenge","(optionals NULL)","30 15 80 08 6D 69 6E 6E 6F 6E 63 65 A2 09 30 07 80 05 00 00 00 00 00",decode_krb5_pa_otp_challenge,ktest_equal_pa_otp_challenge,k5_free_pa_otp_challenge);
+        ktest_empty_pa_otp_challenge(&ref);
+    }
+    {
+        setup(krb5_pa_otp_challenge,ktest_make_maximal_pa_otp_challenge);
+        decode_run("pa_otp_challenge","","30 81 A5 80 08 6D 61 78 6E 6F 6E 63 65 81 0B 74 65 73 74 73 65 72 76 69 63 65 A2 7D 30 07 80 05 00 00 00 00 00 30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8 83 07 6B 65 79 73 61 6C 74 84 04 31 32 33 34",decode_krb5_pa_otp_challenge,ktest_equal_pa_otp_challenge,k5_free_pa_otp_challenge);
+        ktest_empty_pa_otp_challenge(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_pa_otp_req */
+    {
+        setup(krb5_pa_otp_req,ktest_make_minimal_pa_otp_req);
+        decode_run("pa_otp_req","(optionals NULL)","30 2C 80 05 00 00 00 00 00 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_pa_otp_req,ktest_equal_pa_otp_req,k5_free_pa_otp_req);
+        ktest_empty_pa_otp_req(&ref);
+    }
+    {
+        setup(krb5_pa_otp_req,ktest_make_maximal_pa_otp_req);
+        decode_run("pa_otp_req","","30 81 B9 80 05 00 60 00 00 00 81 05 6E 6F 6E 63 65 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 0B 06 09 60 86 48 01 65 03 04 02 01 84 02 03 E8 85 05 66 72 6F 67 73 86 0A 6D 79 66 69 72 73 74 70 69 6E 87 05 68 61 72 6B 21 88 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 89 03 33 34 36 8A 01 02 8B 09 79 6F 75 72 74 6F 6B 65 6E 8C 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 8D 0B 45 78 61 6D 70 6C 65 63 6F 72 70",decode_krb5_pa_otp_req,ktest_equal_pa_otp_req,k5_free_pa_otp_req);
+        ktest_empty_pa_otp_req(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_pa_otp_enc_req */
+    {
+        setup(krb5_data,ktest_make_sample_data);
+        decode_run("pa_otp_enc_req","","30 0A 80 08 6B 72 62 35 64 61 74 61",decode_krb5_pa_otp_enc_req,ktest_equal_data,krb5_free_data);
+        ktest_empty_data(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_kkdcp_message */
+    {
+        setup(krb5_kkdcp_message,ktest_make_sample_kkdcp_message);
+        decode_run("kkdcp_message","","30 82 01 FC A0 82 01 EC 04 82 01 E8 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 98 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A1 0A 1B 08 6B 72 62 35 64 61 74 61",decode_krb5_kkdcp_message,ktest_equal_kkdcp_message,ktest_free_kkdcp_message);
+        ktest_empty_kkdcp_message(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_cammac */
+    {
+        setup(krb5_cammac,ktest_make_minimal_cammac);
+        decode_run("cammac","(optionals NULL)","30 12 A0 10 30 0E 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31",decode_krb5_cammac,ktest_equal_cammac,k5_free_cammac);
+        ktest_empty_cammac(&ref);
+    }
+    {
+        setup(krb5_cammac,ktest_make_maximal_cammac);
+        decode_run("cammac","","30 81 F2 A0 1E 30 1C 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 30 0C A0 03 02 01 02 A1 05 04 03 61 64 32 A1 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 6B 64 63 A2 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 73 76 63 A3 52 30 50 30 13 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 31 30 39 A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 32",decode_krb5_cammac,ktest_equal_cammac,k5_free_cammac);
+        ktest_empty_cammac(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_secure_cookie */
+    {
+        setup(krb5_secure_cookie,ktest_make_sample_secure_cookie);
+        decode_run("secure_cookie","","30 2C 02 04 2D F8 02 25 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61",decode_krb5_secure_cookie,ktest_equal_secure_cookie,k5_free_secure_cookie);
+        ktest_empty_secure_cookie(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_spake_factor */
+    {
+        setup(krb5_spake_factor,ktest_make_minimal_spake_factor);
+        decode_run("spake_factor","(optionals NULL)","30 05 A0 03 02 01 01",decode_krb5_spake_factor,ktest_equal_spake_factor,k5_free_spake_factor);
+        ktest_empty_spake_factor(&ref);
+    }
+    {
+        setup(krb5_spake_factor,ktest_make_maximal_spake_factor);
+        decode_run("spake_factor","","30 0E A0 03 02 01 02 A1 07 04 05 66 64 61 74 61",decode_krb5_spake_factor,ktest_equal_spake_factor,k5_free_spake_factor);
+        ktest_empty_spake_factor(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_pa_spake */
+    {
+        setup(krb5_pa_spake,ktest_make_support_pa_spake);
+        decode_run("pa_spake","(support)","A0 0C 30 0A A0 08 30 06 02 01 01 02 01 02",decode_krb5_pa_spake,ktest_equal_pa_spake,k5_free_pa_spake);
+        ktest_empty_pa_spake(&ref);
+    }
+    {
+        setup(krb5_pa_spake,ktest_make_challenge_pa_spake);
+        decode_run("pa_spake","(challenge)","A1 2D 30 2B A0 03 02 01 01 A1 09 04 07 54 20 76 61 6C 75 65 A2 19 30 17 30 05 A0 03 02 01 01 30 0E A0 03 02 01 02 A1 07 04 05 66 64 61 74 61",decode_krb5_pa_spake,ktest_equal_pa_spake,k5_free_pa_spake);
+        ktest_empty_pa_spake(&ref);
+    }
+    {
+        setup(krb5_pa_spake,ktest_make_response_pa_spake);
+        decode_run("pa_spake","(response)","A2 34 30 32 A0 09 04 07 53 20 76 61 6C 75 65 A1 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_pa_spake,ktest_equal_pa_spake,k5_free_pa_spake);
+        ktest_empty_pa_spake(&ref);
+    }
+    {
+        setup(krb5_pa_spake,ktest_make_encdata_pa_spake);
+        decode_run("pa_spake","(encdata)","A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_pa_spake,ktest_equal_pa_spake,k5_free_pa_spake);
+        ktest_empty_pa_spake(&ref);
+    }
+
+#ifndef DISABLE_PKINIT
+
+    /****************************************************************/
+    /* decode_krb5_pa_pk_as_req */
+    {
+        setup(krb5_pa_pk_as_req,ktest_make_sample_pa_pk_as_req);
+        decode_run("krb5_pa_pk_as_req","","30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61",
+                   acc.decode_krb5_pa_pk_as_req,
+                   ktest_equal_pa_pk_as_req,ktest_free_pa_pk_as_req);
+        ktest_empty_pa_pk_as_req(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_pa_pk_as_rep */
+    {
+        setup(krb5_pa_pk_as_rep,ktest_make_sample_pa_pk_as_rep_dhInfo);
+        decode_run("krb5_pa_pk_as_rep","(dhInfo)","A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61",
+                   acc.decode_krb5_pa_pk_as_rep,
+                   ktest_equal_pa_pk_as_rep,ktest_free_pa_pk_as_rep);
+        ktest_empty_pa_pk_as_rep(&ref);
+    }
+    {
+        setup(krb5_pa_pk_as_rep,ktest_make_sample_pa_pk_as_rep_encKeyPack);
+        decode_run("krb5_pa_pk_as_rep","(encKeyPack)","81 08 6B 72 62 35 64 61 74 61",
+                   acc.decode_krb5_pa_pk_as_rep,
+                   ktest_equal_pa_pk_as_rep,ktest_free_pa_pk_as_rep);
+        ktest_empty_pa_pk_as_rep(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_auth_pack */
+    {
+        setup(krb5_auth_pack,ktest_make_sample_auth_pack);
+        decode_run("krb5_auth_pack","","30 81 85 A0 35 30 33 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A4 0A 04 08 6B 72 62 35 64 61 74 61 A1 08 04 06 70 76 61 6C 75 65 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61",
+                   acc.decode_krb5_auth_pack,
+                   ktest_equal_auth_pack,ktest_free_auth_pack);
+        ktest_empty_auth_pack(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_kdc_dh_key_info */
+    {
+        setup(krb5_kdc_dh_key_info,ktest_make_sample_kdc_dh_key_info);
+        decode_run("krb5_kdc_dh_key_info","","30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",
+                   acc.decode_krb5_kdc_dh_key_info,
+                   ktest_equal_kdc_dh_key_info,ktest_free_kdc_dh_key_info);
+        ktest_empty_kdc_dh_key_info(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_reply_key_pack */
+    {
+        setup(krb5_reply_key_pack,ktest_make_sample_reply_key_pack);
+        decode_run("krb5_reply_key_pack","","30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",
+                   acc.decode_krb5_reply_key_pack,
+                   ktest_equal_reply_key_pack,ktest_free_reply_key_pack);
+        ktest_empty_reply_key_pack(&ref);
+    }
+
+    /****************************************************************/
+    /* decode_krb5_principal_name */
+    /* We have no encoder for this type (KerberosName from RFC 4556); the
+     * encoding is hand-generated. */
+    {
+        krb5_principal ref, var;
+
+        ktest_make_sample_principal(&ref);
+        decode_run("krb5_principal_name","","30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",
+                   acc.decode_krb5_principal_name,equal_principal,krb5_free_principal);
+    }
+
+#endif /* not DISABLE_PKINIT */
+
+#ifdef ENABLE_LDAP
+    /* ldap sequence_of_keys */
+    {
+        setup(ldap_seqof_key_data,ktest_make_sample_ldap_seqof_key_data);
+        decode_run("ldap_seqof_key_data","","30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32",acc.asn1_ldap_decode_sequence_of_keys,ktest_equal_ldap_sequence_of_keys,ktest_empty_ldap_seqof_key_data);
+        ktest_empty_ldap_seqof_key_data(test_context, &ref);
+    }
+
+#endif
+
+    krb5_free_context(test_context);
+    exit(error_count);
+    return(error_count);
+}
+
+
+void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val)
+{
+    if (val) {
+        krb5_free_data_contents(context, &(val->ciphertext));
+        free(val);
+    }
+}
+
+#ifndef DISABLE_PKINIT
+
+/* Glue function to make ktest_equal_principal_data look like what decode_run
+ * expects. */
+static int
+equal_principal(krb5_principal *ref, krb5_principal var)
+{
+    return ktest_equal_principal_data(*ref, var);
+}
+
+static void
+ktest_free_auth_pack(krb5_context context, krb5_auth_pack *val)
+{
+    if (val)
+        ktest_empty_auth_pack(val);
+    free(val);
+}
+
+static void
+ktest_free_kdc_dh_key_info(krb5_context context, krb5_kdc_dh_key_info *val)
+{
+    if (val)
+        ktest_empty_kdc_dh_key_info(val);
+    free(val);
+}
+
+static void
+ktest_free_pa_pk_as_req(krb5_context context, krb5_pa_pk_as_req *val)
+{
+    if (val)
+        ktest_empty_pa_pk_as_req(val);
+    free(val);
+}
+
+static void
+ktest_free_pa_pk_as_rep(krb5_context context, krb5_pa_pk_as_rep *val)
+{
+    if (val)
+        ktest_empty_pa_pk_as_rep(val);
+    free(val);
+}
+
+static void
+ktest_free_reply_key_pack(krb5_context context, krb5_reply_key_pack *val)
+{
+    if (val)
+        ktest_empty_reply_key_pack(val);
+    free(val);
+}
+
+#endif /* not DISABLE_PKINIT */
+
+static void
+ktest_free_kkdcp_message(krb5_context context,
+                         krb5_kkdcp_message *val)
+{
+    if (val)
+        ktest_empty_kkdcp_message(val);
+    free(val);
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/krb5_encode_test.c b/krb5-1.21.3/src/tests/asn.1/krb5_encode_test.c
new file mode 100644
index 00000000..26c064e6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/krb5_encode_test.c
@@ -0,0 +1,853 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/krb5_encode_test.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include "utility.h"
+
+#include "ktest.h"
+#include "debug.h"
+
+extern int current_appl_type;
+
+krb5_context test_context;
+int error_count = 0;
+int do_trval = 0;
+int first_trval = 1;
+int trval2();
+
+static void
+encoder_print_results(krb5_data *code, char *typestring, char *description)
+{
+    char        *code_string = NULL;
+    int r, rlen;
+
+    if (do_trval) {
+        if (first_trval)
+            first_trval = 0;
+        else
+            printf("\n");
+        printf("encode_krb5_%s%s:\n", typestring, description);
+        r = trval2(stdout, code->data, code->length, 0, &rlen);
+        printf("\n");
+        if (rlen < 0 || (unsigned int) rlen != code->length) {
+            printf("Error: length mismatch: was %d, parsed %d\n",
+                   code->length, rlen);
+            exit(1);
+        }
+        if (r != 0) {
+            printf("Error: Return from trval2 is %d.\n", r);
+            exit(1);
+        }
+        current_appl_type = -1; /* Reset type */
+    } else {
+        asn1_krb5_data_unparse(code,&(code_string));
+        printf("encode_krb5_%s%s: %s\n", typestring, description,
+               code_string);
+        free(code_string);
+    }
+    ktest_destroy_data(&code);
+}
+
+static void PRS(argc, argv)
+    int argc;
+    char        **argv;
+{
+    extern char *optarg;
+    int optchar;
+    extern int print_types, print_krb5_types, print_id_and_len,
+        print_constructed_length, print_skip_context,
+        print_skip_tagnum, print_context_shortcut;
+
+    while ((optchar = getopt(argc, argv, "tp:")) != -1) {
+        switch(optchar) {
+        case 't':
+            do_trval = 1;
+            break;
+        case 'p':
+            sample_principal_name = optarg;
+            break;
+        case '?':
+        default:
+            fprintf(stderr, "Usage: %s [-t] [-p principal]\n",
+                    argv[0]);
+            exit(1);
+        }
+    }
+    print_types = 1;
+    print_krb5_types = 1;
+    print_id_and_len = 0;
+    print_constructed_length = 0;
+    print_skip_context = 1;
+    print_skip_tagnum = 1;
+    print_context_shortcut = 1;
+}
+
+int
+main(argc, argv)
+    int argc;
+    char        **argv;
+{
+    krb5_data *code;
+    krb5_error_code retval;
+
+    PRS(argc, argv);
+
+    retval = krb5_init_context(&test_context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+    init_access(argv[0]);
+
+#define encode_run(value,typestring,description,encoder)                \
+    retval = encoder(&(value),&(code));                                 \
+    if (retval) {                                                       \
+        com_err("krb5_encode_test", retval,"while encoding %s", typestring); \
+        exit(1);                                                        \
+    }                                                                   \
+    encoder_print_results(code, typestring, description);
+
+    /****************************************************************/
+    /* encode_krb5_authenticator */
+    {
+        krb5_authenticator authent;
+        ktest_make_sample_authenticator(&authent);
+
+        encode_run(authent, "authenticator", "", encode_krb5_authenticator);
+
+        ktest_destroy_checksum(&(authent.checksum));
+        ktest_destroy_keyblock(&(authent.subkey));
+        authent.seq_number = 0;
+        ktest_empty_authorization_data(authent.authorization_data);
+        encode_run(authent, "authenticator", "(optionals empty)",
+                   encode_krb5_authenticator);
+
+        ktest_destroy_authorization_data(&(authent.authorization_data));
+        encode_run(authent, "authenticator", "(optionals NULL)",
+                   encode_krb5_authenticator);
+        ktest_empty_authenticator(&authent);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ticket */
+    {
+        krb5_ticket tkt;
+        ktest_make_sample_ticket(&tkt);
+        encode_run(tkt, "ticket", "", encode_krb5_ticket);
+        ktest_empty_ticket(&tkt);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_encryption_key */
+    {
+        krb5_keyblock keyblk;
+        ktest_make_sample_keyblock(&keyblk);
+        current_appl_type = 1005;
+        encode_run(keyblk, "keyblock", "", encode_krb5_encryption_key);
+        ktest_empty_keyblock(&keyblk);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_tkt_part */
+    {
+        krb5_ticket tkt;
+        memset(&tkt, 0, sizeof(krb5_ticket));
+        tkt.enc_part2 = ealloc(sizeof(krb5_enc_tkt_part));
+        ktest_make_sample_enc_tkt_part(tkt.enc_part2);
+
+        encode_run(*tkt.enc_part2, "enc_tkt_part", "",
+                   encode_krb5_enc_tkt_part);
+
+        tkt.enc_part2->times.starttime = 0;
+        tkt.enc_part2->times.renew_till = 0;
+        ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
+        ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
+        ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
+        ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
+
+        /* ISODE version fails on the empty caddrs field */
+        ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
+        ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
+
+        encode_run(*tkt.enc_part2, "enc_tkt_part", "(optionals NULL)",
+                   encode_krb5_enc_tkt_part);
+        ktest_empty_ticket(&tkt);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_kdc_rep_part */
+    {
+        krb5_kdc_rep kdcr;
+
+        memset(&kdcr, 0, sizeof(kdcr));
+
+        kdcr.enc_part2 = ealloc(sizeof(krb5_enc_kdc_rep_part));
+        ktest_make_sample_enc_kdc_rep_part(kdcr.enc_part2);
+
+        encode_run(*kdcr.enc_part2, "enc_kdc_rep_part", "",
+                   encode_krb5_enc_kdc_rep_part);
+
+        kdcr.enc_part2->key_exp = 0;
+        kdcr.enc_part2->times.starttime = 0;
+        kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
+        ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
+
+        encode_run(*kdcr.enc_part2, "enc_kdc_rep_part", "(optionals NULL)",
+                   encode_krb5_enc_kdc_rep_part);
+
+        ktest_empty_kdc_rep(&kdcr);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_as_rep */
+    {
+        krb5_kdc_rep kdcr;
+        ktest_make_sample_kdc_rep(&kdcr);
+
+/*    kdcr.msg_type = KRB5_TGS_REP;
+      test(encode_krb5_as_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
+      "encode_krb5_as_rep type check\n");
+      ktest_destroy_data(&code);*/
+
+        kdcr.msg_type = KRB5_AS_REP;
+        encode_run(kdcr, "as_rep", "", encode_krb5_as_rep);
+
+        ktest_destroy_pa_data_array(&(kdcr.padata));
+        encode_run(kdcr, "as_rep", "(optionals NULL)", encode_krb5_as_rep);
+
+        ktest_empty_kdc_rep(&kdcr);
+
+    }
+
+    /****************************************************************/
+    /* encode_krb5_tgs_rep */
+    {
+        krb5_kdc_rep kdcr;
+        ktest_make_sample_kdc_rep(&kdcr);
+
+/*    kdcr.msg_type = KRB5_AS_REP;
+      test(encode_krb5_tgs_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
+      "encode_krb5_tgs_rep type check\n");*/
+
+        kdcr.msg_type = KRB5_TGS_REP;
+        encode_run(kdcr, "tgs_rep", "", encode_krb5_tgs_rep);
+
+        ktest_destroy_pa_data_array(&(kdcr.padata));
+        encode_run(kdcr, "tgs_rep", "(optionals NULL)", encode_krb5_tgs_rep);
+
+        ktest_empty_kdc_rep(&kdcr);
+
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ap_req */
+    {
+        krb5_ap_req apreq;
+        ktest_make_sample_ap_req(&apreq);
+        encode_run(apreq, "ap_req", "", encode_krb5_ap_req);
+        ktest_empty_ap_req(&apreq);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ap_rep */
+    {
+        krb5_ap_rep aprep;
+        ktest_make_sample_ap_rep(&aprep);
+        encode_run(aprep, "ap_rep", "", encode_krb5_ap_rep);
+        ktest_empty_ap_rep(&aprep);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_ap_rep_enc_part */
+    {
+        krb5_ap_rep_enc_part apenc;
+        ktest_make_sample_ap_rep_enc_part(&apenc);
+        encode_run(apenc, "ap_rep_enc_part", "", encode_krb5_ap_rep_enc_part);
+
+        ktest_destroy_keyblock(&(apenc.subkey));
+        apenc.seq_number = 0;
+        encode_run(apenc, "ap_rep_enc_part", "(optionals NULL)",
+                   encode_krb5_ap_rep_enc_part);
+        ktest_empty_ap_rep_enc_part(&apenc);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_as_req */
+    {
+        krb5_kdc_req asreq;
+        ktest_make_sample_kdc_req(&asreq);
+        asreq.msg_type = KRB5_AS_REQ;
+        asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(asreq, "as_req", "", encode_krb5_as_req);
+
+        ktest_destroy_pa_data_array(&(asreq.padata));
+        ktest_destroy_principal(&(asreq.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(asreq.server));
+#endif
+        asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        asreq.from = 0;
+        asreq.rtime = 0;
+        ktest_destroy_addresses(&(asreq.addresses));
+        ktest_destroy_enc_data(&(asreq.authorization_data));
+        encode_run(asreq, "as_req", "(optionals NULL except second_ticket)",
+                   encode_krb5_as_req);
+        ktest_destroy_sequence_of_ticket(&(asreq.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(asreq.server));
+#endif
+        asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(asreq, "as_req", "(optionals NULL except server)",
+                   encode_krb5_as_req);
+        ktest_empty_kdc_req(&asreq);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_tgs_req */
+    {
+        krb5_kdc_req tgsreq;
+        ktest_make_sample_kdc_req(&tgsreq);
+        tgsreq.msg_type = KRB5_TGS_REQ;
+        tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(tgsreq, "tgs_req", "", encode_krb5_tgs_req);
+
+        ktest_destroy_pa_data_array(&(tgsreq.padata));
+        ktest_destroy_principal(&(tgsreq.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(tgsreq.server));
+#endif
+        tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        tgsreq.from = 0;
+        tgsreq.rtime = 0;
+        ktest_destroy_addresses(&(tgsreq.addresses));
+        ktest_destroy_enc_data(&(tgsreq.authorization_data));
+        encode_run(tgsreq, "tgs_req", "(optionals NULL except second_ticket)",
+                   encode_krb5_tgs_req);
+
+        ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(tgsreq.server));
+#endif
+        tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(tgsreq, "tgs_req", "(optionals NULL except server)",
+                   encode_krb5_tgs_req);
+
+        ktest_empty_kdc_req(&tgsreq);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_kdc_req_body */
+    {
+        krb5_kdc_req kdcrb;
+        memset(&kdcrb, 0, sizeof(kdcrb));
+        ktest_make_sample_kdc_req_body(&kdcrb);
+        kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        current_appl_type = 1007;       /* Force interpretation as kdc-req-body */
+        encode_run(kdcrb, "kdc_req_body", "", encode_krb5_kdc_req_body);
+
+        ktest_destroy_principal(&(kdcrb.client));
+#ifndef ISODE_SUCKS
+        ktest_destroy_principal(&(kdcrb.server));
+#endif
+        kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        kdcrb.from = 0;
+        kdcrb.rtime = 0;
+        ktest_destroy_addresses(&(kdcrb.addresses));
+        ktest_destroy_enc_data(&(kdcrb.authorization_data));
+        current_appl_type = 1007;       /* Force interpretation as kdc-req-body */
+        encode_run(kdcrb, "kdc_req_body",
+                   "(optionals NULL except second_ticket)",
+                   encode_krb5_kdc_req_body);
+
+        ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket));
+#ifndef ISODE_SUCKS
+        ktest_make_sample_principal(&(kdcrb.server));
+#endif
+        kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        current_appl_type = 1007;       /* Force interpretation as kdc-req-body */
+        encode_run(kdcrb, "kdc_req_body", "(optionals NULL except server)",
+                   encode_krb5_kdc_req_body);
+
+        ktest_empty_kdc_req(&kdcrb);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_safe */
+    {
+        krb5_safe s;
+        ktest_make_sample_safe(&s);
+        encode_run(s, "safe", "", encode_krb5_safe);
+
+        s.timestamp = 0;
+        /* s.usec should be opted out by the timestamp */
+        s.seq_number = 0;
+        ktest_destroy_address(&(s.r_address));
+        encode_run(s, "safe", "(optionals NULL)", encode_krb5_safe);
+
+        ktest_empty_safe(&s);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_priv */
+    {
+        krb5_priv p;
+        ktest_make_sample_priv(&p);
+        encode_run(p, "priv", "", encode_krb5_priv);
+        ktest_empty_priv(&p);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_priv_part */
+    {
+        krb5_priv_enc_part ep;
+        ktest_make_sample_priv_enc_part(&ep);
+        encode_run(ep, "enc_priv_part", "", encode_krb5_enc_priv_part);
+
+        ep.timestamp = 0;
+        /* ep.usec should be opted out along with timestamp */
+        ep.seq_number = 0;
+        ktest_destroy_address(&(ep.r_address));
+        encode_run(ep, "enc_priv_part", "(optionals NULL)",
+                   encode_krb5_enc_priv_part);
+
+        ktest_empty_priv_enc_part(&ep);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_cred */
+    {
+        krb5_cred c;
+        ktest_make_sample_cred(&c);
+        encode_run(c, "cred", "", encode_krb5_cred);
+        ktest_empty_cred(&c);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_enc_cred_part */
+    {
+        krb5_cred_enc_part cep;
+        ktest_make_sample_cred_enc_part(&cep);
+        encode_run(cep, "enc_cred_part", "", encode_krb5_enc_cred_part);
+
+        ktest_destroy_principal(&(cep.ticket_info[0]->client));
+        ktest_destroy_principal(&(cep.ticket_info[0]->server));
+        cep.ticket_info[0]->flags = 0;
+        cep.ticket_info[0]->times.authtime = 0;
+        cep.ticket_info[0]->times.starttime = 0;
+        cep.ticket_info[0]->times.endtime = 0;
+        cep.ticket_info[0]->times.renew_till = 0;
+        ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs));
+        cep.nonce = 0;
+        cep.timestamp = 0;
+        ktest_destroy_address(&(cep.s_address));
+        ktest_destroy_address(&(cep.r_address));
+        encode_run(cep, "enc_cred_part", "(optionals NULL)",
+                   encode_krb5_enc_cred_part);
+
+        ktest_empty_cred_enc_part(&cep);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_error */
+    {
+        krb5_error kerr;
+        ktest_make_sample_error(&kerr);
+        encode_run(kerr, "error", "", encode_krb5_error);
+
+        kerr.ctime = 0;
+        ktest_destroy_principal(&(kerr.client));
+        ktest_empty_data(&(kerr.text));
+        ktest_empty_data(&(kerr.e_data));
+        encode_run(kerr, "error", "(optionals NULL)", encode_krb5_error);
+
+        ktest_empty_error(&kerr);
+    }
+
+    /****************************************************************/
+    /* encode_krb5_authdata */
+    {
+        krb5_authdata **ad;
+        ktest_make_sample_authorization_data(&ad);
+
+        retval = encode_krb5_authdata(ad,&(code));
+        if (retval) {
+            com_err("encoding authorization_data",retval,"");
+            exit(1);
+        }
+        current_appl_type = 1004;       /* Force type to be authdata */
+        encoder_print_results(code, "authorization_data", "");
+
+        ktest_destroy_authorization_data(&ad);
+    }
+
+    /****************************************************************/
+    /* encode_padata_sequence and encode_krb5_typed_data */
+    {
+        krb5_pa_data **pa;
+
+        ktest_make_sample_pa_data_array(&pa);
+        encode_run(*pa, "padata_sequence", "", encode_krb5_padata_sequence);
+        encode_run(*pa, "typed_data", "", encode_krb5_typed_data);
+        ktest_destroy_pa_data_array(&pa);
+
+        ktest_make_sample_empty_pa_data_array(&pa);
+        encode_run(*pa, "padata_sequence", "(empty)",
+                   encode_krb5_padata_sequence);
+        ktest_destroy_pa_data_array(&pa);
+    }
+
+    /****************************************************************/
+    /* encode_etype_info */
+    {
+        krb5_etype_info_entry **info;
+
+        ktest_make_sample_etype_info(&info);
+        encode_run(*info, "etype_info", "", encode_krb5_etype_info);
+
+        ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+        ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+        encode_run(*info, "etype_info", "(only 1)", encode_krb5_etype_info);
+
+        ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;
+        encode_run(*info, "etype_info", "(no info)", encode_krb5_etype_info);
+
+        ktest_destroy_etype_info(info);
+    }
+
+    /* encode_etype_info2 */
+    {
+        krb5_etype_info_entry **info;
+
+        ktest_make_sample_etype_info2(&info);
+        encode_run(*info, "etype_info2", "", encode_krb5_etype_info2);
+
+        ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+        ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+        encode_run(*info, "etype_info2", "(only 1)", encode_krb5_etype_info2);
+
+        /* etype_info2 sequences aren't allowed to be empty. */
+
+        ktest_destroy_etype_info(info);
+    }
+
+    /****************************************************************/
+    /* encode_pa_enc_ts */
+    {
+        krb5_pa_enc_ts pa_enc;
+        ktest_make_sample_pa_enc_ts(&pa_enc);
+        encode_run(pa_enc, "pa_enc_ts", "", encode_krb5_pa_enc_ts);
+        pa_enc.pausec = 0;
+        encode_run(pa_enc, "pa_enc_ts (no usec)", "", encode_krb5_pa_enc_ts);
+    }
+
+    /****************************************************************/
+    /* encode_enc_data */
+    {
+        krb5_enc_data enc_data;
+        ktest_make_sample_enc_data(&enc_data);
+        current_appl_type = 1001;
+        encode_run(enc_data, "enc_data", "", encode_krb5_enc_data);
+        enc_data.kvno = 0xFF000000;
+        current_appl_type = 1001;
+        encode_run(enc_data, "enc_data", "(MSB-set kvno)",
+                   encode_krb5_enc_data);
+        enc_data.kvno = 0xFFFFFFFF;
+        current_appl_type = 1001;
+        encode_run(enc_data, "enc_data", "(kvno=-1)", encode_krb5_enc_data);
+        ktest_destroy_enc_data(&enc_data);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_challenge_2 */
+    {
+        krb5_sam_challenge_2 sam_ch2;
+        ktest_make_sample_sam_challenge_2(&sam_ch2);
+        encode_run(sam_ch2, "sam_challenge_2", "",
+                   encode_krb5_sam_challenge_2);
+        ktest_empty_sam_challenge_2(&sam_ch2);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_challenge_2_body */
+    {
+        krb5_sam_challenge_2_body body;
+        ktest_make_sample_sam_challenge_2_body(&body);
+        encode_run(body, "sam_challenge_2_body", "",
+                   encode_krb5_sam_challenge_2_body);
+        ktest_empty_sam_challenge_2_body(&body);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_response_2 */
+    {
+        krb5_sam_response_2 sam_ch2;
+        ktest_make_sample_sam_response_2(&sam_ch2);
+        encode_run(sam_ch2, "sam_response_2", "", encode_krb5_sam_response_2);
+        ktest_empty_sam_response_2(&sam_ch2);
+    }
+    /****************************************************************/
+    /* encode_krb5_sam_response_enc_2 */
+    {
+        krb5_enc_sam_response_enc_2 sam_ch2;
+        ktest_make_sample_enc_sam_response_enc_2(&sam_ch2);
+        encode_run(sam_ch2, "enc_sam_response_enc_2", "",
+                   encode_krb5_enc_sam_response_enc_2);
+        ktest_empty_enc_sam_response_enc_2(&sam_ch2);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_for_user */
+    {
+        krb5_pa_for_user s4u;
+        ktest_make_sample_pa_for_user(&s4u);
+        encode_run(s4u, "pa_for_user", "", encode_krb5_pa_for_user);
+        ktest_empty_pa_for_user(&s4u);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_s4u_x509_user */
+    {
+        krb5_pa_s4u_x509_user s4u;
+        ktest_make_sample_pa_s4u_x509_user(&s4u);
+        encode_run(s4u, "pa_s4u_x509_user", "", encode_krb5_pa_s4u_x509_user);
+        ktest_empty_pa_s4u_x509_user(&s4u);
+    }
+    /****************************************************************/
+    /* encode_krb5_ad_kdcissued */
+    {
+        krb5_ad_kdcissued kdci;
+        ktest_make_sample_ad_kdcissued(&kdci);
+        encode_run(kdci, "ad_kdcissued", "", encode_krb5_ad_kdcissued);
+        ktest_empty_ad_kdcissued(&kdci);
+    }
+    /****************************************************************/
+    /* encode_krb5_iakerb_header */
+    {
+        krb5_iakerb_header ih;
+        ktest_make_sample_iakerb_header(&ih);
+        encode_run(ih, "iakerb_header", "", encode_krb5_iakerb_header);
+        ktest_empty_iakerb_header(&ih);
+    }
+    /****************************************************************/
+    /* encode_krb5_iakerb_finished */
+    {
+        krb5_iakerb_finished ih;
+        ktest_make_sample_iakerb_finished(&ih);
+        encode_run(ih, "iakerb_finished", "", encode_krb5_iakerb_finished);
+        ktest_empty_iakerb_finished(&ih);
+    }
+    /****************************************************************/
+    /* encode_krb5_fast_response */
+    {
+        krb5_fast_response fr;
+        ktest_make_sample_fast_response(&fr);
+        encode_run(fr, "fast_response", "", encode_krb5_fast_response);
+        ktest_empty_fast_response(&fr);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_fx_fast_reply */
+    {
+        krb5_enc_data enc_data;
+        ktest_make_sample_enc_data(&enc_data);
+        encode_run(enc_data, "pa_fx_fast_reply", "",
+                   encode_krb5_pa_fx_fast_reply);
+        ktest_destroy_enc_data(&enc_data);
+    }
+    /****************************************************************/
+    /* encode_krb5_otp_tokeninfo */
+    {
+        krb5_otp_tokeninfo ti;
+        ktest_make_minimal_otp_tokeninfo(&ti);
+        encode_run(ti, "otp_tokeninfo", "(optionals NULL)",
+                   encode_krb5_otp_tokeninfo);
+        ktest_empty_otp_tokeninfo(&ti);
+        ktest_make_maximal_otp_tokeninfo(&ti);
+        encode_run(ti, "otp_tokeninfo", "", encode_krb5_otp_tokeninfo);
+        ktest_empty_otp_tokeninfo(&ti);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_otp_challenge */
+    {
+        krb5_pa_otp_challenge ch;
+        ktest_make_minimal_pa_otp_challenge(&ch);
+        encode_run(ch, "pa_otp_challenge", "(optionals NULL)",
+                   encode_krb5_pa_otp_challenge);
+        ktest_empty_pa_otp_challenge(&ch);
+        ktest_make_maximal_pa_otp_challenge(&ch);
+        encode_run(ch, "pa_otp_challenge", "", encode_krb5_pa_otp_challenge);
+        ktest_empty_pa_otp_challenge(&ch);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_otp_req */
+    {
+        krb5_pa_otp_req req;
+        ktest_make_minimal_pa_otp_req(&req);
+        encode_run(req, "pa_otp_req", "(optionals NULL)",
+                   encode_krb5_pa_otp_req);
+        ktest_empty_pa_otp_req(&req);
+        ktest_make_maximal_pa_otp_req(&req);
+        encode_run(req, "pa_otp_req", "", encode_krb5_pa_otp_req);
+        ktest_empty_pa_otp_req(&req);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_otp_enc_request */
+    {
+        krb5_data d;
+        ktest_make_sample_data(&d);
+        encode_run(d, "pa_otp_enc_req", "", encode_krb5_pa_otp_enc_req);
+        ktest_empty_data(&d);
+    }
+    /****************************************************************/
+    /* encode_krb5_kkdcp_message */
+    {
+        krb5_kkdcp_message info;
+        ktest_make_sample_kkdcp_message(&info);
+        encode_run(info, "kkdcp_message", "", encode_krb5_kkdcp_message);
+        ktest_empty_kkdcp_message(&info);
+    }
+    /* encode_krb5_cammac */
+    {
+        krb5_cammac req;
+        ktest_make_minimal_cammac(&req);
+        encode_run(req, "cammac", "(optionals NULL)", encode_krb5_cammac);
+        ktest_empty_cammac(&req);
+        ktest_make_maximal_cammac(&req);
+        encode_run(req, "cammac", "", encode_krb5_cammac);
+        ktest_empty_cammac(&req);
+    }
+    /****************************************************************/
+    /* encode_krb5_secure_cookie */
+    {
+        krb5_secure_cookie cookie;
+        ktest_make_sample_secure_cookie(&cookie);
+        encode_run(cookie, "secure_cookie", "", encode_krb5_secure_cookie);
+        ktest_empty_secure_cookie(&cookie);
+    }
+    /****************************************************************/
+    /* encode_krb5_spake_factor */
+    {
+        krb5_spake_factor factor;
+        ktest_make_minimal_spake_factor(&factor);
+        encode_run(factor, "spake_factor", "(optionals NULL)",
+                   encode_krb5_spake_factor);
+        ktest_empty_spake_factor(&factor);
+        ktest_make_maximal_spake_factor(&factor);
+        encode_run(factor, "spake_factor", "", encode_krb5_spake_factor);
+        ktest_empty_spake_factor(&factor);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_spake */
+    {
+        krb5_pa_spake pa_spake;
+        ktest_make_support_pa_spake(&pa_spake);
+        encode_run(pa_spake, "pa_spake", "(support)", encode_krb5_pa_spake);
+        ktest_empty_pa_spake(&pa_spake);
+        ktest_make_challenge_pa_spake(&pa_spake);
+        encode_run(pa_spake, "pa_spake", "(challenge)", encode_krb5_pa_spake);
+        ktest_empty_pa_spake(&pa_spake);
+        ktest_make_response_pa_spake(&pa_spake);
+        encode_run(pa_spake, "pa_spake", "(response)", encode_krb5_pa_spake);
+        ktest_empty_pa_spake(&pa_spake);
+        ktest_make_encdata_pa_spake(&pa_spake);
+        encode_run(pa_spake, "pa_spake", "(encdata)", encode_krb5_pa_spake);
+        ktest_empty_pa_spake(&pa_spake);
+    }
+#ifndef DISABLE_PKINIT
+    /****************************************************************/
+    /* encode_krb5_pa_pk_as_req */
+    {
+        krb5_pa_pk_as_req req;
+        ktest_make_sample_pa_pk_as_req(&req);
+        encode_run(req, "pa_pk_as_req", "", acc.encode_krb5_pa_pk_as_req);
+        ktest_empty_pa_pk_as_req(&req);
+    }
+    /****************************************************************/
+    /* encode_krb5_pa_pk_as_rep */
+    {
+        krb5_pa_pk_as_rep rep;
+        ktest_make_sample_pa_pk_as_rep_dhInfo(&rep);
+        encode_run(rep, "pa_pk_as_rep", "(dhInfo)",
+                   acc.encode_krb5_pa_pk_as_rep);
+        ktest_empty_pa_pk_as_rep(&rep);
+        ktest_make_sample_pa_pk_as_rep_encKeyPack(&rep);
+        encode_run(rep, "pa_pk_as_rep", "(encKeyPack)",
+                   acc.encode_krb5_pa_pk_as_rep);
+        ktest_empty_pa_pk_as_rep(&rep);
+    }
+    /****************************************************************/
+    /* encode_krb5_auth_pack */
+    {
+        krb5_auth_pack pack;
+        ktest_make_sample_auth_pack(&pack);
+        encode_run(pack, "auth_pack", "", acc.encode_krb5_auth_pack);
+        ktest_empty_auth_pack(&pack);
+    }
+    /****************************************************************/
+    /* encode_krb5_kdc_dh_key_info */
+    {
+        krb5_kdc_dh_key_info ki;
+        ktest_make_sample_kdc_dh_key_info(&ki);
+        encode_run(ki, "kdc_dh_key_info", "", acc.encode_krb5_kdc_dh_key_info);
+        ktest_empty_kdc_dh_key_info(&ki);
+    }
+    /****************************************************************/
+    /* encode_krb5_reply_key_pack */
+    {
+        krb5_reply_key_pack pack;
+        ktest_make_sample_reply_key_pack(&pack);
+        encode_run(pack, "reply_key_pack", "", acc.encode_krb5_reply_key_pack);
+        ktest_empty_reply_key_pack(&pack);
+    }
+    /****************************************************************/
+    /* encode_krb5_sp80056a_other_info */
+    {
+        krb5_sp80056a_other_info info;
+        ktest_make_sample_sp80056a_other_info(&info);
+        encode_run(info, "sp80056a_other_info", "",
+                   encode_krb5_sp80056a_other_info);
+        ktest_empty_sp80056a_other_info(&info);
+    }
+    /****************************************************************/
+    /* encode_krb5_pkinit_supp_pub_info */
+    {
+        krb5_pkinit_supp_pub_info info;
+        ktest_make_sample_pkinit_supp_pub_info(&info);
+        encode_run(info, "pkinit_supp_pub_info", "",
+                   encode_krb5_pkinit_supp_pub_info);
+        ktest_empty_pkinit_supp_pub_info(&info);
+    }
+#endif /* not DISABLE_PKINIT */
+#ifdef ENABLE_LDAP
+    {
+        ldap_seqof_key_data skd;
+
+        ktest_make_sample_ldap_seqof_key_data(&skd);
+        encode_run(skd, "ldap_seqof_key_data", "",
+                   acc.asn1_ldap_encode_sequence_of_keys);
+        ktest_empty_ldap_seqof_key_data(test_context, &skd);
+    }
+#endif
+
+    krb5_free_context(test_context);
+    exit(error_count);
+    return(error_count);
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/ktest.c b/krb5-1.21.3/src/tests/asn.1/ktest.c
new file mode 100644
index 00000000..d37e4fa7
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/ktest.c
@@ -0,0 +1,1799 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "ktest.h"
+#include "utility.h"
+#include <stdlib.h>
+
+char *sample_principal_name = "hftsai/extra@ATHENA.MIT.EDU";
+
+void
+ktest_make_sample_authenticator(krb5_authenticator *a)
+{
+    ktest_make_sample_principal(&a->client);
+    a->checksum = ealloc(sizeof(krb5_checksum));
+    ktest_make_sample_checksum(a->checksum);
+    a->cusec = SAMPLE_USEC;
+    a->ctime = SAMPLE_TIME;
+    a->subkey = ealloc(sizeof(krb5_keyblock));
+    ktest_make_sample_keyblock(a->subkey);
+    a->seq_number = SAMPLE_SEQ_NUMBER;
+    ktest_make_sample_authorization_data(&a->authorization_data);
+}
+
+void
+ktest_make_sample_principal(krb5_principal *p)
+{
+    if (krb5_parse_name(test_context, sample_principal_name, p))
+        abort();
+}
+
+void
+ktest_make_sample_checksum(krb5_checksum *cs)
+{
+    cs->checksum_type = 1;
+    cs->length = 4;
+    cs->contents = ealloc(4);
+    memcpy(cs->contents,"1234",4);
+}
+
+void
+ktest_make_sample_keyblock(krb5_keyblock *kb)
+{
+    kb->magic = KV5M_KEYBLOCK;
+    kb->enctype = 1;
+    kb->length = 8;
+    kb->contents = ealloc(8);
+    memcpy(kb->contents,"12345678",8);
+}
+
+void
+ktest_make_sample_ticket(krb5_ticket *tkt)
+{
+    ktest_make_sample_principal(&tkt->server);
+    ktest_make_sample_enc_data(&tkt->enc_part);
+    tkt->enc_part2 = NULL;
+}
+
+void
+ktest_make_sample_enc_data(krb5_enc_data *ed)
+{
+    ed->kvno = 5;
+    ed->enctype = 0;
+    krb5_data_parse(&ed->ciphertext, "krbASN.1 test message");
+}
+
+void
+ktest_make_sample_enc_tkt_part(krb5_enc_tkt_part *etp)
+{
+    etp->flags = SAMPLE_FLAGS;
+    etp->session = ealloc(sizeof(krb5_keyblock));
+    ktest_make_sample_keyblock(etp->session);
+    ktest_make_sample_principal(&etp->client);
+    ktest_make_sample_transited(&etp->transited);
+    ktest_make_sample_ticket_times(&etp->times);
+    ktest_make_sample_addresses(&etp->caddrs);
+    ktest_make_sample_authorization_data(&etp->authorization_data);
+}
+
+void
+ktest_make_sample_addresses(krb5_address ***caddrs)
+{
+    int i;
+
+    *caddrs = ealloc(3 * sizeof(krb5_address *));
+    for (i = 0; i < 2; i++) {
+        (*caddrs)[i] = ealloc(sizeof(krb5_address));
+        ktest_make_sample_address((*caddrs)[i]);
+    }
+    (*caddrs)[2] = NULL;
+}
+
+void
+ktest_make_sample_authorization_data(krb5_authdata ***ad)
+{
+    int i;
+
+    *ad = ealloc(3 * sizeof(krb5_authdata *));
+    for (i = 0; i <= 1; i++) {
+        (*ad)[i] = ealloc(sizeof(krb5_authdata));
+        ktest_make_sample_authdata((*ad)[i]);
+    }
+    (*ad)[2] = NULL;
+}
+
+void
+ktest_make_sample_transited(krb5_transited *t)
+{
+    t->tr_type = 1;
+    krb5_data_parse(&t->tr_contents, "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.");
+}
+
+void
+ktest_make_sample_ticket_times(krb5_ticket_times *tt)
+{
+    tt->authtime = SAMPLE_TIME;
+    tt->starttime = SAMPLE_TIME;
+    tt->endtime = SAMPLE_TIME;
+    tt->renew_till = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_address(krb5_address *a)
+{
+    a->addrtype = ADDRTYPE_INET;
+    a->length = 4;
+    a->contents = ealloc(4 * sizeof(krb5_octet));
+    a->contents[0] = 18;
+    a->contents[1] = 208;
+    a->contents[2] = 0;
+    a->contents[3] = 35;
+}
+
+void
+ktest_make_sample_authdata(krb5_authdata *ad)
+{
+    ad->ad_type = 1;
+    ad->length = 6;
+    ad->contents = ealloc(6 * sizeof(krb5_octet));
+    memcpy(ad->contents, "foobar", 6);
+}
+
+void
+ktest_make_sample_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr)
+{
+    ekr->session = ealloc(sizeof(krb5_keyblock));
+    ktest_make_sample_keyblock(ekr->session);
+    ktest_make_sample_last_req(&ekr->last_req);
+    ekr->nonce = SAMPLE_NONCE;
+    ekr->key_exp = SAMPLE_TIME;
+    ekr->flags = SAMPLE_FLAGS;
+    ekr->times.authtime = SAMPLE_TIME;
+    ekr->times.starttime = SAMPLE_TIME;
+    ekr->times.endtime = SAMPLE_TIME;
+    ekr->times.renew_till = SAMPLE_TIME;
+    ktest_make_sample_principal(&ekr->server);
+    ktest_make_sample_addresses(&ekr->caddrs);
+}
+
+void
+ktest_make_sample_last_req(krb5_last_req_entry ***lr)
+{
+    int i;
+
+    *lr = ealloc(3 * sizeof(krb5_last_req_entry *));
+    for (i = 0; i <= 1; i++)
+        ktest_make_sample_last_req_entry(&(*lr)[i]);
+    (*lr)[2] = NULL;
+}
+
+void
+ktest_make_sample_last_req_entry(krb5_last_req_entry **lre)
+{
+    *lre = ealloc(sizeof(krb5_last_req_entry));
+    (*lre)->lr_type = -5;
+    (*lre)->value = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_kdc_rep(krb5_kdc_rep *kdcr)
+{
+    ktest_make_sample_pa_data_array(&kdcr->padata);
+    ktest_make_sample_principal(&kdcr->client);
+    kdcr->ticket = ealloc(sizeof(krb5_ticket));
+    ktest_make_sample_ticket(kdcr->ticket);
+    ktest_make_sample_enc_data(&kdcr->enc_part);
+    kdcr->enc_part2 = NULL;
+}
+
+void
+ktest_make_sample_pa_data_array(krb5_pa_data ***pad)
+{
+    int i;
+
+    *pad = ealloc(3 * sizeof(krb5_pa_data *));
+    for (i = 0; i <= 1; i++) {
+        (*pad)[i] = ealloc(sizeof(krb5_pa_data));
+        ktest_make_sample_pa_data((*pad)[i]);
+    }
+    (*pad)[2] = NULL;
+}
+
+void
+ktest_make_sample_empty_pa_data_array(krb5_pa_data ***pad)
+{
+    *pad = ealloc(sizeof(krb5_pa_data *));
+    (*pad)[0] = NULL;
+}
+
+void
+ktest_make_sample_pa_data(krb5_pa_data *pad)
+{
+    pad->pa_type = 13;
+    pad->length = 7;
+    pad->contents = ealloc(7);
+    memcpy(pad->contents, "pa-data", 7);
+}
+
+void
+ktest_make_sample_ap_req(krb5_ap_req *ar)
+{
+    ar->ap_options = SAMPLE_FLAGS;
+    ar->ticket = ealloc(sizeof(krb5_ticket));
+    ktest_make_sample_ticket(ar->ticket);
+    ktest_make_sample_enc_data(&(ar->authenticator));
+}
+
+void
+ktest_make_sample_ap_rep(krb5_ap_rep *ar)
+{
+    ktest_make_sample_enc_data(&ar->enc_part);
+}
+
+void
+ktest_make_sample_ap_rep_enc_part(krb5_ap_rep_enc_part *arep)
+{
+    arep->ctime = SAMPLE_TIME;
+    arep->cusec = SAMPLE_USEC;
+    arep->subkey = ealloc(sizeof(krb5_keyblock));
+    ktest_make_sample_keyblock(arep->subkey);
+    arep->seq_number = SAMPLE_SEQ_NUMBER;
+}
+
+void
+ktest_make_sample_kdc_req(krb5_kdc_req *kr)
+{
+    /* msg_type is left up to the calling procedure */
+    ktest_make_sample_pa_data_array(&kr->padata);
+    kr->kdc_options = SAMPLE_FLAGS;
+    ktest_make_sample_principal(&(kr->client));
+    ktest_make_sample_principal(&(kr->server));
+    kr->from = SAMPLE_TIME;
+    kr->till = SAMPLE_TIME;
+    kr->rtime = SAMPLE_TIME;
+    kr->nonce = SAMPLE_NONCE;
+    kr->nktypes = 2;
+    kr->ktype = ealloc(2 * sizeof(krb5_enctype));
+    kr->ktype[0] = 0;
+    kr->ktype[1] = 1;
+    ktest_make_sample_addresses(&kr->addresses);
+    ktest_make_sample_enc_data(&kr->authorization_data);
+    ktest_make_sample_authorization_data(&kr->unenc_authdata);
+    ktest_make_sample_sequence_of_ticket(&kr->second_ticket);
+}
+
+void
+ktest_make_sample_kdc_req_body(krb5_kdc_req *krb)
+{
+    krb->kdc_options = SAMPLE_FLAGS;
+    ktest_make_sample_principal(&krb->client);
+    ktest_make_sample_principal(&krb->server);
+    krb->from = SAMPLE_TIME;
+    krb->till = SAMPLE_TIME;
+    krb->rtime = SAMPLE_TIME;
+    krb->nonce = SAMPLE_NONCE;
+    krb->nktypes = 2;
+    krb->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype));
+    krb->ktype[0] = 0;
+    krb->ktype[1] = 1;
+    ktest_make_sample_addresses(&krb->addresses);
+    ktest_make_sample_enc_data(&krb->authorization_data);
+    ktest_make_sample_authorization_data(&krb->unenc_authdata);
+    ktest_make_sample_sequence_of_ticket(&krb->second_ticket);
+}
+
+void
+ktest_make_sample_safe(krb5_safe *s)
+{
+    ktest_make_sample_data(&s->user_data);
+    s->timestamp = SAMPLE_TIME;
+    s->usec = SAMPLE_USEC;
+    s->seq_number = SAMPLE_SEQ_NUMBER;
+    s->s_address = ealloc(sizeof(krb5_address));
+    ktest_make_sample_address(s->s_address);
+    s->r_address = ealloc(sizeof(krb5_address));
+    ktest_make_sample_address(s->r_address);
+    s->checksum = ealloc(sizeof(krb5_checksum));
+    ktest_make_sample_checksum(s->checksum);
+}
+
+void
+ktest_make_sample_priv(krb5_priv *p)
+{
+    ktest_make_sample_enc_data(&p->enc_part);
+}
+
+void
+ktest_make_sample_priv_enc_part(krb5_priv_enc_part *pep)
+{
+    ktest_make_sample_data(&(pep->user_data));
+    pep->timestamp = SAMPLE_TIME;
+    pep->usec = SAMPLE_USEC;
+    pep->seq_number = SAMPLE_SEQ_NUMBER;
+    pep->s_address = ealloc(sizeof(krb5_address));
+    ktest_make_sample_address(pep->s_address);
+    pep->r_address = ealloc(sizeof(krb5_address));
+    ktest_make_sample_address(pep->r_address);
+}
+
+void
+ktest_make_sample_cred(krb5_cred *c)
+{
+    ktest_make_sample_sequence_of_ticket(&c->tickets);
+    ktest_make_sample_enc_data(&c->enc_part);
+}
+
+void
+ktest_make_sample_sequence_of_ticket(krb5_ticket ***sot)
+{
+    int i;
+
+    *sot = ealloc(3 * sizeof(krb5_ticket *));
+    for (i = 0; i < 2; i++) {
+        (*sot)[i] = ealloc(sizeof(krb5_ticket));
+        ktest_make_sample_ticket((*sot)[i]);
+    }
+    (*sot)[2] = NULL;
+}
+
+void
+ktest_make_sample_cred_enc_part(krb5_cred_enc_part *cep)
+{
+    cep->nonce = SAMPLE_NONCE;
+    cep->timestamp = SAMPLE_TIME;
+    cep->usec = SAMPLE_USEC;
+    cep->s_address = ealloc(sizeof(krb5_address));
+    ktest_make_sample_address(cep->s_address);
+    cep->r_address = ealloc(sizeof(krb5_address));
+    ktest_make_sample_address(cep->r_address);
+    ktest_make_sequence_of_cred_info(&cep->ticket_info);
+}
+
+void
+ktest_make_sequence_of_cred_info(krb5_cred_info ***soci)
+{
+    int i;
+
+    *soci = ealloc(3 * sizeof(krb5_cred_info *));
+    for (i = 0; i < 2; i++) {
+        (*soci)[i] = ealloc(sizeof(krb5_cred_info));
+        ktest_make_sample_cred_info((*soci)[i]);
+    }
+    (*soci)[2] = NULL;
+}
+
+void
+ktest_make_sample_cred_info(krb5_cred_info *ci)
+{
+    ci->session = ealloc(sizeof(krb5_keyblock));
+    ktest_make_sample_keyblock(ci->session);
+    ktest_make_sample_principal(&ci->client);
+    ktest_make_sample_principal(&ci->server);
+    ci->flags = SAMPLE_FLAGS;
+    ci->times.authtime = SAMPLE_TIME;
+    ci->times.starttime = SAMPLE_TIME;
+    ci->times.endtime = SAMPLE_TIME;
+    ci->times.renew_till = SAMPLE_TIME;
+    ktest_make_sample_addresses(&ci->caddrs);
+}
+
+void
+ktest_make_sample_error(krb5_error *kerr)
+{
+    kerr->ctime = SAMPLE_TIME;
+    kerr->cusec = SAMPLE_USEC;
+    kerr->susec = SAMPLE_USEC;
+    kerr->stime = SAMPLE_TIME;
+    kerr->error = SAMPLE_ERROR;
+    ktest_make_sample_principal(&kerr->client);
+    ktest_make_sample_principal(&kerr->server);
+    ktest_make_sample_data(&kerr->text);
+    ktest_make_sample_data(&kerr->e_data);
+}
+
+void
+ktest_make_sample_data(krb5_data *d)
+{
+    krb5_data_parse(d, "krb5data");
+}
+
+void
+ktest_make_sample_etype_info(krb5_etype_info_entry ***p)
+{
+    krb5_etype_info_entry **info;
+    int i, len;
+    char *str;
+
+    info = ealloc(4 * sizeof(krb5_etype_info_entry *));
+    for (i = 0; i < 3; i++) {
+        info[i] = ealloc(sizeof(krb5_etype_info_entry));
+        info[i]->etype = i;
+        len = asprintf(&str, "Morton's #%d", i);
+        if (len < 0)
+            abort();
+        info[i]->salt = (krb5_octet *)str;
+        info[i]->length = len;
+        info[i]->s2kparams.data = NULL;
+        info[i]->s2kparams.length = 0;
+        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+    }
+    free(info[1]->salt);
+    info[1]->length = KRB5_ETYPE_NO_SALT;
+    info[1]->salt = 0;
+    *p = info;
+}
+
+
+void
+ktest_make_sample_etype_info2(krb5_etype_info_entry ***p)
+{
+    krb5_etype_info_entry **info;
+    int i, len;
+    char *str;
+
+    info = ealloc(4 * sizeof(krb5_etype_info_entry *));
+    for (i = 0; i < 3; i++) {
+        info[i] = ealloc(sizeof(krb5_etype_info_entry));
+        info[i]->etype = i;
+        len = asprintf(&str, "Morton's #%d", i);
+        if (len < 0)
+            abort();
+        info[i]->salt = (krb5_octet *)str;
+        info[i]->length = (unsigned int)len;
+        len = asprintf(&info[i]->s2kparams.data, "s2k: %d", i);
+        if (len < 0)
+            abort();
+        info[i]->s2kparams.length = (unsigned int) len;
+        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+    }
+    free(info[1]->salt);
+    info[1]->length = KRB5_ETYPE_NO_SALT;
+    info[1]->salt = 0;
+    *p = info;
+}
+
+
+void
+ktest_make_sample_pa_enc_ts(krb5_pa_enc_ts *pa_enc)
+{
+    pa_enc->patimestamp = SAMPLE_TIME;
+    pa_enc->pausec = SAMPLE_USEC;
+}
+
+void
+ktest_make_sample_sam_challenge_2(krb5_sam_challenge_2 *p)
+{
+    /* Need a valid DER sequence encoding here; this one contains the OCTET
+     * STRING "challenge". */
+    krb5_data_parse(&p->sam_challenge_2_body, "\x30\x0B\x04\x09" "challenge");
+    p->sam_cksum = ealloc(2 * sizeof(krb5_checksum *));
+    p->sam_cksum[0] = ealloc(sizeof(krb5_checksum));
+    ktest_make_sample_checksum(p->sam_cksum[0]);
+    p->sam_cksum[1] = NULL;
+}
+
+void
+ktest_make_sample_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
+{
+    p->sam_type = 42;
+    p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY;
+    krb5_data_parse(&p->sam_type_name, "type name");
+    p->sam_track_id = empty_data();
+    krb5_data_parse(&p->sam_challenge_label, "challenge label");
+    krb5_data_parse(&p->sam_challenge, "challenge ipse");
+    krb5_data_parse(&p->sam_response_prompt, "response_prompt ipse");
+    p->sam_pk_for_sad = empty_data();
+    p->sam_nonce = 0x543210;
+    p->sam_etype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
+}
+
+void
+ktest_make_sample_sam_response_2(krb5_sam_response_2 *p)
+{
+    p->magic = KV5M_SAM_RESPONSE;
+    p->sam_type = 43; /* information */
+    p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
+    krb5_data_parse(&p->sam_track_id, "track data");
+    krb5_data_parse(&p->sam_enc_nonce_or_sad.ciphertext, "nonce or sad");
+    p->sam_enc_nonce_or_sad.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
+    p->sam_enc_nonce_or_sad.kvno = 3382;
+    p->sam_nonce = 0x543210;
+}
+
+void
+ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p)
+{
+    p->magic = 83;
+    p->sam_nonce = 88;
+    krb5_data_parse(&p->sam_sad, "enc_sam_response_enc_2");
+}
+
+void
+ktest_make_sample_pa_for_user(krb5_pa_for_user *p)
+{
+    ktest_make_sample_principal(&p->user);
+    ktest_make_sample_checksum(&p->cksum);
+    ktest_make_sample_data(&p->auth_package);
+}
+
+void
+ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p)
+{
+    krb5_s4u_userid *u = &p->user_id;
+
+    u->nonce = 13243546;
+    ktest_make_sample_principal(&u->user);
+    krb5_data_parse(&u->subject_cert, "pa_s4u_x509_user");
+    u->options = 0x80000000;
+    ktest_make_sample_checksum(&p->cksum);
+}
+
+void
+ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p)
+{
+    ktest_make_sample_checksum(&p->ad_checksum);
+    ktest_make_sample_principal(&p->i_principal);
+    ktest_make_sample_authorization_data(&p->elements);
+}
+
+void
+ktest_make_sample_iakerb_header(krb5_iakerb_header *ih)
+{
+    ktest_make_sample_data(&(ih->target_realm));
+    ih->cookie = ealloc(sizeof(krb5_data));
+    ktest_make_sample_data(ih->cookie);
+}
+
+void
+ktest_make_sample_iakerb_finished(krb5_iakerb_finished *ih)
+{
+    ktest_make_sample_checksum(&ih->checksum);
+}
+
+static void
+ktest_make_sample_fast_finished(krb5_fast_finished *p)
+{
+    p->timestamp = SAMPLE_TIME;
+    p->usec = SAMPLE_USEC;
+    ktest_make_sample_principal(&p->client);
+    ktest_make_sample_checksum(&p->ticket_checksum);
+}
+
+void
+ktest_make_sample_fast_response(krb5_fast_response *p)
+{
+    ktest_make_sample_pa_data_array(&p->padata);
+    p->strengthen_key = ealloc(sizeof(krb5_keyblock));
+    ktest_make_sample_keyblock(p->strengthen_key);
+    p->finished = ealloc(sizeof(krb5_fast_finished));
+    ktest_make_sample_fast_finished(p->finished);
+    p->nonce = SAMPLE_NONCE;
+}
+
+void
+ktest_make_sha256_alg(krb5_algorithm_identifier *p)
+{
+    /* { 2 16 840 1 101 3 4 2 1 } */
+    krb5_data_parse(&p->algorithm, "\x60\x86\x48\x01\x65\x03\x04\x02\x01");
+    p->parameters = empty_data();
+}
+
+void
+ktest_make_sha1_alg(krb5_algorithm_identifier *p)
+{
+    /* { 1 3 14 3 2 26 } */
+    krb5_data_parse(&p->algorithm, "\x2b\x0e\x03\x02\x1a");
+    p->parameters = empty_data();
+}
+
+void
+ktest_make_minimal_otp_tokeninfo(krb5_otp_tokeninfo *p)
+{
+    memset(p, 0, sizeof(*p));
+    p->length = p->format = p->iteration_count = -1;
+}
+
+void
+ktest_make_maximal_otp_tokeninfo(krb5_otp_tokeninfo *p)
+{
+    p->flags = KRB5_OTP_FLAG_NEXTOTP | KRB5_OTP_FLAG_COMBINE |
+        KRB5_OTP_FLAG_COLLECT_PIN | KRB5_OTP_FLAG_ENCRYPT_NONCE |
+        KRB5_OTP_FLAG_SEPARATE_PIN | KRB5_OTP_FLAG_CHECK_DIGIT;
+    krb5_data_parse(&p->vendor, "Examplecorp");
+    krb5_data_parse(&p->challenge, "hark!");
+    p->length = 10;
+    p->format = 2;
+    krb5_data_parse(&p->token_id, "yourtoken");
+    krb5_data_parse(&p->alg_id, "urn:ietf:params:xml:ns:keyprov:pskc:hotp");
+    p->supported_hash_alg = ealloc(3 * sizeof(*p->supported_hash_alg));
+    p->supported_hash_alg[0] = ealloc(sizeof(*p->supported_hash_alg[0]));
+    ktest_make_sha256_alg(p->supported_hash_alg[0]);
+    p->supported_hash_alg[1] = ealloc(sizeof(*p->supported_hash_alg[1]));
+    ktest_make_sha1_alg(p->supported_hash_alg[1]);
+    p->supported_hash_alg[2] = NULL;
+    p->iteration_count = 1000;
+}
+
+void
+ktest_make_minimal_pa_otp_challenge(krb5_pa_otp_challenge *p)
+{
+    memset(p, 0, sizeof(*p));
+    krb5_data_parse(&p->nonce, "minnonce");
+    p->tokeninfo = ealloc(2 * sizeof(*p->tokeninfo));
+    p->tokeninfo[0] = ealloc(sizeof(*p->tokeninfo[0]));
+    ktest_make_minimal_otp_tokeninfo(p->tokeninfo[0]);
+    p->tokeninfo[1] = NULL;
+}
+
+void
+ktest_make_maximal_pa_otp_challenge(krb5_pa_otp_challenge *p)
+{
+    krb5_data_parse(&p->nonce, "maxnonce");
+    krb5_data_parse(&p->service, "testservice");
+    p->tokeninfo = ealloc(3 * sizeof(*p->tokeninfo));
+    p->tokeninfo[0] = ealloc(sizeof(*p->tokeninfo[0]));
+    ktest_make_minimal_otp_tokeninfo(p->tokeninfo[0]);
+    p->tokeninfo[1] = ealloc(sizeof(*p->tokeninfo[1]));
+    ktest_make_maximal_otp_tokeninfo(p->tokeninfo[1]);
+    p->tokeninfo[2] = NULL;
+    krb5_data_parse(&p->salt, "keysalt");
+    krb5_data_parse(&p->s2kparams, "1234");
+}
+
+void
+ktest_make_minimal_pa_otp_req(krb5_pa_otp_req *p)
+{
+    memset(p, 0, sizeof(*p));
+    p->iteration_count = -1;
+    p->format = -1;
+    ktest_make_sample_enc_data(&p->enc_data);
+}
+
+void
+ktest_make_maximal_pa_otp_req(krb5_pa_otp_req *p)
+{
+    p->flags = KRB5_OTP_FLAG_NEXTOTP | KRB5_OTP_FLAG_COMBINE;
+    krb5_data_parse(&p->nonce, "nonce");
+    ktest_make_sample_enc_data(&p->enc_data);
+    p->hash_alg = ealloc(sizeof(*p->hash_alg));
+    ktest_make_sha256_alg(p->hash_alg);
+    p->iteration_count = 1000;
+    krb5_data_parse(&p->otp_value, "frogs");
+    krb5_data_parse(&p->pin, "myfirstpin");
+    krb5_data_parse(&p->challenge, "hark!");
+    p->time = SAMPLE_TIME;
+    krb5_data_parse(&p->counter, "346");
+    p->format = 2;
+    krb5_data_parse(&p->token_id, "yourtoken");
+    krb5_data_parse(&p->alg_id, "urn:ietf:params:xml:ns:keyprov:pskc:hotp");
+    krb5_data_parse(&p->vendor, "Examplecorp");
+}
+
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_make_sample_pk_authenticator(krb5_pk_authenticator *p)
+{
+    p->cusec = SAMPLE_USEC;
+    p->ctime = SAMPLE_TIME;
+    p->nonce = SAMPLE_NONCE;
+    ktest_make_sample_checksum(&p->paChecksum);
+    /* We don't encode the checksum type, only the contents. */
+    p->paChecksum.checksum_type = 0;
+    p->freshnessToken = ealloc(sizeof(krb5_data));
+    ktest_make_sample_data(p->freshnessToken);
+}
+
+static void
+ktest_make_sample_oid(krb5_data *p)
+{
+    krb5_data_parse(p, "\052\206\110\206\367\022\001\002\002");
+}
+
+static void
+ktest_make_sample_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+    ktest_make_sample_oid(&p->algorithm);
+    /* Need a valid DER encoding here; this is the OCTET STRING "params". */
+    krb5_data_parse(&p->parameters, "\x04\x06" "params");
+}
+
+static void
+ktest_make_sample_algorithm_identifier_no_params(krb5_algorithm_identifier *p)
+{
+    ktest_make_sample_oid(&p->algorithm);
+    p->parameters = empty_data();
+}
+
+static void
+ktest_make_sample_external_principal_identifier(
+    krb5_external_principal_identifier *p)
+{
+    ktest_make_sample_data(&p->subjectName);
+    ktest_make_sample_data(&p->issuerAndSerialNumber);
+    ktest_make_sample_data(&p->subjectKeyIdentifier);
+}
+
+void
+ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+    ktest_make_sample_data(&p->signedAuthPack);
+    p->trustedCertifiers =
+        ealloc(2 * sizeof(krb5_external_principal_identifier *));
+    p->trustedCertifiers[0] =
+        ealloc(sizeof(krb5_external_principal_identifier));
+    ktest_make_sample_external_principal_identifier(p->trustedCertifiers[0]);
+    p->trustedCertifiers[1] = NULL;
+    ktest_make_sample_data(&p->kdcPkId);
+}
+
+static void
+ktest_make_sample_dh_rep_info(krb5_dh_rep_info *p)
+{
+    ktest_make_sample_data(&p->dhSignedData);
+    ktest_make_sample_data(&p->serverDHNonce);
+    p->kdfID = ealloc(sizeof(krb5_data));
+    ktest_make_sample_data(p->kdfID);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p)
+{
+    p->choice = choice_pa_pk_as_rep_dhInfo;
+    ktest_make_sample_dh_rep_info(&p->u.dh_Info);
+}
+
+void
+ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p)
+{
+    p->choice = choice_pa_pk_as_rep_encKeyPack;
+    ktest_make_sample_data(&p->u.encKeyPack);
+}
+
+void
+ktest_make_sample_auth_pack(krb5_auth_pack *p)
+{
+    ktest_make_sample_pk_authenticator(&p->pkAuthenticator);
+    /* Need a valid DER encoding here; this is the OCTET STRING "pvalue". */
+    krb5_data_parse(&p->clientPublicValue, "\x04\x06" "pvalue");
+    p->supportedCMSTypes = ealloc(3 * sizeof(krb5_algorithm_identifier *));
+    p->supportedCMSTypes[0] = ealloc(sizeof(krb5_algorithm_identifier));
+    ktest_make_sample_algorithm_identifier(p->supportedCMSTypes[0]);
+    p->supportedCMSTypes[1] = ealloc(sizeof(krb5_algorithm_identifier));
+    ktest_make_sample_algorithm_identifier_no_params(p->supportedCMSTypes[1]);
+    p->supportedCMSTypes[2] = NULL;
+    ktest_make_sample_data(&p->clientDHNonce);
+    p->supportedKDFs = ealloc(2 * sizeof(krb5_data *));
+    p->supportedKDFs[0] = ealloc(sizeof(krb5_data));
+    ktest_make_sample_data(p->supportedKDFs[0]);
+    p->supportedKDFs[1] = NULL;
+}
+
+void
+ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+    ktest_make_sample_data(&p->subjectPublicKey);
+    p->nonce = SAMPLE_NONCE;
+    p->dhKeyExpiration = SAMPLE_TIME;
+}
+
+void
+ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p)
+{
+    ktest_make_sample_keyblock(&p->replyKey);
+    ktest_make_sample_checksum(&p->asChecksum);
+}
+
+void
+ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+    ktest_make_sample_algorithm_identifier_no_params(&p->algorithm_identifier);
+    ktest_make_sample_principal(&p->party_u_info);
+    ktest_make_sample_principal(&p->party_v_info);
+    ktest_make_sample_data(&p->supp_pub_info);
+}
+
+void
+ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+    p->enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
+    ktest_make_sample_data(&p->as_req);
+    ktest_make_sample_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
+#ifdef ENABLE_LDAP
+static void
+ktest_make_sample_key_data(krb5_key_data *p, int i)
+{
+    char *str;
+    int len;
+
+    len = asprintf(&str, "key%d", i);
+    if (len < 0)
+        abort();
+    p->key_data_ver = 2;
+    p->key_data_type[0] = 2;
+    p->key_data_length[0] = (unsigned int) len;
+    p->key_data_contents[0] = (krb5_octet *)str;
+    len = asprintf(&str, "salt%d", i);
+    if (len < 0)
+        abort();
+    p->key_data_type[1] = i;
+    p->key_data_length[1] = (unsigned int) len;
+    p->key_data_contents[1] = (krb5_octet *)str;
+}
+
+void
+ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p)
+{
+    int i;
+
+    p->mkvno = 14;
+    p->n_key_data = 3;
+    p->key_data = calloc(3,sizeof(krb5_key_data));
+    p->kvno = 42;
+    for (i = 0; i < 3; i++)
+        ktest_make_sample_key_data(&p->key_data[i], i);
+}
+#endif
+
+void
+ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p)
+{
+    krb5_kdc_req req;
+    krb5_data *message;
+
+    ktest_make_sample_kdc_req(&req);
+    req.msg_type = KRB5_AS_REQ;
+    encode_krb5_as_req(&req, &message);
+    p->kerb_message = *message;
+    free(message);
+    ktest_empty_kdc_req(&req);
+    ktest_make_sample_data(&(p->target_domain));
+    p->dclocator_hint = 0;
+}
+
+static krb5_authdata *
+make_ad_element(krb5_authdatatype ad_type, const char *str)
+{
+    krb5_authdata *ad;
+
+    ad = ealloc(sizeof(*ad));
+    ad->ad_type = ad_type;
+    ad->length = strlen(str);
+    ad->contents = ealloc(ad->length);
+    memcpy(ad->contents, str, ad->length);
+    return ad;
+}
+
+static krb5_verifier_mac *
+make_vmac(krb5_boolean include_princ, krb5_kvno kvno, krb5_enctype enctype,
+          const char *cksumstr)
+{
+    krb5_verifier_mac *vmac;
+
+    vmac = ealloc(sizeof(*vmac));
+    if (include_princ) {
+        ktest_make_sample_principal(&vmac->princ);
+        (void)krb5_set_principal_realm(NULL, vmac->princ, "");
+    } else {
+        vmac->princ = NULL;
+    }
+    vmac->kvno = kvno;
+    vmac->enctype = enctype;
+    vmac->checksum.checksum_type = 1;
+    vmac->checksum.length = strlen(cksumstr);
+    vmac->checksum.contents = ealloc(vmac->checksum.length);
+    memcpy(vmac->checksum.contents, cksumstr, vmac->checksum.length);
+    return vmac;
+}
+
+void
+ktest_make_minimal_cammac(krb5_cammac *p)
+{
+    memset(p, 0, sizeof(*p));
+    p->elements = ealloc(2 * sizeof(*p->elements));
+    p->elements[0] = make_ad_element(1, "ad1");
+    p->elements[1] = NULL;
+}
+
+void
+ktest_make_maximal_cammac(krb5_cammac *p)
+{
+    p->elements = ealloc(3 * sizeof(*p->elements));
+    p->elements[0] = make_ad_element(1, "ad1");
+    p->elements[1] = make_ad_element(2, "ad2");
+    p->elements[2] = NULL;
+    p->kdc_verifier = make_vmac(TRUE, 5, 16, "cksumkdc");
+    p->svc_verifier = make_vmac(TRUE, 5, 16, "cksumsvc");
+    p->other_verifiers = ealloc(3 * sizeof(*p->other_verifiers));
+    p->other_verifiers[0] = make_vmac(FALSE, 0, 0, "cksum1");
+    p->other_verifiers[1] = make_vmac(TRUE, 5, 16, "cksum2");
+    p->other_verifiers[2] = NULL;
+}
+
+void
+ktest_make_sample_secure_cookie(krb5_secure_cookie *p)
+{
+    ktest_make_sample_pa_data_array(&p->data);
+    p->time = SAMPLE_TIME;
+}
+
+void
+ktest_make_minimal_spake_factor(krb5_spake_factor *p)
+{
+    p->type = 1;
+    p->data = NULL;
+}
+
+void
+ktest_make_maximal_spake_factor(krb5_spake_factor *p)
+{
+    p->type = 2;
+    p->data = ealloc(sizeof(*p->data));
+    krb5_data_parse(p->data, "fdata");
+}
+
+void
+ktest_make_support_pa_spake(krb5_pa_spake *p)
+{
+    krb5_spake_support *s = &p->u.support;
+
+    s->ngroups = 2;
+    s->groups = ealloc(s->ngroups * sizeof(*s->groups));
+    s->groups[0] = 1;
+    s->groups[1] = 2;
+    p->choice = SPAKE_MSGTYPE_SUPPORT;
+}
+
+void
+ktest_make_challenge_pa_spake(krb5_pa_spake *p)
+{
+    krb5_spake_challenge *c = &p->u.challenge;
+
+    c->group = 1;
+    krb5_data_parse(&c->pubkey, "T value");
+    c->factors = ealloc(3 * sizeof(*c->factors));
+    c->factors[0] = ealloc(sizeof(*c->factors[0]));
+    ktest_make_minimal_spake_factor(c->factors[0]);
+    c->factors[1] = ealloc(sizeof(*c->factors[1]));
+    ktest_make_maximal_spake_factor(c->factors[1]);
+    c->factors[2] = NULL;
+    p->choice = SPAKE_MSGTYPE_CHALLENGE;
+}
+
+void
+ktest_make_response_pa_spake(krb5_pa_spake *p)
+{
+    krb5_spake_response *r = &p->u.response;
+
+    krb5_data_parse(&r->pubkey, "S value");
+    ktest_make_sample_enc_data(&r->factor);
+    p->choice = SPAKE_MSGTYPE_RESPONSE;
+}
+
+void
+ktest_make_encdata_pa_spake(krb5_pa_spake *p)
+{
+    ktest_make_sample_enc_data(&p->u.encdata);
+    p->choice = SPAKE_MSGTYPE_ENCDATA;
+}
+
+/****************************************************************/
+/* destructors */
+
+void
+ktest_destroy_data(krb5_data **d)
+{
+    if (*d != NULL) {
+        free((*d)->data);
+        free(*d);
+        *d = NULL;
+    }
+}
+
+void
+ktest_empty_data(krb5_data *d)
+{
+    if (d->data != NULL) {
+        free(d->data);
+        d->data = NULL;
+        d->length = 0;
+    }
+}
+
+static void
+ktest_empty_checksum(krb5_checksum *cs)
+{
+    free(cs->contents);
+    cs->contents = NULL;
+}
+
+void
+ktest_destroy_checksum(krb5_checksum **cs)
+{
+    if (*cs != NULL) {
+        free((*cs)->contents);
+        free(*cs);
+        *cs = NULL;
+    }
+}
+
+void
+ktest_empty_keyblock(krb5_keyblock *kb)
+{
+    if (kb != NULL) {
+        if (kb->contents) {
+            free(kb->contents);
+            kb->contents = NULL;
+        }
+    }
+}
+
+void
+ktest_destroy_keyblock(krb5_keyblock **kb)
+{
+    if (*kb != NULL) {
+        free((*kb)->contents);
+        free(*kb);
+        *kb = NULL;
+    }
+}
+
+void
+ktest_empty_authorization_data(krb5_authdata **ad)
+{
+    int i;
+
+    if (*ad != NULL) {
+        for (i=0; ad[i] != NULL; i++)
+            ktest_destroy_authdata(&ad[i]);
+    }
+}
+
+void
+ktest_destroy_authorization_data(krb5_authdata ***ad)
+{
+    ktest_empty_authorization_data(*ad);
+    free(*ad);
+    *ad = NULL;
+}
+
+void
+ktest_destroy_authdata(krb5_authdata **ad)
+{
+    if (*ad != NULL) {
+        free((*ad)->contents);
+        free(*ad);
+        *ad = NULL;
+    }
+}
+
+void
+ktest_empty_pa_data_array(krb5_pa_data **pad)
+{
+    int i;
+
+    for (i=0; pad[i] != NULL; i++)
+        ktest_destroy_pa_data(&pad[i]);
+}
+
+void
+ktest_destroy_pa_data_array(krb5_pa_data ***pad)
+{
+    ktest_empty_pa_data_array(*pad);
+    free(*pad);
+    *pad = NULL;
+}
+
+void
+ktest_destroy_pa_data(krb5_pa_data **pad)
+{
+    if (*pad != NULL) {
+        free((*pad)->contents);
+        free(*pad);
+        *pad = NULL;
+    }
+}
+
+void
+ktest_destroy_address(krb5_address **a)
+{
+    if (*a != NULL) {
+        free((*a)->contents);
+        free(*a);
+        *a = NULL;
+    }
+}
+
+void
+ktest_empty_addresses(krb5_address **a)
+{
+    int i;
+
+    for (i=0; a[i] != NULL; i++)
+        ktest_destroy_address(&a[i]);
+}
+
+void
+ktest_destroy_addresses(krb5_address ***a)
+{
+    ktest_empty_addresses(*a);
+    free(*a);
+    *a = NULL;
+}
+
+void
+ktest_destroy_principal(krb5_principal *p)
+{
+    int i;
+
+    if (*p == NULL)
+        return;
+    for (i=0; i<(*p)->length; i++)
+        ktest_empty_data(&(*p)->data[i]);
+    ktest_empty_data(&(*p)->realm);
+    free((*p)->data);
+    free(*p);
+    *p = NULL;
+}
+
+void
+ktest_destroy_sequence_of_integer(long **soi)
+{
+    free(*soi);
+    *soi = NULL;
+}
+
+void
+ktest_destroy_sequence_of_ticket(krb5_ticket ***sot)
+{
+    int i;
+
+    for (i=0; (*sot)[i] != NULL; i++)
+        ktest_destroy_ticket(&(*sot)[i]);
+    free(*sot);
+    *sot = NULL;
+}
+
+void
+ktest_destroy_ticket(krb5_ticket **tkt)
+{
+    ktest_destroy_principal(&(*tkt)->server);
+    ktest_destroy_enc_data(&(*tkt)->enc_part);
+    /*  ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/
+    free(*tkt);
+    *tkt = NULL;
+}
+
+void
+ktest_empty_ticket(krb5_ticket *tkt)
+{
+    if (tkt->server)
+        ktest_destroy_principal(&tkt->server);
+    ktest_destroy_enc_data(&tkt->enc_part);
+    if (tkt->enc_part2)
+        ktest_destroy_enc_tkt_part(&tkt->enc_part2);
+}
+
+void
+ktest_destroy_enc_data(krb5_enc_data *ed)
+{
+    ktest_empty_data(&ed->ciphertext);
+    ed->kvno = 0;
+}
+
+void
+ktest_destroy_etype_info_entry(krb5_etype_info_entry *i)
+{
+    if (i->salt)
+        free(i->salt);
+    ktest_empty_data(&i->s2kparams);
+    free(i);
+}
+
+void
+ktest_destroy_etype_info(krb5_etype_info_entry **info)
+{
+    int i;
+
+    for (i = 0; info[i] != NULL; i++)
+        ktest_destroy_etype_info_entry(info[i]);
+    free(info);
+}
+
+void
+ktest_empty_kdc_req(krb5_kdc_req *kr)
+{
+    if (kr->padata)
+        ktest_destroy_pa_data_array(&kr->padata);
+
+    if (kr->client)
+        ktest_destroy_principal(&kr->client);
+
+    if (kr->server)
+        ktest_destroy_principal(&kr->server);
+    free(kr->ktype);
+    if (kr->addresses)
+        ktest_destroy_addresses(&kr->addresses);
+    ktest_destroy_enc_data(&kr->authorization_data);
+    if (kr->unenc_authdata)
+        ktest_destroy_authorization_data(&kr->unenc_authdata);
+    if (kr->second_ticket)
+        ktest_destroy_sequence_of_ticket(&kr->second_ticket);
+
+}
+
+void
+ktest_empty_kdc_rep(krb5_kdc_rep *kr)
+{
+    if (kr->padata)
+        ktest_destroy_pa_data_array(&kr->padata);
+
+    if (kr->client)
+        ktest_destroy_principal(&kr->client);
+
+    if (kr->ticket)
+        ktest_destroy_ticket(&kr->ticket);
+
+    ktest_destroy_enc_data(&kr->enc_part);
+
+    if (kr->enc_part2) {
+        ktest_empty_enc_kdc_rep_part(kr->enc_part2);
+        free(kr->enc_part2);
+        kr->enc_part2 = NULL;
+    }
+}
+
+void
+ktest_empty_authenticator(krb5_authenticator *a)
+{
+    if (a->client)
+        ktest_destroy_principal(&a->client);
+    if (a->checksum)
+        ktest_destroy_checksum(&a->checksum);
+    if (a->subkey)
+        ktest_destroy_keyblock(&a->subkey);
+    if (a->authorization_data)
+        ktest_destroy_authorization_data(&a->authorization_data);
+}
+
+void
+ktest_empty_enc_tkt_part(krb5_enc_tkt_part *etp)
+{
+    if (etp->session)
+        ktest_destroy_keyblock(&etp->session);
+    if (etp->client)
+        ktest_destroy_principal(&etp->client);
+    if (etp->caddrs)
+        ktest_destroy_addresses(&etp->caddrs);
+    if (etp->authorization_data)
+        ktest_destroy_authorization_data(&etp->authorization_data);
+    ktest_destroy_transited(&etp->transited);
+}
+
+void
+ktest_destroy_enc_tkt_part(krb5_enc_tkt_part **etp)
+{
+    if (*etp) {
+        ktest_empty_enc_tkt_part(*etp);
+        free(*etp);
+        *etp = NULL;
+    }
+}
+
+void
+ktest_empty_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr)
+{
+    if (ekr->session)
+        ktest_destroy_keyblock(&ekr->session);
+
+    if (ekr->server)
+        ktest_destroy_principal(&ekr->server);
+
+    if (ekr->caddrs)
+        ktest_destroy_addresses(&ekr->caddrs);
+    ktest_destroy_last_req(&ekr->last_req);
+}
+
+void
+ktest_destroy_transited(krb5_transited *t)
+{
+    if (t->tr_contents.data)
+        ktest_empty_data(&t->tr_contents);
+}
+
+void
+ktest_empty_ap_rep(krb5_ap_rep *ar)
+{
+    ktest_destroy_enc_data(&ar->enc_part);
+}
+
+void
+ktest_empty_ap_req(krb5_ap_req *ar)
+{
+    if (ar->ticket)
+        ktest_destroy_ticket(&ar->ticket);
+    ktest_destroy_enc_data(&ar->authenticator);
+}
+
+void
+ktest_empty_cred_enc_part(krb5_cred_enc_part *cep)
+{
+    if (cep->s_address)
+        ktest_destroy_address(&cep->s_address);
+    if (cep->r_address)
+        ktest_destroy_address(&cep->r_address);
+    if (cep->ticket_info)
+        ktest_destroy_sequence_of_cred_info(&cep->ticket_info);
+}
+
+void
+ktest_destroy_cred_info(krb5_cred_info **ci)
+{
+    if ((*ci)->session)
+        ktest_destroy_keyblock(&(*ci)->session);
+    if ((*ci)->client)
+        ktest_destroy_principal(&(*ci)->client);
+    if ((*ci)->server)
+        ktest_destroy_principal(&(*ci)->server);
+    if ((*ci)->caddrs)
+        ktest_destroy_addresses(&(*ci)->caddrs);
+    free(*ci);
+    *ci = NULL;
+}
+
+void
+ktest_destroy_sequence_of_cred_info(krb5_cred_info ***soci)
+{
+    int i;
+
+    for (i = 0; (*soci)[i] != NULL; i++)
+        ktest_destroy_cred_info(&(*soci)[i]);
+    free(*soci);
+    *soci = NULL;
+}
+
+void
+ktest_empty_safe(krb5_safe *s)
+{
+    ktest_empty_data(&s->user_data);
+    ktest_destroy_address(&s->s_address);
+    ktest_destroy_address(&s->r_address);
+    ktest_destroy_checksum(&s->checksum);
+}
+
+void
+ktest_empty_priv_enc_part(krb5_priv_enc_part *pep)
+{
+    ktest_empty_data(&pep->user_data);
+    ktest_destroy_address(&pep->s_address);
+    ktest_destroy_address(&pep->r_address);
+}
+
+void
+ktest_empty_priv(krb5_priv *p)
+{
+    ktest_destroy_enc_data(&p->enc_part);
+}
+
+void
+ktest_empty_cred(krb5_cred *c)
+{
+    ktest_destroy_sequence_of_ticket(&c->tickets);
+    ktest_destroy_enc_data(&c->enc_part);
+    /* enc_part2 */
+}
+
+void
+ktest_destroy_last_req(krb5_last_req_entry ***lr)
+{
+    int i;
+
+    if (*lr) {
+        for (i=0; (*lr)[i] != NULL; i++)
+            free((*lr)[i]);
+
+        free(*lr);
+    }
+}
+
+void
+ktest_empty_error(krb5_error *kerr)
+{
+    if (kerr->client)
+        ktest_destroy_principal(&kerr->client);
+    if (kerr->server)
+        ktest_destroy_principal(&kerr->server);
+    ktest_empty_data(&kerr->text);
+    ktest_empty_data(&kerr->e_data);
+}
+
+void
+ktest_empty_ap_rep_enc_part(krb5_ap_rep_enc_part *arep)
+{
+    ktest_destroy_keyblock(&(arep)->subkey);
+}
+
+void
+ktest_empty_sam_challenge_2(krb5_sam_challenge_2 *p)
+{
+    krb5_checksum **ck;
+
+    ktest_empty_data(&p->sam_challenge_2_body);
+    if (p->sam_cksum != NULL) {
+        for (ck = p->sam_cksum; *ck != NULL; ck++)
+            ktest_destroy_checksum(ck);
+        free(p->sam_cksum);
+        p->sam_cksum = NULL;
+    }
+}
+
+void
+ktest_empty_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
+{
+    ktest_empty_data(&p->sam_type_name);
+    ktest_empty_data(&p->sam_track_id);
+    ktest_empty_data(&p->sam_challenge_label);
+    ktest_empty_data(&p->sam_challenge);
+    ktest_empty_data(&p->sam_response_prompt);
+    ktest_empty_data(&p->sam_pk_for_sad);
+}
+
+void
+ktest_empty_sam_response_2(krb5_sam_response_2 *p)
+{
+    ktest_empty_data(&p->sam_track_id);
+    ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext);
+}
+
+void
+ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p)
+{
+    ktest_empty_data(&p->sam_sad);
+}
+
+void
+ktest_empty_pa_for_user(krb5_pa_for_user *p)
+{
+    ktest_destroy_principal(&p->user);
+    ktest_empty_checksum(&p->cksum);
+    ktest_empty_data(&p->auth_package);
+}
+
+void
+ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p)
+{
+    ktest_destroy_principal(&p->user_id.user);
+    ktest_empty_data(&p->user_id.subject_cert);
+    free(p->cksum.contents);
+}
+
+void
+ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p)
+{
+    free(p->ad_checksum.contents);
+    ktest_destroy_principal(&p->i_principal);
+    ktest_destroy_authorization_data(&p->elements);
+}
+
+void
+ktest_empty_iakerb_header(krb5_iakerb_header *p)
+{
+    krb5_free_data_contents(NULL, &p->target_realm);
+    krb5_free_data(NULL, p->cookie);
+}
+
+void
+ktest_empty_iakerb_finished(krb5_iakerb_finished *p)
+{
+    krb5_free_checksum_contents(NULL, &p->checksum);
+}
+
+static void
+ktest_empty_fast_finished(krb5_fast_finished *p)
+{
+    ktest_destroy_principal(&p->client);
+    ktest_empty_checksum(&p->ticket_checksum);
+}
+
+void
+ktest_empty_fast_response(krb5_fast_response *p)
+{
+    ktest_destroy_pa_data_array(&p->padata);
+    ktest_destroy_keyblock(&p->strengthen_key);
+    if (p->finished != NULL) {
+        ktest_empty_fast_finished(p->finished);
+        free(p->finished);
+        p->finished = NULL;
+    }
+}
+
+static void
+ktest_empty_algorithm_identifier(krb5_algorithm_identifier *p)
+{
+    ktest_empty_data(&p->algorithm);
+    ktest_empty_data(&p->parameters);
+}
+
+void
+ktest_empty_otp_tokeninfo(krb5_otp_tokeninfo *p)
+{
+    krb5_algorithm_identifier **alg;
+
+    p->flags = 0;
+    krb5_free_data_contents(NULL, &p->vendor);
+    krb5_free_data_contents(NULL, &p->challenge);
+    krb5_free_data_contents(NULL, &p->token_id);
+    krb5_free_data_contents(NULL, &p->alg_id);
+    for (alg = p->supported_hash_alg; alg != NULL && *alg != NULL; alg++) {
+        ktest_empty_algorithm_identifier(*alg);
+        free(*alg);
+    }
+    free(p->supported_hash_alg);
+    p->supported_hash_alg = NULL;
+    p->length = p->format = p->iteration_count = -1;
+}
+
+void
+ktest_empty_pa_otp_challenge(krb5_pa_otp_challenge *p)
+{
+    krb5_otp_tokeninfo **ti;
+
+    krb5_free_data_contents(NULL, &p->nonce);
+    krb5_free_data_contents(NULL, &p->service);
+    for (ti = p->tokeninfo; *ti != NULL; ti++) {
+        ktest_empty_otp_tokeninfo(*ti);
+        free(*ti);
+    }
+    free(p->tokeninfo);
+    p->tokeninfo = NULL;
+    krb5_free_data_contents(NULL, &p->salt);
+    krb5_free_data_contents(NULL, &p->s2kparams);
+}
+
+void
+ktest_empty_pa_otp_req(krb5_pa_otp_req *p)
+{
+    p->flags = 0;
+    krb5_free_data_contents(NULL, &p->nonce);
+    ktest_destroy_enc_data(&p->enc_data);
+    if (p->hash_alg != NULL)
+        ktest_empty_algorithm_identifier(p->hash_alg);
+    free(p->hash_alg);
+    p->hash_alg = NULL;
+    p->iteration_count = -1;
+    krb5_free_data_contents(NULL, &p->otp_value);
+    krb5_free_data_contents(NULL, &p->pin);
+    krb5_free_data_contents(NULL, &p->challenge);
+    p->time = 0;
+    krb5_free_data_contents(NULL, &p->counter);
+    p->format = -1;
+    krb5_free_data_contents(NULL, &p->token_id);
+    krb5_free_data_contents(NULL, &p->alg_id);
+    krb5_free_data_contents(NULL, &p->vendor);
+}
+
+#ifndef DISABLE_PKINIT
+
+static void
+ktest_empty_pk_authenticator(krb5_pk_authenticator *p)
+{
+    ktest_empty_checksum(&p->paChecksum);
+    p->paChecksum.contents = NULL;
+    krb5_free_data(NULL, p->freshnessToken);
+    p->freshnessToken = NULL;
+}
+
+static void
+ktest_empty_external_principal_identifier(
+    krb5_external_principal_identifier *p)
+{
+    ktest_empty_data(&p->subjectName);
+    ktest_empty_data(&p->issuerAndSerialNumber);
+    ktest_empty_data(&p->subjectKeyIdentifier);
+}
+
+void
+ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p)
+{
+    krb5_external_principal_identifier **pi;
+
+    ktest_empty_data(&p->signedAuthPack);
+    for (pi = p->trustedCertifiers; *pi != NULL; pi++) {
+        ktest_empty_external_principal_identifier(*pi);
+        free(*pi);
+    }
+    free(p->trustedCertifiers);
+    p->trustedCertifiers = NULL;
+    ktest_empty_data(&p->kdcPkId);
+}
+
+static void
+ktest_empty_dh_rep_info(krb5_dh_rep_info *p)
+{
+    ktest_empty_data(&p->dhSignedData);
+    ktest_empty_data(&p->serverDHNonce);
+    ktest_destroy_data(&p->kdfID);
+}
+
+void
+ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p)
+{
+    if (p->choice == choice_pa_pk_as_rep_dhInfo)
+        ktest_empty_dh_rep_info(&p->u.dh_Info);
+    else if (p->choice == choice_pa_pk_as_rep_encKeyPack)
+        ktest_empty_data(&p->u.encKeyPack);
+    p->choice = choice_pa_pk_as_rep_UNKNOWN;
+}
+
+void
+ktest_empty_auth_pack(krb5_auth_pack *p)
+{
+    krb5_algorithm_identifier **ai;
+    krb5_data **d;
+
+    ktest_empty_pk_authenticator(&p->pkAuthenticator);
+    ktest_empty_data(&p->clientPublicValue);
+    if (p->supportedCMSTypes != NULL) {
+        for (ai = p->supportedCMSTypes; *ai != NULL; ai++) {
+            ktest_empty_algorithm_identifier(*ai);
+            free(*ai);
+        }
+        free(p->supportedCMSTypes);
+        p->supportedCMSTypes = NULL;
+    }
+    ktest_empty_data(&p->clientDHNonce);
+    if (p->supportedKDFs != NULL) {
+        for (d = p->supportedKDFs; *d != NULL; d++) {
+            ktest_empty_data(*d);
+            free(*d);
+        }
+        free(p->supportedKDFs);
+        p->supportedKDFs = NULL;
+    }
+}
+
+void
+ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p)
+{
+    ktest_empty_data(&p->subjectPublicKey);
+}
+
+void
+ktest_empty_reply_key_pack(krb5_reply_key_pack *p)
+{
+    ktest_empty_keyblock(&p->replyKey);
+    ktest_empty_checksum(&p->asChecksum);
+}
+
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p)
+{
+    ktest_empty_algorithm_identifier(&p->algorithm_identifier);
+    ktest_destroy_principal(&p->party_u_info);
+    ktest_destroy_principal(&p->party_v_info);
+    ktest_empty_data(&p->supp_pub_info);
+}
+
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p)
+{
+    ktest_empty_data(&p->as_req);
+    ktest_empty_data(&p->pk_as_rep);
+}
+
+#endif /* not DISABLE_PKINIT */
+
+#ifdef ENABLE_LDAP
+void
+ktest_empty_ldap_seqof_key_data(krb5_context ctx, ldap_seqof_key_data *p)
+{
+    int i;
+
+    for (i = 0; i < p->n_key_data; i++) {
+        free(p->key_data[i].key_data_contents[0]);
+        free(p->key_data[i].key_data_contents[1]);
+    }
+    free(p->key_data);
+}
+#endif
+
+void
+ktest_empty_kkdcp_message(krb5_kkdcp_message *p)
+{
+    ktest_empty_data(&p->kerb_message);
+    ktest_empty_data(&p->target_domain);
+    p->dclocator_hint = -1;
+}
+
+static void
+destroy_verifier_mac(krb5_verifier_mac **vmac)
+{
+    if (*vmac == NULL)
+        return;
+    ktest_destroy_principal(&(*vmac)->princ);
+    ktest_empty_checksum(&(*vmac)->checksum);
+    free(*vmac);
+    *vmac = NULL;
+}
+
+void
+ktest_empty_cammac(krb5_cammac *p)
+{
+    krb5_verifier_mac **vmacp;
+
+    ktest_destroy_authorization_data(&p->elements);
+    destroy_verifier_mac(&p->kdc_verifier);
+    destroy_verifier_mac(&p->svc_verifier);
+    for (vmacp = p->other_verifiers; vmacp != NULL && *vmacp != NULL; vmacp++)
+        destroy_verifier_mac(vmacp);
+    free(p->other_verifiers);
+    p->other_verifiers = NULL;
+}
+
+void
+ktest_empty_secure_cookie(krb5_secure_cookie *p)
+{
+    ktest_empty_pa_data_array(p->data);
+}
+
+void
+ktest_empty_spake_factor(krb5_spake_factor *p)
+{
+    krb5_free_data(NULL, p->data);
+    p->data = NULL;
+}
+
+void
+ktest_empty_pa_spake(krb5_pa_spake *p)
+{
+    krb5_spake_factor **f;
+
+    switch (p->choice) {
+    case SPAKE_MSGTYPE_SUPPORT:
+        free(p->u.support.groups);
+        break;
+    case SPAKE_MSGTYPE_CHALLENGE:
+        ktest_empty_data(&p->u.challenge.pubkey);
+        for (f = p->u.challenge.factors; *f != NULL; f++) {
+            ktest_empty_spake_factor(*f);
+            free(*f);
+        }
+        free(p->u.challenge.factors);
+        break;
+    case SPAKE_MSGTYPE_RESPONSE:
+        ktest_empty_data(&p->u.response.pubkey);
+        ktest_destroy_enc_data(&p->u.response.factor);
+        break;
+    case SPAKE_MSGTYPE_ENCDATA:
+        ktest_destroy_enc_data(&p->u.encdata);
+        break;
+    default:
+        break;
+    }
+    p->choice = SPAKE_MSGTYPE_UNKNOWN;
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/ktest.h b/krb5-1.21.3/src/tests/asn.1/ktest.h
new file mode 100644
index 00000000..53180ab8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/ktest.h
@@ -0,0 +1,210 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KTEST_H__
+#define __KTEST_H__
+
+#include "k5-int.h"
+#include "k5-spake.h"
+#include "kdb.h"
+
+#define SAMPLE_USEC 123456
+#define SAMPLE_TIME 771228197  /* Fri Jun 10  6:03:17 GMT 1994 */
+#define SAMPLE_SEQ_NUMBER 17
+#define SAMPLE_NONCE 42
+#define SAMPLE_FLAGS 0xFEDCBA98
+#define SAMPLE_ERROR 0x3C;
+
+void ktest_make_sample_data(krb5_data *d);
+void ktest_make_sample_authenticator(krb5_authenticator *a);
+void ktest_make_sample_principal(krb5_principal *p);
+void ktest_make_sample_checksum(krb5_checksum *cs);
+void ktest_make_sample_keyblock(krb5_keyblock *kb);
+void ktest_make_sample_ticket(krb5_ticket *tkt);
+void ktest_make_sample_enc_data(krb5_enc_data *ed);
+void ktest_make_sample_enc_tkt_part(krb5_enc_tkt_part *etp);
+void ktest_make_sample_transited(krb5_transited *t);
+void ktest_make_sample_ticket_times(krb5_ticket_times *tt);
+void ktest_make_sample_addresses(krb5_address ***caddrs);
+void ktest_make_sample_address(krb5_address *a);
+void ktest_make_sample_authorization_data(krb5_authdata ***ad);
+void ktest_make_sample_authdata(krb5_authdata *ad);
+void ktest_make_sample_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr);
+void ktest_make_sample_kdc_req(krb5_kdc_req *kr);
+
+void ktest_make_sample_last_req(krb5_last_req_entry ***lr);
+void ktest_make_sample_last_req_entry(krb5_last_req_entry **lre);
+void ktest_make_sample_kdc_rep(krb5_kdc_rep *kdcr);
+void ktest_make_sample_pa_data_array(krb5_pa_data ***pad);
+void ktest_make_sample_empty_pa_data_array(krb5_pa_data ***pad);
+void ktest_make_sample_pa_data(krb5_pa_data *pad);
+void ktest_make_sample_ap_req(krb5_ap_req *ar);
+void ktest_make_sample_ap_rep(krb5_ap_rep *ar);
+void ktest_make_sample_ap_rep_enc_part(krb5_ap_rep_enc_part *arep);
+void ktest_make_sample_kdc_req_body(krb5_kdc_req *krb);
+void ktest_make_sample_safe(krb5_safe *s);
+void ktest_make_sample_priv(krb5_priv *p);
+void ktest_make_sample_priv_enc_part(krb5_priv_enc_part *pep);
+void ktest_make_sample_cred(krb5_cred *c);
+void ktest_make_sample_cred_enc_part(krb5_cred_enc_part *cep);
+void ktest_make_sample_sequence_of_ticket(krb5_ticket ***sot);
+void ktest_make_sample_error(krb5_error *kerr);
+void ktest_make_sequence_of_cred_info(krb5_cred_info ***soci);
+void ktest_make_sample_cred_info(krb5_cred_info *ci);
+
+void ktest_make_sample_etype_info(krb5_etype_info_entry ***p);
+void ktest_make_sample_etype_info2(krb5_etype_info_entry ***p);
+void ktest_make_sample_pa_enc_ts(krb5_pa_enc_ts *am);
+void ktest_make_sample_sam_challenge_2(krb5_sam_challenge_2 *p);
+void ktest_make_sample_sam_challenge_2_body(krb5_sam_challenge_2_body *p);
+void ktest_make_sample_sam_response_2(krb5_sam_response_2 *p);
+void ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
+void ktest_make_sample_pa_for_user(krb5_pa_for_user *p);
+void ktest_make_sample_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p);
+void ktest_make_sample_ad_kdcissued(krb5_ad_kdcissued *p);
+void ktest_make_sample_iakerb_header(krb5_iakerb_header *p);
+void ktest_make_sample_iakerb_finished(krb5_iakerb_finished *p);
+void ktest_make_sample_fast_response(krb5_fast_response *p);
+void ktest_make_sha256_alg(krb5_algorithm_identifier *p);
+void ktest_make_sha1_alg(krb5_algorithm_identifier *p);
+void ktest_make_minimal_otp_tokeninfo(krb5_otp_tokeninfo *p);
+void ktest_make_maximal_otp_tokeninfo(krb5_otp_tokeninfo *p);
+void ktest_make_minimal_pa_otp_challenge(krb5_pa_otp_challenge *p);
+void ktest_make_maximal_pa_otp_challenge(krb5_pa_otp_challenge *p);
+void ktest_make_minimal_pa_otp_req(krb5_pa_otp_req *p);
+void ktest_make_maximal_pa_otp_req(krb5_pa_otp_req *p);
+
+#ifndef DISABLE_PKINIT
+void ktest_make_sample_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_make_sample_pa_pk_as_rep_dhInfo(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_pa_pk_as_rep_encKeyPack(krb5_pa_pk_as_rep *p);
+void ktest_make_sample_auth_pack(krb5_auth_pack *p);
+void ktest_make_sample_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_make_sample_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_make_sample_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_make_sample_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
+#ifdef ENABLE_LDAP
+void ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data *p);
+#endif
+
+void ktest_make_sample_kkdcp_message(krb5_kkdcp_message *p);
+void ktest_make_minimal_cammac(krb5_cammac *p);
+void ktest_make_maximal_cammac(krb5_cammac *p);
+void ktest_make_sample_secure_cookie(krb5_secure_cookie *p);
+void ktest_make_minimal_spake_factor(krb5_spake_factor *p);
+void ktest_make_maximal_spake_factor(krb5_spake_factor *p);
+void ktest_make_support_pa_spake(krb5_pa_spake *p);
+void ktest_make_challenge_pa_spake(krb5_pa_spake *p);
+void ktest_make_response_pa_spake(krb5_pa_spake *p);
+void ktest_make_encdata_pa_spake(krb5_pa_spake *p);
+
+/*----------------------------------------------------------------------*/
+
+void ktest_empty_authorization_data(krb5_authdata **ad);
+void ktest_destroy_authorization_data(krb5_authdata ***ad);
+void ktest_destroy_authorization_data(krb5_authdata ***ad);
+void ktest_empty_addresses(krb5_address **a);
+void ktest_destroy_addresses(krb5_address ***a);
+void ktest_destroy_address(krb5_address **a);
+void ktest_empty_pa_data_array(krb5_pa_data **pad);
+void ktest_destroy_pa_data_array(krb5_pa_data ***pad);
+void ktest_destroy_pa_data(krb5_pa_data **pad);
+
+void ktest_destroy_data(krb5_data **d);
+void ktest_empty_data(krb5_data *d);
+void ktest_destroy_principal(krb5_principal *p);
+void ktest_destroy_checksum(krb5_checksum **cs);
+void ktest_empty_keyblock(krb5_keyblock *kb);
+void ktest_destroy_keyblock(krb5_keyblock **kb);
+void ktest_destroy_authdata(krb5_authdata **ad);
+void ktest_destroy_sequence_of_integer(long **soi);
+void ktest_destroy_sequence_of_ticket(krb5_ticket ***sot);
+void ktest_destroy_ticket(krb5_ticket **tkt);
+void ktest_empty_ticket(krb5_ticket *tkt);
+void ktest_destroy_enc_data(krb5_enc_data *ed);
+void ktest_empty_error(krb5_error *kerr);
+void ktest_destroy_etype_info_entry(krb5_etype_info_entry *i);
+void ktest_destroy_etype_info(krb5_etype_info_entry **info);
+
+void ktest_empty_kdc_req(krb5_kdc_req *kr);
+void ktest_empty_kdc_rep(krb5_kdc_rep *kr);
+
+void ktest_empty_authenticator(krb5_authenticator *a);
+void ktest_empty_enc_tkt_part(krb5_enc_tkt_part *etp);
+void ktest_destroy_enc_tkt_part(krb5_enc_tkt_part **etp);
+void ktest_empty_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ekr);
+void ktest_destroy_transited(krb5_transited *t);
+void ktest_empty_ap_rep(krb5_ap_rep *ar);
+void ktest_empty_ap_req(krb5_ap_req *ar);
+void ktest_empty_cred_enc_part(krb5_cred_enc_part *cep);
+void ktest_destroy_cred_info(krb5_cred_info **ci);
+void ktest_destroy_sequence_of_cred_info(krb5_cred_info ***soci);
+void ktest_empty_safe(krb5_safe *s);
+void ktest_empty_priv(krb5_priv *p);
+void ktest_empty_priv_enc_part(krb5_priv_enc_part *pep);
+void ktest_empty_cred(krb5_cred *c);
+void ktest_destroy_last_req(krb5_last_req_entry ***lr);
+void ktest_empty_ap_rep_enc_part(krb5_ap_rep_enc_part *arep);
+void ktest_empty_sam_challenge_2(krb5_sam_challenge_2 *p);
+void ktest_empty_sam_challenge_2_body(krb5_sam_challenge_2_body *p);
+void ktest_empty_sam_response_2(krb5_sam_response_2 *p);
+void ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p);
+void ktest_empty_pa_for_user(krb5_pa_for_user *p);
+void ktest_empty_pa_s4u_x509_user(krb5_pa_s4u_x509_user *p);
+void ktest_empty_ad_kdcissued(krb5_ad_kdcissued *p);
+void ktest_empty_iakerb_header(krb5_iakerb_header *p);
+void ktest_empty_iakerb_finished(krb5_iakerb_finished *p);
+void ktest_empty_fast_response(krb5_fast_response *p);
+void ktest_empty_otp_tokeninfo(krb5_otp_tokeninfo *p);
+void ktest_empty_pa_otp_challenge(krb5_pa_otp_challenge *p);
+void ktest_empty_pa_otp_req(krb5_pa_otp_req *p);
+
+#ifndef DISABLE_PKINIT
+void ktest_empty_pa_pk_as_req(krb5_pa_pk_as_req *p);
+void ktest_empty_pa_pk_as_rep(krb5_pa_pk_as_rep *p);
+void ktest_empty_auth_pack(krb5_auth_pack *p);
+void ktest_empty_kdc_dh_key_info(krb5_kdc_dh_key_info *p);
+void ktest_empty_reply_key_pack(krb5_reply_key_pack *p);
+void ktest_empty_sp80056a_other_info(krb5_sp80056a_other_info *p);
+void ktest_empty_pkinit_supp_pub_info(krb5_pkinit_supp_pub_info *p);
+#endif
+
+#ifdef ENABLE_LDAP
+void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p);
+#endif
+
+void ktest_empty_kkdcp_message(krb5_kkdcp_message *p);
+void ktest_empty_cammac(krb5_cammac *p);
+void ktest_empty_secure_cookie(krb5_secure_cookie *p);
+void ktest_empty_spake_factor(krb5_spake_factor *p);
+void ktest_empty_pa_spake(krb5_pa_spake *p);
+
+extern krb5_context test_context;
+extern char *sample_principal_name;
+
+#endif
diff --git a/krb5-1.21.3/src/tests/asn.1/ktest_equal.c b/krb5-1.21.3/src/tests/asn.1/ktest_equal.c
new file mode 100644
index 00000000..b48a0285
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/ktest_equal.c
@@ -0,0 +1,1054 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest_equal.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include "ktest_equal.h"
+
+#define FALSE 0
+#define TRUE 1
+
+#define struct_equal(field,comparator)          \
+    comparator(&(ref->field),&(var->field))
+
+#define ptr_equal(field,comparator)             \
+    comparator(ref->field,var->field)
+
+#define scalar_equal(field)                     \
+    ((ref->field) == (var->field))
+
+#define len_equal(length,field,comparator)              \
+    ((ref->length == var->length) &&                    \
+     comparator(ref->length,ref->field,var->field))
+
+int
+ktest_equal_authenticator(krb5_authenticator *ref, krb5_authenticator *var)
+{
+    int p = TRUE;
+
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && ptr_equal(checksum,ktest_equal_checksum);
+    p = p && scalar_equal(cusec);
+    p = p && scalar_equal(ctime);
+    p = p && ptr_equal(subkey,ktest_equal_keyblock);
+    p = p && scalar_equal(seq_number);
+    p = p && ptr_equal(authorization_data,ktest_equal_authorization_data);
+    return p;
+}
+
+int
+ktest_equal_principal_data(krb5_principal_data *ref, krb5_principal_data *var)
+{
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    return(struct_equal(realm,ktest_equal_data) &&
+           len_equal(length,data,ktest_equal_array_of_data) &&
+           scalar_equal(type));
+}
+
+int
+ktest_equal_authdata(krb5_authdata *ref, krb5_authdata *var)
+{
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    return(scalar_equal(ad_type) &&
+           len_equal(length,contents,ktest_equal_array_of_octet));
+}
+
+int
+ktest_equal_checksum(krb5_checksum *ref, krb5_checksum *var)
+{
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    return(scalar_equal(checksum_type) && len_equal(length,contents,ktest_equal_array_of_octet));
+}
+
+int
+ktest_equal_keyblock(krb5_keyblock *ref, krb5_keyblock *var)
+{
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    return(scalar_equal(enctype) && len_equal(length,contents,ktest_equal_array_of_octet));
+}
+
+int
+ktest_equal_data(krb5_data *ref, krb5_data *var)
+{
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    return(len_equal(length,data,ktest_equal_array_of_char));
+}
+
+int
+ktest_equal_ticket(krb5_ticket *ref, krb5_ticket *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(server,ktest_equal_principal_data);
+    p = p && struct_equal(enc_part,ktest_equal_enc_data);
+    /* enc_part2 is irrelevant, as far as the ASN.1 code is concerned */
+    return p;
+}
+
+int
+ktest_equal_enc_data(krb5_enc_data *ref, krb5_enc_data *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(enctype);
+    p = p && scalar_equal(kvno);
+    p = p && struct_equal(ciphertext,ktest_equal_data);
+    return p;
+}
+
+int
+ktest_equal_encryption_key(krb5_keyblock *ref, krb5_keyblock *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(enctype);
+    p = p && len_equal(length,contents,ktest_equal_array_of_octet);
+    return p;
+}
+
+int
+ktest_equal_enc_tkt_part(krb5_enc_tkt_part *ref, krb5_enc_tkt_part *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(flags);
+    p = p && ptr_equal(session,ktest_equal_encryption_key);
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && struct_equal(transited,ktest_equal_transited);
+    p = p && struct_equal(times,ktest_equal_ticket_times);
+    p = p && ptr_equal(caddrs,ktest_equal_addresses);
+    p = p && ptr_equal(authorization_data,ktest_equal_authorization_data);
+    return p;
+}
+
+int
+ktest_equal_transited(krb5_transited *ref, krb5_transited *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(tr_type);
+    p = p && struct_equal(tr_contents,ktest_equal_data);
+    return p;
+}
+
+int
+ktest_equal_ticket_times(krb5_ticket_times *ref, krb5_ticket_times *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(authtime);
+    p = p && scalar_equal(starttime);
+    p = p && scalar_equal(endtime);
+    p = p && scalar_equal(renew_till);
+    return p;
+}
+
+int
+ktest_equal_address(krb5_address *ref, krb5_address *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(addrtype);
+    p = p && len_equal(length,contents,ktest_equal_array_of_octet);
+    return p;
+}
+
+int
+ktest_equal_enc_kdc_rep_part(krb5_enc_kdc_rep_part *ref,
+                             krb5_enc_kdc_rep_part *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(session,ktest_equal_keyblock);
+    p = p && ptr_equal(last_req,ktest_equal_last_req);
+    p = p && scalar_equal(nonce);
+    p = p && scalar_equal(key_exp);
+    p = p && scalar_equal(flags);
+    p = p && struct_equal(times,ktest_equal_ticket_times);
+    p = p && ptr_equal(server,ktest_equal_principal_data);
+    p = p && ptr_equal(caddrs,ktest_equal_addresses);
+    return p;
+}
+
+int
+ktest_equal_priv(krb5_priv *ref, krb5_priv *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(enc_part,ktest_equal_enc_data);
+    return p;
+}
+
+int
+ktest_equal_cred(krb5_cred *ref, krb5_cred *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(tickets,ktest_equal_sequence_of_ticket);
+    p = p && struct_equal(enc_part,ktest_equal_enc_data);
+    return p;
+}
+
+int
+ktest_equal_error(krb5_error *ref, krb5_error *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(ctime);
+    p = p && scalar_equal(cusec);
+    p = p && scalar_equal(susec);
+    p = p && scalar_equal(stime);
+    p = p && scalar_equal(error);
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && ptr_equal(server,ktest_equal_principal_data);
+    p = p && struct_equal(text,ktest_equal_data);
+    p = p && struct_equal(e_data,ktest_equal_data);
+    return p;
+}
+
+int
+ktest_equal_ap_req(krb5_ap_req *ref, krb5_ap_req *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(ap_options);
+    p = p && ptr_equal(ticket,ktest_equal_ticket);
+    p = p && struct_equal(authenticator,ktest_equal_enc_data);
+    return p;
+}
+
+int
+ktest_equal_ap_rep(krb5_ap_rep *ref, krb5_ap_rep *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(enc_part,ktest_equal_enc_data);
+    return p;
+}
+
+int
+ktest_equal_ap_rep_enc_part(krb5_ap_rep_enc_part *ref,
+                            krb5_ap_rep_enc_part *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(ctime);
+    p = p && scalar_equal(cusec);
+    p = p && ptr_equal(subkey,ktest_equal_encryption_key);
+    p = p && scalar_equal(seq_number);
+    return p;
+}
+
+int
+ktest_equal_safe(krb5_safe *ref, krb5_safe *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(user_data,ktest_equal_data);
+    p = p && scalar_equal(timestamp);
+    p = p && scalar_equal(usec);
+    p = p && scalar_equal(seq_number);
+    p = p && ptr_equal(s_address,ktest_equal_address);
+    p = p && ptr_equal(r_address,ktest_equal_address);
+    p = p && ptr_equal(checksum,ktest_equal_checksum);
+    return p;
+}
+
+
+int
+ktest_equal_enc_cred_part(krb5_cred_enc_part *ref, krb5_cred_enc_part *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(nonce);
+    p = p && scalar_equal(timestamp);
+    p = p && scalar_equal(usec);
+    p = p && ptr_equal(s_address,ktest_equal_address);
+    p = p && ptr_equal(r_address,ktest_equal_address);
+    p = p && ptr_equal(ticket_info,ktest_equal_sequence_of_cred_info);
+    return p;
+}
+
+int
+ktest_equal_enc_priv_part(krb5_priv_enc_part *ref, krb5_priv_enc_part *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(user_data,ktest_equal_data);
+    p = p && scalar_equal(timestamp);
+    p = p && scalar_equal(usec);
+    p = p && scalar_equal(seq_number);
+    p = p && ptr_equal(s_address,ktest_equal_address);
+    p = p && ptr_equal(r_address,ktest_equal_address);
+    return p;
+}
+
+int
+ktest_equal_as_rep(krb5_kdc_rep *ref, krb5_kdc_rep *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(msg_type);
+    p = p && ptr_equal(padata,ktest_equal_sequence_of_pa_data);
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && ptr_equal(ticket,ktest_equal_ticket);
+    p = p && struct_equal(enc_part,ktest_equal_enc_data);
+    p = p && ptr_equal(enc_part2,ktest_equal_enc_kdc_rep_part);
+    return p;
+}
+
+int
+ktest_equal_tgs_rep(krb5_kdc_rep *ref, krb5_kdc_rep *var)
+{
+    return ktest_equal_as_rep(ref,var);
+}
+
+int
+ktest_equal_as_req(krb5_kdc_req *ref, krb5_kdc_req *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(msg_type);
+    p = p && ptr_equal(padata,ktest_equal_sequence_of_pa_data);
+    p = p && scalar_equal(kdc_options);
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && ptr_equal(server,ktest_equal_principal_data);
+    p = p && scalar_equal(from);
+    p = p && scalar_equal(till);
+    p = p && scalar_equal(rtime);
+    p = p && scalar_equal(nonce);
+    p = p && len_equal(nktypes,ktype,ktest_equal_array_of_enctype);
+    p = p && ptr_equal(addresses,ktest_equal_addresses);
+    p = p && struct_equal(authorization_data,ktest_equal_enc_data);
+/* This field isn't actually in the ASN.1 encoding. */
+/* p = p && ptr_equal(unenc_authdata,ktest_equal_authorization_data); */
+    return p;
+}
+
+int
+ktest_equal_tgs_req(krb5_kdc_req *ref, krb5_kdc_req *var)
+{
+    return ktest_equal_as_req(ref,var);
+}
+
+int
+ktest_equal_kdc_req_body(krb5_kdc_req *ref, krb5_kdc_req *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(kdc_options);
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && ptr_equal(server,ktest_equal_principal_data);
+    p = p && scalar_equal(from);
+    p = p && scalar_equal(till);
+    p = p && scalar_equal(rtime);
+    p = p && scalar_equal(nonce);
+    p = p && len_equal(nktypes,ktype,ktest_equal_array_of_enctype);
+    p = p && ptr_equal(addresses,ktest_equal_addresses);
+    p = p && struct_equal(authorization_data,ktest_equal_enc_data);
+    /* This isn't part of the ASN.1 encoding. */
+    /* p = p && ptr_equal(unenc_authdata,ktest_equal_authorization_data); */
+    return p;
+}
+
+int
+ktest_equal_last_req_entry(krb5_last_req_entry *ref, krb5_last_req_entry *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(lr_type);
+    p = p && scalar_equal(value);
+    return p;
+}
+
+int
+ktest_equal_pa_data(krb5_pa_data *ref, krb5_pa_data *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(pa_type);
+    p = p && len_equal(length,contents,ktest_equal_array_of_octet);
+    return p;
+}
+
+int
+ktest_equal_cred_info(krb5_cred_info *ref, krb5_cred_info *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(session,ktest_equal_keyblock);
+    p = p && ptr_equal(client,ktest_equal_principal_data);
+    p = p && ptr_equal(server,ktest_equal_principal_data);
+    p = p && scalar_equal(flags);
+    p = p && struct_equal(times,ktest_equal_ticket_times);
+    p = p && ptr_equal(caddrs,ktest_equal_addresses);
+
+    return p;
+}
+
+int
+ktest_equal_krb5_etype_info_entry(krb5_etype_info_entry *ref,
+                                  krb5_etype_info_entry *var)
+{
+    if (ref->etype != var->etype)
+        return FALSE;
+    if (ref->length != var->length)
+        return FALSE;
+    if (ref->length > 0 && ref->length != KRB5_ETYPE_NO_SALT)
+        if (memcmp(ref->salt, var->salt, ref->length) != 0)
+            return FALSE;
+    return TRUE;
+}
+
+int
+ktest_equal_krb5_pa_enc_ts(krb5_pa_enc_ts *ref, krb5_pa_enc_ts *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(patimestamp);
+    p = p && scalar_equal(pausec);
+    return p;
+}
+
+#define equal_str(f) struct_equal(f,ktest_equal_data)
+
+int
+ktest_equal_sam_challenge_2_body(krb5_sam_challenge_2_body *ref,
+                                 krb5_sam_challenge_2_body *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(sam_type);
+    p = p && scalar_equal(sam_flags);
+    p = p && equal_str(sam_type_name);
+    p = p && equal_str(sam_track_id);
+    p = p && equal_str(sam_challenge_label);
+    p = p && equal_str(sam_challenge);
+    p = p && equal_str(sam_response_prompt);
+    p = p && equal_str(sam_pk_for_sad);
+    p = p && scalar_equal(sam_nonce);
+    p = p && scalar_equal(sam_etype);
+    return p;
+}
+
+int
+ktest_equal_sam_challenge_2(krb5_sam_challenge_2 *ref,
+                            krb5_sam_challenge_2 *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(sam_challenge_2_body);
+    p = p && ptr_equal(sam_cksum,ktest_equal_sequence_of_checksum);
+    return p;
+}
+
+int
+ktest_equal_pa_for_user(krb5_pa_for_user *ref, krb5_pa_for_user *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(user, ktest_equal_principal_data);
+    p = p && struct_equal(cksum, ktest_equal_checksum);
+    p = p && equal_str(auth_package);
+    return p;
+}
+
+int
+ktest_equal_pa_s4u_x509_user(krb5_pa_s4u_x509_user *ref,
+                             krb5_pa_s4u_x509_user *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(user_id.nonce);
+    p = p && ptr_equal(user_id.user,ktest_equal_principal_data);
+    p = p && struct_equal(user_id.subject_cert,ktest_equal_data);
+    p = p && scalar_equal(user_id.options);
+    p = p && struct_equal(cksum,ktest_equal_checksum);
+    return p;
+}
+
+int
+ktest_equal_ad_kdcissued(krb5_ad_kdcissued *ref, krb5_ad_kdcissued *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(ad_checksum,ktest_equal_checksum);
+    p = p && ptr_equal(i_principal,ktest_equal_principal_data);
+    p = p && ptr_equal(elements,ktest_equal_authorization_data);
+    return p;
+}
+
+int
+ktest_equal_iakerb_header(krb5_iakerb_header *ref, krb5_iakerb_header *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(target_realm,ktest_equal_data);
+    p = p && ptr_equal(cookie,ktest_equal_data);
+    return p;
+}
+
+int
+ktest_equal_iakerb_finished(krb5_iakerb_finished *ref,
+                            krb5_iakerb_finished *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(checksum,ktest_equal_checksum);
+    return p;
+}
+
+static int
+ktest_equal_fast_finished(krb5_fast_finished *ref, krb5_fast_finished *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(timestamp);
+    p = p && scalar_equal(usec);
+    p = p && ptr_equal(client, ktest_equal_principal_data);
+    p = p && struct_equal(ticket_checksum, ktest_equal_checksum);
+    return p;
+}
+
+int
+ktest_equal_fast_response(krb5_fast_response *ref, krb5_fast_response *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(padata, ktest_equal_sequence_of_pa_data);
+    p = p && ptr_equal(strengthen_key, ktest_equal_keyblock);
+    p = p && ptr_equal(finished, ktest_equal_fast_finished);
+    p = p && scalar_equal(nonce);
+    return p;
+}
+
+static int
+ktest_equal_algorithm_identifier(krb5_algorithm_identifier *ref,
+                                 krb5_algorithm_identifier *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(algorithm);
+    p = p && equal_str(parameters);
+    return p;
+}
+
+int
+ktest_equal_otp_tokeninfo(krb5_otp_tokeninfo *ref, krb5_otp_tokeninfo *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(flags);
+    p = p && equal_str(vendor);
+    p = p && equal_str(challenge);
+    p = p && scalar_equal(length);
+    p = p && scalar_equal(format);
+    p = p && equal_str(token_id);
+    p = p && equal_str(alg_id);
+    p = p && ptr_equal(supported_hash_alg,
+                       ktest_equal_sequence_of_algorithm_identifier);
+    p = p && scalar_equal(iteration_count);
+    return p;
+}
+
+int
+ktest_equal_pa_otp_challenge(krb5_pa_otp_challenge *ref,
+                             krb5_pa_otp_challenge *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(nonce);
+    p = p && equal_str(service);
+    p = p && ptr_equal(tokeninfo, ktest_equal_sequence_of_otp_tokeninfo);
+    p = p && equal_str(salt);
+    p = p && equal_str(s2kparams);
+    return p;
+}
+
+int
+ktest_equal_pa_otp_req(krb5_pa_otp_req *ref, krb5_pa_otp_req *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(flags);
+    p = p && equal_str(nonce);
+    p = p && struct_equal(enc_data, ktest_equal_enc_data);
+    p = p && ptr_equal(hash_alg, ktest_equal_algorithm_identifier);
+    p = p && scalar_equal(iteration_count);
+    p = p && equal_str(otp_value);
+    p = p && equal_str(pin);
+    p = p && equal_str(challenge);
+    p = p && scalar_equal(time);
+    p = p && equal_str(counter);
+    p = p && scalar_equal(format);
+    p = p && equal_str(token_id);
+    p = p && equal_str(alg_id);
+    p = p && equal_str(vendor);
+    return p;
+}
+
+#ifdef ENABLE_LDAP
+static int
+equal_key_data(krb5_key_data *ref, krb5_key_data *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(key_data_type[0]);
+    p = p && scalar_equal(key_data_type[1]);
+    p = p && len_equal(key_data_length[0],key_data_contents[0],
+                   ktest_equal_array_of_octet);
+    p = p && len_equal(key_data_length[1],key_data_contents[1],
+                   ktest_equal_array_of_octet);
+    return p;
+}
+
+static int
+equal_key_data_array(int n, krb5_key_data *ref, krb5_key_data *val)
+{
+    int i, p = TRUE;
+    for (i = 0; i < n; i++) {
+        p = p && equal_key_data(ref+i, val+i);
+    }
+    return p;
+}
+
+int
+ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref,
+                                  ldap_seqof_key_data *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(mkvno);
+    p = p && scalar_equal(kvno);
+    p = p && len_equal(n_key_data,key_data,equal_key_data_array);
+    return p;
+}
+#endif
+
+/**** arrays ****************************************************************/
+
+int
+ktest_equal_array_of_data(int length, krb5_data *ref, krb5_data *var)
+{
+    int i,p = TRUE;
+
+    if (length == 0 || ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    for (i=0; i<(length); i++) {
+        p = p && ktest_equal_data(&(ref[i]),&(var[i]));
+    }
+    return p;
+}
+
+int
+ktest_equal_array_of_octet(unsigned int length, krb5_octet *ref,
+                           krb5_octet *var)
+{
+    unsigned int i, p = TRUE;
+
+    if (length == 0 || ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    for (i=0; i<length; i++)
+        p = p && (ref[i] == var[i]);
+    return p;
+}
+
+int
+ktest_equal_array_of_char(unsigned int length, char *ref, char *var)
+{
+    unsigned int i, p = TRUE;
+
+    if (length == 0 || ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    for (i=0; i<length; i++)
+        p = p && (ref[i] == var[i]);
+    return p;
+}
+
+int
+ktest_equal_array_of_enctype(int length, krb5_enctype *ref, krb5_enctype *var)
+{
+    int i, p = TRUE;
+
+    if (length == 0 || ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    for (i=0; i<length; i++)
+        p = p && (ref[i] == var[i]);
+    return p;
+}
+
+#define array_compare(comparator)                       \
+    int i,p = TRUE;                                       \
+    if (ref == var) return TRUE;                          \
+    if (!ref || !ref[0])                                \
+        return (!var || !var[0]);                       \
+    if (!var || !var[0]) return FALSE;                  \
+    for (i=0; ref[i] != NULL && var[i] != NULL; i++)    \
+        p = p && comparator(ref[i],var[i]);             \
+    if (ref[i] == NULL && var[i] == NULL) return p;     \
+    else return FALSE
+
+int
+ktest_equal_authorization_data(krb5_authdata **ref, krb5_authdata **var)
+{
+    array_compare(ktest_equal_authdata);
+}
+
+int
+ktest_equal_addresses(krb5_address **ref, krb5_address **var)
+{
+    array_compare(ktest_equal_address);
+}
+
+int
+ktest_equal_last_req(krb5_last_req_entry **ref, krb5_last_req_entry **var)
+{
+    array_compare(ktest_equal_last_req_entry);
+}
+
+int
+ktest_equal_sequence_of_ticket(krb5_ticket **ref, krb5_ticket **var)
+{
+    array_compare(ktest_equal_ticket);
+}
+
+int
+ktest_equal_sequence_of_pa_data(krb5_pa_data **ref, krb5_pa_data **var)
+{
+    array_compare(ktest_equal_pa_data);
+}
+
+int
+ktest_equal_sequence_of_cred_info(krb5_cred_info **ref, krb5_cred_info **var)
+{
+    array_compare(ktest_equal_cred_info);
+}
+
+int
+ktest_equal_sequence_of_principal(krb5_principal *ref, krb5_principal *var)
+{
+    array_compare(ktest_equal_principal_data);
+}
+
+int
+ktest_equal_etype_info(krb5_etype_info_entry **ref, krb5_etype_info_entry **var)
+{
+    array_compare(ktest_equal_krb5_etype_info_entry);
+}
+
+int
+ktest_equal_sequence_of_checksum(krb5_checksum **ref, krb5_checksum **var)
+{
+    array_compare(ktest_equal_checksum);
+}
+
+int
+ktest_equal_sequence_of_algorithm_identifier(krb5_algorithm_identifier **ref,
+                                             krb5_algorithm_identifier **var)
+{
+    array_compare(ktest_equal_algorithm_identifier);
+}
+
+int
+ktest_equal_sequence_of_otp_tokeninfo(krb5_otp_tokeninfo **ref,
+                                      krb5_otp_tokeninfo **var)
+{
+    array_compare(ktest_equal_otp_tokeninfo);
+}
+
+int
+ktest_equal_sequence_of_spake_factor(krb5_spake_factor **ref,
+                                     krb5_spake_factor **var)
+{
+    array_compare(ktest_equal_spake_factor);
+}
+
+#ifndef DISABLE_PKINIT
+
+static int
+ktest_equal_pk_authenticator(krb5_pk_authenticator *ref,
+                             krb5_pk_authenticator *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(cusec);
+    p = p && scalar_equal(ctime);
+    p = p && scalar_equal(nonce);
+    p = p && struct_equal(paChecksum, ktest_equal_checksum);
+    return p;
+}
+
+static int
+ktest_equal_external_principal_identifier(
+    krb5_external_principal_identifier *ref,
+    krb5_external_principal_identifier *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(subjectName);
+    p = p && equal_str(issuerAndSerialNumber);
+    p = p && equal_str(subjectKeyIdentifier);
+    return p;
+}
+
+static int
+ktest_equal_sequence_of_external_principal_identifier(
+    krb5_external_principal_identifier **ref,
+    krb5_external_principal_identifier **var)
+{
+    array_compare(ktest_equal_external_principal_identifier);
+}
+
+int
+ktest_equal_pa_pk_as_req(krb5_pa_pk_as_req *ref, krb5_pa_pk_as_req *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(signedAuthPack);
+    p = p && ptr_equal(trustedCertifiers,
+                       ktest_equal_sequence_of_external_principal_identifier);
+    p = p && equal_str(kdcPkId);
+    return p;
+}
+
+static int
+ktest_equal_dh_rep_info(krb5_dh_rep_info *ref, krb5_dh_rep_info *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(dhSignedData);
+    p = p && equal_str(serverDHNonce);
+    p = p && ptr_equal(kdfID, ktest_equal_data);
+    return p;
+}
+
+int
+ktest_equal_pa_pk_as_rep(krb5_pa_pk_as_rep *ref, krb5_pa_pk_as_rep *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    if (ref->choice != var->choice) return FALSE;
+    if (ref->choice == choice_pa_pk_as_rep_dhInfo)
+        p = p && struct_equal(u.dh_Info, ktest_equal_dh_rep_info);
+    else if (ref->choice == choice_pa_pk_as_rep_encKeyPack)
+        p = p && equal_str(u.encKeyPack);
+    return p;
+}
+
+static int
+ktest_equal_sequence_of_data(krb5_data **ref, krb5_data **var)
+{
+    array_compare(ktest_equal_data);
+}
+
+int
+ktest_equal_auth_pack(krb5_auth_pack *ref, krb5_auth_pack *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(pkAuthenticator, ktest_equal_pk_authenticator);
+    p = p && equal_str(clientPublicValue);
+    p = p && ptr_equal(supportedCMSTypes,
+                       ktest_equal_sequence_of_algorithm_identifier);
+    p = p && equal_str(clientDHNonce);
+    p = p && ptr_equal(supportedKDFs, ktest_equal_sequence_of_data);
+    return p;
+}
+
+int
+ktest_equal_kdc_dh_key_info(krb5_kdc_dh_key_info *ref,
+                            krb5_kdc_dh_key_info *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && equal_str(subjectPublicKey);
+    p = p && scalar_equal(nonce);
+    p = p && scalar_equal(dhKeyExpiration);
+    return p;
+}
+
+int
+ktest_equal_reply_key_pack(krb5_reply_key_pack *ref, krb5_reply_key_pack *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && struct_equal(replyKey, ktest_equal_keyblock);
+    p = p && struct_equal(asChecksum, ktest_equal_checksum);
+    return p;
+}
+
+#endif /* not DISABLE_PKINIT */
+
+int
+ktest_equal_kkdcp_message(krb5_kkdcp_message *ref, krb5_kkdcp_message *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && data_eq(ref->kerb_message, var->kerb_message);
+    p = p && data_eq(ref->target_domain, var->target_domain);
+    p = p && scalar_equal(dclocator_hint);
+    return p;
+}
+
+static int
+vmac_eq(krb5_verifier_mac *ref, krb5_verifier_mac *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(princ, ktest_equal_principal_data);
+    p = p && scalar_equal(kvno);
+    p = p && scalar_equal(enctype);
+    p = p && struct_equal(checksum, ktest_equal_checksum);
+    return p;
+}
+
+static int
+vmac_list_eq(krb5_verifier_mac **ref, krb5_verifier_mac **var)
+{
+    array_compare(vmac_eq);
+}
+
+int
+ktest_equal_cammac(krb5_cammac *ref, krb5_cammac *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ptr_equal(elements, ktest_equal_authorization_data);
+    p = p && ptr_equal(kdc_verifier, vmac_eq);
+    p = p && ptr_equal(svc_verifier, vmac_eq);
+    p = p && ptr_equal(other_verifiers, vmac_list_eq);
+    return p;
+}
+
+int
+ktest_equal_secure_cookie(krb5_secure_cookie *ref, krb5_secure_cookie *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && ktest_equal_sequence_of_pa_data(ref->data, var->data);
+    p = p && scalar_equal(time);
+    return p;
+}
+
+int
+ktest_equal_spake_factor(krb5_spake_factor *ref, krb5_spake_factor *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    p = p && scalar_equal(type);
+    p = p && ptr_equal(data,ktest_equal_data);
+    return p;
+}
+
+int
+ktest_equal_pa_spake(krb5_pa_spake *ref, krb5_pa_spake *var)
+{
+    int p = TRUE;
+    if (ref == var) return TRUE;
+    else if (ref == NULL || var == NULL) return FALSE;
+    else if (ref->choice != var->choice) return FALSE;
+    switch (ref->choice) {
+    case SPAKE_MSGTYPE_SUPPORT:
+        p = p && scalar_equal(u.support.ngroups);
+        p = p && (memcmp(ref->u.support.groups,var->u.support.groups,
+                         ref->u.support.ngroups * sizeof(int32_t)) == 0);
+        break;
+    case SPAKE_MSGTYPE_CHALLENGE:
+        p = p && struct_equal(u.challenge.pubkey,ktest_equal_data);
+        p = p && ptr_equal(u.challenge.factors,
+                           ktest_equal_sequence_of_spake_factor);
+        break;
+    case SPAKE_MSGTYPE_RESPONSE:
+        p = p && struct_equal(u.response.pubkey,ktest_equal_data);
+        p = p && struct_equal(u.response.factor,ktest_equal_enc_data);
+        break;
+    case SPAKE_MSGTYPE_ENCDATA:
+        p = p && struct_equal(u.encdata,ktest_equal_enc_data);
+        break;
+    default:
+        break;
+    }
+    return p;
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/ktest_equal.h b/krb5-1.21.3/src/tests/asn.1/ktest_equal.h
new file mode 100644
index 00000000..8c15cc0c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/ktest_equal.h
@@ -0,0 +1,154 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/ktest_equal.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __KTEST_EQUAL_H__
+#define __KTEST_EQUAL_H__
+
+#include "k5-int.h"
+#include "k5-spake.h"
+#include "kdb.h"
+
+/* int ktest_equal_structure(krb5_structure *ref, *var) */
+/* effects  Returns true (non-zero) if ref and var are
+             semantically equivalent (i.e. have the same values,
+             but aren't necessarily the same object).
+            Returns false (zero) if ref and var differ. */
+
+#define generic(funcname,type)\
+int funcname (type *ref, type *var)
+
+#define len_array(funcname,type)\
+int funcname (int length, type *ref, type *var)
+#define len_unsigned_array(funcname,type)\
+int funcname (unsigned int length, type *ref, type *var)
+
+generic(ktest_equal_authenticator,krb5_authenticator);
+generic(ktest_equal_principal_data,krb5_principal_data);
+generic(ktest_equal_checksum,krb5_checksum);
+generic(ktest_equal_keyblock,krb5_keyblock);
+generic(ktest_equal_data,krb5_data);
+generic(ktest_equal_authdata,krb5_authdata);
+generic(ktest_equal_ticket,krb5_ticket);
+generic(ktest_equal_enc_tkt_part,krb5_enc_tkt_part);
+generic(ktest_equal_transited,krb5_transited);
+generic(ktest_equal_ticket_times,krb5_ticket_times);
+generic(ktest_equal_address,krb5_address);
+generic(ktest_equal_enc_data,krb5_enc_data);
+
+generic(ktest_equal_enc_kdc_rep_part,krb5_enc_kdc_rep_part);
+generic(ktest_equal_priv,krb5_priv);
+generic(ktest_equal_cred,krb5_cred);
+generic(ktest_equal_error,krb5_error);
+generic(ktest_equal_ap_req,krb5_ap_req);
+generic(ktest_equal_ap_rep,krb5_ap_rep);
+generic(ktest_equal_ap_rep_enc_part,krb5_ap_rep_enc_part);
+generic(ktest_equal_safe,krb5_safe);
+
+generic(ktest_equal_last_req_entry,krb5_last_req_entry);
+generic(ktest_equal_pa_data,krb5_pa_data);
+generic(ktest_equal_cred_info,krb5_cred_info);
+
+generic(ktest_equal_enc_cred_part,krb5_cred_enc_part);
+generic(ktest_equal_enc_priv_part,krb5_priv_enc_part);
+generic(ktest_equal_as_rep,krb5_kdc_rep);
+generic(ktest_equal_tgs_rep,krb5_kdc_rep);
+generic(ktest_equal_as_req,krb5_kdc_req);
+generic(ktest_equal_tgs_req,krb5_kdc_req);
+generic(ktest_equal_kdc_req_body,krb5_kdc_req);
+generic(ktest_equal_encryption_key,krb5_keyblock);
+
+generic(ktest_equal_krb5_pa_enc_ts,krb5_pa_enc_ts);
+
+generic(ktest_equal_sam_challenge_2,krb5_sam_challenge_2);
+generic(ktest_equal_sam_challenge_2_body,krb5_sam_challenge_2_body);
+
+int ktest_equal_last_req(krb5_last_req_entry **ref, krb5_last_req_entry **var);
+int ktest_equal_sequence_of_ticket(krb5_ticket **ref, krb5_ticket **var);
+int ktest_equal_sequence_of_pa_data(krb5_pa_data **ref, krb5_pa_data **var);
+int ktest_equal_sequence_of_cred_info(krb5_cred_info **ref,
+                                      krb5_cred_info **var);
+int ktest_equal_sequence_of_principal(krb5_principal *ref,
+                                      krb5_principal *var);
+int ktest_equal_sequence_of_checksum(krb5_checksum **ref, krb5_checksum **var);
+int
+ktest_equal_sequence_of_algorithm_identifier(krb5_algorithm_identifier **ref,
+                                             krb5_algorithm_identifier **var);
+int ktest_equal_sequence_of_otp_tokeninfo(krb5_otp_tokeninfo **ref,
+                                          krb5_otp_tokeninfo **var);
+int ktest_equal_sequence_of_spake_factor(krb5_spake_factor **ref,
+                                         krb5_spake_factor **var);
+
+len_array(ktest_equal_array_of_enctype,krb5_enctype);
+len_array(ktest_equal_array_of_data,krb5_data);
+len_unsigned_array(ktest_equal_array_of_octet,krb5_octet);
+
+int ktest_equal_authorization_data(krb5_authdata **ref, krb5_authdata **var);
+int ktest_equal_addresses(krb5_address **ref, krb5_address **var);
+int ktest_equal_array_of_char(const unsigned int length, char *ref, char *var);
+
+int ktest_equal_etype_info(krb5_etype_info_entry **ref,
+                           krb5_etype_info_entry **var);
+
+int ktest_equal_krb5_etype_info_entry(krb5_etype_info_entry *ref,
+                                      krb5_etype_info_entry *var);
+int ktest_equal_pa_for_user(krb5_pa_for_user *ref, krb5_pa_for_user *var);
+int ktest_equal_pa_s4u_x509_user(krb5_pa_s4u_x509_user *ref,
+                                 krb5_pa_s4u_x509_user *var);
+int ktest_equal_ad_kdcissued(krb5_ad_kdcissued *ref, krb5_ad_kdcissued *var);
+int ktest_equal_iakerb_header(krb5_iakerb_header *ref,
+                              krb5_iakerb_header *var);
+int ktest_equal_iakerb_finished(krb5_iakerb_finished *ref,
+                                krb5_iakerb_finished *var);
+int ktest_equal_fast_response(krb5_fast_response *ref,
+                              krb5_fast_response *var);
+int ktest_equal_otp_tokeninfo(krb5_otp_tokeninfo *ref,
+                              krb5_otp_tokeninfo *var);
+int ktest_equal_pa_otp_challenge(krb5_pa_otp_challenge *ref,
+                                 krb5_pa_otp_challenge *var);
+int ktest_equal_pa_otp_req(krb5_pa_otp_req *ref, krb5_pa_otp_req *var);
+
+int ktest_equal_ldap_sequence_of_keys(ldap_seqof_key_data *ref,
+                                      ldap_seqof_key_data *var);
+
+#ifndef DISABLE_PKINIT
+generic(ktest_equal_pa_pk_as_req, krb5_pa_pk_as_req);
+generic(ktest_equal_pa_pk_as_rep, krb5_pa_pk_as_rep);
+generic(ktest_equal_auth_pack, krb5_auth_pack);
+generic(ktest_equal_kdc_dh_key_info, krb5_kdc_dh_key_info);
+generic(ktest_equal_reply_key_pack, krb5_reply_key_pack);
+#endif /* not DISABLE_PKINIT */
+
+int ktest_equal_kkdcp_message(krb5_kkdcp_message *ref,
+                              krb5_kkdcp_message *var);
+int ktest_equal_cammac(krb5_cammac *ref, krb5_cammac *var);
+
+int ktest_equal_secure_cookie(krb5_secure_cookie *ref,
+                              krb5_secure_cookie *var);
+
+generic(ktest_equal_spake_factor, krb5_spake_factor);
+generic(ktest_equal_pa_spake, krb5_pa_spake);
+
+#endif
diff --git a/krb5-1.21.3/src/tests/asn.1/ldap_encode.out b/krb5-1.21.3/src/tests/asn.1/ldap_encode.out
new file mode 100644
index 00000000..41dbc1e6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/ldap_encode.out
@@ -0,0 +1 @@
+encode_krb5_ldap_seqof_key_data: 30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32
diff --git a/krb5-1.21.3/src/tests/asn.1/ldap_trval.out b/krb5-1.21.3/src/tests/asn.1/ldap_trval.out
new file mode 100644
index 00000000..16ea7371
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/ldap_trval.out
@@ -0,0 +1,30 @@
+
+encode_krb5_ldap_seqof_key_data:
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 1
+.  [1] [Integer] 1
+.  [2] [Integer] 42
+.  [3] [Integer] 14
+.  [4] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 0
+.  .  .  .  [1] [Octet String] "salt0"
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 2
+.  .  .  .  [1] [Octet String] "key0"
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 1
+.  .  .  .  [1] [Octet String] "salt1"
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 2
+.  .  .  .  [1] [Octet String] "key1"
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 2
+.  .  .  .  [1] [Octet String] "salt2"
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 2
+.  .  .  .  [1] [Octet String] "key2"
diff --git a/krb5-1.21.3/src/tests/asn.1/make-vectors.c b/krb5-1.21.3/src/tests/asn.1/make-vectors.c
new file mode 100644
index 00000000..2fc85466
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/make-vectors.c
@@ -0,0 +1,333 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/make-vectors.c - Generate ASN.1 test vectors using asn1c */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This program generates test vectors using asn1c, to be included in other
+ * test programs which exercise the krb5 ASN.1 encoder and decoder functions.
+ * It is intended to be used via "make test-vectors".  Currently, test vectors
+ * are only generated for a subset of newer ASN.1 objects.
+ */
+
+#include <PrincipalName.h>
+#include <KRB5PrincipalName.h>
+#include <OtherInfo.h>
+#include <PkinitSuppPubInfo.h>
+#include <OTP-TOKENINFO.h>
+#include <PA-OTP-CHALLENGE.h>
+#include <PA-OTP-REQUEST.h>
+#include <PA-OTP-ENC-REQUEST.h>
+#include <AD-CAMMAC.h>
+#include <SPAKESecondFactor.h>
+#include <PA-SPAKE.h>
+
+static unsigned char buf[8192];
+static size_t buf_pos;
+
+/* PrincipalName and KRB5PrincipalName */
+static KerberosString_t comp_1 = { "hftsai", 6 };
+static KerberosString_t comp_2 = { "extra", 5 };
+static KerberosString_t *comps[] = { &comp_1, &comp_2 };
+static PrincipalName_t princ = { 1, { comps, 2, 2 } };
+static KRB5PrincipalName_t krb5princ = { { "ATHENA.MIT.EDU", 14 },
+                                         { 1, { comps, 2, 2 } } };
+
+/* OtherInfo */
+static unsigned int krb5_arcs[] = { 1, 2, 840, 113554, 1, 2, 2 };
+static OCTET_STRING_t krb5data_ostring = { "krb5data", 8 };
+static OtherInfo_t other_info = {
+    { 0 }, { 0 }, { 0 },        /* Initialized in main() */
+    &krb5data_ostring, NULL
+};
+
+/* PkinitSuppPubInfo */
+static PkinitSuppPubInfo_t supp_pub_info = { 1, { "krb5data", 8 },
+                                             { "krb5data", 8 } };
+
+/* Minimal OTP-TOKENINFO */
+static OTP_TOKENINFO_t token_info_1 = { { "\0\0\0\0", 4, 0 } };
+
+/* Maximal OTP-TOKENINFO */
+static UTF8String_t vendor = { "Examplecorp", 11 };
+static OCTET_STRING_t challenge = { "hark!", 5 };
+static Int32_t otp_length = 10;
+static OTPFormat_t otp_format; /* Initialized to 2 in main(). */
+static OCTET_STRING_t token_id = { "yourtoken", 9 };
+static AnyURI_t otp_alg = { "urn:ietf:params:xml:ns:keyprov:pskc:hotp", 40 };
+static unsigned int sha256_arcs[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
+static unsigned int sha1_arcs[] = { 1, 3, 14, 3, 2, 26 };
+static AlgorithmIdentifier_t alg_sha256, alg_sha1; /* Initialized in main(). */
+static AlgorithmIdentifier_t *algs[] = { &alg_sha256, &alg_sha1 };
+static struct supportedHashAlg hash_algs = { algs, 2, 2 };
+static Int32_t iter_count = 1000;
+/* Flags are nextOTP | combine | collect-pin | must-encrypt-nonce |
+ * separate-pin-required | check-digit */
+static OTP_TOKENINFO_t token_info_2 = { { "\x77\0\0\0", 4, 0 }, &vendor,
+                                        &challenge, &otp_length, &otp_format,
+                                        &token_id, &otp_alg, &hash_algs,
+                                        &iter_count };
+
+/* Minimal PA-OTP-CHALLENGE */
+static OTP_TOKENINFO_t *tinfo_1[] = { &token_info_1 };
+static PA_OTP_CHALLENGE_t challenge_1 = { { "minnonce", 8 }, NULL,
+                                          { { tinfo_1, 1, 1 } } };
+
+/* Maximal PA-OTP-CHALLENGE */
+static OTP_TOKENINFO_t *tinfo_2[] = { &token_info_1, &token_info_2 };
+static UTF8String_t service = { "testservice", 11 };
+static KerberosString_t salt = { "keysalt", 7 };
+static OCTET_STRING_t s2kparams = { "1234", 4 };
+static PA_OTP_CHALLENGE_t challenge_2 = { { "maxnonce", 8 }, &service,
+                                          { { tinfo_2, 2, 2 } }, &salt,
+                                          &s2kparams };
+
+/* Minimal PA-OTP-REQUEST */
+static UInt32_t kvno = 5;
+static PA_OTP_REQUEST_t request_1 = { { "\0\0\0\0", 4, 0 }, NULL,
+                                      { 0, &kvno,
+                                        { "krbASN.1 test message", 21 } } };
+
+/* Maximal PA-OTP-REQUEST */
+/* Flags are nextOTP | combine */
+static OCTET_STRING_t nonce = { "nonce", 5 };
+static OCTET_STRING_t otp_value = { "frogs", 5 };
+static UTF8String_t otp_pin = { "myfirstpin", 10 };
+/* Corresponds to Unix time 771228197 */
+static KerberosTime_t otp_time = { "19940610060317Z", 15 };
+static OCTET_STRING_t counter = { "346", 3 };
+static PA_OTP_REQUEST_t request_2 = { { "\x60\0\0\0", 4, 0 }, &nonce,
+                                      { 0, &kvno,
+                                        { "krbASN.1 test message", 21 } },
+                                      &alg_sha256, &iter_count, &otp_value,
+                                      &otp_pin, &challenge, &otp_time,
+                                      &counter, &otp_format, &token_id,
+                                      &otp_alg, &vendor };
+
+/* PA-OTP-ENC-REQUEST */
+static PA_OTP_ENC_REQUEST_t enc_request = { { "krb5data", 8 } };
+
+/*
+ * There is no ASN.1 name for a single authorization data element, so asn1c
+ * declares it as "struct Member" in an inner scope.  This structure must be
+ * laid out identically to that one.
+ */
+struct ad_element {
+    Int32_t ad_type;
+    OCTET_STRING_t ad_data;
+    asn_struct_ctx_t _asn_ctx;
+};
+
+/* Authorization data elements and lists, for use in CAMMAC */
+static struct ad_element ad_1 = { 1, { "ad1", 3 } };
+static struct ad_element ad_2 = { 2, { "ad2", 3 } };
+static struct ad_element *adlist_1[] = { &ad_1 };
+static struct ad_element *adlist_2[] = { &ad_1, &ad_2 };
+
+/* Minimal Verifier */
+static Verifier_t verifier_1 = { Verifier_PR_mac,
+                                 { { NULL, NULL, NULL,
+                                     { 1, { "cksum1", 6 } } } } };
+
+/* Maximal Verifier */
+static Int32_t enctype = 16;
+static Verifier_t verifier_2 = { Verifier_PR_mac,
+                                 { { &princ, &kvno, &enctype,
+                                     { 1, { "cksum2", 6 } } } } };
+
+/* Minimal CAMMAC */
+static AD_CAMMAC_t cammac_1 = { { { (void *)adlist_1, 1, 1 } },
+                                NULL, NULL, NULL };
+
+/* Maximal CAMMAC */
+static Verifier_MAC_t vmac_1 = { &princ, &kvno, &enctype,
+                                 { 1, { "cksumkdc", 8 } } };
+static Verifier_MAC_t vmac_2 = { &princ, &kvno, &enctype,
+                                 { 1, { "cksumsvc", 8 } } };
+static Verifier_t *verifiers[] = { &verifier_1, &verifier_2 };
+static struct other_verifiers overfs = { { verifiers, 2, 2 } };
+static AD_CAMMAC_t cammac_2 = { { { (void *)adlist_2, 2, 2 } },
+                                &vmac_1, &vmac_2, &overfs };
+
+/* SPAKESecondFactor */
+static SPAKESecondFactor_t factor_1 = { 1, NULL };
+static OCTET_STRING_t factor_data = { "fdata", 5 };
+static SPAKESecondFactor_t factor_2 = { 2, &factor_data };
+
+/* PA-SPAKE (support) */
+static Int32_t group_1 = 1, group_2 = 2, *groups[] = { &group_1, &group_2 };
+static PA_SPAKE_t pa_spake_1 = { PA_SPAKE_PR_support,
+                                 { .support = { { groups, 2, 2 } } } };
+
+/* PA-SPAKE (challenge) */
+static SPAKESecondFactor_t *factors[2] = { &factor_1, &factor_2 };
+static PA_SPAKE_t pa_spake_2 = { PA_SPAKE_PR_challenge,
+                                 { .challenge = { 1, { "T value", 7 },
+                                                  { factors, 2, 2 } } } };
+
+/* PA-SPAKE (response) */
+UInt32_t enctype_5 = 5;
+static PA_SPAKE_t pa_spake_3 = { PA_SPAKE_PR_response,
+                                 { .response = { { "S value", 7 },
+                                                 { 0, &enctype_5,
+                                                   { "krbASN.1 test message",
+                                                     21 } } } } };
+
+/* PA-SPAKE (encdata) */
+static PA_SPAKE_t pa_spake_4 = { PA_SPAKE_PR_encdata,
+                                 { .encdata = { 0, &enctype_5,
+                                                { "krbASN.1 test message",
+                                                  21 } } } };
+
+static int
+consume(const void *data, size_t size, void *dummy)
+{
+    memcpy(buf + buf_pos, data, size);
+    buf_pos += size;
+    return 0;
+}
+
+/* Display a C string literal representing the contents of buf, and
+ * reinitialize buf_pos for the next encoding operation. */
+static void
+printbuf(void)
+{
+    size_t i;
+
+    for (i = 0; i < buf_pos; i++) {
+        printf("%02X", buf[i]);
+        if (i + 1 < buf_pos)
+            printf(" ");
+    }
+    buf_pos = 0;
+}
+
+int
+main()
+{
+    /* Initialize values which can't use static initializers. */
+    asn_long2INTEGER(&otp_format, 2);  /* Alphanumeric */
+    OBJECT_IDENTIFIER_set_arcs(&alg_sha256.algorithm, sha256_arcs,
+                               sizeof(*sha256_arcs),
+                               sizeof(sha256_arcs) / sizeof(*sha256_arcs));
+    OBJECT_IDENTIFIER_set_arcs(&alg_sha1.algorithm, sha1_arcs,
+                               sizeof(*sha1_arcs),
+                               sizeof(sha1_arcs) / sizeof(*sha1_arcs));
+    OBJECT_IDENTIFIER_set_arcs(&other_info.algorithmID.algorithm, krb5_arcs,
+                               sizeof(*krb5_arcs),
+                               sizeof(krb5_arcs) / sizeof(*krb5_arcs));
+
+    printf("PrincipalName:\n");
+    der_encode(&asn_DEF_PrincipalName, &princ, consume, NULL);
+    printbuf();
+
+    /* Print this encoding and also use it to initialize two fields of
+     * other_info. */
+    printf("\nKRB5PrincipalName:\n");
+    der_encode(&asn_DEF_KRB5PrincipalName, &krb5princ, consume, NULL);
+    OCTET_STRING_fromBuf(&other_info.partyUInfo, buf, buf_pos);
+    OCTET_STRING_fromBuf(&other_info.partyVInfo, buf, buf_pos);
+    printbuf();
+
+    printf("\nOtherInfo:\n");
+    der_encode(&asn_DEF_OtherInfo, &other_info, consume, NULL);
+    printbuf();
+    free(other_info.partyUInfo.buf);
+    free(other_info.partyVInfo.buf);
+
+    printf("\nPkinitSuppPubInfo:\n");
+    der_encode(&asn_DEF_PkinitSuppPubInfo, &supp_pub_info, consume, NULL);
+    printbuf();
+
+    printf("\nMinimal OTP-TOKEN-INFO:\n");
+    der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_1, consume, NULL);
+    printbuf();
+
+    printf("\nMaximal OTP-TOKEN-INFO:\n");
+    der_encode(&asn_DEF_OTP_TOKENINFO, &token_info_2, consume, NULL);
+    printbuf();
+
+    printf("\nMinimal PA-OTP-CHALLENGE:\n");
+    der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_1, consume, NULL);
+    printbuf();
+
+    printf("\nMaximal PA-OTP-CHALLENGE:\n");
+    der_encode(&asn_DEF_PA_OTP_CHALLENGE, &challenge_2, consume, NULL);
+    printbuf();
+
+    printf("\nMinimal PA-OTP-REQUEST:\n");
+    der_encode(&asn_DEF_PA_OTP_REQUEST, &request_1, consume, NULL);
+    printbuf();
+
+    printf("\nMaximal PA-OTP-REQUEST:\n");
+    der_encode(&asn_DEF_PA_OTP_REQUEST, &request_2, consume, NULL);
+    printbuf();
+
+    printf("\nPA-OTP-ENC-REQUEST:\n");
+    der_encode(&asn_DEF_PA_OTP_ENC_REQUEST, &enc_request, consume, NULL);
+    printbuf();
+
+    printf("\nMinimal Verifier:\n");
+    der_encode(&asn_DEF_Verifier, &verifier_1, consume, NULL);
+    printbuf();
+
+    printf("\nMaximal Verifier:\n");
+    der_encode(&asn_DEF_Verifier, &verifier_2, consume, NULL);
+    printbuf();
+
+    printf("\nMinimal AD-CAMMAC:\n");
+    der_encode(&asn_DEF_AD_CAMMAC, &cammac_1, consume, NULL);
+    printbuf();
+
+    printf("\nMaximal AD-CAMMAC:\n");
+    der_encode(&asn_DEF_AD_CAMMAC, &cammac_2, consume, NULL);
+    printbuf();
+
+    printf("\nMinimal SPAKESecondFactor:\n");
+    der_encode(&asn_DEF_SPAKESecondFactor, &factor_1, consume, NULL);
+    printbuf();
+
+    printf("\nMaximal SPAKESecondFactor:\n");
+    der_encode(&asn_DEF_SPAKESecondFactor, &factor_2, consume, NULL);
+    printbuf();
+
+    printf("\nPA-SPAKE (support):\n");
+    der_encode(&asn_DEF_PA_SPAKE, &pa_spake_1, consume, NULL);
+    printbuf();
+
+    printf("\nPA-SPAKE (challenge):\n");
+    der_encode(&asn_DEF_PA_SPAKE, &pa_spake_2, consume, NULL);
+    printbuf();
+
+    printf("\nPA-SPAKE (response):\n");
+    der_encode(&asn_DEF_PA_SPAKE, &pa_spake_3, consume, NULL);
+    printbuf();
+
+    printf("\nPA-SPAKE (encdata):\n");
+    der_encode(&asn_DEF_PA_SPAKE, &pa_spake_4, consume, NULL);
+    printbuf();
+
+    printf("\n");
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/otp.asn1 b/krb5-1.21.3/src/tests/asn.1/otp.asn1
new file mode 100644
index 00000000..2e324322
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/otp.asn1
@@ -0,0 +1,109 @@
+   OTPKerberos
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+
+   IMPORTS
+
+       KerberosTime, KerberosFlags, EncryptionKey, Int32,
+       EncryptedData, LastReq, KerberosString
+       FROM KerberosV5Spec2 {iso(1) identified-organization(3)
+                             dod(6) internet(1) security(5)
+                             kerberosV5(2) modules(4) krb5spec2(2)}
+                             -- as defined in RFC 4120.
+       AlgorithmIdentifier
+       FROM PKIX1Explicit88 { iso (1) identified-organization (3)
+                              dod (6) internet (1)
+                              security (5) mechanisms (5) pkix (7)
+                              id-mod (0) id-pkix1-explicit (18) };
+                              -- As defined in RFC 5280.
+
+       PA-OTP-CHALLENGE ::= SEQUENCE {
+         nonce            [0] OCTET STRING,
+         otp-service      [1] UTF8String               OPTIONAL,
+         otp-tokenInfo    [2] SEQUENCE (SIZE(1..MAX)) OF
+                                                  OTP-TOKENINFO,
+         salt             [3] KerberosString           OPTIONAL,
+         s2kparams        [4] OCTET STRING             OPTIONAL,
+         ...
+       }
+
+       OTP-TOKENINFO ::= SEQUENCE {
+         flags            [0] OTPFlags,
+         otp-vendor       [1] UTF8String               OPTIONAL,
+         otp-challenge    [2] OCTET STRING (SIZE(1..MAX))
+                                                       OPTIONAL,
+         otp-length       [3] Int32                    OPTIONAL,
+         otp-format       [4] OTPFormat                OPTIONAL,
+         otp-tokenID      [5] OCTET STRING             OPTIONAL,
+         otp-algID        [6] AnyURI                   OPTIONAL,
+         supportedHashAlg [7] SEQUENCE OF AlgorithmIdentifier
+                                                       OPTIONAL,
+         iterationCount   [8] Int32                    OPTIONAL,
+         ...
+       }
+
+       OTPFormat ::= INTEGER {
+         decimal(0),
+         hexadecimal(1),
+         alphanumeric(2),
+         binary(3),
+         base64(4)
+       }
+
+       OTPFlags ::= KerberosFlags
+       -- reserved(0),
+       -- nextOTP(1),
+       -- combine(2),
+       -- collect-pin(3),
+       -- do-not-collect-pin(4),
+       -- must-encrypt-nonce (5),
+       -- separate-pin-required (6),
+       -- check-digit (7)
+
+       PA-OTP-REQUEST ::= SEQUENCE {
+         flags          [0]  OTPFlags,
+         nonce          [1]  OCTET STRING                OPTIONAL,
+         encData        [2]  EncryptedData,
+                            -- PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC
+                            -- Key usage of KEY_USAGE_OTP_REQUEST
+         hashAlg        [3]  AlgorithmIdentifier         OPTIONAL,
+         iterationCount [4]  Int32                       OPTIONAL,
+         otp-value      [5]  OCTET STRING                OPTIONAL,
+         otp-pin        [6]  UTF8String                  OPTIONAL,
+         otp-challenge  [7]  OCTET STRING (SIZE(1..MAX)) OPTIONAL,
+         otp-time       [8]  KerberosTime                OPTIONAL,
+         otp-counter    [9]  OCTET STRING                OPTIONAL,
+         otp-format     [10] OTPFormat                   OPTIONAL,
+         otp-tokenID    [11] OCTET STRING                OPTIONAL,
+         otp-algID      [12] AnyURI                      OPTIONAL,
+         otp-vendor     [13] UTF8String                  OPTIONAL,
+         ...
+       }
+
+       PA-OTP-ENC-REQUEST ::= SEQUENCE {
+         nonce     [0] OCTET STRING,
+         ...
+       }
+
+
+       PA-OTP-PIN-CHANGE ::= SEQUENCE {
+         flags     [0] PinFlags,
+         pin       [1] UTF8String OPTIONAL,
+         minLength [2] INTEGER    OPTIONAL,
+         maxLength [3] INTEGER    OPTIONAL,
+         last-req  [4] LastReq    OPTIONAL,
+         format    [5] OTPFormat  OPTIONAL,
+         ...
+       }
+
+       PinFlags ::= KerberosFlags
+       -- reserved(0),
+       -- systemSetPin(1),
+       -- mandatory(2)
+
+       AnyURI ::= UTF8String
+          (CONSTRAINED BY {
+          -- MUST be a valid URI in accordance with IETF RFC 2396
+          })
+
+   END
diff --git a/krb5-1.21.3/src/tests/asn.1/pkinit-agility.asn1 b/krb5-1.21.3/src/tests/asn.1/pkinit-agility.asn1
new file mode 100644
index 00000000..ea9095b0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/pkinit-agility.asn1
@@ -0,0 +1,99 @@
+KerberosV5-PK-INIT-Agility-SPEC {
+       iso(1) identified-organization(3) dod(6) internet(1)
+       security(5) kerberosV5(2) modules(4) pkinit(5) agility (1)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+   AlgorithmIdentifier, SubjectPublicKeyInfo
+       FROM PKIX1Explicit88 { iso (1)
+         identified-organization (3) dod (6) internet (1)
+         security (5) mechanisms (5) pkix (7) id-mod (0)
+         id-pkix1-explicit (18) }
+         -- As defined in RFC 3280.
+
+   Ticket, Int32, Realm, EncryptionKey, Checksum
+       FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+         dod(6) internet(1) security(5) kerberosV5(2)
+         modules(4) krb5spec2(2) }
+         -- as defined in RFC 4120.
+
+   PKAuthenticator, DHNonce
+       FROM KerberosV5-PK-INIT-SPEC {
+         iso(1) identified-organization(3) dod(6) internet(1)
+         security(5) kerberosV5(2) modules(4) pkinit(5) };
+         -- as defined in RFC 4556.
+
+TD-CMS-DIGEST-ALGORITHMS-DATA ::= SEQUENCE OF
+    AlgorithmIdentifier
+        -- Contains the list of CMS algorithm [RFC3852]
+        -- identifiers that identify the digest algorithms
+        -- acceptable by the KDC for signing CMS data in
+        -- the order of decreasing preference.
+
+TD-CERT-DIGEST-ALGORITHMS-DATA ::= SEQUENCE {
+       allowedAlgorithms [0] SEQUENCE OF AlgorithmIdentifier,
+           -- Contains the list of CMS algorithm [RFC3852]
+           -- identifiers that identify the digest algorithms
+           -- that are used by the CA to sign the client's
+           -- X.509 certificate and acceptable by the KDC in
+           -- the process of validating the client's X.509
+           -- certificate, in the order of decreasing
+           -- preference.
+       rejectedAlgorithm [1] AlgorithmIdentifier OPTIONAL,
+           -- This identifies the digest algorithm that was
+           -- used to sign the client's X.509 certificate and
+           -- has been rejected by the KDC in the process of
+           -- validating the client's X.509 certificate
+           -- [RFC3280].
+       ...
+}
+
+OtherInfo ::= SEQUENCE {
+        algorithmID   AlgorithmIdentifier,
+        partyUInfo     [0] OCTET STRING,
+        partyVInfo     [1] OCTET STRING,
+        suppPubInfo    [2] OCTET STRING OPTIONAL,
+        suppPrivInfo   [3] OCTET STRING OPTIONAL
+}
+
+PkinitSuppPubInfo ::= SEQUENCE {
+       enctype           [0] Int32,
+           -- The enctype of the AS reply key.
+       as-REQ            [1] OCTET STRING,
+           -- This contains the AS-REQ in the request.
+       pk-as-rep         [2] OCTET STRING,
+           -- Contains the DER encoding of the type
+           -- PA-PK-AS-REP [RFC4556] in the KDC reply.
+       ...
+}
+
+-- Renamed from AuthPack to allow asn1c to process this and pkinit.asn1
+AuthPack2 ::= SEQUENCE {
+       pkAuthenticator   [0] PKAuthenticator,
+       clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+       supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
+                OPTIONAL,
+       clientDHNonce     [3] DHNonce OPTIONAL,
+       ...,
+       supportedKDFs     [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
+           -- Contains an unordered set of KDFs supported by the
+           -- client.
+       ...
+}
+
+KDFAlgorithmId ::= SEQUENCE {
+       kdf-id            [0] OBJECT IDENTIFIER,
+           -- The object identifier of the KDF
+       ...
+}
+
+-- Renamed from DHRepInfo to allow asn1c to process this and pkinit.asn1
+DHRepInfo2 ::= SEQUENCE {
+       dhSignedData      [0] IMPLICIT OCTET STRING,
+       serverDHNonce     [1] DHNonce OPTIONAL,
+       ...,
+       kdf               [2] KDFAlgorithmId OPTIONAL,
+           -- The KDF picked by the KDC.
+       ...
+}
+END
diff --git a/krb5-1.21.3/src/tests/asn.1/pkinit.asn1 b/krb5-1.21.3/src/tests/asn.1/pkinit.asn1
new file mode 100644
index 00000000..8f9d8dda
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/pkinit.asn1
@@ -0,0 +1,253 @@
+KerberosV5-PK-INIT-SPEC {
+        iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) kerberosV5(2) modules(4) pkinit(5)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+
+    SubjectPublicKeyInfo, AlgorithmIdentifier
+        FROM PKIX1Explicit88 { iso (1)
+          identified-organization (3) dod (6) internet (1)
+          security (5) mechanisms (5) pkix (7) id-mod (0)
+          id-pkix1-explicit (18) }
+          -- As defined in RFC 3280.
+
+    KerberosTime, PrincipalName, Realm, EncryptionKey, Checksum
+        FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+          dod(6) internet(1) security(5) kerberosV5(2)
+          modules(4) krb5spec2(2) };
+          -- as defined in RFC 4120.
+
+id-pkinit OBJECT IDENTIFIER ::=
+  { iso(1) identified-organization(3) dod(6) internet(1)
+    security(5) kerberosv5(2) pkinit (3) }
+
+id-pkinit-authData      OBJECT IDENTIFIER  ::= { id-pkinit 1 }
+id-pkinit-DHKeyData     OBJECT IDENTIFIER  ::= { id-pkinit 2 }
+id-pkinit-rkeyData      OBJECT IDENTIFIER  ::= { id-pkinit 3 }
+id-pkinit-KPClientAuth  OBJECT IDENTIFIER  ::= { id-pkinit 4 }
+id-pkinit-KPKdc         OBJECT IDENTIFIER  ::= { id-pkinit 5 }
+
+id-pkinit-san OBJECT IDENTIFIER ::=
+  { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+    x509SanAN (2) }
+
+pa-pk-as-req INTEGER ::=                  16
+pa-pk-as-rep INTEGER ::=                  17
+
+ad-initial-verified-cas INTEGER ::=        9
+
+td-trusted-certifiers INTEGER ::=        104
+td-invalid-certificates INTEGER ::=      105
+td-dh-parameters INTEGER ::=             109
+
+PA-PK-AS-REQ ::= SEQUENCE {
+   signedAuthPack          [0] IMPLICIT OCTET STRING,
+            -- Contains a CMS type ContentInfo encoded
+            -- according to [RFC3852].
+            -- The contentType field of the type ContentInfo
+            -- is id-signedData (1.2.840.113549.1.7.2),
+            -- and the content field is a SignedData.
+            -- The eContentType field for the type SignedData is
+            -- id-pkinit-authData (1.3.6.1.5.2.3.1), and the
+            -- eContent field contains the DER encoding of the
+            -- type AuthPack.
+            -- AuthPack is defined below.
+   trustedCertifiers       [1] SEQUENCE OF
+               ExternalPrincipalIdentifier OPTIONAL,
+            -- Contains a list of CAs, trusted by the client,
+            -- that can be used to certify the KDC.
+            -- Each ExternalPrincipalIdentifier identifies a CA
+            -- or a CA certificate (thereby its public key).
+            -- The information contained in the
+            -- trustedCertifiers SHOULD be used by the KDC as
+            -- hints to guide its selection of an appropriate
+            -- certificate chain to return to the client.
+   kdcPkId                 [2] IMPLICIT OCTET STRING
+                               OPTIONAL,
+            -- Contains a CMS type SignerIdentifier encoded
+            -- according to [RFC3852].
+            -- Identifies, if present, a particular KDC
+            -- public key that the client already has.
+   ...
+}
+
+DHNonce ::= OCTET STRING
+
+ExternalPrincipalIdentifier ::= SEQUENCE {
+   subjectName            [0] IMPLICIT OCTET STRING OPTIONAL,
+            -- Contains a PKIX type Name encoded according to
+            -- [RFC3280].
+            -- Identifies the certificate subject by the
+            -- distinguished subject name.
+            -- REQUIRED when there is a distinguished subject
+            -- name present in the certificate.
+  issuerAndSerialNumber   [1] IMPLICIT OCTET STRING OPTIONAL,
+            -- Contains a CMS type IssuerAndSerialNumber encoded
+            -- according to [RFC3852].
+            -- Identifies a certificate of the subject.
+            -- REQUIRED for TD-INVALID-CERTIFICATES and
+            -- TD-TRUSTED-CERTIFIERS.
+  subjectKeyIdentifier    [2] IMPLICIT OCTET STRING OPTIONAL,
+            -- Identifies the subject's public key by a key
+            -- identifier.  When an X.509 certificate is
+            -- referenced, this key identifier matches the X.509
+            -- subjectKeyIdentifier extension value.  When other
+            -- certificate formats are referenced, the documents
+            -- that specify the certificate format and their use
+            -- with the CMS must include details on matching the
+            -- key identifier to the appropriate certificate
+            -- field.
+            -- RECOMMENDED for TD-TRUSTED-CERTIFIERS.
+   ...
+}
+
+AuthPack ::= SEQUENCE {
+   pkAuthenticator         [0] PKAuthenticator,
+   clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
+            -- Type SubjectPublicKeyInfo is defined in
+            -- [RFC3280].
+            -- Specifies Diffie-Hellman domain parameters
+            -- and the client's public key value [IEEE1363].
+            -- The DH public key value is encoded as a BIT
+            -- STRING according to [RFC3279].
+            -- This field is present only if the client wishes
+            -- to use the Diffie-Hellman key agreement method.
+   supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier
+                               OPTIONAL,
+            -- Type AlgorithmIdentifier is defined in
+            -- [RFC3280].
+            -- List of CMS algorithm [RFC3370] identifiers
+            -- that identify key transport algorithms, or
+            -- content encryption algorithms, or signature
+            -- algorithms supported by the client in order of
+            -- (decreasing) preference.
+   clientDHNonce           [3] DHNonce OPTIONAL,
+            -- Present only if the client indicates that it
+            -- wishes to reuse DH keys or to allow the KDC to
+            -- do so.
+   ...
+}
+
+PKAuthenticator ::= SEQUENCE {
+   cusec                   [0] INTEGER (0..999999),
+   ctime                   [1] KerberosTime,
+            -- cusec and ctime are used as in [RFC4120], for
+            -- replay prevention.
+   nonce                   [2] INTEGER (0..4294967295),
+            -- Chosen randomly; this nonce does not need to
+            -- match with the nonce in the KDC-REQ-BODY.
+   paChecksum              [3] OCTET STRING OPTIONAL,
+            -- MUST be present.
+            -- Contains the SHA1 checksum, performed over
+            -- KDC-REQ-BODY.
+   ...
+}
+
+TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF
+               ExternalPrincipalIdentifier
+            -- Identifies a list of CAs trusted by the KDC.
+            -- Each ExternalPrincipalIdentifier identifies a CA
+            -- or a CA certificate (thereby its public key).
+
+TD-INVALID-CERTIFICATES ::= SEQUENCE OF
+               ExternalPrincipalIdentifier
+            -- Each ExternalPrincipalIdentifier identifies a
+            -- certificate (sent by the client) with an invalid
+            -- signature.
+
+KRB5PrincipalName ::= SEQUENCE {
+    realm                   [0] Realm,
+    principalName           [1] PrincipalName
+}
+
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF
+               ExternalPrincipalIdentifier
+            -- Identifies the certification path based on which
+            -- the client certificate was validated.
+            -- Each ExternalPrincipalIdentifier identifies a CA
+            -- or a CA certificate (thereby its public key).
+
+PA-PK-AS-REP ::= CHOICE {
+   dhInfo                  [0] DHRepInfo,
+            -- Selected when Diffie-Hellman key exchange is
+            -- used.
+   encKeyPack              [1] IMPLICIT OCTET STRING,
+            -- Selected when public key encryption is used.
+            -- Contains a CMS type ContentInfo encoded
+            -- according to [RFC3852].
+            -- The contentType field of the type ContentInfo is
+            -- id-envelopedData (1.2.840.113549.1.7.3).
+            -- The content field is an EnvelopedData.
+            -- The contentType field for the type EnvelopedData
+            -- is id-signedData (1.2.840.113549.1.7.2).
+            -- The eContentType field for the inner type
+            -- SignedData (when unencrypted) is
+            -- id-pkinit-rkeyData (1.3.6.1.5.2.3.3) and the
+            -- eContent field contains the DER encoding of the
+            -- type ReplyKeyPack.
+            -- ReplyKeyPack is defined below.
+   ...
+}
+
+DHRepInfo ::= SEQUENCE {
+   dhSignedData            [0] IMPLICIT OCTET STRING,
+            -- Contains a CMS type ContentInfo encoded according
+            -- to [RFC3852].
+            -- The contentType field of the type ContentInfo is
+            -- id-signedData (1.2.840.113549.1.7.2), and the
+            -- content field is a SignedData.
+            -- The eContentType field for the type SignedData is
+            -- id-pkinit-DHKeyData (1.3.6.1.5.2.3.2), and the
+            -- eContent field contains the DER encoding of the
+            -- type KDCDHKeyInfo.
+            -- KDCDHKeyInfo is defined below.
+   serverDHNonce           [1] DHNonce OPTIONAL,
+            -- Present if and only if dhKeyExpiration is
+            -- present.
+   ...
+}
+
+KDCDHKeyInfo ::= SEQUENCE {
+   subjectPublicKey        [0] BIT STRING,
+            -- The KDC's DH public key.
+            -- The DH public key value is encoded as a BIT
+            -- STRING according to [RFC3279].
+   nonce                   [1] INTEGER (0..4294967295),
+            -- Contains the nonce in the pkAuthenticator field
+            -- in the request if the DH keys are NOT reused,
+            -- 0 otherwise.
+   dhKeyExpiration         [2] KerberosTime OPTIONAL,
+            -- Expiration time for KDC's key pair,
+            -- present if and only if the DH keys are reused.
+            -- If present, the KDC's DH public key MUST not be
+            -- used past the point of this expiration time.
+            -- If this field is omitted then the serverDHNonce
+            -- field MUST also be omitted.
+   ...
+}
+
+ReplyKeyPack ::= SEQUENCE {
+   replyKey                [0] EncryptionKey,
+            -- Contains the session key used to encrypt the
+            -- enc-part field in the AS-REP, i.e., the
+            -- AS reply key.
+   asChecksum              [1] Checksum,
+           -- Contains the checksum of the AS-REQ
+           -- corresponding to the containing AS-REP.
+           -- The checksum is performed over the type AS-REQ.
+           -- The protocol key [RFC3961] of the checksum is the
+           -- replyKey and the key usage number is 6.
+           -- If the replyKey's enctype is "newer" [RFC4120]
+           -- [RFC4121], the checksum is the required
+           -- checksum operation [RFC3961] for that enctype.
+           -- The client MUST verify this checksum upon receipt
+           -- of the AS-REP.
+   ...
+}
+
+TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+            -- Each AlgorithmIdentifier specifies a set of
+            -- Diffie-Hellman domain parameters [IEEE1363].
+            -- This list is in decreasing preference order.
+END
diff --git a/krb5-1.21.3/src/tests/asn.1/pkinit_encode.out b/krb5-1.21.3/src/tests/asn.1/pkinit_encode.out
new file mode 100644
index 00000000..6ec7aaa3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/pkinit_encode.out
@@ -0,0 +1,8 @@
+encode_krb5_pa_pk_as_req: 30 38 80 08 6B 72 62 35 64 61 74 61 A1 22 30 20 30 1E 80 08 6B 72 62 35 64 61 74 61 81 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61 82 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(dhInfo): A0 28 30 26 80 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_pk_as_rep(encKeyPack): 81 08 6B 72 62 35 64 61 74 61
+encode_krb5_auth_pack: 30 81 85 A0 35 30 33 A0 05 02 03 01 E2 40 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 06 04 04 31 32 33 34 A4 0A 04 08 6B 72 62 35 64 61 74 61 A1 08 04 06 70 76 61 6C 75 65 A2 24 30 22 30 13 06 09 2A 86 48 86 F7 12 01 02 02 04 06 70 61 72 61 6D 73 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A3 0A 04 08 6B 72 62 35 64 61 74 61 A4 10 30 0E 30 0C A0 0A 06 08 6B 72 62 35 64 61 74 61
+encode_krb5_kdc_dh_key_info: 30 25 A0 0B 03 09 00 6B 72 62 35 64 61 74 61 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_reply_key_pack: 30 26 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_sp80056a_other_info: 30 81 81 30 0B 06 09 2A 86 48 86 F7 12 01 02 02 A0 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 32 04 30 30 2E A0 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_pkinit_supp_pub_info: 30 1D A0 03 02 01 14 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
diff --git a/krb5-1.21.3/src/tests/asn.1/pkinit_trval.out b/krb5-1.21.3/src/tests/asn.1/pkinit_trval.out
new file mode 100644
index 00000000..46f4a341
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/pkinit_trval.out
@@ -0,0 +1,97 @@
+
+encode_krb5_pa_pk_as_req:
+
+[Sequence/Sequence Of]
+.  [0] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+.  [1] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+.  .  .  [1] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+.  .  .  [2] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+.  [2] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+
+encode_krb5_pa_pk_as_rep(dhInfo):
+
+[CONT 0]
+.  [Sequence/Sequence Of]
+.  .  [0] <8>
+         6b 72 62 35 64 61 74 61                          krb5data
+.  .  [1] [Octet String] "krb5data"
+.  .  [2] [Sequence/Sequence Of]
+.  .  .  [0] [Object Identifier] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+
+encode_krb5_pa_pk_as_rep(encKeyPack):
+
+[CONT 1] <8>
+   6b 72 62 35 64 61 74 61                                krb5data
+
+encode_krb5_auth_pack:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [0] [Integer] 123456
+.  .  [1] [Generalized Time] "19940610060317Z"
+.  .  [2] [Integer] 42
+.  .  [3] [Octet String] "1234"
+.  .  [4] [Octet String] "krb5data"
+.  [1] [Octet String] "pvalue"
+.  [2] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [Object Identifier] <9>
+            2a 86 48 86 f7 12 01 02 02                       *.H......
+.  .  .  [Octet String] "params"
+.  .  [Sequence/Sequence Of]
+.  .  .  [Object Identifier] <9>
+            2a 86 48 86 f7 12 01 02 02                       *.H......
+.  [3] [Octet String] "krb5data"
+.  [4] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Object Identifier] <8>
+            6b 72 62 35 64 61 74 61                          krb5data
+
+encode_krb5_kdc_dh_key_info:
+
+[Sequence/Sequence Of]
+.  [0] [Bit String] <9>
+      00 6b 72 62 35 64 61 74 61                          .krb5data
+.  [1] [Integer] 42
+.  [2] [Generalized Time] "19940610060317Z"
+
+encode_krb5_reply_key_pack:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "12345678"
+.  [1] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+
+encode_krb5_sp80056a_other_info:
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [Object Identifier] <9>
+         2a 86 48 86 f7 12 01 02 02                       *.H......
+.  [0] [Octet String] <48>
+      30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54     0.....ATHENA.MIT
+      2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30     .EDU..0........0
+      0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61     ...hftsai..extra
+.  [1] [Octet String] <48>
+      30 2e a0 10 1b 0e 41 54 48 45 4e 41 2e 4d 49 54     0.....ATHENA.MIT
+      2e 45 44 55 a1 1a 30 18 a0 03 02 01 01 a1 11 30     .EDU..0........0
+      0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72 61     ...hftsai..extra
+.  [2] [Octet String] "krb5data"
+
+encode_krb5_pkinit_supp_pub_info:
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 20
+.  [1] [Octet String] "krb5data"
+.  [2] [Octet String] "krb5data"
diff --git a/krb5-1.21.3/src/tests/asn.1/pkix.asn1 b/krb5-1.21.3/src/tests/asn.1/pkix.asn1
new file mode 100644
index 00000000..03981883
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/pkix.asn1
@@ -0,0 +1,654 @@
+PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+-- IMPORTS NONE --
+
+-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
+-- and required by this specification
+-- (Commented out for krb5 source tree)
+
+-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+        -- UniversalString is defined in ASN.1:1993
+
+-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+      -- BMPString is the subtype of UniversalString and models
+      -- the Basic Multilingual Plane of ISO/IEC 10646
+
+--UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+      -- The content of this type conforms to RFC 3629.
+
+-- PKIX specific OIDs
+
+id-pkix  OBJECT IDENTIFIER  ::=
+         { iso(1) identified-organization(3) dod(6) internet(1)
+                    security(5) mechanisms(5) pkix(7) }
+
+-- PKIX arcs
+
+id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+        -- arc for private certificate extensions
+id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+        -- arc for policy qualifier types
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+        -- arc for extended key purpose OIDS
+id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+        -- arc for access descriptors
+
+-- policyQualifierIds for Internet policy qualifiers
+
+id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+      -- OID for CPS qualifier
+id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+      -- OID for user notice qualifier
+
+-- access descriptor definitions
+
+id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 }
+id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 }
+id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+-- attribute data types
+
+Attribute               ::= SEQUENCE {
+      type             AttributeType,
+      values    SET OF AttributeValue }
+            -- at least one value is required
+
+AttributeType           ::= OBJECT IDENTIFIER
+
+AttributeValue          ::= ANY -- DEFINED BY AttributeType
+
+AttributeTypeAndValue   ::= SEQUENCE {
+        type    AttributeType,
+        value   AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+--   information object set may be augmented to meet local
+--   requirements.  Note that deleting members of the set may
+--   prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+--   type definition for the corresponding AttributeValue
+
+-- Arc for standard naming attributes
+
+id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+-- Naming attributes of type X520name
+
+id-at-name                AttributeType ::= { id-at 41 }
+id-at-surname             AttributeType ::= { id-at  4 }
+id-at-givenName           AttributeType ::= { id-at 42 }
+id-at-initials            AttributeType ::= { id-at 43 }
+id-at-generationQualifier AttributeType ::= { id-at 44 }
+
+-- Naming attributes of type X520Name:
+--   X520name ::= DirectoryString (SIZE (1..ub-name))
+--
+-- Expanded to avoid parameterized type:
+X520name ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-name)),
+      printableString   PrintableString (SIZE (1..ub-name)),
+      universalString   UniversalString (SIZE (1..ub-name)),
+      utf8String        UTF8String      (SIZE (1..ub-name)),
+      bmpString         BMPString       (SIZE (1..ub-name)) }
+
+-- Naming attributes of type X520CommonName
+
+id-at-commonName        AttributeType ::= { id-at 3 }
+
+-- Naming attributes of type X520CommonName:
+--   X520CommonName ::= DirectoryName (SIZE (1..ub-common-name))
+--
+-- Expanded to avoid parameterized type:
+X520CommonName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-common-name)),
+      printableString   PrintableString (SIZE (1..ub-common-name)),
+      universalString   UniversalString (SIZE (1..ub-common-name)),
+      utf8String        UTF8String      (SIZE (1..ub-common-name)),
+      bmpString         BMPString       (SIZE (1..ub-common-name)) }
+
+-- Naming attributes of type X520LocalityName
+
+id-at-localityName      AttributeType ::= { id-at 7 }
+
+-- Naming attributes of type X520LocalityName:
+--   X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name))
+--
+-- Expanded to avoid parameterized type:
+X520LocalityName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-locality-name)),
+      printableString   PrintableString (SIZE (1..ub-locality-name)),
+      universalString   UniversalString (SIZE (1..ub-locality-name)),
+      utf8String        UTF8String      (SIZE (1..ub-locality-name)),
+      bmpString         BMPString       (SIZE (1..ub-locality-name)) }
+
+-- Naming attributes of type X520StateOrProvinceName
+
+id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+-- Naming attributes of type X520StateOrProvinceName:
+--   X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name))
+--
+-- Expanded to avoid parameterized type:
+X520StateOrProvinceName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-state-name)),
+      printableString   PrintableString (SIZE (1..ub-state-name)),
+      universalString   UniversalString (SIZE (1..ub-state-name)),
+      utf8String        UTF8String      (SIZE (1..ub-state-name)),
+      bmpString         BMPString       (SIZE (1..ub-state-name)) }
+
+-- Naming attributes of type X520OrganizationName
+
+id-at-organizationName  AttributeType ::= { id-at 10 }
+
+-- Naming attributes of type X520OrganizationName:
+--   X520OrganizationName ::=
+--          DirectoryName (SIZE (1..ub-organization-name))
+--
+-- Expanded to avoid parameterized type:
+X520OrganizationName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organization-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organization-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organization-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organization-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organization-name))  }
+
+-- Naming attributes of type X520OrganizationalUnitName
+
+id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+-- Naming attributes of type X520OrganizationalUnitName:
+--   X520OrganizationalUnitName ::=
+--          DirectoryName (SIZE (1..ub-organizational-unit-name))
+--
+-- Expanded to avoid parameterized type:
+X520OrganizationalUnitName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organizational-unit-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organizational-unit-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organizational-unit-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organizational-unit-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organizational-unit-name)) }
+
+-- Naming attributes of type X520Title
+
+id-at-title             AttributeType ::= { id-at 12 }
+
+-- Naming attributes of type X520Title:
+--   X520Title ::= DirectoryName (SIZE (1..ub-title))
+--
+-- Expanded to avoid parameterized type:
+X520Title ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-title)),
+      printableString   PrintableString (SIZE (1..ub-title)),
+      universalString   UniversalString (SIZE (1..ub-title)),
+      utf8String        UTF8String      (SIZE (1..ub-title)),
+      bmpString         BMPString       (SIZE (1..ub-title)) }
+
+-- Naming attributes of type X520dnQualifier
+
+id-at-dnQualifier       AttributeType ::= { id-at 46 }
+
+X520dnQualifier ::=     PrintableString
+
+-- Naming attributes of type X520countryName (digraph from IS 3166)
+
+id-at-countryName       AttributeType ::= { id-at 6 }
+
+X520countryName ::=     PrintableString (SIZE (2))
+
+-- Naming attributes of type X520SerialNumber
+
+id-at-serialNumber      AttributeType ::= { id-at 5 }
+
+X520SerialNumber ::=    PrintableString (SIZE (1..ub-serial-number))
+
+-- Naming attributes of type X520Pseudonym
+
+id-at-pseudonym         AttributeType ::= { id-at 65 }
+
+-- Naming attributes of type X520Pseudonym:
+--   X520Pseudonym ::= DirectoryName (SIZE (1..ub-pseudonym))
+--
+-- Expanded to avoid parameterized type:
+X520Pseudonym ::= CHOICE {
+   teletexString     TeletexString   (SIZE (1..ub-pseudonym)),
+   printableString   PrintableString (SIZE (1..ub-pseudonym)),
+   universalString   UniversalString (SIZE (1..ub-pseudonym)),
+   utf8String        UTF8String      (SIZE (1..ub-pseudonym)),
+   bmpString         BMPString       (SIZE (1..ub-pseudonym)) }
+
+-- Naming attributes of type DomainComponent (from RFC 4519)
+
+id-domainComponent   AttributeType ::= { 0 9 2342 19200300 100 1 25 }
+
+DomainComponent ::=  IA5String
+
+-- Legacy attributes
+
+pkcs-9 OBJECT IDENTIFIER ::=
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+
+id-emailAddress      AttributeType ::= { pkcs-9 1 }
+
+EmailAddress ::=     IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+      rdnSequence  RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::=   RDNSequence
+
+RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+      teletexString       TeletexString   (SIZE (1..MAX)),
+      printableString     PrintableString (SIZE (1..MAX)),
+      universalString     UniversalString (SIZE (1..MAX)),
+      utf8String          UTF8String      (SIZE (1..MAX)),
+      bmpString           BMPString       (SIZE (1..MAX)) }
+
+-- certificate and CRL specific structures begin here
+
+Certificate  ::=  SEQUENCE  {
+     tbsCertificate       TBSCertificate,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertificate  ::=  SEQUENCE  {
+     version         [0]  Version DEFAULT v1,
+     serialNumber         CertificateSerialNumber,
+     signature            AlgorithmIdentifier,
+     issuer               Name,
+     validity             Validity,
+     subject              Name,
+     subjectPublicKeyInfo SubjectPublicKeyInfo,
+     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     extensions      [3]  Extensions OPTIONAL
+                          -- If present, version MUST be v3 --  }
+
+Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+CertificateSerialNumber  ::=  INTEGER
+
+Validity ::= SEQUENCE {
+     notBefore      Time,
+     notAfter       Time  }
+
+Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+UniqueIdentifier  ::=  BIT STRING
+
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     algorithm            AlgorithmIdentifier,
+     subjectPublicKey     BIT STRING  }
+
+Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING
+                 -- contains the DER encoding of an ASN.1 value
+                 -- corresponding to the extension type identified
+                 -- by extnID
+     }
+
+-- CRL structures
+
+CertificateList  ::=  SEQUENCE  {
+     tbsCertList          TBSCertList,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertList  ::=  SEQUENCE  {
+     version                 Version OPTIONAL,
+                                   -- if present, MUST be v2
+     signature               AlgorithmIdentifier,
+     issuer                  Name,
+     thisUpdate              Time,
+     nextUpdate              Time OPTIONAL,
+     revokedCertificates     SEQUENCE OF SEQUENCE  {
+          userCertificate         CertificateSerialNumber,
+          revocationDate          Time,
+          crlEntryExtensions      Extensions OPTIONAL
+                                   -- if present, version MUST be v2
+                               }  OPTIONAL,
+     crlExtensions           [0] Extensions OPTIONAL }
+                                   -- if present, version MUST be v2
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+                                -- contains a value of the type
+                                -- registered for use with the
+                                -- algorithm object identifier value
+
+-- X.400 address syntax starts here
+
+ORAddress ::= SEQUENCE {
+   built-in-standard-attributes BuiltInStandardAttributes,
+   built-in-domain-defined-attributes
+                   BuiltInDomainDefinedAttributes OPTIONAL,
+   -- see also teletex-domain-defined-attributes
+   extension-attributes ExtensionAttributes OPTIONAL }
+
+-- Built-in Standard Attributes
+
+BuiltInStandardAttributes ::= SEQUENCE {
+   country-name                  CountryName OPTIONAL,
+   administration-domain-name    AdministrationDomainName OPTIONAL,
+   network-address           [0] IMPLICIT NetworkAddress OPTIONAL,
+     -- see also extended-network-address
+   terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL,
+   private-domain-name       [2] PrivateDomainName OPTIONAL,
+   organization-name         [3] IMPLICIT OrganizationName OPTIONAL,
+     -- see also teletex-organization-name
+   numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier
+                                 OPTIONAL,
+   personal-name             [5] IMPLICIT PersonalName OPTIONAL,
+     -- see also teletex-personal-name
+   organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+                                 OPTIONAL }
+     -- see also teletex-organizational-unit-names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+   x121-dcc-code         NumericString
+                           (SIZE (ub-country-name-numeric-length)),
+   iso-3166-alpha2-code  PrintableString
+                           (SIZE (ub-country-name-alpha-length)) }
+
+AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+   numeric   NumericString   (SIZE (0..ub-domain-name-length)),
+   printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+NetworkAddress ::= X121Address  -- see also extended-network-address
+
+X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
+
+PrivateDomainName ::= CHOICE {
+   numeric   NumericString   (SIZE (1..ub-domain-name-length)),
+   printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+OrganizationName ::= PrintableString
+                            (SIZE (1..ub-organization-name-length))
+  -- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+                            (SIZE (1..ub-numeric-user-id-length))
+
+PersonalName ::= SET {
+   surname     [0] IMPLICIT PrintableString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT PrintableString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT PrintableString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT PrintableString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+  -- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+                             OF OrganizationalUnitName
+  -- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+                    (1..ub-organizational-unit-name-length))
+
+-- Built-in Domain-defined Attributes
+
+BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+                    (1..ub-domain-defined-attributes) OF
+                    BuiltInDomainDefinedAttribute
+
+BuiltInDomainDefinedAttribute ::= SEQUENCE {
+   type PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-type-length)),
+   value PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-value-length)) }
+
+-- Extension Attributes
+
+ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+               ExtensionAttribute
+
+ExtensionAttribute ::=  SEQUENCE {
+   extension-attribute-type [0] IMPLICIT INTEGER
+                   (0..ub-extension-attributes),
+   extension-attribute-value [1]
+                   ANY DEFINED BY extension-attribute-type }
+
+-- Extension types and attribute values
+
+common-name INTEGER ::= 1
+
+CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
+
+teletex-common-name INTEGER ::= 2
+
+TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
+
+teletex-organization-name INTEGER ::= 3
+
+TeletexOrganizationName ::=
+                TeletexString (SIZE (1..ub-organization-name-length))
+
+teletex-personal-name INTEGER ::= 4
+
+TeletexPersonalName ::= SET {
+   surname     [0] IMPLICIT TeletexString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT TeletexString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT TeletexString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT TeletexString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+
+teletex-organizational-unit-names INTEGER ::= 5
+
+TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
+      (1..ub-organizational-units) OF TeletexOrganizationalUnitName
+
+TeletexOrganizationalUnitName ::= TeletexString
+                  (SIZE (1..ub-organizational-unit-name-length))
+
+pds-name INTEGER ::= 7
+
+PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
+
+physical-delivery-country-name INTEGER ::= 8
+
+PhysicalDeliveryCountryName ::= CHOICE {
+   x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
+   iso-3166-alpha2-code PrintableString
+                               (SIZE (ub-country-name-alpha-length)) }
+
+postal-code INTEGER ::= 9
+
+PostalCode ::= CHOICE {
+   numeric-code   NumericString (SIZE (1..ub-postal-code-length)),
+   printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+
+physical-delivery-office-name INTEGER ::= 10
+PhysicalDeliveryOfficeName ::= PDSParameter
+
+physical-delivery-office-number INTEGER ::= 11
+
+PhysicalDeliveryOfficeNumber ::= PDSParameter
+
+extension-OR-address-components INTEGER ::= 12
+
+ExtensionORAddressComponents ::= PDSParameter
+
+physical-delivery-personal-name INTEGER ::= 13
+
+PhysicalDeliveryPersonalName ::= PDSParameter
+
+physical-delivery-organization-name INTEGER ::= 14
+
+PhysicalDeliveryOrganizationName ::= PDSParameter
+
+extension-physical-delivery-address-components INTEGER ::= 15
+
+ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
+
+unformatted-postal-address INTEGER ::= 16
+
+UnformattedPostalAddress ::= SET {
+   printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+        OF PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
+   teletex-string TeletexString
+        (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+
+street-address INTEGER ::= 17
+
+StreetAddress ::= PDSParameter
+
+post-office-box-address INTEGER ::= 18
+
+PostOfficeBoxAddress ::= PDSParameter
+
+poste-restante-address INTEGER ::= 19
+
+PosteRestanteAddress ::= PDSParameter
+
+unique-postal-name INTEGER ::= 20
+
+UniquePostalName ::= PDSParameter
+
+local-postal-attributes INTEGER ::= 21
+
+LocalPostalAttributes ::= PDSParameter
+
+PDSParameter ::= SET {
+   printable-string PrintableString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+   teletex-string TeletexString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+extended-network-address INTEGER ::= 22
+
+ExtendedNetworkAddress ::= CHOICE {
+   e163-4-address SEQUENCE {
+      number      [0] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-number-length)),
+      sub-address [1] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-sub-address-length))
+                       OPTIONAL },
+   psap-address   [0] IMPLICIT PresentationAddress }
+
+PresentationAddress ::= SEQUENCE {
+    pSelector     [0] EXPLICIT OCTET STRING OPTIONAL,
+    sSelector     [1] EXPLICIT OCTET STRING OPTIONAL,
+    tSelector     [2] EXPLICIT OCTET STRING OPTIONAL,
+    nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+terminal-type  INTEGER ::= 23
+
+TerminalType ::= INTEGER {
+   telex        (3),
+   teletex      (4),
+   g3-facsimile (5),
+   g4-facsimile (6),
+   ia5-terminal (7),
+   videotex     (8) } (0..ub-integer-options)
+
+-- Extension Domain-defined Attributes
+
+teletex-domain-defined-attributes INTEGER ::= 6
+
+TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
+   (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
+
+TeletexDomainDefinedAttribute ::= SEQUENCE {
+        type TeletexString
+               (SIZE (1..ub-domain-defined-attribute-type-length)),
+        value TeletexString
+               (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+--  specifications of Upper Bounds MUST be regarded as mandatory
+--  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+--  Upper Bounds
+
+-- Upper Bounds
+ub-name INTEGER ::= 32768
+ub-common-name INTEGER ::= 64
+ub-locality-name INTEGER ::= 128
+ub-state-name INTEGER ::= 128
+ub-organization-name INTEGER ::= 64
+ub-organizational-unit-name INTEGER ::= 64
+ub-title INTEGER ::= 64
+ub-serial-number INTEGER ::= 64
+ub-match INTEGER ::= 128
+ub-emailaddress-length INTEGER ::= 255
+ub-common-name-length INTEGER ::= 64
+ub-country-name-alpha-length INTEGER ::= 2
+ub-country-name-numeric-length INTEGER ::= 3
+ub-domain-defined-attributes INTEGER ::= 4
+ub-domain-defined-attribute-type-length INTEGER ::= 8
+ub-domain-defined-attribute-value-length INTEGER ::= 128
+ub-domain-name-length INTEGER ::= 16
+ub-extension-attributes INTEGER ::= 256
+ub-e163-4-number-length INTEGER ::= 15
+ub-e163-4-sub-address-length INTEGER ::= 40
+ub-generation-qualifier-length INTEGER ::= 3
+ub-given-name-length INTEGER ::= 16
+ub-initials-length INTEGER ::= 5
+ub-integer-options INTEGER ::= 256
+ub-numeric-user-id-length INTEGER ::= 32
+ub-organization-name-length INTEGER ::= 64
+ub-organizational-unit-name-length INTEGER ::= 32
+ub-organizational-units INTEGER ::= 4
+ub-pds-name-length INTEGER ::= 16
+ub-pds-parameter-length INTEGER ::= 30
+ub-pds-physical-address-lines INTEGER ::= 6
+ub-postal-code-length INTEGER ::= 16
+ub-pseudonym INTEGER ::= 128
+ub-surname-length INTEGER ::= 40
+ub-terminal-id-length INTEGER ::= 24
+ub-unformatted-address-length INTEGER ::= 180
+ub-x121-address-length INTEGER ::= 16
+
+-- Note - upper bounds on string types, such as TeletexString, are
+-- measured in characters.  Excepting PrintableString or IA5String, a
+-- significantly greater number of octets will be required to hold
+-- such a value.  As a minimum, 16 octets, or twice the specified
+-- upper bound, whichever is the larger, should be allowed for
+-- TeletexString.  For UTF8String or UniversalString at least four
+-- times the upper bound should be allowed.
+
+END
diff --git a/krb5-1.21.3/src/tests/asn.1/reference_encode.out b/krb5-1.21.3/src/tests/asn.1/reference_encode.out
new file mode 100644
index 00000000..faa3dbab
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/reference_encode.out
@@ -0,0 +1,78 @@
+encode_krb5_authenticator: 62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_authenticator(optionals empty): 62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_authenticator(optionals NULL): 62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_ticket: 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_keyblock: 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38
+encode_krb5_enc_tkt_part: 63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_enc_tkt_part(optionals NULL): 63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_enc_kdc_rep_part: 7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_enc_kdc_rep_part(optionals NULL): 7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61
+encode_krb5_as_rep: 6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_as_rep(optionals NULL): 6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_rep: 6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_rep(optionals NULL): 6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_ap_req: 6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_ap_rep: 6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_ap_rep_enc_part: 7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11
+encode_krb5_ap_rep_enc_part(optionals NULL): 7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
+encode_krb5_as_req: 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_as_req(optionals NULL except second_ticket): 6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_as_req(optionals NULL except server): 6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01
+encode_krb5_tgs_req: 6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_req(optionals NULL except second_ticket): 6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_tgs_req(optionals NULL except server): 6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01
+encode_krb5_kdc_req_body: 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_kdc_req_body(optionals NULL except second_ticket): 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_kdc_req_body(optionals NULL except server): 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01
+encode_krb5_safe: 74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_safe(optionals NULL): 74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_priv: 75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_priv_part: 7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_enc_priv_part(optionals NULL): 7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_cred: 76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_cred_part: 7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_enc_cred_part(optionals NULL): 7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23
+encode_krb5_error: 7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_error(optionals NULL): 7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61
+encode_krb5_authorization_data: 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_padata_sequence: 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61
+encode_krb5_typed_data: 30 24 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61 30 10 A0 03 02 01 0D A1 09 04 07 70 61 2D 64 61 74 61
+encode_krb5_padata_sequence(empty): 30 00
+encode_krb5_etype_info: 30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32
+encode_krb5_etype_info(only 1): 30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30
+encode_krb5_etype_info(no info): 30 00
+encode_krb5_etype_info2: 30 51 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32
+encode_krb5_etype_info2(only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30
+encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
+encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
+encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(MSB-set kvno): 30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(kvno=-1): 30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_sam_challenge_2: 30 22 A0 0D 30 0B 04 09 63 68 61 6C 6C 65 6E 67 65 A1 11 30 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_sam_challenge_2_body: 30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 14
+encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 14 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
+encode_krb5_enc_sam_response_enc_2: 30 1F A0 03 02 01 58 A1 18 04 16 65 6E 63 5F 73 61 6D 5F 72 65 73 70 6F 6E 73 65 5F 65 6E 63 5F 32
+encode_krb5_pa_for_user: 30 4B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 0A 1B 08 6B 72 62 35 64 61 74 61
+encode_krb5_pa_s4u_x509_user: 30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_ad_kdcissued: 30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72
+encode_krb5_iakerb_header: 30 18 A1 0A 04 08 6B 72 62 35 64 61 74 61 A2 0A 04 08 6B 72 62 35 64 61 74 61
+encode_krb5_iakerb_finished: 30 11 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
+encode_krb5_fast_response: 30 81 9F A0 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 5B 30 59 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 03 02 01 2A
+encode_krb5_pa_fx_fast_reply: A0 29 30 27 A0 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_otp_tokeninfo(optionals NULL): 30 07 80 05 00 00 00 00 00
+encode_krb5_otp_tokeninfo: 30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8
+encode_krb5_pa_otp_challenge(optionals NULL): 30 15 80 08 6D 69 6E 6E 6F 6E 63 65 A2 09 30 07 80 05 00 00 00 00 00
+encode_krb5_pa_otp_challenge: 30 81 A5 80 08 6D 61 78 6E 6F 6E 63 65 81 0B 74 65 73 74 73 65 72 76 69 63 65 A2 7D 30 07 80 05 00 00 00 00 00 30 72 80 05 00 77 00 00 00 81 0B 45 78 61 6D 70 6C 65 63 6F 72 70 82 05 68 61 72 6B 21 83 01 0A 84 01 02 85 09 79 6F 75 72 74 6F 6B 65 6E 86 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 A7 16 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 07 06 05 2B 0E 03 02 1A 88 02 03 E8 83 07 6B 65 79 73 61 6C 74 84 04 31 32 33 34
+encode_krb5_pa_otp_req(optionals NULL): 30 2C 80 05 00 00 00 00 00 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_pa_otp_req: 30 81 B9 80 05 00 60 00 00 00 81 05 6E 6F 6E 63 65 A2 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 0B 06 09 60 86 48 01 65 03 04 02 01 84 02 03 E8 85 05 66 72 6F 67 73 86 0A 6D 79 66 69 72 73 74 70 69 6E 87 05 68 61 72 6B 21 88 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 89 03 33 34 36 8A 01 02 8B 09 79 6F 75 72 74 6F 6B 65 6E 8C 28 75 72 6E 3A 69 65 74 66 3A 70 61 72 61 6D 73 3A 78 6D 6C 3A 6E 73 3A 6B 65 79 70 72 6F 76 3A 70 73 6B 63 3A 68 6F 74 70 8D 0B 45 78 61 6D 70 6C 65 63 6F 72 70
+encode_krb5_pa_otp_enc_req: 30 0A 80 08 6B 72 62 35 64 61 74 61
+encode_krb5_kkdcp_message: 30 82 01 FC A0 82 01 EC 04 82 01 E8 6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 98 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A1 0A 1B 08 6B 72 62 35 64 61 74 61
+encode_krb5_cammac(optionals NULL): 30 12 A0 10 30 0E 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31
+encode_krb5_cammac: 30 81 F2 A0 1E 30 1C 30 0C A0 03 02 01 01 A1 05 04 03 61 64 31 30 0C A0 03 02 01 02 A1 05 04 03 61 64 32 A1 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 6B 64 63 A2 3D 30 3B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 13 30 11 A0 03 02 01 01 A1 0A 04 08 63 6B 73 75 6D 73 76 63 A3 52 30 50 30 13 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 31 30 39 A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 03 02 01 05 A2 03 02 01 10 A3 11 30 0F A0 03 02 01 01 A1 08 04 06 63 6B 73 75 6D 32
+encode_krb5_secure_cookie: 30 2C 02 04 2D F8 02 25 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61
+encode_krb5_spake_factor(optionals NULL): 30 05 A0 03 02 01 01
+encode_krb5_spake_factor: 30 0E A0 03 02 01 02 A1 07 04 05 66 64 61 74 61
+encode_krb5_pa_spake(support): A0 0C 30 0A A0 08 30 06 02 01 01 02 01 02
+encode_krb5_pa_spake(challenge): A1 2D 30 2B A0 03 02 01 01 A1 09 04 07 54 20 76 61 6C 75 65 A2 19 30 17 30 05 A0 03 02 01 01 30 0E A0 03 02 01 02 A1 07 04 05 66 64 61 74 61
+encode_krb5_pa_spake(response): A2 34 30 32 A0 09 04 07 53 20 76 61 6C 75 65 A1 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_pa_spake(encdata): A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
diff --git a/krb5-1.21.3/src/tests/asn.1/spake.asn1 b/krb5-1.21.3/src/tests/asn.1/spake.asn1
new file mode 100644
index 00000000..50718d8a
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/spake.asn1
@@ -0,0 +1,44 @@
+KerberosV5SPAKE {
+        iso(1) identified-organization(3) dod(6) internet(1)
+        security(5) kerberosV5(2) modules(4) spake(8)
+} DEFINITIONS EXPLICIT TAGS ::= BEGIN
+
+IMPORTS
+    EncryptedData, Int32
+      FROM KerberosV5Spec2 { iso(1) identified-organization(3)
+        dod(6) internet(1) security(5) kerberosV5(2) modules(4)
+        krb5spec2(2) };
+        -- as defined in RFC 4120.
+
+SPAKESupport ::= SEQUENCE {
+    groups      [0] SEQUENCE (SIZE(1..MAX)) OF Int32,
+    ...
+}
+
+SPAKEChallenge ::= SEQUENCE {
+    group       [0] Int32,
+    pubkey      [1] OCTET STRING,
+    factors     [2] SEQUENCE (SIZE(1..MAX)) OF SPAKESecondFactor,
+    ...
+}
+
+SPAKESecondFactor ::= SEQUENCE {
+    type        [0] Int32,
+    data        [1] OCTET STRING OPTIONAL
+}
+
+SPAKEResponse ::= SEQUENCE {
+    pubkey      [0] OCTET STRING,
+    factor      [1] EncryptedData, -- SPAKESecondFactor
+    ...
+}
+
+PA-SPAKE ::= CHOICE {
+    support     [0] SPAKESupport,
+    challenge   [1] SPAKEChallenge,
+    response    [2] SPAKEResponse,
+    encdata     [3] EncryptedData,
+    ...
+}
+
+END
diff --git a/krb5-1.21.3/src/tests/asn.1/t_trval.c b/krb5-1.21.3/src/tests/asn.1/t_trval.c
new file mode 100644
index 00000000..57d82538
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/t_trval.c
@@ -0,0 +1,107 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1992,1993 Trusted Information Systems, Inc.
+ *
+ * Permission to include this software in the Kerberos V5 distribution
+ * was graciously provided by Trusted Information Systems.
+ *
+ * Trusted Information Systems makes no representation about the
+ * suitability of this software for any purpose.  It is provided
+ * "as is" without express or implied warranty.
+ *
+ * Copyright (C) 1994 Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Split out from "#ifdef STANDALONE" code previously in trval.c, so
+   that trval.o could be linked into other tests too without the
+   -DSTANDALONE code.  */
+#include "trval.c"
+
+static void usage()
+{
+    fprintf(stderr, "Usage: trval [--types] [--krb5] [--krb5decode] [--hex] [-notypebytes] [file]\n");
+    exit(1);
+}
+
+/*
+ * Returns true if the option was selected.  Allow "-option" and
+ * "--option" syntax, since we used to accept only "-option"
+ */
+static
+int check_option(word, option)
+    char *word;
+    char *option;
+{
+    if (word[0] != '-')
+        return 0;
+    if (word[1] == '-')
+        word++;
+    if (strcmp(word+1, option))
+        return 0;
+    return 1;
+}
+
+int main(argc, argv)
+    int argc;
+    char **argv;
+{
+    int optflg = 1;
+    FILE *fp;
+    int r = 0;
+
+    while (--argc > 0) {
+        argv++;
+        if (optflg && *(argv)[0] == '-') {
+            if (check_option(*argv, "help"))
+                usage();
+            else if (check_option(*argv, "types"))
+                print_types = 1;
+            else if (check_option(*argv, "notypes"))
+                print_types = 0;
+            else if (check_option(*argv, "krb5"))
+                print_krb5_types = 1;
+            else if (check_option(*argv, "hex"))
+                do_hex = 1;
+            else if (check_option(*argv, "notypebytes"))
+                print_id_and_len = 0;
+            else if (check_option(*argv, "krb5decode")) {
+                print_id_and_len = 0;
+                print_krb5_types = 1;
+                print_types = 1;
+            } else {
+                fprintf(stderr,"trval: unknown option: %s\n", *argv);
+                usage();
+            }
+        } else {
+            optflg = 0;
+            if ((fp = fopen(*argv,"r")) == NULL) {
+                fprintf(stderr,"trval: unable to open %s\n", *argv);
+                continue;
+            }
+            r = trval(fp, stdout);
+            fclose(fp);
+        }
+    }
+    if (optflg) r = trval(stdin, stdout);
+
+    exit(r);
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/trval.c b/krb5-1.21.3/src/tests/asn.1/trval.c
new file mode 100644
index 00000000..c14bcdeb
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/trval.c
@@ -0,0 +1,769 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1992,1993 Trusted Information Systems, Inc.
+ *
+ * Permission to include this software in the Kerberos V5 distribution
+ * was graciously provided by Trusted Information Systems.
+ *
+ * Trusted Information Systems makes no representation about the
+ * suitability of this software for any purpose.  It is provided
+ * "as is" without express or implied warranty.
+ */
+/*
+ * Copyright (C) 1994 Massachusetts Institute of Technology
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*****************************************************************************
+ * trval.c.c
+ *****************************************************************************/
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+
+#define OK 0
+#define NOTOK (-1)
+
+/* IDENTIFIER OCTET = TAG CLASS | FORM OF ENCODING | TAG NUMBER */
+
+/* TAG CLASSES */
+#define ID_CLASS   0xc0         /* bits 8 and 7 */
+#define CLASS_UNIV 0x00         /* 0 = universal */
+#define CLASS_APPL 0x40         /* 1 = application */
+#define CLASS_CONT 0x80         /* 2 = context-specific */
+#define CLASS_PRIV 0xc0         /* 3 = private */
+
+/* FORM OF ENCODING */
+#define ID_FORM   0x20          /* bit 6 */
+#define FORM_PRIM 0x00          /* 0 = primitive */
+#define FORM_CONS 0x20          /* 1 = constructed */
+
+/* TAG NUMBERS */
+#define ID_TAG    0x1f          /* bits 5-1 */
+#define PRIM_BOOL 0x01          /* Boolean */
+#define PRIM_INT  0x02          /* Integer */
+#define PRIM_BITS 0x03          /* Bit String */
+#define PRIM_OCTS 0x04          /* Octet String */
+#define PRIM_NULL 0x05          /* Null */
+#define PRIM_OID  0x06          /* Object Identifier */
+#define PRIM_ODE  0x07          /* Object Descriptor */
+#define CONS_EXTN 0x08          /* External */
+#define PRIM_REAL 0x09          /* Real */
+#define PRIM_ENUM 0x0a          /* Enumerated type */
+#define PRIM_ENCR 0x0b          /* Encrypted */
+#define CONS_SEQ  0x10          /* SEQUENCE/SEQUENCE OF */
+#define CONS_SET  0x11          /* SET/SET OF */
+#define DEFN_NUMS 0x12          /* Numeric String */
+#define DEFN_PRTS 0x13          /* Printable String */
+#define DEFN_T61S 0x14          /* T.61 String */
+#define DEFN_VTXS 0x15          /* Videotex String */
+#define DEFN_IA5S 0x16          /* IA5 String */
+#define DEFN_UTCT 0x17          /* UTCTime */
+#define DEFN_GENT 0x18          /* Generalized Time */
+#define DEFN_GFXS 0x19          /* Graphics string (ISO2375) */
+#define DEFN_VISS 0x1a          /* Visible string */
+#define DEFN_GENS 0x1b          /* General string */
+#define DEFN_CHRS 0x1c          /* Character string */
+
+#define LEN_XTND        0x80    /* long or indefinite form */
+#define LEN_SMAX        127     /* largest short form */
+#define LEN_MASK        0x7f    /* mask to get number of bytes in length */
+#define LEN_INDF        (-1)    /* indefinite length */
+
+#define KRB5    /* Do krb5 application types */
+
+int print_types = 0;
+int print_id_and_len = 1;
+int print_constructed_length = 1;
+int print_primitive_length = 1;
+int print_skip_context = 0;
+int print_skip_tagnum = 1;
+int print_context_shortcut = 0;
+int do_hex = 0;
+#ifdef KRB5
+int print_krb5_types = 0;
+#endif
+
+int current_appl_type = -1;
+
+int decode_len (FILE *, unsigned char *, int);
+int do_prim (FILE *, int, unsigned char *, int, int);
+int do_cons (FILE *, unsigned char *, int, int, int *);
+int do_prim_bitstring (FILE *, int, unsigned char *, int, int);
+int do_prim_int (FILE *, int, unsigned char *, int, int);
+int do_prim_string (FILE *, int, unsigned char *, int, int);
+void print_tag_type (FILE *, int, int);
+int trval (FILE *, FILE *);
+int trval2 (FILE *, unsigned char *, int, int, int *);
+
+
+/****************************************************************************/
+
+static int convert_nibble(int ch)
+{
+    if (isdigit(ch))
+        return (ch - '0');
+    if (ch >= 'a' && ch <= 'f')
+        return (ch - 'a' + 10);
+    if (ch >= 'A' && ch <= 'F')
+        return (ch - 'A' + 10);
+    return -1;
+}
+
+int trval(fin, fout)
+    FILE        *fin;
+    FILE        *fout;
+{
+    unsigned char *p;
+    unsigned int maxlen;
+    int len;
+    int cc, cc2, n1, n2;
+    int r;
+    int rlen;
+
+    maxlen = BUFSIZ;
+    p = (unsigned char *)malloc(maxlen);
+    len = 0;
+    while ((cc = fgetc(fin)) != EOF) {
+        if ((unsigned int) len == maxlen) {
+            maxlen += BUFSIZ;
+            p = (unsigned char *)realloc(p, maxlen);
+        }
+        if (do_hex) {
+            if (cc == ' ' || cc == '\n' || cc == '\t')
+                continue;
+            cc2 = fgetc(fin);
+            if (cc2 == EOF)
+                break;
+            n1 = convert_nibble(cc);
+            n2 = convert_nibble(cc2);
+            cc = (n1 << 4) + n2;
+        }
+        p[len++] = cc;
+    }
+    fprintf(fout, "<%d>", len);
+    r = trval2(fout, p, len, 0, &rlen);
+    fprintf(fout, "\n");
+    (void) free(p);
+    return(r);
+}
+
+int trval2(fp, enc, len, lev, rlen)
+    FILE *fp;
+    unsigned char *enc;
+    int len;
+    int lev;
+    int *rlen;
+{
+    int l, eid, elen, xlen, r, rlen2 = 0;
+    int rlen_ext = 0;
+
+    r = OK;
+    *rlen = -1;
+
+    if (len < 2) {
+        fprintf(fp, "missing id and length octets (%d)\n", len);
+        return(NOTOK);
+    }
+
+    fprintf(fp, "\n");
+    for (l=0; l<lev; l++) fprintf(fp, ".  ");
+
+context_restart:
+    eid = enc[0];
+    elen = enc[1];
+
+    if (print_id_and_len) {
+        fprintf(fp, "%02x ", eid);
+        fprintf(fp, "%02x ", elen);
+    }
+
+    if (elen == LEN_XTND) {
+        fprintf(fp,
+                "indefinite length encoding not implemented (0x%02x)\n", elen);
+        return(NOTOK);
+    }
+
+    xlen = 0;
+    if (elen & LEN_XTND) {
+        xlen = elen & LEN_MASK;
+        if (xlen > len - 2) {
+            fprintf(fp, "extended length too long (%d > %d - 2)\n", xlen, len);
+            return(NOTOK);
+        }
+        elen = decode_len(fp, enc+2, xlen);
+    }
+
+    if (elen > len - 2 - xlen) {
+        fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen);
+        return(NOTOK);
+    }
+
+    print_tag_type(fp, eid, lev);
+
+    if (print_context_shortcut && (eid & ID_CLASS) == CLASS_CONT &&
+        (eid & ID_FORM) == FORM_CONS && lev > 0) {
+        rlen_ext += 2 + xlen;
+        enc += 2 + xlen;
+        fprintf(fp, " ");
+        goto context_restart;
+    }
+
+    switch(eid & ID_FORM) {
+    case FORM_PRIM:
+        r = do_prim(fp, eid & ID_TAG, enc+2+xlen, elen, lev+1);
+        *rlen = 2 + xlen + elen + rlen_ext;
+        break;
+    case FORM_CONS:
+        if (print_constructed_length) {
+            fprintf(fp, " constr");
+            fprintf(fp, " <%d>", elen);
+        }
+        r = do_cons(fp, enc+2+xlen, elen, lev+1, &rlen2);
+        *rlen = 2 + xlen + rlen2 + rlen_ext;
+        break;
+    }
+
+    return(r);
+}
+
+int decode_len(fp, enc, len)
+    FILE *fp;
+    unsigned char *enc;
+    int len;
+{
+    int rlen;
+    int i;
+
+    if (print_id_and_len)
+        fprintf(fp, "%02x ", enc[0]);
+    rlen = enc[0];
+    for (i=1; i<len; i++) {
+        if (print_id_and_len)
+            fprintf(fp, "%02x ", enc[i]);
+        rlen = (rlen * 0x100) + enc[i];
+    }
+    return(rlen);
+}
+
+/*
+ * This is the printing function for bit strings
+ */
+int do_prim_bitstring(fp, tag, enc, len, lev)
+    FILE *fp;
+    int tag;
+    unsigned char *enc;
+    int len;
+    int lev;
+{
+    int i;
+    long        num = 0;
+
+    if (tag != PRIM_BITS || len > 5)
+        return 0;
+
+    for (i=1; i < len; i++) {
+        num = num << 8;
+        num += enc[i];
+    }
+
+    fprintf(fp, " 0x%lx", num);
+    if (enc[0])
+        fprintf(fp, " (%d unused bits)", enc[0]);
+    return 1;
+}
+
+/*
+ * This is the printing function for integers
+ */
+int do_prim_int(fp, tag, enc, len, lev)
+    FILE *fp;
+    int tag;
+    unsigned char *enc;
+    int len;
+    int lev;
+{
+    int i;
+    long        num = 0;
+
+    if (tag != PRIM_INT || len > 4)
+        return 0;
+
+    if (enc[0] & 0x80)
+        num = -1;
+
+    for (i=0; i < len; i++) {
+        num = num << 8;
+        num += enc[i];
+    }
+
+    fprintf(fp, " %ld", num);
+    return 1;
+}
+
+
+/*
+ * This is the printing function which we use if it's a string or
+ * other other type which is best printed as a string
+ */
+int do_prim_string(fp, tag, enc, len, lev)
+    FILE *fp;
+    int tag;
+    unsigned char *enc;
+    int len;
+    int lev;
+{
+    int i;
+
+    /*
+     * Only try this printing function with "reasonable" types
+     */
+    if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS))
+        return 0;
+
+    for (i=0; i < len; i++)
+        if (!isprint(enc[i]))
+            return 0;
+    fprintf(fp, " \"%.*s\"", len, enc);
+    return 1;
+}
+
+int do_prim(fp, tag, enc, len, lev)
+    FILE *fp;
+    int tag;
+    unsigned char *enc;
+    int len;
+    int lev;
+{
+    int n;
+    int i;
+    int j;
+    int width;
+
+    if (do_prim_string(fp, tag, enc, len, lev))
+        return OK;
+    if (do_prim_int(fp, tag, enc, len, lev))
+        return OK;
+    if (do_prim_bitstring(fp, tag, enc, len, lev))
+        return OK;
+
+    if (print_primitive_length)
+        fprintf(fp, " <%d>", len);
+
+    width = (80 - (lev * 3) - 8) / 4;
+
+    for (n = 0; n < len; n++) {
+        if ((n % width) == 0) {
+            fprintf(fp, "\n");
+            for (i=0; i<lev; i++) fprintf(fp, "   ");
+        }
+        fprintf(fp, "%02x ", enc[n]);
+        if ((n % width) == (width-1)) {
+            fprintf(fp, "    ");
+            for (i=n-(width-1); i<=n; i++)
+                if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
+                else fprintf(fp, ".");
+        }
+    }
+    if ((j = (n % width)) != 0) {
+        fprintf(fp, "    ");
+        for (i=0; i<width-j; i++) fprintf(fp, "   ");
+        for (i=n-j; i<n; i++)
+            if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
+            else fprintf(fp, ".");
+    }
+    return(OK);
+}
+
+int do_cons(fp, enc, len, lev, rlen)
+    FILE *fp;
+    unsigned char *enc;
+    int len;
+    int lev;
+    int *rlen;
+{
+    int n;
+    int r = 0;
+    int rlen2;
+    int rlent;
+    int save_appl;
+
+    save_appl = current_appl_type;
+    for (n = 0, rlent = 0; n < len; n+=rlen2, rlent+=rlen2) {
+        r = trval2(fp, enc+n, len-n, lev, &rlen2);
+        current_appl_type = save_appl;
+        if (r != OK) return(r);
+    }
+    if (rlent != len) {
+        fprintf(fp, "inconsistent constructed lengths (%d != %d)\n",
+                rlent, len);
+        return(NOTOK);
+    }
+    *rlen = rlent;
+    return(r);
+}
+
+struct typestring_table {
+    int k1, k2;
+    char        *str;
+    int new_appl;
+};
+
+static char *lookup_typestring(table, key1, key2)
+    struct typestring_table *table;
+    int key1, key2;
+{
+    struct typestring_table *ent;
+
+    for (ent = table; ent->k1 > 0; ent++) {
+        if ((ent->k1 == key1) &&
+            (ent->k2 == key2)) {
+            if (ent->new_appl)
+                current_appl_type = ent->new_appl;
+            return ent->str;
+        }
+    }
+    return 0;
+}
+
+
+struct typestring_table univ_types[] = {
+    { PRIM_BOOL, -1, "Boolean"},
+    { PRIM_INT, -1, "Integer"},
+    { PRIM_BITS, -1, "Bit String"},
+    { PRIM_OCTS, -1, "Octet String"},
+    { PRIM_NULL, -1, "Null"},
+    { PRIM_OID, -1, "Object Identifier"},
+    { PRIM_ODE, -1, "Object Descriptor"},
+    { CONS_EXTN, -1, "External"},
+    { PRIM_REAL, -1, "Real"},
+    { PRIM_ENUM, -1, "Enumerated type"},
+    { PRIM_ENCR, -1, "Encrypted"},
+    { CONS_SEQ, -1, "Sequence/Sequence Of"},
+    { CONS_SET, -1, "Set/Set Of"},
+    { DEFN_NUMS, -1, "Numeric String"},
+    { DEFN_PRTS, -1, "Printable String"},
+    { DEFN_T61S, -1, "T.61 String"},
+    { DEFN_VTXS, -1, "Videotex String"},
+    { DEFN_IA5S, -1, "IA5 String"},
+    { DEFN_UTCT, -1, "UTCTime"},
+    { DEFN_GENT, -1, "Generalized Time"},
+    { DEFN_GFXS, -1, "Graphics string (ISO2375)"},
+    { DEFN_VISS, -1, "Visible string"},
+    { DEFN_GENS, -1, "General string"},
+    { DEFN_CHRS, -1, "Character string"},
+    { -1, -1, 0}
+};
+
+#ifdef KRB5
+struct typestring_table krb5_types[] = {
+    { 1, -1, "Krb5 Ticket"},
+    { 2, -1, "Krb5 Authenticator"},
+    { 3, -1, "Krb5 Encrypted ticket part"},
+    { 10, -1, "Krb5 AS-REQ packet"},
+    { 11, -1, "Krb5 AS-REP packet"},
+    { 12, -1, "Krb5 TGS-REQ packet"},
+    { 13, -1, "Krb5 TGS-REP packet"},
+    { 14, -1, "Krb5 AP-REQ packet"},
+    { 15, -1, "Krb5 AP-REP packet"},
+    { 20, -1, "Krb5 SAFE packet"},
+    { 21, -1, "Krb5 PRIV packet"},
+    { 22, -1, "Krb5 CRED packet"},
+    { 30, -1, "Krb5 ERROR packet"},
+    { 25, -1, "Krb5 Encrypted AS-REP part"},
+    { 26, -1, "Krb5 Encrypted TGS-REP part"},
+    { 27, -1, "Krb5 Encrypted AP-REP part"},
+    { 28, -1, "Krb5 Encrypted PRIV part"},
+    { 29, -1, "Krb5 Encrypted CRED part"},
+    { -1, -1, 0}
+};
+
+struct typestring_table krb5_fields[] = {
+    { 1000, 0, "name-type"}, /* PrincipalName */
+    { 1000, 1, "name-string"},
+
+    { 1001, 0, "etype"},        /* Encrypted data */
+    { 1001, 1, "kvno"},
+    { 1001, 2, "cipher"},
+
+    { 1002, 0, "addr-type"},    /* HostAddress */
+    { 1002, 1, "address"},
+
+    { 1003, 0, "addr-type"},    /* HostAddresses */
+    { 1003, 1, "address"},
+
+    { 1004, 0, "ad-type"},      /* AuthorizationData */
+    { 1004, 1, "ad-data"},
+
+    { 1005, 0, "keytype"},      /* EncryptionKey */
+    { 1005, 1, "keyvalue"},
+
+    { 1006, 0, "cksumtype"},    /* Checksum */
+    { 1006, 1, "checksum"},
+
+    { 1007, 0, "kdc-options"},  /* KDC-REQ-BODY */
+    { 1007, 1, "cname", 1000},
+    { 1007, 2, "realm"},
+    { 1007, 3, "sname", 1000},
+    { 1007, 4, "from"},
+    { 1007, 5, "till"},
+    { 1007, 6, "rtime"},
+    { 1007, 7, "nonce"},
+    { 1007, 8, "etype"},
+    { 1007, 9, "addresses", 1003},
+    { 1007, 10, "enc-authorization-data", 1001},
+    { 1007, 11, "additional-tickets"},
+
+    { 1008, 1, "padata-type"},  /* PA-DATA */
+    { 1008, 2, "pa-data"},
+
+    { 1009, 0, "user-data"},    /* KRB-SAFE-BODY */
+    { 1009, 1, "timestamp"},
+    { 1009, 2, "usec"},
+    { 1009, 3, "seq-number"},
+    { 1009, 4, "s-address", 1002},
+    { 1009, 5, "r-address", 1002},
+
+    { 1010, 0, "lr-type"},      /* LastReq */
+    { 1010, 1, "lr-value"},
+
+    { 1011, 0, "key", 1005},    /* KRB-CRED-INFO */
+    { 1011, 1, "prealm"},
+    { 1011, 2, "pname", 1000},
+    { 1011, 3, "flags"},
+    { 1011, 4, "authtime"},
+    { 1011, 5, "startime"},
+    { 1011, 6, "endtime"},
+    { 1011, 7, "renew-till"},
+    { 1011, 8, "srealm"},
+    { 1011, 9, "sname", 1000},
+    { 1011, 10, "caddr", 1002},
+
+    { 1, 0, "tkt-vno"}, /* Ticket */
+    { 1, 1, "realm"},
+    { 1, 2, "sname", 1000},
+    { 1, 3, "tkt-enc-part", 1001},
+
+    { 2, 0, "authenticator-vno"}, /* Authenticator */
+    { 2, 1, "crealm"},
+    { 2, 2, "cname", 1000},
+    { 2, 3, "cksum", 1006},
+    { 2, 4, "cusec"},
+    { 2, 5, "ctime"},
+    { 2, 6, "subkey", 1005},
+    { 2, 7, "seq-number"},
+    { 2, 8, "authorization-data", 1004},
+
+    { 3, 0, "flags"}, /* EncTicketPart */
+    { 3, 1, "key", 1005},
+    { 3, 2, "crealm"},
+    { 3, 3, "cname", 1000},
+    { 3, 4, "transited"},
+    { 3, 5, "authtime"},
+    { 3, 6, "starttime"},
+    { 3, 7, "endtime"},
+    { 3, 8, "renew-till"},
+    { 3, 9, "caddr", 1003},
+    { 3, 10, "authorization-data", 1004},
+
+    { 10, 1, "pvno"},   /* AS-REQ */
+    { 10, 2, "msg-type"},
+    { 10, 3, "padata", 1008},
+    { 10, 4, "req-body", 1007},
+
+    { 11, 0, "pvno"},   /* AS-REP */
+    { 11, 1, "msg-type"},
+    { 11, 2, "padata", 1008},
+    { 11, 3, "crealm"},
+    { 11, 4, "cname", 1000},
+    { 11, 5, "ticket"},
+    { 11, 6, "enc-part", 1001},
+
+    { 12, 1, "pvno"},   /* TGS-REQ */
+    { 12, 2, "msg-type"},
+    { 12, 3, "padata", 1008},
+    { 12, 4, "req-body", 1007},
+
+    { 13, 0, "pvno"},   /* TGS-REP */
+    { 13, 1, "msg-type"},
+    { 13, 2, "padata", 1008},
+    { 13, 3, "crealm"},
+    { 13, 4, "cname", 1000},
+    { 13, 5, "ticket"},
+    { 13, 6, "enc-part", 1001},
+
+    { 14, 0, "pvno"},   /* AP-REQ */
+    { 14, 1, "msg-type"},
+    { 14, 2, "ap-options"},
+    { 14, 3, "ticket"},
+    { 14, 4, "authenticator", 1001},
+
+    { 15, 0, "pvno"},   /* AP-REP */
+    { 15, 1, "msg-type"},
+    { 15, 2, "enc-part", 1001},
+
+    { 20, 0, "pvno"},   /* KRB-SAFE */
+    { 20, 1, "msg-type"},
+    { 20, 2, "safe-body", 1009},
+    { 20, 3, "cksum", 1006},
+
+    { 21, 0, "pvno"},   /* KRB-PRIV */
+    { 21, 1, "msg-type"},
+    { 21, 2, "enc-part", 1001},
+
+    { 22, 0, "pvno"},   /* KRB-CRED */
+    { 22, 1, "msg-type"},
+    { 22, 2, "tickets"},
+    { 22, 3, "enc-part", 1001},
+
+    { 25, 0, "key", 1005},      /* EncASRepPart */
+    { 25, 1, "last-req", 1010},
+    { 25, 2, "nonce"},
+    { 25, 3, "key-expiration"},
+    { 25, 4, "flags"},
+    { 25, 5, "authtime"},
+    { 25, 6, "starttime"},
+    { 25, 7, "enddtime"},
+    { 25, 8, "renew-till"},
+    { 25, 9, "srealm"},
+    { 25, 10, "sname", 1000},
+    { 25, 11, "caddr", 1003},
+
+    { 26, 0, "key", 1005},      /* EncTGSRepPart */
+    { 26, 1, "last-req", 1010},
+    { 26, 2, "nonce"},
+    { 26, 3, "key-expiration"},
+    { 26, 4, "flags"},
+    { 26, 5, "authtime"},
+    { 26, 6, "starttime"},
+    { 26, 7, "enddtime"},
+    { 26, 8, "renew-till"},
+    { 26, 9, "srealm"},
+    { 26, 10, "sname", 1000},
+    { 26, 11, "caddr", 1003},
+
+    { 27, 0, "ctime"},  /* EncApRepPart */
+    { 27, 1, "cusec"},
+    { 27, 2, "subkey", 1005},
+    { 27, 3, "seq-number"},
+
+    { 28, 0, "user-data"},      /* EncKrbPrivPart */
+    { 28, 1, "timestamp"},
+    { 28, 2, "usec"},
+    { 28, 3, "seq-number"},
+    { 28, 4, "s-address", 1002},
+    { 28, 5, "r-address", 1002},
+
+    { 29, 0, "ticket-info", 1011},      /* EncKrbCredPart */
+    { 29, 1, "nonce"},
+    { 29, 2, "timestamp"},
+    { 29, 3, "usec"},
+    { 29, 4, "s-address", 1002},
+    { 29, 5, "r-address", 1002},
+
+    { 30, 0, "pvno"},   /* KRB-ERROR */
+    { 30, 1, "msg-type"},
+    { 30, 2, "ctime"},
+    { 30, 3, "cusec"},
+    { 30, 4, "stime"},
+    { 30, 5, "susec"},
+    { 30, 6, "error-code"},
+    { 30, 7, "crealm"},
+    { 30, 8, "cname", 1000},
+    { 30, 9, "realm"},
+    { 30, 10, "sname", 1000},
+    { 30, 11, "e-text"},
+    { 30, 12, "e-data"},
+
+    { -1, -1, 0}
+};
+#endif
+
+void print_tag_type(fp, eid, lev)
+    FILE *fp;
+    int     eid;
+    int     lev;
+{
+    int tag = eid & ID_TAG;
+    int do_space = 1;
+    char        *str;
+
+    fprintf(fp, "[");
+
+    switch(eid & ID_CLASS) {
+    case CLASS_UNIV:
+        if (print_types && print_skip_tagnum)
+            do_space = 0;
+        else
+            fprintf(fp, "UNIV %d", tag);
+        break;
+    case CLASS_APPL:
+        current_appl_type = tag;
+#ifdef KRB5
+        if (print_krb5_types) {
+            str = lookup_typestring(krb5_types, tag, -1);
+            if (str) {
+                fputs(str, fp);
+                break;
+            }
+        }
+#endif
+        fprintf(fp, "APPL %d", tag);
+        break;
+    case CLASS_CONT:
+#ifdef KRB5
+        if (print_krb5_types && current_appl_type) {
+            str = lookup_typestring(krb5_fields,
+                                    current_appl_type, tag);
+            if (str) {
+                fputs(str, fp);
+                break;
+            }
+        }
+#endif
+        if (print_skip_context && lev)
+            fprintf(fp, "%d", tag);
+        else
+            fprintf(fp, "CONT %d", tag);
+        break;
+    case CLASS_PRIV:
+        fprintf(fp, "PRIV %d", tag);
+        break;
+    }
+
+    if (print_types && ((eid & ID_CLASS) == CLASS_UNIV)) {
+        if (do_space)
+            fputs(" ", fp);
+        str = lookup_typestring(univ_types, eid & ID_TAG, -1);
+        if (str)
+            fputs(str, fp);
+        else
+            fprintf(fp, "UNIV %d???", eid & ID_TAG);
+    }
+
+    fprintf(fp, "]");
+
+}
+
+/*****************************************************************************/
diff --git a/krb5-1.21.3/src/tests/asn.1/trval_reference.out b/krb5-1.21.3/src/tests/asn.1/trval_reference.out
new file mode 100644
index 00000000..9bedad49
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/trval_reference.out
@@ -0,0 +1,1587 @@
+encode_krb5_authenticator:
+
+[Krb5 Authenticator]
+.  [Sequence/Sequence Of]
+.  .  [authenticator-vno] [Integer] 5
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [cksum] [Sequence/Sequence Of]
+.  .  .  [cksumtype] [Integer] 1
+.  .  .  [checksum] [Octet String] "1234"
+.  .  [cusec] [Integer] 123456
+.  .  [ctime] [Generalized Time] "19940610060317Z"
+.  .  [subkey] [Sequence/Sequence Of]
+.  .  .  [keytype] [Integer] 1
+.  .  .  [keyvalue] [Octet String] "12345678"
+.  .  [seq-number] [Integer] 17
+.  .  [authorization-data] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [ad-type] [Integer] 1
+.  .  .  .  [ad-data] [Octet String] "foobar"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [ad-type] [Integer] 1
+.  .  .  .  [ad-data] [Octet String] "foobar"
+
+encode_krb5_authenticator(optionals empty):
+
+[Krb5 Authenticator]
+.  [Sequence/Sequence Of]
+.  .  [authenticator-vno] [Integer] 5
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [cusec] [Integer] 123456
+.  .  [ctime] [Generalized Time] "19940610060317Z"
+
+encode_krb5_authenticator(optionals NULL):
+
+[Krb5 Authenticator]
+.  [Sequence/Sequence Of]
+.  .  [authenticator-vno] [Integer] 5
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [cusec] [Integer] 123456
+.  .  [ctime] [Generalized Time] "19940610060317Z"
+
+encode_krb5_ticket:
+
+[Krb5 Ticket]
+.  [Sequence/Sequence Of]
+.  .  [tkt-vno] [Integer] 5
+.  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  [sname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_keyblock:
+
+[Sequence/Sequence Of]
+.  [keytype] [Integer] 1
+.  [keyvalue] [Octet String] "12345678"
+
+encode_krb5_enc_tkt_part:
+
+[Krb5 Encrypted ticket part]
+.  [Sequence/Sequence Of]
+.  .  [flags] [Bit String] 0xfedcba98
+.  .  [key] [Sequence/Sequence Of]
+.  .  .  [keytype] [Integer] 1
+.  .  .  [keyvalue] [Octet String] "12345678"
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [transited] [Sequence/Sequence Of]
+.  .  .  [flags] [Integer] 1
+.  .  .  [key] [Octet String] "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."
+.  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  [starttime] [Generalized Time] "19940610060317Z"
+.  .  [endtime] [Generalized Time] "19940610060317Z"
+.  .  [renew-till] [Generalized Time] "19940610060317Z"
+.  .  [caddr] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+.  .  [authorization-data] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [ad-type] [Integer] 1
+.  .  .  .  [ad-data] [Octet String] "foobar"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [ad-type] [Integer] 1
+.  .  .  .  [ad-data] [Octet String] "foobar"
+
+encode_krb5_enc_tkt_part(optionals NULL):
+
+[Krb5 Encrypted ticket part]
+.  [Sequence/Sequence Of]
+.  .  [flags] [Bit String] 0xfedcba98
+.  .  [key] [Sequence/Sequence Of]
+.  .  .  [keytype] [Integer] 1
+.  .  .  [keyvalue] [Octet String] "12345678"
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [transited] [Sequence/Sequence Of]
+.  .  .  [flags] [Integer] 1
+.  .  .  [key] [Octet String] "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."
+.  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  [endtime] [Generalized Time] "19940610060317Z"
+
+encode_krb5_enc_kdc_rep_part:
+
+[Krb5 Encrypted TGS-REP part]
+.  [Sequence/Sequence Of]
+.  .  [key] [Sequence/Sequence Of]
+.  .  .  [keytype] [Integer] 1
+.  .  .  [keyvalue] [Octet String] "12345678"
+.  .  [last-req] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [lr-type] [Integer] -5
+.  .  .  .  [lr-value] [Generalized Time] "19940610060317Z"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [lr-type] [Integer] -5
+.  .  .  .  [lr-value] [Generalized Time] "19940610060317Z"
+.  .  [nonce] [Integer] 42
+.  .  [key-expiration] [Generalized Time] "19940610060317Z"
+.  .  [flags] [Bit String] 0xfedcba98
+.  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  [starttime] [Generalized Time] "19940610060317Z"
+.  .  [enddtime] [Generalized Time] "19940610060317Z"
+.  .  [renew-till] [Generalized Time] "19940610060317Z"
+.  .  [srealm] [General string] "ATHENA.MIT.EDU"
+.  .  [sname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [caddr] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+
+encode_krb5_enc_kdc_rep_part(optionals NULL):
+
+[Krb5 Encrypted TGS-REP part]
+.  [Sequence/Sequence Of]
+.  .  [key] [Sequence/Sequence Of]
+.  .  .  [keytype] [Integer] 1
+.  .  .  [keyvalue] [Octet String] "12345678"
+.  .  [last-req] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [lr-type] [Integer] -5
+.  .  .  .  [lr-value] [Generalized Time] "19940610060317Z"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [lr-type] [Integer] -5
+.  .  .  .  [lr-value] [Generalized Time] "19940610060317Z"
+.  .  [nonce] [Integer] 42
+.  .  [flags] [Bit String] 0xfe5cba98
+.  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  [enddtime] [Generalized Time] "19940610060317Z"
+.  .  [srealm] [General string] "ATHENA.MIT.EDU"
+.  .  [sname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+
+encode_krb5_as_rep:
+
+[Krb5 AS-REP packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 11
+.  .  [padata] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [ticket] [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_as_rep(optionals NULL):
+
+[Krb5 AS-REP packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 11
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [ticket] [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_rep:
+
+[Krb5 TGS-REP packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 13
+.  .  [padata] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [ticket] [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_rep(optionals NULL):
+
+[Krb5 TGS-REP packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 13
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [ticket] [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_ap_req:
+
+[Krb5 AP-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 14
+.  .  [ap-options] [Bit String] 0xfedcba98
+.  .  [ticket] [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [authenticator] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_ap_rep:
+
+[Krb5 AP-REP packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 15
+.  .  [enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_ap_rep_enc_part:
+
+[Krb5 Encrypted AP-REP part]
+.  [Sequence/Sequence Of]
+.  .  [ctime] [Generalized Time] "19940610060317Z"
+.  .  [cusec] [Integer] 123456
+.  .  [subkey] [Sequence/Sequence Of]
+.  .  .  [keytype] [Integer] 1
+.  .  .  [keyvalue] [Octet String] "12345678"
+.  .  [seq-number] [Integer] 17
+
+encode_krb5_ap_rep_enc_part(optionals NULL):
+
+[Krb5 Encrypted AP-REP part]
+.  [Sequence/Sequence Of]
+.  .  [ctime] [Generalized Time] "19940610060317Z"
+.  .  [cusec] [Integer] 123456
+
+encode_krb5_as_req:
+
+[Krb5 AS-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 10
+.  .  [padata] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  [req-body] [Sequence/Sequence Of]
+.  .  .  [kdc-options] [Bit String] 0xfedcba90
+.  .  .  [cname] [Sequence/Sequence Of]
+.  .  .  .  [name-type] [Integer] 1
+.  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  [name-type] [Integer] 1
+.  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [from] [Generalized Time] "19940610060317Z"
+.  .  .  [till] [Generalized Time] "19940610060317Z"
+.  .  .  [rtime] [Generalized Time] "19940610060317Z"
+.  .  .  [nonce] [Integer] 42
+.  .  .  [etype] [Sequence/Sequence Of]
+.  .  .  .  [Integer] 0
+.  .  .  .  [Integer] 1
+.  .  .  [addresses] [Sequence/Sequence Of]
+.  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  [address] [Octet String] <4>
+                  12 d0 00 23                                ...#
+.  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  [address] [Octet String] <4>
+                  12 d0 00 23                                ...#
+.  .  .  [enc-authorization-data] [Sequence/Sequence Of]
+.  .  .  .  [etype] [Integer] 0
+.  .  .  .  [kvno] [Integer] 5
+.  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  [additional-tickets] [Sequence/Sequence Of]
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_as_req(optionals NULL except second_ticket):
+
+[Krb5 AS-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 10
+.  .  [req-body] [Sequence/Sequence Of]
+.  .  .  [kdc-options] [Bit String] 0xfedcba98
+.  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  [till] [Generalized Time] "19940610060317Z"
+.  .  .  [nonce] [Integer] 42
+.  .  .  [etype] [Sequence/Sequence Of]
+.  .  .  .  [Integer] 0
+.  .  .  .  [Integer] 1
+.  .  .  [additional-tickets] [Sequence/Sequence Of]
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_as_req(optionals NULL except server):
+
+[Krb5 AS-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 10
+.  .  [req-body] [Sequence/Sequence Of]
+.  .  .  [kdc-options] [Bit String] 0xfedcba90
+.  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  [name-type] [Integer] 1
+.  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [till] [Generalized Time] "19940610060317Z"
+.  .  .  [nonce] [Integer] 42
+.  .  .  [etype] [Sequence/Sequence Of]
+.  .  .  .  [Integer] 0
+.  .  .  .  [Integer] 1
+
+encode_krb5_tgs_req:
+
+[Krb5 TGS-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 12
+.  .  [padata] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [padata-type] [Integer] 13
+.  .  .  .  [pa-data] [Octet String] "pa-data"
+.  .  [req-body] [Sequence/Sequence Of]
+.  .  .  [kdc-options] [Bit String] 0xfedcba90
+.  .  .  [cname] [Sequence/Sequence Of]
+.  .  .  .  [name-type] [Integer] 1
+.  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  [name-type] [Integer] 1
+.  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [from] [Generalized Time] "19940610060317Z"
+.  .  .  [till] [Generalized Time] "19940610060317Z"
+.  .  .  [rtime] [Generalized Time] "19940610060317Z"
+.  .  .  [nonce] [Integer] 42
+.  .  .  [etype] [Sequence/Sequence Of]
+.  .  .  .  [Integer] 0
+.  .  .  .  [Integer] 1
+.  .  .  [addresses] [Sequence/Sequence Of]
+.  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  [address] [Octet String] <4>
+                  12 d0 00 23                                ...#
+.  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  [address] [Octet String] <4>
+                  12 d0 00 23                                ...#
+.  .  .  [enc-authorization-data] [Sequence/Sequence Of]
+.  .  .  .  [etype] [Integer] 0
+.  .  .  .  [kvno] [Integer] 5
+.  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  [additional-tickets] [Sequence/Sequence Of]
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_req(optionals NULL except second_ticket):
+
+[Krb5 TGS-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 12
+.  .  [req-body] [Sequence/Sequence Of]
+.  .  .  [kdc-options] [Bit String] 0xfedcba98
+.  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  [till] [Generalized Time] "19940610060317Z"
+.  .  .  [nonce] [Integer] 42
+.  .  .  [etype] [Sequence/Sequence Of]
+.  .  .  .  [Integer] 0
+.  .  .  .  [Integer] 1
+.  .  .  [additional-tickets] [Sequence/Sequence Of]
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  .  [Krb5 Ticket]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_tgs_req(optionals NULL except server):
+
+[Krb5 TGS-REQ packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 12
+.  .  [req-body] [Sequence/Sequence Of]
+.  .  .  [kdc-options] [Bit String] 0xfedcba90
+.  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  [name-type] [Integer] 1
+.  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [till] [Generalized Time] "19940610060317Z"
+.  .  .  [nonce] [Integer] 42
+.  .  .  [etype] [Sequence/Sequence Of]
+.  .  .  .  [Integer] 0
+.  .  .  .  [Integer] 1
+
+encode_krb5_kdc_req_body:
+
+[Sequence/Sequence Of]
+.  [kdc-options] [Bit String] 0xfedcba90
+.  [cname] [Sequence/Sequence Of]
+.  .  [name-type] [Integer] 1
+.  .  [name-string] [Sequence/Sequence Of]
+.  .  .  [General string] "hftsai"
+.  .  .  [General string] "extra"
+.  [realm] [General string] "ATHENA.MIT.EDU"
+.  [sname] [Sequence/Sequence Of]
+.  .  [name-type] [Integer] 1
+.  .  [name-string] [Sequence/Sequence Of]
+.  .  .  [General string] "hftsai"
+.  .  .  [General string] "extra"
+.  [from] [Generalized Time] "19940610060317Z"
+.  [till] [Generalized Time] "19940610060317Z"
+.  [rtime] [Generalized Time] "19940610060317Z"
+.  [nonce] [Integer] 42
+.  [etype] [Sequence/Sequence Of]
+.  .  [Integer] 0
+.  .  [Integer] 1
+.  [addresses] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+.  .  [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+.  [enc-authorization-data] [Sequence/Sequence Of]
+.  .  [etype] [Integer] 0
+.  .  [kvno] [Integer] 5
+.  .  [cipher] [Octet String] "krbASN.1 test message"
+.  [additional-tickets] [Sequence/Sequence Of]
+.  .  [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_kdc_req_body(optionals NULL except second_ticket):
+
+[Sequence/Sequence Of]
+.  [kdc-options] [Bit String] 0xfedcba98
+.  [realm] [General string] "ATHENA.MIT.EDU"
+.  [till] [Generalized Time] "19940610060317Z"
+.  [nonce] [Integer] 42
+.  [etype] [Sequence/Sequence Of]
+.  .  [Integer] 0
+.  .  [Integer] 1
+.  [additional-tickets] [Sequence/Sequence Of]
+.  .  [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [Krb5 Ticket]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_kdc_req_body(optionals NULL except server):
+
+[Sequence/Sequence Of]
+.  [kdc-options] [Bit String] 0xfedcba90
+.  [realm] [General string] "ATHENA.MIT.EDU"
+.  [sname] [Sequence/Sequence Of]
+.  .  [name-type] [Integer] 1
+.  .  [name-string] [Sequence/Sequence Of]
+.  .  .  [General string] "hftsai"
+.  .  .  [General string] "extra"
+.  [till] [Generalized Time] "19940610060317Z"
+.  [nonce] [Integer] 42
+.  [etype] [Sequence/Sequence Of]
+.  .  [Integer] 0
+.  .  [Integer] 1
+
+encode_krb5_safe:
+
+[Krb5 SAFE packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 20
+.  .  [safe-body] [Sequence/Sequence Of]
+.  .  .  [user-data] [Octet String] "krb5data"
+.  .  .  [timestamp] [Generalized Time] "19940610060317Z"
+.  .  .  [usec] [Integer] 123456
+.  .  .  [seq-number] [Integer] 17
+.  .  .  [s-address] [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+.  .  .  [r-address] [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+.  .  [cksum] [Sequence/Sequence Of]
+.  .  .  [cksumtype] [Integer] 1
+.  .  .  [checksum] [Octet String] "1234"
+
+encode_krb5_safe(optionals NULL):
+
+[Krb5 SAFE packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 20
+.  .  [safe-body] [Sequence/Sequence Of]
+.  .  .  [user-data] [Octet String] "krb5data"
+.  .  .  [s-address] [Sequence/Sequence Of]
+.  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  [address] [Octet String] <4>
+               12 d0 00 23                                   ...#
+.  .  [cksum] [Sequence/Sequence Of]
+.  .  .  [cksumtype] [Integer] 1
+.  .  .  [checksum] [Octet String] "1234"
+
+encode_krb5_priv:
+
+[Krb5 PRIV packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 21
+.  .  [3] [Sequence/Sequence Of]
+.  .  .  [pvno] [Integer] 0
+.  .  .  [msg-type] [Integer] 5
+.  .  .  [enc-part] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_priv_part:
+
+[Krb5 Encrypted PRIV part]
+.  [Sequence/Sequence Of]
+.  .  [user-data] [Octet String] "krb5data"
+.  .  [timestamp] [Generalized Time] "19940610060317Z"
+.  .  [usec] [Integer] 123456
+.  .  [seq-number] [Integer] 17
+.  .  [s-address] [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+.  .  [r-address] [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+
+encode_krb5_enc_priv_part(optionals NULL):
+
+[Krb5 Encrypted PRIV part]
+.  [Sequence/Sequence Of]
+.  .  [user-data] [Octet String] "krb5data"
+.  .  [s-address] [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+
+encode_krb5_cred:
+
+[Krb5 CRED packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 22
+.  .  [tickets] [Sequence/Sequence Of]
+.  .  .  [Krb5 Ticket]
+.  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  .  [Krb5 Ticket]
+.  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  [tkt-vno] [Integer] 5
+.  .  .  .  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  .  [General string] "extra"
+.  .  .  .  .  [tkt-enc-part] [Sequence/Sequence Of]
+.  .  .  .  .  .  [etype] [Integer] 0
+.  .  .  .  .  .  [kvno] [Integer] 5
+.  .  .  .  .  .  [cipher] [Octet String] "krbASN.1 test message"
+.  .  [enc-part] [Sequence/Sequence Of]
+.  .  .  [etype] [Integer] 0
+.  .  .  [kvno] [Integer] 5
+.  .  .  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_cred_part:
+
+[Krb5 Encrypted CRED part]
+.  [Sequence/Sequence Of]
+.  .  [ticket-info] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [key] [Sequence/Sequence Of]
+.  .  .  .  .  [keytype] [Integer] 1
+.  .  .  .  .  [keyvalue] [Octet String] "12345678"
+.  .  .  .  [prealm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [pname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [flags] [Bit String] 0xfedcba98
+.  .  .  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [startime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [endtime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [renew-till] [Generalized Time] "19940610060317Z"
+.  .  .  .  [srealm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [caddr] [Sequence/Sequence Of]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  .  [address] [Octet String] <4>
+                     12 d0 00 23                             ...#
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  .  [address] [Octet String] <4>
+                     12 d0 00 23                             ...#
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [key] [Sequence/Sequence Of]
+.  .  .  .  .  [keytype] [Integer] 1
+.  .  .  .  .  [keyvalue] [Octet String] "12345678"
+.  .  .  .  [prealm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [pname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [flags] [Bit String] 0xfedcba98
+.  .  .  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [startime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [endtime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [renew-till] [Generalized Time] "19940610060317Z"
+.  .  .  .  [srealm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [caddr] [Sequence/Sequence Of]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  .  [address] [Octet String] <4>
+                     12 d0 00 23                             ...#
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  .  [address] [Octet String] <4>
+                     12 d0 00 23                             ...#
+.  .  [nonce] [Integer] 42
+.  .  [timestamp] [Generalized Time] "19940610060317Z"
+.  .  [usec] [Integer] 123456
+.  .  [s-address] [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+.  .  [r-address] [Sequence/Sequence Of]
+.  .  .  [addr-type] [Integer] 2
+.  .  .  [address] [Octet String] <4>
+            12 d0 00 23                                      ...#
+
+encode_krb5_enc_cred_part(optionals NULL):
+
+[Krb5 Encrypted CRED part]
+.  [Sequence/Sequence Of]
+.  .  [ticket-info] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [key] [Sequence/Sequence Of]
+.  .  .  .  .  [keytype] [Integer] 1
+.  .  .  .  .  [keyvalue] [Octet String] "12345678"
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [key] [Sequence/Sequence Of]
+.  .  .  .  .  [keytype] [Integer] 1
+.  .  .  .  .  [keyvalue] [Octet String] "12345678"
+.  .  .  .  [prealm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [pname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [flags] [Bit String] 0xfedcba98
+.  .  .  .  [authtime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [startime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [endtime] [Generalized Time] "19940610060317Z"
+.  .  .  .  [renew-till] [Generalized Time] "19940610060317Z"
+.  .  .  .  [srealm] [General string] "ATHENA.MIT.EDU"
+.  .  .  .  [sname] [Sequence/Sequence Of]
+.  .  .  .  .  [name-type] [Integer] 1
+.  .  .  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  .  [General string] "extra"
+.  .  .  .  [caddr] [Sequence/Sequence Of]
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  .  [address] [Octet String] <4>
+                     12 d0 00 23                             ...#
+.  .  .  .  .  [Sequence/Sequence Of]
+.  .  .  .  .  .  [addr-type] [Integer] 2
+.  .  .  .  .  .  [address] [Octet String] <4>
+                     12 d0 00 23                             ...#
+
+encode_krb5_error:
+
+[Krb5 ERROR packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 30
+.  .  [ctime] [Generalized Time] "19940610060317Z"
+.  .  [cusec] [Integer] 123456
+.  .  [stime] [Generalized Time] "19940610060317Z"
+.  .  [susec] [Integer] 123456
+.  .  [error-code] [Integer] 60
+.  .  [crealm] [General string] "ATHENA.MIT.EDU"
+.  .  [cname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  [sname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [e-text] [General string] "krb5data"
+.  .  [e-data] [Octet String] "krb5data"
+
+encode_krb5_error(optionals NULL):
+
+[Krb5 ERROR packet]
+.  [Sequence/Sequence Of]
+.  .  [pvno] [Integer] 5
+.  .  [msg-type] [Integer] 30
+.  .  [cusec] [Integer] 123456
+.  .  [stime] [Generalized Time] "19940610060317Z"
+.  .  [susec] [Integer] 123456
+.  .  [error-code] [Integer] 60
+.  .  [realm] [General string] "ATHENA.MIT.EDU"
+.  .  [sname] [Sequence/Sequence Of]
+.  .  .  [name-type] [Integer] 1
+.  .  .  [name-string] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+
+encode_krb5_authorization_data:
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [ad-type] [Integer] 1
+.  .  [ad-data] [Octet String] "foobar"
+.  [Sequence/Sequence Of]
+.  .  [ad-type] [Integer] 1
+.  .  [ad-data] [Octet String] "foobar"
+
+encode_krb5_padata_sequence:
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [1] [Integer] 13
+.  .  [2] [Octet String] "pa-data"
+.  [Sequence/Sequence Of]
+.  .  [1] [Integer] 13
+.  .  [2] [Octet String] "pa-data"
+
+encode_krb5_typed_data:
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 13
+.  .  [1] [Octet String] "pa-data"
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 13
+.  .  [1] [Octet String] "pa-data"
+
+encode_krb5_padata_sequence(empty):
+
+[Sequence/Sequence Of]
+
+encode_krb5_etype_info:
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 0
+.  .  [1] [Octet String] "Morton's #0"
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 2
+.  .  [1] [Octet String] "Morton's #2"
+
+encode_krb5_etype_info(only 1):
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 0
+.  .  [1] [Octet String] "Morton's #0"
+
+encode_krb5_etype_info(no info):
+
+[Sequence/Sequence Of]
+
+encode_krb5_etype_info2:
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 0
+.  .  [1] [General string] "Morton's #0"
+.  .  [2] [Octet String] "s2k: 0"
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [2] [Octet String] "s2k: 1"
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 2
+.  .  [1] [General string] "Morton's #2"
+.  .  [2] [Octet String] "s2k: 2"
+
+encode_krb5_etype_info2(only 1):
+
+[Sequence/Sequence Of]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 0
+.  .  [1] [General string] "Morton's #0"
+.  .  [2] [Octet String] "s2k: 0"
+
+encode_krb5_pa_enc_ts:
+
+[Sequence/Sequence Of]
+.  [0] [Generalized Time] "19940610060317Z"
+.  [1] [Integer] 123456
+
+encode_krb5_pa_enc_ts (no usec):
+
+[Sequence/Sequence Of]
+.  [0] [Generalized Time] "19940610060317Z"
+
+encode_krb5_enc_data:
+
+[Sequence/Sequence Of]
+.  [etype] [Integer] 0
+.  [kvno] [Integer] 5
+.  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_data(MSB-set kvno):
+
+[Sequence/Sequence Of]
+.  [etype] [Integer] 0
+.  [kvno] [Integer] -16777216
+.  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_data(kvno=-1):
+
+[Sequence/Sequence Of]
+.  [etype] [Integer] 0
+.  [kvno] [Integer] -1
+.  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_sam_challenge_2:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [Octet String] "challenge"
+.  [1] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "1234"
+
+encode_krb5_sam_challenge_2_body:
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 42
+.  [1] [Bit String] 0x80000000
+.  [2] [Octet String] "type name"
+.  [4] [Octet String] "challenge label"
+.  [5] [Octet String] "challenge ipse"
+.  [6] [Octet String] "response_prompt ipse"
+.  [8] [Integer] 5517840
+.  [9] [Integer] 20
+
+encode_krb5_sam_response_2:
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 43
+.  [1] [Bit String] 0x80000000
+.  [2] [Octet String] "track data"
+.  [3] [Sequence/Sequence Of]
+.  .  [0] [Integer] 20
+.  .  [1] [Integer] 3382
+.  .  [2] [Octet String] "nonce or sad"
+.  [4] [Integer] 5517840
+
+encode_krb5_enc_sam_response_enc_2:
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 88
+.  [1] [Octet String] "enc_sam_response_enc_2"
+
+encode_krb5_pa_for_user:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Sequence/Sequence Of]
+.  .  .  [General string] "hftsai"
+.  .  .  [General string] "extra"
+.  [1] [General string] "ATHENA.MIT.EDU"
+.  [2] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+.  [3] [General string] "krb5data"
+
+encode_krb5_pa_s4u_x509_user:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [0] [Integer] 13243546
+.  .  [1] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [2] [General string] "ATHENA.MIT.EDU"
+.  .  [3] [Octet String] "pa_s4u_x509_user"
+.  .  [4] [Bit String] 0x80000000
+.  [1] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+
+encode_krb5_ad_kdcissued:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+.  [1] [General string] "ATHENA.MIT.EDU"
+.  [2] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Sequence/Sequence Of]
+.  .  .  [General string] "hftsai"
+.  .  .  [General string] "extra"
+.  [3] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "foobar"
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "foobar"
+
+encode_krb5_iakerb_header:
+
+[Sequence/Sequence Of]
+.  [1] [Octet String] "krb5data"
+.  [2] [Octet String] "krb5data"
+
+encode_krb5_iakerb_finished:
+
+[Sequence/Sequence Of]
+.  [1] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "1234"
+
+encode_krb5_fast_response:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [1] [Integer] 13
+.  .  .  [2] [Octet String] "pa-data"
+.  .  [Sequence/Sequence Of]
+.  .  .  [1] [Integer] 13
+.  .  .  [2] [Octet String] "pa-data"
+.  [1] [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "12345678"
+.  [2] [Sequence/Sequence Of]
+.  .  [0] [Generalized Time] "19940610060317Z"
+.  .  [1] [Integer] 123456
+.  .  [2] [General string] "ATHENA.MIT.EDU"
+.  .  [3] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [4] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "1234"
+.  [3] [Integer] 42
+
+encode_krb5_pa_fx_fast_reply:
+
+[CONT 0]
+.  [Sequence/Sequence Of]
+.  .  [0] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 0
+.  .  .  [1] [Integer] 5
+.  .  .  [2] [Octet String] "krbASN.1 test message"
+
+encode_krb5_otp_tokeninfo(optionals NULL):
+
+[Sequence/Sequence Of]
+.  [0] <5>
+      00 00 00 00 00                                      .....
+
+encode_krb5_otp_tokeninfo:
+
+[Sequence/Sequence Of]
+.  [0] <5>
+      00 77 00 00 00                                      .w...
+.  [1] <11>
+      45 78 61 6d 70 6c 65 63 6f 72 70                    Examplecorp
+.  [2] <5>
+      68 61 72 6b 21                                      hark!
+.  [3] 0x0 (10 unused bits)
+.  [4] <1>
+      02                                                  .
+.  [5] <9>
+      79 6f 75 72 74 6f 6b 65 6e                          yourtoken
+.  [6] <40>
+      75 72 6e 3a 69 65 74 66 3a 70 61 72 61 6d 73 3a     urn:ietf:params:
+      78 6d 6c 3a 6e 73 3a 6b 65 79 70 72 6f 76 3a 70     xml:ns:keyprov:p
+      73 6b 63 3a 68 6f 74 70                             skc:hotp
+.  [7] [Sequence/Sequence Of]
+.  .  [Object Identifier] <9>
+         60 86 48 01 65 03 04 02 01                       `.H.e....
+.  [Sequence/Sequence Of]
+.  .  [Object Identifier] <5>
+         2b 0e 03 02 1a                                   +....
+.  [8] <2>
+      03 e8                                               ..
+
+encode_krb5_pa_otp_challenge(optionals NULL):
+
+[Sequence/Sequence Of]
+.  [0] <8>
+      6d 69 6e 6e 6f 6e 63 65                             minnonce
+.  [2] [Sequence/Sequence Of]
+.  .  [0] <5>
+         00 00 00 00 00                                   .....
+
+encode_krb5_pa_otp_challenge:
+
+[Sequence/Sequence Of]
+.  [0] <8>
+      6d 61 78 6e 6f 6e 63 65                             maxnonce
+.  [1] <11>
+      74 65 73 74 73 65 72 76 69 63 65                    testservice
+.  [2] [Sequence/Sequence Of]
+.  .  [0] <5>
+         00 00 00 00 00                                   .....
+.  [Sequence/Sequence Of]
+.  .  [0] <5>
+         00 77 00 00 00                                   .w...
+.  .  [1] <11>
+         45 78 61 6d 70 6c 65 63 6f 72 70                 Examplecorp
+.  .  [2] <5>
+         68 61 72 6b 21                                   hark!
+.  .  [3] 0x0 (10 unused bits)
+.  .  [4] <1>
+         02                                               .
+.  .  [5] <9>
+         79 6f 75 72 74 6f 6b 65 6e                       yourtoken
+.  .  [6] <40>
+         75 72 6e 3a 69 65 74 66 3a 70 61 72 61 6d 73     urn:ietf:params
+         3a 78 6d 6c 3a 6e 73 3a 6b 65 79 70 72 6f 76     :xml:ns:keyprov
+         3a 70 73 6b 63 3a 68 6f 74 70                    :pskc:hotp
+.  .  [7] [Sequence/Sequence Of]
+.  .  .  [Object Identifier] <9>
+            60 86 48 01 65 03 04 02 01                       `.H.e....
+.  .  [Sequence/Sequence Of]
+.  .  .  [Object Identifier] <5>
+            2b 0e 03 02 1a                                   +....
+.  .  [8] <2>
+         03 e8                                            ..
+.  [3] <7>
+      6b 65 79 73 61 6c 74                                keysalt
+.  [4] "1234"
+
+encode_krb5_pa_otp_req(optionals NULL):
+
+[Sequence/Sequence Of]
+.  [0] <5>
+      00 00 00 00 00                                      .....
+.  [2] [0] [Integer] 0
+.  [1] [Integer] 5
+.  [2] [Octet String] "krbASN.1 test message"
+
+encode_krb5_pa_otp_req:
+
+[Sequence/Sequence Of]
+.  [0] <5>
+      00 60 00 00 00                                      .`...
+.  [1] <5>
+      6e 6f 6e 63 65                                      nonce
+.  [2] [0] [Integer] 0
+.  [1] [Integer] 5
+.  [2] [Octet String] "krbASN.1 test message"
+.  [3] [Object Identifier] <9>
+      60 86 48 01 65 03 04 02 01                          `.H.e....
+.  [4] <2>
+      03 e8                                               ..
+.  [5] <5>
+      66 72 6f 67 73                                      frogs
+.  [6] <10>
+      6d 79 66 69 72 73 74 70 69 6e                       myfirstpin
+.  [7] <5>
+      68 61 72 6b 21                                      hark!
+.  [8] <15>
+      31 39 39 34 30 36 31 30 30 36 30 33 31 37 5a        19940610060317Z
+.  [9] <3>
+      33 34 36                                            346
+.  [10] <1>
+      02                                                  .
+.  [11] <9>
+      79 6f 75 72 74 6f 6b 65 6e                          yourtoken
+.  [12] <40>
+      75 72 6e 3a 69 65 74 66 3a 70 61 72 61 6d 73 3a     urn:ietf:params:
+      78 6d 6c 3a 6e 73 3a 6b 65 79 70 72 6f 76 3a 70     xml:ns:keyprov:p
+      73 6b 63 3a 68 6f 74 70                             skc:hotp
+.  [13] <11>
+      45 78 61 6d 70 6c 65 63 6f 72 70                    Examplecorp
+
+encode_krb5_pa_otp_enc_req:
+
+[Sequence/Sequence Of]
+.  [0] <8>
+      6b 72 62 35 64 61 74 61                             krb5data
+
+encode_krb5_kkdcp_message:
+
+[Sequence/Sequence Of]
+.  [0] [Octet String] <488>
+      6a 82 01 e4 30 82 01 e0 a1 03 02 01 05 a2 03 02     j...0...........
+      01 0a a3 26 30 24 30 10 a1 03 02 01 0d a2 09 04     ...&0$0.........
+      07 70 61 2d 64 61 74 61 30 10 a1 03 02 01 0d a2     .pa-data0.......
+      09 04 07 70 61 2d 64 61 74 61 a4 82 01 aa 30 82     ...pa-data....0.
+      01 a6 a0 07 03 05 00 fe dc ba 98 a1 1a 30 18 a0     .............0..
+      03 02 01 01 a1 11 30 0f 1b 06 68 66 74 73 61 69     ......0...hftsai
+      1b 05 65 78 74 72 61 a2 10 1b 0e 41 54 48 45 4e     ..extra....ATHEN
+      41 2e 4d 49 54 2e 45 44 55 a3 1a 30 18 a0 03 02     A.MIT.EDU..0....
+      01 01 a1 11 30 0f 1b 06 68 66 74 73 61 69 1b 05     ....0...hftsai..
+      65 78 74 72 61 a4 11 18 0f 31 39 39 34 30 36 31     extra....1994061
+      30 30 36 30 33 31 37 5a a5 11 18 0f 31 39 39 34     0060317Z....1994
+      30 36 31 30 30 36 30 33 31 37 5a a6 11 18 0f 31     0610060317Z....1
+      39 39 34 30 36 31 30 30 36 30 33 31 37 5a a7 03     9940610060317Z..
+      02 01 2a a8 08 30 06 02 01 00 02 01 01 a9 20 30     ..*..0........ 0
+      1e 30 0d a0 03 02 01 02 a1 06 04 04 12 d0 00 23     .0.............#
+      30 0d a0 03 02 01 02 a1 06 04 04 12 d0 00 23 aa     0.............#.
+      25 30 23 a0 03 02 01 00 a1 03 02 01 05 a2 17 04     %0#.............
+      15 6b 72 62 41 53 4e 2e 31 20 74 65 73 74 20 6d     .krbASN.1 test m
+      65 73 73 61 67 65 ab 81 bf 30 81 bc 61 5c 30 5a     essage...0..a\0Z
+      a0 03 02 01 05 a1 10 1b 0e 41 54 48 45 4e 41 2e     .........ATHENA.
+      4d 49 54 2e 45 44 55 a2 1a 30 18 a0 03 02 01 01     MIT.EDU..0......
+      a1 11 30 0f 1b 06 68 66 74 73 61 69 1b 05 65 78     ..0...hftsai..ex
+      74 72 61 a3 25 30 23 a0 03 02 01 00 a1 03 02 01     tra.%0#.........
+      05 a2 17 04 15 6b 72 62 41 53 4e 2e 31 20 74 65     .....krbASN.1 te
+      73 74 20 6d 65 73 73 61 67 65 61 5c 30 5a a0 03     st messagea\0Z..
+      02 01 05 a1 10 1b 0e 41 54 48 45 4e 41 2e 4d 49     .......ATHENA.MI
+      54 2e 45 44 55 a2 1a 30 18 a0 03 02 01 01 a1 11     T.EDU..0........
+      30 0f 1b 06 68 66 74 73 61 69 1b 05 65 78 74 72     0...hftsai..extr
+      61 a3 25 30 23 a0 03 02 01 00 a1 03 02 01 05 a2     a.%0#...........
+      17 04 15 6b 72 62 41 53 4e 2e 31 20 74 65 73 74     ...krbASN.1 test
+      20 6d 65 73 73 61 67 65                              message
+.  [1] [General string] "krb5data"
+
+encode_krb5_cammac(optionals NULL):
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "ad1"
+
+encode_krb5_cammac:
+
+[Sequence/Sequence Of]
+.  [0] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "ad1"
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 2
+.  .  .  [1] [Octet String] "ad2"
+.  [1] [Sequence/Sequence Of]
+.  .  [0] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [1] [Integer] 5
+.  .  [2] [Integer] 16
+.  .  [3] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "cksumkdc"
+.  [2] [Sequence/Sequence Of]
+.  .  [0] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  [General string] "hftsai"
+.  .  .  .  [General string] "extra"
+.  .  [1] [Integer] 5
+.  .  [2] [Integer] 16
+.  .  [3] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 1
+.  .  .  [1] [Octet String] "cksumsvc"
+.  [3] [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [3] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 1
+.  .  .  .  [1] [Octet String] "cksum1"
+.  .  [Sequence/Sequence Of]
+.  .  .  [0] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 1
+.  .  .  .  [1] [Sequence/Sequence Of]
+.  .  .  .  .  [General string] "hftsai"
+.  .  .  .  .  [General string] "extra"
+.  .  .  [1] [Integer] 5
+.  .  .  [2] [Integer] 16
+.  .  .  [3] [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 1
+.  .  .  .  [1] [Octet String] "cksum2"
+
+encode_krb5_secure_cookie:
+
+[Sequence/Sequence Of]
+.  [Integer] 771228197
+.  [Sequence/Sequence Of]
+.  .  [Sequence/Sequence Of]
+.  .  .  [1] [Integer] 13
+.  .  .  [2] [Octet String] "pa-data"
+.  .  [Sequence/Sequence Of]
+.  .  .  [1] [Integer] 13
+.  .  .  [2] [Octet String] "pa-data"
+
+encode_krb5_spake_factor(optionals NULL):
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 1
+
+encode_krb5_spake_factor:
+
+[Sequence/Sequence Of]
+.  [0] [Integer] 2
+.  [1] [Octet String] "fdata"
+
+encode_krb5_pa_spake(support):
+
+[CONT 0]
+.  [Sequence/Sequence Of]
+.  .  [0] [Sequence/Sequence Of]
+.  .  .  [Integer] 1
+.  .  .  [Integer] 2
+
+encode_krb5_pa_spake(challenge):
+
+[CONT 1]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 1
+.  .  [1] [Octet String] "T value"
+.  .  [2] [Sequence/Sequence Of]
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 1
+.  .  .  [Sequence/Sequence Of]
+.  .  .  .  [0] [Integer] 2
+.  .  .  .  [1] [Octet String] "fdata"
+
+encode_krb5_pa_spake(response):
+
+[CONT 2]
+.  [Sequence/Sequence Of]
+.  .  [0] [Octet String] "S value"
+.  .  [1] [Sequence/Sequence Of]
+.  .  .  [0] [Integer] 0
+.  .  .  [1] [Integer] 5
+.  .  .  [2] [Octet String] "krbASN.1 test message"
+
+encode_krb5_pa_spake(encdata):
+
+[CONT 3]
+.  [Sequence/Sequence Of]
+.  .  [0] [Integer] 0
+.  .  [1] [Integer] 5
+.  .  [2] [Octet String] "krbASN.1 test message"
diff --git a/krb5-1.21.3/src/tests/asn.1/utility.c b/krb5-1.21.3/src/tests/asn.1/utility.c
new file mode 100644
index 00000000..b1eb902a
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/utility.c
@@ -0,0 +1,142 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/utility.c */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "utility.h"
+#include "krb5.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+
+krb5int_access acc;
+
+char hexchar (const unsigned int digit);
+
+void *
+ealloc(size_t size)
+{
+    void *ptr = calloc(1, size);
+
+    if (ptr == NULL)
+        abort();
+    return ptr;
+}
+
+char *
+estrdup(const char *str)
+{
+    char *newstr = strdup(str);
+
+    if (newstr == NULL)
+        abort();
+    return newstr;
+}
+
+void
+asn1_krb5_data_unparse(const krb5_data *code, char **s)
+{
+    if (*s != NULL) free(*s);
+
+    if (code==NULL) {
+        *s = estrdup("<NULL>");
+    } else if (code->data == NULL || ((int) code->length) <= 0) {
+        *s = estrdup("<EMPTY>");
+    } else {
+        unsigned int i;
+
+        *s = ealloc(3 * code->length);
+        for (i = 0; i < code->length; i++) {
+            (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4));
+            (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F));
+            (*s)[3*i+2] = ' ';
+        }
+        (*s)[3*(code->length)-1] = '\0';
+    }
+}
+
+char
+hexchar(const unsigned int digit)
+{
+    if (digit<=9)
+        return '0'+digit;
+    else if (digit<=15)
+        return 'A'+digit-10;
+    else
+        return 'X';
+}
+
+void
+krb5_data_parse(krb5_data *d, const char *s)
+{
+    d->length = strlen(s);
+    d->data = ealloc(d->length);
+    memcpy(d->data, s, d->length);
+}
+
+krb5_error_code
+krb5_data_hex_parse(krb5_data *d, const char *s)
+{
+    int lo;
+    long v;
+    const char *cp;
+    char *dp;
+    char buf[2];
+
+    d->data = ealloc(strlen(s) / 2 + 1);
+    d->length = 0;
+    buf[1] = '\0';
+    for (lo = 0, dp = d->data, cp = s; *cp; cp++) {
+        if (*cp < 0)
+            return ASN1_PARSE_ERROR;
+        else if (isspace((unsigned char) *cp))
+            continue;
+        else if (isxdigit((unsigned char) *cp)) {
+            buf[0] = *cp;
+            v = strtol(buf, NULL, 16);
+        } else
+            return ASN1_PARSE_ERROR;
+        if (lo) {
+            *dp++ |= v;
+            lo = 0;
+        } else {
+            *dp = v << 4;
+            lo = 1;
+        }
+    }
+
+    d->length = dp - d->data;
+    return 0;
+}
+
+void
+init_access(const char *progname)
+{
+    krb5_error_code ret;
+    ret = krb5int_accessor(&acc, KRB5INT_ACCESS_VERSION);
+    if (ret) {
+        com_err(progname, ret, "while initializing accessor");
+        exit(1);
+    }
+}
diff --git a/krb5-1.21.3/src/tests/asn.1/utility.h b/krb5-1.21.3/src/tests/asn.1/utility.h
new file mode 100644
index 00000000..e14507a0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/asn.1/utility.h
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/asn.1/utility.h */
+/*
+ * Copyright (C) 1994 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifndef __UTILITY_H__
+#define __UTILITY_H__
+
+#include "k5-int.h"
+
+/* Aborts on failure.  ealloc returns zero-filled memory. */
+void *ealloc(size_t size);
+char *estrdup(const char *str);
+
+void asn1_krb5_data_unparse(const krb5_data *code, char **s);
+/* modifies  *s;
+   effects   Instantiates *s with a string representation of the series
+              of hex octets in *code.  (e.g. "02 02 00 7F")  If code==NULL,
+              the string rep is "<NULL>".  If code is empty (it contains no
+              data or has length <= 0), the string rep is "<EMPTY>".
+             If *s is non-NULL, then its currently-allocated storage
+              will be freed prior to the instantiation.
+             Returns ENOMEM or the string rep cannot be created. */
+
+void krb5_data_parse(krb5_data *d, const char *s);
+/* effects  Parses character string *s into krb5_data *d. */
+
+krb5_error_code krb5_data_hex_parse(krb5_data *d, const char *s);
+/* requires  *s is the string representation of a sequence of
+              hexadecimal octets.  (e.g. "02 01 00")
+   effects  Parses *s into krb5_data *d. */
+
+extern krb5int_access acc;
+extern void init_access(const char *progname);
+
+#endif
diff --git a/krb5-1.21.3/src/tests/au_dict.json b/krb5-1.21.3/src/tests/au_dict.json
new file mode 100644
index 00000000..032d6019
--- /dev/null
+++ b/krb5-1.21.3/src/tests/au_dict.json
@@ -0,0 +1,64 @@
+{
+"event_name":"",
+"event_success":0,
+"evidence_tkt_id":"",
+"fromport":0,
+"fromaddr":{
+	"type":0,
+	"length":0,
+	"ip":[]},
+"kdc_status":"",
+"rep_etype":0,
+"rep.ticket":{
+	"authtime":0,
+	"cname":{
+		"components":[],
+		"realm":"",
+		"length":0,
+		"type":0},
+	"end":0,
+	"flags":0,
+	"sess_etype":0,
+	"srv_etype":0,
+	"sname":{
+		"components":[],
+		"realm":"",
+		"length":0,
+		"type":0}},
+"req.avail_etypes":[],
+"req.client":{
+	"components":[],
+	"realm":"",
+	"length":0,
+	"type":0},
+"req_id":"",
+"req.kdc_options":0,
+"req.pa_type":[],
+"req.server":{
+	"components":[],
+	"realm":"",
+	"length":0,
+	"type":0},
+"req.tkt_end":0,
+"s4u2proxy_user":{
+	"components":[],
+	"realm":"",
+	"length":0,
+	"type":0},
+"s4u2self_user":{
+	"components":[],
+	"realm":"",
+	"length":0,
+	"type":0},
+"stage":1,
+"tkt_in_id":"",
+"tkt_renewed":0,
+"tkt_out_id":"",
+"tkt_validated":0,
+"u2u_user":{
+	"components":[],
+	"realm":"",
+	"length":0,
+	"type":0},
+"violation":0
+}
diff --git a/krb5-1.21.3/src/tests/conccache.c b/krb5-1.21.3/src/tests/conccache.c
new file mode 100644
index 00000000..7b0ca630
--- /dev/null
+++ b/krb5-1.21.3/src/tests/conccache.c
@@ -0,0 +1,190 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/conccache.c - ccache concurrent get_creds/refresh test program */
+/*
+ * Copyright (C) 2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage: conccache ccname clientprinc serverprinc
+ *
+ * This program spawns two subprocesses.  One repeatedly runs
+ * krb5_get_credentials() on ccname, and the other repeatedly refreshes ccname
+ * from the default keytab.  If either subprocess fails, the program exits with
+ * status 1.  The goal is to expose time windows where cache refreshes cause
+ * get_cred operations to fail.
+ */
+
+#include "k5-platform.h"
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <pthread.h>
+#include <krb5.h>
+
+/* Run this many iterations of each operation. */
+static const int iterations = 200;
+
+/* Saved command-line arguments. */
+static const char *ccname, *server_name, *client_name;
+
+static void
+check(krb5_error_code code)
+{
+    if (code)
+        abort();
+}
+
+static krb5_boolean
+get_cred(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_ccache cc;
+    krb5_principal client, server;
+    krb5_creds mcred, *cred;
+
+    check(krb5_cc_resolve(context, ccname, &cc));
+    check(krb5_parse_name(context, client_name, &client));
+    check(krb5_parse_name(context, server_name, &server));
+
+    memset(&mcred, 0, sizeof(mcred));
+    mcred.client = client;
+    mcred.server = server;
+    ret = krb5_get_credentials(context, 0, cc, &mcred, &cred);
+
+    krb5_free_creds(context, cred);
+    krb5_free_principal(context, client);
+    krb5_free_principal(context, server);
+    krb5_cc_close(context, cc);
+
+    return ret == 0;
+}
+
+static krb5_boolean
+refresh_cache(krb5_context context)
+{
+    krb5_error_code ret;
+    krb5_ccache cc;
+    krb5_principal client;
+    krb5_get_init_creds_opt *opt;
+    krb5_creds cred;
+
+    check(krb5_cc_resolve(context, ccname, &cc));
+    check(krb5_parse_name(context, client_name, &client));
+
+    check(krb5_get_init_creds_opt_alloc(context, &opt));
+    check(krb5_get_init_creds_opt_set_out_ccache(context, opt, cc));
+    ret = krb5_get_init_creds_keytab(context, &cred, client, NULL, 0, NULL,
+                                     opt);
+
+    krb5_get_init_creds_opt_free(context, opt);
+    krb5_free_cred_contents(context, &cred);
+    krb5_free_principal(context, client);
+    krb5_cc_close(context, cc);
+
+    return ret == 0;
+}
+
+static pid_t
+spawn_cred_subprocess()
+{
+    krb5_context context;
+    pid_t pid;
+    int i;
+
+    pid = fork();
+    assert(pid >= 0);
+    if (pid > 0)
+        return pid;
+
+    check(krb5_init_context(&context));
+    for (i = 0; i < iterations; i++) {
+        if (!get_cred(context)) {
+            fprintf(stderr, "cred worker failed after %d successes\n", i);
+            exit(1);
+        }
+    }
+    krb5_free_context(context);
+    exit(0);
+}
+
+static pid_t
+spawn_refresh_subprocess()
+{
+    krb5_context context;
+    pid_t pid;
+    int i;
+
+    pid = fork();
+    assert(pid >= 0);
+    if (pid > 0)
+        return pid;
+
+    check(krb5_init_context(&context));
+    for (i = 0; i < iterations; i++) {
+        if (!refresh_cache(context)) {
+            fprintf(stderr, "refresh worker failed after %d successes\n", i);
+            exit(1);
+        }
+    }
+    krb5_free_context(context);
+    exit(0);
+}
+
+int
+main(int argc, char *argv[])
+{
+    krb5_context context;
+    pid_t cred_pid, refresh_pid, pid;
+    int cstatus, rstatus;
+
+    assert(argc == 4);
+    ccname = argv[1];
+    client_name = argv[2];
+    server_name = argv[3];
+
+    /* Begin with an initialized cache. */
+    check(krb5_init_context(&context));
+    refresh_cache(context);
+    krb5_free_context(context);
+
+    cred_pid = spawn_cred_subprocess();
+    refresh_pid = spawn_refresh_subprocess();
+
+    pid = waitpid(cred_pid, &cstatus, 0);
+    if (pid == -1)
+        abort();
+    pid = waitpid(refresh_pid, &rstatus, 0);
+    if (pid == -1)
+        abort();
+
+    if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus) != 0)
+        return 1;
+    if (!WIFEXITED(rstatus) || WEXITSTATUS(rstatus) != 0)
+        return 1;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/create/Makefile.in b/krb5-1.21.3/src/tests/create/Makefile.in
new file mode 100644
index 00000000..5a44dfd8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/create/Makefile.in
@@ -0,0 +1,17 @@
+mydir=tests$(S)create
+BUILDTOP=$(REL)..$(S)..
+SRCS=$(srcdir)/kdb5_mkdums.c
+KDB5_DEP_LIBS=$(THREAD_LINKOPTS) $(DL_LIB)
+
+all: kdb5_mkdums
+
+kdb5_mkdums: kdb5_mkdums.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o kdb5_mkdums kdb5_mkdums.o $(KDB5_DEP_LIBS) $(KDB5_LIBS) $(KRB5_BASE_LIBS)
+
+all: kdb5_mkdums
+
+install:
+
+clean:
+	$(RM) kdb5_mkdums.o kdb5_mkdums
+
diff --git a/krb5-1.21.3/src/tests/create/deps b/krb5-1.21.3/src/tests/create/deps
new file mode 100644
index 00000000..a8e5e285
--- /dev/null
+++ b/krb5-1.21.3/src/tests/create/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdb5_mkdums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_mkdums.c
diff --git a/krb5-1.21.3/src/tests/create/kdb5_mkdums.c b/krb5-1.21.3/src/tests/create/kdb5_mkdums.c
new file mode 100644
index 00000000..7c066660
--- /dev/null
+++ b/krb5-1.21.3/src/tests/create/kdb5_mkdums.c
@@ -0,0 +1,406 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/create/kdb5_mkdums.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ * Edit a KDC database.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include "com_err.h"
+#include <ss/ss.h>
+#include <stdio.h>
+
+
+#define REALM_SEP       '@'
+#define REALM_SEP_STR   "@"
+
+struct mblock {
+    krb5_deltat max_life;
+    krb5_deltat max_rlife;
+    krb5_timestamp expiration;
+    krb5_flags flags;
+    krb5_kvno mkvno;
+} mblock = {                            /* XXX */
+    KRB5_KDB_MAX_LIFE,
+    KRB5_KDB_MAX_RLIFE,
+    KRB5_KDB_EXPIRATION,
+    KRB5_KDB_DEF_FLAGS,
+    1
+};
+
+int set_dbname_help (char *, char *);
+
+static void
+usage(who, status)
+    char *who;
+    int status;
+{
+    fprintf(stderr,
+            "usage: %s -p prefix -n num_to_create [-d dbpathname] [-r realmname]\n",
+            who);
+    fprintf(stderr, "\t [-D depth] [-k enctype] [-M mkeyname]\n");
+
+    exit(status);
+}
+
+int master_princ_set = 0;
+krb5_keyblock master_keyblock;
+krb5_principal master_princ;
+krb5_pointer master_random;
+krb5_context test_context;
+
+static char *progname;
+static char *cur_realm = 0;
+static char *mkey_name = 0;
+static char *mkey_password = 0;
+static krb5_boolean manual_mkey = FALSE;
+
+void add_princ (krb5_context, char *);
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    extern char *optarg;
+    int optchar, i, n;
+    char tmp[4096], tmp2[BUFSIZ], *str_newprinc;
+
+    krb5_error_code retval;
+    char *dbname = 0;
+    int enctypedone = 0;
+    int num_to_create;
+    char principal_string[BUFSIZ];
+    char *suffix = 0;
+    size_t suffix_size = 0;
+    int depth;
+
+    krb5_init_context(&test_context);
+
+    if (strrchr(argv[0], '/'))
+        argv[0] = strrchr(argv[0], '/')+1;
+
+    progname = argv[0];
+
+    memset(principal_string, 0, sizeof(principal_string));
+    num_to_create = 0;
+    depth = 1;
+
+    while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:k:M:e:m")) != -1) {
+        switch(optchar) {
+        case 'D':
+            depth = atoi(optarg);       /* how deep to go */
+            break;
+        case 'P':               /* Only used for testing!!! */
+            mkey_password = optarg;
+            break;
+        case 'p':                       /* prefix name to create */
+            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+            principal_string[sizeof(principal_string) - 1] = '\0';
+            suffix = principal_string + strlen(principal_string);
+            suffix_size = sizeof(principal_string) -
+                (suffix - principal_string);
+            break;
+        case 'n':                        /* how many to create */
+            num_to_create = atoi(optarg);
+            break;
+        case 'd':                       /* set db name */
+            dbname = optarg;
+            break;
+        case 'r':
+            cur_realm = optarg;
+            break;
+        case 'k':
+            master_keyblock.enctype = atoi(optarg);
+            enctypedone++;
+            break;
+        case 'M':                       /* master key name in DB */
+            mkey_name = optarg;
+            break;
+        case 'm':
+            manual_mkey = TRUE;
+            break;
+        case '?':
+        default:
+            usage(progname, 1);
+            /*NOTREACHED*/
+        }
+    }
+
+    if (!(num_to_create && suffix)) usage(progname, 1);
+
+    if (!enctypedone)
+        master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+
+    if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
+        com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
+                "while setting up enctype %d", master_keyblock.enctype);
+        exit(1);
+    }
+
+    if (!dbname)
+        dbname = DEFAULT_KDB_FILE;      /* XXX? */
+
+    if (!cur_realm) {
+        if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
+            com_err(progname, retval, "while retrieving default realm name");
+            exit(1);
+        }
+    }
+    if ((retval = set_dbname_help(progname, dbname)))
+        exit(retval);
+
+    for (n = 1; n <= num_to_create; n++) {
+        /* build the new principal name */
+        /* we can't pick random names because we need to generate all the names
+           again given a prefix and count to test the db lib and kdb */
+        (void) snprintf(suffix, suffix_size, "%d", n);
+        (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
+        tmp[sizeof(tmp) - 1] = '\0';
+        str_newprinc = tmp;
+        add_princ(test_context, str_newprinc);
+
+        for (i = 2; i <= depth; i++) {
+            (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
+                            principal_string, i);
+            tmp2[sizeof(tmp2) - 1] = '\0';
+            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
+            str_newprinc = tmp;
+            add_princ(test_context, str_newprinc);
+        }
+    }
+
+    retval = krb5_db_fini(test_context);
+    memset(master_keyblock.contents, 0,
+           (size_t) master_keyblock.length);
+    if (retval && retval != KRB5_KDB_DBNOTINITED) {
+        com_err(progname, retval, "while closing database");
+        exit(1);
+    }
+    if (master_princ_set)
+        krb5_free_principal(test_context, master_princ);
+    krb5_free_context(test_context);
+    exit(0);
+}
+
+void
+add_princ(context, str_newprinc)
+    krb5_context          context;
+    char                * str_newprinc;
+{
+    krb5_error_code       retval;
+    krb5_principal        newprinc;
+    krb5_db_entry         *newentry;
+    char                  princ_name[4096];
+
+    newentry = calloc(1, sizeof(*newentry));
+    if (newentry == NULL) {
+        com_err(progname, ENOMEM, "while allocating DB entry");
+        return;
+    }
+    snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm);
+    if ((retval = krb5_parse_name(context, princ_name, &newprinc))) {
+        com_err(progname, retval, "while parsing '%s'", princ_name);
+        return;
+    }
+
+    /* Add basic data */
+    newentry->len = KRB5_KDB_V1_BASE_LENGTH;
+    newentry->attributes = mblock.flags;
+    newentry->max_life = mblock.max_life;
+    newentry->max_renewable_life = mblock.max_rlife;
+    newentry->expiration = mblock.expiration;
+    newentry->pw_expiration = mblock.expiration;
+
+    /* Add princ to db entry */
+    if ((retval = krb5_copy_principal(context, newprinc, &newentry->princ))) {
+        com_err(progname, retval, "while encoding princ to db entry for '%s'",
+                princ_name);
+        krb5_free_principal(context, newprinc);
+        goto error;
+    }
+
+    {
+        /* Add mod princ to db entry */
+        krb5_timestamp now;
+
+        retval = krb5_timeofday(context, &now);
+        if (retval) {
+            com_err(progname, retval, "while fetching date");
+            krb5_free_principal(context, newprinc);
+            goto error;
+        }
+        retval = krb5_dbe_update_mod_princ_data(context, newentry, now,
+                                                master_princ);
+        if (retval) {
+            com_err(progname, retval, "while encoding mod_princ data");
+            krb5_free_principal(context, newprinc);
+            goto error;
+        }
+    }
+
+    {   /* Add key and salt data to db entry */
+        krb5_data pwd, salt;
+        krb5_keyblock key;
+
+        if ((retval = krb5_principal2salt(context, newprinc, &salt))) {
+            com_err(progname, retval, "while converting princ to salt for '%s'",
+                    princ_name);
+            krb5_free_principal(context, newprinc);
+            goto error;
+        }
+
+        krb5_free_principal(context, newprinc);
+
+        pwd.length = strlen(princ_name);
+        pwd.data = princ_name;  /* must be able to regenerate */
+        if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype,
+                                           &pwd, &salt, &key))) {
+            com_err(progname,retval,"while converting password to key for '%s'",
+                    princ_name);
+            krb5_free_data_contents(context, &salt);
+            goto error;
+        }
+        krb5_free_data_contents(context, &salt);
+
+        if ((retval = krb5_dbe_create_key_data(context, newentry))) {
+            com_err(progname, retval, "while creating key_data for '%s'",
+                    princ_name);
+            free(key.contents);
+            goto error;
+        }
+
+        if ((retval = krb5_dbe_encrypt_key_data(context, &master_keyblock,
+                                                &key, NULL, 1,
+                                                newentry->key_data))) {
+            com_err(progname, retval, "while encrypting key for '%s'",
+                    princ_name);
+            free(key.contents);
+            goto error;
+        }
+        free(key.contents);
+    }
+
+    if ((retval = krb5_db_put_principal(context, newentry))) {
+        com_err(progname, retval, "while storing principal date");
+        goto error;
+    }
+
+error: /* Do cleanup of newentry regardless of error */
+    krb5_db_free_principal(context, newentry);
+    return;
+}
+
+int
+set_dbname_help(pname, dbname)
+    char *pname;
+    char *dbname;
+{
+    krb5_error_code retval;
+    krb5_data pwd, scratch;
+    char *args[2];
+    krb5_db_entry *master_entry;
+
+    /* assemble & parse the master key name */
+
+    if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm,
+                                          0, &master_princ))) {
+        com_err(pname, retval, "while setting up master key name");
+        return(1);
+    }
+    master_princ_set = 1;
+    if (mkey_password) {
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(test_context, master_princ, &scratch);
+        if (retval) {
+            com_err(pname, retval, "while calculated master key salt");
+            return(1);
+        }
+        if ((retval = krb5_c_string_to_key(test_context,
+                                           master_keyblock.enctype,
+                                           &pwd, &scratch,
+                                           &master_keyblock))) {
+            com_err(pname, retval,
+                    "while transforming master key from password");
+            return(1);
+        }
+        free(scratch.data);
+    } else {
+        if ((retval = krb5_db_fetch_mkey(test_context, master_princ,
+                                         master_keyblock.enctype, manual_mkey,
+                                         FALSE, 0, NULL, NULL,
+                                         &master_keyblock))) {
+            com_err(pname, retval, "while reading master key");
+            return(1);
+        }
+    }
+
+    /* Ick!  Current DAL interface requires that the default_realm
+       field be set in the krb5_context.  */
+    if ((retval = krb5_set_default_realm(test_context, cur_realm))) {
+        com_err(pname, retval, "setting default realm");
+        return 1;
+    }
+    /* Pathname is passed to db2 via 'args' parameter.  */
+    args[1] = NULL;
+    if (asprintf(&args[0], "dbname=%s", dbname) < 0) {
+        com_err(pname, errno, "while setting up db parameters");
+        return 1;
+    }
+
+    if ((retval = krb5_db_open(test_context, args, KRB5_KDB_OPEN_RO))) {
+        com_err(pname, retval, "while initializing database");
+        return(1);
+    }
+    /* Done with args */
+    free(args[0]);
+
+    if ((retval = krb5_db_fetch_mkey_list(test_context, master_princ,
+                                          &master_keyblock))){
+        com_err(pname, retval, "while verifying master key");
+        (void) krb5_db_fini(test_context);
+        return(1);
+    }
+    if ((retval = krb5_db_get_principal(test_context, master_princ, 0,
+                                        &master_entry))) {
+        com_err(pname, retval, "while retrieving master entry");
+        (void) krb5_db_fini(test_context);
+        return(1);
+    }
+
+    mblock.max_life = master_entry->max_life;
+    mblock.max_rlife = master_entry->max_renewable_life;
+    mblock.expiration = master_entry->expiration;
+
+    /* don't set flags, master has some extra restrictions */
+    mblock.mkvno = master_entry->key_data[0].key_data_kvno;
+
+    krb5_db_free_principal(test_context, master_entry);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/deps b/krb5-1.21.3/src/tests/deps
new file mode 100644
index 00000000..13eb3312
--- /dev/null
+++ b/krb5-1.21.3/src/tests/deps
@@ -0,0 +1,181 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)adata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h adata.c
+$(OUTPRE)conccache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  conccache.c
+$(OUTPRE)etinfo.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h etinfo.c
+$(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h forward.c
+$(OUTPRE)gcred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gcred.c
+$(OUTPRE)hist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hist.c
+$(OUTPRE)hooks.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h hooks.c
+$(OUTPRE)hrealm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h hrealm.c
+$(OUTPRE)icinterleave.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h icinterleave.c
+$(OUTPRE)icred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  icred.c
+$(OUTPRE)kdbtest.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h kdbtest.c
+$(OUTPRE)localauth.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h localauth.c
+$(OUTPRE)plugorder.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/krb5/pwqual_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h plugorder.c
+$(OUTPRE)rdreq.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h rdreq.c
+$(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h replay.c
+$(OUTPRE)responder.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-json.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h responder.c
+$(OUTPRE)s2p.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h s2p.c
+$(OUTPRE)s4u2self.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h s4u2self.c
+$(OUTPRE)s4u2proxy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h s4u2proxy.c
+$(OUTPRE)t_inetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(COM_ERR_DEPS) t_inetd.c
+$(OUTPRE)unlockiter.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h unlockiter.c
diff --git a/krb5-1.21.3/src/tests/dump.c b/krb5-1.21.3/src/tests/dump.c
new file mode 100644
index 00000000..b8e52b98
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dump.c
@@ -0,0 +1,42 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/dump.c */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Dump a krb5_data to stderr (for debugging purposes). */
+
+#include <stdio.h>
+#include "krb5.h"
+
+void dump_data (data)
+    krb5_data *data;
+{
+    unsigned char *ptr = (unsigned char *)data->data;
+    int i;
+    for (i=0; i<data->length; i++) {
+        fprintf(stderr, "%02x ", ptr[i]);
+        if ((i % 16) == 15) fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "\n");
+}
diff --git a/krb5-1.21.3/src/tests/dumpfiles/dump b/krb5-1.21.3/src/tests/dumpfiles/dump
new file mode 100644
index 00000000..15ff8788
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dumpfiles/dump
@@ -0,0 +1,11 @@
+kdb5_util load_dump version 7
+princ	38	15	3	1	0	K/M@KRBTEST.COM	64	86400	0	0	0	0	0	0	8	2	0100	9	8	0100010000000000	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000408c027c250e8cc3b81476414f2214d57c1ce38891e29792e87258247c73547df4d5756266931dd6686b62270e656895a31ec66bfe913b4f15226227	-1;
+princ	38	36	4	4	0	host/equal-rites.mit.edu@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20009b7f9e9edd44559c5ffb2b52beb92e57586f9bdf59ae0be7010ffa8b628928bebc7d6015211977bc34325be853e5f1eb5826ce75575414bc2696bc16	1	1	17	46	10001bfaf4d8ddd6e8767194a190e9dec2617dbc90883db767fa464325b76b97ea98f3b61c4d4234ff9aee6314a4	1	1	16	54	18008291ce8c2ccde958c2739e93ce499b088b1b8c304bce95097bd6c1bd92c3c9f64e92950767f7806d890b386ba586fdb7f8433f1c	1	1	23	46	1000a460520a9e39b1539e703a51793967247999a9a0bb7c59a61ca2b5e64a58c3b9cf8217daeddd71caae9d7fbb	-1;
+princ	38	24	4	4	0	kadmin/admin@KRBTEST.COM	4	10800	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20005ea70b11f3337975c5463baedc68b234cadf72f89828d98e3c16cb8640bba7c5ed48a4bcf7649a73a9a410e96234924bfacd4bb38f08982db02c5c5b	1	1	17	46	10001b678f8b9bb6913397202c259702c1941fd5d2892f42349a92ca908de248cd041465bb3d16d27efce1f63e30	1	1	16	54	18009ed81fe14b19549918acad7b1158b86f5971ab3bd77b2359c29147af35730167210157e510dda65f691c312ac398850d7e228c40	1	1	23	46	10001d15a249bbea104208ae0b3d83337d4c06f6edef6a6ac60ec3df7b52aeeeb388c7233a9b1e3de646949ed540	-1;
+princ	38	27	4	4	0	kadmin/changepw@KRBTEST.COM	8196	300	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200015daf7bc8073eae166b03231330b81b78cfd6021d3dcf3700862dc98725c5bb549a72aa2ae8eef37dc2db5acc59cc62600f72052c6238ef216dd24a5	1	1	17	46	1000c1e176f253d6292fe4e34b2edfbdd5ff81ff3e17b38c2a674bd738d20fc40a4ed38a02351f4a9872123fb865	1	1	16	54	18008bf3418871e7d117af489798fbbcc031c534e095b4e4ed6cb110c7d87a91e5fb6c080c77616618db80ed37589fcc0ca8328406ef	1	1	23	46	10007a522025d2e7126dc48d76218e9efb3ff4326a3b5969be0deac108657a9d23c7827ec39b828fd43e51ea114b	-1;
+princ	38	38	4	4	0	kadmin/equal-rites.mit.edu@KRBTEST.COM	4	10800	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200045a2e5b79c5787bfc68700d3abc0034cc91d48f10636c35e1a571c41c4e6892caceeda8808bfa46aa4050a6d33d99cb64d237f645af6741e90c723ff	1	1	17	46	100073b99fecd81b4fe113b10852065c15e75ed7d256d2d242b3cca57317c28c7fece4bda797f116309ea5bc2eb1	1	1	16	54	1800bd05672170b5d04cb62394498988f3844b744a0793ac435d044e67ed0ee50d20c408b30cec599c169378b0ad2a4967f42aef38e5	1	1	23	46	1000a1a515e0fe322980f319752bf85dd405ca2bdda148009654584b70f50d38c532df1c2d0a3c56f9758775b007	-1;
+princ	38	30	1	4	0	krbtgt/KRBTEST.COM@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000582c9aaf26c4a0abf13600baf37718c91e15dca02385e346cf5d2730d28b2302677f23d02791299548b45e1ced0b05cd30062617bff7532885d7889c	1	1	17	46	1000122eb47263d7837771ebbf7ad82163cc2ea7674a417944c0cbf186522fc0e74a73affd4a42fb9fda287be4f8	1	1	16	54	18008cd8064aea468f13f36ae13ecd4f993d87ef6bafcb2dc5101ad903200ffe3d5c265b2f0c71a6c07ec60d259b6862825cc77a70b2	1	1	23	46	10001699ad0304644456106328fbd733bd5c524f20d4b5d8b8e370eff196803b5990ee7e9eb4b6c2214cf327f59b	-1;
+princ	38	18	4	0	0	nokeys@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	27	d931dc51757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	d931dc51	-1;
+princ	38	22	4	4	0	user/admin@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20002db4cd2b0824c44a17cdbb2d180a1ec9956db35d74741826ed0d77eaef9abdb20c481d5ab9f511d5a3e6b8def443382f03d247568d81529e5dd17fae	1	1	17	46	100011d7cc3627468d565d398cffd735a3cc9d3705cd9846cede198c7d07f4e8209cd9192bc6c5f127169c00f373	1	1	16	54	18002bd9dc3388c90055844b3b4c5c2a814d73758f226d44d7dc5e35ef3b65e7d80cd604a4ef2a5769106818c3d813956bbad1813cb2	1	1	23	46	1000409681c3ff356fb7d28a9f71957c3465ea42ec4eee5019a662f7d367042527b76ae783cfbd0dccbd7529d090	-1;
+princ	38	16	4	4	0	user@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	32	12345c010000000874657374706f6c0000000800000000000000000200000000	2	27	d73e1051757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	2000aec451aae295389f92d177e61b5154941386c70d75d382393e556dfa61bd77d112a777420a99030b56649d366bba83a5c40aa17fa4522222d2e78e10	1	1	17	46	10009c8ab7b3f89ccf3ca3ad98352a461b7f4f1b0c495605117591d9ad52ba4da0adef7a902126973ed2bdc3ffbf	1	1	16	54	18002b87a46d6c4de954a316b5ce28a99886f2abb6b0307190e577b81171dfb7a067139835be8625bc36b0edaaed357609107d85d335	1	1	23	46	1000c01fcdb3050a2270f82dbafbe4c1adc868377bf7133ee7a1bcaf85817abe541beb8008b91c54b99e93d2e0f5	-1;
+policy	testpol	0	0	1	3	1	0	0	0	0	0	0	0	-	0
diff --git a/krb5-1.21.3/src/tests/dumpfiles/dump.16 b/krb5-1.21.3/src/tests/dumpfiles/dump.16
new file mode 100644
index 00000000..bea2ff6b
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dumpfiles/dump.16
@@ -0,0 +1,7 @@
+kdb5_util load_dump version 5
+princ	38	15	1	1	0	K/M@KRBTEST.COM	64	36000	604800	0	0	0	0	0	2	28	18de675264625f6372656174696f6e404b5242544553542e434f4d00	1	1	16	54	180001361a6c58b3a273e484574c6c5739fb114ffe7d2298e767b545f332e3bda573021c97728028e7ec4942708f23f4445d4419f4ad	-1;
+princ	38	24	3	2	0	kadmin/admin@KRBTEST.COM	4	10800	604800	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	18de67526b6462355f7574696c404b5242544553542e434f4d00	1	4	18de6752	1	2	16	54	1800555ff1892cdb7dd7c62b659f9659981205ebb4f9fd4446e5243f58dfc0b99a4f096080d435702e052793a90c66aea062c8b8964e	1	2	1	38	0800ca62598d281381a22fc6d5bdf25653002b6afeb8f24af6ea01c9301359527304a08bb8f5	-1;
+princ	38	27	3	2	0	kadmin/changepw@KRBTEST.COM	8196	300	604800	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	18de67526b6462355f7574696c404b5242544553542e434f4d00	1	4	18de6752	1	2	16	54	1800237a5df1fc3295e08ba18986f51f553c2d0dfff3fb8e17d19ac7777a1cd516713e5496521ba362261ab61c063090705ecf7bca01	1	2	1	38	0800685d1f82188b712b2947b63a259269b1fe53bf383bb05cdc802e2cb9d680631e512af4d4	-1;
+princ	38	38	3	2	0	kadmin/equal-rites.mit.edu@KRBTEST.COM	4	10800	604800	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	18de67526b6462355f7574696c404b5242544553542e434f4d00	1	4	18de6752	1	2	16	54	1800ed9ad2e91940a41abc9b05d7dfb736c353e3ff18272b1d3bc31e5ebc3204e15d5fd9c3caa0c57be4736831b6f03c1741d5423ff1	1	2	1	38	0800eb82c30aa8e1f5a10f0f099372e2ff3385cb5437b41abee02491673cf45c79b2c4466364	-1;
+princ	38	26	3	1	0	kadmin/history@KRBTEST.COM	0	64	604800	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	18de67526b6462355f7574696c404b5242544553542e434f4d00	1	4	18de6752	1	2	16	54	180070b4f132c63aa7d8b91f1323daa8d59bf2e04663b9b8931bcbe9a953c4fab6dda7c820db0cf9922af5ebfb7bd09101849e81f054	-1;
+princ	38	30	1	2	0	krbtgt/KRBTEST.COM@KRBTEST.COM	0	36000	604800	0	0	0	0	0	2	28	18de675264625f6372656174696f6e404b5242544553542e434f4d00	1	1	16	54	1800010572e45515fc5ee028a59a48bc86896ab5014c265304b2340d37a46c0185312e475e9245e70df0f6874c9348a2ca4389c7168f	1	1	1	38	0800d8b88190a5e7f49cdca68c0e018bafd971f1606f9af2f2e3d9e31c69071556896443ade2	-1;
diff --git a/krb5-1.21.3/src/tests/dumpfiles/dump.b7 b/krb5-1.21.3/src/tests/dumpfiles/dump.b7
new file mode 100644
index 00000000..8d534011
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dumpfiles/dump.b7
@@ -0,0 +1,11 @@
+kdb5_util load_dump version 4
+princ	38	15	3	1	0	K/M@KRBTEST.COM	64	86400	0	0	0	0	0	0	8	2	0100	9	8	0100010000000000	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000408c027c250e8cc3b81476414f2214d57c1ce38891e29792e87258247c73547df4d5756266931dd6686b62270e656895a31ec66bfe913b4f15226227	-1;
+princ	38	36	3	4	0	host/equal-rites.mit.edu@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20009b7f9e9edd44559c5ffb2b52beb92e57586f9bdf59ae0be7010ffa8b628928bebc7d6015211977bc34325be853e5f1eb5826ce75575414bc2696bc16	1	1	17	46	10001bfaf4d8ddd6e8767194a190e9dec2617dbc90883db767fa464325b76b97ea98f3b61c4d4234ff9aee6314a4	1	1	16	54	18008291ce8c2ccde958c2739e93ce499b088b1b8c304bce95097bd6c1bd92c3c9f64e92950767f7806d890b386ba586fdb7f8433f1c	1	1	23	46	1000a460520a9e39b1539e703a51793967247999a9a0bb7c59a61ca2b5e64a58c3b9cf8217daeddd71caae9d7fbb	-1;
+princ	38	24	3	4	0	kadmin/admin@KRBTEST.COM	4	10800	0	0	0	0	0	0	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20005ea70b11f3337975c5463baedc68b234cadf72f89828d98e3c16cb8640bba7c5ed48a4bcf7649a73a9a410e96234924bfacd4bb38f08982db02c5c5b	1	1	17	46	10001b678f8b9bb6913397202c259702c1941fd5d2892f42349a92ca908de248cd041465bb3d16d27efce1f63e30	1	1	16	54	18009ed81fe14b19549918acad7b1158b86f5971ab3bd77b2359c29147af35730167210157e510dda65f691c312ac398850d7e228c40	1	1	23	46	10001d15a249bbea104208ae0b3d83337d4c06f6edef6a6ac60ec3df7b52aeeeb388c7233a9b1e3de646949ed540	-1;
+princ	38	27	3	4	0	kadmin/changepw@KRBTEST.COM	8196	300	0	0	0	0	0	0	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200015daf7bc8073eae166b03231330b81b78cfd6021d3dcf3700862dc98725c5bb549a72aa2ae8eef37dc2db5acc59cc62600f72052c6238ef216dd24a5	1	1	17	46	1000c1e176f253d6292fe4e34b2edfbdd5ff81ff3e17b38c2a674bd738d20fc40a4ed38a02351f4a9872123fb865	1	1	16	54	18008bf3418871e7d117af489798fbbcc031c534e095b4e4ed6cb110c7d87a91e5fb6c080c77616618db80ed37589fcc0ca8328406ef	1	1	23	46	10007a522025d2e7126dc48d76218e9efb3ff4326a3b5969be0deac108657a9d23c7827ec39b828fd43e51ea114b	-1;
+princ	38	38	3	4	0	kadmin/equal-rites.mit.edu@KRBTEST.COM	4	10800	0	0	0	0	0	0	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200045a2e5b79c5787bfc68700d3abc0034cc91d48f10636c35e1a571c41c4e6892caceeda8808bfa46aa4050a6d33d99cb64d237f645af6741e90c723ff	1	1	17	46	100073b99fecd81b4fe113b10852065c15e75ed7d256d2d242b3cca57317c28c7fece4bda797f116309ea5bc2eb1	1	1	16	54	1800bd05672170b5d04cb62394498988f3844b744a0793ac435d044e67ed0ee50d20c408b30cec599c169378b0ad2a4967f42aef38e5	1	1	23	46	1000a1a515e0fe322980f319752bf85dd405ca2bdda148009654584b70f50d38c532df1c2d0a3c56f9758775b007	-1;
+princ	38	30	1	4	0	krbtgt/KRBTEST.COM@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000582c9aaf26c4a0abf13600baf37718c91e15dca02385e346cf5d2730d28b2302677f23d02791299548b45e1ced0b05cd30062617bff7532885d7889c	1	1	17	46	1000122eb47263d7837771ebbf7ad82163cc2ea7674a417944c0cbf186522fc0e74a73affd4a42fb9fda287be4f8	1	1	16	54	18008cd8064aea468f13f36ae13ecd4f993d87ef6bafcb2dc5101ad903200ffe3d5c265b2f0c71a6c07ec60d259b6862825cc77a70b2	1	1	23	46	10001699ad0304644456106328fbd733bd5c524f20d4b5d8b8e370eff196803b5990ee7e9eb4b6c2214cf327f59b	-1;
+princ	38	18	3	0	0	nokeys@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	27	d931dc51757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	d931dc51	-1;
+princ	38	22	3	4	0	user/admin@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20002db4cd2b0824c44a17cdbb2d180a1ec9956db35d74741826ed0d77eaef9abdb20c481d5ab9f511d5a3e6b8def443382f03d247568d81529e5dd17fae	1	1	17	46	100011d7cc3627468d565d398cffd735a3cc9d3705cd9846cede198c7d07f4e8209cd9192bc6c5f127169c00f373	1	1	16	54	18002bd9dc3388c90055844b3b4c5c2a814d73758f226d44d7dc5e35ef3b65e7d80cd604a4ef2a5769106818c3d813956bbad1813cb2	1	1	23	46	1000409681c3ff356fb7d28a9f71957c3465ea42ec4eee5019a662f7d367042527b76ae783cfbd0dccbd7529d090	-1;
+princ	38	16	3	4	0	user@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	27	d73e1051757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	2000aec451aae295389f92d177e61b5154941386c70d75d382393e556dfa61bd77d112a777420a99030b56649d366bba83a5c40aa17fa4522222d2e78e10	1	1	17	46	10009c8ab7b3f89ccf3ca3ad98352a461b7f4f1b0c495605117591d9ad52ba4da0adef7a902126973ed2bdc3ffbf	1	1	16	54	18002b87a46d6c4de954a316b5ce28a99886f2abb6b0307190e577b81171dfb7a067139835be8625bc36b0edaaed357609107d85d335	1	1	23	46	1000c01fcdb3050a2270f82dbafbe4c1adc868377bf7133ee7a1bcaf85817abe541beb8008b91c54b99e93d2e0f5	-1;
+policy	testpol	0	0	1	3	1	0
diff --git a/krb5-1.21.3/src/tests/dumpfiles/dump.ov b/krb5-1.21.3/src/tests/dumpfiles/dump.ov
new file mode 100644
index 00000000..285bef97
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dumpfiles/dump.ov
@@ -0,0 +1,9 @@
+OpenV*Secure V1.0	
+princ	host/equal-rites.mit.edu@KRBTEST.COM		0	0	0	2
+princ	kadmin/admin@KRBTEST.COM		0	0	0	2
+princ	kadmin/changepw@KRBTEST.COM		0	0	0	2
+princ	kadmin/equal-rites.mit.edu@KRBTEST.COM		0	0	0	2
+princ	nokeys@KRBTEST.COM		0	0	0	2
+princ	user/admin@KRBTEST.COM		0	0	0	2
+princ	user@KRBTEST.COM	testpol	800	0	0	2
+policy	testpol	0	0	1	3	1	0
diff --git a/krb5-1.21.3/src/tests/dumpfiles/dump.r13 b/krb5-1.21.3/src/tests/dumpfiles/dump.r13
new file mode 100644
index 00000000..c15a75e9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dumpfiles/dump.r13
@@ -0,0 +1,11 @@
+kdb5_util load_dump version 5
+princ	38	15	3	1	0	K/M@KRBTEST.COM	64	86400	0	0	0	0	0	0	8	2	0100	9	8	0100010000000000	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000408c027c250e8cc3b81476414f2214d57c1ce38891e29792e87258247c73547df4d5756266931dd6686b62270e656895a31ec66bfe913b4f15226227	-1;
+princ	38	36	4	4	0	host/equal-rites.mit.edu@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20009b7f9e9edd44559c5ffb2b52beb92e57586f9bdf59ae0be7010ffa8b628928bebc7d6015211977bc34325be853e5f1eb5826ce75575414bc2696bc16	1	1	17	46	10001bfaf4d8ddd6e8767194a190e9dec2617dbc90883db767fa464325b76b97ea98f3b61c4d4234ff9aee6314a4	1	1	16	54	18008291ce8c2ccde958c2739e93ce499b088b1b8c304bce95097bd6c1bd92c3c9f64e92950767f7806d890b386ba586fdb7f8433f1c	1	1	23	46	1000a460520a9e39b1539e703a51793967247999a9a0bb7c59a61ca2b5e64a58c3b9cf8217daeddd71caae9d7fbb	-1;
+princ	38	24	4	4	0	kadmin/admin@KRBTEST.COM	4	10800	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20005ea70b11f3337975c5463baedc68b234cadf72f89828d98e3c16cb8640bba7c5ed48a4bcf7649a73a9a410e96234924bfacd4bb38f08982db02c5c5b	1	1	17	46	10001b678f8b9bb6913397202c259702c1941fd5d2892f42349a92ca908de248cd041465bb3d16d27efce1f63e30	1	1	16	54	18009ed81fe14b19549918acad7b1158b86f5971ab3bd77b2359c29147af35730167210157e510dda65f691c312ac398850d7e228c40	1	1	23	46	10001d15a249bbea104208ae0b3d83337d4c06f6edef6a6ac60ec3df7b52aeeeb388c7233a9b1e3de646949ed540	-1;
+princ	38	27	4	4	0	kadmin/changepw@KRBTEST.COM	8196	300	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200015daf7bc8073eae166b03231330b81b78cfd6021d3dcf3700862dc98725c5bb549a72aa2ae8eef37dc2db5acc59cc62600f72052c6238ef216dd24a5	1	1	17	46	1000c1e176f253d6292fe4e34b2edfbdd5ff81ff3e17b38c2a674bd738d20fc40a4ed38a02351f4a9872123fb865	1	1	16	54	18008bf3418871e7d117af489798fbbcc031c534e095b4e4ed6cb110c7d87a91e5fb6c080c77616618db80ed37589fcc0ca8328406ef	1	1	23	46	10007a522025d2e7126dc48d76218e9efb3ff4326a3b5969be0deac108657a9d23c7827ec39b828fd43e51ea114b	-1;
+princ	38	38	4	4	0	kadmin/equal-rites.mit.edu@KRBTEST.COM	4	10800	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200045a2e5b79c5787bfc68700d3abc0034cc91d48f10636c35e1a571c41c4e6892caceeda8808bfa46aa4050a6d33d99cb64d237f645af6741e90c723ff	1	1	17	46	100073b99fecd81b4fe113b10852065c15e75ed7d256d2d242b3cca57317c28c7fece4bda797f116309ea5bc2eb1	1	1	16	54	1800bd05672170b5d04cb62394498988f3844b744a0793ac435d044e67ed0ee50d20c408b30cec599c169378b0ad2a4967f42aef38e5	1	1	23	46	1000a1a515e0fe322980f319752bf85dd405ca2bdda148009654584b70f50d38c532df1c2d0a3c56f9758775b007	-1;
+princ	38	30	1	4	0	krbtgt/KRBTEST.COM@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000582c9aaf26c4a0abf13600baf37718c91e15dca02385e346cf5d2730d28b2302677f23d02791299548b45e1ced0b05cd30062617bff7532885d7889c	1	1	17	46	1000122eb47263d7837771ebbf7ad82163cc2ea7674a417944c0cbf186522fc0e74a73affd4a42fb9fda287be4f8	1	1	16	54	18008cd8064aea468f13f36ae13ecd4f993d87ef6bafcb2dc5101ad903200ffe3d5c265b2f0c71a6c07ec60d259b6862825cc77a70b2	1	1	23	46	10001699ad0304644456106328fbd733bd5c524f20d4b5d8b8e370eff196803b5990ee7e9eb4b6c2214cf327f59b	-1;
+princ	38	18	4	0	0	nokeys@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	27	d931dc51757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	d931dc51	-1;
+princ	38	22	4	4	0	user/admin@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20002db4cd2b0824c44a17cdbb2d180a1ec9956db35d74741826ed0d77eaef9abdb20c481d5ab9f511d5a3e6b8def443382f03d247568d81529e5dd17fae	1	1	17	46	100011d7cc3627468d565d398cffd735a3cc9d3705cd9846cede198c7d07f4e8209cd9192bc6c5f127169c00f373	1	1	16	54	18002bd9dc3388c90055844b3b4c5c2a814d73758f226d44d7dc5e35ef3b65e7d80cd604a4ef2a5769106818c3d813956bbad1813cb2	1	1	23	46	1000409681c3ff356fb7d28a9f71957c3465ea42ec4eee5019a662f7d367042527b76ae783cfbd0dccbd7529d090	-1;
+princ	38	16	4	4	0	user@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	32	12345c010000000874657374706f6c0000000800000000000000000200000000	2	27	d73e1051757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	2000aec451aae295389f92d177e61b5154941386c70d75d382393e556dfa61bd77d112a777420a99030b56649d366bba83a5c40aa17fa4522222d2e78e10	1	1	17	46	10009c8ab7b3f89ccf3ca3ad98352a461b7f4f1b0c495605117591d9ad52ba4da0adef7a902126973ed2bdc3ffbf	1	1	16	54	18002b87a46d6c4de954a316b5ce28a99886f2abb6b0307190e577b81171dfb7a067139835be8625bc36b0edaaed357609107d85d335	1	1	23	46	1000c01fcdb3050a2270f82dbafbe4c1adc868377bf7133ee7a1bcaf85817abe541beb8008b91c54b99e93d2e0f5	-1;
+policy	testpol	0	0	1	3	1	0
diff --git a/krb5-1.21.3/src/tests/dumpfiles/dump.r18 b/krb5-1.21.3/src/tests/dumpfiles/dump.r18
new file mode 100644
index 00000000..b352fa28
--- /dev/null
+++ b/krb5-1.21.3/src/tests/dumpfiles/dump.r18
@@ -0,0 +1,11 @@
+kdb5_util load_dump version 6
+princ	38	15	3	1	0	K/M@KRBTEST.COM	64	86400	0	0	0	0	0	0	8	2	0100	9	8	0100010000000000	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000408c027c250e8cc3b81476414f2214d57c1ce38891e29792e87258247c73547df4d5756266931dd6686b62270e656895a31ec66bfe913b4f15226227	-1;
+princ	38	36	4	4	0	host/equal-rites.mit.edu@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20009b7f9e9edd44559c5ffb2b52beb92e57586f9bdf59ae0be7010ffa8b628928bebc7d6015211977bc34325be853e5f1eb5826ce75575414bc2696bc16	1	1	17	46	10001bfaf4d8ddd6e8767194a190e9dec2617dbc90883db767fa464325b76b97ea98f3b61c4d4234ff9aee6314a4	1	1	16	54	18008291ce8c2ccde958c2739e93ce499b088b1b8c304bce95097bd6c1bd92c3c9f64e92950767f7806d890b386ba586fdb7f8433f1c	1	1	23	46	1000a460520a9e39b1539e703a51793967247999a9a0bb7c59a61ca2b5e64a58c3b9cf8217daeddd71caae9d7fbb	-1;
+princ	38	24	4	4	0	kadmin/admin@KRBTEST.COM	4	10800	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20005ea70b11f3337975c5463baedc68b234cadf72f89828d98e3c16cb8640bba7c5ed48a4bcf7649a73a9a410e96234924bfacd4bb38f08982db02c5c5b	1	1	17	46	10001b678f8b9bb6913397202c259702c1941fd5d2892f42349a92ca908de248cd041465bb3d16d27efce1f63e30	1	1	16	54	18009ed81fe14b19549918acad7b1158b86f5971ab3bd77b2359c29147af35730167210157e510dda65f691c312ac398850d7e228c40	1	1	23	46	10001d15a249bbea104208ae0b3d83337d4c06f6edef6a6ac60ec3df7b52aeeeb388c7233a9b1e3de646949ed540	-1;
+princ	38	27	4	4	0	kadmin/changepw@KRBTEST.COM	8196	300	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200015daf7bc8073eae166b03231330b81b78cfd6021d3dcf3700862dc98725c5bb549a72aa2ae8eef37dc2db5acc59cc62600f72052c6238ef216dd24a5	1	1	17	46	1000c1e176f253d6292fe4e34b2edfbdd5ff81ff3e17b38c2a674bd738d20fc40a4ed38a02351f4a9872123fb865	1	1	16	54	18008bf3418871e7d117af489798fbbcc031c534e095b4e4ed6cb110c7d87a91e5fb6c080c77616618db80ed37589fcc0ca8328406ef	1	1	23	46	10007a522025d2e7126dc48d76218e9efb3ff4326a3b5969be0deac108657a9d23c7827ec39b828fd43e51ea114b	-1;
+princ	38	38	4	4	0	kadmin/equal-rites.mit.edu@KRBTEST.COM	4	10800	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	26	b93e10516b6462355f7574696c404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	200045a2e5b79c5787bfc68700d3abc0034cc91d48f10636c35e1a571c41c4e6892caceeda8808bfa46aa4050a6d33d99cb64d237f645af6741e90c723ff	1	1	17	46	100073b99fecd81b4fe113b10852065c15e75ed7d256d2d242b3cca57317c28c7fece4bda797f116309ea5bc2eb1	1	1	16	54	1800bd05672170b5d04cb62394498988f3844b744a0793ac435d044e67ed0ee50d20c408b30cec599c169378b0ad2a4967f42aef38e5	1	1	23	46	1000a1a515e0fe322980f319752bf85dd405ca2bdda148009654584b70f50d38c532df1c2d0a3c56f9758775b007	-1;
+princ	38	30	1	4	0	krbtgt/KRBTEST.COM@KRBTEST.COM	0	86400	0	0	0	0	0	0	2	28	b93e105164625f6372656174696f6e404b5242544553542e434f4d00	1	1	18	62	2000582c9aaf26c4a0abf13600baf37718c91e15dca02385e346cf5d2730d28b2302677f23d02791299548b45e1ced0b05cd30062617bff7532885d7889c	1	1	17	46	1000122eb47263d7837771ebbf7ad82163cc2ea7674a417944c0cbf186522fc0e74a73affd4a42fb9fda287be4f8	1	1	16	54	18008cd8064aea468f13f36ae13ecd4f993d87ef6bafcb2dc5101ad903200ffe3d5c265b2f0c71a6c07ec60d259b6862825cc77a70b2	1	1	23	46	10001699ad0304644456106328fbd733bd5c524f20d4b5d8b8e370eff196803b5990ee7e9eb4b6c2214cf327f59b	-1;
+princ	38	18	4	0	0	nokeys@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	27	d931dc51757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	d931dc51	-1;
+princ	38	22	4	4	0	user/admin@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	24	12345c010000000000000000000000000000000200000000	2	30	b93e105167687564736f6e2f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	20002db4cd2b0824c44a17cdbb2d180a1ec9956db35d74741826ed0d77eaef9abdb20c481d5ab9f511d5a3e6b8def443382f03d247568d81529e5dd17fae	1	1	17	46	100011d7cc3627468d565d398cffd735a3cc9d3705cd9846cede198c7d07f4e8209cd9192bc6c5f127169c00f373	1	1	16	54	18002bd9dc3388c90055844b3b4c5c2a814d73758f226d44d7dc5e35ef3b65e7d80cd604a4ef2a5769106818c3d813956bbad1813cb2	1	1	23	46	1000409681c3ff356fb7d28a9f71957c3465ea42ec4eee5019a662f7d367042527b76ae783cfbd0dccbd7529d090	-1;
+princ	38	16	4	4	0	user@KRBTEST.COM	0	86400	0	0	0	0	0	0	3	32	12345c010000000874657374706f6c0000000800000000000000000200000000	2	27	d73e1051757365722f61646d696e404b5242544553542e434f4d00	8	2	0100	1	4	b93e1051	1	1	18	62	2000aec451aae295389f92d177e61b5154941386c70d75d382393e556dfa61bd77d112a777420a99030b56649d366bba83a5c40aa17fa4522222d2e78e10	1	1	17	46	10009c8ab7b3f89ccf3ca3ad98352a461b7f4f1b0c495605117591d9ad52ba4da0adef7a902126973ed2bdc3ffbf	1	1	16	54	18002b87a46d6c4de954a316b5ce28a99886f2abb6b0307190e577b81171dfb7a067139835be8625bc36b0edaaed357609107d85d335	1	1	23	46	1000c01fcdb3050a2270f82dbafbe4c1adc868377bf7133ee7a1bcaf85817abe541beb8008b91c54b99e93d2e0f5	-1;
+policy	testpol	0	0	1	3	1	0	0	0	0
diff --git a/krb5-1.21.3/src/tests/etinfo.c b/krb5-1.21.3/src/tests/etinfo.c
new file mode 100644
index 00000000..6b8a4f33
--- /dev/null
+++ b/krb5-1.21.3/src/tests/etinfo.c
@@ -0,0 +1,172 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/etinfo.c - Test harness for KDC etype-info behavior */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Send an AS-REQ to the KDC for a specified principal, with an optionally
+ * specified request enctype list.  Decode the output as either an AS-REP or a
+ * KRB-ERROR and display the PA-ETYPE-INFO2, PA-ETYPE-INFO, and PA-PW-SALT
+ * padata in the following format:
+ *
+ *     error/asrep etype-info2/etype-info/pw-salt enctype salt [s2kparams]
+ *
+ * enctype is omitted for PA-PW-SALT entries.  salt is displayed directly;
+ * s2kparams is displayed in uppercase hex.
+ */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static void
+display_etinfo(krb5_etype_info_entry **list, const char *l1, const char *l2)
+{
+    krb5_etype_info_entry *info;
+    char etname[256];
+    unsigned int i;
+
+    for (; *list != NULL; list++) {
+        info = *list;
+        check(krb5_enctype_to_name(info->etype, TRUE, etname, sizeof(etname)));
+        printf("%s %s %s ", l1, l2, etname);
+        if (info->length != KRB5_ETYPE_NO_SALT)
+            printf("%.*s", info->length, info->salt);
+        else
+            printf("(default)");
+        if (info->s2kparams.length > 0) {
+            printf(" ");
+            for (i = 0; i < info->s2kparams.length; i++)
+                printf("%02X", (unsigned char)info->s2kparams.data[i]);
+        }
+        printf("\n");
+    }
+}
+
+static void
+display_padata(krb5_pa_data **pa_list, const char *label)
+{
+    krb5_pa_data *pa;
+    krb5_data d;
+    krb5_etype_info_entry **etinfo_list;
+
+    for (; pa_list != NULL && *pa_list != NULL; pa_list++) {
+        pa = *pa_list;
+        d = make_data(pa->contents, pa->length);
+        if (pa->pa_type == KRB5_PADATA_ETYPE_INFO2) {
+            check(decode_krb5_etype_info2(&d, &etinfo_list));
+            display_etinfo(etinfo_list, label, "etype_info2");
+            krb5_free_etype_info(ctx, etinfo_list);
+        } else if (pa->pa_type == KRB5_PADATA_ETYPE_INFO) {
+            check(decode_krb5_etype_info(&d, &etinfo_list));
+            display_etinfo(etinfo_list, label, "etype_info");
+            krb5_free_etype_info(ctx, etinfo_list);
+        } else if (pa->pa_type == KRB5_PADATA_PW_SALT) {
+            printf("%s pw_salt %.*s\n", label, (int)d.length, d.data);
+        } else if (pa->pa_type == KRB5_PADATA_AFS3_SALT) {
+            printf("%s afs3_salt %.*s\n", label, (int)d.length, d.data);
+        }
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_principal client;
+    krb5_get_init_creds_opt *opt;
+    krb5_init_creds_context icc;
+    krb5_data reply, request, realm;
+    krb5_error *error;
+    krb5_kdc_rep *asrep;
+    krb5_pa_data **padata;
+    krb5_preauthtype pa_type = KRB5_PADATA_NONE;
+    unsigned int flags;
+    int primary = 0;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s princname [patype]\n", argv[0]);
+        exit(1);
+    }
+    check(krb5_init_context(&ctx));
+    check(krb5_parse_name(ctx, argv[1], &client));
+    if (argc >= 3)
+        pa_type = atoi(argv[2]);
+
+    check(krb5_get_init_creds_opt_alloc(ctx, &opt));
+    if (pa_type != KRB5_PADATA_NONE)
+        krb5_get_init_creds_opt_set_preauth_list(opt, &pa_type, 1);
+
+    check(krb5_init_creds_init(ctx, client, NULL, NULL, 0, opt, &icc));
+    reply = empty_data();
+    check(krb5_init_creds_step(ctx, icc, &reply, &request, &realm, &flags));
+    assert(flags == KRB5_INIT_CREDS_STEP_FLAG_CONTINUE);
+    check(krb5_sendto_kdc(ctx, &request, &realm, &reply, &primary, 0));
+
+    if (decode_krb5_error(&reply, &error) == 0) {
+        decode_krb5_padata_sequence(&error->e_data, &padata);
+        if (error->error == KDC_ERR_PREAUTH_REQUIRED) {
+            display_padata(padata, "error");
+        } else if (error->error == KDC_ERR_MORE_PREAUTH_DATA_REQUIRED) {
+            display_padata(padata, "more");
+        } else {
+            fprintf(stderr, "Unexpected error %d\n", (int)error->error);
+            return 1;
+        }
+        krb5_free_pa_data(ctx, padata);
+        krb5_free_error(ctx, error);
+    } else if (decode_krb5_as_rep(&reply, &asrep) == 0) {
+        display_padata(asrep->padata, "asrep");
+        krb5_free_kdc_rep(ctx, asrep);
+    } else {
+        abort();
+    }
+
+    krb5_free_data_contents(ctx, &request);
+    krb5_free_data_contents(ctx, &reply);
+    krb5_free_data_contents(ctx, &realm);
+    krb5_get_init_creds_opt_free(ctx, opt);
+    krb5_init_creds_free(ctx, icc);
+    krb5_free_principal(ctx, client);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/forward.c b/krb5-1.21.3/src/tests/forward.c
new file mode 100644
index 00000000..7327cc9e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/forward.c
@@ -0,0 +1,93 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/forward.c - test harness for getting forwarded creds */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This test program overwrites the default credential cache with a forwarded
+ * TGT obtained using the TGT presently in the cache. */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+int
+main()
+{
+    krb5_ccache cc;
+    krb5_creds mcred, tgt, *fcred;
+    krb5_principal client, tgtprinc;
+    krb5_flags options;
+
+    /* Open the default ccache and get the client and TGT principal names. */
+    check(krb5_init_context(&ctx));
+    check(krb5_cc_default(ctx, &cc));
+    check(krb5_cc_get_principal(ctx, cc, &client));
+    check(krb5_build_principal_ext(ctx, &tgtprinc, client->realm.length,
+                                   client->realm.data, KRB5_TGS_NAME_SIZE,
+                                   KRB5_TGS_NAME, client->realm.length,
+                                   client->realm.data, 0));
+
+    /* Fetch the TGT credential. */
+    memset(&mcred, 0, sizeof(mcred));
+    mcred.client = client;
+    mcred.server = tgtprinc;
+    check(krb5_cc_retrieve_cred(ctx, cc, 0, &mcred, &tgt));
+
+    /* Get a forwarded TGT. */
+    mcred.times = tgt.times;
+    mcred.times.starttime = 0;
+    options = (tgt.ticket_flags & KDC_TKT_COMMON_MASK) | KDC_OPT_FORWARDED;
+    check(krb5_get_cred_via_tkt(ctx, &tgt, options, NULL, &mcred, &fcred));
+
+    /* Reinitialize the default ccache with the forwarded TGT. */
+    check(krb5_cc_initialize(ctx, cc, client));
+    check(krb5_cc_store_cred(ctx, cc, fcred));
+
+    krb5_free_creds(ctx, fcred);
+    krb5_free_cred_contents(ctx, &tgt);
+    krb5_free_principal(ctx, tgtprinc);
+    krb5_free_principal(ctx, client);
+    krb5_cc_close(ctx, cc);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gcred.c b/krb5-1.21.3/src/tests/gcred.c
new file mode 100644
index 00000000..1efb9339
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gcred.c
@@ -0,0 +1,124 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gcred.c - Test harness for referrals */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program is intended to be run from a python script as:
+ *
+ *     gcred [-f] [-t] nametype princname
+ *
+ * where nametype is one of "unknown", "principal", "srv-inst", and "srv-hst",
+ * and princname is the name of the service principal.  gcred acquires
+ * credentials for the specified server principal.  On success, gcred displays
+ * the server principal name of the obtained credentials to stdout and exits
+ * with status 0.  On failure, gcred displays the error message for the failed
+ * operation to stderr and exits with status 1.
+ *
+ * The -f and -t flags set the KRB5_GC_FORWARDABLE and KRB5_GC_NO_TRANSIT_CHECK
+ * options respectively.
+ */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_principal client, server;
+    krb5_ccache ccache;
+    krb5_creds in_creds, *creds;
+    krb5_ticket *ticket;
+    krb5_flags options = 0;
+    char *name;
+    int c;
+
+    check(krb5_init_context(&ctx));
+
+    while ((c = getopt(argc, argv, "ft")) != -1) {
+        switch (c) {
+        case 'f':
+            options |= KRB5_GC_FORWARDABLE;
+            break;
+        case 't':
+            options |= KRB5_GC_NO_TRANSIT_CHECK;
+            break;
+        default:
+            abort();
+        }
+    }
+    argc -= optind;
+    argv += optind;
+    assert(argc == 2);
+    check(krb5_parse_name(ctx, argv[1], &server));
+    if (strcmp(argv[0], "unknown") == 0)
+        server->type = KRB5_NT_UNKNOWN;
+    else if (strcmp(argv[0], "principal") == 0)
+        server->type = KRB5_NT_PRINCIPAL;
+    else if (strcmp(argv[0], "srv-inst") == 0)
+        server->type = KRB5_NT_SRV_INST;
+    else if (strcmp(argv[0], "srv-hst") == 0)
+        server->type = KRB5_NT_SRV_HST;
+    else
+        abort();
+
+    check(krb5_cc_default(ctx, &ccache));
+    check(krb5_cc_get_principal(ctx, ccache, &client));
+    memset(&in_creds, 0, sizeof(in_creds));
+    in_creds.client = client;
+    in_creds.server = server;
+    check(krb5_get_credentials(ctx, options, ccache, &in_creds, &creds));
+    check(krb5_decode_ticket(&creds->ticket, &ticket));
+    check(krb5_unparse_name(ctx, ticket->server, &name));
+    printf("%s\n", name);
+
+    krb5_free_ticket(ctx, ticket);
+    krb5_free_unparsed_name(ctx, name);
+    krb5_free_creds(ctx, creds);
+    krb5_free_principal(ctx, client);
+    krb5_free_principal(ctx, server);
+    krb5_cc_close(ctx, ccache);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gss-threads/Makefile.in b/krb5-1.21.3/src/tests/gss-threads/Makefile.in
new file mode 100644
index 00000000..fe2f33b7
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/Makefile.in
@@ -0,0 +1,34 @@
+# Derived from appl/gss-sample, January 2005.
+
+mydir=tests$(S)gss-threads
+BUILDTOP=$(REL)..$(S)..
+DEFINES = -DUSE_AUTOCONF_H -DGSSAPI_V2
+PTHREAD_LIBS=@PTHREAD_LIBS@
+
+SRCS= $(srcdir)/gss-client.c $(srcdir)/gss-misc.c $(srcdir)/gss-server.c
+
+OBJS= gss-client.o gss-misc.o gss-server.o
+
+all-unix: all-unix-@THREAD_SUPPORT@
+all-unix-1: gss-server gss-client
+all-unix-0:
+all-windows: $(OUTPRE)gss-server.exe $(OUTPRE)gss-client.exe
+
+gss-server: gss-server.o gss-misc.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) $(PTHREAD_CFLAGS) -o gss-server gss-server.o gss-misc.o $(GSS_LIBS) $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+gss-client: gss-client.o gss-misc.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) $(PTHREAD_CFLAGS) -o gss-client gss-client.o gss-misc.o $(GSS_LIBS) $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+$(OUTPRE)gss-server.exe: $(OUTPRE)gss-server.obj $(OUTPRE)gss-misc.obj $(GLIB) $(KLIB)
+	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib
+
+$(OUTPRE)gss-client.exe: $(OUTPRE)gss-client.obj $(OUTPRE)gss-misc.obj $(GLIB) $(KLIB)
+	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib
+
+clean-unix::
+	$(RM) gss-server gss-client
+
+install-unix:
+#	$(INSTALL_PROGRAM) gss-client $(DESTDIR)$(CLIENT_BINDIR)/gss-tclient
+#	$(INSTALL_PROGRAM) gss-server $(DESTDIR)$(SERVER_BINDIR)/gss-tserver
diff --git a/krb5-1.21.3/src/tests/gss-threads/README b/krb5-1.21.3/src/tests/gss-threads/README
new file mode 100644
index 00000000..f555b3e3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/README
@@ -0,0 +1,165 @@
+[Out of date; needs updating for thread safety test support.  -- KR 2005-02-09]
+
+# Copyright 1993 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+This directory contains a sample GSS-API client and server
+application.  In addition to serving as an example of GSS-API
+programming, this application is also intended to be a tool for
+testing the performance of GSS-API implementations.
+
+Each time the client is invoked, it performs one or more exchanges
+with the server.  Each exchange with the server consists primarily of
+the following steps:
+
+	1. A TCP/IP connection is established.
+
+	2. (optional, on by default) The client and server establish a
+	   GSS-API context, and the server prints the identify of the
+	   client.
+
+      /	3. The client sends a message to the server.  The message may
+     /     be plaintext, cryptographically "signed" but not encrypted,
+     |     or encrypted (default).
+     |
+0 or |  4. The server decrypts the message (if necessary), verifies
+more |     its signature (if there is one) and prints it.
+times|
+     |  5. The server sends either a signature block (the default) or an
+     |     empty token back to the client to acknowledge the message.
+     \
+      \ 6. If the server sent a signature block, the client verifies
+           it and prints a message indicating that it was verified.
+  
+	7. The client sends an empty block to the server to tell it
+	   that the exchange is finished.
+  
+	8. The client and server close the TCP/IP connection and
+	   destroy the GSS-API context.
+
+The client also supports the -v1 flag which uses an older exchange
+format compatible with previous releases of Kerberos and with samples
+shipped in the Microsoft SDK.
+  
+The server's command line usage is
+  
+	gss-server [-port port] [-verbose] [-once] [-inetd] [-export]
+		[-logfile file] service_name
+  
+where service_name is a GSS-API service name of the form
+"service@host" (or just "service", in which case the local host name
+is used).  The command-line options have the following meanings:
+  
+-port	The TCP port on which to accept connections.  Default is 4444.
+  
+-once	Tells the server to exit after a single exchange, rather than
+	persisting.
+  
+-inetd	Tells the server that it is running out of inetd, so it should
+	interact with the client on stdin rather than binding to a
+	network port.  Implies "-once".
+  
+-export	Tells the server to test the gss_export_sec_context function
+	after establishing a context with a client.
+
+-logfile
+	The file to which the server should append its output, rather
+	than sending it to stdout.
+  
+The client's command line usage is
+
+	gss-client [-port port] [-mech mechanism] [-d] [-f] [-q]
+        [-seq] [-noreplay] [-nomutual]		
+        [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm]
+		host service_name msg
+
+where host is the host running the server, service_name is the service
+name that the server will establish connections as (if you don't
+specify the host name in the service name when running gss-server, and
+it's running on a different machine from gss-client, make sure to
+specify the server's host name in the service name you specify to
+gss-client!) and msg is the message.  The command-line options have
+the following meanings:
+
+-port	The TCP port to which to connect.  Default is 4444.
+
+-mech	The OID of the GSS-API mechanism to use.
+
+-d	Tells the client to delegate credentials to the server.  For
+	the Kerberos GSS-API mechanism, this means that a forwardable
+	TGT will be sent to the server, which will put it in its
+	credential cache (you must have acquired your tickets with
+	"kinit -f" for this to work).
+
+-seq Tells the client to enforce ordered message delivery via
+    sequencing.  
+
+-noreplay Tells the client to disable the use of replay
+    detection.
+
+-nomutual Tells the client to disable the use of mutual authentication.
+
+-f	Tells the client that the "msg" argument is actually the name
+	of a file whose contents should be used as the message.
+
+-q	Tells the client to be quiet, i.e., to only print error
+	messages.
+
+-ccount	Specifies how many sessions the client should initiate with
+	the server (the "connection count").
+
+-mcount	Specifies how many times the message should be sent to the
+	server in each session (the "message count").
+
+-na	Tells the client not to do any authentication with the
+	server.  Implies "-nw", "-nx" and "-nm".
+
+-nw	Tells the client not to "wrap" messages.  Implies "-nx".
+
+-nx	Tells the client not to encrypt messages.
+
+-nm	Tells the client not to ask the server to send back a
+	cryptographic checksum ("MIC").
+
+To run the server on a host, you need to make sure that the principal
+corresponding to service_name is in the default keytab on the server
+host, and that the gss-server process can read the keytab.  For
+example, the service name "host@server" corresponds to the Kerberos
+principal "host/server.domain.com@REALM".
+
+This sample application uses the following GSS-API functions:
+
+	gss_accept_sec_context		gss_inquire_names_for_mech
+	gss_acquire_cred		gss_oid_to_str
+	gss_delete_sec_context		gss_release_buffer
+	gss_display_name		gss_release_cred
+	gss_display_status		gss_release_name
+	gss_export_sec_context		gss_release_oid
+	gss_get_mic			gss_release_oid_set
+	gss_import_name			gss_str_to_oid
+	gss_import_sec_context		gss_unwrap
+	gss_init_sec_context		gss_verify_mic
+	gss_inquire_context		gss_wrap
+  
+This application was originally written by Barry Jaspan of OpenVision
+Technologies, Inc.  It was updated significantly by Jonathan Kamens of
+OpenVision Technologies, Inc.
+
+$Id$
diff --git a/krb5-1.21.3/src/tests/gss-threads/deps b/krb5-1.21.3/src/tests/gss-threads/deps
new file mode 100644
index 00000000..e1c17a06
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/deps
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gss-client.c gss-misc.h
+$(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  gss-misc.c gss-misc.h
+$(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
+  $(top_srcdir)/include/port-sockets.h gss-misc.h gss-server.c
diff --git a/krb5-1.21.3/src/tests/gss-threads/gss-client.c b/krb5-1.21.3/src/tests/gss-threads/gss-client.c
new file mode 100644
index 00000000..c0cf25dd
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/gss-client.c
@@ -0,0 +1,865 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (C) 2003, 2004, 2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#ifdef _WIN32
+#include <windows.h>
+#include <winsock.h>
+#else
+#include <unistd.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <pthread.h>
+#endif
+
+#include <gssapi/gssapi_generic.h>
+#include "gss-misc.h"
+#include "port-sockets.h"
+#include "fake-addrinfo.h"
+
+static int verbose = 1;
+
+static void
+usage()
+{
+    fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
+    fprintf(stderr, "       [-seq] [-noreplay] [-nomutual]");
+    fprintf(stderr, " [-threads num]");
+    fprintf(stderr, "\n");
+    fprintf(stderr, "       [-f] [-q] [-ccount count] [-mcount count]\n");
+    fprintf(stderr, "       [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
+    exit(1);
+}
+
+/*
+ * Function: get_server_info
+ *
+ * Purpose: Sets up a socket address for the named host and port.
+ *
+ * Arguments:
+ *
+ *      host            (r) the target host name
+ *      port            (r) the target port, in host byte order
+ *
+ * Returns: 0 on success, or -1 on failure
+ *
+ * Effects:
+ *
+ * The host name is resolved with gethostbyname(), and "saddr" is set
+ * to the desired socket address.  If an error occurs, an error
+ * message is displayed and -1 is returned.
+ */
+struct sockaddr_in saddr;
+static int
+get_server_info(char *host, u_short port)
+{
+    struct hostent *hp;
+
+    hp = gethostbyname(host);
+    if (hp == NULL) {
+        fprintf(stderr, "Unknown host: %s\n", host);
+        return -1;
+    }
+
+    saddr.sin_family = hp->h_addrtype;
+    memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
+    saddr.sin_port = htons(port);
+    return 0;
+}
+
+/*
+ * Function: connect_to_server
+ *
+ * Purpose: Opens a TCP connection to the name host and port.
+ *
+ * Arguments:
+ *
+ *      host            (r) the target host name
+ *      port            (r) the target port, in host byte order
+ *
+ * Returns: the established socket file descriptor, or -1 on failure
+ *
+ * Effects:
+ *
+ * The host name is resolved with gethostbyname(), and the socket is
+ * opened and connected.  If an error occurs, an error message is
+ * displayed and -1 is returned.
+ */
+static int
+connect_to_server()
+{
+    int s;
+
+    s = socket(AF_INET, SOCK_STREAM, 0);
+    if (s < 0) {
+        perror("creating socket");
+        return -1;
+    }
+    if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
+        perror("connecting to server");
+        (void)closesocket(s);
+        return -1;
+    }
+    return s;
+}
+
+/*
+ * Function: client_establish_context
+ *
+ * Purpose: establishes a GSS-API context with a specified service and
+ * returns the context handle
+ *
+ * Arguments:
+ *
+ *      s               (r) an established TCP connection to the service
+ *      service_name    (r) the ASCII service name of the service
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to actually do authentication
+ *      v1_format       (r) whether the v1 sample protocol should be used
+ *      oid             (r) OID of the mechanism to use
+ *      context         (w) the established GSS-API context
+ *      ret_flags       (w) the returned flags from init_sec_context
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * service_name is imported as a GSS-API name and a GSS-API context is
+ * established with the corresponding service; the service should be
+ * listening on the TCP connection s.  The default GSS-API mechanism
+ * is used, and mutual authentication and replay detection are
+ * requested.
+ *
+ * If successful, the context handle is returned in context.  If
+ * unsuccessful, the GSS-API error messages are displayed on stderr
+ * and -1 is returned.
+ */
+static int
+client_establish_context(int s, char *service_name, OM_uint32 gss_flags,
+                         int auth_flag, int v1_format, gss_OID oid,
+                         gss_ctx_id_t *gss_context, OM_uint32 *ret_flags)
+{
+    if (auth_flag) {
+        gss_buffer_desc send_tok, recv_tok, *token_ptr;
+        gss_name_t target_name;
+        OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+        int token_flags;
+
+        /*
+         * Import the name into target_name.  Use send_tok to save
+         * local variable space.
+         */
+        send_tok.value = service_name;
+        send_tok.length = strlen(service_name);
+        maj_stat = gss_import_name(&min_stat, &send_tok,
+                                   (gss_OID)gss_nt_service_name, &target_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("parsing name", maj_stat, min_stat);
+            return -1;
+        }
+
+        if (!v1_format) {
+            if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT,
+                           empty_token) < 0) {
+                (void)gss_release_name(&min_stat, &target_name);
+                return -1;
+            }
+        }
+
+        /*
+         * Perform the context-establishement loop.
+         *
+         * On each pass through the loop, token_ptr points to the token
+         * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+         * Every generated token is stored in send_tok which is then
+         * transmitted to the server; every received token is stored in
+         * recv_tok, which token_ptr is then set to, to be processed by
+         * the next call to gss_init_sec_context.
+         *
+         * GSS-API guarantees that send_tok's length will be non-zero
+         * if and only if the server is expecting another token from us,
+         * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+         * and only if the server has another token to send us.
+         */
+
+        token_ptr = GSS_C_NO_BUFFER;
+        *gss_context = GSS_C_NO_CONTEXT;
+
+        do {
+            maj_stat = gss_init_sec_context(&init_sec_min_stat,
+                                            GSS_C_NO_CREDENTIAL, gss_context,
+                                            target_name, oid, gss_flags, 0,
+                                            NULL, token_ptr, NULL, &send_tok,
+                                            ret_flags, NULL);
+
+            if (token_ptr != GSS_C_NO_BUFFER)
+                free(recv_tok.value);
+
+            if (send_tok.length != 0) {
+                if (verbose) {
+                    printf("Sending init_sec_context token (size=%d)...",
+                           (int)send_tok.length);
+                }
+                if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT,
+                               &send_tok) < 0) {
+                    (void)gss_release_buffer(&min_stat, &send_tok);
+                    (void)gss_release_name(&min_stat, &target_name);
+                    if (*gss_context != GSS_C_NO_CONTEXT) {
+                        gss_delete_sec_context(&min_stat, gss_context,
+                                               GSS_C_NO_BUFFER);
+                        *gss_context = GSS_C_NO_CONTEXT;
+                    }
+                    return -1;
+                }
+            }
+            (void)gss_release_buffer(&min_stat, &send_tok);
+
+            if (maj_stat != GSS_S_COMPLETE &&
+                maj_stat != GSS_S_CONTINUE_NEEDED) {
+                display_status("initializing context", maj_stat,
+                               init_sec_min_stat);
+                (void)gss_release_name(&min_stat, &target_name);
+                if (*gss_context != GSS_C_NO_CONTEXT) {
+                    gss_delete_sec_context(&min_stat, gss_context,
+                                           GSS_C_NO_BUFFER);
+                }
+                return -1;
+            }
+
+            if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+                if (verbose)
+                    printf("continue needed...");
+                if (recv_token(s, &token_flags, &recv_tok) < 0) {
+                    (void)gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+                token_ptr = &recv_tok;
+            }
+            if (verbose)
+                printf("\n");
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        (void)gss_release_name(&min_stat, &target_name);
+    } else if (send_token(s, TOKEN_NOOP, empty_token) < 0) {
+            return -1;
+    }
+
+    return 0;
+}
+
+static void
+read_file(char *file_name, gss_buffer_t in_buf)
+{
+    int fd, count;
+    struct stat stat_buf;
+
+    fd = open(file_name, O_RDONLY, 0);
+    if (fd < 0) {
+        perror("open");
+        fprintf(stderr, "Couldn't open file %s\n", file_name);
+        exit(2);
+    }
+    if (fstat(fd, &stat_buf) < 0) {
+        perror("fstat");
+        exit(3);
+    }
+    in_buf->length = stat_buf.st_size;
+
+    if (in_buf->length == 0) {
+        in_buf->value = NULL;
+        return;
+    }
+
+    in_buf->value = malloc(in_buf->length);
+    if (in_buf->value == NULL) {
+        fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
+                (int)in_buf->length);
+        exit(4);
+    }
+
+    /* This code used to check for incomplete reads, but you can't get
+     * an incomplete read on any file for which fstat() is meaningful. */
+
+    count = read(fd, in_buf->value, in_buf->length);
+    if (count < 0) {
+        perror("read");
+        exit(5);
+    }
+    if ((size_t)count < in_buf->length) {
+        fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
+                count, (int)in_buf->length);
+    }
+}
+
+/*
+ * Function: call_server
+ *
+ * Purpose: Call the "sign" service.
+ *
+ * Arguments:
+ *
+ *      host            (r) the host providing the service
+ *      port            (r) the port to connect to on host
+ *      service_name    (r) the GSS-API service name to authenticate to
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to do authentication
+ *      wrap_flag       (r) whether to do message wrapping at all
+ *      encrypt_flag    (r) whether to do encryption while wrapping
+ *      mic_flag        (r) whether to request a MIC from the server
+ *      msg             (r) the message to have "signed"
+ *      use_file        (r) whether to treat msg as an input file name
+ *      mcount          (r) the number of times to send the message
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * call_server opens a TCP connection to <host:port> and establishes a
+ * GSS-API context with service_name over the connection.  It then
+ * seals msg in a GSS-API token with gss_wrap, sends it to the server,
+ * reads back a GSS-API signature block for msg from the server, and
+ * verifies it with gss_verify.  -1 is returned if any step fails,
+ * otherwise 0 is returned.
+ */
+static int
+call_server(char *host, u_short port, gss_OID oid, char *service_name,
+            OM_uint32 gss_flags, int auth_flag, int wrap_flag,
+            int encrypt_flag, int mic_flag, int v1_format, char *msg,
+            int use_file, size_t mcount)
+{
+    gss_ctx_id_t context;
+    gss_buffer_desc in_buf, out_buf, sname, tname, oid_name;
+    int s, state, is_local, is_open, flags, token_flags;
+    OM_uint32 ret_flags, maj_stat, min_stat, lifetime, context_flags;
+    gss_name_t src_name, targ_name;
+    gss_OID mechanism, name_type;
+    gss_qop_t qop_state;
+    gss_OID_set mech_names;
+    size_t i;
+
+    /* Open connection. */
+    s = connect_to_server();
+    if (s < 0)
+        return -1;
+
+    /* Establish context. */
+    if (client_establish_context(s, service_name, gss_flags, auth_flag,
+                                 v1_format, oid, &context, &ret_flags) < 0) {
+        (void)closesocket(s);
+        return -1;
+    }
+
+    if (auth_flag && verbose) {
+        /* Display the flags. */
+        display_ctx_flags(ret_flags);
+
+        /* Get context information. */
+        maj_stat = gss_inquire_context(&min_stat, context, &src_name,
+                                       &targ_name, &lifetime, &mechanism,
+                                       &context_flags, &is_local, &is_open);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring context", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying source name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_display_name(&min_stat, targ_name, &tname, NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying target name", maj_stat, min_stat);
+            return -1;
+        }
+        printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
+               (int)sname.length, (char *)sname.value,
+               (int)tname.length, (char *)tname.value, lifetime, context_flags,
+               is_local ? "locally initiated" : "remotely initiated",
+               is_open ? "open" : "closed");
+
+        (void)gss_release_name(&min_stat, &src_name);
+        (void)gss_release_name(&min_stat, &targ_name);
+        (void)gss_release_buffer(&min_stat, &sname);
+        (void)gss_release_buffer(&min_stat, &tname);
+
+        maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Name type of source name is %.*s.\n", (int)oid_name.length,
+               (char *)oid_name.value);
+        (void)gss_release_buffer(&min_stat, &oid_name);
+
+        /* Now get the names supported by the mechanism. */
+        maj_stat = gss_inquire_names_for_mech(&min_stat, mechanism,
+                                              &mech_names);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring mech names", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Mechanism %.*s supports %d names\n", (int)oid_name.length,
+               (char *)oid_name.value, (int)mech_names->count);
+        (void)gss_release_buffer(&min_stat, &oid_name);
+
+        for (i = 0; i < mech_names->count; i++) {
+            maj_stat = gss_oid_to_str(&min_stat, &mech_names->elements[i],
+                                      &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            printf("  %d: %.*s\n", (int)i, (int)oid_name.length,
+                   (char *)oid_name.value);
+
+            (void)gss_release_buffer(&min_stat, &oid_name);
+        }
+        (void)gss_release_oid_set(&min_stat, &mech_names);
+    }
+
+    if (use_file) {
+        read_file(msg, &in_buf);
+    } else {
+        /* Seal the message. */
+        in_buf.value = msg;
+        in_buf.length = strlen(msg);
+    }
+
+    for (i = 0; i < mcount; i++) {
+        if (wrap_flag) {
+            maj_stat = gss_wrap(&min_stat, context, encrypt_flag,
+                                GSS_C_QOP_DEFAULT, &in_buf, &state, &out_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("wrapping message", maj_stat, min_stat);
+                (void)closesocket(s);
+                (void)gss_delete_sec_context(&min_stat, &context,
+                                             GSS_C_NO_BUFFER);
+                return -1;
+            } else if (encrypt_flag && !state) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+        } else {
+            out_buf = in_buf;
+        }
+
+        /* Send to server. */
+        flags = 0;
+        if (!v1_format) {
+            flags = TOKEN_DATA | (wrap_flag ? TOKEN_WRAPPED : 0) |
+                (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+                (mic_flag ? TOKEN_SEND_MIC : 0);
+        }
+        if (send_token(s, flags, &out_buf) < 0) {
+            (void)closesocket(s);
+            (void)gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+            return -1;
+        }
+        if (out_buf.value != in_buf.value)
+            (void)gss_release_buffer(&min_stat, &out_buf);
+
+        /* Read signature block into out_buf. */
+        if (recv_token(s, &token_flags, &out_buf) < 0) {
+            (void)closesocket(s);
+            (void)gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+            return -1;
+        }
+
+        if (mic_flag) {
+            /* Verify signature block. */
+            maj_stat = gss_verify_mic(&min_stat, context, &in_buf, &out_buf,
+                                      &qop_state);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("verifying signature", maj_stat, min_stat);
+                (void)closesocket(s);
+                (void)gss_delete_sec_context(&min_stat, &context,
+                                             GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (verbose)
+                printf("Signature verified.\n");
+        } else if (verbose) {
+            printf("Response received.\n");
+        }
+
+        free(out_buf.value);
+    }
+
+    if (use_file)
+        free(in_buf.value);
+
+    /* Send NOOP. */
+    if (!v1_format)
+        (void)send_token(s, TOKEN_NOOP, empty_token);
+
+    if (auth_flag) {
+        /* Delete context. */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            (void)closesocket(s);
+            (void)gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
+            return -1;
+        }
+
+        (void)gss_release_buffer(&min_stat, &out_buf);
+    }
+
+    (void)closesocket(s);
+    return 0;
+}
+
+static void
+parse_oid(char *mechanism, gss_OID *oid)
+{
+    char *mechstr = 0, *cp;
+    gss_buffer_desc tok;
+    OM_uint32 maj_stat, min_stat;
+
+    if (isdigit((unsigned char)mechanism[0])) {
+        if (asprintf(&mechstr, "{ %s }", mechanism) < 0) {
+            fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
+            return;
+        }
+        for (cp = mechstr; *cp; cp++) {
+            if (*cp == '.')
+                *cp = ' ';
+        }
+        tok.value = mechstr;
+    } else {
+        tok.value = mechanism;
+    }
+    tok.length = strlen(tok.value);
+    maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("str_to_oid", maj_stat, min_stat);
+        return;
+    }
+    if (mechstr)
+        free(mechstr);
+}
+
+static int max_threads = 1;
+
+#ifdef _WIN32
+static thread_count = 0;
+static HANDLE hMutex = NULL;
+static HANDLE hEvent = NULL;
+
+void
+init_handles(void)
+{
+    hMutex = CreateMutex(NULL, FALSE, NULL);
+    hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
+}
+
+void
+cleanup_handles(void)
+{
+    CloseHandle(hMutex);
+    CloseHandle(hEvent);
+}
+
+BOOL
+wait_and_increment_thread_counter(void)
+{
+    for (;;) {
+        if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+            if (thread_count < max_threads) {
+                thread_count++;
+                ReleaseMutex(hMutex);
+                return TRUE;
+            } else {
+                ReleaseMutex(hMutex);
+
+                if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0)
+                    continue;
+                else
+                    return FALSE;
+            }
+        } else {
+            return FALSE;
+        }
+    }
+}
+
+BOOL
+decrement_and_signal_thread_counter(void)
+{
+    if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+        if (thread_count == max_threads)
+            SetEvent(hEvent);
+        thread_count--;
+        ReleaseMutex(hMutex);
+        return TRUE;
+    } else {
+        return FALSE;
+    }
+}
+
+#else /* assume pthread */
+
+static pthread_mutex_t counter_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pthread_cond_t counter_cond = PTHREAD_COND_INITIALIZER;
+int counter = 0;
+
+static int
+wait_and_increment_thread_counter(void)
+{
+    int err;
+
+    err = pthread_mutex_lock(&counter_mutex);
+    if (err) {
+        perror("pthread_mutex_lock");
+        return 0;
+    }
+    if (counter == max_threads) {
+        err = pthread_cond_wait(&counter_cond, &counter_mutex);
+        if (err) {
+            pthread_mutex_unlock(&counter_mutex);
+            perror("pthread_cond_wait");
+            return 0;
+        }
+    }
+    counter++;
+    pthread_mutex_unlock(&counter_mutex);
+    return 1;
+}
+
+static void
+decrement_and_signal_thread_counter(void)
+{
+    int err;
+
+    sleep(1);
+    err = pthread_mutex_lock(&counter_mutex);
+    if (err) {
+        perror("pthread_mutex_lock");
+        return;
+    }
+    if (counter == max_threads)
+        pthread_cond_broadcast(&counter_cond);
+    counter--;
+    pthread_mutex_unlock(&counter_mutex);
+}
+
+#endif
+
+static char *service_name, *server_host, *msg;
+static char *mechanism = 0;
+static u_short port = 4444;
+static int use_file = 0;
+static OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+static OM_uint32 min_stat;
+static gss_OID oid = GSS_C_NULL_OID;
+static int mcount = 1, ccount = 1;
+static int auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format;
+
+static void *
+worker_bee(void *unused)
+{
+    printf("worker bee!\n");
+    if (call_server(server_host, port, oid, service_name,
+                    gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+                    v1_format, msg, use_file, mcount) < 0) {
+        if (max_threads == 1)
+            exit(6);
+    }
+
+    if (max_threads > 1)
+        decrement_and_signal_thread_counter();
+    free(unused);
+    return NULL;
+}
+
+int
+main(int argc, char **argv)
+{
+    int i;
+
+    display_file = stdout;
+    auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
+    v1_format = 0;
+
+    /* Parse arguments. */
+    argc--;
+    argv++;
+    while (argc) {
+        if (strcmp(*argv, "-port") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            port = atoi(*argv);
+        } else if (strcmp(*argv, "-mech") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            mechanism = *argv;
+        } else if (strcmp(*argv, "-threads") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            max_threads = atoi(*argv);
+        } else if (strcmp(*argv, "-d") == 0) {
+            gss_flags |= GSS_C_DELEG_FLAG;
+        } else if (strcmp(*argv, "-seq") == 0) {
+            gss_flags |= GSS_C_SEQUENCE_FLAG;
+        } else if (strcmp(*argv, "-noreplay") == 0) {
+            gss_flags &= ~GSS_C_REPLAY_FLAG;
+        } else if (strcmp(*argv, "-nomutual") == 0) {
+            gss_flags &= ~GSS_C_MUTUAL_FLAG;
+        } else if (strcmp(*argv, "-f") == 0) {
+            use_file = 1;
+        } else if (strcmp(*argv, "-q") == 0) {
+            verbose = 0;
+        } else if (strcmp(*argv, "-ccount") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            ccount = atoi(*argv);
+            if (ccount <= 0)
+                usage();
+        } else if (strcmp(*argv, "-mcount") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            mcount = atoi(*argv);
+            if (mcount < 0)
+                usage();
+        } else if (strcmp(*argv, "-na") == 0) {
+            auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
+        } else if (strcmp(*argv, "-nw") == 0) {
+            wrap_flag = 0;
+        } else if (strcmp(*argv, "-nx") == 0) {
+            encrypt_flag = 0;
+        } else if (strcmp(*argv, "-nm") == 0) {
+            mic_flag = 0;
+        } else  if (strcmp(*argv, "-v1") == 0) {
+            v1_format = 1;
+        } else {
+            break;
+        }
+        argc--;
+        argv++;
+    }
+    if (argc != 3)
+        usage();
+
+#ifdef _WIN32
+    if (max_threads < 1) {
+        fprintf(stderr, "warning: there must be at least one thread\n");
+        max_threads = 1;
+    }
+
+    init_handles();
+    SetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT", "1");
+#endif
+
+    server_host = *argv++;
+    service_name = *argv++;
+    msg = *argv++;
+
+    if (mechanism)
+        parse_oid(mechanism, &oid);
+
+    if (get_server_info(server_host, port) < 0)
+        exit(1);
+
+    if (max_threads == 1) {
+        for (i = 0; i < ccount; i++)
+            worker_bee(0);
+    } else {
+        for (i = 0; i < ccount; i++) {
+            if (wait_and_increment_thread_counter()) {
+#ifdef _WIN32
+                uintptr_t handle = _beginthread(worker_bee, 0, (void *)NULL);
+                if (handle == (uintptr_t)-1)
+                    exit(7);
+#else
+                int err;
+                pthread_t thr;
+                err = pthread_create(&thr, 0, worker_bee, malloc(12));
+                if (err) {
+                    perror("pthread_create");
+                    exit(7);
+                }
+                (void)pthread_detach(thr);
+#endif
+            } else {
+                exit(8);
+            }
+        }
+    }
+
+    if (oid != GSS_C_NULL_OID)
+        (void)gss_release_oid(&min_stat, &oid);
+
+#ifdef _WIN32
+    cleanup_handles();
+#else
+    if (max_threads > 1)
+        sleep(10);
+#endif
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gss-threads/gss-misc.c b/krb5-1.21.3/src/tests/gss-threads/gss-misc.c
new file mode 100644
index 00000000..4dd1b5dc
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/gss-misc.c
@@ -0,0 +1,410 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <winsock.h>
+#else
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+
+/* need struct timeval */
+#include <time.h>
+#if HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+#include <gssapi/gssapi_generic.h>
+#include "gss-misc.h"
+/* for store_32_be */
+#include "k5-platform.h"
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#else
+extern char *malloc();
+#endif
+
+FILE *display_file;
+
+gss_buffer_desc empty_token_buf = { 0, (void *)"" };
+gss_buffer_t empty_token = &empty_token_buf;
+
+static void display_status_1(char *m, OM_uint32 code, int type);
+
+static int
+write_all(int fildes, char *buf, unsigned int nbyte)
+{
+    int ret;
+    char *ptr;
+
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+        ret = send(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            if (errno == EINTR)
+                continue;
+            return ret;
+        } else if (ret == 0) {
+            return ptr - buf;
+        }
+    }
+
+    return ptr - buf;
+}
+
+static int
+read_all(int fildes, char *buf, unsigned int nbyte)
+{
+    int ret;
+    char *ptr;
+    fd_set rfds;
+    struct timeval tv;
+
+    FD_ZERO(&rfds);
+    FD_SET(fildes, &rfds);
+    tv.tv_sec = 10;
+    tv.tv_usec = 0;
+
+    for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
+        if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 ||
+            !FD_ISSET(fildes, &rfds))
+            return ptr - buf;
+        ret = recv(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            if (errno == EINTR)
+                continue;
+            return ret;
+        } else if (ret == 0) {
+            return ptr - buf;
+        }
+    }
+
+    return ptr - buf;
+}
+
+/*
+ * Function: send_token
+ *
+ * Purpose: Writes a token to a file descriptor.
+ *
+ * Arguments:
+ *
+ *      s               (r) an open file descriptor
+ *      flags           (r) the flags to write
+ *      tok             (r) the token to write
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * If the flags are non-null, send_token writes the token flags (a
+ * single byte, even though they're passed in in an integer). Next,
+ * the token length (as a network long) and then the token data are
+ * written to the file descriptor s.  It returns 0 on success, and -1
+ * if an error occurs or if it could not write all the data.
+ */
+int
+send_token(int s, int flags, gss_buffer_t tok)
+{
+    int ret;
+    unsigned char char_flags = (unsigned char)flags;
+    unsigned char lenbuf[4];
+
+    if (char_flags) {
+        ret = write_all(s, (char *)&char_flags, 1);
+        if (ret != 1) {
+            perror("sending token flags");
+            return -1;
+        }
+    }
+    if (tok->length > 0xffffffffUL)
+        abort();
+    store_32_be(tok->length, lenbuf);
+    ret = write_all(s, (char *)lenbuf, 4);
+    if (ret < 0) {
+        perror("sending token length");
+        return -1;
+    } else if (ret != 4) {
+        if (display_file) {
+            fprintf(display_file,
+                    "sending token length: %d of %d bytes written\n", ret, 4);
+        }
+        return -1;
+    }
+
+    ret = write_all(s, tok->value, tok->length);
+    if (ret < 0) {
+        perror("sending token data");
+        return -1;
+    } else if ((size_t)ret != tok->length) {
+        if (display_file) {
+            fprintf(display_file,
+                    "sending token data: %d of %d bytes written\n",
+                    ret, (int)tok->length);
+        }
+        return -1;
+    }
+
+    return 0;
+}
+
+/*
+ * Function: recv_token
+ *
+ * Purpose: Reads a token from a file descriptor.
+ *
+ * Arguments:
+ *
+ *      s               (r) an open file descriptor
+ *      flags           (w) the read flags
+ *      tok             (w) the read token
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * recv_token reads the token flags (a single byte, even though
+ * they're stored into an integer, then reads the token length (as a
+ * network long), allocates memory to hold the data, and then reads
+ * the token data from the file descriptor s.  It blocks to read the
+ * length and data, if necessary.  On a successful return, the token
+ * should be freed with gss_release_buffer.  It returns 0 on success,
+ * and -1 if an error occurs or if it could not read all the data.
+ */
+int
+recv_token(int s, int *flags, gss_buffer_t tok)
+{
+    int ret;
+    unsigned char char_flags;
+    unsigned char lenbuf[4];
+
+    ret = read_all(s, (char *)&char_flags, 1);
+    if (ret < 0) {
+        perror("reading token flags");
+        return -1;
+    } else if (!ret) {
+        if (display_file)
+            fputs("reading token flags: 0 bytes read\n", display_file);
+        return -1;
+    } else {
+        *flags = char_flags;
+    }
+
+    if (char_flags == 0) {
+        lenbuf[0] = 0;
+        ret = read_all(s, (char *)&lenbuf[1], 3);
+        if (ret < 0) {
+            perror("reading token length");
+            return -1;
+        } else if (ret != 3) {
+            if (display_file) {
+                fprintf(display_file,
+                        "reading token length: %d of %d bytes read\n", ret, 3);
+            }
+            return -1;
+        }
+    } else {
+        ret = read_all(s, (char *)lenbuf, 4);
+        if (ret < 0) {
+            perror("reading token length");
+            return -1;
+        } else if (ret != 4) {
+            if (display_file) {
+                fprintf(display_file,
+                        "reading token length: %d of %d bytes read\n", ret, 4);
+            }
+            return -1;
+        }
+    }
+
+    tok->length = load_32_be(lenbuf);
+    tok->value = malloc(tok->length ? tok->length : 1);
+    if (tok->length && tok->value == NULL) {
+        if (display_file)
+            fprintf(display_file, "Out of memory allocating token data\n");
+        return -1;
+    }
+
+    ret = read_all(s, (char *)tok->value, tok->length);
+    if (ret < 0) {
+        perror("reading token data");
+        free(tok->value);
+        return -1;
+    } else if ((size_t)ret != tok->length) {
+        fprintf(stderr, "sending token data: %d of %d bytes written\n",
+                ret, (int)tok->length);
+        free(tok->value);
+        return -1;
+    }
+
+    return 0;
+}
+
+static void
+display_status_1(char *m, OM_uint32 code, int type)
+{
+    OM_uint32 min_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        (void)gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+                                 &msg_ctx, &msg);
+        if (display_file) {
+            fprintf(display_file, "GSS-API error %s: %s\n", m,
+                    (char *)msg.value);
+        }
+        (void)gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
+}
+
+/*
+ * Function: display_status
+ *
+ * Purpose: displays GSS-API messages
+ *
+ * Arguments:
+ *
+ *      msg             a string to be displayed with the message
+ *      maj_stat        the GSS-API major status code
+ *      min_stat        the GSS-API minor status code
+ *
+ * Effects:
+ *
+ * The GSS-API messages associated with maj_stat and min_stat are
+ * displayed on stderr, each preceded by "GSS-API error <msg>: " and
+ * followed by a newline.
+ */
+void
+display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+    display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
+    display_status_1(msg, min_stat, GSS_C_MECH_CODE);
+}
+
+/*
+ * Function: display_ctx_flags
+ *
+ * Purpose: displays the flags returned by context initiation in
+ *          a human-readable form
+ *
+ * Arguments:
+ *
+ *      int             ret_flags
+ *
+ * Effects:
+ *
+ * Strings corresponding to the context flags are printed on
+ * stdout, preceded by "context flag: " and followed by a newline
+ */
+
+void
+display_ctx_flags(OM_uint32 flags)
+{
+    if (flags & GSS_C_DELEG_FLAG)
+        fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
+    if (flags & GSS_C_MUTUAL_FLAG)
+        fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
+    if (flags & GSS_C_REPLAY_FLAG)
+        fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
+    if (flags & GSS_C_SEQUENCE_FLAG)
+        fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
+    if (flags & GSS_C_CONF_FLAG)
+        fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
+    if (flags & GSS_C_INTEG_FLAG)
+        fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
+}
+
+void
+print_token(gss_buffer_t tok)
+{
+    size_t i;
+    unsigned char *p = tok->value;
+
+    if (!display_file)
+        return;
+    for (i = 0; i < tok->length; i++, p++) {
+        fprintf(display_file, "%02x ", *p);
+        if (i % 16 == 15) {
+            fprintf(display_file, "\n");
+        }
+    }
+    fprintf(display_file, "\n");
+    fflush(display_file);
+}
+
+#ifdef _WIN32
+#include <sys\timeb.h>
+#include <time.h>
+
+int
+gettimeofday(struct timeval *tv, void *ignore_tz)
+{
+    struct _timeb tb;
+
+    _tzset();
+    _ftime(&tb);
+    if (tv) {
+        tv->tv_sec = tb.time;
+        tv->tv_usec = tb.millitm * 1000;
+    }
+    return 0;
+}
+
+#endif /* _WIN32 */
diff --git a/krb5-1.21.3/src/tests/gss-threads/gss-misc.h b/krb5-1.21.3/src/tests/gss-threads/gss-misc.h
new file mode 100644
index 00000000..1ed8fb6c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/gss-misc.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSMISC_H_
+#define _GSSMISC_H_
+
+#include <gssapi/gssapi_generic.h>
+#include <stdio.h>
+
+extern FILE *display_file;
+
+int send_token(int s, int flags, gss_buffer_t tok);
+int recv_token(int s, int *flags, gss_buffer_t tok);
+void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
+void display_ctx_flags(OM_uint32 flags);
+void print_token(gss_buffer_t tok);
+
+/* Token types */
+#define TOKEN_NOOP		(1<<0)
+#define TOKEN_CONTEXT		(1<<1)
+#define TOKEN_DATA		(1<<2)
+#define TOKEN_MIC		(1<<3)
+
+/* Token flags */
+#define TOKEN_CONTEXT_NEXT	(1<<4)
+#define TOKEN_WRAPPED		(1<<5)
+#define TOKEN_ENCRYPTED		(1<<6)
+#define TOKEN_SEND_MIC		(1<<7)
+
+extern gss_buffer_t empty_token;
+
+#endif
diff --git a/krb5-1.21.3/src/tests/gss-threads/gss-server.c b/krb5-1.21.3/src/tests/gss-threads/gss-server.c
new file mode 100644
index 00000000..a9f980ed
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gss-threads/gss-server.c
@@ -0,0 +1,850 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1994 by OpenVision Technologies, Inc.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * Copyright (C) 2004,2008 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#ifdef _WIN32
+#include <windows.h>
+#include <winsock.h>
+#else
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <netinet/in.h>
+#include <pthread.h>
+#include <signal.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <stdlib.h>
+#include <ctype.h>
+
+#include <gssapi/gssapi_generic.h>
+#include "gss-misc.h"
+#include "port-sockets.h"
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+
+static void
+usage()
+{
+    fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]");
+#ifdef _WIN32
+    fprintf(stderr, " [-threads num]");
+#endif
+    fprintf(stderr, "\n");
+    fprintf(stderr, "       [-inetd] [-export] [-logfile file] "
+            "service_name\n");
+    exit(1);
+}
+
+FILE *logfile;
+
+int verbose = 0;
+
+/*
+ * Function: server_acquire_creds
+ *
+ * Purpose: imports a service name and acquires credentials for it
+ *
+ * Arguments:
+ *
+ *      service_name    (r) the ASCII service name
+ *      server_creds    (w) the GSS-API service credentials
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * The service name is imported with gss_import_name, and service
+ * credentials are acquired with gss_acquire_cred.  If either operation
+ * fails, an error message is displayed and -1 is returned; otherwise,
+ * 0 is returned.
+ */
+static int
+server_acquire_creds(char *service_name, gss_cred_id_t *server_creds)
+{
+    gss_buffer_desc name_buf;
+    gss_name_t server_name;
+    OM_uint32 maj_stat, min_stat;
+
+    name_buf.value = service_name;
+    name_buf.length = strlen(name_buf.value) + 1;
+    maj_stat = gss_import_name(&min_stat, &name_buf,
+                               (gss_OID)gss_nt_service_name, &server_name);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("importing name", maj_stat, min_stat);
+        return -1;
+    }
+
+    maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
+                                GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+                                server_creds, NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("acquiring credentials", maj_stat, min_stat);
+        return -1;
+    }
+
+    (void)gss_release_name(&min_stat, &server_name);
+
+    return 0;
+}
+
+/*
+ * Function: server_establish_context
+ *
+ * Purpose: establishses a GSS-API context as a specified service with
+ * an incoming client, and returns the context handle and associated
+ * client name
+ *
+ * Arguments:
+ *
+ *      s               (r) an established TCP connection to the client
+ *      service_creds   (r) server credentials, from gss_acquire_cred
+ *      context         (w) the established GSS-API context
+ *      client_name     (w) the client's ASCII name
+ *
+ * Returns: 0 on success, -1 on failure
+ *
+ * Effects:
+ *
+ * Any valid client request is accepted.  If a context is established,
+ * its handle is returned in context and the client name is returned
+ * in client_name and 0 is returned.  If unsuccessful, an error
+ * message is displayed and -1 is returned.
+ */
+static int
+server_establish_context(int s, gss_cred_id_t server_creds,
+                         gss_ctx_id_t *context, gss_buffer_t client_name,
+                         OM_uint32 *ret_flags)
+{
+    gss_buffer_desc send_tok, recv_tok, oid_name;
+    gss_name_t client;
+    gss_OID doid;
+    OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
+    int token_flags;
+
+    if (recv_token(s, &token_flags, &recv_tok) < 0)
+        return -1;
+
+    if (recv_tok.value) {
+        free(recv_tok.value);
+        recv_tok.value = NULL;
+    }
+
+    if (!(token_flags & TOKEN_NOOP)) {
+        if (logfile) {
+            fprintf(logfile, "Expected NOOP token, got %d token instead\n",
+                    token_flags);
+        }
+        return -1;
+    }
+
+    *context = GSS_C_NO_CONTEXT;
+
+    if (token_flags & TOKEN_CONTEXT_NEXT) {
+        do {
+            if (recv_token(s, &token_flags, &recv_tok) < 0)
+                return -1;
+
+            if (verbose && logfile) {
+                fprintf(logfile, "Received token (size=%d): \n",
+                        (int)recv_tok.length);
+                print_token(&recv_tok);
+            }
+
+            maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context,
+                                              server_creds, &recv_tok,
+                                              GSS_C_NO_CHANNEL_BINDINGS,
+                                              &client, &doid, &send_tok,
+                                              ret_flags, NULL, NULL);
+
+            if (recv_tok.value) {
+                free(recv_tok.value);
+                recv_tok.value = NULL;
+            }
+
+            if (send_tok.length != 0) {
+                if (verbose && logfile) {
+                    fprintf(logfile,
+                            "Sending accept_sec_context token (size=%d):\n",
+                            (int)send_tok.length);
+                    print_token(&send_tok);
+                }
+                if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+                    if (logfile)
+                        fprintf(logfile, "failure sending token\n");
+                    return -1;
+                }
+
+                (void)gss_release_buffer(&min_stat, &send_tok);
+            }
+            if (maj_stat != GSS_S_COMPLETE &&
+                maj_stat != GSS_S_CONTINUE_NEEDED) {
+                display_status("accepting context", maj_stat,
+                               acc_sec_min_stat);
+                if (*context != GSS_C_NO_CONTEXT) {
+                    gss_delete_sec_context(&min_stat, context,
+                                           GSS_C_NO_BUFFER);
+                }
+                return -1;
+            }
+
+            if (verbose && logfile) {
+                if (maj_stat == GSS_S_CONTINUE_NEEDED)
+                    fprintf(logfile, "continue needed...\n");
+                else
+                    fprintf(logfile, "\n");
+                fflush(logfile);
+            }
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        /* display the flags */
+        display_ctx_flags(*ret_flags);
+
+        if (verbose && logfile) {
+            maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
+                    (int)oid_name.length, (char *)oid_name.value);
+            (void)gss_release_buffer(&min_stat, &oid_name);
+        }
+
+        maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_release_name(&min_stat, &client);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("releasing name", maj_stat, min_stat);
+            return -1;
+        }
+    } else {
+        client_name->length = *ret_flags = 0;
+
+        if (logfile)
+            fprintf(logfile, "Accepted unauthenticated connection.\n");
+    }
+
+    return 0;
+}
+
+/*
+ * Function: create_socket
+ *
+ * Purpose: Opens a listening TCP socket.
+ *
+ * Arguments:
+ *
+ *      port            (r) the port number on which to listen
+ *
+ * Returns: the listening socket file descriptor, or -1 on failure
+ *
+ * Effects:
+ *
+ * A listening socket on the specified port and created and returned.
+ * On error, an error message is displayed and -1 is returned.
+ */
+static int
+create_socket(u_short port)
+{
+    struct sockaddr_in saddr;
+    int s, on = 1;
+
+    saddr.sin_family = AF_INET;
+    saddr.sin_port = htons(port);
+    saddr.sin_addr.s_addr = INADDR_ANY;
+
+    s = socket(AF_INET, SOCK_STREAM, 0);
+    if (s < 0) {
+        perror("creating socket");
+        return -1;
+    }
+    /* Let the socket be reused right away. */
+    (void)setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
+    if (bind(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
+        perror("binding socket");
+        (void)close(s);
+        return -1;
+    }
+    if (listen(s, 5) < 0) {
+        perror("listening on socket");
+        (void)close(s);
+        return -1;
+    }
+    return s;
+}
+
+static float
+timeval_subtract(struct timeval *tv1, struct timeval *tv2)
+{
+    return ((tv1->tv_sec - tv2->tv_sec) +
+            ((float)(tv1->tv_usec - tv2->tv_usec)) / 1000000);
+}
+
+/*
+ * Yes, yes, this isn't the best place for doing this test.
+ * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
+ *                                      -TYT
+ */
+static int
+test_import_export_context(gss_ctx_id_t *context)
+{
+    OM_uint32 min_stat, maj_stat;
+    gss_buffer_desc context_token, copied_token;
+    struct timeval tm1, tm2;
+
+    /* Attempt to save and then restore the context. */
+    gettimeofday(&tm1, (struct timezone *)0);
+    maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("exporting context", maj_stat, min_stat);
+        return 1;
+    }
+    gettimeofday(&tm2, NULL);
+    if (verbose && logfile) {
+        fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
+                (int)context_token.length, timeval_subtract(&tm2, &tm1));
+    }
+    copied_token.length = context_token.length;
+    copied_token.value = malloc(context_token.length);
+    if (copied_token.value == 0) {
+        if (logfile) {
+            fprintf(logfile, "Couldn't allocate memory to copy context "
+                    "token.\n");
+        }
+        return 1;
+    }
+    memcpy(copied_token.value, context_token.value, copied_token.length);
+    maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("importing context", maj_stat, min_stat);
+        return 1;
+    }
+    free(copied_token.value);
+    gettimeofday(&tm1, NULL);
+    if (verbose && logfile) {
+        fprintf(logfile, "Importing context: %7.4f seconds\n",
+                timeval_subtract(&tm1, &tm2));
+    }
+    (void)gss_release_buffer(&min_stat, &context_token);
+    return 0;
+}
+
+/*
+ * Function: sign_server
+ *
+ * Purpose: Performs the "sign" service.
+ *
+ * Arguments:
+ *
+ *      s               (r) a TCP socket on which a connection has been
+ *                      accept()ed
+ *      service_name    (r) the ASCII name of the GSS-API service to
+ *                      establish a context as
+ *      export          (r) whether to test context exporting
+ *
+ * Returns: -1 on error
+ *
+ * Effects:
+ *
+ * sign_server establishes a context, and performs a single sign request.
+ *
+ * A sign request is a single GSS-API sealed token.  The token is
+ * unsealed and a signature block, produced with gss_sign, is returned
+ * to the sender.  The context is the destroyed and the connection
+ * closed.
+ *
+ * If any error occurs, -1 is returned.
+ */
+static int
+sign_server(int s, gss_cred_id_t server_creds, int export)
+{
+    gss_buffer_desc client_name, xmit_buf, msg_buf;
+    gss_ctx_id_t context;
+    OM_uint32 maj_stat, min_stat, ret_flags;
+    int i, conf_state, token_flags;
+    char *cp;
+
+    /* Establish a context with the client */
+    if (server_establish_context(s, server_creds, &context, &client_name,
+                                 &ret_flags) < 0)
+        return -1;
+
+    if (context == GSS_C_NO_CONTEXT) {
+        printf("Accepted unauthenticated connection.\n");
+    } else {
+        printf("Accepted connection: \"%.*s\"\n", (int)client_name.length,
+               (char *)client_name.value);
+        (void)gss_release_buffer(&min_stat, &client_name);
+
+        if (export) {
+            for (i = 0; i < 3; i++) {
+                if (test_import_export_context(&context))
+                    return -1;
+            }
+        }
+    }
+
+    do {
+        /* Receive the message token */
+        if (recv_token(s, &token_flags, &xmit_buf) < 0)
+            return -1;
+
+        if (token_flags & TOKEN_NOOP) {
+            if (logfile)
+                fprintf(logfile, "NOOP token\n");
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+            break;
+        }
+
+        if (verbose && logfile) {
+            fprintf(logfile, "Message token (flags=%d):\n", token_flags);
+            print_token(&xmit_buf);
+        }
+
+        if (context == GSS_C_NO_CONTEXT &&
+            (token_flags &
+             (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC))) {
+            if (logfile) {
+                fprintf(logfile, "Unauthenticated client requested "
+                        "authenticated services!\n");
+            }
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+            return -1;
+        }
+
+        if (token_flags & TOKEN_WRAPPED) {
+            maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
+                                  &conf_state, NULL);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("unsealing message", maj_stat, min_stat);
+                if (xmit_buf.value) {
+                    free(xmit_buf.value);
+                    xmit_buf.value = 0;
+                }
+                return -1;
+            } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+        } else {
+            msg_buf = xmit_buf;
+        }
+
+        if (logfile) {
+            fprintf(logfile, "Received message: ");
+            cp = msg_buf.value;
+            if (isprint((unsigned char)cp[0]) &&
+                isprint((unsigned char)cp[1])) {
+                fprintf(logfile, "\"%.*s\"\n", (int)msg_buf.length,
+                        (char *)msg_buf.value);
+            } else {
+                fprintf(logfile, "\n");
+                print_token(&msg_buf);
+            }
+        }
+
+        if (token_flags & TOKEN_SEND_MIC) {
+            /* Produce a signature block for the message. */
+            maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+                                   &msg_buf, &xmit_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("signing message", maj_stat, min_stat);
+                return -1;
+            }
+
+            if (msg_buf.value) {
+                free(msg_buf.value);
+                msg_buf.value = 0;
+            }
+
+            /* Send the signature block to the client. */
+            if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
+                return -1;
+
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+        } else {
+            if (msg_buf.value) {
+                free(msg_buf.value);
+                msg_buf.value = 0;
+            }
+            if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+                return -1;
+        }
+    } while (1 /* loop will break if NOOP received */);
+
+    if (context != GSS_C_NO_CONTEXT) {
+        /* Delete context. */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            return -1;
+        }
+    }
+
+    if (logfile)
+        fflush(logfile);
+
+    return 0;
+}
+
+static int max_threads = 1;
+
+#ifdef _WIN32
+static thread_count = 0;
+static HANDLE hMutex = NULL;
+static HANDLE hEvent = NULL;
+
+void
+init_handles(void)
+{
+    hMutex = CreateMutex(NULL, FALSE, NULL);
+    hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
+}
+
+void
+cleanup_handles(void)
+{
+    CloseHandle(hMutex);
+    CloseHandle(hEvent);
+}
+
+BOOL
+wait_and_increment_thread_counter(void)
+{
+    for (;;) {
+        if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+            if (thread_count < max_threads) {
+                thread_count++;
+                ReleaseMutex(hMutex);
+                return TRUE;
+            } else {
+                ReleaseMutex(hMutex);
+
+                if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0)
+                    continue;
+                else
+                    return FALSE;
+            }
+        } else {
+            return FALSE;
+        }
+    }
+}
+
+BOOL
+decrement_and_signal_thread_counter(void)
+{
+    if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+        if (thread_count == max_threads)
+            SetEvent(hEvent);
+        thread_count--;
+        ReleaseMutex(hMutex);
+        return TRUE;
+    } else {
+        return FALSE;
+    }
+}
+
+#else /* assume pthread */
+
+static pthread_mutex_t counter_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pthread_cond_t counter_cond = PTHREAD_COND_INITIALIZER;
+int counter = 0;
+
+static int
+wait_and_increment_thread_counter(void)
+{
+    int err;
+
+    err = pthread_mutex_lock(&counter_mutex);
+    if (err) {
+        perror("pthread_mutex_lock");
+        return 0;
+    }
+    if (counter == max_threads) {
+        err = pthread_cond_wait(&counter_cond, &counter_mutex);
+        if (err) {
+            pthread_mutex_unlock(&counter_mutex);
+            perror("pthread_cond_wait");
+            return 0;
+        }
+    }
+    counter++;
+    pthread_mutex_unlock(&counter_mutex);
+    return 1;
+}
+
+static void
+decrement_and_signal_thread_counter(void)
+{
+    int err;
+
+    err = pthread_mutex_lock(&counter_mutex);
+    if (err) {
+        perror("pthread_mutex_lock");
+        return;
+    }
+    if (counter == max_threads)
+        pthread_cond_broadcast(&counter_cond);
+    counter--;
+    pthread_mutex_unlock(&counter_mutex);
+}
+
+#endif
+
+struct _work_plan {
+    int s;
+    gss_cred_id_t server_creds;
+    int export;
+};
+
+static void *
+worker_bee(void *param)
+{
+    struct _work_plan *work = param;
+
+    /* This return value is not checked, because there's not really anything to
+     * do if it fails. */
+    sign_server(work->s, work->server_creds, work->export);
+    closesocket(work->s);
+    free(work);
+
+#if defined _WIN32 || 1
+    if (max_threads > 1)
+        decrement_and_signal_thread_counter();
+#endif
+    return NULL;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *service_name;
+    gss_cred_id_t server_creds;
+    OM_uint32 min_stat;
+    u_short port = 4444;
+    int once = 0;
+    int do_inetd = 0;
+    int export = 0;
+
+    signal(SIGPIPE, SIG_IGN);
+    logfile = stdout;
+    display_file = stdout;
+    argc--;
+    argv++;
+    while (argc) {
+        if (strcmp(*argv, "-port") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            port = atoi(*argv);
+        } else if (strcmp(*argv, "-threads") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            max_threads = atoi(*argv);
+        } else if (strcmp(*argv, "-verbose") == 0) {
+            verbose = 1;
+        } else if (strcmp(*argv, "-once") == 0) {
+            once = 1;
+        } else if (strcmp(*argv, "-inetd") == 0) {
+            do_inetd = 1;
+        } else if (strcmp(*argv, "-export") == 0) {
+            export = 1;
+        } else if (strcmp(*argv, "-logfile") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            /*
+             * Gross hack, but it makes it unnecessary to add an extra argument
+             * to disable logging, and makes the code more efficient because it
+             * doesn't actually write data to /dev/null.
+             */
+            if (!strcmp(*argv, "/dev/null")) {
+                logfile = display_file = NULL;
+            } else {
+                logfile = fopen(*argv, "a");
+                display_file = logfile;
+                if (!logfile) {
+                    perror(*argv);
+                    exit(1);
+                }
+            }
+        } else {
+            break;
+        }
+        argc--;
+        argv++;
+    }
+    if (argc != 1)
+        usage();
+
+    if ((*argv)[0] == '-')
+        usage();
+
+#ifdef _WIN32
+    if (max_threads < 1) {
+        fprintf(stderr, "warning: there must be at least one thread\n");
+        max_threads = 1;
+    }
+
+    if (max_threads > 1 && do_inetd) {
+        fprintf(stderr, "warning: one thread may be used in conjunction "
+                "with inetd\n");
+    }
+
+    init_handles();
+#endif
+
+    service_name = *argv;
+
+    if (server_acquire_creds(service_name, &server_creds) < 0)
+        return -1;
+
+    if (do_inetd) {
+        close(1);
+        close(2);
+
+        sign_server(0, server_creds, export);
+        close(0);
+    } else {
+        int stmp;
+
+        stmp = create_socket(port);
+        if (stmp >= 0) {
+            do {
+                struct _work_plan * work = malloc(sizeof(struct _work_plan));
+
+                if (work == NULL) {
+                    fprintf(stderr, "fatal error: out of memory");
+                    break;
+                }
+
+                /* Accept a TCP connection */
+                work->s = accept(stmp, NULL, 0);
+                if (work->s < 0) {
+                    perror("accepting connection");
+                    continue;
+                }
+
+                work->server_creds = server_creds;
+                work->export = export;
+
+                if (max_threads == 1) {
+                    worker_bee(work);
+                } else {
+                    if (wait_and_increment_thread_counter()) {
+#ifdef _WIN32
+                        uintptr_t handle = _beginthread(worker_bee, 0, work);
+                        if (handle == (uintptr_t)-1) {
+                            closesocket(work->s);
+                            free(work);
+                        }
+#else
+                        int err;
+                        pthread_t thr;
+                        err = pthread_create(&thr, 0, worker_bee, work);
+                        if (err) {
+                            perror("pthread_create");
+                            closesocket(work->s);
+                            free(work);
+                        }
+                        (void)pthread_detach(thr);
+#endif
+                    } else {
+                        fprintf(stderr, "fatal error incrementing thread "
+                                "counter");
+                        closesocket(work->s);
+                        free(work);
+                        break;
+                    }
+                }
+            } while (!once);
+
+            closesocket(stmp);
+        }
+    }
+
+    (void)gss_release_cred(&min_stat, &server_creds);
+
+#ifdef _WIN32
+    cleanup_handles();
+#else
+    if (max_threads > 1) {
+        while (1)
+            sleep(999999);
+    }
+#endif
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/Makefile.in b/krb5-1.21.3/src/tests/gssapi/Makefile.in
new file mode 100644
index 00000000..33047c35
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/Makefile.in
@@ -0,0 +1,138 @@
+mydir=tests$(S)gssapi
+BUILDTOP=$(REL)..$(S)..
+DEFINES = -DUSE_AUTOCONF_H
+
+# For t_prf.c
+LOCALINCLUDES = -I$(srcdir)/../../lib/gssapi/mechglue \
+	-I$(srcdir)/../../lib/gssapi/krb5 \
+	-I$(srcdir)/../../lib/gssapi/generic -I../../lib/gssapi/krb5 \
+	-I../../lib/gssapi/generic
+
+SRCS=	$(srcdir)/ccinit.c $(srcdir)/ccrefresh.c $(srcdir)/common.c \
+	$(srcdir)/reload.c $(srcdir)/t_accname.c $(srcdir)/t_add_cred.c \
+	$(srcdir)/t_bindings.c $(srcdir)/t_ccselect.c $(srcdir)/t_ciflags.c \
+	$(srcdir)/t_context.c $(srcdir)/t_credstore.c $(srcdir)/t_enctypes.c \
+	$(srcdir)/t_err.c $(srcdir)/t_export_cred.c $(srcdir)/t_export_name.c \
+	$(srcdir)/t_gssexts.c $(srcdir)/t_imp_cred.c $(srcdir)/t_imp_name.c \
+	$(srcdir)/t_invalid.c $(srcdir)/t_inq_cred.c $(srcdir)/t_inq_ctx.c \
+	$(srcdir)/t_inq_mechs_name.c $(srcdir)/t_iov.c \
+	$(srcdir)/t_lifetime.c $(srcdir)/t_namingexts.c $(srcdir)/t_oid.c \
+	$(srcdir)/t_pcontok.c $(srcdir)/t_prf.c $(srcdir)/t_s4u.c \
+	$(srcdir)/t_s4u2proxy_krb5.c $(srcdir)/t_saslname.c \
+	$(srcdir)/t_spnego.c $(srcdir)/t_srcattrs.c $(srcdir)/t_store_cred.c
+
+OBJS=	ccinit.o ccrefresh.o common.o reload.o t_accname.o t_add_cred.o \
+	t_bindings.o t_ccselect.o t_ciflags.o t_context.o t_credstore.o \
+	t_enctypes.o t_err.o t_export_cred.o t_export_name.o t_gssexts.o \
+	t_imp_cred.o t_imp_name.o t_invalid.o t_inq_cred.o t_inq_ctx.o \
+	t_inq_mechs_name.o t_iov.o t_lifetime.o t_namingexts.o t_oid.o \
+	t_pcontok.o t_prf.o t_s4u.o t_s4u2proxy_krb5.o t_saslname.o \
+	t_spnego.o t_srcattrs.o t_store_cred.o
+
+COMMON_DEPS= common.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+COMMON_LIBS= common.o $(GSS_LIBS) $(KRB5_BASE_LIBS)
+
+all: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect t_ciflags \
+	t_context t_credstore t_enctypes t_err t_export_cred t_export_name \
+	t_gssexts t_imp_cred t_imp_name t_invalid t_inq_cred t_inq_ctx \
+	t_inq_mechs_name t_iov t_lifetime t_namingexts t_oid t_pcontok t_prf \
+	t_s4u t_s4u2proxy_krb5 t_saslname t_spnego t_srcattrs t_store_cred
+
+check-unix: t_oid reload
+	$(RUN_TEST) ./t_invalid
+	$(RUN_TEST) ./t_oid
+	$(RUN_TEST) ./t_prf
+	$(RUN_TEST) ./t_imp_name
+	if [ -r $(TOPLIBD)/libgssapi_krb5.so ]; then $(RUN_TEST) ./reload; fi
+
+check-pytests: ccinit ccrefresh t_accname t_add_cred t_bindings t_ccselect \
+	t_ciflags t_context t_credstore t_enctypes t_err t_export_cred \
+	t_export_name t_imp_cred t_inq_cred t_inq_ctx t_inq_mechs_name t_iov \
+	t_lifetime t_pcontok t_s4u t_s4u2proxy_krb5 t_spnego t_srcattrs \
+	t_store_cred
+	$(RUNPYTEST) $(srcdir)/t_gssapi.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_store_cred.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_credstore.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_bindings.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_ccselect.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_client_keytab.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_enctypes.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_export_cred.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_s4u.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_authind.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_negoex.py $(PYTESTFLAGS)
+
+ccinit: ccinit.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o ccinit ccinit.o $(KRB5_BASE_LIBS)
+ccrefresh: ccrefresh.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o ccrefresh ccrefresh.o $(KRB5_BASE_LIBS)
+reload: reload.o
+	$(CC_LINK) -o $@ reload.o $(LIBS) $(DL_LIB)
+t_accname: t_accname.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_accname.o $(COMMON_LIBS)
+t_add_cred: t_add_cred.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_add_cred.o $(COMMON_LIBS)
+t_bindings: t_bindings.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_bindings.o $(COMMON_LIBS)
+t_ccselect: t_ccselect.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_ccselect.o $(COMMON_LIBS)
+t_ciflags: t_ciflags.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_ciflags.o $(COMMON_LIBS)
+t_context: t_context.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_context.o $(COMMON_LIBS)
+t_credstore: t_credstore.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_credstore.o $(COMMON_LIBS)
+t_enctypes: t_enctypes.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_enctypes.o $(COMMON_LIBS)
+t_err: t_err.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_err.o $(COMMON_LIBS)
+t_export_cred: t_export_cred.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_export_cred.o $(COMMON_LIBS)
+t_export_name: t_export_name.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_export_name.o $(COMMON_LIBS)
+t_gssexts: t_gssexts.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_gssexts.o $(COMMON_LIBS)
+t_imp_cred: t_imp_cred.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_imp_cred.o $(COMMON_LIBS)
+t_imp_name: t_imp_name.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_imp_name.o $(COMMON_LIBS)
+t_invalid: t_invalid.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_invalid.o $(COMMON_LIBS)
+t_inq_cred: t_inq_cred.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_inq_cred.o $(COMMON_LIBS)
+t_inq_ctx: t_inq_ctx.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_inq_ctx.o $(COMMON_LIBS)
+t_inq_mechs_name: t_inq_mechs_name.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_inq_mechs_name.o $(COMMON_LIBS)
+t_iov: t_iov.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_iov.o $(COMMON_LIBS)
+t_lifetime: t_lifetime.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_lifetime.o $(COMMON_LIBS)
+t_namingexts: t_namingexts.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_namingexts.o $(COMMON_LIBS)
+t_pcontok: t_pcontok.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_pcontok.o $(COMMON_LIBS)
+t_oid: t_oid.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_oid.o $(COMMON_LIBS)
+t_prf: t_prf.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_prf.o $(COMMON_LIBS)
+t_s4u: t_s4u.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_s4u.o $(COMMON_LIBS)
+t_s4u2proxy_krb5: t_s4u2proxy_krb5.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_s4u2proxy_krb5.o $(COMMON_LIBS)
+t_saslname: t_saslname.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_saslname.o $(COMMON_LIBS)
+t_spnego: t_spnego.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_spnego.o $(COMMON_LIBS)
+t_srcattrs: t_srcattrs.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_srcattrs.o $(COMMON_LIBS)
+t_store_cred: t_store_cred.o $(COMMON_DEPS)
+	$(CC_LINK) -o $@ t_store_cred.o $(COMMON_LIBS)
+
+clean:
+	$(RM) ccinit ccrefresh reload t_accname t_add_cred t_bindings
+	$(RM) t_ccselect t_ciflags t_context t_credstore t_enctypes t_err
+	$(RM) t_export_cred t_export_name t_gssexts t_imp_cred t_imp_name
+	$(RM) t_invalid t_inq_cred t_inq_ctx t_inq_mechs_name t_iov t_lifetime
+	$(RM) t_namingexts t_oid t_pcontok t_prf t_s4u t_s4u2proxy_krb5
+	$(RM) t_saslname t_spnego t_srcattrs t_store_cred
diff --git a/krb5-1.21.3/src/tests/gssapi/ccinit.c b/krb5-1.21.3/src/tests/gssapi/ccinit.c
new file mode 100644
index 00000000..b06f0440
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/ccinit.c
@@ -0,0 +1,72 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/ccinit.c - Initialize an empty ccache */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program initializes a ccache without attempting to get credentials in
+ * it.  It is used to test some finer points of gss_acquire_cred behavior.
+ */
+
+#include "k5-int.h"
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("ccinit", code, NULL);
+        abort();
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *ccname, *princname;
+    krb5_context context;
+    krb5_principal princ;
+    krb5_ccache ccache;
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: %s ccname princname\n", argv[0]);
+        return 1;
+    }
+    ccname = argv[1];
+    princname = argv[2];
+
+    check(krb5_init_context(&context));
+    check(krb5_parse_name(context, princname, &princ));
+    check(krb5_cc_resolve(context, ccname, &ccache));
+    check(krb5_cc_initialize(context, ccache, princ));
+    krb5_cc_close(context, ccache);
+    krb5_free_principal(context, princ);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/ccrefresh.c b/krb5-1.21.3/src/tests/gssapi/ccrefresh.c
new file mode 100644
index 00000000..e1f04ed2
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/ccrefresh.c
@@ -0,0 +1,80 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/ccrefresh.c - Get or set refresh time on a ccache */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program sets the refresh time of an existing ccache to 1, forcing a
+ * refresh.
+ */
+
+#include "k5-int.h"
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("ccrefresh", code, NULL);
+        abort();
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *ccname, *value = NULL;
+    krb5_context context;
+    krb5_ccache ccache;
+    krb5_data d;
+
+    if (argc != 2 && argc != 3) {
+        fprintf(stderr, "Usage: %s ccname [value]\n", argv[0]);
+        return 1;
+    }
+    ccname = argv[1];
+    if (argc == 3)
+        value = argv[2];
+
+    check(krb5_init_context(&context));
+    check(krb5_cc_resolve(context, ccname, &ccache));
+    if (value != NULL) {
+        d = string2data((char *)value);
+        check(krb5_cc_set_config(context, ccache, NULL,
+                                 KRB5_CC_CONF_REFRESH_TIME, &d));
+    } else {
+        check(krb5_cc_get_config(context, ccache, NULL,
+                                 KRB5_CC_CONF_REFRESH_TIME, &d));
+        printf("%.*s\n", (int)d.length, d.data);
+        krb5_free_data_contents(context, &d);
+    }
+    krb5_cc_close(context, ccache);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/common.c b/krb5-1.21.3/src/tests/gssapi/common.c
new file mode 100644
index 00000000..34f34f7a
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/common.c
@@ -0,0 +1,282 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/common.c - Common utility functions for GSSAPI test programs */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "common.h"
+
+gss_OID_desc mech_krb5 = { 9, "\052\206\110\206\367\022\001\002\002" };
+gss_OID_desc mech_spnego = { 6, "\053\006\001\005\005\002" };
+gss_OID_desc mech_iakerb = { 6, "\053\006\001\005\002\005" };
+gss_OID_set_desc mechset_krb5 = { 1, &mech_krb5 };
+gss_OID_set_desc mechset_spnego = { 1, &mech_spnego };
+gss_OID_set_desc mechset_iakerb = { 1, &mech_iakerb };
+
+static void
+display_status(const char *msg, OM_uint32 code, int type)
+{
+    OM_uint32 min_stat, msg_ctx = 0;
+    gss_buffer_desc buf;
+
+    do {
+        (void)gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+                                 &msg_ctx, &buf);
+        fprintf(stderr, "%s: %.*s\n", msg, (int)buf.length, (char *)buf.value);
+        (void)gss_release_buffer(&min_stat, &buf);
+    } while (msg_ctx != 0);
+}
+
+void
+check_gsserr(const char *msg, OM_uint32 major, OM_uint32 minor)
+{
+    if (GSS_ERROR(major)) {
+        display_status(msg, major, GSS_C_GSS_CODE);
+        display_status(msg, minor, GSS_C_MECH_CODE);
+        exit(1);
+    }
+}
+
+void
+check_k5err(krb5_context context, const char *msg, krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(context, code);
+        printf("%s: %s\n", msg, errmsg);
+        krb5_free_error_message(context, errmsg);
+        exit(1);
+    }
+}
+
+void
+errout(const char *msg)
+{
+    fprintf(stderr, "%s\n", msg);
+    exit(1);
+}
+
+gss_name_t
+import_name(const char *str)
+{
+    OM_uint32 major, minor;
+    gss_name_t name;
+    gss_buffer_desc buf;
+    gss_OID nametype = NULL;
+
+    if (*str == 'u')
+        nametype = GSS_C_NT_USER_NAME;
+    else if (*str == 'p')
+        nametype = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
+    else if (*str == 'e')
+        nametype = (gss_OID)GSS_KRB5_NT_ENTERPRISE_NAME;
+    else if (*str == 'c')
+        nametype = (gss_OID)GSS_KRB5_NT_X509_CERT;
+    else if (*str == 'h')
+        nametype = GSS_C_NT_HOSTBASED_SERVICE;
+    if (nametype == NULL || str[1] != ':')
+        errout("names must begin with u: or p: or e: or c: or h:");
+    buf.value = (char *)str + 2;
+    buf.length = strlen(str) - 2;
+    major = gss_import_name(&minor, &buf, nametype, &name);
+    check_gsserr("gss_import_name", major, minor);
+    return name;
+}
+
+void
+establish_contexts(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+                   gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
+                   gss_ctx_id_t *actx, gss_name_t *src_name, gss_OID *amech,
+                   gss_cred_id_t *deleg_cred)
+{
+    establish_contexts_ex(imech, icred, acred, tname, flags, ictx, actx,
+                          GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_CHANNEL_BINDINGS,
+                          NULL, src_name, amech, deleg_cred);
+}
+
+void
+establish_contexts_ex(gss_OID imech, gss_cred_id_t icred, gss_cred_id_t acred,
+                      gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ictx,
+                      gss_ctx_id_t *actx, gss_channel_bindings_t icb,
+                      gss_channel_bindings_t acb, OM_uint32 *aret_flags,
+                      gss_name_t *src_name, gss_OID *amech,
+                      gss_cred_id_t *deleg_cred)
+{
+    OM_uint32 minor, imaj, amaj;
+    gss_buffer_desc itok, atok;
+
+    *ictx = *actx = GSS_C_NO_CONTEXT;
+    imaj = amaj = GSS_S_CONTINUE_NEEDED;
+    itok.value = atok.value = NULL;
+    itok.length = atok.length = 0;
+    for (;;) {
+        (void)gss_release_buffer(&minor, &itok);
+        imaj = gss_init_sec_context(&minor, icred, ictx, tname, imech, flags,
+                                    GSS_C_INDEFINITE, icb, &atok, NULL, &itok,
+                                    NULL, NULL);
+        check_gsserr("gss_init_sec_context", imaj, minor);
+        if (amaj == GSS_S_COMPLETE)
+            break;
+
+        (void)gss_release_buffer(&minor, &atok);
+        amaj = gss_accept_sec_context(&minor, actx, acred, &itok, acb,
+                                      src_name, amech, &atok, aret_flags, NULL,
+                                      deleg_cred);
+        check_gsserr("gss_accept_sec_context", amaj, minor);
+        (void)gss_release_buffer(&minor, &itok);
+        if (imaj == GSS_S_COMPLETE)
+            break;
+    }
+
+    if (imaj != GSS_S_COMPLETE || amaj != GSS_S_COMPLETE)
+        errout("One side wants to continue after the other is done");
+
+    (void)gss_release_buffer(&minor, &itok);
+    (void)gss_release_buffer(&minor, &atok);
+}
+
+void
+export_import_cred(gss_cred_id_t *cred)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc buf;
+
+    major = gss_export_cred(&minor, *cred, &buf);
+    check_gsserr("gss_export_cred", major, minor);
+    (void)gss_release_cred(&minor, cred);
+    major = gss_import_cred(&minor, &buf, cred);
+    check_gsserr("gss_import_cred", major, minor);
+    (void)gss_release_buffer(&minor, &buf);
+}
+
+void
+display_canon_name(const char *tag, gss_name_t name, gss_OID mech)
+{
+    gss_name_t canon;
+    OM_uint32 major, minor;
+    gss_buffer_desc buf;
+
+    major = gss_canonicalize_name(&minor, name, mech, &canon);
+    check_gsserr("gss_canonicalize_name", major, minor);
+
+    major = gss_display_name(&minor, canon, &buf, NULL);
+    check_gsserr("gss_display_name", major, minor);
+
+    printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value);
+
+    (void)gss_release_name(&minor, &canon);
+    (void)gss_release_buffer(&minor, &buf);
+}
+
+void
+display_oid(const char *tag, gss_OID oid)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc buf;
+
+    major = gss_oid_to_str(&minor, oid, &buf);
+    check_gsserr("gss_oid_to_str", major, minor);
+    if (tag != NULL)
+        printf("%s:\t", tag);
+    printf("%.*s\n", (int)buf.length, (char *)buf.value);
+    (void)gss_release_buffer(&minor, &buf);
+}
+
+static void
+dump_attribute(gss_name_t name, gss_buffer_t attribute, int noisy)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc value;
+    gss_buffer_desc display_value;
+    int authenticated = 0;
+    int complete = 0;
+    int more = -1;
+    unsigned int i;
+
+    while (more != 0) {
+        value.value = NULL;
+        display_value.value = NULL;
+
+        major = gss_get_name_attribute(&minor, name, attribute, &authenticated,
+                                       &complete, &value, &display_value,
+                                       &more);
+        check_gsserr("gss_get_name_attribute", major, minor);
+
+        printf("Attribute %.*s %s %s\n\n%.*s\n",
+               (int)attribute->length, (char *)attribute->value,
+               authenticated ? "Authenticated" : "",
+               complete ? "Complete" : "",
+               (int)display_value.length, (char *)display_value.value);
+
+        if (noisy) {
+            for (i = 0; i < value.length; i++) {
+                if ((i % 32) == 0)
+                    printf("\n");
+                printf("%02x", ((char *)value.value)[i] & 0xFF);
+            }
+            printf("\n\n");
+        }
+
+        (void)gss_release_buffer(&minor, &value);
+        (void)gss_release_buffer(&minor, &display_value);
+    }
+}
+
+void
+enumerate_attributes(gss_name_t name, int noisy)
+{
+    OM_uint32 major, minor;
+    int is_mechname;
+    gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
+    size_t i;
+
+    major = gss_inquire_name(&minor, name, &is_mechname, NULL, &attrs);
+    check_gsserr("gss_inquire_name", major, minor);
+
+    if (attrs != GSS_C_NO_BUFFER_SET) {
+        for (i = 0; i < attrs->count; i++)
+            dump_attribute(name, &attrs->elements[i], noisy);
+    }
+
+    (void)gss_release_buffer_set(&minor, &attrs);
+}
+
+void
+print_hex(FILE *fp, gss_buffer_t buf)
+{
+    size_t i;
+    const unsigned char *bytes = buf->value;
+
+    for (i = 0; i < buf->length; i++)
+        printf("%02X", bytes[i]);
+    printf("\n");
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/common.h b/krb5-1.21.3/src/tests/gssapi/common.h
new file mode 100644
index 00000000..a5c8f87e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/common.h
@@ -0,0 +1,90 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/common.h - Declarations for GSSAPI test utility functions */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <gssapi/gssapi_krb5.h>
+
+extern gss_OID_desc mech_krb5;
+extern gss_OID_desc mech_spnego;
+extern gss_OID_desc mech_iakerb;
+extern gss_OID_set_desc mechset_krb5;
+extern gss_OID_set_desc mechset_spnego;
+extern gss_OID_set_desc mechset_iakerb;
+
+/* Display an error message (containing msg) and exit if major is an error. */
+void check_gsserr(const char *msg, OM_uint32 major, OM_uint32 minor);
+
+/* Display an error message (containing msg) and exit if code is an error. */
+void check_k5err(krb5_context context, const char *msg, krb5_error_code code);
+
+/* Display an error message containing msg and exit. */
+void errout(const char *msg);
+
+/* Import a GSSAPI name based on a string of the form 'u:username',
+ * 'p:principalname', or 'h:host@service' (or just 'h:service'). */
+gss_name_t import_name(const char *str);
+
+/* Establish contexts using gss_init_sec_context and gss_accept_sec_context. */
+void establish_contexts(gss_OID imech, gss_cred_id_t icred,
+                        gss_cred_id_t acred, gss_name_t tname, OM_uint32 flags,
+                        gss_ctx_id_t *ictx, gss_ctx_id_t *actx,
+                        gss_name_t *src_name, gss_OID *amech,
+                        gss_cred_id_t *deleg_cred);
+
+/* Establish contexts with channel bindings. */
+void establish_contexts_ex(gss_OID imech, gss_cred_id_t icred,
+                           gss_cred_id_t acred, gss_name_t tname,
+                           OM_uint32 flags, gss_ctx_id_t *ictx,
+                           gss_ctx_id_t *actx, gss_channel_bindings_t icb,
+                           gss_channel_bindings_t acb, OM_uint32 *aret_flags,
+                           gss_name_t *src_name, gss_OID *amech,
+                           gss_cred_id_t *deleg_cred);
+
+/* Export *cred to a token, then release *cred and replace it by re-importing
+ * the token. */
+void export_import_cred(gss_cred_id_t *cred);
+
+/* Display name as canonicalized to mech, preceded by tag. */
+void display_canon_name(const char *tag, gss_name_t name, gss_OID mech);
+
+/* Display oid in printable form, preceded by tag (if not NULL). */
+void display_oid(const char *tag, gss_OID oid);
+
+/* Display attributes of name, including hex value if noisy is true. */
+void enumerate_attributes(gss_name_t name, int noisy);
+
+/* Display the contents of buf to fp in hex, followed by a newline. */
+void print_hex(FILE *fp, gss_buffer_t buf);
+
+#endif /* COMMON_H */
diff --git a/krb5-1.21.3/src/tests/gssapi/deps b/krb5-1.21.3/src/tests/gssapi/deps
new file mode 100644
index 00000000..67742f20
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/deps
@@ -0,0 +1,198 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)ccinit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ccinit.c
+$(OUTPRE)ccrefresh.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ccrefresh.c
+$(OUTPRE)common.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.c common.h
+$(OUTPRE)reload.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  reload.c
+$(OUTPRE)t_accname.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_accname.c
+$(OUTPRE)t_add_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_add_cred.c
+$(OUTPRE)t_bindings.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_bindings.c
+$(OUTPRE)t_ccselect.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_ccselect.c
+$(OUTPRE)t_ciflags.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_ciflags.c
+$(OUTPRE)t_context.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_context.c
+$(OUTPRE)t_credstore.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_credstore.c
+$(OUTPRE)t_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../lib/gssapi/generic/gssapi_ext.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  common.h t_enctypes.c
+$(OUTPRE)t_err.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_err.c
+$(OUTPRE)t_export_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_export_cred.c
+$(OUTPRE)t_export_name.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_export_name.c
+$(OUTPRE)t_gssexts.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_gssexts.c
+$(OUTPRE)t_imp_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  common.h t_imp_cred.c
+$(OUTPRE)t_imp_name.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_imp_name.c
+$(OUTPRE)t_invalid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
+  $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(COM_ERR_DEPS) \
+  $(srcdir)/../../lib/gssapi/generic/gssapiP_generic.h \
+  $(srcdir)/../../lib/gssapi/generic/gssapi_ext.h $(srcdir)/../../lib/gssapi/generic/gssapi_generic.h \
+  $(srcdir)/../../lib/gssapi/krb5/gssapiP_krb5.h $(srcdir)/../../lib/gssapi/krb5/gssapi_krb5.h \
+  $(srcdir)/../../lib/gssapi/mechglue/mechglue.h $(srcdir)/../../lib/gssapi/mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  common.h t_invalid.c
+$(OUTPRE)t_inq_cred.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_inq_cred.c
+$(OUTPRE)t_inq_ctx.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_inq_ctx.c
+$(OUTPRE)t_inq_mechs_name.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_inq_mechs_name.c
+$(OUTPRE)t_iov.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_iov.c
+$(OUTPRE)t_lifetime.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_lifetime.c
+$(OUTPRE)t_namingexts.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_namingexts.c
+$(OUTPRE)t_oid.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_oid.c
+$(OUTPRE)t_pcontok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  common.h t_pcontok.c
+$(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_alloc.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
+  $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(COM_ERR_DEPS) \
+  $(srcdir)/../../lib/gssapi/generic/gssapiP_generic.h \
+  $(srcdir)/../../lib/gssapi/generic/gssapi_ext.h $(srcdir)/../../lib/gssapi/generic/gssapi_generic.h \
+  $(srcdir)/../../lib/gssapi/krb5/gssapiP_krb5.h $(srcdir)/../../lib/gssapi/krb5/gssapi_krb5.h \
+  $(srcdir)/../../lib/gssapi/mechglue/mechglue.h $(srcdir)/../../lib/gssapi/mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h common.h t_prf.c
+$(OUTPRE)t_s4u.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_s4u.c
+$(OUTPRE)t_s4u2proxy_krb5.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_s4u2proxy_krb5.c
+$(OUTPRE)t_saslname.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_saslname.c
+$(OUTPRE)t_spnego.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_spnego.c
+$(OUTPRE)t_srcattrs.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  common.h t_srcattrs.c
+$(OUTPRE)t_store_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  common.h t_store_cred.c
diff --git a/krb5-1.21.3/src/tests/gssapi/reload.c b/krb5-1.21.3/src/tests/gssapi/reload.c
new file mode 100644
index 00000000..4fe35654
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/reload.c
@@ -0,0 +1,83 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/reload.c - test loading libgssapi_krb5 twice */
+/*
+ * Copyright (C) 2020 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is a regression test for ticket #8614.  It ensures that libgssapi_krb5
+ * can be loaded multiple times in the same process when libkrb5support is held
+ * open by another library.
+ */
+
+#include <gssapi/gssapi.h>
+#include <stdio.h>
+#include <dlfcn.h>
+#include <assert.h>
+
+/* Load libgssapi_krb5, briefly use it (to force the initializer to run), and
+ * close it. */
+static void
+load_gssapi(void)
+{
+    void *gssapi;
+    OM_uint32 (*indmechs)(OM_uint32 *, gss_OID_set *);
+    OM_uint32 (*reloidset)(OM_uint32 *, gss_OID_set *);
+    OM_uint32 major, minor;
+    gss_OID_set mechs;
+
+    gssapi = dlopen("libgssapi_krb5.so", RTLD_NOW | RTLD_LOCAL);
+    assert(gssapi != NULL);
+    indmechs = dlsym(gssapi, "gss_indicate_mechs");
+    reloidset = dlsym(gssapi, "gss_release_oid_set");
+    assert(indmechs != NULL && reloidset != NULL);
+    major = (*indmechs)(&minor, &mechs);
+    assert(major == 0);
+    (*reloidset)(&minor, &mechs);
+    dlclose(gssapi);
+}
+
+int
+main()
+{
+    void *support;
+
+    /* Hold open libkrb5support to ensure that thread-local state remains */
+    support = dlopen("libkrb5support.so", RTLD_NOW | RTLD_LOCAL);
+    if (support == NULL) {
+        fprintf(stderr, "Error loading libkrb5support: %s\n", dlerror());
+        return 1;
+    }
+
+    load_gssapi();
+    load_gssapi();
+
+    dlclose(support);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_accname.c b/krb5-1.21.3/src/tests/gssapi/t_accname.c
new file mode 100644
index 00000000..30b5db54
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_accname.c
@@ -0,0 +1,93 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "common.h"
+
+/*
+ * Test program for acceptor names, intended to be run from a Python test
+ * script.  Establishes contexts with the default initiator name, a specified
+ * principal name as target name, and a specified host-based name as acceptor
+ * name (or GSS_C_NO_NAME if no acceptor name is given).  If the exchange is
+ * successful, queries the context for the acceptor name and prints it.  If any
+ * call is unsuccessful, displays an error message.  Exits with status 0 if all
+ * operations are successful, or 1 if not.
+ *
+ * Usage: ./t_accname targetname [acceptorname]
+ */
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, flags;
+    gss_cred_id_t acceptor_cred;
+    gss_name_t target_name, acceptor_name = GSS_C_NO_NAME, real_acceptor_name;
+    gss_buffer_desc namebuf;
+    gss_ctx_id_t initiator_context, acceptor_context;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]);
+        return 1;
+    }
+
+    /* Import target and acceptor names. */
+    target_name = import_name(argv[1]);
+    if (argc >= 3)
+        acceptor_name = import_name(argv[2]);
+
+    /* Get acceptor cred. */
+    major = gss_acquire_cred(&minor, acceptor_name, GSS_C_INDEFINITE,
+                             GSS_C_NO_OID_SET, GSS_C_ACCEPT,
+                             &acceptor_cred, NULL, NULL);
+    check_gsserr("gss_acquire_cred", major, minor);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, acceptor_cred,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, NULL, NULL, NULL);
+
+    major = gss_inquire_context(&minor, acceptor_context, NULL,
+                                &real_acceptor_name, NULL, NULL, NULL, NULL,
+                                NULL);
+    check_gsserr("gss_inquire_context", major, minor);
+
+    namebuf.value = NULL;
+    namebuf.length = 0;
+    major = gss_display_name(&minor, real_acceptor_name, &namebuf, NULL);
+    check_gsserr("gss_display_name", major, minor);
+
+    printf("%.*s\n", (int)namebuf.length, (char *)namebuf.value);
+
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_release_name(&minor, &acceptor_name);
+    (void)gss_release_name(&minor, &real_acceptor_name);
+    (void)gss_release_cred(&minor, &acceptor_cred);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+    (void)gss_release_buffer(&minor, &namebuf);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_add_cred.c b/krb5-1.21.3/src/tests/gssapi/t_add_cred.c
new file mode 100644
index 00000000..68b37e3e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_add_cred.c
@@ -0,0 +1,137 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_add_cred.c - gss_add_cred() tests */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program tests the mechglue behavior of gss_add_cred().  It relies on a
+ * krb5 keytab and credentials being present so that initiator and acceptor
+ * credentials can be acquired, but does not use them to initiate or accept any
+ * requests.
+ */
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "common.h"
+
+int
+main()
+{
+    OM_uint32 minor, major;
+    gss_cred_id_t cred1, cred2;
+    gss_cred_usage_t usage;
+    gss_name_t name;
+
+    /* Check that we get the expected error if we pass neither an input nor an
+     * output cred handle. */
+    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
+                         &mech_krb5, GSS_C_INITIATE, GSS_C_INDEFINITE,
+                         GSS_C_INDEFINITE, NULL, NULL, NULL, NULL);
+    assert(major == (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED));
+
+    /* Regression test for #8737: make sure that desired_name is honored when
+     * creating a credential by passing in a non-matching name. */
+    name = import_name("p:does/not/match@WRONG_REALM");
+    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, name, &mech_krb5,
+                         GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE,
+                         &cred1, NULL, NULL, NULL);
+    assert(major == GSS_S_NO_CRED);
+    gss_release_name(&minor, &name);
+
+    /* Create cred1 with a krb5 initiator cred by passing an output handle but
+     * no input handle. */
+    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
+                         &mech_krb5, GSS_C_INITIATE, GSS_C_INDEFINITE,
+                         GSS_C_INDEFINITE, &cred1, NULL, NULL, NULL);
+    assert(major == GSS_S_COMPLETE);
+
+    /* Verify that cred1 has the expected mechanism creds. */
+    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_krb5, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_COMPLETE && usage == GSS_C_INITIATE);
+    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_iakerb, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_NO_CRED);
+
+    /* Check that we get the expected error if we try to add another krb5 mech
+     * cred to cred1. */
+    major = gss_add_cred(&minor, cred1, GSS_C_NO_NAME, &mech_krb5,
+                         GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE,
+                         NULL, NULL, NULL, NULL);
+    assert(major == GSS_S_DUPLICATE_ELEMENT);
+
+    /* Add an IAKERB acceptor mech cred to cred1. */
+    major = gss_add_cred(&minor, cred1, GSS_C_NO_NAME, &mech_iakerb,
+                         GSS_C_ACCEPT, GSS_C_INDEFINITE, GSS_C_INDEFINITE,
+                         NULL, NULL, NULL, NULL);
+    assert(major == GSS_S_COMPLETE);
+
+    /* Verify cred1 mechanism creds. */
+    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_krb5, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_COMPLETE && usage == GSS_C_INITIATE);
+    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_iakerb, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_COMPLETE && usage == GSS_C_ACCEPT);
+
+    /* Start over with another new cred. */
+    gss_release_cred(&minor, &cred1);
+    major = gss_add_cred(&minor, GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME,
+                         &mech_krb5, GSS_C_ACCEPT, GSS_C_INDEFINITE,
+                         GSS_C_INDEFINITE, &cred1, NULL, NULL, NULL);
+    assert(major == GSS_S_COMPLETE);
+
+    /* Create an expanded cred by passing both an output handle and an input
+     * handle. */
+    major = gss_add_cred(&minor, cred1, GSS_C_NO_NAME, &mech_iakerb,
+                         GSS_C_INITIATE, GSS_C_INDEFINITE, GSS_C_INDEFINITE,
+                         &cred2, NULL, NULL, NULL);
+    assert(major == GSS_S_COMPLETE);
+
+    /* Verify mechanism creds in cred1 and cred2. */
+    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_krb5, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_COMPLETE && usage == GSS_C_ACCEPT);
+    major = gss_inquire_cred_by_mech(&minor, cred1, &mech_iakerb, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_NO_CRED);
+    major = gss_inquire_cred_by_mech(&minor, cred2, &mech_krb5, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_COMPLETE && usage == GSS_C_ACCEPT);
+    major = gss_inquire_cred_by_mech(&minor, cred2, &mech_iakerb, NULL, NULL,
+                                     NULL, &usage);
+    assert(major == GSS_S_COMPLETE && usage == GSS_C_INITIATE);
+
+    gss_release_cred(&minor, &cred1);
+    gss_release_cred(&minor, &cred2);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_authind.py b/krb5-1.21.3/src/tests/gssapi/t_authind.py
new file mode 100644
index 00000000..e9f129de
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_authind.py
@@ -0,0 +1,51 @@
+from k5test import *
+
+# Test authentication indicators.  Load the test preauth module so we
+# can control the indicators asserted.
+testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')
+conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},
+                    'clpreauth': {'module': 'test:' + testpreauth}}}
+realm = K5Realm(krb5_conf=conf)
+realm.run([kadminl, 'addprinc', '-randkey', 'service/1'])
+realm.run([kadminl, 'addprinc', '-randkey', 'service/2'])
+realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])
+realm.run([kadminl, 'setstr', 'service/1', 'require_auth', 'superstrong'])
+realm.run([kadminl, 'setstr', 'service/2', 'require_auth', 'one two'])
+realm.run([kadminl, 'xst', 'service/1'])
+realm.run([kadminl, 'xst', 'service/2'])
+
+realm.kinit(realm.user_princ, password('user'),
+            ['-X', 'indicators=superstrong'])
+out = realm.run(['./t_srcattrs', 'p:service/1'])
+if ('Attribute auth-indicators Authenticated Complete') not in out:
+    fail('Expected attribute type data not seen')
+# UTF8 "superstrong"
+if '73757065727374726f6e67' not in out:
+    fail('Expected auth indicator not seen in name attributes')
+
+msg = 'gss_init_sec_context: KDC policy rejects request'
+realm.run(['./t_srcattrs', 'p:service/2'], expected_code=1, expected_msg=msg)
+
+realm.kinit(realm.user_princ, password('user'), ['-X', 'indicators=one two'])
+out = realm.run(['./t_srcattrs', 'p:service/2'])
+# Hexadecimal "one" and "two"
+if '6f6e65' not in out or '74776f' not in out:
+    fail('Expected auth indicator not seen in name attributes')
+
+realm.stop()
+
+# Test the FAST encrypted challenge auth indicator.
+kdcconf = {'realms': {'$realm': {'encrypted_challenge_indicator': 'fast'}}}
+realm = K5Realm(kdc_conf=kdcconf)
+realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])
+realm.run([kadminl, 'xst', realm.host_princ])
+realm.kinit(realm.user_princ, password('user'))
+realm.kinit(realm.user_princ, password('user'), ['-T', realm.ccache])
+out = realm.run(['./t_srcattrs', 'p:' + realm.host_princ])
+if ('Attribute auth-indicators Authenticated Complete') not in out:
+    fail('Expected attribute type not seen')
+if '66617374' not in out:
+    fail('Expected auth indicator not seen in name attributes')
+
+realm.stop()
+success('GSSAPI auth indicator tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_bindings.c b/krb5-1.21.3/src/tests/gssapi/t_bindings.c
new file mode 100644
index 00000000..e8906715
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_bindings.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2020 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#include "common.h"
+
+/*
+ * Establish contexts (without and with GSS_C_DCE_STYLE) with the default
+ * initiator name, a specified principal name as target name, initiator
+ * bindings, and acceptor bindings.  If any call is unsuccessful, display an
+ * error message.  Output "yes" or "no" to indicate whether the contexts were
+ * reported as channel-bound on the acceptor.  Exit with status 0 if all
+ * operations are successful, or 1 if not.
+ *
+ * Usage: ./t_bindings [-s] targetname icb acb
+ *
+ * An icb or abc value of "-" will not specify channel bindings.
+ */
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, flags1, flags2;
+    gss_name_t target_name;
+    gss_ctx_id_t ictx, actx;
+    struct gss_channel_bindings_struct icb_data = {0}, acb_data = {0};
+    gss_channel_bindings_t icb = GSS_C_NO_CHANNEL_BINDINGS;
+    gss_channel_bindings_t acb = GSS_C_NO_CHANNEL_BINDINGS;
+    gss_OID_desc *mech;
+
+    argv++;
+    argc--;
+    if (*argv != NULL && strcmp(*argv, "-s") == 0) {
+        mech = &mech_spnego;
+        argv++;
+        argc--;
+    } else {
+        mech = &mech_krb5;
+    }
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: t_bindings [-s] targetname icb acb\n");
+        return 1;
+    }
+
+    target_name = import_name(argv[0]);
+
+    if (strcmp(argv[1], "-") != 0) {
+        icb_data.application_data.length = strlen(argv[1]);
+        icb_data.application_data.value = argv[1];
+        icb = &icb_data;
+    }
+
+    if (strcmp(argv[2], "-") != 0) {
+        acb_data.application_data.length = strlen(argv[2]);
+        acb_data.application_data.value = argv[2];
+        acb = &acb_data;
+    }
+
+    establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                          target_name, 0, &ictx, &actx, icb, acb, &flags1,
+                          NULL, NULL, NULL);
+
+    /* Try again with GSS_C_DCE_STYLE */
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+    establish_contexts_ex(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                          target_name, GSS_C_DCE_STYLE, &ictx, &actx, icb, acb,
+                          &flags2, NULL, NULL, NULL);
+    assert((flags1 & GSS_C_CHANNEL_BOUND_FLAG) ==
+           (flags2 & GSS_C_CHANNEL_BOUND_FLAG));
+    printf("%s\n", (flags1 & GSS_C_CHANNEL_BOUND_FLAG) ? "yes" : "no");
+
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    (void)gss_release_name(&minor, &target_name);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_bindings.py b/krb5-1.21.3/src/tests/gssapi/t_bindings.py
new file mode 100644
index 00000000..f377977b
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_bindings.py
@@ -0,0 +1,43 @@
+from k5test import *
+
+realm = K5Realm()
+server = 'p:' + realm.host_princ
+
+mark('krb5 channel bindings')
+realm.run(['./t_bindings', server, '-', '-'], expected_msg='no')
+realm.run(['./t_bindings', server, 'a', '-'], expected_msg='no')
+realm.run(['./t_bindings', server, 'a', 'a'], expected_msg='yes')
+realm.run(['./t_bindings', server, '-', 'a'], expected_msg='no')
+realm.run(['./t_bindings', server, 'a', 'x'],
+          expected_code=1, expected_msg='Incorrect channel bindings')
+
+mark('SPNEGO channel bindings')
+realm.run(['./t_bindings', '-s', server, '-', '-'], expected_msg='no')
+realm.run(['./t_bindings', '-s', server, 'a', '-'], expected_msg='no')
+realm.run(['./t_bindings', '-s', server, 'a', 'a'], expected_msg='yes')
+realm.run(['./t_bindings', '-s', server, '-', 'a'], expected_msg='no')
+realm.run(['./t_bindings', '-s', server, 'a', 'x'],
+          expected_code=1, expected_msg='Incorrect channel bindings')
+
+client_aware_conf = {'libdefaults': {'client_aware_channel_bindings': 'true'}}
+e = realm.special_env('cb_aware', False, krb5_conf=client_aware_conf)
+
+mark('krb5 client_aware_channel_bindings')
+realm.run(['./t_bindings', server, '-', '-'], env=e, expected_msg='no')
+realm.run(['./t_bindings', server, 'a', '-'], env=e, expected_msg='no')
+realm.run(['./t_bindings', server, 'a', 'a'], env=e, expected_msg='yes')
+realm.run(['./t_bindings', server, '-', 'a'], env=e,
+          expected_code=1, expected_msg='Incorrect channel bindings')
+realm.run(['./t_bindings', server, 'a', 'x'], env=e,
+          expected_code=1, expected_msg='Incorrect channel bindings')
+
+mark('SPNEGO client_aware_channel_bindings')
+realm.run(['./t_bindings', '-s', server, '-', '-'], env=e, expected_msg='no')
+realm.run(['./t_bindings', '-s', server, 'a', '-'], env=e, expected_msg='no')
+realm.run(['./t_bindings', '-s', server, 'a', 'a'], env=e, expected_msg='yes')
+realm.run(['./t_bindings', '-s', server, '-', 'a'], env=e,
+          expected_code=1, expected_msg='Incorrect channel bindings')
+realm.run(['./t_bindings', '-s', server, 'a', 'x'], env=e,
+          expected_code=1, expected_msg='Incorrect channel bindings')
+
+success('channel bindings tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_ccselect.c b/krb5-1.21.3/src/tests/gssapi/t_ccselect.c
new file mode 100644
index 00000000..cc4f73a1
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_ccselect.c
@@ -0,0 +1,90 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_ccselect.c - Test program for GSSAPI cred selection */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+/*
+ * Test program for client credential selection, intended to be run from a
+ * Python test script.  Establishes contexts with an optionally specified
+ * initiator name, a specified target name, and the default acceptor cred.  If
+ * the exchange is successful, prints the initiator name as seen by the
+ * acceptor.  If any call is unsuccessful, displays an error message.  Exits
+ * with status 0 if all operations are successful, or 1 if not.
+ *
+ * Usage: ./t_ccselect targetname [initiatorname|-]
+ */
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, flags;
+    gss_cred_id_t initiator_cred = GSS_C_NO_CREDENTIAL;
+    gss_name_t target_name, initiator_name = GSS_C_NO_NAME;
+    gss_name_t real_initiator_name;
+    gss_buffer_desc namebuf;
+    gss_ctx_id_t initiator_context, acceptor_context;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s targetname [initiatorname|-]\n", argv[0]);
+        return 1;
+    }
+
+    target_name = import_name(argv[1]);
+
+    if (argc >= 3) {
+        /* Get initiator cred. */
+        if (strcmp(argv[2], "-") != 0)
+            initiator_name = import_name(argv[2]);
+        major = gss_acquire_cred(&minor, initiator_name, GSS_C_INDEFINITE,
+                                 GSS_C_NO_OID_SET, GSS_C_INITIATE,
+                                 &initiator_cred, NULL, NULL);
+        check_gsserr("gss_acquire_cred", major, minor);
+    }
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, initiator_cred, GSS_C_NO_CREDENTIAL,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &real_initiator_name, NULL, NULL);
+
+    namebuf.value = NULL;
+    namebuf.length = 0;
+    major = gss_display_name(&minor, real_initiator_name, &namebuf, NULL);
+    check_gsserr("gss_display_name(initiator)", major, minor);
+    printf("%.*s\n", (int)namebuf.length, (char *)namebuf.value);
+
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_release_name(&minor, &initiator_name);
+    (void)gss_release_name(&minor, &real_initiator_name);
+    (void)gss_release_cred(&minor, &initiator_cred);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+    (void)gss_release_buffer(&minor, &namebuf);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_ccselect.py b/krb5-1.21.3/src/tests/gssapi/t_ccselect.py
new file mode 100755
index 00000000..c93be672
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_ccselect.py
@@ -0,0 +1,164 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+# Create two independent realms (no cross-realm TGTs).  For the
+# fallback realm tests we need to control the precise server hostname,
+# so turn off DNS canonicalization and shortname qualification.
+conf = {'libdefaults': {'dns_canonicalize_hostname': 'false',
+                        'qualify_shortname': ''}}
+r1 = K5Realm(create_user=False, krb5_conf=conf)
+r2 = K5Realm(create_user=False, krb5_conf=conf, realm='KRBTEST2.COM',
+             portbase=62000, testdir=os.path.join(r1.testdir, 'r2'))
+
+host1 = 'p:' + r1.host_princ
+host2 = 'p:' + r2.host_princ
+foo = 'foo.krbtest.com'
+foo2 = 'foo.krbtest2.com'
+foobar = "foo.bar.krbtest.com"
+
+# These strings specify the target as a GSS name.  The resulting
+# principal will have the host-based type, with the referral realm
+# (since k5test realms have no domain-realm mapping by default).
+# krb5_cc_select() will use the fallback realm, which is either the
+# uppercased parent domain, or the default realm if the hostname is a
+# single component.
+gssserver = 'h:host@' + foo
+gssserver2 = 'h:host@' + foo2
+gssserver_bar = 'h:host@' + foobar
+gsslocal = 'h:host@localhost'
+
+# refserver specifies the target as a principal in the referral realm.
+# The principal won't be treated as a host principal by the
+# .k5identity rules since it has unknown type.
+refserver = 'p:host/' + hostname + '@'
+
+# Verify that we can't get initiator creds with no credentials in the
+# collection.
+r1.run(['./t_ccselect', host1, '-'], expected_code=1,
+       expected_msg='No Kerberos credentials available')
+
+# Make a directory collection and use it for client commands in both realms.
+ccdir = os.path.join(r1.testdir, 'cc')
+ccname = 'DIR:' + ccdir
+r1.env['KRB5CCNAME'] = ccname
+r2.env['KRB5CCNAME'] = ccname
+
+# Use .k5identity from testdir and not from the tester's homedir.
+r1.env['HOME'] = r1.testdir
+r2.env['HOME'] = r1.testdir
+
+# Create two users in r1 and one in r2.
+alice='alice@KRBTEST.COM'
+bob='bob@KRBTEST.COM'
+zaphod='zaphod@KRBTEST2.COM'
+r1.addprinc(alice, password('alice'))
+r1.addprinc(bob, password('bob'))
+r2.addprinc(zaphod, password('zaphod'))
+
+# Create host principals and keytabs for fallback realm tests.
+if hostname != 'localhost':
+    r1.addprinc('host/localhost')
+    r2.addprinc('host/localhost')
+r1.addprinc('host/' + foo)
+r2.addprinc('host/' + foo2)
+r1.addprinc('host/' + foobar)
+r1.extract_keytab('host/localhost', r1.keytab)
+r2.extract_keytab('host/localhost', r2.keytab)
+r1.extract_keytab('host/' + foo, r1.keytab)
+r2.extract_keytab('host/' + foo2, r2.keytab)
+r1.extract_keytab('host/' + foobar, r1.keytab)
+
+# Get tickets for one user in each realm (zaphod will be primary).
+r1.kinit(alice, password('alice'))
+r2.kinit(zaphod, password('zaphod'))
+
+# Check that we can find a cache for a specified client principal.
+output = r1.run(['./t_ccselect', host1, 'p:' + alice])
+if output != (alice + '\n'):
+    fail('alice not chosen when specified')
+output = r2.run(['./t_ccselect', host2, 'p:' + zaphod])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen when specified')
+
+# Check that we can guess a cache based on the service realm.
+output = r1.run(['./t_ccselect', host1])
+if output != (alice + '\n'):
+    fail('alice not chosen as default initiator cred for server in r1')
+output = r1.run(['./t_ccselect', host1, '-'])
+if output != (alice + '\n'):
+    fail('alice not chosen as default initiator name for server in r1')
+output = r2.run(['./t_ccselect', host2])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen as default initiator cred for server in r1')
+output = r2.run(['./t_ccselect', host2, '-'])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen as default initiator name for server in r1')
+
+# Check that primary cache is used if server realm is unknown.
+output = r2.run(['./t_ccselect', refserver])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen via primary cache for unknown server realm')
+r1.run(['./t_ccselect', gssserver2], expected_code=1)
+# Check ccache selection using a fallback realm.
+output = r1.run(['./t_ccselect', gssserver])
+if output != (alice + '\n'):
+    fail('alice not chosen via parent domain fallback')
+output = r2.run(['./t_ccselect', gssserver2])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen via parent domain fallback')
+# Check ccache selection using a fallback realm (default realm).
+output = r1.run(['./t_ccselect', gsslocal])
+if output != (alice + '\n'):
+    fail('alice not chosen via default realm fallback')
+output = r2.run(['./t_ccselect', gsslocal])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen via default realm fallback')
+
+# Check that realm ccselect fallback works correctly
+r1.run(['./t_ccselect', gssserver_bar], expected_msg=alice)
+r2.kinit(zaphod, password('zaphod'))
+r1.run(['./t_ccselect', gssserver_bar], expected_msg=alice)
+
+# Get a second cred in r1 (bob will be primary).
+r1.kinit(bob, password('bob'))
+
+# Try some cache selections using .k5identity.
+k5id = open(os.path.join(r1.testdir, '.k5identity'), 'w')
+k5id.write('%s realm=%s\n' % (alice, r1.realm))
+k5id.write('%s service=ho*t host=localhost\n' % zaphod)
+k5id.write('noprinc service=bogus')
+k5id.close()
+output = r1.run(['./t_ccselect', host1])
+if output != (alice + '\n'):
+    fail('alice not chosen via .k5identity realm line.')
+output = r2.run(['./t_ccselect', gsslocal])
+if output != (zaphod + '\n'):
+    fail('zaphod not chosen via .k5identity service/host line.')
+output = r1.run(['./t_ccselect', refserver])
+if output != (bob + '\n'):
+    fail('bob not chosen via primary cache when no .k5identity line matches.')
+r1.run(['./t_ccselect', 'h:bogus@' + foo2], expected_code=1,
+       expected_msg="Can't find client principal noprinc")
+
+success('GSSAPI credential selection tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_ciflags.c b/krb5-1.21.3/src/tests/gssapi/t_ciflags.c
new file mode 100644
index 00000000..315062c9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_ciflags.c
@@ -0,0 +1,120 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_ciflags.c - GSS_KRB5_CRED_NO_CI_FLAGS_X tests */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "common.h"
+
+static void
+flagtest(gss_OID mech, gss_cred_id_t icred, gss_name_t tname,
+         OM_uint32 inflags, OM_uint32 expflags)
+{
+    gss_ctx_id_t ictx, actx;
+    OM_uint32 major, minor, flags;
+
+    establish_contexts(mech, icred, GSS_C_NO_CREDENTIAL, tname, inflags, &ictx,
+                       &actx, NULL, NULL, NULL);
+
+    major = gss_inquire_context(&minor, actx, NULL, NULL, NULL, NULL, &flags,
+                                NULL, NULL);
+    check_gsserr("gss_inquire_context", major, minor);
+    assert(flags == expflags);
+
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_cred_id_t icred;
+    gss_name_t tname;
+    gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER;
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s targetname\n", argv[0]);
+        return 1;
+    }
+    tname = import_name(argv[1]);
+
+    /* With no flags, the initiator asserts conf, integ, trans */
+    flagtest(&mech_krb5, GSS_C_NO_CREDENTIAL, tname, 0,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_spnego, GSS_C_NO_CREDENTIAL, tname, 0,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+
+    /* The initiator also asserts most flags specified by the caller. */
+    flagtest(&mech_krb5, GSS_C_NO_CREDENTIAL, tname, GSS_C_SEQUENCE_FLAG,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG |
+             GSS_C_SEQUENCE_FLAG);
+    flagtest(&mech_spnego, GSS_C_NO_CREDENTIAL, tname, GSS_C_SEQUENCE_FLAG,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG |
+             GSS_C_SEQUENCE_FLAG);
+
+    /* Get a normal initiator cred and re-test with no flags. */
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                             GSS_C_NO_OID_SET, GSS_C_INITIATE, &icred, NULL,
+                             NULL);
+    check_gsserr("gss_acquire_cred", major, minor);
+    flagtest(&mech_krb5, icred, tname, 0,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_spnego, icred, tname, 0,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+
+    /* Suppress confidentiality and integrity flags on the initiator cred and
+     * check that they are suppressed, but can still be asserted explicitly. */
+    major = gss_set_cred_option(&minor, &icred,
+                                (gss_OID)GSS_KRB5_CRED_NO_CI_FLAGS_X,
+                                &empty_buffer);
+    check_gsserr("gss_set_cred_option", major, minor);
+    flagtest(&mech_krb5, icred, tname, 0, GSS_C_TRANS_FLAG);
+    flagtest(&mech_krb5, icred, tname, GSS_C_CONF_FLAG,
+             GSS_C_CONF_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_krb5, icred, tname, GSS_C_INTEG_FLAG,
+             GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_krb5, icred, tname, GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_spnego, icred, tname, 0, GSS_C_TRANS_FLAG);
+    flagtest(&mech_spnego, icred, tname, GSS_C_INTEG_FLAG,
+             GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_spnego, icred, tname, GSS_C_CONF_FLAG,
+             GSS_C_CONF_FLAG | GSS_C_TRANS_FLAG);
+    flagtest(&mech_spnego, icred, tname, GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG,
+             GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | GSS_C_TRANS_FLAG);
+
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_release_cred(&minor, &icred);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_client_keytab.py b/krb5-1.21.3/src/tests/gssapi/t_client_keytab.py
new file mode 100755
index 00000000..8fdf89e4
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_client_keytab.py
@@ -0,0 +1,189 @@
+from k5test import *
+
+# Set up a basic realm and a client keytab containing two user principals.
+# Point HOME at realm.testdir for tests using .k5identity.
+realm = K5Realm(get_creds=False)
+bob = 'bob@' + realm.realm
+phost = 'p:' + realm.host_princ
+puser = 'p:' + realm.user_princ
+pbob = 'p:' + bob
+gssserver = 'h:host@' + hostname
+realm.env['HOME'] = realm.testdir
+realm.addprinc(bob, password('bob'))
+realm.extract_keytab(realm.user_princ, realm.client_keytab)
+realm.extract_keytab(bob, realm.client_keytab)
+
+# Test 1: no name/cache specified, pick first principal from client keytab
+realm.run(['./t_ccselect', phost], expected_msg=realm.user_princ)
+realm.run([kdestroy])
+
+# Test 2: no name/cache specified, pick principal from k5identity
+k5idname = os.path.join(realm.testdir, '.k5identity')
+k5id = open(k5idname, 'w')
+k5id.write('%s service=host host=%s\n' % (bob, hostname))
+k5id.close()
+realm.run(['./t_ccselect', gssserver], expected_msg=bob)
+os.remove(k5idname)
+realm.run([kdestroy])
+
+# Test 3: no name/cache specified, default ccache has name but no creds
+realm.run(['./ccinit', realm.ccache, bob])
+realm.run(['./t_ccselect', phost], expected_msg=bob)
+# Leave tickets for next test.
+
+# Test 4: name specified, non-collectable default cache doesn't match
+msg = 'Principal in credential cache does not match desired name'
+realm.run(['./t_ccselect', phost, puser], expected_code=1, expected_msg=msg)
+realm.run([kdestroy])
+
+# Test 5: name specified, nonexistent default cache
+realm.run(['./t_ccselect', phost, pbob], expected_msg=bob)
+# Leave tickets for next test.
+
+# Test 6: name specified, matches default cache, time to refresh
+realm.run(['./ccrefresh', realm.ccache, '1'])
+realm.run(['./t_ccselect', phost, pbob], expected_msg=bob)
+out = realm.run(['./ccrefresh', realm.ccache])
+if int(out) < 1000:
+    fail('Credentials apparently not refreshed')
+realm.run([kdestroy])
+
+# Test 7: empty ccache specified, pick first principal from client keytab
+realm.run(['./t_imp_cred', phost])
+realm.klist(realm.user_princ)
+realm.run([kdestroy])
+
+# Test 8: ccache specified with name but no creds; name not in client keytab
+realm.run(['./ccinit', realm.ccache, realm.host_princ])
+realm.run(['./t_imp_cred', phost], expected_code=1,
+          expected_msg='Credential cache is empty')
+realm.run([kdestroy])
+
+# Test 9: ccache specified with name but no creds; name in client keytab
+realm.run(['./ccinit', realm.ccache, bob])
+realm.run(['./t_imp_cred', phost])
+realm.klist(bob)
+# Leave tickets for next test.
+
+# Test 10: ccache specified with creds, time to refresh
+realm.run(['./ccrefresh', realm.ccache, '1'])
+realm.run(['./t_imp_cred', phost])
+realm.klist(bob)
+out = realm.run(['./ccrefresh', realm.ccache])
+if int(out) < 1000:
+    fail('Credentials apparently not refreshed')
+realm.run([kdestroy])
+
+# Test 11: gss_import_cred_from with client_keytab value
+store_keytab = os.path.join(realm.testdir, 'store_keytab')
+os.rename(realm.client_keytab, store_keytab)
+realm.run(['./t_credstore', '-i', 'p:' + realm.user_princ, 'client_keytab',
+           store_keytab])
+realm.klist(realm.user_princ)
+os.rename(store_keytab, realm.client_keytab)
+
+# Use a cache collection for the remaining tests.
+ccdir = os.path.join(realm.testdir, 'cc')
+ccname = 'DIR:' + ccdir
+os.mkdir(ccdir)
+realm.env['KRB5CCNAME'] = ccname
+
+# Test 12: name specified, matching cache in collection with no creds
+bobcache = os.path.join(ccdir, 'tktbob')
+realm.run(['./ccinit', bobcache, bob])
+realm.run(['./t_ccselect', phost, pbob], expected_msg=bob)
+# Leave tickets for next test.
+
+# Test 13: name specified, matching cache in collection, time to refresh
+realm.run(['./ccrefresh', bobcache, '1'])
+realm.run(['./t_ccselect', phost, pbob], expected_msg=bob)
+out = realm.run(['./ccrefresh', bobcache])
+if int(out) < 1000:
+    fail('Credentials apparently not refreshed')
+realm.run([kdestroy, '-A'])
+
+# Test 14: name specified, collection has default for different principal
+realm.kinit(realm.user_princ, password('user'))
+realm.run(['./t_ccselect', phost, pbob], expected_msg=bob)
+msg = 'Default principal: %s\n' % realm.user_princ
+realm.run([klist], expected_msg=msg)
+realm.run([kdestroy, '-A'])
+
+# Test 15: name specified, collection has no default cache
+realm.run(['./t_ccselect', phost, pbob], expected_msg=bob)
+# Make sure the tickets we acquired didn't become the default
+realm.run([klist], expected_code=1, expected_msg='No credentials cache found')
+realm.run([kdestroy, '-A'])
+
+# Test 16: default client keytab cannot be resolved, but valid
+# credentials exist in ccache.
+conf = {'libdefaults': {'default_client_keytab_name': '%{'}}
+bad_cktname = realm.special_env('bad_cktname', False, krb5_conf=conf)
+del bad_cktname['KRB5_CLIENT_KTNAME']
+realm.kinit(realm.user_princ, password('user'))
+realm.run(['./t_ccselect', phost], env=bad_cktname,
+          expected_msg=realm.user_princ)
+
+mark('refresh of manually acquired creds')
+
+# Test 17: no name/ccache specified, manually acquired creds which
+# will expire soon.  Verify that creds are refreshed using the current
+# client name, with refresh_time set in the refreshed ccache.
+realm.kinit('bob', password('bob'), ['-l', '15s'])
+realm.run(['./t_ccselect', phost], expected_msg='bob')
+realm.run([klist, '-C'], expected_msg='refresh_time = ')
+
+# Test 18: no name/ccache specified, manually acquired creds with a
+# client principal not present in the client keytab.  A refresh is
+# attempted but fails, and an expired ticket error results.
+realm.kinit(realm.admin_princ, password('admin'), ['-l', '-10s'])
+msgs = ('Getting initial credentials for user/admin@KRBTEST.COM',
+        '/Matching credential not found')
+realm.run(['./t_ccselect', phost], expected_code=1,
+          expected_msg='Ticket expired', expected_trace=msgs)
+realm.run([kdestroy, '-A'])
+
+# Test 19: host-based initiator name
+mark('host-based initiator name')
+hsvc = 'h:svc@' + hostname
+svcprinc = 'svc/%s@%s' % (hostname, realm.realm)
+realm.addprinc(svcprinc)
+realm.extract_keytab(svcprinc, realm.client_keytab)
+# On the first run we match against the keytab while getting tickets,
+# substituting the default realm.
+msgs = ('/Can\'t find client principal svc/%s@ in' % hostname,
+        'Getting initial credentials for svc/%s@' % hostname,
+        'Found entries for %s in keytab' % svcprinc,
+        'Retrieving %s from FILE:%s' % (svcprinc, realm.client_keytab),
+        'Storing %s -> %s in' % (svcprinc, realm.krbtgt_princ),
+        'Retrieving %s -> %s from' % (svcprinc, realm.krbtgt_princ),
+        'authenticator for %s -> %s' % (svcprinc, realm.host_princ))
+realm.run(['./t_ccselect', phost, hsvc], expected_trace=msgs)
+# On the second run we match against the collection.
+msgs = ('Matching svc/%s@ in collection with result: 0' % hostname,
+        'Getting credentials %s -> %s' % (svcprinc, realm.host_princ),
+        'authenticator for %s -> %s' % (svcprinc, realm.host_princ))
+realm.run(['./t_ccselect', phost, hsvc], expected_trace=msgs)
+realm.run([kdestroy, '-A'])
+
+# Test 20: host-based initiator name with fallback
+mark('host-based fallback initiator name')
+canonname = canonicalize_hostname(hostname)
+if canonname != hostname:
+    hfsvc = 'h:fsvc@' + hostname
+    canonprinc = 'fsvc/%s@%s' % (canonname, realm.realm)
+    realm.addprinc(canonprinc)
+    realm.extract_keytab(canonprinc, realm.client_keytab)
+    msgs = ('/Can\'t find client principal fsvc/%s@ in' % hostname,
+            'Found entries for %s in keytab' % canonprinc,
+            'authenticator for %s -> %s' % (canonprinc, realm.host_princ))
+    realm.run(['./t_ccselect', phost, hfsvc], expected_trace=msgs)
+    msgs = ('Matching fsvc/%s@ in collection with result: 0' % hostname,
+            'Getting credentials %s -> %s' % (canonprinc, realm.host_princ))
+    realm.run(['./t_ccselect', phost, hfsvc], expected_trace=msgs)
+    realm.run([kdestroy, '-A'])
+else:
+    skipped('GSS initiator name fallback test',
+            '%s does not canonicalize to a different name' % hostname)
+
+success('Client keytab tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_context.c b/krb5-1.21.3/src/tests/gssapi/t_context.c
new file mode 100644
index 00000000..65381aca
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_context.c
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_context.c - Simple context establishment harness */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "common.h"
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, flags;
+    gss_name_t tname;
+    gss_ctx_id_t ictx, actx;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s targetname [acceptorname]\n", argv[0]);
+        return 1;
+    }
+
+    tname = import_name(argv[1]);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_spnego, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                       tname, flags, &ictx, &actx, NULL, NULL, NULL);
+
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_credstore.c b/krb5-1.21.3/src/tests/gssapi/t_credstore.c
new file mode 100644
index 00000000..1e363699
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_credstore.c
@@ -0,0 +1,140 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+            "Usage: t_credstore [-sabi] principal [{key value} ...]\n");
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_key_value_set_desc store;
+    gss_name_t name = GSS_C_NO_NAME;
+    gss_cred_usage_t cred_usage = GSS_C_BOTH;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
+    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc itok, atok;
+    krb5_boolean store_creds = FALSE, replay = FALSE;
+    char opt;
+
+    /* Parse options. */
+    for (argv++; *argv != NULL && **argv == '-'; argv++) {
+        opt = (*argv)[1];
+        if (opt == 's')
+            store_creds = TRUE;
+        else if (opt == 'r')
+            replay = TRUE;
+        else if (opt == 'a')
+            cred_usage = GSS_C_ACCEPT;
+        else if (opt == 'b')
+            cred_usage = GSS_C_BOTH;
+        else if (opt == 'i')
+            cred_usage = GSS_C_INITIATE;
+        else
+            usage();
+    }
+
+    /* Get the principal name. */
+    if (*argv == NULL)
+        usage();
+    if (**argv != '\0')
+        name = import_name(*argv);
+    argv++;
+
+    /* Put any remaining arguments into the store. */
+    store.elements = calloc(argc, sizeof(struct gss_key_value_element_struct));
+    if (!store.elements)
+        errout("OOM");
+    store.count = 0;
+    while (*argv != NULL) {
+        if (*(argv + 1) == NULL)
+            usage();
+        store.elements[store.count].key = *argv;
+        store.elements[store.count].value = *(argv + 1);
+        store.count++;
+        argv += 2;
+    }
+
+    if (store_creds) {
+        /* Acquire default creds and try to store them in the cred store. */
+        major = gss_acquire_cred(&minor, GSS_C_NO_NAME, 0, GSS_C_NO_OID_SET,
+                                 GSS_C_INITIATE, &cred, NULL, NULL);
+        check_gsserr("gss_acquire_cred", major, minor);
+
+        major = gss_store_cred_into(&minor, cred, GSS_C_INITIATE,
+                                    GSS_C_NO_OID, 1, 0, &store, NULL, NULL);
+        check_gsserr("gss_store_cred_into", major, minor);
+
+        gss_release_cred(&minor, &cred);
+    }
+
+    /* Try to acquire creds from store. */
+    major = gss_acquire_cred_from(&minor, name, 0, mechs, cred_usage,
+                                  &store, &cred, NULL, NULL);
+    check_gsserr("gss_acquire_cred_from", major, minor);
+
+    if (replay) {
+        /* Induce a replay using cred as the acceptor cred, to test the replay
+         * cache indicated by the store. */
+        major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, name,
+                                     &mech_krb5, 0, GSS_C_INDEFINITE,
+                                     GSS_C_NO_CHANNEL_BINDINGS,
+                                     GSS_C_NO_BUFFER, NULL, &itok, NULL, NULL);
+        check_gsserr("gss_init_sec_context", major, minor);
+        (void)gss_delete_sec_context(&minor, &ictx, NULL);
+
+        major = gss_accept_sec_context(&minor, &actx, cred, &itok,
+                                       GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                       &atok, NULL, NULL, NULL);
+        check_gsserr("gss_accept_sec_context(1)", major, minor);
+        (void)gss_release_buffer(&minor, &atok);
+        (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+        major = gss_accept_sec_context(&minor, &actx, cred, &itok,
+                                       GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                       &atok, NULL, NULL, NULL);
+        check_gsserr("gss_accept_sec_context(2)", major, minor);
+        (void)gss_release_buffer(&minor, &itok);
+        (void)gss_release_buffer(&minor, &atok);
+        (void)gss_delete_sec_context(&minor, &actx, NULL);
+    }
+
+    gss_release_name(&minor, &name);
+    gss_release_cred(&minor, &cred);
+    free(store.elements);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_credstore.py b/krb5-1.21.3/src/tests/gssapi/t_credstore.py
new file mode 100644
index 00000000..ec59dd8d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_credstore.py
@@ -0,0 +1,97 @@
+from k5test import *
+
+realm = K5Realm()
+
+mark('gss_store_cred_into() and ccache/keytab')
+storagecache = 'FILE:' + os.path.join(realm.testdir, 'user_store')
+servicekeytab = os.path.join(realm.testdir, 'kt')
+service_cs = 'service/cs@%s' % realm.realm
+realm.addprinc(service_cs)
+realm.extract_keytab(service_cs, servicekeytab)
+realm.kinit(service_cs, None, ['-k', '-t', servicekeytab])
+msgs = ('Storing %s -> %s in MEMORY:' % (service_cs, realm.krbtgt_princ),
+        'Moving ccache MEMORY:',
+        'Retrieving %s from FILE:%s' % (service_cs, servicekeytab))
+realm.run(['./t_credstore', '-s', 'p:' + service_cs, 'ccache', storagecache,
+           'keytab', servicekeytab], expected_trace=msgs)
+
+mark('matching')
+scc = 'FILE:' + os.path.join(realm.testdir, 'service_cache')
+realm.kinit(realm.host_princ, flags=['-k', '-c', scc])
+realm.run(['./t_credstore', '-i', 'p:' + realm.host_princ, 'ccache', scc])
+realm.run(['./t_credstore', '-i', 'h:host', 'ccache', scc])
+realm.run(['./t_credstore', '-i', 'h:host@' + hostname, 'ccache', scc])
+realm.run(['./t_credstore', '-i', 'p:wrong', 'ccache', scc],
+          expected_code=1, expected_msg='does not match desired name')
+realm.run(['./t_credstore', '-i', 'h:host@-nomatch-', 'ccache', scc],
+          expected_code=1, expected_msg='does not match desired name')
+realm.run(['./t_credstore', '-i', 'h:svc', 'ccache', scc],
+          expected_code=1, expected_msg='does not match desired name')
+
+mark('matching (fallback)')
+canonname = canonicalize_hostname(hostname)
+if canonname != hostname:
+    canonprinc = 'host/%s@%s' % (canonname, realm.realm)
+    realm.addprinc(canonprinc)
+    realm.extract_keytab(canonprinc, realm.keytab)
+    realm.kinit(canonprinc, flags=['-k', '-c', scc])
+    realm.run(['./t_credstore', '-i', 'h:host', 'ccache', scc])
+    realm.run(['./t_credstore', '-i', 'h:host@' + hostname, 'ccache', scc])
+    realm.run(['./t_credstore', '-i', 'h:host@' + canonname, 'ccache', scc])
+    realm.run(['./t_credstore', '-i', 'p:' + canonprinc, 'ccache', scc])
+    realm.run(['./t_credstore', '-i', 'p:' + realm.host_princ, 'ccache', scc],
+              expected_code=1, expected_msg='does not match desired name')
+    realm.run(['./t_credstore', '-i', 'h:host@-nomatch-', 'ccache', scc],
+              expected_code=1, expected_msg='does not match desired name')
+else:
+    skipped('fallback matching test',
+            '%s does not canonicalize to a different name' % hostname)
+
+mark('rcache')
+# t_credstore -r should produce a replay error normally, but not with
+# rcache set to "none:".
+realm.run(['./t_credstore', '-r', '-a', 'p:' + realm.host_princ],
+          expected_code=1,
+          expected_msg='gss_accept_sec_context(2): Request is a replay')
+realm.run(['./t_credstore', '-r', '-a', 'p:' + realm.host_princ,
+           'rcache', 'none:'])
+
+# Test password feature.
+mark('password')
+# Must be used with a desired name.
+realm.run(['./t_credstore', '-i', '', 'password', 'pw'],
+          expected_code=1, expected_msg='An invalid name was supplied')
+# Must not be used with a client keytab.
+realm.run(['./t_credstore', '-i', 'u:' + realm.user_princ,
+           'password', 'pw', 'client_keytab', servicekeytab],
+          expected_code=1, expected_msg='Credential usage type is unknown')
+# Must not be used with a ccache.
+realm.run(['./t_credstore', '-i', 'u:' + realm.user_princ,
+           'password', 'pw', 'ccache', storagecache],
+          expected_code=1, expected_msg='Credential usage type is unknown')
+# Must be acquiring initiator credentials.
+realm.run(['./t_credstore', '-a', 'u:' + realm.user_princ, 'password', 'pw'],
+          expected_code=1, expected_msg='Credential usage type is unknown')
+msgs = ('Getting initial credentials for %s' % realm.user_princ,
+        'Storing %s -> %s in MEMORY:' % (realm.user_princ, realm.krbtgt_princ),
+        'Destroying ccache MEMORY:')
+realm.run(['./t_credstore', '-i', 'u:' + realm.user_princ, 'password',
+           password('user')], expected_trace=msgs)
+
+mark('verify')
+msgs = ('Getting initial credentials for %s' % realm.user_princ,
+        'Storing %s -> %s in MEMORY:' % (realm.user_princ, realm.krbtgt_princ),
+        'Getting credentials %s -> %s' % (realm.user_princ, service_cs),
+        'Storing %s -> %s in MEMORY:' % (realm.user_princ, service_cs))
+realm.run(['./t_credstore', '-i', 'u:' + realm.user_princ, 'password',
+           password('user'), 'keytab', servicekeytab, 'verify',
+           service_cs], expected_trace=msgs)
+# Try again with verification failing due to key mismatch.
+realm.run([kadminl, 'cpw', '-randkey', service_cs])
+realm.run([kadminl, 'modprinc', '-kvno', '1', service_cs])
+errmsg = 'Cannot decrypt ticket for %s' % service_cs
+realm.run(['./t_credstore', '-i', 'u:' + realm.user_princ, 'password',
+           password('user'), 'keytab', servicekeytab, 'verify',
+           service_cs], expected_code=1, expected_msg=errmsg)
+
+success('Credential store tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_enctypes.c b/krb5-1.21.3/src/tests/gssapi/t_enctypes.c
new file mode 100644
index 00000000..3fd31e2f
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_enctypes.c
@@ -0,0 +1,205 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_enctypes.c - gss_krb5_set_allowable_enctypes test */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+#include "common.h"
+#include "gssapi_ext.h"
+
+/*
+ * This test program establishes contexts with the krb5 mech, the default
+ * initiator name, a specified target name, and the default acceptor name.
+ * Before the exchange, gss_set_allowable_enctypes is called for the initiator
+ * and the acceptor cred if requested.  If the exchange is successful, the
+ * resulting contexts are exported with gss_krb5_export_lucid_sec_context,
+ * checked for mismatches, and the GSS protocol and keys are displayed.  Exits
+ * with status 0 if all operations are successful, or 1 if not.
+ *
+ * Usage: ./t_enctypes [-i initenctypes] [-a accenctypes] targetname
+ */
+
+static void
+usage()
+{
+    errout("Usage: t_enctypes [-i initenctypes] [-a accenctypes] "
+           "targetname");
+}
+
+/* Error out if ikey is not the same as akey. */
+static void
+check_key_match(gss_krb5_lucid_key_t *ikey, gss_krb5_lucid_key_t *akey)
+{
+    if (ikey->type != akey->type || ikey->length != akey->length ||
+        memcmp(ikey->data, akey->data, ikey->length) != 0)
+        errout("Initiator and acceptor keys do not match");
+}
+
+/* Display the name of enctype. */
+static void
+display_enctype(krb5_enctype enctype)
+{
+    char ename[128];
+
+    if (krb5_enctype_to_name(enctype, FALSE, ename, sizeof(ename)) == 0)
+        fputs(ename, stdout);
+    else
+        fputs("(unknown)", stdout);
+}
+
+int
+main(int argc, char *argv[])
+{
+    krb5_error_code ret;
+    krb5_context kctx = NULL;
+    krb5_enctype *ienc = NULL, *aenc = NULL, zero = 0;
+    OM_uint32 minor, major, flags;
+    gss_name_t tname;
+    gss_cred_id_t icred = GSS_C_NO_CREDENTIAL, acred = GSS_C_NO_CREDENTIAL;
+    gss_ctx_id_t ictx, actx;
+    gss_krb5_lucid_context_v1_t *ilucid, *alucid;
+    gss_krb5_rfc1964_keydata_t *i1964, *a1964;
+    gss_krb5_cfx_keydata_t *icfx, *acfx;
+    gss_buffer_set_t bufset = GSS_C_NO_BUFFER_SET;
+    gss_OID ssf_oid = GSS_C_SEC_CONTEXT_SASL_SSF;
+    unsigned int ssf;
+    size_t count;
+    void *lptr;
+    int c;
+
+    ret = krb5_init_context(&kctx);
+    check_k5err(kctx, "krb5_init_context", ret);
+
+    /* Parse arguments. */
+    while ((c = getopt(argc, argv, "i:a:")) != -1) {
+        switch (c) {
+        case 'i':
+            ret = krb5int_parse_enctype_list(kctx, "", optarg, &zero, &ienc);
+            check_k5err(kctx, "krb5_parse_enctype_list(initiator)", ret);
+            break;
+        case 'a':
+            ret = krb5int_parse_enctype_list(kctx, "", optarg, &zero, &aenc);
+            check_k5err(kctx, "krb5_parse_enctype_list(acceptor)", ret);
+            break;
+        default:
+            usage();
+        }
+    }
+    argc -= optind;
+    argv += optind;
+    if (argc != 1)
+        usage();
+    tname = import_name(*argv);
+
+    if (ienc != NULL) {
+        major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                                 &mechset_krb5, GSS_C_INITIATE, &icred, NULL,
+                                 NULL);
+        check_gsserr("gss_acquire_cred(initiator)", major, minor);
+
+        for (count = 0; ienc[count]; count++);
+        major = gss_krb5_set_allowable_enctypes(&minor, icred, count, ienc);
+        check_gsserr("gss_krb5_set_allowable_enctypes(init)", major, minor);
+    }
+    if (aenc != NULL) {
+        major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                                 &mechset_krb5, GSS_C_ACCEPT, &acred, NULL,
+                                 NULL);
+        check_gsserr("gss_acquire_cred(acceptor)", major, minor);
+
+        for (count = 0; aenc[count]; count++);
+        major = gss_krb5_set_allowable_enctypes(&minor, acred, count, aenc);
+        check_gsserr("gss_krb5_set_allowable_enctypes(acc)", major, minor);
+    }
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
+    establish_contexts(&mech_krb5, icred, acred, tname, flags, &ictx, &actx,
+                       NULL, NULL, NULL);
+
+    /* Query the SSF value and range-check the result. */
+    major = gss_inquire_sec_context_by_oid(&minor, ictx, ssf_oid, &bufset);
+    check_gsserr("gss_inquire_sec_context_by_oid(ssf)", major, minor);
+    if (bufset->elements[0].length != 4)
+        errout("SSF buffer has unexpected length");
+    ssf = load_32_be(bufset->elements[0].value);
+    if (ssf < 56 || ssf > 256)
+        errout("SSF value not within acceptable range (56-256)");
+    (void)gss_release_buffer_set(&minor, &bufset);
+
+    /* Export to lucid contexts. */
+    major = gss_krb5_export_lucid_sec_context(&minor, &ictx, 1, &lptr);
+    check_gsserr("gss_export_lucid_sec_context(initiator)", major, minor);
+    ilucid = lptr;
+    major = gss_krb5_export_lucid_sec_context(&minor, &actx, 1, &lptr);
+    check_gsserr("gss_export_lucid_sec_context(acceptor)", major, minor);
+    alucid = lptr;
+
+    /* Grab the session keys and make sure they match. */
+    if (ilucid->protocol != alucid->protocol)
+        errout("Initiator/acceptor protocol mismatch");
+    if (ilucid->protocol) {
+        icfx = &ilucid->cfx_kd;
+        acfx = &alucid->cfx_kd;
+        if (icfx->have_acceptor_subkey != acfx->have_acceptor_subkey)
+            errout("Initiator/acceptor have_acceptor_subkey mismatch");
+        check_key_match(&icfx->ctx_key, &acfx->ctx_key);
+        if (icfx->have_acceptor_subkey)
+            check_key_match(&icfx->acceptor_subkey, &acfx->acceptor_subkey);
+        fputs("cfx ", stdout);
+        display_enctype(icfx->ctx_key.type);
+        if (icfx->have_acceptor_subkey) {
+            fputs(" ", stdout);
+            display_enctype(icfx->acceptor_subkey.type);
+        }
+        fputs("\n", stdout);
+    } else {
+        i1964 = &ilucid->rfc1964_kd;
+        a1964 = &alucid->rfc1964_kd;
+        if (i1964->sign_alg != a1964->sign_alg ||
+            i1964->seal_alg != a1964->seal_alg)
+            errout("Initiator/acceptor sign or seal alg mismatch");
+        check_key_match(&i1964->ctx_key, &a1964->ctx_key);
+        fputs("rfc1964 ", stdout);
+        display_enctype(i1964->ctx_key.type);
+        fputs("\n", stdout);
+    }
+
+    krb5_free_context(kctx);
+    free(ienc);
+    free(aenc);
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_release_cred(&minor, &icred);
+    (void)gss_release_cred(&minor, &acred);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    (void)gss_krb5_free_lucid_sec_context(&minor, ilucid);
+    (void)gss_krb5_free_lucid_sec_context(&minor, alucid);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_enctypes.py b/krb5-1.21.3/src/tests/gssapi/t_enctypes.py
new file mode 100755
index 00000000..f5f11842
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_enctypes.py
@@ -0,0 +1,147 @@
+from k5test import *
+
+# Define some convenience abbreviations for enctypes we will see in
+# test program output.  For background, aes256 and aes128 are "CFX
+# enctypes", meaning that they imply support for RFC 4121, while des3
+# and rc4 are not.  DES3 keys will appear as 'des3-cbc-raw' in
+# t_enctypes output because that's how GSSAPI does raw triple-DES
+# encryption without the RFC3961 framing.
+aes256 = 'aes256-cts-hmac-sha1-96'
+aes128 = 'aes128-cts-hmac-sha1-96'
+des3 = 'des3-cbc-sha1'
+d_des3 = 'DEPRECATED:des3-cbc-sha1'
+des3raw = 'des3-cbc-raw'
+d_des3raw = 'DEPRECATED:des3-cbc-raw'
+rc4 = 'arcfour-hmac'
+d_rc4 = 'DEPRECATED:arcfour-hmac'
+
+# These tests make assumptions about the default enctype lists, so set
+# them explicitly rather than relying on the library defaults.
+supp='aes256-cts:normal aes128-cts:normal des3-cbc-sha1:normal rc4-hmac:normal'
+conf = {'libdefaults': {'permitted_enctypes': 'aes des3 rc4',
+                        'allow_des3': 'true', 'allow_rc4': 'true'},
+        'realms': {'$realm': {'supported_enctypes': supp}}}
+realm = K5Realm(krb5_conf=conf)
+shutil.copyfile(realm.ccache, os.path.join(realm.testdir, 'save'))
+
+# Return an argument list for running t_enctypes with optional initiator
+# and acceptor enctype lists.
+def cmdline(ienc, aenc):
+    iflags = ienc and ['-i', ienc] or []
+    aflags = aenc and ['-a', aenc] or []
+    return ['./t_enctypes'] + iflags + aflags + ['p:' + realm.host_princ]
+
+
+# Run t_enctypes with optional initiator and acceptor enctype lists,
+# and check that it succeeds with the expected output.  Also check
+# that the ticket we got has the expected encryption key and session
+# key.
+def test(msg, ienc, aenc, tktenc='', tktsession='', proto='', isubkey='',
+         asubkey=None):
+    shutil.copyfile(os.path.join(realm.testdir, 'save'), realm.ccache)
+    # Run the test program and check its output.
+    out = realm.run(cmdline(ienc, aenc)).split()
+    if out[0] != proto or out[1] != isubkey:
+        fail(msg)
+    if asubkey is not None and (len(out) < 3 or out[2] != asubkey):
+        fail(msg)
+    lines = realm.run([klist, '-e']).splitlines()
+    for ind, line in enumerate(lines):
+        if realm.host_princ in line:
+            if lines[ind + 1].strip() != ('Etype (skey, tkt): %s, %s' %
+                                          (tktsession, tktenc)):
+                fail(msg)
+            break
+
+# Run t_enctypes with optional initiator and acceptor enctype lists,
+# and check that it fails with the expected error message.
+def test_err(msg, ienc, aenc, expected_err):
+    shutil.copyfile(os.path.join(realm.testdir, 'save'), realm.ccache)
+    realm.run(cmdline(ienc, aenc), expected_code=1, expected_msg=expected_err)
+
+
+# By default, all of the key enctypes should be aes256.
+test('noargs', None, None,
+     tktenc=aes256, tktsession=aes256,
+     proto='cfx', isubkey=aes256, asubkey=aes256)
+
+# When the initiator constrains the permitted session enctypes to
+# aes128, the ticket encryption key should remain aes256.  The client
+# initiator will not send an RFC 4537 upgrade list because it sees no
+# other permitted enctypes, so the acceptor subkey will not be
+# upgraded from aes128.
+test('init aes128', 'aes128-cts', None,
+     tktenc=aes256, tktsession=aes128,
+     proto='cfx', isubkey=aes128, asubkey=aes128)
+
+# If the initiator and acceptor both constrain the permitted session
+# enctypes to aes128, we should see the same keys as above.  This
+# tests that the acceptor does not mistakenly contrain the ticket
+# encryption key.
+test('both aes128', 'aes128-cts', 'aes128-cts',
+     tktenc=aes256, tktsession=aes128,
+     proto='cfx', isubkey=aes128, asubkey=aes128)
+
+# If only the acceptor constrains the permitted session enctypes to
+# aes128, subkey negotiation fails because the acceptor considers the
+# aes256 session key to be non-permitted.
+test_err('acc aes128', None, 'aes128-cts',
+         'Encryption type aes256-cts-hmac-sha1-96 not permitted')
+
+# If the initiator constrains the permitted session enctypes to des3,
+# no acceptor subkey will be generated because we can't upgrade to a
+# CFX enctype.
+test('init des3', 'des3', None,
+     tktenc=aes256, tktsession=d_des3,
+     proto='rfc1964', isubkey=des3raw, asubkey=None)
+
+# Force the ticket session key to be rc4, so we can test some subkey
+# upgrade cases.  The ticket encryption key remains aes256.
+realm.run([kadminl, 'setstr', realm.host_princ, 'session_enctypes', 'rc4'])
+
+# With no arguments, the initiator should send an upgrade list of
+# [aes256 aes128 des3] and the acceptor should upgrade to an aes256
+# subkey.
+test('upgrade noargs', None, None,
+     tktenc=aes256, tktsession=d_rc4,
+     proto='cfx', isubkey=rc4, asubkey=aes256)
+
+# If the initiator won't permit rc4 as a session key, it won't be able
+# to get a ticket.
+test_err('upgrade init aes', 'aes', None, 'no support for encryption type')
+
+# If the initiator permits rc4 but prefers aes128, it will send an
+# upgrade list of [aes128] and the acceptor will upgrade to aes128.
+test('upgrade init aes128+rc4', 'aes128-cts rc4', None,
+     tktenc=aes256, tktsession=d_rc4,
+     proto='cfx', isubkey=rc4, asubkey=aes128)
+
+# If the initiator permits rc4 but prefers des3, it will send an
+# upgrade list of [des3], but the acceptor won't generate a subkey
+# because des3 isn't a CFX enctype.
+test('upgrade init des3+rc4', 'des3 rc4', None,
+     tktenc=aes256, tktsession=d_rc4,
+     proto='rfc1964', isubkey=rc4, asubkey=None)
+
+# If the acceptor permits only aes128, subkey negotiation will fail
+# because the ticket session key and initiator subkey are
+# non-permitted.  (This is unfortunate if the acceptor's restriction
+# is only for the sake of the kernel, since we could upgrade to an
+# aes128 subkey, but it's the current semantics.)
+test_err('upgrade acc aes128', None, 'aes128-cts',
+         'Encryption type arcfour-hmac not permitted')
+
+# If the acceptor permits rc4 but prefers aes128, it will negotiate an
+# upgrade to aes128.
+test('upgrade acc aes128 rc4', None, 'aes128-cts rc4',
+     tktenc=aes256, tktsession=d_rc4,
+     proto='cfx', isubkey=rc4, asubkey=aes128)
+
+# In this test, the initiator and acceptor each prefer an AES enctype
+# to rc4, but they can't agree on which one, so no subkey is
+# generated.
+test('upgrade mismatch', 'aes128-cts rc4', 'aes256-cts rc4',
+     tktenc=aes256, tktsession=d_rc4,
+     proto='rfc1964', isubkey=rc4, asubkey=None)
+
+success('gss_krb5_set_allowable_enctypes tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_err.c b/krb5-1.21.3/src/tests/gssapi/t_err.c
new file mode 100644
index 00000000..3a9c47bd
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_err.c
@@ -0,0 +1,126 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_err.c - Test accept_sec_context error generation */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This test program verifies that the krb5 gss_accept_sec_context can produce
+ * error tokens and that gss_init_sec_context can interpret them.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "common.h"
+
+static void
+check_replay_error(const char *msg, OM_uint32 major, OM_uint32 minor)
+{
+    OM_uint32 tmpmin, msg_ctx = 0;
+    const char *replay = "Request is a replay";
+    gss_buffer_desc m;
+
+    if (major != GSS_S_FAILURE) {
+        fprintf(stderr, "%s: expected major code GSS_S_FAILURE\n", msg);
+        check_gsserr(msg, major, minor);
+        exit(1);
+    }
+
+    (void)gss_display_status(&tmpmin, minor, GSS_C_MECH_CODE, GSS_C_NULL_OID,
+                             &msg_ctx, &m);
+    if (m.length != strlen(replay) || memcmp(m.value, replay, m.length) != 0) {
+        fprintf(stderr, "%s: expected replay error; got %.*s\n", msg,
+                (int)m.length, (char *)m.value);
+        exit(1);
+    }
+    (void)gss_release_buffer(&tmpmin, &m);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, flags;
+    gss_OID mech = &mech_krb5;
+    gss_name_t tname;
+    gss_buffer_desc itok, atok;
+    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
+
+    argv++;
+    if (*argv != NULL && strcmp(*argv, "--spnego") == 0) {
+        mech = &mech_spnego;
+        argv++;
+    }
+    if (*argv == NULL || argv[1] != NULL) {
+        fprintf(stderr, "Usage: t_err targetname\n");
+        return 1;
+    }
+    tname = import_name(*argv);
+
+    /* Get the initial context token. */
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
+    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, tname,
+                                 mech, flags, GSS_C_INDEFINITE,
+                                 GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER,
+                                 NULL, &itok, NULL, NULL);
+    check_gsserr("gss_init_sec_context(1)", major, minor);
+    assert(major == GSS_S_CONTINUE_NEEDED);
+
+    /* Process this token into an acceptor context, then discard it. */
+    major = gss_accept_sec_context(&minor, &actx, GSS_C_NO_CREDENTIAL, &itok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL,
+                                   NULL, &atok, NULL, NULL, NULL);
+    check_gsserr("gss_accept_sec_context(1)", major, minor);
+    (void)gss_release_buffer(&minor, &atok);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+    /* Process the same token again, producing a replay error. */
+    major = gss_accept_sec_context(&minor, &actx, GSS_C_NO_CREDENTIAL, &itok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL,
+                                   NULL, &atok, NULL, NULL, NULL);
+    check_replay_error("gss_accept_sec_context(2)", major, minor);
+    assert(atok.length != 0);
+
+    /* Send the error token back the initiator. */
+    (void)gss_release_buffer(&minor, &itok);
+    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, tname,
+                                 mech, flags, GSS_C_INDEFINITE,
+                                 GSS_C_NO_CHANNEL_BINDINGS, &atok,
+                                 NULL, &itok, NULL, NULL);
+    check_replay_error("gss_init_sec_context(2)", major, minor);
+
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_release_buffer(&minor, &itok);
+    (void)gss_release_buffer(&minor, &atok);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_export_cred.c b/krb5-1.21.3/src/tests/gssapi/t_export_cred.c
new file mode 100644
index 00000000..4d7c028e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_export_cred.c
@@ -0,0 +1,115 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "common.h"
+
+/* Display a usage error message and exit. */
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: t_export_cred [-k|-s] [-i initiatorname] "
+            "[-a acceptorname] targetname\n");
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 major, minor, flags;
+    gss_name_t initiator_name = GSS_C_NO_NAME, acceptor_name = GSS_C_NO_NAME;
+    gss_name_t target_name;
+    gss_cred_id_t initiator_cred, acceptor_cred, delegated_cred;
+    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
+    gss_ctx_id_t acceptor_context = GSS_C_NO_CONTEXT;
+    gss_OID mech = GSS_C_NO_OID;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
+    char optchar;
+
+    /* Parse arguments. */
+    argv++;
+    while (*argv != NULL && **argv == '-') {
+        optchar = (*argv)[1];
+        argv++;
+        if (optchar == 'i') {
+            if (*argv == NULL)
+                usage();
+            initiator_name = import_name(*argv++);
+        } else if (optchar == 'a') {
+            if (*argv == NULL)
+                usage();
+            acceptor_name = import_name(*argv++);
+        } else if (optchar == 'k') {
+            mech = &mech_krb5;
+            mechs = &mechset_krb5;
+        } else if (optchar == 's') {
+            mech = &mech_spnego;
+            mechs = &mechset_spnego;
+        } else {
+            usage();
+        }
+    }
+    if (*argv == NULL || *(argv + 1) != NULL)
+        usage();
+    target_name = import_name(argv[0]);
+
+    /* Get initiator cred and export/import it. */
+    major = gss_acquire_cred(&minor, initiator_name, GSS_C_INDEFINITE, mechs,
+                             GSS_C_INITIATE, &initiator_cred, NULL, NULL);
+    check_gsserr("gss_acquire_cred(initiator)", major, minor);
+    export_import_cred(&initiator_cred);
+
+    /* Get acceptor cred and export/import it. */
+    major = gss_acquire_cred(&minor, acceptor_name, GSS_C_INDEFINITE, mechs,
+                             GSS_C_ACCEPT, &acceptor_cred, NULL, NULL);
+    check_gsserr("gss_acquire_cred(acceptor)", major, minor);
+    export_import_cred(&acceptor_cred);
+
+    /* Initiate and accept a security context (one-token exchange only),
+     * delegating credentials. */
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
+        GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG;
+    establish_contexts(mech, initiator_cred, acceptor_cred, target_name, flags,
+                       &initiator_context, &acceptor_context, NULL, NULL,
+                       &delegated_cred);
+
+    /* Import, release, export, and store delegated creds */
+    export_import_cred(&delegated_cred);
+    major = gss_store_cred(&minor, delegated_cred, GSS_C_INITIATE,
+                           GSS_C_NULL_OID, 1, 1, NULL, NULL);
+    check_gsserr("gss_store_cred", major, minor);
+
+    (void)gss_release_name(&minor, &initiator_name);
+    (void)gss_release_name(&minor, &acceptor_name);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_release_cred(&minor, &initiator_cred);
+    (void)gss_release_cred(&minor, &acceptor_cred);
+    (void)gss_release_cred(&minor, &delegated_cred);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_export_cred.py b/krb5-1.21.3/src/tests/gssapi/t_export_cred.py
new file mode 100755
index 00000000..89167bcc
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_export_cred.py
@@ -0,0 +1,50 @@
+from k5test import *
+
+# Test gss_export_cred and gss_import_cred for initiator creds,
+# acceptor creds, and traditional delegated creds.  t_s4u.py tests
+# exporting and importing a synthesized S4U2Proxy delegated
+# credential.
+
+# Make up a filename to hold user's initial credentials.
+def ccache_savefile(realm):
+    return os.path.join(realm.testdir, 'ccache.copy')
+
+# Move user's initial credentials into the save file.
+def ccache_save(realm):
+    os.rename(realm.ccache, ccache_savefile(realm))
+
+# Copy user's initial credentials from the save file into the ccache.
+def ccache_restore(realm):
+    shutil.copyfile(ccache_savefile(realm), realm.ccache)
+
+# Run t_export_cred with the saved ccache and verify that it stores a
+# forwarded cred into the default ccache.
+def check(realm, args):
+    ccache_restore(realm)
+    realm.run(['./t_export_cred'] + args)
+    realm.run([klist, '-f'], expected_msg='Flags: Ff')
+
+# Check a given set of arguments with no specified mech and with krb5
+# and SPNEGO as the specified mech.
+def check_mechs(realm, args):
+    check(realm, args)
+    check(realm, ['-k'] + args)
+    check(realm, ['-s'] + args)
+
+# Make a realm, get forwardable tickets, and save a copy for each test.
+realm = K5Realm(get_creds=False)
+realm.kinit(realm.user_princ, password('user'), ['-f'])
+ccache_save(realm)
+
+# Test with default initiator and acceptor cred.
+tname = 'p:' + realm.host_princ
+check_mechs(realm, [tname])
+
+# Test with principal-named initiator and acceptor cred.
+iname = 'p:' + realm.user_princ
+check_mechs(realm, ['-i', iname, '-a', tname, tname])
+
+# Test with host-based acceptor cred.
+check_mechs(realm, ['-a', 'h:host', tname])
+
+success('gss_export_cred/gss_import_cred tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_export_name.c b/krb5-1.21.3/src/tests/gssapi/t_export_name.c
new file mode 100644
index 00000000..b7eebd4e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_export_name.c
@@ -0,0 +1,119 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_export_name.c - Test program for gss_export_name behavior */
+/*
+ * Copyright 2012 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test program for gss_export_name, intended to be run from a Python test
+ * script.  Imports a name, canonicalizes it to a mech, exports it,
+ * re-imports/exports it to compare results, and then prints the hex form of
+ * the exported name followed by a newline.
+ *
+ * Usage: ./t_export_name [-k|-s] user:username|krb5:princ|host:service@host
+ *
+ * The name is imported as a username, krb5 principal, or hostbased name.
+ * By default or with -k, the name is canonicalized to the krb5 mech; -s
+ * indicates SPNEGO instead.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static void
+usage(void)
+{
+    fprintf(stderr, "Usage: t_export_name [-k|-s] name\n");
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_OID mech = (gss_OID)gss_mech_krb5;
+    gss_name_t name, mechname, impname;
+    gss_buffer_desc buf, buf2;
+    krb5_boolean use_composite = FALSE;
+    gss_OID ntype;
+    const char *name_arg;
+    char opt;
+
+    /* Parse arguments. */
+    while (argc > 1 && argv[1][0] == '-') {
+        opt = argv[1][1];
+        argc--, argv++;
+        if (opt == 'k')
+            mech = &mech_krb5;
+        else if (opt == 's')
+            mech = &mech_spnego;
+        else if (opt == 'c')
+            use_composite = TRUE;
+        else
+            usage();
+    }
+    if (argc != 2)
+        usage();
+    name_arg = argv[1];
+
+    /* Import the name. */
+    name = import_name(name_arg);
+
+    /* Canonicalize and export the name. */
+    major = gss_canonicalize_name(&minor, name, mech, &mechname);
+    check_gsserr("gss_canonicalize_name", major, minor);
+    if (use_composite)
+        major = gss_export_name_composite(&minor, mechname, &buf);
+    else
+        major = gss_export_name(&minor, mechname, &buf);
+    check_gsserr("gss_export_name", major, minor);
+
+    /* Import and re-export the name, and compare the results. */
+    ntype = use_composite ? GSS_C_NT_COMPOSITE_EXPORT : GSS_C_NT_EXPORT_NAME;
+    major = gss_import_name(&minor, &buf, ntype, &impname);
+    check_gsserr("gss_import_name", major, minor);
+    if (use_composite)
+        major = gss_export_name_composite(&minor, impname, &buf2);
+    else
+        major = gss_export_name(&minor, impname, &buf2);
+    check_gsserr("gss_export_name", major, minor);
+    if (buf.length != buf2.length ||
+        memcmp(buf.value, buf2.value, buf.length) != 0) {
+        fprintf(stderr, "Mismatched results:\n");
+        print_hex(stderr, &buf);
+        print_hex(stderr, &buf2);
+        return 1;
+    }
+
+    print_hex(stdout, &buf);
+
+    (void)gss_release_name(&minor, &name);
+    (void)gss_release_name(&minor, &mechname);
+    (void)gss_release_name(&minor, &impname);
+    (void)gss_release_buffer(&minor, &buf);
+    (void)gss_release_buffer(&minor, &buf2);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_gssapi.py b/krb5-1.21.3/src/tests/gssapi/t_gssapi.py
new file mode 100755
index 00000000..5f093a19
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_gssapi.py
@@ -0,0 +1,226 @@
+from k5test import *
+
+# Test krb5 negotiation under SPNEGO for all enctype configurations.  Also
+# test IOV wrap/unwrap with and without SPNEGO.
+for realm in multipass_realms():
+    realm.run(['./t_spnego','p:' + realm.host_princ, realm.keytab])
+    realm.run(['./t_iov', 'p:' + realm.host_princ])
+    realm.run(['./t_iov', '-s', 'p:' + realm.host_princ])
+    realm.run(['./t_pcontok', 'p:' + realm.host_princ])
+
+realm = K5Realm()
+
+# Test gss_add_cred().
+realm.run(['./t_add_cred'])
+
+### Test acceptor name behavior.
+
+# Create some host-based principals and put most of them into the
+# keytab.  Rename one principal so that the keytab name matches the
+# key but not the client name.
+realm.run([kadminl, 'addprinc', '-randkey', 'service1/abraham'])
+realm.run([kadminl, 'addprinc', '-randkey', 'service1/barack'])
+realm.run([kadminl, 'addprinc', '-randkey', 'service2/calvin'])
+realm.run([kadminl, 'addprinc', '-randkey', 'service2/dwight'])
+realm.run([kadminl, 'addprinc', '-randkey', 'host/-nomatch-'])
+realm.run([kadminl, 'addprinc', '-randkey', 'http/localhost'])
+realm.run([kadminl, 'xst', 'service1/abraham'])
+realm.run([kadminl, 'xst', 'service1/barack'])
+realm.run([kadminl, 'xst', 'service2/calvin'])
+realm.run([kadminl, 'xst', 'http/localhost'])
+realm.run([kadminl, 'renprinc', 'service1/abraham', 'service1/andrew'])
+
+# Test with no default realm and no dots in the server name.
+realm.run(['./t_accname', 'h:http@localhost'], expected_msg='http/localhost')
+remove_default = {'libdefaults': {'default_realm': None}}
+no_default = realm.special_env('no_default', False, krb5_conf=remove_default)
+realm.run(['./t_accname', 'h:http@localhost'], expected_msg='http/localhost',
+          env=no_default)
+
+# Test with no acceptor name, including client/keytab principal
+# mismatch (non-fatal) and missing keytab entry (fatal).
+realm.run(['./t_accname', 'p:service1/andrew'],
+          expected_msg='service1/abraham')
+realm.run(['./t_accname', 'p:service1/barack'], expected_msg='service1/barack')
+realm.run(['./t_accname', 'p:service2/calvin'], expected_msg='service2/calvin')
+realm.run(['./t_accname', 'p:service2/dwight'], expected_code=1,
+          expected_msg=' not found in keytab')
+
+# Test with acceptor name containing service only, including
+# client/keytab hostname mismatch (non-fatal) and service name
+# mismatch (fatal).
+realm.run(['./t_accname', 'p:service1/andrew', 'h:service1'],
+          expected_msg='service1/abraham')
+realm.run(['./t_accname', 'p:service1/andrew', 'h:service2'], expected_code=1,
+          expected_msg=' not found in keytab')
+realm.run(['./t_accname', 'p:service2/calvin', 'h:service2'],
+          expected_msg='service2/calvin')
+realm.run(['./t_accname', 'p:service2/calvin', 'h:service1'], expected_code=1,
+          expected_msg=' found in keytab but does not match server principal')
+# Regression test for #8892 (trailing @ in name).
+realm.run(['./t_accname', 'p:service1/andrew', 'h:service1@'],
+          expected_msg='service1/abraham')
+
+# Test with acceptor name containing service and host.  Use the
+# client's un-canonicalized hostname as acceptor input to mirror what
+# many servers do.
+realm.run(['./t_accname', 'p:' + realm.host_princ,
+           'h:host@%s' % socket.gethostname()], expected_msg=realm.host_princ)
+realm.run(['./t_accname', 'p:host/-nomatch-',
+           'h:host@%s' % socket.gethostname()], expected_code=1,
+          expected_msg=' not found in keytab')
+
+# If possible, test with an acceptor name requiring fallback to match
+# against a keytab entry.
+canonname = canonicalize_hostname(hostname)
+if canonname != hostname:
+    os.rename(realm.keytab, realm.keytab + '.save')
+    canonprinc = 'host/' + canonname
+    realm.run([kadminl, 'addprinc', '-randkey', canonprinc])
+    realm.extract_keytab(canonprinc, realm.keytab)
+    # Use the canonical name for the initiator's target name, since
+    # host/hostname exists in the KDB (but not the keytab).
+    realm.run(['./t_accname', 'h:host@' + canonname, 'h:host@' + hostname])
+    os.rename(realm.keytab + '.save', realm.keytab)
+else:
+    skipped('GSS acceptor name fallback test',
+            '%s does not canonicalize to a different name' % hostname)
+
+# Test krb5_gss_import_cred.
+realm.run(['./t_imp_cred', 'p:service1/barack'])
+realm.run(['./t_imp_cred', 'p:service1/barack', 'service1/barack'])
+realm.run(['./t_imp_cred', 'p:service1/andrew', 'service1/abraham'])
+realm.run(['./t_imp_cred', 'p:service2/dwight'], expected_code=1,
+          expected_msg=' not found in keytab')
+
+# Verify that we can't acquire acceptor creds without a keytab.
+os.remove(realm.keytab)
+out = realm.run(['./t_accname', 'p:abc'], expected_code=1)
+if ('gss_acquire_cred: Keytab' not in out or
+    'nonexistent or empty' not in out):
+    fail('Expected error message not seen for nonexistent keytab')
+
+realm.stop()
+
+# Re-run the last acceptor name test with ignore_acceptor_hostname set
+# and the principal for the mismatching hostname in the keytab.
+ignore_conf = {'libdefaults': {'ignore_acceptor_hostname': 'true'}}
+realm = K5Realm(krb5_conf=ignore_conf)
+realm.run([kadminl, 'addprinc', '-randkey', 'host/-nomatch-'])
+realm.run([kadminl, 'xst', 'host/-nomatch-'])
+realm.run(['./t_accname', 'p:host/-nomatch-',
+           'h:host@%s' % socket.gethostname()], expected_msg='host/-nomatch-')
+
+realm.stop()
+
+# Make sure a GSSAPI acceptor can handle cross-realm tickets with a
+# transited field.  (Regression test for #7639.)
+r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
+                          create_user=False, create_host=False,
+                          args=[{'realm': 'A.X', 'create_user': True},
+                                {'realm': 'X'},
+                                {'realm': 'B.X', 'create_host': True}])
+os.rename(r3.keytab, r1.keytab)
+r1.run(['./t_accname', 'p:' + r3.host_princ, 'h:host'])
+r1.stop()
+r2.stop()
+r3.stop()
+
+### Test gss_inquire_cred behavior.
+
+realm = K5Realm()
+
+# Test deferred resolution of the default ccache for initiator creds.
+realm.run(['./t_inq_cred'], expected_msg=realm.user_princ)
+realm.run(['./t_inq_cred', '-k'], expected_msg=realm.user_princ)
+realm.run(['./t_inq_cred', '-s'], expected_msg=realm.user_princ)
+
+# Test picking a name from the keytab for acceptor creds.
+realm.run(['./t_inq_cred', '-a'], expected_msg=realm.host_princ)
+realm.run(['./t_inq_cred', '-k', '-a'], expected_msg=realm.host_princ)
+realm.run(['./t_inq_cred', '-s', '-a'], expected_msg=realm.host_princ)
+
+# Test client keytab initiation (non-deferred) with a specified name.
+realm.extract_keytab(realm.user_princ, realm.client_keytab)
+os.remove(realm.ccache)
+realm.run(['./t_inq_cred', '-k'], expected_msg=realm.user_princ)
+
+# Test deferred client keytab initiation and GSS_C_BOTH cred usage.
+os.remove(realm.client_keytab)
+os.remove(realm.ccache)
+shutil.copyfile(realm.keytab, realm.client_keytab)
+realm.run(['./t_inq_cred', '-k', '-b'], expected_msg=realm.host_princ)
+
+# Test gss_export_name behavior.
+realm.run(['./t_export_name', 'u:x'], expected_msg=\
+          '0401000B06092A864886F7120102020000000D78404B5242544553542E434F4D\n')
+realm.run(['./t_export_name', '-s', 'u:xyz'],
+          expected_msg='0401000806062B06010505020000000378797A\n')
+realm.run(['./t_export_name', 'p:a@b'],
+          expected_msg='0401000B06092A864886F71201020200000003614062\n')
+realm.run(['./t_export_name', '-s', 'p:a@b'],
+          expected_msg='0401000806062B060105050200000003614062\n')
+
+# Test that composite-export tokens can be imported.
+realm.run(['./t_export_name', '-c', 'p:a@b'], expected_msg=
+          '0402000B06092A864886F7120102020000000361406200000000\n')
+
+# Test gss_inquire_mechs_for_name behavior.
+krb5_mech = '{ 1 2 840 113554 1 2 2 }'
+spnego_mech = '{ 1 3 6 1 5 5 2 }'
+out = realm.run(['./t_inq_mechs_name', 'p:a@b'])
+if krb5_mech not in out:
+    fail('t_inq_mechs_name (principal)')
+out = realm.run(['./t_inq_mechs_name', 'u:x'])
+if krb5_mech not in out or spnego_mech not in out:
+    fail('t_inq_mecs_name (user)')
+out = realm.run(['./t_inq_mechs_name', 'h:host'])
+if krb5_mech not in out or spnego_mech not in out:
+    fail('t_inq_mecs_name (hostbased)')
+
+# Test that accept_sec_context can produce an error token and
+# init_sec_context can interpret it.
+realm.run(['./t_err', 'p:' + realm.host_princ])
+realm.run(['./t_err', '--spnego', 'p:' + realm.host_princ])
+
+# Test the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option.
+realm.run(['./t_ciflags', 'p:' + realm.host_princ])
+
+# Test that inquire_context works properly, even on incomplete
+# contexts.
+realm.run(['./t_inq_ctx', 'user', password('user'), 'p:%s' % realm.host_princ])
+
+if runenv.sizeof_time_t <= 4:
+    skip_rest('y2038 GSSAPI tests', 'platform has 32-bit time_t')
+
+# Test lifetime results, using a realm with a large maximum lifetime
+# so that we can test ticket end dates after y2038.
+realm.stop()
+conf = {'realms': {'$realm': {'max_life': '9000d'}}}
+realm = K5Realm(kdc_conf=conf, get_creds=False)
+
+# Check a lifetime string result against an expected number value (or None).
+# Allow some variance due to time elapsed during the tests.
+def check_lifetime(msg, val, expected):
+    if expected is None and val != 'indefinite':
+        fail('%s: expected indefinite, got %s' % (msg, val))
+    if expected is not None and val == 'indefinite':
+        fail('%s: expected %d, got indefinite' % (msg, expected))
+    if expected is not None and abs(int(val) - expected) > 100:
+        fail('%s: expected %d, got %s' % (msg, expected, val))
+
+realm.kinit(realm.user_princ, password('user'), flags=['-l', '8500d'])
+out = realm.run(['./t_lifetime', 'p:' + realm.host_princ, str(8000 * 86400)])
+ln = out.split('\n')
+check_lifetime('icred gss_acquire_cred', ln[0], 8500 * 86400)
+check_lifetime('icred gss_inquire_cred', ln[1], 8500 * 86400)
+check_lifetime('acred gss_acquire_cred', ln[2], None)
+check_lifetime('acred gss_inquire_cred', ln[3], None)
+check_lifetime('ictx gss_init_sec_context', ln[4], 8000 * 86400)
+check_lifetime('ictx gss_inquire_context', ln[5], 8000 * 86400)
+check_lifetime('ictx gss_context_time', ln[6], 8000 * 86400)
+check_lifetime('actx gss_accept_sec_context', ln[7], 8000 * 86400 + 300)
+check_lifetime('actx gss_inquire_context', ln[8], 8000 * 86400 + 300)
+check_lifetime('actx gss_context_time', ln[9], 8000 * 86400 + 300)
+
+success('GSSAPI tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_gssexts.c b/krb5-1.21.3/src/tests/gssapi/t_gssexts.c
new file mode 100644
index 00000000..41d62b92
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_gssexts.c
@@ -0,0 +1,247 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+/*
+ * Test program for protocol transition (S4U2Self) and constrained delegation
+ * (S4U2Proxy)
+ *
+ * Note: because of name canonicalization, the following tips may help
+ * when configuring with Active Directory:
+ *
+ * - Create a computer account FOO$
+ * - Set the UPN to host/foo.domain (no suffix); this is necessary to
+ *   be able to send an AS-REQ as this principal, otherwise you would
+ *   need to use the canonical name (FOO$), which will cause principal
+ *   comparison errors in gss_accept_sec_context().
+ * - Add a SPN of host/foo.domain
+ * - Configure the computer account to support constrained delegation with
+ *   protocol transition (Trust this computer for delegation to specified
+ *   services only / Use any authentication protocol)
+ * - Add host/foo.domain to the keytab (possibly easiest to do this
+ *   with ktadd)
+ *
+ * For S4U2Proxy to work the TGT must be forwardable too.
+ *
+ * Usage eg:
+ *
+ * kinit -k -t test.keytab -f 'host/test.win.mit.edu@WIN.MIT.EDU'
+ * ./t_s4u p:delegtest@WIN.MIT.EDU p:HOST/WIN-EQ7E4AA2WR8.win.mit.edu@WIN.MIT.EDU test.keytab
+ */
+
+static int use_spnego = 0;
+
+static void
+test_prf(gss_ctx_id_t initiatorContext, gss_ctx_id_t acceptorContext,
+         int flags)
+{
+    gss_buffer_desc constant;
+    OM_uint32 major, minor;
+    unsigned int i;
+    gss_buffer_desc initiatorPrf;
+    gss_buffer_desc acceptorPrf;
+
+    constant.value = "gss prf test";
+    constant.length = strlen((char *)constant.value);
+
+    initiatorPrf.value = NULL;
+    acceptorPrf.value = NULL;
+
+    major = gss_pseudo_random(&minor, initiatorContext, flags, &constant, 19,
+                              &initiatorPrf);
+    check_gsserr("gss_pseudo_random", major, minor);
+
+    printf("%s\n", flags == GSS_C_PRF_KEY_FULL ?
+           "PRF_KEY_FULL" : "PRF_KEY_PARTIAL");
+
+    printf("Initiator PRF: ");
+    for (i = 0; i < initiatorPrf.length; i++)
+        printf("%02x ", ((char *)initiatorPrf.value)[i] & 0xFF);
+    printf("\n");
+
+    major = gss_pseudo_random(&minor, acceptorContext, flags, &constant, 19,
+                              &acceptorPrf);
+    check_gsserr("gss_pseudo_random", major, minor);
+
+    printf("Acceptor  PRF: ");
+    for (i = 0; i < acceptorPrf.length; i++)
+        printf("%02x ", ((char *)acceptorPrf.value)[i] & 0xFF);
+    printf("\n");
+
+    if (acceptorPrf.length != initiatorPrf.length ||
+        memcmp(acceptorPrf.value, initiatorPrf.value, initiatorPrf.length)) {
+        fprintf(stderr, "Initiator and acceptor PRF output does not match\n");
+        exit(1);
+    }
+
+    (void)gss_release_buffer(&minor, &initiatorPrf);
+    (void)gss_release_buffer(&minor, &acceptorPrf);
+}
+
+static void
+init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
+                        gss_cred_id_t verifier_cred_handle,
+                        gss_cred_id_t *deleg_cred_handle)
+{
+    OM_uint32 major, minor, flags;
+    gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
+    gss_ctx_id_t initiator_context, acceptor_context;
+    gss_OID mech;
+
+    *deleg_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+                             NULL, NULL);
+    check_gsserr("gss_inquire_cred", major, minor);
+    display_canon_name("Target name", target_name, &mech_krb5);
+
+    mech = use_spnego ? &mech_spnego : &mech_krb5;
+    display_oid("Target mech", mech);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, NULL,
+                       deleg_cred_handle);
+
+    test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_FULL);
+    test_prf(initiator_context, acceptor_context, GSS_C_PRF_KEY_PARTIAL);
+
+    (void)gss_release_name(&minor, &source_name);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+}
+
+static void
+get_default_cred(const char *keytab_name, gss_OID_set mechs,
+                 gss_cred_id_t *impersonator_cred_handle)
+{
+    OM_uint32 major = GSS_S_FAILURE, minor;
+    krb5_error_code ret;
+    krb5_context context = NULL;
+    krb5_keytab keytab = NULL;
+    krb5_principal keytab_principal = NULL;
+    krb5_ccache ccache = NULL;
+
+    if (keytab_name != NULL) {
+        ret = krb5_init_context(&context);
+        check_k5err(context, "krb5_init_context", ret);
+
+        ret = krb5_kt_resolve(context, keytab_name, &keytab);
+        check_k5err(context, "krb5_kt_resolve", ret);
+
+        ret = krb5_cc_default(context, &ccache);
+        check_k5err(context, "krb5_cc_default", ret);
+
+        ret = krb5_cc_get_principal(context, ccache, &keytab_principal);
+        check_k5err(context, "krb5_cc_get_principal", ret);
+
+        major = gss_krb5_import_cred(&minor, ccache, keytab_principal, keytab,
+                                     impersonator_cred_handle);
+        check_gsserr("gss_krb5_import_cred", major, minor);
+
+        krb5_free_principal(context, keytab_principal);
+        krb5_cc_close(context, ccache);
+        krb5_kt_close(context, keytab);
+        krb5_free_context(context);
+    } else {
+        major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                                 mechs, GSS_C_BOTH, impersonator_cred_handle,
+                                 NULL, NULL);
+        check_gsserr("gss_acquire_cred", major, minor);
+    }
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_cred_id_t impersonator_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t user_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_name_t user = GSS_C_NO_NAME, target = GSS_C_NO_NAME;
+    gss_OID_set mechs, actual_mechs = GSS_C_NO_OID_SET;
+    uid_t uid;
+
+    if (argc < 2 || argc > 5) {
+        fprintf(stderr, "Usage: %s [--spnego] [user] "
+                "[proxy-target] [keytab]\n", argv[0]);
+        fprintf(stderr, "       proxy-target and keytab are optional\n");
+        exit(1);
+    }
+
+    if (strcmp(argv[1], "--spnego") == 0) {
+        use_spnego++;
+        argc--;
+        argv++;
+    }
+
+    user = import_name(argv[1]);
+
+    major = gss_pname_to_uid(&minor, user, NULL, &uid);
+    check_gsserr("gss_pname_to_uid(user)", major, minor);
+
+    if (argc > 2 && strcmp(argv[2], "-") != 0)
+        target = import_name(argv[2]);
+
+    mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
+
+    get_default_cred((argc > 3) ? argv[3] : NULL, mechs,
+                     &impersonator_cred_handle);
+
+    printf("Protocol transition tests follow\n");
+    printf("-----------------------------------\n\n");
+
+    /* get S4U2Self cred */
+    major = gss_acquire_cred_impersonate_name(&minor, impersonator_cred_handle,
+                                              user, GSS_C_INDEFINITE, mechs,
+                                              GSS_C_INITIATE,
+                                              &user_cred_handle, &actual_mechs,
+                                              NULL);
+    check_gsserr("gss_acquire_cred_impersonate_name", major, minor);
+
+    /* Try to store it in default ccache */
+    major = gss_store_cred(&minor, user_cred_handle, GSS_C_INITIATE,
+                           &mechs->elements[0], 1, 1, NULL, NULL);
+    check_gsserr("gss_store_cred", major, minor);
+
+    init_accept_sec_context(user_cred_handle, impersonator_cred_handle,
+                            &delegated_cred_handle);
+
+    printf("\n");
+
+    (void)gss_release_name(&minor, &user);
+    (void)gss_release_name(&minor, &target);
+    (void)gss_release_cred(&minor, &delegated_cred_handle);
+    (void)gss_release_cred(&minor, &impersonator_cred_handle);
+    (void)gss_release_cred(&minor, &user_cred_handle);
+    (void)gss_release_oid_set(&minor, &actual_mechs);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_imp_cred.c b/krb5-1.21.3/src/tests/gssapi/t_imp_cred.c
new file mode 100644
index 00000000..a2aa5fba
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_imp_cred.c
@@ -0,0 +1,101 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_imp_cred.c - krb5_gss_import_cred test harness */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test program for krb5_gss_import_cred, intended to be run from a Python test
+ * script.  Creates an initiator credential for the default ccache and an
+ * acceptor principal for the default keytab (possibly using a specified keytab
+ * principal), and performs a one-token context exchange using a specified
+ * target principal.  If the exchange is successful, queries the context for
+ * the acceptor name and prints it.  If any call is unsuccessful, displays an
+ * error message.  Exits with status 0 if all operations are successful, or 1
+ * if not.
+ *
+ * Usage: ./t_imp_cred target-princ [keytab-princ]
+ */
+
+#include "k5-platform.h"
+#include <krb5.h>
+
+#include "common.h"
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, flags;
+    gss_cred_id_t initiator_cred, acceptor_cred;
+    gss_ctx_id_t initiator_context, acceptor_context;
+    gss_name_t target_name;
+    krb5_context context = NULL;
+    krb5_ccache cc;
+    krb5_keytab kt;
+    krb5_principal princ = NULL;
+    krb5_error_code ret;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s targetname [acceptorprinc]\n", argv[0]);
+        return 1;
+    }
+
+    /* Import the target name. */
+    target_name = import_name(argv[1]);
+
+    /* Acquire the krb5 objects we need. */
+    ret = krb5_init_context(&context);
+    check_k5err(context, "krb5_init_context", ret);
+    ret = krb5_cc_default(context, &cc);
+    check_k5err(context, "krb5_cc_default", ret);
+    ret = krb5_kt_default(context, &kt);
+    check_k5err(context, "krb5_kt_default", ret);
+    if (argc >= 3) {
+        ret = krb5_parse_name(context, argv[2], &princ);
+        check_k5err(context, "krb5_parse_name", ret);
+    }
+
+    /* Get initiator cred. */
+    major = gss_krb5_import_cred(&minor, cc, NULL, NULL, &initiator_cred);
+    check_gsserr("gss_krb5_import_cred (initiator)", major, minor);
+
+    /* Get acceptor cred. */
+    major = gss_krb5_import_cred(&minor, NULL, princ, kt, &acceptor_cred);
+    check_gsserr("gss_krb5_import_cred (acceptor)", major, minor);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, initiator_cred, acceptor_cred, target_name,
+                       flags, &initiator_context, &acceptor_context, NULL,
+                       NULL, NULL);
+
+    krb5_cc_close(context, cc);
+    krb5_kt_close(context, kt);
+    krb5_free_principal(context, princ);
+    krb5_free_context(context);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_release_cred(&minor, &initiator_cred);
+    (void)gss_release_cred(&minor, &acceptor_cred);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_imp_name.c b/krb5-1.21.3/src/tests/gssapi/t_imp_name.c
new file mode 100644
index 00000000..e7dbcc42
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_imp_name.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1996, Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Simple test program for testing how GSSAPI import name works.  (May
+ * be made into a more full-fledged test program later.)
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "common.h"
+
+static const char *
+oid_str(char type)
+{
+    switch (type) {
+    case 'p': /* GSS_KRB5_NT_PRINCIPAL_NAME */
+        return "{ 1 2 840 113554 1 2 2 1 }";
+    case 'e': /* GSS_KRB5_NT_ENTERPRISE_NAME */
+        return "{ 1 2 840 113554 1 2 2 6 }";
+    case 'c': /* GSS_KRB5_NT_X509_CERT */
+        return "{ 1 2 840 113554 1 2 2 7 }";
+    case 'h': /* GSS_C_NT_HOSTBASED_SERVICE */
+        return "{ 1 2 840 113554 1 2 1 4 }";
+    }
+    return "no_oid";
+}
+
+/* Return true if buf has the same contents as str, plus a zero byte if
+ * indicated by buf_includes_nullterm. */
+static int
+buf_eq_str(gss_buffer_t buf, const char *str, int buf_includes_nullterm)
+{
+    size_t len = strlen(str) + (buf_includes_nullterm ? 1 : 0);
+
+    return (buf->length == len && memcmp(buf->value, str, len) == 0);
+}
+
+static void
+test_import_name(const char *name)
+{
+    OM_uint32 major, minor;
+    gss_name_t gss_name;
+    gss_buffer_desc buf;
+    gss_OID name_oid;
+
+    gss_name = import_name(name);
+
+    major = gss_display_name(&minor, gss_name, &buf, &name_oid);
+    check_gsserr("gss_display_name", major, minor);
+    if (!buf_eq_str(&buf, name + 2, 0))
+        errout("wrong name string");
+    (void)gss_release_buffer(&minor, &buf);
+
+    major = gss_oid_to_str(&minor, name_oid, &buf);
+    check_gsserr("gss_oid_to_str", major, minor);
+    if (!buf_eq_str(&buf, oid_str(*name), 1))
+        errout("wrong name type");
+    (void)gss_release_buffer(&minor, &buf);
+    (void)gss_release_name(&minor, &gss_name);
+}
+
+int
+main(int argc, char **argv)
+{
+    test_import_name("p:user@MIT.EDU");
+    test_import_name("e:enterprise@mit.edu@MIT.EDU");
+    test_import_name("h:HOST@dc1.mit.edu");
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_inq_cred.c b/krb5-1.21.3/src/tests/gssapi/t_inq_cred.c
new file mode 100644
index 00000000..8dd331d6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_inq_cred.c
@@ -0,0 +1,116 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_inq_cred.c - Test program for gss_inquire_cred behavior */
+/*
+ * Copyright 2012 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test program for gss_inquire_cred, intended to be run from a Python test
+ * script.  Acquires credentials, inquires them, and prints the resulting name
+ * and lifetime.
+ *
+ * Usage: ./t_inq_cred [-k|-s] [-a|-b|-i] [initiatorname]
+ *
+ * By default no mechanism is specified when acquiring credentials; -k
+ * indicates the krb5 mech and -s indicates SPNEGO.  By default or with -i,
+ * initiator credentials are acquired; -a indicates acceptor credentials and -b
+ * indicates credentials of both types.  The credential is acquired with no
+ * name by default; a krb5 principal name or host-based name (prefixed with
+ * "gss:") may be supplied as an argument.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+            "Usage: t_inq_cred [-k|-s] [-a|-b|-i] [princ|gss:service@host]\n");
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, lifetime;
+    gss_cred_usage_t cred_usage = GSS_C_INITIATE;
+    gss_OID_set mechs = GSS_C_NO_OID_SET;
+    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
+    gss_name_t name = GSS_C_NO_NAME;
+    gss_buffer_desc buf;
+    const char *name_arg = NULL;
+    char opt;
+
+    while (argc > 1 && argv[1][0] == '-') {
+        opt = argv[1][1];
+        argc--, argv++;
+        if (opt == 'a')
+            cred_usage = GSS_C_ACCEPT;
+        else if (opt == 'b')
+            cred_usage = GSS_C_BOTH;
+        else if (opt == 'i')
+            cred_usage = GSS_C_INITIATE;
+        else if (opt == 'k')
+            mechs = &mechset_krb5;
+        else if (opt == 's')
+            mechs = &mechset_spnego;
+        else
+            usage();
+    }
+    if (argc > 2)
+        usage();
+    if (argc > 1)
+        name_arg = argv[1];
+
+    /* Import the name, if given. */
+    if (name_arg != NULL)
+        name = import_name(name_arg);
+
+    /* Acquire a credential. */
+    major = gss_acquire_cred(&minor, name, GSS_C_INDEFINITE, mechs, cred_usage,
+                             &cred, NULL, NULL);
+    check_gsserr("gss_acquire_cred", major, minor);
+
+    /* Inquire about the credential. */
+    (void)gss_release_name(&minor, &name);
+    major = gss_inquire_cred(&minor, cred, &name, &lifetime, NULL, NULL);
+    check_gsserr("gss_inquire_cred", major, minor);
+
+    /* Get a display form of the name. */
+    buf.value = NULL;
+    buf.length = 0;
+    major = gss_display_name(&minor, name, &buf, NULL);
+    check_gsserr("gss_display_name", major, minor);
+
+    printf("name: %.*s\n", (int)buf.length, (char *)buf.value);
+    printf("lifetime: %d\n", (int)lifetime);
+
+    (void)gss_release_cred(&minor, &cred);
+    (void)gss_release_name(&minor, &name);
+    (void)gss_release_buffer(&minor, &buf);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_inq_ctx.c b/krb5-1.21.3/src/tests/gssapi/t_inq_ctx.c
new file mode 100644
index 00000000..c59ca382
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_inq_ctx.c
@@ -0,0 +1,241 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2015 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "common.h"
+
+
+/*
+ * Test program for inquiring about a security context, intended to be run from
+ * a Python test script.  Partially establishes a context to test inquiring
+ * about an incomplete context, and then establishes full contexts and inquires
+ * them.  Exits with status 0 if all operations are successful, or 1 if not.
+ *
+ * Usage: ./t_inq_ctx target_name
+ */
+
+static void
+check_inq_context(gss_ctx_id_t context, int incomplete, gss_OID expected_mech,
+                  OM_uint32 expected_flags, int expected_locally_init)
+{
+    OM_uint32 major, minor;
+    gss_name_t out_init_name, out_accept_name;
+    OM_uint32 out_lifetime;
+    gss_OID out_mech_type;
+    OM_uint32 out_flags;
+    int out_locally_init;
+    int out_open;
+
+    major = gss_inquire_context(&minor, context, &out_init_name,
+                                &out_accept_name, &out_lifetime,
+                                &out_mech_type, &out_flags, &out_locally_init,
+                                &out_open);
+    check_gsserr("gss_inquire_context", major, minor);
+
+    assert(gss_oid_equal(out_mech_type, expected_mech));
+    assert(out_flags == expected_flags);
+    assert(out_locally_init == expected_locally_init);
+    if (incomplete) {
+        assert(!out_open);
+        assert(out_lifetime == 0);
+        assert(out_init_name == GSS_C_NO_NAME);
+        assert(out_accept_name == GSS_C_NO_NAME);
+    } else {
+        assert(out_open);
+        assert(out_lifetime > 0);
+        assert(out_init_name != GSS_C_NO_NAME);
+        assert(out_accept_name != GSS_C_NO_NAME);
+    }
+
+    (void)gss_release_name(&minor, &out_accept_name);
+    (void)gss_release_name(&minor, &out_init_name);
+}
+
+/* Call gss_init_sec_context() once to create an initiator context (which will
+ * be partial if flags includes GSS_C_MUTUAL_FLAG and the mech is krb5). */
+static void
+start_init_context(gss_OID mech, gss_cred_id_t cred, gss_name_t tname,
+                   OM_uint32 flags, gss_ctx_id_t *ctx)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc itok = GSS_C_EMPTY_BUFFER;
+
+    *ctx = GSS_C_NO_CONTEXT;
+    major = gss_init_sec_context(&minor, cred, ctx, tname, mech, flags,
+                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+                                 NULL, NULL, &itok, NULL, NULL);
+    check_gsserr("gss_init_sec_context", major, minor);
+    (void)gss_release_buffer(&minor, &itok);
+}
+
+/* Call gss_init_sec_context() and gss_accept_sec_context() once to create an
+ * acceptor context. */
+static void
+start_accept_context(gss_OID mech, gss_cred_id_t icred, gss_cred_id_t acred,
+                     gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ctx)
+{
+    OM_uint32 major, minor;
+    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc itok = GSS_C_EMPTY_BUFFER, atok = GSS_C_EMPTY_BUFFER;
+
+    major = gss_init_sec_context(&minor, icred, &ictx, tname, mech, flags,
+                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+                                 NULL, NULL, &itok, NULL, NULL);
+    check_gsserr("gss_init_sec_context", major, minor);
+
+    *ctx = GSS_C_NO_CONTEXT;
+    major = gss_accept_sec_context(&minor, ctx, acred, &itok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                   &atok, NULL, NULL, NULL);
+    check_gsserr("gss_accept_sec_context", major, minor);
+
+    (void)gss_release_buffer(&minor, &itok);
+    (void)gss_release_buffer(&minor, &atok);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+}
+
+static void
+partial_iakerb_acceptor(const char *username, const char *password,
+                        gss_name_t tname, OM_uint32 flags, gss_ctx_id_t *ctx)
+{
+    OM_uint32 major, minor;
+    gss_name_t name;
+    gss_buffer_desc ubuf, pwbuf;
+    gss_OID_set_desc mechlist;
+    gss_cred_id_t icred, acred;
+
+    mechlist.count = 1;
+    mechlist.elements = &mech_iakerb;
+
+    /* Import the username. */
+    ubuf.value = (void *)username;
+    ubuf.length = strlen(username);
+    major = gss_import_name(&minor, &ubuf, GSS_C_NT_USER_NAME, &name);
+    check_gsserr("gss_import_name", major, minor);
+
+    /* Create an IAKERB initiator cred with the username and password. */
+    pwbuf.value = (void *)password;
+    pwbuf.length = strlen(password);
+    major = gss_acquire_cred_with_password(&minor, name, &pwbuf, 0,
+                                           &mechlist, GSS_C_INITIATE, &icred,
+                                           NULL, NULL);
+    check_gsserr("gss_acquire_cred_with_password", major, minor);
+
+    /* Create an acceptor cred with support for IAKERB. */
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                             &mechlist, GSS_C_ACCEPT, &acred, NULL, NULL);
+    check_gsserr("gss_acquire_cred", major, minor);
+
+    /* Begin context establishment to get a partial acceptor context. */
+    start_accept_context(&mech_iakerb, icred, acred, tname, flags, ctx);
+
+    (void)gss_release_name(&minor, &name);
+    (void)gss_release_cred(&minor, &icred);
+    (void)gss_release_cred(&minor, &acred);
+}
+
+/* Create a partially established SPNEGO acceptor. */
+static void
+partial_spnego_acceptor(gss_name_t tname, gss_ctx_id_t *ctx)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc itok = GSS_C_EMPTY_BUFFER, atok;
+
+    /*
+     * We could construct a fixed SPNEGO initiator token which forces a
+     * renegotiation, but a simpler approach is to pass an empty token to
+     * gss_accept_sec_context(), taking advantage of our compatibility support
+     * for SPNEGO NegHints.
+     */
+    *ctx = GSS_C_NO_CONTEXT;
+    major = gss_accept_sec_context(&minor, ctx, GSS_C_NO_CREDENTIAL, &itok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                   &atok, NULL, NULL, NULL);
+    check_gsserr("gss_accept_sec_context(neghints)", major, minor);
+
+    (void)gss_release_buffer(&minor, &atok);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, flags, dce_flags;
+    gss_name_t tname;
+    gss_ctx_id_t ictx, actx;
+    const char *username, *password;
+
+    if (argc != 4) {
+        fprintf(stderr, "Usage: %s username password targetname\n", argv[0]);
+        return 1;
+    }
+    username = argv[1];
+    password = argv[2];
+    tname = import_name(argv[3]);
+
+    flags = GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_CONF_FLAG |
+        GSS_C_INTEG_FLAG;
+    start_init_context(&mech_krb5, GSS_C_NO_CREDENTIAL, tname, flags, &ictx);
+    check_inq_context(ictx, 1, &mech_krb5, flags | GSS_C_TRANS_FLAG, 1);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+
+    start_init_context(&mech_iakerb, GSS_C_NO_CREDENTIAL, tname, flags, &ictx);
+    check_inq_context(ictx, 1, &mech_iakerb, flags, 1);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+
+    start_init_context(&mech_spnego, GSS_C_NO_CREDENTIAL, tname, flags, &ictx);
+    check_inq_context(ictx, 1, &mech_spnego, flags, 1);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+
+    dce_flags = flags | GSS_C_DCE_STYLE;
+    start_accept_context(&mech_krb5, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                         tname, dce_flags, &actx);
+    check_inq_context(actx, 1, &mech_krb5, dce_flags | GSS_C_TRANS_FLAG, 0);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+    partial_iakerb_acceptor(username, password, tname, flags, &actx);
+    check_inq_context(actx, 1, &mech_iakerb, 0, 0);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+    partial_spnego_acceptor(tname, &actx);
+    check_inq_context(actx, 1, &mech_spnego, 0, 0);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+    establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                       tname, flags, &ictx, &actx, NULL, NULL, NULL);
+
+    check_inq_context(ictx, 0, &mech_krb5, flags | GSS_C_TRANS_FLAG, 1);
+    check_inq_context(actx, 0, &mech_krb5,
+                      flags | GSS_C_TRANS_FLAG | GSS_C_PROT_READY_FLAG, 0);
+
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+
+    (void)gss_release_name(&minor, &tname);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_inq_mechs_name.c b/krb5-1.21.3/src/tests/gssapi/t_inq_mechs_name.c
new file mode 100644
index 00000000..9f4ae4e1
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_inq_mechs_name.c
@@ -0,0 +1,64 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_inq_mechs_name.c - Exercise gss_inquire_mechs_for_name */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Test program to exercise gss_inquire_mechs_for_name by importing a name and
+ * reporting the mech OIDs which are reported as being able to process it.
+ *
+ * Usage: ./t_inq_mechs_name name
+ */
+
+#include <stdio.h>
+
+#include "common.h"
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_name_t name;
+    gss_OID_set mechs;
+    size_t i;
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: t_inq_mechs_for_name name\n");
+        return 1;
+    }
+    name = import_name(argv[1]);
+    major = gss_inquire_mechs_for_name(&minor, name, &mechs);
+    check_gsserr("gss_inquire_mechs_for_name", major, minor);
+    for (i = 0; i < mechs->count; i++)
+        display_oid(NULL, &mechs->elements[i]);
+    (void)gss_release_oid_set(&minor, &mechs);
+    (void)gss_release_name(&minor, &name);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_invalid.c b/krb5-1.21.3/src/tests/gssapi/t_invalid.c
new file mode 100644
index 00000000..882e1636
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_invalid.c
@@ -0,0 +1,615 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_invalid.c - Invalid message token regression tests */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file contains regression tests for some GSSAPI invalid token
+ * vulnerabilities.
+ *
+ * 1. A pre-CFX wrap or MIC token processed with a CFX-only context causes a
+ *    null pointer dereference.  (The token must use SEAL_ALG_NONE or it will
+ *    be rejected.)  This vulnerability also applies to IOV unwrap.
+ *
+ * 2. A CFX wrap token with a different value of EC between the plaintext and
+ *    encrypted copies will be erroneously accepted, which allows a message
+ *    truncation attack.  This vulnerability also applies to IOV unwrap.
+ *
+ * 3. A CFX wrap token with a plaintext length fewer than 16 bytes causes an
+ *    access before the beginning of the input buffer, possibly leading to a
+ *    crash.
+ *
+ * 4. A CFX wrap token with a plaintext EC value greater than the plaintext
+ *    length - 16 causes an integer underflow when computing the result length,
+ *    likely causing a crash.
+ *
+ * 5. An IOV unwrap operation will overrun the header buffer if an ASN.1
+ *    wrapper longer than the header buffer is present.
+ *
+ * 6. A pre-CFX wrap or MIC token with fewer than 24 bytes after the ASN.1
+ *    header causes an input buffer overrun, usually leading to either a segv
+ *    or a GSS_S_DEFECTIVE_TOKEN error due to garbage algorithm, filler, or
+ *    sequence number values.  This vulnerability also applies to IOV unwrap.
+ *
+ * 7. A pre-CFX wrap token with fewer than 16 + cksumlen bytes after the ASN.1
+ *    header causes an integer underflow when computing the ciphertext length,
+ *    leading to an allocation error on 32-bit platforms or a segv on 64-bit
+ *    platforms.  A pre-CFX MIC token of this size causes an input buffer
+ *    overrun when comparing the checksum, perhaps leading to a segv.
+ *
+ * 8. A pre-CFX wrap token with fewer than conflen + padlen bytes in the
+ *    ciphertext (where padlen is the last byte of the decrypted ciphertext)
+ *    causes an integer underflow when computing the original message length,
+ *    leading to an allocation error.
+ *
+ * 9. In the mechglue, truncated encapsulation in the initial context token can
+ *    cause input buffer overruns in gss_accept_sec_context().
+ */
+
+#include "k5-int.h"
+#include "common.h"
+#include "mglueP.h"
+#include "gssapiP_krb5.h"
+
+/*
+ * The following samples contain context parameters and otherwise valid seal
+ * tokens where the plain text is padded with byte value 100 instead of the
+ * proper value 1.
+ */
+struct test {
+    krb5_enctype enctype;
+    krb5_enctype encseq_enctype;
+    int sealalg;
+    int signalg;
+    size_t cksum_size;
+    size_t keylen;
+    const char *keydata;
+    size_t toklen;
+    const char *token;
+} tests[] = {
+    {
+        ENCTYPE_DES3_CBC_SHA1, ENCTYPE_DES3_CBC_RAW,
+        SEAL_ALG_DES3KD, SGN_ALG_HMAC_SHA1_DES3_KD, 20,
+        24,
+        "\x4F\xEA\x19\x19\x5E\x0E\x10\xDF\x3D\x29\xB5\x13\x8F\x01\xC7\xA7"
+        "\x92\x3D\x38\xF7\x26\x73\x0D\x6D",
+        65,
+        "\x60\x3F\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x04"
+        "\x00\x02\x00\xFF\xFF\xEB\xF3\x9A\x89\x24\x57\xB8\x63\x95\x25\xE8"
+        "\x6E\x8E\x79\xE6\x2E\xCA\xD3\xFF\x57\x9F\x8C\xAB\xEF\xDD\x28\x10"
+        "\x2F\x93\x21\x2E\xF2\x52\xB6\x6F\xA8\xBB\x8A\x6D\xAA\x6F\xB7\xF4\xD4"
+    },
+    {
+        ENCTYPE_ARCFOUR_HMAC, ENCTYPE_ARCFOUR_HMAC,
+        SEAL_ALG_MICROSOFT_RC4, SGN_ALG_HMAC_MD5, 8,
+        16,
+        "\x66\x64\x41\x64\x55\x78\x21\xD0\xD0\xFD\x05\x6A\xFF\x6F\xE8\x09",
+        53,
+        "\x60\x33\x06\x09\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02\x01\x11"
+        "\x00\x10\x00\xFF\xFF\x35\xD4\x79\xF3\x8C\x47\x8F\x6E\x23\x6F\x3E"
+        "\xCC\x5E\x57\x5C\x6A\x89\xF0\xA2\x03\x4F\x0B\x51\x11\xEE\x89\x7E"
+        "\xD6\xF6\xB5\xD6\x51"
+    }
+};
+
+static void *
+ealloc(size_t len)
+{
+    void *ptr = calloc(len, 1);
+
+    if (ptr == NULL)
+        abort();
+    return ptr;
+}
+
+/* Fake up enough of a CFX GSS context for gss_unwrap, using an AES key.
+ * The context takes ownership of subkey. */
+static gss_ctx_id_t
+make_fake_cfx_context(krb5_key subkey)
+{
+    gss_union_ctx_id_t uctx;
+    krb5_gss_ctx_id_t kgctx;
+
+    kgctx = ealloc(sizeof(*kgctx));
+    kgctx->established = 1;
+    kgctx->proto = 1;
+    if (g_seqstate_init(&kgctx->seqstate, 0, 0, 0, 0) != 0)
+        abort();
+    kgctx->mech_used = &mech_krb5;
+    kgctx->sealalg = -1;
+    kgctx->signalg = -1;
+
+    kgctx->subkey = subkey;
+    kgctx->cksumtype = CKSUMTYPE_HMAC_SHA1_96_AES128;
+
+    uctx = ealloc(sizeof(*uctx));
+    uctx->mech_type = &mech_krb5;
+    uctx->internal_ctx_id = (gss_ctx_id_t)kgctx;
+    return (gss_ctx_id_t)uctx;
+}
+
+/* Fake up enough of a GSS context for gss_unwrap, using keys from test. */
+static gss_ctx_id_t
+make_fake_context(const struct test *test)
+{
+    gss_union_ctx_id_t uctx;
+    krb5_gss_ctx_id_t kgctx;
+    krb5_keyblock kb;
+
+    kgctx = ealloc(sizeof(*kgctx));
+    kgctx->established = 1;
+    if (g_seqstate_init(&kgctx->seqstate, 0, 0, 0, 0) != 0)
+        abort();
+    kgctx->mech_used = &mech_krb5;
+    kgctx->sealalg = test->sealalg;
+    kgctx->signalg = test->signalg;
+    kgctx->cksum_size = test->cksum_size;
+
+    kb.enctype = test->enctype;
+    kb.length = test->keylen;
+    kb.contents = (unsigned char *)test->keydata;
+    if (krb5_k_create_key(NULL, &kb, &kgctx->subkey) != 0)
+        abort();
+
+    kb.enctype = test->encseq_enctype;
+    if (krb5_k_create_key(NULL, &kb, &kgctx->seq) != 0)
+        abort();
+
+    if (krb5_k_create_key(NULL, &kb, &kgctx->enc) != 0)
+        abort();
+
+    uctx = ealloc(sizeof(*uctx));
+    uctx->mech_type = &mech_krb5;
+    uctx->internal_ctx_id = (gss_ctx_id_t)kgctx;
+    return (gss_ctx_id_t)uctx;
+}
+
+/* Free a context created by make_fake_context. */
+static void
+free_fake_context(gss_ctx_id_t ctx)
+{
+    gss_union_ctx_id_t uctx = (gss_union_ctx_id_t)ctx;
+    krb5_gss_ctx_id_t kgctx = (krb5_gss_ctx_id_t)uctx->internal_ctx_id;
+
+    free(kgctx->seqstate);
+    krb5_k_free_key(NULL, kgctx->subkey);
+    krb5_k_free_key(NULL, kgctx->seq);
+    krb5_k_free_key(NULL, kgctx->enc);
+    free(kgctx);
+    free(uctx);
+}
+
+/* Prefix a token (starting at the two-byte ID) with an ASN.1 header and return
+ * it in an allocated block to facilitate checking by valgrind or similar. */
+static void
+make_token(unsigned char *token, size_t len, gss_buffer_t out)
+{
+    char *wrapped;
+
+    assert(mech_krb5.length == 9);
+    assert(len + 11 < 128);
+    wrapped = ealloc(len + 13);
+    wrapped[0] = 0x60;
+    wrapped[1] = len + 11;
+    wrapped[2] = 0x06;
+    wrapped[3] = 9;
+    memcpy(wrapped + 4, mech_krb5.elements, 9);
+    memcpy(wrapped + 13, token, len);
+    out->length = len + 13;
+    out->value = wrapped;
+}
+
+/* Create a 16-byte header for a CFX confidential wrap token to be processed by
+ * the fake CFX context. */
+static void
+write_cfx_header(uint16_t ec, uint8_t *out)
+{
+    memset(out, 0, 16);
+    store_16_be(KG2_TOK_WRAP_MSG, out);
+    out[2] = FLAG_WRAP_CONFIDENTIAL;
+    out[3] = 0xFF;
+    store_16_be(ec, out + 4);
+}
+
+/* Unwrap a superficially valid RFC 1964 token with a CFX-only context, with
+ * regular and IOV unwrap. */
+static void
+test_bogus_1964_token(gss_ctx_id_t ctx)
+{
+    OM_uint32 minor, major;
+    unsigned char tokbuf[128];
+    gss_buffer_desc in, out;
+    gss_iov_buffer_desc iov;
+
+    store_16_be(KG_TOK_SIGN_MSG, tokbuf);
+    store_16_le(SGN_ALG_HMAC_MD5, tokbuf + 2);
+    store_16_le(SEAL_ALG_NONE, tokbuf + 4);
+    store_16_le(0xFFFF, tokbuf + 6);
+    memset(tokbuf + 8, 0, 16);
+    make_token(tokbuf, 24, &in);
+
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    (void)gss_release_buffer(&minor, &out);
+
+    iov.type = GSS_IOV_BUFFER_TYPE_HEADER;
+    iov.buffer = in;
+    major = gss_unwrap_iov(&minor, ctx, NULL, NULL, &iov, 1);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+
+    free(in.value);
+}
+
+static void
+test_cfx_altered_ec(gss_ctx_id_t ctx, krb5_key subkey)
+{
+    OM_uint32 major, minor;
+    uint8_t tokbuf[128], plainbuf[24];
+    krb5_data plain;
+    krb5_enc_data cipher;
+    gss_buffer_desc in, out;
+    gss_iov_buffer_desc iov[2];
+
+    /* Construct a header with a plaintext EC value of 3. */
+    write_cfx_header(3, tokbuf);
+
+    /* Encrypt a plaintext and a copy of the header with the EC value 0. */
+    memcpy(plainbuf, "truncate", 8);
+    memcpy(plainbuf + 8, tokbuf, 16);
+    store_16_be(0, plainbuf + 12);
+    plain = make_data(plainbuf, 24);
+    cipher.ciphertext.data = (char *)tokbuf + 16;
+    cipher.ciphertext.length = sizeof(tokbuf) - 16;
+    cipher.enctype = subkey->keyblock.enctype;
+    if (krb5_k_encrypt(NULL, subkey, KG_USAGE_INITIATOR_SEAL, NULL,
+                       &plain, &cipher) != 0)
+        abort();
+
+    /* Verify that the token is rejected by gss_unwrap(). */
+    in.value = tokbuf;
+    in.length = 16 + cipher.ciphertext.length;
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    (void)gss_release_buffer(&minor, &out);
+
+    /* Verify that the token is rejected by gss_unwrap_iov(). */
+    iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+    iov[0].buffer = in;
+    iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+    major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+}
+
+static void
+test_cfx_short_plaintext(gss_ctx_id_t ctx, krb5_key subkey)
+{
+    OM_uint32 major, minor;
+    uint8_t tokbuf[128], zerobyte = 0;
+    krb5_data plain;
+    krb5_enc_data cipher;
+    gss_buffer_desc in, out;
+
+    write_cfx_header(0, tokbuf);
+
+    /* Encrypt a single byte, with no copy of the header. */
+    plain = make_data(&zerobyte, 1);
+    cipher.ciphertext.data = (char *)tokbuf + 16;
+    cipher.ciphertext.length = sizeof(tokbuf) - 16;
+    cipher.enctype = subkey->keyblock.enctype;
+    if (krb5_k_encrypt(NULL, subkey, KG_USAGE_INITIATOR_SEAL, NULL,
+                       &plain, &cipher) != 0)
+        abort();
+
+    /* Verify that the token is rejected by gss_unwrap(). */
+    in.value = tokbuf;
+    in.length = 16 + cipher.ciphertext.length;
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    (void)gss_release_buffer(&minor, &out);
+}
+
+static void
+test_cfx_large_ec(gss_ctx_id_t ctx, krb5_key subkey)
+{
+    OM_uint32 major, minor;
+    uint8_t tokbuf[128] = { 0 }, plainbuf[20];
+    krb5_data plain;
+    krb5_enc_data cipher;
+    gss_buffer_desc in, out;
+
+    /* Construct a header with an EC value of 5. */
+    write_cfx_header(5, tokbuf);
+
+    /* Encrypt a 4-byte plaintext plus the header. */
+    memcpy(plainbuf, "abcd", 4);
+    memcpy(plainbuf + 4, tokbuf, 16);
+    plain = make_data(plainbuf, 20);
+    cipher.ciphertext.data = (char *)tokbuf + 16;
+    cipher.ciphertext.length = sizeof(tokbuf) - 16;
+    cipher.enctype = subkey->keyblock.enctype;
+    if (krb5_k_encrypt(NULL, subkey, KG_USAGE_INITIATOR_SEAL, NULL,
+                       &plain, &cipher) != 0)
+        abort();
+
+    /* Verify that the token is rejected by gss_unwrap(). */
+    in.value = tokbuf;
+    in.length = 16 + cipher.ciphertext.length;
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    (void)gss_release_buffer(&minor, &out);
+}
+
+static void
+test_iov_large_asn1_wrapper(gss_ctx_id_t ctx)
+{
+    OM_uint32 minor, major;
+    uint8_t databuf[10] = { 0 };
+    gss_iov_buffer_desc iov[2];
+
+    /*
+     * In this IOV array, the header contains a DER tag with a dangling eight
+     * bytes of length field.  The data IOV indicates a total token length
+     * sufficient to contain the length bytes.
+     */
+    iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
+    iov[0].buffer.value = ealloc(2);
+    iov[0].buffer.length = 2;
+    memcpy(iov[0].buffer.value, "\x60\x88", 2);
+    iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[1].buffer.value = databuf;
+    iov[1].buffer.length = 10;
+    major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(iov[0].buffer.value);
+}
+
+/* Process wrap and MIC tokens with incomplete headers. */
+static void
+test_short_header(gss_ctx_id_t ctx)
+{
+    OM_uint32 minor, major;
+    unsigned char tokbuf[128];
+    gss_buffer_desc in, out, empty = GSS_C_EMPTY_BUFFER;
+
+    /* Seal token, 2-24 bytes */
+    store_16_be(KG_TOK_SEAL_MSG, tokbuf);
+    make_token(tokbuf, 2, &in);
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(in.value);
+    (void)gss_release_buffer(&minor, &out);
+
+    /* Sign token, 2-24 bytes */
+    store_16_be(KG_TOK_SIGN_MSG, tokbuf);
+    make_token(tokbuf, 2, &in);
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(in.value);
+    (void)gss_release_buffer(&minor, &out);
+
+    /* MIC token, 2-24 bytes */
+    store_16_be(KG_TOK_MIC_MSG, tokbuf);
+    make_token(tokbuf, 2, &in);
+    major = gss_verify_mic(&minor, ctx, &empty, &in, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(in.value);
+}
+
+/* Process wrap and MIC tokens with incomplete headers. */
+static void
+test_short_header_iov(gss_ctx_id_t ctx, const struct test *test)
+{
+    OM_uint32 minor, major;
+    unsigned char tokbuf[128];
+    gss_iov_buffer_desc iov;
+
+    /* IOV seal token, 16-23 bytes */
+    store_16_be(KG_TOK_SEAL_MSG, tokbuf);
+    store_16_le(test->signalg, tokbuf + 2);
+    store_16_le(test->sealalg, tokbuf + 4);
+    store_16_be(0xFFFF, tokbuf + 6);
+    memset(tokbuf + 8, 0, 8);
+    iov.type = GSS_IOV_BUFFER_TYPE_HEADER;
+    make_token(tokbuf, 16, &iov.buffer);
+    major = gss_unwrap_iov(&minor, ctx, NULL, NULL, &iov, 1);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(iov.buffer.value);
+
+    /* IOV sign token, 16-23 bytes */
+    store_16_be(KG_TOK_SIGN_MSG, tokbuf);
+    store_16_le(test->signalg, tokbuf + 2);
+    store_16_le(SEAL_ALG_NONE, tokbuf + 4);
+    store_16_le(0xFFFF, tokbuf + 6);
+    memset(tokbuf + 8, 0, 8);
+    iov.type = GSS_IOV_BUFFER_TYPE_HEADER;
+    make_token(tokbuf, 16, &iov.buffer);
+    major = gss_unwrap_iov(&minor, ctx, NULL, NULL, &iov, 1);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(iov.buffer.value);
+
+    /* IOV MIC token, 16-23 bytes */
+    store_16_be(KG_TOK_MIC_MSG, tokbuf);
+    store_16_be(test->signalg, tokbuf + 2);
+    store_16_le(SEAL_ALG_NONE, tokbuf + 4);
+    store_16_le(0xFFFF, tokbuf + 6);
+    memset(tokbuf + 8, 0, 8);
+    iov.type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN;
+    make_token(tokbuf, 16, &iov.buffer);
+    major = gss_verify_mic_iov(&minor, ctx, NULL, &iov, 1);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(iov.buffer.value);
+}
+
+/* Process wrap and MIC tokens with incomplete checksums. */
+static void
+test_short_checksum(gss_ctx_id_t ctx, const struct test *test)
+{
+    OM_uint32 minor, major;
+    unsigned char tokbuf[128];
+    gss_buffer_desc in, out, empty = GSS_C_EMPTY_BUFFER;
+
+    /* Can only do this with the DES3 checksum, as we can't easily get past
+     * retrieving the sequence number when the checksum is only eight bytes. */
+    if (test->cksum_size <= 8)
+        return;
+    /* Seal token, fewer than 16 + cksum_size bytes.  Use the token from the
+     * test data to get a valid sequence number. */
+    make_token((unsigned char *)test->token + 13, 24, &in);
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(in.value);
+    (void)gss_release_buffer(&minor, &out);
+
+    /* Sign token, fewer than 16 + cksum_size bytes. */
+    memcpy(tokbuf, test->token + 13, 24);
+    store_16_be(KG_TOK_SIGN_MSG, tokbuf);
+    store_16_le(SEAL_ALG_NONE, tokbuf + 4);
+    make_token(tokbuf, 24, &in);
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(in.value);
+    (void)gss_release_buffer(&minor, &out);
+
+    /* MIC token, fewer than 16 + cksum_size bytes. */
+    memcpy(tokbuf, test->token + 13, 24);
+    store_16_be(KG_TOK_MIC_MSG, tokbuf);
+    store_16_le(SEAL_ALG_NONE, tokbuf + 4);
+    make_token(tokbuf, 24, &in);
+    major = gss_verify_mic(&minor, ctx, &empty, &in, NULL);
+    if (major != GSS_S_DEFECTIVE_TOKEN)
+        abort();
+    free(in.value);
+}
+
+/* Unwrap a token with a bogus padding byte in the decrypted ciphertext. */
+static void
+test_bad_pad(gss_ctx_id_t ctx, const struct test *test)
+{
+    OM_uint32 minor, major;
+    gss_buffer_desc in, out;
+
+    in.length = test->toklen;
+    in.value = (char *)test->token;
+    major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+    if (major != GSS_S_BAD_SIG)
+        abort();
+    (void)gss_release_buffer(&minor, &out);
+}
+
+static void
+try_accept(void *value, size_t len)
+{
+    OM_uint32 minor;
+    gss_buffer_desc in, out;
+    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+
+    /* Copy the provided value to make input overruns more obvious. */
+    in.value = ealloc(len);
+    memcpy(in.value, value, len);
+    in.length = len;
+    (void)gss_accept_sec_context(&minor, &ctx, GSS_C_NO_CREDENTIAL, &in,
+                                 GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                 &out, NULL, NULL, NULL);
+    gss_release_buffer(&minor, &out);
+    gss_delete_sec_context(&minor, &ctx, GSS_C_NO_BUFFER);
+    free(in.value);
+}
+
+/* Accept contexts using superficially valid but truncated encapsulations. */
+static void
+test_short_encapsulation()
+{
+    /* Include just the initial application tag, to see if we overrun reading
+     * the sequence length. */
+    try_accept("\x60", 1);
+
+    /* Indicate four additional sequence length bytes, to see if we overrun
+     * reading them (or skipping them and reading the next byte). */
+    try_accept("\x60\x84", 2);
+
+    /* Include an object identifier tag but no length, to see if we overrun
+     * reading the length. */
+    try_accept("\x60\x40\x06", 3);
+
+    /* Include an object identifier tag with a length matching the krb5 mech,
+     * but no OID bytes, to see if we overrun comparing against mechs. */
+    try_accept("\x60\x40\x06\x09", 4);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_keyblock kb;
+    krb5_key cfx_subkey;
+    gss_ctx_id_t ctx;
+    size_t i;
+
+    kb.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+    kb.length = 16;
+    kb.contents = (unsigned char *)"1234567887654321";
+    if (krb5_k_create_key(NULL, &kb, &cfx_subkey) != 0)
+        abort();
+
+    ctx = make_fake_cfx_context(cfx_subkey);
+    test_bogus_1964_token(ctx);
+    test_cfx_altered_ec(ctx, cfx_subkey);
+    test_cfx_short_plaintext(ctx, cfx_subkey);
+    test_cfx_large_ec(ctx, cfx_subkey);
+    test_iov_large_asn1_wrapper(ctx);
+    free_fake_context(ctx);
+
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        ctx = make_fake_context(&tests[i]);
+        test_short_header(ctx);
+        test_short_header_iov(ctx, &tests[i]);
+        test_short_checksum(ctx, &tests[i]);
+        test_bad_pad(ctx, &tests[i]);
+        free_fake_context(ctx);
+    }
+
+    test_short_encapsulation();
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_iov.c b/krb5-1.21.3/src/tests/gssapi/t_iov.c
new file mode 100644
index 00000000..f900b883
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_iov.c
@@ -0,0 +1,547 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_iov.c - Test program for IOV functions */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stddef.h>
+#include "common.h"
+
+/* Concatenate iov (except for sign-only buffers) into a contiguous token. */
+static void
+concat_iov(gss_iov_buffer_desc *iov, size_t iovlen, char **buf_out,
+           size_t *len_out)
+{
+    size_t len, i;
+    char *buf;
+
+    /* Concatenate the result into a contiguous buffer. */
+    len = 0;
+    for (i = 0; i < iovlen; i++) {
+        if (GSS_IOV_BUFFER_TYPE(iov[i].type) != GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            len += iov[i].buffer.length;
+    }
+    buf = malloc(len);
+    if (buf == NULL)
+        errout("malloc failed");
+    len = 0;
+    for (i = 0; i < iovlen; i++) {
+        if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
+            continue;
+        memcpy(buf + len, iov[i].buffer.value, iov[i].buffer.length);
+        len += iov[i].buffer.length;
+    }
+    *buf_out = buf;
+    *len_out = len;
+}
+
+static void
+check_encrypted(const char *msg, int conf, const char *buf, const char *plain)
+{
+    int same = memcmp(buf, plain, strlen(plain)) == 0;
+
+    if ((conf && same) || (!conf && !same))
+        errout(msg);
+}
+
+/*
+ * Wrap str in standard form (HEADER | DATA | PADDING | TRAILER) using the
+ * caller-provided array iov, which must have space for four elements.  Library
+ * allocation will be used for the header/padding/trailer buffers, so the
+ * caller must check and free them.
+ */
+static void
+wrap_std(gss_ctx_id_t ctx, char *str, gss_iov_buffer_desc *iov, int conf)
+{
+    OM_uint32 minor, major;
+    int oconf;
+
+    /* Lay out iov array. */
+    iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[1].buffer.value = str;
+    iov[1].buffer.length = strlen(str);
+    iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+
+    /* Wrap.  This will allocate header/padding/trailer buffers as necessary
+     * and encrypt str in place. */
+    major = gss_wrap_iov(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 4);
+    check_gsserr("gss_wrap_iov(std)", major, minor);
+    if (oconf != conf)
+        errout("gss_wrap_iov(std) conf");
+}
+
+/* Create standard tokens using gss_wrap_iov and ctx1, and make sure we can
+ * unwrap them using ctx2 in all of the supported ways. */
+static void
+test_standard_wrap(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf)
+{
+    OM_uint32 major, minor;
+    gss_iov_buffer_desc iov[4], stiov[2];
+    gss_qop_t qop;
+    gss_buffer_desc input, output;
+    const char *string1 = "The swift brown fox jumped over the lazy dog.";
+    const char *string2 = "Now is the time!";
+    const char *string3 = "x";
+    const char *string4 = "!@#";
+    char data[1024], *fulltoken;
+    size_t len;
+    int oconf;
+    ptrdiff_t offset;
+
+    /* Wrap a standard token and unwrap it using the iov array. */
+    memcpy(data, string1, strlen(string1) + 1);
+    wrap_std(ctx1, data, iov, conf);
+    check_encrypted("gss_wrap_iov(std1) encryption", conf, data, string1);
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 4);
+    check_gsserr("gss_unwrap_iov(std1)", major, minor);
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(std1) conf/qop");
+    if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(string1))
+        errout("gss_unwrap_iov(std1) data buffer");
+    if (memcmp(data, string1, iov[1].buffer.length) != 0)
+        errout("gss_unwrap_iov(std1) decryption");
+    (void)gss_release_iov_buffer(&minor, iov, 4);
+
+    /* Wrap a standard token and unwrap it using gss_unwrap(). */
+    memcpy(data, string2, strlen(string2) + 1);
+    wrap_std(ctx1, data, iov, conf);
+    concat_iov(iov, 4, &fulltoken, &len);
+    input.value = fulltoken;
+    input.length = len;
+    major = gss_unwrap(&minor, ctx2, &input, &output, &oconf, &qop);
+    check_gsserr("gss_unwrap(std2)", major, minor);
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap(std2) conf/qop");
+    if (output.length != strlen(string2) ||
+        memcmp(output.value, string2, output.length) != 0)
+        errout("gss_unwrap(std2) decryption");
+    (void)gss_release_buffer(&minor, &output);
+    (void)gss_release_iov_buffer(&minor, iov, 4);
+    free(fulltoken);
+
+    /* Wrap a standard token and unwrap it using a stream buffer. */
+    memcpy(data, string3, strlen(string3) + 1);
+    wrap_std(ctx1, data, iov, conf);
+    concat_iov(iov, 4, &fulltoken, &len);
+    stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+    stiov[0].buffer.value = fulltoken;
+    stiov[0].buffer.length = len;
+    stiov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 2);
+    check_gsserr("gss_unwrap_iov(std3)", major, minor);
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(std3) conf/qop");
+    if (stiov[1].buffer.length != strlen(string3) ||
+        memcmp(stiov[1].buffer.value, string3, strlen(string3)) != 0)
+        errout("gss_unwrap_iov(std3) decryption");
+    offset = (char *)stiov[1].buffer.value - fulltoken;
+    if (offset < 0 || (size_t)offset > len)
+        errout("gss_unwrap_iov(std3) offset");
+    (void)gss_release_iov_buffer(&minor, iov, 4);
+    free(fulltoken);
+
+    /* Wrap a token using gss_wrap and unwrap it using a stream buffer with
+     * allocation and copying. */
+    input.value = (char *)string4;
+    input.length = strlen(string4);
+    major = gss_wrap(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &input, &oconf,
+                     &output);
+    check_gsserr("gss_wrap(std4)", major, minor);
+    if (oconf != conf)
+        errout("gss_wrap(std4) conf");
+    stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+    stiov[0].buffer = output;
+    stiov[1].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 2);
+    check_gsserr("gss_unwrap_iov(std4)", major, minor);
+    if (!(GSS_IOV_BUFFER_FLAGS(stiov[1].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED))
+        errout("gss_unwrap_iov(std4) allocated");
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(std4) conf/qop");
+    if (stiov[1].buffer.length != strlen(string4) ||
+        memcmp(stiov[1].buffer.value, string4, strlen(string4)) != 0)
+        errout("gss_unwrap_iov(std4) decryption");
+    (void)gss_release_buffer(&minor, &output);
+    (void)gss_release_iov_buffer(&minor, stiov, 2);
+}
+
+/*
+ * Wrap an AEAD token (HEADER | SIGN_ONLY | DATA | PADDING | TRAILER) using the
+ * caller-provided array iov, which must have space for five elements, and the
+ * caller-provided buffer data, which must be big enough to handle the test
+ * inputs.  Library allocation will not be used.
+ */
+static void
+wrap_aead(gss_ctx_id_t ctx, const char *sign, const char *wrap,
+          gss_iov_buffer_desc *iov, char *data, int conf)
+{
+    OM_uint32 major, minor;
+    int oconf;
+    char *ptr;
+
+    /* Lay out iov array. */
+    iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
+    iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[1].buffer.value = (char *)sign;
+    iov[1].buffer.length = strlen(sign);
+    iov[2].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[2].buffer.value = (char *)wrap;
+    iov[2].buffer.length = strlen(wrap);
+    iov[3].type = GSS_IOV_BUFFER_TYPE_PADDING;
+    iov[4].type = GSS_IOV_BUFFER_TYPE_TRAILER;
+
+    /* Get header/padding/trailer lengths. */
+    major = gss_wrap_iov_length(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf,
+                                iov, 5);
+    check_gsserr("gss_wrap_iov_length(aead)", major, minor);
+    if (oconf != conf)
+        errout("gss_wrap_iov_length(aead) conf");
+    if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign))
+        errout("gss_wrap_iov_length(aead) sign-only buffer");
+    if (iov[2].buffer.value != wrap || iov[2].buffer.length != strlen(wrap))
+        errout("gss_wrap_iov_length(aead) data buffer");
+
+    /* Set iov buffer pointers using returned lengths. */
+    iov[0].buffer.value = data;
+    ptr = data + iov[0].buffer.length;
+    memcpy(ptr, wrap, strlen(wrap));
+    iov[2].buffer.value = ptr;
+    ptr += iov[2].buffer.length;
+    iov[3].buffer.value = ptr;
+    ptr += iov[3].buffer.length;
+    iov[4].buffer.value = ptr;
+
+    /* Wrap the AEAD token. */
+    major = gss_wrap_iov(&minor, ctx, conf, GSS_C_QOP_DEFAULT, &oconf, iov, 5);
+    check_gsserr("gss_wrap_iov(aead)", major, minor);
+    if (oconf != conf)
+        errout("gss_wrap_iov(aead) conf");
+    if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign))
+        errout("gss_wrap_iov(aead) sign-only buffer");
+    if (iov[2].buffer.length != strlen(wrap))
+        errout("gss_wrap_iov(aead) data buffer");
+    check_encrypted("gss_wrap_iov(aead) encryption", conf, iov[2].buffer.value,
+                    wrap);
+}
+
+/* Create AEAD tokens using gss_wrap_iov and ctx1, and make sure we can unwrap
+ * them using ctx2 in all of the supported ways. */
+static void
+test_aead(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf)
+{
+    OM_uint32 major, minor;
+    gss_iov_buffer_desc iov[5], stiov[3];
+    gss_qop_t qop;
+    gss_buffer_desc input, assoc, output;
+    const char *sign = "This data is only signed.";
+    const char *wrap = "This data is wrapped in-place.";
+    char data[1024], *fulltoken;
+    size_t len;
+    int oconf;
+    ptrdiff_t offset;
+
+    /* Wrap an AEAD token and unwrap it using the IOV array. */
+    wrap_aead(ctx1, sign, wrap, iov, data, conf);
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 5);
+    check_gsserr("gss_unwrap_iov(aead1)", major, minor);
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(aead1) conf/qop");
+    if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign))
+        errout("gss_unwrap_iov(aead1) sign-only buffer");
+    if (iov[2].buffer.length != strlen(wrap) ||
+        memcmp(iov[2].buffer.value, wrap, iov[2].buffer.length) != 0)
+        errout("gss_unwrap_iov(aead1) decryption");
+
+    /* Wrap an AEAD token and unwrap it using gss_unwrap_aead. */
+    wrap_aead(ctx1, sign, wrap, iov, data, conf);
+    concat_iov(iov, 5, &fulltoken, &len);
+    input.value = fulltoken;
+    input.length = len;
+    assoc.value = (char *)sign;
+    assoc.length = strlen(sign);
+    major = gss_unwrap_aead(&minor, ctx2, &input, &assoc, &output, &oconf,
+                            &qop);
+    check_gsserr("gss_unwrap_aead(aead2)", major, minor);
+    if (output.length != strlen(wrap) ||
+        memcmp(output.value, wrap, output.length) != 0)
+        errout("gss_unwrap_aead(aead2) decryption");
+    free(fulltoken);
+    (void)gss_release_buffer(&minor, &output);
+
+    /* Wrap an AEAD token and unwrap it using a stream buffer. */
+    wrap_aead(ctx1, sign, wrap, iov, data, conf);
+    concat_iov(iov, 5, &fulltoken, &len);
+    stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+    stiov[0].buffer.value = fulltoken;
+    stiov[0].buffer.length = len;
+    stiov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    stiov[1].buffer.value = (char *)sign;
+    stiov[1].buffer.length = strlen(sign);
+    stiov[2].type = GSS_IOV_BUFFER_TYPE_DATA;
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 3);
+    check_gsserr("gss_unwrap_iov(aead3)", major, minor);
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(aead3) conf/qop");
+    if (stiov[2].buffer.length != strlen(wrap) ||
+        memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0)
+        errout("gss_unwrap_iov(aead3) decryption");
+    offset = (char *)stiov[2].buffer.value - fulltoken;
+    if (offset < 0 || (size_t)offset > len)
+        errout("gss_unwrap_iov(aead3) offset");
+    free(fulltoken);
+    (void)gss_release_iov_buffer(&minor, iov, 4);
+
+    /* Wrap a token using gss_wrap_aead and unwrap it using a stream buffer
+     * with allocation and copying. */
+    input.value = (char *)wrap;
+    input.length = strlen(wrap);
+    assoc.value = (char *)sign;
+    assoc.length = strlen(sign);
+    major = gss_wrap_aead(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &assoc,
+                          &input, &oconf, &output);
+    check_gsserr("gss_wrap_aead(aead4)", major, minor);
+    if (oconf != conf)
+        errout("gss_wrap(aead4) conf");
+    stiov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+    stiov[0].buffer = output;
+    stiov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    stiov[1].buffer = assoc;
+    stiov[2].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, stiov, 3);
+    check_gsserr("gss_unwrap_iov(aead4)", major, minor);
+    if (!(GSS_IOV_BUFFER_FLAGS(stiov[2].type) & GSS_IOV_BUFFER_FLAG_ALLOCATED))
+        errout("gss_unwrap_iov(aead4) allocated");
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(aead4) conf/qop");
+    if (stiov[2].buffer.length != strlen(wrap) ||
+        memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0)
+        errout("gss_unwrap_iov(aead4) decryption");
+    (void)gss_release_buffer(&minor, &output);
+    (void)gss_release_iov_buffer(&minor, stiov, 3);
+}
+
+/*
+ * Get a MIC for sign1, sign2, and sign3 using the caller-provided array iov,
+ * which must have space for four elements, and the caller-provided buffer
+ * data, which must be big enough for the MIC.  If data is NULL, the library
+ * will be asked to allocate the MIC buffer.  The MIC will be located in
+ * iov[3].buffer.
+ */
+static void
+mic(gss_ctx_id_t ctx, const char *sign1, const char *sign2, const char *sign3,
+    gss_iov_buffer_desc *iov, char *data)
+{
+    OM_uint32 minor, major;
+    krb5_boolean allocated;
+
+    /* Lay out iov array. */
+    iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[0].buffer.value = (char *)sign1;
+    iov[0].buffer.length = strlen(sign1);
+    iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[1].buffer.value = (char *)sign2;
+    iov[1].buffer.length = strlen(sign2);
+    iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[2].buffer.value = (char *)sign3;
+    iov[2].buffer.length = strlen(sign3);
+    iov[3].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN;
+    if (data == NULL) {
+        /* Ask the library to allocate the MIC buffer. */
+        iov[3].type |= GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    } else {
+        /* Get the MIC length and use the caller-provided buffer. */
+        major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 4);
+        check_gsserr("gss_get_mic_iov_length", major, minor);
+        iov[3].buffer.value = data;
+    }
+    major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 4);
+    check_gsserr("gss_get_mic_iov", major, minor);
+    allocated = (GSS_IOV_BUFFER_FLAGS(iov[3].type) &
+                 GSS_IOV_BUFFER_FLAG_ALLOCATED) != 0;
+    if (allocated != (data == NULL))
+        errout("gss_get_mic_iov allocated");
+}
+
+static void
+test_mic(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2)
+{
+    OM_uint32 major, minor;
+    gss_iov_buffer_desc iov[4];
+    gss_qop_t qop;
+    gss_buffer_desc concatbuf, micbuf;
+    const char *sign1 = "Data and sign-only ";
+    const char *sign2 = "buffers are treated ";
+    const char *sign3 = "equally by gss_get_mic_iov";
+    char concat[1024], data[1024];
+
+    (void)snprintf(concat, sizeof(concat), "%s%s%s", sign1, sign2, sign3);
+    concatbuf.value = concat;
+    concatbuf.length = strlen(concat);
+
+    /* MIC with a caller-provided buffer and verify with the IOV array. */
+    mic(ctx1, sign1, sign2, sign3, iov, data);
+    major = gss_verify_mic_iov(&minor, ctx2, &qop, iov, 4);
+    check_gsserr("gss_verify_mic_iov(mic1)", major, minor);
+    if (qop != GSS_C_QOP_DEFAULT)
+        errout("gss_verify_mic_iov(mic1) qop");
+
+    /* MIC with an allocated buffer and verify with gss_verify_mic. */
+    mic(ctx1, sign1, sign2, sign3, iov, NULL);
+    major = gss_verify_mic(&minor, ctx2, &concatbuf, &iov[3].buffer, &qop);
+    check_gsserr("gss_verify_mic(mic2)", major, minor);
+    if (qop != GSS_C_QOP_DEFAULT)
+        errout("gss_verify_mic(mic2) qop");
+    (void)gss_release_iov_buffer(&minor, iov, 4);
+
+    /* MIC with gss_c_get_mic and verify using the IOV array (which is still
+     * mostly set up from the last call to mic(). */
+    major = gss_get_mic(&minor, ctx1, GSS_C_QOP_DEFAULT, &concatbuf, &micbuf);
+    check_gsserr("gss_get_mic(mic3)", major, minor);
+    iov[3].buffer = micbuf;
+    major = gss_verify_mic_iov(&minor, ctx2, &qop, iov, 4);
+    check_gsserr("gss_verify_mic_iov(mic3)", major, minor);
+    if (qop != GSS_C_QOP_DEFAULT)
+        errout("gss_verify_mic_iov(mic3) qop");
+    (void)gss_release_buffer(&minor, &micbuf);
+}
+
+/* Create a DCE-style token and make sure we can unwrap it. */
+static void
+test_dce(gss_ctx_id_t ctx1, gss_ctx_id_t ctx2, int conf)
+{
+    OM_uint32 major, minor;
+    gss_iov_buffer_desc iov[4];
+    gss_qop_t qop;
+    const char *sign1 = "First data to be signed";
+    const char *sign2 = "Second data to be signed";
+    const char *wrap = "This data must align to 16 bytes";
+    int oconf;
+    char data[1024];
+
+    /* Wrap a SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER token. */
+    memcpy(data, wrap, strlen(wrap) + 1);
+    iov[0].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[0].buffer.value = (char *)sign1;
+    iov[0].buffer.length = strlen(sign1);
+    iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[1].buffer.value = data;
+    iov[1].buffer.length = strlen(wrap);
+    iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[2].buffer.value = (char *)sign2;
+    iov[2].buffer.length = strlen(sign2);
+    iov[3].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+    major = gss_wrap_iov(&minor, ctx1, conf, GSS_C_QOP_DEFAULT, &oconf, iov,
+                         4);
+    check_gsserr("gss_wrap_iov(dce)", major, minor);
+    if (oconf != conf)
+        errout("gss_wrap_iov(dce) conf");
+    if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1))
+        errout("gss_wrap_iov(dce) sign1 buffer");
+    if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap))
+        errout("gss_wrap_iov(dce) data buffer");
+    if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2))
+        errout("gss_wrap_iov(dce) sign2 buffer");
+    check_encrypted("gss_wrap_iov(dce) encryption", conf, data, wrap);
+
+    /* Make sure we can unwrap it. */
+    major = gss_unwrap_iov(&minor, ctx2, &oconf, &qop, iov, 4);
+    check_gsserr("gss_unwrap_iov(std1)", major, minor);
+    if (oconf != conf || qop != GSS_C_QOP_DEFAULT)
+        errout("gss_unwrap_iov(std1) conf/qop");
+    if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1))
+        errout("gss_unwrap_iov(dce) sign1 buffer");
+    if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap))
+        errout("gss_unwrap_iov(dce) data buffer");
+    if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2))
+        errout("gss_unwrap_iov(dce) sign2 buffer");
+    if (memcmp(data, wrap, iov[1].buffer.length) != 0)
+        errout("gss_unwrap_iov(dce) decryption");
+    (void)gss_release_iov_buffer(&minor, iov, 4);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, flags;
+    gss_OID mech = &mech_krb5;
+    gss_name_t tname;
+    gss_ctx_id_t ictx, actx;
+
+    /* Parse arguments. */
+    argv++;
+    if (*argv != NULL && strcmp(*argv, "-s") == 0) {
+        mech = &mech_spnego;
+        argv++;
+    }
+    if (*argv == NULL || *(argv + 1) != NULL)
+        errout("Usage: t_iov [-s] targetname");
+    tname = import_name(*argv);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_MUTUAL_FLAG;
+    establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, tname,
+                       flags, &ictx, &actx, NULL, NULL, NULL);
+
+    /* Test standard token wrapping and unwrapping in both directions, with and
+     * without confidentiality. */
+    test_standard_wrap(ictx, actx, 0);
+    test_standard_wrap(ictx, actx, 1);
+    test_standard_wrap(actx, ictx, 0);
+    test_standard_wrap(actx, ictx, 1);
+
+    /* Test AEAD wrapping. */
+    test_aead(ictx, actx, 0);
+    test_aead(ictx, actx, 1);
+    test_aead(actx, ictx, 0);
+    test_aead(actx, ictx, 1);
+
+    /* Test MIC tokens. */
+    test_mic(ictx, actx);
+    test_mic(actx, ictx);
+
+    /* Test DCE wrapping with DCE-style contexts. */
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DCE_STYLE;
+    establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL, tname,
+                       flags, &ictx, &actx, NULL, NULL, NULL);
+    test_dce(ictx, actx, 0);
+    test_dce(ictx, actx, 1);
+    test_dce(actx, ictx, 0);
+    test_dce(actx, ictx, 1);
+
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_lifetime.c b/krb5-1.21.3/src/tests/gssapi/t_lifetime.c
new file mode 100644
index 00000000..8dcf1862
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_lifetime.c
@@ -0,0 +1,140 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_lifetime.c - display cred and context lifetimes */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include "common.h"
+
+/*
+ * Using the default credential, exercise the GSS functions which accept or
+ * produce lifetimes.  Display the following results, one per line, as ASCII
+ * integers or the string "indefinite":
+ *
+ *   initiator cred lifetime according to gss_acquire_cred()
+ *   initiator cred lifetime according to gss_inquire_cred()
+ *   acceptor cred lifetime according to gss_acquire_cred()
+ *   acceptor cred lifetime according to gss_inquire_cred()
+ *   initiator context lifetime according to gss_init_sec_context()
+ *   initiator context lifetime according to gss_inquire_context()
+ *   initiator context lifetime according to gss_context_time()
+ *   acceptor context lifetime according to gss_init_sec_context()
+ *   acceptor context lifetime according to gss_inquire_context()
+ *   acceptor context lifetime according to gss_context_time()
+ */
+
+static void
+display_time(OM_uint32 tval)
+{
+    if (tval == GSS_C_INDEFINITE)
+        puts("indefinite");
+    else
+        printf("%u\n", (unsigned int)tval);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_cred_id_t icred, acred;
+    gss_name_t tname;
+    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc itok = GSS_C_EMPTY_BUFFER, atok = GSS_C_EMPTY_BUFFER;
+    OM_uint32 time_req = GSS_C_INDEFINITE, time_rec;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s targetname [time_req]\n", argv[0]);
+        return 1;
+    }
+    tname = import_name(argv[1]);
+    if (argc >= 3)
+        time_req = atoll(argv[2]);
+
+    /* Get initiator cred and display its lifetime according to
+     * gss_acquire_cred and gss_inquire_cred. */
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, time_req, &mechset_krb5,
+                             GSS_C_INITIATE, &icred, NULL, &time_rec);
+    check_gsserr("gss_acquire_cred(initiate)", major, minor);
+    display_time(time_rec);
+    major = gss_inquire_cred(&minor, icred, NULL, &time_rec, NULL, NULL);
+    check_gsserr("gss_inquire_cred(initiate)", major, minor);
+    display_time(time_rec);
+
+    /* Get acceptor cred and display its lifetime according to gss_acquire_cred
+     * and gss_inquire_cred. */
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, time_req, &mechset_krb5,
+                             GSS_C_ACCEPT, &acred, NULL, &time_rec);
+    check_gsserr("gss_acquire_cred(accept)", major, minor);
+    display_time(time_rec);
+    major = gss_inquire_cred(&minor, acred, NULL, &time_rec, NULL, NULL);
+    check_gsserr("gss_inquire_cred(accept)", major, minor);
+    display_time(time_rec);
+
+    /* Make an initiator context and display its lifetime according to
+     * gss_init_sec_context, gss_inquire_context, and gss_context_time. */
+    major = gss_init_sec_context(&minor, icred, &ictx, tname, &mech_krb5, 0,
+                                 time_req, GSS_C_NO_CHANNEL_BINDINGS, &atok,
+                                 NULL, &itok, NULL, &time_rec);
+    check_gsserr("gss_init_sec_context", major, minor);
+    assert(major == GSS_S_COMPLETE);
+    display_time(time_rec);
+    major = gss_inquire_context(&minor, ictx, NULL, NULL, &time_rec, NULL,
+                                NULL, NULL, NULL);
+    check_gsserr("gss_inquire_context(initiate)", major, minor);
+    display_time(time_rec);
+    major = gss_context_time(&minor, ictx, &time_rec);
+    check_gsserr("gss_context_time(initiate)", major, minor);
+    display_time(time_rec);
+
+    major = gss_accept_sec_context(&minor, &actx, acred, &itok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL,
+                                   NULL, &atok, NULL, &time_rec, NULL);
+    check_gsserr("gss_accept_sec_context", major, minor);
+    assert(major == GSS_S_COMPLETE);
+    display_time(time_rec);
+    major = gss_inquire_context(&minor, actx, NULL, NULL, &time_rec, NULL,
+                                NULL, NULL, NULL);
+    check_gsserr("gss_inquire_context(accept)", major, minor);
+    display_time(time_rec);
+    major = gss_context_time(&minor, actx, &time_rec);
+    check_gsserr("gss_context_time(accept)", major, minor);
+    display_time(time_rec);
+
+    (void)gss_release_buffer(&minor, &itok);
+    (void)gss_release_buffer(&minor, &atok);
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_release_cred(&minor, &icred);
+    (void)gss_release_cred(&minor, &acred);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_namingexts.c b/krb5-1.21.3/src/tests/gssapi/t_namingexts.c
new file mode 100644
index 00000000..739592b9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_namingexts.c
@@ -0,0 +1,227 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static int use_spnego = 0;
+
+static void
+display_name(const char *tag, gss_name_t name)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc buf;
+
+    major = gss_display_name(&minor, name, &buf, NULL);
+    check_gsserr("gss_display_name", major, minor);
+
+    printf("%s:\t%.*s\n", tag, (int)buf.length, (char *)buf.value);
+
+    (void)gss_release_buffer(&minor, &buf);
+}
+
+static void
+test_export_import_name(gss_name_t name)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc exported_name = GSS_C_EMPTY_BUFFER;
+    gss_name_t imported_name = GSS_C_NO_NAME;
+    gss_name_t imported_name_comp = GSS_C_NO_NAME;
+    unsigned int i;
+
+    major = gss_export_name_composite(&minor, name, &exported_name);
+    check_gsserr("gss_export_name_composite", major, minor);
+
+    printf("Exported name:\n");
+    for (i = 0; i < exported_name.length; i++) {
+        if ((i % 32) == 0)
+            printf("\n");
+        printf("%02x", ((char *)exported_name.value)[i] & 0xFF);
+    }
+    printf("\n");
+
+    major = gss_import_name(&minor, &exported_name, GSS_C_NT_EXPORT_NAME,
+                            &imported_name);
+    check_gsserr("gss_import_name", major, minor);
+
+    major = gss_import_name(&minor, &exported_name, GSS_C_NT_COMPOSITE_EXPORT,
+                            &imported_name_comp);
+    check_gsserr("gss_import_name", major, minor);
+    (void)gss_release_buffer(&minor, &exported_name);
+
+    printf("\n");
+    display_canon_name("Re-imported name", imported_name, &mech_krb5);
+    printf("Re-imported attributes:\n\n");
+    enumerate_attributes(imported_name, 0);
+
+    display_name("Re-imported (as composite) name", imported_name_comp);
+    printf("Re-imported (as composite) attributes:\n\n");
+    enumerate_attributes(imported_name_comp, 0);
+
+    (void)gss_release_name(&minor, &imported_name);
+    (void)gss_release_name(&minor, &imported_name_comp);
+}
+
+static void
+test_greet_authz_data(gss_name_t name)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc attr;
+    gss_buffer_desc value;
+
+    attr.value = "urn:greet:greeting";
+    attr.length = strlen((char *)attr.value);
+
+    major = gss_delete_name_attribute(&minor, name, &attr);
+    if (major == GSS_S_UNAVAILABLE) {
+        fprintf(stderr, "Warning: greet_client plugin not installed\n");
+        exit(1);
+    }
+    check_gsserr("gss_delete_name_attribute", major, minor);
+
+    value.value = "Hello, acceptor world!";
+    value.length = strlen((char *)value.value);
+    major = gss_set_name_attribute(&minor, name, 1, &attr, &value);
+    if (major == GSS_S_UNAVAILABLE)
+        return;
+    check_gsserr("gss_set_name_attribute", major, minor);
+}
+
+static void
+test_map_name_to_any(gss_name_t name)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc type_id;
+    krb5_pac pac;
+    krb5_context context = NULL;
+    krb5_error_code ret;
+    size_t len, i;
+    krb5_ui_4 *types;
+
+    type_id.value = "mspac";
+    type_id.length = strlen((char *)type_id.value);
+
+    major = gss_map_name_to_any(&minor, name, 1, &type_id, (gss_any_t *)&pac);
+    if (major == GSS_S_UNAVAILABLE)
+        return;
+    check_gsserr("gss_map_name_to_any", major, minor);
+
+    ret = krb5_init_context(&context);
+    check_k5err(context, "krb5_init_context", ret);
+
+    if (krb5_pac_get_types(context, pac, &len, &types) == 0) {
+        printf("PAC buffer types:");
+        for (i = 0; i < len; i++)
+            printf(" %d", types[i]);
+        printf("\n");
+        free(types);
+    }
+
+    (void)gss_release_any_name_mapping(&minor, name, &type_id,
+                                       (gss_any_t *)&pac);
+}
+
+static void
+init_accept_sec_context(gss_cred_id_t verifier_cred_handle)
+{
+    OM_uint32 major, minor, flags;
+    gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
+    gss_ctx_id_t initiator_context, acceptor_context;
+    gss_OID mech = use_spnego ? &mech_spnego : &mech_krb5;
+
+    major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+                             NULL, NULL);
+    check_gsserr("gss_inquire_cred", major, minor);
+
+    display_canon_name("Target name", target_name, &mech_krb5);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, verifier_cred_handle, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, NULL, NULL);
+
+    display_canon_name("Source name", source_name, &mech_krb5);
+    enumerate_attributes(source_name, 1);
+    test_export_import_name(source_name);
+    test_map_name_to_any(source_name);
+
+    (void)gss_release_name(&minor, &source_name);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_cred_id_t cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_OID_set mechs, actual_mechs = GSS_C_NO_OID_SET;
+    gss_name_t tmp_name, name;
+
+    if (argc > 1 && strcmp(argv[1], "--spnego") == 0) {
+        use_spnego++;
+        argc--;
+        argv++;
+    }
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s [--spnego] principal [keytab]\n", argv[0]);
+        exit(1);
+    }
+
+    tmp_name = import_name(argv[1]);
+    major = gss_canonicalize_name(&minor, tmp_name, &mech_krb5, &name);
+    check_gsserr("gss_canonicalze_name", major, minor);
+    (void)gss_release_name(&minor, &tmp_name);
+
+    test_greet_authz_data(name);
+
+    if (argc >= 3) {
+        major = krb5_gss_register_acceptor_identity(argv[2]);
+        check_gsserr("krb5_gss_register_acceptor_identity", major, minor);
+    }
+
+    mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
+
+    /* get default cred */
+    major = gss_acquire_cred(&minor, name, GSS_C_INDEFINITE, mechs, GSS_C_BOTH,
+                             &cred_handle, &actual_mechs, NULL);
+    check_gsserr("gss_acquire_cred", major, minor);
+
+    (void)gss_release_oid_set(&minor, &actual_mechs);
+
+    init_accept_sec_context(cred_handle);
+
+    printf("\n");
+
+    (void)gss_release_cred(&minor, &cred_handle);
+    (void)gss_release_oid_set(&minor, &actual_mechs);
+    (void)gss_release_name(&minor, &name);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_negoex.py b/krb5-1.21.3/src/tests/gssapi/t_negoex.py
new file mode 100644
index 00000000..a218899c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_negoex.py
@@ -0,0 +1,149 @@
+from k5test import *
+
+# The next arc after 2.25 is supposed to be a single-integer UUID, but
+# since our gss_str_to_oid() can't handle arc values that don't fit in
+# an unsigned long, we use random unsigned 32-bit integers instead.
+# The final octet if the OID encoding will be used to identify the
+# mechanism when changing the behavior of just one mech.
+nxtest_oid1 = '2.25.1414534758' # final octet is 102 (0x66)
+nxtest_oid2 = '2.25.1175737388' # final octet is 44 (0x2C)
+nxtest_path = os.path.join(buildtop, 'plugins', 'gssapi', 'negoextest',
+                           'gss_negoextest.so')
+
+# Test gss_add_cred().
+realm = K5Realm(create_kdb=False)
+with open(realm.gss_mech_config, 'w') as f:
+    f.write('negoextest %s %s\n' % (nxtest_oid1, nxtest_path))
+    f.write('negoextest %s %s\n' % (nxtest_oid2, nxtest_path))
+
+def test(envvars, **kw):
+    # Python 3.5: e = {**realm.env, **vars}
+    e = realm.env.copy()
+    e.update(envvars)
+    realm.run(['./t_context', 'h:host'], env=e, **kw)
+
+# Test varying numbers of hops, and spot-check that messages are sent
+# in the appropriate sequence.
+
+mark('One hop')
+msgs = ('sending [0]INITIATOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
+        'd1b08469-2ca8-0000-0000-000000000000',
+        'sending [1]INITIATOR_META_DATA: c0a28569-66ac',
+        'sending [2]INITIATOR_META_DATA: d1b08469-2ca8',
+        'sending [3]AP_REQUEST: c0a28569-66ac',
+        'sending [4]VERIFY: c0a28569-66ac',
+        'received [0]INITIATOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
+        'd1b08469-2ca8-0000-0000-000000000000',
+        'received [1]INITIATOR_META_DATA: c0a28569-66ac',
+        'received [2]INITIATOR_META_DATA: d1b08469-2ca8',
+        'received [3]AP_REQUEST: c0a28569-66ac',
+        'received [4]VERIFY: c0a28569-66ac',
+        'sending [5]ACCEPTOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
+        'd1b08469-2ca8-0000-0000-000000000000',
+        'sending [6]ACCEPTOR_META_DATA: c0a28569-66ac',
+        'sending [7]ACCEPTOR_META_DATA: d1b08469-2ca8',
+        'sending [8]VERIFY: c0a28569-66ac',
+        'received [5]ACCEPTOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
+        'd1b08469-2ca8-0000-0000-000000000000',
+        'received [6]ACCEPTOR_META_DATA: c0a28569-66ac',
+        'received [7]ACCEPTOR_META_DATA: d1b08469-2ca8',
+        'received [8]VERIFY: c0a28569-66ac')
+test({'HOPS': '1'}, expected_trace=msgs)
+
+mark('Two hops')
+msgs = ('sending [7]CHALLENGE', 'sending [8]VERIFY', 'received [8]VERIFY',
+        'sending [9]VERIFY')
+test({'HOPS': '2'}, expected_trace=msgs)
+
+mark('Three hops')
+msgs = ('sending [8]AP_REQUEST', 'sending [9]VERIFY', 'received [8]AP_REQUEST',
+        'sending [10]VERIFY')
+test({'HOPS': '3'}, expected_trace=msgs)
+
+mark('Four hops')
+msgs = ('sending [9]CHALLENGE', 'sending [10]VERIFY', 'received [9]CHALLENGE',
+        'sending [11]VERIFY')
+test({'HOPS': '4'}, expected_trace=msgs)
+
+mark('Early keys, three hops')
+msgs = ('sending [4]VERIFY', 'sending [9]VERIFY', 'sending [10]AP_REQUEST')
+test({'HOPS': '3', 'KEY': 'always'}, expected_trace=msgs)
+
+mark('Early keys, four hops')
+msgs = ('sending [4]VERIFY', 'sending [9]VERIFY', 'sending [10]AP_REQUEST',
+        'sending [11]CHALLENGE')
+test({'HOPS': '4', 'KEY': 'always'}, expected_trace=msgs)
+
+mark('No keys')
+test({'KEY': 'never'}, expected_code=1, expected_msg='No NegoEx verify key')
+
+mark('No optimistic token')
+msgs = ('sending [3]ACCEPTOR_NEGO', 'sending [6]AP_REQUEST',
+        'sending [7]VERIFY', 'sending [8]VERIFY')
+test({'NEGOEX_NO_OPTIMISTIC_TOKEN': ''}, expected_trace=msgs)
+
+mark('First mech initiator query fail')
+msgs = ('sending [0]INITIATOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
+        'sending [2]AP_REQUEST', 'sending [3]VERIFY',
+        'sending [4]ACCEPTOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
+        'sending [6]VERIFY')
+test({'INIT_QUERY_FAIL': '102'}, expected_trace=msgs)
+
+mark('First mech acceptor query fail')
+msgs = ('sending [0]INITIATOR_NEGO: c0a28569-66ac-0000-0000-000000000000 '
+        'd1b08469-2ca8-0000-0000-000000000000',
+        'sending [3]AP_REQUEST: c0a28569-66ac',
+        'sending [4]VERIFY: c0a28569-66ac',
+        'sending [5]ACCEPTOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
+        'sending [7]AP_REQUEST: d1b08469-2ca8',
+        'sending [8]VERIFY: d1b08469-2ca8',
+        'sending [9]VERIFY: d1b08469-2ca8')
+test({'ACCEPT_QUERY_FAIL': '102'}, expected_trace=msgs)
+
+# Same messages as previous test.
+mark('First mech acceptor exchange fail')
+test({'ACCEPT_EXCHANGE_FAIL': '102'}, expected_trace=msgs)
+
+# Fail the optimistic mech's gss_exchange_meta_data() in the
+# initiator.  Since the acceptor has effectively selected the
+# optimistic mech, this causes the authentication to fail.
+mark('First mech initiator exchange fail, one hop')
+test({'HOPS': '1', 'INIT_EXCHANGE_FAIL': '102'}, expected_code=1,
+     expected_msg='No mutually supported NegoEx authentication schemes')
+mark('First mech initiator exchange fail, two hops, early keys')
+test({'HOPS': '2', 'INIT_EXCHANGE_FAIL': '102', 'KEY': 'always'},
+     expected_code=1,
+     expected_msg='No mutually supported NegoEx authentication schemes')
+mark('First mech initiator exchange fail, two hops')
+test({'HOPS': '2', 'INIT_EXCHANGE_FAIL': '102'}, expected_code=1,
+     expected_msg='No mutually supported NegoEx authentication schemes')
+
+mark('First mech init_sec_context fail')
+msgs = ('sending [0]INITIATOR_NEGO: d1b08469-2ca8-0000-0000-000000000000',
+        'sending [2]AP_REQUEST', 'sending [3]VERIFY', 'sending [6]VERIFY')
+test({'INIT_FAIL': '102'}, expected_trace=msgs)
+
+mark('First mech accept_sec_context fail')
+test({'HOPS': '2', 'ACCEPT_FAIL': '102'}, expected_code=1,
+     expected_msg='failure from acceptor')
+
+mark('ALERT from acceptor to initiator')
+msgs = ('sending [3]AP_REQUEST', 'sending [4]VERIFY', 'sending [8]CHALLENGE',
+        'sending [9]ALERT', 'received [9]ALERT', 'sending [10]AP_REQUEST',
+        'sending [11]VERIFY', 'sending [12]VERIFY')
+test({'HOPS': '3', 'KEY': 'init-always'}, expected_trace=msgs)
+
+mark('ALERT from initiator to acceptor')
+msgs = ('sending [3]AP_REQUEST', 'sending [7]CHALLENGE', 'sending [8]VERIFY',
+        'sending [9]AP_REQUEST', 'sending [10]ALERT', 'received [10]ALERT',
+        'sending [11]CHALLENGE', 'sending [12]VERIFY', 'sending [13]VERIFY')
+test({'HOPS': '4', 'KEY': 'accept-always'}, expected_trace=())
+
+mark('channel bindings')
+e = realm.env.copy()
+e.update({'HOPS': '1', 'GSS_INIT_BINDING': 'a', 'GSS_ACCEPT_BINDING': 'b'})
+# The test mech will verify that the bindings are communicated to the
+# mech, but does not set the channel-bound flag.
+realm.run(['./t_bindings', '-s', 'h:host', 'a', 'b'], env=e, expected_msg='no')
+
+success('NegoEx tests')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_oid.c b/krb5-1.21.3/src/tests/gssapi/t_oid.c
new file mode 100644
index 00000000..1c9d3941
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_oid.c
@@ -0,0 +1,224 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_oid.c - Test OID manipulation functions */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static struct {
+    char *canonical;
+    char *variant;
+    gss_OID_desc oid;
+} tests[] = {
+    /* GSS_C_NT_USER_NAME */
+    { "{ 1 2 840 113554 1 2 1 1 }", "1.2.840.113554.1.2.1.1",
+      { 10, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x01\x01" } },
+    /* GSS_C_NT_MACHINE_UID_NAME */
+    { "{ 1 2 840 113554 1 2 1 2 }", "1 2 840 113554 1 2 1 2",
+      { 10, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x01\x02" } },
+    /* GSS_C_NT_STRING_UID_NAME */
+    { "{ 1 2 840 113554 1 2 1 3 }", "{1 2 840 113554 1 2 1 3}",
+      { 10, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x01\x03" } },
+    /* GSS_C_NT_HOSTBASED_SERVICE_X */
+    { "{ 1 3 6 1 5 6 2 }", "{  1  3  6  1  5  6  2  }",
+      { 6, "\x2B\x06\x01\x05\x06\x02" } },
+    /* GSS_C_NT_ANONYMOUS */
+    { "{ 1 3 6 1 5 6 3 }", "{ 01 03 06 01 05 06 03 }",
+      { 6, "\x2B\x06\x01\x05\x06\x03" } },
+    /* GSS_KRB5_NT_PRINCIPAL_NAME */
+    { "{ 1 2 840 113554 1 2 2 1 }", " {01 2 840 113554 1 2 2 1  } ",
+      { 10, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x01" } },
+    /* GSS_KRB5_NT_ENTERPRISE_NAME */
+    { "{ 1 2 840 113554 1 2 2 6 }", " {1.2.840.113554.1.2.2.6} ",
+      { 10, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x06" } },
+    /* gss_krb5_nt_principal */
+    { "{ 1 2 840 113554 1 2 2 2 }", "{1.2.840.113554.1.2.2.2}",
+      { 10, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02\x02" } },
+    /* gss_mech_krb5 */
+    { "{ 1 2 840 113554 1 2 2 }", "{ 1.2.840.113554.1.2.2 }",
+      { 9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02" } },
+    /* gss_mech_krb5_old */
+    { "{ 1 3 5 1 5 2 }", "001 . 003 . 005 . 001 . 005 . 002",
+      { 5, "\x2B\x05\x01\x05\x02" } },
+    /* gss_mech_krb5_wrong */
+    { "{ 1 2 840 48018 1 2 2 }", "1.2.840.48018.1.2.2 trailing garbage",
+      { 9, "\x2A\x86\x48\x82\xF7\x12\x01\x02\x02" } },
+    /* gss_mech_iakerb */
+    { "{ 1 3 6 1 5 2 5 }", "{ 1 3 6 1 5 2 5 } trailing garbage",
+      { 6, "\x2B\x06\x01\x05\x02\x05" } },
+    /* SPNEGO */
+    { "{ 1 3 6 1 5 5 2 }", "{1 3 6 1 5 5 2} trailing garbage",
+      { 6, "\x2B\x06\x01\x05\x05\x02" } },
+    /* Edge cases for the first two arcs */
+    { "{ 0 0 }", NULL, { 1, "\x00" } },
+    { "{ 0 39 }", NULL, { 1, "\x27" } },
+    { "{ 1 0 }", NULL, { 1, "\x28" } },
+    { "{ 1 39 }", NULL, { 1, "\x4F" } },
+    { "{ 2 0 }", NULL, { 1, "\x50" } },
+    { "{ 2 40 }", NULL, { 1, "\x78" } },
+    { "{ 2 47 }", NULL, { 1, "\x7F" } },
+    { "{ 2 48 }", NULL, { 2, "\x81\x00" } },
+    { "{ 2 16304 }", NULL, { 3, "\x81\x80\x00" } },
+    /* Zero-valued arcs */
+    { "{ 0 0 0 }", NULL, { 2, "\x00\x00" } },
+    { "{ 0 0 1 0 }", NULL, { 3, "\x00\x01\x00" } },
+    { "{ 0 0 128 0 }", NULL, { 4, "\x00\x81\x00\x00 " } },
+    { "{ 0 0 0 1 }", NULL, { 3, "\x00\x00\x01" } },
+    { "{ 0 0 128 0 1 0 128 }", NULL,
+      { 8, "\x00\x81\x00\x00\x01\x00\x81\x00 " } }
+};
+
+static char *invalid_strings[] = {
+    "",
+    "{}",
+    "{",
+    "}",
+    "  ",
+    " { } ",
+    "x",
+    "+1 1",
+    "-1.1",
+    "1.+0",
+    "+0.1",
+    "{ 1 garbage }",
+    "{ 1 }",
+    "{ 0 40 }",
+    "{ 1 40 }",
+    "{ 1 128 }",
+    "{ 1 1",
+    "{ 1 2 3 4 +5 }",
+    "{ 1.2.-3.4.5 }"
+};
+
+static int
+oid_equal(gss_OID o1, gss_OID o2)
+{
+    return o1->length == o2->length &&
+        memcmp(o1->elements, o2->elements, o1->length) == 0;
+}
+
+int
+main()
+{
+    size_t i;
+    OM_uint32 major, minor;
+    gss_buffer_desc buf;
+    gss_OID oid;
+    gss_OID_set set;
+    int status = 0, present;
+
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        /* Check that this test's OID converts to its canonical string form. */
+        major = gss_oid_to_str(&minor, &tests[i].oid, &buf);
+        check_gsserr("gss_oid_to_str", major, minor);
+        if (buf.length != strlen(tests[i].canonical) + 1 ||
+            memcmp(buf.value, tests[i].canonical, buf.length) != 0) {
+            status = 1;
+            printf("test %d: OID converts to %.*s, wanted %s\n", (int)i,
+                   (int)buf.length, (char *)buf.value, tests[i].canonical);
+        }
+        (void)gss_release_buffer(&minor, &buf);
+
+        /* Check that this test's canonical string form converts to its OID. */
+        buf.value = tests[i].canonical;
+        buf.length = strlen(tests[i].canonical);
+        major = gss_str_to_oid(&minor, &buf, &oid);
+        check_gsserr("gss_str_to_oid", major, minor);
+        if (!oid_equal(oid, &tests[i].oid)) {
+            status = 1;
+            printf("test %d: %s converts to wrong OID\n", (int)i,
+                   tests[i].canonical);
+            display_oid("wanted", &tests[i].oid);
+            display_oid("actual", oid);
+        }
+        (void)gss_release_oid(&minor, &oid);
+
+        /* Check that this test's variant string form converts to its OID. */
+        if (tests[i].variant == NULL)
+            continue;
+        buf.value = tests[i].variant;
+        buf.length = strlen(tests[i].variant);
+        major = gss_str_to_oid(&minor, &buf, &oid);
+        check_gsserr("gss_str_to_oid", major, minor);
+        if (!oid_equal(oid, &tests[i].oid)) {
+            status = 1;
+            printf("test %d: %s converts to wrong OID\n", (int)i,
+                   tests[i].variant);
+            display_oid("wanted", &tests[i].oid);
+            display_oid("actual", oid);
+        }
+        (void)gss_release_oid(&minor, &oid);
+    }
+
+    for (i = 0; i < sizeof(invalid_strings) / sizeof(*invalid_strings); i++) {
+        buf.value = invalid_strings[i];
+        buf.length = strlen(invalid_strings[i]);
+        major = gss_str_to_oid(&minor, &buf, &oid);
+        if (major == GSS_S_COMPLETE) {
+            status = 1;
+            printf("invalid %d: %s converted when it should not have\n",
+                   (int)i, invalid_strings[i]);
+            (void)gss_release_oid(&minor, &oid);
+        }
+    }
+
+    major = gss_create_empty_oid_set(&minor, &set);
+    check_gsserr("gss_create_empty_oid_set", major, minor);
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        major = gss_add_oid_set_member(&minor, &tests[i].oid, &set);
+        check_gsserr("gss_add_oid_set_member", major, minor);
+    }
+    if (set->count != i) {
+        status = 1;
+        printf("oid set has wrong size: wanted %d, actual %d\n", (int)i,
+               (int)set->count);
+    }
+    for (i = 0; i < set->count; i++) {
+        if (!oid_equal(&set->elements[i], &tests[i].oid)) {
+            status = 1;
+            printf("oid set has wrong element %d\n", (int)i);
+            display_oid("wanted", &tests[i].oid);
+            display_oid("actual", &set->elements[i]);
+        }
+        major = gss_test_oid_set_member(&minor, &tests[i].oid, set, &present);
+        check_gsserr("gss_test_oid_set_member", major, minor);
+        if (!present) {
+            status = 1;
+            printf("oid set does not contain OID %d\n", (int)i);
+            display_oid("wanted", &tests[i].oid);
+        }
+    }
+    (void)gss_release_oid_set(&minor, &set);
+    return status;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_pcontok.c b/krb5-1.21.3/src/tests/gssapi/t_pcontok.c
new file mode 100644
index 00000000..7368f752
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_pcontok.c
@@ -0,0 +1,190 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_pcontok.c - gss_process_context_token tests */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This test program exercises krb5 gss_process_context_token.  It first
+ * establishes a context to a named target.  Then, if the resulting context
+ * uses RFC 1964, it creates a context deletion token from the acceptor to the
+ * initiator and passes it to the initiator using gss_process_context_token.
+ * If the established context uses RFC 4121, this program feeds a made-up
+ * context token to gss_process_context_token and checks for the expected
+ * error.
+ */
+
+#include "k5-int.h"
+#include "common.h"
+
+#define SGN_ALG_HMAC_SHA1_DES3_KD 0x04
+#define SGN_ALG_HMAC_MD5          0x11
+
+/*
+ * Create a valid RFC 1964 context deletion token using the information in *
+ * lctx.  We must do this by hand since we no longer create context deletion
+ * tokens from gss_delete_sec_context.
+ */
+static void
+make_delete_token(gss_krb5_lucid_context_v1_t *lctx, gss_buffer_desc *out)
+{
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_keyblock seqkb;
+    krb5_key seq;
+    krb5_checksum cksum;
+    krb5_cksumtype cktype;
+    krb5_keyusage ckusage;
+    krb5_crypto_iov iov;
+    krb5_data d;
+    size_t cksize, tlen;
+    unsigned char *token, *ptr, iv[8];
+    gss_krb5_lucid_key_t *lkey = &lctx->rfc1964_kd.ctx_key;
+    int signalg = lctx->rfc1964_kd.sign_alg;
+
+    ret = krb5_init_context(&context);
+    check_k5err(context, "krb5_init_context", ret);
+
+    seqkb.enctype = lkey->type;
+    seqkb.length = lkey->length;
+    seqkb.contents = lkey->data;
+    ret = krb5_k_create_key(context, &seqkb, &seq);
+    check_k5err(context, "krb5_k_create_key", ret);
+
+    if (signalg == SGN_ALG_HMAC_SHA1_DES3_KD) {
+        cktype = CKSUMTYPE_HMAC_SHA1_DES3;
+        cksize = 20;
+        ckusage = 23;
+    } else if (signalg == SGN_ALG_HMAC_MD5) {
+        cktype = CKSUMTYPE_HMAC_MD5_ARCFOUR;
+        cksize = 8;
+        ckusage = 15;
+    } else {
+        abort();
+    }
+
+    tlen = 20 + mech_krb5.length + cksize;
+    token = malloc(tlen);
+    assert(token != NULL);
+
+    /* Create the ASN.1 wrapper (4 + mech_krb5.length bytes).  Assume the ASN.1
+     * lengths fit in one byte since deletion tokens are short. */
+    ptr = token;
+    *ptr++ = 0x60;
+    *ptr++ = tlen - 2;
+    *ptr++ = 0x06;
+    *ptr++ = mech_krb5.length;
+    memcpy(ptr, mech_krb5.elements, mech_krb5.length);
+    ptr += mech_krb5.length;
+
+    /* Create the RFC 1964 token header (8 bytes). */
+    *ptr++ = 0x01;
+    *ptr++ = 0x02;
+    store_16_le(signalg, ptr);
+    ptr += 2;
+    *ptr++ = 0xFF;
+    *ptr++ = 0xFF;
+    *ptr++ = 0xFF;
+    *ptr++ = 0xFF;
+
+    /* Create the checksum (cksize bytes at offset 8 from the header). */
+    d = make_data(ptr - 8, 8);
+    ret = krb5_k_make_checksum(context, cktype, seq, ckusage, &d, &cksum);
+    check_k5err(context, "krb5_k_make_checksum", ret);
+    memcpy(ptr + 8, cksum.contents, cksize);
+
+    /* Create the sequence number (8 bytes). */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(ptr, 8);
+    ptr[4] = ptr[5] = ptr[6] = ptr[7] = lctx->initiate ? 0 : 0xFF;
+    memcpy(iv, ptr + 8, 8);
+    d = make_data(iv, 8);
+    if (signalg == SGN_ALG_HMAC_MD5) {
+        store_32_be(lctx->send_seq, ptr);
+        ret = krb5int_arcfour_gsscrypt(&seq->keyblock, 0, &d, &iov, 1);
+        check_k5err(context, "krb5int_arcfour_gsscrypt(seq)", ret);
+    } else {
+        store_32_le(lctx->send_seq, ptr);
+        ret = krb5_k_encrypt_iov(context, seq, 24, &d, &iov, 1);
+        check_k5err(context, "krb5_k_encrypt_iov(seq)", ret);
+    }
+
+    krb5_free_checksum_contents(context, &cksum);
+    krb5_k_free_key(context, seq);
+    krb5_free_context(context);
+
+    out->length = tlen;
+    out->value = token;
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, flags;
+    gss_name_t tname;
+    gss_buffer_desc token, in = GSS_C_EMPTY_BUFFER, out;
+    gss_ctx_id_t ictx, actx;
+    gss_krb5_lucid_context_v1_t *lctx;
+    void *lptr;
+
+    assert(argc == 2);
+    tname = import_name(argv[1]);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                       tname, flags, &ictx, &actx, NULL, NULL, NULL);
+
+    /* Export the acceptor context to a lucid context so we can look inside. */
+    major = gss_krb5_export_lucid_sec_context(&minor, &actx, 1, &lptr);
+    check_gsserr("gss_export_lucid_sec_context", major, minor);
+    lctx = lptr;
+    if (!lctx->protocol) {
+        /* Make an RFC 1964 context deletion token and pass it to
+         * gss_process_context_token. */
+        make_delete_token(lctx, &token);
+        major = gss_process_context_token(&minor, ictx, &token);
+        free(token.value);
+        check_gsserr("gss_process_context_token", major, minor);
+        /* Check for the appropriate major code from gss_wrap. */
+        major = gss_wrap(&minor, ictx, 1, GSS_C_QOP_DEFAULT, &in, NULL, &out);
+        assert(major == GSS_S_NO_CONTEXT);
+    } else {
+        /* RFC 4121 defines no context deletion token, so try passing something
+         * arbitrary and check for the appropriate major code. */
+        token.value = "abcd";
+        token.length = 4;
+        major = gss_process_context_token(&minor, ictx, &token);
+        assert(major == GSS_S_DEFECTIVE_TOKEN);
+    }
+
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_krb5_free_lucid_sec_context(&minor, lptr);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_prf.c b/krb5-1.21.3/src/tests/gssapi/t_prf.c
new file mode 100644
index 00000000..f71774cd
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_prf.c
@@ -0,0 +1,190 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2014 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "k5-hex.h"
+#include "common.h"
+#include "mglueP.h"
+#include "gssapiP_krb5.h"
+
+static const char inputstr[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "abcdefghijklmnopqrstuvwxyz123456789";
+
+/* For each test, out1 corresponds to key1 with an empty input, and out2
+ * corresponds to key2 with the above 61-byte input string. */
+static struct {
+    krb5_enctype enctype;
+    const char *key1;
+    const char *out1;
+    const char *key2;
+    const char *out2;
+} tests[] = {
+    { ENCTYPE_DES3_CBC_SHA1,
+      "70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2",
+      "9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9"
+      "AC4A333D644D21BA3EF24F4A886D143F85AC9F6377FB",
+      "3452A167DF1094BA1089E0A20E9E51ABEF1525922558B69E",
+      "6BF24FABC858F8DD9752E4FCD331BB831F238B5BE190"
+      "4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4" },
+    { ENCTYPE_ARCFOUR_HMAC,
+      "3BB3AE288C12B3B9D06B208A4151B3B6",
+      "9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28"
+      "3C8A983AB88757CE865A22132D6100EAD63E9E291AFA",
+      "6DB7B33A01BD2B72F7655CB7B3D5FA0B",
+      "CDA9A544869FC84873B692663A82AFDA101C8611498B"
+      "A46138B01E927C9B95EEC953B562807434037837DDDF" },
+    { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+      "6C742096EB896230312B73972FA28B5D",
+      "94208D982FC1BB7778128BDD77904420B45C9DA699F3"
+      "117BCE66E39602128EF0296611A6D191A5828530F20F",
+      "FA61138C109D834A477D24C7311BE6DA",
+      "0FAEDF0F842CC834FEE750487E1B622739286B975FE5"
+      "B7F45AB053143C75CA0DF5D3D4BBB80F6A616C7C9027" },
+    { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+      "08FCDAFD5832611B73BA7B497FEBFF8C954B4B58031CAD9B977C3B8C25192FD6",
+      "E627EFC14EF5B6D629F830C7109DEA0D3D7D36E8CD57"
+      "A1F301C5452494A1928F05AFFBEE3360232209D3BE0D",
+      "F5B68B7823D8944F33F41541B4E4D38C9B2934F8D16334A796645B066152B4BE",
+      "112F2B2D878590653CCC7DE278E9F0AA46FA5A380B62"
+      "59F774CB7C134FCD37F61A50FD0D9F89BF8FE1A6B593" },
+    { ENCTYPE_CAMELLIA128_CTS_CMAC,
+      "866E0466A178279A32AC0BDA92B72AEB",
+      "97FBB354BF341C3A160DCC86A7A910FDA824601DF677"
+      "68797BACEEBF5D250AE929DEC9760772084267F50A54",
+      "D4893FD37DA1A211E12DD1E03E0F03B7",
+      "1DEE2FF126CA563A2A2326B9DD3F0095013257414C83"
+      "FAD4398901013D55F367C82681186B7B2FE62F746BA4" },
+    { ENCTYPE_CAMELLIA256_CTS_CMAC,
+      "203071B1AE77BD3D6FCE70174AF95C225B1CED46B35CF52B6479EFEB47E6B063",
+      "9B30020634C10FDA28420CEE7B96B70A90A771CED43A"
+      "D8346554163E5949CBAE2FB8EF36AFB6B32CE75116A0",
+      "A171AD582C1AFBBAD52ABD622EE6B6A14D19BF95C6914B2BA40FFD99A88EC660",
+      "A47CBB6E104DCC77E4DB48A7A474B977F2FB6A7A1AB6"
+      "52317D50508AE72B7BE2E4E4BA24164E029CBACF786B" },
+    { ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+      "089BCA48B105EA6EA77CA5D2F39DC5E7",
+      "ED1736209B7C59C9F6A3AE8CCC8A7C97ADFDD11688AD"
+      "F304F2F74252CBACD311A2D9253211FDA49745CE4F62",
+      "3705D96080C17728A0E800EAB6E0D23C",
+      "2BB41B183D76D8D5B30CBB049A7EFE9F350EFA058DC2"
+      "C4D868308D354A7B199BE6FD1F22B53C038BC6036581" },
+    { ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+      "45BD806DBF6A833A9CFFC1C94589A222367A79BC21C413718906E9F578A78467",
+      "1C613AE8B77A3B4D783F3DCE6C9178FC025E87F48A44"
+      "784A69CB5FC697FE266A6141905067EF78566D309085",
+      "6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52",
+      "D15944B0A44508D1E61213F6455F292A02298F870C01"
+      "A3F74AD0345A4A6651EBE101976E933F32D44F0B5947" },
+};
+
+/* Decode hexstr into out.  No length checking. */
+static size_t
+fromhex(const char *hexstr, unsigned char *out)
+{
+    uint8_t *bytes;
+    size_t len;
+
+    if (k5_hex_decode(hexstr, &bytes, &len) != 0)
+        abort();
+    memcpy(out, bytes, len);
+    free(bytes);
+    return len;
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_ctx_id_t context;
+    gss_union_ctx_id_desc uctx;
+    krb5_gss_ctx_id_rec kgctx;
+    krb5_key k1, k2;
+    krb5_keyblock kb1, kb2;
+    gss_buffer_desc in, out;
+    unsigned char k1buf[32], k2buf[32], outbuf[44];
+    size_t i;
+
+    /*
+     * Fake up just enough of a krb5 GSS context to make gss_pseudo_random
+     * work, with chosen subkeys and acceptor subkeys.  If we implement
+     * gss_import_lucid_sec_context, we can rewrite this to use public
+     * interfaces and stop using private headers and internal knowledge of the
+     * implementation.
+     */
+    context = (gss_ctx_id_t)&uctx;
+    memset(&uctx, 0, sizeof(uctx));
+    uctx.mech_type = &mech_krb5;
+    uctx.internal_ctx_id = (gss_ctx_id_t)&kgctx;
+    memset(&kgctx, 0, sizeof(kgctx));
+    kgctx.k5_context = NULL;
+    kgctx.established = 1;
+    kgctx.have_acceptor_subkey = 1;
+    kb1.contents = k1buf;
+    kb2.contents = k2buf;
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        /* Set up the keys for this test. */
+        kb1.enctype = tests[i].enctype;
+        kb1.length = fromhex(tests[i].key1, k1buf);
+        check_k5err(NULL, "create_key", krb5_k_create_key(NULL, &kb1, &k1));
+        kgctx.subkey = k1;
+        kb2.enctype = tests[i].enctype;
+        kb2.length = fromhex(tests[i].key2, k2buf);
+        check_k5err(NULL, "create_key", krb5_k_create_key(NULL, &kb2, &k2));
+        kgctx.acceptor_subkey = k2;
+
+        /* Generate a PRF value with the subkey and an empty input, and compare
+         * it to the first expected output. */
+        in.length = 0;
+        in.value = NULL;
+        major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_PARTIAL, &in,
+                                  44, &out);
+        check_gsserr("gss_pseudo_random", major, minor);
+        (void)fromhex(tests[i].out1, outbuf);
+        assert(out.length == 44 && memcmp(out.value, outbuf, 44) == 0);
+        (void)gss_release_buffer(&minor, &out);
+
+        /* Generate a PRF value with the acceptor subkey and the 61-byte input
+         * string, and compare it to the second expected output. */
+        in.length = strlen(inputstr);
+        in.value = (char *)inputstr;
+        major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_FULL, &in, 44,
+                                  &out);
+        check_gsserr("gss_pseudo_random", major, minor);
+        (void)fromhex(tests[i].out2, outbuf);
+        assert(out.length == 44 && memcmp(out.value, outbuf, 44) == 0);
+        (void)gss_release_buffer(&minor, &out);
+
+        /* Also check that generating zero bytes of output works. */
+        major = gss_pseudo_random(&minor, context, GSS_C_PRF_KEY_FULL, &in, 0,
+                                  &out);
+        check_gsserr("gss_pseudo_random", major, minor);
+        assert(out.length == 0);
+        (void)gss_release_buffer(&minor, &out);
+
+        krb5_k_free_key(NULL, k1);
+        krb5_k_free_key(NULL, k2);
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_s4u.c b/krb5-1.21.3/src/tests/gssapi/t_s4u.c
new file mode 100644
index 00000000..0400f8f6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_s4u.c
@@ -0,0 +1,334 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Test program for protocol transition (S4U2Self) and constrained delegation
+ * (S4U2Proxy)
+ *
+ * Note: because of name canonicalization, the following tips may help
+ * when configuring with Active Directory:
+ *
+ * - Create a computer account FOO$
+ * - Set the UPN to host/foo.domain (no suffix); this is necessary to
+ *   be able to send an AS-REQ as this principal, otherwise you would
+ *   need to use the canonical name (FOO$), which will cause principal
+ *   comparison errors in gss_accept_sec_context().
+ * - Add a SPN of host/foo.domain
+ * - Configure the computer account to support constrained delegation with
+ *   protocol transition (Trust this computer for delegation to specified
+ *   services only / Use any authentication protocol)
+ * - Add host/foo.domain to the keytab (possibly easiest to do this
+ *   with ktadd)
+ *
+ * For S4U2Proxy to work the TGT must be forwardable too.
+ *
+ * Usage eg:
+ *
+ * kinit -k -t test.keytab -f 'host/test.win.mit.edu@WIN.MIT.EDU'
+ * ./t_s4u p:delegtest@WIN.MIT.EDU p:HOST/WIN-EQ7E4AA2WR8.win.mit.edu@WIN.MIT.EDU test.keytab
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static int use_spnego = 0;
+
+static void
+test_greet_authz_data(gss_name_t *name)
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc attr;
+    gss_buffer_desc value;
+    gss_name_t canon;
+
+    major = gss_canonicalize_name(&minor, *name, &mech_krb5, &canon);
+    check_gsserr("gss_canonicalize_name", major, minor);
+
+    attr.value = "greet:greeting";
+    attr.length = strlen((char *)attr.value);
+
+    value.value = "Hello, acceptor world!";
+    value.length = strlen((char *)value.value);
+
+    major = gss_set_name_attribute(&minor, canon, 1, &attr, &value);
+    if (major == GSS_S_UNAVAILABLE) {
+        (void)gss_release_name(&minor, &canon);
+        return;
+    }
+    check_gsserr("gss_set_name_attribute", major, minor);
+    gss_release_name(&minor, name);
+    *name = canon;
+}
+
+static void
+init_accept_sec_context(gss_cred_id_t claimant_cred_handle,
+                        gss_cred_id_t verifier_cred_handle,
+                        gss_cred_id_t *deleg_cred_handle)
+{
+    OM_uint32 major, minor, flags;
+    gss_name_t source_name = GSS_C_NO_NAME, target_name = GSS_C_NO_NAME;
+    gss_ctx_id_t initiator_context, acceptor_context;
+    gss_OID mech = GSS_C_NO_OID;
+
+    *deleg_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    major = gss_inquire_cred(&minor, verifier_cred_handle, &target_name, NULL,
+                             NULL, NULL);
+    check_gsserr("gss_inquire_cred", major, minor);
+
+    display_canon_name("Target name", target_name, &mech_krb5);
+
+    mech = use_spnego ? &mech_spnego : &mech_krb5;
+    display_oid("Target mech", mech);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, claimant_cred_handle, verifier_cred_handle,
+                       target_name, flags, &initiator_context,
+                       &acceptor_context, &source_name, &mech,
+                       deleg_cred_handle);
+
+    display_canon_name("Source name", source_name, &mech_krb5);
+    display_oid("Source mech", mech);
+    enumerate_attributes(source_name, 1);
+
+    (void)gss_release_name(&minor, &source_name);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+}
+
+static void
+check_ticket_count(gss_cred_id_t cred, int expected)
+{
+    krb5_error_code ret;
+    krb5_context context = NULL;
+    krb5_creds kcred;
+    krb5_cc_cursor cur;
+    krb5_ccache ccache;
+    int count = 0;
+    gss_key_value_set_desc store;
+    gss_key_value_element_desc elem;
+    OM_uint32 major, minor;
+    const char *ccname = "MEMORY:count";
+
+    store.count = 1;
+    store.elements = &elem;
+    elem.key = "ccache";
+    elem.value = ccname;
+    major = gss_store_cred_into(&minor, cred, GSS_C_INITIATE, &mech_krb5, 1, 0,
+                                &store, NULL, NULL);
+    check_gsserr("gss_store_cred_into", major, minor);
+
+    ret = krb5_init_context(&context);
+    check_k5err(context, "krb5_init_context", ret);
+
+    ret = krb5_cc_resolve(context, ccname, &ccache);
+    check_k5err(context, "krb5_cc_resolve", ret);
+
+    ret = krb5_cc_start_seq_get(context, ccache, &cur);
+    check_k5err(context, "krb5_cc_start_seq_get", ret);
+
+    while (!krb5_cc_next_cred(context, ccache, &cur, &kcred)) {
+        if (!krb5_is_config_principal(context, kcred.server))
+            count++;
+        krb5_free_cred_contents(context, &kcred);
+    }
+
+    ret = krb5_cc_end_seq_get(context, ccache, &cur);
+    check_k5err(context, "krb5_cc_end_seq_get", ret);
+
+    if (expected != count) {
+        printf("Expected %d tickets but got %d\n", expected, count);
+        exit(1);
+    }
+
+    krb5_cc_destroy(context, ccache);
+    krb5_free_context(context);
+}
+
+static void
+constrained_delegate(gss_OID_set desired_mechs, gss_name_t target,
+                     gss_cred_id_t delegated_cred_handle,
+                     gss_cred_id_t verifier_cred_handle)
+{
+    OM_uint32 major, minor;
+    gss_ctx_id_t initiator_context = GSS_C_NO_CONTEXT;
+    gss_name_t cred_name = GSS_C_NO_NAME;
+    OM_uint32 time_rec, lifetime;
+    gss_cred_usage_t usage;
+    gss_buffer_desc token;
+    gss_OID_set mechs;
+
+    printf("Constrained delegation tests follow\n");
+    printf("-----------------------------------\n\n");
+
+    if (gss_inquire_cred(&minor, verifier_cred_handle, &cred_name,
+                         &lifetime, &usage, NULL) == GSS_S_COMPLETE) {
+        display_canon_name("Proxy name", cred_name, &mech_krb5);
+        (void)gss_release_name(&minor, &cred_name);
+    }
+    display_canon_name("Target name", target, &mech_krb5);
+    if (gss_inquire_cred(&minor, delegated_cred_handle, &cred_name,
+                         &lifetime, &usage, &mechs) == GSS_S_COMPLETE) {
+        display_canon_name("Delegated name", cred_name, &mech_krb5);
+        display_oid("Delegated mech", &mechs->elements[0]);
+        (void)gss_release_name(&minor, &cred_name);
+    }
+
+    printf("\n");
+
+    major = gss_init_sec_context(&minor, delegated_cred_handle,
+                                 &initiator_context, target,
+                                 mechs ? &mechs->elements[0] : &mech_krb5,
+                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
+                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+                                 GSS_C_NO_BUFFER, NULL, &token, NULL,
+                                 &time_rec);
+    check_gsserr("gss_init_sec_context", major, minor);
+
+    (void)gss_release_buffer(&minor, &token);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+
+    /* Ensure a second call does not acquire new ticket. */
+    major = gss_init_sec_context(&minor, delegated_cred_handle,
+                                 &initiator_context, target,
+                                 mechs ? &mechs->elements[0] : &mech_krb5,
+                                 GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
+                                 GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS,
+                                 GSS_C_NO_BUFFER, NULL, &token, NULL,
+                                 &time_rec);
+    check_gsserr("gss_init_sec_context", major, minor);
+
+    (void)gss_release_buffer(&minor, &token);
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_release_oid_set(&minor, &mechs);
+
+    /* We expect three tickets: our TGT, the evidence ticket, and the ticket to
+     * the target service. */
+    check_ticket_count(delegated_cred_handle, 3);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major;
+    gss_cred_id_t impersonator_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t user_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_name_t user = GSS_C_NO_NAME, target = GSS_C_NO_NAME;
+    gss_OID_set mechs;
+    gss_buffer_set_t bufset = GSS_C_NO_BUFFER_SET;
+
+    if (argc < 2 || argc > 5) {
+        fprintf(stderr, "Usage: %s [--spnego] [user] "
+                "[proxy-target] [keytab]\n", argv[0]);
+        fprintf(stderr, "       proxy-target and keytab are optional\n");
+        exit(1);
+    }
+
+    if (strcmp(argv[1], "--spnego") == 0) {
+        use_spnego++;
+        argc--;
+        argv++;
+    }
+
+    user = import_name(argv[1]);
+
+    if (argc > 2 && strcmp(argv[2], "-"))
+        target = import_name(argv[2]);
+
+    if (argc > 3) {
+        major = krb5_gss_register_acceptor_identity(argv[3]);
+        check_gsserr("krb5_gss_register_acceptor_identity", major, 0);
+    }
+
+    /* Get default cred. */
+    mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE, mechs,
+                             GSS_C_BOTH, &impersonator_cred_handle, NULL,
+                             NULL);
+    check_gsserr("gss_acquire_cred", major, minor);
+
+    printf("Protocol transition tests follow\n");
+    printf("-----------------------------------\n\n");
+
+    test_greet_authz_data(&user);
+
+    /* Get S4U2Self cred. */
+    major = gss_acquire_cred_impersonate_name(&minor, impersonator_cred_handle,
+                                              user, GSS_C_INDEFINITE, mechs,
+                                              GSS_C_INITIATE,
+                                              &user_cred_handle, NULL, NULL);
+    check_gsserr("gss_acquire_cred_impersonate_name", major, minor);
+
+    init_accept_sec_context(user_cred_handle, impersonator_cred_handle,
+                            &delegated_cred_handle);
+    printf("\n");
+
+    if (target != GSS_C_NO_NAME &&
+        delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+        constrained_delegate(mechs, target, delegated_cred_handle,
+                             impersonator_cred_handle);
+    } else if (target != GSS_C_NO_NAME) {
+        fprintf(stderr, "Warning: no delegated cred handle returned\n\n");
+        fprintf(stderr, "Verify:\n\n");
+        fprintf(stderr, " - The TGT for the impersonating service is "
+                "forwardable\n");
+        fprintf(stderr, " - The T2A4D flag set on the impersonating service's "
+                "UAC\n");
+        fprintf(stderr, " - The user is not marked sensitive and cannot be "
+                "delegated\n");
+        fprintf(stderr, "\n");
+    }
+
+    if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
+        /* Inquire impersonator status. */
+        major = gss_inquire_cred_by_oid(&minor, user_cred_handle,
+                                        GSS_KRB5_GET_CRED_IMPERSONATOR,
+                                        &bufset);
+        check_gsserr("gss_inquire_cred_by_oid", major, minor);
+        if (bufset->count == 0)
+            errout("gss_inquire_cred_by_oid(user) returned NO impersonator");
+        (void)gss_release_buffer_set(&minor, &bufset);
+
+        major = gss_inquire_cred_by_oid(&minor, impersonator_cred_handle,
+                                        GSS_KRB5_GET_CRED_IMPERSONATOR,
+                                        &bufset);
+        check_gsserr("gss_inquire_cred_by_oid", major, minor);
+        if (bufset->count != 0)
+            errout("gss_inquire_cred_by_oid(svc) returned an impersonator");
+        (void)gss_release_buffer_set(&minor, &bufset);
+    }
+
+    (void)gss_release_name(&minor, &user);
+    (void)gss_release_name(&minor, &target);
+    (void)gss_release_cred(&minor, &delegated_cred_handle);
+    (void)gss_release_cred(&minor, &impersonator_cred_handle);
+    (void)gss_release_cred(&minor, &user_cred_handle);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_s4u.py b/krb5-1.21.3/src/tests/gssapi/t_s4u.py
new file mode 100755
index 00000000..4a1cdb23
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_s4u.py
@@ -0,0 +1,403 @@
+from k5test import *
+from base64 import b64encode
+import shutil
+
+realm = K5Realm(create_host=False, get_creds=False)
+usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache')
+storagecache = 'FILE:' + os.path.join(realm.testdir, 'save')
+
+# Create two service principals with keys in the default keytab.
+service1 = 'service/1@%s' % realm.realm
+realm.addprinc(service1)
+realm.extract_keytab(service1, realm.keytab)
+service2 = 'service/2@%s' % realm.realm
+realm.addprinc(service2)
+realm.extract_keytab(service2, realm.keytab)
+
+puser = 'p:' + realm.user_princ
+pservice1 = 'p:' + service1
+pservice2 = 'p:' + service2
+
+# Get forwardable creds for service1 in the default cache.
+realm.kinit(service1, None, ['-f', '-k'])
+
+# Try S4U2Self for user with a restricted password.
+realm.run([kadminl, 'modprinc', '+needchange', realm.user_princ])
+realm.run(['./t_s4u', 'e:user', '-'])
+realm.run([kadminl, 'modprinc', '-needchange',
+          '-pwexpire', '1/1/2000', realm.user_princ])
+realm.run(['./t_s4u', 'e:user', '-'])
+realm.run([kadminl, 'modprinc', '-pwexpire', 'never', realm.user_princ])
+
+# Try krb5 -> S4U2Proxy with forwardable user creds.  This should fail
+# at the S4U2Proxy step since the DB2 back end currently has no
+# support for allowing it.
+realm.kinit(realm.user_princ, password('user'), ['-f', '-c', usercache])
+output = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, '-',
+                    pservice1, pservice2], expected_code=1)
+if ('auth1: ' + realm.user_princ not in output or
+    'KDC can\'t fulfill requested option' not in output):
+    fail('krb5 -> s4u2proxy')
+
+# Again with SPNEGO.
+output = realm.run(['./t_s4u2proxy_krb5', '--spnego', usercache, storagecache,
+                    '-', pservice1, pservice2],
+                   expected_code=1)
+if ('auth1: ' + realm.user_princ not in output or
+    'KDC can\'t fulfill requested option' not in output):
+    fail('krb5 -> s4u2proxy (SPNEGO)')
+
+# Try krb5 -> S4U2Proxy without forwardable user creds.
+realm.kinit(realm.user_princ, password('user'), ['-c', usercache])
+output = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, pservice1,
+                   pservice1, pservice2], expected_code=1)
+if ('auth1: ' + realm.user_princ not in output or
+    'KDC can\'t fulfill requested option' not in output):
+    fail('krb5 -> s4u2proxy not-forwardable')
+
+# Try S4U2Self.  Ask for an S4U2Proxy step; this won't succeed because
+# service/1 isn't allowed to get a forwardable S4U2Self ticket.
+realm.run(['./t_s4u', puser, pservice2], expected_code=1,
+          expected_msg='KDC can\'t fulfill requested option')
+realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1,
+          expected_msg='KDC can\'t fulfill requested option')
+
+# Correct that problem and try again.  As above, the S4U2Proxy step
+# won't actually succeed since we don't support that in DB2.
+realm.run([kadminl, 'modprinc', '+ok_to_auth_as_delegate', service1])
+realm.run(['./t_s4u', puser, pservice2], expected_code=1,
+          expected_msg='KDC can\'t fulfill requested option')
+
+# Again with SPNEGO.  This uses SPNEGO for the initial authentication,
+# but still uses krb5 for S4U2Proxy--the delegated cred is returned as
+# a krb5 cred, not a SPNEGO cred, and t_s4u uses the delegated cred
+# directly rather than saving and reacquiring it.
+realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1,
+          expected_msg='KDC can\'t fulfill requested option')
+
+realm.stop()
+
+# Set up a realm using the test KDB module so that we can do
+# successful S4U2Proxy delegations.
+testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
+              'user': {'keys': 'aes128-cts'},
+              'service/1': {'flags': '+ok-to-auth-as-delegate',
+                            'keys': 'aes128-cts'},
+              'service/2': {'keys': 'aes128-cts'}}
+conf = {'realms': {'$realm': {'database_module': 'test'}},
+        'dbmodules': {'test': {'db_library': 'test',
+                               'princs': testprincs,
+                               'delegation': {'service/1': 'service/2'}}}}
+realm = K5Realm(create_kdb=False, kdc_conf=conf)
+userkeytab = 'FILE:' + os.path.join(realm.testdir, 'userkeytab')
+realm.extract_keytab(realm.user_princ, userkeytab)
+realm.extract_keytab(service1, realm.keytab)
+realm.extract_keytab(service2, realm.keytab)
+realm.start_kdc()
+
+# Get forwardable creds for service1 in the default cache.
+realm.kinit(service1, None, ['-f', '-k'])
+
+# Successful krb5 -> S4U2Proxy, with krb5 and SPNEGO mechs.
+realm.kinit(realm.user_princ, None, ['-f', '-k', '-c', usercache,
+                                     '-t', userkeytab])
+out = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, '-',
+                 pservice1, pservice2])
+if 'auth1: user@' not in out or 'auth2: user@' not in out:
+    fail('krb5 -> s4u2proxy')
+out = realm.run(['./t_s4u2proxy_krb5', '--spnego', usercache, storagecache,
+                 '-', pservice1, pservice2])
+if 'auth1: user@' not in out or 'auth2: user@' not in out:
+    fail('krb5 -> s4u2proxy')
+
+# Successful S4U2Self -> S4U2Proxy.
+out = realm.run(['./t_s4u', puser, pservice2])
+
+# Regression test for #8139: get a user ticket directly for service1 and
+# try krb5 -> S4U2Proxy.
+realm.kinit(realm.user_princ, None, ['-f', '-k', '-c', usercache,
+                                     '-t', userkeytab, '-S', service1])
+out = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, '-',
+                 pservice1, pservice2])
+if 'auth1: user@' not in out or 'auth2: user@' not in out:
+    fail('krb5 -> s4u2proxy')
+
+# Simulate a krbtgt rollover and verify that the user ticket can still
+# be validated.
+realm.stop_kdc()
+newtgt_keys = ['2 aes128-cts', '1 aes128-cts']
+newtgt_princs = {'krbtgt/KRBTEST.COM': {'keys': newtgt_keys}}
+newtgt_conf = {'dbmodules': {'test': {'princs': newtgt_princs}}}
+newtgt_env = realm.special_env('newtgt', True, kdc_conf=newtgt_conf)
+realm.start_kdc(env=newtgt_env)
+out = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, '-',
+                 pservice1, pservice2])
+if 'auth1: user@' not in out or 'auth2: user@' not in out:
+    fail('krb5 -> s4u2proxy')
+
+# Get a user ticket after the krbtgt rollover and verify that
+# S4U2Proxy delegation works (also a #8139 regression test).
+realm.kinit(realm.user_princ, None, ['-f', '-k', '-c', usercache,
+                                     '-t', userkeytab])
+out = realm.run(['./t_s4u2proxy_krb5', usercache, storagecache, '-',
+                 pservice1, pservice2])
+if 'auth1: user@' not in out or 'auth2: user@' not in out:
+    fail('krb5 -> s4u2proxy')
+
+realm.stop()
+
+mark('S4U2Self with various enctypes')
+for realm in multipass_realms(create_host=False, get_creds=False):
+    service1 = 'service/1@%s' % realm.realm
+    realm.addprinc(service1)
+    realm.extract_keytab(service1, realm.keytab)
+    realm.kinit(service1, None, ['-k'])
+    realm.run(['./t_s4u', 'e:user', '-'])
+
+# Test cross realm S4U2Self using server referrals.
+mark('cross-realm S4U2Self')
+testprincs = {'krbtgt/SREALM': {'keys': 'aes128-cts'},
+              'krbtgt/UREALM': {'keys': 'aes128-cts'},
+              'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+              'other': {'keys': 'aes128-cts'}}
+kdcconf1 = {'realms': {'$realm': {'database_module': 'test'}},
+            'dbmodules': {'test': {'db_library': 'test',
+                                   'princs': testprincs,
+                                   'alias': {'enterprise@abc': '@UREALM',
+                                             'user@UREALM': '@UREALM'}}}}
+kdcconf2 = {'realms': {'$realm': {'database_module': 'test'}},
+            'dbmodules': {'test': {'db_library': 'test',
+                                   'princs': testprincs,
+                                   'alias': {'user@SREALM': '@SREALM',
+                                             'user@UREALM': 'user',
+                                             'enterprise@abc': 'user'}}}}
+r1, r2 = cross_realms(2, xtgts=(),
+                      args=({'realm': 'SREALM', 'kdc_conf': kdcconf1},
+                            {'realm': 'UREALM', 'kdc_conf': kdcconf2}),
+                      create_kdb=False)
+
+r1.start_kdc()
+r2.start_kdc()
+r1.extract_keytab(r1.user_princ, r1.keytab)
+r1.kinit(r1.user_princ, None, ['-k', '-t', r1.keytab])
+savefile = r1.ccache + '.save'
+shutil.copyfile(r1.ccache, savefile)
+
+# Include a regression test for #8741 by unsetting the default realm.
+remove_default = {'libdefaults': {'default_realm': None}}
+no_default = r1.special_env('no_default', False, krb5_conf=remove_default)
+msgs = ('Getting credentials user@UREALM -> user@SREALM',
+        '/Matching credential not found',
+        'Getting credentials user@SREALM -> krbtgt/UREALM@SREALM',
+        'Received creds for desired service krbtgt/UREALM@SREALM',
+        'via TGT krbtgt/UREALM@SREALM after requesting user\\@SREALM@UREALM',
+        'krbtgt/SREALM@UREALM differs from requested user\\@SREALM@UREALM',
+        'via TGT krbtgt/SREALM@UREALM after requesting user@SREALM',
+        'TGS reply is for user@UREALM -> user@SREALM')
+r1.run(['./t_s4u', 'p:' + r2.user_princ, '-', r1.keytab], env=no_default,
+       expected_trace=msgs)
+
+# Test realm identification of enterprise principal names ([MS-SFU]
+# 3.1.5.1.1.1).  Attach a bogus realm to the enterprise name to verify
+# that we start at the server realm.
+mark('cross-realm S4U2Self with enterprise name')
+msgs = ('Getting initial credentials for enterprise\\@abc@SREALM',
+        'Sending unauthenticated request',
+        '/Realm not local to KDC',
+        'Following referral to realm UREALM',
+        'Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Identified realm of client principal as UREALM',
+        'Getting credentials enterprise\\@abc@UREALM -> user@SREALM',
+        'TGS reply is for enterprise\\@abc@UREALM -> user@SREALM')
+r1.run(['./t_s4u', 'e:enterprise@abc@NOREALM', '-', r1.keytab],
+       expected_trace=msgs)
+
+mark('S4U2Self using X509 certificate')
+
+# Encode name as a PEM certificate file (sort of) for use by kvno.
+def princ_cert(name):
+    enc = b64encode(name.encode('ascii')).decode('ascii')
+    return '-----BEGIN CERTIFICATE-----\n%s\n-----END y\n' % enc
+
+cert_path = os.path.join(r1.testdir, 'fake_cert')
+with open(cert_path, "w") as cert_file:
+    cert_file.write(princ_cert('other'))
+
+shutil.copyfile(savefile, r1.ccache)
+msgs = ('Getting initial credentials for @SREALM',
+        'Identified realm of client principal as SREALM',
+        'TGS reply is for other@SREALM',
+        'Getting credentials other@SREALM',
+        'Storing other@SREALM')
+r1.run([kvno, '-F', cert_path, r1.user_princ], expected_trace=msgs)
+
+shutil.copyfile(savefile, r1.ccache)
+msgs = ('Getting credentials other@SREALM',
+        'TGS reply is for other@SREALM',
+        'Storing other@SREALM')
+r1.run([kvno, '-I', 'other', '-F', cert_path, r1.user_princ],
+       expected_trace=msgs)
+
+shutil.copyfile(savefile, r1.ccache)
+msgs = ('Getting initial credentials for other@SREALM',
+        'Identified realm of client principal as SREALM',
+        'Getting credentials other@SREALM',
+        'TGS reply is for other@SREALM',
+        'Storing other@SREALM')
+r1.run([kvno, '-U', 'other', '-F', cert_path, r1.user_princ],
+       expected_trace=msgs)
+
+mark('cross-realm S4U2Self using X509 certificate')
+
+with open(cert_path, "w") as cert_file:
+    cert_file.write(princ_cert('user@UREALM'))
+
+shutil.copyfile(savefile, r1.ccache)
+msgs = ('Getting initial credentials for @SREALM',
+        'Identified realm of client principal as UREALM',
+        'TGS reply is for user@UREALM',
+        'Getting credentials user@UREALM',
+        'Storing user@UREALM')
+r1.run([kvno, '-F', cert_path, r1.user_princ], expected_trace=msgs)
+
+shutil.copyfile(savefile, r1.ccache)
+msgs = ('Getting credentials user@UREALM',
+        'TGS reply is for user@UREALM',
+        'Storing user@UREALM')
+r1.run([kvno, '-I', 'user@UREALM', '-F', cert_path, r1.user_princ],
+       expected_trace=msgs)
+
+shutil.copyfile(savefile, r1.ccache)
+msgs = ('Getting initial credentials for enterprise\\@abc@SREALM',
+        'Identified realm of client principal as UREALM',
+        'Getting credentials enterprise\\@abc@UREALM',
+        'TGS reply is for enterprise\\@abc@UREALM',
+        'Storing enterprise\\@abc@UREALM')
+r1.run([kvno, '-U', 'enterprise@abc', '-F', cert_path, r1.user_princ],
+       expected_trace=msgs)
+
+shutil.copyfile(savefile, r1.ccache)
+
+mark('S4U2Self using X509 certificate (GSSAPI)')
+
+r1.run(['./t_s4u', 'c:other', '-', r1.keytab])
+r1.run(['./t_s4u', 'c:user@UREALM', '-', r1.keytab])
+
+r1.run(['./t_s4u', '--spnego', 'c:other', '-', r1.keytab])
+r1.run(['./t_s4u', '--spnego', 'c:user@UREALM', '-', r1.keytab])
+
+r1.stop()
+r2.stop()
+
+mark('Resource-based constrained delegation')
+
+a_princs = {'krbtgt/A': {'keys': 'aes128-cts'},
+            'krbtgt/B': {'keys': 'aes128-cts'},
+            'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+            'sensitive': {'keys': 'aes128-cts',
+                          'flags': '+disallow_forwardable'},
+            'impersonator': {'keys': 'aes128-cts'},
+            'service1': {'keys': 'aes128-cts'},
+            'rb2': {'keys': 'aes128-cts'},
+            'rb': {'keys': 'aes128-cts'}}
+a_kconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'princs': a_princs,
+                                  'rbcd': {'rb@A': 'impersonator@A',
+                                           'rb2@A': 'service1@A'},
+                                  'delegation': {'service1': 'rb2'},
+                                  'alias': {'rb@A': 'rb',
+                                            'rb@B': '@B',
+                                            'rb@C': '@B',
+                                            'service/rb.a': 'rb',
+                                            'service/rb.b': '@B',
+                                            'service/rb.c': '@B' }}}}
+
+b_princs = {'krbtgt/B': {'keys': 'aes128-cts'},
+            'krbtgt/A': {'keys': 'aes128-cts'},
+            'krbtgt/C': {'keys': 'aes128-cts'},
+            'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+            'rb': {'keys': 'aes128-cts'}}
+b_kconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'princs': b_princs,
+                                  'rbcd': {'rb@B': 'impersonator@A'},
+                                  'alias': {'rb@B': 'rb',
+                                            'service/rb.b': 'rb',
+                                            'rb@C': '@C',
+                                            'impersonator@A': '@A',
+                                            'service/rb.c': '@C'}}}}
+
+c_princs = {'krbtgt/C': {'keys': 'aes128-cts'},
+            'krbtgt/B': {'keys': 'aes128-cts'},
+            'rb': {'keys': 'aes128-cts'}}
+c_kconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'capaths': { 'A' : { 'C' : 'B' }},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'princs': c_princs,
+                                  'rbcd': {'rb@C': ['impersonator@A',
+                                                    'service1@A']},
+                                  'alias': {'rb@C': 'rb',
+                                            'service/rb.c': 'rb' }}}}
+
+ra, rb, rc = cross_realms(3, xtgts=(),
+                          args=({'realm': 'A', 'kdc_conf': a_kconf},
+                                {'realm': 'B', 'kdc_conf': b_kconf},
+                                {'realm': 'C', 'kdc_conf': c_kconf}),
+                          create_kdb=False)
+
+ra.start_kdc()
+rb.start_kdc()
+rc.start_kdc()
+
+domain_realm = {'domain_realm': {'.a':'A', '.b':'B', '.c':'C'}}
+domain_conf = ra.special_env('domain_conf', False, krb5_conf=domain_realm)
+
+ra.extract_keytab('impersonator@A', ra.keytab)
+ra.kinit('impersonator@A', None, ['-f', '-k', '-t', ra.keytab])
+
+mark('Local-realm RBCD')
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'p:rb@A'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@A'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@A@'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@A@A'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.a'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.a'], env=domain_conf)
+ra.run(['./t_s4u', 'p:' + 'sensitive@A', 'h:service@rb.a'], expected_code=1)
+ra.run(['./t_s4u', 'p:' + rb.user_princ, 'h:service@rb.a'])
+
+mark('Cross-realm RBCD')
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@B'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@B@'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@B@A'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.b'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.b'], env=domain_conf)
+ra.run(['./t_s4u', 'p:' + 'sensitive@A', 'h:service@rb.b'], expected_code=1)
+ra.run(['./t_s4u', 'p:' + rb.user_princ, 'h:service@rb.b'])
+
+mark('RBCD transitive trust')
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@C'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@C@'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb@C@A'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.c'])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'h:service@rb.c'], env=domain_conf)
+ra.run(['./t_s4u', 'p:' + 'sensitive@A', 'h:service@rb.c'], expected_code=1)
+ra.run(['./t_s4u', 'p:' + rb.user_princ, 'h:service@rb.c'])
+
+# Although service1 has RBCD delegation privileges to rb2@A, it does
+# not have ok-to-auth-as-delegate and does have traditional delegation
+# privileges, so it cannot get a forwardable S4U2Self ticket.
+mark('RBCD forwardable blocked by forward delegation privileges')
+ra.extract_keytab('service1@A', ra.keytab)
+ra.kinit('service1@A', None, ['-f', '-k', '-t', ra.keytab])
+ra.run(['./t_s4u', 'p:' + ra.user_princ, 'e:rb2@A'], expected_code=1,
+       expected_msg='KDC can\'t fulfill requested option')
+
+ra.stop()
+rb.stop()
+rc.stop()
+
+success('S4U test cases')
diff --git a/krb5-1.21.3/src/tests/gssapi/t_s4u2proxy_krb5.c b/krb5-1.21.3/src/tests/gssapi/t_s4u2proxy_krb5.c
new file mode 100644
index 00000000..0027f1f3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_s4u2proxy_krb5.c
@@ -0,0 +1,164 @@
+/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_s4u2proxy_deleg.c - Test S4U2Proxy after krb5 auth */
+/*
+ * Copyright 2011 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+/*
+ * Usage: ./t_s4u2proxy_krb5 [--spnego] client_cache storage_cache
+ *                                      [accname|-] service1 service2
+ *
+ * This program performs a regular Kerberos or SPNEGO authentication from the
+ * default principal of client_cache to service1.  If that authentication
+ * yields delegated credentials, the program stores those credentials in
+ * sorage_ccache and uses that cache to perform a second authentication to
+ * service2 using S4U2Proxy.
+ *
+ * The default keytab must contain keys for service1 and service2.  The default
+ * ccache must contain a TGT for service1.  This program assumes that krb5 or
+ * SPNEGO authentication requires only one token exchange.
+ */
+
+int
+main(int argc, char *argv[])
+{
+    const char *client_ccname, *storage_ccname, *accname, *service1, *service2;
+    krb5_context context = NULL;
+    krb5_error_code ret;
+    krb5_boolean use_spnego = FALSE;
+    krb5_ccache storage_ccache = NULL;
+    krb5_principal client_princ = NULL;
+    OM_uint32 minor, major, flags;
+    gss_buffer_desc buf = GSS_C_EMPTY_BUFFER;
+    gss_OID mech;
+    gss_OID_set mechs;
+    gss_name_t acceptor_name = GSS_C_NO_NAME, client_name = GSS_C_NO_NAME;
+    gss_name_t service1_name = GSS_C_NO_NAME, service2_name = GSS_C_NO_NAME;
+    gss_cred_id_t service1_cred = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
+    gss_ctx_id_t initiator_context, acceptor_context;
+
+    /* Parse arguments. */
+    if (argc >= 2 && strcmp(argv[1], "--spnego") == 0) {
+        use_spnego = TRUE;
+        argc--;
+        argv++;
+    }
+    if (argc != 6) {
+        fprintf(stderr, "./t_s4u2proxy_krb5 [--spnego] client_ccache "
+                "storage_ccache [accname|-] service1 service2\n");
+        return 1;
+    }
+    client_ccname = argv[1];
+    storage_ccname = argv[2];
+    accname = argv[3];
+    service1 = argv[4];
+    service2 = argv[5];
+
+    mech = use_spnego ? &mech_spnego : &mech_krb5;
+    mechs = use_spnego ? &mechset_spnego : &mechset_krb5;
+    ret = krb5_init_context(&context);
+    check_k5err(context, "krb5_init_context", ret);
+
+    /* Get GSS_C_BOTH acceptor credentials, using the default ccache. */
+    acceptor_name = GSS_C_NO_NAME;
+    if (strcmp(accname, "-") != 0)
+        acceptor_name = import_name(service1);
+    major = gss_acquire_cred(&minor, acceptor_name, GSS_C_INDEFINITE,
+                             mechs, GSS_C_BOTH, &service1_cred, NULL, NULL);
+    check_gsserr("gss_acquire_cred(service1)", major, minor);
+
+    /* Establish contexts using the client ccache. */
+    service1_name = import_name(service1);
+    major = gss_krb5_ccache_name(&minor, client_ccname, NULL);
+    check_gsserr("gss_krb5_ccache_name(1)", major, minor);
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(mech, GSS_C_NO_CREDENTIAL, service1_cred, service1_name,
+                       flags, &initiator_context, &acceptor_context,
+                       &client_name, NULL, &deleg_cred);
+
+    /* Display and remember the client principal. */
+    major = gss_display_name(&minor, client_name, &buf, NULL);
+    check_gsserr("gss_display_name(1)", major, minor);
+    printf("auth1: %.*s\n", (int)buf.length, (char *)buf.value);
+    /* Assumes buffer is null-terminated, which in our implementation it is. */
+    ret = krb5_parse_name(context, buf.value, &client_princ);
+    check_k5err(context, "krb5_parse_name", ret);
+    (void)gss_release_buffer(&minor, &buf);
+
+    if (deleg_cred == GSS_C_NO_CREDENTIAL) {
+        printf("no credential delegated.\n");
+        goto cleanup;
+    }
+
+    /* Take the opportunity to test cred export/import on the synthesized
+     * S4U2Proxy delegated cred. */
+    export_import_cred(&deleg_cred);
+
+    /* Store the delegated credentials. */
+    ret = krb5_cc_resolve(context, storage_ccname, &storage_ccache);
+    check_k5err(context, "krb5_cc_resolve", ret);
+    ret = krb5_cc_initialize(context, storage_ccache, client_princ);
+    check_k5err(context, "krb5_cc_initialize", ret);
+    major = gss_krb5_copy_ccache(&minor, deleg_cred, storage_ccache);
+    check_gsserr("gss_krb5_copy_ccache", major, minor);
+    ret = krb5_cc_close(context, storage_ccache);
+    check_k5err(context, "krb5_cc_close", ret);
+
+    (void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
+    (void)gss_release_name(&minor, &client_name);
+    (void)gss_release_cred(&minor, &deleg_cred);
+
+    /* Establish contexts using the storage ccache. */
+    service2_name = import_name(service2);
+    major = gss_krb5_ccache_name(&minor, storage_ccname, NULL);
+    check_gsserr("gss_krb5_ccache_name(2)", major, minor);
+    establish_contexts(mech, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                       service2_name, flags, &initiator_context,
+                       &acceptor_context, &client_name, NULL, &deleg_cred);
+
+    major = gss_display_name(&minor, client_name, &buf, NULL);
+    check_gsserr("gss_display_name(2)", major, minor);
+    printf("auth2: %.*s\n", (int)buf.length, (char *)buf.value);
+    (void)gss_release_buffer(&minor, &buf);
+
+cleanup:
+    (void)gss_release_name(&minor, &acceptor_name);
+    (void)gss_release_name(&minor, &client_name);
+    (void)gss_release_name(&minor, &service1_name);
+    (void)gss_release_name(&minor, &service2_name);
+    (void)gss_release_cred(&minor, &service1_cred);
+    (void)gss_release_cred(&minor, &deleg_cred);
+    (void)gss_delete_sec_context(&minor, &initiator_context, GSS_C_NO_BUFFER);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, GSS_C_NO_BUFFER);
+    krb5_free_principal(context, client_princ);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_saslname.c b/krb5-1.21.3/src/tests/gssapi/t_saslname.c
new file mode 100644
index 00000000..b874caf9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_saslname.c
@@ -0,0 +1,165 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2009  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "common.h"
+
+static void
+dump_known_mech_attrs(gss_OID mech)
+{
+    OM_uint32 major, minor;
+    gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
+    gss_OID_set known_attrs = GSS_C_NO_OID_SET;
+    size_t i;
+
+    major = gss_inquire_attrs_for_mech(&minor, mech, &mech_attrs,
+                                       &known_attrs);
+    check_gsserr("gss_inquire_attrs_for_mech", major, minor);
+
+    printf("Known attributes\n");
+    printf("----------------\n");
+    for (i = 0; i < known_attrs->count; i++) {
+        gss_buffer_desc name = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc short_desc = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc long_desc = GSS_C_EMPTY_BUFFER;
+
+        major = gss_display_mech_attr(&minor, &known_attrs->elements[i],
+                                      &name, &short_desc, &long_desc);
+        check_gsserr("gss_display_mech_attr", major, minor);
+        printf("%.*s (%.*s): %.*s\n", (int)short_desc.length,
+               (char *)short_desc.value, (int)name.length, (char *)name.value,
+               (int)long_desc.length, (char *)long_desc.value);
+        (void)gss_release_buffer(&minor, &name);
+        (void)gss_release_buffer(&minor, &short_desc);
+        (void)gss_release_buffer(&minor, &long_desc);
+    }
+    printf("\n");
+    (void)gss_release_oid_set(&minor, &mech_attrs);
+    (void)gss_release_oid_set(&minor, &known_attrs);
+}
+
+static void
+dump_mech_attrs(gss_OID mech)
+{
+    OM_uint32 major, minor;
+    gss_OID_set mech_attrs = GSS_C_NO_OID_SET;
+    gss_OID_set known_attrs = GSS_C_NO_OID_SET;
+    size_t i;
+
+    major = gss_inquire_attrs_for_mech(&minor, mech, &mech_attrs,
+                                       &known_attrs);
+    check_gsserr("gss_inquire_attrs_for_mech", major, minor);
+
+    printf("Mech attrs:  ");
+
+    for (i = 0; i < mech_attrs->count; i++) {
+        gss_buffer_desc name = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc short_desc = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc long_desc = GSS_C_EMPTY_BUFFER;
+
+        major = gss_display_mech_attr(&minor, &mech_attrs->elements[i],
+                                      &name, &short_desc, &long_desc);
+        check_gsserr("gss_display_mech_attr", major, minor);
+        printf("%.*s ", (int)name.length, (char *)name.value);
+        (void)gss_release_buffer(&minor, &name);
+        (void)gss_release_buffer(&minor, &short_desc);
+        (void)gss_release_buffer(&minor, &long_desc);
+    }
+    printf("\n");
+
+    (void)gss_release_oid_set(&minor, &mech_attrs);
+    (void)gss_release_oid_set(&minor, &known_attrs);
+}
+
+int
+main(int argc, char *argv[])
+{
+    gss_OID_set mechs;
+    OM_uint32 major, minor;
+    size_t i;
+
+    major = gss_indicate_mechs(&minor, &mechs);
+    check_gsserr("gss_indicate_mechs", major, minor);
+    if (mechs->count > 0)
+        dump_known_mech_attrs(mechs->elements);
+
+    for (i = 0; i < mechs->count; i++) {
+        gss_buffer_desc oidstr = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc sasl_mech_name = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc mech_name = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc mech_description = GSS_C_EMPTY_BUFFER;
+        gss_OID oid = GSS_C_NO_OID;
+
+        major = gss_oid_to_str(&minor, &mechs->elements[i], &oidstr);
+        if (GSS_ERROR(major))
+            continue;
+
+        major = gss_inquire_saslname_for_mech(&minor, &mechs->elements[i],
+                                              &sasl_mech_name, &mech_name,
+                                              &mech_description);
+        if (GSS_ERROR(major)) {
+            gss_release_buffer(&minor, &oidstr);
+            continue;
+        }
+
+        printf("-------------------------------------------------------------"
+               "-----------------\n");
+        printf("OID        : %.*s\n", (int)oidstr.length,
+               (char *)oidstr.value);
+        printf("SASL mech  : %.*s\n", (int)sasl_mech_name.length,
+               (char *)sasl_mech_name.value);
+        printf("Mech name  : %.*s\n", (int)mech_name.length,
+               (char *)mech_name.value);
+        printf("Mech desc  : %.*s\n", (int)mech_description.length,
+               (char *)mech_description.value);
+        dump_mech_attrs(&mechs->elements[i]);
+        printf("-------------------------------------------------------------"
+               "-----------------\n");
+
+        major = gss_inquire_mech_for_saslname(&minor, &sasl_mech_name, &oid);
+        check_gsserr("gss_inquire_mech_for_saslname", major, minor);
+
+        if (oid == GSS_C_NO_OID ||
+            (oid->length != mechs->elements[i].length &&
+             memcmp(oid->elements, mechs->elements[i].elements,
+                    oid->length) != 0)) {
+            (void)gss_release_buffer(&minor, &oidstr);
+            (void)gss_oid_to_str(&minor, oid, &oidstr);
+            fprintf(stderr, "Got different OID %.*s for mechanism %.*s\n",
+                    (int)oidstr.length, (char *)oidstr.value,
+                    (int)sasl_mech_name.length, (char *)sasl_mech_name.value);
+        }
+        (void)gss_release_buffer(&minor, &oidstr);
+        (void)gss_release_buffer(&minor, &sasl_mech_name);
+        (void)gss_release_buffer(&minor, &mech_name);
+        (void)gss_release_buffer(&minor, &mech_description);
+    }
+
+    (void)gss_release_oid_set(&minor, &mechs);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_spnego.c b/krb5-1.21.3/src/tests/gssapi/t_spnego.c
new file mode 100644
index 00000000..2483228b
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_spnego.c
@@ -0,0 +1,314 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2010  by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "common.h"
+
+static gss_OID_desc mech_krb5_wrong = {
+    9, "\052\206\110\202\367\022\001\002\002"
+};
+gss_OID_set_desc mechset_krb5_wrong = { 1, &mech_krb5_wrong };
+
+/*
+ * Test program for SPNEGO and gss_set_neg_mechs
+ *
+ * Example usage:
+ *
+ * kinit testuser
+ * ./t_spnego host/test.host@REALM testhost.keytab
+ */
+
+/* Replace *tok and *len with the concatenation of prefix and *tok. */
+static void
+prepend(const void *prefix, size_t plen, uint8_t **tok, size_t *len)
+{
+    uint8_t *newtok;
+
+    newtok = malloc(plen + *len);
+    assert(newtok != NULL);
+    memcpy(newtok, prefix, plen);
+    memcpy(newtok + plen, *tok, *len);
+    free(*tok);
+    *tok = newtok;
+    *len = plen + *len;
+}
+
+/* Replace *tok and *len with *tok wrapped in a DER tag with the given tag
+ * byte.  *len must be less than 2^16. */
+static void
+der_wrap(uint8_t tag, uint8_t **tok, size_t *len)
+{
+    char lenbuf[3];
+    uint8_t *wrapped;
+    size_t llen;
+
+    if (*len < 128) {
+        lenbuf[0] = *len;
+        llen = 1;
+    } else if (*len < 256) {
+        lenbuf[0] = 0x81;
+        lenbuf[1] = *len;
+        llen = 2;
+    } else {
+        assert(*len >> 16 == 0);
+        lenbuf[0] = 0x82;
+        lenbuf[1] = *len >> 8;
+        lenbuf[2] = *len & 0xFF;
+        llen = 3;
+    }
+    wrapped = malloc(1 + llen + *len);
+    assert(wrapped != NULL);
+    *wrapped = tag;
+    memcpy(wrapped + 1, lenbuf, llen);
+    memcpy(wrapped + 1 + llen, *tok, *len);
+    free(*tok);
+    *tok = wrapped;
+    *len = 1 + llen + *len;
+}
+
+/*
+ * Create a SPNEGO initiator token for the erroneous Microsoft krb5 mech OID,
+ * wrapping a krb5 token ktok.  The token should look like:
+ *
+ * 60 <len> (GSS framing sequence)
+ *   06 06 2B 06 01 05 05 02 (SPNEGO OID)
+ *   A0 <len> (NegotiationToken choice 0, negTokenInit)
+ *     30 <len> (sequence)
+ *       A0 0D (context tag 0, mechTypes)
+ *         30 0B (sequence of)
+ *           06 09 2A 86 48 82 F7 12 01 02 02 (wrong krb5 OID)
+ *       A2 <len> (context tag 2, mechToken)
+ *         04 <len> (octet string)
+ *           <mech token octets>
+ */
+static void
+create_mskrb5_spnego_token(gss_buffer_t ktok, gss_buffer_desc *tok_out)
+{
+    uint8_t *tok;
+    size_t len;
+
+    len = ktok->length;
+    tok = malloc(len);
+    assert(tok != NULL);
+    memcpy(tok, ktok->value, len);
+    /* Wrap the krb5 token in OCTET STRING and [2] tags. */
+    der_wrap(0x04, &tok, &len);
+    der_wrap(0xA2, &tok, &len);
+    /* Prepend the wrong krb5 OID inside OBJECT IDENTIFIER and [0] tags. */
+    prepend("\xA0\x0D\x30\x0B\x06\x09\x2A\x86\x48\x82\xF7\x12\x01\x02\x02", 15,
+            &tok, &len);
+    /* Wrap the previous two things in SEQUENCE and [0] tags. */
+    der_wrap(0x30, &tok, &len);
+    der_wrap(0xA0, &tok, &len);
+    /* Prepend the SPNEGO OID in an OBJECT IDENTIFIER tag. */
+    prepend("\x06\x06\x2B\x06\x01\x05\x05\x02", 8, &tok, &len);
+    /* Wrap the whole thing in an [APPLICATION 0] tag. */
+    der_wrap(0x60, &tok, &len);
+    tok_out->value = tok;
+    tok_out->length = len;
+}
+
+/*
+ * Test that the SPNEGO acceptor code accepts and properly reflects back the
+ * erroneous Microsoft mech OID in the supportedMech field of the NegTokenResp
+ * message.  Use acred as the verifier cred handle.
+ */
+static void
+test_mskrb_oid(gss_name_t tname, gss_cred_id_t acred)
+{
+    OM_uint32 major, minor;
+    gss_ctx_id_t ictx = GSS_C_NO_CONTEXT, actx = GSS_C_NO_CONTEXT;
+    gss_buffer_desc atok = GSS_C_EMPTY_BUFFER, ktok = GSS_C_EMPTY_BUFFER, stok;
+    const unsigned char *atok_oid;
+
+    /*
+     * Our SPNEGO mech no longer acquires creds for the wrong mech OID, so we
+     * have to construct a SPNEGO token ourselves.
+     */
+    major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ictx, tname,
+                                 &mech_krb5, 0, GSS_C_INDEFINITE,
+                                 GSS_C_NO_CHANNEL_BINDINGS, &atok, NULL, &ktok,
+                                 NULL, NULL);
+    check_gsserr("gss_init_sec_context(mskrb)", major, minor);
+    assert(major == GSS_S_COMPLETE);
+    create_mskrb5_spnego_token(&ktok, &stok);
+
+    /*
+     * Look directly at the DER encoding of the response token.  Since we
+     * didn't request mutual authentication, the SPNEGO reply will contain no
+     * underlying mech token; therefore, the encoding of the correct
+     * NegotiationToken response is completely predictable:
+     *
+     *   A1 14 (choice 1, length 20, meaning negTokenResp)
+     *     30 12 (sequence, length 18)
+     *       A0 03 (context tag 0, length 3)
+     *         0A 01 00 (enumerated value 0, meaning accept-completed)
+     *       A1 0B (context tag 1, length 11)
+     *         06 09 (object identifier, length 9)
+     *           2A 86 48 82 F7 12 01 02 02 (the erroneous krb5 OID)
+     *
+     * So we can just compare the length to 22 and the nine bytes at offset 13
+     * to the expected OID.
+     */
+    major = gss_accept_sec_context(&minor, &actx, acred, &stok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL,
+                                   NULL, &atok, NULL, NULL, NULL);
+    check_gsserr("gss_accept_sec_context(mskrb)", major, minor);
+    assert(atok.length == 22);
+    atok_oid = (unsigned char *)atok.value + 13;
+    assert(memcmp(atok_oid, mech_krb5_wrong.elements, 9) == 0);
+
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    (void)gss_release_buffer(&minor, &ktok);
+    (void)gss_release_buffer(&minor, &atok);
+    free(stok.value);
+}
+
+/* Check that we return a compatibility NegTokenInit2 message containing
+ * NegHints for an empty initiator token. */
+static void
+test_neghints()
+{
+    OM_uint32 major, minor;
+    gss_buffer_desc itok = GSS_C_EMPTY_BUFFER, atok;
+    gss_ctx_id_t actx = GSS_C_NO_CONTEXT;
+    const char *expected =
+        /* RFC 2743 token framing: [APPLICATION 0] IMPLICIT SEQUENCE followed
+         * by OBJECT IDENTIFIER and the SPNEGO OID */
+        "\x60\x47\x06\x06" "\x2B\x06\x01\x05\x05\x02"
+        /* [0] SEQUENCE for the NegotiationToken negtokenInit choice */
+        "\xA0\x3D\x30\x3B"
+        /* [0] MechTypeList containing the krb5 OID */
+        "\xA0\x0D\x30\x0B\x06\x09" "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"
+        /* [3] NegHints containing [0] GeneralString containing the dummy
+         * hintName string defined in [MS-SPNG] */
+        "\xA3\x2A\x30\x28\xA0\x26\x1B\x24"
+        "not_defined_in_RFC4178@please_ignore";
+
+    /* Produce a hint token. */
+    major = gss_accept_sec_context(&minor, &actx, GSS_C_NO_CREDENTIAL, &itok,
+                                   GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL,
+                                   &atok, NULL, NULL, NULL);
+    check_gsserr("gss_accept_sec_context(neghints)", major, minor);
+
+    /* Verify it against the expected contents, which are fixed as long as we
+     * only list the krb5 mech in the token. */
+    assert(atok.length == strlen(expected));
+    assert(memcmp(atok.value, expected, atok.length) == 0);
+
+    (void)gss_release_buffer(&minor, &atok);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+}
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, major, flags;
+    gss_cred_id_t verifier_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_cred_id_t initiator_cred_handle = GSS_C_NO_CREDENTIAL;
+    gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
+    gss_ctx_id_t initiator_context, acceptor_context;
+    gss_name_t target_name, source_name = GSS_C_NO_NAME;
+    gss_OID mech = GSS_C_NO_OID;
+    gss_OID_desc pref_oids[2];
+    gss_OID_set_desc pref_mechs;
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: %s target_name [keytab]\n", argv[0]);
+        exit(1);
+    }
+
+    target_name = import_name(argv[1]);
+
+    if (argc >= 3) {
+        major = krb5_gss_register_acceptor_identity(argv[2]);
+        check_gsserr("krb5_gss_register_acceptor_identity", major, 0);
+    }
+
+    /* Get default initiator cred. */
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                             &mechset_spnego, GSS_C_INITIATE,
+                             &initiator_cred_handle, NULL, NULL);
+    check_gsserr("gss_acquire_cred(initiator)", major, minor);
+
+    /*
+     * The following test is designed to exercise SPNEGO reselection on the
+     * client and server.  Unfortunately, it no longer does so after tickets
+     * #8217 and #8021, since SPNEGO now only acquires a single krb5 cred and
+     * there is no way to expand the underlying creds with gss_set_neg_mechs().
+     * To fix this we need gss_acquire_cred_with_cred() or some other way to
+     * turn a cred with a specifically requested mech set into a SPNEGO cred.
+     */
+
+    /* Make the initiator prefer IAKERB and offer krb5 as an alternative. */
+    pref_oids[0] = mech_iakerb;
+    pref_oids[1] = mech_krb5;
+    pref_mechs.count = 2;
+    pref_mechs.elements = pref_oids;
+    major = gss_set_neg_mechs(&minor, initiator_cred_handle, &pref_mechs);
+    check_gsserr("gss_set_neg_mechs(initiator)", major, minor);
+
+    /* Get default acceptor cred. */
+    major = gss_acquire_cred(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                             &mechset_spnego, GSS_C_ACCEPT,
+                             &verifier_cred_handle, &actual_mechs, NULL);
+    check_gsserr("gss_acquire_cred(acceptor)", major, minor);
+
+    /* Restrict the acceptor to krb5 (which will force a reselection). */
+    major = gss_set_neg_mechs(&minor, verifier_cred_handle, &mechset_krb5);
+    check_gsserr("gss_set_neg_mechs(acceptor)", major, minor);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_spnego, initiator_cred_handle,
+                       verifier_cred_handle, target_name, flags,
+                       &initiator_context, &acceptor_context, &source_name,
+                       &mech, NULL);
+
+    display_canon_name("Source name", source_name, &mech_krb5);
+    display_oid("Source mech", mech);
+
+    /* Test acceptance of the erroneous Microsoft krb5 OID, with and without an
+     * acceptor cred. */
+    test_mskrb_oid(target_name, verifier_cred_handle);
+    test_mskrb_oid(target_name, GSS_C_NO_CREDENTIAL);
+
+    test_neghints();
+
+    (void)gss_delete_sec_context(&minor, &initiator_context, NULL);
+    (void)gss_delete_sec_context(&minor, &acceptor_context, NULL);
+    (void)gss_release_name(&minor, &source_name);
+    (void)gss_release_name(&minor, &target_name);
+    (void)gss_release_cred(&minor, &initiator_cred_handle);
+    (void)gss_release_cred(&minor, &verifier_cred_handle);
+    (void)gss_release_oid_set(&minor, &actual_mechs);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_srcattrs.c b/krb5-1.21.3/src/tests/gssapi/t_srcattrs.c
new file mode 100644
index 00000000..e83c3569
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_srcattrs.c
@@ -0,0 +1,63 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* src/tests/gssapi/t_accname_authind.c - test harness for auth indicators */
+/*
+ * Copyright (C) 2016 by Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "common.h"
+
+/* Establish a context to the given target name and enumerate the attributes of
+ * the source name. */
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 minor, flags;
+    gss_name_t tname, sname;
+    gss_ctx_id_t ictx, actx;
+
+    if (argc != 2) {
+        fprintf(stderr, "Usage: %s targetname\n", argv[0]);
+        return 1;
+    }
+    tname = import_name(argv[1]);
+
+    flags = GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+    establish_contexts(&mech_krb5, GSS_C_NO_CREDENTIAL, GSS_C_NO_CREDENTIAL,
+                       tname, flags, &ictx, &actx, &sname, NULL, NULL);
+    enumerate_attributes(sname, 1);
+
+    (void)gss_release_name(&minor, &tname);
+    (void)gss_release_name(&minor, &sname);
+    (void)gss_delete_sec_context(&minor, &ictx, NULL);
+    (void)gss_delete_sec_context(&minor, &actx, NULL);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_store_cred.c b/krb5-1.21.3/src/tests/gssapi/t_store_cred.c
new file mode 100644
index 00000000..b053e524
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_store_cred.c
@@ -0,0 +1,114 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/gssapi/t_store_cred.c - gss_store_cred() test harness */
+/*
+ * Copyright (C) 2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage: t_store_cred [-d] [-i] [-o] src_ccname [dest_ccname]
+ *
+ * Acquires creds from src_ccname using gss_acquire_cred_from() and then stores
+ * them, using gss_store_cred_into() if -i is specified or gss_store_cred()
+ * otherwise.  If dest_ccname is specified with -i, it is included in the cred
+ * store for the store operation; if it is specified without -i, it is set with
+ * gss_krb5_ccache_name() before the store operation.  If -d and/or -o are
+ * specified they set the default_cred and overwrite_cred flags to true
+ * respectively.
+ */
+
+#include "k5-platform.h"
+#include <gssapi/gssapi_ext.h>
+#include "common.h"
+
+int
+main(int argc, char *argv[])
+{
+    OM_uint32 major, minor;
+    gss_key_value_set_desc store;
+    gss_key_value_element_desc elem;
+    gss_cred_id_t cred;
+    krb5_boolean def = FALSE, into = FALSE, overwrite = FALSE;
+    const char *src_ccname, *dest_ccname;
+    int c;
+
+    /* Parse arguments. */
+    while ((c = getopt(argc, argv, "dio")) != -1) {
+        switch (c) {
+        case 'd':
+            def = TRUE;
+            break;
+        case 'i':
+            into = TRUE;
+            break;
+        case 'o':
+            overwrite = TRUE;
+            break;
+        default:
+            abort();
+        }
+    }
+    argc -= optind;
+    argv += optind;
+    assert(argc == 1 || argc == 2);
+    src_ccname = argv[0];
+    dest_ccname = argv[1];
+
+    elem.key = "ccache";
+    elem.value = src_ccname;
+    store.count = 1;
+    store.elements = &elem;
+    major = gss_acquire_cred_from(&minor, GSS_C_NO_NAME, GSS_C_INDEFINITE,
+                                  &mechset_krb5, GSS_C_INITIATE, &store, &cred,
+                                  NULL, NULL);
+    check_gsserr("acquire_cred", major, minor);
+
+    if (into) {
+        if (dest_ccname != NULL) {
+            elem.key = "ccache";
+            elem.value = dest_ccname;
+            store.count = 1;
+        } else {
+            store.count = 0;
+        }
+        major = gss_store_cred_into(&minor, cred, GSS_C_INITIATE, &mech_krb5,
+                                    overwrite, def, &store, NULL, NULL);
+        check_gsserr("store_cred_into", major, minor);
+    } else {
+        if (dest_ccname != NULL) {
+            major = gss_krb5_ccache_name(&minor, dest_ccname, NULL);
+            check_gsserr("ccache_name", major, minor);
+        }
+        major = gss_store_cred(&minor, cred, GSS_C_INITIATE, &mech_krb5,
+                               overwrite, def, NULL, NULL);
+        check_gsserr("store_cred", major, minor);
+    }
+
+    gss_release_cred(&minor, &cred);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/gssapi/t_store_cred.py b/krb5-1.21.3/src/tests/gssapi/t_store_cred.py
new file mode 100644
index 00000000..00e80cf3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/gssapi/t_store_cred.py
@@ -0,0 +1,80 @@
+from k5test import *
+
+realm = K5Realm(create_user=False)
+
+alice = 'alice@' + realm.realm
+bob = 'bob@' + realm.realm
+cc_alice = realm.ccache + '.alice'
+cc_bob = realm.ccache + '.bob'
+realm.addprinc(alice)
+realm.addprinc(bob)
+realm.extract_keytab(alice, realm.keytab)
+realm.extract_keytab(bob, realm.keytab)
+realm.kinit(alice, flags=['-k', '-c', cc_alice])
+realm.kinit(bob, flags=['-k', '-c', cc_bob])
+
+mark('FILE, default output ccache')
+realm.run(['./t_store_cred', cc_alice])
+realm.klist(alice)
+# Overwriting should fail by default, whether or not the principal matches.
+realm.run(['./t_store_cred', cc_alice], expected_code=1,
+          expected_msg='The requested credential element already exists')
+realm.run(['./t_store_cred', cc_bob], expected_code=1,
+          expected_msg='The requested credential element already exists')
+# Overwriting should succeed with overwrite_cred set.
+realm.run(['./t_store_cred', '-o', cc_bob])
+realm.klist(bob)
+# default_cred has no effect without a collection.
+realm.run(['./t_store_cred', '-d', '-o', cc_alice])
+realm.klist(alice)
+
+mark('FILE, gss_krb5_ccache_name()')
+cc_alternate = realm.ccache + '.alternate'
+realm.run(['./t_store_cred', cc_alice, cc_alternate])
+realm.klist(alice, ccache=cc_alternate)
+realm.run(['./t_store_cred', cc_bob, cc_alternate], expected_code=1,
+          expected_msg='The requested credential element already exists')
+
+mark('FILE, gss_store_cred_into()')
+os.remove(cc_alternate)
+realm.run(['./t_store_cred', '-i', cc_alice, cc_alternate])
+realm.klist(alice, ccache=cc_alternate)
+realm.run(['./t_store_cred', '-i', cc_bob, cc_alternate], expected_code=1,
+          expected_msg='The requested credential element already exists')
+
+mark('DIR, gss_krb5_ccache_name()')
+cc_dir = 'DIR:' + os.path.join(realm.testdir, 'cc')
+realm.run(['./t_store_cred', cc_alice, cc_dir])
+realm.run([klist, '-c', cc_dir], expected_code=1,
+          expected_msg='No credentials cache found')
+realm.run([klist, '-l', '-c', cc_dir], expected_msg=alice)
+realm.run(['./t_store_cred', cc_alice, cc_dir], expected_code=1,
+          expected_msg='The requested credential element already exists')
+realm.run(['./t_store_cred', '-o', cc_alice, cc_dir])
+realm.run([klist, '-c', cc_dir], expected_code=1,
+          expected_msg='No credentials cache found')
+realm.run([klist, '-l', cc_dir], expected_msg=alice)
+realm.run(['./t_store_cred', '-d', cc_bob, cc_dir])
+# The k5test klist method does not currently work with a collection name.
+realm.run([klist, cc_dir], expected_msg=bob)
+realm.run([klist, '-l', cc_dir], expected_msg=alice)
+realm.run(['./t_store_cred', '-o', '-d', cc_alice, cc_dir])
+realm.run([klist, cc_dir], expected_msg=alice)
+realm.run([kdestroy, '-A', '-c', cc_dir])
+
+mark('DIR, gss_store_cred_into()')
+realm.run(['./t_store_cred', '-i', cc_alice, cc_dir])
+realm.run(['./t_store_cred', '-i', '-d', cc_bob, cc_dir])
+realm.run([klist, cc_dir], expected_msg=bob)
+realm.run([klist, '-l', cc_dir], expected_msg=alice)
+realm.run([kdestroy, '-A', '-c', cc_dir])
+
+mark('DIR, default output ccache')
+realm.ccache = cc_dir
+realm.env['KRB5CCNAME'] = cc_dir
+realm.run(['./t_store_cred', '-i', cc_alice, cc_dir])
+realm.run(['./t_store_cred', '-i', '-d', cc_bob, cc_dir])
+realm.run([klist], expected_msg=bob)
+realm.run([klist, '-l'], expected_msg=alice)
+
+success('gss_store_cred() tests')
diff --git a/krb5-1.21.3/src/tests/hammer/Makefile.in b/krb5-1.21.3/src/tests/hammer/Makefile.in
new file mode 100644
index 00000000..3f0c4354
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hammer/Makefile.in
@@ -0,0 +1,15 @@
+mydir=tests$(S)hammer
+BUILDTOP=$(REL)..$(S)..
+
+SRCS=$(srcdir)/kdc5_hammer.c
+
+all: kdc5_hammer
+
+kdc5_hammer: kdc5_hammer.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o kdc5_hammer kdc5_hammer.o $(KRB5_BASE_LIBS)
+
+install:
+
+clean:
+	$(RM) kdc5_hammer.o kdc5_hammer
+
diff --git a/krb5-1.21.3/src/tests/hammer/deps b/krb5-1.21.3/src/tests/hammer/deps
new file mode 100644
index 00000000..f9357763
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hammer/deps
@@ -0,0 +1,13 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdc5_hammer.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc5_hammer.c
diff --git a/krb5-1.21.3/src/tests/hammer/kdc5_hammer.c b/krb5-1.21.3/src/tests/hammer/kdc5_hammer.c
new file mode 100644
index 00000000..8220fd97
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hammer/kdc5_hammer.c
@@ -0,0 +1,507 @@
+/* tests/hammer/kdc5_hammer.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "com_err.h"
+#include <sys/time.h>
+
+#define KRB5_DEFAULT_OPTIONS 0
+#define KRB5_DEFAULT_LIFE 60*60*8 /* 8 hours */
+#define KRB5_RENEWABLE_LIFE 60*60*2 /* 2 hours */
+
+struct h_timer {
+    float	ht_cumulative;
+    float	ht_min;
+    float	ht_max;
+    krb5_int32	ht_observations;
+};
+
+extern int optind;
+extern char *optarg;
+char *prog;
+
+static int brief;
+static char *cur_realm = 0;
+static int do_timer = 0;
+
+krb5_data tgtname = {
+    0,
+    KRB5_TGS_NAME_SIZE,
+    KRB5_TGS_NAME
+};
+
+int verify_cs_pair
+	(krb5_context,
+		   char *,
+		   krb5_principal,
+		   char *,
+		   char *,
+		   int, int, int,
+		   krb5_ccache);
+
+int get_tgt
+	(krb5_context,
+		   char *,
+		   krb5_principal *,
+		   krb5_ccache);
+
+static void
+usage(who, status)
+char *who;
+int status;
+{
+    fprintf(stderr,
+	    "usage: %s -p prefix -n num_to_check [-c cachename] [-r realmname]\n",
+	    who);
+    fprintf(stderr, "\t [-D depth]\n");
+    fprintf(stderr, "\t [-P preauth type] [-R repeat_count] [-t] [-b] [-v] \n");
+
+    exit(status);
+}
+
+static krb5_preauthtype * patype = NULL, patypedata[2] = { 0, -1 };
+static krb5_context test_context;
+
+struct timeval	tstart_time, tend_time;
+struct timezone	dontcare;
+
+struct h_timer in_tkt_times = { 0.0, 1000000.0, -1.0, 0 };
+struct h_timer tgs_req_times = { 0.0, 1000000.0, -1.0, 0 };
+/*
+ * Timer macros.
+ */
+#define	swatch_on()	((void) gettimeofday(&tstart_time, &dontcare))
+#define	swatch_eltime()	((gettimeofday(&tend_time, &dontcare)) ? -1.0 :	\
+			 (((float) (tend_time.tv_sec -			\
+				    tstart_time.tv_sec)) +		\
+			  (((float) (tend_time.tv_usec -		\
+				     tstart_time.tv_usec))/1000000.0)))
+
+int
+main(argc, argv)
+    int argc;
+    char **argv;
+{
+    krb5_ccache ccache = NULL;
+    char *cache_name = NULL;		/* -f option */
+    int option;
+    int errflg = 0;
+    krb5_error_code code;
+    int num_to_check, n, i, j, repeat_count, counter;
+    int n_tried, errors;
+    char prefix[BUFSIZ], client[4096], server[4096];
+    int depth;
+    char ctmp[4096], ctmp2[BUFSIZ], stmp[4096], stmp2[BUFSIZ];
+    krb5_principal client_princ;
+    krb5_error_code retval;
+
+    krb5_init_context(&test_context);
+
+    if (strrchr(argv[0], '/'))
+	prog = strrchr(argv[0], '/')+1;
+    else
+	prog = argv[0];
+
+    num_to_check = 0;
+    depth = 1;
+    repeat_count = 1;
+    brief = 0;
+    n_tried = 0;
+    errors = 0;
+
+    while ((option = getopt(argc, argv, "D:p:n:c:R:P:e:bvr:t")) != -1) {
+	switch (option) {
+	case 't':
+	    do_timer = 1;
+	    break;
+	case 'b':
+	    brief = 1;
+	    break;
+	case 'v':
+	    brief = 0;
+	    break;
+	case 'R':
+	    repeat_count = atoi(optarg); /* how many times? */
+	    break;
+	case 'r':
+	    cur_realm = optarg;
+	    break;
+	case 'D':
+	    depth = atoi(optarg);       /* how deep to go */
+	    break;
+	case 'p':                       /* prefix name to check */
+	    strncpy(prefix, optarg, sizeof(prefix) - 1);
+	    prefix[sizeof(prefix) - 1] = '\0';
+	    break;
+       case 'n':                        /* how many to check */
+	    num_to_check = atoi(optarg);
+	    break;
+	case 'P':
+	    patypedata[0] = atoi(optarg);
+	    patype = patypedata;
+	    break;
+	case 'c':
+	    if (ccache == NULL) {
+		cache_name = optarg;
+
+		code = krb5_cc_resolve (test_context, cache_name, &ccache);
+		if (code != 0) {
+		    com_err (prog, code, "resolving %s", cache_name);
+		    errflg++;
+		}
+	    } else {
+		fprintf(stderr, "Only one -c option allowed\n");
+		errflg++;
+	    }
+	    break;
+	case '?':
+	default:
+	    errflg++;
+	    break;
+	}
+    }
+
+    if (!(num_to_check && prefix[0])) usage(prog, 1);
+
+    if (!cur_realm) {
+	if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
+	    com_err(prog, retval, "while retrieving default realm name");
+	    exit(1);
+	}
+    }
+
+    if (ccache == NULL) {
+	if ((code = krb5_cc_default(test_context, &ccache))) {
+	    com_err(prog, code, "while getting default ccache");
+	    exit(1);
+	}
+    }
+
+    memset(ctmp, 0, sizeof(ctmp));
+    memset(stmp, 0, sizeof(stmp));
+
+    for (counter = 0; counter < repeat_count; counter++) {
+      fprintf(stderr, "\nRound %d\n", counter);
+
+      for (n = 1; n <= num_to_check; n++) {
+	/* build the new principal name */
+	/* we can't pick random names because we need to generate all the names
+	   again given a prefix and count to test the db lib and kdb */
+	ctmp[0] = '\0';
+	for (i = 1; i <= depth; i++) {
+	  (void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d",
+			  (i != 1) ? "/" : "", prefix, n, i);
+	  ctmp2[sizeof(ctmp2) - 1] = '\0';
+	  strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp));
+	  ctmp[sizeof(ctmp) - 1] = '\0';
+	  snprintf(client, sizeof(client), "%s@%s", ctmp, cur_realm);
+
+	  if (get_tgt (test_context, client, &client_princ, ccache)) {
+	    errors++;
+	    n_tried++;
+	    continue;
+	  }
+	  n_tried++;
+
+	  stmp[0] = '\0';
+	  for (j = 1; j <= depth; j++) {
+	    (void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d",
+			    (j != 1) ? "/" : "", prefix, n, j);
+	    stmp2[sizeof (stmp2) - 1] = '\0';
+	    strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp));
+	    stmp[sizeof(stmp) - 1] = '\0';
+	    snprintf(server, sizeof(server), "%s@%s", stmp, cur_realm);
+	    if (verify_cs_pair(test_context, client, client_princ,
+			       stmp, cur_realm, n, i, j, ccache))
+	      errors++;
+	    n_tried++;
+	  }
+	  krb5_free_principal(test_context, client_princ);
+	}
+      }
+    }
+    fprintf (stderr, "\nTried %d.  Got %d errors.\n", n_tried, errors);
+    if (do_timer) {
+	if (in_tkt_times.ht_observations)
+	    fprintf(stderr,
+		    "%8d  AS_REQ requests: %9.6f average (min: %9.6f, max:%9.6f)\n",
+		    in_tkt_times.ht_observations,
+		    in_tkt_times.ht_cumulative /
+		    (float) in_tkt_times.ht_observations,
+		    in_tkt_times.ht_min,
+		    in_tkt_times.ht_max);
+	if (tgs_req_times.ht_observations)
+	    fprintf(stderr,
+		    "%8d TGS_REQ requests: %9.6f average (min: %9.6f, max:%9.6f)\n",
+		    tgs_req_times.ht_observations,
+		    tgs_req_times.ht_cumulative /
+		    (float) tgs_req_times.ht_observations,
+		    tgs_req_times.ht_min,
+		    tgs_req_times.ht_max);
+    }
+
+    (void) krb5_cc_close(test_context, ccache);
+
+    krb5_free_context(test_context);
+
+    exit(errors);
+  }
+
+
+static krb5_error_code
+get_server_key(context, server, enctype, key)
+    krb5_context context;
+    krb5_principal server;
+    krb5_enctype enctype;
+    krb5_keyblock ** key;
+{
+    krb5_error_code retval;
+    krb5_encrypt_block eblock;
+    char * string;
+    krb5_data salt;
+    krb5_data pwd;
+
+    *key = NULL;
+
+    if ((retval = krb5_principal2salt(context, server, &salt)))
+	return retval;
+
+    if ((retval = krb5_unparse_name(context, server, &string)))
+	goto cleanup_salt;
+
+    pwd.data = string;
+    pwd.length = strlen(string);
+
+    if ((*key = (krb5_keyblock *)malloc(sizeof(krb5_keyblock)))) {
+    	krb5_use_enctype(context, &eblock, enctype);
+	retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt);
+	if (retval) {
+	    free(*key);
+	    *key = NULL;
+	}
+    } else
+        retval = ENOMEM;
+
+    free(string);
+
+cleanup_salt:
+    free(salt.data);
+    return retval;
+}
+
+int verify_cs_pair(context, p_client_str, p_client, service, hostname,
+		   p_num, c_depth, s_depth, ccache)
+    krb5_context context;
+    char *p_client_str;
+    krb5_principal p_client;
+    char * service;
+    char * hostname;
+    int p_num, c_depth, s_depth;
+    krb5_ccache ccache;
+{
+    krb5_error_code 	  retval;
+    krb5_creds 	 	  creds;
+    krb5_creds 		* credsp = NULL;
+    krb5_ticket 	* ticket = NULL;
+    krb5_keyblock 	* keyblock = NULL;
+    krb5_auth_context 	  auth_context = NULL;
+    krb5_data		  request_data = empty_data();
+    char		* sname;
+    float		  dt;
+
+    if (brief)
+      fprintf(stderr, "\tprinc (%d) client (%d) for server (%d)\n",
+	      p_num, c_depth, s_depth);
+    else
+      fprintf(stderr, "\tclient %s for server %s\n", p_client_str,
+	      service);
+
+    /* Initialize variables */
+    memset(&creds, 0, sizeof(creds));
+
+    /* Do client side */
+    if (asprintf(&sname, "%s@%s", service, hostname) >= 0) {
+	retval = krb5_parse_name(context, sname, &creds.server);
+	free(sname);
+    }
+    else
+	retval = ENOMEM;
+    if (retval)
+	return(retval);
+
+    /* obtain ticket & session key */
+    if ((retval = krb5_cc_get_principal(context, ccache, &creds.client))) {
+	com_err(prog, retval, "while getting client princ for %s", hostname);
+	return retval;
+    }
+
+    if ((retval = krb5_get_credentials(context, 0,
+                                      ccache, &creds, &credsp))) {
+	com_err(prog, retval, "while getting creds for %s", hostname);
+	return retval;
+    }
+
+    if (do_timer)
+	swatch_on();
+
+    if ((retval = krb5_mk_req_extended(context, &auth_context, 0, NULL,
+			            credsp, &request_data))) {
+	com_err(prog, retval, "while preparing AP_REQ for %s", hostname);
+	goto cleanup;
+    }
+
+    krb5_auth_con_free(context, auth_context);
+    auth_context = NULL;
+
+    /* Do server side now */
+    if ((retval = get_server_key(context, credsp->server,
+				credsp->keyblock.enctype, &keyblock))) {
+	com_err(prog, retval, "while getting server key for %s", hostname);
+	goto cleanup;
+    }
+
+    if (krb5_auth_con_init(context, &auth_context)) {
+	com_err(prog, retval, "while creating auth_context for %s", hostname);
+	goto cleanup;
+    }
+
+    if (krb5_auth_con_setuseruserkey(context, auth_context, keyblock)) {
+	com_err(prog, retval, "while setting auth_context key %s", hostname);
+	goto cleanup;
+    }
+
+    if ((retval = krb5_rd_req(context, &auth_context, &request_data,
+			     NULL /* server */, 0, NULL, &ticket))) {
+	com_err(prog, retval, "while decoding AP_REQ for %s", hostname);
+	goto cleanup;
+    }
+
+    if (do_timer) {
+	dt = swatch_eltime();
+	tgs_req_times.ht_cumulative += dt;
+	tgs_req_times.ht_observations++;
+	if (dt > tgs_req_times.ht_max)
+	    tgs_req_times.ht_max = dt;
+	if (dt < tgs_req_times.ht_min)
+	    tgs_req_times.ht_min = dt;
+    }
+
+    if (!(krb5_principal_compare(context,ticket->enc_part2->client,p_client))){
+    	char *returned_client;
+        if ((retval = krb5_unparse_name(context, ticket->enc_part2->client,
+			       	       &returned_client)))
+	    com_err (prog, retval,
+		     "Client not as expected, but cannot unparse client name");
+      	else
+	    com_err (prog, 0, "Client not as expected (%s).", returned_client);
+	retval = KRB5_PRINC_NOMATCH;
+      	free(returned_client);
+    } else {
+	retval = 0;
+    }
+
+cleanup:
+    krb5_free_cred_contents(context, &creds);
+    krb5_free_ticket(context, ticket);
+    krb5_auth_con_free(context, auth_context);
+    krb5_free_keyblock(context, keyblock);
+    krb5_free_data_contents(context, &request_data);
+    krb5_free_creds(context, credsp);
+
+    return retval;
+}
+
+int get_tgt (context, p_client_str, p_client, ccache)
+    krb5_context context;
+    char *p_client_str;
+    krb5_principal *p_client;
+    krb5_ccache ccache;
+{
+    long lifetime = KRB5_DEFAULT_LIFE;	/* -l option */
+    krb5_error_code code;
+    krb5_creds my_creds;
+    krb5_timestamp start;
+    float dt;
+    krb5_get_init_creds_opt *options;
+
+    if (!brief)
+      fprintf(stderr, "\tgetting TGT for %s\n", p_client_str);
+
+    if ((code = krb5_timeofday(context, &start))) {
+	com_err(prog, code, "while getting time of day");
+	return(-1);
+    }
+
+    memset(&my_creds, 0, sizeof(my_creds));
+
+    if ((code = krb5_parse_name (context, p_client_str, p_client))) {
+	com_err (prog, code, "when parsing name %s", p_client_str);
+	return(-1);
+    }
+
+    code = krb5_cc_initialize (context, ccache, *p_client);
+    if (code != 0) {
+	com_err (prog, code, "when initializing cache");
+	return(-1);
+    }
+
+    if (do_timer)
+	swatch_on();
+
+    code = krb5_get_init_creds_opt_alloc(context, &options);
+    if (code != 0) {
+	com_err(prog, code, "when allocating init cred options");
+	return(-1);
+    }
+
+    krb5_get_init_creds_opt_set_tkt_life(options, lifetime);
+
+    code = krb5_get_init_creds_opt_set_out_ccache(context, options, ccache);
+    if (code != 0) {
+	com_err(prog, code, "when setting init cred output ccache");
+	return(-1);
+    }
+
+    code = krb5_get_init_creds_password(context, &my_creds, *p_client,
+					p_client_str, NULL, NULL, 0, NULL,
+					options);
+    if (do_timer) {
+	dt = swatch_eltime();
+	in_tkt_times.ht_cumulative += dt;
+	in_tkt_times.ht_observations++;
+	if (dt > in_tkt_times.ht_max)
+	    in_tkt_times.ht_max = dt;
+	if (dt < in_tkt_times.ht_min)
+	    in_tkt_times.ht_min = dt;
+    }
+    krb5_get_init_creds_opt_free(context, options);
+    krb5_free_cred_contents(context, &my_creds);
+    if (code != 0) {
+	com_err (prog, code, "while getting initial credentials");
+	return(-1);
+      }
+
+    return(0);
+}
diff --git a/krb5-1.21.3/src/tests/hammer/pp.c b/krb5-1.21.3/src/tests/hammer/pp.c
new file mode 100644
index 00000000..5da1fac0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hammer/pp.c
@@ -0,0 +1,27 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/hammer/pp.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ */
+
+#include "krb5.h"
+
+void
+print_principal(p)
+    krb5_principal  p;
+{
+    char    *buf;
+    krb5_error_code retval;
+
+    if (retval = krb5_unparse_name(p, &buf)) {
+        com_err("DEBUG: Print_principal", retval,
+                "while unparsing name");
+        exit(1);
+    }
+    printf("%s\n", buf);
+    free(buf);
+}
diff --git a/krb5-1.21.3/src/tests/hist.c b/krb5-1.21.3/src/tests/hist.c
new file mode 100644
index 00000000..6bab968e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hist.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/hist.c - Perform unusual operations on history keys */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program is invoked from t_pwhist.py to simulate some conditions
+ * normally only seen in databases created before krb5 1.3.  With the "make"
+ * argument, the history key is rolled over to a kvno containing two keys
+ * (since krb5 1.3 we ordinarily ensure that there's only one).  With the
+ * "swap" argument, the two history keys are swapped in order; we use this
+ * operation to simulate the case where krb5 1.7 or earlier chose something
+ * other than the first history key to create password history entries.
+ */
+
+#include <k5-int.h>
+#include <kadm5/admin.h>
+
+static void
+check(krb5_error_code ret)
+{
+    if (ret) {
+	fprintf(stderr, "Unexpected failure, aborting\n");
+	abort();
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context ctx;
+    krb5_db_entry *ent;
+    krb5_principal hprinc;
+    kadm5_principal_ent_rec kent;
+    krb5_key_salt_tuple ks[2];
+    krb5_key_data kd;
+    kadm5_config_params params = { 0 };
+    void *handle;
+    char *realm;
+    long mask = KADM5_PRINCIPAL | KADM5_MAX_LIFE | KADM5_ATTRIBUTES;
+
+    check(kadm5_init_krb5_context(&ctx));
+    check(krb5_parse_name(ctx, "kadmin/history", &hprinc));
+    check(krb5_get_default_realm(ctx, &realm));
+    params.mask |= KADM5_CONFIG_REALM;
+    params.realm = realm;
+    check(kadm5_init(ctx, "user", "", "", &params, KADM5_STRUCT_VERSION,
+                     KADM5_API_VERSION_4, NULL, &handle));
+    if (strcmp(argv[1], "make") == 0) {
+        memset(&kent, 0, sizeof(kent));
+        kent.principal = hprinc;
+        kent.max_life = KRB5_KDB_DISALLOW_ALL_TIX;
+        kent.attributes = 0;
+	ks[0].ks_enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+	ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
+	ks[1].ks_enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+	ks[1].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
+        check(kadm5_create_principal_3(handle, &kent, mask, 2, ks, NULL));
+    } else if (strcmp(argv[1], "swap") == 0) {
+        check(krb5_db_get_principal(ctx, hprinc, 0, &ent));
+	kd = ent->key_data[0];
+	ent->key_data[0] = ent->key_data[1];
+	ent->key_data[1] = kd;
+        check(krb5_db_put_principal(ctx, ent));
+        krb5_db_free_principal(ctx, ent);
+    }
+    krb5_free_default_realm(ctx, realm);
+    kadm5_destroy(handle);
+    krb5_free_principal(ctx, hprinc);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/hooks.c b/krb5-1.21.3/src/tests/hooks.c
new file mode 100644
index 00000000..fabdb898
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hooks.c
@@ -0,0 +1,253 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/hooks.c - test harness for KDC send and recv hooks */
+/*
+ * Copyright (C) 2016 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check_code(krb5_error_code code, const char *file, int line)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s:%d -- %s (code=%d)\n", file, line, errmsg,
+                (int)code);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+#define check(code) check_code((code), __FILE__, __LINE__)
+
+/* Verify that the canonicalize bit is set in an AS-REQ and remove it. */
+static krb5_error_code
+test_send_as_req(krb5_context context, void *data, const krb5_data *realm,
+                 const krb5_data *message, krb5_data **new_message_out,
+                 krb5_data **reply_out)
+{
+    krb5_kdc_req *as_req;
+    int cmp;
+
+    assert(krb5_is_as_req(message));
+    check(decode_krb5_as_req(message, &as_req));
+
+    assert(as_req->msg_type == KRB5_AS_REQ);
+    assert(as_req->kdc_options & KDC_OPT_CANONICALIZE);
+    assert(as_req->client->realm.length == realm->length);
+    cmp = memcmp(as_req->client->realm.data, realm->data, realm->length);
+    assert(cmp == 0);
+
+    /* Remove the canonicalize flag and create a new message. */
+    as_req->kdc_options &= ~KDC_OPT_CANONICALIZE;
+    check(encode_krb5_as_req(as_req, new_message_out));
+
+    krb5_free_kdc_req(context, as_req);
+    return 0;
+}
+
+/* Verify that reply is an AS-REP with kvno 1 and a valid enctype. */
+static krb5_error_code
+test_recv_as_rep(krb5_context context, void *data, krb5_error_code code,
+                 const krb5_data *realm, const krb5_data *message,
+                 const krb5_data *reply, krb5_data **new_reply)
+{
+    krb5_kdc_rep *as_rep;
+
+    assert(code == 0);
+    assert(krb5_is_as_rep(reply));
+    check(decode_krb5_as_rep(reply, &as_rep));
+
+    assert(as_rep->msg_type == KRB5_AS_REP);
+    assert(as_rep->ticket->enc_part.kvno == 1);
+    assert(krb5_c_valid_enctype(as_rep->ticket->enc_part.enctype));
+
+    krb5_free_kdc_rep(context, as_rep);
+    return 0;
+}
+
+/* Create a fake error reply. */
+static krb5_error_code
+test_send_error(krb5_context context, void *data, const krb5_data *realm,
+                const krb5_data *message, krb5_data **new_message_out,
+                krb5_data **reply_out)
+{
+    krb5_error_code ret;
+    krb5_error err;
+    krb5_principal client, server;
+    char *realm_str, *princ_str;
+    int r;
+
+    realm_str = k5memdup0(realm->data, realm->length, &ret);
+    check(ret);
+
+    r = asprintf(&princ_str, "invalid@%s", realm_str);
+    assert(r > 0);
+    check(krb5_parse_name(ctx, princ_str, &client));
+    free(princ_str);
+
+    r = asprintf(&princ_str, "krbtgt@%s", realm_str);
+    assert(r > 0);
+    check(krb5_parse_name(ctx, princ_str, &server));
+    free(princ_str);
+    free(realm_str);
+
+    err.magic = KV5M_ERROR;
+    err.ctime = 1971196337;
+    err.cusec = 0;
+    err.susec = 97008;
+    err.stime = 1458219390;
+    err.error = 6;
+    err.client = client;
+    err.server = server;
+    err.text = string2data("CLIENT_NOT_FOUND");
+    err.e_data = empty_data();
+    check(encode_krb5_error(&err, reply_out));
+
+    krb5_free_principal(ctx, client);
+    krb5_free_principal(ctx, server);
+    return 0;
+}
+
+static krb5_error_code
+test_recv_error(krb5_context context, void *data, krb5_error_code code,
+                     const krb5_data *realm, const krb5_data *message,
+                     const krb5_data *reply, krb5_data **new_reply)
+{
+    /* The send hook created a reply, so this hook should not be executed. */
+    abort();
+}
+
+/* Modify an AS-REP reply, change the msg_type to KRB5_TGS_REP. */
+static krb5_error_code
+test_recv_modify_reply(krb5_context context, void *data, krb5_error_code code,
+                       const krb5_data *realm, const krb5_data *message,
+                       const krb5_data *reply, krb5_data **new_reply)
+{
+    krb5_kdc_rep *as_rep;
+
+    assert(code == 0);
+    assert(krb5_is_as_rep(reply));
+    check(decode_krb5_as_rep(reply, &as_rep));
+
+    as_rep->msg_type = KRB5_TGS_REP;
+    check(encode_krb5_as_rep(as_rep, new_reply));
+
+    krb5_free_kdc_rep(context, as_rep);
+    return 0;
+}
+
+/* Return an error given by the callback data argument. */
+static krb5_error_code
+test_send_return_value(krb5_context context, void *data,
+                       const krb5_data *realm, const krb5_data *message,
+                       krb5_data **new_message_out, krb5_data **reply_out)
+{
+    assert(data != NULL);
+    return *(krb5_error_code *)data;
+}
+
+/* Return an error given by the callback argument. */
+static krb5_error_code
+test_recv_return_value(krb5_context context, void *data, krb5_error_code code,
+                       const krb5_data *realm, const krb5_data *message,
+                       const krb5_data *reply, krb5_data **new_reply)
+{
+    assert(data != NULL);
+    return *(krb5_error_code *)data;
+}
+
+int
+main(int argc, char *argv[])
+{
+    const char *principal, *password;
+    krb5_principal client;
+    krb5_get_init_creds_opt *opts;
+    krb5_creds creds;
+    krb5_error_code ret, test_return_code;
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: %s princname password\n", argv[0]);
+        exit(1);
+    }
+    principal = argv[1];
+    password = argv[2];
+
+    check(krb5_init_context(&ctx));
+    check(krb5_parse_name(ctx, principal, &client));
+
+    /* Use a send hook to modify an outgoing AS-REQ.  The library will detect
+     * the modification in the reply. */
+    check(krb5_get_init_creds_opt_alloc(ctx, &opts));
+    krb5_get_init_creds_opt_set_canonicalize(opts, 1);
+    krb5_set_kdc_send_hook(ctx, test_send_as_req, NULL);
+    krb5_set_kdc_recv_hook(ctx, test_recv_as_rep, NULL);
+    ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                       NULL, 0, NULL, opts);
+    assert(ret == KRB5_KDCREP_MODIFIED);
+    krb5_get_init_creds_opt_free(ctx, opts);
+
+    /* Use a send hook to synthesize a KRB-ERROR reply. */
+    krb5_set_kdc_send_hook(ctx, test_send_error, NULL);
+    krb5_set_kdc_recv_hook(ctx, test_recv_error, NULL);
+    ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                       NULL, 0, NULL, NULL);
+    assert(ret == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN);
+
+    /* Use a recv hook to modify a KDC reply. */
+    krb5_set_kdc_send_hook(ctx, NULL, NULL);
+    krb5_set_kdc_recv_hook(ctx, test_recv_modify_reply, NULL);
+    ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                       NULL, 0, NULL, NULL);
+    assert(ret == KRB5KRB_AP_ERR_MSG_TYPE);
+
+    /* Verify that the user data pointer works in the send hook. */
+    test_return_code = KRB5KDC_ERR_PREAUTH_FAILED;
+    krb5_set_kdc_send_hook(ctx, test_send_return_value, &test_return_code);
+    krb5_set_kdc_recv_hook(ctx, NULL, NULL);
+    ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                        NULL, 0, NULL, NULL);
+    assert(ret == KRB5KDC_ERR_PREAUTH_FAILED);
+
+    /* Verify that the user data pointer works in the recv hook. */
+    test_return_code = KRB5KDC_ERR_NULL_KEY;
+    krb5_set_kdc_send_hook(ctx, NULL, NULL);
+    krb5_set_kdc_recv_hook(ctx, test_recv_return_value, &test_return_code);
+    ret = krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                       NULL, 0, NULL, NULL);
+    assert(ret == KRB5KDC_ERR_NULL_KEY);
+
+    krb5_free_principal(ctx, client);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/hrealm.c b/krb5-1.21.3/src/tests/hrealm.c
new file mode 100644
index 00000000..f464c8fd
--- /dev/null
+++ b/krb5-1.21.3/src/tests/hrealm.c
@@ -0,0 +1,99 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/hrealm.c - Test harness for host-realm interfaces */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program is intended to be run from a python script as:
+ *
+ *     hrealm -h|-f|-d [hostname]
+ *
+ * Calls krb5_get_host_realm, krb5_get_fallback_host_realm, or
+ * krb5_default_realm depending on the option given.  For the first two
+ * choices, hostname or NULL is passed as the argument.  The results are
+ * displayed one per line.
+ */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static void
+display(char **realms)
+{
+    while (realms != NULL && *realms != NULL)
+        printf("%s\n", *realms++);
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_data d;
+    char **realms, *realm;
+
+    check(krb5_init_context(&ctx));
+
+    /* Parse arguments. */
+    if (argc < 2 || argc > 3)
+        abort();
+
+    if (strcmp(argv[1], "-d") == 0) {
+        check(krb5_get_default_realm(ctx, &realm));
+        printf("%s\n", realm);
+        krb5_free_default_realm(ctx, realm);
+    } else if (strcmp(argv[1], "-h") == 0) {
+        check(krb5_get_host_realm(ctx, argv[2], &realms));
+        display(realms);
+        krb5_free_host_realm(ctx, realms);
+    } else if (strcmp(argv[1], "-f") == 0) {
+        assert(argc == 3);
+        d = string2data(argv[2]);
+        check(krb5_get_fallback_host_realm(ctx, &d, &realms));
+        display(realms);
+        krb5_free_host_realm(ctx, realms);
+    } else {
+        abort();
+    }
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/icinterleave.c b/krb5-1.21.3/src/tests/icinterleave.c
new file mode 100644
index 00000000..bcc87c7c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/icinterleave.c
@@ -0,0 +1,128 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/icinterleave.c - interleaved init_creds_step test harness */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This test harness performs multiple initial creds operations using
+ * krb5_init_creds_step(), interleaving the operations to test the scoping of
+ * the preauth state.  All principals must have the same password (or not
+ * require a password).
+ */
+
+#include "k5-int.h"
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *password;
+    char **princstrs;
+    krb5_principal client;
+    krb5_init_creds_context *iccs;
+    krb5_data req, *reps, realm;
+    krb5_boolean any_left;
+    int i, nclients, primary;
+    unsigned int flags;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: icinterleave password princ1 princ2 ...\n");
+        exit(1);
+    }
+    password = argv[1];
+    princstrs = argv + 2;
+    nclients = argc - 2;
+
+    check(krb5_init_context(&ctx));
+
+    /* Create an initial creds context for each client principal. */
+    iccs = calloc(nclients, sizeof(*iccs));
+    assert(iccs != NULL);
+    for (i = 0; i < nclients; i++) {
+        check(krb5_parse_name(ctx, princstrs[i], &client));
+        check(krb5_init_creds_init(ctx, client, NULL, NULL, 0, NULL,
+                                   &iccs[i]));
+        check(krb5_init_creds_set_password(ctx, iccs[i], password));
+        krb5_free_principal(ctx, client);
+    }
+
+    reps = calloc(nclients, sizeof(*reps));
+    assert(reps != NULL);
+
+    any_left = TRUE;
+    while (any_left) {
+        any_left = FALSE;
+        for (i = 0; i < nclients; i++)  {
+            if (iccs[i] == NULL)
+                continue;
+            any_left = TRUE;
+
+            printf("step %d\n", i + 1);
+
+            req = empty_data();
+            realm = empty_data();
+            check(krb5_init_creds_step(ctx, iccs[i], &reps[i], &req, &realm,
+                                       &flags));
+            if (!(flags & KRB5_INIT_CREDS_STEP_FLAG_CONTINUE)) {
+                printf("finish %d\n", i + 1);
+                krb5_init_creds_free(ctx, iccs[i]);
+                iccs[i] = NULL;
+                continue;
+            }
+
+            primary = 0;
+            krb5_free_data_contents(ctx, &reps[i]);
+            check(krb5_sendto_kdc(ctx, &req, &realm, &reps[i], &primary, 0));
+            krb5_free_data_contents(ctx, &req);
+            krb5_free_data_contents(ctx, &realm);
+        }
+    }
+
+    for (i = 0; i < nclients; i++)
+        krb5_free_data_contents(ctx, &reps[i]);
+    free(reps);
+    free(iccs);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/icred.c b/krb5-1.21.3/src/tests/icred.c
new file mode 100644
index 00000000..d6ce1d5d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/icred.c
@@ -0,0 +1,144 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/icred.c - test harness for getting initial creds */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This program exercises the init_creds APIs in ways kinit doesn't. */
+
+#include "k5-platform.h"
+#include <krb5.h>
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *ktname = NULL, *sname = NULL, *princstr, *password;
+    krb5_principal client;
+    krb5_init_creds_context icc;
+    krb5_get_init_creds_opt *opt;
+    krb5_keytab keytab = NULL;
+    krb5_creds creds;
+    krb5_boolean stepwise = FALSE;
+    krb5_preauthtype ptypes[64];
+    int c, nptypes = 0;
+    char *val;
+
+    check(krb5_init_context(&ctx));
+    check(krb5_get_init_creds_opt_alloc(ctx, &opt));
+
+    while ((c = getopt(argc, argv, "k:so:S:X:")) != -1) {
+        switch (c) {
+        case 'k':
+            ktname = optarg;
+            break;
+        case 's':
+            stepwise = TRUE;
+            break;
+        case 'o':
+            assert(nptypes < 64);
+            ptypes[nptypes++] = atoi(optarg);
+            break;
+        case 'S':
+            sname = optarg;
+            break;
+        case 'X':
+            val = strchr(optarg, '=');
+            if (val != NULL)
+                *val++ = '\0';
+            else
+                val = "yes";
+            check(krb5_get_init_creds_opt_set_pa(ctx, opt, optarg, val));
+            break;
+        default:
+            abort();
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+    if (argc != 1 && argc != 2)
+        abort();
+    princstr = argv[0];
+    password = argv[1];
+
+    if (sname != NULL) {
+        check(krb5_sname_to_principal(ctx, princstr, sname, KRB5_NT_SRV_HST,
+                                      &client));
+    } else {
+        check(krb5_parse_name(ctx, princstr, &client));
+    }
+
+    if (ktname != NULL)
+        check(krb5_kt_resolve(ctx, ktname, &keytab));
+
+    if (nptypes > 0)
+        krb5_get_init_creds_opt_set_preauth_list(opt, ptypes, nptypes);
+
+    if (stepwise) {
+        /* Use the stepwise interface. */
+        check(krb5_init_creds_init(ctx, client, NULL, NULL, 0, NULL, &icc));
+        if (keytab != NULL)
+            check(krb5_init_creds_set_keytab(ctx, icc, keytab));
+        if (password != NULL)
+            check(krb5_init_creds_set_password(ctx, icc, password));
+        check(krb5_init_creds_get(ctx, icc));
+        krb5_init_creds_free(ctx, icc);
+    } else if (keytab != NULL) {
+        check(krb5_get_init_creds_keytab(ctx, &creds, client, keytab, 0, NULL,
+                                         opt));
+        krb5_free_cred_contents(ctx, &creds);
+    } else {
+        /* Use the traditional one-shot interface. */
+        check(krb5_get_init_creds_password(ctx, &creds, client, password, NULL,
+                                           NULL, 0, NULL, opt));
+        krb5_free_cred_contents(ctx, &creds);
+    }
+
+    if (keytab != NULL)
+        krb5_kt_close(ctx, keytab);
+    krb5_get_init_creds_opt_free(ctx, opt);
+    krb5_free_principal(ctx, client);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/jsonwalker.py b/krb5-1.21.3/src/tests/jsonwalker.py
new file mode 100644
index 00000000..0dbdadd6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/jsonwalker.py
@@ -0,0 +1,105 @@
+import sys
+import json
+from collections import defaultdict
+from optparse import OptionParser
+
+class Parser(object):
+    DEFAULTS = {int:0,
+                str:'',
+                list:[]}
+
+    def __init__(self, defconf=None):
+        self.defaults = None
+        if defconf is not None:
+            self.defaults = self.flatten(defconf)
+
+    def run(self, logs, verbose=None):
+        result = self.parse(logs)
+        if len(result) != len(self.defaults):
+            diff = set(self.defaults.keys()).difference(result.keys())
+            print('Test failed.')
+            print('The following attributes were not set:')
+            for it in diff:
+                print(it)
+            sys.exit(1)
+
+    def flatten(self, defaults):
+        """
+        Flattens paths to attributes.
+
+        Parameters
+        ----------
+        defaults : a dictionaries populated with default values
+
+        Returns :
+        dict : with flattened attributes
+        """
+        result = dict()
+        for path,value in self._walk(defaults):
+            if path in result:
+                print('Warning: attribute path %s already exists' % path)
+            result[path] = value
+
+        return result
+
+    def parse(self, logs):
+        result = defaultdict(list)
+        for msg in logs:
+            # each message is treated as a dictionary of dictionaries
+            for a,v in self._walk(msg):
+                # see if path is registered in defaults
+                if a in self.defaults:
+                    dv = self.defaults.get(a)
+                    if dv is None:
+                        # determine default value by type
+                        if v is not None:
+                            dv = self.DEFAULTS[type(v)]
+                        else:
+                            print('Warning: attribute %s is set to None' % a)
+                            continue
+                    # by now we have default value
+                    if v != dv:
+                        # test passed
+                        result[a].append(v)
+        return result
+
+    def _walk(self, adict):
+        """
+        Generator that works through dictionary.
+        """
+        for a,v in adict.items():
+            if isinstance(v,dict):
+                for (attrpath,u) in self._walk(v):
+                    yield (a+'.'+attrpath,u)
+            else:
+                yield (a,v)
+
+
+if __name__ == '__main__':
+
+    parser = OptionParser()
+    parser.add_option("-i", "--logfile", dest="filename",
+                  help="input log file in json fmt", metavar="FILE")
+    parser.add_option("-d", "--defaults", dest="defaults",
+                  help="dictionary with defaults", metavar="FILE")
+
+    (options, args) = parser.parse_args()
+    if options.filename is not None:
+        with open(options.filename, 'r') as f:
+            content = list()
+            for l in f:
+                content.append(json.loads(l.rstrip()))
+        f.close()
+    else:
+        print('Input file in JSON format is required')
+        exit()
+
+    defaults = None
+    if options.defaults is not None:
+        with open(options.defaults, 'r') as f:
+            defaults = json.load(f)
+
+    # run test
+    p = Parser(defaults)
+    p.run(content)
+    exit()
diff --git a/krb5-1.21.3/src/tests/kcmserver.py b/krb5-1.21.3/src/tests/kcmserver.py
new file mode 100644
index 00000000..f6dfcb71
--- /dev/null
+++ b/krb5-1.21.3/src/tests/kcmserver.py
@@ -0,0 +1,336 @@
+# This is a simple KCM test server, used to exercise the KCM ccache
+# client code.  It will generally throw an uncaught exception if the
+# client sends anything unexpected, so is unsuitable for production.
+# (It also imposes no namespace or access constraints, and blocks
+# while reading requests and writing responses.)
+
+# This code knows nothing about how to marshal and unmarshal principal
+# names and credentials as is required in the KCM protocol; instead,
+# it just remembers the marshalled forms and replays them to the
+# client when asked.  This works because marshalled creds and
+# principal names are always the last part of marshalled request
+# arguments, and because we don't need to implement remove_cred (which
+# would need to know how to match a cred tag against previously stored
+# credentials).
+
+# The following code is useful for debugging if anything appears to be
+# going wrong in the server, since daemon output is generally not
+# visible in Python test scripts.
+#
+# import sys, traceback
+# def ehook(etype, value, tb):
+#     with open('/tmp/exception', 'w') as f:
+#         traceback.print_exception(etype, value, tb, file=f)
+# sys.excepthook = ehook
+
+import optparse
+import select
+import socket
+import struct
+import sys
+
+caches = {}
+cache_uuidmap = {}
+defname = b'default'
+next_unique = 1
+next_uuid = 1
+
+class KCMOpcodes(object):
+    GEN_NEW = 3
+    INITIALIZE = 4
+    DESTROY = 5
+    STORE = 6
+    RETRIEVE = 7
+    GET_PRINCIPAL = 8
+    GET_CRED_UUID_LIST = 9
+    GET_CRED_BY_UUID = 10
+    REMOVE_CRED = 11
+    GET_CACHE_UUID_LIST = 18
+    GET_CACHE_BY_UUID = 19
+    GET_DEFAULT_CACHE = 20
+    SET_DEFAULT_CACHE = 21
+    GET_KDC_OFFSET = 22
+    SET_KDC_OFFSET = 23
+    GET_CRED_LIST = 13001
+    REPLACE = 13002
+
+
+class KRB5Errors(object):
+    KRB5_CC_NOTFOUND = -1765328243
+    KRB5_CC_END = -1765328242
+    KRB5_CC_NOSUPP = -1765328137
+    KRB5_FCC_NOFILE = -1765328189
+    KRB5_FCC_INTERNAL = -1765328188
+
+
+def make_uuid():
+    global next_uuid
+    uuid = bytes(12) + struct.pack('>L', next_uuid)
+    next_uuid = next_uuid + 1
+    return uuid
+
+
+class Cache(object):
+    def __init__(self, name):
+        self.name = name
+        self.princ = None
+        self.uuid = make_uuid()
+        self.cred_uuids = []
+        self.creds = {}
+        self.time_offset = 0
+
+
+def get_cache(name):
+    if name in caches:
+        return caches[name]
+    cache = Cache(name)
+    caches[name] = cache
+    cache_uuidmap[cache.uuid] = cache
+    return cache
+
+
+def unmarshal_name(argbytes):
+    offset = argbytes.find(b'\0')
+    return argbytes[0:offset], argbytes[offset+1:]
+
+
+# Find the bounds of a marshalled principal, returning it and the
+# remainder of argbytes.
+def extract_princ(argbytes):
+    ncomps, rlen = struct.unpack('>LL', argbytes[4:12])
+    pos = 12 + rlen
+    for i in range(ncomps):
+        clen, = struct.unpack('>L', argbytes[pos:pos+4])
+        pos += 4 + clen
+    return argbytes[0:pos], argbytes[pos:]
+
+
+# Return true if the marshalled principals p1 and p2 name the same
+# principal.
+def princ_eq(p1, p2):
+    # Ignore the name-types at bytes 0..3.  The remaining bytes should
+    # be identical if the principals are the same.
+    return p1[4:] == p2[4:]
+
+
+def op_gen_new(argbytes):
+    # Does not actually check for uniqueness.
+    global next_unique
+    name = b'unique' + str(next_unique).encode('ascii')
+    next_unique += 1
+    return 0, name + b'\0'
+
+
+def op_initialize(argbytes):
+    name, princ = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    cache.princ = princ
+    cache.cred_uuids = []
+    cache.creds = {}
+    cache.time_offset = 0
+    return 0, b''
+
+
+def op_destroy(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    del cache_uuidmap[cache.uuid]
+    del caches[name]
+    return 0, b''
+
+
+def op_store(argbytes):
+    name, cred = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    uuid = make_uuid()
+    cache.creds[uuid] = cred
+    cache.cred_uuids.append(uuid)
+    return 0, b''
+
+
+def op_retrieve(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    # Ignore the flags at rest[0:4] and the header at rest[4:8].
+    # Assume there are client and server creds in the tag and match
+    # only against them.
+    cprinc, rest = extract_princ(rest[8:])
+    sprinc, rest = extract_princ(rest)
+    cache = get_cache(name)
+    for cred in (cache.creds[u] for u in cache.cred_uuids):
+        cred_cprinc, rest = extract_princ(cred)
+        cred_sprinc, rest = extract_princ(rest)
+        if princ_eq(cred_cprinc, cprinc) and princ_eq(cred_sprinc, sprinc):
+            return 0, cred
+    return KRB5Errors.KRB5_CC_NOTFOUND, b''
+
+
+def op_get_principal(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    if cache.princ is None:
+        return KRB5Errors.KRB5_FCC_NOFILE, b''
+    return 0, cache.princ + b'\0'
+
+
+def op_get_cred_uuid_list(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    return 0, b''.join(cache.cred_uuids)
+
+
+def op_get_cred_by_uuid(argbytes):
+    name, uuid = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    if uuid not in cache.creds:
+        return KRB5Errors.KRB5_CC_END, b''
+    return 0, cache.creds[uuid]
+
+
+def op_remove_cred(argbytes):
+    return KRB5Errors.KRB5_CC_NOSUPP, b''
+
+
+def op_get_cache_uuid_list(argbytes):
+    return 0, b''.join(cache_uuidmap.keys())
+
+
+def op_get_cache_by_uuid(argbytes):
+    uuid = argbytes
+    if uuid not in cache_uuidmap:
+        return KRB5Errors.KRB5_CC_END, b''
+    return 0, cache_uuidmap[uuid].name + b'\0'
+
+
+def op_get_default_cache(argbytes):
+    return 0, defname + b'\0'
+
+
+def op_set_default_cache(argbytes):
+    global defname
+    defname, rest = unmarshal_name(argbytes)
+    return 0, b''
+
+
+def op_get_kdc_offset(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    return 0, struct.pack('>l', cache.time_offset)
+
+
+def op_set_kdc_offset(argbytes):
+    name, obytes = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    cache.time_offset, = struct.unpack('>l', obytes)
+    return 0, b''
+
+
+def op_get_cred_list(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    cache = get_cache(name)
+    creds = [cache.creds[u] for u in cache.cred_uuids]
+    return 0, (struct.pack('>L', len(creds)) +
+               b''.join(struct.pack('>L', len(c)) + c for c in creds))
+
+
+def op_replace(argbytes):
+    name, rest = unmarshal_name(argbytes)
+    offset, = struct.unpack('>L', rest[0:4])
+    princ, rest = extract_princ(rest[4:])
+    ncreds, = struct.unpack('>L', rest[0:4])
+    rest = rest[4:]
+    creds = []
+    for i in range(ncreds):
+        len, = struct.unpack('>L', rest[0:4])
+        creds.append(rest[4:4+len])
+        rest = rest[4+len:]
+
+    cache = get_cache(name)
+    cache.princ = princ
+    cache.cred_uuids = []
+    cache.creds = {}
+    cache.time_offset = offset
+    for i in range(ncreds):
+        uuid = make_uuid()
+        cache.creds[uuid] = creds[i]
+        cache.cred_uuids.append(uuid)
+
+    return 0, b''
+
+
+ophandlers = {
+    KCMOpcodes.GEN_NEW : op_gen_new,
+    KCMOpcodes.INITIALIZE : op_initialize,
+    KCMOpcodes.DESTROY : op_destroy,
+    KCMOpcodes.STORE : op_store,
+    KCMOpcodes.RETRIEVE : op_retrieve,
+    KCMOpcodes.GET_PRINCIPAL : op_get_principal,
+    KCMOpcodes.GET_CRED_UUID_LIST : op_get_cred_uuid_list,
+    KCMOpcodes.GET_CRED_BY_UUID : op_get_cred_by_uuid,
+    KCMOpcodes.REMOVE_CRED : op_remove_cred,
+    KCMOpcodes.GET_CACHE_UUID_LIST : op_get_cache_uuid_list,
+    KCMOpcodes.GET_CACHE_BY_UUID : op_get_cache_by_uuid,
+    KCMOpcodes.GET_DEFAULT_CACHE : op_get_default_cache,
+    KCMOpcodes.SET_DEFAULT_CACHE : op_set_default_cache,
+    KCMOpcodes.GET_KDC_OFFSET : op_get_kdc_offset,
+    KCMOpcodes.SET_KDC_OFFSET : op_set_kdc_offset,
+    KCMOpcodes.GET_CRED_LIST : op_get_cred_list,
+    KCMOpcodes.REPLACE : op_replace
+}
+
+# Read and respond to a request from the socket s.
+def service_request(s):
+    lenbytes = b''
+    while len(lenbytes) < 4:
+        lenbytes += s.recv(4 - len(lenbytes))
+        if lenbytes == b'':
+                return False
+
+    reqlen, = struct.unpack('>L', lenbytes)
+    req = b''
+    while len(req) < reqlen:
+        req += s.recv(reqlen - len(req))
+
+    majver, minver, op = struct.unpack('>BBH', req[:4])
+    argbytes = req[4:]
+
+    if op in ophandlers:
+        code, payload = ophandlers[op](argbytes)
+    else:
+        code, payload = KRB5Errors.KRB5_FCC_INTERNAL, b''
+
+    # The KCM response is the code (4 bytes) and the response payload.
+    # The Heimdal IPC response is the length of the KCM response (4
+    # bytes), a status code which is essentially always 0 (4 bytes),
+    # and the KCM response.
+    kcm_response = struct.pack('>l', code) + payload
+    hipc_response = struct.pack('>LL', len(kcm_response), 0) + kcm_response
+    s.sendall(hipc_response)
+    return True
+
+parser = optparse.OptionParser()
+parser.add_option('-f', '--fallback', action='store_true', dest='fallback',
+                  default=False,
+                  help='Do not support RETRIEVE/GET_CRED_LIST/REPLACE')
+(options, args) = parser.parse_args()
+if options.fallback:
+    del ophandlers[KCMOpcodes.RETRIEVE]
+    del ophandlers[KCMOpcodes.GET_CRED_LIST]
+    del ophandlers[KCMOpcodes.REPLACE]
+
+server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+server.bind(args[0])
+server.listen(5)
+select_input = [server,]
+sys.stderr.write('starting...\n')
+sys.stderr.flush()
+
+while True:
+    iready, oready, xready = select.select(select_input, [], [])
+    for s in iready:
+        if s == server:
+            client, addr = server.accept()
+            select_input.append(client)
+        else:
+            if not service_request(s):
+                select_input.remove(s)
+                s.close()
diff --git a/krb5-1.21.3/src/tests/kdbtest.c b/krb5-1.21.3/src/tests/kdbtest.c
new file mode 100644
index 00000000..3f61f3e8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/kdbtest.c
@@ -0,0 +1,403 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/kdbtest.c - test program to exercise KDB modules */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This test program uses libkdb5 APIs to exercise as much of the LDAP and DB2
+ * back ends.
+ */
+
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <string.h>
+
+static krb5_context ctx;
+
+#define CHECK(code) check(code, __LINE__)
+#define CHECK_COND(val) check_cond(val, __LINE__)
+
+static void
+check(krb5_error_code code, int lineno)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "Unexpected error at line %d: %s\n", lineno, errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static void
+check_cond(int value, int lineno)
+{
+    if (!value) {
+        fprintf(stderr, "Unexpected result at line %d\n", lineno);
+        exit(1);
+    }
+}
+
+static krb5_data princ_data[2] = {
+    { KV5M_DATA, 6, "xy*(z)" },
+    { KV5M_DATA, 12, "+<> *()\\#\",;" }
+};
+
+static krb5_principal_data sample_princ = {
+    KV5M_PRINCIPAL,
+    { KV5M_DATA, 11, "KRBTEST.COM" },
+    princ_data, 2, KRB5_NT_UNKNOWN
+};
+
+static krb5_principal_data xrealm_princ = {
+    KV5M_PRINCIPAL,
+    { KV5M_DATA, 12, "KRBTEST2.COM" },
+    princ_data, 2, KRB5_NT_UNKNOWN
+};
+
+#define U(x) (unsigned char *)x
+
+/*
+ * tl1 through tl4 are normalized to attributes in the LDAP back end.  tl5 is
+ * stored as untranslated tl-data.  tl3 contains an encoded osa_princ_ent with
+ * a policy reference to "<test*>".
+ */
+static krb5_tl_data tl5 = { NULL, KRB5_TL_MKVNO, 2, U("\0\1") };
+static krb5_tl_data tl4 = { &tl5, KRB5_TL_LAST_ADMIN_UNLOCK, 4,
+                            U("\6\0\0\0") };
+static krb5_tl_data tl3 = { &tl4, KRB5_TL_KADM_DATA, 32,
+                            U("\x12\x34\x5C\x01\x00\x00\x00\x08"
+                              "\x3C\x74\x65\x73\x74\x2A\x3E\x00"
+                              "\x00\x00\x08\x00\x00\x00\x00\x00"
+                              "\x00\x00\x00\x00\x00\x00\x00\x00") };
+static krb5_tl_data tl2 = { &tl3, KRB5_TL_MOD_PRINC, 8, U("\5\6\7\0x@Y\0") };
+static krb5_tl_data tl1 = { &tl2, KRB5_TL_LAST_PWD_CHANGE, 4, U("\1\2\3\4") };
+
+/* An encoded osa_print_enc with no policy reference. */
+static krb5_tl_data tl_no_policy = { NULL, KRB5_TL_KADM_DATA, 24,
+                                     U("\x12\x34\x5C\x01\x00\x00\x00\x00"
+                                       "\x00\x00\x00\x00\x00\x00\x00\x00"
+                                       "\x00\x00\x00\x02\x00\x00\x00\x00") };
+
+static krb5_key_data keys[] = {
+    {
+        2,                          /* key_data_ver */
+        2,                          /* key_data_kvno */
+        { ENCTYPE_AES256_CTS_HMAC_SHA1_96, KRB5_KDB_SALTTYPE_SPECIAL },
+        { 32, 7 },
+        { U("\x17\xF2\x75\xF2\x95\x4F\x2E\xD1"
+            "\xF9\x0C\x37\x7B\xA7\xF4\xD6\xA3"
+            "\x69\xAA\x01\x36\xE0\xBF\x0C\x92"
+            "\x7A\xD6\x13\x3C\x69\x37\x59\xA9"),
+          U("expsalt") }
+    },
+    {
+        2,                          /* key_data_ver */
+        2,                          /* key_data_kvno */
+        { ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 },
+        { 16, 0 },
+        { U("\xDC\xEE\xB7\x0B\x3D\xE7\x65\x62"
+            "\xE6\x89\x22\x6C\x76\x42\x91\x48"),
+          NULL }
+    }
+};
+#undef U
+
+static char polname[] = "<test*>";
+
+static krb5_db_entry sample_entry = {
+    0,
+    KRB5_KDB_V1_BASE_LENGTH,
+    /* mask */
+    KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION |
+    KADM5_ATTRIBUTES | KADM5_MAX_LIFE | KADM5_POLICY | KADM5_MAX_RLIFE |
+    KADM5_LAST_SUCCESS | KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT |
+    KADM5_KEY_DATA | KADM5_TL_DATA,
+    /* attributes */
+    KRB5_KDB_REQUIRES_PRE_AUTH | KRB5_KDB_REQUIRES_HW_AUTH |
+    KRB5_KDB_DISALLOW_SVR,
+    1234,                       /* max_life */
+    5678,                       /* max_renewable_life */
+    9012,                       /* expiration */
+    3456,                       /* pw_expiration */
+    1,                          /* last_success */
+    5,                          /* last_failed */
+    2,                          /* fail_auth_count */
+    5,                          /* n_tl_data */
+    2,                          /* n_key_data */
+    0, NULL,                    /* e_length, e_data */
+    &sample_princ,
+    &tl1,
+    keys
+};
+
+static osa_policy_ent_rec sample_policy = {
+    0,                          /* version */
+    polname,                    /* name */
+    1357,                       /* pw_min_life */
+    100,                        /* pw_max_life */
+    6,                          /* pw_min_length */
+    2,                          /* pw_min_classes */
+    3,                          /* pw_history_num */
+    0,                          /* policy_refcnt */
+    2,                          /* pw_max_fail */
+    60,                         /* pw_failcnt_interval */
+    120,                        /* pw_lockout_duration */
+    0,                          /* attributes */
+    2468,                       /* max_life */
+    3579,                       /* max_renewable_life */
+    "aes",                      /* allowed_keysalts */
+    0, NULL                     /* n_tl_data, tl_data */
+};
+
+/* Compare pol against sample_policy. */
+static void
+check_policy(osa_policy_ent_t pol)
+{
+    CHECK_COND(strcmp(pol->name, sample_policy.name) == 0);
+    CHECK_COND(pol->pw_min_life == sample_policy.pw_min_life);
+    CHECK_COND(pol->pw_max_life == sample_policy.pw_max_life);
+    CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length);
+    CHECK_COND(pol->pw_min_classes == sample_policy.pw_min_classes);
+    CHECK_COND(pol->pw_history_num == sample_policy.pw_history_num);
+    CHECK_COND(pol->pw_max_life == sample_policy.pw_max_life);
+    CHECK_COND(pol->pw_failcnt_interval == sample_policy.pw_failcnt_interval);
+    CHECK_COND(pol->pw_lockout_duration == sample_policy.pw_lockout_duration);
+    CHECK_COND(pol->attributes == sample_policy.attributes);
+    CHECK_COND(pol->max_life == sample_policy.max_life);
+    CHECK_COND(pol->max_renewable_life == sample_policy.max_renewable_life);
+    CHECK_COND(strcmp(pol->allowed_keysalts,
+                      sample_policy.allowed_keysalts) == 0);
+}
+
+/* Compare ent against sample_entry. */
+static void
+check_entry(krb5_db_entry *ent)
+{
+    krb5_int16 i, j;
+    krb5_key_data *k1, *k2;
+    krb5_tl_data *tl, etl;
+
+    CHECK_COND(ent->attributes == sample_entry.attributes);
+    CHECK_COND(ent->max_life == sample_entry.max_life);
+    CHECK_COND(ent->max_renewable_life == sample_entry.max_renewable_life);
+    CHECK_COND(ent->expiration == sample_entry.expiration);
+    CHECK_COND(ent->pw_expiration == sample_entry.pw_expiration);
+    CHECK_COND(ent->last_success == sample_entry.last_success);
+    CHECK_COND(ent->last_failed == sample_entry.last_failed);
+    CHECK_COND(ent->fail_auth_count == sample_entry.fail_auth_count);
+    CHECK_COND(krb5_principal_compare(ctx, ent->princ, sample_entry.princ));
+    CHECK_COND(ent->n_key_data == sample_entry.n_key_data);
+    for (i = 0; i < ent->n_key_data; i++) {
+        k1 = &ent->key_data[i];
+        k2 = &sample_entry.key_data[i];
+        CHECK_COND(k1->key_data_ver == k2->key_data_ver);
+        CHECK_COND(k1->key_data_kvno == k2->key_data_kvno);
+        for (j = 0; j < k1->key_data_ver; j++) {
+            CHECK_COND(k1->key_data_type[j] == k2->key_data_type[j]);
+            CHECK_COND(k1->key_data_length[j] == k2->key_data_length[j]);
+            CHECK_COND(memcmp(k1->key_data_contents[j],
+                              k2->key_data_contents[j],
+                              k1->key_data_length[j]) == 0);
+        }
+    }
+    for (tl = sample_entry.tl_data; tl != NULL; tl = tl->tl_data_next) {
+        etl.tl_data_type = tl->tl_data_type;
+        CHECK(krb5_dbe_lookup_tl_data(ctx, ent, &etl));
+        CHECK_COND(tl->tl_data_length == etl.tl_data_length);
+        CHECK_COND(memcmp(tl->tl_data_contents, etl.tl_data_contents,
+                          tl->tl_data_length) == 0);
+    }
+}
+
+/* Audit a successful or failed preauth attempt for *entp.  Then reload *entp
+ * (by fetching sample_princ) so we can see the effect. */
+static void
+sim_preauth(krb5_timestamp authtime, krb5_boolean ok, krb5_db_entry **entp)
+{
+    /* Both back ends ignore the request, local_addr, and remote_addr
+     * parameters for now. */
+    krb5_db_audit_as_req(ctx, NULL, NULL, NULL, *entp, *entp, authtime,
+                         ok ? 0 : KRB5KDC_ERR_PREAUTH_FAILED);
+    krb5_db_free_principal(ctx, *entp);
+    CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, entp));
+}
+
+static krb5_error_code
+iter_princ_handler(void *data, krb5_db_entry *ent)
+{
+    int *count = data;
+
+    CHECK_COND(krb5_principal_compare(ctx, ent->princ, sample_entry.princ));
+    (*count)++;
+    return 0;
+}
+
+static void
+iter_pol_handler(void *data, osa_policy_ent_t pol)
+{
+    int *count = data;
+
+    CHECK_COND(strcmp(pol->name, sample_policy.name) == 0);
+    (*count)++;
+}
+
+int
+main()
+{
+    krb5_db_entry *ent;
+    osa_policy_ent_t pol;
+    krb5_pa_data **e_data;
+    const char *status;
+    int count;
+
+    CHECK(krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx));
+
+    /* If we can, revert to requiring all entries match sample_princ in
+     * iter_princ_handler */
+    CHECK_COND(krb5_db_inited(ctx) != 0);
+    CHECK(krb5_db_create(ctx, NULL));
+    CHECK(krb5_db_inited(ctx));
+    CHECK(krb5_db_fini(ctx));
+    CHECK_COND(krb5_db_inited(ctx) != 0);
+
+    CHECK_COND(krb5_db_inited(ctx) != 0);
+    CHECK(krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN));
+    CHECK(krb5_db_inited(ctx));
+
+    /* Manipulate a policy, leaving it in place at the end. */
+    CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
+    CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
+    CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
+    CHECK(krb5_db_create_policy(ctx, &sample_policy));
+    CHECK_COND(krb5_db_create_policy(ctx, &sample_policy) != 0);
+    CHECK(krb5_db_get_policy(ctx, polname, &pol));
+    check_policy(pol);
+    pol->pw_min_length--;
+    CHECK(krb5_db_put_policy(ctx, pol));
+    krb5_db_free_policy(ctx, pol);
+    CHECK(krb5_db_get_policy(ctx, polname, &pol));
+    CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length - 1);
+    krb5_db_free_policy(ctx, pol);
+    CHECK(krb5_db_delete_policy(ctx, polname));
+    CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
+    CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
+    CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
+    CHECK(krb5_db_create_policy(ctx, &sample_policy));
+    count = 0;
+    CHECK(krb5_db_iter_policy(ctx, NULL, iter_pol_handler, &count));
+    CHECK_COND(count == 1);
+
+    /* Create a principal. */
+    CHECK_COND(krb5_db_delete_principal(ctx, &sample_princ) ==
+               KRB5_KDB_NOENTRY);
+    CHECK_COND(krb5_db_get_principal(ctx, &xrealm_princ, 0, &ent) ==
+               KRB5_KDB_NOENTRY);
+    CHECK(krb5_db_put_principal(ctx, &sample_entry));
+    /* Putting again will fail with LDAP (due to KADM5_PRINCIPAL in mask)
+     * but succeed with DB2, so don't check the result. */
+    (void)krb5_db_put_principal(ctx, &sample_entry);
+    /* But it should succeed in both back ends with KADM5_LOAD in mask. */
+    sample_entry.mask |= KADM5_LOAD;
+    CHECK(krb5_db_put_principal(ctx, &sample_entry));
+    sample_entry.mask &= ~KADM5_LOAD;
+    /* Fetch and compare the added principal. */
+    CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, &ent));
+    check_entry(ent);
+
+    /* We can't set up a successful allowed-to-delegate check through existing
+     * APIs yet, but we can make a failed check. */
+    CHECK_COND(krb5_db_check_allowed_to_delegate(ctx, &sample_princ, ent,
+                                                 &sample_princ) != 0);
+
+    /* Exercise lockout code. */
+    /* Policy params: max_fail 2, failcnt_interval 60, lockout_duration 120 */
+    /* Initial state: last_success 1, last_failed 5, fail_auth_count 2,
+     * last admin unlock 6 */
+    /* Check succeeds due to last admin unlock. */
+    CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 7, &status, &e_data));
+    /* Failure count resets to 1 due to last admin unlock. */
+    sim_preauth(8, FALSE, &ent);
+    CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 8);
+    /* Failure count resets to 1 due to failcnt_interval */
+    sim_preauth(70, FALSE, &ent);
+    CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 70);
+    /* Failure count resets to 0 due to successful preauth. */
+    sim_preauth(75, TRUE, &ent);
+    CHECK_COND(ent->fail_auth_count == 0 && ent->last_success == 75);
+    /* Failure count increments to 2 and stops incrementing. */
+    sim_preauth(80, FALSE, &ent);
+    CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 80);
+    sim_preauth(100, FALSE, &ent);
+    CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
+    sim_preauth(110, FALSE, &ent);
+    CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
+    /* Check fails due to reaching maximum failure count. */
+    CHECK_COND(krb5_db_check_policy_as(ctx, NULL, ent, ent, 170, &status,
+                                       &e_data) == KRB5KDC_ERR_CLIENT_REVOKED);
+    /* Check succeeds after lockout_duration has passed. */
+    CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 230, &status, &e_data));
+    /* Failure count resets to 1 on next failure. */
+    sim_preauth(240, FALSE, &ent);
+    CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 240);
+
+    /* Exercise LDAP code to clear a policy reference and to set the key
+     * data on an existing principal. */
+    CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy));
+    ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA;
+    CHECK(krb5_db_put_principal(ctx, ent));
+    CHECK(krb5_db_delete_policy(ctx, polname));
+
+    /* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as
+     * from a load operation. */
+    ent->mask = (sample_entry.mask & ~KADM5_POLICY) | KADM5_LOAD;
+    CHECK(krb5_db_put_principal(ctx, ent));
+
+    /* Exercise LDAP code to create a new principal at a DN from
+     * KDB_TL_USER_INFO tl-data. */
+    CHECK(krb5_db_delete_principal(ctx, &sample_princ));
+    CHECK(krb5_db_put_principal(ctx, ent));
+    krb5_db_free_principal(ctx, ent);
+
+    /* Exercise principal iteration code. */
+    count = 0;
+    CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count, 0));
+    CHECK_COND(count == 1);
+
+    CHECK(krb5_db_fini(ctx));
+    CHECK_COND(krb5_db_inited(ctx) != 0);
+
+    /* It might be nice to exercise krb5_db_destroy here, but the LDAP module
+     * doesn't support it. */
+
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/localauth.c b/krb5-1.21.3/src/tests/localauth.c
new file mode 100644
index 00000000..a3f7e15c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/localauth.c
@@ -0,0 +1,72 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/localauth.c - test harness for kuserok and aname_to_lname */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <krb5.h>
+#include <stdio.h>
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_principal princ;
+    char buf[1024];
+
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: localauth principal [localuser]\n");
+        return 1;
+    }
+    check(krb5_init_context(&ctx));
+    check(krb5_parse_name(ctx, argv[1], &princ));
+    if (argc == 3) {
+        printf("%s\n", krb5_kuserok(ctx, princ, argv[2]) ? "yes" : "no");
+    } else {
+        check(krb5_aname_to_localname(ctx, princ, sizeof(buf), buf));
+        printf("%s\n", buf);
+    }
+    krb5_free_principal(ctx, princ);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/misc/Makefile.in b/krb5-1.21.3/src/tests/misc/Makefile.in
new file mode 100644
index 00000000..81feb1d8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/Makefile.in
@@ -0,0 +1,58 @@
+mydir=tests$(S)misc
+BUILDTOP=$(REL)..$(S)..
+
+OBJS=\
+	test_getpw.o \
+	test_chpw_message.o
+
+SRCS=\
+	$(srcdir)/test_getpw.c \
+	$(srcdir)/test_chpw_message.c \
+	$(srcdir)/test_getsockname.c \
+	$(srcdir)/test_cxx_krb5.cpp \
+	$(srcdir)/test_cxx_k5int.cpp \
+	$(srcdir)/test_cxx_gss.cpp \
+	$(srcdir)/test_cxx_rpc.cpp \
+	$(srcdir)/test_cxx_kadm5.cpp
+
+all: test_getpw test_chpw_message
+
+check: test_getpw test_chpw_message test_cxx_krb5 test_cxx_gss test_cxx_rpc test_cxx_k5int test_cxx_kadm5
+	$(RUN_TEST) ./test_getpw
+	$(RUN_TEST) ./test_chpw_message
+	$(RUN_TEST) ./test_cxx_krb5
+	$(RUN_TEST) ./test_cxx_k5int
+	$(RUN_TEST) ./test_cxx_gss
+	$(RUN_TEST) ./test_cxx_rpc
+	$(RUN_TEST) ./test_cxx_kadm5
+
+test_getpw: $(OUTPRE)test_getpw.$(OBJEXT) $(SUPPORT_DEPLIB)
+	$(CC_LINK) $(ALL_CFLAGS) -o test_getpw $(OUTPRE)test_getpw.$(OBJEXT) $(SUPPORT_LIB)
+
+test_chpw_message: $(OUTPRE)test_chpw_message.$(OBJEXT) $(SUPPORT_DEPLIB)
+	$(CC_LINK) $(ALL_CFLAGS) -o test_chpw_message $(OUTPRE)test_chpw_message.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS)
+
+test_getsockname: $(OUTPRE)test_getsockname.$(OBJEXT)
+	$(CC_LINK) $(ALL_CFLAGS) -o test_getsockname $(OUTPRE)test_getsockname.$(OBJEXT) $(LIBS)
+
+test_cxx_krb5: $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_DEPLIB)
+	$(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_krb5 $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS)
+test_cxx_k5int: $(OUTPRE)test_cxx_k5int.$(OBJEXT) $(KRB5_DEPLIB)
+	$(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_k5int $(OUTPRE)test_cxx_k5int.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS)
+test_cxx_gss: $(OUTPRE)test_cxx_gss.$(OBJEXT)
+	$(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_gss $(OUTPRE)test_cxx_gss.$(OBJEXT) $(LIBS)
+test_cxx_rpc: $(OUTPRE)test_cxx_rpc.$(OBJEXT) $(GSSRPC_DEPLIBS)
+	$(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_rpc $(OUTPRE)test_cxx_rpc.$(OBJEXT) $(GSSRPC_LIBS) $(KRB5_BASE_LIBS) $(LIBS)
+test_cxx_kadm5: $(OUTPRE)test_cxx_kadm5.$(OBJEXT) $(KADMCLNT_DEPLIBS)
+	$(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_kadm5 $(OUTPRE)test_cxx_kadm5.$(OBJEXT) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(LIBS)
+
+test_cxx_krb5.$(OBJEXT): test_cxx_krb5.cpp
+test_cxx_gss.$(OBJEXT): test_cxx_gss.cpp
+test_cxx_rpc.$(OBJEXT): test_cxx_rpc.cpp
+test_cxx_kadm5.$(OBJEXT): test_cxx_kadm5.cpp
+
+install:
+
+clean:
+	$(RM) test_getpw test_chpw_message test_cxx_krb5 test_cxx_gss test_cxx_k5int test_cxx_rpc test_cxx_kadm5 *.o
+
diff --git a/krb5-1.21.3/src/tests/misc/deps b/krb5-1.21.3/src/tests/misc/deps
new file mode 100644
index 00000000..2572f0c3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/deps
@@ -0,0 +1,44 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)test_getpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  test_getpw.c
+$(OUTPRE)test_chpw_message.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  test_chpw_message.c
+$(OUTPRE)test_getsockname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  test_getsockname.c
+$(OUTPRE)test_cxx_krb5.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h test_cxx_krb5.cpp
+$(OUTPRE)test_cxx_k5int.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-ipc_stream.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h test_cxx_k5int.cpp
+$(OUTPRE)test_cxx_gss.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  test_cxx_gss.cpp
+$(OUTPRE)test_cxx_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h test_cxx_rpc.cpp
+$(OUTPRE)test_cxx_kadm5.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h test_cxx_kadm5.cpp
diff --git a/krb5-1.21.3/src/tests/misc/test_chpw_message.c b/krb5-1.21.3/src/tests/misc/test_chpw_message.c
new file mode 100644
index 00000000..c6fdaa13
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_chpw_message.c
@@ -0,0 +1,174 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/misc/test_getpw.c */
+/*
+ * Copyright (C) 2012 by the Red Hat Inc.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#include "krb5.h"
+
+#include <sys/types.h>
+#include <assert.h>
+#include <locale.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static krb5_data result_utf8 = {
+    0, 23, "This is a valid string.",
+};
+
+static krb5_data result_invalid_utf8 = {
+    0, 19, "\0This is not valid.",
+};
+
+static krb5_data result_ad_complex = {
+    0, 30,
+    "\0\0"             /* zero bytes */
+    "\0\0\0\0"         /* min length */
+    "\0\0\0\0"         /* history */
+    "\0\0\0\1"         /* properties, complex */
+    "\0\0\0\0\0\0\0\0" /* expire */
+    "\0\0\0\0\0\0\0\0" /* min age */
+};
+
+static krb5_data result_ad_length = {
+    0, 30,
+    "\0\0"             /* zero bytes */
+    "\0\0\0\x0d"       /* min length, 13 characters */
+    "\0\0\0\0"         /* history */
+    "\0\0\0\0"         /* properties */
+    "\0\0\0\0\0\0\0\0" /* expire */
+    "\0\0\0\0\0\0\0\0" /* min age */
+};
+
+static krb5_data result_ad_history = {
+    0, 30,
+    "\0\0"             /* zero bytes */
+    "\0\0\0\0"         /* min length */
+    "\0\0\0\x09"       /* history, 9 passwords */
+    "\0\0\0\0"         /* properties */
+    "\0\0\0\0\0\0\0\0" /* expire */
+    "\0\0\0\0\0\0\0\0" /* min age */
+};
+
+static krb5_data result_ad_age = {
+    0, 30,
+    "\0\0"                        /* zero bytes */
+    "\0\0\0\0"                    /* min length */
+    "\0\0\0\0"                    /* history, 9 passwords */
+    "\0\0\0\0"                    /* properties */
+    "\0\0\0\0\0\0\0\0"            /* expire */
+    "\0\0\x01\x92\x54\xd3\x80\0"  /* min age, 2 days */
+};
+
+static krb5_data result_ad_all = {
+    0, 30,
+    "\0\0"                      /* zero bytes */
+    "\0\0\0\x05"                /* min length, 5 characters */
+    "\0\0\0\x0D"                /* history, 13 passwords */
+    "\0\0\0\x01"                /* properties, complex */
+    "\0\0\0\0\0\0\0\0"          /* expire */
+    "\0\0\0\xc9\x2a\x69\xc0\0"  /* min age, 1 day */
+};
+
+static void
+check(krb5_error_code code)
+{
+    if (code != 0) {
+        com_err("t_vfy_increds", code, "");
+        abort();
+    }
+}
+
+static void
+check_msg(const char *real, const char *expected)
+{
+    if (strstr(real, expected) == NULL) {
+        fprintf(stderr, "Expected to see: %s\n", expected);
+        abort();
+    }
+}
+
+int
+main(void)
+{
+    krb5_context context;
+    char *msg;
+
+    setlocale(LC_ALL, "C");
+
+    check(krb5_init_context(&context));
+
+    /* Valid utf-8 data in the result should be returned as is */
+    check(krb5_chpw_message(context, &result_utf8, &msg));
+    printf("  UTF8 valid:   %s\n", msg);
+    check_msg(msg, "This is a valid string.");
+    free(msg);
+
+    /* Invalid data should have a generic message. */
+    check(krb5_chpw_message(context, &result_invalid_utf8, &msg));
+    printf("  UTF8 invalid: %s\n", msg);
+    check_msg(msg, "contact your administrator");
+    free(msg);
+
+    /* AD data with complex data requirement */
+    check(krb5_chpw_message(context, &result_ad_complex, &msg));
+    printf("  AD complex:   %s\n", msg);
+    check_msg(msg, "The password must include numbers or symbols.");
+    check_msg(msg, "Don't include any part of your name in the password.");
+    free(msg);
+
+    /* AD data with min password length */
+    check(krb5_chpw_message(context, &result_ad_length, &msg));
+    printf("  AD length:    %s\n", msg);
+    check_msg(msg, "The password must contain at least 13 characters.");
+    free(msg);
+
+    /* AD data with history requirements */
+    check(krb5_chpw_message(context, &result_ad_history, &msg));
+    printf("  AD history:   %s\n", msg);
+    check_msg(msg, "The password must be different from the previous 9 "
+              "passwords.");
+    free(msg);
+
+    /* AD data with minimum age */
+    check(krb5_chpw_message(context, &result_ad_age, &msg));
+    printf("  AD min age:   %s\n", msg);
+    check_msg(msg, "The password can only be changed every 2 days.");
+    free(msg);
+
+    /* AD data with all */
+    check(krb5_chpw_message(context, &result_ad_all, &msg));
+    printf("  AD all:       %s\n", msg);
+    check_msg(msg, "The password can only be changed once a day.");
+    check_msg(msg, "The password must be different from the previous 13 "
+              "passwords.");
+    check_msg(msg, "The password must contain at least 5 characters.");
+    check_msg(msg, "The password must include numbers or symbols.");
+    check_msg(msg, "Don't include any part of your name in the password.");
+    free(msg);
+
+    krb5_free_context(context);
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_cxx_gss.cpp b/krb5-1.21.3/src/tests/misc/test_cxx_gss.cpp
new file mode 100644
index 00000000..91622cd8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_cxx_gss.cpp
@@ -0,0 +1,10 @@
+// Test that the gssapi.h header is compatible with C++ application code.
+
+#include <stdio.h>
+#include "gssapi/gssapi.h"
+
+int main ()
+{
+    printf("hello, world\n");
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_cxx_k5int.cpp b/krb5-1.21.3/src/tests/misc/test_cxx_k5int.cpp
new file mode 100644
index 00000000..bb6005f6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_cxx_k5int.cpp
@@ -0,0 +1,20 @@
+// Test that the krb5 internal headers are compatible with C++ code.
+// (Some Windows-specific code is in C++ in this source tree.)
+
+#include <stdio.h>
+#include "k5-int.h"
+#include "k5-ipc_stream.h"
+#include "k5-utf8.h"
+
+int main (int argc, char *argv[])
+{
+    krb5_context ctx;
+
+    if (krb5_init_context(&ctx) != 0) {
+	printf("krb5_init_context returned an error\n");
+	return 1;
+    }
+    printf("hello, world\n");
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_cxx_kadm5.cpp b/krb5-1.21.3/src/tests/misc/test_cxx_kadm5.cpp
new file mode 100644
index 00000000..59422ed1
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_cxx_kadm5.cpp
@@ -0,0 +1,15 @@
+// Test that the kadm5 header is compatible with C++ application code.
+
+#include "kadm5/admin.h"
+
+krb5_context ctx;
+kadm5_config_params p_in, p_out;
+int main (int argc, char *argv[])
+{
+    if (argc == 47 && kadm5_get_config_params(ctx, 1, &p_in, &p_out)) {
+	printf("error\n");
+	return 1;
+    }
+    printf("hello, world\n");
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_cxx_krb5.cpp b/krb5-1.21.3/src/tests/misc/test_cxx_krb5.cpp
new file mode 100644
index 00000000..002120bf
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_cxx_krb5.cpp
@@ -0,0 +1,19 @@
+// Test that the krb5.h header is compatible with C++ application code.
+
+#include <stdio.h>
+#include "krb5.h"
+#include "krb5/locate_plugin.h"
+#include "profile.h"
+
+int main (int argc, char *argv[])
+{
+    krb5_context ctx;
+
+    if (krb5_init_context(&ctx) != 0) {
+	printf("krb5_init_context returned an error\n");
+	return 1;
+    }
+    printf("hello, world\n");
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_cxx_rpc.cpp b/krb5-1.21.3/src/tests/misc/test_cxx_rpc.cpp
new file mode 100644
index 00000000..a7194878
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_cxx_rpc.cpp
@@ -0,0 +1,14 @@
+// Test that the rpc.h header is compatible with C++ application code.
+
+#include "gssrpc/rpc.h"
+
+struct sockaddr_in s_in;
+int main (int argc, char *argv[])
+{
+    if (argc == 47 && get_myaddress (&s_in)) {
+	printf("error\n");
+	return 1;
+    }
+    printf("hello, world\n");
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_getpw.c b/krb5-1.21.3/src/tests/misc/test_getpw.c
new file mode 100644
index 00000000..6031e150
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_getpw.c
@@ -0,0 +1,51 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/misc/test_getpw.c */
+/*
+ * Copyright (C) 2005 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "autoconf.h"
+#include "k5-platform.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+int main()
+{
+    uid_t my_uid;
+    struct passwd *pwd, pwx;
+    char pwbuf[BUFSIZ];
+    int x;
+
+    my_uid = getuid();
+    printf("my uid: %ld\n", (long) my_uid);
+
+    x = k5_getpwuid_r(my_uid, &pwx, pwbuf, sizeof(pwbuf), &pwd);
+    printf("k5_getpwuid_r returns %d\n", x);
+    if (x != 0)
+        exit(1);
+    printf("    username is '%s'\n", pwd->pw_name);
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_getsockname.c b/krb5-1.21.3/src/tests/misc/test_getsockname.c
new file mode 100644
index 00000000..4fb875fa
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_getsockname.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/misc/test_getsockname.c */
+/*
+ * Copyright (C) 1995 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * test_getsockname.c
+ *
+ * This routine demonstrates a bug in the socket emulation library of
+ * Solaris and other monstrosities that uses STREAMS.  On other
+ * machines with a real networking layer, it prints the local
+ * interface address that is used to send a message to a specific
+ * host.  On Solaris, it prints out 0.0.0.0.
+ */
+
+#include "autoconf.h"
+#include <unistd.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <string.h>
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    int sock;
+    GETSOCKNAME_ARG3_TYPE i;
+    struct hostent *host;
+    struct sockaddr_in s_sock;          /* server address */
+    struct sockaddr_in c_sock;          /* client address */
+
+    char *hostname;
+
+    if (argc == 2) {
+        hostname = argv[1];
+    } else {
+        fprintf(stderr, "Usage: %s hostname\n", argv[0]);
+        exit(1);
+    }
+
+    /* Look up server host */
+    if ((host = gethostbyname(hostname)) == (struct hostent *) 0) {
+        fprintf(stderr, "%s: unknown host\n", hostname);
+        exit(1);
+    }
+
+    /* Set server's address */
+    (void) memset(&s_sock, 0, sizeof(s_sock));
+
+    memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
+#ifdef DEBUG
+    printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr));
+#endif
+    s_sock.sin_family = AF_INET;
+    s_sock.sin_port = htons(5555);
+
+    /* Open a socket */
+    if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+        perror("socket");
+        exit(1);
+    }
+
+    memset(&c_sock, 0, sizeof(c_sock));
+    c_sock.sin_family = AF_INET;
+
+    /* Bind it to set the address; kernel will fill in port # */
+    if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
+        perror("bind");
+        exit(1);
+    }
+
+    /* "connect" the datagram socket; this is necessary to get a local address
+       properly bound for getsockname() below. */
+    if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
+        perror("connect");
+        exit(1);
+    }
+
+    /* Get my address */
+    memset(&c_sock, 0, sizeof(c_sock));
+    i = sizeof(c_sock);
+    if (getsockname(sock, (struct sockaddr *)&c_sock, &i) < 0) {
+        perror("getsockname");
+        exit(1);
+    }
+
+    printf("My interface address is: %s\n", inet_ntoa(c_sock.sin_addr));
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/tests/misc/test_nfold.c b/krb5-1.21.3/src/tests/misc/test_nfold.c
new file mode 100644
index 00000000..e72502d6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/misc/test_nfold.c
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  FundsXpress makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+    int inlen, outlen, i;
+    unsigned char *instr, *outstr;
+
+    if (argc != 3) {
+        fprintf(stderr, "%s: instr outlen\n", argv[0]);
+        exit(1);
+    }
+
+    instr = (unsigned char *) argv[1];
+    inlen = strlen(instr)*8;
+    outlen = atoi(argv[2]);
+    if (outlen%8) {
+        fprintf(stderr, "outlen must be a multiple of 8\n");
+        exit(1);
+    }
+
+    if ((outstr = (unsigned char *) malloc(outlen/8)) == NULL) {
+        fprintf(stderr, "ENOMEM\n");
+        exit(1);
+    }
+
+    krb5int_nfold(inlen,instr,outlen,outstr);
+
+    printf("%d-fold(",outlen);
+    for (i=0; i<(inlen/8); i++)
+        printf("%02x",instr[i]);
+    printf(") = ");
+    for (i=0; i<(outlen/8); i++)
+        printf("%02x",outstr[i]);
+    printf("\n");
+
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/ca.pem b/krb5-1.21.3/src/tests/pkinit-certs/ca.pem
new file mode 100644
index 00000000..63d31c1f
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/ca.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowgacxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i
+cmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtl
+cmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBk
+byBub3QgdXNlIG90aGVyd2lzZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAM+lV5iaVats0yBFN4FBe6bovloNe3d0F9qMuhKqlECv6cFra75gSGmHJz6t
+GTK8zITU7sni429azTZC9IQnUt/2lW8dWzpZD1T5Vt1DYvYFqVzjhNfzeEDK88ig
+ENfzaX/cY2P76arJr0cewGaauzaux8heYW1CjBxWmk6kWq4aD+5jggchvBeOGEE2
+NkV3MPbXut8fu+3NzuuIG7Z0ilwQv+KUvQ8QQb9VCwdsDh/ERsQ4loC9P4jtuWCJ
+ikIE78GxDcOMoC1ftJtW/mBCS2iCHipXrp2BDDJMyHxZjHpl0VoDR7koWGtD3sos
+EwUkXVvWIuKs432h2dXQ+u8HaBsCAwEAAaOCARgwggEUMB0GA1UdDgQWBBT0F6X7
+1QRftDiSeNSY3bks3nK0IzCB1AYDVR0jBIHMMIHJgBT0F6X71QRftDiSeNSY3bks
+3nK0I6GBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
+dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoGA1UECgwDTUlUMSkwJwYDVQQLDCBJ
+bnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVzdCBDQTEzMDEGA1UEAwwqcGtpbml0
+IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQE
+AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBT2FJVPS+U
+0MXa1HUOETuUPrVff7VeIvyAPm9IgX1zNbCvktCc4d7ErNB3P5ng8aZz4MKqwzuX
+HVhUxbF7JKfyUI41lcixPG+k+U9mzBJaozWT+K1OhdUF//mGPxaxe5jyUhDiQArD
+/6vulX0/B+1iuIa1sCfoeelzqQcYHqhZdWn6bBdcDWNARHIXWs5zPeKA975+d5TW
+rofE7T8nNQJvcZoVjCSfcYXhP82D/0sA+wPCt3fgbBZdvJ89xwvIlzBtiwC++Zbe
+37Rt5av0+ykpR7nmh2jyG+ItzE73nYKdBrUI5J6JLSbUcQTw4jeXHwDULUHZ6fXg
+TBEM2v1VW4Df
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/generic.p12 b/krb5-1.21.3/src/tests/pkinit-certs/generic.p12
new file mode 100644
index 00000000..35c27415
Binary files /dev/null and b/krb5-1.21.3/src/tests/pkinit-certs/generic.p12 differ
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/generic.pem b/krb5-1.21.3/src/tests/pkinit-certs/generic.pem
new file mode 100644
index 00000000..55ebb3db
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/generic.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCS
+OTfZununxFDxuThhIFDWEZ9p2qSqTrxKtKx4CDvdckz4kaKybiNZTW7Dlh6IwWta
+60eq98WrMHXYlSaN87r95lU0ug2RFJh4uLdq3a5NM/daIIjO0Bo86oC+8EBM961Q
+mCMe7dn9ngFK92msdqO+wfpAfvhSpBPtAjQovigirheiEoER/ov9t9/3mRi5OTkY
+8YfKT/z6XJrnOUIB3AgCdGyzSRvWLqLrbh7iAFVrm6Pq6D2nNr+mE9r5u7uFl3r8
+QeDgp0Unwd1ISWTHZlrP4bq29w7y2O+/2KV04Og8z+4zoGD4nRinuJBUdNqwAXVz
+dz6pXFWgLRD+9ddI5jB0
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/kdc.pem b/krb5-1.21.3/src/tests/pkinit-certs/kdc.pem
new file mode 100644
index 00000000..e46afc17
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/kdc.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE4TCCA8mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowSTELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQwwCgYDVQQDDANLREMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDPpVeYmlWrbNMgRTeBQXum6L5aDXt3dBfajLoSqpRAr+nBa2u+YEhphyc+
+rRkyvMyE1O7J4uNvWs02QvSEJ1Lf9pVvHVs6WQ9U+VbdQ2L2Balc44TX83hAyvPI
+oBDX82l/3GNj++mqya9HHsBmmrs2rsfIXmFtQowcVppOpFquGg/uY4IHIbwXjhhB
+NjZFdzD217rfH7vtzc7riBu2dIpcEL/ilL0PEEG/VQsHbA4fxEbEOJaAvT+I7blg
+iYpCBO/BsQ3DjKAtX7SbVv5gQktogh4qV66dgQwyTMh8WYx6ZdFaA0e5KFhrQ97K
+LBMFJF1b1iLirON9odnV0PrvB2gbAgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQU9Bel
++9UEX7Q4knjUmN25LN5ytCMwgdQGA1UdIwSBzDCByYAU9Bel+9UEX7Q4knjUmN25
+LN5ytCOhga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl
+dHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwg
+SW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5p
+dCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZYIBATALBgNVHQ8E
+BAMCA+gwDAYDVR0TAQH/BAIwADBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgDRsL
+S1JCVEVTVC5DT02hIDAeoAMCAQKhFzAVGwZrcmJ0Z3QbC0tSQlRFU1QuQ09NMBIG
+A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBAJZd7v5ZOMs8Y3ht
+Kmtql8rKs0Jee73gVHYw3LXxJfHjIiNGdexxuWJ6Hy9gFnfwSco+15HP3MxMBkau
+TKo3i1+Kwf+lc7gIZ0g/CEnYOx2smHGd9yGudWypunYLjGWfH/2M8/Wu1gZDTxQ1
+pNMQZ2pPLL/C6c6vYpVQJ5cA0RSh/SC5IbOESUpZaFFMYxF5TNz+28/lDr/rN41O
+miklos6cH5EkJyI0WUqJMk04HHjREl/9RTak8mo/eaqjUMTAOyweSwpaYRCddBOo
+y1ix9yH0fSBib1+WQ3MAHZHgbgVnu7V2GnB6qMNqRLHoGa03x+5Q1X0QuKxP6iYo
+9tiGt3k=
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/make-certs.sh b/krb5-1.21.3/src/tests/pkinit-certs/make-certs.sh
new file mode 100755
index 00000000..5284f425
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/make-certs.sh
@@ -0,0 +1,172 @@
+#!/bin/sh -e
+
+NAMETYPE=1
+KRBTGT_NAMETYPE=2
+KEYSIZE=2048
+DAYS=4000
+REALM=KRBTEST.COM
+LOWREALM=krbtest.com
+KRB5_PRINCIPAL_SAN=1.3.6.1.5.2.2
+KRB5_UPN_SAN=1.3.6.1.4.1.311.20.2.3
+PKINIT_KDC_EKU=1.3.6.1.5.2.3.5
+PKINIT_CLIENT_EKU=1.3.6.1.5.2.3.4
+TLS_SERVER_EKU=1.3.6.1.5.5.7.3.1
+TLS_CLIENT_EKU=1.3.6.1.5.5.7.3.2
+EMAIL_PROTECTION_EKU=1.3.6.1.5.5.7.3.4
+# Add TLS EKUs to these if we're testing with NSS and we still have to
+# piggy-back on the TLS trust settings.
+KDC_EKU_LIST=$PKINIT_KDC_EKU
+CLIENT_EKU_LIST=$PKINIT_CLIENT_EKU
+
+cat > openssl.cnf << EOF
+[req]
+prompt = no
+distinguished_name = \$ENV::SUBJECT
+
+[ca]
+CN = test CA certificate
+C = US
+ST = Massachusetts
+L = Cambridge
+O = MIT
+OU = Insecure PKINIT Kerberos test CA
+CN = pkinit test suite CA; do not use otherwise
+
+[kdc]
+C = US
+ST = Massachusetts
+O = KRBTEST.COM
+CN = KDC
+
+[user]
+C = US
+ST = Massachusetts
+O = KRBTEST.COM
+CN = user
+
+[exts_ca]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
+basicConstraints = critical,CA:TRUE
+
+[components_kdc]
+0.component=GeneralString:krbtgt
+1.component=GeneralString:$REALM
+
+[princ_kdc]
+nametype=EXPLICIT:0,INTEGER:$KRBTGT_NAMETYPE
+components=EXPLICIT:1,SEQUENCE:components_kdc
+
+[krb5princ_kdc]
+realm=EXPLICIT:0,GeneralString:$REALM
+princ=EXPLICIT:1,SEQUENCE:princ_kdc
+
+[exts_kdc]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+subjectAltName = otherName:$KRB5_PRINCIPAL_SAN;SEQUENCE:krb5princ_kdc
+extendedKeyUsage = $KDC_EKU_LIST
+
+[components_client]
+component=GeneralString:user
+
+[princ_client]
+nametype=EXPLICIT:0,INTEGER:$NAMETYPE
+components=EXPLICIT:1,SEQUENCE:components_client
+
+[krb5princ_client]
+realm=EXPLICIT:0,GeneralString:$REALM
+princ=EXPLICIT:1,SEQUENCE:princ_client
+
+[exts_client]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+subjectAltName = otherName:$KRB5_PRINCIPAL_SAN;SEQUENCE:krb5princ_client
+extendedKeyUsage = $CLIENT_EKU_LIST
+
+[exts_upn_client]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+subjectAltName = otherName:$KRB5_UPN_SAN;UTF8:user@$LOWREALM
+extendedKeyUsage = $CLIENT_EKU_LIST
+
+[exts_upn2_client]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+subjectAltName = otherName:$KRB5_UPN_SAN;UTF8:user
+extendedKeyUsage = $CLIENT_EKU_LIST
+
+[exts_upn3_client]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+subjectAltName = otherName:$KRB5_UPN_SAN;UTF8:user@$REALM
+extendedKeyUsage = $CLIENT_EKU_LIST
+
+[exts_none]
+EOF
+
+# Generate a private key.
+openssl genrsa $KEYSIZE > privkey.pem
+openssl rsa -in privkey.pem -out privkey-enc.pem -des3 -passout pass:encrypted
+
+# Generate a "CA" certificate.
+SUBJECT=ca openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
+    -set_serial 1 -days $DAYS -key privkey.pem -out ca.pem
+
+serial=2
+gen_cert() {
+    SUBJECT=$1 openssl req -config openssl.cnf -new -key privkey.pem -out csr
+    SUBJECT=$1 openssl x509 -extfile openssl.cnf -extensions $2 \
+           -set_serial $serial -days $DAYS -req -CA ca.pem -CAkey privkey.pem \
+           -in csr -out $3
+    serial=$((serial + 1))
+    rm -f csr
+}
+
+gen_pkcs12() {
+    # Use -descert to make OpenSSL 1.1 generate files OpenSSL 3.0 can
+    # read (the default uses RC2, which is only available in the
+    # legacy provider in OpenSSL 3).  This option causes an algorithm
+    # downgrade with OpenSSL 3.0 (AES to DES3), but that isn't
+    # important for test certs.
+    openssl pkcs12 -export -descert -in "$1" -inkey privkey.pem -out "$2" \
+            -passout pass:"$3"
+}
+
+# Generate a KDC certificate.
+gen_cert kdc exts_kdc kdc.pem
+
+# Generate a client certificate and PKCS#12 bundles.
+gen_cert user exts_client user.pem
+gen_pkcs12 user.pem user.p12
+gen_pkcs12 user.pem user-enc.p12 encrypted
+
+# Generate a client certificate and PKCS#12 bundle with a UPN SAN.
+gen_cert user exts_upn_client user-upn.pem
+gen_pkcs12 user-upn.pem user-upn.p12
+
+# Same, but with no realm in the UPN SAN.
+gen_cert user exts_upn2_client user-upn2.pem
+gen_pkcs12 user-upn2.pem user-upn2.p12
+
+# Same, but with an uppercase realm in the UPN SAN.
+gen_cert user exts_upn3_client user-upn3.pem
+gen_pkcs12 user-upn3.pem user-upn3.p12
+
+# Generate a client certificate and PKCS#12 bundle with no PKINIT extensions.
+gen_cert user exts_none generic.pem
+gen_pkcs12 generic.pem generic.p12
+
+# Clean up.
+rm -f openssl.cnf
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/privkey-enc.pem b/krb5-1.21.3/src/tests/pkinit-certs/privkey-enc.pem
new file mode 100644
index 00000000..29d2f3d3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/privkey-enc.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5FFF1E71BFFB65E3
+
+p89x5YEL+Mb6IPZXEkkr0KC4Wj+JtgE3VKdTT0wEcRD74QVv+dbbZt62WgmpJtId
+ph0Ial2z5Mws8L/aTkPdW2H/bEroApLu4TfUV+w67KcWgrc8gOg73d6gEObqx8li
+qGbs7FC1cI1WfDfnNOnCbD66e5+bTI8fDuchaieNRqzROd9RHhmlBHgylTmf55us
+laGuwLq2cZk/+Xz0M8PPx07uauGkAK0fyfifn/JR3PsGsE9s334osVQMjbjyT0VE
+rm8HGm3PvZHHDUnkOh7AGKyEtsIa5fJAULUjugp2lQJqOigC4HVn8a33xfLI0F1+
+2nH9MZ+Ap1rtI1cJX8CDn/Ij9oFt01scLxynYekYej11zFiR6qHC0sspxu0Yi8l0
+puBPXCI0GzyF9I53ukjGeibTtssz5yw1r+2oVasR4bvfXczPjqTQCBsPSUayNNhw
+RgT7k4QTY2OlrK/5XdILBzBlsvfndXgGOwEDw4YE7PMzMmz69vPMK7CfedUqtuXq
+bGBks58tzeOa4NSfVDOuFLI+LMkoYWMSjPGD/I0trX41xCU+O6PZOnDyt5ZWl1Tm
+klJpsB7rUcwsP8d4w4QGhyyV6Mo2MTlnTILr4CwwvmDMBch3yzwbfKdeywsFQh0S
+NMrG3aYNO7csRRTD6aGvYcBCbavWq7Ujsb/fV7SOIS26f4VEqewvOFlFEXm66zaz
+GJ0IcjtNHYNIIIW4690djxPqlGgbIZTblBSBlT+iOW5HrhXvrLeMmwAPxInU5dK+
+ypk2MGc4SzemkDi8H9jDW3dwbgcvVD9wn0glhVLQKWvP6F73UUdVEXMCZ+960xnR
+gxeEwDdIpzXNadWdON1kRbqI2KesRY/XQErGHDOvf2gNSM9V2gPz+5humvcu3mXY
+r4537On4+IdzetEVtI7D0slgojs+jN8waigpkLFB5RVl8PnzblMuWOkHNA86rrp+
+h6wNqv9kHLgPjpAyB1l/7w4VqXLXeC4PdaGc2fcpdNWOncUnHROmDmYvdTocqhIF
+bAsEFV7QZoTgDB7J6vLsmbtfawtHMSb81V/wTJWRrtY/gJCrkJXR2pTYAZlPX6vK
+aK7K2NuhJFMnrQD+kxsrloSEyfsZmHtk0mAVXJw4wSxlH3eGQ+Jphb/M2wtsnWV1
+w0fehxL2Vd5SyBBctAGhUirhRngbOO/E8IioymrziQ88vJZs2DxvbuNG4WKTuTwj
+CIggXohCNKdqrwL2HAynm2FVEWhbKrQwe4kjZc64WjccR4cy9vv+dxFfrKl+vZ1o
+Wvb0WXND7fiSBrPo7OfaYM5HjrcvIRP1AtMuArhuQYVARmawUG0l7dFLN97Rh9M+
+Ud9vBIfQYlubnTGVVm/5xrUh2isQbp2vrZLfMrUNXMQm0vSxKgGkAxqNUuklJC06
+LvCtEWMYXiBmB1zP4khwCHmHB+/E1gHBAutCzhpPu86ayEtNHBHIFkqKvZSg/UuZ
++ygDdTJV00I2neIdeQcyG+vPg6huIDIHpG5u6eQn5sLqVkhr+apeNcskMWpdkpFS
+Lo62KUZDR3yB83ne63c3IGex0hWhVojJOAxykpGp6OD9uFn6Xn7x2Q==
+-----END RSA PRIVATE KEY-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/privkey.pem b/krb5-1.21.3/src/tests/pkinit-certs/privkey.pem
new file mode 100644
index 00000000..007b6275
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/privkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEoAIBAAKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtr
+vmBIaYcnPq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE
+1/N4QMrzyKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOC
+ByG8F44YQTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiW
+gL0/iO25YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNH
+uShYa0PeyiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABAoIBAEpnKYMR0h6xyNjo
+VGIpT6BYB1UHPbVo0N9Ly6TCoIqpPe5DioDVyTye5A4OQlgu1G3ISqPme6478ApA
+ZZMw7/42QgdlknnOzbKaAWkZK02Sa8RP9hrXL8CvuDisOjzXCHd7RdXevzSmPfsS
+5sgdK3YFnKqMPwbCcKf61CHXvHJjWGuTIHIRh8P7gJelA4ahO0kYQ8aRXv3ldquO
+ukSI5gyk9CN+aAHqt25kEmt9oOgk+8kfKpnk+5gkOCY2YOFDDckD7nL1VIIrDxwG
+SmU598qjVwycDairWUY8uSuPCOLgbvDM9N8cERDMsyNQL63GE8ZZyHZsJ3Pbwdfs
+JVHh5ekCgYEA/CwhaT9D0WQ49GQdeI7aqazHEYDmqPdE2/qbmr67tPMZzX8AAk9j
+r4aMT+oIdtIMPdoQNNcBP6NYZLlAoMbLoAzHmWJnF5/YWLnS2Wg9OuXUOBn3jk1l
+SWelJfAKGeBld5fpSLTdHjRAwJrNCX+mc0IZIiEw2IvGUPgKGX08bX8CgYEA0swx
+xCDgvfoaKueInw/rUIcKxrSxK3pDhaR01Dg2pwSo7Vj9W01zf33qe+mjma6+U2SB
+fk+/O2VXDuEOmVDLwvp6PkmUeRE5PyH7urTMEjy5ELNGiZd9zHoG/zJnRgPwTjuW
+yguvjVGJwI1IvmODuA7Xc7iHFlvGNuxXZjPkS2UCgYA0nFxoIdvbTsaXLl/7rAow
+xixOGY+GBvil0HYwZcSxrtpeRjXRRZDtqOuTLKeRaqdFLD6fV5AaH9EsSn4STQdk
+n+XwuVf61M2FTVeRJi9IH3UUM06zsLAGDYqmDJt+5JMmzVnNYnaTe6FazbEjXy9x
+8oNd3IDdXOQGNomc4cT+rwKBgBbABOr25Wp7cJGK1XrdO/c/69DQNYLMujbVLeqt
+enCCFz0uaoGNFVcAHutqpsZyToYvha49KxVc9Y1cirfPOX58i+7nAAgk7Lm8kC9x
+Tcj2Fr8PqiA1YlVMIi8uoGi1Ch1XXwnFQxgMYcKPPPeXQ+L8bxJFKwcltnm8/h3A
+ofXlAn9AW6fYZLSzOfNQTMnuukhuAtZcEW9NlJHbej305zK89J66S8wroQs5iOla
+5GG+S4YaZh5sVGw+mnS+FCw7cQCUk40kXwX3yTrxlX1qGSCFCQnFdJow+5NVg4D+
+dzDKzniH71OZZFxTqiiz76XxiaW/rS1uOfP/WSVR9NBLpV5n
+-----END RSA PRIVATE KEY-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-enc.p12 b/krb5-1.21.3/src/tests/pkinit-certs/user-enc.p12
new file mode 100644
index 00000000..1cc3aa3d
Binary files /dev/null and b/krb5-1.21.3/src/tests/pkinit-certs/user-enc.p12 differ
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-upn.p12 b/krb5-1.21.3/src/tests/pkinit-certs/user-upn.p12
new file mode 100644
index 00000000..bf47384a
Binary files /dev/null and b/krb5-1.21.3/src/tests/pkinit-certs/user-upn.p12 differ
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-upn.pem b/krb5-1.21.3/src/tests/pkinit-certs/user-upn.pem
new file mode 100644
index 00000000..14a11831
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/user-upn.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
+IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
+aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
+BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM
+EHVzZXJAa3JidGVzdC5jb20wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B
+AQsFAAOCAQEAYTW8tzURX2s8vuDawXEJt2as5q2MnvhUmG0YPIvK4n2fODkMW/I9
+XENFhK8wwQJNdzvBUwXUXzEGjFcGPs672ZVzykRb7sAfGlNu1f15z0KrjyUj82oz
+/gWoLwdYwZnO8jqtKjGtnLi2MeWjVCoiUW5ypUGwtEdcyZUG0PeRUrdrZu5cm+iZ
+1B1exR4lepR1iSAPYTNhp5VF6T8BSLf2BO2IKTgFnF4Xx1vyZZTsY10mruZ8S1ZR
+XiajBVdHkN1BpWWyFKt1BCt0dpRx9W7CihC3Ln9fBCsY8QA969EjRhszG2i09Xxw
+0M6/UgIQRU6hy7QTlcmehDKY0zvVJ2/RLw==
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-upn2.p12 b/krb5-1.21.3/src/tests/pkinit-certs/user-upn2.p12
new file mode 100644
index 00000000..69ca648a
Binary files /dev/null and b/krb5-1.21.3/src/tests/pkinit-certs/user-upn2.p12 differ
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-upn2.pem b/krb5-1.21.3/src/tests/pkinit-certs/user-upn2.pem
new file mode 100644
index 00000000..baef41a5
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/user-upn2.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
+IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
+aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
+BAQDAgPoMAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFqAUBgorBgEEAYI3FAIDoAYM
+BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAAsGC
+LvikD/nW3eOym4f/uuKBscOGSByP9/HoP8QwvnLYU00i5n+zXSTQctotHIifsRc4
+xHLO8xemJp7rm0h/27C1Wo5AVxJ0cmnDKQf8Ast+QXsz9ZeaeKLa5D8sDOfnZXJB
+aMTb8ChjyZz+KLjXV0VbaVkY95mfqsOoJQcl9wHhNdDOygnSucvA5Svlrbo2rlKt
+75OJZJJWrZxuaBuuSYNpCKyyg61t69hPoDKDQZ8QJZHGugWqQ2swYe9dZpUYy5xV
+CGTLCAk9ZOn8hTCC6xbNaJFjflIjcjpwabw0r986/9GeAF6KqSNbMXKaY4LLuk/8
+5FH9S8/3F56ZCNxbZQ==
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-upn3.p12 b/krb5-1.21.3/src/tests/pkinit-certs/user-upn3.p12
new file mode 100644
index 00000000..9aabc3a8
Binary files /dev/null and b/krb5-1.21.3/src/tests/pkinit-certs/user-upn3.p12 differ
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user-upn3.pem b/krb5-1.21.3/src/tests/pkinit-certs/user-upn3.pem
new file mode 100644
index 00000000..000d567d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/user-upn3.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
+IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
+aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
+BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM
+EHVzZXJAS1JCVEVTVC5DT00wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B
+AQsFAAOCAQEApwXjFJ86RLM4MzbScqk0JGqm+jzaFZ6h5oyt0rlaxdhOl7kqOmIE
+sLhXtvZm75roA+UULZHumB6xg3Y0p7cc6VBAYYycWoNkhWXZMdQ8Q33vMos5cwLY
+kXjl4oTDK53goh8IlriRMV7Tv/QpJ8wh+7iqQn3lak0Tv51JexYGwp5sJREYm8q5
+rr3ChlgH7SWF8mhbu2EEiipm0whEqA4tlNKGBsTQBslnm8sK0VfVDcmLOGbMNjRs
+r+Hkd8yVvhIJ9M+WAp/OeF2vUzPBJtAfIaJBxcZmKtNI5Jk8cK/vScJZboa0qAAz
+2Y1uC9rP830mpOe0juhV2mMPron0hi1HaA==
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user.p12 b/krb5-1.21.3/src/tests/pkinit-certs/user.p12
new file mode 100644
index 00000000..e5520110
Binary files /dev/null and b/krb5-1.21.3/src/tests/pkinit-certs/user.p12 differ
diff --git a/krb5-1.21.3/src/tests/pkinit-certs/user.pem b/krb5-1.21.3/src/tests/pkinit-certs/user.pem
new file mode 100644
index 00000000..182ea599
--- /dev/null
+++ b/krb5-1.21.3/src/tests/pkinit-certs/user.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz
+dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug
+b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowSjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF
+U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn
+Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz
+yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y
+QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25
+YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe
+yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFPQX
+pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd
+uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz
+ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM
+IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu
+aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P
+BAQDAgPoMAwGA1UdEwEB/wQCMAAwOQYDVR0RBDIwMKAuBgYrBgEFAgKgJDAioA0b
+C0tSQlRFU1QuQ09NoREwD6ADAgEBoQgwBhsEdXNlcjASBgNVHSUECzAJBgcrBgEF
+AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQAOBeCDK6Eg6Cu8TZ7xeAw2AbTpaW04nNSV
+Fmm0aIskMgLl2a5KEmalG7rnArRXv5IZVYFjJ6X0MzjOx+BgaGUCvN8jz1fuO3Hp
+iGhxPDzKjFMWJeY/z5bQRueSI6RCC8DzH8iPdlPUQ8ZhnukhY1Vt47wqraf197uT
+0XP21qQr1uRY+ZcLSBKZuKe9ZP3ijh57MOLvYDdAFxVp77JLznpk+oU18ujAtYgZ
+7naIGYtSQRkIi970jk82hSpc9B/KN8UcDuo+DQHWPQaDf39s30qoxooZBoue5ipp
+LQHuVaX5Hoi83cWbsVluce/JsW8GfbuC8+8CosAmzJly183f8++9
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/plugorder.c b/krb5-1.21.3/src/tests/plugorder.c
new file mode 100644
index 00000000..e1245e47
--- /dev/null
+++ b/krb5-1.21.3/src/tests/plugorder.c
@@ -0,0 +1,96 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/plugorder.c - Test harness to display the order of loaded plugins */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file registers a few dummy built-in pwqual modules, then prints out the
+ * order of pwqual modules returned by k5_plugin_load_all.  The choice of the
+ * pwqual interface is mostly arbitrary; it is an interface which libkrb5
+ * itself doesn't use, for which we have a test module.
+ */
+
+#include "k5-int.h"
+#include <krb5/pwqual_plugin.h>
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static krb5_error_code
+blt1(krb5_context context, int maj_ver, int min_ver, krb5_plugin_vtable vtable)
+{
+    ((krb5_pwqual_vtable)vtable)->name = "blt1";
+    return 0;
+}
+
+static krb5_error_code
+blt2(krb5_context context, int maj_ver, int min_ver, krb5_plugin_vtable vtable)
+{
+    ((krb5_pwqual_vtable)vtable)->name = "blt2";
+    return 0;
+}
+
+static krb5_error_code
+blt3(krb5_context context, int maj_ver, int min_ver, krb5_plugin_vtable vtable)
+{
+    ((krb5_pwqual_vtable)vtable)->name = "blt3";
+    return 0;
+}
+
+int
+main()
+{
+    krb5_plugin_initvt_fn *modules = NULL, *mod;
+    struct krb5_pwqual_vtable_st vt;
+
+    check(krb5_init_context(&ctx));
+    check(k5_plugin_register(ctx, PLUGIN_INTERFACE_PWQUAL, "blt1", blt1));
+    check(k5_plugin_register(ctx, PLUGIN_INTERFACE_PWQUAL, "blt2", blt2));
+    check(k5_plugin_register(ctx, PLUGIN_INTERFACE_PWQUAL, "blt3", blt3));
+    check(k5_plugin_load_all(ctx, PLUGIN_INTERFACE_PWQUAL, &modules));
+    for (mod = modules; *mod != NULL; mod++) {
+        check((*mod)(ctx, 1, 1, (krb5_plugin_vtable)&vt));
+        printf("%s\n", vt.name);
+    }
+    k5_plugin_free_modules(ctx, modules);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/proxy-certs/ca.pem b/krb5-1.21.3/src/tests/proxy-certs/ca.pem
new file mode 100644
index 00000000..ee24cba8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/ca.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEuzCCA6OgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
+KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
+OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaMIGZMQswCQYDVQQGEwJVUzEWMBQG
+A1UECAwNTWFzc2FjaHVzZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQK
+DANNSVQxIjAgBgNVBAsMGUluc2VjdXJlIEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNV
+BAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWK
+KayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9
+uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTH
+EO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9
+B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd
+3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABo4IB
+CjCCAQYwHQYDVR0OBBYEFPf/vJvFMCwrABeCC0sq7RGfYeIiMIHGBgNVHSMEgb4w
+gbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGfpIGcMIGZMQswCQYDVQQGEwJVUzEW
+MBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYD
+VQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJlIEtlcmJlcm9zIHRlc3QgQ0ExLDAq
+BgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsG
+A1UdDwQEAwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBz
+q/t9amz4ahTFNc0v69NZrfCBgo7DWBHxXuE0Gov2/RBPwP/+Efrd4+1Tl5fSv6We
+N/cttEUTTM3Z7wtof3mkSQwkozwWpaHXm31St+0FbTuHNpN4i0Uae5lsO8/pTz/L
+VqsVLjGGpkZKP831BO9oJJbwUASNc2dpLs94pojlSlSZzf/u/T+k0wltgZexnQpU
+5IrdPIqteB32ym2XjZWSCS29jL3zoZ/y8UAPIOR/Zi77wNCehOuBx2bzc/P6RNLa
+CuuPMhDu8PPYVB3rfJInmF5wT5jQ9YX4UUb0qYXDRff5/l26fEjLHQSrA/iMqdIW
+dsDwkqTcy1lOjcP3xOMq
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/proxy-certs/make-certs.sh b/krb5-1.21.3/src/tests/proxy-certs/make-certs.sh
new file mode 100755
index 00000000..7a40e2b9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/make-certs.sh
@@ -0,0 +1,124 @@
+#!/bin/sh -e
+
+PWD=`pwd`
+NAMETYPE=1
+KEYSIZE=2048
+DAYS=4000
+REALM=KRBTEST.COM
+TLS_SERVER_EKU=1.3.6.1.5.5.7.3.1
+PROXY_EKU_LIST=$TLS_SERVER_EKU
+
+cat > openssl.cnf << EOF
+[req]
+prompt = no
+distinguished_name = \$ENV::SUBJECT
+
+[ca]
+default_ca = test_ca
+
+[test_ca]
+new_certs_dir = $PWD
+serial = $PWD/ca.srl
+database = $PWD/ca.db
+certificate = $PWD/ca.pem
+private_key = $PWD/privkey.pem
+default_days = $DAYS
+x509_extensions = exts_proxy
+policy = proxyname
+default_md = sha256
+unique_subject = no
+email_in_dn = no
+
+[signer]
+CN = test CA certificate
+C = US
+ST = Massachusetts
+L = Cambridge
+O = MIT
+OU = Insecure Kerberos test CA
+CN = test suite CA; do not use otherwise
+
+[proxy]
+C = US
+ST = Massachusetts
+O = KRBTEST.COM
+CN = PROXYinSubject
+
+[localhost]
+C = US
+ST = Massachusetts
+O = KRBTEST.COM
+CN = localhost
+
+[proxyname]
+C = supplied
+ST = supplied
+O = supplied
+CN = supplied
+
+[exts_ca]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
+basicConstraints = critical,CA:TRUE
+
+[exts_proxy]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+subjectAltName = DNS:proxyŠubjectÄltÑame,DNS:proxySubjectAltName,IP:127.0.0.1,IP:::1,DNS:localhost
+extendedKeyUsage = $PROXY_EKU_LIST
+
+[exts_proxy_no_san]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+basicConstraints = critical,CA:FALSE
+extendedKeyUsage = $PROXY_EKU_LIST
+EOF
+
+# Generate a private key.
+openssl genrsa $KEYSIZE > privkey.pem
+
+# Generate a "CA" certificate.
+SUBJECT=signer openssl req -config openssl.cnf -new -x509 -extensions exts_ca \
+    -set_serial 1 -days $DAYS -key privkey.pem -out ca.pem
+
+# Generate proxy certificate signing requests.
+SUBJECT=proxy openssl req -config openssl.cnf -new -key privkey.pem \
+	-out proxy.csr
+SUBJECT=localhost openssl req -config openssl.cnf -new -key privkey.pem \
+	-out localhost.csr
+
+# Issue the certificate with the right name in a subjectAltName.
+echo 02 > ca.srl
+cat /dev/null > ca.db
+SUBJECT=proxy openssl ca  -config openssl.cnf -extensions exts_proxy \
+    -batch -days $DAYS -notext -out tmp.pem -in proxy.csr
+cat privkey.pem tmp.pem > proxy-san.pem
+
+# Issue a certificate that only has the name in the subject field
+SUBJECT=proxy openssl ca  -config openssl.cnf -extensions exts_proxy_no_san \
+    -batch -days $DAYS -notext -out tmp.pem -in localhost.csr
+cat privkey.pem tmp.pem > proxy-subject.pem
+
+# Issue a certificate that doesn't include any matching name values.
+SUBJECT=proxy openssl ca  -config openssl.cnf -extensions exts_proxy_no_san \
+    -batch -days $DAYS -notext -out tmp.pem -in proxy.csr
+cat privkey.pem tmp.pem > proxy-no-match.pem
+
+# Issue a certificate that contains all matching name values.
+SUBJECT=proxy openssl ca  -config openssl.cnf -extensions exts_proxy \
+    -batch -days $DAYS -notext -out tmp.pem -in localhost.csr
+cat privkey.pem tmp.pem > proxy-ideal.pem
+
+# Corrupt the signature on the certificate.
+SUBJECT=proxy openssl x509 -outform der -in proxy-ideal.pem -out bad.der
+length=`od -Ad bad.der | tail -n 1 | awk '{print $1}'`
+dd if=/dev/zero bs=1 of=bad.der count=16 seek=`expr $length - 16`
+SUBJECT=proxy openssl x509 -inform der -in bad.der -out tmp.pem
+cat privkey.pem tmp.pem > proxy-badsig.pem
+
+# Clean up.
+rm -f openssl.cnf proxy.csr localhost.csr privkey.pem ca.db ca.db.old ca.srl ca.srl.old ca.db.attr ca.db.attr.old 02.pem 03.pem 04.pem 05.pem tmp.pem bad.der
diff --git a/krb5-1.21.3/src/tests/proxy-certs/proxy-badsig.pem b/krb5-1.21.3/src/tests/proxy-certs/proxy-badsig.pem
new file mode 100644
index 00000000..40001d97
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/proxy-badsig.pem
@@ -0,0 +1,56 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
+kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
+e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
+SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
+j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
+zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
+HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
+q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
+zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
+ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
+21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
+YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
+1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
+AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
+47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
+RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
+lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
+tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
+hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
+5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
+yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
+vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
+CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
+X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
+Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE3TCCA8WgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
+KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
+OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaME8xCzAJBgNVBAYTAlVTMRYwFAYD
+VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HC
+eTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Y
+b8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVg
+Ar49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs2
+3snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3
+ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRG
+GDy+ZCKmxf8Zu/8SwwIDAQABo4IBdzCCAXMwHQYDVR0OBBYEFPf/vJvFMCwrABeC
+C0sq7RGfYeIiMIHGBgNVHSMEgb4wgbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGf
+pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAG
+A1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJl
+IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
+dCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQEAwID6DAMBgNVHRMBAf8EAjAAMFkG
+A1UdEQRSMFCCFnByb3h5xaB1YmplY3TDhGx0w5FhbWWCE3Byb3h5U3ViamVjdEFs
+dE5hbWWHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDATBgNVHSUE
+DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAsMRJnxdbnpm5VlCFwNyU
+8ra1wCjj+ZH0POVCM4iXQ77bV6UBpcqlaQUvR7R/H1Bt5t3Cp0ycN/dy+RcXtj+5
+FA84bRM767rsakxTEwjOjWw6GiK6bGjBfQ4F6Q97ELmiM0OZgmW8D56UHZxrI+o7
+QrKWBpFf1UA8n/BmupHBtyW3gudtJS9a71u6lBRydPFqJ4l8YxHckbgPFceSRbRj
+x7E2pQVQ0p2nvG/NVyuC+2L29p81KAsG3vPzwOOfr1Tnpl1/B4R0+XEIy33KHpbz
+Ceyitz6k16fOVNxMI59W2OACPTQ/s99kygh+cARRPfEUAAAAAAAAAAAAAAAAAAAA
+AA==
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/proxy-certs/proxy-ideal.pem b/krb5-1.21.3/src/tests/proxy-certs/proxy-ideal.pem
new file mode 100644
index 00000000..3bb09dc9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/proxy-ideal.pem
@@ -0,0 +1,56 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
+kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
+e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
+SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
+j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
+zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
+HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
+q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
+zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
+ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
+21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
+YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
+1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
+AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
+47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
+RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
+lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
+tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
+hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
+5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
+yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
+vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
+CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
+X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
+Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE3TCCA8WgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
+KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
+OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaME8xCzAJBgNVBAYTAlVTMRYwFAYD
+VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HC
+eTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Y
+b8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVg
+Ar49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs2
+3snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3
+ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRG
+GDy+ZCKmxf8Zu/8SwwIDAQABo4IBdzCCAXMwHQYDVR0OBBYEFPf/vJvFMCwrABeC
+C0sq7RGfYeIiMIHGBgNVHSMEgb4wgbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGf
+pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAG
+A1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJl
+IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
+dCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQEAwID6DAMBgNVHRMBAf8EAjAAMFkG
+A1UdEQRSMFCCFnByb3h5xaB1YmplY3TDhGx0w5FhbWWCE3Byb3h5U3ViamVjdEFs
+dE5hbWWHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDATBgNVHSUE
+DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAsMRJnxdbnpm5VlCFwNyU
+8ra1wCjj+ZH0POVCM4iXQ77bV6UBpcqlaQUvR7R/H1Bt5t3Cp0ycN/dy+RcXtj+5
+FA84bRM767rsakxTEwjOjWw6GiK6bGjBfQ4F6Q97ELmiM0OZgmW8D56UHZxrI+o7
+QrKWBpFf1UA8n/BmupHBtyW3gudtJS9a71u6lBRydPFqJ4l8YxHckbgPFceSRbRj
+x7E2pQVQ0p2nvG/NVyuC+2L29p81KAsG3vPzwOOfr1Tnpl1/B4R0+XEIy33KHpbz
+Ceyitz6k16fOVNxMI59W2OACPTQ/s99kygh+cARRPfEUPjDcJpS1gRZ6kDKRh6Np
+ig==
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/proxy-certs/proxy-no-match.pem b/krb5-1.21.3/src/tests/proxy-certs/proxy-no-match.pem
new file mode 100644
index 00000000..7464e40d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/proxy-no-match.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
+kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
+e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
+SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
+j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
+zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
+HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
+q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
+zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
+ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
+21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
+YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
+1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
+AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
+47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
+RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
+lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
+tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
+hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
+5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
+yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
+vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
+CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
+X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
+Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEhzCCA2+gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
+KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
+OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaMFQxCzAJBgNVBAYTAlVTMRYwFAYD
+VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTEXMBUGA1UE
+AwwOUFJPWFlpblN1YmplY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDngcJ5NNR7XbumqMryvbw0YzDavbH6FYoprIfk2ao6qfCfNEeRkTlSORrND+H3
+tLotnphvzDeYkTJfU91w0BEPDaZs48WTk325ecFvoBmiDuGH3Ax7/+D1rs+kpqd/
+Dr19JWACvj1MUWIugq7JOAeIk4HtiA/RtMcQ7iUuq6w9AzXqVENJ2heDja50CHe4
+Fj5AOzbeyctKIH72+3yC3qBeJphvcEE5az0Hc8qzfvg32Q4+yByP7yTJH8z6r5F8
+rluKpLdx7+zG89XQqx6H//W4nGVtALA6IF3dMtYcuFb0XuvMRy/OfUx9yTfmzRcM
+NGUbFEYYPL5kIqbF/xm7/xLDAgMBAAGjggEcMIIBGDAdBgNVHQ4EFgQU9/+8m8Uw
+LCsAF4ILSyrtEZ9h4iIwgcYGA1UdIwSBvjCBu4AU9/+8m8UwLCsAF4ILSyrtEZ9h
+4iKhgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRz
+MRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEiMCAGA1UECwwZSW5z
+ZWN1cmUgS2VyYmVyb3MgdGVzdCBDQTEsMCoGA1UEAwwjdGVzdCBzdWl0ZSBDQTsg
+ZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0PBAQDAgPoMAwGA1UdEwEB/wQC
+MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAI0Ons8g
+6aXdZsKSmp1hbwNUvsY5GNl/QHVJIMQbe9zNVkW9Hp286fzkMar6peTB9MEnhzJ5
+5mbJM9DkugzgJeG0+HwsSdjAQCOcG4jSQ3SaASETOo58LsaG/yssIaZiZdJBrzNb
+1D5fJVVpopZMZ/mKUNB/2ofUVGVBZCdfyOoIbVSkkm1UHJ9liLFK1ZNPDTX60613
+YNl4BydTiXtEg+IOYgmFXuZj310dDZUMHuYdzAM5j+6i2JaIcK4PgDE+yG9Oj9N+
+uKjj0iHWyoZW49y9Hq/oiMegi2X4XZBtbZlEUu4OkpBJ1QG0MTaz/vN94sHiLOzS
+81b7+2BMgHd51+E=
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/proxy-certs/proxy-san.pem b/krb5-1.21.3/src/tests/proxy-certs/proxy-san.pem
new file mode 100644
index 00000000..8eaeceec
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/proxy-san.pem
@@ -0,0 +1,56 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
+kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
+e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
+SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
+j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
+zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
+HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
+q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
+zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
+ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
+21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
+YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
+1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
+AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
+47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
+RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
+lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
+tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
+hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
+5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
+yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
+vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
+CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
+X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
+Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE4jCCA8qgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
+KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
+OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaMFQxCzAJBgNVBAYTAlVTMRYwFAYD
+VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTEXMBUGA1UE
+AwwOUFJPWFlpblN1YmplY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDngcJ5NNR7XbumqMryvbw0YzDavbH6FYoprIfk2ao6qfCfNEeRkTlSORrND+H3
+tLotnphvzDeYkTJfU91w0BEPDaZs48WTk325ecFvoBmiDuGH3Ax7/+D1rs+kpqd/
+Dr19JWACvj1MUWIugq7JOAeIk4HtiA/RtMcQ7iUuq6w9AzXqVENJ2heDja50CHe4
+Fj5AOzbeyctKIH72+3yC3qBeJphvcEE5az0Hc8qzfvg32Q4+yByP7yTJH8z6r5F8
+rluKpLdx7+zG89XQqx6H//W4nGVtALA6IF3dMtYcuFb0XuvMRy/OfUx9yTfmzRcM
+NGUbFEYYPL5kIqbF/xm7/xLDAgMBAAGjggF3MIIBczAdBgNVHQ4EFgQU9/+8m8Uw
+LCsAF4ILSyrtEZ9h4iIwgcYGA1UdIwSBvjCBu4AU9/+8m8UwLCsAF4ILSyrtEZ9h
+4iKhgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRz
+MRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEiMCAGA1UECwwZSW5z
+ZWN1cmUgS2VyYmVyb3MgdGVzdCBDQTEsMCoGA1UEAwwjdGVzdCBzdWl0ZSBDQTsg
+ZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0PBAQDAgPoMAwGA1UdEwEB/wQC
+MAAwWQYDVR0RBFIwUIIWcHJveHnFoHViamVjdMOEbHTDkWFtZYITcHJveHlTdWJq
+ZWN0QWx0TmFtZYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQDQI1/zeNAWvXAG
+CTJk+hFLNx7xzd28/vWGkumK60rSmLVLZNDlvfmNJZ/kd7d0YZFvZDvbzhugXigI
+5N54664XreRwXA7QkgD2laFd/Rzq+6NdhyMCno7V6j1VZUm6/FWgfYjfGEBvbGNv
+Ue50fyRSQBmFv3p87Av/Zc0OMjted0zOYUxUPH0OL+2e4BL/suo05Q5DZq+J8Dni
+7SJbDC0fp5mKVLQ500zIRwUF2y5TE4olBsYBoaMDxQl+HoG6XpzaVslTKXAvzFMk
+8beI2BmqUId1OSLa3TOKnbsK8K/MPnSnB5StINt1+ZtTjjV+dY3xB6ZC+G1Pl6Ta
+00C7EWul
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/proxy-certs/proxy-subject.pem b/krb5-1.21.3/src/tests/proxy-certs/proxy-subject.pem
new file mode 100644
index 00000000..3846aece
--- /dev/null
+++ b/krb5-1.21.3/src/tests/proxy-certs/proxy-subject.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA54HCeTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRH
+kZE5UjkazQ/h97S6LZ6Yb8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wM
+e//g9a7PpKanfw69fSVgAr49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRD
+SdoXg42udAh3uBY+QDs23snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgc
+j+8kyR/M+q+RfK5biqS3ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcv
+zn1Mfck35s0XDDRlGxRGGDy+ZCKmxf8Zu/8SwwIDAQABAoIBAGxzOBQpsIReQ6Lu
+HaybP4hXEzLVfIOIBaJCJaMKaJl0tLkP95r0qiKfh7OahiPRMQpf6k8tHrpFApDv
+q6PGhMdFgLov9YWNqW7y37AYEwn86KAJcHvCQbM2AiXCwGJgGFqA4LpIPlT7JwBc
+zd6LddQALfSFMcvuYPbIaPi1CUnGy/AAyxGjUrc60KO57NbI+dHSTOwTHO1QjOz9
+ESk4fb34beUuZQzR6s/s1N0k09GJyklLpAAblRs5M6w9IlAn781eRLUAHTafLm4b
+21J9k2Q2UaOofn0Cvh8ggyJMiYqAJ0CsRy5pJroEyboA51WU+8THNFkNtRX5SxY5
+YY3xE7ECgYEA/qkq7BPMkr/SnBPm32G1Eux5eLVd65qbox0oTLodZbusuxutqXTp
+1MseDPQtHlrq6CQBizwElx//pdKnIiU9iBS/QkMR9CviitMTt+WrWRrM54/A4CJP
+AU2Jg7b2DmhW1ombHHiBZ1tWzyiv9zxrtwR8kmKqv9aTOuPn4l7jY5kCgYEA6Llr
+47pQjp/YhkBBvlriRwM9RXek++ythgsWvEswORaUalnaZ9gxZOKKas35GLDDuVyT
+RnEhIqVlTg9iz6x5fXRtm6VzQvy9yFLzPMnlwsiSnRNOfMVIETUTOhNgm45tYY8f
+lN5bcdY6k6VZ/g/N3zqddnxkjocrd6lAayjjIrsCgYEAyZLYAcPuQx6JM7fhIGIz
+tQXvZKeS7yITHbq/onQTPuqd4AEZpi9/w0r/v1srt4JZvGR7wF1CeOkAL56dYr69
+hNB/T5DNTkvKZv6K9h5aUg6PsJ8uGXuus6ZPOi4BeAgI7IpBd/i+3TQEc7eOCZIO
+5PAtNqXY6D6NjajGbH2VWckCgYA2KRDmyrF8v86QT9v9BQGsLSDRTerjhk1L6MC9
+yXHLl2mq5oZhrHqyU9aKzKywBlNGjDjqJ+HiQkO1SvdgBW+wtqvbkUGl0VQJjuR0
+vTfvgOY+EAQwHWmMN6Hl3iSZjyf9kGV1K9p0P7saKV0sN1leHjIPJRvx35tKGeWY
+CsfxiQKBgQCVUvsX/HeWyc4bxxMuzw8JniUG2JftZqIC1haHEFNElASjt4hARM7Y
+X/dkpYPXOZaN+qfvP949rS1WPXRtwMjt7bYzm7MGbXW7OiGGY3LV2CuVmbXJupvr
+Usvi+YnpqKDY/miOYd+541NJm76AQTSgQ8K7XitX7Beddh1U9e17mg==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEgjCCA2qgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG
+A1UECgwDTUlUMSIwIAYDVQQLDBlJbnNlY3VyZSBLZXJiZXJvcyB0ZXN0IENBMSww
+KgYDVQQDDCN0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZTAeFw0x
+OTExMTIxODMwMzRaFw0zMDEwMjUxODMwMzRaME8xCzAJBgNVBAYTAlVTMRYwFAYD
+VQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNPTTESMBAGA1UE
+AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54HC
+eTTUe127pqjK8r28NGMw2r2x+hWKKayH5NmqOqnwnzRHkZE5UjkazQ/h97S6LZ6Y
+b8w3mJEyX1PdcNARDw2mbOPFk5N9uXnBb6AZog7hh9wMe//g9a7PpKanfw69fSVg
+Ar49TFFiLoKuyTgHiJOB7YgP0bTHEO4lLqusPQM16lRDSdoXg42udAh3uBY+QDs2
+3snLSiB+9vt8gt6gXiaYb3BBOWs9B3PKs374N9kOPsgcj+8kyR/M+q+RfK5biqS3
+ce/sxvPV0Kseh//1uJxlbQCwOiBd3TLWHLhW9F7rzEcvzn1Mfck35s0XDDRlGxRG
+GDy+ZCKmxf8Zu/8SwwIDAQABo4IBHDCCARgwHQYDVR0OBBYEFPf/vJvFMCwrABeC
+C0sq7RGfYeIiMIHGBgNVHSMEgb4wgbuAFPf/vJvFMCwrABeCC0sq7RGfYeIioYGf
+pIGcMIGZMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czESMBAG
+A1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxIjAgBgNVBAsMGUluc2VjdXJl
+IEtlcmJlcm9zIHRlc3QgQ0ExLDAqBgNVBAMMI3Rlc3Qgc3VpdGUgQ0E7IGRvIG5v
+dCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQEAwID6DAMBgNVHRMBAf8EAjAAMBMG
+A1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdg7Gk/RqQpTfD
+vyFB1GPWRcLYpYW4GQh3e/dcesmwjwT8Nsd4Mzq9mA9TzJIXwffUQ8de85L5+9Oh
+k4yiwRS3vDCP0fr+GZMpBqkBVunJIHQnm+RWxT42+0kBxxmO/fqp5ztND8gGBLiW
+QPHb+mSCFgmgwnRuW+UI3TZ965oZfd2oRjjHjr51cgxcXndqnNws/kakMpxSM+KT
++ICHNz5og79nC7zpVqu0Cd56stPXbrFeU+bnN5UT9sOZNOYstWZmS8u+ddDuJwhS
+ijJZgtQNOIuBfD2TLfDmg/QfLeh5hhgBVyXC5o8g6KEtjPgm+44OF3vNZeuwVPaf
+L58YyPcO
+-----END CERTIFICATE-----
diff --git a/krb5-1.21.3/src/tests/rdreq.c b/krb5-1.21.3/src/tests/rdreq.c
new file mode 100644
index 00000000..52bec18c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/rdreq.c
@@ -0,0 +1,118 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/rdreq.c - Test harness for krb5_rd_req */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_principal client_princ, tkt_princ, server_princ;
+    krb5_ccache ccache;
+    krb5_creds *cred, mcred;
+    krb5_auth_context auth_con;
+    krb5_data apreq;
+    krb5_error_code ret, code;
+    const char *tkt_name, *server_name, *emsg;
+
+    /* Parse arguments. */
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "Usage: rdreq tktname [servername]\n");
+        exit(1);
+    }
+    tkt_name = argv[1];
+    server_name = argv[2];
+
+    if (krb5_init_context(&context) != 0)
+        abort();
+
+    /* Parse the requested principal names. */
+    if (krb5_parse_name(context, tkt_name, &tkt_princ) != 0)
+        abort();
+    if (server_name != NULL) {
+        if (krb5_parse_name(context, server_name, &server_princ) != 0)
+            abort();
+        server_princ->type = KRB5_NT_SRV_HST;
+    } else {
+        server_princ = NULL;
+    }
+
+    /* Produce an AP-REQ message. */
+    if (krb5_cc_default(context, &ccache) != 0)
+        abort();
+    if (krb5_cc_get_principal(context, ccache, &client_princ) != 0)
+        abort();
+    memset(&mcred, 0, sizeof(mcred));
+    mcred.client = client_princ;
+    mcred.server = tkt_princ;
+    if (krb5_get_credentials(context, 0, ccache, &mcred, &cred) != 0)
+        abort();
+    auth_con = NULL;
+    if (krb5_mk_req_extended(context, &auth_con, 0, NULL, cred, &apreq) != 0)
+        abort();
+
+    /* Consume the AP-REQ message without using a replay cache. */
+    krb5_auth_con_free(context, auth_con);
+    if (krb5_auth_con_init(context, &auth_con) != 0)
+        abort();
+    if (krb5_auth_con_setflags(context, auth_con, 0) != 0)
+        abort();
+    ret = krb5_rd_req(context, &auth_con, &apreq, server_princ, NULL, NULL,
+                      NULL);
+
+    /* Display the result. */
+    if (ret) {
+        code = ret - ERROR_TABLE_BASE_krb5;
+        if (code < 0 || code > 127)
+            code = 60;          /* KRB_ERR_GENERIC */
+        emsg = krb5_get_error_message(context, ret);
+        printf("%d %s\n", code, emsg);
+        krb5_free_error_message(context, emsg);
+    } else {
+        printf("0 success\n");
+    }
+
+    krb5_free_data_contents(context, &apreq);
+    assert(apreq.length == 0);
+    krb5_auth_con_free(context, auth_con);
+    krb5_free_creds(context, cred);
+    krb5_cc_close(context, ccache);
+    krb5_free_principal(context, client_princ);
+    krb5_free_principal(context, tkt_princ);
+    krb5_free_principal(context, server_princ);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/replay.c b/krb5-1.21.3/src/tests/replay.c
new file mode 100644
index 00000000..1703123d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/replay.c
@@ -0,0 +1,172 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/replay.c - test replay cache using libkrb5 functions */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-int.h"
+
+int
+main(int argc, char **argv)
+{
+    krb5_error_code ret;
+    krb5_context ctx;
+    krb5_auth_context c_authcon, s_authcon, s_authcon2;
+    krb5_rcache rc;
+    krb5_ccache cc;
+    krb5_principal client, server;
+    krb5_creds mcred, *cred, **tmpcreds;
+    krb5_data der_apreq, der_krbsafe, der_krbpriv, *der_krbcred, tmpdata;
+    krb5_address addr;
+    struct in_addr inaddr;
+    const char *server_name;
+
+    assert(argc == 2);
+    server_name = argv[1];
+
+    /* Create client and server auth contexts.  (They will use a replay cache
+     * by default.) */
+    ret = krb5_init_context(&ctx);
+    assert(ret == 0);
+    ret = krb5_auth_con_init(ctx, &c_authcon);
+    assert(ret == 0);
+    ret = krb5_auth_con_init(ctx, &s_authcon);
+    assert(ret == 0);
+
+    /* Set dummy addresses for the auth contexts. */
+    memset(&inaddr, 0, sizeof(inaddr));
+    addr.addrtype = ADDRTYPE_INET;
+    addr.length = sizeof(inaddr);
+    addr.contents = (uint8_t *)&inaddr;
+    ret = krb5_auth_con_setaddrs(ctx, c_authcon, &addr, &addr);
+    assert(ret == 0);
+    ret = krb5_auth_con_setaddrs(ctx, s_authcon, &addr, &addr);
+    assert(ret == 0);
+
+    /* Set up replay caches for the auth contexts. */
+    tmpdata = string2data("testclient");
+    ret = krb5_get_server_rcache(ctx, &tmpdata, &rc);
+    assert(ret == 0);
+    ret = krb5_auth_con_setrcache(ctx, c_authcon, rc);
+    assert(ret == 0);
+    tmpdata = string2data("testserver");
+    ret = krb5_get_server_rcache(ctx, &tmpdata, &rc);
+    assert(ret == 0);
+    ret = krb5_auth_con_setrcache(ctx, s_authcon, rc);
+    assert(ret == 0);
+
+    /* Construct the client and server principal names. */
+    ret = krb5_cc_default(ctx, &cc);
+    assert(ret == 0);
+    ret = krb5_cc_get_principal(ctx, cc, &client);
+    assert(ret == 0);
+    ret = krb5_parse_name(ctx, server_name, &server);
+    assert(ret == 0);
+
+    /* Get credentials for the client. */
+    memset(&mcred, 0, sizeof(mcred));
+    mcred.client = client;
+    mcred.server = server;
+    ret = krb5_get_credentials(ctx, 0, cc, &mcred, &cred);
+    assert(ret == 0);
+
+    /* Send an AP-REP to establish the sessions. */
+    ret = krb5_mk_req_extended(ctx, &c_authcon, 0, NULL, cred, &der_apreq);
+    assert(ret == 0);
+    ret = krb5_rd_req(ctx, &s_authcon, &der_apreq, NULL, NULL, NULL, NULL);
+    assert(ret == 0);
+
+    /* Set up another server auth context with the same rcache name and replay
+     * the AP-REQ. */
+    ret = krb5_auth_con_init(ctx, &s_authcon2);
+    assert(ret == 0);
+    tmpdata = string2data("testserver");
+    ret = krb5_get_server_rcache(ctx, &tmpdata, &rc);
+    assert(ret == 0);
+    ret = krb5_auth_con_setrcache(ctx, s_authcon2, rc);
+    assert(ret == 0);
+    ret = krb5_rd_req(ctx, &s_authcon2, &der_apreq, NULL, NULL, NULL, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+    krb5_auth_con_free(ctx, s_authcon2);
+
+    /* Make a KRB-SAFE message with the client auth context. */
+    tmpdata = string2data("safemsg");
+    ret = krb5_mk_safe(ctx, c_authcon, &tmpdata, &der_krbsafe, NULL);
+    assert(ret == 0);
+    /* Play it back to the client to detect a reflection. */
+    ret = krb5_rd_safe(ctx, c_authcon, &der_krbsafe, &tmpdata, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+    /* Send it to the server auth context twice, to detect a replay. */
+    ret = krb5_rd_safe(ctx, s_authcon, &der_krbsafe, &tmpdata, NULL);
+    assert(ret == 0);
+    krb5_free_data_contents(ctx, &tmpdata);
+    ret = krb5_rd_safe(ctx, s_authcon, &der_krbsafe, &tmpdata, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+
+    /* Make a KRB-PRIV message with the client auth context. */
+    tmpdata = string2data("safemsg");
+    ret = krb5_mk_priv(ctx, c_authcon, &tmpdata, &der_krbpriv, NULL);
+    assert(ret == 0);
+    /* Play it back to the client to detect a reflection. */
+    ret = krb5_rd_priv(ctx, c_authcon, &der_krbpriv, &tmpdata, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+    /* Send it to the server auth context twice, to detect a replay. */
+    ret = krb5_rd_priv(ctx, s_authcon, &der_krbpriv, &tmpdata, NULL);
+    assert(ret == 0);
+    krb5_free_data_contents(ctx, &tmpdata);
+    ret = krb5_rd_priv(ctx, s_authcon, &der_krbpriv, &tmpdata, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+
+    /* Make a KRB-CRED message with the client auth context. */
+    tmpdata = string2data("safemsg");
+    ret = krb5_mk_1cred(ctx, c_authcon, cred, &der_krbcred, NULL);
+    assert(ret == 0);
+    /* Play it back to the client to detect a reflection. */
+    ret = krb5_rd_cred(ctx, c_authcon, der_krbcred, &tmpcreds, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+    /* Send it to the server auth context twice, to detect a replay. */
+    ret = krb5_rd_cred(ctx, s_authcon, der_krbcred, &tmpcreds, NULL);
+    assert(ret == 0);
+    krb5_free_tgt_creds(ctx, tmpcreds);
+    ret = krb5_rd_cred(ctx, s_authcon, der_krbcred, &tmpcreds, NULL);
+    assert(ret == KRB5KRB_AP_ERR_REPEAT);
+
+    krb5_free_data_contents(ctx, &der_apreq);
+    krb5_free_data_contents(ctx, &der_krbsafe);
+    krb5_free_data_contents(ctx, &der_krbpriv);
+    krb5_free_data(ctx, der_krbcred);
+    krb5_free_creds(ctx, cred);
+    krb5_cc_close(ctx, cc);
+    krb5_free_principal(ctx, client);
+    krb5_free_principal(ctx, server);
+    krb5_auth_con_free(ctx, c_authcon);
+    krb5_auth_con_free(ctx, s_authcon);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/responder.c b/krb5-1.21.3/src/tests/responder.c
new file mode 100644
index 00000000..82f870ea
--- /dev/null
+++ b/krb5-1.21.3/src/tests/responder.c
@@ -0,0 +1,431 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/responder.c - Test harness for responder callbacks and the like. */
+/*
+ * Copyright 2013 Red Hat, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ *  A helper for testing PKINIT and responder callbacks.
+ *
+ *  This test helper takes multiple options and one argument.
+ *
+ *  responder [options] principal
+ *   -X preauth_option  -> preauth options, as for kinit
+ *   -x challenge       -> expected responder challenge, of the form
+ *                         "question=challenge"
+ *   -r response        -> provide a reponder answer, in the form
+ *                         "question=answer"
+ *   -c                 -> print the pkinit challenge
+ *   -p identity=pin    -> provide a pkinit answer, in the form "identity=pin"
+ *   -o index=value:pin -> provide an OTP answer, in the form "index=value:pin"
+ *   principal          -> client principal name
+ *
+ *  If the responder callback isn't called, that's treated as an error.
+ *
+ *  If an expected responder challenge is specified, when the responder
+ *  callback is called, the challenge associated with the specified question is
+ *  compared against the specified value.  If the value provided to the
+ *  callback doesn't parse as JSON, a literal string compare is performed,
+ *  otherwise both values are parsed as JSON and then re-encoded before
+ *  comparison.  In either case, the comparison must succeed.
+ *
+ *  Any missing data or mismatches are treated as errors.
+ */
+
+#include <k5-platform.h>
+#include <k5-json.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <krb5.h>
+
+struct responder_data {
+    krb5_boolean called;
+    krb5_boolean print_pkinit_challenge;
+    const char *challenge;
+    const char *response;
+    const char *pkinit_answer;
+    const char *otp_answer;
+};
+
+static krb5_error_code
+responder(krb5_context ctx, void *rawdata, krb5_responder_context rctx)
+{
+    krb5_error_code err;
+    char *key, *value, *pin, *encoded1, *encoded2;
+    const char *challenge;
+    k5_json_value decoded1, decoded2;
+    k5_json_object ids;
+    k5_json_number val;
+    krb5_int32 token_flags;
+    struct responder_data *data = rawdata;
+    krb5_responder_pkinit_challenge *chl;
+    krb5_responder_otp_challenge *ochl;
+    unsigned int i, n;
+
+    data->called = TRUE;
+
+    /* Check that a particular challenge has the specified expected value. */
+    if (data->challenge != NULL) {
+        /* Separate the challenge name and its expected value. */
+        key = strdup(data->challenge);
+        if (key == NULL)
+            exit(ENOMEM);
+        value = key + strcspn(key, "=");
+        if (*value != '\0')
+            *value++ = '\0';
+        /* Read the challenge. */
+        challenge = krb5_responder_get_challenge(ctx, rctx, key);
+        err = k5_json_decode(value, &decoded1);
+        /* Check for "no challenge". */
+        if (challenge == NULL && *value == '\0') {
+            fprintf(stderr, "OK: (no challenge) == (no challenge)\n");
+        } else if (err != 0) {
+            /* It's not JSON, so assume we're just after a string compare. */
+            if (strcmp(challenge, value) == 0) {
+                fprintf(stderr, "OK: \"%s\" == \"%s\"\n", challenge, value);
+            } else {
+                fprintf(stderr, "ERROR: \"%s\" != \"%s\"\n", challenge, value);
+                exit(1);
+            }
+        } else {
+            /* Assume we're after a JSON compare - decode the actual value. */
+            err = k5_json_decode(challenge, &decoded2);
+            if (err != 0) {
+                fprintf(stderr, "error decoding \"%s\"\n", challenge);
+                exit(1);
+            }
+            /* Re-encode the expected challenge and the actual challenge... */
+            err = k5_json_encode(decoded1, &encoded1);
+            if (err != 0) {
+                fprintf(stderr, "error encoding json data\n");
+                exit(1);
+            }
+            err = k5_json_encode(decoded2, &encoded2);
+            if (err != 0) {
+                fprintf(stderr, "error encoding json data\n");
+                exit(1);
+            }
+            k5_json_release(decoded1);
+            k5_json_release(decoded2);
+            /* ... and see if they look the same. */
+            if (strcmp(encoded1, encoded2) == 0) {
+                fprintf(stderr, "OK: \"%s\" == \"%s\"\n", encoded1, encoded2);
+            } else {
+                fprintf(stderr, "ERROR: \"%s\" != \"%s\"\n", encoded1,
+                        encoded2);
+                exit(1);
+            }
+            free(encoded1);
+            free(encoded2);
+        }
+        free(key);
+    }
+
+    /* Provide a particular response for a challenge. */
+    if (data->response != NULL) {
+        /* Separate the challenge and its data content... */
+        key = strdup(data->response);
+        if (key == NULL)
+            exit(ENOMEM);
+        value = key + strcspn(key, "=");
+        if (*value != '\0')
+            *value++ = '\0';
+        /* ... and pass it in. */
+        err = krb5_responder_set_answer(ctx, rctx, key, value);
+        if (err != 0) {
+            fprintf(stderr, "error setting response\n");
+            exit(1);
+        }
+        free(key);
+    }
+
+    if (data->print_pkinit_challenge) {
+        /* Read the PKINIT challenge, formatted as a structure. */
+        err = krb5_responder_pkinit_get_challenge(ctx, rctx, &chl);
+        if (err != 0) {
+            fprintf(stderr, "error getting pkinit challenge\n");
+            exit(1);
+        }
+        if (chl != NULL) {
+            for (n = 0; chl->identities[n] != NULL; n++)
+                continue;
+            for (i = 0; chl->identities[i] != NULL; i++) {
+                if (chl->identities[i]->token_flags != -1) {
+                    printf("identity %u/%u: %s (flags=0x%lx)\n", i + 1, n,
+                           chl->identities[i]->identity,
+                           (long)chl->identities[i]->token_flags);
+                } else {
+                    printf("identity %u/%u: %s\n", i + 1, n,
+                           chl->identities[i]->identity);
+                }
+            }
+        }
+        krb5_responder_pkinit_challenge_free(ctx, rctx, chl);
+    }
+
+    /* Provide a particular response for the PKINIT challenge. */
+    if (data->pkinit_answer != NULL) {
+        /* Read the PKINIT challenge, formatted as a structure. */
+        err = krb5_responder_pkinit_get_challenge(ctx, rctx, &chl);
+        if (err != 0) {
+            fprintf(stderr, "error getting pkinit challenge\n");
+            exit(1);
+        }
+        /*
+         * In case order matters, if the identity starts with "FILE:", exercise
+         * the set_answer function, with the real answer second.
+         */
+        if (chl != NULL &&
+            chl->identities != NULL &&
+            chl->identities[0] != NULL) {
+            if (strncmp(chl->identities[0]->identity, "FILE:", 5) == 0)
+                krb5_responder_pkinit_set_answer(ctx, rctx, "foo", "bar");
+        }
+        /* Provide the real answer. */
+        key = strdup(data->pkinit_answer);
+        if (key == NULL)
+            exit(ENOMEM);
+        value = strrchr(key, '=');
+        if (value != NULL)
+            *value++ = '\0';
+        else
+            value = "";
+        err = krb5_responder_pkinit_set_answer(ctx, rctx, key, value);
+        if (err != 0) {
+            fprintf(stderr, "error setting response\n");
+            exit(1);
+        }
+        free(key);
+        /*
+         * In case order matters, if the identity starts with "PKCS12:",
+         * exercise the set_answer function, with the real answer first.
+         */
+        if (chl != NULL &&
+            chl->identities != NULL &&
+            chl->identities[0] != NULL) {
+            if (strncmp(chl->identities[0]->identity, "PKCS12:", 7) == 0)
+                krb5_responder_pkinit_set_answer(ctx, rctx, "foo", "bar");
+        }
+        krb5_responder_pkinit_challenge_free(ctx, rctx, chl);
+    }
+
+    /*
+     * Something we always check: read the PKINIT challenge, both as a
+     * structure and in JSON form, reconstruct the JSON form from the
+     * structure's contents, and check that they're the same.
+     */
+    challenge = krb5_responder_get_challenge(ctx, rctx,
+                                             KRB5_RESPONDER_QUESTION_PKINIT);
+    if (challenge != NULL) {
+        krb5_responder_pkinit_get_challenge(ctx, rctx, &chl);
+        if (chl == NULL) {
+            fprintf(stderr, "pkinit raw challenge set, "
+                    "but structure is NULL\n");
+            exit(1);
+        }
+        if (k5_json_object_create(&ids) != 0) {
+            fprintf(stderr, "error creating json objects\n");
+            exit(1);
+        }
+        for (i = 0; chl->identities[i] != NULL; i++) {
+            token_flags = chl->identities[i]->token_flags;
+            if (k5_json_number_create(token_flags, &val) != 0) {
+                fprintf(stderr, "error creating json number\n");
+                exit(1);
+            }
+            if (k5_json_object_set(ids, chl->identities[i]->identity,
+                                   val) != 0) {
+                fprintf(stderr, "error adding json number to object\n");
+                exit(1);
+            }
+            k5_json_release(val);
+        }
+        /* Encode the structure... */
+        err = k5_json_encode(ids, &encoded1);
+        if (err != 0) {
+            fprintf(stderr, "error encoding json data\n");
+            exit(1);
+        }
+        k5_json_release(ids);
+        /* ... and see if they look the same. */
+        if (strcmp(encoded1, challenge) != 0) {
+            fprintf(stderr, "\"%s\" != \"%s\"\n", encoded1, challenge);
+            exit(1);
+        }
+        krb5_responder_pkinit_challenge_free(ctx, rctx, chl);
+        free(encoded1);
+    }
+
+    /* Provide a particular response for an OTP challenge. */
+    if (data->otp_answer != NULL) {
+        if (krb5_responder_otp_get_challenge(ctx, rctx, &ochl) == 0) {
+            key = strchr(data->otp_answer, '=');
+            if (key != NULL) {
+                /* Make a copy of the answer that we can chop up. */
+                key = strdup(data->otp_answer);
+                if (key == NULL)
+                    return ENOMEM;
+                /* Isolate the ti value. */
+                value = strchr(key, '=');
+                *value++ = '\0';
+                n = atoi(key);
+                /* Break the value and PIN apart. */
+                pin = strchr(value, ':');
+                if (pin != NULL)
+                    *pin++ = '\0';
+                err = krb5_responder_otp_set_answer(ctx, rctx, n, value, pin);
+                if (err != 0) {
+                    fprintf(stderr, "error setting response\n");
+                    exit(1);
+                }
+                free(key);
+            }
+            krb5_responder_otp_challenge_free(ctx, rctx, ochl);
+        }
+    }
+
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_ccache ccache;
+    krb5_get_init_creds_opt *opts;
+    krb5_principal principal;
+    krb5_creds creds;
+    krb5_error_code err;
+    const char *errmsg;
+    char *opt, *val;
+    struct responder_data response;
+    int c;
+
+    err = krb5_init_context(&context);
+    if (err != 0) {
+        fprintf(stderr, "error starting Kerberos: %s\n", error_message(err));
+        return err;
+    }
+    err = krb5_get_init_creds_opt_alloc(context, &opts);
+    if (err != 0) {
+        fprintf(stderr, "error initializing options: %s\n",
+                error_message(err));
+        return err;
+    }
+    err = krb5_cc_default(context, &ccache);
+    if (err != 0) {
+        fprintf(stderr, "error resolving default ccache: %s\n",
+                error_message(err));
+        return err;
+    }
+    err = krb5_get_init_creds_opt_set_out_ccache(context, opts, ccache);
+    if (err != 0) {
+        fprintf(stderr, "error setting output ccache: %s\n",
+                error_message(err));
+        return err;
+    }
+
+    memset(&response, 0, sizeof(response));
+    while ((c = getopt(argc, argv, "X:x:cr:p:")) != -1) {
+        switch (c) {
+        case 'X':
+            /* Like kinit, set a generic preauth option. */
+            opt = strdup(optarg);
+            val = opt + strcspn(opt, "=");
+            if (*val != '\0') {
+                *val++ = '\0';
+            }
+            err = krb5_get_init_creds_opt_set_pa(context, opts, opt, val);
+            if (err != 0) {
+                fprintf(stderr, "error setting option \"%s\": %s\n", opt,
+                        error_message(err));
+                return err;
+            }
+            free(opt);
+            break;
+        case 'x':
+            /* Check that a particular question has a specific challenge. */
+            response.challenge = optarg;
+            break;
+        case 'c':
+            /* Note that we want a dump of the PKINIT challenge structure. */
+            response.print_pkinit_challenge = TRUE;
+            break;
+        case 'r':
+            /* Set a verbatim response for a verbatim challenge. */
+            response.response = optarg;
+            break;
+        case 'p':
+            /* Set a PKINIT answer for a specific PKINIT identity. */
+            response.pkinit_answer = optarg;
+            break;
+        case 'o':
+            /* Set an OTP answer for a specific OTP tokeninfo. */
+            response.otp_answer = optarg;
+            break;
+        }
+    }
+
+    if (argc > optind) {
+        err = krb5_parse_name(context, argv[optind], &principal);
+        if (err != 0) {
+            fprintf(stderr, "error parsing name \"%s\": %s", argv[optind],
+                    error_message(err));
+            return err;
+        }
+    } else {
+        fprintf(stderr, "error: no principal name provided\n");
+        return -1;
+    }
+
+    err = krb5_get_init_creds_opt_set_responder(context, opts,
+                                                responder, &response);
+    if (err != 0) {
+        fprintf(stderr, "error setting responder: %s\n", error_message(err));
+        return err;
+    }
+    memset(&creds, 0, sizeof(creds));
+    err = krb5_get_init_creds_password(context, &creds, principal, NULL,
+                                       NULL, NULL, 0, NULL, opts);
+    if (err == 0)
+        krb5_free_cred_contents(context, &creds);
+    krb5_free_principal(context, principal);
+    krb5_get_init_creds_opt_free(context, opts);
+    krb5_cc_close(context, ccache);
+
+    if (!response.called) {
+        fprintf(stderr, "error: responder callback wasn't called\n");
+        err = 1;
+    } else if (err) {
+        errmsg = krb5_get_error_message(context, err);
+        fprintf(stderr, "error: krb5_get_init_creds_password failed: %s\n",
+                errmsg);
+        krb5_free_error_message(context, errmsg);
+        err = 2;
+    }
+    krb5_free_context(context);
+    return err;
+}
diff --git a/krb5-1.21.3/src/tests/s2p.c b/krb5-1.21.3/src/tests/s2p.c
new file mode 100644
index 00000000..8fb2a94d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/s2p.c
@@ -0,0 +1,81 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/s2p.c - krb5_name_to_principal test harness */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <krb5.h>
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_principal princ;
+    krb5_int32 type;
+    const char *service, *hostname;
+    char *name;
+
+    /* Parse arguments. */
+    assert(argc == 4);
+    hostname = argv[1];
+    service = argv[2];
+    if (strcmp(argv[3], "unknown") == 0)
+        type = KRB5_NT_UNKNOWN;
+    else if (strcmp(argv[3], "srv-hst") == 0)
+        type = KRB5_NT_SRV_HST;
+    else
+        abort();
+
+    check(krb5_init_context(&ctx));
+    check(krb5_sname_to_principal(ctx, hostname, service, type, &princ));
+    check(krb5_unparse_name(ctx, princ, &name));
+    printf("%s\n", name);
+
+    krb5_free_unparsed_name(ctx, name);
+    krb5_free_principal(ctx, princ);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/s4u2proxy.c b/krb5-1.21.3/src/tests/s4u2proxy.c
new file mode 100644
index 00000000..3786bad2
--- /dev/null
+++ b/krb5-1.21.3/src/tests/s4u2proxy.c
@@ -0,0 +1,147 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/s4u2proxy.c - S4U2Proxy test harness */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage: s4u2proxy evccname targetname [ad-type ad-contents]
+ *
+ * evccname contains an evidence ticket.  The default ccache contains a TGT for
+ * the intermediate service.  The default keytab contains a key for the
+ * intermediate service.  An S4U2Proxy request is made to get a ticket from
+ * evccname's default principal to the target service.  The resulting cred is
+ * stored in the default ccache.
+ */
+
+#include <k5-int.h>
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static krb5_authdata **
+make_request_authdata(int type, const char *contents)
+{
+    krb5_authdata *ad;
+    krb5_authdata **req_authdata;
+
+    ad = malloc(sizeof(*ad));
+    assert(ad != NULL);
+    ad->magic = KV5M_AUTHDATA;
+    ad->ad_type = type;
+    ad->length = strlen(contents);
+    ad->contents = (unsigned char *)strdup(contents);
+    assert(ad->contents != NULL);
+
+    req_authdata = malloc(2 * sizeof(*req_authdata));
+    assert(req_authdata != NULL);
+    req_authdata[0] = ad;
+    req_authdata[1] = NULL;
+
+    return req_authdata;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_ccache defcc, evcc;
+    krb5_principal client_name, int_name, target_name;
+    krb5_keytab defkt;
+    krb5_creds mcred, ev_cred, *new_cred;
+    krb5_ticket *ev_ticket;
+    krb5_authdata **req_authdata = NULL;
+
+    if (argc == 5) {
+        req_authdata = make_request_authdata(atoi(argv[3]), argv[4]);
+        argc -= 2;
+    }
+
+    assert(argc == 3);
+    check(krb5_init_context(&context));
+
+    /* Open the default ccache, evidence ticket ccache, and default keytab. */
+    check(krb5_cc_default(context, &defcc));
+    check(krb5_cc_resolve(context, argv[1], &evcc));
+    check(krb5_kt_default(context, &defkt));
+
+    /* Determine the client name, intermediate name, and target name. */
+    check(krb5_cc_get_principal(context, evcc, &client_name));
+    check(krb5_cc_get_principal(context, defcc, &int_name));
+    check(krb5_parse_name(context, argv[2], &target_name));
+
+    /* Retrieve and decrypt the evidence ticket. */
+    memset(&mcred, 0, sizeof(mcred));
+    mcred.client = client_name;
+    mcred.server = int_name;
+    check(krb5_cc_retrieve_cred(context, evcc, 0, &mcred, &ev_cred));
+    check(krb5_decode_ticket(&ev_cred.ticket, &ev_ticket));
+    check(krb5_server_decrypt_ticket_keytab(context, defkt, ev_ticket));
+
+    /* Make an S4U2Proxy request for the target service. */
+    mcred.client = client_name;
+    mcred.server = target_name;
+    mcred.authdata = req_authdata;
+    check(krb5_get_credentials_for_proxy(context, KRB5_GC_NO_STORE |
+                                         KRB5_GC_CANONICALIZE, defcc,
+                                         &mcred, ev_ticket, &new_cred));
+
+    assert(data_eq(new_cred->second_ticket, ev_cred.ticket));
+    assert(new_cred->second_ticket.length != 0);
+
+    /* Store the new cred in the default ccache. */
+    check(krb5_cc_store_cred(context, defcc, new_cred));
+
+    assert(req_authdata == NULL || new_cred->authdata != NULL);
+
+    krb5_cc_close(context, defcc);
+    krb5_cc_close(context, evcc);
+    krb5_kt_close(context, defkt);
+    krb5_free_principal(context, client_name);
+    krb5_free_principal(context, int_name);
+    krb5_free_principal(context, target_name);
+    krb5_free_cred_contents(context, &ev_cred);
+    krb5_free_ticket(context, ev_ticket);
+    krb5_free_creds(context, new_cred);
+    krb5_free_authdata(context, req_authdata);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/s4u2self.c b/krb5-1.21.3/src/tests/s4u2self.c
new file mode 100644
index 00000000..c8e48229
--- /dev/null
+++ b/krb5-1.21.3/src/tests/s4u2self.c
@@ -0,0 +1,128 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Usage: s4u2self user self out_cache [ad-type ad-contents]
+ *
+ * The default ccache contains a TGT for the intermediate service self.  An
+ * S4U2Self request is made to self.  The resulting cred is stored in
+ * out_cache.
+ */
+
+#include <k5-int.h>
+
+static krb5_context ctx;
+
+static void
+check(krb5_error_code code)
+{
+    const char *errmsg;
+
+    if (code) {
+        errmsg = krb5_get_error_message(ctx, code);
+        fprintf(stderr, "%s\n", errmsg);
+        krb5_free_error_message(ctx, errmsg);
+        exit(1);
+    }
+}
+
+static krb5_authdata **
+make_request_authdata(int type, const char *contents)
+{
+    krb5_authdata *ad;
+    krb5_authdata **req_authdata;
+
+    ad = malloc(sizeof(*ad));
+    assert(ad != NULL);
+    ad->magic = KV5M_AUTHDATA;
+    ad->ad_type = type;
+    ad->length = strlen(contents);
+    ad->contents = (unsigned char *)strdup(contents);
+    assert(ad->contents != NULL);
+
+    req_authdata = malloc(2 * sizeof(*req_authdata));
+    assert(req_authdata != NULL);
+    req_authdata[0] = ad;
+    req_authdata[1] = NULL;
+
+    return req_authdata;
+}
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    krb5_ccache defcc, ocache;
+    krb5_principal client, self;
+    krb5_creds mcred, *new_cred;
+    krb5_authdata **req_authdata = NULL;
+
+    if (argc == 6) {
+        req_authdata = make_request_authdata(atoi(argv[4]), argv[5]);
+        argc -= 2;
+    }
+
+    assert(argc == 4);
+    check(krb5_init_context(&context));
+
+    /* Open the default ccache. */
+    check(krb5_cc_default(context, &defcc));
+
+    check(krb5_parse_name(context, argv[1], &client));
+    check(krb5_parse_name(context, argv[2], &self));
+
+    memset(&mcred, 0, sizeof(mcred));
+    mcred.client = client;
+    mcred.server = self;
+    mcred.authdata = req_authdata;
+    check(krb5_get_credentials_for_user(context, KRB5_GC_NO_STORE |
+                                        KRB5_GC_CANONICALIZE, defcc,
+                                        &mcred, NULL, &new_cred));
+
+    if (strcmp(argv[3], "-") == 0) {
+        check(krb5_cc_store_cred(context, defcc, new_cred));
+    } else {
+        check(krb5_cc_resolve(context, argv[3], &ocache));
+        check(krb5_cc_initialize(context, ocache, new_cred->client));
+        check(krb5_cc_store_cred(context, ocache, new_cred));
+        krb5_cc_close(context, ocache);
+    }
+
+    assert(req_authdata == NULL || new_cred->authdata != NULL);
+
+    krb5_cc_close(context, defcc);
+    krb5_free_principal(context, client);
+    krb5_free_principal(context, self);
+    krb5_free_creds(context, new_cred);
+    krb5_free_authdata(context, req_authdata);
+    krb5_free_context(context);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/shlib/Makefile.in b/krb5-1.21.3/src/tests/shlib/Makefile.in
new file mode 100644
index 00000000..ce67be45
--- /dev/null
+++ b/krb5-1.21.3/src/tests/shlib/Makefile.in
@@ -0,0 +1,23 @@
+mydir=tests$(S)shlib
+BUILDTOP=$(REL)..$(S)..
+
+#VALGRIND=valgrind
+#VALGRINDFLAGS=--tool=memcheck --leak-check=yes --show-reachable=yes
+
+SRCS=$(srcdir)/t_loader.c
+
+all:
+
+run-t_loader: t_loader
+	$(RUN_TEST) ./t_loader
+
+t_loader: t_loader.o
+	$(CC_LINK) -o t_loader t_loader.o $(DL_LIB)
+
+check-unix:
+
+install:
+
+clean:
+	$(RM) t_loader.o t_loader
+
diff --git a/krb5-1.21.3/src/tests/shlib/deps b/krb5-1.21.3/src/tests/shlib/deps
new file mode 100644
index 00000000..be6b824f
--- /dev/null
+++ b/krb5-1.21.3/src/tests/shlib/deps
@@ -0,0 +1,8 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)t_loader.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  t_loader.c
diff --git a/krb5-1.21.3/src/tests/shlib/t_loader.c b/krb5-1.21.3/src/tests/shlib/t_loader.c
new file mode 100644
index 00000000..29481a7b
--- /dev/null
+++ b/krb5-1.21.3/src/tests/shlib/t_loader.c
@@ -0,0 +1,374 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/shlib/t_loader.c */
+/*
+ * Copyright (C) 2005 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include "krb5.h"
+#include "gssapi/gssapi.h"
+#define HAVE_DLOPEN 1
+
+static int verbose = 1;
+
+#ifdef HAVE_DLFCN_H
+# include <dlfcn.h>
+#endif
+/* Solaris man page recommends link.h too */
+
+/* lazy = 1 means resolve symbols later, 0 means now; any
+   other flags we should be testing?  On Windows, maybe?
+
+   Return value is the library handle.  On error, print a message and
+   exit.  */
+#define do_open(LIB,REV,FLAGS) do_open_1(LIB,REV,FLAGS,__LINE__)
+static void *do_open_1(const char *libname, const char *rev, int lazy, int line);
+
+/* Look up a function symbol in the library and return a pointer.
+
+   The return value may need casting to the correct type.  On error,
+   print a message and exit.  */
+static void *get_sym_1(void *libhandle, const char *sym, int line);
+#define get_sym(LIB, NAME) get_sym_1(LIB, NAME, __LINE__)
+#define GET_FSYM(TYPE, LIB, NAME) ((TYPE) get_sym(LIB, NAME))
+#define get_gfun(LIB, NAME) ((OM_uint32 KRB5_CALLCONV(*)()) get_sym(LIB, NAME))
+
+/* Close dynamically-opened library.
+
+   If the OS reports an error in doing so, print a message and
+   exit.  */
+#define do_close(X) do_close_1(X, __LINE__)
+static void do_close_1(void *libhandle, int line);
+
+#ifdef HAVE_DLOPEN
+
+#ifdef _AIX
+# define SHLIB_SUFFIX ".a"
+#else
+# define SHLIB_SUFFIX ".so"
+#endif
+
+#define HORIZ 25
+
+static void *do_open_1(const char *libname, const char *rev,
+                       int lazy, int line)
+{
+    void *p;
+    char *namebuf;
+    int r;
+
+    if (verbose)
+        printf("from line %d: do_open(%s)...%*s", line, libname,
+               HORIZ-strlen(libname), "");
+#ifdef _AIX
+    r = asprintf(&namebuf, "lib%s%s", libname, SHLIB_SUFFIX);
+#else
+    r = asprintf(&namebuf, "lib%s%s(shr.o.%s)", libname, SHLIB_SUFFIX, rev);
+#endif
+    if (r < 0) {
+        perror("asprintf");
+        exit(1);
+    }
+
+#ifndef RTLD_MEMBER
+#define RTLD_MEMBER 0
+#endif
+    p = dlopen(namebuf, (lazy ? RTLD_LAZY : RTLD_NOW) | RTLD_MEMBER);
+    if (p == 0) {
+        fprintf(stderr, "dlopen of %s failed: %s\n", namebuf, dlerror());
+        exit(1);
+    }
+    free(namebuf);
+    if (verbose)
+        printf("done: %p\n", p);
+    return p;
+}
+
+#define SYM_PREFIX ""
+static void *get_sym_1(void *libhandle, const char *symname, int line)
+{
+    void *s;
+
+    /* Bah.  Fix this later, if we care.  */
+    assert(strlen(SYM_PREFIX) == 0);
+
+    if (verbose)
+        printf("from line %d: get_sym(%s)...%*s", line, symname,
+               HORIZ-strlen(symname), "");
+
+    s = dlsym(libhandle, symname);
+    if (s == 0) {
+        fprintf(stderr, "symbol %s not found\n", symname);
+        exit(1);
+    }
+    if (verbose)
+        printf("done: %p\n", s);
+    return s;
+}
+
+static void do_close_1(void *libhandle, int line)
+{
+    if (verbose) {
+        char pbuf[3*sizeof(libhandle)+4];
+        snprintf(pbuf, sizeof(pbuf), "%p", libhandle);
+        printf("from line %d: do_close(%s)...%*s", line, pbuf,
+               HORIZ-1-strlen(pbuf), "");
+    }
+    if (dlclose(libhandle) != 0) {
+        fprintf(stderr, "dlclose failed: %s\n", dlerror());
+        exit(1);
+    }
+    if (verbose)
+        printf("done\n");
+}
+
+#elif defined _WIN32
+
+static void *do_open(const char *libname, int lazy)
+{
+    /* To be written?  */
+    abort();
+}
+
+static void *get_sym(void *libhandle, const char *symname)
+{
+    abort();
+}
+
+static void do_close(void *libhandle)
+{
+    abort();
+}
+
+#else
+
+static void *do_open(const char *libname, int lazy)
+{
+    printf("don't know how to do dynamic loading here, punting\n");
+    exit(0);
+}
+
+static void *get_sym(void *libhandle, const char *symname)
+{
+    abort();
+}
+
+static void do_close(void *libhandle)
+{
+    abort();
+}
+
+#endif
+
+int main()
+{
+    void *celib, *k5lib, *gsslib, *celib2;
+
+    (void) setvbuf(stdout, 0, _IONBF, 0);
+
+    celib = do_open("com_err", "3.0", 0);
+    k5lib = do_open("krb5", "3.2", 0);
+    gsslib = do_open("gssapi_krb5", "2.2", 0);
+    celib2 = do_open("com_err", "3.0", 0);
+    do_close(celib2);
+    {
+        typedef krb5_error_code KRB5_CALLCONV (*ict)(krb5_context *);
+        typedef void KRB5_CALLCONV (*fct)(krb5_context);
+
+        ict init_context = (ict) get_sym(k5lib, "krb5_init_context");
+        fct free_context = (fct) get_sym(k5lib, "krb5_free_context");
+        krb5_context ctx;
+        krb5_error_code err;
+
+#define CALLING(S) (verbose ? printf("at   line %d: calling %s...%*s", __LINE__, #S, (int)(HORIZ+1-strlen(#S)), "") : 0)
+#define DONE() (verbose ? printf("done\n") : 0)
+
+        CALLING(krb5_init_context);
+        err = init_context(&ctx);
+        DONE();
+        if (err) {
+            fprintf(stderr, "error 0x%lx initializing context\n",
+                    (unsigned long) err);
+            exit(1);
+        }
+        CALLING(krb5_free_context);
+        free_context(ctx);
+        DONE();
+    }
+    celib2 = do_open("com_err", "3.0", 0);
+    do_close(celib);
+    do_close(k5lib);
+    do_close(celib2);
+    do_close(gsslib);
+
+    /* Test gssapi_krb5 without having loaded anything else.  */
+    gsslib = do_open("gssapi_krb5", "2.2", 1);
+    {
+        OM_uint32 KRB5_CALLCONV (*init_sec_context)(OM_uint32 *, gss_cred_id_t,
+                                                    gss_ctx_id_t *, gss_name_t,
+                                                    gss_OID,
+                                                    OM_uint32, OM_uint32,
+                                                    gss_channel_bindings_t,
+                                                    gss_buffer_t, gss_OID *,
+                                                    gss_buffer_t,
+                                                    OM_uint32 *, OM_uint32 *)
+            = get_gfun(gsslib, "gss_init_sec_context");
+        OM_uint32 KRB5_CALLCONV (*import_name)(OM_uint32 *, gss_buffer_t,
+                                               gss_OID, gss_name_t *)
+            = get_gfun(gsslib, "gss_import_name");
+        OM_uint32 KRB5_CALLCONV (*release_buffer)(OM_uint32 *, gss_buffer_t)
+            = get_gfun(gsslib, "gss_release_buffer");
+        OM_uint32 KRB5_CALLCONV (*release_name)(OM_uint32 *, gss_name_t *)
+            = get_gfun(gsslib, "gss_release_name");
+        OM_uint32 KRB5_CALLCONV (*delete_sec_context)(OM_uint32 *,
+                                                      gss_ctx_id_t *,
+                                                      gss_buffer_t)
+            = get_gfun(gsslib, "gss_delete_sec_context");
+
+        OM_uint32 gmaj, gmin;
+        OM_uint32 retflags;
+        gss_ctx_id_t gctx = GSS_C_NO_CONTEXT;
+        gss_buffer_desc token;
+        gss_name_t target;
+        static gss_buffer_desc target_name_buf = {
+            9, "x@mit.edu"
+        };
+        static gss_OID_desc service_name = {
+            10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
+        };
+
+        CALLING(gss_import_name);
+        gmaj = import_name(&gmin, &target_name_buf, &service_name, &target);
+        DONE();
+        if (gmaj != GSS_S_COMPLETE) {
+            fprintf(stderr,
+                    "import_name reports error major 0x%lx minor 0x%lx(%ld)\n",
+                    (unsigned long) gmaj, (unsigned long) gmin,
+                    (signed long) gmin);
+            exit(1);
+        }
+        /* This will probably get different errors, depending on
+           whether we have tickets at the time.  Doesn't matter much,
+           we're ignoring the error and testing whether we're doing
+           cleanup properly.  (Though the internal cleanup needed in
+           the two cases might be different.)  */
+        CALLING(gss_init_sec_context);
+        gmaj = init_sec_context(&gmin, GSS_C_NO_CREDENTIAL, &gctx, target,
+                                GSS_C_NULL_OID, 0, 0, NULL, GSS_C_NO_BUFFER,
+                                NULL, &token, &retflags, NULL);
+        DONE();
+        /* Ignore success/failure indication.  */
+        if (token.length) {
+            CALLING(gss_release_buffer);
+            release_buffer(&gmin, &token);
+            DONE();
+        }
+        CALLING(gss_release_name);
+        release_name(&gmin, &target);
+        DONE();
+        if (gctx != GSS_C_NO_CONTEXT) {
+            CALLING(gss_delete_sec_context);
+            delete_sec_context(&gmin, gctx, GSS_C_NO_BUFFER);
+            DONE();
+        }
+    }
+    do_close(gsslib);
+
+    /* Test gssapi_krb5 with com_err already loaded, then unload
+       com_err first.  */
+    celib = do_open("com_err", "3.0", 1);
+    gsslib = do_open("gssapi_krb5", "2.2", 1);
+    {
+        OM_uint32 KRB5_CALLCONV (*init_sec_context)(OM_uint32 *, gss_cred_id_t,
+                                                    gss_ctx_id_t *, gss_name_t,
+                                                    gss_OID,
+                                                    OM_uint32, OM_uint32,
+                                                    gss_channel_bindings_t,
+                                                    gss_buffer_t, gss_OID *,
+                                                    gss_buffer_t,
+                                                    OM_uint32 *, OM_uint32 *)
+            = get_gfun(gsslib, "gss_init_sec_context");
+        OM_uint32 KRB5_CALLCONV (*import_name)(OM_uint32 *, gss_buffer_t,
+                                               gss_OID, gss_name_t *)
+            = get_gfun(gsslib, "gss_import_name");
+        OM_uint32 KRB5_CALLCONV (*release_buffer)(OM_uint32 *, gss_buffer_t)
+            = get_gfun(gsslib, "gss_release_buffer");
+        OM_uint32 KRB5_CALLCONV (*release_name)(OM_uint32 *, gss_name_t *)
+            = get_gfun(gsslib, "gss_release_name");
+        OM_uint32 KRB5_CALLCONV (*delete_sec_context)(OM_uint32 *,
+                                                      gss_ctx_id_t *,
+                                                      gss_buffer_t)
+            = get_gfun(gsslib, "gss_delete_sec_context");
+
+        OM_uint32 gmaj, gmin;
+        OM_uint32 retflags;
+        gss_ctx_id_t gctx = GSS_C_NO_CONTEXT;
+        gss_buffer_desc token;
+        gss_name_t target;
+        static gss_buffer_desc target_name_buf = {
+            9, "x@mit.edu"
+        };
+        static gss_OID_desc service_name = {
+            10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
+        };
+
+        CALLING(gss_import_name);
+        gmaj = import_name(&gmin, &target_name_buf, &service_name, &target);
+        DONE();
+        if (gmaj != GSS_S_COMPLETE) {
+            fprintf(stderr,
+                    "import_name reports error major 0x%lx minor 0x%lx(%ld)\n",
+                    (unsigned long) gmaj, (unsigned long) gmin,
+                    (signed long) gmin);
+            exit(1);
+        }
+        /* This will probably get different errors, depending on
+           whether we have tickets at the time.  Doesn't matter much,
+           we're ignoring the error and testing whether we're doing
+           cleanup properly.  (Though the internal cleanup needed in
+           the two cases might be different.)  */
+        CALLING(gss_init_sec_context);
+        gmaj = init_sec_context(&gmin, GSS_C_NO_CREDENTIAL, &gctx, target,
+                                GSS_C_NULL_OID, 0, 0, NULL, GSS_C_NO_BUFFER,
+                                NULL, &token, &retflags, NULL);
+        DONE();
+        /* Ignore success/failure indication.  */
+        if (token.length) {
+            CALLING(gss_release_buffer);
+            release_buffer(&gmin, &token);
+            DONE();
+        }
+        CALLING(gss_release_name);
+        release_name(&gmin, &target);
+        DONE();
+        if (gctx != GSS_C_NO_CONTEXT) {
+            CALLING(gss_delete_sec_context);
+            delete_sec_context(&gmin, gctx, GSS_C_NO_BUFFER);
+            DONE();
+        }
+    }
+    do_close(celib);
+    do_close(gsslib);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/softpkcs11/Makefile.in b/krb5-1.21.3/src/tests/softpkcs11/Makefile.in
new file mode 100644
index 00000000..e8967815
--- /dev/null
+++ b/krb5-1.21.3/src/tests/softpkcs11/Makefile.in
@@ -0,0 +1,21 @@
+mydir=tests$(S)softpkcs11
+BUILDTOP=$(REL)..$(S)..
+
+LOCALINCLUDES = -I$(top_srcdir)/plugins/preauth/pkinit
+
+LIBBASE=softpkcs11
+LIBMAJOR=0
+LIBMINOR=0
+
+SHLIB_EXPLIBS=$(SUPPORT_LIB) -lcrypto
+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
+
+STLIBOBJS=main.o
+
+SRCS=$(srcdir)/main.c
+
+all-unix: all-libs
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/tests/softpkcs11/deps b/krb5-1.21.3/src/tests/softpkcs11/deps
new file mode 100644
index 00000000..1e82d957
--- /dev/null
+++ b/krb5-1.21.3/src/tests/softpkcs11/deps
@@ -0,0 +1,6 @@
+#
+# Generated makefile dependencies follow.
+#
+main.so main.po $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/plugins/preauth/pkinit/pkcs11.h main.c
diff --git a/krb5-1.21.3/src/tests/softpkcs11/main.c b/krb5-1.21.3/src/tests/softpkcs11/main.c
new file mode 100644
index 00000000..82b05ff0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/softpkcs11/main.c
@@ -0,0 +1,2107 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (c) 2004-2006, Stockholms universitet
+ * (Stockholm University, Stockholm Sweden)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the university nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+#include <ctype.h>
+#include <pwd.h>
+
+#include <pkcs11.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
+#define RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay
+#define RSA_get0_key compat_rsa_get0_key
+static void
+compat_rsa_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e,
+                    const BIGNUM **d)
+{
+    if (n != NULL)
+        *n = rsa->n;
+    if (e != NULL)
+        *e = rsa->e;
+    if (d != NULL)
+        *d = rsa->d;
+}
+#endif
+
+#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R)      \
+    {                                                   \
+        unsigned char *p;                               \
+        (BL) = i2d_##T((S), NULL);                      \
+        if ((BL) <= 0) {                                \
+            (R) = EINVAL;                               \
+        } else {                                        \
+            (B) = malloc((BL));                         \
+            if ((B) == NULL) {                          \
+                (R) = ENOMEM;                           \
+            } else {                                    \
+                p = (B);                                \
+                (R) = 0;                                \
+                (BL) = i2d_##T((S), &p);                \
+                if ((BL) <= 0) {                        \
+                    free((B));                          \
+                    (B) = NULL;                         \
+                    (R) = EINVAL;                       \
+                }                                       \
+            }                                           \
+        }                                               \
+    }
+
+/* RCSID("$Id: main.c,v 1.24 2006/01/11 12:42:53 lha Exp $"); */
+
+#define OBJECT_ID_MASK          0xfff
+#define HANDLE_OBJECT_ID(h)     ((h) & OBJECT_ID_MASK)
+#define OBJECT_ID(obj)          HANDLE_OBJECT_ID((obj)->object_handle)
+
+struct st_attr {
+    CK_ATTRIBUTE attribute;
+    int secret;
+};
+
+struct st_object {
+    CK_OBJECT_HANDLE object_handle;
+    struct st_attr *attrs;
+    int num_attributes;
+    enum {
+        STO_T_CERTIFICATE,
+        STO_T_PRIVATE_KEY,
+        STO_T_PUBLIC_KEY
+    } type;
+    union {
+        X509 *cert;
+        EVP_PKEY *public_key;
+        struct {
+            char *file;
+            EVP_PKEY *key;
+            X509 *cert;
+        } private_key;
+    } u;
+};
+
+static struct soft_token {
+    CK_VOID_PTR application;
+    CK_NOTIFY notify;
+    struct {
+        struct st_object **objs;
+        int num_objs;
+    } object;
+    struct {
+        int hardware_slot;
+        int app_error_fatal;
+        int login_done;
+    } flags;
+    int open_sessions;
+    struct session_state {
+        CK_SESSION_HANDLE session_handle;
+
+        struct {
+            CK_ATTRIBUTE *attributes;
+            CK_ULONG num_attributes;
+            int next_object;
+        } find;
+
+        int encrypt_object;
+        CK_MECHANISM_PTR encrypt_mechanism;
+        int decrypt_object;
+        CK_MECHANISM_PTR decrypt_mechanism;
+        int sign_object;
+        CK_MECHANISM_PTR sign_mechanism;
+        int verify_object;
+        CK_MECHANISM_PTR verify_mechanism;
+        int digest_object;
+    } state[10];
+#define MAX_NUM_SESSION (sizeof(soft_token.state)/sizeof(soft_token.state[0]))
+    FILE *logfile;
+    CK_SESSION_HANDLE next_session_handle;
+} soft_token;
+
+static void
+application_error(const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    vprintf(fmt, ap);
+    va_end(ap);
+    if (soft_token.flags.app_error_fatal)
+        abort();
+}
+
+static void
+st_logf(const char *fmt, ...)
+{
+    va_list ap;
+    if (soft_token.logfile == NULL)
+        return;
+    va_start(ap, fmt);
+    vfprintf(soft_token.logfile, fmt, ap);
+    va_end(ap);
+    fflush(soft_token.logfile);
+}
+
+static void
+snprintf_fill(char *str, int size, char fillchar, const char *fmt, ...)
+{
+    int len;
+    va_list ap;
+    va_start(ap, fmt);
+    len = vsnprintf(str, size, fmt, ap);
+    va_end(ap);
+    if (len < 0 || len > size)
+        return;
+    while(len < size)
+        str[len++] = fillchar;
+}
+
+#ifndef TEST_APP
+#define printf error_use_st_logf
+#endif
+
+#define VERIFY_SESSION_HANDLE(s, state)                 \
+    {                                                   \
+        CK_RV vshret;                                   \
+        vshret = verify_session_handle(s, state);       \
+        if (vshret != CKR_OK) {                         \
+            /* return CKR_OK */;                        \
+        }                                               \
+    }
+
+static CK_RV
+verify_session_handle(CK_SESSION_HANDLE hSession,
+                      struct session_state **state)
+{
+    size_t i;
+
+    for (i = 0; i < MAX_NUM_SESSION; i++){
+        if (soft_token.state[i].session_handle == hSession)
+            break;
+    }
+    if (i == MAX_NUM_SESSION) {
+        application_error("use of invalid handle: 0x%08lx\n",
+                          (unsigned long)hSession);
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    if (state)
+        *state = &soft_token.state[i];
+    return CKR_OK;
+}
+
+static CK_RV
+object_handle_to_object(CK_OBJECT_HANDLE handle,
+                        struct st_object **object)
+{
+    int i = HANDLE_OBJECT_ID(handle);
+
+    *object = NULL;
+    if (i >= soft_token.object.num_objs)
+        return CKR_ARGUMENTS_BAD;
+    if (soft_token.object.objs[i] == NULL)
+        return CKR_ARGUMENTS_BAD;
+    if (soft_token.object.objs[i]->object_handle != handle)
+        return CKR_ARGUMENTS_BAD;
+    *object = soft_token.object.objs[i];
+    return CKR_OK;
+}
+
+static int
+attributes_match(const struct st_object *obj,
+                 const CK_ATTRIBUTE *attributes,
+                 CK_ULONG num_attributes)
+{
+    CK_ULONG i;
+    int j;
+    st_logf("attributes_match: %ld\n", (unsigned long)OBJECT_ID(obj));
+
+    for (i = 0; i < num_attributes; i++) {
+        int match = 0;
+        for (j = 0; j < obj->num_attributes; j++) {
+            if (attributes[i].type == obj->attrs[j].attribute.type &&
+                attributes[i].ulValueLen == obj->attrs[j].attribute.ulValueLen &&
+                memcmp(attributes[i].pValue, obj->attrs[j].attribute.pValue,
+                       attributes[i].ulValueLen) == 0) {
+                match = 1;
+                break;
+            }
+        }
+        if (match == 0) {
+            st_logf("type %lu attribute have no match\n", attributes[i].type);
+            return 0;
+        }
+    }
+    st_logf("attribute matches\n");
+    return 1;
+}
+
+static void
+print_attributes(const CK_ATTRIBUTE *attributes,
+                 CK_ULONG num_attributes)
+{
+    CK_ULONG i;
+
+    st_logf("find objects: attrs: %lu\n", (unsigned long)num_attributes);
+
+    for (i = 0; i < num_attributes; i++) {
+        st_logf("  type: ");
+        switch (attributes[i].type) {
+        case CKA_TOKEN: {
+            CK_BBOOL *ck_true;
+            if (attributes[i].ulValueLen != sizeof(CK_BBOOL)) {
+                application_error("token attribute wrong length\n");
+                break;
+            }
+            ck_true = attributes[i].pValue;
+            st_logf("token: %s", *ck_true ? "TRUE" : "FALSE");
+            break;
+        }
+        case CKA_CLASS: {
+            CK_OBJECT_CLASS *class;
+            if (attributes[i].ulValueLen != sizeof(CK_ULONG)) {
+                application_error("class attribute wrong length\n");
+                break;
+            }
+            class = attributes[i].pValue;
+            st_logf("class ");
+            switch (*class) {
+            case CKO_CERTIFICATE:
+                st_logf("certificate");
+                break;
+            case CKO_PUBLIC_KEY:
+                st_logf("public key");
+                break;
+            case CKO_PRIVATE_KEY:
+                st_logf("private key");
+                break;
+            case CKO_SECRET_KEY:
+                st_logf("secret key");
+                break;
+            case CKO_DOMAIN_PARAMETERS:
+                st_logf("domain parameters");
+                break;
+            default:
+                st_logf("[class %lx]", (long unsigned)*class);
+                break;
+            }
+            break;
+        }
+        case CKA_PRIVATE:
+            st_logf("private");
+            break;
+        case CKA_LABEL:
+            st_logf("label");
+            break;
+        case CKA_APPLICATION:
+            st_logf("application");
+            break;
+        case CKA_VALUE:
+            st_logf("value");
+            break;
+        case CKA_ID:
+            st_logf("id");
+            break;
+        default:
+            st_logf("[unknown 0x%08lx]", (unsigned long)attributes[i].type);
+            break;
+        }
+        st_logf("\n");
+    }
+}
+
+static void
+free_st_object(struct st_object *o)
+{
+    int i;
+
+    for (i = 0; i < o->num_attributes; i++)
+        free(o->attrs[i].attribute.pValue);
+    free(o->attrs);
+    if (o->type == STO_T_CERTIFICATE) {
+        X509_free(o->u.cert);
+    } else if (o->type == STO_T_PRIVATE_KEY) {
+        free(o->u.private_key.file);
+        EVP_PKEY_free(o->u.private_key.key);
+        X509_free(o->u.private_key.cert);
+    } else if (o->type == STO_T_PUBLIC_KEY) {
+        EVP_PKEY_free(o->u.public_key);
+    }
+    free(o);
+}
+
+static struct st_object *
+add_st_object(void)
+{
+    struct st_object *o, **objs;
+
+    objs = realloc(soft_token.object.objs,
+                   (soft_token.object.num_objs + 1) *
+                   sizeof(soft_token.object.objs[0]));
+    if (objs == NULL)
+        return NULL;
+    soft_token.object.objs = objs;
+
+    o = calloc(1, sizeof(*o));
+    if (o == NULL)
+        return NULL;
+    o->attrs = NULL;
+    o->num_attributes = 0;
+    o->object_handle = soft_token.object.num_objs;
+
+    soft_token.object.objs[soft_token.object.num_objs++] = o;
+    return o;
+}
+
+static CK_RV
+add_object_attribute(struct st_object *o,
+                     int secret,
+                     CK_ATTRIBUTE_TYPE type,
+                     CK_VOID_PTR pValue,
+                     CK_ULONG ulValueLen)
+{
+    struct st_attr *a;
+    int i;
+
+    i = o->num_attributes;
+    a = realloc(o->attrs, (i + 1) * sizeof(o->attrs[0]));
+    if (a == NULL)
+        return CKR_DEVICE_MEMORY;
+    o->attrs = a;
+    o->attrs[i].secret = secret;
+    o->attrs[i].attribute.type = type;
+    o->attrs[i].attribute.pValue = malloc(ulValueLen);
+    if (o->attrs[i].attribute.pValue == NULL && ulValueLen != 0)
+        return CKR_DEVICE_MEMORY;
+    memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
+    o->attrs[i].attribute.ulValueLen = ulValueLen;
+    o->num_attributes++;
+
+    return CKR_OK;
+}
+
+#ifdef HAVE_EVP_PKEY_GET_BN_PARAM
+
+/* Declare owner pointers since EVP_PKEY_get_bn_param() gives us copies. */
+#define DECLARE_BIGNUM(name) BIGNUM *name = NULL
+#define RELEASE_BIGNUM(bn) BN_clear_free(bn)
+static CK_RV
+get_bignums(EVP_PKEY *key, BIGNUM **n, BIGNUM **e)
+{
+    if (EVP_PKEY_get_bn_param(key, "n", n) == 0 ||
+        EVP_PKEY_get_bn_param(key, "e", e) == 0)
+        return CKR_DEVICE_ERROR;
+
+    return CKR_OK;
+}
+
+#else
+
+/* Declare const pointers since the old API gives us aliases. */
+#define DECLARE_BIGNUM(name) const BIGNUM *name
+#define RELEASE_BIGNUM(bn)
+static CK_RV
+get_bignums(EVP_PKEY *key, const BIGNUM **n, const BIGNUM **e)
+{
+    const RSA *rsa;
+
+    rsa = EVP_PKEY_get0_RSA(key);
+    RSA_get0_key(rsa, n, e, NULL);
+
+    return CKR_OK;
+}
+
+#endif
+
+static CK_RV
+add_pubkey_info(struct st_object *o, CK_KEY_TYPE key_type, EVP_PKEY *key)
+{
+    CK_BYTE *modulus = NULL, *exponent = 0;
+    size_t modulus_len = 0, exponent_len = 0;
+    CK_ULONG modulus_bits = 0;
+    CK_RV ret;
+    DECLARE_BIGNUM(n);
+    DECLARE_BIGNUM(e);
+
+    if (key_type != CKK_RSA)
+        abort();
+
+    ret = get_bignums(key, &n, &e);
+    if (ret != CKR_OK)
+        goto done;
+
+    modulus_bits = BN_num_bits(n);
+    modulus_len = BN_num_bytes(n);
+    exponent_len = BN_num_bytes(e);
+
+    modulus = malloc(modulus_len);
+    exponent = malloc(exponent_len);
+    if (modulus == NULL || exponent == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto done;
+    }
+
+    BN_bn2bin(n, modulus);
+    BN_bn2bin(e, exponent);
+
+    add_object_attribute(o, 0, CKA_MODULUS, modulus, modulus_len);
+    add_object_attribute(o, 0, CKA_MODULUS_BITS, &modulus_bits,
+                         sizeof(modulus_bits));
+    add_object_attribute(o, 0, CKA_PUBLIC_EXPONENT, exponent, exponent_len);
+
+    ret = CKR_OK;
+done:
+    free(modulus);
+    free(exponent);
+    RELEASE_BIGNUM(n);
+    RELEASE_BIGNUM(e);
+    return ret;
+}
+
+static int
+pem_callback(char *buf, int num, int w, void *key)
+{
+    return -1;
+}
+
+
+static CK_RV
+add_certificate(char *label,
+                const char *cert_file,
+                const char *private_key_file,
+                char *id,
+                int anchor)
+{
+    struct st_object *o = NULL;
+    CK_BBOOL bool_true = CK_TRUE;
+    CK_BBOOL bool_false = CK_FALSE;
+    CK_OBJECT_CLASS c;
+    CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
+    CK_KEY_TYPE key_type;
+    CK_MECHANISM_TYPE mech_type;
+    void *cert_data = NULL;
+    size_t cert_length;
+    void *subject_data = NULL;
+    size_t subject_length;
+    void *issuer_data = NULL;
+    size_t issuer_length;
+    void *serial_data = NULL;
+    size_t serial_length;
+    CK_RV ret = CKR_GENERAL_ERROR;
+    X509 *cert;
+    EVP_PKEY *public_key;
+
+    size_t id_len = strlen(id);
+
+    {
+        FILE *f;
+
+        f = fopen(cert_file, "r");
+        if (f == NULL) {
+            st_logf("failed to open file %s\n", cert_file);
+            return CKR_GENERAL_ERROR;
+        }
+
+        cert = PEM_read_X509(f, NULL, NULL, NULL);
+        fclose(f);
+        if (cert == NULL) {
+            st_logf("failed reading PEM cert\n");
+            return CKR_GENERAL_ERROR;
+        }
+
+        OPENSSL_ASN1_MALLOC_ENCODE(X509, cert_data, cert_length, cert, ret);
+        if (ret)
+            goto out;
+
+        OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, issuer_data, issuer_length,
+                                   X509_get_issuer_name(cert), ret);
+        if (ret)
+            goto out;
+
+        OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, subject_data, subject_length,
+                                   X509_get_subject_name(cert), ret);
+        if (ret)
+            goto out;
+
+        OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, serial_data, serial_length,
+                                   X509_get_serialNumber(cert), ret);
+        if (ret)
+            goto out;
+
+    }
+
+    st_logf("done parsing, adding to internal structure\n");
+
+    o = add_st_object();
+    if (o == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto out;
+    }
+    o->type = STO_T_CERTIFICATE;
+    o->u.cert = X509_dup(cert);
+    if (o->u.cert == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto out;
+    }
+    public_key = X509_get_pubkey(o->u.cert);
+
+    switch (EVP_PKEY_base_id(public_key)) {
+    case EVP_PKEY_RSA:
+        key_type = CKK_RSA;
+        break;
+    case EVP_PKEY_DSA:
+        key_type = CKK_DSA;
+        break;
+    default:
+        st_logf("invalid key_type\n");
+        ret = CKR_GENERAL_ERROR;
+        goto out;
+    }
+
+    c = CKO_CERTIFICATE;
+    add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
+    add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
+    add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
+    add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
+    add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
+
+    add_object_attribute(o, 0, CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
+    add_object_attribute(o, 0, CKA_ID, id, id_len);
+
+    add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
+    add_object_attribute(o, 0, CKA_ISSUER, issuer_data, issuer_length);
+    add_object_attribute(o, 0, CKA_SERIAL_NUMBER, serial_data, serial_length);
+    add_object_attribute(o, 0, CKA_VALUE, cert_data, cert_length);
+    if (anchor)
+        add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
+    else
+        add_object_attribute(o, 0, CKA_TRUSTED, &bool_false, sizeof(bool_false));
+
+    st_logf("add cert ok: %lx\n", (unsigned long)OBJECT_ID(o));
+
+    o = add_st_object();
+    if (o == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto out;
+    }
+    o->type = STO_T_PUBLIC_KEY;
+    o->u.public_key = public_key;
+
+    c = CKO_PUBLIC_KEY;
+    add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
+    add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
+    add_object_attribute(o, 0, CKA_PRIVATE, &bool_false, sizeof(bool_false));
+    add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
+    add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
+
+    add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
+    add_object_attribute(o, 0, CKA_ID, id, id_len);
+    add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
+    add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
+    add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
+    add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
+    mech_type = CKM_RSA_X_509;
+    add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
+
+    add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
+    add_object_attribute(o, 0, CKA_ENCRYPT, &bool_true, sizeof(bool_true));
+    add_object_attribute(o, 0, CKA_VERIFY, &bool_true, sizeof(bool_true));
+    add_object_attribute(o, 0, CKA_VERIFY_RECOVER, &bool_false, sizeof(bool_false));
+    add_object_attribute(o, 0, CKA_WRAP, &bool_true, sizeof(bool_true));
+    add_object_attribute(o, 0, CKA_TRUSTED, &bool_true, sizeof(bool_true));
+
+    add_pubkey_info(o, key_type, public_key);
+
+    st_logf("add key ok: %lx\n", (unsigned long)OBJECT_ID(o));
+
+    if (private_key_file) {
+        CK_FLAGS flags;
+        FILE *f;
+
+        o = add_st_object();
+        if (o == NULL) {
+            ret = CKR_DEVICE_MEMORY;
+            goto out;
+        }
+        o->type = STO_T_PRIVATE_KEY;
+        o->u.private_key.file = strdup(private_key_file);
+        o->u.private_key.key = NULL;
+
+        o->u.private_key.cert = X509_dup(cert);
+        if (o->u.private_key.cert == NULL) {
+            ret = CKR_DEVICE_MEMORY;
+            goto out;
+        }
+
+        c = CKO_PRIVATE_KEY;
+        add_object_attribute(o, 0, CKA_CLASS, &c, sizeof(c));
+        add_object_attribute(o, 0, CKA_TOKEN, &bool_true, sizeof(bool_true));
+        add_object_attribute(o, 0, CKA_PRIVATE, &bool_true, sizeof(bool_false));
+        add_object_attribute(o, 0, CKA_MODIFIABLE, &bool_false, sizeof(bool_false));
+        add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
+
+        add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
+        add_object_attribute(o, 0, CKA_ID, id, id_len);
+        add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
+        add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
+        add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
+        add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
+        mech_type = CKM_RSA_X_509;
+        add_object_attribute(o, 0, CKA_KEY_GEN_MECHANISM, &mech_type, sizeof(mech_type));
+
+        add_object_attribute(o, 0, CKA_SUBJECT, subject_data, subject_length);
+        add_object_attribute(o, 0, CKA_SENSITIVE, &bool_true, sizeof(bool_true));
+        add_object_attribute(o, 0, CKA_SECONDARY_AUTH, &bool_false, sizeof(bool_true));
+        flags = 0;
+        add_object_attribute(o, 0, CKA_AUTH_PIN_FLAGS, &flags, sizeof(flags));
+
+        add_object_attribute(o, 0, CKA_DECRYPT, &bool_true, sizeof(bool_true));
+        add_object_attribute(o, 0, CKA_SIGN, &bool_true, sizeof(bool_true));
+        add_object_attribute(o, 0, CKA_SIGN_RECOVER, &bool_false, sizeof(bool_false));
+        add_object_attribute(o, 0, CKA_UNWRAP, &bool_true, sizeof(bool_true));
+        add_object_attribute(o, 0, CKA_EXTRACTABLE, &bool_true, sizeof(bool_true));
+        add_object_attribute(o, 0, CKA_NEVER_EXTRACTABLE, &bool_false, sizeof(bool_false));
+
+        add_pubkey_info(o, key_type, public_key);
+
+        f = fopen(private_key_file, "r");
+        if (f == NULL) {
+            st_logf("failed to open private key\n");
+            return CKR_GENERAL_ERROR;
+        }
+
+        o->u.private_key.key = PEM_read_PrivateKey(f, NULL, pem_callback, NULL);
+        fclose(f);
+        if (o->u.private_key.key == NULL) {
+            st_logf("failed to read private key a startup\n");
+            /* don't bother with this failure for now,
+               fix it at C_Login time */;
+        } else {
+            /* XXX verify keytype */
+
+            if (X509_check_private_key(cert, o->u.private_key.key) != 1) {
+                EVP_PKEY_free(o->u.private_key.key);
+                o->u.private_key.key = NULL;
+                st_logf("private key doesn't verify\n");
+            } else {
+                st_logf("private key usable\n");
+                soft_token.flags.login_done = 1;
+            }
+        }
+    }
+
+    ret = CKR_OK;
+out:
+    if (ret != CKR_OK) {
+        st_logf("something went wrong when adding cert!\n");
+
+        /* XXX wack o */;
+    }
+    free(cert_data);
+    free(serial_data);
+    free(issuer_data);
+    free(subject_data);
+    X509_free(cert);
+
+    return ret;
+}
+
+static void
+find_object_final(struct session_state *state)
+{
+    if (state->find.attributes) {
+        CK_ULONG i;
+
+        for (i = 0; i < state->find.num_attributes; i++) {
+            if (state->find.attributes[i].pValue)
+                free(state->find.attributes[i].pValue);
+        }
+        free(state->find.attributes);
+        state->find.attributes = NULL;
+        state->find.num_attributes = 0;
+        state->find.next_object = -1;
+    }
+}
+
+static void
+reset_crypto_state(struct session_state *state)
+{
+    state->encrypt_object = -1;
+    if (state->encrypt_mechanism)
+        free(state->encrypt_mechanism);
+    state->encrypt_mechanism = NULL_PTR;
+    state->decrypt_object = -1;
+    if (state->decrypt_mechanism)
+        free(state->decrypt_mechanism);
+    state->decrypt_mechanism = NULL_PTR;
+    state->sign_object = -1;
+    if (state->sign_mechanism)
+        free(state->sign_mechanism);
+    state->sign_mechanism = NULL_PTR;
+    state->verify_object = -1;
+    if (state->verify_mechanism)
+        free(state->verify_mechanism);
+    state->verify_mechanism = NULL_PTR;
+    state->digest_object = -1;
+}
+
+static void
+close_session(struct session_state *state)
+{
+    if (state->find.attributes) {
+        application_error("application didn't do C_FindObjectsFinal\n");
+        find_object_final(state);
+    }
+
+    state->session_handle = CK_INVALID_HANDLE;
+    soft_token.application = NULL_PTR;
+    soft_token.notify = NULL_PTR;
+    reset_crypto_state(state);
+}
+
+static const char *
+has_session(void)
+{
+    return soft_token.open_sessions > 0 ? "yes" : "no";
+}
+
+static void
+read_conf_file(const char *fn)
+{
+    char buf[1024], *cert, *key, *id, *label, *s, *p;
+    int anchor;
+    FILE *f;
+
+    f = fopen(fn, "r");
+    if (f == NULL) {
+        st_logf("can't open configuration file %s\n", fn);
+        return;
+    }
+
+    while(fgets(buf, sizeof(buf), f) != NULL) {
+        buf[strcspn(buf, "\n")] = '\0';
+
+        anchor = 0;
+
+        st_logf("line: %s\n", buf);
+
+        p = buf;
+        while (isspace(*p))
+            p++;
+        if (*p == '#')
+            continue;
+        while (isspace(*p))
+            p++;
+
+        s = NULL;
+        id = strtok_r(p, "\t", &s);
+        if (id == NULL)
+            continue;
+        label = strtok_r(NULL, "\t", &s);
+        if (label == NULL)
+            continue;
+        cert = strtok_r(NULL, "\t", &s);
+        if (cert == NULL)
+            continue;
+        key = strtok_r(NULL, "\t", &s);
+
+        /* XXX */
+        if (strcmp(id, "anchor") == 0) {
+            id = "\x00\x00";
+            anchor = 1;
+        }
+
+        st_logf("adding: %s\n", label);
+
+        add_certificate(label, cert, key, id, anchor);
+    }
+
+    fclose(f);
+}
+
+static CK_RV
+func_not_supported(void)
+{
+    st_logf("function not supported\n");
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+static char *
+get_rcfilename()
+{
+    struct passwd *pw;
+    const char *home = NULL;
+    char *fn;
+
+    if (getuid() == geteuid()) {
+        fn = getenv("SOFTPKCS11RC");
+        if (fn != NULL)
+            return strdup(fn);
+
+        home = getenv("HOME");
+    }
+
+    if (home == NULL) {
+        pw = getpwuid(getuid());
+        if (pw != NULL)
+            home = pw->pw_dir;
+    }
+
+    if (home == NULL)
+        return strdup("/etc/soft-token.rc");
+
+    if (asprintf(&fn, "%s/.soft-token.rc", home) < 0)
+        return NULL;
+    return fn;
+}
+
+CK_RV
+C_Initialize(CK_VOID_PTR a)
+{
+    CK_C_INITIALIZE_ARGS_PTR args = a;
+    size_t i;
+    char *fn;
+
+    st_logf("Initialize\n");
+
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    for (i = 0; i < MAX_NUM_SESSION; i++) {
+        soft_token.state[i].session_handle = CK_INVALID_HANDLE;
+        soft_token.state[i].find.attributes = NULL;
+        soft_token.state[i].find.num_attributes = 0;
+        soft_token.state[i].find.next_object = -1;
+        reset_crypto_state(&soft_token.state[i]);
+    }
+
+    soft_token.flags.hardware_slot = 1;
+    soft_token.flags.app_error_fatal = 0;
+    soft_token.flags.login_done = 0;
+
+    soft_token.object.objs = NULL;
+    soft_token.object.num_objs = 0;
+
+    soft_token.logfile = NULL;
+#if 0
+    soft_token.logfile = stdout;
+#endif
+#if 0
+    soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
+#endif
+
+    if (a != NULL_PTR) {
+        st_logf("\tCreateMutex:\t%p\n", args->CreateMutex);
+        st_logf("\tDestroyMutext\t%p\n", args->DestroyMutex);
+        st_logf("\tLockMutext\t%p\n", args->LockMutex);
+        st_logf("\tUnlockMutext\t%p\n", args->UnlockMutex);
+        st_logf("\tFlags\t%04x\n", (unsigned int)args->flags);
+    }
+
+    soft_token.next_session_handle = 1;
+
+    fn = get_rcfilename();
+    if (fn == NULL)
+        return CKR_DEVICE_MEMORY;
+    read_conf_file(fn);
+    free(fn);
+    return CKR_OK;
+}
+
+CK_RV
+C_Finalize(CK_VOID_PTR args)
+{
+    size_t i;
+    int j;
+
+    st_logf("Finalize\n");
+
+    for (i = 0; i < MAX_NUM_SESSION; i++) {
+        if (soft_token.state[i].session_handle != CK_INVALID_HANDLE) {
+            application_error("application finalized without "
+                              "closing session\n");
+            close_session(&soft_token.state[i]);
+        }
+    }
+
+    for (j = 0; j < soft_token.object.num_objs; j++)
+        free_st_object(soft_token.object.objs[j]);
+    free(soft_token.object.objs);
+    soft_token.object.objs = NULL;
+    soft_token.object.num_objs = 0;
+
+    return CKR_OK;
+}
+
+CK_RV
+C_GetInfo(CK_INFO_PTR args)
+{
+    st_logf("GetInfo\n");
+
+    memset(args, 17, sizeof(*args));
+    args->cryptokiVersion.major = 2;
+    args->cryptokiVersion.minor = 10;
+    snprintf_fill((char *)args->manufacturerID,
+                  sizeof(args->manufacturerID),
+                  ' ',
+                  "SoftToken");
+    snprintf_fill((char *)args->libraryDescription,
+                  sizeof(args->libraryDescription), ' ',
+                  "SoftToken");
+    args->libraryVersion.major = 1;
+    args->libraryVersion.minor = 8;
+
+    return CKR_OK;
+}
+
+extern CK_FUNCTION_LIST funcs;
+
+CK_RV
+C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+{
+    *ppFunctionList = &funcs;
+    return CKR_OK;
+}
+
+CK_RV
+C_GetSlotList(CK_BBOOL tokenPresent,
+              CK_SLOT_ID_PTR pSlotList,
+              CK_ULONG_PTR   pulCount)
+{
+    st_logf("GetSlotList: %s\n",
+            tokenPresent ? "tokenPresent" : "token not Present");
+    if (pSlotList)
+        pSlotList[0] = 1;
+    *pulCount = 1;
+    return CKR_OK;
+}
+
+CK_RV
+C_GetSlotInfo(CK_SLOT_ID slotID,
+              CK_SLOT_INFO_PTR pInfo)
+{
+    st_logf("GetSlotInfo: slot: %d : %s\n", (int)slotID, has_session());
+
+    memset(pInfo, 18, sizeof(*pInfo));
+
+    if (slotID != 1)
+        return CKR_ARGUMENTS_BAD;
+
+    snprintf_fill((char *)pInfo->slotDescription,
+                  sizeof(pInfo->slotDescription),
+                  ' ',
+                  "SoftToken (slot)");
+    snprintf_fill((char *)pInfo->manufacturerID,
+                  sizeof(pInfo->manufacturerID),
+                  ' ',
+                  "SoftToken (slot)");
+    pInfo->flags = CKF_TOKEN_PRESENT;
+    if (soft_token.flags.hardware_slot)
+        pInfo->flags |= CKF_HW_SLOT;
+    pInfo->hardwareVersion.major = 1;
+    pInfo->hardwareVersion.minor = 0;
+    pInfo->firmwareVersion.major = 1;
+    pInfo->firmwareVersion.minor = 0;
+
+    return CKR_OK;
+}
+
+CK_RV
+C_GetTokenInfo(CK_SLOT_ID slotID,
+               CK_TOKEN_INFO_PTR pInfo)
+{
+    st_logf("GetTokenInfo: %s\n", has_session());
+
+    memset(pInfo, 19, sizeof(*pInfo));
+
+    snprintf_fill((char *)pInfo->label,
+                  sizeof(pInfo->label),
+                  ' ',
+                  "SoftToken (token)");
+    snprintf_fill((char *)pInfo->manufacturerID,
+                  sizeof(pInfo->manufacturerID),
+                  ' ',
+                  "SoftToken (token)");
+    snprintf_fill((char *)pInfo->model,
+                  sizeof(pInfo->model),
+                  ' ',
+                  "SoftToken (token)");
+    snprintf_fill((char *)pInfo->serialNumber,
+                  sizeof(pInfo->serialNumber),
+                  ' ',
+                  "4711");
+    pInfo->flags =
+        CKF_TOKEN_INITIALIZED |
+        CKF_USER_PIN_INITIALIZED;
+
+    if (soft_token.flags.login_done == 0)
+        pInfo->flags |= CKF_LOGIN_REQUIRED;
+
+    /* CFK_RNG |
+       CKF_RESTORE_KEY_NOT_NEEDED |
+    */
+    pInfo->ulMaxSessionCount = MAX_NUM_SESSION;
+    pInfo->ulSessionCount = soft_token.open_sessions;
+    pInfo->ulMaxRwSessionCount = MAX_NUM_SESSION;
+    pInfo->ulRwSessionCount = soft_token.open_sessions;
+    pInfo->ulMaxPinLen = 1024;
+    pInfo->ulMinPinLen = 0;
+    pInfo->ulTotalPublicMemory = 4711;
+    pInfo->ulFreePublicMemory = 4712;
+    pInfo->ulTotalPrivateMemory = 4713;
+    pInfo->ulFreePrivateMemory = 4714;
+    pInfo->hardwareVersion.major = 2;
+    pInfo->hardwareVersion.minor = 0;
+    pInfo->firmwareVersion.major = 2;
+    pInfo->firmwareVersion.minor = 0;
+
+    return CKR_OK;
+}
+
+CK_RV
+C_GetMechanismList(CK_SLOT_ID slotID,
+                   CK_MECHANISM_TYPE_PTR pMechanismList,
+                   CK_ULONG_PTR pulCount)
+{
+    st_logf("GetMechanismList\n");
+
+    *pulCount = 2;
+    if (pMechanismList == NULL_PTR)
+        return CKR_OK;
+    pMechanismList[0] = CKM_RSA_X_509;
+    pMechanismList[1] = CKM_RSA_PKCS;
+
+    return CKR_OK;
+}
+
+CK_RV
+C_GetMechanismInfo(CK_SLOT_ID slotID,
+                   CK_MECHANISM_TYPE type,
+                   CK_MECHANISM_INFO_PTR pInfo)
+{
+    st_logf("GetMechanismInfo: slot %d type: %d\n",
+            (int)slotID, (int)type);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_InitToken(CK_SLOT_ID slotID,
+            CK_UTF8CHAR_PTR pPin,
+            CK_ULONG ulPinLen,
+            CK_UTF8CHAR_PTR pLabel)
+{
+    st_logf("InitToken: slot %d\n", (int)slotID);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_OpenSession(CK_SLOT_ID slotID,
+              CK_FLAGS flags,
+              CK_VOID_PTR pApplication,
+              CK_NOTIFY Notify,
+              CK_SESSION_HANDLE_PTR phSession)
+{
+    size_t i;
+
+    st_logf("OpenSession: slot: %d\n", (int)slotID);
+
+    if (soft_token.open_sessions == MAX_NUM_SESSION)
+        return CKR_SESSION_COUNT;
+
+    soft_token.application = pApplication;
+    soft_token.notify = Notify;
+
+    for (i = 0; i < MAX_NUM_SESSION; i++)
+        if (soft_token.state[i].session_handle == CK_INVALID_HANDLE)
+            break;
+    if (i == MAX_NUM_SESSION)
+        abort();
+
+    soft_token.open_sessions++;
+
+    soft_token.state[i].session_handle = soft_token.next_session_handle++;
+    *phSession = soft_token.state[i].session_handle;
+
+    return CKR_OK;
+}
+
+CK_RV
+C_CloseSession(CK_SESSION_HANDLE hSession)
+{
+    struct session_state *state;
+    st_logf("CloseSession\n");
+
+    if (verify_session_handle(hSession, &state) != CKR_OK)
+        application_error("closed session not open");
+    else
+        close_session(state);
+
+    return CKR_OK;
+}
+
+CK_RV
+C_CloseAllSessions(CK_SLOT_ID slotID)
+{
+    size_t i;
+
+    st_logf("CloseAllSessions\n");
+
+    for (i = 0; i < MAX_NUM_SESSION; i++)
+        if (soft_token.state[i].session_handle != CK_INVALID_HANDLE)
+            close_session(&soft_token.state[i]);
+
+    return CKR_OK;
+}
+
+CK_RV
+C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                 CK_SESSION_INFO_PTR pInfo)
+{
+    st_logf("GetSessionInfo\n");
+
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+
+    memset(pInfo, 20, sizeof(*pInfo));
+
+    pInfo->slotID = 1;
+    if (soft_token.flags.login_done)
+        pInfo->state = CKS_RO_USER_FUNCTIONS;
+    else
+        pInfo->state = CKS_RO_PUBLIC_SESSION;
+    pInfo->flags = CKF_SERIAL_SESSION;
+    pInfo->ulDeviceError = 0;
+
+    return CKR_OK;
+}
+
+CK_RV
+C_Login(CK_SESSION_HANDLE hSession,
+        CK_USER_TYPE userType,
+        CK_UTF8CHAR_PTR pPin,
+        CK_ULONG ulPinLen)
+{
+    char *pin = NULL;
+    int i;
+
+    st_logf("Login\n");
+
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+
+    if (pPin != NULL_PTR) {
+        if (asprintf(&pin, "%.*s", (int)ulPinLen, pPin) < 0)
+            return CKR_DEVICE_MEMORY;
+        st_logf("type: %d password: %s\n", (int)userType, pin);
+    }
+
+    for (i = 0; i < soft_token.object.num_objs; i++) {
+        struct st_object *o = soft_token.object.objs[i];
+        FILE *f;
+
+        if (o->type != STO_T_PRIVATE_KEY)
+            continue;
+
+        if (o->u.private_key.key)
+            continue;
+
+        f = fopen(o->u.private_key.file, "r");
+        if (f == NULL) {
+            st_logf("can't open private file: %s\n", o->u.private_key.file);
+            continue;
+        }
+
+        o->u.private_key.key = PEM_read_PrivateKey(f, NULL, NULL, pin);
+        fclose(f);
+        if (o->u.private_key.key == NULL) {
+            st_logf("failed to read key: %s error: %s\n",
+                    o->u.private_key.file,
+                    ERR_error_string(ERR_get_error(), NULL));
+            /* just ignore failure */;
+            continue;
+        }
+
+        /* XXX check keytype */
+
+        if (X509_check_private_key(o->u.private_key.cert, o->u.private_key.key) != 1) {
+            EVP_PKEY_free(o->u.private_key.key);
+            o->u.private_key.key = NULL;
+            st_logf("private key %s doesn't verify\n", o->u.private_key.file);
+            continue;
+        }
+
+        soft_token.flags.login_done = 1;
+    }
+    free(pin);
+
+    return soft_token.flags.login_done ? CKR_OK : CKR_PIN_INCORRECT;
+}
+
+CK_RV
+C_Logout(CK_SESSION_HANDLE hSession)
+{
+    st_logf("Logout\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_GetObjectSize(CK_SESSION_HANDLE hSession,
+                CK_OBJECT_HANDLE hObject,
+                CK_ULONG_PTR pulSize)
+{
+    st_logf("GetObjectSize\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_GetAttributeValue(CK_SESSION_HANDLE hSession,
+                    CK_OBJECT_HANDLE hObject,
+                    CK_ATTRIBUTE_PTR pTemplate,
+                    CK_ULONG ulCount)
+{
+    struct session_state *state;
+    struct st_object *obj;
+    CK_ULONG i;
+    CK_RV ret;
+    int j;
+
+    st_logf("GetAttributeValue: %lx\n",
+            (unsigned long)HANDLE_OBJECT_ID(hObject));
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if ((ret = object_handle_to_object(hObject, &obj)) != CKR_OK) {
+        st_logf("object not found: %lx\n",
+                (unsigned long)HANDLE_OBJECT_ID(hObject));
+        return ret;
+    }
+
+    for (i = 0; i < ulCount; i++) {
+        st_logf("       getting 0x%08lx\n", (unsigned long)pTemplate[i].type);
+        for (j = 0; j < obj->num_attributes; j++) {
+            if (obj->attrs[j].secret) {
+                pTemplate[i].ulValueLen = (CK_ULONG)-1;
+                break;
+            }
+            if (pTemplate[i].type == obj->attrs[j].attribute.type) {
+                if (pTemplate[i].pValue != NULL_PTR && obj->attrs[j].secret == 0) {
+                    if (pTemplate[i].ulValueLen >= obj->attrs[j].attribute.ulValueLen)
+                        memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
+                               obj->attrs[j].attribute.ulValueLen);
+                }
+                pTemplate[i].ulValueLen = obj->attrs[j].attribute.ulValueLen;
+                break;
+            }
+        }
+        if (j == obj->num_attributes) {
+            st_logf("key type: 0x%08lx not found\n", (unsigned long)pTemplate[i].type);
+            pTemplate[i].ulValueLen = (CK_ULONG)-1;
+        }
+
+    }
+    return CKR_OK;
+}
+
+CK_RV
+C_FindObjectsInit(CK_SESSION_HANDLE hSession,
+                  CK_ATTRIBUTE_PTR pTemplate,
+                  CK_ULONG ulCount)
+{
+    struct session_state *state;
+
+    st_logf("FindObjectsInit\n");
+
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if (state->find.next_object != -1) {
+        application_error("application didn't do C_FindObjectsFinal\n");
+        find_object_final(state);
+    }
+    if (ulCount) {
+        CK_ULONG i;
+
+        print_attributes(pTemplate, ulCount);
+
+        state->find.attributes =
+            calloc(1, ulCount * sizeof(state->find.attributes[0]));
+        if (state->find.attributes == NULL)
+            return CKR_DEVICE_MEMORY;
+        for (i = 0; i < ulCount; i++) {
+            state->find.attributes[i].pValue =
+                malloc(pTemplate[i].ulValueLen);
+            if (state->find.attributes[i].pValue == NULL) {
+                find_object_final(state);
+                return CKR_DEVICE_MEMORY;
+            }
+            memcpy(state->find.attributes[i].pValue,
+                   pTemplate[i].pValue, pTemplate[i].ulValueLen);
+            state->find.attributes[i].type = pTemplate[i].type;
+            state->find.attributes[i].ulValueLen = pTemplate[i].ulValueLen;
+        }
+        state->find.num_attributes = ulCount;
+        state->find.next_object = 0;
+    } else {
+        st_logf("find all objects\n");
+        state->find.attributes = NULL;
+        state->find.num_attributes = 0;
+        state->find.next_object = 0;
+    }
+
+    return CKR_OK;
+}
+
+CK_RV
+C_FindObjects(CK_SESSION_HANDLE hSession,
+              CK_OBJECT_HANDLE_PTR phObject,
+              CK_ULONG ulMaxObjectCount,
+              CK_ULONG_PTR pulObjectCount)
+{
+    struct session_state *state;
+    int i;
+
+    st_logf("FindObjects\n");
+
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if (state->find.next_object == -1) {
+        application_error("application didn't do C_FindObjectsInit\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+    if (ulMaxObjectCount == 0) {
+        application_error("application asked for 0 objects\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+    *pulObjectCount = 0;
+    for (i = state->find.next_object; i < soft_token.object.num_objs; i++) {
+        st_logf("FindObjects: %d\n", i);
+        state->find.next_object = i + 1;
+        if (attributes_match(soft_token.object.objs[i],
+                             state->find.attributes,
+                             state->find.num_attributes)) {
+            *phObject++ = soft_token.object.objs[i]->object_handle;
+            ulMaxObjectCount--;
+            (*pulObjectCount)++;
+            if (ulMaxObjectCount == 0)
+                break;
+        }
+    }
+    return CKR_OK;
+}
+
+CK_RV
+C_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+{
+    struct session_state *state;
+
+    st_logf("FindObjectsFinal\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+    find_object_final(state);
+    return CKR_OK;
+}
+
+static CK_RV
+commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
+           const CK_MECHANISM_TYPE *mechs, int mechs_len,
+           const CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey,
+           struct st_object **o)
+{
+    CK_RV ret;
+    int i;
+
+    *o = NULL;
+    if ((ret = object_handle_to_object(hKey, o)) != CKR_OK)
+        return ret;
+
+    ret = attributes_match(*o, attr_match, attr_match_len);
+    if (!ret) {
+        application_error("called commonInit on key that doesn't "
+                          "support required attr");
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    for (i = 0; i < mechs_len; i++)
+        if (mechs[i] == pMechanism->mechanism)
+            break;
+    if (i == mechs_len) {
+        application_error("called mech (%08lx) not supported\n",
+                          pMechanism->mechanism);
+        return CKR_ARGUMENTS_BAD;
+    }
+    return CKR_OK;
+}
+
+
+static CK_RV
+dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
+{
+    CK_MECHANISM_PTR p;
+
+    p = malloc(sizeof(*p));
+    if (p == NULL)
+        return CKR_DEVICE_MEMORY;
+
+    if (*dup)
+        free(*dup);
+    *dup = p;
+    memcpy(p, pMechanism, sizeof(*p));
+
+    return CKR_OK;
+}
+
+
+CK_RV
+C_EncryptInit(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism,
+              CK_OBJECT_HANDLE hKey)
+{
+    struct session_state *state;
+    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
+    CK_BBOOL bool_true = CK_TRUE;
+    CK_ATTRIBUTE attr[] = {
+        { CKA_ENCRYPT, &bool_true, sizeof(bool_true) }
+    };
+    struct st_object *o;
+    CK_RV ret;
+
+    st_logf("EncryptInit\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
+                     mechs, sizeof(mechs)/sizeof(mechs[0]),
+                     pMechanism, hKey, &o);
+    if (ret)
+        return ret;
+
+    ret = dup_mechanism(&state->encrypt_mechanism, pMechanism);
+    if (ret == CKR_OK)
+        state->encrypt_object = OBJECT_ID(o);
+
+    return ret;
+}
+
+CK_RV
+C_Encrypt(CK_SESSION_HANDLE hSession,
+          CK_BYTE_PTR pData,
+          CK_ULONG ulDataLen,
+          CK_BYTE_PTR pEncryptedData,
+          CK_ULONG_PTR pulEncryptedDataLen)
+{
+    struct session_state *state;
+    struct st_object *o;
+    void *buffer = NULL;
+    CK_RV ret;
+    size_t buffer_len = 0;
+    int padding;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    st_logf("Encrypt\n");
+
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if (state->encrypt_object == -1)
+        return CKR_ARGUMENTS_BAD;
+
+    o = soft_token.object.objs[state->encrypt_object];
+
+    if (o->u.public_key == NULL) {
+        st_logf("public key NULL\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (pulEncryptedDataLen == NULL) {
+        st_logf("pulEncryptedDataLen NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    if (pData == NULL) {
+        st_logf("data NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    switch(state->encrypt_mechanism->mechanism) {
+    case CKM_RSA_PKCS:
+        padding = RSA_PKCS1_PADDING;
+        break;
+    case CKM_RSA_X_509:
+        padding = RSA_NO_PADDING;
+        break;
+    default:
+        ret = CKR_FUNCTION_NOT_SUPPORTED;
+        goto out;
+    }
+
+    ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
+    if (ctx == NULL || EVP_PKEY_encrypt_init(ctx) <= 0 ||
+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+        EVP_PKEY_encrypt(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+
+    buffer = OPENSSL_malloc(buffer_len);
+    if (buffer == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto out;
+    }
+
+    if (EVP_PKEY_encrypt(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+    st_logf("Encrypt done\n");
+
+    if (pEncryptedData != NULL)
+        memcpy(pEncryptedData, buffer, buffer_len);
+    *pulEncryptedDataLen = buffer_len;
+
+    ret = CKR_OK;
+out:
+    OPENSSL_cleanse(buffer, buffer_len);
+    OPENSSL_free(buffer);
+    EVP_PKEY_CTX_free(ctx);
+    return ret;
+}
+
+CK_RV
+C_EncryptUpdate(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pPart,
+                CK_ULONG ulPartLen,
+                CK_BYTE_PTR pEncryptedPart,
+                CK_ULONG_PTR pulEncryptedPartLen)
+{
+    st_logf("EncryptUpdate\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+
+CK_RV
+C_EncryptFinal(CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pLastEncryptedPart,
+               CK_ULONG_PTR pulLastEncryptedPartLen)
+{
+    st_logf("EncryptFinal\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+
+/* C_DecryptInit initializes a decryption operation. */
+CK_RV
+C_DecryptInit(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism,
+              CK_OBJECT_HANDLE hKey)
+{
+    struct session_state *state;
+    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
+    CK_BBOOL bool_true = CK_TRUE;
+    CK_ATTRIBUTE attr[] = {
+        { CKA_DECRYPT, &bool_true, sizeof(bool_true) }
+    };
+    struct st_object *o;
+    CK_RV ret;
+
+    st_logf("DecryptInit\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
+                     mechs, sizeof(mechs)/sizeof(mechs[0]),
+                     pMechanism, hKey, &o);
+    if (ret)
+        return ret;
+
+    ret = dup_mechanism(&state->decrypt_mechanism, pMechanism);
+    if (ret == CKR_OK)
+        state->decrypt_object = OBJECT_ID(o);
+
+    return CKR_OK;
+}
+
+
+CK_RV
+C_Decrypt(CK_SESSION_HANDLE hSession,
+          CK_BYTE_PTR       pEncryptedData,
+          CK_ULONG          ulEncryptedDataLen,
+          CK_BYTE_PTR       pData,
+          CK_ULONG_PTR      pulDataLen)
+{
+    struct session_state *state;
+    struct st_object *o;
+    void *buffer = NULL;
+    CK_RV ret;
+    size_t buffer_len = 0;
+    int padding;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    st_logf("Decrypt\n");
+
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if (state->decrypt_object == -1)
+        return CKR_ARGUMENTS_BAD;
+
+    o = soft_token.object.objs[state->decrypt_object];
+
+    if (o->u.private_key.key == NULL) {
+        st_logf("private key NULL\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (pulDataLen == NULL) {
+        st_logf("pulDataLen NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    if (pEncryptedData == NULL_PTR) {
+        st_logf("data NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    switch(state->decrypt_mechanism->mechanism) {
+    case CKM_RSA_PKCS:
+        padding = RSA_PKCS1_PADDING;
+        break;
+    case CKM_RSA_X_509:
+        padding = RSA_NO_PADDING;
+        break;
+    default:
+        ret = CKR_FUNCTION_NOT_SUPPORTED;
+        goto out;
+    }
+
+    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
+    if (ctx == NULL || EVP_PKEY_decrypt_init(ctx) <= 0 ||
+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+        EVP_PKEY_decrypt(ctx, NULL, &buffer_len, pEncryptedData,
+                         ulEncryptedDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+
+    buffer = OPENSSL_malloc(buffer_len);
+    if (buffer == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto out;
+    }
+
+    if (EVP_PKEY_decrypt(ctx, buffer, &buffer_len, pEncryptedData,
+                         ulEncryptedDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+    st_logf("Decrypt done\n");
+
+    if (pData != NULL_PTR)
+        memcpy(pData, buffer, buffer_len);
+    *pulDataLen = buffer_len;
+
+    ret = CKR_OK;
+out:
+    OPENSSL_cleanse(buffer, buffer_len);
+    OPENSSL_free(buffer);
+    EVP_PKEY_CTX_free(ctx);
+    return ret;
+}
+
+
+CK_RV
+C_DecryptUpdate(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pEncryptedPart,
+                CK_ULONG ulEncryptedPartLen,
+                CK_BYTE_PTR pPart,
+                CK_ULONG_PTR pulPartLen)
+
+{
+    st_logf("DecryptUpdate\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+
+CK_RV
+C_DecryptFinal(CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pLastPart,
+               CK_ULONG_PTR pulLastPartLen)
+{
+    st_logf("DecryptFinal\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_DigestInit(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism)
+{
+    st_logf("DigestInit\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_SignInit(CK_SESSION_HANDLE hSession,
+           CK_MECHANISM_PTR pMechanism,
+           CK_OBJECT_HANDLE hKey)
+{
+    struct session_state *state;
+    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
+    CK_BBOOL bool_true = CK_TRUE;
+    CK_ATTRIBUTE attr[] = {
+        { CKA_SIGN, &bool_true, sizeof(bool_true) }
+    };
+    struct st_object *o;
+    CK_RV ret;
+
+    st_logf("SignInit\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
+                     mechs, sizeof(mechs)/sizeof(mechs[0]),
+                     pMechanism, hKey, &o);
+    if (ret)
+        return ret;
+
+    ret = dup_mechanism(&state->sign_mechanism, pMechanism);
+    if (ret == CKR_OK)
+        state->sign_object = OBJECT_ID(o);
+
+    return CKR_OK;
+}
+
+CK_RV
+C_Sign(CK_SESSION_HANDLE hSession,
+       CK_BYTE_PTR pData,
+       CK_ULONG ulDataLen,
+       CK_BYTE_PTR pSignature,
+       CK_ULONG_PTR pulSignatureLen)
+{
+    struct session_state *state;
+    struct st_object *o;
+    void *buffer = NULL;
+    CK_RV ret;
+    int padding;
+    size_t buffer_len = 0;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    st_logf("Sign\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if (state->sign_object == -1)
+        return CKR_ARGUMENTS_BAD;
+
+    o = soft_token.object.objs[state->sign_object];
+
+    if (o->u.private_key.key == NULL) {
+        st_logf("private key NULL\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (pulSignatureLen == NULL) {
+        st_logf("signature len NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    if (pData == NULL_PTR) {
+        st_logf("data NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    switch(state->sign_mechanism->mechanism) {
+    case CKM_RSA_PKCS:
+        padding = RSA_PKCS1_PADDING;
+        break;
+    case CKM_RSA_X_509:
+        padding = RSA_NO_PADDING;
+        break;
+    default:
+        ret = CKR_FUNCTION_NOT_SUPPORTED;
+        goto out;
+    }
+
+    ctx = EVP_PKEY_CTX_new(o->u.private_key.key, NULL);
+    if (ctx == NULL || EVP_PKEY_sign_init(ctx) <= 0 ||
+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+        EVP_PKEY_sign(ctx, NULL, &buffer_len, pData, ulDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+
+    buffer = OPENSSL_malloc(buffer_len);
+    if (buffer == NULL) {
+        ret = CKR_DEVICE_MEMORY;
+        goto out;
+    }
+
+    if (EVP_PKEY_sign(ctx, buffer, &buffer_len, pData, ulDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+    st_logf("Sign done\n");
+
+    if (pSignature != NULL)
+        memcpy(pSignature, buffer, buffer_len);
+    *pulSignatureLen = buffer_len;
+
+    ret = CKR_OK;
+out:
+    OPENSSL_cleanse(buffer, buffer_len);
+    OPENSSL_free(buffer);
+    EVP_PKEY_CTX_free(ctx);
+    return ret;
+}
+
+CK_RV
+C_SignUpdate(CK_SESSION_HANDLE hSession,
+             CK_BYTE_PTR pPart,
+             CK_ULONG ulPartLen)
+{
+    st_logf("SignUpdate\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+
+CK_RV
+C_SignFinal(CK_SESSION_HANDLE hSession,
+            CK_BYTE_PTR pSignature,
+            CK_ULONG_PTR pulSignatureLen)
+{
+    st_logf("SignUpdate\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_VerifyInit(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism,
+             CK_OBJECT_HANDLE hKey)
+{
+    struct session_state *state;
+    CK_MECHANISM_TYPE mechs[] = { CKM_RSA_PKCS, CKM_RSA_X_509 };
+    CK_BBOOL bool_true = CK_TRUE;
+    CK_ATTRIBUTE attr[] = {
+        { CKA_VERIFY, &bool_true, sizeof(bool_true) }
+    };
+    struct st_object *o;
+    CK_RV ret;
+
+    st_logf("VerifyInit\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    ret = commonInit(attr, sizeof(attr)/sizeof(attr[0]),
+                     mechs, sizeof(mechs)/sizeof(mechs[0]),
+                     pMechanism, hKey, &o);
+    if (ret)
+        return ret;
+
+    ret = dup_mechanism(&state->verify_mechanism, pMechanism);
+    if (ret == CKR_OK)
+        state->verify_object = OBJECT_ID(o);
+
+    return ret;
+}
+
+CK_RV
+C_Verify(CK_SESSION_HANDLE hSession,
+         CK_BYTE_PTR pData,
+         CK_ULONG ulDataLen,
+         CK_BYTE_PTR pSignature,
+         CK_ULONG ulSignatureLen)
+{
+    struct session_state *state;
+    struct st_object *o;
+    CK_RV ret;
+    int padding;
+    EVP_PKEY_CTX *ctx = NULL;
+
+    st_logf("Verify\n");
+    VERIFY_SESSION_HANDLE(hSession, &state);
+
+    if (state->verify_object == -1)
+        return CKR_ARGUMENTS_BAD;
+
+    o = soft_token.object.objs[state->verify_object];
+
+    if (o->u.public_key == NULL) {
+        st_logf("public key NULL\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (pSignature == NULL) {
+        st_logf("signature NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    if (pData == NULL_PTR) {
+        st_logf("data NULL\n");
+        ret = CKR_ARGUMENTS_BAD;
+        goto out;
+    }
+
+    switch(state->verify_mechanism->mechanism) {
+    case CKM_RSA_PKCS:
+        padding = RSA_PKCS1_PADDING;
+        break;
+    case CKM_RSA_X_509:
+        padding = RSA_NO_PADDING;
+        break;
+    default:
+        ret = CKR_FUNCTION_NOT_SUPPORTED;
+        goto out;
+    }
+
+    ctx = EVP_PKEY_CTX_new(o->u.public_key, NULL);
+    if (ctx == NULL || EVP_PKEY_verify_init(ctx) <= 0 ||
+        EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0 ||
+        EVP_PKEY_verify(ctx, pSignature, ulSignatureLen, pData,
+                        ulDataLen) <= 0) {
+        ret = CKR_DEVICE_ERROR;
+        goto out;
+    }
+    st_logf("Verify done\n");
+
+    ret = CKR_OK;
+out:
+    EVP_PKEY_CTX_free(ctx);
+    return ret;
+}
+
+CK_RV
+C_VerifyUpdate(CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pPart,
+               CK_ULONG ulPartLen)
+{
+    st_logf("VerifyUpdate\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_VerifyFinal(CK_SESSION_HANDLE hSession,
+              CK_BYTE_PTR pSignature,
+              CK_ULONG ulSignatureLen)
+{
+    st_logf("VerifyFinal\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV
+C_GenerateRandom(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR RandomData,
+                 CK_ULONG ulRandomLen)
+{
+    st_logf("GenerateRandom\n");
+    VERIFY_SESSION_HANDLE(hSession, NULL);
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_FUNCTION_LIST funcs = {
+    { 2, 11 },
+    C_Initialize,
+    C_Finalize,
+    C_GetInfo,
+    C_GetFunctionList,
+    C_GetSlotList,
+    C_GetSlotInfo,
+    C_GetTokenInfo,
+    C_GetMechanismList,
+    C_GetMechanismInfo,
+    C_InitToken,
+    (void *)func_not_supported, /* C_InitPIN */
+    (void *)func_not_supported, /* C_SetPIN */
+    C_OpenSession,
+    C_CloseSession,
+    C_CloseAllSessions,
+    C_GetSessionInfo,
+    (void *)func_not_supported, /* C_GetOperationState */
+    (void *)func_not_supported, /* C_SetOperationState */
+    C_Login,
+    C_Logout,
+    (void *)func_not_supported, /* C_CreateObject */
+    (void *)func_not_supported, /* C_CopyObject */
+    (void *)func_not_supported, /* C_DestroyObject */
+    (void *)func_not_supported, /* C_GetObjectSize */
+    C_GetAttributeValue,
+    (void *)func_not_supported, /* C_SetAttributeValue */
+    C_FindObjectsInit,
+    C_FindObjects,
+    C_FindObjectsFinal,
+    C_EncryptInit,
+    C_Encrypt,
+    C_EncryptUpdate,
+    C_EncryptFinal,
+    C_DecryptInit,
+    C_Decrypt,
+    C_DecryptUpdate,
+    C_DecryptFinal,
+    C_DigestInit,
+    (void *)func_not_supported, /* C_Digest */
+    (void *)func_not_supported, /* C_DigestUpdate */
+    (void *)func_not_supported, /* C_DigestKey */
+    (void *)func_not_supported, /* C_DigestFinal */
+    C_SignInit,
+    C_Sign,
+    C_SignUpdate,
+    C_SignFinal,
+    (void *)func_not_supported, /* C_SignRecoverInit */
+    (void *)func_not_supported, /* C_SignRecover */
+    C_VerifyInit,
+    C_Verify,
+    C_VerifyUpdate,
+    C_VerifyFinal,
+    (void *)func_not_supported, /* C_VerifyRecoverInit */
+    (void *)func_not_supported, /* C_VerifyRecover */
+    (void *)func_not_supported, /* C_DigestEncryptUpdate */
+    (void *)func_not_supported, /* C_DecryptDigestUpdate */
+    (void *)func_not_supported, /* C_SignEncryptUpdate */
+    (void *)func_not_supported, /* C_DecryptVerifyUpdate */
+    (void *)func_not_supported, /* C_GenerateKey */
+    (void *)func_not_supported, /* C_GenerateKeyPair */
+    (void *)func_not_supported, /* C_WrapKey */
+    (void *)func_not_supported, /* C_UnwrapKey */
+    (void *)func_not_supported, /* C_DeriveKey */
+    (void *)func_not_supported, /* C_SeedRandom */
+    C_GenerateRandom,
+    (void *)func_not_supported, /* C_GetFunctionStatus */
+    (void *)func_not_supported, /* C_CancelFunction */
+    (void *)func_not_supported  /* C_WaitForSlotEvent */
+};
diff --git a/krb5-1.21.3/src/tests/softpkcs11/softpkcs11.exports b/krb5-1.21.3/src/tests/softpkcs11/softpkcs11.exports
new file mode 100644
index 00000000..aa728451
--- /dev/null
+++ b/krb5-1.21.3/src/tests/softpkcs11/softpkcs11.exports
@@ -0,0 +1,39 @@
+C_CloseAllSessions
+C_CloseSession
+C_Decrypt
+C_DecryptFinal
+C_DecryptInit
+C_DecryptUpdate
+C_DigestInit
+C_Encrypt
+C_EncryptFinal
+C_EncryptInit
+C_EncryptUpdate
+C_Finalize
+C_FindObjects
+C_FindObjectsFinal
+C_FindObjectsInit
+C_GenerateRandom
+C_GetAttributeValue
+C_GetFunctionList
+C_GetInfo
+C_GetMechanismInfo
+C_GetMechanismList
+C_GetObjectSize
+C_GetSessionInfo
+C_GetSlotInfo
+C_GetSlotList
+C_GetTokenInfo
+C_Initialize
+C_InitToken
+C_Login
+C_Logout
+C_OpenSession
+C_Sign
+C_SignFinal
+C_SignInit
+C_SignUpdate
+C_Verify
+C_VerifyFinal
+C_VerifyInit
+C_VerifyUpdate
diff --git a/krb5-1.21.3/src/tests/t_audit.py b/krb5-1.21.3/src/tests/t_audit.py
new file mode 100755
index 00000000..e48f4ebc
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_audit.py
@@ -0,0 +1,27 @@
+from k5test import *
+
+conf = {'plugins': {'audit': {
+            'module': 'test:$plugins/audit/test/k5audit_test.so'}}}
+
+realm = K5Realm(krb5_conf=conf, get_creds=False)
+realm.addprinc('target')
+realm.run([kadminl, 'modprinc', '+ok_to_auth_as_delegate', realm.host_princ])
+
+# Make normal AS and TGS requests so they will be audited.
+realm.kinit(realm.host_princ, flags=['-k', '-f'])
+realm.run([kvno, 'target'])
+
+# Make S4U2Self and S4U2Proxy requests so they will be audited.  The
+# S4U2Proxy request is expected to fail.
+realm.run([kvno, '-k', realm.keytab, '-U', 'user', '-P', 'target'],
+          expected_code=1, expected_msg='KDC can\'t fulfill requested option')
+
+# Make a U2U request so it will be audited.
+uuserver = os.path.join(buildtop, 'appl', 'user_user', 'uuserver')
+uuclient = os.path.join(buildtop, 'appl', 'user_user', 'uuclient')
+port_arg = str(realm.server_port())
+realm.start_server([uuserver, port_arg], 'Server started')
+realm.run([uuclient, hostname, 'testing message', port_arg],
+          expected_msg='Hello')
+
+success('Audit tests')
diff --git a/krb5-1.21.3/src/tests/t_authdata.py b/krb5-1.21.3/src/tests/t_authdata.py
new file mode 100644
index 00000000..bde1c368
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_authdata.py
@@ -0,0 +1,362 @@
+from k5test import *
+
+# Load the sample KDC authdata module.  Allow renewable tickets.
+greet_path = os.path.join(buildtop, 'plugins', 'authdata', 'greet_server',
+                          'greet_server.so')
+conf = {'realms': {'$realm': {'max_life': '20h', 'max_renewable_life': '20h'}},
+        'plugins': {'kdcauthdata': {'module': 'greet:' + greet_path}}}
+realm = K5Realm(krb5_conf=conf)
+
+# With no requested authdata, we expect to see PAC (128) in an
+# if-relevant container and the greet authdata in a kdc-issued
+# container.
+mark('baseline authdata')
+out = realm.run(['./adata', realm.host_princ])
+if '?128: [6, 7, 10, 16, 19]' not in out or '^-42: Hello' not in out:
+    fail('expected authdata not seen for basic request')
+
+# Requested authdata is copied into the ticket, with KDC-only types
+# filtered out.  (128 is win2k-pac, which should be filtered.)
+mark('request authdata')
+out = realm.run(['./adata', realm.host_princ, '-5', 'test1', '?-6', 'test2',
+                 '128', 'fakepac', '?128', 'ifrelfakepac',
+                 '^-8', 'fakekdcissued', '?^-8', 'ifrelfakekdcissued'])
+if ' -5: test1' not in out or '?-6: test2' not in out:
+    fail('expected authdata not seen for request with authdata')
+if 'fake' in out:
+    fail('KDC-only authdata not filtered for request with authdata')
+
+mark('AD-MANDATORY-FOR-KDC')
+realm.run(['./adata', realm.host_princ, '!-1', 'mandatoryforkdc'],
+          expected_code=1, expected_msg='KDC policy rejects request')
+
+# The no_auth_data_required server flag should suppress the PAC, but
+# not module or request authdata.
+mark('no_auth_data_required server flag')
+realm.run([kadminl, 'ank', '-randkey', '+no_auth_data_required', 'noauth'])
+realm.extract_keytab('noauth', realm.keytab)
+out = realm.run(['./adata', 'noauth', '-2', 'test'])
+if '^-42: Hello' not in out or ' -2: test' not in out:
+    fail('expected authdata not seen for no_auth_data_required request')
+if '128: ' in out:
+    fail('PAC authdata seen for no_auth_data_required request')
+
+# Cross-realm TGT requests should not suppress PAC or request
+# authdata.
+mark('cross-realm')
+realm.addprinc('krbtgt/XREALM')
+realm.extract_keytab('krbtgt/XREALM', realm.keytab)
+out = realm.run(['./adata', 'krbtgt/XREALM', '-3', 'test'])
+if '128:' not in out or  '^-42: Hello' not in out or ' -3: test' not in out:
+    fail('expected authdata not seen for cross-realm TGT request')
+
+mark('pac_privsvr_enctype')
+# Change the privsvr enctype and make sure we can still verify the PAC
+# on a service ticket in a TGS request.
+realm.run([kadminl, 'setstr', realm.host_princ,
+           'pac_privsvr_enctype', 'aes128-sha1'])
+realm.kinit(realm.user_princ, password('user'),
+            ['-S', realm.host_princ, '-r', '1h'])
+realm.kinit(realm.user_princ, None, ['-S', realm.host_princ, '-R'])
+# Remove the attribute and make sure the previously-issued service
+# ticket PAC no longer verifies.
+realm.run([kadminl, 'delstr', realm.host_princ, 'pac_privsvr_enctype'])
+realm.kinit(realm.user_princ, None, ['-S', realm.host_princ, '-R'],
+            expected_code=1, expected_msg='Message stream modified')
+
+realm.stop()
+
+if not pkinit_enabled:
+    skipped('anonymous ticket authdata tests', 'PKINIT not built')
+else:
+    # Set up a realm with PKINIT support and get anonymous tickets.
+    realm = K5Realm(krb5_conf=conf, get_creds=False, pkinit=True)
+    realm.addprinc('WELLKNOWN/ANONYMOUS')
+    realm.kinit('@%s' % realm.realm, flags=['-n'])
+
+    # PAC and module authdata should be suppressed for anonymous
+    # tickets, but not request authdata.
+    mark('anonymous')
+    out = realm.run(['./adata', realm.host_princ, '-4', 'test'])
+    if ' -4: test' not in out:
+        fail('expected authdata not seen for anonymous request')
+    if '128: ' in out or '-42: ' in out:
+        fail('PAC or greet authdata seen for anonymous request')
+
+realm.stop()
+
+# Test authentication indicators.  Load the test preauth module so we
+# can control the indicators asserted.
+testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')
+krb5conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},
+                        'clpreauth': {'module': 'test:' + testpreauth}}}
+realm, realm2 = cross_realms(2, args=({'realm': 'LOCAL'},
+                                      {'realm': 'FOREIGN'}),
+                             krb5_conf=krb5conf, get_creds=False)
+realm.run([kadminl, 'modprinc', '+requires_preauth', '-maxrenewlife', '2 days',
+           realm.user_princ])
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '2 days', realm.host_princ])
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '2 days', realm.krbtgt_princ])
+realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
+realm.extract_keytab(realm.host_princ, realm.keytab)
+realm.extract_keytab('krbtgt/FOREIGN', realm.keytab)
+realm2.extract_keytab(realm2.krbtgt_princ, realm.keytab)
+realm2.extract_keytab(realm2.host_princ, realm.keytab)
+realm2.extract_keytab('krbtgt/LOCAL', realm.keytab)
+
+# AS request to local-realm service
+mark('AS-REQ to local service auth indicator')
+realm.kinit(realm.user_princ, password('user'),
+            ['-X', 'indicators=indcl', '-r', '2d', '-S', realm.host_princ])
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [indcl]')
+
+# Ticket modification request
+mark('ticket modification auth indicator')
+realm.kinit(realm.user_princ, None, ['-R', '-S', realm.host_princ])
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [indcl]')
+
+# AS request to cross TGT
+mark('AS-REQ to cross TGT auth indicator')
+realm.kinit(realm.user_princ, password('user'),
+            ['-X', 'indicators=indcl', '-S', 'krbtgt/FOREIGN'])
+realm.run(['./adata', 'krbtgt/FOREIGN'], expected_msg='+97: [indcl]')
+
+# Multiple indicators
+mark('AS multiple indicators')
+realm.kinit(realm.user_princ, password('user'),
+            ['-X', 'indicators=indcl indcl2 indcl3'])
+realm.run(['./adata', realm.krbtgt_princ],
+          expected_msg='+97: [indcl, indcl2, indcl3]')
+
+# AS request to local TGT (resulting creds are used for TGS tests)
+mark('AS-REQ to local TGT auth indicator')
+realm.kinit(realm.user_princ, password('user'), ['-X', 'indicators=indcl'])
+realm.run(['./adata', realm.krbtgt_princ], expected_msg='+97: [indcl]')
+
+# Local TGS request for local realm service
+mark('TGS-REQ to local service auth indicator')
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [indcl]')
+
+# Local TGS request for cross TGT service
+mark('TGS-REQ to cross TGT auth indicator')
+realm.run(['./adata', 'krbtgt/FOREIGN'], expected_msg='+97: [indcl]')
+
+# We don't yet have support for passing auth indicators across realms,
+# so just verify that indicators don't survive cross-realm requests.
+mark('TGS-REQ to foreign service auth indicator')
+out = realm.run(['./adata', realm2.krbtgt_princ])
+if '97:' in out:
+    fail('auth-indicator seen in cross TGT request to local TGT')
+out = realm.run(['./adata', 'krbtgt/LOCAL@FOREIGN'])
+if '97:' in out:
+    fail('auth-indicator seen in cross TGT request to cross TGT')
+out = realm.run(['./adata', realm2.host_princ])
+if '97:' in out:
+    fail('auth-indicator seen in cross TGT request to service')
+
+# Test that the CAMMAC signature still works during a krbtgt rollover.
+mark('CAMMAC signature across krbtgt rollover')
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', realm.krbtgt_princ])
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [indcl]')
+
+# Test indicator enforcement.
+mark('auth indicator enforcement')
+realm.addprinc('restricted')
+realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'superstrong'])
+realm.kinit(realm.user_princ, password('user'), ['-S', 'restricted'],
+            expected_code=1, expected_msg='KDC policy rejects request')
+realm.run([kvno, 'restricted'], expected_code=1,
+          expected_msg='KDC policy rejects request')
+realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'indcl'])
+realm.run([kvno, 'restricted'])
+realm.kinit(realm.user_princ, password('user'), ['-X', 'indicators=ind1 ind2'])
+realm.run([kvno, 'restricted'], expected_code=1)
+realm.run([kadminl, 'setstr', 'restricted', 'require_auth', 'a b c ind2'])
+realm.run([kvno, 'restricted'])
+
+# Regression test for one manifestation of #8139: ensure that
+# forwarded TGTs obtained across a TGT re-key still work when the
+# preferred krbtgt enctype changes.
+mark('#8139 regression test')
+realm.kinit(realm.user_princ, password('user'), ['-f'])
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'des3-cbc-sha1',
+           realm.krbtgt_princ])
+realm.run(['./forward'])
+realm.run([kvno, realm.host_princ])
+
+# Repeat the above test using a renewed TGT.
+mark('#8139 regression test (renewed TGT)')
+realm.kinit(realm.user_princ, password('user'), ['-r', '2d'])
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes128-cts',
+           realm.krbtgt_princ])
+realm.kinit(realm.user_princ, None, ['-R'])
+realm.run([kvno, realm.host_princ])
+
+realm.stop()
+realm2.stop()
+
+# Load the test KDB module to allow successful S4U2Proxy
+# auth-indicator requests and to detect whether replaced_reply_key is
+# set.
+testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
+              'krbtgt/FOREIGN': {'keys': 'aes128-cts'},
+              'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+              'user2': {'keys': 'aes128-cts', 'flags': '+preauth'},
+              'rservice': {'keys': 'aes128-cts',
+                           'strings': 'require_auth:strong'},
+              'service/1': {'keys': 'aes128-cts',
+                            'flags': '+ok_to_auth_as_delegate'},
+              'service/2': {'keys': 'aes128-cts'},
+              'noauthdata': {'keys': 'aes128-cts',
+                             'flags': '+no_auth_data_required'}}
+kdcconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'princs': testprincs,
+                                  'delegation': {'service/1': 'service/2'}}}}
+realm = K5Realm(krb5_conf=krb5conf, kdc_conf=kdcconf, create_kdb=False,
+                pkinit=True)
+usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache')
+realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
+realm.extract_keytab('krbtgt/FOREIGN', realm.keytab)
+realm.extract_keytab(realm.user_princ, realm.keytab)
+realm.extract_keytab('ruser', realm.keytab)
+realm.extract_keytab('service/1', realm.keytab)
+realm.extract_keytab('service/2', realm.keytab)
+realm.extract_keytab('noauthdata', realm.keytab)
+realm.start_kdc()
+
+if not pkinit_enabled:
+    skipped('replaced_reply_key test', 'PKINIT not built')
+else:
+    # Check that replaced_reply_key is set in issue_pac() when PKINIT
+    # is used.  The test KDB module will indicate this by including a
+    # fake PAC_CREDENTIAL_INFO(2) buffer in the PAC.
+    mark('PKINIT (replaced_reply_key set)')
+    realm.pkinit(realm.user_princ)
+    realm.run(['./adata', realm.krbtgt_princ],
+              expected_msg='?128: [1, 2, 6, 7, 10]')
+
+# S4U2Self (should have no indicators since client did not authenticate)
+mark('S4U2Self (no auth indicators expected)')
+realm.kinit('service/1', None, ['-k', '-f', '-X', 'indicators=inds1'])
+realm.run([kvno, '-U', 'user', 'service/1'])
+out = realm.run(['./adata', '-p', realm.user_princ, 'service/1'])
+if '97:' in out:
+    fail('auth-indicator present in S4U2Self response')
+
+# Get another S4U2Self ticket with requested authdata.
+realm.run(['./s4u2self', 'user', 'service/1', '-', '-2', 'self_ad'])
+realm.run(['./adata', '-p', realm.user_princ, 'service/1', '-2', 'self_ad'],
+          expected_msg=' -2: self_ad')
+
+# S4U2Proxy (indicators should come from evidence ticket, not TGT)
+mark('S4U2Proxy (auth indicators from evidence ticket expected)')
+realm.kinit(realm.user_princ, None, ['-k', '-f', '-X', 'indicators=indcl',
+                                     '-S', 'service/1', '-c', usercache])
+realm.run(['./s4u2proxy', usercache, 'service/2'])
+out = realm.run(['./adata', '-p', realm.user_princ, 'service/2'])
+if '+97: [indcl]' not in out or '[inds1]' in out:
+    fail('correct auth-indicator not seen for S4U2Proxy req')
+# Make sure a PAC with an S4U_DELEGATION_INFO(11) buffer is included.
+if '?128: [1, 6, 7, 10, 11, 16, 19]' not in out:
+    fail('PAC with delegation info not seen for S4U2Proxy req')
+
+# Get another S4U2Proxy ticket including request-authdata.
+realm.run(['./s4u2proxy', usercache, 'service/2', '-2', 'proxy_ad'])
+realm.run(['./adata', '-p', realm.user_princ, 'service/2', '-2', 'proxy_ad'],
+          expected_msg=' -2: proxy_ad')
+
+# Get an S4U2Proxy ticket using an evidence ticket obtained by S4U2Self,
+# with request authdata in both steps.
+realm.run(['./s4u2self', 'user2', 'service/1', usercache, '-2', 'self_ad'])
+realm.run(['./s4u2proxy', usercache, 'service/2', '-2', 'proxy_ad'])
+out = realm.run(['./adata', '-p', 'user2', 'service/2', '-2', 'proxy_ad'])
+if ' -2: self_ad' not in out or ' -2: proxy_ad' not in out:
+    fail('expected authdata not seen in S4U2Proxy ticket')
+
+# Test alteration of auth indicators by KDB module (AS and TGS).
+realm.kinit(realm.user_princ, None, ['-k', '-X', 'indicators=dummy dbincr1'])
+realm.run(['./adata', realm.krbtgt_princ], expected_msg='+97: [dbincr2]')
+realm.run(['./adata', 'service/1'], expected_msg='+97: [dbincr3]')
+realm.kinit(realm.user_princ, None,
+            ['-k', '-X', 'indicators=strong', '-S', 'rservice'])
+# Test enforcement of altered indicators during AS request.
+realm.kinit(realm.user_princ, None,
+            ['-k', '-X', 'indicators=strong dbincr1', '-S', 'rservice'],
+            expected_code=1)
+
+# Test that the PAC is suppressed in an AS request by a negative PAC
+# request.
+mark('AS-REQ PAC client supression')
+realm.kinit(realm.user_princ, None, ['-k', '--no-request-pac'])
+out = realm.run(['./adata', realm.krbtgt_princ])
+if '128:' in out:
+    fail('PAC not suppressed by --no-request-pac')
+
+mark('S4U2Proxy with a foreign client')
+
+a_princs = {'krbtgt/A': {'keys': 'aes128-cts'},
+            'krbtgt/B': {'keys': 'aes128-cts'},
+            'impersonator': {'keys': 'aes128-cts'},
+            'impersonator2': {'keys': 'aes128-cts'},
+            'resource': {'keys': 'aes128-cts'}}
+a_kconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'delegation': {'impersonator' : 'resource'},
+                                  'princs': a_princs,
+                                  'alias': {'service/rb.b': '@B'}}}}
+
+b_princs = {'krbtgt/B': {'keys': 'aes128-cts'},
+            'krbtgt/A': {'keys': 'aes128-cts'},
+            'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+            'rb': {'keys': 'aes128-cts'}}
+b_kconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'princs': b_princs,
+                                  'rbcd': {'rb@B': 'impersonator2@A'},
+                                  'alias': {'service/rb.b': 'rb',
+                                            'impersonator2@A': '@A'}}}}
+
+ra, rb = cross_realms(2, xtgts=(),
+                          args=({'realm': 'A', 'kdc_conf': a_kconf},
+                                {'realm': 'B', 'kdc_conf': b_kconf}),
+                          create_kdb=False)
+
+ra.start_kdc()
+rb.start_kdc()
+
+ra.extract_keytab('impersonator@A', ra.keytab)
+ra.extract_keytab('impersonator2@A', ra.keytab)
+rb.extract_keytab('user@B', rb.keytab)
+
+usercache = 'FILE:' + os.path.join(rb.testdir, 'usercache')
+rb.kinit(rb.user_princ, None, ['-k', '-f', '-c', usercache])
+rb.run([kvno, '-C', 'impersonator@A', '-c', usercache])
+
+ra.kinit('impersonator@A', None, ['-f', '-k', '-t', ra.keytab])
+ra.run(['./s4u2proxy', usercache, 'resource@A'])
+
+mark('Cross realm S4U authdata tests')
+
+ra.kinit('impersonator2@A', None, ['-f', '-k', '-t', ra.keytab])
+ra.run(['./s4u2self', rb.user_princ, 'impersonator2@A', usercache, '-2',
+        'cross_s4u_self_ad'])
+out = ra.run(['./adata', '-c', usercache, '-p', rb.user_princ,
+              'impersonator2@A', '-2', 'cross_s4u_self_ad'])
+if out.count(' -2: cross_s4u_self_ad') != 1:
+    fail('expected one cross_s4u_self_ad, got: %s' % count)
+
+ra.run(['./s4u2proxy', usercache, 'service/rb.b', '-2',
+        'cross_s4u_proxy_ad'])
+rb.extract_keytab('service/rb.b', ra.keytab)
+out = ra.run(['./adata', '-p', rb.user_princ, 'service/rb.b', '-2',
+              'cross_s4u_proxy_ad'])
+if out.count(' -2: cross_s4u_self_ad') != 1:
+    fail('expected one cross_s4u_self_ad, got: %s' % count)
+if out.count(' -2: cross_s4u_proxy_ad') != 1:
+    fail('expected one cross_s4u_proxy_ad, got: %s' % count)
+
+ra.stop()
+rb.stop()
+
+success('Authorization data tests')
diff --git a/krb5-1.21.3/src/tests/t_bogus_kdc_req.py b/krb5-1.21.3/src/tests/t_bogus_kdc_req.py
new file mode 100755
index 00000000..a101c0e1
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_bogus_kdc_req.py
@@ -0,0 +1,42 @@
+import base64
+import socket
+from k5test import *
+
+realm = K5Realm()
+
+# Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
+# and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
+# from failures in decode_krb5_as_req() and decode_krb5_tgs_req().
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+a = (hostname, realm.portbase)
+
+
+# Bogus AS-REQ
+
+x1 = base64.b16decode('6AFF')
+s.sendto(x1, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+# Bogus TGS-REQ
+
+x2 = base64.b16decode('6CFF')
+s.sendto(x2, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+# Not a KDC-REQ, even a little bit
+
+x3 = base64.b16decode('FFFF')
+s.sendto(x3, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+success('Bogus KDC-REQ test')
diff --git a/krb5-1.21.3/src/tests/t_ccache.py b/krb5-1.21.3/src/tests/t_ccache.py
new file mode 100755
index 00000000..11c94976
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_ccache.py
@@ -0,0 +1,202 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+import tempfile
+
+socketdir = tempfile.TemporaryDirectory()
+kcm_socket_path = os.path.join(socketdir.name, 'kcm')
+conf = {'libdefaults': {'kcm_socket': kcm_socket_path,
+                        'kcm_mach_service': '-'}}
+realm = K5Realm(krb5_conf=conf)
+
+realm.addprinc('contest')
+realm.extract_keytab('contest', realm.keytab)
+realm.run(['./conccache', realm.ccache + '.contest', 'contest',
+           realm.host_princ])
+
+keyctl = which('keyctl')
+out = realm.run([klist, '-c', 'KEYRING:process:abcd'], expected_code=1)
+test_keyring = (keyctl is not None and
+                'Unknown credential cache type' not in out)
+if not test_keyring:
+    skipped('keyring ccache tests', 'keyring support not built')
+
+# Test kdestroy and klist of a non-existent ccache.
+mark('no ccache')
+realm.run([kdestroy])
+realm.run([klist], expected_code=1, expected_msg='No credentials cache found')
+
+# Test kinit with an inaccessible ccache.
+mark('inaccessible ccache')
+realm.kinit(realm.user_princ, password('user'), flags=['-c', 'testdir/xx/yy'],
+            expected_code=1, expected_msg='Failed to store credentials')
+
+# Test klist -s with a single ccache.
+mark('klist -s single ccache')
+realm.run([klist, '-s'], expected_code=1)
+realm.kinit(realm.user_princ, password('user'))
+realm.run([klist, '-s'])
+realm.kinit(realm.user_princ, password('user'), ['-l', '-10s'])
+realm.run([klist, '-s'], expected_code=1)
+realm.kinit(realm.user_princ, password('user'), ['-S', 'kadmin/admin'])
+realm.run([klist, '-s'])
+realm.run([kdestroy])
+realm.run([klist, '-s'], expected_code=1)
+
+realm.addprinc('alice', password('alice'))
+realm.addprinc('bob', password('bob'))
+realm.addprinc('carol', password('carol'))
+realm.addprinc('doug', password('doug'))
+
+def collection_test(realm, ccname):
+    cctype = ccname.partition(':')[0]
+    oldccname = realm.env['KRB5CCNAME']
+    realm.env['KRB5CCNAME'] = ccname
+
+    mark('%s collection, single cache' % cctype)
+    realm.run([klist, '-A', '-s'], expected_code=1)
+    realm.kinit('alice', password('alice'))
+    realm.run([klist], expected_msg='Default principal: alice@')
+    realm.run([klist, '-A', '-s'])
+    realm.run([kvno, realm.host_princ], expected_msg = 'kvno = 1')
+    realm.run([kvno, realm.host_princ], expected_msg = 'kvno = 1')
+    out = realm.run([klist])
+    if out.count(realm.host_princ) != 1:
+        fail('Wrong number of service tickets in cache')
+    realm.run([kdestroy])
+    output = realm.run([klist], expected_code=1)
+    if 'No credentials cache' not in output and 'not found' not in output:
+        fail('Initial kdestroy failed to destroy primary cache.')
+    output = realm.run([klist, '-l'], expected_code=1)
+    if not output.endswith('---\n') or output.count('\n') != 2:
+        fail('Initial kdestroy failed to empty cache collection.')
+    realm.run([klist, '-A', '-s'], expected_code=1)
+
+    mark('%s collection, multiple caches' % cctype)
+    realm.kinit('alice', password('alice'))
+    realm.kinit('carol', password('carol'))
+    output = realm.run([klist, '-l'])
+    if '---\ncarol@' not in output or '\nalice@' not in output:
+        fail('klist -l did not show expected output after two kinits.')
+    realm.kinit('alice', password('alice'))
+    output = realm.run([klist, '-l'])
+    if '---\nalice@' not in output or output.count('\n') != 4:
+        fail('klist -l did not show expected output after re-kinit for alice.')
+    realm.kinit('doug', password('doug'))
+    realm.kinit('bob', password('bob'))
+    output = realm.run([klist, '-A', ccname])
+    if 'bob@' not in output.splitlines()[1] or 'alice@' not in output or \
+       'carol@' not in output or 'doug@' not in output or \
+       output.count('Default principal:') != 4:
+        fail('klist -A did not show expected output after kinit doug+bob.')
+    realm.run([kswitch, '-p', 'carol'])
+    output = realm.run([klist, '-l'])
+    if '---\ncarol@' not in output or output.count('\n') != 6:
+        fail('klist -l did not show expected output after kswitch to carol.')
+
+    # Switch to specifying the collection name on the command line
+    # (only works with klist/kdestroy for now, not kinit/kswitch).
+    realm.env['KRB5CCNAME'] = oldccname
+
+    mark('%s collection, command-line specifier' % cctype)
+    realm.run([kdestroy, '-c', ccname])
+    output = realm.run([klist, '-l', ccname])
+    if 'carol@' in output or 'bob@' not in output or output.count('\n') != 5:
+        fail('kdestroy failed to remove only primary ccache.')
+    realm.run([klist, '-s', ccname], expected_code=1)
+    realm.run([klist, '-A', '-s', ccname])
+    realm.run([kdestroy, '-p', 'alice', '-c', ccname])
+    output = realm.run([klist, '-l', ccname])
+    if 'alice@' in output or 'bob@' not in output or output.count('\n') != 4:
+        fail('kdestroy -p failed to remove alice')
+    realm.run([kdestroy, '-A', '-c', ccname])
+    output = realm.run([klist, '-l', ccname], expected_code=1)
+    if not output.endswith('---\n') or output.count('\n') != 2:
+        fail('kdestroy -a failed to empty cache collection.')
+    realm.run([klist, '-A', '-s', ccname], expected_code=1)
+
+
+collection_test(realm, 'DIR:' + os.path.join(realm.testdir, 'cc'))
+
+# Test KCM with and without RETRIEVE and GET_CRED_LIST support.
+kcmserver_path = os.path.join(srctop, 'tests', 'kcmserver.py')
+kcmd = realm.start_server([sys.executable, kcmserver_path, kcm_socket_path],
+                          'starting...')
+collection_test(realm, 'KCM:')
+stop_daemon(kcmd)
+os.remove(kcm_socket_path)
+realm.start_server([sys.executable, kcmserver_path, '-f', kcm_socket_path],
+                   'starting...')
+collection_test(realm, 'KCM:')
+
+if test_keyring:
+    def cleanup_keyring(anchor, name):
+        out = realm.run(['keyctl', 'list', anchor])
+        if ('keyring: ' + name + '\n') in out:
+            keyid = realm.run(['keyctl', 'search', anchor, 'keyring', name])
+            realm.run(['keyctl', 'unlink', keyid.strip(), anchor])
+
+    # Use realm.testdir as the collection name to avoid conflicts with
+    # other build trees.
+    cname = realm.testdir
+    col_ringname = '_krb_' + cname
+
+    cleanup_keyring('@s', col_ringname)
+    collection_test(realm, 'KEYRING:session:' + cname)
+    cleanup_keyring('@s', col_ringname)
+
+    # Test legacy keyring cache linkage.
+    mark('legacy keyring cache linkage')
+    realm.env['KRB5CCNAME'] = 'KEYRING:' + cname
+    realm.run([kdestroy, '-A'])
+    realm.kinit(realm.user_princ, password('user'))
+    msg = 'KEYRING:legacy:' + cname + ':' + cname
+    realm.run([klist, '-l'], expected_msg=msg)
+    # Make sure this cache is linked to the session keyring.
+    id = realm.run([keyctl, 'search', '@s', 'keyring', cname])
+    realm.run([keyctl, 'list', id.strip()],
+              expected_msg='user: __krb5_princ__')
+    # Remove the collection keyring.  When the collection is
+    # reinitialized, the legacy cache should reappear inside it
+    # automatically as the primary cache.
+    cleanup_keyring('@s', col_ringname)
+    realm.run([klist], expected_msg=realm.user_princ)
+    coll_id = realm.run([keyctl, 'search', '@s', 'keyring', '_krb_' + cname])
+    msg = id.strip() + ':'
+    realm.run([keyctl, 'list', coll_id.strip()], expected_msg=msg)
+    # Destroy the cache and check that it is unlinked from the session keyring.
+    realm.run([kdestroy])
+    realm.run([keyctl, 'search', '@s', 'keyring', cname], expected_code=1)
+    cleanup_keyring('@s', col_ringname)
+
+# Test parameter expansion in default_ccache_name
+mark('default_ccache_name parameter expansion')
+realm.stop()
+conf = {'libdefaults': {'default_ccache_name': 'testdir/%{null}abc%{uid}'}}
+realm = K5Realm(krb5_conf=conf, create_kdb=False)
+del realm.env['KRB5CCNAME']
+uidstr = str(os.getuid())
+msg = 'testdir/abc%s' % uidstr
+realm.run([klist], expected_code=1, expected_msg=msg)
+
+success('Credential cache tests')
diff --git a/krb5-1.21.3/src/tests/t_certauth.py b/krb5-1.21.3/src/tests/t_certauth.py
new file mode 100644
index 00000000..82a98a81
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_certauth.py
@@ -0,0 +1,65 @@
+from k5test import *
+
+# Skip this test if pkinit wasn't built.
+if not pkinit_enabled:
+    skip_rest('certauth tests', 'PKINIT module not built')
+
+modpath = os.path.join(buildtop, 'plugins', 'certauth', 'test',
+                       'certauth_test.so')
+krb5_conf = {'plugins': {'certauth': {
+    'module': ['test1:' + modpath, 'test2:' + modpath, 'test3:' + modpath],
+    'enable_only': ['test1', 'test2', 'test3']}}}
+kdc_conf = {'realms': {'$realm': {
+    'default_principal_flags': '+preauth',
+    'pkinit_indicator': ['indpkinit1', 'indpkinit2']}}}
+
+realm = K5Realm(krb5_conf=krb5_conf, kdc_conf=kdc_conf, get_creds=False,
+                pkinit=True)
+realm.addprinc('nocert')
+
+def check_indicators(inds):
+    msg = '+97: [%s]' % inds
+    realm.run(['./adata', realm.host_princ], expected_msg=msg)
+
+# Test that authentication fails if no module accepts.
+realm.pkinit('nocert', expected_code=1, expected_msg='Client name mismatch')
+
+# Let the test2 module match user to CN=user, with indicators.
+realm.pkinit(realm.user_princ)
+realm.klist(realm.user_princ)
+check_indicators('test1, test2, user, indpkinit1, indpkinit2')
+
+# Let the test2 module mismatch with user2 to CN=user.
+realm.addprinc('user2@KRBTEST.COM')
+realm.pkinit('user2', expected_code=1, expected_msg='Certificate mismatch')
+
+# Test the KRB5_CERTAUTH_HWAUTH return code.
+mark('hw-authent flag tests')
+# First test +requires_hwauth without causing the hw-authent ticket
+# flag to be set.  This currently results in a preauth loop.
+realm.run([kadminl, 'modprinc', '+requires_hwauth', realm.user_princ])
+realm.pkinit(realm.user_princ, expected_code=1,
+             expected_msg='Looping detected')
+# Cause the test3 module to return KRB5_CERTAUTH_HWAUTH and try again.
+# Authentication should succeed whether or not another module accepts,
+# but not if another module rejects.
+realm.run([kadminl, 'setstr', realm.user_princ, 'hwauth', 'ok'])
+realm.run([kadminl, 'setstr', 'user2', 'hwauth', 'ok'])
+realm.run([kadminl, 'setstr', 'nocert', 'hwauth', 'ok'])
+realm.pkinit(realm.user_princ)
+check_indicators('test1, test2, user, hwauth:ok, indpkinit1, indpkinit2')
+realm.pkinit('user2', expected_code=1, expected_msg='Certificate mismatch')
+realm.pkinit('nocert')
+check_indicators('test1, hwauth:ok, indpkinit1, indpkinit2')
+
+# Cause the test3 module to return KRB5_CERTAUTH_HWAUTH_PASS and try
+# again.  Authentication should succeed only if another module accepts.
+realm.run([kadminl, 'setstr', realm.user_princ, 'hwauth', 'pass'])
+realm.run([kadminl, 'setstr', 'user2', 'hwauth', 'pass'])
+realm.run([kadminl, 'setstr', 'nocert', 'hwauth', 'pass'])
+realm.pkinit(realm.user_princ)
+check_indicators('test1, test2, user, hwauth:pass, indpkinit1, indpkinit2')
+realm.pkinit('user2', expected_code=1, expected_msg='Certificate mismatch')
+realm.pkinit('nocert', expected_code=1, expected_msg='Client name mismatch')
+
+success("certauth tests")
diff --git a/krb5-1.21.3/src/tests/t_changepw.py b/krb5-1.21.3/src/tests/t_changepw.py
new file mode 100755
index 00000000..bf8e3a9e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_changepw.py
@@ -0,0 +1,50 @@
+from k5test import *
+
+realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True)
+realm.prep_kadmin()
+
+# Mark a principal as expired and change its password through kinit.
+mark('password change via kinit')
+realm.run([kadminl, 'modprinc', '-pwexpire', '1 day ago', 'user'])
+pwinput = password('user') + '\nabcd\nabcd\n'
+realm.run([kinit, realm.user_princ], input=pwinput)
+
+# Regression test for #7868 (preauth options ignored when
+# krb5_get_init_creds_password() initiates a password change).  This
+# time use the REQUIRES_PWCHANGE bit instead of the password
+# expiration time.
+mark('password change via kinit with FAST')
+realm.run([kadminl, 'modprinc', '+needchange', 'user'])
+pwinput = 'abcd\nefgh\nefgh\n'
+out, trace = realm.run([kinit, '-T', realm.ccache, realm.user_princ],
+                       input=pwinput, return_trace=True)
+# Check that FAST was used when getting the kadmin/changepw ticket.
+getting_changepw = fast_used_for_changepw = False
+for line in trace.splitlines():
+    if 'Getting initial credentials for user@' in line:
+        getting_changepw_ticket = False
+    if 'Setting initial creds service to kadmin/changepw' in line:
+        getting_changepw_ticket = True
+    if getting_changepw_ticket and 'Using FAST' in line:
+        fast_used_for_changepw = True
+if not fast_used_for_changepw:
+    fail('FAST was not used to get kadmin/changepw ticket')
+
+# Test that passwords specified via kadmin and kpasswd are usable with
+# kinit.
+mark('password change usability by kinit')
+realm.run([kadminl, 'addprinc', '-pw', 'pw1', 'testprinc'])
+# Run kpasswd with an active cache to exercise automatic FAST use.
+realm.kinit('testprinc', 'pw1')
+realm.run([kpasswd, 'testprinc'], input='pw1\npw2\npw2\n')
+realm.kinit('testprinc', 'pw2')
+realm.run([kdestroy])
+realm.run([kpasswd, 'testprinc'], input='pw2\npw3\npw3\n')
+realm.kinit('testprinc', 'pw3')
+realm.run([kdestroy])
+realm.run_kadmin(['cpw', '-pw', 'pw4', 'testprinc'])
+realm.kinit('testprinc', 'pw4')
+realm.run([kdestroy])
+realm.run([kadminl, 'delprinc', 'testprinc'])
+
+success('Password change tests')
diff --git a/krb5-1.21.3/src/tests/t_crossrealm.py b/krb5-1.21.3/src/tests/t_crossrealm.py
new file mode 100755
index 00000000..28b397cf
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_crossrealm.py
@@ -0,0 +1,192 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+def test_kvno(r, princ, test, env=None):
+    r.run([kvno, princ], env=env, expected_msg=princ)
+
+
+def stop(*realms):
+    for r in realms:
+        r.stop()
+
+
+# Verify that the princs appear as the service principals in the klist
+# output for the realm r, in order.
+def check_klist(r, princs):
+    out = r.run([klist])
+    count = 0
+    seen_header = False
+    for l in out.split('\n'):
+        if l.startswith('Valid starting'):
+            seen_header = True
+            continue
+        if not seen_header or l == '':
+            continue
+        if count >= len(princs):
+            fail('too many entries in klist output')
+        svcprinc = l.split()[4]
+        if svcprinc != princs[count]:
+            fail('saw service princ %s in klist output, expected %s' %
+                 (svcprinc, princs[count]))
+        count += 1
+    if count != len(princs):
+        fail('not enough entries in klist output')
+
+
+def tgt(r1, r2):
+    return 'krbtgt/%s@%s' % (r1.realm, r2.realm)
+
+
+# Basic two-realm test with cross TGTs in both directions.
+mark('two realms')
+r1, r2 = cross_realms(2)
+test_kvno(r1, r2.host_princ, 'basic r1->r2')
+check_klist(r1, (tgt(r1, r1), tgt(r2, r1), r2.host_princ))
+test_kvno(r2, r1.host_princ, 'basic r2->r1')
+check_klist(r2, (tgt(r2, r2), tgt(r1, r2), r1.host_princ))
+stop(r1, r2)
+
+# Test the KDC domain walk for hierarchically arranged realms.  The
+# client in A.X will ask for a cross TGT to B.X, but A.X's KDC only
+# has a TGT for the intermediate realm X, so it will return that
+# instead.  The client will use that to get a TGT for B.X.
+mark('hierarchical realms')
+r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)), 
+                          args=({'realm': 'A.X'}, {'realm': 'X'},
+                                {'realm': 'B.X'}))
+test_kvno(r1, r3.host_princ, 'KDC domain walk')
+check_klist(r1, (tgt(r1, r1), r3.host_princ))
+
+# Test start_realm in this setup.
+r1.run([kvno, '--out-cache', r1.ccache, r2.krbtgt_princ])
+r1.run([klist, '-C'], expected_msg='config: start_realm = X')
+msgs = ('Requesting TGT krbtgt/B.X@X using TGT krbtgt/X@X',
+        'Received TGT for service realm: krbtgt/B.X@X')
+r1.run([kvno, r3.host_princ], expected_trace=msgs)
+
+stop(r1, r2, r3)
+
+# Test client capaths.  The client in A will ask for a cross TGT to D,
+# but A's KDC won't have it and won't know an intermediate to return.
+# The client will walk its A->D capaths to get TGTs for B, then C,
+# then D.  The KDCs for C and D need capaths settings to avoid failing
+# transited checks, including a capaths for A->C.
+mark('client capaths')
+capaths = {'capaths': {'A': {'D': ['B', 'C'], 'C': 'B'}}}
+r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)),
+                              args=({'realm': 'A'},
+                                    {'realm': 'B'},
+                                    {'realm': 'C', 'krb5_conf': capaths},
+                                    {'realm': 'D', 'krb5_conf': capaths}))
+r1client = r1.special_env('client', False, krb5_conf=capaths)
+test_kvno(r1, r4.host_princ, 'client capaths', r1client)
+check_klist(r1, (tgt(r1, r1), tgt(r2, r1), tgt(r3, r2), tgt(r4, r3),
+                 r4.host_princ))
+stop(r1, r2, r3, r4)
+
+# Test KDC capaths.  The KDCs for A and B have appropriate capaths
+# settings to determine intermediate TGTs to return, but the client
+# has no idea.
+mark('kdc capaths')
+capaths = {'capaths': {'A': {'D': ['B', 'C'], 'C': 'B'}, 'B': {'D': 'C'}}}
+r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)),
+                              args=({'realm': 'A', 'krb5_conf': capaths},
+                                    {'realm': 'B', 'krb5_conf': capaths},
+                                    {'realm': 'C', 'krb5_conf': capaths},
+                                    {'realm': 'D', 'krb5_conf': capaths}))
+r1client = r1.special_env('client', False, krb5_conf={'capaths': None})
+test_kvno(r1, r4.host_princ, 'KDC capaths', r1client)
+check_klist(r1, (tgt(r1, r1), r4.host_princ))
+stop(r1, r2, r3, r4)
+
+# A capaths value of '.' should enforce direct cross-realm, with no
+# intermediate.
+mark('direct cross-realm enforcement')
+capaths = {'capaths': {'A.X': {'B.X': '.'}}}
+r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
+                          args=({'realm': 'A.X', 'krb5_conf': capaths},
+                                {'realm': 'X'}, {'realm': 'B.X'}))
+r1.run([kvno, r3.host_princ], expected_code=1,
+       expected_msg='Server krbtgt/B.X@A.X not found in Kerberos database')
+stop(r1, r2, r3)
+
+# Test transited error.  The KDC for C does not recognize B as an
+# intermediate realm for A->C, so it refuses to issue a service
+# ticket.
+mark('transited error (three realms)')
+capaths = {'capaths': {'A': {'C': 'B'}}}
+r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
+                          args=({'realm': 'A', 'krb5_conf': capaths},
+                                {'realm': 'B'}, {'realm': 'C'}))
+r1.run([kvno, r3.host_princ], expected_code=1,
+       expected_msg='KDC policy rejects request')
+check_klist(r1, (tgt(r1, r1), tgt(r3, r2)))
+stop(r1, r2, r3)
+
+# Test server transited checking.  The KDC for C recognizes B as an
+# intermediate realm for A->C, but the server environment does not.
+# The server should honor the ticket if the transited-policy-checked
+# flag is set, but not if it isn't.  (It is only possible for our KDC
+# to issue a ticket without the transited-policy-checked flag with
+# reject_bad_transit=false.)
+mark('server transited checking')
+capaths = {'capaths': {'A': {'C': 'B'}}}
+noreject = {'realms': {'$realm': {'reject_bad_transit': 'false'}}}
+r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
+                          args=({'realm': 'A', 'krb5_conf': capaths},
+                                {'realm': 'B'},
+                                {'realm': 'C', 'krb5_conf': capaths,
+                                 'kdc_conf': noreject}))
+r3server = r3.special_env('server', False, krb5_conf={'capaths': None})
+# Process a ticket with the transited-policy-checked flag set.
+shutil.copy(r1.ccache, r1.ccache + '.copy')
+r1.run(['./gcred', 'principal', r3.host_princ])
+os.rename(r1.ccache, r3.ccache)
+r3.run(['./rdreq', r3.host_princ], env=r3server, expected_msg='0 success')
+# Try again with the transited-policy-checked flag unset.
+os.rename(r1.ccache + '.copy', r1.ccache)
+r1.run(['./gcred', '-t', 'principal', r3.host_princ])
+os.rename(r1.ccache, r3.ccache)
+r3.run(['./rdreq', r3.host_princ], env=r3server,
+       expected_msg='43 Illegal cross-realm ticket')
+stop(r1, r2, r3)
+
+# Test a four-realm scenario.  This test used to result in an "Illegal
+# cross-realm ticket" error as the KDC for D would refuse to process
+# the cross-realm ticket from C.  Now that we honor the
+# transited-policy-checked flag in krb5_rd_req(), it instead issues a
+# policy error as in the three-realm scenario.
+mark('transited error (four realms)')
+capaths = {'capaths': {'A': {'D': ['B', 'C'], 'C': 'B'}, 'B': {'D': 'C'}}}
+r1, r2, r3, r4 = cross_realms(4, xtgts=((0,1), (1,2), (2,3)),
+                              args=({'realm': 'A', 'krb5_conf': capaths},
+                                    {'realm': 'B', 'krb5_conf': capaths},
+                                    {'realm': 'C', 'krb5_conf': capaths},
+                                    {'realm': 'D'}))
+r1.run([kvno, r4.host_princ], expected_code=1,
+       expected_msg='KDC policy rejects request')
+check_klist(r1, (tgt(r1, r1), tgt(r4, r3)))
+stop(r1, r2, r3, r4)
+
+success('Cross-realm tests')
diff --git a/krb5-1.21.3/src/tests/t_cve-2012-1014.py b/krb5-1.21.3/src/tests/t_cve-2012-1014.py
new file mode 100755
index 00000000..8447e0ee
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_cve-2012-1014.py
@@ -0,0 +1,29 @@
+import base64
+import socket
+from k5test import *
+
+realm = K5Realm()
+
+# CVE-2012-1014 KDC dereferences uninitialized pointer
+
+# Affects only krb5-1.10.x.
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+a = (hostname, realm.portbase)
+
+x1 = base64.b16decode('6A5E305BA103020105A2030201')
+x2 = base64.b16decode('A44F304DA007030500FEDCBA90A10E30' +
+                      '0CA003020101A10530031B0141A2031B' +
+                      '0141A30E300CA003020101A10530031B' +
+                      '0141A511180F31393934303631303036' +
+                      '303331375AA70302012AA80530030201' +
+                      '01')
+
+for x in range(11, 128):
+    s.sendto(x1 + bytes([x]) + x2, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+success('CVE-2012-1014 regression test')
diff --git a/krb5-1.21.3/src/tests/t_cve-2012-1015.py b/krb5-1.21.3/src/tests/t_cve-2012-1015.py
new file mode 100755
index 00000000..ae5678ca
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_cve-2012-1015.py
@@ -0,0 +1,36 @@
+import base64
+import socket
+from k5test import *
+
+realm = K5Realm()
+
+# CVE-2012-1015 KDC frees uninitialized pointer
+
+# Force a failure in krb5_c_make_checksum(), which causes the cleanup
+# code in kdc_handle_protected_negotiation() to free an uninitialized
+# pointer in an unpatched KDC.
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+a = (hostname, realm.portbase)
+
+x1 = base64.b16decode('6A81A030819DA103020105A20302010A' +
+                      'A30E300C300AA10402020095A2020400' +
+                      'A48180307EA00703050000000000A120' +
+                      '301EA003020101A11730151B066B7262' +
+                      '7467741B0B4B5242544553542E434F4D' +
+                      'A20D1B0B4B5242544553542E434F4DA3' +
+                      '20301EA003020101A11730151B066B72' +
+                      '627467741B0B4B5242544553542E434F' +
+                      '4DA511180F3139393430363130303630' +
+                      '3331375AA7030201')
+
+x2 = base64.b16decode('A8083006020106020112')
+
+for x in range(0, 128):
+    s.sendto(x1 + bytes([x]) + x2, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+success('CVE-2012-1015 regression test')
diff --git a/krb5-1.21.3/src/tests/t_cve-2013-1416.py b/krb5-1.21.3/src/tests/t_cve-2013-1416.py
new file mode 100755
index 00000000..8c4391a8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_cve-2013-1416.py
@@ -0,0 +1,13 @@
+from k5test import *
+
+realm = K5Realm()
+
+# CVE-2013-1416 KDC dereferences null pointer
+
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, '/test'], expected_code=1)
+realm.run([kvno, 'test/'], expected_code=1)
+realm.run([kvno, '/'], expected_code=1)
+# Make sure KDC is still running.
+realm.kinit(realm.user_princ, password('user'))
+success('CVE-2013-1416 regression test')
diff --git a/krb5-1.21.3/src/tests/t_cve-2013-1417.py b/krb5-1.21.3/src/tests/t_cve-2013-1417.py
new file mode 100755
index 00000000..ce47d21c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_cve-2013-1417.py
@@ -0,0 +1,11 @@
+from k5test import *
+
+realm = K5Realm(realm='TEST')
+
+# CVE-2013-1417 KDC dereferences null pointer
+
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, '-S', 'host', 'example.com'], expected_code=1)
+# Make sure KDC is still running.
+realm.kinit(realm.user_princ, password('user'))
+success('CVE-2013-1417 regression test')
diff --git a/krb5-1.21.3/src/tests/t_cve-2021-36222.py b/krb5-1.21.3/src/tests/t_cve-2021-36222.py
new file mode 100644
index 00000000..57e04993
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_cve-2021-36222.py
@@ -0,0 +1,46 @@
+import socket
+from k5test import *
+
+realm = K5Realm()
+
+# CVE-2021-36222 KDC null dereference on encrypted challenge preauth
+# without FAST
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+a = (hostname, realm.portbase)
+
+m = ('6A81A0' '30819D'          # [APPLICATION 10] SEQUENCE
+     'A103' '0201' '05'         #  [1] pvno = 5
+     'A203' '0201' '0A'         #  [2] msg-type = 10
+     'A30E' '300C'              #  [3] padata = SEQUENCE OF
+     '300A'                     #   SEQUENCE
+     'A104' '0202' '008A'       #    [1] padata-type = PA-ENCRYPTED-CHALLENGE
+     'A202' '0400'              #    [2] padata-value = ""
+     'A48180' '307E'            #  [4] req-body = SEQUENCE
+     'A007' '0305' '0000000000' #   [0] kdc-options = 0
+     'A120' '301E'              #   [1] cname = SEQUENCE
+     'A003' '0201' '01'         #    [0] name-type = NT-PRINCIPAL
+     'A117' '3015'              #    [1] name-string = SEQUENCE-OF
+     '1B06' '6B7262746774'      #     krbtgt
+     '1B0B' '4B5242544553542E434F4D'
+                                #     KRBTEST.COM
+     'A20D' '1B0B' '4B5242544553542E434F4D'
+                                #   [2] realm = KRBTEST.COM
+     'A320' '301E'              #   [3] sname = SEQUENCE
+     'A003' '0201' '01'         #    [0] name-type = NT-PRINCIPAL
+     'A117' '3015'              #    [1] name-string = SEQUENCE-OF
+     '1B06' '6B7262746774'      #     krbtgt
+     '1B0B' '4B5242544553542E434F4D'
+                                #     KRBTEST.COM
+     'A511' '180F' '31393934303631303036303331375A'
+                                #   [5] till = 19940610060317Z
+     'A703' '0201' '00'         #   [7] nonce = 0
+     'A808' '3006'              #   [8] etype = SEQUENCE OF
+     '020112' '020111')         #    aes256-cts aes128-cts
+
+s.sendto(bytes.fromhex(m), a)
+
+# Make sure kinit still works.
+realm.kinit(realm.user_princ, password('user'))
+
+success('CVE-2021-36222 regression test')
diff --git a/krb5-1.21.3/src/tests/t_dump.py b/krb5-1.21.3/src/tests/t_dump.py
new file mode 100755
index 00000000..5d692df9
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_dump.py
@@ -0,0 +1,94 @@
+from k5test import *
+from filecmp import cmp
+
+def dump_compare(realm, opt, srcfile):
+    mark('dump comparison against %s' % os.path.basename(srcfile))
+    realm.run([kdb5_util, 'dump'] + opt + [dumpfile])
+    if not cmp(srcfile, dumpfile, False):
+        fail('Dump output does not match %s' % srcfile)
+
+
+def load_dump_check_compare(realm, opt, srcfile):
+    mark('load check from %s' % os.path.basename(srcfile))
+    realm.run([kdb5_util, 'destroy', '-f'])
+    realm.run([kdb5_util, 'load'] + opt + [srcfile])
+    realm.run([kadminl, 'getprincs'], expected_msg='user@')
+    realm.run([kadminl, 'getprinc', 'nokeys'],
+              expected_msg='Number of keys: 0')
+    realm.run([kadminl, 'getpols'], expected_msg='testpol')
+    dump_compare(realm, opt, srcfile)
+
+
+for realm in multidb_realms(start_kdc=False):
+
+    # Make sure we can dump and load an ordinary database, and that
+    # principals and policies survive a dump/load cycle.
+
+    realm.run([kadminl, 'addpol', 'fred'])
+
+    # Create a dump file.
+    dumpfile = os.path.join(realm.testdir, 'dump')
+    realm.run([kdb5_util, 'dump', dumpfile])
+
+    # Write additional policy records to the dump.  Use the 1.8 format for
+    # one of them, to test retroactive compatibility (for issue #8213).
+    f = open('testdir/dump', 'a')
+    f.write('policy\tcompat\t0\t0\t3\t4\t5\t0\t0\t0\t0\n')
+    f.write('policy\tbarney\t0\t0\t1\t1\t1\t0\t0\t0\t0\t0\t0\t0\t-\t1\t2\t28\t'
+            'fd100f5064625f6372656174696f6e404b5242544553542e434f4d00\n')
+    f.close()
+
+    # Destroy and load the database; check that the policies exist.
+    # Spot-check principal and policy fields.
+    mark('reload after dump')
+    realm.run([kdb5_util, 'destroy', '-f'])
+    realm.run([kdb5_util, 'load', dumpfile])
+    out = realm.run([kadminl, 'getprincs'])
+    if realm.user_princ not in out or realm.host_princ not in out:
+        fail('Missing principal after load')
+    out = realm.run([kadminl, 'getprinc', realm.user_princ])
+    if 'Expiration date: [never]' not in out or 'MKey: vno 1' not in out:
+        fail('Principal has wrong value after load')
+    out = realm.run([kadminl, 'getpols'])
+    if 'fred\n' not in out or 'barney\n' not in out:
+        fail('Missing policy after load')
+    realm.run([kadminl, 'getpol', 'compat'],
+              expected_msg='Number of old keys kept: 5')
+    realm.run([kadminl, 'getpol', 'barney'],
+              expected_msg='Number of old keys kept: 1')
+
+    # Dump/load again, and make sure everything is still there.
+    mark('second reload')
+    realm.run([kdb5_util, 'dump', dumpfile])
+    realm.run([kdb5_util, 'load', dumpfile])
+    out = realm.run([kadminl, 'getprincs'])
+    if realm.user_princ not in out or realm.host_princ not in out:
+        fail('Missing principal after load')
+    out = realm.run([kadminl, 'getpols'])
+    if 'compat\n' not in out or 'fred\n' not in out or 'barney\n' not in out:
+        fail('Missing policy after second load')
+
+    srcdumpdir = os.path.join(srctop, 'tests', 'dumpfiles')
+    srcdump = os.path.join(srcdumpdir, 'dump')
+    srcdump_r18 = os.path.join(srcdumpdir, 'dump.r18')
+    srcdump_r13 = os.path.join(srcdumpdir, 'dump.r13')
+    srcdump_b7 = os.path.join(srcdumpdir, 'dump.b7')
+
+    # Load a dump file from the source directory.
+    realm.run([kdb5_util, 'destroy', '-f'])
+    realm.run([kdb5_util, 'load', srcdump])
+    realm.run([kdb5_util, 'stash', '-P', 'master'])
+
+    # Dump the resulting DB in each non-iprop format and compare with
+    # expected outputs.
+    dump_compare(realm, [], srcdump)
+    dump_compare(realm, ['-r18'], srcdump_r18)
+    dump_compare(realm, ['-r13'], srcdump_r13)
+    dump_compare(realm, ['-b7'], srcdump_b7)
+
+    # Load each format of dump, check it, re-dump it, and compare.
+    load_dump_check_compare(realm, ['-r18'], srcdump_r18)
+    load_dump_check_compare(realm, ['-r13'], srcdump_r13)
+    load_dump_check_compare(realm, ['-b7'], srcdump_b7)
+
+success('Dump/load tests')
diff --git a/krb5-1.21.3/src/tests/t_errmsg.py b/krb5-1.21.3/src/tests/t_errmsg.py
new file mode 100755
index 00000000..4aacf4e0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_errmsg.py
@@ -0,0 +1,27 @@
+from k5test import *
+
+realm = K5Realm(create_kdb=False)
+
+# Test err_fmt, using klist -c to induce errors.
+fmt1 = 'FOO Error: %M (see http://localhost:1234/%C for more information)'
+conf1 = {'libdefaults': {'err_fmt': fmt1}}
+e1 = realm.special_env('fmt1', False, krb5_conf=conf1)
+out = realm.run([klist, '-c', 'testdir/xx/yy'], env=e1, expected_code=1)
+if out != ('klist: FOO Error: No credentials cache found (filename: '
+           'testdir/xx/yy) (see http://localhost:1234/-1765328189 for more '
+           'information)\n'):
+    fail('err_fmt expansion failed')
+conf2 = {'libdefaults': {'err_fmt': '%M - %C'}}
+e2 = realm.special_env('fmt2', False, krb5_conf=conf2)
+out = realm.run([klist, '-c', 'testdir/xx/yy'], env=e2, expected_code=1)
+if out != ('klist: No credentials cache found (filename: testdir/xx/yy) - '
+           '-1765328189\n'):
+    fail('err_fmt expansion failed')
+conf3 = {'libdefaults': {'err_fmt': '%%%M %-% %C%'}}
+e3 = realm.special_env('fmt3', False, krb5_conf=conf3)
+out = realm.run([klist, '-c', 'testdir/xx/yy'], env=e3, expected_code=1)
+if out != ('klist: %No credentials cache found (filename: testdir/xx/yy) %-% '
+           '-1765328189%\n'):
+    fail('err_fmt expansion failed')
+
+success('error message tests')
diff --git a/krb5-1.21.3/src/tests/t_etype_info.py b/krb5-1.21.3/src/tests/t_etype_info.py
new file mode 100644
index 00000000..38cf96ca
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_etype_info.py
@@ -0,0 +1,69 @@
+from k5test import *
+
+supported_enctypes = 'aes128-cts des3-cbc-sha1 rc4-hmac'
+conf = {'libdefaults': {'allow_des3': 'true', 'allow_rc4': 'true'},
+        'realms': {'$realm': {'supported_enctypes': supported_enctypes}}}
+realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
+
+realm.run([kadminl, 'addprinc', '-pw', 'pw', '+requires_preauth',
+           'preauthuser'])
+realm.run([kadminl, 'addprinc', '-pw', 'pw', '-e', 'rc4-hmac',
+           '+requires_preauth', 'rc4user'])
+realm.run([kadminl, 'addprinc', '-nokey', '+requires_preauth', 'nokeyuser'])
+
+
+# Run the test harness for the given principal and request enctype
+# list.  Compare the output to the expected lines, ignoring order.
+def test_etinfo(princ, enctypes, expected_lines):
+    mark('etinfo test: %s %s' % (princ.partition('@')[0], enctypes))
+    conf = {'libdefaults': {'default_tkt_enctypes': enctypes}}
+    etypes_env = realm.special_env('etypes', False, krb5_conf=conf)
+    lines = realm.run(['./etinfo', princ], env=etypes_env).splitlines()
+    if sorted(lines) != sorted(expected_lines):
+        fail('Unexpected output for princ %s, etypes %s' % (princ, enctypes))
+
+
+# With no newer enctypes in the request, PA-ETYPE-INFO2,
+# PA-ETYPE-INFO, and PA-PW-SALT appear in the AS-REP, each listing one
+# key for the most preferred matching enctype.
+test_etinfo('user', 'rc4-hmac-exp des3 rc4',
+            ['asrep etype_info2 des3-cbc-sha1 KRBTEST.COMuser',
+             'asrep etype_info des3-cbc-sha1 KRBTEST.COMuser',
+             'asrep pw_salt KRBTEST.COMuser'])
+
+# With a newer enctype in the request (even if it is not the most
+# preferred enctype and doesn't match any keys), only PA-ETYPE-INFO2
+# appears.
+test_etinfo('user', 'rc4 aes256-cts',
+            ['asrep etype_info2 rc4-hmac KRBTEST.COMuser'])
+
+# In preauth-required errors, PA-PW-SALT does not appear, but the same
+# etype-info2 values are expected.
+test_etinfo('preauthuser', 'rc4-hmac-exp des3 rc4',
+            ['error etype_info2 des3-cbc-sha1 KRBTEST.COMpreauthuser',
+             'error etype_info des3-cbc-sha1 KRBTEST.COMpreauthuser'])
+test_etinfo('preauthuser', 'rc4 aes256-cts',
+            ['error etype_info2 rc4-hmac KRBTEST.COMpreauthuser'])
+
+# If no keys are found matching the request enctypes, a
+# preauth-required error can be generated with no etype-info at all
+# (to allow for preauth mechs which don't depend on long-term keys).
+# An AS-REP cannot be generated without preauth as there is no reply
+# key.
+test_etinfo('rc4user', 'des3', [])
+test_etinfo('nokeyuser', 'des3', [])
+
+# Verify that etype-info2 is included in a MORE_PREAUTH_DATA_REQUIRED
+# error if the client does optimistic preauth.
+mark('MORE_PREAUTH_DATA_REQUIRED test')
+realm.stop()
+testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')
+conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},
+                    'clpreauth': {'module': 'test:' + testpreauth}}}
+realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
+realm.run([kadminl, 'setstr', realm.user_princ, '2rt', '2rtval'])
+out = realm.run(['./etinfo', realm.user_princ, '-123'])
+if out != 'more etype_info2 aes256-cts KRBTEST.COMuser\n':
+    fail('Unexpected output for MORE_PREAUTH_DATA_REQUIRED test')
+
+success('KDC etype-info tests')
diff --git a/krb5-1.21.3/src/tests/t_general.py b/krb5-1.21.3/src/tests/t_general.py
new file mode 100755
index 00000000..8e81db1a
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_general.py
@@ -0,0 +1,74 @@
+from k5test import *
+
+for realm in multipass_realms(create_host=False):
+    # Check that kinit fails appropriately with the wrong password.
+    mark('kinit wrong password failure')
+    msg = 'Password incorrect while getting initial credentials'
+    realm.run([kinit, realm.user_princ], input='wrong\n', expected_code=1,
+              expected_msg=msg)
+
+    # Check that we can kinit as a different principal.
+    mark('kinit with specified principal')
+    realm.kinit(realm.admin_princ, password('admin'))
+    realm.klist(realm.admin_princ)
+
+    # Test FAST kinit.
+    mark('FAST kinit')
+    fastpw = password('fast')
+    realm.run([kadminl, 'ank', '-pw', fastpw, '+requires_preauth',
+               'user/fast'])
+    realm.kinit('user/fast', fastpw)
+    realm.kinit('user/fast', fastpw, flags=['-T', realm.ccache])
+    realm.klist('user/fast@%s' % realm.realm)
+
+    # Test kinit against kdb keytab
+    realm.run([kinit, "-k", "-t", "KDB:", realm.user_princ])
+
+# Test that we can get initial creds with an empty password via the
+# API.  We have to disable the "empty" pwqual module to create a
+# principal with an empty password.  (Regression test for #7642.)
+mark('initial creds with empty password')
+conf={'plugins': {'pwqual': {'disable': 'empty'}}}
+realm = K5Realm(create_user=False, create_host=False, krb5_conf=conf)
+realm.run([kadminl, 'addprinc', '-pw', '', 'user'])
+realm.run(['./icred', 'user', ''])
+realm.run(['./icred', '-s', 'user', ''])
+realm.stop()
+
+realm = K5Realm(create_host=False)
+
+# Regression test for #6428 (KDC should prefer account expiration
+# error to password expiration error).
+mark('#6428 regression test')
+realm.run([kadminl, 'addprinc', '-randkey', '-pwexpire', 'yesterday', 'xpr'])
+realm.run(['./icred', 'xpr'], expected_code=1,
+          expected_msg='Password has expired')
+realm.run([kadminl, 'modprinc', '-expire', 'yesterday', 'xpr'])
+realm.run(['./icred', 'xpr'], expected_code=1,
+          expected_msg="Client's entry in database has expired")
+
+# Regression test for #8454 (responder callback isn't used when
+# preauth is not required).
+mark('#8454 regression test')
+realm.run(['./responder', '-r', 'password=%s' % password('user'),
+           realm.user_princ])
+
+# Test that WRONG_REALM responses aren't treated as referrals unless
+# they contain a crealm field pointing to a different realm.
+# (Regression test for #8060.)
+mark('#8060 regression test')
+realm.run([kinit, '-C', 'notfoundprinc'], expected_code=1,
+          expected_msg='not found in Kerberos database')
+
+# Spot-check KRB5_TRACE output
+mark('KRB5_TRACE spot check')
+expected_trace = ('Sending initial UDP request',
+                  'Received answer',
+                  'Selected etype info',
+                  'AS key obtained',
+                  'Decrypted AS reply',
+                  'FAST negotiation: available',
+                  'Storing user@KRBTEST.COM')
+realm.kinit(realm.user_princ, password('user'), expected_trace=expected_trace)
+
+success('FAST kinit, trace logging')
diff --git a/krb5-1.21.3/src/tests/t_hooks.py b/krb5-1.21.3/src/tests/t_hooks.py
new file mode 100755
index 00000000..4fd3822e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_hooks.py
@@ -0,0 +1,8 @@
+from k5test import *
+
+# Test that KDC send and recv hooks work correctly.
+realm = K5Realm(create_host=False, get_creds=False)
+realm.run(['./hooks', realm.user_princ, password('user')])
+realm.stop()
+
+success('send and recv hook tests')
diff --git a/krb5-1.21.3/src/tests/t_hostrealm.py b/krb5-1.21.3/src/tests/t_hostrealm.py
new file mode 100755
index 00000000..40b0e1e0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_hostrealm.py
@@ -0,0 +1,140 @@
+from k5test import *
+
+plugin = os.path.join(buildtop, "plugins", "hostrealm", "test",
+                      "hostrealm_test.so")
+
+# Disable the "dns" module (we can't easily test TXT lookups) and
+# arrange the remaining modules in an order which makes sense for most
+# tests.
+conf = {'plugins': {'hostrealm': {'module': ['test1:' + plugin,
+                                             'test2:' + plugin],
+                                  'enable_only': ['test2', 'profile',
+                                                  'domain', 'test1']}},
+        'domain_realm': {'.x': 'DOTMATCH', 'x': 'MATCH', '.1': 'NUMMATCH'}}
+realm = K5Realm(krb5_conf=conf, create_kdb=False)
+
+def test(realm, args, expected_realms, msg, env=None):
+    out = realm.run(['./hrealm'] + args, env=env)
+    if out.split('\n') != expected_realms + ['']:
+        fail(msg)
+
+def test_error(realm, args, expected_error, msg, env=None):
+    realm.run(['./hrealm'] + args, env=env, expected_code=1,
+              expected_msg=expected_error)
+
+def testh(realm, host, expected_realms, msg, env=None):
+    test(realm, ['-h', host], expected_realms, msg, env=env)
+def testf(realm, host, expected_realms, msg, env=None):
+    test(realm, ['-f', host], expected_realms, msg, env=env)
+def testd(realm, expected_realm, msg, env=None):
+    test(realm, ['-d'], [expected_realm], msg, env=env)
+def testh_error(realm, host, expected_error, msg, env=None):
+    test_error(realm, ['-h', host], expected_error, msg, env=env)
+def testf_error(realm, host, expected_error, msg, env=None):
+    test_error(realm, ['-f', host], expected_error, msg, env=env)
+def testd_error(realm, expected_error, msg, env=None):
+    test_error(realm, ['-d'], expected_error, msg, env=env)
+
+###
+### krb5_get_host_realm tests
+###
+
+# The test2 module returns a fatal error on hosts beginning with 'z',
+# and an answer on hosts beginning with 'a'.
+mark('test2 module')
+testh_error(realm, 'zoo', 'service not available', 'host_realm test2 z')
+testh(realm, 'abacus', ['a'], 'host_realm test2 a')
+
+# The profile module gives answers for hostnames equal to or ending in
+# 'X', due to [domain_realms].  There is also an entry for hostnames
+# ending in '1', but hostnames which appear to be IP or IPv6 addresses
+# should instead fall through to test1.
+mark('profile module')
+testh(realm, 'x', ['MATCH'], 'host_realm profile x')
+testh(realm, '.x', ['DOTMATCH'], 'host_realm profile .x')
+testh(realm, 'b.x', ['DOTMATCH'], 'host_realm profile b.x')
+testh(realm, '.b.c.x', ['DOTMATCH'], 'host_realm profile .b.c.x')
+testh(realm, 'b.1', ['NUMMATCH'], 'host_realm profile b.1')
+testh(realm, '4.3.2.1', ['4', '3', '2', '1'], 'host_realm profile 4.3.2.1')
+testh(realm, 'b:c.x', ['b:c', 'x'], 'host_realm profile b:c.x')
+# hostname cleaning should convert "X." to "x" before matching.
+testh(realm, 'X.', ['MATCH'], 'host_realm profile X.')
+
+# The test1 module returns a list of the hostname components.
+mark('test1 module')
+testh(realm, 'b.c.d', ['b', 'c', 'd'], 'host_realm test1')
+
+# If no module returns a result, we should get the referral realm.
+mark('no result')
+testh(realm, '', [''], 'host_realm referral realm')
+
+###
+### krb5_get_fallback_host_realm tests
+###
+
+# Return a special environment with realm_try_domains set to n.
+def try_env(realm, testname, n):
+    conf = {'libdefaults': {'realm_try_domains': str(n)}}
+    return realm.special_env(testname, False, krb5_conf=conf)
+
+# The domain module will answer with the uppercased parent domain,
+# with no special configuration.
+mark('fallback: domain module')
+testf(realm, 'a.b.c', ['B.C'], 'fallback_realm domain a.b.c')
+
+# With realm_try_domains = 0, the hostname itself will be looked up as
+# a realm and returned if found.
+mark('fallback: realm_try_domains = 0')
+try0 = try_env(realm, 'try0', 0)
+testf(realm, 'krbtest.com', ['KRBTEST.COM'], 'fallback_realm try0', env=try0)
+testf(realm, 'a.b.krbtest.com', ['B.KRBTEST.COM'],
+      'fallback_realm try0 grandparent', env=try0)
+testf(realm, 'a.b.c', ['B.C'], 'fallback_realm try0 nomatch', env=try0)
+
+# With realm_try_domains = 2, the parent and grandparent will be
+# checked as well, but it stops there.
+mark('fallback: realm_try_domains = 2')
+try2 = try_env(realm, 'try2', 2)
+testf(realm, 'krbtest.com', ['KRBTEST.COM'], 'fallback_realm try2', env=try2)
+testf(realm, 'a.b.krbtest.com', ['KRBTEST.COM'],
+      'fallback_realm try2 grandparent', env=try2)
+testf(realm, 'a.b.c.krbtest.com', ['B.C.KRBTEST.COM'],
+      'fallback_realm try2 great-grandparent', env=try2)
+
+# The test1 module answers with a list of components.  Use an IPv4
+# address to bypass the domain module.
+mark('fallback: test1 module')
+testf(realm, '1.2.3.4', ['1', '2', '3', '4'], 'fallback_realm test1')
+
+# If no module answers, the default realm is returned.  The test2
+# module returns an error when we try to look that up.
+mark('fallback: default realm')
+testf_error(realm, '', 'service not available', 'fallback_realm default')
+
+###
+### krb5_get_default_realm tests
+###
+
+# The test2 module returns an error.
+mark('default_realm: test2 module')
+testd_error(realm, 'service not available', 'default_realm test2')
+
+# The profile module returns the default realm from the profile.
+# Disable test2 to expose this behavior.
+mark('default_realm: profile module')
+disable_conf = {'plugins': {'hostrealm': {'disable': 'test2'}}}
+notest2 = realm.special_env('notest2', False, krb5_conf=disable_conf)
+testd(realm, 'KRBTEST.COM', 'default_realm profile', env=notest2)
+
+# The test1 module returns a list of two realms, of which we can only
+# see the first.  Remove the profile default_realm setting to expose
+# this behavior.
+mark('default_realm: test1 module')
+remove_default = {'libdefaults': {'default_realm': None}}
+# Python 3.5+: nodefault_conf = {**disable_conf, **remove_default}
+nodefault_conf = dict(list(disable_conf.items()) +
+                      list(remove_default.items()))
+nodefault = realm.special_env('nodefault', False, krb5_conf=nodefault_conf)
+testd(realm, 'one', 'default_realm test1', env=nodefault)
+
+success('hostrealm interface tests')
diff --git a/krb5-1.21.3/src/tests/t_inetd.c b/krb5-1.21.3/src/tests/t_inetd.c
new file mode 100644
index 00000000..d22cf31f
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_inetd.c
@@ -0,0 +1,129 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/t_inetd.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * A simple program to simulate starting a process from inetd.
+ *
+ * Unlike a proper inetd situation, environment variables are passed
+ * to the client.
+ *
+ * usage: t_inetd port program argv0 ...
+ */
+
+#include "autoconf.h"
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <signal.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "com_err.h"
+
+
+char *progname;
+
+static void usage()
+{
+    fprintf(stderr, "%s: port program argv0 argv1 ...\n", progname);
+    exit(1);
+}
+
+int
+main(argc, argv)
+    int argc;
+    char **argv;
+{
+    unsigned short port;
+    char *path;
+    int sock, acc;
+    int one = 1;
+    struct sockaddr_in l_inaddr, f_inaddr;  /* local, foreign address */
+    socklen_t namelen = sizeof(f_inaddr);
+
+    progname = argv[0];
+
+    if(argc <= 3) usage();
+
+    if(atoi(argv[1]) == 0) usage();
+
+    port = htons(atoi(argv[1]));
+    path = argv[2];
+
+    if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+        com_err(progname, errno, "creating socket");
+        exit(3);
+    }
+
+    (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one,
+                      sizeof (one));
+
+    memset(&l_inaddr, 0, sizeof(l_inaddr));
+    l_inaddr.sin_family = AF_INET;
+    l_inaddr.sin_addr.s_addr = 0;
+    l_inaddr.sin_port = port;
+
+    if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
+        com_err(progname, errno, "binding socket");
+        exit(3);
+    }
+
+    if (listen(sock, 1) == -1) {
+        com_err(progname, errno, "listening");
+        exit(3);
+    }
+
+    printf("Ready!\n");
+    fflush(stdout);
+    if ((acc = accept(sock, (struct sockaddr *)&f_inaddr,
+                      &namelen)) == -1) {
+        com_err(progname, errno, "accepting");
+        exit(3);
+    }
+
+    dup2(acc, 0);
+    dup2(acc, 1);
+    dup2(acc, 2);
+    close(sock);
+    sock = 0;
+
+    if(execv(path, &argv[3]))
+        fprintf(stderr, "t_inetd: Could not exec %s\n", path);
+    exit(1);
+}
diff --git a/krb5-1.21.3/src/tests/t_iprop.py b/krb5-1.21.3/src/tests/t_iprop.py
new file mode 100755
index 00000000..b356971d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_iprop.py
@@ -0,0 +1,494 @@
+import os
+import re
+
+from k5test import *
+
+# On macOS with System Integrity Protection enabled, this script hangs
+# in the wait_for_prop() call after starting the first kpropd process,
+# most likely due to signal restrictions preventing the listening
+# child from informing the parent that a full resync was processed.
+if which('csrutil'):
+    out = subprocess.check_output(['csrutil', 'status'],
+                                  universal_newlines=True)
+    if 'status: enabled' in out:
+        skip_rest('iprop tests', 'System Integrity Protection is enabled')
+
+# Read lines from kpropd output until we are synchronized.  Error if
+# full_expected is true and we didn't see a full propagation or vice
+# versa.
+def wait_for_prop(kpropd, full_expected, expected_old, expected_new):
+    output('*** Waiting for sync from kpropd\n')
+    full_seen = sleep_seen = False
+    old_sno = new_sno = -1
+    while True:
+        line = kpropd.stdout.readline()
+        if line == '':
+            fail('kpropd process exited unexpectedly')
+        output('kpropd: ' + line)
+
+        m = re.match(r'Calling iprop_get_updates_1 \(sno=(\d+) ', line)
+        if m:
+            if not full_seen:
+                old_sno = int(m.group(1))
+            # Also record this as the new sno, in case we get back
+            # UPDATE_NIL.
+            new_sno = int(m.group(1))
+
+        m = re.match(r'Got incremental updates \(sno=(\d+) ', line)
+        if m:
+            new_sno = int(m.group(1))
+
+        if 'KDC is synchronized' in line or 'Incremental updates:' in line:
+            break
+
+        # After a full resync request, these lines could appear in
+        # either order.
+        if 'Waiting for' in line:
+            sleep_seen = True
+        if 'load process for full propagation completed' in line:
+            full_seen = True
+
+        # Detect some failure conditions.
+        if 'Still waiting for full resync' in line:
+            fail('kadmind gave consecutive full resyncs')
+        if 'Rejected connection' in line:
+            fail('kpropd rejected kprop connection')
+        if 'get updates failed' in line:
+            fail('iprop_get_updates failed')
+        if 'permission denied' in line:
+            fail('kadmind denied update')
+        if ('error from primary' in line or
+            'error returned from primary' in line):
+            fail('kadmind reported error')
+        if 'invalid return' in line:
+            fail('kadmind returned invalid result')
+
+    if full_expected and not full_seen:
+        fail('Expected full dump but saw only incremental')
+    if full_seen and not full_expected:
+        fail('Expected incremental prop but saw full dump')
+    if old_sno != expected_old:
+         fail('Expected old serial %d from kpropd sync' % expected_old)
+    if new_sno != expected_new:
+         fail('Expected new serial %d from kpropd sync' % expected_new)
+
+    # Wait until kpropd is sleeping before continuing, to avoid races.
+    # (This is imperfect since there's there is a short window between
+    # the fprintf and the sleep; kpropd will need design changes to
+    # fix that.)
+    while True:
+        line = kpropd.stdout.readline()
+        output('kpropd: ' + line)
+        if 'Waiting for' in line:
+            break
+    output('*** Sync complete\n')
+
+# Verify the output of kproplog against the expected number of
+# entries, first and last serial number, and a list of principal names
+# for the update entrires.
+def check_ulog(num, first, last, entries, env=None):
+    out = realm.run([kproplog], env=env)
+    if 'Number of entries : ' + str(num) + '\n' not in out:
+        fail('Expected %d entries' % num)
+    if last:
+        firststr = first and str(first) or 'None'
+        if 'First serial # : ' + firststr + '\n' not in out:
+            fail('Expected first serial number %d' % first)
+    laststr = last and str(last) or 'None'
+    if 'Last serial # : ' + laststr + '\n' not in out:
+        fail('Expected last serial number %d' % last)
+    assert(len(entries) == num)
+    ser = first - 1
+    entindex = 0
+    for line in out.splitlines():
+        m = re.match(r'\tUpdate serial # : (\d+)$', line)
+        if m:
+            ser = ser + 1
+            if m.group(1) != str(ser):
+                fail('Expected serial number %d in update entry' % ser)
+        m = re.match(r'\tUpdate principal : (.*)$', line)
+        if m:
+            eprinc = entries[ser - first]
+            if eprinc == None:
+                fail('Expected dummy update entry %d' % ser)
+            elif m.group(1) != eprinc:
+                fail('Expected princ %s in update entry %d' % (eprinc, ser))
+        if line == '\tDummy entry':
+            eprinc = entries[ser - first]
+            if eprinc != None:
+                fail('Expected princ %s in update entry %d' % (eprinc, ser))
+
+# replica1 will receive updates from primary, and replica2 will
+# receive updates from replica1.  Because of the awkward way iprop and
+# kprop port configuration currently works, we need separate config
+# files for the replica and primary sides of replica1, but they use
+# the same DB and ulog file.
+conf = {'realms': {'$realm': {'iprop_enable': 'true',
+                              'iprop_logfile': '$testdir/db.ulog'}}}
+conf_rep1 = {'realms': {'$realm': {'iprop_replica_poll': '600',
+                                   'iprop_logfile': '$testdir/ulog.replica1'}},
+             'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}}
+conf_rep1m = {'realms': {'$realm': {'iprop_logfile': '$testdir/ulog.replica1',
+                                    'iprop_port': '$port8'}},
+              'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}}
+conf_rep2 = {'realms': {'$realm': {'iprop_replica_poll': '600',
+                                   'iprop_logfile': '$testdir/ulog.replica2',
+                                   'iprop_port': '$port8'}},
+             'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}}
+
+conf_foo = {'libdefaults': {'default_realm': 'FOO'},
+            'domain_realm': {hostname: 'FOO'}}
+conf_rep3 = {'realms': {'$realm': {'iprop_replica_poll': '600',
+                                   'iprop_logfile': '$testdir/ulog.replica3',
+                                   'iprop_port': '$port8'},
+                        'FOO': {'iprop_logfile': '$testdir/ulog.replica3'}},
+            'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}}
+
+krb5_conf_rep4 = {'domain_realm': {hostname: 'FOO'}}
+conf_rep4 = {'realms': {'$realm': {'iprop_replica_poll': '600',
+                                   'iprop_logfile': '$testdir/ulog.replica4',
+                                   'iprop_port': '$port8'}},
+             'dbmodules': {'db': {'database_name': '$testdir/db.replica4'}}}
+
+for realm in multidb_realms(kdc_conf=conf, create_user=False,
+                            start_kadmind=True):
+    replica1 = realm.special_env('replica1', True, kdc_conf=conf_rep1)
+    replica1m = realm.special_env('replica1m', True, krb5_conf=conf_foo,
+                                  kdc_conf=conf_rep1m)
+    replica2 = realm.special_env('replica2', True, kdc_conf=conf_rep2)
+
+    # A default_realm and domain_realm that do not match the KDC's
+    # realm.  The FOO realm iprop_logfile setting is needed to run
+    # kproplog during a replica3 test, since kproplog has no realm
+    # option.
+    replica3 = realm.special_env('replica3', True, krb5_conf=conf_foo,
+                                 kdc_conf=conf_rep3)
+
+    # A default realm and a domain realm map that differ.
+    replica4 = realm.special_env('replica4', True, krb5_conf=krb5_conf_rep4,
+                                 kdc_conf=conf_rep4)
+
+    # Define some principal names.  pr3 is long enough to cause internal
+    # reallocs, but not long enough to grow the basic ulog entry size.
+    pr1 = 'wakawaka@' + realm.realm
+    pr2 = 'w@' + realm.realm
+    c = 'chocolate-flavored-school-bus'
+    cs = c + '/'
+    pr3 = (cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + c +
+           '@' + realm.realm)
+
+    # Create the kpropd ACL file.
+    acl_file = os.path.join(realm.testdir, 'kpropd-acl')
+    acl = open(acl_file, 'w')
+    acl.write(realm.host_princ + '\n')
+    acl.close()
+
+    ulog = os.path.join(realm.testdir, 'db.ulog')
+    if not os.path.exists(ulog):
+        fail('update log not created: ' + ulog)
+
+    # Create the principal used to authenticate kpropd to kadmind.
+    kiprop_princ = 'kiprop/' + hostname
+    realm.addprinc(kiprop_princ)
+    realm.extract_keytab(kiprop_princ, realm.keytab)
+
+    # Create the initial replica databases.
+    dumpfile = os.path.join(realm.testdir, 'dump')
+    realm.run([kdb5_util, 'dump', dumpfile])
+    realm.run([kdb5_util, 'load', dumpfile], replica1)
+    realm.run([kdb5_util, 'load', dumpfile], replica2)
+    realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], replica3)
+    realm.run([kdb5_util, 'load', dumpfile], replica4)
+
+    # Reinitialize the primary ulog so we know exactly what to expect
+    # in it.
+    realm.run([kproplog, '-R'])
+    check_ulog(1, 1, 1, [None])
+
+    # Make some changes to the primary DB.
+    realm.addprinc(pr1)
+    realm.addprinc(pr3)
+    realm.addprinc(pr2)
+    realm.run([kadminl, 'modprinc', '-allow_tix', pr2])
+    realm.run([kadminl, 'modprinc', '+allow_tix', pr2])
+    check_ulog(6, 1, 6, [None, pr1, pr3, pr2, pr2, pr2])
+
+    # Start kpropd for replica1 and get a full dump from primary.
+    mark('propagate M->1 full')
+    kpropd1 = realm.start_kpropd(replica1, ['-d'])
+    wait_for_prop(kpropd1, True, 1, 6)
+    out = realm.run([kadminl, 'listprincs'], env=replica1)
+    if pr1 not in out or pr2 not in out or pr3 not in out:
+        fail('replica1 does not have all principals from primary')
+    check_ulog(1, 6, 6, [None], replica1)
+
+    # Make a change and check that it propagates incrementally.
+    mark('propagate M->1 incremental')
+    realm.run([kadminl, 'modprinc', '-allow_tix', pr2])
+    check_ulog(7, 1, 7, [None, pr1, pr3, pr2, pr2, pr2, pr2])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 6, 7)
+    check_ulog(2, 6, 7, [None, pr2], replica1)
+    realm.run([kadminl, 'getprinc', pr2], env=replica1,
+              expected_msg='Attributes: DISALLOW_ALL_TIX')
+
+    # Start kadmind -proponly for replica1.  (Use the replica1m
+    # environment which defines iprop_port to $port8.)
+    replica1_out_dump_path = os.path.join(realm.testdir, 'dump.replica1.out')
+    replica2_in_dump_path = os.path.join(realm.testdir, 'dump.replica2.in')
+    replica2_kprop_port = str(realm.portbase + 9)
+    kadmind_proponly = realm.start_server([kadmind, '-r', realm.realm,
+                                           '-nofork', '-proponly',
+                                           '-p', kdb5_util,
+                                           '-K', kprop, '-k',
+                                           replica2_kprop_port,
+                                           '-F', replica1_out_dump_path],
+                                          'starting...', replica1m)
+
+    # Test similar default_realm and domain_realm map settings with -r realm.
+    mark('propagate 1->3 full')
+    replica3_in_dump_path = os.path.join(realm.testdir, 'dump.replica3.in')
+    kpropd3 = realm.start_server([kpropd, '-d', '-D', '-r', realm.realm, '-P',
+                                  replica2_kprop_port, '-f',
+                                  replica3_in_dump_path, '-p', kdb5_util, '-a',
+                                  acl_file, '-A', hostname], 'ready', replica3)
+    wait_for_prop(kpropd3, True, 1, 7)
+    out = realm.run([kadminl, '-r', realm.realm, 'listprincs'], env=replica3)
+    if pr1 not in out or pr2 not in out or pr3 not in out:
+        fail('replica3 does not have all principals from replica1')
+    check_ulog(1, 7, 7, [None], env=replica3)
+
+    # Test an incremental propagation for the kpropd -r case.
+    mark('propagate M->1->3 incremental')
+    realm.run([kadminl, 'modprinc', '-maxlife', '20 minutes', pr1])
+    check_ulog(8, 1, 8, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 7, 8)
+    check_ulog(3, 6, 8, [None, pr2, pr1], replica1)
+    realm.run([kadminl, 'getprinc', pr1], env=replica1,
+              expected_msg='Maximum ticket life: 0 days 00:20:00')
+    kpropd3.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd3, False, 7, 8)
+    check_ulog(2, 7, 8, [None, pr1], replica3)
+    realm.run([kadminl, '-r', realm.realm, 'getprinc', pr1], env=replica3,
+              expected_msg='Maximum ticket life: 0 days 00:20:00')
+    stop_daemon(kpropd3)
+
+    # Test dissimilar default_realm and domain_realm map settings (no
+    # -r realm).
+    mark('propagate 1->4 full')
+    replica4_in_dump_path = os.path.join(realm.testdir, 'dump.replica4.in')
+    kpropd4 = realm.start_server([kpropd, '-d', '-D', '-P',
+                                  replica2_kprop_port, '-f',
+                                  replica4_in_dump_path, '-p', kdb5_util,
+                                  '-a', acl_file, '-A', hostname], 'ready',
+                                 replica4)
+    wait_for_prop(kpropd4, True, 1, 8)
+    out = realm.run([kadminl, 'listprincs'], env=replica4)
+    if pr1 not in out or pr2 not in out or pr3 not in out:
+        fail('replica4 does not have all principals from replica1')
+    stop_daemon(kpropd4)
+
+    # Start kpropd for replica2.  The -A option isn't needed since
+    # we're talking to the same host as primary (we specify it anyway
+    # to exercise the code), but replica2 defines iprop_port to $port8
+    # so it will talk to replica1.  Get a full dump from replica1.
+    mark('propagate 1->2 full')
+    kpropd2 = realm.start_server([kpropd, '-d', '-D', '-P',
+                                  replica2_kprop_port, '-f',
+                                  replica2_in_dump_path, '-p', kdb5_util,
+                                  '-a', acl_file, '-A', hostname], 'ready',
+                                 replica2)
+    wait_for_prop(kpropd2, True, 1, 8)
+    check_ulog(2, 7, 8, [None, pr1], replica2)
+    out = realm.run([kadminl, 'listprincs'], env=replica1)
+    if pr1 not in out or pr2 not in out or pr3 not in out:
+        fail('replica2 does not have all principals from replica1')
+
+    # Make another change and check that it propagates incrementally
+    # to both replicas.
+    mark('propagate M->1->2 incremental')
+    realm.run([kadminl, 'modprinc', '-maxrenewlife', '22 hours', pr1])
+    check_ulog(9, 1, 9, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr1])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 8, 9)
+    check_ulog(4, 6, 9, [None, pr2, pr1, pr1], replica1)
+    realm.run([kadminl, 'getprinc', pr1], env=replica1,
+              expected_msg='Maximum renewable life: 0 days 22:00:00\n')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, False, 8, 9)
+    check_ulog(3, 7, 9, [None, pr1, pr1], replica2)
+    realm.run([kadminl, 'getprinc', pr1], env=replica2,
+              expected_msg='Maximum renewable life: 0 days 22:00:00\n')
+
+    # Reset the ulog on replica1 to force a full resync from primary.
+    # The resync will use the old dump file and then propagate
+    # changes.  replica2 should still be in sync with replica1 after
+    # the resync, so make sure it doesn't take a full resync.
+    mark('propagate M->1->2 full')
+    realm.run([kproplog, '-R'], replica1)
+    check_ulog(1, 1, 1, [None], replica1)
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, True, 1, 9)
+    check_ulog(4, 6, 9, [None, pr2, pr1, pr1], replica1)
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, False, 9, 9)
+    check_ulog(3, 7, 9, [None, pr1, pr1], replica2)
+
+    # Make another change and check that it propagates incrementally to
+    # both replicas.
+    mark('propagate M->1->2 incremental (after reset)')
+    realm.run([kadminl, 'modprinc', '+allow_tix', pr2])
+    check_ulog(10, 1, 10, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr1, pr2])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 9, 10)
+    check_ulog(5, 6, 10, [None, pr2, pr1, pr1, pr2], replica1)
+    realm.run([kadminl, 'getprinc', pr2], env=replica1,
+              expected_msg='Attributes:\n')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, False, 9, 10)
+    check_ulog(4, 7, 10, [None, pr1, pr1, pr2], replica2)
+    realm.run([kadminl, 'getprinc', pr2], env=replica2,
+              expected_msg='Attributes:\n')
+
+    # Create a policy and check that it propagates via full resync.
+    mark('propagate M->1->2 full (new policy)')
+    realm.run([kadminl, 'addpol', '-minclasses', '2', 'testpol'])
+    check_ulog(1, 1, 1, [None])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, True, 10, 1)
+    check_ulog(1, 1, 1, [None], replica1)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica1,
+              expected_msg='Minimum number of password character classes: 2')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, True, 10, 1)
+    check_ulog(1, 1, 1, [None], replica2)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica2,
+              expected_msg='Minimum number of password character classes: 2')
+
+    # Modify the policy and test that it also propagates via full resync.
+    mark('propagate M->1->2 full (policy change)')
+    realm.run([kadminl, 'modpol', '-minlength', '17', 'testpol'])
+    check_ulog(1, 1, 1, [None])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, True, 1, 1)
+    check_ulog(1, 1, 1, [None], replica1)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica1,
+              expected_msg='Minimum password length: 17')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, True, 1, 1)
+    check_ulog(1, 1, 1, [None], replica2)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica2,
+              expected_msg='Minimum password length: 17')
+
+    # Delete the policy and test that it propagates via full resync.
+    mark('propgate M->1->2 full (policy delete)')
+    realm.run([kadminl, 'delpol', 'testpol'])
+    check_ulog(1, 1, 1, [None])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, True, 1, 1)
+    check_ulog(1, 1, 1, [None], replica1)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica1, expected_code=1,
+              expected_msg='Policy does not exist')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, True, 1, 1)
+    check_ulog(1, 1, 1, [None], replica2)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica2, expected_code=1,
+              expected_msg='Policy does not exist')
+
+    # Modify a principal on the primary and test that it propagates
+    # incrementally.
+    mark('propagate M->1->2 incremental (after policy changes)')
+    realm.run([kadminl, 'modprinc', '-maxlife', '10 minutes', pr1])
+    check_ulog(2, 1, 2, [None, pr1])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 1, 2)
+    check_ulog(2, 1, 2, [None, pr1], replica1)
+    realm.run([kadminl, 'getprinc', pr1], env=replica1,
+              expected_msg='Maximum ticket life: 0 days 00:10:00')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, False, 1, 2)
+    check_ulog(2, 1, 2, [None, pr1], replica2)
+    realm.run([kadminl, 'getprinc', pr1], env=replica2,
+              expected_msg='Maximum ticket life: 0 days 00:10:00')
+
+    # Delete a principal and test that it propagates incrementally.
+    mark('propagate M->1->2 incremental (princ delete)')
+    realm.run([kadminl, 'delprinc', pr3])
+    check_ulog(3, 1, 3, [None, pr1, pr3])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 2, 3)
+    check_ulog(3, 1, 3, [None, pr1, pr3], replica1)
+    realm.run([kadminl, 'getprinc', pr3], env=replica1, expected_code=1,
+              expected_msg='Principal does not exist')
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, False, 2, 3)
+    check_ulog(3, 1, 3, [None, pr1, pr3], replica2)
+    realm.run([kadminl, 'getprinc', pr3], env=replica2, expected_code=1,
+              expected_msg='Principal does not exist')
+
+    # Rename a principal and test that it propagates incrementally.
+    mark('propagate M->1->2 incremental (princ rename)')
+    renpr = "quacked@" + realm.realm
+    realm.run([kadminl, 'renprinc', pr1, renpr])
+    check_ulog(6, 1, 6, [None, pr1, pr3, renpr, pr1, renpr])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, False, 3, 6)
+    check_ulog(6, 1, 6, [None, pr1, pr3, renpr, pr1, renpr], replica1)
+    realm.run([kadminl, 'getprinc', pr1], env=replica1, expected_code=1,
+              expected_msg='Principal does not exist')
+    realm.run([kadminl, 'getprinc', renpr], env=replica1)
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, False, 3, 6)
+    check_ulog(6, 1, 6, [None, pr1, pr3, renpr, pr1, renpr], replica2)
+    realm.run([kadminl, 'getprinc', pr1], env=replica2, expected_code=1,
+              expected_msg='Principal does not exist')
+    realm.run([kadminl, 'getprinc', renpr], env=replica2)
+
+    pr1 = renpr
+
+    # Reset the ulog on the primary to force a full resync.
+    mark('propagate M->1->2 full (ulog reset)')
+    realm.run([kproplog, '-R'])
+    check_ulog(1, 1, 1, [None])
+    kpropd1.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd1, True, 6, 1)
+    check_ulog(1, 1, 1, [None], replica1)
+    kpropd2.send_signal(signal.SIGUSR1)
+    wait_for_prop(kpropd2, True, 6, 1)
+    check_ulog(1, 1, 1, [None], replica2)
+
+    # Stop the kprop daemons so we can test kpropd -t.
+    realm.stop_kpropd(kpropd1)
+    stop_daemon(kpropd2)
+    stop_daemon(kadmind_proponly)
+    mark('kpropd -t')
+
+    # Test the case where no updates are needed.
+    out = realm.run_kpropd_once(replica1, ['-d'])
+    if 'KDC is synchronized' not in out:
+        fail('Expected synchronized from kpropd -t')
+    check_ulog(1, 1, 1, [None], replica1)
+
+    # Make a change on the primary and fetch it incrementally.
+    realm.run([kadminl, 'modprinc', '-maxlife', '5 minutes', pr1])
+    check_ulog(2, 1, 2, [None, pr1])
+    out = realm.run_kpropd_once(replica1, ['-d'])
+    if 'Got incremental updates (sno=2 ' not in out:
+        fail('Expected full dump and synchronized from kpropd -t')
+    check_ulog(2, 1, 2, [None, pr1], replica1)
+    realm.run([kadminl, 'getprinc', pr1], env=replica1,
+              expected_msg='Maximum ticket life: 0 days 00:05:00')
+
+    # Propagate a policy change via full resync.
+    realm.run([kadminl, 'addpol', '-minclasses', '3', 'testpol'])
+    check_ulog(1, 1, 1, [None])
+    out = realm.run_kpropd_once(replica1, ['-d'])
+    if ('Full propagation transfer finished' not in out or
+        'KDC is synchronized' not in out):
+        fail('Expected full dump and synchronized from kpropd -t')
+    check_ulog(1, 1, 1, [None], replica1)
+    realm.run([kadminl, 'getpol', 'testpol'], env=replica1,
+              expected_msg='Minimum number of password character classes: 3')
+
+success('iprop tests')
diff --git a/krb5-1.21.3/src/tests/t_kadm5_auth.py b/krb5-1.21.3/src/tests/t_kadm5_auth.py
new file mode 100644
index 00000000..6e0f42b0
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kadm5_auth.py
@@ -0,0 +1,80 @@
+from k5test import *
+
+# Create a realm with the welcomer and bouncer kadm5_auth test modules
+# in place of the builtin modules.
+modpath = os.path.join(buildtop, 'plugins', 'kadm5_auth', 'test',
+                       'kadm5_auth_test.so')
+conf = {'plugins': {'kadm5_auth': {'module': ['welcomer:' + modpath,
+                                              'bouncer:' + modpath],
+                                   'enable_only': ['welcomer', 'bouncer']}}}
+realm = K5Realm(krb5_conf=conf, create_host=False)
+realm.start_kadmind()
+realm.prep_kadmin()
+
+# addprinc: welcomer accepts with policy VIP, bouncer denies maxlife.
+realm.run_kadmin(['addprinc', '-randkey', 'princ'], expected_code=1)
+realm.run_kadmin(['addprinc', '-randkey', '-policy', 'VIP', 'princ'])
+realm.run_kadmin(['addprinc', '-randkey', '-policy', 'VIP', '-maxlife', '3',
+                  'princ'], expected_code=1)
+
+# modprinc: welcomer accepts with only maxrenewlife, bouncer denies
+# with even-component target principal.
+realm.run_kadmin(['modprinc', '-maxlife', '3', 'princ'], expected_code=1)
+realm.run_kadmin(['modprinc', '-maxrenewlife', '3', 'princ'])
+realm.run_kadmin(['modprinc', '-maxrenewlife', '3', 'user/admin'],
+                 expected_code=1)
+
+# setstr: welcomer accepts with key 'note', bouncer denies with value
+# length > 10.
+realm.run_kadmin(['setstr', 'princ', 'somekey', 'someval'], expected_code=1)
+realm.run_kadmin(['setstr', 'princ', 'note', 'abc'])
+realm.run_kadmin(['setstr', 'princ', 'note', 'abcdefghijkl'], expected_code=1)
+
+# delprinc: welcomer accepts with target principal beginning with 'd',
+# bouncer denies with "nodelete" string attribute.
+realm.run_kadmin(['delprinc', 'user'], expected_code=1)
+realm.run([kadminl, 'addprinc', '-randkey', 'deltest'])
+realm.run_kadmin(['delprinc', 'deltest'])
+realm.run([kadminl, 'addprinc', '-randkey', 'deltest'])
+realm.run([kadminl, 'setstr', 'deltest', 'nodelete', 'yes'])
+realm.run_kadmin(['delprinc', 'deltest'], expected_code=1)
+
+# renprinc: welcomer accepts with same-length first components, bouncer
+# refuses with source principal beginning with 'a'.
+realm.run_kadmin(['renprinc', 'princ', 'xyz'], expected_code=1)
+realm.run_kadmin(['renprinc', 'princ', 'abcde'])
+realm.run_kadmin(['renprinc', 'abcde', 'fghij'], expected_code=1)
+
+# addpol: welcomer accepts with minlength 3, bouncer denies with name
+# length <= 3.
+realm.run_kadmin(['addpol', 'testpol'], expected_code=1)
+realm.run_kadmin(['addpol', '-minlength', '3', 'testpol'])
+realm.run_kadmin(['addpol', '-minlength', '3', 'abc'], expected_code=1)
+
+# modpol: welcomer accepts changes to minlife, bouncer denies with
+# minlife > 10.
+realm.run_kadmin(['modpol', '-minlength', '4', 'testpol'], expected_code=1)
+realm.run_kadmin(['modpol', '-minlife', '8', 'testpol'])
+realm.run_kadmin(['modpol', '-minlife', '11', 'testpol'], expected_code=1)
+
+# getpol: welcomer accepts if policy and client policy have same length,
+# bouncer denies if policy name begins with 'x'.
+realm.run([kadminl, 'addpol', 'aaaa'])
+realm.run([kadminl, 'addpol', 'bbbb'])
+realm.run([kadminl, 'addpol', 'xxxx'])
+realm.run([kadminl, 'modprinc', '-policy', 'aaaa', 'user/admin'])
+realm.run_kadmin(['getpol', 'testpol'], expected_code=1)
+realm.run_kadmin(['getpol', 'bbbb'])
+realm.run_kadmin(['getpol', 'xxxx'], expected_code=1)
+
+# end: welcomer counts operations using "ends" string attribute on
+# "opcount" principal.  kadmind is dumb and invokes the end method for
+# every RPC operation including init, so we expect four calls to the
+# end operation.
+realm.run([kadminl, 'addprinc', '-nokey', 'opcount'])
+realm.run([kadminl, 'setstr', 'opcount', 'ends', '0'])
+realm.run_kadmin(['getprinc', 'user'])
+realm.run_kadmin(['getpol', 'bbbb'])
+realm.run([kadminl, 'getstrs', 'opcount'], expected_msg='ends: 4')
+
+success('kadm5_auth pluggable interface tests')
diff --git a/krb5-1.21.3/src/tests/t_kadm5_hook.py b/krb5-1.21.3/src/tests/t_kadm5_hook.py
new file mode 100755
index 00000000..32fab781
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kadm5_hook.py
@@ -0,0 +1,15 @@
+from k5test import *
+
+plugin = os.path.join(buildtop, "plugins", "kadm5_hook", "test",
+                      "kadm5_hook_test.so")
+
+hook_krb5_conf = {'plugins': {'kadm5_hook': { 'module': 'test:' + plugin}}}
+
+realm = K5Realm(krb5_conf=hook_krb5_conf, create_user=False, create_host=False)
+realm.run([kadminl, 'addprinc', '-randkey', 'test'],
+          expected_msg='create: stage precommit')
+
+realm.run([kadminl, 'renprinc', 'test', 'test2'],
+          expected_msg='rename: stage precommit')
+
+success('kadm5_hook')
diff --git a/krb5-1.21.3/src/tests/t_kadmin.py b/krb5-1.21.3/src/tests/t_kadmin.py
new file mode 100644
index 00000000..98453d92
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kadmin.py
@@ -0,0 +1,66 @@
+from k5test import *
+
+realm = K5Realm(start_kadmind=True)
+
+# Create a principal.  Test -q option and keyboard entry of the admin
+# password and principal password.  Verify creation with kadmin.local.
+realm.run([kadmin, '-q', 'addprinc princ/pw'],
+          input=password('admin') + '\npw1\npw1\n')
+realm.run([kadminl, 'getprinc', 'princ/pw'],
+          expected_msg='Principal: princ/pw@KRBTEST.COM')
+
+# Run the remaining tests with a cache for efficiency.
+realm.prep_kadmin()
+
+realm.run_kadmin(['addpol', 'standardpol'])
+realm.run_kadmin(['listpols'], expected_msg='standardpol')
+realm.run_kadmin(['modpol', '-minlength', '5', 'standardpol'])
+realm.run_kadmin(['getpol', 'standardpol'],
+                 expected_msg='Minimum password length: 5')
+
+realm.run_kadmin(['addprinc', '-randkey', 'princ/random'])
+realm.run([kadminl, 'getprinc', 'princ/random'],
+          expected_msg='Principal: princ/random@KRBTEST.COM')
+
+realm.run_kadmin(['cpw', 'princ/pw'], input='newpw\nnewpw\n')
+realm.run_kadmin(['cpw', '-randkey', 'princ/random'])
+
+realm.run_kadmin(['modprinc', '-allow_tix', 'princ/random'])
+realm.run_kadmin(['modprinc', '+allow_tix', 'princ/random'])
+realm.run_kadmin(['modprinc', '-policy', 'standardpol', 'princ/random'])
+
+realm.run_kadmin(['listprincs'], expected_msg='princ/random@KRBTEST.COM')
+
+realm.run_kadmin(['ktadd', 'princ/pw'])
+
+realm.run_kadmin(['delprinc', 'princ/random'])
+realm.run([kadminl, 'getprinc', 'princ/random'], expected_code=1,
+          expected_msg='Principal does not exist')
+realm.run_kadmin(['delprinc', 'princ/pw'])
+realm.run([kadminl, 'getprinc', 'princ/pw'], expected_code=1,
+          expected_msg='Principal does not exist')
+
+realm.run_kadmin(['delpol', 'standardpol'])
+realm.run([kadminl, 'getpol', 'standardpol'], expected_code=1,
+          expected_msg='Policy does not exist')
+
+# Regression test for #2877 (fixed-sized GSSRPC buffers can't
+# accomodate large listprinc results).
+mark('large listprincs result')
+for i in range(200):
+    realm.run_kadmin(['addprinc', '-randkey', 'foo%d' % i])
+realm.run_kadmin(['listprincs'], expected_msg='foo199')
+
+# Test kadmin -k with the default principal, with and without
+# fallback.  This operation requires canonicalization against the
+# keytab in krb5_get_init_creds_keytab() as the
+# krb5_sname_to_principal() result won't have a realm.  Try with and
+# without without fallback processing since the code paths are
+# different.
+mark('kadmin -k')
+realm.run([kadmin, '-k', 'getprinc', realm.host_princ])
+no_canon_conf = {'libdefaults': {'dns_canonicalize_hostname': 'false'}}
+no_canon = realm.special_env('no_canon', False, krb5_conf=no_canon_conf)
+realm.run([kadmin, '-k', 'getprinc', realm.host_princ], env=no_canon)
+
+success('kadmin and kpasswd tests')
diff --git a/krb5-1.21.3/src/tests/t_kadmin_acl.py b/krb5-1.21.3/src/tests/t_kadmin_acl.py
new file mode 100755
index 00000000..31a7fb87
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kadmin_acl.py
@@ -0,0 +1,352 @@
+from k5test import *
+import os
+
+realm = K5Realm(create_host=False, create_user=False)
+
+def make_client(name):
+    global realm
+    realm.addprinc(name, password(name))
+    ccache = os.path.join(realm.testdir,
+                          'kadmin_ccache_' + name.replace('/', '_'))
+    realm.kinit(name, password(name),
+                flags=['-S', 'kadmin/admin', '-c', ccache])
+    return ccache
+
+def kadmin_as(client, query, **kwargs):
+    global realm
+    return realm.run([kadmin, '-c', client] + query, **kwargs)
+
+all_add = make_client('all_add')
+all_changepw = make_client('all_changepw')
+all_delete = make_client('all_delete')
+all_inquire = make_client('all_inquire')
+all_list = make_client('all_list')
+all_modify = make_client('all_modify')
+all_rename = make_client('all_rename')
+all_wildcard = make_client('all_wildcard')
+all_extract = make_client('all_extract')
+some_add = make_client('some_add')
+some_changepw = make_client('some_changepw')
+some_delete = make_client('some_delete')
+some_inquire = make_client('some_inquire')
+some_modify = make_client('some_modify')
+some_rename = make_client('some_rename')
+restricted_add = make_client('restricted_add')
+restricted_modify = make_client('restricted_modify')
+restricted_rename = make_client('restricted_rename')
+wctarget = make_client('wctarget')
+admin = make_client('user/admin')
+none = make_client('none')
+restrictions = make_client('restrictions')
+onetwothreefour = make_client('one/two/three/four')
+
+realm.run([kadminl, 'addpol', '-minlife', '1 day', 'minlife'])
+
+f = open(os.path.join(realm.testdir, 'acl'), 'w')
+f.write('''
+all_add            a
+all_changepw       c
+all_delete         d
+all_inquire        i
+all_list           l
+all_modify         im
+all_rename         ad
+all_wildcard       x
+all_extract        ie
+some_add           a   selected
+some_changepw      c   selected
+some_delete        d   selected
+some_inquire       i   selected
+some_modify        im  selected
+some_rename        d   from
+some_rename        a   to
+restricted_add     a   *         +preauth
+restricted_modify  im  *         +preauth
+restricted_rename  ad  *         +preauth
+
+*/*                d   *2/*1
+# The next line is a regression test for #8154; it is not used directly.
+one/*/*/five       l
+*/two/*/*          d   *3/*1/*2
+*/admin            a
+wctarget           a   wild/*
+restrictions       a   type1     -policy minlife
+restrictions       a   type2     -clearpolicy
+restrictions       a   type3     -maxlife 1h -maxrenewlife 2h
+''')
+f.close()
+
+realm.start_kadmind()
+
+# cpw can generate four different RPC calls depending on options.
+realm.addprinc('selected', 'oldpw')
+realm.addprinc('unselected', 'oldpw')
+for pw in (['-pw', 'newpw'], ['-randkey']):
+    for ks in ([], ['-e', 'aes256-cts']):
+        mark('cpw: %s %s' % (repr(pw), repr(ks)))
+        args = pw + ks
+        kadmin_as(all_changepw, ['cpw'] + args + ['unselected'])
+        kadmin_as(some_changepw, ['cpw'] + args + ['selected'])
+        msg = "Operation requires ``change-password'' privilege"
+        kadmin_as(none, ['cpw'] + args + ['selected'], expected_code=1,
+                  expected_msg=msg)
+        kadmin_as(some_changepw, ['cpw'] + args + ['unselected'],
+                  expected_code=1, expected_msg=msg)
+        kadmin_as(none, ['cpw'] + args + ['none'])
+        realm.run([kadminl, 'modprinc', '-policy', 'minlife', 'none'])
+        msg = "Current password's minimum life has not expired"
+        kadmin_as(none, ['cpw'] + args + ['none'], expected_code=1,
+                  expected_msg=msg)
+        realm.run([kadminl, 'modprinc', '-clearpolicy', 'none'])
+realm.run([kadminl, 'delprinc', 'selected'])
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('addpol')
+kadmin_as(all_add, ['addpol', 'policy'])
+realm.run([kadminl, 'delpol', 'policy'])
+kadmin_as(none, ['addpol', 'policy'], expected_code=1,
+          expected_msg="Operation requires ``add'' privilege")
+
+# addprinc can generate two different RPC calls depending on options.
+for ks in ([], ['-e', 'aes256-cts']):
+    mark('addprinc: %s' % repr(ks))
+    args = ['-pw', 'pw'] + ks
+    kadmin_as(all_add, ['addprinc'] + args + ['unselected'])
+    realm.run([kadminl, 'delprinc', 'unselected'])
+    kadmin_as(some_add, ['addprinc'] + args + ['selected'])
+    realm.run([kadminl, 'delprinc', 'selected'])
+    kadmin_as(restricted_add, ['addprinc'] + args + ['unselected'])
+    realm.run([kadminl, 'getprinc', 'unselected'],
+              expected_msg='REQUIRES_PRE_AUTH')
+    realm.run([kadminl, 'delprinc', 'unselected'])
+    kadmin_as(none, ['addprinc'] + args + ['selected'], expected_code=1,
+              expected_msg="Operation requires ``add'' privilege")
+    kadmin_as(some_add, ['addprinc'] + args + ['unselected'], expected_code=1,
+              expected_msg="Operation requires ``add'' privilege")
+
+mark('delprinc')
+realm.addprinc('unselected', 'pw')
+kadmin_as(all_delete, ['delprinc', 'unselected'])
+realm.addprinc('selected', 'pw')
+kadmin_as(some_delete, ['delprinc', 'selected'])
+realm.addprinc('unselected', 'pw')
+kadmin_as(none, ['delprinc', 'unselected'], expected_code=1,
+          expected_msg="Operation requires ``delete'' privilege")
+kadmin_as(some_delete, ['delprinc', 'unselected'], expected_code=1,
+          expected_msg="Operation requires ``delete'' privilege")
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('getpol')
+kadmin_as(all_inquire, ['getpol', 'minlife'], expected_msg='Policy: minlife')
+kadmin_as(none, ['getpol', 'minlife'], expected_code=1,
+          expected_msg="Operation requires ``get'' privilege")
+realm.run([kadminl, 'modprinc', '-policy', 'minlife', 'none'])
+kadmin_as(none, ['getpol', 'minlife'], expected_msg='Policy: minlife')
+realm.run([kadminl, 'modprinc', '-clearpolicy', 'none'])
+
+mark('getprinc')
+realm.addprinc('selected', 'pw')
+realm.addprinc('unselected', 'pw')
+kadmin_as(all_inquire, ['getprinc', 'unselected'],
+          expected_msg='Principal: unselected@KRBTEST.COM')
+kadmin_as(some_inquire, ['getprinc', 'selected'],
+          expected_msg='Principal: selected@KRBTEST.COM')
+kadmin_as(none, ['getprinc', 'selected'], expected_code=1,
+          expected_msg="Operation requires ``get'' privilege")
+kadmin_as(some_inquire, ['getprinc', 'unselected'], expected_code=1,
+          expected_msg="Operation requires ``get'' privilege")
+kadmin_as(none, ['getprinc', 'none'],
+          expected_msg='Principal: none@KRBTEST.COM')
+realm.run([kadminl, 'delprinc', 'selected'])
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('listprincs')
+kadmin_as(all_list, ['listprincs'], expected_msg='K/M@KRBTEST.COM')
+kadmin_as(none, ['listprincs'], expected_code=1,
+          expected_msg="Operation requires ``list'' privilege")
+
+mark('getstrs')
+realm.addprinc('selected', 'pw')
+realm.addprinc('unselected', 'pw')
+realm.run([kadminl, 'setstr', 'selected', 'key', 'value'])
+realm.run([kadminl, 'setstr', 'unselected', 'key', 'value'])
+kadmin_as(all_inquire, ['getstrs', 'unselected'], expected_msg='key: value')
+kadmin_as(some_inquire, ['getstrs', 'selected'], expected_msg='key: value')
+kadmin_as(none, ['getstrs', 'selected'], expected_code=1,
+          expected_msg="Operation requires ``get'' privilege")
+kadmin_as(some_inquire, ['getstrs', 'unselected'], expected_code=1,
+          expected_msg="Operation requires ``get'' privilege")
+kadmin_as(none, ['getstrs', 'none'], expected_msg='(No string attributes.)')
+realm.run([kadminl, 'delprinc', 'selected'])
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('modpol')
+out = kadmin_as(all_modify, ['modpol', '-maxlife', '1 hour', 'policy'],
+                expected_code=1)
+if 'Operation requires' in out:
+    fail('modpol success (acl)')
+kadmin_as(none, ['modpol', '-maxlife', '1 hour', 'policy'], expected_code=1,
+          expected_msg="Operation requires ``modify'' privilege")
+
+mark('modprinc')
+realm.addprinc('selected', 'pw')
+realm.addprinc('unselected', 'pw')
+kadmin_as(all_modify, ['modprinc', '-maxlife', '1 hour',  'unselected'])
+kadmin_as(some_modify, ['modprinc', '-maxlife', '1 hour', 'selected'])
+kadmin_as(restricted_modify, ['modprinc', '-maxlife', '1 hour', 'unselected'])
+realm.run([kadminl, 'getprinc', 'unselected'],
+          expected_msg='REQUIRES_PRE_AUTH')
+kadmin_as(all_inquire, ['modprinc', '-maxlife', '1 hour', 'selected'],
+          expected_code=1,
+          expected_msg="Operation requires ``modify'' privilege")
+kadmin_as(some_modify, ['modprinc', '-maxlife', '1 hour', 'unselected'],
+          expected_code=1, expected_msg='Operation requires')
+realm.run([kadminl, 'delprinc', 'selected'])
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('purgekeys')
+realm.addprinc('selected', 'pw')
+realm.addprinc('unselected', 'pw')
+kadmin_as(all_modify, ['purgekeys', 'unselected'])
+kadmin_as(some_modify, ['purgekeys', 'selected'])
+kadmin_as(none, ['purgekeys', 'selected'], expected_code=1,
+          expected_msg="Operation requires ``modify'' privilege")
+kadmin_as(some_modify, ['purgekeys', 'unselected'], expected_code=1,
+          expected_msg="Operation requires ``modify'' privilege")
+kadmin_as(none, ['purgekeys', 'none'])
+realm.run([kadminl, 'delprinc', 'selected'])
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('renprinc')
+realm.addprinc('from', 'pw')
+kadmin_as(all_rename, ['renprinc', 'from', 'to'])
+realm.run([kadminl, 'renprinc', 'to', 'from'])
+kadmin_as(some_rename, ['renprinc', 'from', 'to'])
+realm.run([kadminl, 'renprinc', 'to', 'from'])
+kadmin_as(all_add, ['renprinc', 'from', 'to'], expected_code=1,
+          expected_msg="Insufficient authorization for operation")
+kadmin_as(all_delete, ['renprinc', 'from', 'to'], expected_code=1,
+          expected_msg="Insufficient authorization for operation")
+kadmin_as(some_rename, ['renprinc', 'from', 'notto'], expected_code=1,
+          expected_msg="Insufficient authorization for operation")
+realm.run([kadminl, 'renprinc', 'from', 'notfrom'])
+kadmin_as(some_rename, ['renprinc', 'notfrom', 'to'], expected_code=1,
+          expected_msg="Insufficient authorization for operation")
+kadmin_as(restricted_rename, ['renprinc', 'notfrom', 'to'], expected_code=1,
+          expected_msg="Insufficient authorization for operation")
+realm.run([kadminl, 'delprinc', 'notfrom'])
+
+mark('setstr')
+realm.addprinc('selected', 'pw')
+realm.addprinc('unselected', 'pw')
+kadmin_as(all_modify, ['setstr', 'unselected', 'key', 'value'])
+kadmin_as(some_modify, ['setstr', 'selected', 'key', 'value'])
+kadmin_as(none, ['setstr', 'selected',  'key', 'value'], expected_code=1,
+          expected_msg="Operation requires ``modify'' privilege")
+kadmin_as(some_modify, ['setstr', 'unselected', 'key', 'value'],
+          expected_code=1, expected_msg='Operation requires')
+realm.run([kadminl, 'delprinc', 'selected'])
+realm.run([kadminl, 'delprinc', 'unselected'])
+
+mark('addprinc/delprinc (wildcard)')
+kadmin_as(admin, ['addprinc', '-pw', 'pw', 'anytarget'])
+realm.run([kadminl, 'delprinc', 'anytarget'])
+kadmin_as(wctarget, ['addprinc', '-pw', 'pw', 'wild/card'])
+realm.run([kadminl, 'delprinc', 'wild/card'])
+kadmin_as(wctarget, ['addprinc', '-pw', 'pw', 'wild/card/extra'],
+          expected_code=1, expected_msg='Operation requires')
+realm.addprinc('admin/user', 'pw')
+kadmin_as(admin, ['delprinc', 'admin/user'])
+kadmin_as(admin, ['delprinc', 'none'], expected_code=1,
+          expected_msg='Operation requires')
+realm.addprinc('four/one/three', 'pw')
+kadmin_as(onetwothreefour, ['delprinc', 'four/one/three'])
+
+mark('addprinc (restrictions)')
+kadmin_as(restrictions, ['addprinc', '-pw', 'pw', 'type1'])
+realm.run([kadminl, 'getprinc', 'type1'], expected_msg='Policy: minlife')
+realm.run([kadminl, 'delprinc', 'type1'])
+kadmin_as(restrictions, ['addprinc', '-pw', 'pw', '-policy', 'minlife',
+                         'type2'])
+realm.run([kadminl, 'getprinc', 'type2'], expected_msg='Policy: [none]')
+realm.run([kadminl, 'delprinc', 'type2'])
+kadmin_as(restrictions, ['addprinc', '-pw', 'pw', '-maxlife', '1 minute',
+                         'type3'])
+out = realm.run([kadminl, 'getprinc', 'type3'])
+if ('Maximum ticket life: 0 days 00:01:00' not in out or
+    'Maximum renewable life: 0 days 02:00:00' not in out):
+    fail('restriction (maxlife low, maxrenewlife unspec)')
+realm.run([kadminl, 'delprinc', 'type3'])
+kadmin_as(restrictions, ['addprinc', '-pw', 'pw', '-maxrenewlife', '1 day',
+                         'type3'])
+realm.run([kadminl, 'getprinc', 'type3'],
+          expected_msg='Maximum renewable life: 0 days 02:00:00')
+
+mark('extract')
+realm.run([kadminl, 'addprinc', '-pw', 'pw', 'extractkeys'])
+kadmin_as(all_wildcard, ['ktadd', '-norandkey', 'extractkeys'],
+          expected_code=1,
+          expected_msg="Operation requires ``extract-keys'' privilege")
+kadmin_as(all_extract, ['ktadd', '-norandkey', 'extractkeys'])
+realm.kinit('extractkeys', flags=['-k'])
+os.remove(realm.keytab)
+
+mark('lockdown_keys')
+kadmin_as(all_modify, ['modprinc', '+lockdown_keys', 'extractkeys'])
+kadmin_as(all_changepw, ['cpw', '-pw', 'newpw', 'extractkeys'],
+          expected_code=1,
+          expected_msg="Operation requires ``change-password'' privilege")
+kadmin_as(all_changepw, ['cpw', '-randkey', 'extractkeys'])
+kadmin_as(all_extract, ['ktadd', '-norandkey', 'extractkeys'], expected_code=1,
+          expected_msg="Operation requires ``extract-keys'' privilege")
+kadmin_as(all_delete, ['delprinc', 'extractkeys'], expected_code=1,
+          expected_msg="Operation requires ``delete'' privilege")
+kadmin_as(all_rename, ['renprinc', 'extractkeys', 'renamedprinc'],
+          expected_code=1,
+          expected_msg="Operation requires ``delete'' privilege")
+kadmin_as(all_modify, ['modprinc', '-lockdown_keys', 'extractkeys'],
+          expected_code=1,
+          expected_msg="Operation requires ``modify'' privilege")
+realm.run([kadminl, 'modprinc', '-lockdown_keys', 'extractkeys'])
+kadmin_as(all_extract, ['ktadd', '-norandkey', 'extractkeys'])
+realm.kinit('extractkeys', flags=['-k'])
+os.remove(realm.keytab)
+
+# Verify that self-service key changes require an initial ticket.
+mark('self-service initial ticket')
+realm.run([kadminl, 'cpw', '-pw', password('none'), 'none'])
+realm.run([kadminl, 'modprinc', '+allow_tgs_req', 'kadmin/admin'])
+realm.kinit('none', password('none'))
+realm.run([kvno, 'kadmin/admin'])
+msg = 'Operation requires initial ticket'
+realm.run([kadmin, '-c', realm.ccache, 'cpw', '-pw', 'newpw', 'none'],
+          expected_code=1, expected_msg=msg)
+realm.run([kadmin, '-c', realm.ccache, 'cpw', '-pw', 'newpw',
+           '-e', 'aes256-cts', 'none'], expected_code=1, expected_msg=msg)
+realm.run([kadmin, '-c', realm.ccache, 'cpw', '-randkey', 'none'],
+          expected_code=1, expected_msg=msg)
+realm.run([kadmin, '-c', realm.ccache, 'cpw', '-randkey', '-e', 'aes256-cts',
+           'none'], expected_code=1, expected_msg=msg)
+
+# Test authentication to kadmin/hostname.
+mark('authentication to kadmin/hostname')
+kadmin_hostname = 'kadmin/' + hostname
+realm.addprinc(kadmin_hostname)
+realm.run([kadminl, 'delprinc', 'kadmin/admin'])
+msgs = ('Getting initial credentials for user/admin@KRBTEST.COM',
+        'Setting initial creds service to kadmin/admin',
+        '/Server not found in Kerberos database',
+        'Getting initial credentials for user/admin@KRBTEST.COM',
+        'Setting initial creds service to ' + kadmin_hostname,
+        'Decrypted AS reply')
+realm.run([kadmin, '-p', 'user/admin', 'listprincs'], expected_code=1,
+          expected_msg="Operation requires ``list'' privilege",
+          input=password('user/admin'), expected_trace=msgs)
+
+# Test operations disallowed at the libkadm5 layer.
+realm.run([kadminl, 'delprinc', 'K/M'],
+          expected_code=1, expected_msg='Cannot change protected principal')
+realm.run([kadminl, 'cpw', '-pw', 'pw', 'kadmin/history'],
+          expected_code=1, expected_msg='Cannot change protected principal')
+
+success('kadmin ACL enforcement')
diff --git a/krb5-1.21.3/src/tests/t_kadmin_parsing.py b/krb5-1.21.3/src/tests/t_kadmin_parsing.py
new file mode 100644
index 00000000..bebb0148
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kadmin_parsing.py
@@ -0,0 +1,82 @@
+from k5test import *
+
+# This file contains tests for kadmin command parsing.  Principal
+# flags (which can also be used in kadm5.acl or krb5.conf) are tested
+# in t_princflags.py.
+
+# kadmin recognizes time intervals using either the
+# krb5_string_to_deltat() formats or the relative getdate.y formats.
+# (Absolute getdate.y formats also work with the current time
+# subtracted; this isn't very useful and we won't test it here.)
+intervals = (
+    # krb5_string_to_deltat() formats.  Whitespace ( \t\n) is allowed
+    # before or between most elements or at the end, but not after
+    # 's'.  Negative or oversized numbers are allowed in most places,
+    # but not after the first number in an HH:MM:SS form.
+    ('28s', '0 days 00:00:28'),
+    ('7m ', '0 days 00:07:00'),
+    ('6m 9s', '0 days 00:06:09'),
+    ('2h', '0 days 02:00:00'),
+    ('2h-5s', '0 days 01:59:55'),
+    ('2h3m', '0 days 02:03:00'),
+    ('2h3m5s', '0 days 02:03:05'),
+    ('5d ', '5 days 00:00:00'),
+    ('5d-48s', '4 days 23:59:12'),
+    ('5d18m', '5 days 00:18:00'),
+    ('5d -6m56s', '4 days 23:54:56'),
+    ('5d4h', '5 days 04:00:00'),
+    ('5d4h 1s', '5 days 04:00:01'),
+    ('5d4h3m', '5 days 04:03:00'),
+    (' \t 15d \n 4h  3m  2s', '15 days 04:03:02'),
+    ('10-8:45:0', '10 days 08:45:00'),
+    ('1000:67:99', '41 days 17:08:39'),
+    ('999:11', '41 days 15:11:00'),
+    ('382512', '4 days 10:15:12'),
+
+    # getdate.y relative formats (and "never", which is handled
+    # specially as a zero interval).  Any number of relative forms can
+    # be specified in any order.  Whitespace is ignored before or
+    # after any token.  "month" and "year" are allowed as units but
+    # depend on the current time, so we won't test them.  Plural unit
+    # names are treated identically to singular unit names.  Numbers
+    # before unit names are optional and may be signed; there are also
+    # aliases for some numbers.  "ago" inverts the interval up to the
+    # point where it appears.
+    ('never', '0 days 00:00:00'),
+    ('fortnight', '14 days 00:00:00'),
+    ('3 day ago 4 weeks 8 hours', '25 days 08:00:00'),
+    ('8 second -3 secs 5 minute ago 63 min', '0 days 00:57:55'),
+    ('min mins min mins min', '0 days 00:05:00'),
+    ('tomorrow tomorrow today yesterday now last minute', '0 days 23:59:00'),
+    ('this second next minute first hour third fortnight fourth day '
+     'fifth weeks sixth sec seventh secs eighth second ninth mins tenth '
+     'day eleventh min twelfth sec', '91 days 01:22:34'))
+
+realm = K5Realm(create_host=False, get_creds=False)
+realm.run([kadminl, 'addpol', 'pol'])
+for instr, outstr in intervals:
+    realm.run([kadminl, 'modprinc', '-maxlife', instr, realm.user_princ])
+    msg = 'Maximum ticket life: ' + outstr + '\n'
+    realm.run([kadminl, 'getprinc', realm.user_princ], expected_msg=msg)
+
+    realm.run([kadminl, 'modprinc', '-maxrenewlife', instr, realm.user_princ])
+    msg = 'Maximum renewable life: ' + outstr + '\n'
+    realm.run([kadminl, 'getprinc', realm.user_princ], expected_msg=msg)
+
+    realm.run([kadminl, 'modpol', '-maxlife', instr, 'pol'])
+    msg = 'Maximum password life: ' + outstr + '\n'
+    realm.run([kadminl, 'getpol', 'pol'], expected_msg=msg)
+
+    realm.run([kadminl, 'modpol', '-minlife', instr, 'pol'])
+    msg = 'Minimum password life: ' + outstr + '\n'
+    realm.run([kadminl, 'getpol', 'pol'], expected_msg=msg)
+
+    realm.run([kadminl, 'modpol', '-failurecountinterval', instr, 'pol'])
+    msg = 'Password failure count reset interval: ' + outstr + '\n'
+    realm.run([kadminl, 'getpol', 'pol'], expected_msg=msg)
+
+    realm.run([kadminl, 'modpol', '-lockoutduration', instr, 'pol'])
+    msg = 'Password lockout duration: ' + outstr + '\n'
+    realm.run([kadminl, 'getpol', 'pol'], expected_msg=msg)
+
+success('kadmin command parsing tests')
diff --git a/krb5-1.21.3/src/tests/t_kdb.py b/krb5-1.21.3/src/tests/t_kdb.py
new file mode 100755
index 00000000..5211cbc7
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kdb.py
@@ -0,0 +1,622 @@
+from k5test import *
+import time
+
+# Run kdbtest against the non-LDAP KDB modules.
+for realm in multidb_realms(create_kdb=False):
+    realm.run(['./kdbtest'])
+
+# Set up an OpenLDAP test server if we can.
+
+if (not os.path.exists(os.path.join(plugins, 'kdb', 'kldap.so')) and
+    not os.path.exists(os.path.join(buildtop, 'lib', 'libkdb_ldap.a'))):
+    skip_rest('LDAP KDB tests', 'LDAP KDB module not built')
+
+if 'SLAPD' not in os.environ and not which('slapd'):
+    skip_rest('LDAP KDB tests', 'slapd not found')
+
+slapadd = which('slapadd')
+if not slapadd:
+    skip_rest('LDAP KDB tests', 'slapadd not found')
+
+ldapdir = os.path.abspath('ldap')
+dbdir = os.path.join(ldapdir, 'ldap')
+slapd_conf = os.path.join(ldapdir, 'slapd.d')
+slapd_out = os.path.join(ldapdir, 'slapd.out')
+slapd_pidfile = os.path.join(ldapdir, 'pid')
+ldap_pwfile = os.path.join(ldapdir, 'pw')
+ldap_sock = os.path.join(ldapdir, 'sock')
+ldap_uri = 'ldapi://%s/' % ldap_sock.replace(os.path.sep, '%2F')
+schema = os.path.join(srctop, 'plugins', 'kdb', 'ldap', 'libkdb_ldap',
+                      'kerberos.openldap.ldif')
+top_dn = 'cn=krb5'
+admin_dn = 'cn=admin,cn=krb5'
+admin_pw = 'admin'
+
+shutil.rmtree(ldapdir, True)
+os.mkdir(ldapdir)
+os.mkdir(slapd_conf)
+os.mkdir(dbdir)
+
+if 'SLAPD' in os.environ:
+    slapd = os.environ['SLAPD']
+else:
+    # Some Linux installations have AppArmor or similar restrictions
+    # on the slapd binary, which would prevent it from accessing the
+    # build directory.  Try to defeat this by copying the binary.
+    system_slapd = which('slapd')
+    slapd = os.path.join(ldapdir, 'slapd')
+    shutil.copy(system_slapd, slapd)
+
+def slap_add(ldif):
+    proc = subprocess.Popen([slapadd, '-b', 'cn=config', '-F', slapd_conf],
+                            stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+                            stderr=subprocess.STDOUT, universal_newlines=True)
+    (out, dummy) = proc.communicate(ldif)
+    output(out)
+    return proc.wait()
+
+
+# Configure the pid file and some authorization rules we will need for
+# SASL testing.
+if slap_add('dn: cn=config\n'
+            'objectClass: olcGlobal\n'
+            'olcPidFile: %s\n'
+            'olcAuthzRegexp: '
+            '".*uidNumber=%d,cn=peercred,cn=external,cn=auth" "%s"\n'
+            'olcAuthzRegexp: "uid=digestuser,cn=digest-md5,cn=auth" "%s"\n' %
+            (slapd_pidfile, os.geteuid(), admin_dn, admin_dn)) != 0:
+    skip_rest('LDAP KDB tests', 'slapd basic configuration failed')
+
+# Find a working writable database type, trying mdb (added in OpenLDAP
+# 2.4.27) and bdb (deprecated and sometimes not built due to licensing
+# incompatibilities).
+for dbtype in ('mdb', 'bdb'):
+    # Try to load the module.  This could fail if OpenLDAP is built
+    # without module support, so ignore errors.
+    slap_add('dn: cn=module,cn=config\n'
+             'objectClass: olcModuleList\n'
+             'olcModuleLoad: back_%s\n' % dbtype)
+
+    dbclass = 'olc%sConfig' % dbtype.capitalize()
+    if slap_add('dn: olcDatabase=%s,cn=config\n'
+                'objectClass: olcDatabaseConfig\n'
+                'objectClass: %s\n'
+                'olcSuffix: %s\n'
+                'olcRootDN: %s\n'
+                'olcRootPW: %s\n'
+                'olcDbDirectory: %s\n' %
+                (dbtype, dbclass, top_dn, admin_dn, admin_pw, dbdir)) == 0:
+        break
+else:
+    skip_rest('LDAP KDB tests', 'could not find working slapd db type')
+
+if slap_add('include: file://%s\n' % schema) != 0:
+    skip_rest('LDAP KDB tests', 'failed to load Kerberos schema')
+
+# Load the core schema if we can.
+ldap_homes = ['/etc/ldap', '/etc/openldap', '/usr/local/etc/openldap',
+              '/usr/local/etc/ldap']
+local_schema_path = '/schema/core.ldif'
+core_schema = next((i for i in map(lambda x:x+local_schema_path, ldap_homes)
+                    if os.path.isfile(i)), None)
+if core_schema:
+    if slap_add('include: file://%s\n' % core_schema) != 0:
+        core_schema = None
+
+slapd_pid = -1
+def kill_slapd():
+    global slapd_pid
+    if slapd_pid != -1:
+        os.kill(slapd_pid, signal.SIGTERM)
+        slapd_pid = -1
+atexit.register(kill_slapd)
+
+out = open(slapd_out, 'w')
+subprocess.call([slapd, '-h', ldap_uri, '-F', slapd_conf], stdout=out,
+                stderr=out, universal_newlines=True)
+out.close()
+pidf = open(slapd_pidfile, 'r')
+slapd_pid = int(pidf.read())
+pidf.close()
+output('*** Started slapd (pid %d, output in %s)\n' % (slapd_pid, slapd_out))
+
+# slapd detaches before it finishes setting up its listener sockets
+# (they are bound but listen() has not been called).  Give it a second
+# to finish.
+time.sleep(1)
+
+# Run kdbtest against the LDAP module.
+conf = {'realms': {'$realm': {'database_module': 'ldap'}},
+        'dbmodules': {'ldap': {'db_library': 'kldap',
+                               'ldap_kerberos_container_dn': top_dn,
+                               'ldap_kdc_dn': admin_dn,
+                               'ldap_kadmind_dn': admin_dn,
+                               'ldap_service_password_file': ldap_pwfile,
+                               'ldap_servers': ldap_uri}}}
+realm = K5Realm(create_kdb=False, kdc_conf=conf)
+input = admin_pw + '\n' + admin_pw + '\n'
+realm.run([kdb5_ldap_util, 'stashsrvpw', admin_dn], input=input)
+realm.run(['./kdbtest'])
+
+# Run a kdb5_ldap_util command using the test server's admin DN and password.
+def kldaputil(args, **kw):
+    return realm.run([kdb5_ldap_util, '-D', admin_dn, '-w', admin_pw] + args,
+                     **kw)
+
+# kdbtest can't currently clean up after itself since the LDAP module
+# doesn't support krb5_db_destroy.  So clean up after it with
+# kdb5_ldap_util before proceeding.
+kldaputil(['destroy', '-f'])
+
+ldapmodify = which('ldapmodify')
+ldapsearch = which('ldapsearch')
+if not ldapmodify or not ldapsearch:
+    skip_rest('some LDAP KDB tests', 'ldapmodify or ldapsearch not found')
+
+def ldap_search(args):
+    proc = subprocess.Popen([ldapsearch, '-H', ldap_uri, '-b', top_dn,
+                             '-D', admin_dn, '-w', admin_pw, args],
+                            stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+                            stderr=subprocess.STDOUT, universal_newlines=True)
+    (out, dummy) = proc.communicate()
+    return out
+
+def ldap_modify(ldif, args=[]):
+    proc = subprocess.Popen([ldapmodify, '-H', ldap_uri, '-D', admin_dn,
+                             '-x', '-w', admin_pw] + args,
+                            stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+                            stderr=subprocess.STDOUT, universal_newlines=True)
+    (out, dummy) = proc.communicate(ldif)
+    output(out)
+
+def ldap_add(dn, objectclass, attrs=[]):
+    in_data = 'dn: %s\nobjectclass: %s\n' % (dn, objectclass)
+    in_data += '\n'.join(attrs) + '\n'
+    ldap_modify(in_data, ['-a'])
+
+# Create krbContainer objects for use as subtrees.
+ldap_add('cn=t1,cn=krb5', 'krbContainer')
+ldap_add('cn=t2,cn=krb5', 'krbContainer')
+ldap_add('cn=x,cn=t1,cn=krb5', 'krbContainer')
+ldap_add('cn=y,cn=t2,cn=krb5', 'krbContainer')
+
+# Create a realm, exercising all of the realm options.
+kldaputil(['create', '-s', '-P', 'master', '-subtrees', 'cn=t2,cn=krb5',
+           '-containerref', 'cn=t2,cn=krb5', '-sscope', 'one',
+           '-maxtktlife', '5min', '-maxrenewlife', '10min', '-allow_svr'])
+
+# Modify the realm, exercising overlapping subtree pruning.
+kldaputil(['modify', '-subtrees',
+           'cn=x,cn=t1,cn=krb5:cn=t1,cn=krb5:cn=t2,cn=krb5:cn=y,cn=t2,cn=krb5',
+           '-containerref', 'cn=t1,cn=krb5', '-sscope', 'sub',
+           '-maxtktlife', '5hour', '-maxrenewlife', '10hour', '+allow_svr'])
+
+out = kldaputil(['list'])
+if out != 'KRBTEST.COM\n':
+    fail('Unexpected kdb5_ldap_util list output')
+
+# Create a principal at a specified DN.  This is a little dodgy
+# because we're sticking a krbPrincipalAux objectclass onto a subtree
+# krbContainer, but it works and it avoids having to load core.schema
+# in the test LDAP server.
+mark('LDAP specified dn')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=krb5', 'princ1'],
+          expected_code=1, expected_msg='DN is out of the realm subtree')
+# Check that the DN container check is a hierarchy test, not a simple
+# suffix match (CVE-2018-5730).  We expect this operation to fail
+# either way (because "xcn" isn't a valid DN tag) but the container
+# check should happen before the DN is parsed.
+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=xcn=t1,cn=krb5', 'princ1'],
+          expected_code=1, expected_msg='DN is out of the realm subtree')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'princ1'])
+realm.run([kadminl, 'getprinc', 'princ1'], expected_msg='Principal: princ1')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'dn=cn=t2,cn=krb5', 'again'],
+          expected_code=1, expected_msg='ldap object is already kerberized')
+# Check that we can't set linkdn on a non-standalone object.
+realm.run([kadminl, 'modprinc', '-x', 'linkdn=cn=t1,cn=krb5', 'princ1'],
+          expected_code=1, expected_msg='link information can not be set')
+
+# Create a principal with a specified linkdn.
+mark('LDAP specified linkdn')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'linkdn=cn=krb5', 'princ2'],
+          expected_code=1, expected_msg='DN is out of the realm subtree')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'linkdn=cn=t1,cn=krb5', 'princ2'])
+# Check that we can't reset linkdn.
+realm.run([kadminl, 'modprinc', '-x', 'linkdn=cn=t2,cn=krb5', 'princ2'],
+          expected_code=1, expected_msg='kerberos principal is already linked')
+
+# Create a principal with a specified containerdn.
+mark('LDAP specified containerdn')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5', 'princ3'],
+          expected_code=1, expected_msg='DN is out of the realm subtree')
+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=t1,cn=krb5',
+           'princ3'])
+realm.run([kadminl, 'modprinc', '-x', 'containerdn=cn=t2,cn=krb5', 'princ3'],
+          expected_code=1, expected_msg='containerdn option not supported')
+# Verify that containerdn is checked when linkdn is also supplied
+# (CVE-2018-5730).
+realm.run([kadminl, 'ank', '-randkey', '-x', 'containerdn=cn=krb5',
+           '-x', 'linkdn=cn=t2,cn=krb5', 'princ4'], expected_code=1,
+          expected_msg='DN is out of the realm subtree')
+
+mark('LDAP ticket policy')
+
+# Create and modify a ticket policy.
+kldaputil(['create_policy', '-maxtktlife', '3hour', '-maxrenewlife', '6hour',
+           '-allow_forwardable', 'tktpol'])
+kldaputil(['modify_policy', '-maxtktlife', '4hour', '-maxrenewlife', '8hour',
+           '+requires_preauth', 'tktpol'])
+out = kldaputil(['view_policy', 'tktpol'])
+if ('Ticket policy: tktpol\n' not in out or
+    'Maximum ticket life: 0 days 04:00:00\n' not in out or
+    'Maximum renewable life: 0 days 08:00:00\n' not in out or
+    'Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PRE_AUTH' not in out):
+    fail('Unexpected kdb5_ldap_util view_policy output')
+
+out = kldaputil(['list_policy'])
+if out != 'tktpol\n':
+    fail('Unexpected kdb5_ldap_util list_policy output')
+
+# Associate the ticket policy to a principal.
+realm.run([kadminl, 'ank', '-randkey', '-x', 'tktpolicy=tktpol', 'princ4'])
+out = realm.run([kadminl, 'getprinc', 'princ4'])
+if ('Maximum ticket life: 0 days 04:00:00\n' not in out or
+    'Maximum renewable life: 0 days 08:00:00\n' not in out or
+    'Attributes: DISALLOW_FORWARDABLE REQUIRES_PRE_AUTH\n' not in out):
+    fail('Unexpected getprinc output with ticket policy')
+
+# Destroying the policy should fail while a principal references it.
+kldaputil(['destroy_policy', '-force', 'tktpol'], expected_code=1)
+
+# Dissociate the ticket policy from the principal.
+realm.run([kadminl, 'modprinc', '-x', 'tktpolicy=', 'princ4'])
+out = realm.run([kadminl, 'getprinc', 'princ4'])
+if ('Maximum ticket life: 0 days 05:00:00\n' not in out or
+    'Maximum renewable life: 0 days 10:00:00\n' not in out or
+    'Attributes:\n' not in out):
+    fail('Unexpected getprinc output without ticket policy')
+
+# Destroy the ticket policy.
+kldaputil(['destroy_policy', '-force', 'tktpol'])
+kldaputil(['view_policy', 'tktpol'], expected_code=1)
+out = kldaputil(['list_policy'])
+if out:
+    fail('Unexpected kdb5_ldap_util list_policy output after destroy')
+
+# Create another ticket policy to be destroyed with the realm.
+kldaputil(['create_policy', 'tktpol2'])
+
+# Try to create a password policy conflicting with a ticket policy.
+realm.run([kadminl, 'addpol', 'tktpol2'], expected_code=1,
+          expected_msg='Already exists while creating policy "tktpol2"')
+
+# Try to create a ticket policy conflicting with a password policy.
+realm.run([kadminl, 'addpol', 'pwpol'])
+out = kldaputil(['create_policy', 'pwpol'], expected_code=1)
+if 'Already exists while creating policy object' not in out:
+    fail('Expected error not seen in kdb5_ldap_util output')
+
+# Try to use a password policy as a ticket policy.
+realm.run([kadminl, 'modprinc', '-x', 'tktpolicy=pwpol', 'princ4'],
+          expected_code=1, expected_msg='Object class violation')
+
+# Use a ticket policy as a password policy (CVE-2014-5353).  This
+# works with a warning; use kadmin.local -q so the warning is shown.
+realm.run([kadminl, '-q', 'modprinc -policy tktpol2 princ4'],
+          expected_msg='WARNING: policy "tktpol2" does not exist')
+
+# Do some basic tests with a KDC against the LDAP module, exercising the
+# db_args processing code.
+mark('LDAP KDC operation')
+realm.start_kdc(['-x', 'nconns=3', '-x', 'host=' + ldap_uri,
+                 '-x', 'binddn=' + admin_dn, '-x', 'bindpwd=' + admin_pw])
+realm.addprinc(realm.user_princ, password('user'))
+realm.addprinc(realm.host_princ)
+realm.extract_keytab(realm.host_princ, realm.keytab)
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, realm.host_princ])
+realm.klist(realm.user_princ, realm.host_princ)
+
+mark('LDAP auth indicator')
+
+# Test require_auth normalization.
+realm.addprinc('authind', password('authind'))
+realm.run([kadminl, 'setstr', 'authind', 'require_auth', 'otp radius'])
+
+# Check that krbPrincipalAuthInd attributes are set when the string
+# attribute it set.
+out = ldap_search('(krbPrincipalName=authind*)')
+if 'krbPrincipalAuthInd: otp' not in out:
+    fail('Expected krbPrincipalAuthInd value not in output')
+if 'krbPrincipalAuthInd: radius' not in out:
+    fail('Expected krbPrincipalAuthInd value not in output')
+
+# Check that the string attribute still appears when the principal is
+# loaded.
+realm.run([kadminl, 'getstrs', 'authind'],
+          expected_msg='require_auth: otp radius')
+
+# Modify the LDAP attributes and check that the change is reflected in
+# the string attribute.
+ldap_modify('dn: krbPrincipalName=authind@KRBTEST.COM,cn=t1,cn=krb5\n'
+            'changetype: modify\n'
+            'replace: krbPrincipalAuthInd\n'
+            'krbPrincipalAuthInd: radius\n'
+            'krbPrincipalAuthInd: pkinit\n')
+realm.run([kadminl, 'getstrs', 'authind'],
+           expected_msg='require_auth: radius pkinit')
+
+# Regression test for #8877: remove the string attribute and check
+# that it is reflected in the LDAP attributes and by getstrs.
+realm.run([kadminl, 'delstr', 'authind', 'require_auth'])
+out = ldap_search('(krbPrincipalName=authind*)')
+if 'krbPrincipalAuthInd' in out:
+    fail('krbPrincipalAuthInd attribute still present after delstr')
+out = realm.run([kadminl, 'getstrs', 'authind'])
+if 'require_auth' in out:
+    fail('require_auth string attribute still visible after delstr')
+
+mark('LDAP service principal aliases')
+
+# Test service principal aliases.
+realm.addprinc('canon', password('canon'))
+ldap_modify('dn: krbPrincipalName=canon@KRBTEST.COM,cn=t1,cn=krb5\n'
+            'changetype: modify\n'
+            'add: krbPrincipalName\n'
+            'krbPrincipalName: alias@KRBTEST.COM\n'
+            'krbPrincipalName: ent@abc@KRBTEST.COM\n'
+            '-\n'
+            'add: krbCanonicalName\n'
+            'krbCanonicalName: canon@KRBTEST.COM\n')
+realm.run([kadminl, 'getprinc', 'alias'],
+          expected_msg='Principal: canon@KRBTEST.COM\n')
+realm.run([kadminl, 'getprinc', 'ent\\@abc'],
+          expected_msg='Principal: canon@KRBTEST.COM\n')
+realm.run([kadminl, 'getprinc', 'canon'],
+          expected_msg='Principal: canon@KRBTEST.COM\n')
+realm.run([kvno, 'alias', 'canon'])
+out = realm.run([klist])
+if 'alias@KRBTEST.COM\n' not in out or 'canon@KRBTEST.COM' not in out:
+    fail('After fetching alias and canon, klist is missing one or both')
+realm.kinit(realm.user_princ, password('user'), ['-S', 'alias'])
+realm.klist(realm.user_princ, 'alias@KRBTEST.COM')
+
+# Make sure an alias to the local TGS is still treated like an alias.
+ldap_modify('dn: krbPrincipalName=krbtgt/KRBTEST.COM@KRBTEST.COM,'
+            'cn=KRBTEST.COM,cn=krb5\n'
+            'changetype: modify\n'
+            'add:krbPrincipalName\n'
+            'krbPrincipalName: tgtalias@KRBTEST.COM\n'
+            '-\n'
+            'add: krbCanonicalName\n'
+            'krbCanonicalName: krbtgt/KRBTEST.COM@KRBTEST.COM\n')
+realm.run([kadminl, 'getprinc', 'tgtalias'],
+          expected_msg='Principal: krbtgt/KRBTEST.COM@KRBTEST.COM')
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, 'tgtalias'])
+realm.klist(realm.user_princ, 'tgtalias@KRBTEST.COM')
+
+# Make sure aliases work in header tickets.
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '3 hours', 'user'])
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '3 hours',
+           'krbtgt/KRBTEST.COM'])
+realm.kinit(realm.user_princ, password('user'), ['-l', '1h', '-r', '2h'])
+realm.run([kvno, 'alias'])
+realm.kinit(realm.user_princ, flags=['-R', '-S', 'alias'])
+realm.klist(realm.user_princ, 'alias@KRBTEST.COM')
+
+# Test client principal aliases, with and without preauth.
+realm.kinit('canon', password('canon'))
+realm.kinit('alias', password('canon'))
+realm.run([kvno, 'alias'])
+realm.klist('alias@KRBTEST.COM', 'alias@KRBTEST.COM')
+realm.kinit('alias', password('canon'), ['-C'])
+realm.run([kvno, 'alias'])
+realm.klist('canon@KRBTEST.COM', 'alias@KRBTEST.COM')
+realm.run([kadminl, 'modprinc', '+requires_preauth', 'canon'])
+realm.kinit('canon', password('canon'))
+realm.kinit('alias', password('canon'), ['-C'])
+
+# Test enterprise alias with and without canonicalization.
+realm.kinit('ent@abc', password('canon'), ['-E', '-C'])
+realm.run([kvno, 'alias'])
+realm.klist('canon@KRBTEST.COM', 'alias@KRBTEST.COM')
+
+realm.kinit('ent@abc', password('canon'), ['-E'])
+realm.run([kvno, 'alias'])
+realm.klist('ent\\@abc@KRBTEST.COM', 'alias@KRBTEST.COM')
+
+# Test client name canonicalization in non-krbtgt AS reply
+realm.kinit('alias', password('canon'), ['-C', '-S', 'kadmin/changepw'])
+
+mark('LDAP password history')
+
+# Test password history.
+def test_pwhist(nhist):
+    def cpw(n, **kwargs):
+        realm.run([kadminl, 'cpw', '-pw', str(n), princ], **kwargs)
+    def cpw_fail(n):
+        cpw(n, expected_code=1)
+    output('*** Testing password history of size %d\n' % nhist)
+    princ = 'pwhistprinc' + str(nhist)
+    pol = 'pwhistpol' + str(nhist)
+    realm.run([kadminl, 'addpol', '-history', str(nhist), pol])
+    realm.run([kadminl, 'addprinc', '-policy', pol, '-nokey', princ])
+    for i in range(nhist):
+        # Set a password, then check that all previous passwords fail.
+        cpw(i)
+        for j in range(i + 1):
+            cpw_fail(j)
+    # Set one more new password, and make sure the oldest key is
+    # rotated out.
+    cpw(nhist)
+    cpw_fail(1)
+    cpw(0)
+
+for n in (1, 2, 3, 4, 5):
+    test_pwhist(n)
+
+# Regression test for #8193: test password character class requirements.
+princ = 'charclassprinc'
+pol = 'charclasspol'
+realm.run([kadminl, 'addpol', '-minclasses', '3', pol])
+realm.run([kadminl, 'addprinc', '-policy', pol, '-nokey', princ])
+realm.run([kadminl, 'cpw', '-pw', 'abcdef', princ], expected_code=1)
+realm.run([kadminl, 'cpw', '-pw', 'Abcdef', princ], expected_code=1)
+realm.run([kadminl, 'cpw', '-pw', 'Abcdef1', princ])
+
+# Test principal renaming and make sure last modified is changed
+def get_princ(princ):
+    out = realm.run([kadminl, 'getprinc', princ])
+    return dict(map(str.strip, x.split(":", 1)) for x in out.splitlines())
+
+mark('LDAP principal renaming')
+realm.addprinc("rename", password('rename'))
+renameprinc = get_princ("rename")
+realm.run([kadminl, '-p', 'fake@KRBTEST.COM', 'renprinc', 'rename', 'renamed'])
+renamedprinc = get_princ("renamed")
+if renameprinc['Last modified'] == renamedprinc['Last modified']:
+    fail('Last modified data not updated when principal was renamed')
+
+# Regression test for #7980 (fencepost when dividing keys up by kvno).
+mark('#7980 regression test')
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts,aes128-cts',
+           'kvnoprinc'])
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e',
+           'aes256-cts,aes128-cts', 'kvnoprinc'])
+realm.run([kadminl, 'getprinc', 'kvnoprinc'], expected_msg='Number of keys: 4')
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e',
+           'aes256-cts,aes128-cts', 'kvnoprinc'])
+realm.run([kadminl, 'getprinc', 'kvnoprinc'], expected_msg='Number of keys: 6')
+
+# Regression test for #8041 (NULL dereference on keyless principals).
+mark('#8041 regression test')
+realm.run([kadminl, 'addprinc', '-nokey', 'keylessprinc'])
+realm.run([kadminl, 'getprinc', 'keylessprinc'],
+          expected_msg='Number of keys: 0')
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes256-cts,aes128-cts',
+           'keylessprinc'])
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e',
+           'aes256-cts,aes128-cts', 'keylessprinc'])
+realm.run([kadminl, 'getprinc', 'keylessprinc'],
+          expected_msg='Number of keys: 4')
+realm.run([kadminl, 'purgekeys', '-all', 'keylessprinc'])
+realm.run([kadminl, 'getprinc', 'keylessprinc'],
+          expected_msg='Number of keys: 0')
+
+# Test for 8354 (old password history entries when -keepold is used)
+mark('#8354 regression test')
+realm.run([kadminl, 'addpol', '-history', '2', 'keepoldpasspol'])
+realm.run([kadminl, 'addprinc', '-policy', 'keepoldpasspol', '-pw', 'aaaa',
+           'keepoldpassprinc'])
+for p in ('bbbb', 'cccc', 'aaaa'):
+    realm.run([kadminl, 'cpw', '-keepold', '-pw', p, 'keepoldpassprinc'])
+
+if runenv.sizeof_time_t <= 4:
+    skipped('y2038 LDAP test', 'platform has 32-bit time_t')
+else:
+    # Test storage of timestamps after y2038.
+    realm.run([kadminl, 'modprinc', '-pwexpire', '2040-02-03', 'user'])
+    realm.run([kadminl, 'getprinc', 'user'], expected_msg=' 2040\n')
+
+# Regression test for #8861 (pw_expiration policy enforcement).
+mark('pw_expiration propogation')
+# Create a policy with a max life and verify its application.
+realm.run([kadminl, 'addpol', '-maxlife', '1s', 'pw_e'])
+realm.run([kadminl, 'addprinc', '-policy', 'pw_e', '-pw', 'password',
+           'pwuser'])
+out = realm.run([kadminl, 'getprinc', 'pwuser'],
+                expected_msg='Password expiration date: ')
+if 'Password expiration date: [never]' in out:
+    fail('pw_expiration not applied at principal creation')
+# Unset the policy max life and verify its application during password
+# change.
+realm.run([kadminl, 'modpol', '-maxlife', '0', 'pw_e'])
+realm.run([kadminl, 'cpw', '-pw', 'password_', 'pwuser'])
+realm.run([kadminl, 'getprinc', 'pwuser'],
+          expected_msg='Password expiration date: [never]')
+
+realm.stop()
+
+# Test dump and load.  Include a regression test for #8882
+# (pw_expiration not set during load operation).
+mark('LDAP dump and load')
+realm.run([kadminl, 'modprinc', '-pwexpire', 'now', 'pwuser'])
+dumpfile = os.path.join(realm.testdir, 'dump')
+realm.run([kdb5_util, 'dump', dumpfile])
+realm.run([kdb5_util, 'load', dumpfile], expected_code=1,
+          expected_msg='KDB module requires -update argument')
+realm.run([kadminl, 'delprinc', 'pwuser'])
+realm.run([kdb5_util, 'load', '-update', dumpfile])
+out = realm.run([kadminl, 'getprinc', 'pwuser'])
+if 'Password expiration date: [never]' in out:
+    fail('pw_expiration not preserved across dump and load')
+
+# Destroy the realm.
+kldaputil(['destroy', '-f'])
+out = kldaputil(['list'])
+if out:
+    fail('Unexpected kdb5_ldap_util list output after destroy')
+
+if not core_schema:
+    skip_rest('LDAP SASL tests', 'core schema not found')
+
+if runenv.have_sasl != 'yes':
+    skip_rest('LDAP SASL tests', 'SASL support not built')
+
+# Test SASL EXTERNAL auth.  Remove the DNs and service password file
+# from the DB module config.
+mark('LDAP SASL EXTERNAL auth')
+os.remove(ldap_pwfile)
+dbmod = conf['dbmodules']['ldap']
+dbmod['ldap_kdc_sasl_mech'] = dbmod['ldap_kadmind_sasl_mech'] = 'EXTERNAL'
+del dbmod['ldap_service_password_file']
+del dbmod['ldap_kdc_dn'], dbmod['ldap_kadmind_dn']
+realm = K5Realm(create_kdb=False, kdc_conf=conf)
+realm.run([kdb5_ldap_util, 'create', '-s', '-P', 'master'])
+realm.start_kdc()
+realm.addprinc(realm.user_princ, password('user'))
+realm.kinit(realm.user_princ, password('user'))
+realm.stop()
+realm.run([kdb5_ldap_util, 'destroy', '-f'])
+
+# Test SASL DIGEST-MD5 auth.  We need to set a clear-text password for
+# the admin DN, so create a person entry (requires the core schema).
+# Restore the service password file in the config and set authcids.
+mark('LDAP SASL DIGEST-MD5 auth')
+ldap_add('cn=admin,cn=krb5', 'person',
+         ['sn: dummy', 'userPassword: admin'])
+dbmod['ldap_kdc_sasl_mech'] = dbmod['ldap_kadmind_sasl_mech'] = 'DIGEST-MD5'
+dbmod['ldap_kdc_sasl_authcid'] = 'digestuser'
+dbmod['ldap_kadmind_sasl_authcid'] = 'digestuser'
+dbmod['ldap_service_password_file'] = ldap_pwfile
+realm = K5Realm(create_kdb=False, kdc_conf=conf)
+input = admin_pw + '\n' + admin_pw + '\n'
+realm.run([kdb5_ldap_util, 'stashsrvpw', 'digestuser'], input=input)
+realm.run([kdb5_ldap_util, 'create', '-s', '-P', 'master'])
+realm.start_kdc()
+realm.addprinc(realm.user_princ, password('user'))
+realm.kinit(realm.user_princ, password('user'))
+realm.stop()
+# Exercise DB options, which should cause binding to fail.
+realm.run([kadminl, '-x', 'sasl_authcid=ab', 'getprinc', 'user'],
+          expected_code=1, expected_msg='Cannot bind to LDAP server')
+realm.run([kadminl, '-x', 'bindpwd=wrong', 'getprinc', 'user'],
+          expected_code=1, expected_msg='Cannot bind to LDAP server')
+realm.run([kdb5_ldap_util, 'destroy', '-f'])
+
+# We could still use tests to exercise:
+# * DB arg handling in krb5_ldap_create
+# * krbAllowedToDelegateTo attribute processing
+# * A load operation overwriting a standalone principal entry which
+#   already exists but doesn't have a krbPrincipalName attribute
+#   matching the principal name.
+# * A bunch of invalid-input error conditions
+#
+# There is no coverage for the following because it would be difficult:
+# * Out-of-memory error conditions
+# * Handling of failures from slapd (including krb5_retry_get_ldap_handle)
+# * Handling of servers which don't support mod-increment
+# * krb5_ldap_delete_krbcontainer (only happens if krb5_ldap_create fails)
+
+success('LDAP and DB2 KDB tests')
diff --git a/krb5-1.21.3/src/tests/t_kdb_locking.py b/krb5-1.21.3/src/tests/t_kdb_locking.py
new file mode 100755
index 00000000..9ae42a82
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kdb_locking.py
@@ -0,0 +1,32 @@
+# This is a regression test for
+# https://bugzilla.redhat.com/show_bug.cgi?id=586032 .
+#
+# We start a KDC, remove the kadm5 lock file, use the KDC, re-create the
+# kadm5 lock file, and use kadmin.local.  The kinit should fail, and the
+# kadmin.local should succeed.
+
+
+import os
+
+from k5test import *
+
+p = 'foo'
+realm = K5Realm(create_user=False, bdb_only=True)
+realm.addprinc(p, p)
+
+kadm5_lock = os.path.join(realm.testdir, 'db.kadm5.lock')
+if not os.path.exists(kadm5_lock):
+    fail('kadm5 lock file not created: ' + kadm5_lock)
+os.unlink(kadm5_lock)
+
+realm.kinit(p, p, [], expected_code=1,
+            expected_msg='A service is not available')
+
+f = open(kadm5_lock, 'w')
+f.close()
+
+output = realm.run([kadminl, 'modprinc', '-allow_tix', p])
+if 'Cannot lock database' in output:
+    fail('krb5kdc still holds a lock on the principal db')
+
+success('KDB locking tests')
diff --git a/krb5-1.21.3/src/tests/t_kdc_log.py b/krb5-1.21.3/src/tests/t_kdc_log.py
new file mode 100755
index 00000000..1b14828d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kdc_log.py
@@ -0,0 +1,21 @@
+from k5test import *
+
+# Make a TGS request with an expired ticket.
+realm = K5Realm()
+realm.stop()
+realm.start_kdc(['-T', '3600'])
+realm.run([kvno, realm.host_princ], expected_code=1)
+
+kdc_logfile = os.path.join(realm.testdir, 'kdc.log')
+f = open(kdc_logfile, 'r')
+found_skew = False
+for line in f:
+    if 'Clock skew too great' in line:
+        found_skew = True
+        if realm.user_princ not in line:
+            fail('Client principal not logged in expired-ticket TGS request')
+f.close()
+if not found_skew:
+    fail('Did not find KDC log line for expired-ticket TGS request')
+
+success('KDC logging tests')
diff --git a/krb5-1.21.3/src/tests/t_kdcoptions.py b/krb5-1.21.3/src/tests/t_kdcoptions.py
new file mode 100644
index 00000000..7ec57508
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kdcoptions.py
@@ -0,0 +1,100 @@
+from k5test import *
+import re
+
+# KDC option test coverage notes:
+#
+# FORWARDABLE              here
+# FORWARDED                no test
+# PROXIABLE                here
+# PROXY                    no test
+# ALLOW_POSTDATE           no test
+# POSTDATED                no test
+# RENEWABLE                t_renew.py
+# CNAME_IN_ADDL_TKT        gssapi/t_s4u.py
+# CANONICALIZE             t_kdb.py and various other tests
+# REQUEST_ANONYMOUS        t_pkinit.py
+# DISABLE_TRANSITED_CHECK  no test
+# RENEWABLE_OK             t_renew.py
+# ENC_TKT_IN_SKEY          t_u2u.py
+# RENEW                    t_renew.py
+# VALIDATE                 no test
+
+# Run klist -f and return the flags on the ticket for svcprinc.
+def get_flags(realm, svcprinc):
+    grab_flags = False
+    for line in realm.run([klist, '-f']).splitlines():
+        if grab_flags:
+            return re.findall(r'Flags: ([a-zA-Z]*)', line)[0]
+        grab_flags = line.endswith(svcprinc)
+
+
+# Get the flags on the ticket for svcprinc, and check for an expected
+# element and an expected-absent element, either of which can be None.
+def check_flags(realm, svcprinc, expected_flag, expected_noflag):
+    flags = get_flags(realm, svcprinc)
+    if expected_flag is not None and not expected_flag in flags:
+        fail('expected flag ' + expected_flag)
+    if expected_noflag is not None and expected_noflag in flags:
+        fail('did not expect flag ' + expected_noflag)
+
+
+# Run kinit with the given flags, and check the flags on the resulting
+# TGT.
+def kinit_check_flags(realm, flags, expected_flag, expected_noflag):
+    realm.kinit(realm.user_princ, password('user'), flags)
+    check_flags(realm, realm.krbtgt_princ, expected_flag, expected_noflag)
+
+
+# Run kinit with kflags.  Then get credentials for the host principal
+# with gflags, and check the flags on the resulting ticket.
+def gcred_check_flags(realm, kflags, gflags, expected_flag, expected_noflag):
+    realm.kinit(realm.user_princ, password('user'), kflags)
+    realm.run(['./gcred'] + gflags + ['unknown', realm.host_princ])
+    check_flags(realm, realm.host_princ, expected_flag, expected_noflag)
+
+
+realm = K5Realm()
+
+mark('proxiable (AS)')
+kinit_check_flags(realm, [], None, 'P')
+kinit_check_flags(realm, ['-p'], 'P', None)
+realm.run([kadminl, 'modprinc', '-allow_proxiable', realm.user_princ])
+kinit_check_flags(realm, ['-p'], None, 'P')
+realm.run([kadminl, 'modprinc', '+allow_proxiable', realm.user_princ])
+realm.run([kadminl, 'modprinc', '-allow_proxiable', realm.krbtgt_princ])
+kinit_check_flags(realm, ['-p'], None, 'P')
+realm.run([kadminl, 'modprinc', '+allow_proxiable', realm.krbtgt_princ])
+
+mark('proxiable (TGS)')
+gcred_check_flags(realm, [], [], None, 'P')
+gcred_check_flags(realm, ['-p'], [], 'P', None)
+
+# Not tested: PROXIABLE option set with a non-proxiable TGT (because
+# there is no krb5_get_credentials() flag to request this; would
+# expect a non-proxiable ticket).
+
+# Not tested: proxiable TGT but PROXIABLE flag not set (because we
+# internally set the PROXIABLE option when using a proxiable TGT;
+# would expect a non-proxiable ticket).
+
+mark('forwardable (AS)')
+kinit_check_flags(realm, [], None, 'F')
+kinit_check_flags(realm, ['-f'], 'F', None)
+realm.run([kadminl, 'modprinc', '-allow_forwardable', realm.user_princ])
+kinit_check_flags(realm, ['-f'], None, 'F')
+realm.run([kadminl, 'modprinc', '+allow_forwardable', realm.user_princ])
+realm.run([kadminl, 'modprinc', '-allow_forwardable', realm.krbtgt_princ])
+kinit_check_flags(realm, ['-f'], None, 'F')
+realm.run([kadminl, 'modprinc', '+allow_forwardable', realm.krbtgt_princ])
+
+mark('forwardable (TGS)')
+realm.kinit(realm.user_princ, password('user'))
+gcred_check_flags(realm, [], [], None, 'F')
+gcred_check_flags(realm, [], ['-f'], None, 'F')
+gcred_check_flags(realm, ['-f'], [], 'F', None)
+
+# Not tested: forwardable TGT but FORWARDABLE flag not set (because we
+# internally set the FORWARDABLE option when using a forwardable TGT;
+# would expect a non-proxiable ticket).
+
+success('KDC option tests')
diff --git a/krb5-1.21.3/src/tests/t_kdcpolicy.py b/krb5-1.21.3/src/tests/t_kdcpolicy.py
new file mode 100644
index 00000000..92413338
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kdcpolicy.py
@@ -0,0 +1,65 @@
+from k5test import *
+from datetime import datetime
+import re
+
+testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')
+testpolicy = os.path.join(buildtop, 'plugins', 'kdcpolicy', 'test',
+                          'kdcpolicy_test.so')
+krb5_conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},
+                         'clpreauth': {'module': 'test:' + testpreauth},
+                         'kdcpolicy': {'module': 'test:' + testpolicy}}}
+kdc_conf = {'realms': {'$realm': {'default_principal_flags': '+preauth',
+                                  'max_renewable_life': '1d'}}}
+realm = K5Realm(krb5_conf=krb5_conf, kdc_conf=kdc_conf)
+
+# We will be scraping timestamps from klist to compute lifetimes, so
+# use a time zone with no daylight savings time.
+realm.env['TZ'] = 'UTC'
+
+realm.run([kadminl, 'addprinc', '-pw', password('fail'), 'fail'])
+
+def verify_time(out, target_time):
+    times = re.findall(r'\d\d/\d\d/\d\d \d\d:\d\d:\d\d', out)
+    times = [datetime.strptime(t, '%m/%d/%y %H:%M:%S') for t in times]
+    divisor = 1
+    while len(times) > 0:
+        starttime = times.pop(0)
+        endtime = times.pop(0)
+        renewtime = times.pop(0)
+
+        if str((endtime - starttime) * divisor) != target_time:
+            fail('unexpected lifetime value')
+        if str((renewtime - endtime) * divisor) != target_time:
+            fail('unexpected renewable value')
+
+        # Service tickets should have half the lifetime of initial
+        # tickets.
+        divisor = 2
+
+rflags = ['-r', '1d', '-l', '12h']
+
+# Test AS+TGS success path.
+realm.kinit(realm.user_princ, password('user'),
+            rflags + ['-X', 'indicators=SEVEN_HOURS'])
+realm.run([kvno, realm.host_princ])
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [SEVEN_HOURS]')
+out = realm.run([klist, '-e', realm.ccache])
+verify_time(out, '7:00:00')
+
+# Test AS+TGS success path with different values.
+realm.kinit(realm.user_princ, password('user'),
+            rflags + ['-X', 'indicators=ONE_HOUR'])
+realm.run([kvno, realm.host_princ])
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [ONE_HOUR]')
+out = realm.run([klist, '-e', realm.ccache])
+verify_time(out, '1:00:00')
+
+# Test TGS failure path (using previous creds).
+realm.run([kvno, 'fail@%s' % realm.realm], expected_code=1,
+          expected_msg='KDC policy rejects request')
+
+# Test AS failure path.
+realm.kinit('fail@%s' % realm.realm, password('fail'),
+            expected_code=1, expected_msg='KDC policy rejects request')
+
+success('kdcpolicy tests')
diff --git a/krb5-1.21.3/src/tests/t_keydata.py b/krb5-1.21.3/src/tests/t_keydata.py
new file mode 100755
index 00000000..baa40b62
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_keydata.py
@@ -0,0 +1,49 @@
+from k5test import *
+
+realm = K5Realm(create_user=False, create_host=False)
+
+# Create a principal with no keys.
+realm.run([kadminl, 'addprinc', '-nokey', 'user'])
+realm.run([kadminl, 'getprinc', 'user'], expected_msg='Number of keys: 0')
+
+# Change its password and check the resulting kvno.
+realm.run([kadminl, 'cpw', '-pw', 'password', 'user'])
+realm.run([kadminl, 'getprinc', 'user'], expected_msg='vno 1')
+
+# Delete all of its keys.
+realm.run([kadminl, 'purgekeys', '-all', 'user'])
+realm.run([kadminl, 'getprinc', 'user'], expected_msg='Number of keys: 0')
+
+# Randomize its keys and check the resulting kvno.
+realm.run([kadminl, 'cpw', '-randkey', 'user'])
+realm.run([kadminl, 'getprinc', 'user'], expected_msg='vno 1')
+
+# Return true if patype appears to have been received in a hint list
+# from a KDC error message, based on the trace file fname.
+def preauth_type_received(trace, patype):
+    found = False
+    for line in trace.splitlines():
+        if 'Processing preauth types:' in line:
+            ind = line.find('types:')
+            patypes = line[ind + 6:].split(', ')
+            if str(patype) in patypes:
+                found = True
+    return found
+
+# Make sure the KDC doesn't offer encrypted timestamp for a principal
+# with no keys.
+realm.run([kadminl, 'purgekeys', '-all', 'user'])
+realm.run([kadminl, 'modprinc', '+requires_preauth', 'user'])
+out, trace = realm.run([kinit, 'user'], expected_code=1, return_trace=True)
+if preauth_type_received(trace, 2):
+    fail('encrypted timestamp')
+
+# Make sure it doesn't offer encrypted challenge either.
+realm.run([kadminl, 'addprinc', '-pw', 'fast', 'armor'])
+realm.kinit('armor', 'fast')
+out, trace = realm.run([kinit, '-T', realm.ccache, 'user'], expected_code=1,
+                       return_trace=True)
+if preauth_type_received(trace, 138):
+    fail('encrypted challenge')
+
+success('Key data tests')
diff --git a/krb5-1.21.3/src/tests/t_keyrollover.py b/krb5-1.21.3/src/tests/t_keyrollover.py
new file mode 100755
index 00000000..e9840dfa
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_keyrollover.py
@@ -0,0 +1,75 @@
+from k5test import *
+
+rollover_krb5_conf = {'libdefaults': {'allow_weak_crypto': 'true'}}
+
+realm = K5Realm(krbtgt_keysalt='aes128-cts-hmac-sha256-128:normal',
+                krb5_conf=rollover_krb5_conf)
+
+princ1 = 'host/test1@%s' % (realm.realm,)
+princ2 = 'host/test2@%s' % (realm.realm,)
+realm.addprinc(princ1)
+realm.addprinc(princ2)
+
+realm.run([kvno, realm.host_princ])
+
+# Change key for TGS, keeping old key.
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes256-cts', '-keepold',
+           realm.krbtgt_princ])
+
+# Ensure that kvno still works with an old TGT.
+realm.run([kvno, princ1])
+
+realm.run([kadminl, 'purgekeys', realm.krbtgt_princ])
+# Make sure an old TGT fails after purging old TGS key.
+realm.run([kvno, princ2], expected_code=1)
+msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): ' \
+    'aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha256-128' % \
+    (realm.realm, realm.realm)
+realm.run([klist, '-e'], expected_msg=msg)
+
+# Check that new key actually works.
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, realm.host_princ])
+msg = 'krbtgt/%s@%s\n\tEtype (skey, tkt): ' \
+    'aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96' % \
+    (realm.realm, realm.realm)
+realm.run([klist, '-e'], expected_msg=msg)
+
+# Test that the KDC only accepts the first enctype for a kvno, for a
+# local-realm TGS request.  To set this up, we abuse an edge-case
+# behavior of modprinc -kvno.  First, set up a DES3 krbtgt entry at
+# kvno 1 and cache a krbtgt ticket.
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'des3-cbc-sha1',
+           realm.krbtgt_princ])
+realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ])
+realm.kinit(realm.user_princ, password('user'))
+# Add an AES krbtgt entry at kvno 2, and then reset it to kvno 1
+# (modprinc -kvno sets the kvno on all entries without deleting any).
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes256-cts',
+           realm.krbtgt_princ])
+realm.run([kadminl, 'modprinc', '-kvno', '1', realm.krbtgt_princ])
+out = realm.run([kadminl, 'getprinc', realm.krbtgt_princ])
+if 'vno 1, aes256-cts' not in out or \
+   'vno 1, DEPRECATED:des3-cbc-sha1' not in out:
+    fail('keyrollover: setup for TGS enctype test failed')
+# Now present the DES3 ticket to the KDC and make sure it's rejected.
+realm.run([kvno, realm.host_princ], expected_code=1)
+
+realm.stop()
+
+# Test a cross-realm TGT key rollover scenario where realm 1 mimics
+# the Active Directory behavior of always using kvno 0 when issuing
+# cross-realm TGTs.  The first kvno invocation caches a cross-realm
+# TGT with the old key, and the second kvno invocation sends it to
+# r2's KDC with no kvno to identify it, forcing the KDC to try
+# multiple keys.
+r1, r2 = cross_realms(2)
+crosstgt_princ = 'krbtgt/%s@%s' % (r2.realm, r1.realm)
+r1.run([kadminl, 'modprinc', '-kvno', '0', crosstgt_princ])
+r1.run([kvno, r2.host_princ])
+r2.run([kadminl, 'cpw', '-pw', 'newcross', '-keepold', crosstgt_princ])
+r1.run([kadminl, 'cpw', '-pw', 'newcross', crosstgt_princ])
+r1.run([kadminl, 'modprinc', '-kvno', '0', crosstgt_princ])
+r1.run([kvno, r2.user_princ])
+
+success('keyrollover')
diff --git a/krb5-1.21.3/src/tests/t_keytab.py b/krb5-1.21.3/src/tests/t_keytab.py
new file mode 100755
index 00000000..a9adebb2
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_keytab.py
@@ -0,0 +1,209 @@
+from k5test import *
+
+for realm in multipass_realms(create_user=False):
+    # Test kinit with a keytab.
+    realm.kinit(realm.host_princ, flags=['-k'])
+
+realm = K5Realm(get_creds=False, start_kadmind=True)
+
+# Test kinit with a partial keytab.
+mark('partial keytab')
+pkeytab = realm.keytab + '.partial'
+realm.run([ktutil], input=('rkt %s\ndelent 1\nwkt %s\n' %
+                           (realm.keytab, pkeytab)))
+realm.kinit(realm.host_princ, flags=['-k', '-t', pkeytab])
+
+# Test kinit with no keys for client in keytab.
+mark('no keys for client')
+realm.kinit(realm.user_princ, flags=['-k'], expected_code=1,
+            expected_msg='no suitable keys')
+
+# Test kinit and klist with client keytab defaults.
+mark('client keytab')
+realm.extract_keytab(realm.user_princ, realm.client_keytab);
+realm.run([kinit, '-k', '-i'])
+realm.klist(realm.user_princ)
+realm.run([kdestroy])
+realm.kinit(realm.user_princ, flags=['-k', '-i'])
+realm.klist(realm.user_princ)
+out = realm.run([klist, '-k', '-i'])
+if realm.client_keytab not in out or realm.user_princ not in out:
+    fail('Expected output not seen from klist -k -i')
+
+# Test implicit request for keytab (-i or -t without -k)
+mark('implicit -k')
+realm.run([kdestroy])
+realm.kinit(realm.host_princ, flags=['-t', realm.keytab],
+            expected_msg='keytab specified, forcing -k')
+realm.klist(realm.host_princ)
+realm.run([kdestroy])
+realm.kinit(realm.user_princ, flags=['-i'],
+            expected_msg='keytab specified, forcing -k')
+realm.klist(realm.user_princ)
+
+# Test default principal for -k.  This operation requires
+# canonicalization against the keytab in krb5_get_init_creds_keytab()
+# as the krb5_sname_to_principal() result won't have a realm.  Try
+# with and without without fallback processing since the code paths
+# are different.
+mark('default principal for -k')
+realm.run([kinit, '-k'])
+realm.klist(realm.host_princ)
+no_canon_conf = {'libdefaults': {'dns_canonicalize_hostname': 'false'}}
+no_canon = realm.special_env('no_canon', False, krb5_conf=no_canon_conf)
+realm.run([kinit, '-k'], env=no_canon)
+realm.klist(realm.host_princ)
+
+# Test extracting keys with multiple key versions present.
+mark('multi-kvno extract')
+os.remove(realm.keytab)
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', realm.host_princ])
+out = realm.run([kadminl, 'ktadd', '-norandkey', realm.host_princ])
+if 'with kvno 1,' not in out or 'with kvno 2,' not in out:
+    fail('Expected output not seen from kadmin.local ktadd -norandkey')
+out = realm.run([klist, '-k', '-e'])
+if ' 1 host/' not in out or ' 2 host/' not in out:
+    fail('Expected output not seen from klist -k -e')
+
+# Test again using kadmin over the network.
+mark('multi-kvno extract (via kadmin)')
+realm.prep_kadmin()
+os.remove(realm.keytab)
+out = realm.run_kadmin(['ktadd', '-norandkey', realm.host_princ])
+if 'with kvno 1,' not in out or 'with kvno 2,' not in out:
+    fail('Expected output not seen from kadmin.local ktadd -norandkey')
+out = realm.run([klist, '-k', '-e'])
+if ' 1 host/' not in out or ' 2 host/' not in out:
+    fail('Expected output not seen from klist -k -e')
+
+# Test handling of kvno values beyond 255.  Use kadmin over the
+# network since we used to have an 8-bit limit on kvno marshalling.
+
+# Test one key rotation, verifying that the expected new kvno appears
+# in the keytab and in the principal entry.
+def test_key_rotate(realm, princ, expected_kvno):
+    realm.run_kadmin(['ktadd', '-k', realm.keytab, princ])
+    realm.run([kadminl, 'ktrem', princ, 'old'])
+    realm.kinit(princ, flags=['-k'])
+    msg = '%d %s' % (expected_kvno, princ)
+    out = realm.run([klist, '-k'], expected_msg=msg)
+    msg = 'Key: vno %d,' % expected_kvno
+    out = realm.run_kadmin(['getprinc', princ], expected_msg=msg)
+
+mark('key rotation across boundaries')
+princ = 'foo/bar@%s' % realm.realm
+realm.addprinc(princ)
+os.remove(realm.keytab)
+realm.run([kadminl, 'modprinc', '-kvno', '253', princ])
+test_key_rotate(realm, princ, 254)
+test_key_rotate(realm, princ, 255)
+test_key_rotate(realm, princ, 256)
+test_key_rotate(realm, princ, 257)
+realm.run([kadminl, 'modprinc', '-kvno', '32766', princ])
+test_key_rotate(realm, princ, 32767)
+test_key_rotate(realm, princ, 32768)
+test_key_rotate(realm, princ, 32769)
+realm.run([kadminl, 'modprinc', '-kvno', '65534', princ])
+test_key_rotate(realm, princ, 65535)
+test_key_rotate(realm, princ, 1)
+test_key_rotate(realm, princ, 2)
+
+mark('32-bit kvno')
+
+# Test that klist -k can read a keytab entry without a 32-bit kvno and
+# reports the 8-bit key version.
+record = b'\x00\x01'             # principal component count
+record += b'\x00\x0bKRBTEST.COM' # realm
+record += b'\x00\x04user'        # principal component
+record += b'\x00\x00\x00\x01'    # name type (NT-PRINCIPAL)
+record += b'\x54\xf7\x4d\x35'    # timestamp
+record += b'\x02'                # key version
+record += b'\x00\x12'            # enctype
+record += b'\x00\x20'            # key length
+record += b'\x00' * 32           # key bytes
+f = open(realm.keytab, 'wb')
+f.write(b'\x05\x02\x00\x00\x00' + bytes([len(record)]))
+f.write(record)
+f.close()
+msg = '   2 %s' % realm.user_princ
+out = realm.run([klist, '-k'], expected_msg=msg)
+
+# Make sure zero-fill isn't treated as a 32-bit kvno.
+f = open(realm.keytab, 'wb')
+f.write(b'\x05\x02\x00\x00\x00' + bytes([len(record) + 4]))
+f.write(record)
+f.write(b'\x00\x00\x00\x00')
+f.close()
+msg = '   2 %s' % realm.user_princ
+out = realm.run([klist, '-k'], expected_msg=msg)
+
+# Make sure a hand-crafted 32-bit kvno is recognized.
+f = open(realm.keytab, 'wb')
+f.write(b'\x05\x02\x00\x00\x00' + bytes([len(record) + 4]))
+f.write(record)
+f.write(b'\x00\x00\x00\x03')
+f.close()
+msg = '   3 %s' % realm.user_princ
+out = realm.run([klist, '-k'], expected_msg=msg)
+
+# Test parameter expansion in profile variables
+mark('parameter expansion')
+realm.stop()
+conf = {'libdefaults': {
+        'default_keytab_name': 'testdir/%{null}abc%{uid}',
+        'default_client_keytab_name': 'testdir/%{null}xyz%{uid}'}}
+realm = K5Realm(krb5_conf=conf, create_kdb=False)
+del realm.env['KRB5_KTNAME']
+del realm.env['KRB5_CLIENT_KTNAME']
+uidstr = str(os.getuid())
+msg = 'FILE:testdir/abc%s' % uidstr
+out = realm.run([klist, '-k'], expected_code=1, expected_msg=msg)
+msg = 'FILE:testdir/xyz%s' % uidstr
+out = realm.run([klist, '-ki'], expected_code=1, expected_msg=msg)
+
+conf = {'libdefaults': {'allow_weak_crypto': 'true'}}
+realm = K5Realm(create_user=False, create_host=False, krb5_conf=conf)
+
+realm.run([kadminl, 'ank', '-pw', 'pw', 'default'])
+realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', 'exp'])
+realm.run([kadminl, 'ank', '-e', 'aes256-cts:special', '-pw', 'pw', '+preauth',
+           'pexp'])
+
+# Extract one of the explicit salt values from the database.
+out = realm.run([kdb5_util, 'tabdump', 'keyinfo'])
+salt_dict = {f[0]: f[5] for f in [l.split('\t') for l in out.splitlines()]}
+exp_salt = bytes.fromhex(salt_dict['exp@KRBTEST.COM']).decode('ascii')
+
+# Create a keytab using ktutil addent with the specified options and
+# password "pw".  Test that we can use it to get initial tickets.
+# Remove the keytab afterwards.
+def test_addent(realm, princ, opts):
+    realm.run([ktutil], input=('addent -password -p %s -k 1 %s\npw\nwkt %s\n' %
+                               (princ, opts, realm.keytab)))
+    realm.kinit(princ, flags=['-k'])
+    os.remove(realm.keytab)
+
+mark('ktutil addent')
+
+# Test with default salt.
+test_addent(realm, 'default', '-e aes128-cts')
+test_addent(realm, 'default', '-e aes256-cts')
+
+# Test with a salt specified to ktutil addent.
+test_addent(realm, 'exp', '-e aes256-cts -s %s' % exp_salt)
+
+# Test etype-info fetching.
+test_addent(realm, 'default', '-f')
+test_addent(realm, 'default', '-f -e aes128-cts')
+test_addent(realm, 'exp', '-f')
+test_addent(realm, 'pexp', '-f')
+
+# Regression test for #8914: INT32_MIN length can cause backwards seek
+mark('invalid record length')
+f = open(realm.keytab, 'wb')
+f.write(b'\x05\x02\x80\x00\x00\x00')
+f.close()
+msg = 'Bad format in keytab while scanning keytab'
+realm.run([klist, '-k'], expected_code=1, expected_msg=msg)
+
+success('Keytab-related tests')
diff --git a/krb5-1.21.3/src/tests/t_kprop.py b/krb5-1.21.3/src/tests/t_kprop.py
new file mode 100755
index 00000000..4421a7c3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_kprop.py
@@ -0,0 +1,125 @@
+from k5test import *
+
+conf_replica = {'dbmodules': {'db': {'database_name': '$testdir/db.replica'}}}
+
+def setup_acl(realm):
+    acl_file = os.path.join(realm.testdir, 'kpropd-acl')
+    acl = open(acl_file, 'w')
+    acl.write(realm.host_princ + '\n')
+    acl.close()
+
+def check_output(kpropd):
+    output('*** kpropd output follows\n')
+    while True:
+        line = kpropd.stdout.readline()
+        if 'Database load process for full propagation completed' in line:
+            break
+        output('kpropd: ' + line)
+        if 'Rejected connection' in line:
+            fail('kpropd rejected connection from kprop')
+
+# kprop/kpropd are the only users of krb5_auth_con_initivector, so run
+# this test over all enctypes to exercise mkpriv cipher state.
+for realm in multipass_realms(create_user=False):
+    replica = realm.special_env('replica', True, kdc_conf=conf_replica)
+
+    # Set up the kpropd acl file.
+    setup_acl(realm)
+
+    # Create the replica db.
+    dumpfile = os.path.join(realm.testdir, 'dump')
+    realm.run([kdb5_util, 'dump', dumpfile])
+    realm.run([kdb5_util, 'load', dumpfile], replica)
+    realm.run([kdb5_util, 'stash', '-P', 'master'], replica)
+
+    # Make some changes to the primary db.
+    realm.addprinc('wakawaka')
+
+    # Start kpropd.
+    kpropd = realm.start_kpropd(replica, ['-d'])
+
+    realm.run([kdb5_util, 'dump', dumpfile])
+    realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
+    check_output(kpropd)
+
+    realm.run([kadminl, 'listprincs'], replica, expected_msg='wakawaka')
+
+# default_realm tests follow.
+# default_realm and domain_realm different than realm.realm (test -r argument).
+conf_rep2 = {'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}}
+krb5_conf_rep2 = {'libdefaults': {'default_realm': 'FOO'},
+                  'domain_realm': {hostname: 'FOO'}}
+# default_realm and domain_realm map differ.
+conf_rep3 = {'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}}
+krb5_conf_rep3 = {'domain_realm':  {hostname: 'BAR'}}
+
+realm = K5Realm(create_user=False)
+replica2 = realm.special_env('replica2', True, kdc_conf=conf_rep2,
+                             krb5_conf=krb5_conf_rep2)
+replica3 = realm.special_env('replica3', True, kdc_conf=conf_rep3,
+                             krb5_conf=krb5_conf_rep3)
+
+setup_acl(realm)
+
+# Create the replica db.
+dumpfile = os.path.join(realm.testdir, 'dump')
+realm.run([kdb5_util, 'dump', dumpfile])
+realm.run([kdb5_util, '-r', realm.realm, 'load', dumpfile], replica2)
+realm.run([kdb5_util, 'load', dumpfile], replica3)
+
+# Make some changes to the primary db.
+realm.addprinc('wakawaka')
+
+# Test override of default_realm with -r realm argument.
+kpropd = realm.start_kpropd(replica2, ['-r', realm.realm, '-d'])
+realm.run([kdb5_util, 'dump', dumpfile])
+realm.run([kprop, '-r', realm.realm, '-f', dumpfile, '-P',
+           str(realm.kprop_port()), hostname])
+check_output(kpropd)
+realm.run([kadminl, '-r', realm.realm, 'listprincs'], replica2,
+          expected_msg='wakawaka')
+
+stop_daemon(kpropd)
+
+# Test default_realm and domain_realm mismatch.
+kpropd = realm.start_kpropd(replica3, ['-d'])
+realm.run([kdb5_util, 'dump', dumpfile])
+realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
+check_output(kpropd)
+realm.run([kadminl, 'listprincs'], replica3, expected_msg='wakawaka')
+stop_daemon(kpropd)
+
+# This test is too resource-intensive to be included in "make check"
+# by default, but it can be enabled in the environment to test the
+# propagation of databases large enough to require a 12-byte encoding
+# of the database size.
+if 'KPROP_LARGE_DB_TEST' in os.environ:
+    output('Generating >4GB dumpfile\n')
+    with open(dumpfile, 'w') as f:
+        f.write('kdb5_util load_dump version 6\n')
+        f.write('princ\t38\t15\t3\t1\t0\tK/M@KRBTEST.COM\t64\t86400\t0\t0\t0'
+                '\t0\t0\t0\t8\t2\t0100\t9\t8\t0100010000000000\t2\t28'
+                '\tb93e105164625f6372656174696f6e404b5242544553542e434f4d00'
+                '\t1\t1\t18\t62\t2000408c027c250e8cc3b81476414f2214d57c1ce'
+                '38891e29792e87258247c73547df4d5756266931dd6686b62270e6568'
+                '95a31ec66bfe913b4f15226227\t-1;\n')
+        for i in range(1, 20000000):
+            f.write('princ\t38\t21\t1\t1\t0\tp%08d@KRBTEST.COM' % i)
+            f.write('\t0\t86400\t0\t0\t0\t0\t0\t0\t2\t27'
+                    '\td73e1051757365722f61646d696e404b5242544553542e434f4d00'
+                    '\t1\t1\t17\t46'
+                    '\t10009c8ab7b3f89ccf3ca3ad98352a461b7f4f1b0c49'
+                    '5605117591d9ad52ba4da0adef7a902126973ed2bdc3ffbf\t-1;\n')
+    assert os.path.getsize(dumpfile) > 4 * 1024 * 1024 * 1024
+    with open(dumpfile + '.dump_ok', 'w') as f:
+        f.write('\0')
+    conf_large = {'dbmodules': {'db': {'database_name': '$testdir/db.large'}},
+                  'realms': {'$realm': {'iprop_resync_timeout': '3600'}}}
+    large = realm.special_env('large', True, kdc_conf=conf_large)
+    kpropd = realm.start_kpropd(large, ['-d'])
+    realm.run([kprop, '-f', dumpfile, '-P', str(realm.kprop_port()), hostname])
+    check_output(kpropd)
+    realm.run([kadminl, 'getprinc', 'p19999999'], env=large,
+              expected_msg='Principal: p19999999')
+
+success('kprop tests')
diff --git a/krb5-1.21.3/src/tests/t_localauth.py b/krb5-1.21.3/src/tests/t_localauth.py
new file mode 100755
index 00000000..75b53a56
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_localauth.py
@@ -0,0 +1,154 @@
+from k5test import *
+
+# Unfortunately, we can't reliably test the k5login module.  We can control
+# the directory where k5login files are read, but we can't suppress the UID
+# validity check, which might fail in some filesystems for a .k5login file
+# we create.
+conf = {'plugins': {'localauth': { 'disable': 'k5login'}}}
+realm = K5Realm(create_kdb=False, krb5_conf=conf)
+
+def test_an2ln(env, aname, result, msg):
+    out = realm.run(['./localauth', aname], env=env)
+    if out != result + '\n':
+        fail(msg)
+
+def test_an2ln_err(env, aname, err, msg):
+    realm.run(['./localauth', aname], env=env, expected_code=1,
+              expected_msg=err)
+
+def test_userok(env, aname, lname, ok, msg):
+    out = realm.run(['./localauth', aname, lname], env=env)
+    if ((ok and out != 'yes\n') or
+        (not ok and out != 'no\n')):
+        fail(msg)
+
+# The default an2ln method works only in the default realm, and works
+# for a single-component principal or a two-component principal where
+# the second component is the default realm.
+mark('default')
+test_an2ln(None, 'user@KRBTEST.COM', 'user', 'default rule 1')
+test_an2ln(None, 'user/KRBTEST.COM@KRBTEST.COM', 'user', 'default rule 2')
+test_an2ln_err(None, 'user/KRBTEST.COM/x@KRBTEST.COM', 'No translation',
+               'default rule (3)')
+test_an2ln_err(None, 'user/X@KRBTEST.COM', 'No translation',
+               'default rule comp mismatch')
+test_an2ln_err(None, 'user@X', 'No translation', 'default rule realm mismatch')
+
+# auth_to_local_names matches ignore the realm but are case-sensitive.
+mark('auth_to_local_names')
+conf_names1 = {'realms': {'$realm': {'auth_to_local_names': {'user': 'abcd'}}}}
+names1 = realm.special_env('names1', False, conf_names1)
+test_an2ln(names1, 'user@KRBTEST.COM', 'abcd', 'auth_to_local_names match')
+test_an2ln(names1, 'user@X', 'abcd', 'auth_to_local_names out-of-realm match')
+test_an2ln(names1, 'x@KRBTEST.COM', 'x', 'auth_to_local_names mismatch')
+test_an2ln(names1, 'User@KRBTEST.COM', 'User', 'auth_to_local_names case')
+
+# auth_to_local_names values must be in the default realm's section.
+conf_names2 = {'realms': {'X': {'auth_to_local_names': {'user': 'abcd'}}}}
+names2 = realm.special_env('names2', False, conf_names2)
+test_an2ln_err(names2, 'user@X', 'No translation',
+               'auth_to_local_names section mismatch')
+
+# Return a realm environment containing an auth_to_local value (or list).
+def a2l_realm(name, values):
+    conf = {'realms': {'$realm': {'auth_to_local': values}}}
+    return realm.special_env(name, False, conf)
+
+# Test explicit use of default method.
+mark('explicit default')
+auth1 = a2l_realm('auth1', 'DEFAULT')
+test_an2ln(auth1, 'user@KRBTEST.COM', 'user', 'default rule')
+
+# Test some invalid auth_to_local values.
+mark('auth_to_local invalid')
+auth2 = a2l_realm('auth2', 'RULE')
+test_an2ln_err(auth2, 'user@X', 'Improper format', 'null rule')
+auth3 = a2l_realm('auth3', 'UNRECOGNIZED:stuff')
+test_an2ln_err(auth3, 'user@X', 'Improper format', 'null rule')
+
+# An empty rule has the default selection string (unparsed principal
+# without realm) and no match or substitutions.
+mark('rule (empty)')
+rule1 = a2l_realm('rule1', 'RULE:')
+test_an2ln(rule1, 'user@KRBTEST.COM', 'user', 'empty rule')
+test_an2ln(rule1, 'user@X', 'user', 'empty rule (foreign realm)')
+test_an2ln(rule1, 'a/b/c@X', 'a/b/c', 'empty rule (multi-component)')
+
+# Test explicit selection string.  Also test that the default method
+# is suppressed when auth_to_local values are present.
+mark('rule (selection string)')
+rule2 = a2l_realm('rule2', 'RULE:[2:$$0.$$2.$$1]')
+test_an2ln(rule2, 'aaron/burr@REALM', 'REALM.burr.aaron', 'selection string')
+test_an2ln_err(rule2, 'user@KRBTEST.COM', 'No translation', 'suppress default')
+
+# Test match string.
+mark('rule (match string)')
+rule3 = a2l_realm('rule3', 'RULE:(.*tail)')
+test_an2ln(rule3, 'withtail@X', 'withtail', 'rule match 1')
+test_an2ln(rule3, 'x/withtail@X', 'x/withtail', 'rule match 2')
+test_an2ln_err(rule3, 'tails@X', 'No translation', 'rule anchor mismatch')
+
+# Test substitutions.
+mark('rule (substitutions)')
+rule4 = a2l_realm('rule4', 'RULE:s/birds/bees/')
+test_an2ln(rule4, 'thebirdsbirdsbirds@X', 'thebeesbirdsbirds', 'subst 1')
+rule5 = a2l_realm('rule4', 'RULE:s/birds/bees/g  s/bees/birds/')
+test_an2ln(rule4, 'the/birdsbirdsbirds@x', 'the/birdsbeesbees', 'subst 2')
+
+# Test a bunch of auth_to_local values and rule features in combination.
+mark('rule (combo)')
+combo = a2l_realm('combo', ['RULE:[1:$$1-$$0](fred.*)s/-/ /g',
+                            'DEFAULT',
+                            'RULE:[3:$$1](z.*z)'])
+test_an2ln(combo, 'fred@X', 'fred X', 'combo 1')
+test_an2ln(combo, 'fred-too@X', 'fred too X', 'combo 2')
+test_an2ln(combo, 'fred@KRBTEST.COM', 'fred KRBTEST.COM', 'combo 3')
+test_an2ln(combo, 'user@KRBTEST.COM', 'user', 'combo 4')
+test_an2ln(combo, 'zazz/b/c@X', 'zazz', 'combo 5')
+test_an2ln_err(combo, 'a/b@KRBTEST.COM', 'No translation', 'combo 6')
+
+# Test the an2ln userok method with the combo environment.
+mark('userok (an2ln)')
+test_userok(combo, 'fred@X', 'fred X', True, 'combo userok 1')
+test_userok(combo, 'user@KRBTEST.COM', 'user', True, 'combo userok 2')
+test_userok(combo, 'user@KRBTEST.COM', 'X', False, 'combo userok 3')
+test_userok(combo, 'a/b@KRBTEST.COM', 'a/b', False, 'combo userok 4')
+
+mark('test modules')
+
+# Register the two test modules and set up some auth_to_local and
+# auth_to_local_names entries.
+modpath = os.path.join(buildtop, 'plugins', 'localauth', 'test',
+                       'localauth_test.so')
+conf = {'plugins': {'localauth': { 'module': [
+                'test1:' + modpath,
+                'test2:' + modpath]}},
+        'realms': {'$realm': {'auth_to_local': [
+                'RULE:(test/rulefirst)s/.*/rule/',
+                'TYPEA',
+                'DEFAULT',
+                'TYPEB:resid']},
+                   'auth_to_local_names': {'test/a/b': 'name'}}}
+mod = realm.special_env('mod', False, conf)
+
+# test1's untyped an2ln method should come before the names method, mapping
+# test/a/b@X to its realm name (superseding auth_to_local_names).
+test_an2ln(mod, 'test/a/b@X', 'X', 'mod untyped an2ln')
+
+# Match the auth_to_local values in order.  test2's TYPEA should map
+# test/notrule to its second component, and its TYPEB should map
+# anything which gets there to the residual string.
+test_an2ln(mod, 'test/rulefirst@X', 'rule', 'mod auth_to_local 1')
+test_an2ln(mod, 'test/notrule', 'notrule', 'mod auth_to_local 2')
+test_an2ln(mod, 'user@KRBTEST.COM', 'user', 'mod auth_to_local 3')
+test_an2ln(mod, 'xyz@X', 'resid', 'mod auth_to_local 4')
+
+# test2's userok module should succeed when the number of components
+# is equal to the length of the local name, should pass if the first
+# component is 'pass', and should reject otherwise.
+test_userok(mod, 'a/b/c/d@X', 'four', True, 'mod userok 1')
+test_userok(mod, 'x/y/z@X', 'four', False, 'mod userok 2')
+test_userok(mod, 'pass@KRBTEST.COM', 'pass', True, 'mod userok 3')
+test_userok(mod, 'user@KRBTEST.COM', 'user', False, 'mod userok 4')
+
+success('krb5_kuserok and krb5_aname_to_localname tests')
diff --git a/krb5-1.21.3/src/tests/t_mkey.py b/krb5-1.21.3/src/tests/t_mkey.py
new file mode 100755
index 00000000..32f4070b
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_mkey.py
@@ -0,0 +1,344 @@
+from k5test import *
+import random
+import re
+import struct
+
+# Convenience constants for use as expected enctypes.  defetype is the
+# default enctype for master keys.
+aes256 = 'aes256-cts-hmac-sha1-96'
+aes128 = 'aes128-cts-hmac-sha1-96'
+des3 = 'des3-cbc-sha1'
+defetype = aes256
+
+realm = K5Realm(create_host=False, start_kadmind=True)
+realm.prep_kadmin()
+stash_file = os.path.join(realm.testdir, 'stash')
+
+# Count the number of principals in the realm.
+nprincs = len(realm.run([kadminl, 'listprincs']).splitlines())
+
+# List the currently active mkeys and compare against expected
+# results.  Each argument must be a sequence of four elements: an
+# expected kvno, an expected enctype, whether the key is expected to
+# have an activation time, and whether the key is expected to be
+# currently active.
+list_mkeys_re = re.compile(r'^KVNO: (\d+), Enctype: (\S+), '
+                           r'(Active on: [^\*]+|No activate time set)( \*)?$')
+def check_mkey_list(*expected):
+    # Split the output of kdb5_util list_mkeys into lines and ignore the first.
+    outlines = realm.run([kdb5_util, 'list_mkeys']).splitlines()[1:]
+    if len(outlines) != len(expected):
+        fail('Unexpected number of list_mkeys output lines')
+    for line, ex in zip(outlines, expected):
+        m = list_mkeys_re.match(line)
+        if not m:
+            fail('Unrecognized list_mkeys output line')
+        kvno, enctype, act_time, active = m.groups()
+        exp_kvno, exp_enctype, exp_act_time_present, exp_active = ex
+        if kvno != str(exp_kvno):
+            fail('Unexpected master key version')
+        if enctype != exp_enctype:
+            fail('Unexpected master key enctype')
+        if act_time.startswith('Active on: ') != exp_act_time_present:
+            fail('Unexpected presence or absence of mkey activation time')
+        if (active == ' *') != exp_active:
+            fail('Master key unexpectedly active or inactive')
+
+
+# Get the K/M principal.  Verify that it has the expected mkvno.  Each
+# remaining argument must be a sequence of two elements: an expected
+# key version and an expected enctype.
+keyline_re = re.compile(r'^Key: vno (\d+), (\S+)$')
+def check_master_dbent(expected_mkvno, *expected_keys):
+    outlines = realm.run([kadminl, 'getprinc', 'K/M']).splitlines()
+    mkeyline = [l for l in outlines if l.startswith('MKey: vno ')]
+    if len(mkeyline) != 1 or mkeyline[0] != ('MKey: vno %d' % expected_mkvno):
+        fail('Unexpected mkvno in K/M DB entry')
+    keylines = [l for l in outlines if l.startswith('Key: vno ')]
+    if len(keylines) != len(expected_keys):
+        fail('Unexpected number of key lines in K/M DB entry')
+    for line, ex in zip(keylines, expected_keys):
+        m = keyline_re.match(line)
+        if not m:
+            fail('Unrecognized key line in K/M DB entry')
+        kvno, enctype = m.groups()
+        exp_kvno, exp_enctype = ex
+        if kvno != str(exp_kvno):
+            fail('Unexpected key version in K/M DB entry')
+        if enctype != exp_enctype:
+            fail('Unexpected enctype in K/M DB entry')
+
+
+# Check the stash file.  Each argument must be a sequence of two
+# elements: an expected key version and an expected enctype.
+klist_re = re.compile(r'^\s*(\d+) K/M@KRBTEST.COM \((\S+)\)')
+def check_stash(*expected):
+    # Split the output of klist -e -k into lines and ignore the first three.
+    outlines = realm.run([klist, '-e', '-k', stash_file]).splitlines()[3:]
+    if len(outlines) != len(expected):
+        fail('Unexpected number of lines in stash file klist')
+    for line, ex in zip(outlines, expected):
+        m = klist_re.match(line)
+        if not m:
+            fail('Unrecognized stash file klist line')
+        kvno, enctype = m.groups()
+        exp_kvno, exp_enctype = ex
+        if kvno != str(exp_kvno):
+            fail('Unexpected stash file klist kvno')
+        if enctype != exp_enctype:
+            fail('Unexpected stash file klist enctype')
+
+
+# Verify that the user principal has the expected mkvno.
+def check_mkvno(princ, expected_mkvno):
+    msg = 'MKey: vno %d\n' % expected_mkvno
+    realm.run([kadminl, 'getprinc', princ], expected_msg=msg)
+
+
+# Change the password using either kadmin.local or kadmin, then check
+# the mkvno of the principal against expected_mkvno and verify that
+# the running KDC can access the new key.
+def change_password_check_mkvno(local, princ, password, expected_mkvno):
+    cmd = ['cpw', '-pw', password, princ]
+    if local:
+        realm.run([kadminl] + cmd)
+    else:
+        realm.run_kadmin(cmd)
+    check_mkvno(princ, expected_mkvno)
+    realm.kinit(princ, password)
+
+
+# Add a master key with the specified options and a random password.
+def add_mkey(options):
+    pw = ''.join(random.choice(string.ascii_uppercase) for x in range(5))
+    realm.run([kdb5_util, 'add_mkey'] + options, input=(pw + '\n' + pw + '\n'))
+
+
+# Run kdb5_util update_princ_encryption (with the dry-run option if
+# specified) and verify the output against the expected mkvno, number
+# of updated principals, and number of already-current principals.
+mkvno_re = {False: re.compile(r'^Principals whose keys are being re-encrypted '
+                              r'to master key vno (\d+) if necessary:$'),
+            True: re.compile(r'^Principals whose keys WOULD BE re-encrypted '
+                             r'to master key vno (\d+):$')}
+count_re = {False: re.compile(r'^(\d+) principals processed: (\d+) updated, '
+                              r'(\d+) already current$'),
+            True: re.compile(r'^(\d+) principals processed: (\d+) would be '
+                             r'updated, (\d+) already current$')}
+def update_princ_encryption(dry_run, expected_mkvno, expected_updated,
+                            expected_current):
+    opts = ['-f', '-v']
+    if dry_run:
+        opts += ['-n']
+    out = realm.run([kdb5_util, 'update_princ_encryption'] + opts)
+    lines = out.splitlines()
+    # Parse the first line to get the target mkvno.
+    m = mkvno_re[dry_run].match(lines[0])
+    if not m:
+        fail('Unexpected first line of update_princ_encryption output')
+    if m.group(1) != str(expected_mkvno):
+        fail('Unexpected master key version in update_princ_encryption output')
+    # Parse the last line to get the principal counts.
+    m = count_re[dry_run].match(lines[-1])
+    if not m:
+        fail('Unexpected last line of update_princ_encryption output')
+    total, updated, current = m.groups()
+    if (total != str(expected_updated + expected_current) or
+        updated != str(expected_updated) or current != str(expected_current)):
+        fail('Unexpected counts from update_princ_encryption')
+
+
+# Check the initial state of the realm.
+mark('initial state')
+check_mkey_list((1, defetype, True, True))
+check_master_dbent(1, (1, defetype))
+check_stash((1, defetype))
+check_mkvno(realm.user_princ, 1)
+
+# Check that stash will fail if a temp stash file is already present.
+mark('temp stash collision')
+collisionfile = os.path.join(realm.testdir, 'stash_tmp')
+f = open(collisionfile, 'w')
+f.close()
+realm.run([kdb5_util, 'stash'], expected_code=1,
+          expected_msg='Temporary stash file already exists')
+os.unlink(collisionfile)
+
+# Add a new master key with no options.  Verify that:
+# 1. The new key appears in list_mkeys but has no activation time and
+#    is not active.
+# 2. The new key appears in the K/M DB entry and is the current key to
+#    encrypt that entry.
+# 3. The stash file is not modified (since we did not pass -s).
+# 4. The old key is used for password changes.
+mark('add_mkey (second master key)')
+add_mkey([])
+check_mkey_list((2, defetype, False, False), (1, defetype, True, True))
+check_master_dbent(2, (2, defetype), (1, defetype))
+change_password_check_mkvno(True, realm.user_princ, 'abcd', 1)
+change_password_check_mkvno(False, realm.user_princ, 'user', 1)
+
+# Verify that use_mkey won't make all master keys inactive.
+mark('use_mkey (no active keys)')
+realm.run([kdb5_util, 'use_mkey', '1', 'now+1day'], expected_code=1,
+          expected_msg='there must be one master key currently active')
+check_mkey_list((2, defetype, False, False), (1, defetype, True, True))
+
+# Make the new master key active.  Verify that:
+# 1. The new key has an activation time in list_mkeys and is active.
+# 2. The new key is used for password changes.
+# 3. The running KDC can access the new key.
+mark('use_mkey')
+realm.run([kdb5_util, 'use_mkey', '2', 'now-1day'])
+check_mkey_list((2, defetype, True, True), (1, defetype, True, False))
+change_password_check_mkvno(True, realm.user_princ, 'abcd', 2)
+change_password_check_mkvno(False, realm.user_princ, 'user', 2)
+
+# Check purge_mkeys behavior with both master keys still in use.
+mark('purge_mkeys (nothing to purge)')
+realm.run([kdb5_util, 'purge_mkeys', '-f', '-v'],
+          expected_msg='All keys in use, nothing purged.')
+
+# Do an update_princ_encryption dry run and for real.  Verify that:
+# 1. The target master key is 2 (the active mkvno).
+# 2. nprincs - 2 principals were updated and one principal was
+#    skipped (K/M is not included in the output and user was updated
+#    above).
+# 3. The dry run doesn't change user/admin's mkvno but the real update
+#    does.
+# 4. The old stashed master key is sufficient to access the DB (via
+#    MKEY_AUX tl-data which keeps the current master key encrypted in
+#    each of the old master keys).
+mark('update_princ_encryption')
+update_princ_encryption(True, 2, nprincs - 2, 1)
+check_mkvno(realm.admin_princ, 1)
+update_princ_encryption(False, 2, nprincs - 2, 1)
+check_mkvno(realm.admin_princ, 2)
+realm.stop_kdc()
+realm.start_kdc()
+realm.kinit(realm.user_princ, 'user')
+
+# Update all principals back to mkvno 1 and to mkvno 2 again, to
+# verify that update_princ_encryption targets the active master key.
+mark('update_princ_encryption (back and forth)')
+realm.run([kdb5_util, 'use_mkey', '2', 'now+1day'])
+update_princ_encryption(False, 1, nprincs - 1, 0)
+check_mkvno(realm.user_princ, 1)
+realm.run([kdb5_util, 'use_mkey', '2', 'now-1day'])
+update_princ_encryption(False, 2, nprincs - 1, 0)
+check_mkvno(realm.user_princ, 2)
+
+# Test the safety check for purging with an outdated stash file.
+mark('purge_mkeys (outdated stash file)')
+realm.run([kdb5_util, 'purge_mkeys', '-f'], expected_code=1,
+          expected_msg='stash file needs updating')
+
+# Update the master stash file and check it.  Save a copy of the old
+# one for a later test.
+mark('update stash file')
+shutil.copy(stash_file, stash_file + '.old')
+realm.run([kdb5_util, 'stash'])
+check_stash((2, defetype), (1, defetype))
+
+# Do a purge_mkeys dry run and for real.  Verify that:
+# 1. Master key 1 is purged.
+# 2. The dry run doesn't remove mkvno 1 but the real one does.
+# 3. The old stash file is no longer sufficient to access the DB.
+# 4. If the stash file is updated, it no longer contains mkvno 1.
+# 5. use_mkey now gives an error if we refer to mkvno 1.
+# 6. A second purge_mkeys gives the right message.
+mark('purge_mkeys')
+out = realm.run([kdb5_util, 'purge_mkeys', '-v', '-n', '-f'])
+if 'KVNO: 1' not in out or '1 key(s) would be purged' not in out:
+    fail('Unexpected output from purge_mkeys dry-run')
+check_mkey_list((2, defetype, True, True), (1, defetype, True, False))
+check_master_dbent(2, (2, defetype), (1, defetype))
+out = realm.run([kdb5_util, 'purge_mkeys', '-v', '-f'])
+check_mkey_list((2, defetype, True, True))
+check_master_dbent(2, (2, defetype))
+os.rename(stash_file, stash_file + '.save')
+os.rename(stash_file + '.old', stash_file)
+realm.run([kadminl, 'getprinc', 'user'], expected_code=1,
+          expected_msg='Unable to decrypt latest master key')
+os.rename(stash_file + '.save', stash_file)
+realm.run([kdb5_util, 'stash'])
+check_stash((2, defetype))
+realm.run([kdb5_util, 'use_mkey', '1'], expected_code=1,
+          expected_msg='1 is an invalid KVNO value')
+realm.run([kdb5_util, 'purge_mkeys', '-f', '-v'],
+          expected_msg='There is only one master key which can not be purged.')
+
+# Add a third master key with a specified enctype.  Verify that:
+# 1. The new master key receives the correct number.
+# 2. The enctype argument is respected.
+# 3. The new master key is stashed (by itself, at the moment).
+# 4. We can roll over to the new master key and use it.
+mark('add_mkey and update_princ_encryption (third master key)')
+add_mkey(['-s', '-e', aes128])
+check_mkey_list((3, aes128, False, False), (2, defetype, True, True))
+check_master_dbent(3, (3, aes128), (2, defetype))
+check_stash((3, aes128))
+realm.run([kdb5_util, 'use_mkey', '3', 'now-1day'])
+update_princ_encryption(False, 3, nprincs - 1, 0)
+check_mkey_list((3, aes128, True, True), (2, defetype, True, False))
+check_mkvno(realm.user_princ, 3)
+
+# Regression test for #7994 (randkey does not update principal mkvno)
+# and #7995 (-keepold does not re-encrypt old keys).
+mark('#7994 and #7995 regression test')
+add_mkey(['-s'])
+realm.run([kdb5_util, 'use_mkey', '4', 'now-1day'])
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', realm.user_princ])
+# With #7994 unfixed, mkvno of user will still be 3.
+check_mkvno(realm.user_princ, 4)
+# With #7995 unfixed, old keys are still encrypted with mkvno 3.
+update_princ_encryption(False, 4, nprincs - 2, 1)
+realm.run([kdb5_util, 'purge_mkeys', '-f'])
+out = realm.run([kadminl, 'xst', '-norandkey', realm.user_princ])
+if 'Decrypt integrity check failed' in out or 'added to keytab' not in out:
+    fail('Preserved old key data not updated to new master key')
+
+realm.stop()
+
+# Load a dump file created with krb5 1.6, before the master key
+# rollover changes were introduced.  Write out an old-format stash
+# file consistent with the dump's master password ("footes").  The K/M
+# entry in this database will not have actkvno tl-data because it was
+# created prior to master key rollover support.  Verify that:
+# 1. We can access the database using the old-format stash file.
+# 2. list_mkeys displays the same list as for a post-1.7 KDB.
+mark('pre-1.7 stash file')
+dumpfile = os.path.join(srctop, 'tests', 'dumpfiles', 'dump.16')
+os.remove(stash_file)
+f = open(stash_file, 'wb')
+f.write(struct.pack('=HL24s', 16, 24,
+                    b'\xF8\x3E\xFB\xBA\x6D\x80\xD9\x54\xE5\x5D\xF2\xE0'
+                    b'\x94\xAD\x6D\x86\xB5\x16\x37\xEC\x7C\x8A\xBC\x86'))
+f.close()
+realm.run([kdb5_util, 'load', dumpfile])
+nprincs = len(realm.run([kadminl, 'listprincs']).splitlines())
+check_mkvno('K/M', 1)
+check_mkey_list((1, des3, True, True))
+
+# Create a new master key and verify that, without actkvkno tl-data:
+# 1. list_mkeys displays the same as for a post-1.7 KDB.
+# 2. update_princ_encryption still targets mkvno 1.
+# 3. libkadm5 still uses mkvno 1 for key changes.
+# 4. use_mkey creates the same list as for a post-1.7 KDB.
+mark('rollover from pre-1.7 KDB')
+add_mkey([])
+check_mkey_list((2, defetype, False, False), (1, des3, True, True))
+update_princ_encryption(False, 1, 0, nprincs - 1)
+realm.run([kadminl, 'addprinc', '-randkey', realm.user_princ])
+check_mkvno(realm.user_princ, 1)
+realm.run([kdb5_util, 'use_mkey', '2', 'now-1day'])
+check_mkey_list((2, defetype, True, True), (1, des3, True, False))
+
+# Regression test for #8395.  Purge the master key and verify that a
+# master key fetch does not segfault.
+mark('#8395 regression test')
+realm.run([kadminl, 'purgekeys', '-all', 'K/M'])
+realm.run([kadminl, 'getprinc', realm.user_princ], expected_code=1,
+          expected_msg='Cannot find master key record in database')
+
+success('Master key rollover tests')
diff --git a/krb5-1.21.3/src/tests/t_otp.py b/krb5-1.21.3/src/tests/t_otp.py
new file mode 100755
index 00000000..c3b820a4
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_otp.py
@@ -0,0 +1,272 @@
+# Author: Nathaniel McCallum <npmccallum@redhat.com>
+#
+# Copyright (c) 2013 Red Hat, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+#
+# This script tests OTP, both UDP and Unix Sockets, with a variety of
+# configuration. It requires pyrad to run, but exits gracefully if not found.
+# It also deliberately shuts down the test daemons between tests in order to
+# test how OTP handles the case of short daemon restarts.
+#
+
+from k5test import *
+from queue import Empty
+import io
+import struct
+
+try:
+    from pyrad import packet, dictionary
+except ImportError:
+    skip_rest('OTP tests', 'Python pyrad module not found')
+try:
+    from multiprocessing import Process, Queue
+except ImportError:
+    skip_rest('OTP tests', 'Python version 2.6 required')
+
+# We could use a dictionary file, but since we need so few attributes,
+# we'll just include them here.
+radius_attributes = '''
+ATTRIBUTE    User-Name    1    string
+ATTRIBUTE    User-Password   2    octets
+ATTRIBUTE    Service-Type    6    integer
+ATTRIBUTE    NAS-Identifier  32    string
+'''
+
+class RadiusDaemon(Process):
+    MAX_PACKET_SIZE = 4096
+    DICTIONARY = dictionary.Dictionary(io.StringIO(radius_attributes))
+
+    def listen(self, addr):
+        raise NotImplementedError()
+
+    def recvRequest(self, data):
+        raise NotImplementedError()
+
+    def run(self):
+        addr = self._args[0]
+        secrfile = self._args[1]
+        pswd = self._args[2]
+        outq = self._args[3]
+
+        if secrfile:
+            with open(secrfile, 'rb') as file:
+                secr = file.read().strip()
+        else:
+            secr = b''
+
+        data = self.listen(addr)
+        outq.put("started")
+        (buf, sock, addr) = self.recvRequest(data)
+        pkt = packet.AuthPacket(secret=secr,
+                                dict=RadiusDaemon.DICTIONARY,
+                                packet=buf)
+
+        usernm = []
+        passwd = []
+        for key in pkt.keys():
+            if key == 'User-Password':
+                passwd = list(map(pkt.PwDecrypt, pkt[key]))
+            elif key == 'User-Name':
+                usernm = pkt[key]
+
+        reply = pkt.CreateReply()
+        replyq = {'user': usernm, 'pass': passwd}
+        if passwd == [pswd]:
+            reply.code = packet.AccessAccept
+            replyq['reply'] = True
+        else:
+            reply.code = packet.AccessReject
+            replyq['reply'] = False
+
+        outq.put(replyq)
+        if addr is None:
+            sock.send(reply.ReplyPacket())
+        else:
+            sock.sendto(reply.ReplyPacket(), addr)
+        sock.close()
+
+class UDPRadiusDaemon(RadiusDaemon):
+    def listen(self, addr):
+        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        sock.bind((addr.split(':')[0], int(addr.split(':')[1])))
+        return sock
+
+    def recvRequest(self, sock):
+        (buf, addr) = sock.recvfrom(RadiusDaemon.MAX_PACKET_SIZE)
+        return (buf, sock, addr)
+
+class UnixRadiusDaemon(RadiusDaemon):
+    def listen(self, addr):
+        sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+        if os.path.exists(addr):
+            os.remove(addr)
+        sock.bind(addr)
+        sock.listen(1)
+        return (sock, addr)
+
+    def recvRequest(self, sock_and_addr):
+        sock, addr = sock_and_addr
+        conn = sock.accept()[0]
+        sock.close()
+        os.remove(addr)
+
+        buf = b''
+        remain = RadiusDaemon.MAX_PACKET_SIZE
+        while True:
+            buf += conn.recv(remain)
+            remain = RadiusDaemon.MAX_PACKET_SIZE - len(buf)
+            if (len(buf) >= 4):
+                remain = struct.unpack("!BBH", buf[0:4])[2] - len(buf)
+                if (remain <= 0):
+                    return (buf, conn, None)
+
+def verify(daemon, queue, reply, usernm, passwd):
+    try:
+        data = queue.get(timeout=1)
+    except Empty:
+        sys.stderr.write("ERROR: Packet not received by daemon!\n")
+        daemon.terminate()
+        sys.exit(1)
+    assert data['reply'] is reply
+    assert data['user'] == [usernm]
+    assert data['pass'] == [passwd]
+    daemon.join()
+
+# Compose a single token configuration.
+def otpconfig_1(toktype, username=None, indicators=None):
+    val = '{"type": "%s"' % toktype
+    if username is not None:
+        val += ', "username": "%s"' % username
+    if indicators is not None:
+        qind = ['"%s"' % s for s in indicators]
+        jsonlist = '[' + ', '.join(qind) + ']'
+        val += ', "indicators":' + jsonlist
+    val += '}'
+    return val
+
+# Compose a token configuration list suitable for the "otp" string
+# attribute.
+def otpconfig(toktype, username=None, indicators=None):
+    return '[' + otpconfig_1(toktype, username, indicators) + ']'
+
+prefix = "/tmp/%d" % os.getpid()
+secret_file = prefix + ".secret"
+socket_file = prefix + ".socket"
+with open(secret_file, "w") as file:
+    file.write("otptest")
+atexit.register(lambda: os.remove(secret_file))
+
+conf = {'plugins': {'kdcpreauth': {'enable_only': 'otp'}},
+        'otp': {'udp': {'server': '127.0.0.1:$port9',
+                        'secret': secret_file,
+                        'strip_realm': 'true',
+                        'indicator': ['indotp1', 'indotp2']},
+                'unix': {'server': socket_file,
+                         'strip_realm': 'false'}}}
+
+queue = Queue()
+
+realm = K5Realm(kdc_conf=conf)
+realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])
+flags = ['-T', realm.ccache]
+server_addr = '127.0.0.1:' + str(realm.portbase + 9)
+
+## Test UDP fail / custom username
+mark('UDP fail / custom username')
+daemon = UDPRadiusDaemon(args=(server_addr, secret_file, 'accept', queue))
+daemon.start()
+queue.get()
+realm.run([kadminl, 'setstr', realm.user_princ, 'otp',
+           otpconfig('udp', 'custom')])
+realm.kinit(realm.user_princ, 'reject', flags=flags, expected_code=1)
+verify(daemon, queue, False, 'custom', 'reject')
+
+## Test UDP success / standard username
+mark('UDP success / standard username')
+daemon = UDPRadiusDaemon(args=(server_addr, secret_file, 'accept', queue))
+daemon.start()
+queue.get()
+realm.run([kadminl, 'setstr', realm.user_princ, 'otp', otpconfig('udp')])
+realm.kinit(realm.user_princ, 'accept', flags=flags)
+verify(daemon, queue, True, realm.user_princ.split('@')[0], 'accept')
+realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
+realm.run(['./adata', realm.krbtgt_princ],
+          expected_msg='+97: [indotp1, indotp2]')
+
+# Repeat with an indicators override in the string attribute.
+mark('auth indicator override')
+daemon = UDPRadiusDaemon(args=(server_addr, secret_file, 'accept', queue))
+daemon.start()
+queue.get()
+oconf = otpconfig('udp', indicators=['indtok1', 'indtok2'])
+realm.run([kadminl, 'setstr', realm.user_princ, 'otp', oconf])
+realm.kinit(realm.user_princ, 'accept', flags=flags)
+verify(daemon, queue, True, realm.user_princ.split('@')[0], 'accept')
+realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
+realm.run(['./adata', realm.krbtgt_princ],
+          expected_msg='+97: [indtok1, indtok2]')
+
+# Detect upstream pyrad bug
+#   https://github.com/wichert/pyrad/pull/18
+try:
+    auth = packet.Packet.CreateAuthenticator()
+    packet.Packet(authenticator=auth, secret=b'').ReplyPacket()
+except AssertionError:
+    skip_rest('OTP UNIX domain socket tests', 'pyrad assertion bug detected')
+
+## Test Unix fail / custom username
+mark('Unix socket fail / custom username')
+daemon = UnixRadiusDaemon(args=(socket_file, None, 'accept', queue))
+daemon.start()
+queue.get()
+realm.run([kadminl, 'setstr', realm.user_princ, 'otp',
+           otpconfig('unix', 'custom')])
+realm.kinit(realm.user_princ, 'reject', flags=flags, expected_code=1)
+verify(daemon, queue, False, 'custom', 'reject')
+
+## Test Unix success / standard username
+mark('Unix socket success / standard username')
+daemon = UnixRadiusDaemon(args=(socket_file, None, 'accept', queue))
+daemon.start()
+queue.get()
+realm.run([kadminl, 'setstr', realm.user_princ, 'otp', otpconfig('unix')])
+realm.kinit(realm.user_princ, 'accept', flags=flags)
+verify(daemon, queue, True, realm.user_princ, 'accept')
+
+## Regression test for #8708: test with the standard username and two
+## tokens configured, with the first rejecting and the second
+## accepting.  With the bug, the KDC incorrectly rejects the request
+## and then performs invalid memory accesses, most likely crashing.
+queue2 = Queue()
+daemon1 = UDPRadiusDaemon(args=(server_addr, secret_file, 'accept1', queue))
+daemon2 = UnixRadiusDaemon(args=(socket_file, None, 'accept2', queue2))
+daemon1.start()
+queue.get()
+daemon2.start()
+queue2.get()
+oconf = '[' + otpconfig_1('udp') + ', ' + otpconfig_1('unix') + ']'
+realm.run([kadminl, 'setstr', realm.user_princ, 'otp', oconf])
+realm.kinit(realm.user_princ, 'accept2', flags=flags)
+verify(daemon1, queue, False, realm.user_princ.split('@')[0], 'accept2')
+verify(daemon2, queue2, True, realm.user_princ, 'accept2')
+
+success('OTP tests')
diff --git a/krb5-1.21.3/src/tests/t_pkinit.py b/krb5-1.21.3/src/tests/t_pkinit.py
new file mode 100755
index 00000000..ec2356ea
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_pkinit.py
@@ -0,0 +1,438 @@
+from k5test import *
+
+# Skip this test if pkinit wasn't built.
+if not pkinit_enabled:
+    skip_rest('PKINIT tests', 'PKINIT module not built')
+
+soft_pkcs11 = os.path.join(buildtop, 'tests', 'softpkcs11', 'softpkcs11.so')
+
+# Construct a krb5.conf fragment configuring pkinit.
+user_pem = os.path.join(pkinit_certs, 'user.pem')
+privkey_pem = os.path.join(pkinit_certs, 'privkey.pem')
+privkey_enc_pem = os.path.join(pkinit_certs, 'privkey-enc.pem')
+user_p12 = os.path.join(pkinit_certs, 'user.p12')
+user_enc_p12 = os.path.join(pkinit_certs, 'user-enc.p12')
+user_upn_p12 = os.path.join(pkinit_certs, 'user-upn.p12')
+user_upn2_p12 = os.path.join(pkinit_certs, 'user-upn2.p12')
+user_upn3_p12 = os.path.join(pkinit_certs, 'user-upn3.p12')
+generic_p12 = os.path.join(pkinit_certs, 'generic.p12')
+path = os.path.join(os.getcwd(), 'testdir', 'tmp-pkinit-certs')
+path_enc = os.path.join(os.getcwd(), 'testdir', 'tmp-pkinit-certs-enc')
+
+pkinit_kdc_conf = {'realms': {'$realm': {
+            'default_principal_flags': '+preauth',
+            'pkinit_eku_checking': 'none',
+            'pkinit_indicator': ['indpkinit1', 'indpkinit2']}}}
+restrictive_kdc_conf = {'realms': {'$realm': {
+            'restrict_anonymous_to_tgt': 'true' }}}
+freshness_kdc_conf = {'realms': {'$realm': {
+            'pkinit_require_freshness': 'true'}}}
+
+testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
+              'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+              'user2': {'keys': 'aes128-cts', 'flags': '+preauth'}}
+alias_kdc_conf = {'realms': {'$realm': {
+            'default_principal_flags': '+preauth',
+            'pkinit_eku_checking': 'none',
+            'pkinit_allow_upn': 'true',
+            'database_module': 'test'}},
+                  'dbmodules': {'test': {
+                      'db_library': 'test',
+                      'alias': {'user@krbtest.com': 'user'},
+                      'princs': testprincs}}}
+
+file_identity = 'FILE:%s,%s' % (user_pem, privkey_pem)
+file_enc_identity = 'FILE:%s,%s' % (user_pem, privkey_enc_pem)
+dir_identity = 'DIR:%s' % path
+dir_enc_identity = 'DIR:%s' % path_enc
+dir_file_identity = 'FILE:%s,%s' % (os.path.join(path, 'user.crt'),
+                                    os.path.join(path, 'user.key'))
+dir_file_enc_identity = 'FILE:%s,%s' % (os.path.join(path_enc, 'user.crt'),
+                                        os.path.join(path_enc, 'user.key'))
+p12_identity = 'PKCS12:%s' % user_p12
+p12_upn_identity = 'PKCS12:%s' % user_upn_p12
+p12_upn2_identity = 'PKCS12:%s' % user_upn2_p12
+p12_upn3_identity = 'PKCS12:%s' % user_upn3_p12
+p12_generic_identity = 'PKCS12:%s' % generic_p12
+p12_enc_identity = 'PKCS12:%s' % user_enc_p12
+p11_identity = 'PKCS11:' + soft_pkcs11
+p11_token_identity = ('PKCS11:module_name=' + soft_pkcs11 +
+                      ':slotid=1:token=SoftToken (token)')
+
+# Start a realm with the test kdb module for the following UPN SAN tests.
+realm = K5Realm(kdc_conf=alias_kdc_conf, create_kdb=False, pkinit=True)
+realm.start_kdc()
+
+mark('UPN SANs')
+
+# Compatibility check: cert contains UPN "user", which matches the
+# request principal user@KRBTEST.COM if parsed as a normal principal.
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_upn2_identity])
+
+# Compatibility check: cert contains UPN "user@KRBTEST.COM", which matches
+# the request principal user@KRBTEST.COM if parsed as a normal principal.
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_upn3_identity])
+
+# Cert contains UPN "user@krbtest.com" which is aliased to the request
+# principal.
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_upn_identity])
+
+# Test an id-pkinit-san match to a post-canonical principal.
+realm.kinit('user@krbtest.com',
+            flags=['-E', '-X', 'X509_user_identity=%s' % p12_identity])
+
+# Test a UPN match to a post-canonical principal.  (This only works
+# for the cert with the UPN containing just "user", as we don't allow
+# UPN reparsing when comparing to the canonicalized client principal.)
+realm.kinit('user@krbtest.com',
+            flags=['-E', '-X', 'X509_user_identity=%s' % p12_upn2_identity])
+
+# Test a mismatch.
+msg = 'kinit: Client name mismatch while getting initial credentials'
+realm.run([kinit, '-X', 'X509_user_identity=%s' % p12_upn2_identity, 'user2'],
+          expected_code=1, expected_msg=msg)
+realm.stop()
+
+realm = K5Realm(kdc_conf=pkinit_kdc_conf, get_creds=False, pkinit=True)
+
+# Sanity check - password-based preauth should still work.
+mark('password preauth sanity check')
+realm.run(['./responder', '-r', 'password=%s' % password('user'),
+           realm.user_princ])
+realm.kinit(realm.user_princ, password=password('user'))
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# Having tested password preauth, remove the keys for better error
+# reporting.
+realm.run([kadminl, 'purgekeys', '-all', realm.user_princ])
+
+# Test anonymous PKINIT.
+mark('anonymous')
+realm.kinit('@%s' % realm.realm, flags=['-n'], expected_code=1,
+            expected_msg='not found in Kerberos database')
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
+realm.run([kvno, realm.host_princ])
+out = realm.run(['./adata', realm.host_princ])
+if '97:' in out:
+    fail('auth indicators seen in anonymous PKINIT ticket')
+# Verify start_realm setting and test referrals TGS request.
+realm.run([klist, '-C'], expected_msg='start_realm = KRBTEST.COM')
+realm.run([kvno, '-S', 'host', hostname])
+
+# Test anonymous kadmin.
+mark('anonymous kadmin')
+f = open(os.path.join(realm.testdir, 'acl'), 'a')
+f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *')
+f.close()
+realm.start_kadmind()
+realm.run([kadmin, '-n', 'addprinc', '-pw', 'test', 'testadd'])
+realm.run([kadmin, '-n', 'getprinc', 'testadd'], expected_code=1,
+          expected_msg="Operation requires ``get'' privilege")
+realm.stop_kadmind()
+
+# Test with anonymous restricted; FAST should work but kvno should fail.
+mark('anonymous restricted')
+r_env = realm.special_env('restrict', True, kdc_conf=restrictive_kdc_conf)
+realm.stop_kdc()
+realm.start_kdc(env=r_env)
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
+realm.run([kvno, realm.host_princ], expected_code=1,
+          expected_msg='KDC policy rejects request')
+
+# Regression test for #8458: S4U2Self requests crash the KDC if
+# anonymous is restricted.
+mark('#8458 regression test')
+realm.kinit(realm.host_princ, flags=['-k'])
+realm.run([kvno, '-U', 'user', realm.host_princ])
+
+# Go back to the normal KDC environment.
+realm.stop_kdc()
+realm.start_kdc()
+
+# Run the basic test - PKINIT with FILE: identity, with no password on the key.
+mark('FILE identity, no password')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'PKINIT client received freshness token from KDC',
+        'PKINIT loading CA certs and CRLs from FILE',
+        'PKINIT client making DH request',
+        ' preauth for next request: PA-FX-COOKIE (133), PA-PK-AS-REQ (16)',
+        'PKINIT client verified DH reply',
+        'PKINIT client found id-pkinit-san in KDC cert',
+        'PKINIT client matched KDC principal krbtgt/')
+realm.pkinit(realm.user_princ, expected_trace=msgs)
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# Try using multiple configured pkinit_identities, to make sure we
+# fall back to the second one when the first one cannot be read.
+id_conf = {'realms': {'$realm': {'pkinit_identities': [file_identity + 'X',
+                                                       file_identity]}}}
+id_env = realm.special_env('idconf', False, krb5_conf=id_conf)
+realm.kinit(realm.user_princ, expected_trace=msgs, env=id_env)
+
+# Try again using RSA instead of DH.
+mark('FILE identity, no password, RSA')
+realm.pkinit(realm.user_princ, flags=['-X', 'flag_RSA_PROTOCOL=yes'],
+             expected_trace=('PKINIT client making RSA request',
+                             'PKINIT client verified RSA reply'))
+realm.klist(realm.user_princ)
+
+# Test a DH parameter renegotiation by temporarily setting a 4096-bit
+# minimum on the KDC.  (Preauth type 16 is PKINIT PA_PK_AS_REQ;
+# 109 is PKINIT TD_DH_PARAMETERS; 133 is FAST PA-FX-COOKIE.)
+mark('DH parameter renegotiation')
+minbits_kdc_conf = {'realms': {'$realm': {'pkinit_dh_min_bits': '4096'}}}
+minbits_env = realm.special_env('restrict', True, kdc_conf=minbits_kdc_conf)
+realm.stop_kdc()
+realm.start_kdc(env=minbits_env)
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Preauth module pkinit (16) (real) returned: 0/Success',
+        ' preauth for next request: PA-FX-COOKIE (133), PA-PK-AS-REQ (16)',
+        '/Key parameters not accepted',
+        'Preauth tryagain input types (16): 109, PA-FX-COOKIE (133)',
+        'trying again with KDC-provided parameters',
+        'Preauth module pkinit (16) tryagain returned: 0/Success',
+        ' preauth for next request: PA-PK-AS-REQ (16), PA-FX-COOKIE (133)')
+realm.pkinit(realm.user_princ, expected_trace=msgs)
+
+# Test enforcement of required freshness tokens.  (We can leave
+# freshness tokens required after this test.)
+mark('freshness token enforcement')
+realm.pkinit(realm.user_princ, flags=['-X', 'disable_freshness=yes'])
+f_env = realm.special_env('freshness', True, kdc_conf=freshness_kdc_conf)
+realm.stop_kdc()
+realm.start_kdc(env=f_env)
+realm.pkinit(realm.user_princ)
+realm.pkinit(realm.user_princ, flags=['-X', 'disable_freshness=yes'],
+             expected_code=1, expected_msg='Preauthentication failed')
+# Anonymous should never require a freshness token.
+realm.kinit('@%s' % realm.realm, flags=['-n', '-X', 'disable_freshness=yes'])
+
+# Run the basic test - PKINIT with FILE: identity, with a password on the key,
+# supplied by the prompter.
+# Expect failure if the responder does nothing, and we have no prompter.
+mark('FILE identity, password on key (prompter)')
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity,
+          '-X', 'X509_user_identity=%s' % file_enc_identity, realm.user_princ],
+          expected_code=2)
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % file_enc_identity],
+            password='encrypted')
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+realm.run(['./adata', realm.host_princ],
+          expected_msg='+97: [indpkinit1, indpkinit2]')
+
+# Run the basic test - PKINIT with FILE: identity, with a password on the key,
+# supplied by the responder.
+# Supply the response in raw form.
+mark('FILE identity, password on key (responder)')
+out = realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % file_enc_identity,
+                 '-r', 'pkinit={"%s": "encrypted"}' % file_enc_identity,
+                 '-X', 'X509_user_identity=%s' % file_enc_identity,
+                 realm.user_princ])
+# Regression test for #8885 (password question asked twice).
+if out.count('OK: ') != 1:
+    fail('Wrong number of responder calls')
+# Supply the response through the convenience API.
+realm.run(['./responder', '-X', 'X509_user_identity=%s' % file_enc_identity,
+           '-p', '%s=%s' % (file_enc_identity, 'encrypted'), realm.user_princ])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with DIR: identity, with no password on the key.
+mark('DIR identity, no password')
+os.mkdir(path)
+os.mkdir(path_enc)
+shutil.copy(privkey_pem, os.path.join(path, 'user.key'))
+shutil.copy(privkey_enc_pem, os.path.join(path_enc, 'user.key'))
+shutil.copy(user_pem, os.path.join(path, 'user.crt'))
+shutil.copy(user_pem, os.path.join(path_enc, 'user.crt'))
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % dir_identity])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with DIR: identity, with a password on the key, supplied by the
+# prompter.
+# Expect failure if the responder does nothing, and we have no prompter.
+mark('DIR identity, password on key (prompter)')
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % dir_file_enc_identity,
+           '-X', 'X509_user_identity=%s' % dir_enc_identity, realm.user_princ],
+           expected_code=2)
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % dir_enc_identity],
+            password='encrypted')
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with DIR: identity, with a password on the key, supplied by the
+# responder.
+# Supply the response in raw form.
+mark('DIR identity, password on key (responder)')
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % dir_file_enc_identity,
+           '-r', 'pkinit={"%s": "encrypted"}' % dir_file_enc_identity,
+           '-X', 'X509_user_identity=%s' % dir_enc_identity, realm.user_princ])
+# Supply the response through the convenience API.
+realm.run(['./responder', '-X', 'X509_user_identity=%s' % dir_enc_identity,
+           '-p', '%s=%s' % (dir_file_enc_identity, 'encrypted'),
+           realm.user_princ])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with PKCS12: identity, with no password on the bundle.
+mark('PKCS12 identity, no password')
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_identity])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with PKCS12: identity, with a password on the bundle, supplied by the
+# prompter.
+# Expect failure if the responder does nothing, and we have no prompter.
+mark('PKCS12 identity, password on bundle (prompter)')
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % p12_enc_identity,
+           '-X', 'X509_user_identity=%s' % p12_enc_identity, realm.user_princ],
+           expected_code=2)
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_enc_identity],
+            password='encrypted')
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with PKCS12: identity, with a password on the bundle, supplied by the
+# responder.
+# Supply the response in raw form.
+mark('PKCS12 identity, password on bundle (responder)')
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % p12_enc_identity,
+           '-r', 'pkinit={"%s": "encrypted"}' % p12_enc_identity,
+           '-X', 'X509_user_identity=%s' % p12_enc_identity, realm.user_princ])
+# Supply the response through the convenience API.
+realm.run(['./responder', '-X', 'X509_user_identity=%s' % p12_enc_identity,
+           '-p', '%s=%s' % (p12_enc_identity, 'encrypted'),
+           realm.user_princ])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+mark('pkinit_cert_match rules')
+
+# Match a single rule.
+rule = '<SAN>^user@KRBTEST.COM$'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_identity])
+realm.klist(realm.user_princ)
+
+# Regression test for #8670: match a UPN SAN with a single rule.
+rule = '<SAN>^user@krbtest.com$'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_upn_identity])
+realm.klist(realm.user_princ)
+
+# Match a combined rule (default prefix is &&).
+rule = '<SUBJECT>CN=user$<KU>digitalSignature,keyEncipherment'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_identity])
+realm.klist(realm.user_princ)
+
+# Fail an && rule.
+rule = '&&<SUBJECT>O=OTHER.COM<SAN>^user@KRBTEST.COM$'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+msg = 'kinit: Certificate mismatch while getting initial credentials'
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_identity],
+            expected_code=1, expected_msg=msg)
+
+# Pass an || rule.
+rule = '||<SUBJECT>O=KRBTEST.COM<SAN>^otheruser@KRBTEST.COM$'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_identity])
+realm.klist(realm.user_princ)
+
+# Fail an || rule.
+rule = '||<SUBJECT>O=OTHER.COM<SAN>^otheruser@KRBTEST.COM$'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+msg = 'kinit: Certificate mismatch while getting initial credentials'
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_identity],
+            expected_code=1, expected_msg=msg)
+
+# Authorize a client cert with no PKINIT extensions using subject and
+# issuer.  (Relies on EKU checking being turned off.)
+rule = '&&<SUBJECT>CN=user$<ISSUER>O=MIT,'
+realm.run([kadminl, 'setstr', realm.user_princ, 'pkinit_cert_match', rule])
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p12_generic_identity])
+realm.klist(realm.user_princ)
+
+# Regression test for #8726: null deref when parsing a FILE residual
+# beginning with a comma.
+realm.kinit(realm.user_princ, flags=['-X', 'X509_user_identity=,'],
+            expected_code=1, expected_msg='Preauthentication failed while')
+
+softpkcs11rc = os.path.join(os.getcwd(), 'testdir', 'soft-pkcs11.rc')
+realm.env['SOFTPKCS11RC'] = softpkcs11rc
+
+# PKINIT with PKCS11: identity, with no need for a PIN.
+mark('PKCS11 identity, no PIN')
+conf = open(softpkcs11rc, 'w')
+conf.write("%s\t%s\t%s\t%s\n" % ('user', 'user token', user_pem, privkey_pem))
+conf.close()
+# Expect to succeed without having to supply any more information.
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p11_identity])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# PKINIT with PKCS11: identity, with a PIN supplied by the prompter.
+mark('PKCS11 identity, with PIN (prompter)')
+os.remove(softpkcs11rc)
+conf = open(softpkcs11rc, 'w')
+conf.write("%s\t%s\t%s\t%s\n" % ('user', 'user token', user_pem,
+                                 privkey_enc_pem))
+conf.close()
+# Expect failure if the responder does nothing, and there's no prompter
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % p11_token_identity,
+           '-X', 'X509_user_identity=%s' % p11_identity, realm.user_princ],
+          expected_code=2)
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p11_identity],
+            password='encrypted')
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+# Supply the wrong PIN.
+mark('PKCS11 identity, wrong PIN')
+expected_trace = ('PKINIT client has no configured identity; giving up',)
+realm.kinit(realm.user_princ,
+            flags=['-X', 'X509_user_identity=%s' % p11_identity],
+            password='wrong', expected_code=1, expected_trace=expected_trace)
+
+# PKINIT with PKCS11: identity, with a PIN supplied by the responder.
+# Supply the response in raw form.
+mark('PKCS11 identity, with PIN (responder)')
+realm.run(['./responder', '-x', 'pkinit={"%s": 0}' % p11_token_identity,
+           '-r', 'pkinit={"%s": "encrypted"}' % p11_token_identity,
+           '-X', 'X509_user_identity=%s' % p11_identity, realm.user_princ])
+# Supply the response through the convenience API.
+realm.run(['./responder', '-X', 'X509_user_identity=%s' % p11_identity,
+           '-p', '%s=%s' % (p11_token_identity, 'encrypted'),
+           realm.user_princ])
+realm.klist(realm.user_princ)
+realm.run([kvno, realm.host_princ])
+
+success('PKINIT tests')
diff --git a/krb5-1.21.3/src/tests/t_policy.py b/krb5-1.21.3/src/tests/t_policy.py
new file mode 100755
index 00000000..2bb4f5f1
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_policy.py
@@ -0,0 +1,217 @@
+from k5test import *
+import re
+
+realm = K5Realm(create_host=False, start_kadmind=True)
+
+# Test password quality enforcement.
+mark('password quality')
+realm.run([kadminl, 'addpol', '-minlength', '6', '-minclasses', '2', 'pwpol'])
+realm.run([kadminl, 'addprinc', '-randkey', '-policy', 'pwpol', 'pwuser'])
+realm.run([kadminl, 'cpw', '-pw', 'sh0rt', 'pwuser'], expected_code=1,
+          expected_msg='Password is too short')
+realm.run([kadminl, 'cpw', '-pw', 'longenough', 'pwuser'], expected_code=1,
+          expected_msg='Password does not contain enough character classes')
+realm.run([kadminl, 'cpw', '-pw', 'l0ngenough', 'pwuser'])
+
+# Test some password history enforcement.  Even with no history value,
+# the current password should be denied.
+mark('password history')
+realm.run([kadminl, 'cpw', '-pw', 'l0ngenough', 'pwuser'], expected_code=1,
+          expected_msg='Cannot reuse password')
+realm.run([kadminl, 'modpol', '-history', '2', 'pwpol'])
+realm.run([kadminl, 'cpw', '-pw', 'an0therpw', 'pwuser'])
+realm.run([kadminl, 'cpw', '-pw', 'l0ngenough', 'pwuser'], expected_code=1,
+          expected_msg='Cannot reuse password')
+realm.run([kadminl, 'cpw', '-pw', '3rdpassword', 'pwuser'])
+realm.run([kadminl, 'cpw', '-pw', 'l0ngenough', 'pwuser'])
+
+# Regression test for #929 (kadmind crash with more historical
+# passwords in a principal entry than current policy history setting).
+mark('password history (policy value reduced below current array size)')
+realm.run([kadminl, 'addpol', '-history', '5', 'histpol'])
+realm.addprinc('histprinc', 'first')
+realm.run([kadminl, 'modprinc', '-policy', 'histpol', 'histprinc'])
+realm.run([kadminl, 'cpw', '-pw', 'second', 'histprinc'])
+realm.run([kadminl, 'cpw', '-pw', 'third', 'histprinc'])
+realm.run([kadminl, 'cpw', '-pw', 'fourth', 'histprinc'])
+realm.run([kadminl, 'modpol', '-history', '3', 'histpol'])
+realm.run([kadminl, 'cpw', '-pw', 'fifth', 'histprinc'])
+realm.run([kadminl, 'delprinc', 'histprinc'])
+
+# Regression test for #2841 (heap buffer overflow when policy history
+# value is reduced to match the number of historical passwords for a
+# principal).
+mark('password history (policy value reduced to current array size)')
+def histfail(*pwlist):
+    for pw in pwlist:
+        realm.run([kadminl, 'cpw', '-pw', pw, 'histprinc'], expected_code=1,
+                  expected_msg='Cannot reuse password')
+realm.run([kadminl, 'modpol', '-history', '3', 'histpol'])
+realm.addprinc('histprinc', '1111')
+realm.run([kadminl, 'modprinc', '-policy', 'histpol', 'histprinc'])
+realm.run([kadminl, 'cpw', '-pw', '2222', 'histprinc'])
+histfail('2222', '1111')
+realm.run([kadminl, 'modpol', '-history', '2', 'histpol'])
+realm.run([kadminl, 'cpw', '-pw', '3333', 'histprinc'])
+
+# Test that the history array is properly resized if the policy
+# history value is increased after the array is filled.
+mark('password history (policy value increase)')
+realm.run([kadminl, 'delprinc', 'histprinc'])
+realm.addprinc('histprinc', '1111')
+realm.run([kadminl, 'modprinc', '-policy', 'histpol', 'histprinc'])
+realm.run([kadminl, 'cpw', '-pw', '2222', 'histprinc'])
+histfail('2222', '1111')
+realm.run([kadminl, 'cpw', '-pw', '2222', 'histprinc'], expected_code=1,
+          expected_msg='Cannot reuse password')
+realm.run([kadminl, 'cpw', '-pw', '1111', 'histprinc'], expected_code=1,
+          expected_msg='Cannot reuse password')
+realm.run([kadminl, 'modpol', '-history', '3', 'histpol'])
+realm.run([kadminl, 'cpw', '-pw', '3333', 'histprinc'])
+histfail('3333', '2222', '1111')
+realm.run([kadminl, 'modpol', '-history', '4', 'histpol'])
+histfail('3333', '2222', '1111')
+realm.run([kadminl, 'cpw', '-pw', '4444', 'histprinc'])
+histfail('4444', '3333', '2222', '1111')
+
+# Test that when the policy history value is reduced, all currently
+# known old passwords still fail until the next password change, after
+# which the new number of old passwords fails (but no more).
+mark('password history (policy value reduction)')
+realm.run([kadminl, 'modpol', '-history', '3', 'histpol'])
+histfail('4444', '3333', '2222', '1111')
+realm.run([kadminl, 'cpw', '-pw', '5555', 'histprinc'])
+histfail('5555', '3333', '3333')
+realm.run([kadminl, 'cpw', '-pw', '2222', 'histprinc'])
+realm.run([kadminl, 'modpol', '-history', '2', 'histpol'])
+histfail('2222', '5555', '4444')
+realm.run([kadminl, 'cpw', '-pw', '3333', 'histprinc'])
+
+# Test references to nonexistent policies.
+mark('nonexistent policy references')
+realm.run([kadminl, 'addprinc', '-randkey', '-policy', 'newpol', 'newuser'])
+realm.run([kadminl, 'getprinc', 'newuser'],
+          expected_msg='Policy: newpol [does not exist]\n')
+realm.run([kadminl, 'modprinc', '-policy', 'newpol', 'pwuser'])
+# pwuser should allow reuse of the current password since newpol doesn't exist.
+realm.run([kadminl, 'cpw', '-pw', '3rdpassword', 'pwuser'])
+# Regression test for #8427 (min_life check with nonexistent policy).
+realm.run([kadmin, '-p', 'pwuser', '-w', '3rdpassword', 'cpw', '-pw',
+           '3rdpassword', 'pwuser'])
+
+# Create newpol and verify that it is enforced.
+mark('create referenced policy')
+realm.run([kadminl, 'addpol', '-minlength', '3', 'newpol'])
+realm.run([kadminl, 'getprinc', 'pwuser'], expected_msg='Policy: newpol\n')
+realm.run([kadminl, 'cpw', '-pw', 'aa', 'pwuser'], expected_code=1,
+          expected_msg='Password is too short')
+realm.run([kadminl, 'cpw', '-pw', '3rdpassword', 'pwuser'], expected_code=1,
+          expected_msg='Cannot reuse password')
+
+realm.run([kadminl, 'getprinc', 'newuser'], expected_msg='Policy: newpol\n')
+realm.run([kadminl, 'cpw', '-pw', 'aa', 'newuser'], expected_code=1,
+          expected_msg='Password is too short')
+
+# Delete the policy and verify that it is no longer enforced.
+mark('delete referenced policy')
+realm.run([kadminl, 'delpol', 'newpol'])
+realm.run([kadminl, 'getpol', 'newpol'], expected_code=1,
+          expected_msg='Policy does not exist')
+realm.run([kadminl, 'cpw', '-pw', 'aa', 'pwuser'])
+
+# Test basic password lockout support.
+mark('password lockout')
+realm.stop()
+for realm in multidb_realms(create_host=False):
+    realm.run([kadminl, 'addpol', '-maxfailure', '2', '-failurecountinterval',
+               '5m', 'lockout'])
+    realm.run([kadminl, 'modprinc', '+requires_preauth', '-policy', 'lockout',
+               'user'])
+
+    # kinit twice with the wrong password.
+    msg = 'Password incorrect while getting initial credentials'
+    realm.run([kinit, realm.user_princ], input='wrong\n', expected_code=1,
+              expected_msg=msg)
+    realm.run([kinit, realm.user_princ], input='wrong\n', expected_code=1,
+              expected_msg=msg)
+
+    # Now the account should be locked out.
+    msg = 'credentials have been revoked while getting initial credentials'
+    realm.run([kinit, realm.user_princ], expected_code=1, expected_msg=msg)
+
+    # Check that modprinc -unlock allows a further attempt.
+    realm.run([kadminl, 'modprinc', '-unlock', 'user'])
+    realm.kinit(realm.user_princ, password('user'))
+
+    # Make sure a nonexistent policy reference doesn't prevent authentication.
+    realm.run([kadminl, 'delpol', 'lockout'])
+    realm.kinit(realm.user_princ, password('user'))
+
+# Regression test for issue #7099: databases created prior to krb5 1.3 have
+# multiple history keys, and kadmin prior to 1.7 didn't necessarily use the
+# first one to create history entries.
+mark('#7099 regression test')
+realm = K5Realm(start_kdc=False)
+# Create a history principal with two keys.
+realm.run(['./hist', 'make'])
+realm.run([kadminl, 'addpol', '-history', '2', 'pol'])
+realm.run([kadminl, 'modprinc', '-policy', 'pol', 'user'])
+realm.run([kadminl, 'cpw', '-pw', 'pw2', 'user'])
+# Swap the keys, simulating older kadmin having chosen the second entry.
+realm.run(['./hist', 'swap'])
+# Make sure we can read the history entry.
+realm.run([kadminl, 'cpw', '-pw', password('user'), 'user'], expected_code=1,
+          expected_msg='Cannot reuse password')
+
+# Test key/salt constraints.
+mark('allowedkeysalts')
+
+realm.stop()
+krb5_conf1 = {'libdefaults': {'supported_enctypes': 'aes256-cts'}}
+realm = K5Realm(krb5_conf=krb5_conf1, create_host=False, get_creds=False)
+
+# Add policy.
+realm.run([kadminl, 'addpol', '-allowedkeysalts', 'aes256-cts', 'ak'])
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
+
+# Test with one-enctype allowed_keysalts.
+realm.run([kadminl, 'modprinc', '-policy', 'ak', 'server'])
+out = realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes128-cts', 'server'],
+                expected_code=1)
+if not 'Invalid key/salt tuples' in out:
+    fail('allowed_keysalts policy not applied properly')
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes256-cts', 'server'])
+
+# Now test a multi-enctype allowed_keysalts.  Test that subsets are allowed,
+# the the complete set is allowed, that order doesn't matter, and that
+# enctypes outside the set are not allowed.
+
+# Test modpol.
+realm.run([kadminl, 'modpol', '-allowedkeysalts', 'aes256-cts,rc4-hmac', 'ak'])
+realm.run([kadminl, 'getpol', 'ak'],
+          expected_msg='Allowed key/salt types: aes256-cts,rc4-hmac')
+
+# Test subsets and full set.
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'rc4-hmac', 'server'])
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes256-cts', 'server'])
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes256-cts,rc4-hmac', 'server'])
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'rc4-hmac,aes256-cts', 'server'])
+
+# Check that the order we got is the one from the policy.
+realm.run([kadminl, 'getprinc', '-terse', 'server'],
+          expected_msg='2\t1\t6\t18\t0\t1\t6\t23\t0')
+
+# Test partially intersecting sets.
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'rc4-hmac,aes128-cts', 'server'],
+          expected_code=1, expected_msg='Invalid key/salt tuples')
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'rc4-hmac,aes256-cts,aes128-cts',
+           'server'], expected_code=1, expected_msg='Invalid key/salt tuples')
+
+# Test reset of allowedkeysalts.
+realm.run([kadminl, 'modpol', '-allowedkeysalts', '-', 'ak'])
+out = realm.run([kadminl, 'getpol', 'ak'])
+if 'Allowed key/salt types' in out:
+    fail('failed to clear allowedkeysalts')
+realm.run([kadminl, 'cpw', '-randkey', '-e', 'aes128-cts', 'server'])
+
+success('Policy tests')
diff --git a/krb5-1.21.3/src/tests/t_preauth.py b/krb5-1.21.3/src/tests/t_preauth.py
new file mode 100644
index 00000000..d95eed5d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_preauth.py
@@ -0,0 +1,265 @@
+from k5test import *
+
+# Test that the kdcpreauth client_keyblock() callback matches the key
+# indicated by the etype info, and returns NULL if no key was selected.
+testpreauth = os.path.join(buildtop, 'plugins', 'preauth', 'test', 'test.so')
+conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth},
+                    'clpreauth': {'module': 'test:' + testpreauth}}}
+realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf)
+realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ])
+realm.run([kadminl, 'setstr', realm.user_princ, 'teststring', 'testval'])
+realm.run([kadminl, 'addprinc', '-nokey', '+requires_preauth', 'nokeyuser'])
+realm.kinit(realm.user_princ, password('user'), expected_msg='testval')
+realm.kinit('nokeyuser', password('user'), expected_code=1,
+            expected_msg='no key')
+
+# Preauth type -123 is the test preauth module type; 133 is FAST
+# PA-FX-COOKIE; 2 is encrypted timestamp.
+
+# Test normal preauth flow.
+mark('normal')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        'Decrypted AS reply')
+realm.run(['./icred', realm.user_princ, password('user')],
+          expected_msg='testval', expected_trace=msgs)
+
+# Test successful optimistic preauth.
+mark('optimistic')
+expected_trace = ('Attempting optimistic preauth',
+                  'Processing preauth types: -123',
+                  'Preauth module test (-123) (real) returned: 0/Success',
+                  'Produced preauth for next request: -123',
+                  'Decrypted AS reply')
+realm.run(['./icred', '-o', '-123', realm.user_princ, password('user')],
+          expected_trace=expected_trace)
+
+# Test optimistic preauth failing on client, falling back to encrypted
+# timestamp.
+mark('optimistic (client failure)')
+msgs = ('Attempting optimistic preauth',
+        'Processing preauth types: -123',
+        '/induced optimistic fail',
+        'Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Encrypted timestamp (for ',
+        'module encrypted_timestamp (2) (real) returned: 0/Success',
+        'preauth for next request: PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)',
+        'Decrypted AS reply')
+realm.run(['./icred', '-o', '-123', '-X', 'fail_optimistic', realm.user_princ,
+           password('user')], expected_trace=msgs)
+
+# Test optimistic preauth failing on KDC, falling back to encrypted
+# timestamp.
+mark('optimistic (KDC failure)')
+realm.run([kadminl, 'setstr', realm.user_princ, 'failopt', 'yes'])
+msgs = ('Attempting optimistic preauth',
+        'Processing preauth types: -123',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: -123',
+        '/Preauthentication failed',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Encrypted timestamp (for ',
+        'module encrypted_timestamp (2) (real) returned: 0/Success',
+        'preauth for next request: PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)',
+        'Decrypted AS reply')
+realm.run(['./icred', '-o', '-123', realm.user_princ, password('user')],
+          expected_trace=msgs)
+# Leave failopt set for the next test.
+
+# Test optimistic preauth failing on KDC, stopping because the test
+# module disabled fallback.
+mark('optimistic (KDC failure, no fallback)')
+msgs = ('Attempting optimistic preauth',
+        'Processing preauth types: -123',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: -123',
+        '/Preauthentication failed')
+realm.run(['./icred', '-X', 'disable_fallback', '-o', '-123', realm.user_princ,
+           password('user')], expected_code=1,
+          expected_msg='Preauthentication failed', expected_trace=msgs)
+realm.run([kadminl, 'delstr', realm.user_princ, 'failopt'])
+
+# Test KDC_ERR_MORE_PREAUTH_DATA_REQUIRED and secure cookies.
+mark('second round-trip')
+realm.run([kadminl, 'setstr', realm.user_princ, '2rt', 'secondtrip'])
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/More preauthentication data is required',
+        'Continuing preauth mech -123',
+        'Processing preauth types: -123, PA-FX-COOKIE (133)',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        'Decrypted AS reply')
+realm.run(['./icred', realm.user_princ, password('user')],
+          expected_msg='2rt: secondtrip', expected_trace=msgs)
+
+# Test client-side failure after KDC_ERR_MORE_PREAUTH_DATA_REQUIRED,
+# falling back to encrypted timestamp.
+mark('second round-trip (client failure)')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/More preauthentication data is required',
+        'Continuing preauth mech -123',
+        'Processing preauth types: -123, PA-FX-COOKIE (133)',
+        '/induced 2rt fail',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Encrypted timestamp (for ',
+        'module encrypted_timestamp (2) (real) returned: 0/Success',
+        'preauth for next request: PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)',
+        'Decrypted AS reply')
+realm.run(['./icred', '-X', 'fail_2rt', realm.user_princ, password('user')],
+          expected_msg='2rt: secondtrip', expected_trace=msgs)
+
+# Test client-side failure after KDC_ERR_MORE_PREAUTH_DATA_REQUIRED,
+# stopping because the test module disabled fallback.
+mark('second round-trip (client failure, no fallback)')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/More preauthentication data is required',
+        'Continuing preauth mech -123',
+        'Processing preauth types: -123, PA-FX-COOKIE (133)',
+        '/induced 2rt fail')
+realm.run(['./icred', '-X', 'fail_2rt', '-X', 'disable_fallback',
+           realm.user_princ, password('user')], expected_code=1,
+          expected_msg='Pre-authentication failed: induced 2rt fail',
+          expected_trace=msgs)
+
+# Test KDC-side failure after KDC_ERR_MORE_PREAUTH_DATA_REQUIRED,
+# falling back to encrypted timestamp.
+mark('second round-trip (KDC failure)')
+realm.run([kadminl, 'setstr', realm.user_princ, 'fail2rt', 'yes'])
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/More preauthentication data is required',
+        'Continuing preauth mech -123',
+        'Processing preauth types: -123, PA-FX-COOKIE (133)',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/Preauthentication failed',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Encrypted timestamp (for ',
+        'module encrypted_timestamp (2) (real) returned: 0/Success',
+        'preauth for next request: PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)',
+        'Decrypted AS reply')
+realm.run(['./icred', realm.user_princ, password('user')],
+          expected_msg='2rt: secondtrip', expected_trace=msgs)
+# Leave fail2rt set for the next test.
+
+# Test KDC-side failure after KDC_ERR_MORE_PREAUTH_DATA_REQUIRED,
+# stopping because the test module disabled fallback.
+mark('second round-trip (KDC failure, no fallback)')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/More preauthentication data is required',
+        'Continuing preauth mech -123',
+        'Processing preauth types: -123, PA-FX-COOKIE (133)',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/Preauthentication failed')
+realm.run(['./icred', '-X', 'disable_fallback',
+           realm.user_princ, password('user')], expected_code=1,
+          expected_msg='Preauthentication failed', expected_trace=msgs)
+realm.run([kadminl, 'delstr', realm.user_princ, 'fail2rt'])
+
+# Test tryagain flow by inducing a KDC_ERR_ENCTYPE_NOSUPP error on the KDC.
+mark('tryagain')
+realm.run([kadminl, 'setstr', realm.user_princ, 'err', 'testagain'])
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/KDC has no support for encryption type',
+        'Recovering from KDC error 14 using preauth mech -123',
+        'Preauth tryagain input types (-123): -123, PA-FX-COOKIE (133)',
+        'Preauth module test (-123) tryagain returned: 0/Success',
+        'Followup preauth for next request: -123, PA-FX-COOKIE (133)',
+        'Decrypted AS reply')
+realm.run(['./icred', realm.user_princ, password('user')],
+          expected_msg='tryagain: testagain', expected_trace=msgs)
+
+# Test a client-side tryagain failure, falling back to encrypted
+# timestamp.
+mark('tryagain (client failure)')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/KDC has no support for encryption type',
+        'Recovering from KDC error 14 using preauth mech -123',
+        'Preauth tryagain input types (-123): -123, PA-FX-COOKIE (133)',
+        '/induced tryagain fail',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Encrypted timestamp (for ',
+        'module encrypted_timestamp (2) (real) returned: 0/Success',
+        'preauth for next request: PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)',
+        'Decrypted AS reply')
+realm.run(['./icred', '-X', 'fail_tryagain', realm.user_princ,
+           password('user')], expected_trace=msgs)
+
+# Test a client-side tryagain failure, stopping because the test
+# module disabled fallback.
+mark('tryagain (client failure, no fallback)')
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Preauthenticating using KDC method data',
+        'Processing preauth types:',
+        'Preauth module test (-123) (real) returned: 0/Success',
+        'Produced preauth for next request: PA-FX-COOKIE (133), -123',
+        '/KDC has no support for encryption type',
+        'Recovering from KDC error 14 using preauth mech -123',
+        'Preauth tryagain input types (-123): -123, PA-FX-COOKIE (133)',
+        '/induced tryagain fail')
+realm.run(['./icred', '-X', 'fail_tryagain', '-X', 'disable_fallback',
+           realm.user_princ, password('user')], expected_code=1,
+          expected_msg='KDC has no support for encryption type',
+          expected_trace=msgs)
+
+# Test that multiple stepwise initial creds operations can be
+# performed with the same krb5_context, with proper tracking of
+# clpreauth module request handles.
+mark('interleaved')
+realm.run([kadminl, 'addprinc', '-pw', 'pw', 'u1'])
+realm.run([kadminl, 'addprinc', '+requires_preauth', '-pw', 'pw', 'u2'])
+realm.run([kadminl, 'addprinc', '+requires_preauth', '-pw', 'pw', 'u3'])
+realm.run([kadminl, 'setstr', 'u2', '2rt', 'extra'])
+out = realm.run(['./icinterleave', 'pw', 'u1', 'u2', 'u3'])
+if out != ('step 1\nstep 2\nstep 3\nstep 1\nfinish 1\nstep 2\nno attr\n'
+           'step 3\nno attr\nstep 2\n2rt: extra\nstep 3\nfinish 3\nstep 2\n'
+           'finish 2\n'):
+    fail('unexpected output from icinterleave')
+
+success('Pre-authentication framework tests')
diff --git a/krb5-1.21.3/src/tests/t_princflags.py b/krb5-1.21.3/src/tests/t_princflags.py
new file mode 100755
index 00000000..aa366021
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_princflags.py
@@ -0,0 +1,138 @@
+from k5test import *
+from princflags import *
+import re
+
+realm = K5Realm(create_host=False, get_creds=False)
+
+# Regex pattern to match an empty attribute line from kadmin getprinc
+emptyattr = re.compile('^Attributes:$', re.MULTILINE)
+
+
+# Regex pattern to match a kadmin getprinc output for a flag tuple
+def attr_pat(ftuple):
+    return re.compile('^Attributes: ' + ftuple.flagname() + '$',
+                      re.MULTILINE)
+
+
+# Test one flag tuple for kadmin ank.
+def one_kadmin_flag(ftuple):
+    pat = attr_pat(ftuple)
+    realm.run([kadminl, 'ank', ftuple.setspec(),
+               '-pw', 'password', 'test'])
+    out = realm.run([kadminl, 'getprinc', 'test'])
+    if not pat.search(out):
+        fail('Failed to set flag ' + ftuple.flagname())
+
+    realm.run([kadminl, 'modprinc', ftuple.clearspec(), 'test'])
+    out = realm.run([kadminl, 'getprinc', 'test'])
+    if not emptyattr.search(out):
+        fail('Failed to clear flag ' + ftuple.flagname())
+    realm.run([kadminl, 'delprinc', 'test'])
+
+
+# Generate a custom kdc.conf with default_principal_flags set
+# according to ftuple.
+def genkdcconf(ftuple):
+    d = { 'realms': { '$realm': {
+                'default_principal_flags': ftuple.setspec()
+                }}}
+    return realm.special_env('tmp', True, kdc_conf=d)
+
+
+# Test one ftuple for kdc.conf default_principal_flags.
+def one_kdcconf(ftuple):
+    e = genkdcconf(ftuple)
+    pat = attr_pat(ftuple)
+    realm.run([kadminl, 'ank', '-pw', 'password', 'test'], env=e)
+    out = realm.run([kadminl, 'getprinc', 'test'])
+    if not pat.search(out):
+        fail('Failed to set flag ' + ftuple.flagname() + ' via kdc.conf')
+
+    realm.run([kadminl, 'delprinc', 'test'])
+
+
+# Principal name for kadm5.acl line
+def ftuple2pname(ftuple, doset):
+    pname = 'set_' if doset else 'clear_'
+    return pname + ftuple.flagname()
+
+
+# Translate a strconv ftuple to a spec string for kadmin.
+def ftuple2kadm_spec(ftuple, doset):
+    ktuple = kadmin_itable[ftuple.flag]
+    if ktuple.invert != ftuple.invert:
+        # Could do:
+        # doset = not doset
+        # but this shouldn't happen.
+        raise ValueError
+    return ktuple.spec(doset)
+
+
+# Generate a line for kadm5.acl.
+def acl_line(ftuple, doset):
+    pname = ftuple2pname(ftuple, doset)
+    spec = ftuple.spec(doset)
+    return "%s * %s %s\n" % (realm.admin_princ, pname, spec)
+
+
+# Test one kadm5.acl line for a ftuple.
+def one_aclcheck(ftuple, doset):
+    pname = ftuple2pname(ftuple, doset)
+    pat = attr_pat(ftuple)
+    outname = ftuple.flagname()
+    # Create the principal and check that the flag is correctly set or
+    # cleared.
+    realm.run_kadmin(['ank', '-pw', 'password', pname])
+    out = realm.run([kadminl, 'getprinc', pname])
+    if doset:
+        if not pat.search(out):
+            fail('Failed to set flag ' + outname + ' via kadm5.acl')
+    else:
+        if not emptyattr.search(out):
+            fail('Failed to clear flag ' + outname + ' via kadm5.acl')
+    # If acl forces flag to be set, try to clear it, and vice versa.
+    spec = ftuple2kadm_spec(ftuple, not doset)
+    realm.run_kadmin(['modprinc', spec, pname])
+    out = realm.run([kadminl, 'getprinc', pname])
+    if doset:
+        if not pat.search(out):
+            fail('Failed to keep flag ' + outname + ' set')
+    else:
+        if not emptyattr.search(out):
+            fail('Failed to keep flag ' + outname + ' clear')
+
+
+# Set all flags simultaneously, even the ones that aren't defined yet.
+def lamptest():
+    pat = re.compile('^Attributes: ' +
+                     ' '.join(flags2namelist(0xffffffff)) +
+                     '$', re.MULTILINE)
+    realm.run([kadminl, 'ank', '-pw', 'password', '+0xffffffff', 'test'])
+    out = realm.run([kadminl, 'getprinc', 'test'])
+    if not pat.search(out):
+        fail('Failed to simultaenously set all flags')
+    realm.run([kadminl, 'delprinc', 'test'])
+
+
+for ftuple in kadmin_ftuples:
+    one_kadmin_flag(ftuple)
+
+for ftuple in strconv_ftuples:
+    one_kdcconf(ftuple)
+
+f = open(os.path.join(realm.testdir, 'acl'), 'w')
+for ftuple in strconv_ftuples:
+    f.write(acl_line(ftuple, True))
+    f.write(acl_line(ftuple, False))
+f.close()
+
+realm.start_kadmind()
+realm.prep_kadmin()
+
+for ftuple in strconv_ftuples:
+    one_aclcheck(ftuple, True)
+    one_aclcheck(ftuple, False)
+
+lamptest()
+
+success('KDB principal flags')
diff --git a/krb5-1.21.3/src/tests/t_proxy.py b/krb5-1.21.3/src/tests/t_proxy.py
new file mode 100755
index 00000000..cbd592a3
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_proxy.py
@@ -0,0 +1,220 @@
+from k5test import *
+
+# Skip this test if we're missing proxy functionality or parts of the proxy.
+if runenv.tls_impl == 'no':
+    skip_rest('HTTP proxy tests', 'TLS build support not enabled')
+try:
+    import kdcproxy
+except:
+    skip_rest('HTTP proxy tests', 'Python kdcproxy module not found')
+
+# Construct a krb5.conf fragment configuring the client to use a local proxy
+# server.
+proxycerts = os.path.join(srctop, 'tests', 'proxy-certs')
+proxysubjectpem = os.path.join(proxycerts, 'proxy-subject.pem')
+proxysanpem = os.path.join(proxycerts, 'proxy-san.pem')
+proxyidealpem = os.path.join(proxycerts, 'proxy-ideal.pem')
+proxywrongpem = os.path.join(proxycerts, 'proxy-no-match.pem')
+proxybadpem = os.path.join(proxycerts, 'proxy-badsig.pem')
+proxyca = os.path.join(proxycerts, 'ca.pem')
+proxyurl = 'https://localhost:$port5/KdcProxy'
+proxyurlupcase = 'https://LocalHost:$port5/KdcProxy'
+proxyurl4 = 'https://127.0.0.1:$port5/KdcProxy'
+proxyurl6 = 'https://[::1]:$port5/KdcProxy'
+
+unanchored_krb5_conf = {'realms': {'$realm': {
+                        'kdc': proxyurl,
+                        'kpasswd_server': proxyurl}}}
+anchored_name_krb5_conf = {'realms': {'$realm': {
+                           'kdc': proxyurl,
+                           'kpasswd_server': proxyurl,
+                           'http_anchors': 'FILE:%s' % proxyca}}}
+anchored_upcasename_krb5_conf = {'realms': {'$realm': {
+                                 'kdc': proxyurlupcase,
+                                 'kpasswd_server': proxyurlupcase,
+                                 'http_anchors': 'FILE:%s' % proxyca}}}
+anchored_kadmin_krb5_conf = {'realms': {'$realm': {
+                             'kdc': proxyurl,
+                             'admin_server': proxyurl,
+                             'http_anchors': 'FILE:%s' % proxyca}}}
+anchored_ipv4_krb5_conf = {'realms': {'$realm': {
+                           'kdc': proxyurl4,
+                           'kpasswd_server': proxyurl4,
+                           'http_anchors': 'FILE:%s' % proxyca}}}
+kpasswd_input = (password('user') + '\n' + password('user') + '\n' +
+                 password('user') + '\n')
+
+def start_proxy(realm, keycertpem):
+    proxy_conf_path = os.path.join(realm.testdir, 'kdcproxy.conf')
+    proxy_exec_path = os.path.join(srctop, 'util', 'wsgiref-kdcproxy.py')
+    conf = open(proxy_conf_path, 'w')
+    conf.write('[%s]\n' % realm.realm)
+    conf.write('kerberos = kerberos://localhost:%d\n' % realm.portbase)
+    conf.write('kpasswd = kpasswd://localhost:%d\n' % (realm.portbase + 2))
+    conf.close()
+    realm.env['KDCPROXY_CONFIG'] = proxy_conf_path
+    cmd = [sys.executable, proxy_exec_path, str(realm.server_port()),
+           keycertpem]
+    return realm.start_server(cmd, sentinel='proxy server ready')
+
+# Fail: untrusted issuer and hostname doesn't match.
+mark('untrusted issuer, hostname mismatch')
+output("running pass 1: issuer not trusted and hostname doesn't match\n")
+realm = K5Realm(krb5_conf=unanchored_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxywrongpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: untrusted issuer, host name matches subject.
+mark('untrusted issuer, hostname subject match')
+output("running pass 2: subject matches, issuer not trusted\n")
+realm = K5Realm(krb5_conf=unanchored_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxysubjectpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: untrusted issuer, host name matches subjectAltName.
+mark('untrusted issuer, hostname SAN match')
+output("running pass 3: subjectAltName matches, issuer not trusted\n")
+realm = K5Realm(krb5_conf=unanchored_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxysanpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: untrusted issuer, certificate signature is bad.
+mark('untrusted issuer, bad signature')
+output("running pass 4: subject matches, issuer not trusted\n")
+realm = K5Realm(krb5_conf=unanchored_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxybadpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: trusted issuer but hostname doesn't match.
+mark('trusted issuer, hostname mismatch')
+output("running pass 5: issuer trusted but hostname doesn't match\n")
+realm = K5Realm(krb5_conf=anchored_name_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxywrongpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Succeed: trusted issuer and host name matches subject.
+mark('trusted issuer, hostname subject match')
+output("running pass 6: issuer trusted, subject matches\n")
+realm = K5Realm(krb5_conf=anchored_name_krb5_conf, start_kadmind=True,
+                get_creds=False)
+proxy = start_proxy(realm, proxysubjectpem)
+realm.kinit(realm.user_princ, password=password('user'))
+realm.run([kvno, realm.host_princ])
+realm.run([kpasswd, realm.user_princ], input=kpasswd_input)
+stop_daemon(proxy)
+realm.stop()
+
+# Succeed: trusted issuer and host name matches subjectAltName.
+mark('trusted issuer, hostname SAN match')
+output("running pass 7: issuer trusted, subjectAltName matches\n")
+realm = K5Realm(krb5_conf=anchored_name_krb5_conf, start_kadmind=True,
+                get_creds=False)
+proxy = start_proxy(realm, proxysanpem)
+realm.kinit(realm.user_princ, password=password('user'))
+realm.run([kvno, realm.host_princ])
+realm.run([kpasswd, realm.user_princ], input=kpasswd_input)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: certificate signature is bad.
+mark('bad signature')
+output("running pass 8: issuer trusted and subjectAltName matches, sig bad\n")
+realm = K5Realm(krb5_conf=anchored_name_krb5_conf,
+                get_creds=False,
+		                create_host=False)
+proxy = start_proxy(realm, proxybadpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: trusted issuer but IP doesn't match.
+mark('trusted issuer, IP mismatch')
+output("running pass 9: issuer trusted but no name matches IP\n")
+realm = K5Realm(krb5_conf=anchored_ipv4_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxywrongpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: trusted issuer, but subject does not match.
+mark('trusted issuer, IP mismatch (hostname in subject)')
+output("running pass 10: issuer trusted, but subject does not match IP\n")
+realm = K5Realm(krb5_conf=anchored_ipv4_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxysubjectpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Succeed: trusted issuer and host name matches subjectAltName.
+mark('trusted issuer, IP SAN match')
+output("running pass 11: issuer trusted, subjectAltName matches IP\n")
+realm = K5Realm(krb5_conf=anchored_ipv4_krb5_conf, start_kadmind=True,
+                get_creds=False)
+proxy = start_proxy(realm, proxysanpem)
+realm.kinit(realm.user_princ, password=password('user'))
+realm.run([kvno, realm.host_princ])
+realm.run([kpasswd, realm.user_princ], input=kpasswd_input)
+stop_daemon(proxy)
+realm.stop()
+
+# Fail: certificate signature is bad.
+mark('bad signature (IP hostname)')
+output("running pass 12: issuer trusted, names don't match, signature bad\n")
+realm = K5Realm(krb5_conf=anchored_ipv4_krb5_conf, get_creds=False,
+                create_host=False)
+proxy = start_proxy(realm, proxybadpem)
+realm.kinit(realm.user_princ, password=password('user'), expected_code=1)
+stop_daemon(proxy)
+realm.stop()
+
+# Succeed: trusted issuer and host name matches subject, using kadmin
+# configuration to find kpasswdd.
+mark('trusted issuer, hostname subject match (kadmin)')
+output("running pass 13: issuer trusted, subject matches\n")
+realm = K5Realm(krb5_conf=anchored_kadmin_krb5_conf, start_kadmind=True,
+                get_creds=False, create_host=False)
+proxy = start_proxy(realm, proxysubjectpem)
+realm.run([kpasswd, realm.user_princ], input=kpasswd_input)
+stop_daemon(proxy)
+realm.stop()
+
+# Succeed: trusted issuer and host name matches subjectAltName, using
+# kadmin configuration to find kpasswdd.
+mark('trusted issuer, hostname SAN match (kadmin)')
+output("running pass 14: issuer trusted, subjectAltName matches\n")
+realm = K5Realm(krb5_conf=anchored_kadmin_krb5_conf, start_kadmind=True,
+                get_creds=False, create_host=False)
+proxy = start_proxy(realm, proxysanpem)
+realm.run([kpasswd, realm.user_princ], input=kpasswd_input)
+stop_daemon(proxy)
+realm.stop()
+
+# Succeed: trusted issuer and host name matches subjectAltName (give or take
+# case).
+mark('trusted issuer, hostname SAN case-insensitive match')
+output("running pass 15: issuer trusted, subjectAltName case-insensitive\n")
+realm = K5Realm(krb5_conf=anchored_upcasename_krb5_conf, start_kadmind=True,
+                get_creds=False, create_host=False)
+proxy = start_proxy(realm, proxysanpem)
+realm.run([kpasswd, realm.user_princ], input=kpasswd_input)
+stop_daemon(proxy)
+realm.stop()
+
+success('MS-KKDCP proxy')
diff --git a/krb5-1.21.3/src/tests/t_pwqual.py b/krb5-1.21.3/src/tests/t_pwqual.py
new file mode 100755
index 00000000..58d610d8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_pwqual.py
@@ -0,0 +1,78 @@
+from k5test import *
+
+plugin = os.path.join(buildtop, "plugins", "pwqual", "test", "pwqual_test.so")
+
+dictfile = os.path.join(os.getcwd(), 'testdir', 'dict')
+
+pconf = {'plugins': {'pwqual': {'module': 'combo:' + plugin}}}
+dconf = {'realms': {'$realm': {'dict_file': dictfile}}}
+realm = K5Realm(krb5_conf=pconf, kdc_conf=dconf, create_user=False,
+                create_host=False)
+
+# Write a short dictionary file.
+f = open(dictfile, 'w')
+f.write('birds\nbees\napples\noranges\n')
+f.close()
+
+realm.run([kadminl, 'addpol', 'pol'])
+
+mark('pwqual modules')
+
+# The built-in "empty" module rejects empty passwords even without a policy.
+realm.run([kadminl, 'addprinc', '-pw', '', 'p1'], expected_code=1,
+          expected_msg='Empty passwords are not allowed')
+
+# The built-in "dict" module rejects dictionary words, but only with a policy.
+realm.run([kadminl, 'addprinc', '-pw', 'birds', 'p2'])
+realm.run([kadminl, 'addprinc', '-pw', 'birds', '-policy', 'pol', 'p3'],
+          expected_code=1,
+          expected_msg='Password is in the password dictionary')
+
+# The built-in "princ" module rejects principal components, only with a policy.
+realm.run([kadminl, 'addprinc', '-pw', 'p4', 'p4'])
+realm.run([kadminl, 'addprinc', '-pw', 'p5', '-policy', 'pol', 'p5'],
+          expected_code=1,
+          expected_msg='Password may not match principal name')
+
+# The dynamic "combo" module rejects pairs of dictionary words.
+realm.run([kadminl, 'addprinc', '-pw', 'birdsoranges', 'p6'], expected_code=1,
+          expected_msg='Password may not be a pair of dictionary words')
+
+# These plugin ordering tests aren't specifically related to the
+# password quality interface, but are convenient to put here.
+
+mark('plugin module order')
+
+def test_order(realm, testname, conf, expected):
+    conf = {'plugins': {'pwqual': conf}}
+    env = realm.special_env(testname, False, krb5_conf=conf)
+    out = realm.run(['./plugorder'], env=env)
+    if out.split() != expected:
+        fail('order test: ' + testname)
+
+realm.stop()
+realm = K5Realm(create_kdb=False)
+
+# Check the test harness with no special configuration.
+test_order(realm, 'noconf', {}, ['blt1', 'blt2', 'blt3'])
+
+# Test the basic order: dynamic modules, then built-in modules, each
+# in registration order.
+conf = {'module': ['dyn3:' + plugin, 'dyn1:' + plugin, 'dyn2:' + plugin]}
+test_order(realm, 'basic', conf,
+           ['dyn3', 'dyn1', 'dyn2', 'blt1', 'blt2', 'blt3'])
+
+# Disabling modules should not affect the order of other modules.
+conf['disable'] = ['dyn1', 'blt3']
+test_order(realm, 'disable', conf, ['dyn3', 'dyn2', 'blt1', 'blt2'])
+
+# enable_only should reorder the modules, but can't resurrect disabled
+# modules or create ones from thin air.
+conf['enable_only'] = ['dyn2', 'blt3', 'blt2', 'dyn1', 'dyn3', 'xxx']
+test_order(realm, 'enable_only', conf, ['dyn2', 'blt2', 'dyn3'])
+
+# Duplicate modules should be pruned by preferring earlier entries.
+conf = {'module': ['dyn3:' + plugin, 'dyn1:' + plugin, 'dyn3:' + plugin]}
+test_order(realm, 'duplicate', conf, ['dyn3', 'dyn1', 'blt1', 'blt2', 'blt3'])
+
+success('Password quality interface tests')
diff --git a/krb5-1.21.3/src/tests/t_rdreq.py b/krb5-1.21.3/src/tests/t_rdreq.py
new file mode 100755
index 00000000..7b120b1d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_rdreq.py
@@ -0,0 +1,138 @@
+from k5test import *
+
+conf = {'realms': {'$realm': {'supported_enctypes': 'aes256-cts aes128-cts'}}}
+realm = K5Realm(create_host=False, kdc_conf=conf)
+
+# Define some server principal names.
+princ1 = 'host/1@%s' % realm.realm
+princ2 = 'host/2@%s' % realm.realm
+princ3 = 'HTTP/3@%s' % realm.realm
+princ4 = 'HTTP/4@%s' % realm.realm
+matchprinc = 'host/@'
+nomatchprinc = 'x/@'
+realm.addprinc(princ1)
+realm.addprinc(princ2)
+realm.addprinc(princ3)
+
+def test(tserver, server, expected):
+    args = ['./rdreq', tserver]
+    if server is not None:
+        args += [server]
+    out = realm.run(args)
+    if out.strip() != expected:
+        fail('unexpected rdreq output')
+
+
+# No keytab present.
+mark('no keytab')
+nokeytab_err = "45 Key table file '%s' not found" % realm.keytab
+test(princ1, None, nokeytab_err)
+test(princ1, princ1, nokeytab_err)
+test(princ1, matchprinc, nokeytab_err)
+
+# Keytab present, successful decryption.
+mark('success')
+realm.extract_keytab(princ1, realm.keytab)
+test(princ1, None, '0 success')
+test(princ1, princ1, '0 success')
+test(princ1, matchprinc, '0 success')
+
+# Explicit server principal not found in keytab.
+mark('explicit server not found')
+test(princ2, princ2, '45 No key table entry found for host/2@KRBTEST.COM')
+
+# Matching server principal does not match any entries in keytab (with
+# and without ticket server present in keytab).
+mark('matching server')
+nomatch_err = '45 Server principal x/@ does not match any keys in keytab'
+test(princ1, nomatchprinc, nomatch_err)
+test(princ2, nomatchprinc, nomatch_err)
+
+# Ticket server does not match explicit server principal (with and
+# without ticket server present in keytab).
+mark('ticket server mismatch')
+test(princ1, princ2, '45 No key table entry found for host/2@KRBTEST.COM')
+test(princ2, princ1,
+     '35 Cannot decrypt ticket for host/2@KRBTEST.COM using keytab key for '
+     'host/1@KRBTEST.COM')
+
+# Ticket server not found in keytab during iteration.
+mark('ticket server not found')
+test(princ2, None,
+     '35 Request ticket server host/2@KRBTEST.COM not found in keytab '
+     '(ticket kvno 1)')
+
+# Ticket server found in keytab but is not matched by server principal
+# (but other principals in keytab do match).
+mark('ticket server mismatch (matching)')
+realm.extract_keytab(princ3, realm.keytab)
+test(princ3, matchprinc,
+     '35 Request ticket server HTTP/3@KRBTEST.COM found in keytab but does '
+     'not match server principal host/@')
+
+# Service ticket is out of date.
+mark('outdated service ticket')
+os.remove(realm.keytab)
+realm.run([kadminl, 'ktadd', princ1])
+test(princ1, None,
+     '44 Request ticket server host/1@KRBTEST.COM kvno 1 not found in keytab; '
+     'ticket is likely out of date')
+test(princ1, princ1,
+     '44 Cannot find key for host/1@KRBTEST.COM kvno 1 in keytab')
+
+# kvno mismatch due to ticket principal mismatch with explicit server.
+mark('ticket server mismatch (kvno)')
+test(princ2, princ1,
+     '35 Cannot find key for host/1@KRBTEST.COM kvno 1 in keytab (request '
+     'ticket server host/2@KRBTEST.COM)')
+
+# Keytab is out of date.
+mark('outdated keytab')
+realm.run([kadminl, 'cpw', '-randkey', princ1])
+realm.kinit(realm.user_princ, password('user'))
+test(princ1, None,
+     '44 Request ticket server host/1@KRBTEST.COM kvno 3 not found in keytab; '
+     'keytab is likely out of date')
+test(princ1, princ1,
+     '44 Cannot find key for host/1@KRBTEST.COM kvno 3 in keytab')
+
+# Ticket server and kvno found but not with ticket enctype.
+mark('missing enctype')
+os.remove(realm.keytab)
+realm.extract_keytab(princ1, realm.keytab)
+pkeytab = realm.keytab + '.partial'
+realm.run([ktutil], input=('rkt %s\ndelent 1\nwkt %s\n' %
+                           (realm.keytab, pkeytab)))
+os.rename(pkeytab, realm.keytab)
+realm.run([klist, '-ke'])
+test(princ1, None,
+     '44 Request ticket server host/1@KRBTEST.COM kvno 3 found in keytab but '
+     'not with enctype aes256-cts')
+# This is a bad code (KRB_AP_ERR_NOKEY) and message, because
+# krb5_kt_get_entry returns the same result for this and not finding
+# the principal at all.  But it's an uncommon case; GSSAPI apps
+# usually use a matching principal and missing key enctypes are rare.
+test(princ1, princ1, '45 No key table entry found for host/1@KRBTEST.COM')
+
+# Ticket server, kvno, and enctype matched, but key does not work.
+mark('wrong key')
+realm.run([kadminl, 'cpw', '-randkey', princ1])
+realm.run([kadminl, 'modprinc', '-kvno', '3', princ1])
+os.remove(realm.keytab)
+realm.extract_keytab(princ1, realm.keytab)
+test(princ1, None,
+     '31 Request ticket server host/1@KRBTEST.COM kvno 3 enctype aes256-cts '
+     'found in keytab but cannot decrypt ticket')
+test(princ1, princ1,
+     '31 Cannot decrypt ticket for host/1@KRBTEST.COM using keytab key for '
+     'host/1@KRBTEST.COM')
+
+# Test that aliases work.  The ticket server (princ4) isn't present in
+# keytab, but there is a usable princ1 entry with the same key.
+mark('aliases')
+realm.run([kadminl, 'renprinc', princ1, princ4])
+test(princ4, None, '0 success')
+test(princ4, princ1, '0 success')
+test(princ4, matchprinc, '0 success')
+
+success('krb5_rd_req tests')
diff --git a/krb5-1.21.3/src/tests/t_referral.py b/krb5-1.21.3/src/tests/t_referral.py
new file mode 100755
index 00000000..f427d5b6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_referral.py
@@ -0,0 +1,142 @@
+from k5test import *
+
+# Create a pair of realms, where KRBTEST1.COM can authenticate to
+# REFREALM and has a domain-realm mapping for 'd' pointing to it.
+drealm = {'domain_realm': {'d': 'REFREALM'}}
+realm, refrealm = cross_realms(2, xtgts=((0,1),),
+                               args=({'kdc_conf': drealm},
+                                     {'realm': 'REFREALM',
+                                      'create_user': False}),
+                               create_host=False)
+refrealm.addprinc('a/x.d')
+
+savefile = os.path.join(realm.testdir, 'ccache.copy')
+os.rename(realm.ccache, savefile)
+
+# Get credentials and check that we got a referral to REFREALM.
+def testref(realm, nametype):
+    shutil.copyfile(savefile, realm.ccache)
+    realm.run(['./gcred', nametype, 'a/x.d@'])
+    out = realm.run([klist]).split('\n')
+    if len(out) != 8:
+        fail('unexpected number of lines in klist output')
+    if out[5].split()[4] != 'a/x.d@' or out[6].split()[2] != 'a/x.d@REFREALM':
+        fail('unexpected service principals in klist output')
+
+# Get credentials and check that we get an error, not a referral.
+def testfail(realm, nametype):
+    shutil.copyfile(savefile, realm.ccache)
+    realm.run(['./gcred', nametype, 'a/x.d@'], expected_code=1,
+              expected_msg='not found in Kerberos database')
+
+# Create a modified KDC environment and restart the KDC.
+def restart_kdc(realm, kdc_conf):
+    env = realm.special_env('extravars', True, kdc_conf=kdc_conf)
+    realm.stop_kdc()
+    realm.start_kdc(env=env)
+
+# With no KDC configuration besides [domain_realm], we should get a
+# referral for a NT-SRV-HST or NT-SRV-INST server name, but not an
+# NT-UNKNOWN or NT-PRINCIPAL server name.
+mark('[domain-realm] only')
+testref(realm, 'srv-hst')
+testref(realm, 'srv-inst')
+testfail(realm, 'principal')
+testfail(realm, 'unknown')
+
+# With host_based_services matching the first server name component
+# ("a"), we should get a referral for an NT-UNKNOWN server name.
+# host_based_services can appear in either [kdcdefaults] or the realm
+# section, with the realm values supplementing the kdcdefaults values.
+# NT-SRV-HST server names should be unaffected by host_based_services,
+# and NT-PRINCIPAL server names shouldn't get a referral regardless.
+mark('host_based_services')
+restart_kdc(realm, {'kdcdefaults': {'host_based_services': '*'}})
+testref(realm, 'unknown')
+testfail(realm, 'principal')
+restart_kdc(realm, {'kdcdefaults': {'host_based_services': ['b', 'a,c']}})
+testref(realm, 'unknown')
+restart_kdc(realm, {'realms': {'$realm': {'host_based_services': 'a b c'}}})
+testref(realm, 'unknown')
+restart_kdc(realm, {'kdcdefaults': {'host_based_services': 'a'},
+                    'realms': {'$realm': {'host_based_services': 'b c'}}})
+testref(realm, 'unknown')
+restart_kdc(realm, {'kdcdefaults': {'host_based_services': 'b,c'},
+                    'realms': {'$realm': {'host_based_services': 'a,b'}}})
+testref(realm, 'unknown')
+restart_kdc(realm, {'kdcdefaults': {'host_based_services': 'b,c'}})
+testfail(realm, 'unknown')
+testref(realm, 'srv-hst')
+
+# With no_host_referrals matching the first server name component, we
+# should not get a referral even for NT-SRV-HOST server names
+mark('no_host_referral')
+restart_kdc(realm, {'kdcdefaults': {'no_host_referral': '*'}})
+testfail(realm, 'srv-hst')
+restart_kdc(realm, {'kdcdefaults': {'no_host_referral': ['b', 'a,c']}})
+testfail(realm, 'srv-hst')
+restart_kdc(realm, {'realms': {'$realm': {'no_host_referral': 'a b c'}}})
+testfail(realm, 'srv-hst')
+restart_kdc(realm, {'kdcdefaults': {'no_host_referral': 'a'},
+                    'realms': {'$realm': {'no_host_referral': 'b c'}}})
+testfail(realm, 'srv-hst')
+restart_kdc(realm, {'kdcdefaults': {'no_host_referral': 'b,c'},
+                    'realms': {'$realm': {'no_host_referral': 'a,b'}}})
+testfail(realm, 'srv-hst')
+restart_kdc(realm, {'kdcdefaults': {'no_host_referral': 'b,c'}})
+testref(realm, 'srv-hst')
+
+# no_host_referrals should override host_based_services for NT-UNKNWON
+# server names.
+restart_kdc(realm, {'kdcdefaults': {'no_host_referral': '*',
+                                    'host_based_services': '*'}})
+testfail(realm, 'unknown')
+
+realm.stop()
+refrealm.stop()
+
+# Regression test for #7483: a KDC should not return a host referral
+# to its own realm.
+mark('#7483 regression test')
+drealm = {'domain_realm': {'d': 'KRBTEST.COM'}}
+realm = K5Realm(kdc_conf=drealm, create_host=False)
+out, trace = realm.run(['./gcred', 'srv-hst', 'a/x.d@'], expected_code=1,
+                       return_trace=True)
+if 'back to same realm' in trace:
+    fail('KDC returned referral to service realm')
+realm.stop()
+
+# Test client referrals.  Use the test KDB module for KRBTEST1.COM to
+# simulate referrals since our built-in modules do not support them.
+# No cross-realm TGTs are necessary.
+mark('client referrals')
+kdcconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'alias': {'user': '@KRBTEST2.COM',
+                                            'abc@XYZ': '@KRBTEST2.COM'}}}}
+r1, r2 = cross_realms(2, xtgts=(),
+                      args=({'kdc_conf': kdcconf, 'create_kdb': False}, None),
+                      create_host=False)
+r2.addprinc('abc\\@XYZ', 'pw')
+r1.start_kdc()
+r1.kinit('user', expected_code=1,
+         expected_msg='not found in Kerberos database')
+r1.kinit('user', password('user'), ['-C'])
+r1.klist('user@KRBTEST2.COM', 'krbtgt/KRBTEST2.COM')
+r1.kinit('abc@XYZ', 'pw', ['-E'])
+r1.klist('abc\\@XYZ@KRBTEST2.COM', 'krbtgt/KRBTEST2.COM')
+
+# Test that disable_encrypted_timestamp persists across client
+# referrals.  (This test relies on SPAKE not being enabled by default
+# on the KDC.)
+r2.run([kadminl, 'modprinc', '+preauth', 'user'])
+msgs = ('Encrypted timestamp (for ')
+r1.kinit('user', password('user'), ['-C'], expected_trace=msgs)
+dconf = {'realms': {'$realm': {'disable_encrypted_timestamp': 'true'}}}
+denv = r1.special_env('disable_encts', False, krb5_conf=dconf)
+msgs = ('Ignoring encrypted timestamp because it is disabled',
+        '/Encrypted timestamp is disabled')
+r1.kinit('user', None, ['-C'], env=denv, expected_code=1, expected_trace=msgs,
+         expected_msg='Encrypted timestamp is disabled')
+
+success('KDC host referral tests')
diff --git a/krb5-1.21.3/src/tests/t_renew.py b/krb5-1.21.3/src/tests/t_renew.py
new file mode 100755
index 00000000..9f22bab8
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_renew.py
@@ -0,0 +1,122 @@
+from k5test import *
+from datetime import datetime
+import re
+
+conf = {'realms': {'$realm': {'max_life': '20h', 'max_renewable_life': '20h'}}}
+realm = K5Realm(create_host=False, get_creds=False, kdc_conf=conf)
+
+# We will be scraping timestamps from klist to compute lifetimes, so
+# use a time zone with no daylight savings time.
+realm.env['TZ'] = 'UTC'
+
+def test(testname, life, rlife, exp_life, exp_rlife, env=None):
+    global realm
+    flags = ['-l', life]
+    if rlife is not None:
+        flags += ['-r', rlife]
+    realm.kinit(realm.user_princ, password('user'), flags=flags, env=env)
+    out = realm.run([klist, '-f'])
+
+    if ('Default principal: %s\n' % realm.user_princ) not in out:
+        fail('%s: did not get tickets' % testname)
+
+    # Extract flags and check the renewable flag against expectations.
+    flags = re.findall(r'Flags: ([a-zA-Z]*)', out)[0]
+    if exp_rlife is None and 'R' in flags:
+        fail('%s: ticket unexpectedly renewable' % testname)
+    if exp_rlife is not None and 'R' not in flags:
+        fail('%s: ticket unexpectedly non-renewable' % testname)
+
+    # Extract the start time, end time, and renewable end time if present.
+    times = re.findall(r'\d\d/\d\d/\d\d \d\d:\d\d:\d\d', out)
+    times = [datetime.strptime(t, '%m/%d/%y %H:%M:%S') for t in times]
+    starttime = times[0]
+    endtime = times[1]
+    rtime = times[2] if len(times) >= 3 else None
+
+    # Check the ticket lifetime against expectations.  If the lifetime
+    # was determined by the request, there may be a small error
+    # because KDC requests contain an end time rather than a lifetime.
+    life = (endtime - starttime).seconds
+    if abs(life - exp_life) > 5:
+        fail('%s: expected life %d, got %d' % (testname, exp_life, life))
+
+    # Check the ticket renewable lifetime against expectations.
+    if exp_rlife is None and rtime is not None:
+        fail('%s: ticket has unexpected renew_till' % testname)
+    if exp_rlife is not None and rtime is None:
+        fail('%s: ticket is renewable but has no renew_till' % testname)
+    if rtime is not None:
+        rlife = (rtime - starttime).seconds
+        if abs(rlife - exp_rlife) > 5:
+            fail('%s: expected rlife %d, got %d' %
+                 (testname, exp_rlife, rlife))
+
+# Get renewable tickets.
+test('simple', '1h', '2h', 3600, 7200)
+
+# Renew twice, to test that renewed tickets are renewable.
+mark('renew twice')
+realm.kinit(realm.user_princ, flags=['-R'])
+realm.kinit(realm.user_princ, flags=['-R'])
+realm.klist(realm.user_princ)
+
+# Make sure we can use a renewed ticket.
+realm.run([kvno, realm.user_princ])
+
+# Make sure we can't renew non-renewable tickets.
+mark('non-renewable')
+test('non-renewable', '1h', None, 3600, None)
+realm.kinit(realm.user_princ, flags=['-R'], expected_code=1,
+            expected_msg="KDC can't fulfill requested option")
+
+# Test that -allow_renewable on the client principal works.
+mark('allow_renewable (client)')
+realm.run([kadminl, 'modprinc', '-allow_renewable', 'user'])
+test('disallowed client', '1h', '2h', 3600, None)
+realm.run([kadminl, 'modprinc', '+allow_renewable', 'user'])
+
+# Test that -allow_renewable on the server principal works.
+mark('allow_renewable (server)')
+realm.run([kadminl, 'modprinc', '-allow_renewable',  realm.krbtgt_princ])
+test('disallowed server', '1h', '2h', 3600, None)
+realm.run([kadminl, 'modprinc', '+allow_renewable', realm.krbtgt_princ])
+
+# Test that trivially renewable tickets are issued if renew_till <=
+# till.  (Our client code bumps up the requested renewable life to the
+# requested life.)
+mark('trivially renewable')
+test('short', '2h', '1h', 7200, 7200)
+
+# Test that renewable tickets are issued if till > max life by
+# default, but not if we configure away the RENEWABLE-OK option.
+mark('renewable-ok')
+no_opts_conf = {'libdefaults': {'kdc_default_options': '0'}}
+no_opts = realm.special_env('no_opts', False, krb5_conf=no_opts_conf)
+realm.run([kadminl, 'modprinc', '-maxlife', '10 hours', 'user'])
+test('long', '15h', None, 10 * 3600, 15 * 3600)
+test('long noopts', '15h', None, 10 * 3600, None, env=no_opts)
+realm.run([kadminl, 'modprinc', '-maxlife', '20 hours', 'user'])
+
+# Test maximum renewable life on the client principal.
+mark('maxrenewlife (client)')
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '5 hours', 'user'])
+test('maxrenewlife client 1', '4h', '5h', 4 * 3600, 5 * 3600)
+test('maxrenewlife client 2', '6h', '10h', 6 * 3600, 5 * 3600)
+
+# Test maximum renewable life on the server principal.
+mark('maxrenewlife (server)')
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '3 hours',
+           realm.krbtgt_princ])
+test('maxrenewlife server 1', '2h', '3h', 2 * 3600, 3 * 3600)
+test('maxrenewlife server 2', '4h', '8h', 4 * 3600, 3 * 3600)
+
+# Test realm maximum life.
+mark('realm maximum life')
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '40 hours', 'user'])
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '40 hours',
+           realm.krbtgt_princ])
+test('maxrenewlife realm 1', '10h', '20h', 10 * 3600, 20 * 3600)
+test('maxrenewlife realm 2', '21h', '40h', 20 * 3600, 20 * 3600)
+
+success('Renewing credentials')
diff --git a/krb5-1.21.3/src/tests/t_renprinc.py b/krb5-1.21.3/src/tests/t_renprinc.py
new file mode 100755
index 00000000..3dbb3e77
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_renprinc.py
@@ -0,0 +1,45 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+enctype = "aes128-cts"
+
+realm = K5Realm(create_host=False, create_user=False)
+salttypes = ('normal', 'norealm', 'onlyrealm')
+
+# For a variety of salt types, test that we can rename a principal and
+# still get tickets with the same password.
+for st in salttypes:
+    realm.run([kadminl, 'addprinc', '-e', enctype + ':' + st,
+               '-pw', password(st), st])
+    realm.kinit(st, password(st))
+    newprinc = 'new' + st
+    realm.run([kadminl, 'renprinc', st, newprinc])
+    realm.kinit(newprinc, password(st))
+
+# Rename the normal salt again to test renaming a principal with
+# special salt type (which it will have after the first rename).
+realm.run([kadminl, 'renprinc', 'newnormal', 'newnormal2'])
+realm.kinit('newnormal2', password('normal'))
+
+success('Principal renaming tests')
diff --git a/krb5-1.21.3/src/tests/t_replay.py b/krb5-1.21.3/src/tests/t_replay.py
new file mode 100644
index 00000000..6ad58fe1
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_replay.py
@@ -0,0 +1,6 @@
+from k5test import *
+
+realm = K5Realm()
+realm.run(['./replay', realm.host_princ])
+
+success('Replay tests')
diff --git a/krb5-1.21.3/src/tests/t_salt.py b/krb5-1.21.3/src/tests/t_salt.py
new file mode 100755
index 00000000..65084bbf
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_salt.py
@@ -0,0 +1,55 @@
+from k5test import *
+import re
+
+realm = K5Realm(create_user=False)
+
+# Check that a non-default salt type applies only to the key it is
+# matched with and not to subsequent keys.  e1 and e2 are enctypes,
+# and salt is a non-default salt type.
+def test_salt(realm, e1, salt, e2):
+    keysalts = e1 + ':' + salt + ',' + e2
+    realm.run([kadminl, 'ank', '-e', keysalts, '-pw', 'password', 'user'])
+    out = realm.run([kadminl, 'getprinc', 'user'])
+    if len(re.findall(':' + salt, out)) != 1:
+        fail(salt + ' present in second enctype or not present')
+    realm.run([kadminl, 'delprinc', 'user'])
+
+# Enctype/salt pairs chosen with non-default salt types.
+# The enctypes are mostly arbitrary.
+salts = [('des3-cbc-sha1', 'norealm'),
+         ('arcfour-hmac', 'onlyrealm'),
+         ('aes128-cts-hmac-sha1-96', 'special')]
+# These enctypes are chosen to cover the different string-to-key routines.
+# Omit ":normal" from aes256 to check that salttype defaulting works.
+second_kstypes = ['aes256-cts-hmac-sha1-96', 'arcfour-hmac:normal',
+                  'des3-cbc-sha1:normal']
+
+# Test using different salt types in a principal's key list.
+# Parameters from one key in the list must not leak over to later ones.
+for e1, string in salts:
+    for e2 in second_kstypes:
+        test_salt(realm, e1, string, e2)
+
+def test_dup(realm, ks):
+    realm.run([kadminl, 'ank', '-e', ks, '-pw', 'password', 'ks_princ'])
+    out = realm.run([kadminl, 'getprinc', 'ks_princ'])
+    lines = out.split('\n')
+    keys = [l for l in lines if 'Key: ' in l]
+    uniq = set(keys)
+    # 'Key:' matches 'MKey:' as well so len(keys) has one extra
+    if (len(uniq) != len(keys)) or len(keys) > len(ks.split(',')):
+        fail('Duplicate keysalt detection failed for keysalt ' + ks)
+    realm.run([kadminl, 'delprinc', 'ks_princ'])
+
+# All in-tree callers request duplicate suppression from
+# krb5_string_to_keysalts(); we should check that it works, respects
+# aliases, and doesn't result in an infinite loop.
+dup_kstypes = ['arcfour-hmac-md5:normal,rc4-hmac:normal',
+               'aes256-cts-hmac-sha1-96:normal,aes128-cts,aes256-cts',
+               'aes256-cts-hmac-sha1-96:normal,aes256-cts:special,' +
+               'aes256-cts-hmac-sha1-96:normal']
+
+for ks in dup_kstypes:
+    test_dup(realm, ks)
+
+success("Salt types")
diff --git a/krb5-1.21.3/src/tests/t_sesskeynego.py b/krb5-1.21.3/src/tests/t_sesskeynego.py
new file mode 100755
index 00000000..5a213617
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_sesskeynego.py
@@ -0,0 +1,94 @@
+from k5test import *
+import re
+
+# Run "kvno server" with a fresh set of client tickets, then check that the
+# enctypes in the service ticket match the expected values.
+etypes_re = re.compile(r'server@[^\n]+\n\tEtype \(skey, tkt\): '
+                       r'([^,]+), ([^\s]+)')
+def test_kvno(realm, expected_skey, expected_tkt):
+    realm.kinit(realm.user_princ, password('user'))
+    realm.run([kvno, 'server'])
+    output = realm.run([klist, '-e'])
+    m = etypes_re.search(output)
+    if not m:
+        fail('could not parse etypes from klist -e output')
+    skey, tkt = m.groups()
+    if skey != expected_skey:
+        fail('got session key type %s, expected %s' % (skey, expected_skey))
+    if tkt != expected_tkt:
+        fail('got ticket key type %s, expected %s' % (tkt, expected_tkt))
+
+conf1 = {'libdefaults': {'default_tgs_enctypes': 'aes128-cts,aes256-cts'}}
+conf2 = {'libdefaults': {'default_tgs_enctypes': 'aes256-cts,aes128-cts'}}
+conf3 = {'libdefaults': {
+        'allow_weak_crypto': 'true',
+        'default_tkt_enctypes': 'aes128-cts',
+        'default_tgs_enctypes': 'rc4-hmac,aes128-cts'}}
+conf4 = {'libdefaults': {'permitted_enctypes': 'aes256-cts'}}
+conf5 = {'libdefaults': {'allow_rc4': 'true'}}
+conf6 = {'libdefaults': {'allow_des3': 'true'}}
+# Test with client request and session_enctypes preferring aes128, but
+# aes256 long-term key.
+realm = K5Realm(krb5_conf=conf1, create_host=False, get_creds=False)
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
+realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
+           'aes128-cts,aes256-cts'])
+test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
+realm.stop()
+
+# Second go, almost same as first, but resulting session key must be aes256
+# because of the difference in default_tgs_enctypes order.  This tests that
+# session_enctypes doesn't change the order in which we negotiate.
+realm = K5Realm(krb5_conf=conf2, create_host=False, get_creds=False)
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
+realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
+           'aes128-cts,aes256-cts'])
+test_kvno(realm, 'aes256-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
+realm.stop()
+
+# Next we use conf3 and try various things.
+realm = K5Realm(krb5_conf=conf3, create_host=False, get_creds=False)
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts:normal',
+           'server'])
+
+# 3a: Negotiate aes128 session key when principal only has aes256 long-term.
+realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
+           'aes128-cts,aes256-cts'])
+test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
+
+# 3b: Skip RC4 (as the KDC does not allow it for session keys by
+# default) and negotiate aes128-cts session key, with only an aes256
+# long-term service key.
+realm.run([kadminl, 'setstr', 'server', 'session_enctypes',
+           'rc4-hmac,aes128-cts,aes256-cts'])
+test_kvno(realm, 'aes128-cts-hmac-sha1-96', 'aes256-cts-hmac-sha1-96')
+realm.stop()
+
+# 4: Check that permitted_enctypes is a default for session key enctypes.
+realm = K5Realm(krb5_conf=conf4, create_host=False, get_creds=False)
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, 'user'],
+          expected_trace=('etypes requested in TGS request: aes256-cts',))
+realm.stop()
+
+# 5: allow_rc4 permits negotiation of rc4-hmac session key.
+realm = K5Realm(krb5_conf=conf5, create_host=False, get_creds=False)
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
+realm.run([kadminl, 'setstr', 'server', 'session_enctypes', 'rc4-hmac'])
+test_kvno(realm, 'DEPRECATED:arcfour-hmac', 'aes256-cts-hmac-sha1-96')
+realm.stop()
+
+# 6: allow_des3 permits negotiation of des3-cbc-sha1 session key.
+realm = K5Realm(krb5_conf=conf6, create_host=False, get_creds=False)
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'aes256-cts', 'server'])
+realm.run([kadminl, 'setstr', 'server', 'session_enctypes', 'des3-cbc-sha1'])
+test_kvno(realm, 'DEPRECATED:des3-cbc-sha1', 'aes256-cts-hmac-sha1-96')
+realm.stop()
+
+# 7: default config negotiates aes256-sha1 session key for RC4-only service.
+realm = K5Realm(create_host=False, get_creds=False)
+realm.run([kadminl, 'addprinc', '-randkey', '-e', 'rc4-hmac', 'server'])
+test_kvno(realm, 'aes256-cts-hmac-sha1-96', 'DEPRECATED:arcfour-hmac')
+realm.stop()
+
+success('sesskeynego')
diff --git a/krb5-1.21.3/src/tests/t_skew.py b/krb5-1.21.3/src/tests/t_skew.py
new file mode 100755
index 00000000..ed40edec
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_skew.py
@@ -0,0 +1,55 @@
+from k5test import *
+
+# Create a realm with the KDC one hour in the past.
+realm = K5Realm(start_kdc=False)
+realm.start_kdc(['-T', '-3600'])
+
+# kinit (no preauth) should work, and should set a clock skew allowing
+# kvno to work, with or without FAST.
+mark('kdc_timesync enabled, no preauth')
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, realm.host_princ])
+realm.kinit(realm.user_princ, password('user'), flags=['-T', realm.ccache])
+realm.run([kvno, realm.host_princ])
+realm.run([kdestroy])
+
+# kinit (with preauth) should work, with or without FAST.
+mark('kdc_timesync enabled, with preauth')
+realm.run([kadminl, 'modprinc', '+requires_preauth', 'user'])
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, realm.host_princ])
+realm.kinit(realm.user_princ, password('user'), flags=['-T', realm.ccache])
+realm.run([kvno, realm.host_princ])
+realm.run([kdestroy])
+
+realm.stop()
+
+# Repeat the above tests with kdc_timesync disabled.
+conf = {'libdefaults': {'kdc_timesync': '0'}}
+realm = K5Realm(start_kdc=False, krb5_conf=conf)
+realm.start_kdc(['-T', '-3600'])
+
+# Get tickets to use for FAST kinit tests.  The start time offset is
+# ignored by the KDC since we aren't getting postdatable tickets, but
+# serves to suppress the client clock skew check on the KDC reply.
+fast_cache = realm.ccache + '.fast'
+realm.kinit(realm.user_princ, password('user'),
+            flags=['-s', '-3600s', '-c', fast_cache])
+
+# kinit should detect too much skew in the KDC response.  kinit with
+# FAST should fail from the KDC since the armor AP-REQ won't be valid.
+mark('KDC timesync disabled, no preauth')
+realm.kinit(realm.user_princ, password('user'), expected_code=1,
+            expected_msg='Clock skew too great in KDC reply')
+realm.kinit(realm.user_princ, None, flags=['-T', fast_cache], expected_code=1,
+            expected_msg='Clock skew too great while')
+
+# kinit (with preauth) should fail from the KDC, with or without FAST.
+mark('KDC timesync disabled, with preauth')
+realm.run([kadminl, 'modprinc', '+requires_preauth', 'user'])
+realm.kinit(realm.user_princ, password('user'), expected_code=1,
+            expected_msg='Clock skew too great while')
+realm.kinit(realm.user_princ, None, flags=['-T', fast_cache], expected_code=1,
+            expected_msg='Clock skew too great while')
+
+success('Clock skew tests')
diff --git a/krb5-1.21.3/src/tests/t_sn2princ.py b/krb5-1.21.3/src/tests/t_sn2princ.py
new file mode 100755
index 00000000..0b63dbec
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_sn2princ.py
@@ -0,0 +1,167 @@
+from k5test import *
+
+offline = (len(args) > 0 and args[0] != "no")
+
+conf = {'libdefaults': {'dns_canonicalize_hostname': 'true'},
+        'domain_realm': {'kerberos.org': 'R1',
+                         'example.com': 'R2',
+                         'mit.edu': 'R3'}}
+no_rdns_conf = {'libdefaults': {'rdns': 'false'}}
+no_canon_conf = {'libdefaults': {'dns_canonicalize_hostname': 'false',
+                                 'qualify_shortname': 'example.com'}}
+fallback_canon_conf = {'libdefaults':
+                       {'rdns': 'false',
+                        'dns_canonicalize_hostname': 'fallback'}}
+
+realm = K5Realm(realm='R1', create_host=False, krb5_conf=conf)
+no_rdns = realm.special_env('no_rdns', False, krb5_conf=no_rdns_conf)
+no_canon = realm.special_env('no_canon', False, krb5_conf=no_canon_conf)
+fallback_canon = realm.special_env('fallback_canon', False,
+                                   krb5_conf=fallback_canon_conf)
+
+def testbase(host, nametype, princhost, princrealm, env=None):
+    # Run the sn2princ harness with a specified host and name type and
+    # the fixed service string 'svc', and compare the result to the
+    # expected hostname and realm part.
+    out = realm.run(['./s2p', host, 'SVC', nametype], env=env).rstrip()
+    expected = 'SVC/%s@%s' % (princhost, princrealm)
+    if out != expected:
+        fail('Expected %s, got %s' % (expected, out))
+
+def test(host, princhost, princrealm):
+    # Test with the host-based name type with canonicalization enabled.
+    testbase(host, 'srv-hst', princhost, princrealm)
+
+def testnc(host, princhost, princrealm):
+    # Test with the host-based name type with canonicalization disabled.
+    testbase(host, 'srv-hst', princhost, princrealm, env=no_canon)
+
+def testnr(host, princhost, princrealm):
+    # Test with the host-based name type with reverse lookup disabled.
+    testbase(host, 'srv-hst', princhost, princrealm, env=no_rdns)
+
+def testu(host, princhost, princrealm):
+    # Test with the unknown name type.
+    testbase(host, 'unknown', princhost, princrealm)
+
+def testfc(host, princhost, princrealm):
+    # Test with the host-based name type with canonicalization fallback.
+    testbase(host, 'srv-hst', princhost, princrealm, env=fallback_canon)
+
+# With the unknown principal type, we do not canonicalize or downcase,
+# but we do remove a trailing period and look up the realm.
+mark('unknown type')
+testu('ptr-mismatch.kerberos.org', 'ptr-mismatch.kerberos.org', 'R1')
+testu('Example.COM', 'Example.COM', 'R2')
+testu('abcde', 'abcde', '')
+
+# A ':port' or ':instance' trailer should be ignored for realm lookup.
+# If there is more than one colon in the name, we assume it's an IPv6
+# address and don't treat it as having a trailer.
+mark('port trailer')
+testu('example.com.:123', 'example.com.:123', 'R2')
+testu('Example.COM:xyZ', 'Example.COM:xyZ', 'R2')
+testu('example.com.::123', 'example.com.::123', '')
+
+# With dns_canonicalize_hostname=false, we downcase and remove
+# trailing dots but do not canonicalize the hostname.
+# Single-component names are qualified with the configured suffix
+# (defaulting to the first OS search domain, but Python cannot easily
+# retrieve that value so we don't test it).  Trailers do not get
+# downcased.
+mark('dns_canonicalize_host=false')
+testnc('ptr-mismatch.kerberos.org', 'ptr-mismatch.kerberos.org', 'R1')
+testnc('Example.COM', 'example.com', 'R2')
+testnc('abcde', 'abcde.example.com', 'R2')
+testnc('example.com.:123', 'example.com:123', 'R2')
+testnc('Example.COM:xyZ', 'example.com:xyZ', 'R2')
+testnc('example.com.::123', 'example.com.::123', '')
+
+if offline:
+    skip_rest('sn2princ tests', 'offline mode requested')
+
+# For the online tests, we rely on ptr-mismatch.kerberos.org forward
+# and reverse resolving to these names.
+oname = 'ptr-mismatch.kerberos.org'
+fname = 'www.kerberos.org'
+
+# Test fallback canonicalization krb5_sname_to_principal() results.
+mark('dns_canonicalize_host=fallback')
+testfc(oname, oname, '')
+
+# Verify forward resolution before testing for it.
+try:
+    ai = socket.getaddrinfo(oname, None, 0, 0, 0, socket.AI_CANONNAME)
+except socket.gaierror:
+    skip_rest('sn2princ tests', 'cannot forward resolve %s' % oname)
+(family, socktype, proto, canonname, sockaddr) = ai[0]
+if canonname.lower() != fname:
+    skip_rest('sn2princ tests',
+              '%s forward resolves to %s, not %s' % (oname, canonname, fname))
+
+# Test fallback canonicalization in krb5_get_credentials().
+oprinc = 'host/' + oname
+fprinc = 'host/' + fname
+shutil.copy(realm.ccache, realm.ccache + '.save')
+# Test that we only try fprinc once if we enter it as input.
+out, trace = realm.run(['./gcred', 'srv-hst', fprinc + '@'],
+                       env=fallback_canon, expected_code=1, return_trace=True)
+msg = 'Requesting tickets for %s@R1, referrals on' % fprinc
+if trace.count(msg) != 1:
+    fail('Expected one try for %s' % fprinc)
+# Create fprinc, and verify that we get it as the canonicalized
+# fallback for oprinc.
+realm.addprinc(fprinc)
+msgs = ('Getting credentials user@R1 -> %s@ using' % oprinc,
+        'Requesting tickets for %s@R1' % oprinc,
+        'Requesting tickets for %s@R1' % fprinc,
+        'Received creds for desired service %s@R1' % fprinc)
+realm.run(['./gcred', 'srv-hst', oprinc + '@'], env=fallback_canon,
+          expected_msg=fprinc, expected_trace=msgs)
+realm.addprinc(oprinc)
+# oprinc now exists, but we still get the fprinc ticket from the cache.
+realm.run(['./gcred', 'srv-hst', oprinc + '@'], env=fallback_canon,
+          expected_msg=fprinc)
+# Without the cached result, we should get oprinc in preference to fprinc.
+os.rename(realm.ccache + '.save', realm.ccache)
+realm.run(['./gcred', 'srv-hst', oprinc], env=fallback_canon,
+          expected_msg=oprinc)
+
+# Test fallback canonicalization for krb5_rd_req().
+realm.run([kadminl, 'ktadd', fprinc])
+msgs = ('Decrypted AP-REQ with server principal %s@R1' % fprinc,
+        'AP-REQ ticket: user@R1 -> %s@R1' % fprinc)
+realm.run(['./rdreq', fprinc, oprinc + '@'], env=fallback_canon,
+          expected_trace=msgs)
+
+# Test fallback canonicalization for getting initial creds with a keytab.
+msgs = ('Getting initial credentials for %s@' % oprinc,
+        'Found entries for %s@R1 in keytab' % fprinc,
+        'Retrieving %s@R1 from ' % fprinc)
+realm.run(['./icred', '-k', realm.keytab, '-S', 'host', oname],
+          env=fallback_canon, expected_trace=msgs)
+
+# Test forward-only canonicalization (rdns=false).
+mark('rdns=false')
+testnr(oname, fname, 'R1')
+testnr(oname + ':123', fname + ':123', 'R1')
+testnr(oname + ':xyZ', fname + ':xyZ', 'R1')
+
+# Verify reverse resolution before testing for it.
+try:
+    names = socket.getnameinfo(sockaddr, socket.NI_NAMEREQD)
+except socket.gaierror:
+    skip_rest('reverse sn2princ tests', 'cannot reverse resolve %s' % oname)
+rname = names[0].lower()
+if rname == fname:
+    skip_rest('reverse sn2princ tests',
+              '%s reverse resolves to %s '
+              'which should be different from %s' % (oname, rname, fname))
+
+# Test default canonicalization (forward and reverse lookup).
+mark('default')
+test(oname, rname, 'R3')
+test(oname + ':123', rname + ':123', 'R3')
+test(oname + ':xyZ', rname + ':xyZ', 'R3')
+
+success('krb5_sname_to_principal tests')
diff --git a/krb5-1.21.3/src/tests/t_spake.py b/krb5-1.21.3/src/tests/t_spake.py
new file mode 100644
index 00000000..f0afefb6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_spake.py
@@ -0,0 +1,149 @@
+from k5test import *
+
+# The name and number of each supported SPAKE group.
+builtin_groups = ((1, 'edwards25519'),)
+openssl_groups = ((2, 'P-256'), (3, 'P-384'), (4, 'P-521'))
+if runenv.have_spake_openssl == 'yes':
+    groups = builtin_groups + openssl_groups
+else:
+    groups = builtin_groups
+
+for gnum, gname in groups:
+    mark('group %s' % gname)
+    conf = {'libdefaults': {'spake_preauth_groups': gname}}
+    for realm in multipass_realms(create_user=False, create_host=False,
+                                  krb5_conf=conf):
+        realm.run([kadminl, 'addprinc', '+preauth', '-pw', 'pw', 'user'])
+
+        # Test a basic SPAKE preauth scenario with no optimizations.
+        msgs = ('Sending unauthenticated request',
+                '/Additional pre-authentication required',
+                'Selected etype info:',
+                'Sending SPAKE support message',
+                'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+                '/More preauthentication data is required',
+                'Continuing preauth mech PA-SPAKE (151)',
+                'SPAKE challenge received with group ' + str(gnum),
+                'Sending SPAKE response',
+                'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+                'AS key determined by preauth:',
+                'Decrypted AS reply')
+        realm.kinit('user', 'pw', expected_trace=msgs)
+
+        # Test an unsuccessful authentication.
+        msgs = ('/Additional pre-authentication required',
+                'Selected etype info:',
+                'Sending SPAKE support message',
+                'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+                '/More preauthentication data is required',
+                'Continuing preauth mech PA-SPAKE (151)',
+                'SPAKE challenge received with group ' + str(gnum),
+                'Sending SPAKE response',
+                '/Preauthentication failed')
+        realm.kinit('user', 'wrongpw', expected_code=1, expected_trace=msgs)
+
+conf = {'libdefaults': {'spake_preauth_groups': 'edwards25519'}}
+kdcconf = {'realms': {'$realm': {'spake_preauth_indicator': 'indspake'}}}
+realm = K5Realm(create_user=False, krb5_conf=conf, kdc_conf=kdcconf)
+realm.run([kadminl, 'addprinc', '+preauth', '-pw', 'pw', 'user'])
+
+# Test with FAST.
+mark('FAST')
+msgs = ('Using FAST due to armor ccache negotiation',
+        'FAST armor key:',
+        'Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Decoding FAST response',
+        'Selected etype info:',
+        'Sending SPAKE support message',
+        'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+        '/More preauthentication data is required',
+        'Continuing preauth mech PA-SPAKE (151)',
+        'SPAKE challenge received with group 1',
+        'Sending SPAKE response',
+        'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+        'AS key determined by preauth:',
+        'FAST reply key:')
+realm.kinit(realm.host_princ, flags=['-k'])
+realm.kinit('user', 'pw', flags=['-T', realm.ccache], expected_trace=msgs)
+
+# Test optimistic client preauth (151 is PA-SPAKE).
+mark('client optimistic')
+msgs = ('Attempting optimistic preauth',
+        'Processing preauth types: PA-SPAKE (151)',
+        'Sending SPAKE support message',
+        'for next request: PA-SPAKE (151)',
+        '/More preauthentication data is required',
+        'Selected etype info:',
+        'SPAKE challenge received with group 1',
+        'Sending SPAKE response',
+        'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+        'AS key determined by preauth:',
+        'Decrypted AS reply')
+realm.run(['./icred', '-o', '151', 'user', 'pw'], expected_trace=msgs)
+
+# Test KDC optimistic challenge (accepted by client).
+mark('KDC optimistic')
+oconf = {'kdcdefaults': {'spake_preauth_kdc_challenge': 'edwards25519'}}
+oenv = realm.special_env('ochal', True, krb5_conf=oconf)
+realm.stop_kdc()
+realm.start_kdc(env=oenv)
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Selected etype info:',
+        'SPAKE challenge received with group 1',
+        'Sending SPAKE response',
+        'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+        'AS key determined by preauth:',
+        'Decrypted AS reply')
+realm.kinit('user', 'pw', expected_trace=msgs)
+
+if runenv.have_spake_openssl != 'yes':
+    skip_rest('SPAKE fallback tests', 'SPAKE not built using OpenSSL')
+
+# Test optimistic client preauth falling back to encrypted timestamp
+# because the KDC doesn't support any of the client groups.
+mark('client optimistic (fallback)')
+p256conf={'libdefaults': {'spake_preauth_groups': 'P-256'}}
+p256env = realm.special_env('p256', False, krb5_conf=p256conf)
+msgs = ('Attempting optimistic preauth',
+        'Processing preauth types: PA-SPAKE (151)',
+        'Sending SPAKE support message',
+        'for next request: PA-SPAKE (151)',
+        '/Preauthentication failed',
+        'Selected etype info:',
+        'Encrypted timestamp ',
+        'for next request: PA-FX-COOKIE (133), PA-ENC-TIMESTAMP (2)',
+        'AS key determined by preauth:',
+        'Decrypted AS reply')
+realm.run(['./icred', '-o', '151', 'user', 'pw'], env=p256env,
+          expected_trace=msgs)
+
+# Test KDC optimistic challenge (rejected by client).
+mark('KDC optimistic (rejected)')
+rconf = {'libdefaults': {'spake_preauth_groups': 'P-384,edwards25519'},
+         'kdcdefaults': {'spake_preauth_kdc_challenge': 'P-384'}}
+renv = realm.special_env('ochal', True, krb5_conf=rconf)
+realm.stop_kdc()
+realm.start_kdc(env=renv)
+msgs = ('Sending unauthenticated request',
+        '/Additional pre-authentication required',
+        'Selected etype info:',
+        'SPAKE challenge with group 3 rejected',
+        'Sending SPAKE support message',
+        'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+        '/More preauthentication data is required',
+        'Continuing preauth mech PA-SPAKE (151)',
+        'SPAKE challenge received with group 1',
+        'Sending SPAKE response',
+        'for next request: PA-FX-COOKIE (133), PA-SPAKE (151)',
+        'AS key determined by preauth:',
+        'Decrypted AS reply')
+realm.kinit('user', 'pw', expected_trace=msgs)
+
+# Check that the auth indicator for SPAKE is properly included by the KDC.
+mark('auth indicator')
+realm.run([kvno, realm.host_princ])
+realm.run(['./adata', realm.host_princ], expected_msg='+97: [indspake]')
+
+success('SPAKE pre-authentication tests')
diff --git a/krb5-1.21.3/src/tests/t_stringattr.py b/krb5-1.21.3/src/tests/t_stringattr.py
new file mode 100755
index 00000000..c2dc348e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_stringattr.py
@@ -0,0 +1,41 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+from k5test import *
+
+realm = K5Realm(start_kadmind=True, create_host=False, get_creds=False)
+
+realm.prep_kadmin()
+
+realm.run_kadmin(['getstrs', 'user'], expected_msg='(No string attributes.)')
+
+realm.run_kadmin(['setstr', 'user', 'attr1', 'value1'])
+realm.run_kadmin(['setstr', 'user', 'attr2', 'value2'])
+realm.run_kadmin(['delstr', 'user', 'attr1'])
+realm.run_kadmin(['setstr', 'user', 'attr3', 'value3'])
+
+out = realm.run_kadmin(['getstrs', 'user'])
+if ('attr2: value2' not in out or 'attr3: value3' not in out or
+    'attr1:' in out):
+    fail('Final attribute query')
+
+success('KDB string attributes')
diff --git a/krb5-1.21.3/src/tests/t_tabdump.py b/krb5-1.21.3/src/tests/t_tabdump.py
new file mode 100755
index 00000000..49531bf4
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_tabdump.py
@@ -0,0 +1,80 @@
+from k5test import *
+
+import csv
+from io import StringIO
+
+def tab_csv(s):
+    io = StringIO(s)
+    return list(csv.DictReader(io, dialect=csv.excel_tab))
+
+
+def getrows(dumptype):
+    out = realm.run([kdb5_util, 'tabdump', dumptype])
+    return tab_csv(out)
+
+
+def checkkeys(rows, dumptype, names):
+    if sorted(rows[0].keys()) != sorted(names):
+        fail('tabdump %s field names' % dumptype)
+
+
+realm = K5Realm(start_kdc=False, get_creds=False)
+
+
+rows = getrows('keyinfo')
+checkkeys(rows, 'keyinfo',
+          ["name", "keyindex", "kvno", "enctype", "salttype", "salt"])
+
+userrows = [x for x in rows if x['name'].startswith('user@')]
+userrows.sort(key=lambda x: x['keyindex'])
+
+if (userrows[0]['enctype'] != 'aes256-cts-hmac-sha1-96' or
+    userrows[1]['enctype'] != 'aes128-cts-hmac-sha1-96'):
+    fail('tabdump keyinfo enctypes')
+
+success('tabdump keyinfo')
+
+
+rows = getrows('keydata')
+checkkeys(rows, 'keydata',
+          ["name", "keyindex", "kvno", "enctype", "key", "salttype", "salt"])
+
+
+rows = getrows('princ_flags')
+checkkeys(rows, 'princ_flags', ["name", "flag", "value"])
+
+
+rows = getrows('princ_lockout')
+checkkeys(rows, 'princ_lockout', ["name", "last_success", "last_failed",
+                                  "fail_count"])
+
+
+realm.run([kadminl, 'addpol', '-history', '3', 'testpol'])
+realm.run([kadminl, 'modprinc', '-policy', 'testpol', 'user'])
+
+rows = getrows('princ_meta')
+checkkeys(rows, 'princ_meta', ["name", "modby", "modtime", "lastpwd",
+                               "policy", "mkvno", "hist_kvno"])
+
+userrows = [x for x in rows if x['name'].startswith('user@')]
+
+if userrows[0]['policy'] != 'testpol':
+    fail('tabdump princ_meta policy name')
+
+
+realm.run([kadminl, 'set_string', 'user', 'foo', 'bar'])
+
+rows = getrows('princ_stringattrs')
+checkkeys(rows, 'princ_stringattrs', ["name", "key", "value"])
+
+userrows = [x for x in rows if x['name'].startswith('user@')]
+if (len(userrows) != 1 or userrows[0]['key'] != 'foo' or
+    userrows[0]['value'] != 'bar'):
+    fail('tabdump princ_stringattrs key/value')
+
+
+rows = getrows('princ_tktpolicy')
+checkkeys(rows, 'princ_tktpolicy', ["name", "expiration", "pw_expiration",
+                                    "max_life", "max_renew_life"])
+
+success('tabdump')
diff --git a/krb5-1.21.3/src/tests/t_u2u.py b/krb5-1.21.3/src/tests/t_u2u.py
new file mode 100644
index 00000000..4b8a82a2
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_u2u.py
@@ -0,0 +1,60 @@
+from k5test import *
+
+realm = K5Realm(create_host=False)
+
+# Create a second user principal and get tickets for it.
+u2u_ccache = 'FILE:' + os.path.join(realm.testdir, 'ccu2u')
+realm.addprinc('alice', password('alice'))
+realm.kinit('alice', password('alice'), ['-c', u2u_ccache])
+
+# Verify that -allow_dup_skey denies u2u requests.
+realm.run([kadminl, 'modprinc', '-allow_dup_skey', 'alice'])
+realm.run([kvno, '--u2u', u2u_ccache, 'alice'], expected_code=1,
+          expected_msg='KDC policy rejects request')
+realm.run([kadminl, 'modprinc', '+allow_dup_skey', 'alice'])
+
+# Verify that -allow_svr denies regular TGS requests, but allows
+# user-to-user TGS requests.
+realm.run([kadminl, 'modprinc', '-allow_svr', 'alice'])
+realm.run([kvno, 'alice'], expected_code=1,
+          expected_msg='Server principal valid for user2user only')
+realm.run([kvno, '--u2u', u2u_ccache, 'alice'], expected_msg='kvno = 0')
+realm.run([kadminl, 'modprinc', '+allow_svr', 'alice'])
+
+# Verify that normal lookups ignore the user-to-user ticket.
+realm.run([kvno, 'alice'], expected_msg='kvno = 1')
+out = realm.run([klist])
+if out.count('alice@KRBTEST.COM') != 2:
+    fail('expected two alice tickets after regular kvno')
+
+# Try u2u against the client user.
+realm.run([kvno, '--u2u', realm.ccache, realm.user_princ])
+
+realm.run([klist])
+
+realm.stop()
+
+# Load the test KDB module to test aliases
+testprincs = {'krbtgt/KRBTEST.COM': {'keys': 'aes128-cts'},
+              'user': {'keys': 'aes128-cts', 'flags': '+preauth'},
+              'WIN10': {'keys': 'aes128-cts'}}
+kdcconf = {'realms': {'$realm': {'database_module': 'test'}},
+           'dbmodules': {'test': {'db_library': 'test',
+                                  'princs': testprincs,
+                                  'alias': {'HOST/win10': 'WIN10'}}}}
+
+realm = K5Realm(kdc_conf=kdcconf, create_kdb=False)
+realm.start_kdc()
+
+# Create a second user principal and get tickets for it.
+u2u_ccache = 'FILE:' + os.path.join(realm.testdir, 'ccu2u')
+realm.extract_keytab('WIN10', realm.keytab)
+realm.kinit('WIN10', None, ['-k', '-c', u2u_ccache])
+
+realm.extract_keytab(realm.user_princ, realm.keytab)
+realm.kinit(realm.user_princ, None, ['-k'])
+
+realm.run([kvno, '--u2u', u2u_ccache, 'HOST/win10'], expected_msg='kvno = 0')
+realm.run([kvno, '--u2u', u2u_ccache, 'WIN10'], expected_msg='kvno = 0')
+
+success('user-to-user tests')
diff --git a/krb5-1.21.3/src/tests/t_unlockiter.py b/krb5-1.21.3/src/tests/t_unlockiter.py
new file mode 100755
index 00000000..fb18abc6
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_unlockiter.py
@@ -0,0 +1,20 @@
+from k5test import *
+
+# Default KDB iteration is locked.  Expect write lock failure unless
+# unlocked iteration is explicitly requested.
+realm = K5Realm(create_user=False, create_host=False, start_kdc=False,
+                bdb_only=True)
+realm.run(['./unlockiter'], expected_code=1)
+realm.run(['./unlockiter', '-u'])
+realm.run(['./unlockiter', '-l'], expected_code=1)
+
+# Set default to unlocked iteration.  Only explicitly requested locked
+# iteration should block the write lock.
+realm = K5Realm(create_user=False, create_host=False, start_kdc=False,
+                bdb_only=True,
+                krb5_conf={'dbmodules': {'db': {'unlockiter': 'true'}}})
+realm.run(['./unlockiter'])
+realm.run(['./unlockiter', '-u'])
+realm.run(['./unlockiter', '-l'], expected_code=1)
+
+success('Unlocked iteration unit tests')
diff --git a/krb5-1.21.3/src/tests/t_y2038.py b/krb5-1.21.3/src/tests/t_y2038.py
new file mode 100644
index 00000000..2eaa191e
--- /dev/null
+++ b/krb5-1.21.3/src/tests/t_y2038.py
@@ -0,0 +1,79 @@
+from k5test import *
+
+# These tests will become much less important after the y2038 boundary
+# has elapsed, and may start exhibiting problems around the year 2075.
+
+if runenv.sizeof_time_t <= 4:
+    skip_rest('y2038 timestamp tests', 'platform has 32-bit time_t')
+
+# Start a KDC running roughly 21 years in the future, after the y2038
+# boundary.  Set long maximum lifetimes for later tests.
+conf = {'realms': {'$realm': {'max_life': '9000d',
+                              'max_renewable_life': '9000d'}}}
+realm = K5Realm(start_kdc=False, kdc_conf=conf)
+realm.start_kdc(['-T', '662256000'])
+
+# kinit without preauth should succeed with clock skew correction, but
+# will result in an expired ticket, because we sent an absolute end
+# time and didn't get a chance to correct it..
+mark('kinit, no preauth')
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, realm.host_princ], expected_code=1,
+          expected_msg='Ticket expired')
+
+# kinit with preauth should succeed and result in a valid ticket, as
+# we get a chance to correct the end time based on the KDC time.  Try
+# with encrypted timestamp and encrypted challenge.
+mark('kinit, with preauth')
+realm.run([kadminl, 'modprinc', '+requires_preauth', 'user'])
+realm.kinit(realm.user_princ, password('user'))
+realm.run([kvno, realm.host_princ])
+realm.kinit(realm.user_princ, password('user'), flags=['-T', realm.ccache])
+realm.run([kvno, realm.host_princ])
+
+# Test that expiration warning works after y2038, by setting a
+# password expiration time ten minutes after the KDC time.
+mark('expiration warning')
+realm.run([kadminl, 'modprinc', '-pwexpire', '662256600 seconds', 'user'])
+out = realm.kinit(realm.user_princ, password('user'))
+if 'will expire in less than one hour' not in out:
+    fail('password expiration message')
+year = int(out.split()[-1])
+if year < 2038 or year > 9999:
+    fail('password expiration year')
+
+realm.stop_kdc()
+realm.start_kdc()
+realm.start_kadmind()
+realm.prep_kadmin()
+
+# Test getdate parsing of absolute timestamps after 2038 and
+# marshalling over the kadmin protocol.  The local time zone will
+# affect the display time by a little bit, so just look for the year.
+mark('kadmin marshalling')
+realm.run_kadmin(['modprinc', '-pwexpire', '2040-02-03', realm.host_princ])
+realm.run_kadmin(['getprinc', realm.host_princ], expected_msg=' 2040\n')
+
+# Get a ticket whose lifetime crosses the y2038 boundary and
+# range-check the expiration year as reported by klist.
+mark('ticket lifetime across y2038')
+realm.kinit(realm.user_princ, password('user'),
+            flags=['-l', '8000d', '-r', '8500d'])
+realm.run([kvno, realm.host_princ])
+out = realm.run([klist])
+if int(out.split('\n')[4].split()[2].split('/')[2]) < 39:
+    fail('unexpected tgt expiration year')
+if int(out.split('\n')[5].split()[2].split('/')[2]) < 40:
+    fail('unexpected tgt rtill year')
+if int(out.split('\n')[6].split()[2].split('/')[2]) < 39:
+    fail('unexpected service ticket expiration year')
+if int(out.split('\n')[7].split()[2].split('/')[2]) < 40:
+    fail('unexpected service ticket rtill year')
+realm.kinit(realm.user_princ, None, ['-R'])
+out = realm.run([klist])
+if int(out.split('\n')[4].split()[2].split('/')[2]) < 39:
+    fail('unexpected renewed tgt expiration year')
+if int(out.split('\n')[5].split()[2].split('/')[2]) < 40:
+    fail('unexpected renewed tgt rtill year')
+
+success('y2038 tests')
diff --git a/krb5-1.21.3/src/tests/test1.c b/krb5-1.21.3/src/tests/test1.c
new file mode 100644
index 00000000..aed656eb
--- /dev/null
+++ b/krb5-1.21.3/src/tests/test1.c
@@ -0,0 +1,192 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/test1.c - Regression tests for krb5 library */
+/*
+ * Copyright 1990 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "krb5.h"
+
+unsigned char key_one[8] = { 0x10, 0x23, 0x32, 0x45, 0x54, 0x67, 0x76, 0x89 };
+unsigned char key_two[8] = { 0xea, 0x89, 0x57, 0x76, 0x5b, 0xcd, 0x0d, 0x34 };
+
+extern void dump_data();
+
+tkt_test_1()
+{
+    krb5_data *data;
+    krb5_ticket tk_in, *tk_out;
+    krb5_keyblock sess_k, serv_k, *nsess;
+    krb5_enc_tkt_part tk_in_enc;
+    int code;
+    krb5_address *addr_list[2];
+    krb5_address addr_1;
+    static krb5_octet ip_addr_1[4] = { 18, 72, 0, 122 };
+    char *out;
+
+    /*
+     * fill in some values on the "in" side of the ticket
+     */
+    code = krb5_parse_name ("server/test/1@BOGUS.ORG", &tk_in.server);
+    if (code != 0) {
+        com_err("tkt_test_1", code, " parsing server principal");
+        return;
+    }
+
+    serv_k.enctype = 1;         /* XXX symbolic constant */
+    serv_k.length = 8;          /* XXX symbolic constant */
+    serv_k.contents = key_one;
+
+    sess_k.enctype = 1;         /* XXX symbolic constant */
+    sess_k.length = 8;          /* XXX symbolic constant */
+    sess_k.contents = key_two;
+
+    tk_in.etype = 1;            /* XXX symbolic constant here */
+    tk_in.skvno = 4;
+
+    tk_in.enc_part2 = &tk_in_enc;
+
+    tk_in_enc.flags = 0x11;
+    tk_in_enc.session = &sess_k;
+
+    tk_in_enc.times.authtime = 42;
+    tk_in_enc.times.starttime = 43;
+    tk_in_enc.times.endtime = 44;
+
+    code = krb5_parse_name ("client/test/1@BOGUS.ORG", &tk_in_enc.client);
+    if (code != 0) {
+        com_err("tkt_test_1", code, " parsing client principal");
+        return;
+    }
+    tk_in_enc.transited.length = 0;
+
+    addr_1.addrtype = ADDRTYPE_INET; /* XXX should be KRB5_ADDR... */
+    addr_1.length = 4;
+    addr_1.contents = ip_addr_1;
+
+    addr_list[0] = &addr_1;
+    addr_list[1] = 0;
+
+
+    tk_in_enc.caddrs = addr_list;
+    tk_in_enc.authorization_data = 0;
+
+    code = krb5_encrypt_tkt_part(&serv_k, &tk_in);
+    if (code != 0) {
+        com_err ("tkt_test_1", code, " encrypting ticket");
+        return;
+    }
+
+    data = 0;
+
+    code = krb5_encode_ticket (&tk_in,  &data);
+    if (code != 0) {
+        com_err ("tkt_test_1", code, " encoding ticket");
+        return;
+    }
+
+    dump_data(data);
+
+    tk_out = 0;
+    code = krb5_decode_ticket (data, &tk_out);
+    if (code != 0) {
+        com_err ("tkt_test_1", code, "decoding ticket");
+        return;
+    }
+    /* check the plaintext values */
+    if (tk_out->etype != 1) {
+        com_err ("tkt_test_1", 0, "wrong etype");
+        return;
+    }
+    if (tk_out->skvno != 4) {
+        com_err ("tkt_test_1", 0, "wrong kvno");
+        return;
+    }
+
+    code = krb5_unparse_name(tk_out->server, &out);
+    if (code != 0) {
+        com_err ("tkt_test_1", code, "couldn't unparse server principal");
+        return;
+    }
+    if (strcmp (out, "server/test/1@BOGUS.ORG") != 0) {
+        com_err("tkt_test_1", 0, "wrong server principal");
+        return;
+    }
+    free(out);
+    out = 0;
+
+    /* decode the ciphertext */
+    code = krb5_decrypt_tkt_part (&serv_k, tk_out);
+    if (code != 0) {
+        com_err ("tkt_test_1", code, "while decrypting ticket");
+        return;
+    }
+
+    /* check the contents */
+    if (tk_out->enc_part2->flags != 0x11) {
+        com_err("tkt_test_1", 0, "wrong flags");
+        return;
+    }
+
+    nsess = tk_out->enc_part2->session;
+
+    if (nsess->enctype != 1) {
+        com_err("tkt_test_1", 0, "wrong session key type");
+        return;
+    }
+    if (nsess->length != 8) {
+        com_err("tkt_test_1", 0, "wrong session key length");
+        return;
+    }
+    if (memcmp(nsess->contents, key_two, 8) != 0) {
+        com_err("tkt_test_1", 0, "wrong session key contents");
+        return;
+    }
+
+    code = krb5_unparse_name(tk_out->enc_part2->client, &out);
+    if (code != 0) {
+        com_err ("tkt_test_1", code, "couldn't unparse client principal");
+        return;
+    }
+    if (strcmp (out, "client/test/1@BOGUS.ORG") != 0) {
+        com_err("tkt_test_1", 0, "wrong client principal");
+        return;
+    }
+    free(out);
+    out = 0;
+    if (tk_out->enc_part2->transited.length != 0) {
+        com_err("tkt_test_1", 0, "wrong transited length");
+        return;
+    }
+    /* XXX should check address here, too */
+    /* XXX should check times here */
+    /* XXX should check auth. data here */
+    printf("test 1 passed\n");
+}
+
+
+
+main()
+{
+    krb5_init_ets();
+    tkt_test_1();
+}
diff --git a/krb5-1.21.3/src/tests/threads/Makefile.in b/krb5-1.21.3/src/tests/threads/Makefile.in
new file mode 100644
index 00000000..4e12b373
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/Makefile.in
@@ -0,0 +1,40 @@
+# The test programs here are not built or run by default.  You can
+# build a specific test program with "make gss-perf" or similar.
+# "make run-t_rcache" will run the replay cache test program in the
+# proper environment.
+
+mydir=tests$(S)threads
+BUILDTOP=$(REL)..$(S)..
+
+SRCS=$(srcdir)/t_rcache.c \
+	$(srcdir)/gss-perf.c \
+	$(srcdir)/init_ctx.c \
+	$(srcdir)/profread.c \
+	$(srcdir)/prof1.c
+
+all:
+
+run-t_rcache: t_rcache
+	$(RUN_TEST) ./t_rcache file2:test.rcache2
+
+t_rcache: t_rcache.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o t_rcache t_rcache.o $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+prof1: prof1.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o prof1 prof1.o $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+prof1.o: prof1.c
+
+gss-perf: gss-perf.o $(KRB5_BASE_DEPLIBS) $(GSS_DEPLIBS)
+	$(CC_LINK) $(PTHREAD_CFLAGS) -o gss-perf gss-perf.o $(GSS_LIBS) $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+init_ctx: init_ctx.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) $(PTHREAD_CFLAGS) -o init_ctx init_ctx.o $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+profread: profread.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) $(PTHREAD_CFLAGS) -o profread profread.o $(KRB5_BASE_LIBS) $(THREAD_LINKOPTS)
+
+install:
+
+clean:
+	$(RM) *.o t_rcache syms prof1 gss-perf test.rcache2
diff --git a/krb5-1.21.3/src/tests/threads/deps b/krb5-1.21.3/src/tests/threads/deps
new file mode 100644
index 00000000..f536935d
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/deps
@@ -0,0 +1,27 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)t_rcache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_rcache.c
+$(OUTPRE)gss-perf.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  gss-perf.c
+$(OUTPRE)init_ctx.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  init_ctx.c
+$(OUTPRE)profread.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  profread.c
+$(OUTPRE)prof1.$(OBJEXT): $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) prof1.c
diff --git a/krb5-1.21.3/src/tests/threads/gss-perf.c b/krb5-1.21.3/src/tests/threads/gss-perf.c
new file mode 100644
index 00000000..f3630c2f
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/gss-perf.c
@@ -0,0 +1,455 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/threads/gss-perf.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * GSSAPI performance testing
+ * initially contributed by Ken Raeburn
+ */
+/*
+ * Possible to-do items:
+ * - init-mutual testing (process msg back from accept)
+ * - wrap/unwrap testing (one init/accept per thread, loop on wrap/unwrap)
+ * - wrap/unwrap MT testing (one init/accept for process) ?
+ * - init+accept with replay cache
+ * - default to target "host@localhostname"
+ * - input ccache option?
+ *
+ * Also, perhaps try to simulate certain application patterns, like
+ * init/accept, exchange N messages with wrap/unwrap, destroy context,
+ * all in a loop in M parallel threads.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <assert.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <krb5.h>
+#include <gssapi/gssapi.h>
+
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#define N_THREADS 2
+#define ITER_COUNT 10000
+static int init_krb5_first = 0;
+
+struct resource_info {
+    struct timeval start_time, end_time;
+};
+struct thread_info {
+    pthread_t tid;
+    struct resource_info r;
+};
+
+static gss_name_t target;
+static char *prog, *target_name;
+static unsigned int n_threads = N_THREADS;
+static int iter_count = ITER_COUNT;
+static int do_pause, do_mutual;
+static int test_init, test_accept;
+
+static void usage (void) __attribute__((noreturn));
+static void set_target (char *);
+
+static void
+usage ()
+{
+    fprintf (stderr, "usage: %s [ options ] service-name\n", prog);
+    fprintf (stderr, "  service-name\tGSSAPI host-based service name (e.g., 'host@FQDN')\n");
+    fprintf (stderr, "options:\n");
+    fprintf (stderr, "\t-I\ttest gss_init_sec_context\n");
+    fprintf (stderr, "\t-A\ttest gss_accept_sec_context\n");
+    fprintf (stderr, "\t-k K\tspecify keytab (remember FILE: or other prefix!)\n");
+    fprintf (stderr, "\t-t N\tspecify number of threads (default %d)\n",
+             N_THREADS);
+    fprintf (stderr, "\t-i N\tset iteration count (default %d)\n",
+             ITER_COUNT);
+    fprintf (stderr, "\t-m\tenable mutual authentication flag (but don't do the additional calls)\n");
+    fprintf (stderr, "\t-K\tinitialize a krb5_context for the duration\n");
+    fprintf (stderr, "\t-P\tpause briefly after starting, to allow attaching dtrace/strace/etc\n");
+    exit (1);
+}
+
+static int
+numarg (char *arg)
+{
+    char *end;
+    long val;
+
+    val = strtol (arg, &end, 10);
+    if (*arg == 0 || *end != 0) {
+        fprintf (stderr, "invalid numeric argument '%s'\n", arg);
+        usage ();
+    }
+    if (val >= 1 && val <= INT_MAX)
+        return val;
+    fprintf (stderr, "out of range numeric value %ld (1..%d)\n",
+             val, INT_MAX);
+    usage ();
+}
+
+static char optstring[] = "k:t:i:KPmIA";
+
+static void
+process_options (int argc, char *argv[])
+{
+    int c;
+
+    prog = strrchr (argv[0], '/');
+    if (prog)
+        prog++;
+    else
+        prog = argv[0];
+    while ((c = getopt (argc, argv, optstring)) != -1) {
+        switch (c) {
+        case '?':
+        case ':':
+            usage ();
+            break;
+
+        case 'k':
+            setenv ("KRB5_KTNAME", optarg, 1);
+            break;
+
+        case 't':
+            n_threads = numarg (optarg);
+            if (n_threads >= SIZE_MAX / sizeof (struct thread_info)) {
+                n_threads = SIZE_MAX / sizeof (struct thread_info);
+                fprintf (stderr, "limiting n_threads to %u\n", n_threads);
+            }
+            break;
+
+        case 'i':
+            iter_count = numarg (optarg);
+            break;
+
+        case 'K':
+            init_krb5_first = 1;
+            break;
+
+        case 'P':
+            do_pause = 1;
+            break;
+
+        case 'I':
+            test_init = 1;
+            break;
+        case 'A':
+            test_accept = 1;
+            break;
+        }
+    }
+    if (argc == optind + 1)
+        set_target (argv[optind]);
+    else
+        usage ();
+
+    if (test_init && test_accept) {
+        fprintf (stderr, "-I and -A are mutually exclusive\n");
+        usage ();
+    }
+    if (test_init == 0 && test_accept == 0)
+        test_init = 1;
+}
+
+static void
+display_a_status (const char *s_type, OM_uint32 type, OM_uint32 val)
+{
+    OM_uint32 mctx = 0;
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
+
+    do {
+        maj_stat = gss_display_status (&min_stat,
+                                       val,
+                                       type,
+                                       GSS_C_NO_OID,
+                                       &mctx,
+                                       &msg);
+        if (maj_stat != GSS_S_COMPLETE) {
+            fprintf (stderr,
+                     "error getting display form of %s status code %#lx\n",
+                     s_type, (unsigned long) val);
+            exit (1);
+        }
+        fprintf (stderr, " %s: %.*s\n", s_type,
+                 (int) msg.length, (char *) msg.value);
+        gss_release_buffer (&min_stat, &msg);
+    } while (mctx != 0);
+}
+
+static void
+gss_error(const char *where, OM_uint32 maj_stat, OM_uint32 min_stat)
+{
+    fprintf (stderr, "%s: %s:\n", prog, where);
+    display_a_status ("major", GSS_C_GSS_CODE, maj_stat);
+    display_a_status ("minor", GSS_C_MECH_CODE, min_stat);
+    exit (1);
+}
+
+static void
+do_accept (gss_buffer_desc *msg, int iter)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t client = GSS_C_NO_NAME;
+    gss_buffer_desc reply = GSS_C_EMPTY_BUFFER;
+    gss_OID oid = GSS_C_NO_OID;
+    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+    OM_uint32 flags = do_mutual ? GSS_C_MUTUAL_FLAG : 0;
+
+    reply.value = NULL;
+    reply.length = 0;
+    maj_stat = gss_accept_sec_context (&min_stat,
+                                       &ctx,
+                                       GSS_C_NO_CREDENTIAL,
+                                       msg,
+                                       GSS_C_NO_CHANNEL_BINDINGS,
+                                       &client,
+                                       &oid,
+                                       &reply,
+                                       &flags,
+                                       NULL, /* time_rec */
+                                       NULL); /* del_cred_handle */
+    if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
+        fprintf (stderr, "pid %lu thread %#lx failing in iteration %d\n",
+                 (unsigned long) getpid (), (unsigned long) pthread_self (),
+                 iter);
+        gss_error ("accepting context", maj_stat, min_stat);
+    }
+    gss_release_buffer (&min_stat, &reply);
+    if (ctx != GSS_C_NO_CONTEXT)
+        gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER);
+    gss_release_name (&min_stat, &client);
+}
+
+static gss_buffer_desc
+do_init ()
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
+    OM_uint32 flags = 0, ret_flags = 0;
+    gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
+
+    if (do_mutual)
+        flags |= GSS_C_MUTUAL_FLAG;
+
+    msg.value = NULL;
+    msg.length = 0;
+    maj_stat = gss_init_sec_context (&min_stat,
+                                     GSS_C_NO_CREDENTIAL,
+                                     &ctx,
+                                     target,
+                                     GSS_C_NO_OID,
+                                     flags,
+                                     0,
+                                     NULL, /* no channel bindings */
+                                     NULL, /* no previous token */
+                                     NULL, /* ignore mech type */
+                                     &msg,
+                                     &ret_flags,
+                                     NULL); /* time_rec */
+    if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
+        gss_error ("initiating", maj_stat, min_stat);
+    }
+    if (ctx != GSS_C_NO_CONTEXT)
+        gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER);
+    return msg;
+}
+
+static void
+set_target (char *name)
+{
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc namebuf;
+
+    target_name = name;
+    namebuf.value = name;
+    namebuf.length = strlen (name);
+    maj_stat = gss_import_name (&min_stat,
+                                &namebuf,
+                                GSS_C_NT_HOSTBASED_SERVICE,
+                                &target);
+    if (maj_stat != GSS_S_COMPLETE)
+        gss_error ("importing target name", maj_stat, min_stat);
+}
+
+static long double
+tvsub (struct timeval t1, struct timeval t2)
+{
+    /* POSIX says .tv_usec is signed.  */
+    return (t1.tv_sec - t2.tv_sec
+            + (long double) 1.0e-6 * (t1.tv_usec - t2.tv_usec));
+}
+
+static struct timeval
+now (void)
+{
+    struct timeval tv;
+    if (gettimeofday (&tv, NULL) < 0) {
+        perror ("gettimeofday");
+        exit (1);
+    }
+    return tv;
+}
+
+static gss_buffer_desc init_msg;
+
+static void run_iterations (struct resource_info *r)
+{
+    int i;
+    OM_uint32 min_stat;
+
+    r->start_time = now ();
+    for (i = 0; i < iter_count; i++) {
+        if (test_init) {
+            gss_buffer_desc msg = do_init ();
+            gss_release_buffer (&min_stat, &msg);
+        } else if (test_accept) {
+            do_accept (&init_msg, i);
+        } else
+            assert (test_init || test_accept);
+    }
+    r->end_time = now ();
+}
+
+static void *
+thread_proc (void *p)
+{
+    run_iterations (p);
+    return 0;
+}
+
+static struct thread_info *tinfo;
+
+static krb5_context kctx;
+static struct rusage start, finish;
+static struct timeval start_time, finish_time;
+
+int
+main (int argc, char *argv[])
+{
+    long double user, sys, wallclock, total;
+    unsigned int i;
+
+    /* Probably should have a command-line option controlling this,
+       but if a replay cache is used, we can't do just one
+       init_sec_context and easily time just the accept_sec_context
+       side.  */
+    setenv ("KRB5RCACHETYPE", "none", 1);
+
+    process_options (argc, argv);
+
+    /*
+     * Some places in the krb5 library cache data globally.
+     * This option allows you to test the effect of that.
+     */
+    if (init_krb5_first && krb5_init_context (&kctx) != 0) {
+        fprintf (stderr, "krb5_init_context error\n");
+        exit (1);
+    }
+    tinfo = calloc (n_threads, sizeof (*tinfo));
+    if (tinfo == NULL) {
+        perror ("calloc");
+        exit (1);
+    }
+    printf ("Test: %s  threads: %d  iterations: %d  target: %s\n",
+            test_init ? "init" : "accept", n_threads, iter_count,
+            target_name ? target_name : "(NONE)");
+    if (do_pause) {
+        printf ("pid %lu napping...\n", (unsigned long) getpid ());
+        sleep (10);
+    }
+    /*
+     * Some tests use one message and process it over and over.  Even
+     * if not, this sort of "primes" things by fetching any needed
+     * tickets just once.
+     */
+    init_msg = do_init ();
+    printf ("starting...\n");
+    /* And *now* we start measuring the performance.  */
+    if (getrusage (RUSAGE_SELF, &start) < 0) {
+        perror ("getrusage");
+        exit (1);
+    }
+    start_time = now ();
+#define foreach_thread(IDXVAR) for (IDXVAR = 0; IDXVAR < n_threads; IDXVAR++)
+    foreach_thread (i) {
+        int err;
+
+        err = pthread_create (&tinfo[i].tid, NULL, thread_proc, &tinfo[i].r);
+        if (err) {
+            fprintf (stderr, "pthread_create: %s\n", strerror (err));
+            exit (1);
+        }
+    }
+    foreach_thread (i) {
+        int err;
+        void *val;
+
+        err = pthread_join (tinfo[i].tid, &val);
+        if (err) {
+            fprintf (stderr, "pthread_join: %s\n", strerror (err));
+            exit (1);
+        }
+    }
+    finish_time = now ();
+    if (getrusage (RUSAGE_SELF, &finish) < 0) {
+        perror ("getrusage");
+        exit (1);
+    }
+    if (init_krb5_first)
+        krb5_free_context (kctx);
+    foreach_thread (i) {
+        printf ("Thread %2d: elapsed time %Lfs\n", i,
+                tvsub (tinfo[i].r.end_time, tinfo[i].r.start_time));
+    }
+    wallclock = tvsub (finish_time, start_time);
+    /*
+     * Report on elapsed time and CPU usage.  Depending what
+     * performance issue you're chasing down, different values may be
+     * of particular interest, so report all the info we've got.
+     */
+    printf ("Overall run time with %d threads = %Lfs, %Lfms per iteration.\n",
+            n_threads, wallclock, 1000 * wallclock / iter_count);
+    user = tvsub (finish.ru_utime, start.ru_utime);
+    sys = tvsub (finish.ru_stime, start.ru_stime);
+    total = user + sys;
+    printf ("CPU usage:   user=%Lfs sys=%Lfs total=%Lfs.\n", user, sys, total);
+    printf ("Utilization: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
+            100 * user / wallclock,
+            100 * sys / wallclock,
+            100 * total / wallclock);
+    printf ("Util/thread: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
+            100 * user / wallclock / n_threads,
+            100 * sys / wallclock / n_threads,
+            100 * total / wallclock / n_threads);
+    printf ("Total CPU use per iteration per thread: %Lfms\n",
+            1000 * total / n_threads / iter_count);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/threads/init_ctx.c b/krb5-1.21.3/src/tests/threads/init_ctx.c
new file mode 100644
index 00000000..42619a91
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/init_ctx.c
@@ -0,0 +1,273 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/threads/init_ctx.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5 context creation performance testing
+ * initially contributed by Ken Raeburn
+ */
+
+#include "k5-platform.h"
+#include <unistd.h>
+#include <pthread.h>
+#include <krb5.h>
+
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#define N_THREADS 4
+#define ITER_COUNT 40000
+static int init_krb5_first = 0;
+
+struct resource_info {
+    struct timeval start_time, end_time;
+};
+struct thread_info {
+    pthread_t tid;
+    struct resource_info r;
+};
+
+static char *prog;
+static unsigned int n_threads = N_THREADS;
+static int iter_count = ITER_COUNT;
+static int do_pause;
+
+static void usage (void) __attribute__((noreturn));
+
+static void
+usage ()
+{
+    fprintf (stderr, "usage: %s [ options ]\n", prog);
+    fprintf (stderr, "options:\n");
+    fprintf (stderr, "\t-t N\tspecify number of threads (default %d)\n",
+             N_THREADS);
+    fprintf (stderr, "\t-i N\tset iteration count (default %d)\n",
+             ITER_COUNT);
+    fprintf (stderr, "\t-K\tinitialize a krb5_context for the duration\n");
+    fprintf (stderr, "\t-P\tpause briefly after starting, to allow attaching dtrace/strace/etc\n");
+    exit (1);
+}
+
+static int
+numarg (char *arg)
+{
+    char *end;
+    long val;
+
+    val = strtol (arg, &end, 10);
+    if (*arg == 0 || *end != 0) {
+        fprintf (stderr, "invalid numeric argument '%s'\n", arg);
+        usage ();
+    }
+    if (val >= 1 && val <= INT_MAX)
+        return val;
+    fprintf (stderr, "out of range numeric value %ld (1..%d)\n",
+             val, INT_MAX);
+    usage ();
+}
+
+static char optstring[] = "t:i:KP";
+
+static void
+process_options (int argc, char *argv[])
+{
+    int c;
+
+    prog = strrchr (argv[0], '/');
+    if (prog)
+        prog++;
+    else
+        prog = argv[0];
+    while ((c = getopt (argc, argv, optstring)) != -1) {
+        switch (c) {
+        case '?':
+        case ':':
+            usage ();
+            break;
+
+        case 't':
+            n_threads = numarg (optarg);
+            if (n_threads >= SIZE_MAX / sizeof (struct thread_info)) {
+                n_threads = SIZE_MAX / sizeof (struct thread_info);
+                fprintf (stderr, "limiting n_threads to %u\n", n_threads);
+            }
+            break;
+
+        case 'i':
+            iter_count = numarg (optarg);
+            break;
+
+        case 'K':
+            init_krb5_first = 1;
+            break;
+
+        case 'P':
+            do_pause = 1;
+            break;
+        }
+    }
+    if (argc != optind)
+        usage ();
+}
+
+static long double
+tvsub (struct timeval t1, struct timeval t2)
+{
+    /* POSIX says .tv_usec is signed.  */
+    return (t1.tv_sec - t2.tv_sec
+            + (long double) 1.0e-6 * (t1.tv_usec - t2.tv_usec));
+}
+
+static struct timeval
+now (void)
+{
+    struct timeval tv;
+    if (gettimeofday (&tv, NULL) < 0) {
+        perror ("gettimeofday");
+        exit (1);
+    }
+    return tv;
+}
+
+static void run_iterations (struct resource_info *r)
+{
+    int i;
+    krb5_error_code err;
+    krb5_context ctx;
+
+    r->start_time = now ();
+    for (i = 0; i < iter_count; i++) {
+        err = krb5_init_context(&ctx);
+        if (err) {
+            com_err(prog, err, "initializing krb5 context");
+            exit(1);
+        }
+        krb5_free_context(ctx);
+    }
+    r->end_time = now ();
+}
+
+static void *
+thread_proc (void *p)
+{
+    run_iterations (p);
+    return 0;
+}
+
+static struct thread_info *tinfo;
+
+static krb5_context kctx;
+static struct rusage start, finish;
+static struct timeval start_time, finish_time;
+
+int
+main (int argc, char *argv[])
+{
+    long double user, sys, wallclock, total;
+    unsigned int i;
+
+    process_options (argc, argv);
+
+    /*
+     * Some places in the krb5 library cache data globally.
+     * This option allows you to test the effect of that.
+     */
+    if (init_krb5_first && krb5_init_context (&kctx) != 0) {
+        fprintf (stderr, "krb5_init_context error\n");
+        exit (1);
+    }
+    tinfo = calloc (n_threads, sizeof (*tinfo));
+    if (tinfo == NULL) {
+        perror ("calloc");
+        exit (1);
+    }
+    printf ("Threads: %d  iterations: %d\n", n_threads, iter_count);
+    if (do_pause) {
+        printf ("pid %lu napping...\n", (unsigned long) getpid ());
+        sleep (10);
+    }
+    printf ("starting...\n");
+    /* And *now* we start measuring the performance.  */
+    if (getrusage (RUSAGE_SELF, &start) < 0) {
+        perror ("getrusage");
+        exit (1);
+    }
+    start_time = now ();
+#define foreach_thread(IDXVAR) for (IDXVAR = 0; IDXVAR < n_threads; IDXVAR++)
+    foreach_thread (i) {
+        int err;
+
+        err = pthread_create (&tinfo[i].tid, NULL, thread_proc, &tinfo[i].r);
+        if (err) {
+            fprintf (stderr, "pthread_create: %s\n", strerror (err));
+            exit (1);
+        }
+    }
+    foreach_thread (i) {
+        int err;
+        void *val;
+
+        err = pthread_join (tinfo[i].tid, &val);
+        if (err) {
+            fprintf (stderr, "pthread_join: %s\n", strerror (err));
+            exit (1);
+        }
+    }
+    finish_time = now ();
+    if (getrusage (RUSAGE_SELF, &finish) < 0) {
+        perror ("getrusage");
+        exit (1);
+    }
+    if (init_krb5_first)
+        krb5_free_context (kctx);
+    foreach_thread (i) {
+        printf ("Thread %2d: elapsed time %Lfs\n", i,
+                tvsub (tinfo[i].r.end_time, tinfo[i].r.start_time));
+    }
+    wallclock = tvsub (finish_time, start_time);
+    /*
+     * Report on elapsed time and CPU usage.  Depending what
+     * performance issue you're chasing down, different values may be
+     * of particular interest, so report all the info we've got.
+     */
+    printf ("Overall run time with %d threads = %Lfs, %Lfms per iteration.\n",
+            n_threads, wallclock, 1000 * wallclock / iter_count);
+    user = tvsub (finish.ru_utime, start.ru_utime);
+    sys = tvsub (finish.ru_stime, start.ru_stime);
+    total = user + sys;
+    printf ("CPU usage:   user=%Lfs sys=%Lfs total=%Lfs.\n", user, sys, total);
+    printf ("Utilization: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
+            100 * user / wallclock,
+            100 * sys / wallclock,
+            100 * total / wallclock);
+    printf ("Util/thread: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
+            100 * user / wallclock / n_threads,
+            100 * sys / wallclock / n_threads,
+            100 * total / wallclock / n_threads);
+    printf ("Total CPU use per iteration per thread: %Lfms\n",
+            1000 * total / n_threads / iter_count);
+    free(tinfo);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/threads/prof1.c b/krb5-1.21.3/src/tests/threads/prof1.c
new file mode 100644
index 00000000..3d959784
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/prof1.c
@@ -0,0 +1,105 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/threads/prof1.c */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <time.h>
+#include <sys/time.h>
+#include <utime.h>
+#include <com_err.h>
+#include <profile.h>
+
+int nthreads = 10;
+unsigned int delay = 3600;
+
+volatile int done = 0; /* XXX hack */
+
+const char *path = "/tmp/foo1.conf:/tmp/foo.conf";
+const char *filename = "/tmp/foo.conf";
+
+const char *prog;
+
+static void *worker(void *arg)
+{
+    profile_t p;
+    long err;
+    int i;
+    const char *const names[] = {
+        "one", "two", "three", 0
+    };
+    char **values;
+    const char *mypath = (random() & 1) ? path : filename;
+
+    while (!done) {
+        err = profile_init_path(mypath, &p);
+        if (err) {
+            com_err(prog, err, "calling profile_init(\"%s\")", mypath);
+            exit(1);
+        }
+        for (i = 0; i < 10; i++) {
+            values = 0;
+            err = profile_get_values(p, names, &values);
+            if (err == 0 && values != 0)
+                profile_free_list(values);
+        }
+        profile_release(p);
+    }
+    return 0;
+}
+
+static void *modifier(void *arg)
+{
+    struct timespec req;
+    while (!done) {
+        req.tv_sec = 0;
+        req.tv_nsec = random() & 499999999;
+        nanosleep(&req, 0);
+        utime(filename, 0);
+/*      printf("."), fflush(stdout); */
+    }
+    return 0;
+}
+
+int main(int argc, char *argv[])
+{
+    int i;
+    pthread_t thr;
+
+    prog = argv[0];
+    for (i = 0; i < nthreads; i++) {
+        assert(0 == pthread_create(&thr, 0, worker, 0));
+    }
+    sleep(1);
+    pthread_create(&thr, 0, modifier, 0);
+    sleep(delay);
+    done = 1;
+    sleep(2);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/threads/profread.c b/krb5-1.21.3/src/tests/threads/profread.c
new file mode 100644
index 00000000..be28ba40
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/profread.c
@@ -0,0 +1,287 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/threads/profread.c */
+/*
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5 profile data retrieval performance testing
+ * initially contributed by Ken Raeburn
+ */
+
+#include "k5-platform.h"
+#include <unistd.h>
+#include <pthread.h>
+#include <krb5.h>
+#include <profile.h>
+
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#define N_THREADS 4
+#define ITER_COUNT 40000
+static int init_krb5_first = 0;
+
+struct resource_info {
+    struct timeval start_time, end_time;
+};
+struct thread_info {
+    pthread_t tid;
+    struct resource_info r;
+    krb5_context ctx;
+};
+
+static char *prog;
+static unsigned int n_threads = N_THREADS;
+static int iter_count = ITER_COUNT;
+static int do_pause;
+
+static void usage (void) __attribute__((noreturn));
+
+static void
+usage ()
+{
+    fprintf (stderr, "usage: %s [ options ]\n", prog);
+    fprintf (stderr, "options:\n");
+    fprintf (stderr, "\t-t N\tspecify number of threads (default %d)\n",
+             N_THREADS);
+    fprintf (stderr, "\t-i N\tset iteration count (default %d)\n",
+             ITER_COUNT);
+    fprintf (stderr, "\t-K\tinitialize a krb5_context for the duration\n");
+    fprintf (stderr, "\t-P\tpause briefly after starting, to allow attaching dtrace/strace/etc\n");
+    exit (1);
+}
+
+static int
+numarg (char *arg)
+{
+    char *end;
+    long val;
+
+    val = strtol (arg, &end, 10);
+    if (*arg == 0 || *end != 0) {
+        fprintf (stderr, "invalid numeric argument '%s'\n", arg);
+        usage ();
+    }
+    if (val >= 1 && val <= INT_MAX)
+        return val;
+    fprintf (stderr, "out of range numeric value %ld (1..%d)\n",
+             val, INT_MAX);
+    usage ();
+}
+
+static char optstring[] = "t:i:KP";
+
+static void
+process_options (int argc, char *argv[])
+{
+    int c;
+
+    prog = strrchr (argv[0], '/');
+    if (prog)
+        prog++;
+    else
+        prog = argv[0];
+    while ((c = getopt (argc, argv, optstring)) != -1) {
+        switch (c) {
+        case '?':
+        case ':':
+            usage ();
+            break;
+
+        case 't':
+            n_threads = numarg (optarg);
+            if (n_threads >= SIZE_MAX / sizeof (struct thread_info)) {
+                n_threads = SIZE_MAX / sizeof (struct thread_info);
+                fprintf (stderr, "limiting n_threads to %u\n", n_threads);
+            }
+            break;
+
+        case 'i':
+            iter_count = numarg (optarg);
+            break;
+
+        case 'K':
+            init_krb5_first = 1;
+            break;
+
+        case 'P':
+            do_pause = 1;
+            break;
+        }
+    }
+    if (argc != optind)
+        usage ();
+}
+
+static long double
+tvsub (struct timeval t1, struct timeval t2)
+{
+    /* POSIX says .tv_usec is signed.  */
+    return (t1.tv_sec - t2.tv_sec
+            + (long double) 1.0e-6 * (t1.tv_usec - t2.tv_usec));
+}
+
+static struct timeval
+now (void)
+{
+    struct timeval tv;
+    if (gettimeofday (&tv, NULL) < 0) {
+        perror ("gettimeofday");
+        exit (1);
+    }
+    return tv;
+}
+
+static void run_iterations (struct resource_info *r)
+{
+    int i;
+    krb5_error_code err;
+    krb5_context ctx;
+    profile_t prof = NULL;
+
+    err = krb5_init_context(&ctx);
+    if (err) {
+        com_err(prog, err, "initializing krb5 context");
+        exit(1);
+    }
+    err = krb5_get_profile(ctx, &prof);
+    if (err) {
+        com_err(prog, err, "fetching profile from context");
+        exit(1);
+    }
+    r->start_time = now ();
+    for (i = 0; i < iter_count; i++) {
+        int ival;
+        err = profile_get_integer(prof, "one", "two", "three", 42, &ival);
+        if (err) {
+            com_err(prog, err, "fetching value from profile");
+            exit(1);
+        }
+    }
+    r->end_time = now ();
+    profile_release (prof);
+    krb5_free_context(ctx);
+}
+
+static void *
+thread_proc (void *p)
+{
+    run_iterations (p);
+    return 0;
+}
+
+static struct thread_info *tinfo;
+
+static krb5_context kctx;
+static struct rusage start, finish;
+static struct timeval start_time, finish_time;
+
+int
+main (int argc, char *argv[])
+{
+    long double user, sys, wallclock, total;
+    unsigned int i;
+
+    process_options (argc, argv);
+
+    /*
+     * Some places in the krb5 library cache data globally.
+     * This option allows you to test the effect of that.
+     */
+    if (init_krb5_first && krb5_init_context (&kctx) != 0) {
+        fprintf (stderr, "krb5_init_context error\n");
+        exit (1);
+    }
+    tinfo = calloc (n_threads, sizeof (*tinfo));
+    if (tinfo == NULL) {
+        perror ("calloc");
+        exit (1);
+    }
+    printf ("Threads: %d  iterations: %d\n", n_threads, iter_count);
+    if (do_pause) {
+        printf ("pid %lu napping...\n", (unsigned long) getpid ());
+        sleep (10);
+    }
+    printf ("starting...\n");
+    /* And *now* we start measuring the performance.  */
+    if (getrusage (RUSAGE_SELF, &start) < 0) {
+        perror ("getrusage");
+        exit (1);
+    }
+    start_time = now ();
+#define foreach_thread(IDXVAR) for (IDXVAR = 0; IDXVAR < n_threads; IDXVAR++)
+    foreach_thread (i) {
+        int err;
+
+        err = pthread_create (&tinfo[i].tid, NULL, thread_proc, &tinfo[i].r);
+        if (err) {
+            fprintf (stderr, "pthread_create: %s\n", strerror (err));
+            exit (1);
+        }
+    }
+    foreach_thread (i) {
+        int err;
+        void *val;
+
+        err = pthread_join (tinfo[i].tid, &val);
+        if (err) {
+            fprintf (stderr, "pthread_join: %s\n", strerror (err));
+            exit (1);
+        }
+    }
+    finish_time = now ();
+    if (getrusage (RUSAGE_SELF, &finish) < 0) {
+        perror ("getrusage");
+        exit (1);
+    }
+    if (init_krb5_first)
+        krb5_free_context (kctx);
+    foreach_thread (i) {
+        printf ("Thread %2d: elapsed time %Lfs\n", i,
+                tvsub (tinfo[i].r.end_time, tinfo[i].r.start_time));
+    }
+    wallclock = tvsub (finish_time, start_time);
+    /*
+     * Report on elapsed time and CPU usage.  Depending what
+     * performance issue you're chasing down, different values may be
+     * of particular interest, so report all the info we've got.
+     */
+    printf ("Overall run time with %d threads = %Lfs, %.2Lfus per iteration.\n",
+            n_threads, wallclock, 1000000 * wallclock / iter_count);
+    user = tvsub (finish.ru_utime, start.ru_utime);
+    sys = tvsub (finish.ru_stime, start.ru_stime);
+    total = user + sys;
+    printf ("CPU usage:   user=%Lfs sys=%Lfs total=%Lfs.\n", user, sys, total);
+    printf ("Utilization: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
+            100 * user / wallclock,
+            100 * sys / wallclock,
+            100 * total / wallclock);
+    printf ("Util/thread: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
+            100 * user / wallclock / n_threads,
+            100 * sys / wallclock / n_threads,
+            100 * total / wallclock / n_threads);
+    printf ("Total CPU use per iteration per thread: %.2Lfus\n",
+            1000000 * total / n_threads / iter_count);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/threads/t_rcache.c b/krb5-1.21.3/src/tests/threads/t_rcache.c
new file mode 100644
index 00000000..07c45cca
--- /dev/null
+++ b/krb5-1.21.3/src/tests/threads/t_rcache.c
@@ -0,0 +1,260 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/threads/t_rcache.c */
+/*
+ * Copyright (C) 2006 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include <com_err.h>
+#include <krb5.h>
+#include <pthread.h>
+
+krb5_context ctx;
+krb5_rcache rcache;
+const char *rcname;
+time_t end_time;
+const char *prog;
+
+struct tinfo {
+    time_t now;
+    unsigned long my_ctime;
+    unsigned int my_cusec;
+    unsigned int total;
+    int idx;
+};
+
+#define DEFAULT_N_THREADS   2
+#define DEFAULT_INTERVAL   20 /* 5 * 60 */
+
+int init_once = 0;
+int n_threads = DEFAULT_N_THREADS;
+int interval = DEFAULT_INTERVAL;
+int *ip;
+
+static void wait_for_tick ()
+{
+    time_t now, next;
+    now = time(0);
+    do {
+        next = time(0);
+    } while (now == next);
+}
+
+/* Encrypt data into out (preallocated by the caller) with a random key. */
+static krb5_error_code encrypt_data (krb5_data *data, krb5_enc_data *out)
+{
+    krb5_keyblock kb;
+    krb5_error_code err;
+
+    err = krb5_c_make_random_key(ctx, ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+                                 &kb);
+    if (err)
+        return err;
+    err = krb5_c_encrypt(ctx, &kb, KRB5_KEYUSAGE_TGS_REQ_AUTH, NULL, data,
+                         out);
+    krb5_free_keyblock_contents(ctx, &kb);
+    return err;
+}
+
+static void try_one (struct tinfo *t)
+{
+    krb5_error_code err;
+    char buf[256], buf2[512];
+    krb5_rcache my_rcache;
+    krb5_data d;
+    krb5_enc_data enc;
+
+    snprintf(buf, sizeof(buf), "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU",
+             buf);
+
+    /* k5_rc_store() requires a ciphertext.  Create one by encrypting a dummy
+     * value in a random key. */
+    d = string2data(buf);
+    enc.ciphertext = make_data(buf2, sizeof(buf2));
+    err = encrypt_data(&d, &enc);
+    if (err != 0) {
+        const char *msg = krb5_get_error_message(ctx, err);
+        fprintf(stderr, "%s: encrypting authenticator: %s\n", prog, msg);
+        krb5_free_error_message(ctx, msg);
+        exit(1);
+    }
+
+    if (t->now != t->my_ctime) {
+        if (t->my_ctime != 0) {
+            snprintf(buf2, sizeof(buf2), "%3d: %ld %5d\n", t->idx,
+                     t->my_ctime, t->my_cusec);
+            printf("%s", buf2);
+        }
+        t->my_ctime = t->now;
+        t->my_cusec = 1;
+    } else
+        t->my_cusec++;
+    if (!init_once) {
+        err = k5_rc_resolve(ctx, rcname, &my_rcache);
+        if (err) {
+            const char *msg = krb5_get_error_message(ctx, err);
+            fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg);
+            krb5_free_error_message(ctx, msg);
+            exit(1);
+        }
+    } else
+        my_rcache = rcache;
+    err = k5_rc_store(ctx, my_rcache, &enc);
+    if (err) {
+        com_err(prog, err, "storing in replay cache");
+        exit(1);
+    }
+    if (!init_once)
+        k5_rc_close(ctx, my_rcache);
+}
+
+static void *run_a_loop (void *x)
+{
+    struct tinfo t = { 0 };
+
+    t.now = time(0);
+    t.idx = *(int *)x;
+    while (t.now != time(0))
+        ;
+    t.now = time(0);
+    while (t.now < end_time) {
+        t.now = time(0);
+        try_one(&t);
+        t.total++;
+    }
+    *(int*)x = t.total;
+    return 0;
+}
+
+static void usage(void)
+{
+    fprintf (stderr, "usage: %s [ options ] rcname\n", prog);
+    fprintf (stderr, "options:\n");
+    fprintf (stderr, "\t-1\tcreate one rcache handle for process\n");
+    fprintf (stderr, "\t-t N\tnumber of threads to create (default: %d)\n",
+             DEFAULT_N_THREADS);
+    fprintf (stderr,
+             "\t-i N\tinterval to run test over, in seconds (default: %d)\n",
+             DEFAULT_INTERVAL);
+    exit(1);
+}
+
+static const char optstring[] = "1t:i:";
+
+static void process_options (int argc, char *argv[])
+{
+    int c;
+
+    prog = argv[0];
+    while ((c = getopt(argc, argv, optstring)) != -1) {
+        switch (c) {
+        case '?':
+        case ':':
+        default:
+            usage ();
+        case '1':
+            init_once = 1;
+            break;
+        case 't':
+            n_threads = atoi (optarg);
+            if (n_threads < 1 || n_threads > 10000)
+                usage ();
+            break;
+        case 'i':
+            interval = atoi (optarg);
+            if (interval < 2 || n_threads > 100000)
+                usage ();
+            break;
+        }
+    }
+
+    argc -= optind;
+    argv += optind;
+    if (argc != 1)
+        usage ();
+    rcname = argv[0];
+}
+
+int main (int argc, char *argv[])
+{
+    krb5_error_code err;
+    int i;
+    unsigned long sum;
+
+    process_options (argc, argv);
+    err = krb5_init_context(&ctx);
+    if (err) {
+        com_err(prog, err, "initializing context");
+        return 1;
+    }
+
+    if (init_once) {
+        err = k5_rc_resolve(ctx, rcname, &rcache);
+        if (err) {
+            const char *msg = krb5_get_error_message(ctx, err);
+            fprintf(stderr, "%s: %s while initializing new replay cache\n",
+                    prog, msg);
+            krb5_free_error_message(ctx, msg);
+            return 1;
+        }
+    }
+
+    ip = malloc(sizeof(int) * n_threads);
+    if (ip == 0 && n_threads > 0) {
+        perror("malloc");
+        exit(1);
+    }
+    for (i = 0; i < n_threads; i++)
+        ip[i] = i;
+
+    wait_for_tick ();
+    end_time = time(0) + interval;
+
+    for (i = 0; i < n_threads; i++) {
+        pthread_t new_thread;
+        int perr;
+        perr = pthread_create(&new_thread, 0, run_a_loop, &ip[i]);
+        if (perr) {
+            errno = perr;
+            perror("pthread_create");
+            exit(1);
+        }
+    }
+    while (time(0) < end_time + 1)
+        sleep(1);
+    sum = 0;
+    for (i = 0; i < n_threads; i++) {
+        sum += ip[i];
+        printf("thread %d total %5d, about %.1f per second\n", i, ip[i],
+               ((double) ip[i])/interval);
+    }
+    printf("total %lu in %d seconds, avg ~%.1f/sec, ~%.1f/sec/thread\n",
+           sum, interval,
+           ((double)sum)/interval, ((double)sum)/interval/n_threads);
+    free(ip);
+
+    if (init_once)
+        k5_rc_close(ctx, rcache);
+    krb5_free_context(ctx);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/unlockiter.c b/krb5-1.21.3/src/tests/unlockiter.c
new file mode 100644
index 00000000..e854bc90
--- /dev/null
+++ b/krb5-1.21.3/src/tests/unlockiter.c
@@ -0,0 +1,276 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/unlockiter.c - test program for unlocked iteration */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Test unlocked KDB iteration.
+ */
+
+#include <sys/types.h>
+#include <sys/select.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+
+#include <errno.h>
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>             /* Some platforms need memset() for FD_ZERO */
+#include <unistd.h>
+
+struct cb_arg {
+    int inpipe;
+    int outpipe;
+    int timeout;
+    int done;
+};
+
+/* Helper function for cb(): read a sync byte (with possible timeout), then
+ * write a sync byte. */
+static int
+syncpair_rw(const char *name, struct cb_arg *arg, char *cp, int timeout)
+{
+    struct timeval tv;
+    fd_set rset;
+    int nfds;
+
+    FD_ZERO(&rset);
+    FD_SET(arg->inpipe, &rset);
+    tv.tv_sec = timeout;
+    tv.tv_usec = 0;
+
+    printf("cb: waiting for %s sync pair\n", name);
+    nfds = select(arg->inpipe + 1, &rset,
+                  NULL, NULL, (timeout == 0) ? NULL : &tv);
+    if (nfds < 0)
+        return -1;
+    if (nfds == 0) {
+        errno = ETIMEDOUT;
+        return -1;
+    }
+    if (read(arg->inpipe, cp, 1) < 0)
+        return -1;
+    printf("cb: writing %s sync pair\n", name);
+    if (write(arg->outpipe, cp, 1) < 0)
+        return -1;
+    return 0;
+}
+
+/* On the first iteration only, receive and send sync bytes to the locking
+ * child to drive its locking activities. */
+static krb5_error_code
+cb(void *argin, krb5_db_entry *ent)
+{
+    struct cb_arg *arg = argin;
+    char c = '\0';
+
+    if (arg->done)
+        return 0;
+
+    if (syncpair_rw("first", arg, &c, 0) < 0) {
+        com_err("cb", errno, "first sync pair");
+        return errno;
+    }
+    if (syncpair_rw("second", arg, &c, arg->timeout) < 0) {
+        com_err("cb", errno, "second sync pair");
+        return errno;
+    }
+    printf("cb: waiting for final sync byte\n");
+    if (read(arg->inpipe, &c, 1) < 0) {
+        com_err("cb", errno, "final sync byte");
+        return errno;
+    }
+    arg->done = 1;
+    return 0;
+}
+
+/* Parent process: iterate over the KDB, using a callback that synchronizes
+ * with the locking child. */
+static int
+iterator(struct cb_arg *cb_arg, char **db_args, pid_t child)
+{
+    krb5_error_code retval;
+    krb5_context ctx;
+
+    retval = krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx);
+    if (retval)
+        goto cleanup;
+
+    retval = krb5_db_open(ctx, db_args,
+                          KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
+    if (retval)
+        goto cleanup;
+
+    retval = krb5_db_iterate(ctx, NULL, cb, cb_arg, 0);
+    if (retval)
+        goto cleanup;
+
+    retval = krb5_db_fini(ctx);
+
+cleanup:
+    krb5_free_context(ctx);
+    if (retval) {
+        com_err("iterator", retval, "");
+        kill(child, SIGTERM);
+        exit(1);
+    }
+    return retval;
+}
+
+/* Helper function for locker(): write, then receive a sync byte. */
+static int
+syncpair_wr(const char *name, int inpipe, int outpipe, unsigned char *cp)
+{
+    printf("locker: writing %s sync pair\n", name);
+    if (write(outpipe, cp, 1) < 0)
+        return -1;
+    printf("locker: waiting for %s sync pair\n", name);
+    if (read(inpipe, cp, 1) < 0)
+        return -1;
+    return 0;
+}
+
+/* Child process: acquire and release a write lock on the KDB, synchronized
+ * with parent. */
+static int
+locker(int inpipe, int outpipe, char **db_args)
+{
+    krb5_error_code retval;
+    unsigned char c = '\0';
+    krb5_context ctx;
+
+    retval = krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx);
+    if (retval)
+        goto cleanup;
+
+    retval = krb5_db_open(ctx, db_args,
+                          KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
+    if (retval)
+        goto cleanup;
+
+    if (syncpair_wr("first", inpipe, outpipe, &c) < 0) {
+        retval = errno;
+        goto cleanup;
+    }
+    printf("locker: acquiring lock...\n");
+    retval = krb5_db_lock(ctx, KRB5_DB_LOCKMODE_EXCLUSIVE);
+    if (retval)
+        goto cleanup;
+    printf("locker: acquired lock\n");
+    if (syncpair_wr("second", inpipe, outpipe, &c) < 0) {
+        retval = errno;
+        goto cleanup;
+    }
+    krb5_db_unlock(ctx);
+    printf("locker: released lock\n");
+    printf("locker: writing final sync byte\n");
+    if (write(outpipe, &c, 1) < 0) {
+        retval = errno;
+        goto cleanup;
+    }
+    retval = krb5_db_fini(ctx);
+cleanup:
+    if (retval)
+        com_err("locker", retval, "");
+
+    krb5_free_context(ctx);
+    exit(retval != 0);
+}
+
+static void
+usage(const char *prog)
+{
+    fprintf(stderr, "usage: %s [-lu] [-t timeout]\n", prog);
+    exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+    struct cb_arg cb_arg;
+    pid_t child;
+    char *db_args[2] = { NULL, NULL };
+    int c;
+    int cstatus;
+    int pipe_to_locker[2], pipe_to_iterator[2];
+
+    cb_arg.timeout = 1;
+    cb_arg.done = 0;
+    while ((c = getopt(argc, argv, "lt:u")) != -1) {
+        switch (c) {
+        case 'l':
+            db_args[0] = "lockiter";
+            break;
+        case 't':
+            cb_arg.timeout = atoi(optarg);
+            break;
+        case 'u':
+            db_args[0] = "unlockiter";
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+    if (pipe(pipe_to_locker) < 0) {
+        com_err(argv[0], errno, "pipe(p_il)");
+        exit(1);
+    }
+    if (pipe(pipe_to_iterator) < 0) {
+        com_err(argv[0], errno, "pipe(p_li)");
+        exit(1);
+    }
+    cb_arg.inpipe = pipe_to_iterator[0];
+    cb_arg.outpipe = pipe_to_locker[1];
+    child = fork();
+    switch (child) {
+    case -1:
+        com_err(argv[0], errno, "fork");
+        exit(1);
+        break;
+    case 0:
+        locker(pipe_to_locker[0], pipe_to_iterator[1], db_args);
+        break;
+    default:
+        if (iterator(&cb_arg, db_args, child))
+            exit(1);
+        if (wait(&cstatus) < 0) {
+            com_err(argv[0], errno, "wait");
+            exit(1);
+        }
+        if (WIFSIGNALED(cstatus))
+            exit(1);
+        if (WIFEXITED(cstatus) && WEXITSTATUS(cstatus) != 0) {
+            exit(1);
+        }
+    }
+    exit(0);
+}
diff --git a/krb5-1.21.3/src/tests/verify/Makefile.in b/krb5-1.21.3/src/tests/verify/Makefile.in
new file mode 100644
index 00000000..bdff9d68
--- /dev/null
+++ b/krb5-1.21.3/src/tests/verify/Makefile.in
@@ -0,0 +1,16 @@
+mydir=tests$(S)verify
+BUILDTOP=$(REL)..$(S)..
+KDB5_DEP_LIB=$(THREAD_LINKOPTS) $(DL_LIB)
+
+SRCS=$(srcdir)/kdb5_verify.c
+
+all: kdb5_verify
+
+kdb5_verify: kdb5_verify.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o kdb5_verify kdb5_verify.o $(KDB5_LIBS) $(KDB5_DEP_LIB) $(KRB5_BASE_LIBS)
+
+install:
+
+clean:
+	$(RM) kdb5_verify.o kdb5_verify
+
diff --git a/krb5-1.21.3/src/tests/verify/deps b/krb5-1.21.3/src/tests/verify/deps
new file mode 100644
index 00000000..066e907c
--- /dev/null
+++ b/krb5-1.21.3/src/tests/verify/deps
@@ -0,0 +1,14 @@
+#
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)kdb5_verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_verify.c
diff --git a/krb5-1.21.3/src/tests/verify/kdb5_verify.c b/krb5-1.21.3/src/tests/verify/kdb5_verify.c
new file mode 100644
index 00000000..3b152bae
--- /dev/null
+++ b/krb5-1.21.3/src/tests/verify/kdb5_verify.c
@@ -0,0 +1,449 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/verify/kdb5_verify.c */
+/*
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "kdb.h"
+#include "com_err.h"
+#include <ss/ss.h>
+#include <stdio.h>
+
+#define REALM_SEP       '@'
+#define REALM_SEP_STR   "@"
+
+struct mblock {
+    krb5_deltat max_life;
+    krb5_deltat max_rlife;
+    krb5_timestamp expiration;
+    krb5_flags flags;
+    krb5_kvno mkvno;
+} mblock = {                            /* XXX */
+    KRB5_KDB_MAX_LIFE,
+    KRB5_KDB_MAX_RLIFE,
+    KRB5_KDB_EXPIRATION,
+    KRB5_KDB_DEF_FLAGS,
+    0
+};
+
+int set_dbname_help (krb5_context, char *, char *);
+
+static void
+usage(who, status)
+    char *who;
+    int status;
+{
+    fprintf(stderr,
+            "usage: %s -p prefix -n num_to_check [-d dbpathname] [-r realmname]\n",
+            who);
+    fprintf(stderr, "\t [-D depth] [-k enctype] [-M mkeyname]\n");
+
+    exit(status);
+}
+
+krb5_keyblock master_keyblock;
+krb5_principal master_princ;
+krb5_encrypt_block master_encblock;
+krb5_pointer master_random;
+char *str_master_princ;
+
+static char *progname;
+static char *cur_realm = 0;
+static char *mkey_name = 0;
+static char *mkey_password = 0;
+static krb5_boolean manual_mkey = FALSE;
+
+
+int check_princ (krb5_context, char *);
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    extern char *optarg;
+    int optchar, i, n;
+    char tmp[4096], tmp2[BUFSIZ], *str_princ;
+
+    krb5_context context;
+    krb5_error_code retval;
+    char *dbname = 0;
+    int enctypedone = 0;
+    int num_to_check;
+    char principal_string[BUFSIZ];
+    char *suffix = 0;
+    size_t suffix_size = 0;
+    int depth, errors;
+
+    krb5_init_context(&context);
+
+    if (strrchr(argv[0], '/'))
+        argv[0] = strrchr(argv[0], '/')+1;
+
+    progname = argv[0];
+
+    memset(principal_string, 0, sizeof(principal_string));
+    num_to_check = 0;
+    depth = 1;
+
+    while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:R:k:M:e:m")) != -1) {
+        switch(optchar) {
+        case 'D':
+            depth = atoi(optarg);       /* how deep to go */
+            break;
+        case 'P':               /* Only used for testing!!! */
+            mkey_password = optarg;
+            break;
+        case 'p':                       /* prefix name to check */
+            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+            principal_string[sizeof(principal_string) - 1] = '\0';
+            suffix = principal_string + strlen(principal_string);
+            suffix_size = sizeof(principal_string) -
+                (suffix - principal_string);
+            break;
+        case 'n':                        /* how many to check */
+            num_to_check = atoi(optarg);
+            break;
+        case 'd':                       /* set db name */
+            dbname = optarg;
+            break;
+        case 'r':
+            cur_realm = optarg;
+            break;
+        case 'k':
+            master_keyblock.enctype = atoi(optarg);
+            enctypedone++;
+            break;
+        case 'M':                       /* master key name in DB */
+            mkey_name = optarg;
+            break;
+        case 'm':
+            manual_mkey = TRUE;
+            break;
+        case '?':
+        default:
+            usage(progname, 1);
+            /*NOTREACHED*/
+        }
+    }
+
+    if (!(num_to_check && suffix)) usage(progname, 1);
+
+    if (!enctypedone)
+        master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+
+    if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
+        com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
+                "while setting up enctype %d", master_keyblock.enctype);
+        exit(1);
+    }
+
+    krb5_use_enctype(context, &master_encblock, master_keyblock.enctype);
+
+    if (!dbname)
+        dbname = DEFAULT_KDB_FILE;      /* XXX? */
+
+    if (!cur_realm) {
+        if ((retval = krb5_get_default_realm(context, &cur_realm))) {
+            com_err(progname, retval, "while retrieving default realm name");
+            exit(1);
+        }
+    }
+    if ((retval = set_dbname_help(context, progname, dbname)))
+        exit(retval);
+
+    errors = 0;
+
+    fprintf(stdout, "\nChecking ");
+
+    for (n = 1; n <= num_to_check; n++) {
+        /* build the new principal name */
+        /* we can't pick random names because we need to generate all the names
+           again given a prefix and count to test the db lib and kdb */
+        (void) snprintf(suffix, suffix_size, "%d", n);
+        (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
+        str_princ = tmp;
+        if (check_princ(context, str_princ)) errors++;
+
+        for (i = 2; i <= depth; i++) {
+            (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
+                            principal_string, i);
+            tmp2[sizeof(tmp2) - 1] = '\0';
+            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
+            str_princ = tmp;
+            if (check_princ(context, str_princ)) errors++;
+        }
+    }
+
+    if (errors)
+        fprintf(stdout, "\n%d errors/principals failed.\n", errors);
+    else
+        fprintf(stdout, "\nNo errors.\n");
+
+    krb5_finish_random_key(context, &master_encblock, &master_random);
+    krb5_finish_key(context, &master_encblock);
+
+    retval = krb5_db_fini(context);
+    memset(master_keyblock.contents, 0, (size_t) master_keyblock.length);
+    if (retval && retval != KRB5_KDB_DBNOTINITED) {
+        com_err(progname, retval, "while closing database");
+        exit(1);
+    }
+    krb5_free_keyblock_contents(context, &master_keyblock);
+
+    if (str_master_princ) {
+        krb5_free_unparsed_name(context, str_master_princ);
+    }
+    krb5_free_principal(context, master_princ);
+    krb5_free_context(context);
+    exit(0);
+}
+
+int
+check_princ(context, str_princ)
+    krb5_context context;
+    char * str_princ;
+{
+    krb5_error_code retval;
+    krb5_db_entry *kdbe = NULL;
+    krb5_keyblock pwd_key, db_key;
+    krb5_data pwd, salt;
+    krb5_principal princ;
+    /* char *str_mod_name; */
+    char princ_name[4096];
+
+    snprintf(princ_name, sizeof(princ_name), "%s@%s", str_princ, cur_realm);
+
+    if ((retval = krb5_parse_name(context, princ_name, &princ))) {
+        com_err(progname, retval, "while parsing '%s'", princ_name);
+        goto out;
+    }
+
+    pwd.data = princ_name;  /* must be able to regenerate */
+    pwd.length = strlen(princ_name);
+
+    if ((retval = krb5_principal2salt(context, princ, &salt))) {
+        com_err(progname, retval, "while converting principal to salt for '%s'", princ_name);
+        krb5_free_principal(context, princ);
+        goto out;
+    }
+
+    if ((retval = krb5_string_to_key(context, &master_encblock,
+                                     &pwd_key, &pwd, &salt))) {
+        com_err(progname, retval, "while converting password to key for '%s'",
+                princ_name);
+        krb5_free_data_contents(context, &salt);
+        krb5_free_principal(context, princ);
+        goto out;
+    }
+    krb5_free_data_contents(context, &salt);
+
+    if ((retval = krb5_db_get_principal(context, princ, 0, &kdbe))) {
+        com_err(progname, retval, "while attempting to verify principal's existence");
+        krb5_free_principal(context, princ);
+        goto out;
+    }
+    krb5_free_principal(context, princ);
+
+    if ((retval = krb5_dbe_decrypt_key_data(context, NULL,
+                                            kdbe->key_data, &db_key, NULL))) {
+        com_err(progname, retval, "while decrypting key for '%s'", princ_name);
+        goto errout;
+    }
+
+    if ((pwd_key.enctype != db_key.enctype) ||
+        (pwd_key.length != db_key.length)) {
+        fprintf (stderr, "\tKey types do not agree (%d expected, %d from db)\n",
+                 pwd_key.enctype, db_key.enctype);
+    errout:
+        krb5_db_free_principal(context, kdbe);
+        return(-1);
+    }
+    else {
+        if (memcmp((char *)pwd_key.contents, (char *) db_key.contents,
+                   (size_t) pwd_key.length)) {
+            fprintf(stderr, "\t key did not match stored value for %s\n",
+                    princ_name);
+            goto errout;
+        }
+    }
+
+    free(pwd_key.contents);
+    free(db_key.contents);
+
+    if (kdbe->key_data[0].key_data_kvno != 1) {
+        fprintf(stderr,"\tkvno did not match stored value for %s.\n", princ_name);
+        goto errout;
+    }
+
+    if (kdbe->max_life != mblock.max_life) {
+        fprintf(stderr, "\tmax life did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
+    }
+
+    if (kdbe->max_renewable_life != mblock.max_rlife) {
+        fprintf(stderr,
+                "\tmax renewable life did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
+    }
+
+    if (kdbe->expiration != mblock.expiration) {
+        fprintf(stderr, "\texpiration time did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
+    }
+
+/*
+  if ((retval = krb5_unparse_name(context, kdbe.mod_name, &str_mod_name)))
+  com_err(progname, retval, "while unparsing mode name");
+  else {
+  if (strcmp(str_mod_name, str_master_princ) != 0) {
+  fprintf(stderr, "\tmod name isn't the master princ (%s not %s).\n",
+  str_mod_name, str_master_princ);
+  free(str_mod_name);
+  goto errout;
+  }
+  else free(str_mod_name);
+  }
+*/
+
+    if (kdbe->attributes != mblock.flags) {
+        fprintf(stderr, "\tAttributes did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
+    }
+
+out:
+    krb5_db_free_principal(context, kdbe);
+
+    return(0);
+}
+
+int
+set_dbname_help(context, pname, dbname)
+    krb5_context context;
+    char *pname;
+    char *dbname;
+{
+    krb5_error_code retval;
+    krb5_data pwd, scratch;
+    char *args[2];
+    krb5_db_entry *master_entry;
+
+    /* assemble & parse the master key name */
+
+    if ((retval = krb5_db_setup_mkey_name(context, mkey_name, cur_realm, 0,
+                                          &master_princ))) {
+        com_err(pname, retval, "while setting up master key name");
+        return(1);
+    }
+    if (mkey_password) {
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(context, master_princ, &scratch);
+        if (retval) {
+            com_err(pname, retval, "while calculated master key salt");
+            return(1);
+        }
+        if ((retval = krb5_string_to_key(context, &master_encblock,
+                                         &master_keyblock, &pwd, &scratch))) {
+            com_err(pname, retval,
+                    "while transforming master key from password");
+            return(1);
+        }
+        free(scratch.data);
+    } else {
+        if ((retval = krb5_db_fetch_mkey(context, master_princ,
+                                         master_keyblock.enctype,
+                                         manual_mkey, FALSE, (char *) NULL,
+                                         NULL, NULL,
+                                         &master_keyblock))) {
+            com_err(pname, retval, "while reading master key");
+            return(1);
+        }
+    }
+
+    /* Ick!  Current DAL interface requires that the default_realm
+       field be set in the krb5_context.  */
+    if ((retval = krb5_set_default_realm(context, cur_realm))) {
+        com_err(pname, retval, "setting default realm");
+        return 1;
+    }
+    /* Pathname is passed to db2 via 'args' parameter.  */
+    args[1] = NULL;
+    if (asprintf(&args[0], "dbname=%s", dbname) < 0) {
+        com_err(pname, errno, "while setting up db parameters");
+        return 1;
+    }
+
+    if ((retval = krb5_db_open(context, args, KRB5_KDB_OPEN_RO))) {
+        com_err(pname, retval, "while initializing database");
+        return(1);
+    }
+    if ((retval = krb5_db_fetch_mkey_list(context, master_princ,
+                                          &master_keyblock))) {
+        com_err(pname, retval, "while verifying master key");
+        (void) krb5_db_fini(context);
+        return(1);
+    }
+    if ((retval = krb5_db_get_principal(context, master_princ, 0,
+                                        &master_entry))) {
+        com_err(pname, retval, "while retrieving master entry");
+        (void) krb5_db_fini(context);
+        return(1);
+    }
+
+    if ((retval = krb5_unparse_name(context, master_princ,
+                                    &str_master_princ))) {
+        com_err(pname, retval, "while unparsing master principal");
+        krb5_db_fini(context);
+        return(1);
+    }
+
+    if ((retval = krb5_process_key(context,
+                                   &master_encblock, &master_keyblock))) {
+        com_err(pname, retval, "while processing master key");
+        (void) krb5_db_fini(context);
+        return(1);
+    }
+    if ((retval = krb5_init_random_key(context,
+                                       &master_encblock, &master_keyblock,
+                                       &master_random))) {
+        com_err(pname, retval, "while initializing random key generator");
+        krb5_finish_key(context, &master_encblock);
+        (void) krb5_db_fini(context);
+        return(1);
+    }
+    mblock.max_life = master_entry->max_life;
+    mblock.max_rlife = master_entry->max_renewable_life;
+    mblock.expiration = master_entry->expiration;
+    /* don't set flags, master has some extra restrictions */
+    mblock.mkvno = master_entry->key_data[0].key_data_kvno;
+
+    krb5_db_free_principal(context, master_entry);
+    free(args[0]);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/tests/verify/pkey.c b/krb5-1.21.3/src/tests/verify/pkey.c
new file mode 100644
index 00000000..9ed575c4
--- /dev/null
+++ b/krb5-1.21.3/src/tests/verify/pkey.c
@@ -0,0 +1,24 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/verify/pkey.c */
+/*
+ * Copyright 1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * For copying and distribution information, please see the file
+ * <krb5/copyright.h>.
+ *
+ */
+
+#include <stdio.h>
+
+void pkey(k)
+    unsigned char *k;
+{
+    int i;
+    unsigned int foo;
+
+    for (i = 0 ; i < 8 ; i++) {
+        foo = *k++;
+        fprintf(stderr, "%x ", foo);
+    }
+}
diff --git a/krb5-1.21.3/src/util/Makefile.in b/krb5-1.21.3/src/util/Makefile.in
new file mode 100644
index 00000000..b80ffbed
--- /dev/null
+++ b/krb5-1.21.3/src/util/Makefile.in
@@ -0,0 +1,29 @@
+mydir=util
+# Windows NMAKE doesn't like @ in make variable names, and on
+# Windows we don't do the @FOO@ substitutions we do with UNIX
+# configure scripts, so hide this.
+##WIN32##!if 0
+SUBDIRS=support $(MAYBE_ET_@COM_ERR_VERSION@) $(MAYBE_SS_@SS_VERSION@) \
+	profile $(MAYBE_VERTO_@VERTO_VERSION@)
+##WIN32##!endif
+WINSUBDIRS=windows support et profile
+BUILDTOP=$(REL)..
+
+MAYBE_ET_k5 = et
+MAYBE_SS_k5 = ss
+MAYBE_ET_sys =
+MAYBE_ET_intlsys =
+MAYBE_SS_sys =
+MAYBE_VERTO_sys =
+MAYBE_VERTO_k5 = verto
+
+all-recurse:
+
+NO_OUTDIR=1
+
+install:
+	$(INSTALL_SCRIPT) $(srcdir)/krb5-send-pr.sh $(DESTDIR)$(ADMIN_BINDIR)/krb5-send-pr
+
+clean-unix::
+	$(RM) *.pyc
+	$(RM) -r __pycache__
diff --git a/krb5-1.21.3/src/util/ac_check_krb5.m4 b/krb5-1.21.3/src/util/ac_check_krb5.m4
new file mode 100644
index 00000000..e18183b6
--- /dev/null
+++ b/krb5-1.21.3/src/util/ac_check_krb5.m4
@@ -0,0 +1,58 @@
+dnl Copyright (C) 2005 by the Massachusetts Institute of Technology.
+dnl All rights reserved.
+dnl
+dnl Export of this software from the United States of America may
+dnl   require a specific license from the United States Government.
+dnl   It is the responsibility of any person or organization contemplating
+dnl   export to obtain such a license before exporting.
+dnl 
+dnl WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+dnl distribute this software and its documentation for any purpose and
+dnl without fee is hereby granted, provided that the above copyright
+dnl notice appear in all copies and that both that copyright notice and
+dnl this permission notice appear in supporting documentation, and that
+dnl the name of M.I.T. not be used in advertising or publicity pertaining
+dnl to distribution of the software without specific, written prior
+dnl permission.  Furthermore if you modify this software you must label
+dnl your software as modified software and not distribute it in such a
+dnl fashion that it might be confused with the original M.I.T. software.
+dnl M.I.T. makes no representations about the suitability of
+dnl this software for any purpose.  It is provided "as is" without express
+dnl or implied warranty.
+
+dnl AC_CHECK_KRB5
+dnl
+dnl Check for krb5-config; update CPPFLAGS and LDFLAGS accordingly.
+dnl
+AC_DEFUN([AC_CHECK_KRB5],
+[AC_ARG_WITH([kerberos5],
+	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
+	[if test "x$withval" != "xno"; then
+		if test "x$withval" = "xyes"; then
+			KRB5ROOT=/usr/local
+		else
+			KRB5ROOT=${withval}
+		fi
+		AC_MSG_CHECKING([for krb5-config])
+		if test -x "$KRB5ROOT/bin/krb5-config"; then
+			KRB5CONF=$KRB5ROOT/bin/krb5-config
+			AC_MSG_RESULT([$KRB5CONF])
+			AC_MSG_CHECKING([for gssapi support in krb5-config])
+			if "$KRB5CONF" | grep gssapi > /dev/null; then
+				AC_MSG_RESULT([yes])
+				k5confopts=gssapi
+			else
+				AC_MSG_RESULT([no])
+				k5confopts=
+			fi
+			K5CFLAGS=`"$KRB5CONF" --cflags $k5confopts`
+			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+
+			K5LIBS=`"$KRB5CONF" --libs $k5confopts`
+			LIBS="$LIBS $K5LIBS"
+		else
+			AC_MSG_RESULT([no])
+			AC_MSG_WARN([--with-kerberos5 specified but krb5-config not found])
+		fi
+	fi])
+])
diff --git a/krb5-1.21.3/src/util/check-ac-syms b/krb5-1.21.3/src/util/check-ac-syms
new file mode 100755
index 00000000..68131101
--- /dev/null
+++ b/krb5-1.21.3/src/util/check-ac-syms
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# args: srcdir srctop-from-srcdir header-path
+
+d=`pwd`
+head -1 $1/configure.ac > config-in.tmp
+echo "AC_CONFIG_HEADER(fooconfig.h:$d/fooconfig-h.tmp)" >> config-in.tmp
+tail +2 $1/configure.ac | grep -v AC_CONFIG_HEADER >> config-in.tmp
+mv -f config-in.tmp config-in.ac~
+
+if (cd $1 && autoheader --include=$2 $d/config-in.ac~) > /dev/null; then
+  rm -rf $1/autom4te.cache config-in.ac~
+else
+  rm -rf $1/autom4te.cache
+# config-in.ac~ fooconfig-h.tmp
+  echo autoheader failed, eek
+  exit 1
+fi
+
+awk '/^#undef/ { print $2; }' < fooconfig-h.tmp | sort > acsyms.here
+rm -f fooconfig-h.tmp
+awk '/^#undef/ { print $2; }' < $3 | sort > acsyms.there
+
+comm -23 acsyms.here acsyms.there > acsyms.extra
+rm -f acsyms.here acsyms.there
+
+if test -s acsyms.extra; then
+  echo ERROR: Symbol or symbols defined here but not in `basename $3`: `cat acsyms.extra`
+  rm -f acsyms.extra
+  exit 1
+fi
+rm -f acsyms.extra
+exit 0
diff --git a/krb5-1.21.3/src/util/cstyle-file.py b/krb5-1.21.3/src/util/cstyle-file.py
new file mode 100644
index 00000000..837fa05e
--- /dev/null
+++ b/krb5-1.21.3/src/util/cstyle-file.py
@@ -0,0 +1,323 @@
+# Copyright (C) 2012 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+# This program checks for some kinds of MIT krb5 coding style
+# violations in a single file.  Checked violations include:
+#
+#   Line is too long
+#   Tabs violations
+#   Trailing whitespace and final blank lines
+#   Comment formatting errors
+#   Preprocessor statements in function bodies
+#   Misplaced braces
+#   Space before paren in function call, or no space after if/for/while
+#   Parenthesized return expression
+#   Space after cast operator, or no space before * in cast operator
+#   Line broken before binary operator
+#   Lack of spaces around binary operator (sometimes)
+#   Assignment at the beginning of an if conditional
+#   Use of prohibited string functions
+#   Lack of braces around 2+ line flow control body
+#   Incorrect indentation as determined by emacs c-mode (if possible)
+#
+# This program does not check for the following:
+#
+#   Anything outside of a function body except line length/whitespace
+#   Anything non-syntactic (proper cleanup flow control, naming, etc.)
+#   UTF-8 violations
+#   Implicit tests against NULL or '\0'
+#   Inner-scope variable declarations
+#   Over- or under-parenthesization
+#   Long or deeply nested function bodies
+#   Syntax of function calls through pointers
+
+import os
+import re
+import sys
+from subprocess import call
+from tempfile import NamedTemporaryFile
+
+def warn(ln, msg):
+    print('%5d  %s' % (ln, msg))
+
+
+# If lines[0] indicates the krb5 C style, try to use emacs to reindent
+# a copy of lines.  Return None if the file does not use the krb5 C
+# style or if the emacs batch reindent is unsuccessful.
+def emacs_reindent(lines):
+    if 'c-basic-offset: 4; indent-tabs-mode: nil' not in lines[0]:
+        return None
+
+    util_dir = os.path.dirname(sys.argv[0])
+    cstyle_el = os.path.join(util_dir, 'krb5-c-style.el')
+    reindent_el = os.path.join(util_dir, 'krb5-batch-reindent.el')
+    with NamedTemporaryFile(suffix='.c', mode='w+') as f:
+        f.write(''.join(lines))
+        f.flush()
+        args = ['emacs', '-q', '-batch', '-l', cstyle_el, '-l', reindent_el,
+                f.name]
+        with open(os.devnull, 'w') as devnull:
+            try:
+                st = call(args, stdin=devnull, stdout=devnull, stderr=devnull)
+                if st != 0:
+                    return None
+            except OSError:
+                # Fail gracefully if emacs isn't installed.
+                return None
+        f.seek(0)
+        ilines = f.readlines()
+        f.close()
+        return ilines
+
+
+def check_length(line, ln):
+    if len(line) > 79 and not line.startswith(' * Copyright'):
+        warn(ln, 'Length exceeds 79 characters')
+
+
+def check_tabs(line, ln, allow_tabs, seen_tab):
+    if not allow_tabs:
+        if '\t' in line:
+            warn(ln, 'Tab character in file which does not allow tabs')
+    else:
+        if ' \t' in line:
+            warn(ln, 'Tab character immediately following space')
+        if '        ' in line and seen_tab:
+            warn(ln, '8+ spaces in file which uses tabs')
+
+
+def check_trailing_whitespace(line, ln):
+    if line and line[-1] in ' \t':
+        warn(ln, 'Trailing whitespace')
+
+
+def check_comment(lines, ln):
+    align = lines[0].index('/*') + 1
+    if not lines[0].lstrip().startswith('/*'):
+        warn(ln, 'Multi-line comment begins after code')
+    for line in lines[1:]:
+        ln += 1
+        if len(line) <= align or line[align] != '*':
+            warn(ln, 'Comment line does not have * aligned with top')
+        elif line[:align].lstrip() != '':
+            warn(ln, 'Garbage before * in comment line')
+    if not lines[-1].rstrip().endswith('*/'):
+        warn(ln, 'Code after end of multi-line comment')
+    if len(lines) > 2 and (lines[0].strip() not in ('/*', '/**') or
+                           lines[-1].strip() != '*/'):
+        warn(ln, 'Comment is 3+ lines but is not formatted as block comment')
+
+
+def check_preprocessor(line, ln):
+    if line.startswith('#'):
+        warn(ln, 'Preprocessor statement in function body')
+
+
+def check_braces(line, ln):
+    # Strip out one-line initializer expressions.
+    line = re.sub(r'=\s*{.*}', '', line)
+    if line.lstrip().startswith('{') and not line.startswith('{'):
+        warn(ln, 'Un-cuddled open brace')
+    if re.search(r'{\s*\S', line):
+        warn(ln, 'Code on line after open brace')
+    if re.search(r'\S.*}', line):
+        warn(ln, 'Code on line before close brace')
+
+
+# This test gives false positives on some function pointer type
+# declarations or casts.  Avoid this by using typedefs.
+def check_space_before_paren(line, ln):
+    for m in re.finditer(r'([\w]+)(\s*)\(', line):
+        ident, ws = m.groups()
+        if ident in ('void', 'char', 'int', 'long', 'unsigned'):
+            pass
+        elif ident in ('if', 'for', 'while', 'switch'):
+            if not ws:
+                warn(ln, 'No space after flow control keyword')
+        elif ident != 'return':
+            if ws:
+                warn(ln, 'Space before parenthesis in function call')
+
+    if re.search(r' \)', line):
+        warn(ln, 'Space before close parenthesis')
+
+
+def check_parenthesized_return(line, ln):
+    if re.search(r'return\s*\(.*\);', line):
+        warn(ln, 'Parenthesized return expression')
+
+
+def check_cast(line, ln):
+    # We can't reliably distinguish cast operators from parenthesized
+    # expressions or function call parameters without a real C parser,
+    # so we use some heuristics.  A cast operator is followed by an
+    # expression, which usually begins with an identifier or an open
+    # paren.  A function call or parenthesized expression is never
+    # followed by an identifier and only rarely by an open paren.  We
+    # won't detect a cast operator when it's followed by an expression
+    # beginning with '*', since it's hard to distinguish that from a
+    # multiplication operator.  We will get false positives from
+    # "(*fp) (args)" and "if (condition) statement", but both of those
+    # are erroneous anyway.
+    for m in re.finditer(r'\(([^(]+)\)(\s*)[a-zA-Z_(]', line):
+        if m.group(2):
+            warn(ln, 'Space after cast operator (or inline if/while body)')
+        # Check for casts like (char*) which should have a space.
+        if re.search(r'[^\s\*]\*+$', m.group(1)):
+            warn(ln, 'No space before * in cast operator')
+
+
+def check_binary_operator(line, ln):
+    binop = r'(\+|-|\*|/|%|\^|==|=|!=|<=|<|>=|>|&&|&|\|\||\|)'
+    if re.match(r'\s*' + binop + r'\s', line):
+        warn(ln - 1, 'Line broken before binary operator')
+    for m in re.finditer(r'(\s|\w)' + binop + r'(\s|\w)', line):
+        before, op, after = m.groups()
+        if not before.isspace() and not after.isspace():
+            warn(ln, 'No space before or after binary operator')
+        elif not before.isspace():
+            warn(ln, 'No space before binary operator')
+        elif op not in ('-', '*', '&') and not after.isspace():
+            warn(ln, 'No space after binary operator')
+
+
+def check_assignment_in_conditional(line, ln):
+    # Check specifically for if statements; we allow assignments in
+    # loop expressions.
+    if re.search(r'if\s*\(+\w+\s*=[^=]', line):
+        warn(ln, 'Assignment in if conditional')
+
+
+def indent(line):
+    return len(re.match('\s*', line).group(0).expandtabs())
+
+
+def check_unbraced_flow_body(line, ln, lines):
+    if re.match(r'\s*do$', line):
+        warn(ln, 'do statement without braces')
+        return
+
+    m = re.match(r'\s*(})?\s*else(\s*if\s*\(.*\))?\s*({)?\s*$', line)
+    if m and (m.group(1) is None) != (m.group(3) is None):
+        warn(ln, 'One arm of if/else statement braced but not the other')
+
+    if (re.match('\s*(if|else if|for|while)\s*\(.*\)$', line) or
+        re.match('\s*else$', line)):
+        base = indent(line)
+        # Look at the next two lines (ln is 1-based so lines[ln] is next).
+        if indent(lines[ln]) > base and indent(lines[ln + 1]) > base:
+            warn(ln, 'Body is 2+ lines but has no braces')
+
+
+def check_bad_string_fn(line, ln):
+    # This is intentionally pretty fuzzy so that we catch the whole scanf
+    if re.search(r'\W(strcpy|strcat|sprintf|\w*scanf)\W', line):
+        warn(ln, 'Prohibited string function')
+
+
+def check_indentation(line, indented_lines, ln):
+    if not indented_lines:
+        return
+
+    if ln - 1 >= len(indented_lines):
+        # This should only happen when the emacs reindent removed
+        # blank lines from the input file, but check.
+        if line.strip() == '':
+            warn(ln, 'Trailing blank line')
+        return
+
+    if line != indented_lines[ln - 1].rstrip('\r\n'):
+        warn(ln, 'Indentation may be incorrect')
+
+
+def check_file(lines):
+    # Check if this file allows tabs.
+    if len(lines) == 0:
+        return
+    allow_tabs = 'indent-tabs-mode: nil' not in lines[0]
+    seen_tab = False
+    indented_lines = emacs_reindent(lines)
+
+    in_function = False
+    comment = []
+    ln = 0
+    for line in lines:
+        ln += 1
+        line = line.rstrip('\r\n')
+        seen_tab = seen_tab or ('\t' in line)
+
+        # Check line structure issues before altering the line.
+        check_indentation(line, indented_lines, ln)
+        check_length(line, ln)
+        check_tabs(line, ln, allow_tabs, seen_tab)
+        check_trailing_whitespace(line, ln)
+
+        # Strip out single-line comments the contents of string literals.
+        if not comment:
+            line = re.sub(r'/\*.*?\*/', '', line)
+            line = re.sub(r'"(\\.|[^"])*"', '""', line)
+
+        # Parse out and check multi-line comments.  (Ignore code on
+        # the first or last line; check_comment will warn about it.)
+        if comment or '/*' in line:
+            comment.append(line)
+            if '*/' in line:
+                check_comment(comment, ln - len(comment) + 1)
+                comment = []
+            continue
+
+        # Warn if we see a // comment and ignore anything following.
+        if '//' in line:
+            warn(ln, '// comment')
+            line = re.sub(r'//.*/', '', line)
+
+        if line.startswith('{'):
+            in_function = True
+        elif line.startswith('}'):
+            in_function = False
+
+        if in_function:
+            check_preprocessor(line, ln)
+            check_braces(line, ln)
+            check_space_before_paren(line, ln)
+            check_parenthesized_return(line, ln)
+            check_cast(line, ln)
+            check_binary_operator(line, ln)
+            check_assignment_in_conditional(line, ln)
+            check_unbraced_flow_body(line, ln, lines)
+            check_bad_string_fn(line, ln)
+
+    if lines[-1] == '':
+        warn(ln, 'Blank line at end of file')
+
+
+if len(sys.argv) == 1:
+    lines = sys.stdin.readlines()
+elif len(sys.argv) == 2:
+    f = open(sys.argv[1])
+    lines = f.readlines()
+    f.close()
+else:
+    sys.stderr.write('Usage: cstyle-file [filename]\n')
+    sys.exit(1)
+
+check_file(lines)
diff --git a/krb5-1.21.3/src/util/cstyle.py b/krb5-1.21.3/src/util/cstyle.py
new file mode 100644
index 00000000..c485d3ff
--- /dev/null
+++ b/krb5-1.21.3/src/util/cstyle.py
@@ -0,0 +1,188 @@
+# Copyright (C) 2012 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+# This program attempts to detect MIT krb5 coding style violations
+# attributable to the changes a series of git commits.  It can be run
+# from anywhere within a git working tree.
+
+import getopt
+import os
+import re
+import sys
+from subprocess import Popen, PIPE, call
+
+def usage():
+    u = ['Usage: cstyle [-w] [rev|rev1..rev2]',
+         '',
+         'By default, checks working tree against HEAD, or checks changes in',
+         'HEAD if the working tree is clean.  With a revision option, checks',
+         'changes in rev or the series rev1..rev2.  With the -w option,',
+         'checks working tree against rev (defaults to HEAD).']
+    sys.stderr.write('\n'.join(u) + '\n')
+    sys.exit(1)
+
+
+# Run a command and return a list of its output lines.
+def run(args):
+    # subprocess.check_output would be ideal here, but requires Python 2.7.
+    p = Popen(args, stdout=PIPE, stderr=PIPE, universal_newlines=True)
+    out, err = p.communicate()
+    if p.returncode != 0:
+        sys.stderr.write('Failed command: ' + ' '.join(args) + '\n')
+        if err != '':
+            sys.stderr.write('stderr:\n' + err)
+        sys.stderr.write('Unexpected command failure, exiting\n')
+        sys.exit(1)
+    return out.splitlines()
+
+
+# Find the top level of the git working tree, or None if we're not in
+# one.
+def find_toplevel():
+    # git doesn't seem to have a way to do this, so we search by hand.
+    dir = os.getcwd()
+    while True:
+        if os.path.exists(os.path.join(dir, '.git')):
+            break
+        parent = os.path.dirname(dir)
+        if (parent == dir):
+            return None
+        dir = parent
+    return dir
+
+
+# Check for style issues in a file within rev (or within the current
+# checkout if rev is None).  Report only problems on line numbers in
+# new_lines.
+line_re = re.compile(r'^\s*(\d+)  (.*)$')
+def check_file(filename, rev, new_lines):
+    # Process only C source files under src.
+    root, ext = os.path.splitext(filename)
+    if not filename.startswith('src/') or ext not in ('.c', '.h', '.hin'):
+        return
+    dispname = filename[4:]
+
+    if rev is None:
+        p1 = Popen(['cat', filename], stdout=PIPE)
+    else:
+        p1 = Popen(['git', 'show', rev + ':' + filename], stdout=PIPE)
+    p2 = Popen([sys.executable, 'src/util/cstyle-file.py'], stdin=p1.stdout,
+               stdout=PIPE, universal_newlines=True)
+    p1.stdout.close()
+    out, err = p2.communicate()
+    if p2.returncode != 0:
+        sys.exit(1)
+
+    first = True
+    for line in out.splitlines():
+        m = line_re.match(line)
+        if int(m.group(1)) in new_lines:
+            if first:
+                print('  ' + dispname + ':')
+                first = False
+            print('    ' + line)
+
+
+# Determine the lines of each file modified by diff (a sequence of
+# strings) and check for style violations in those lines.  rev
+# indicates the version in which the new contents of each file can be
+# found, or is None if the current contents are in the working copy.
+chunk_header_re = re.compile(r'^@@ -\d+(,(\d+))? \+(\d+)(,(\d+))? @@')
+def check_diff(diff, rev):
+    old_count, new_count, lineno = 0, 0, 0
+    filename = None
+    for line in diff:
+        if not line or line.startswith('\\ No newline'):
+            continue
+        if old_count > 0 or new_count > 0:
+            # We're in a chunk.
+            if line[0] == '+':
+                new_lines.append(lineno)
+            if line[0] in ('+', ' '):
+                new_count = new_count - 1
+                lineno = lineno + 1
+            if line[0] in ('-', ' '):
+                old_count = old_count - 1
+        elif line.startswith('+++ b/'):
+            # We're starting a new file.  Check the last one.
+            if filename:
+                check_file(filename, rev, new_lines)
+            filename = line[6:]
+            new_lines = []
+        else:
+            m = chunk_header_re.match(line)
+            if m:
+                old_count = int(m.group(2) or '1')
+                lineno = int(m.group(3))
+                new_count = int(m.group(5) or '1')
+
+    # Check the last file in the diff.
+    if filename:
+        check_file(filename, rev, new_lines)
+
+
+# Check a sequence of revisions for style issues.
+def check_series(revlist):
+    for rev in revlist:
+        sys.stdout.flush()
+        call(['git', 'show', '-s', '--oneline', rev])
+        diff = run(['git', 'diff-tree', '--no-commit-id', '--root', '-M',
+                    '--cc', rev])
+        check_diff(diff, rev)
+
+
+# Parse arguments.
+try:
+    opts, args = getopt.getopt(sys.argv[1:], 'w')
+except getopt.GetoptError as err:
+    print(str(err))
+    usage()
+if len(args) > 1:
+    usage()
+
+# Change to the top level of the working tree so we easily run the file
+# checker and refer to working tree files.
+toplevel = find_toplevel()
+if toplevel is None:
+    sys.stderr.write('%s must be run within a git working tree')
+os.chdir(toplevel)
+
+if ('-w', '') in opts:
+    # Check the working tree against a base revision.
+    arg = 'HEAD'
+    if args:
+        arg = args[0]
+    check_diff(run(['git', 'diff', arg]), None)
+elif args:
+    # Check the differences in a rev or a series of revs.
+    if '..' in args[0]:
+        check_series(run(['git', 'rev-list', '--reverse', args[0]]))
+    else:
+        check_series([args[0]])
+else:
+    # No options or arguments.  Check the differences against HEAD, or
+    # the differences in HEAD if the working tree is clean.
+    diff = run(['git', 'diff', 'HEAD'])
+    if diff:
+        check_diff(diff, None)
+    else:
+        check_series(['HEAD'])
diff --git a/krb5-1.21.3/src/util/def-check.pl b/krb5-1.21.3/src/util/def-check.pl
new file mode 100644
index 00000000..ccdf8ef1
--- /dev/null
+++ b/krb5-1.21.3/src/util/def-check.pl
@@ -0,0 +1,265 @@
+#!/usr/athena/bin/perl -w
+
+# Code initially generated by s2p
+# Code modified to use strict and IO::File
+
+eval 'exec /usr/athena/bin/perl -S $0 ${1+"$@"}'
+    if 0; # line above evaluated when running under some shell (i.e., not perl)
+
+use strict;
+use IO::File;
+
+my $verbose = 0;
+my $error = 0;
+if ( $ARGV[0] eq "-v" ) { $verbose = 1; shift @ARGV; }
+my $h_filename = shift @ARGV || die "usage: $0 [-v] header-file [def-file]\n";
+my $d_filename = shift @ARGV;
+
+my $h = open_always($h_filename);
+my $d = open_always($d_filename) if $d_filename;
+
+sub open_always
+{
+    my $file = shift || die;
+    my $handle = new IO::File "<$file";
+    die "Could not open $file\n" if !$handle;
+    return $handle;
+}
+
+my @convW = ();
+my @convC = ();
+my @convK = ();
+my @convD = ();
+my @vararg = ();
+
+my $len1;
+my %conv;
+my $printit;
+my $vararg;
+
+LINE:
+while (! $h->eof()) {
+    $_ = $h->getline();
+    chop;
+    # get calling convention info for function decls
+    # what about function pointer typedefs?
+    # need to verify unhandled syntax actually triggers a report, not ignored
+    # blank lines
+    if (/^[ \t]*$/) {
+        next LINE;
+    }
+  Top:
+    # drop KRB5INT_BEGIN_DECLS and KRB5INT_END_DECLS
+    if (/^ *(KRB5INT|GSSAPI[A-Z]*)_(BEGIN|END)_DECLS/) {
+        next LINE;
+    }
+    # drop preprocessor directives
+    if (/^ *#/) {
+	while (/\\$/) { $_ .= $h->getline(); }
+        next LINE;
+    }
+    if (/^ *\?==/) {
+        next LINE;
+    }
+    s/#.*$//;
+    if (/^\} *$/) {
+        next LINE;
+    }
+    # strip comments
+  Cloop1:
+    if (/\/\*./) {
+	s;/\*[^*]*;/*;;
+	s;/\*\*([^/]);/*$1;;
+	s;/\*\*$;/*;;
+	s;/\*\*/; ;g;
+	goto Cloop1;
+    }
+    # multi-line comments?
+    if (/\/\*$/) {
+	$_ .= " ";
+	$len1 = length;
+	$_ .= $h->getline();
+	chop if $len1 < length;
+	goto Cloop1 if /\/\*./;
+    }
+    # blank lines
+    if (/^[ \t]*$/) {
+        next LINE;
+    }
+    if (/^ *extern "C" \{/) {
+        next LINE;
+    }
+    s/KRB5_ATTR_DEPRECATED//;
+    # elide struct definitions
+  Struct1:
+    if (/\{[^}]*\}/) {
+	s/\{[^}]*\}/ /g;
+	goto Struct1;
+    }
+    # multi-line defs
+    if (/\{/) {
+	$_ .= "\n";
+	$len1 = length;
+	$_ .= $h->getline();
+	chop if $len1 < length;
+	goto Struct1;
+    }
+  Semi:
+    unless (/;/) {
+	$_ .= "\n";
+	$len1 = length;
+	$_ .= $h->getline();
+	chop if $len1 < length;
+	s/\n/ /g;
+	s/[ \t]+/ /g;
+	s/^[ \t]*//;
+	goto Top;
+    }
+    if (/^typedef[^;]*;/) {
+	s/^typedef[^;]*;//g;
+	goto Semi;
+    }
+    if (/^struct[^\(\)]*;/) {
+	s/^struct[^\(\)]*;//g;
+	goto Semi;
+    }
+    # should just have simple decls now; split lines at semicolons
+    s/ *;[ \t]*$//;
+    s/ *;/\n/g;
+    if (/^[ \t]*$/) {
+        next LINE;
+    }
+    s/[ \t]*$//;
+    goto Notfunct unless /\(.*\)/;
+    # Get rid of KRB5_PROTOTYPE
+    s/KRB5_PROTOTYPE//;
+    s/KRB5_STDARG_P//;
+    # here, is probably function decl
+    # strip simple arg list - parens, no parens inside; discard, iterate.
+    # the iteration should deal with function pointer args.
+    $vararg = /\.\.\./;
+  Striparg:
+    if (/ *\([^\(\)]*\)/) {
+	s/ *\([^\(\)]*\)//g;
+	goto Striparg;
+    }
+    # Also strip out attributes, or what's left over of them.
+    if (/__attribute__/) {
+	s/[ \t]*__attribute__[ \t]*//g;
+	goto Striparg;
+    }
+    # replace return type etc with one token indicating calling convention
+    if (/CALLCONV/) {
+	if (/\bKRB5_CALLCONV_WRONG\b/) {
+	    s/^.*KRB5_CALLCONV_WRONG *//;
+	    die "Invalid function name: '$_'" if (!/^[A-Za-z0-9_]+$/);
+	    push @convW, $_;
+	    push @vararg, $_ if $vararg;
+	} elsif (/\bKRB5_CALLCONV_C\b/) {
+	    s/^.*KRB5_CALLCONV_C *//;
+	    die "Invalid function name: '$_'" if (!/^[A-Za-z0-9_]+$/);
+	    push @convC, $_;
+	    push @vararg, $_ if $vararg;
+	} elsif (/\bKRB5_CALLCONV\b/) {
+	    s/^.*KRB5_CALLCONV *//;
+	    die "Invalid function name: '$_'" if (!/^[A-Za-z0-9_]+$/);
+	    push @convK, $_;
+	    push @vararg, $_ if $vararg;
+	} else {
+	    die "Unrecognized calling convention while parsing: '$_'\n";
+	}
+	goto Hadcallc;
+    }
+    # deal with no CALLCONV indicator
+    s/^.* \**(\w+) *$/$1/;
+    die "Invalid function name: '$_'" if (!/^[A-Za-z0-9_]+$/);
+    push @convD, $_;
+    push @vararg, $_ if $vararg;
+  Hadcallc:
+    goto Skipnotf;
+  Notfunct:
+    # probably a variable
+    s/^/VARIABLE_DECL /;
+  Skipnotf:
+    # toss blank lines
+    if (/^[ \t]*$/) {
+        next LINE;
+    }
+}
+
+if ( $verbose ) {
+    print join("\n\t", "Using default calling convention:", sort(@convD));
+    print join("\n\t", "\nUsing KRB5_CALLCONV:", sort(@convK));
+    print join("\n\t", "\nUsing KRB5_CALLCONV_C:", sort(@convC));
+    print join("\n\t", "\nUsing KRB5_CALLCONV_WRONG:", sort(@convW));
+    print "\n","-"x70,"\n";
+}
+
+%conv = ();
+map { $conv{$_} = "default"; } @convD;
+map { $conv{$_} = "KRB5_CALLCONV"; } @convK;
+map { $conv{$_} = "KRB5_CALLCONV_C"; } @convC;
+map { $conv{$_} = "KRB5_CALLCONV_WRONG"; } @convW;
+
+my %vararg = ();
+map { $vararg{$_} = 1; } @vararg;
+
+if (!$d) {
+    print "No .DEF file specified\n" if $verbose;
+    exit 0;
+}
+
+LINE2:
+while (! $d->eof()) {
+    $_ = $d->getline();
+    chop;
+    #
+    if (/^;/) {
+        $printit = 0;
+        next LINE2;
+    }
+    if (/^[ \t]*$/) {
+        $printit = 0;
+        next LINE2;
+    }
+    if (/^EXPORTS/ || /^DESCRIPTION/ || /^HEAPSIZE/) {
+        $printit = 0;
+        next LINE2;
+    }
+    s/[ \t]*//g;
+    s/@[0-9]+//;
+    my($xconv);
+    if (/PRIVATE/ || /INTERNAL/) {
+	$xconv = "PRIVATE";
+    } elsif (/DATA/) {
+	$xconv = "DATA";
+    } elsif (/!CALLCONV/ || /KRB5_CALLCONV_WRONG/) {
+	$xconv = "KRB5_CALLCONV_WRONG";
+    } elsif ($vararg{$_}) {
+	$xconv = "KRB5_CALLCONV_C";
+    } else {
+	$xconv = "KRB5_CALLCONV";
+    }
+    s/;.*$//;
+
+    if ($xconv eq "PRIVATE") {
+	print "\t private $_\n" if $verbose;
+	next LINE2;
+    }
+    if ($xconv eq "DATA") {
+	print "\t data $_\n" if $verbose;
+	next LINE2;
+    }
+    if (!defined($conv{$_})) {
+	print "No calling convention specified for $_!\n";
+	$error = 1;
+    } elsif (! ($conv{$_} eq $xconv)) {
+	print "Function $_ should have calling convention '$xconv', but has '$conv{$_}' instead.\n";
+	$error = 1;
+    } else {
+#	print "Function $_ is okay.\n";
+    }
+}
+
+#print "Calling conventions defined for: ", keys(%conv);
+exit $error;
diff --git a/krb5-1.21.3/src/util/depfix.pl b/krb5-1.21.3/src/util/depfix.pl
new file mode 100644
index 00000000..9982fa0d
--- /dev/null
+++ b/krb5-1.21.3/src/util/depfix.pl
@@ -0,0 +1,216 @@
+#!env perl -w
+#
+# Copyright 1995,2001,2002,2003,2004,2005,2009 by the Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+#
+
+eval 'exec perl -S $0 ${1+"$@"}'
+  if 0;
+$0 =~ s/^.*?(\w+)[\.\w+]*$/$1/;
+
+# Input: srctop thisdir srcdir buildtop stlibobjs
+
+# Notes: myrelativedir is something like "lib/krb5/asn.1" or ".".
+# stlibobjs will usually be empty, or include spaces.
+
+# A typical set of inputs, produced with srcdir=.. at top level:
+#
+# top_srcdir = ../../../util/et/../..
+# thisdir = util/et
+# srcdir = ../../../util/et
+# BUILDTOP = ../..
+# STLIBOBJS = error_message.o et_name.o com_err.o
+
+my($top_srcdir,$thisdir,$srcdir,$BUILDTOP,$STLIBOBJS) = @ARGV;
+
+if (0) {
+    print STDERR "top_srcdir = $top_srcdir\n";
+    print STDERR "BUILDTOP = $BUILDTOP\n";
+    print STDERR "STLIBOBJS = $STLIBOBJS\n";
+}
+
+#$srcdirpat = quotemeta($srcdir);
+
+my($extrasuffixes) = ($STLIBOBJS ne "");
+
+sub my_qm {
+    my($x) = @_;
+    $x = quotemeta($x);
+    $x =~ s,\\/,/,g;
+    return $x;
+}
+
+sub strrep {
+    my($old,$new,$s) = @_;
+    my($l) = "strrep('$old','$new','$s')";
+    my($out) = "";
+    while ($s ne "") {
+	my($i) = index($s, $old);
+	if ($i == -1) {
+	    $out .= $s;
+	    $s = "";
+	} else {
+	    $out .= substr($s, 0, $i) . $new;
+	    if (length($s) > $i + length($old)) {
+		$s = substr($s, $i + length($old));
+	    } else {
+		$s = "";
+	    }
+	}
+    }
+#    print STDERR "$l = '$out'\n";
+    return $out;
+}
+
+sub do_subs {
+    local($_) = @_;
+    s,\\$, \\,g; s, + \\$, \\,g;
+    s,//+,/,g; s, \./, ,g;
+    if ($extrasuffixes) {
+	# Only care about the additional prefixes if we're building
+	# shared libraries.
+	s,^([a-zA-Z0-9_\-]*)\.o:,$1.so $1.po \$(OUTPRE)$1.\$(OBJEXT):,;
+    } else {
+	s,^([a-zA-Z0-9_\-]*)\.o:,\$(OUTPRE)$1.\$(OBJEXT):,;
+    }
+    # Recognize $(top_srcdir) and variants.
+    my($srct) = $top_srcdir . "/";
+    $_ = strrep(" $srct", " \$(top_srcdir)/", $_);
+#    s, $pat, \$(top_srcdir)/,go;
+    while ($srct =~ m,/[a-z][a-zA-Z0-9_.\-]*/\.\./,) {
+	$srct =~ s,/[a-z][a-zA-Z0-9_.\-]*/\.\./,/,;
+	$_ = strrep(" $srct", " \$(top_srcdir)/", $_);
+    }
+    # Now try to produce pathnames relative to $(srcdir).
+    if ($thisdir eq ".") {
+	# blah
+    } else {
+	my($pat) = " \$(top_srcdir)/$thisdir/";
+	my($out) = " \$(srcdir)/";
+	$_ = strrep($pat, $out, $_);
+	while ($pat =~ m,/[a-z][a-zA-Z0-9_.\-]*/$,) {
+	    $pat =~ s,/[a-z][a-zA-Z0-9_.\-]*/$,/,;
+	    $out .= "../";
+	    if ($pat ne " \$(top_srcdir)/") {
+		$_ = strrep($pat, $out, $_);
+	    }
+	}
+    }
+    # Now substitute for BUILDTOP:
+    $_ = strrep(" $BUILDTOP/", " \$(BUILDTOP)/", $_);
+    return $_;
+}
+
+sub do_subs_2 {
+    local($_) = @_;
+    # Add a trailing space.
+    s/$/ /;
+    # Remove excess spaces.
+    s/  */ /g;
+    # Delete headers external to the source and build tree.
+    s; /[^ ]*;;g;
+    # Remove foo/../ sequences.
+    while (m/\/[a-z][a-z0-9_.\-]*\/\.\.\//) {
+	s//\//g;
+    }
+    # Use VPATH.
+    s;\$\(srcdir\)/([^ /]* );$1;g;
+
+    $_ = &uniquify($_);
+
+    # Allow override of some util dependencies in case local tools are used.
+    s;\$\(BUILDTOP\)/include/com_err.h ;\$(COM_ERR_DEPS) ;g;
+    s;\$\(BUILDTOP\)/include/ss/ss.h \$\(BUILDTOP\)/include/ss/ss_err.h ;\$(SS_DEPS) ;g;
+    s;\$\(BUILDTOP\)/include/db-config.h \$\(BUILDTOP\)/include/db.h ;\$(DB_DEPS) ;g;
+    s;\$\(BUILDTOP\)/include/verto.h ;\$(VERTO_DEPS) ;g;
+    if ($thisdir eq "util/gss-kernel-lib") {
+	# Here com_err.h is used from the current directory.
+	s;com_err.h ;\$(COM_ERR_DEPS) ;g;
+    }
+    if ($thisdir eq "lib/krb5/ccache") {
+	# These files are only used (and kcmrpc.h only generated) on macOS.
+	# There are conditional dependencies in Makefile.in.
+	s;kcmrpc.h ;;g;
+	s;kcmrpc_types.h ;;g;
+    }
+
+    $_ = &uniquify($_);
+
+    # Delete trailing whitespace.
+    s; *$;;g;
+
+    return $_;
+}
+
+sub uniquify {
+    # Apparently some versions of gcc -- like
+    # "gcc version 3.4.4 20050721 (Red Hat 3.4.4-2)"
+    # -- will sometimes emit duplicate header file names.
+    local($_) = @_;
+    my(@sides) = split ": ", $_;
+    my($lhs) = "";
+    if ($#sides == 1) {
+	$lhs = $sides[0] . ": ";
+	$_ = $sides[1];
+    }
+    my(@words) = split " ", $_;
+    my($w);
+    my($result) = "";
+    my(%seen);
+    undef %seen;
+    foreach $w (sort { $a cmp $b; } @words) {
+	next if defined($seen{$w});
+	$seen{$w} = 1;
+	if ($result ne "") { $result .= " "; }
+	$result .= $w;
+    }
+    return $lhs . $result . " ";
+}
+
+sub split_lines {
+    local($_) = @_;
+    s/(.{50}[^ ]*) /$1 \\\n  /g;
+    return $_ . "\n";
+}
+
+print <<EOH ;
+#
+# Generated makefile dependencies follow.
+#
+EOH
+my $buf = '';
+while (<STDIN>) {
+    # Strip newline.
+    chop;
+    next if /^\s*#/;
+    # Do directory-specific path substitutions on each filename read.
+    $_ = &do_subs($_);
+    if (m/\\$/) {
+	chop;
+	$buf .= $_;
+    } else {
+	$buf = &do_subs_2($buf . $_);
+	print &split_lines($buf);
+	$buf = '';
+    }
+}
+exit 0;
diff --git a/krb5-1.21.3/src/util/deps b/krb5-1.21.3/src/util/deps
new file mode 100644
index 00000000..2feac3c9
--- /dev/null
+++ b/krb5-1.21.3/src/util/deps
@@ -0,0 +1 @@
+# No dependencies here.
diff --git a/krb5-1.21.3/src/util/et/ISSUES b/krb5-1.21.3/src/util/et/ISSUES
new file mode 100644
index 00000000..48317eca
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/ISSUES
@@ -0,0 +1,64 @@
+Issues to be addressed for src/util/et: -*- text -*-
+
+
+Non-thread-safe aspects:
+
+error_message uses a static buffer for "unknown error code" messages;
+a per-thread buffer may be better, but that depends on dynamic
+allocation working.  A caller-provided buffer would be best, but
+that's a API change.
+
+initialize_foo_error_table uses a global linked list hung off an
+unprotected variable in the library.  {add,remove}_error_table do
+likewise, but can be changed without externally visible effect.
+
+Workaround: Use a global lock for all calls to error_message and
+com_err, and when adding or removing error tables.
+
+
+API divergence:
+
+Transarc and Heimdal both have APIs that are different from this
+version.  (Specifics?)
+
+Karl Ramm has offered to try to combine them.
+
+Workaround:
+
+
+Reference counting:
+
+If libraries are dynamically loaded and unloaded, and the init/fini
+functions add and remove error tables for *other* libraries they
+depend on (e.g., if a dynamically loadable Zephyr library's fini
+function removes the krb4 library error table and then dlcloses the
+krb4 library, while another dlopen reference keeps the krb4 library
+around), the error table is kept; a table must be removed the same
+number of times it was added before the library itself can be
+discarded.
+
+It's not implemented as a reference count, but the effect is the same.
+
+Fix needed: Update documentation.
+
+
+64-bit support:
+
+Values are currently computed as 32-bit values, sign-extended to
+"long", and output with "L" suffixes.  Type errcode_t is "long".
+Kerberos uses a separately chosen signed type of at least 32 bits for
+error codes.  The com_err library only look at the low 32 bits, so
+this is mostly just an issue for application code -- if anything
+truncates to 32 bits, and then widens without sign-extending, the
+value may not compare equal to the macro defined in the .h file.  This
+isn't anything unusual for signed constants, of course, just something
+to keep in mind....
+
+Workaround: Always use signed types of at least 32 bits for error
+codes.
+
+
+man page:
+
+No documentation on add_error_table/remove_error_table interfaces,
+even though they're the new, preferred interface.
diff --git a/krb5-1.21.3/src/util/et/Makefile.in b/krb5-1.21.3/src/util/et/Makefile.in
new file mode 100644
index 00000000..47fde03e
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/Makefile.in
@@ -0,0 +1,181 @@
+prefix=@prefix@
+bindir=@bindir@
+datadir=@datadir@
+mydatadir=$(datadir)/et
+mydir=util$(S)et
+BUILDTOP=$(REL)..$(S)..
+RELDIR=../util/et
+SED = sed
+
+##DOS##BUILDTOP = ..\..
+##DOS##LIBNAME=$(OUTPRE)comerr.lib
+##DOS##XTRA=
+##DOS##OBJFILE=$(OUTPRE)comerr.lst
+
+STLIBOBJS=error_message.o et_name.o com_err.o
+LIBBASE=com_err
+LIBMAJOR=3
+LIBMINOR=0
+LIBINITFUNC=com_err_initialize
+LIBFINIFUNC=com_err_terminate
+
+all-unix: all-liblinks
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+install-unix: install-libs
+
+LINTFLAGS=-uhvb 
+LINTFILES= error_message.c et_name.c com_err.c
+LIBOBJS=$(OUTPRE)com_err.$(OBJEXT) \
+	$(OUTPRE)error_message.$(OBJEXT) \
+	$(OUTPRE)et_name.$(OBJEXT)
+LOCALINCLUDES=-I.
+
+SRCS= $(srcdir)/error_message.c \
+	$(srcdir)/et_name.c \
+	$(srcdir)/com_err.c
+
+#
+# Warning flags
+#
+# Uncomment WFLAGS if you want really anal GCC warning messages
+#
+#
+WFLAGS=		-ansi -D_POSIX_SOURCE -pedantic \
+			-Wall -Wwrite-strings -Wpointer-arith \
+			-Wcast-qual -Wcast-align -Wtraditional \
+			-Wstrict-prototypes -Wmissing-prototypes \
+			-Wnested-externs -Winline -DNO_INLINE_FUNCS -Wshadow 
+
+DEPLIBS=
+SHLIB_LIBS=
+SHLIB_EXPDEPS = $(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS=-l$(SUPPORT_LIBNAME) $(LIBS)
+SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@	
+
+COM_ERR_HDR=$(BUILDTOP)$(S)include$(S)com_err.h
+
+all-windows: $(COM_ERR_HDR)
+
+$(COM_ERR_HDR): com_err.h
+	$(CP) com_err.h "$@"
+
+generate-files-mac: compile_et
+
+com_err.o : com_err.c
+
+test1.o: test1.c
+test2.o: test2.c
+test_et.o: test1.h test2.h
+et1.o: et1.c
+et2.o: et2.c
+test1.c test2.c et1.c et2.c test1.h test2.h et1.h et2.h: \
+	compile_et et_c.awk et_h.awk
+t_com_err.o: et1.h et2.h t_com_err.c
+
+#test_et: test_et.o test1.o test2.o $(LIBOBJS)
+#	$(CC) -o test_et test_et.o test1.o test2.o $(LIBOBJS)
+#t_com_err: t_com_err.o et1.o et2.o $(LIBOBJS)
+#	$(CC) -o t_com_err t_com_err.o et1.o et2.o $(LIBOBJS)
+
+test_et: test_et.o test1.o test2.o $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o test_et test_et.o test1.o test2.o $(COM_ERR_LIB) $(SUPPORT_LIB)
+t_com_err: t_com_err.o et1.o et2.o $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+	$(CC_LINK) -o t_com_err t_com_err.o et1.o et2.o $(COM_ERR_LIB) $(SUPPORT_LIB)
+
+$(OUTPRE)test_et.exe: $(OUTPRE)test_et.$(OBJEXT) $(OUTPRE)test1.$(OBJEXT) \
+	$(OUTPRE)test2.$(OBJEXT) $(CLIB)
+	link $(EXE_LINKOPTS) -out:$(OUTPRE)test_et$(EXEEXT) $**
+
+all-unix: compile_et includes
+
+includes: com_err.h
+	if cmp $(srcdir)/com_err.h \
+	$(BUILDTOP)/include/com_err.h >/dev/null 2>&1; then :; \
+	else \
+		(set -x; $(RM) $(BUILDTOP)/include/com_err.h; \
+		 $(CP) $(srcdir)/com_err.h \
+			$(BUILDTOP)/include/com_err.h) ; \
+	fi
+
+clean-unix::
+	$(RM) $(BUILDTOP)/include/com_err.h
+
+# test_et doesn't have an interesting exit status, but it'll exercise
+# some cases that t_com_err doesn't, so let's see if it crashes.
+check-unix: t_com_err test_et
+	$(RUN_TEST) ./test_et
+	$(RUN_TEST) ./t_com_err
+
+check-windows: $(OUTPRE)test_et$(EXEEXT)
+	set path=$(BUILDTOP)\lib\$(OUTPRE);%path%;
+	path
+	$(OUTPRE)test_et$(EXEEXT)
+
+install-unix: compile_et compile_et.1
+	$(INSTALL) compile_et $(DESTDIR)$(bindir)/compile_et
+	test -d $(DESTDIR)$(mydatadir) || mkdir $(DESTDIR)$(mydatadir)
+	$(INSTALL_DATA) $(srcdir)/et_c.awk $(DESTDIR)$(mydatadir)
+	$(INSTALL_DATA) $(srcdir)/et_h.awk $(DESTDIR)$(mydatadir)
+	$(INSTALL_DATA) $(srcdir)/compile_et.1 $(DESTDIR)$(CLIENT_MANDIR)/compile_et.1
+
+
+install-headers: compile_et
+
+compile_et: $(srcdir)/compile_et.sh $(srcdir)/config_script
+	$(SHELL) $(srcdir)/config_script $(srcdir)/compile_et.sh \
+		"$(mydatadir)" $(AWK) $(SED) > compile_et
+	chmod 755 compile_et	
+
+rebuild: rebuild-c rebuild-h
+rebuild-c:
+	a2p < $(srcdir)/et_c.awk | awk 'NR != 1 || $$0 !~ /^\043!/{print;}' > $(srcdir)/et_c.tmp
+	mv -f $(srcdir)/et_c.tmp $(srcdir)/et_c.pl
+rebuild-h:
+	a2p < $(srcdir)/et_h.awk | awk 'NR != 1 || $$0 !~ /^\043!/{print;}' > $(srcdir)/et_h.tmp
+	mv -f $(srcdir)/et_h.tmp $(srcdir)/et_h.pl
+
+clean-unix::
+	$(RM) compile_et
+
+depend:
+
+install: com_err.h
+	$(INSTALL_DATA) $(srcdir)/com_err.h  $(DESTDIR)$(KRB5_INCDIR)/com_err.h
+
+
+## install_library_target(com_err,$(LIBOBJS),$(LINTFILES),)
+
+clean-unix:: clean-files
+
+clean-files:
+	rm -f *~ \#* *.bak \
+		*.otl *.aux *.toc *.PS *.dvi *.x9700 *.ps \
+		*.cp *.fn *.ky *.log *.pg *.tp *.vr \
+		*.o profiled/?*.o libcom_err.a libcom_err_p.a \
+		com_err.o compile_et \
+		et.ar TAGS \
+		test1.h test1.c test2.h test2.c test_et \
+		et1.c et1.h et2.c et2.h t_com_err \
+		eddep makedep *.ln
+
+clean-windows::
+	$(RM) $(COM_ERR_HDR)
+
+com_err.ps : com_err.dvi
+com_err.dvi: com_err.texinfo
+
+libcom_err.o:	$(LIBOBJS)
+	ld -r -s -o libcom_err.o $(LIBOBJS)
+	chmod -x libcom_err.o
+
+archive:	et.tar
+
+TAGS:	et_name.c error_message.c
+	etags et_name.c error_message.c
+
+depend:  includes compile_et
+
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/util/et/com_err.3 b/krb5-1.21.3/src/util/et/com_err.3
new file mode 100644
index 00000000..d4704342
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/com_err.3
@@ -0,0 +1,96 @@
+.\" Copyright (c) 1988 Massachusetts Institute of Technology,
+.\" Student Information Processing Board.  All rights reserved.
+.\"
+.\" util/et/com_err.3
+.\"
+.TH COM_ERR 3 "22 Nov 1988" SIPB
+.SH NAME
+com_err \- common error display routine
+.SH SYNOPSIS
+.nf
+ #include "com_err.h"
+.PP
+void com_err (whoami, code, format, ...);
+	const char *whoami;
+	long code;
+	const char *format;
+.PP
+proc = set_com_err_hook (proc);
+.fi
+void (*
+.I proc
+) (const char *, long, const char *, va_list);
+.nf
+.PP
+proc = reset_com_err_hook ();
+.PP
+void initialize_XXXX_error_table ();
+.fi
+.SH DESCRIPTION
+.I Com_err
+displays an error message on the standard error stream
+.I stderr
+(see
+.IR stdio (3S))
+composed of the
+.I whoami
+string, which should specify the program name or some subportion of
+a program, followed by an error message generated from the
+.I code
+value (derived from
+.IR compile_et (1)),
+and a string produced using the
+.I format
+string and any following arguments, in the same style as
+.IR fprintf (3).
+
+The behavior of
+.I com_err
+can be modified using
+.I set_com_err_hook;
+this defines a procedure which is called with the arguments passed to
+.I com_err,
+instead of the default internal procedure which sends the formatted
+text to error output.  Thus the error messages from a program can all
+easily be diverted to another form of diagnostic logging, such as
+.IR syslog (3).
+.I Reset_com_err_hook
+may be used to restore the behavior of
+.I com_err
+to its default form.  Both procedures return the previous ``hook''
+value.  These ``hook'' procedures must have the declaration given for
+.I proc
+above in the synopsis.
+
+The
+.I initialize_XXXX_error_table
+routine is generated mechanically by
+.IR compile_et (1)
+from a source file containing names and associated strings.  Each
+table has a name of up to four characters, which is used in place of
+the
+.B XXXX
+in the name of the routine.  These routines should be called before
+any of the corresponding error codes are used, so that the
+.I com_err
+library will recognize error codes from these tables when they are
+used.
+
+The
+.B com_err.h
+header file should be included in any source file that uses routines
+from the
+.I com_err
+library; executable files must be linked using
+.I ``-lcom_err''
+in order to cause the
+.I com_err
+library to be included.
+
+.\" .IR for manual entries
+.\" .PP for paragraph breaks
+
+.SH "SEE ALSO"
+compile_et (1), syslog (3).
+
+Ken Raeburn, "A Common Error Description Library for UNIX".
diff --git a/krb5-1.21.3/src/util/et/com_err.c b/krb5-1.21.3/src/util/et/com_err.c
new file mode 100644
index 00000000..c1e3be77
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/com_err.c
@@ -0,0 +1,176 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1997 by Massachusetts Institute of Technology
+ *
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * Permission to use, copy, modify, and distribute this software
+ * and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice
+ * appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation,
+ * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+ * used in advertising or publicity pertaining to distribution
+ * of the software without specific, written prior permission.
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. and the M.I.T. S.I.P.B. make no representations about
+ * the suitability of this software for any purpose.  It is
+ * provided "as is" without express or implied warranty.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "com_err.h"
+#include "error_table.h"
+
+#if defined(_WIN32)
+#include <io.h>
+#endif
+
+static /*@null@*/ et_old_error_hook_func com_err_hook = 0;
+k5_mutex_t com_err_hook_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+
+#if defined(_WIN32)
+BOOL  isGuiApp() {
+    DWORD mypid;
+    HANDLE myprocess;
+    mypid = GetCurrentProcessId();
+    myprocess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, mypid);
+    return GetGuiResources(myprocess, 1) > 0;
+}
+#endif
+
+static void default_com_err_proc (const char *whoami, errcode_t code,
+                                  const char *fmt, va_list ap)
+{
+#if defined(_WIN32)
+
+    char errbuf[1024] = "";
+
+    if (whoami) {
+        errbuf[sizeof(errbuf) - 1] = '\0';
+        strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf));
+        strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf));
+    }
+    if (code) {
+        errbuf[sizeof(errbuf) - 1] = '\0';
+        strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf));
+        strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf));
+    }
+    if (fmt)
+        /* ITS4: ignore vsprintf */
+        vsprintf (errbuf + strlen (errbuf), fmt, ap);
+    errbuf[sizeof(errbuf) - 1] = '\0';
+
+    if (_isatty(_fileno(stderr)) || !isGuiApp()) {
+        fputs(errbuf, stderr);
+        fputc('\r', stderr);
+        fputc('\n', stderr);
+        fflush(stderr);
+    } else
+        MessageBox ((HWND)NULL, errbuf, "Kerberos", MB_ICONEXCLAMATION);
+
+#else /* !_WIN32 */
+
+    if (whoami) {
+        fputs(whoami, stderr);
+        fputs(": ", stderr);
+    }
+    if (code) {
+        fputs(error_message(code), stderr);
+        fputs(" ", stderr);
+    }
+    if (fmt) {
+        vfprintf(stderr, fmt, ap);
+    }
+    /* should do this only on a tty in raw mode */
+    putc('\r', stderr);
+    putc('\n', stderr);
+    fflush(stderr);
+
+#endif
+}
+
+void KRB5_CALLCONV com_err_va(const char *whoami,
+                              errcode_t code,
+                              const char *fmt,
+                              va_list ap)
+{
+    int err;
+    et_old_error_hook_func p;
+
+    err = com_err_finish_init();
+    if (err)
+        goto best_try;
+    k5_mutex_lock(&com_err_hook_lock);
+    p = com_err_hook ? com_err_hook : default_com_err_proc;
+    (*p)(whoami, code, fmt, ap);
+    k5_mutex_unlock(&com_err_hook_lock);
+    return;
+
+best_try:
+    /* Yikes.  Our library initialization failed or we couldn't lock
+       the lock we want.  We could be in trouble.  Gosh, we should
+       probably print an error message.  Oh, wait.  That's what we're
+       trying to do.  In fact, if we're losing on initialization here,
+       there's a good chance it has to do with failed initialization
+       of the caller.  */
+    if (!com_err_hook)
+        default_com_err_proc(whoami, code, fmt, ap);
+    else
+        (com_err_hook)(whoami, code, fmt, ap);
+    assert(err == 0);
+    abort();
+}
+
+
+void KRB5_CALLCONV_C com_err(const char *whoami,
+                             errcode_t code,
+                             const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    com_err_va(whoami, code, fmt, ap);
+    va_end(ap);
+}
+
+/* Make a separate function because the assert invocations below
+   use the macro expansion on some platforms, which may be insanely
+   long and incomprehensible.  */
+static void com_err_lock_hook_handle(void)
+{
+    k5_mutex_lock(&com_err_hook_lock);
+}
+
+et_old_error_hook_func set_com_err_hook (et_old_error_hook_func new_proc)
+{
+    et_old_error_hook_func x;
+
+    /* Broken initialization?  What can we do?  */
+    if (com_err_finish_init() != 0)
+        abort();
+    com_err_lock_hook_handle();
+    x = com_err_hook;
+    com_err_hook = new_proc;
+    k5_mutex_unlock(&com_err_hook_lock);
+    return x;
+}
+
+et_old_error_hook_func reset_com_err_hook ()
+{
+    et_old_error_hook_func x;
+
+    /* Broken initialization?  What can we do?  */
+    if (com_err_finish_init() != 0)
+        abort();
+    com_err_lock_hook_handle();
+    x = com_err_hook;
+    com_err_hook = NULL;
+    k5_mutex_unlock(&com_err_hook_lock);
+    return x;
+}
diff --git a/krb5-1.21.3/src/util/et/com_err.h b/krb5-1.21.3/src/util/et/com_err.h
new file mode 100644
index 00000000..0a631e98
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/com_err.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1988, Student Information Processing Board of the
+ * Massachusetts Institute of Technology.
+ *
+ * Copyright 1995 by Cygnus Support.
+ *
+ * For copyright and distribution info, see the documentation supplied
+ * with this package.
+ */
+
+/* Header file for common error description library. */
+
+#ifndef __COM_ERR_H
+
+#if defined(_WIN32)
+#include <win-mac.h>
+#endif
+
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif
+
+#include <stdarg.h>
+
+typedef long errcode_t;
+typedef void (*et_old_error_hook_func) (const char *, errcode_t,
+					const char *, va_list ap);
+
+struct error_table {
+	/*@shared@*/ char const * const * msgs;
+        long base;
+	unsigned int n_msgs;
+};
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Public interfaces */
+extern void KRB5_CALLCONV_C com_err
+	(const char *, errcode_t, const char *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+extern void KRB5_CALLCONV com_err_va
+	(const char *whoami, errcode_t code, const char *fmt,
+	 va_list ap)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 0)))
+#endif
+    ;
+extern /*@observer@*//*@dependent@*/ const char * KRB5_CALLCONV error_message
+	(errcode_t)
+       /*@modifies internalState@*/;
+extern errcode_t KRB5_CALLCONV add_error_table
+	(/*@dependent@*/ const struct error_table *)
+       /*@modifies internalState@*/;
+extern errcode_t KRB5_CALLCONV remove_error_table
+	(const struct error_table *)
+       /*@modifies internalState@*/;
+
+#if !defined(_WIN32)
+/*
+ * The display routine should be application specific.  A global hook,
+ * may cause inappropriate display procedures to be called between
+ * applications under non-Unix environments.
+ */
+
+extern et_old_error_hook_func set_com_err_hook (et_old_error_hook_func);
+extern et_old_error_hook_func reset_com_err_hook (void);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#define __COM_ERR_H
+#endif /* ! defined(__COM_ERR_H) */
diff --git a/krb5-1.21.3/src/util/et/com_err.texinfo b/krb5-1.21.3/src/util/et/com_err.texinfo
new file mode 100644
index 00000000..145aadfc
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/com_err.texinfo
@@ -0,0 +1,555 @@
+\input texinfo @c -*-texinfo-*-
+
+@c util/et/com_err.texinfo
+
+@c Note that although this source file is in texinfo format (more
+@c or less), it is not yet suitable for turning into an ``info''
+@c file.  Sorry, maybe next time.
+@c
+@c In order to produce hardcopy documentation from a texinfo file,
+@c run ``tex com_err.texinfo'' which will load in texinfo.tex,
+@c provided in this distribution.  (texinfo.tex is from the Free
+@c Software Foundation, and is under different copyright restrictions
+@c from the rest of this package.)
+
+@ifinfo
+@barfo
+@end ifinfo
+
+@iftex
+@tolerance 10000
+
+@c Mutate section headers...
+@begingroup
+  @catcode#=6
+  @gdef@secheading#1#2#3{@secheadingi {#3@enspace #1}}
+@endgroup
+@end iftex
+
+@setfilename com_err
+@settitle A Common Error Description Library for UNIX
+
+@ifinfo
+This file documents the use of the Common Error Description library.
+
+Copyright (C) 1987, 1988 Student Information Processing Board of the
+Massachusetts Institute of Technology.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted, provided
+that the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution of the software
+without specific, written prior permission.  Furthermore if you modify this
+software you must label your software as modified software and not
+distribute it in such a fashion that it might be confused with the
+original M.I.T. software.  M.I.T. and the M.I.T. S.I.P.B.
+make no representations about the suitability of this software for any
+purpose.  It is provided "as is" without express or implied warranty.
+
+Note that the file texinfo.tex, provided with this distribution, is from
+the Free Software Foundation, and is under different copyright restrictions
+from the remainder of this package.
+
+@end ifinfo
+
+@ignore
+Permission is granted to process this file through Tex and print the
+results, provided the printed document carries copying permission
+notice identical to this one except for the removal of this paragraph
+(this paragraph not being relevant to the printed manual).
+
+@end ignore
+
+@setchapternewpage odd
+
+@titlepage
+@center @titlefont{A Common Error Description}
+@center @titlefont{Library for UNIX}
+@sp 2
+@center Ken Raeburn
+@center Bill Sommerfeld
+@sp 1
+@center MIT Student Information Processing Board
+@sp 3
+@center last updated 1 January 1989
+@center for version 1.2
+@center ***DRAFT COPY ONLY***
+
+@vskip 2in
+
+@center @b{Abstract}
+
+UNIX has always had a clean and simple system call interface, with a
+standard set of error codes passed between the kernel and user
+programs.  Unfortunately, the same cannot be said of many of the
+libraries layered on top of the primitives provided by the kernel.
+Typically, each one has used a different style of indicating errors to
+their callers, leading to a total hodgepodge of error handling, and
+considerable amounts of work for the programmer.  This paper describes
+a library and associated utilities which allows a more uniform way for
+libraries to return errors to their callers, and for programs to
+describe errors and exceptional conditions to their users.
+
+@page
+@vskip 0pt plus 1filll
+
+Copyright @copyright{} 1987, 1988 by the Student Information Processing
+Board of the Massachusetts Institute of Technology.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted, provided
+that the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation, and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+used in advertising or publicity pertaining to distribution of the software
+without specific, written prior permission.  M.I.T. and the M.I.T. S.I.P.B.
+make no representations about the suitability of this software for any
+purpose.  It is provided "as is" without express or implied warranty.
+
+Note that the file texinfo.tex, provided with this distribution, is from
+the Free Software Foundation, and is under different copyright restrictions
+from the remainder of this package.
+
+@end titlepage
+
+@ifinfo
+@c should put a menu here someday....
+@end ifinfo
+
+@page
+
+@section Why com_err?
+
+In building application software packages, a programmer often has to
+deal with a number of libraries, each of which can use a different
+error-reporting mechanism.  Sometimes one of two values is returned,
+indicating simply SUCCESS or FAILURE, with no description of errors
+encountered.  Sometimes it is an index into a table of text strings,
+where the name of the table used is dependent on the library being
+used when the error is generated; since each table starts numbering at
+0 or 1, additional information as to the source of the error code is
+needed to determine which table to look at.  Sometimes no text messages are
+supplied at all, and the programmer must supply them at any point at which
+he may wish to report error conditions.
+Often, a global variable is assigned some value describing the error, but
+the programmer has to know in each case whether to look at @code{errno},
+@code{h_errno}, the return value from @code{hes_err()}, or whatever other
+variables or routines are specified.
+And what happens if something
+in the procedure of
+examining or reporting the error changes the same variable?
+
+The package we have developed is an attempt to present a common
+error-handling mechanism to manipulate the most common form of error code
+in a fashion that does not have the problems listed above.
+
+A list of up to 256 text messages is supplied to a translator we have
+written, along with the three- to four-character ``name'' of the error
+table.  The library using this error table need only call a routine
+generated from this error-table source to make the table ``known'' to the
+com_err library, and any error code the library generates can be converted
+to the corresponding error message.  There is also a default format for
+error codes accidentally returned before making the table known, which is
+of the form @samp{unknown code foo 32}, where @samp{foo} would be the name
+of the table.
+
+@section Error codes
+
+Error codes themselves are 32 bit (signed) integers, of which the high
+order 24 bits are an identifier of which error table the error code is
+from, and the low order 8 bits are a sequential error number within
+the table.  An error code may thus be easily decomposed into its component
+parts.  Only the lowest 32 bits of an error code are considered significant
+on systems which support wider values.
+
+Error table 0 is defined to match the UNIX system call error table
+(@code{sys_errlist}); this allows @code{errno} values to be used directly
+in the library (assuming that @code{errno} is of a type with the same width
+as @t{long}).  Other error table numbers are formed by compacting together
+the first four characters of the error table name.  The mapping between
+characters in the name and numeric values in the error code are defined in
+a system-independent fashion, so that two systems that can pass integral
+values between them can reliably pass error codes without loss of meaning;
+this should work even if the character sets used are not the same.
+(However, if this is to be done, error table 0 should be avoided, since the
+local system call error tables may differ.)
+
+Any variable which is to contain an error code should be declared @t{long}.
+The draft proposed American National Standard for C (as of May, 1988)
+requires that @t{long} variables be at least 32 bits; any system which does
+not support 32-bit @t{long} values cannot make use of this package (nor
+much other software that assumes an ANSI-C environment base) without
+significant effort.
+
+@section Error table source file
+
+The error table source file begins with the declaration of the table name,
+as
+
+@example
+error_table @var{tablename}
+@end example
+
+Individual error codes are
+specified with
+
+@example
+error_code @var{ERROR_NAME}, @var{"text message"}
+@end example
+
+where @samp{ec} can also be used as a short form of @samp{error_code}.  To
+indicate the end of the table, use @samp{end}.  Thus, a (short) sample
+error table might be:
+
+@example
+
+        error_table     dsc
+
+        error_code      DSC_DUP_MTG_NAME,
+                        "Meeting already exists"
+
+        ec              DSC_BAD_PATH,
+                        "A bad meeting pathname was given"
+
+        ec              DSC_BAD_MODES,
+                        "Invalid mode for this access control list"
+
+        end
+
+@end example
+
+@section The error-table compiler
+
+The error table compiler is named @code{compile_et}.  It takes one
+argument, the pathname of a file (ending in @samp{.et}, e.g.,
+@samp{dsc_err.et}) containing an error table source file.  It parses the
+error table, and generates two output files -- a C header file
+(@samp{discuss_err.h}) which contains definitions of the numerical values
+of the error codes defined in the error table, and a C source file which
+should be compiled and linked with the executable.  The header file must be
+included in the source of a module which wishes to reference the error
+codes defined; the object module generated from the C code may be linked in
+to a program which wishes to use the printed forms of the error codes.
+
+This translator accepts a @kbd{-language @var{lang}} argument, which
+determines for which language (or language variant) the output should be
+written.  At the moment, @var{lang} is currently limited to @kbd{ANSI-C}
+and @kbd{K&R-C}, and some abbreviated forms of each.  Eventually, this will
+be extended to include some support for C++.  The default is currently
+@kbd{K&R-C}, though the generated sources will have ANSI-C code
+conditionalized on the symbol @t{__STDC__}.
+
+@section Run-time support routines
+
+Any source file which uses the routines supplied with or produced by the
+com_err package should include the header file @file{<com_err.h>}.  It
+contains declarations and definitions which may be needed on some systems.
+(Some functions cannot be referenced properly without the return type
+declarations in this file.  Some functions may work properly on most
+architectures even without the header file, but relying on this is not
+recommended.)
+
+The run-time support routines and variables provided via this package
+include the following:
+
+@example
+void initialize_@var{xxxx}_error_table (void);
+@end example
+
+One of these routines is built by the error compiler for each error table.
+It makes the @var{xxxx} error table ``known'' to the error reporting
+system.  By convention, this routine should be called in the initialization
+routine of the @var{xxxx} library.  If the library has no initialization
+routine, some combination of routines which form the core of the library
+should ensure that this routine is called.  It is not advised to leave it
+the caller to make this call.
+
+There is no harm in calling this routine more than once.
+
+@example
+#define ERROR_TABLE_BASE_@var{xxxx} @var{nnnnn}L
+@end example
+
+This symbol contains the value of the first error code entry in the
+specified table.
+This rarely needs be used by the
+programmer.
+
+@example
+const char *error_message (long code);
+@end example
+
+This routine returns the character string error message associated
+with @code{code}; if this is associated with an unknown error table, or
+if the code is associated with a known error table but the code is not
+in the table, a string of the form @samp{Unknown code @var{xxxx nn}} is
+returned, where @var{xxxx} is the error table name produced by
+reversing the compaction performed on the error table number implied
+by that error code, and @var{nn} is the offset from that base value.
+
+Although this routine is available for use when needed, its use should be
+left to circumstances which render @code{com_err} (below) unusable.
+
+@example
+void com_err (const char *whoami,  /* module reporting error */
+              long code,           /* error code */
+              const char *format,  /* format for additional detail */
+              ...);                /*  (extra parameters) */
+@end example
+
+This routine provides an alternate way to print error messages to
+standard error; it allows the error message to be passed in as a
+parameter, rather than in an external variable.  @emph{Provide grammatical
+context for ``message.''}
+
+If @var{format} is @code{(char *)NULL}, the formatted message will not be
+printed.  @var{format} may not be omitted.
+
+@example
+#include <stdarg.h>
+
+void com_err_va (const char *whoami,
+                 long code,
+                 const char *format,
+                 va_list args);
+@end example
+
+This routine provides an interface, equivalent to @code{com_err} above,
+which may be used by higher-level variadic functions (functions which
+accept variable numbers of arguments).
+
+@example
+#include <stdarg.h>
+
+void (*set_com_err_hook (void (*proc) ())) ();
+
+void (*@var{proc}) (const char *whoami, long code, va_list args);
+
+void reset_com_err_hook ();
+@end example
+
+These two routines allow a routine to be dynamically substituted for
+@samp{com_err}.  After @samp{set_com_err_hook} has been called,
+calls to @samp{com_err} will turn into calls to the new hook routine.
+@samp{reset_com_err_hook} turns off this hook.  This may intended to
+be used in daemons (to use a routine which calls @var{syslog(3)}), or
+in a window system application (which could pop up a dialogue box).
+
+If a program is to be used in an environment in which simply printing
+messages to the @code{stderr} stream would be inappropriate (such as in a
+daemon program which runs without a terminal attached),
+@code{set_com_err_hook} may be used to redirect output from @code{com_err}.
+The following is an example of an error handler which uses @var{syslog(3)}
+as supplied in BSD 4.3:
+
+@example
+#include <stdio.h>
+#include <stdarg.h>
+#include <syslog.h>
+
+/* extern openlog (const char * name, int logopt, int facility); */
+/* extern syslog (int priority, char * message, ...); */
+
+void hook (const char * whoami, long code,
+           const char * format, va_list args)
+@{
+    char buffer[BUFSIZ];
+    static int initialized = 0;
+    if (!initialized) @{
+        openlog (whoami,
+                 LOG_NOWAIT|LOG_CONS|LOG_PID|LOG_NDELAY,
+                 LOG_DAEMON);
+        initialized = 1;
+    @}
+    vsprintf (buffer, format, args);
+    syslog (LOG_ERR, "%s %s", error_message (code), buffer);
+@}
+@end example
+
+After making the call
+@code{set_com_err_hook (hook);},
+any calls to @code{com_err} will result in messages being sent to the
+@var{syslogd} daemon for logging.
+The name of the program, @samp{whoami}, is supplied to the
+@samp{openlog()} call, and the message is formatted into a buffer and
+passed to @code{syslog}.
+
+Note that since the extra arguments to @code{com_err} are passed by
+reference via the @code{va_list} value @code{args}, the hook routine may
+place any form of interpretation on them, including ignoring them.  For
+consistency, @code{printf}-style interpretation is suggested, via
+@code{vsprintf} (or @code{_doprnt} on BSD systems without full support for
+the ANSI C library).
+
+@section Coding Conventions
+
+The following conventions are just some general stylistic conventions
+to follow when writing robust libraries and programs.  Conventions
+similar to this are generally followed inside the UNIX kernel and most
+routines in the Multics operating system.  In general, a routine
+either succeeds (returning a zero error code, and doing some side
+effects in the process), or it fails, doing minimal side effects; in
+any event, any invariant which the library assumes must be maintained.
+
+In general, it is not in the domain of non user-interface library
+routines to write error messages to the user's terminal, or halt the
+process.  Such forms of ``error handling'' should be reserved for
+failures of internal invariants and consistency checks only, as it
+provides the user of the library no way to clean up for himself in the
+event of total failure.
+
+Library routines which can fail should be set up to return an error
+code.  This should usually be done as the return value of the
+function; if this is not acceptable, the routine should return a
+``null'' value, and put the error code into a parameter passed by
+reference.
+
+Routines which use the first style of interface can be used from
+user-interface levels of a program as follows:
+
+@example
+@{
+    if ((code = initialize_world(getuid(), random())) != 0) @{
+        com_err("demo", code,
+                "when trying to initialize world");
+        exit(1);
+    @}
+    if ((database = open_database("my_secrets", &code))==NULL) @{
+        com_err("demo", code,
+                "while opening my_secrets");
+        exit(1);
+    @}
+@}
+@end example
+
+A caller which fails to check the return status is in error.  It is
+possible to look for code which ignores error returns by using lint;
+look for error messages of the form ``foobar returns value which is
+sometimes ignored'' or ``foobar returns value which is always
+ignored.''
+
+Since libraries may be built out of other libraries, it is often necessary
+for the success of one routine to depend on another.  When a lower level
+routine returns an error code, the middle level routine has a few possible
+options.  It can simply return the error code to its caller after doing
+some form of cleanup, it can substitute one of its own, or it can take
+corrective action of its own and continue normally.  For instance, a
+library routine which makes a ``connect'' system call to make a network
+connection may reflect the system error code @code{ECONNREFUSED}
+(Connection refused) to its caller, or it may return a ``server not
+available, try again later,'' or it may try a different server.
+
+Cleanup which is typically necessary may include, but not be limited
+to, freeing allocated memory which will not be needed any more,
+unlocking concurrancy locks, dropping reference counts, closing file
+descriptors, or otherwise undoing anything which the procedure did up
+to this point.  When there are a lot of things which can go wrong, it
+is generally good to write one block of error-handling code which is
+branched to, using a goto, in the event of failure.  A common source
+of errors in UNIX programs is failing to close file descriptors on
+error returns; this leaves a number of ``zombied'' file descriptors
+open, which eventually causes the process to run out of file
+descriptors and fall over.
+
+@example
+@{
+    FILE *f1=NULL, *f2=NULL, *f3=NULL;
+    int status = 0;
+
+    if ( (f1 = fopen(FILE1, "r")) == NULL) @{
+        status = errno;
+        goto error;
+    @}
+
+    /*
+     * Crunch for a while
+     */
+
+    if ( (f2 = fopen(FILE2, "w")) == NULL) @{
+        status = errno;
+        goto error;
+    @}
+
+    if ( (f3 = fopen(FILE3, "a+")) == NULL) @{
+        status = errno;
+            goto error;
+    @}
+
+    /*
+     * Do more processing.
+     */
+    fclose(f1);
+    fclose(f2);
+    fclose(f3);
+    return 0;
+
+error:
+    if (f1) fclose(f1);
+    if (f2) fclose(f2);
+    if (f3) fclose(f3);
+    return status;
+@}
+@end example
+
+@section Building and Installation
+
+The distribution of this package will probably be done as a compressed
+``tar''-format file available via anonymous FTP from SIPB.MIT.EDU.
+Retrieve @samp{pub/com_err.tar.Z} and extract the contents.  A subdirectory
+@t{profiled} should be created to hold objects compiled for profiling.
+Running ``make all'' should then be sufficient to build the library and
+error-table compiler.  The files @samp{libcom_err.a},
+@samp{libcom_err_p.a}, @samp{com_err.h}, and @samp{compile_et} should be
+installed for use; @samp{com_err.3} and @samp{compile_et.1} can also be
+installed as manual pages.
+
+Potential problems:
+
+@itemize @bullet
+
+@item Use of @code{strcasecmp}, a routine provided in BSD for
+case-insensitive string comparisons.  If an equivalent routine is
+available, you can modify @code{CFLAGS} in the makefile to define
+@code{strcasecmp} to the name of that routine.
+
+@item Compilers that defined @code{__STDC__} without providing the header
+file @code{<stdarg.h>}.  One such example is Metaware's High ``C''
+compiler, as provided at Project Athena on the IBM RT/PC workstation; if
+@code{__HIGHC__} is defined, it is assumed that @code{<stdarg.h>} is not
+available, and therefore @code{<varargs.h>} must be used.  If the symbol
+@code{VARARGS} is defined (e.g., in the makefile), @code{<varargs.h>} will
+be used.
+
+@item If your linker rejects symbols that are simultaneously defined in two
+library files, edit @samp{Makefile} to remove @samp{perror.c} from the
+library.  This file contains a version of @var{perror(3)} which calls
+@code{com_err} instead of calling @code{write} directly.
+
+@end itemize
+
+As I do not have access to non-BSD systems, there are probably
+bugs present that may interfere with building or using this package on
+other systems.  If they are reported to me, they can probably be fixed for
+the next version.
+
+@section Bug Reports
+
+Please send any comments or bug reports to the principal author: Ken
+Raeburn, @t{Raeburn@@Athena.MIT.EDU}.
+
+@section Acknowledgements
+
+I would like to thank: Bill Sommerfeld, for his help with some of this
+documentation, and catching some of the bugs the first time around;
+Honeywell Information Systems, for not killing off the @emph{Multics}
+operating system before I had an opportunity to use it; Honeywell's
+customers, who persuaded them not to do so, for a while; Ted Anderson of
+CMU, for catching some problems before version 1.2 left the nest; Stan
+Zanarotti and several others of MIT's Student Information Processing Board,
+for getting us started with ``discuss,'' for which this package was
+originally written; and everyone I've talked into --- I mean, asked to read
+this document and the ``man'' pages.
+
+@bye
diff --git a/krb5-1.21.3/src/util/et/compile_et.1 b/krb5-1.21.3/src/util/et/compile_et.1
new file mode 100644
index 00000000..c9dff781
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/compile_et.1
@@ -0,0 +1,97 @@
+.\" Copyright (c) 1988 Massachusetts Institute of Technology,
+.\" Student Information Processing Board.  All rights reserved.
+.\"
+.\" util/et/compile_et.1
+.\"
+.TH COMPILE_ET 1 "22 Nov 1988" SIPB
+.SH NAME
+compile_et \- error table compiler
+.SH SYNOPSIS
+.B compile_et
+[
+.B \-\-textdomain
+.I domain
+[
+.B \-\-localedir
+.I dir
+] ]
+file
+.SH DESCRIPTION
+.B Compile_et
+converts a table listing error-code names and associated messages into
+a C source file suitable for use with the
+.IR com_err (3)
+library.
+
+The source file name must end with a suffix of ``.et''; the file
+consists of a declaration supplying the name (up to four characters
+long) of the error-code table:
+
+.B error_table
+.I name
+
+followed by up to 256 entries of the form:
+
+.B error_code
+.I name,
+"
+.I string
+"
+
+and a final
+
+.B end
+
+to indicate the end of the table.
+
+The name of the table is used to construct the name of a subroutine
+.I initialize_XXXX_error_table
+which must be called in order for the
+.I com_err
+library to recognize the error table.
+
+The various error codes defined are assigned sequentially increasing
+numbers (starting with a large number computed as a hash function of
+the name of the table); thus for compatibility it is suggested that
+new codes be added only to the end of an existing table, and that no
+codes be removed from tables.
+
+The names defined in the table are placed into a C header file with
+preprocessor directives defining them as integer constants of up to
+32 bits in magnitude.
+
+A C source file is also generated which should be compiled and linked
+with the object files which reference these error codes; it contains
+the text of the messages and the initialization subroutine.  Both C
+files have names derived from that of the original source file, with
+the ``.et'' suffix replaced by ``.c'' and ``.h''.
+
+A ``#'' in the source file is treated as a comment character, and all
+remaining text to the end of the source line will be ignored.
+
+If a text domain is provided with the
+.B \-\-textdomain
+option, error messages will be looked up in the specified domain with
+.BR gettext .
+If a locale directory is also provided with the
+.B \-\-localedir
+option, the text domain will be bound to the specified locale
+directory with
+.B bindtextdomain
+when the error table is initialized.
+
+.SH BUGS
+
+Since
+.B compile_et
+uses a very simple parser based on
+.IR yacc (1),
+its error recovery leaves much to be desired.
+
+.\" .IR for manual entries
+.\" .PP for paragraph breaks
+
+.SH "SEE ALSO"
+com_err (3).
+
+Ken Raeburn, "A Common Error Description Library for UNIX".
diff --git a/krb5-1.21.3/src/util/et/compile_et.sh b/krb5-1.21.3/src/util/et/compile_et.sh
new file mode 100755
index 00000000..f17ddba7
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/compile_et.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+#
+AWK=@AWK@
+DIR=@DIR@
+
+usage="usage: $0 [ -d scriptDir ] [ --textdomain domain [ --localedir dir ] ]"
+usage="$usage inputfile.et"
+
+TEXTDOMAIN=
+LOCALEDIR=
+
+while [ $# -ge 2 ]; do
+    if [ "$1" = "-d" ]; then
+	DIR=$2; shift; shift
+    elif [ "$1" = "--textdomain" ]; then
+	TEXTDOMAIN=$2; shift; shift
+    elif [ "$1" = "--localedir" ]; then
+	LOCALEDIR=$2; shift; shift
+    else
+	echo $usage 1>&2 ; exit 1
+    fi
+done
+
+# --localedir requires --textdomain.
+if [ $# -ne 1 -o \( -n "$LOCALEDIR" -a -z "$TEXTDOMAIN" \) ]; then
+    echo $usage 1>&2 ; exit 1
+fi
+
+ROOT=`echo $1 | sed -e s/.et$//`
+BASE=`echo "$ROOT" | sed -e 's;.*/;;'`
+
+set -ex
+$AWK -f ${DIR}/et_h.awk "outfile=${BASE}.h" "$ROOT.et"
+$AWK -f ${DIR}/et_c.awk "outfile=${BASE}.c" "textdomain=$TEXTDOMAIN" \
+    "localedir=$LOCALEDIR" "$ROOT.et"
diff --git a/krb5-1.21.3/src/util/et/config_script b/krb5-1.21.3/src/util/et/config_script
new file mode 100755
index 00000000..ee3bb270
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/config_script
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# This program takes a shell script and configures for the following
+# variables:	@DIR@
+#		@AWK@
+#		@SED@
+#
+# Usage: config_script <filename> [<dir>] [<awk>] [<sed>]
+#
+
+FILE=$1
+DIR=$2
+AWK=$3
+SED=$4
+
+if test "${AWK}x" = "x" ; then
+	AWK=awk
+fi
+if test "${SED}x" = "x" ; then
+	SED=sed
+fi
+sed -e "s;@DIR@;${DIR};" -e "s;@AWK@;${AWK};" -e "s;@SED@;${SED};" $FILE
diff --git a/krb5-1.21.3/src/util/et/deps b/krb5-1.21.3/src/util/et/deps
new file mode 100644
index 00000000..beea2329
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/deps
@@ -0,0 +1,13 @@
+#
+# Generated makefile dependencies follow.
+#
+error_message.so error_message.po $(OUTPRE)error_message.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h com_err.h error_message.c \
+  error_table.h
+et_name.so et_name.po $(OUTPRE)et_name.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-thread.h com_err.h error_table.h \
+  et_name.c
+com_err.so com_err.po $(OUTPRE)com_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-thread.h com_err.c com_err.h \
+  error_table.h
diff --git a/krb5-1.21.3/src/util/et/error_message.c b/krb5-1.21.3/src/util/et/error_message.c
new file mode 100644
index 00000000..7dc02a34
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/error_message.c
@@ -0,0 +1,309 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1997,2000,2001,2004,2008 by Massachusetts Institute of Technology
+ *
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * Permission to use, copy, modify, and distribute this software
+ * and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice
+ * appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation,
+ * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+ * used in advertising or publicity pertaining to distribution
+ * of the software without specific, written prior permission.
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. and the M.I.T. S.I.P.B. make no representations about
+ * the suitability of this software for any purpose.  It is
+ * provided "as is" without express or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include "com_err.h"
+#include "error_table.h"
+
+static struct et_list *et_list;
+static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+static int terminated = 0;      /* for safety and finalization debugging */
+
+MAKE_INIT_FUNCTION(com_err_initialize);
+MAKE_FINI_FUNCTION(com_err_terminate);
+
+int com_err_initialize(void)
+{
+    int err;
+#ifdef SHOW_INITFINI_FUNCS
+    printf("com_err_initialize\n");
+#endif
+    terminated = 0;
+    err = k5_mutex_finish_init(&et_list_lock);
+    if (err)
+        return err;
+    err = k5_mutex_finish_init(&com_err_hook_lock);
+    if (err)
+        return err;
+    err = k5_key_register(K5_KEY_COM_ERR, free);
+    if (err)
+        return err;
+    return 0;
+}
+
+void com_err_terminate(void)
+{
+    struct et_list *e, *enext;
+    if (! INITIALIZER_RAN(com_err_initialize) || PROGRAM_EXITING()) {
+#ifdef SHOW_INITFINI_FUNCS
+        printf("com_err_terminate: skipping\n");
+#endif
+        return;
+    }
+#ifdef SHOW_INITFINI_FUNCS
+    printf("com_err_terminate\n");
+#endif
+    k5_key_delete(K5_KEY_COM_ERR);
+    k5_mutex_destroy(&com_err_hook_lock);
+    k5_mutex_lock(&et_list_lock);
+    for (e = et_list; e; e = enext) {
+        enext = e->next;
+        free(e);
+    }
+    et_list = NULL;
+    k5_mutex_unlock(&et_list_lock);
+    k5_mutex_destroy(&et_list_lock);
+    terminated = 1;
+}
+
+#ifndef DEBUG_TABLE_LIST
+#define dprintf(X)
+#else
+#define dprintf(X) printf X
+#endif
+
+static char *
+get_thread_buffer ()
+{
+    char *cp;
+    cp = k5_getspecific(K5_KEY_COM_ERR);
+    if (cp == NULL) {
+        cp = malloc(ET_EBUFSIZ);
+        if (cp == NULL) {
+            return NULL;
+        }
+        if (k5_setspecific(K5_KEY_COM_ERR, cp) != 0) {
+            free(cp);
+            return NULL;
+        }
+    }
+    return cp;
+}
+
+const char * KRB5_CALLCONV
+error_message(long code)
+{
+    unsigned long offset;
+    unsigned long l_offset;
+    struct et_list *e;
+    unsigned long table_num;
+    int started = 0;
+    unsigned int divisor = 100;
+    char *cp, *cp1;
+    const struct error_table *table;
+
+    if (CALL_INIT_FUNCTION(com_err_initialize))
+        return 0;
+
+    l_offset = (unsigned long)code & ((1<<ERRCODE_RANGE)-1);
+    offset = l_offset;
+    table_num = ((unsigned long)code - l_offset) & ERRCODE_MAX;
+    if (table_num == 0
+#ifdef __sgi
+        /* Irix 6.5 uses a much bigger table than other UNIX
+           systems I've looked at, but the table is sparse.  The
+           sparse entries start around 500, but sys_nerr is only
+           152.  */
+        || (code > 0 && code <= 1600)
+#endif
+    ) {
+        if (code == 0)
+            goto oops;
+
+        /* This could trip if int is 16 bits.  */
+        if ((unsigned long)(int)code != (unsigned long)code)
+            abort ();
+        cp = get_thread_buffer();
+        if (cp && strerror_r(code, cp, ET_EBUFSIZ) == 0)
+            return cp;
+        return strerror(code);
+    }
+
+    k5_mutex_lock(&et_list_lock);
+    dprintf(("scanning list for %x\n", table_num));
+    for (e = et_list; e != NULL; e = e->next) {
+        dprintf(("\t%x = %s\n", e->table->base & ERRCODE_MAX,
+                 e->table->msgs[0]));
+        if ((e->table->base & ERRCODE_MAX) == table_num) {
+            table = e->table;
+            goto found;
+        }
+    }
+    goto no_table_found;
+
+found:
+    k5_mutex_unlock(&et_list_lock);
+    dprintf (("found it!\n"));
+    /* This is the right table */
+
+    /* This could trip if int is 16 bits.  */
+    if ((unsigned long)(unsigned int)offset != offset)
+        goto no_table_found;
+
+    if (table->n_msgs <= (unsigned int) offset)
+        goto no_table_found;
+
+    /* If there's a string at the end of the table, it's a text domain. */
+    if (table->msgs[table->n_msgs] != NULL)
+        return dgettext(table->msgs[table->n_msgs], table->msgs[offset]);
+    else
+        return table->msgs[offset];
+
+no_table_found:
+    k5_mutex_unlock(&et_list_lock);
+#if defined(_WIN32)
+    /*
+     * WinSock errors exist in the 10000 and 11000 ranges
+     * but might not appear if WinSock is not initialized
+     */
+    if (code >= WSABASEERR && code < WSABASEERR + 1100) {
+        table_num = 0;
+        offset = code;
+        divisor = WSABASEERR;
+    }
+#endif
+#ifdef _WIN32
+    {
+        LPVOID msgbuf;
+
+        if (! FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+                             NULL /* lpSource */,
+                             (DWORD) code,
+                             MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+                             (LPTSTR) &msgbuf,
+                             (DWORD) 0 /*sizeof(buffer)*/,
+                             NULL /* va_list */ )) {
+            /*
+             * WinSock errors exist in the 10000 and 11000 ranges
+             * but might not appear if WinSock is not initialized
+             */
+            if (code >= WSABASEERR && code < WSABASEERR + 1100) {
+                table_num = 0;
+                offset = code;
+                divisor = 10000;
+            }
+
+            goto oops;
+        } else {
+            char *buffer;
+            cp = get_thread_buffer();
+            if (cp == NULL)
+                return "Unknown error code";
+            buffer = cp;
+            strncpy(buffer, msgbuf, ET_EBUFSIZ);
+            buffer[ET_EBUFSIZ-1] = '\0';
+            cp = buffer + strlen(buffer) - 1;
+            if (*cp == '\n') *cp-- = '\0';
+            if (*cp == '\r') *cp-- = '\0';
+            if (*cp == '.') *cp-- = '\0';
+
+            LocalFree(msgbuf);
+            return buffer;
+        }
+    }
+#endif
+
+oops:
+
+    cp = get_thread_buffer();
+    if (cp == NULL)
+        return "Unknown error code";
+    cp1 = cp;
+    strlcpy(cp, "Unknown code ", ET_EBUFSIZ);
+    cp += sizeof("Unknown code ") - 1;
+    if (table_num != 0L) {
+        (void) error_table_name_r(table_num, cp);
+        while (*cp != '\0')
+            cp++;
+        *cp++ = ' ';
+    }
+    while (divisor > 1) {
+        if (started != 0 || offset >= divisor) {
+            *cp++ = '0' + offset / divisor;
+            offset %= divisor;
+            started++;
+        }
+        divisor /= 10;
+    }
+    *cp++ = '0' + offset;
+    *cp = '\0';
+    return(cp1);
+}
+
+errcode_t KRB5_CALLCONV
+add_error_table(const struct error_table *et)
+{
+    struct et_list *e;
+
+    if (CALL_INIT_FUNCTION(com_err_initialize))
+        return 0;
+
+    e = malloc(sizeof(struct et_list));
+    if (e == NULL)
+        return ENOMEM;
+
+    e->table = et;
+
+    k5_mutex_lock(&et_list_lock);
+    e->next = et_list;
+    et_list = e;
+
+    /* If there are two strings at the end of the table, they are a text domain
+     * and locale dir, and we are supposed to call bindtextdomain. */
+    if (et->msgs[et->n_msgs] != NULL && et->msgs[et->n_msgs + 1] != NULL)
+        bindtextdomain(et->msgs[et->n_msgs], et->msgs[et->n_msgs + 1]);
+
+    k5_mutex_unlock(&et_list_lock);
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+remove_error_table(const struct error_table *et)
+{
+    struct et_list **ep, *e;
+
+    /* Safety check in case libraries are finalized in the wrong order. */
+    if (terminated)
+        return ENOENT;
+
+    if (CALL_INIT_FUNCTION(com_err_initialize))
+        return 0;
+    k5_mutex_lock(&et_list_lock);
+
+    /* Remove the entry that matches the error table instance. */
+    for (ep = &et_list; *ep; ep = &(*ep)->next) {
+        if ((*ep)->table == et) {
+            e = *ep;
+            *ep = e->next;
+            free(e);
+            k5_mutex_unlock(&et_list_lock);
+            return 0;
+        }
+    }
+    k5_mutex_unlock(&et_list_lock);
+    return ENOENT;
+}
+
+int com_err_finish_init()
+{
+    return CALL_INIT_FUNCTION(com_err_initialize);
+}
diff --git a/krb5-1.21.3/src/util/et/error_table.h b/krb5-1.21.3/src/util/et/error_table.h
new file mode 100644
index 00000000..c458b048
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/error_table.h
@@ -0,0 +1,32 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1988 by the Student Information Processing Board of the
+ * Massachusetts Institute of Technology.
+ *
+ * For copyright info, see mit-sipb-copyright.h.
+ */
+
+#ifndef _ET_H
+
+#include <errno.h>
+
+#define ET_EBUFSIZ 1024
+
+struct et_list {
+    struct et_list *next;
+    const struct error_table *table;
+};
+
+#define ERRCODE_RANGE   8       /* # of bits to shift table number */
+#define BITS_PER_CHAR   6       /* # bits to shift per character in name */
+#define ERRCODE_MAX   0xFFFFFFFFUL      /* Mask for maximum error table */
+
+const char *error_table_name(unsigned long);
+const char *error_table_name_r(unsigned long, char *outbuf);
+
+#include "k5-thread.h"
+extern k5_mutex_t com_err_hook_lock;
+int com_err_finish_init(void);
+
+#define _ET_H
+#endif
diff --git a/krb5-1.21.3/src/util/et/et.exp b/krb5-1.21.3/src/util/et/et.exp
new file mode 100644
index 00000000..00e15a2d
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et.exp
@@ -0,0 +1,8 @@
+#
+# comerr library Macintosh export file
+#
+# $Header$
+
+error_message
+add_error_table
+remove_error_table
diff --git a/krb5-1.21.3/src/util/et/et.pbexp b/krb5-1.21.3/src/util/et/et.pbexp
new file mode 100644
index 00000000..31097615
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et.pbexp
@@ -0,0 +1,10 @@
+#
+# comerr library Macintosh export file
+#
+# $Header$
+
+_com_err
+_com_err_va
+_error_message
+_add_error_table
+_remove_error_table
diff --git a/krb5-1.21.3/src/util/et/et1.et b/krb5-1.21.3/src/util/et/et1.et
new file mode 100644
index 00000000..71c4e6c5
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et1.et
@@ -0,0 +1,11 @@
+	error_table et1
+
+ec	ET1_M0, "error table 1 message 0"
+
+ec	ET1_M1,
+	"error table 1 message 1"
+
+error_code ET1_M2,
+	"error table 1 message 2"
+
+end
diff --git a/krb5-1.21.3/src/util/et/et2.et b/krb5-1.21.3/src/util/et/et2.et
new file mode 100644
index 00000000..4425f047
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et2.et
@@ -0,0 +1,11 @@
+	error_table et2
+
+ec	ET2_M0, "error table 2 message 0"
+
+ec	ET2_M1,
+	"error table 2 message 1"
+
+error_code ET2_M2,
+	"error table 2 message 2"
+
+end
diff --git a/krb5-1.21.3/src/util/et/et_c.awk b/krb5-1.21.3/src/util/et/et_c.awk
new file mode 100644
index 00000000..8a86bab4
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et_c.awk
@@ -0,0 +1,219 @@
+BEGIN { 
+char_shift=64
+## "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+c2n["A"]=1
+c2n["B"]=2
+c2n["C"]=3
+c2n["D"]=4
+c2n["E"]=5
+c2n["F"]=6
+c2n["G"]=7
+c2n["H"]=8
+c2n["I"]=9
+c2n["J"]=10
+c2n["K"]=11
+c2n["L"]=12
+c2n["M"]=13
+c2n["N"]=14
+c2n["O"]=15
+c2n["P"]=16
+c2n["Q"]=17
+c2n["R"]=18
+c2n["S"]=19
+c2n["T"]=20
+c2n["U"]=21
+c2n["V"]=22
+c2n["W"]=23
+c2n["X"]=24
+c2n["Y"]=25
+c2n["Z"]=26
+c2n["a"]=27
+c2n["b"]=28
+c2n["c"]=29
+c2n["d"]=30
+c2n["e"]=31
+c2n["f"]=32
+c2n["g"]=33
+c2n["h"]=34
+c2n["i"]=35
+c2n["j"]=36
+c2n["k"]=37
+c2n["l"]=38
+c2n["m"]=39
+c2n["n"]=40
+c2n["o"]=41
+c2n["p"]=42
+c2n["q"]=43
+c2n["r"]=44
+c2n["s"]=45
+c2n["t"]=46
+c2n["u"]=47
+c2n["v"]=48
+c2n["w"]=49
+c2n["x"]=50
+c2n["y"]=51
+c2n["z"]=52
+c2n["0"]=53
+c2n["1"]=54
+c2n["2"]=55
+c2n["3"]=56
+c2n["4"]=57
+c2n["5"]=58
+c2n["6"]=59
+c2n["7"]=60
+c2n["8"]=61
+c2n["9"]=62
+c2n["_"]=63
+}
+/^#/ { next }
+/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/ {
+	table_number = 0
+	table_name = $2
+	mod_base = 1000000
+	for(i=1; i<=length(table_name); i++) {
+	    table_number=(table_number*char_shift)+c2n[substr(table_name,i,1)]
+	}
+
+	# We start playing *_high, *low games here because the some
+	# awk programs do not have the necessary precision (sigh)
+	tab_base_low = table_number % mod_base
+	tab_base_high = int(table_number / mod_base)
+	tab_base_sign = 1;
+
+	# figure out: table_number_base=table_number*256
+	tab_base_low = tab_base_low * 256
+	tab_base_high = (tab_base_high * 256) + int(tab_base_low / mod_base)
+	tab_base_low = tab_base_low % mod_base
+
+	if (table_number > 128*256*256) {
+		# figure out:  table_number_base -= 256*256*256*256
+		# sub_high, sub_low is 256*256*256*256
+		sub_low = 256*256*256 % mod_base
+		sub_high = int(256*256*256 / mod_base)
+
+		sub_low = sub_low * 256
+		sub_high = (sub_high * 256) + int(sub_low / mod_base)
+		sub_low = sub_low % mod_base
+
+		tab_base_low = sub_low - tab_base_low;
+		tab_base_high = sub_high - tab_base_high;
+		tab_base_sign = -1;
+		if (tab_base_low < 0) {
+			tab_base_low = tab_base_low + mod_base
+			tab_base_high--
+		}
+	}
+	print "/*" > outfile
+	print " * " outfile ":" > outfile
+	print " * This file is automatically generated; please do not edit it." > outfile
+	print " */" > outfile
+
+	print "#if defined(_WIN32)" > outfile
+	print "# include \"win-mac.h\"" > outfile
+	print "#endif" > outfile
+	print "" > outfile
+	print "#if !defined(_WIN32)" > outfile
+	print "extern void initialize_" table_name "_error_table (void);" > outfile
+	print "#endif" > outfile
+	print "" > outfile
+	print "#define N_(x) (x)" > outfile
+	print "" > outfile
+	print "/* Lclint doesn't handle null annotations on arrays" > outfile
+	print "   properly, so we need this typedef in each" > outfile
+	print "   generated .c file.  */" > outfile
+	print "/*@-redef@*/" > outfile
+	print "typedef /*@null@*/ const char *ncptr;" > outfile
+	print "/*@=redef@*/" > outfile
+	print "" > outfile
+	print "static ncptr const text[] = {" > outfile
+	table_item_count = 0
+}
+
+(continuation == 1) && ($0 ~ /\\[ \t]*$/) {
+	text=substr($0,1,length($0)-1);
+#	printf "\t\t\"%s\"\n", text > outfile
+	cont_buf=cont_buf text;
+}
+
+(continuation == 1) && ($0 ~ /"[ \t]*$/) {
+#	printf "\t\t\"%s,\n", $0 > outfile
+	printf "\tN_(%s),\n", cont_buf $0 > outfile
+	continuation = 0;
+}
+
+/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*$/ {
+	table_item_count++
+	skipone=1
+	next
+}
+
+/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*"[ \t]*$/ {
+	text=""
+	for (i=3; i<=NF; i++) { 
+	    text = text FS $i
+	}
+	text=substr(text,2,length(text)-1);
+	printf "\tN_(%s),\n", text > outfile
+	table_item_count++
+}
+
+/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*\\[ \t]*$/ {
+	text=""
+	for (i=3; i<=NF; i++) { 
+	    text = text FS $i
+	}
+	text=substr(text,2,length(text)-2);
+#	printf "\t%s\"\n", text > outfile
+	cont_buf=text
+	continuation++;
+}
+
+/^[ \t]*".*\\[ \t]*$/ {
+	if (skipone) {
+	    text=substr($0,1,length($0)-1);
+#	    printf "\t%s\"\n", text > outfile
+	    cont_buf=text
+	    continuation++;
+	}
+	skipone=0
+}
+
+{ 
+	if (skipone) {
+	    printf "\tN_(%s),\n", $0 > outfile
+	}
+	skipone=0
+}
+END {
+	if (table_item_count > 256) {
+	    print "Error table too large!" | "cat 1>&2"
+	    exit 1
+	}
+	# Put text domain and/or localedir at the end of the list.
+	if (textdomain) {
+	    printf "    \"%s\", /* Text domain */\n", textdomain > outfile
+	    if (localedir) {
+		printf "    \"%s\", /* Locale dir */\n", localedir > outfile
+	    }
+	}
+	print "    0" > outfile
+	print "};" > outfile
+	print "" > outfile
+	print "#include <com_err.h>" > outfile
+	print "" > outfile
+	if (tab_base_high == 0) {
+	    base = sprintf("%dL", tab_base_sign * tab_base_low)
+	} else {
+	    base = sprintf("%d%06dL", tab_base_sign * tab_base_high, tab_base_low)
+	}
+	ints = sprintf("%s, %d", base, table_item_count)
+	print "const struct error_table et_" table_name "_error_table = { text, " ints " };" > outfile
+	print "" > outfile
+	print "#if !defined(_WIN32)" > outfile
+	print "void initialize_" table_name "_error_table (void)" > outfile
+	print "    /*@modifies internalState@*/" > outfile
+	print "{" > outfile
+	print "    (void) add_error_table (&et_" table_name "_error_table);" > outfile
+	print "}" > outfile
+	print "#endif" > outfile
+}
diff --git a/krb5-1.21.3/src/util/et/et_c.pl b/krb5-1.21.3/src/util/et/et_c.pl
new file mode 100644
index 00000000..a845eb0f
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et_c.pl
@@ -0,0 +1,289 @@
+eval 'exec /usr/athena/bin/perl -S $0 ${1+"$@"}'
+    if $running_under_some_shell;
+			# this emulates #! processing on NIH machines.
+			# (remove #! line above if indigestible)
+
+eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
+			# process any FOO=bar switches
+
+$[ = 1;			# set array base to 1
+$FS = ' ';		# set field separator
+$, = ' ';		# set output field separator
+$\ = "\n";		# set output record separator
+
+$char_shift = 64;
+## "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+$c2n{'A'} = 1;
+$c2n{'B'} = 2;
+$c2n{'C'} = 3;
+$c2n{'D'} = 4;
+$c2n{'E'} = 5;
+$c2n{'F'} = 6;
+$c2n{'G'} = 7;
+$c2n{'H'} = 8;
+$c2n{'I'} = 9;
+$c2n{'J'} = 10;
+$c2n{'K'} = 11;
+$c2n{'L'} = 12;
+$c2n{'M'} = 13;
+$c2n{'N'} = 14;
+$c2n{'O'} = 15;
+$c2n{'P'} = 16;
+$c2n{'Q'} = 17;
+$c2n{'R'} = 18;
+$c2n{'S'} = 19;
+$c2n{'T'} = 20;
+$c2n{'U'} = 21;
+$c2n{'V'} = 22;
+$c2n{'W'} = 23;
+$c2n{'X'} = 24;
+$c2n{'Y'} = 25;
+$c2n{'Z'} = 26;
+$c2n{'a'} = 27;
+$c2n{'b'} = 28;
+$c2n{'c'} = 29;
+$c2n{'d'} = 30;
+$c2n{'e'} = 31;
+$c2n{'f'} = 32;
+$c2n{'g'} = 33;
+$c2n{'h'} = 34;
+$c2n{'i'} = 35;
+$c2n{'j'} = 36;
+$c2n{'k'} = 37;
+$c2n{'l'} = 38;
+$c2n{'m'} = 39;
+$c2n{'n'} = 40;
+$c2n{'o'} = 41;
+$c2n{'p'} = 42;
+$c2n{'q'} = 43;
+$c2n{'r'} = 44;
+$c2n{'s'} = 45;
+$c2n{'t'} = 46;
+$c2n{'u'} = 47;
+$c2n{'v'} = 48;
+$c2n{'w'} = 49;
+$c2n{'x'} = 50;
+$c2n{'y'} = 51;
+$c2n{'z'} = 52;
+$c2n{'0'} = 53;
+$c2n{'1'} = 54;
+$c2n{'2'} = 55;
+$c2n{'3'} = 56;
+$c2n{'4'} = 57;
+$c2n{'5'} = 58;
+$c2n{'6'} = 59;
+$c2n{'7'} = 60;
+$c2n{'8'} = 61;
+$c2n{'9'} = 62;
+$c2n{'_'} = 63;
+
+line: while (<>) {
+    chomp;	# strip record separator
+    @Fld = split($FS, $_, 9999);
+    if (/^#/) {
+	next line;
+    }
+    if (/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/) {
+	$table_number = 0;
+	$table_name = $Fld[2];
+	$mod_base = 1000000;
+	for ($i = 1; $i <= length($table_name); $i++) {
+	    $table_number = ($table_number * $char_shift) +
+
+	      $c2n{substr($table_name, $i, 1)};
+	}
+
+	# We start playing *_high, *low games here because the some
+	# awk programs do not have the necessary precision (sigh)
+	$tab_base_low = $table_number % $mod_base;
+	$tab_base_high = int($table_number / $mod_base);
+	$tab_base_sign = 1;
+
+	# figure out: table_number_base=table_number*256
+	$tab_base_low = $tab_base_low * 256;
+	$tab_base_high = ($tab_base_high * 256) + int($tab_base_low /
+
+	  $mod_base);
+	$tab_base_low = $tab_base_low % $mod_base;
+
+	if ($table_number > 128 * 256 * 256) {
+	    # figure out:  table_number_base -= 256*256*256*256
+	    # sub_high, sub_low is 256*256*256*256
+	    $sub_low = 256 * 256 * 256 % $mod_base;
+	    $sub_high = int(256 * 256 * 256 / $mod_base);
+
+	    $sub_low = $sub_low * 256;
+	    $sub_high = ($sub_high * 256) + int($sub_low / $mod_base);
+	    $sub_low = $sub_low % $mod_base;
+
+	    $tab_base_low = $sub_low - $tab_base_low;
+	    $tab_base_high = $sub_high - $tab_base_high;
+	    $tab_base_sign = -1;
+	    if ($tab_base_low < 0) {
+		$tab_base_low = $tab_base_low + $mod_base;
+		$tab_base_high--;
+	    }
+	}
+	&Pick('>', $outfile) &&
+	    (print $fh '/*');
+	&Pick('>', $outfile) &&
+	    (print $fh ' * ' . $outfile . ':');
+	&Pick('>', $outfile) &&
+	    (print $fh
+
+	      ' * This file is automatically generated; please do not edit it.');
+	&Pick('>', $outfile) &&
+	    (print $fh ' */');
+
+	&Pick('>', $outfile) &&
+	    (print $fh '#if defined(_WIN32)');
+	&Pick('>', $outfile) &&
+	    (print $fh "# include \"win-mac.h\"");
+	&Pick('>', $outfile) &&
+	    (print $fh '#endif');
+	&Pick('>', $outfile) &&
+	    (print $fh '');
+	&Pick('>', $outfile) &&
+	    (print $fh '#if !defined(_WIN32)');
+	&Pick('>', $outfile) &&
+	    (print $fh 'extern void initialize_' . $table_name .
+
+	      '_error_table (void);');
+	&Pick('>', $outfile) &&
+	    (print $fh '#endif');
+	&Pick('>', $outfile) &&
+	    (print $fh '');
+	&Pick('>', $outfile) &&
+	    (print $fh "/* Lclint doesn't handle null annotations on arrays");
+	&Pick('>', $outfile) &&
+	    (print $fh '   properly, so we need this typedef in each');
+	&Pick('>', $outfile) &&
+	    (print $fh '   generated .c file.  */');
+	&Pick('>', $outfile) &&
+	    (print $fh '/*@-redef@*/');
+	&Pick('>', $outfile) &&
+	    (print $fh 'typedef /*@null@*/ const char *ncptr;');
+	&Pick('>', $outfile) &&
+	    (print $fh '/*@=redef@*/');
+	&Pick('>', $outfile) &&
+	    (print $fh '');
+	&Pick('>', $outfile) &&
+	    (print $fh 'static ncptr const text[] = {');
+	$table_item_count = 0;
+    }
+
+    if (($continuation == 1) && ($_ =~ /\\[ \t]*$/)) {
+	$text = substr($_, 1, length($_) - 1);
+	#	printf "\t\t\"%s\"\n", text > outfile
+	$cont_buf = $cont_buf . $text;
+    }
+
+    if (($continuation == 1) && ($_ =~ /"[ \t]*$/)) {
+	#	printf "\t\t\"%s,\n", $0 > outfile
+	&Pick('>', $outfile) &&
+	    (printf $fh "\t%s,\n", $cont_buf . $_);
+	$continuation = 0;
+    }
+
+    if (/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*$/) {
+	$table_item_count++;
+	$skipone = 1;
+	next line;
+    }
+
+    if (/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*"[ \t]*$/) {
+	$text = '';
+	for ($i = 3; $i <= $#Fld; $i++) {
+	    $text = $text . $FS . $Fld[$i];
+	}
+	$text = substr($text, 2, length($text) - 1);
+	&Pick('>', $outfile) &&
+	    (printf $fh "\t%s,\n", $text);
+	$table_item_count++;
+    }
+
+    if (/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*\\[ \t]*$/) {
+	$text = '';
+	for ($i = 3; $i <= $#Fld; $i++) {
+	    $text = $text . $FS . $Fld[$i];
+	}
+	$text = substr($text, 2, length($text) - 2);
+	#	printf "\t%s\"\n", text > outfile
+	$cont_buf = $text;
+	$continuation++;
+    }
+
+    if (/^[ \t]*".*\\[ \t]*$/) {
+	if ($skipone) {
+	    $text = substr($_, 1, length($_) - 1);
+	    #	    printf "\t%s\"\n", text > outfile
+	    $cont_buf = $text;
+	    $continuation++;
+	}
+	$skipone = 0;
+    }
+
+    if ($skipone) {
+	&Pick('>', $outfile) &&
+	    (printf $fh "\t%s,\n", $_);
+    }
+    $skipone = 0;
+}
+
+if ($table_item_count > 256) {
+    &Pick('|', 'cat 1>&2') &&
+	(print $fh 'Error table too large!');
+    exit 1;
+}
+&Pick('>', $outfile) &&
+    (print $fh '    0');
+&Pick('>', $outfile) &&
+    (print $fh '};');
+&Pick('>', $outfile) &&
+    (print $fh '');
+&Pick('>', $outfile) &&
+    (print $fh '#include <com_err.h>');
+&Pick('>', $outfile) &&
+    (print $fh '');
+if ($tab_base_high == 0) {
+    &Pick('>', $outfile) &&
+	(print $fh 'const struct error_table et_' . $table_name .
+
+	  '_error_table = { text, ' . sprintf('%dL, %d };',
+
+	  $tab_base_sign * $tab_base_low, $table_item_count));
+}
+else {
+    &Pick('>', $outfile) &&
+	(print $fh 'const struct error_table et_' . $table_name .
+
+	  '_error_table = { text, ' . sprintf('%d%06dL, %d };',
+
+	  $tab_base_sign * $tab_base_high, $tab_base_low, $table_item_count));
+}
+&Pick('>', $outfile) &&
+    (print $fh '');
+&Pick('>', $outfile) &&
+    (print $fh '#if !defined(_WIN32)');
+&Pick('>', $outfile) &&
+    (print $fh 'void initialize_' . $table_name . '_error_table (void)');
+&Pick('>', $outfile) &&
+    (print $fh '    /*@modifies internalState@*/');
+&Pick('>', $outfile) &&
+    (print $fh '{');
+&Pick('>', $outfile) &&
+    (print $fh '    (void) add_error_table (&et_' . $table_name .
+
+      '_error_table);');
+&Pick('>', $outfile) &&
+    (print $fh '}');
+&Pick('>', $outfile) &&
+    (print $fh '#endif');
+
+exit $ExitValue;
+
+sub Pick {
+    local($mode,$name,$pipe) = @_;
+    $fh = $name;
+    open($name,$mode.$name.$pipe) unless $opened{$name}++;
+}
diff --git a/krb5-1.21.3/src/util/et/et_h.awk b/krb5-1.21.3/src/util/et/et_h.awk
new file mode 100644
index 00000000..95940d1b
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et_h.awk
@@ -0,0 +1,162 @@
+BEGIN { 
+char_shift=64
+## "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+c2n["A"]=1
+c2n["B"]=2
+c2n["C"]=3
+c2n["D"]=4
+c2n["E"]=5
+c2n["F"]=6
+c2n["G"]=7
+c2n["H"]=8
+c2n["I"]=9
+c2n["J"]=10
+c2n["K"]=11
+c2n["L"]=12
+c2n["M"]=13
+c2n["N"]=14
+c2n["O"]=15
+c2n["P"]=16
+c2n["Q"]=17
+c2n["R"]=18
+c2n["S"]=19
+c2n["T"]=20
+c2n["U"]=21
+c2n["V"]=22
+c2n["W"]=23
+c2n["X"]=24
+c2n["Y"]=25
+c2n["Z"]=26
+c2n["a"]=27
+c2n["b"]=28
+c2n["c"]=29
+c2n["d"]=30
+c2n["e"]=31
+c2n["f"]=32
+c2n["g"]=33
+c2n["h"]=34
+c2n["i"]=35
+c2n["j"]=36
+c2n["k"]=37
+c2n["l"]=38
+c2n["m"]=39
+c2n["n"]=40
+c2n["o"]=41
+c2n["p"]=42
+c2n["q"]=43
+c2n["r"]=44
+c2n["s"]=45
+c2n["t"]=46
+c2n["u"]=47
+c2n["v"]=48
+c2n["w"]=49
+c2n["x"]=50
+c2n["y"]=51
+c2n["z"]=52
+c2n["0"]=53
+c2n["1"]=54
+c2n["2"]=55
+c2n["3"]=56
+c2n["4"]=57
+c2n["5"]=58
+c2n["6"]=59
+c2n["7"]=60
+c2n["8"]=61
+c2n["9"]=62
+c2n["_"]=63
+}
+/^#/ { next }
+/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/ {
+	table_number = 0
+	table_name = $2
+	mod_base = 1000000
+	for(i=1; i<=length(table_name); i++) {
+	    table_number=(table_number*char_shift)+c2n[substr(table_name,i,1)]
+	}
+	# We start playing *_high, *low games here because the some
+	# awk programs do not have the necessary precision (sigh)
+	tab_base_low = table_number % mod_base
+	tab_base_high = int(table_number / mod_base)
+	tab_base_sign = 1;
+
+	# figure out: table_number_base=table_number*256
+	tab_base_low = tab_base_low * 256
+	tab_base_high = (tab_base_high * 256) + int(tab_base_low / mod_base)
+	tab_base_low = tab_base_low % mod_base
+
+	if (table_number > 128*256*256) {
+		# figure out:  table_number_base -= 256*256*256*256
+		# sub_high, sub_low is 256*256*256*256
+		sub_low = 256*256*256 % mod_base
+		sub_high = int(256*256*256 / mod_base)
+
+		sub_low = sub_low * 256
+		sub_high = (sub_high * 256) + int(sub_low / mod_base)
+		sub_low = sub_low % mod_base
+
+		tab_base_low = sub_low - tab_base_low;
+		tab_base_high = sub_high - tab_base_high;
+		tab_base_sign = -1;
+		if (tab_base_low < 0) {
+			tab_base_low = tab_base_low + mod_base
+			tab_base_high--
+		}
+	}
+	curr_low = tab_base_low
+	curr_high = tab_base_high
+	curr_sign = tab_base_sign
+	print "/*" > outfile
+	print " * " outfile ":" > outfile
+	print " * This file is automatically generated; please do not edit it." > outfile
+	print " */" > outfile
+	print "" > outfile
+	print "#include <com_err.h>" > outfile
+	print "" > outfile
+	table_item_count = 0
+}
+
+/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,/ {
+	tag=substr($2,1,length($2)-1)
+	if (curr_high == 0) {
+		printf "#define %-40s (%dL)\n", tag, curr_sign*curr_low > outfile
+	} else {
+		printf "#define %-40s (%d%06dL)\n", tag, curr_high*curr_sign, curr_low > outfile
+	}
+	curr_low += curr_sign;
+	if (curr_low >= mod_base) {
+		curr_low -= mod_base;
+		curr_high++
+	}
+	if (curr_low < 0) {
+		cur_low += mod_base
+		cur_high--
+	}
+}
+
+END {
+	if (table_item_count > 256) {
+	    print "Error table too large!" | "cat 1>&2"
+	    exit 1
+	}
+	if (tab_base_high == 0) {
+		base = sprintf("%dL", tab_base_sign * tab_base_low)
+	} else {
+		base = sprintf("%d%06dL", tab_base_sign * tab_base_high, tab_base_low)
+	}
+	print "#define ERROR_TABLE_BASE_" table_name " (" base ")" > outfile
+	print "" > outfile
+	print "extern const struct error_table et_" table_name "_error_table;" > outfile
+	print "" > outfile
+	print "#if !defined(_WIN32)" > outfile
+	print "/* for compatibility with older versions... */" > outfile
+	print "extern void initialize_" table_name "_error_table (void) /*@modifies internalState@*/;" > outfile
+	print "#else" > outfile
+	print "#define initialize_" table_name "_error_table()" > outfile
+	print "#endif" > outfile
+	print "" > outfile
+	print "#if !defined(_WIN32)" > outfile
+	print "#define init_" table_name "_err_tbl initialize_" table_name "_error_table" > outfile
+	print "#define " table_name "_err_base ERROR_TABLE_BASE_" table_name > outfile
+	print "#endif" > outfile
+}
+
diff --git a/krb5-1.21.3/src/util/et/et_h.pl b/krb5-1.21.3/src/util/et/et_h.pl
new file mode 100644
index 00000000..5ab8e8b4
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et_h.pl
@@ -0,0 +1,234 @@
+eval 'exec /usr/athena/bin/perl -S $0 ${1+"$@"}'
+    if $running_under_some_shell;
+			# this emulates #! processing on NIH machines.
+			# (remove #! line above if indigestible)
+
+eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
+			# process any FOO=bar switches
+
+$[ = 1;			# set array base to 1
+$, = ' ';		# set output field separator
+$\ = "\n";		# set output record separator
+
+$char_shift = 64;
+## "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+$c2n{'A'} = 1;
+$c2n{'B'} = 2;
+$c2n{'C'} = 3;
+$c2n{'D'} = 4;
+$c2n{'E'} = 5;
+$c2n{'F'} = 6;
+$c2n{'G'} = 7;
+$c2n{'H'} = 8;
+$c2n{'I'} = 9;
+$c2n{'J'} = 10;
+$c2n{'K'} = 11;
+$c2n{'L'} = 12;
+$c2n{'M'} = 13;
+$c2n{'N'} = 14;
+$c2n{'O'} = 15;
+$c2n{'P'} = 16;
+$c2n{'Q'} = 17;
+$c2n{'R'} = 18;
+$c2n{'S'} = 19;
+$c2n{'T'} = 20;
+$c2n{'U'} = 21;
+$c2n{'V'} = 22;
+$c2n{'W'} = 23;
+$c2n{'X'} = 24;
+$c2n{'Y'} = 25;
+$c2n{'Z'} = 26;
+$c2n{'a'} = 27;
+$c2n{'b'} = 28;
+$c2n{'c'} = 29;
+$c2n{'d'} = 30;
+$c2n{'e'} = 31;
+$c2n{'f'} = 32;
+$c2n{'g'} = 33;
+$c2n{'h'} = 34;
+$c2n{'i'} = 35;
+$c2n{'j'} = 36;
+$c2n{'k'} = 37;
+$c2n{'l'} = 38;
+$c2n{'m'} = 39;
+$c2n{'n'} = 40;
+$c2n{'o'} = 41;
+$c2n{'p'} = 42;
+$c2n{'q'} = 43;
+$c2n{'r'} = 44;
+$c2n{'s'} = 45;
+$c2n{'t'} = 46;
+$c2n{'u'} = 47;
+$c2n{'v'} = 48;
+$c2n{'w'} = 49;
+$c2n{'x'} = 50;
+$c2n{'y'} = 51;
+$c2n{'z'} = 52;
+$c2n{'0'} = 53;
+$c2n{'1'} = 54;
+$c2n{'2'} = 55;
+$c2n{'3'} = 56;
+$c2n{'4'} = 57;
+$c2n{'5'} = 58;
+$c2n{'6'} = 59;
+$c2n{'7'} = 60;
+$c2n{'8'} = 61;
+$c2n{'9'} = 62;
+$c2n{'_'} = 63;
+
+line: while (<>) {
+    ($Fld1,$Fld2) = split(' ', $_, 9999);
+    if (/^#/) {
+	next line;
+    }
+    if (/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/) {
+	$table_number = 0;
+	$table_name = $Fld2;
+	$mod_base = 1000000;
+	for ($i = 1; $i <= length($table_name); $i++) {
+	    $table_number = ($table_number * $char_shift) +
+
+	      $c2n{substr($table_name, $i, 1)};
+	}
+	# We start playing *_high, *low games here because the some
+	# awk programs do not have the necessary precision (sigh)
+	$tab_base_low = $table_number % $mod_base;
+	$tab_base_high = int($table_number / $mod_base);
+	$tab_base_sign = 1;
+
+	# figure out: table_number_base=table_number*256
+	$tab_base_low = $tab_base_low * 256;
+	$tab_base_high = ($tab_base_high * 256) + int($tab_base_low /
+
+	  $mod_base);
+	$tab_base_low = $tab_base_low % $mod_base;
+
+	if ($table_number > 128 * 256 * 256) {
+	    # figure out:  table_number_base -= 256*256*256*256
+	    # sub_high, sub_low is 256*256*256*256
+	    $sub_low = 256 * 256 * 256 % $mod_base;
+	    $sub_high = int(256 * 256 * 256 / $mod_base);
+
+	    $sub_low = $sub_low * 256;
+	    $sub_high = ($sub_high * 256) + int($sub_low / $mod_base);
+	    $sub_low = $sub_low % $mod_base;
+
+	    $tab_base_low = $sub_low - $tab_base_low;
+	    $tab_base_high = $sub_high - $tab_base_high;
+	    $tab_base_sign = -1;
+	    if ($tab_base_low < 0) {
+		$tab_base_low = $tab_base_low + $mod_base;
+		$tab_base_high--;
+	    }
+	}
+	$curr_low = $tab_base_low;
+	$curr_high = $tab_base_high;
+	$curr_sign = $tab_base_sign;
+	&Pick('>', $outfile) &&
+	    (print $fh '/*');
+	&Pick('>', $outfile) &&
+	    (print $fh ' * ' . $outfile . ':');
+	&Pick('>', $outfile) &&
+	    (print $fh
+
+	      ' * This file is automatically generated; please do not edit it.');
+	&Pick('>', $outfile) &&
+	    (print $fh ' */');
+	&Pick('>', $outfile) &&
+	    (print $fh '');
+	&Pick('>', $outfile) &&
+	    (print $fh '#include <com_err.h>');
+	&Pick('>', $outfile) &&
+	    (print $fh '');
+	$table_item_count = 0;
+    }
+
+    if (/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,/) {
+	$tag = substr($Fld2, 1, length($Fld2) - 1);
+	if ($curr_high == 0) {
+	    &Pick('>', $outfile) &&
+		(printf $fh "#define %-40s (%dL)\n", $tag,
+
+		  $curr_sign * $curr_low);
+	}
+	else {
+	    &Pick('>', $outfile) &&
+		(printf $fh "#define %-40s (%d%06dL)\n", $tag,
+
+		  $curr_high * $curr_sign, $curr_low);
+	}
+	$curr_low += $curr_sign;
+	if ($curr_low >= $mod_base) {	#???
+	    $curr_low -= $mod_base;
+	    $curr_high++;
+	}
+	if ($curr_low < 0) {
+	    $cur_low += $mod_base;
+	    $cur_high--;
+	}
+    }
+}
+
+if ($table_item_count > 256) {
+    &Pick('|', 'cat 1>&2') &&
+	(print $fh 'Error table too large!');
+    exit 1;
+}
+if ($tab_base_high == 0) {
+    &Pick('>', $outfile) &&
+	(print $fh '#define ERROR_TABLE_BASE_' . $table_name . ' (' .
+
+	  sprintf('%d', $tab_base_sign * $tab_base_low) . 'L)');
+}
+else {
+    &Pick('>', $outfile) &&
+	(print $fh '#define ERROR_TABLE_BASE_' . $table_name . ' (' .
+
+	  sprintf('%d%06d', $tab_base_sign * $tab_base_high,
+
+	  $tab_base_low) . 'L)');
+}
+&Pick('>', $outfile) &&
+    (print $fh '');
+&Pick('>', $outfile) &&
+    (print $fh 'extern const struct error_table et_' . $table_name .
+
+      '_error_table;');
+&Pick('>', $outfile) &&
+    (print $fh '');
+&Pick('>', $outfile) &&
+    (print $fh '#if !defined(_WIN32)');
+&Pick('>', $outfile) &&
+    (print $fh '/* for compatibility with older versions... */');
+&Pick('>', $outfile) &&
+    (print $fh 'extern void initialize_' . $table_name .
+
+      '_error_table (void) /*@modifies internalState@*/;');
+&Pick('>', $outfile) &&
+    (print $fh '#else');
+&Pick('>', $outfile) &&
+    (print $fh '#define initialize_' . $table_name . '_error_table()');
+&Pick('>', $outfile) &&
+    (print $fh '#endif');
+&Pick('>', $outfile) &&
+    (print $fh '');
+&Pick('>', $outfile) &&
+    (print $fh '#if !defined(_WIN32)');
+&Pick('>', $outfile) &&
+    (print $fh '#define init_' . $table_name . '_err_tbl initialize_' .
+
+      $table_name . '_error_table');
+&Pick('>', $outfile) &&
+    (print $fh '#define ' . $table_name . '_err_base ERROR_TABLE_BASE_' .
+
+      $table_name);
+&Pick('>', $outfile) &&
+    (print $fh '#endif');
+
+exit $ExitValue;
+
+sub Pick {
+    local($mode,$name,$pipe) = @_;
+    $fh = $name;
+    open($name,$mode.$name.$pipe) unless $opened{$name}++;
+}
diff --git a/krb5-1.21.3/src/util/et/et_name.c b/krb5-1.21.3/src/util/et/et_name.c
new file mode 100644
index 00000000..a337f7fa
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/et_name.c
@@ -0,0 +1,57 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1997 by Massachusetts Institute of Technology
+ *
+ * Copyright 1987 by MIT Student Information Processing Board
+ *
+ * Permission to use, copy, modify, and distribute this software
+ * and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice
+ * appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation,
+ * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+ * used in advertising or publicity pertaining to distribution
+ * of the software without specific, written prior permission.
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. and the M.I.T. S.I.P.B. make no representations about
+ * the suitability of this software for any purpose.  It is
+ * provided "as is" without express or implied warranty.
+ */
+
+#include "com_err.h"
+#include "error_table.h"
+
+static const char char_set[] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+
+const char *
+error_table_name_r (unsigned long num,
+                    /*@out@*/ /*@returned@*/ char *outbuf)
+/*@modifies outbuf@*/
+{
+    long ch;
+    int i;
+    /*@out@*/ char *p;
+
+    p = outbuf;
+    num >>= ERRCODE_RANGE;
+
+    for (i = 3; i >= 0; i--) {
+        ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
+        if (ch != 0)
+            *p++ = char_set[ch-1];
+    }
+    *p = '\0';
+    return(outbuf);
+}
+
+/*@observer@*/
+const char * error_table_name(unsigned long num)
+/*@modifies internalState@*/
+{
+    static char buf[6];
+
+    return error_table_name_r(num, buf);
+}
diff --git a/krb5-1.21.3/src/util/et/libcom_err.exports b/krb5-1.21.3/src/util/et/libcom_err.exports
new file mode 100644
index 00000000..ea8f32d5
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/libcom_err.exports
@@ -0,0 +1,9 @@
+add_error_table
+com_err
+com_err_va
+error_message
+error_table_name
+error_table_name_r
+remove_error_table
+reset_com_err_hook
+set_com_err_hook
diff --git a/krb5-1.21.3/src/util/et/mit-sipb-copyright.h b/krb5-1.21.3/src/util/et/mit-sipb-copyright.h
new file mode 100644
index 00000000..41dc249f
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/mit-sipb-copyright.h
@@ -0,0 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+
+  Copyright 1987, 1988 by the Student Information Processing Board
+  of the Massachusetts Institute of Technology
+
+  Permission to use, copy, modify, and distribute this software
+  and its documentation for any purpose and without fee is
+  hereby granted, provided that the above copyright notice
+  appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation,
+  and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+  used in advertising or publicity pertaining to distribution
+  of the software without specific, written prior permission.
+  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. and the M.I.T. S.I.P.B. make no representations about
+  the suitability of this software for any purpose.  It is
+  provided "as is" without express or implied warranty.
+
+*/
diff --git a/krb5-1.21.3/src/util/et/t_com_err.c b/krb5-1.21.3/src/util/et/t_com_err.c
new file mode 100644
index 00000000..385e6e71
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/t_com_err.c
@@ -0,0 +1,144 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "com_err.h"
+#include "et1.h"
+#include "et2.h"
+
+int misc_err, known_err;        /* known_err is err in whether or not
+                                   table is 'known' to library */
+int fail;
+
+static void
+try_one (errcode_t code, int known, int table, int msgno)
+{
+    const char *msg = error_message (code);
+    char buffy[1024];
+
+    snprintf (buffy, sizeof(buffy), "error table %d message %d", table, msgno);
+    if (0 == strcmp (buffy, msg)) {
+        if (!known) {
+            known_err++;
+        }
+        return;
+    }
+    snprintf (buffy, sizeof(buffy), "Unknown code et%d %d", table, msgno);
+    if (!strcmp (buffy, msg)) {
+        if (known)
+            known_err++;
+        return;
+    }
+    printf ("error code %ld got unrecognized message '%s',\n"
+            "should have been table %d message %d\n",
+            (long) code, msg, table, msgno);
+    misc_err++;
+}
+
+static void
+try_table (int table, int known, int lineno,
+           errcode_t c0, errcode_t c1, errcode_t c2)
+{
+    try_one (c0, known, table, 0);
+    try_one (c1, known, table, 1);
+    try_one (c2, known, table, 2);
+    if (misc_err != 0 || known_err != 0) {
+        fail++;
+        if (known_err)
+            printf ("table list error from line %d, table %d\n", lineno,
+                    table);
+        if (misc_err)
+            printf ("misc errors from line %d table %d\n", lineno, table);
+        misc_err = known_err = 0;
+    }
+}
+
+static void
+try_em_1 (int t1_known, int t2_known, int lineno)
+{
+    try_table (1, t1_known, lineno, ET1_M0, ET1_M1, ET1_M2);
+    try_table (2, t2_known, lineno, ET2_M0, ET2_M1, ET2_M2);
+}
+#define try_em(A,B) try_em_1(A,B,__LINE__)
+
+static void *run(/*@unused@*/ void *x)
+{
+    try_em (0, 0);
+    (void) add_error_table (&et_et1_error_table);
+    try_em (1, 0);
+    (void) add_error_table (&et_et2_error_table);
+    try_em (1, 1);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (0, 1);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (0, 1);
+    (void) remove_error_table (&et_et2_error_table);
+    try_em (0, 0);
+
+    initialize_et1_error_table ();
+    try_em (1, 0);
+    (void) add_error_table (&et_et1_error_table);
+    try_em (1, 0);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (1, 0);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (0, 0);
+
+    initialize_et1_error_table ();
+    try_em (1, 0);
+    (void) add_error_table (&et_et1_error_table);
+    try_em (1, 0);
+    (void) add_error_table (&et_et2_error_table);
+    try_em (1, 1);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (1, 1);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (0, 1);
+    (void) remove_error_table (&et_et2_error_table);
+    try_em (0, 0);
+    (void) remove_error_table (&et_et2_error_table);
+    try_em (0, 0);
+
+    (void) add_error_table (&et_et2_error_table);
+    try_em (0, 1);
+    initialize_et2_error_table ();
+    try_em (0, 1);
+    (void) add_error_table (&et_et1_error_table);
+    try_em (1, 1);
+    (void) remove_error_table (&et_et1_error_table);
+    try_em (0, 1);
+    (void) remove_error_table (&et_et2_error_table);
+    try_em (0, 1);
+    (void) remove_error_table (&et_et2_error_table);
+    try_em (0, 0);
+
+    return 0;
+}
+
+#ifdef TEST_THREADS
+#include <pthread.h>
+#endif
+
+int main (/*@unused@*/ int argc, /*@unused@*/ char *argv[])
+{
+#ifdef TEST_THREADS
+    pthread_t t;
+    int err;
+    void *t_retval;
+
+    err = pthread_create(&t, 0, run, 0);
+    if (err) {
+        fprintf(stderr, "pthread_create error: %s\n", strerror(err));
+        exit(1);
+    }
+    err = pthread_join(t, &t_retval);
+    if (err) {
+        fprintf(stderr, "pthread_join error: %s\n", strerror(err));
+        exit(1);
+    }
+    return fail;
+#else
+    run(0);
+    return fail;
+#endif
+}
diff --git a/krb5-1.21.3/src/util/et/test1.et b/krb5-1.21.3/src/util/et/test1.et
new file mode 100644
index 00000000..4c7b77f0
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/test1.et
@@ -0,0 +1,69 @@
+	error_table	krb
+
+	error_code	KRB_MK_AP_TKFIL,
+			"Can't read ticket file"
+
+	ec		KRB_MK_AP_NOTKT,
+			"Can't find ticket or TGT"
+
+	ec		KRB_MK_AP_TGTEXP,
+			"TGT expired"
+
+	ec		KRB_RD_AP_UNDEC,
+			"Can't decode authenticator"
+
+	ec		KRB_RD_AP_EXP,
+			"Ticket expired"
+
+	ec		KRB_RD_AP_REPEAT,
+			"Repeated request"
+
+	ec		KRB_RD_AP_NOT_US,
+			"The ticket isn't for us"
+
+	ec		KRB_RD_AP_INCON,
+			"Request is inconsistent"
+
+	ec		KRB_RD_AP_TIME,
+			"Delta-T too big"
+
+	ec		KRB_RD_AP_BADD,
+			"Incorrect net address"
+
+	ec		KRB_RD_AP_VERSION,
+			"Protocol version mismatch"
+
+	ec		KRB_RD_AP_MSG_TYPE,
+			"Invalid message type"
+
+	ec		KRB_RD_AP_MODIFIED,
+			"Message stream modified"
+
+	ec		KRB_RD_AP_ORDER,
+			"Message out of order"
+
+	ec		KRB_RD_AP_UNAUTHOR,
+			"Unauthorized request"
+
+	ec		KRB_GT_PW_NULL,
+			"Current password is null"
+
+	ec		KRB_GT_PW_BADPW,
+			"Incorrect current password"
+
+	ec		KRB_GT_PW_PROT,
+			"Protocol error"
+
+	ec		KRB_GT_PW_KDCERR,
+			"Error returned by KDC"
+
+	ec		KRB_GT_PW_NULLTKT,
+			"Null ticket returned by KDC"
+
+	ec		KRB_SKDC_RETRY,
+			"Retry count exceeded"
+
+	ec		KRB_SKDC_CANT,
+			"Can't send request"
+
+	end
diff --git a/krb5-1.21.3/src/util/et/test2.et b/krb5-1.21.3/src/util/et/test2.et
new file mode 100644
index 00000000..55ad74ea
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/test2.et
@@ -0,0 +1,9 @@
+	error_table	quux
+
+	ec	FOO_ERR, "foo"
+
+	ec	BAR_ERR, "bar"
+
+	ec	BAZ_ERR, "meow"
+
+	end
diff --git a/krb5-1.21.3/src/util/et/test_et.c b/krb5-1.21.3/src/util/et/test_et.c
new file mode 100644
index 00000000..9faf10f4
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/test_et.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "autoconf.h"
+#include <stdio.h>
+#include <errno.h>
+#include "com_err.h"
+#include "test1.h"
+#include "test2.h"
+
+#ifdef _WIN32
+# define EXPORT_LIST
+#endif
+
+/* XXX Not part of official public API.  */
+extern const char *error_table_name (errcode_t);
+
+#ifdef NEED_SYS_ERRLIST
+extern int sys_nerr;
+#endif
+
+int main()
+{
+    printf("Before initiating error table:\n\n");
+#ifndef EXPORT_LIST
+    printf("Table name '%s'\n", error_table_name(KRB_MK_AP_TGTEXP));
+    printf("UNIX  name '%s'\n", error_table_name(EPERM));
+#endif
+    printf("Msg TGT-expired is '%s'\n", error_message(KRB_MK_AP_TGTEXP));
+    printf("Msg EPERM is '%s'\n", error_message(EPERM));
+    printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
+    printf("Msg 1002 is '%s'\n", error_message (1002));
+#ifdef HAVE_SYS_ERRLIST
+    printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
+    printf("Msg {sys_nerr} is '%s'\n", error_message(sys_nerr));
+#endif
+    printf("Msg 0 is '%s'\n", error_message(0));
+
+    printf("With 0: tgt-expired -> %s\n", error_message(KRB_MK_AP_TGTEXP));
+
+    initialize_krb_error_table();
+#ifndef EXPORT_LIST
+    printf("KRB error table initialized:  base %ld (%s), name %s\n",
+           ERROR_TABLE_BASE_krb, error_message(ERROR_TABLE_BASE_krb),
+           error_table_name(ERROR_TABLE_BASE_krb));
+#else
+    printf("KRB error table initialized:  base %ld (%s)\n",
+           ERROR_TABLE_BASE_krb, error_message(ERROR_TABLE_BASE_krb));
+#endif
+    add_error_table(&et_krb_error_table);
+    printf("With krb: tgt-expired -> %s\n",
+           error_message(KRB_MK_AP_TGTEXP));
+
+    add_error_table(&et_quux_error_table);
+#ifndef EXPORT_LIST
+    printf("QUUX error table initialized: base %ld (%s), name %s\n",
+           ERROR_TABLE_BASE_quux, error_message(ERROR_TABLE_BASE_quux),
+           error_table_name(ERROR_TABLE_BASE_quux));
+#else
+    printf("QUUX error table initialized: base %ld (%s)\n",
+           ERROR_TABLE_BASE_quux, error_message(ERROR_TABLE_BASE_quux));
+#endif
+
+    printf("Msg for TGT-expired is '%s'\n",
+           error_message(KRB_MK_AP_TGTEXP));
+#ifdef HAVE_SYS_ERRLIST
+    printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
+#endif
+    printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
+    printf("Msg KRB_SKDC_CANT is '%s'\n",
+           error_message(KRB_SKDC_CANT));
+    printf("Msg 1e6 (8B 64) is '%s'\n", error_message(1000000));
+    printf("\n\nCOM_ERR tests:\n");
+    com_err("whoami", FOO_ERR, (char *)NULL);
+    com_err("whoami", FOO_ERR, " -- message goes %s", "here");
+    com_err("whoami", 0, (char *)0);
+    com_err("whoami", 0, "error number %d\n", 0);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/et/texinfo.tex b/krb5-1.21.3/src/util/et/texinfo.tex
new file mode 100644
index 00000000..eb29dfd7
--- /dev/null
+++ b/krb5-1.21.3/src/util/et/texinfo.tex
@@ -0,0 +1,2077 @@
+%% TeX macros to handle texinfo files
+
+%   Copyright (C) 1985, 1986, 1988 Richard M. Stallman
+
+%		       NO WARRANTY
+
+%  BECAUSE THIS PROGRAM IS LICENSED FREE OF CHARGE, WE PROVIDE ABSOLUTELY
+%NO WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE STATE LAW.  EXCEPT
+%WHEN OTHERWISE STATED IN WRITING, FREE SOFTWARE FOUNDATION, INC,
+%RICHARD M. STALLMAN AND/OR OTHER PARTIES PROVIDE THIS PROGRAM "AS IS"
+%WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
+%BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+%FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY
+%AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE PROGRAM PROVE
+%DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+%CORRECTION.
+
+% IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW WILL RICHARD M.
+%STALLMAN, THE FREE SOFTWARE FOUNDATION, INC., AND/OR ANY OTHER PARTY
+%WHO MAY MODIFY AND REDISTRIBUTE THIS PROGRAM AS PERMITTED BELOW, BE
+%LIABLE TO YOU FOR DAMAGES, INCLUDING ANY LOST PROFITS, LOST MONIES, OR
+%OTHER SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+%USE OR INABILITY TO USE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR
+%DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY THIRD PARTIES OR
+%A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS) THIS
+%PROGRAM, EVEN IF YOU HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
+%DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY.
+
+%		GENERAL PUBLIC LICENSE TO COPY
+
+%  1. You may copy and distribute verbatim copies of this source file
+%as you receive it, in any medium, provided that you conspicuously
+%and appropriately publish on each copy a valid copyright notice
+%"Copyright (C) 1986 Richard M. Stallman"; and include
+%following the copyright notice a verbatim copy of the above disclaimer
+%of warranty and of this License.
+
+%  2. You may modify your copy or copies of this source file or
+%any portion of it, and copy and distribute such modifications under
+%the terms of Paragraph 1 above, provided that you also do the following:
+
+%    a) cause the modified files to carry prominent notices stating
+%    that you changed the files and the date of any change; and
+
+%    b) cause the whole of any work that you distribute or publish,
+%    that in whole or in part contains or is a derivative of this
+%    program or any part thereof, to be licensed at no charge to all
+%    third parties on terms identical to those contained in this
+%    License Agreement (except that you may choose to grant more extensive
+%    warranty protection to some or all third parties, at your option).
+
+%    c) You may charge a distribution fee for the physical act of
+%    transferring a copy, and you may at your option offer warranty
+%    protection in exchange for a fee.
+
+%Mere aggregation of another unrelated program with this program (or its
+%derivative) on a volume of a storage or distribution medium does not bring
+%the other program under the scope of these terms.
+
+%  3. You may copy and distribute this program (or a portion or derivative
+%of it, under Paragraph 2) in object code or executable form under the terms
+%of Paragraphs 1 and 2 above provided that you also do one of the following:
+
+%    a) accompany it with the complete corresponding machine-readable
+%    source code, which must be distributed under the terms of
+%    Paragraphs 1 and 2 above; or,
+
+%    b) accompany it with a written offer, valid for at least three
+%    years, to give any third party free (except for a nominal
+%    shipping charge) a complete machine-readable copy of the
+%    corresponding source code, to be distributed under the terms of
+%    Paragraphs 1 and 2 above; or,
+
+%    c) accompany it with the information you received as to where the
+%    corresponding source code may be obtained.  (This alternative is
+%    allowed only for noncommercial distribution and only if you
+%    received the program in object code or executable form alone.)
+
+%For an executable file, complete source code means all the source code for
+%all modules it contains; but, as a special exception, it need not include
+%source code for modules which are standard libraries that accompany the
+%operating system on which the executable file runs.
+
+%  4. You may not copy, sublicense, distribute or transfer this program
+%except as expressly provided under this License Agreement.  Any attempt
+%otherwise to copy, sublicense, distribute or transfer this program is void and
+%your rights to use the program under this License agreement shall be
+%automatically terminated.  However, parties who have received computer
+%software programs from you with this License Agreement will not have
+%their licenses terminated so long as such parties remain in full compliance.
+
+%  5. If you wish to incorporate parts of this program into other free
+%programs whose distribution conditions are different, write to the Free
+%Software Foundation at 675 Mass Ave, Cambridge, MA 02139.  We have not yet
+%worked out a simple rule that can be stated here, but we will often permit
+%this.  We will be guided by the two goals of preserving the free status of
+%all derivatives of our free software and of promoting the sharing and reuse of
+%software.
+
+%In other words, you are welcome to use, share and improve this program.
+%You are forbidden to forbid anyone else to use, share and improve
+%what you give them.   Help stamp out software-hoarding!
+
+\def\texinfoversion{1.18}
+\message{Loading texinfo package [Version \texinfoversion]:}
+\message{}
+
+% Save some parts of plain tex whose names we will redefine.
+
+\let\ptexlbrace=\{
+\let\ptexrbrace=\}
+\let\ptexdot=\.
+\let\ptexstar=\*
+\let\ptexend=\end
+\let\ptexbullet=\bullet
+\let\ptexb=\b
+\let\ptexc=\c
+\let\ptexi=\i
+\let\ptext=\t
+\let\ptexl=\l
+\let\ptexL=\L
+
+\def\tie{\penalty 10000\ }     % Save plain tex definition of ~.
+
+\message{Basics,}
+\chardef\other=12
+
+\hyphenation{ap-pen-dix}
+\hyphenation{mini-buf-fer mini-buf-fers}
+\hyphenation{eshell}
+
+% Margin to add to right of even pages, to left of odd pages.
+\newdimen \bindingoffset  \bindingoffset=0pt
+\newdimen \normaloffset   \normaloffset=\hoffset
+\newdimen\pagewidth \newdimen\pageheight
+\pagewidth=\hsize \pageheight=\vsize
+
+%---------------------Begin change-----------------------
+%
+% Dimensions to add cropmarks at corners Added by P. A. MacKay, 12 Nov. 1986
+%
+\newdimen\cornerlong \newdimen\cornerthick
+\newdimen \topandbottommargin
+\newdimen \outerhsize \newdimen \outervsize
+\cornerlong=1pc\cornerthick=.3pt	% These set size of cropmarks
+\outerhsize=7in
+\outervsize=9.5in
+\topandbottommargin=.75in
+%
+%---------------------End change-----------------------
+
+% \onepageout takes a vbox as an argument.  Note that \pagecontents
+% does insertions itself, but you have to call it yourself.
+\chardef\PAGE=255  \output={\onepageout{\pagecontents\PAGE}}
+\def\onepageout#1{\hoffset=\normaloffset
+\ifodd\pageno  \advance\hoffset by \bindingoffset
+\else \advance\hoffset by -\bindingoffset\fi
+\shipout\vbox{{\let\hsize=\pagewidth \makeheadline} \pagebody{#1}%
+ {\let\hsize=\pagewidth \makefootline}}
+\advancepageno \ifnum\outputpenalty>-20000 \else\dosupereject\fi}
+
+
+% Here is a modification of the main output routine for Near East Publications
+% This provides right-angle cropmarks at all four corners.
+% The contents of the page are centerlined into the cropmarks,
+% and any desired binding offset is added as an \hskip on either
+% site of the centerlined box.  (P. A. MacKay, 12 November, 1986)
+%
+\def\croppageout#1{\hoffset=0pt % make sure this doesn't mess things up
+		 \shipout
+		 \vbox to \outervsize{\hsize=\outerhsize
+                 \vbox{\line{\ewtop\hfill\ewtop}}
+                 \nointerlineskip
+                 \line{\vbox{\moveleft\cornerthick\nstop}
+                       \hfill
+                       \vbox{\moveright\cornerthick\nstop}}
+                 \vskip \topandbottommargin
+                 \centerline{\ifodd\pageno\hskip\bindingoffset\fi
+			\vbox{
+			{\let\hsize=\pagewidth \makeheadline}
+			\pagebody{#1}
+			{\let\hsize=\pagewidth \makefootline}}
+			\ifodd\pageno\else\hskip\bindingoffset\fi}
+		 \vskip \topandbottommargin plus1fill minus1fill
+                 \boxmaxdepth\cornerthick
+                 \line{\vbox{\moveleft\cornerthick\nsbot}
+                       \hfill
+                       \vbox{\moveright\cornerthick\nsbot}}
+                 \nointerlineskip
+                 \vbox{\line{\ewbot\hfill\ewbot}}
+	}
+  \advancepageno 
+  \ifnum\outputpenalty>-20000 \else\dosupereject\fi}
+%
+% Do @cropmarks to get crop marks
+\def\cropmarks{\let\onepageout=\croppageout }
+
+\def\pagebody#1{\vbox to\pageheight{\boxmaxdepth=\maxdepth #1}}
+{\catcode`\@ =11
+\gdef\pagecontents#1{\ifvoid\topins\else\unvbox\topins\fi
+\dimen@=\dp#1 \unvbox#1
+\ifvoid\footins\else\vskip\skip\footins\footnoterule \unvbox\footins\fi
+\ifr@ggedbottom \kern-\dimen@ \vfil \fi}
+}
+
+%
+% Here are the rules for the cropmarks.  Note that they are
+% offset so that the space between them is truly \outerhsize or \outervsize
+% (P. A. MacKay, 12 November, 1986)
+%
+\def\ewtop{\vrule height\cornerthick depth0pt width\cornerlong}
+\def\nstop{\vbox
+  {\hrule height\cornerthick depth\cornerlong width\cornerthick}}
+\def\ewbot{\vrule height0pt depth\cornerthick width\cornerlong}
+\def\nsbot{\vbox
+  {\hrule height\cornerlong depth\cornerthick width\cornerthick}}
+
+% Parse an argument, then pass it to #1.
+% The argument can be delimited with [...] or with "..." or braces
+% or it can be a whole line.
+% #1 should be a macro which expects
+% an ordinary undelimited TeX argument.
+
+\def\parsearg #1{\let\next=#1\begingroup\obeylines\futurelet\temp\parseargx}
+
+\def\parseargx{%
+\ifx \obeyedspace\temp \aftergroup\parseargdiscardspace \else%
+\aftergroup \parseargline %
+\fi \endgroup}
+
+{\obeyspaces %
+\gdef\parseargdiscardspace {\begingroup\obeylines\futurelet\temp\parseargx}}
+
+\gdef\obeyedspace{\ }
+
+\def\parseargline{\begingroup \obeylines \parsearglinex}
+{\obeylines %
+\gdef\parsearglinex #1^^M{\endgroup \next {#1}}}
+
+\def\flushcr{\ifx\par\lisppar \def\next##1{}\else \let\next=\relax \fi \next}
+
+%% These are used to keep @begin/@end levels from running away
+%% Call \inENV within environments (after a \begingroup)
+\newif\ifENV \ENVfalse \def\inENV{\ifENV\relax\else\ENVtrue\fi}
+\def\ENVcheck{%
+\ifENV\errmessage{Still within an environment.  Type Return to continue.}
+\endgroup\fi} % This is not perfect, but it should reduce lossage
+
+% @begin foo  is the same as @foo, for now.
+\newhelp\EMsimple{Type <Return> to continue}
+
+\outer\def\begin{\parsearg\beginxxx}
+
+\def\beginxxx #1{%
+\expandafter\ifx\csname #1\endcsname\relax
+{\errhelp=\EMsimple \errmessage{Undefined command @begin #1}}\else
+\csname #1\endcsname\fi}
+
+%% @end foo executes the definition of \Efoo.
+%% foo can be delimited by doublequotes or brackets.
+
+\def\end{\parsearg\endxxx}
+
+\def\endxxx #1{%
+\expandafter\ifx\csname E#1\endcsname\relax
+\expandafter\ifx\csname #1\endcsname\relax
+\errmessage{Undefined command @end #1}\else
+\errorE{#1}\fi\fi
+\csname E#1\endcsname}
+\def\errorE#1{
+{\errhelp=\EMsimple \errmessage{@end #1 not within #1 environment}}}
+
+% Single-spacing is done by various environments.
+
+\newskip\singlespaceskip \singlespaceskip = \baselineskip
+\def\singlespace{%
+{\advance \baselineskip by -\singlespaceskip
+\kern \baselineskip}%
+\baselineskip=\singlespaceskip
+}
+
+%% Simple single-character @ commands
+
+% @@ prints an @
+% Kludge this until the fonts are right (grr).
+\def\@{{\sf \char '100}}
+
+% Define @` and @' to be the same as ` and '
+% but suppressing ligatures.
+\def\`{{`}}
+\def\'{{'}}
+
+% Used to generate quoted braces.
+
+\def\mylbrace {{\tt \char '173}}
+\def\myrbrace {{\tt \char '175}}
+\let\{=\mylbrace
+\let\}=\myrbrace
+
+% @: forces normal size whitespace following.
+\def\:{\spacefactor=1000 }
+
+% @* forces a line break.
+\def\*{\hfil\break}
+
+% @. is an end-of-sentence period.
+\def\.{.\spacefactor=3000 }
+
+% @w prevents a word break
+\def\w #1{\hbox{#1}}
+
+% @group ... @end group  forces ... to be all on one page.
+
+\def\group{\begingroup% \inENV ???
+\def \Egroup{\egroup\endgroup}
+\vbox\bgroup}
+
+% @br   forces paragraph break
+
+\let\br = \par
+
+% @dots{}  output some dots
+
+\def\dots{$\ldots$}
+
+% @page    forces the start of a new page
+
+\def\page{\par\vfill\supereject}
+
+% @exdent text....
+% outputs text on separate line in roman font, starting at standard page margin
+
+\def\exdent{\errmessage{@exdent in filled text}}
+  % @lisp, etc, define \exdent locally from \internalexdent
+
+{\obeyspaces
+\gdef\internalexdent{\parsearg\exdentzzz}}
+
+\def\exdentzzz #1{{\advance \leftskip by -\lispnarrowing
+\advance \hsize by -\leftskip
+\advance \hsize by -\rightskip
+\leftline{{\rm#1}}}}
+
+% @include file    insert text of that file as input.
+
+\def\include{\parsearg\includezzz}
+\def\includezzz #1{{\def\thisfile{#1}\input #1
+}}
+
+\def\thisfile{}
+
+% @center line   outputs that line, centered
+
+\def\center{\parsearg\centerzzz}
+\def\centerzzz #1{{\advance\hsize by -\leftskip
+\advance\hsize by -\rightskip
+\centerline{#1}}}
+
+% @sp n   outputs n lines of vertical space
+
+\def\sp{\parsearg\spxxx}
+\def\spxxx #1{\par \vskip #1\baselineskip}
+
+% @comment ...line which is ignored...
+% @c is the same as @comment
+% @ignore ... @end ignore  is another way to write a comment
+
+\def\comment{\parsearg \commentxxx}
+
+\def\commentxxx #1{}
+
+\let\c=\comment
+
+\long\def\ignore #1\end ignore{}
+
+\outer\def\ifset{\parsearg\ifsetxxx}
+
+\def\ifsetxxx #1#2\end ifset{%
+\expandafter\ifx\csname IF#1\endcsname\relax \else #2\fi}
+
+\outer\def\ifclear{\parsearg\ifclearxxx}
+
+\def\ifclearxxx #1#2\end ifclear{%
+\expandafter\ifx\csname IF#1\endcsname\relax #2\fi}
+
+% Some texinfo constructs that are trivial in tex
+
+\def\iftex{}
+\def\Eiftex{}
+\long\def\ifinfo #1\end ifinfo{}
+\long\def\menu #1\end menu{}
+\def\asis#1{#1}
+
+\def\node{\parsearg\nodezzz}
+\def\nodezzz#1{\nodexxx [#1,]}
+\def\nodexxx[#1,#2]{\gdef\lastnode{#1}}
+\let\lastnode=\relax
+
+\def\donoderef{\ifx\lastnode\relax\else
+\expandafter\expandafter\expandafter\setref{\lastnode}\fi
+\let\lastnode=\relax}
+
+\def\unnumbnoderef{\ifx\lastnode\relax\else
+\expandafter\expandafter\expandafter\unnumbsetref{\lastnode}\fi
+\let\lastnode=\relax}
+
+\let\refill=\relax
+
+\let\setfilename=\comment
+
+\def\inforef #1{\inforefzzz #1,,,,**}
+\def\inforefzzz #1,#2,#3,#4**{See Info file \file{\losespace#3{}}, node `\losespace#1{}'}
+\def\losespace #1{#1}
+
+\message{fonts,}
+
+% Font-change commands.
+
+%% Try out Computer Modern fonts at \magstephalf
+\font\tenrm=cmr10 scaled \magstephalf
+\font\tentt=cmtt10 scaled \magstephalf
+% Instead of cmb10, you many want to use cmbx10.
+% cmbx10 is a prettier font on its own, but cmb10
+% looks better when embedded in a line with cmr10.
+\font\tenbf=cmb10 scaled \magstephalf 
+\font\tenit=cmti10 scaled \magstephalf
+\font\tensl=cmsl10 scaled \magstephalf
+\font\tensf=cmss10 scaled \magstephalf
+\def\li{\sf}
+\font\tensc=cmcsc10 scaled \magstephalf
+
+% Fonts for @defun, etc.
+\font\defbf=cmbx10 scaled \magstep1 %was 1314
+\let\deftt=\tentt
+\def\df{\let\tt=\deftt \defbf}
+
+% Font for title
+\font\titlerm = cmbx10 scaled \magstep5
+
+% Fonts for indices
+\font\indit=cmti9 \font\indrm=cmr9
+\def\indbf{\indrm} \def\indsl{\indit}
+\def\indexfonts{\let\it=\indit \let\sl=\indsl \let\bf=\indbf \let\rm=\indrm}
+
+% Fonts for headings
+\font\chaprm=cmbx10 scaled \magstep3
+\font\chapit=cmti10 scaled \magstep3
+\font\chapsl=cmsl10 scaled \magstep3
+\font\chaptt=cmtt10 scaled \magstep3
+\font\chapsf=cmss10 scaled \magstep3
+\let\chapbf=\chaprm
+
+\font\secrm=cmbx10 scaled \magstep2
+\font\secit=cmti10 scaled \magstep2
+\font\secsl=cmsl10 scaled \magstep2
+\font\sectt=cmtt10 scaled \magstep2
+\font\secsf=cmss10 scaled \magstep2
+\let\secbf=\secrm
+
+\font\ssecrm=cmbx10 scaled \magstep1
+\font\ssecit=cmti10 scaled \magstep1
+\font\ssecsl=cmsl10 scaled \magstep1
+\font\ssectt=cmtt10 scaled \magstep1
+\font\ssecsf=cmss10 scaled \magstep1
+\let\ssecbf=\ssecrm
+
+\def\textfonts{\let\rm=\tenrm\let\it=\tenit\let\sl=\tensl\let\bf=\tenbf%
+\let\sc=\tensc\let\sf=\tensf}
+\def\chapfonts{\let\rm=\chaprm\let\it=\chapit\let\sl=\chapsl\let\bf=\chapbf\let\tt=\chaptt\let\sf=\chapsf}
+\def\secfonts{\let\rm=\secrm\let\it=\secit\let\sl=\secsl\let\bf=\secbf\let\tt=\sectt\let\sf=\secsf}
+\def\subsecfonts{\let\rm=\ssecrm\let\it=\ssecit\let\sl=\ssecsl\let\bf=\ssecbf\let\tt=\ssectt\let\sf=\ssecsf}
+% Count depth in font-changes, for error checks
+\newcount\fontdepth \fontdepth=0
+
+%% Add scribe-like font environments, plus @l for inline lisp (usually sans
+%% serif) and @ii for TeX italic
+
+\def\i#1{{\sl #1}}
+\let\var=\i
+\let\dfn=\i
+\let\emph=\i
+\let\cite=\i
+
+\def\b#1{{\bf #1}}
+\let\strong=\b
+
+\def\t#1{{\tt \rawbackslash \frenchspacing #1}\null}
+\let\ttfont = \t
+\let\kbd=\t
+\let\code=\t
+\def\samp #1{`{\tt \rawbackslash \frenchspacing #1}'\null}
+\def\key #1{{\tt \uppercase{#1}}\null}
+\def\ctrl #1{{\tt \rawbackslash \hat}#1}
+
+\let\file=\samp
+
+\def\l#1{{\li #1}\null}
+
+\def\r#1{{\rm #1}}
+\def\s#1{{\sc #1}}
+\def\ii#1{{\it #1}}
+
+\def\titlefont#1{{\titlerm #1}}
+
+\def\titlepage{\begingroup \parindent=0pt \hbox{}%
+\let\oldpage=\page
+\def\page{\oldpage \hbox{}}}
+
+\def\Etitlepage{\endgroup\page\HEADINGSon}
+
+% Make altmode in file print out right
+
+\catcode `\^^[=\active \def^^[{$\diamondsuit$}
+
+\message{page headings,}
+
+%%% Set up page headings and footings.
+
+\let\thispage=\folio
+
+\newtoks \evenheadline    % Token sequence for heading line of even pages
+\newtoks \oddheadline     % Token sequence for heading line of odd pages
+\newtoks \evenfootline    % Token sequence for footing line of even pages
+\newtoks \oddfootline     % Token sequence for footing line of odd pages
+
+% Now make Tex use those variables
+\headline={{\textfonts\rm \ifodd\pageno \the\oddheadline \else \the\evenheadline \fi}}
+\footline={{\textfonts\rm \ifodd\pageno \the\oddfootline \else \the\evenfootline \fi}}
+
+% Commands to set those variables.
+% For example, this is what  @headings on  does
+% @evenheading @thistitle|@thispage|@thischapter
+% @oddheading @thischapter|@thispage|@thistitle
+% @evenfooting @thisfile||
+% @oddfooting ||@thisfile
+
+\def\evenheading{\parsearg\evenheadingxxx}
+\def\oddheading{\parsearg\oddheadingxxx}
+\def\everyheading{\parsearg\everyheadingxxx}
+
+\def\evenfooting{\parsearg\evenfootingxxx}
+\def\oddfooting{\parsearg\oddfootingxxx}
+\def\everyfooting{\parsearg\everyfootingxxx}
+
+{\catcode`\@=0 %
+
+\gdef\evenheadingxxx #1{\evenheadingyyy #1@|@|@|@|\finish}
+\gdef\evenheadingyyy #1@|#2@|#3@|#4\finish{%
+\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\gdef\oddheadingxxx #1{\oddheadingyyy #1@|@|@|@|\finish}
+\gdef\oddheadingyyy #1@|#2@|#3@|#4\finish{%
+\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\gdef\everyheadingxxx #1{\everyheadingyyy #1@|@|@|@|\finish}
+\gdef\everyheadingyyy #1@|#2@|#3@|#4\finish{%
+\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}
+\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\gdef\evenfootingxxx #1{\evenfootingyyy #1@|@|@|@|\finish}
+\gdef\evenfootingyyy #1@|#2@|#3@|#4\finish{%
+\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\gdef\oddfootingxxx #1{\oddfootingyyy #1@|@|@|@|\finish}
+\gdef\oddfootingyyy #1@|#2@|#3@|#4\finish{%
+\global\oddfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+
+\gdef\everyfootingxxx #1{\everyfootingyyy #1@|@|@|@|\finish}
+\gdef\everyfootingyyy #1@|#2@|#3@|#4\finish{%
+\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}
+\global\oddfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}}
+%
+}% unbind the catcode of @.
+
+% @headings on   turns them on.
+% @headings off  turns them off.
+% By default, they are off.
+
+\def\headings #1 {\csname HEADINGS#1\endcsname}
+
+\def\HEADINGSoff{
+\global\evenheadline={\hfil} \global\evenfootline={\hfil}
+\global\oddheadline={\hfil} \global\oddfootline={\hfil}}
+\HEADINGSoff
+% When we turn headings on, set the page number to 1,
+% Put current file name in lower left corner,
+% Put chapter name on inside top of right hand pages, document
+% title on inside top of left hand pages, and page numbers on outside top
+% edge of all pages.
+\def\HEADINGSon{
+\pagealignmacro
+\global\pageno=1
+\global\evenfootline={\hfil}
+\global\oddfootline={\hfil}
+\global\evenheadline={\line{\folio\hfil\thistitle}}
+\global\oddheadline={\line{\thischapter\hfil\folio}}
+}
+
+% Subroutines used in generating headings
+% Produces Day Month Year style of output.
+\def\today{\number\day\space
+\ifcase\month\or
+January\or February\or March\or April\or May\or June\or
+July\or August\or September\or October\or November\or December\fi
+\space\number\year}
+
+% Use this if you want the Month Day, Year style of output.
+%\def\today{\ifcase\month\or
+%January\or February\or March\or April\or May\or June\or
+%July\or August\or September\or October\or November\or December\fi
+%\space\number\day, \number\year}
+
+% @settitle line...  specifies the title of the document, for headings
+% It generates no output of its own
+
+\def\thistitle{No Title}
+\def\settitle{\parsearg\settitlezzz}
+\def\settitlezzz #1{\gdef\thistitle{#1}}
+
+\message{tables,}
+
+% Tables -- @table, @ftable, @item(x), @kitem(x), @xitem(x).
+
+% default indentation of table text
+\newdimen\tableindent \tableindent=.8in
+% default indentation of @itemize and @enumerate text
+\newdimen\itemindent  \itemindent=.3in
+% margin between end of table item and start of table text.
+\newdimen\itemmargin  \itemmargin=.1in
+
+% used internally for \itemindent minus \itemmargin
+\newdimen\itemmax
+
+% Note @table and @ftable define @item, @itemx, etc., with these defs.
+% They also define \itemindex
+% to index the item name in whatever manner is desired (perhaps none).
+
+\def\internalBitem{\smallbreak \parsearg\itemzzz}
+\def\internalBitemx{\par \parsearg\itemzzz}
+
+\def\internalBxitem "#1"{\def\xitemsubtopix{#1} \smallbreak \parsearg\xitemzzz}
+\def\internalBxitemx "#1"{\def\xitemsubtopix{#1} \par \parsearg\xitemzzz}
+
+\def\internalBkitem{\smallbreak \parsearg\kitemzzz}
+\def\internalBkitemx{\par \parsearg\kitemzzz}
+
+\def\kitemzzz #1{\dosubind {kw}{\code{#1}}{for {\bf \lastfunction}}\itemzzz {#1}}
+
+\def\xitemzzz #1{\dosubind {kw}{\code{#1}}{for {\bf \xitemsubtopic}}\itemzzz {#1}}
+
+\def\itemzzz #1{\begingroup %
+\advance \hsize by -\rightskip %
+\advance \hsize by -\leftskip %
+\setbox0=\hbox{\itemfont{#1}}%
+\itemindex{#1}%
+\parskip=0in %
+\noindent %
+\ifdim \wd0>\itemmax %
+\vadjust{\penalty 10000}%
+\hbox to \hsize{\hskip -\tableindent\box0\hss}\ %
+\else %
+\hbox to 0pt{\hskip -\tableindent\box0\hss}%
+\fi %
+\endgroup %
+}
+
+\def\item{\errmessage{@item while not in a table}}
+\def\itemx{\errmessage{@itemx while not in a table}}
+\def\kitem{\errmessage{@kitem while not in a table}}
+\def\kitemx{\errmessage{@kitemx while not in a table}}
+\def\xitem{\errmessage{@xitem while not in a table}}
+\def\xitemx{\errmessage{@xitemx while not in a table}}
+
+%% Contains a kludge to get @end[description] to work
+\def\description{\tablez{\dontindex}{1}{}{}{}{}}
+
+\def\table{\begingroup\inENV\obeylines\obeyspaces\tablex}
+{\obeylines\obeyspaces%
+\gdef\tablex #1^^M{%
+\tabley\dontindex#1        \endtabley}}
+
+\def\ftable{\begingroup\inENV\obeylines\obeyspaces\ftablex}
+{\obeylines\obeyspaces%
+\gdef\ftablex #1^^M{%
+\tabley\fnitemindex#1        \endtabley}}
+
+\def\dontindex #1{}
+\def\fnitemindex #1{\doind {fn}{\code{#1}}}%
+
+{\obeyspaces %
+\gdef\tabley#1#2 #3 #4 #5 #6 #7\endtabley{\endgroup%
+\tablez{#1}{#2}{#3}{#4}{#5}{#6}}}
+
+\def\tablez #1#2#3#4#5#6{%
+\aboveenvbreak %
+\begingroup %
+\def\Edescription{\Etable}% Neccessary kludge.
+\let\itemindex=#1%
+\ifnum 0#3>0 \advance \leftskip by #3\mil \fi %
+\ifnum 0#4>0 \tableindent=#4\mil \fi %
+\ifnum 0#5>0 \advance \rightskip by #5\mil \fi %
+\def\itemfont{#2}%
+\itemmax=\tableindent %
+\advance \itemmax by -\itemmargin %
+\advance \leftskip by \tableindent %
+\parindent = 0pt
+\parskip = \smallskipamount
+\ifdim \parskip=0pt \parskip=2pt \fi%
+\def\Etable{\endgraf\endgroup\afterenvbreak}%
+\let\item = \internalBitem %
+\let\itemx = \internalBitemx %
+\let\kitem = \internalBkitem %
+\let\kitemx = \internalBkitemx %
+\let\xitem = \internalBxitem %
+\let\xitemx = \internalBxitemx %
+}
+
+% This is the counter used by @enumerate, which is really @itemize
+
+\newcount \itemno
+
+\def\itemize{\parsearg\itemizezzz}
+
+\def\itemizezzz #1{\itemizey {#1}{\Eitemize}}
+
+\def\itemizey #1#2{%
+\aboveenvbreak %
+\begingroup %
+\itemno = 0 %
+\itemmax=\itemindent %
+\advance \itemmax by -\itemmargin %
+\advance \leftskip by \itemindent %
+\parindent = 0pt
+\parskip = \smallskipamount
+\ifdim \parskip=0pt \parskip=2pt \fi%
+\def#2{\endgraf\endgroup\afterenvbreak}%
+\def\itemcontents{#1}%
+\let\item=\itemizeitem}
+
+\def\bullet{$\ptexbullet$}
+\def\minus{$-$}
+
+\def\enumerate{\itemizey{\the\itemno.}\Eenumerate\flushcr}
+
+% Definition of @item while inside @itemize.
+
+\def\itemizeitem{%
+\advance\itemno by 1
+{\let\par=\endgraf \smallbreak}%
+\ifhmode \errmessage{\in hmode at itemizeitem}\fi
+{\parskip=0in \hskip 0pt
+\hbox to 0pt{\hss \itemcontents\hskip \itemmargin}%
+\vadjust{\penalty 300}}%
+\flushcr}
+
+\message{indexing,}
+% Index generation facilities
+
+% Define \newwrite to be identical to plain tex's \newwrite
+% except not \outer, so it can be used within \newindex.
+{\catcode`\@=11
+\gdef\newwrite{\alloc@7\write\chardef\sixt@@n}}
+
+% \newindex {foo} defines an index named foo.
+% It automatically defines \fooindex such that
+% \fooindex ...rest of line... puts an entry in the index foo.
+% It also defines \fooindfile to be the number of the output channel for
+% the file that	accumulates this index.  The file's extension is foo.
+% The name of an index should be no more than 2 characters long
+% for the sake of vms.
+
+\def\newindex #1{
+\expandafter\newwrite \csname#1indfile\endcsname% Define number for output file
+\openout \csname#1indfile\endcsname \jobname.#1	% Open the file
+\expandafter\xdef\csname#1index\endcsname{%	% Define \xxxindex
+\noexpand\doindex {#1}}
+}
+
+% @defindex foo  ==  \newindex{foo}
+
+\def\defindex{\parsearg\newindex}
+
+% Define @defcodeindex, like @defindex except put all entries in @code.
+
+\def\newcodeindex #1{
+\expandafter\newwrite \csname#1indfile\endcsname% Define number for output file
+\openout \csname#1indfile\endcsname \jobname.#1	% Open the file
+\expandafter\xdef\csname#1index\endcsname{%	% Define \xxxindex
+\noexpand\docodeindex {#1}}
+}
+
+\def\defcodeindex{\parsearg\newcodeindex}
+
+% @synindex foo bar    makes index foo feed into index bar.
+% Do this instead of @defindex foo if you don't want it as a separate index.
+\def\synindex #1 #2 {%
+\expandafter\xdef\csname#1index\endcsname{%	% Define \xxxindex
+\noexpand\doindex {#2}}%
+}
+
+% @syncodeindex foo bar   similar, but put all entries made for index foo
+% inside @code.
+\def\syncodeindex #1 #2 {%
+\expandafter\xdef\csname#1index\endcsname{%	% Define \xxxindex
+\noexpand\docodeindex {#2}}%
+}
+
+% Define \doindex, the driver for all \fooindex macros.
+% Argument #1 is generated by the calling \fooindex macro,
+%  and it is "foo", the name of the index.
+
+% \doindex just uses \parsearg; it calls \doind for the actual work.
+% This is because \doind is more useful to call from other macros.
+
+% There is also \dosubind {index}{topic}{subtopic}
+% which makes an entry in a two-level index such as the operation index.
+
+\def\doindex#1{\edef\indexname{#1}\parsearg\singleindexer}
+\def\singleindexer #1{\doind{\indexname}{#1}}
+
+% like the previous two, but they put @code around the argument.
+\def\docodeindex#1{\edef\indexname{#1}\parsearg\singlecodeindexer}
+\def\singlecodeindexer #1{\doind{\indexname}{\code{#1}}}
+
+\def\indexdummies{%
+\def\bf{\realbackslash bf }%
+\def\rm{\realbackslash rm }%
+\def\sl{\realbackslash sl }%
+\def\dots{\realbackslash dots }%
+\def\copyright{\realbackslash copyright }%
+}
+
+% \indexnofonts no-ops all font-change commands.
+% This is used when outputting the strings to sort the index by.
+\def\indexdummyfont#1{#1}
+\def\indexnofonts{%
+\let\code=\indexdummyfont
+\let\samp=\indexdummyfont
+\let\kbd=\indexdummyfont
+\let\key=\indexdummyfont
+\let\var=\indexdummyfont
+}
+
+% To define \realbackslash, we must make \ not be an escape.
+% We must first make another character (@) an escape
+% so we do not become unable to do a definition.
+
+{\catcode`\@=0 \catcode`\\=\other
+@gdef@realbackslash{\}}
+
+\let\indexbackslash=0  %overridden during \printindex.
+
+\def\doind #1#2{%
+{\indexdummies % Must do this here, since \bf, etc expand at this stage
+\count10=\lastpenalty %
+\escapechar=`\\%
+{\let\folio=0% Expand all macros now EXCEPT \folio
+\def\rawbackslashxx{\indexbackslash}% \indexbackslash isn't defined now
+% so it will be output as is; and it will print as backslash in the indx.
+%
+% Now process the index-string once, with all font commands turned off,
+% to get the string to sort the index by.
+{\indexnofonts
+\xdef\temp1{#2}%
+}%
+% Now produce the complete index entry.  We process the index-string again,
+% this time with font commands expanded, to get what to print in the index.
+\edef\temp{%
+\write \csname#1indfile\endcsname{%
+\realbackslash entry {\temp1}{\folio}{#2}}}%
+\temp }%
+\penalty\count10}}
+
+\def\dosubind #1#2#3{%
+{\indexdummies % Must do this here, since \bf, etc expand at this stage
+\count10=\lastpenalty %
+\escapechar=`\\%
+{\let\folio=0%
+\def\rawbackslashxx{\indexbackslash}%
+%
+% Now process the index-string once, with all font commands turned off,
+% to get the string to sort the index by.
+{\indexnofonts
+\xdef\temp1{#2 #3}%
+}%
+% Now produce the complete index entry.  We process the index-string again,
+% this time with font commands expanded, to get what to print in the index.
+\edef\temp{%
+\write \csname#1indfile\endcsname{%
+\realbackslash entry {\temp1}{\folio}{#2}{#3}}}%
+\temp }%
+\penalty\count10}}
+
+% The index entry written in the file actually looks like
+%  \entry {sortstring}{page}{topic}
+% or
+%  \entry {sortstring}{page}{topic}{subtopic}
+% The texindex program reads in these files and writes files
+% containing these kinds of lines:
+%  \initial {c}
+%     before the first topic whose initial is c
+%  \entry {topic}{pagelist}
+%     for a topic that is used without subtopics
+%  \primary {topic}
+%     for the beginning of a topic that is used with subtopics
+%  \secondary {subtopic}{pagelist}
+%     for each subtopic.
+
+% Define the user-accessible indexing commands 
+% @findex, @vindex, @kindex, @cindex.
+
+\def\findex {\fnindex}
+\def\kindex {\kyindex}
+\def\cindex {\cpindex}
+\def\vindex {\vrindex}
+\def\tindex {\tpindex}
+\def\pindex {\pgindex}
+
+\def\cindexsub {\begingroup\obeylines\cindexsub}
+{\obeylines %
+\gdef\cindexsub "#1" #2^^M{\endgroup %
+\dosubind{cp}{#2}{#1}}}
+
+% Define the macros used in formatting output of the sorted index material.
+
+% This is what you call to cause a particular index to get printed.
+% Write
+% @unnumbered Function Index
+% @printindex fn
+
+\def\printindex{\parsearg\doprintindex}
+
+\def\doprintindex#1{\tex %
+\catcode`\%=\other\catcode`\&=\other\catcode`\#=\other
+\catcode`\$=\other\catcode`\_=\other
+\catcode`\~=\other
+\def\indexbackslash{\rawbackslashxx}
+\indexfonts\rm \tolerance=9500 \advance\baselineskip -1pt
+\begindoublecolumns
+\openin 1 \jobname.#1s
+\ifeof 1 \else \closein 1 \input \jobname.#1s
+\fi
+\enddoublecolumns
+\Etex}
+
+% These macros are used by the sorted index file itself.
+% Change them to control the appearance of the index.
+
+% Same as \bigskipamount except no shrink.
+% \balancecolumns gets confused if there is any shrink.
+\newskip\initialskipamount \initialskipamount 12pt plus4pt
+
+\outer\def\initial #1{%
+{\let\tentt=\sectt \let\sf=\sectt
+\ifdim\lastskip<\initialskipamount
+\removelastskip \penalty-200 \vskip \initialskipamount\fi
+\line{\secbf#1\hfill}\kern 2pt\penalty3000}}
+
+\outer\def\entry #1#2{
+{\parfillskip=0in \parskip=0in \parindent=0in
+\hangindent=1in \hangafter=1%
+\noindent\hbox{#1}\leaders\Dotsbox\hskip 0pt plus 1filll #2\par
+}}
+
+\def\primary #1{\line{#1\hfil}}
+
+\newskip\secondaryindent \secondaryindent=0.5cm
+
+\def\secondary #1#2{
+{\parfillskip=0in \parskip=0in
+\hangindent =1in \hangafter=1
+\noindent\hskip\secondaryindent\hbox{#1}\leaders\Dotsbox\hskip 0pt plus 1filll#2\par
+}}
+
+%% Define two-column mode, which is used in indexes.
+%% Adapted from the TeXBook, page 416
+\catcode `\@=11
+
+\newbox\partialpage
+
+\newdimen\doublecolumnhsize  \doublecolumnhsize = 3.11in
+\newdimen\doublecolumnvsize  \doublecolumnvsize = 19.1in
+
+\def\begindoublecolumns{\begingroup
+  \output={\global\setbox\partialpage=\vbox{\unvbox255\kern -\topskip \kern \baselineskip}}\eject
+  \output={\doublecolumnout} \hsize=\doublecolumnhsize \vsize=\doublecolumnvsize}
+\def\enddoublecolumns{\output={\balancecolumns}\eject
+  \endgroup \pagegoal=\vsize}
+
+\def\doublecolumnout{\splittopskip=\topskip \splitmaxdepth=\maxdepth
+  \dimen@=\pageheight \advance\dimen@ by-\ht\partialpage
+  \setbox0=\vsplit255 to\dimen@ \setbox2=\vsplit255 to\dimen@
+  \onepageout\pagesofar \unvbox255 \penalty\outputpenalty}
+\def\pagesofar{\unvbox\partialpage %
+  \hsize=\doublecolumnhsize % have to restore this since output routine
+%	      changes it to set cropmarks (P. A. MacKay, 12 Nov. 1986)
+  \wd0=\hsize \wd2=\hsize \hbox to\pagewidth{\box0\hfil\box2}}
+\def\balancecolumns{\setbox0=\vbox{\unvbox255} \dimen@=\ht0
+  \advance\dimen@ by\topskip \advance\dimen@ by-\baselineskip
+  \divide\dimen@ by2 \splittopskip=\topskip
+  {\vbadness=10000 \loop \global\setbox3=\copy0
+    \global\setbox1=\vsplit3 to\dimen@
+    \ifdim\ht3>\dimen@ \global\advance\dimen@ by1pt \repeat}
+  \setbox0=\vbox to\dimen@{\unvbox1}  \setbox2=\vbox to\dimen@{\unvbox3}
+  \pagesofar}
+
+\catcode `\@=\other
+\message{sectioning,}
+% Define chapters, sections, etc.
+
+\newcount \chapno
+\newcount \secno
+\newcount \subsecno
+\newcount \subsubsecno
+
+% This counter is funny since it counts through charcodes of letters A, B, ...
+\newcount \appendixno  \appendixno = `\@
+\def\appendixletter{\char\the\appendixno}
+
+\newwrite \contentsfile
+\openout \contentsfile = \jobname.toc
+
+% Each @chapter defines this as the name of the chapter.
+% page headings and footings can use it.  @section does likewise
+
+\def\thischapter{} \def\thissection{}
+\def\seccheck#1{\if \pageno<0 %
+\errmessage{@#1 not allowed after generating table of contents}\fi
+%
+}
+
+\outer\def\chapter{\parsearg\chapterzzz}
+\def\chapterzzz #1{\seccheck{chapter}%
+\secno=0 \subsecno=0 \subsubsecno=0 \global\advance \chapno by 1 \message{Chapter \the\chapno}%
+\chapmacro {#1}{\the\chapno}%
+\gdef\thissection{#1}\gdef\thischapter{#1}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash chapentry {#1}{\the\chapno}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp  %
+\donoderef %
+}
+
+\outer\def\appendix{\parsearg\appendixzzz}
+\def\appendixzzz #1{\seccheck{appendix}%
+\secno=0 \subsecno=0 \subsubsecno=0 \global\advance \appendixno by 1 \message{Appendix \appendixletter}%
+\chapmacro {#1}{Appendix \appendixletter}%
+\gdef\thischapter{#1}\gdef\thissection{#1}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash chapentry {#1}{Appendix \appendixletter}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp  %
+\unnumbnoderef %
+}
+
+\outer\def\unnumbered{\parsearg\unnumberedzzz}
+\def\unnumberedzzz #1{\seccheck{unnumbered}%
+\secno=0 \subsecno=0 \subsubsecno=0 \message{(#1)}
+\unnumbchapmacro {#1}%
+\gdef\thischapter{#1}\gdef\thissection{#1}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash unnumbchapentry {#1}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp  %
+\unnumbnoderef %
+}
+
+\outer\def\section{\parsearg\sectionzzz}
+\def\sectionzzz #1{\seccheck{section}%
+\subsecno=0 \subsubsecno=0 \global\advance \secno by 1 %
+\gdef\thissection{#1}\secheading {#1}{\the\chapno}{\the\secno}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash secentry %
+{#1}{\the\chapno}{\the\secno}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\donoderef %
+\penalty 10000 %
+}
+
+\outer\def\appendixsection{\parsearg\appendixsectionzzz}
+\outer\def\appendixsec{\parsearg\appendixsectionzzz}
+\def\appendixsectionzzz #1{\seccheck{appendixsection}%
+\subsecno=0 \subsubsecno=0 \global\advance \secno by 1 %
+\gdef\thissection{#1}\secheading {#1}{\appendixletter}{\the\secno}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash secentry %
+{#1}{\appendixletter}{\the\secno}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\unnumbnoderef %
+\penalty 10000 %
+}
+
+\outer\def\unnumberedsec{\parsearg\unnumberedseczzz}
+\def\unnumberedseczzz #1{\seccheck{unnumberedsec}%
+\plainsecheading {#1}\gdef\thissection{#1}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash unnumbsecentry{#1}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\unnumbnoderef %
+\penalty 10000 %
+}
+
+\outer\def\subsection{\parsearg\subsectionzzz}
+\def\subsectionzzz #1{\seccheck{subsection}%
+\gdef\thissection{#1}\subsubsecno=0 \global\advance \subsecno by 1 %
+\subsecheading {#1}{\the\chapno}{\the\secno}{\the\subsecno}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash subsecentry %
+{#1}{\the\chapno}{\the\secno}{\the\subsecno}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\donoderef %
+\penalty 10000 %
+}
+
+\outer\def\appendixsubsec{\parsearg\appendixsubseczzz}
+\def\appendixsubseczzz #1{\seccheck{appendixsubsec}%
+\gdef\thissection{#1}\subsubsecno=0 \global\advance \subsecno by 1 %
+\subsecheading {#1}{\appendixletter}{\the\secno}{\the\subsecno}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash subsecentry %
+{#1}{\appendixletter}{\the\secno}{\the\subsecno}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\unnumbnoderef %
+\penalty 10000 %
+}
+
+\outer\def\unnumberedsubsec{\parsearg\unnumberedsubseczzz}
+\def\unnumberedsubseczzz #1{\seccheck{unnumberedsubsec}%
+\plainsecheading {#1}\gdef\thissection{#1}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash unnumbsubsecentry{#1}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\unnumbnoderef %
+\penalty 10000 %
+}
+
+\outer\def\subsubsection{\parsearg\subsubsectionzzz}
+\def\subsubsectionzzz #1{\seccheck{subsubsection}%
+\gdef\thissection{#1}\global\advance \subsubsecno by 1 %
+\subsubsecheading {#1}{\the\chapno}{\the\secno}{\the\subsecno}{\the\subsubsecno}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash subsubsecentry %
+{#1}{\the\chapno}{\the\secno}{\the\subsecno}{\the\subsubsecno}{\noexpand\folio}}}%\
+\escapechar=`\\%
+\write \contentsfile \temp %
+\donoderef %
+\penalty 10000 %
+}
+
+\outer\def\appendixsubsubsec{\parsearg\appendixsubsubseczzz}
+\def\appendixsubsubseczzz #1{\seccheck{appendixsubsubsec}%
+\gdef\thissection{#1}\global\advance \subsubsecno by 1 %
+\subsubsecheading {#1}{\appendixletter}{\the\secno}{\the\subsecno}{\the\subsubsecno}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash subsubsecentry{#1}%
+{\appendixletter}{\the\secno}{\the\subsecno}{\the\subsubsecno}{\noexpand\folio}}}%\
+\escapechar=`\\%
+\write \contentsfile \temp %
+\unnumbnoderef %
+\penalty 10000 %
+}
+
+\outer\def\unnumberedsubsubsec{\parsearg\unnumberedsubsubseczzz}
+\def\unnumberedsubsubseczzz #1{\seccheck{unnumberedsubsubsec}%
+\plainsecheading {#1}\gdef\thissection{#1}%
+\let\rawbackslash=\relax%
+\let\frenchspacing=\relax%
+\edef\temp{{\realbackslash unnumbsubsubsecentry{#1}{\noexpand\folio}}}%
+\escapechar=`\\%
+\write \contentsfile \temp %
+\unnumbnoderef %
+\penalty 10000 %
+}
+
+% Define @majorheading, @heading and @subheading
+
+\outer\def\majorheading #1{%
+{\advance\chapheadingskip by 10pt \chapbreak }%
+{\chapfonts \line{\chaprm #1\hfill}}\bigskip \par\penalty 200}
+
+\outer\def\chapheading #1{\chapbreak %
+{\chapfonts \line{\chaprm #1\hfill}}\bigskip \par\penalty 200}
+
+\let\heading=\secheadingi
+\let\subheading=\subsecheadingi
+\let\subsubheading=\subsubsecheadingi
+
+% These macros generate a chapter, section, etc. heading only
+% (including whitespace, linebreaking, etc. around it),
+% given all the information in convenient, parsed form.
+
+%%% Args are the skip and penalty (usually negative)
+\def\dobreak#1#2{\par\ifdim\lastskip<#1\removelastskip\penalty#2\vskip#1\fi}
+
+\def\setchapterstyle #1 {\csname CHAPF#1\endcsname}
+
+%%% Define plain chapter starts, and page on/off switching for it
+% Parameter controlling skip before chapter headings (if needed)
+
+\newskip \chapheadingskip \chapheadingskip = 30pt plus 8pt minus 4pt
+
+\def\chapbreak{\dobreak \chapheadingskip {-4000}}
+\def\chappager{\par\vfill\supereject}
+\def\chapoddpage{\chappager \ifodd\pageno \else \hbox to 0pt{} \chappager\fi}
+
+\def\setchapternewpage #1 {\csname CHAPPAG#1\endcsname}
+
+\def\CHAPPAGoff{
+\global\let\pchapsepmacro=\chapbreak
+\global\let\pagealignmacro=\chappager}
+
+\def\CHAPPAGon{
+\global\let\pchapsepmacro=\chappager
+\global\let\pagealignmacro=\chappager}
+
+\def\CHAPPAGodd{
+\global\let\pchapsepmacro=\chapoddpage
+\global\let\pagealignmacro=\chapoddpage}
+
+\CHAPPAGon
+
+\def\CHAPFplain{
+\global\let\chapmacro=\chfplain
+\global\let\unnumbchapmacro=\unnchfplain}
+
+\def\chfplain #1#2{%
+\pchapsepmacro %
+{\chapfonts \line{\chaprm #2.\enspace #1\hfill}}\bigskip \par\penalty 5000 %
+}
+
+\def\unnchfplain #1{%
+\pchapsepmacro %
+{\chapfonts \line{\chaprm #1\hfill}}\bigskip \par\penalty 10000 %
+}
+\CHAPFplain % The default
+
+\def\unnchfopen #1{%
+\chapoddpage {\chapfonts \line{\chaprm #1\hfill}}\bigskip \par\penalty 10000 %
+}
+
+\def\chfopen #1#2{\chapoddpage {\chapfonts
+\vbox to 3in{\vfil \hbox to\hsize{\hfil #2} \hbox to\hsize{\hfil #1} \vfil}}%
+\par\penalty 5000 %
+}
+
+\def\CHAPFopen{
+\global\let\chapmacro=\chfopen
+\global\let\unnumbchapmacro=\unnchfopen}
+
+% Parameter controlling skip before section headings.
+
+\newskip \subsecheadingskip  \subsecheadingskip = 17pt plus 8pt minus 4pt
+\def\subsecheadingbreak{\dobreak \subsecheadingskip {-500}}
+
+\newskip \secheadingskip  \secheadingskip = 21pt plus 8pt minus 4pt
+\def\secheadingbreak{\dobreak \secheadingskip {-1000}}
+
+\def\secheading #1#2#3{\secheadingi {#2.#3\enspace #1}}
+\def\plainsecheading #1{\secheadingi {#1}}
+\def\secheadingi #1{{\advance \secheadingskip by \parskip %
+\secheadingbreak}%
+{\secfonts \line{\secrm #1\hfill}}%
+\ifdim \parskip<10pt \kern 10pt\kern -\parskip\fi \penalty 10000 }
+
+\def\subsecheading #1#2#3#4{{\advance \subsecheadingskip by \parskip %
+\subsecheadingbreak}%
+{\secfonts \line{\secrm#2.#3.#4\enspace #1\hfill}}%
+\ifdim \parskip<10pt \kern 10pt\kern -\parskip\fi \penalty 10000 }
+
+\def\subsubsecfonts{\subsecfonts} % Maybe this should change
+
+\def\subsubsecheading #1#2#3#4#5{{\advance \subsecheadingskip by \parskip %
+\subsecheadingbreak}%
+{\secfonts \line{\secrm#2.#3.#4.#5\enspace #1\hfill}}%
+\ifdim \parskip<10pt \kern 10pt\kern -\parskip\fi \penalty 10000}
+
+\message{toc printing,}
+
+\def\Dotsbox{\hbox to 1em{\hss.\hss}} % Used by index macros
+
+\def\finishcontents{%
+\ifnum\pageno>0 %
+\pagealignmacro %
+\immediate\closeout \contentsfile%
+\pageno=-1		% Request roman numbered pages
+\fi}
+
+\outer\def\contents{%
+\finishcontents %
+\unnumbchapmacro{Table of Contents}
+\def\thischapter{Table of Contents}
+{\catcode`\\=0
+\catcode`\{=1		% Set up to handle contents files properly
+\catcode`\}=2
+\catcode`\@=11
+\input \jobname.toc
+}
+\vfill \eject}
+
+\outer\def\summarycontents{%
+\finishcontents %
+\unnumbchapmacro{Summary Table of Contents}
+\def\thischapter{Summary Table of Contents}
+{\catcode`\\=0
+\catcode`\{=1		% Set up to handle contents files properly
+\catcode`\}=2
+\catcode`\@=11
+\def\smallbreak{}
+\def\secentry ##1##2##3##4{}
+\def\subsecentry ##1##2##3##4##5{}
+\def\subsubsecentry ##1##2##3##4##5##6{}
+\def\unnumbsecentry ##1##2{}
+\def\unnumbsubsecentry ##1##2{}
+\def\unnumbsubsubsecentry ##1##2{}
+\let\medbreak=\smallbreak
+\input \jobname.toc
+}
+\vfill \eject}
+
+\outer\def\bye{\pagealignmacro\tracingstats=1\ptexend}
+
+% These macros generate individual entries in the table of contents
+% The first argument is the chapter or section name.
+% The last argument is the page number.
+% The arguments in between are the chapter number, section number, ...
+
+\def\chapentry #1#2#3{%
+\medbreak
+\line{#2.\space#1\leaders\hbox to 1em{\hss.\hss}\hfill #3}
+}
+
+\def\unnumbchapentry #1#2{%
+\medbreak
+\line{#1\leaders\Dotsbox\hfill #2}
+}
+
+\def\secentry #1#2#3#4{%
+\line{\enspace\enspace#2.#3\space#1\leaders\Dotsbox\hfill#4}
+}
+
+\def\unnumbsecentry #1#2{%
+\line{\enspace\enspace#1\leaders\Dotsbox\hfill #2}
+}
+
+\def\subsecentry #1#2#3#4#5{%
+\line{\enspace\enspace\enspace\enspace
+#2.#3.#4\space#1\leaders\Dotsbox\hfill #5}
+}
+
+\def\unnumbsubsecentry #1#2{%
+\line{\enspace\enspace\enspace\enspace#1\leaders\Dotsbox\hfill #2}
+}
+
+\def\subsubsecentry #1#2#3#4#5#6{%
+\line{\enspace\enspace\enspace\enspace\enspace\enspace
+#2.#3.#4.#5\space#1\leaders\Dotsbox\hfill #6}
+}
+
+\def\unnumbsubsubsecentry #1#2{%
+\line{\enspace\enspace\enspace\enspace\enspace\enspace#1\leaders\Dotsbox\hfill #2}
+}
+
+\message{environments,}
+
+% @tex ... @end tex    escapes into raw Tex temporarily.
+% One exception: @ is still an escape character, so that @end tex works.
+% But \@ or @@ will get a plain tex @ character.
+
+\def\tex{\begingroup
+\catcode `\\=0 \catcode `\{=1 \catcode `\}=2
+\catcode `\$=3 \catcode `\&=4 \catcode `\#=6
+\catcode `\^=7 \catcode `\_=8 \catcode `\~=13 \let~=\tie
+\catcode `\%=14
+\catcode`\"=12
+\catcode`\|=12
+\catcode`\<=12
+\catcode`\>=12
+\escapechar=`\\
+%
+\let\{=\ptexlbrace
+\let\}=\ptexrbrace
+\let\.=\ptexdot
+\let\*=\ptexstar
+\def\@={@}%
+\let\bullet=\ptexbullet
+\let\b=\ptexb \let\c=\ptexc \let\i=\ptexi \let\t=\ptext \let\l=\ptexl
+\let\L=\ptexL
+%
+\let\Etex=\endgroup}
+
+% Define @lisp ... @endlisp.
+% @lisp does a \begingroup so it can rebind things,
+% including the definition of @endlisp (which normally is erroneous).
+
+% Amount to narrow the margins by for @lisp.
+\newskip\lispnarrowing \lispnarrowing=0.4in
+
+% This is the definition that ^M gets inside @lisp
+% phr: changed space to \null, to avoid overfull hbox problems.
+{\obeyspaces%
+\gdef\lisppar{\null\endgraf}}
+
+% Cause \obeyspaces to make each Space cause a word-separation
+% rather than the default which is that it acts punctuation.
+% This is because space in tt font looks funny.
+{\obeyspaces %
+\gdef\sepspaces{\def {\ }}}
+
+\newskip\aboveenvskipamount \aboveenvskipamount= 0pt
+\def\aboveenvbreak{{\advance\aboveenvskipamount by \parskip
+\endgraf \ifdim\lastskip<\aboveenvskipamount
+\removelastskip \penalty-50 \vskip\aboveenvskipamount \fi}}
+
+\def\afterenvbreak{\endgraf \ifdim\lastskip<\aboveenvskipamount
+\removelastskip \penalty-50 \vskip\aboveenvskipamount \fi}
+
+\def\lisp{\aboveenvbreak\begingroup\inENV %This group ends at the end of the @lisp body
+\hfuzz=12truept % Don't be fussy
+% Make spaces be word-separators rather than space tokens.
+\sepspaces %
+% Single space lines
+\singlespace %
+% The following causes blank lines not to be ignored
+% by adding a space to the end of each line.
+\let\par=\lisppar
+\def\Elisp{\endgroup\afterenvbreak}%
+\parskip=0pt \advance \rightskip by \lispnarrowing 
+\advance \leftskip by \lispnarrowing
+\parindent=0pt
+\let\exdent=\internalexdent
+\obeyspaces \obeylines \tt \rawbackslash
+\def\next##1{}\next}
+
+
+\let\example=\lisp
+\def\Eexample{\Elisp}
+
+\let\smallexample=\lisp
+\def\Esmallexample{\Elisp}
+
+% Macro for 9 pt. examples, necessary to print with 5" lines.
+% From Pavel@xerox.  This is not really used unless the
+% @smallbook command is given.
+
+\def\smalllispx{\aboveenvbreak\begingroup\inENV
+%			This group ends at the end of the @lisp body
+\hfuzz=12truept % Don't be fussy
+% Make spaces be word-separators rather than space tokens.
+\sepspaces %
+% Single space lines
+\singlespace %
+% The following causes blank lines not to be ignored
+% by adding a space to the end of each line.
+\let\par=\lisppar
+\def\Esmalllisp{\endgroup\afterenvbreak}%
+\parskip=0pt \advance \rightskip by \lispnarrowing 
+\advance \leftskip by \lispnarrowing
+\parindent=0pt
+\let\exdent=\internalexdent
+\obeyspaces \obeylines \ninett \rawbackslash
+\def\next##1{}\next}
+
+% This is @display; same as @lisp except use roman font.
+
+\def\display{\begingroup\inENV %This group ends at the end of the @display body
+\aboveenvbreak
+% Make spaces be word-separators rather than space tokens.
+\sepspaces %
+% Single space lines
+\singlespace %
+% The following causes blank lines not to be ignored
+% by adding a space to the end of each line.
+\let\par=\lisppar
+\def\Edisplay{\endgroup\afterenvbreak}%
+\parskip=0pt \advance \rightskip by \lispnarrowing 
+\advance \leftskip by \lispnarrowing
+\parindent=0pt
+\let\exdent=\internalexdent
+\obeyspaces \obeylines
+\def\next##1{}\next}
+
+% This is @format; same as @lisp except use roman font and don't narrow margins
+
+\def\format{\begingroup\inENV %This group ends at the end of the @format body
+\aboveenvbreak
+% Make spaces be word-separators rather than space tokens.
+\sepspaces %
+\singlespace %
+% The following causes blank lines not to be ignored
+% by adding a space to the end of each line.
+\let\par=\lisppar
+\def\Eformat{\endgroup\afterenvbreak}
+\parskip=0pt \parindent=0pt
+\obeyspaces \obeylines
+\def\next##1{}\next}
+
+% @flushleft and @flushright
+
+\def\flushleft{\begingroup\inENV %This group ends at the end of the @format body
+\aboveenvbreak
+% Make spaces be word-separators rather than space tokens.
+\sepspaces %
+% The following causes blank lines not to be ignored
+% by adding a space to the end of each line.
+% This also causes @ to work when the directive name
+% is terminated by end of line.
+\let\par=\lisppar
+\def\Eflushleft{\endgroup\afterenvbreak}%
+\parskip=0pt \parindent=0pt
+\obeyspaces \obeylines
+\def\next##1{}\next}
+
+\def\flushright{\begingroup\inENV %This group ends at the end of the @format body
+\aboveenvbreak
+% Make spaces be word-separators rather than space tokens.
+\sepspaces %
+% The following causes blank lines not to be ignored
+% by adding a space to the end of each line.
+% This also causes @ to work when the directive name
+% is terminated by end of line.
+\let\par=\lisppar
+\def\Eflushright{\endgroup\afterenvbreak}%
+\parskip=0pt \parindent=0pt
+\advance \leftskip by 0pt plus 1fill
+\obeyspaces \obeylines
+\def\next##1{}\next}
+
+% @quotation - narrow the margins.
+
+\def\quotation{\begingroup\inENV %This group ends at the end of the @quotation body
+{\parskip=0pt  % because we will skip by \parskip too, later
+\aboveenvbreak}%
+\singlespace
+\parindent=0pt
+\def\Equotation{\par\endgroup\afterenvbreak}%
+\advance \rightskip by \lispnarrowing 
+\advance \leftskip by \lispnarrowing}
+
+\message{defuns,}
+% Define formatter for defuns
+% First, allow user to change definition object font (\df) internally
+\def\setdeffont #1 {\csname DEF#1\endcsname}
+
+\newskip\defbodyindent \defbodyindent=36pt
+\newskip\defargsindent \defargsindent=50pt
+\newskip\deftypemargin \deftypemargin=12pt
+\newskip\deflastargmargin \deflastargmargin=18pt
+
+\newcount\parencount
+% define \functionparens, which makes ( and ) and & do special things.
+% \functionparens affects the group it is contained in.
+\def\activeparens{%
+\catcode`\(=\active \catcode`\)=\active \catcode`\&=\active
+\catcode`\[=\active \catcode`\]=\active}
+{\activeparens % Now, smart parens don't turn on until &foo (see \amprm)
+\gdef\functionparens{\boldbrax\let&=\amprm\parencount=0 }
+\gdef\boldbrax{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb}
+
+% Definitions of (, ) and & used in args for functions.
+% This is the definition of ( outside of all parentheses.
+\gdef\oprm#1 {{\rm\char`\(}#1 \bf \let(=\opnested %
+\global\advance\parencount by 1 }
+%
+% This is the definition of ( when already inside a level of parens.
+\gdef\opnested{\char`\(\global\advance\parencount by 1 }
+%
+\gdef\clrm{% Print a paren in roman if it is taking us back to depth of 0.
+% also in that case restore the outer-level definition of (.
+\ifnum \parencount=1 {\rm \char `\)}\sl \let(=\oprm \else \char `\) \fi
+\global\advance \parencount by -1 }
+% If we encounter &foo, then turn on ()-hacking afterwards
+\gdef\amprm#1 {{\rm\&#1}\let(=\oprm \let)=\clrm\ }
+%
+\gdef\normalparens{\boldbrax\let&=\ampnr}
+} % End of definition inside \activeparens
+%% These parens (in \boldbrax) actually are a little bolder than the
+%% contained text.  This is especially needed for [ and ]
+\def\opnr{{\sf\char`\(}} \def\clnr{{\sf\char`\)}} \def\ampnr{\&}
+\def\lbrb{{\tt\char`\[}} \def\rbrb{{\tt\char`\]}}
+
+% First, defname, which formats the header line itself.
+% #1 should be the function name.
+% #2 should be the type of definition, such as "Function".
+
+\def\defname #1#2{%
+\leftskip = 0in  %
+\noindent        %
+\setbox0=\hbox{\hskip \deflastargmargin{\rm #2}\hskip \deftypemargin}%
+\dimen0=\hsize \advance \dimen0 by -\wd0 % compute size for first line
+\dimen1=\hsize \advance \dimen1 by -\defargsindent %size for continuations
+\parshape 2 0in \dimen0 \defargsindent \dimen1     %
+% Now output arg 2 ("Function" or some such)
+% ending at \deftypemargin from the right margin,
+% but stuck inside a box of width 0 so it does not interfere with linebreaking
+\rlap{\rightline{{\rm #2}\hskip \deftypemargin}}%
+\tolerance=10000 \hbadness=10000    % Make all lines underfull and no complaints
+{\df #1}\enskip        % Generate function name
+}
+
+% Actually process the body of a definition
+% #1 should be the terminating control sequence, such as \Edefun.
+% #2 should be the "another name" control sequence, such as \defunx.
+% #3 should be the control sequence that actually processes the header,
+%    such as \defunheader.
+
+\def\defparsebody #1#2#3{\begingroup\inENV% Environment for definitionbody
+\medbreak %
+% Define the end token that this defining construct specifies
+% so that it will exit this group.
+\def#1{\endgraf\endgroup\medbreak}%
+\def#2{\begingroup\obeylines\activeparens\spacesplit#3}%
+\parindent=0in \leftskip=\defbodyindent %
+\begingroup\obeylines\activeparens\spacesplit#3}
+
+\def\defmethparsebody #1#2#3#4 {\begingroup\inENV %
+\medbreak %
+% Define the end token that this defining construct specifies
+% so that it will exit this group.
+\def#1{\endgraf\endgroup\medbreak}%
+\def#2##1 {\begingroup\obeylines\activeparens\spacesplit{#3{##1}}}%
+\parindent=0in \leftskip=\defbodyindent %
+\begingroup\obeylines\activeparens\spacesplit{#3{#4}}}
+
+% Split up #2 at the first space token.
+% call #1 with two arguments:
+%  the first is all of #2 before the space token,
+%  the second is all of #2 after that space token.
+% If #2 contains no space token, all of it is passed as the first arg
+% and the second is passed as empty.
+
+{\obeylines
+\gdef\spacesplit#1#2^^M{\endgroup\spacesplitfoo{#1}#2 \relax\spacesplitfoo}%
+\long\gdef\spacesplitfoo#1#2 #3#4\spacesplitfoo{%
+\ifx\relax #3%
+#1{#2}{}\else #1{#2}{#3#4}\fi}}
+
+% So much for the things common to all kinds of definitions.
+
+% Define @defun.
+
+% First, define the processing that is wanted for arguments of \defun
+% Use this to expand the args and terminate the paragraph they make up
+
+\def\defunargs #1{\functionparens \sl #1%
+\ifnum\parencount=0 \else \errmessage{unbalanced parens in @def arguments}\fi%
+\interlinepenalty=10000
+\endgraf\vskip -\parskip \penalty 10000}
+
+% Do complete processing of one @defun or @defunx line already parsed.
+
+% @deffn Command forward-char nchars
+
+\def\deffn{\defmethparsebody\Edeffn\deffnx\deffnheader}
+
+\def\deffnheader #1#2#3{\doind {fn}{\code{#2}}%
+\begingroup\defname {#2}{#1}\defunargs{#3}\endgroup}
+
+% @defun == @deffn Function
+
+\def\defun{\defparsebody\Edefun\defunx\defunheader}
+
+\def\defunheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index
+\begingroup\defname {#1}{Function}%
+\defunargs {#2}\endgroup %
+}
+
+% @defmac == @deffn Macro
+
+\def\defmac{\defparsebody\Edefmac\defmacx\defmacheader}
+
+\def\defmacheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index
+\begingroup\defname {#1}{Macro}%
+\defunargs {#2}\endgroup %
+}
+
+% @defspec == @deffn Special Form
+
+\def\defspec{\defparsebody\Edefspec\defspecx\defspecheader}
+
+\def\defspecheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index
+\begingroup\defname {#1}{Special form}%
+\defunargs {#2}\endgroup %
+}
+
+% This definition is run if you use @defunx
+% anywhere other than immediately after a @defun or @defunx.
+
+\def\deffnx #1 {\errmessage{@deffnx in invalid context}}
+\def\defunx #1 {\errmessage{@defunx in invalid context}}
+\def\defmacx #1 {\errmessage{@defmacx in invalid context}}
+\def\defspecx #1 {\errmessage{@defspecx in invalid context}}
+
+% @defmethod, and so on
+
+% @defop {Funny Method} foo-class frobnicate argument
+
+\def\defop #1 {\def\defoptype{#1}%
+\defmethparsebody\Edefop\defopx\defopheader}
+
+\def\defopheader #1#2#3{\dosubind {fn}{\code{#2}}{on #1}% Make entry in function index
+\begingroup\defname {#2}{\defoptype{} on #1}%
+\defunargs {#3}\endgroup %
+}
+
+% @defmethod == @defop Method
+
+\def\defmethod{\defmethparsebody\Edefmethod\defmethodx\defmethodheader}
+
+\def\defmethodheader #1#2#3{\dosubind {fn}{\code{#2}}{on #1}% entry in function index
+\begingroup\defname {#2}{Operation on #1}%
+\defunargs {#3}\endgroup %
+}
+
+% @defcv {Class Option} foo-class foo-flag
+
+\def\defcv #1 {\def\defcvtype{#1}%
+\defmethparsebody\Edefcv\defcvx\defcvheader}
+
+\def\defcvarheader #1#2#3{%
+\dosubind {vr}{\code{#2}}{of #1}% Make entry in var index
+\begingroup\defname {#2}{\defcvtype of #1}%
+\defvarargs {#3}\endgroup %
+}
+
+% @defivar == @defcv {Instance Variable}
+
+\def\defivar{\defmethparsebody\Edefivar\defivarx\defivarheader}
+
+\def\defivarheader #1#2#3{%
+\dosubind {vr}{\code{#2}}{of #1}% Make entry in var index
+\begingroup\defname {#2}{Instance variable of #1}%
+\defvarargs {#3}\endgroup %
+}
+
+% These definitions are run if you use @defmethodx, etc.,
+% anywhere other than immediately after a @defmethod, etc.
+
+\def\defopx #1 {\errmessage{@defopx in invalid context}}
+\def\defmethodx #1 {\errmessage{@defmethodx in invalid context}}
+\def\defcvx #1 {\errmessage{@defcvx in invalid context}}
+\def\defivarx #1 {\errmessage{@defivarx in invalid context}}
+
+% Now @defvar
+
+% First, define the processing that is wanted for arguments of @defvar.
+% This is actually simple: just print them in roman.
+% This must expand the args and terminate the paragraph they make up
+\def\defvarargs #1{\normalparens #1%
+\interlinepenalty=10000
+\endgraf\vskip -\parskip \penalty 10000}
+
+% @defvr Counter foo-count
+
+\def\defvr{\defmethparsebody\Edefvr\defvrx\defvrheader}
+
+\def\defvrheader #1#2#3{\doind {vr}{\code{#2}}%
+\begingroup\defname {#2}{#1}\defvarargs{#3}\endgroup}
+
+% @defvar == @defvr Variable
+
+\def\defvar{\defparsebody\Edefvar\defvarx\defvarheader}
+
+\def\defvarheader #1#2{\doind {vr}{\code{#1}}% Make entry in var index
+\begingroup\defname {#1}{Variable}%
+\defvarargs {#2}\endgroup %
+}
+
+% @defopt == @defvr {User Option}
+
+\def\defopt{\defparsebody\Edefopt\defoptx\defoptheader}
+
+\def\defoptheader #1#2{\doind {vr}{\code{#1}}% Make entry in var index
+\begingroup\defname {#1}{User Option}%
+\defvarargs {#2}\endgroup %
+}
+
+% This definition is run if you use @defvarx
+% anywhere other than immediately after a @defvar or @defvarx.
+
+\def\defvrx #1 {\errmessage{@defvrx in invalid context}}
+\def\defvarx #1 {\errmessage{@defvarx in invalid context}}
+\def\defoptx #1 {\errmessage{@defoptx in invalid context}}
+
+% Now define @deftp
+% Args are printed in bold, a slight difference from @defvar.
+
+\def\deftpargs #1{\bf \defvarargs{#1}}
+
+% @deftp Class window height width ...
+
+\def\deftp{\defmethparsebody\Edeftp\deftpx\deftpheader}
+
+\def\deftpheader #1#2#3{\doind {tp}{\code{#2}}%
+\begingroup\defname {#2}{#1}\deftpargs{#3}\endgroup}
+
+% This definition is run if you use @deftpx, etc
+% anywhere other than immediately after a @deftp, etc.
+
+\def\deftpx #1 {\errmessage{@deftpx in invalid context}}
+
+\message{cross reference,}
+% Define cross-reference macros
+\newwrite \auxfile
+
+% \setref{foo} defines a cross-reference point named foo.
+
+\def\setref#1{%
+\dosetq{#1-pg}{Ypagenumber}%
+\dosetq{#1-snt}{Ysectionnumberandtype}}
+
+\def\unnumbsetref#1{%
+\dosetq{#1-pg}{Ypagenumber}%
+\dosetq{#1-snt}{Ynothing}}
+
+% \xref and \pxref generate cross references to specified points.
+
+\def\pxref #1{see \xrefX [#1,,,,,,,]}
+\def\xref #1{See \xrefX [#1,,,,,,,]}
+\def\xrefX [#1,#2,#3,#4,#5,#6]{%
+\setbox1=\hbox{\i{\losespace#5{}}}%
+\setbox0=\hbox{\losespace#3{}}%
+\ifdim \wd0 =0pt \setbox0=\hbox{\losespace#1{}}\fi%
+\ifdim \wd1 >0pt%
+section \unhbox0{} in \unhbox1%
+\else%
+\refx{#1-snt} [\unhbox0], page\tie \refx{#1-pg}%
+\fi }
+
+% \dosetq is the interface for calls from other macros
+
+\def\dosetq #1#2{{\let\folio=0%
+\edef\next{\write\auxfile{\internalsetq {#1}{#2}}}%
+\next}}
+
+% \internalsetq {foo}{page} expands into CHARACTERS 'xrdef {foo}{...expansion of \Ypage...}
+% When the aux file is read, ' is the escape character
+
+\def\internalsetq #1#2{'xrdef {#1}{\csname #2\endcsname}}
+
+% Things to be expanded by \internalsetq
+
+\def\Ypagenumber{\folio}
+
+\def\Ynothing{}
+
+\def\Ysectionnumberandtype{%
+\ifnum\secno=0 chapter\xreftie\the\chapno %
+\else \ifnum \subsecno=0 section\xreftie\the\chapno.\the\secno %
+\else \ifnum \subsubsecno=0 %
+section\xreftie\the\chapno.\the\secno.\the\subsecno %
+\else %
+section\xreftie\the\chapno.\the\secno.\the\subsecno.\the\subsubsecno %
+\fi \fi \fi }
+
+\gdef\xreftie{'tie}
+
+% Define @refx to reference a specific cross-reference string.
+
+\def\refx#1{%
+{%
+\expandafter\ifx\csname X#1\endcsname\relax
+% If not defined, say something at least.
+\expandafter\gdef\csname X#1\endcsname {$<$undefined$>$}%
+\message {WARNING: Cross-reference "#1" used but not yet defined}%
+\message {}%
+\fi %
+\csname X#1\endcsname %It's defined, so just use it.
+}}
+
+% Read the last existing aux file, if any.  No error if none exists.
+
+% This is the macro invoked by entries in the aux file.
+\def\xrdef #1#2{
+{\catcode`\'=\other\expandafter \gdef \csname X#1\endcsname {#2}}}
+
+{
+\catcode `\^^@=\other
+\catcode `\^^A=\other
+\catcode `\^^B=\other
+\catcode `\^^C=\other
+\catcode `\^^D=\other
+\catcode `\^^E=\other
+\catcode `\^^F=\other
+\catcode `\^^G=\other
+\catcode `\^^H=\other
+\catcode `\^^K=\other
+\catcode `\^^L=\other
+\catcode `\^^N=\other
+\catcode `\^^O=\other
+\catcode `\^^P=\other
+\catcode `\^^Q=\other
+\catcode `\^^R=\other
+\catcode `\^^S=\other
+\catcode `\^^T=\other
+\catcode `\^^U=\other
+\catcode `\^^V=\other
+\catcode `\^^W=\other
+\catcode `\^^X=\other
+\catcode `\^^Y=\other
+\catcode `\^^Z=\other
+\catcode `\^^[=\other
+\catcode `\^^\=\other
+\catcode `\^^]=\other
+\catcode `\^^^=\other
+\catcode `\^^_=\other
+\catcode `\@=\other
+\catcode `\^=\other
+\catcode `\~=\other
+\catcode `\[=\other
+\catcode `\]=\other
+\catcode`\"=\other
+\catcode`\_=\other
+\catcode`\|=\other
+\catcode`\<=\other
+\catcode`\>=\other
+\catcode `\$=\other
+\catcode `\#=\other
+\catcode `\&=\other
+
+% the aux file uses ' as the escape.
+% Turn off \ as an escape so we do not lose on
+% entries which were dumped with control sequences in their names.
+% For example, 'xrdef {$\leq $-fun}{page ...} made by @defun ^^
+% Reference to such entries still does not work the way one would wish,
+% but at least they do not bomb out when the aux file is read in.
+
+\catcode `\{=1 \catcode `\}=2
+\catcode `\%=\other
+\catcode `\'=0
+\catcode `\\=\other
+
+'openin 1 'jobname.aux
+'ifeof 1 'else 'closein 1 'input 'jobname.aux
+'fi
+}
+
+% Open the new aux file.  Tex will close it automatically at exit.
+
+\openout \auxfile=\jobname.aux
+
+% Footnotes.
+
+\newcount \footnoteno
+
+\def\supereject{\par\penalty -20000\footnoteno =0 }
+
+\let\ptexfootnote=\footnote
+
+{\catcode `\@=11
+\gdef\footnote{\global\advance \footnoteno by \@ne
+\edef\thisfootno{$^{\the\footnoteno}$}%
+\let\@sf\empty
+\ifhmode\edef\@sf{\spacefactor\the\spacefactor}\/\fi
+\thisfootno\@sf\parsearg\footnotezzz}
+
+\gdef\footnotezzz #1{\insert\footins{
+\interlinepenalty\interfootnotelinepenalty
+\splittopskip\ht\strutbox % top baseline for broken footnotes
+\splitmaxdepth\dp\strutbox \floatingpenalty\@MM
+\leftskip\z@skip \rightskip\z@skip \spaceskip\z@skip \xspaceskip\z@skip
+\footstrut\hang\textindent{\thisfootno}#1\strut}}
+
+}%end \catcode `\@=11
+
+% End of control word definitions.
+
+\message{and turning on texinfo input format.}
+
+\newindex{cp}
+\newcodeindex{fn}
+\newcodeindex{vr}
+\newcodeindex{tp}
+\newcodeindex{ky}
+\newcodeindex{pg}
+
+% Set some numeric style parameters, for 8.5 x 11 format.
+
+\hsize = 6.5in
+\parindent 15pt
+\parskip 18pt plus 1pt
+\baselineskip 15pt
+\advance\topskip by 1.2cm
+
+% Prevent underfull vbox error messages.
+\vbadness=10000
+
+% Use @smallbook to reset parameters for 7x9.5 format
+\def\smallbook{
+\global\lispnarrowing = 0.3in
+\global\baselineskip 12pt
+\global\parskip 3pt plus 1pt
+\global\hsize = 5in
+\global\doublecolumnhsize=2.4in \global\doublecolumnvsize=15.0in
+\global\vsize=7.5in
+\global\tolerance=700
+\global\hfuzz=1pt
+
+\global\pagewidth=\hsize
+\global\pageheight=\vsize
+\global\font\ninett=cmtt9
+
+\global\let\smalllisp=\smalllispx
+\global\let\smallexample=\smalllispx
+\global\def\Esmallexample{\Esmalllisp}
+}
+
+%% For a final copy, take out the rectangles
+%% that mark overfull boxes (in case you have decided
+%% that the text looks ok even though it passes the margin).
+\def\finalout{\overfullrule=0pt}
+
+% Turn off all special characters except @
+% (and those which the user can use as if they were ordinary)
+% Define certain chars to be always in tt font.
+
+\catcode`\"=\active
+\def\activedoublequote{{\tt \char '042}}
+\let"=\activedoublequote
+\catcode`\~=\active
+\def~{{\tt \char '176}}
+\chardef\hat=`\^
+\catcode`\^=\active
+\def^{{\tt \hat}}
+\catcode`\_=\active
+\def_{{\tt \char '137}}
+\catcode`\|=\active
+\def|{{\tt \char '174}}
+\chardef \less=`\<
+\catcode`\<=\active
+\def<{{\tt \less}}
+\chardef \gtr=`\>
+\catcode`\>=\active
+\def>{{\tt \gtr}}
+
+\catcode`\@=0
+
+% \rawbackslashxx output one backslash character in current font
+{\catcode`\\=\other
+@gdef@rawbackslashxx{\}}
+
+% \rawbackslash redefines \ as input to do \rawbackslashxx.
+{\catcode`\\=\active
+@gdef@rawbackslash{@let\=@rawbackslashxx }}
+
+% \normalbackslash outputs one backslash in fixed width font.
+\def\normalbackslash{{\tt\rawbackslashxx}}
+
+% Say @foo, not \foo, in error messages.
+\escapechar=`\@
+
+%% These look ok in all fonts, so just make them not special.  The @rm below
+%% makes sure that the current font starts out as the newly loaded cmr10
+\catcode`\$=\other \catcode`\%=\other \catcode`\&=\other \catcode`\#=\other
+
+\catcode 17=0   @c Define control-q
+\catcode`\\=\active
+@let\=@normalbackslash
+
+@textfonts
+@rm
diff --git a/krb5-1.21.3/src/util/exitsleep.c b/krb5-1.21.3/src/util/exitsleep.c
new file mode 100644
index 00000000..e4cc1afc
--- /dev/null
+++ b/krb5-1.21.3/src/util/exitsleep.c
@@ -0,0 +1,49 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/exitsleep.c */
+/*
+ * Copyright (C) 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Kludge to sleep 100ms prior to exit on Solaris 9 to work around a
+ * pty bug.
+ */
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <dlfcn.h>
+#include <link.h>
+
+void
+exit(int status)
+{
+    void (*realexit)(int);
+    struct timeval tv;
+
+    tv.tv_sec = 0;
+    tv.tv_usec = 100000;
+    realexit = (void (*)(int))dlsym(RTLD_NEXT, "exit");
+    select(0, 0, 0, 0, &tv);
+    realexit(status);
+}
diff --git a/krb5-1.21.3/src/util/export-check.pl b/krb5-1.21.3/src/util/export-check.pl
new file mode 100755
index 00000000..2866c0a3
--- /dev/null
+++ b/krb5-1.21.3/src/util/export-check.pl
@@ -0,0 +1,84 @@
+#
+
+# Copyright 2006 Massachusetts Institute of Technology.
+# All Rights Reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+#
+
+$0 =~ s/^.*?([\w.-]+)$/$1/;
+
+# The real stuff.
+
+# Args: exportlist libfoo.so
+
+# This code assumes the GNU version of nm.
+# For now, we'll only run it on GNU/Linux systems, so that's okay.
+
+if ($#ARGV != 1) {
+    die "usage: $0 exportfile libfoo.so\n";
+}
+my($exfile, $libfile) = @ARGV;
+
+@missing = ();
+open NM, "nm -Dg --defined-only $libfile |" || die "can't run nm on $libfile: $!";
+open EXPORT, "< $exfile" || die "can't read $exfile: $!";
+
+@export = <EXPORT>;
+map chop, @export;
+@export = sort @export;
+
+@found = ();
+while (<NM>) {
+    chop;
+    s/^[0-9a-fA-F]+ +//;
+    s/@@.*$//;
+    next if /^A /;
+    if (!/^[TDRBGS] /) {
+	unlink $libfile;
+	die "not sure what to do with '$_'";
+    }
+    s/^[TDRBGS] +//;
+    push @found, $_;
+}
+@found = sort @found;
+while ($#export >= 0 && $#found >= 0) {
+    if ($#export >= 1 && $export[0] eq $export[1]) {
+	print STDERR "Duplicate symbol in export list: $export[0]\n";
+	exit(1);
+    }
+    if ($export[0] eq $found[0]) {
+#	print "ok $export[0]\n";
+	shift @export;
+	shift @found;
+    } elsif ($export[0] lt $found[0]) {
+	push @missing, shift @export;
+    } else {
+	# Ignore added symbols, for now.
+	shift @found;
+    }
+}
+if ($#export >= 0) { @missing = (@missing, @export); }
+if ($#missing >= 0) {
+    print STDERR "Missing symbols:\n\t", join("\n\t", @missing), "\n";
+#    unlink $libfile;
+    exit(1);
+}
+exit 0;
diff --git a/krb5-1.21.3/src/util/gen-map.pl b/krb5-1.21.3/src/util/gen-map.pl
new file mode 100644
index 00000000..23d94657
--- /dev/null
+++ b/krb5-1.21.3/src/util/gen-map.pl
@@ -0,0 +1,111 @@
+#!perl -w
+use ktemplate;
+# List of parameters accepted for substitution.
+@parms = qw(NAME KEY VALUE COMPARE COPYKEY FREEKEY FREEVALUE);
+# Defaults, if any.
+$parm{"COPYKEY"} = "0";
+$parm{"FREEKEY"} = "0";
+$parm{"FREEVALUE"} = "0";
+#
+&run;
+#
+__DATA__
+/*
+ * map, generated from template
+ * map name: <NAME>
+ * key: <KEY>
+ * value: <VALUE>
+ * compare: <COMPARE>
+ * copy_key: <COPYKEY>
+ * free_key: <FREEKEY>
+ * free_value: <FREEVALUE>
+ */
+struct <NAME>__element {
+    <KEY> key;
+    <VALUE> value;
+    struct <NAME>__element *next;
+};
+struct <NAME>__head {
+    struct <NAME>__element *first;
+};
+typedef struct <NAME>__head <NAME>;
+static inline int <NAME>_init (struct <NAME>__head *head)
+{
+    head->first = NULL;
+    return 0;
+}
+static inline void <NAME>_destroy (struct <NAME>__head *head)
+{
+    struct <NAME>__element *e, *e_next;
+    void (*free_key)(<KEY>) = <FREEKEY>;
+    void (*free_value)(<VALUE>) = <FREEVALUE>;
+    for (e = head->first; e; e = e_next) {
+	e_next = e->next;
+	if (free_key)
+	    (*free_key)(e->key);
+	if (free_value)
+	    (*free_value)(e->value);
+	free(e);
+    }
+    head->first = NULL;
+}
+/* Returns pointer to linked-list entry, or null if key not found.  */
+static inline struct <NAME>__element *
+<NAME>__find_node (struct <NAME>__head *head, <KEY> key)
+{
+    struct <NAME>__element *e;
+    for (e = head->first; e; e = e->next)
+	if (<COMPARE> (key, e->key) == 0)
+	    return e;
+    return 0;
+}
+/* Returns pointer to value, or null if key not found.  */
+static inline <VALUE> *
+<NAME>_find (struct <NAME>__head *head, <KEY> key)
+{
+    struct <NAME>__element *e = <NAME>__find_node(head, key);
+    if (e)
+	return &e->value;
+    return 0;
+}
+/* Returns 0 or error code.  */
+static inline int
+<NAME>__copy_key (<KEY> *out, <KEY> in)
+{
+    int (*copykey)(<KEY> *, <KEY>) = <COPYKEY>;
+    if (copykey == 0) {
+	*out = in;
+	return 0;
+    } else
+	return (*copykey)(out, in);
+}
+/* Returns 0 or error code.  */
+static inline int
+<NAME>_replace_or_insert (struct <NAME>__head *head,
+			  <KEY> key, <VALUE> new_value)
+{
+    struct <NAME>__element *e = <NAME>__find_node(head, key);
+    int ret;
+
+    if (e) {
+	/* replace */
+	void (*free_value)(<VALUE>) = <FREEVALUE>;
+	if (free_value)
+	    (*free_value)(e->value);
+	e->value = new_value;
+    } else {
+	/* insert */
+	e = malloc(sizeof(*e));
+	if (e == NULL)
+	    return ENOMEM;
+	ret = <NAME>__copy_key (&e->key, key);
+	if (ret) {
+	    free(e);
+	    return ret;
+	}
+	e->value = new_value;
+	e->next = head->first;
+	head->first = e;
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/gen.pl b/krb5-1.21.3/src/util/gen.pl
new file mode 100644
index 00000000..9d2a3a18
--- /dev/null
+++ b/krb5-1.21.3/src/util/gen.pl
@@ -0,0 +1,61 @@
+# -*- perl -*-
+
+# Crude template instantiation hack.
+#
+# The template named on the command line maps to a perl module t_$foo
+# which defines certain methods including variable processing and
+# output generation.  It can also suck in additional template modules
+# for internal use.  One output file is generated, which typically
+# contains structures and inline functions, and should be included by
+# other files which will define, for example, the typedefname
+# parameters supplied to this script.
+
+# To do:
+# Find a way to make dependency generation automatic.
+# Make it less gross.
+
+sub usage {
+    print STDERR "usage: $0 TemplateName [-oOutputFile] PARM=value ...\n";
+    print STDERR "  where acceptable PARM values depend on the template\n";
+    exit(1);
+}
+
+my $orig_args = join(" ", @ARGV);
+my $templatename = shift @ARGV || &usage;
+my $outfile = shift @ARGV || &usage;
+my $x;
+
+eval "require t_$templatename;" || die;
+eval "\$x = new t_$templatename;" || die;
+
+sub getparms {
+    my $arg;
+    my $outfile;
+    my %allowed_parms = ();
+
+    foreach $arg (@ARGV) {
+	my @words = split '=', $arg;
+	if ($#words != 1) {
+	    print STDERR "$0: $arg : #words = $#words\n";
+	    &usage;
+	}
+	$x->setparm($words[0], $words[1]);
+    }
+}
+
+sub generate {
+    open OUTFILE, ">$outfile" || die;
+    print OUTFILE "/*\n";
+    print OUTFILE " * This file is generated, please don't edit it.\n";
+    print OUTFILE " * script: $0\n";
+    print OUTFILE " * args:   $orig_args\n";
+    print OUTFILE " * The rest of this file is copied from a template, with\n";
+    print OUTFILE " * substitutions.  See the template for copyright info.\n";
+    print OUTFILE " */\n";
+    $x->output(\*OUTFILE);
+    close OUTFILE;
+}
+
+&getparms;
+&generate;
+exit (0);
diff --git a/krb5-1.21.3/src/util/getsyms b/krb5-1.21.3/src/util/getsyms
new file mode 100755
index 00000000..289fe0aa
--- /dev/null
+++ b/krb5-1.21.3/src/util/getsyms
@@ -0,0 +1,63 @@
+#!/bin/sh
+# Run this from the TOP of the source tree!
+M4=gm4
+configs=`find $1 -name configure.ac -print|sort|sed -e 's@/configure.ac@@'`
+for dir in $configs; do
+	syms=""
+	libs=""
+	headers=""
+	types=""
+	funcs=""
+	AC_MACRODIR=./util/autoconf
+	# The following bits shamelessly stolen from autoheader.sh
+	eval "`$M4 -I$AC_MACRODIR autoheader.m4 $dir/configure.ac|
+		sed -n -e '
+		: again
+		/^@@@.*@@@$/s/^@@@\(.*\)@@@$/\1/p
+		/^@@@/{
+			s/^@@@//p
+			n
+			s/^/@@@/
+			b again
+		}'`"
+	allsyms="`for sym in $syms; do echo $sym; done | sort | uniq`"
+	if test -n "$funcs"; then
+		funcs="`for func in $funcs; do echo $func; done | sort | uniq`"
+		funcs="`for func in $funcs; do echo $func
+			done | sed 's/[^a-zA-Z0-9_]/_/g' | tr '[a-z]' '[A-Z]' | sed 's/^/HAVE_/'`"
+	allsyms="$allsyms $funcs"
+	fi
+	if test -n "$headers"; then
+		headers="`for header in $headers; do echo $header
+			done | sort | uniq`"
+		headers="`for header in $headers; do echo $header
+			done | sed 's/[^a-zA-Z0-9_]/_/g' | tr '[a-z]' '[A-Z]' | sed 's/^/HAVE_/'`"
+	allsyms="$allsyms $headers"
+	fi
+	if test -n "$libs"; then
+		libs="`for lib in $libs; do echo $lib
+			done | sort | uniq`"
+		libs="`for lib in $libs; do echo $lib
+			done | sed 's/[^a-zA-Z0-9_]/_/g' | tr '[a-z]' '[A-Z]' | sed 's/^/HAVE_LIB/'`"
+	allsyms="$allsyms $libs"
+	fi
+	echo $dir/configure.ac: $allsyms
+	allsyms="`echo $allsyms|tr ' ' '|'`"
+	files="$dir/*.[ch]"
+	if test ! "`echo $files`" = "$dir/"'*.[ch]'; then
+	for file in $files; do
+		badsyms=""
+		fsyms=`sed -f ./util/getsyms.sed $file`
+		fsyms="`for sym in $fsyms; do echo $sym; done | sort | uniq`"
+		for sym in $fsyms; do
+			if echo $sym|egrep -s "$allsyms">/dev/null; then :
+			else
+				badsyms="$badsyms $sym"
+			fi
+		done
+		if test -n "$badsyms"; then
+			echo $file:$badsyms
+		fi
+	done
+	fi
+done
diff --git a/krb5-1.21.3/src/util/getsyms.sed b/krb5-1.21.3/src/util/getsyms.sed
new file mode 100644
index 00000000..a24b5157
--- /dev/null
+++ b/krb5-1.21.3/src/util/getsyms.sed
@@ -0,0 +1,42 @@
+# emulate a C preprocessor (well, sort of)
+:TOP
+y/	/ /
+s/  */ /g
+s%/\*.*\*/%%
+/\/\*/{
+	:COMMENT
+	/\*\//!{
+		s/.*//
+		N
+		bCOMMENT
+	}
+	s%^.*\*/%%
+	bTOP
+}
+/^ *# *ifdef/{
+	s/^ *# *ifdef //
+	b
+}
+/^ *# *ifndef/{
+	s/^ *# *ifndef //
+	b
+}
+/^ *# *if.*defined/{
+	s/^ *# *if //
+	:IF
+	/^defined/!{
+		:NUKE
+		s/^.//
+		/^defined/!bNUKE
+	}
+	h
+	/^defined/s/^defined *( *\([A-Za-z0-9_]*\) *).*/\1/p
+	g
+	/^defined/s/^defined *( *\([[A-Za-z0-9_]*\) *)//
+	/defined/!{
+		d
+		b
+	}
+	bIF
+}
+d
diff --git a/krb5-1.21.3/src/util/k5test.py b/krb5-1.21.3/src/util/k5test.py
new file mode 100644
index 00000000..8e5f5ba8
--- /dev/null
+++ b/krb5-1.21.3/src/util/k5test.py
@@ -0,0 +1,1437 @@
+# Copyright (C) 2010 by the Massachusetts Institute of Technology.
+# All rights reserved.
+
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+"""A module for krb5 test scripts
+
+To run test scripts during "make check" (if Python 2.5 or later is
+available), add rules like the following to Makefile.in:
+
+    check-pytests::
+	$(RUNPYTEST) $(srcdir)/t_testname.py $(PYTESTFLAGS)
+
+A sample test script:
+
+    from k5test import *
+
+    # Run a test program under a variety of configurations:
+    for realm in multipass_realms():
+        realm.run(['./testprog', 'arg'])
+
+    # Run a test server and client under just the default configuration:
+    realm = K5Realm()
+    realm.start_server(['./serverprog'], 'starting...')
+    realm.run(['./clientprog', realm.host_princ])
+
+    # Inform framework that tests completed successfully.
+    success('World peace and cure for cancer')
+
+By default, the realm will have:
+
+* The name KRBTEST.COM
+* Listener ports starting at 61000
+* krb5.conf and kdc.conf files
+* A fresh DB2 KDB
+* Running krb5kdc (but not kadmind)
+* Principals named realm.user_princ and realm.admin_princ; call
+  password('user') and password('admin') to get the password
+* Credentials for realm.user_princ in realm.ccache
+* Admin rights for realm.admin_princ in the kadmind acl file
+* A host principal named realm.host_princ with a random key
+* A keytab for the host principal in realm.keytab
+
+The realm's behaviour can be modified with the following constructor
+keyword arguments:
+
+* realm='realmname': Override the realm name
+
+* portbase=NNN: Override the listener port base; currently three ports are
+  used
+
+* testdir='dirname': Override the storage area for the realm's files
+  (path may be specified relative to the current working dir)
+
+* krb5_conf={ ... }: krb5.conf options, expressed as a nested
+  dictionary, to be merged with the default krb5.conf settings.  A key
+  may be mapped to None to delete a setting from the defaults.  A key
+  may be mapped to a list in order to create multiple settings for the
+  same variable name.  Keys and values undergo the following template
+  substitutions:
+
+    - $realm:    The realm name
+    - $testdir:  The realm storage directory (absolute path)
+    - $buildtop: The root of the build directory
+    - $srctop:   The root of the source directory
+    - $plugins:  The plugin directory in the build tree
+    - $certs:    The PKINIT certificate directory in the source tree
+    - $hostname: The FQDN of the host
+    - $port0:    The first listener port (portbase)
+    - ...
+    - $port9:    The tenth listener port (portbase + 9)
+
+  When choosing ports, note the following:
+
+    - port0 is used in the default krb5.conf for the KDC
+    - port1 is used in the default krb5.conf for kadmind
+    - port2 is used in the default krb5.conf for kpasswd
+    - port3 is used in the default krb5.conf for kpropd
+    - port4 is used in the default krb5.conf for iprop (in kadmind)
+    - port5 is the return value of realm.server_port()
+
+* kdc_conf={...}: kdc.conf options, expressed as a nested dictionary,
+  to be merged with the default kdc.conf settings.  The same
+  conventions and substitutions for krb5_conf apply.
+
+* create_kdb=False: Don't create a KDB.  Implicitly disables all of
+  the other options since they all require a KDB.
+
+* krbtgt_keysalt='enctype:salttype': After creating the KDB,
+  regenerate the krbtgt key using the specified key/salt combination,
+  using a kadmin.local cpw query.
+
+* create_user=False: Don't create the user principal.  Implies
+  get_creds=False.
+
+* create_host=False: Don't create the host principal or the associated
+  keytab.
+
+* start_kdc=False: Don't start the KDC.  Implies get_creds=False.
+
+* start_kadmind=True: Start kadmind.
+
+* get_creds=False: Don't get user credentials.
+
+* bdb_only=True: Use the DB2 KDB module even if K5TEST_LMDB is set in
+  the environment.
+
+* pkinit=True: Configure a PKINIT anchor and KDC certificate.
+
+Scripts may use the following functions and variables:
+
+* fail(message): Display message (plus leading marker and trailing
+  newline) and explanatory messages about debugging.
+
+* success(message): Indicate that the test script has completed
+  successfully.  Suppresses the display of explanatory debugging
+  messages in the on-exit handler.  message should briefly summarize
+  the operations tested; it will only be displayed (with leading
+  marker and trailing newline) if the script is running verbosely.
+
+* skipped(whatmsg, whymsg): Indicate that some tests were skipped.
+  whatmsg should concisely say what was skipped (e.g. "LDAP KDB
+  tests") and whymsg should give the reason (e.g. "because LDAP module
+  not built").
+
+* skip_rest(message): Indicate that some tests were skipped, then exit
+  the current script.
+
+* output(message, force_verbose=False): Place message (without any
+  added newline) in testlog, and write it to stdout if running
+  verbosely.
+
+* mark(message): Place a divider message in the test output, to make
+  it easier to determine what part of the test script a command
+  invocation belongs to.  The last mark message will also be displayed
+  if a command invocation fails.  Do not include a newline in message.
+
+* which(progname): Return the location of progname in the executable
+  path, or None if it is not found.
+
+* password(name): Return a weakly random password based on name.  The
+  password will be consistent across calls with the same name.
+
+* canonicalize_hostname(name, rdns=True): Return the DNS
+  canonicalization of name, optionally using reverse DNS.  On error,
+  return name converted to lowercase.
+
+* stop_daemon(proc): Stop a daemon process started with
+  realm.start_server() or realm.start_in_inetd().  Only necessary if
+  the port needs to be reused; daemon processes will be stopped
+  automatically when the script exits.
+
+* multipass_realms(**keywords): This is an iterator function.  Yields
+  a realm for each of the standard test passes, each of which alters
+  the default configuration in some way to exercise different parts of
+  the krb5 code base.  keywords may contain any K5Realm initializer
+  keyword with the exception of krbtgt_keysalt, which will not be
+  honored.  If keywords contains krb5_conf and/or kdc_conf fragments,
+  they will be merged with the default and per-pass specifications.
+
+* multidb_realms(**keywords): Yields a realm for multiple DB modules.
+  Currently DB2 and LMDB are included.  Ideally LDAP would be
+  included, but setting up a test LDAP server currently requires a
+  one-second delay, so all LDAP tests are currently confined to
+  t_kdb.py.  keywords may contain any K5Realm initializer.
+
+* cross_realms(num, xtgts=None, args=None, **keywords): This function
+  returns a list of num realms, where each realm's configuration knows
+  how to contact all of the realms.  By default, each realm will
+  contain cross TGTs in both directions for all other realms; this
+  default may be overridden by specifying a collection of tuples in
+  the xtgts parameter, where each tuple is a pair of zero-based realm
+  indexes, indicating that the first realm can authenticate to the
+  second (i.e. krbtgt/secondrealm@firstrealm exists in both realm's
+  databases).  If args is given, it should be a list of keyword
+  arguments specific to each realm; these will be merged with the
+  global keyword arguments passed to cross_realms, with specific
+  arguments taking priority.
+
+* buildtop: The top of the build directory (absolute path).
+
+* srctop: The top of the source directory (absolute path).
+
+* plugins: The plugin directory in the build tree (absolute path).
+
+* pkinit_enabled: True if the PKINIT plugin module is present in the
+  build directory.
+
+* pkinit_certs: The directory containing test PKINIT certificates.
+
+* hostname: The local hostname as it will initially appear in
+  krb5_sname_to_principal() results.  (Shortname qualification is
+  turned off in the test environment to make this value easy to
+  discover from Python.)
+
+* null_input: A file opened to read /dev/null.
+
+* args: Positional arguments left over after flags are processed.
+
+* runenv: The contents of $srctop/runenv.py, containing a dictionary
+  'env' which specifies additional variables to be added to the realm
+  environment, and a variable 'tls_impl', which indicates which TLS
+  implementation (if any) is being used by libkrb5's support for
+  contacting KDCs and kpasswd servers over HTTPS.
+
+* verbose: Whether the script is running verbosely.
+
+* testpass: The command-line test pass argument.  The script does not
+  need to examine this argument in most cases; it will be honored in
+  multipass_realms().
+
+* Pathname variables for programs within the build directory:
+  - krb5kdc
+  - kadmind
+  - kadmin
+  - kadminl (kadmin.local)
+  - kdb5_ldap_util
+  - kdb5_util
+  - ktutil
+  - kinit
+  - klist
+  - kswitch
+  - kvno
+  - kdestroy
+  - kpasswd
+  - t_inetd
+  - kproplog
+  - kpropd
+  - kprop
+
+Scripts may use the following realm methods and attributes:
+
+* realm.run(args, env=None, **keywords): Run a command in a specified
+  environment (or the realm's environment by default), obeying the
+  command-line debugging options.  Fail if the command does not return
+  0.  Log the command output appropriately, and return it as a single
+  multi-line string.  Keyword arguments can contain input='string' to
+  send an input string to the command, expected_code=N to expect a
+  return code other than 0, expected_msg=MSG to expect a substring in
+  the command output, and expected_trace=('a', 'b', ...) to expect an
+  ordered series of line substrings in the command's KRB5_TRACE
+  output, or return_trace=True to return a tuple of the command output
+  and the trace output.
+
+* realm.kprop_port(): Returns a port number based on realm.portbase
+  intended for use by kprop and kpropd.
+
+* realm.server_port(): Returns a port number based on realm.portbase
+  intended for use by server processes.
+
+* realm.start_server(args, sentinel, env=None): Start a daemon
+  process.  Wait until sentinel appears as a substring of a line in
+  the server process's stdout or stderr (which are folded together).
+  Returns a subprocess.Popen object which can be passed to
+  stop_daemon() to stop the server, or used to read from the server's
+  output.
+
+* realm.start_in_inetd(args, port=None, env=None): Begin a t_inetd
+  process which will spawn a server process after accepting a client
+  connection.  If port is not specified, realm.server_port() will be
+  used.  Returns a process object which can be passed to stop_daemon()
+  to stop the server.
+
+* realm.create_kdb(): Create a new KDB.
+
+* realm.start_kdc(args=[], env=None): Start a krb5kdc process.  Errors
+  if a KDC is already running.  If args is given, it contains a list
+  of additional krb5kdc arguments.
+
+* realm.stop_kdc(): Stop the krb5kdc process.  Errors if no KDC is
+  running.
+
+* realm.start_kadmind(env=None): Start a kadmind process.  Errors if a
+  kadmind is already running.
+
+* realm.stop_kadmind(): Stop the kadmind process.  Errors if no
+  kadmind is running.
+
+* realm.stop(): Stop any daemon processes running on behalf of the
+  realm.
+
+* realm.addprinc(princname, password=None): Using kadmin.local, create
+  a principal in the KDB named princname, with either a random or
+  specified key.
+
+* realm.extract_keytab(princname, keytab): Using kadmin.local, create
+  a keytab for princname in the filename keytab.  Uses the -norandkey
+  option to avoid re-randomizing princname's key.
+
+* realm.kinit(princname, password=None, flags=[]): Acquire credentials
+  for princname using kinit, with additional flags [].  If password is
+  specified, it will be used as input to the kinit process; otherwise
+  flags must cause kinit not to need a password (e.g. by specifying a
+  keytab).
+
+* realm.pkinit(princ, **keywords): Acquire credentials for princ,
+  supplying a PKINIT identity of the basic user test certificate
+  (matching user@KRBTEST.COM).
+
+* realm.klist(client_princ, service_princ=None, ccache=None): Using
+  klist, list the credentials cache ccache (must be a filename;
+  self.ccache if not specified) and verify that the output shows
+  credentials for client_princ and service_princ (self.krbtgt_princ if
+  not specified).
+
+* realm.klist_keytab(princ, keytab=None): Using klist, list keytab
+  (must be a filename; self.keytab if not specified) and verify that
+  the output shows the keytab name and principal name.
+
+* realm.prep_kadmin(princname=None, password=None, flags=[]): Populate
+  realm.kadmin_ccache with a ticket which can be used to run kadmin.
+  If princname is not specified, realm.admin_princ and its default
+  password will be used.
+
+* realm.run_kadmin(args, **keywords): Run the specified query in
+  kadmin, using realm.kadmin_ccache to authenticate.  Accepts the same
+  keyword arguments as run.
+
+* realm.special_env(name, has_kdc_conf, krb5_conf=None,
+  kdc_conf=None): Create an environment with a modified krb5.conf
+  and/or kdc.conf.  The specified krb5_conf and kdc_conf fragments, if
+  any, will be merged with the realm's existing configuration.  If
+  has_kdc_conf is false, the new environment will have no kdc.conf.
+  The environment returned by this method can be used with realm.run()
+  or similar methods.
+
+* realm.start_kpropd(env, args=[]): Start a kpropd process.  Pass an
+  environment created with realm.special_env() for the replica.  If
+  args is given, it contains a list of additional kpropd arguments.
+  Returns a handle to the kpropd process.
+
+* realm.run_kpropd_once(env, args=[]): Run kpropd once, using the -t
+  flag.  Pass an environment created with realm.special_env() for the
+  replica.  If args is given, it contains a list of additional kpropd
+  arguments.  Returns the kpropd output.
+
+* realm.realm: The realm's name.
+
+* realm.testdir: The realm's storage directory (absolute path).
+
+* realm.portbase: The realm's first listener port.
+
+* realm.user_princ: The principal name user@<realmname>.
+
+* realm.admin_princ: The principal name user/admin@<realmname>.
+
+* realm.host_princ: The name of the host principal for this machine,
+  with realm.
+
+* realm.nfs_princ: The name of the nfs principal for this machine,
+  with realm.
+
+* realm.krbtgt_princ: The name of the krbtgt principal for the realm.
+
+* realm.keytab: A keytab file in realm.testdir.  Initially contains a
+  host keytab unless disabled by the realm construction options.
+
+* realm.client_keytab: A keytab file in realm.testdir.  Initially
+  nonexistent.
+
+* realm.ccache: A ccache file in realm.testdir.  Initially contains
+  credentials for user unless disabled by the realm construction
+  options.
+
+* realm.kadmin_ccache: The ccache file initialized by prep_kadmin and
+  used by run_kadmin.
+
+* env: The realm's environment, extended from os.environ to point at
+  the realm's config files and the build tree's shared libraries.
+
+When the test script is run, its behavior can be modified with
+command-line flags.  These are documented in the --help output.
+
+"""
+
+import atexit
+import fcntl
+import optparse
+import os
+import shlex
+import shutil
+import signal
+import socket
+import string
+import subprocess
+import sys
+
+# Used when most things go wrong (other than programming errors) so
+# that the user sees an error message rather than a Python traceback,
+# without help from the test script.  The on-exit handler will display
+# additional explanatory text.
+def fail(msg):
+    """Print a message and exit with failure."""
+    global _current_pass
+    print("*** Failure:", msg)
+    if _last_mark:
+        print("*** Last mark: %s" % _last_mark)
+    if _last_cmd:
+        print("*** Last command (#%d): %s" % (_cmd_index - 1, _last_cmd))
+    if _failed_daemon_output:
+        print('*** Output of failed daemon:')
+        sys.stdout.write(_failed_daemon_output)
+    elif _last_cmd_output:
+        print("*** Output of last command:")
+        sys.stdout.write(_last_cmd_output)
+    if _current_pass:
+        print("*** Failed in test pass:", _current_pass)
+    if _current_db:
+        print("*** Failed with db:", _current_db)
+    sys.exit(1)
+
+
+def success(msg):
+    global _success
+    _stop_daemons()
+    output('*** Success: %s\n' % msg)
+    _success = True
+
+
+def mark(msg):
+    global _last_mark
+    output('\n====== %s ======\n' % msg)
+    _last_mark = msg
+
+
+def skipped(whatmsg, whymsg):
+    output('*** Skipping: %s: %s\n' % (whatmsg, whymsg), force_verbose=True)
+    f = open(os.path.join(buildtop, 'skiptests'), 'a')
+    f.write('Skipped %s: %s\n' % (whatmsg, whymsg))
+    f.close()
+
+
+def skip_rest(whatmsg, whymsg):
+    global _success
+    skipped(whatmsg, whymsg)
+    _stop_daemons()
+    _success = True
+    sys.exit(0)
+
+
+def output(msg, force_verbose=False):
+    """Output a message to testlog, and to stdout if running verbosely."""
+    _outfile.write(msg)
+    if verbose or force_verbose:
+        sys.stdout.write(msg)
+
+
+# Return the location of progname in the executable path, or None if
+# it is not found.
+def which(progname):
+    for dir in os.environ["PATH"].split(os.pathsep):
+        path = os.path.join(dir, progname)
+        if os.access(path, os.X_OK):
+            return path
+    return None
+
+
+def password(name):
+    """Choose a weakly random password from name, consistent across calls."""
+    return name + str(os.getpid())
+
+
+def canonicalize_hostname(name, rdns=True):
+    """Canonicalize name using DNS, optionally with reverse DNS."""
+    try:
+        ai = socket.getaddrinfo(name, None, 0, 0, 0, socket.AI_CANONNAME)
+    except socket.gaierror as e:
+        return name.lower()
+    (family, socktype, proto, canonname, sockaddr) = ai[0]
+
+    if not rdns:
+        return canonname.lower()
+
+    try:
+        rname = socket.getnameinfo(sockaddr, socket.NI_NAMEREQD)
+    except socket.gaierror:
+        return canonname.lower()
+    return rname[0].lower()
+
+
+# Exit handler which ensures processes are cleaned up and, on failure,
+# prints messages to help developers debug the problem.
+def _onexit():
+    global _daemons, _success, srctop, verbose
+    global _debug, _stop_before, _stop_after, _shell_before, _shell_after
+    if _debug or _stop_before or _stop_after or _shell_before or _shell_after:
+        # Wait before killing daemons in case one is being debugged.
+        sys.stdout.write('*** Press return to kill daemons and exit script: ')
+        sys.stdout.flush()
+        sys.stdin.readline()
+    for proc in _daemons:
+        os.kill(proc.pid, signal.SIGTERM)
+        _check_daemon(proc)
+    if not _success:
+        print
+        if not verbose:
+            testlogfile = os.path.join(os.getcwd(), 'testlog')
+            utildir = os.path.join(srctop, 'util')
+            print('For details, see: %s' % testlogfile)
+            print('Or re-run this test script with the -v flag:')
+            print('    cd %s' % os.getcwd())
+            print('    PYTHONPATH=%s %s %s -v' %
+                  (utildir, sys.executable, sys.argv[0]))
+            print()
+        print('Use --debug=NUM to run a command under a debugger.  Use')
+        print('--stop-after=NUM to stop after a daemon is started in order to')
+        print('attach to it with a debugger.  Use --help to see other')
+        print('options.')
+
+
+def _onsigint(signum, frame):
+    # Exit without displaying a stack trace.  Suppress messages from _onexit.
+    global _success
+    _success = True
+    sys.exit(1)
+
+
+# Find the parent of dir which is at the root of a build or source directory.
+def _find_root(dir):
+    while True:
+        if os.path.exists(os.path.join(dir, 'lib', 'krb5', 'krb')):
+            break
+        parent = os.path.dirname(dir)
+        if (parent == dir):
+            return None
+        dir = parent
+    return dir
+
+
+def _find_buildtop():
+    root = _find_root(os.getcwd())
+    if root is None:
+        fail('Cannot find root of krb5 build directory.')
+    if not os.path.exists(os.path.join(root, 'config.status')):
+        # Looks like an unbuilt source directory.
+        fail('This script must be run inside a krb5 build directory.')
+    return root
+
+
+def _find_srctop():
+    scriptdir = os.path.abspath(os.path.dirname(sys.argv[0]))
+    if not scriptdir:
+        scriptdir = os.getcwd()
+    root = _find_root(scriptdir)
+    if root is None:
+        fail('Cannot find root of krb5 source directory.')
+    return os.path.abspath(root)
+
+
+# Parse command line arguments, setting global option variables.  Also
+# sets the global variable args to the positional arguments, which may
+# be used by the test script.
+def _parse_args():
+    global args, verbose, testpass, _debug, _debugger_command
+    global _stop_before, _stop_after, _shell_before, _shell_after
+    parser = optparse.OptionParser()
+    parser.add_option('-v', '--verbose', action='store_true', dest='verbose',
+                      default=False, help='Display verbose output')
+    parser.add_option('-p', '--pass', dest='testpass', metavar='PASS',
+                      help='If a multi-pass test, run only PASS')
+    parser.add_option('--debug', dest='debug', metavar='NUM',
+                      help='Debug numbered command (or "all")')
+    parser.add_option('--debugger', dest='debugger', metavar='COMMAND',
+                      help='Debugger command (default is gdb --args)')
+    parser.add_option('--stop-before', dest='stopb', metavar='NUM',
+                      help='Stop before numbered command (or "all")')
+    parser.add_option('--stop-after', dest='stopa', metavar='NUM',
+                      help='Stop after numbered command (or "all")')
+    parser.add_option('--shell-before', dest='shellb', metavar='NUM',
+                      help='Spawn shell before numbered command (or "all")')
+    parser.add_option('--shell-after', dest='shella', metavar='NUM',
+                      help='Spawn shell after numbered command (or "all")')
+    (options, args) = parser.parse_args()
+    verbose = options.verbose
+    testpass = options.testpass
+    _debug = _parse_cmdnum('--debug', options.debug)
+    _stop_before = _parse_cmdnum('--stop-before', options.stopb)
+    _stop_after = _parse_cmdnum('--stop-after', options.stopa)
+    _shell_before = _parse_cmdnum('--shell-before', options.shellb)
+    _shell_after = _parse_cmdnum('--shell-after', options.shella)
+
+    if options.debugger is not None:
+        _debugger_command = shlex.split(options.debugger)
+    elif which('gdb') is not None:
+        _debugger_command = ['gdb', '--args']
+    elif which('lldb') is not None:
+        _debugger_command = ['lldb', '--']
+    elif options.debug is not None:
+        print('Cannot find a debugger; use --debugger=COMMAND')
+        sys.exit(1)
+
+
+# Translate a command number spec.  -1 means all, None means none.
+def _parse_cmdnum(optname, str):
+    if not str:
+        return None
+    if str == 'all':
+        return -1
+    try:
+        return int(str)
+    except ValueError:
+        fail('%s value must be "all" or a number' % optname)
+
+
+# Test if a command index matches a translated command number spec.
+def _match_cmdnum(cmdnum, ind):
+    if cmdnum is None:
+        return False
+    elif cmdnum == -1:
+        return True
+    else:
+        return cmdnum == ind
+
+
+# Return an environment suitable for running programs in the build
+# tree.  It is safe to modify the result.
+def _build_env():
+    global buildtop, runenv
+    env = os.environ.copy()
+    for (k, v) in runenv.env.items():
+        if v.find('./') == 0:
+            env[k] = os.path.join(buildtop, v)
+        else:
+            env[k] = v
+    # Make sure we don't get confused by translated messages
+    # or localized times.
+    env['LC_ALL'] = 'C'
+    return env
+
+
+# Merge the nested dictionaries cfg1 and cfg2 into a new dictionary.
+# cfg1 or cfg2 may be None, in which case the other is returned.  If
+# cfg2 contains keys mapped to None, the corresponding keys will be
+# mapped to None in the result.  The result may contain references to
+# parts of cfg1 or cfg2, so is not safe to modify.
+def _cfg_merge(cfg1, cfg2):
+    if not cfg2:
+        return cfg1
+    if not cfg1:
+        return cfg2
+    result = cfg1.copy()
+    for key, value2 in cfg2.items():
+        if value2 is None:
+            result.pop(key, None)
+        elif key not in result:
+            result[key] = value2
+        else:
+            value1 = result[key]
+            if isinstance(value1, dict):
+                if not isinstance(value2, dict):
+                    raise TypeError()
+                result[key] = _cfg_merge(value1, value2)
+            else:
+                result[key] = value2
+    return result
+
+
+# Python gives us shlex.split() to turn a shell command into a list of
+# arguments, but oddly enough, not the easier reverse operation.  For
+# now, do a bad job of faking it.
+def _shell_equiv(args):
+    return " ".join(args)
+
+
+# Add a valgrind prefix to the front of args if specified in the
+# environment.  Under normal circumstances this just returns args.
+def _valgrind(args):
+    valgrind = os.getenv('VALGRIND')
+    if valgrind:
+        args = shlex.split(valgrind) + args
+    return args
+
+
+def _stop_or_shell(stop, shell, env, ind):
+    if (_match_cmdnum(stop, ind)):
+        sys.stdout.write('*** [%d] Waiting for return: ' % ind)
+        sys.stdout.flush()
+        sys.stdin.readline()
+    if (_match_cmdnum(shell, ind)):
+        output('*** [%d] Spawning shell\n' % ind, True)
+        subprocess.call(os.getenv('SHELL'), env=env)
+
+
+# Look for the expected strings in successive lines of trace.
+def _check_trace(trace, expected):
+    i = 0
+    for line in trace.splitlines():
+        if i < len(expected) and expected[i] in line:
+            i += 1
+    if i < len(expected):
+        fail('Expected string not found in trace output: ' + expected[i])
+
+
+def _run_cmd(args, env, input=None, expected_code=0, expected_msg=None,
+             expected_trace=None, return_trace=False):
+    global null_input, _cmd_index, _last_cmd, _last_cmd_output, _debug
+    global _stop_before, _stop_after, _shell_before, _shell_after
+
+    tracefile = None
+    if expected_trace is not None or return_trace:
+        tracefile = 'testtrace'
+        if os.path.exists(tracefile):
+            os.remove(tracefile)
+        env = env.copy()
+        env['KRB5_TRACE'] = tracefile
+
+    if (_match_cmdnum(_debug, _cmd_index)):
+        return _debug_cmd(args, env, input)
+
+    args = _valgrind(args)
+    _last_cmd = _shell_equiv(args)
+
+    output('*** [%d] Executing: %s\n' % (_cmd_index, _last_cmd))
+    _stop_or_shell(_stop_before, _shell_before, env, _cmd_index)
+
+    if input:
+        infile = subprocess.PIPE
+    else:
+        infile = null_input
+
+    # Run the command and log the result, folding stderr into stdout.
+    proc = subprocess.Popen(args, stdin=infile, stdout=subprocess.PIPE,
+                            stderr=subprocess.STDOUT, env=env,
+                            universal_newlines=True)
+    (outdata, dummy_errdata) = proc.communicate(input)
+    _last_cmd_output = outdata
+    code = proc.returncode
+    output(outdata)
+    output('*** [%d] Completed with return code %d\n' % (_cmd_index, code))
+    _stop_or_shell(_stop_after, _shell_after, env, _cmd_index)
+    _cmd_index += 1
+
+    # Check the return code and return the output.
+    if code != expected_code:
+        fail('%s failed with code %d.' % (args[0], code))
+
+    if expected_msg is not None and expected_msg not in outdata:
+        fail('Expected string not found in command output: ' + expected_msg)
+
+    if tracefile is not None:
+        with open(tracefile, 'r') as f:
+            trace = f.read()
+        output('*** Trace output for previous command:\n')
+        output(trace)
+        if expected_trace is not None:
+            _check_trace(trace, expected_trace)
+
+    return (outdata, trace) if return_trace else outdata
+
+
+def _debug_cmd(args, env, input):
+    global _cmd_index, _debugger_command
+
+    args = _debugger_command + list(args)
+    output('*** [%d] Executing in debugger: %s\n' %
+           (_cmd_index, _shell_equiv(args)), True)
+    if input:
+        print
+        print('*** Enter the following input when appropriate:')
+        print()
+        print(input)
+        print()
+    code = subprocess.call(args, env=env)
+    output('*** [%d] Completed in debugger with return code %d\n' %
+           (_cmd_index, code))
+    _cmd_index += 1
+
+
+# Start a daemon process with the specified args and env.  Wait until
+# we see sentinel as a substring of a line on either stdout or stderr.
+# Clean up the daemon process on exit.
+def _start_daemon(args, env, sentinel):
+    global null_input, _cmd_index, _last_cmd, _last_cmd_output, _debug
+    global _stop_before, _stop_after, _shell_before, _shell_after
+
+    if (_match_cmdnum(_debug, _cmd_index)):
+        output('*** [%d] Warning: ' % _cmd_index, True)
+        output( 'test script cannot proceed after debugging a daemon\n', True)
+        _debug_cmd(args, env, None)
+        output('*** Exiting after debugging daemon\n', True)
+        sys.exit(1)
+
+    args = _valgrind(args)
+    _last_cmd = _shell_equiv(args)
+    output('*** [%d] Starting: %s\n' % (_cmd_index, _last_cmd))
+    _stop_or_shell(_stop_before, _shell_before, env, _cmd_index)
+
+    # Start the daemon and look for the sentinel in stdout or stderr.
+    proc = subprocess.Popen(args, stdin=null_input, stdout=subprocess.PIPE,
+                            stderr=subprocess.STDOUT, env=env,
+                            universal_newlines=True)
+    _last_cmd_output = ''
+    while True:
+        line = proc.stdout.readline()
+        _last_cmd_output += line
+        if line == "":
+            code = proc.wait()
+            fail('%s failed to start with code %d.' % (args[0], code))
+        output(line)
+        if sentinel in line:
+            break
+    output('*** [%d] Started with pid %d\n' % (_cmd_index, proc.pid))
+    _stop_or_shell(_stop_after, _shell_after, env, _cmd_index)
+    _cmd_index += 1
+
+    # Save the daemon in a list for cleanup.  Note that we won't read
+    # any more of the daemon's output after the sentinel, which will
+    # cause the daemon to block if it generates enough.  For now we
+    # assume all daemon processes are quiet enough to avoid this
+    # problem.  If it causes an issue, some alternatives are:
+    #   - Output to a file and poll the file for the sentinel
+    #     (undesirable because it slows down the test suite by the
+    #     polling interval times the number of daemons started)
+    #   - Create an intermediate subprocess which discards output
+    #     after the sentinel.
+    _daemons.append(proc)
+
+    # Return the process; the caller can stop it with stop_daemon.
+    return proc
+
+
+# Await a daemon process's exit status and display it if it isn't
+# successful.  Display any output it generated after the sentinel.
+# Return the daemon's exit status (0 if it terminated with SIGTERM).
+def _check_daemon(proc):
+    global _failed_daemon_output
+    code = proc.wait()
+    # If a daemon doesn't catch SIGTERM (like gss-server), treat it as
+    # a normal exit.
+    if code == -signal.SIGTERM:
+        code = 0
+    if code != 0:
+        output('*** Daemon pid %d exited with code %d\n' % (proc.pid, code))
+
+    out, err = proc.communicate()
+    if code != 0:
+        _failed_daemon_output = out
+    output('*** Daemon pid %d output:\n' % proc.pid)
+    output(out)
+
+    return code
+
+
+# Terminate all active daemon processes.  Fail out if any of them
+# exited unsuccessfully.
+def _stop_daemons():
+    global _daemons
+    daemon_error = False
+    for proc in _daemons:
+        os.kill(proc.pid, signal.SIGTERM)
+        code = _check_daemon(proc)
+        if code != 0:
+            daemon_error = True
+    _daemons = []
+    if daemon_error:
+        fail('One or more daemon processes exited with an error')
+
+
+# Wait for a daemon process to exit.  Fail out if it exits
+# unsuccessfully.
+def await_daemon_exit(proc):
+    code = _check_daemon(proc)
+    _daemons.remove(proc)
+    if code != 0:
+        fail('Daemon exited unsuccessfully')
+
+
+# Terminate one daemon process.  Fail out if it exits unsuccessfully.
+def stop_daemon(proc):
+    os.kill(proc.pid, signal.SIGTERM)
+    return await_daemon_exit(proc)
+
+
+class K5Realm(object):
+    """An object representing a functional krb5 test realm."""
+
+    def __init__(self, realm='KRBTEST.COM', portbase=61000, testdir='testdir',
+                 krb5_conf=None, kdc_conf=None, create_kdb=True,
+                 krbtgt_keysalt=None, create_user=True, get_creds=True,
+                 create_host=True, start_kdc=True, start_kadmind=False,
+                 start_kpropd=False, bdb_only=False, pkinit=False):
+        global hostname, _default_krb5_conf, _default_kdc_conf
+        global _lmdb_kdc_conf, _current_db
+
+        self.realm = realm
+        self.testdir = os.path.join(os.getcwd(), testdir)
+        self.portbase = portbase
+        self.user_princ = 'user@' + self.realm
+        self.admin_princ = 'user/admin@' + self.realm
+        self.host_princ = 'host/%s@%s' % (hostname, self.realm)
+        self.nfs_princ = 'nfs/%s@%s' % (hostname, self.realm)
+        self.krbtgt_princ = 'krbtgt/%s@%s' % (self.realm, self.realm)
+        self.keytab = os.path.join(self.testdir, 'keytab')
+        self.client_keytab = os.path.join(self.testdir, 'client_keytab')
+        self.ccache = os.path.join(self.testdir, 'ccache')
+        self.gss_mech_config = os.path.join(self.testdir, 'mech.conf')
+        self.kadmin_ccache = os.path.join(self.testdir, 'kadmin_ccache')
+        base_krb5_conf = _default_krb5_conf
+        base_kdc_conf = _default_kdc_conf
+        if (os.getenv('K5TEST_LMDB') is not None and
+            not bdb_only and not _current_db):
+            base_kdc_conf = _cfg_merge(base_kdc_conf, _lmdb_kdc_conf)
+        if pkinit:
+            base_krb5_conf = _cfg_merge(base_krb5_conf, _pkinit_krb5_conf)
+            base_kdc_conf = _cfg_merge(base_kdc_conf, _pkinit_kdc_conf)
+        self._krb5_conf = _cfg_merge(base_krb5_conf, krb5_conf)
+        self._kdc_conf = _cfg_merge(base_kdc_conf, kdc_conf)
+        self._kdc_proc = None
+        self._kadmind_proc = None
+        self._kpropd_procs = []
+        krb5_conf_path = os.path.join(self.testdir, 'krb5.conf')
+        kdc_conf_path = os.path.join(self.testdir, 'kdc.conf')
+        self.env = self._make_env(krb5_conf_path, kdc_conf_path)
+
+        self._create_empty_dir()
+        self._create_conf(self._krb5_conf, krb5_conf_path)
+        self._create_conf(self._kdc_conf, kdc_conf_path)
+        self._create_acl()
+        self._create_dictfile()
+
+        if create_kdb:
+            self.create_kdb()
+        if krbtgt_keysalt and create_kdb:
+            self.run([kadminl, 'cpw', '-randkey', '-e', krbtgt_keysalt,
+                      self.krbtgt_princ])
+        if create_user and create_kdb:
+            self.addprinc(self.user_princ, password('user'))
+            self.addprinc(self.admin_princ, password('admin'))
+        if create_host and create_kdb:
+            self.addprinc(self.host_princ)
+            self.extract_keytab(self.host_princ, self.keytab)
+        if start_kdc and create_kdb:
+            self.start_kdc()
+        if start_kadmind and create_kdb:
+            self.start_kadmind()
+        if get_creds and create_kdb and create_user and start_kdc:
+            self.kinit(self.user_princ, password('user'))
+            self.klist(self.user_princ)
+
+    def _create_empty_dir(self):
+        dir = self.testdir
+        shutil.rmtree(dir, True)
+        if (os.path.exists(dir)):
+            fail('Cannot remove %s to create test realm.' % dir)
+        os.mkdir(dir)
+
+    def _create_conf(self, profile, filename):
+        file = open(filename, 'w')
+        for section, contents in profile.items():
+            file.write('[%s]\n' % section)
+            self._write_cfg_section(file, contents, 1)
+        file.close()
+
+    def _write_cfg_section(self, file, contents, indent_level):
+        indent = '\t' * indent_level
+        for name, value in contents.items():
+            name = self._subst_cfg_value(name)
+            if isinstance(value, dict):
+                # A dictionary value yields a list subsection.
+                file.write('%s%s = {\n' % (indent, name))
+                self._write_cfg_section(file, value, indent_level + 1)
+                file.write('%s}\n' % indent)
+            elif isinstance(value, list):
+                # A list value yields multiple values for the same name.
+                for item in value:
+                    item = self._subst_cfg_value(item)
+                    file.write('%s%s = %s\n' % (indent, name, item))
+            elif isinstance(value, str):
+                # A string value yields a straightforward variable setting.
+                value = self._subst_cfg_value(value)
+                file.write('%s%s = %s\n' % (indent, name, value))
+            else:
+                raise TypeError()
+
+    def _subst_cfg_value(self, value):
+        global buildtop, srctop, hostname
+        template = string.Template(value)
+        subst = template.substitute(realm=self.realm,
+                                    testdir=self.testdir,
+                                    buildtop=buildtop,
+                                    srctop=srctop,
+                                    plugins=plugins,
+                                    certs=pkinit_certs,
+                                    hostname=hostname,
+                                    port0=self.portbase,
+                                    port1=self.portbase + 1,
+                                    port2=self.portbase + 2,
+                                    port3=self.portbase + 3,
+                                    port4=self.portbase + 4,
+                                    port5=self.portbase + 5,
+                                    port6=self.portbase + 6,
+                                    port7=self.portbase + 7,
+                                    port8=self.portbase + 8,
+                                    port9=self.portbase + 9)
+        # Empty values must be quoted to avoid a syntax error.
+        return subst if subst else '""'
+
+    def _create_acl(self):
+        global hostname
+        filename = os.path.join(self.testdir, 'acl')
+        file = open(filename, 'w')
+        file.write('%s *e\n' % self.admin_princ)
+        file.write('kiprop/%s@%s p\n' % (hostname, self.realm))
+        file.close()
+
+    def _create_dictfile(self):
+        filename = os.path.join(self.testdir, 'dictfile')
+        file = open(filename, 'w')
+        file.write('weak_password\n')
+        file.close()
+
+    def _make_env(self, krb5_conf_path, kdc_conf_path):
+        env = _build_env()
+        env['KRB5_CONFIG'] = krb5_conf_path
+        env['KRB5_KDC_PROFILE'] = kdc_conf_path or os.devnull
+        env['KRB5CCNAME'] = self.ccache
+        env['KRB5_KTNAME'] = self.keytab
+        env['KRB5_CLIENT_KTNAME'] = self.client_keytab
+        env['KRB5RCACHEDIR'] = self.testdir
+        env['KPROPD_PORT'] = str(self.kprop_port())
+        env['KPROP_PORT'] = str(self.kprop_port())
+        env['GSS_MECH_CONFIG'] = self.gss_mech_config
+        return env
+
+    def run(self, args, env=None, **keywords):
+        if env is None:
+            env = self.env
+        return _run_cmd(args, env, **keywords)
+
+    def kprop_port(self):
+        return self.portbase + 3
+
+    def server_port(self):
+        return self.portbase + 5
+
+    def start_server(self, args, sentinel, env=None):
+        if env is None:
+            env = self.env
+        return _start_daemon(args, env, sentinel)
+
+    def start_in_inetd(self, args, port=None, env=None):
+        if not port:
+            port = self.server_port()
+        if env is None:
+            env = self.env
+        inetd_args = [t_inetd, str(port), args[0]] + args
+        return _start_daemon(inetd_args, env, 'Ready!')
+
+    def create_kdb(self):
+        global kdb5_util
+        self.run([kdb5_util, 'create', '-s', '-P', 'master'])
+
+    def start_kdc(self, args=[], env=None):
+        global krb5kdc
+        if env is None:
+            env = self.env
+        assert(self._kdc_proc is None)
+        self._kdc_proc = _start_daemon([krb5kdc, '-n'] + args, env,
+                                       'starting...')
+
+    def stop_kdc(self):
+        assert(self._kdc_proc is not None)
+        stop_daemon(self._kdc_proc)
+        self._kdc_proc = None
+
+    def start_kadmind(self, env=None):
+        global krb5kdc
+        if env is None:
+            env = self.env
+        assert(self._kadmind_proc is None)
+        dump_path = os.path.join(self.testdir, 'dump')
+        self._kadmind_proc = _start_daemon([kadmind, '-nofork',
+                                            '-p', kdb5_util, '-K', kprop,
+                                            '-F', dump_path], env,
+                                           'starting...')
+
+    def stop_kadmind(self):
+        assert(self._kadmind_proc is not None)
+        stop_daemon(self._kadmind_proc)
+        self._kadmind_proc = None
+
+    def _kpropd_args(self):
+        datatrans_path = os.path.join(self.testdir, 'incoming-datatrans')
+        kpropdacl_path = os.path.join(self.testdir, 'kpropd-acl')
+        return [kpropd, '-D', '-P', str(self.kprop_port()),
+                '-f', datatrans_path, '-p', kdb5_util, '-a', kpropdacl_path]
+
+    def start_kpropd(self, env, args=[]):
+        proc = _start_daemon(self._kpropd_args() + args, env, 'ready')
+        self._kpropd_procs.append(proc)
+        return proc
+
+    def stop_kpropd(self, proc):
+        stop_daemon(proc)
+        self._kpropd_procs.remove(proc)
+
+    def run_kpropd_once(self, env, args=[]):
+        return self.run(self._kpropd_args() + ['-t'] + args, env=env)
+
+    def stop(self):
+        if self._kdc_proc:
+            self.stop_kdc()
+        if self._kadmind_proc:
+            self.stop_kadmind()
+        for p in self._kpropd_procs:
+            stop_daemon(p)
+        self._kpropd_procs = []
+
+    def addprinc(self, princname, password=None):
+        if password:
+            self.run([kadminl, 'addprinc', '-pw', password, princname])
+        else:
+            self.run([kadminl, 'addprinc', '-randkey', princname])
+
+    def extract_keytab(self, princname, keytab):
+        self.run([kadminl, 'ktadd', '-k', keytab, '-norandkey', princname])
+
+    def kinit(self, princname, password=None, flags=[], **keywords):
+        if password:
+            input = password + "\n"
+        else:
+            input = None
+        return self.run([kinit] + flags + [princname], input=input, **keywords)
+
+    def pkinit(self, princ, flags=[], **kw):
+        id = 'FILE:%s,%s' % (os.path.join(pkinit_certs, 'user.pem'),
+                             os.path.join(pkinit_certs, 'privkey.pem'))
+        flags = flags + ['-X', 'X509_user_identity=%s' % id]
+        self.kinit(princ, flags=flags, **kw)
+
+    def klist(self, client_princ, service_princ=None, ccache=None, **keywords):
+        if service_princ is None:
+            service_princ = self.krbtgt_princ
+        if ccache is None:
+            ccache = self.ccache
+        ccachestr = ccache
+        if len(ccachestr) < 2 or ':' not in ccachestr[2:]:
+            ccachestr = 'FILE:' + ccachestr
+        output = self.run([klist, ccache], **keywords)
+        if (('Ticket cache: %s\n' % ccachestr) not in output or
+            ('Default principal: %s\n' % client_princ) not in output or
+            service_princ not in output):
+            fail('Unexpected klist output.')
+
+    def klist_keytab(self, princ, keytab=None, **keywords):
+        if keytab is None:
+            keytab = self.keytab
+        output = self.run([klist, '-k', keytab], **keywords)
+        if (('Keytab name: FILE:%s\n' % keytab) not in output or
+            'KVNO Principal\n----' not in output or
+            princ not in output):
+            fail('Unexpected klist output.')
+
+    def prep_kadmin(self, princname=None, pw=None, flags=[]):
+        if princname is None:
+            princname = self.admin_princ
+            pw = password('admin')
+        return self.kinit(princname, pw,
+                          flags=['-S', 'kadmin/admin',
+                                 '-c', self.kadmin_ccache] + flags)
+
+    def run_kadmin(self, args, **keywords):
+        return self.run([kadmin, '-c', self.kadmin_ccache] + args, **keywords)
+
+    def special_env(self, name, has_kdc_conf, krb5_conf=None, kdc_conf=None):
+        krb5_conf_path = os.path.join(self.testdir, 'krb5.conf.%s' % name)
+        krb5_conf = _cfg_merge(self._krb5_conf, krb5_conf)
+        self._create_conf(krb5_conf, krb5_conf_path)
+        if has_kdc_conf:
+            kdc_conf_path = os.path.join(self.testdir, 'kdc.conf.%s' % name)
+            kdc_conf = _cfg_merge(self._kdc_conf, kdc_conf)
+            self._create_conf(kdc_conf, kdc_conf_path)
+        else:
+            kdc_conf_path = None
+        return self._make_env(krb5_conf_path, kdc_conf_path)
+
+
+def multipass_realms(**keywords):
+    global _current_pass, _passes, testpass
+    caller_krb5_conf = keywords.get('krb5_conf')
+    caller_kdc_conf = keywords.get('kdc_conf')
+    for p in _passes:
+        (name, krbtgt_keysalt, krb5_conf, kdc_conf) = p
+        if testpass and name != testpass:
+            continue
+        output('*** Beginning pass %s\n' % name)
+        keywords['krb5_conf'] = _cfg_merge(krb5_conf, caller_krb5_conf)
+        keywords['kdc_conf'] = _cfg_merge(kdc_conf, caller_kdc_conf)
+        keywords['krbtgt_keysalt'] = krbtgt_keysalt
+        _current_pass = name
+        realm = K5Realm(**keywords)
+        yield realm
+        realm.stop()
+        _current_pass = None
+
+
+def multidb_realms(**keywords):
+    global _current_db, _dbpasses
+    caller_kdc_conf = keywords.get('kdc_conf')
+    for p in _dbpasses:
+        (name, kdc_conf) = p
+        output('*** Using DB type %s\n' % name)
+        keywords['kdc_conf'] = _cfg_merge(kdc_conf, caller_kdc_conf)
+        _current_db = name
+        realm = K5Realm(**keywords)
+        yield realm
+        realm.stop()
+        _current_db = None
+
+
+def cross_realms(num, xtgts=None, args=None, **keywords):
+    # Build keyword args for each realm.
+    realm_args = []
+    for i in range(num):
+        realmnumber = i + 1
+        # Start with any global keyword arguments to this function.
+        a = keywords.copy()
+        if args and args[i]:
+            # Merge in specific arguments for this realm.  Use
+            # _cfg_merge for config fragments.
+            a.update(args[i])
+            for cf in ('krb5_conf', 'kdc_conf'):
+                if cf in keywords and cf in args[i]:
+                    a[cf] = _cfg_merge(keywords[cf], args[i][cf])
+        # Set defaults for the realm name, testdir, and portbase.
+        if not 'realm' in a:
+            a['realm'] = 'KRBTEST%d.COM' % realmnumber
+        if not 'testdir' in a:
+            a['testdir'] = os.path.join('testdir', str(realmnumber))
+        if not 'portbase' in a:
+            a['portbase'] = 61000 + 10 * realmnumber
+        realm_args.append(a)
+        
+    # Build a [realms] config fragment containing all of the realms.
+    realmsection = { '$realm' : None }
+    for a in realm_args:
+        name = a['realm']
+        portbase = a['portbase']
+        realmsection[name] = {
+            'kdc' : '$hostname:%d' % portbase,
+            'admin_server' : '$hostname:%d' % (portbase + 1),
+            'kpasswd_server' : '$hostname:%d' % (portbase + 2)
+            }
+    realmscfg = {'realms': realmsection}
+
+    # Set realmsection in each realm's krb5_conf keyword argument.
+    for a in realm_args:
+        a['krb5_conf'] = _cfg_merge(realmscfg, a.get('krb5_conf'))
+
+    if xtgts is None:
+        # Default to cross tgts for every pair of realms.
+        # (itertools.permutations would work here but is new in 2.6.)
+        xtgts = [(x,y) for x in range(num) for y in range(num) if x != y]
+
+    # Create the realms.
+    realms = []
+    for i in range(num):
+        r = K5Realm(**realm_args[i])
+        # Create specified cross TGTs in this realm's db.
+        for j in range(num):
+            if j == i:
+                continue
+            iname = r.realm
+            jname = realm_args[j]['realm']
+            if (i, j) in xtgts:
+                # This realm can authenticate to realm j.
+                r.addprinc('krbtgt/%s' % jname, password('cr-%d-%d-' % (i, j)))
+            if (j, i) in xtgts:
+                # Realm j can authenticate to this realm.
+                r.addprinc('krbtgt/%s@%s' % (iname, jname),
+                           password('cr-%d-%d-' % (j, i)))
+        realms.append(r)
+    return realms
+
+
+_default_krb5_conf = {
+    'libdefaults': {
+        'default_realm': '$realm',
+        'dns_lookup_kdc': 'false',
+        'dns_canonicalize_hostname': 'fallback',
+        'qualify_shortname': '',
+        'plugin_base_dir': '$plugins'},
+    'realms': {'$realm': {
+            'kdc': '$hostname:$port0',
+            'admin_server': '$hostname:$port1',
+            'kpasswd_server': '$hostname:$port2'}}}
+
+
+_default_kdc_conf = {
+    'realms': {'$realm': {
+            'database_module': 'db',
+            'iprop_port': '$port4',
+            'key_stash_file': '$testdir/stash',
+            'acl_file': '$testdir/acl',
+            'dict_file': '$testdir/dictfile',
+            'kadmind_port': '$port1',
+            'kpasswd_port': '$port2',
+            'kdc_listen': '$port0',
+            'kdc_tcp_listen': '$port0'}},
+    'dbmodules': {
+        'db_module_dir': '$plugins/kdb',
+        'db': {'db_library': 'db2', 'database_name' : '$testdir/db'}},
+    'logging': {
+        'admin_server': 'FILE:$testdir/kadmind5.log',
+        'kdc': 'FILE:$testdir/kdc.log',
+        'default': 'FILE:$testdir/others.log'}}
+
+
+_lmdb_kdc_conf = {'dbmodules': {'db': {'db_library': 'klmdb',
+                                       'nosync': 'true'}}}
+
+
+_pkinit_krb5_conf = {'realms': {'$realm': {
+    'pkinit_anchors': 'FILE:$certs/ca.pem'}}}
+_pkinit_kdc_conf = {'realms': {'$realm': {
+    'pkinit_identity': 'FILE:$certs/kdc.pem,$certs/privkey.pem'}}}
+
+
+# A pass is a tuple of: name, krbtgt_keysalt, krb5_conf, kdc_conf.
+_passes = [
+    # No special settings; exercises AES256.
+    ('default', None, None, None),
+
+    # Exercise the DES3 enctype.
+    ('des3', None,
+     {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
+     {'realms': {'$realm': {
+                    'supported_enctypes': 'des3-cbc-sha1:normal',
+                    'master_key_type': 'des3-cbc-sha1'}}}),
+
+    # Exercise the arcfour enctype.
+    ('arcfour', None,
+     {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
+     {'realms': {'$realm': {
+                    'supported_enctypes': 'arcfour-hmac:normal',
+                    'master_key_type': 'arcfour-hmac'}}}),
+
+    # Exercise the AES128 enctype.
+    ('aes128', None,
+      {'libdefaults': {'permitted_enctypes': 'aes128-cts'}},
+      {'realms': {'$realm': {
+                    'supported_enctypes': 'aes128-cts:normal',
+                    'master_key_type': 'aes128-cts'}}}),
+
+    # Exercise the camellia256-cts enctype.
+    ('camellia256', None,
+      {'libdefaults': {'permitted_enctypes': 'camellia256-cts'}},
+      {'realms': {'$realm': {
+                    'supported_enctypes': 'camellia256-cts:normal',
+                    'master_key_type': 'camellia256-cts'}}}),
+
+    # Exercise the aes128-sha2 enctype.
+    ('aes128-sha2', None,
+      {'libdefaults': {'permitted_enctypes': 'aes128-sha2'}},
+      {'realms': {'$realm': {
+                    'supported_enctypes': 'aes128-sha2:normal',
+                    'master_key_type': 'aes128-sha2'}}}),
+
+    # Exercise the aes256-sha2 enctype.
+    ('aes256-sha2', None,
+      {'libdefaults': {'permitted_enctypes': 'aes256-sha2'}},
+      {'realms': {'$realm': {
+                    'supported_enctypes': 'aes256-sha2:normal',
+                    'master_key_type': 'aes256-sha2'}}}),
+
+    # Test a setup with modern principal keys but an old TGT key.
+    ('aes256.destgt', 'arcfour-hmac:normal',
+     {'libdefaults': {'allow_weak_crypto': 'true'}},
+     None)
+]
+
+_success = False
+_current_pass = None
+_current_db = None
+_daemons = []
+_parse_args()
+atexit.register(_onexit)
+signal.signal(signal.SIGINT, _onsigint)
+_outfile = open('testlog', 'w')
+_cmd_index = 1
+_last_mark = None
+_last_cmd = None
+_last_cmd_output = None
+_failed_daemon_output = None
+buildtop = _find_buildtop()
+srctop = _find_srctop()
+plugins = os.path.join(buildtop, 'plugins')
+pkinit_enabled = os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so'))
+pkinit_certs = os.path.join(srctop, 'tests', 'pkinit-certs')
+hostname = socket.gethostname().lower()
+null_input = open(os.devnull, 'r')
+
+if not os.path.exists(os.path.join(buildtop, 'runenv.py')):
+    fail('You must run "make runenv.py" in %s first.' % buildtop)
+sys.path = [buildtop] + sys.path
+import runenv
+
+# A DB pass is a tuple of: name, kdc_conf.
+_dbpasses = [('db2', None)]
+if runenv.have_lmdb == 'yes':
+    _dbpasses.append(('lmdb', _lmdb_kdc_conf))
+
+krb5kdc = os.path.join(buildtop, 'kdc', 'krb5kdc')
+kadmind = os.path.join(buildtop, 'kadmin', 'server', 'kadmind')
+kadmin = os.path.join(buildtop, 'kadmin', 'cli', 'kadmin')
+kadminl = os.path.join(buildtop, 'kadmin', 'cli', 'kadmin.local')
+kdb5_ldap_util = os.path.join(buildtop, 'plugins', 'kdb', 'ldap', 'ldap_util',
+                              'kdb5_ldap_util')
+kdb5_util = os.path.join(buildtop, 'kadmin', 'dbutil', 'kdb5_util')
+ktutil = os.path.join(buildtop, 'kadmin', 'ktutil', 'ktutil')
+kinit = os.path.join(buildtop, 'clients', 'kinit', 'kinit')
+klist = os.path.join(buildtop, 'clients', 'klist', 'klist')
+kswitch = os.path.join(buildtop, 'clients', 'kswitch', 'kswitch')
+kvno = os.path.join(buildtop, 'clients', 'kvno', 'kvno')
+kdestroy = os.path.join(buildtop, 'clients', 'kdestroy', 'kdestroy')
+kpasswd = os.path.join(buildtop, 'clients', 'kpasswd', 'kpasswd')
+t_inetd = os.path.join(buildtop, 'tests', 't_inetd')
+kproplog = os.path.join(buildtop, 'kprop', 'kproplog')
+kpropd = os.path.join(buildtop, 'kprop', 'kpropd')
+kprop = os.path.join(buildtop, 'kprop', 'kprop')
diff --git a/krb5-1.21.3/src/util/krb5-batch-reindent.el b/krb5-1.21.3/src/util/krb5-batch-reindent.el
new file mode 100644
index 00000000..668c64c8
--- /dev/null
+++ b/krb5-1.21.3/src/util/krb5-batch-reindent.el
@@ -0,0 +1,68 @@
+;;; -*- mode: emacs-lisp; indent-tabs-mode: nil -*-
+(if (not noninteractive)
+    (error "to be used only with -batch"))
+;; Avoid vc-mode interference.
+(setq vc-handled-backends nil)
+
+;; for debugging
+(defun report-tabs ()
+  (let ((tab-found (search-forward "\t" nil t)))
+    (if tab-found
+        (message "Tab found @%s." tab-found)
+      (message "No tabs found."))))
+
+(defun whitespace-new ()
+    ;; Sometimes whitespace-cleanup gets its internals confused
+    ;; when whitespace-mode hasn't been activated on the buffer.
+    (let ((whitespace-indent-tabs-mode indent-tabs-mode)
+          (whitespace-style '(empty trailing)))
+      ;; Only clean up tab issues if indent-tabs-mode is explicitly
+      ;; set in the file local variables.
+      (if (local-variable-p 'indent-tabs-mode)
+          (progn
+            (message "Enabling tab cleanups.")
+            (add-to-list 'whitespace-style 'indentation)
+            (add-to-list 'whitespace-style 'space-before-tab)
+            (add-to-list 'whitespace-style 'space-after-tab)))
+;;      (message "indent-tabs-mode=%s" indent-tabs-mode)
+      (message "Cleaning whitespace...")
+      (whitespace-cleanup)))
+
+;; Old style whitespace.el uses different variables.
+(defun whitespace-old ()
+  (let (whitespace-check-buffer-indent
+        whitespace-check-buffer-spacetab)
+    (if (local-variable-p 'indent-tabs-mode)
+        (progn
+          (message "Enabling tab cleanups.")
+          (setq whitespace-check-buffer-indent indent-tabs-mode)
+          (setq whitespace-check-buffer-spacetab t)))
+    (message "Cleaning whitespace...")
+    (whitespace-cleanup)))
+
+(while command-line-args-left
+  (let ((filename (car command-line-args-left))
+        ;; No backup files; we have version control.
+        (make-backup-files nil))
+    (find-file filename)
+    (message "Read %s." filename)
+
+    (if (not indent-tabs-mode)
+        (progn
+          (message "Untabifying...")
+          (untabify (point-min) (point-max))))
+
+    ;; Only reindent if the file C style is guessed to be "krb5".
+    ;; Note that krb5-c-style.el already has a heuristic for setting
+    ;; the C style if the file has "c-basic-offset: 4;
+    ;; indent-tabs-mode: nil".
+    (if (equal c-indentation-style "krb5")
+        (c-indent-region (point-min) (point-max)))
+
+    (if (fboundp 'whitespace-newline-mode)
+        (whitespace-new)
+      (whitespace-old))
+
+    (save-buffer)
+    (kill-buffer nil)
+    (setq command-line-args-left (cdr command-line-args-left))))
diff --git a/krb5-1.21.3/src/util/krb5-c-style.el b/krb5-1.21.3/src/util/krb5-c-style.el
new file mode 100644
index 00000000..f9979171
--- /dev/null
+++ b/krb5-1.21.3/src/util/krb5-c-style.el
@@ -0,0 +1,55 @@
+;;; -*- mode: emacs-lisp; indent-tabs-mode: nil -*-
+(defconst krb5-c-style
+  '("bsd"
+    (c-basic-offset     . 4)
+    (c-cleanup-list     . (brace-elseif-brace
+                           brace-else-brace
+                           defun-close-semi))
+    (c-comment-continuation-stars       . "* ")
+    (c-comment-only-line-offset . 0)
+    (c-electric-pound-behavior  . (alignleft))
+    (c-hanging-braces-alist     . ((block-close . c-snug-do-while)
+                                   (brace-list-open)
+                                   (class-open after)
+                                   (extern-lang-open after)
+                                   (substatement-open after)))
+    (c-hanging-colons-alist     . ((case-label after)
+                                   (label after)))
+    (c-hanging-comment-starter-p        . nil)
+    (c-hanging-comment-ender-p          . nil)
+    (c-indent-comments-syntactically-p  . t)
+    (c-label-minimum-indentation        . 0)
+    (c-offsets-alist    . ((inextern-lang . 0)
+                           (arglist-close . 0)))
+    (c-special-indent-hook      . nil)
+    (fill-column                . 79)))
+
+;; Use eval-after-load rather than c-initialization-hook; this ensures
+;; that the style gets defined even if a user loads this file after
+;; initializing cc-mode.
+(eval-after-load 'cc-mode (c-add-style "krb5" krb5-c-style))
+
+;; We don't use a c-file-style file-local variable setting in our
+;; source code, to avoid errors for emacs users who don't define the
+;; "krb5" style.  Instead, use this heuristic.
+;;
+;; TODO: modify to also look for unique files in the source tree.
+(defun krb5-c-mode-hook ()
+  (if (and (eq major-mode 'c-mode)
+           (eq c-basic-offset 4)
+           (eq indent-tabs-mode nil))
+      (c-set-style "krb5")))
+
+;; (add-hook 'c-mode-common-hook 'krb5-c-mode-hook)
+
+;; Use hack-local-variables-hook because the c-mode hooks run before
+;; hack-local-variables runs.
+(add-hook 'hack-local-variables-hook 'krb5-c-mode-hook)
+
+;; emacs-23.x has a buggy cc-mode that incorrectly deals with case
+;; labels with character constants.
+(if (and (string-match "^23\\." emacs-version)
+         (require 'cc-defs)
+         (string-match "5\\.31\\.[0-7]" c-version))
+    (let ((load-path (cons (file-name-directory load-file-name) load-path)))
+      (load "krb5-hack-cc-mode-caselabel")))
diff --git a/krb5-1.21.3/src/util/krb5-check-copyright.py b/krb5-1.21.3/src/util/krb5-check-copyright.py
new file mode 100644
index 00000000..5439a8ae
--- /dev/null
+++ b/krb5-1.21.3/src/util/krb5-check-copyright.py
@@ -0,0 +1,105 @@
+# Copyright (C) 2011 by the Massachusetts Institute of Technology.
+# All rights reserved.
+#
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+# This program is intended to be used by "make check-copyright".  It
+# checks for violations of the coding standards related to copyright
+# and license statements in source code comments.
+
+import os
+import sys
+import re
+
+def warn(fname, ln, msg):
+    print('%s: %d: %s' % (fname, ln + 1, msg))
+
+def indicates_license(line):
+    return 'Copyright' in line or 'COPYRIGHT' in line or 'License' in line
+
+# Check a comment for boilerplate violations.  Return true if the comment
+# is a license statement.
+def check_comment(comment, fname, ln, code_seen, nonlicense_seen):
+    text_seen = False
+    is_license = False
+    for line in comment:
+        if not is_license and indicates_license(line):
+            is_license = True
+            if text_seen:
+                warn(fname, ln, 'License begins after first line of comment')
+            elif code_seen:
+                warn(fname, ln, 'License after code')
+            elif nonlicense_seen:
+                warn(fname, ln, 'License after non-license comments')
+            break
+        # DB2 licenses start with '/*-' and we don't want to change them.
+        if line != '' and line != '-':
+            text_seen = True
+    return is_license
+
+def check_file(lines, fname):
+    # Skip emacs mode line if present.
+    ln = 0
+    if '-*- mode: c;' in lines[ln]:
+        ln += 1
+
+    # Check filename comment if present.
+    m = re.match(r'/\* ([^ ]*)( - .*)? \*/', lines[ln])
+    if m:
+        if m.group(1) != fname:
+            warn(fname, ln, 'Wrong filename in comment')
+        ln += 1
+
+    # Scan for license statements.
+    in_comment = False
+    code_seen = False
+    nonlicense_seen = False
+    for line in lines[ln:]:
+        # Strip out whitespace and comments contained within a line.
+        if not in_comment:
+            line = re.sub(r'/\*.*?\*/', '', line)
+        line = line.strip()
+
+        if not in_comment and '/*' in line:
+            (line, sep, comment_part) = line.partition('/*')
+            comment = [comment_part.strip()]
+            comment_starts_at = ln
+            in_comment = True
+        elif in_comment and '*/' not in line:
+            comment.append(line.lstrip('*').lstrip())
+        elif in_comment:
+            (comment_part, sep, line) = line.partition('*/')
+            comment.append(comment_part.strip())
+            is_license = check_comment(comment, fname, comment_starts_at,
+                                       code_seen, nonlicense_seen)
+            nonlicense_seen = nonlicense_seen or not is_license
+            in_comment = False
+        elif line.strip() != '':
+            code_seen = True
+
+        ln += 1
+
+for fname in sys.argv[1:]:
+    if fname.startswith('./'):
+        fname = fname[2:]
+    f = open(fname)
+    lines = f.readlines()
+    f.close()
+    check_file(lines, fname)
diff --git a/krb5-1.21.3/src/util/krb5-hack-cc-mode-caselabel.el b/krb5-1.21.3/src/util/krb5-hack-cc-mode-caselabel.el
new file mode 100644
index 00000000..4857c535
--- /dev/null
+++ b/krb5-1.21.3/src/util/krb5-hack-cc-mode-caselabel.el
@@ -0,0 +1,44 @@
+;;; -*- mode: emacs-lisp; indent-tabs-mode: nil -*-
+
+;; emacs-23.x has a bug in cc-mode that that incorrectly deals with
+;; case labels with character constants.
+
+(require 'cl)
+(require 'cc-defs)
+(require 'cc-vars)
+(require 'cc-langs)
+
+;; Hack load-in-progress to silence the c-lang-defconst error.  For
+;; some reason, load-in-progress is nil at some times when it
+;; shouldn't be, at least on released emacs-23.1.1.
+(let ((load-in-progress t))
+
+  ;; Updated c-nonlabel-token-key based on cc-langs.el 5.267.2.22, to
+  ;; allow character constants in case labels.
+  (c-lang-defconst c-nonlabel-token-key
+    "Regexp matching things that can't occur in generic colon labels,
+neither in a statement nor in a declaration context.  The regexp is
+tested at the beginning of every sexp in a suspected label,
+i.e. before \":\".  Only used if `c-recognize-colon-labels' is set."
+    t (concat
+       ;; Don't allow string literals.
+       "\"\\|"
+       ;; All keywords except `c-label-kwds' and `c-protection-kwds'.
+       (c-make-keywords-re t
+         (set-difference (c-lang-const c-keywords)
+                         (append (c-lang-const c-label-kwds)
+                                 (c-lang-const c-protection-kwds))
+                         :test 'string-equal)))
+    ;; Also check for open parens in C++, to catch member init lists in
+    ;; constructors.  We normally allow it so that macros with arguments
+    ;; work in labels.
+    c++ (concat "\\s\(\\|" (c-lang-const c-nonlabel-token-key)))
+  (c-lang-defvar c-nonlabel-token-key (c-lang-const c-nonlabel-token-key))
+
+  ;; Monkey-patch by way of c-mode-common-hook, as the byte-compiled
+  ;; version of c-init-language-vars will have the old value.  This
+  ;; avoids finding some way to re-evaluate the defun for
+  ;; c-init-language-vars.
+  (defun krb5-c-monkey-patch-caselabel ()
+    (setq c-nonlabel-token-key (c-lang-const c-nonlabel-token-key)))
+  (add-hook 'c-mode-common-hook 'krb5-c-monkey-patch-caselabel))
diff --git a/krb5-1.21.3/src/util/krb5-mark-cstyle.py b/krb5-1.21.3/src/util/krb5-mark-cstyle.py
new file mode 100644
index 00000000..a9169043
--- /dev/null
+++ b/krb5-1.21.3/src/util/krb5-mark-cstyle.py
@@ -0,0 +1,47 @@
+from optparse import OptionParser
+import os
+import re
+import sys
+
+styles = {
+    "bsd":
+        "/* -*- mode: c; c-file-style: \"bsd\"; indent-tabs-mode: t -*- */\n",
+    "krb5":
+        "/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */\n"
+    }
+
+def dofile(fname, style):
+    changed = False
+    newname = fname + ".new"
+    infile = open(fname)
+    outfile = open(newname, "w")
+    first = next(infile)
+    if (first != style):
+        changed = True
+        outfile.write(style)
+        if re.match(r"""\s*/\*\s*-\*-.*-\*-\s*\*/""", first):
+            # Replace first line if it was already a local variables line.
+            pass
+        else:
+            outfile.write(first)
+
+        # Simply copy remaining lines.
+        for line in infile:
+            outfile.write(line)
+
+    infile.close()
+    outfile.close()
+
+    if changed:
+        os.rename(newname, fname)
+    else:
+        os.remove(newname)
+
+parser = OptionParser()
+parser.add_option("--cstyle", action="store", dest="style",
+                  choices=("bsd", "krb5"), default="krb5")
+(options, args) = parser.parse_args()
+
+for fname in args:
+    print(fname)
+    dofile(fname, styles[options.style])
diff --git a/krb5-1.21.3/src/util/krb5-send-pr.sh b/krb5-1.21.3/src/util/krb5-send-pr.sh
new file mode 100755
index 00000000..9b506e43
--- /dev/null
+++ b/krb5-1.21.3/src/util/krb5-send-pr.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+cat <<EOF
+Please send email to krb5-bugs@mit.edu to report bugs.
+
+It is helpful to include the Kerberos version and operating system
+information with your bug report.  Please note that bug reports are
+public; if you are reporting a security vulnerability, send mail to
+krbcore-security@mit.edu instead, ideally using PGP encryption.
+EOF
diff --git a/krb5-1.21.3/src/util/ktemplate.pm b/krb5-1.21.3/src/util/ktemplate.pm
new file mode 100644
index 00000000..a2f51680
--- /dev/null
+++ b/krb5-1.21.3/src/util/ktemplate.pm
@@ -0,0 +1,74 @@
+# -*- perl -*-
+
+sub usage {
+    print STDERR "usage: $0 -oOutputFile PARM=value ...\n";
+    print STDERR "  where acceptable PARM values are:\n";
+    print STDERR "\t", join(' ', @parms), "\n";
+    exit(1);
+}
+
+%parm = ();
+sub run {
+    my $arg;
+    my $outfile;
+    my %allowed_parms = ();
+
+    foreach $arg (@parms) { $allowed_parms{$arg} = 1; }
+
+    foreach $arg (@ARGV) {
+	if ($arg =~ /^-o./) {
+	    if (defined $outfile) {
+		die "$0: Output file specified multiple times\n";
+	    }
+	    $outfile = substr($arg, 2);
+	} else {
+	    my @words = split '=', $arg;
+	    if ($#words != 1) {
+		print STDERR "$0: $arg : #words = $#words\n";
+		&usage;
+	    }
+	    if (!defined $allowed_parms{$words[0]}) {
+		print STDERR "$0: Unknown parameter $words[0]\n";
+		&usage;
+	    }
+	    $parm{$words[0]} = $words[1];
+	}
+    }
+    my $p;
+    my $subst = "";
+    #print "Keys defined: ", join(' ', keys %parm), "\n";
+    foreach $p (@parms) {
+	if (!defined $parm{$p}) {
+	    die "$0: No value supplied for parameter $p\n";
+	}
+	# XXX More careful quoting of supplied value!
+	$subst .= "\t\$a =~ s|<$p>|$parm{$p}|go;\n";
+    }
+    $subst = "sub do_substitution {\n"
+	. "\tmy(\$a) = \@_;\n"
+	. $subst
+	. "\treturn \$a;\n"
+	. "}\n"
+	. "1;";
+    eval $subst || die;
+    if (defined $outfile) {
+	open OUTFILE, ">$outfile" || die;
+    } else {
+	print STDERR "$0: No output file specified.\n";
+	&usage;
+    }
+    print OUTFILE "/*\n";
+    print OUTFILE " * This file is generated, please don't edit it.\n";
+    print OUTFILE " * script: $0\n";
+    print OUTFILE " * args:\n *\t", join("\n *\t", @ARGV), "\n";
+    print OUTFILE " * The rest of this file is copied from a template, with\n";
+    print OUTFILE " * substitutions.  See the template for copyright info.\n";
+    print OUTFILE " */\n";
+    while (<DATA>) {
+	print OUTFILE &do_substitution($_);
+    }
+    close OUTFILE;
+    exit (0);
+}
+
+1;
diff --git a/krb5-1.21.3/src/util/lndir b/krb5-1.21.3/src/util/lndir
new file mode 100755
index 00000000..31566c6b
--- /dev/null
+++ b/krb5-1.21.3/src/util/lndir
@@ -0,0 +1,103 @@
+#! /bin/sh
+
+# lndir - create shadow link tree
+#
+# Time stamp <89/11/28 18:56:54 gildea>
+# By Stephen Gildea <gildea@bbn.com> based on
+#  XConsortium: lndir.sh,v 1.1 88/10/20 17:37:16 jim Exp
+#
+# Used to create a copy of the a directory tree that has links for all non-
+# directories (except those named RCS).  If you are building the distribution
+# on more than one machine, you should use this script.
+#
+# If your master sources are located in /usr/local/src/X and you would like
+# your link tree to be in /usr/local/src/new-X, do the following:
+#
+# 	%  mkdir /usr/local/src/new-X
+#	%  cd /usr/local/src/new-X
+# 	%  lndir ../X
+#
+# Note: does not link files beginning with "."  Is this a bug or a feature?
+#
+# Improvements over R3 version:
+#   Allows the fromdir to be relative: usually you want to say "../dist"
+#   The name is relative to the todir, not the current directory.
+#
+# Bugs in R3 version fixed:
+#   Do "pwd" command *after* "cd $DIRTO".
+#   Don't try to link directories, avoiding error message "<dir> exists".
+#   Barf with Usage message if either DIRFROM *or* DIRTO is not a directory.
+
+USAGE="Usage: $0 fromdir [todir]"
+
+case $0 in 
+/*) lndir=$0 ;;
+*/*) lndir=`pwd`/$0 ;;
+*) lndir=$0 ;;
+esac
+
+if [ $# -lt 1 -o $# -gt 2 ]
+then
+	echo "$USAGE"
+	exit 1
+fi
+
+DIRFROM=$1
+
+if [ $# -eq 2 ];
+then
+	DIRTO=$2
+else
+	DIRTO=.
+fi
+
+if [ ! -d $DIRTO ]
+then
+	echo "$0: $DIRTO is not a directory"
+	echo "$USAGE"
+	exit 2
+fi
+
+cd $DIRTO
+
+if [ ! -d $DIRFROM ]
+then
+	echo "$0: $DIRFROM is not a directory"
+	echo "$USAGE"
+	exit 2
+fi
+
+pwd=`pwd`
+
+if [ `(cd $DIRFROM; pwd)` = $pwd ]
+then
+	echo "$pwd: FROM and TO are identical!"
+	exit 1
+fi
+
+for file in `ls -a $DIRFROM`
+do
+	if [ ! -d $DIRFROM/$file ]
+	then
+		ln -s $DIRFROM/$file .
+	else
+	       if [ $file != RCS -a $file != CVS -a $file != . -a $file != .. ]
+		then
+			echo $file:
+			mkdir $file
+			(cd $file
+			 pwd=`pwd`
+			 case "$DIRFROM" in
+				 /*) ;;
+				 *)  DIRFROM=../$DIRFROM ;;
+			 esac
+			 if [ `(cd $DIRFROM/$file; pwd)` = $pwd ]
+			 then
+				echo "$pwd: FROM and TO are identical!"
+				exit 1
+			 fi
+			 $lndir $DIRFROM/$file
+			)
+		fi
+	fi
+done
diff --git a/krb5-1.21.3/src/util/mkrel b/krb5-1.21.3/src/util/mkrel
new file mode 100755
index 00000000..1bef059c
--- /dev/null
+++ b/krb5-1.21.3/src/util/mkrel
@@ -0,0 +1,221 @@
+#!/bin/sh
+set -e
+repository=git.mit.edu:/git/krb5.git
+dodoc=t
+dosrc=t
+checkout=t
+multitar=nil
+: ${TAR=tar}
+while test $# -gt 2; do
+	case $1 in
+	--srconly)
+		dodoc=nil;;
+	--doconly)
+		dosrc=nil;;
+	--multi*)
+		multitar=t;;
+	--repository)
+		shift; repository=$1;;
+	--nocheckout)
+		checkout=nil;;
+	esac
+	shift
+done
+if test $# -lt 2; then
+	echo "usage: $0 [opts] release-tag release-dir"
+	echo "	release-tag is relative to $repository/"
+	exit 1
+fi
+
+reltag=$1
+reldir=$2
+
+relmajor=0
+relminor=0
+relpatch=0
+relhead=
+# reltail=
+reldate=`date +%Y%m%d`
+
+case "$reldir" in
+*/*)
+	echo "release-dir may not contain slashes."
+	exit 1
+	;;
+*" "*|*"	"*)
+	echo "release-dir may  not contain whitespace."
+	exit 1
+	;;
+krb5-*.*.*-*)
+	release=`echo $reldir|sed -e 's/krb5-//'`
+	relhead=`echo $release|sed -e 's/-.*//'`
+	reltail=`echo $release|sed -e 's/.*-//'`
+	relmajor=`echo $relhead|awk -F. '{print $1}'`
+	relminor=`echo $relhead|awk -F. '{print $2}'`
+	relpatch=`echo $relhead|awk -F. '{print $3}'`
+	;;
+krb5-*.*.*)
+	release=`echo $reldir|sed -e 's/krb5-//'`
+	relmajor=`echo $release|awk -F. '{print $1}'`
+	relminor=`echo $release|awk -F. '{print $2}'`
+	relpatch=`echo $release|awk -F. '{print $3}'`
+	;;
+krb5-*.*-current)
+	release=`echo $reldir|sed -e 's/krb5-//'`
+	relhead=`echo $release|sed -e 's/-.*//'`
+	relmajor=`echo $relhead|awk -F. '{print $1}'`
+	relminor=`echo $relhead|awk -F. '{print $2}'`
+	release=${relhead}-$reldate
+	;;
+krb5-*.*-*)
+	release=`echo $reldir|sed -e 's/krb5-//'`
+	relhead=`echo $release|sed -e 's/-.*//'`
+	reltail=`echo $release|sed -e 's/.*-//'`
+	relmajor=`echo $relhead|awk -F. '{print $1}'`
+	relminor=`echo $relhead|awk -F. '{print $2}'`
+	;;
+krb5-*.*)
+	release=`echo $reldir|sed -e 's/krb5-//'`
+	relmajor=`echo $release|awk -F. '{print $1}'`
+	relminor=`echo $release|awk -F. '{print $2}'`
+	;;
+krb5-current)
+	release=current-$reldate
+	;;
+*)
+	release="$reldir"
+	;;
+esac
+
+echo "release=$release"
+echo "major=$relmajor minor=$relminor patch=$relpatch"
+
+# $release is used for send-pr
+# $reltag, $release, $reldate are used for brand.c currently
+# $relmajor, $relminor, $relpatch are used for patchlevel.h currently
+
+if test $checkout = t; then
+	echo "Checking out krb5 with tag $reltag into directory $reldir..."
+	git clone -q -n $repository $reldir
+	(cd $reldir && git checkout -q $reltag)
+fi
+
+#
+# $newstyle = t if patchlevel.h is the master version stamp file.  If
+# so, we don't edit it here.
+#
+if grep KRB5_RELDATE $reldir/src/patchlevel.h > /dev/null 2>&1; then
+	newstyle=t;
+else
+	newstyle=nil;
+fi
+
+if test $newstyle = t; then
+	echo "parsing new style patchlevel.h..."
+	eval `sed -n 's/#define \([A-Z0-9_]*\)[ \t]*\(.*\)/\1=\2/p' < $reldir/src/patchlevel.h`
+	if test "$KRB5_RELTAG" != $reltag && \
+		test "$KRB5_RELTAG" != `echo $reltag|sed 's%[^/]*/%%'` ; then
+		echo "WARNING: patchlevel.h '$KRB5_RELTAG' != $reltag"
+	fi
+	if test "$KRB5_MAJOR_RELEASE" != "$relmajor" || \
+		test "$KRB5_MINOR_RELEASE" != "$relminor" || \
+		test "$KRB5_PATCHLEVEL" != "$relpatch" || \
+		( test -n "$reltail" && \
+			test "$KRB5_RELTAIL" != "$reltail" ); then
+
+		echo "WARNING: patchlevel.h $KRB5_MAJOR_RELEASE.$KRB5_MINOR_RELEASE.$KRB5_PATCHLEVEL${KRB5_RELTAIL+-$KRB5_RELTAIL} != $relmajor.$relminor.$relpatch${reltail+-$reltail}"
+	fi
+else
+	echo "old style patchlevel.h"
+fi
+
+echo "Editing release-specific files..."
+
+if test $newstyle = t; then 
+	(cd $reldir/src && \
+		sed -e '/#[a-z 	]*KRB5_RELDATE/c\
+#define KRB5_RELDATE "'"$reldate"'"' patchlevel.h > patchlevel.h.new && \
+		mv patchlevel.h.new patchlevel.h)
+else
+
+	(cd $reldir/src/lib/krb5/krb && \
+		sed -e '/static/s%KRB5_BRAND:[^"]*"%'"KRB5_BRAND: $reltag $release $reldate"'"%' \
+			brand.c > brand.c.new && mv brand.c.new brand.c; \
+		rm -f brand.c.new)
+
+	(cd $reldir/src/util/send-pr && \
+		sed -e 's%RELEASE=.*%RELEASE='"krb5-$release"'%' Makefile.in \
+			> Makefile.in.new && mv Makefile.in.new Makefile.in)
+
+	(cd $reldir/src && \
+		cat > patchlevel.h <<EOF
+#define KRB5_MAJOR_RELEASE $relmajor
+#define KRB5_MINOR_RELEASE $relminor
+#define KRB5_PATCHLEVEL    $relpatch
+EOF
+	)
+fi
+
+if test $dosrc = t; then
+	if test -d $reldir/src/util/autoconf; then
+		echo "Building autoconf..."
+		(cd $reldir/src/util/autoconf
+			M4=gm4 ./configure
+			make)
+	fi
+	echo "Creating configure scripts..."
+	(cd $reldir/src; autoreconf -v)
+
+	if test -d $reldir/src/util/autoconf; then
+		echo "Cleaning src/util/autoconf..."
+		(cd $reldir/src/util/autoconf; make distclean)
+	fi
+fi
+
+echo "Nuking unneeded files..."
+find $reldir \( -name TODO -o -name todo -o -name .cvsignore \
+	-o -name .gitignore -o -name BADSYMS -o -name .Sanitize \
+	-o -name .rconf \) -print | xargs rm -f || true
+find $reldir -depth -type d \( -name autom4te.cache \
+	-o -name \$ac_config_fragdir \) -exec rm -rf {} \; || true
+rm -rf $reldir/.git || true
+
+if test $dodoc = t; then
+	echo "Building doc..."
+	(cd $reldir/src/doc && make -f Makefile.in \
+	    top_srcdir=.. srcdir=. SPHINX_ARGS=-W PYTHON=python3 html pdf)
+	(cd $reldir/src/doc && make -f Makefile.in \
+	    top_srcdir=.. srcdir=. SPHINX_ARGS=-W PYTHON=python3 clean)
+fi
+
+echo "Generating tarfiles..."
+GZIP=-9; export GZIP
+if test $multitar = t; then
+	if test -d $reldir/src/lib/des425; then
+		des425=$reldir/src/lib/des425
+	fi
+	if test -f $reldir/NOTICE;
+		then notice=$reldir/NOTICE
+	fi
+	if test $dosrc = t; then
+		$TAR --exclude $reldir/src/lib/crypto \
+			--exclude $reldir/src/lib/des425 \
+			--exclude $reldir/doc \
+			-zcf ${reldir}.src.tar.gz $reldir
+
+		$TAR zcf ${reldir}.crypto.tar.gz \
+			$reldir/src/lib/crypto \
+			$des425
+	fi
+	if test $dodoc = t; then
+		$TAR zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README $notice
+	fi
+	ls -l ${reldir}.*.tar.gz
+fi
+
+$TAR zcf ${reldir}.tar.gz $reldir
+ls -l ${reldir}.tar.gz
+
+echo "Done."
+
+exit 0
diff --git a/krb5-1.21.3/src/util/princflags.py b/krb5-1.21.3/src/util/princflags.py
new file mode 100644
index 00000000..f645e86e
--- /dev/null
+++ b/krb5-1.21.3/src/util/princflags.py
@@ -0,0 +1,266 @@
+import re
+
+# Module for translating KDB principal flags between string and
+# integer forms.
+#
+# When run as a standalone script, print out C tables to insert into
+# lib/kadm5/str_conv.c.
+
+# KDB principal flag definitions copied from kdb.h
+
+KRB5_KDB_DISALLOW_POSTDATED     = 0x00000001
+KRB5_KDB_DISALLOW_FORWARDABLE   = 0x00000002
+KRB5_KDB_DISALLOW_TGT_BASED     = 0x00000004
+KRB5_KDB_DISALLOW_RENEWABLE     = 0x00000008
+KRB5_KDB_DISALLOW_PROXIABLE     = 0x00000010
+KRB5_KDB_DISALLOW_DUP_SKEY      = 0x00000020
+KRB5_KDB_DISALLOW_ALL_TIX       = 0x00000040
+KRB5_KDB_REQUIRES_PRE_AUTH      = 0x00000080
+KRB5_KDB_REQUIRES_HW_AUTH       = 0x00000100
+KRB5_KDB_REQUIRES_PWCHANGE      = 0x00000200
+KRB5_KDB_DISALLOW_SVR           = 0x00001000
+KRB5_KDB_PWCHANGE_SERVICE       = 0x00002000
+KRB5_KDB_SUPPORT_DESMD5         = 0x00004000
+KRB5_KDB_NEW_PRINC              = 0x00008000
+KRB5_KDB_OK_AS_DELEGATE         = 0x00100000
+KRB5_KDB_OK_TO_AUTH_AS_DELEGATE = 0x00200000
+KRB5_KDB_NO_AUTH_DATA_REQUIRED  = 0x00400000
+KRB5_KDB_LOCKDOWN_KEYS          = 0x00800000
+
+# Input tables -- list of tuples of the form (name, flag, invert)
+
+# Input forms from kadmin.c
+_kadmin_pflags = [
+    ("allow_postdated",         KRB5_KDB_DISALLOW_POSTDATED,    True),
+    ("allow_forwardable",       KRB5_KDB_DISALLOW_FORWARDABLE,  True),
+    ("allow_tgs_req",           KRB5_KDB_DISALLOW_TGT_BASED,    True),
+    ("allow_renewable",         KRB5_KDB_DISALLOW_RENEWABLE,    True),
+    ("allow_proxiable",         KRB5_KDB_DISALLOW_PROXIABLE,    True),
+    ("allow_dup_skey",          KRB5_KDB_DISALLOW_DUP_SKEY,     True),
+    ("allow_tix",               KRB5_KDB_DISALLOW_ALL_TIX,      True),
+    ("requires_preauth",        KRB5_KDB_REQUIRES_PRE_AUTH,     False),
+    ("requires_hwauth",         KRB5_KDB_REQUIRES_HW_AUTH,      False),
+    ("needchange",              KRB5_KDB_REQUIRES_PWCHANGE,     False),
+    ("allow_svr",               KRB5_KDB_DISALLOW_SVR,          True),
+    ("password_changing_service", KRB5_KDB_PWCHANGE_SERVICE,    False),
+    ("support_desmd5",          KRB5_KDB_SUPPORT_DESMD5,        False),
+    ("ok_as_delegate",          KRB5_KDB_OK_AS_DELEGATE,        False),
+    ("ok_to_auth_as_delegate",  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, False),
+    ("no_auth_data_required",   KRB5_KDB_NO_AUTH_DATA_REQUIRED, False),
+    ("lockdown_keys",           KRB5_KDB_LOCKDOWN_KEYS,         False),
+]
+
+# Input forms from lib/kadm5/str_conv.c
+_strconv_pflags = [
+    ("postdateable",            KRB5_KDB_DISALLOW_POSTDATED,    True),
+    ("forwardable",             KRB5_KDB_DISALLOW_FORWARDABLE,  True),
+    ("tgt-based",               KRB5_KDB_DISALLOW_TGT_BASED,    True),
+    ("renewable",               KRB5_KDB_DISALLOW_RENEWABLE,    True),
+    ("proxiable",               KRB5_KDB_DISALLOW_PROXIABLE,    True),
+    ("dup-skey",                KRB5_KDB_DISALLOW_DUP_SKEY,     True),
+    ("allow-tickets",           KRB5_KDB_DISALLOW_ALL_TIX,      True),
+    ("preauth",                 KRB5_KDB_REQUIRES_PRE_AUTH,     False),
+    ("hwauth",                  KRB5_KDB_REQUIRES_HW_AUTH,      False),
+    ("ok-as-delegate",          KRB5_KDB_OK_AS_DELEGATE,        False),
+    ("pwchange",                KRB5_KDB_REQUIRES_PWCHANGE,     False),
+    ("service",                 KRB5_KDB_DISALLOW_SVR,          True),
+    ("pwservice",               KRB5_KDB_PWCHANGE_SERVICE,      False),
+    ("md5",                     KRB5_KDB_SUPPORT_DESMD5,        False),
+    ("ok-to-auth-as-delegate",  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, False),
+    ("no-auth-data-required",   KRB5_KDB_NO_AUTH_DATA_REQUIRED, False),
+    ("lockdown-keys",           KRB5_KDB_LOCKDOWN_KEYS,         False),
+]
+
+# kdb.h symbol prefix
+_prefix = 'KRB5_KDB_'
+_prefixlen = len(_prefix)
+
+# Names of flags, as printed by kadmin (derived from kdb.h symbols).
+# To be filled in by _setup_tables().
+_flagnames = {}
+
+# Translation table to map hyphens to underscores
+_squash = str.maketrans('-', '_')
+
+# Combined input-to-flag lookup table, to be filled in by
+# _setup_tables()
+pflags = {}
+
+# Tables of ftuples, to be filled in by _setup_tables()
+kadmin_ftuples = []
+strconv_ftuples = []
+sym_ftuples = []
+all_ftuples = []
+
+# Inverted table to look up ftuples by flag value, to be filled in by
+# _setup_tables()
+kadmin_itable = {}
+strconv_itable = {}
+sym_itable = {}
+
+
+# Bundle some methods that are useful for writing tests.
+class Ftuple(object):
+    def __init__(self, name, flag, invert):
+        self.name = name
+        self.flag = flag
+        self.invert = invert
+
+    def __repr__(self):
+        return "Ftuple" + str((self.name, self.flag, self.invert))
+
+    def flagname(self):
+        return _flagnames[self.flag]
+
+    def setspec(self):
+        return ('-' if self.invert else '+') + self.name
+
+    def clearspec(self):
+        return ('+' if self.invert else '-') + self.name
+
+    def spec(self, doset):
+        return self.setspec() if doset else self.clearspec()
+
+
+def _setup_tables():
+    # Filter globals for 'KRB5_KDB_' prefix to create lookup tables.
+    # Make the reasonable assumption that the Python runtime doesn't
+    # define any names with that prefix by default.
+    global _flagnames
+    for k, v in globals().items():
+        if k.startswith(_prefix):
+            _flagnames[v] = k[_prefixlen:]
+
+    # Construct an input table based on kdb.h constant names by
+    # truncating the "KRB5_KDB_" prefix and downcasing.
+    sym_pflags = []
+    for v, k in sorted(_flagnames.items()):
+        sym_pflags.append((k.lower(), v, False))
+
+    global kadmin_ftuples, strconv_ftuples, sym_ftuples, all_ftuples
+    for x in _kadmin_pflags:
+        kadmin_ftuples.append(Ftuple(*x))
+    for x in _strconv_pflags:
+        strconv_ftuples.append(Ftuple(*x))
+    for x in sym_pflags:
+        sym_ftuples.append(Ftuple(*x))
+    all_ftuples = kadmin_ftuples + strconv_ftuples + sym_ftuples
+
+    # Populate combined input-to-flag lookup table.  This will
+    # eliminate some duplicates.
+    global pflags
+    for x in all_ftuples:
+        name = x.name.translate(_squash)
+        pflags[name] = x
+
+    global kadmin_itable, strconv_itable, sym_itable
+    for x in kadmin_ftuples:
+        kadmin_itable[x.flag] = x
+    for x in strconv_ftuples:
+        strconv_itable[x.flag] = x
+    for x in sym_ftuples:
+        sym_itable[x.flag] = x
+
+
+# Convert the bit number of a flag to a string.  Remove the
+# 'KRB5_KDB_' prefix.  Give an 8-digit hexadecimal number if the flag
+# is unknown.
+def flagnum2str(n):
+    s = _flagnames.get(1 << n)
+    if s is None:
+        return "0x%08x" % ((1 << n) & 0xffffffff)
+    return s
+
+
+# Return a list of flag names from a flag word.
+def flags2namelist(flags):
+    a = []
+    for n in range(32):
+        if flags & (1 << n):
+            a.append(flagnum2str(n))
+    return a
+
+
+# Given a single specifier in the form {+|-}flagname, return a tuple
+# of the form (flagstoset, flagstoclear).
+def flagspec2mask(s):
+    req_neg = False
+    if s[0] == '-':
+        req_neg = True
+        s = s[1:]
+    elif s[0] == '+':
+        s = s[1:]
+
+    s = s.lower().translate(_squash)
+    x = pflags.get(s)
+    if x is not None:
+        flag, invert = x.flag, x.invert
+    else:
+        # Maybe it's a hex number.
+        if not s.startswith('0x'):
+            raise ValueError
+        flag, invert = int(s, 16), False
+
+    if req_neg:
+        invert = not invert
+    return (0, ~flag) if invert else (flag, ~0)
+
+
+# Given a string containing a space/comma separated list of specifiers
+# of the form {+|-}flagname, return a tuple of the form (flagstoset,
+# flagstoclear).  This shares the same limitation as
+# kadm5int_acl_parse_restrictions() of losing the distinction between
+# orderings when the same flag bit appears in both the positive and
+# the negative sense.
+def speclist2mask(s):
+    toset, toclear = (0, ~0)
+    for x in re.split('[\t, ]+', s):
+        fset, fclear = flagspec2mask(x)
+        toset |= fset
+        toclear &= fclear
+
+    return toset, toclear
+
+
+# Print C table of input flag specifiers for lib/kadm5/str_conv.c.
+def _print_ftbl():
+    print('static const struct flag_table_row ftbl[] = {')
+    a = sorted(pflags.items(), key=lambda k, v: (v.flag, -v.invert, k))
+    for k, v in a:
+        s1 = '    {"%s",' % k
+        s2 = '%-31s KRB5_KDB_%s,' % (s1, v.flagname())
+        print('%-63s %d},' % (s2, 1 if v.invert else 0))
+
+    print('};')
+    print('#define NFTBL (sizeof(ftbl) / sizeof(ftbl[0]))')
+
+
+# Print C table of output flag names for lib/kadm5/str_conv.c.
+def _print_outflags():
+    print('static const char *outflags[] = {')
+    for i in range(32):
+        flag = 1 << i
+        if flag > max(_flagnames.keys()):
+            break
+        try:
+            s = '    "%s",' % _flagnames[flag]
+        except KeyError:
+            s = '    NULL,'
+        print('%-32s/* 0x%08x */' % (s, flag))
+
+    print('};')
+    print('#define NOUTFLAGS (sizeof(outflags) / sizeof(outflags[0]))')
+
+
+# Print out C tables to insert into lib/kadm5/str_conv.c.
+def _main():
+    _print_ftbl()
+    print
+    _print_outflags()
+
+
+_setup_tables()
+
+
+if __name__ == '__main__':
+    _main()
diff --git a/krb5-1.21.3/src/util/profile/Makefile.in b/krb5-1.21.3/src/util/profile/Makefile.in
new file mode 100644
index 00000000..18c6d2dd
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/Makefile.in
@@ -0,0 +1,161 @@
+mydir=util$(S)profile
+BUILDTOP=$(REL)..$(S)..
+SUBDIRS=testmod
+PROG_LIBPATH=-L$(TOPLIBD) -L.
+##DOS##BUILDTOP = ..\..
+##DOS##OBJFILE=$(OUTPRE)profile.lst
+##DOS##LIBNAME=$(OUTPRE)profile.lib
+
+LOCALINCLUDES=-I.
+DEFINES=-DHAS_STDARG -DLIBDIR=\"$(KRB5_LIBDIR)\"
+
+STLIBOBJS = \
+	prof_tree.o \
+	prof_file.o \
+	prof_parse.o \
+	prof_get.o \
+	prof_set.o \
+	prof_err.o \
+	prof_init.o
+
+OBJS = $(OUTPRE)prof_tree.$(OBJEXT) \
+	$(OUTPRE)prof_file.$(OBJEXT) \
+	$(OUTPRE)prof_parse.$(OBJEXT) \
+	$(OUTPRE)prof_get.$(OBJEXT) \
+	$(OUTPRE)prof_set.$(OBJEXT) \
+	$(OUTPRE)prof_err.$(OBJEXT) \
+	$(OUTPRE)prof_init.$(OBJEXT)
+
+SRCS = $(srcdir)/prof_tree.c \
+	$(srcdir)/prof_file.c \
+	$(srcdir)/prof_parse.c \
+	$(srcdir)/prof_get.c \
+	$(srcdir)/prof_set.c \
+	prof_err.c \
+	$(srcdir)/prof_init.c
+
+EXTRADEPSRCS=$(srcdir)/test_load.c $(srcdir)/test_parse.c \
+	$(srcdir)/test_profile.c $(srcdir)/test_vtable.c $(srcdir)/t_profile.c
+
+DEPLIBS = $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+MLIBS = $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS)
+
+LIBBASE=profile
+LIBMAJOR=1
+LIBMINOR=1
+SHLIB_EXPDEPS = $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB)
+SHLIB_EXPLIBS = $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS)
+
+PROFILE_HDR=$(BUILDTOP)$(S)include$(S)profile.h
+
+all-unix: includes
+all-unix: all-libs
+all-windows: $(PROFILE_HDR)
+
+install-headers-unix: includes
+
+generate-files-mac: profile.h
+
+$(PROFILE_HDR): profile.h
+	$(CP) profile.h "$@"
+
+includes: $(PROFILE_HDR)
+
+clean-unix::
+	$(RM) $(BUILDTOP)/include/profile.h
+
+##DOS##LIBOBJS = $(OBJS)
+
+
+awk-windows:
+	$(AWK) -f $(BUILDTOP)/util/et/et_h.awk outfile=prof_err.h prof_err.et
+	$(AWK) -f $(BUILDTOP)/util/et/et_c.awk outfile=prof_err.c prof_err.et
+	if exist prof_err.h copy profile.hin+prof_err.h profile.h
+	if exist profile.h copy profile.h $(BUILDTOP)\include\profile.h
+
+test_parse: test_parse.$(OBJEXT) $(OBJS) $(DEPLIBS)
+	$(CC_LINK) -o test_parse test_parse.$(OBJEXT) $(OBJS) $(MLIBS)
+
+test_profile: test_profile.$(OBJEXT) argv_parse.$(OBJEXT) $(OBJS) $(DEPLIBS)
+	$(CC_LINK) -o test_profile test_profile.$(OBJEXT) \
+		argv_parse.$(OBJEXT) $(OBJS) $(MLIBS)
+
+test_vtable: test_vtable.$(OBJEXT) $(OBJS) $(DEPLIBS)
+	$(CC_LINK) -o test_vtable test_vtable.$(OBJEXT) $(OBJS) $(MLIBS)
+
+test_load: test_load.$(OBJEXT) $(OBJS) $(DEPLIBS)
+	$(CC_LINK) -o test_load test_load.$(OBJEXT) $(OBJS) $(MLIBS)
+
+t_profile: t_profile.$(OBJEXT) $(OBJS) $(DEPLIBS)
+	$(CC_LINK) -o $@ t_profile.$(OBJEXT) $(OBJS) $(MLIBS)
+
+modtest.conf:
+	echo "module `pwd`/testmod/proftest$(DYNOBJEXT):teststring" > $@
+
+.d: includes
+
+# NEED TO FIX!!
+$(OUTPRE)test_parse.exe: 
+	$(CC) $(CFLAGS2) -o test_parse.exe test_parse.c \
+		prof_parse.c prof_tree.c /link /stack:16384
+
+# NEED TO FIX!!
+$(OUTPRE)test_profile.exe: 
+	$(CC) $(CFLAGS2) -o test_profile.exe test_profile.c prof_init.c \
+		prof_file.c prof_parse.c prof_tree.c /link /stack:16384
+
+##DOS##!if 0
+profile.h: prof_err.h profile.hin
+	cat $(srcdir)/profile.hin prof_err.h > $@
+##DOS##!endif
+##DOS##profile.h: prof_err.h profile.hin
+##DOS##	copy /b profile.hin+prof_err.h $@
+
+prof_err.h: $(srcdir)/prof_err.et
+
+prof_err.c: $(srcdir)/prof_err.et
+
+prof_err.o: prof_err.c
+
+clean-unix:: clean-libs clean-libobjs
+	$(RM) $(PROGS) *.o *~ core prof_err.h profile.h prof_err.c
+	$(RM) test_load test_parse test_profile test_vtable t_profile
+	$(RM) modtest.conf testinc.ini testinc2.ini final.out test2* test3*
+	$(RM) -r test_include_dir
+
+clean-windows::
+	$(RM) $(PROFILE_HDR)
+
+check-unix: test_parse test_profile modtest.conf
+check-unix: test_vtable test_load t_profile
+	$(RUN_TEST) ./test_vtable
+	$(RUN_TEST) ./test_load
+	cp $(srcdir)/test.ini test2.ini
+	$(RUN_TEST) ./t_profile
+
+check-unix: check-unix-final
+
+F1=$(srcdir)/final1.ini
+F2=$(srcdir)/final2.ini
+F3=$(srcdir)/final3.ini
+F4=$(srcdir)/final4.ini
+F5=$(srcdir)/final5.ini
+QUERY=query section subsection key
+check-unix-final: test_profile
+	$(RM) final.out
+	(echo; $(RUN_TEST) ./test_profile $(F1):$(F1) $(QUERY)) > final.out
+	(echo; $(RUN_TEST) ./test_profile $(F2):$(F1) $(QUERY)) >> final.out
+	(echo; $(RUN_TEST) ./test_profile $(F3):$(F1) $(QUERY)) >> final.out
+	(echo; $(RUN_TEST) ./test_profile $(F4):$(F1) $(QUERY)) >> final.out
+	(echo; $(RUN_TEST) ./test_profile $(F5):$(F1) $(QUERY)) >> final.out
+	cmp final.out $(srcdir)/final.expected
+	$(RM) final.out
+
+check-windows: $(OUTPRE)test_profile.exe $(OUTPRE)test_parse.exe
+	$(RM) $(OUTPRE)*.obj
+	$(OUTPRE)test_parse test.ini
+
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/util/profile/argv_parse.c b/krb5-1.21.3/src/util/profile/argv_parse.c
new file mode 100644
index 00000000..aac1f458
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/argv_parse.c
@@ -0,0 +1,171 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1999 by Theodore Ts'o.
+ *
+ * Permission to use, copy, modify, and distribute this software for
+ * any purpose with or without fee is hereby granted, provided that
+ * the above copyright notice and this permission notice appear in all
+ * copies.  THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE
+ * AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  (Isn't
+ * it sick that the U.S. culture of lawsuit-happy lawyers requires
+ * this kind of disclaimer?)
+ */
+
+/*
+ * Version 1.1, modified 2/27/1999
+ *
+ * argv_parse.c --- utility function for parsing a string into a
+ *      argc, argv array.
+ *
+ * This file defines a function argv_parse() which parsing a
+ * passed-in string, handling double quotes and backslashes, and
+ * creates an allocated argv vector which can be freed using the
+ * argv_free() function.
+ *
+ * See argv_parse.h for the formal definition of the functions.
+ */
+
+#include "prof_int.h"
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <ctype.h>
+#include <string.h>
+#include "argv_parse.h"
+
+#define STATE_WHITESPACE        1
+#define STATE_TOKEN             2
+#define STATE_QUOTED            3
+
+/*
+ * Returns 0 on success, -1 on failure.
+ */
+int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
+{
+    int     argc = 0, max_argc = 0;
+    char    **argv, **new_argv, *buf, ch;
+    char    *cp = 0, *outcp = 0;
+    int     state = STATE_WHITESPACE;
+
+    buf = malloc(strlen(in_buf)+1);
+    if (!buf)
+        return -1;
+
+    max_argc = 0; argc = 0; argv = 0;
+    outcp = buf;
+    for (cp = in_buf; (ch = *cp); cp++) {
+        if (state == STATE_WHITESPACE) {
+            if (isspace((int) ch))
+                continue;
+            /* Not whitespace, so start a new token */
+            state = STATE_TOKEN;
+            if (argc >= max_argc) {
+                max_argc += 3;
+                new_argv = realloc(argv,
+                                   (max_argc+1)*sizeof(char *));
+                if (!new_argv) {
+                    if (argv) free(argv);
+                    free(buf);
+                    return -1;
+                }
+                argv = new_argv;
+            }
+            argv[argc++] = outcp;
+        }
+        if (state == STATE_QUOTED) {
+            if (ch == '"')
+                state = STATE_TOKEN;
+            else
+                *outcp++ = ch;
+            continue;
+        }
+        /* Must be processing characters in a word */
+        if (isspace((int) ch)) {
+            /*
+             * Terminate the current word and start
+             * looking for the beginning of the next word.
+             */
+            *outcp++ = 0;
+            state = STATE_WHITESPACE;
+            continue;
+        }
+        if (ch == '"') {
+            state = STATE_QUOTED;
+            continue;
+        }
+        if (ch == '\\') {
+            ch = *++cp;
+            switch (ch) {
+            case '\0':
+                ch = '\\'; cp--; break;
+            case 'n':
+                ch = '\n'; break;
+            case 't':
+                ch = '\t'; break;
+            case 'b':
+                ch = '\b'; break;
+            }
+        }
+        *outcp++ = ch;
+    }
+    if (state != STATE_WHITESPACE)
+        *outcp++ = '\0';
+    if (argv == 0) {
+        argv = malloc(sizeof(char *));
+        free(buf);
+    }
+    argv[argc] = 0;
+    if (ret_argc)
+        *ret_argc = argc;
+    if (ret_argv)
+        *ret_argv = argv;
+    return 0;
+}
+
+void argv_free(char **argv)
+{
+    if (*argv)
+        free(*argv);
+    free(argv);
+}
+
+#ifdef DEBUG
+/*
+ * For debugging
+ */
+
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    int     ac, ret;
+    char    **av, **cpp;
+    char    buf[256];
+
+    while (!feof(stdin)) {
+        if (fgets(buf, sizeof(buf), stdin) == NULL)
+            break;
+        ret = argv_parse(buf, &ac, &av);
+        if (ret != 0) {
+            printf("Argv_parse returned %d!\n", ret);
+            continue;
+        }
+        printf("Argv_parse returned %d arguments...\n", ac);
+        for (cpp = av; *cpp; cpp++) {
+            if (cpp != av)
+                printf(", ");
+            printf("'%s'", *cpp);
+        }
+        printf("\n");
+        argv_free(av);
+    }
+    exit(0);
+}
+#endif /* DEBUG */
diff --git a/krb5-1.21.3/src/util/profile/argv_parse.h b/krb5-1.21.3/src/util/profile/argv_parse.h
new file mode 100644
index 00000000..26904ebe
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/argv_parse.h
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1999 by Theodore Ts'o.
+ *
+ * Permission to use, copy, modify, and distribute this software for
+ * any purpose with or without fee is hereby granted, provided that
+ * the above copyright notice and this permission notice appear in all
+ * copies.  THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE
+ * AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  (Isn't
+ * it sick that the U.S. culture of lawsuit-happy lawyers requires
+ * this kind of disclaimer?)
+ */
+
+/*
+ * Version 1.1, modified 2/27/1999
+ *
+ * argv_parse.h --- header file for the argv parser.
+ *
+ * This file defines the interface for the functions argv_parse() and
+ * argv_free().
+ *
+ ***********************************************************************
+ * int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
+ *
+ * This function takes as its first argument a string which it will
+ * parse into an argv argument vector, with each white-space separated
+ * word placed into its own slot in the argv.  This function handles
+ * double quotes and backslashes so that the parsed words can contain
+ * special characters.   The count of the number words found in the
+ * parsed string, as well as the argument vector, are returned into
+ * ret_argc and ret_argv, respectively.
+ ***********************************************************************
+ * extern void argv_free(char **argv);
+ *
+ * This function frees the argument vector created by argv_parse().
+ ***********************************************************************
+ */
+
+extern int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv);
+extern void argv_free(char **argv);
diff --git a/krb5-1.21.3/src/util/profile/deps b/krb5-1.21.3/src/util/profile/deps
new file mode 100644
index 00000000..179f0707
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/deps
@@ -0,0 +1,56 @@
+#
+# Generated makefile dependencies follow.
+#
+prof_tree.so prof_tree.po $(OUTPRE)prof_tree.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_int.h prof_tree.c
+prof_file.so prof_file.po $(OUTPRE)prof_file.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_file.c prof_int.h
+prof_parse.so prof_parse.po $(OUTPRE)prof_parse.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_int.h prof_parse.c
+prof_get.so prof_get.po $(OUTPRE)prof_get.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_get.c prof_int.h
+prof_set.so prof_set.po $(OUTPRE)prof_set.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_int.h prof_set.c
+prof_err.so prof_err.po $(OUTPRE)prof_err.$(OBJEXT): \
+  $(COM_ERR_DEPS) prof_err.c
+prof_init.so prof_init.po $(OUTPRE)prof_init.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_init.c prof_int.h
+test_load.so test_load.po $(OUTPRE)test_load.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_int.h test_load.c
+test_parse.so test_parse.po $(OUTPRE)test_parse.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  prof_int.h test_parse.c
+test_profile.so test_profile.po $(OUTPRE)test_profile.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  argv_parse.h prof_int.h test_profile.c
+test_vtable.so test_vtable.po $(OUTPRE)test_vtable.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h test_vtable.c
+t_profile.so t_profile.po $(OUTPRE)t_profile.$(OBJEXT): \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) t_profile.c
diff --git a/krb5-1.21.3/src/util/profile/dosshell.ini b/krb5-1.21.3/src/util/profile/dosshell.ini
new file mode 100644
index 00000000..cec96ec5
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/dosshell.ini
@@ -0,0 +1,537 @@
+EGA.INI/VGA.INI
+****************  WARNING  ********************
+This file may contain lines with more than 256
+characters. Some editors will truncate or split
+these lines. If you are not sure whether your
+editor can handle long lines, exit now without
+saving the file.
+
+Note: The editor which is invoked by the
+	  MS-DOS 5.0 EDIT command can be used
+	  to edit this file.
+****************  NOTE  ***********************
+Everything up to the first left square bracket
+character is considered a comment.
+***********************************************
+[savestate]
+screenmode = text
+resolution = low
+startup = filemanager
+filemanagermode = shared
+sortkey = name
+pause = disabled
+explicitselection = disabled
+swapmouse = disabled
+tasklist = disabled
+switching = disabled
+[programstarter]
+currentcolor = Ocean
+filemanager = enabled
+command = enabled
+group = 
+{
+	program = 
+	{
+	command = COMMAND
+	title = Command Prompt
+	help = Starts the MS-DOS command prompt where you can type any MS-DOS command.^m^mTo return to MS-DOS Shell from the command line:^m^m1. Type exit^m2. Press ENTER.^m^mRelated Topic^m   " More on Command Prompt "~$129~
+	pause = disabled
+	}
+	program = 
+	{
+	command = EDIT %1
+	title = Editor
+	help = Starts MS-DOS Editor, a text editor you can use to create and modify text files. After you choose Editor, you can specify the file you want to work with in a dialog box.^m^mRelated Topic^m   " More on Editor "~$130~
+	pause = disabled
+	dialog = 
+	{
+		title = File to Edit
+		info = Enter the name of the file to edit. To start MS-DOS Editor without opening a file, press ENTER.
+		prompt = File to edit?
+		parameter = %1
+	}
+	}
+	program = 
+	{
+	command = QBASIC %1
+	title = MS-DOS QBasic
+	help = Starts MS-DOS QBasic, a programming environment you can use to create, modify, run, and debug programs. After you choose MS-DOS QBasic, you can specify the file you want to work with in a dialog box.^m^mRelated Topic^m   " More on MS-DOS QBasic "~$131~
+	pause = disabled
+	dialog = 
+	{
+		title = MS-DOS QBasic File
+		info = Enter the name of a QBasic program. To start without opening a program, press ENTER.
+		prompt = QBasic File?
+		parameter = %1
+	}
+	}
+	group = 
+	{
+	title = Disk Utilities
+	help = Displays program items you can choose to manage your disks. You can also choose to open the Main group or any group you may have added.
+	program = 
+	{
+		command = diskcopy %1
+		title = Disk Copy
+		pause = enabled
+		dialog = 
+		{
+		title = Disk Copy
+		info = Enter the source and destination drives.
+		prompt = Parameters . . .
+		default = a: b:
+		parameter = %1
+		}
+		help = Temporarily leaves MS-DOS Shell to copy the contents of a floppy disk to another floppy disk. After you choose Disk Copy, a dialog box suggests parameters and switches you can either accept or replace.^m^mRelated Topic^m   " More on Disk Copy "~$132~
+	}
+	program = 
+	{
+		command = backup %1
+		title = Backup Fixed Disk
+		pause = enabled
+		dialog = 
+		{
+		title = Backup Fixed Disk
+		info = Enter the source and destination drives.
+		prompt = Parameters . . .
+		default = c:\*.* a: /s
+		parameter = %1 
+		}
+		help = Temporarily leaves MS-DOS Shell to copy files from one disk to another. After you choose Backup Fixed Disk, a dialog box suggests parameters and switches you can either accept or replace.^m^mRelated Topic^m   " More on Backup Fixed Disk "~$133~
+	}
+	program = 
+	{
+		command = restore %1
+		title = Restore Fixed Disk
+		pause = enabled
+		dialog = 
+		{
+		title = Restore Fixed Disk
+		info = Enter the source and destination drives.
+		prompt = Parameters . . .
+		parameter = %1
+		}
+		help = Temporarily leaves MS-DOS Shell to restore files that were backed up. After you choose Restore Fixed Disk, a dialog box suggests parameters and switches you can either accept or replace.^m^mRelated Topic^m   " More on Restore Fixed Disk "~$134~
+	}
+	program = 
+	{
+		command = format %1 /q
+		title = Quick Format
+		pause = enabled
+		dialog = 
+		{
+		title = Quick Format
+		info = Enter the drive to quick format.
+		prompt = Parameters . . .
+		default = a:
+		parameter = %1
+		}
+		help = Temporarily leaves MS-DOS Shell to prepare a disk to accept MS-DOS files. After you choose Quick Format, a dialog box suggests parameters and switches you can either accept or replace.^m^mRelated Topic^m   " More on Quick Format "~$136~
+		screenmode = text
+		alttab = enabled
+		altesc = enabled
+		ctrlesc = enabled
+		prevent = enabled
+	}
+	program = 
+	{
+		command = format %1
+		title = Format
+		pause = enabled
+		dialog = 
+		{
+		title = Format
+		info = Enter the drive to format.
+		prompt = Parameters . . .
+		default = a:
+		parameter = %1
+		}
+		help = Temporarily leaves MS-DOS Shell to prepare a disk to accept MS-DOS files. After you choose Format, a dialog box suggests parameters and switches you can either accept or replace.^m^mRelated Topic^m   " More on Format "~$135~
+	}
+	program = 
+	{
+		command = undelete %1
+		title = Undelete
+		help = Recovers deleted files.^m^mWARNING: If your disk is full or if you are using task swapping, using this program item may render some deleted files unrecoverable.^m^mRelated Procedure^m   " Restoring Deleted Files "~I155~
+		pause = enabled
+		dialog = 
+		{
+		title = Undelete
+		info = WARNING! This action may cause the permanent loss of some deleted files.  Press F1 for more information.
+		prompt = Parameters . . .
+		default = /LIST
+		parameter = %1
+		}
+		screenmode = text
+		alttab = enabled
+		altesc = enabled
+		ctrlesc = enabled
+		prevent = enabled
+	}
+	}
+}
+color = 
+{
+	selection = 
+	{
+	title = Basic Blue
+	foreground = 
+	{
+		base = black
+		highlight = brightwhite
+		selection = brightwhite
+		alert = brightred
+		menubar = black
+		menu = black
+		disabled = white
+		accelerator = cyan
+		dialog = black
+		button = black
+		elevator = white
+		titlebar = black
+		scrollbar = brightwhite
+		borders = black
+		drivebox = black
+		driveicon = black
+		cursor = black
+	}
+	background = 
+	{
+		base = brightwhite
+		highlight = blue
+		selection = black
+		alert = brightwhite
+		menubar = white
+		menu = brightwhite
+		disabled = brightwhite
+		accelerator = brightwhite
+		dialog = brightwhite
+		button = white
+		elevator = white
+		titlebar = white
+		scrollbar = black
+		borders = brightwhite
+		drivebox = brightwhite
+		driveicon = brightwhite
+		cursor = brightblack
+	}
+	}
+	selection = 
+	{
+	title = Ocean
+	foreground = 
+	{
+		base = black
+		highlight = brightwhite
+		selection = brightwhite
+		alert = brightwhite
+		menubar = black
+		menu = black
+		disabled = white
+		accelerator = brightwhite
+		dialog = black
+		button = black
+		elevator = white
+		titlebar = black
+		scrollbar = brightwhite
+		borders = black
+		drivebox = black
+		driveicon = black
+		cursor = black
+	}
+	background = 
+	{
+		base = brightwhite
+		highlight = blue
+		selection = black
+		alert = white
+		menubar = cyan
+		menu = cyan
+		disabled = cyan
+		accelerator = cyan
+		dialog = cyan
+		button = brightwhite
+		elevator = white
+		titlebar = white
+		scrollbar = black
+		borders = black
+		drivebox = brightwhite
+		driveicon = brightwhite
+		cursor = brightcyan
+	}
+	}
+	selection = 
+	{
+	title = Monochrome-2 Colors
+	foreground = 
+	{
+		base = black
+		highlight = white
+		selection = white
+		alert = black
+		menubar = black
+		menu = black
+		disabled = white
+		accelerator = white
+		dialog = black
+		button = white
+		elevator = black
+		titlebar = white
+		scrollbar = white
+		borders = black
+		drivebox = black
+		driveicon = black
+	}
+	background = 
+	{
+		base = white
+		highlight = black
+		selection = black
+		alert = white
+		menubar = white
+		menu = white
+		disabled = white
+		accelerator = black
+		dialog = white
+		button = black
+		elevator = white
+		titlebar = black
+		scrollbar = black
+		borders = black
+		drivebox = white
+		driveicon = white
+	}
+	}
+	selection = 
+	{
+	title = Monochrome-4 Colors
+	foreground = 
+	{
+		base = black
+		highlight = brightwhite
+		selection = brightwhite
+		alert = black
+		menubar = black
+		menu = black
+		disabled = white
+		accelerator = brightwhite
+		dialog = black
+		button = black
+		elevator = white
+		titlebar = black
+		scrollbar = brightwhite
+		borders = black
+		drivebox = black
+		driveicon = black
+		cursor = black
+	}
+	background = 
+	{
+		base = brightwhite
+		highlight = brightblack
+		selection = brightblack
+		alert = brightwhite
+		menubar = brightwhite
+		menu = white
+		disabled = white
+		accelerator = brightblack
+		dialog = brightwhite
+		button = white
+		elevator = white
+		titlebar = white
+		scrollbar = black
+		borders = black
+		drivebox = brightwhite
+		driveicon = brightwhite
+		cursor = black
+	}
+	}
+	selection = 
+	{
+	title = Reverse
+	foreground = 
+	{
+		base = white
+		highlight = black
+		selection = black
+		alert = white
+		menubar = white
+		menu = white
+		disabled = black
+		accelerator = black
+		dialog = white
+		button = black
+		elevator = white
+		titlebar = black
+		scrollbar = black
+		borders = white
+		drivebox = white
+		driveicon = white
+	}
+	background = 
+	{
+		base = black
+		highlight = white
+		selection = white
+		alert = black
+		menubar = black
+		menu = black
+		disabled = black
+		accelerator = white
+		dialog = black
+		button = white
+		elevator = black
+		titlebar = white
+		scrollbar = white
+		borders = black
+		drivebox = black
+		driveicon = black
+	}
+	}
+	selection = 
+	{
+	title = Hot Pink
+	foreground = 
+	{
+		base = black
+		highlight = brightwhite
+		selection = brightwhite
+		alert = brightmagenta
+		menubar = black
+		menu = black
+		disabled = white
+		accelerator = magenta
+		dialog = black
+		button = brightwhite
+		elevator = white
+		titlebar = brightwhite
+		scrollbar = brightwhite
+		borders = black
+		drivebox = black
+		driveicon = black
+		cursor = black
+	}
+	background = 
+	{
+		base = brightwhite
+		highlight = brightmagenta
+		selection = magenta
+		alert = brightwhite
+		menubar = brightwhite
+		menu = brightwhite
+		disabled = brightwhite
+		accelerator = brightwhite
+		dialog = brightwhite
+		button = magenta
+		elevator = white
+		titlebar = magenta
+		scrollbar = black
+		borders = black
+		drivebox = brightwhite
+		driveicon = brightwhite
+		cursor = brightred
+	}
+	}
+	selection = 
+	{
+	title = Emerald City
+	foreground = 
+	{
+		base = black
+		highlight = black
+		selection = brightwhite
+		alert = green
+		menubar = black
+		menu = black
+		disabled = white
+		accelerator = green
+		dialog = black
+		button = brightwhite
+		elevator = white
+		titlebar = brightwhite
+		scrollbar = brightwhite
+		borders = black
+		drivebox = black
+		driveicon = black
+		cursor = black
+	}
+	background = 
+	{
+		base = brightwhite
+		highlight = brightgreen
+		selection = green
+		alert = brightwhite
+		menubar = brightwhite
+		menu = brightwhite
+		disabled = brightwhite
+		accelerator = brightwhite
+		dialog = brightwhite
+		button = green
+		elevator = white
+		titlebar = green
+		scrollbar = black
+		borders = black
+		drivebox = brightwhite
+		driveicon = brightwhite
+		cursor = brightcyan
+	}
+	}
+	selection = 
+	{
+	title = Turquoise
+	foreground = 
+	{
+		base = black
+		highlight = brightwhite
+		selection = brightwhite
+		alert = brightred
+		menubar = brightwhite
+		menu = black
+		disabled = white
+		accelerator = white
+		dialog = black
+		button = black
+		elevator = white
+		titlebar = black
+		scrollbar = brightwhite
+		borders = black
+		drivebox = black
+		driveicon = black
+		cursor = black
+	}
+	background = 
+	{
+		base = brightwhite
+		highlight = brightblue
+		selection = black
+		alert = brightwhite
+		menubar = brightcyan
+		menu = brightcyan
+		disabled = brightcyan
+		accelerator = brightcyan
+		dialog = brightcyan
+		button = brightwhite
+		elevator = white
+		titlebar = white
+		scrollbar = black
+		borders = black
+		drivebox = brightwhite
+		driveicon = brightwhite
+		cursor = cyan
+	}
+	}
+}
+
+associations = 
+{
+	association = 
+	{
+	program = EDIT
+	extension = TXT
+	}
+	association = 
+	{
+	program = QBASIC /run 
+	extension = BAS
+	}
+}
diff --git a/krb5-1.21.3/src/util/profile/final.expected b/krb5-1.21.3/src/util/profile/final.expected
new file mode 100644
index 00000000..fb23b3cc
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/final.expected
@@ -0,0 +1,12 @@
+
+value1
+value1
+
+value2
+value1
+
+value3
+
+value4
+
+value5
diff --git a/krb5-1.21.3/src/util/profile/final1.ini b/krb5-1.21.3/src/util/profile/final1.ini
new file mode 100644
index 00000000..0419addf
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/final1.ini
@@ -0,0 +1,6 @@
+# A basic profile setting a single relation in a subsection, with
+# nothing marked final.
+[section]
+	subsection = {
+		key = value1
+	}
diff --git a/krb5-1.21.3/src/util/profile/final2.ini b/krb5-1.21.3/src/util/profile/final2.ini
new file mode 100644
index 00000000..4b1e15b7
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/final2.ini
@@ -0,0 +1,7 @@
+# In this variant the relation is marked final.  There is parsing
+# support for this but no iteration or dumping support, so the marker
+# currently has no effect.
+[section]
+	subsection = {
+		key* = value2
+	}
diff --git a/krb5-1.21.3/src/util/profile/final3.ini b/krb5-1.21.3/src/util/profile/final3.ini
new file mode 100644
index 00000000..dcf0ca96
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/final3.ini
@@ -0,0 +1,6 @@
+# In this variant the subsection is marked final via a '*' at the end
+# of the tag name.
+[section]
+	subsection* = {
+		key = value3
+	}
diff --git a/krb5-1.21.3/src/util/profile/final4.ini b/krb5-1.21.3/src/util/profile/final4.ini
new file mode 100644
index 00000000..dcba0784
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/final4.ini
@@ -0,0 +1,6 @@
+# In this variant the subsection is marked final via a '*' after the
+# closing brace.
+[section]
+	subsection = {
+		key = value4
+	}*
diff --git a/krb5-1.21.3/src/util/profile/final5.ini b/krb5-1.21.3/src/util/profile/final5.ini
new file mode 100644
index 00000000..58cd57d3
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/final5.ini
@@ -0,0 +1,5 @@
+# In this variant the top-level section is marked final.
+[section]*
+	subsection = {
+		key = value5
+	}
diff --git a/krb5-1.21.3/src/util/profile/krb5.conf b/krb5-1.21.3/src/util/profile/krb5.conf
new file mode 100644
index 00000000..de4de846
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/krb5.conf
@@ -0,0 +1,50 @@
+[libdefaults]
+	default_realm = ATHENA.MIT.EDU 
+	kdc_timesync = 1
+	ccache_type = 4
+
+[realms] 
+	ATHENA.MIT.EDU = { 
+#		kdc = kerberos-2000.mit.edu
+		kdc = kerberos.mit.edu
+		kdc = kerberos-1.mit.edu
+		kdc = kerberos-2.mit.edu
+		kdc = kerberos-3.mit.edu
+		primary_kdc = kerberos.mit.edu
+		admin_server = kerberos.mit.edu
+	} 
+	MEDIA-LAB.MIT.EDU = {
+		kdc = kerberos.media.mit.edu
+		admin_server = kerberos.media.mit.edu
+	}
+	ZONE.MIT.EDU = {
+		kdc = casio.mit.edu
+		kdc = seiko.mit.edu
+		admin_server = casio.mit.edu
+	}
+	MOOF.MIT.EDU = {
+		kdc = three-headed-dogcow.mit.edu
+		kdc = three-headed-dogcow-1.mit.edu
+		admin_server = three-headed-dogcow.mit.edu
+	}
+	CYGNUS.COM = {
+		kdc = KERBEROS-1.CYGNUS.COM
+		kdc = KERBEROS.CYGNUS.COM
+		admin_server = KERBEROS.CYGNUS.COM
+	}
+	GREY17.ORG = {
+		kdc = kerberos.grey17.org
+		admin_server = kerberos.grey17.org
+	}
+	IHTFP.ORG = {
+		kdc = kerberos.ihtfp.org
+		admin_server = kerberos.ihtfp.org
+	}
+
+[domain_realm]
+	mit.edu = ATHENA.MIT.EDU
+	csail.mit.edu = CSAIL.MIT.EDU
+
+[login]
+	krb4_convert = true
+	krb4_get_tickets = true
diff --git a/krb5-1.21.3/src/util/profile/libprofile.exports b/krb5-1.21.3/src/util/profile/libprofile.exports
new file mode 100644
index 00000000..3f02b4f4
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/libprofile.exports
@@ -0,0 +1,30 @@
+et_prof_error_table
+initialize_prof_error_table
+profile_abandon
+profile_add_relation
+profile_clear_relation
+profile_flush
+profile_free_list
+profile_get_boolean
+profile_get_integer
+profile_get_relation_names
+profile_get_string
+profile_get_subsection_names
+profile_get_values
+profile_init
+profile_init_flags
+profile_init_path
+profile_init_vtable
+profile_iterator
+profile_iterator_create
+profile_iterator_free
+profile_release
+profile_release_string
+profile_rename_section
+profile_ser_externalize
+profile_ser_internalize
+profile_ser_size
+profile_update_relation
+profile_flush_to_file
+profile_flush_to_buffer
+profile_free_buffer
diff --git a/krb5-1.21.3/src/util/profile/prof_FSp_glue.c b/krb5-1.21.3/src/util/profile/prof_FSp_glue.c
new file mode 100644
index 00000000..f1c7b07a
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_FSp_glue.c
@@ -0,0 +1,92 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prof_FSp_glue.c --- Deprecated FSSpec functions.  Mac-only.
+ */
+
+#include "prof_int.h"
+
+#include <Kerberos/FSpUtils.h>
+#include <limits.h>
+
+long KRB5_CALLCONV FSp_profile_init (const FSSpec* files, profile_t *ret_profile);
+
+long KRB5_CALLCONV FSp_profile_init_path (const FSSpec* files, profile_t *ret_profile);
+
+errcode_t KRB5_CALLCONV
+FSp_profile_init(files, ret_profile)
+    const FSSpec* files;
+    profile_t *ret_profile;
+{
+    unsigned int        fileCount = 0;
+    const FSSpec       *nextSpec;
+    profile_filespec_t *pathArray = NULL;
+    unsigned int        i;
+    errcode_t           retval = 0;
+
+    for (nextSpec = files; ; nextSpec++) {
+        if ((nextSpec -> vRefNum == 0) &&
+            (nextSpec -> parID == 0) &&
+            (StrLength (nextSpec -> name) == 0))
+            break;
+        fileCount++;
+    }
+
+    pathArray = (profile_filespec_t *) malloc ((fileCount + 1) * sizeof(const_profile_filespec_t));
+    if (pathArray == NULL) {
+        retval = ENOMEM;
+    }
+
+    if (retval == 0) {
+        for (i = 0; i < fileCount + 1; i++) {
+            pathArray [i] = NULL;
+        }
+    }
+
+    if (retval == 0) {
+        for (i = 0; i < fileCount; i++) {
+            OSStatus err = noErr;
+
+            if (err == noErr) {
+                pathArray[i] = (char *) malloc (sizeof(char) * PATH_MAX);
+                if (pathArray[i] == NULL) {
+                    err = memFullErr;
+                }
+            }
+            /* convert the FSSpec to an path */
+            if (err == noErr) {
+                err = FSSpecToPOSIXPath (&files[i], pathArray[i], PATH_MAX);
+            }
+
+            if (err == memFullErr) {
+                retval = ENOMEM;
+                break;
+            } else if (err != noErr) {
+                retval = ENOENT;
+                break;
+            }
+        }
+    }
+
+    if (retval == 0) {
+        retval = profile_init ((const_profile_filespec_t *) pathArray,
+                               ret_profile);
+    }
+
+    if (pathArray != NULL) {
+        for (i = 0; i < fileCount; i++) {
+            if (pathArray [i] != 0)
+                free (pathArray [i]);
+        }
+        free (pathArray);
+    }
+
+    return retval;
+}
+
+errcode_t KRB5_CALLCONV
+FSp_profile_init_path(files, ret_profile)
+    const FSSpec* files;
+    profile_t *ret_profile;
+{
+    return FSp_profile_init (files, ret_profile);
+}
diff --git a/krb5-1.21.3/src/util/profile/prof_err.et b/krb5-1.21.3/src/util/profile/prof_err.et
new file mode 100644
index 00000000..2898d6bc
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_err.et
@@ -0,0 +1,78 @@
+error_table prof
+
+error_code	PROF_VERSION,	"Profile version 0.0"
+
+#
+# generated by prof_tree.c
+#
+error_code	PROF_MAGIC_NODE,	"Bad magic value in profile_node"
+error_code	PROF_NO_SECTION,	"Profile section not found"
+error_code	PROF_NO_RELATION,	"Profile relation not found"
+error_code	PROF_ADD_NOT_SECTION, 
+	"Attempt to add a relation to node which is not a section"
+error_code	PROF_SECTION_WITH_VALUE, 
+	"A profile section header has a non-zero value"
+error_code	PROF_BAD_LINK_LIST, 	"Bad linked list in profile structures"
+error_code	PROF_BAD_GROUP_LVL, 	"Bad group level in profile structures"
+error_code	PROF_BAD_PARENT_PTR, 	
+	"Bad parent pointer in profile structures"
+error_code	PROF_MAGIC_ITERATOR,	"Bad magic value in profile iterator"
+error_code	PROF_SET_SECTION_VALUE,	"Can't set value on section node"
+error_code	PROF_EINVAL,		"Invalid argument passed to profile library"
+error_code	PROF_READ_ONLY,		"Attempt to modify read-only profile"
+
+#
+# generated by prof_parse.c
+#
+
+error_code	PROF_SECTION_NOTOP, "Profile section header not at top level"
+error_code	PROF_SECTION_SYNTAX, "Syntax error in profile section header"
+error_code	PROF_RELATION_SYNTAX, "Syntax error in profile relation"
+error_code	PROF_EXTRA_CBRACE, "Extra closing brace in profile"
+error_code	PROF_MISSING_OBRACE, "Missing open brace in profile"
+
+#
+# generated by prof_init.c
+# 
+error_code	PROF_MAGIC_PROFILE,	"Bad magic value in profile_t"
+error_code	PROF_MAGIC_SECTION,	"Bad magic value in profile_section_t"
+error_code	PROF_TOPSECTION_ITER_NOSUPP,
+	"Iteration through all top level section not supported"
+error_code	PROF_INVALID_SECTION,	"Invalid profile_section object"
+error_code	PROF_END_OF_SECTIONS,	"No more sections"
+error_code	PROF_BAD_NAMESET,	"Bad nameset passed to query routine"
+error_code	PROF_NO_PROFILE,	"No profile file open"
+
+#
+# generated by prof_file.c
+#
+error_code      PROF_MAGIC_FILE,	"Bad magic value in profile_file_t"
+error_code	PROF_FAIL_OPEN,		"Couldn't open profile file"
+
+#
+# generated by prof_set.c
+#
+error_code	PROF_EXISTS,		"Section already exists"
+
+#
+# generated by prof_get.c
+#
+error_code	PROF_BAD_BOOLEAN,		"Invalid boolean value"
+error_code	PROF_BAD_INTEGER,		"Invalid integer value"
+
+#
+# new error codes added at end to avoid changing values
+#
+error_code	PROF_MAGIC_FILE_DATA, "Bad magic value in profile_file_data_t"
+error_code	PROF_FAIL_INCLUDE_FILE,
+	"Included profile file could not be read"
+error_code	PROF_FAIL_INCLUDE_DIR,
+	"Included profile directory could not be read"
+error_code	PROF_UNSUPPORTED, "Operation not supported on this profile"
+error_code	PROF_MAGIC_NODE_ITERATOR, "Bad magic value in profile iterator"
+error_code	PROF_MODULE, "Unexpected module declaration in profile"
+error_code	PROF_MODULE_SYNTAX,
+	"Invalid syntax of module declaration in profile"
+error_code	PROF_MODULE_INVALID, "Invalid profile module"
+
+end
diff --git a/krb5-1.21.3/src/util/profile/prof_file.c b/krb5-1.21.3/src/util/profile/prof_file.c
new file mode 100644
index 00000000..aa951df0
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_file.c
@@ -0,0 +1,564 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prof_file.c ---- routines that manipulate an individual profile file.
+ */
+
+#include "prof_int.h"
+
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <string.h>
+#include <stddef.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
+
+#if defined(_WIN32)
+#include <io.h>
+#define HAVE_STAT
+#define stat _stat
+#ifndef S_ISDIR
+#define S_ISDIR(x) (((x) & S_IFMT) == S_IFDIR)
+#endif
+#endif
+
+#include "k5-platform.h"
+
+struct global_shared_profile_data {
+    /* This is the head of the global list of shared trees */
+    prf_data_t trees;
+    /* Lock for above list.  */
+    k5_mutex_t mutex;
+};
+#define g_shared_trees          (krb5int_profile_shared_data.trees)
+#define g_shared_trees_mutex    (krb5int_profile_shared_data.mutex)
+
+static struct global_shared_profile_data krb5int_profile_shared_data = {
+    0,
+    K5_MUTEX_PARTIAL_INITIALIZER
+};
+
+MAKE_INIT_FUNCTION(profile_library_initializer);
+MAKE_FINI_FUNCTION(profile_library_finalizer);
+
+int profile_library_initializer(void)
+{
+#ifdef SHOW_INITFINI_FUNCS
+    printf("profile_library_initializer\n");
+#endif
+    add_error_table(&et_prof_error_table);
+
+    return k5_mutex_finish_init(&g_shared_trees_mutex);
+}
+void profile_library_finalizer(void)
+{
+    if (! INITIALIZER_RAN(profile_library_initializer) || PROGRAM_EXITING()) {
+#ifdef SHOW_INITFINI_FUNCS
+        printf("profile_library_finalizer: skipping\n");
+#endif
+        return;
+    }
+#ifdef SHOW_INITFINI_FUNCS
+    printf("profile_library_finalizer\n");
+#endif
+    k5_mutex_destroy(&g_shared_trees_mutex);
+
+    remove_error_table(&et_prof_error_table);
+}
+
+static void profile_free_file_data(prf_data_t);
+
+static int rw_access(const_profile_filespec_t filespec)
+{
+#ifdef HAVE_ACCESS
+    if (access(filespec, W_OK) == 0)
+        return 1;
+    else
+        return 0;
+#else
+    /*
+     * We're on a substandard OS that doesn't support access.  So
+     * we kludge a test using stdio routines, and hope fopen
+     * checks the r/w permissions.
+     */
+    FILE    *f;
+
+    f = fopen(filespec, "r+");
+    if (f) {
+        fclose(f);
+        return 1;
+    }
+    return 0;
+#endif
+}
+
+static int r_access(const_profile_filespec_t filespec)
+{
+#ifdef HAVE_ACCESS
+    if (access(filespec, R_OK) == 0)
+        return 1;
+    else
+        return 0;
+#else
+    /*
+     * We're on a substandard OS that doesn't support access.  So
+     * we kludge a test using stdio routines, and hope fopen
+     * checks the r/w permissions.
+     */
+    FILE    *f;
+
+    f = fopen(filespec, "r");
+    if (f) {
+        fclose(f);
+        return 1;
+    }
+    return 0;
+#endif
+}
+
+int profile_file_is_writable(prf_file_t profile)
+{
+    if (profile && profile->data) {
+        return rw_access(profile->data->filespec);
+    } else {
+        return 0;
+    }
+}
+
+prf_data_t
+profile_make_prf_data(const char *filename)
+{
+    prf_data_t d;
+    size_t len, flen, slen;
+    char *fcopy;
+
+    flen = strlen(filename);
+    slen = offsetof(struct _prf_data_t, filespec);
+    len = slen + flen + 1;
+    if (len < sizeof(struct _prf_data_t))
+        len = sizeof(struct _prf_data_t);
+    d = malloc(len);
+    if (d == NULL)
+        return NULL;
+    memset(d, 0, len);
+    fcopy = (char *) d + slen;
+    assert(fcopy == d->filespec);
+    strlcpy(fcopy, filename, flen + 1);
+    d->refcount = 1;
+    d->magic = PROF_MAGIC_FILE_DATA;
+    d->root = NULL;
+    d->next = NULL;
+    d->fslen = flen;
+    return d;
+}
+
+errcode_t profile_open_file(const_profile_filespec_t filespec,
+                            prf_file_t *ret_prof, char **ret_modspec)
+{
+    prf_file_t      prf;
+    errcode_t       retval;
+    char            *home_env = 0;
+    prf_data_t      data;
+    char            *expanded_filename;
+
+    retval = CALL_INIT_FUNCTION(profile_library_initializer);
+    if (retval)
+        return retval;
+
+    prf = malloc(sizeof(struct _prf_file_t));
+    if (!prf)
+        return ENOMEM;
+    memset(prf, 0, sizeof(struct _prf_file_t));
+    prf->magic = PROF_MAGIC_FILE;
+
+    if (filespec[0] == '~' && filespec[1] == '/') {
+        home_env = secure_getenv("HOME");
+#ifdef HAVE_PWD_H
+        if (home_env == NULL) {
+            uid_t uid;
+            struct passwd *pw, pwx;
+            char pwbuf[BUFSIZ];
+
+            uid = getuid();
+            if (!k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw)
+                && pw != NULL && pw->pw_dir[0] != 0)
+                home_env = pw->pw_dir;
+        }
+#endif
+    }
+    if (home_env) {
+        if (asprintf(&expanded_filename, "%s%s", home_env,
+                     filespec + 1) < 0)
+            expanded_filename = 0;
+    } else
+        expanded_filename = strdup(filespec);
+    if (expanded_filename == 0) {
+        free(prf);
+        return ENOMEM;
+    }
+
+    k5_mutex_lock(&g_shared_trees_mutex);
+    for (data = g_shared_trees; data; data = data->next) {
+        if (!strcmp(data->filespec, expanded_filename)
+            /* Check that current uid has read access.  */
+            && r_access(data->filespec))
+            break;
+    }
+    if (data) {
+        data->refcount++;
+        data->last_stat = 0;    /* Make sure to stat when updating. */
+        k5_mutex_unlock(&g_shared_trees_mutex);
+        retval = profile_update_file_data(data, NULL);
+        free(expanded_filename);
+        if (retval) {
+            profile_dereference_data(data);
+            free(prf);
+            return retval;
+        }
+        prf->data = data;
+        *ret_prof = prf;
+        return 0;
+    }
+    k5_mutex_unlock(&g_shared_trees_mutex);
+    data = profile_make_prf_data(expanded_filename);
+    if (data == NULL) {
+        free(prf);
+        free(expanded_filename);
+        return ENOMEM;
+    }
+    free(expanded_filename);
+    prf->data = data;
+
+    retval = k5_mutex_init(&data->lock);
+    if (retval) {
+        free(data);
+        free(prf);
+        return retval;
+    }
+
+    retval = profile_update_file(prf, ret_modspec);
+    if (retval) {
+        profile_close_file(prf);
+        return retval;
+    }
+
+    k5_mutex_lock(&g_shared_trees_mutex);
+    data->flags |= PROFILE_FILE_SHARED;
+    data->next = g_shared_trees;
+    g_shared_trees = data;
+    k5_mutex_unlock(&g_shared_trees_mutex);
+
+    *ret_prof = prf;
+    return 0;
+}
+
+errcode_t profile_update_file_data_locked(prf_data_t data, char **ret_modspec)
+{
+    errcode_t retval;
+#ifdef HAVE_STAT
+    struct stat st;
+    unsigned long frac;
+    time_t now;
+#endif
+    FILE *f;
+    int isdir = 0;
+
+    if ((data->flags & PROFILE_FILE_NO_RELOAD) && data->root != NULL)
+        return 0;
+
+#ifdef HAVE_STAT
+    now = time(0);
+    if (now == data->last_stat && data->root != NULL) {
+        return 0;
+    }
+    if (stat(data->filespec, &st)) {
+        return errno;
+    }
+    data->last_stat = now;
+#if defined HAVE_STRUCT_STAT_ST_MTIMENSEC
+    frac = st.st_mtimensec;
+#elif defined HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
+    frac = st.st_mtimespec.tv_nsec;
+#elif defined HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
+    frac = st.st_mtim.tv_nsec;
+#else
+    frac = 0;
+#endif
+    if (st.st_mtime == data->timestamp
+        && frac == data->frac_ts
+        && data->root != NULL) {
+        return 0;
+    }
+    if (data->root) {
+        profile_free_node(data->root);
+        data->root = 0;
+    }
+
+    /* Only try to reload regular files, not devices such as pipes. */
+    if ((st.st_mode & S_IFMT) != S_IFREG)
+        data->flags |= PROFILE_FILE_NO_RELOAD;
+#else
+    /*
+     * If we don't have the stat() call, assume that our in-core
+     * memory image is correct.  That is, we won't reread the
+     * profile file if it changes.
+     */
+    if (data->root) {
+        return 0;
+    }
+#endif
+
+#ifdef HAVE_STAT
+    isdir = S_ISDIR(st.st_mode);
+#endif
+    if (!isdir) {
+        errno = 0;
+        f = fopen(data->filespec, "r");
+        if (f == NULL)
+            return (errno != 0) ? errno : ENOENT;
+        set_cloexec_file(f);
+    }
+
+    data->upd_serial++;
+    data->flags &= ~PROFILE_FILE_DIRTY;
+
+    if (isdir) {
+        retval = profile_process_directory(data->filespec, &data->root);
+    } else {
+        retval = profile_parse_file(f, &data->root, ret_modspec);
+        (void)fclose(f);
+    }
+    if (retval) {
+        return retval;
+    }
+    assert(data->root != NULL);
+#ifdef HAVE_STAT
+    data->timestamp = st.st_mtime;
+    data->frac_ts = frac;
+#endif
+    return 0;
+}
+
+errcode_t profile_update_file_data(prf_data_t data, char **ret_modspec)
+{
+    errcode_t retval;
+
+    k5_mutex_lock(&data->lock);
+    retval = profile_update_file_data_locked(data, ret_modspec);
+    k5_mutex_unlock(&data->lock);
+    return retval;
+}
+
+static int
+make_hard_link(const char *oldpath, const char *newpath)
+{
+#ifdef _WIN32
+    return -1;
+#else
+    return link(oldpath, newpath);
+#endif
+}
+
+static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
+                                    int can_create)
+{
+    FILE            *f;
+    profile_filespec_t new_file;
+    profile_filespec_t old_file;
+    errcode_t       retval = 0;
+
+    retval = ENOMEM;
+
+    new_file = old_file = 0;
+    if (asprintf(&new_file, "%s.$$$", outfile) < 0) {
+        new_file = NULL;
+        goto errout;
+    }
+    if (asprintf(&old_file, "%s.bak", outfile) < 0) {
+        old_file = NULL;
+        goto errout;
+    }
+
+    errno = 0;
+
+    f = fopen(new_file, "w");
+    if (!f) {
+        retval = errno;
+        if (retval == 0)
+            retval = PROF_FAIL_OPEN;
+        goto errout;
+    }
+
+    set_cloexec_file(f);
+    profile_write_tree_file(data->root, f);
+    if (fclose(f) != 0) {
+        retval = errno;
+        goto errout;
+    }
+
+    unlink(old_file);
+    if (make_hard_link(outfile, old_file) == 0) {
+        /* Okay, got the hard link.  Yay.  Now we've got our
+           backup version, so just put the new version in
+           place.  */
+        if (rename(new_file, outfile)) {
+            /* Weird, the rename didn't work.  But the old version
+               should still be in place, so no special cleanup is
+               needed.  */
+            retval = errno;
+            goto errout;
+        }
+    } else if (errno == ENOENT && can_create) {
+        if (rename(new_file, outfile)) {
+            retval = errno;
+            goto errout;
+        }
+    } else {
+        /* Couldn't make the hard link, so there's going to be a
+           small window where data->filespec does not refer to
+           either version.  */
+#ifndef _WIN32
+        sync();
+#endif
+        if (rename(outfile, old_file)) {
+            retval = errno;
+            goto errout;
+        }
+        if (rename(new_file, outfile)) {
+            retval = errno;
+            rename(old_file, outfile); /* back out... */
+            goto errout;
+        }
+    }
+
+    retval = 0;
+
+errout:
+    if (new_file)
+        free(new_file);
+    if (old_file)
+        free(old_file);
+    return retval;
+}
+
+errcode_t profile_flush_file_data_to_buffer (prf_data_t data, char **bufp)
+{
+    errcode_t       retval;
+
+    k5_mutex_lock(&data->lock);
+    retval = profile_write_tree_to_buffer(data->root, bufp);
+    k5_mutex_unlock(&data->lock);
+    return retval;
+}
+
+errcode_t profile_flush_file_data(prf_data_t data)
+{
+    errcode_t       retval = 0;
+
+    if (!data || data->magic != PROF_MAGIC_FILE_DATA)
+        return PROF_MAGIC_FILE_DATA;
+
+    k5_mutex_lock(&data->lock);
+
+    if ((data->flags & PROFILE_FILE_DIRTY) == 0) {
+        k5_mutex_unlock(&data->lock);
+        return 0;
+    }
+
+    retval = write_data_to_file(data, data->filespec, 0);
+    data->flags &= ~PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&data->lock);
+    return retval;
+}
+
+errcode_t profile_flush_file_data_to_file(prf_data_t data, const char *outfile)
+{
+    errcode_t retval = 0;
+
+    if (!data || data->magic != PROF_MAGIC_FILE_DATA)
+        return PROF_MAGIC_FILE_DATA;
+
+    k5_mutex_lock(&data->lock);
+    retval = write_data_to_file(data, outfile, 1);
+    k5_mutex_unlock(&data->lock);
+    return retval;
+}
+
+
+
+void profile_dereference_data(prf_data_t data)
+{
+    k5_mutex_lock(&g_shared_trees_mutex);
+    profile_dereference_data_locked(data);
+    k5_mutex_unlock(&g_shared_trees_mutex);
+}
+void profile_dereference_data_locked(prf_data_t data)
+{
+    data->refcount--;
+    if (data->refcount == 0)
+        profile_free_file_data(data);
+}
+
+void profile_lock_global()
+{
+    k5_mutex_lock(&g_shared_trees_mutex);
+}
+void profile_unlock_global()
+{
+    k5_mutex_unlock(&g_shared_trees_mutex);
+}
+
+void profile_free_file(prf_file_t prf)
+{
+    profile_dereference_data(prf->data);
+    free(prf);
+}
+
+/* Call with mutex locked!  */
+static void profile_free_file_data(prf_data_t data)
+{
+    if (data->flags & PROFILE_FILE_SHARED) {
+        /* Remove from linked list.  */
+        if (g_shared_trees == data)
+            g_shared_trees = data->next;
+        else {
+            prf_data_t prev, next;
+            prev = g_shared_trees;
+            next = prev->next;
+            while (next) {
+                if (next == data) {
+                    prev->next = next->next;
+                    break;
+                }
+                prev = next;
+                next = next->next;
+            }
+        }
+    }
+    if (data->root)
+        profile_free_node(data->root);
+    data->magic = 0;
+    k5_mutex_destroy(&data->lock);
+    free(data);
+}
+
+errcode_t profile_close_file(prf_file_t prf)
+{
+    errcode_t       retval;
+
+    retval = profile_flush_file(prf);
+    if (retval)
+        return retval;
+    profile_free_file(prf);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/prof_get.c b/krb5-1.21.3/src/util/profile/prof_get.c
new file mode 100644
index 00000000..12c7b964
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_get.c
@@ -0,0 +1,617 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prof_get.c --- routines that expose the public interfaces for
+ *      querying items from the profile.
+ *
+ */
+
+#include "prof_int.h"
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <errno.h>
+#include <limits.h>
+
+/*
+ * These functions --- init_list(), end_list(), and add_to_list() are
+ * internal functions used to build up a null-terminated char ** list
+ * of strings to be returned by functions like profile_get_values.
+ *
+ * The profile_string_list structure is used for internal booking
+ * purposes to build up the list, which is returned in *ret_list by
+ * the end_list() function.
+ *
+ * The publicly exported interface for freeing char** list is
+ * profile_free_list().
+ */
+
+struct profile_string_list {
+    char    **list;
+    unsigned int    num;
+    unsigned int    max;
+};
+
+/*
+ * Initialize the string list abstraction.
+ */
+static errcode_t init_list(struct profile_string_list *list)
+{
+    list->num = 0;
+    list->max = 10;
+    list->list = malloc(list->max * sizeof(char *));
+    if (list->list == 0)
+        return ENOMEM;
+    list->list[0] = 0;
+    return 0;
+}
+
+/*
+ * Free any memory left over in the string abstraction, returning the
+ * built up list in *ret_list if it is non-null.
+ */
+static void end_list(struct profile_string_list *list, char ***ret_list)
+{
+    char    **cp;
+
+    if (list == 0)
+        return;
+
+    if (ret_list) {
+        *ret_list = list->list;
+        return;
+    } else {
+        for (cp = list->list; cp && *cp; cp++)
+            free(*cp);
+        free(list->list);
+    }
+    list->num = list->max = 0;
+    list->list = 0;
+}
+
+/*
+ * Add a string to the list.
+ */
+static errcode_t add_to_list(struct profile_string_list *list, const char *str)
+{
+    char    *newstr, **newlist;
+    unsigned int    newmax;
+
+    if (list->num+1 >= list->max) {
+        newmax = list->max + 10;
+        newlist = realloc(list->list, newmax * sizeof(char *));
+        if (newlist == 0)
+            return ENOMEM;
+        list->max = newmax;
+        list->list = newlist;
+    }
+    newstr = strdup(str);
+    if (newstr == 0)
+        return ENOMEM;
+
+    list->list[list->num++] = newstr;
+    list->list[list->num] = 0;
+    return 0;
+}
+
+/*
+ * Return TRUE if the string is already a member of the list.
+ */
+static int is_list_member(struct profile_string_list *list, const char *str)
+{
+    char **cpp;
+
+    if (!list->list)
+        return 0;
+
+    for (cpp = list->list; *cpp; cpp++) {
+        if (!strcmp(*cpp, str))
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * This function frees a null-terminated list as returned by
+ * profile_get_values.
+ */
+void KRB5_CALLCONV profile_free_list(char **list)
+{
+    char        **cp;
+
+    if (list == 0)
+        return;
+
+    for (cp = list; *cp; cp++)
+        free(*cp);
+    free(list);
+}
+
+/* Look up a relation in a vtable profile. */
+static errcode_t
+get_values_vt(profile_t profile, const char *const *names, char ***ret_values)
+{
+    errcode_t               retval;
+    char                    **vtvalues, **val;
+    struct profile_string_list values;
+
+    retval = profile->vt->get_values(profile->cbdata, names, &vtvalues);
+    if (retval)
+        return retval;
+
+    /* Copy the result into memory we can free. */
+    retval = init_list(&values);
+    if (retval == 0) {
+        for (val = vtvalues; *val; val++)
+            add_to_list(&values, *val);
+        end_list(&values, ret_values);
+    }
+
+    profile->vt->free_values(profile->cbdata, vtvalues);
+    return retval;
+}
+
+errcode_t KRB5_CALLCONV
+profile_get_values(profile_t profile, const char *const *names,
+                   char ***ret_values)
+{
+    errcode_t               retval;
+    void                    *state = NULL;
+    char                    *value;
+    struct profile_string_list values;
+
+    *ret_values = NULL;
+    if (!profile)
+        return PROF_NO_PROFILE;
+    if (profile->vt)
+        return get_values_vt(profile, names, ret_values);
+
+    if ((retval = profile_node_iterator_create(profile, names,
+                                               PROFILE_ITER_RELATIONS_ONLY,
+                                               &state)))
+        return retval;
+
+    retval = init_list(&values);
+    if (retval)
+        goto cleanup;
+
+    do {
+        if ((retval = profile_node_iterator(&state, 0, 0, &value)))
+            goto cleanup;
+        if (value)
+            add_to_list(&values, value);
+    } while (state);
+
+    if (values.num == 0) {
+        retval = PROF_NO_RELATION;
+        goto cleanup;
+    }
+
+cleanup:
+    end_list(&values, retval ? NULL : ret_values);
+    profile_node_iterator_free(&state);
+    return retval;
+}
+
+/* Look up a relation in a vtable profile and return the first value in the
+ * result. */
+static errcode_t
+get_value_vt(profile_t profile, const char *const *names, char **ret_value)
+{
+    errcode_t               retval;
+    char                    **vtvalues;
+
+    retval = profile->vt->get_values(profile->cbdata, names, &vtvalues);
+    if (retval)
+        return retval;
+    *ret_value = strdup(*vtvalues);
+    if (*ret_value == NULL)
+        retval = ENOMEM;
+    profile->vt->free_values(profile->cbdata, vtvalues);
+    return retval;
+}
+
+/*
+ * This function only gets the first value from the file; it is a
+ * helper function for profile_get_string, profile_get_integer, etc.
+ */
+errcode_t profile_get_value(profile_t profile, const char **names,
+                            char **ret_value)
+{
+    errcode_t               retval;
+    void                    *state;
+    char                    *value;
+
+    *ret_value = NULL;
+    if (!profile)
+        return PROF_NO_PROFILE;
+    if (profile->vt)
+        return get_value_vt(profile, names, ret_value);
+
+    retval = profile_iterator_create(profile, names,
+                                     PROFILE_ITER_RELATIONS_ONLY, &state);
+    if (retval)
+        return retval;
+
+    retval = profile_iterator(&state, NULL, &value);
+    if (retval)
+        goto cleanup;
+
+    if (value)
+        *ret_value = value;
+    else
+        retval = PROF_NO_RELATION;
+
+cleanup:
+    profile_iterator_free(&state);
+    return retval;
+}
+
+errcode_t KRB5_CALLCONV
+profile_get_string(profile_t profile, const char *name, const char *subname,
+                   const char *subsubname, const char *def_val,
+                   char **ret_string)
+{
+    char            *value;
+    errcode_t       retval;
+    const char      *names[4];
+
+    if (profile) {
+        names[0] = name;
+        names[1] = subname;
+        names[2] = subsubname;
+        names[3] = 0;
+        retval = profile_get_value(profile, names, &value);
+        if (retval == 0) {
+            *ret_string = value;
+            return 0;
+        } else if (retval != PROF_NO_SECTION && retval != PROF_NO_RELATION)
+            return retval;
+    }
+
+    if (def_val) {
+        *ret_string = strdup(def_val);
+        if (*ret_string == NULL)
+            return ENOMEM;
+    } else
+        *ret_string = NULL;
+    return 0;
+}
+
+static errcode_t
+parse_int(const char *value, int *ret_int)
+{
+    char            *end_value;
+    long            ret_long;
+
+    if (value[0] == 0)
+        /* Empty string is no good.  */
+        return PROF_BAD_INTEGER;
+    errno = 0;
+    ret_long = strtol(value, &end_value, 10);
+
+    /* Overflow or underflow.  */
+    if ((ret_long == LONG_MIN || ret_long == LONG_MAX) && errno != 0)
+        return PROF_BAD_INTEGER;
+    /* Value outside "int" range.  */
+    if ((long) (int) ret_long != ret_long)
+        return PROF_BAD_INTEGER;
+    /* Garbage in string.  */
+    if (end_value != value + strlen (value))
+        return PROF_BAD_INTEGER;
+
+    *ret_int = ret_long;
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+profile_get_integer(profile_t profile, const char *name, const char *subname,
+                    const char *subsubname, int def_val, int *ret_int)
+{
+    char            *value;
+    errcode_t       retval;
+    const char      *names[4];
+
+    *ret_int = def_val;
+    if (profile == 0)
+        return 0;
+
+    names[0] = name;
+    names[1] = subname;
+    names[2] = subsubname;
+    names[3] = 0;
+    retval = profile_get_value(profile, names, &value);
+    if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION) {
+        *ret_int = def_val;
+        return 0;
+    } else if (retval)
+        return retval;
+
+    retval = parse_int(value, ret_int);
+    free(value);
+    return retval;
+}
+
+static const char *const conf_yes[] = {
+    "y", "yes", "true", "t", "1", "on",
+    0,
+};
+
+static const char *const conf_no[] = {
+    "n", "no", "false", "nil", "0", "off",
+    0,
+};
+
+static errcode_t
+profile_parse_boolean(const char *s, int *ret_boolean)
+{
+    const char *const *p;
+
+    if (ret_boolean == NULL)
+        return PROF_EINVAL;
+
+    for(p=conf_yes; *p; p++) {
+        if (!strcasecmp(*p,s)) {
+            *ret_boolean = 1;
+            return 0;
+        }
+    }
+
+    for(p=conf_no; *p; p++) {
+        if (!strcasecmp(*p,s)) {
+            *ret_boolean = 0;
+            return 0;
+        }
+    }
+
+    return PROF_BAD_BOOLEAN;
+}
+
+errcode_t KRB5_CALLCONV
+profile_get_boolean(profile_t profile, const char *name, const char *subname,
+                    const char *subsubname, int def_val, int *ret_boolean)
+{
+    char            *value;
+    errcode_t       retval;
+    const char      *names[4];
+
+    if (profile == 0) {
+        *ret_boolean = def_val;
+        return 0;
+    }
+
+    names[0] = name;
+    names[1] = subname;
+    names[2] = subsubname;
+    names[3] = 0;
+    retval = profile_get_value(profile, names, &value);
+    if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION) {
+        *ret_boolean = def_val;
+        return 0;
+    } else if (retval)
+        return retval;
+
+    retval = profile_parse_boolean(value, ret_boolean);
+    free(value);
+    return retval;
+}
+
+/*
+ * This function will return the list of the names of subections in the
+ * under the specified section name.
+ */
+errcode_t KRB5_CALLCONV
+profile_get_subsection_names(profile_t profile, const char **names,
+                             char ***ret_names)
+{
+    errcode_t               retval;
+    void                    *state;
+    char                    *name;
+    struct profile_string_list values;
+
+    if ((retval = profile_iterator_create(profile, names,
+                                          PROFILE_ITER_LIST_SECTION |
+                                          PROFILE_ITER_SECTIONS_ONLY,
+                                          &state)))
+        return retval;
+
+    if ((retval = init_list(&values)))
+        return retval;
+
+    do {
+        if ((retval = profile_iterator(&state, &name, NULL)))
+            goto cleanup;
+        if (name)
+            add_to_list(&values, name);
+        free(name);
+    } while (state);
+
+    end_list(&values, ret_names);
+    return 0;
+
+cleanup:
+    end_list(&values, 0);
+    return retval;
+}
+
+/*
+ * This function will return the list of the names of relations in the
+ * under the specified section name.
+ */
+errcode_t KRB5_CALLCONV
+profile_get_relation_names(profile_t profile, const char **names,
+                           char ***ret_names)
+{
+    errcode_t               retval;
+    void                    *state;
+    char                    *name;
+    struct profile_string_list values;
+
+    if ((retval = profile_iterator_create(profile, names,
+                                          PROFILE_ITER_LIST_SECTION |
+                                          PROFILE_ITER_RELATIONS_ONLY,
+                                          &state)))
+        return retval;
+
+    if ((retval = init_list(&values)))
+        return retval;
+
+    do {
+        if ((retval = profile_iterator(&state, &name, NULL)))
+            goto cleanup;
+        if (name && !is_list_member(&values, name))
+            add_to_list(&values, name);
+        free(name);
+    } while (state);
+
+    end_list(&values, ret_names);
+    return 0;
+
+cleanup:
+    end_list(&values, 0);
+    return retval;
+}
+
+struct profile_iterator {
+    prf_magic_t magic;
+    profile_t profile;
+    void *idata;
+};
+
+errcode_t KRB5_CALLCONV
+profile_iterator_create(profile_t profile, const char *const *names, int flags,
+                        void **ret_iter)
+{
+    struct profile_iterator *iter;
+    errcode_t retval;
+
+    *ret_iter = NULL;
+    if (!profile)
+        return PROF_NO_PROFILE;
+
+    iter = malloc(sizeof(*iter));
+    if (iter == NULL)
+        return ENOMEM;
+    iter->magic = PROF_MAGIC_ITERATOR;
+    iter->profile = profile;
+
+    /* Create the underlying iterator representation using the vtable or the
+     * built-in node iterator. */
+    if (profile->vt) {
+        if (!profile->vt->iterator_create)
+            retval = PROF_UNSUPPORTED;
+        else
+            retval = profile->vt->iterator_create(profile->cbdata, names,
+                                                  flags, &iter->idata);
+    } else {
+        retval = profile_node_iterator_create(profile, names, flags,
+                                              &iter->idata);
+    }
+    if (retval) {
+        free(iter);
+        return retval;
+    }
+
+    *ret_iter = iter;
+    return 0;
+}
+
+void KRB5_CALLCONV
+profile_iterator_free(void **iter_p)
+{
+    struct profile_iterator *iter;
+    profile_t profile;
+
+    if (!iter_p)
+        return;
+    iter = *iter_p;
+    if (!iter || iter->magic != PROF_MAGIC_ITERATOR)
+        return;
+    profile = iter->profile;
+    if (profile->vt)
+        profile->vt->iterator_free(profile->cbdata, iter->idata);
+    else
+        profile_node_iterator_free(&iter->idata);
+    free(iter);
+    *iter_p = NULL;
+}
+
+/* Make copies of name and value into *ret_name and *ret_value.  Handle null
+ * values of any argument. */
+static errcode_t
+set_results(const char *name, const char *value, char **ret_name,
+            char **ret_value)
+{
+    char *name_copy = NULL, *value_copy = NULL;
+
+    if (ret_name && name) {
+        name_copy = strdup(name);
+        if (name_copy == NULL)
+            goto oom;
+    }
+    if (ret_value && value) {
+        value_copy = strdup(value);
+        if (value_copy == NULL)
+            goto oom;
+    }
+    if (ret_name)
+        *ret_name = name_copy;
+    if (ret_value)
+        *ret_value = value_copy;
+    return 0;
+oom:
+    free(name_copy);
+    free(value_copy);
+    return ENOMEM;
+}
+
+errcode_t KRB5_CALLCONV
+profile_iterator(void **iter_p, char **ret_name, char **ret_value)
+{
+    char *name, *value;
+    errcode_t       retval;
+    struct profile_iterator *iter = *iter_p;
+    profile_t profile;
+
+    if (ret_name)
+        *ret_name = NULL;
+    if (ret_value)
+        *ret_value = NULL;
+    if (iter == NULL || iter->magic != PROF_MAGIC_ITERATOR)
+        return PROF_MAGIC_ITERATOR;
+    profile = iter->profile;
+
+    if (profile->vt) {
+        retval = profile->vt->iterator(profile->cbdata, iter->idata, &name,
+                                       &value);
+        if (retval)
+            return retval;
+        if (name == NULL) {
+            profile->vt->iterator_free(profile->cbdata, iter->idata);
+            free(iter);
+            *iter_p = NULL;
+        }
+        retval = set_results(name, value, ret_name, ret_value);
+        if (name)
+            profile->vt->free_string(profile->cbdata, name);
+        if (value)
+            profile->vt->free_string(profile->cbdata, value);
+        return retval;
+    }
+
+    retval = profile_node_iterator(&iter->idata, 0, &name, &value);
+    if (iter->idata == NULL) {
+        free(iter);
+        *iter_p = NULL;
+    }
+    if (retval)
+        return retval;
+    return set_results(name, value, ret_name, ret_value);
+}
+
+void KRB5_CALLCONV
+profile_release_string(char *str)
+{
+    free(str);
+}
diff --git a/krb5-1.21.3/src/util/profile/prof_init.c b/krb5-1.21.3/src/util/profile/prof_init.c
new file mode 100644
index 00000000..cc92248f
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_init.c
@@ -0,0 +1,666 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prof_init.c --- routines that manipulate the user-visible profile_t
+ *      object.
+ */
+
+#include "prof_int.h"
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <errno.h>
+
+/* Create a vtable profile, possibly with a library handle.  The new profile
+ * takes ownership of the handle refcount on success. */
+static errcode_t
+init_module(struct profile_vtable *vtable, void *cbdata,
+            prf_lib_handle_t handle, profile_t *ret_profile)
+{
+    profile_t profile;
+    struct profile_vtable *vt_copy;
+
+    /* Check that the vtable's minor version is sane and that mandatory methods
+     * are implemented. */
+    if (vtable->minor_ver < 1 || !vtable->get_values || !vtable->free_values)
+        return EINVAL;
+    if (vtable->cleanup && !vtable->copy)
+        return EINVAL;
+    if (vtable->iterator_create &&
+        (!vtable->iterator || !vtable->iterator_free || !vtable->free_string))
+        return EINVAL;
+
+    profile = malloc(sizeof(*profile));
+    if (!profile)
+        return ENOMEM;
+    memset(profile, 0, sizeof(*profile));
+
+    vt_copy = malloc(sizeof(*vt_copy));
+    if (!vt_copy) {
+        free(profile);
+        return ENOMEM;
+    }
+    /* It's safe to just copy the caller's vtable for now.  If the minor
+     * version is bumped, we'll need to copy individual fields. */
+    *vt_copy = *vtable;
+
+    profile->vt = vt_copy;
+    profile->cbdata = cbdata;
+    profile->lib_handle = handle;
+    profile->magic = PROF_MAGIC_PROFILE;
+    *ret_profile = profile;
+    return 0;
+}
+
+/* Parse modspec into the module path and residual string. */
+static errcode_t
+parse_modspec(const char *modspec, char **ret_path, char **ret_residual)
+{
+    const char *p;
+    char *path, *fullpath, *residual;
+    errcode_t ret;
+
+    *ret_path = *ret_residual = NULL;
+
+    /* Find the separator, skipping a Windows drive letter if present. */
+    p = (*modspec != '\0' && modspec[1] == ':') ? modspec + 2 : modspec;
+    p = strchr(p, ':');
+    if (p == NULL)
+        return PROF_MODULE_SYNTAX;
+
+    /* Copy the path. */
+    path = malloc(p - modspec + 1);
+    if (path == NULL)
+        return ENOMEM;
+    memcpy(path, modspec, p - modspec);
+    path[p - modspec] = '\0';
+
+    /* Compose the path with LIBDIR if it's not absolute. */
+    ret = k5_path_join(LIBDIR, path, &fullpath);
+    free(path);
+    if (ret)
+        return ret;
+
+    residual = strdup(p + 1);
+    if (residual == NULL) {
+        free(fullpath);
+        return ENOMEM;
+    }
+
+    *ret_path = fullpath;
+    *ret_residual = residual;
+    return 0;
+}
+
+/* Load a dynamic profile module as specified by modspec and create a vtable
+ * profile for it in *ret_profile. */
+static errcode_t
+init_load_module(const char *modspec, profile_t *ret_profile)
+{
+    char *modpath = NULL, *residual = NULL;
+    struct errinfo einfo = { 0 };
+    prf_lib_handle_t lib_handle = NULL;
+    struct plugin_file_handle *plhandle = NULL;
+    void *cbdata = NULL, (*fptr)();
+    int have_lock = 0, have_cbdata = 0;
+    struct profile_vtable vtable = { 1 };  /* Set minor_ver to 1, rest null. */
+    errcode_t err;
+    profile_module_init_fn initfn;
+
+    err = parse_modspec(modspec, &modpath, &residual);
+    if (err)
+        goto cleanup;
+
+    /* Allocate a reference-counted library handle container. */
+    lib_handle = malloc(sizeof(*lib_handle));
+    if (lib_handle == NULL)
+        goto cleanup;
+    err = k5_mutex_init(&lib_handle->lock);
+    if (err)
+        goto cleanup;
+    have_lock = 1;
+
+    /* Open the module and get its initializer. */
+    err = krb5int_open_plugin(modpath, &plhandle, &einfo);
+    if (err)
+        goto cleanup;
+    err = krb5int_get_plugin_func(plhandle, "profile_module_init", &fptr,
+                                  &einfo);
+    if (err == ENOENT)
+        err = PROF_MODULE_INVALID;
+    if (err)
+        goto cleanup;
+
+    /* Get the profile vtable and callback data pointer. */
+    initfn = (profile_module_init_fn)fptr;
+    err = (*initfn)(residual, &vtable, &cbdata);
+    if (err)
+        goto cleanup;
+    have_cbdata = 1;
+
+    /* Create a vtable profile with the information obtained. */
+    lib_handle->plugin_handle = plhandle;
+    lib_handle->refcount = 1;
+    err = init_module(&vtable, cbdata, lib_handle, ret_profile);
+
+cleanup:
+    free(modpath);
+    free(residual);
+    k5_clear_error(&einfo);
+    if (err) {
+        if (have_cbdata && vtable.cleanup)
+            vtable.cleanup(cbdata);
+        if (have_lock)
+            k5_mutex_destroy(&lib_handle->lock);
+        free(lib_handle);
+        if (plhandle)
+            krb5int_close_plugin(plhandle);
+    }
+    return err;
+}
+
+errcode_t KRB5_CALLCONV
+profile_init_flags(const_profile_filespec_t *files, int flags,
+                   profile_t *ret_profile)
+{
+    const_profile_filespec_t *fs;
+    profile_t profile;
+    prf_file_t  new_file, last = 0;
+    errcode_t retval = 0, access_retval = 0;
+    char *modspec = NULL, **modspec_arg;
+
+    profile = malloc(sizeof(struct _profile_t));
+    if (!profile)
+        return ENOMEM;
+    memset(profile, 0, sizeof(struct _profile_t));
+    profile->magic = PROF_MAGIC_PROFILE;
+
+    /*
+     * If the filenames list is not specified or empty, return an empty
+     * profile.
+     */
+    if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
+        for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
+            /* Allow a module declaration if it is permitted by flags and this
+             * is the first file parsed. */
+            modspec_arg = ((flags & PROFILE_INIT_ALLOW_MODULE) && !last) ?
+                &modspec : NULL;
+            retval = profile_open_file(*fs, &new_file, modspec_arg);
+            if (retval == PROF_MODULE && modspec) {
+                /* Stop parsing files and load a dynamic module instead. */
+                free(profile);
+                retval = init_load_module(modspec, ret_profile);
+                free(modspec);
+                return retval;
+            }
+            /* if this file is missing, skip to the next */
+            if (retval == ENOENT) {
+                continue;
+            }
+            /* If we can't read this file, remember it but keep going. */
+            if (retval == EACCES || retval == EPERM) {
+                access_retval = retval;
+                continue;
+            }
+            if (retval) {
+                profile_release(profile);
+                return retval;
+            }
+            if (last)
+                last->next = new_file;
+            else
+                profile->first_file = new_file;
+            last = new_file;
+        }
+        /*
+         * If last is still null after the loop, then all the files were
+         * missing or unreadable, so return the appropriate error.
+         */
+        if (!last) {
+            profile_release(profile);
+            return access_retval ? access_retval : ENOENT;
+        }
+    }
+
+    *ret_profile = profile;
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+profile_init(const_profile_filespec_t *files, profile_t *ret_profile)
+{
+    return profile_init_flags(files, 0, ret_profile);
+}
+
+errcode_t KRB5_CALLCONV
+profile_init_vtable(struct profile_vtable *vtable, void *cbdata,
+                    profile_t *ret_profile)
+{
+    return init_module(vtable, cbdata, NULL, ret_profile);
+}
+
+/* Copy a vtable profile. */
+static errcode_t
+copy_vtable_profile(profile_t profile, profile_t *ret_new_profile)
+{
+    errcode_t err;
+    void *cbdata;
+    profile_t new_profile;
+
+    *ret_new_profile = NULL;
+
+    if (profile->vt->copy) {
+        /* Make a copy of profile's cbdata for the new profile. */
+        err = profile->vt->copy(profile->cbdata, &cbdata);
+        if (err)
+            return err;
+        err = init_module(profile->vt, cbdata, profile->lib_handle,
+                          &new_profile);
+        if (err && profile->vt->cleanup)
+            profile->vt->cleanup(cbdata);
+    } else {
+        /* Use the same cbdata as the old profile. */
+        err = init_module(profile->vt, profile->cbdata, profile->lib_handle,
+                          &new_profile);
+    }
+    if (err)
+        return err;
+
+    /* Increment the refcount on the library handle if there is one. */
+    if (profile->lib_handle) {
+        k5_mutex_lock(&profile->lib_handle->lock);
+        profile->lib_handle->refcount++;
+        k5_mutex_unlock(&profile->lib_handle->lock);
+    }
+
+    *ret_new_profile = new_profile;
+    return 0;
+}
+
+#define COUNT_LINKED_LIST(COUNT, PTYPE, START, FIELD)   \
+    {                                                   \
+        size_t cll_counter = 0;                         \
+        PTYPE cll_ptr = (START);                        \
+        while (cll_ptr != NULL) {                       \
+            cll_counter++;                              \
+            cll_ptr = cll_ptr->FIELD;                   \
+        }                                               \
+        (COUNT) = cll_counter;                          \
+    }
+
+errcode_t KRB5_CALLCONV
+profile_copy(profile_t old_profile, profile_t *new_profile)
+{
+    size_t size, i;
+    const_profile_filespec_t *files;
+    prf_file_t file;
+    errcode_t err;
+
+    if (old_profile->vt)
+        return copy_vtable_profile(old_profile, new_profile);
+
+    /* The fields we care about are read-only after creation, so
+       no locking is needed.  */
+    COUNT_LINKED_LIST (size, prf_file_t, old_profile->first_file, next);
+    files = malloc ((size+1) * sizeof(*files));
+    if (files == NULL)
+        return ENOMEM;
+    for (i = 0, file = old_profile->first_file; i < size; i++, file = file->next)
+        files[i] = file->data->filespec;
+    files[size] = NULL;
+    err = profile_init (files, new_profile);
+    free (files);
+    return err;
+}
+
+errcode_t KRB5_CALLCONV
+profile_init_path(const_profile_filespec_list_t filepath,
+                  profile_t *ret_profile)
+{
+    unsigned int n_entries;
+    int i;
+    unsigned int ent_len;
+    const char *s, *t;
+    profile_filespec_t *filenames;
+    errcode_t retval;
+
+    /* count the distinct filename components */
+    for(s = filepath, n_entries = 1; *s; s++) {
+        if (*s == ':')
+            n_entries++;
+    }
+
+    /* the array is NULL terminated */
+    filenames = (profile_filespec_t*) malloc((n_entries+1) * sizeof(char*));
+    if (filenames == 0)
+        return ENOMEM;
+
+    /* measure, copy, and skip each one */
+    for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) {
+        ent_len = (unsigned int) (t-s);
+        filenames[i] = (char*) malloc(ent_len + 1);
+        if (filenames[i] == 0) {
+            /* if malloc fails, free the ones that worked */
+            while(--i >= 0) free(filenames[i]);
+            free(filenames);
+            return ENOMEM;
+        }
+        strncpy(filenames[i], s, ent_len);
+        filenames[i][ent_len] = 0;
+        if (*t == 0) {
+            i++;
+            break;
+        }
+    }
+    /* cap the array */
+    filenames[i] = 0;
+
+    retval = profile_init_flags((const_profile_filespec_t *) filenames, 0,
+                                ret_profile);
+
+    /* count back down and free the entries */
+    while(--i >= 0) free(filenames[i]);
+    free(filenames);
+
+    return retval;
+}
+
+errcode_t KRB5_CALLCONV
+profile_is_writable(profile_t profile, int *writable)
+{
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+
+    if (!writable)
+        return EINVAL;
+    *writable = 0;
+
+    if (profile->vt) {
+        if (profile->vt->writable)
+            return profile->vt->writable(profile->cbdata, writable);
+        else
+            return 0;
+    }
+
+    if (profile->first_file)
+        *writable = profile_file_is_writable(profile->first_file);
+
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+profile_is_modified(profile_t profile, int *modified)
+{
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+
+    if (!modified)
+        return EINVAL;
+    *modified = 0;
+
+    if (profile->vt) {
+        if (profile->vt->modified)
+            return profile->vt->modified(profile->cbdata, modified);
+        else
+            return 0;
+    }
+
+    if (profile->first_file)
+        *modified = (profile->first_file->data->flags & PROFILE_FILE_DIRTY);
+
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+profile_flush(profile_t profile)
+{
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+
+    if (profile->vt) {
+        if (profile->vt->flush)
+            return profile->vt->flush(profile->cbdata);
+        return 0;
+    }
+
+    if (profile->first_file)
+        return profile_flush_file(profile->first_file);
+
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+profile_flush_to_file(profile_t profile, const_profile_filespec_t outfile)
+{
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+
+    if (profile->vt)
+        return PROF_UNSUPPORTED;
+
+    if (profile->first_file)
+        return profile_flush_file_to_file(profile->first_file,
+                                          outfile);
+
+    return 0;
+}
+
+errcode_t KRB5_CALLCONV
+profile_flush_to_buffer(profile_t profile, char **buf)
+{
+    if (profile->vt)
+        return PROF_UNSUPPORTED;
+    return profile_flush_file_data_to_buffer(profile->first_file->data, buf);
+}
+
+void KRB5_CALLCONV
+profile_free_buffer(profile_t profile, char *buf)
+{
+    free(buf);
+}
+
+void KRB5_CALLCONV
+profile_abandon(profile_t profile)
+{
+    prf_file_t      p, next;
+
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return;
+
+    if (profile->vt) {
+        if (profile->vt->cleanup)
+            profile->vt->cleanup(profile->cbdata);
+        if (profile->lib_handle) {
+            /* Decrement the refcount on the handle and maybe free it. */
+            k5_mutex_lock(&profile->lib_handle->lock);
+            if (--profile->lib_handle->refcount == 0) {
+                krb5int_close_plugin(profile->lib_handle->plugin_handle);
+                k5_mutex_unlock(&profile->lib_handle->lock);
+                k5_mutex_destroy(&profile->lib_handle->lock);
+                free(profile->lib_handle);
+            } else
+                k5_mutex_unlock(&profile->lib_handle->lock);
+        }
+        free(profile->vt);
+    } else {
+        for (p = profile->first_file; p; p = next) {
+            next = p->next;
+            profile_free_file(p);
+        }
+    }
+    profile->magic = 0;
+    free(profile);
+}
+
+void KRB5_CALLCONV
+profile_release(profile_t profile)
+{
+    prf_file_t      p, next;
+
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return;
+
+    if (profile->vt) {
+        /* Flush the profile and then delegate to profile_abandon. */
+        if (profile->vt->flush)
+            profile->vt->flush(profile->cbdata);
+        profile_abandon(profile);
+        return;
+    } else {
+        for (p = profile->first_file; p; p = next) {
+            next = p->next;
+            profile_close_file(p);
+        }
+    }
+    profile->magic = 0;
+    free(profile);
+}
+
+/*
+ * Here begins the profile serialization functions.
+ */
+errcode_t profile_ser_size(const char *unused, profile_t profile,
+                           size_t *sizep)
+{
+    size_t      required;
+    prf_file_t  pfp;
+
+    required = 3*sizeof(int32_t);
+    for (pfp = profile->first_file; pfp; pfp = pfp->next) {
+        required += sizeof(int32_t);
+        required += strlen(pfp->data->filespec);
+    }
+    *sizep += required;
+    return 0;
+}
+
+static void pack_int32(int32_t oval, unsigned char **bufpp, size_t *remainp)
+{
+    store_32_be(oval, *bufpp);
+    *bufpp += sizeof(int32_t);
+    *remainp -= sizeof(int32_t);
+}
+
+errcode_t profile_ser_externalize(const char *unused, profile_t profile,
+                                  unsigned char **bufpp, size_t *remainp)
+{
+    errcode_t           retval;
+    size_t              required;
+    unsigned char       *bp;
+    size_t              remain;
+    prf_file_t          pfp;
+    int32_t             fcount, slen;
+
+    required = 0;
+    bp = *bufpp;
+    remain = *remainp;
+    retval = EINVAL;
+    if (profile) {
+        retval = ENOMEM;
+        (void) profile_ser_size(unused, profile, &required);
+        if (required <= remain) {
+            fcount = 0;
+            for (pfp = profile->first_file; pfp; pfp = pfp->next)
+                fcount++;
+            pack_int32(PROF_MAGIC_PROFILE, &bp, &remain);
+            pack_int32(fcount, &bp, &remain);
+            for (pfp = profile->first_file; pfp; pfp = pfp->next) {
+                slen = (int32_t) strlen(pfp->data->filespec);
+                pack_int32(slen, &bp, &remain);
+                if (slen) {
+                    memcpy(bp, pfp->data->filespec, (size_t) slen);
+                    bp += slen;
+                    remain -= (size_t) slen;
+                }
+            }
+            pack_int32(PROF_MAGIC_PROFILE, &bp, &remain);
+            retval = 0;
+            *bufpp = bp;
+            *remainp = remain;
+        }
+    }
+    return(retval);
+}
+
+static int unpack_int32(int32_t *intp, unsigned char **bufpp,
+                        size_t *remainp)
+{
+    if (*remainp >= sizeof(int32_t)) {
+        *intp = load_32_be(*bufpp);
+        *bufpp += sizeof(int32_t);
+        *remainp -= sizeof(int32_t);
+        return 0;
+    }
+    else
+        return 1;
+}
+
+errcode_t profile_ser_internalize(const char *unused, profile_t *profilep,
+                                  unsigned char **bufpp, size_t *remainp)
+{
+    errcode_t               retval;
+    unsigned char   *bp;
+    size_t          remain;
+    int                     i;
+    int32_t                 fcount, tmp;
+    profile_filespec_t              *flist = 0;
+
+    bp = *bufpp;
+    remain = *remainp;
+    fcount = 0;
+
+    if (remain >= 12)
+        (void) unpack_int32(&tmp, &bp, &remain);
+    else
+        tmp = 0;
+
+    if (tmp != PROF_MAGIC_PROFILE) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    (void) unpack_int32(&fcount, &bp, &remain);
+    retval = ENOMEM;
+
+    flist = (profile_filespec_t *) malloc(sizeof(profile_filespec_t) * (size_t) (fcount + 1));
+    if (!flist)
+        goto cleanup;
+
+    memset(flist, 0, sizeof(char *) * (size_t) (fcount+1));
+    for (i=0; i<fcount; i++) {
+        if (!unpack_int32(&tmp, &bp, &remain)) {
+            flist[i] = (char *) malloc((size_t) (tmp+1));
+            if (!flist[i])
+                goto cleanup;
+            memcpy(flist[i], bp, (size_t) tmp);
+            flist[i][tmp] = '\0';
+            bp += tmp;
+            remain -= (size_t) tmp;
+        }
+    }
+
+    if (unpack_int32(&tmp, &bp, &remain) ||
+        (tmp != PROF_MAGIC_PROFILE)) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    if ((retval = profile_init((const_profile_filespec_t *) flist,
+                               profilep)))
+        goto cleanup;
+
+    *bufpp = bp;
+    *remainp = remain;
+
+cleanup:
+    if (flist) {
+        for (i=0; i<fcount; i++) {
+            if (flist[i])
+                free(flist[i]);
+        }
+        free(flist);
+    }
+    return(retval);
+}
diff --git a/krb5-1.21.3/src/util/profile/prof_int.h b/krb5-1.21.3/src/util/profile/prof_int.h
new file mode 100644
index 00000000..b42fd7b4
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_int.h
@@ -0,0 +1,266 @@
+/*
+ * prof-int.h
+ */
+
+#include "k5-platform.h"
+#include "k5-thread.h"
+#include "k5-plugin.h"
+
+#include <time.h>
+
+#if defined(__MACH__) && defined(__APPLE__)
+#include <TargetConditionals.h>
+#define PROFILE_SUPPORTS_FOREIGN_NEWLINES
+#endif
+
+#include "com_err.h"
+#include "profile.h"
+
+typedef long prf_magic_t;
+
+/*
+ * This is the structure which stores the profile information for a
+ * particular configuration file.
+ *
+ * Locking strategy:
+ * - filespec, fslen are fixed after creation
+ * - refcount and next should only be tweaked with the global lock held
+ * - other fields can be tweaked after grabbing the in-struct lock
+ */
+struct _prf_data_t {
+	prf_magic_t	magic;
+	k5_mutex_t	lock;
+	struct profile_node *root;
+	time_t		last_stat;
+	time_t		timestamp; /* time tree was last updated from file */
+	unsigned long	frac_ts;   /* fractional part of timestamp, if any */
+	int		flags;	/* r/w, dirty */
+	int		upd_serial; /* incremented when data changes */
+
+	size_t		fslen;
+
+	/* Some separation between fields controlled by different
+	   mutexes.  Theoretically, both could be accessed at the same
+	   time from different threads on different CPUs with separate
+	   caches.  Don't let the threads clobber each other's
+	   changes.  One mutex controlling the whole thing would be
+	   better, but sufficient separation might suffice.
+
+	   This is icky.  I just hope it's adequate.
+
+	   For next major release, fix this.  */
+	union { double d; void *p; uint64_t ll; k5_mutex_t m; } pad;
+
+	int		refcount; /* prf_file_t references */
+	struct _prf_data_t *next;
+	/* Was: "profile_filespec_t filespec".  Now: flexible char
+	   array ... except, we need to work in C89, so an array
+	   length must be specified.  */
+	const char	filespec[sizeof("/etc/krb5.conf")];
+};
+
+typedef struct _prf_data_t *prf_data_t;
+prf_data_t profile_make_prf_data(const char *);
+
+struct _prf_file_t {
+	prf_magic_t	magic;
+	struct _prf_data_t	*data;
+	struct _prf_file_t *next;
+};
+
+typedef struct _prf_file_t *prf_file_t;
+
+/*
+ * The profile flags
+ */
+#define PROFILE_FILE_NO_RELOAD		0x0001
+#define PROFILE_FILE_DIRTY		0x0002
+#define PROFILE_FILE_SHARED		0x0004
+
+struct _prf_lib_handle_t {
+	k5_mutex_t lock;
+	int refcount;
+	struct plugin_file_handle *plugin_handle;
+};
+
+typedef struct _prf_lib_handle_t *prf_lib_handle_t;
+
+/*
+ * This structure defines the high-level, user visible profile_t
+ * object, which is used as a handle by users who need to query some
+ * configuration file(s)
+ */
+struct _profile_t {
+	prf_magic_t	magic;
+	prf_file_t	first_file;
+
+	/* If non-null, use vtable operations instead of native ones. */
+	struct profile_vtable *vt;
+	void		*cbdata;
+	prf_lib_handle_t lib_handle;
+};
+
+/*
+ * Used by the profile iterator in prof_get.c
+ */
+#define PROFILE_ITER_LIST_SECTION	0x0001
+#define PROFILE_ITER_SECTIONS_ONLY	0x0002
+#define PROFILE_ITER_RELATIONS_ONLY	0x0004
+
+#define PROFILE_ITER_FINAL_SEEN		0x0100
+
+/*
+ * Check if a filespec is last in a list (NULL on UNIX, invalid FSSpec on MacOS
+ */
+
+#define	PROFILE_LAST_FILESPEC(x) (((x) == NULL) || ((x)[0] == '\0'))
+
+/* profile_parse.c */
+
+errcode_t profile_parse_file
+	(FILE *f, struct profile_node **root, char **ret_modspec);
+
+errcode_t profile_process_directory
+	(const char *dirname, struct profile_node **root);
+
+errcode_t profile_write_tree_file
+	(struct profile_node *root, FILE *dstfile);
+
+errcode_t profile_write_tree_to_buffer
+	(struct profile_node *root, char **buf);
+
+
+/* prof_tree.c */
+
+void profile_free_node
+	(struct profile_node *relation);
+
+errcode_t profile_create_node
+	(const char *name, const char *value,
+		   struct profile_node **ret_node);
+
+errcode_t profile_verify_node
+	(struct profile_node *node);
+
+errcode_t profile_add_node
+	(struct profile_node *section,
+		    const char *name, const char *value,
+		    struct profile_node **ret_node);
+
+errcode_t profile_make_node_final
+	(struct profile_node *node);
+
+int profile_is_node_final
+	(struct profile_node *node);
+
+const char *profile_get_node_name
+	(struct profile_node *node);
+
+const char *profile_get_node_value
+	(struct profile_node *node);
+
+errcode_t profile_find_node
+	(struct profile_node *section,
+		    const char *name, const char *value,
+		    int section_flag, void **state,
+		    struct profile_node **node);
+
+errcode_t profile_find_node_relation
+	(struct profile_node *section,
+		    const char *name, void **state,
+		    char **ret_name, char **value);
+
+errcode_t profile_find_node_subsection
+	(struct profile_node *section,
+		    const char *name, void **state,
+		    char **ret_name, struct profile_node **subsection);
+
+errcode_t profile_get_node_parent
+	(struct profile_node *section,
+		   struct profile_node **parent);
+
+errcode_t profile_delete_node_relation
+	(struct profile_node *section, const char *name);
+
+errcode_t profile_find_node_name
+	(struct profile_node *section, void **state,
+		    char **ret_name);
+
+errcode_t profile_node_iterator_create
+	(profile_t profile, const char *const *names,
+		   int flags, void **ret_iter);
+
+void profile_node_iterator_free
+	(void	**iter_p);
+
+errcode_t profile_node_iterator
+	(void	**iter_p, struct profile_node **ret_node,
+		   char **ret_name, char **ret_value);
+
+errcode_t profile_remove_node
+	(struct profile_node *node);
+
+errcode_t profile_set_relation_value
+	(struct profile_node *node, const char *new_value);
+
+errcode_t profile_rename_node
+	(struct profile_node *node, const char *new_name);
+
+/* prof_file.c */
+
+errcode_t KRB5_CALLCONV profile_copy (profile_t, profile_t *);
+
+errcode_t profile_open_file
+	(const_profile_filespec_t file, prf_file_t *ret_prof,
+	 char **ret_modspec);
+
+#define profile_update_file(P, M) profile_update_file_data((P)->data, M)
+errcode_t profile_update_file_data
+	(prf_data_t profile, char **ret_modspec);
+#define profile_update_file_locked(P, M) profile_update_file_data_locked((P)->data, M)
+errcode_t profile_update_file_data_locked
+	(prf_data_t data, char **ret_modspec);
+
+#define profile_flush_file(P) (((P) && (P)->magic == PROF_MAGIC_FILE) ? profile_flush_file_data((P)->data) : PROF_MAGIC_FILE)
+errcode_t profile_flush_file_data
+	(prf_data_t data);
+
+#define profile_flush_file_to_file(P,F) (((P) && (P)->magic == PROF_MAGIC_FILE) ? profile_flush_file_data_to_file((P)->data, (F)) : PROF_MAGIC_FILE)
+errcode_t profile_flush_file_data_to_file
+	(prf_data_t data, const char *outfile);
+
+errcode_t profile_flush_file_data_to_buffer
+	(prf_data_t data, char **bufp);
+
+void profile_free_file
+	(prf_file_t profile);
+
+errcode_t profile_close_file
+	(prf_file_t profile);
+
+int profile_file_is_writable
+	(prf_file_t profile);
+
+void profile_dereference_data (prf_data_t);
+void profile_dereference_data_locked (prf_data_t);
+
+void profile_lock_global (void);
+void profile_unlock_global (void);
+
+/* prof_init.c -- included from profile.h */
+errcode_t profile_ser_size
+        (const char *, profile_t, size_t *);
+
+errcode_t profile_ser_externalize
+        (const char *, profile_t, unsigned char **, size_t *);
+
+errcode_t profile_ser_internalize
+        (const char *, profile_t *, unsigned char **, size_t *);
+
+/* prof_get.c */
+
+errcode_t profile_get_value
+	(profile_t profile, const char **names, char **ret_value);
+/* Others included from profile.h */
+
+/* prof_set.c -- included from profile.h */
diff --git a/krb5-1.21.3/src/util/profile/prof_parse.c b/krb5-1.21.3/src/util/profile/prof_parse.c
new file mode 100644
index 00000000..7ba44aca
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_parse.c
@@ -0,0 +1,634 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "prof_int.h"
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <errno.h>
+#include <ctype.h>
+#ifndef _WIN32
+#include <dirent.h>
+#endif
+
+#define SECTION_SEP_CHAR '/'
+
+#define STATE_INIT_COMMENT      1
+#define STATE_STD_LINE          2
+#define STATE_GET_OBRACE        3
+
+struct parse_state {
+    int     state;
+    int     group_level;
+    struct profile_node *root_section;
+    struct profile_node *current_section;
+};
+
+static errcode_t parse_file(FILE *f, struct parse_state *state,
+                            char **ret_modspec);
+
+static char *skip_over_blanks(char *cp)
+{
+    while (*cp && isspace((int) (*cp)))
+        cp++;
+    return cp;
+}
+
+static void strip_line(char *line)
+{
+    char *p = line + strlen(line);
+    while (p > line && (p[-1] == '\n' || p[-1] == '\r'))
+        *--p = 0;
+}
+
+static void parse_quoted_string(char *str)
+{
+    char *to, *from;
+
+    for (to = from = str; *from && *from != '"'; to++, from++) {
+        if (*from == '\\' && *(from + 1) != '\0') {
+            from++;
+            switch (*from) {
+            case 'n':
+                *to = '\n';
+                break;
+            case 't':
+                *to = '\t';
+                break;
+            case 'b':
+                *to = '\b';
+                break;
+            default:
+                *to = *from;
+            }
+            continue;
+        }
+        *to = *from;
+    }
+    *to = '\0';
+}
+
+
+static errcode_t parse_std_line(char *line, struct parse_state *state)
+{
+    char    *cp, ch, *tag, *value;
+    char    *p;
+    errcode_t retval;
+    struct profile_node     *node;
+    int do_subsection = 0;
+    void *iter = 0;
+
+    if (*line == 0)
+        return 0;
+    cp = skip_over_blanks(line);
+    if (cp[0] == ';' || cp[0] == '#')
+        return 0;
+    strip_line(cp);
+    ch = *cp;
+    if (ch == 0)
+        return 0;
+    if (ch == '[') {
+        if (state->group_level > 0)
+            return PROF_SECTION_NOTOP;
+        cp++;
+        p = strchr(cp, ']');
+        if (p == NULL)
+            return PROF_SECTION_SYNTAX;
+        *p = '\0';
+        retval = profile_find_node_subsection(state->root_section,
+                                              cp, &iter, 0,
+                                              &state->current_section);
+        if (retval == PROF_NO_SECTION) {
+            retval = profile_add_node(state->root_section,
+                                      cp, 0,
+                                      &state->current_section);
+            if (retval)
+                return retval;
+        } else if (retval)
+            return retval;
+
+        /*
+         * Finish off the rest of the line.
+         */
+        cp = p+1;
+        if (*cp == '*') {
+            profile_make_node_final(state->current_section);
+            cp++;
+        }
+        /*
+         * A space after ']' should not be fatal
+         */
+        cp = skip_over_blanks(cp);
+        if (*cp)
+            return PROF_SECTION_SYNTAX;
+        return 0;
+    }
+    if (ch == '}') {
+        if (state->group_level == 0)
+            return PROF_EXTRA_CBRACE;
+        if (*(cp+1) == '*')
+            profile_make_node_final(state->current_section);
+        retval = profile_get_node_parent(state->current_section,
+                                         &state->current_section);
+        if (retval)
+            return retval;
+        state->group_level--;
+        return 0;
+    }
+    /*
+     * Parse the relations
+     */
+    tag = cp;
+    cp = strchr(cp, '=');
+    if (!cp)
+        return PROF_RELATION_SYNTAX;
+    if (cp == tag)
+        return PROF_RELATION_SYNTAX;
+    *cp = '\0';
+    p = tag;
+    /* Look for whitespace on left-hand side.  */
+    while (p < cp && !isspace((int)*p))
+        p++;
+    if (p < cp) {
+        /* Found some sort of whitespace.  */
+        *p++ = 0;
+        /* If we have more non-whitespace, it's an error.  */
+        while (p < cp) {
+            if (!isspace((int)*p))
+                return PROF_RELATION_SYNTAX;
+            p++;
+        }
+    }
+    cp = skip_over_blanks(cp+1);
+    value = cp;
+    if (value[0] == '"') {
+        value++;
+        parse_quoted_string(value);
+    } else if (value[0] == 0) {
+        do_subsection++;
+        state->state = STATE_GET_OBRACE;
+    } else if (value[0] == '{' && *(skip_over_blanks(value+1)) == 0)
+        do_subsection++;
+    else {
+        cp = value + strlen(value) - 1;
+        while ((cp > value) && isspace((int) (*cp)))
+            *cp-- = 0;
+    }
+    if (do_subsection) {
+        p = strchr(tag, '*');
+        if (p)
+            *p = '\0';
+        retval = profile_add_node(state->current_section,
+                                  tag, 0, &state->current_section);
+        if (retval)
+            return retval;
+        if (p)
+            profile_make_node_final(state->current_section);
+        state->group_level++;
+        return 0;
+    }
+    p = strchr(tag, '*');
+    if (p)
+        *p = '\0';
+    profile_add_node(state->current_section, tag, value, &node);
+    if (p)
+        profile_make_node_final(node);
+    return 0;
+}
+
+/* Open and parse an included profile file. */
+static errcode_t parse_include_file(const char *filename,
+                                    struct profile_node *root_section)
+{
+    FILE    *fp;
+    errcode_t retval = 0;
+    struct parse_state state;
+
+    /* Create a new state so that fragments are syntactically independent but
+     * share a root section. */
+    state.state = STATE_INIT_COMMENT;
+    state.group_level = 0;
+    state.root_section = root_section;
+    state.current_section = NULL;
+
+    fp = fopen(filename, "r");
+    if (fp == NULL)
+        return PROF_FAIL_INCLUDE_FILE;
+    retval = parse_file(fp, &state, NULL);
+    fclose(fp);
+    return retval;
+}
+
+/* Return non-zero if filename contains only alphanumeric characters, dashes,
+ * and underscores, or if the filename ends in ".conf" and is not a dotfile. */
+static int valid_name(const char *filename)
+{
+    const char *p;
+    size_t len = strlen(filename);
+
+    /* Ignore dotfiles, which might be editor or filesystem artifacts. */
+    if (*filename == '.')
+        return 0;
+
+    if (len >= 5 && !strcmp(filename + len - 5, ".conf"))
+        return 1;
+
+    for (p = filename; *p != '\0'; p++) {
+        if (!isalnum((unsigned char)*p) && *p != '-' && *p != '_')
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Include files within dirname.  Only files with names ending in ".conf", or
+ * consisting entirely of alphanumeric characters, dashes, and underscores are
+ * included.  This restriction avoids including editor backup files, .rpmsave
+ * files, and the like.  Files are processed in alphanumeric order.
+ */
+static errcode_t parse_include_dir(const char *dirname,
+                                   struct profile_node *root_section)
+{
+    errcode_t retval = 0;
+    char **fnames, *pathname;
+    int i;
+
+    if (k5_dir_filenames(dirname, &fnames) != 0)
+        return PROF_FAIL_INCLUDE_DIR;
+
+    for (i = 0; fnames != NULL && fnames[i] != NULL; i++) {
+        if (!valid_name(fnames[i]))
+            continue;
+        if (asprintf(&pathname, "%s/%s", dirname, fnames[i]) < 0) {
+            retval = ENOMEM;
+            break;
+        }
+        retval = parse_include_file(pathname, root_section);
+        free(pathname);
+        if (retval)
+            break;
+    }
+    k5_free_filenames(fnames);
+    return retval;
+}
+
+static errcode_t parse_line(char *line, struct parse_state *state,
+                            char **ret_modspec)
+{
+    char    *cp;
+
+    if (strncmp(line, "include", 7) == 0 && isspace(line[7])) {
+        cp = skip_over_blanks(line + 7);
+        strip_line(cp);
+        return parse_include_file(cp, state->root_section);
+    }
+    if (strncmp(line, "includedir", 10) == 0 && isspace(line[10])) {
+        cp = skip_over_blanks(line + 10);
+        strip_line(cp);
+        return parse_include_dir(cp, state->root_section);
+    }
+    switch (state->state) {
+    case STATE_INIT_COMMENT:
+        if (strncmp(line, "module", 6) == 0 && isspace(line[6])) {
+            /*
+             * If we are expecting a module declaration, fill in *ret_modspec
+             * and return PROF_MODULE, which will cause parsing to abort and
+             * the module to be loaded instead.  If we aren't expecting a
+             * module declaration, return PROF_MODULE without filling in
+             * *ret_modspec, which will be treated as an ordinary error.
+             */
+            if (ret_modspec) {
+                cp = skip_over_blanks(line + 6);
+                strip_line(cp);
+                *ret_modspec = strdup(cp);
+                if (!*ret_modspec)
+                    return ENOMEM;
+            }
+            return PROF_MODULE;
+        }
+        if (line[0] != '[')
+            return 0;
+        state->state = STATE_STD_LINE;
+    case STATE_STD_LINE:
+        return parse_std_line(line, state);
+    case STATE_GET_OBRACE:
+        cp = skip_over_blanks(line);
+        if (*cp != '{')
+            return PROF_MISSING_OBRACE;
+        state->state = STATE_STD_LINE;
+    }
+    return 0;
+}
+
+static errcode_t parse_file(FILE *f, struct parse_state *state,
+                            char **ret_modspec)
+{
+#define BUF_SIZE        2048
+    char *bptr;
+    errcode_t retval;
+
+    bptr = malloc (BUF_SIZE);
+    if (!bptr)
+        return ENOMEM;
+
+    while (!feof(f)) {
+        if (fgets(bptr, BUF_SIZE, f) == NULL)
+            break;
+#ifndef PROFILE_SUPPORTS_FOREIGN_NEWLINES
+        retval = parse_line(bptr, state, ret_modspec);
+        if (retval) {
+            free (bptr);
+            return retval;
+        }
+#else
+        {
+            char *p, *end;
+
+            if (strlen(bptr) >= BUF_SIZE - 1) {
+                /* The string may have foreign newlines and
+                   gotten chopped off on a non-newline
+                   boundary.  Seek backwards to the last known
+                   newline.  */
+                long offset;
+                char *c = bptr + strlen (bptr);
+                for (offset = 0; offset > -BUF_SIZE; offset--) {
+                    if (*c == '\r' || *c == '\n') {
+                        *c = '\0';
+                        fseek (f, offset, SEEK_CUR);
+                        break;
+                    }
+                    c--;
+                }
+            }
+
+            /* First change all newlines to \n */
+            for (p = bptr; *p != '\0'; p++) {
+                if (*p == '\r')
+                    *p = '\n';
+            }
+            /* Then parse all lines */
+            p = bptr;
+            end = bptr + strlen (bptr);
+            while (p < end) {
+                char* newline;
+                char* newp;
+
+                newline = strchr (p, '\n');
+                if (newline != NULL)
+                    *newline = '\0';
+
+                /* parse_line modifies contents of p */
+                newp = p + strlen (p) + 1;
+                retval = parse_line (p, state, ret_modspec);
+                if (retval) {
+                    free (bptr);
+                    return retval;
+                }
+
+                p = newp;
+            }
+        }
+#endif
+    }
+
+    free (bptr);
+    return 0;
+}
+
+errcode_t profile_parse_file(FILE *f, struct profile_node **root,
+                             char **ret_modspec)
+{
+    struct parse_state state;
+    errcode_t retval;
+
+    *root = NULL;
+
+    /* Initialize parsing state with a new root node. */
+    state.state = STATE_INIT_COMMENT;
+    state.group_level = 0;
+    state.current_section = NULL;
+    retval = profile_create_node("(root)", 0, &state.root_section);
+    if (retval)
+        return retval;
+
+    retval = parse_file(f, &state, ret_modspec);
+    if (retval) {
+        profile_free_node(state.root_section);
+        return retval;
+    }
+    *root = state.root_section;
+    return 0;
+}
+
+errcode_t profile_process_directory(const char *dirname,
+                                    struct profile_node **root)
+{
+    errcode_t retval;
+    struct profile_node *node;
+
+    *root = NULL;
+    retval = profile_create_node("(root)", 0, &node);
+    if (retval)
+        return retval;
+    retval = parse_include_dir(dirname, node);
+    if (retval) {
+        profile_free_node(node);
+        return retval;
+    }
+    *root = node;
+    return 0;
+}
+
+/*
+ * Return TRUE if the string begins or ends with whitespace
+ */
+static int need_double_quotes(char *str)
+{
+    if (!str)
+        return 0;
+    if (str[0] == '\0')
+        return 1;
+    if (isspace((int) (*str)) ||isspace((int) (*(str + strlen(str) - 1))))
+        return 1;
+    if (strchr(str, '\n') || strchr(str, '\t') || strchr(str, '\b'))
+        return 1;
+    return 0;
+}
+
+/*
+ * Output a string with double quotes, doing appropriate backquoting
+ * of characters as necessary.
+ */
+static void output_quoted_string(char *str, void (*cb)(const char *,void *),
+                                 void *data)
+{
+    char    ch;
+    char buf[2];
+
+    cb("\"", data);
+    if (!str) {
+        cb("\"", data);
+        return;
+    }
+    buf[1] = 0;
+    while ((ch = *str++)) {
+        switch (ch) {
+        case '\\':
+            cb("\\\\", data);
+            break;
+        case '\n':
+            cb("\\n", data);
+            break;
+        case '\t':
+            cb("\\t", data);
+            break;
+        case '\b':
+            cb("\\b", data);
+            break;
+        default:
+            /* This would be a lot faster if we scanned
+               forward for the next "interesting"
+               character.  */
+            buf[0] = ch;
+            cb(buf, data);
+            break;
+        }
+    }
+    cb("\"", data);
+}
+
+
+
+#if defined(_WIN32)
+#define EOL "\r\n"
+#endif
+
+#ifndef EOL
+#define EOL "\n"
+#endif
+
+/* Errors should be returned, not ignored!  */
+static void dump_profile(struct profile_node *root, int level,
+                         void (*cb)(const char *, void *), void *data)
+{
+    int i;
+    struct profile_node *p;
+    void *iter;
+    long retval;
+    char *name, *value;
+
+    iter = 0;
+    do {
+        retval = profile_find_node_relation(root, 0, &iter,
+                                            &name, &value);
+        if (retval)
+            break;
+        for (i=0; i < level; i++)
+            cb("\t", data);
+        if (need_double_quotes(value)) {
+            cb(name, data);
+            cb(" = ", data);
+            output_quoted_string(value, cb, data);
+            cb(EOL, data);
+        } else {
+            cb(name, data);
+            cb(" = ", data);
+            cb(value, data);
+            cb(EOL, data);
+        }
+    } while (iter != 0);
+
+    iter = 0;
+    do {
+        retval = profile_find_node_subsection(root, 0, &iter,
+                                              &name, &p);
+        if (retval)
+            break;
+        if (level == 0) { /* [xxx] */
+            cb("[", data);
+            cb(name, data);
+            cb("]", data);
+            cb(profile_is_node_final(p) ? "*" : "", data);
+            cb(EOL, data);
+            dump_profile(p, level+1, cb, data);
+            cb(EOL, data);
+        } else {        /* xxx = { ... } */
+            for (i=0; i < level; i++)
+                cb("\t", data);
+            cb(name, data);
+            cb(" = {", data);
+            cb(EOL, data);
+            dump_profile(p, level+1, cb, data);
+            for (i=0; i < level; i++)
+                cb("\t", data);
+            cb("}", data);
+            cb(profile_is_node_final(p) ? "*" : "", data);
+            cb(EOL, data);
+        }
+    } while (iter != 0);
+}
+
+static void dump_profile_to_file_cb(const char *str, void *data)
+{
+    fputs(str, data);
+}
+
+errcode_t profile_write_tree_file(struct profile_node *root, FILE *dstfile)
+{
+    dump_profile(root, 0, dump_profile_to_file_cb, dstfile);
+    return 0;
+}
+
+struct prof_buf {
+    char *base;
+    size_t cur, max;
+    int err;
+};
+
+static void add_data_to_buffer(struct prof_buf *b, const void *d, size_t len)
+{
+    if (b->err)
+        return;
+    if (b->max - b->cur < len) {
+        size_t newsize;
+        char *newptr;
+
+        newsize = b->max + (b->max >> 1) + len + 1024;
+        newptr = realloc(b->base, newsize);
+        if (newptr == NULL) {
+            b->err = 1;
+            return;
+        }
+        b->base = newptr;
+        b->max = newsize;
+    }
+    memcpy(b->base + b->cur, d, len);
+    b->cur += len;          /* ignore overflow */
+}
+
+static void dump_profile_to_buffer_cb(const char *str, void *data)
+{
+    add_data_to_buffer((struct prof_buf *)data, str, strlen(str));
+}
+
+errcode_t profile_write_tree_to_buffer(struct profile_node *root,
+                                       char **buf)
+{
+    struct prof_buf prof_buf = { 0, 0, 0, 0 };
+
+    dump_profile(root, 0, dump_profile_to_buffer_cb, &prof_buf);
+    if (prof_buf.err) {
+        *buf = NULL;
+        return ENOMEM;
+    }
+    add_data_to_buffer(&prof_buf, "", 1); /* append nul */
+    if (prof_buf.max - prof_buf.cur > (prof_buf.max >> 3)) {
+        char *newptr = realloc(prof_buf.base, prof_buf.cur);
+        if (newptr)
+            prof_buf.base = newptr;
+    }
+    *buf = prof_buf.base;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/prof_set.c b/krb5-1.21.3/src/util/profile/prof_set.c
new file mode 100644
index 00000000..af4b2f85
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_set.c
@@ -0,0 +1,306 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prof_set.c --- routines that expose the public interfaces for
+ *      inserting, updating and deleting items from the profile.
+ *
+ * WARNING: These routines only look at the first file opened in the
+ * profile.  It's not clear how to handle multiple files, actually.
+ * In the future it may be necessary to modify this public interface,
+ * or possibly add higher level functions to support this correctly.
+ *
+ * WARNING: We're not yet doing locking yet, either.
+ *
+ */
+
+#include "prof_int.h"
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <errno.h>
+
+static errcode_t rw_setup(profile_t profile)
+{
+    prf_file_t      file;
+    errcode_t       retval = 0;
+
+    if (!profile)
+        return PROF_NO_PROFILE;
+
+    if (profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+
+    file = profile->first_file;
+
+    profile_lock_global();
+
+    /* Don't update the file if we've already made modifications */
+    if (file->data->flags & PROFILE_FILE_DIRTY) {
+        profile_unlock_global();
+        return 0;
+    }
+
+    if ((file->data->flags & PROFILE_FILE_SHARED) != 0) {
+        prf_data_t new_data;
+        new_data = profile_make_prf_data(file->data->filespec);
+        if (new_data == NULL) {
+            retval = ENOMEM;
+        } else {
+            retval = k5_mutex_init(&new_data->lock);
+            if (retval == 0) {
+                new_data->root = NULL;
+                new_data->flags = file->data->flags & ~PROFILE_FILE_SHARED;
+                new_data->timestamp = 0;
+                new_data->upd_serial = file->data->upd_serial;
+            }
+        }
+
+        if (retval != 0) {
+            profile_unlock_global();
+            free(new_data);
+            return retval;
+        }
+        profile_dereference_data_locked(file->data);
+        file->data = new_data;
+    }
+
+    profile_unlock_global();
+    retval = profile_update_file(file, NULL);
+
+    return retval;
+}
+
+
+/*
+ * Delete or update a particular child node
+ *
+ * ADL - 2/23/99, rewritten TYT 2/25/99
+ */
+errcode_t KRB5_CALLCONV
+profile_update_relation(profile_t profile, const char **names,
+                        const char *old_value, const char *new_value)
+{
+    errcode_t       retval;
+    struct profile_node *section, *node;
+    void            *state;
+    const char      **cpp;
+
+    if (profile->vt) {
+        if (!profile->vt->update_relation)
+            return PROF_UNSUPPORTED;
+        return profile->vt->update_relation(profile->cbdata, names, old_value,
+                                            new_value);
+    }
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0 || names[1] == 0)
+        return PROF_BAD_NAMESET;
+
+    if (!old_value || !*old_value)
+        return PROF_EINVAL;
+
+    k5_mutex_lock(&profile->first_file->data->lock);
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    state = 0;
+    retval = profile_find_node(section, *cpp, old_value, 0, &state, &node);
+    if (retval == 0) {
+        if (new_value)
+            retval = profile_set_relation_value(node, new_value);
+        else
+            retval = profile_remove_node(node);
+    }
+    if (retval == 0)
+        profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&profile->first_file->data->lock);
+
+    return retval;
+}
+
+/*
+ * Clear a particular all of the relations with a specific name.
+ *
+ * TYT - 2/25/99
+ */
+errcode_t KRB5_CALLCONV
+profile_clear_relation(profile_t profile, const char **names)
+{
+    errcode_t       retval;
+    struct profile_node *section, *node;
+    void            *state;
+    const char      **cpp;
+
+    if (profile->vt) {
+        if (!profile->vt->update_relation)
+            return PROF_UNSUPPORTED;
+        return profile->vt->update_relation(profile->cbdata, names, NULL,
+                                            NULL);
+    }
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0 || names[1] == 0)
+        return PROF_BAD_NAMESET;
+
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval)
+            return retval;
+    }
+
+    state = 0;
+    do {
+        retval = profile_find_node(section, *cpp, 0, 0, &state, &node);
+        if (retval)
+            return retval;
+        retval = profile_remove_node(node);
+        if (retval)
+            return retval;
+    } while (state);
+
+    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+
+    return 0;
+}
+
+/*
+ * Rename a particular section; if the new_section name is NULL,
+ * delete it.
+ *
+ * ADL - 2/23/99, rewritten TYT 2/25/99
+ */
+errcode_t KRB5_CALLCONV
+profile_rename_section(profile_t profile, const char **names,
+                       const char *new_name)
+{
+    errcode_t       retval;
+    struct profile_node *section, *node;
+    void            *state;
+    const char      **cpp;
+
+    if (profile->vt) {
+        if (!profile->vt->rename_section)
+            return PROF_UNSUPPORTED;
+        return profile->vt->rename_section(profile->cbdata, names, new_name);
+    }
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0)
+        return PROF_BAD_NAMESET;
+
+    k5_mutex_lock(&profile->first_file->data->lock);
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    state = 0;
+    retval = profile_find_node(section, *cpp, 0, 1, &state, &node);
+    if (retval == 0) {
+        if (new_name)
+            retval = profile_rename_node(node, new_name);
+        else
+            retval = profile_remove_node(node);
+    }
+    if (retval == 0)
+        profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&profile->first_file->data->lock);
+    return retval;
+}
+
+/*
+ * Insert a new relation.  If the new_value argument is NULL, then
+ * create a new section instead.
+ *
+ * Note: if the intermediate sections do not exist, this function will
+ * automatically create them.
+ *
+ * ADL - 2/23/99, rewritten TYT 2/25/99
+ */
+errcode_t KRB5_CALLCONV
+profile_add_relation(profile_t profile, const char **names,
+                     const char *new_value)
+{
+    errcode_t       retval;
+    struct profile_node *section;
+    const char      **cpp;
+    void            *state;
+
+    if (profile->vt) {
+        if (!profile->vt->add_relation)
+            return PROF_UNSUPPORTED;
+        return profile->vt->add_relation(profile->cbdata, names, new_value);
+    }
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    /* Require at least two names for a new relation, one for a new section. */
+    if (names == 0 || names[0] == 0 || (names[1] == 0 && new_value))
+        return PROF_BAD_NAMESET;
+
+    k5_mutex_lock(&profile->first_file->data->lock);
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval == PROF_NO_SECTION)
+            retval = profile_add_node(section, *cpp, 0, &section);
+        if (retval) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    if (new_value == 0) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1, &state, 0);
+        if (retval == 0) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return PROF_EXISTS;
+        } else if (retval != PROF_NO_SECTION) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    retval = profile_add_node(section, *cpp, new_value, 0);
+    if (retval) {
+        k5_mutex_unlock(&profile->first_file->data->lock);
+        return retval;
+    }
+
+    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&profile->first_file->data->lock);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/prof_tree.c b/krb5-1.21.3/src/util/profile/prof_tree.c
new file mode 100644
index 00000000..b3c15ca1
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prof_tree.c
@@ -0,0 +1,700 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * prof_tree.c --- these routines maintain the parse tree of the
+ *      config file.
+ *
+ * All of the details of how the tree is stored is abstracted away in
+ * this file; all of the other profile routines build, access, and
+ * modify the tree via the accessor functions found in this file.
+ *
+ * Each node may represent either a relation or a section header.
+ *
+ * A section header must have its value field be null, and may have one
+ * or more child nodes, pointed to by first_child.
+ *
+ * A relation has as its value a pointer to allocated memory
+ * containing a string.  Its first_child pointer must be null.
+ *
+ */
+
+
+#include "prof_int.h"
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <errno.h>
+#include <ctype.h>
+
+struct profile_node {
+    errcode_t       magic;
+    char *name;
+    char *value;
+    int group_level;
+    unsigned int final:1;           /* Indicate don't search next file */
+    unsigned int deleted:1;
+    struct profile_node *first_child;
+    struct profile_node *parent;
+    struct profile_node *next, *prev;
+};
+
+#define CHECK_MAGIC(node)                       \
+    if ((node)->magic != PROF_MAGIC_NODE)       \
+        return PROF_MAGIC_NODE;
+
+/*
+ * Free a node, and any children
+ */
+void profile_free_node(struct profile_node *node)
+{
+    struct profile_node *child, *next;
+
+    if (node->magic != PROF_MAGIC_NODE)
+        return;
+
+    if (node->name)
+        free(node->name);
+    if (node->value)
+        free(node->value);
+
+    for (child=node->first_child; child; child = next) {
+        next = child->next;
+        profile_free_node(child);
+    }
+    node->magic = 0;
+
+    free(node);
+}
+
+#ifndef HAVE_STRDUP
+#undef strdup
+#define strdup MYstrdup
+static char *MYstrdup (const char *s)
+{
+    size_t sz = strlen(s) + 1;
+    char *p = malloc(sz);
+    if (p != 0)
+        memcpy(p, s, sz);
+    return p;
+}
+#endif
+
+/*
+ * Create a node
+ */
+errcode_t profile_create_node(const char *name, const char *value,
+                              struct profile_node **ret_node)
+{
+    struct profile_node *new;
+
+    new = malloc(sizeof(struct profile_node));
+    if (!new)
+        return ENOMEM;
+    memset(new, 0, sizeof(struct profile_node));
+    /* Set magic here so profile_free_node will free memory */
+    new->magic = PROF_MAGIC_NODE;
+    new->name = strdup(name);
+    if (new->name == 0) {
+        profile_free_node(new);
+        return ENOMEM;
+    }
+    if (value) {
+        new->value = strdup(value);
+        if (new->value == 0) {
+            profile_free_node(new);
+            return ENOMEM;
+        }
+    }
+
+    *ret_node = new;
+    return 0;
+}
+
+/*
+ * This function verifies that all of the representation invariants of
+ * the profile are true.  If not, we have a programming bug somewhere,
+ * probably in this file.
+ */
+errcode_t profile_verify_node(struct profile_node *node)
+{
+    struct profile_node *p, *last;
+    errcode_t       retval;
+
+    CHECK_MAGIC(node);
+
+    if (node->value && node->first_child)
+        return PROF_SECTION_WITH_VALUE;
+
+    last = 0;
+    for (p = node->first_child; p; last = p, p = p->next) {
+        if (p->prev != last)
+            return PROF_BAD_LINK_LIST;
+        if (last && (last->next != p))
+            return PROF_BAD_LINK_LIST;
+        if (node->group_level+1 != p->group_level)
+            return PROF_BAD_GROUP_LVL;
+        if (p->parent != node)
+            return PROF_BAD_PARENT_PTR;
+        retval = profile_verify_node(p);
+        if (retval)
+            return retval;
+    }
+    return 0;
+}
+
+/*
+ * Add a node to a particular section
+ */
+errcode_t profile_add_node(struct profile_node *section, const char *name,
+                           const char *value, struct profile_node **ret_node)
+{
+    errcode_t retval;
+    struct profile_node *p, *last, *new;
+
+    CHECK_MAGIC(section);
+
+    if (section->value)
+        return PROF_ADD_NOT_SECTION;
+
+    /*
+     * Find the place to insert the new node.  If we are adding a subsection
+     * and already have a subsection with that name, merge them.  Otherwise,
+     * we look for the place *after* the last match of the node name, since
+     * order matters.
+     */
+    for (p=section->first_child, last = 0; p; last = p, p = p->next) {
+        int cmp;
+        cmp = strcmp(p->name, name);
+        if (cmp > 0) {
+            break;
+        } else if (value == NULL && cmp == 0 &&
+                   p->value == NULL && p->deleted != 1) {
+            /* Found duplicate subsection, so don't make a new one. */
+            *ret_node = p;
+            return 0;
+        }
+    }
+    retval = profile_create_node(name, value, &new);
+    if (retval)
+        return retval;
+    new->group_level = section->group_level+1;
+    new->deleted = 0;
+    new->parent = section;
+    new->prev = last;
+    new->next = p;
+    if (p)
+        p->prev = new;
+    if (last)
+        last->next = new;
+    else
+        section->first_child = new;
+    if (ret_node)
+        *ret_node = new;
+    return 0;
+}
+
+/*
+ * Set the final flag on a particular node.
+ */
+errcode_t profile_make_node_final(struct profile_node *node)
+{
+    CHECK_MAGIC(node);
+
+    node->final = 1;
+    return 0;
+}
+
+/*
+ * Check the final flag on a node
+ */
+int profile_is_node_final(struct profile_node *node)
+{
+    return (node->final != 0);
+}
+
+/*
+ * Return the name of a node.  (Note: this is for internal functions
+ * only; if the name needs to be returned from an exported function,
+ * strdup it first!)
+ */
+const char *profile_get_node_name(struct profile_node *node)
+{
+    return node->name;
+}
+
+/*
+ * Return the value of a node.  (Note: this is for internal functions
+ * only; if the name needs to be returned from an exported function,
+ * strdup it first!)
+ */
+const char *profile_get_node_value(struct profile_node *node)
+{
+    return node->value;
+}
+
+/*
+ * Iterate through the section, returning the nodes which match
+ * the given name.  If name is NULL, then iterate through all the
+ * nodes in the section.  If section_flag is non-zero, only return the
+ * section which matches the name; don't return relations.  If value
+ * is non-NULL, then only return relations which match the requested
+ * value.  (The value argument is ignored if section_flag is non-zero.)
+ *
+ * The first time this routine is called, the state pointer must be
+ * null.  When this profile_find_node_relation() returns, if the state
+ * pointer is non-NULL, then this routine should be called again.
+ * (This won't happen if section_flag is non-zero, obviously.)
+ *
+ */
+errcode_t profile_find_node(struct profile_node *section, const char *name,
+                            const char *value, int section_flag, void **state,
+                            struct profile_node **node)
+{
+    struct profile_node *p;
+
+    CHECK_MAGIC(section);
+    p = *state;
+    if (p) {
+        CHECK_MAGIC(p);
+    } else
+        p = section->first_child;
+
+    for (; p; p = p->next) {
+        if (name && (strcmp(p->name, name)))
+            continue;
+        if (section_flag) {
+            if (p->value)
+                continue;
+        } else {
+            if (!p->value)
+                continue;
+            if (value && (strcmp(p->value, value)))
+                continue;
+        }
+        if (p->deleted)
+            continue;
+        /* A match! */
+        if (node)
+            *node = p;
+        break;
+    }
+    if (p == 0) {
+        *state = 0;
+        return section_flag ? PROF_NO_SECTION : PROF_NO_RELATION;
+    }
+    /*
+     * OK, we've found one match; now let's try to find another
+     * one.  This way, if we return a non-zero state pointer,
+     * there's guaranteed to be another match that's returned.
+     */
+    for (p = p->next; p; p = p->next) {
+        if (name && (strcmp(p->name, name)))
+            continue;
+        if (section_flag) {
+            if (p->value)
+                continue;
+        } else {
+            if (!p->value)
+                continue;
+            if (value && (strcmp(p->value, value)))
+                continue;
+        }
+        if (p->deleted)
+            continue;
+        /* A match! */
+        break;
+    }
+    *state = p;
+    return 0;
+}
+
+
+/*
+ * Iterate through the section, returning the relations which match
+ * the given name.  If name is NULL, then iterate through all the
+ * relations in the section.  The first time this routine is called,
+ * the state pointer must be null.  When this profile_find_node_relation()
+ * returns, if the state pointer is non-NULL, then this routine should
+ * be called again.
+ *
+ * The returned character string in value points to the stored
+ * character string in the parse string.  Before this string value is
+ * returned to a calling application (profile_find_node_relation is not an
+ * exported interface), it should be strdup()'ed.
+ */
+errcode_t profile_find_node_relation(struct profile_node *section,
+                                     const char *name, void **state,
+                                     char **ret_name, char **value)
+{
+    struct profile_node *p;
+    errcode_t       retval;
+
+    retval = profile_find_node(section, name, 0, 0, state, &p);
+    if (retval)
+        return retval;
+
+    if (p) {
+        if (value)
+            *value = p->value;
+        if (ret_name)
+            *ret_name = p->name;
+    }
+    return 0;
+}
+
+/*
+ * Iterate through the section, returning the subsections which match
+ * the given name.  If name is NULL, then iterate through all the
+ * subsections in the section.  The first time this routine is called,
+ * the state pointer must be null.  When this profile_find_node_subsection()
+ * returns, if the state pointer is non-NULL, then this routine should
+ * be called again.
+ *
+ * This is (plus accessor functions for the name and value given a
+ * profile node) makes this function mostly syntactic sugar for
+ * profile_find_node.
+ */
+errcode_t profile_find_node_subsection(struct profile_node *section,
+                                       const char *name, void **state,
+                                       char **ret_name,
+                                       struct profile_node **subsection)
+{
+    struct profile_node *p;
+    errcode_t       retval;
+
+    retval = profile_find_node(section, name, 0, 1, state, &p);
+    if (retval)
+        return retval;
+
+    if (p) {
+        if (subsection)
+            *subsection = p;
+        if (ret_name)
+            *ret_name = p->name;
+    }
+    return 0;
+}
+
+/*
+ * This function returns the parent of a particular node.
+ */
+errcode_t profile_get_node_parent(struct profile_node *section,
+                                  struct profile_node **parent)
+{
+    *parent = section->parent;
+    return 0;
+}
+
+/*
+ * This is a general-purpose iterator for returning all nodes that
+ * match the specified name array.
+ */
+struct profile_node_iterator {
+    prf_magic_t             magic;
+    int                     flags;
+    const char              *const *names;
+    const char              *name;
+    prf_file_t              file;
+    int                     file_serial;
+    int                     done_idx;
+    struct profile_node     *node;
+    int                     num;
+};
+
+errcode_t profile_node_iterator_create(profile_t profile,
+                                       const char *const *names, int flags,
+                                       void **ret_iter)
+{
+    struct profile_node_iterator *iter;
+    int     done_idx = 0;
+
+    if (profile == 0)
+        return PROF_NO_PROFILE;
+    if (profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+    if (!names)
+        return PROF_BAD_NAMESET;
+    if (!(flags & PROFILE_ITER_LIST_SECTION)) {
+        if (!names[0])
+            return PROF_BAD_NAMESET;
+        done_idx = 1;
+    }
+
+    iter = malloc(sizeof(*iter));
+    if (iter == NULL)
+        return ENOMEM;
+
+    iter->magic = PROF_MAGIC_NODE_ITERATOR;
+    iter->names = names;
+    iter->flags = flags;
+    iter->file = profile->first_file;
+    iter->done_idx = done_idx;
+    iter->node = 0;
+    iter->num = 0;
+    *ret_iter = iter;
+    return 0;
+}
+
+void profile_node_iterator_free(void **iter_p)
+{
+    struct profile_node_iterator *iter;
+
+    if (!iter_p)
+        return;
+    iter = *iter_p;
+    if (!iter || iter->magic != PROF_MAGIC_NODE_ITERATOR)
+        return;
+    free(iter);
+    *iter_p = 0;
+}
+
+/*
+ * Note: the returned character strings in ret_name and ret_value
+ * points to the stored character string in the parse string.  Before
+ * this string value is returned to a calling application
+ * (profile_node_iterator is not an exported interface), it should be
+ * strdup()'ed.
+ */
+errcode_t profile_node_iterator(void **iter_p,
+                                struct profile_node **ret_node,
+                                char **ret_name, char **ret_value)
+{
+    struct profile_node_iterator    *iter = *iter_p;
+    struct profile_node             *section, *p;
+    const char                      *const *cpp;
+    errcode_t                       retval;
+    int                             skip_num = 0;
+
+    if (!iter || iter->magic != PROF_MAGIC_NODE_ITERATOR)
+        return PROF_MAGIC_NODE_ITERATOR;
+    if (iter->file && iter->file->magic != PROF_MAGIC_FILE)
+        return PROF_MAGIC_FILE;
+    if (iter->file && iter->file->data->magic != PROF_MAGIC_FILE_DATA)
+        return PROF_MAGIC_FILE_DATA;
+    /*
+     * If the file has changed, then the node pointer is invalid,
+     * so we'll have search the file again looking for it.
+     */
+    if (iter->file)
+        k5_mutex_lock(&iter->file->data->lock);
+    if (iter->node && (iter->file->data->upd_serial != iter->file_serial)) {
+        iter->flags &= ~PROFILE_ITER_FINAL_SEEN;
+        skip_num = iter->num;
+        iter->node = 0;
+    }
+    if (iter->node && iter->node->magic != PROF_MAGIC_NODE) {
+        if (iter->file)
+            k5_mutex_unlock(&iter->file->data->lock);
+        return PROF_MAGIC_NODE;
+    }
+get_new_file:
+    if (iter->node == 0) {
+        if (iter->file == 0 ||
+            (iter->flags & PROFILE_ITER_FINAL_SEEN)) {
+            if (iter->file)
+                k5_mutex_unlock(&iter->file->data->lock);
+            profile_node_iterator_free(iter_p);
+            if (ret_node)
+                *ret_node = 0;
+            if (ret_name)
+                *ret_name = 0;
+            if (ret_value)
+                *ret_value =0;
+            return 0;
+        }
+        if ((retval = profile_update_file_locked(iter->file, NULL))) {
+            k5_mutex_unlock(&iter->file->data->lock);
+            if (retval == ENOENT || retval == EACCES) {
+                /* XXX memory leak? */
+                iter->file = iter->file->next;
+                if (iter->file)
+                    k5_mutex_lock(&iter->file->data->lock);
+                skip_num = 0;
+                retval = 0;
+                goto get_new_file;
+            } else {
+                profile_node_iterator_free(iter_p);
+                return retval;
+            }
+        }
+        iter->file_serial = iter->file->data->upd_serial;
+        /*
+         * Find the section to list if we are a LIST_SECTION,
+         * or find the containing section if not.
+         */
+        section = iter->file->data->root;
+        assert(section != NULL);
+        for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
+            for (p=section->first_child; p; p = p->next) {
+                if (!strcmp(p->name, *cpp) && !p->value && !p->deleted)
+                    break;
+            }
+            if (!p) {
+                section = 0;
+                break;
+            }
+            section = p;
+            if (p->final)
+                iter->flags |= PROFILE_ITER_FINAL_SEEN;
+        }
+        if (!section) {
+            k5_mutex_unlock(&iter->file->data->lock);
+            iter->file = iter->file->next;
+            if (iter->file)
+                k5_mutex_lock(&iter->file->data->lock);
+            skip_num = 0;
+            goto get_new_file;
+        }
+        iter->name = *cpp;
+        iter->node = section->first_child;
+    }
+    /*
+     * OK, now we know iter->node is set up correctly.  Let's do
+     * the search.
+     */
+    for (p = iter->node; p; p = p->next) {
+        if (iter->name && strcmp(p->name, iter->name))
+            continue;
+        if ((iter->flags & PROFILE_ITER_SECTIONS_ONLY) &&
+            p->value)
+            continue;
+        if ((iter->flags & PROFILE_ITER_RELATIONS_ONLY) &&
+            !p->value)
+            continue;
+        if (skip_num > 0) {
+            skip_num--;
+            continue;
+        }
+        if (p->deleted)
+            continue;
+        break;
+    }
+    iter->num++;
+    if (!p) {
+        k5_mutex_unlock(&iter->file->data->lock);
+        iter->file = iter->file->next;
+        if (iter->file)
+            k5_mutex_lock(&iter->file->data->lock);
+        iter->node = 0;
+        skip_num = 0;
+        goto get_new_file;
+    }
+    k5_mutex_unlock(&iter->file->data->lock);
+    if ((iter->node = p->next) == NULL)
+        iter->file = iter->file->next;
+    if (ret_node)
+        *ret_node = p;
+    if (ret_name)
+        *ret_name = p->name;
+    if (ret_value)
+        *ret_value = p->value;
+    return 0;
+}
+
+/*
+ * Remove a particular node.
+ *
+ * TYT, 2/25/99
+ */
+errcode_t profile_remove_node(struct profile_node *node)
+{
+    CHECK_MAGIC(node);
+
+    if (node->parent == 0)
+        return PROF_EINVAL; /* Can't remove the root! */
+
+    node->deleted = 1;
+
+    return 0;
+}
+
+/*
+ * Set the value of a specific node containing a relation.
+ *
+ * TYT, 2/25/99
+ */
+errcode_t profile_set_relation_value(struct profile_node *node,
+                                     const char *new_value)
+{
+    char    *cp;
+
+    CHECK_MAGIC(node);
+
+    if (!node->value)
+        return PROF_SET_SECTION_VALUE;
+
+    cp = strdup(new_value);
+    if (!cp)
+        return ENOMEM;
+
+    free(node->value);
+    node->value = cp;
+
+    return 0;
+}
+
+/*
+ * Rename a specific node
+ *
+ * TYT 2/25/99
+ */
+errcode_t profile_rename_node(struct profile_node *node, const char *new_name)
+{
+    char                    *new_string;
+    struct profile_node     *p, *last;
+
+    CHECK_MAGIC(node);
+
+    if (strcmp(new_name, node->name) == 0)
+        return 0;       /* It's the same name, return */
+
+    /*
+     * Make sure we can allocate memory for the new name, first!
+     */
+    new_string = strdup(new_name);
+    if (!new_string)
+        return ENOMEM;
+
+    /*
+     * Find the place to where the new node should go.  We look
+     * for the place *after* the last match of the node name,
+     * since order matters.
+     */
+    for (p=node->parent->first_child, last = 0; p; last = p, p = p->next) {
+        if (strcmp(p->name, new_name) > 0)
+            break;
+    }
+
+    /*
+     * If we need to move the node, do it now.
+     */
+    if ((p != node) && (last != node)) {
+        /*
+         * OK, let's detach the node
+         */
+        if (node->prev)
+            node->prev->next = node->next;
+        else
+            node->parent->first_child = node->next;
+        if (node->next)
+            node->next->prev = node->prev;
+
+        /*
+         * Now let's reattach it in the right place.
+         */
+        if (p)
+            p->prev = node;
+        if (last)
+            last->next = node;
+        else
+            node->parent->first_child = node;
+        node->next = p;
+        node->prev = last;
+    }
+
+    free(node->name);
+    node->name = new_string;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/profile.5 b/krb5-1.21.3/src/util/profile/profile.5
new file mode 100644
index 00000000..3da65570
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/profile.5
@@ -0,0 +1,72 @@
+
+A profile file is a generic way of storing program configuration
+information for applications.  An application may choose to consult
+multiple configuration files; for example, a Kerberos application
+might look first in ~/.krb5rc, and then in /etc/krb5.conf.  So
+/etc/krb5.conf would contain the side-wide default configuration for
+Kerberos, and ~/.krb5rc would contain the user's specific
+configuration overrides.
+
+Configuration information is stored in relations, which have a name
+and a value.  There may be multiple relations with the same name.
+Relations are always contained inside named sections.  Sections can
+contain relations and other named child sections.
+
+Top-level sections are defined by enclosing the section name in square
+braces.  Child sections are defined by enclosing the contents of the
+child section in curly braces.  Relations are defined by using the
+format "name = value".  
+
+An example profile file might look like this:
+
+[libdefaults]
+	default_realm = ATHENA.MIT.EDU
+
+[realms]
+	ATHENA.MIT.EDU = {
+		kdc = kerberos.mit.edu
+		kdc = kerberos-1.mit.edu
+		kdc = kerberos-2.mit.edu
+		primary_kdc = kerberos.mit.edu
+		admin_server = kerberos.mit.edu
+	}
+	CYGNUS.COM = {
+		kdc = KERBEROS-1.CYGNUS.COM
+		kdc = KERBEROS.CYGNUS.COM
+		admin_server = KERBEROS.MIT.EDU
+	}
+
+In this example, the profile file has two top-level sections,
+"libdefaults" and "realms".  The libdefaults section has a single
+relation which is named "default_realm" and has the value
+"ATHENA.MIT.EDU".  The realms section has two child sections,
+"ATHENA.MIT.EDU" and "CYGNUS.MIT.EDU".  Each of these child has a
+number of relations, "kdc", "admin_server", and (in the case of
+"ATHENA.MIT.EDU"), "default_domain".  Note that there are multiple
+relations with the name "kdc" in both sections; if a
+profile_get_values() is called querying the "kdc" relation, both
+values will be returned.
+
+Sections may be marked as "final".  If they are marked as final, then
+the contents of that section override all subsequent profile files (if
+the application is searching multiple profile files for its
+configuration information).  Normally, all of the profiles are
+searched for a matching relation, and all of the values found in all
+of the various profile files will be returned.  
+
+Top-level sections are marked as final by adding an '*' character
+following the closing square brace.  Child sections are marked as
+final by adding a '*' character after the closing curly brace.  So for
+example, in this example both the "libdefaults" and "ATHENA.MIT.EDU"
+sections have been marked as final:
+
+[libdefaults]*
+	default_realm = ATHENA.MIT.EDU
+
+[realms]
+	ATHENA.MIT.EDU = {
+		kdc = kerberos.mit.edu
+		primary_kdc = kerberos.mit.edu
+		admin_server = kerberos.mit.edu
+	}*
+
diff --git a/krb5-1.21.3/src/util/profile/profile.exp b/krb5-1.21.3/src/util/profile/profile.exp
new file mode 100644
index 00000000..eaf720cd
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/profile.exp
@@ -0,0 +1,35 @@
+#
+# Profile library Macintosh export file
+#
+# $Header$
+
+profile_init
+profile_init_path
+profile_flush
+profile_abandon
+profile_release
+profile_get_values
+profile_free_list
+profile_get_string
+profile_get_boolean
+profile_get_integer
+profile_get_relation_names
+profile_get_subsection_names
+profile_iterator_create
+profile_iterator_free
+profile_iterator
+profile_release_string
+profile_update_relation
+profile_clear_relation
+profile_rename_section
+profile_add_relation
+
+### Temporary -- DO NOT USE
+
+profile_ser_internalize
+profile_ser_externalize
+profile_ser_size
+
+# Mac only
+FSp_profile_init
+FSp_profile_init_path
diff --git a/krb5-1.21.3/src/util/profile/profile.hin b/krb5-1.21.3/src/util/profile/profile.hin
new file mode 100644
index 00000000..45ad5543
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/profile.hin
@@ -0,0 +1,295 @@
+/*
+ * profile.h
+ */
+
+#ifndef _KRB5_PROFILE_H
+#define _KRB5_PROFILE_H
+
+#if defined(_WIN32)
+#include <win-mac.h>
+#endif
+
+#if defined(__MACH__) && defined(__APPLE__)
+#    include <TargetConditionals.h>
+#    if TARGET_RT_MAC_CFM
+#        error "Use KfM 4.0 SDK headers for CFM compilation."
+#    endif
+#endif
+
+#ifndef KRB5_CALLCONV
+#define KRB5_CALLCONV
+#define KRB5_CALLCONV_C
+#endif
+
+typedef struct _profile_t *profile_t;
+
+/* Used by profile_init_flags(). */
+#define PROFILE_INIT_ALLOW_MODULE       0x0001  /* Allow module declaration */
+
+/*
+ * Used by the profile iterator in prof_get.c
+ */
+#define PROFILE_ITER_LIST_SECTION	0x0001
+#define PROFILE_ITER_SECTIONS_ONLY	0x0002
+#define PROFILE_ITER_RELATIONS_ONLY	0x0004
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef char* profile_filespec_t;	/* path as C string */
+typedef char* profile_filespec_list_t;	/* list of : separated paths, C string */
+typedef const char * const_profile_filespec_t;	/* path as C string */
+typedef const char * const_profile_filespec_list_t;	/* list of : separated paths, C string */
+
+long KRB5_CALLCONV profile_init
+	(const_profile_filespec_t *files, profile_t *ret_profile);
+
+long KRB5_CALLCONV profile_init_flags
+	(const_profile_filespec_t *files, int flags, profile_t *ret_profile);
+
+long KRB5_CALLCONV profile_init_path
+	(const_profile_filespec_list_t filelist, profile_t *ret_profile);
+
+long KRB5_CALLCONV profile_flush
+	(profile_t profile);
+long KRB5_CALLCONV profile_flush_to_file
+	(profile_t profile, const_profile_filespec_t outfile);
+long KRB5_CALLCONV profile_flush_to_buffer
+	(profile_t profile, char **bufp);
+void KRB5_CALLCONV profile_free_buffer
+	(profile_t profile, char *buf);
+
+long KRB5_CALLCONV profile_is_writable
+	(profile_t profile, int *writable);
+long KRB5_CALLCONV profile_is_modified
+	(profile_t profile, int *modified);
+
+void KRB5_CALLCONV profile_abandon
+	(profile_t profile);
+
+void KRB5_CALLCONV profile_release
+	(profile_t profile);
+
+long KRB5_CALLCONV profile_get_values
+	(profile_t profile, const char *const *names, char ***ret_values);
+
+void KRB5_CALLCONV profile_free_list
+	(char **list);
+
+long KRB5_CALLCONV profile_get_string
+	(profile_t profile, const char *name, const char *subname,
+			const char *subsubname, const char *def_val,
+			char **ret_string);
+long KRB5_CALLCONV profile_get_integer
+	(profile_t profile, const char *name, const char *subname,
+			const char *subsubname, int def_val,
+			int *ret_default);
+
+long KRB5_CALLCONV profile_get_boolean
+	(profile_t profile, const char *name, const char *subname,
+			const char *subsubname, int def_val,
+			int *ret_default);
+
+long KRB5_CALLCONV profile_get_relation_names
+	(profile_t profile, const char **names, char ***ret_names);
+
+long KRB5_CALLCONV profile_get_subsection_names
+	(profile_t profile, const char **names, char ***ret_names);
+
+long KRB5_CALLCONV profile_iterator_create
+	(profile_t profile, const char *const *names,
+		   int flags, void **ret_iter);
+
+void KRB5_CALLCONV profile_iterator_free
+	(void **iter_p);
+
+long KRB5_CALLCONV profile_iterator
+	(void	**iter_p, char **ret_name, char **ret_value);
+
+void KRB5_CALLCONV profile_release_string (char *str);
+
+long KRB5_CALLCONV profile_update_relation
+	(profile_t profile, const char **names,
+		   const char *old_value, const char *new_value);
+
+long KRB5_CALLCONV profile_clear_relation
+	(profile_t profile, const char **names);
+
+long KRB5_CALLCONV profile_rename_section
+	(profile_t profile, const char **names,
+		   const char *new_name);
+
+long KRB5_CALLCONV profile_add_relation
+	(profile_t profile, const char **names,
+		   const char *new_value);
+
+/*
+ * profile_init_vtable allows a caller to create a profile-compatible object
+ * with a different back end.
+ */
+
+/*
+ * Mandatory: Look up all of the relations for names, placing the resulting
+ * values in *ret_values.  If no relations exist, return PROF_NO_RELATION, or
+ * PROF_NO_SECTION to indicate that one of the intermediate names does not
+ * exist as a section.  The list will be freed with free_values.
+ */
+typedef long
+(*profile_get_values_fn)(void *cbdata, const char *const *names,
+			 char ***ret_values);
+
+/* Mandatory: Free a list of strings returned by get_values. */
+typedef void
+(*profile_free_values_fn)(void *cbdata, char **values);
+
+/* Optional: Release any data associated with the profile. */
+typedef void
+(*profile_cleanup_fn)(void *cbdata);
+
+/*
+ * Optional (mandatory if cleanup is defined): Generate a new cbdata pointer
+ * for a copy of the profile.  If not implemented, the new profile will receive
+ * the same cbdata pointer as the old one.
+ */
+typedef long
+(*profile_copy_fn)(void *cbdata, void **ret_cbdata);
+
+/*
+ * Optional: Create an iterator handle.
+ *
+ * If flags contains PROFILE_ITER_LIST_SECTION, iterate over all of the
+ * relations and sections within names.  Otherwise, iterate over the relation
+ * values for names, or produce a single section result if names is a section.
+ *
+ * If flags contains PROFILE_ITER_SECTIONS_ONLY, produce only sections.
+ *
+ * If flags contains PROFILE_ITER_RELATIONS_ONLY, produce only relations.
+ */
+typedef long
+(*profile_iterator_create_fn)(void *cbdata, const char *const *names,
+			      int flags, void **ret_iter);
+
+/*
+ * Optional (mandatory if iterator_create is defined): Produce the next
+ * relation or section in an iteration.  If producing a section result, set
+ * *ret_value to NULL.  The returned strings will be freed with free_string.
+ */
+typedef long
+(*profile_iterator_fn)(void *cbdata, void *iter, char **ret_name,
+		       char **ret_value);
+
+/*
+ * Optional (mandatory if iterator_create is defined): Free the memory for an
+ * iterator.
+ */
+typedef void
+(*profile_iterator_free_fn)(void *cbdata, void *iter);
+
+/* Optional (mandatory if iterator is defined): Free a string value. */
+typedef void
+(*profile_free_string_fn)(void *cbdata, char *string);
+
+/*
+ * Optional: Determine if a profile is writable.  If not implemented, the
+ * profile is never writable.
+ */
+typedef long
+(*profile_writable_fn)(void *cbdata, int *writable);
+
+/*
+ * Optional: Determine if a profile is modified in memory relative to the
+ * persistent store.  If not implemented, the profile is assumed to never be
+ * modified.
+ */
+typedef long
+(*profile_modified_fn)(void *cbdata, int *modified);
+
+/*
+ * Optional: Change the value of a relation, or remove it if new_value is NULL.
+ * If old_value is set and the relation does not have that value, return
+ * PROF_NO_RELATION.
+ */
+typedef long
+(*profile_update_relation_fn)(void *cbdata, const char **names,
+			      const char *old_value, const char *new_value);
+
+/*
+ * Optional: Rename a section to new_name, or remove the section if new_name is
+ * NULL.
+ */
+typedef long
+(*profile_rename_section_fn)(void *cbdata, const char **names,
+			     const char *new_name);
+
+/*
+ * Optional: Add a new relation, or a new section if new_value is NULL.  Add
+ * any intermediate sections as necessary.
+ */
+typedef long
+(*profile_add_relation_fn)(void *cbdata, const char **names,
+			   const char *new_value);
+
+/*
+ * Optional: Flush any pending memory updates to the persistent store.  If
+ * implemented, this function will be called by profile_release as well as
+ * profile_flush, so make sure it's not inefficient to flush an unmodified
+ * profile.
+ */
+typedef long
+(*profile_flush_fn)(void *cbdata);
+
+struct profile_vtable {
+    int minor_ver;              /* Set to structure minor version (currently 1)
+				 * if calling profile_init_vtable. */
+
+    /* Methods needed for a basic read-only non-iterable profile (cleanup is
+     * optional). */
+    profile_get_values_fn get_values;
+    profile_free_values_fn free_values;
+    profile_cleanup_fn cleanup;
+    profile_copy_fn copy;
+
+    /* Methods for iterable profiles. */
+    profile_iterator_create_fn iterator_create;
+    profile_iterator_fn iterator;
+    profile_iterator_free_fn iterator_free;
+    profile_free_string_fn free_string;
+
+    /* Methods for writable profiles. */
+    profile_writable_fn writable;
+    profile_modified_fn modified;
+    profile_update_relation_fn update_relation;
+    profile_rename_section_fn rename_section;
+    profile_add_relation_fn add_relation;
+    profile_flush_fn flush;
+
+    /* End of minor version 1. */
+};
+
+/*
+ * Create a profile object whose operations will be performed using the
+ * function pointers in vtable.  cbdata will be supplied to each vtable
+ * function as the first argument.
+ */
+long KRB5_CALLCONV profile_init_vtable
+	(struct profile_vtable *vtable, void *cbdata, profile_t *ret_profile);
+
+/*
+ * Dynamically loadable profile modules should define a function named
+ * "profile_module_init" matching the following signature.  The function should
+ * initialize the methods of the provided vtable structure, stopping at the
+ * field corresponding to vtable->minor_ver.  Do not change the value of
+ * vtable->minor_ver.  Unimplemented methods can be left uninitialized.  The
+ * function should supply a callback data pointer in *cb_ret; this pointer can
+ * be cleaned up via the vtable cleanup method.
+ */
+typedef long
+(*profile_module_init_fn)(const char *residual, struct profile_vtable *vtable,
+			  void **cb_ret);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* _KRB5_PROFILE_H */
diff --git a/krb5-1.21.3/src/util/profile/profile.pbexp b/krb5-1.21.3/src/util/profile/profile.pbexp
new file mode 100644
index 00000000..9033b54e
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/profile.pbexp
@@ -0,0 +1,33 @@
+#
+# Profile library Macintosh export file
+#
+# $Header$
+
+_profile_init
+_profile_init_path
+_FSp_profile_init
+_FSp_profile_init_path
+_profile_flush
+_profile_abandon
+_profile_release
+_profile_get_values
+_profile_free_list
+_profile_get_string
+_profile_get_boolean
+_profile_get_integer
+_profile_get_relation_names
+_profile_get_subsection_names
+_profile_iterator_create
+_profile_iterator_free
+_profile_iterator
+_profile_release_string
+_profile_update_relation
+_profile_clear_relation
+_profile_rename_section
+_profile_add_relation
+
+### Temporary -- DO NOT USE
+
+_profile_ser_internalize
+_profile_ser_externalize
+_profile_ser_size
diff --git a/krb5-1.21.3/src/util/profile/prtest.in b/krb5-1.21.3/src/util/profile/prtest.in
new file mode 100644
index 00000000..ef3efb30
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prtest.in
@@ -0,0 +1,36 @@
+#!/bin/sh
+SRCDIR=@srcdir@
+SCRIPT=$SRCDIR/prtest.script
+REPORT=prtest.report
+TESTPROG=./test_profile
+
+rm -f $REPORT
+
+if test -f $SCRIPT ; then 
+	: 
+else
+	echo "$SCRIPT not found!"
+	exit 1
+fi
+
+grep -v ^\# < $SCRIPT | while read filespec cmd args
+do
+	case $filespec in
+	krb5)
+		file=$SRCDIR/krb5.conf
+		;;
+	test)
+		file=$SRCDIR/test.ini
+		;;
+	*)
+		echo "Unknown file specifer $file!"
+		exit 1
+		;;
+	esac
+	if test $cmd = parse ; then
+	    echo \# test_parse $filespec   >> $REPORT 2>&1
+	    $TESTPARSE $file >> $REPORT    >> $REPORT 2>&1
+	fi
+	echo \# $filespec $cmd $args  >> $REPORT 2>&1
+	$TESTPROG $file $cmd $args    >> $REPORT 2>&1 
+done 
diff --git a/krb5-1.21.3/src/util/profile/prtest.script b/krb5-1.21.3/src/util/profile/prtest.script
new file mode 100644
index 00000000..5d5a1442
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/prtest.script
@@ -0,0 +1,11 @@
+krb5 query realms ATHENA.MIT.EDU kdc
+krb5 query1 realms ATHENA.MIT.EDU kdc
+krb5 query libdefaults ticket_lifetime
+krb5 query1 libdefaults ticket_lifetime
+krb5 query libdefaults not_present
+krb5 query1 libdefaults not_present
+krb5 list_sections libdefaults
+krb5 list_sections realms
+krb5 list_relations libdefaults
+krb5 list_relations realms
+krb5 list_relations realms ATHENA.MIT.EDU
diff --git a/krb5-1.21.3/src/util/profile/t_profile.c b/krb5-1.21.3/src/util/profile/t_profile.c
new file mode 100644
index 00000000..b0e715ba
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/t_profile.c
@@ -0,0 +1,389 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/profile/t_profile.c - profile library regression tests */
+/*
+ * Copyright (C) 2021 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <utime.h>
+#include "profile.h"
+
+static void
+check(long code)
+{
+    assert(code == 0);
+}
+
+static void
+check_fail(long code, long expected)
+{
+    assert(code == expected);
+}
+
+static void
+write_file(const char *name, int nlines, ...)
+{
+    FILE *f;
+    va_list ap;
+    int i;
+
+    (void)unlink(name);
+    f = fopen(name, "w");
+    assert(f != NULL);
+    va_start(ap, nlines);
+    for (i = 0; i < nlines; i++)
+        fprintf(f, "%s\n", va_arg(ap, char *));
+    va_end(ap);
+    fclose(f);
+}
+
+/* Regression test for #2685 (profile iterator breaks when modifications
+ * made) */
+static void
+test_iterate()
+{
+    profile_t p;
+    void *iter;
+    const char *names[] = { "test section 1", "child_section", "child", NULL };
+    const char *values[] = { "slick", "harry", "john", NULL };
+    char *name, *value;
+    int i;
+
+    check(profile_init_path("test2.ini", &p));
+
+    /* Iterate and check for the expected values. */
+    check(profile_iterator_create(p, names, 0, &iter));
+    for (i = 0;; i++) {
+        check(profile_iterator(&iter, &name, &value));
+        if (name == NULL && value == NULL)
+            break;
+        assert(strcmp(name, names[2]) == 0);
+        assert(values[i] != NULL);
+        assert(strcmp(value, values[i]) == 0);
+        profile_release_string(name);
+        profile_release_string(value);
+    }
+    assert(values[i] == NULL);
+    profile_iterator_free(&iter);
+
+    /* Iterate again, deleting each value as we go.  Flush the result to a
+     * separate file. */
+    check(profile_iterator_create(p, names, 0, &iter));
+    for (;;) {
+        check(profile_iterator(&iter, NULL, &value));
+        if (value == NULL)
+            break;
+        check(profile_update_relation(p, names, value, NULL));
+        profile_release_string(value);
+    }
+    profile_iterator_free(&iter);
+    (void)unlink("test3.ini");
+    profile_flush_to_file(p, "test3.ini");
+
+    profile_abandon(p);
+
+    /* Check that no values for the section are found in the resulting file. */
+    check(profile_init_path("test3.ini", &p));
+    check(profile_iterator_create(p, names, 0, &iter));
+    check(profile_iterator(&iter, &name, &value));
+    assert(name == NULL && value == NULL);
+    profile_iterator_free(&iter);
+    profile_abandon(p);
+}
+
+/*
+ * Regression test for a 1.4-era bug where updating the underlying file data of
+ * a profile object lost track of the flag indicating that it was part of the
+ * global shared profiles list.
+ */
+static void
+test_shared()
+{
+    profile_t a, b;
+    struct utimbuf times;
+
+    system("cp test2.ini test3.ini");
+
+    /* Create an entry in the shared table. */
+    check(profile_init_path("test3.ini", &a));
+
+    /*
+     * Force an update of the underlying data.  With the bug present, the
+     * shared flag is erroneously cleared.  The easiest way to force an update
+     * is to reopen the file (since we don't enforce the one-stat-per-second
+     * limit during open) after changing the timestamp.
+     */
+    times.actime = time(NULL) + 2;
+    times.modtime = times.actime;
+    utime("test3.ini", &times);
+    check(profile_init_path("test3.ini", &b));
+    profile_release(b);
+
+    /* Release the profile.  With the bug present, a dangling reference is left
+     * behind in the shared table. */
+    profile_release(a);
+
+    /* Open the profile again to dereference the dangling pointer if one was
+     * created. */
+    check(profile_init_path("test3.ini", &a));
+    profile_release(a);
+}
+
+/* Regression test for #2950 (profile_clear_relation not reflected within
+ * handle where deletion is performed) */
+static void
+test_clear()
+{
+    profile_t p;
+    const char *names[] = { "test section 1", "quux", NULL };
+    char **values, **dummy;
+
+    check(profile_init_path("test2.ini", &p));
+    check(profile_get_values(p, names, &values));
+    check(profile_clear_relation(p, names));
+    check_fail(profile_get_values(p, names, &dummy), PROF_NO_RELATION);
+    check(profile_add_relation(p, names, values[0]));
+    profile_free_list(values);
+    check(profile_get_values(p, names, &values));
+    assert(values[0] != NULL && values[1] == NULL);
+    profile_free_list(values);
+    profile_abandon(p);
+}
+
+static void
+test_include()
+{
+    profile_t p;
+    const char *names[] = { "test section 1", "bar", NULL };
+    char **values;
+
+    /* Test expected error code when including nonexistent file. */
+    write_file("testinc.ini", 1, "include does-not-exist");
+    check_fail(profile_init_path("testinc.ini", &p), PROF_FAIL_INCLUDE_FILE);
+
+    /* Test expected error code when including nonexistent directory. */
+    write_file("testinc.ini", 1, "includedir does-not-exist");
+    check_fail(profile_init_path("testinc.ini", &p), PROF_FAIL_INCLUDE_DIR);
+
+    /* Test including a file. */
+    write_file("testinc.ini", 1, "include test2.ini");
+    check(profile_init_path("testinc.ini", &p));
+    check(profile_get_values(p, names, &values));
+    assert(strcmp(values[0], "foo") == 0 && values[1] == NULL);
+    profile_free_list(values);
+    profile_release(p);
+
+    /*
+     * Test including a directory.  Put four copies of test2.ini inside the
+     * directory, two with invalid names.  Check that we get two values for one
+     * of the variables.
+     */
+    system("rm -rf test_include_dir");
+    system("mkdir test_include_dir");
+    system("cp test2.ini test_include_dir/a");
+    system("cp test2.ini test_include_dir/a~");
+    system("cp test2.ini test_include_dir/b.conf");
+    system("cp test2.ini test_include_dir/b.conf.rpmsave");
+    write_file("testinc.ini", 1, "includedir test_include_dir");
+    check(profile_init_path("testinc.ini", &p));
+    check(profile_get_values(p, names, &values));
+    assert(strcmp(values[0], "foo") == 0);
+    assert(strcmp(values[1], "foo") == 0);
+    assert(values[2] == NULL);
+    profile_free_list(values);
+    profile_release(p);
+
+    /* Directly list the directory in the profile path and try again. */
+    check(profile_init_path("test_include_dir", &p));
+    check(profile_get_values(p, names, &values));
+    assert(strcmp(values[0], "foo") == 0);
+    assert(strcmp(values[1], "foo") == 0);
+    assert(values[2] == NULL);
+    profile_free_list(values);
+    profile_release(p);
+}
+
+/* Test syntactic independence of included profile files. */
+static void
+test_independence()
+{
+    profile_t p;
+    const char *names1[] = { "sec1", "var", "a", NULL };
+    const char *names2[] = { "sec2", "b", NULL };
+    const char *names3[] = { "sec1", "var", "c", NULL };
+    char **values;
+
+    write_file("testinc.ini", 6, "[sec1]", "var = {", "a = 1",
+               "include testinc2.ini", "c = 3", "}");
+    write_file("testinc2.ini", 2, "[sec2]", "b = 2");
+
+    check(profile_init_path("testinc.ini", &p));
+    check(profile_get_values(p, names1, &values));
+    assert(strcmp(values[0], "1") == 0 && values[1] == NULL);
+    profile_free_list(values);
+    check(profile_get_values(p, names2, &values));
+    assert(strcmp(values[0], "2") == 0 && values[1] == NULL);
+    profile_free_list(values);
+    check(profile_get_values(p, names3, &values));
+    assert(strcmp(values[0], "3") == 0 && values[1] == NULL);
+    profile_free_list(values);
+    profile_release(p);
+}
+
+/* Regression test for #7971 (deleted sections should not be iterable) */
+static void
+test_delete_section()
+{
+    profile_t p;
+    const char *sect[] = { "test section 1", NULL };
+    const char *newrel[] = { "test section 1", "testkey", NULL };
+    const char *oldrel[] = { "test section 1", "child", NULL };
+    char **values;
+
+    check(profile_init_path("test2.ini", &p));
+
+    /* Remove and replace a section. */
+    check(profile_rename_section(p, sect, NULL));
+    check(profile_add_relation(p, sect, NULL));
+    check(profile_add_relation(p, newrel, "6"));
+
+    /* Check that we can read the new relation but not the old one. */
+    check(profile_get_values(p, newrel, &values));
+    assert(strcmp(values[0], "6") == 0 && values[1] == NULL);
+    profile_free_list(values);
+    check_fail(profile_get_values(p, oldrel, &values), PROF_NO_RELATION);
+    profile_abandon(p);
+}
+
+/* Regression test for #7971 (profile_clear_relation() error with deleted node
+ * at end of value set) */
+static void
+test_delete_clear_relation()
+{
+    profile_t p;
+    const char *names[] = { "test section 1", "testkey", NULL };
+
+    check(profile_init_path("test2.ini", &p));
+    check(profile_add_relation(p, names, "1"));
+    check(profile_add_relation(p, names, "2"));
+    check(profile_update_relation(p, names, "2", NULL));
+    check(profile_clear_relation(p, names));
+    profile_abandon(p);
+}
+
+/* Test that order of relations is preserved if some relations are deleted. */
+static void
+test_delete_ordering()
+{
+    profile_t p;
+    const char *names[] = { "test section 1", "testkey", NULL };
+    char **values;
+
+    check(profile_init_path("test2.ini", &p));
+    check(profile_add_relation(p, names, "1"));
+    check(profile_add_relation(p, names, "2"));
+    check(profile_add_relation(p, names, "3"));
+    check(profile_update_relation(p, names, "2", NULL));
+    check(profile_add_relation(p, names, "4"));
+    check(profile_get_values(p, names, &values));
+    assert(strcmp(values[0], "1") == 0);
+    assert(strcmp(values[1], "3") == 0);
+    assert(strcmp(values[2], "4") == 0);
+    assert(values[3] == NULL);
+    profile_free_list(values);
+    profile_abandon(p);
+}
+
+/* Regression test for #8431 (profile_flush_to_file erroneously changes flag
+ * state on source object) */
+static void
+test_flush_to_file()
+{
+    profile_t p;
+
+    /* Flush a profile object to a file without making any changes, so that the
+     * source object is still within g_shared_trees. */
+    check(profile_init_path("test2.ini", &p));
+    unlink("test3.ini");
+    check(profile_flush_to_file(p, "test3.ini"));
+    profile_release(p);
+
+    /* Check for a dangling reference in g_shared_trees by creating another
+     * profile object. */
+    profile_init_path("test2.ini", &p);
+    profile_release(p);
+}
+
+/* Regression test for #7863 (multiply-specified subsections should
+ * be merged) */
+static void
+test_merge_subsections()
+{
+    profile_t p;
+    const char *n1[] = { "test section 2", "child_section2", "child", NULL };
+    const char *n2[] = { "test section 2", "child_section2", "chores", NULL };
+    char **values;
+
+    check(profile_init_path("test2.ini", &p));
+
+    check(profile_get_values(p, n1, &values));
+    assert(strcmp(values[0], "slick") == 0);
+    assert(strcmp(values[1], "harry") == 0);
+    assert(strcmp(values[2], "john\tb ") == 0);
+    assert(strcmp(values[3], "ron") == 0);
+    assert(values[4] == NULL);
+    profile_free_list(values);
+
+    check(profile_get_values(p, n2, &values));
+    assert(strcmp(values[0], "cleaning") == 0 && values[1] == NULL);
+    profile_free_list(values);
+
+    profile_release(p);
+}
+
+int
+main()
+{
+    test_iterate();
+    test_shared();
+    test_clear();
+    test_include();
+    test_independence();
+    test_delete_section();
+    test_delete_clear_relation();
+    test_delete_ordering();
+    test_flush_to_file();
+    test_merge_subsections();
+}
diff --git a/krb5-1.21.3/src/util/profile/test.ini b/krb5-1.21.3/src/util/profile/test.ini
new file mode 100644
index 00000000..6622df10
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/test.ini
@@ -0,0 +1,53 @@
+this is a comment.  Everything up to the first square brace is ignored.
+
+[test section 2]
+	test_child = "foo\nbar"
+	child_section2 = "one"
+	child_section2 = {
+		child = slick
+		child = harry
+		child = "john\tb "
+	}
+	child_section2 = foo
+
+[test section 2]
+	child_section2 = {
+		child = ron
+		chores = cleaning
+	}
+
+[realms]
+ATHENA.MIT.EDU = {
+	server = KERBEROS.MIT.EDU:88
+	server = KERBEROS1.MIT.EDU
+	server = KERBEROS2.MIT.EDU
+	admin = KERBEROS.MIT.EDU
+	etype = DES-MD5
+}
+	
+
+
+[test section 1]
+    foo = "bar "
+
+[test section 2]
+	quux = "bar"
+	frep = bar
+	kappa = alpha
+	beta = epsilon
+
+[test section 1]
+    bar = foo
+	foo = bar2
+    quux = zap
+	foo = bar3
+	child_section = {
+		child = slick
+		child = harry
+		child = john
+	}
+	child_section = foo
+
+
+
+
diff --git a/krb5-1.21.3/src/util/profile/test_load.c b/krb5-1.21.3/src/util/profile/test_load.c
new file mode 100644
index 00000000..cb870eff
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/test_load.c
@@ -0,0 +1,51 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/profile/test_load.c - Test harness for loadable profile modules */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include "profile.h"
+#include "prof_int.h"
+
+int
+main()
+{
+    profile_t pr, pr2;
+    const char *files[] = { "./modtest.conf", NULL };
+    char **values;
+
+    assert(profile_init_flags(files, PROFILE_INIT_ALLOW_MODULE, &pr) == 0);
+    assert(profile_copy(pr, &pr2) == 0);
+    assert(profile_get_values(pr, NULL, &values) == 0);
+    assert(strcmp(values[0], "teststring") == 0);
+    assert(strcmp(values[1], "0") == 0);
+    profile_free_list(values);
+    assert(profile_get_values(pr2, NULL, &values) == 0);
+    assert(strcmp(values[0], "teststring") == 0);
+    assert(strcmp(values[1], "1") == 0);
+    profile_release(pr);
+    profile_abandon(pr2);
+    profile_free_list(values);
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/test_parse.c b/krb5-1.21.3/src/util/profile/test_parse.c
new file mode 100644
index 00000000..9f2631e9
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/test_parse.c
@@ -0,0 +1,55 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "prof_int.h"
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#include <errno.h>
+#include <ctype.h>
+
+void dump_profile (struct profile_node *root, int level);
+
+int main(argc, argv)
+    int     argc;
+    char    **argv;
+{
+    struct profile_node *root;
+    unsigned long retval;
+    FILE *f;
+
+    initialize_prof_error_table();
+    if (argc != 2) {
+        fprintf(stderr, "%s: Usage <filename>\n", argv[0]);
+        exit(1);
+    }
+
+    f = fopen(argv[1], "r");
+    if (!f) {
+        perror(argv[1]);
+        exit(1);
+    }
+
+    retval = profile_parse_file(f, &root, NULL);
+    if (retval) {
+        printf("profile_parse_file error %s\n",
+               error_message((errcode_t) retval));
+        exit(1);
+    }
+    fclose(f);
+
+    printf("\n\nDebugging dump.\n");
+    profile_write_tree_file(root, stdout);
+
+    retval = profile_verify_node(root);
+    if (retval) {
+        printf("profile_verify_node reported an error: %s\n",
+               error_message((errcode_t) retval));
+        exit(1);
+    }
+
+    profile_free_node(root);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/test_profile.c b/krb5-1.21.3/src/util/profile/test_profile.c
new file mode 100644
index 00000000..6f6fcc7a
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/test_profile.c
@@ -0,0 +1,167 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * test_profile.c --- testing program for the profile routine
+ */
+
+#include "prof_int.h"
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#include "argv_parse.h"
+#include "com_err.h"
+
+const char *program_name = "test_profile";
+
+#define PRINT_VALUE     1
+#define PRINT_VALUES    2
+
+static void do_batchmode(profile)
+    profile_t       profile;
+{
+    errcode_t       retval;
+    int             argc, ret;
+    char            **argv, **values, *value, **cpp;
+    char            buf[256];
+    const char      **names, *name;
+    char            *cmd;
+    int             print_status;
+
+    while (!feof(stdin)) {
+        if (fgets(buf, sizeof(buf), stdin) == NULL)
+            break;
+        printf(">%s", buf);
+        ret = argv_parse(buf, &argc, &argv);
+        if (ret != 0) {
+            printf("Argv_parse returned %d!\n", ret);
+            continue;
+        }
+        cmd = *(argv);
+        names = (const char **) argv + 1;
+        print_status = 0;
+        retval = 0;
+        if (cmd == 0) {
+            argv_free(argv);
+            continue;
+        }
+        if (!strcmp(cmd, "query")) {
+            retval = profile_get_values(profile, names, &values);
+            print_status = PRINT_VALUES;
+        } else if (!strcmp(cmd, "query1")) {
+            retval = profile_get_value(profile, names, &value);
+            print_status = PRINT_VALUE;
+        } else if (!strcmp(cmd, "list_sections")) {
+            retval = profile_get_subsection_names(profile, names,
+                                                  &values);
+            print_status = PRINT_VALUES;
+        } else if (!strcmp(cmd, "list_relations")) {
+            retval = profile_get_relation_names(profile, names,
+                                                &values);
+            print_status = PRINT_VALUES;
+        } else if (!strcmp(cmd, "dump")) {
+            retval = profile_write_tree_file
+                (profile->first_file->data->root, stdout);
+        } else if (!strcmp(cmd, "clear")) {
+            retval = profile_clear_relation(profile, names);
+        } else if (!strcmp(cmd, "update")) {
+            retval = profile_update_relation(profile, names+2,
+                                             *names, *(names+1));
+        } else if (!strcmp(cmd, "verify")) {
+            retval = profile_verify_node
+                (profile->first_file->data->root);
+        } else if (!strcmp(cmd, "rename_section")) {
+            retval = profile_rename_section(profile, names+1,
+                                            *names);
+        } else if (!strcmp(cmd, "add")) {
+            name = *names;
+            if (strcmp(name, "NULL") == 0)
+                name = NULL;
+            retval = profile_add_relation(profile, names+1, name);
+        } else if (!strcmp(cmd, "flush")) {
+            retval = profile_flush(profile);
+        } else {
+            printf("Invalid command.\n");
+        }
+        if (retval) {
+            com_err(cmd, retval, "");
+            print_status = 0;
+        }
+        switch (print_status) {
+        case PRINT_VALUE:
+            printf("%s\n", value);
+            profile_release_string(value);
+            break;
+        case PRINT_VALUES:
+            for (cpp = values; *cpp; cpp++)
+                printf("%s\n", *cpp);
+            profile_free_list(values);
+            break;
+        }
+        printf("\n");
+        argv_free(argv);
+    }
+    profile_release(profile);
+    exit(0);
+
+}
+
+
+int main(argc, argv)
+    int         argc;
+    char        **argv;
+{
+    profile_t   profile;
+    long        retval;
+    char        **values, *value, **cpp;
+    const char  **names;
+    char        *cmd;
+    int         print_value = 0;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s filename [cmd argset]\n", program_name);
+        exit(1);
+    }
+
+    initialize_prof_error_table();
+
+    retval = profile_init_path(argv[1], &profile);
+    if (retval) {
+        com_err(program_name, retval, "while initializing profile");
+        exit(1);
+    }
+    cmd = *(argv+2);
+    names = (const char **) argv+3;
+    if (!cmd || !strcmp(cmd, "batch"))
+        do_batchmode(profile);
+    if (!strcmp(cmd, "query")) {
+        retval = profile_get_values(profile, names, &values);
+    } else if (!strcmp(cmd, "query1")) {
+        retval = profile_get_value(profile, names, &value);
+        print_value++;
+    } else if (!strcmp(cmd, "list_sections")) {
+        retval = profile_get_subsection_names(profile, names, &values);
+    } else if (!strcmp(cmd, "list_relations")) {
+        retval = profile_get_relation_names(profile, names, &values);
+    } else {
+        fprintf(stderr, "Invalid command.\n");
+        exit(1);
+    }
+    if (retval) {
+        com_err(argv[0], retval, "while getting values");
+        profile_release(profile);
+        exit(1);
+    }
+    if (print_value) {
+        printf("%s\n", value);
+    } else {
+        for (cpp = values; *cpp; cpp++)
+            printf("%s\n", *cpp);
+        profile_free_list(values);
+    }
+    profile_release(profile);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/test_vtable.c b/krb5-1.21.3/src/util/profile/test_vtable.c
new file mode 100644
index 00000000..9a0b2278
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/test_vtable.c
@@ -0,0 +1,303 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/profile/test_vtable.c - Test program for vtable-backed profiles */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This test program exercises vtable profile functionality using two vtables,
+ * one which implements just the basic methods and one which implements all of
+ * the methods.  The program doesn't attempt to create a working profile
+ * implementation; it just verifies the expected control flow into the vtable
+ * and back out to the caller.
+ */
+
+#include <k5-platform.h>
+#include "profile.h"
+
+static int basic_cbdata;
+static int full_cbdata;
+static const char *empty_names[] = { NULL };
+static const char *name_string = "get_string";
+static const char *name_int = "get_int";
+static const char *name_bool = "get_bool";
+
+static long
+basic_get_values(void *cbdata, const char *const *names, char ***ret_values)
+{
+    assert(cbdata == &basic_cbdata);
+    assert(names == empty_names);
+    *ret_values = calloc(3, sizeof(*ret_values));
+    (*ret_values)[0] = strdup("one");
+    (*ret_values)[1] = strdup("two");
+    (*ret_values)[2] = NULL;
+    return 0;
+}
+
+static void
+free_values(void *cbdata, char **values)
+{
+    char **v;
+
+    for (v = values; *v; v++)
+        free(*v);
+    free(values);
+}
+
+static long
+full_get_values(void *cbdata, const char *const *names, char ***ret_values)
+{
+    assert(cbdata == &full_cbdata);
+    *ret_values = calloc(2, sizeof(*ret_values));
+    if (names[0] == name_string)
+        (*ret_values)[0] = strdup("string result");
+    else if (names[0] == name_int)
+        (*ret_values)[0] = strdup("23");
+    else if (names[0] == name_bool)
+        (*ret_values)[0] = strdup("on");
+    else {
+        free(*ret_values);
+        return PROF_NO_RELATION;
+    }
+    (*ret_values)[1] = NULL;
+    return 0;
+}
+
+static void
+full_cleanup(void *cbdata)
+{
+    assert(cbdata == &full_cbdata);
+}
+
+static long
+full_copy(void *cbdata, void **ret_cbdata)
+{
+    assert(cbdata == &full_cbdata);
+    *ret_cbdata = &full_cbdata;
+    return 0;
+}
+
+struct iterator {
+    int count;
+};
+
+static long
+full_iterator_create(void *cbdata, const char *const *names, int flags,
+                     void **ret_iter)
+{
+    struct iterator *iter;
+
+    assert(cbdata == &full_cbdata);
+    assert(names == empty_names);
+    assert(flags == 126);
+    iter = malloc(sizeof(*iter));
+    iter->count = 0;
+    *ret_iter = iter;
+    return 0;
+}
+
+static long
+full_iterator(void *cbdata, void *iter_arg, char **ret_name, char **ret_value)
+{
+    struct iterator *iter = iter_arg;
+
+    assert(cbdata == &full_cbdata);
+    assert(iter->count >= 0 && iter->count <= 2);
+    if (iter->count == 0) {
+        *ret_name = strdup("name1");
+        *ret_value = strdup("value1");
+    } else if (iter->count == 1) {
+        *ret_name = strdup("name2");
+        *ret_value = NULL;
+    } else {
+        *ret_name = NULL;
+        *ret_value = NULL;
+    }
+    iter->count++;
+    return 0;
+}
+
+static void
+full_iterator_free(void *cbdata, void *iter_arg)
+{
+    struct iterator *iter = iter_arg;
+
+    assert(cbdata == &full_cbdata);
+    assert(iter->count == 3);
+    free(iter);
+}
+
+static void
+full_free_string(void *cbdata, char *string)
+{
+    assert(cbdata == &full_cbdata);
+    free(string);
+}
+
+static long
+full_writable(void *cbdata, int *writable)
+{
+    assert(cbdata == &full_cbdata);
+    *writable = 12;
+    return 0;
+}
+
+static long
+full_modified(void *cbdata, int *modified)
+{
+    assert(cbdata == &full_cbdata);
+    *modified = 6;
+    return 0;
+}
+
+static long
+full_update_relation(void *cbdata, const char **names,
+                     const char *old_value, const char *new_value)
+{
+    assert(cbdata == &full_cbdata);
+    assert(names == empty_names);
+    assert(old_value == name_string || old_value == NULL);
+    assert(new_value == NULL);
+    return 0;
+}
+
+static long
+full_rename_section(void *cbdata, const char **names, const char *new_name)
+{
+    assert(cbdata == &full_cbdata);
+    assert(names == empty_names);
+    assert(new_name == name_int);
+    return 0;
+}
+
+static long
+full_add_relation(void *cbdata, const char **names, const char *new_value)
+{
+    assert(cbdata == &full_cbdata);
+    assert(names == empty_names);
+    assert(new_value == name_bool);
+    return 0;
+}
+
+static long
+full_flush(void *cbdata)
+{
+    assert(cbdata == &full_cbdata);
+    return 0;
+}
+
+struct profile_vtable basic_vtable = {
+    1,
+    basic_get_values,
+    free_values,
+};
+
+struct profile_vtable full_vtable = {
+    1,
+    full_get_values,
+    free_values,
+    full_cleanup,
+    full_copy,
+
+    full_iterator_create,
+    full_iterator,
+    full_iterator_free,
+    full_free_string,
+
+    full_writable,
+    full_modified,
+    full_update_relation,
+    full_rename_section,
+    full_add_relation,
+    full_flush
+};
+
+int main()
+{
+    profile_t profile;
+    char **values, *str, *name, *value;
+    void *iter;
+    int intval;
+
+    assert(profile_init_vtable(&basic_vtable, &basic_cbdata, &profile) == 0);
+    assert(profile_get_values(profile, empty_names, &values) == 0);
+    assert(strcmp(values[0], "one") == 0);
+    assert(strcmp(values[1], "two") == 0);
+    assert(values[2] == NULL);
+    profile_free_list(values);
+    assert(profile_iterator_create(profile, NULL, 0, &iter) ==
+           PROF_UNSUPPORTED);
+    assert(profile_is_writable(profile, &intval) == 0);
+    assert(intval == 0);
+    assert(profile_is_modified(profile, &intval) == 0);
+    assert(intval == 0);
+    assert(profile_update_relation(profile, NULL, NULL, NULL) ==
+           PROF_UNSUPPORTED);
+    assert(profile_clear_relation(profile, NULL) == PROF_UNSUPPORTED);
+    assert(profile_rename_section(profile, NULL, NULL) == PROF_UNSUPPORTED);
+    assert(profile_add_relation(profile, NULL, NULL) == PROF_UNSUPPORTED);
+    profile_flush(profile);
+    profile_abandon(profile);
+
+    assert(profile_init_vtable(&full_vtable, &full_cbdata, &profile) == 0);
+    assert(profile_get_string(profile, name_string, NULL, NULL, "wrong",
+                              &str) == 0);
+    assert(strcmp(str, "string result") == 0);
+    profile_release_string(str);
+    assert(profile_get_integer(profile, name_int, NULL, NULL, 24,
+                               &intval) == 0);
+    assert(intval == 23);
+    assert(profile_get_boolean(profile, name_bool, NULL, NULL, 0,
+                               &intval) == 0);
+    assert(intval == 1);
+    assert(profile_get_integer(profile, "xxx", NULL, NULL, 62, &intval) == 0);
+    assert(intval == 62);
+
+    assert(profile_iterator_create(profile, empty_names, 126, &iter) == 0);
+    assert(profile_iterator(&iter, &name, &value) == 0);
+    assert(strcmp(name, "name1") == 0);
+    assert(strcmp(value, "value1") == 0);
+    profile_release_string(name);
+    profile_release_string(value);
+    assert(profile_iterator(&iter, &name, &value) == 0);
+    assert(strcmp(name, "name2") == 0);
+    assert(value == NULL);
+    profile_release_string(name);
+    assert(profile_iterator(&iter, &name, &value) == 0);
+    assert(iter == NULL);
+    assert(name == NULL);
+    assert(value == NULL);
+
+    assert(profile_is_writable(profile, &intval) == 0);
+    assert(intval == 12);
+    assert(profile_is_modified(profile, &intval) == 0);
+    assert(intval == 6);
+    assert(profile_update_relation(profile, empty_names, name_string,
+                                   NULL) == 0);
+    assert(profile_clear_relation(profile, empty_names) == 0);
+    assert(profile_rename_section(profile, empty_names, name_int) == 0);
+    assert(profile_add_relation(profile, empty_names, name_bool) == 0);
+    profile_release(profile);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/profile/testmod/Makefile.in b/krb5-1.21.3/src/util/profile/testmod/Makefile.in
new file mode 100644
index 00000000..48a44643
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/testmod/Makefile.in
@@ -0,0 +1,21 @@
+mydir=util$(S)profile$(S)testmod
+BUILDTOP=$(REL)..$(S)..$(S)..
+
+LOCALINCLUDES = -I.. -I$(srcdir)/..
+
+LIBBASE=proftest
+LIBMAJOR=0
+LIBMINOR=0
+
+SHLIB_EXPLIBS=$(SUPPORT_LIB) $(LIBS)
+SHLIB_EXPDEPS=$(SUPPORT_DEPLIB)
+
+STLIBOBJS=testmod_main.o
+
+SRCS=$(srcdir)/testmod_main.c
+
+check-unix: proftest$(DYNOBJEXT)
+clean-unix:: clean-libs clean-libobjs
+
+@libnover_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/util/profile/testmod/deps b/krb5-1.21.3/src/util/profile/testmod/deps
new file mode 100644
index 00000000..1dcb8dc3
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/testmod/deps
@@ -0,0 +1,7 @@
+#
+# Generated makefile dependencies follow.
+#
+testmod_main.so testmod_main.po $(OUTPRE)testmod_main.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h testmod_main.c
diff --git a/krb5-1.21.3/src/util/profile/testmod/proftest.exports b/krb5-1.21.3/src/util/profile/testmod/proftest.exports
new file mode 100644
index 00000000..b1b975ff
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/testmod/proftest.exports
@@ -0,0 +1 @@
+profile_module_init
diff --git a/krb5-1.21.3/src/util/profile/testmod/testmod_main.c b/krb5-1.21.3/src/util/profile/testmod/testmod_main.c
new file mode 100644
index 00000000..126b199d
--- /dev/null
+++ b/krb5-1.21.3/src/util/profile/testmod/testmod_main.c
@@ -0,0 +1,104 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/profile/proftest/test.c - Test dynamic profile module */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This file implements a very simple profile module which just returns the
+ * residual string and the number of copies in response to any query.  The full
+ * range of vtable profile operations is tested elsewhere.
+ */
+
+#include "k5-platform.h"
+#include "profile.h"
+
+struct data {
+    char *residual;
+    int gen;
+};
+
+static long
+get_values(void *cbdata, const char *const *names, char ***ret_values)
+{
+    struct data *d = cbdata;
+
+    *ret_values = calloc(3, sizeof(*ret_values));
+    (*ret_values)[0] = strdup(d->residual);
+    asprintf(&(*ret_values)[1], "%d", d->gen);
+    (*ret_values)[2] = NULL;
+    return 0;
+}
+
+static void
+free_values(void *cbdata, char **values)
+{
+    char **v;
+
+    for (v = values; *v; v++)
+        free(*v);
+    free(values);
+}
+
+static void
+cleanup(void *cbdata)
+{
+    struct data *d = cbdata;
+
+    free(d->residual);
+    free(d);
+}
+
+static long
+copy(void *cbdata, void **ret_cbdata)
+{
+    struct data *old_data = cbdata, *new_data;
+
+    new_data = malloc(sizeof(*new_data));
+    new_data->residual = strdup(old_data->residual);
+    new_data->gen = old_data->gen + 1;
+    *ret_cbdata = new_data;
+    return 0;
+}
+
+long
+profile_module_init(const char *residual, struct profile_vtable *vtable,
+                    void **cb_ret);
+
+long
+profile_module_init(const char *residual, struct profile_vtable *vtable,
+                    void **cb_ret)
+{
+    struct data *d;
+
+    d = malloc(sizeof(*d));
+    d->residual = strdup(residual);
+    d->gen = 0;
+    *cb_ret = d;
+
+    vtable->get_values = get_values;
+    vtable->free_values = free_values;
+    vtable->cleanup = cleanup;
+    vtable->copy = copy;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/ss/Makefile.in b/krb5-1.21.3/src/util/ss/Makefile.in
new file mode 100644
index 00000000..0d99e874
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/Makefile.in
@@ -0,0 +1,129 @@
+mydir=util$(S)ss
+BUILDTOP=$(REL)..$(S)..
+SED = sed
+
+INSTALLLIB=cp
+INSTALLFILE=cp
+
+all:
+
+TOP=$(BUILDTOP)
+
+LIBBASE=ss
+LIBMAJOR=1
+LIBMINOR=0
+RELDIR=../util/ss
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+install-unix: install-libs
+
+# hard coded srcdir/.. is so that ss/ss.h works
+
+# hard coded .. is so that ss/ss_err.h works
+# hard coded ../et is so com_err.h works
+# CFLAGS= -g
+# CPPFLAGS= -I${INCDIR} -I. -I.. -I../et
+LOCALINCLUDES= -I. -I$(srcdir)/ $(RL_CFLAGS)
+
+# with ss_err.o first, ss_err.h should get rebuilt first too.  should not
+# be relying on this, though.
+STLIBOBJS=\
+	ss_err.o \
+	std_rqs.o \
+	invocation.o help.o \
+	execute_cmd.o listen.o parse.o error.o prompt.o \
+	request_tbl.o list_rqs.o pager.o requests.o \
+	data.o
+
+SRCS=	$(srcdir)/invocation.c $(srcdir)/help.c \
+	$(srcdir)/execute_cmd.c $(srcdir)/listen.c $(srcdir)/parse.c \
+	$(srcdir)/error.c $(srcdir)/prompt.c \
+	$(srcdir)/request_tbl.c $(srcdir)/list_rqs.c $(srcdir)/pager.c \
+	$(srcdir)/requests.c $(srcdir)/data.c
+EXTRADEPSRCS= ss_err.c std_rqs.c
+depend-dependencies: ss_err.h includes
+
+std_rqs.o: std_rqs.c ss_err.h
+
+MKCMDSOBJS=	mk_cmds.o utils.o options.o ct.tab.o cmd_tbl.lex.o
+
+#
+# stuff to build
+#
+
+all-unix:	mk_cmds ct_c.awk ct_c.sed includes # libss_p.a lint
+all-unix: all-liblinks
+all-windows:  all-unix
+
+dist:	archives
+
+install:
+
+includes: mk_cmds ct_c.sed ct_c.awk ss_err.h
+
+HDRDIR=$(BUILDTOP)/include/ss
+HDRS =	$(HDRDIR)/ss.h \
+	$(HDRDIR)/ss_err.h
+
+BUILD_HDRS = ss_err.h
+SRC_HDRS = ss.h 
+SRC_HDRS_DEP = $(srcdir)/ss.h
+
+generate-files-mac: ct_c.awk ct_c.sed std_rqs.c ss_err.h
+
+includes: $(HDRS)
+$(HDRDIR)/timestamp:
+	if [ -d $(HDRDIR) ] ; then :; else mkdir -p $(HDRDIR); fi
+	echo timestamp > $(HDRDIR)/timestamp
+$(HDRDIR)/ss.h: ss.h $(HDRDIR)/timestamp
+	$(RM) $(HDRDIR)/ss.h
+	$(CP) $(srcdir)/ss.h $(HDRDIR)/ss.h
+$(HDRDIR)/ss_err.h: ss_err.h $(HDRDIR)/timestamp
+	$(RM) $(HDRDIR)/ss_err.h
+	$(CP) ss_err.h $(HDRDIR)/ss_err.h
+
+clean-unix::
+	$(RM) $(HDRS) $(HDRDIR)/timestamp
+	$(RM) -r $(HDRDIR)
+
+std_rqs.c: std_rqs.ct mk_cmds ct_c.sed ct_c.awk
+
+ss_err.h: ss_err.et
+
+ss_err.c: ss_err.et
+
+depend: ss_err.h
+
+ct.tab.c ct.tab.h: ct.y
+	$(RM) ct.tab.* y.*
+	$(YACC) -d $(srcdir)/ct.y
+	$(MV) y.tab.c ct.tab.c
+	$(MV) y.tab.h ct.tab.h
+
+# install_library_target(ss,$(OBJS),$(SRCS),)
+
+mk_cmds: $(srcdir)/mk_cmds.sh $(srcdir)/config_script 
+	$(SHELL) $(srcdir)/config_script $(srcdir)/mk_cmds.sh . $(AWK) $(SED) > mk_cmds
+	chmod 755 mk_cmds	
+
+ct_c.awk: $(srcdir)/ct_c_awk.in
+	$(RM) $@
+	$(CP) $(srcdir)/ct_c_awk.in $@
+
+ct_c.sed: $(srcdir)/ct_c_sed.in
+	$(SED) -e '/^#/d' $(srcdir)/ct_c_sed.in > ct_c.sed
+
+clean:
+	$(RM) ss_err.o ss_err.c ss_err.h std_rqs.c
+	$(RM) mk_cmds ct_c.awk ct_c.sed $(MKCMDSOBJS)
+	rm -f *.o *~ \#* *.bak core \
+		ss_err.h ct.tab.c ct.tab.h cmd_tbl.lex.c \
+		lex.yy.c y.tab.c \
+		libss.a libss_p.a llib-lss.ln mk_cmds \
+		ss.ar ss.tar \
+		TAGS test_ss
+
+@libpriv_frag@
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/util/ss/config_script b/krb5-1.21.3/src/util/ss/config_script
new file mode 100755
index 00000000..5add600e
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/config_script
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# This program takes a shell script and configures for the following
+# variables:	@DIR@
+#		@AWK@
+#		@SED@
+#
+# Usage: config_script <filename> [<dir>] [<awk>] [<sed>]
+#
+
+FILE=$1
+DIR=$2
+AWK=$3
+SED=$4
+
+if test "${DIR}x" = "x" ; then
+	DIR=.
+fi
+DIR=`cd ${DIR}; pwd`
+if test "${AWK}x" = "x" ; then
+	AWK=awk
+fi
+if test "${SED}x" = "x" ; then
+	SED=sed
+fi
+
+
+sed -e "s;@DIR@;${DIR};" -e "s;@AWK@;${AWK};" -e "s;@SED@;${SED};" $FILE
diff --git a/krb5-1.21.3/src/util/ss/copyright.h b/krb5-1.21.3/src/util/ss/copyright.h
new file mode 100644
index 00000000..96042f8e
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/copyright.h
@@ -0,0 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+
+  Copyright 1987, 1989 by the Student Information Processing Board
+  of the Massachusetts Institute of Technology
+
+  Permission to use, copy, modify, and distribute this software
+  and its documentation for any purpose and without fee is
+  hereby granted, provided that the above copyright notice
+  appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation,
+  and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+  used in advertising or publicity pertaining to distribution
+  of the software without specific, written prior permission.
+  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. and the M.I.T. S.I.P.B. make no representations about
+  the suitability of this software for any purpose.  It is
+  provided "as is" without express or implied warranty.
+
+*/
diff --git a/krb5-1.21.3/src/util/ss/ct_c_awk.in b/krb5-1.21.3/src/util/ss/ct_c_awk.in
new file mode 100644
index 00000000..872f6e00
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/ct_c_awk.in
@@ -0,0 +1,77 @@
+/^command_table / {
+	cmdtbl = $2;
+	printf "/* %s.c - automatically generated from %s.ct */\n", \
+		rootname, rootname > outfile
+	print "#include <ss/ss.h>" > outfile
+	print "" >outfile
+	print "#ifndef __STDC__" > outfile
+	print "#define const" > outfile
+	print "#endif" > outfile
+	print "" > outfile
+}
+	
+/^BOR$/ {
+	cmdnum++
+	options = 0
+	cmdtab = ""
+	printf "static char const * const ssu%05d[] = {\n", cmdnum > outfile
+}
+
+/^sub/ {
+	subr = substr($0, 6, length($0)-5)
+}
+
+/^hlp/ {
+	help = substr($0, 6, length($0)-5)
+}
+
+/^cmd/ {
+	cmd = substr($0, 6, length($0)-5)
+	printf "%s\"%s\",\n", cmdtab, cmd > outfile
+	cmdtab = "    "
+}
+
+/^opt/ {
+	opt = substr($0, 6, length($0)-5)
+	if (opt == "dont_list") {
+		options += 1
+	}
+	if (opt == "dont_summarize") {
+		options += 2
+	}
+}
+
+/^EOR/ {
+	print "    (char const *)0" > outfile
+	print "};" > outfile 
+	printf "extern void %s __SS_PROTO;\n", subr > outfile
+	subr_tab[cmdnum] = subr
+	options_tab[cmdnum] = options
+	help_tab[cmdnum] = help
+}
+
+/^[0-9]/ {
+	linenum = $1;
+}
+
+/^ERROR/ {
+	error = substr($0, 8, length($0)-7)
+	printf "Error in line %d: %s\n", linenum, error
+	print "#__ERROR_IN_FILE__" > outfile
+}
+
+END {
+	printf "static ss_request_entry ssu%05d[] = {\n", cmdnum+1 > outfile
+	for (i=1; i <= cmdnum; i++) {
+		printf "    { ssu%05d,\n", i > outfile
+		printf "      %s,\n", subr_tab[i] > outfile
+		printf "      \"%s\",\n", help_tab[i] > outfile
+		printf "      %d },\n", options_tab[i] > outfile
+	}
+	print "    { 0, 0, 0, 0 }" > outfile
+	print "};" > outfile
+	print "" > outfile
+	printf "ss_request_table %s = { 2, ssu%05d };\n", \
+		cmdtbl, cmdnum+1 > outfile
+}
+
diff --git a/krb5-1.21.3/src/util/ss/ct_c_sed.in b/krb5-1.21.3/src/util/ss/ct_c_sed.in
new file mode 100644
index 00000000..58c81105
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/ct_c_sed.in
@@ -0,0 +1,161 @@
+#
+# This script parses a command_table file into something which is a bit 
+# easier for an awk script to understand.
+#
+# Input syntax: a .ct file
+#
+# Output syntax:
+# (for the command_table line)
+#	command_table  <command_table>
+#
+#(for each request definition)
+#	BOR
+#	sub: <subroutine name>
+#	hlp: <help text>
+#	cmd: <command>
+#	opt: <option>
+#	EOR
+# (there may be more than one 'cmd' or 'opt' line
+#
+# A number sent to the output represents a parse error --- it will be 
+# followed by the next line which will have the form:
+#	ERROR: <error text>
+#
+# The design of this output syntax is such that it should be easy for
+# an awk script to parse.
+
+#
+# The first section of this script is just to cannoicalize the file.  
+# It removes comments, and puts each command_table request onto a single
+# line
+#
+:FIRST
+y/	/ /
+s/^ *//
+s/#.*$//
+/; *$/!{
+N
+y/	/ /
+s/\n */ /
+bFIRST
+}
+s/, */, /g
+/^$/d
+#
+# Now we take care of some syntactic sugar.....
+#
+/^unimplemented/ {
+	s/^unimplemented [A-Za-z_0-9]*/request ss_unimplemented/
+	s/;/, (dont_list, dont_summarize);/
+}
+/^unknown/ {
+	s/^unknown /request ss_unknown, "", /
+}
+#
+# Dispatch based on the keyword....  illegal keywords are prefixed by ERROR:
+# and are handled by the awk script.
+#
+/^command_table /bCMD
+/^request /bREQUEST
+/^end;/bEND
+s/ .*//
+s/^/ERROR: unknown keyword: /
+=
+b
+#
+# Handle the command_table keyword
+#
+:CMD
+s/;$//
+p
+d
+b
+#
+# Handle the request keyword --- this is the heart of the sed script.
+# 
+:REQUEST
+s/^request *//
+h
+i\
+BOR
+# First, parse out the subroutine name
+s/^/sub: /
+s/,.*//
+p
+# Next, parse out the help message, being careful to handle a quoted string
+g
+s/^[^,]*, *//
+h
+/^"/ {
+	s/^"//
+	s/".*//
+	x
+	s/^"[^"]*", *//
+	x
+	b EMITHLP
+}
+s/[^a-zA-Z0-9].*//
+x
+s/[a-zA-Z0-9]*, *//
+x
+:EMITHLP
+s/^/hlp: /
+p
+# Next take care of the command names
+:CMDLIST
+g
+/^(/b OPTIONS
+/^;/b EOR
+/^"/ {
+	s/^"//
+	s/".*//
+	x
+	s/^"[^"]*"//
+	s/, *//
+	x
+	b EMITREQ
+}
+s/[^A-Za-z_0-9].*//
+x
+s/[A-Za-z_0-9]*//
+s/, *//
+x
+:EMITREQ
+s/^/cmd: /
+p
+b CMDLIST
+#
+# Here we parse the list of options.
+#
+: OPTIONS
+g
+s/^(//
+h
+: OPTLIST
+/^)/ b EOR
+/^[^A-Za-z_0-9]/ {
+	=
+	c\
+ERROR: parse error in options list
+}
+s/[^A-Za-z_0-9].*//
+x
+s/[A-Za-z_0-9]*//
+s/, *//
+x
+s/^/opt: /
+p
+g
+b OPTLIST
+: EOR
+c\
+EOR\
+
+d
+b
+#
+# Handle the end keyword --- it's basically ignored.
+#
+:END
+d
+b
diff --git a/krb5-1.21.3/src/util/ss/data.c b/krb5-1.21.3/src/util/ss/data.c
new file mode 100644
index 00000000..e0b09959
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/data.c
@@ -0,0 +1,14 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988, 1989 Massachusetts Institute of Technology
+ * (Student Information Processing Board)
+ *
+ * For copyright info, see copyright.h.
+ */
+
+#include <stdio.h>
+#include "ss_internal.h"
+#include "copyright.h"
+
+ss_data **_ss_table = (ss_data **)NULL;
+char *_ss_pager_name = (char *)NULL;
diff --git a/krb5-1.21.3/src/util/ss/deps b/krb5-1.21.3/src/util/ss/deps
new file mode 100644
index 00000000..573ea855
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/deps
@@ -0,0 +1,59 @@
+#
+# Generated makefile dependencies follow.
+#
+invocation.so invocation.po $(OUTPRE)invocation.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h invocation.c \
+  ss.h ss_internal.h
+help.so help.po $(OUTPRE)help.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h help.c \
+  ss.h ss_internal.h
+execute_cmd.so execute_cmd.po $(OUTPRE)execute_cmd.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h execute_cmd.c \
+  ss.h ss_internal.h
+listen.so listen.po $(OUTPRE)listen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h listen.c \
+  ss.h ss_internal.h
+parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h parse.c \
+  ss.h ss_internal.h
+error.so error.po $(OUTPRE)error.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h error.c \
+  ss.h ss_internal.h
+prompt.so prompt.po $(OUTPRE)prompt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h prompt.c \
+  ss.h ss_internal.h
+request_tbl.so request_tbl.po $(OUTPRE)request_tbl.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h request_tbl.c \
+  ss.h ss_internal.h
+list_rqs.so list_rqs.po $(OUTPRE)list_rqs.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h list_rqs.c \
+  ss.h ss_internal.h
+pager.so pager.po $(OUTPRE)pager.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h pager.c \
+  ss.h ss_internal.h
+requests.so requests.po $(OUTPRE)requests.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h requests.c ss.h ss_internal.h
+data.so data.po $(OUTPRE)data.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h data.c \
+  ss.h ss_internal.h
+ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \
+  ss_err.c
+std_rqs.so std_rqs.po $(OUTPRE)std_rqs.$(OBJEXT): $(COM_ERR_DEPS) \
+  $(SS_DEPS) std_rqs.c
diff --git a/krb5-1.21.3/src/util/ss/error.c b/krb5-1.21.3/src/util/ss/error.c
new file mode 100644
index 00000000..b5768a62
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/error.c
@@ -0,0 +1,70 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1987, 1988, 1989 by MIT Student Information Processing
+ * Board
+ *
+ * For copyright information, see copyright.h.
+ */
+
+#include "ss_internal.h"
+#include "com_err.h"
+#include "copyright.h"
+
+char * ss_name(sci_idx)
+    int sci_idx;
+{
+    ss_data *infop;
+
+    infop = ss_info(sci_idx);
+    if (infop->current_request == (char const *)NULL) {
+        return strdup(infop->subsystem_name);
+    } else {
+        char *ret_val;
+        if (asprintf(&ret_val, "%s (%s)",
+                     infop->subsystem_name, infop->current_request) < 0)
+            return NULL;
+        return ret_val;
+    }
+}
+
+void ss_error (int sci_idx, long code, const char * fmt, ...)
+{
+    char *whoami;
+    va_list pvar;
+    va_start (pvar, fmt);
+    whoami = ss_name (sci_idx);
+    com_err_va (whoami, code, fmt, pvar);
+    free (whoami);
+    va_end(pvar);
+}
+
+void ss_perror (sci_idx, code, msg) /* for compatibility */
+    int sci_idx;
+    long code;
+    char const *msg;
+{
+    ss_error (sci_idx, code, "%s", msg);
+}
diff --git a/krb5-1.21.3/src/util/ss/execute_cmd.c b/krb5-1.21.3/src/util/ss/execute_cmd.c
new file mode 100644
index 00000000..c06ee565
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/execute_cmd.c
@@ -0,0 +1,208 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988, 1989 by Massachusetts Institute of Technology
+ *
+ * For copyright info, see copyright.h.
+ */
+
+#include "ss_internal.h"
+#include "copyright.h"
+#include <stdio.h>
+
+
+/*
+ * get_request(tbl, idx)
+ *
+ * Function:
+ *      Gets the idx'th request from the request table pointed to
+ *      by tbl.
+ * Arguments:
+ *      tbl (ss_request_table *)
+ *              pointer to request table
+ *      idx (int)
+ *              index into table
+ * Returns:
+ *      (ss_request_entry *)
+ *              pointer to request table entry
+ * Notes:
+ *      Has been replaced by a macro.
+ */
+
+#define get_request(tbl,idx)    ((tbl) -> requests + (idx))
+
+/*
+ * check_request_table(rqtbl, argc, argv, sci_idx)
+ *
+ * Function:
+ *      If the command string in argv[0] is in the request table, execute
+ *      the commands and return error code 0.  Otherwise, return error
+ *      code ss_et_command_not_found.
+ * Arguments:
+ *      rqtbl (ss_request_table *)
+ *              pointer to request table
+ *      argc (int)
+ *              number of elements in argv[]
+ *      argv (char *[])
+ *              argument string array
+ *      sci_idx (int)
+ *              ss-internal index for subsystem control info structure
+ * Returns:
+ *      (int)
+ *              zero if command found, ss_et_command_not_found otherwise
+ * Notes:
+ */
+
+static int check_request_table (rqtbl, argc, argv, sci_idx)
+    ss_request_table *rqtbl;
+    int argc;
+    char *argv[];
+    int sci_idx;
+{
+    ss_request_entry *request;
+    ss_data *info;
+    char const *const *name;
+    char *string = argv[0];
+    int i;
+
+    info = ss_info(sci_idx);
+    info->argc = argc;
+    info->argv = argv;
+    for (i = 0; (request = get_request(rqtbl, i))->command_names; i++) {
+        for (name = request->command_names; *name; name++)
+            if (!strcmp(*name, string)) {
+                info->current_request = request->command_names[0];
+                (request->function)(argc, (const char *const *) argv,
+                                    sci_idx,info->info_ptr);
+                info->current_request = (char *)NULL;
+                return(0);
+            }
+    }
+    return(SS_ET_COMMAND_NOT_FOUND);
+}
+
+/*
+ * really_execute_command(sci_idx, argc, argv)
+ *
+ * Function:
+ *      Fills in the argc, argv values in the subsystem entry and
+ *      call the appropriate routine.
+ * Arguments:
+ *      sci_idx (int)
+ *              ss-internal index for subsystem control info structure
+ *      argc (int)
+ *              number of arguments in argument list
+ *      argv (char **[])
+ *              pointer to parsed argument list (may be reallocated
+ *              on abbrev expansion)
+ *
+ * Returns:
+ *      (int)
+ *              Zero if successful, ss_et_command_not_found otherwise.
+ * Notes:
+ */
+
+static int really_execute_command (sci_idx, argc, argv)
+    int sci_idx;
+    int argc;
+    char **argv[];
+{
+    ss_request_table **rqtbl;
+    ss_data *info;
+
+    info = ss_info(sci_idx);
+
+    for (rqtbl = info->rqt_tables; *rqtbl; rqtbl++) {
+        if (check_request_table (*rqtbl, argc, *argv, sci_idx) == 0)
+            return(0);
+    }
+    return(SS_ET_COMMAND_NOT_FOUND);
+}
+
+/*
+ * ss_execute_command(sci_idx, argv)
+ *
+ * Function:
+ *      Executes a parsed command list within the subsystem.
+ * Arguments:
+ *      sci_idx (int)
+ *              ss-internal index for subsystem control info structure
+ *      argv (char *[])
+ *              parsed argument list
+ * Returns:
+ *      (int)
+ *              Zero if successful, ss_et_command_not_found otherwise.
+ * Notes:
+ */
+
+int
+ss_execute_command(sci_idx, argv)
+    int sci_idx;
+    char *argv[];
+{
+    unsigned int i, argc;
+    char **argp;
+    int ret;
+
+    argc = 0;
+    for (argp = argv; *argp; argp++)
+        argc++;
+    argp = (char **)malloc((argc+1)*sizeof(char *));
+    if (argp == NULL)
+        return(ENOMEM);
+    for (i = 0; i <= argc; i++)
+        argp[i] = argv[i];
+    ret = really_execute_command(sci_idx, argc, &argp);
+    free(argp);
+    return(ret);
+}
+
+/*
+ * ss_execute_line(sci_idx, line_ptr)
+ *
+ * Function:
+ *      Parses and executes a command line within a subsystem.
+ * Arguments:
+ *      sci_idx (int)
+ *              ss-internal index for subsystem control info structure
+ *      line_ptr (char *)
+ *              Pointer to command line to be parsed.
+ * Returns:
+ *      (int)
+ *              Error code.
+ * Notes:
+ */
+
+int ss_execute_line (sci_idx, line_ptr)
+    int sci_idx;
+    char *line_ptr;
+{
+    char **argv;
+    int argc, ret;
+
+    /* flush leading whitespace */
+    while (line_ptr[0] == ' ' || line_ptr[0] == '\t')
+        line_ptr++;
+
+    /* check if it should be sent to operating system for execution */
+    if (*line_ptr == '!') {
+        if (ss_info(sci_idx)->flags.escape_disabled)
+            return SS_ET_ESCAPE_DISABLED;
+        else {
+            line_ptr++;
+            system(line_ptr);
+            return 0;
+        }
+    }
+
+    /* parse it */
+    argv = ss_parse(sci_idx, line_ptr, &argc);
+    if (argc == 0)
+        return 0;
+
+    /* look it up in the request tables, execute if found */
+    ret = really_execute_command (sci_idx, argc, &argv);
+
+    free(argv);
+
+    return(ret);
+}
diff --git a/krb5-1.21.3/src/util/ss/help.c b/krb5-1.21.3/src/util/ss/help.c
new file mode 100644
index 00000000..6d333c97
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/help.c
@@ -0,0 +1,156 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright info, see copyright.h.
+ */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <sys/file.h>
+#include <fcntl.h>      /* just for O_* */
+#include <sys/wait.h>
+#include "ss_internal.h"
+#include "copyright.h"
+
+
+void ss_help (argc, argv, sci_idx, info_ptr)
+    int argc;
+    char const * const *argv;
+    int sci_idx;
+    pointer info_ptr;
+{
+    char buffer[MAXPATHLEN];
+    char const *request_name;
+    int code;
+    int fd, child;
+    int idx;
+    ss_data *info;
+
+    request_name = ss_current_request(sci_idx, &code);
+    if (code != 0) {
+        ss_perror(sci_idx, code, "");
+        return;         /* no ss_abort_line, if invalid invocation */
+    }
+    if (argc == 1) {
+        ss_list_requests(argc, argv, sci_idx, info_ptr);
+        return;
+    }
+    else if (argc != 2) {
+        /* should do something better than this */
+        snprintf(buffer, sizeof(buffer),
+                 "usage:\n\t%s [topic|command]\nor\t%s\n",
+                 request_name, request_name);
+        ss_perror(sci_idx, 0, buffer);
+        return;
+    }
+    info = ss_info(sci_idx);
+    if (info->info_dirs == (char **)NULL) {
+        ss_perror(sci_idx, SS_ET_NO_INFO_DIR, (char *)NULL);
+        return;
+    }
+    if (info->info_dirs[0] == (char *)NULL) {
+        ss_perror(sci_idx, SS_ET_NO_INFO_DIR, (char *)NULL);
+        return;
+    }
+    for (idx = 0; info->info_dirs[idx] != (char *)NULL; idx++) {
+        (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1);
+        buffer[sizeof(buffer) - 1] = '\0';
+        (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
+        (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
+        (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
+        if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it;
+    }
+    if ((fd = open(&buffer[0], O_RDONLY)) < 0) {
+        char buf[MAXPATHLEN];
+        strncpy(buf, "No info found for ", sizeof(buf) - 1);
+        buf[sizeof(buf) - 1] = '\0';
+        strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
+        ss_perror(sci_idx, 0, buf);
+        return;
+    }
+got_it:
+    switch (child = fork()) {
+    case -1:
+        ss_perror(sci_idx, errno, "Can't fork for pager");
+        close(fd);
+        return;
+    case 0:
+        (void) dup2(fd, 0); /* put file on stdin */
+        ss_page_stdin();
+    default:
+        (void) close(fd); /* what can we do if it fails? */
+#ifdef WAIT_USES_INT
+        while (wait((int *)NULL) != child) {
+#else
+            while (wait((union wait *)NULL) != child) {
+#endif
+                /* do nothing if wrong pid */
+            };
+        }
+    }
+
+#ifndef USE_DIRENT_H
+#include <sys/dir.h>
+#else
+#include <dirent.h>
+#endif
+
+    void ss_add_info_dir(sci_idx, info_dir, code_ptr)
+        int sci_idx;
+    char *info_dir;
+    int *code_ptr;
+    {
+        ss_data *info;
+        DIR *d;
+        int n_dirs;
+        char **dirs;
+
+        info = ss_info(sci_idx);
+        if ((info_dir == NULL) || (*info_dir == '\0')) {
+            *code_ptr = SS_ET_NO_INFO_DIR;
+            return;
+        }
+        if ((d = opendir(info_dir)) == (DIR *)NULL) {
+            *code_ptr = errno;
+            return;
+        }
+        closedir(d);
+        dirs = info->info_dirs;
+        for (n_dirs = 0; dirs[n_dirs] != (char *)NULL; n_dirs++)
+            ;               /* get number of non-NULL dir entries */
+        dirs = (char **)realloc((char *)dirs,
+                                (unsigned)(n_dirs + 2)*sizeof(char *));
+        if (dirs == (char **)NULL) {
+            info->info_dirs = (char **)NULL;
+            *code_ptr = errno;
+            return;
+        }
+        info->info_dirs = dirs;
+        dirs[n_dirs + 1] = (char *)NULL;
+        dirs[n_dirs] = strdup(info_dir);
+        *code_ptr = 0;
+    }
+
+    void ss_delete_info_dir(sci_idx, info_dir, code_ptr)
+        int sci_idx;
+    char *info_dir;
+    int *code_ptr;
+    {
+        char **i_d;
+        char **info_dirs;
+
+        info_dirs = ss_info(sci_idx)->info_dirs;
+        for (i_d = info_dirs; *i_d; i_d++) {
+            if (!strcmp(*i_d, info_dir)) {
+                while (*i_d) {
+                    *i_d = *(i_d+1);
+                    i_d++;
+                }
+                *code_ptr = 0;
+                return;
+            }
+        }
+        *code_ptr = SS_ET_NO_INFO_DIR;
+    }
diff --git a/krb5-1.21.3/src/util/ss/invocation.c b/krb5-1.21.3/src/util/ss/invocation.c
new file mode 100644
index 00000000..378bc3e9
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/invocation.c
@@ -0,0 +1,131 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+#include "ss_internal.h"
+#include "copyright.h"
+#define size    sizeof(ss_data *)
+
+/* XXX The memory in _ss_table never gets freed up until program exit!
+   If you change the code to free it and stick a null pointer into
+   _ss_table[sci_idx], make sure you change the allocation routine to
+   not assume there are no null pointers in the middle of the
+   array.  */
+int ss_create_invocation(subsystem_name, version_string, info_ptr,
+                         request_table_ptr, code_ptr)
+    char *subsystem_name, *version_string;
+    char *info_ptr;
+    ss_request_table *request_table_ptr;
+    int *code_ptr;
+{
+    int sci_idx;
+    ss_data *new_table;
+    ss_data **table, **tmp;
+
+    *code_ptr = 0;
+    table = _ss_table;
+    new_table = (ss_data *) malloc(sizeof(ss_data));
+    if (new_table == NULL) {
+        *code_ptr = errno;
+        return -1;
+    }
+
+    if (table == (ss_data **) NULL) {
+        table = (ss_data **) malloc(2 * size);
+        if (table == NULL) {
+            *code_ptr = errno;
+            return -1;
+        }
+        table[0] = table[1] = (ss_data *)NULL;
+        _ss_table = table;
+    }
+    initialize_ss_error_table ();
+
+    for (sci_idx = 1; table[sci_idx] != (ss_data *)NULL; sci_idx++)
+        ;
+    tmp = (ss_data **) realloc((char *)table,
+                               ((unsigned)sci_idx+2)*size);
+    if (tmp == NULL) {
+        *code_ptr = errno;
+        return 0;
+    }
+    _ss_table = table = tmp;
+    table[sci_idx+1] = (ss_data *) NULL;
+    table[sci_idx] = NULL;
+
+    new_table->subsystem_name = subsystem_name;
+    new_table->subsystem_version = version_string;
+    new_table->argv = (char **)NULL;
+    new_table->current_request = (char *)NULL;
+    new_table->info_dirs = (char **)malloc(sizeof(char *));
+    if (new_table->info_dirs == NULL) {
+        *code_ptr = errno;
+        free(new_table);
+        return 0;
+    }
+    *new_table->info_dirs = (char *)NULL;
+    new_table->info_ptr = info_ptr;
+    if (asprintf(&new_table->prompt, "%s:  ", subsystem_name) < 0) {
+        *code_ptr = errno;
+        free(new_table->info_dirs);
+        free(new_table);
+        return 0;
+    }
+    new_table->abbrev_info = NULL;
+    new_table->flags.escape_disabled = 0;
+    new_table->flags.abbrevs_disabled = 0;
+    new_table->rqt_tables =
+        (ss_request_table **) calloc(2, sizeof(ss_request_table *));
+    if (new_table->rqt_tables == NULL) {
+        *code_ptr = errno;
+        free(new_table->prompt);
+        free(new_table->info_dirs);
+        free(new_table);
+        return 0;
+    }
+    *(new_table->rqt_tables) = request_table_ptr;
+    *(new_table->rqt_tables+1) = (ss_request_table *) NULL;
+    table[sci_idx] = new_table;
+    return(sci_idx);
+}
+
+void
+ss_delete_invocation(sci_idx)
+    int sci_idx;
+{
+    ss_data *t;
+    int ignored_code;
+
+    t = ss_info(sci_idx);
+    free(t->prompt);
+    free(t->rqt_tables);
+    while(t->info_dirs[0] != (char *)NULL)
+        ss_delete_info_dir(sci_idx, t->info_dirs[0], &ignored_code);
+    free(t->info_dirs);
+    free(t);
+}
diff --git a/krb5-1.21.3/src/util/ss/list_rqs.c b/krb5-1.21.3/src/util/ss/list_rqs.c
new file mode 100644
index 00000000..c0882bf9
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/list_rqs.c
@@ -0,0 +1,121 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+#include "copyright.h"
+#include "ss_internal.h"
+#include <signal.h>
+#include <setjmp.h>
+#include <sys/wait.h>
+
+#ifdef lint     /* "lint returns a value which is sometimes ignored" */
+#define DONT_USE(x)     x=x;
+#else /* !lint */
+#define DONT_USE(x)     ;
+#endif /* lint */
+
+static char const twentyfive_spaces[26] =
+    "                         ";
+static char const NL[2] = "\n";
+
+void
+ss_list_requests(argc, argv, sci_idx, info_ptr)
+    int argc;
+    const char * const *argv;
+    int sci_idx;
+#ifdef __STDC__
+    void *info_ptr;
+#else
+    char *info_ptr;
+#endif
+{
+    ss_request_entry *entry;
+    char const *const *name;
+    int spacing;
+    ss_request_table **table;
+
+    char buffer[BUFSIZ];
+    FILE *output;
+    int fd;
+#ifdef POSIX_SIGNALS
+    struct sigaction nsig, osig;
+    sigset_t nmask, omask;
+#else
+    int mask;
+    void (*func)();
+#endif
+#ifndef WAIT_USES_INT
+    union wait waitb;
+#else
+    int waitb;
+#endif
+
+    DONT_USE(argc);
+    DONT_USE(argv);
+
+#ifdef POSIX_SIGNALS
+    sigemptyset(&nmask);
+    sigaddset(&nmask, SIGINT);
+    sigprocmask(SIG_BLOCK, &nmask, &omask);
+
+    nsig.sa_handler = SIG_IGN;
+    sigemptyset(&nsig.sa_mask);
+    nsig.sa_flags = 0;
+    sigaction(SIGINT, &nsig, &osig);
+#else
+    mask = sigblock(sigmask(SIGINT));
+    func = signal(SIGINT, SIG_IGN);
+#endif
+
+    fd = ss_pager_create();     /* FD_CLOEXEC set */
+    output = fdopen(fd, "w");
+
+#ifdef POSIX_SIGNALS
+    sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0);
+#else
+    sigsetmask(mask);
+#endif
+
+    fprintf (output, "Available %s requests:\n\n",
+             ss_info (sci_idx) -> subsystem_name);
+
+    for (table = ss_info(sci_idx)->rqt_tables; *table; table++) {
+        entry = (*table)->requests;
+        for (; entry->command_names; entry++) {
+            spacing = -2;
+            buffer[0] = '\0';
+            if (entry->flags & SS_OPT_DONT_LIST)
+                continue;
+            buffer[sizeof(buffer) - 1] = '\0';
+            for (name = entry->command_names; *name; name++) {
+                int len = strlen(*name);
+                strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer));
+                spacing += len + 2;
+                if (name[1]) {
+                    strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer));
+                }
+            }
+            if (spacing > 23) {
+                strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
+                fputs(buffer, output);
+                spacing = 0;
+                buffer[0] = '\0';
+            }
+            strncat(buffer, twentyfive_spaces, sizeof(buffer) - 1 - (25-spacing));
+            strncpy(buffer + 25, entry->info_string, sizeof(buffer) - 1 - 25);
+            strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
+            fputs(buffer, output);
+        }
+    }
+    fclose(output);
+#ifndef NO_FORK
+    wait(&waitb);
+#endif
+#ifdef POSIX_SIGNALS
+    sigaction(SIGINT, &osig, (struct sigaction *)0);
+#else
+    (void) signal(SIGINT, func);
+#endif
+}
diff --git a/krb5-1.21.3/src/util/ss/listen.c b/krb5-1.21.3/src/util/ss/listen.c
new file mode 100644
index 00000000..fe184754
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/listen.c
@@ -0,0 +1,185 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/ss/listen.c */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+
+#include "copyright.h"
+#include "ss_internal.h"
+#include <stdio.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <termios.h>
+#include <sys/param.h>
+
+#if defined(HAVE_LIBEDIT)
+#include <editline/readline.h>
+#elif defined(HAVE_READLINE)
+#include <readline/readline.h>
+#include <readline/history.h>
+#else
+#define NO_READLINE
+#endif
+
+static ss_data *current_info;
+static jmp_buf listen_jmpb;
+
+#ifdef NO_READLINE
+/* Dumb replacement for readline when we don't have support for a real one. */
+static char *readline(const char *prompt)
+{
+    struct termios termbuf;
+    char input[BUFSIZ];
+
+    /* Make sure we don't buffer anything beyond the line read. */
+    setvbuf(stdin, 0, _IONBF, 0);
+
+    if (tcgetattr(STDIN_FILENO, &termbuf) == 0) {
+        termbuf.c_lflag |= ICANON|ISIG|ECHO;
+        tcsetattr(STDIN_FILENO, TCSANOW, &termbuf);
+    }
+    printf("%s", prompt);
+    fflush(stdout);
+    if (fgets(input, BUFSIZ, stdin) == NULL)
+        return NULL;
+    input[strcspn(input, "\r\n")] = '\0';
+    return strdup(input);
+}
+
+/* No-op replacement for add_history() when we have no readline support. */
+static void add_history(const char *line)
+{
+}
+#endif
+
+static void listen_int_handler(signo)
+    int signo;
+{
+    putc('\n', stdout);
+    longjmp(listen_jmpb, 1);
+}
+
+int ss_listen (sci_idx)
+    int sci_idx;
+{
+    char *cp;
+    ss_data *info;
+    char *input;
+    int code;
+    jmp_buf old_jmpb;
+    ss_data *old_info = current_info;
+#ifdef POSIX_SIGNALS
+    struct sigaction isig, csig, nsig, osig;
+    sigset_t nmask, omask;
+#else
+    void (*sig_cont)();
+    void (*sig_int)(), (*old_sig_cont)();
+    int mask;
+#endif
+
+    current_info = info = ss_info(sci_idx);
+    info->abort = 0;
+
+#ifdef POSIX_SIGNALS
+    csig.sa_handler = (void (*)())0;
+    sigemptyset(&nmask);
+    sigaddset(&nmask, SIGINT);
+    sigprocmask(SIG_BLOCK, &nmask, &omask);
+#else
+    sig_cont = (void (*)())0;
+    mask = sigblock(sigmask(SIGINT));
+#endif
+
+    memcpy(old_jmpb, listen_jmpb, sizeof(jmp_buf));
+
+#ifdef POSIX_SIGNALS
+    nsig.sa_handler = listen_int_handler;
+    sigemptyset(&nsig.sa_mask);
+    nsig.sa_flags = 0;
+    sigaction(SIGINT, &nsig, &isig);
+#else
+    sig_int = signal(SIGINT, listen_int_handler);
+#endif
+
+    setjmp(listen_jmpb);
+
+#ifdef POSIX_SIGNALS
+    sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0);
+#else
+    (void) sigsetmask(mask);
+#endif
+    while(!info->abort) {
+#ifdef POSIX_SIGNALS
+        nsig.sa_handler = listen_int_handler;   /* fgets is not signal-safe */
+        osig = csig;
+        sigaction(SIGCONT, &nsig, &csig);
+        if ((void (*)())csig.sa_handler==(void (*)())listen_int_handler)
+            csig = osig;
+#else
+        old_sig_cont = sig_cont;
+        sig_cont = signal(SIGCONT, listen_int_handler);
+        if (sig_cont == listen_int_handler)
+            sig_cont = old_sig_cont;
+#endif
+
+        input = readline(current_info->prompt);
+        if (input == NULL) {
+            code = SS_ET_EOF;
+            goto egress;
+        }
+        add_history(input);
+
+#ifdef POSIX_SIGNALS
+        sigaction(SIGCONT, &csig, (struct sigaction *)0);
+#else
+        (void) signal(SIGCONT, sig_cont);
+#endif
+
+        code = ss_execute_line (sci_idx, input);
+        if (code == SS_ET_COMMAND_NOT_FOUND) {
+            char *c = input;
+            while (*c == ' ' || *c == '\t')
+                c++;
+            cp = strchr (c, ' ');
+            if (cp)
+                *cp = '\0';
+            cp = strchr (c, '\t');
+            if (cp)
+                *cp = '\0';
+            ss_error (sci_idx, 0,
+                      "Unknown request \"%s\".  Type \"?\" for a request list.",
+                      c);
+        }
+        free(input);
+    }
+    code = 0;
+egress:
+#ifdef POSIX_SIGNALS
+    sigaction(SIGINT, &isig, (struct sigaction *)0);
+#else
+    (void) signal(SIGINT, sig_int);
+#endif
+    memcpy(listen_jmpb, old_jmpb, sizeof(jmp_buf));
+    current_info = old_info;
+    return code;
+}
+
+void ss_abort_subsystem(sci_idx, code)
+    int sci_idx;
+    int code;
+{
+    ss_info(sci_idx)->abort = 1;
+    ss_info(sci_idx)->exit_status = code;
+
+}
+
+void ss_quit(argc, argv, sci_idx, infop)
+    int argc;
+    char const * const *argv;
+    int sci_idx;
+    pointer infop;
+{
+    ss_abort_subsystem(sci_idx, 0);
+}
diff --git a/krb5-1.21.3/src/util/ss/mit-sipb-copyright.h b/krb5-1.21.3/src/util/ss/mit-sipb-copyright.h
new file mode 100644
index 00000000..3a1ddeb0
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/mit-sipb-copyright.h
@@ -0,0 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+
+  Copyright 1987 by the Student Information Processing Board
+  of the Massachusetts Institute of Technology
+
+  Permission to use, copy, modify, and distribute this software
+  and its documentation for any purpose and without fee is
+  hereby granted, provided that the above copyright notice
+  appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation,
+  and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+  used in advertising or publicity pertaining to distribution
+  of the software without specific, written prior permission.
+  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. and the M.I.T. S.I.P.B. make no representations about
+  the suitability of this software for any purpose.  It is
+  provided "as is" without express or implied warranty.
+
+*/
diff --git a/krb5-1.21.3/src/util/ss/mk_cmds.sh b/krb5-1.21.3/src/util/ss/mk_cmds.sh
new file mode 100755
index 00000000..aaf3256b
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/mk_cmds.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+#
+
+DIR=@DIR@
+AWK=@AWK@
+SED=@SED@
+
+set -e
+FILE=$1
+ROOT=`echo $1 | ${SED} -e s/.ct$//`
+BASE=`echo $ROOT | ${SED} -e 's;.*/;;'`
+TMP=ct$$.c
+
+if [ ! -r ${FILE} ] ; then
+	echo mk_cmds: ${FILE} not found
+	exit 1
+fi
+
+${SED} -f ${DIR}/ct_c.sed  ${FILE} \
+	| ${AWK} -f ${DIR}/ct_c.awk rootname=${ROOT} outfile=${TMP} -
+
+if grep "^#__ERROR_IN_FILE" ${TMP} > /dev/null; then
+	rm ${TMP}
+	exit 1
+else
+	mv ${TMP} ${BASE}.c
+	exit 0
+fi
diff --git a/krb5-1.21.3/src/util/ss/pager.c b/krb5-1.21.3/src/util/ss/pager.c
new file mode 100644
index 00000000..3e47ed39
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/pager.c
@@ -0,0 +1,110 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/ss/pager.c - create a "more" running out of a file descriptor */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+
+#include "ss_internal.h"
+#include "copyright.h"
+#include <errno.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/file.h>
+#include <signal.h>
+
+static char MORE[] = "more";
+extern char *_ss_pager_name;
+extern char *getenv();
+
+/*
+ * this needs a *lot* of work....
+ *
+ * run in same process
+ * handle SIGINT sensibly
+ * allow finer control -- put-page-break-here
+ */
+void ss_page_stdin();
+
+#ifndef NO_FORK
+int ss_pager_create()
+{
+    int filedes[2];
+
+    if (pipe(filedes) != 0)
+        return(-1);
+
+    switch((int) fork()) {
+    case -1:
+        return(-1);
+    case 0:
+        /*
+         * Child; dup read half to 0, close all but 0, 1, and 2
+         */
+        if (dup2(filedes[0], 0) == -1)
+            exit(1);
+        ss_page_stdin();
+    default:
+        /*
+         * Parent:  close "read" side of pipe, return
+         * "write" side.
+         */
+        (void) close(filedes[0]);
+        set_cloexec_fd(filedes[1]);
+        return(filedes[1]);
+    }
+}
+#else /* don't fork */
+int ss_pager_create()
+{
+    int fd;
+    fd = open("/dev/tty", O_WRONLY, 0);
+    if (fd >= 0)
+        set_cloexec_fd(fd);
+    return fd;
+}
+#endif
+
+void ss_page_stdin()
+{
+    int i;
+#ifdef POSIX_SIGNALS
+    struct sigaction sa;
+    sigset_t mask;
+#endif
+    for (i = 3; i < 32; i++)
+        (void) close(i);
+#ifdef POSIX_SIGNALS
+    sa.sa_handler = SIG_DFL;
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = 0;
+    sigaction(SIGINT, &sa, (struct sigaction *)0);
+#else
+    (void) signal(SIGINT, SIG_DFL);
+#endif
+    {
+#ifdef POSIX_SIGNALS
+        sigemptyset(&mask);
+        sigaddset(&mask, SIGINT);
+        sigprocmask(SIG_UNBLOCK, &mask, (sigset_t *)0);
+#else
+        int mask = sigblock(0);
+        mask &= ~sigmask(SIGINT);
+        sigsetmask(mask);
+#endif
+    }
+    if (_ss_pager_name == (char *)NULL) {
+        if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL)
+            _ss_pager_name = MORE;
+    }
+    (void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL);
+    {
+        /* minimal recovery if pager program isn't found */
+        char buf[80];
+        int n;
+        while ((n = read(0, buf, 80)) > 0)
+            write(1, buf, (unsigned) n);
+    }
+    exit(errno);
+}
diff --git a/krb5-1.21.3/src/util/ss/parse.c b/krb5-1.21.3/src/util/ss/parse.c
new file mode 100644
index 00000000..78a831bf
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/parse.c
@@ -0,0 +1,171 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 2007 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright info, see copyright.h.
+ */
+
+#include "ss_internal.h"
+#include "copyright.h"
+#include <errno.h>
+
+enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING };
+
+/*
+ * parse(line_ptr, argc_ptr)
+ *
+ * Function:
+ *      Parses line, dividing at whitespace, into tokens, returns
+ *      the "argc" and "argv" values.
+ * Arguments:
+ *      line_ptr (char *)
+ *              Pointer to text string to be parsed.
+ *      argc_ptr (int *)
+ *              Where to put the "argc" (number of tokens) value.
+ * Returns:
+ *      argv (char **)
+ *              Series of pointers to parsed tokens in the original string.
+ */
+
+#define NEW_ARGV(old,n) (char **)realloc((char *)old,                   \
+                                         (unsigned)(n+2)*sizeof(char*))
+
+char **ss_parse (sci_idx, line_ptr, argc_ptr)
+    int sci_idx;
+    char *line_ptr;
+    int *argc_ptr;
+{
+    char **argv, *cp;
+    char **newargv;
+    int argc;
+    enum parse_mode parse_mode;
+
+    argv = (char **) malloc (sizeof(char *));
+    if (argv == (char **)NULL) {
+        ss_error(sci_idx, errno, "Can't allocate storage");
+        *argc_ptr = 0;
+        return(argv);
+    }
+    *argv = (char *)NULL;
+
+    argc = 0;
+
+    parse_mode = WHITESPACE;    /* flushing whitespace */
+    cp = line_ptr;              /* cp is for output */
+    while (1) {
+#ifdef DEBUG
+        {
+            printf ("character `%c', mode %d\n", *line_ptr, parse_mode);
+        }
+#endif
+        while (parse_mode == WHITESPACE) {
+            if (*line_ptr == '\0')
+                goto end_of_line;
+            if (*line_ptr == ' ' || *line_ptr == '\t') {
+                line_ptr++;
+                continue;
+            }
+            if (*line_ptr == '"') {
+                /* go to quoted-string mode */
+                parse_mode = QUOTED_STRING;
+                cp = line_ptr++;
+                newargv = NEW_ARGV (argv, argc);
+                if (newargv == NULL) {
+                out_of_mem_in_argv:
+                    free(argv);
+                    ss_error(sci_idx, errno, "Can't allocate storage");
+                    *argc_ptr = 0;
+                    return NULL;
+                }
+                argv = newargv;
+                argv[argc++] = cp;
+                argv[argc] = NULL;
+            }
+            else {
+                /* random-token mode */
+                parse_mode = TOKEN;
+                cp = line_ptr;
+                newargv = NEW_ARGV (argv, argc);
+                if (newargv == NULL)
+                    goto out_of_mem_in_argv;
+                argv = newargv;
+                argv[argc++] = line_ptr;
+                argv[argc] = NULL;
+            }
+        }
+        while (parse_mode == TOKEN) {
+            if (*line_ptr == '\0') {
+                *cp++ = '\0';
+                goto end_of_line;
+            }
+            else if (*line_ptr == ' ' || *line_ptr == '\t') {
+                *cp++ = '\0';
+                line_ptr++;
+                parse_mode = WHITESPACE;
+            }
+            else if (*line_ptr == '"') {
+                line_ptr++;
+                parse_mode = QUOTED_STRING;
+            }
+            else {
+                *cp++ = *line_ptr++;
+            }
+        }
+        while (parse_mode == QUOTED_STRING) {
+            if (*line_ptr == '\0') {
+                ss_error (sci_idx, 0,
+                          "Unbalanced quotes in command line");
+                free (argv);
+                *argc_ptr = 0;
+                return NULL;
+            }
+            else if (*line_ptr == '"') {
+                if (*++line_ptr == '"') {
+                    *cp++ = '"';
+                    line_ptr++;
+                }
+                else {
+                    parse_mode = TOKEN;
+                }
+            }
+            else {
+                *cp++ = *line_ptr++;
+            }
+        }
+    }
+end_of_line:
+    *argc_ptr = argc;
+#ifdef DEBUG
+    {
+        int i;
+        printf ("argc = %d\n", argc);
+        for (i = 0; i <= argc; i++)
+            printf ("\targv[%2d] = `%s'\n", i,
+                    argv[i] ? argv[i] : "<NULL>");
+    }
+#endif
+    return(argv);
+}
diff --git a/krb5-1.21.3/src/util/ss/prompt.c b/krb5-1.21.3/src/util/ss/prompt.c
new file mode 100644
index 00000000..5aa2ad61
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/prompt.c
@@ -0,0 +1,26 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/ss/prompt.c */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+
+#include "copyright.h"
+#include <stdio.h>
+#include "ss_internal.h"
+
+void
+ss_set_prompt(sci_idx, new_prompt)
+    int sci_idx;
+    char *new_prompt;
+{
+    ss_info(sci_idx)->prompt = new_prompt;
+}
+
+char *
+ss_get_prompt(sci_idx)
+    int sci_idx;
+{
+    return(ss_info(sci_idx)->prompt);
+}
diff --git a/krb5-1.21.3/src/util/ss/request_tbl.c b/krb5-1.21.3/src/util/ss/request_tbl.c
new file mode 100644
index 00000000..03cde1b7
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/request_tbl.c
@@ -0,0 +1,66 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+
+#include "copyright.h"
+#include "ss_internal.h"
+
+#define ssrt ss_request_table   /* for some readable code... */
+
+void
+ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr)
+    int sci_idx;
+    ssrt *rqtbl_ptr;
+    int position;           /* 1 -> becomes second... */
+    int *code_ptr;
+{
+    ss_data *info;
+    int i, size;
+
+    info = ss_info(sci_idx);
+    for (size=0; info->rqt_tables[size] != (ssrt *)NULL; size++)
+        ;
+    /* size == C subscript of NULL == #elements */
+    size += 2;              /* new element, and NULL */
+    info->rqt_tables = (ssrt **)realloc(info->rqt_tables,
+                                        size*sizeof(ssrt *));
+    if (info->rqt_tables == (ssrt **)NULL) {
+        *code_ptr = errno;
+        return;
+    }
+    if (position > size - 2)
+        position = size - 2;
+
+    if (size > 1)
+        for (i = size - 2; i >= position; i--)
+            info->rqt_tables[i+1] = info->rqt_tables[i];
+
+    info->rqt_tables[position] = rqtbl_ptr;
+    info->rqt_tables[size-1] = (ssrt *)NULL;
+    *code_ptr = 0;
+}
+
+void
+ss_delete_request_table(sci_idx, rqtbl_ptr, code_ptr)
+    int sci_idx;
+    ssrt *rqtbl_ptr;
+    int *code_ptr;
+{
+    ss_data *info;
+    ssrt **rt1, **rt2;
+
+    *code_ptr = SS_ET_TABLE_NOT_FOUND;
+    info = ss_info(sci_idx);
+    rt1 = info->rqt_tables;
+    for (rt2 = rt1; *rt1; rt1++) {
+        if (*rt1 != rqtbl_ptr) {
+            *rt2++ = *rt1;
+            *code_ptr = 0;
+        }
+    }
+    *rt2 = (ssrt *)NULL;
+    return;
+}
diff --git a/krb5-1.21.3/src/util/ss/requests.c b/krb5-1.21.3/src/util/ss/requests.c
new file mode 100644
index 00000000..aa6752fa
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/requests.c
@@ -0,0 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/ss/requests.c */
+/*
+ * Copyright 1987, 1988, 1989 by MIT
+ *
+ * For copyright information, see mit-sipb-copyright.h.
+ */
+
+#include <stdio.h>
+#include "ss_internal.h"
+
+#define DECLARE(name)   void name(argc,argv,sci_idx,info_ptr)int argc,sci_idx;const char * const *argv; pointer info_ptr;
+
+/*
+ * ss_self_identify -- assigned by default to the "." request
+ */
+DECLARE(ss_self_identify)
+{
+    ss_data *info = ss_info(sci_idx);
+    printf("%s version %s\n", info->subsystem_name,
+           info->subsystem_version);
+}
+
+/*
+ * ss_subsystem_name -- print name of subsystem
+ */
+DECLARE(ss_subsystem_name)
+{
+    printf("%s\n", ss_info(sci_idx)->subsystem_name);
+}
+
+/*
+ * ss_subsystem_version -- print version of subsystem
+ */
+DECLARE(ss_subsystem_version)
+{
+    printf("%s\n", ss_info(sci_idx)->subsystem_version);
+}
+
+/*
+ * ss_unimplemented -- routine not implemented (should be
+ * set up as (dont_list,dont_summarize))
+ */
+DECLARE(ss_unimplemented)
+{
+    ss_perror(sci_idx, SS_ET_UNIMPLEMENTED, "");
+}
diff --git a/krb5-1.21.3/src/util/ss/ss.h b/krb5-1.21.3/src/util/ss/ss.h
new file mode 100644
index 00000000..38d8974e
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/ss.h
@@ -0,0 +1,72 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see mit-sipb-copyright.h.
+ */
+
+#ifndef _ss_h
+#define _ss_h __FILE__
+
+#include <errno.h>
+#include <ss/ss_err.h>
+
+#ifdef __STDC__
+#define __SS_CONST const
+#define __SS_PROTO (int, const char * const *, int, void *)
+#else
+#define __SS_CONST
+#define __SS_PROTO ()
+#endif
+
+typedef __SS_CONST struct _ss_request_entry {
+    __SS_CONST char * __SS_CONST *command_names; /* whatever */
+    void (* __SS_CONST function) __SS_PROTO; /* foo */
+    __SS_CONST char * __SS_CONST info_string;   /* NULL */
+    int flags;                  /* 0 */
+} ss_request_entry;
+
+typedef __SS_CONST struct _ss_request_table {
+    int version;
+    ss_request_entry *requests;
+} ss_request_table;
+
+#define SS_RQT_TBL_V2   2
+
+typedef struct _ss_rp_options { /* DEFAULT VALUES */
+    int version;                /* SS_RP_V1 */
+    void (*unknown) __SS_PROTO; /* call for unknown command */
+    int allow_suspend;
+    int catch_int;
+} ss_rp_options;
+
+#define SS_RP_V1 1
+
+#define SS_OPT_DONT_LIST        0x0001
+#define SS_OPT_DONT_SUMMARIZE   0x0002
+
+void ss_help __SS_PROTO;
+void ss_list_requests __SS_PROTO;
+void ss_quit __SS_PROTO;
+char *ss_current_request();
+char *ss_name(int);
+void ss_error (int, long, char const *, ...)
+#if !defined(__cplusplus) && (__GNUC__ > 2)
+    __attribute__((__format__(__printf__, 3, 4)))
+#endif
+    ;
+void ss_perror (int, long, char const *);
+int ss_listen (int);
+int ss_create_invocation(char *, char *, char *, ss_request_table *, int *);
+void ss_delete_invocation(int);
+void ss_add_info_dir(int , char *, int *);
+void ss_delete_info_dir(int , char *, int *);
+int ss_execute_command(int sci_idx, char **);
+void ss_abort_subsystem(int, int);
+void ss_set_prompt(int, char *);
+char *ss_get_prompt(int);
+void ss_add_request_table(int, ss_request_table *, int, int *);
+void ss_delete_request_table(int, ss_request_table *, int *);
+int ss_execute_line (int, char*);
+extern ss_request_table ss_std_requests;
+#endif /* _ss_h */
diff --git a/krb5-1.21.3/src/util/ss/ss_err.et b/krb5-1.21.3/src/util/ss/ss_err.et
new file mode 100644
index 00000000..80e9dfa4
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/ss_err.et
@@ -0,0 +1,39 @@
+	error_table ss
+
+ec	SS_ET_SUBSYSTEM_ABORTED,
+	"Subsystem aborted"
+
+ec	SS_ET_VERSION_MISMATCH,
+	"Version mismatch"
+
+ec	SS_ET_NULL_INV,
+	"No current invocation"
+
+ec	SS_ET_NO_INFO_DIR,
+	"No info directory"
+
+ec	SS_ET_COMMAND_NOT_FOUND,
+	"Command not found"
+
+ec	SS_ET_LINE_ABORTED,
+	"Command line aborted"
+
+ec	SS_ET_EOF,
+	"End-of-file reached"
+
+ec	SS_ET_PERMISSION_DENIED,
+	"Permission denied"
+
+ec	SS_ET_TABLE_NOT_FOUND,
+	"Request table not found"
+
+ec	SS_ET_NO_HELP_FILE,
+	"No info available"
+
+ec	SS_ET_ESCAPE_DISABLED,
+	"Shell escapes are disabled"
+
+ec	SS_ET_UNIMPLEMENTED,
+	"Sorry, this request is not yet implemented"
+
+	end
diff --git a/krb5-1.21.3/src/util/ss/ss_internal.h b/krb5-1.21.3/src/util/ss/ss_internal.h
new file mode 100644
index 00000000..1f5ddfff
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/ss_internal.h
@@ -0,0 +1,118 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1987, 1988 by MIT Student Information Processing Board
+ *
+ * For copyright information, see copyright.h.
+ */
+
+#ifndef _ss_ss_internal_h
+#define _ss_ss_internal_h __FILE__
+#include "k5-platform.h"
+#include <unistd.h>
+
+typedef void * pointer;
+
+#include "ss.h"
+
+#if defined(__GNUC__)
+#define LOCAL_ALLOC(x) __builtin_alloca(x)
+#define LOCAL_FREE(x)
+#else
+#if defined(vax)
+#define LOCAL_ALLOC(x) alloca(x)
+#define LOCAL_FREE(x)
+extern pointer alloca (unsigned);
+#else
+#if defined(__HIGHC__)  /* Barf! */
+pragma on(alloca);
+#define LOCAL_ALLOC(x) alloca(x)
+#define LOCAL_FREE(x)
+extern pointer alloca (unsigned);
+#else
+/* no alloca? */
+#define LOCAL_ALLOC(x) malloc(x)
+#define LOCAL_FREE(x) free(x)
+#endif
+#endif
+#endif                          /* LOCAL_ALLOC stuff */
+
+typedef char BOOL;
+
+typedef struct _ss_abbrev_entry {
+    char *name;                 /* abbrev name */
+    char **abbrev;              /* new tokens to insert */
+    unsigned int beginning_of_line : 1;
+} ss_abbrev_entry;
+
+typedef struct _ss_abbrev_list {
+    int n_abbrevs;
+    ss_abbrev_entry *first_abbrev;
+} ss_abbrev_list;
+
+typedef struct {
+/*    char *path; */
+    ss_abbrev_list abbrevs[127];
+} ss_abbrev_info;
+
+typedef struct _ss_data {       /* init values */
+    /* this subsystem */
+    char *subsystem_name;
+    char *subsystem_version;
+    /* current request info */
+    int argc;
+    char **argv;                /* arg list */
+    char const *current_request; /* primary name */
+    /* info directory for 'help' */
+    char **info_dirs;
+    /* to be extracted by subroutines */
+    pointer info_ptr;           /* (void *) NULL */
+    /* for ss_listen processing */
+    char *prompt;
+    ss_request_table **rqt_tables;
+    ss_abbrev_info *abbrev_info;
+    struct {
+        unsigned int  escape_disabled : 1,
+            abbrevs_disabled : 1;
+    } flags;
+    /* to get out */
+    int abort;                  /* exit subsystem */
+    int exit_status;
+} ss_data;
+
+#define CURRENT_SS_VERSION 1
+
+#define ss_info(sci_idx)        (_ss_table[sci_idx])
+#define ss_current_request(sci_idx,code_ptr)            \
+    (*code_ptr=0,ss_info(sci_idx)->current_request)
+void ss_unknown_function();
+void ss_delete_info_dir();
+char **ss_parse (int, char *, int *);
+ss_abbrev_info *ss_abbrev_initialize (char *, int *);
+void ss_page_stdin (void);
+int ss_pager_create (void);
+void ss_self_identify __SS_PROTO;
+void ss_subsystem_name __SS_PROTO;
+void ss_subsystem_version __SS_PROTO;
+void ss_unimplemented __SS_PROTO;
+
+extern ss_data **_ss_table;
+extern char *ss_et_msgs[];
+
+#ifndef HAVE_STDLIB_H
+extern pointer malloc (unsigned);
+extern pointer realloc (pointer, unsigned);
+extern pointer calloc (unsigned, unsigned);
+#endif
+
+#if defined(USE_SIGPROCMASK) && !defined(POSIX_SIGNALS)
+/* fake sigmask, sigblock, sigsetmask */
+#include <signal.h>
+#ifdef sigmask
+#undef sigmask
+#endif
+#define sigmask(x) (1L<<(x)-1)
+#define sigsetmask(x) sigprocmask(SIG_SETMASK,&x,NULL)
+static int _fake_sigstore;
+#define sigblock(x) (_fake_sigstore=x,sigprocmask(SIG_BLOCK,&_fake_sigstore,0))
+#endif
+#endif /* _ss_internal_h */
diff --git a/krb5-1.21.3/src/util/ss/std_rqs.ct b/krb5-1.21.3/src/util/ss/std_rqs.ct
new file mode 100644
index 00000000..500288a0
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/std_rqs.ct
@@ -0,0 +1,46 @@
+	command_table	ss_std_requests;
+
+	request	ss_self_identify, "Identify the subsystem.",
+		".",
+		(dont_list, dont_summarize);
+
+	request	ss_help, "Display info on command or topic.",
+		help;
+
+	unimplemented
+		ss_list_help,
+		"List topics for which help is available.",
+		list_help, lh;
+
+	request	ss_list_requests, "List available commands.",
+		list_requests, lr, "?";
+
+	request	ss_quit, "Leave the subsystem.",
+		quit, q;
+
+	unimplemented
+		ss_abbrev,
+		"Enable/disable abbreviation processing of request lines.",
+		abbrev, ab;
+
+	unimplemented
+		ss_execute,
+		"Execute a UNIX command line.",
+		execute, e;
+
+	unimplemented
+		ss_summarize_requests,
+		"Produce a list of the most commonly used requests.",
+		"?";
+		
+	request	ss_subsystem_name,
+		"Return the name of this subsystem.",
+		subsystem_name,
+		(dont_list);
+
+	request	ss_subsystem_version,
+		"Return the version of this subsystem.",
+		subsystem_version,
+		(dont_list);
+
+	end;
diff --git a/krb5-1.21.3/src/util/ss/test_ss.c b/krb5-1.21.3/src/util/ss/test_ss.c
new file mode 100644
index 00000000..34287b0e
--- /dev/null
+++ b/krb5-1.21.3/src/util/ss/test_ss.c
@@ -0,0 +1,100 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * util/ss/test_ss.c
+ */
+
+
+#include <stdio.h>
+#include "ss.h"
+
+extern ss_request_table test_cmds;
+
+#define TRUE 1
+#define FALSE 0
+
+static char def_subsystem_name[5] = "test";
+static char version [4] = "1.0";
+
+int main(argc, argv)
+    int argc;
+    char **argv;
+{
+    int code;
+    char *argv0 = argv[0];
+    char *initial_request = (char *)NULL;
+    int quit = FALSE;   /* quit after processing request */
+    int sci_idx;
+    char *subsystem_name;
+
+    subsystem_name = def_subsystem_name;
+
+    for (; *argv; ++argv, --argc) {
+        printf("checking arg: %s\n", *argv);
+        if (!strcmp(*argv, "-prompt")) {
+            if (argc == 1) {
+                fprintf(stderr,
+                        "No argument supplied with -prompt\n");
+                exit(1);
+            }
+            argc--; argv++;
+            subsystem_name = *argv;
+        }
+        else if (!strcmp(*argv, "-request") || !strcmp(*argv, "-rq")) {
+            if (argc == 1) {
+                fprintf(stderr,
+                        "No string supplied with -request.\n");
+                exit(1);
+            }
+            argc--; argv++;
+            initial_request = *argv;
+        }
+        else if (!strcmp(*argv, "-quit"))
+            quit = TRUE;
+        else if (!strcmp(*argv, "-no_quit"))
+            quit = FALSE;
+        else if (**argv == '-') {
+            fprintf(stderr, "Unknown control argument %s\n",
+                    *argv);
+            fprintf(stderr,
+                    "Usage: %s [gateway] [ -prompt name ] [ -request name ] [ -quit ]\n",
+                    argv0);
+            exit(1);
+        }
+    }
+
+    sci_idx = ss_create_invocation(subsystem_name, version,
+                                   (char *)NULL, &test_cmds, &code);
+    if (code) {
+        ss_perror(sci_idx, code, "creating invocation");
+        exit(1);
+    }
+
+    (void) ss_add_request_table (sci_idx, &ss_std_requests, 1, &code);
+    if (code) {
+        ss_perror (sci_idx, code, "adding standard requests");
+        exit (1);
+    }
+
+    if (!quit)
+        printf("test version %s.  Type '?' for a list of commands.\n\n",
+               version);
+
+    if (initial_request != (char *)NULL) {
+        code = ss_execute_line(sci_idx, initial_request);
+        if (code != 0)
+            ss_perror(sci_idx, code, initial_request);
+    }
+    if (!quit || code)
+        code =  ss_listen (sci_idx);
+    exit(0);
+}
+
+
+void test_cmd (argc, argv)
+    int argc;
+    char **argv;
+{
+    while (++argv, --argc)
+        fputs(*argv, stdout);
+    putchar ('\n');
+}
diff --git a/krb5-1.21.3/src/util/support/Makefile.in b/krb5-1.21.3/src/util/support/Makefile.in
new file mode 100644
index 00000000..86d5a950
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/Makefile.in
@@ -0,0 +1,279 @@
+mydir=util$(S)support
+BUILDTOP=$(REL)..$(S)..
+RELDIR=../util/support
+
+##DOS##BUILDTOP = ..\..
+##DOS##LIBNAME=$(OUTPRE)k5sprt32.lib
+##DOS##WIN64LIBNAME=$(OUTPRE)k5sprt64.lib
+##DOS##XTRA=
+##DOS##OBJFILE=$(OUTPRE)k5sprt32.lst
+##DOS##WIN64OBJFILE=$(OUTPRE)k5sprt64.lst
+
+SED = sed
+
+LIBBASE=krb5support
+LIBMAJOR=@SUPPORTLIB_MAJOR@
+LIBMINOR=1
+
+LIBINITFUNC=krb5int_thread_support_init @SECURE_GETENV_INIT@
+LIBFINIFUNC=krb5int_thread_support_fini
+
+GETTIMEOFDAY_ST_OBJ= @GETTIMEOFDAY_ST_OBJ@
+GETTIMEOFDAY_OBJ= @GETTIMEOFDAY_OBJ@
+##DOS##GETTIMEOFDAY_ST_OBJ= gettimeofday.o
+##DOS##GETTIMEOFDAY_OBJ= $(OUTPRE)gettimeofday.$(OBJEXT)
+
+MKSTEMP_ST_OBJ= @MKSTEMP_ST_OBJ@
+MKSTEMP_OBJ= @MKSTEMP_OBJ@
+##DOS##MKSTEMP_ST_OBJ= mkstemp.o
+##DOS##MKSTEMP_OBJ= $(OUTPRE)mkstemp.$(OBJEXT)
+
+STRLCPY_ST_OBJ=@STRLCPY_ST_OBJ@
+STRLCPY_OBJ=@STRLCPY_OBJ@
+##DOS##STRLCPY_ST_OBJ= strlcpy.o
+##DOS##STRLCPY_OBJ= $(OUTPRE)strlcpy.$(OBJEXT)
+
+FNMATCH_ST_OBJ= @FNMATCH_ST_OBJ@
+FNMATCH_OBJ= @FNMATCH_OBJ@
+##DOS##FNMATCH_ST_OBJ= fnmatch.o
+##DOS##FNMATCH_OBJ= $(OUTPRE)fnmatch.$(OBJEXT)
+
+PRINTF_ST_OBJ= @PRINTF_ST_OBJ@
+PRINTF_OBJ= @PRINTF_OBJ@
+##DOS##PRINTF_ST_OBJ= printf.o
+##DOS##PRINTF_OBJ= $(OUTPRE)printf.$(OBJEXT)
+
+GETOPT_ST_OBJ= @GETOPT_ST_OBJ@
+GETOPT_OBJ= @GETOPT_OBJ@
+##DOS##GETOPT_ST_OBJ= getopt.o
+##DOS##GETOPT_OBJ= $(OUTPRE)getopt.$(OBJEXT)
+
+GETOPT_LONG_ST_OBJ= @GETOPT_LONG_ST_OBJ@
+GETOPT_LONG_OBJ= @GETOPT_LONG_OBJ@
+##DOS##GETOPT_LONG_ST_OBJ= getopt_long.o
+##DOS##GETOPT_LONG_OBJ= $(OUTPRE)getopt_long.$(OBJEXT)
+
+SECURE_GETENV_ST_OBJ= @SECURE_GETENV_ST_OBJ@
+SECURE_GETENV_OBJ= @SECURE_GETENV_OBJ@
+##DOS##SECURE_GETENV_ST_OBJ=
+##DOS##SECURE_GETENV_OBJ=
+
+IPC_ST_OBJ=
+IPC_OBJ=
+##DOS##IPC_ST_OBJ= ipc_stream.o
+##DOS##IPC_OBJ= $(OUTPRE)ipc_stream.$(OBJEXT)
+IPC_SYMS= \
+	krb5int_ipc_stream_data krb5int_ipc_stream_new \
+	krb5int_ipc_stream_write krb5int_ipc_stream_read \
+	krb5int_ipc_stream_read_int32 krb5int_ipc_stream_write_int32 \
+	krb5int_ipc_stream_read_int64 krb5int_ipc_stream_write_int64 \
+	krb5int_ipc_stream_read_uint32 krb5int_ipc_stream_write_uint32 \
+	krb5int_ipc_stream_read_string krb5int_ipc_stream_write_string \
+	krb5int_ipc_stream_release krb5int_ipc_stream_size \
+	krb5int_ipc_stream_free_string
+
+STLIBOBJS= \
+	threads.o \
+	init-addrinfo.o \
+	plugins.o \
+	errors.o \
+	k5buf.o \
+	gmt_mktime.o \
+	fake-addrinfo.o \
+	utf8.o \
+	utf8_conv.o \
+	zap.o \
+	path.o \
+	base64.o \
+	json.o \
+	hex.o \
+	hashtab.o \
+	bcmp.o \
+	strerror_r.o \
+	dir_filenames.o \
+	$(GETTIMEOFDAY_ST_OBJ) \
+	$(IPC_ST_OBJ) \
+	$(STRLCPY_ST_OBJ) \
+	$(FNMATCH_ST_OBJ) \
+	$(PRINTF_ST_OBJ) \
+	$(MKSTEMP_ST_OBJ) \
+	$(GETOPT_ST_OBJ) \
+	$(GETOPT_LONG_ST_OBJ) \
+	$(SECURE_GETENV_OBJ)
+
+LIBOBJS= \
+	$(OUTPRE)threads.$(OBJEXT) \
+	$(OUTPRE)init-addrinfo.$(OBJEXT) \
+	$(OUTPRE)plugins.$(OBJEXT) \
+	$(OUTPRE)errors.$(OBJEXT) \
+	$(OUTPRE)k5buf.$(OBJEXT) \
+	$(OUTPRE)gmt_mktime.$(OBJEXT) \
+	$(OUTPRE)fake-addrinfo.$(OBJEXT) \
+	$(OUTPRE)utf8.$(OBJEXT) \
+	$(OUTPRE)utf8_conv.$(OBJEXT) \
+	$(OUTPRE)zap.$(OBJEXT) \
+	$(OUTPRE)path.$(OBJEXT) \
+	$(OUTPRE)base64.$(OBJEXT) \
+	$(OUTPRE)json.$(OBJEXT) \
+	$(OUTPRE)hex.$(OBJEXT) \
+	$(OUTPRE)hashtab.$(OBJEXT) \
+	$(OUTPRE)bcmp.$(OBJEXT) \
+	$(OUTPRE)strerror_r.$(OBJEXT) \
+	$(OUTPRE)dir_filenames.$(OBJEXT) \
+	$(GETTIMEOFDAY_OBJ) \
+	$(IPC_OBJ) \
+	$(STRLCPY_OBJ) \
+	$(FNMATCH_OBJ) \
+	$(PRINTF_OBJ) \
+	$(MKSTEMP_OBJ) \
+	$(GETOPT_OBJ) \
+	$(GETOPT_LONG_OBJ) \
+	$(SECURE_GETENV_OBJ)
+
+SRCS=\
+	$(srcdir)/threads.c \
+	$(srcdir)/init-addrinfo.c \
+	$(srcdir)/plugins.c \
+	$(srcdir)/errors.c \
+	$(srcdir)/k5buf.c \
+	$(srcdir)/gmt_mktime.c \
+	$(srcdir)/fake-addrinfo.c \
+	$(srcdir)/utf8.c \
+	$(srcdir)/utf8_conv.c \
+	$(srcdir)/gettimeofday.c \
+	$(srcdir)/strlcpy.c \
+	$(srcdir)/fnmatch.c \
+	$(srcdir)/printf.c \
+	$(srcdir)/mkstemp.c \
+	$(srcdir)/t_k5buf.c \
+	$(srcdir)/t_unal.c \
+	$(srcdir)/t_path.c \
+	$(srcdir)/t_json.c \
+	$(srcdir)/t_hex.c \
+	$(srcdir)/t_hashtab.c \
+	$(srcdir)/zap.c \
+	$(srcdir)/path.c \
+	$(srcdir)/base64.c \
+	$(srcdir)/json.c \
+	$(srcdir)/hex.c \
+	$(srcdir)/hashtab.c \
+	$(srcdir)/bcmp.c \
+	$(srcdir)/strerror_r.c \
+	$(srcdir)/dir_filenames.c \
+	$(srcdir)/t_utf8.c \
+	$(srcdir)/t_utf16.c \
+	$(srcdir)/getopt.c \
+	$(srcdir)/getopt_long.c \
+	$(srcdir)/secure_getenv.c
+
+SHLIB_EXPDEPS =
+# Add -lm if dumping thread stats, for sqrt.
+SHLIB_EXPLIBS= $(LIBS) $(DL_LIB)
+
+DEPLIBS=
+
+#
+all-unix: all-liblinks
+
+install-unix: install-libs
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+##DOS##!if 0
+$(BUILDTOP)/include/autoconf.h: $(top_srcdir)/include/autoconf.h.in
+	(cd $(BUILDTOP)/include; $(MAKE) autoconf.h)
+##DOS##!endif
+
+t_mktime: gmt_mktime.c
+	$(CC) $(ALL_CFLAGS) -DTEST_LEAP -o t_mktime $(srcdir)/gmt_mktime.c
+
+SHLIB_EXPORT_FILE=libkrb5support.exports
+##DOS##all-windows: libkrb5support.exports
+
+EXTRA_SUPPORT_SYMS= @EXTRA_SUPPORT_SYMS@
+##DOS##EXTRA_SUPPORT_SYMS= krb5int_mkstemp krb5int_strlcpy krb5int_strlcat \
+##DOS##		k5_getopt k5_getopt_long \
+##DOS##		krb5int_vasprintf krb5int_asprintf krb5int_gettimeofday $(IPC_SYMS)
+##DOS##DATA_SUPPORT_SYMS= k5_opterr k5_optind k5_optopt k5_optarg
+
+##DOS##!if 0
+libkrb5support.exports: $(srcdir)/libkrb5support-fixed.exports Makefile
+	cat $(srcdir)/libkrb5support-fixed.exports > new-exports
+	for i in $(EXTRA_SUPPORT_SYMS) .; do \
+	  if test "$$i" != .; then echo $$i >> new-exports; else :; fi ; \
+	done
+	$(MV) new-exports libkrb5support.exports
+##DOS##!endif
+##DOS##libkrb5support.exports: libkrb5support-fixed.exports Makefile
+##DOS##	$(CP) libkrb5support-fixed.exports new-exports
+##DOS##	for %%x in ($(EXTRA_SUPPORT_SYMS) .) do if not %%x==. echo %%x >> new-exports
+##DOS##	for %%x in ($(DATA_SUPPORT_SYMS) .) do if not %x==. echo %%x DATA >> new-exports
+##DOS##	$(RM) libkrb5support.exports
+##DOS##	$(MV) new-exports libkrb5support.exports
+
+T_K5BUF_OBJS= t_k5buf.o k5buf.o zap.o $(PRINTF_ST_OBJ)
+
+t_k5buf: $(T_K5BUF_OBJS)
+	$(CC_LINK) -o t_k5buf $(T_K5BUF_OBJS)
+
+t_path: t_path.o path.o $(PRINTF_ST_OBJ)
+	$(CC_LINK) -o $@ t_path.o path.o $(PRINTF_ST_OBJ)
+
+t_path_win: t_path_win.o path_win.o $(PRINTF_ST_OBJ)
+	$(CC_LINK) -o $@ t_path_win.o path_win.o $(PRINTF_ST_OBJ)
+
+t_path_win.o: $(srcdir)/t_path.c
+	$(CC) $(ALL_CFLAGS) -DWINDOWS_PATHS -c $(srcdir)/t_path.c -o $@
+
+path_win.o: $(srcdir)/path.c
+	$(CC) $(ALL_CFLAGS) -DWINDOWS_PATHS -c $(srcdir)/path.c -o $@
+
+t_base64: t_base64.o base64.o
+	$(CC_LINK) -o $@ t_base64.o base64.o
+
+T_JSON_OBJS= t_json.o json.o base64.o k5buf.o zap.o $(PRINTF_ST_OBJ)
+
+t_json: $(T_JSON_OBJS)
+	$(CC_LINK) -o $@ $(T_JSON_OBJS)
+
+t_hex: t_hex.o hex.o
+	$(CC_LINK) -o $@ t_hex.o hex.o
+
+t_hashtab: t_hashtab.o
+	$(CC_LINK) -o $@ t_hashtab.o
+
+t_unal: t_unal.o
+	$(CC_LINK) -o t_unal t_unal.o
+
+t_utf8: t_utf8.o utf8.o
+	$(CC_LINK) -o t_utf8 t_utf8.o utf8.o
+
+T_UTF16_OBJS= t_utf16.o utf8_conv.o utf8.o k5buf.o zap.o $(PRINTF_ST_OBJ)
+
+t_utf16: $(T_UTF16_OBJS)
+	$(CC_LINK) -o $@ $(T_UTF16_OBJS)
+
+TEST_PROGS= t_k5buf t_path t_path_win t_base64 t_json t_hex t_hashtab t_unal \
+	t_utf8 t_utf16
+
+check-unix: $(TEST_PROGS)
+	./t_k5buf
+	./t_path
+	./t_path_win
+	./t_base64
+	./t_json
+	./t_hex
+	./t_hashtab
+	./t_unal
+	./t_utf8
+	./t_utf16
+
+clean:
+	$(RM) t_k5buf.o t_k5buf t_unal.o t_unal path_win.o path_win
+	$(RM) t_path_win.o t_path_win t_path.o t_path t_base64.o t_base64
+	$(RM) t_json.o t_json t_hex.o t_hex t_hashtab.o t_hashtab
+	$(RM) t_utf8.o t_utf8 t_utf16.o t_utf16 libkrb5support.exports
+
+@lib_frag@
+@libobj_frag@
+
diff --git a/krb5-1.21.3/src/util/support/base64.c b/krb5-1.21.3/src/util/support/base64.c
new file mode 100644
index 00000000..e964a389
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/base64.c
@@ -0,0 +1,145 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/base64.c - base64 encoder and decoder */
+/*
+ * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-platform.h>
+#include <k5-base64.h>
+
+static const char base64_chars[] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+char *
+k5_base64_encode(const void *data, size_t len)
+{
+    char *s, *p;
+    size_t i;
+    unsigned int c;
+    const unsigned char *q;
+
+    if (len > SIZE_MAX / 4)
+        return NULL;
+
+    p = s = malloc(len * 4 / 3 + 4);
+    if (p == NULL)
+        return NULL;
+    q = (const unsigned char *)data;
+
+    for (i = 0; i < len;) {
+        c = q[i++];
+        c *= 256;
+        if (i < len)
+            c += q[i];
+        i++;
+        c *= 256;
+        if (i < len)
+            c += q[i];
+        i++;
+        p[0] = base64_chars[(c & 0x00fc0000) >> 18];
+        p[1] = base64_chars[(c & 0x0003f000) >> 12];
+        p[2] = base64_chars[(c & 0x00000fc0) >> 6];
+        p[3] = base64_chars[(c & 0x0000003f) >> 0];
+        if (i > len)
+            p[3] = '=';
+        if (i > len + 1)
+            p[2] = '=';
+        p += 4;
+    }
+    *p = '\0';
+    return s;
+}
+
+#define DECODE_ERROR 0xffffffff
+
+/* Decode token, which must be four bytes long. */
+static unsigned int
+decode_token(const char *token)
+{
+    int i, marker = 0;
+    unsigned int val = 0;
+    const char *p;
+
+    for (i = 0; i < 4; i++) {
+        val *= 64;
+        if (token[i] == '=') {
+            marker++;
+        } else if (marker > 0) {
+            return DECODE_ERROR;
+        } else {
+            p = strchr(base64_chars, token[i]);
+            if (p == NULL)
+                return DECODE_ERROR;
+            val += p - base64_chars;
+        }
+    }
+    if (marker > 2)
+        return DECODE_ERROR;
+    return (marker << 24) | val;
+}
+
+void *
+k5_base64_decode(const char *str, size_t *len_out)
+{
+    unsigned char *data, *q;
+    unsigned int val, marker;
+    size_t len;
+
+    *len_out = SIZE_MAX;
+
+    /* Allocate the output buffer. */
+    len = strlen(str);
+    if (len % 4)
+        return NULL;
+    q = data = malloc(len / 4 * 3);
+    if (data == NULL) {
+        *len_out = 0;
+        return NULL;
+    }
+
+    /* Decode the string. */
+    for (; *str != '\0'; str += 4) {
+        val = decode_token(str);
+        if (val == DECODE_ERROR) {
+            free(data);
+            return NULL;
+        }
+        marker = (val >> 24) & 0xff;
+        *q++ = (val >> 16) & 0xff;
+        if (marker < 2)
+            *q++ = (val >> 8) & 0xff;
+        if (marker < 1)
+            *q++ = val & 0xff;
+    }
+    *len_out = q - data;
+    return data;
+}
diff --git a/krb5-1.21.3/src/util/support/bcmp.c b/krb5-1.21.3/src/util/support/bcmp.c
new file mode 100644
index 00000000..71728a68
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/bcmp.c
@@ -0,0 +1,44 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/bitcmp.c - Constant-time byte comparison function */
+/*
+ * Copyright (C) 2013 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+
+int
+k5_bcmp(const void *p1, const void *p2, size_t n)
+{
+    const unsigned char *c1 = p1, *c2 = p2;
+    unsigned char x = 0;
+
+    for (; n > 0; c1++, c2++, n--)
+        x |= *c1 ^ *c2;
+    return x;
+}
diff --git a/krb5-1.21.3/src/util/support/cache-addrinfo.h b/krb5-1.21.3/src/util/support/cache-addrinfo.h
new file mode 100644
index 00000000..57aa6d4f
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/cache-addrinfo.h
@@ -0,0 +1,131 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+/*
+ * Approach overview:
+ *
+ * If a system version is available but buggy, save handles to it,
+ * redefine the names to refer to static functions defined here, and
+ * in those functions, call the system versions and fix up the
+ * returned data.  Use the native data structures and flag values.
+ *
+ * If no system version exists, use gethostby* and fake it.  Define
+ * the data structures and flag values locally.
+ *
+ *
+ * On macOS, getaddrinfo results aren't cached (though gethostbyname
+ * results are), so we need to build a cache here.  Now things are
+ * getting really messy.  Because the cache is in use, we use
+ * getservbyname, and throw away thread safety.  (Not that the cache
+ * is thread safe, but when we get locking support, that'll be dealt
+ * with.)  This code needs tearing down and rebuilding, soon.
+ *
+ *
+ * Note that recent Windows developers' code has an interesting hack:
+ * When you include the right header files, with the right set of
+ * macros indicating system versions, you'll get an inline function
+ * that looks for getaddrinfo (or whatever) in the system library, and
+ * calls it if it's there.  If it's not there, it fakes it with
+ * gethostby* calls.
+ *
+ * We're taking a simpler approach: A system provides these routines or
+ * it does not.
+ *
+ * Someday, we may want to take into account different versions (say,
+ * different revs of GNU libc) where some are broken in one way, and
+ * some work or are broken in another way.  Cross that bridge when we
+ * come to it.
+ */
+
+/* To do, maybe:
+ *
+ * + For AIX 4.3.3, using the RFC 2133 definition: Implement
+ *   AI_NUMERICHOST.  It's not defined in the header file.
+ *
+ *   For certain (old?) versions of GNU libc, AI_NUMERICHOST is
+ *   defined but not implemented.
+ *
+ * + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
+ *   functions if available.  But, see
+ *   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
+ *   gethostbyname2 problem on Linux.  And besides, if a platform is
+ *   supporting IPv6 at all, they really should be doing getaddrinfo
+ *   by now.
+ *
+ * + inet_ntop, inet_pton
+ *
+ * + Conditionally export/import the function definitions, so a
+ *   library can have a single copy instead of multiple.
+ *
+ * + Upgrade host requirements to include working implementations of
+ *   these functions, and throw all this away.  Pleeease?  :-)
+ */
+
+#include "k5-platform.h"
+#include "k5-thread.h"
+#include "port-sockets.h"
+#include "socket-utils.h"
+#include "fake-addrinfo.h"
+
+#if defined (__APPLE__) && defined (__MACH__) && 0
+#define FAI_CACHE
+#endif
+
+struct face {
+    struct in_addr *addrs4;
+    struct in6_addr *addrs6;
+    unsigned int naddrs4, naddrs6;
+    time_t expiration;
+    char *canonname, *name;
+    struct face *next;
+};
+
+/* fake addrinfo cache */
+struct fac {
+    k5_mutex_t lock;
+    struct face *data;
+};
+
+extern struct fac krb5int_fac;
+
+extern int krb5int_init_fac (void);
+extern void krb5int_fini_fac (void);
diff --git a/krb5-1.21.3/src/util/support/deps b/krb5-1.21.3/src/util/support/deps
new file mode 100644
index 00000000..4b0f71bb
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/deps
@@ -0,0 +1,116 @@
+#
+# Generated makefile dependencies follow.
+#
+threads.so threads.po $(OUTPRE)threads.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cache-addrinfo.h \
+  supp-int.h threads.c
+init-addrinfo.so init-addrinfo.po $(OUTPRE)init-addrinfo.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cache-addrinfo.h init-addrinfo.c
+plugins.so plugins.po $(OUTPRE)plugins.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  plugins.c
+errors.so errors.po $(OUTPRE)errors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h errors.c supp-int.h
+k5buf.so k5buf.po $(OUTPRE)k5buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h k5buf.c
+gmt_mktime.so gmt_mktime.po $(OUTPRE)gmt_mktime.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  gmt_mktime.c
+fake-addrinfo.so fake-addrinfo.po $(OUTPRE)fake-addrinfo.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cache-addrinfo.h fake-addrinfo.c supp-int.h
+utf8.so utf8.po $(OUTPRE)utf8.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-utf8.h supp-int.h utf8.c
+utf8_conv.so utf8_conv.po $(OUTPRE)utf8_conv.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-input.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-utf8.h \
+  supp-int.h utf8_conv.c
+gettimeofday.so gettimeofday.po $(OUTPRE)gettimeofday.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gettimeofday.c
+strlcpy.so strlcpy.po $(OUTPRE)strlcpy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  strlcpy.c
+fnmatch.so fnmatch.po $(OUTPRE)fnmatch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  fnmatch.c
+printf.so printf.po $(OUTPRE)printf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  printf.c
+mkstemp.so mkstemp.po $(OUTPRE)mkstemp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  mkstemp.c
+t_k5buf.so t_k5buf.po $(OUTPRE)t_k5buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h t_k5buf.c
+t_unal.so t_unal.po $(OUTPRE)t_unal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  t_unal.c
+t_path.so t_path.po $(OUTPRE)t_path.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  t_path.c
+t_json.so t_json.po $(OUTPRE)t_json.$(OBJEXT): $(top_srcdir)/include/k5-json.h \
+  t_json.c
+t_hex.so t_hex.po $(OUTPRE)t_hex.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h t_hex.c
+t_hashtab.so t_hashtab.po $(OUTPRE)t_hashtab.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-hashtab.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-queue.h \
+  $(top_srcdir)/include/k5-thread.h hashtab.c t_hashtab.c
+zap.so zap.po $(OUTPRE)zap.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  zap.c
+path.so path.po $(OUTPRE)path.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  path.c
+base64.so base64.po $(OUTPRE)base64.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-base64.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h base64.c
+json.so json.po $(OUTPRE)json.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-base64.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-json.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h json.c
+hex.so hex.po $(OUTPRE)hex.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-hex.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h hex.c
+hashtab.so hashtab.po $(OUTPRE)hashtab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-queue.h $(top_srcdir)/include/k5-thread.h \
+  hashtab.c
+bcmp.so bcmp.po $(OUTPRE)bcmp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  bcmp.c
+strerror_r.so strerror_r.po $(OUTPRE)strerror_r.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h strerror_r.c
+dir_filenames.so dir_filenames.po $(OUTPRE)dir_filenames.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h dir_filenames.c
+t_utf8.so t_utf8.po $(OUTPRE)t_utf8.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-utf8.h t_utf8.c
+t_utf16.so t_utf16.po $(OUTPRE)t_utf16.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-utf8.h t_utf16.c
+getopt.so getopt.po $(OUTPRE)getopt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  getopt.c
+getopt_long.so getopt_long.po $(OUTPRE)getopt_long.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h getopt_long.c
+secure_getenv.so secure_getenv.po $(OUTPRE)secure_getenv.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h secure_getenv.c
diff --git a/krb5-1.21.3/src/util/support/dir_filenames.c b/krb5-1.21.3/src/util/support/dir_filenames.c
new file mode 100644
index 00000000..efcdc7f6
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/dir_filenames.c
@@ -0,0 +1,135 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/dir_filenames.c - fetch filenames in a directory */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+
+void
+k5_free_filenames(char **fnames)
+{
+    char **fn;
+
+    for (fn = fnames; fn != NULL && *fn != NULL; fn++)
+        free(*fn);
+    free(fnames);
+}
+
+/* Resize the filename list and add a name. */
+static int
+add_filename(char ***fnames, int *n_fnames, const char *name)
+{
+    char **newlist;
+
+    newlist = realloc(*fnames, (*n_fnames + 2) * sizeof(*newlist));
+    if (newlist == NULL)
+        return ENOMEM;
+    *fnames = newlist;
+    newlist[*n_fnames] = strdup(name);
+    if (newlist[*n_fnames] == NULL)
+        return ENOMEM;
+    (*n_fnames)++;
+    newlist[*n_fnames] = NULL;
+    return 0;
+}
+
+static int
+compare_with_strcmp(const void *a, const void *b)
+{
+    return strcmp(*(char **)a, *(char **)b);
+}
+
+#ifdef _WIN32
+
+int
+k5_dir_filenames(const char *dirname, char ***fnames_out)
+{
+    char *wildcard;
+    WIN32_FIND_DATA ffd;
+    HANDLE handle;
+    char **fnames = NULL;
+    int n_fnames = 0;
+
+    *fnames_out = NULL;
+
+    if (asprintf(&wildcard, "%s\\*", dirname) < 0)
+        return ENOMEM;
+    handle = FindFirstFile(wildcard, &ffd);
+    free(wildcard);
+    if (handle == INVALID_HANDLE_VALUE)
+        return ENOENT;
+
+    do {
+        if (add_filename(&fnames, &n_fnames, ffd.cFileName) != 0) {
+            k5_free_filenames(fnames);
+            FindClose(handle);
+            return ENOMEM;
+        }
+    } while (FindNextFile(handle, &ffd) != 0);
+
+    FindClose(handle);
+    qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
+    *fnames_out = fnames;
+    return 0;
+}
+
+#else /* _WIN32 */
+
+#include <dirent.h>
+
+int
+k5_dir_filenames(const char *dirname, char ***fnames_out)
+{
+    DIR *dir;
+    struct dirent *ent;
+    char **fnames = NULL;
+    int n_fnames = 0;
+
+    *fnames_out = NULL;
+
+    dir = opendir(dirname);
+    if (dir == NULL)
+        return ENOENT;
+
+    while ((ent = readdir(dir)) != NULL) {
+        if (add_filename(&fnames, &n_fnames, ent->d_name) != 0) {
+            k5_free_filenames(fnames);
+            closedir(dir);
+            return ENOMEM;
+        }
+    }
+
+    closedir(dir);
+    qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
+    *fnames_out = fnames;
+    return 0;
+}
+
+#endif /* not _WIN32 */
diff --git a/krb5-1.21.3/src/util/support/errors.c b/krb5-1.21.3/src/util/support/errors.c
new file mode 100644
index 00000000..f8bea07a
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/errors.c
@@ -0,0 +1,122 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Can't include krb5.h here, or k5-int.h which includes it, because krb5.h
+ * needs to be generated with error tables, after util/et, which builds after
+ * this directory.
+ */
+#include "k5-platform.h"
+#include "k5-err.h"
+#include "k5-thread.h"
+#include "supp-int.h"
+
+/*
+ * It would be nice to just use error_message() always.  Pity that it's defined
+ * in a library that depends on this one, and we're not allowed to make
+ * circular dependencies.
+ */
+/*
+ * We really want a rwlock here, since we should hold it while calling the
+ * function and copying out its results.  But I haven't implemented shims for
+ * rwlock yet.
+ */
+static k5_mutex_t krb5int_error_info_support_mutex =
+    K5_MUTEX_PARTIAL_INITIALIZER;
+static const char *(KRB5_CALLCONV *fptr)(long); /* = &error_message */
+
+/* Fallback error message if we cannot allocate a copy of the real one. */
+static char *oom_msg = "Out of memory";
+
+int
+krb5int_err_init (void)
+{
+    return k5_mutex_finish_init(&krb5int_error_info_support_mutex);
+}
+#define initialize()    krb5int_call_thread_support_init()
+#define lock()          k5_mutex_lock(&krb5int_error_info_support_mutex)
+#define unlock()        k5_mutex_unlock(&krb5int_error_info_support_mutex)
+
+void
+k5_set_error(struct errinfo *ep, long code, const char *fmt, ...)
+{
+    va_list args;
+
+    va_start(args, fmt);
+    k5_vset_error(ep, code, fmt, args);
+    va_end(args);
+}
+
+void
+k5_vset_error(struct errinfo *ep, long code, const char *fmt, va_list args)
+{
+    char *str;
+
+    k5_clear_error(ep);
+    ep->code = code;
+
+    if (vasprintf(&str, fmt, args) < 0)
+        return;
+    ep->msg = str;
+}
+
+static inline const char *
+oom_check(const char *str)
+{
+    return (str == NULL) ? oom_msg : str;
+}
+
+const char *
+k5_get_error(struct errinfo *ep, long code)
+{
+    const char *r;
+    char buf[128];
+
+    if (code == ep->code && ep->msg != NULL)
+        return oom_check(strdup(ep->msg));
+
+    if (initialize())
+        return oom_check(strdup(_("Kerberos library initialization failure")));
+
+    lock();
+    if (fptr == NULL) {
+        /* Should be rare; fptr should be set whenever libkrb5 is loaded. */
+        unlock();
+        return oom_check(strdup(_("Error code translation unavailable")));
+    }
+    r = fptr(code);
+#ifndef HAVE_COM_ERR_INTL
+    /* Translate com_err results here if libcom_err won't do it. */
+    r = _(r);
+#endif
+    if (r == NULL) {
+        unlock();
+        snprintf(buf, sizeof(buf), _("error %ld"), code);
+        return oom_check(strdup(buf));
+    }
+
+    r = strdup(r);
+    unlock();
+    return oom_check(r);
+}
+
+void
+k5_free_error(struct errinfo *ep, const char *msg)
+{
+    if (msg != oom_msg)
+        free((char *)msg);
+}
+
+void
+k5_clear_error(struct errinfo *ep)
+{
+    k5_free_error(ep, ep->msg);
+    ep->msg = NULL;
+}
+
+void
+k5_set_error_info_callout_fn(const char *(KRB5_CALLCONV *f)(long))
+{
+    initialize();
+    lock();
+    fptr = f;
+    unlock();
+}
diff --git a/krb5-1.21.3/src/util/support/fake-addrinfo.c b/krb5-1.21.3/src/util/support/fake-addrinfo.c
new file mode 100644
index 00000000..480456ad
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/fake-addrinfo.c
@@ -0,0 +1,1343 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2001,2002,2003,2004,2005,2006 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+/*
+ * Approach overview:
+ *
+ * If a system version is available but buggy, save handles to it,
+ * redefine the names to refer to static functions defined here, and
+ * in those functions, call the system versions and fix up the
+ * returned data.  Use the native data structures and flag values.
+ *
+ * If no system version exists, use gethostby* and fake it.  Define
+ * the data structures and flag values locally.
+ *
+ *
+ * On macOS, getaddrinfo results aren't cached (though
+ * gethostbyname results are), so we need to build a cache here.  Now
+ * things are getting really messy.  Because the cache is in use, we
+ * use getservbyname, and throw away thread safety.  (Not that the
+ * cache is thread safe, but when we get locking support, that'll be
+ * dealt with.)  This code needs tearing down and rebuilding, soon.
+ *
+ *
+ * Note that recent Windows developers' code has an interesting hack:
+ * When you include the right header files, with the right set of
+ * macros indicating system versions, you'll get an inline function
+ * that looks for getaddrinfo (or whatever) in the system library, and
+ * calls it if it's there.  If it's not there, it fakes it with
+ * gethostby* calls.
+ *
+ * We're taking a simpler approach: A system provides these routines or
+ * it does not.
+ *
+ * Someday, we may want to take into account different versions (say,
+ * different revs of GNU libc) where some are broken in one way, and
+ * some work or are broken in another way.  Cross that bridge when we
+ * come to it.
+ */
+
+/*
+ * To do, maybe:
+ *
+ * + For AIX 4.3.3, using the RFC 2133 definition: Implement
+ *   AI_NUMERICHOST.  It's not defined in the header file.
+ *
+ *   For certain (old?) versions of GNU libc, AI_NUMERICHOST is
+ *   defined but not implemented.
+ *
+ * + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
+ *   functions if available.  But, see
+ *   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
+ *   gethostbyname2 problem on Linux.  And besides, if a platform is
+ *   supporting IPv6 at all, they really should be doing getaddrinfo
+ *   by now.
+ *
+ * + inet_ntop, inet_pton
+ *
+ * + Conditionally export/import the function definitions, so a
+ *   library can have a single copy instead of multiple.
+ *
+ * + Upgrade host requirements to include working implementations of
+ *   these functions, and throw all this away.  Pleeease?  :-)
+ */
+
+#include "k5-platform.h"
+#include "k5-thread.h"
+#include "port-sockets.h"
+#include "socket-utils.h"
+#include "supp-int.h"
+
+#define IMPLEMENT_FAKE_GETADDRINFO
+#include "fake-addrinfo.h"
+
+#ifdef S_SPLINT_S
+/*@-incondefs@*/
+extern int
+getaddrinfo (/*@in@*/ /*@null@*/ const char *,
+             /*@in@*/ /*@null@*/ const char *,
+             /*@in@*/ /*@null@*/ const struct addrinfo *,
+             /*@out@*/ struct addrinfo **)
+    ;
+extern void
+freeaddrinfo (/*@only@*/ /*@out@*/ struct addrinfo *)
+    ;
+extern int
+getnameinfo (const struct sockaddr *addr, socklen_t addrsz,
+             /*@out@*/ /*@null@*/ char *h, socklen_t hsz,
+             /*@out@*/ /*@null@*/ char *s, socklen_t ssz,
+             int flags)
+/*@requires (maxSet(h)+1) >= hsz /\ (maxSet(s)+1) >= ssz @*/
+/* too hard: maxRead(addr) >= (addrsz-1) */
+    /*@modifies *h, *s@*/;
+extern /*@dependent@*/ char *gai_strerror (int code) /*@*/;
+/*@=incondefs@*/
+#endif
+
+
+#include "cache-addrinfo.h"
+
+#if (defined (__linux__) && defined(HAVE_GETADDRINFO)) || defined (_AIX)
+/* See comments below.  */
+#  define WRAP_GETADDRINFO
+#endif
+
+#if defined (__linux__) && defined(HAVE_GETADDRINFO)
+/* Define COPY_FIRST_CANONNAME for glibc 2.3 and prior. */
+#include <features.h>
+# ifdef __GLIBC_PREREQ
+#  if ! __GLIBC_PREREQ(2, 4)
+#   define COPY_FIRST_CANONNAME
+#  endif
+# else
+#   define COPY_FIRST_CANONNAME
+# endif
+#endif
+
+#ifdef _AIX
+# define NUMERIC_SERVICE_BROKEN
+# define COPY_FIRST_CANONNAME
+#endif
+
+
+#ifdef COPY_FIRST_CANONNAME
+# include <string.h>
+#endif
+
+#ifdef NUMERIC_SERVICE_BROKEN
+# include <ctype.h>             /* isdigit */
+# include <stdlib.h>            /* strtoul */
+#endif
+
+
+/* Do we actually have *any* systems we care about that don't provide
+   either getaddrinfo or one of these two flavors of
+   gethostbyname_r?  */
+#if !defined(HAVE_GETHOSTBYNAME_R) || defined(THREADSAFE_GETHOSTBYNAME)
+typedef struct hostent *GET_HOST_TMP;
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                            \
+    { TMP = gethostbyname (NAME); (ERR) = h_errno; (HP) = TMP; }
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP)           \
+    { TMP = gethostbyaddr ((ADDR), (ADDRLEN), (FAMILY)); (ERR) = h_errno; (HP) = TMP; }
+#else
+#ifdef _AIX /* XXX should have a feature test! */
+typedef struct {
+    struct hostent ent;
+    struct hostent_data data;
+} GET_HOST_TMP;
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                    \
+    {                                                           \
+        (HP) = (gethostbyname_r((NAME), &TMP.ent, &TMP.data)    \
+                ? 0                                             \
+                : &TMP.ent);                                    \
+        (ERR) = h_errno;                                        \
+    }
+/*
+  #define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \
+  {                                                                     \
+  struct hostent my_h_ent;                                      \
+  struct hostent_data my_h_ent_data;                            \
+  (HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent,       \
+  &my_h_ent_data)                               \
+  ? 0                                                   \
+  : &my_h_ent);                                         \
+  (ERR) = my_h_err;                                             \
+  }
+*/
+#else
+#ifdef GETHOSTBYNAME_R_RETURNS_INT
+typedef struct {
+    struct hostent ent;
+    char buf[8192];
+} GET_HOST_TMP;
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                            \
+    {                                                                   \
+        struct hostent *my_hp = NULL;                                   \
+        int my_h_err, my_ret;                                           \
+        my_ret = gethostbyname_r((NAME), &TMP.ent,                      \
+                                 TMP.buf, sizeof (TMP.buf), &my_hp,     \
+                                 &my_h_err);                            \
+        (HP) = (((my_ret != 0) || (my_hp != &TMP.ent))                  \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_h_err;                                               \
+    }
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP)           \
+    {                                                                   \
+        struct hostent *my_hp;                                          \
+        int my_h_err, my_ret;                                           \
+        my_ret = gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &TMP.ent, \
+                                 TMP.buf, sizeof (TMP.buf), &my_hp,     \
+                                 &my_h_err);                            \
+        (HP) = (((my_ret != 0) || (my_hp != &TMP.ent))                  \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_h_err;                                               \
+    }
+#else
+typedef struct {
+    struct hostent ent;
+    char buf[8192];
+} GET_HOST_TMP;
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                            \
+    {                                                                   \
+        int my_h_err;                                                   \
+        (HP) = gethostbyname_r((NAME), &TMP.ent,                        \
+                               TMP.buf, sizeof (TMP.buf), &my_h_err);   \
+        (ERR) = my_h_err;                                               \
+    }
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP)           \
+    {                                                                   \
+        int my_h_err;                                                   \
+        (HP) = gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &TMP.ent,   \
+                               TMP.buf, sizeof (TMP.buf), &my_h_err);   \
+        (ERR) = my_h_err;                                               \
+    }
+#endif /* returns int? */
+#endif /* _AIX */
+#endif
+
+/* Now do the same for getservby* functions.  */
+#ifndef HAVE_GETSERVBYNAME_R
+typedef struct servent *GET_SERV_TMP;
+#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP)                     \
+    (TMP = getservbyname (NAME, PROTO), (SP) = TMP, (ERR) = (SP) ? 0 : -1)
+#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP)                     \
+    (TMP = getservbyport (PORT, PROTO), (SP) = TMP, (ERR) = (SP) ? 0 : -1)
+#else
+#ifdef GETSERVBYNAME_R_RETURNS_INT
+typedef struct {
+    struct servent ent;
+    char buf[8192];
+} GET_SERV_TMP;
+#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP)                     \
+    {                                                                   \
+        struct servent *my_sp;                                          \
+        int my_s_err;                                                   \
+        (SP) = (getservbyname_r((NAME), (PROTO), &TMP.ent,              \
+                                TMP.buf, sizeof (TMP.buf), &my_sp,      \
+                                &my_s_err)                              \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_s_err;                                               \
+    }
+#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP)                     \
+    {                                                                   \
+        struct servent *my_sp;                                          \
+        int my_s_err;                                                   \
+        (SP) = (getservbyport_r((PORT), (PROTO), &TMP.ent,              \
+                                TMP.buf, sizeof (TMP.buf), &my_sp,      \
+                                &my_s_err)                              \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_s_err;                                               \
+    }
+#else
+/* returns ptr -- IRIX? */
+typedef struct {
+    struct servent ent;
+    char buf[8192];
+} GET_SERV_TMP;
+#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP)             \
+    {                                                           \
+        (SP) = getservbyname_r((NAME), (PROTO), &TMP.ent,       \
+                               TMP.buf, sizeof (TMP.buf));      \
+        (ERR) = (SP) == NULL;                                   \
+    }
+
+#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP)             \
+    {                                                           \
+        struct servent *my_sp;                                  \
+        my_sp = getservbyport_r((PORT), (PROTO), &TMP.ent,      \
+                                TMP.buf, sizeof (TMP.buf));     \
+        (SP) = my_sp;                                           \
+        (ERR) = my_sp == 0;                                     \
+        (ERR) = (ERR);  /* avoid "unused" warning */            \
+    }
+#endif
+#endif
+
+#if defined(WRAP_GETADDRINFO) || defined(FAI_CACHE)
+static inline int
+system_getaddrinfo (const char *name, const char *serv,
+                    const struct addrinfo *hint,
+                    struct addrinfo **res)
+{
+    return getaddrinfo(name, serv, hint, res);
+}
+
+static inline void
+system_freeaddrinfo (struct addrinfo *ai)
+{
+    freeaddrinfo(ai);
+}
+
+#endif
+
+#if !defined (HAVE_GETADDRINFO) || defined(WRAP_GETADDRINFO) || defined(FAI_CACHE)
+
+#undef  getaddrinfo
+#define getaddrinfo     my_fake_getaddrinfo
+#undef  freeaddrinfo
+#define freeaddrinfo    my_fake_freeaddrinfo
+
+#endif
+
+#if !defined (HAVE_GETADDRINFO)
+
+#undef  gai_strerror
+#define gai_strerror    my_fake_gai_strerror
+
+#endif /* ! HAVE_GETADDRINFO */
+
+#if (!defined (HAVE_GETADDRINFO) || defined (WRAP_GETADDRINFO)) && defined(DEBUG_ADDRINFO)
+/* Some debug routines.  */
+
+static const char *protoname (int p, char *buf, size_t bufsize) {
+#define X(N) if (p == IPPROTO_ ## N) return #N
+
+    X(TCP);
+    X(UDP);
+    X(ICMP);
+    X(IPV6);
+#ifdef IPPROTO_GRE
+    X(GRE);
+#endif
+    X(NONE);
+    X(RAW);
+#ifdef IPPROTO_COMP
+    X(COMP);
+#endif
+#ifdef IPPROTO_IGMP
+    X(IGMP);
+#endif
+
+    snprintf(buf, bufsize, " %-2d", p);
+    return buf;
+}
+
+static const char *socktypename (int t, char *buf, size_t bufsize) {
+    switch (t) {
+    case SOCK_DGRAM: return "DGRAM";
+    case SOCK_STREAM: return "STREAM";
+    case SOCK_RAW: return "RAW";
+    case SOCK_RDM: return "RDM";
+    case SOCK_SEQPACKET: return "SEQPACKET";
+    }
+    snprintf(buf, bufsize, " %-2d", t);
+    return buf;
+}
+
+static const char *familyname (int f, char *buf, size_t bufsize) {
+    switch (f) {
+    default:
+        snprintf(buf, bufsize, "AF %d", f);
+        return buf;
+    case AF_INET: return "AF_INET";
+    case AF_INET6: return "AF_INET6";
+#ifdef AF_UNIX
+    case AF_UNIX: return "AF_UNIX";
+#endif
+    }
+}
+
+static void debug_dump_getaddrinfo_args (const char *name, const char *serv,
+                                         const struct addrinfo *hint)
+{
+    const char *sep;
+    fprintf(stderr,
+            "getaddrinfo(hostname %s, service %s,\n"
+            "            hints { ",
+            name ? name : "(null)", serv ? serv : "(null)");
+    if (hint) {
+        char buf[30];
+        sep = "";
+#define Z(FLAG) if (hint->ai_flags & AI_##FLAG) fprintf(stderr, "%s%s", sep, #FLAG), sep = "|"
+        Z(CANONNAME);
+        Z(PASSIVE);
+#ifdef AI_NUMERICHOST
+        Z(NUMERICHOST);
+#endif
+        if (sep[0] == 0)
+            fprintf(stderr, "no-flags");
+        if (hint->ai_family)
+            fprintf(stderr, " %s", familyname(hint->ai_family, buf,
+                                              sizeof(buf)));
+        if (hint->ai_socktype)
+            fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf,
+                                                     sizeof(buf)));
+        if (hint->ai_protocol)
+            fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf,
+                                                     sizeof(buf)));
+    } else
+        fprintf(stderr, "(null)");
+    fprintf(stderr, " }):\n");
+}
+
+static void debug_dump_error (int err)
+{
+    fprintf(stderr, "error %d: %s\n", err, gai_strerror(err));
+}
+
+static void debug_dump_addrinfos (const struct addrinfo *ai)
+{
+    int count = 0;
+    char buf[10];
+    fprintf(stderr, "addrinfos returned:\n");
+    while (ai) {
+        fprintf(stderr, "%p...", ai);
+        fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf,
+                                                     sizeof(buf)));
+        fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf,
+                                                    sizeof(buf)));
+        if (ai->ai_family != ai->ai_addr->sa_family)
+            fprintf(stderr, " sa_family=%s",
+                    familyname(ai->ai_addr->sa_family, buf, sizeof(buf)));
+        fprintf(stderr, "\n");
+        ai = ai->ai_next;
+        count++;
+    }
+    fprintf(stderr, "end addrinfos returned (%d)\n");
+}
+
+#endif
+
+#if !defined (HAVE_GETADDRINFO) || defined (WRAP_GETADDRINFO)
+
+static
+int getaddrinfo (const char *name, const char *serv,
+                 const struct addrinfo *hint, struct addrinfo **result);
+
+static
+void freeaddrinfo (struct addrinfo *ai);
+
+#endif
+
+#if !defined (HAVE_GETADDRINFO)
+
+#define HAVE_FAKE_GETADDRINFO /* was not originally HAVE_GETADDRINFO */
+#define HAVE_GETADDRINFO
+#define NEED_FAKE_GETNAMEINFO
+#undef  HAVE_GETNAMEINFO
+#define HAVE_GETNAMEINFO 1
+
+#undef  getnameinfo
+#define getnameinfo     my_fake_getnameinfo
+
+static
+char *gai_strerror (int code);
+
+#endif
+
+#if !defined (HAVE_GETADDRINFO)
+static
+int getnameinfo (const struct sockaddr *addr, socklen_t len,
+                 char *host, socklen_t hostlen,
+                 char *service, socklen_t servicelen,
+                 int flags);
+#endif
+
+/* Fudge things on older gai implementations.  */
+/* AIX 4.3.3 is based on RFC 2133; no AI_NUMERICHOST.  */
+#ifndef AI_NUMERICHOST
+# define AI_NUMERICHOST 0
+#endif
+/* Partial RFC 2553 implementations may not have AI_ADDRCONFIG and
+   friends, which RFC 3493 says are now part of the getaddrinfo
+   interface, and we'll want to use.  */
+#ifndef AI_ADDRCONFIG
+# define AI_ADDRCONFIG 0
+#endif
+#ifndef AI_V4MAPPED
+# define AI_V4MAPPED 0
+#endif
+#ifndef AI_ALL
+# define AI_ALL 0
+#endif
+#ifndef AI_DEFAULT
+# define AI_DEFAULT (AI_ADDRCONFIG|AI_V4MAPPED)
+#endif
+
+#if defined(HAVE_FAKE_GETADDRINFO) || defined(FAI_CACHE)
+#define NEED_FAKE_GETADDRINFO
+#endif
+
+#if defined(NEED_FAKE_GETADDRINFO) || defined(WRAP_GETADDRINFO)
+#include <stdlib.h>
+#endif
+
+#ifdef NEED_FAKE_GETADDRINFO
+#include <string.h> /* for strspn */
+
+static inline int translate_h_errno (int h);
+
+static inline int fai_add_entry (struct addrinfo **result, void *addr,
+                                 int port, const struct addrinfo *template)
+{
+    struct addrinfo *n = malloc (sizeof (struct addrinfo));
+    if (n == 0)
+        return EAI_MEMORY;
+    if (template->ai_family != AF_INET
+        && template->ai_family != AF_INET6
+    )
+        return EAI_FAMILY;
+    *n = *template;
+    if (template->ai_family == AF_INET) {
+        struct sockaddr_in *sin4;
+        sin4 = malloc (sizeof (struct sockaddr_in));
+        if (sin4 == 0)
+            return EAI_MEMORY;
+        memset (sin4, 0, sizeof (struct sockaddr_in)); /* for sin_zero */
+        n->ai_addr = (struct sockaddr *) sin4;
+        sin4->sin_family = AF_INET;
+        sin4->sin_addr = *(struct in_addr *)addr;
+        sin4->sin_port = port;
+    }
+    if (template->ai_family == AF_INET6) {
+        struct sockaddr_in6 *sin6;
+        sin6 = malloc (sizeof (struct sockaddr_in6));
+        if (sin6 == 0)
+            return EAI_MEMORY;
+        memset (sin6, 0, sizeof (struct sockaddr_in6)); /* for sin_zero */
+        n->ai_addr = (struct sockaddr *) sin6;
+        sin6->sin6_family = AF_INET6;
+        sin6->sin6_addr = *(struct in6_addr *)addr;
+        sin6->sin6_port = port;
+    }
+    n->ai_next = *result;
+    *result = n;
+    return 0;
+}
+
+#ifdef FAI_CACHE
+/* fake addrinfo cache entries */
+#define CACHE_ENTRY_LIFETIME    15 /* seconds */
+
+static void plant_face (const char *name, struct face *entry)
+{
+    entry->name = strdup(name);
+    if (entry->name == NULL)
+        /* @@ Wastes memory.  */
+        return;
+    k5_mutex_assert_locked(&krb5int_fac.lock);
+    entry->next = krb5int_fac.data;
+    entry->expiration = time(0) + CACHE_ENTRY_LIFETIME;
+    krb5int_fac.data = entry;
+#ifdef DEBUG_ADDRINFO
+    printf("added cache entry '%s' at %p: %d ipv4, %d ipv6; expire %d\n",
+           name, entry, entry->naddrs4, entry->naddrs6, entry->expiration);
+#endif
+}
+
+static int find_face (const char *name, struct face **entry)
+{
+    struct face *fp, **fpp;
+    time_t now = time(0);
+
+    /* First, scan for expired entries and free them.
+       (Future improvement: Integrate these two loops.)  */
+#ifdef DEBUG_ADDRINFO
+    printf("scanning cache at %d for '%s'...\n", now, name);
+#endif
+    k5_mutex_assert_locked(&krb5int_fac.lock);
+    for (fpp = &krb5int_fac.data; *fpp; ) {
+        fp = *fpp;
+#ifdef DEBUG_ADDRINFO
+        printf("  checking expiration time of @%p: %d\n",
+               fp, fp->expiration);
+#endif
+        if (fp->expiration < now) {
+#ifdef DEBUG_ADDRINFO
+            printf("\texpiring cache entry\n");
+#endif
+            free(fp->name);
+            free(fp->canonname);
+            free(fp->addrs4);
+            free(fp->addrs6);
+            *fpp = fp->next;
+            free(fp);
+            /* Stay at this point in the list, and check again.  */
+        } else
+            /* Move forward.  */
+            fpp = &(*fpp)->next;
+    }
+
+    for (fp = krb5int_fac.data; fp; fp = fp->next) {
+#ifdef DEBUG_ADDRINFO
+        printf("  comparing entry @%p\n", fp);
+#endif
+        if (!strcasecmp(fp->name, name)) {
+#ifdef DEBUG_ADDRINFO
+            printf("\tMATCH!\n");
+#endif
+            *entry = fp;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+#endif
+
+#ifdef FAI_CACHE
+static int krb5int_lock_fac(void), krb5int_unlock_fac(void);
+#endif
+
+static inline int fai_add_hosts_by_name (const char *name,
+                                         struct addrinfo *template,
+                                         int portnum, int flags,
+                                         struct addrinfo **result)
+{
+#ifdef FAI_CACHE
+
+    struct face *ce;
+    int i, r, err;
+
+    err = krb5int_lock_fac();
+    if (err) {
+        errno = err;
+        return EAI_SYSTEM;
+    }
+    if (!find_face(name, &ce)) {
+        struct addrinfo myhints = { 0 }, *ai, *ai2;
+        int i4, i6, aierr;
+
+#ifdef DEBUG_ADDRINFO
+        printf("looking up new data for '%s'...\n", name);
+#endif
+        myhints.ai_socktype = SOCK_STREAM;
+        myhints.ai_flags = AI_CANONNAME;
+        /* Don't set ai_family -- we want to cache all address types,
+           because the next lookup may not use the same constraints as
+           the current one.  We *could* cache them separately, so that
+           we never have to look up an IPv6 address if we are always
+           asked for IPv4 only, but let's deal with that later, if we
+           have to.  */
+        /* Try NULL for the service for now.
+
+           It would be nice to use the requested service name, and not
+           have to patch things up, but then we'd be doing multiple
+           queries for the same host when we get different services.
+           We were using "telnet" for a little more confidence that
+           getaddrinfo would heed the hints to only give us stream
+           socket types (with no socket type and null service name, we
+           might get stream *and* dgram *and* raw, for each address,
+           or only raw).  The RFC 3493 description of ai_socktype
+           sometimes associates it with the specified service,
+           sometimes not.
+
+           But on macOS (10.3, 10.4) they've "extended" getaddrinfo
+           to make SRV RR queries.  (Please, somebody, show me
+           something in the specs that actually supports this?  RFC
+           3493 says nothing about it, but it does say getaddrinfo is
+           the new way to look up hostnames.  RFC 2782 says SRV
+           records should *not* be used unless the application
+           protocol spec says to do so.  The Telnet spec does not say
+           to do it.)  And then they complain when our code
+           "unexpectedly" seems to use this "extension" in cases where
+           they don't want it to be used.
+
+           Fortunately, it appears that if we specify ai_socktype as
+           SOCK_STREAM and use a null service name, we only get one
+           copy of each address on all the platforms I've tried,
+           although it may not have ai_socktype filled in properly.
+           So, we'll fudge it with that for now.  */
+        aierr = system_getaddrinfo(name, NULL, &myhints, &ai);
+        if (aierr) {
+            krb5int_unlock_fac();
+            return aierr;
+        }
+        ce = malloc(sizeof(struct face));
+        memset(ce, 0, sizeof(*ce));
+        ce->expiration = time(0) + 30;
+        for (ai2 = ai; ai2; ai2 = ai2->ai_next) {
+#ifdef DEBUG_ADDRINFO
+            printf("  found an address in family %d...\n", ai2->ai_family);
+#endif
+            switch (ai2->ai_family) {
+            case AF_INET:
+                ce->naddrs4++;
+                break;
+            case AF_INET6:
+                ce->naddrs6++;
+                break;
+            default:
+                break;
+            }
+        }
+        ce->addrs4 = calloc(ce->naddrs4, sizeof(*ce->addrs4));
+        if (ce->addrs4 == NULL && ce->naddrs4 != 0) {
+            krb5int_unlock_fac();
+            system_freeaddrinfo(ai);
+            return EAI_MEMORY;
+        }
+        ce->addrs6 = calloc(ce->naddrs6, sizeof(*ce->addrs6));
+        if (ce->addrs6 == NULL && ce->naddrs6 != 0) {
+            krb5int_unlock_fac();
+            free(ce->addrs4);
+            system_freeaddrinfo(ai);
+            return EAI_MEMORY;
+        }
+        for (ai2 = ai, i4 = i6 = 0; ai2; ai2 = ai2->ai_next) {
+            switch (ai2->ai_family) {
+            case AF_INET:
+                ce->addrs4[i4++] = ((struct sockaddr_in *)ai2->ai_addr)->sin_addr;
+                break;
+            case AF_INET6:
+                ce->addrs6[i6++] = ((struct sockaddr_in6 *)ai2->ai_addr)->sin6_addr;
+                break;
+            default:
+                break;
+            }
+        }
+        ce->canonname = ai->ai_canonname ? strdup(ai->ai_canonname) : 0;
+        system_freeaddrinfo(ai);
+        plant_face(name, ce);
+    }
+    template->ai_family = AF_INET6;
+    template->ai_addrlen = sizeof(struct sockaddr_in6);
+    for (i = 0; i < ce->naddrs6; i++) {
+        r = fai_add_entry (result, &ce->addrs6[i], portnum, template);
+        if (r) {
+            krb5int_unlock_fac();
+            return r;
+        }
+    }
+    template->ai_family = AF_INET;
+    template->ai_addrlen = sizeof(struct sockaddr_in);
+    for (i = 0; i < ce->naddrs4; i++) {
+        r = fai_add_entry (result, &ce->addrs4[i], portnum, template);
+        if (r) {
+            krb5int_unlock_fac();
+            return r;
+        }
+    }
+    if (*result && (flags & AI_CANONNAME))
+        (*result)->ai_canonname = (ce->canonname
+                                   ? strdup(ce->canonname)
+                                   : NULL);
+    krb5int_unlock_fac();
+    return 0;
+
+#else
+
+    struct hostent *hp;
+    int i, r;
+    int herr;
+    GET_HOST_TMP htmp;
+
+    GET_HOST_BY_NAME (name, hp, herr, htmp);
+    if (hp == 0)
+        return translate_h_errno (herr);
+    for (i = 0; hp->h_addr_list[i]; i++) {
+        r = fai_add_entry (result, hp->h_addr_list[i], portnum, template);
+        if (r)
+            return r;
+    }
+    if (*result && (flags & AI_CANONNAME))
+        (*result)->ai_canonname = strdup (hp->h_name);
+    return 0;
+
+#endif
+}
+
+static inline void
+fake_freeaddrinfo (struct addrinfo *ai)
+{
+    struct addrinfo *next;
+    while (ai) {
+        next = ai->ai_next;
+        if (ai->ai_canonname)
+            free (ai->ai_canonname);
+        if (ai->ai_addr)
+            free (ai->ai_addr);
+        free (ai);
+        ai = next;
+    }
+}
+
+static inline int
+fake_getaddrinfo (const char *name, const char *serv,
+                  const struct addrinfo *hint, struct addrinfo **result)
+{
+    struct addrinfo *res = 0;
+    int ret;
+    int port = 0, socktype;
+    int flags;
+    struct addrinfo template;
+
+#ifdef DEBUG_ADDRINFO
+    debug_dump_getaddrinfo_args(name, serv, hint);
+#endif
+
+    if (hint != 0) {
+        if (hint->ai_family != 0 && hint->ai_family != AF_INET)
+            return EAI_NODATA;
+        socktype = hint->ai_socktype;
+        flags = hint->ai_flags;
+    } else {
+        socktype = 0;
+        flags = 0;
+    }
+
+    if (serv) {
+        size_t numlen = strspn (serv, "0123456789");
+        if (serv[numlen] == '\0') {
+            /* pure numeric */
+            unsigned long p = strtoul (serv, 0, 10);
+            if (p == 0 || p > 65535)
+                return EAI_NONAME;
+            port = htons (p);
+        } else {
+            struct servent *sp;
+            int try_dgram_too = 0, s_err;
+            GET_SERV_TMP stmp;
+
+            if (socktype == 0) {
+                try_dgram_too = 1;
+                socktype = SOCK_STREAM;
+            }
+        try_service_lookup:
+            GET_SERV_BY_NAME(serv, socktype == SOCK_STREAM ? "tcp" : "udp",
+                             sp, s_err, stmp);
+            if (sp == 0) {
+                if (try_dgram_too) {
+                    socktype = SOCK_DGRAM;
+                    goto try_service_lookup;
+                }
+                return EAI_SERVICE;
+            }
+            port = sp->s_port;
+        }
+    }
+
+    if (name == 0) {
+        name = (flags & AI_PASSIVE) ? "0.0.0.0" : "127.0.0.1";
+        flags |= AI_NUMERICHOST;
+    }
+
+    template.ai_family = AF_INET;
+    template.ai_addrlen = sizeof (struct sockaddr_in);
+    template.ai_socktype = socktype;
+    template.ai_protocol = 0;
+    template.ai_flags = 0;
+    template.ai_canonname = 0;
+    template.ai_next = 0;
+    template.ai_addr = 0;
+
+    /* If NUMERICHOST is set, parse a numeric address.
+       If it's not set, don't accept such names.  */
+    if (flags & AI_NUMERICHOST) {
+        struct in_addr addr4;
+        addr4.s_addr = inet_addr (name);
+        if (addr4.s_addr == 0xffffffff || addr4.s_addr == -1)
+            /* 255.255.255.255 or parse error, both bad */
+            return EAI_NONAME;
+        ret = fai_add_entry (&res, &addr4, port, &template);
+    } else {
+        ret = fai_add_hosts_by_name (name, &template, port, flags,
+                                     &res);
+    }
+
+    if (ret && ret != NO_ADDRESS) {
+        fake_freeaddrinfo (res);
+        return ret;
+    }
+    if (res == 0)
+        return NO_ADDRESS;
+    *result = res;
+    return 0;
+}
+
+#ifdef NEED_FAKE_GETNAMEINFO
+static inline int
+fake_getnameinfo (const struct sockaddr *sa, socklen_t len,
+                  char *host, socklen_t hostlen,
+                  char *service, socklen_t servicelen,
+                  int flags)
+{
+    struct hostent *hp;
+    const struct sockaddr_in *sinp;
+    struct servent *sp;
+    size_t hlen, slen;
+
+    if (sa->sa_family != AF_INET) {
+        return EAI_FAMILY;
+    }
+    sinp = (const struct sockaddr_in *) sa;
+
+    hlen = hostlen;
+    if (hostlen < 0 || hlen != hostlen) {
+        errno = EINVAL;
+        return EAI_SYSTEM;
+    }
+    slen = servicelen;
+    if (servicelen < 0 || slen != servicelen) {
+        errno = EINVAL;
+        return EAI_SYSTEM;
+    }
+
+    if (host) {
+        if (flags & NI_NUMERICHOST) {
+#if (defined(__GNUC__) && defined(__mips__)) || 1 /* thread safety always */
+            /* The inet_ntoa call, passing a struct, fails on IRIX 6.5
+               using gcc 2.95; we get back "0.0.0.0".  Since this in a
+               configuration still important at Athena, here's the
+               workaround, which also happens to be thread-safe....  */
+            const unsigned char *uc;
+            char tmpbuf[20];
+        numeric_host:
+            uc = (const unsigned char *) &sinp->sin_addr;
+            snprintf(tmpbuf, sizeof(tmpbuf), "%d.%d.%d.%d",
+                     uc[0], uc[1], uc[2], uc[3]);
+            strncpy(host, tmpbuf, hlen);
+#else
+            char *p;
+        numeric_host:
+            p = inet_ntoa (sinp->sin_addr);
+            strncpy (host, p, hlen);
+#endif
+        } else {
+            int herr;
+            GET_HOST_TMP htmp;
+
+            GET_HOST_BY_ADDR((const char *) &sinp->sin_addr,
+                             sizeof (struct in_addr),
+                             sa->sa_family, hp, herr, htmp);
+            if (hp == 0) {
+                if (herr == NO_ADDRESS && !(flags & NI_NAMEREQD)) /* ??? */
+                    goto numeric_host;
+                return translate_h_errno (herr);
+            }
+            /* According to the Open Group spec, getnameinfo can
+               silently truncate, but must still return a
+               null-terminated string.  */
+            strncpy (host, hp->h_name, hlen);
+        }
+        host[hostlen-1] = 0;
+    }
+
+    if (service) {
+        if (flags & NI_NUMERICSERV) {
+            char numbuf[10];
+            int port;
+        numeric_service:
+            port = ntohs (sinp->sin_port);
+            if (port < 0 || port > 65535)
+                return EAI_FAIL;
+            snprintf (numbuf, sizeof(numbuf), "%d", port);
+            strncpy (service, numbuf, slen);
+        } else {
+            int serr;
+            GET_SERV_TMP stmp;
+
+            GET_SERV_BY_PORT(sinp->sin_port,
+                             (flags & NI_DGRAM) ? "udp" : "tcp",
+                             sp, serr, stmp);
+            if (sp == 0)
+                goto numeric_service;
+            strncpy (service, sp->s_name, slen);
+        }
+        service[servicelen-1] = 0;
+    }
+
+    return 0;
+}
+#endif
+
+#if defined(HAVE_FAKE_GETADDRINFO) || defined(NEED_FAKE_GETNAMEINFO)
+
+static inline
+char *gai_strerror (int code)
+{
+    switch (code) {
+    case EAI_ADDRFAMILY: return "address family for nodename not supported";
+    case EAI_AGAIN:     return "temporary failure in name resolution";
+    case EAI_BADFLAGS:  return "bad flags to getaddrinfo/getnameinfo";
+    case EAI_FAIL:      return "non-recoverable failure in name resolution";
+    case EAI_FAMILY:    return "ai_family not supported";
+    case EAI_MEMORY:    return "out of memory";
+    case EAI_NODATA:    return "no address associated with hostname";
+    case EAI_NONAME:    return "name does not exist";
+    case EAI_SERVICE:   return "service name not supported for specified socket type";
+    case EAI_SOCKTYPE:  return "ai_socktype not supported";
+    case EAI_SYSTEM:    return strerror (errno);
+    default:            return "bogus getaddrinfo error?";
+    }
+}
+#endif
+
+static inline int translate_h_errno (int h)
+{
+    switch (h) {
+    case 0:
+        return 0;
+#ifdef NETDB_INTERNAL
+    case NETDB_INTERNAL:
+        if (errno == ENOMEM)
+            return EAI_MEMORY;
+        return EAI_SYSTEM;
+#endif
+    case HOST_NOT_FOUND:
+        return EAI_NONAME;
+    case TRY_AGAIN:
+        return EAI_AGAIN;
+    case NO_RECOVERY:
+        return EAI_FAIL;
+    case NO_DATA:
+#if NO_DATA != NO_ADDRESS
+    case NO_ADDRESS:
+#endif
+        return EAI_NODATA;
+    default:
+        return EAI_SYSTEM;
+    }
+}
+
+#if defined(HAVE_FAKE_GETADDRINFO) || defined(FAI_CACHE)
+static inline
+int getaddrinfo (const char *name, const char *serv,
+                 const struct addrinfo *hint, struct addrinfo **result)
+{
+    return fake_getaddrinfo(name, serv, hint, result);
+}
+
+static inline
+void freeaddrinfo (struct addrinfo *ai)
+{
+    fake_freeaddrinfo(ai);
+}
+
+#ifdef NEED_FAKE_GETNAMEINFO
+static inline
+int getnameinfo (const struct sockaddr *sa, socklen_t len,
+                 char *host, socklen_t hostlen,
+                 char *service, socklen_t servicelen,
+                 int flags)
+{
+    return fake_getnameinfo(sa, len, host, hostlen, service, servicelen,
+                            flags);
+}
+#endif /* NEED_FAKE_GETNAMEINFO */
+#endif /* HAVE_FAKE_GETADDRINFO */
+#endif /* NEED_FAKE_GETADDRINFO */
+
+
+#ifdef WRAP_GETADDRINFO
+
+static inline
+int
+getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
+             struct addrinfo **result)
+{
+    int aierr;
+#if defined(_AIX) || defined(COPY_FIRST_CANONNAME)
+    struct addrinfo *ai;
+#endif
+#ifdef NUMERIC_SERVICE_BROKEN
+    int service_is_numeric = 0;
+    int service_port = 0;
+    int socket_type = 0;
+#endif
+
+#ifdef DEBUG_ADDRINFO
+    debug_dump_getaddrinfo_args(name, serv, hint);
+#endif
+
+#ifdef NUMERIC_SERVICE_BROKEN
+    /* AIX 4.3.3 is broken.  (Or perhaps out of date?)
+
+       If a numeric service is provided, and it doesn't correspond to
+       a known service name for tcp or udp (as appropriate), an error
+       code (for "host not found") is returned.  If the port maps to a
+       known service for both udp and tcp, all is well.  */
+    if (serv && serv[0] && isdigit(serv[0])) {
+        unsigned long lport;
+        char *end;
+        lport = strtoul(serv, &end, 10);
+        if (!*end) {
+            if (lport > 65535)
+                return EAI_SOCKTYPE;
+            service_is_numeric = 1;
+            service_port = lport;
+#ifdef AI_NUMERICSERV
+            if (hint && hint->ai_flags & AI_NUMERICSERV)
+                serv = "9";
+            else
+#endif
+                serv = "discard";       /* defined for both udp and tcp */
+            if (hint)
+                socket_type = hint->ai_socktype;
+        }
+    }
+#endif
+
+    aierr = system_getaddrinfo (name, serv, hint, result);
+    if (aierr || *result == 0) {
+#ifdef DEBUG_ADDRINFO
+        debug_dump_error(aierr);
+#endif
+        return aierr;
+    }
+
+    /* Linux libc version 6 prior to 2.3.4 is broken.
+
+       RFC 2553 says that when AI_CANONNAME is set, the ai_canonname
+       flag of the first returned structure has the canonical name of
+       the host.  Instead, GNU libc sets ai_canonname in each returned
+       structure to the name that the corresponding address maps to,
+       if any, or a printable numeric form.
+
+       RFC 2553 bis and the new Open Group spec say that field will be
+       the canonical name if it can be determined, otherwise, the
+       provided hostname or a copy of it.
+
+       IMNSHO, "canonical name" means CNAME processing and not PTR
+       processing, but I can see arguing it.  Using the numeric form
+       when that's not the form provided is just wrong.  So, let's fix
+       it.
+
+       The glibc 2.2.5 sources indicate that the canonical name is
+       *not* allocated separately, it's just some extra storage tacked
+       on the end of the addrinfo structure.  So, let's try this
+       approach: If getaddrinfo sets ai_canonname, we'll replace the
+       *first* one with allocated storage, and free up that pointer in
+       freeaddrinfo if it's set; the other ai_canonname fields will be
+       left untouched.  And we'll just pray that the application code
+       won't mess around with the list structure; if we start doing
+       that, we'll have to start replacing and freeing all of the
+       ai_canonname fields.
+
+       Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133668 .
+
+       Since it's dependent on the target hostname, it's hard to check
+       for at configure time.  The bug was fixed in glibc 2.3.4.
+       After the fix, the ai_canonname field is allocated, so our
+       workaround leaks memory.  We disable the workaround for glibc
+       >= 2.4, but there is no easy way to test for glibc patch
+       versions, so we still leak memory under glibc 2.3.4 through
+       2.3.6.
+
+       Some Windows documentation says that even when AI_CANONNAME is
+       set, the returned ai_canonname field can be null.  The NetBSD
+       1.5 implementation also does this, if the input hostname is a
+       numeric host address string.  That case isn't handled well at
+       the moment.
+
+       Libc version 5 didn't have getaddrinfo at all.  */
+
+#ifdef COPY_FIRST_CANONNAME
+    /*
+     * This code must *always* return an error, return a null
+     * ai_canonname, or return an ai_canonname allocated here using
+     * malloc, so that freeaddrinfo can always free a non-null
+     * ai_canonname.  Note that it really doesn't matter if the
+     * AI_CANONNAME flag was set.
+     */
+    ai = *result;
+    if (ai->ai_canonname) {
+        struct hostent *hp;
+        const char *name2 = 0;
+        int i, herr;
+        GET_HOST_TMP htmp;
+
+        /*
+         * Current versions of GET_HOST_BY_NAME will fail if the
+         * target hostname has IPv6 addresses only.  Make sure it
+         * fails fairly cleanly.
+         */
+        GET_HOST_BY_NAME (name, hp, herr, htmp);
+        if (hp == 0) {
+            /*
+             * This case probably means it's an IPv6-only name.  If
+             * ai_canonname is a numeric address, get rid of it.
+             */
+            if (ai->ai_canonname && strchr(ai->ai_canonname, ':'))
+                ai->ai_canonname = 0;
+            name2 = ai->ai_canonname ? ai->ai_canonname : name;
+        } else {
+            /*
+             * Sometimes gethostbyname will be directed to /etc/hosts
+             * first, and sometimes that file will have entries with
+             * the unqualified name first.  So take the first entry
+             * that looks like it could be a FQDN. Starting with h_name
+             * and then all the aliases.
+             */
+            for (i = 0, name2 = hp->h_name; name2; i++) {
+                if (strchr(name2, '.') != 0)
+                    break;
+                name2 = hp->h_aliases[i];
+            }
+            if (name2 == 0)
+                name2 = hp->h_name;
+        }
+
+        ai->ai_canonname = strdup(name2);
+        if (name2 != 0 && ai->ai_canonname == 0) {
+            system_freeaddrinfo(ai);
+            *result = 0;
+#ifdef DEBUG_ADDRINFO
+            debug_dump_error(EAI_MEMORY);
+#endif
+            return EAI_MEMORY;
+        }
+        /* Zap the remaining ai_canonname fields glibc fills in, in
+           case the application messes around with the list
+           structure.  */
+        while ((ai = ai->ai_next) != NULL)
+            ai->ai_canonname = 0;
+    }
+#endif
+
+#ifdef NUMERIC_SERVICE_BROKEN
+    if (service_port != 0) {
+        for (ai = *result; ai; ai = ai->ai_next) {
+            if (socket_type != 0 && ai->ai_socktype == 0)
+                /* Is this check actually needed?  */
+                ai->ai_socktype = socket_type;
+            sa_setport(ai->ai_addr, service_port);
+        }
+    }
+#endif
+
+#ifdef _AIX
+    for (ai = *result; ai; ai = ai->ai_next) {
+        /* AIX 4.3.3 libc is broken.  It doesn't set the family or len
+           fields of the sockaddr structures.  Usually, sa_family is
+           zero, but I've seen it set to 1 in some cases also (maybe
+           just leftover from previous contents of the memory
+           block?).  So, always override what libc returned.  */
+        ai->ai_addr->sa_family = ai->ai_family;
+    }
+#endif
+
+    /* Not dealt with currently:
+
+       - Some versions of GNU libc can lose some IPv4 addresses in
+       certain cases when multiple IPv4 and IPv6 addresses are
+       available.  */
+
+#ifdef DEBUG_ADDRINFO
+    debug_dump_addrinfos(*result);
+#endif
+
+    return 0;
+}
+
+static inline
+void freeaddrinfo (struct addrinfo *ai)
+{
+#ifdef COPY_FIRST_CANONNAME
+    if (ai) {
+        free(ai->ai_canonname);
+        ai->ai_canonname = 0;
+        system_freeaddrinfo(ai);
+    }
+#else
+    system_freeaddrinfo(ai);
+#endif
+}
+#endif /* WRAP_GETADDRINFO */
+
+#ifdef FAI_CACHE
+static int krb5int_lock_fac (void)
+{
+    int err;
+    err = krb5int_call_thread_support_init();
+    if (err)
+        return err;
+    return k5_mutex_lock(&krb5int_fac.lock);
+}
+
+static int krb5int_unlock_fac (void)
+{
+    return k5_mutex_unlock(&krb5int_fac.lock);
+}
+#endif
+
+/* Some systems don't define in6addr_any.  */
+const struct in6_addr krb5int_in6addr_any = IN6ADDR_ANY_INIT;
+
+int krb5int_getaddrinfo (const char *node, const char *service,
+                         const struct addrinfo *hints,
+                         struct addrinfo **aip)
+{
+    return getaddrinfo(node, service, hints, aip);
+}
+
+void krb5int_freeaddrinfo (struct addrinfo *ai)
+{
+    freeaddrinfo(ai);
+}
+
+const char *krb5int_gai_strerror(int err)
+{
+    return gai_strerror(err);
+}
+
+int krb5int_getnameinfo (const struct sockaddr *sa, socklen_t salen,
+                         char *hbuf, size_t hbuflen,
+                         char *sbuf, size_t sbuflen,
+                         int flags)
+{
+    return getnameinfo(sa, salen, hbuf, hbuflen, sbuf, sbuflen, flags);
+}
diff --git a/krb5-1.21.3/src/util/support/fnmatch.c b/krb5-1.21.3/src/util/support/fnmatch.c
new file mode 100644
index 00000000..7e5a993f
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/fnmatch.c
@@ -0,0 +1,207 @@
+/*	$NetBSD: fnmatch.c,v 1.24 2011/01/31 19:10:18 christos Exp $	*/
+
+/*
+ * Copyright (c) 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)fnmatch.c	8.2 (Berkeley) 4/16/94";
+#else
+__RCSID("$NetBSD: fnmatch.c,v 1.24 2011/01/31 19:10:18 christos Exp $");
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
+ * Compares a filename or pathname to a pattern.
+ */
+
+#include "k5-platform.h"
+#include <ctype.h>
+#ifndef _DIAGASSERT
+#define _DIAGASSERT(x)
+#endif
+
+#define	EOS	'\0'
+
+static inline int
+foldcase(int ch, int flags)
+{
+
+	if ((flags & FNM_CASEFOLD) != 0 && isupper(ch))
+		return tolower(ch);
+	return ch;
+}
+
+#define	FOLDCASE(ch, flags)	foldcase((unsigned char)(ch), (flags))
+
+static const char *
+rangematch(const char *pattern, int test, int flags)
+{
+	int negate, ok;
+	char c, c2;
+
+	_DIAGASSERT(pattern != NULL);
+
+	/*
+	 * A bracket expression starting with an unquoted circumflex
+	 * character produces unspecified results (IEEE 1003.2-1992,
+	 * 3.13.2).  This implementation treats it like '!', for
+	 * consistency with the regular expression syntax.
+	 * J.T. Conklin (conklin@ngai.kaleida.com)
+	 */
+	if ((negate = (*pattern == '!' || *pattern == '^')) != 0)
+		++pattern;
+	
+	for (ok = 0; (c = FOLDCASE(*pattern++, flags)) != ']';) {
+		if (c == '\\' && !(flags & FNM_NOESCAPE))
+			c = FOLDCASE(*pattern++, flags);
+		if (c == EOS)
+			return NULL;
+		if (*pattern == '-' 
+		    && (c2 = FOLDCASE(*(pattern + 1), flags)) != EOS &&
+		        c2 != ']') {
+			pattern += 2;
+			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
+				c2 = FOLDCASE(*pattern++, flags);
+			if (c2 == EOS)
+				return NULL;
+			if (c <= test && test <= c2)
+				ok = 1;
+		} else if (c == test)
+			ok = 1;
+	}
+	return ok == negate ? NULL : pattern;
+}
+
+
+static int
+fnmatchx(const char *pattern, const char *string, int flags, size_t recursion)
+{
+	const char *stringstart;
+	char c, test;
+
+	_DIAGASSERT(pattern != NULL);
+	_DIAGASSERT(string != NULL);
+
+	if (recursion-- == 0)
+		return FNM_NORES;
+
+	for (stringstart = string;;) {
+		switch (c = FOLDCASE(*pattern++, flags)) {
+		case EOS:
+			if ((flags & FNM_LEADING_DIR) && *string == '/')
+				return 0;
+			return *string == EOS ? 0 : FNM_NOMATCH;
+		case '?':
+			if (*string == EOS)
+				return FNM_NOMATCH;
+			if (*string == '/' && (flags & FNM_PATHNAME))
+				return FNM_NOMATCH;
+			if (*string == '.' && (flags & FNM_PERIOD) &&
+			    (string == stringstart ||
+			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+				return FNM_NOMATCH;
+			++string;
+			break;
+		case '*':
+			c = FOLDCASE(*pattern, flags);
+			/* Collapse multiple stars. */
+			while (c == '*')
+				c = FOLDCASE(*++pattern, flags);
+
+			if (*string == '.' && (flags & FNM_PERIOD) &&
+			    (string == stringstart ||
+			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
+				return FNM_NOMATCH;
+
+			/* Optimize for pattern with * at end or before /. */
+			if (c == EOS) {
+				if (flags & FNM_PATHNAME)
+					return (flags & FNM_LEADING_DIR) ||
+					    strchr(string, '/') == NULL ?
+					    0 : FNM_NOMATCH;
+				else
+					return 0;
+			} else if (c == '/' && flags & FNM_PATHNAME) {
+				if ((string = strchr(string, '/')) == NULL)
+					return FNM_NOMATCH;
+				break;
+			}
+
+			/* General case, use recursion. */
+			while ((test = FOLDCASE(*string, flags)) != EOS) {
+				int e;
+				switch ((e = fnmatchx(pattern, string,
+				    flags & ~FNM_PERIOD, recursion))) {
+				case FNM_NOMATCH:
+					break;
+				default:
+					return e;
+				}
+				if (test == '/' && flags & FNM_PATHNAME)
+					break;
+				++string;
+			}
+			return FNM_NOMATCH;
+		case '[':
+			if (*string == EOS)
+				return FNM_NOMATCH;
+			if (*string == '/' && flags & FNM_PATHNAME)
+				return FNM_NOMATCH;
+			if ((pattern = rangematch(pattern,
+			    FOLDCASE(*string, flags), flags)) == NULL)
+				return FNM_NOMATCH;
+			++string;
+			break;
+		case '\\':
+			if (!(flags & FNM_NOESCAPE)) {
+				if ((c = FOLDCASE(*pattern++, flags)) == EOS) {
+					c = '\\';
+					--pattern;
+				}
+			}
+			/* FALLTHROUGH */
+		default:
+			if (c != FOLDCASE(*string++, flags))
+				return FNM_NOMATCH;
+			break;
+		}
+	}
+	/* NOTREACHED */
+}
+
+int
+k5_fnmatch(const char *pattern, const char *string, int flags)
+{
+	return fnmatchx(pattern, string, flags, 64);
+}
diff --git a/krb5-1.21.3/src/util/support/getopt.c b/krb5-1.21.3/src/util/support/getopt.c
new file mode 100644
index 00000000..ae8cb10d
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/getopt.c
@@ -0,0 +1,151 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*	$NetBSD: getopt.c,v 1.16 1999/12/02 13:15:56 kleink Exp $	*/
+
+/*
+ * Copyright (c) 1987, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if !defined(HAVE_GETOPT) || !defined(HAVE_UNISTD_H)
+#if 0
+static char sccsid[] = "@(#)getopt.c	8.3 (Berkeley) 4/27/95";
+#endif
+
+#define K5_GETOPT_C
+
+#include <assert.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include "k5-platform.h"
+
+#define __P(x) x
+#define _DIAGASSERT(x) assert(x)
+
+int	opterr = 1,		/* if error message should be printed */
+	optind = 1,		/* index into parent argv vector */
+	optopt;			/* character checked for validity */
+char	*optarg;		/* argument associated with option */
+
+static char * _progname __P((char *));
+int getopt_internal __P((int, char * const *, const char *));
+
+static char *
+_progname(nargv0)
+	char * nargv0;
+{
+	char * tmp;
+
+	_DIAGASSERT(nargv0 != NULL);
+
+	tmp = strrchr(nargv0, '/');
+	if (tmp)
+		tmp++;
+	else
+		tmp = nargv0;
+	return(tmp);
+}
+
+#define	BADCH	(int)'?'
+#define	BADARG	(int)':'
+#define	EMSG	""
+
+/*
+ * getopt --
+ *	Parse argc/argv argument vector.
+ */
+int
+getopt(nargc, nargv, ostr)
+	int nargc;
+	char * const nargv[];
+	const char *ostr;
+{
+	static char *__progname = 0;
+	static char *place = EMSG;		/* option letter processing */
+	char *oli;				/* option letter list index */
+	__progname = __progname?__progname:_progname(*nargv);
+
+	_DIAGASSERT(nargv != NULL);
+	_DIAGASSERT(ostr != NULL);
+
+	if (!*place) {		/* update scanning pointer */
+		if (optind >= nargc || *(place = nargv[optind]) != '-') {
+			place = EMSG;
+			return (-1);
+		}
+		if (place[1] && *++place == '-'	/* found "--" */
+		    && place[1] == '\0') {
+			++optind;
+			place = EMSG;
+			return (-1);
+		}
+	}					/* option letter okay? */
+	if ((optopt = (int)*place++) == (int)':' ||
+	    !(oli = strchr(ostr, optopt))) {
+		/*
+		 * if the user didn't specify '-' as an option,
+		 * assume it means -1.
+		 */
+		if (optopt == (int)'-')
+			return (-1);
+		if (!*place)
+			++optind;
+		if (opterr && *ostr != ':')
+			(void)fprintf(stderr,
+			    "%s: illegal option -- %c\n", __progname, optopt);
+		return (BADCH);
+	}
+	if (*++oli != ':') {			/* don't need argument */
+		optarg = NULL;
+		if (!*place)
+			++optind;
+	}
+	else {					/* need an argument */
+		if (*place)			/* no white space */
+			optarg = place;
+		else if (nargc <= ++optind) {	/* no arg */
+			place = EMSG;
+			if (*ostr == ':')
+				return (BADARG);
+			if (opterr)
+				(void)fprintf(stderr,
+				    "%s: option requires an argument -- %c\n",
+				    __progname, optopt);
+			return (BADCH);
+		}
+		else				/* white space */
+			optarg = nargv[optind];
+		place = EMSG;
+		++optind;
+	}
+	return (optopt);			/* dump back option letter */
+}
+#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_UNISTD_H) */
diff --git a/krb5-1.21.3/src/util/support/getopt_long.c b/krb5-1.21.3/src/util/support/getopt_long.c
new file mode 100644
index 00000000..1b508a14
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/getopt_long.c
@@ -0,0 +1,232 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright (c) 1987, 1993, 1994, 1996
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#ifndef HAVE_GETOPT_LONG
+#include <assert.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "k5-platform.h"
+
+#define __P(x) x
+#define _DIAGASSERT(x) assert(x)
+
+static char * __progname __P((char *));
+int getopt_internal __P((int, char * const *, const char *));
+
+static char *
+__progname(nargv0)
+	char * nargv0;
+{
+	char * tmp;
+
+	_DIAGASSERT(nargv0 != NULL);
+
+	tmp = strrchr(nargv0, '/');
+	if (tmp)
+		tmp++;
+	else
+		tmp = nargv0;
+	return(tmp);
+}
+
+#define	BADCH	(int)'?'
+#define	BADARG	(int)':'
+#define	EMSG	""
+
+/*
+ * getopt --
+ *	Parse argc/argv argument vector.
+ */
+int
+getopt_internal(nargc, nargv, ostr)
+	int nargc;
+	char * const *nargv;
+	const char *ostr;
+{
+	static char *place = EMSG;		/* option letter processing */
+	char *oli;				/* option letter list index */
+
+	_DIAGASSERT(nargv != NULL);
+	_DIAGASSERT(ostr != NULL);
+
+	if (!*place) {		/* update scanning pointer */
+		if (optind >= nargc || *(place = nargv[optind]) != '-') {
+			place = EMSG;
+			return (-1);
+		}
+		if (place[1] && *++place == '-') {	/* found "--" */
+			/* ++optind; */
+			place = EMSG;
+			return (-2);
+		}
+	}					/* option letter okay? */
+	if ((optopt = (int)*place++) == (int)':' ||
+	    !(oli = strchr(ostr, optopt))) {
+		/*
+		 * if the user didn't specify '-' as an option,
+		 * assume it means -1.
+		 */
+		if (optopt == (int)'-')
+			return (-1);
+		if (!*place)
+			++optind;
+		if (opterr && *ostr != ':')
+			(void)fprintf(stderr,
+			    "%s: illegal option -- %c\n", __progname(nargv[0]), optopt);
+		return (BADCH);
+	}
+	if (*++oli != ':') {			/* don't need argument */
+		optarg = NULL;
+		if (!*place)
+			++optind;
+	} else {				/* need an argument */
+		if (*place)			/* no white space */
+			optarg = place;
+		else if (nargc <= ++optind) {	/* no arg */
+			place = EMSG;
+			if ((opterr) && (*ostr != ':'))
+				(void)fprintf(stderr,
+				    "%s: option requires an argument -- %c\n",
+				    __progname(nargv[0]), optopt);
+			return (BADARG);
+		} else				/* white space */
+			optarg = nargv[optind];
+		place = EMSG;
+		++optind;
+	}
+	return (optopt);			/* dump back option letter */
+}
+
+#if 0
+/*
+ * getopt --
+ *	Parse argc/argv argument vector.
+ */
+int
+getopt2(nargc, nargv, ostr)
+	int nargc;
+	char * const *nargv;
+	const char *ostr;
+{
+	int retval;
+
+	if ((retval = getopt_internal(nargc, nargv, ostr)) == -2) {
+		retval = -1;
+		++optind;
+	}
+	return(retval);
+}
+#endif
+
+/*
+ * getopt_long --
+ *	Parse argc/argv argument vector.
+ */
+int
+getopt_long(nargc, nargv, options, long_options, index)
+	int nargc;
+	char ** nargv;
+	char * options;
+	struct option * long_options;
+	int * index;
+{
+	int retval;
+
+	_DIAGASSERT(nargv != NULL);
+	_DIAGASSERT(options != NULL);
+	_DIAGASSERT(long_options != NULL);
+	/* index may be NULL */
+
+	if ((retval = getopt_internal(nargc, nargv, options)) == -2) {
+		char *current_argv = nargv[optind++] + 2, *has_equal;
+		int i, current_argv_len, match = -1;
+
+		if (*current_argv == '\0') {
+			return(-1);
+		}
+		if ((has_equal = strchr(current_argv, '=')) != NULL) {
+			current_argv_len = has_equal - current_argv;
+			has_equal++;
+		} else
+			current_argv_len = strlen(current_argv);
+
+		for (i = 0; long_options[i].name; i++) {
+			if (strncmp(current_argv, long_options[i].name, current_argv_len))
+				continue;
+
+			if (strlen(long_options[i].name) == (unsigned)current_argv_len) {
+				match = i;
+				break;
+			}
+			if (match == -1)
+				match = i;
+		}
+		if (match != -1) {
+			if (long_options[match].has_arg == required_argument ||
+			    long_options[match].has_arg == optional_argument) {
+				if (has_equal)
+					optarg = has_equal;
+				else
+					optarg = nargv[optind++];
+			}
+			if ((long_options[match].has_arg == required_argument)
+			    && (optarg == NULL)) {
+				/*
+				 * Missing argument, leading :
+				 * indicates no error should be generated
+				 */
+				if ((opterr) && (*options != ':'))
+					(void)fprintf(stderr,
+				      "%s: option requires an argument -- %s\n",
+				      __progname(nargv[0]), current_argv);
+				return (BADARG);
+			}
+		} else { /* No matching argument */
+			if ((opterr) && (*options != ':'))
+				(void)fprintf(stderr,
+				    "%s: illegal option -- %s\n", __progname(nargv[0]), current_argv);
+			return (BADCH);
+		}
+		if (long_options[match].flag) {
+			*long_options[match].flag = long_options[match].val;
+			retval = 0;
+		} else
+			retval = long_options[match].val;
+		if (index)
+			*index = match;
+	}
+	return(retval);
+}
+#endif /* not HAVE_GETOPT_LONG */
diff --git a/krb5-1.21.3/src/util/support/gettimeofday.c b/krb5-1.21.3/src/util/support/gettimeofday.c
new file mode 100644
index 00000000..8d8fcd84
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/gettimeofday.c
@@ -0,0 +1,102 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/gettimeofday.c */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+
+#ifdef _WIN32
+
+#include <winsock2.h>
+
+int
+krb5int_gettimeofday (struct timeval *tp, void *ignore)
+{
+    FILETIME ft;
+    ULARGE_INTEGER li;
+    ULONGLONG ull;
+
+    GetSystemTimeAsFileTime(&ft);
+    li.LowPart = ft.dwLowDateTime;
+    li.HighPart = ft.dwHighDateTime;
+    ull = li.QuadPart;
+
+    ull -= 116444736000000000i64;
+    ull /= 10i64;               /* ull is now in microseconds */
+
+    tp->tv_usec = (long)(ull % 1000000i64);
+    tp->tv_sec  = (long)(ull / 1000000i64);
+
+    return 0;
+}
+
+#else
+
+/*
+ * Simple gettimeofday that only returns seconds.
+ */
+int
+krb5int_gettimeofday (struct timeval *tp, void *ignore)
+{
+    time_t t;
+
+    t = time(NULL);
+    tp->tv_sec  = (long) t;
+    tp->tv_usec = 0;
+    return 0;
+}
+
+#endif  /* !_WIN32 */
diff --git a/krb5-1.21.3/src/util/support/gmt_mktime.c b/krb5-1.21.3/src/util/support/gmt_mktime.c
new file mode 100644
index 00000000..c7ddb23a
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/gmt_mktime.c
@@ -0,0 +1,163 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* This code placed in the public domain by Mark W. Eichin */
+
+#include "autoconf.h"
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#include <time.h>
+
+#include "k5-gmt_mktime.h"
+
+#if !HAVE_TIMEGM || TEST_LEAP
+static time_t gmt_mktime(struct tm *t);
+#endif
+
+/*
+ * Use the nonstandard timegm() (if available) to convert broken-down
+ * UTC times into time_t values.  Use our custom gmt_mktime() if
+ * timegm() is not available.
+ *
+ * We use gmtime() (or gmtime_r()) when encoding ASN.1 GeneralizedTime
+ * values.  On systems where a "right" (leap-second-aware) time zone
+ * is configured, gmtime() adjusts for the presence of accumulated
+ * leap seconds in the input time_t value.  POSIX requires that time_t
+ * values omit leap seconds; systems configured to include leap
+ * seconds in their time_t values are non-conforming and will have
+ * difficulties exchanging timestamp information with other systems.
+ *
+ * We use krb5int_gmt_mktime() for decoding ASN.1 GeneralizedTime
+ * values.  If timegm() is not available, krb5int_gmt_mktime() won't
+ * be the inverse of gmtime() on a system that counts leap seconds.  A
+ * system configured with a "right" time zone probably has timegm()
+ * available; without it, an application would have no reliable way of
+ * converting broken-down UTC times into time_t values.
+ */
+time_t
+krb5int_gmt_mktime(struct tm *t)
+{
+#if HAVE_TIMEGM
+    return timegm(t);
+#else
+    return gmt_mktime(t);
+#endif
+}
+
+#if !HAVE_TIMEGM || TEST_LEAP
+
+/* take a struct tm, return seconds from GMT epoch */
+/* like mktime, this ignores tm_wday and tm_yday. */
+/* unlike mktime, this does not set them... it only passes a return value. */
+
+static const int days_in_month[12] = {
+    0,                              /* jan 31 */
+    31,                             /* feb 28 */
+    59,                             /* mar 31 */
+    90,                             /* apr 30 */
+    120,                            /* may 31 */
+    151,                            /* jun 30 */
+    181,                            /* jul 31 */
+    212,                            /* aug 31 */
+    243,                            /* sep 30 */
+    273,                            /* oct 31 */
+    304,                            /* nov 30 */
+    334                             /* dec 31 */
+};
+
+#define hasleapday(year) (year%400?(year%100?(year%4?0:1):0):1)
+
+static time_t
+gmt_mktime(struct tm *t)
+{
+    uint32_t accum;
+
+#define assert_time(cnd) if(!(cnd)) return (time_t) -1
+
+    /*
+     * For 32-bit unsigned time values starting on 1/1/1970, the range is:
+     * time 0x00000000 -> Thu Jan  1 00:00:00 1970
+     * time 0xffffffff -> Sun Feb  7 06:28:15 2106
+     *
+     * We can't encode all dates in 2106, and we're not doing overflow checking
+     * for such cases.
+     */
+    assert_time(t->tm_year>=70);
+    assert_time(t->tm_year<=206);
+
+    assert_time(t->tm_mon>=0);
+    assert_time(t->tm_mon<=11);
+    assert_time(t->tm_mday>=1);
+    assert_time(t->tm_mday<=31);
+    assert_time(t->tm_hour>=0);
+    assert_time(t->tm_hour<=23);
+    assert_time(t->tm_min>=0);
+    assert_time(t->tm_min<=59);
+    assert_time(t->tm_sec>=0);
+    assert_time(t->tm_sec<=62);
+
+#undef assert_time
+
+
+    accum = t->tm_year - 70;
+    accum *= 365;                 /* 365 days/normal year */
+
+    /* add in leap day for all previous years */
+    if (t->tm_year >= 70)
+        accum += (t->tm_year - 69) / 4;
+    else
+        accum -= (72 - t->tm_year) / 4;
+    /* add in leap day for this year */
+    if(t->tm_mon >= 2)            /* march or later */
+        if(hasleapday((t->tm_year + 1900))) accum += 1;
+
+    accum += days_in_month[t->tm_mon];
+    accum += t->tm_mday-1;        /* days of month are the only 1-based field */
+    accum *= 24;                  /* 24 hour/day */
+    accum += t->tm_hour;
+    accum *= 60;                  /* 60 minute/hour */
+    accum += t->tm_min;
+    accum *= 60;                  /* 60 seconds/minute */
+    accum += t->tm_sec;
+
+    return accum;
+}
+#endif /* !HAVE_TIMEGM || TEST_LEAP */
+
+#ifdef TEST_LEAP
+int
+main (int argc, char *argv[])
+{
+    int yr;
+    time_t t;
+    struct tm tm = {
+        .tm_mon = 0, .tm_mday = 1,
+        .tm_hour = 0, .tm_min = 0, .tm_sec = 0,
+    };
+    for (yr = 60; yr <= 104; yr++)
+    {
+        printf ("1/1/%d%c -> ", 1900 + yr, hasleapday((1900+yr)) ? '*' : ' ');
+        tm.tm_year = yr;
+        t = gmt_mktime (&tm);
+        if (t == (time_t) -1)
+            printf ("-1\n");
+        else
+        {
+            long u;
+            if (t % (24 * 60 * 60))
+                printf ("(not integral multiple of days) ");
+            u = t / (24 * 60 * 60);
+            printf ("%3ld*365%+ld\t0x%08lx\n",
+                    (long) (u / 365), (long) (u % 365),
+                    (long) t);
+        }
+    }
+    t = 0x80000000, printf ("time 0x%lx -> %s", t, ctime (&t));
+    t = 0x7fffffff, printf ("time 0x%lx -> %s", t, ctime (&t));
+    return 0;
+}
+#endif
diff --git a/krb5-1.21.3/src/util/support/hashtab.c b/krb5-1.21.3/src/util/support/hashtab.c
new file mode 100644
index 00000000..a66b8cb4
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/hashtab.c
@@ -0,0 +1,252 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/hash.c - hash table implementation */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "k5-platform.h"
+#include "k5-hashtab.h"
+#include "k5-queue.h"
+
+struct entry {
+    const void *key;
+    size_t klen;
+    void *val;
+    K5_SLIST_ENTRY(entry) next;
+};
+
+struct k5_hashtab {
+    uint64_t k0;
+    uint64_t k1;
+    size_t nbuckets;
+    size_t nentries;
+    K5_SLIST_HEAD(bucket_list, entry) *buckets;
+};
+
+/* Return x rotated to the left by r bits. */
+static inline uint64_t
+rotl64(uint64_t x, int r)
+{
+    return (x << r) | (x >> (64 - r));
+}
+
+static inline void
+sipround(uint64_t *v0, uint64_t *v1, uint64_t *v2, uint64_t *v3)
+{
+    *v0 += *v1;
+    *v2 += *v3;
+    *v1 = rotl64(*v1, 13) ^ *v0;
+    *v3 = rotl64(*v3, 16) ^ *v2;
+    *v0 = rotl64(*v0, 32);
+    *v2 += *v1;
+    *v0 += *v3;
+    *v1 = rotl64(*v1, 17) ^ *v2;
+    *v3 = rotl64(*v3, 21) ^ *v0;
+    *v2 = rotl64(*v2, 32);
+}
+
+/* SipHash-2-4 from https://131002.net/siphash/siphash.pdf (Jean-Philippe
+ * Aumasson and Daniel J. Bernstein) */
+static uint64_t
+siphash24(const uint8_t *data, size_t len, uint64_t k0, uint64_t k1)
+{
+    uint64_t v0 = k0 ^ 0x736F6D6570736575;
+    uint64_t v1 = k1 ^ 0x646F72616E646F6D;
+    uint64_t v2 = k0 ^ 0x6C7967656E657261;
+    uint64_t v3 = k1 ^ 0x7465646279746573;
+    uint64_t mi;
+    const uint8_t *p, *end = data + (len - len % 8);
+    uint8_t last[8] = { 0 };
+
+    /* Process each full 8-byte chunk of data. */
+    for (p = data; p < end; p += 8) {
+        mi = load_64_le(p);
+        v3 ^= mi;
+        sipround(&v0, &v1, &v2, &v3);
+        sipround(&v0, &v1, &v2, &v3);
+        v0 ^= mi;
+    }
+
+    /* Process the last 0-7 bytes followed by the length mod 256. */
+    memcpy(last, end, len % 8);
+    last[7] = len & 0xFF;
+    mi = load_64_le(last);
+    v3 ^= mi;
+    sipround(&v0, &v1, &v2, &v3);
+    sipround(&v0, &v1, &v2, &v3);
+    v0 ^= mi;
+
+    /* Finalize. */
+    v2 ^= 0xFF;
+    sipround(&v0, &v1, &v2, &v3);
+    sipround(&v0, &v1, &v2, &v3);
+    sipround(&v0, &v1, &v2, &v3);
+    sipround(&v0, &v1, &v2, &v3);
+    return v0 ^ v1 ^ v2 ^ v3;
+}
+
+uint64_t
+k5_siphash24(const uint8_t *data, size_t len,
+             const uint8_t seed[K5_HASH_SEED_LEN])
+{
+    uint64_t k0 = load_64_le(seed), k1 = load_64_le(seed + 8);
+
+    return siphash24(data, len, k0, k1);
+}
+
+int
+k5_hashtab_create(const uint8_t seed[K5_HASH_SEED_LEN], size_t initial_buckets,
+                  struct k5_hashtab **ht_out)
+{
+    struct k5_hashtab *ht;
+
+    *ht_out = NULL;
+
+    ht = malloc(sizeof(*ht));
+    if (ht == NULL)
+        return ENOMEM;
+
+    if (seed != NULL) {
+        ht->k0 = load_64_le(seed);
+        ht->k1 = load_64_le(seed + 8);
+    } else {
+        ht->k0 = ht->k1 = 0;
+    }
+    ht->nbuckets = (initial_buckets > 0) ? initial_buckets : 64;
+    ht->nentries = 0;
+    ht->buckets = calloc(ht->nbuckets, sizeof(*ht->buckets));
+    if (ht->buckets == NULL) {
+        free(ht);
+        return ENOMEM;
+    }
+
+    *ht_out = ht;
+    return 0;
+}
+
+void
+k5_hashtab_free(struct k5_hashtab *ht)
+{
+    size_t i;
+    struct entry *ent;
+
+    for (i = 0; i < ht->nbuckets; i++) {
+        while (!K5_SLIST_EMPTY(&ht->buckets[i])) {
+            ent = K5_SLIST_FIRST(&ht->buckets[i]);
+            K5_SLIST_REMOVE_HEAD(&ht->buckets[i], next);
+            free(ent);
+        }
+    }
+    free(ht->buckets);
+    free(ht);
+}
+
+static int
+resize_table(struct k5_hashtab *ht)
+{
+    size_t i, j, newsize = ht->nbuckets * 2;
+    struct bucket_list *newbuckets;
+    struct entry *ent;
+
+    newbuckets = calloc(newsize, sizeof(*newbuckets));
+    if (newbuckets == NULL)
+        return ENOMEM;
+
+    /* Rehash all the entries into the new buckets. */
+    for (i = 0; i < ht->nbuckets; i++) {
+        while (!K5_SLIST_EMPTY(&ht->buckets[i])) {
+            ent = K5_SLIST_FIRST(&ht->buckets[i]);
+            j = siphash24(ent->key, ent->klen, ht->k0, ht->k1) % newsize;
+            K5_SLIST_REMOVE_HEAD(&ht->buckets[i], next);
+            K5_SLIST_INSERT_HEAD(&newbuckets[j], ent, next);
+        }
+    }
+
+    free(ht->buckets);
+    ht->buckets = newbuckets;
+    ht->nbuckets = newsize;
+    return 0;
+}
+
+int
+k5_hashtab_add(struct k5_hashtab *ht, const void *key, size_t klen, void *val)
+{
+    size_t i;
+    struct entry *ent;
+
+    if (ht->nentries == ht->nbuckets) {
+        if (resize_table(ht) != 0)
+            return ENOMEM;
+    }
+
+    ent = malloc(sizeof(*ent));
+    if (ent == NULL)
+        return ENOMEM;
+    ent->key = key;
+    ent->klen = klen;
+    ent->val = val;
+
+    i = siphash24(key, klen, ht->k0, ht->k1) % ht->nbuckets;
+    K5_SLIST_INSERT_HEAD(&ht->buckets[i], ent, next);
+
+    ht->nentries++;
+    return 0;
+}
+
+int
+k5_hashtab_remove(struct k5_hashtab *ht, const void *key, size_t klen)
+{
+    size_t i;
+    struct entry *ent;
+
+    i = siphash24(key, klen, ht->k0, ht->k1) % ht->nbuckets;
+    K5_SLIST_FOREACH(ent, &ht->buckets[i], next) {
+        if (ent->klen == klen && memcmp(ent->key, key, klen) == 0) {
+            K5_SLIST_REMOVE(&ht->buckets[i], ent, entry, next);
+            free(ent);
+            ht->nentries--;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void *
+k5_hashtab_get(struct k5_hashtab *ht, const void *key, size_t klen)
+{
+    size_t i;
+    struct entry *ent;
+
+    i = siphash24(key, klen, ht->k0, ht->k1) % ht->nbuckets;
+    K5_SLIST_FOREACH(ent, &ht->buckets[i], next) {
+        if (ent->klen == klen && memcmp(ent->key, key, klen) == 0)
+            return ent->val;
+    }
+    return NULL;
+}
diff --git a/krb5-1.21.3/src/util/support/hex.c b/krb5-1.21.3/src/util/support/hex.c
new file mode 100644
index 00000000..cbd30d73
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/hex.c
@@ -0,0 +1,116 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/hex.c - hex encoding/decoding implementation */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-platform.h>
+#include <k5-hex.h>
+#include <ctype.h>
+
+static inline char
+hex_digit(uint8_t bval, int uppercase)
+{
+    assert(bval <= 0xF);
+    if (bval < 10)
+        return '0' + bval;
+    else if (uppercase)
+        return 'A' + (bval - 10);
+    else
+        return 'a' + (bval - 10);
+}
+
+int
+k5_hex_encode(const void *bytes, size_t len, int uppercase, char **hex_out)
+{
+    size_t i;
+    const uint8_t *p = bytes;
+    char *hex;
+
+    *hex_out = NULL;
+
+    hex = malloc(len * 2 + 1);
+    if (hex == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < len; i++) {
+        hex[i * 2] = hex_digit(p[i] >> 4, uppercase);
+        hex[i * 2 + 1] = hex_digit(p[i] & 0xF, uppercase);
+    }
+    hex[len * 2] = '\0';
+
+    *hex_out = hex;
+    return 0;
+}
+
+/* Decode a hex digit.  Return 0-15 on success, -1 on invalid input. */
+static inline int
+decode_hexchar(unsigned char c)
+{
+    if (isdigit(c))
+        return c - '0';
+    if (c >= 'A' && c <= 'F')
+        return c - 'A' + 10;
+    if (c >= 'a' && c <= 'f')
+        return c - 'a' + 10;
+    return -1;
+}
+
+int
+k5_hex_decode(const char *hex, uint8_t **bytes_out, size_t *len_out)
+{
+    size_t hexlen, i;
+    int h1, h2;
+    uint8_t *bytes;
+
+    *bytes_out = NULL;
+    *len_out = 0;
+
+    hexlen = strlen(hex);
+    if (hexlen % 2 != 0)
+        return EINVAL;
+    bytes = malloc(hexlen / 2 + 1);
+    if (bytes == NULL)
+        return ENOMEM;
+
+    for (i = 0; i < hexlen / 2; i++) {
+        h1 = decode_hexchar(hex[i * 2]);
+        h2 = decode_hexchar(hex[i * 2 + 1]);
+        if (h1 == -1 || h2 == -1) {
+            free(bytes);
+            return EINVAL;
+        }
+        bytes[i] = h1 * 16 + h2;
+    }
+    bytes[i] = 0;
+
+    *bytes_out = bytes;
+    *len_out = hexlen / 2;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/init-addrinfo.c b/krb5-1.21.3/src/util/support/init-addrinfo.c
new file mode 100644
index 00000000..68c3dd6e
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/init-addrinfo.c
@@ -0,0 +1,68 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2004 by the Massachusetts Institute of Technology,
+ * Cambridge, MA, USA.  All Rights Reserved.
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
+ * distribution:
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
+ * preserve same.
+ *
+ * Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ */
+
+/* Stuff that needs initialization for fake-addrinfo.c.
+
+   Separated out, so that static linking against this library doesn't
+   require pulling in socket/nsl/whatever libraries for code not using
+   getaddrinfo.  */
+
+#include "k5-platform.h"
+#include "k5-thread.h"
+#include "port-sockets.h"
+#include "socket-utils.h"
+
+#define IMPLEMENT_FAKE_GETADDRINFO
+#include "fake-addrinfo.h"
+#include "cache-addrinfo.h"
+
+struct fac krb5int_fac = { K5_MUTEX_PARTIAL_INITIALIZER, 0 };
+
+int krb5int_init_fac (void)
+{
+    return k5_mutex_finish_init(&krb5int_fac.lock);
+}
+
+void krb5int_fini_fac (void)
+{
+    k5_mutex_destroy(&krb5int_fac.lock);
+}
diff --git a/krb5-1.21.3/src/util/support/ipc_stream.c b/krb5-1.21.3/src/util/support/ipc_stream.c
new file mode 100644
index 00000000..72d30705
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/ipc_stream.c
@@ -0,0 +1,468 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/ipc_stream.c */
+/*
+ * Copyright 2006, 2007, 2009 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#ifdef _WIN32
+#include <winsock2.h>
+#endif
+#include "k5-ipc_stream.h"
+
+#if !defined(htonll)
+#define htonll(x) k5_htonll(x)
+#endif
+
+#if !defined(ntohll)
+#define ntohll(x) k5_ntohll(x)
+#endif
+
+/* Add debugging later */
+#define k5_check_error(x) (x)
+
+struct k5_ipc_stream_s {
+    char *data;
+    uint64_t size;
+    uint64_t max_size;
+};
+
+static const struct k5_ipc_stream_s k5_ipc_stream_initializer = { NULL, 0, 0 };
+
+#define K5_IPC_STREAM_SIZE_INCREMENT 128
+
+/* ------------------------------------------------------------------------ */
+
+static uint32_t krb5int_ipc_stream_reallocate (k5_ipc_stream io_stream,
+                                               uint64_t      in_new_size)
+{
+    int32_t err = 0;
+    uint64_t new_max_size = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        uint64_t old_max_size = io_stream->max_size;
+        new_max_size = io_stream->max_size;
+
+        if (in_new_size > old_max_size) {
+            /* Expand the stream */
+            while (in_new_size > new_max_size) {
+                new_max_size += K5_IPC_STREAM_SIZE_INCREMENT;
+            }
+
+
+        } else if ((in_new_size + K5_IPC_STREAM_SIZE_INCREMENT) < old_max_size) {
+            /* Shrink the array, but never drop below K5_IPC_STREAM_SIZE_INCREMENT */
+            while ((in_new_size + K5_IPC_STREAM_SIZE_INCREMENT) < new_max_size &&
+                   (new_max_size > K5_IPC_STREAM_SIZE_INCREMENT)) {
+                new_max_size -= K5_IPC_STREAM_SIZE_INCREMENT;
+            }
+        }
+    }
+
+    if (!err && new_max_size != io_stream->max_size) {
+        char *data = io_stream->data;
+
+        if (!data) {
+            data = malloc (new_max_size * sizeof (*data));
+        } else {
+            data = realloc (data, new_max_size * sizeof (*data));
+        }
+
+        if (data) {
+            io_stream->data = data;
+            io_stream->max_size = new_max_size;
+        } else {
+            err = k5_check_error (ENOMEM);
+        }
+    }
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+int32_t krb5int_ipc_stream_new (k5_ipc_stream *out_stream)
+{
+    int32_t err = 0;
+    k5_ipc_stream stream = NULL;
+
+    if (!out_stream) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        stream = malloc (sizeof (*stream));
+        if (stream) {
+            *stream = k5_ipc_stream_initializer;
+        } else {
+            err = k5_check_error (ENOMEM);
+        }
+    }
+
+    if (!err) {
+        *out_stream = stream;
+        stream = NULL;
+    }
+
+    krb5int_ipc_stream_release (stream);
+
+    return k5_check_error (err);
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_release (k5_ipc_stream io_stream)
+{
+    int32_t err = 0;
+
+    if (!err && io_stream) {
+        free (io_stream->data);
+        free (io_stream);
+    }
+
+    return err;
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream)
+{
+    return in_stream ? in_stream->size : 0;
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream)
+{
+    return in_stream ? in_stream->data : NULL;
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read (k5_ipc_stream  io_stream,
+                                  void         *io_data,
+                                  uint64_t     in_size)
+{
+    int32_t err = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!io_data  ) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        if (in_size > io_stream->size) {
+            err = k5_check_error (EINVAL);
+        }
+    }
+
+    if (!err) {
+        memcpy (io_data, io_stream->data, in_size);
+        memmove (io_stream->data, &io_stream->data[in_size],
+                 io_stream->size - in_size);
+
+        err = krb5int_ipc_stream_reallocate (io_stream, io_stream->size - in_size);
+
+        if (!err) {
+            io_stream->size -= in_size;
+        }
+    }
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write (k5_ipc_stream  io_stream,
+                                   const void   *in_data,
+                                   uint64_t     in_size)
+{
+    int32_t err = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!in_data  ) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        /* Security check: Do not let the caller overflow the length */
+        if (in_size > (UINT64_MAX - io_stream->size)) {
+            err = k5_check_error (EINVAL);
+        }
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_reallocate (io_stream, io_stream->size + in_size);
+    }
+
+    if (!err) {
+        memcpy (&io_stream->data[io_stream->size], in_data, in_size);
+        io_stream->size += in_size;
+    }
+
+    return k5_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+void krb5int_ipc_stream_free_string (char *in_string)
+{
+    free (in_string);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream,
+                                         char         **out_string)
+{
+    int32_t err = 0;
+    uint32_t length = 0;
+    char *string = NULL;
+
+    if (!io_stream ) { err = k5_check_error (EINVAL); }
+    if (!out_string) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read_uint32 (io_stream, &length);
+    }
+
+    if (!err) {
+        string = malloc (length);
+        if (!string) { err = k5_check_error (ENOMEM); }
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read (io_stream, string, length);
+    }
+
+    if (!err) {
+        *out_string = string;
+        string = NULL;
+    }
+
+    free (string);
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
+                                          const char    *in_string)
+{
+    int32_t err = 0;
+    uint32_t length = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!in_string) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        length = strlen (in_string) + 1;
+
+        err = krb5int_ipc_stream_write_uint32 (io_stream, length);
+    }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write (io_stream, in_string, length);
+    }
+
+    return k5_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream,
+                                        int32_t       *out_int32)
+{
+    int32_t err = 0;
+    int32_t int32 = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!out_int32) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read (io_stream, &int32, sizeof (int32));
+    }
+
+    if (!err) {
+        *out_int32 = ntohl (int32);
+    }
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
+                                         int32_t       in_int32)
+{
+    int32_t err = 0;
+    int32_t int32 = htonl (in_int32);
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write (io_stream, &int32, sizeof (int32));
+    }
+
+    return k5_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream,
+                                         uint32_t      *out_uint32)
+{
+    int32_t err = 0;
+    uint32_t uint32 = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!out_uint32) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read (io_stream, &uint32, sizeof (uint32));
+    }
+
+    if (!err) {
+        *out_uint32 = ntohl (uint32);
+    }
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
+                                          uint32_t      in_uint32)
+{
+    int32_t err = 0;
+    int32_t uint32 = htonl (in_uint32);
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write (io_stream, &uint32, sizeof (uint32));
+    }
+
+    return k5_check_error (err);
+}
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream,
+                                        int64_t       *out_int64)
+{
+    int32_t err = 0;
+    uint64_t int64 = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!out_int64) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read (io_stream, &int64, sizeof (int64));
+    }
+
+    if (!err) {
+        *out_int64 = ntohll (int64);
+    }
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
+                                         int64_t     in_int64)
+{
+    int32_t err = 0;
+    int64_t int64 = htonll (in_int64);
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write (io_stream, &int64, sizeof (int64));
+    }
+
+    return k5_check_error (err);
+}
+
+
+#ifdef TARGET_OS_MAC
+#pragma mark -
+#endif
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream,
+                                         uint64_t     *out_uint64)
+{
+    int32_t err = 0;
+    uint64_t uint64 = 0;
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+    if (!out_uint64) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_read (io_stream, &uint64, sizeof (uint64));
+    }
+
+    if (!err) {
+        *out_uint64 = ntohll (uint64);
+    }
+
+    return k5_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream,
+                                          uint64_t      in_uint64)
+{
+    int32_t err = 0;
+    int64_t uint64 = htonll (in_uint64);
+
+    if (!io_stream) { err = k5_check_error (EINVAL); }
+
+    if (!err) {
+        err = krb5int_ipc_stream_write (io_stream, &uint64, sizeof (uint64));
+    }
+
+    return k5_check_error (err);
+}
diff --git a/krb5-1.21.3/src/util/support/json.c b/krb5-1.21.3/src/util/support/json.c
new file mode 100644
index 00000000..ac2e5be0
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/json.c
@@ -0,0 +1,1090 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/json.c - JSON parser and unparser */
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements a minimal dynamic type system for JSON values and a
+ * JSON encoder and decoder.  It is loosely based on the heimbase code from
+ * Heimdal.
+ */
+
+#include <k5-platform.h>
+#include <k5-base64.h>
+#include <k5-json.h>
+#include <k5-buf.h>
+
+#define MAX_DECODE_DEPTH 64
+#define MIN_ALLOC_SLOT   16
+
+typedef void (*type_dealloc_fn)(void *val);
+
+typedef struct json_type_st {
+    k5_json_tid tid;
+    const char *name;
+    type_dealloc_fn dealloc;
+} *json_type;
+
+struct value_base {
+    json_type isa;
+    unsigned int ref_cnt;
+};
+
+#define PTR2BASE(ptr) (((struct value_base *)ptr) - 1)
+#define BASE2PTR(ptr) ((void *)(((struct value_base *)ptr) + 1))
+
+k5_json_value
+k5_json_retain(k5_json_value val)
+{
+    struct value_base *p;
+
+    if (val == NULL)
+        return val;
+    p = PTR2BASE(val);
+    assert(p->ref_cnt != 0);
+    p->ref_cnt++;
+    return val;
+}
+
+void
+k5_json_release(k5_json_value val)
+{
+    struct value_base *p;
+
+    if (val == NULL)
+        return;
+    p = PTR2BASE(val);
+    assert(p->ref_cnt != 0);
+    p->ref_cnt--;
+    if (p->ref_cnt == 0) {
+        if (p->isa->dealloc != NULL)
+            p->isa->dealloc(val);
+        free(p);
+    }
+}
+
+/* Get the type description of a k5_json_value. */
+static json_type
+get_isa(k5_json_value val)
+{
+    struct value_base *p = PTR2BASE(val);
+
+    return p->isa;
+}
+
+k5_json_tid
+k5_json_get_tid(k5_json_value val)
+{
+    json_type isa = get_isa(val);
+
+    return isa->tid;
+}
+
+static k5_json_value
+alloc_value(json_type type, size_t size)
+{
+    struct value_base *p = calloc(1, size + sizeof(*p));
+
+    if (p == NULL)
+        return NULL;
+    p->isa = type;
+    p->ref_cnt = 1;
+
+    return BASE2PTR(p);
+}
+
+/*** Null type ***/
+
+static struct json_type_st null_type = { K5_JSON_TID_NULL, "null", NULL };
+
+int
+k5_json_null_create(k5_json_null *val_out)
+{
+    *val_out = alloc_value(&null_type, 0);
+    return (*val_out == NULL) ? ENOMEM : 0;
+}
+
+int
+k5_json_null_create_val(k5_json_value *val_out)
+{
+    *val_out = alloc_value(&null_type, 0);
+    return (*val_out == NULL) ? ENOMEM : 0;
+}
+
+/*** Boolean type ***/
+
+static struct json_type_st bool_type = { K5_JSON_TID_BOOL, "bool", NULL };
+
+int
+k5_json_bool_create(int truth, k5_json_bool *val_out)
+{
+    k5_json_bool b;
+
+    *val_out = NULL;
+    b = alloc_value(&bool_type, 1);
+    if (b == NULL)
+        return ENOMEM;
+    *(unsigned char *)b = !!truth;
+    *val_out = b;
+    return 0;
+}
+
+int
+k5_json_bool_value(k5_json_bool bval)
+{
+    return *(unsigned char *)bval;
+}
+
+/*** Array type ***/
+
+struct k5_json_array_st {
+    k5_json_value *values;
+    size_t len;
+    size_t allocated;
+};
+
+static void
+array_dealloc(void *ptr)
+{
+    k5_json_array array = ptr;
+    size_t i;
+
+    for (i = 0; i < array->len; i++)
+        k5_json_release(array->values[i]);
+    free(array->values);
+}
+
+static struct json_type_st array_type = {
+    K5_JSON_TID_ARRAY, "array", array_dealloc
+};
+
+int
+k5_json_array_create(k5_json_array *val_out)
+{
+    *val_out = alloc_value(&array_type, sizeof(struct k5_json_array_st));
+    return (*val_out == NULL) ? ENOMEM : 0;
+}
+
+int
+k5_json_array_add(k5_json_array array, k5_json_value val)
+{
+    k5_json_value *ptr;
+    size_t new_alloc;
+
+    if (array->len >= array->allocated) {
+        /* Increase the number of slots by 50% (MIN_ALLOC_SLOT minimum). */
+        new_alloc = array->len + 1 + (array->len >> 1);
+        if (new_alloc < MIN_ALLOC_SLOT)
+            new_alloc = MIN_ALLOC_SLOT;
+        ptr = realloc(array->values, new_alloc * sizeof(*array->values));
+        if (ptr == NULL)
+            return ENOMEM;
+        array->values = ptr;
+        array->allocated = new_alloc;
+    }
+    array->values[array->len++] = k5_json_retain(val);
+    return 0;
+}
+
+size_t
+k5_json_array_length(k5_json_array array)
+{
+    return array->len;
+}
+
+k5_json_value
+k5_json_array_get(k5_json_array array, size_t idx)
+{
+    if (idx >= array->len)
+        abort();
+    return array->values[idx];
+}
+
+void
+k5_json_array_set(k5_json_array array, size_t idx, k5_json_value val)
+{
+    if (idx >= array->len)
+        abort();
+    k5_json_release(array->values[idx]);
+    array->values[idx] = k5_json_retain(val);
+}
+
+int
+k5_json_array_fmt(k5_json_array *array_out, const char *template, ...)
+{
+    const char *p;
+    va_list ap;
+    const char *cstring;
+    unsigned char *data;
+    size_t len;
+    long long nval;
+    k5_json_array array;
+    k5_json_value val;
+    k5_json_number num;
+    k5_json_string str;
+    k5_json_bool b;
+    k5_json_null null;
+    int truth, ret;
+
+    *array_out = NULL;
+    if (k5_json_array_create(&array))
+        return ENOMEM;
+    va_start(ap, template);
+    for (p = template; *p != '\0'; p++) {
+        switch (*p) {
+        case 'v':
+            val = k5_json_retain(va_arg(ap, k5_json_value));
+            break;
+        case 'n':
+            if (k5_json_null_create(&null))
+                goto err;
+            val = null;
+            break;
+        case 'b':
+            truth = va_arg(ap, int);
+            if (k5_json_bool_create(truth, &b))
+                goto err;
+            val = b;
+            break;
+        case 'i':
+            nval = va_arg(ap, int);
+            if (k5_json_number_create(nval, &num))
+                goto err;
+            val = num;
+            break;
+        case 'L':
+            nval = va_arg(ap, long long);
+            if (k5_json_number_create(nval, &num))
+                goto err;
+            val = num;
+            break;
+        case 's':
+            cstring = va_arg(ap, const char *);
+            if (cstring == NULL) {
+                if (k5_json_null_create(&null))
+                    goto err;
+                val = null;
+            } else {
+                if (k5_json_string_create(cstring, &str))
+                    goto err;
+                val = str;
+            }
+            break;
+        case 'B':
+            data = va_arg(ap, unsigned char *);
+            len = va_arg(ap, size_t);
+            if (k5_json_string_create_base64(data, len, &str))
+                goto err;
+            val = str;
+            break;
+        default:
+            goto err;
+        }
+        ret = k5_json_array_add(array, val);
+        k5_json_release(val);
+        if (ret)
+            goto err;
+    }
+    va_end(ap);
+    *array_out = array;
+    return 0;
+
+err:
+    va_end(ap);
+    k5_json_release(array);
+    return ENOMEM;
+}
+
+/*** Object type (string:value mapping) ***/
+
+struct entry {
+    char *key;
+    k5_json_value value;
+};
+
+struct k5_json_object_st {
+    struct entry *entries;
+    size_t len;
+    size_t allocated;
+};
+
+static void
+object_dealloc(void *ptr)
+{
+    k5_json_object obj = ptr;
+    size_t i;
+
+    for (i = 0; i < obj->len; i++) {
+        free(obj->entries[i].key);
+        k5_json_release(obj->entries[i].value);
+    }
+    free(obj->entries);
+}
+
+static struct json_type_st object_type = {
+    K5_JSON_TID_OBJECT, "object", object_dealloc
+};
+
+int
+k5_json_object_create(k5_json_object *val_out)
+{
+    *val_out = alloc_value(&object_type, sizeof(struct k5_json_object_st));
+    return (*val_out == NULL) ? ENOMEM : 0;
+}
+
+size_t
+k5_json_object_count(k5_json_object obj)
+{
+    return obj->len;
+}
+
+/* Return the entry for key within obj, or NULL if none exists. */
+static struct entry *
+object_search(k5_json_object obj, const char *key)
+{
+    size_t i;
+
+    for (i = 0; i < obj->len; i++) {
+        if (strcmp(key, obj->entries[i].key) == 0)
+            return &obj->entries[i];
+    }
+    return NULL;
+}
+
+k5_json_value
+k5_json_object_get(k5_json_object obj, const char *key)
+{
+    struct entry *ent;
+
+    ent = object_search(obj, key);
+    if (ent == NULL)
+        return NULL;
+    return ent->value;
+}
+
+int
+k5_json_object_set(k5_json_object obj, const char *key, k5_json_value val)
+{
+    struct entry *ent, *ptr;
+    size_t new_alloc, i;
+
+    ent = object_search(obj, key);
+    if (ent != NULL) {
+        k5_json_release(ent->value);
+        if (val == NULL) {
+            /* Remove this key. */
+            free(ent->key);
+            for (i = ent - obj->entries; i < obj->len - 1; i++)
+                obj->entries[i] = obj->entries[i + 1];
+            obj->len--;
+        } else {
+            /* Overwrite this key's value with the new one. */
+            ent->value = k5_json_retain(val);
+        }
+        return 0;
+    }
+
+    /* If didn't find a key the caller asked to remove, do nothing. */
+    if (val == NULL)
+        return 0;
+
+    if (obj->len >= obj->allocated) {
+        /* Increase the number of slots by 50% (MIN_ALLOC_SLOT minimum). */
+        new_alloc = obj->len + 1 + (obj->len >> 1);
+        if (new_alloc < MIN_ALLOC_SLOT)
+            new_alloc = MIN_ALLOC_SLOT;
+        ptr = realloc(obj->entries, new_alloc * sizeof(*obj->entries));
+        if (ptr == NULL)
+            return ENOMEM;
+        obj->entries = ptr;
+        obj->allocated = new_alloc;
+    }
+    obj->entries[obj->len].key = strdup(key);
+    if (obj->entries[obj->len].key == NULL)
+        return ENOMEM;
+    obj->entries[obj->len].value = k5_json_retain(val);
+    obj->len++;
+    return 0;
+}
+
+void
+k5_json_object_iterate(k5_json_object obj, k5_json_object_iterator_fn func,
+                       void *arg)
+{
+    size_t i;
+
+    for (i = 0; i < obj->len; i++)
+        func(arg, obj->entries[i].key, obj->entries[i].value);
+}
+
+/*** String type ***/
+
+static struct json_type_st string_type = {
+    K5_JSON_TID_STRING, "string", NULL
+};
+
+int
+k5_json_string_create(const char *cstring, k5_json_string *val_out)
+{
+    return k5_json_string_create_len(cstring, strlen(cstring), val_out);
+}
+
+int
+k5_json_string_create_len(const void *data, size_t len,
+                          k5_json_string *val_out)
+{
+    char *s;
+
+    *val_out = NULL;
+    s = alloc_value(&string_type, len + 1);
+    if (s == NULL)
+        return ENOMEM;
+    if (len > 0)
+        memcpy(s, data, len);
+    s[len] = '\0';
+    *val_out = (k5_json_string)s;
+    return 0;
+}
+
+int
+k5_json_string_create_base64(const void *data, size_t len,
+                             k5_json_string *val_out)
+{
+    char *base64;
+    int ret;
+
+    *val_out = NULL;
+    base64 = k5_base64_encode(data, len);
+    if (base64 == NULL)
+        return ENOMEM;
+    ret = k5_json_string_create(base64, val_out);
+    free(base64);
+    return ret;
+}
+
+const char *
+k5_json_string_utf8(k5_json_string string)
+{
+    return (const char *)string;
+}
+
+int
+k5_json_string_unbase64(k5_json_string string, unsigned char **data_out,
+                        size_t *len_out)
+{
+    unsigned char *data;
+    size_t len;
+
+    *data_out = NULL;
+    *len_out = 0;
+    data = k5_base64_decode((const char *)string, &len);
+    if (data == NULL)
+        return (len == 0) ? ENOMEM : EINVAL;
+    *data_out = data;
+    *len_out = len;
+    return 0;
+}
+
+/*** Number type ***/
+
+static struct json_type_st number_type = {
+    K5_JSON_TID_NUMBER, "number", NULL
+};
+
+int
+k5_json_number_create(long long number, k5_json_number *val_out)
+{
+    k5_json_number n;
+
+    *val_out = NULL;
+    n = alloc_value(&number_type, sizeof(long long));
+    if (n == NULL)
+        return ENOMEM;
+    *((long long *)n) = number;
+    *val_out = n;
+    return 0;
+}
+
+long long
+k5_json_number_value(k5_json_number number)
+{
+    return *(long long *)number;
+}
+
+/*** JSON encoding ***/
+
+static const char quotemap_json[] = "\"\\/bfnrt";
+static const char quotemap_c[] = "\"\\/\b\f\n\r\t";
+static const char needs_quote[] = "\\\"\1\2\3\4\5\6\7\10\11\12\13\14\15\16\17"
+    "\20\21\22\23\24\25\26\27\30\31\32\33\34\35\36\37";
+
+static int encode_value(struct k5buf *buf, k5_json_value val);
+
+static void
+encode_string(struct k5buf *buf, const char *str)
+{
+    size_t n;
+    const char *p;
+
+    k5_buf_add(buf, "\"");
+    while (*str != '\0') {
+        n = strcspn(str, needs_quote);
+        k5_buf_add_len(buf, str, n);
+        str += n;
+        if (*str == '\0')
+            break;
+        k5_buf_add(buf, "\\");
+        p = strchr(quotemap_c, *str);
+        if (p != NULL)
+            k5_buf_add_len(buf, quotemap_json + (p - quotemap_c), 1);
+        else
+            k5_buf_add_fmt(buf, "u00%02X", (unsigned int)*str);
+        str++;
+    }
+    k5_buf_add(buf, "\"");
+}
+
+struct obj_ctx {
+    struct k5buf *buf;
+    int ret;
+    int first;
+};
+
+static void
+encode_obj_entry(void *ctx, const char *key, k5_json_value value)
+{
+    struct obj_ctx *j = ctx;
+
+    if (j->ret)
+        return;
+    if (j->first)
+        j->first = 0;
+    else
+        k5_buf_add(j->buf, ",");
+    encode_string(j->buf, key);
+    k5_buf_add(j->buf, ":");
+    j->ret = encode_value(j->buf, value);
+}
+
+static int
+encode_value(struct k5buf *buf, k5_json_value val)
+{
+    k5_json_tid type;
+    int ret;
+    size_t i, len;
+    struct obj_ctx ctx;
+
+    if (val == NULL)
+        return EINVAL;
+
+    type = k5_json_get_tid(val);
+    switch (type) {
+    case K5_JSON_TID_ARRAY:
+        k5_buf_add(buf, "[");
+        len = k5_json_array_length(val);
+        for (i = 0; i < len; i++) {
+            if (i != 0)
+                k5_buf_add(buf, ",");
+            ret = encode_value(buf, k5_json_array_get(val, i));
+            if (ret)
+                return ret;
+        }
+        k5_buf_add(buf, "]");
+        return 0;
+
+    case K5_JSON_TID_OBJECT:
+        k5_buf_add(buf, "{");
+        ctx.buf = buf;
+        ctx.ret = 0;
+        ctx.first = 1;
+        k5_json_object_iterate(val, encode_obj_entry, &ctx);
+        k5_buf_add(buf, "}");
+        return ctx.ret;
+
+    case K5_JSON_TID_STRING:
+        encode_string(buf, k5_json_string_utf8(val));
+        return 0;
+
+    case K5_JSON_TID_NUMBER:
+        k5_buf_add_fmt(buf, "%lld", k5_json_number_value(val));
+        return 0;
+
+    case K5_JSON_TID_NULL:
+        k5_buf_add(buf, "null");
+        return 0;
+
+    case K5_JSON_TID_BOOL:
+        k5_buf_add(buf, k5_json_bool_value(val) ? "true" : "false");
+        return 0;
+
+    default:
+        return EINVAL;
+    }
+}
+
+int
+k5_json_encode(k5_json_value val, char **json_out)
+{
+    struct k5buf buf;
+    int ret;
+
+    *json_out = NULL;
+    k5_buf_init_dynamic(&buf);
+    ret = encode_value(&buf, val);
+    if (ret) {
+        k5_buf_free(&buf);
+        return ret;
+    }
+    *json_out = k5_buf_cstring(&buf);
+    return (*json_out == NULL) ? ENOMEM : 0;
+}
+
+/*** JSON decoding ***/
+
+struct decode_ctx {
+    const unsigned char *p;
+    size_t depth;
+};
+
+static int parse_value(struct decode_ctx *ctx, k5_json_value *val_out);
+
+/* Consume whitespace.  Return 0 if there is anything left to parse after the
+ * whitespace, -1 if not. */
+static int
+white_spaces(struct decode_ctx *ctx)
+{
+    unsigned char c;
+
+    for (; *ctx->p != '\0'; ctx->p++) {
+        c = *ctx->p;
+        if (c != ' ' && c != '\t' && c != '\r' && c != '\n')
+            return 0;
+    }
+    return -1;
+}
+
+/* Return true if c is a decimal digit. */
+static inline int
+is_digit(unsigned char c)
+{
+    return ('0' <= c && c <= '9');
+}
+
+/* Return true if c is a hexadecimal digit (per RFC 5234 HEXDIG). */
+static inline int
+is_hex_digit(unsigned char c)
+{
+    return is_digit(c) || ('A' <= c && c <= 'F');
+}
+
+/* Return the numeric value of a hex digit; aborts if c is not a hex digit. */
+static inline unsigned int
+hexval(unsigned char c)
+{
+    if (is_digit(c))
+        return c - '0';
+    else if ('A' <= c && c <= 'F')
+        return c - 'A' + 10;
+    abort();
+}
+
+/* Parse a JSON number (which must be an integer in the signed 64-bit range; we
+ * do not allow floating-point numbers). */
+static int
+parse_number(struct decode_ctx *ctx, k5_json_number *val_out)
+{
+    const unsigned long long umax = ~0ULL, smax = (1ULL << 63) - 1;
+    unsigned long long number = 0;
+    int neg = 1;
+
+    *val_out = NULL;
+
+    if (*ctx->p == '-') {
+        neg = -1;
+        ctx->p++;
+    }
+
+    if (!is_digit(*ctx->p))
+        return EINVAL;
+
+    /* Read the number into an unsigned 64-bit container, ensuring that we
+     * don't overflow it. */
+    while (is_digit(*ctx->p)) {
+        if (number + 1 > umax / 10)
+            return EOVERFLOW;
+        number = (number * 10) + (*ctx->p - '0');
+        ctx->p++;
+    }
+
+    /* Make sure the unsigned 64-bit value fits in the signed 64-bit range. */
+    if (number > smax + 1 || (number > smax && neg == 1))
+        return EOVERFLOW;
+
+    return k5_json_number_create(number * neg, val_out);
+}
+
+/* Parse a JSON string (which must not quote Unicode code points above 256). */
+static int
+parse_string(struct decode_ctx *ctx, char **str_out)
+{
+    const unsigned char *p, *start, *end = NULL;
+    const char *q;
+    char *buf, *pos;
+    unsigned int code;
+
+    *str_out = NULL;
+
+    /* Find the start and end of the string. */
+    if (*ctx->p != '"')
+        return EINVAL;
+    start = ++ctx->p;
+    for (; *ctx->p != '\0'; ctx->p++) {
+        if (*ctx->p == '\\') {
+            ctx->p++;
+            if (*ctx->p == '\0')
+                return EINVAL;
+        } else if (*ctx->p == '"') {
+            end = ctx->p++;
+            break;
+        }
+    }
+    if (end == NULL)
+        return EINVAL;
+
+    pos = buf = malloc(end - start + 1);
+    if (buf == NULL)
+        return ENOMEM;
+    for (p = start; p < end;) {
+        if (*p == '\\') {
+            p++;
+            if (*p == 'u' && is_hex_digit(p[1]) && is_hex_digit(p[2]) &&
+                is_hex_digit(p[3]) && is_hex_digit(p[4])) {
+                code = (hexval(p[1]) << 12) | (hexval(p[2]) << 8) |
+                    (hexval(p[3]) << 4) | hexval(p[4]);
+                if (code <= 0xff) {
+                    *pos++ = code;
+                } else {
+                    /* Code points above 0xff don't need to be quoted, so we
+                     * don't implement translating those into UTF-8. */
+                    free(buf);
+                    return EINVAL;
+                }
+                p += 5;
+            } else {
+                q = strchr(quotemap_json, *p);
+                if (q != NULL) {
+                    *pos++ = quotemap_c[q - quotemap_json];
+                } else {
+                    free(buf);
+                    return EINVAL;
+                }
+                p++;
+            }
+        } else {
+            *pos++ = *p++;
+        }
+    }
+    *pos = '\0';
+    *str_out = buf;
+    return 0;
+}
+
+/* Parse an object association and place it into obj. */
+static int
+parse_object_association(k5_json_object obj, struct decode_ctx *ctx)
+{
+    char *key = NULL;
+    k5_json_value val;
+    int ret;
+
+    /* Parse the key and value. */
+    ret = parse_string(ctx, &key);
+    if (ret)
+        return ret;
+    if (white_spaces(ctx))
+        goto invalid;
+    if (*ctx->p != ':')
+        goto invalid;
+    ctx->p++;
+    if (white_spaces(ctx))
+        goto invalid;
+    ret = parse_value(ctx, &val);
+    if (ret) {
+        free(key);
+        return ret;
+    }
+
+    /* Add the key and value to obj. */
+    ret = k5_json_object_set(obj, key, val);
+    free(key);
+    k5_json_release(val);
+    return ret;
+
+invalid:
+    free(key);
+    return EINVAL;
+}
+
+/* Parse a JSON object. */
+static int
+parse_object(struct decode_ctx *ctx, k5_json_object *val_out)
+{
+    k5_json_object obj = NULL;
+    int ret;
+
+    *val_out = NULL;
+
+    /* Parse past the opening brace. */
+    if (*ctx->p != '{')
+        return EINVAL;
+    ctx->p++;
+    if (white_spaces(ctx))
+        return EINVAL;
+
+    ret = k5_json_object_create(&obj);
+    if (ret)
+        return ret;
+
+    /* Pairs associations until we reach the terminating brace. */
+    if (*ctx->p != '}') {
+        while (1) {
+            ret = parse_object_association(obj, ctx);
+            if (ret) {
+                k5_json_release(obj);
+                return ret;
+            }
+            if (white_spaces(ctx))
+                goto invalid;
+            if (*ctx->p == '}')
+                break;
+            if (*ctx->p != ',')
+                goto invalid;
+            ctx->p++;
+            if (white_spaces(ctx))
+                goto invalid;
+        }
+    }
+    ctx->p++;
+    *val_out = obj;
+    return 0;
+
+invalid:
+    k5_json_release(obj);
+    return EINVAL;
+}
+
+/* Parse an value and place it into array. */
+static int
+parse_array_item(k5_json_array array, struct decode_ctx *ctx)
+{
+    k5_json_value val;
+    int ret;
+
+    ret = parse_value(ctx, &val);
+    if (ret)
+        return ret;
+    ret = k5_json_array_add(array, val);
+    k5_json_release(val);
+    return ret;
+}
+
+/* Parse a JSON array. */
+static int
+parse_array(struct decode_ctx *ctx, k5_json_array *val_out)
+{
+    k5_json_array array = NULL;
+    int ret;
+
+    *val_out = NULL;
+
+    /* Parse past the opening bracket. */
+    if (*ctx->p != '[')
+        return EINVAL;
+    ctx->p++;
+    if (white_spaces(ctx))
+        return EINVAL;
+
+    ret = k5_json_array_create(&array);
+    if (ret)
+        return ret;
+
+    /* Pairs values until we reach the terminating bracket. */
+    if (*ctx->p != ']') {
+        while (1) {
+            ret = parse_array_item(array, ctx);
+            if (ret) {
+                k5_json_release(array);
+                return ret;
+            }
+            if (white_spaces(ctx))
+                goto invalid;
+            if (*ctx->p == ']')
+                break;
+            if (*ctx->p != ',')
+                goto invalid;
+            ctx->p++;
+            if (white_spaces(ctx))
+                goto invalid;
+        }
+    }
+    ctx->p++;
+    *val_out = array;
+    return 0;
+
+invalid:
+    k5_json_release(array);
+    return EINVAL;
+}
+
+/* Parse a JSON value of any type. */
+static int
+parse_value(struct decode_ctx *ctx, k5_json_value *val_out)
+{
+    k5_json_null null;
+    k5_json_bool bval;
+    k5_json_number num;
+    k5_json_string str;
+    k5_json_object obj;
+    k5_json_array array;
+    char *cstring;
+    int ret;
+
+    *val_out = NULL;
+
+    if (white_spaces(ctx))
+        return EINVAL;
+
+    if (*ctx->p == '"') {
+        ret = parse_string(ctx, &cstring);
+        if (ret)
+            return ret;
+        ret = k5_json_string_create(cstring, &str);
+        free(cstring);
+        if (ret)
+            return ret;
+        *val_out = str;
+    } else if (*ctx->p == '{') {
+        if (ctx->depth-- == 1)
+            return EINVAL;
+        ret = parse_object(ctx, &obj);
+        if (ret)
+            return ret;
+        ctx->depth++;
+        *val_out = obj;
+    } else if (*ctx->p == '[') {
+        if (ctx->depth-- == 1)
+            return EINVAL;
+        ret = parse_array(ctx, &array);
+        ctx->depth++;
+        *val_out = array;
+    } else if (is_digit(*ctx->p) || *ctx->p == '-') {
+        ret = parse_number(ctx, &num);
+        if (ret)
+            return ret;
+        *val_out = num;
+    } else if (strncmp((char *)ctx->p, "null", 4) == 0) {
+        ctx->p += 4;
+        ret = k5_json_null_create(&null);
+        if (ret)
+            return ret;
+        *val_out = null;
+    } else if (strncmp((char *)ctx->p, "true", 4) == 0) {
+        ctx->p += 4;
+        ret = k5_json_bool_create(1, &bval);
+        if (ret)
+            return ret;
+        *val_out = bval;
+    } else if (strncmp((char *)ctx->p, "false", 5) == 0) {
+        ctx->p += 5;
+        ret = k5_json_bool_create(0, &bval);
+        if (ret)
+            return ret;
+        *val_out = bval;
+    } else {
+        return EINVAL;
+    }
+
+    return 0;
+}
+
+int
+k5_json_decode(const char *string, k5_json_value *val_out)
+{
+    struct decode_ctx ctx;
+    k5_json_value val;
+    int ret;
+
+    *val_out = NULL;
+    ctx.p = (unsigned char *)string;
+    ctx.depth = MAX_DECODE_DEPTH;
+    ret = parse_value(&ctx, &val);
+    if (ret)
+        return ret;
+    if (white_spaces(&ctx) == 0) {
+        k5_json_release(val);
+        return EINVAL;
+    }
+    *val_out = val;
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/k5buf.c b/krb5-1.21.3/src/util/support/k5buf.c
new file mode 100644
index 00000000..a17d2310
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/k5buf.c
@@ -0,0 +1,275 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/k5buf.c - string buffer functions */
+
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Can't include krb5.h here, or k5-int.h which includes it, because krb5.h
+ * needs to be generated with error tables, after util/et, which builds after
+ * this directory.
+ */
+#include "k5-platform.h"
+#include "k5-buf.h"
+#include <assert.h>
+
+/*
+ * Structure invariants:
+ *
+ * buftype is K5BUF_FIXED, K5BUF_DYNAMIC, K5BUF_DYNAMIC_ZAP, or K5BUF_ERROR
+ * if buftype is K5BUF_ERROR, the other fields are NULL or 0
+ * if buftype is not K5BUF_ERROR:
+ *   space > 0
+ *   len < space
+ *   data[len] = '\0'
+ */
+
+/* Return a character pointer to the current end of buf. */
+static inline char *
+endptr(struct k5buf *buf)
+{
+    return (char *)buf->data + buf->len;
+}
+
+static inline void
+set_error(struct k5buf *buf)
+{
+    buf->buftype = K5BUF_ERROR;
+    buf->data = NULL;
+    buf->space = buf->len = 0;
+}
+
+/*
+ * Make sure there is room for LEN more characters in BUF, in addition to the
+ * null terminator and what's already in there.  Return true on success.  On
+ * failure, set the error flag and return false.
+ */
+static int
+ensure_space(struct k5buf *buf, size_t len)
+{
+    size_t new_space;
+    char *new_data;
+
+    if (buf->buftype == K5BUF_ERROR)
+        return 0;
+    if (buf->space - buf->len >= len) /* Enough room already. */
+        return 1;
+    if (buf->buftype == K5BUF_FIXED) /* Can't resize a fixed buffer. */
+        goto error_exit;
+    assert(buf->buftype == K5BUF_DYNAMIC || buf->buftype == K5BUF_DYNAMIC_ZAP);
+    new_space = buf->space * 2;
+    while (new_space - buf->len < len) {
+        if (new_space > SIZE_MAX / 2)
+            goto error_exit;
+        new_space *= 2;
+    }
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP) {
+        /* realloc() could leave behind a partial copy of sensitive data. */
+        new_data = malloc(new_space);
+        if (new_data == NULL)
+            goto error_exit;
+        memcpy(new_data, buf->data, buf->len);
+        zap(buf->data, buf->len);
+        free(buf->data);
+    } else {
+        new_data = realloc(buf->data, new_space);
+        if (new_data == NULL)
+            goto error_exit;
+    }
+    buf->data = new_data;
+    buf->space = new_space;
+    return 1;
+
+error_exit:
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP)
+        zap(buf->data, buf->len);
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP || buf->buftype == K5BUF_DYNAMIC)
+        free(buf->data);
+    set_error(buf);
+    return 0;
+}
+
+void
+k5_buf_init_fixed(struct k5buf *buf, void *data, size_t space)
+{
+    assert(space > 0);
+    buf->buftype = K5BUF_FIXED;
+    buf->data = data;
+    buf->space = space;
+    buf->len = 0;
+}
+
+void
+k5_buf_init_dynamic(struct k5buf *buf)
+{
+    buf->buftype = K5BUF_DYNAMIC;
+    buf->space = 128;
+    buf->data = malloc(buf->space);
+    if (buf->data == NULL) {
+        set_error(buf);
+        return;
+    }
+    buf->len = 0;
+}
+
+void
+k5_buf_init_dynamic_zap(struct k5buf *buf)
+{
+    k5_buf_init_dynamic(buf);
+    if (buf->buftype == K5BUF_DYNAMIC)
+        buf->buftype = K5BUF_DYNAMIC_ZAP;
+}
+
+void
+k5_buf_add(struct k5buf *buf, const char *data)
+{
+    k5_buf_add_len(buf, data, strlen(data));
+}
+
+void
+k5_buf_add_len(struct k5buf *buf, const void *data, size_t len)
+{
+    if (!ensure_space(buf, len))
+        return;
+    if (len > 0)
+        memcpy(endptr(buf), data, len);
+    buf->len += len;
+}
+
+void
+k5_buf_add_vfmt(struct k5buf *buf, const char *fmt, va_list ap)
+{
+    va_list apcopy;
+    int r;
+    size_t remaining;
+    char *tmp;
+
+    if (buf->buftype == K5BUF_ERROR)
+        return;
+    remaining = buf->space - buf->len;
+
+    if (buf->buftype == K5BUF_FIXED) {
+        /* Format the data directly into the fixed buffer. */
+        r = vsnprintf(endptr(buf), remaining, fmt, ap);
+        if (SNPRINTF_OVERFLOW(r, remaining))
+            set_error(buf);
+        else
+            buf->len += (unsigned int) r;
+        return;
+    }
+
+    /* Optimistically format the data directly into the dynamic buffer. */
+    assert(buf->buftype == K5BUF_DYNAMIC || buf->buftype == K5BUF_DYNAMIC_ZAP);
+    va_copy(apcopy, ap);
+    r = vsnprintf(endptr(buf), remaining, fmt, apcopy);
+    va_end(apcopy);
+    if (!SNPRINTF_OVERFLOW(r, remaining)) {
+        buf->len += (unsigned int) r;
+        return;
+    }
+
+    if (r >= 0) {
+        /* snprintf correctly told us how much space is required. */
+        if (!ensure_space(buf, r + 1))
+            return;
+        remaining = buf->space - buf->len;
+        r = vsnprintf(endptr(buf), remaining, fmt, ap);
+        if (SNPRINTF_OVERFLOW(r, remaining))  /* Shouldn't ever happen. */
+            k5_buf_free(buf);
+        else
+            buf->len += (unsigned int) r;
+        return;
+    }
+
+    /* It's a pre-C99 snprintf implementation, or something else went wrong.
+     * Fall back to asprintf. */
+    r = vasprintf(&tmp, fmt, ap);
+    if (r < 0) {
+        k5_buf_free(buf);
+        return;
+    }
+    if (ensure_space(buf, r)) {
+        /* Copy the temporary string into buf. */
+        memcpy(endptr(buf), tmp, r);
+        buf->len += r;
+    }
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP)
+        zap(tmp, strlen(tmp));
+    free(tmp);
+}
+
+void
+k5_buf_add_fmt(struct k5buf *buf, const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    k5_buf_add_vfmt(buf, fmt, ap);
+    va_end(ap);
+}
+
+char *
+k5_buf_cstring(struct k5buf *buf)
+{
+    if (!ensure_space(buf, 1))
+        return NULL;
+    *endptr(buf) = '\0';
+    return buf->data;
+}
+
+void *
+k5_buf_get_space(struct k5buf *buf, size_t len)
+{
+    if (!ensure_space(buf, len))
+        return NULL;
+    buf->len += len;
+    return endptr(buf) - len;
+}
+
+void
+k5_buf_truncate(struct k5buf *buf, size_t len)
+{
+    if (buf->buftype == K5BUF_ERROR)
+        return;
+    assert(len <= buf->len);
+    buf->len = len;
+}
+
+int
+k5_buf_status(struct k5buf *buf)
+{
+    return (buf->buftype == K5BUF_ERROR) ? ENOMEM : 0;
+}
+
+void
+k5_buf_free(struct k5buf *buf)
+{
+    if (buf->buftype == K5BUF_ERROR)
+        return;
+    assert(buf->buftype == K5BUF_DYNAMIC || buf->buftype == K5BUF_DYNAMIC_ZAP);
+    if (buf->buftype == K5BUF_DYNAMIC_ZAP)
+        zap(buf->data, buf->len);
+    free(buf->data);
+    set_error(buf);
+}
diff --git a/krb5-1.21.3/src/util/support/libkrb5support-fixed.exports b/krb5-1.21.3/src/util/support/libkrb5support-fixed.exports
new file mode 100644
index 00000000..01580249
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/libkrb5support-fixed.exports
@@ -0,0 +1,99 @@
+k5_base64_decode
+k5_base64_encode
+k5_bcmp
+k5_buf_init_fixed
+k5_buf_init_dynamic
+k5_buf_init_dynamic_zap
+k5_buf_add
+k5_buf_add_len
+k5_buf_add_fmt
+k5_buf_add_vfmt
+k5_buf_cstring
+k5_buf_get_space
+k5_buf_truncate
+k5_buf_status
+k5_buf_free
+k5_set_error
+k5_vset_error
+k5_get_error
+k5_free_error
+k5_clear_error
+k5_set_error_info_callout_fn
+k5_hashtab_add
+k5_hashtab_create
+k5_hashtab_free
+k5_hashtab_get
+k5_hashtab_remove
+k5_hex_decode
+k5_hex_encode
+k5_json_array_add
+k5_json_array_create
+k5_json_array_fmt
+k5_json_array_get
+k5_json_array_length
+k5_json_array_set
+k5_json_bool_create
+k5_json_bool_value
+k5_json_decode
+k5_json_encode
+k5_json_get_tid
+k5_json_null_create
+k5_json_null_create_val
+k5_json_number_create
+k5_json_number_value
+k5_json_object_count
+k5_json_object_create
+k5_json_object_get
+k5_json_object_iterate
+k5_json_object_set
+k5_json_release
+k5_json_retain
+k5_json_string_create
+k5_json_string_create_base64
+k5_json_string_create_len
+k5_json_string_unbase64
+k5_json_string_utf8
+k5_os_mutex_init
+k5_os_mutex_destroy
+k5_os_mutex_lock
+k5_os_mutex_unlock
+k5_once
+k5_path_isabs
+k5_path_join
+k5_path_split
+k5_siphash24
+k5_strerror_r
+k5_utf8_to_utf16le
+k5_utf16le_to_utf8
+k5_dir_filenames
+k5_free_filenames
+krb5int_key_register
+krb5int_key_delete
+krb5int_getspecific
+krb5int_setspecific
+krb5int_getaddrinfo
+krb5int_freeaddrinfo
+krb5int_gai_strerror
+krb5int_getnameinfo
+krb5int_in6addr_any
+krb5int_pthread_loaded
+krb5int_open_plugin
+krb5int_close_plugin
+krb5int_get_plugin_data
+krb5int_get_plugin_func
+krb5int_open_plugin_dirs
+krb5int_close_plugin_dirs
+krb5int_get_plugin_dir_data
+krb5int_get_plugin_dir_func
+krb5int_free_plugin_dir_data
+krb5int_free_plugin_dir_func
+krb5int_mutex_alloc
+krb5int_mutex_free
+krb5int_mutex_lock
+krb5int_mutex_unlock
+krb5int_gmt_mktime
+krb5int_ucs4_to_utf8
+krb5int_utf8_to_ucs4
+krb5int_utf8_lentab
+krb5int_utf8_mintab
+krb5int_zap
diff --git a/krb5-1.21.3/src/util/support/mkstemp.c b/krb5-1.21.3/src/util/support/mkstemp.c
new file mode 100644
index 00000000..285757f2
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/mkstemp.c
@@ -0,0 +1,138 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright (c) 1987, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)mktemp.c	8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#include "k5-platform.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+#if !defined S_ISDIR
+#if defined S_IFMT
+#define S_ISDIR(MODE)	(((MODE) & S_IFMT) == S_IFDIR)
+#elif defined _S_IFMT
+#define S_ISDIR(MODE)	(((MODE) & _S_IFMT) == _S_IFDIR)
+#else
+/* Hope that there's a S_ISDIR function defined.  */
+#endif
+#endif
+
+static int _gettemp(char *, int *);
+
+int mkstemp(path)
+	char *path;
+{
+	int fd;
+
+	return (_gettemp(path, &fd) ? fd : -1);
+}
+
+static int
+_gettemp(path, doopen)
+	char *path;
+	int *doopen;
+{
+	char *start, *trv;
+	struct stat sbuf;
+	u_int pid;
+
+	pid = getpid();
+	for (trv = path; *trv; ++trv);		/* extra X's get set to 0's */
+	while (*--trv == 'X') {
+		*trv = (pid % 10) + '0';
+		pid /= 10;
+	}
+
+	/*
+	 * check the target directory; if you have six X's and it
+	 * doesn't exist this runs for a *very* long time.
+	 */
+	for (start = trv + 1;; --trv) {
+		if (trv <= path)
+			break;
+		if (*trv == '/') {
+			*trv = '\0';
+			if (stat(path, &sbuf))
+				return(0);
+			if (!S_ISDIR(sbuf.st_mode)) {
+				errno = ENOTDIR;
+				return(0);
+			}
+			*trv = '/';
+			break;
+		}
+	}
+
+	for (;;) {
+		if (doopen) {
+			if ((*doopen =
+			    open(path, O_CREAT|O_EXCL|O_RDWR|O_BINARY, 0600)) >= 0)
+				return(1);
+			if (errno != EEXIST)
+				return(0);
+		}
+		else if (stat(path, &sbuf))
+			return(errno == ENOENT ? 1 : 0);
+
+		/* tricky little algorithm for backward compatibility */
+		for (trv = start;;) {
+			if (!*trv)
+				return(0);
+			if (*trv == 'z')
+				*trv++ = 'a';
+			else {
+				if (isdigit(*trv))
+					*trv = 'a';
+				else
+					++*trv;
+				break;
+			}
+		}
+	}
+	/*NOTREACHED*/
+}
diff --git a/krb5-1.21.3/src/util/support/path.c b/krb5-1.21.3/src/util/support/path.c
new file mode 100644
index 00000000..7a051abc
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/path.c
@@ -0,0 +1,161 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/path.c - Portable path manipulation functions */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-platform.h>
+
+/* For testing purposes, use a different symbol for Windows path semantics. */
+#ifdef _WIN32
+#define WINDOWS_PATHS
+#endif
+
+/*
+ * This file implements a limited set of portable path manipulation functions.
+ * When in doubt about edge cases, we follow the Python os.path semantics.
+ */
+
+#ifdef WINDOWS_PATHS
+#define SEP '\\'
+#define IS_SEPARATOR(c) ((c) == '\\' || (c) == '/')
+#else
+#define SEP '/'
+#define IS_SEPARATOR(c) ((c) == '/')
+#endif
+
+/* Find the rightmost path separator in path, or NULL if there is none. */
+static inline const char *
+find_sep(const char *path)
+{
+#ifdef WINDOWS_PATHS
+    const char *slash, *backslash;
+
+    slash = strrchr(path, '/');
+    backslash = strrchr(path, '\\');
+    if (slash != NULL && backslash != NULL)
+        return (slash > backslash) ? slash : backslash;
+    else
+        return (slash != NULL) ? slash : backslash;
+#else
+    return strrchr(path, '/');
+#endif
+}
+
+/* XXX drive letter prefixes */
+long
+k5_path_split(const char *path, char **parent_out, char **basename_out)
+{
+    const char *pathstart, *sep, *pend, *bstart;
+    char *parent = NULL, *basename = NULL;
+
+    if (parent_out != NULL)
+        *parent_out = NULL;
+    if (basename_out != NULL)
+        *basename_out = NULL;
+
+    pathstart = path;
+#ifdef WINDOWS_PATHS
+    if (*path != '\0' && path[1] == ':')
+        pathstart = path + 2;
+#endif
+
+    sep = find_sep(pathstart);
+    if (sep != NULL) {
+        bstart = sep + 1;
+        /* Strip off excess separators before the one we found. */
+        pend = sep;
+        while (pend > pathstart && IS_SEPARATOR(pend[-1]))
+            pend--;
+        /* But if we hit the start, keep the whole separator sequence. */
+        if (pend == pathstart)
+            pend = sep + 1;
+    } else {
+        bstart = pathstart;
+        pend = pathstart;
+    }
+
+    if (parent_out) {
+        parent = malloc(pend - path + 1);
+        if (parent == NULL)
+            return ENOMEM;
+        memcpy(parent, path, pend - path);
+        parent[pend - path] = '\0';
+    }
+    if (basename_out) {
+        basename = strdup(bstart);
+        if (basename == NULL) {
+            free(parent);
+            return ENOMEM;
+        }
+    }
+
+    if (parent_out)
+        *parent_out = parent;
+    if (basename_out)
+        *basename_out = basename;
+    return 0;
+}
+
+long
+k5_path_join(const char *path1, const char *path2, char **path_out)
+{
+    char *path, c;
+    int ret;
+
+    *path_out = NULL;
+    if (k5_path_isabs(path2) || *path1 == '\0') {
+        /* Discard path1 and return a copy of path2. */
+        path = strdup(path2);
+        if (path == NULL)
+            return ENOMEM;
+    } else {
+        /*
+         * Compose path1 and path2, adding a separator if path1 is non-empty
+         * there's no separator between them already.  (*path2 can be a
+         * separator in the weird case where it starts with /: or \: on
+         * Windows, and Python doesn't insert a separator in this case.)
+         */
+        c = path1[strlen(path1) - 1];
+        if (IS_SEPARATOR(c) || IS_SEPARATOR(*path2))
+            ret = asprintf(&path, "%s%s", path1, path2);
+        else
+            ret = asprintf(&path, "%s%c%s", path1, SEP, path2);
+        if (ret < 0)
+            return ENOMEM;
+    }
+    *path_out = path;
+    return 0;
+}
+
+int
+k5_path_isabs(const char *path)
+{
+#ifdef WINDOWS_PATHS
+    if (*path != '\0' && path[1] == ':')
+        path += 2;
+    return (*path == '/' || *path == '\\');
+#else
+    return (*path == '/');
+#endif
+}
diff --git a/krb5-1.21.3/src/util/support/plugins.c b/krb5-1.21.3/src/util/support/plugins.c
new file mode 100644
index 00000000..08505656
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/plugins.c
@@ -0,0 +1,598 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/plugins.c - Plugin module support functions */
+/*
+ * Copyright 2006, 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include "k5-plugin.h"
+#if USE_DLOPEN
+#include <dlfcn.h>
+#endif
+
+#if USE_DLOPEN
+#ifdef RTLD_GROUP
+#define GROUP RTLD_GROUP
+#else
+#define GROUP 0
+#endif
+#ifdef RTLD_NODELETE
+#define NODELETE RTLD_NODELETE
+#else
+#define NODELETE 0
+#endif
+#define PLUGIN_DLOPEN_FLAGS (RTLD_NOW | RTLD_LOCAL | GROUP | NODELETE)
+#endif
+
+/*
+ * glibc bug 11941, fixed in release 2.25, can cause an assertion failure in
+ * dlclose() on process exit.  Our workaround is to leak dlopen() handles
+ * (which doesn't typically manifest in leak detection tools because the
+ * handles are still reachable via a global table in libdl).  Because we
+ * dlopen() with RTLD_NODELETE, we weren't going to unload the plugin objects
+ * anyway.
+ */
+#ifdef __GLIBC_PREREQ
+#if ! __GLIBC_PREREQ(2, 25)
+#define dlclose(x)
+#endif
+#endif
+
+#include <stdarg.h>
+static void Tprintf (const char *fmt, ...)
+{
+#ifdef DEBUG
+    va_list va;
+    va_start (va, fmt);
+    vfprintf (stderr, fmt, va);
+    va_end (va);
+#endif
+}
+
+struct plugin_file_handle {
+#if defined(USE_DLOPEN)
+    void *dlhandle;
+#elif defined(_WIN32)
+    HMODULE module;
+#else
+    char dummy;
+#endif
+};
+
+#if defined(USE_DLOPEN)
+
+static long
+open_plugin_dlfcn(struct plugin_file_handle *h, const char *filename,
+                  struct errinfo *ep)
+{
+    const char *e;
+
+    h->dlhandle = dlopen(filename, PLUGIN_DLOPEN_FLAGS);
+    if (h->dlhandle == NULL) {
+        e = dlerror();
+        if (e == NULL)
+            e = _("unknown failure");
+        Tprintf("dlopen(%s): %s\n", filename, e);
+        k5_set_error(ep, ENOENT, _("unable to load plugin [%s]: %s"),
+                     filename, e);
+        return ENOENT;
+    }
+    return 0;
+}
+#define open_plugin open_plugin_dlfcn
+
+static long
+get_sym_dlfcn(struct plugin_file_handle *h, const char *csymname,
+              void **sym_out, struct errinfo *ep)
+{
+    const char *e;
+
+    if (h->dlhandle == NULL)
+        return ENOENT;
+    *sym_out = dlsym(h->dlhandle, csymname);
+    if (*sym_out == NULL) {
+        e = dlerror();
+        if (e == NULL)
+            e = _("unknown failure");
+        Tprintf("dlsym(%s): %s\n", csymname, e);
+        k5_set_error(ep, ENOENT, "%s", e);
+        return ENOENT;
+    }
+    return 0;
+}
+#define get_sym get_sym_dlfcn
+
+static void
+close_plugin_dlfcn(struct plugin_file_handle *h)
+{
+    if (h->dlhandle != NULL)
+        dlclose(h->dlhandle);
+}
+#define close_plugin close_plugin_dlfcn
+
+#elif defined(_WIN32)
+
+static long
+open_plugin_win32(struct plugin_file_handle *h, const char *filename,
+                  struct errinfo *ep)
+{
+    h->module = LoadLibrary(filename);
+    if (h == NULL) {
+        Tprintf("Unable to load dll: %s\n", filename);
+        k5_set_error(ep, ENOENT, _("unable to load DLL [%s]"), filename);
+        return ENOENT;
+    }
+    return 0;
+}
+#define open_plugin open_plugin_win32
+
+static long
+get_sym_win32(struct plugin_file_handle *h, const char *csymname,
+              void **sym_out, struct errinfo *ep)
+{
+    LPVOID lpMsgBuf;
+    DWORD dw;
+
+    if (h->module == NULL)
+        return ENOENT;
+    *sym_out = GetProcAddress(h->module, csymname);
+    if (*sym_out == NULL) {
+        Tprintf("GetProcAddress(%s): %i\n", csymname, GetLastError());
+        dw = GetLastError();
+        if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
+                          FORMAT_MESSAGE_FROM_SYSTEM,
+                          NULL, dw, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+                          (LPTSTR)&lpMsgBuf, 0, NULL)) {
+            k5_set_error(ep, ENOENT, _("unable to get DLL Symbol: %s"),
+                         (char *)lpMsgBuf);
+            LocalFree(lpMsgBuf);
+        }
+        return ENOENT;
+    }
+    return 0;
+}
+#define get_sym get_sym_win32
+
+static void
+close_plugin_win32(struct plugin_file_handle *h)
+{
+    if (h->module != NULL)
+        FreeLibrary(h->module);
+}
+#define close_plugin close_plugin_win32
+
+#else
+
+static long
+open_plugin_dummy(struct plugin_file_handle *h, const char *filename,
+                  struct errinfo *ep)
+{
+    k5_set_error(ep, ENOENT, _("plugin loading unavailable"));
+    return ENOENT;
+}
+#define open_plugin open_plugin_dummy
+
+static long
+get_sym_dummy(struct plugin_file_handle *h, const char *csymname,
+              void **sym_out, struct errinfo *ep)
+{
+    return ENOENT;
+}
+#define get_sym get_sym_dummy
+
+static void
+close_plugin_dummy(struct plugin_file_handle *h)
+{
+}
+#define close_plugin close_plugin_dummy
+
+#endif
+
+long KRB5_CALLCONV
+krb5int_open_plugin(const char *filename,
+                    struct plugin_file_handle **handle_out, struct errinfo *ep)
+{
+    long ret;
+    struct plugin_file_handle *h;
+
+    *handle_out = NULL;
+
+    h = calloc(1, sizeof(*h));
+    if (h == NULL)
+        return ENOMEM;
+
+    ret = open_plugin(h, filename, ep);
+    if (ret) {
+        free(h);
+        return ret;
+    }
+
+    *handle_out = h;
+    return 0;
+}
+
+long KRB5_CALLCONV
+krb5int_get_plugin_data(struct plugin_file_handle *h, const char *csymname,
+                        void **sym_out, struct errinfo *ep)
+{
+    return get_sym(h, csymname, sym_out, ep);
+}
+
+long KRB5_CALLCONV
+krb5int_get_plugin_func(struct plugin_file_handle *h, const char *csymname,
+                        void (**sym_out)(), struct errinfo *ep)
+{
+    void *dptr = NULL;
+    long ret = get_sym(h, csymname, &dptr, ep);
+
+    if (!ret)
+        *sym_out = (void (*)())dptr;
+    return ret;
+}
+
+void KRB5_CALLCONV
+krb5int_close_plugin (struct plugin_file_handle *h)
+{
+    close_plugin(h);
+    free(h);
+}
+
+static long
+krb5int_plugin_file_handle_array_init (struct plugin_file_handle ***harray)
+{
+    long err = 0;
+
+    *harray = calloc (1, sizeof (**harray)); /* calloc initializes to NULL */
+    if (*harray == NULL) { err = ENOMEM; }
+
+    return err;
+}
+
+static long
+krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, size_t *count,
+                                      struct plugin_file_handle *p)
+{
+    long err = 0;
+    struct plugin_file_handle **newharray = NULL;
+    size_t newcount = *count + 1;
+
+    newharray = realloc (*harray, ((newcount + 1) * sizeof (**harray))); /* +1 for NULL */
+    if (newharray == NULL) {
+        err = ENOMEM;
+    } else {
+        newharray[newcount - 1] = p;
+        newharray[newcount] = NULL;
+        *count = newcount;
+        *harray = newharray;
+    }
+
+    return err;
+}
+
+static void
+krb5int_plugin_file_handle_array_free (struct plugin_file_handle **harray)
+{
+    if (harray != NULL) {
+        int i;
+        for (i = 0; harray[i] != NULL; i++) {
+            krb5int_close_plugin (harray[i]);
+        }
+        free (harray);
+    }
+}
+
+#if TARGET_OS_MAC
+#define FILEEXTS { "", ".bundle", ".dylib", ".so", NULL }
+#elif defined(_WIN32)
+#define FILEEXTS  { "", ".dll", NULL }
+#else
+#define FILEEXTS  { "", ".so", NULL }
+#endif
+
+
+static void
+krb5int_free_plugin_filenames (char **filenames)
+{
+    if (filenames != NULL) {
+        int i;
+        for (i = 0; filenames[i] != NULL; i++) {
+            free (filenames[i]);
+        }
+        free (filenames);
+    }
+}
+
+
+static long
+krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
+{
+    long err = 0;
+    static const char *const fileexts[] = FILEEXTS;
+    char **tempnames = NULL;
+    size_t bases_count = 0;
+    size_t exts_count = 0;
+    size_t i;
+
+    if (!filebases) { err = EINVAL; }
+    if (!filenames) { err = EINVAL; }
+
+    if (!err) {
+        for (i = 0; filebases[i]; i++) { bases_count++; }
+        for (i = 0; fileexts[i]; i++) { exts_count++; }
+        tempnames = calloc ((bases_count * exts_count)+1, sizeof (char *));
+        if (!tempnames) { err = ENOMEM; }
+    }
+
+    if (!err) {
+        size_t j;
+        for (i = 0; !err && filebases[i]; i++) {
+            for (j = 0; !err && fileexts[j]; j++) {
+                if (asprintf(&tempnames[(i*exts_count)+j], "%s%s",
+                             filebases[i], fileexts[j]) < 0) {
+                    tempnames[(i*exts_count)+j] = NULL;
+                    err = ENOMEM;
+                }
+            }
+        }
+        tempnames[bases_count * exts_count] = NULL; /* NUL-terminate */
+    }
+
+    if (!err) {
+        *filenames = tempnames;
+        tempnames = NULL;
+    }
+
+    krb5int_free_plugin_filenames(tempnames);
+
+    return err;
+}
+
+
+/* Takes a NULL-terminated list of directories.  If filebases is NULL, filebases is ignored
+ * all plugins in the directories are loaded.  If filebases is a NULL-terminated array of names,
+ * only plugins in the directories with those name (plus any platform extension) are loaded. */
+
+long KRB5_CALLCONV
+krb5int_open_plugin_dirs (const char * const *dirnames,
+                          const char * const *filebases,
+                          struct plugin_dir_handle *dirhandle,
+                          struct errinfo *ep)
+{
+    long err = 0;
+    struct plugin_file_handle **h = NULL;
+    size_t count = 0;
+    char **filenames = NULL;
+    int i;
+
+    if (!err) {
+        err = krb5int_plugin_file_handle_array_init (&h);
+    }
+
+    if (!err && (filebases != NULL)) {
+        err = krb5int_get_plugin_filenames (filebases, &filenames);
+    }
+
+    for (i = 0; !err && dirnames[i] != NULL; i++) {
+        if (filenames != NULL) {
+            /* load plugins with names from filenames from each directory */
+            int j;
+
+            for (j = 0; !err && filenames[j] != NULL; j++) {
+                struct plugin_file_handle *handle = NULL;
+                char *filepath = NULL;
+
+                if (!err) {
+                    if (asprintf(&filepath, "%s/%s", dirnames[i], filenames[j]) < 0) {
+                        filepath = NULL;
+                        err = ENOMEM;
+                    }
+                }
+
+                if (!err && krb5int_open_plugin(filepath, &handle, ep) == 0) {
+                    err = krb5int_plugin_file_handle_array_add (&h, &count, handle);
+                    if (!err)
+                        handle = NULL; /* h takes ownership */
+                }
+
+                free(filepath);
+                if (handle   != NULL) { krb5int_close_plugin (handle); }
+            }
+        } else {
+            char **fnames = NULL;
+            int j;
+
+            err = k5_dir_filenames(dirnames[i], &fnames);
+            for (j = 0; !err && fnames[j] != NULL; j++) {
+                char *filepath = NULL;
+                struct plugin_file_handle *handle = NULL;
+
+                if (strcmp(fnames[j], ".") == 0 ||
+                    strcmp(fnames[j], "..") == 0)
+                    continue;
+
+                if (asprintf(&filepath, "%s/%s", dirnames[i], fnames[j]) < 0) {
+                    filepath = NULL;
+                    err = ENOMEM;
+                }
+
+                if (!err && krb5int_open_plugin(filepath, &handle, ep) == 0) {
+                    err = krb5int_plugin_file_handle_array_add(&h, &count,
+                                                               handle);
+                    if (!err)
+                        handle = NULL;  /* h takes ownership */
+                }
+
+                free(filepath);
+                if (handle != NULL)
+                    krb5int_close_plugin(handle);
+            }
+
+            k5_free_filenames(fnames);
+        }
+    }
+
+    if (err == ENOENT) {
+        err = 0;  /* ran out of plugins -- do nothing */
+    }
+
+    if (!err) {
+        dirhandle->files = h;
+        h = NULL;  /* dirhandle->files takes ownership */
+    }
+
+    if (filenames != NULL) { krb5int_free_plugin_filenames (filenames); }
+    if (h         != NULL) { krb5int_plugin_file_handle_array_free (h); }
+
+    return err;
+}
+
+void KRB5_CALLCONV
+krb5int_close_plugin_dirs (struct plugin_dir_handle *dirhandle)
+{
+    if (dirhandle->files != NULL) {
+        int i;
+        for (i = 0; dirhandle->files[i] != NULL; i++) {
+            krb5int_close_plugin (dirhandle->files[i]);
+        }
+        free (dirhandle->files);
+        dirhandle->files = NULL;
+    }
+}
+
+void KRB5_CALLCONV
+krb5int_free_plugin_dir_data (void **ptrs)
+{
+    /* Nothing special to be done per pointer.  */
+    free(ptrs);
+}
+
+long KRB5_CALLCONV
+krb5int_get_plugin_dir_data (struct plugin_dir_handle *dirhandle,
+                             const char *symname,
+                             void ***ptrs,
+                             struct errinfo *ep)
+{
+    long err = 0;
+    void **p = NULL;
+    size_t count = 0;
+
+    /* XXX Do we need to add a leading "_" to the symbol name on any
+       modern platforms?  */
+
+    Tprintf("get_plugin_data_sym(%s)\n", symname);
+
+    if (!err) {
+        p = calloc (1, sizeof (*p)); /* calloc initializes to NULL */
+        if (p == NULL) { err = ENOMEM; }
+    }
+
+    if (!err && (dirhandle != NULL) && (dirhandle->files != NULL)) {
+        int i = 0;
+
+        for (i = 0; !err && (dirhandle->files[i] != NULL); i++) {
+            void *sym = NULL;
+
+            if (krb5int_get_plugin_data (dirhandle->files[i], symname, &sym, ep) == 0) {
+                void **newp = NULL;
+
+                count++;
+                newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
+                if (newp == NULL) {
+                    err = ENOMEM;
+                } else {
+                    p = newp;
+                    p[count - 1] = sym;
+                    p[count] = NULL;
+                }
+            }
+        }
+    }
+
+    if (!err) {
+        *ptrs = p;
+        p = NULL; /* ptrs takes ownership */
+    }
+
+    free(p);
+
+    return err;
+}
+
+void KRB5_CALLCONV
+krb5int_free_plugin_dir_func (void (**ptrs)(void))
+{
+    /* Nothing special to be done per pointer.  */
+    free(ptrs);
+}
+
+long KRB5_CALLCONV
+krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle,
+                             const char *symname,
+                             void (***ptrs)(void),
+                             struct errinfo *ep)
+{
+    long err = 0;
+    void (**p)() = NULL;
+    size_t count = 0;
+
+    /* XXX Do we need to add a leading "_" to the symbol name on any
+       modern platforms?  */
+
+    Tprintf("get_plugin_data_sym(%s)\n", symname);
+
+    if (!err) {
+        p = calloc (1, sizeof (*p)); /* calloc initializes to NULL */
+        if (p == NULL) { err = ENOMEM; }
+    }
+
+    if (!err && (dirhandle != NULL) && (dirhandle->files != NULL)) {
+        int i = 0;
+
+        for (i = 0; !err && (dirhandle->files[i] != NULL); i++) {
+            void (*sym)() = NULL;
+
+            if (krb5int_get_plugin_func (dirhandle->files[i], symname, &sym, ep) == 0) {
+                void (**newp)() = NULL;
+
+                count++;
+                newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
+                if (newp == NULL) {
+                    err = ENOMEM;
+                } else {
+                    p = newp;
+                    p[count - 1] = sym;
+                    p[count] = NULL;
+                }
+            }
+        }
+    }
+
+    if (!err) {
+        *ptrs = p;
+        p = NULL; /* ptrs takes ownership */
+    }
+
+    free(p);
+
+    return err;
+}
diff --git a/krb5-1.21.3/src/util/support/printf.c b/krb5-1.21.3/src/util/support/printf.c
new file mode 100644
index 00000000..8228a400
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/printf.c
@@ -0,0 +1,100 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/printf.c */
+/*
+ * Copyright 2003, 2004, 2005, 2007, 2008 Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/* Provide {,v}asprintf for platforms that don't have them. */
+
+#include "k5-platform.h"
+
+/* On error: BSD: Set *ret to NULL.  GNU: *ret is undefined.
+
+   Since we want to be able to use the GNU version directly, we need
+   provide only the weaker guarantee in this version.  */
+int
+krb5int_vasprintf(char **ret, const char *format, va_list ap)
+{
+    va_list ap2;
+    char *str = NULL, *nstr;
+    size_t len = 80;
+    int len2;
+
+    while (1) {
+        if (len >= INT_MAX || len == 0)
+            goto fail;
+        nstr = realloc(str, len);
+        if (nstr == NULL)
+            goto fail;
+        str = nstr;
+        va_copy(ap2, ap);
+        len2 = vsnprintf(str, len, format, ap2);
+        va_end(ap2);
+        /* ISO C vsnprintf returns the needed length.  Some old
+           vsnprintf implementations return -1 on truncation.  */
+        if (len2 < 0) {
+            /* Don't know how much space we need, just that we didn't
+               supply enough; get a bigger buffer and try again.  */
+            if (len <= SIZE_MAX/2)
+                len *= 2;
+            else if (len < SIZE_MAX)
+                len = SIZE_MAX;
+            else
+                goto fail;
+        } else if ((unsigned int) len2 >= SIZE_MAX) {
+            /* Need more space than we can request.  */
+            goto fail;
+        } else if ((size_t) len2 >= len) {
+            /* Need more space, but we know how much.  */
+            len = (size_t) len2 + 1;
+        } else {
+            /* Success!  */
+            break;
+        }
+    }
+    /* We might've allocated more than we need, if we're still using
+       the initial guess, or we got here by doubling.  */
+    if ((size_t) len2 < len - 1) {
+        nstr = realloc(str, (size_t) len2 + 1);
+        if (nstr)
+            str = nstr;
+    }
+    *ret = str;
+    return len2;
+
+fail:
+    free(str);
+    return -1;
+}
+
+int
+krb5int_asprintf(char **ret, const char *format, ...)
+{
+    va_list ap;
+    int n;
+
+    va_start(ap, format);
+    n = krb5int_vasprintf(ret, format, ap);
+    va_end(ap);
+    return n;
+}
diff --git a/krb5-1.21.3/src/util/support/secure_getenv.c b/krb5-1.21.3/src/util/support/secure_getenv.c
new file mode 100644
index 00000000..6df05917
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/secure_getenv.c
@@ -0,0 +1,111 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/secure_getenv.c - secure_getenv() portability support */
+/*
+ * Copyright (C) 2019 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file contains the fallback implementation for secure_getenv(), which is
+ * currently only provided by glibc 2.17 and later.  The goal is to ignore the
+ * environment if this process is (or previously was) running at elevated
+ * privilege compared to the calling process.
+ *
+ * In this fallback version we compare the real and effective uid/gid, and also
+ * compare the saved uid/gid if possible.  These comparisons detect a setuid or
+ * setgid process which is still running with elevated privilege; if we can
+ * fetch the saved uid/gid, we also detect a process which has temporarily
+ * dropped privilege with seteuid() or setegid().  These comparisons do not
+ * detect the case where a setuid or setgid process has permanently dropped
+ * privilege before the library initializer ran; this is not ideal because such
+ * a process may possess a privileged resource or have privileged information
+ * in its address space.
+ *
+ * Heimdal also looks at the ELF aux vector in /proc/self/auxv to determine the
+ * starting uid/euid/gid/euid on Solaris/Illumos and NetBSD.  On FreeBSD this
+ * approach can determine the executable path to do a stat() check.  We do not
+ * go to this length due to the amount of code required.
+ *
+ * The BSDs and Solaris provide issetugid(), but the FreeBSD and NetBSD
+ * versions are not useful; they return true if a non-setuid/setgid executable
+ * is run by root and drops privilege, such as Apache httpd.  We do not want to
+ * ignore the process environment in this case.
+ *
+ * On some platforms a process may have elevated privilege via mechanisms other
+ * than setuid/setgid.  glibc's secure_getenv() should detect these cases on
+ * Linux; we do not detect them in this fallback version.
+ */
+
+#include "k5-platform.h"
+
+static int elevated_privilege = 0;
+
+MAKE_INIT_FUNCTION(k5_secure_getenv_init);
+
+int
+k5_secure_getenv_init()
+{
+    int saved_errno = errno;
+
+#ifdef HAVE_GETRESUID
+    {
+        uid_t r, e, s;
+        if (getresuid(&r, &e, &s) == 0) {
+            if (r != e || r != s)
+                elevated_privilege = 1;
+        }
+    }
+#else
+    if (getuid() != geteuid())
+        elevated_privilege = 1;
+#endif
+
+#ifdef HAVE_GETRESGID
+    {
+        gid_t r, e, s;
+        if (!elevated_privilege && getresgid(&r, &e, &s) == 0) {
+            if (r != e || r != s)
+                elevated_privilege = 1;
+        }
+    }
+#else
+    if (!elevated_privilege && getgid() != getegid())
+        elevated_privilege = 1;
+#endif
+
+    errno = saved_errno;
+    return 0;
+}
+
+char *
+k5_secure_getenv(const char *name)
+{
+    if (CALL_INIT_FUNCTION(k5_secure_getenv_init) != 0)
+        return NULL;
+    return elevated_privilege ? NULL : getenv(name);
+}
diff --git a/krb5-1.21.3/src/util/support/strerror_r.c b/krb5-1.21.3/src/util/support/strerror_r.c
new file mode 100644
index 00000000..090e1791
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/strerror_r.c
@@ -0,0 +1,97 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/strerror_r.c - strerror_r compatibility shim */
+/*
+ * Copyright (C) 2014 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-platform.h>
+#undef strerror_r
+
+#if defined(_WIN32)
+
+/* Implement strerror_r in terms of strerror_s. */
+int
+k5_strerror_r(int errnum, char *buf, size_t buflen)
+{
+    int st;
+
+    st = strerror_s(buf, buflen, errnum);
+    if (st != 0) {
+        errno = st;
+        return -1;
+    }
+    return 0;
+}
+
+#elif !defined(HAVE_STRERROR_R)
+
+/* Implement strerror_r in terms of strerror (not thread-safe). */
+int
+k5_strerror_r(int errnum, char *buf, size_t buflen)
+{
+    if (strlcpy(buf, strerror(errnum), buflen) >= buflen) {
+        errno = ERANGE;
+        return -1;
+    }
+    return 0;
+}
+
+#elif defined(STRERROR_R_CHAR_P)
+
+/*
+ * Implement the POSIX strerror_r API in terms of the GNU strerror_r, which
+ * returns a pointer to either the caller buffer or a constant string.  This is
+ * the default version on glibc systems when _GNU_SOURCE is defined.
+ */
+int
+k5_strerror_r(int errnum, char *buf, size_t buflen)
+{
+    const char *str;
+
+    str = strerror_r(errnum, buf, buflen);
+    if (str != buf) {
+        if (strlcpy(buf, str, buflen) >= buflen) {
+            errno = ERANGE;
+            return -1;
+        }
+    }
+    return 0;
+}
+
+#else
+
+/* Define a stub in terms of the real strerror_r, just to simplify the library
+ * export list.  This shouldn't get used. */
+int
+k5_strerror_r(int errnum, char *buf, size_t buflen)
+{
+    return strerror_r(errnum, buf, buflen);
+}
+
+#endif
diff --git a/krb5-1.21.3/src/util/support/strlcpy.c b/krb5-1.21.3/src/util/support/strlcpy.c
new file mode 100644
index 00000000..26ac34ef
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/strlcpy.c
@@ -0,0 +1,88 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Provide strlcpy and strlcat for platforms that don't have them. */
+
+#include "k5-platform.h"
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Copy src to string dst of size siz.  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t
+krb5int_strlcpy(char *dst, const char *src, size_t siz)
+{
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
+
+	/* Copy as many bytes as will fit */
+	if (n != 0) {
+		while (--n != 0) {
+			if ((*d++ = *s++) == '\0')
+				break;
+		}
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src */
+	if (n == 0) {
+		if (siz != 0)
+			*d = '\0';		/* NUL-terminate dst */
+		while (*s++)
+			;
+	}
+
+	return(s - src - 1);	/* count does not include NUL */
+}
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+size_t
+krb5int_strlcat(char *dst, const char *src, size_t siz)
+{
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end */
+	while (n-- != 0 && *d != '\0')
+		d++;
+	dlen = d - dst;
+	n = siz - dlen;
+
+	if (n == 0)
+		return(dlen + strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(dlen + (s - src));	/* count does not include NUL */
+}
diff --git a/krb5-1.21.3/src/util/support/supp-int.h b/krb5-1.21.3/src/util/support/supp-int.h
new file mode 100644
index 00000000..5cd030e4
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/supp-int.h
@@ -0,0 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/supp-int.h */
+/*
+ * Copyright (C) 2006 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ *
+ *  Internal prototypes for the krb5support library
+ */
+#ifndef KRB5_SUPP_INT_H__
+#define KRB5_SUPP_INT_H__
+
+extern int krb5int_call_thread_support_init (void);
+
+extern int krb5int_err_init (void);
+
+#endif /* KRB5_SUPP_INT_H__ */
diff --git a/krb5-1.21.3/src/util/support/t_base64.c b/krb5-1.21.3/src/util/support/t_base64.c
new file mode 100644
index 00000000..3b1fd458
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_base64.c
@@ -0,0 +1,110 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_base64.c - base64 encoding and decoding tests */
+/*
+ * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <k5-platform.h>
+#include <k5-base64.h>
+
+static struct test {
+    void *data;
+    size_t len;
+    const char *result;
+} tests[] = {
+    { "", 0 , "" },
+    { "1", 1, "MQ==" },
+    { "22", 2, "MjI=" },
+    { "333", 3, "MzMz" },
+    { "4444", 4, "NDQ0NA==" },
+    { "55555", 5, "NTU1NTU=" },
+    { "abc:def", 7, "YWJjOmRlZg==" },
+    { "f", 1, "Zg==" },
+    { "fo", 2, "Zm8=" },
+    { "foo", 3, "Zm9v" },
+    { "foob", 4, "Zm9vYg==" },
+    { "fooba", 5, "Zm9vYmE=" },
+    { "foobar", 6, "Zm9vYmFy" },
+    { NULL, 0, NULL }
+};
+
+static char *negative_tests[] = {
+    "M=M=",
+    "MM=M",
+    "MQ===",
+    "====",
+    "M===",
+    NULL
+};
+
+int
+main(int argc, char **argv)
+{
+    char *str, **ntest;
+    void *data;
+    int numerr = 0, numtest = 1;
+    const struct test *t;
+    size_t len;
+
+    for (t = tests; t->data != NULL; t++) {
+        str = k5_base64_encode(t->data, t->len);
+        if (strcmp(str, t->result) != 0) {
+            fprintf(stderr, "failed test %d: %s != %s\n", numtest,
+                    str, t->result);
+            numerr++;
+        }
+        free(str);
+        data = k5_base64_decode(t->result, &len);
+        if (len != t->len) {
+            fprintf(stderr, "failed test %d: len %lu != %lu\n", numtest,
+                    (unsigned long)len, (unsigned long)t->len);
+            numerr++;
+        } else if (memcmp(data, t->data, t->len) != 0) {
+            fprintf(stderr, "failed test %d: data\n", numtest);
+            numerr++;
+        }
+        free(data);
+        numtest++;
+    }
+
+    for (ntest = negative_tests; *ntest != NULL; ntest++) {
+        data = k5_base64_decode(*ntest, &len);
+        if (data != NULL || len != SIZE_MAX) {
+            fprintf(stderr, "failed test %d: successful decode: %s\n",
+                    numtest, *ntest);
+            numerr++;
+        }
+        numtest++;
+    }
+
+    return numerr ? 1 : 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_hashtab.c b/krb5-1.21.3/src/util/support/t_hashtab.c
new file mode 100644
index 00000000..f51abc4f
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_hashtab.c
@@ -0,0 +1,176 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_hash.c - tests for hash table code */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* hash.c has no linker dependencies, so we can simply include its source code
+ * to test its static functions and look inside its structures. */
+#include "hashtab.c"
+
+/* These match the sip64 test vectors in the reference C implementation of
+ * siphash at https://github.com/veorq/SipHash */
+const uint64_t vectors[64] = {
+    0x726FDB47DD0E0E31,
+    0x74F839C593DC67FD,
+    0x0D6C8009D9A94F5A,
+    0x85676696D7FB7E2D,
+    0xCF2794E0277187B7,
+    0x18765564CD99A68D,
+    0xCBC9466E58FEE3CE,
+    0xAB0200F58B01D137,
+    0x93F5F5799A932462,
+    0x9E0082DF0BA9E4B0,
+    0x7A5DBBC594DDB9F3,
+    0xF4B32F46226BADA7,
+    0x751E8FBC860EE5FB,
+    0x14EA5627C0843D90,
+    0xF723CA908E7AF2EE,
+    0xA129CA6149BE45E5,
+    0x3F2ACC7F57C29BDB,
+    0x699AE9F52CBE4794,
+    0x4BC1B3F0968DD39C,
+    0xBB6DC91DA77961BD,
+    0xBED65CF21AA2EE98,
+    0xD0F2CBB02E3B67C7,
+    0x93536795E3A33E88,
+    0xA80C038CCD5CCEC8,
+    0xB8AD50C6F649AF94,
+    0xBCE192DE8A85B8EA,
+    0x17D835B85BBB15F3,
+    0x2F2E6163076BCFAD,
+    0xDE4DAAACA71DC9A5,
+    0xA6A2506687956571,
+    0xAD87A3535C49EF28,
+    0x32D892FAD841C342,
+    0x7127512F72F27CCE,
+    0xA7F32346F95978E3,
+    0x12E0B01ABB051238,
+    0x15E034D40FA197AE,
+    0x314DFFBE0815A3B4,
+    0x027990F029623981,
+    0xCADCD4E59EF40C4D,
+    0x9ABFD8766A33735C,
+    0x0E3EA96B5304A7D0,
+    0xAD0C42D6FC585992,
+    0x187306C89BC215A9,
+    0xD4A60ABCF3792B95,
+    0xF935451DE4F21DF2,
+    0xA9538F0419755787,
+    0xDB9ACDDFF56CA510,
+    0xD06C98CD5C0975EB,
+    0xE612A3CB9ECBA951,
+    0xC766E62CFCADAF96,
+    0xEE64435A9752FE72,
+    0xA192D576B245165A,
+    0x0A8787BF8ECB74B2,
+    0x81B3E73D20B49B6F,
+    0x7FA8220BA3B2ECEA,
+    0x245731C13CA42499,
+    0xB78DBFAF3A8D83BD,
+    0xEA1AD565322A1A0B,
+    0x60E61C23A3795013,
+    0x6606D7E446282B93,
+    0x6CA4ECB15C5F91E1,
+    0x9F626DA15C9625F3,
+    0xE51B38608EF25F57,
+    0x958A324CEB064572
+};
+
+static void
+test_siphash()
+{
+    uint8_t seq[64];
+    uint64_t k0, k1, hval;
+    size_t i;
+
+    for (i = 0; i < sizeof(seq); i++)
+        seq[i] = i;
+    k0 = load_64_le(seq);
+    k1 = load_64_le(seq + 8);
+
+    for (i = 0; i < sizeof(seq); i++) {
+        hval = siphash24(seq, i, k0, k1);
+        assert(hval == vectors[i]);
+    }
+}
+
+static void
+test_hashtab()
+{
+    int st;
+    struct k5_hashtab *ht;
+    size_t i;
+    char zeros[100] = { 0 };
+
+    st = k5_hashtab_create(NULL, 4, &ht);
+    assert(st == 0 && ht != NULL && ht->nentries == 0);
+
+    st = k5_hashtab_add(ht, "abc", 3, &st);
+    assert(st == 0 && ht->nentries == 1);
+    assert(k5_hashtab_get(ht, "abc", 3) == &st);
+    assert(k5_hashtab_get(ht, "bcde", 4) == NULL);
+
+    st = k5_hashtab_add(ht, "bcde", 4, &ht);
+    assert(st == 0 && ht->nentries == 2);
+    assert(k5_hashtab_get(ht, "abc", 3) == &st);
+    assert(k5_hashtab_get(ht, "bcde", 4) == &ht);
+
+    k5_hashtab_remove(ht, "abc", 3);
+    assert(ht->nentries == 1);
+    assert(k5_hashtab_get(ht, "abc", 3) == NULL);
+    assert(k5_hashtab_get(ht, "bcde", 4) == &ht);
+
+    k5_hashtab_remove(ht, "bcde", 4);
+    assert(ht->nentries == 0);
+    assert(k5_hashtab_get(ht, "abc", 3) == NULL);
+    assert(k5_hashtab_get(ht, "bcde", 4) == NULL);
+
+    for (i = 0; i < sizeof(zeros); i++) {
+        st = k5_hashtab_add(ht, zeros, i, zeros + i);
+        assert(st == 0 && ht->nentries == i + 1 && ht->nbuckets >= i + 1);
+    }
+    for (i = 0; i < sizeof(zeros); i++) {
+        assert(k5_hashtab_get(ht, zeros, i) == zeros + i);
+        k5_hashtab_remove(ht, zeros, i);
+        assert(ht->nentries == sizeof(zeros) - i - 1);
+        if (i > 0)
+            assert(k5_hashtab_get(ht, zeros, i - 1) == NULL);
+    }
+
+    k5_hashtab_free(ht);
+}
+
+int
+main()
+{
+    test_siphash();
+    test_hashtab();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_hex.c b/krb5-1.21.3/src/util/support/t_hex.c
new file mode 100644
index 00000000..a586a1bc
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_hex.c
@@ -0,0 +1,169 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_hex.c - Test hex encoding and decoding */
+/*
+ * Copyright (C) 2018 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <k5-platform.h>
+#include <k5-hex.h>
+
+struct {
+    const char *hex;
+    const char *binary;
+    size_t binary_len;
+    int uppercase;
+} tests[] = {
+    /* Invalid hex strings */
+    { "1" },
+    { "123" },
+    { "0/" },
+    { "/0" },
+    { "0:" },
+    { ":0" },
+    { "0@" },
+    { "@0" },
+    { "0G" },
+    { "G0" },
+    { "0`" },
+    { "`0" },
+    { "0g" },
+    { "g0" },
+    { " 00 " },
+    { "0\x01" },
+
+    { "", "", 0 },
+    { "00", "\x00", 1 },
+    { "01", "\x01", 1 },
+    { "10", "\x10", 1 },
+    { "01ff", "\x01\xFF", 2 },
+    { "A0B0C0", "\xA0\xB0\xC0", 3, 1 },
+    { "1a2b3c4d5e6f", "\x1A\x2B\x3C\x4D\x5E\x6F", 6 },
+    { "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
+      "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 32 },
+
+    /* All byte values, lowercase */
+    { "0001020304050607", "\x00\x01\x02\x03\x04\x05\x06\x07", 8 },
+    { "08090a0b0c0d0e0f", "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 8 },
+    { "1011121314151617", "\x10\x11\x12\x13\x14\x15\x16\x17", 8 },
+    { "18191a1b1c1d1e1f", "\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 8 },
+    { "2021222324252627", "\x20\x21\x22\x23\x24\x25\x26\x27", 8 },
+    { "28292a2b2c2d2e2f", "\x28\x29\x2A\x2B\x2C\x2D\x2E\x2F", 8 },
+    { "3031323334353637", "\x30\x31\x32\x33\x34\x35\x36\x37", 8 },
+    { "38393a3b3c3d3e3f", "\x38\x39\x3A\x3B\x3C\x3D\x3E\x3F", 8 },
+    { "4041424344454647", "\x40\x41\x42\x43\x44\x45\x46\x47", 8 },
+    { "48494a4b4c4d4e4f", "\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F", 8 },
+    { "5051525354555657", "\x50\x51\x52\x53\x54\x55\x56\x57", 8 },
+    { "58595a5b5c5d5e5f", "\x58\x59\x5A\x5B\x5C\x5D\x5E\x5F", 8 },
+    { "6061626364656667", "\x60\x61\x62\x63\x64\x65\x66\x67", 8 },
+    { "68696a6b6c6d6e6f", "\x68\x69\x6A\x6B\x6C\x6D\x6E\x6F", 8 },
+    { "7071727374757677", "\x70\x71\x72\x73\x74\x75\x76\x77", 8 },
+    { "78797a7b7c7d7e7f", "\x78\x79\x7A\x7B\x7C\x7D\x7E\x7F", 8 },
+    { "8081828384858687", "\x80\x81\x82\x83\x84\x85\x86\x87", 8 },
+    { "88898a8b8c8d8e8f", "\x88\x89\x8A\x8B\x8C\x8D\x8E\x8F", 8 },
+    { "9091929394959697", "\x90\x91\x92\x93\x94\x95\x96\x97", 8 },
+    { "98999a9b9c9d9e9f", "\x98\x99\x9A\x9B\x9C\x9D\x9E\x9F", 8 },
+    { "a0a1a2a3a4a5a6a7", "\xA0\xA1\xA2\xA3\xA4\xA5\xA6\xA7", 8 },
+    { "a8a9aaabacadaeaf", "\xA8\xA9\xAA\xAB\xAC\xAD\xAE\xAF", 8 },
+    { "b0b1b2b3b4b5b6b7", "\xB0\xB1\xB2\xB3\xB4\xB5\xB6\xB7", 8 },
+    { "b8b9babbbcbdbebf", "\xB8\xB9\xBA\xBB\xBC\xBD\xBE\xBF", 8 },
+    { "c0c1c2c3c4c5c6c7", "\xC0\xC1\xC2\xC3\xC4\xC5\xC6\xC7", 8 },
+    { "c8c9cacbcccdcecf", "\xC8\xC9\xCA\xCB\xCC\xCD\xCE\xCF", 8 },
+    { "d0d1d2d3d4d5d6d7", "\xD0\xD1\xD2\xD3\xD4\xD5\xD6\xD7", 8 },
+    { "d8d9dadbdcdddedf", "\xD8\xD9\xDA\xDB\xDC\xDD\xDE\xDF", 8 },
+    { "e0e1e2e3e4e5e6e7", "\xE0\xE1\xE2\xE3\xE4\xE5\xE6\xE7", 8 },
+    { "e8e9eaebecedeeef", "\xE8\xE9\xEA\xEB\xEC\xED\xEE\xEF", 8 },
+    { "f0f1f2f3f4f5f6f7", "\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7", 8 },
+    { "f8f9fafbfcfdfeff", "\xF8\xF9\xFA\xFB\xFC\xFD\xFE\xFF", 8 },
+
+    /* All byte values, uppercase */
+    { "0001020304050607", "\x00\x01\x02\x03\x04\x05\x06\x07", 8, 1 },
+    { "08090A0B0C0D0E0F", "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", 8, 1 },
+    { "1011121314151617", "\x10\x11\x12\x13\x14\x15\x16\x17", 8, 1 },
+    { "18191A1B1C1D1E1F", "\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", 8, 1 },
+    { "2021222324252627", "\x20\x21\x22\x23\x24\x25\x26\x27", 8, 1 },
+    { "28292A2B2C2D2E2F", "\x28\x29\x2A\x2B\x2C\x2D\x2E\x2F", 8, 1 },
+    { "3031323334353637", "\x30\x31\x32\x33\x34\x35\x36\x37", 8, 1 },
+    { "38393A3B3C3D3E3F", "\x38\x39\x3A\x3B\x3C\x3D\x3E\x3F", 8, 1 },
+    { "4041424344454647", "\x40\x41\x42\x43\x44\x45\x46\x47", 8, 1 },
+    { "48494A4B4C4D4E4F", "\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F", 8, 1 },
+    { "5051525354555657", "\x50\x51\x52\x53\x54\x55\x56\x57", 8, 1 },
+    { "58595A5B5C5D5E5F", "\x58\x59\x5A\x5B\x5C\x5D\x5E\x5F", 8, 1 },
+    { "6061626364656667", "\x60\x61\x62\x63\x64\x65\x66\x67", 8, 1 },
+    { "68696A6B6C6D6E6F", "\x68\x69\x6A\x6B\x6C\x6D\x6E\x6F", 8, 1 },
+    { "7071727374757677", "\x70\x71\x72\x73\x74\x75\x76\x77", 8, 1 },
+    { "78797A7B7C7D7E7F", "\x78\x79\x7A\x7B\x7C\x7D\x7E\x7F", 8, 1 },
+    { "8081828384858687", "\x80\x81\x82\x83\x84\x85\x86\x87", 8, 1 },
+    { "88898A8B8C8D8E8F", "\x88\x89\x8A\x8B\x8C\x8D\x8E\x8F", 8, 1 },
+    { "9091929394959697", "\x90\x91\x92\x93\x94\x95\x96\x97", 8, 1 },
+    { "98999A9B9C9D9E9F", "\x98\x99\x9A\x9B\x9C\x9D\x9E\x9F", 8, 1 },
+    { "A0A1A2A3A4A5A6A7", "\xA0\xA1\xA2\xA3\xA4\xA5\xA6\xA7", 8, 1 },
+    { "A8A9AAABACADAEAF", "\xA8\xA9\xAA\xAB\xAC\xAD\xAE\xAF", 8, 1 },
+    { "B0B1B2B3B4B5B6B7", "\xB0\xB1\xB2\xB3\xB4\xB5\xB6\xB7", 8, 1 },
+    { "B8B9BABBBCBDBEBF", "\xB8\xB9\xBA\xBB\xBC\xBD\xBE\xBF", 8, 1 },
+    { "C0C1C2C3C4C5C6C7", "\xC0\xC1\xC2\xC3\xC4\xC5\xC6\xC7", 8, 1 },
+    { "C8C9CACBCCCDCECF", "\xC8\xC9\xCA\xCB\xCC\xCD\xCE\xCF", 8, 1 },
+    { "D0D1D2D3D4D5D6D7", "\xD0\xD1\xD2\xD3\xD4\xD5\xD6\xD7", 8, 1 },
+    { "D8D9DADBDCDDDEDF", "\xD8\xD9\xDA\xDB\xDC\xDD\xDE\xDF", 8, 1 },
+    { "E0E1E2E3E4E5E6E7", "\xE0\xE1\xE2\xE3\xE4\xE5\xE6\xE7", 8, 1 },
+    { "E8E9EAEBECEDEEEF", "\xE8\xE9\xEA\xEB\xEC\xED\xEE\xEF", 8, 1 },
+    { "F0F1F2F3F4F5F6F7", "\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7", 8, 1 },
+    { "F8F9FAFBFCFDFEFF", "\xF8\xF9\xFA\xFB\xFC\xFD\xFE\xFF", 8, 1 },
+};
+
+int main()
+{
+    size_t i;
+    char *hex;
+    int ret;
+    uint8_t *bytes;
+    size_t len;
+
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        if (tests[i].binary == NULL) {
+            ret = k5_hex_decode(tests[i].hex, &bytes, &len);
+            assert(ret == EINVAL && bytes == NULL && len == 0);
+            continue;
+        }
+
+        ret = k5_hex_decode(tests[i].hex, &bytes, &len);
+        assert(ret == 0);
+        assert(len == tests[i].binary_len);
+        assert(memcmp(bytes, tests[i].binary, len) == 0);
+        assert(bytes[len] == 0);
+        free(bytes);
+
+        ret = k5_hex_encode((uint8_t *)tests[i].binary, tests[i].binary_len,
+                            tests[i].uppercase, &hex);
+        assert(ret == 0);
+        assert(strcmp(tests[i].hex, hex) == 0);
+        free(hex);
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_json.c b/krb5-1.21.3/src/util/support/t_json.c
new file mode 100644
index 00000000..1f229247
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_json.c
@@ -0,0 +1,329 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_json.c - JSON test program */
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <k5-json.h>
+
+static void
+err(const char *str)
+{
+    fprintf(stderr, "%s\n", str);
+    exit(1);
+}
+
+static void
+check(int pred, const char *str)
+{
+    if (!pred)
+        err(str);
+}
+
+static void
+test_array()
+{
+    k5_json_string v1;
+    k5_json_number v2;
+    k5_json_null v3;
+    k5_json_array a;
+    k5_json_value v;
+
+    k5_json_array_create(&a);
+    k5_json_string_create("abc", &v1);
+    k5_json_array_add(a, v1);
+    k5_json_number_create(2, &v2);
+    k5_json_array_add(a, v2);
+    k5_json_null_create(&v3);
+    k5_json_array_add(a, v3);
+
+    check(k5_json_array_length(a) == 3, "array length");
+    v = k5_json_array_get(a, 2);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NULL, "array[2] tid");
+    v = k5_json_array_get(a, 1);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NUMBER, "array[1] tid");
+    check(k5_json_number_value(v) == 2, "array[1] value");
+    v = k5_json_array_get(a, 0);
+    check(k5_json_get_tid(v) == K5_JSON_TID_STRING, "array[0] tid");
+    check(strcmp(k5_json_string_utf8(v), "abc") == 0, "array[0] value");
+
+    k5_json_release(v1);
+    k5_json_release(v2);
+    k5_json_release(a);
+
+    k5_json_array_fmt(&a, "vnbiLssB", v3, 1, 9, (long long)-6, "def", NULL,
+                      (void *)"ghij", (size_t)4);
+    v = k5_json_array_get(a, 0);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NULL, "fmt array[0] tid");
+    v = k5_json_array_get(a, 1);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NULL, "fmt array[1] tid");
+    v = k5_json_array_get(a, 2);
+    check(k5_json_get_tid(v) == K5_JSON_TID_BOOL, "fmt array[2] tid");
+    check(k5_json_bool_value(v), "fmt array[2] value");
+    v = k5_json_array_get(a, 3);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NUMBER, "fmt array[3] tid");
+    check(k5_json_number_value(v) == 9, "fmt array[3] value");
+    v = k5_json_array_get(a, 4);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NUMBER, "fmt array[4] tid");
+    check(k5_json_number_value(v) == -6, "fmt array[4] value");
+    v = k5_json_array_get(a, 5);
+    check(k5_json_get_tid(v) == K5_JSON_TID_STRING, "fmt array[5] tid");
+    check(strcmp(k5_json_string_utf8(v), "def") == 0, "fmt array[5] value");
+    v = k5_json_array_get(a, 6);
+    check(k5_json_get_tid(v) == K5_JSON_TID_NULL, "fmt array[6] tid");
+    v = k5_json_array_get(a, 7);
+    check(k5_json_get_tid(v) == K5_JSON_TID_STRING, "fmt array[7] tid");
+    check(strcmp(k5_json_string_utf8(v), "Z2hpag==") == 0,
+          "fmt array[7] value");
+    k5_json_release(v3);
+    k5_json_release(a);
+}
+
+static void
+test_object(void)
+{
+    k5_json_object object;
+    k5_json_number n, v1;
+    k5_json_string s, v2;
+
+    k5_json_object_create(&object);
+    k5_json_number_create(1, &v1);
+    k5_json_object_set(object, "key1", v1);
+    k5_json_string_create("hejsan", &v2);
+    k5_json_object_set(object, "key2", v2);
+
+    n = k5_json_object_get(object, "key1");
+    if (k5_json_number_value(n) != 1)
+        err("Retrieving key1 from object failed");
+
+    s = k5_json_object_get(object, "key2");
+    if (strcmp(k5_json_string_utf8(s), "hejsan") != 0)
+        err("Retrieving key2 from object failed");
+
+    check(k5_json_object_get(object, "key3") == NULL,
+          "object nonexistent key");
+
+    k5_json_object_set(object, "key1", NULL);
+    check(k5_json_object_get(object, "key1") == NULL,
+          "object removed key");
+    check(k5_json_object_get(object, "key2") != NULL,
+          "object remaining key");
+
+    k5_json_release(v1);
+    k5_json_release(v2);
+    k5_json_release(object);
+}
+
+static void
+test_string(void)
+{
+    k5_json_string s1, s2, s3;
+    unsigned char *data;
+    size_t len;
+
+    k5_json_string_create("hejsan", &s1);
+    k5_json_string_create("hejsan", &s2);
+    k5_json_string_create_base64("55555", 5, &s3);
+
+    if (strcmp(k5_json_string_utf8(s1), k5_json_string_utf8(s2)) != 0)
+        err("Identical strings are not identical");
+    if (strcmp(k5_json_string_utf8(s3), "NTU1NTU=") != 0)
+        err("base64 string has incorrect value");
+    k5_json_string_unbase64(s3, &data, &len);
+    if (len != 5 || memcmp(data, "55555", 5) != 0)
+        err("base64 string doesn't decode to correct value");
+    free(data);
+
+    k5_json_release(s1);
+    k5_json_release(s2);
+    k5_json_release(s3);
+}
+
+static void
+test_json(void)
+{
+    static char *tests[] = {
+        "{\"k1\":\"s1\",\"k2\":\"s2\"}",
+        "{\"k1\":[\"s1\",\"s2\",\"s3\"],\"k2\":\"s3\"}",
+        "{\"k1\":{\"k2\":\"s1\",\"k3\":\"s2\",\"k4\":\"s3\"},\"k5\":\"s4\"}",
+        "[\"v1\",\"v2\",[\"v3\",\"v4\",[\"v 5\",\" v 7 \"]],-123456789,"
+        "null,true,false,123456789,\"\"]",
+        "-1",
+        "\"\\\\abc\\\"\\nde\\b\\r/\\ff\\tghi\\u0001\\u001F\"",
+        "9223372036854775807",
+        "-9223372036854775808",
+        NULL
+    };
+    char **tptr, *s, *enc, *p, orig;
+    int i;
+    k5_json_value v, v2;
+
+    check(k5_json_decode("\"string\"", &v) == 0, "string1");
+    check(k5_json_get_tid(v) == K5_JSON_TID_STRING, "string1 tid");
+    check(strcmp(k5_json_string_utf8(v), "string") == 0, "string1 utf8");
+    k5_json_release(v);
+
+    check(k5_json_decode("\t \"foo\\\"bar\" ", &v) == 0, "string2");
+    check(k5_json_get_tid(v) == K5_JSON_TID_STRING, "string2 tid");
+    check(strcmp(k5_json_string_utf8(v), "foo\"bar") == 0, "string2 utf8");
+    k5_json_release(v);
+
+    check(k5_json_decode(" { \"key\" : \"value\" }", &v) == 0, "object1");
+    check(k5_json_get_tid(v) == K5_JSON_TID_OBJECT, "object1 tid");
+    v2 = k5_json_object_get(v, "key");
+    check(v2 != NULL, "object[key]");
+    check(k5_json_get_tid(v2) == K5_JSON_TID_STRING, "object1[key] tid");
+    check(strcmp(k5_json_string_utf8(v2), "value") == 0, "object1[key] utf8");
+    k5_json_release(v);
+
+    check(k5_json_decode("{ \"k1\" : { \"k2\" : \"s2\", \"k3\" : \"s3\" }, "
+                         "\"k4\" : \"s4\" }", &v) == 0, "object2");
+    v2 = k5_json_object_get(v, "k1");
+    check(v2 != NULL, "object2[k1]");
+    check(k5_json_get_tid(v2) == K5_JSON_TID_OBJECT, "object2[k1] tid");
+    v2 = k5_json_object_get(v2, "k3");
+    check(v2 != NULL, "object2[k1][k3]");
+    check(k5_json_get_tid(v2) == K5_JSON_TID_STRING, "object2[k1][k3] tid");
+    check(strcmp(k5_json_string_utf8(v2), "s3") == 0, "object2[k1][k3] utf8");
+    k5_json_release(v);
+
+    check(k5_json_decode("{ \"k1\" : 1 }", &v) == 0, "object3");
+    check(k5_json_get_tid(v) == K5_JSON_TID_OBJECT, "object3 id");
+    v2 = k5_json_object_get(v, "k1");
+    check(k5_json_get_tid(v2) == K5_JSON_TID_NUMBER, "object3[k1] tid");
+    check(k5_json_number_value(v2) == 1, "object3[k1] value");
+    k5_json_release(v);
+
+    check(k5_json_decode("-10", &v) == 0, "number1");
+    check(k5_json_get_tid(v) == K5_JSON_TID_NUMBER, "number1 tid");
+    check(k5_json_number_value(v) == -10, "number1 value");
+    k5_json_release(v);
+
+    check(k5_json_decode("99", &v) == 0, "number2");
+    check(k5_json_get_tid(v) == K5_JSON_TID_NUMBER, "number2 tid");
+    check(k5_json_number_value(v) == 99, "number2 value");
+    k5_json_release(v);
+
+    check(k5_json_decode(" [ 1 ]", &v) == 0, "array1");
+    check(k5_json_get_tid(v) == K5_JSON_TID_ARRAY, "array1 tid");
+    check(k5_json_array_length(v) == 1, "array1 len");
+    v2 = k5_json_array_get(v, 0);
+    check(v2 != NULL, "array1[0]");
+    check(k5_json_get_tid(v2) == K5_JSON_TID_NUMBER, "array1[0] tid");
+    check(k5_json_number_value(v2) == 1, "array1[0] value");
+    k5_json_release(v);
+
+    check(k5_json_decode(" [ -1 ]", &v) == 0, "array2");
+    check(k5_json_get_tid(v) == K5_JSON_TID_ARRAY, "array2 tid");
+    check(k5_json_array_length(v) == 1, "array2 len");
+    v2 = k5_json_array_get(v, 0);
+    check(v2 != NULL, "array2[0]");
+    check(k5_json_get_tid(v2) == K5_JSON_TID_NUMBER, "array2[0] tid");
+    check(k5_json_number_value(v2) == -1, "array2[0] value");
+    k5_json_release(v);
+
+    check(k5_json_decode("18446744073709551616", &v) == EOVERFLOW,
+          "unsigned 64-bit overflow");
+    check(k5_json_decode("9223372036854775808", &v) == EOVERFLOW,
+          "signed 64-bit positive overflow");
+    check(k5_json_decode("-9223372036854775809", &v) == EOVERFLOW,
+          "signed 64-bit negative overflow");
+
+    for (tptr = tests; *tptr != NULL; tptr++) {
+        s = strdup(*tptr);
+        if (k5_json_decode(s, &v))
+            err(s);
+        if (k5_json_encode(v, &enc) || strcmp(enc, s) != 0)
+            err(s);
+        free(enc);
+        k5_json_release(v);
+
+        /* Fuzz bytes.  Parsing may succeed or fail; we're just looking for
+         * memory access bugs. */
+        for (p = s; *p != '\0'; p++) {
+            orig = *p;
+            for (i = 0; i <= 255; i++) {
+                *p = i;
+                k5_json_decode(s, &v);
+                k5_json_release(v);
+            }
+            *p = orig;
+        }
+        free(s);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    test_array();
+    test_object();
+    test_string();
+    test_json();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_k5buf.c b/krb5-1.21.3/src/util/support/t_k5buf.c
new file mode 100644
index 00000000..734b2720
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_k5buf.c
@@ -0,0 +1,259 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_k5buf.c - Test the k5buf string buffer module */
+/*
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-platform.h"
+#include "k5-buf.h"
+#include <stdio.h>
+#include <stdlib.h>
+
+static void
+fail_if(int condition, const char *name)
+{
+    if (condition) {
+        fprintf(stderr, "%s failed\n", name);
+        exit(1);
+    }
+}
+
+/* Test the invariants of a buffer. */
+static void
+check_buf(struct k5buf *buf, const char *name)
+{
+    fail_if(buf->buftype != K5BUF_FIXED && buf->buftype != K5BUF_DYNAMIC &&
+            buf->buftype != K5BUF_ERROR, name);
+    if (buf->buftype == K5BUF_ERROR) {
+        fail_if(buf->data != NULL, name);
+        fail_if(buf->space != 0 || buf->len != 0, name);
+    } else {
+        fail_if(buf->space == 0, name);
+        fail_if(buf->len >= buf->space, name);
+    }
+}
+
+static void
+test_basic()
+{
+    struct k5buf buf;
+    char storage[1024];
+
+    k5_buf_init_fixed(&buf, storage, sizeof(storage));
+    k5_buf_add(&buf, "Hello ");
+    k5_buf_add_len(&buf, "world", 5);
+    check_buf(&buf, "basic fixed");
+    fail_if(buf.data == NULL || buf.len != 11, "basic fixed");
+    fail_if(memcmp(buf.data, "Hello world", 11) != 0, "basic fixed");
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, "Hello", 5);
+    k5_buf_add(&buf, " world");
+    check_buf(&buf, "basic dynamic");
+    fail_if(buf.data == NULL || buf.len != 11, "basic dynamic");
+    fail_if(memcmp(buf.data, "Hello world", 11) != 0, "basic dynamic");
+    k5_buf_free(&buf);
+}
+
+static void
+test_realloc()
+{
+    struct k5buf buf;
+    char data[1024];
+    size_t i;
+
+    for (i = 0; i < sizeof(data); i++)
+        data[i] = 'a';
+
+    /* Cause the buffer size to double from 128 to 256 bytes. */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, data, 10);
+    k5_buf_add_len(&buf, data, 128);
+    fail_if(buf.space != 256, "realloc 1");
+    check_buf(&buf, "realloc 1");
+    fail_if(buf.data == NULL || buf.len != 138, "realloc 1");
+    fail_if(memcmp(buf.data, data, buf.len) != 0, "realloc 1");
+
+    /* Cause the same buffer to double in size to 512 bytes. */
+    k5_buf_add_len(&buf, data, 128);
+    fail_if(buf.space != 512, "realloc 2");
+    check_buf(&buf, "realloc 2");
+    fail_if(buf.data == NULL || buf.len != 266, "realloc 2");
+    fail_if(memcmp(buf.data, data, buf.len) != 0, "realloc 2");
+    k5_buf_free(&buf);
+
+    /* Cause a buffer to increase from 128 to 512 bytes directly. */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, data, 10);
+    k5_buf_add_len(&buf, data, 256);
+    fail_if(buf.space != 512, "realloc 3");
+    check_buf(&buf, "realloc 3");
+    fail_if(buf.data == NULL || buf.len != 266, "realloc 3");
+    fail_if(memcmp(buf.data, data, buf.len) != 0, "realloc 3");
+    k5_buf_free(&buf);
+
+    /* Cause a buffer to increase from 128 to 1024 bytes directly. */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, data, 10);
+    k5_buf_add_len(&buf, data, 512);
+    fail_if(buf.space != 1024, "realloc 4");
+    check_buf(&buf, "realloc 4");
+    fail_if(buf.data == NULL || buf.len != 522, "realloc 4");
+    fail_if(memcmp(buf.data, data, buf.len) != 0, "realloc 4");
+    k5_buf_free(&buf);
+
+    /* Cause a reallocation to fail by integer overflow. */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, data, 100);
+    k5_buf_add_len(&buf, NULL, SIZE_MAX);
+    check_buf(&buf, "realloc 5");
+    fail_if(buf.buftype != K5BUF_ERROR, "realloc 5");
+    k5_buf_free(&buf);
+}
+
+static void
+test_overflow()
+{
+    struct k5buf buf;
+    char storage[10];
+
+    /* Cause a fixed-sized buffer overflow. */
+    k5_buf_init_fixed(&buf, storage, sizeof(storage));
+    k5_buf_add(&buf, "12345");
+    k5_buf_add(&buf, "123456");
+    check_buf(&buf, "overflow 1");
+    fail_if(buf.buftype != K5BUF_ERROR, "overflow 1");
+
+    /* Cause a fixed-sized buffer overflow with integer overflow. */
+    k5_buf_init_fixed(&buf, storage, sizeof(storage));
+    k5_buf_add(&buf, "12345");
+    k5_buf_add_len(&buf, NULL, SIZE_MAX);
+    check_buf(&buf, "overflow 2");
+    fail_if(buf.buftype != K5BUF_ERROR, "overflow 2");
+}
+
+static void
+test_error()
+{
+    struct k5buf buf;
+    char storage[1];
+
+    /* Cause an overflow and then perform actions afterwards. */
+    k5_buf_init_fixed(&buf, storage, sizeof(storage));
+    k5_buf_add(&buf, "12");
+    fail_if(buf.buftype != K5BUF_ERROR, "error");
+    check_buf(&buf, "error");
+    k5_buf_add(&buf, "test");
+    check_buf(&buf, "error");
+    k5_buf_add_len(&buf, "test", 4);
+    check_buf(&buf, "error");
+    k5_buf_truncate(&buf, 3);
+    check_buf(&buf, "error");
+    fail_if(buf.buftype != K5BUF_ERROR, "error");
+}
+
+static void
+test_truncate()
+{
+    struct k5buf buf;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add(&buf, "abcde");
+    k5_buf_add(&buf, "fghij");
+    k5_buf_truncate(&buf, 7);
+    check_buf(&buf, "truncate");
+    fail_if(buf.data == NULL || buf.len != 7, "truncate");
+    fail_if(memcmp(buf.data, "abcdefg", 7) != 0, "truncate");
+    k5_buf_free(&buf);
+}
+
+static void
+test_binary()
+{
+    struct k5buf buf;
+    char data[] = { 'a', 0, 'b' }, *s;
+
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add_len(&buf, data, 3);
+    k5_buf_add_len(&buf, data, 3);
+    check_buf(&buf, "binary");
+    fail_if(buf.data == NULL || buf.len != 6, "binary");
+    s = buf.data;
+    fail_if(s[0] != 'a' || s[1] != 0 || s[2] != 'b', "binary");
+    fail_if(s[3] != 'a' || s[4] != 0 || s[5] != 'b', "binary");
+    k5_buf_free(&buf);
+}
+
+static void
+test_fmt()
+{
+    struct k5buf buf;
+    char storage[10], data[1024];
+    size_t i;
+
+    for (i = 0; i < sizeof(data) - 1; i++)
+        data[i] = 'a';
+    data[i] = '\0';
+
+    /* Format some text into a non-empty fixed buffer. */
+    k5_buf_init_fixed(&buf, storage, sizeof(storage));
+    k5_buf_add(&buf, "foo");
+    k5_buf_add_fmt(&buf, " %d ", 3);
+    check_buf(&buf, "fmt 1");
+    fail_if(buf.data == NULL || buf.len != 6, "fmt 1");
+    fail_if(memcmp(buf.data, "foo 3 ", 6) != 0, "fmt 1");
+
+    /* Overflow the same buffer with formatted text. */
+    k5_buf_add_fmt(&buf, "%d%d%d%d", 1, 2, 3, 4);
+    check_buf(&buf, "fmt 2");
+    fail_if(buf.buftype != K5BUF_ERROR, "fmt 2");
+
+    /* Format some text into a non-empty dynamic buffer. */
+    k5_buf_init_dynamic(&buf);
+    k5_buf_add(&buf, "foo");
+    k5_buf_add_fmt(&buf, " %d ", 3);
+    check_buf(&buf, "fmt 3");
+    fail_if(buf.data == NULL || buf.len != 6, "fmt 3");
+    fail_if(memcmp(buf.data, "foo 3 ", 6) != 0, "fmt 3");
+
+    /* Format more text into the same buffer, causing a big resize. */
+    k5_buf_add_fmt(&buf, "%s", data);
+    check_buf(&buf, "fmt 4");
+    fail_if(buf.space != 2048, "fmt 4");
+    fail_if(buf.data == NULL || buf.len != 1029, "fmt 4");
+    fail_if(memcmp((char *)buf.data + 6, data, 1023) != 0, "fmt 4");
+    k5_buf_free(&buf);
+}
+
+int
+main()
+{
+    test_basic();
+    test_realloc();
+    test_overflow();
+    test_error();
+    test_truncate();
+    test_binary();
+    test_fmt();
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_path.c b/krb5-1.21.3/src/util/support/t_path.c
new file mode 100644
index 00000000..111c27a5
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_path.c
@@ -0,0 +1,196 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_path.c - Path manipulation tests */
+/*
+ * Copyright (C) 2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include <k5-platform.h>
+
+/* For testing purposes, use a different symbol for Windows path semantics. */
+#ifdef _WIN32
+#define WINDOWS_PATHS
+#endif
+
+/*
+ * The ultimate arbiter of these tests is the dirname, basename, and isabs
+ * methods of the Python posixpath and ntpath modules.
+ */
+
+struct {
+    const char *path;
+    const char *posix_dirname;
+    const char *posix_basename;
+    const char *win_dirname;
+    const char *win_basename;
+} split_tests[] = {
+    { "",          "",      "",          "",       ""  },
+    { "a/b/c",     "a/b",   "c",         "a/b",    "c" },
+    { "a/b/",      "a/b",   "",          "a/b",    ""  },
+    { "a\\b\\c",   "",      "a\\b\\c",   "a\\b",   "c" },
+    { "a\\b\\",    "",      "a\\b\\",    "a\\b",   ""  },
+    { "a/b\\c",    "a",     "b\\c",      "a/b",    "c" },
+    { "a//b",      "a",     "b",         "a",      "b" },
+    { "a/\\/b",    "a/\\",  "b",         "a",      "b" },
+    { "a//b/c",    "a//b",  "c",         "a//b",   "c" },
+
+    { "/",         "/",     "",          "/",      ""  },
+    { "\\",        "",      "\\",        "\\",     ""  },
+    { "/a/b/c",    "/a/b",  "c",         "/a/b",   "c" },
+    { "\\a/b/c",   "\\a/b", "c",         "\\a/b",  "c" },
+    { "/a",        "/",     "a",         "/",      "a" },
+    { "//a",       "//",    "a",         "//",     "a" },
+    { "\\//\\a",   "\\",    "\\a",       "\\//\\", "a" },
+
+    { "/:",        "/",     ":",         "/:",     ""  },
+    { "c:\\",      "",      "c:\\",      "c:\\",   ""  },
+    { "c:/",       "c:",    "",          "c:/",    ""  },
+    { "c:/\\a",    "c:",    "\\a",       "c:/\\",  "a" },
+    { "c:a",       "",      "c:a",       "c:",     "a" },
+};
+
+struct {
+    const char *path1;
+    const char *path2;
+    const char *posix_result;
+    const char *win_result;
+} join_tests[] = {
+    { "",     "",     "",         ""      },
+    { "",     "a",    "a",        "a"     },
+    { "",     "/a",   "/a",       "/a"    },
+    { "",     "c:",   "c:",       "c:"    },
+
+    { "a",    "",     "a/",       "a\\"   },
+    { "a/",   "",     "a/",       "a/"    },
+    { "a\\",  "",     "a\\/",     "a\\"   },
+    { "a/\\", "",     "a/\\/",    "a/\\"  },
+
+    { "a",    "b",    "a/b",      "a\\b"  },
+    { "a",    "/b",   "/b",       "/b"    },
+    { "a",    "c:",   "a/c:",     "a\\c:" },
+    { "a",    "c:/",  "a/c:/",    "c:/"   },
+    { "a",    "c:/a", "a/c:/a",   "c:/a"  },
+    { "a",    "/:",   "/:",       "a/:"   },
+    { "a/",   "b",    "a/b",      "a/b"   },
+    { "a/",   "",     "a/",       "a/"    },
+    { "a\\",  "b",    "a\\/b",    "a\\b"  },
+
+    { "a//",  "b",    "a//b",     "a//b"  },
+    { "a/\\", "b",    "a/\\/b",   "a/\\b" },
+};
+
+struct {
+    const char *path;
+    int posix_result;
+    int win_result;
+} isabs_tests[] = {
+    { "",      0, 0 },
+    { "/",     1, 1 },
+    { "/a",    1, 1 },
+    { "a/b",   0, 0 },
+    { "\\",    0, 1 },
+    { "\\a",   0, 1 },
+    { "c:",    0, 0 },
+    { "/:",    1, 0 },
+    { "\\:",   0, 0 },
+    { "c:/a",  0, 1 },
+    { "c:\\a", 0, 1 },
+    { "c:a",   0, 0 },
+    { "c:a/b", 0, 0 },
+    { "/:a/b", 1, 0 },
+};
+
+int
+main(void)
+{
+    char *dirname, *basename, *joined;
+    const char *edirname, *ebasename, *ejoined, *ipath, *path1, *path2;
+    int result, eresult, status = 0;
+    size_t i;
+
+    for (i = 0; i < sizeof(split_tests) / sizeof(*split_tests); i++) {
+        ipath = split_tests[i].path;
+#ifdef WINDOWS_PATHS
+        edirname = split_tests[i].win_dirname;
+        ebasename = split_tests[i].win_basename;
+#else
+        edirname = split_tests[i].posix_dirname;
+        ebasename = split_tests[i].posix_basename;
+#endif
+        if (k5_path_split(ipath, NULL, NULL) != 0)
+            abort();
+        if (k5_path_split(ipath, &dirname, NULL) != 0)
+            abort();
+        free(dirname);
+        if (k5_path_split(ipath, NULL, &basename) != 0)
+            abort();
+        free(basename);
+        if (k5_path_split(ipath, &dirname, &basename) != 0)
+            abort();
+        if (strcmp(dirname, edirname) != 0) {
+            fprintf(stderr, "Split test %d: dirname %s != expected %s\n",
+                    (int)i, dirname, edirname);
+            status = 1;
+        }
+        if (strcmp(basename, ebasename) != 0) {
+            fprintf(stderr, "Split test %d: basename %s != expected %s\n",
+                    (int)i, basename, ebasename);
+            status = 1;
+        }
+        free(dirname);
+        free(basename);
+    }
+
+    for (i = 0; i < sizeof(join_tests) / sizeof(*join_tests); i++) {
+        path1 = join_tests[i].path1;
+        path2 = join_tests[i].path2;
+#ifdef WINDOWS_PATHS
+        ejoined = join_tests[i].win_result;
+#else
+        ejoined = join_tests[i].posix_result;
+#endif
+        if (k5_path_join(path1, path2, &joined) != 0)
+            abort();
+        if (strcmp(joined, ejoined) != 0) {
+            fprintf(stderr, "Join test %d: %s != expected %s\n",
+                    (int)i, joined, ejoined);
+            status = 1;
+        }
+        free(joined);
+    }
+
+    for (i = 0; i < sizeof(isabs_tests) / sizeof(*isabs_tests); i++) {
+#ifdef WINDOWS_PATHS
+        eresult = isabs_tests[i].win_result;
+#else
+        eresult = isabs_tests[i].posix_result;
+#endif
+        result = k5_path_isabs(isabs_tests[i].path);
+        if (result != eresult) {
+            fprintf(stderr, "isabs test %d: %d != expected %d\n",
+                    (int)i, result, eresult);
+            status = 1;
+        }
+    }
+
+    return status;
+}
diff --git a/krb5-1.21.3/src/util/support/t_unal.c b/krb5-1.21.3/src/util/support/t_unal.c
new file mode 100644
index 00000000..f67cd31e
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_unal.c
@@ -0,0 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#undef NDEBUG
+#include "k5-platform.h"
+
+int main ()
+{
+    /* Test some low-level assumptions the Kerberos code depends
+       on.  */
+
+    union {
+        uint64_t n64;
+        uint32_t n32;
+        uint16_t n16;
+        unsigned char b[9];
+    } u;
+    static unsigned char buf[9] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 };
+
+    assert(load_64_be(buf+1) == 0x0102030405060708LL);
+    assert(load_64_le(buf+1) == 0x0807060504030201LL);
+    assert(load_32_le(buf+2) == 0x05040302);
+    assert(load_32_be(buf+2) == 0x02030405);
+    assert(load_16_be(buf+3) == 0x0304);
+    assert(load_16_le(buf+3) == 0x0403);
+    u.b[0] = 0;
+    assert((store_64_be(0x0102030405060708LL, u.b+1), !memcmp(buf, u.b, 9)));
+    u.b[1] = 9;
+    assert((store_64_le(0x0807060504030201LL, u.b+1), !memcmp(buf, u.b, 9)));
+    u.b[2] = 10;
+    assert((store_32_be(0x02030405, u.b+2), !memcmp(buf, u.b, 9)));
+    u.b[3] = 11;
+    assert((store_32_le(0x05040302, u.b+2), !memcmp(buf, u.b, 9)));
+    u.b[4] = 12;
+    assert((store_16_be(0x0304, u.b+3), !memcmp(buf, u.b, 9)));
+    u.b[4] = 13;
+    assert((store_16_le(0x0403, u.b+3), !memcmp(buf, u.b, 9)));
+    /* Verify that load_*_n properly does native format.  Assume
+       the unaligned thing is okay.  */
+    u.n64 = 0x090a0b0c0d0e0f00LL;
+    assert(load_64_n((unsigned char *) &u.n64) == 0x090a0b0c0d0e0f00LL);
+    u.n32 = 0x06070809;
+    assert(load_32_n((unsigned char *) &u.n32) == 0x06070809);
+    u.n16 = 0x0a0b;
+    assert(load_16_n((unsigned char *) &u.n16) == 0x0a0b);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_utf16.c b/krb5-1.21.3/src/util/support/t_utf16.c
new file mode 100644
index 00000000..bc3390a4
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_utf16.c
@@ -0,0 +1,117 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_utf16.c - test UTF-16 conversion functions */
+/*
+ * Copyright (C) 2017 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This program tests conversions between UTF-8 and little-endian UTF-16, with
+ * an eye mainly towards covering UTF-16 edge cases and UTF-8 decoding results
+ * which we detect as invalid in utf8_conv.c.  t_utf8.c covers more UTF-8 edge
+ * cases.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "k5-platform.h"
+#include "k5-utf8.h"
+
+struct test {
+    const char *utf8;
+    const char *utf16;
+    size_t utf16len;
+} tests[] = {
+    { "", "", 0 },
+    { "abcd", "a\0b\0c\0d\0", 8 },
+    /* From RFC 2781 (tests code point 0x12345 and some ASCII) */
+    { "\xF0\x92\x8D\x85=Ra", "\x08\xD8\x45\xDF=\0R\0a\0", 10 },
+    /* Lowest and highest Supplementary Plane code points */
+    { "\xF0\x90\x80\x80 \xF4\x8F\xBF\xBF",
+      "\x00\xD8\x00\xDC \0\xFF\xDB\xFF\xDF", 10 },
+    /* Basic Multilingual Plane code points near and above surrogate range */
+    { "\xED\x9F\xBF", "\xFF\xD7", 2 },
+    { "\xEE\x80\x80 \xEE\xBF\xBF", "\x00\xE0 \0\xFF\xEF", 6 },
+    /* Invalid UTF-8: decodes to value in surrogate pair range */
+    { "\xED\xA0\x80", NULL, 0 }, /* 0xD800 */
+    { "\xED\xAF\xBF", NULL, 0 }, /* 0xDBFF */
+    { "\xED\xB0\x80", NULL, 0 }, /* 0xDC00 */
+    { "\xED\xBF\xBF", NULL, 0 }, /* 0xDFFF */
+    /* Invalid UTF-8: decodes to value above Unicode range */
+    { "\xF4\x90\x80\x80", NULL, 0 },
+    { "\xF4\xBF\xBF\xBF", NULL, 0 },
+    { "\xF5\x80\x80\x80", NULL, 0 }, /* thrown out early due to first byte */
+    /* Invalid UTF-16: odd numbers of UTF-16 bytes */
+    { NULL, "\x00", 1 },
+    { NULL, "\x01\x00\x02", 3 },
+    /* Invalid UTF-16: high surrogate without a following low surrogate */
+    { NULL, "\x00\xD8\x00\x00", 4 },
+    { NULL, "\x00\xD8\xFF\xDB", 4 },
+    { NULL, "\xFF\xDB", 2 },
+    /* Invalid UTF-16: low surrogate without a preceding high surrogate */
+    { NULL, "\x61\x00\x00\xDC", 4 },
+    { NULL, "\xFF\xDF\xFF\xDB", 4 },
+};
+
+int
+main(int argc, char **argv)
+{
+    int ret;
+    struct test *t;
+    size_t i, utf16len;
+    uint8_t *utf16;
+    char *utf8;
+
+    for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
+        t = &tests[i];
+        if (t->utf8 != NULL) {
+            ret = k5_utf8_to_utf16le(t->utf8, &utf16, &utf16len);
+            if (t->utf16 == NULL) {
+                assert(ret == EINVAL);
+            } else {
+                assert(ret == 0);
+                assert(t->utf16len == utf16len);
+                assert(memcmp(t->utf16, utf16, utf16len) == 0);
+                free(utf16);
+            }
+        }
+
+        if (t->utf16 != NULL) {
+            ret = k5_utf16le_to_utf8((uint8_t *)t->utf16, t->utf16len, &utf8);
+            if (t->utf8 == NULL) {
+                assert(ret == EINVAL);
+            } else {
+                assert(ret == 0);
+                assert(strcmp(t->utf8, utf8) == 0);
+                free(utf8);
+            }
+        }
+    }
+    return 0;
+}
diff --git a/krb5-1.21.3/src/util/support/t_utf8.c b/krb5-1.21.3/src/util/support/t_utf8.c
new file mode 100644
index 00000000..6493bae3
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/t_utf8.c
@@ -0,0 +1,209 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/t_utf8.c - test UTF-8 boundary conditions */
+/*
+ * Copyright (C) 2015 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "k5-platform.h"
+#include "k5-utf8.h"
+
+/*
+ * Convenience macro to allow testing of old encodings.
+ *
+ * "Old" means ISO/IEC 10646 prior to 2011, when the highest valid code point
+ * was U+7FFFFFFF instead of U+10FFFF.
+ */
+#ifdef OLDENCODINGS
+#define L(x) (x)
+#else
+#define L(x) 0
+#endif
+
+/*
+ * len is 0 for invalid encoding prefixes (KRB5_UTF8_CHARLEN2() partially
+ * enforces the validity of the first two bytes, based on masking the second
+ * byte.  It doesn't check whether bit 6 is 0, though, and doesn't catch the
+ * range between U+110000 and U+13FFFF).
+ *
+ * ucs is 0 for invalid encodings (including ones with valid prefixes according
+ * to KRB5_UTF8_CHARLEN2(); krb5int_utf8_to_ucs4() will still fail on them
+ * because it checks more things.)  Code points above U+10FFFF are excluded by
+ * the actual test code and remain in the table for possibly testing the old
+ * implementation that didn't exclude them.
+ *
+ * Neither krb5int_ucs4_to_utf8() nor krb5int_utf8_to_ucs4() excludes the
+ * surrogate pair range.
+ */
+struct testcase {
+    const char *p;
+    krb5_ucs4 ucs;
+    int len;
+} testcases[] = {
+    { "\x7f", 0x0000007f, 1 },             /* Lowest 1-byte encoding */
+    { "\xc0\x80", 0x00000000, 0 },         /* Invalid 2-byte encoding */
+    { "\xc2\x80", 0x00000080, 2 },         /* Lowest valid 2-byte encoding */
+    { "\xdf\xbf", 0x000007ff, 2 },         /* Highest valid 2-byte encoding*/
+    { "\xdf\xff", 0x00000000, 2 },         /* Invalid 2-byte encoding*/
+    { "\xe0\x80\x80", 0x00000000, 0 },     /* Invalid 3-byte encoding */
+    { "\xe0\xa0\x80", 0x00000800, 3 },     /* Lowest valid 3-byte encoding */
+    { "\xef\xbf\xbf", 0x0000ffff, 3 },     /* Highest valid 3-byte encoding */
+    { "\xef\xff\xff", 0x00000000, 3 },     /* Invalid 3-byte encoding */
+    { "\xf0\x80\x80\x80", 0x00000000, 0 }, /* Invalid 4-byte encoding */
+    { "\xf0\x90\x80\x80", 0x00010000, 4 }, /* Lowest valid 4-byte encoding */
+    { "\xf4\x8f\xbf\xbf", 0x0010ffff, 4 }, /* Highest valid 4-byte encoding */
+    /* Next higher 4-byte encoding (old) */
+    { "\xf4\x90\x80\x80", 0x00110000, 4 },
+    /* Highest 4-byte encoding starting with 0xf4 (old) */
+    { "\xf4\xbf\xbf\xbf", 0x0013ffff, 4 },
+    /* Next higher 4-byte prefix byte (old) */
+    { "\xf5\x80\x80\x80", 0x00140000, L(4) },
+    /* Highest valid 4-byte encoding (old) */
+    { "\xf7\xbf\xbf\xbf", 0x001fffff, L(4) },
+    /* Invalid 4-byte encoding */
+    { "\xf7\xff\xff\xff", 0x00000000, L(4) },
+    /* Invalid 5-byte encoding */
+    { "\xf8\x80\x80\x80\x80", 0x00000000, 0 },
+    /* Lowest valid 5-byte encoding (old) */
+    { "\xf8\x88\x80\x80\x80", 0x00200000, L(5) },
+    /* Highest valid 5-byte encoding (old) */
+    { "\xfb\xbf\xbf\xbf\xbf", 0x03ffffff, L(5) },
+    /* Invalid 5-byte encoding */
+    { "\xfb\xff\xff\xff\xff", 0x00000000, L(5) },
+    /* Invalid 6-byte encoding */
+    { "\xfc\x80\x80\x80\x80\x80", 0x00000000, 0 },
+    /* Lowest valid 6-byte encoding (old) */
+    { "\xfc\x84\x80\x80\x80\x80", 0x04000000, L(6) },
+    /* Highest valid 6-byte encoding (old) */
+    { "\xfd\xbf\xbf\xbf\xbf\xbf", 0x7fffffff, L(6) },
+    /* Invalid 6-byte encoding */
+    { "\xfd\xff\xff\xff\xff\xff", 0x00000000, L(6) },
+};
+
+static void
+printhex(const char *p)
+{
+    for (; *p != '\0'; p++) {
+        printf("%02x ", (unsigned char)*p);
+    }
+}
+
+static void
+printtest(struct testcase *t)
+{
+    printhex(t->p);
+    printf("0x%08lx, %d\n", (unsigned long)t->ucs, t->len);
+}
+
+static int
+test_decode(struct testcase *t, int high4)
+{
+    int len, status = 0;
+    krb5_ucs4 u = 0;
+
+    len = KRB5_UTF8_CHARLEN2(t->p, len);
+    if (len != t->len) {
+        printf("expected len=%d, got len=%d\n", t->len, len);
+        status = 1;
+    }
+    if ((t->len == 0 || high4) && krb5int_utf8_to_ucs4(t->p, &u) != -1) {
+        printf("unexpected success in utf8_to_ucs4\n");
+        status = 1;
+    }
+    if (krb5int_utf8_to_ucs4(t->p, &u) != 0 && t->ucs != 0 && !high4) {
+        printf("unexpected failure in utf8_to_ucs4\n");
+        status = 1;
+    }
+    if (t->ucs != u && !high4) {
+        printf("expected 0x%08lx, got 0x%08lx\n", (unsigned long)t->ucs,
+               (unsigned long)u);
+        status = 1;
+    }
+    return status;
+}
+
+static int
+test_encode(struct testcase *t, int high4)
+{
+    size_t size;
+    char buf[7];
+
+    memset(buf, 0, sizeof(buf));
+    size = krb5int_ucs4_to_utf8(t->ucs, buf);
+    if (high4 && size != 0) {
+        printf("unexpected success beyond U+10FFFF\n");
+        return 1;
+    }
+    if (!high4 && size == 0) {
+        printf("unexpected zero size on encode\n");
+        return 1;
+    }
+    if (size != 0 && strcmp(t->p, buf) != 0) {
+        printf("expected ");
+        printhex(t->p);
+        printf("got ");
+        printhex(buf);
+        printf("\n");
+        return 1;
+    }
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    size_t ncases = sizeof(testcases) / sizeof(testcases[0]);
+    size_t i;
+    struct testcase *t;
+    int status = 0, verbose = 0;
+    /* Is this a "high" 4-byte encoding above U+10FFFF? */
+    int high4;
+
+    if (argc == 2 && strcmp(argv[1], "-v") == 0)
+        verbose = 1;
+    for (i = 0; i < ncases; i++) {
+        t = &testcases[i];
+        if (verbose)
+            printtest(t);
+#ifndef OLDENCODINGS
+        high4 = t->ucs > 0x10ffff;
+#else
+        high4 = 0;
+#endif
+        if (test_decode(t, high4) != 0)
+            status = 1;
+        if (t->ucs == 0)
+            continue;
+        if (test_encode(t, high4) != 0)
+            status = 1;
+    }
+    return status;
+}
diff --git a/krb5-1.21.3/src/util/support/threads.c b/krb5-1.21.3/src/util/support/threads.c
new file mode 100644
index 00000000..be7e4c2e
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/threads.c
@@ -0,0 +1,608 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/threads.c - Portable thread support */
+/*
+ * Copyright 2004,2005,2006,2007,2008 by the Massachusetts Institute of
+ * Technology.  All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#define THREAD_SUPPORT_IMPL
+#include "k5-platform.h"
+#include "k5-thread.h"
+#include "supp-int.h"
+
+MAKE_INIT_FUNCTION(krb5int_thread_support_init);
+MAKE_FINI_FUNCTION(krb5int_thread_support_fini);
+
+/* This function used to be referenced from elsewhere in the tree, but is now
+ * only used internally.  Keep it linker-visible for now. */
+int krb5int_pthread_loaded(void);
+
+#ifndef ENABLE_THREADS /* no thread support */
+
+static void (*destructors[K5_KEY_MAX])(void *);
+struct tsd_block { void *values[K5_KEY_MAX]; };
+static struct tsd_block tsd_no_threads;
+static unsigned char destructors_set[K5_KEY_MAX];
+
+int krb5int_pthread_loaded (void)
+{
+    return 0;
+}
+
+#elif defined(_WIN32)
+
+static DWORD tls_idx;
+static CRITICAL_SECTION key_lock;
+struct tsd_block {
+    void *values[K5_KEY_MAX];
+};
+static void (*destructors[K5_KEY_MAX])(void *);
+static unsigned char destructors_set[K5_KEY_MAX];
+
+void krb5int_thread_detach_hook (void)
+{
+    /* XXX Memory leak here!
+       Need to destroy all TLS objects we know about for this thread.  */
+    struct tsd_block *t;
+    int i, err;
+
+    err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
+    if (err)
+        return;
+
+    t = TlsGetValue(tls_idx);
+    if (t == NULL)
+        return;
+    for (i = 0; i < K5_KEY_MAX; i++) {
+        if (destructors_set[i] && destructors[i] && t->values[i]) {
+            void *v = t->values[i];
+            t->values[i] = 0;
+            (*destructors[i])(v);
+        }
+    }
+}
+
+/* Stub function not used on Windows. */
+int krb5int_pthread_loaded (void)
+{
+    return 0;
+}
+#else /* POSIX threads */
+
+/* Must support register/delete/register sequence, e.g., if krb5 is
+   loaded so this support code stays in the process, and gssapi is
+   loaded, unloaded, and loaded again.  */
+
+static k5_mutex_t key_lock = K5_MUTEX_PARTIAL_INITIALIZER;
+static void (*destructors[K5_KEY_MAX])(void *);
+static unsigned char destructors_set[K5_KEY_MAX];
+
+/* This is not safe yet!
+
+   Thread termination concurrent with key deletion can cause two
+   threads to interfere.  It's a bit tricky, since one of the threads
+   will want to remove this structure from the list being walked by
+   the other.
+
+   Other cases, like looking up data while the library owning the key
+   is in the process of being unloaded, we don't worry about.  */
+
+struct tsd_block {
+    struct tsd_block *next;
+    void *values[K5_KEY_MAX];
+};
+
+#ifdef HAVE_PRAGMA_WEAK_REF
+# pragma weak pthread_once
+# pragma weak pthread_mutex_lock
+# pragma weak pthread_mutex_unlock
+# pragma weak pthread_mutex_destroy
+# pragma weak pthread_mutex_init
+# pragma weak pthread_self
+# pragma weak pthread_equal
+# pragma weak pthread_getspecific
+# pragma weak pthread_setspecific
+# pragma weak pthread_key_create
+# pragma weak pthread_key_delete
+# pragma weak pthread_create
+# pragma weak pthread_join
+# define K5_PTHREADS_LOADED     (krb5int_pthread_loaded())
+static volatile int flag_pthread_loaded = -1;
+static void loaded_test_aux(void)
+{
+    if (flag_pthread_loaded == -1)
+        flag_pthread_loaded = 1;
+    else
+        /* Could we have been called twice?  */
+        flag_pthread_loaded = 0;
+}
+static pthread_once_t loaded_test_once = PTHREAD_ONCE_INIT;
+int krb5int_pthread_loaded (void)
+{
+    int x = flag_pthread_loaded;
+    if (x != -1)
+        return x;
+    if (&pthread_getspecific == 0
+        || &pthread_setspecific == 0
+        || &pthread_key_create == 0
+        || &pthread_key_delete == 0
+        || &pthread_once == 0
+        || &pthread_mutex_lock == 0
+        || &pthread_mutex_unlock == 0
+        || &pthread_mutex_destroy == 0
+        || &pthread_mutex_init == 0
+        || &pthread_self == 0
+        || &pthread_equal == 0
+        /* Any program that's really multithreaded will have to be
+           able to create threads.  */
+        || &pthread_create == 0
+        || &pthread_join == 0
+        /* Okay, all the interesting functions -- or stubs for them --
+           seem to be present.  If we call pthread_once, does it
+           actually seem to cause the indicated function to get called
+           exactly one time?  */
+        || pthread_once(&loaded_test_once, loaded_test_aux) != 0
+        || pthread_once(&loaded_test_once, loaded_test_aux) != 0
+        /* This catches cases where pthread_once does nothing, and
+           never causes the function to get called.  That's a pretty
+           clear violation of the POSIX spec, but hey, it happens.  */
+        || flag_pthread_loaded < 0) {
+        flag_pthread_loaded = 0;
+        return 0;
+    }
+    /* If we wanted to be super-paranoid, we could try testing whether
+       pthread_get/setspecific work, too.  I don't know -- so far --
+       of any system with non-functional stubs for those.  */
+    return flag_pthread_loaded;
+}
+
+static struct tsd_block tsd_if_single;
+# define GET_NO_PTHREAD_TSD()   (&tsd_if_single)
+#else
+# define K5_PTHREADS_LOADED     (1)
+int krb5int_pthread_loaded (void)
+{
+    return 1;
+}
+
+# define GET_NO_PTHREAD_TSD()   (abort(),(struct tsd_block *)0)
+#endif
+
+static pthread_key_t key;
+static void thread_termination(void *);
+
+static void thread_termination (void *tptr)
+{
+    int i, pass, none_found;
+    struct tsd_block *t = tptr;
+
+    k5_mutex_lock(&key_lock);
+
+    /*
+     * Make multiple passes in case, for example, a libkrb5 cleanup
+     * function wants to print out an error message, which causes
+     * com_err to allocate a thread-specific buffer, after we just
+     * freed up the old one.
+     *
+     * Shouldn't actually happen, if we're careful, but check just in
+     * case.
+     */
+
+    pass = 0;
+    none_found = 0;
+    while (pass < 4 && !none_found) {
+        none_found = 1;
+        for (i = 0; i < K5_KEY_MAX; i++) {
+            if (destructors_set[i] && destructors[i] && t->values[i]) {
+                void *v = t->values[i];
+                t->values[i] = 0;
+                (*destructors[i])(v);
+                none_found = 0;
+            }
+        }
+    }
+    free (t);
+    k5_mutex_unlock(&key_lock);
+
+    /* remove thread from global linked list */
+}
+
+#endif /* no threads vs Win32 vs POSIX */
+
+void *k5_getspecific (k5_key_t keynum)
+{
+    struct tsd_block *t;
+    int err;
+
+    err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
+    if (err)
+        return NULL;
+
+    assert(destructors_set[keynum] == 1);
+
+#ifndef ENABLE_THREADS
+
+    t = &tsd_no_threads;
+
+#elif defined(_WIN32)
+
+    t = TlsGetValue(tls_idx);
+
+#else /* POSIX */
+
+    if (K5_PTHREADS_LOADED)
+        t = pthread_getspecific(key);
+    else
+        t = GET_NO_PTHREAD_TSD();
+
+#endif
+
+    if (t == NULL)
+        return NULL;
+    return t->values[keynum];
+}
+
+int k5_setspecific (k5_key_t keynum, void *value)
+{
+    struct tsd_block *t;
+    int err;
+
+    err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
+    if (err)
+        return err;
+
+    assert(destructors_set[keynum] == 1);
+
+#ifndef ENABLE_THREADS
+
+    t = &tsd_no_threads;
+
+#elif defined(_WIN32)
+
+    t = TlsGetValue(tls_idx);
+    if (t == NULL) {
+        int i;
+        t = malloc(sizeof(*t));
+        if (t == NULL)
+            return ENOMEM;
+        for (i = 0; i < K5_KEY_MAX; i++)
+            t->values[i] = 0;
+        /* add to global linked list */
+        /*      t->next = 0; */
+        err = TlsSetValue(tls_idx, t);
+        if (!err) {
+            free(t);
+            return GetLastError();
+        }
+    }
+
+#else /* POSIX */
+
+    if (K5_PTHREADS_LOADED) {
+        t = pthread_getspecific(key);
+        if (t == NULL) {
+            int i;
+            t = malloc(sizeof(*t));
+            if (t == NULL)
+                return ENOMEM;
+            for (i = 0; i < K5_KEY_MAX; i++)
+                t->values[i] = 0;
+            /* add to global linked list */
+            t->next = 0;
+            err = pthread_setspecific(key, t);
+            if (err) {
+                free(t);
+                return err;
+            }
+        }
+    } else {
+        t = GET_NO_PTHREAD_TSD();
+    }
+
+#endif
+
+    t->values[keynum] = value;
+    return 0;
+}
+
+int k5_key_register (k5_key_t keynum, void (*destructor)(void *))
+{
+    int err;
+
+    err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
+    if (err)
+        return err;
+
+#ifndef ENABLE_THREADS
+
+    assert(destructors_set[keynum] == 0);
+    destructors[keynum] = destructor;
+    destructors_set[keynum] = 1;
+
+#elif defined(_WIN32)
+
+    /* XXX: This can raise EXCEPTION_POSSIBLE_DEADLOCK.  */
+    EnterCriticalSection(&key_lock);
+    assert(destructors_set[keynum] == 0);
+    destructors_set[keynum] = 1;
+    destructors[keynum] = destructor;
+    LeaveCriticalSection(&key_lock);
+
+#else /* POSIX */
+
+    k5_mutex_lock(&key_lock);
+    assert(destructors_set[keynum] == 0);
+    destructors_set[keynum] = 1;
+    destructors[keynum] = destructor;
+    k5_mutex_unlock(&key_lock);
+
+#endif
+    return 0;
+}
+
+int k5_key_delete (k5_key_t keynum)
+{
+#ifndef ENABLE_THREADS
+
+    assert(destructors_set[keynum] == 1);
+    if (destructors[keynum] && tsd_no_threads.values[keynum])
+        (*destructors[keynum])(tsd_no_threads.values[keynum]);
+    destructors[keynum] = 0;
+    tsd_no_threads.values[keynum] = 0;
+    destructors_set[keynum] = 0;
+
+#elif defined(_WIN32)
+
+    /* XXX: This can raise EXCEPTION_POSSIBLE_DEADLOCK.  */
+    EnterCriticalSection(&key_lock);
+    /* XXX Memory leak here!
+       Need to destroy the associated data for all threads.
+       But watch for race conditions in case threads are going away too.  */
+    assert(destructors_set[keynum] == 1);
+    destructors_set[keynum] = 0;
+    destructors[keynum] = 0;
+    LeaveCriticalSection(&key_lock);
+
+#else /* POSIX */
+
+    /* XXX RESOURCE LEAK: Need to destroy the allocated objects first!  */
+    k5_mutex_lock(&key_lock);
+    assert(destructors_set[keynum] == 1);
+    destructors_set[keynum] = 0;
+    destructors[keynum] = NULL;
+    k5_mutex_unlock(&key_lock);
+
+#endif
+
+    return 0;
+}
+
+int krb5int_call_thread_support_init (void)
+{
+    return CALL_INIT_FUNCTION(krb5int_thread_support_init);
+}
+
+#include "cache-addrinfo.h"
+
+int krb5int_thread_support_init (void)
+{
+    int err;
+
+#ifdef SHOW_INITFINI_FUNCS
+    printf("krb5int_thread_support_init\n");
+#endif
+
+#ifndef ENABLE_THREADS
+
+    /* Nothing to do for TLS initialization.  */
+
+#elif defined(_WIN32)
+
+    tls_idx = TlsAlloc();
+    /* XXX This can raise an exception if memory is low!  */
+    InitializeCriticalSection(&key_lock);
+
+#else /* POSIX */
+
+    err = k5_mutex_finish_init(&key_lock);
+    if (err)
+        return err;
+    if (K5_PTHREADS_LOADED) {
+        err = pthread_key_create(&key, thread_termination);
+        if (err)
+            return err;
+    }
+
+#endif
+
+    err = krb5int_init_fac();
+    if (err)
+        return err;
+
+    err = krb5int_err_init();
+    if (err)
+        return err;
+
+    return 0;
+}
+
+void krb5int_thread_support_fini (void)
+{
+    if (! INITIALIZER_RAN (krb5int_thread_support_init))
+        return;
+
+#ifdef SHOW_INITFINI_FUNCS
+    printf("krb5int_thread_support_fini\n");
+#endif
+
+#ifndef ENABLE_THREADS
+
+    /* Do nothing.  */
+
+#elif defined(_WIN32)
+
+    /* ... free stuff ... */
+    TlsFree(tls_idx);
+    DeleteCriticalSection(&key_lock);
+
+#else /* POSIX */
+
+    if (! INITIALIZER_RAN(krb5int_thread_support_init))
+        return;
+    if (K5_PTHREADS_LOADED)
+        pthread_key_delete(key);
+    /* ... delete stuff ... */
+    k5_mutex_destroy(&key_lock);
+
+#endif
+
+    krb5int_fini_fac();
+}
+
+/* Mutex allocation functions, for use in plugins that may not know
+   what options a given set of libraries was compiled with.  */
+int KRB5_CALLCONV
+krb5int_mutex_alloc (k5_mutex_t **m)
+{
+    k5_mutex_t *ptr;
+    int err;
+
+    ptr = malloc (sizeof (k5_mutex_t));
+    if (ptr == NULL)
+        return ENOMEM;
+    err = k5_mutex_init (ptr);
+    if (err) {
+        free (ptr);
+        return err;
+    }
+    *m = ptr;
+    return 0;
+}
+
+void KRB5_CALLCONV
+krb5int_mutex_free (k5_mutex_t *m)
+{
+    (void) k5_mutex_destroy (m);
+    free (m);
+}
+
+/* Callable versions of the various macros.  */
+void KRB5_CALLCONV
+krb5int_mutex_lock (k5_mutex_t *m)
+{
+    k5_mutex_lock (m);
+}
+void KRB5_CALLCONV
+krb5int_mutex_unlock (k5_mutex_t *m)
+{
+    k5_mutex_unlock (m);
+}
+
+#ifdef USE_CONDITIONAL_PTHREADS
+
+int
+k5_os_mutex_init(k5_os_mutex *m)
+{
+    if (krb5int_pthread_loaded())
+        return pthread_mutex_init(m, 0);
+    else
+        return 0;
+}
+
+int
+k5_os_mutex_destroy(k5_os_mutex *m)
+{
+    if (krb5int_pthread_loaded())
+        return pthread_mutex_destroy(m);
+    else
+        return 0;
+}
+
+int
+k5_os_mutex_lock(k5_os_mutex *m)
+{
+    if (krb5int_pthread_loaded())
+        return pthread_mutex_lock(m);
+    else
+        return 0;
+}
+
+int
+k5_os_mutex_unlock(k5_os_mutex *m)
+{
+    if (krb5int_pthread_loaded())
+        return pthread_mutex_unlock(m);
+    else
+        return 0;
+}
+
+int
+k5_once(k5_once_t *once, void (*fn)(void))
+{
+    if (krb5int_pthread_loaded())
+        return pthread_once(&once->o, fn);
+    else
+        return k5_os_nothread_once(&once->n, fn);
+}
+
+#else /* USE_CONDITIONAL_PTHREADS */
+
+#undef k5_os_mutex_init
+#undef k5_os_mutex_destroy
+#undef k5_os_mutex_lock
+#undef k5_os_mutex_unlock
+#undef k5_once
+
+int k5_os_mutex_init(k5_os_mutex *m);
+int k5_os_mutex_destroy(k5_os_mutex *m);
+int k5_os_mutex_lock(k5_os_mutex *m);
+int k5_os_mutex_unlock(k5_os_mutex *m);
+int k5_once(k5_once_t *once, void (*fn)(void));
+
+/* Stub functions */
+int
+k5_os_mutex_init(k5_os_mutex *m)
+{
+    return 0;
+}
+int
+k5_os_mutex_destroy(k5_os_mutex *m)
+{
+    return 0;
+}
+int
+k5_os_mutex_lock(k5_os_mutex *m)
+{
+    return 0;
+}
+int
+k5_os_mutex_unlock(k5_os_mutex *m)
+{
+    return 0;
+}
+int
+k5_once(k5_once_t *once, void (*fn)(void))
+{
+    return 0;
+}
+
+#endif /* not USE_CONDITIONAL_PTHREADS */
diff --git a/krb5-1.21.3/src/util/support/utf8.c b/krb5-1.21.3/src/util/support/utf8.c
new file mode 100644
index 00000000..08bdcf9a
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/utf8.c
@@ -0,0 +1,168 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/utf8.c */
+/*
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+
+/* This work is part of OpenLDAP Software <https://www.openldap.org/>. */
+
+/* Basic UTF-8 routines
+ *
+ * These routines are "dumb".  Though they understand UTF-8,
+ * they don't grok Unicode.  That is, they can push bits,
+ * but don't have a clue what the bits represent.  That's
+ * good enough for use with the KRB5 Client SDK.
+ *
+ * These routines are not optimized.
+ */
+
+#include "k5-platform.h"
+#include "k5-utf8.h"
+#include "supp-int.h"
+
+/*
+ * Returns length indicated by first byte.
+ */
+const char krb5int_utf8_lentab[] = {
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+    2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+    3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+    4, 4, 4, 4, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+
+/*
+ * Make sure the UTF-8 char used the shortest possible encoding
+ * returns charlen if valid, 0 if not.
+ *
+ * Here are the valid UTF-8 encodings, taken from RFC 3629 page 4.
+ * The table is slightly modified from that of the RFC.
+ *
+ * UCS-4 range (hex)      UTF-8 sequence (binary)
+ * 0000 0000-0000 007F   0.......
+ * 0000 0080-0000 07FF   110++++. 10......
+ * 0000 0800-0000 FFFF   1110++++ 10+..... 10......
+ * 0001 0000-0010 FFFF   11110+++ 10++.... 10...... 10......
+ *
+ * The '.' bits are "don't cares". When validating a UTF-8 sequence,
+ * at least one of the '+' bits must be set, otherwise the character
+ * should have been encoded in fewer octets. Note that in the two-octet
+ * case, only the first octet needs to be validated, and this is done
+ * in the krb5int_utf8_lentab[] above.
+ */
+
+/* mask of required bits in second octet */
+#undef c
+#define c const char
+c krb5int_utf8_mintab[] = {
+    (c)0x20, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80,
+    (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80,
+    (c)0x30, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x00, (c)0x00, (c)0x00,
+    (c)0x00, (c)0x00, (c)0x00, (c)0x00, (c)0x00, (c)0x00, (c)0x00, (c)0x00 };
+#undef c
+
+/*
+ * Convert a UTF8 character to a UCS4 character.  Return 0 on success,
+ * -1 on failure.
+ */
+int krb5int_utf8_to_ucs4(const char *p, krb5_ucs4 *out)
+{
+    const unsigned char *c = (const unsigned char *) p;
+    krb5_ucs4 ch;
+    int len, i;
+    static unsigned char mask[] = {
+        0, 0x7f, 0x1f, 0x0f, 0x07 };
+
+    *out = 0;
+    len = KRB5_UTF8_CHARLEN2(p, len);
+
+    if (len == 0)
+        return -1;
+
+    ch = c[0] & mask[len];
+
+    for (i = 1; i < len; i++) {
+        if ((c[i] & 0xc0) != 0x80)
+            return -1;
+
+        ch <<= 6;
+        ch |= c[i] & 0x3f;
+    }
+
+    if (ch > 0x10ffff)
+        return -1;
+
+    *out = ch;
+    return 0;
+}
+
+/* conv UCS-4 to UTF-8 */
+size_t krb5int_ucs4_to_utf8(krb5_ucs4 c, char *buf)
+{
+    size_t len = 0;
+    unsigned char *p = (unsigned char *) buf;
+
+    /* not a valid Unicode character */
+    if (c > 0x10ffff)
+        return 0;
+
+    /* Just return length, don't convert */
+    if (buf == NULL) {
+        if (c < 0x80) return 1;
+        else if (c < 0x800) return 2;
+        else if (c < 0x10000) return 3;
+        else return 4;
+    }
+
+    if (c < 0x80) {
+        p[len++] = c;
+    } else if (c < 0x800) {
+        p[len++] = 0xc0 | ( c >> 6 );
+        p[len++] = 0x80 | ( c & 0x3f );
+    } else if (c < 0x10000) {
+        p[len++] = 0xe0 | ( c >> 12 );
+        p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+        p[len++] = 0x80 | ( c & 0x3f );
+    } else /* if (c < 0x110000) */ {
+        p[len++] = 0xf0 | ( c >> 18 );
+        p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+        p[len++] = 0x80 | ( c & 0x3f );
+    }
+
+    return len;
+}
diff --git a/krb5-1.21.3/src/util/support/utf8_conv.c b/krb5-1.21.3/src/util/support/utf8_conv.c
new file mode 100644
index 00000000..926a3c8a
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/utf8_conv.c
@@ -0,0 +1,200 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/utf8_conv.c */
+/*
+ * Copyright 2008, 2017 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <https://www.OpenLDAP.org/license.html>.
+ */
+/* Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
+ *
+ * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND
+ * TREATIES. USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT
+ * TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS
+ * AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE"
+ * IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION
+ * OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP
+ * PUBLIC LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT
+ * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
+ */
+
+/* This work is based on OpenLDAP Software <https://www.openldap.org/>. */
+
+/*
+ * These routines convert between UTF-16 and UTF-8.  UTF-16 encodes a Unicode
+ * character in either two or four bytes.  Characters in the Basic Multilingual
+ * Plane (hex 0..D7FF and E000..FFFF) are encoded as-is in two bytes.
+ * Characters in the Supplementary Planes (10000..10FFFF) are split into a high
+ * surrogate and a low surrogate, each containing ten bits of the character
+ * value, and encoded in four bytes.
+ */
+
+#include "k5-platform.h"
+#include "k5-utf8.h"
+#include "k5-buf.h"
+#include "k5-input.h"
+#include "supp-int.h"
+
+static unsigned char mask[] = { 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
+
+/* A high surrogate is ten bits masked with 0xD800. */
+#define IS_HIGH_SURROGATE(c) ((c) >= 0xD800 && (c) <= 0xDBFF)
+
+/* A low surrogate is ten bits masked with 0xDC00. */
+#define IS_LOW_SURROGATE(c) ((c) >= 0xDC00 && (c) <= 0xDFFF)
+
+/* A valid Unicode code point is in the range 0..10FFFF and is not a surrogate
+ * value. */
+#define IS_SURROGATE(c) ((c) >= 0xD800 && (c) <= 0xDFFF)
+#define IS_VALID_UNICODE(c) ((c) <= 0x10FFFF && !IS_SURROGATE(c))
+
+/* A Basic Multilingual Plane character is in the range 0..FFFF and is not a
+ * surrogate value. */
+#define IS_BMP(c) ((c) <= 0xFFFF && !IS_SURROGATE(c))
+
+/* Characters in the Supplementary Planes have a base value subtracted from
+ * their code points to form a 20-bit value; ten bits go in each surrogate. */
+#define BASE 0x10000
+#define HIGH_SURROGATE(c) (0xD800 | (((c) - BASE) >> 10))
+#define LOW_SURROGATE(c) (0xDC00 | (((c) - BASE) & 0x3FF))
+#define COMPOSE(c1, c2) (BASE + ((((c1) & 0x3FF) << 10) | ((c2) & 0x3FF)))
+
+int
+k5_utf8_to_utf16le(const char *utf8, uint8_t **utf16_out, size_t *nbytes_out)
+{
+    struct k5buf buf;
+    krb5_ucs4 ch;
+    size_t chlen, i;
+
+    *utf16_out = NULL;
+    *nbytes_out = 0;
+
+    /* UTF-16 conversion is used for RC4 string-to-key, so treat this data as
+     * sensitive. */
+    k5_buf_init_dynamic_zap(&buf);
+
+    /* Examine next UTF-8 character. */
+    while (*utf8 != '\0') {
+        /* Get UTF-8 sequence length from first byte. */
+        chlen = KRB5_UTF8_CHARLEN2(utf8, chlen);
+        if (chlen == 0)
+            goto invalid;
+
+        /* First byte minus length tag */
+        ch = (krb5_ucs4)(utf8[0] & mask[chlen]);
+
+        for (i = 1; i < chlen; i++) {
+            /* Subsequent bytes must start with 10. */
+            if ((utf8[i] & 0xc0) != 0x80)
+                goto invalid;
+
+            /* 6 bits of data in each subsequent byte */
+            ch <<= 6;
+            ch |= (krb5_ucs4)(utf8[i] & 0x3f);
+        }
+        if (!IS_VALID_UNICODE(ch))
+            goto invalid;
+
+        /* Characters in the basic multilingual plane are encoded using two
+         * bytes; other characters are encoded using four bytes. */
+        if (IS_BMP(ch)) {
+            k5_buf_add_uint16_le(&buf, ch);
+        } else {
+            /* 0x10000 is subtracted from ch; then the high ten bits plus
+             * 0xD800 and the low ten bits plus 0xDC00 are the surrogates. */
+            k5_buf_add_uint16_le(&buf, HIGH_SURROGATE(ch));
+            k5_buf_add_uint16_le(&buf, LOW_SURROGATE(ch));
+        }
+
+        /* Move to next UTF-8 character. */
+        utf8 += chlen;
+    }
+
+    *utf16_out = buf.data;
+    *nbytes_out = buf.len;
+    return 0;
+
+invalid:
+    k5_buf_free(&buf);
+    return EINVAL;
+}
+
+int
+k5_utf16le_to_utf8(const uint8_t *utf16bytes, size_t nbytes, char **utf8_out)
+{
+    struct k5buf buf;
+    struct k5input in;
+    uint16_t ch1, ch2;
+    krb5_ucs4 ch;
+    size_t chlen;
+    void *p;
+
+    *utf8_out = NULL;
+
+    if (nbytes % 2 != 0)
+        return EINVAL;
+
+    k5_buf_init_dynamic(&buf);
+    k5_input_init(&in, utf16bytes, nbytes);
+    while (!in.status && in.len > 0) {
+        /* Get the next character or high surrogate.  A low surrogate without a
+         * preceding high surrogate is invalid. */
+        ch1 = k5_input_get_uint16_le(&in);
+        if (IS_LOW_SURROGATE(ch1))
+            goto invalid;
+        if (IS_HIGH_SURROGATE(ch1)) {
+            /* Get the low surrogate and combine the pair. */
+            ch2 = k5_input_get_uint16_le(&in);
+            if (!IS_LOW_SURROGATE(ch2))
+                goto invalid;
+            ch = COMPOSE(ch1, ch2);
+        } else {
+            ch = ch1;
+        }
+
+        chlen = krb5int_ucs4_to_utf8(ch, NULL);
+        p = k5_buf_get_space(&buf, chlen);
+        if (p == NULL)
+            return ENOMEM;
+        (void)krb5int_ucs4_to_utf8(ch, p);
+    }
+
+    if (in.status)
+        goto invalid;
+
+    *utf8_out = k5_buf_cstring(&buf);
+    return (*utf8_out == NULL) ? ENOMEM : 0;
+
+invalid:
+    k5_buf_free(&buf);
+    return EINVAL;
+}
diff --git a/krb5-1.21.3/src/util/support/zap.c b/krb5-1.21.3/src/util/support/zap.c
new file mode 100644
index 00000000..2f6cdd70
--- /dev/null
+++ b/krb5-1.21.3/src/util/support/zap.c
@@ -0,0 +1,41 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* util/support/zap.c */
+/*
+ * Copyright 2009 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * krb5int_zap() is used by zap() (a macro or static inline function defined in
+ * k5-platform.h) on non-Windows, non-gcc compilers, in order to prevent the
+ * compiler from inlining and optimizing out the memset() call.
+ */
+
+#include <k5-platform.h>
+
+void krb5int_zap(void *ptr, size_t len)
+{
+    volatile char *p = ptr;
+
+    while (len--)
+        *p++ = '\0';
+}
diff --git a/krb5-1.21.3/src/util/t_array.pm b/krb5-1.21.3/src/util/t_array.pm
new file mode 100644
index 00000000..e541a453
--- /dev/null
+++ b/krb5-1.21.3/src/util/t_array.pm
@@ -0,0 +1,130 @@
+package t_array;
+
+use strict;
+use vars qw(@ISA);
+
+#require ktemplate;
+require t_template;
+
+@ISA=qw(t_template);
+
+my @parms = qw(NAME TYPE);
+my %defaults = ( );
+my @templatelines = <DATA>;
+
+sub new { # no args
+    my $self = {};
+    bless $self;
+    $self->init(\@parms, \%defaults, \@templatelines);
+    return $self;
+}
+
+__DATA__
+
+/*
+ * array type, derived from template
+ *
+ * parameters:
+ * NAME: <NAME>
+ * TYPE: <TYPE>
+ *
+ * methods:
+ * int init() -> nonzero if fail initial allocation
+ * unsigned long size() -> nonnegative number of values stored
+ * int grow(newsize) -> negative if fail allocation, memset(,0,) new space
+ * <TYPE> *getaddr(idx) -> aborts if out of range
+ * void set(idx, value) -> aborts if out of range
+ * <TYPE> get(idx) -> value, or aborts if out of range
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <limits.h>
+#include <string.h>
+#include <stdint.h>
+
+struct <NAME>__header {
+    size_t allocated;
+    <TYPE> *elts;
+};
+typedef struct <NAME>__header <NAME>;
+
+static inline int
+<NAME>_init(<NAME> *arr)
+{
+    arr->elts = calloc(10, sizeof(<TYPE>));
+    if (arr->elts == NULL)
+	return ENOMEM;
+    arr->allocated = 10;
+    return 0;
+}
+
+static inline long
+<NAME>_size(<NAME> *arr)
+{
+    return arr->allocated;
+}
+
+static inline unsigned long
+<NAME>_max_size(<NAME> *arr)
+{
+    size_t upper_bound;
+
+    upper_bound = SIZE_MAX / sizeof(*arr->elts);
+    if (upper_bound > ULONG_MAX)
+	upper_bound = ULONG_MAX;
+    return (unsigned long) upper_bound;
+}
+
+static inline int
+<NAME>_grow(<NAME> *arr, unsigned long newcount)
+{
+    size_t oldsize = sizeof(*arr->elts) * arr->allocated;
+    size_t newsize;
+    void *ptr;
+
+    if (newcount > LONG_MAX)
+	return -1;
+    if (newcount < arr->allocated)
+	return 0;
+    if (newcount > <NAME>_max_size(arr))
+	return -1;
+
+    newsize = sizeof(*arr->elts) * newcount;
+    ptr = realloc(arr->elts, newsize);
+    if (ptr == NULL)
+	return -1;
+    memset((char *)ptr + oldsize, 0, newsize - oldsize);
+    arr->elts = ptr;
+    arr->allocated = newcount;
+    return 0;
+}
+
+static inline <TYPE> *
+<NAME>_getaddr (<NAME> *arr, long idx)
+{
+    if (idx < 0 || (unsigned long) idx >= arr->allocated)
+	abort();
+    return arr->elts + idx;
+}
+
+static inline void
+<NAME>_set (<NAME> *arr, long idx, <TYPE> value)
+{
+    <TYPE> *newvalp;
+    newvalp = <NAME>_getaddr(arr, idx);
+    *newvalp = value;
+}
+
+static inline <TYPE>
+<NAME>_get (<NAME> *arr, long idx)
+{
+    return *<NAME>_getaddr(arr, idx);
+}
+
+static inline void
+<NAME>_destroy (<NAME> *arr)
+{
+    free(arr->elts);
+    arr->elts = 0;
+}
diff --git a/krb5-1.21.3/src/util/t_bimap.pm b/krb5-1.21.3/src/util/t_bimap.pm
new file mode 100644
index 00000000..da0980a5
--- /dev/null
+++ b/krb5-1.21.3/src/util/t_bimap.pm
@@ -0,0 +1,194 @@
+package t_bimap;
+
+use strict;
+use vars qw(@ISA);
+
+require t_template;
+require t_array;
+
+@ISA=qw(t_template);
+
+my @parms = qw(NAME LEFT RIGHT LEFTCMP RIGHTCMP LEFTPRINT RIGHTPRINT);
+my %defaults = ();
+my $headertemplate = "/*
+ * bidirectional mapping table, add-only
+ *
+ * Parameters:
+ * NAME
+ * LEFT, RIGHT - types
+ * LEFTCMP, RIGHTCMP - comparison functions
+ *
+ * Methods:
+ * int init() - nonzero is error code, if any possible
+ * long size()
+ * void foreach(int (*)(LEFT, RIGHT, void*), void*)
+ * int add(LEFT, RIGHT) - 0 = success, -1 = allocation failure
+ * const <RIGHT> *findleft(<LEFT>) - null iff not found
+ * const <LEFT> *findright(<RIGHT>)
+ * void destroy() - destroys container, doesn't delete elements
+ *
+ * initial implementation: flat array of (left,right) pairs
+ */
+
+struct <NAME>__pair {
+    <LEFT> l;
+    <RIGHT> r;
+};
+";
+my $bodytemplate = join "", <DATA>;
+
+sub new { # no args
+    my $self = {};
+    bless $self;
+    $self->init(\@parms, \%defaults, []);
+    return $self;
+}
+
+sub output {
+    my ($self, $fh) = @_;
+
+    my $a = new t_array;
+    $a->setparm("NAME", $self->{values}{"NAME"} . "__pairarray");
+    $a->setparm("TYPE", "struct " . $self->{values}{"NAME"} . "__pair");
+
+    print $fh "/* start of ", ref($self), " header template */\n";
+    print $fh $self->substitute($headertemplate);
+    print $fh "/* end of ", ref($self), " header template */\n";
+    $a->output($fh);
+    print $fh "/* start of ", ref($self), " body template */\n";
+    print $fh $self->substitute($bodytemplate);
+    print $fh "/* end of ", ref($self), " body template */\n";
+}
+
+1;
+
+__DATA__
+
+/* for use in cases where text substitutions may not work, like putting
+   "const" before a type that turns out to be "char *"  */
+typedef <LEFT> <NAME>__left_t;
+typedef <RIGHT> <NAME>__right_t;
+
+typedef struct {
+    <NAME>__pairarray a;
+    long nextidx;
+} <NAME>;
+
+static inline int
+<NAME>_init (<NAME> *m)
+{
+    m->nextidx = 0;
+    return <NAME>__pairarray_init (&m->a);
+}
+
+static inline long
+<NAME>_size (<NAME> *m)
+{
+    return <NAME>__pairarray_size (&m->a);
+}
+
+static inline void
+<NAME>_foreach (<NAME> *m, int (*fn)(<LEFT>, <RIGHT>, void *), void *p)
+{
+    long i, sz;
+    sz = m->nextidx;
+    for (i = 0; i < sz; i++) {
+	struct <NAME>__pair *pair;
+	pair = <NAME>__pairarray_getaddr (&m->a, i);
+	if ((*fn)(pair->l, pair->r, p) != 0)
+	    break;
+    }
+}
+
+static inline int
+<NAME>_add (<NAME> *m, <LEFT> l, <RIGHT> r)
+{
+    long i, sz;
+    struct <NAME>__pair newpair;
+    int err;
+
+    sz = m->nextidx;
+    /* Make sure we're not duplicating.  */
+    for (i = 0; i < sz; i++) {
+	struct <NAME>__pair *pair;
+	pair = <NAME>__pairarray_getaddr (&m->a, i);
+	assert ((*<LEFTCMP>)(l, pair->l) != 0);
+	if ((*<LEFTCMP>)(l, pair->l) == 0)
+	    abort();
+	assert ((*<RIGHTCMP>)(r, pair->r) != 0);
+	if ((*<RIGHTCMP>)(r, pair->r) == 0)
+	    abort();
+    }
+    newpair.l = l;
+    newpair.r = r;
+    if (sz >= LONG_MAX - 1)
+	return ENOMEM;
+    err = <NAME>__pairarray_grow (&m->a, sz+1);
+    if (err)
+	return err;
+    <NAME>__pairarray_set (&m->a, sz, newpair);
+    m->nextidx++;
+    return 0;
+}
+
+static inline const <NAME>__right_t *
+<NAME>_findleft (<NAME> *m, <LEFT> l)
+{
+    long i, sz;
+    sz = <NAME>_size (m);
+    for (i = 0; i < sz; i++) {
+	struct <NAME>__pair *pair;
+	pair = <NAME>__pairarray_getaddr (&m->a, i);
+	if ((*<LEFTCMP>)(l, pair->l) == 0)
+	    return &pair->r;
+    }
+    return 0;
+}
+
+static inline const <NAME>__left_t *
+<NAME>_findright (<NAME> *m, <RIGHT> r)
+{
+    long i, sz;
+    sz = <NAME>_size (m);
+    for (i = 0; i < sz; i++) {
+	struct <NAME>__pair *pair;
+	pair = <NAME>__pairarray_getaddr (&m->a, i);
+	if ((*<RIGHTCMP>)(r, pair->r) == 0)
+	    return &pair->l;
+    }
+    return 0;
+}
+
+struct <NAME>__printstat {
+    FILE *f;
+    int comma;
+};
+static inline int
+<NAME>__printone (<LEFT> l, <RIGHT> r, void *p)
+{
+    struct <NAME>__printstat *ps = p;
+    fprintf(ps->f, ps->comma ? ", (" : "(");
+    ps->comma = 1;
+    (*<LEFTPRINT>)(l, ps->f);
+    fprintf(ps->f, ",");
+    (*<RIGHTPRINT>)(r, ps->f);
+    fprintf(ps->f, ")");
+    return 0;
+}
+
+static inline void
+<NAME>_printmap (<NAME> *m, FILE *f)
+{
+    struct <NAME>__printstat ps;
+    ps.comma = 0;
+    ps.f = f;
+    fprintf(f, "(");
+    <NAME>_foreach (m, <NAME>__printone, &ps);
+    fprintf(f, ")");
+}
+
+static inline void
+<NAME>_destroy (<NAME> *m)
+{
+    <NAME>__pairarray_destroy (&m->a);
+}
diff --git a/krb5-1.21.3/src/util/t_enum.pm b/krb5-1.21.3/src/util/t_enum.pm
new file mode 100644
index 00000000..64fdb50e
--- /dev/null
+++ b/krb5-1.21.3/src/util/t_enum.pm
@@ -0,0 +1,133 @@
+package t_enum;
+
+use strict;
+use vars qw(@ISA);
+
+#require ktemplate;
+require t_template;
+require t_array;
+
+@ISA=qw(t_template);
+
+my @parms = qw(NAME TYPE COMPARE);
+my %defaults = ( );
+my @templatelines = <DATA>;
+
+sub new { # no args
+    my $self = {};
+    bless $self;
+    $self->init(\@parms, \%defaults, \@templatelines);
+    return $self;
+}
+
+sub output {
+    my ($self, $fh) = @_;
+    my $a = new t_array;
+    $a->setparm("NAME", $self->{values}{"NAME"} . "__enumerator_array");
+    $a->setparm("TYPE", $self->{values}{"TYPE"});
+    $a->output($fh);
+    $self->SUPER::output($fh);
+}
+
+1;
+
+__DATA__
+
+/*
+ * an enumerated collection type, generated from template
+ *
+ * Methods:
+ * int init() -> returns nonzero on alloc failure
+ * long size()
+ * long find(match) -> -1 or index of any match
+ * long append(value) -> -1 or new index
+ * <TYPE> get(index) -> aborts if out of range
+ * void destroy() -> frees array data
+ *
+ * Errors adding elements don't distinguish between "out of memory"
+ * and "too big for size_t".
+ *
+ * Initial implementation: A flat array, reallocated as needed.  Our
+ * uses probably aren't going to get very large.
+ */
+
+struct <NAME>__enumerator {
+    <NAME>__enumerator_array a;
+    size_t used;       /* number of entries used, idx used-1 is last */
+};
+typedef struct <NAME>__enumerator <NAME>;
+
+static inline int
+<NAME>_init(<NAME> *en)
+{
+    en->used = 0;
+    return <NAME>__enumerator_array_init(&en->a);
+}
+
+static inline long
+<NAME>_size(<NAME> *en)
+{
+    return en->used;
+}
+
+static inline long
+<NAME>__s2l(size_t idx)
+{
+    long l;
+    if (idx > LONG_MAX)
+	abort();
+    l = idx;
+    if (l != idx)
+	abort();
+    return l;
+}
+
+static inline long
+<NAME>_find(<NAME> *en, <TYPE> value)
+{
+    size_t i;
+    for (i = 0; i < en->used; i++) {
+	if (<COMPARE> (value, <NAME>__enumerator_array_get(&en->a, <NAME>__s2l(i))) == 0)
+	    return i;
+    }
+    return -1;
+}
+
+static inline long
+<NAME>_append(<NAME> *en, <TYPE> value)
+{
+    if (en->used >= LONG_MAX - 1)
+	return -1;
+    if (en->used >= SIZE_MAX - 1)
+	return -1;
+    if (<NAME>__enumerator_array_size(&en->a) == en->used) {
+	if (<NAME>__enumerator_array_grow(&en->a, en->used + 1) < 0)
+	    return -1;
+    }
+    <NAME>__enumerator_array_set(&en->a, <NAME>__s2l(en->used), value);
+    en->used++;
+    return en->used-1;
+}
+
+static inline <TYPE>
+<NAME>_get(<NAME> *en, size_t idx)
+{
+    return <NAME>__enumerator_array_get(&en->a, <NAME>__s2l(idx));
+}
+
+static inline void
+<NAME>_destroy(<NAME> *en)
+{
+    <NAME>__enumerator_array_destroy(&en->a);
+    en->used = 0;
+}
+
+static inline void
+<NAME>_foreach(<NAME> *en, int (*fn)(size_t i, <TYPE> t, void *p), void *p)
+{
+    size_t i;
+    for (i = 0; i < en->used; i++) {
+	if (fn (i, <NAME>__enumerator_array_get(&en->a, <NAME>__s2l(i)), p) != 0)
+	    break;
+    }
+}
diff --git a/krb5-1.21.3/src/util/t_template.pm b/krb5-1.21.3/src/util/t_template.pm
new file mode 100644
index 00000000..9722a873
--- /dev/null
+++ b/krb5-1.21.3/src/util/t_template.pm
@@ -0,0 +1,61 @@
+package t_template;
+
+use strict;
+use vars qw(@ISA @EXPORT_OK);
+
+@ISA=();
+@EXPORT_OK= qw(init setparm output);
+
+sub init { # (\@parms, \%defaults, \@template)
+    my ($self, $parms, $defs, $templatelines) = @_;
+    $self->{parms} = { };
+    $self->{values} = { };
+    my $key;
+    foreach $key (@$parms) {
+	$self->{parms}{$key} = 1;
+    }
+    foreach $key (keys %$defs) {
+	$self->{values}{$key} = ${$defs}{$key};
+    }
+    if (defined($templatelines)) {
+	$self->{template} = join "", @$templatelines;
+    }
+}
+
+sub validateparm { # (parmname)
+    no strict 'refs';
+    my ($self, $parmname) = @_;
+    if (!defined($self->{parms}{$parmname})) {
+	die "unknown parameter $parmname";
+    }
+}
+
+sub setparm { # (parm, value)
+    my ($self, $parm, $value) = @_;
+    $self->validateparm($parm);
+    $self->{values}{$parm} = $value;
+}
+
+sub substitute { # (text)
+    my ($self, $text) = @_;
+    my ($p);
+
+    # Do substitutions.
+    foreach $p (keys %{$self->{parms}}) {
+	if (!defined $self->{values}{$p}) {
+	    die "$0: No value supplied for parameter $p\n";
+	}
+	# XXX More careful quoting of supplied value!
+	$text =~ s|<$p>|$self->{values}{$p}|g;
+    }
+    return $text;
+}
+
+sub output { # (fh)
+    my ($self, $fh) = @_;
+    print $fh "/* start of ", ref($self), " template */\n";
+    print $fh $self->substitute($self->{template});
+    print $fh "/* end of ", ref($self), " template */\n";
+}
+
+1;
diff --git a/krb5-1.21.3/src/util/t_tsenum.pm b/krb5-1.21.3/src/util/t_tsenum.pm
new file mode 100644
index 00000000..7d93c795
--- /dev/null
+++ b/krb5-1.21.3/src/util/t_tsenum.pm
@@ -0,0 +1,163 @@
+package t_tsenum;
+
+use strict;
+use vars qw(@ISA);
+
+require t_template;
+require t_enum;
+
+@ISA=qw(t_template);
+
+my @parms = qw(NAME TYPE COMPARE COPY PRINT);
+my %defaults = ( "COPY", "0", "PRINT", "0" );
+my @templatelines = <DATA>;
+
+sub new { # no args
+    my $self = {};
+    bless $self;
+    $self->init(\@parms, \%defaults, \@templatelines);
+    return $self;
+}
+
+sub output {
+    my ($self, $fh) = @_;
+    my $a = new t_enum;
+    $a->setparm("NAME", $self->{values}{"NAME"} . "__unsafe_enumerator");
+    $a->setparm("TYPE", $self->{values}{"TYPE"});
+    $a->setparm("COMPARE", $self->{values}{"COMPARE"});
+    $a->output($fh);
+    $self->SUPER::output($fh);
+}
+
+1;
+
+__DATA__
+
+/*
+ */
+#include "k5-thread.h"
+struct <NAME>__ts_enumerator {
+    <NAME>__unsafe_enumerator e;
+    k5_mutex_t m;
+};
+typedef struct <NAME>__ts_enumerator <NAME>;
+
+static inline int
+<NAME>_init(<NAME> *en)
+{
+    int err = k5_mutex_init(&en->m);
+    if (err)
+	return err;
+    err = <NAME>__unsafe_enumerator_init(&en->e);
+    if (err) {
+	k5_mutex_destroy(&en->m);
+	return err;
+    }
+    return 0;
+}
+
+static inline int
+<NAME>_size(<NAME> *en, long *size)
+{
+    int err = k5_mutex_lock(&en->m);
+    if (err) {
+	*size = -48;
+	return err;
+    }
+    *size = <NAME>__unsafe_enumerator_size(&en->e);
+    k5_mutex_unlock(&en->m);
+    return 0;
+}
+
+static inline int
+<NAME>__do_copy (<TYPE> *dest, <TYPE> src)
+{
+    int (*copyfn)(<TYPE>*, <TYPE>) = <COPY>;
+    if (copyfn)
+	return copyfn(dest, src);
+    *dest = src;
+    return 0;
+}
+
+static inline int
+<NAME>_find_or_append(<NAME> *en, <TYPE> value, long *idxp, int *added)
+{
+    int err;
+    long idx;
+
+    err = k5_mutex_lock(&en->m);
+    if (err)
+	return err;
+    idx = <NAME>__unsafe_enumerator_find(&en->e, value);
+    if (idx < 0) {
+	<TYPE> newvalue;
+	err = <NAME>__do_copy(&newvalue, value);
+	if (err == 0)
+	    idx = <NAME>__unsafe_enumerator_append(&en->e, newvalue);
+	k5_mutex_unlock(&en->m);
+	if (err != 0)
+	    return err;
+	if (idx < 0)
+	    return ENOMEM;
+	*idxp = idx;
+	*added = 1;
+	return 0;
+    }
+    k5_mutex_unlock(&en->m);
+    *idxp = idx;
+    *added = 0;
+    return 0;
+}
+
+static inline int
+<NAME>_get(<NAME> *en, size_t idx, <TYPE> *value)
+{
+    int err;
+    err = k5_mutex_lock(&en->m);
+    if (err)
+	return err;
+    *value = <NAME>__unsafe_enumerator_get(&en->e, idx);
+    k5_mutex_unlock(&en->m);
+    return 0;
+}
+
+static inline void
+<NAME>_destroy(<NAME> *en)
+{
+    k5_mutex_destroy(&en->m);
+    <NAME>__unsafe_enumerator_destroy(&en->e);
+}
+
+static inline int
+<NAME>_foreach(<NAME> *en, int (*fn)(size_t i, <TYPE> t, void *p), void *p)
+{
+    int err = k5_mutex_lock(&en->m);
+    if (err)
+	return err;
+    <NAME>__unsafe_enumerator_foreach(&en->e, fn, p);
+    k5_mutex_unlock(&en->m);
+    return 0;
+}
+
+static inline int
+<NAME>__print_map_elt(size_t idx, <TYPE> val, void *p)
+{
+    void (*printfn)(<TYPE>, FILE *) = <PRINT>;
+    FILE *f = (FILE *) p;
+    if (printfn) {
+	fprintf(f, " %lu=", (unsigned long) idx);
+	printfn(val, f);
+    }
+    return 0;
+}
+
+static inline void
+<NAME>_print(<NAME> *en, FILE *f)
+{
+    void (*printfn)(<TYPE>, FILE *) = <PRINT>;
+    if (printfn) {
+	fprintf(f, "{");
+	<NAME>_foreach (en, <NAME>__print_map_elt, f);
+	fprintf(f, " }");
+    }
+}
diff --git a/krb5-1.21.3/src/util/testrealm.py b/krb5-1.21.3/src/util/testrealm.py
new file mode 100644
index 00000000..710acc41
--- /dev/null
+++ b/krb5-1.21.3/src/util/testrealm.py
@@ -0,0 +1,83 @@
+# Copyright (C) 2010 by the Massachusetts Institute of Technology.
+# All rights reserved.
+
+# Export of this software from the United States of America may
+#   require a specific license from the United States Government.
+#   It is the responsibility of any person or organization contemplating
+#   export to obtain such a license before exporting.
+#
+# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+# distribute this software and its documentation for any purpose and
+# without fee is hereby granted, provided that the above copyright
+# notice appear in all copies and that both that copyright notice and
+# this permission notice appear in supporting documentation, and that
+# the name of M.I.T. not be used in advertising or publicity pertaining
+# to distribution of the software without specific, written prior
+# permission.  Furthermore if you modify this software you must label
+# your software as modified software and not distribute it in such a
+# fashion that it might be confused with the original M.I.T. software.
+# M.I.T. makes no representations about the suitability of
+# this software for any purpose.  It is provided "as is" without express
+# or implied warranty.
+
+# Invoked by the testrealm target in the top-level Makefile.  Creates
+# a test realm and spawns a shell pointing at it, for convenience of
+# manual testing.  If a numeric argument is present after options,
+# creates that many fully connected test realms and point the shell at
+# the first one.
+
+from k5test import *
+
+# A list of directories containing programs in the build tree.
+progpaths = [
+    'kdc',
+    os.path.join('kadmin', 'server'),
+    os.path.join('kadmin', 'cli'),
+    os.path.join('kadmin', 'dbutil'),
+    os.path.join('kadmin', 'ktutil'),
+    os.path.join('clients', 'kdestroy'),
+    os.path.join('clients', 'kinit'),
+    os.path.join('clients', 'klist'),
+    os.path.join('clients', 'kpasswd'),
+    os.path.join('clients', 'ksu'),
+    os.path.join('clients', 'kvno'),
+    os.path.join('clients', 'kswitch'),
+    'kprop'
+]
+
+# Add program directories to the beginning of PATH.
+def supplement_path(env):
+    # Construct prefixes; these will end in a trailing separator.
+    path_prefix = manpath_prefix = ''
+    for dir in progpaths:
+        path_prefix += os.path.join(buildtop, dir) + os.pathsep
+
+    # Assume PATH exists in env for simplicity.
+    env['PATH'] = path_prefix + env['PATH']
+
+if args:
+    realms = cross_realms(int(args[0]), start_kadmind=True)
+    realm = realms[0]
+else:
+    realm = K5Realm(start_kadmind=True)
+env = realm.env.copy()
+supplement_path(env)
+
+pwfilename = os.path.join('testdir', 'passwords')
+pwfile = open(pwfilename, 'w')
+pwfile.write('user: %s\nadmin: %s\n' % (password('user'), password('admin')))
+pwfile.close()
+
+print()
+print('Realm files are in %s' % realm.testdir)
+print('KRB5_CONFIG is %s' % env['KRB5_CONFIG'])
+print('KRB5_KDC_PROFILE is %s' % env['KRB5_KDC_PROFILE'])
+print('KRB5CCNAME is %s' % env['KRB5CCNAME'])
+print('KRB5_KTNAME is %s' % env['KRB5_KTNAME'])
+print('KRB5RCACHEDIR is %s' % env['KRB5RCACHEDIR'])
+print('Password for user is %s (see also %s)' % (password('user'), pwfilename))
+print('Password for admin is %s' % password('admin'))
+print()
+
+subprocess.call([os.getenv('SHELL')], env=env)
+success('Create test krb5 realm.')
diff --git a/krb5-1.21.3/src/util/trim-valgrind-logs b/krb5-1.21.3/src/util/trim-valgrind-logs
new file mode 100755
index 00000000..af6839d9
--- /dev/null
+++ b/krb5-1.21.3/src/util/trim-valgrind-logs
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+files=vg.*
+
+logname() {
+#	sed -n -e 7p $1 | awk '{print $2}'
+#	head -7 $1 | tail -1 | awk '{print $2}'
+	awk '{ if (NR == 9) { print $2; exit 0; } }' $1
+}
+
+show_names() {
+	if test "$*" = "$files" ; then
+		return
+	fi
+	for f in $* ; do
+		echo $f : `logname $f`
+	done
+}
+
+discard_list="/bin/ps /bin/sh /bin/stty /usr/bin/cmp awk cat chmod cmp cp env expr find grep kill mv rev rlogin rm sed sh sleep sort tail test touch wc whoami xargs"
+discard_list="$discard_list tcsh tokens"
+#discard_list="$discard_list ./rtest ./dbtest"
+# The t_inetd program's logs seem to always wind up incomplete for some
+# reason.  It's also not terribly important.
+discard_list="$discard_list /path/to/.../t_inetd"
+
+filter() {
+	if test "$*" = "$files" ; then
+		return
+	fi
+	for f in $* ; do
+		n=`logname $f`
+		for d in $discard_list; do
+			if test "$n" = "$d"; then
+				echo rm $f : $n
+				rm $f
+				break
+			fi
+		done
+	done
+}
+
+kill_error_free_logs() {
+	if test "$*" = "$files" ; then
+		return
+	fi
+	grep -l "ERROR SUMMARY: 0 errors" $* | while read name ; do
+		echo rm $name : no errors in `logname $name`
+		rm $name
+	done
+}
+
+kill_no_leak_logs() {
+	if test "$*" = "$files" ; then
+	    return
+	fi
+	grep -l "ERROR SUMMARY: 0 errors" $* | \
+	    grep -l "definitely lost: 0 bytes" $* | \
+	    xargs grep -l "possibly lost: 0 bytes" | \
+	    xargs grep -l "still reachable: 0 bytes in 0 blocks" | \
+	    while read name ; do
+	    echo rm $name : no leaks or errors in `logname $name`
+	    rm $name
+	done
+}
+
+filter $files
+kill_error_free_logs $files
+#kill_no_leak_logs $files
+echo Remaining files:
+show_names $files
diff --git a/krb5-1.21.3/src/util/valgrind-suppressions b/krb5-1.21.3/src/util/valgrind-suppressions
new file mode 100644
index 00000000..cd4089fd
--- /dev/null
+++ b/krb5-1.21.3/src/util/valgrind-suppressions
@@ -0,0 +1,85 @@
+{
+   glibc.getifaddrs.sendto.uninit
+   Memcheck:Param
+   socketcall.sendto(msg)
+   fun:sendto
+   fun:getifaddrs
+   fun:krb5int_foreach_localaddr
+}
+{
+   glibc.getnameinfo.gifname.uninit
+   Memcheck:Param
+   ioctl(SIOCGIFNAME)
+   fun:ioctl
+   fun:getnameinfo
+   fun:krb5int_getnameinfo
+}
+{
+   glibc.x86_64.dlopen.name
+   Memcheck:Addr8
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+{
+   glibc.x86_64.dlopen.cond
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+{
+   glibc.x86_64.dlopen.cond2
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+{
+   glibc.x86_64.dlsym.cond
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:__libc_dlsym
+}
+{
+   glibc.x86_64.dlsym.read8
+   Memcheck:Addr8
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:__libc_dlsym
+}
+{
+   glibc.x86_64.dlopen.read8a
+   Memcheck:Addr8
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:_dl_open
+}
+{
+   glibc.x86_64.dlsym.cond2
+   Memcheck:Cond
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   obj:/lib/libc-2.3.6.so
+   obj:/lib/ld-2.3.6.so
+   fun:__libc_dlsym
+}
diff --git a/krb5-1.21.3/src/util/verto/Makefile.in b/krb5-1.21.3/src/util/verto/Makefile.in
new file mode 100644
index 00000000..28e5ddfc
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/Makefile.in
@@ -0,0 +1,50 @@
+mydir=util$(S)verto
+BUILDTOP=$(REL)..$(S)..
+RELDIR=../util/verto
+
+LIBBASE=verto
+LIBMAJOR=0
+LIBMINOR=0
+
+LOCALINCLUDES=-I$(srcdir) -I.
+DEFINES=-DDEFAULT_LIBRARY=\"k5ev\" -DBUILTIN_MODULE=k5ev
+SED=sed
+
+# Turn off extra warnings since we're not going to clean up libverto's code.
+WARN_CFLAGS=
+
+STLIBOBJS=verto.o module.o verto-k5ev.o
+LIBOBJS=$(OUTPRE)verto.$(OBJEXT) \
+	$(OUTPRE)module.$(OBJEXT) \
+	$(OUTPRE)verto-k5ev.$(OBJEXT)
+SRCS=verto.c module.c verto-k5ev.c
+
+SHLIB_EXPLIBS= $(LIBS) -lm    # libm needed for ceil() currently.
+
+VERTO_HDR=$(BUILDTOP)$(S)include$(S)verto.h
+
+rename.h: $(srcdir)/Symbols.ev
+	$(RM) $@
+	$(SED) -e 's/.*/#define & k5&/' < $(srcdir)/Symbols.ev > $@
+
+all-unix: all-liblinks includes
+
+install-unix: install-libs
+
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+	$(RM) $(VERTO_HDR) rename.h
+
+includes: $(VERTO_HDR)
+depend: $(VERTO_HDR) rename.h
+
+$(VERTO_HDR): $(srcdir)/verto.h
+	$(RM) $@
+	$(CP) $(srcdir)/verto.h $@
+
+install:
+	$(INSTALL_DATA) $(srcdir)/verto.h $(DESTDIR)$(KRB5_INCDIR)/verto.h
+	$(INSTALL_DATA) $(srcdir)/verto-module.h \
+		$(DESTDIR)$(KRB5_INCDIR)/verto-module.h
+
+@lib_frag@
+@libobj_frag@
diff --git a/krb5-1.21.3/src/util/verto/README b/krb5-1.21.3/src/util/verto/README
new file mode 100644
index 00000000..a3dab834
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/README
@@ -0,0 +1,40 @@
+This directory builds a verto library with only a private built-in
+module, for use when the system has no installed verto library.  The
+bundled verto cannot dynamically load modules.  From the upstream
+libverto, we take only verto.c and verto-libev.c, and we only build
+the former; the latter is stored here for comparison purposes.  We use
+a stub implementation of module.c to disable dynamic loading support.
+
+This private module uses an embedded libev with renamed symbols (so we
+don't leak libev symbols into the namespace on platforms where we
+can't control the export list).  libev has built-in support for this
+kind of embedding, so we don't have to modify the libev sources.
+Following libev's documentation, the following files have been copied
+from the ev sources:
+
+  ev.h
+  ev_vars.h
+  ev_wrap.h
+  ev.c
+  ev_select.c
+  ev_poll.c
+  ev_win32.c
+  Symbols.ev
+
+(Symbols.ev wasn't included in the 4.04 tar file due to an oversight,
+so it is taken from the appropriate tag in libev's source repository.)
+
+To rename the exported symbols, we create rename.h from Symbols.ev.
+We also use Symbols.ev to construct the library export list.
+(Renaming libev's symbols would be unnecessary if libev's embedding
+had support for making its API symbols static, but it currently does
+not.)  The source file verto-k5ev.c wraps ev.c with appropriate
+embedding defines, and then defines the libverto module functions
+using the slightly modified contents of libverto's verto-libev.c.  The
+resulting module table is embedded into verto.c using the
+BUILTIN_MODULE define.
+
+The libverto and libev upstream project pages are at:
+
+  https://github.com/latchset/libverto/
+  http://software.schmorp.de/pkg/libev.html
diff --git a/krb5-1.21.3/src/util/verto/Symbols.ev b/krb5-1.21.3/src/util/verto/Symbols.ev
new file mode 100644
index 00000000..7a29a75c
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/Symbols.ev
@@ -0,0 +1,73 @@
+ev_async_send
+ev_async_start
+ev_async_stop
+ev_backend
+ev_break
+ev_check_start
+ev_check_stop
+ev_child_start
+ev_child_stop
+ev_cleanup_start
+ev_cleanup_stop
+ev_clear_pending
+ev_default_loop
+ev_default_loop_ptr
+ev_depth
+ev_embed_start
+ev_embed_stop
+ev_embed_sweep
+ev_embeddable_backends
+ev_feed_event
+ev_feed_fd_event
+ev_feed_signal
+ev_feed_signal_event
+ev_fork_start
+ev_fork_stop
+ev_idle_start
+ev_idle_stop
+ev_invoke
+ev_invoke_pending
+ev_io_start
+ev_io_stop
+ev_iteration
+ev_loop_destroy
+ev_loop_fork
+ev_loop_new
+ev_now
+ev_now_update
+ev_once
+ev_pending_count
+ev_periodic_again
+ev_periodic_start
+ev_periodic_stop
+ev_prepare_start
+ev_prepare_stop
+ev_recommended_backends
+ev_ref
+ev_resume
+ev_run
+ev_set_allocator
+ev_set_invoke_pending_cb
+ev_set_io_collect_interval
+ev_set_loop_release_cb
+ev_set_syserr_cb
+ev_set_timeout_collect_interval
+ev_set_userdata
+ev_signal_start
+ev_signal_stop
+ev_sleep
+ev_stat_start
+ev_stat_stat
+ev_stat_stop
+ev_supported_backends
+ev_suspend
+ev_time
+ev_timer_again
+ev_timer_remaining
+ev_timer_start
+ev_timer_stop
+ev_unref
+ev_userdata
+ev_verify
+ev_version_major
+ev_version_minor
diff --git a/krb5-1.21.3/src/util/verto/deps b/krb5-1.21.3/src/util/verto/deps
new file mode 100644
index 00000000..e4e696de
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/deps
@@ -0,0 +1,10 @@
+#
+# Generated makefile dependencies follow.
+#
+verto.so verto.po $(OUTPRE)verto.$(OBJEXT): $(VERTO_DEPS) \
+  module.h verto-module.h verto.c
+module.so module.po $(OUTPRE)module.$(OBJEXT): module.c
+verto-k5ev.so verto-k5ev.po $(OUTPRE)verto-k5ev.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(VERTO_DEPS) ev.c ev.h \
+  ev_poll.c ev_select.c ev_vars.h ev_wrap.h rename.h \
+  verto-k5ev.c verto-module.h
diff --git a/krb5-1.21.3/src/util/verto/ev.c b/krb5-1.21.3/src/util/verto/ev.c
new file mode 100644
index 00000000..87f90670
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev.c
@@ -0,0 +1,5104 @@
+/*
+ * libev event processing core, watcher management
+ *
+ * Copyright (c) 2007,2008,2009,2010,2011,2012,2013 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+/* this big block deduces configuration from config.h */
+#ifndef EV_STANDALONE
+# ifdef EV_CONFIG_H
+#  include EV_CONFIG_H
+# else
+#  include "config.h"
+# endif
+
+# if HAVE_FLOOR
+#  ifndef EV_USE_FLOOR
+#   define EV_USE_FLOOR 1
+#  endif
+# endif
+
+# if HAVE_CLOCK_SYSCALL
+#  ifndef EV_USE_CLOCK_SYSCALL
+#   define EV_USE_CLOCK_SYSCALL 1
+#   ifndef EV_USE_REALTIME
+#    define EV_USE_REALTIME  0
+#   endif
+#   ifndef EV_USE_MONOTONIC
+#    define EV_USE_MONOTONIC 1
+#   endif
+#  endif
+# elif !defined EV_USE_CLOCK_SYSCALL
+#  define EV_USE_CLOCK_SYSCALL 0
+# endif
+
+# if HAVE_CLOCK_GETTIME
+#  ifndef EV_USE_MONOTONIC
+#   define EV_USE_MONOTONIC 1
+#  endif
+#  ifndef EV_USE_REALTIME
+#   define EV_USE_REALTIME  0
+#  endif
+# else
+#  ifndef EV_USE_MONOTONIC
+#   define EV_USE_MONOTONIC 0
+#  endif
+#  ifndef EV_USE_REALTIME
+#   define EV_USE_REALTIME  0
+#  endif
+# endif
+
+# if HAVE_NANOSLEEP
+#  ifndef EV_USE_NANOSLEEP
+#    define EV_USE_NANOSLEEP EV_FEATURE_OS
+#  endif
+# else
+#   undef EV_USE_NANOSLEEP
+#   define EV_USE_NANOSLEEP 0
+# endif
+
+# if HAVE_SELECT && HAVE_SYS_SELECT_H
+#  ifndef EV_USE_SELECT
+#   define EV_USE_SELECT EV_FEATURE_BACKENDS
+#  endif
+# else
+#  undef EV_USE_SELECT
+#  define EV_USE_SELECT 0
+# endif
+
+# if HAVE_POLL && HAVE_POLL_H
+#  ifndef EV_USE_POLL
+#   define EV_USE_POLL EV_FEATURE_BACKENDS
+#  endif
+# else
+#  undef EV_USE_POLL
+#  define EV_USE_POLL 0
+# endif
+   
+# if HAVE_EPOLL_CTL && HAVE_SYS_EPOLL_H
+#  ifndef EV_USE_EPOLL
+#   define EV_USE_EPOLL EV_FEATURE_BACKENDS
+#  endif
+# else
+#  undef EV_USE_EPOLL
+#  define EV_USE_EPOLL 0
+# endif
+   
+# if HAVE_KQUEUE && HAVE_SYS_EVENT_H
+#  ifndef EV_USE_KQUEUE
+#   define EV_USE_KQUEUE EV_FEATURE_BACKENDS
+#  endif
+# else
+#  undef EV_USE_KQUEUE
+#  define EV_USE_KQUEUE 0
+# endif
+   
+# if HAVE_PORT_H && HAVE_PORT_CREATE
+#  ifndef EV_USE_PORT
+#   define EV_USE_PORT EV_FEATURE_BACKENDS
+#  endif
+# else
+#  undef EV_USE_PORT
+#  define EV_USE_PORT 0
+# endif
+
+# if HAVE_INOTIFY_INIT && HAVE_SYS_INOTIFY_H
+#  ifndef EV_USE_INOTIFY
+#   define EV_USE_INOTIFY EV_FEATURE_OS
+#  endif
+# else
+#  undef EV_USE_INOTIFY
+#  define EV_USE_INOTIFY 0
+# endif
+
+# if HAVE_SIGNALFD && HAVE_SYS_SIGNALFD_H
+#  ifndef EV_USE_SIGNALFD
+#   define EV_USE_SIGNALFD EV_FEATURE_OS
+#  endif
+# else
+#  undef EV_USE_SIGNALFD
+#  define EV_USE_SIGNALFD 0
+# endif
+
+# if HAVE_EVENTFD
+#  ifndef EV_USE_EVENTFD
+#   define EV_USE_EVENTFD EV_FEATURE_OS
+#  endif
+# else
+#  undef EV_USE_EVENTFD
+#  define EV_USE_EVENTFD 0
+# endif
+ 
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stddef.h>
+
+#include <stdio.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <time.h>
+#include <limits.h>
+
+#include <signal.h>
+
+#ifdef EV_H
+# include EV_H
+#else
+# include "ev.h"
+#endif
+
+#if EV_NO_THREADS
+# undef EV_NO_SMP
+# define EV_NO_SMP 1
+# undef ECB_NO_THREADS
+# define ECB_NO_THREADS 1
+#endif
+#if EV_NO_SMP
+# undef EV_NO_SMP
+# define ECB_NO_SMP 1
+#endif
+
+#ifndef _WIN32
+# include <sys/time.h>
+# include <sys/wait.h>
+# include <unistd.h>
+#else
+# include <io.h>
+# define WIN32_LEAN_AND_MEAN
+# include <winsock2.h>
+# include <windows.h>
+# ifndef EV_SELECT_IS_WINSOCKET
+#  define EV_SELECT_IS_WINSOCKET 1
+# endif
+# undef EV_AVOID_STDIO
+#endif
+
+/* OS X, in its infinite idiocy, actually HARDCODES
+ * a limit of 1024 into their select. Where people have brains,
+ * OS X engineers apparently have a vacuum. Or maybe they were
+ * ordered to have a vacuum, or they do anything for money.
+ * This might help. Or not.
+ */
+#define _DARWIN_UNLIMITED_SELECT 1
+
+/* this block tries to deduce configuration from header-defined symbols and defaults */
+
+/* try to deduce the maximum number of signals on this platform */
+#if defined EV_NSIG
+/* use what's provided */
+#elif defined NSIG
+# define EV_NSIG (NSIG)
+#elif defined _NSIG
+# define EV_NSIG (_NSIG)
+#elif defined SIGMAX
+# define EV_NSIG (SIGMAX+1)
+#elif defined SIG_MAX
+# define EV_NSIG (SIG_MAX+1)
+#elif defined _SIG_MAX
+# define EV_NSIG (_SIG_MAX+1)
+#elif defined MAXSIG
+# define EV_NSIG (MAXSIG+1)
+#elif defined MAX_SIG
+# define EV_NSIG (MAX_SIG+1)
+#elif defined SIGARRAYSIZE
+# define EV_NSIG (SIGARRAYSIZE) /* Assume ary[SIGARRAYSIZE] */
+#elif defined _sys_nsig
+# define EV_NSIG (_sys_nsig) /* Solaris 2.5 */
+#else
+# define EV_NSIG (8 * sizeof (sigset_t) + 1)
+#endif
+
+#ifndef EV_USE_FLOOR
+# define EV_USE_FLOOR 0
+#endif
+
+#ifndef EV_USE_CLOCK_SYSCALL
+# if __linux && __GLIBC__ == 2 && __GLIBC_MINOR__ < 17
+#  define EV_USE_CLOCK_SYSCALL EV_FEATURE_OS
+# else
+#  define EV_USE_CLOCK_SYSCALL 0
+# endif
+#endif
+
+#if !(_POSIX_TIMERS > 0)
+# ifndef EV_USE_MONOTONIC
+#  define EV_USE_MONOTONIC 0
+# endif
+# ifndef EV_USE_REALTIME
+#  define EV_USE_REALTIME 0
+# endif
+#endif
+
+#ifndef EV_USE_MONOTONIC
+# if defined _POSIX_MONOTONIC_CLOCK && _POSIX_MONOTONIC_CLOCK >= 0
+#  define EV_USE_MONOTONIC EV_FEATURE_OS
+# else
+#  define EV_USE_MONOTONIC 0
+# endif
+#endif
+
+#ifndef EV_USE_REALTIME
+# define EV_USE_REALTIME !EV_USE_CLOCK_SYSCALL
+#endif
+
+#ifndef EV_USE_NANOSLEEP
+# if _POSIX_C_SOURCE >= 199309L
+#  define EV_USE_NANOSLEEP EV_FEATURE_OS
+# else
+#  define EV_USE_NANOSLEEP 0
+# endif
+#endif
+
+#ifndef EV_USE_SELECT
+# define EV_USE_SELECT EV_FEATURE_BACKENDS
+#endif
+
+#ifndef EV_USE_POLL
+# ifdef _WIN32
+#  define EV_USE_POLL 0
+# else
+#  define EV_USE_POLL EV_FEATURE_BACKENDS
+# endif
+#endif
+
+#ifndef EV_USE_EPOLL
+# if __linux && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 4))
+#  define EV_USE_EPOLL EV_FEATURE_BACKENDS
+# else
+#  define EV_USE_EPOLL 0
+# endif
+#endif
+
+#ifndef EV_USE_KQUEUE
+# define EV_USE_KQUEUE 0
+#endif
+
+#ifndef EV_USE_PORT
+# define EV_USE_PORT 0
+#endif
+
+#ifndef EV_USE_INOTIFY
+# if __linux && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 4))
+#  define EV_USE_INOTIFY EV_FEATURE_OS
+# else
+#  define EV_USE_INOTIFY 0
+# endif
+#endif
+
+#ifndef EV_PID_HASHSIZE
+# define EV_PID_HASHSIZE EV_FEATURE_DATA ? 16 : 1
+#endif
+
+#ifndef EV_INOTIFY_HASHSIZE
+# define EV_INOTIFY_HASHSIZE EV_FEATURE_DATA ? 16 : 1
+#endif
+
+#ifndef EV_USE_EVENTFD
+# if __linux && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 7))
+#  define EV_USE_EVENTFD EV_FEATURE_OS
+# else
+#  define EV_USE_EVENTFD 0
+# endif
+#endif
+
+#ifndef EV_USE_SIGNALFD
+# if __linux && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 7))
+#  define EV_USE_SIGNALFD EV_FEATURE_OS
+# else
+#  define EV_USE_SIGNALFD 0
+# endif
+#endif
+
+#if 0 /* debugging */
+# define EV_VERIFY 3
+# define EV_USE_4HEAP 1
+# define EV_HEAP_CACHE_AT 1
+#endif
+
+#ifndef EV_VERIFY
+# define EV_VERIFY (EV_FEATURE_API ? 1 : 0)
+#endif
+
+#ifndef EV_USE_4HEAP
+# define EV_USE_4HEAP EV_FEATURE_DATA
+#endif
+
+#ifndef EV_HEAP_CACHE_AT
+# define EV_HEAP_CACHE_AT EV_FEATURE_DATA
+#endif
+
+#ifdef ANDROID
+/* supposedly, android doesn't typedef fd_mask */
+# undef EV_USE_SELECT
+# define EV_USE_SELECT 0
+/* supposedly, we need to include syscall.h, not sys/syscall.h, so just disable */
+# undef EV_USE_CLOCK_SYSCALL
+# define EV_USE_CLOCK_SYSCALL 0
+#endif
+
+/* aix's poll.h seems to cause lots of trouble */
+#ifdef _AIX
+/* AIX has a completely broken poll.h header */
+# undef EV_USE_POLL
+# define EV_USE_POLL 0
+#endif
+
+/* on linux, we can use a (slow) syscall to avoid a dependency on pthread, */
+/* which makes programs even slower. might work on other unices, too. */
+#if EV_USE_CLOCK_SYSCALL
+# include <sys/syscall.h>
+# ifdef SYS_clock_gettime
+#  define clock_gettime(id, ts) syscall (SYS_clock_gettime, (id), (ts))
+#  undef EV_USE_MONOTONIC
+#  define EV_USE_MONOTONIC 1
+# else
+#  undef EV_USE_CLOCK_SYSCALL
+#  define EV_USE_CLOCK_SYSCALL 0
+# endif
+#endif
+
+/* this block fixes any misconfiguration where we know we run into trouble otherwise */
+
+#ifndef CLOCK_MONOTONIC
+# undef EV_USE_MONOTONIC
+# define EV_USE_MONOTONIC 0
+#endif
+
+#ifndef CLOCK_REALTIME
+# undef EV_USE_REALTIME
+# define EV_USE_REALTIME 0
+#endif
+
+#if !EV_STAT_ENABLE
+# undef EV_USE_INOTIFY
+# define EV_USE_INOTIFY 0
+#endif
+
+#if !EV_USE_NANOSLEEP
+/* hp-ux has it in sys/time.h, which we unconditionally include above */
+# if !defined _WIN32 && !defined __hpux
+#  include <sys/select.h>
+# endif
+#endif
+
+#if EV_USE_INOTIFY
+# include <sys/statfs.h>
+# include <sys/inotify.h>
+/* some very old inotify.h headers don't have IN_DONT_FOLLOW */
+# ifndef IN_DONT_FOLLOW
+#  undef EV_USE_INOTIFY
+#  define EV_USE_INOTIFY 0
+# endif
+#endif
+
+#if EV_USE_EVENTFD
+/* our minimum requirement is glibc 2.7 which has the stub, but not the header */
+# include <stdint.h>
+# ifndef EFD_NONBLOCK
+#  define EFD_NONBLOCK O_NONBLOCK
+# endif
+# ifndef EFD_CLOEXEC
+#  ifdef O_CLOEXEC
+#   define EFD_CLOEXEC O_CLOEXEC
+#  else
+#   define EFD_CLOEXEC 02000000
+#  endif
+# endif
+EV_CPP(extern "C") int (eventfd) (unsigned int initval, int flags);
+#endif
+
+#if EV_USE_SIGNALFD
+/* our minimum requirement is glibc 2.7 which has the stub, but not the header */
+# include <stdint.h>
+# ifndef SFD_NONBLOCK
+#  define SFD_NONBLOCK O_NONBLOCK
+# endif
+# ifndef SFD_CLOEXEC
+#  ifdef O_CLOEXEC
+#   define SFD_CLOEXEC O_CLOEXEC
+#  else
+#   define SFD_CLOEXEC 02000000
+#  endif
+# endif
+EV_CPP (extern "C") int signalfd (int fd, const sigset_t *mask, int flags);
+
+struct signalfd_siginfo
+{
+  uint32_t ssi_signo;
+  char pad[128 - sizeof (uint32_t)];
+};
+#endif
+
+/**/
+
+#if EV_VERIFY >= 3
+# define EV_FREQUENT_CHECK ev_verify (EV_A)
+#else
+# define EV_FREQUENT_CHECK do { } while (0)
+#endif
+
+/*
+ * This is used to work around floating point rounding problems.
+ * This value is good at least till the year 4000.
+ */
+#define MIN_INTERVAL  0.0001220703125 /* 1/2**13, good till 4000 */
+/*#define MIN_INTERVAL  0.00000095367431640625 /* 1/2**20, good till 2200 */
+
+#define MIN_TIMEJUMP  1. /* minimum timejump that gets detected (if monotonic clock available) */
+#define MAX_BLOCKTIME 59.743 /* never wait longer than this time (to detect time jumps) */
+
+#define EV_TV_SET(tv,t) do { tv.tv_sec = (long)t; tv.tv_usec = (long)((t - tv.tv_sec) * 1e6); } while (0)
+#define EV_TS_SET(ts,t) do { ts.tv_sec = (long)t; ts.tv_nsec = (long)((t - ts.tv_sec) * 1e9); } while (0)
+
+/* the following is ecb.h embedded into libev - use update_ev_c to update from an external copy */
+/* ECB.H BEGIN */
+/*
+ * libecb - http://software.schmorp.de/pkg/libecb
+ *
+ * Copyright (©) 2009-2015 Marc Alexander Lehmann <libecb@schmorp.de>
+ * Copyright (©) 2011 Emanuele Giaquinta
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef ECB_H
+#define ECB_H
+
+/* 16 bits major, 16 bits minor */
+#define ECB_VERSION 0x00010005
+
+#ifdef _WIN32
+  typedef   signed char   int8_t;
+  typedef unsigned char  uint8_t;
+  typedef   signed short  int16_t;
+  typedef unsigned short uint16_t;
+  typedef   signed int    int32_t;
+  typedef unsigned int   uint32_t;
+  #if __GNUC__
+    typedef   signed long long int64_t;
+    typedef unsigned long long uint64_t;
+  #else /* _MSC_VER || __BORLANDC__ */
+    typedef   signed __int64   int64_t;
+    typedef unsigned __int64   uint64_t;
+  #endif
+  #ifdef _WIN64
+    #define ECB_PTRSIZE 8
+    typedef uint64_t uintptr_t;
+    typedef  int64_t  intptr_t;
+  #else
+    #define ECB_PTRSIZE 4
+    typedef uint32_t uintptr_t;
+    typedef  int32_t  intptr_t;
+  #endif
+#else
+  #include <inttypes.h>
+  #if (defined INTPTR_MAX ? INTPTR_MAX : ULONG_MAX) > 0xffffffffU
+    #define ECB_PTRSIZE 8
+  #else
+    #define ECB_PTRSIZE 4
+  #endif
+#endif
+
+#define ECB_GCC_AMD64 (__amd64 || __amd64__ || __x86_64 || __x86_64__)
+#define ECB_MSVC_AMD64 (_M_AMD64 || _M_X64)
+
+/* work around x32 idiocy by defining proper macros */
+#if ECB_GCC_AMD64 || ECB_MSVC_AMD64
+  #if _ILP32
+    #define ECB_AMD64_X32 1
+  #else
+    #define ECB_AMD64 1
+  #endif
+#endif
+
+/* many compilers define _GNUC_ to some versions but then only implement
+ * what their idiot authors think are the "more important" extensions,
+ * causing enormous grief in return for some better fake benchmark numbers.
+ * or so.
+ * we try to detect these and simply assume they are not gcc - if they have
+ * an issue with that they should have done it right in the first place.
+ */
+#if !defined __GNUC_MINOR__ || defined __INTEL_COMPILER || defined __SUNPRO_C || defined __SUNPRO_CC || defined __llvm__ || defined __clang__
+  #define ECB_GCC_VERSION(major,minor) 0
+#else
+  #define ECB_GCC_VERSION(major,minor) (__GNUC__ > (major) || (__GNUC__ == (major) && __GNUC_MINOR__ >= (minor)))
+#endif
+
+#define ECB_CLANG_VERSION(major,minor) (__clang_major__ > (major) || (__clang_major__ == (major) && __clang_minor__ >= (minor)))
+
+#if __clang__ && defined __has_builtin
+  #define ECB_CLANG_BUILTIN(x) __has_builtin (x)
+#else
+  #define ECB_CLANG_BUILTIN(x) 0
+#endif
+
+#if __clang__ && defined __has_extension
+  #define ECB_CLANG_EXTENSION(x) __has_extension (x)
+#else
+  #define ECB_CLANG_EXTENSION(x) 0
+#endif
+
+#define ECB_CPP   (__cplusplus+0)
+#define ECB_CPP11 (__cplusplus >= 201103L)
+
+#if ECB_CPP
+  #define ECB_C            0
+  #define ECB_STDC_VERSION 0
+#else
+  #define ECB_C            1
+  #define ECB_STDC_VERSION __STDC_VERSION__
+#endif
+
+#define ECB_C99   (ECB_STDC_VERSION >= 199901L)
+#define ECB_C11   (ECB_STDC_VERSION >= 201112L)
+
+#if ECB_CPP
+  #define ECB_EXTERN_C extern "C"
+  #define ECB_EXTERN_C_BEG ECB_EXTERN_C {
+  #define ECB_EXTERN_C_END }
+#else
+  #define ECB_EXTERN_C extern
+  #define ECB_EXTERN_C_BEG
+  #define ECB_EXTERN_C_END
+#endif
+
+/*****************************************************************************/
+
+/* ECB_NO_THREADS - ecb is not used by multiple threads, ever */
+/* ECB_NO_SMP     - ecb might be used in multiple threads, but only on a single cpu */
+
+#if ECB_NO_THREADS
+  #define ECB_NO_SMP 1
+#endif
+
+#if ECB_NO_SMP
+  #define ECB_MEMORY_FENCE do { } while (0)
+#endif
+
+/* http://www-01.ibm.com/support/knowledgecenter/SSGH3R_13.1.0/com.ibm.xlcpp131.aix.doc/compiler_ref/compiler_builtins.html */
+#if __xlC__ && ECB_CPP
+  #include <builtins.h>
+#endif
+
+#if 1400 <= _MSC_VER
+  #include <intrin.h> /* fence functions _ReadBarrier, also bit search functions _BitScanReverse */
+#endif
+
+#ifndef ECB_MEMORY_FENCE
+  #if ECB_GCC_VERSION(2,5) || defined __INTEL_COMPILER || (__llvm__ && __GNUC__) || __SUNPRO_C >= 0x5110 || __SUNPRO_CC >= 0x5110
+    #if __i386 || __i386__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("lock; orb $0, -1(%%esp)" : : : "memory")
+      #define ECB_MEMORY_FENCE_ACQUIRE __asm__ __volatile__ (""                        : : : "memory")
+      #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("")
+    #elif ECB_GCC_AMD64
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("mfence"   : : : "memory")
+      #define ECB_MEMORY_FENCE_ACQUIRE __asm__ __volatile__ (""         : : : "memory")
+      #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("")
+    #elif __powerpc__ || __ppc__ || __powerpc64__ || __ppc64__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("sync"     : : : "memory")
+    #elif defined __ARM_ARCH_2__ \
+      || defined __ARM_ARCH_3__  || defined __ARM_ARCH_3M__  \
+      || defined __ARM_ARCH_4__  || defined __ARM_ARCH_4T__  \
+      || defined __ARM_ARCH_5__  || defined __ARM_ARCH_5E__  \
+      || defined __ARM_ARCH_5T__ || defined __ARM_ARCH_5TE__ \
+      || defined __ARM_ARCH_5TEJ__
+      /* should not need any, unless running old code on newer cpu - arm doesn't support that */
+    #elif defined __ARM_ARCH_6__  || defined __ARM_ARCH_6J__  \
+       || defined __ARM_ARCH_6K__ || defined __ARM_ARCH_6ZK__ \
+       || defined __ARM_ARCH_6T2__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("mcr p15,0,%0,c7,c10,5" : : "r" (0) : "memory")
+    #elif defined __ARM_ARCH_7__  || defined __ARM_ARCH_7A__  \
+       || defined __ARM_ARCH_7R__ || defined __ARM_ARCH_7M__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("dmb"      : : : "memory")
+    #elif __aarch64__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("dmb ish"  : : : "memory")
+    #elif (__sparc || __sparc__) && !(__sparc_v8__ || defined __sparcv8)
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("membar #LoadStore | #LoadLoad | #StoreStore | #StoreLoad" : : : "memory")
+      #define ECB_MEMORY_FENCE_ACQUIRE __asm__ __volatile__ ("membar #LoadStore | #LoadLoad"                            : : : "memory")
+      #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("membar #LoadStore             | #StoreStore")
+    #elif defined __s390__ || defined __s390x__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("bcr 15,0" : : : "memory")
+    #elif defined __mips__
+      /* GNU/Linux emulates sync on mips1 architectures, so we force its use */
+      /* anybody else who still uses mips1 is supposed to send in their version, with detection code. */
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ (".set mips2; sync; .set mips0" : : : "memory")
+    #elif defined __alpha__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("mb"       : : : "memory")
+    #elif defined __hppa__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ (""         : : : "memory")
+      #define ECB_MEMORY_FENCE_RELEASE __asm__ __volatile__ ("")
+    #elif defined __ia64__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("mf"       : : : "memory")
+    #elif defined __m68k__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ (""         : : : "memory")
+    #elif defined __m88k__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ ("tb1 0,%%r0,128" : : : "memory")
+    #elif defined __sh__
+      #define ECB_MEMORY_FENCE         __asm__ __volatile__ (""         : : : "memory")
+    #endif
+  #endif
+#endif
+
+#ifndef ECB_MEMORY_FENCE
+  #if ECB_GCC_VERSION(4,7)
+    /* see comment below (stdatomic.h) about the C11 memory model. */
+    #define ECB_MEMORY_FENCE         __atomic_thread_fence (__ATOMIC_SEQ_CST)
+    #define ECB_MEMORY_FENCE_ACQUIRE __atomic_thread_fence (__ATOMIC_ACQUIRE)
+    #define ECB_MEMORY_FENCE_RELEASE __atomic_thread_fence (__ATOMIC_RELEASE)
+
+  #elif ECB_CLANG_EXTENSION(c_atomic)
+    /* see comment below (stdatomic.h) about the C11 memory model. */
+    #define ECB_MEMORY_FENCE         __c11_atomic_thread_fence (__ATOMIC_SEQ_CST)
+    #define ECB_MEMORY_FENCE_ACQUIRE __c11_atomic_thread_fence (__ATOMIC_ACQUIRE)
+    #define ECB_MEMORY_FENCE_RELEASE __c11_atomic_thread_fence (__ATOMIC_RELEASE)
+
+  #elif ECB_GCC_VERSION(4,4) || defined __INTEL_COMPILER || defined __clang__
+    #define ECB_MEMORY_FENCE         __sync_synchronize ()
+  #elif _MSC_VER >= 1500 /* VC++ 2008 */
+    /* apparently, microsoft broke all the memory barrier stuff in Visual Studio 2008... */
+    #pragma intrinsic(_ReadBarrier,_WriteBarrier,_ReadWriteBarrier)
+    #define ECB_MEMORY_FENCE         _ReadWriteBarrier (); MemoryBarrier()
+    #define ECB_MEMORY_FENCE_ACQUIRE _ReadWriteBarrier (); MemoryBarrier() /* according to msdn, _ReadBarrier is not a load fence */
+    #define ECB_MEMORY_FENCE_RELEASE _WriteBarrier (); MemoryBarrier()
+  #elif _MSC_VER >= 1400 /* VC++ 2005 */
+    #pragma intrinsic(_ReadBarrier,_WriteBarrier,_ReadWriteBarrier)
+    #define ECB_MEMORY_FENCE         _ReadWriteBarrier ()
+    #define ECB_MEMORY_FENCE_ACQUIRE _ReadWriteBarrier () /* according to msdn, _ReadBarrier is not a load fence */
+    #define ECB_MEMORY_FENCE_RELEASE _WriteBarrier ()
+  #elif defined _WIN32
+    #include <WinNT.h>
+    #define ECB_MEMORY_FENCE         MemoryBarrier () /* actually just xchg on x86... scary */
+  #elif __SUNPRO_C >= 0x5110 || __SUNPRO_CC >= 0x5110
+    #include <mbarrier.h>
+    #define ECB_MEMORY_FENCE         __machine_rw_barrier ()
+    #define ECB_MEMORY_FENCE_ACQUIRE __machine_r_barrier  ()
+    #define ECB_MEMORY_FENCE_RELEASE __machine_w_barrier  ()
+  #elif __xlC__
+    #define ECB_MEMORY_FENCE         __sync ()
+  #endif
+#endif
+
+#ifndef ECB_MEMORY_FENCE
+  #if ECB_C11 && !defined __STDC_NO_ATOMICS__
+    /* we assume that these memory fences work on all variables/all memory accesses, */
+    /* not just C11 atomics and atomic accesses */
+    #include <stdatomic.h>
+    /* Unfortunately, neither gcc 4.7 nor clang 3.1 generate any instructions for */
+    /* any fence other than seq_cst, which isn't very efficient for us. */
+    /* Why that is, we don't know - either the C11 memory model is quite useless */
+    /* for most usages, or gcc and clang have a bug */
+    /* I *currently* lean towards the latter, and inefficiently implement */
+    /* all three of ecb's fences as a seq_cst fence */
+    /* Update, gcc-4.8 generates mfence for all c++ fences, but nothing */
+    /* for all __atomic_thread_fence's except seq_cst */
+    #define ECB_MEMORY_FENCE         atomic_thread_fence (memory_order_seq_cst)
+  #endif
+#endif
+
+#ifndef ECB_MEMORY_FENCE
+  #if !ECB_AVOID_PTHREADS
+    /*
+     * if you get undefined symbol references to pthread_mutex_lock,
+     * or failure to find pthread.h, then you should implement
+     * the ECB_MEMORY_FENCE operations for your cpu/compiler
+     * OR provide pthread.h and link against the posix thread library
+     * of your system.
+     */
+    #include <pthread.h>
+    #define ECB_NEEDS_PTHREADS 1
+    #define ECB_MEMORY_FENCE_NEEDS_PTHREADS 1
+
+    static pthread_mutex_t ecb_mf_lock = PTHREAD_MUTEX_INITIALIZER;
+    #define ECB_MEMORY_FENCE do { pthread_mutex_lock (&ecb_mf_lock); pthread_mutex_unlock (&ecb_mf_lock); } while (0)
+  #endif
+#endif
+
+#if !defined ECB_MEMORY_FENCE_ACQUIRE && defined ECB_MEMORY_FENCE
+  #define ECB_MEMORY_FENCE_ACQUIRE ECB_MEMORY_FENCE
+#endif
+
+#if !defined ECB_MEMORY_FENCE_RELEASE && defined ECB_MEMORY_FENCE
+  #define ECB_MEMORY_FENCE_RELEASE ECB_MEMORY_FENCE
+#endif
+
+/*****************************************************************************/
+
+#if ECB_CPP
+  #define ecb_inline static inline
+#elif ECB_GCC_VERSION(2,5)
+  #define ecb_inline static __inline__
+#elif ECB_C99
+  #define ecb_inline static inline
+#else
+  #define ecb_inline static
+#endif
+
+#if ECB_GCC_VERSION(3,3)
+  #define ecb_restrict __restrict__
+#elif ECB_C99
+  #define ecb_restrict restrict
+#else
+  #define ecb_restrict
+#endif
+
+typedef int ecb_bool;
+
+#define ECB_CONCAT_(a, b) a ## b
+#define ECB_CONCAT(a, b) ECB_CONCAT_(a, b)
+#define ECB_STRINGIFY_(a) # a
+#define ECB_STRINGIFY(a) ECB_STRINGIFY_(a)
+#define ECB_STRINGIFY_EXPR(expr) ((expr), ECB_STRINGIFY_ (expr))
+
+#define ecb_function_ ecb_inline
+
+#if ECB_GCC_VERSION(3,1) || ECB_CLANG_VERSION(2,8)
+  #define ecb_attribute(attrlist)        __attribute__ (attrlist)
+#else
+  #define ecb_attribute(attrlist)
+#endif
+
+#if ECB_GCC_VERSION(3,1) || ECB_CLANG_BUILTIN(__builtin_constant_p)
+  #define ecb_is_constant(expr)          __builtin_constant_p (expr)
+#else
+  /* possible C11 impl for integral types
+  typedef struct ecb_is_constant_struct ecb_is_constant_struct;
+  #define ecb_is_constant(expr)          _Generic ((1 ? (struct ecb_is_constant_struct *)0 : (void *)((expr) - (expr)), ecb_is_constant_struct *: 0, default: 1)) */
+
+  #define ecb_is_constant(expr)          0
+#endif
+
+#if ECB_GCC_VERSION(3,1) || ECB_CLANG_BUILTIN(__builtin_expect)
+  #define ecb_expect(expr,value)         __builtin_expect ((expr),(value))
+#else
+  #define ecb_expect(expr,value)         (expr)
+#endif
+
+#if ECB_GCC_VERSION(3,1) || ECB_CLANG_BUILTIN(__builtin_prefetch)
+  #define ecb_prefetch(addr,rw,locality) __builtin_prefetch (addr, rw, locality)
+#else
+  #define ecb_prefetch(addr,rw,locality)
+#endif
+
+/* no emulation for ecb_decltype */
+#if ECB_CPP11
+  // older implementations might have problems with decltype(x)::type, work around it
+  template<class T> struct ecb_decltype_t { typedef T type; };
+  #define ecb_decltype(x) ecb_decltype_t<decltype (x)>::type
+#elif ECB_GCC_VERSION(3,0) || ECB_CLANG_VERSION(2,8)
+  #define ecb_decltype(x) __typeof__ (x)
+#endif
+
+#if _MSC_VER >= 1300
+  #define ecb_deprecated __declspec (deprecated)
+#else
+  #define ecb_deprecated ecb_attribute ((__deprecated__))
+#endif
+
+#if _MSC_VER >= 1500
+  #define ecb_deprecated_message(msg) __declspec (deprecated (msg))
+#elif ECB_GCC_VERSION(4,5)
+  #define ecb_deprecated_message(msg) ecb_attribute ((__deprecated__ (msg))
+#else
+  #define ecb_deprecated_message(msg) ecb_deprecated
+#endif
+
+#if _MSC_VER >= 1400
+  #define ecb_noinline __declspec (noinline)
+#else
+  #define ecb_noinline ecb_attribute ((__noinline__))
+#endif
+
+#define ecb_unused     ecb_attribute ((__unused__))
+#define ecb_const      ecb_attribute ((__const__))
+#define ecb_pure       ecb_attribute ((__pure__))
+
+#if ECB_C11 || __IBMC_NORETURN
+  /* http://www-01.ibm.com/support/knowledgecenter/SSGH3R_13.1.0/com.ibm.xlcpp131.aix.doc/language_ref/noreturn.html */
+  #define ecb_noreturn   _Noreturn
+#elif ECB_CPP11
+  #define ecb_noreturn   [[noreturn]]
+#elif _MSC_VER >= 1200
+  /* http://msdn.microsoft.com/en-us/library/k6ktzx3s.aspx */
+  #define ecb_noreturn   __declspec (noreturn)
+#else
+  #define ecb_noreturn   ecb_attribute ((__noreturn__))
+#endif
+
+#if ECB_GCC_VERSION(4,3)
+  #define ecb_artificial ecb_attribute ((__artificial__))
+  #define ecb_hot        ecb_attribute ((__hot__))
+  #define ecb_cold       ecb_attribute ((__cold__))
+#else
+  #define ecb_artificial
+  #define ecb_hot
+  #define ecb_cold
+#endif
+
+/* put around conditional expressions if you are very sure that the  */
+/* expression is mostly true or mostly false. note that these return */
+/* booleans, not the expression.                                     */
+#define ecb_expect_false(expr) ecb_expect (!!(expr), 0)
+#define ecb_expect_true(expr)  ecb_expect (!!(expr), 1)
+/* for compatibility to the rest of the world */
+#define ecb_likely(expr)   ecb_expect_true  (expr)
+#define ecb_unlikely(expr) ecb_expect_false (expr)
+
+/* count trailing zero bits and count # of one bits */
+#if ECB_GCC_VERSION(3,4) \
+    || (ECB_CLANG_BUILTIN(__builtin_clz) && ECB_CLANG_BUILTIN(__builtin_clzll) \
+        && ECB_CLANG_BUILTIN(__builtin_ctz) && ECB_CLANG_BUILTIN(__builtin_ctzll) \
+        && ECB_CLANG_BUILTIN(__builtin_popcount))
+  /* we assume int == 32 bit, long == 32 or 64 bit and long long == 64 bit */
+  #define ecb_ld32(x)      (__builtin_clz      (x) ^ 31)
+  #define ecb_ld64(x)      (__builtin_clzll    (x) ^ 63)
+  #define ecb_ctz32(x)      __builtin_ctz      (x)
+  #define ecb_ctz64(x)      __builtin_ctzll    (x)
+  #define ecb_popcount32(x) __builtin_popcount (x)
+  /* no popcountll */
+#else
+  ecb_function_ ecb_const int ecb_ctz32 (uint32_t x);
+  ecb_function_ ecb_const int
+  ecb_ctz32 (uint32_t x)
+  {
+#if 1400 <= _MSC_VER && (_M_IX86 || _M_X64 || _M_IA64 || _M_ARM)
+    unsigned long r;
+    _BitScanForward (&r, x);
+    return (int)r;
+#else
+    int r = 0;
+
+    x &= ~x + 1; /* this isolates the lowest bit */
+
+#if ECB_branchless_on_i386
+    r += !!(x & 0xaaaaaaaa) << 0;
+    r += !!(x & 0xcccccccc) << 1;
+    r += !!(x & 0xf0f0f0f0) << 2;
+    r += !!(x & 0xff00ff00) << 3;
+    r += !!(x & 0xffff0000) << 4;
+#else
+    if (x & 0xaaaaaaaa) r +=  1;
+    if (x & 0xcccccccc) r +=  2;
+    if (x & 0xf0f0f0f0) r +=  4;
+    if (x & 0xff00ff00) r +=  8;
+    if (x & 0xffff0000) r += 16;
+#endif
+
+    return r;
+#endif
+  }
+
+  ecb_function_ ecb_const int ecb_ctz64 (uint64_t x);
+  ecb_function_ ecb_const int
+  ecb_ctz64 (uint64_t x)
+  {
+#if 1400 <= _MSC_VER && (_M_X64 || _M_IA64 || _M_ARM)
+    unsigned long r;
+    _BitScanForward64 (&r, x);
+    return (int)r;
+#else
+    int shift = x & 0xffffffff ? 0 : 32;
+    return ecb_ctz32 (x >> shift) + shift;
+#endif
+  }
+
+  ecb_function_ ecb_const int ecb_popcount32 (uint32_t x);
+  ecb_function_ ecb_const int
+  ecb_popcount32 (uint32_t x)
+  {
+    x -=  (x >> 1) & 0x55555555;
+    x  = ((x >> 2) & 0x33333333) + (x & 0x33333333);
+    x  = ((x >> 4) + x) & 0x0f0f0f0f;
+    x *= 0x01010101;
+
+    return x >> 24;
+  }
+
+  ecb_function_ ecb_const int ecb_ld32 (uint32_t x);
+  ecb_function_ ecb_const int ecb_ld32 (uint32_t x)
+  {
+#if 1400 <= _MSC_VER && (_M_IX86 || _M_X64 || _M_IA64 || _M_ARM)
+    unsigned long r;
+    _BitScanReverse (&r, x);
+    return (int)r;
+#else
+    int r = 0;
+
+    if (x >> 16) { x >>= 16; r += 16; }
+    if (x >>  8) { x >>=  8; r +=  8; }
+    if (x >>  4) { x >>=  4; r +=  4; }
+    if (x >>  2) { x >>=  2; r +=  2; }
+    if (x >>  1) {           r +=  1; }
+
+    return r;
+#endif
+  }
+
+  ecb_function_ ecb_const int ecb_ld64 (uint64_t x);
+  ecb_function_ ecb_const int ecb_ld64 (uint64_t x)
+  {
+#if 1400 <= _MSC_VER && (_M_X64 || _M_IA64 || _M_ARM)
+    unsigned long r;
+    _BitScanReverse64 (&r, x);
+    return (int)r;
+#else
+    int r = 0;
+
+    if (x >> 32) { x >>= 32; r += 32; }
+
+    return r + ecb_ld32 (x);
+#endif
+  }
+#endif
+
+ecb_function_ ecb_const ecb_bool ecb_is_pot32 (uint32_t x);
+ecb_function_ ecb_const ecb_bool ecb_is_pot32 (uint32_t x) { return !(x & (x - 1)); }
+ecb_function_ ecb_const ecb_bool ecb_is_pot64 (uint64_t x);
+ecb_function_ ecb_const ecb_bool ecb_is_pot64 (uint64_t x) { return !(x & (x - 1)); }
+
+ecb_function_ ecb_const uint8_t  ecb_bitrev8  (uint8_t  x);
+ecb_function_ ecb_const uint8_t  ecb_bitrev8  (uint8_t  x)
+{
+  return (  (x * 0x0802U & 0x22110U)
+          | (x * 0x8020U & 0x88440U)) * 0x10101U >> 16;
+}
+
+ecb_function_ ecb_const uint16_t ecb_bitrev16 (uint16_t x);
+ecb_function_ ecb_const uint16_t ecb_bitrev16 (uint16_t x)
+{
+  x = ((x >>  1) &     0x5555) | ((x &     0x5555) <<  1);
+  x = ((x >>  2) &     0x3333) | ((x &     0x3333) <<  2);
+  x = ((x >>  4) &     0x0f0f) | ((x &     0x0f0f) <<  4);
+  x = ( x >>  8              ) | ( x               <<  8);
+
+  return x;
+}
+
+ecb_function_ ecb_const uint32_t ecb_bitrev32 (uint32_t x);
+ecb_function_ ecb_const uint32_t ecb_bitrev32 (uint32_t x)
+{
+  x = ((x >>  1) & 0x55555555) | ((x & 0x55555555) <<  1);
+  x = ((x >>  2) & 0x33333333) | ((x & 0x33333333) <<  2);
+  x = ((x >>  4) & 0x0f0f0f0f) | ((x & 0x0f0f0f0f) <<  4);
+  x = ((x >>  8) & 0x00ff00ff) | ((x & 0x00ff00ff) <<  8);
+  x = ( x >> 16              ) | ( x               << 16);
+
+  return x;
+}
+
+/* popcount64 is only available on 64 bit cpus as gcc builtin */
+/* so for this version we are lazy */
+ecb_function_ ecb_const int ecb_popcount64 (uint64_t x);
+ecb_function_ ecb_const int
+ecb_popcount64 (uint64_t x)
+{
+  return ecb_popcount32 (x) + ecb_popcount32 (x >> 32);
+}
+
+ecb_inline ecb_const uint8_t  ecb_rotl8  (uint8_t  x, unsigned int count);
+ecb_inline ecb_const uint8_t  ecb_rotr8  (uint8_t  x, unsigned int count);
+ecb_inline ecb_const uint16_t ecb_rotl16 (uint16_t x, unsigned int count);
+ecb_inline ecb_const uint16_t ecb_rotr16 (uint16_t x, unsigned int count);
+ecb_inline ecb_const uint32_t ecb_rotl32 (uint32_t x, unsigned int count);
+ecb_inline ecb_const uint32_t ecb_rotr32 (uint32_t x, unsigned int count);
+ecb_inline ecb_const uint64_t ecb_rotl64 (uint64_t x, unsigned int count);
+ecb_inline ecb_const uint64_t ecb_rotr64 (uint64_t x, unsigned int count);
+
+ecb_inline ecb_const uint8_t  ecb_rotl8  (uint8_t  x, unsigned int count) { return (x >> ( 8 - count)) | (x << count); }
+ecb_inline ecb_const uint8_t  ecb_rotr8  (uint8_t  x, unsigned int count) { return (x << ( 8 - count)) | (x >> count); }
+ecb_inline ecb_const uint16_t ecb_rotl16 (uint16_t x, unsigned int count) { return (x >> (16 - count)) | (x << count); }
+ecb_inline ecb_const uint16_t ecb_rotr16 (uint16_t x, unsigned int count) { return (x << (16 - count)) | (x >> count); }
+ecb_inline ecb_const uint32_t ecb_rotl32 (uint32_t x, unsigned int count) { return (x >> (32 - count)) | (x << count); }
+ecb_inline ecb_const uint32_t ecb_rotr32 (uint32_t x, unsigned int count) { return (x << (32 - count)) | (x >> count); }
+ecb_inline ecb_const uint64_t ecb_rotl64 (uint64_t x, unsigned int count) { return (x >> (64 - count)) | (x << count); }
+ecb_inline ecb_const uint64_t ecb_rotr64 (uint64_t x, unsigned int count) { return (x << (64 - count)) | (x >> count); }
+
+#if ECB_GCC_VERSION(4,3) || (ECB_CLANG_BUILTIN(__builtin_bswap32) && ECB_CLANG_BUILTIN(__builtin_bswap64))
+  #if ECB_GCC_VERSION(4,8) || ECB_CLANG_BUILTIN(__builtin_bswap16)
+  #define ecb_bswap16(x)  __builtin_bswap16 (x)
+  #else
+  #define ecb_bswap16(x) (__builtin_bswap32 (x) >> 16)
+  #endif
+  #define ecb_bswap32(x)  __builtin_bswap32 (x)
+  #define ecb_bswap64(x)  __builtin_bswap64 (x)
+#elif _MSC_VER
+  #include <stdlib.h>
+  #define ecb_bswap16(x) ((uint16_t)_byteswap_ushort ((uint16_t)(x)))
+  #define ecb_bswap32(x) ((uint32_t)_byteswap_ulong  ((uint32_t)(x)))
+  #define ecb_bswap64(x) ((uint64_t)_byteswap_uint64 ((uint64_t)(x)))
+#else
+  ecb_function_ ecb_const uint16_t ecb_bswap16 (uint16_t x);
+  ecb_function_ ecb_const uint16_t
+  ecb_bswap16 (uint16_t x)
+  {
+    return ecb_rotl16 (x, 8);
+  }
+
+  ecb_function_ ecb_const uint32_t ecb_bswap32 (uint32_t x);
+  ecb_function_ ecb_const uint32_t
+  ecb_bswap32 (uint32_t x)
+  {
+    return (((uint32_t)ecb_bswap16 (x)) << 16) | ecb_bswap16 (x >> 16);
+  }
+
+  ecb_function_ ecb_const uint64_t ecb_bswap64 (uint64_t x);
+  ecb_function_ ecb_const uint64_t
+  ecb_bswap64 (uint64_t x)
+  {
+    return (((uint64_t)ecb_bswap32 (x)) << 32) | ecb_bswap32 (x >> 32);
+  }
+#endif
+
+#if ECB_GCC_VERSION(4,5) || ECB_CLANG_BUILTIN(__builtin_unreachable)
+  #define ecb_unreachable() __builtin_unreachable ()
+#else
+  /* this seems to work fine, but gcc always emits a warning for it :/ */
+  ecb_inline ecb_noreturn void ecb_unreachable (void);
+  ecb_inline ecb_noreturn void ecb_unreachable (void) { }
+#endif
+
+/* try to tell the compiler that some condition is definitely true */
+#define ecb_assume(cond) if (!(cond)) ecb_unreachable (); else 0
+
+ecb_inline ecb_const uint32_t ecb_byteorder_helper (void);
+ecb_inline ecb_const uint32_t
+ecb_byteorder_helper (void)
+{
+  /* the union code still generates code under pressure in gcc, */
+  /* but less than using pointers, and always seems to */
+  /* successfully return a constant. */
+  /* the reason why we have this horrible preprocessor mess */
+  /* is to avoid it in all cases, at least on common architectures */
+  /* or when using a recent enough gcc version (>= 4.6) */
+#if (defined __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) \
+    || ((__i386 || __i386__ || _M_IX86 || ECB_GCC_AMD64 || ECB_MSVC_AMD64) && !__VOS__)
+  #define ECB_LITTLE_ENDIAN 1
+  return 0x44332211;
+#elif (defined __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) \
+      || ((__AARCH64EB__ || __MIPSEB__ || __ARMEB__) && !__VOS__)
+  #define ECB_BIG_ENDIAN 1
+  return 0x11223344;
+#else
+  union
+  {
+    uint8_t c[4];
+    uint32_t u;
+  } u = { 0x11, 0x22, 0x33, 0x44 };
+  return u.u;
+#endif
+}
+
+ecb_inline ecb_const ecb_bool ecb_big_endian    (void);
+ecb_inline ecb_const ecb_bool ecb_big_endian    (void) { return ecb_byteorder_helper () == 0x11223344; }
+ecb_inline ecb_const ecb_bool ecb_little_endian (void);
+ecb_inline ecb_const ecb_bool ecb_little_endian (void) { return ecb_byteorder_helper () == 0x44332211; }
+
+#if ECB_GCC_VERSION(3,0) || ECB_C99
+  #define ecb_mod(m,n) ((m) % (n) + ((m) % (n) < 0 ? (n) : 0))
+#else
+  #define ecb_mod(m,n) ((m) < 0 ? ((n) - 1 - ((-1 - (m)) % (n))) : ((m) % (n)))
+#endif
+
+#if ECB_CPP
+  template<typename T>
+  static inline T ecb_div_rd (T val, T div)
+  {
+    return val < 0 ? - ((-val + div - 1) / div) : (val          ) / div;
+  }
+  template<typename T>
+  static inline T ecb_div_ru (T val, T div)
+  {
+    return val < 0 ? - ((-val          ) / div) : (val + div - 1) / div;
+  }
+#else
+  #define ecb_div_rd(val,div) ((val) < 0 ? - ((-(val) + (div) - 1) / (div)) : ((val)            ) / (div))
+  #define ecb_div_ru(val,div) ((val) < 0 ? - ((-(val)            ) / (div)) : ((val) + (div) - 1) / (div))
+#endif
+
+#if ecb_cplusplus_does_not_suck
+  /* does not work for local types (http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2657.htm) */
+  template<typename T, int N>
+  static inline int ecb_array_length (const T (&arr)[N])
+  {
+    return N;
+  }
+#else
+  #define ecb_array_length(name) (sizeof (name) / sizeof (name [0]))
+#endif
+
+ecb_function_ ecb_const uint32_t ecb_binary16_to_binary32 (uint32_t x);
+ecb_function_ ecb_const uint32_t
+ecb_binary16_to_binary32 (uint32_t x)
+{
+  unsigned int s = (x & 0x8000) << (31 - 15);
+  int          e = (x >> 10) & 0x001f;
+  unsigned int m =  x        & 0x03ff;
+
+  if (ecb_expect_false (e == 31))
+    /* infinity or NaN */
+    e = 255 - (127 - 15);
+  else if (ecb_expect_false (!e))
+    {
+      if (ecb_expect_true (!m))
+        /* zero, handled by code below by forcing e to 0 */
+        e = 0 - (127 - 15);
+      else
+        {
+          /* subnormal, renormalise */
+          unsigned int s = 10 - ecb_ld32 (m);
+
+          m = (m << s) & 0x3ff; /* mask implicit bit */
+          e -= s - 1;
+        }
+    }
+
+  /* e and m now are normalised, or zero, (or inf or nan) */
+  e += 127 - 15;
+
+  return s | (e << 23) | (m << (23 - 10));
+}
+
+ecb_function_ ecb_const uint16_t ecb_binary32_to_binary16 (uint32_t x);
+ecb_function_ ecb_const uint16_t
+ecb_binary32_to_binary16 (uint32_t x)
+{
+  unsigned int s =  (x >> 16) & 0x00008000; /* sign bit, the easy part */
+  unsigned int e = ((x >> 23) & 0x000000ff) - (127 - 15); /* the desired exponent */
+  unsigned int m =   x        & 0x007fffff;
+
+  x &= 0x7fffffff;
+
+  /* if it's within range of binary16 normals, use fast path */
+  if (ecb_expect_true (0x38800000 <= x && x <= 0x477fefff))
+    {
+      /* mantissa round-to-even */
+      m += 0x00000fff + ((m >> (23 - 10)) & 1);
+
+      /* handle overflow */
+      if (ecb_expect_false (m >= 0x00800000))
+        {
+          m >>= 1;
+          e +=  1;
+        }
+
+      return s | (e << 10) | (m >> (23 - 10));
+    }
+
+  /* handle large numbers and infinity */
+  if (ecb_expect_true (0x477fefff < x && x <= 0x7f800000))
+    return s | 0x7c00;
+
+  /* handle zero, subnormals and small numbers */
+  if (ecb_expect_true (x < 0x38800000))
+    {
+      /* zero */
+      if (ecb_expect_true (!x))
+        return s;
+
+      /* handle subnormals */
+
+      /* too small, will be zero */
+      if (e < (14 - 24)) /* might not be sharp, but is good enough */
+        return s;
+
+      m |= 0x00800000; /* make implicit bit explicit */
+
+      /* very tricky - we need to round to the nearest e (+10) bit value */
+      {
+        unsigned int bits = 14 - e;
+        unsigned int half = (1 << (bits - 1)) - 1;
+        unsigned int even = (m >> bits) & 1;
+
+        /* if this overflows, we will end up with a normalised number */
+        m = (m + half + even) >> bits;
+      }
+
+      return s | m;
+    }
+
+  /* handle NaNs, preserve leftmost nan bits, but make sure we don't turn them into infinities */
+  m >>= 13;
+
+  return s | 0x7c00 | m | !m;
+}
+
+/*******************************************************************************/
+/* floating point stuff, can be disabled by defining ECB_NO_LIBM */
+
+/* basically, everything uses "ieee pure-endian" floating point numbers */
+/* the only noteworthy exception is ancient armle, which uses order 43218765 */
+#if 0 \
+    || __i386 || __i386__ \
+    || ECB_GCC_AMD64 \
+    || __powerpc__ || __ppc__ || __powerpc64__ || __ppc64__ \
+    || defined __s390__ || defined __s390x__ \
+    || defined __mips__ \
+    || defined __alpha__ \
+    || defined __hppa__ \
+    || defined __ia64__ \
+    || defined __m68k__ \
+    || defined __m88k__ \
+    || defined __sh__ \
+    || defined _M_IX86 || defined ECB_MSVC_AMD64 || defined _M_IA64 \
+    || (defined __arm__ && (defined __ARM_EABI__ || defined __EABI__ || defined __VFP_FP__ || defined _WIN32_WCE || defined __ANDROID__)) \
+    || defined __aarch64__
+  #define ECB_STDFP 1
+  #include <string.h> /* for memcpy */
+#else
+  #define ECB_STDFP 0
+#endif
+
+#ifndef ECB_NO_LIBM
+
+  #include <math.h> /* for frexp*, ldexp*, INFINITY, NAN */
+
+  /* only the oldest of old doesn't have this one. solaris. */
+  #ifdef INFINITY
+    #define ECB_INFINITY INFINITY
+  #else
+    #define ECB_INFINITY HUGE_VAL
+  #endif
+
+  #ifdef NAN
+    #define ECB_NAN NAN
+  #else
+    #define ECB_NAN ECB_INFINITY
+  #endif
+
+  #if ECB_C99 || _XOPEN_VERSION >= 600 || _POSIX_VERSION >= 200112L
+    #define ecb_ldexpf(x,e) ldexpf ((x), (e))
+    #define ecb_frexpf(x,e) frexpf ((x), (e))
+  #else
+    #define ecb_ldexpf(x,e) (float) ldexp ((double) (x), (e))
+    #define ecb_frexpf(x,e) (float) frexp ((double) (x), (e))
+  #endif
+
+  /* convert a float to ieee single/binary32 */
+  ecb_function_ ecb_const uint32_t ecb_float_to_binary32 (float x);
+  ecb_function_ ecb_const uint32_t
+  ecb_float_to_binary32 (float x)
+  {
+    uint32_t r;
+
+    #if ECB_STDFP
+      memcpy (&r, &x, 4);
+    #else
+      /* slow emulation, works for anything but -0 */
+      uint32_t m;
+      int e;
+
+      if (x == 0e0f                    ) return 0x00000000U;
+      if (x > +3.40282346638528860e+38f) return 0x7f800000U;
+      if (x < -3.40282346638528860e+38f) return 0xff800000U;
+      if (x != x                       ) return 0x7fbfffffU;
+
+      m = ecb_frexpf (x, &e) * 0x1000000U;
+
+      r = m & 0x80000000U;
+
+      if (r)
+        m = -m;
+
+      if (e <= -126)
+        {
+          m &= 0xffffffU;
+          m >>= (-125 - e);
+          e = -126;
+        }
+
+      r |= (e + 126) << 23;
+      r |= m & 0x7fffffU;
+    #endif
+
+    return r;
+  }
+
+  /* converts an ieee single/binary32 to a float */
+  ecb_function_ ecb_const float ecb_binary32_to_float (uint32_t x);
+  ecb_function_ ecb_const float
+  ecb_binary32_to_float (uint32_t x)
+  {
+    float r;
+
+    #if ECB_STDFP
+      memcpy (&r, &x, 4);
+    #else
+      /* emulation, only works for normals and subnormals and +0 */
+      int neg = x >> 31;
+      int e = (x >> 23) & 0xffU;
+
+      x &= 0x7fffffU;
+
+      if (e)
+        x |= 0x800000U;
+      else
+        e = 1;
+
+      /* we distrust ldexpf a bit and do the 2**-24 scaling by an extra multiply */
+      r = ecb_ldexpf (x * (0.5f / 0x800000U), e - 126);
+
+      r = neg ? -r : r;
+    #endif
+
+    return r;
+  }
+
+  /* convert a double to ieee double/binary64 */
+  ecb_function_ ecb_const uint64_t ecb_double_to_binary64 (double x);
+  ecb_function_ ecb_const uint64_t
+  ecb_double_to_binary64 (double x)
+  {
+    uint64_t r;
+
+    #if ECB_STDFP
+      memcpy (&r, &x, 8);
+    #else
+      /* slow emulation, works for anything but -0 */
+      uint64_t m;
+      int e;
+
+      if (x == 0e0                     ) return 0x0000000000000000U;
+      if (x > +1.79769313486231470e+308) return 0x7ff0000000000000U;
+      if (x < -1.79769313486231470e+308) return 0xfff0000000000000U;
+      if (x != x                       ) return 0X7ff7ffffffffffffU;
+
+      m = frexp (x, &e) * 0x20000000000000U;
+
+      r = m & 0x8000000000000000;;
+
+      if (r)
+        m = -m;
+
+      if (e <= -1022)
+        {
+          m &= 0x1fffffffffffffU;
+          m >>= (-1021 - e);
+          e = -1022;
+        }
+
+      r |= ((uint64_t)(e + 1022)) << 52;
+      r |= m & 0xfffffffffffffU;
+    #endif
+
+    return r;
+  }
+
+  /* converts an ieee double/binary64 to a double */
+  ecb_function_ ecb_const double ecb_binary64_to_double (uint64_t x);
+  ecb_function_ ecb_const double
+  ecb_binary64_to_double (uint64_t x)
+  {
+    double r;
+
+    #if ECB_STDFP
+      memcpy (&r, &x, 8);
+    #else
+      /* emulation, only works for normals and subnormals and +0 */
+      int neg = x >> 63;
+      int e = (x >> 52) & 0x7ffU;
+
+      x &= 0xfffffffffffffU;
+
+      if (e)
+        x |= 0x10000000000000U;
+      else
+        e = 1;
+
+      /* we distrust ldexp a bit and do the 2**-53 scaling by an extra multiply */
+      r = ldexp (x * (0.5 / 0x10000000000000U), e - 1022);
+
+      r = neg ? -r : r;
+    #endif
+
+    return r;
+  }
+
+  /* convert a float to ieee half/binary16 */
+  ecb_function_ ecb_const uint16_t ecb_float_to_binary16 (float x);
+  ecb_function_ ecb_const uint16_t
+  ecb_float_to_binary16 (float x)
+  {
+    return ecb_binary32_to_binary16 (ecb_float_to_binary32 (x));
+  }
+
+  /* convert an ieee half/binary16 to float */
+  ecb_function_ ecb_const float ecb_binary16_to_float (uint16_t x);
+  ecb_function_ ecb_const float
+  ecb_binary16_to_float (uint16_t x)
+  {
+    return ecb_binary32_to_float (ecb_binary16_to_binary32 (x));
+  }
+
+#endif
+
+#endif
+
+/* ECB.H END */
+
+#if ECB_MEMORY_FENCE_NEEDS_PTHREADS
+/* if your architecture doesn't need memory fences, e.g. because it is
+ * single-cpu/core, or if you use libev in a project that doesn't use libev
+ * from multiple threads, then you can define ECB_AVOID_PTHREADS when compiling
+ * libev, in which cases the memory fences become nops.
+ * alternatively, you can remove this #error and link against libpthread,
+ * which will then provide the memory fences.
+ */
+/*
+ * krb5 change: per the comment below, we are allowing pthreads on platforms
+ * which are too old to have better memory thead support, as is the case on
+ * older Solaris versions.
+ */
+#if 0
+# error "memory fences not defined for your architecture, please report"
+#endif
+#endif
+
+#ifndef ECB_MEMORY_FENCE
+# define ECB_MEMORY_FENCE do { } while (0)
+# define ECB_MEMORY_FENCE_ACQUIRE ECB_MEMORY_FENCE
+# define ECB_MEMORY_FENCE_RELEASE ECB_MEMORY_FENCE
+#endif
+
+#define expect_false(cond) ecb_expect_false (cond)
+#define expect_true(cond)  ecb_expect_true  (cond)
+#define noinline           ecb_noinline
+
+#define inline_size        ecb_inline
+
+#if EV_FEATURE_CODE
+# define inline_speed      ecb_inline
+#else
+# define inline_speed      static noinline
+#endif
+
+#define NUMPRI (EV_MAXPRI - EV_MINPRI + 1)
+
+#if EV_MINPRI == EV_MAXPRI
+# define ABSPRI(w) (((W)w), 0)
+#else
+# define ABSPRI(w) (((W)w)->priority - EV_MINPRI)
+#endif
+
+#define EMPTY       /* required for microsofts broken pseudo-c compiler */
+#define EMPTY2(a,b) /* used to suppress some warnings */
+
+typedef ev_watcher *W;
+typedef ev_watcher_list *WL;
+typedef ev_watcher_time *WT;
+
+#define ev_active(w) ((W)(w))->active
+#define ev_at(w) ((WT)(w))->at
+
+#if EV_USE_REALTIME
+/* sig_atomic_t is used to avoid per-thread variables or locking but still */
+/* giving it a reasonably high chance of working on typical architectures */
+static EV_ATOMIC_T have_realtime; /* did clock_gettime (CLOCK_REALTIME) work? */
+#endif
+
+#if EV_USE_MONOTONIC
+static EV_ATOMIC_T have_monotonic; /* did clock_gettime (CLOCK_MONOTONIC) work? */
+#endif
+
+#ifndef EV_FD_TO_WIN32_HANDLE
+# define EV_FD_TO_WIN32_HANDLE(fd) _get_osfhandle (fd)
+#endif
+#ifndef EV_WIN32_HANDLE_TO_FD
+# define EV_WIN32_HANDLE_TO_FD(handle) _open_osfhandle (handle, 0)
+#endif
+#ifndef EV_WIN32_CLOSE_FD
+# define EV_WIN32_CLOSE_FD(fd) close (fd)
+#endif
+
+#ifdef _WIN32
+# include "ev_win32.c"
+#endif
+
+/*****************************************************************************/
+
+/* define a suitable floor function (only used by periodics atm) */
+
+#if EV_USE_FLOOR
+# include <math.h>
+# define ev_floor(v) floor (v)
+#else
+
+#include <float.h>
+
+/* a floor() replacement function, should be independent of ev_tstamp type */
+static ev_tstamp noinline
+ev_floor (ev_tstamp v)
+{
+  /* the choice of shift factor is not terribly important */
+#if FLT_RADIX != 2 /* assume FLT_RADIX == 10 */
+  const ev_tstamp shift = sizeof (unsigned long) >= 8 ? 10000000000000000000. : 1000000000.;
+#else
+  const ev_tstamp shift = sizeof (unsigned long) >= 8 ? 18446744073709551616. : 4294967296.;
+#endif
+
+  /* argument too large for an unsigned long? */
+  if (expect_false (v >= shift))
+    {
+      ev_tstamp f;
+
+      if (v == v - 1.)
+        return v; /* very large number */
+
+      f = shift * ev_floor (v * (1. / shift));
+      return f + ev_floor (v - f);
+    }
+
+  /* special treatment for negative args? */
+  if (expect_false (v < 0.))
+    {
+      ev_tstamp f = -ev_floor (-v);
+
+      return f - (f == v ? 0 : 1);
+    }
+
+  /* fits into an unsigned long */
+  return (unsigned long)v;
+}
+
+#endif
+
+/*****************************************************************************/
+
+#ifdef __linux
+# include <sys/utsname.h>
+#endif
+
+static unsigned int noinline ecb_cold
+ev_linux_version (void)
+{
+#ifdef __linux
+  unsigned int v = 0;
+  struct utsname buf;
+  int i;
+  char *p = buf.release;
+
+  if (uname (&buf))
+    return 0;
+
+  for (i = 3+1; --i; )
+    {
+      unsigned int c = 0;
+
+      for (;;)
+        {
+          if (*p >= '0' && *p <= '9')
+            c = c * 10 + *p++ - '0';
+          else
+            {
+              p += *p == '.';
+              break;
+            }
+        }
+
+      v = (v << 8) | c;
+    }
+
+  return v;
+#else
+  return 0;
+#endif
+}
+
+/*****************************************************************************/
+
+#if EV_AVOID_STDIO
+static void noinline ecb_cold
+ev_printerr (const char *msg)
+{
+  write (STDERR_FILENO, msg, strlen (msg));
+}
+#endif
+
+static void (*syserr_cb)(const char *msg) EV_THROW;
+
+void ecb_cold
+ev_set_syserr_cb (void (*cb)(const char *msg) EV_THROW) EV_THROW
+{
+  syserr_cb = cb;
+}
+
+static void noinline ecb_cold
+ev_syserr (const char *msg)
+{
+  if (!msg)
+    msg = "(libev) system error";
+
+  if (syserr_cb)
+    syserr_cb (msg);
+  else
+    {
+#if EV_AVOID_STDIO
+      ev_printerr (msg);
+      ev_printerr (": ");
+      ev_printerr (strerror (errno));
+      ev_printerr ("\n");
+#else
+      perror (msg);
+#endif
+      abort ();
+    }
+}
+
+static void *
+ev_realloc_emul (void *ptr, long size) EV_THROW
+{
+  /* some systems, notably openbsd and darwin, fail to properly
+   * implement realloc (x, 0) (as required by both ansi c-89 and
+   * the single unix specification, so work around them here.
+   * recently, also (at least) fedora and debian started breaking it,
+   * despite documenting it otherwise.
+   */
+
+  if (size)
+    return realloc (ptr, size);
+
+  free (ptr);
+  return 0;
+}
+
+static void *(*alloc)(void *ptr, long size) EV_THROW = ev_realloc_emul;
+
+void ecb_cold
+ev_set_allocator (void *(*cb)(void *ptr, long size) EV_THROW) EV_THROW
+{
+  alloc = cb;
+}
+
+inline_speed void *
+ev_realloc (void *ptr, long size)
+{
+  ptr = alloc (ptr, size);
+
+  if (!ptr && size)
+    {
+#if EV_AVOID_STDIO
+      ev_printerr ("(libev) memory allocation failed, aborting.\n");
+#else
+      fprintf (stderr, "(libev) cannot allocate %ld bytes, aborting.", size);
+#endif
+      abort ();
+    }
+
+  return ptr;
+}
+
+#define ev_malloc(size) ev_realloc (0, (size))
+#define ev_free(ptr)    ev_realloc ((ptr), 0)
+
+/*****************************************************************************/
+
+/* set in reify when reification needed */
+#define EV_ANFD_REIFY 1
+
+/* file descriptor info structure */
+typedef struct
+{
+  WL head;
+  unsigned char events; /* the events watched for */
+  unsigned char reify;  /* flag set when this ANFD needs reification (EV_ANFD_REIFY, EV__IOFDSET) */
+  unsigned char emask;  /* the epoll backend stores the actual kernel mask in here */
+  unsigned char unused;
+#if EV_USE_EPOLL
+  unsigned int egen;    /* generation counter to counter epoll bugs */
+#endif
+#if EV_SELECT_IS_WINSOCKET || EV_USE_IOCP
+  SOCKET handle;
+#endif
+#if EV_USE_IOCP
+  OVERLAPPED or, ow;
+#endif
+} ANFD;
+
+/* stores the pending event set for a given watcher */
+typedef struct
+{
+  W w;
+  int events; /* the pending event set for the given watcher */
+} ANPENDING;
+
+#if EV_USE_INOTIFY
+/* hash table entry per inotify-id */
+typedef struct
+{
+  WL head;
+} ANFS;
+#endif
+
+/* Heap Entry */
+#if EV_HEAP_CACHE_AT
+  /* a heap element */
+  typedef struct {
+    ev_tstamp at;
+    WT w;
+  } ANHE;
+
+  #define ANHE_w(he)        (he).w     /* access watcher, read-write */
+  #define ANHE_at(he)       (he).at    /* access cached at, read-only */
+  #define ANHE_at_cache(he) (he).at = (he).w->at /* update at from watcher */
+#else
+  /* a heap element */
+  typedef WT ANHE;
+
+  #define ANHE_w(he)        (he)
+  #define ANHE_at(he)       (he)->at
+  #define ANHE_at_cache(he)
+#endif
+
+#if EV_MULTIPLICITY
+
+  struct ev_loop
+  {
+    ev_tstamp ev_rt_now;
+    #define ev_rt_now ((loop)->ev_rt_now)
+    #define VAR(name,decl) decl;
+      #include "ev_vars.h"
+    #undef VAR
+  };
+  #include "ev_wrap.h"
+
+  static struct ev_loop default_loop_struct;
+  EV_API_DECL struct ev_loop *ev_default_loop_ptr = 0; /* needs to be initialised to make it a definition despite extern */
+
+#else
+
+  EV_API_DECL ev_tstamp ev_rt_now = 0; /* needs to be initialised to make it a definition despite extern */
+  #define VAR(name,decl) static decl;
+    #include "ev_vars.h"
+  #undef VAR
+
+  static int ev_default_loop_ptr;
+
+#endif
+
+#if EV_FEATURE_API
+# define EV_RELEASE_CB if (expect_false (release_cb)) release_cb (EV_A)
+# define EV_ACQUIRE_CB if (expect_false (acquire_cb)) acquire_cb (EV_A)
+# define EV_INVOKE_PENDING invoke_cb (EV_A)
+#else
+# define EV_RELEASE_CB (void)0
+# define EV_ACQUIRE_CB (void)0
+# define EV_INVOKE_PENDING ev_invoke_pending (EV_A)
+#endif
+
+#define EVBREAK_RECURSE 0x80
+
+/*****************************************************************************/
+
+#ifndef EV_HAVE_EV_TIME
+ev_tstamp
+ev_time (void) EV_THROW
+{
+#if EV_USE_REALTIME
+  if (expect_true (have_realtime))
+    {
+      struct timespec ts;
+      clock_gettime (CLOCK_REALTIME, &ts);
+      return ts.tv_sec + ts.tv_nsec * 1e-9;
+    }
+#endif
+
+  struct timeval tv;
+  gettimeofday (&tv, 0);
+  return tv.tv_sec + tv.tv_usec * 1e-6;
+}
+#endif
+
+inline_size ev_tstamp
+get_clock (void)
+{
+#if EV_USE_MONOTONIC
+  if (expect_true (have_monotonic))
+    {
+      struct timespec ts;
+      clock_gettime (CLOCK_MONOTONIC, &ts);
+      return ts.tv_sec + ts.tv_nsec * 1e-9;
+    }
+#endif
+
+  return ev_time ();
+}
+
+#if EV_MULTIPLICITY
+ev_tstamp
+ev_now (EV_P) EV_THROW
+{
+  return ev_rt_now;
+}
+#endif
+
+void
+ev_sleep (ev_tstamp delay) EV_THROW
+{
+  if (delay > 0.)
+    {
+#if EV_USE_NANOSLEEP
+      struct timespec ts;
+
+      EV_TS_SET (ts, delay);
+      nanosleep (&ts, 0);
+#elif defined _WIN32
+      Sleep ((unsigned long)(delay * 1e3));
+#else
+      struct timeval tv;
+
+      /* here we rely on sys/time.h + sys/types.h + unistd.h providing select */
+      /* something not guaranteed by newer posix versions, but guaranteed */
+      /* by older ones */
+      EV_TV_SET (tv, delay);
+      select (0, 0, 0, 0, &tv);
+#endif
+    }
+}
+
+/*****************************************************************************/
+
+#define MALLOC_ROUND 4096 /* prefer to allocate in chunks of this size, must be 2**n and >> 4 longs */
+
+/* find a suitable new size for the given array, */
+/* hopefully by rounding to a nice-to-malloc size */
+inline_size int
+array_nextsize (int elem, int cur, int cnt)
+{
+  int ncur = cur + 1;
+
+  do
+    ncur <<= 1;
+  while (cnt > ncur);
+
+  /* if size is large, round to MALLOC_ROUND - 4 * longs to accommodate malloc overhead */
+  if (elem * ncur > MALLOC_ROUND - sizeof (void *) * 4)
+    {
+      ncur *= elem;
+      ncur = (ncur + elem + (MALLOC_ROUND - 1) + sizeof (void *) * 4) & ~(MALLOC_ROUND - 1);
+      ncur = ncur - sizeof (void *) * 4;
+      ncur /= elem;
+    }
+
+  return ncur;
+}
+
+static void * noinline ecb_cold
+array_realloc (int elem, void *base, int *cur, int cnt)
+{
+  *cur = array_nextsize (elem, *cur, cnt);
+  return ev_realloc (base, elem * *cur);
+}
+
+#define array_init_zero(base,count)	\
+  memset ((void *)(base), 0, sizeof (*(base)) * (count))
+
+#define array_needsize(type,base,cur,cnt,init)			\
+  if (expect_false ((cnt) > (cur)))				\
+    {								\
+      int ecb_unused ocur_ = (cur);					\
+      (base) = (type *)array_realloc				\
+         (sizeof (type), (base), &(cur), (cnt));		\
+      init ((base) + (ocur_), (cur) - ocur_);			\
+    }
+
+#if 0
+#define array_slim(type,stem)					\
+  if (stem ## max < array_roundsize (stem ## cnt >> 2))		\
+    {								\
+      stem ## max = array_roundsize (stem ## cnt >> 1);		\
+      base = (type *)ev_realloc (base, sizeof (type) * (stem ## max));\
+      fprintf (stderr, "slimmed down " # stem " to %d\n", stem ## max);/*D*/\
+    }
+#endif
+
+#define array_free(stem, idx) \
+  ev_free (stem ## s idx); stem ## cnt idx = stem ## max idx = 0; stem ## s idx = 0
+
+/*****************************************************************************/
+
+/* dummy callback for pending events */
+static void noinline
+pendingcb (EV_P_ ev_prepare *w, int revents)
+{
+}
+
+void noinline
+ev_feed_event (EV_P_ void *w, int revents) EV_THROW
+{
+  W w_ = (W)w;
+  int pri = ABSPRI (w_);
+
+  if (expect_false (w_->pending))
+    pendings [pri][w_->pending - 1].events |= revents;
+  else
+    {
+      w_->pending = ++pendingcnt [pri];
+      array_needsize (ANPENDING, pendings [pri], pendingmax [pri], w_->pending, EMPTY2);
+      pendings [pri][w_->pending - 1].w      = w_;
+      pendings [pri][w_->pending - 1].events = revents;
+    }
+
+  pendingpri = NUMPRI - 1;
+}
+
+inline_speed void
+feed_reverse (EV_P_ W w)
+{
+  array_needsize (W, rfeeds, rfeedmax, rfeedcnt + 1, EMPTY2);
+  rfeeds [rfeedcnt++] = w;
+}
+
+inline_size void
+feed_reverse_done (EV_P_ int revents)
+{
+  do
+    ev_feed_event (EV_A_ rfeeds [--rfeedcnt], revents);
+  while (rfeedcnt);
+}
+
+inline_speed void
+queue_events (EV_P_ W *events, int eventcnt, int type)
+{
+  int i;
+
+  for (i = 0; i < eventcnt; ++i)
+    ev_feed_event (EV_A_ events [i], type);
+}
+
+/*****************************************************************************/
+
+inline_speed void
+fd_event_nocheck (EV_P_ int fd, int revents)
+{
+  ANFD *anfd = anfds + fd;
+  ev_io *w;
+
+  for (w = (ev_io *)anfd->head; w; w = (ev_io *)((WL)w)->next)
+    {
+      int ev = w->events & revents;
+
+      if (ev)
+        ev_feed_event (EV_A_ (W)w, ev);
+    }
+}
+
+/* do not submit kernel events for fds that have reify set */
+/* because that means they changed while we were polling for new events */
+inline_speed void
+fd_event (EV_P_ int fd, int revents)
+{
+  ANFD *anfd = anfds + fd;
+
+  if (expect_true (!anfd->reify))
+    fd_event_nocheck (EV_A_ fd, revents);
+}
+
+void
+ev_feed_fd_event (EV_P_ int fd, int revents) EV_THROW
+{
+  if (fd >= 0 && fd < anfdmax)
+    fd_event_nocheck (EV_A_ fd, revents);
+}
+
+/* make sure the external fd watch events are in-sync */
+/* with the kernel/libev internal state */
+inline_size void
+fd_reify (EV_P)
+{
+  int i;
+
+#if EV_SELECT_IS_WINSOCKET || EV_USE_IOCP
+  for (i = 0; i < fdchangecnt; ++i)
+    {
+      int fd = fdchanges [i];
+      ANFD *anfd = anfds + fd;
+
+      if (anfd->reify & EV__IOFDSET && anfd->head)
+        {
+          SOCKET handle = EV_FD_TO_WIN32_HANDLE (fd);
+
+          if (handle != anfd->handle)
+            {
+              unsigned long arg;
+
+              assert (("libev: only socket fds supported in this configuration", ioctlsocket (handle, FIONREAD, &arg) == 0));
+
+              /* handle changed, but fd didn't - we need to do it in two steps */
+              backend_modify (EV_A_ fd, anfd->events, 0);
+              anfd->events = 0;
+              anfd->handle = handle;
+            }
+        }
+    }
+#endif
+
+  for (i = 0; i < fdchangecnt; ++i)
+    {
+      int fd = fdchanges [i];
+      ANFD *anfd = anfds + fd;
+      ev_io *w;
+
+      unsigned char o_events = anfd->events;
+      unsigned char o_reify  = anfd->reify;
+
+      anfd->reify  = 0;
+
+      /*if (expect_true (o_reify & EV_ANFD_REIFY)) probably a deoptimisation */
+        {
+          anfd->events = 0;
+
+          for (w = (ev_io *)anfd->head; w; w = (ev_io *)((WL)w)->next)
+            anfd->events |= (unsigned char)w->events;
+
+          if (o_events != anfd->events)
+            o_reify = EV__IOFDSET; /* actually |= */
+        }
+
+      if (o_reify & EV__IOFDSET)
+        backend_modify (EV_A_ fd, o_events, anfd->events);
+    }
+
+  fdchangecnt = 0;
+}
+
+/* something about the given fd changed */
+inline_size void
+fd_change (EV_P_ int fd, int flags)
+{
+  unsigned char reify = anfds [fd].reify;
+  anfds [fd].reify |= flags;
+
+  if (expect_true (!reify))
+    {
+      ++fdchangecnt;
+      array_needsize (int, fdchanges, fdchangemax, fdchangecnt, EMPTY2);
+      fdchanges [fdchangecnt - 1] = fd;
+    }
+}
+
+/* the given fd is invalid/unusable, so make sure it doesn't hurt us anymore */
+inline_speed void ecb_cold
+fd_kill (EV_P_ int fd)
+{
+  ev_io *w;
+
+  while ((w = (ev_io *)anfds [fd].head))
+    {
+      ev_io_stop (EV_A_ w);
+      ev_feed_event (EV_A_ (W)w, EV_ERROR | EV_READ | EV_WRITE);
+    }
+}
+
+/* check whether the given fd is actually valid, for error recovery */
+inline_size int ecb_cold
+fd_valid (int fd)
+{
+#ifdef _WIN32
+  return EV_FD_TO_WIN32_HANDLE (fd) != -1;
+#else
+  return fcntl (fd, F_GETFD) != -1;
+#endif
+}
+
+/* called on EBADF to verify fds */
+static void noinline ecb_cold
+fd_ebadf (EV_P)
+{
+  int fd;
+
+  for (fd = 0; fd < anfdmax; ++fd)
+    if (anfds [fd].events)
+      if (!fd_valid (fd) && errno == EBADF)
+        fd_kill (EV_A_ fd);
+}
+
+/* called on ENOMEM in select/poll to kill some fds and retry */
+static void noinline ecb_cold
+fd_enomem (EV_P)
+{
+  int fd;
+
+  for (fd = anfdmax; fd--; )
+    if (anfds [fd].events)
+      {
+        fd_kill (EV_A_ fd);
+        break;
+      }
+}
+
+/* usually called after fork if backend needs to re-arm all fds from scratch */
+static void noinline
+fd_rearm_all (EV_P)
+{
+  int fd;
+
+  for (fd = 0; fd < anfdmax; ++fd)
+    if (anfds [fd].events)
+      {
+        anfds [fd].events = 0;
+        anfds [fd].emask  = 0;
+        fd_change (EV_A_ fd, EV__IOFDSET | EV_ANFD_REIFY);
+      }
+}
+
+/* used to prepare libev internal fd's */
+/* this is not fork-safe */
+inline_speed void
+fd_intern (int fd)
+{
+#ifdef _WIN32
+  unsigned long arg = 1;
+  ioctlsocket (EV_FD_TO_WIN32_HANDLE (fd), FIONBIO, &arg);
+#else
+  fcntl (fd, F_SETFD, FD_CLOEXEC);
+  fcntl (fd, F_SETFL, O_NONBLOCK);
+#endif
+}
+
+/*****************************************************************************/
+
+/*
+ * the heap functions want a real array index. array index 0 is guaranteed to not
+ * be in-use at any time. the first heap entry is at array [HEAP0]. DHEAP gives
+ * the branching factor of the d-tree.
+ */
+
+/*
+ * at the moment we allow libev the luxury of two heaps,
+ * a small-code-size 2-heap one and a ~1.5kb larger 4-heap
+ * which is more cache-efficient.
+ * the difference is about 5% with 50000+ watchers.
+ */
+#if EV_USE_4HEAP
+
+#define DHEAP 4
+#define HEAP0 (DHEAP - 1) /* index of first element in heap */
+#define HPARENT(k) ((((k) - HEAP0 - 1) / DHEAP) + HEAP0)
+#define UPHEAP_DONE(p,k) ((p) == (k))
+
+/* away from the root */
+inline_speed void
+downheap (ANHE *heap, int N, int k)
+{
+  ANHE he = heap [k];
+  ANHE *E = heap + N + HEAP0;
+
+  for (;;)
+    {
+      ev_tstamp minat;
+      ANHE *minpos;
+      ANHE *pos = heap + DHEAP * (k - HEAP0) + HEAP0 + 1;
+
+      /* find minimum child */
+      if (expect_true (pos + DHEAP - 1 < E))
+        {
+          /* fast path */                               (minpos = pos + 0), (minat = ANHE_at (*minpos));
+          if (               ANHE_at (pos [1]) < minat) (minpos = pos + 1), (minat = ANHE_at (*minpos));
+          if (               ANHE_at (pos [2]) < minat) (minpos = pos + 2), (minat = ANHE_at (*minpos));
+          if (               ANHE_at (pos [3]) < minat) (minpos = pos + 3), (minat = ANHE_at (*minpos));
+        }
+      else if (pos < E)
+        {
+          /* slow path */                               (minpos = pos + 0), (minat = ANHE_at (*minpos));
+          if (pos + 1 < E && ANHE_at (pos [1]) < minat) (minpos = pos + 1), (minat = ANHE_at (*minpos));
+          if (pos + 2 < E && ANHE_at (pos [2]) < minat) (minpos = pos + 2), (minat = ANHE_at (*minpos));
+          if (pos + 3 < E && ANHE_at (pos [3]) < minat) (minpos = pos + 3), (minat = ANHE_at (*minpos));
+        }
+      else
+        break;
+
+      if (ANHE_at (he) <= minat)
+        break;
+
+      heap [k] = *minpos;
+      ev_active (ANHE_w (*minpos)) = k;
+
+      k = minpos - heap;
+    }
+
+  heap [k] = he;
+  ev_active (ANHE_w (he)) = k;
+}
+
+#else /* 4HEAP */
+
+#define HEAP0 1
+#define HPARENT(k) ((k) >> 1)
+#define UPHEAP_DONE(p,k) (!(p))
+
+/* away from the root */
+inline_speed void
+downheap (ANHE *heap, int N, int k)
+{
+  ANHE he = heap [k];
+
+  for (;;)
+    {
+      int c = k << 1;
+
+      if (c >= N + HEAP0)
+        break;
+
+      c += c + 1 < N + HEAP0 && ANHE_at (heap [c]) > ANHE_at (heap [c + 1])
+           ? 1 : 0;
+
+      if (ANHE_at (he) <= ANHE_at (heap [c]))
+        break;
+
+      heap [k] = heap [c];
+      ev_active (ANHE_w (heap [k])) = k;
+      
+      k = c;
+    }
+
+  heap [k] = he;
+  ev_active (ANHE_w (he)) = k;
+}
+#endif
+
+/* towards the root */
+inline_speed void
+upheap (ANHE *heap, int k)
+{
+  ANHE he = heap [k];
+
+  for (;;)
+    {
+      int p = HPARENT (k);
+
+      if (UPHEAP_DONE (p, k) || ANHE_at (heap [p]) <= ANHE_at (he))
+        break;
+
+      heap [k] = heap [p];
+      ev_active (ANHE_w (heap [k])) = k;
+      k = p;
+    }
+
+  heap [k] = he;
+  ev_active (ANHE_w (he)) = k;
+}
+
+/* move an element suitably so it is in a correct place */
+inline_size void
+adjustheap (ANHE *heap, int N, int k)
+{
+  if (k > HEAP0 && ANHE_at (heap [k]) <= ANHE_at (heap [HPARENT (k)]))
+    upheap (heap, k);
+  else
+    downheap (heap, N, k);
+}
+
+/* rebuild the heap: this function is used only once and executed rarely */
+inline_size void
+reheap (ANHE *heap, int N)
+{
+  int i;
+
+  /* we don't use floyds algorithm, upheap is simpler and is more cache-efficient */
+  /* also, this is easy to implement and correct for both 2-heaps and 4-heaps */
+  for (i = 0; i < N; ++i)
+    upheap (heap, i + HEAP0);
+}
+
+/*****************************************************************************/
+
+/* associate signal watchers to a signal signal */
+typedef struct
+{
+  EV_ATOMIC_T pending;
+#if EV_MULTIPLICITY
+  EV_P;
+#endif
+  WL head;
+} ANSIG;
+
+static ANSIG signals [EV_NSIG - 1];
+
+/*****************************************************************************/
+
+#if EV_SIGNAL_ENABLE || EV_ASYNC_ENABLE
+
+static void noinline ecb_cold
+evpipe_init (EV_P)
+{
+  if (!ev_is_active (&pipe_w))
+    {
+      int fds [2];
+
+# if EV_USE_EVENTFD
+      fds [0] = -1;
+      fds [1] = eventfd (0, EFD_NONBLOCK | EFD_CLOEXEC);
+      if (fds [1] < 0 && errno == EINVAL)
+        fds [1] = eventfd (0, 0);
+
+      if (fds [1] < 0)
+# endif
+        {
+          while (pipe (fds))
+            ev_syserr ("(libev) error creating signal/async pipe");
+
+          fd_intern (fds [0]);
+        }
+
+      evpipe [0] = fds [0];
+
+      if (evpipe [1] < 0)
+        evpipe [1] = fds [1]; /* first call, set write fd */
+      else
+        {
+          /* on subsequent calls, do not change evpipe [1] */
+          /* so that evpipe_write can always rely on its value. */
+          /* this branch does not do anything sensible on windows, */
+          /* so must not be executed on windows */
+
+          dup2 (fds [1], evpipe [1]);
+          close (fds [1]);
+        }
+
+      fd_intern (evpipe [1]);
+
+      ev_io_set (&pipe_w, evpipe [0] < 0 ? evpipe [1] : evpipe [0], EV_READ);
+      ev_io_start (EV_A_ &pipe_w);
+      ev_unref (EV_A); /* watcher should not keep loop alive */
+    }
+}
+
+inline_speed void
+evpipe_write (EV_P_ EV_ATOMIC_T *flag)
+{
+  ECB_MEMORY_FENCE; /* push out the write before this function was called, acquire flag */
+
+  if (expect_true (*flag))
+    return;
+
+  *flag = 1;
+  ECB_MEMORY_FENCE_RELEASE; /* make sure flag is visible before the wakeup */
+
+  pipe_write_skipped = 1;
+
+  ECB_MEMORY_FENCE; /* make sure pipe_write_skipped is visible before we check pipe_write_wanted */
+
+  if (pipe_write_wanted)
+    {
+      int old_errno;
+
+      pipe_write_skipped = 0;
+      ECB_MEMORY_FENCE_RELEASE;
+
+      old_errno = errno; /* save errno because write will clobber it */
+
+#if EV_USE_EVENTFD
+      if (evpipe [0] < 0)
+        {
+          uint64_t counter = 1;
+          write (evpipe [1], &counter, sizeof (uint64_t));
+        }
+      else
+#endif
+        {
+#ifdef _WIN32
+          WSABUF buf;
+          DWORD sent;
+          buf.buf = &buf;
+          buf.len = 1;
+          WSASend (EV_FD_TO_WIN32_HANDLE (evpipe [1]), &buf, 1, &sent, 0, 0, 0);
+#else
+          write (evpipe [1], &(evpipe [1]), 1);
+#endif
+        }
+
+      errno = old_errno;
+    }
+}
+
+/* called whenever the libev signal pipe */
+/* got some events (signal, async) */
+static void
+pipecb (EV_P_ ev_io *iow, int revents)
+{
+  int i;
+
+  if (revents & EV_READ)
+    {
+#if EV_USE_EVENTFD
+      if (evpipe [0] < 0)
+        {
+          uint64_t counter;
+          read (evpipe [1], &counter, sizeof (uint64_t));
+        }
+      else
+#endif
+        {
+          char dummy[4];
+#ifdef _WIN32
+          WSABUF buf;
+          DWORD recvd;
+          DWORD flags = 0;
+          buf.buf = dummy;
+          buf.len = sizeof (dummy);
+          WSARecv (EV_FD_TO_WIN32_HANDLE (evpipe [0]), &buf, 1, &recvd, &flags, 0, 0);
+#else
+          read (evpipe [0], &dummy, sizeof (dummy));
+#endif
+        }
+    }
+
+  pipe_write_skipped = 0;
+
+  ECB_MEMORY_FENCE; /* push out skipped, acquire flags */
+
+#if EV_SIGNAL_ENABLE
+  if (sig_pending)
+    {
+      sig_pending = 0;
+
+      ECB_MEMORY_FENCE;
+
+      for (i = EV_NSIG - 1; i--; )
+        if (expect_false (signals [i].pending))
+          ev_feed_signal_event (EV_A_ i + 1);
+    }
+#endif
+
+#if EV_ASYNC_ENABLE
+  if (async_pending)
+    {
+      async_pending = 0;
+
+      ECB_MEMORY_FENCE;
+
+      for (i = asynccnt; i--; )
+        if (asyncs [i]->sent)
+          {
+            asyncs [i]->sent = 0;
+            ECB_MEMORY_FENCE_RELEASE;
+            ev_feed_event (EV_A_ asyncs [i], EV_ASYNC);
+          }
+    }
+#endif
+}
+
+/*****************************************************************************/
+
+void
+ev_feed_signal (int signum) EV_THROW
+{
+#if EV_MULTIPLICITY
+  EV_P;
+  ECB_MEMORY_FENCE_ACQUIRE;
+  EV_A = signals [signum - 1].loop;
+
+  if (!EV_A)
+    return;
+#endif
+
+  signals [signum - 1].pending = 1;
+  evpipe_write (EV_A_ &sig_pending);
+}
+
+static void
+ev_sighandler (int signum)
+{
+#ifdef _WIN32
+  signal (signum, ev_sighandler);
+#endif
+
+  ev_feed_signal (signum);
+}
+
+void noinline
+ev_feed_signal_event (EV_P_ int signum) EV_THROW
+{
+  WL w;
+
+  if (expect_false (signum <= 0 || signum >= EV_NSIG))
+    return;
+
+  --signum;
+
+#if EV_MULTIPLICITY
+  /* it is permissible to try to feed a signal to the wrong loop */
+  /* or, likely more useful, feeding a signal nobody is waiting for */
+
+  if (expect_false (signals [signum].loop != EV_A))
+    return;
+#endif
+
+  signals [signum].pending = 0;
+  ECB_MEMORY_FENCE_RELEASE;
+
+  for (w = signals [signum].head; w; w = w->next)
+    ev_feed_event (EV_A_ (W)w, EV_SIGNAL);
+}
+
+#if EV_USE_SIGNALFD
+static void
+sigfdcb (EV_P_ ev_io *iow, int revents)
+{
+  struct signalfd_siginfo si[2], *sip; /* these structs are big */
+
+  for (;;)
+    {
+      ssize_t res = read (sigfd, si, sizeof (si));
+
+      /* not ISO-C, as res might be -1, but works with SuS */
+      for (sip = si; (char *)sip < (char *)si + res; ++sip)
+        ev_feed_signal_event (EV_A_ sip->ssi_signo);
+
+      if (res < (ssize_t)sizeof (si))
+        break;
+    }
+}
+#endif
+
+#endif
+
+/*****************************************************************************/
+
+#if EV_CHILD_ENABLE
+static WL childs [EV_PID_HASHSIZE];
+
+static ev_signal childev;
+
+#ifndef WIFCONTINUED
+# define WIFCONTINUED(status) 0
+#endif
+
+/* handle a single child status event */
+inline_speed void
+child_reap (EV_P_ int chain, int pid, int status)
+{
+  ev_child *w;
+  int traced = WIFSTOPPED (status) || WIFCONTINUED (status);
+
+  for (w = (ev_child *)childs [chain & ((EV_PID_HASHSIZE) - 1)]; w; w = (ev_child *)((WL)w)->next)
+    {
+      if ((w->pid == pid || !w->pid)
+          && (!traced || (w->flags & 1)))
+        {
+          ev_set_priority (w, EV_MAXPRI); /* need to do it *now*, this *must* be the same prio as the signal watcher itself */
+          w->rpid    = pid;
+          w->rstatus = status;
+          ev_feed_event (EV_A_ (W)w, EV_CHILD);
+        }
+    }
+}
+
+#ifndef WCONTINUED
+# define WCONTINUED 0
+#endif
+
+/* called on sigchld etc., calls waitpid */
+static void
+childcb (EV_P_ ev_signal *sw, int revents)
+{
+  int pid, status;
+
+  /* some systems define WCONTINUED but then fail to support it (linux 2.4) */
+  if (0 >= (pid = waitpid (-1, &status, WNOHANG | WUNTRACED | WCONTINUED)))
+    if (!WCONTINUED
+        || errno != EINVAL
+        || 0 >= (pid = waitpid (-1, &status, WNOHANG | WUNTRACED)))
+      return;
+
+  /* make sure we are called again until all children have been reaped */
+  /* we need to do it this way so that the callback gets called before we continue */
+  ev_feed_event (EV_A_ (W)sw, EV_SIGNAL);
+
+  child_reap (EV_A_ pid, pid, status);
+  if ((EV_PID_HASHSIZE) > 1)
+    child_reap (EV_A_ 0, pid, status); /* this might trigger a watcher twice, but feed_event catches that */
+}
+
+#endif
+
+/*****************************************************************************/
+
+#if EV_USE_IOCP
+# include "ev_iocp.c"
+#endif
+#if EV_USE_PORT
+# include "ev_port.c"
+#endif
+#if EV_USE_KQUEUE
+# include "ev_kqueue.c"
+#endif
+#if EV_USE_EPOLL
+# include "ev_epoll.c"
+#endif
+#if EV_USE_POLL
+# include "ev_poll.c"
+#endif
+#if EV_USE_SELECT
+# include "ev_select.c"
+#endif
+
+int ecb_cold
+ev_version_major (void) EV_THROW
+{
+  return EV_VERSION_MAJOR;
+}
+
+int ecb_cold
+ev_version_minor (void) EV_THROW
+{
+  return EV_VERSION_MINOR;
+}
+
+/* return true if we are running with elevated privileges and should ignore env variables */
+int inline_size ecb_cold
+enable_secure (void)
+{
+#ifdef _WIN32
+  return 0;
+#else
+  return getuid () != geteuid ()
+      || getgid () != getegid ();
+#endif
+}
+
+unsigned int ecb_cold
+ev_supported_backends (void) EV_THROW
+{
+  unsigned int flags = 0;
+
+  if (EV_USE_PORT  ) flags |= EVBACKEND_PORT;
+  if (EV_USE_KQUEUE) flags |= EVBACKEND_KQUEUE;
+  if (EV_USE_EPOLL ) flags |= EVBACKEND_EPOLL;
+  if (EV_USE_POLL  ) flags |= EVBACKEND_POLL;
+  if (EV_USE_SELECT) flags |= EVBACKEND_SELECT;
+  
+  return flags;
+}
+
+unsigned int ecb_cold
+ev_recommended_backends (void) EV_THROW
+{
+  unsigned int flags = ev_supported_backends ();
+
+#ifndef __NetBSD__
+  /* kqueue is borked on everything but netbsd apparently */
+  /* it usually doesn't work correctly on anything but sockets and pipes */
+  flags &= ~EVBACKEND_KQUEUE;
+#endif
+#ifdef __APPLE__
+  /* only select works correctly on that "unix-certified" platform */
+  flags &= ~EVBACKEND_KQUEUE; /* horribly broken, even for sockets */
+  flags &= ~EVBACKEND_POLL;   /* poll is based on kqueue from 10.5 onwards */
+#endif
+#ifdef __FreeBSD__
+  flags &= ~EVBACKEND_POLL;   /* poll return value is unusable (http://forums.freebsd.org/archive/index.php/t-10270.html) */
+#endif
+
+  return flags;
+}
+
+unsigned int ecb_cold
+ev_embeddable_backends (void) EV_THROW
+{
+  int flags = EVBACKEND_EPOLL | EVBACKEND_KQUEUE | EVBACKEND_PORT;
+
+  /* epoll embeddability broken on all linux versions up to at least 2.6.23 */
+  if (ev_linux_version () < 0x020620) /* disable it on linux < 2.6.32 */
+    flags &= ~EVBACKEND_EPOLL;
+
+  return flags;
+}
+
+unsigned int
+ev_backend (EV_P) EV_THROW
+{
+  return backend;
+}
+
+#if EV_FEATURE_API
+unsigned int
+ev_iteration (EV_P) EV_THROW
+{
+  return loop_count;
+}
+
+unsigned int
+ev_depth (EV_P) EV_THROW
+{
+  return loop_depth;
+}
+
+void
+ev_set_io_collect_interval (EV_P_ ev_tstamp interval) EV_THROW
+{
+  io_blocktime = interval;
+}
+
+void
+ev_set_timeout_collect_interval (EV_P_ ev_tstamp interval) EV_THROW
+{
+  timeout_blocktime = interval;
+}
+
+void
+ev_set_userdata (EV_P_ void *data) EV_THROW
+{
+  userdata = data;
+}
+
+void *
+ev_userdata (EV_P) EV_THROW
+{
+  return userdata;
+}
+
+void
+ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_THROW
+{
+  invoke_cb = invoke_pending_cb;
+}
+
+void
+ev_set_loop_release_cb (EV_P_ void (*release)(EV_P) EV_THROW, void (*acquire)(EV_P) EV_THROW) EV_THROW
+{
+  release_cb = release;
+  acquire_cb = acquire;
+}
+#endif
+
+/* initialise a loop structure, must be zero-initialised */
+static void noinline ecb_cold
+loop_init (EV_P_ unsigned int flags) EV_THROW
+{
+  if (!backend)
+    {
+      origflags = flags;
+
+#if EV_USE_REALTIME
+      if (!have_realtime)
+        {
+          struct timespec ts;
+
+          if (!clock_gettime (CLOCK_REALTIME, &ts))
+            have_realtime = 1;
+        }
+#endif
+
+#if EV_USE_MONOTONIC
+      if (!have_monotonic)
+        {
+          struct timespec ts;
+
+          if (!clock_gettime (CLOCK_MONOTONIC, &ts))
+            have_monotonic = 1;
+        }
+#endif
+
+      /* pid check not overridable via env */
+#ifndef _WIN32
+      if (flags & EVFLAG_FORKCHECK)
+        curpid = getpid ();
+#endif
+
+      if (!(flags & EVFLAG_NOENV)
+          && !enable_secure ()
+          && getenv ("LIBEV_FLAGS"))
+        flags = atoi (getenv ("LIBEV_FLAGS"));
+
+      ev_rt_now          = ev_time ();
+      mn_now             = get_clock ();
+      now_floor          = mn_now;
+      rtmn_diff          = ev_rt_now - mn_now;
+#if EV_FEATURE_API
+      invoke_cb          = ev_invoke_pending;
+#endif
+
+      io_blocktime       = 0.;
+      timeout_blocktime  = 0.;
+      backend            = 0;
+      backend_fd         = -1;
+      sig_pending        = 0;
+#if EV_ASYNC_ENABLE
+      async_pending      = 0;
+#endif
+      pipe_write_skipped = 0;
+      pipe_write_wanted  = 0;
+      evpipe [0]         = -1;
+      evpipe [1]         = -1;
+#if EV_USE_INOTIFY
+      fs_fd              = flags & EVFLAG_NOINOTIFY ? -1 : -2;
+#endif
+#if EV_USE_SIGNALFD
+      sigfd              = flags & EVFLAG_SIGNALFD  ? -2 : -1;
+#endif
+
+      if (!(flags & EVBACKEND_MASK))
+        flags |= ev_recommended_backends ();
+
+#if EV_USE_IOCP
+      if (!backend && (flags & EVBACKEND_IOCP  )) backend = iocp_init   (EV_A_ flags);
+#endif
+#if EV_USE_PORT
+      if (!backend && (flags & EVBACKEND_PORT  )) backend = port_init   (EV_A_ flags);
+#endif
+#if EV_USE_KQUEUE
+      if (!backend && (flags & EVBACKEND_KQUEUE)) backend = kqueue_init (EV_A_ flags);
+#endif
+#if EV_USE_EPOLL
+      if (!backend && (flags & EVBACKEND_EPOLL )) backend = epoll_init  (EV_A_ flags);
+#endif
+#if EV_USE_POLL
+      if (!backend && (flags & EVBACKEND_POLL  )) backend = poll_init   (EV_A_ flags);
+#endif
+#if EV_USE_SELECT
+      if (!backend && (flags & EVBACKEND_SELECT)) backend = select_init (EV_A_ flags);
+#endif
+
+      ev_prepare_init (&pending_w, pendingcb);
+
+#if EV_SIGNAL_ENABLE || EV_ASYNC_ENABLE
+      ev_init (&pipe_w, pipecb);
+      ev_set_priority (&pipe_w, EV_MAXPRI);
+#endif
+    }
+}
+
+/* free up a loop structure */
+void ecb_cold
+ev_loop_destroy (EV_P)
+{
+  int i;
+
+#if EV_MULTIPLICITY
+  /* mimic free (0) */
+  if (!EV_A)
+    return;
+#endif
+
+#if EV_CLEANUP_ENABLE
+  /* queue cleanup watchers (and execute them) */
+  if (expect_false (cleanupcnt))
+    {
+      queue_events (EV_A_ (W *)cleanups, cleanupcnt, EV_CLEANUP);
+      EV_INVOKE_PENDING;
+    }
+#endif
+
+#if EV_CHILD_ENABLE
+  if (ev_is_default_loop (EV_A) && ev_is_active (&childev))
+    {
+      ev_ref (EV_A); /* child watcher */
+      ev_signal_stop (EV_A_ &childev);
+    }
+#endif
+
+  if (ev_is_active (&pipe_w))
+    {
+      /*ev_ref (EV_A);*/
+      /*ev_io_stop (EV_A_ &pipe_w);*/
+
+      if (evpipe [0] >= 0) EV_WIN32_CLOSE_FD (evpipe [0]);
+      if (evpipe [1] >= 0) EV_WIN32_CLOSE_FD (evpipe [1]);
+    }
+
+#if EV_USE_SIGNALFD
+  if (ev_is_active (&sigfd_w))
+    close (sigfd);
+#endif
+
+#if EV_USE_INOTIFY
+  if (fs_fd >= 0)
+    close (fs_fd);
+#endif
+
+  if (backend_fd >= 0)
+    close (backend_fd);
+
+#if EV_USE_IOCP
+  if (backend == EVBACKEND_IOCP  ) iocp_destroy   (EV_A);
+#endif
+#if EV_USE_PORT
+  if (backend == EVBACKEND_PORT  ) port_destroy   (EV_A);
+#endif
+#if EV_USE_KQUEUE
+  if (backend == EVBACKEND_KQUEUE) kqueue_destroy (EV_A);
+#endif
+#if EV_USE_EPOLL
+  if (backend == EVBACKEND_EPOLL ) epoll_destroy  (EV_A);
+#endif
+#if EV_USE_POLL
+  if (backend == EVBACKEND_POLL  ) poll_destroy   (EV_A);
+#endif
+#if EV_USE_SELECT
+  if (backend == EVBACKEND_SELECT) select_destroy (EV_A);
+#endif
+
+  for (i = NUMPRI; i--; )
+    {
+      array_free (pending, [i]);
+#if EV_IDLE_ENABLE
+      array_free (idle, [i]);
+#endif
+    }
+
+  ev_free (anfds); anfds = 0; anfdmax = 0;
+
+  /* have to use the microsoft-never-gets-it-right macro */
+  array_free (rfeed, EMPTY);
+  array_free (fdchange, EMPTY);
+  array_free (timer, EMPTY);
+#if EV_PERIODIC_ENABLE
+  array_free (periodic, EMPTY);
+#endif
+#if EV_FORK_ENABLE
+  array_free (fork, EMPTY);
+#endif
+#if EV_CLEANUP_ENABLE
+  array_free (cleanup, EMPTY);
+#endif
+  array_free (prepare, EMPTY);
+  array_free (check, EMPTY);
+#if EV_ASYNC_ENABLE
+  array_free (async, EMPTY);
+#endif
+
+  backend = 0;
+
+#if EV_MULTIPLICITY
+  if (ev_is_default_loop (EV_A))
+#endif
+    ev_default_loop_ptr = 0;
+#if EV_MULTIPLICITY
+  else
+    ev_free (EV_A);
+#endif
+}
+
+#if EV_USE_INOTIFY
+inline_size void infy_fork (EV_P);
+#endif
+
+inline_size void
+loop_fork (EV_P)
+{
+#if EV_USE_PORT
+  if (backend == EVBACKEND_PORT  ) port_fork   (EV_A);
+#endif
+#if EV_USE_KQUEUE
+  if (backend == EVBACKEND_KQUEUE) kqueue_fork (EV_A);
+#endif
+#if EV_USE_EPOLL
+  if (backend == EVBACKEND_EPOLL ) epoll_fork  (EV_A);
+#endif
+#if EV_USE_INOTIFY
+  infy_fork (EV_A);
+#endif
+
+#if EV_SIGNAL_ENABLE || EV_ASYNC_ENABLE
+  if (ev_is_active (&pipe_w) && postfork != 2)
+    {
+      /* pipe_write_wanted must be false now, so modifying fd vars should be safe */
+
+      ev_ref (EV_A);
+      ev_io_stop (EV_A_ &pipe_w);
+
+      if (evpipe [0] >= 0)
+        EV_WIN32_CLOSE_FD (evpipe [0]);
+
+      evpipe_init (EV_A);
+      /* iterate over everything, in case we missed something before */
+      ev_feed_event (EV_A_ &pipe_w, EV_CUSTOM);
+    }
+#endif
+
+  postfork = 0;
+}
+
+#if EV_MULTIPLICITY
+
+struct ev_loop * ecb_cold
+ev_loop_new (unsigned int flags) EV_THROW
+{
+  EV_P = (struct ev_loop *)ev_malloc (sizeof (struct ev_loop));
+
+  memset (EV_A, 0, sizeof (struct ev_loop));
+  loop_init (EV_A_ flags);
+
+  if (ev_backend (EV_A))
+    return EV_A;
+
+  ev_free (EV_A);
+  return 0;
+}
+
+#endif /* multiplicity */
+
+#if EV_VERIFY
+static void noinline ecb_cold
+verify_watcher (EV_P_ W w)
+{
+  assert (("libev: watcher has invalid priority", ABSPRI (w) >= 0 && ABSPRI (w) < NUMPRI));
+
+  if (w->pending)
+    assert (("libev: pending watcher not on pending queue", pendings [ABSPRI (w)][w->pending - 1].w == w));
+}
+
+static void noinline ecb_cold
+verify_heap (EV_P_ ANHE *heap, int N)
+{
+  int i;
+
+  for (i = HEAP0; i < N + HEAP0; ++i)
+    {
+      assert (("libev: active index mismatch in heap", ev_active (ANHE_w (heap [i])) == i));
+      assert (("libev: heap condition violated", i == HEAP0 || ANHE_at (heap [HPARENT (i)]) <= ANHE_at (heap [i])));
+      assert (("libev: heap at cache mismatch", ANHE_at (heap [i]) == ev_at (ANHE_w (heap [i]))));
+
+      verify_watcher (EV_A_ (W)ANHE_w (heap [i]));
+    }
+}
+
+static void noinline ecb_cold
+array_verify (EV_P_ W *ws, int cnt)
+{
+  while (cnt--)
+    {
+      assert (("libev: active index mismatch", ev_active (ws [cnt]) == cnt + 1));
+      verify_watcher (EV_A_ ws [cnt]);
+    }
+}
+#endif
+
+#if EV_FEATURE_API
+void ecb_cold
+ev_verify (EV_P) EV_THROW
+{
+#if EV_VERIFY
+  int i;
+  WL w, w2;
+
+  assert (activecnt >= -1);
+
+  assert (fdchangemax >= fdchangecnt);
+  for (i = 0; i < fdchangecnt; ++i)
+    assert (("libev: negative fd in fdchanges", fdchanges [i] >= 0));
+
+  assert (anfdmax >= 0);
+  for (i = 0; i < anfdmax; ++i)
+    {
+      int j = 0;
+
+      for (w = w2 = anfds [i].head; w; w = w->next)
+        {
+          verify_watcher (EV_A_ (W)w);
+
+          if (j++ & 1)
+            {
+              assert (("libev: io watcher list contains a loop", w != w2));
+              w2 = w2->next;
+            }
+
+          assert (("libev: inactive fd watcher on anfd list", ev_active (w) == 1));
+          assert (("libev: fd mismatch between watcher and anfd", ((ev_io *)w)->fd == i));
+        }
+    }
+
+  assert (timermax >= timercnt);
+  verify_heap (EV_A_ timers, timercnt);
+
+#if EV_PERIODIC_ENABLE
+  assert (periodicmax >= periodiccnt);
+  verify_heap (EV_A_ periodics, periodiccnt);
+#endif
+
+  for (i = NUMPRI; i--; )
+    {
+      assert (pendingmax [i] >= pendingcnt [i]);
+#if EV_IDLE_ENABLE
+      assert (idleall >= 0);
+      assert (idlemax [i] >= idlecnt [i]);
+      array_verify (EV_A_ (W *)idles [i], idlecnt [i]);
+#endif
+    }
+
+#if EV_FORK_ENABLE
+  assert (forkmax >= forkcnt);
+  array_verify (EV_A_ (W *)forks, forkcnt);
+#endif
+
+#if EV_CLEANUP_ENABLE
+  assert (cleanupmax >= cleanupcnt);
+  array_verify (EV_A_ (W *)cleanups, cleanupcnt);
+#endif
+
+#if EV_ASYNC_ENABLE
+  assert (asyncmax >= asynccnt);
+  array_verify (EV_A_ (W *)asyncs, asynccnt);
+#endif
+
+#if EV_PREPARE_ENABLE
+  assert (preparemax >= preparecnt);
+  array_verify (EV_A_ (W *)prepares, preparecnt);
+#endif
+
+#if EV_CHECK_ENABLE
+  assert (checkmax >= checkcnt);
+  array_verify (EV_A_ (W *)checks, checkcnt);
+#endif
+
+# if 0
+#if EV_CHILD_ENABLE
+  for (w = (ev_child *)childs [chain & ((EV_PID_HASHSIZE) - 1)]; w; w = (ev_child *)((WL)w)->next)
+  for (signum = EV_NSIG; signum--; ) if (signals [signum].pending)
+#endif
+# endif
+#endif
+}
+#endif
+
+#if EV_MULTIPLICITY
+struct ev_loop * ecb_cold
+#else
+int
+#endif
+ev_default_loop (unsigned int flags) EV_THROW
+{
+  if (!ev_default_loop_ptr)
+    {
+#if EV_MULTIPLICITY
+      EV_P = ev_default_loop_ptr = &default_loop_struct;
+#else
+      ev_default_loop_ptr = 1;
+#endif
+
+      loop_init (EV_A_ flags);
+
+      if (ev_backend (EV_A))
+        {
+#if EV_CHILD_ENABLE
+          ev_signal_init (&childev, childcb, SIGCHLD);
+          ev_set_priority (&childev, EV_MAXPRI);
+          ev_signal_start (EV_A_ &childev);
+          ev_unref (EV_A); /* child watcher should not keep loop alive */
+#endif
+        }
+      else
+        ev_default_loop_ptr = 0;
+    }
+
+  return ev_default_loop_ptr;
+}
+
+void
+ev_loop_fork (EV_P) EV_THROW
+{
+  postfork = 1;
+}
+
+/*****************************************************************************/
+
+void
+ev_invoke (EV_P_ void *w, int revents)
+{
+  EV_CB_INVOKE ((W)w, revents);
+}
+
+unsigned int
+ev_pending_count (EV_P) EV_THROW
+{
+  int pri;
+  unsigned int count = 0;
+
+  for (pri = NUMPRI; pri--; )
+    count += pendingcnt [pri];
+
+  return count;
+}
+
+void noinline
+ev_invoke_pending (EV_P)
+{
+  pendingpri = NUMPRI;
+
+  while (pendingpri) /* pendingpri possibly gets modified in the inner loop */
+    {
+      --pendingpri;
+
+      while (pendingcnt [pendingpri])
+        {
+          ANPENDING *p = pendings [pendingpri] + --pendingcnt [pendingpri];
+
+          p->w->pending = 0;
+          EV_CB_INVOKE (p->w, p->events);
+          EV_FREQUENT_CHECK;
+        }
+    }
+}
+
+#if EV_IDLE_ENABLE
+/* make idle watchers pending. this handles the "call-idle */
+/* only when higher priorities are idle" logic */
+inline_size void
+idle_reify (EV_P)
+{
+  if (expect_false (idleall))
+    {
+      int pri;
+
+      for (pri = NUMPRI; pri--; )
+        {
+          if (pendingcnt [pri])
+            break;
+
+          if (idlecnt [pri])
+            {
+              queue_events (EV_A_ (W *)idles [pri], idlecnt [pri], EV_IDLE);
+              break;
+            }
+        }
+    }
+}
+#endif
+
+/* make timers pending */
+inline_size void
+timers_reify (EV_P)
+{
+  EV_FREQUENT_CHECK;
+
+  if (timercnt && ANHE_at (timers [HEAP0]) < mn_now)
+    {
+      do
+        {
+          ev_timer *w = (ev_timer *)ANHE_w (timers [HEAP0]);
+
+          /*assert (("libev: inactive timer on timer heap detected", ev_is_active (w)));*/
+
+          /* first reschedule or stop timer */
+          if (w->repeat)
+            {
+              ev_at (w) += w->repeat;
+              if (ev_at (w) < mn_now)
+                ev_at (w) = mn_now;
+
+              assert (("libev: negative ev_timer repeat value found while processing timers", w->repeat > 0.));
+
+              ANHE_at_cache (timers [HEAP0]);
+              downheap (timers, timercnt, HEAP0);
+            }
+          else
+            ev_timer_stop (EV_A_ w); /* nonrepeating: stop timer */
+
+          EV_FREQUENT_CHECK;
+          feed_reverse (EV_A_ (W)w);
+        }
+      while (timercnt && ANHE_at (timers [HEAP0]) < mn_now);
+
+      feed_reverse_done (EV_A_ EV_TIMER);
+    }
+}
+
+#if EV_PERIODIC_ENABLE
+
+static void noinline
+periodic_recalc (EV_P_ ev_periodic *w)
+{
+  ev_tstamp interval = w->interval > MIN_INTERVAL ? w->interval : MIN_INTERVAL;
+  ev_tstamp at = w->offset + interval * ev_floor ((ev_rt_now - w->offset) / interval);
+
+  /* the above almost always errs on the low side */
+  while (at <= ev_rt_now)
+    {
+      ev_tstamp nat = at + w->interval;
+
+      /* when resolution fails us, we use ev_rt_now */
+      if (expect_false (nat == at))
+        {
+          at = ev_rt_now;
+          break;
+        }
+
+      at = nat;
+    }
+
+  ev_at (w) = at;
+}
+
+/* make periodics pending */
+inline_size void
+periodics_reify (EV_P)
+{
+  EV_FREQUENT_CHECK;
+
+  while (periodiccnt && ANHE_at (periodics [HEAP0]) < ev_rt_now)
+    {
+      do
+        {
+          ev_periodic *w = (ev_periodic *)ANHE_w (periodics [HEAP0]);
+
+          /*assert (("libev: inactive timer on periodic heap detected", ev_is_active (w)));*/
+
+          /* first reschedule or stop timer */
+          if (w->reschedule_cb)
+            {
+              ev_at (w) = w->reschedule_cb (w, ev_rt_now);
+
+              assert (("libev: ev_periodic reschedule callback returned time in the past", ev_at (w) >= ev_rt_now));
+
+              ANHE_at_cache (periodics [HEAP0]);
+              downheap (periodics, periodiccnt, HEAP0);
+            }
+          else if (w->interval)
+            {
+              periodic_recalc (EV_A_ w);
+              ANHE_at_cache (periodics [HEAP0]);
+              downheap (periodics, periodiccnt, HEAP0);
+            }
+          else
+            ev_periodic_stop (EV_A_ w); /* nonrepeating: stop timer */
+
+          EV_FREQUENT_CHECK;
+          feed_reverse (EV_A_ (W)w);
+        }
+      while (periodiccnt && ANHE_at (periodics [HEAP0]) < ev_rt_now);
+
+      feed_reverse_done (EV_A_ EV_PERIODIC);
+    }
+}
+
+/* simply recalculate all periodics */
+/* TODO: maybe ensure that at least one event happens when jumping forward? */
+static void noinline ecb_cold
+periodics_reschedule (EV_P)
+{
+  int i;
+
+  /* adjust periodics after time jump */
+  for (i = HEAP0; i < periodiccnt + HEAP0; ++i)
+    {
+      ev_periodic *w = (ev_periodic *)ANHE_w (periodics [i]);
+
+      if (w->reschedule_cb)
+        ev_at (w) = w->reschedule_cb (w, ev_rt_now);
+      else if (w->interval)
+        periodic_recalc (EV_A_ w);
+
+      ANHE_at_cache (periodics [i]);
+    }
+
+  reheap (periodics, periodiccnt);
+}
+#endif
+
+/* adjust all timers by a given offset */
+static void noinline ecb_cold
+timers_reschedule (EV_P_ ev_tstamp adjust)
+{
+  int i;
+
+  for (i = 0; i < timercnt; ++i)
+    {
+      ANHE *he = timers + i + HEAP0;
+      ANHE_w (*he)->at += adjust;
+      ANHE_at_cache (*he);
+    }
+}
+
+/* fetch new monotonic and realtime times from the kernel */
+/* also detect if there was a timejump, and act accordingly */
+inline_speed void
+time_update (EV_P_ ev_tstamp max_block)
+{
+#if EV_USE_MONOTONIC
+  if (expect_true (have_monotonic))
+    {
+      int i;
+      ev_tstamp odiff = rtmn_diff;
+
+      mn_now = get_clock ();
+
+      /* only fetch the realtime clock every 0.5*MIN_TIMEJUMP seconds */
+      /* interpolate in the meantime */
+      if (expect_true (mn_now - now_floor < MIN_TIMEJUMP * .5))
+        {
+          ev_rt_now = rtmn_diff + mn_now;
+          return;
+        }
+
+      now_floor = mn_now;
+      ev_rt_now = ev_time ();
+
+      /* loop a few times, before making important decisions.
+       * on the choice of "4": one iteration isn't enough,
+       * in case we get preempted during the calls to
+       * ev_time and get_clock. a second call is almost guaranteed
+       * to succeed in that case, though. and looping a few more times
+       * doesn't hurt either as we only do this on time-jumps or
+       * in the unlikely event of having been preempted here.
+       */
+      for (i = 4; --i; )
+        {
+          ev_tstamp diff;
+          rtmn_diff = ev_rt_now - mn_now;
+
+          diff = odiff - rtmn_diff;
+
+          if (expect_true ((diff < 0. ? -diff : diff) < MIN_TIMEJUMP))
+            return; /* all is well */
+
+          ev_rt_now = ev_time ();
+          mn_now    = get_clock ();
+          now_floor = mn_now;
+        }
+
+      /* no timer adjustment, as the monotonic clock doesn't jump */
+      /* timers_reschedule (EV_A_ rtmn_diff - odiff) */
+# if EV_PERIODIC_ENABLE
+      periodics_reschedule (EV_A);
+# endif
+    }
+  else
+#endif
+    {
+      ev_rt_now = ev_time ();
+
+      if (expect_false (mn_now > ev_rt_now || ev_rt_now > mn_now + max_block + MIN_TIMEJUMP))
+        {
+          /* adjust timers. this is easy, as the offset is the same for all of them */
+          timers_reschedule (EV_A_ ev_rt_now - mn_now);
+#if EV_PERIODIC_ENABLE
+          periodics_reschedule (EV_A);
+#endif
+        }
+
+      mn_now = ev_rt_now;
+    }
+}
+
+int
+ev_run (EV_P_ int flags)
+{
+#if EV_FEATURE_API
+  ++loop_depth;
+#endif
+
+  assert (("libev: ev_loop recursion during release detected", loop_done != EVBREAK_RECURSE));
+
+  loop_done = EVBREAK_CANCEL;
+
+  EV_INVOKE_PENDING; /* in case we recurse, ensure ordering stays nice and clean */
+
+  do
+    {
+#if EV_VERIFY >= 2
+      ev_verify (EV_A);
+#endif
+
+#ifndef _WIN32
+      if (expect_false (curpid)) /* penalise the forking check even more */
+        if (expect_false (getpid () != curpid))
+          {
+            curpid = getpid ();
+            postfork = 1;
+          }
+#endif
+
+#if EV_FORK_ENABLE
+      /* we might have forked, so queue fork handlers */
+      if (expect_false (postfork))
+        if (forkcnt)
+          {
+            queue_events (EV_A_ (W *)forks, forkcnt, EV_FORK);
+            EV_INVOKE_PENDING;
+          }
+#endif
+
+#if EV_PREPARE_ENABLE
+      /* queue prepare watchers (and execute them) */
+      if (expect_false (preparecnt))
+        {
+          queue_events (EV_A_ (W *)prepares, preparecnt, EV_PREPARE);
+          EV_INVOKE_PENDING;
+        }
+#endif
+
+      if (expect_false (loop_done))
+        break;
+
+      /* we might have forked, so reify kernel state if necessary */
+      if (expect_false (postfork))
+        loop_fork (EV_A);
+
+      /* update fd-related kernel structures */
+      fd_reify (EV_A);
+
+      /* calculate blocking time */
+      {
+        ev_tstamp waittime  = 0.;
+        ev_tstamp sleeptime = 0.;
+
+        /* remember old timestamp for io_blocktime calculation */
+        ev_tstamp prev_mn_now = mn_now;
+
+        /* update time to cancel out callback processing overhead */
+        time_update (EV_A_ 1e100);
+
+        /* from now on, we want a pipe-wake-up */
+        pipe_write_wanted = 1;
+
+        ECB_MEMORY_FENCE; /* make sure pipe_write_wanted is visible before we check for potential skips */
+
+        if (expect_true (!(flags & EVRUN_NOWAIT || idleall || !activecnt || pipe_write_skipped)))
+          {
+            waittime = MAX_BLOCKTIME;
+
+            if (timercnt)
+              {
+                ev_tstamp to = ANHE_at (timers [HEAP0]) - mn_now;
+                if (waittime > to) waittime = to;
+              }
+
+#if EV_PERIODIC_ENABLE
+            if (periodiccnt)
+              {
+                ev_tstamp to = ANHE_at (periodics [HEAP0]) - ev_rt_now;
+                if (waittime > to) waittime = to;
+              }
+#endif
+
+            /* don't let timeouts decrease the waittime below timeout_blocktime */
+            if (expect_false (waittime < timeout_blocktime))
+              waittime = timeout_blocktime;
+
+            /* at this point, we NEED to wait, so we have to ensure */
+            /* to pass a minimum nonzero value to the backend */
+            if (expect_false (waittime < backend_mintime))
+              waittime = backend_mintime;
+
+            /* extra check because io_blocktime is commonly 0 */
+            if (expect_false (io_blocktime))
+              {
+                sleeptime = io_blocktime - (mn_now - prev_mn_now);
+
+                if (sleeptime > waittime - backend_mintime)
+                  sleeptime = waittime - backend_mintime;
+
+                if (expect_true (sleeptime > 0.))
+                  {
+                    ev_sleep (sleeptime);
+                    waittime -= sleeptime;
+                  }
+              }
+          }
+
+#if EV_FEATURE_API
+        ++loop_count;
+#endif
+        assert ((loop_done = EVBREAK_RECURSE, 1)); /* assert for side effect */
+        backend_poll (EV_A_ waittime);
+        assert ((loop_done = EVBREAK_CANCEL, 1)); /* assert for side effect */
+
+        pipe_write_wanted = 0; /* just an optimisation, no fence needed */
+
+        ECB_MEMORY_FENCE_ACQUIRE;
+        if (pipe_write_skipped)
+          {
+            assert (("libev: pipe_w not active, but pipe not written", ev_is_active (&pipe_w)));
+            ev_feed_event (EV_A_ &pipe_w, EV_CUSTOM);
+          }
+
+
+        /* update ev_rt_now, do magic */
+        time_update (EV_A_ waittime + sleeptime);
+      }
+
+      /* queue pending timers and reschedule them */
+      timers_reify (EV_A); /* relative timers called last */
+#if EV_PERIODIC_ENABLE
+      periodics_reify (EV_A); /* absolute timers called first */
+#endif
+
+#if EV_IDLE_ENABLE
+      /* queue idle watchers unless other events are pending */
+      idle_reify (EV_A);
+#endif
+
+#if EV_CHECK_ENABLE
+      /* queue check watchers, to be executed first */
+      if (expect_false (checkcnt))
+        queue_events (EV_A_ (W *)checks, checkcnt, EV_CHECK);
+#endif
+
+      EV_INVOKE_PENDING;
+    }
+  while (expect_true (
+    activecnt
+    && !loop_done
+    && !(flags & (EVRUN_ONCE | EVRUN_NOWAIT))
+  ));
+
+  if (loop_done == EVBREAK_ONE)
+    loop_done = EVBREAK_CANCEL;
+
+#if EV_FEATURE_API
+  --loop_depth;
+#endif
+
+  return activecnt;
+}
+
+void
+ev_break (EV_P_ int how) EV_THROW
+{
+  loop_done = how;
+}
+
+void
+ev_ref (EV_P) EV_THROW
+{
+  ++activecnt;
+}
+
+void
+ev_unref (EV_P) EV_THROW
+{
+  --activecnt;
+}
+
+void
+ev_now_update (EV_P) EV_THROW
+{
+  time_update (EV_A_ 1e100);
+}
+
+void
+ev_suspend (EV_P) EV_THROW
+{
+  ev_now_update (EV_A);
+}
+
+void
+ev_resume (EV_P) EV_THROW
+{
+  ev_tstamp mn_prev = mn_now;
+
+  ev_now_update (EV_A);
+  timers_reschedule (EV_A_ mn_now - mn_prev);
+#if EV_PERIODIC_ENABLE
+  /* TODO: really do this? */
+  periodics_reschedule (EV_A);
+#endif
+}
+
+/*****************************************************************************/
+/* singly-linked list management, used when the expected list length is short */
+
+inline_size void
+wlist_add (WL *head, WL elem)
+{
+  elem->next = *head;
+  *head = elem;
+}
+
+inline_size void
+wlist_del (WL *head, WL elem)
+{
+  while (*head)
+    {
+      if (expect_true (*head == elem))
+        {
+          *head = elem->next;
+          break;
+        }
+
+      head = &(*head)->next;
+    }
+}
+
+/* internal, faster, version of ev_clear_pending */
+inline_speed void
+clear_pending (EV_P_ W w)
+{
+  if (w->pending)
+    {
+      pendings [ABSPRI (w)][w->pending - 1].w = (W)&pending_w;
+      w->pending = 0;
+    }
+}
+
+int
+ev_clear_pending (EV_P_ void *w) EV_THROW
+{
+  W w_ = (W)w;
+  int pending = w_->pending;
+
+  if (expect_true (pending))
+    {
+      ANPENDING *p = pendings [ABSPRI (w_)] + pending - 1;
+      p->w = (W)&pending_w;
+      w_->pending = 0;
+      return p->events;
+    }
+  else
+    return 0;
+}
+
+inline_size void
+pri_adjust (EV_P_ W w)
+{
+  int pri = ev_priority (w);
+  pri = pri < EV_MINPRI ? EV_MINPRI : pri;
+  pri = pri > EV_MAXPRI ? EV_MAXPRI : pri;
+  ev_set_priority (w, pri);
+}
+
+inline_speed void
+ev_start (EV_P_ W w, int active)
+{
+  pri_adjust (EV_A_ w);
+  w->active = active;
+  ev_ref (EV_A);
+}
+
+inline_size void
+ev_stop (EV_P_ W w)
+{
+  ev_unref (EV_A);
+  w->active = 0;
+}
+
+/*****************************************************************************/
+
+void noinline
+ev_io_start (EV_P_ ev_io *w) EV_THROW
+{
+  int fd = w->fd;
+
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  assert (("libev: ev_io_start called with negative fd", fd >= 0));
+  assert (("libev: ev_io_start called with illegal event mask", !(w->events & ~(EV__IOFDSET | EV_READ | EV_WRITE))));
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, 1);
+  array_needsize (ANFD, anfds, anfdmax, fd + 1, array_init_zero);
+  wlist_add (&anfds[fd].head, (WL)w);
+
+  /* common bug, apparently */
+  assert (("libev: ev_io_start called with corrupted watcher", ((WL)w)->next != (WL)w));
+
+  fd_change (EV_A_ fd, w->events & EV__IOFDSET | EV_ANFD_REIFY);
+  w->events &= ~EV__IOFDSET;
+
+  EV_FREQUENT_CHECK;
+}
+
+void noinline
+ev_io_stop (EV_P_ ev_io *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  assert (("libev: ev_io_stop called with illegal fd (must stay constant after start!)", w->fd >= 0 && w->fd < anfdmax));
+
+  EV_FREQUENT_CHECK;
+
+  wlist_del (&anfds[w->fd].head, (WL)w);
+  ev_stop (EV_A_ (W)w);
+
+  fd_change (EV_A_ w->fd, EV_ANFD_REIFY);
+
+  EV_FREQUENT_CHECK;
+}
+
+void noinline
+ev_timer_start (EV_P_ ev_timer *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  ev_at (w) += mn_now;
+
+  assert (("libev: ev_timer_start called with negative timer repeat value", w->repeat >= 0.));
+
+  EV_FREQUENT_CHECK;
+
+  ++timercnt;
+  ev_start (EV_A_ (W)w, timercnt + HEAP0 - 1);
+  array_needsize (ANHE, timers, timermax, ev_active (w) + 1, EMPTY2);
+  ANHE_w (timers [ev_active (w)]) = (WT)w;
+  ANHE_at_cache (timers [ev_active (w)]);
+  upheap (timers, ev_active (w));
+
+  EV_FREQUENT_CHECK;
+
+  /*assert (("libev: internal timer heap corruption", timers [ev_active (w)] == (WT)w));*/
+}
+
+void noinline
+ev_timer_stop (EV_P_ ev_timer *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    assert (("libev: internal timer heap corruption", ANHE_w (timers [active]) == (WT)w));
+
+    --timercnt;
+
+    if (expect_true (active < timercnt + HEAP0))
+      {
+        timers [active] = timers [timercnt + HEAP0];
+        adjustheap (timers, timercnt, active);
+      }
+  }
+
+  ev_at (w) -= mn_now;
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+
+void noinline
+ev_timer_again (EV_P_ ev_timer *w) EV_THROW
+{
+  EV_FREQUENT_CHECK;
+
+  clear_pending (EV_A_ (W)w);
+
+  if (ev_is_active (w))
+    {
+      if (w->repeat)
+        {
+          ev_at (w) = mn_now + w->repeat;
+          ANHE_at_cache (timers [ev_active (w)]);
+          adjustheap (timers, timercnt, ev_active (w));
+        }
+      else
+        ev_timer_stop (EV_A_ w);
+    }
+  else if (w->repeat)
+    {
+      ev_at (w) = w->repeat;
+      ev_timer_start (EV_A_ w);
+    }
+
+  EV_FREQUENT_CHECK;
+}
+
+ev_tstamp
+ev_timer_remaining (EV_P_ ev_timer *w) EV_THROW
+{
+  return ev_at (w) - (ev_is_active (w) ? mn_now : 0.);
+}
+
+#if EV_PERIODIC_ENABLE
+void noinline
+ev_periodic_start (EV_P_ ev_periodic *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  if (w->reschedule_cb)
+    ev_at (w) = w->reschedule_cb (w, ev_rt_now);
+  else if (w->interval)
+    {
+      assert (("libev: ev_periodic_start called with negative interval value", w->interval >= 0.));
+      periodic_recalc (EV_A_ w);
+    }
+  else
+    ev_at (w) = w->offset;
+
+  EV_FREQUENT_CHECK;
+
+  ++periodiccnt;
+  ev_start (EV_A_ (W)w, periodiccnt + HEAP0 - 1);
+  array_needsize (ANHE, periodics, periodicmax, ev_active (w) + 1, EMPTY2);
+  ANHE_w (periodics [ev_active (w)]) = (WT)w;
+  ANHE_at_cache (periodics [ev_active (w)]);
+  upheap (periodics, ev_active (w));
+
+  EV_FREQUENT_CHECK;
+
+  /*assert (("libev: internal periodic heap corruption", ANHE_w (periodics [ev_active (w)]) == (WT)w));*/
+}
+
+void noinline
+ev_periodic_stop (EV_P_ ev_periodic *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    assert (("libev: internal periodic heap corruption", ANHE_w (periodics [active]) == (WT)w));
+
+    --periodiccnt;
+
+    if (expect_true (active < periodiccnt + HEAP0))
+      {
+        periodics [active] = periodics [periodiccnt + HEAP0];
+        adjustheap (periodics, periodiccnt, active);
+      }
+  }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+
+void noinline
+ev_periodic_again (EV_P_ ev_periodic *w) EV_THROW
+{
+  /* TODO: use adjustheap and recalculation */
+  ev_periodic_stop (EV_A_ w);
+  ev_periodic_start (EV_A_ w);
+}
+#endif
+
+#ifndef SA_RESTART
+# define SA_RESTART 0
+#endif
+
+#if EV_SIGNAL_ENABLE
+
+void noinline
+ev_signal_start (EV_P_ ev_signal *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  assert (("libev: ev_signal_start called with illegal signal number", w->signum > 0 && w->signum < EV_NSIG));
+
+#if EV_MULTIPLICITY
+  assert (("libev: a signal must not be attached to two different loops",
+           !signals [w->signum - 1].loop || signals [w->signum - 1].loop == loop));
+
+  signals [w->signum - 1].loop = EV_A;
+  ECB_MEMORY_FENCE_RELEASE;
+#endif
+
+  EV_FREQUENT_CHECK;
+
+#if EV_USE_SIGNALFD
+  if (sigfd == -2)
+    {
+      sigfd = signalfd (-1, &sigfd_set, SFD_NONBLOCK | SFD_CLOEXEC);
+      if (sigfd < 0 && errno == EINVAL)
+        sigfd = signalfd (-1, &sigfd_set, 0); /* retry without flags */
+
+      if (sigfd >= 0)
+        {
+          fd_intern (sigfd); /* doing it twice will not hurt */
+
+          sigemptyset (&sigfd_set);
+
+          ev_io_init (&sigfd_w, sigfdcb, sigfd, EV_READ);
+          ev_set_priority (&sigfd_w, EV_MAXPRI);
+          ev_io_start (EV_A_ &sigfd_w);
+          ev_unref (EV_A); /* signalfd watcher should not keep loop alive */
+        }
+    }
+
+  if (sigfd >= 0)
+    {
+      /* TODO: check .head */
+      sigaddset (&sigfd_set, w->signum);
+      sigprocmask (SIG_BLOCK, &sigfd_set, 0);
+
+      signalfd (sigfd, &sigfd_set, 0);
+    }
+#endif
+
+  ev_start (EV_A_ (W)w, 1);
+  wlist_add (&signals [w->signum - 1].head, (WL)w);
+
+  if (!((WL)w)->next)
+# if EV_USE_SIGNALFD
+    if (sigfd < 0) /*TODO*/
+# endif
+      {
+# ifdef _WIN32
+        evpipe_init (EV_A);
+
+        signal (w->signum, ev_sighandler);
+# else
+        struct sigaction sa;
+
+        evpipe_init (EV_A);
+
+        sa.sa_handler = ev_sighandler;
+        sigfillset (&sa.sa_mask);
+        sa.sa_flags = SA_RESTART; /* if restarting works we save one iteration */
+        sigaction (w->signum, &sa, 0);
+
+        if (origflags & EVFLAG_NOSIGMASK)
+          {
+            sigemptyset (&sa.sa_mask);
+            sigaddset (&sa.sa_mask, w->signum);
+            sigprocmask (SIG_UNBLOCK, &sa.sa_mask, 0);
+          }
+#endif
+      }
+
+  EV_FREQUENT_CHECK;
+}
+
+void noinline
+ev_signal_stop (EV_P_ ev_signal *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  wlist_del (&signals [w->signum - 1].head, (WL)w);
+  ev_stop (EV_A_ (W)w);
+
+  if (!signals [w->signum - 1].head)
+    {
+#if EV_MULTIPLICITY
+      signals [w->signum - 1].loop = 0; /* unattach from signal */
+#endif
+#if EV_USE_SIGNALFD
+      if (sigfd >= 0)
+        {
+          sigset_t ss;
+
+          sigemptyset (&ss);
+          sigaddset (&ss, w->signum);
+          sigdelset (&sigfd_set, w->signum);
+
+          signalfd (sigfd, &sigfd_set, 0);
+          sigprocmask (SIG_UNBLOCK, &ss, 0);
+        }
+      else
+#endif
+        signal (w->signum, SIG_DFL);
+    }
+
+  EV_FREQUENT_CHECK;
+}
+
+#endif
+
+#if EV_CHILD_ENABLE
+
+void
+ev_child_start (EV_P_ ev_child *w) EV_THROW
+{
+#if EV_MULTIPLICITY
+  assert (("libev: child watchers are only supported in the default loop", loop == ev_default_loop_ptr));
+#endif
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, 1);
+  wlist_add (&childs [w->pid & ((EV_PID_HASHSIZE) - 1)], (WL)w);
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_child_stop (EV_P_ ev_child *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  wlist_del (&childs [w->pid & ((EV_PID_HASHSIZE) - 1)], (WL)w);
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+
+#endif
+
+#if EV_STAT_ENABLE
+
+# ifdef _WIN32
+#  undef lstat
+#  define lstat(a,b) _stati64 (a,b)
+# endif
+
+#define DEF_STAT_INTERVAL  5.0074891
+#define NFS_STAT_INTERVAL 30.1074891 /* for filesystems potentially failing inotify */
+#define MIN_STAT_INTERVAL  0.1074891
+
+static void noinline stat_timer_cb (EV_P_ ev_timer *w_, int revents);
+
+#if EV_USE_INOTIFY
+
+/* the * 2 is to allow for alignment padding, which for some reason is >> 8 */
+# define EV_INOTIFY_BUFSIZE (sizeof (struct inotify_event) * 2 + NAME_MAX)
+
+static void noinline
+infy_add (EV_P_ ev_stat *w)
+{
+  w->wd = inotify_add_watch (fs_fd, w->path,
+                             IN_ATTRIB | IN_DELETE_SELF | IN_MOVE_SELF | IN_MODIFY
+                             | IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO
+                             | IN_DONT_FOLLOW | IN_MASK_ADD);
+
+  if (w->wd >= 0)
+    {
+      struct statfs sfs;
+
+      /* now local changes will be tracked by inotify, but remote changes won't */
+      /* unless the filesystem is known to be local, we therefore still poll */
+      /* also do poll on <2.6.25, but with normal frequency */
+
+      if (!fs_2625)
+        w->timer.repeat = w->interval ? w->interval : DEF_STAT_INTERVAL;
+      else if (!statfs (w->path, &sfs)
+               && (sfs.f_type == 0x1373 /* devfs */
+                   || sfs.f_type == 0x4006 /* fat */
+                   || sfs.f_type == 0x4d44 /* msdos */
+                   || sfs.f_type == 0xEF53 /* ext2/3 */
+                   || sfs.f_type == 0x72b6 /* jffs2 */
+                   || sfs.f_type == 0x858458f6 /* ramfs */
+                   || sfs.f_type == 0x5346544e /* ntfs */
+                   || sfs.f_type == 0x3153464a /* jfs */
+                   || sfs.f_type == 0x9123683e /* btrfs */
+                   || sfs.f_type == 0x52654973 /* reiser3 */
+                   || sfs.f_type == 0x01021994 /* tmpfs */
+                   || sfs.f_type == 0x58465342 /* xfs */))
+        w->timer.repeat = 0.; /* filesystem is local, kernel new enough */
+      else
+        w->timer.repeat = w->interval ? w->interval : NFS_STAT_INTERVAL; /* remote, use reduced frequency */
+    }
+  else
+    {
+      /* can't use inotify, continue to stat */
+      w->timer.repeat = w->interval ? w->interval : DEF_STAT_INTERVAL;
+
+      /* if path is not there, monitor some parent directory for speedup hints */
+      /* note that exceeding the hardcoded path limit is not a correctness issue, */
+      /* but an efficiency issue only */
+      if ((errno == ENOENT || errno == EACCES) && strlen (w->path) < 4096)
+        {
+          char path [4096];
+          strcpy (path, w->path);
+
+          do
+            {
+              int mask = IN_MASK_ADD | IN_DELETE_SELF | IN_MOVE_SELF
+                       | (errno == EACCES ? IN_ATTRIB : IN_CREATE | IN_MOVED_TO);
+
+              char *pend = strrchr (path, '/');
+
+              if (!pend || pend == path)
+                break;
+
+              *pend = 0;
+              w->wd = inotify_add_watch (fs_fd, path, mask);
+            }
+          while (w->wd < 0 && (errno == ENOENT || errno == EACCES));
+        }
+    }
+
+  if (w->wd >= 0)
+    wlist_add (&fs_hash [w->wd & ((EV_INOTIFY_HASHSIZE) - 1)].head, (WL)w);
+
+  /* now re-arm timer, if required */
+  if (ev_is_active (&w->timer)) ev_ref (EV_A);
+  ev_timer_again (EV_A_ &w->timer);
+  if (ev_is_active (&w->timer)) ev_unref (EV_A);
+}
+
+static void noinline
+infy_del (EV_P_ ev_stat *w)
+{
+  int slot;
+  int wd = w->wd;
+
+  if (wd < 0)
+    return;
+
+  w->wd = -2;
+  slot = wd & ((EV_INOTIFY_HASHSIZE) - 1);
+  wlist_del (&fs_hash [slot].head, (WL)w);
+
+  /* remove this watcher, if others are watching it, they will rearm */
+  inotify_rm_watch (fs_fd, wd);
+}
+
+static void noinline
+infy_wd (EV_P_ int slot, int wd, struct inotify_event *ev)
+{
+  if (slot < 0)
+    /* overflow, need to check for all hash slots */
+    for (slot = 0; slot < (EV_INOTIFY_HASHSIZE); ++slot)
+      infy_wd (EV_A_ slot, wd, ev);
+  else
+    {
+      WL w_;
+
+      for (w_ = fs_hash [slot & ((EV_INOTIFY_HASHSIZE) - 1)].head; w_; )
+        {
+          ev_stat *w = (ev_stat *)w_;
+          w_ = w_->next; /* lets us remove this watcher and all before it */
+
+          if (w->wd == wd || wd == -1)
+            {
+              if (ev->mask & (IN_IGNORED | IN_UNMOUNT | IN_DELETE_SELF))
+                {
+                  wlist_del (&fs_hash [slot & ((EV_INOTIFY_HASHSIZE) - 1)].head, (WL)w);
+                  w->wd = -1;
+                  infy_add (EV_A_ w); /* re-add, no matter what */
+                }
+
+              stat_timer_cb (EV_A_ &w->timer, 0);
+            }
+        }
+    }
+}
+
+static void
+infy_cb (EV_P_ ev_io *w, int revents)
+{
+  char buf [EV_INOTIFY_BUFSIZE];
+  int ofs;
+  int len = read (fs_fd, buf, sizeof (buf));
+
+  for (ofs = 0; ofs < len; )
+    {
+      struct inotify_event *ev = (struct inotify_event *)(buf + ofs);
+      infy_wd (EV_A_ ev->wd, ev->wd, ev);
+      ofs += sizeof (struct inotify_event) + ev->len;
+    }
+}
+
+inline_size void ecb_cold
+ev_check_2625 (EV_P)
+{
+  /* kernels < 2.6.25 are borked
+   * http://www.ussg.indiana.edu/hypermail/linux/kernel/0711.3/1208.html
+   */
+  if (ev_linux_version () < 0x020619)
+    return;
+
+  fs_2625 = 1;
+}
+
+inline_size int
+infy_newfd (void)
+{
+#if defined IN_CLOEXEC && defined IN_NONBLOCK
+  int fd = inotify_init1 (IN_CLOEXEC | IN_NONBLOCK);
+  if (fd >= 0)
+    return fd;
+#endif
+  return inotify_init ();
+}
+
+inline_size void
+infy_init (EV_P)
+{
+  if (fs_fd != -2)
+    return;
+
+  fs_fd = -1;
+
+  ev_check_2625 (EV_A);
+
+  fs_fd = infy_newfd ();
+
+  if (fs_fd >= 0)
+    {
+      fd_intern (fs_fd);
+      ev_io_init (&fs_w, infy_cb, fs_fd, EV_READ);
+      ev_set_priority (&fs_w, EV_MAXPRI);
+      ev_io_start (EV_A_ &fs_w);
+      ev_unref (EV_A);
+    }
+}
+
+inline_size void
+infy_fork (EV_P)
+{
+  int slot;
+
+  if (fs_fd < 0)
+    return;
+
+  ev_ref (EV_A);
+  ev_io_stop (EV_A_ &fs_w);
+  close (fs_fd);
+  fs_fd = infy_newfd ();
+
+  if (fs_fd >= 0)
+    {
+      fd_intern (fs_fd);
+      ev_io_set (&fs_w, fs_fd, EV_READ);
+      ev_io_start (EV_A_ &fs_w);
+      ev_unref (EV_A);
+    }
+
+  for (slot = 0; slot < (EV_INOTIFY_HASHSIZE); ++slot)
+    {
+      WL w_ = fs_hash [slot].head;
+      fs_hash [slot].head = 0;
+
+      while (w_)
+        {
+          ev_stat *w = (ev_stat *)w_;
+          w_ = w_->next; /* lets us add this watcher */
+
+          w->wd = -1;
+
+          if (fs_fd >= 0)
+            infy_add (EV_A_ w); /* re-add, no matter what */
+          else
+            {
+              w->timer.repeat = w->interval ? w->interval : DEF_STAT_INTERVAL;
+              if (ev_is_active (&w->timer)) ev_ref (EV_A);
+              ev_timer_again (EV_A_ &w->timer);
+              if (ev_is_active (&w->timer)) ev_unref (EV_A);
+            }
+        }
+    }
+}
+
+#endif
+
+#ifdef _WIN32
+# define EV_LSTAT(p,b) _stati64 (p, b)
+#else
+# define EV_LSTAT(p,b) lstat (p, b)
+#endif
+
+void
+ev_stat_stat (EV_P_ ev_stat *w) EV_THROW
+{
+  if (lstat (w->path, &w->attr) < 0)
+    w->attr.st_nlink = 0;
+  else if (!w->attr.st_nlink)
+    w->attr.st_nlink = 1;
+}
+
+static void noinline
+stat_timer_cb (EV_P_ ev_timer *w_, int revents)
+{
+  ev_stat *w = (ev_stat *)(((char *)w_) - offsetof (ev_stat, timer));
+
+  ev_statdata prev = w->attr;
+  ev_stat_stat (EV_A_ w);
+
+  /* memcmp doesn't work on netbsd, they.... do stuff to their struct stat */
+  if (
+    prev.st_dev      != w->attr.st_dev
+    || prev.st_ino   != w->attr.st_ino
+    || prev.st_mode  != w->attr.st_mode
+    || prev.st_nlink != w->attr.st_nlink
+    || prev.st_uid   != w->attr.st_uid
+    || prev.st_gid   != w->attr.st_gid
+    || prev.st_rdev  != w->attr.st_rdev
+    || prev.st_size  != w->attr.st_size
+    || prev.st_atime != w->attr.st_atime
+    || prev.st_mtime != w->attr.st_mtime
+    || prev.st_ctime != w->attr.st_ctime
+  ) {
+      /* we only update w->prev on actual differences */
+      /* in case we test more often than invoke the callback, */
+      /* to ensure that prev is always different to attr */
+      w->prev = prev;
+
+      #if EV_USE_INOTIFY
+        if (fs_fd >= 0)
+          {
+            infy_del (EV_A_ w);
+            infy_add (EV_A_ w);
+            ev_stat_stat (EV_A_ w); /* avoid race... */
+          }
+      #endif
+
+      ev_feed_event (EV_A_ w, EV_STAT);
+    }
+}
+
+void
+ev_stat_start (EV_P_ ev_stat *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  ev_stat_stat (EV_A_ w);
+
+  if (w->interval < MIN_STAT_INTERVAL && w->interval)
+    w->interval = MIN_STAT_INTERVAL;
+
+  ev_timer_init (&w->timer, stat_timer_cb, 0., w->interval ? w->interval : DEF_STAT_INTERVAL);
+  ev_set_priority (&w->timer, ev_priority (w));
+
+#if EV_USE_INOTIFY
+  infy_init (EV_A);
+
+  if (fs_fd >= 0)
+    infy_add (EV_A_ w);
+  else
+#endif
+    {
+      ev_timer_again (EV_A_ &w->timer);
+      ev_unref (EV_A);
+    }
+
+  ev_start (EV_A_ (W)w, 1);
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_stat_stop (EV_P_ ev_stat *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+#if EV_USE_INOTIFY
+  infy_del (EV_A_ w);
+#endif
+
+  if (ev_is_active (&w->timer))
+    {
+      ev_ref (EV_A);
+      ev_timer_stop (EV_A_ &w->timer);
+    }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_IDLE_ENABLE
+void
+ev_idle_start (EV_P_ ev_idle *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  pri_adjust (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ++idlecnt [ABSPRI (w)];
+
+    ++idleall;
+    ev_start (EV_A_ (W)w, active);
+
+    array_needsize (ev_idle *, idles [ABSPRI (w)], idlemax [ABSPRI (w)], active, EMPTY2);
+    idles [ABSPRI (w)][active - 1] = w;
+  }
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_idle_stop (EV_P_ ev_idle *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    idles [ABSPRI (w)][active - 1] = idles [ABSPRI (w)][--idlecnt [ABSPRI (w)]];
+    ev_active (idles [ABSPRI (w)][active - 1]) = active;
+
+    ev_stop (EV_A_ (W)w);
+    --idleall;
+  }
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_PREPARE_ENABLE
+void
+ev_prepare_start (EV_P_ ev_prepare *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, ++preparecnt);
+  array_needsize (ev_prepare *, prepares, preparemax, preparecnt, EMPTY2);
+  prepares [preparecnt - 1] = w;
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_prepare_stop (EV_P_ ev_prepare *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    prepares [active - 1] = prepares [--preparecnt];
+    ev_active (prepares [active - 1]) = active;
+  }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_CHECK_ENABLE
+void
+ev_check_start (EV_P_ ev_check *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, ++checkcnt);
+  array_needsize (ev_check *, checks, checkmax, checkcnt, EMPTY2);
+  checks [checkcnt - 1] = w;
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_check_stop (EV_P_ ev_check *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    checks [active - 1] = checks [--checkcnt];
+    ev_active (checks [active - 1]) = active;
+  }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_EMBED_ENABLE
+void noinline
+ev_embed_sweep (EV_P_ ev_embed *w) EV_THROW
+{
+  ev_run (w->other, EVRUN_NOWAIT);
+}
+
+static void
+embed_io_cb (EV_P_ ev_io *io, int revents)
+{
+  ev_embed *w = (ev_embed *)(((char *)io) - offsetof (ev_embed, io));
+
+  if (ev_cb (w))
+    ev_feed_event (EV_A_ (W)w, EV_EMBED);
+  else
+    ev_run (w->other, EVRUN_NOWAIT);
+}
+
+static void
+embed_prepare_cb (EV_P_ ev_prepare *prepare, int revents)
+{
+  ev_embed *w = (ev_embed *)(((char *)prepare) - offsetof (ev_embed, prepare));
+
+  {
+    EV_P = w->other;
+
+    while (fdchangecnt)
+      {
+        fd_reify (EV_A);
+        ev_run (EV_A_ EVRUN_NOWAIT);
+      }
+  }
+}
+
+static void
+embed_fork_cb (EV_P_ ev_fork *fork_w, int revents)
+{
+  ev_embed *w = (ev_embed *)(((char *)fork_w) - offsetof (ev_embed, fork));
+
+  ev_embed_stop (EV_A_ w);
+
+  {
+    EV_P = w->other;
+
+    ev_loop_fork (EV_A);
+    ev_run (EV_A_ EVRUN_NOWAIT);
+  }
+
+  ev_embed_start (EV_A_ w);
+}
+
+#if 0
+static void
+embed_idle_cb (EV_P_ ev_idle *idle, int revents)
+{
+  ev_idle_stop (EV_A_ idle);
+}
+#endif
+
+void
+ev_embed_start (EV_P_ ev_embed *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  {
+    EV_P = w->other;
+    assert (("libev: loop to be embedded is not embeddable", backend & ev_embeddable_backends ()));
+    ev_io_init (&w->io, embed_io_cb, backend_fd, EV_READ);
+  }
+
+  EV_FREQUENT_CHECK;
+
+  ev_set_priority (&w->io, ev_priority (w));
+  ev_io_start (EV_A_ &w->io);
+
+  ev_prepare_init (&w->prepare, embed_prepare_cb);
+  ev_set_priority (&w->prepare, EV_MINPRI);
+  ev_prepare_start (EV_A_ &w->prepare);
+
+  ev_fork_init (&w->fork, embed_fork_cb);
+  ev_fork_start (EV_A_ &w->fork);
+
+  /*ev_idle_init (&w->idle, e,bed_idle_cb);*/
+
+  ev_start (EV_A_ (W)w, 1);
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_embed_stop (EV_P_ ev_embed *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  ev_io_stop      (EV_A_ &w->io);
+  ev_prepare_stop (EV_A_ &w->prepare);
+  ev_fork_stop    (EV_A_ &w->fork);
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_FORK_ENABLE
+void
+ev_fork_start (EV_P_ ev_fork *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, ++forkcnt);
+  array_needsize (ev_fork *, forks, forkmax, forkcnt, EMPTY2);
+  forks [forkcnt - 1] = w;
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_fork_stop (EV_P_ ev_fork *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    forks [active - 1] = forks [--forkcnt];
+    ev_active (forks [active - 1]) = active;
+  }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_CLEANUP_ENABLE
+void
+ev_cleanup_start (EV_P_ ev_cleanup *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, ++cleanupcnt);
+  array_needsize (ev_cleanup *, cleanups, cleanupmax, cleanupcnt, EMPTY2);
+  cleanups [cleanupcnt - 1] = w;
+
+  /* cleanup watchers should never keep a refcount on the loop */
+  ev_unref (EV_A);
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_cleanup_stop (EV_P_ ev_cleanup *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+  ev_ref (EV_A);
+
+  {
+    int active = ev_active (w);
+
+    cleanups [active - 1] = cleanups [--cleanupcnt];
+    ev_active (cleanups [active - 1]) = active;
+  }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+#endif
+
+#if EV_ASYNC_ENABLE
+void
+ev_async_start (EV_P_ ev_async *w) EV_THROW
+{
+  if (expect_false (ev_is_active (w)))
+    return;
+
+  w->sent = 0;
+
+  evpipe_init (EV_A);
+
+  EV_FREQUENT_CHECK;
+
+  ev_start (EV_A_ (W)w, ++asynccnt);
+  array_needsize (ev_async *, asyncs, asyncmax, asynccnt, EMPTY2);
+  asyncs [asynccnt - 1] = w;
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_async_stop (EV_P_ ev_async *w) EV_THROW
+{
+  clear_pending (EV_A_ (W)w);
+  if (expect_false (!ev_is_active (w)))
+    return;
+
+  EV_FREQUENT_CHECK;
+
+  {
+    int active = ev_active (w);
+
+    asyncs [active - 1] = asyncs [--asynccnt];
+    ev_active (asyncs [active - 1]) = active;
+  }
+
+  ev_stop (EV_A_ (W)w);
+
+  EV_FREQUENT_CHECK;
+}
+
+void
+ev_async_send (EV_P_ ev_async *w) EV_THROW
+{
+  w->sent = 1;
+  evpipe_write (EV_A_ &async_pending);
+}
+#endif
+
+/*****************************************************************************/
+
+struct ev_once
+{
+  ev_io io;
+  ev_timer to;
+  void (*cb)(int revents, void *arg);
+  void *arg;
+};
+
+static void
+once_cb (EV_P_ struct ev_once *once, int revents)
+{
+  void (*cb)(int revents, void *arg) = once->cb;
+  void *arg = once->arg;
+
+  ev_io_stop    (EV_A_ &once->io);
+  ev_timer_stop (EV_A_ &once->to);
+  ev_free (once);
+
+  cb (revents, arg);
+}
+
+static void
+once_cb_io (EV_P_ ev_io *w, int revents)
+{
+  struct ev_once *once = (struct ev_once *)(((char *)w) - offsetof (struct ev_once, io));
+
+  once_cb (EV_A_ once, revents | ev_clear_pending (EV_A_ &once->to));
+}
+
+static void
+once_cb_to (EV_P_ ev_timer *w, int revents)
+{
+  struct ev_once *once = (struct ev_once *)(((char *)w) - offsetof (struct ev_once, to));
+
+  once_cb (EV_A_ once, revents | ev_clear_pending (EV_A_ &once->io));
+}
+
+void
+ev_once (EV_P_ int fd, int events, ev_tstamp timeout, void (*cb)(int revents, void *arg), void *arg) EV_THROW
+{
+  struct ev_once *once = (struct ev_once *)ev_malloc (sizeof (struct ev_once));
+
+  if (expect_false (!once))
+    {
+      cb (EV_ERROR | EV_READ | EV_WRITE | EV_TIMER, arg);
+      return;
+    }
+
+  once->cb  = cb;
+  once->arg = arg;
+
+  ev_init (&once->io, once_cb_io);
+  if (fd >= 0)
+    {
+      ev_io_set (&once->io, fd, events);
+      ev_io_start (EV_A_ &once->io);
+    }
+
+  ev_init (&once->to, once_cb_to);
+  if (timeout >= 0.)
+    {
+      ev_timer_set (&once->to, timeout, 0.);
+      ev_timer_start (EV_A_ &once->to);
+    }
+}
+
+/*****************************************************************************/
+
+#if EV_WALK_ENABLE
+void ecb_cold
+ev_walk (EV_P_ int types, void (*cb)(EV_P_ int type, void *w)) EV_THROW
+{
+  int i, j;
+  ev_watcher_list *wl, *wn;
+
+  if (types & (EV_IO | EV_EMBED))
+    for (i = 0; i < anfdmax; ++i)
+      for (wl = anfds [i].head; wl; )
+        {
+          wn = wl->next;
+
+#if EV_EMBED_ENABLE
+          if (ev_cb ((ev_io *)wl) == embed_io_cb)
+            {
+              if (types & EV_EMBED)
+                cb (EV_A_ EV_EMBED, ((char *)wl) - offsetof (struct ev_embed, io));
+            }
+          else
+#endif
+#if EV_USE_INOTIFY
+          if (ev_cb ((ev_io *)wl) == infy_cb)
+            ;
+          else
+#endif
+          if ((ev_io *)wl != &pipe_w)
+            if (types & EV_IO)
+              cb (EV_A_ EV_IO, wl);
+
+          wl = wn;
+        }
+
+  if (types & (EV_TIMER | EV_STAT))
+    for (i = timercnt + HEAP0; i-- > HEAP0; )
+#if EV_STAT_ENABLE
+      /*TODO: timer is not always active*/
+      if (ev_cb ((ev_timer *)ANHE_w (timers [i])) == stat_timer_cb)
+        {
+          if (types & EV_STAT)
+            cb (EV_A_ EV_STAT, ((char *)ANHE_w (timers [i])) - offsetof (struct ev_stat, timer));
+        }
+      else
+#endif
+      if (types & EV_TIMER)
+        cb (EV_A_ EV_TIMER, ANHE_w (timers [i]));
+
+#if EV_PERIODIC_ENABLE
+  if (types & EV_PERIODIC)
+    for (i = periodiccnt + HEAP0; i-- > HEAP0; )
+      cb (EV_A_ EV_PERIODIC, ANHE_w (periodics [i]));
+#endif
+
+#if EV_IDLE_ENABLE
+  if (types & EV_IDLE)
+    for (j = NUMPRI; j--; )
+      for (i = idlecnt [j]; i--; )
+        cb (EV_A_ EV_IDLE, idles [j][i]);
+#endif
+
+#if EV_FORK_ENABLE
+  if (types & EV_FORK)
+    for (i = forkcnt; i--; )
+      if (ev_cb (forks [i]) != embed_fork_cb)
+        cb (EV_A_ EV_FORK, forks [i]);
+#endif
+
+#if EV_ASYNC_ENABLE
+  if (types & EV_ASYNC)
+    for (i = asynccnt; i--; )
+      cb (EV_A_ EV_ASYNC, asyncs [i]);
+#endif
+
+#if EV_PREPARE_ENABLE
+  if (types & EV_PREPARE)
+    for (i = preparecnt; i--; )
+# if EV_EMBED_ENABLE
+      if (ev_cb (prepares [i]) != embed_prepare_cb)
+# endif
+        cb (EV_A_ EV_PREPARE, prepares [i]);
+#endif
+
+#if EV_CHECK_ENABLE
+  if (types & EV_CHECK)
+    for (i = checkcnt; i--; )
+      cb (EV_A_ EV_CHECK, checks [i]);
+#endif
+
+#if EV_SIGNAL_ENABLE
+  if (types & EV_SIGNAL)
+    for (i = 0; i < EV_NSIG - 1; ++i)
+      for (wl = signals [i].head; wl; )
+        {
+          wn = wl->next;
+          cb (EV_A_ EV_SIGNAL, wl);
+          wl = wn;
+        }
+#endif
+
+#if EV_CHILD_ENABLE
+  if (types & EV_CHILD)
+    for (i = (EV_PID_HASHSIZE); i--; )
+      for (wl = childs [i]; wl; )
+        {
+          wn = wl->next;
+          cb (EV_A_ EV_CHILD, wl);
+          wl = wn;
+        }
+#endif
+/* EV_STAT     0x00001000 /* stat data changed */
+/* EV_EMBED    0x00010000 /* embedded event loop needs sweep */
+}
+#endif
+
+#if EV_MULTIPLICITY
+  #include "ev_wrap.h"
+#endif
+
diff --git a/krb5-1.21.3/src/util/verto/ev.h b/krb5-1.21.3/src/util/verto/ev.h
new file mode 100644
index 00000000..38f62d82
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev.h
@@ -0,0 +1,854 @@
+/*
+ * libev native API header
+ *
+ * Copyright (c) 2007,2008,2009,2010,2011,2012,2015 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef EV_H_
+#define EV_H_
+
+#ifdef __cplusplus
+# define EV_CPP(x) x
+# if __cplusplus >= 201103L
+#  define EV_THROW noexcept
+# else
+#  define EV_THROW throw ()
+# endif
+#else
+# define EV_CPP(x)
+# define EV_THROW
+#endif
+
+EV_CPP(extern "C" {)
+
+/*****************************************************************************/
+
+/* pre-4.0 compatibility */
+#ifndef EV_COMPAT3
+# define EV_COMPAT3 1
+#endif
+
+#ifndef EV_FEATURES
+# if defined __OPTIMIZE_SIZE__
+#  define EV_FEATURES 0x7c
+# else
+#  define EV_FEATURES 0x7f
+# endif
+#endif
+
+#define EV_FEATURE_CODE     ((EV_FEATURES) &  1)
+#define EV_FEATURE_DATA     ((EV_FEATURES) &  2)
+#define EV_FEATURE_CONFIG   ((EV_FEATURES) &  4)
+#define EV_FEATURE_API      ((EV_FEATURES) &  8)
+#define EV_FEATURE_WATCHERS ((EV_FEATURES) & 16)
+#define EV_FEATURE_BACKENDS ((EV_FEATURES) & 32)
+#define EV_FEATURE_OS       ((EV_FEATURES) & 64)
+
+/* these priorities are inclusive, higher priorities will be invoked earlier */
+#ifndef EV_MINPRI
+# define EV_MINPRI (EV_FEATURE_CONFIG ? -2 : 0)
+#endif
+#ifndef EV_MAXPRI
+# define EV_MAXPRI (EV_FEATURE_CONFIG ? +2 : 0)
+#endif
+
+#ifndef EV_MULTIPLICITY
+# define EV_MULTIPLICITY EV_FEATURE_CONFIG
+#endif
+
+#ifndef EV_PERIODIC_ENABLE
+# define EV_PERIODIC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_STAT_ENABLE
+# define EV_STAT_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_PREPARE_ENABLE
+# define EV_PREPARE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHECK_ENABLE
+# define EV_CHECK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_IDLE_ENABLE
+# define EV_IDLE_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_FORK_ENABLE
+# define EV_FORK_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CLEANUP_ENABLE
+# define EV_CLEANUP_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_CHILD_ENABLE
+# ifdef _WIN32
+#  define EV_CHILD_ENABLE 0
+# else
+#  define EV_CHILD_ENABLE EV_FEATURE_WATCHERS
+#endif
+#endif
+
+#ifndef EV_ASYNC_ENABLE
+# define EV_ASYNC_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_EMBED_ENABLE
+# define EV_EMBED_ENABLE EV_FEATURE_WATCHERS
+#endif
+
+#ifndef EV_WALK_ENABLE
+# define EV_WALK_ENABLE 0 /* not yet */
+#endif
+
+/*****************************************************************************/
+
+#if EV_CHILD_ENABLE && !EV_SIGNAL_ENABLE
+# undef EV_SIGNAL_ENABLE
+# define EV_SIGNAL_ENABLE 1
+#endif
+
+/*****************************************************************************/
+
+typedef double ev_tstamp;
+
+#include <string.h> /* for memmove */
+
+#ifndef EV_ATOMIC_T
+# include <signal.h>
+# define EV_ATOMIC_T sig_atomic_t volatile
+#endif
+
+#if EV_STAT_ENABLE
+# ifdef _WIN32
+#  include <time.h>
+#  include <sys/types.h>
+# endif
+# include <sys/stat.h>
+#endif
+
+/* support multiple event loops? */
+#if EV_MULTIPLICITY
+struct ev_loop;
+# define EV_P  struct ev_loop *loop               /* a loop as sole parameter in a declaration */
+# define EV_P_ EV_P,                              /* a loop as first of multiple parameters */
+# define EV_A  loop                               /* a loop as sole argument to a function call */
+# define EV_A_ EV_A,                              /* a loop as first of multiple arguments */
+# define EV_DEFAULT_UC  ev_default_loop_uc_ ()    /* the default loop, if initialised, as sole arg */
+# define EV_DEFAULT_UC_ EV_DEFAULT_UC,            /* the default loop as first of multiple arguments */
+# define EV_DEFAULT  ev_default_loop (0)          /* the default loop as sole arg */
+# define EV_DEFAULT_ EV_DEFAULT,                  /* the default loop as first of multiple arguments */
+#else
+# define EV_P void
+# define EV_P_
+# define EV_A
+# define EV_A_
+# define EV_DEFAULT
+# define EV_DEFAULT_
+# define EV_DEFAULT_UC
+# define EV_DEFAULT_UC_
+# undef EV_EMBED_ENABLE
+#endif
+
+/* EV_INLINE is used for functions in header files */
+#if __STDC_VERSION__ >= 199901L || __GNUC__ >= 3
+# define EV_INLINE static inline
+#else
+# define EV_INLINE static
+#endif
+
+#ifdef EV_API_STATIC
+# define EV_API_DECL static
+#else
+# define EV_API_DECL extern
+#endif
+
+/* EV_PROTOTYPES can be used to switch of prototype declarations */
+#ifndef EV_PROTOTYPES
+# define EV_PROTOTYPES 1
+#endif
+
+/*****************************************************************************/
+
+#define EV_VERSION_MAJOR 4
+#define EV_VERSION_MINOR 22
+
+/* eventmask, revents, events... */
+enum {
+  EV_UNDEF    = (int)0xFFFFFFFF, /* guaranteed to be invalid */
+  EV_NONE     =            0x00, /* no events */
+  EV_READ     =            0x01, /* ev_io detected read will not block */
+  EV_WRITE    =            0x02, /* ev_io detected write will not block */
+  EV__IOFDSET =            0x80, /* internal use only */
+  EV_IO       =         EV_READ, /* alias for type-detection */
+  EV_TIMER    =      0x00000100, /* timer timed out */
+#if EV_COMPAT3
+  EV_TIMEOUT  =        EV_TIMER, /* pre 4.0 API compatibility */
+#endif
+  EV_PERIODIC =      0x00000200, /* periodic timer timed out */
+  EV_SIGNAL   =      0x00000400, /* signal was received */
+  EV_CHILD    =      0x00000800, /* child/pid had status change */
+  EV_STAT     =      0x00001000, /* stat data changed */
+  EV_IDLE     =      0x00002000, /* event loop is idling */
+  EV_PREPARE  =      0x00004000, /* event loop about to poll */
+  EV_CHECK    =      0x00008000, /* event loop finished poll */
+  EV_EMBED    =      0x00010000, /* embedded event loop needs sweep */
+  EV_FORK     =      0x00020000, /* event loop resumed in child */
+  EV_CLEANUP  =      0x00040000, /* event loop resumed in child */
+  EV_ASYNC    =      0x00080000, /* async intra-loop signal */
+  EV_CUSTOM   =      0x01000000, /* for use by user code */
+  EV_ERROR    = (int)0x80000000  /* sent when an error occurs */
+};
+
+/* can be used to add custom fields to all watchers, while losing binary compatibility */
+#ifndef EV_COMMON
+# define EV_COMMON void *data;
+#endif
+
+#ifndef EV_CB_DECLARE
+# define EV_CB_DECLARE(type) void (*cb)(EV_P_ struct type *w, int revents);
+#endif
+#ifndef EV_CB_INVOKE
+# define EV_CB_INVOKE(watcher,revents) (watcher)->cb (EV_A_ (watcher), (revents))
+#endif
+
+/* not official, do not use */
+#define EV_CB(type,name) void name (EV_P_ struct ev_ ## type *w, int revents)
+
+/*
+ * struct member types:
+ * private: you may look at them, but not change them,
+ *          and they might not mean anything to you.
+ * ro: can be read anytime, but only changed when the watcher isn't active.
+ * rw: can be read and modified anytime, even when the watcher is active.
+ *
+ * some internal details that might be helpful for debugging:
+ *
+ * active is either 0, which means the watcher is not active,
+ *           or the array index of the watcher (periodics, timers)
+ *           or the array index + 1 (most other watchers)
+ *           or simply 1 for watchers that aren't in some array.
+ * pending is either 0, in which case the watcher isn't,
+ *           or the array index + 1 in the pendings array.
+ */
+
+#if EV_MINPRI == EV_MAXPRI
+# define EV_DECL_PRIORITY
+#elif !defined (EV_DECL_PRIORITY)
+# define EV_DECL_PRIORITY int priority;
+#endif
+
+/* shared by all watchers */
+#define EV_WATCHER(type)			\
+  int active; /* private */			\
+  int pending; /* private */			\
+  EV_DECL_PRIORITY /* private */		\
+  EV_COMMON /* rw */				\
+  EV_CB_DECLARE (type) /* private */
+
+#define EV_WATCHER_LIST(type)			\
+  EV_WATCHER (type)				\
+  struct ev_watcher_list *next; /* private */
+
+#define EV_WATCHER_TIME(type)			\
+  EV_WATCHER (type)				\
+  ev_tstamp at;     /* private */
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher
+{
+  EV_WATCHER (ev_watcher)
+} ev_watcher;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_list
+{
+  EV_WATCHER_LIST (ev_watcher_list)
+} ev_watcher_list;
+
+/* base class, nothing to see here unless you subclass */
+typedef struct ev_watcher_time
+{
+  EV_WATCHER_TIME (ev_watcher_time)
+} ev_watcher_time;
+
+/* invoked when fd is either EV_READable or EV_WRITEable */
+/* revent EV_READ, EV_WRITE */
+typedef struct ev_io
+{
+  EV_WATCHER_LIST (ev_io)
+
+  int fd;     /* ro */
+  int events; /* ro */
+} ev_io;
+
+/* invoked after a specific time, repeatable (based on monotonic clock) */
+/* revent EV_TIMEOUT */
+typedef struct ev_timer
+{
+  EV_WATCHER_TIME (ev_timer)
+
+  ev_tstamp repeat; /* rw */
+} ev_timer;
+
+/* invoked at some specific time, possibly repeating at regular intervals (based on UTC) */
+/* revent EV_PERIODIC */
+typedef struct ev_periodic
+{
+  EV_WATCHER_TIME (ev_periodic)
+
+  ev_tstamp offset; /* rw */
+  ev_tstamp interval; /* rw */
+  ev_tstamp (*reschedule_cb)(struct ev_periodic *w, ev_tstamp now) EV_THROW; /* rw */
+} ev_periodic;
+
+/* invoked when the given signal has been received */
+/* revent EV_SIGNAL */
+typedef struct ev_signal
+{
+  EV_WATCHER_LIST (ev_signal)
+
+  int signum; /* ro */
+} ev_signal;
+
+/* invoked when sigchld is received and waitpid indicates the given pid */
+/* revent EV_CHILD */
+/* does not support priorities */
+typedef struct ev_child
+{
+  EV_WATCHER_LIST (ev_child)
+
+  int flags;   /* private */
+  int pid;     /* ro */
+  int rpid;    /* rw, holds the received pid */
+  int rstatus; /* rw, holds the exit status, use the macros from sys/wait.h */
+} ev_child;
+
+#if EV_STAT_ENABLE
+/* st_nlink = 0 means missing file or other error */
+# ifdef _WIN32
+typedef struct _stati64 ev_statdata;
+# else
+typedef struct stat ev_statdata;
+# endif
+
+/* invoked each time the stat data changes for a given path */
+/* revent EV_STAT */
+typedef struct ev_stat
+{
+  EV_WATCHER_LIST (ev_stat)
+
+  ev_timer timer;     /* private */
+  ev_tstamp interval; /* ro */
+  const char *path;   /* ro */
+  ev_statdata prev;   /* ro */
+  ev_statdata attr;   /* ro */
+
+  int wd; /* wd for inotify, fd for kqueue */
+} ev_stat;
+#endif
+
+#if EV_IDLE_ENABLE
+/* invoked when the nothing else needs to be done, keeps the process from blocking */
+/* revent EV_IDLE */
+typedef struct ev_idle
+{
+  EV_WATCHER (ev_idle)
+} ev_idle;
+#endif
+
+/* invoked for each run of the mainloop, just before the blocking call */
+/* you can still change events in any way you like */
+/* revent EV_PREPARE */
+typedef struct ev_prepare
+{
+  EV_WATCHER (ev_prepare)
+} ev_prepare;
+
+/* invoked for each run of the mainloop, just after the blocking call */
+/* revent EV_CHECK */
+typedef struct ev_check
+{
+  EV_WATCHER (ev_check)
+} ev_check;
+
+#if EV_FORK_ENABLE
+/* the callback gets invoked before check in the child process when a fork was detected */
+/* revent EV_FORK */
+typedef struct ev_fork
+{
+  EV_WATCHER (ev_fork)
+} ev_fork;
+#endif
+
+#if EV_CLEANUP_ENABLE
+/* is invoked just before the loop gets destroyed */
+/* revent EV_CLEANUP */
+typedef struct ev_cleanup
+{
+  EV_WATCHER (ev_cleanup)
+} ev_cleanup;
+#endif
+
+#if EV_EMBED_ENABLE
+/* used to embed an event loop inside another */
+/* the callback gets invoked when the event loop has handled events, and can be 0 */
+typedef struct ev_embed
+{
+  EV_WATCHER (ev_embed)
+
+  struct ev_loop *other; /* ro */
+  ev_io io;              /* private */
+  ev_prepare prepare;    /* private */
+  ev_check check;        /* unused */
+  ev_timer timer;        /* unused */
+  ev_periodic periodic;  /* unused */
+  ev_idle idle;          /* unused */
+  ev_fork fork;          /* private */
+#if EV_CLEANUP_ENABLE
+  ev_cleanup cleanup;    /* unused */
+#endif
+} ev_embed;
+#endif
+
+#if EV_ASYNC_ENABLE
+/* invoked when somebody calls ev_async_send on the watcher */
+/* revent EV_ASYNC */
+typedef struct ev_async
+{
+  EV_WATCHER (ev_async)
+
+  EV_ATOMIC_T sent; /* private */
+} ev_async;
+
+# define ev_async_pending(w) (+(w)->sent)
+#endif
+
+/* the presence of this union forces similar struct layout */
+union ev_any_watcher
+{
+  struct ev_watcher w;
+  struct ev_watcher_list wl;
+
+  struct ev_io io;
+  struct ev_timer timer;
+  struct ev_periodic periodic;
+  struct ev_signal signal;
+  struct ev_child child;
+#if EV_STAT_ENABLE
+  struct ev_stat stat;
+#endif
+#if EV_IDLE_ENABLE
+  struct ev_idle idle;
+#endif
+  struct ev_prepare prepare;
+  struct ev_check check;
+#if EV_FORK_ENABLE
+  struct ev_fork fork;
+#endif
+#if EV_CLEANUP_ENABLE
+  struct ev_cleanup cleanup;
+#endif
+#if EV_EMBED_ENABLE
+  struct ev_embed embed;
+#endif
+#if EV_ASYNC_ENABLE
+  struct ev_async async;
+#endif
+};
+
+/* flag bits for ev_default_loop and ev_loop_new */
+enum {
+  /* the default */
+  EVFLAG_AUTO      = 0x00000000U, /* not quite a mask */
+  /* flag bits */
+  EVFLAG_NOENV     = 0x01000000U, /* do NOT consult environment */
+  EVFLAG_FORKCHECK = 0x02000000U, /* check for a fork in each iteration */
+  /* debugging/feature disable */
+  EVFLAG_NOINOTIFY = 0x00100000U, /* do not attempt to use inotify */
+#if EV_COMPAT3
+  EVFLAG_NOSIGFD   = 0, /* compatibility to pre-3.9 */
+#endif
+  EVFLAG_SIGNALFD  = 0x00200000U, /* attempt to use signalfd */
+  EVFLAG_NOSIGMASK = 0x00400000U  /* avoid modifying the signal mask */
+};
+
+/* method bits to be ored together */
+enum {
+  EVBACKEND_SELECT  = 0x00000001U, /* about anywhere */
+  EVBACKEND_POLL    = 0x00000002U, /* !win */
+  EVBACKEND_EPOLL   = 0x00000004U, /* linux */
+  EVBACKEND_KQUEUE  = 0x00000008U, /* bsd */
+  EVBACKEND_DEVPOLL = 0x00000010U, /* solaris 8 */ /* NYI */
+  EVBACKEND_PORT    = 0x00000020U, /* solaris 10 */
+  EVBACKEND_ALL     = 0x0000003FU, /* all known backends */
+  EVBACKEND_MASK    = 0x0000FFFFU  /* all future backends */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int ev_version_major (void) EV_THROW;
+EV_API_DECL int ev_version_minor (void) EV_THROW;
+
+EV_API_DECL unsigned int ev_supported_backends (void) EV_THROW;
+EV_API_DECL unsigned int ev_recommended_backends (void) EV_THROW;
+EV_API_DECL unsigned int ev_embeddable_backends (void) EV_THROW;
+
+EV_API_DECL ev_tstamp ev_time (void) EV_THROW;
+EV_API_DECL void ev_sleep (ev_tstamp delay) EV_THROW; /* sleep for a while */
+
+/* Sets the allocation function to use, works like realloc.
+ * It is used to allocate and free memory.
+ * If it returns zero when memory needs to be allocated, the library might abort
+ * or take some potentially destructive action.
+ * The default is your system realloc function.
+ */
+EV_API_DECL void ev_set_allocator (void *(*cb)(void *ptr, long size) EV_THROW) EV_THROW;
+
+/* set the callback function to call on a
+ * retryable syscall error
+ * (such as failed select, poll, epoll_wait)
+ */
+EV_API_DECL void ev_set_syserr_cb (void (*cb)(const char *msg) EV_THROW) EV_THROW;
+
+#if EV_MULTIPLICITY
+
+/* the default loop is the only one that handles signals and child watchers */
+/* you can call this as often as you like */
+EV_API_DECL struct ev_loop *ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_THROW;
+
+#ifdef EV_API_STATIC
+EV_API_DECL struct ev_loop *ev_default_loop_ptr;
+#endif
+
+EV_INLINE struct ev_loop *
+ev_default_loop_uc_ (void) EV_THROW
+{
+  extern struct ev_loop *ev_default_loop_ptr;
+
+  return ev_default_loop_ptr;
+}
+
+EV_INLINE int
+ev_is_default_loop (EV_P) EV_THROW
+{
+  return EV_A == EV_DEFAULT_UC;
+}
+
+/* create and destroy alternative loops that don't handle signals */
+EV_API_DECL struct ev_loop *ev_loop_new (unsigned int flags EV_CPP (= 0)) EV_THROW;
+
+EV_API_DECL ev_tstamp ev_now (EV_P) EV_THROW; /* time w.r.t. timers and the eventloop, updated after each poll */
+
+#else
+
+EV_API_DECL int ev_default_loop (unsigned int flags EV_CPP (= 0)) EV_THROW; /* returns true when successful */
+
+EV_API_DECL ev_tstamp ev_rt_now;
+
+EV_INLINE ev_tstamp
+ev_now (void) EV_THROW
+{
+  return ev_rt_now;
+}
+
+/* looks weird, but ev_is_default_loop (EV_A) still works if this exists */
+EV_INLINE int
+ev_is_default_loop (void) EV_THROW
+{
+  return 1;
+}
+
+#endif /* multiplicity */
+
+/* destroy event loops, also works for the default loop */
+EV_API_DECL void ev_loop_destroy (EV_P);
+
+/* this needs to be called after fork, to duplicate the loop */
+/* when you want to re-use it in the child */
+/* you can call it in either the parent or the child */
+/* you can actually call it at any time, anywhere :) */
+EV_API_DECL void ev_loop_fork (EV_P) EV_THROW;
+
+EV_API_DECL unsigned int ev_backend (EV_P) EV_THROW; /* backend in use by loop */
+
+EV_API_DECL void ev_now_update (EV_P) EV_THROW; /* update event loop time */
+
+#if EV_WALK_ENABLE
+/* walk (almost) all watchers in the loop of a given type, invoking the */
+/* callback on every such watcher. The callback might stop the watcher, */
+/* but do nothing else with the loop */
+EV_API_DECL void ev_walk (EV_P_ int types, void (*cb)(EV_P_ int type, void *w)) EV_THROW;
+#endif
+
+#endif /* prototypes */
+
+/* ev_run flags values */
+enum {
+  EVRUN_NOWAIT = 1, /* do not block/wait */
+  EVRUN_ONCE   = 2  /* block *once* only */
+};
+
+/* ev_break how values */
+enum {
+  EVBREAK_CANCEL = 0, /* undo unloop */
+  EVBREAK_ONE    = 1, /* unloop once */
+  EVBREAK_ALL    = 2  /* unloop all loops */
+};
+
+#if EV_PROTOTYPES
+EV_API_DECL int  ev_run (EV_P_ int flags EV_CPP (= 0));
+EV_API_DECL void ev_break (EV_P_ int how EV_CPP (= EVBREAK_ONE)) EV_THROW; /* break out of the loop */
+
+/*
+ * ref/unref can be used to add or remove a refcount on the mainloop. every watcher
+ * keeps one reference. if you have a long-running watcher you never unregister that
+ * should not keep ev_loop from running, unref() after starting, and ref() before stopping.
+ */
+EV_API_DECL void ev_ref   (EV_P) EV_THROW;
+EV_API_DECL void ev_unref (EV_P) EV_THROW;
+
+/*
+ * convenience function, wait for a single event, without registering an event watcher
+ * if timeout is < 0, do wait indefinitely
+ */
+EV_API_DECL void ev_once (EV_P_ int fd, int events, ev_tstamp timeout, void (*cb)(int revents, void *arg), void *arg) EV_THROW;
+
+# if EV_FEATURE_API
+EV_API_DECL unsigned int ev_iteration (EV_P) EV_THROW; /* number of loop iterations */
+EV_API_DECL unsigned int ev_depth     (EV_P) EV_THROW; /* #ev_loop enters - #ev_loop leaves */
+EV_API_DECL void         ev_verify    (EV_P) EV_THROW; /* abort if loop data corrupted */
+
+EV_API_DECL void ev_set_io_collect_interval (EV_P_ ev_tstamp interval) EV_THROW; /* sleep at least this time, default 0 */
+EV_API_DECL void ev_set_timeout_collect_interval (EV_P_ ev_tstamp interval) EV_THROW; /* sleep at least this time, default 0 */
+
+/* advanced stuff for threading etc. support, see docs */
+EV_API_DECL void ev_set_userdata (EV_P_ void *data) EV_THROW;
+EV_API_DECL void *ev_userdata (EV_P) EV_THROW;
+typedef void (*ev_loop_callback)(EV_P);
+EV_API_DECL void ev_set_invoke_pending_cb (EV_P_ ev_loop_callback invoke_pending_cb) EV_THROW;
+/* C++ doesn't allow the use of the ev_loop_callback typedef here, so we need to spell it out */
+EV_API_DECL void ev_set_loop_release_cb (EV_P_ void (*release)(EV_P) EV_THROW, void (*acquire)(EV_P) EV_THROW) EV_THROW;
+
+EV_API_DECL unsigned int ev_pending_count (EV_P) EV_THROW; /* number of pending events, if any */
+EV_API_DECL void ev_invoke_pending (EV_P); /* invoke all pending watchers */
+
+/*
+ * stop/start the timer handling.
+ */
+EV_API_DECL void ev_suspend (EV_P) EV_THROW;
+EV_API_DECL void ev_resume  (EV_P) EV_THROW;
+#endif
+
+#endif
+
+/* these may evaluate ev multiple times, and the other arguments at most once */
+/* either use ev_init + ev_TYPE_set, or the ev_TYPE_init macro, below, to first initialise a watcher */
+#define ev_init(ev,cb_) do {			\
+  ((ev_watcher *)(void *)(ev))->active  =	\
+  ((ev_watcher *)(void *)(ev))->pending = 0;	\
+  ev_set_priority ((ev), 0);			\
+  ev_set_cb ((ev), cb_);			\
+} while (0)
+
+#define ev_io_set(ev,fd_,events_)            do { (ev)->fd = (fd_); (ev)->events = (events_) | EV__IOFDSET; } while (0)
+#define ev_timer_set(ev,after_,repeat_)      do { ((ev_watcher_time *)(ev))->at = (after_); (ev)->repeat = (repeat_); } while (0)
+#define ev_periodic_set(ev,ofs_,ival_,rcb_)  do { (ev)->offset = (ofs_); (ev)->interval = (ival_); (ev)->reschedule_cb = (rcb_); } while (0)
+#define ev_signal_set(ev,signum_)            do { (ev)->signum = (signum_); } while (0)
+#define ev_child_set(ev,pid_,trace_)         do { (ev)->pid = (pid_); (ev)->flags = !!(trace_); } while (0)
+#define ev_stat_set(ev,path_,interval_)      do { (ev)->path = (path_); (ev)->interval = (interval_); (ev)->wd = -2; } while (0)
+#define ev_idle_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_prepare_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_check_set(ev)                     /* nop, yes, this is a serious in-joke */
+#define ev_embed_set(ev,other_)              do { (ev)->other = (other_); } while (0)
+#define ev_fork_set(ev)                      /* nop, yes, this is a serious in-joke */
+#define ev_cleanup_set(ev)                   /* nop, yes, this is a serious in-joke */
+#define ev_async_set(ev)                     /* nop, yes, this is a serious in-joke */
+
+#define ev_io_init(ev,cb,fd,events)          do { ev_init ((ev), (cb)); ev_io_set ((ev),(fd),(events)); } while (0)
+#define ev_timer_init(ev,cb,after,repeat)    do { ev_init ((ev), (cb)); ev_timer_set ((ev),(after),(repeat)); } while (0)
+#define ev_periodic_init(ev,cb,ofs,ival,rcb) do { ev_init ((ev), (cb)); ev_periodic_set ((ev),(ofs),(ival),(rcb)); } while (0)
+#define ev_signal_init(ev,cb,signum)         do { ev_init ((ev), (cb)); ev_signal_set ((ev), (signum)); } while (0)
+#define ev_child_init(ev,cb,pid,trace)       do { ev_init ((ev), (cb)); ev_child_set ((ev),(pid),(trace)); } while (0)
+#define ev_stat_init(ev,cb,path,interval)    do { ev_init ((ev), (cb)); ev_stat_set ((ev),(path),(interval)); } while (0)
+#define ev_idle_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_idle_set ((ev)); } while (0)
+#define ev_prepare_init(ev,cb)               do { ev_init ((ev), (cb)); ev_prepare_set ((ev)); } while (0)
+#define ev_check_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_check_set ((ev)); } while (0)
+#define ev_embed_init(ev,cb,other)           do { ev_init ((ev), (cb)); ev_embed_set ((ev),(other)); } while (0)
+#define ev_fork_init(ev,cb)                  do { ev_init ((ev), (cb)); ev_fork_set ((ev)); } while (0)
+#define ev_cleanup_init(ev,cb)               do { ev_init ((ev), (cb)); ev_cleanup_set ((ev)); } while (0)
+#define ev_async_init(ev,cb)                 do { ev_init ((ev), (cb)); ev_async_set ((ev)); } while (0)
+
+#define ev_is_pending(ev)                    (0 + ((ev_watcher *)(void *)(ev))->pending) /* ro, true when watcher is waiting for callback invocation */
+#define ev_is_active(ev)                     (0 + ((ev_watcher *)(void *)(ev))->active) /* ro, true when the watcher has been started */
+
+#define ev_cb_(ev)                           (ev)->cb /* rw */
+#define ev_cb(ev)                            (memmove (&ev_cb_ (ev), &((ev_watcher *)(ev))->cb, sizeof (ev_cb_ (ev))), (ev)->cb)
+
+#if EV_MINPRI == EV_MAXPRI
+# define ev_priority(ev)                     ((ev), EV_MINPRI)
+# define ev_set_priority(ev,pri)             ((ev), (pri))
+#else
+# define ev_priority(ev)                     (+(((ev_watcher *)(void *)(ev))->priority))
+# define ev_set_priority(ev,pri)             (   (ev_watcher *)(void *)(ev))->priority = (pri)
+#endif
+
+#define ev_periodic_at(ev)                   (+((ev_watcher_time *)(ev))->at)
+
+#ifndef ev_set_cb
+# define ev_set_cb(ev,cb_)                   (ev_cb_ (ev) = (cb_), memmove (&((ev_watcher *)(ev))->cb, &ev_cb_ (ev), sizeof (ev_cb_ (ev))))
+#endif
+
+/* stopping (enabling, adding) a watcher does nothing if it is already running */
+/* stopping (disabling, deleting) a watcher does nothing unless it's already running */
+#if EV_PROTOTYPES
+
+/* feeds an event into a watcher as if the event actually occurred */
+/* accepts any ev_watcher type */
+EV_API_DECL void ev_feed_event     (EV_P_ void *w, int revents) EV_THROW;
+EV_API_DECL void ev_feed_fd_event  (EV_P_ int fd, int revents) EV_THROW;
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_feed_signal    (int signum) EV_THROW;
+EV_API_DECL void ev_feed_signal_event (EV_P_ int signum) EV_THROW;
+#endif
+EV_API_DECL void ev_invoke         (EV_P_ void *w, int revents);
+EV_API_DECL int  ev_clear_pending  (EV_P_ void *w) EV_THROW;
+
+EV_API_DECL void ev_io_start       (EV_P_ ev_io *w) EV_THROW;
+EV_API_DECL void ev_io_stop        (EV_P_ ev_io *w) EV_THROW;
+
+EV_API_DECL void ev_timer_start    (EV_P_ ev_timer *w) EV_THROW;
+EV_API_DECL void ev_timer_stop     (EV_P_ ev_timer *w) EV_THROW;
+/* stops if active and no repeat, restarts if active and repeating, starts if inactive and repeating */
+EV_API_DECL void ev_timer_again    (EV_P_ ev_timer *w) EV_THROW;
+/* return remaining time */
+EV_API_DECL ev_tstamp ev_timer_remaining (EV_P_ ev_timer *w) EV_THROW;
+
+#if EV_PERIODIC_ENABLE
+EV_API_DECL void ev_periodic_start (EV_P_ ev_periodic *w) EV_THROW;
+EV_API_DECL void ev_periodic_stop  (EV_P_ ev_periodic *w) EV_THROW;
+EV_API_DECL void ev_periodic_again (EV_P_ ev_periodic *w) EV_THROW;
+#endif
+
+/* only supported in the default loop */
+#if EV_SIGNAL_ENABLE
+EV_API_DECL void ev_signal_start   (EV_P_ ev_signal *w) EV_THROW;
+EV_API_DECL void ev_signal_stop    (EV_P_ ev_signal *w) EV_THROW;
+#endif
+
+/* only supported in the default loop */
+# if EV_CHILD_ENABLE
+EV_API_DECL void ev_child_start    (EV_P_ ev_child *w) EV_THROW;
+EV_API_DECL void ev_child_stop     (EV_P_ ev_child *w) EV_THROW;
+# endif
+
+# if EV_STAT_ENABLE
+EV_API_DECL void ev_stat_start     (EV_P_ ev_stat *w) EV_THROW;
+EV_API_DECL void ev_stat_stop      (EV_P_ ev_stat *w) EV_THROW;
+EV_API_DECL void ev_stat_stat      (EV_P_ ev_stat *w) EV_THROW;
+# endif
+
+# if EV_IDLE_ENABLE
+EV_API_DECL void ev_idle_start     (EV_P_ ev_idle *w) EV_THROW;
+EV_API_DECL void ev_idle_stop      (EV_P_ ev_idle *w) EV_THROW;
+# endif
+
+#if EV_PREPARE_ENABLE
+EV_API_DECL void ev_prepare_start  (EV_P_ ev_prepare *w) EV_THROW;
+EV_API_DECL void ev_prepare_stop   (EV_P_ ev_prepare *w) EV_THROW;
+#endif
+
+#if EV_CHECK_ENABLE
+EV_API_DECL void ev_check_start    (EV_P_ ev_check *w) EV_THROW;
+EV_API_DECL void ev_check_stop     (EV_P_ ev_check *w) EV_THROW;
+#endif
+
+# if EV_FORK_ENABLE
+EV_API_DECL void ev_fork_start     (EV_P_ ev_fork *w) EV_THROW;
+EV_API_DECL void ev_fork_stop      (EV_P_ ev_fork *w) EV_THROW;
+# endif
+
+# if EV_CLEANUP_ENABLE
+EV_API_DECL void ev_cleanup_start  (EV_P_ ev_cleanup *w) EV_THROW;
+EV_API_DECL void ev_cleanup_stop   (EV_P_ ev_cleanup *w) EV_THROW;
+# endif
+
+# if EV_EMBED_ENABLE
+/* only supported when loop to be embedded is in fact embeddable */
+EV_API_DECL void ev_embed_start    (EV_P_ ev_embed *w) EV_THROW;
+EV_API_DECL void ev_embed_stop     (EV_P_ ev_embed *w) EV_THROW;
+EV_API_DECL void ev_embed_sweep    (EV_P_ ev_embed *w) EV_THROW;
+# endif
+
+# if EV_ASYNC_ENABLE
+EV_API_DECL void ev_async_start    (EV_P_ ev_async *w) EV_THROW;
+EV_API_DECL void ev_async_stop     (EV_P_ ev_async *w) EV_THROW;
+EV_API_DECL void ev_async_send     (EV_P_ ev_async *w) EV_THROW;
+# endif
+
+#if EV_COMPAT3
+  #define EVLOOP_NONBLOCK EVRUN_NOWAIT
+  #define EVLOOP_ONESHOT  EVRUN_ONCE
+  #define EVUNLOOP_CANCEL EVBREAK_CANCEL
+  #define EVUNLOOP_ONE    EVBREAK_ONE
+  #define EVUNLOOP_ALL    EVBREAK_ALL
+  #if EV_PROTOTYPES
+    EV_INLINE void ev_loop   (EV_P_ int flags) { ev_run   (EV_A_ flags); }
+    EV_INLINE void ev_unloop (EV_P_ int how  ) { ev_break (EV_A_ how  ); }
+    EV_INLINE void ev_default_destroy (void) { ev_loop_destroy (EV_DEFAULT); }
+    EV_INLINE void ev_default_fork    (void) { ev_loop_fork    (EV_DEFAULT); }
+    #if EV_FEATURE_API
+      EV_INLINE unsigned int ev_loop_count  (EV_P) { return ev_iteration  (EV_A); }
+      EV_INLINE unsigned int ev_loop_depth  (EV_P) { return ev_depth      (EV_A); }
+      EV_INLINE void         ev_loop_verify (EV_P) {        ev_verify     (EV_A); }
+    #endif
+  #endif
+#else
+  typedef struct ev_loop ev_loop;
+#endif
+
+#endif
+
+EV_CPP(})
+
+#endif
+
diff --git a/krb5-1.21.3/src/util/verto/ev_poll.c b/krb5-1.21.3/src/util/verto/ev_poll.c
new file mode 100644
index 00000000..48323516
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev_poll.c
@@ -0,0 +1,148 @@
+/*
+ * libev poll fd activity backend
+ *
+ * Copyright (c) 2007,2008,2009,2010,2011 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#include <poll.h>
+
+void inline_size
+pollidx_init (int *base, int count)
+{
+  /* consider using memset (.., -1, ...), which is practically guaranteed
+   * to work on all systems implementing poll */
+  while (count--)
+    *base++ = -1;
+}
+
+static void
+poll_modify (EV_P_ int fd, int oev, int nev)
+{
+  int idx;
+
+  if (oev == nev)
+    return;
+
+  array_needsize (int, pollidxs, pollidxmax, fd + 1, pollidx_init);
+
+  idx = pollidxs [fd];
+
+  if (idx < 0) /* need to allocate a new pollfd */
+    {
+      pollidxs [fd] = idx = pollcnt++;
+      array_needsize (struct pollfd, polls, pollmax, pollcnt, EMPTY2);
+      polls [idx].fd = fd;
+    }
+
+  assert (polls [idx].fd == fd);
+
+  if (nev)
+    polls [idx].events =
+        (nev & EV_READ ? POLLIN : 0)
+        | (nev & EV_WRITE ? POLLOUT : 0);
+  else /* remove pollfd */
+    {
+      pollidxs [fd] = -1;
+
+      if (expect_true (idx < --pollcnt))
+        {
+          polls [idx] = polls [pollcnt];
+          pollidxs [polls [idx].fd] = idx;
+        }
+    }
+}
+
+static void
+poll_poll (EV_P_ ev_tstamp timeout)
+{
+  struct pollfd *p;
+  int res;
+  
+  EV_RELEASE_CB;
+  res = poll (polls, pollcnt, timeout * 1e3);
+  EV_ACQUIRE_CB;
+
+  if (expect_false (res < 0))
+    {
+      if (errno == EBADF)
+        fd_ebadf (EV_A);
+      else if (errno == ENOMEM && !syserr_cb)
+        fd_enomem (EV_A);
+      else if (errno != EINTR)
+        ev_syserr ("(libev) poll");
+    }
+  else
+    for (p = polls; res; ++p)
+      {
+        assert (("libev: poll() returned illegal result, broken BSD kernel?", p < polls + pollcnt));
+
+        if (expect_false (p->revents)) /* this expect is debatable */
+          {
+            --res;
+
+            if (expect_false (p->revents & POLLNVAL))
+              fd_kill (EV_A_ p->fd);
+            else
+              fd_event (
+                EV_A_
+                p->fd,
+                (p->revents & (POLLOUT | POLLERR | POLLHUP) ? EV_WRITE : 0)
+                | (p->revents & (POLLIN | POLLERR | POLLHUP) ? EV_READ : 0)
+              );
+          }
+      }
+}
+
+int inline_size
+poll_init (EV_P_ int flags)
+{
+  backend_mintime = 1e-3;
+  backend_modify  = poll_modify;
+  backend_poll    = poll_poll;
+
+  pollidxs = 0; pollidxmax = 0;
+  polls    = 0; pollmax    = 0; pollcnt = 0;
+
+  return EVBACKEND_POLL;
+}
+
+void inline_size
+poll_destroy (EV_P)
+{
+  ev_free (pollidxs);
+  ev_free (polls);
+}
+
diff --git a/krb5-1.21.3/src/util/verto/ev_select.c b/krb5-1.21.3/src/util/verto/ev_select.c
new file mode 100644
index 00000000..f38d6ca3
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev_select.c
@@ -0,0 +1,314 @@
+/*
+ * libev select fd activity backend
+ *
+ * Copyright (c) 2007,2008,2009,2010,2011 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifndef _WIN32
+/* for unix systems */
+# include <inttypes.h>
+# ifndef __hpux
+/* for REAL unix systems */
+#  include <sys/select.h>
+# endif
+#endif
+
+#ifndef EV_SELECT_USE_FD_SET
+# ifdef NFDBITS
+#  define EV_SELECT_USE_FD_SET 0
+# else
+#  define EV_SELECT_USE_FD_SET 1
+# endif
+#endif
+
+#if EV_SELECT_IS_WINSOCKET
+# undef EV_SELECT_USE_FD_SET
+# define EV_SELECT_USE_FD_SET 1
+# undef NFDBITS
+# define NFDBITS 0
+#endif
+
+#if !EV_SELECT_USE_FD_SET
+# define NFDBYTES (NFDBITS / 8)
+#endif
+
+#include <string.h>
+
+static void
+select_modify (EV_P_ int fd, int oev, int nev)
+{
+  if (oev == nev)
+    return;
+
+  {
+#if EV_SELECT_USE_FD_SET
+
+    #if EV_SELECT_IS_WINSOCKET
+    SOCKET handle = anfds [fd].handle;
+    #else
+    int handle = fd;
+    #endif
+
+    assert (("libev: fd >= FD_SETSIZE passed to fd_set-based select backend", fd < FD_SETSIZE));
+
+    /* FD_SET is broken on windows (it adds the fd to a set twice or more,
+     * which eventually leads to overflows). Need to call it only on changes.
+     */
+    #if EV_SELECT_IS_WINSOCKET
+    if ((oev ^ nev) & EV_READ)
+    #endif
+      if (nev & EV_READ)
+        FD_SET (handle, (fd_set *)vec_ri);
+      else
+        FD_CLR (handle, (fd_set *)vec_ri);
+
+    #if EV_SELECT_IS_WINSOCKET
+    if ((oev ^ nev) & EV_WRITE)
+    #endif
+      if (nev & EV_WRITE)
+        FD_SET (handle, (fd_set *)vec_wi);
+      else
+        FD_CLR (handle, (fd_set *)vec_wi);
+
+#else
+
+    int     word = fd / NFDBITS;
+    fd_mask mask = 1UL << (fd % NFDBITS);
+
+    if (expect_false (vec_max <= word))
+      {
+        int new_max = word + 1;
+
+        vec_ri = ev_realloc (vec_ri, new_max * NFDBYTES);
+        vec_ro = ev_realloc (vec_ro, new_max * NFDBYTES); /* could free/malloc */
+        vec_wi = ev_realloc (vec_wi, new_max * NFDBYTES);
+        vec_wo = ev_realloc (vec_wo, new_max * NFDBYTES); /* could free/malloc */
+        #ifdef _WIN32
+        vec_eo = ev_realloc (vec_eo, new_max * NFDBYTES); /* could free/malloc */
+        #endif
+
+        for (; vec_max < new_max; ++vec_max)
+          ((fd_mask *)vec_ri) [vec_max] =
+          ((fd_mask *)vec_wi) [vec_max] = 0;
+      }
+
+    ((fd_mask *)vec_ri) [word] |= mask;
+    if (!(nev & EV_READ))
+      ((fd_mask *)vec_ri) [word] &= ~mask;
+
+    ((fd_mask *)vec_wi) [word] |= mask;
+    if (!(nev & EV_WRITE))
+      ((fd_mask *)vec_wi) [word] &= ~mask;
+#endif
+  }
+}
+
+static void
+select_poll (EV_P_ ev_tstamp timeout)
+{
+  struct timeval tv;
+  int res;
+  int fd_setsize;
+
+  EV_RELEASE_CB;
+  EV_TV_SET (tv, timeout);
+
+#if EV_SELECT_USE_FD_SET
+  fd_setsize = sizeof (fd_set);
+#else
+  fd_setsize = vec_max * NFDBYTES;
+#endif
+
+  memcpy (vec_ro, vec_ri, fd_setsize);
+  memcpy (vec_wo, vec_wi, fd_setsize);
+
+#ifdef _WIN32
+  /* pass in the write set as except set.
+   * the idea behind this is to work around a windows bug that causes
+   * errors to be reported as an exception and not by setting
+   * the writable bit. this is so uncontrollably lame.
+   */
+  memcpy (vec_eo, vec_wi, fd_setsize);
+  res = select (vec_max * NFDBITS, (fd_set *)vec_ro, (fd_set *)vec_wo, (fd_set *)vec_eo, &tv);
+#elif EV_SELECT_USE_FD_SET
+  fd_setsize = anfdmax < FD_SETSIZE ? anfdmax : FD_SETSIZE;
+  res = select (fd_setsize, (fd_set *)vec_ro, (fd_set *)vec_wo, 0, &tv);
+#else
+  res = select (vec_max * NFDBITS, (fd_set *)vec_ro, (fd_set *)vec_wo, 0, &tv);
+#endif
+  EV_ACQUIRE_CB;
+
+  if (expect_false (res < 0))
+    {
+      #if EV_SELECT_IS_WINSOCKET
+      errno = WSAGetLastError ();
+      #endif
+      #ifdef WSABASEERR
+      /* on windows, select returns incompatible error codes, fix this */
+      if (errno >= WSABASEERR && errno < WSABASEERR + 1000)
+        if (errno == WSAENOTSOCK)
+          errno = EBADF;
+        else
+          errno -= WSABASEERR;
+      #endif
+
+      #ifdef _WIN32
+      /* select on windows erroneously returns EINVAL when no fd sets have been
+       * provided (this is documented). what microsoft doesn't tell you that this bug
+       * exists even when the fd sets _are_ provided, so we have to check for this bug
+       * here and emulate by sleeping manually.
+       * we also get EINVAL when the timeout is invalid, but we ignore this case here
+       * and assume that EINVAL always means: you have to wait manually.
+       */
+      if (errno == EINVAL)
+        {
+          if (timeout)
+            {
+              unsigned long ms = timeout * 1e3;
+              Sleep (ms ? ms : 1);
+            }
+
+          return;
+        }
+      #endif
+
+      if (errno == EBADF)
+        fd_ebadf (EV_A);
+      else if (errno == ENOMEM && !syserr_cb)
+        fd_enomem (EV_A);
+      else if (errno != EINTR)
+        ev_syserr ("(libev) select");
+
+      return;
+    }
+
+#if EV_SELECT_USE_FD_SET
+
+  {
+    int fd;
+
+    for (fd = 0; fd < anfdmax; ++fd)
+      if (anfds [fd].events)
+        {
+          int events = 0;
+          #if EV_SELECT_IS_WINSOCKET
+          SOCKET handle = anfds [fd].handle;
+          #else
+          int handle = fd;
+          #endif
+
+          if (FD_ISSET (handle, (fd_set *)vec_ro)) events |= EV_READ;
+          if (FD_ISSET (handle, (fd_set *)vec_wo)) events |= EV_WRITE;
+          #ifdef _WIN32
+          if (FD_ISSET (handle, (fd_set *)vec_eo)) events |= EV_WRITE;
+          #endif
+
+          if (expect_true (events))
+            fd_event (EV_A_ fd, events);
+        }
+  }
+
+#else
+
+  {
+    int word, bit;
+    for (word = vec_max; word--; )
+      {
+        fd_mask word_r = ((fd_mask *)vec_ro) [word];
+        fd_mask word_w = ((fd_mask *)vec_wo) [word];
+        #ifdef _WIN32
+        word_w |= ((fd_mask *)vec_eo) [word];
+        #endif
+
+        if (word_r || word_w)
+          for (bit = NFDBITS; bit--; )
+            {
+              fd_mask mask = 1UL << bit;
+              int events = 0;
+
+              events |= word_r & mask ? EV_READ  : 0;
+              events |= word_w & mask ? EV_WRITE : 0;
+
+              if (expect_true (events))
+                fd_event (EV_A_ word * NFDBITS + bit, events);
+            }
+      }
+  }
+
+#endif
+}
+
+int inline_size
+select_init (EV_P_ int flags)
+{
+  backend_mintime = 1e-6;
+  backend_modify  = select_modify;
+  backend_poll    = select_poll;
+
+#if EV_SELECT_USE_FD_SET
+  vec_ri  = ev_malloc (sizeof (fd_set)); FD_ZERO ((fd_set *)vec_ri);
+  vec_ro  = ev_malloc (sizeof (fd_set));
+  vec_wi  = ev_malloc (sizeof (fd_set)); FD_ZERO ((fd_set *)vec_wi);
+  vec_wo  = ev_malloc (sizeof (fd_set));
+  #ifdef _WIN32
+  vec_eo  = ev_malloc (sizeof (fd_set));
+  #endif
+#else
+  vec_max = 0;
+  vec_ri  = 0;
+  vec_ro  = 0;
+  vec_wi  = 0;
+  vec_wo  = 0;
+  #ifdef _WIN32
+  vec_eo  = 0;
+  #endif
+#endif
+
+  return EVBACKEND_SELECT;
+}
+
+void inline_size
+select_destroy (EV_P)
+{
+  ev_free (vec_ri);
+  ev_free (vec_ro);
+  ev_free (vec_wi);
+  ev_free (vec_wo);
+  #ifdef _WIN32
+  ev_free (vec_eo);
+  #endif
+}
+
diff --git a/krb5-1.21.3/src/util/verto/ev_vars.h b/krb5-1.21.3/src/util/verto/ev_vars.h
new file mode 100644
index 00000000..04d4db16
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev_vars.h
@@ -0,0 +1,204 @@
+/*
+ * loop member variable declarations
+ *
+ * Copyright (c) 2007,2008,2009,2010,2011,2012,2013 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#define VARx(type,name) VAR(name, type name)
+
+VARx(ev_tstamp, now_floor) /* last time we refreshed rt_time */
+VARx(ev_tstamp, mn_now)    /* monotonic clock "now" */
+VARx(ev_tstamp, rtmn_diff) /* difference realtime - monotonic time */
+
+/* for reverse feeding of events */
+VARx(W *, rfeeds)
+VARx(int, rfeedmax)
+VARx(int, rfeedcnt)
+
+VAR (pendings, ANPENDING *pendings [NUMPRI])
+VAR (pendingmax, int pendingmax [NUMPRI])
+VAR (pendingcnt, int pendingcnt [NUMPRI])
+VARx(int, pendingpri) /* highest priority currently pending */
+VARx(ev_prepare, pending_w) /* dummy pending watcher */
+
+VARx(ev_tstamp, io_blocktime)
+VARx(ev_tstamp, timeout_blocktime)
+
+VARx(int, backend)
+VARx(int, activecnt) /* total number of active events ("refcount") */
+VARx(EV_ATOMIC_T, loop_done)  /* signal by ev_break */
+
+VARx(int, backend_fd)
+VARx(ev_tstamp, backend_mintime) /* assumed typical timer resolution */
+VAR (backend_modify, void (*backend_modify)(EV_P_ int fd, int oev, int nev))
+VAR (backend_poll  , void (*backend_poll)(EV_P_ ev_tstamp timeout))
+
+VARx(ANFD *, anfds)
+VARx(int, anfdmax)
+
+VAR (evpipe, int evpipe [2])
+VARx(ev_io, pipe_w)
+VARx(EV_ATOMIC_T, pipe_write_wanted)
+VARx(EV_ATOMIC_T, pipe_write_skipped)
+
+#if !defined(_WIN32) || EV_GENWRAP
+VARx(pid_t, curpid)
+#endif
+
+VARx(char, postfork)  /* true if we need to recreate kernel state after fork */
+
+#if EV_USE_SELECT || EV_GENWRAP
+VARx(void *, vec_ri)
+VARx(void *, vec_ro)
+VARx(void *, vec_wi)
+VARx(void *, vec_wo)
+#if defined(_WIN32) || EV_GENWRAP
+VARx(void *, vec_eo)
+#endif
+VARx(int, vec_max)
+#endif
+
+#if EV_USE_POLL || EV_GENWRAP
+VARx(struct pollfd *, polls)
+VARx(int, pollmax)
+VARx(int, pollcnt)
+VARx(int *, pollidxs) /* maps fds into structure indices */
+VARx(int, pollidxmax)
+#endif
+
+#if EV_USE_EPOLL || EV_GENWRAP
+VARx(struct epoll_event *, epoll_events)
+VARx(int, epoll_eventmax)
+VARx(int *, epoll_eperms)
+VARx(int, epoll_epermcnt)
+VARx(int, epoll_epermmax)
+#endif
+
+#if EV_USE_KQUEUE || EV_GENWRAP
+VARx(pid_t, kqueue_fd_pid)
+VARx(struct kevent *, kqueue_changes)
+VARx(int, kqueue_changemax)
+VARx(int, kqueue_changecnt)
+VARx(struct kevent *, kqueue_events)
+VARx(int, kqueue_eventmax)
+#endif
+
+#if EV_USE_PORT || EV_GENWRAP
+VARx(struct port_event *, port_events)
+VARx(int, port_eventmax)
+#endif
+
+#if EV_USE_IOCP || EV_GENWRAP
+VARx(HANDLE, iocp)
+#endif
+
+VARx(int *, fdchanges)
+VARx(int, fdchangemax)
+VARx(int, fdchangecnt)
+
+VARx(ANHE *, timers)
+VARx(int, timermax)
+VARx(int, timercnt)
+
+#if EV_PERIODIC_ENABLE || EV_GENWRAP
+VARx(ANHE *, periodics)
+VARx(int, periodicmax)
+VARx(int, periodiccnt)
+#endif
+
+#if EV_IDLE_ENABLE || EV_GENWRAP
+VAR (idles, ev_idle **idles [NUMPRI])
+VAR (idlemax, int idlemax [NUMPRI])
+VAR (idlecnt, int idlecnt [NUMPRI])
+#endif
+VARx(int, idleall) /* total number */
+
+VARx(struct ev_prepare **, prepares)
+VARx(int, preparemax)
+VARx(int, preparecnt)
+
+VARx(struct ev_check **, checks)
+VARx(int, checkmax)
+VARx(int, checkcnt)
+
+#if EV_FORK_ENABLE || EV_GENWRAP
+VARx(struct ev_fork **, forks)
+VARx(int, forkmax)
+VARx(int, forkcnt)
+#endif
+
+#if EV_CLEANUP_ENABLE || EV_GENWRAP
+VARx(struct ev_cleanup **, cleanups)
+VARx(int, cleanupmax)
+VARx(int, cleanupcnt)
+#endif
+
+#if EV_ASYNC_ENABLE || EV_GENWRAP
+VARx(EV_ATOMIC_T, async_pending)
+VARx(struct ev_async **, asyncs)
+VARx(int, asyncmax)
+VARx(int, asynccnt)
+#endif
+
+#if EV_USE_INOTIFY || EV_GENWRAP
+VARx(int, fs_fd)
+VARx(ev_io, fs_w)
+VARx(char, fs_2625) /* whether we are running in linux 2.6.25 or newer */
+VAR (fs_hash, ANFS fs_hash [EV_INOTIFY_HASHSIZE])
+#endif
+
+VARx(EV_ATOMIC_T, sig_pending)
+#if EV_USE_SIGNALFD || EV_GENWRAP
+VARx(int, sigfd)
+VARx(ev_io, sigfd_w)
+VARx(sigset_t, sigfd_set)
+#endif
+
+VARx(unsigned int, origflags) /* original loop flags */
+
+#if EV_FEATURE_API || EV_GENWRAP
+VARx(unsigned int, loop_count) /* total number of loop iterations/blocks */
+VARx(unsigned int, loop_depth) /* #ev_run enters - #ev_run leaves */
+
+VARx(void *, userdata)
+/* C++ doesn't support the ev_loop_callback typedef here. stinks. */
+VAR (release_cb, void (*release_cb)(EV_P) EV_THROW)
+VAR (acquire_cb, void (*acquire_cb)(EV_P) EV_THROW)
+VAR (invoke_cb , ev_loop_callback invoke_cb)
+#endif
+
+#undef VARx
+
diff --git a/krb5-1.21.3/src/util/verto/ev_win32.c b/krb5-1.21.3/src/util/verto/ev_win32.c
new file mode 100644
index 00000000..fd671356
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev_win32.c
@@ -0,0 +1,162 @@
+/*
+ * libev win32 compatibility cruft (_not_ a backend)
+ *
+ * Copyright (c) 2007,2008,2009 Marc Alexander Lehmann <libev@schmorp.de>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifica-
+ * tion, are permitted provided that the following conditions are met:
+ *
+ *   1.  Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *   2.  Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MER-
+ * CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+ * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE-
+ * CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTH-
+ * ERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * the GNU General Public License ("GPL") version 2 or any later version,
+ * in which case the provisions of the GPL are applicable instead of
+ * the above. If you wish to allow the use of your version of this file
+ * only under the terms of the GPL and not to allow others to use your
+ * version of this file under the BSD license, indicate your decision
+ * by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL. If you do not delete the
+ * provisions above, a recipient may use your version of this file under
+ * either the BSD or the GPL.
+ */
+
+#ifdef _WIN32
+
+/* note: the comment below could not be substantiated, but what would I care */
+/* MSDN says this is required to handle SIGFPE */
+/* my wild guess would be that using something floating-pointy is required */
+/* for the crt to do something about it */
+volatile double SIGFPE_REQ = 0.0f;
+
+static SOCKET
+ev_tcp_socket (void)
+{
+#if EV_USE_WSASOCKET
+  return WSASocket (AF_INET, SOCK_STREAM, 0, 0, 0, 0);
+#else
+  return socket (AF_INET, SOCK_STREAM, 0);
+#endif
+}
+
+/* oh, the humanity! */
+static int
+ev_pipe (int filedes [2])
+{
+  struct sockaddr_in addr = { 0 };
+  int addr_size = sizeof (addr);
+  struct sockaddr_in adr2;
+  int adr2_size = sizeof (adr2);
+  SOCKET listener;
+  SOCKET sock [2] = { -1, -1 };
+
+  if ((listener = ev_tcp_socket ()) == INVALID_SOCKET)
+    return -1;
+
+  addr.sin_family = AF_INET;
+  addr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
+  addr.sin_port = 0;
+
+  if (bind (listener, (struct sockaddr *)&addr, addr_size))
+    goto fail;
+
+  if (getsockname (listener, (struct sockaddr *)&addr, &addr_size))
+    goto fail;
+
+  if (listen (listener, 1))
+    goto fail;
+
+  if ((sock [0] = ev_tcp_socket ()) == INVALID_SOCKET)
+    goto fail;
+
+  if (connect (sock [0], (struct sockaddr *)&addr, addr_size))
+    goto fail;
+
+  /* TODO: returns INVALID_SOCKET on winsock accept, not < 0. fix it */
+  /* when convenient, probably by just removing error checking altogether? */
+  if ((sock [1] = accept (listener, 0, 0)) < 0)
+    goto fail;
+
+  /* windows vista returns fantasy port numbers for sockets:
+   * example for two interconnected tcp sockets:
+   *
+   * (Socket::unpack_sockaddr_in getsockname $sock0)[0] == 53364
+   * (Socket::unpack_sockaddr_in getpeername $sock0)[0] == 53363
+   * (Socket::unpack_sockaddr_in getsockname $sock1)[0] == 53363
+   * (Socket::unpack_sockaddr_in getpeername $sock1)[0] == 53365
+   *
+   * wow! tridirectional sockets!
+   *
+   * this way of checking ports seems to work:
+   */
+  if (getpeername (sock [0], (struct sockaddr *)&addr, &addr_size))
+    goto fail;
+
+  if (getsockname (sock [1], (struct sockaddr *)&adr2, &adr2_size))
+    goto fail;
+
+  errno = WSAEINVAL;
+  if (addr_size != adr2_size
+      || addr.sin_addr.s_addr != adr2.sin_addr.s_addr /* just to be sure, I mean, it's windows */
+      || addr.sin_port        != adr2.sin_port)
+    goto fail;
+
+  closesocket (listener);
+
+#if EV_SELECT_IS_WINSOCKET
+  filedes [0] = EV_WIN32_HANDLE_TO_FD (sock [0]);
+  filedes [1] = EV_WIN32_HANDLE_TO_FD (sock [1]);
+#else
+  /* when select isn't winsocket, we also expect socket, connect, accept etc.
+   * to work on fds */
+  filedes [0] = sock [0];
+  filedes [1] = sock [1];
+#endif
+
+  return 0;
+
+fail:
+  closesocket (listener);
+
+  if (sock [0] != INVALID_SOCKET) closesocket (sock [0]);
+  if (sock [1] != INVALID_SOCKET) closesocket (sock [1]);
+
+  return -1;
+}
+
+#undef pipe
+#define pipe(filedes) ev_pipe (filedes)
+
+#define EV_HAVE_EV_TIME 1
+ev_tstamp
+ev_time (void)
+{
+  FILETIME ft;
+  ULARGE_INTEGER ui;
+
+  GetSystemTimeAsFileTime (&ft);
+  ui.u.LowPart  = ft.dwLowDateTime;
+  ui.u.HighPart = ft.dwHighDateTime;
+
+  /* msvc cannot convert ulonglong to double... yes, it is that sucky */
+  return (LONGLONG)(ui.QuadPart - 116444736000000000) * 1e-7;
+}
+
+#endif
+
diff --git a/krb5-1.21.3/src/util/verto/ev_wrap.h b/krb5-1.21.3/src/util/verto/ev_wrap.h
new file mode 100644
index 00000000..ad989ea7
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/ev_wrap.h
@@ -0,0 +1,200 @@
+/* DO NOT EDIT, automatically generated by update_ev_wrap */
+#ifndef EV_WRAP_H
+#define EV_WRAP_H
+#define acquire_cb ((loop)->acquire_cb)
+#define activecnt ((loop)->activecnt)
+#define anfdmax ((loop)->anfdmax)
+#define anfds ((loop)->anfds)
+#define async_pending ((loop)->async_pending)
+#define asynccnt ((loop)->asynccnt)
+#define asyncmax ((loop)->asyncmax)
+#define asyncs ((loop)->asyncs)
+#define backend ((loop)->backend)
+#define backend_fd ((loop)->backend_fd)
+#define backend_mintime ((loop)->backend_mintime)
+#define backend_modify ((loop)->backend_modify)
+#define backend_poll ((loop)->backend_poll)
+#define checkcnt ((loop)->checkcnt)
+#define checkmax ((loop)->checkmax)
+#define checks ((loop)->checks)
+#define cleanupcnt ((loop)->cleanupcnt)
+#define cleanupmax ((loop)->cleanupmax)
+#define cleanups ((loop)->cleanups)
+#define curpid ((loop)->curpid)
+#define epoll_epermcnt ((loop)->epoll_epermcnt)
+#define epoll_epermmax ((loop)->epoll_epermmax)
+#define epoll_eperms ((loop)->epoll_eperms)
+#define epoll_eventmax ((loop)->epoll_eventmax)
+#define epoll_events ((loop)->epoll_events)
+#define evpipe ((loop)->evpipe)
+#define fdchangecnt ((loop)->fdchangecnt)
+#define fdchangemax ((loop)->fdchangemax)
+#define fdchanges ((loop)->fdchanges)
+#define forkcnt ((loop)->forkcnt)
+#define forkmax ((loop)->forkmax)
+#define forks ((loop)->forks)
+#define fs_2625 ((loop)->fs_2625)
+#define fs_fd ((loop)->fs_fd)
+#define fs_hash ((loop)->fs_hash)
+#define fs_w ((loop)->fs_w)
+#define idleall ((loop)->idleall)
+#define idlecnt ((loop)->idlecnt)
+#define idlemax ((loop)->idlemax)
+#define idles ((loop)->idles)
+#define invoke_cb ((loop)->invoke_cb)
+#define io_blocktime ((loop)->io_blocktime)
+#define iocp ((loop)->iocp)
+#define kqueue_changecnt ((loop)->kqueue_changecnt)
+#define kqueue_changemax ((loop)->kqueue_changemax)
+#define kqueue_changes ((loop)->kqueue_changes)
+#define kqueue_eventmax ((loop)->kqueue_eventmax)
+#define kqueue_events ((loop)->kqueue_events)
+#define kqueue_fd_pid ((loop)->kqueue_fd_pid)
+#define loop_count ((loop)->loop_count)
+#define loop_depth ((loop)->loop_depth)
+#define loop_done ((loop)->loop_done)
+#define mn_now ((loop)->mn_now)
+#define now_floor ((loop)->now_floor)
+#define origflags ((loop)->origflags)
+#define pending_w ((loop)->pending_w)
+#define pendingcnt ((loop)->pendingcnt)
+#define pendingmax ((loop)->pendingmax)
+#define pendingpri ((loop)->pendingpri)
+#define pendings ((loop)->pendings)
+#define periodiccnt ((loop)->periodiccnt)
+#define periodicmax ((loop)->periodicmax)
+#define periodics ((loop)->periodics)
+#define pipe_w ((loop)->pipe_w)
+#define pipe_write_skipped ((loop)->pipe_write_skipped)
+#define pipe_write_wanted ((loop)->pipe_write_wanted)
+#define pollcnt ((loop)->pollcnt)
+#define pollidxmax ((loop)->pollidxmax)
+#define pollidxs ((loop)->pollidxs)
+#define pollmax ((loop)->pollmax)
+#define polls ((loop)->polls)
+#define port_eventmax ((loop)->port_eventmax)
+#define port_events ((loop)->port_events)
+#define postfork ((loop)->postfork)
+#define preparecnt ((loop)->preparecnt)
+#define preparemax ((loop)->preparemax)
+#define prepares ((loop)->prepares)
+#define release_cb ((loop)->release_cb)
+#define rfeedcnt ((loop)->rfeedcnt)
+#define rfeedmax ((loop)->rfeedmax)
+#define rfeeds ((loop)->rfeeds)
+#define rtmn_diff ((loop)->rtmn_diff)
+#define sig_pending ((loop)->sig_pending)
+#define sigfd ((loop)->sigfd)
+#define sigfd_set ((loop)->sigfd_set)
+#define sigfd_w ((loop)->sigfd_w)
+#define timeout_blocktime ((loop)->timeout_blocktime)
+#define timercnt ((loop)->timercnt)
+#define timermax ((loop)->timermax)
+#define timers ((loop)->timers)
+#define userdata ((loop)->userdata)
+#define vec_eo ((loop)->vec_eo)
+#define vec_max ((loop)->vec_max)
+#define vec_ri ((loop)->vec_ri)
+#define vec_ro ((loop)->vec_ro)
+#define vec_wi ((loop)->vec_wi)
+#define vec_wo ((loop)->vec_wo)
+#else
+#undef EV_WRAP_H
+#undef acquire_cb
+#undef activecnt
+#undef anfdmax
+#undef anfds
+#undef async_pending
+#undef asynccnt
+#undef asyncmax
+#undef asyncs
+#undef backend
+#undef backend_fd
+#undef backend_mintime
+#undef backend_modify
+#undef backend_poll
+#undef checkcnt
+#undef checkmax
+#undef checks
+#undef cleanupcnt
+#undef cleanupmax
+#undef cleanups
+#undef curpid
+#undef epoll_epermcnt
+#undef epoll_epermmax
+#undef epoll_eperms
+#undef epoll_eventmax
+#undef epoll_events
+#undef evpipe
+#undef fdchangecnt
+#undef fdchangemax
+#undef fdchanges
+#undef forkcnt
+#undef forkmax
+#undef forks
+#undef fs_2625
+#undef fs_fd
+#undef fs_hash
+#undef fs_w
+#undef idleall
+#undef idlecnt
+#undef idlemax
+#undef idles
+#undef invoke_cb
+#undef io_blocktime
+#undef iocp
+#undef kqueue_changecnt
+#undef kqueue_changemax
+#undef kqueue_changes
+#undef kqueue_eventmax
+#undef kqueue_events
+#undef kqueue_fd_pid
+#undef loop_count
+#undef loop_depth
+#undef loop_done
+#undef mn_now
+#undef now_floor
+#undef origflags
+#undef pending_w
+#undef pendingcnt
+#undef pendingmax
+#undef pendingpri
+#undef pendings
+#undef periodiccnt
+#undef periodicmax
+#undef periodics
+#undef pipe_w
+#undef pipe_write_skipped
+#undef pipe_write_wanted
+#undef pollcnt
+#undef pollidxmax
+#undef pollidxs
+#undef pollmax
+#undef polls
+#undef port_eventmax
+#undef port_events
+#undef postfork
+#undef preparecnt
+#undef preparemax
+#undef prepares
+#undef release_cb
+#undef rfeedcnt
+#undef rfeedmax
+#undef rfeeds
+#undef rtmn_diff
+#undef sig_pending
+#undef sigfd
+#undef sigfd_set
+#undef sigfd_w
+#undef timeout_blocktime
+#undef timercnt
+#undef timermax
+#undef timers
+#undef userdata
+#undef vec_eo
+#undef vec_max
+#undef vec_ri
+#undef vec_ro
+#undef vec_wi
+#undef vec_wo
+#endif
diff --git a/krb5-1.21.3/src/util/verto/libverto.exports b/krb5-1.21.3/src/util/verto/libverto.exports
new file mode 100644
index 00000000..3745d501
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/libverto.exports
@@ -0,0 +1,33 @@
+verto_add_child
+verto_add_idle
+verto_add_io
+verto_add_signal
+verto_add_timeout
+verto_break
+verto_cleanup
+verto_convert_module
+verto_default
+verto_del
+verto_fire
+verto_free
+verto_get_ctx
+verto_get_fd
+verto_get_fd_state
+verto_get_flags
+verto_get_interval
+verto_get_private
+verto_get_proc
+verto_get_proc_status
+verto_get_signal
+verto_get_supported_types
+verto_get_type
+verto_new
+verto_reinitialize
+verto_run
+verto_run_once
+verto_set_allocator
+verto_set_default
+verto_set_fd_state
+verto_set_flags
+verto_set_private
+verto_set_proc_status
diff --git a/krb5-1.21.3/src/util/verto/module.c b/krb5-1.21.3/src/util/verto/module.c
new file mode 100644
index 00000000..68dc7093
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/module.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* Stub implementation of module loading for MIT krb5 bundled libverto. */
+
+#include <string.h>
+
+int
+module_symbol_is_present(const char *modname, const char *symbname)
+{
+    return 0;
+}
+
+int
+module_get_filename_for_symbol(void *addr, char **filename)
+{
+    return 0;
+}
+
+void
+module_close(void *dll)
+{
+}
+
+char *
+module_load(const char *filename, const char *symbname,
+            int (*shouldload)(void *symb, void *misc, char **err), void *misc,
+            void **dll, void **symb)
+{
+    if (dll)
+        *dll = NULL;
+    if (symb)
+        *symb = NULL;
+    return strdup("module loading disabled");
+}
diff --git a/krb5-1.21.3/src/util/verto/module.h b/krb5-1.21.3/src/util/verto/module.h
new file mode 100644
index 00000000..38c431dc
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/module.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* Determines if a symbol is present in a given module.
+ *
+ * @param modname The name of the module.
+ * @param symbname The name of the symbol.
+ * @return Non-zero if found, zero if not found.
+ */
+int
+module_symbol_is_present(const char *modname, const char *symbname);
+
+/* Finds the file for a given symbol.
+ *
+ * If filename is non-null, the name of the file will be stored. This must
+ * be freed with free().
+ *
+ * @param addr The address to resolve.
+ * @param filename Where to store the name of the file.
+ * @return 0 on error, non-zero on success.
+ */
+int
+module_get_filename_for_symbol(void *addr, char **filename);
+
+/* Closes a module.
+ *
+ * Does nothing if dll is NULL.
+ *
+ * @param dll The module to close.
+ */
+void
+module_close(void *dll);
+
+
+/* Loads a module and extracts the given symbol.
+ *
+ * This function loads the module specified by filename, but does not resolve
+ * any of its symbol dependencies. Next is gets the symbol symbname and calls
+ * shouldload(). If shouldload() returns non-zero, the module is reloaded
+ * with full symbol resolution and stores the results in dll and symb.
+ *
+ * The job of shouldload() is to determine, based on the metadata in the
+ * symbol fetched, if the module should be fully loaded. The shouldload()
+ * callback MUST NOT attempt to call any functions in the module. This will
+ * crash on WIN32.
+ *
+ * If an error occurs, an error string will be allocated and returned. If
+ * allocation of this string fails, NULL will be returned. Since this is the
+ * same as the non-error case, you should additionally check if dll or symb
+ * is NULL.
+ *
+ * @param filename Path to the module
+ * @param symbname Symbol name to load from the file and pass to shouldload()
+ * @param shouldload Callback to determine whether to fullly load the module
+ * @param misc Opaque pointer to pass to shouldload()
+ * @param dll Where the module will be stored (can be NULL)
+ * @param symb Where the symbol will be stored (can be NULL)
+ * @return An error string.
+ */
+char *
+module_load(const char *filename, const char *symbname,
+            int (*shouldload)(void *symb, void *misc, char **err), void *misc,
+            void **dll, void **symb);
diff --git a/krb5-1.21.3/src/util/verto/verto-k5ev.c b/krb5-1.21.3/src/util/verto/verto-k5ev.c
new file mode 100644
index 00000000..a390af71
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/verto-k5ev.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/*
+ * An edited version of verto-libev.c, using an embedded libev with renamed
+ * symbols.  The corresponding version of verto-libev.c is stored in this
+ * directory for reference, although it is not built here.
+ */
+
+#include "autoconf.h"
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <verto.h>
+#include <verto-module.h>
+#include "rename.h"
+
+/* Ignore some warnings generated by the libev code, which the libev maintainer
+ * isn't interested in avoiding. */
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wunused-value"
+#pragma GCC diagnostic ignored "-Wcomment"
+#pragma GCC diagnostic ignored "-Wunused-result"
+#ifdef __clang__
+#pragma GCC diagnostic ignored "-Wbitwise-op-parentheses"
+#endif
+#endif
+
+#define EV_API_STATIC 1
+#define EV_STANDALONE 1
+/* Avoid using clock_gettime, which would create a dependency on librt. */
+#define EV_USE_MONOTONIC 0
+#define EV_USE_REALTIME 0
+#define EV_FEATURES 0x4f        /* No back ends or optional watchers */
+/* Enable the optional watcher types we use. */
+#define EV_IDLE_ENABLE 1
+#define EV_SIGNAL_ENABLE 1
+#define EV_CHILD_ENABLE 1
+/* Enable the back ends we want. */
+#ifdef HAVE_POLL_H
+#define EV_USE_POLL 1
+#endif
+/* ev.c explicitly disables poll() on Mac or FreeBSD; fall back to select(). */
+#define EV_USE_SELECT 1
+#include "ev.c"
+
+static verto_mod_ctx *
+k5ev_ctx_new(void)
+{
+    return ev_loop_new(EVFLAG_AUTO);
+}
+
+static verto_mod_ctx *
+k5ev_ctx_default(void)
+{
+    return ev_default_loop(EVFLAG_AUTO);
+}
+
+static void
+k5ev_ctx_free(verto_mod_ctx *ctx)
+{
+    if (ctx != EV_DEFAULT)
+        ev_loop_destroy(ctx);
+}
+
+static void
+k5ev_ctx_run(verto_mod_ctx *ctx)
+{
+    ev_run(ctx, 0);
+}
+
+static void
+k5ev_ctx_run_once(verto_mod_ctx *ctx)
+{
+    ev_run(ctx, EVRUN_ONCE);
+}
+
+static void
+k5ev_ctx_break(verto_mod_ctx *ctx)
+{
+    ev_break(ctx, EVBREAK_ONE);
+}
+
+static void
+k5ev_ctx_reinitialize(verto_mod_ctx *ctx)
+{
+    ev_loop_fork(ctx);
+}
+
+static void
+libev_callback(EV_P_ ev_watcher *w, int revents)
+{
+    verto_ev_flag state = VERTO_EV_FLAG_NONE;
+
+#if EV_MULTIPLICITY
+    /* Match the check in ev.h, which doesn't mark this unused */
+    (void) EV_A;
+#endif
+
+    if (verto_get_type(w->data)== VERTO_EV_TYPE_CHILD)
+        verto_set_proc_status(w->data, ((ev_child*) w)->rstatus);
+
+    if (revents & EV_READ)
+        state |= VERTO_EV_FLAG_IO_READ;
+    if (revents & EV_WRITE)
+        state |= VERTO_EV_FLAG_IO_WRITE;
+    if (revents & EV_ERROR)
+        state |= VERTO_EV_FLAG_IO_ERROR;
+
+    verto_set_fd_state(w->data, state);
+    verto_fire(w->data);
+}
+
+static void
+k5ev_ctx_set_flags(verto_mod_ctx *ctx, const verto_ev *ev,
+		   verto_mod_ev *evpriv)
+{
+    if (verto_get_type(ev) == VERTO_EV_TYPE_IO) {
+        int events = EV_NONE;
+
+        if (verto_get_flags(ev) & VERTO_EV_FLAG_IO_READ)
+            events |= EV_READ;
+        if (verto_get_flags(ev) & VERTO_EV_FLAG_IO_WRITE)
+            events |= EV_WRITE;
+
+        ev_io_stop(ctx, (ev_io*) evpriv);
+        ev_io_set(((ev_io*) evpriv), verto_get_fd(ev), events);
+        ev_io_start(ctx, (ev_io*) evpriv);
+    }
+}
+
+#define setuptype(type, ...) \
+    w.type = malloc(sizeof(ev_ ## type)); \
+    if (w.type) { \
+    	ev_ ## type ## _init(w.type, (EV_CB(type, (*))) __VA_ARGS__); \
+    	ev_ ## type ## _start(ctx, w.type); \
+    } \
+    break
+
+static verto_mod_ev *
+k5ev_ctx_add(verto_mod_ctx *ctx, const verto_ev *ev, verto_ev_flag *flags)
+{
+    union {
+       ev_watcher *watcher;
+       ev_io *io;
+       ev_timer *timer;
+       ev_idle *idle;
+       ev_signal *signal;
+       ev_child *child;
+    } w;
+    ev_tstamp interval;
+
+    w.watcher = NULL;
+    *flags |= VERTO_EV_FLAG_PERSIST;
+    switch (verto_get_type(ev)) {
+        case VERTO_EV_TYPE_IO:
+            setuptype(io, libev_callback, verto_get_fd(ev), EV_NONE);
+        case VERTO_EV_TYPE_TIMEOUT:
+            interval = ((ev_tstamp) verto_get_interval(ev)) / 1000.0;
+            setuptype(timer, libev_callback, interval, interval);
+        case VERTO_EV_TYPE_IDLE:
+            setuptype(idle, libev_callback);
+        case VERTO_EV_TYPE_SIGNAL:
+            setuptype(signal, libev_callback, verto_get_signal(ev));
+        case VERTO_EV_TYPE_CHILD:
+            *flags &= ~VERTO_EV_FLAG_PERSIST; /* Child events don't persist */
+            setuptype(child, libev_callback, verto_get_proc(ev), 0);
+        default:
+            break; /* Not supported */
+    }
+
+    if (w.watcher) {
+        w.watcher->data = (void*) ev;
+        k5ev_ctx_set_flags(ctx, ev, w.watcher);
+    }
+    return w.watcher;
+}
+
+static void
+k5ev_ctx_del(verto_mod_ctx *ctx, const verto_ev *ev, verto_mod_ev *evpriv)
+{
+    switch (verto_get_type(ev)) {
+        case VERTO_EV_TYPE_IO:
+            ev_io_stop(ctx, (ev_io*) evpriv);
+            break;
+        case VERTO_EV_TYPE_TIMEOUT:
+            ev_timer_stop(ctx, (ev_timer*) evpriv);
+            break;
+        case VERTO_EV_TYPE_IDLE:
+            ev_idle_stop(ctx, (ev_idle*) evpriv);
+            break;
+        case VERTO_EV_TYPE_SIGNAL:
+            ev_signal_stop(ctx, (ev_signal*) evpriv);
+            break;
+        case VERTO_EV_TYPE_CHILD:
+            ev_child_stop(ctx, (ev_child*) evpriv);
+            break;
+        default:
+            break;
+    }
+
+    free(evpriv);
+}
+
+verto_ctx *verto_new_k5ev(void);
+verto_ctx *verto_default_k5ev(void);
+
+VERTO_MODULE(k5ev, NULL,
+             VERTO_EV_TYPE_IO |
+             VERTO_EV_TYPE_TIMEOUT |
+             VERTO_EV_TYPE_IDLE |
+             VERTO_EV_TYPE_SIGNAL |
+             VERTO_EV_TYPE_CHILD);
diff --git a/krb5-1.21.3/src/util/verto/verto-libev.c b/krb5-1.21.3/src/util/verto/verto-libev.c
new file mode 100644
index 00000000..99256a2f
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/verto-libev.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <verto-libev.h>
+#define VERTO_MODULE_TYPES
+typedef struct ev_loop verto_mod_ctx;
+typedef ev_watcher verto_mod_ev;
+#include <verto-module.h>
+
+static verto_mod_ctx *
+libev_ctx_new(void)
+{
+    return ev_loop_new(EVFLAG_AUTO);
+}
+
+static verto_mod_ctx *
+libev_ctx_default(void)
+{
+    return ev_default_loop(EVFLAG_AUTO);
+}
+
+static void
+libev_ctx_free(verto_mod_ctx *ctx)
+{
+    if (ctx != EV_DEFAULT)
+        ev_loop_destroy(ctx);
+}
+
+static void
+libev_ctx_run(verto_mod_ctx *ctx)
+{
+    ev_run(ctx, 0);
+}
+
+static void
+libev_ctx_run_once(verto_mod_ctx *ctx)
+{
+    ev_run(ctx, EVRUN_ONCE);
+}
+
+static void
+libev_ctx_break(verto_mod_ctx *ctx)
+{
+    ev_break(ctx, EVBREAK_ONE);
+}
+
+static void
+libev_ctx_reinitialize(verto_mod_ctx *ctx)
+{
+    ev_loop_fork(ctx);
+}
+
+static void
+libev_callback(EV_P_ ev_watcher *w, int revents)
+{
+    verto_ev_flag state = VERTO_EV_FLAG_NONE;
+
+#if EV_MULTIPLICITY
+    /* Match the check in ev.h, which doesn't mark this unused */
+    (void) EV_A;
+#endif
+
+    if (verto_get_type(w->data)== VERTO_EV_TYPE_CHILD)
+        verto_set_proc_status(w->data, ((ev_child*) w)->rstatus);
+
+    if (revents & EV_READ)
+        state |= VERTO_EV_FLAG_IO_READ;
+    if (revents & EV_WRITE)
+        state |= VERTO_EV_FLAG_IO_WRITE;
+    if (revents & EV_ERROR)
+        state |= VERTO_EV_FLAG_IO_ERROR;
+
+    verto_set_fd_state(w->data, state);
+    verto_fire(w->data);
+}
+
+static void
+libev_ctx_set_flags(verto_mod_ctx *ctx, const verto_ev *ev,
+                    verto_mod_ev *evpriv)
+{
+    if (verto_get_type(ev) == VERTO_EV_TYPE_IO) {
+        int events = EV_NONE;
+
+        if (verto_get_flags(ev) & VERTO_EV_FLAG_IO_READ)
+            events |= EV_READ;
+        if (verto_get_flags(ev) & VERTO_EV_FLAG_IO_WRITE)
+            events |= EV_WRITE;
+
+        ev_io_stop(ctx, (ev_io*) evpriv);
+        ev_io_set(((ev_io*) evpriv), verto_get_fd(ev), events);
+        ev_io_start(ctx, (ev_io*) evpriv);
+    }
+}
+
+#define setuptype(type, ...) \
+    w.type = malloc(sizeof(ev_ ## type)); \
+    if (w.type) { \
+    	ev_ ## type ## _init(w.type, (EV_CB(type, (*))) __VA_ARGS__); \
+    	ev_ ## type ## _start(ctx, w.type); \
+    } \
+    break
+
+static verto_mod_ev *
+libev_ctx_add(verto_mod_ctx *ctx, const verto_ev *ev, verto_ev_flag *flags)
+{
+    union {
+       ev_watcher *watcher;
+       ev_io *io;
+       ev_timer *timer;
+       ev_idle *idle;
+       ev_signal *signal;
+       ev_child *child;
+    } w;
+    ev_tstamp interval;
+
+    w.watcher = NULL;
+    *flags |= VERTO_EV_FLAG_PERSIST;
+    switch (verto_get_type(ev)) {
+        case VERTO_EV_TYPE_IO:
+            setuptype(io, libev_callback, verto_get_fd(ev), EV_NONE);
+        case VERTO_EV_TYPE_TIMEOUT:
+            interval = ((ev_tstamp) verto_get_interval(ev)) / 1000.0;
+            setuptype(timer, libev_callback, interval, interval);
+        case VERTO_EV_TYPE_IDLE:
+            setuptype(idle, libev_callback);
+        case VERTO_EV_TYPE_SIGNAL:
+            setuptype(signal, libev_callback, verto_get_signal(ev));
+        case VERTO_EV_TYPE_CHILD:
+            *flags &= ~VERTO_EV_FLAG_PERSIST; /* Child events don't persist */
+            setuptype(child, libev_callback, verto_get_proc(ev), 0);
+        default:
+            break; /* Not supported */
+    }
+
+    if (w.watcher) {
+        w.watcher->data = (void*) ev;
+        libev_ctx_set_flags(ctx, ev, w.watcher);
+    }
+    return w.watcher;
+}
+
+static void
+libev_ctx_del(verto_mod_ctx *ctx, const verto_ev *ev, verto_mod_ev *evpriv)
+{
+    switch (verto_get_type(ev)) {
+        case VERTO_EV_TYPE_IO:
+            ev_io_stop(ctx, (ev_io*) evpriv);
+            break;
+        case VERTO_EV_TYPE_TIMEOUT:
+            ev_timer_stop(ctx, (ev_timer*) evpriv);
+            break;
+        case VERTO_EV_TYPE_IDLE:
+            ev_idle_stop(ctx, (ev_idle*) evpriv);
+            break;
+        case VERTO_EV_TYPE_SIGNAL:
+            ev_signal_stop(ctx, (ev_signal*) evpriv);
+            break;
+        case VERTO_EV_TYPE_CHILD:
+            ev_child_stop(ctx, (ev_child*) evpriv);
+            break;
+        default:
+            break;
+    }
+
+    free(evpriv);
+}
+
+VERTO_MODULE(libev, ev_loop_new,
+             VERTO_EV_TYPE_IO |
+             VERTO_EV_TYPE_TIMEOUT |
+             VERTO_EV_TYPE_IDLE |
+             VERTO_EV_TYPE_SIGNAL |
+             VERTO_EV_TYPE_CHILD);
+
+verto_ctx *
+verto_convert_libev(struct ev_loop* loop)
+{
+    return verto_convert(libev, 0, loop);
+}
diff --git a/krb5-1.21.3/src/util/verto/verto-module.h b/krb5-1.21.3/src/util/verto/verto-module.h
new file mode 100644
index 00000000..4ef3b8af
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/verto-module.h
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/*** THE FOLLOWING ARE FOR IMPLEMENTATION MODULES ONLY ***/
+
+#ifndef VERTO_MODULE_H_
+#define VERTO_MODULE_H_
+
+#include <verto.h>
+
+#ifndef VERTO_MODULE_TYPES
+#define VERTO_MODULE_TYPES
+typedef void verto_mod_ctx;
+typedef void verto_mod_ev;
+#endif
+
+#define VERTO_MODULE_VERSION 3
+#define VERTO_MODULE_TABLE(name) verto_module_table_ ## name
+#define VERTO_MODULE(name, symb, types) \
+    static verto_ctx_funcs name ## _funcs = { \
+        name ## _ctx_new, \
+        name ## _ctx_default, \
+        name ## _ctx_free, \
+        name ## _ctx_run, \
+        name ## _ctx_run_once, \
+        name ## _ctx_break, \
+        name ## _ctx_reinitialize, \
+        name ## _ctx_set_flags, \
+        name ## _ctx_add, \
+        name ## _ctx_del \
+    }; \
+    verto_module VERTO_MODULE_TABLE(name) = { \
+        VERTO_MODULE_VERSION, \
+        # name, \
+        # symb, \
+        types, \
+        &name ## _funcs, \
+    }; \
+    verto_ctx * \
+    verto_new_ ## name() \
+    { \
+        return verto_convert(name, 0, NULL); \
+    } \
+    verto_ctx * \
+    verto_default_ ## name() \
+    { \
+        return verto_convert(name, 1, NULL); \
+    }
+
+typedef struct {
+    /* Required */ verto_mod_ctx *(*ctx_new)();
+    /* Optional */ verto_mod_ctx *(*ctx_default)();
+    /* Required */ void (*ctx_free)(verto_mod_ctx *ctx);
+    /* Optional */ void (*ctx_run)(verto_mod_ctx *ctx);
+    /* Required */ void (*ctx_run_once)(verto_mod_ctx *ctx);
+    /* Optional */ void (*ctx_break)(verto_mod_ctx *ctx);
+    /* Optional */ void (*ctx_reinitialize)(verto_mod_ctx *ctx);
+    /* Optional */ void (*ctx_set_flags)(verto_mod_ctx *ctx,
+                                         const verto_ev *ev,
+                                         verto_mod_ev *modev);
+    /* Required */ verto_mod_ev *(*ctx_add)(verto_mod_ctx *ctx,
+                                            const verto_ev *ev,
+                                            verto_ev_flag *flags);
+    /* Required */ void (*ctx_del)(verto_mod_ctx *ctx,
+                                   const verto_ev *ev,
+                                   verto_mod_ev *modev);
+} verto_ctx_funcs;
+
+typedef struct {
+    unsigned int vers;
+    const char *name;
+    const char *symb;
+    verto_ev_type types;
+    verto_ctx_funcs *funcs;
+} verto_module;
+
+/**
+ * Converts an existing implementation specific loop to a verto_ctx.
+ *
+ * This function also sets the internal default implementation so that future
+ * calls to verto_new(NULL) or verto_default(NULL) will use this specific
+ * implementation if it was not already set.
+ *
+ * @param name The name of the module (unquoted)
+ * @param deflt Whether the ctx is the default context or not
+ * @param ctx The context to store
+ * @return A new verto_ctx, or NULL on error. Call verto_free() when done.
+ */
+#define verto_convert(name, deflt, ctx) \
+        verto_convert_module(&VERTO_MODULE_TABLE(name), deflt, ctx)
+
+/**
+ * Converts an existing implementation specific loop to a verto_ctx.
+ *
+ * If you are a module implementation, you probably want the macro above.  This
+ * function is generally used directly only when an application is attempting
+ * to expose a home-grown event loop to verto.
+ *
+ * If deflt is non-zero and a default ctx was already defined for this module
+ * and ctx is not NULL, than ctx will be free'd and the previously defined
+ * default will be returned.
+ *
+ * If ctx is non-NULL, than the pre-existing verto_mod_ctx will be converted to
+ * to a verto_ctx; if deflt is non-zero than this verto_mod_ctx will also be
+ * marked as the default loop for this process. If ctx is NULL, than the
+ * appropriate constructor will be called: either module->ctx_new() or
+ * module->ctx_default() depending on the boolean value of deflt. If
+ * module->ctx_default is NULL and deflt is non-zero, than module->ctx_new()
+ * will be called and the resulting verto_mod_ctx will be utilized as the
+ * default.
+ *
+ * This function also sets the internal default implementation so that future
+ * calls to verto_new(NULL) or verto_default(NULL) will use this specific
+ * implementation if it was not already set.
+ *
+ * @param name The name of the module (unquoted)
+ * @param ctx The context private to store
+ * @return A new verto_ctx, or NULL on error. Call verto_free() when done.
+ */
+verto_ctx *
+verto_convert_module(const verto_module *module, int deflt, verto_mod_ctx *ctx);
+
+/**
+ * Calls the callback of the verto_ev and then frees it via verto_del().
+ *
+ * The verto_ev is not freed (verto_del() is not called) if it is a signal event.
+ *
+ * @see verto_add_read()
+ * @see verto_add_write()
+ * @see verto_add_timeout()
+ * @see verto_add_idle()
+ * @see verto_add_signal()
+ * @see verto_add_child()
+ * @see verto_del()
+ * @param ev The verto_ev
+ */
+void
+verto_fire(verto_ev *ev);
+
+/**
+ * Sets the status of the pid/handle which caused this event to fire.
+ *
+ * This function does nothing if the verto_ev is not a child type.
+ *
+ * @see verto_add_child()
+ * @param ev The verto_ev to set the status in.
+ * @param status The pid/handle status.
+ */
+void
+verto_set_proc_status(verto_ev *ev, verto_proc_status status);
+
+/**
+ * Sets the state of the fd which caused this event to fire.
+ *
+ * This function does nothing if the verto_ev is not a io type.
+ *
+ * Only the flags VERTO_EV_FLAG_IO_(READ|WRITE|ERROR) are supported. All other
+ * flags are unset.
+ *
+ * @see verto_add_io()
+ * @param ev The verto_ev to set the state in.
+ * @param state The fd state.
+ */
+void
+verto_set_fd_state(verto_ev *ev, verto_ev_flag state);
+
+#endif /* VERTO_MODULE_H_ */
diff --git a/krb5-1.21.3/src/util/verto/verto.c b/krb5-1.21.3/src/util/verto/verto.c
new file mode 100644
index 00000000..71eaffa0
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/verto.c
@@ -0,0 +1,1050 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <signal.h>
+#include <assert.h>
+#include <stdarg.h>
+
+#include <libgen.h>
+#include <sys/types.h>
+#include <dirent.h>
+
+#ifdef HAVE_PTHREAD
+#include <pthread.h>
+#endif
+
+#include <verto-module.h>
+#include "module.h"
+
+#define  _str(s) # s
+#define __str(s) _str(s)
+
+#define MUTABLE(flags) (flags & _VERTO_EV_FLAG_MUTABLE_MASK)
+
+/* Remove flags we can emulate */
+#define make_actual(flags) ((flags) & ~(VERTO_EV_FLAG_PERSIST|VERTO_EV_FLAG_IO_CLOSE_FD))
+
+struct verto_ctx {
+    size_t ref;
+    verto_mod_ctx *ctx;
+    const verto_module *module;
+    verto_ev *events;
+    int deflt;
+    int exit;
+};
+
+typedef struct {
+    verto_proc proc;
+    verto_proc_status status;
+} verto_child;
+
+typedef struct {
+    int fd;
+    verto_ev_flag state;
+} verto_io;
+
+struct verto_ev {
+    verto_ev *next;
+    verto_ctx *ctx;
+    verto_ev_type type;
+    verto_callback *callback;
+    verto_callback *onfree;
+    void *priv;
+    verto_mod_ev *ev;
+    verto_ev_flag flags;
+    verto_ev_flag actual;
+    size_t depth;
+    int deleted;
+    union {
+        verto_io io;
+        int signal;
+        time_t interval;
+        verto_child child;
+    } option;
+};
+
+typedef struct module_record module_record;
+struct module_record {
+    module_record *next;
+    const verto_module *module;
+    void *dll;
+    char *filename;
+    verto_ctx *defctx;
+};
+
+
+#ifdef BUILTIN_MODULE
+#define _MODTABLE(n) verto_module_table_ ## n
+#define MODTABLE(n) _MODTABLE(n)
+/*
+ * This symbol can be used when embedding verto.c in a library along with a
+ * built-in private module, to preload the module instead of dynamically
+ * linking it in later.  Define to <modulename>.
+ */
+extern verto_module MODTABLE(BUILTIN_MODULE);
+static module_record builtin_record = {
+    NULL, &MODTABLE(BUILTIN_MODULE), NULL, "", NULL
+};
+static module_record *loaded_modules = &builtin_record;
+#else
+static module_record *loaded_modules;
+#endif
+
+static void *(*resize_cb)(void *mem, size_t size);
+static int resize_cb_hierarchical;
+
+#ifdef HAVE_PTHREAD
+static pthread_mutex_t loaded_modules_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+#ifndef NDEBUG
+#define mutex_lock(x) { \
+        int c = pthread_mutex_lock(x); \
+        if (c != 0) { \
+            fprintf(stderr, "pthread_mutex_lock returned %d (%s) in %s", \
+                    c, strerror(c), __FUNCTION__); \
+        } \
+        assert(c == 0); \
+    }
+#define mutex_unlock(x) { \
+        int c = pthread_mutex_unlock(x); \
+        if (c != 0) { \
+            fprintf(stderr, "pthread_mutex_unlock returned %d (%s) in %s", \
+                    c, strerror(c), __FUNCTION__); \
+        } \
+        assert(c == 0); \
+    }
+#define mutex_destroy(x) { \
+        int c = pthread_mutex_destroy(x); \
+        if (c != 0) { \
+            fprintf(stderr, "pthread_mutex_destroy returned %d (%s) in %s", \
+                    c, strerror(c), __FUNCTION__); \
+        } \
+        assert(c == 0); \
+    }
+#else /* NDEBUG */
+#define mutex_lock pthread_mutex_lock
+#define mutex_unlock pthread_mutex_unlock
+#define mutex_destroy pthread_mutex_destroy
+#endif /* NDEBUG */
+
+#else /* HAVE_PTHREAD */
+#define mutex_lock(x)
+#define mutex_unlock(x)
+#define mutex_destroy(x)
+#endif /* HAVE_PTHREAD */
+
+#define vfree(mem) vresize(mem, 0)
+static void *
+vresize(void *mem, size_t size)
+{
+    if (!resize_cb)
+        resize_cb = &realloc;
+    if (size == 0 && resize_cb == &realloc) {
+        /* Avoid memleak as realloc(X, 0) can return a free-able pointer. */
+        free(mem);
+        return NULL;
+    }
+    return (*resize_cb)(mem, size);
+}
+
+#ifndef BUILTIN_MODULE
+static char *
+string_aconcat(const char *first, const char *second, const char *third) {
+    char *ret;
+    size_t len;
+
+    len = strlen(first) + strlen(second);
+    if (third)
+        len += strlen(third);
+
+    ret = malloc(len + 1);
+    if (!ret)
+        return NULL;
+
+    strncpy(ret, first, strlen(first));
+    strncpy(ret + strlen(first), second, strlen(second));
+    if (third)
+        strncpy(ret + strlen(first) + strlen(second), third, strlen(third));
+
+    ret[len] = '\0';
+    return ret;
+}
+
+static char *
+int_get_table_name_from_filename(const char *filename)
+{
+    char *bn = NULL, *tmp = NULL;
+
+    if (!filename)
+        return NULL;
+
+    tmp = strdup(filename);
+    if (!tmp)
+        return NULL;
+
+    bn = basename(tmp);
+    if (bn)
+        bn = strdup(bn);
+    free(tmp);
+    if (!bn)
+        return NULL;
+
+    tmp = strchr(bn, '-');
+    if (tmp) {
+        if (strchr(tmp+1, '.')) {
+            *strchr(tmp+1, '.') = '\0';
+            tmp = string_aconcat(__str(VERTO_MODULE_TABLE()), tmp + 1, NULL);
+        } else
+            tmp = NULL;
+    }
+
+    free(bn);
+    return tmp;
+}
+
+typedef struct {
+    int reqsym;
+    verto_ev_type reqtypes;
+} shouldload_data;
+
+static int
+shouldload(void *symb, void *misc, char **err)
+{
+    verto_module *table = (verto_module*) symb;
+    shouldload_data *data = (shouldload_data*) misc;
+
+    /* Make sure we have the proper version */
+    if (table->vers != VERTO_MODULE_VERSION) {
+        if (err)
+            *err = strdup("Invalid module version!");
+        return 0;
+    }
+
+    /* Check to make sure that we have our required symbol if reqsym == true */
+    if (table->symb && data->reqsym
+            && !module_symbol_is_present(NULL, table->symb)) {
+        if (err)
+            *err = string_aconcat("Symbol not found: ", table->symb, "!");
+        return 0;
+    }
+
+    /* Check to make sure that this module supports our required features */
+    if (data->reqtypes != VERTO_EV_TYPE_NONE
+            && (table->types & data->reqtypes) != data->reqtypes) {
+        if (err)
+            *err = strdup("Module does not support required features!");
+        return 0;
+    }
+
+    return 1;
+}
+
+static int
+do_load_file(const char *filename, int reqsym, verto_ev_type reqtypes,
+             module_record **record)
+{
+    char *tblname = NULL, *error = NULL;
+    module_record *tmp;
+    shouldload_data data  = { reqsym, reqtypes };
+
+    /* Check the loaded modules to see if we already loaded one */
+    mutex_lock(&loaded_modules_mutex);
+    for (*record = loaded_modules ; *record ; *record = (*record)->next) {
+        if (!strcmp((*record)->filename, filename)) {
+            mutex_unlock(&loaded_modules_mutex);
+            return 1;
+        }
+    }
+    mutex_unlock(&loaded_modules_mutex);
+
+    /* Create our module record */
+    tmp = *record = vresize(NULL, sizeof(module_record));
+    if (!tmp)
+        return 0;
+    memset(tmp, 0, sizeof(module_record));
+    tmp->filename = strdup(filename);
+    if (!tmp->filename) {
+        vfree(tmp);
+        return 0;
+    }
+
+    /* Get the name of the module struct in the library */
+    tblname = int_get_table_name_from_filename(filename);
+    if (!tblname) {
+        free(tblname);
+        free(tmp->filename);
+        vfree(tmp);
+        return 0;
+    }
+
+    /* Load the module */
+    error = module_load(filename, tblname, shouldload, &data, &tmp->dll,
+                        (void **) &tmp->module);
+    if (error || !tmp->dll || !tmp->module) {
+        /*if (error)
+            fprintf(stderr, "%s\n", error);*/
+        free(error);
+        module_close(tmp->dll);
+        free(tblname);
+        free(tmp->filename);
+        vfree(tmp);
+        return 0;
+    }
+
+    /* Append the new module to the end of the loaded modules */
+    mutex_lock(&loaded_modules_mutex);
+    for (tmp = loaded_modules ; tmp && tmp->next; tmp = tmp->next)
+        continue;
+    if (tmp)
+        tmp->next = *record;
+    else
+        loaded_modules = *record;
+    mutex_unlock(&loaded_modules_mutex);
+
+    free(tblname);
+    return 1;
+}
+
+static int
+do_load_dir(const char *dirname, const char *prefix, const char *suffix,
+            int reqsym, verto_ev_type reqtypes, module_record **record)
+{
+    DIR *dir;
+    struct dirent *ent = NULL;
+
+    *record = NULL;
+    dir = opendir(dirname);
+    if (!dir)
+        return 0;
+
+
+    while ((ent = readdir(dir))) {
+        char *tmp = NULL;
+        int success;
+        size_t flen, slen;
+
+        flen = strlen(ent->d_name);
+        slen = strlen(suffix);
+
+        if (!strcmp(".", ent->d_name) || !strcmp("..", ent->d_name))
+            continue;
+        if (strstr(ent->d_name, prefix) != ent->d_name)
+            continue;
+        if (flen < slen || strcmp(ent->d_name + flen - slen, suffix))
+            continue;
+
+        tmp = string_aconcat(dirname, "/", ent->d_name);
+        if (!tmp)
+            continue;
+
+        success = do_load_file(tmp, reqsym, reqtypes, record);
+        free(tmp);
+        if (success)
+            break;
+        *record = NULL;
+    }
+
+    closedir(dir);
+    return *record != NULL;
+}
+#endif
+
+static int
+load_module(const char *impl, verto_ev_type reqtypes, module_record **record)
+{
+    int success = 0;
+#ifndef BUILTIN_MODULE
+    char *prefix = NULL;
+    char *suffix = NULL;
+    char *tmp = NULL;
+#endif
+
+    /* Check the cache */
+    mutex_lock(&loaded_modules_mutex);
+    if (impl) {
+        for (*record = loaded_modules ; *record ; *record = (*record)->next) {
+            if ((strchr(impl, '/') && !strcmp(impl, (*record)->filename))
+                    || !strcmp(impl, (*record)->module->name)) {
+                mutex_unlock(&loaded_modules_mutex);
+                return 1;
+            }
+        }
+    } else if (loaded_modules) {
+        for (*record = loaded_modules ; *record ; *record = (*record)->next) {
+            if (reqtypes == VERTO_EV_TYPE_NONE
+                    || ((*record)->module->types & reqtypes) == reqtypes) {
+                mutex_unlock(&loaded_modules_mutex);
+                return 1;
+            }
+        }
+    }
+    mutex_unlock(&loaded_modules_mutex);
+
+#ifndef BUILTIN_MODULE
+    if (!module_get_filename_for_symbol(verto_convert_module, &prefix))
+        return 0;
+
+    /* Example output:
+     *    prefix == /usr/lib/libverto-
+     *    impl == glib
+     *    suffix == .so.0
+     * Put them all together: /usr/lib/libverto-glib.so.0 */
+    tmp = strdup(prefix);
+    if (!tmp) {
+        free(prefix);
+        return 0;
+    }
+
+    suffix = basename(tmp);
+    suffix = strchr(suffix, '.');
+    if (!suffix || strlen(suffix) < 1 || !(suffix = strdup(suffix))) {
+        free(prefix);
+        free(tmp);
+        return 0;
+    }
+    strcpy(prefix + strlen(prefix) - strlen(suffix), "-");
+    free(tmp);
+
+    if (impl) {
+        /* Try to do a load by the path */
+        if (!success && strchr(impl, '/'))
+            success = do_load_file(impl, 0, reqtypes, record);
+        if (!success) {
+            /* Try to do a load by the name */
+            tmp = string_aconcat(prefix, impl, suffix);
+            if (tmp) {
+                success = do_load_file(tmp, 0, reqtypes, record);
+                free(tmp);
+            }
+        }
+    } else {
+        /* NULL was passed, so we will use the dirname of
+         * the prefix to try and find any possible plugins */
+        tmp = strdup(prefix);
+        if (tmp) {
+            char *dname = strdup(dirname(tmp));
+            free(tmp);
+
+            tmp = strdup(basename(prefix));
+            free(prefix);
+            prefix = tmp;
+
+            if (dname && prefix) {
+                /* Attempt to find a module we are already linked to */
+                success = do_load_dir(dname, prefix, suffix, 1, reqtypes,
+                                      record);
+                if (!success) {
+#ifdef DEFAULT_MODULE
+                    /* Attempt to find the default module */
+                    success = load_module(DEFAULT_MODULE, reqtypes, record);
+                    if (!success)
+#endif /* DEFAULT_MODULE */
+                        /* Attempt to load any plugin (we're desperate) */
+                        success = do_load_dir(dname, prefix, suffix, 0,
+                                              reqtypes, record);
+                }
+            }
+
+            free(dname);
+        }
+    }
+
+    free(suffix);
+    free(prefix);
+#endif /* BUILTIN_MODULE */
+    return success;
+}
+
+static verto_ev *
+make_ev(verto_ctx *ctx, verto_callback *callback,
+        verto_ev_type type, verto_ev_flag flags)
+{
+    verto_ev *ev = NULL;
+
+    if (!ctx || !callback)
+        return NULL;
+
+    ev = vresize(NULL, sizeof(verto_ev));
+    if (ev) {
+        memset(ev, 0, sizeof(verto_ev));
+        ev->ctx        = ctx;
+        ev->type       = type;
+        ev->callback   = callback;
+        ev->flags      = flags;
+    }
+
+    return ev;
+}
+
+static void
+push_ev(verto_ctx *ctx, verto_ev *ev)
+{
+    verto_ev *tmp;
+
+    if (!ctx || !ev)
+        return;
+
+    tmp = ctx->events;
+    ctx->events = ev;
+    ctx->events->next = tmp;
+}
+
+static void
+remove_ev(verto_ev **origin, verto_ev *item)
+{
+    if (!origin || !*origin || !item)
+        return;
+
+    if (*origin == item)
+        *origin = (*origin)->next;
+    else
+        remove_ev(&((*origin)->next), item);
+}
+
+static void
+signal_ignore(verto_ctx *ctx, verto_ev *ev)
+{
+    (void) ctx;
+    (void) ev;
+}
+
+verto_ctx *
+verto_new(const char *impl, verto_ev_type reqtypes)
+{
+    module_record *mr = NULL;
+
+    if (!load_module(impl, reqtypes, &mr))
+        return NULL;
+
+    return verto_convert_module(mr->module, 0, NULL);
+}
+
+verto_ctx *
+verto_default(const char *impl, verto_ev_type reqtypes)
+{
+    module_record *mr = NULL;
+
+    if (!load_module(impl, reqtypes, &mr))
+        return NULL;
+
+    return verto_convert_module(mr->module, 1, NULL);
+}
+
+int
+verto_set_default(const char *impl, verto_ev_type reqtypes)
+{
+    module_record *mr;
+
+    mutex_lock(&loaded_modules_mutex);
+    if (loaded_modules || !impl) {
+        mutex_unlock(&loaded_modules_mutex);
+        return 0;
+    }
+    mutex_unlock(&loaded_modules_mutex);
+
+    return load_module(impl, reqtypes, &mr);
+}
+
+int
+verto_set_allocator(void *(*resize)(void *mem, size_t size),
+                    int hierarchical)
+{
+    if (resize_cb || !resize)
+        return 0;
+    resize_cb = resize;
+    resize_cb_hierarchical = hierarchical;
+    return 1;
+}
+
+void
+verto_free(verto_ctx *ctx)
+{
+    if (!ctx)
+        return;
+
+    ctx->ref = ctx->ref > 0 ? ctx->ref - 1 : 0;
+    if (ctx->ref > 0)
+        return;
+
+    /* Cancel all pending events */
+    while (ctx->events)
+        verto_del(ctx->events);
+
+    /* Free the private */
+    if (!ctx->deflt || !ctx->module->funcs->ctx_default)
+        ctx->module->funcs->ctx_free(ctx->ctx);
+
+    vfree(ctx);
+}
+
+void
+verto_cleanup(void)
+{
+    module_record *record;
+
+    mutex_lock(&loaded_modules_mutex);
+
+    for (record = loaded_modules; record; record = record->next) {
+        module_close(record->dll);
+        free(record->filename);
+    }
+
+    vfree(loaded_modules);
+    loaded_modules = NULL;
+
+    mutex_unlock(&loaded_modules_mutex);
+    mutex_destroy(&loaded_modules_mutex);
+}
+
+void
+verto_run(verto_ctx *ctx)
+{
+    if (!ctx)
+        return;
+
+    if (ctx->module->funcs->ctx_break && ctx->module->funcs->ctx_run)
+        ctx->module->funcs->ctx_run(ctx->ctx);
+    else {
+        while (!ctx->exit)
+            ctx->module->funcs->ctx_run_once(ctx->ctx);
+        ctx->exit = 0;
+    }
+}
+
+void
+verto_run_once(verto_ctx *ctx)
+{
+    if (!ctx)
+        return;
+    ctx->module->funcs->ctx_run_once(ctx->ctx);
+}
+
+void
+verto_break(verto_ctx *ctx)
+{
+    if (!ctx)
+        return;
+
+    if (ctx->module->funcs->ctx_break && ctx->module->funcs->ctx_run)
+        ctx->module->funcs->ctx_break(ctx->ctx);
+    else
+        ctx->exit = 1;
+}
+
+int
+verto_reinitialize(verto_ctx *ctx)
+{
+    verto_ev *tmp, *next;
+    int error = 1;
+
+    if (!ctx)
+        return 0;
+
+    /* Delete all events, but keep around the forkable ev structs */
+    for (tmp = ctx->events; tmp; tmp = next) {
+        next = tmp->next;
+
+        if (tmp->flags & VERTO_EV_FLAG_REINITIABLE)
+            ctx->module->funcs->ctx_del(ctx->ctx, tmp, tmp->ev);
+        else
+            verto_del(tmp);
+    }
+
+    /* Reinit the loop */
+    if (ctx->module->funcs->ctx_reinitialize)
+        ctx->module->funcs->ctx_reinitialize(ctx->ctx);
+
+    /* Recreate events that were marked forkable */
+    for (tmp = ctx->events; tmp; tmp = tmp->next) {
+        tmp->actual = make_actual(tmp->flags);
+        tmp->ev = ctx->module->funcs->ctx_add(ctx->ctx, tmp, &tmp->actual);
+        if (!tmp->ev)
+            error = 0;
+    }
+
+    return error;
+}
+
+#define doadd(ev, set, type) \
+    ev = make_ev(ctx, callback, type, flags); \
+    if (ev) { \
+        set; \
+        ev->actual = make_actual(ev->flags); \
+        ev->ev = ctx->module->funcs->ctx_add(ctx->ctx, ev, &ev->actual); \
+        if (!ev->ev) { \
+            vfree(ev); \
+            return NULL; \
+        } \
+        push_ev(ctx, ev); \
+    }
+
+verto_ev *
+verto_add_io(verto_ctx *ctx, verto_ev_flag flags,
+             verto_callback *callback, int fd)
+{
+    verto_ev *ev;
+
+    if (fd < 0 || !(flags & (VERTO_EV_FLAG_IO_READ | VERTO_EV_FLAG_IO_WRITE)))
+        return NULL;
+
+    doadd(ev, ev->option.io.fd = fd, VERTO_EV_TYPE_IO);
+    return ev;
+}
+
+verto_ev *
+verto_add_timeout(verto_ctx *ctx, verto_ev_flag flags,
+                  verto_callback *callback, time_t interval)
+{
+    verto_ev *ev;
+    doadd(ev, ev->option.interval = interval, VERTO_EV_TYPE_TIMEOUT);
+    return ev;
+}
+
+verto_ev *
+verto_add_idle(verto_ctx *ctx, verto_ev_flag flags,
+               verto_callback *callback)
+{
+    verto_ev *ev;
+    doadd(ev,, VERTO_EV_TYPE_IDLE);
+    return ev;
+}
+
+verto_ev *
+verto_add_signal(verto_ctx *ctx, verto_ev_flag flags,
+                 verto_callback *callback, int signal)
+{
+    verto_ev *ev;
+
+    if (signal < 0)
+        return NULL;
+#ifndef WIN32
+    if (signal == SIGCHLD)
+        return NULL;
+#endif
+    if (callback == VERTO_SIG_IGN) {
+        callback = signal_ignore;
+        if (!(flags & VERTO_EV_FLAG_PERSIST))
+            return NULL;
+    }
+    doadd(ev, ev->option.signal = signal, VERTO_EV_TYPE_SIGNAL);
+    return ev;
+}
+
+verto_ev *
+verto_add_child(verto_ctx *ctx, verto_ev_flag flags,
+                verto_callback *callback, verto_proc proc)
+{
+    verto_ev *ev;
+
+    if (flags & VERTO_EV_FLAG_PERSIST) /* persist makes no sense */
+        return NULL;
+#ifdef WIN32
+    if (proc == NULL)
+#else
+    if (proc < 1)
+#endif
+        return NULL;
+    doadd(ev, ev->option.child.proc = proc, VERTO_EV_TYPE_CHILD);
+    return ev;
+}
+
+void
+verto_set_private(verto_ev *ev, void *priv, verto_callback *free)
+{
+    if (!ev)
+        return;
+    if (ev->onfree && free)
+        ev->onfree(ev->ctx, ev);
+    ev->priv = priv;
+    ev->onfree = free;
+}
+
+void *
+verto_get_private(const verto_ev *ev)
+{
+    return ev->priv;
+}
+
+verto_ev_type
+verto_get_type(const verto_ev *ev)
+{
+    return ev->type;
+}
+
+verto_ev_flag
+verto_get_flags(const verto_ev *ev)
+{
+    return ev->flags;
+}
+
+void
+verto_set_flags(verto_ev *ev, verto_ev_flag flags)
+{
+    if (!ev)
+        return;
+
+    /* No modification is needed, so do nothing. */
+    if (MUTABLE(ev->flags) == MUTABLE(flags))
+        return;
+
+    ev->flags  &= ~_VERTO_EV_FLAG_MUTABLE_MASK;
+    ev->flags  |= MUTABLE(flags);
+
+    /* If setting flags isn't supported, just rebuild the event */
+    if (!ev->ctx->module->funcs->ctx_set_flags) {
+        ev->ctx->module->funcs->ctx_del(ev->ctx->ctx, ev, ev->ev);
+        ev->actual = make_actual(ev->flags);
+        ev->ev = ev->ctx->module->funcs->ctx_add(ev->ctx->ctx, ev, &ev->actual);
+        assert(ev->ev); /* Here is the main reason why modules should */
+        return;         /* implement set_flags(): we cannot fail gracefully. */
+    }
+
+    ev->actual &= ~_VERTO_EV_FLAG_MUTABLE_MASK;
+    ev->actual |= MUTABLE(flags);
+    ev->ctx->module->funcs->ctx_set_flags(ev->ctx->ctx, ev, ev->ev);
+}
+
+int
+verto_get_fd(const verto_ev *ev)
+{
+    if (ev && (ev->type == VERTO_EV_TYPE_IO))
+        return ev->option.io.fd;
+    return -1;
+}
+
+verto_ev_flag
+verto_get_fd_state(const verto_ev *ev)
+{
+    return ev->option.io.state;
+}
+
+time_t
+verto_get_interval(const verto_ev *ev)
+{
+    if (ev && (ev->type == VERTO_EV_TYPE_TIMEOUT))
+        return ev->option.interval;
+    return 0;
+}
+
+int
+verto_get_signal(const verto_ev *ev)
+{
+    if (ev && (ev->type == VERTO_EV_TYPE_SIGNAL))
+        return ev->option.signal;
+    return -1;
+}
+
+verto_proc
+verto_get_proc(const verto_ev *ev) {
+    if (ev && ev->type == VERTO_EV_TYPE_CHILD)
+        return ev->option.child.proc;
+    return (verto_proc) 0;
+}
+
+verto_proc_status
+verto_get_proc_status(const verto_ev *ev)
+{
+    return ev->option.child.status;
+}
+
+verto_ctx *
+verto_get_ctx(const verto_ev *ev)
+{
+    return ev->ctx;
+}
+
+void
+verto_del(verto_ev *ev)
+{
+    if (!ev)
+        return;
+
+    /* If the event is freed in the callback, we just set a flag so that
+     * verto_fire() can actually do the delete when the callback completes.
+     *
+     * If we don't do this, than verto_fire() will access freed memory. */
+    if (ev->depth > 0) {
+        ev->deleted = 1;
+        return;
+    }
+
+    if (ev->onfree)
+        ev->onfree(ev->ctx, ev);
+    ev->ctx->module->funcs->ctx_del(ev->ctx->ctx, ev, ev->ev);
+    remove_ev(&(ev->ctx->events), ev);
+
+    if ((ev->type == VERTO_EV_TYPE_IO) &&
+        (ev->flags & VERTO_EV_FLAG_IO_CLOSE_FD) &&
+        !(ev->actual & VERTO_EV_FLAG_IO_CLOSE_FD))
+        close(ev->option.io.fd);
+
+    vfree(ev);
+}
+
+verto_ev_type
+verto_get_supported_types(verto_ctx *ctx)
+{
+    return ctx->module->types;
+}
+
+/*** THE FOLLOWING ARE FOR IMPLEMENTATION MODULES ONLY ***/
+
+verto_ctx *
+verto_convert_module(const verto_module *module, int deflt, verto_mod_ctx *mctx)
+{
+    verto_ctx *ctx = NULL;
+    module_record *mr;
+
+    if (!module)
+        return NULL;
+
+    if (deflt) {
+        mutex_lock(&loaded_modules_mutex);
+        for (mr = loaded_modules ; mr ; mr = mr->next) {
+            verto_ctx *tmp;
+            if (mr->module == module && mr->defctx) {
+                if (mctx)
+                    module->funcs->ctx_free(mctx);
+                tmp = mr->defctx;
+                tmp->ref++;
+                mutex_unlock(&loaded_modules_mutex);
+                return tmp;
+            }
+        }
+        mutex_unlock(&loaded_modules_mutex);
+    }
+
+    if (!mctx) {
+        mctx = deflt
+                    ? (module->funcs->ctx_default
+                        ? module->funcs->ctx_default()
+                        : module->funcs->ctx_new())
+                    : module->funcs->ctx_new();
+        if (!mctx)
+            goto error;
+    }
+
+    ctx = vresize(NULL, sizeof(verto_ctx));
+    if (!ctx)
+        goto error;
+    memset(ctx, 0, sizeof(verto_ctx));
+
+    ctx->ref = 1;
+    ctx->ctx = mctx;
+    ctx->module = module;
+    ctx->deflt = deflt;
+
+    if (deflt) {
+        module_record **tmp;
+
+        mutex_lock(&loaded_modules_mutex);
+        tmp = &loaded_modules;
+        for (mr = loaded_modules ; mr ; mr = mr->next) {
+            if (mr->module == module) {
+                assert(mr->defctx == NULL);
+                mr->defctx = ctx;
+                mutex_unlock(&loaded_modules_mutex);
+                return ctx;
+            }
+
+            if (!mr->next) {
+                tmp = &mr->next;
+                break;
+            }
+        }
+        mutex_unlock(&loaded_modules_mutex);
+
+        *tmp = vresize(NULL, sizeof(module_record));
+        if (!*tmp) {
+            vfree(ctx);
+            goto error;
+        }
+
+        memset(*tmp, 0, sizeof(module_record));
+        (*tmp)->defctx = ctx;
+        (*tmp)->module = module;
+    }
+
+    return ctx;
+
+error:
+    if (mctx)
+        module->funcs->ctx_free(mctx);
+    return NULL;
+}
+
+void
+verto_fire(verto_ev *ev)
+{
+    void *priv;
+
+    ev->depth++;
+    ev->callback(ev->ctx, ev);
+    ev->depth--;
+
+    if (ev->depth == 0) {
+        if (!(ev->flags & VERTO_EV_FLAG_PERSIST) || ev->deleted)
+            verto_del(ev);
+        else {
+            if (!(ev->actual & VERTO_EV_FLAG_PERSIST)) {
+                ev->actual = make_actual(ev->flags);
+                priv = ev->ctx->module->funcs->ctx_add(ev->ctx->ctx, ev, &ev->actual);
+                assert(priv); /* TODO: create an error callback */
+                ev->ctx->module->funcs->ctx_del(ev->ctx->ctx, ev, ev->ev);
+                ev->ev = priv;
+            }
+
+            if (ev->type == VERTO_EV_TYPE_IO)
+                ev->option.io.state = VERTO_EV_FLAG_NONE;
+            if (ev->type == VERTO_EV_TYPE_CHILD)
+                ev->option.child.status = 0;
+        }
+    }
+}
+
+void
+verto_set_proc_status(verto_ev *ev, verto_proc_status status)
+{
+    if (ev && ev->type == VERTO_EV_TYPE_CHILD)
+        ev->option.child.status = status;
+}
+
+void
+verto_set_fd_state(verto_ev *ev, verto_ev_flag state)
+{
+    /* Filter out only the io flags */
+    state = state & (VERTO_EV_FLAG_IO_READ |
+                     VERTO_EV_FLAG_IO_WRITE |
+                     VERTO_EV_FLAG_IO_ERROR);
+
+    /* Don't report read/write if the socket is closed */
+    if (state & VERTO_EV_FLAG_IO_ERROR)
+        state = VERTO_EV_FLAG_IO_ERROR;
+
+    if (ev && ev->type == VERTO_EV_TYPE_IO)
+        ev->option.io.state = state;
+}
diff --git a/krb5-1.21.3/src/util/verto/verto.h b/krb5-1.21.3/src/util/verto/verto.h
new file mode 100644
index 00000000..55c58361
--- /dev/null
+++ b/krb5-1.21.3/src/util/verto/verto.h
@@ -0,0 +1,575 @@
+/*
+ * Copyright 2011 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#ifndef VERTO_H_
+#define VERTO_H_
+
+#include <time.h>   /* For time_t */
+#include <unistd.h> /* For pid_t */
+
+#ifdef WIN32
+#include <windows.h>
+typedef HANDLE verto_proc;
+typedef DWORD verto_proc_status;
+#else
+#include <sys/types.h>
+typedef pid_t verto_proc;
+typedef int verto_proc_status;
+#endif
+
+#define VERTO_SIG_IGN ((verto_callback *) 1)
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif /* __cplusplus */
+
+typedef struct verto_ctx verto_ctx;
+typedef struct verto_ev verto_ev;
+
+typedef enum {
+    VERTO_EV_TYPE_NONE = 0,
+    VERTO_EV_TYPE_IO = 1,
+    VERTO_EV_TYPE_TIMEOUT = 1 << 1,
+    VERTO_EV_TYPE_IDLE = 1 << 2,
+    VERTO_EV_TYPE_SIGNAL = 1 << 3,
+    VERTO_EV_TYPE_CHILD = 1 << 4
+} verto_ev_type;
+
+typedef enum {
+    VERTO_EV_FLAG_NONE = 0,
+    VERTO_EV_FLAG_PERSIST = 1,
+    VERTO_EV_FLAG_PRIORITY_LOW = 1 << 1,
+    VERTO_EV_FLAG_PRIORITY_MEDIUM = 1 << 2,
+    VERTO_EV_FLAG_PRIORITY_HIGH = 1 << 3,
+    VERTO_EV_FLAG_IO_READ = 1 << 4,
+    VERTO_EV_FLAG_IO_WRITE = 1 << 5,
+    VERTO_EV_FLAG_IO_ERROR = 1 << 7,
+    VERTO_EV_FLAG_IO_CLOSE_FD = 1 << 8,
+    VERTO_EV_FLAG_REINITIABLE = 1 << 6,
+    _VERTO_EV_FLAG_MUTABLE_MASK = VERTO_EV_FLAG_PRIORITY_LOW
+                                  | VERTO_EV_FLAG_PRIORITY_MEDIUM
+                                  | VERTO_EV_FLAG_PRIORITY_HIGH
+                                  | VERTO_EV_FLAG_IO_READ
+                                  | VERTO_EV_FLAG_IO_WRITE,
+    _VERTO_EV_FLAG_MAX = VERTO_EV_FLAG_IO_CLOSE_FD
+} verto_ev_flag;
+
+typedef void (verto_callback)(verto_ctx *ctx, verto_ev *ev);
+
+/**
+ * Creates a new event context using an optionally specified implementation
+ * and/or optionally specified required features.
+ *
+ * If you are an application that has already decided on using a particular
+ * event loop implementation, you should not call this function, but instead
+ * import the verto-NAME.h header and link against the verto-NAME.so, where
+ * NAME is the implementation you wish to use.
+ *
+ * If you are a library, you should generally avoid creating event contexts
+ * on your own but allow applications to pass in a verto_ctx you can use.
+ *
+ * There are two cases where you should use this function.  The first is
+ * where you have a need to choose an implementation at run time, usually
+ * for testing purposes.  The second and more common is when you simply
+ * wish to remain implementation agnostic.  In this later case, you should
+ * always call like this: verto_new(NULL, ...).  This lets verto choose the best
+ * implementation to use.
+ *
+ * If impl is not NULL, a new context is returned which is backed by the
+ * implementation specified. If the implementation specified is not
+ * available or if the required types (reqtypes) are not provided by the
+ * named implementation, NULL is returned. The parameter 'impl' can specify:
+ *   * The full path to an implementation library
+ *   * The name of the implementation library (i.e. - "glib" or "libev")
+ *
+ * If impl is NULL, verto will attempt to automatically determine the
+ * best implementation to use.
+ *
+ * First, verto will attempt to use an existing, previously loaded
+ * implementation. This is handled automatically by internal caching of either
+ * the first implementation loaded or the one specified by verto_set_default().
+ *
+ * Second, verto will attempt to discern if you are already linked to any
+ * of the supported implementations (to avoid wasting memory by loading
+ * extra unnecessary libraries).  If you are linked to one supported
+ * implementation, that implementation will be chosen.  If you are linked
+ * to more than one supported implementation one of the ones linked to
+ * will be chosen, but the order of the particular choice is undefined.
+ *
+ * Third, verto will attempt to load the compile-time default, if defined at
+ * build time and available at runtime.
+ *
+ * Last, verto will attempt to load any implementation installed. The specific
+ * order of this step is undefined.
+ *
+ * In all cases above, if the implementation does not support all the specified
+ * features (reqtypes), it will be skipped and processing will continue from
+ * where it left off. This means that if verto_new() returns non-NULL it is
+ * guaranteed to support the features you specified.
+ *
+ * @see verto_set_default()
+ * @param impl The implementation to use, or NULL.
+ * @param reqtypes A bitwise or'd list of required event type features.
+ * @return A new verto_ctx, or NULL on error.  Call verto_free() when done.
+ */
+verto_ctx *
+verto_new(const char *impl, verto_ev_type reqtypes);
+
+/**
+ * Gets the default event context using an optionally specified implementation.
+ *
+ * This function is essentially a singleton version of verto_new().  However,
+ * since this function must return the same loop as the *_default() call of
+ * the underlying implementation (if such a function exists), it is NOT a
+ * global singleton, but a per-implementation singleton. For this reason, you
+ * must call verto_free() when you are done with this loop. Even after calling
+ * verto_free() on the default verto_ctx, you can safely call verto_default()
+ * again and receive a new reference to the same (internally default) loop.
+ *
+ * In all other respects, verto_default() acts exactly like verto_new().
+ *
+ * @see verto_new()
+ * @see verto_free()
+ * @param impl The implementation to use, or NULL.
+ * @param reqtypes A bitwise or'd list of required event type features.
+ * @return The default verto_ctx, or NULL on error.  Call verto_free() when done.
+ */
+verto_ctx *
+verto_default(const char *impl, verto_ev_type reqtypes);
+
+/**
+ * Sets the default implementation to use by its name.
+ *
+ * This function returns 1 on success and 0 on failure.  It can fail for the
+ * following reasons:
+ *   1. The default implementation was already set via verto_set_default().
+ *   2. The implementation specified could not be found.
+ *   3. The implementation specified didn't support the features specified.
+ *   4. The impl argument was NULL.
+ *   5. verto_new() was already called.
+ *   6. verto_default() was already called.
+ *   7. verto_new_NAME() was already called.
+ *   8. verto_default_NAME() was already called.
+ *   9. verto_convert_NAME() was already called.
+ *
+ * @see verto_new()
+ * @see verto_default()
+ * @param impl The implementation to use.
+ * @param reqtypes A bitwise or'd list of required event type features.
+ * @return The default verto_ctx, or NULL on error.  Call verto_free() when done.
+ */
+int
+verto_set_default(const char *impl, verto_ev_type reqtypes);
+
+/**
+ * Sets the allocator to use for verto_ctx and verto_ev objects.
+ *
+ * If you plan to set the allocator, you MUST call this function before any
+ * other verto_*() calls.
+ *
+ * @see verto_new()
+ * @see verto_default()
+ * @see verto_add_io()
+ * @see verto_add_timeout()
+ * @see verto_add_idle()
+ * @see verto_add_signal()
+ * @see verto_add_child()
+ * @param resize The allocator to use (behaves like realloc();
+ *        resize(ptr, 0) must free memory at ptr.)
+ * @param hierarchical Zero if the allocator is not hierarchical
+ */
+int
+verto_set_allocator(void *(*resize)(void *mem, size_t size), int hierarchical);
+
+/**
+ * Frees a verto_ctx.
+ *
+ * When called on a default verto_ctx, the reference will be freed but the
+ * internal default loop will still be available via another call to
+ * verto_default().
+ *
+ * @see verto_new()
+ * @see verto_default()
+ * @param ctx The verto_ctx to free.
+ */
+void
+verto_free(verto_ctx *ctx);
+
+/**
+ * Frees global state.
+ *
+ * Remove and free all allocated global state.  Call only when no further
+ * contexts exist and all threads have exited.
+ *
+ * @see verto_new()
+ * @see verto_free()
+ * @see verto_default()
+ */
+void
+verto_cleanup(void);
+
+/**
+ * Run the verto_ctx forever, or at least until verto_break() is called.
+ *
+ * @see verto_break()
+ * @param ctx The verto_ctx to run.
+ */
+void
+verto_run(verto_ctx *ctx);
+
+/**
+ * Run the verto_ctx once. May block.
+ *
+ * @param ctx The verto_ctx to run once.
+ */
+void
+verto_run_once(verto_ctx *ctx);
+
+/**
+ * Exits the currently running verto_ctx.
+ *
+ * @see verto_run()
+ * @param ctx The verto_ctx to exit.
+ */
+void
+verto_break(verto_ctx *ctx);
+
+/**
+ * Re-initializes the verto_ctx.
+ *
+ * This function deletes all events, except those which have set the
+ * VERTO_EV_FLAG_REINITIABLE flag. If you fork(), you MUST call this in the
+ * child process after the fork!
+ *
+ * If this function fails it indicates that at least one
+ * VERTO_EV_FLAG_REINITIABLE event was not rearmed or that ctx was NULL.
+ *
+ * @see verto_new()
+ * @see verto_default()
+ * @param ctx The verto_ctx to re-initialize.
+ * @return Non-zero on success, 0 on error.
+ */
+int
+verto_reinitialize(verto_ctx *ctx);
+
+/**
+ * Adds a callback executed when a file descriptor is ready to be read/written.
+ *
+ * All verto_ev events are automatically freed when their parent verto_ctx is
+ * freed. You do not need to free them manually. If VERTO_EV_FLAG_PERSIST is
+ * provided, the event will repeat until verto_del() is called. If
+ * VERTO_EV_FLAG_PERSIST is not provided, the event will be freed automatically
+ * after its execution. In either case, you may call verto_del() at any time
+ * to prevent the event from executing.
+ * If VERTO_EV_FLAG_IO_CLOSE_FD is provided the passed in fd is automatically
+ * closed when the event is freed with verto_del()
+ *
+ * NOTE: On Windows, the underlying select() only works with sockets. As such,
+ * any attempt to add a non-socket io event on Windows will produce undefined
+ * results and may even crash.
+ *
+ * @see verto_del()
+ * @param ctx The verto_ctx which will fire the callback.
+ * @param flags The flags to set (at least one VERTO_EV_FLAG_IO* required).
+ * @param callback The callback to fire.
+ * @param fd The file descriptor to watch for reads.
+ * @return The verto_ev registered with the event context or NULL on error.
+ */
+verto_ev *
+verto_add_io(verto_ctx *ctx, verto_ev_flag flags,
+             verto_callback *callback, int fd);
+
+/**
+ * Adds a callback executed after a period of time.
+ *
+ * All verto_ev events are automatically freed when their parent verto_ctx is
+ * freed. You do not need to free them manually. If VERTO_EV_FLAG_PERSIST is
+ * provided, the event will repeat until verto_del() is called. If
+ * VERTO_EV_FLAG_PERSIST is not provided, the event will be freed automatically
+ * after its execution. In either case, you may call verto_del() at any time
+ * to prevent the event from executing.
+ *
+ * @see verto_del()
+ * @param ctx The verto_ctx which will fire the callback.
+ * @param flags The flags to set.
+ * @param callback The callback to fire.
+ * @param interval Time period to wait before firing (in milliseconds).
+ * @return The verto_ev registered with the event context.
+ */
+verto_ev *
+verto_add_timeout(verto_ctx *ctx, verto_ev_flag flags,
+                  verto_callback *callback, time_t interval);
+
+/**
+ * Adds a callback executed when there is nothing else to do.
+ *
+ * All verto_ev events are automatically freed when their parent verto_ctx is
+ * freed. You do not need to free them manually. If VERTO_EV_FLAG_PERSIST is
+ * provided, the event will repeat until verto_del() is called. If
+ * VERTO_EV_FLAG_PERSIST is not provided, the event will be freed automatically
+ * after its execution. In either case, you may call verto_del() at any time
+ * to prevent the event from executing.
+ *
+ * @see verto_del()
+ * @param ctx The verto_ctx which will fire the callback.
+ * @param flags The flags to set.
+ * @param callback The callback to fire.
+ * @return The verto_ev registered with the event context.
+ */
+verto_ev *
+verto_add_idle(verto_ctx *ctx, verto_ev_flag flags,
+               verto_callback *callback);
+
+/**
+ * Adds a callback executed when a signal is received.
+ *
+ * All verto_ev events are automatically freed when their parent verto_ctx is
+ * freed. You do not need to free them manually. If VERTO_EV_FLAG_PERSIST is
+ * provided, the event will repeat until verto_del() is called. If
+ * VERTO_EV_FLAG_PERSIST is not provided, the event will be freed automatically
+ * after its execution. In either case, you may call verto_del() at any time
+ * to prevent the event from executing.
+ *
+ * NOTE: If you attempt to ignore a signal without the VERTO_EV_FLAG_PERSIST
+ * flag, this function fails.
+ *
+ * NOTE: SIGCHLD is expressly not supported. If you want this notification,
+ * please use verto_add_child().
+ *
+ * WARNNIG: Signal events can only be reliably received in the default verto_ctx
+ * in some implementations.  Attempting to receive signal events in non-default
+ * loops may result in assert() failures.
+ *
+ * WARNING: While verto does its best to protect you from crashes, there is
+ * essentially no way to do signal events if you mix multiple implementations in
+ * a single process. Attempting to do so will result in undefined behavior,
+ * and potentially even a crash. You have been warned.
+ *
+ * @see verto_add_child()
+ * @see verto_repeat()
+ * @see verto_del()
+ * @param ctx The verto_ctx which will fire the callback.
+ * @param flags The flags to set.
+ * @param callback The callback to fire.
+ * @param signal The signal to watch for.
+ * @return The verto_ev registered with the event context.
+ */
+verto_ev *
+verto_add_signal(verto_ctx *ctx, verto_ev_flag flags,
+                 verto_callback *callback, int signal);
+
+/**
+ * Adds a callback executed when a child process exits.
+ *
+ * This event will be freed automatically after its execution. Due to the
+ * nature of a process' life-cycle, child events cannot persist (processes only
+ * exit once). This function returns NULL if you attempt to use
+ * VERTO_EV_FLAG_PERSIST. You may, of course, call verto_del() at any time to
+ * prevent the callback from firing.
+ *
+ * @see verto_del()
+ * @param ctx The verto_ctx which will fire the callback.
+ * @param flags The flags to set.
+ * @param callback The callback to fire.
+ * @param child The pid (POSIX) or handle (Win32) of the child to watch for.
+ * @return The verto_ev registered with the event context.
+ */
+verto_ev *
+verto_add_child(verto_ctx *ctx, verto_ev_flag flags,
+                verto_callback *callback, verto_proc proc);
+
+/**
+ * Sets the private pointer of the verto_ev.
+ *
+ * The free callback will be called in two cases:
+ *   1. When the event is deleted (manually or automatically)
+ *   2. When verto_set_private() is called again, unless
+ *      free is NULL.
+ *
+ * @see verto_get_private()
+ * @param ev The verto_ev
+ * @param priv The private value to store
+ * @param free The callback used to free the data or NULL
+ */
+void
+verto_set_private(verto_ev *ev, void *priv, verto_callback *free);
+
+/**
+ * Gets the private pointer of the verto_ev.
+ *
+ * @see verto_set_private()
+ * @param ev The verto_ev
+ * @return The verto_ev private pointer
+ */
+void *
+verto_get_private(const verto_ev *ev);
+
+/**
+ * Gets the type of the verto_ev.
+ *
+ * @see verto_add_io()
+ * @see verto_add_timeout()
+ * @see verto_add_idle()
+ * @see verto_add_signal()
+ * @see verto_add_child()
+ * @param ev The verto_ev
+ * @return The verto_ev type
+ */
+verto_ev_type
+verto_get_type(const verto_ev *ev);
+
+/**
+ * Gets the flags associated with the given verto_ev.
+ *
+ * @see verto_add_io()
+ * @see verto_add_timeout()
+ * @see verto_add_idle()
+ * @see verto_add_signal()
+ * @see verto_add_child()
+ * @see verto_set_flags()
+ * @param ev The verto_ev
+ * @return The verto_ev type
+ */
+verto_ev_flag
+verto_get_flags(const verto_ev *ev);
+
+/**
+ * Sets the flags associated with the given verto_ev.
+ *
+ * See _VERTO_EV_FLAG_MUTABLE_MASK for the flags that can be changed
+ * with this function. All others will be ignored. If the flags specified
+ * are the same as the flags the event already has, this function is a no-op.
+ *
+ * @see verto_add_io()
+ * @see verto_add_timeout()
+ * @see verto_add_idle()
+ * @see verto_add_signal()
+ * @see verto_add_child()
+ * @see verto_get_flags()
+ * @param ev The verto_ev
+ * @param flags The flags for the event
+ */
+void
+verto_set_flags(verto_ev *ev, verto_ev_flag flags);
+
+/**
+ * Gets the file descriptor associated with a read/write verto_ev.
+ *
+ * @see verto_add_io()
+ * @param ev The verto_ev to retrieve the file descriptor from.
+ * @return The file descriptor, or -1 if not a read/write event.
+ */
+int
+verto_get_fd(const verto_ev *ev);
+
+/**
+ * Gets the file descriptor state from when the event fires.
+ *
+ * @see verto_add_io()
+ * @param ev The verto_ev to retrieve the fd state from.
+ * @return The fd state.
+ */
+verto_ev_flag
+verto_get_fd_state(const verto_ev *ev);
+
+/**
+ * Gets the interval associated with a timeout verto_ev.
+ *
+ * @see verto_add_timeout()
+ * @param ev The verto_ev to retrieve the interval from.
+ * @return The interval, or 0 if not a timeout event.
+ */
+time_t
+verto_get_interval(const verto_ev *ev);
+
+/**
+ * Gets the signal associated with a signal verto_ev.
+ *
+ * @see verto_add_signal()
+ * @param ev The verto_ev to retrieve the signal from.
+ * @return The signal, or -1 if not a signal event.
+ */
+int
+verto_get_signal(const verto_ev *ev);
+
+/**
+ * Gets the process associated with a child verto_ev.
+ *
+ * @see verto_add_child()
+ * @param ev The verto_ev to retrieve the process from.
+ * @return The pid/handle, or 0/NULL if not a child event (POSIX/Win32).
+ */
+verto_proc
+verto_get_proc(const verto_ev *ev);
+
+/**
+ * Gets the status of the process which caused this event to fire.
+ *
+ * @see verto_add_child()
+ * @param ev The verto_ev to retrieve the status from.
+ * @return The pid/handle status.
+ */
+verto_proc_status
+verto_get_proc_status(const verto_ev *ev);
+
+/**
+ * Gets the verto_ctx associated with a verto_ev.
+ *
+ * This is a borrowed reference, don't attempt to free it!
+ *
+ * @param ev The verto_ev to retrieve the verto_ctx from.
+ * @return The verto_ctx.
+ */
+verto_ctx *
+verto_get_ctx(const verto_ev *ev);
+
+/**
+ * Removes an event from from the event context and frees it.
+ *
+ * The event and its contents cannot be used after this call.
+ *
+ * @see verto_add_io()
+ * @see verto_add_timeout()
+ * @see verto_add_idle()
+ * @see verto_add_signal()
+ * @see verto_add_child()
+ * @param ev The event to delete.
+ */
+void
+verto_del(verto_ev *ev);
+
+/**
+ * Returns the event types supported by this implementation.
+ *
+ * @param ctx The verto_ctx to query.
+ * @return The event types supported.
+ */
+verto_ev_type
+verto_get_supported_types(verto_ctx *ctx);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif /* __cplusplus */
+#endif /* VERTO_H_ */
diff --git a/krb5-1.21.3/src/util/windows/Makefile.in b/krb5-1.21.3/src/util/windows/Makefile.in
new file mode 100644
index 00000000..3dfcde23
--- /dev/null
+++ b/krb5-1.21.3/src/util/windows/Makefile.in
@@ -0,0 +1,12 @@
+BUILDTOP = ..\..
+
+all-windows: $(OUTPRE)libecho.exe
+
+$(OUTPRE)libecho.exe: $(OUTPRE)libecho.obj
+	link -out:$@ $**
+	$(_VC_MANIFEST_EMBED_EXE)
+	
+install-windows:
+
+clean-windows::
+	$(RM) $(OUTPRE)*.res $(OUTPRE)*.map $(OUTPRE)*.obj $(OUTPRE)*.exe $(OUTPRE)*.manifest
diff --git a/krb5-1.21.3/src/util/windows/libecho.c b/krb5-1.21.3/src/util/windows/libecho.c
new file mode 100644
index 00000000..f4246249
--- /dev/null
+++ b/krb5-1.21.3/src/util/windows/libecho.c
@@ -0,0 +1,77 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * libecho.c
+ *
+ * For each argument on the command line, echo it.  Should expand
+ * DOS wildcards correctly.
+ *
+ * Syntax: libecho [-p prefix] list...
+ */
+#include <stdio.h>
+#include <io.h>
+#include <string.h>
+
+void echo_files(char *, char *);
+
+int
+main(int argc, char *argv[])
+{
+    int i;
+    char *prefix;
+
+    prefix = "";
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage:  libecho [-p prefix] list...\n");
+        return 1;
+    }
+
+    for (i = 1 ; i < argc ; i++)
+        if (!stricmp(argv[i], "-p"))
+            prefix = argv[++i];
+        else
+            echo_files(prefix, argv[i]);
+
+    return 0;
+}
+
+void
+echo_files(char *prefix, char *f)
+{
+    intptr_t ff;
+    struct _finddata_t fdt;
+    char *slash;
+    char filepath[256];
+
+    /*
+     * We're unix based quite a bit here.  Look for normal slashes and
+     * make them reverse slashes.
+     */
+    while((slash = strrchr(f, '/')) != NULL)
+        *slash = '\\';
+
+    strcpy(filepath, f);
+
+    slash = strrchr(filepath, '\\');
+
+    if (slash) {
+        slash++;
+        *slash = 0;
+    } else {
+        filepath[0] = '\0';
+    }
+
+    ff = _findfirst(f, &fdt);
+
+    if (ff < 0)
+        return;
+
+    printf("%s%s%s\n", prefix, filepath, fdt.name);
+
+    for (;;) {
+        if (_findnext(ff, &fdt) < 0)
+            break;
+        printf("%s%s%s\n", prefix, filepath, fdt.name);
+    }
+    _findclose(ff);
+}
diff --git a/krb5-1.21.3/src/util/wsgiref-kdcproxy.py b/krb5-1.21.3/src/util/wsgiref-kdcproxy.py
new file mode 100755
index 00000000..58759696
--- /dev/null
+++ b/krb5-1.21.3/src/util/wsgiref-kdcproxy.py
@@ -0,0 +1,19 @@
+import kdcproxy
+import os
+import ssl
+import sys
+from wsgiref.simple_server import make_server
+
+if len(sys.argv) > 1:
+    port = int(sys.argv[1])
+else:
+    port = 8443
+if len(sys.argv) > 2:
+    pem = sys.argv[2]
+else:
+    pem = '*'
+
+server = make_server('localhost', port, kdcproxy.Application())
+server.socket = ssl.wrap_socket(server.socket, certfile=pem, server_side=True)
+os.write(sys.stdout.fileno(), b'proxy server ready\n')
+server.serve_forever()
diff --git a/krb5-1.21.3/src/wconfig.c b/krb5-1.21.3/src/wconfig.c
new file mode 100644
index 00000000..63de4e3d
--- /dev/null
+++ b/krb5-1.21.3/src/wconfig.c
@@ -0,0 +1,231 @@
+/* wconfig.c */
+/*
+ * Copyright 1995,1996,1997,1998 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Program to take the place of the configure shell script under DOS.
+ * The makefile.in files are constructed in such a way that all this
+ * program needs to do is uncomment lines beginning ##DOS by removing the
+ * first 5 characters of the line.  This will allow lines like:
+ * ##DOS!include win-pre.in to become: !include win-pre.in
+ *
+ * We also turn any line beginning with '@' into a blank line.
+ *
+ * If a config directory is specified, then the output will be start with
+ * config\pre.in, then the filtered stdin text, and will end with
+ * config\post.in.
+ *
+ * Syntax: wconfig [options] [config_directory] <input_file >output_file
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+static int copy_file (char *path, char *fname);
+void add_ignore_list(char *str);
+
+int mit_specific = 0;
+
+char *win16_flag = "WIN16##";
+char *win32_flag = "WIN32##";
+
+
+int main(int argc, char *argv[])
+{
+	char *ignore_str = "--ignore=";
+	int ignore_len;
+	char *cp, *tmp;
+	char *win_flag;
+	char wflags[1024];
+	size_t wlen, alen;
+
+#ifdef _WIN32
+	win_flag = win32_flag;
+#else
+	win_flag = "UNIX##";
+#endif
+
+	wlen = 0;
+
+	ignore_len = strlen(ignore_str);
+	argc--; argv++;
+	while (*argv && *argv[0] == '-') {
+		alen = strlen(*argv);
+		if (wlen + 1 + alen > sizeof (wflags) - 1) {
+			fprintf (stderr,
+				 "wconfig: argument list too long (internal limit %lu)",
+				 (unsigned long) sizeof (wflags));
+			exit (1);
+		}
+		if (wlen > 0)
+			wflags[wlen++] = ' ';
+		memcpy(&wflags[wlen], *argv, alen);
+		wlen += alen;
+
+		if (!strcmp(*argv, "--mit")) {
+			mit_specific = 1;
+			argc--; argv++;
+			continue;
+		}
+		if (!strcmp(*argv, "--win16")) {
+			win_flag = win16_flag;
+			argc--; argv++;
+			continue;
+		}
+		if (!strcmp(*argv, "--win32")) {
+			win_flag = win32_flag;
+			argc--; argv++;
+			continue;
+		}
+		if (!strncmp(*argv, "--enable-", 9)) {
+			tmp = malloc(alen - ignore_len + 3);
+			if (!tmp) {
+				fprintf(stderr,
+					"wconfig: malloc failed!\n");
+				exit(1);
+			}
+			memcpy(tmp, *argv + ignore_len, alen - ignore_len);
+			memcpy(tmp + alen - ignore_len, "##", 3);
+			for (cp = tmp; *cp; cp++) {
+				if (islower(*cp))
+					*cp = toupper(*cp);
+			}
+			add_ignore_list(tmp);
+			argc--; argv++;
+			continue;
+		}
+		if (!strncmp(*argv, ignore_str, ignore_len)) {
+			add_ignore_list((*argv)+ignore_len);
+			argc--; argv++;
+			continue;
+		}
+		fprintf(stderr, "Invalid option: %s\n", *argv);
+		exit(1);
+	}
+	wflags[wlen] = '\0';
+
+	if (win_flag)
+		add_ignore_list(win_flag);
+
+	if (mit_specific)
+		add_ignore_list("MIT##");
+
+	if (wflags[0] && (argc > 0))
+		printf("WCONFIG_FLAGS=%s\n", wflags);
+
+	if (argc > 0)
+		copy_file (*argv, "win-pre.in");
+
+	copy_file("", "-");
+
+	if (argc > 0)
+		copy_file (*argv, "win-post.in");
+
+	return 0;
+}
+
+char *ignore_list[64] = {
+	"DOS##",
+	"DOS",
+	};
+
+/*
+ * Add a new item to the ignore list
+ */
+void add_ignore_list(char *str)
+{
+	char **cpp;
+
+	for (cpp = ignore_list; *cpp; cpp++)
+		;
+	*cpp = str;
+}
+
+
+/*
+ *
+ * Copy_file
+ *
+ * Copies file 'path\fname' to stdout.
+ *
+ */
+static int
+copy_file (char *path, char *fname)
+{
+    FILE *fin;
+    char buf[1024];
+    char **cpp, *ptr;
+    size_t len, plen, flen;
+
+    if (strcmp(fname, "-") == 0) {
+	    fin = stdin;
+    } else {
+	    plen = strlen(path);
+	    flen = strlen(fname);
+	    if (plen + 1 + flen > sizeof(buf) - 1) {
+		    fprintf(stderr, "Name %s or %s too long", path, fname);
+		    return 1;
+	    }
+	    memcpy(buf, path, plen);
+#ifdef _WIN32
+	    buf[plen] = '\\';
+#else
+	    buf[plen] = '/';
+#endif
+	    memcpy(buf + plen + 1, fname, flen);
+	    buf[plen + 1 + flen] = '\0';
+	    fin = fopen (buf, "r");                     /* File to read */
+	    if (fin == NULL) {
+		    fprintf(stderr, "wconfig: Can't open file %s\n", buf);
+		    return 1;
+	    }
+    }
+
+
+    while (fgets (buf, sizeof(buf), fin) != NULL) { /* Copy file over */
+	    if (buf[0] == '@') {
+		    fputs("\n", stdout);
+		    continue;
+	    }
+	    if (buf[0] != '#' || buf[1] != '#') {
+		    fputs(buf, stdout);
+		    continue;
+	    }
+	    ptr = buf;
+	    for (cpp = ignore_list; *cpp; cpp++) {
+		    len = strlen(*cpp);
+		    if (memcmp (*cpp, buf+2, len) == 0) {
+			    ptr += 2+len;
+			    break;
+		    }
+	    }
+	    fputs(ptr, stdout);
+    }
+
+    fclose (fin);
+
+    return 0;
+}
diff --git a/krb5-1.21.3/src/windows/Makefile.in b/krb5-1.21.3/src/windows/Makefile.in
new file mode 100644
index 00000000..bfc27b6d
--- /dev/null
+++ b/krb5-1.21.3/src/windows/Makefile.in
@@ -0,0 +1,6 @@
+BUILDTOP=..
+NO_OUTPRE=1
+!ifndef NO_LEASH
+LEASH=leash
+!endif
+SUBDIRS= lib leashdll $(LEASH) ms2mit kfwlogon
diff --git a/krb5-1.21.3/src/windows/README b/krb5-1.21.3/src/windows/README
new file mode 100644
index 00000000..2d57f0dd
--- /dev/null
+++ b/krb5-1.21.3/src/windows/README
@@ -0,0 +1,321 @@
+	       Building & Running Kerberos 5 on Windows
+	       ----------------------------------------
+
+This file documents how to build MIT Kerberos for Windows.
+The MIT Kerberos for Windows distribution contains additional components
+not present in the Unix krb5 distribution, most notably the
+MIT Kerberos Ticket Manager application.
+
+To build Kerberos 5 on Windows, you will need the following:
+
+* A version of Visual Studio (at least 2013) which includes the
+  Microsoft Foundation Classes libraries.  These instructions will
+  work for Visual Studio 2017 Community or Professional, both of which
+  include the MFC libraries if the "Visual C++ MFC" checkbox is
+  selected after enabling the "Desktop development with C++" workload.
+  If you do not plan to build the graphical ticket manager
+  application, the MFC libraries are not required.
+
+* A version of Perl.
+
+* Some common Unix utilities such as sed/awk/cp/cat installed in the
+  command-line path.
+
+* To build an MSI installer, the Windows Installer XML (WiX) toolkit,
+  and to ensure that the HTML Help Compiler (hhc.exe) and the WiX
+  tools are in your command-line path.  WiX version 3.11.1 is verified
+  to work with this codebase.
+
+A simple way to get the necessary Unix utilities is to install Git
+BASH from https://gitforwindows.org and configure it to add the Unix
+utilities to the command-line path.  In some versions of Windows (not
+the most current versions), the Unix utilities can alternatively be
+obtained via the Utilities and SDK for UNIX-based Applications, which
+may be enabled as a Windows feature and then the components installed.
+Note that the Windows nmake will not find the SUA awk utility in the
+path unless it is named awk.exe; the permissions on the utility may
+need correcting if awk.exe is created as a copy of the original awk.
+
+Git BASH contains a version of Perl, which will work to build krb5 if
+the newlines in the source tree are not translated to native newlines.
+Strawberry Perl will work regardless of whether newlines are
+translated.  If both Git BASH and Strawberry Perl are installed, you
+may need to adjust the command line path to ensure that the preferred
+Perl appears first.
+
+The krb5 source tree may be obtained either directly on the Windows
+machine with a native git client cloning the krb5 public mirror at
+https://github.com/krb5/krb5.git or on a separate (Unix) machine and
+copied over, such as from a VM host onto a Windows VM.  If you are
+checking out the sources with git and are using the Git BASH Perl,
+make sure to set git's core.autocrlf variable to "input" or "false" to
+avoid translating newlines.
+
+After Visual Studio is installed, you should be able to invoke 32-bit
+and 64-bit command prompts via the start menu (Visual Studio 2017 ->
+x86 Native Tools Command Prompt and x64 Native Tools Command Prompt).
+At the current time, Kerberos 5 can only be built for the x64 target
+if the host platform is also 64-bit, because it compiles and runs
+programs during the build.
+
+IMPORTANT NOTE: By default, the sources are built with debug
+information and linked against the debug version of the Microsoft C
+Runtime library, which is not found on most Windows systems unless
+they have development tools, and requires a separate license to
+distribute.  To build a release version, you need to define NODEBUG
+either in the environment or the nmake command-line.  Debug
+information in the compiled binaries and libraries may be retained by
+defining DEBUG_SYMBOL in the environment or on the nmake command line.
+
+
+Building the code and installer:
+-------------------------------
+
+First, make sure you have sed, (g)awk, cat, and cp.
+You must also define KRB_INSTALL_DIR either in the environment or
+on the command line (for nmake install).  If you are proceeding to build
+the MSI installer, this directory should be a temporary staging area in or
+near your build tree.  The directory must exist before nmake install
+is run.  The 64-bit installer provides 32-bit libraries, so a 32-bit build
+and install must be performed before the 64-bit build.
+
+To skip building the graphical ticket manager, run "set NO_LEASH=1"
+before building, and do not build the installers.
+
+In a 32-bit command shell:
+
+ 1) set KRB_INSTALL_DIR=\path\to\dir    # Where bin/include/lib lives
+ 2) cd xxx\src                          # Go to where source lives
+ 3) nmake -f Makefile.in prep-windows   # Create Makefile for Windows
+ 4) nmake [NODEBUG=1]                   # Build the sources
+ 5) nmake install [NODEBUG=1]           # Copy headers, libs, executables
+ 6) cd windows\installer\wix            # Go to where the installer source is
+ 7) nmake [NODEBUG=1]                   # Build the installer
+ 8) rename kfw.msi kfw32.msi            # Save the 32-bit installer
+
+In a 64-bit command shell:
+
+ 9) set PATH=%PATH%;"%WindowsSdkVerBinPath%"\x86  # To get uicc.exe
+10) set KRB_INSTALL_DIR=\path\to\dir    # Where bin/include/lib lives
+11) cd xxx\src                          # Go to where source lives
+12) nmake clean                         # Clean up the 32-bit objects
+13) nmake [NODEBUG=1]                   # Build the sources for 64-bit
+14) nmake install [NODEBUG=1]           # Copy 64-bit lib/executables
+15) cd windows\installer\wix            # Back to the installer source
+16) nmake clean                         # Remove 32-bit leavings
+17) nmake [NODEBUG=1]                   # Build the 64-bit installer
+18) rename kfw.msi kfw64.msi            # And name it usefully
+
+Step 9 may be skipped if uicc is already in the command-line path (try
+running "uicc" to see if you get a usage message or a not-found
+error), or if you are not building the graphical ticket manager.
+
+Visual Studio 2013 and 2015 provide only a single command prompt.
+Within this prompt, use "vcvarsall.bat x86" and "vcvarsall.bat amd64"
+to switch to 32-bit and 64-bit mode.
+
+
+Running Kerberos 5 Apps:
+-----------------------
+
+Make sure you have a valid krb5.ini file.
+By default, an empty krb5.ini is installed in CSIDL_COMMON_APPDATA
+(that is, %SystemDrive%\ProgramData\MIT\Kerberos5\ on newer-than-XP).
+(ProgramData is a hidden folder.)  You may need to customize it with
+settings for your site, but since DNS lookups are enabled for locating
+KDCs, many sites will not need further customization.  The file format is
+identical to that of a Unix krb5.conf file.
+
+
+krb5.ini File:
+-------------
+
+WARNING: Despite its name, this is not a Windows .ini file.
+Therefore, do not try to use any .ini tools, including the Windows API
+or any installer tools to manipulate this file.  Its format is subtly
+different from Windows .ini files!
+
+
+Controlling the Kerberos 5 Run-Time Environment:
+-----------------------------------------------
+
+The Kerberos 5 configuration file and credentials cache can be
+controlled with environment variables and registry settings.  The
+environment variable for a particular setting always takes precedence.
+Next in precedence comes the setting in the registry under
+HKEY_CURRENT_USER\Software\MIT\Kerberos5.  Then comes the registry
+setting under HKEY_LOCAL_MACHINE\Software\MIT\Kerberos5.  If none of
+those are found, a default value is used.
+
+Configuration File:
+- Environment: KRB5_CONFIG
+- Registry Value: config
+- Default: looks in the user's AppData directory, the machine's ProgramData
+  directory, krb5_32.dll's dir and Windows directory
+
+Default Credentials Cache:
+- Environment: KRB5CCNAME
+- Registry Value: ccname
+- Default: API:
+
+
+Credentials Cache:
+-----------------
+
+In addition to standard FILE: (disk file) and MEMORY: (in-process
+non-shared memory) Windows supports the API: cache type, which is a
+shared memory cache.  Kerberos for Windows also has access to an
+MSLSA: cache type, which directly accesses the Microsoft Kerberos
+Logon Session credentials cache.  The MSLSA: cache is available when the
+user logon is performed using Kerberos either to an Active Directory Domain
+or a non-Microsoft KDC; the ms2mit and mit2ms utilities can also be used
+to interact with it, though there are some limitations.
+
+A user is able to logon to Windows using the Kerberos LSA if the machine
+is part of a Windows Active Directory domain or if the machine has been
+configured to authenticate to a non-Microsoft KDC such as MIT.
+The instructions for configuring a Windows 2000 XP workstation to
+authenticate to a non-Microsoft KDC are documented in TechNet somewhere.
+In brief:
+
+  1. Install the Windows support tools in order to obtain KSETUP.EXE
+     and KTPASS.EXE.
+  2. Install the Windows Resource Kit to obtain KERBTRAY.EXE and KLIST.EXE
+  3. Add Realms and associated KDCs with: *KSETUP /AddKdc <realm>
+     [<kdcname>]*.  If you leave off the <kdcname> DNS SRV records will
+     be used.
+  4. Specify the password change service host for the realm with:
+     *KSETUP /AddKpasswd <realm> <Kpwdhost>*
+  5. Assign the realm of the local machine with: *KSETUP /SetRealm
+     <realm>* where realm must be all upper case.
+  6. Assign the local machine's password with: *KSETUP
+     /SetComputerPassword <Password>
+     *
+  7. Specify the capabilities of the Realm KDC with: *KSETUP
+     /SetRealmFlags <realm> <flag> [<flag> ...]* where flags may be
+     *None, SendAddress, TcpSupported, Delegate, *and *NcSupported*,
+  8. Map principal names to local accounts with: *KSETUP /MapUser
+     <principal> <account>*
+
+On the MIT KDC, you must then create service principals using the "Password"
+assigned to the machine.  So far the minimum list of principals required appear
+to be for a machine named "mymachine" in the realm "EXAMPLE.COM" with a
+domain name of "example.com":
+
+   * host/mymachine@EXAMPLE.COM
+   * host/mymachine.example.com@EXAMPLE.COM
+   * cifs/mymachine@EXAMPLE.COM
+   * cifs/mymachine.example.com@EXAMPLE.COM
+
+There may very well be other services for which principals must be created depending
+on what services are being executed on the machine.
+
+It is very important to note that while you can successfully log into a Windows
+workstation by authenticating to the KDC without creating a host key; the logon
+session you receive will not be a Kerberos Logon Session.  There will be no Kerberos
+principal and no LSA cache to access.
+
+The result of a real KSETUP configuration looks like this:
+
+   [C:\4\4NT]ksetup
+   default realm = KRB5.COLUMBIA.EDU (external)
+   ATHENA.MIT.EDU:
+           kdc = kerberos.mit.edu
+           kdc = kerberos-1.mit.edu
+           kdc = kerberos-2.mit.edu
+           kdc = kerberos-3.mit.edu
+           Realm Flags = 0x0 none
+   CC.COLUMBIA.EDU:
+           kdc = kerberos.cc.columbia.edu
+           Realm Flags = 0x0 none
+   GRAND.CENTRAL.ORG:
+           kdc = penn.central.org
+           kdc = grand-opening.mit.edu
+           Realm Flags = 0x0 none
+   KRB5.COLUMBIA.EDU:
+           kdc = yclept.kermit.columbia.edu
+           Realm Flags = 0x0 none
+   OPENAFS.ORG:
+           kdc = virtue.openafs.org
+           Realm Flags = 0x0 none
+   Mapping jaltman@KRB5.COLUMBIA.EDU to jaltman.
+   Mapping jaltman@CC.COLUMBIA.EDU to jaltman.
+   Mapping jaltman@ATHENA.MIT.EDU to jaltman.
+   Mapping all users (*) to a local account by the same name (*).
+
+The MSLSA: credential cache relies on the ability to extract the entire
+Kerberos ticket including the session key from the Kerberos LSA.  In an
+attempt to increase security Microsoft has begun to implement a feature
+by which they no longer export the session keys for Ticket Getting Tickets.
+This has the side effect of making them useless to the MIT krb5 library
+when attempting to request additional service tickets.
+
+This new feature has been seen in Windows 2003 Server, Windows 2000 Server SP4,
+and Windows XP SP2.  We assume that it will be implemented in all future
+Microsoft operating systems supporting the Kerberos SSPI.  Microsoft does work
+closely with MIT and has provided a registry key to disable this new feature.
+On server platforms the key is specified as:
+
+  HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
+    AllowTGTSessionKey = 0x01 (DWORD)
+
+On workstation platforms the key is specified as:
+
+  HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
+    AllowTGTSessionKey = 0x01 (DWORD)
+
+The Kerberos for Windows installer automatically sets this key on installation
+and unsets it on uninstall, allowing the MSLSA: cache type to be used.
+
+It has been noted that the Microsoft Kerberos LSA does not provide enough
+information within its KERB_EXTERNAL_TICKET structure to properly construct
+the Client Principal simply by examining a single ticket. From the MSDN
+Library:
+
+  ClientName
+    KERB_EXTERNAL_NAME structure that contains the client name in the ticket.
+    This name is relative to the current domain.
+
+  DomainName
+    UNICODE_STRING that contains the name of the domain that corresponds to
+    the ServiceName member. This is the domain that issued the ticket.
+
+  TargetDomainName
+    UNICODE_STRING that contains the name of the domain in which the ticket is
+    valid. For an interdomain ticket, this is the destination domain.
+
+  AltTargetDomainName
+    UNICODE_STRING that contains a synonym for the destination domain. Every
+    domain has two names: a DNS name and a NetBIOS name. If the name returned
+    in the ticket is different from the name used to request the ticket (the
+    Kerberos Key Distribution Center (KDC) may do name mapping), this string
+    contains the original name.
+
+Unfortunately, there is no field here which contains the domain of the client.
+In order for the krb5_ccache to properly report the client principal name, the
+client principal name is constructed by utilizing the ClientName and DomainName
+fields of the Initial TGT associated with the Kerberos LSA credential cache.
+To disable the use of the TGT info and instead simply use the "DomainName" field
+of the current ticket define one of the following registry keys depending on
+whether the change should be system global or just for the current user.
+
+   HKLM\Software\MIT\Kerberos5\
+      PreserveInitialTicketIdentity = 0x0 (DWORD)
+
+   HKCU\Software\MIT\Kerberos5\
+      PreserveInitialTicketIdentity = 0x0 (DWORD)
+
+GSSAPI Sample Client:
+---------------------
+
+The GSS API Sample Client provided in this distribution is compatible with the
+gss-server application built on Unix/Linux systems.  This client is not compatible
+with the Platform SDK/Samples/Security/SSPI/GSS/ samples which Microsoft has been
+shipping as of January 2004.  Revised versions of these samples are available upon
+request to krbdev@mit.edu.
+
+More Information:
+----------------
+
+For more information, please read the Kerberos 5 documentation in
+the doc directory of the distribution.
diff --git a/krb5-1.21.3/src/windows/include/leasherr.h b/krb5-1.21.3/src/windows/include/leasherr.h
new file mode 100644
index 00000000..834765fb
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/leasherr.h
@@ -0,0 +1,32 @@
+/*
+ * leasherr.h
+ * This file is the #include file for leasherr.et.
+ * Please do not edit it as it is automatically generated.
+ */
+
+#define LSH_ONLYONEME                            (40591872L)
+#define LSH_INVPRINCIPAL                         (40591873L)
+#define LSH_FAILEDREALM                          (40591874L)
+#define LSH_INVINSTANCE                          (40591875L)
+#define LSH_INVREALM                             (40591876L)
+#define LSH_EOF                                  (40591877L)
+#define LSH_EXPIRESOON                           (40591878L)
+#define LSH_NOMATCH                              (40591879L)
+#define LSH_BADCHARS                             (40591880L)
+#define LSH_FATAL_ERROR                          (40591881L)
+#define LSH_BADWINSOCK                           (40591882L)
+#define LSH_BADTIMESERV                          (40591883L)
+#define LSH_NOSOCKET                             (40591884L)
+#define LSH_NOCONNECT                            (40591885L)
+#define LSH_TIMEFAILED                           (40591886L)
+#define LSH_GETTIMEOFDAY                         (40591887L)
+#define LSH_SETTIMEOFDAY                         (40591888L)
+#define LSH_RECVTIME                             (40591889L)
+#define LSH_RECVBYTES                            (40591890L)
+#define LSH_ALREADY_SETTIME                      (40591891L)
+extern void initialize_lsh_error_table(struct et_list **);
+#define ERROR_TABLE_BASE_lsh (40591872L)
+
+/* for compatibility with older versions... */
+#define init_lsh_err_tbl() initialize_lsh_error_table(&_et_list)
+#define lsh_err_base ERROR_TABLE_BASE_lsh
diff --git a/krb5-1.21.3/src/windows/include/leashinfo.h b/krb5-1.21.3/src/windows/include/leashinfo.h
new file mode 100644
index 00000000..7365aa1b
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/leashinfo.h
@@ -0,0 +1,2 @@
+#define LSH_TIME_HOST 1970
+#define LSH_DEFAULT_TICKET_LIFE 1971
diff --git a/krb5-1.21.3/src/windows/include/leashwin.h b/krb5-1.21.3/src/windows/include/leashwin.h
new file mode 100644
index 00000000..08b9c7d6
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/leashwin.h
@@ -0,0 +1,212 @@
+#ifndef __LEASHWIN__
+#define __LEASHWIN__
+
+////Is this sufficient?
+#include <krb5.h>
+#define ANAME_SZ	        40
+#define	REALM_SZ	        40
+#define	SNAME_SZ	        40
+#define	INST_SZ		        40
+/* include space for '.' and '@' */
+#define	MAX_K_NAME_SZ	    (ANAME_SZ + INST_SZ + REALM_SZ + 2)
+
+#define DLGTYPE_PASSWD   0
+#define DLGTYPE_CHPASSWD 1
+#define DLGTYPE_MASK 0x0000ffff
+#define DLGFLAG_READONLYPRINC 0x10000
+typedef struct {
+    int dlgtype;
+    // Tells whether dialog box is in change pwd more or init ticket mode???
+    // (verify this):
+    int dlgstatemax; // What is this???
+    // The title on the Dialog box - for Renewing or Initializing:
+    LPSTR title;
+    LPSTR principal;
+} LSH_DLGINFO, FAR *LPLSH_DLGINFO;
+
+#define LEASH_USERNAME_SZ        64
+#define LEASH_REALM_SZ          192
+#define LEASH_TITLE_SZ          128
+#define LEASH_CCACHE_NAME_SZ 	264
+
+typedef struct {
+    DWORD size;
+    int dlgtype;
+    // Tells whether dialog box is in change pwd mode or init ticket mode
+    LPSTR title;		// in v3, set to in.title
+    LPSTR username;		// in v3, set to in.username
+    LPSTR realm;		// in v3, set to in.realm
+    int   use_defaults;
+    int   forwardable;
+    int   noaddresses;
+    int   lifetime;
+    int   renew_till;
+    int   proxiable;
+    int   publicip;
+    // Version 1 of this structure ends here
+    struct {
+        char username[LEASH_USERNAME_SZ];
+        char realm[LEASH_REALM_SZ];
+	// Version 2 of this structure ends here
+	char ccache[LEASH_CCACHE_NAME_SZ];
+    } out;
+    struct {
+	char title[LEASH_TITLE_SZ];
+	char username[LEASH_USERNAME_SZ];
+	char realm[LEASH_REALM_SZ];
+	char ccache[LEASH_CCACHE_NAME_SZ];
+    } in;
+} LSH_DLGINFO_EX, *LPLSH_DLGINFO_EX;
+
+#define LSH_DLGINFO_EX_V1_SZ (sizeof(DWORD) + 3 * sizeof(LPSTR) + 8 * sizeof(int))
+#define LSH_DLGINFO_EX_V2_SZ (LSH_DLGINFO_EX_V1_SZ + LEASH_USERNAME_SZ + LEASH_REALM_SZ)
+#define LSH_DLGINFO_EX_V3_SZ (LSH_DLGINFO_EX_V2_SZ + LEASH_TITLE_SZ + LEASH_USERNAME_SZ + LEASH_REALM_SZ + 2 * LEASH_CCACHE_NAME_SZ)
+
+#ifndef NETIDMGR
+#define NETID_USERNAME_SZ       128
+#define NETID_REALM_SZ          192
+#define NETID_TITLE_SZ          256
+#define NETID_CCACHE_NAME_SZ 	264
+
+#define NETID_DLGTYPE_TGT      0
+#define NETID_DLGTYPE_CHPASSWD 1
+typedef struct {
+    DWORD size;
+    DWORD dlgtype;
+    // Tells whether dialog box is in change pwd mode or init ticket mode
+    struct {
+	WCHAR title[NETID_TITLE_SZ];
+	WCHAR username[NETID_USERNAME_SZ];
+	WCHAR realm[NETID_REALM_SZ];
+	WCHAR ccache[NETID_CCACHE_NAME_SZ];
+	DWORD use_defaults;
+	DWORD forwardable;
+	DWORD noaddresses;
+	DWORD lifetime;
+	DWORD renew_till;
+	DWORD proxiable;
+	DWORD publicip;
+	DWORD must_use_specified_principal;
+    } in;
+    struct {
+        WCHAR username[NETID_USERNAME_SZ];
+        WCHAR realm[NETID_REALM_SZ];
+	WCHAR ccache[NETID_CCACHE_NAME_SZ];
+    } out;
+    // Version 1 of this structure ends here
+} NETID_DLGINFO, *LPNETID_DLGINFO;
+
+#define NETID_DLGINFO_V1_SZ (10 * sizeof(DWORD) \
+        + sizeof(WCHAR) * (NETID_TITLE_SZ + \
+        2 * NETID_USERNAME_SZ + 2 * NETID_REALM_SZ + \
+        2 * NETID_CCACHE_NAME_SZ))
+#endif /* NETIDMGR */
+
+typedef struct TicketList TicketList;
+struct TicketList {
+    TicketList *next;
+    char *service;
+    char *encTypes;
+    time_t issued;
+    time_t valid_until;
+    time_t renew_until;
+    unsigned long flags;
+};
+
+typedef struct TICKETINFO TICKETINFO;
+struct TICKETINFO {
+    TICKETINFO *next;
+    char   *principal;                /* Principal name/instance@realm */
+    char   *ccache_name;
+    TicketList *ticket_list;
+    int     btickets;                 /* Do we have tickets? */
+    time_t  issued;                   /* The issue time */
+    time_t  valid_until;              /* */
+    time_t  renew_until;              /* The Renew time (k5 only) */
+    unsigned long flags;
+};
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int FAR Leash_kinit_dlg(HWND hParent, LPLSH_DLGINFO lpdlginfo);
+int FAR Leash_kinit_dlg_ex(HWND hParent, LPLSH_DLGINFO_EX lpdlginfoex);
+int FAR Leash_changepwd_dlg(HWND hParent, LPLSH_DLGINFO lpdlginfo);
+int FAR Leash_changepwd_dlg_ex(HWND hParent, LPLSH_DLGINFO_EX lpdlginfo);
+
+long FAR Leash_checkpwd(char *principal, char *password);
+long FAR Leash_changepwd(char *principal, char *password, char *newpassword, char** result_string);
+long FAR Leash_kinit(char *principal, char *password, int lifetime);
+long FAR Leash_kinit_ex(char * principal, char * password, int lifetime,
+						int forwardable, int proxiable, int renew_life,
+						int addressless, unsigned long publicIP);
+
+long FAR Leash_klist(HWND hlist, TICKETINFO FAR *ticketinfo);
+long FAR Leash_kdestroy(void);
+long FAR Leash_get_lsh_errno( LONG FAR *err_val);
+
+long FAR Leash_renew(void);
+long FAR Leash_importable(void);
+long FAR Leash_import(void);
+
+BOOL Leash_set_help_file( char FAR *szHelpFile );
+LPSTR Leash_get_help_file(void);
+
+void Leash_reset_defaults(void);
+
+#define NO_TICKETS 0
+#define EXPD_TICKETS 2
+#define GOOD_TICKETS 1
+
+/* Leash Configuration functions - alters Current User Registry */
+DWORD Leash_get_default_lifetime();
+DWORD Leash_set_default_lifetime(DWORD minutes);
+DWORD Leash_reset_default_lifetime();
+DWORD Leash_get_default_renew_till();
+DWORD Leash_set_default_renew_till(DWORD minutes);
+DWORD Leash_reset_default_renew_till();
+DWORD Leash_get_default_renewable();
+DWORD Leash_set_default_renewable(DWORD onoff);
+DWORD Leash_reset_default_renewable();
+DWORD Leash_get_default_forwardable();
+DWORD Leash_set_default_forwardable(DWORD onoff);
+DWORD Leash_reset_default_forwardable();
+DWORD Leash_get_default_noaddresses();
+DWORD Leash_set_default_noaddresses(DWORD onoff);
+DWORD Leash_reset_default_noaddresses();
+DWORD Leash_get_default_proxiable();
+DWORD Leash_set_default_proxiable(DWORD onoff);
+DWORD Leash_reset_default_proxiable();
+DWORD Leash_get_default_publicip();
+DWORD Leash_set_default_publicip(DWORD ipv4addr);
+DWORD Leash_reset_default_publicip();
+DWORD Leash_get_hide_kinit_options();
+DWORD Leash_set_hide_kinit_options(DWORD onoff);
+DWORD Leash_reset_hide_kinit_options();
+DWORD Leash_get_default_life_min();
+DWORD Leash_set_default_life_min(DWORD minutes);
+DWORD Leash_reset_default_life_min();
+DWORD Leash_get_default_life_max();
+DWORD Leash_set_default_life_max(DWORD minutes);
+DWORD Leash_reset_default_life_max();
+DWORD Leash_get_default_renew_min();
+DWORD Leash_set_default_renew_min(DWORD minutes);
+DWORD Leash_reset_default_renew_min();
+DWORD Leash_get_default_renew_max();
+DWORD Leash_set_default_renew_max(DWORD minutes);
+DWORD Leash_reset_default_renew_max();
+DWORD Leash_get_default_uppercaserealm();
+DWORD Leash_set_default_uppercaserealm(DWORD onoff);
+DWORD Leash_reset_default_uppercaserealm();
+DWORD Leash_get_default_mslsa_import();
+DWORD Leash_set_default_mslsa_import(DWORD onoffmatch);
+DWORD Leash_reset_default_mslsa_import();
+DWORD Leash_get_default_preserve_kinit_settings();
+DWORD Leash_set_default_preserve_kinit_settings(DWORD onoff);
+DWORD Leash_reset_default_preserve_kinit_settings();
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LEASHWIN */
diff --git a/krb5-1.21.3/src/windows/include/loadfuncs-com_err.h b/krb5-1.21.3/src/windows/include/loadfuncs-com_err.h
new file mode 100644
index 00000000..a579749c
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/loadfuncs-com_err.h
@@ -0,0 +1,44 @@
+#ifndef __LOADFUNCS_COM_ERR_H__
+#define __LOADFUNCS_COM_ERR_H__
+
+#include "loadfuncs.h"
+#include <com_err.h>
+
+#if defined(_WIN64)
+#define COMERR_DLL      "comerr64.dll"
+#else
+#define COMERR_DLL      "comerr32.dll"
+#endif
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV_C,
+    com_err,
+    (const char FAR *, errcode_t, const char FAR *, ...)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    com_err_va,
+    (const char FAR *whoami, errcode_t code, const char FAR *fmt, va_list ap)
+    );
+TYPEDEF_FUNC(
+    const char FAR *,
+    KRB5_CALLCONV,
+    error_message,
+    (errcode_t)
+    );
+TYPEDEF_FUNC(
+    errcode_t,
+    KRB5_CALLCONV,
+    add_error_table,
+    (const struct error_table FAR *)
+    );
+TYPEDEF_FUNC(
+    errcode_t,
+    KRB5_CALLCONV,
+    remove_error_table,
+    (const struct error_table FAR *)
+    );
+
+#endif /* __LOADFUNCS_COM_ERR_H__ */
diff --git a/krb5-1.21.3/src/windows/include/loadfuncs-krb5.h b/krb5-1.21.3/src/windows/include/loadfuncs-krb5.h
new file mode 100644
index 00000000..b6e6a0c4
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/loadfuncs-krb5.h
@@ -0,0 +1,1825 @@
+#ifndef __LOADFUNCS_KRB5_H__
+#define __LOADFUNCS_KRB5_H__
+
+#include "loadfuncs.h"
+#include <krb5.h>
+
+#if defined(_WIN64)
+#define KRB5_DLL      "krb5_64.dll"
+#else
+#define KRB5_DLL      "krb5_32.dll"
+#endif
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_principal,
+    (krb5_context, krb5_principal)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_authenticator,
+    (krb5_context, krb5_authenticator * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_authenticator_contents,
+    (krb5_context, krb5_authenticator * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_addresses,
+    (krb5_context, krb5_address * * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_address,
+    (krb5_context, krb5_address * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_authdata,
+    (krb5_context, krb5_authdata * * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_enc_tkt_part,
+    (krb5_context, krb5_enc_tkt_part * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_ticket,
+    (krb5_context, krb5_ticket * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_tickets,
+    (krb5_context, krb5_ticket * * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_kdc_req,
+    (krb5_context, krb5_kdc_req * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_kdc_rep,
+    (krb5_context, krb5_kdc_rep * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_last_req,
+    (krb5_context, krb5_last_req_entry * * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_enc_kdc_rep_part,
+    (krb5_context, krb5_enc_kdc_rep_part * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_error,
+    (krb5_context, krb5_error * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_ap_req,
+    (krb5_context, krb5_ap_req * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_ap_rep,
+    (krb5_context, krb5_ap_rep * )
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_cred,
+    (krb5_context, krb5_cred *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_creds,
+    (krb5_context, krb5_creds *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_cred_contents,
+    (krb5_context, krb5_creds *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_cred_enc_part,
+    (krb5_context, krb5_cred_enc_part *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_checksum,
+    (krb5_context, krb5_checksum *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_checksum_contents,
+    (krb5_context, krb5_checksum *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_keyblock,
+    (krb5_context, krb5_keyblock *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_keyblock_contents,
+    (krb5_context, krb5_keyblock *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_pa_data,
+    (krb5_context, krb5_pa_data * *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_ap_rep_enc_part,
+    (krb5_context, krb5_ap_rep_enc_part *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_tkt_authent,
+    (krb5_context, krb5_tkt_authent *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_data,
+    (krb5_context, krb5_data *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_data_contents,
+    (krb5_context, krb5_data *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_unparsed_name,
+    (krb5_context, char *)
+    );
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_cksumtypes,
+    (krb5_context, krb5_cksumtype *)
+    );
+
+/* ------------------------------------------------------------------------- */
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_encrypt,
+    (krb5_context context, const krb5_keyblock *key,
+     krb5_keyusage usage, const krb5_data *ivec,
+     const krb5_data *input, krb5_enc_data *output)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_decrypt,
+    (krb5_context context, const krb5_keyblock *key,
+     krb5_keyusage usage, const krb5_data *ivec,
+     const krb5_enc_data *input, krb5_data *output)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_encrypt_length,
+    (krb5_context context, krb5_enctype enctype,
+     size_t inputlen, size_t *length)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_block_size,
+    (krb5_context context, krb5_enctype enctype,
+     size_t *blocksize)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_make_random_key,
+    (krb5_context context, krb5_enctype enctype,
+     krb5_keyblock *random_key)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_random_make_octets,
+    (krb5_context context, krb5_data *data)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_random_seed,
+    (krb5_context context, krb5_data *data)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_string_to_key,
+    (krb5_context context, krb5_enctype enctype,
+     const krb5_data *string, const krb5_data *salt,
+     krb5_keyblock *key)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_enctype_compare,
+    (krb5_context context, krb5_enctype e1, krb5_enctype e2,
+     krb5_boolean *similar)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_make_checksum,
+    (krb5_context context, krb5_cksumtype cksumtype,
+     const krb5_keyblock *key, krb5_keyusage usage,
+     const krb5_data *input, krb5_checksum *cksum)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_verify_checksum,
+    (krb5_context context,
+     const krb5_keyblock *key, krb5_keyusage usage,
+     const krb5_data *data,
+     const krb5_checksum *cksum,
+     krb5_boolean *valid)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_checksum_length,
+    (krb5_context context, krb5_cksumtype cksumtype,
+     size_t *length)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_c_keyed_checksum_types,
+    (krb5_context context, krb5_enctype enctype,
+     unsigned int *count, krb5_cksumtype **cksumtypes)
+    );
+
+/* ------------------------------------------------------------------------- */
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    valid_enctype,
+    (const krb5_enctype ktype)
+    );
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    valid_cksumtype,
+    (const krb5_cksumtype ctype)
+    );
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    is_coll_proof_cksum,
+    (const krb5_cksumtype ctype)
+    );
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    is_keyed_cksum,
+    (const krb5_cksumtype ctype)
+    );
+
+/* ------------------------------------------------------------------------- */
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_init_context,
+    (krb5_context *)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_context,
+    (krb5_context)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_decrypt_tkt_part,
+    (krb5_context,
+     const krb5_keyblock *,
+     krb5_ticket * )
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_tgt_creds,
+    (krb5_context,
+     krb5_creds ** )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_credentials,
+    (krb5_context,
+     const krb5_flags,
+     krb5_ccache,
+     krb5_creds *,
+     krb5_creds * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_credentials_validate,
+    (krb5_context,
+     const krb5_flags,
+     krb5_ccache,
+     krb5_creds *,
+     krb5_creds * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_credentials_renew,
+    (krb5_context,
+     const krb5_flags,
+     krb5_ccache,
+     krb5_creds *,
+     krb5_creds * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_req,
+    (krb5_context,
+     krb5_auth_context *,
+     const krb5_flags,
+     char *,
+     char *,
+     krb5_data *,
+     krb5_ccache,
+     krb5_data * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_req_extended,
+    (krb5_context,
+     krb5_auth_context *,
+     const krb5_flags,
+     krb5_data *,
+     krb5_creds *,
+     krb5_data * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_rep,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_rep,
+    (krb5_context,
+     krb5_auth_context,
+     const krb5_data *,
+     krb5_ap_rep_enc_part * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_error,
+    (krb5_context,
+     const krb5_error *,
+     krb5_data * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_error,
+    (krb5_context,
+     const krb5_data *,
+     krb5_error * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_safe,
+    (krb5_context,
+     krb5_auth_context,
+     const krb5_data *,
+     krb5_data *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_priv,
+    (krb5_context,
+     krb5_auth_context,
+     const krb5_data *,
+     krb5_data *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_parse_name,
+    (krb5_context,
+     const char *,
+     krb5_principal * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_unparse_name,
+    (krb5_context,
+     krb5_const_principal,
+     char * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_unparse_name_ext,
+    (krb5_context,
+     krb5_const_principal,
+     char * *,
+     int *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_set_principal_realm,
+    (krb5_context, krb5_principal, const char *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    krb5_principal_compare,
+    (krb5_context,
+     krb5_const_principal,
+     krb5_const_principal)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_keyblock,
+    (krb5_context,
+     const krb5_keyblock *,
+     krb5_keyblock * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_keyblock_contents,
+    (krb5_context,
+     const krb5_keyblock *,
+     krb5_keyblock *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_creds,
+    (krb5_context,
+     const krb5_creds *,
+     krb5_creds * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_data,
+    (krb5_context,
+     const krb5_data *,
+     krb5_data * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_principal,
+    (krb5_context,
+     krb5_const_principal,
+     krb5_principal *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_addr,
+    (krb5_context,
+     const krb5_address *,
+     krb5_address * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_addresses,
+    (krb5_context,
+     krb5_address * const *,
+     krb5_address * * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_ticket,
+    (krb5_context,
+     const krb5_ticket *,
+     krb5_ticket * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_authdata,
+    (krb5_context,
+     krb5_authdata * const *,
+     krb5_authdata * * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_authenticator,
+    (krb5_context,
+     const krb5_authenticator *,
+     krb5_authenticator * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_copy_checksum,
+    (krb5_context,
+     const krb5_checksum *,
+     krb5_checksum * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_server_rcache,
+    (krb5_context,
+     const krb5_data *, krb5_rcache *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV_C,
+    krb5_build_principal_ext,
+    (krb5_context, krb5_principal *, int, const char *, ...)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV_C,
+    krb5_build_principal,
+    (krb5_context, krb5_principal *, int, const char *, ...)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_425_conv_principal,
+    (krb5_context,
+     const char *name,
+     const char *instance, const char *realm,
+     krb5_principal *princ)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_524_conv_principal,
+    (krb5_context context, const krb5_principal princ,
+     char *name, char *inst, char *realm)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_chpw_req,
+    (krb5_context context, krb5_auth_context auth_context,
+     krb5_data *ap_req, char *passwd, krb5_data *packet)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_chpw_rep,
+    (krb5_context context, krb5_auth_context auth_context,
+     krb5_data *packet, int *result_code,
+     krb5_data *result_data)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_chpw_result_code_string,
+    (krb5_context context, int result_code,
+     char **result_codestr)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_register,
+    (krb5_context,
+     struct _krb5_kt_ops * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_resolve,
+    (krb5_context,
+     const char *,
+     krb5_keytab * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_default_name,
+    (krb5_context,
+     char *,
+     int )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_default,
+    (krb5_context,
+     krb5_keytab * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_free_entry,
+    (krb5_context,
+     krb5_keytab_entry * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_remove_entry,
+    (krb5_context,
+     krb5_keytab,
+     krb5_keytab_entry * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_add_entry,
+    (krb5_context,
+     krb5_keytab,
+     krb5_keytab_entry * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_resolve,
+    (krb5_context,
+     const char *,
+     krb5_ccache * )
+    );
+
+TYPEDEF_FUNC(
+    const char*,
+    KRB5_CALLCONV,
+    krb5_cc_default_name,
+    (krb5_context)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_set_default_name,
+    (krb5_context, const char *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_default,
+    (krb5_context,
+     krb5_ccache *)
+    );
+
+TYPEDEF_FUNC(
+    unsigned int,
+    KRB5_CALLCONV,
+    krb5_get_notification_message,
+    (void)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_copy_creds,
+    (krb5_context context,
+     krb5_ccache incc,
+     krb5_ccache outcc)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_us_timeofday,
+    (krb5_context,
+     krb5_int32 *,
+     krb5_int32 * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_timeofday,
+    (krb5_context,
+     krb5_int32 * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_os_localaddr,
+    (krb5_context,
+     krb5_address * * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_default_realm,
+    (krb5_context,
+     char * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_set_default_realm,
+    (krb5_context,
+     const char * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_free_default_realm,
+    (krb5_context,
+     const char * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_sname_to_principal,
+    (krb5_context,
+     const char *,
+     const char *,
+     krb5_int32,
+     krb5_principal *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_change_password,
+    (krb5_context context, krb5_creds *creds, char *newpw,
+     int *result_code, krb5_data *result_code_string,
+     krb5_data *result_string)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_default_config_files,
+    (char ***filenames)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_config_files,
+    (char **filenames)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_in_tkt,
+    (krb5_context,
+     const krb5_flags,
+     krb5_address * const *,
+     krb5_enctype *,
+     krb5_preauthtype *,
+     krb5_error_code ( * )(krb5_context,
+                           const krb5_enctype,
+                           krb5_data *,
+                           krb5_const_pointer,
+                           krb5_keyblock * *),
+     krb5_const_pointer,
+     krb5_error_code ( * )(krb5_context,
+                           const krb5_keyblock *,
+                           krb5_const_pointer,
+                           krb5_kdc_rep * ),
+     krb5_const_pointer,
+     krb5_creds *,
+     krb5_ccache,
+     krb5_kdc_rep * * )
+    );
+
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_in_tkt_with_password,
+    (krb5_context,
+     const krb5_flags,
+     krb5_address * const *,
+     krb5_enctype *,
+     krb5_preauthtype *,
+     const char *,
+     krb5_ccache,
+     krb5_creds *,
+     krb5_kdc_rep * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_in_tkt_with_skey,
+    (krb5_context,
+     const krb5_flags,
+     krb5_address * const *,
+     krb5_enctype *,
+     krb5_preauthtype *,
+     const krb5_keyblock *,
+     krb5_ccache,
+     krb5_creds *,
+     krb5_kdc_rep * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_in_tkt_with_keytab,
+    (krb5_context,
+     const krb5_flags,
+     krb5_address * const *,
+     krb5_enctype *,
+     krb5_preauthtype *,
+     const krb5_keytab,
+     krb5_ccache,
+     krb5_creds *,
+     krb5_kdc_rep * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_req,
+    (krb5_context,
+     krb5_auth_context *,
+     const krb5_data *,
+     krb5_const_principal,
+     krb5_keytab,
+     krb5_flags *,
+     krb5_ticket * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_read_service_key,
+    (krb5_context,
+     krb5_pointer,
+     krb5_principal,
+     krb5_kvno,
+     krb5_enctype,
+     krb5_keyblock * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_safe,
+    (krb5_context,
+     krb5_auth_context,
+     const krb5_data *,
+     krb5_data *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_priv,
+    (krb5_context,
+     krb5_auth_context,
+     const krb5_data *,
+     krb5_data *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_register,
+    (krb5_context,
+     krb5_cc_ops *,
+     krb5_boolean )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_sendauth,
+    (krb5_context,
+     krb5_auth_context *,
+     krb5_pointer,
+     char *,
+     krb5_principal,
+     krb5_principal,
+     krb5_flags,
+     krb5_data *,
+     krb5_creds *,
+     krb5_ccache,
+     krb5_error * *,
+     krb5_ap_rep_enc_part * *,
+     krb5_creds * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_recvauth,
+    (krb5_context,
+     krb5_auth_context *,
+     krb5_pointer,
+     char *,
+     krb5_principal,
+     krb5_int32,
+     krb5_keytab,
+     krb5_ticket * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_ncred,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_creds * *,
+     krb5_data * *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_mk_1cred,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_creds *,
+     krb5_data * *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_rd_cred,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_data *,
+     krb5_creds * * *,
+     krb5_replay_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_fwd_tgt_creds,
+    (krb5_context,
+     krb5_auth_context,
+     char *,
+     krb5_principal,
+     krb5_principal,
+     krb5_ccache,
+     int forwardable,
+     krb5_data *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_init,
+    (krb5_context,
+     krb5_auth_context *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_free,
+    (krb5_context,
+     krb5_auth_context)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_setflags,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_int32)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getflags,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_int32 *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_setuseruserkey,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_keyblock *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getkey,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_keyblock **)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getlocalsubkey,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_keyblock * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_set_req_cksumtype,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_cksumtype)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getlocalseqnumber,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_int32 *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getremoteseqnumber,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_int32 *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_setrcache,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_rcache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getauthenticator,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_authenticator * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_getremotesubkey,
+    (krb5_context,
+     krb5_auth_context,
+     krb5_keyblock * *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_read_password,
+    (krb5_context,
+     const char *,
+     const char *,
+     char *,
+     int * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_host_realm,
+    (krb5_context,
+     const char *,
+     char * * * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_free_host_realm,
+    (krb5_context,
+     char * const * )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_realm_domain,
+    (krb5_context,
+     const char *,
+     char ** )
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_auth_con_genaddrs,
+    (krb5_context,
+     krb5_auth_context,
+     int, int)
+    );
+
+/* ------------------------------------------------------------------------- */
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_string_to_enctype,
+    (char *, krb5_enctype *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_string_to_salttype,
+    (char *, krb5_int32 *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_string_to_cksumtype,
+    (char *, krb5_cksumtype *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_string_to_timestamp,
+    (char *, krb5_timestamp *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_string_to_deltat,
+    (char *, krb5_deltat *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_enctype_to_string,
+    (krb5_enctype, char *, size_t)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_enctype_to_name,
+    (krb5_enctype, krb5_boolean, char *, size_t)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_salttype_to_string,
+    (krb5_int32, char *, size_t)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cksumtype_to_string,
+    (krb5_cksumtype, char *, size_t)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_timestamp_to_string,
+    (krb5_timestamp, char *, size_t)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_timestamp_to_sfstring,
+    (krb5_timestamp, char *, size_t, char *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_deltat_to_string,
+    (krb5_deltat, char *, size_t)
+    );
+
+/* ------------------------------------------------------------------------- */
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_prompter_posix,
+    (krb5_context context,
+     void *data,
+     const char *name,
+     const char *banner,
+     int num_prompts,
+     krb5_prompt prompts[])
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_alloc,
+    (krb5_context ctx,
+     krb5_get_init_creds_opt **opt)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_free,
+    (krb5_context ctx,
+     krb5_get_init_creds_opt *opt)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_init,
+    (krb5_get_init_creds_opt *opt)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_tkt_life,
+    (krb5_get_init_creds_opt *opt,
+     krb5_deltat tkt_life)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_renew_life,
+    (krb5_get_init_creds_opt *opt,
+     krb5_deltat renew_life)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_forwardable,
+    (krb5_get_init_creds_opt *opt,
+     int forwardable)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_proxiable,
+    (krb5_get_init_creds_opt *opt,
+     int proxiable)
+    );
+
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_etype_list,
+    (krb5_get_init_creds_opt *opt,
+     krb5_enctype *etype_list,
+     int etype_list_length)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_address_list,
+    (krb5_get_init_creds_opt *opt,
+     krb5_address **addresses)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_preauth_list,
+    (krb5_get_init_creds_opt *opt,
+     krb5_preauthtype *preauth_list,
+     int preauth_list_length)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_salt,
+    (krb5_get_init_creds_opt *opt,
+     krb5_data *salt)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_change_password_prompt,
+    (krb5_get_init_creds_opt *opt,
+     int prompt)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_out_ccache,
+    (krb5_context context,
+     krb5_get_init_creds_opt *opt,
+     krb5_ccache ccache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_password,
+    (krb5_context context,
+     krb5_creds *creds,
+     krb5_principal client,
+     char *password,
+     krb5_prompter_fct prompter,
+     void *data,
+     krb5_deltat start_time,
+     char *in_tkt_service,
+     krb5_get_init_creds_opt *options)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_keytab,
+    (krb5_context context,
+     krb5_creds *creds,
+     krb5_principal client,
+     krb5_keytab arg_keytab,
+     krb5_deltat start_time,
+     char *in_tkt_service,
+     krb5_get_init_creds_opt *options)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_verify_init_creds_opt_init,
+    (krb5_verify_init_creds_opt *options)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_verify_init_creds_opt_set_ap_req_nofail,
+    (krb5_verify_init_creds_opt *options,
+     int ap_req_nofail)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_verify_init_creds,
+    (krb5_context context,
+     krb5_creds *creds,
+     krb5_principal ap_req_server,
+     krb5_keytab ap_req_keytab,
+     krb5_ccache *ccache,
+     krb5_verify_init_creds_opt *options)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_validated_creds,
+    (krb5_context context,
+     krb5_creds *creds,
+     krb5_principal client,
+     krb5_ccache ccache,
+     char *in_tkt_service)
+    );
+
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_renewed_creds,
+    (krb5_context context,
+     krb5_creds *creds,
+     krb5_principal client,
+     krb5_ccache ccache,
+     char *in_tkt_service)
+    );
+
+/* ------------------------------------------------------------------------- */
+
+TYPEDEF_FUNC(
+    krb5_prompt_type*,
+    KRB5_CALLCONV,
+    krb5_get_prompt_types,
+    (krb5_context context)
+    );
+
+/* NOT IN krb5.h HEADER: */
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_decode_ticket,
+    (const krb5_data *code, krb5_ticket **rep)
+    );
+
+/* --- more --- */
+
+TYPEDEF_FUNC(
+    char *,
+    KRB5_CALLCONV,
+    krb5_cc_get_name,
+    (krb5_context context, krb5_ccache cache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_gen_new,
+    (krb5_context context, krb5_ccache *cache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_initialize,
+    (krb5_context context, krb5_ccache cache, krb5_principal principal)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_destroy,
+    (krb5_context context, krb5_ccache cache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_close,
+    (krb5_context context, krb5_ccache cache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_store_cred,
+    (krb5_context context, krb5_ccache cache, krb5_creds *creds)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_retrieve_cred,
+    (krb5_context context, krb5_ccache cache,
+     krb5_flags flags, krb5_creds *mcreds,
+     krb5_creds *creds)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_get_principal,
+    (krb5_context context, krb5_ccache cache, krb5_principal *principal)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_start_seq_get,
+    (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_next_cred,
+    (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
+     krb5_creds *creds)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_end_seq_get,
+    (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_remove_cred,
+    (krb5_context context, krb5_ccache cache, krb5_flags flags,
+     krb5_creds *creds)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_set_flags,
+    (krb5_context context, krb5_ccache cache, krb5_flags flags)
+    );
+
+TYPEDEF_FUNC(
+    const char *,
+    KRB5_CALLCONV,
+    krb5_cc_get_type,
+    (krb5_context context, krb5_ccache cache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_get_full_name,
+    (krb5_context context, krb5_ccache cache, char **)
+    );
+
+TYPEDEF_FUNC(
+    char *,
+    KRB5_CALLCONV,
+    krb5_kt_get_type,
+    (krb5_context, krb5_keytab keytab)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_get_name,
+    (krb5_context context, krb5_keytab keytab, char *name,
+     unsigned int namelen)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_close,
+    (krb5_context context, krb5_keytab keytab)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_get_entry,
+    (krb5_context context, krb5_keytab keytab,
+     krb5_const_principal principal, krb5_kvno vno,
+     krb5_enctype enctype, krb5_keytab_entry *entry)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_start_seq_get,
+    (krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_next_entry,
+    (krb5_context context, krb5_keytab keytab,
+     krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_kt_end_seq_get,
+    (krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_locate_kdc,
+    (krb5_context context, const krb5_data *realm,
+      struct addrlist *addrlist,
+      int get_primaries, int socktype, int family)
+    );
+
+TYPEDEF_FUNC(
+    const char *,
+    KRB5_CALLCONV,
+    krb5_get_error_message,
+    (krb5_context, krb5_error_code)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_error_message,
+    (krb5_context, const char *)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_clear_error_message,
+    (krb5_context)
+    );
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    krb5_is_config_principal,
+    (krb5_context, krb5_const_principal)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cccol_cursor_new,
+    (krb5_context, krb5_cccol_cursor *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cccol_cursor_next,
+    (krb5_context, krb5_cccol_cursor cursor, krb5_ccache *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cccol_cursor_free,
+    (krb5_context, krb5_cccol_cursor *cursor)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_cache_match,
+    (krb5_context, krb5_principal, krb5_ccache *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_new_unique,
+    (krb5_context, const char *, const char *, krb5_ccache *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_boolean,
+    KRB5_CALLCONV,
+    krb5_cc_support_switch,
+    (krb5_context, const char *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_cc_switch,
+    (krb5_context, krb5_ccache)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_free_string,
+    (krb5_context, char *)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5int_cc_user_set_default_name,
+    (krb5_context context, const char *)
+    );
+
+#endif /* __LOADFUNCS_KRB5_H__ */
diff --git a/krb5-1.21.3/src/windows/include/loadfuncs-leash.h b/krb5-1.21.3/src/windows/include/loadfuncs-leash.h
new file mode 100644
index 00000000..6e7bdbc8
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/loadfuncs-leash.h
@@ -0,0 +1,377 @@
+#ifndef __LOADFUNCS_LEASH_H__
+#define __LOADFUNCS_LEASH_H__
+
+#include "loadfuncs.h"
+#include <leashwin.h>
+
+#if defined(_WIN64)
+#define LEASH_DLL      "leashw64.dll"
+#else
+#define LEASH_DLL      "leashw32.dll"
+#endif
+
+#define CALLCONV_C
+
+TYPEDEF_FUNC(
+    int,
+    CALLCONV_C,
+    Leash_kinit_dlg,
+    (HWND, LPLSH_DLGINFO)
+    );
+TYPEDEF_FUNC(
+    int,
+    CALLCONV_C,
+    Leash_kinit_dlg_ex,
+    (HWND, LPLSH_DLGINFO_EX)
+    );
+TYPEDEF_FUNC(
+    int,
+    CALLCONV_C,
+    Leash_changepwd_dlg,
+    (HWND, LPLSH_DLGINFO)
+    );
+TYPEDEF_FUNC(
+    int,
+    CALLCONV_C,
+    Leash_changepwd_dlg_ex,
+    (HWND, LPLSH_DLGINFO_EX)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_checkpwd,
+    (char *, char *)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_changepwd,
+    (char *, char *, char*, char*)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_kinit,
+    (char *, char *, int)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_kinit_ex,
+    (char *, char *, int,int, int, int, int, unsigned long)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_klist,
+    (HWND, TICKETINFO*)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_kdestroy,
+    (void)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_get_lsh_errno,
+    (LONG *)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    CALLCONV_C,
+    Leash_set_help_file,
+    (char *)
+    );
+TYPEDEF_FUNC(
+    char *,
+    CALLCONV_C,
+    Leash_get_help_file,
+    (void)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_timesync,
+    (int)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_lifetime,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_lifetime,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_lifetime,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_renew_till,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_renew_till,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_renew_till,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_forwardable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_forwardable,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_forwardable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_noaddresses,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_noaddresses,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_noaddresses,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_proxiable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_proxiable,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_proxiable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_publicip,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_publicip,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_publicip,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_life_min,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_life_min,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_life_min,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_life_max,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_life_max,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_life_max,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_renew_min,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_renew_min,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_renew_min,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_renew_max,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_renew_max,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_renew_max,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_renewable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_renewable,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_renewable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_uppercaserealm,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_uppercaserealm,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_uppercaserealm,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_mslsa_import,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_mslsa_import,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_mslsa_import,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_get_default_preserve_kinit_settings,
+    (void)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_set_default_preserve_kinit_settings,
+    (DWORD)
+    );
+TYPEDEF_FUNC(
+    DWORD,
+    CALLCONV_C,
+    Leash_reset_default_preserve_kinit_settings,
+    (void)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    CALLCONV_C,
+    Leash_import,
+    (void)
+    );
+TYPEDEF_FUNC(
+    long,
+    CALLCONV_C,
+    Leash_importable,
+    (void)
+    );
+TYPEDEF_FUNC(
+    int,
+    CALLCONV_C,
+    Leash_renew,
+    (void)
+    );
+TYPEDEF_FUNC(
+    void,
+    CALLCONV_C,
+    Leash_reset_defaults,
+    (void)
+    );
+/* They are not yet all here... */
+
+#endif /* __LOADFUNCS_LEASH_H__ */
diff --git a/krb5-1.21.3/src/windows/include/loadfuncs-lsa.h b/krb5-1.21.3/src/windows/include/loadfuncs-lsa.h
new file mode 100644
index 00000000..40138f5d
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/loadfuncs-lsa.h
@@ -0,0 +1,45 @@
+#ifndef __LOADFUNCS_LSA_H__
+#define __LOADFUNCS_LSA_H__
+
+#include "loadfuncs.h"
+
+#define SECUR32_DLL "secur32.dll"
+#define ADVAPI32_DLL "advapi32.dll"
+
+TYPEDEF_FUNC(
+    NTSTATUS,
+    NTAPI,
+    LsaConnectUntrusted,
+    (PHANDLE)
+    );
+TYPEDEF_FUNC(
+    NTSTATUS,
+    NTAPI,
+    LsaLookupAuthenticationPackage,
+    (HANDLE, PLSA_STRING, PULONG)
+    );
+TYPEDEF_FUNC(
+    NTSTATUS,
+    NTAPI,
+    LsaCallAuthenticationPackage,
+    (HANDLE, ULONG, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
+    );
+TYPEDEF_FUNC(
+    NTSTATUS,
+    NTAPI,
+    LsaFreeReturnBuffer,
+    (PVOID)
+    );
+TYPEDEF_FUNC(
+    ULONG,
+    NTAPI,
+    LsaNtStatusToWinError,
+    (NTSTATUS)
+    );
+TYPEDEF_FUNC(
+    NTSTATUS,
+    NTAPI,
+    LsaGetLogonSessionData,
+    (PLUID, PSECURITY_LOGON_SESSION_DATA*)
+    );
+#endif /* __LOADFUNCS_LSA_H__ */
diff --git a/krb5-1.21.3/src/windows/include/loadfuncs-profile.h b/krb5-1.21.3/src/windows/include/loadfuncs-profile.h
new file mode 100644
index 00000000..ef7f6b7c
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/loadfuncs-profile.h
@@ -0,0 +1,151 @@
+#ifndef __LOADFUNCS_PROFILE_H__
+#define __LOADFUNCS_PROFILE_H__
+
+#include "loadfuncs.h"
+#include <profile.h>
+
+#if defined(_WIN64)
+#define PROFILE_DLL      "xpprof64.dll"
+#else
+#define PROFILE_DLL      "xpprof32.dll"
+#endif
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_init,
+    (const_profile_filespec_t *files, profile_t *ret_profile)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_init_path,
+    (const_profile_filespec_list_t filelist, profile_t *ret_profile)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_flush,
+    (profile_t profile)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    profile_abandon,
+    (profile_t profile)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    profile_release,
+    (profile_t profile)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_get_values,
+    (profile_t profile, const char **names, char ***ret_values)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    profile_free_list,
+    (char **list)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_get_string,
+    (profile_t profile, const char *name, const char *subname,
+			const char *subsubname, const char *def_val,
+			char **ret_string)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_get_integer,
+    (profile_t profile, const char *name, const char *subname,
+			const char *subsubname, int def_val,
+			int *ret_default)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_get_relation_names,
+    (profile_t profile, const char **names, char ***ret_names)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_get_subsection_names,
+    (profile_t profile, const char **names, char ***ret_names)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_iterator_create,
+    (profile_t profile, const char **names, int flags, void **ret_iter)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    profile_iterator_free,
+    (void **iter_p)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_iterator,
+    (void **iter_p, char **ret_name, char **ret_value)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    profile_release_string,
+    (char *str)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_update_relation,
+    (profile_t profile, const char **names, const char *old_value, const char *new_value)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_clear_relation,
+    (profile_t profile, const char **names)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_rename_section,
+    (profile_t profile, const char **names, const char *new_name)
+    );
+
+TYPEDEF_FUNC(
+    long,
+    KRB5_CALLCONV,
+    profile_add_relation,
+    (profile_t profile, const char **names, const char *new_value)
+    );
+
+
+#endif /* __LOADFUNCS_PROFILE_H__ */
diff --git a/krb5-1.21.3/src/windows/include/loadfuncs.h b/krb5-1.21.3/src/windows/include/loadfuncs.h
new file mode 100644
index 00000000..7aef62d2
--- /dev/null
+++ b/krb5-1.21.3/src/windows/include/loadfuncs.h
@@ -0,0 +1,41 @@
+#ifndef __LOADFUNCS_H__
+#define __LOADFUNCS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <windows.h>
+
+typedef struct _FUNC_INFO {
+    void** func_ptr_var;
+    char* func_name;
+} FUNC_INFO;
+
+#define DECL_FUNC_PTR(x) FP_##x p##x
+#define MAKE_FUNC_INFO(x) { (void**) &p##x, #x }
+#define END_FUNC_INFO { 0, 0 }
+#define TYPEDEF_FUNC(ret, call, name, args) typedef ret (call *FP_##name) args
+
+void
+UnloadFuncs(
+    FUNC_INFO fi[],
+    HINSTANCE h
+    );
+
+int
+LoadFuncs(
+    const char* dll_name,
+    FUNC_INFO fi[],
+    HINSTANCE* ph,  // [out, optional] - DLL handle
+    int* pindex,    // [out, optional] - index of last func loaded (-1 if none)
+    int cleanup,    // cleanup function pointers and unload on error
+    int go_on,      // continue loading even if some functions cannot be loaded
+    int silent      // do not pop-up a system dialog if DLL cannot be loaded
+    );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __LOADFUNCS_H__ */
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/bannrbmp.bmp b/krb5-1.21.3/src/windows/installer/wix/Binary/bannrbmp.bmp
new file mode 100644
index 00000000..dc10fe07
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/bannrbmp.bmp differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/completi.ico b/krb5-1.21.3/src/windows/installer/wix/Binary/completi.ico
new file mode 100644
index 00000000..93a95a1b
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/completi.ico differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/custicon.ico b/krb5-1.21.3/src/windows/installer/wix/Binary/custicon.ico
new file mode 100644
index 00000000..878d3ba5
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/custicon.ico differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/dlgbmp.bmp b/krb5-1.21.3/src/windows/installer/wix/Binary/dlgbmp.bmp
new file mode 100644
index 00000000..323e62db
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/dlgbmp.bmp differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/exclamic.ico b/krb5-1.21.3/src/windows/installer/wix/Binary/exclamic.ico
new file mode 100644
index 00000000..906ce324
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/exclamic.ico differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/info.bmp b/krb5-1.21.3/src/windows/installer/wix/Binary/info.bmp
new file mode 100644
index 00000000..7e0ff7f1
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/info.bmp differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/insticon.ico b/krb5-1.21.3/src/windows/installer/wix/Binary/insticon.ico
new file mode 100644
index 00000000..94753ac2
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/insticon.ico differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/new.bmp b/krb5-1.21.3/src/windows/installer/wix/Binary/new.bmp
new file mode 100644
index 00000000..27881dfe
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/new.bmp differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/removico.ico b/krb5-1.21.3/src/windows/installer/wix/Binary/removico.ico
new file mode 100644
index 00000000..097cafe2
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/removico.ico differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/repairic.ico b/krb5-1.21.3/src/windows/installer/wix/Binary/repairic.ico
new file mode 100644
index 00000000..6fb68610
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/repairic.ico differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Binary/up.bmp b/krb5-1.21.3/src/windows/installer/wix/Binary/up.bmp
new file mode 100644
index 00000000..86f6b5a8
Binary files /dev/null and b/krb5-1.21.3/src/windows/installer/wix/Binary/up.bmp differ
diff --git a/krb5-1.21.3/src/windows/installer/wix/Makefile b/krb5-1.21.3/src/windows/installer/wix/Makefile
new file mode 100644
index 00000000..225fbe8f
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/Makefile
@@ -0,0 +1,72 @@
+
+# Build language
+LANG=1033
+
+# Program macros
+CANDLE=candle -nologo
+
+LIGHT=light -nologo
+
+CD=cd
+
+RM=del
+
+MAKE=nmake -nologo
+
+
+# Targets
+
+OUTPATH=.
+
+OBJFILE=$(OUTPATH)\kfw.wixobj
+
+MSIFILE=$(OUTPATH)\kfw.msi
+
+WIXINCLUDES= \
+	config.wxi \
+	features.wxi \
+	files.wxi \
+	property.wxi \
+	runtime.wxi \
+	site-local.wxi \
+	lang\strings_$(LANG).wxl \
+	lang\ui_$(LANG).wxi \
+	lang\config_$(LANG).wxi
+
+CUSTOMDLL=custom\custom.dll
+
+!if !defined(CPU) || "$(CPU)" == ""
+CPU=$(PROCESSOR_ARCHITECTURE)
+!endif # CPU
+
+!if ( "$(CPU)" == "X86" ) || ( "$(CPU)" == "x86" ) || ( "$(CPU)" == "i386" )
+WIXARCH = x86
+!elseif ( "$(CPU)" == "AMD64" )
+WIXARCH = x64
+!else
+!error "Architecture $(CPU) not supported by installer"
+!endif
+
+all: $(MSIFILE)
+
+$(OBJFILE): kfw.wxs $(WIXINCLUDES)
+	$(CANDLE) -arch $(WIXARCH) -out $@ kfw.wxs \
+		"-dDate=%DATE%" \
+		"-dTime=%TIME%" \
+		-dBuildLang=$(LANG)
+
+$(MSIFILE): $(OBJFILE) $(CUSTOMDLL)
+	$(LIGHT) -out $@ $(OBJFILE) \
+		-loc lang\strings_$(LANG).wxl -ext WixUtilExtension.dll
+
+$(CUSTOMDLL): custom\custom.cpp
+	$(CD) custom
+	$(MAKE) -f custom.cpp
+	$(CD) ..
+
+clean:
+	$(RM) $(OBJFILE)
+	$(RM) $(MSIFILE)
+	$(CD) custom
+	$(MAKE) -f custom.cpp clean
+	$(CD) ..
diff --git a/krb5-1.21.3/src/windows/installer/wix/athena/krb5.ini b/krb5-1.21.3/src/windows/installer/wix/athena/krb5.ini
new file mode 100644
index 00000000..827a247c
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/athena/krb5.ini
@@ -0,0 +1,7 @@
+[libdefaults]
+	default_realm = ATHENA.MIT.EDU
+
+[domain_realm]
+	mit.edu = ATHENA.MIT.EDU
+	win.mit.edu = WIN.MIT.EDU
+	csail.mit.edu = CSAIL.MIT.EDU
diff --git a/krb5-1.21.3/src/windows/installer/wix/config.wxi b/krb5-1.21.3/src/windows/installer/wix/config.wxi
new file mode 100644
index 00000000..579de439
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/config.wxi
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004, 2005, 2006 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+<Include xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
+
+    <!-- include site-specific customizations -->
+    <?include site-local.wxi?>
+    
+    <!-- Sanity checks -->
+    <?ifndef var.CL1600?>
+        <?error Must define CL1600 (MSVC10.0)?>
+    <?endif?>
+
+    <!-- Build type specifications -->
+    <?define BinDir="$(env.KRB_INSTALL_DIR)\bin\"?>
+    <?define PreauthDir=$(env.KRB_INSTALL_DIR)\bin\plugins\preauth?>
+    <?define LibDir="$(env.KRB_INSTALL_DIR)\lib\"?>
+    <?define InstallerVersion="450"?>
+    <?ifndef env.VISUALSTUDIOVERSION?>
+        <?define VCVer="100"?>
+    <?elseif $(env.VISUALSTUDIOVERSION) = "11.0"?>
+        <?define VCVer="110"?>
+    <?elseif $(env.VISUALSTUDIOVERSION) = "12.0"?>
+        <?define VCVer="120"?>
+    <?elseif $(env.VISUALSTUDIOVERSION) = "14.0"?>
+        <?define VCVer="140"?>
+    <?elseif $(env.VISUALSTUDIOVERSION) = "15.0"?>
+        <?define VCVer="141"?>
+    <?elseif $(env.VISUALSTUDIOVERSION) = "16.0"?>
+        <?define VCVer="142"?>
+    <?elseif $(env.VISUALSTUDIOVERSION) = "17.0"?>
+        <?define VCVer="143"?>
+    <?else?>
+        <?error Unknown MFC version?>
+    <?endif?>
+    
+    <?define KfwRegRoot="SOFTWARE\MIT\Kerberos"?>
+    <?define KfwRegWow6432Root="SOFTWARE\Wow6432Node\MIT\Kerberos"?>
+
+    <?define DocDir="$(var.TargetDir)doc\"?>
+    <?define IncDir="$(var.TargetDir)include\"?>
+    <?define SrcDir="$(var.TargetDir)"?>
+    <?define InstallDir="$(var.TargetDir)windows\installer\"?>
+    <?define SampleDir="$(var.TargetDir)sample\"?>
+    <?ifdef env.MIT_INTERNAL?>
+      <?define ConfigDir=".\athena\"?>
+    <?else?>
+      <?define ConfigDir=".\"?>
+    <?endif?>
+
+    <?define SystemDir="$(env.SystemRoot)\System32\"?>
+
+    <?include lang\config_$(var.BuildLang).wxi?>
+    
+    <!-- Parameters for the features containing debug symbols -->
+    <?ifdef env.NODEBUG?>
+         <?ifdef env.DEBUG_SYMBOL?>
+              <?define DebugSyms?>
+         <?endif?>
+    <?else?>
+         <?define Debug?>
+         <?define DebugSyms?>
+    <?endif?>
+    <?ifdef DebugSyms?>
+         <?ifdef Debug?>
+             <?define DebugSymInstallDefault="followParent"?>
+             <?define DebugSymLowLevel="30"?>
+             <?define DebugSymHighLevel="130"?>
+         <?else?>
+             <?define DebugSymInstallDefault="followParent"?>
+             <?define DebugSymLowLevel="130"?>
+             <?define DebugSymHighLevel="130"?>
+         <?endif?>
+    <?endif?>
+    
+    <!-- Configuration macros -->
+    <?ifndef LeashCreateMissingConfig?>
+        <?define LeashCreateMissingConfig="0"?>
+    <?endif?>
+    <?ifndef LeashAutoRenewTickets?>
+        <?define LeashAutoRenewTickets="1"?>
+    <?endif?>
+    <?ifndef LeashLockFileLocations?>
+        <?define LeashLockFileLocations="0"?>
+    <?endif?>
+    <?ifndef LeashLifetime?>
+        <?define LeashLifetime="0"?>
+    <?endif?>
+    <?ifndef LeashRenewTill?>
+        <?define LeashRenewTill="0"?>
+    <?endif?>
+    <?ifndef LeashRenewable?>
+        <?define LeashRenewable="0"?>
+    <?endif?>
+    <?ifndef LeashForwardable?>
+        <?define LeashForwardable="1"?>
+    <?endif?>
+    <?ifndef LeashNoAddresses?>
+        <?define LeashNoAddresses="1"?>
+    <?endif?>
+    <?ifndef LeashProxiable?>
+        <?define LeashProxiable="0"?>
+    <?endif?>
+    <?ifndef LeashPublicIp?>
+        <?define LeashPublicIp="0"?>
+    <?endif?>
+    <?ifndef LeashHideKinitOptions?>
+        <?define LeashHideKinitOptions="0"?>
+    <?endif?>
+    <?ifndef LeashLifeMin?>
+        <?define LeashLifeMin="5"?>
+    <?endif?>
+    <?ifndef LeashLifeMax?>
+        <?define LeashLifeMax="1440"?>
+    <?endif?>
+    <?ifndef LeashRenewMin?>
+        <?define LeashRenewMin="600"?>
+    <?endif?>
+    <?ifndef LeashRenewMax?>
+        <?define LeashRenewMax="43200"?>
+    <?endif?>
+    <?ifndef LeashUppercaseRealm?>
+        <?define LeashUppercaseRealm="1"?>
+    <?endif?>
+    <?ifndef LeashTimeHost?>
+        <?define LeashTimeHost="time"?>
+    <?endif?>
+    <?ifndef LeashPreserveKinitOptions?>
+        <?define LeashPreserveKinitOptions="0"?>
+    <?endif?>
+    <!-- These actually have no defaults. -->
+    <?ifndef Krb5Config?>
+        <?define Krb5Config=""?>
+    <?endif?>
+    <?ifndef Krb5CcName?>
+        <?define Krb5CcName=""?>
+    <?endif?>
+    <?ifndef Krb5PreserveIdentity?>
+        <?define Krb5PreserveIdentity="1"?>
+    <?endif?>
+
+    <!-- If neither NetIDMgr or Leash is specified, we default to NetIDMgr -->
+    <?ifndef UseNetIDMgr?>
+        <?ifndef UseLeash?>
+             <?define UseNetIDMgr="1"?>
+        <?endif?>
+    <?endif?>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/custom/custom.cpp b/krb5-1.21.3/src/windows/installer/wix/custom/custom.cpp
new file mode 100644
index 00000000..3460def6
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/custom/custom.cpp
@@ -0,0 +1,833 @@
+#ifdef __NMAKE__
+
+# NMAKE portion.
+# Build with : nmake /f custom.cpp
+# Clean with : nmake /f custom.cpp clean
+
+# Builds custom.dll
+
+OUTPATH = .
+
+# program name macros
+CC = cl /nologo
+
+LINK = link /nologo
+
+RM = del
+
+DLLFILE = $(OUTPATH)\custom.dll
+
+DLLEXPORTS =\
+    -EXPORT:EnableAllowTgtSessionKey \
+    -EXPORT:RevertAllowTgtSessionKey \
+    -EXPORT:AbortMsiImmediate \
+    -EXPORT:UninstallNsisInstallation \
+    -EXPORT:KillRunningProcesses \
+    -EXPORT:ListRunningProcesses \
+    -EXPORT:InstallNetProvider \
+    -EXPORT:UninstallNetProvider
+
+$(DLLFILE): $(OUTPATH)\custom.obj
+    $(LINK) /OUT:$@ /DLL $** $(DLLEXPORTS)
+
+$(OUTPATH)\custom.obj: custom.cpp custom.h
+    $(CC) /c /Fo$@ custom.cpp
+
+all: $(DLLFILE)
+
+clean:
+    $(RM) $(DLLFILE)
+    $(RM) $(OUTPATH)\custom.obj
+    $(RM) $(OUTPATH)\custom.exp
+
+!IFDEF __C_TEXT__
+#else
+/*
+
+Copyright 2004,2005 by the Massachusetts Institute of Technology
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of the Massachusetts
+Institute of Technology (M.I.T.) not be used in advertising or publicity
+pertaining to distribution of the software without specific, written
+prior permission.
+
+M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+*/
+
+/**************************************************************
+* custom.cpp : Dll implementing custom action to install Kerberos for Windows
+*
+*         The functions in this file are for use as entry points
+*         for calls from MSI only. The specific MSI parameters
+*         are noted in the comments section of each of the
+*         functions.
+*
+* rcsid: $Id$
+**************************************************************/
+
+#pragma unmanaged
+
+// Only works for Win2k and above
+#define _WIN32_WINNT 0x500
+#include "custom.h"
+#include <shellapi.h>
+
+// linker stuff
+#pragma comment(lib, "msi")
+#pragma comment(lib, "advapi32")
+#pragma comment(lib, "shell32")
+#pragma comment(lib, "user32")
+
+void ShowMsiError( MSIHANDLE hInstall, DWORD errcode, DWORD param ){
+	MSIHANDLE hRecord;
+
+	hRecord = MsiCreateRecord(3);
+	MsiRecordClearData(hRecord);
+	MsiRecordSetInteger(hRecord, 1, errcode);
+	MsiRecordSetInteger(hRecord, 2, param);
+
+	MsiProcessMessage( hInstall, INSTALLMESSAGE_ERROR, hRecord );
+	
+	MsiCloseHandle( hRecord );
+}
+
+static void ShowMsiErrorEx(MSIHANDLE hInstall, DWORD errcode, LPTSTR str,
+                           DWORD param )
+{
+    MSIHANDLE hRecord;
+
+    hRecord = MsiCreateRecord(3);
+    MsiRecordClearData(hRecord);
+    MsiRecordSetInteger(hRecord, 1, errcode);
+    MsiRecordSetString(hRecord, 2, str);
+    MsiRecordSetInteger(hRecord, 3, param);
+
+    MsiProcessMessage(hInstall, INSTALLMESSAGE_ERROR, hRecord);
+
+    MsiCloseHandle(hRecord);
+}
+
+#define LSA_KERBEROS_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos"
+#define LSA_KERBEROS_PARM_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters"
+#define KFW_CLIENT_KEY "SOFTWARE\\MIT\\Kerberos\\Client\\"
+#define SESSKEY_VALUE_NAME "AllowTGTSessionKey"
+
+#define SESSBACKUP_VALUE_NAME "AllowTGTSessionKeyBackup"
+#define SESSXPBACKUP_VALUE_NAME "AllowTGTSessionKeyBackupXP"
+
+
+/* Set the AllowTGTSessionKey registry keys on install.  Called as a deferred custom action. */
+MSIDLLEXPORT EnableAllowTgtSessionKey( MSIHANDLE hInstall ) {
+    return SetAllowTgtSessionKey( hInstall, TRUE );
+}
+
+/* Unset the AllowTGTSessionKey registry keys on uninstall.  Called as a deferred custom action. */
+MSIDLLEXPORT RevertAllowTgtSessionKey( MSIHANDLE hInstall ) {
+    return SetAllowTgtSessionKey( hInstall, FALSE );
+}
+
+UINT SetAllowTgtSessionKey( MSIHANDLE hInstall, BOOL pInstall ) {
+    TCHAR tchVersionString[1024];
+    TCHAR tchVersionKey[2048];
+    DWORD size;
+    DWORD type;
+    DWORD value;
+    HKEY hkKfwClient = NULL;
+    HKEY hkLsaKerberos = NULL;
+    HKEY hkLsaKerberosParm = NULL;
+    UINT rv;
+    DWORD phase = 0;
+
+    // construct the backup key path
+    size = sizeof(tchVersionString) / sizeof(TCHAR);
+    rv = MsiGetProperty( hInstall, _T("CustomActionData"), tchVersionString, &size );
+    if(rv != ERROR_SUCCESS) {
+        if(pInstall) {
+            ShowMsiError( hInstall, ERR_CUSTACTDATA, rv );
+            return rv;
+        } else {
+            return ERROR_SUCCESS;
+        }
+    }
+
+    _tcscpy( tchVersionKey, _T( KFW_CLIENT_KEY ) );
+    _tcscat( tchVersionKey, tchVersionString );
+
+    phase = 1;
+
+    rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, tchVersionKey, 0, ((pInstall)?KEY_WRITE:KEY_READ), &hkKfwClient );
+    if(rv != ERROR_SUCCESS)
+        goto cleanup;
+
+    phase = 2;
+
+    rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, _T( LSA_KERBEROS_KEY ), 0, KEY_READ | KEY_WRITE, &hkLsaKerberos );
+    if(rv != ERROR_SUCCESS) 
+        goto cleanup;
+
+    phase = 3;
+
+    rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, _T( LSA_KERBEROS_PARM_KEY ), 0, KEY_READ | KEY_WRITE, &hkLsaKerberosParm );
+    if(rv != ERROR_SUCCESS) {
+        hkLsaKerberosParm = NULL;
+    }
+
+    if(pInstall) {
+        // backup the existing values
+        if(hkLsaKerberosParm) {
+            phase = 4;
+
+            size = sizeof(value);
+            rv = RegQueryValueEx( hkLsaKerberosParm, _T( SESSKEY_VALUE_NAME ), NULL, &type, (LPBYTE) &value, &size );
+            if(rv != ERROR_SUCCESS)
+                value = 0;
+
+            phase = 5;
+            rv = RegSetValueEx( hkKfwClient, _T( SESSBACKUP_VALUE_NAME ), 0, REG_DWORD, (LPBYTE) &value, sizeof(value));
+            if(rv != ERROR_SUCCESS)
+                goto cleanup;
+        }
+
+        phase = 6;
+        size = sizeof(value);
+        rv = RegQueryValueEx( hkLsaKerberos, _T( SESSKEY_VALUE_NAME ), NULL, &type, (LPBYTE) &value, &size );
+        if(rv != ERROR_SUCCESS)
+            value = 0;
+
+        phase = 7;
+        rv = RegSetValueEx( hkKfwClient, _T( SESSXPBACKUP_VALUE_NAME ), 0, REG_DWORD, (LPBYTE) &value, sizeof(value));
+        if(rv != ERROR_SUCCESS)
+            goto cleanup;
+
+        // and now write the actual values
+        phase = 8;
+        value = 1;
+        rv = RegSetValueEx( hkLsaKerberos, _T( SESSKEY_VALUE_NAME ), 0, REG_DWORD, (LPBYTE) &value, sizeof(value));
+        if(rv != ERROR_SUCCESS)
+            goto cleanup;
+
+        if(hkLsaKerberosParm) {
+            phase = 9;
+            value = 1;
+            rv = RegSetValueEx( hkLsaKerberosParm, _T( SESSKEY_VALUE_NAME ), 0, REG_DWORD, (LPBYTE) &value, sizeof(value));
+            if(rv != ERROR_SUCCESS)
+                goto cleanup;
+        }
+
+    } else { // uninstalling
+        // Don't fail no matter what goes wrong.  This is also a rollback action.
+        if(hkLsaKerberosParm) {
+            size = sizeof(value);
+            rv = RegQueryValueEx( hkKfwClient, _T( SESSBACKUP_VALUE_NAME ), NULL, &type, (LPBYTE) &value, &size );
+            if(rv != ERROR_SUCCESS)
+                value = 0;
+
+            RegSetValueEx( hkLsaKerberosParm, _T( SESSKEY_VALUE_NAME ), 0, REG_DWORD, (LPBYTE) &value, sizeof(value));
+        }
+
+        size = sizeof(value);
+        rv = RegQueryValueEx( hkKfwClient, _T( SESSXPBACKUP_VALUE_NAME ), NULL, &type, (LPBYTE) &value, &size );
+        if(rv != ERROR_SUCCESS)
+            value = 0;
+
+        RegSetValueEx( hkLsaKerberos, _T( SESSKEY_VALUE_NAME ), 0, REG_DWORD, (LPBYTE) &value, sizeof(value));
+
+        RegDeleteValue( hkKfwClient, _T( SESSXPBACKUP_VALUE_NAME ) );
+        RegDeleteValue( hkKfwClient, _T( SESSBACKUP_VALUE_NAME ) );
+    }
+
+    // all done
+    rv = ERROR_SUCCESS;
+
+cleanup:
+    if(rv != ERROR_SUCCESS && pInstall) {
+        ShowMsiError(hInstall, 4005, phase);
+    }
+    if(hkKfwClient) RegCloseKey( hkKfwClient );
+    if(hkLsaKerberos) RegCloseKey( hkLsaKerberos );
+    if(hkLsaKerberosParm) RegCloseKey( hkLsaKerberosParm );
+
+    return rv;
+}
+
+/* Abort the installation (called as an immediate custom action) */
+MSIDLLEXPORT AbortMsiImmediate( MSIHANDLE hInstall ) {
+    DWORD rv;
+	DWORD dwSize = 0;
+	LPTSTR sReason = NULL;
+	LPTSTR sFormatted = NULL;
+	MSIHANDLE hRecord = NULL;
+	LPTSTR cAbortReason = _T("ABORTREASON");
+
+	rv = MsiGetProperty( hInstall, cAbortReason, _T(""), &dwSize );
+	if(rv != ERROR_MORE_DATA) goto _cleanup;
+
+	sReason = new TCHAR[ ++dwSize ];
+
+	rv = MsiGetProperty( hInstall, cAbortReason, sReason, &dwSize );
+
+	if(rv != ERROR_SUCCESS) goto _cleanup;
+
+    hRecord = MsiCreateRecord(3);
+	MsiRecordClearData(hRecord);
+	MsiRecordSetString(hRecord, 0, sReason);
+
+	dwSize = 0;
+
+	rv = MsiFormatRecord(hInstall, hRecord, "", &dwSize);
+	if(rv != ERROR_MORE_DATA) goto _cleanup;
+
+	sFormatted = new TCHAR[ ++dwSize ];
+
+	rv = MsiFormatRecord(hInstall, hRecord, sFormatted, &dwSize);
+
+	if(rv != ERROR_SUCCESS) goto _cleanup;
+
+	MsiCloseHandle(hRecord);
+
+	hRecord = MsiCreateRecord(3);
+	MsiRecordClearData(hRecord);
+	MsiRecordSetInteger(hRecord, 1, ERR_ABORT);
+	MsiRecordSetString(hRecord,2, sFormatted);
+	MsiProcessMessage(hInstall, INSTALLMESSAGE_ERROR, hRecord);
+
+_cleanup:
+	if(sFormatted) delete sFormatted;
+	if(hRecord) MsiCloseHandle( hRecord );
+	if(sReason) delete sReason;
+
+	return ~ERROR_SUCCESS;
+}
+
+/* Kill specified processes that are running on the system */
+/* Uses the custom table KillProcess.  Called as an immediate action. */
+
+#define MAX_KILL_PROCESSES 255
+#define FIELD_SIZE 256
+
+struct _KillProc {
+    TCHAR * image;
+    TCHAR * desc;
+    BOOL    found;
+    DWORD   pid;
+};
+
+#define RV_BAIL if(rv != ERROR_SUCCESS) goto _cleanup
+
+MSIDLLEXPORT KillRunningProcesses( MSIHANDLE hInstall ) {
+    return KillRunningProcessesWorker( hInstall, TRUE );
+}
+
+/* When listing running processes, we populate the ListBox table with
+   values associated with the property 'KillableProcesses'.  If we
+   actually find any processes worth killing, then we also set the
+   'FoundProcceses' property to '1'.  Otherwise we set it to ''.
+*/
+
+MSIDLLEXPORT ListRunningProcesses( MSIHANDLE hInstall ) {
+    return KillRunningProcessesWorker( hInstall, FALSE );
+}
+
+UINT KillRunningProcessesWorker( MSIHANDLE hInstall, BOOL bKill )
+{
+    UINT rv = ERROR_SUCCESS;
+    _KillProc * kpList;
+    int nKpList = 0;
+    int i;
+    int rowNum = 1;
+    DWORD size;
+    BOOL found = FALSE;
+
+    MSIHANDLE hDatabase = NULL;
+    MSIHANDLE hView = NULL;
+    MSIHANDLE hViewInsert = NULL;
+    MSIHANDLE hRecord = NULL;
+    MSIHANDLE hRecordInsert = NULL;
+
+    HANDLE hSnapshot = NULL;
+
+    PROCESSENTRY32 pe;
+
+    kpList = new _KillProc[MAX_KILL_PROCESSES];
+    memset(kpList, 0, sizeof(*kpList) * MAX_KILL_PROCESSES);
+
+    hDatabase = MsiGetActiveDatabase( hInstall );
+    if( hDatabase == NULL ) {
+        rv = GetLastError();
+        goto _cleanup;
+    }
+
+    // If we are only going to list out the processes, delete all the existing
+    // entries first.
+
+    if(!bKill) {
+
+        rv = MsiDatabaseOpenView( hDatabase,
+            _T( "DELETE FROM `ListBox` WHERE `ListBox`.`Property` = 'KillableProcesses'" ),
+            &hView); RV_BAIL;
+
+        rv = MsiViewExecute( hView, NULL ); RV_BAIL;
+
+        MsiCloseHandle( hView );
+
+        hView = NULL;
+        
+        rv = MsiDatabaseOpenView( hDatabase,
+              _T( "SELECT * FROM `ListBox` WHERE `Property` = 'KillableProcesses'" ),
+            &hViewInsert); RV_BAIL;
+
+        MsiViewExecute(hViewInsert, NULL);
+
+        hRecordInsert = MsiCreateRecord(4);
+
+        if(hRecordInsert == NULL) {
+            rv = GetLastError();
+            goto _cleanup;
+        }
+    }
+
+    // Open a view
+    rv = MsiDatabaseOpenView( hDatabase, 
+        _T( "SELECT `Image`,`Desc` FROM `KillProcess`" ),
+        &hView); RV_BAIL;
+
+    rv = MsiViewExecute( hView, NULL ); RV_BAIL;
+
+    do {
+        rv = MsiViewFetch( hView, &hRecord );
+        if(rv != ERROR_SUCCESS) {
+            if(hRecord) 
+                MsiCloseHandle(hRecord);
+            hRecord = NULL;
+            break;
+        }
+
+        kpList[nKpList].image = new TCHAR[ FIELD_SIZE ]; kpList[nKpList].image[0] = _T('\0');
+        kpList[nKpList].desc = new TCHAR[ FIELD_SIZE ];  kpList[nKpList].desc[0] = _T('\0');
+        nKpList++;
+
+        size = FIELD_SIZE;
+        rv = MsiRecordGetString(hRecord, 1, kpList[nKpList-1].image, &size); RV_BAIL;
+
+        size = FIELD_SIZE;
+        rv = MsiRecordGetString(hRecord, 2, kpList[nKpList-1].desc, &size); RV_BAIL;
+
+        MsiCloseHandle(hRecord);
+    } while(nKpList < MAX_KILL_PROCESSES);
+
+    hRecord = NULL;
+
+    // now we have all the processes in the array.  Check if they are running.
+    
+    hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
+    if(hSnapshot == INVALID_HANDLE_VALUE) {
+        rv = GetLastError();
+        goto _cleanup;
+    }
+
+    pe.dwSize = sizeof( PROCESSENTRY32 );
+
+    if(!Process32First( hSnapshot, &pe )) {
+        // technically we should at least find the MSI process, but we let this pass
+        rv = ERROR_SUCCESS;
+        goto _cleanup;
+    }
+
+    do {
+        for(i=0; i<nKpList; i++) {
+            if(!_tcsicmp( kpList[i].image, pe.szExeFile )) {
+                // got one
+                if(bKill) {
+                    // try to kill the process
+                    HANDLE hProcess = NULL;
+
+                    // If we encounter an error, instead of bailing
+                    // out, we continue on to the next process.  We
+                    // may not have permission to kill all the
+                    // processes we want to kill anyway.  If there are
+                    // any files that we want to replace that is in
+                    // use, Windows Installer will schedule a reboot.
+                    // Also, it's not like we have an exhaustive list
+                    // of all the programs that use Kerberos anyway.
+
+                    hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pe.th32ProcessID);
+                    if(hProcess == NULL) {
+                        rv = GetLastError();
+                        break;
+                    }
+
+                    if(!TerminateProcess(hProcess, 0)) {
+                        rv = GetLastError();
+                        CloseHandle(hProcess);
+                        break;
+                    }
+
+                    CloseHandle(hProcess);
+
+                } else {
+                    TCHAR buf[256];
+
+                    // we are supposed to just list out the processes
+                    rv = MsiRecordClearData( hRecordInsert ); RV_BAIL;
+                    rv = MsiRecordSetString( hRecordInsert, 1, _T("KillableProcesses"));
+                    rv = MsiRecordSetInteger( hRecordInsert, 2, rowNum++ ); RV_BAIL;
+                    _itot( rowNum, buf, 10 );
+                    rv = MsiRecordSetString( hRecordInsert, 3, buf ); RV_BAIL;
+                    if(_tcslen(kpList[i].desc)) {
+                        rv = MsiRecordSetString( hRecordInsert, 4, kpList[i].desc ); RV_BAIL;
+                    } else {
+                        rv = MsiRecordSetString( hRecordInsert, 4, kpList[i].image ); RV_BAIL;
+                    }
+                    MsiViewModify(hViewInsert, MSIMODIFY_INSERT_TEMPORARY, hRecordInsert); RV_BAIL;
+
+                    found = TRUE;
+                }
+                break;
+            }
+        }
+   } while( Process32Next( hSnapshot, &pe ) );
+
+    if(!bKill) {
+        // set the 'FoundProcceses' property
+        if(found) {
+            MsiSetProperty( hInstall, _T("FoundProcesses"), _T("1"));
+        } else {
+            MsiSetProperty( hInstall, _T("FoundProcesses"), _T(""));
+        }
+    }
+
+    // Finally:
+    rv = ERROR_SUCCESS;
+
+_cleanup:
+
+    if(hRecordInsert) MsiCloseHandle(hRecordInsert);
+    if(hViewInsert) MsiCloseHandle(hView);
+
+    if(hSnapshot && hSnapshot != INVALID_HANDLE_VALUE) CloseHandle(hSnapshot);
+
+    while(nKpList) {
+        nKpList--;
+        delete kpList[nKpList].image;
+        delete kpList[nKpList].desc;
+    }
+    delete kpList;
+
+    if(hRecord) MsiCloseHandle(hRecord);
+    if(hView) MsiCloseHandle(hView);
+
+    if(hDatabase) MsiCloseHandle(hDatabase);
+
+    if(rv != ERROR_SUCCESS) {
+        ShowMsiError(hInstall, ERR_PROC_LIST, rv);
+    }
+
+    return rv;
+}
+
+static bool IsNSISInstalled()
+{
+    HKEY nsisKfwKey = NULL;
+    // Note: check Wow6432 node if 64 bit build
+    HRESULT res = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+                               "SOFTWARE\\Microsoft\\Windows\\CurrentVersion"
+                               "\\Uninstall\\Kerberos for Windows",
+                               0,
+                               KEY_READ | KEY_WOW64_32KEY,
+                               &nsisKfwKey);
+    if (res != ERROR_SUCCESS)
+        return FALSE;
+
+    RegCloseKey(nsisKfwKey);
+    return TRUE;
+}
+
+static HANDLE NSISUninstallShellExecute(LPTSTR pathUninstall)
+{
+    SHELLEXECUTEINFO   sei;
+    ZeroMemory ( &sei, sizeof(sei) );
+
+    sei.cbSize          = sizeof(sei);
+    sei.hwnd            = GetForegroundWindow();
+    sei.fMask           = SEE_MASK_NOASYNC | SEE_MASK_FLAG_NO_UI |
+                          SEE_MASK_NOCLOSEPROCESS;
+    sei.lpVerb          = _T("runas"); // run as administrator
+    sei.lpFile          = pathUninstall;
+    sei.lpParameters    = _T("");
+    sei.nShow           = SW_SHOWNORMAL;
+
+    if (!ShellExecuteEx(&sei)) {
+        // FAILED! TODO: report details?
+    }
+    return sei.hProcess;
+}
+
+static HANDLE NSISUninstallCreateProcess(LPTSTR pathUninstall)
+{
+    STARTUPINFO sInfo;
+    PROCESS_INFORMATION pInfo;
+    pInfo.hProcess = NULL;
+    pInfo.hThread = NULL;
+
+    // Create a process for the uninstaller
+    sInfo.cb = sizeof(sInfo);
+    sInfo.lpReserved = NULL;
+    sInfo.lpDesktop = _T("");
+    sInfo.lpTitle = _T("NSIS Uninstaller for Kerberos for Windows");
+    sInfo.dwX = 0;
+    sInfo.dwY = 0;
+    sInfo.dwXSize = 0;
+    sInfo.dwYSize = 0;
+    sInfo.dwXCountChars = 0;
+    sInfo.dwYCountChars = 0;
+    sInfo.dwFillAttribute = 0;
+    sInfo.dwFlags = 0;
+    sInfo.wShowWindow = 0;
+    sInfo.cbReserved2 = 0;
+    sInfo.lpReserved2 = 0;
+    sInfo.hStdInput = 0;
+    sInfo.hStdOutput = 0;
+    sInfo.hStdError = 0;
+
+    if (!CreateProcess(pathUninstall,
+                       _T("Uninstall /S"),
+                       NULL,
+                       NULL,
+                       FALSE,
+                       CREATE_SUSPENDED,
+                       NULL,
+                       NULL,
+                       &sInfo,
+                       &pInfo)) {
+        // failure; could grab info, but we should be able to recover by
+        // using NSISUninstallShellExecute...
+    } else {
+        // success
+        // start up the thread
+        ResumeThread(pInfo.hThread);
+        // done with thread handle
+        CloseHandle(pInfo.hThread);
+    }
+    return pInfo.hProcess;
+}
+
+
+/* Uninstall NSIS */
+MSIDLLEXPORT UninstallNsisInstallation( MSIHANDLE hInstall )
+{
+    DWORD rv = ERROR_SUCCESS;
+    DWORD lastError;
+    // lookup the NSISUNINSTALL property value
+    LPTSTR cNsisUninstall = _T("UPGRADENSIS");
+    LPTSTR strPathUninst = NULL;
+    DWORD dwSize = 0;
+    HANDLE hProcess = NULL;
+    HANDLE hIo = NULL;
+    HANDLE hJob = NULL;
+
+    rv = MsiGetProperty( hInstall, cNsisUninstall, _T(""), &dwSize );
+    if(rv != ERROR_MORE_DATA) goto _cleanup;
+
+    strPathUninst = new TCHAR[ ++dwSize ];
+
+    rv = MsiGetProperty(hInstall, cNsisUninstall, strPathUninst, &dwSize);
+    if(rv != ERROR_SUCCESS) goto _cleanup;
+
+    hProcess = NSISUninstallCreateProcess(strPathUninst);
+    if (hProcess == NULL) // expected when run on UAC-limited account
+        hProcess = NSISUninstallShellExecute(strPathUninst);
+
+    if (hProcess == NULL) {
+        // still no uninstall process? ick...
+        lastError = GetLastError();
+        rv = 40;
+        goto _cleanup;
+    }
+    // note that it is not suffiecient to wait for the initial process to
+    // finish; there is a whole process tree that we need to wait for.  sigh.
+    JOBOBJECT_ASSOCIATE_COMPLETION_PORT acp;
+    acp.CompletionKey = 0;
+    hJob = CreateJobObject(NULL, _T("NSISUninstallObject"));
+    if(!hJob) {
+        rv = 41;
+        goto _cleanup;
+    }
+
+    hIo = CreateIoCompletionPort(INVALID_HANDLE_VALUE,0,0,0);
+    if(!hIo) {
+        rv = 42;
+        goto _cleanup;
+    }
+
+    acp.CompletionPort = hIo;
+
+    SetInformationJobObject(hJob,
+                            JobObjectAssociateCompletionPortInformation,
+                            &acp,
+                            sizeof(acp));
+
+    AssignProcessToJobObject(hJob, hProcess);
+
+    DWORD msgId;
+    ULONG_PTR unusedCompletionKey;
+    LPOVERLAPPED unusedOverlapped;
+    for (;;) {
+        if (!GetQueuedCompletionStatus(hIo,
+                                       &msgId,
+                                       &unusedCompletionKey,
+                                       &unusedOverlapped,
+                                       INFINITE)) {
+            Sleep(1000);
+        } else if (msgId == JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO) {
+            break;
+        }
+    }
+
+_cleanup:
+    if (hProcess) CloseHandle(hProcess);
+    if (hIo) CloseHandle(hIo);
+    if (hJob) CloseHandle(hJob);
+
+    if (IsNSISInstalled()) {
+        // uninstall failed: maybe user cancelled uninstall, or something else
+        // went wrong...
+        if (rv == ERROR_SUCCESS)
+            rv = 43;
+    } else {
+        // Maybe something went wrong, but it doesn't matter as long as nsis
+        // is gone now...
+        rv = ERROR_SUCCESS;
+    }
+
+    if (rv == 40) {
+        // CreateProcess() / ShellExecute() errors get extra data
+        ShowMsiErrorEx(hInstall, ERR_NSS_FAILED_CP, strPathUninst, lastError);
+    } else if (rv != ERROR_SUCCESS) {
+        ShowMsiError(hInstall, ERR_NSS_FAILED, rv);
+    }
+
+    if (strPathUninst) delete strPathUninst;
+    return rv;
+}
+
+/* Check and add or remove networkprovider key value
+        str : target string
+        str2: string to add/remove
+        bInst: == 1 if string should be added to target if not already there, 
+	otherwise remove string from target if present.
+*/
+int npi_CheckAndAddRemove( LPTSTR str, LPTSTR str2, int bInst ) {
+
+    LPTSTR target, charset, match;
+    int ret=0;
+
+    target = new TCHAR[lstrlen(str)+3];
+    lstrcpy(target,_T(","));
+    lstrcat(target,str);
+    lstrcat(target,_T(","));
+    charset = new TCHAR[lstrlen(str2)+3];
+    lstrcpy(charset,_T(","));
+    lstrcat(charset,str2);
+    lstrcat(charset,_T(","));
+
+    match = _tcsstr(target, charset);
+
+    if ((match) && (bInst)) {
+        ret = INP_ERR_PRESENT;
+        goto cleanup;
+    }
+
+    if ((!match) && (!bInst)) {
+        ret = INP_ERR_ABSENT;
+        goto cleanup;
+    }
+
+    if (bInst) // && !match
+    {
+       lstrcat(str, _T(","));
+       lstrcat(str, str2);
+       ret = INP_ERR_ADDED;
+       goto cleanup;
+    }
+
+    // if (!bInst) && (match)
+    {
+       lstrcpy(str+(match-target),match+lstrlen(str2)+2);
+       str[lstrlen(str)-1]=_T('\0');
+       ret = INP_ERR_REMOVED;
+       goto cleanup;
+    }
+
+cleanup:
+
+    delete target;
+    delete charset;
+    return ret;
+}
+
+/* Sets the registry keys required for the functioning of the network provider */
+
+DWORD InstNetProvider(MSIHANDLE hInstall, int bInst) {
+    LPTSTR strOrder;
+    HKEY hkOrder;
+    LONG rv;
+    DWORD dwSize;
+    HANDLE hProcHeap;
+
+    strOrder = (LPTSTR) 0;
+
+    CHECK(rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, STR_KEY_ORDER, 0, KEY_READ | KEY_WRITE, &hkOrder ));
+
+    dwSize = 0;
+    CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, NULL, &dwSize ) );
+
+    strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN + 4) * sizeof(TCHAR) ];
+
+    CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, (LPBYTE) strOrder, &dwSize));
+
+    strOrder[dwSize] = '\0';	/* reg strings are not always nul terminated */
+
+    npi_CheckAndAddRemove( strOrder, STR_SERVICE , bInst);
+
+    dwSize = (lstrlen( strOrder ) + 1) * sizeof(TCHAR);
+
+    CHECK(rv = RegSetValueEx( hkOrder, STR_VAL_ORDER, NULL, REG_SZ, (LPBYTE) strOrder, dwSize ));
+
+    /* everything else should be set by the MSI tables */
+    rv = ERROR_SUCCESS;
+_cleanup:
+
+    if( rv != ERROR_SUCCESS ) {
+        ShowMsiError( hInstall, ERR_NPI_FAILED, rv );
+    }
+
+    if(strOrder) delete strOrder;
+
+    return rv;
+}
+
+MSIDLLEXPORT InstallNetProvider( MSIHANDLE hInstall ) {
+    return InstNetProvider( hInstall, 1 );
+}
+
+MSIDLLEXPORT UninstallNetProvider( MSIHANDLE hInstall) {
+    return InstNetProvider( hInstall, 0 );
+}
+
+#endif
+#ifdef __NMAKE__
+!ENDIF
+#endif
diff --git a/krb5-1.21.3/src/windows/installer/wix/custom/custom.h b/krb5-1.21.3/src/windows/installer/wix/custom/custom.h
new file mode 100644
index 00000000..53a250a4
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/custom/custom.h
@@ -0,0 +1,82 @@
+/*
+
+Copyright 2004 by the Massachusetts Institute of Technology
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of the Massachusetts
+Institute of Technology (M.I.T.) not be used in advertising or publicity
+pertaining to distribution of the software without specific, written
+prior permission.
+
+M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+*/
+
+/* custom.h
+ *
+ * Declarations for Kerberos for Windows MSI setup tools
+ *
+ * rcsid : $Id$
+ */
+
+#pragma once
+
+#include<windows.h>
+#include<setupapi.h>
+#include<msiquery.h>
+#include<string.h>
+#include<tchar.h>
+#include<tlhelp32.h>
+
+#define MSIDLLEXPORT UINT __stdcall
+
+#define CHECK(x)	if((x)) goto _cleanup
+
+#define CHECKX(x,y) if(!(x)) { msiErr = (y); goto _cleanup; }
+
+#define CHECK2(x,y)  if((x)) { msiErr = (y); goto _cleanup; }
+
+#define STR_KEY_ORDER _T("SYSTEM\\CurrentControlSet\\Control\\NetworkProvider\\Order")
+#define STR_VAL_ORDER _T("ProviderOrder")
+
+#define STR_SERVICE _T("MIT Kerberos")
+#define STR_SERVICE_LEN 12
+
+
+void ShowMsiError(MSIHANDLE, DWORD, DWORD);
+UINT SetAllowTgtSessionKey( MSIHANDLE hInstall, BOOL pInstall );
+UINT KillRunningProcessesWorker( MSIHANDLE hInstall, BOOL bKill );
+
+/* exported */
+MSIDLLEXPORT AbortMsiImmediate( MSIHANDLE );
+MSIDLLEXPORT UninstallNsisInstallation( MSIHANDLE hInstall );
+MSIDLLEXPORT RevertAllowTgtSessionKey( MSIHANDLE hInstall );
+MSIDLLEXPORT EnableAllowTgtSessionKey( MSIHANDLE hInstall );
+MSIDLLEXPORT KillRunningProcesses( MSIHANDLE hInstall ) ;
+MSIDLLEXPORT ListRunningProcesses( MSIHANDLE hInstall );
+MSIDLLEXPORT InstallNetProvider( MSIHANDLE );
+MSIDLLEXPORT UninstallNetProvider ( MSIHANDLE );
+
+#define INP_ERR_PRESENT 1
+#define INP_ERR_ADDED   2
+#define INP_ERR_ABSENT  3
+#define INP_ERR_REMOVED 4
+
+/* Custom errors */
+#define ERR_CUSTACTDATA 4001
+#define ERR_NSS_FAILED  4003
+#define ERR_ABORT       4004
+#define ERR_PROC_LIST   4006
+#define ERR_NPI_FAILED  4007
+#define ERR_NSS_FAILED_CP 4008
diff --git a/krb5-1.21.3/src/windows/installer/wix/features.wxi b/krb5-1.21.3/src/windows/installer/wix/features.wxi
new file mode 100644
index 00000000..5b0747a6
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/features.wxi
@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004, 2005, 2006 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+<Include xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
+    <Feature 
+        Id="feaKfw"
+        AllowAdvertise="no"
+        Description="!(loc.KerberosDesc)"
+        InstallDefault="local"
+        Title="!(loc.KerberosTitle)"
+        ConfigurableDirectory="KERBEROSDIR"
+        Level="30">
+        <Feature
+            Id="feaKfwClient"
+            AllowAdvertise="no"
+            Description="!(loc.KerberosClientDesc)"
+            InstallDefault="local"
+            Title="!(loc.KerberosClientTitle)"
+            Level="30">
+
+            <?ifdef DebugSyms?>
+	    	<Feature 
+                    Id="feaKfwClientDebug" 
+                    AllowAdvertise="no" 
+                    Description="!(loc.StrKerberosClientDebugDesc)"
+                    Display="expand"
+		    InstallDefault="$(var.DebugSymInstallDefault)" 
+                    Level="$(var.DebugSymLowLevel)" 
+                    Title="!(loc.StrKerberosClientDebugTitle)">
+                    <ComponentRef Id="cmf_bin_debug"/>
+                    <ComponentRef Id="cmf_preauth_debug"/>
+		    <ComponentRef Id="cmp_ClientSystemDebug"/>
+                    <?include runtime_debug.wxi?>
+	        </Feature>
+	    <?endif?>
+      <?if $(sys.BUILDARCH)="x64"?>
+          <ComponentRef Id="cmf_comerr64_dll" />
+          <ComponentRef Id="cmf_gssapi64_dll" />
+          <ComponentRef Id="cmf_k5sprt64_dll" />
+          <ComponentRef Id="cmf_krb5_64_dll" />
+          <ComponentRef Id="cmf_krbcc64_dll" />
+          <ComponentRef Id="cmf_leashw64_dll" />
+          <ComponentRef Id="cmf_xpprof64_dll" />
+          <ComponentRef Id="cmf_spake64_dll" />
+       <?endif?>
+
+            <ComponentRef Id="cmf_comerr32_dll" />
+            <ComponentRef Id="cmf_gss_client_exe" />
+            <ComponentRef Id="cmf_gss_server_exe" />
+            <ComponentRef Id="cmf_gssapi32_dll" />
+            <ComponentRef Id="cmf_kdestroy_exe" />
+            <ComponentRef Id="cmf_kcpytkt_exe" />
+            <ComponentRef Id="cmf_kdeltkt_exe" />
+            <ComponentRef Id="cmf_kinit_exe" />
+            <ComponentRef Id="cmf_klist_exe" />
+            <ComponentRef Id="cmf_kpasswd_exe" />
+            <ComponentRef Id="cmf_kswitch_exe" />
+            <ComponentRef Id="cmf_kvno_exe" />
+            <ComponentRef Id="cmf_krb5_32_dll" />
+            <ComponentRef Id="cmf_k5sprt32_dll" />
+            <ComponentRef Id="cmf_krbcc32_dll" />
+            <ComponentRef Id="cmf_ccapiserver_exe" />
+            <ComponentRef Id="cmf_ms2mit_exe" />
+            <ComponentRef Id="cmf_mit2ms_exe" />
+            <ComponentRef Id="cmf_xpprof32_dll" />
+            <ComponentRef Id="cmf_spake32_dll" />
+
+            <ComponentRef Id="cmf_leashw32_dll" />
+
+            <ComponentRef Id="cmf_leash_exe" />
+<!--            <ComponentRef Id="csc_leash32_exe" /> -->
+	    <ComponentRef Id="cmf_kfwlogon_DLL" />
+            <ComponentRef Id="cmf_kfwcpcc_EXE" />
+
+            <!-- Kerberos V options -->
+            <ComponentRef Id="rcm_krb5_1" />
+            <ComponentRef Id="rcm_krb5_2" />
+            <ComponentRef Id="rcm_krb5_3" />
+
+            <!-- Leash config options -->
+            <ComponentRef Id="rcm_leash_2" />
+            <ComponentRef Id="rcm_leash_3" />
+            
+            <ComponentRef Id="cmf_leash32_chm" />
+            
+            <!-- Leash dll options -->
+            <ComponentRef Id="rcm_leashdll_1" />
+            <ComponentRef Id="rcm_leashdll_2" />
+            <ComponentRef Id="rcm_leashdll_3" />
+            <ComponentRef Id="rcm_leashdll_4" />
+            <ComponentRef Id="rcm_leashdll_5" />
+            <ComponentRef Id="rcm_leashdll_6" />
+            <ComponentRef Id="rcm_leashdll_7" />
+            <ComponentRef Id="rcm_leashdll_9" />
+            <ComponentRef Id="rcm_leashdll_10" />
+            <ComponentRef Id="rcm_leashdll_11" />
+            <ComponentRef Id="rcm_leashdll_12" />
+            <ComponentRef Id="rcm_leashdll_13" />
+            <ComponentRef Id="rcm_leashdll_15" />
+            <ComponentRef Id="rcm_leashdll_16" />
+            <ComponentRef Id="rcm_leashdll_17" />
+            
+            <ComponentRef Id="cmf_krb5_ini" />
+            
+            <ComponentRef Id="rcm_common" />
+            <ComponentRef Id="rcm_client" />
+            
+            <Feature Id="feaKfwLeashStartup" AllowAdvertise="no" Display="hidden" Level="130">
+                <Condition Level="30">LEASHAUTOSTART = 1</Condition>
+                <ComponentRef Id="csc_LeashStartup" />
+            </Feature>
+            <ComponentRef Id="SMshortcut" />
+            <ComponentRef Id="Dshortcut" />
+            <?include runtime.wxi?>
+        </Feature> <!-- /feaKfwClient -->
+        
+        <Feature
+            Id="feaKfwSDK" 
+            AllowAdvertise="no" 
+            Description="!(loc.KerberosSDKDesc)"
+            InstallDefault="local" 
+            Level="130" 
+            Title="!(loc.KerberosSDKTitle)">
+            
+        <?if $(sys.BUILDARCH) = "x86" ?>
+            <ComponentRef Id="cmp_dirlib_i386" />
+        <?else?>
+            <ComponentRef Id="cmp_dirlib_amd64" />
+        <?endif?>
+            <ComponentRef Id="cmp_dirinc_krb5_gssapi" />
+            <ComponentRef Id="cmp_dirinc_krb5_krb5" />
+            <ComponentRef Id="cmp_dirinc_krb5" />
+<!--            <ComponentRef Id="cmp_dirinc_krbcc" /> -->
+            <ComponentRef Id="cmp_dirinc_leash" />
+            <ComponentRef Id="cmp_dirinc_loadfuncs" />
+            <ComponentRef Id="rcm_common" />
+            <ComponentRef Id="rcm_sdk" />
+        </Feature> <!-- /feaKfwSDK -->
+        
+        <Feature
+            Id="feaKfwDocs" 
+            AllowAdvertise="no" 
+            Description="!(loc.KerberosDocDesc)"
+            InstallDefault="local" 
+            Level="30" 
+            Title="!(loc.KerberosDocTitle)">
+
+            <ComponentRef Id="rcm_common" />
+            <ComponentRef Id="rcm_docs" />
+        </Feature>
+        
+    </Feature>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/files.wxi b/krb5-1.21.3/src/windows/installer/wix/files.wxi
new file mode 100644
index 00000000..947bed56
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/files.wxi
@@ -0,0 +1,611 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004, 2005, 2006 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+<Include xmlns="http://schemas.microsoft.com/wix/2006/wi">
+  <Property Id="DISABLEADVTSHORTCUTS" Value="1" />
+  <Property Id="SYSTEMKRB5INI">
+    <DirectorySearch Id="WindowsFolder" Path="[WindowsFolder]">
+      <FileSearch Name="krb5.ini"/>
+    </DirectorySearch>
+  </Property>
+
+  <Directory Id="TARGETDIR" Name="SourceDir">
+    <Directory Id="DesktopFolder" Name="Desktop"/>
+    <Directory Id="$(var.PISystemFolder)" SourceName="System">
+        <Component Id="cmf_kfwlogon_DLL" Guid="$(var.cmf_kfwlogon_DLL_guid)">
+            <File Id="filekfwlogon_DLL" Name="kfwlogon.dll" KeyPath="yes" DiskId="1" Source="$(var.BinDir)kfwlogon.dll" />
+            <RegistryKey Root="HKLM" Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\MIT_KFW" Action="createAndRemoveOnUninstall">
+                <RegistryValue Name="Asynchronous" Type="integer" Value="0" />
+                <RegistryValue Name="Impersonate" Type="integer" Value="0" />
+                <RegistryValue Name="DLLName" Type="string" Value="[#filekfwlogon_DLL]" />
+                <RegistryValue Name="Logon" Type="string" Value="KFW_Logon_Event" />
+            </RegistryKey>
+          <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\MIT Kerberos\NetworkProvider" Action="createAndRemoveOnUninstall">
+            <RegistryValue Name="AuthentProviderPath" Type="expandable" Value="[$(var.PISystemFolder)]kfwlogon.dll"/>
+            <RegistryValue Name="VerboseLogging" Type="integer" Value="10"/>
+            <RegistryValue Name="ProviderPath" Type="expandable" Value="[$(var.PISystemFolder)]kfwlogon.dll"/>
+            <RegistryValue Name="Class" Type="integer" Value="2" />
+            <RegistryValue Name="Name" Type="string" Value="MIT Kerberos"/>
+          </RegistryKey>
+         </Component>
+         <Component Id="cmf_kfwcpcc_EXE" Guid="$(var.cmf_kfwcpcc_EXE_guid)">
+             <File Id="filekfwcpcc_EXE"  Name="kfwcpcc.exe"  DiskId="1" Source="$(var.BinDir)kfwcpcc.exe" />
+         </Component>
+     <?ifdef DebugSyms?>
+         <Component Id="cmp_ClientSystemDebug" Guid="$(var.cmp_ClientSystemDebug_guid)">
+		<File Id="filekfwlogon_PDB" Name="kfwlogon.pdb" KeyPath="yes" DiskId="1" Source="$(var.BinDir)kfwlogon.pdb" />
+		<File Id="filekfwcpcc_PDB" Name="kfwcpcc.pdb" DiskId="1" Source="$(var.BinDir)kfwcpcc.pdb" />
+         </Component>
+     <?endif?>
+     </Directory>
+    <Directory Id="$(var.PIProgramFilesFolder)">
+        <Directory Id="dirMIT" Name="MIT" SourceName=".">
+            <Directory Id="KERBEROSDIR" Name="Kerberos">
+                <Directory Id="dirbin" Name="bin" FileSource="$(var.BinDir)">
+                
+		    <!-- Kerberos V options -->
+		    <Component Id="rcm_krb5_1" Guid="$(var.rcm_krb5_1_guid)" DiskId="1">
+			<RegistryValue Id="reg_krb5_1" Root="HKLM" Key="Software\MIT\kerberos5" Name="config" Type="string" Value="[KRB5CONFIG]" KeyPath="yes" />
+		    	<Condition>KRB5CONFIG</Condition>
+		    </Component>
+		    <Component Id="rcm_krb5_2" Guid="$(var.rcm_krb5_2_guid)" DiskId="1">
+			<RegistryValue Id="reg_krb5_2" Root="HKLM" Key="Software\MIT\kerberos5" Name="ccname" Type="string" Value="[KRB5CCNAME]" KeyPath="yes" />
+		    	<Condition>KRB5CCNAME</Condition>
+		    </Component>
+		    <Component Id="rcm_krb5_3" Guid="$(var.rcm_krb5_3_guid)" DiskId="1">
+			<RegistryValue Id="reg_krb5_3" Root="HKLM" Key="Software\MIT\kerberos5" Name="PreserveInitialTicketIdentity" Type="integer" Value="[KRB5PRESERVEIDENTITY]" KeyPath="yes" />
+		    	<Condition>KRB5PRESERVEIDENTITY</Condition>
+		    </Component>
+                
+                    <Component Id="cmf_comerr32_dll" Guid="$(var.cmf_comerr32_dll_guid)" DiskId="1">
+	                    <File Id="fil_comerr32_dll" Name="$(var.cmf_comerr32_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_gss_client_exe" Guid="$(var.cmf_gss_client_exe_guid)" DiskId="1">
+	                    <File Id="fil_gss_client_exe" Name="gss-client.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_gss_client_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\gss-client" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_gss_client_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\gss-client" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_gss_server_exe" Guid="$(var.cmf_gss_server_exe_guid)" DiskId="1">
+	                    <File Id="fil_gss_server_exe" Name="gss-server.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_gss_server_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\gss-server" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_gss_server_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\gss-server" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_gssapi32_dll" Guid="$(var.cmf_gssapi32_dll_guid)" DiskId="1">
+	                    <File Id="fil_gssapi32_dll" Name="$(var.cmf_gssapi32_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_kdestroy_exe" Guid="$(var.cmf_kdestroy_exe_guid)" DiskId="1">
+	                    <File Id="fil_kdestroy_exe" Name="kdestroy.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_kdestroy_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kdestroy" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_kdestroy_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kdestroy" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_kcpytkt_exe" Guid="$(var.cmf_kcpytkt_exe_guid)" DiskId="1">
+	                    <File Id="fil_kcpytkt_exe" Name="kcpytkt.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_kcpytkt_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kcpytkt" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_kcpytkt_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kcpytkt" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_kdeltkt_exe" Guid="$(var.cmf_kdeltkt_exe_guid)" DiskId="1">
+	                    <File Id="fil_kdeltkt_exe" Name="kdeltkt.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_kdeltkt_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kdeltkt" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_kdeltkt_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kdeltkt" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_kinit_exe" Guid="$(var.cmf_kinit_exe_guid)" DiskId="1">
+	                    <File Id="fil_kinit_exe" Name="kinit.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_kinit_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kinit" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_kinit_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kinit" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_klist_exe" Guid="$(var.cmf_klist_exe_guid)" DiskId="1">
+	                    <File Id="fil_klist_exe" Name="klist.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_klist_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\klist" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_klist_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\klist" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_kpasswd_exe" Guid="$(var.cmf_kpasswd_exe_guid)" DiskId="1">
+	                    <File Id="fil_kpasswd_exe" Name="kpasswd.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_kpasswd_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kpasswd" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_kpasswd_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kpasswd" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_kswitch_exe" Guid="$(var.cmf_kswitch_exe_guid)" DiskId="1">
+                      <File Id="fil_kswitch_exe" Name="kswitch.exe" KeyPath="yes" />
+                      <RegistryKey Id="reg_ts_kswitch_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kswitch" Action="createAndRemoveOnUninstall" />
+                      <RegistryValue Id="reg_ts_kswitch_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kswitch" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_kvno_exe" Guid="$(var.cmf_kvno_exe_guid)" DiskId="1">
+	                    <File Id="fil_kvno_exe" Name="kvno.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_kvno_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kvno" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_kvno_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\kvno" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_krb5_32_dll" Guid="$(var.cmf_krb5_32_dll_guid)" DiskId="1">
+	                    <File Id="fil_krb5_32_dll" Name="$(var.cmf_krb5_32_dll_name)" KeyPath="yes" />
+	                    <Environment Id="env_kclient_path" Action="set" Name="PATH" Part="last" System="yes" Value="[KERBEROSDIR]bin" />
+	                    <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ATHENA.MIT.EDU">
+	                      <RegistryValue Name="KdcNames" Type="multiString">
+	                        <MultiStringValue>kerberos.mit.edu</MultiStringValue>
+	                        <MultiStringValue>kerberos-1.mit.edu</MultiStringValue>
+	                        <MultiStringValue>kerberos-2.mit.edu</MultiStringValue>
+	                      </RegistryValue>
+	                    </RegistryKey>
+	                    <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\CSAIL.MIT.EDU">
+	                      <RegistryValue Name="KdcNames" Type="multiString">
+	                        <MultiStringValue>kerberos-1.csail.mit.edu</MultiStringValue>
+	                        <MultiStringValue>kerberos-2.csail.mit.edu</MultiStringValue>
+	                      </RegistryValue>
+	                    </RegistryKey>
+                    </Component>
+                    <Component Id="cmf_k5sprt32_dll" Guid="$(var.cmf_k5sprt32_dll_guid)" DiskId="1">
+	                    <File Id="fil_k5sprt32_dll" Name="$(var.cmf_k5sprt32_dll_name)" />
+                    </Component>
+                    <Component Id="cmf_krbcc32_dll" Guid="$(var.cmf_krbcc32_dll_guid)" DiskId="1">
+	                    <File Id="fil_krbcc32_dll" Name="$(var.cmf_krbcc32_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_ccapiserver_exe" Guid="$(var.cmf_ccapiserver_exe_guid)" DiskId="1">
+	                    <File Id="fil_ccapiserver_exe" Name="$(var.cmf_ccapiserver_exe_name)" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_krbcc32s_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\ccapiserver" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_krbcc32s_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\ccapiserver" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_leash_exe" Guid="$(var.cmf_leash_exe_guid)" DiskId="1">
+                      <File Id="fil_leash_exe" Name="MIT Kerberos.exe" KeyPath="yes">
+                      </File>
+                      <RegistryKey Id="reg_ts_leash32_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\leash32" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_leash32_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\leash32" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+
+<!--                    <Component Id="csc_leash32_exe" Guid="$(var.csc_leash32_exe_guid)" DiskId="1">
+                        <CreateFolder Directory="dirShortcut" />
+                        <Condition>USELEASH</Condition>
+                    </Component> -->
+
+                    <!-- Leash32 configuration -->
+                    <Component Id="rcm_leash_2" Guid="$(var.rcm_leash_2_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leash_2" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="createmissingconfig" Type="integer" Value="[LEASHCREATEMISSINGCONFIG]" KeyPath="yes"/>
+	                    <Condition>LEASHCREATEMISSINGCONFIG</Condition>
+                    </Component>
+                    <Component Id="rcm_leash_3" Guid="$(var.rcm_leash_3_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leash_3" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="AutoRenewTickets" Type="integer" Value="[LEASHAUTORENEWTICKETS]" KeyPath="yes"/>
+	                    <Condition>LEASHAUTORENEWTICKETS</Condition>
+                    </Component>
+                    <Component Id="csc_LeashStartup" Guid="$(var.csc_LeashStartup_guid)" DiskId="1">
+                        <RegistryValue Id="reg_sc_leash_marker" Root="HKCU" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="LeashAutoStart" Type="integer" Value="1" KeyPath="yes" />
+                        <Shortcut Id="sc_leash_exe_startup" Advertise="no" Directory="StartupFolder" Name="MIT Kerberos.lnk" Arguments="[LEASHAUTOINIT]" Target="[dirbin]MIT Kerberos.exe" Show="minimized" />
+                    </Component>
+
+                    <Component Id="cmf_leash32_chm" Guid="$(var.cmf_leash32_chm_guid)" DiskId="1">
+	                    <File Id="fil_leash32_chm" Name="MIT Kerberos.chm" KeyPath="yes" />
+                    </Component>
+                    
+                    <Component Id="cmf_leashw32_dll" Guid="$(var.cmf_leashw32_dll_guid)" DiskId="1">
+	                    <File Id="fil_leashw32_dll" Name="$(var.cmf_leashw32_dll_name)" KeyPath="yes" />
+                    </Component>
+                    
+                    <!-- Leash DLL configuration -->
+                    <Component Id="rcm_leashdll_1" Guid="$(var.rcm_leashdll_1_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_1" Root="HKLM" Key="Software\MIT\Leash" Name="lifetime" Type="integer" Value="[LEASHLIFETIME]" KeyPath="yes"/>
+	                    <Condition>LEASHLIFETIME</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_2" Guid="$(var.rcm_leashdll_2_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_2" Root="HKLM" Key="Software\MIT\Leash" Name="renew_till" Type="integer" Value="[LEASHRENEWTILL]" KeyPath="yes"/>
+	                    <Condition>LEASHRENEWTILL</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_3" Guid="$(var.rcm_leashdll_3_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_3" Root="HKLM" Key="Software\MIT\Leash" Name="renewable" Type="integer" Value="[LEASHRENEWABLE]" KeyPath="yes"/>
+	                    <Condition>LEASHRENEWABLE</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_4" Guid="$(var.rcm_leashdll_4_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_4" Root="HKLM" Key="Software\MIT\Leash" Name="forwardable" Type="integer" Value="[LEASHFORWARDABLE]" KeyPath="yes"/>
+	                    <Condition>LEASHFORWARDABLE</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_5" Guid="$(var.rcm_leashdll_5_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_5" Root="HKLM" Key="Software\MIT\Leash" Name="noaddresses" Type="integer" Value="[LEASHNOADDRESSES]" KeyPath="yes"/>
+	                    <Condition>LEASHNOADDRESSES</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_6" Guid="$(var.rcm_leashdll_6_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_6" Root="HKLM" Key="Software\MIT\Leash" Name="proxiable" Type="integer" Value="[LEASHPROXIABLE]" KeyPath="yes"/>
+	                    <Condition>LEASHPROXIABLE</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_7" Guid="$(var.rcm_leashdll_7_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_7" Root="HKLM" Key="Software\MIT\Leash" Name="publicip" Type="integer" Value="[LEASHPUBLICIP]" KeyPath="yes"/>
+	                    <Condition>LEASHPUBLICIP</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_9" Guid="$(var.rcm_leashdll_9_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_9" Root="HKLM" Key="Software\MIT\Leash" Name="hide_kinit_options" Type="integer" Value="[LEASHHIDEKINITOPTIONS]" KeyPath="yes"/>
+	                    <Condition>LEASHHIDEKINITOPTIONS</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_10" Guid="$(var.rcm_leashdll_10_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_10" Root="HKLM" Key="Software\MIT\Leash" Name="life_min" Type="integer" Value="[LEASHLIFEMIN]" KeyPath="yes"/>
+	                    <Condition>LEASHLIFEMIN</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_11" Guid="$(var.rcm_leashdll_11_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_11" Root="HKLM" Key="Software\MIT\Leash" Name="life_max" Type="integer" Value="[LEASHLIFEMAX]" KeyPath="yes"/>
+	                    <Condition>LEASHLIFEMAX</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_12" Guid="$(var.rcm_leashdll_12_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_12" Root="HKLM" Key="Software\MIT\Leash" Name="renew_min" Type="integer" Value="[LEASHRENEWMIN]" KeyPath="yes"/>
+	                    <Condition>LEASHRENEWMIN</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_13" Guid="$(var.rcm_leashdll_13_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_13" Root="HKLM" Key="Software\MIT\Leash" Name="renew_max" Type="integer" Value="[LEASHRENEWMAX]" KeyPath="yes"/>
+	                    <Condition>LEASHRENEWMAX</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_15" Guid="$(var.rcm_leashdll_15_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_15" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="uppercaserealm" Type="integer" Value="[LEASHUPPERCASEREALM]" KeyPath="yes"/>
+	                    <Condition>LEASHUPPERCASEREALM</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_16" Guid="$(var.rcm_leashdll_16_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_16" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="timehost" Type="string" Value="[LEASHTIMEHOST]" KeyPath="yes"/>
+	                    <Condition>LEASHTIMEHOST</Condition>
+                    </Component>
+                    <Component Id="rcm_leashdll_17" Guid="$(var.rcm_leashdll_17_guid)" DiskId="1">
+	                    <RegistryValue Id="reg_leashdll_17" Root="HKLM" Key="Software\MIT\Leash" Name="preserve_kinit_options" Type="integer" Value="[LEASHPRESERVEKINITOPTIONS]" KeyPath="yes"/>
+	                    <Condition>LEASHPRESERVEKINITOPTIONS</Condition>
+                    </Component>
+                    
+                    <Component Id="cmf_ms2mit_exe" Guid="$(var.cmf_ms2mit_exe_guid)" DiskId="1">
+	                    <File Id="fil_ms2mit_exe" Name="ms2mit.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_ms2mit_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\ms2mit" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_ms2mit_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\ms2mit" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_mit2ms_exe" Guid="$(var.cmf_mit2ms_exe_guid)" DiskId="1">
+	                    <File Id="fil_mit2ms_exe" Name="mit2ms.exe" KeyPath="yes" />
+	                    <RegistryKey Id="reg_ts_mit2ms_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\mit2ms" Action="createAndRemoveOnUninstall" />
+	                    <RegistryValue Id="reg_ts_mit2ms_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\mit2ms" Name="Flags" Type="integer" Value="1032" />
+                    </Component>
+                    <Component Id="cmf_xpprof32_dll" Guid="$(var.cmf_xpprof32_dll_guid)" DiskId="1">
+	                    <File Id="fil_xpprof32_dll" Name="$(var.cmf_xpprof32_dll_name)" KeyPath="yes" />
+                    </Component>
+                  <?if $(sys.BUILDARCH) = "x64"?>
+                    <Component Id="cmf_krb5_64_dll" Guid="$(var.cmf_krb5_64_dll_guid)" DiskId="1">
+                      <File Id="fil_krb5_64_dll" Name="$(var.cmf_krb5_64_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_k5sprt64_dll" Guid="$(var.cmf_k5sprt64_dll_guid)" DiskId="1">
+                      <File Id="fil_k5sprt64_dll" Name="$(var.cmf_k5sprt64_dll_name)" />
+                    </Component>
+                    <Component Id="cmf_krbcc64_dll" Guid="$(var.cmf_krbcc64_dll_guid)" DiskId="1">
+                      <File Id="fil_krbcc64_dll" Name="$(var.cmf_krbcc64_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_gssapi64_dll" Guid="$(var.cmf_gssapi64_dll_guid)" DiskId="1">
+                      <File Id="fil_gssapi64_dll" Name="$(var.cmf_gssapi64_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_comerr64_dll" Guid="$(var.cmf_comerr64_dll_guid)" DiskId="1">
+                      <File Id="fil_comerr64_dll" Name="$(var.cmf_comerr64_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_leashw64_dll" Guid="$(var.cmf_leashw64_dll_guid)" DiskId="1">
+                      <File Id="fil_leashw64_dll" Name="$(var.cmf_leashw64_dll_name)" KeyPath="yes" />
+                    </Component>
+                    <Component Id="cmf_xpprof64_dll" Guid="$(var.cmf_xpprof64_dll_guid)" DiskId="1">
+                      <File Id="fil_xpprof64_dll" Name="$(var.cmf_xpprof64_dll_name)" KeyPath="yes" />
+                    </Component>
+                  <?endif?>
+
+                  <!-- Debug symbols -->
+                <?ifdef DebugSyms?>
+                    <Component Id="cmf_bin_debug" Guid="$(var.cmf_bin_debug_guid)" DiskId="1">
+                        <?if $(sys.BUILDARCH) = "x86" ?>
+	                    <File Id="fil_comerr32_pdb" Name="comerr32.pdb" />
+	                    <File Id="fil_gssapi32_pdb" Name="gssapi32.pdb" />
+	                    <File Id="fil_krb5_32_pdb" Name="krb5_32.pdb" KeyPath="yes" />
+	                    <File Id="fil_k5sprt32_pdb" Name="k5sprt32.pdb" />
+	                    <File Id="fil_krbcc32_pdb" Name="krbcc32.pdb" />
+	                    <File Id="fil_leashw32_pdb" Name="leashw32.pdb" />
+	                    <File Id="fil_xpprof32_pdb" Name="xpprof32.pdb" />
+                        <?else?>
+	                    <File Id="fil_comerr64_pdb" Name="comerr64.pdb" />
+	                    <File Id="fil_gssapi64_pdb" Name="gssapi64.pdb" />
+	                    <File Id="fil_krb5_64_pdb" Name="krb5_64.pdb" KeyPath="yes" />
+	                    <File Id="fil_k5sprt64_pdb" Name="k5sprt64.pdb" />
+	                    <File Id="fil_krbcc64_pdb" Name="krbcc64.pdb" />
+	                    <File Id="fil_leashw64_pdb" Name="leashw64.pdb" />
+	                    <File Id="fil_xpprof64_pdb" Name="xpprof64.pdb" />
+                        <?endif?>
+                      <File Id="fil_leash_pdb" Name="leash.pdb" />
+                      <File Id="fil_ccapiserver_pdb" Name="ccapiserver.pdb" />
+                      <File Id="fil_gss_client_pdb" Name="gss-client.pdb" />
+	                    <File Id="fil_gss_server_pdb" Name="gss-server.pdb" />
+	                    <File Id="fil_kdestroy_pdb" Name="kdestroy.pdb" />
+	                    <File Id="fil_kcpytkt_pdb" Name="kcpytkt.pdb" />
+	                    <File Id="fil_kdeltkt_pdb" Name="kdeltkt.pdb" />
+	                    <File Id="fil_kinit_pdb" Name="kinit.pdb" />
+	                    <File Id="fil_klist_pdb" Name="klist.pdb" />
+	                    <File Id="fil_kpasswd_pdb" Name="kpasswd.pdb" />
+                      <File Id="fil_kswitch_pdb" Name="kswitch.pdb" />
+                      <File Id="fil_kvno_pdb" Name="kvno.pdb" />
+	                    <File Id="fil_ms2mit_pdb" Name="ms2mit.pdb" />
+	                    <File Id="fil_mit2ms_pdb" Name="mit2ms.pdb" />
+                    </Component>
+                <?endif?>
+
+                  <Directory Id="dirplugins" Name="plugins">
+                    <Directory Id="dirpreauth" Name="preauth" FileSource="$(var.PreauthDir)">
+                      <Component Id="cmf_spake32_dll" Guid="$(var.cmf_spake32_dll_guid)" DiskId="1">
+                        <File Id="fil_spake32_dll" Name="$(var.cmf_spake32_dll_name)" KeyPath="yes" />
+                      </Component>
+                      <?if $(sys.BUILDARCH) = "x64"?>
+                        <Component Id="cmf_spake64_dll" Guid="$(var.cmf_spake64_dll_guid)" DiskId="1">
+                          <File Id="fil_spake64_dll" Name="$(var.cmf_spake64_dll_name)" KeyPath="yes" />
+                        </Component>
+                      <?endif?>
+                      <?ifdef DebugSyms?>
+                        <Component Id="cmf_preauth_debug" Guid="$(var.cmf_preauth_debug_guid)" DiskId="1">
+                          <?if $(sys.BUILDARCH) = "x86" ?>
+                            <File Id="fil_spake32_pdb" Name="spake32.pdb" />
+                          <?else?>
+                            <File Id="fil_spake32_pdb" Name="spake64.pdb" />
+                          <?endif?>
+                        </Component>
+                      <?endif?>
+                    </Directory> <!-- /preauth -->
+                  </Directory> <!-- /plugins -->
+                </Directory> <!-- /bin -->
+                
+                <Directory Id="dirinc" Name="include" FileSource="$(var.IncDir)">
+                        <Directory Id="dirinc_krb5_gssapi" Name="gssapi" FileSource="$(var.IncDir)gssapi\">
+                            <Component Id="cmp_dirinc_krb5_gssapi" Guid="BD3C190B-1EBB-4d14-81DD-B2000DC4EAC7" DiskId="1">
+                                <File Id="fil_gssapi_h" Name="gssapi.h" KeyPath="yes" />
+                                <File Id="fil_gssapi_alloc_h" Name="gssapi_alloc.h" />
+                                <File Id="fil_gssapi_ext_h" Name="gssapi_ext.h" />
+                                <File Id="fil_gssapi_generic_h" Name="gssapi_generic.h" />
+                                <File Id="fil_gssapi_krb5_h" Name="gssapi_krb5.h" />
+                            </Component>
+                        </Directory>
+                        <Directory Id="dirinc_krb5_krb5" Name="krb5" FileSource="$(var.IncDir)krb5\">
+                            <Component Id="cmp_dirinc_krb5_krb5" Guid="D1E4E3D8-EF04-4DD6-B01E-F87876509869" DiskId="1">
+                                <File Id="fil_krb5_h_inc" Name="krb5.h" KeyPath="yes" />
+                            </Component>
+                        </Directory>
+                        <Component Id="cmp_dirinc_krb5" Guid="7FD8008B-2F46-4613-8A09-989F643258F1" DiskId="1">
+                            <File Id="fil_com_err_.h" Name="com_err.h" />
+                            <File Id="fil_krb5_.h" Name="krb5.h" KeyPath="yes" />
+                            <File Id="fil_profile_.h" Name="profile.h" />
+                            <File Id="fil_win_mac_.h" Name="win-mac.h" />
+                        </Component>
+                    <Directory Id="dirinc_windows" Name="windows" FileSource="$(var.SrcDir)windows\include\">
+<!-- TODO: CredentialCache.h?
+                        <Component Id="cmp_dirinc_krbcc" Guid="2CE4B708-7D45-41e4-8A53-BF2D78451A81" DiskId="1">
+                            <File Id="fil_cacheapi_h" Name="cacheapi.h" KeyPath="yes" />
+                        </Component> -->
+                        <Component Id="cmp_dirinc_leash" Guid="FCF269AB-D9BC-49bd-B9F3-D6EA9697D8D7" DiskId="1">
+                            <File Id="fil_leasherr_h" Name="leasherr.h" />
+                            <File Id="fil_leashinfo_h" Name="leashinfo.h" />
+                            <File Id="fil_leashwin_h" Name="leashwin.h" KeyPath="yes" />
+                        </Component>
+                        <Component Id="cmp_dirinc_loadfuncs" Guid="C8E59D05-4502-498b-A107-1DF65C3A27D3" DiskId="1">
+                            <File Id="fil_loadfuncs_com_err_h" Name="loadfuncs-com_err.h" />
+                            <File Id="fil_loadfuncs_krb5_h" Name="loadfuncs-krb5.h" />
+                            <File Id="fil_loadfuncs_leash_h" Name="loadfuncs-leash.h" />
+                            <File Id="fil_loadfuncs_lsa_h" Name="loadfuncs-lsa.h" />
+                            <File Id="fil_loadfuncs_profile_h" Name="loadfuncs-profile.h" />
+<!--                            <File Id="fil_loadfuncs_c" Name="loadfuncs.c" /> -->
+                            <File Id="fil_loadfuncs_h" Name="loadfuncs.h" KeyPath="yes" />
+                        </Component>
+                    </Directory>
+                </Directory>
+                
+                <Directory Id="dirlib" Name="lib" FileSource="$(var.LibDir)">
+                   <?if $(sys.BUILDARCH) = "x86" ?>
+                    <Directory Id="dirlib_i386" Name="i386" FileSource="$(var.LibDir)">
+                        <Component Id="cmp_dirlib_i386" Guid="CFEE3ED4-92D4-49e1-BB78-8BCBC60C3E57" DiskId="1">
+                            <File Id="fil_comerr32_lib" Name="comerr32.lib" />
+                            <File Id="fil_gssapi32_lib" Name="gssapi32.lib" />
+                            <File Id="fil_krb5_32_lib" Name="krb5_32.lib" KeyPath="yes" />
+                            <File Id="fil_krbcc32_lib" Name="krbcc32.lib" />
+                            <File Id="fil_leashw32_lib" Name="leashw32.lib" />
+                            <File Id="fil_xpprof32_lib" Name="xpprof32.lib" />
+                        </Component>
+                    </Directory>
+                    <?endif?>
+                    <?if $(sys.BUILDARCH) = "x64" ?>
+                    <Directory Id="dirlib_amd64" Name="amd64" FileSource="$(var.LibDir)">
+                        <Component Id="cmp_dirlib_amd64" Guid="F9A54201-FFD6-4a45-B021-276D9F6C40A2" DiskId="1">
+                            <File Id="fil_comerr64_lib" Name="comerr64.lib" />
+                            <File Id="fil_gssapi64_lib" Name="gssapi64.lib" />
+                            <File Id="fil_krb5_64_lib" Name="krb5_64.lib" KeyPath="yes" />
+                            <File Id="fil_krbcc64_lib" Name="krbcc64.lib" />
+                            <File Id="fil_leashw64_lib" Name="leashw64.lib" />
+                            <File Id="fil_xpprof64_lib" Name="xpprof64.lib" />
+                        </Component>
+                    </Directory>
+                    <?endif?>
+                </Directory>
+            </Directory> <!-- /Kerberos -->
+        </Directory> <!-- /MIT -->
+    </Directory> <!-- /Program Files -->
+    <Directory Id="CommonAppDataFolder" Name="CommonAppDataFolder">
+      <Directory Id="APPDATAMITDIR" Name="MIT">
+        <Directory Id="APPDATAKERBEROS5DIR" Name="Kerberos5">
+          <Component Id="cmf_krb5_ini" Guid="C1AF0670-BBF1-4AA6-B2A6-6C8B1584A1F4" NeverOverwrite="yes" Permanent="yes" DiskId="1">
+            <File Id="fil_krb5_ini" Name="krb5.ini" Source="$(var.ConfigDir)krb5.ini" KeyPath="yes" />
+            <CreateFolder/>
+          </Component>
+        </Directory>
+      </Directory>
+    </Directory>
+    
+    <!-- Start Menu shortcut -->
+    <Directory Id="ProgramMenuFolder">
+        <Directory Id="dirShortcut" Name="$(var.BaseProductName)" />
+    </Directory>
+
+    <Directory Id="StartupFolder">
+    </Directory>
+    
+    <Component Id="rcm_common" Guid="486D84B6-CCE5-4b95-B8E2-7DFBDB4CF9A2">
+        <RegistryKey Id="reg_common0" Root="HKLM" Key="$(var.KfwRegRoot)" Action="createAndRemoveOnUninstall" />
+        <RegistryValue Id="reg_common2" Root="HKLM" Key="$(var.KfwRegRoot)" Name="InstallDir" Type="string" Value="[KERBEROSDIR]" KeyPath="yes" />
+    <?ifdef Debug?>
+        <RegistryKey Id="reg_common3" Root="HKLM" Key="$(var.KfwRegRoot)\CurrentVersion" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_common4" Root="HKLM" Key="$(var.KfwRegRoot)\CurrentVersion" Name="Debug" Type="integer" Value="1"/>
+        <RegistryKey Id="reg_common5" Root="HKLM" Key="$(var.KfwRegRoot)\$(var.VersionString)" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_common6" Root="HKLM" Key="$(var.KfwRegRoot)\$(var.VersionString)" Name="Debug" Type="integer" Value="1"/>
+    <?else?>
+        <RemoveRegistryKey Id="reg_common7" Root="HKLM" Key="$(var.KfwRegRoot)\CurrentVersion" Action="removeOnInstall"/>
+        <RemoveRegistryKey Id="reg_common8" Root="HKLM" Key="$(var.KfwRegRoot)\$(var.VersionString)" Action="removeOnInstall"/>
+    <?endif?>
+    <?if $(sys.BUILDARCH) = "x64"?>
+        <RegistryKey Id="reg_common0_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)" Action="createAndRemoveOnUninstall" />
+        <!-- Cannot set KeyPath twice in one Component -->
+        <RegistryValue Id="reg_common2_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)" Name="InstallDir" Type="string" Value="[KERBEROSDIR]"/>
+    <?ifdef Debug?>
+        <RegistryKey Id="reg_common3_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)\CurrentVersion" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_common4_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)\CurrentVersion" Name="Debug" Type="integer" Value="1"/>
+        <RegistryKey Id="reg_common5_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)\$(var.VersionString)" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_common6_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)\$(var.VersionString)" Name="Debug" Type="integer" Value="1"/>
+    <?else?>
+        <RemoveRegistryKey Id="reg_common7_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)\CurrentVersion" Action="removeOnInstall"/>
+        <RemoveRegistryKey Id="reg_common8_32" Root="HKLM" Key="$(var.KfwRegWow6432Root)\$(var.VersionString)" Action="removeOnInstall"/>
+    <?endif?>
+    <?endif?>
+    </Component>
+    
+    <Component Id="rcm_client" Guid="901179B2-7369-43b1-ACF3-4C7F37482CC7">
+        <RegistryKey Id="reg_client0" Root="HKLM" Key="$(var.KfwRegRoot)\Client" Action="createAndRemoveOnUninstall"/>
+
+        <RegistryKey Id="reg_client1" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_client3" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="VersionString" Type="string" Value="$(var.VersionString)" />
+        <RegistryValue Id="reg_client4" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="Title" Type="string" Value="KfW" />
+        <RegistryValue Id="reg_client5" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="Description" Type="string" Value="$(var.ProductFullName)" />
+        <RegistryValue Id="reg_client6" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="PathName" Type="string" Value="[KERBEROSDIR]" />
+        <RegistryValue Id="reg_client7" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="Software Type" Type="string" Value="Authentication" />
+        <RegistryValue Id="reg_client8" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="MajorVersion" Type="integer" Value="$(var.VersionMajor)" />
+        <RegistryValue Id="reg_client9" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="MinorVersion" Type="integer" Value="$(var.VersionMinor)" />
+        <RegistryValue Id="reg_client10" Root="HKLM" Key="$(var.KfwRegRoot)\Client\CurrentVersion" Name="PatchLevel" Type="integer" Value="$(var.VersionPatch)" />
+
+        <RegistryKey Id="reg_client11" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_client13" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="VersionString" Type="string" Value="$(var.VersionString)" KeyPath="yes" />
+        <RegistryValue Id="reg_client14" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="Title" Type="string" Value="KfW" />
+        <RegistryValue Id="reg_client15" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="Description" Type="string" Value="$(var.ProductFullName)" />
+        <RegistryValue Id="reg_client16" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="PathName" Type="string" Value="[KERBEROSDIR]" />
+        <RegistryValue Id="reg_client17" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="Software Type" Type="string" Value="Authentication" />
+        <RegistryValue Id="reg_client18" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="MajorVersion" Type="integer" Value="$(var.VersionMajor)" />
+        <RegistryValue Id="reg_client19" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="MinorVersion" Type="integer" Value="$(var.VersionMinor)" />
+        <RegistryValue Id="reg_client20" Root="HKLM" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="PatchLevel" Type="integer" Value="$(var.VersionPatch)" />
+    </Component>
+
+    <Component Id="rcm_sdk" Guid="96AA90C7-8C60-4341-A15B-3DEDF29DA9F1">
+        <RegistryKey Id="reg_sdk0" Root="HKLM" Key="$(var.KfwRegRoot)\SDK" Action="createAndRemoveOnUninstall"/>
+
+        <RegistryKey Id="reg_sdk1" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_sdk3" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="VersionString" Type="string" Value="$(var.VersionString)" />
+        <RegistryValue Id="reg_sdk4" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="Title" Type="string" Value="KfW" />
+        <RegistryValue Id="reg_sdk5" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="Description" Type="string" Value="$(var.ProductFullName)" />
+        <RegistryValue Id="reg_sdk6" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="PathName" Type="string" Value="[KERBEROSDIR]" />
+        <RegistryValue Id="reg_sdk7" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="Software Type" Type="string" Value="Authentication" />
+        <RegistryValue Id="reg_sdk8" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="MajorVersion" Type="integer" Value="$(var.VersionMajor)" />
+        <RegistryValue Id="reg_sdk9" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="MinorVersion" Type="integer" Value="$(var.VersionMinor)" />
+        <RegistryValue Id="reg_sdk10" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\CurrentVersion" Name="PatchLevel" Type="integer" Value="$(var.VersionPatch)" />
+
+        <RegistryKey Id="reg_sdk11" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_sdk13" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="VersionString" Type="string" Value="$(var.VersionString)" KeyPath="yes" />
+        <RegistryValue Id="reg_sdk14" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="Title" Type="string" Value="KfW" />
+        <RegistryValue Id="reg_sdk15" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="Description" Type="string" Value="$(var.ProductFullName)" />
+        <RegistryValue Id="reg_sdk16" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="PathName" Type="string" Value="[KERBEROSDIR]" />
+        <RegistryValue Id="reg_sdk17" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="Software Type" Type="string" Value="Authentication" />
+        <RegistryValue Id="reg_sdk18" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="MajorVersion" Type="integer" Value="$(var.VersionMajor)" />
+        <RegistryValue Id="reg_sdk19" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="MinorVersion" Type="integer" Value="$(var.VersionMinor)" />
+        <RegistryValue Id="reg_sdk20" Root="HKLM" Key="$(var.KfwRegRoot)\SDK\$(var.VersionString)" Name="PatchLevel" Type="integer" Value="$(var.VersionPatch)" />
+    </Component>
+    
+    <Component Id="rcm_docs" Guid="C7EADA0F-8FF7-4e7b-9372-5553BDD5812F">
+        <RegistryKey Id="reg_docs0" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation" Action="createAndRemoveOnUninstall"/>
+
+        <RegistryKey Id="reg_docs1" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_docs3" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="VersionString" Type="string" Value="$(var.VersionString)" />
+        <RegistryValue Id="reg_docs4" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="Title" Type="string" Value="KfW" />
+        <RegistryValue Id="reg_docs5" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="Description" Type="string" Value="$(var.ProductFullName)" />
+        <RegistryValue Id="reg_docs6" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="PathName" Type="string" Value="[KERBEROSDIR]" />
+        <RegistryValue Id="reg_docs7" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="Software Type" Type="string" Value="Authentication" />
+        <RegistryValue Id="reg_docs8" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="MajorVersion" Type="integer" Value="$(var.VersionMajor)" />
+        <RegistryValue Id="reg_docs9" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="MinorVersion" Type="integer" Value="$(var.VersionMinor)" />
+        <RegistryValue Id="reg_docs10" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\CurrentVersion" Name="PatchLevel" Type="integer" Value="$(var.VersionPatch)" />
+
+        <RegistryKey Id="reg_docs11" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Action="createAndRemoveOnUninstall"/>
+        <RegistryValue Id="reg_docs13" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="VersionString" Type="string" Value="$(var.VersionString)" KeyPath="yes" />
+        <RegistryValue Id="reg_docs14" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="Title" Type="string" Value="KfW" />
+        <RegistryValue Id="reg_docs15" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="Description" Type="string" Value="$(var.ProductFullName)" />
+        <RegistryValue Id="reg_docs16" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="PathName" Type="string" Value="[KERBEROSDIR]" />
+        <RegistryValue Id="reg_docs17" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="Software Type" Type="string" Value="Authentication" />
+        <RegistryValue Id="reg_docs18" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="MajorVersion" Type="integer" Value="$(var.VersionMajor)" />
+        <RegistryValue Id="reg_docs19" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="MinorVersion" Type="integer" Value="$(var.VersionMinor)" />
+        <RegistryValue Id="reg_docs20" Root="HKLM" Key="$(var.KfwRegRoot)\Documentation\$(var.VersionString)" Name="PatchLevel" Type="integer" Value="$(var.VersionPatch)" />
+    </Component>
+
+    <!-- Shared assembly runtime for VS 2010 -->
+    <!-- Note that these cause numerous LGHT1055 and ICE82 warnings.  They are unavoidable but innocuous.  -->
+    <?ifdef CL1600?>
+      <?ifdef env.VCToolsRedistDir?>
+        <?define MM="$(env.VCToolsRedistDir)MergeModules"?>
+      <?else?>
+        <?ifdef (env.CommonProgramFiles6432)?>
+          <?define MM="$(env.CommonProgramFiles(x86)/Merge Modules"?>
+        <?else?>
+          <?define MM="$(env.CommonProgramFiles)/Merge Modules"?>
+	<?endif?>
+      <?endif?>
+      <?if $(sys.BUILDARCH) = "x64" ?>
+        <?ifndef Debug?>
+          <Merge Id="MSVCRT$(var.VCVer)MEM64" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_CRT_x64.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFC64" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFC_x64.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFL64" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFCLOC_x64.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MEM86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_CRT_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFC86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFC_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFL86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFCLOC_x86.msm"/>
+        <?else?>
+          <Merge Id="MSVCRT$(var.VCVer)MEM64" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_DebugCRT_x64.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFC64" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_DebugMFC_x64.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFL64" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFCLOC_x64.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MEM86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_DebugCRT_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFC86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_DebugMFC_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFL86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFCLOC_x86.msm"/>
+        <?endif?>
+      <?else?>
+        <?ifndef Debug?>
+          <Merge Id="MSVCRT$(var.VCVer)MEM86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_CRT_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFC86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFC_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFL86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFCLOC_x86.msm"/>
+        <?else?>
+          <Merge Id="MSVCRT$(var.VCVer)MEM86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_DebugCRT_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFC86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_DebugMFC_x86.msm"/>
+          <Merge Id="MSVCRT$(var.VCVer)MFL86" DiskId="1" Language="0" SourceFile="$(var.MM)\Microsoft_VC$(var.VCVer)_MFCLOC_x86.msm"/>
+        <?endif?>
+      <?endif?>
+    <?endif?>
+
+</Directory>
+
+<!-- Start Menu shortcut -->
+<DirectoryRef Id="dirShortcut">
+    <Component Id="SMshortcut" Guid="FBB3BCED-16B7-4C5F-AE39-425B3E62503A">
+        <Shortcut Id="sc_leash_exe" Name="MIT Kerberos Ticket Manager.lnk" Target="[KERBEROSDIR]\bin\MIT Kerberos.exe" WorkingDirectory="dirbin" Arguments="[LEASHAUTOINIT]" />
+        <RemoveFolder Id="removeFolder" On ="uninstall" />
+        <RegistryValue Root="HKCU" Key="Software\MIT\Kerberos5" Name="installedStartMenu" Type="integer" Value="1" KeyPath="yes"/>
+    </Component>
+</DirectoryRef>
+<!-- Desktop shortcut -->
+<DirectoryRef Id="DesktopFolder">
+    <Component Id="Dshortcut" Guid="B1713C3F-956D-4301-A38E-3E3EFFCF6990">
+        <Shortcut Id="sc_leash_desktop_exe" Name="MIT Kerberos Ticket Manager.lnk" Target="[KERBEROSDIR]\bin\MIT Kerberos.exe" WorkingDirectory="dirbin" Arguments="[LEASHAUTOINIT]" />
+        <RemoveFolder Id="rem_fol_desktop" On="uninstall" />
+        <RegistryValue Root="HKCU" Key="Software\MIT\Kerberos5" Name="installedDesktop" Type="integer" Value="1" KeyPath="yes" />
+    </Component>
+</DirectoryRef>
+
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/kfw.wxs b/krb5-1.21.3/src/windows/installer/wix/kfw.wxs
new file mode 100755
index 00000000..d150a61f
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/kfw.wxs
@@ -0,0 +1,283 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004,2005, 2006 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+
+<!-- configuration -->
+<?include config.wxi?>
+<?include platform.wxi?>
+
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Product 
+        Id="$(var.ProductCode)"
+        Codepage="$(var.CodePage)"
+        Language="$(var.Language)"
+        Manufacturer="!(loc.Manufacturer)"
+        Name="$(var.ProductName)"
+        UpgradeCode="$(var.UpgradeCode)"
+        Version="$(var.VersionString)">
+    
+        <!-- The weird package code results in a new one being generated each time we compile -->
+        <Package 
+            Id="????????-????-????-????-????????????"
+            Keywords="Installer,MSI,Database"
+            Description="$(var.ProductName)"
+            Comments="$(var.ProductFullName)"
+            Manufacturer="!(loc.Manufacturer)"
+            InstallerVersion="$(var.InstallerVersion)"
+            Languages="$(var.Language)"
+            Compressed="yes"
+            SummaryCodepage="$(var.CodePage)"
+            />
+        
+        <?include lang\ui_$(var.BuildLang).wxi?>
+        <?include files.wxi?>
+        <?include features.wxi?>
+        <?include property.wxi?>
+        
+        <!-- Launch conditions -->
+        <Condition Message="!(loc.AdminRequired)">Privileged</Condition>
+        <Condition Message="!(loc.OsVersionRequired)">VersionNT &gt;= 501</Condition>
+        <Condition Message="!(loc.OsXPSP3)">(Not (VersionNT = 501)) Or (ServicePackLevel &gt;= 3)</Condition>
+        <Condition Message="!(loc.OsVistaSP2)">(Not (VersionNT = 600)) Or (ServicePackLevel &gt;= 2)</Condition>
+        <Condition Message="!(loc.CMNotSelected)">USELEASH Or USENETIDMGR</Condition>
+        <Condition Message="!(loc.CMDupSelected)">Not (USELEASH And USENETIDMGR)</Condition>
+        <?if $(sys.BUILDARCH) = "x64" ?>
+            <Condition Message="!(loc.StrPlatform64)">
+                <![CDATA[VersionNT64]]>
+            </Condition>
+        <?endif?>
+
+        <!-- Custom actions -->
+        <Binary Id="binCustom" SourceFile="custom\custom.dll" />
+        
+        <CustomAction 
+            Id="EnableTgtSessionKey"
+            BinaryKey="binCustom"
+            DllEntry="EnableAllowTgtSessionKey"
+            Execute="deferred"
+            Impersonate="no"
+            Return="check" />
+        <Property Id="EnableTgtSessionKey" Value="$(var.VersionString)" />
+
+        <CustomAction 
+            Id="RevertTgtSessionKey"
+            BinaryKey="binCustom"
+            DllEntry="RevertAllowTgtSessionKey"
+            Execute="deferred"
+            Impersonate="no"
+            Return="check" />
+        <Property Id="RevertTgtSessionKey" Value="$(var.VersionString)" />
+
+        <CustomAction 
+            Id="RollbackTgtSessionKey"
+            BinaryKey="binCustom"
+            DllEntry="RevertAllowTgtSessionKey"
+            Execute="rollback"
+            Impersonate="no"
+            Return="check" />
+        <Property Id="RollbackTgtSessionKey" Value="$(var.VersionString)" />
+
+	<CustomAction 
+            Id="RemoveNsisInstallation" 
+            BinaryKey="binCustom"
+            DllEntry="UninstallNsisInstallation"
+            Execute="immediate" />
+
+	<CustomAction
+            Id="AbortCantRemoveNSIS" 
+            Value="[CantRemoveNSISError]" 
+            Property="CantRemoveNSISError" />
+
+	<CustomAction
+            Id="AbortNoIE"
+            Value="[NoIE501Error]" 
+            Property="NoIE501Error" />
+            
+        <CustomAction
+            Id="ListRunningProcesses"
+            BinaryKey="binCustom"
+            DllEntry="ListRunningProcesses"
+            Execute="immediate"
+            Return="ignore" />
+            
+        <CustomAction
+            Id="KillRunningProcesses"
+            BinaryKey="binCustom"
+            DllEntry="KillRunningProcesses"
+            Execute="immediate"
+            Return="ignore" />
+
+        <CustomAction
+          Id="InstallNetProvider"
+          BinaryKey="binCustom"
+          DllEntry="InstallNetProvider"
+          Impersonate="no"
+          Execute="deferred" />
+
+        <CustomAction
+          Id="RemoveNetProvider"
+          BinaryKey="binCustom"
+          DllEntry="UninstallNetProvider"
+          Impersonate="no"
+          Return="ignore"
+          Execute="deferred" />
+
+        <CustomAction Id="RenameKrb5Ini_Cmd"
+         Property="RenameKrb5Ini"
+         Value="&quot;cmd.exe&quot; /c rename &quot;[WindowsFolder]\krb5.ini&quot; krb5-ini-pre-kfw4"
+         Execute="immediate" />
+        <CustomAction
+         Id="RenameKrb5Ini"
+         BinaryKey="WixCA"
+         DllEntry="CAQuietExec"
+         Execute="deferred"
+         Impersonate="no"
+         Return="ignore" />
+
+        <CustomAction
+         Id="RollbackNetProvider"
+         BinaryKey="binCustom"
+         DllEntry="UninstallNetProvider"
+         Return="ignore"
+         Execute="rollback" />
+	
+	<!-- Installation Sequences -->
+	<AdminExecuteSequence />
+        <InstallExecuteSequence>
+	<Custom Action="ListRunningProcesses" Before="KillRunningProcesses" />
+	<Custom Action="KillRunningProcesses" Before="InstallValidate"/>
+	<RemoveExistingProducts After="InstallValidate">(Not Installed) And (UPGRADEPISMERE Or UPGRADEKFW Or UPGRADEKFW64)</RemoveExistingProducts>
+	<Custom Action="RenameKrb5Ini_Cmd" Before="RenameKrb5Ini"/>
+	<Custom Action="RenameKrb5Ini" Before="InstallFinalize">SYSTEMKRB5INI &lt;&gt; ""</Custom>
+	<!-- When running with a UI, CCP_Success property is not passed down to the server. -->
+	<Custom Action="AbortNoIE" Before="RemoveNsisInstallation">UILevel = 0 And (Not Installed) And (CCP_Success &lt;&gt; 1)</Custom>
+	<Custom Action="RemoveNsisInstallation" Before="AbortCantRemoveNSIS">UPGRADENSIS &lt;&gt; "" And UILevel &gt;= 4</Custom>
+	<Custom Action="AbortCantRemoveNSIS" Before="CostInitialize">UPGRADENSIS &lt;&gt; "" And UILevel &lt; 4</Custom>
+        <Custom Action="RollbackTgtSessionKey" After="WriteRegistryValues">VersionNT &gt;= 500 And &amp;feaKfwClient=3</Custom>
+        <Custom Action="EnableTgtSessionKey" After="RollbackTgtSessionKey">VersionNT &gt;= 500 And &amp;feaKfwClient=3</Custom>
+        <Custom Action="RevertTgtSessionKey" Before="RemoveRegistryValues">VersionNT &gt;= 500 And &amp;feaKfwClient=2</Custom>
+
+        <Custom Action="RollbackNetProvider" After="EnableTgtSessionKey">&amp;feaKfwClient=3</Custom>
+        <Custom Action="InstallNetProvider" After="RollbackNetProvider">&amp;feaKfwClient=3</Custom>
+        <Custom Action="RemoveNetProvider" After="InstallNetProvider">&amp;feaKfwClient=2</Custom>
+        <ScheduleReboot After="InstallFinalize" />
+        </InstallExecuteSequence>
+
+        <!-- Upgrade paths -->
+
+        <!-- MIT Project Pismere MSI -->
+        <Upgrade Id="83977767-388D-4DF8-BB08-3BF2401635BD">
+            <UpgradeVersion IgnoreRemoveFailure="no" IncludeMinimum="no" Maximum="4.0.0" MigrateFeatures="no" Property="UPGRADEPISMERE"/>
+        </Upgrade>
+        
+        <!-- KfW MSI -->
+        <Upgrade Id="61211594-AAA1-4A98-A299-757326763CC7">
+            <UpgradeVersion IgnoreRemoveFailure="no" IncludeMinimum="no" Maximum="$(var.VersionString)" IncludeMaximum="yes" MigrateFeatures="yes" Property="UPGRADEKFW" />
+        </Upgrade>
+
+        <!-- KfW 64-bit MSI -->
+        <Upgrade Id="6DA9CD86-6028-4852-8C94-452CAC229244">
+            <UpgradeVersion IgnoreRemoveFailure="no" IncludeMinimum="no" Maximum="$(var.VersionString)" IncludeMaximum="yes" MigrateFeatures="yes" Property="UPGRADEKFW64" />
+        </Upgrade>
+
+        <!-- NSIS installation -->
+        <!-- The NSIS installation, being non-MSI, is detected and removed through other means. -->
+        
+        <!-- Check and warn if we don't have the right version of IE installed -->
+        <ComplianceCheck>
+            <DirectorySearch Id="ccd_iphlpapi" Depth="1" Path="[SystemFolder]">
+                <FileSearch Id="cc_iphlp" MinDate="1999-04-23T00:00:00-05:00" Name="iphlpapi.dll" />
+            </DirectorySearch>
+        </ComplianceCheck>
+        
+        <!-- We embed all the files in a single cabinet. -->
+        <Media Id="1" Cabinet="Disk1" CompressionLevel="high" EmbedCab="yes" />
+        
+        <!-- Custom table used by KillProcesses custom action -->
+        <CustomTable Id="KillProcess">
+            <Column Id="Id" PrimaryKey="yes" Nullable="no" Type="string" Width="32" />
+            <Column Id="Image" Nullable="no" Type="string" Width="255" />
+            <Column Id="Desc" Nullable="yes" Type="string" Width="255" />
+            
+            <Row>
+                <Data Column="Id">kpLeash</Data>
+                <Data Column="Image">leash32.exe</Data>
+                <Data Column="Desc">Leash Ticket Manager</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpNetIDMgr</Data>
+                <Data Column="Image">netidmgr.exe</Data>
+                <Data Column="Desc">Network Identity Manager</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpKrbcc</Data>
+                <Data Column="Image">krbcc32s.exe</Data>
+                <Data Column="Desc">Kerberos Credential Cache</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpKrbcc64</Data>
+                <Data Column="Image">krbcc64s.exe</Data>
+                <Data Column="Desc">Kerberos Credential Cache</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpK95</Data>
+                <Data Column="Image">k95.exe</Data>
+                <Data Column="Desc">Kermit 95</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpK95g</Data>
+                <Data Column="Image">k95g.exe</Data>
+                <Data Column="Desc">Kermit 95 GUI</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpkrb5</Data>
+                <Data Column="Image">krb5.exe</Data>
+                <Data Column="Desc">Kerberos Client</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpgss</Data>
+                <Data Column="Image">gss.exe</Data>
+                <Data Column="Desc">GSSAPI Test Client</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kpafscreds</Data>
+                <Data Column="Image">afscreds.exe</Data>
+                <Data Column="Desc">AFS Credentials Manager</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kccapiserver</Data>
+                <Data Column="Image">ccapiserver.exe</Data>
+                <Data Column="Desc">Credentials Cache API Server</Data>
+            </Row>
+            <Row>
+                <Data Column="Id">kMITKerberos</Data>
+                <Data Column="Image">MIT Kerberos.exe</Data>
+                <Data Column="Desc">MIT Kerberos Ticket Manager</Data>
+            </Row>
+        </CustomTable>
+    </Product>
+</Wix>
+ 
diff --git a/krb5-1.21.3/src/windows/installer/wix/krb5.ini b/krb5-1.21.3/src/windows/installer/wix/krb5.ini
new file mode 100644
index 00000000..e69de29b
diff --git a/krb5-1.21.3/src/windows/installer/wix/lang/config_1033.wxi b/krb5-1.21.3/src/windows/installer/wix/lang/config_1033.wxi
new file mode 100644
index 00000000..3dbaaf54
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/lang/config_1033.wxi
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+<Include xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
+    
+    <?define VersionString="$(var.VersionMajor).$(var.VersionMinor).$(var.VersionPatch)"?>
+    <?if $(sys.BUILDARCH) = "x64" ?>
+        <?define BaseProductName="!(loc.ProductName64)"?>
+        <?define BaseProductNameShort="!(loc.ProductNameShort64)"?>
+    <?elseif $(sys.BUILDARCH) = "x86" ?>
+        <?define BaseProductName="!(loc.ProductName)"?>
+        <?define BaseProductNameShort="!(loc.ProductNameShort)"?>
+    <?else?>
+        <?error Unknown build type?>
+    <?endif?>
+    
+    <?ifdef var.Beta?> 
+        <?ifndef var.Debug?>
+            <?define ProductFullName="!(loc.ProductMIT) $(var.BaseProductName) $(var.VersionString) !(loc.ProductBeta) $(var.Beta) "?>
+        <?else?>
+            <?define ProductFullName="!(loc.ProductMIT) $(var.BaseProductName) $(var.VersionString) !(loc.ProductBeta) $(var.Beta) !(loc.ProductDebug)"?>
+        <?endif?>
+    <?else?>
+        <?ifdef var.Release?>
+            <?ifndef var.Debug?>
+                <?define ProductFullName="!(loc.ProductMIT) $(var.BaseProductName) $(var.VersionString)"?>
+            <?else?>
+                <?define ProductFullName="!(loc.ProductMIT) $(var.BaseProductName) $(var.VersionString) !(loc.ProductDebug)"?>
+            <?endif?>
+        <?else?>
+            <?ifndef var.Date?>
+                <?error Date string must be specified?>
+            <?endif?>
+            
+            <?ifndef var.Time?>
+                <?error Time string must be specified?>
+            <?endif?>
+            
+            <?ifndef var.Debug?>
+                <?define ProductFullName="!(loc.ProductMIT) $(var.BaseProductName) $(var.VersionString) $(var.Date) $(var.Time)"?>
+            <?else?>
+                <?define ProductFullName="!(loc.ProductMIT) $(var.BaseProductName) $(var.VersionString) $(var.Date) $(var.Time) !(loc.ProductDebug)"?>
+            <?endif?>
+        <?endif?>
+    <?endif?>
+
+    <!-- Language specific configuration (English) -->
+    <?define ProductName="$(var.ProductFullName)"?>
+    <?define CodePage="1252"?>
+    <?define Language="1033"?>
+
+    <?define ARPComments="!(loc.ARPComments) $(var.Date) $(var.Time)"?>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/lang/license.rtf b/krb5-1.21.3/src/windows/installer/wix/lang/license.rtf
new file mode 100644
index 00000000..d2d24c9e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/lang/license.rtf
@@ -0,0 +1,102 @@
+{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fmodern\fprq1\fcharset0 Courier New;}{\f1\froman\fprq2\fcharset0 Times New Roman;}}
+{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\f0\fs20 Copyright Notice and Legal Administrivia\par
+----------------------------------------\par
+\par
+Copyright (C) 1985-2012 by the Massachusetts Institute of Technology.\par
+\par
+All rights reserved.\par
+\par
+Export of this software from the United States of America may require a specific license from the United States Government.  It is the responsibility of any person or organization contemplating export to obtain such a license before exporting.\par
+\par
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and\par
+this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.  Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software. M.I.T. makes no representations about the suitability of this software for any purpose.  It is provided "as is" without express or implied warranty.\par
+\par
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.\par
+\par
+Individual source code files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft, FundsXpress, and others.\par
+\par
+Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT).  No commercial use of these trademarks may be made without prior written permission of MIT.\par
+\par
+"Commercial use" means use of a name in a product or other for-profit manner.  It does NOT prevent a commercial firm from referring to the MIT trademarks in order to convey information (although in doing so, recognition of their trademark status should be given).\par
+\par
+----\par
+\par
+The following copyright and permission notice applies to the OpenVision Kerberos Administration system located in kadmin/create, kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions of lib/rpc:\par
+\par
+Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved\par
+\par
+WARNING: Retrieving the OpenVision Kerberos Administration system source code, as described below, indicates your acceptance of the following terms.  If you do not agree to the following terms, do not retrieve the OpenVision Kerberos administration system.\par
+\par
+You may freely use and distribute the Source Code and Object Code compiled from it, with or without modification, but this Source Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED.  IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON.\par
+\par
+OpenVision retains all copyrights in the donated Source Code. OpenVision also retains copyright to derivative works of the Source Code, whether created by OpenVision or by a third party. The OpenVision copyright notice must be preserved if derivative works are made based on the donated Source Code.\par
+\par
+OpenVision Technologies, Inc. has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution.  This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community.\par
+\par
+----\par
+\par
+Portions contributed by Matt Crawford <crawdad@fnal.gov> were work performed at Fermi National Accelerator Laboratory, which is operated by Universities Research Association, Inc., under contract DE-AC02-76CHO3000 with the U.S. Department of Energy.\par
+\par
+\pard ----\f1\fs24\par
+\pard\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\f0\fs20\par
+The implementation of the Yarrow pseudo-random number generator in src/lib/crypto/yarrow has the following copyright:\par
+\par
+Copyright 2000 by Zero-Knowledge Systems, Inc.\par
+\par
+Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Zero-Knowledge Systems, Inc. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.  Zero-Knowledge Systems, Inc. makes no representations about the suitability of this software for any purpose.  It is provided "as is" without express or implied warranty.\par
+\par
+ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\par
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\par
+\par
+\pard ----\f1\fs24\par
+\pard\nowidctlpar\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\f0\fs20\par
+The implementation of the AES encryption algorithm in src/lib/crypto/aes has the following copyright:\par
+\par
+Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.\par
+All rights reserved.\par
+\par
+LICENSE TERMS\par
+\par
+The free distribution and use of this software in both source and binary form is allowed (with or without changes) provided that:\par
+\par
+1. distributions of this source code include the above copyright notice, this list of conditions and the following disclaimer;\par
+\par
+2. distributions in binary form include the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other associated materials;\par
+\par
+3. the copyright holder's name is not used to endorse products built using this software without specific written permission. \par
+\par
+DISCLAIMER\par
+\par
+This software is provided 'as is' with no explcit or implied warranties in respect of any properties, including, but not limited to, correctness and fitness for purpose.\par
+\par
+\par
+\par
+Acknowledgements\par
+----------------\par
+\par
+Appreciation Time!!!!  There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5.  This is only a partial listing....\par
+\par
+Thanks to Paul Vixie and the Internet Software Consortium for funding the work of Barry Jaspan.  This funding was invaluable for the OV administration server integration, as well as the 1.0 release preparation process.\par
+\par
+Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos.\par
+\par
+Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 tree.  Thanks especially to Jeff Bigler, for the new user and system administrator's documentation.\par
+\par
+Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability.\par
+\par
+Thanks to Ken Hornstein at NRL for providing many bug fixes and suggestions, and for working on SAM preauthentication.\par
+\par
+Thanks to Matt Crawford at FNAL for bugfixes and enhancements.\par
+\par
+Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes.\par
+\par
+Thanks to Nalin Dahyabhai of RedHat and Chris Evans for locating and providing patches for numerous buffer overruns.\par
+\par
+Thanks to Christopher Thompson and Marcus Watts for discovering the ftpd security bug.\par
+\par
+Thanks to Paul Nelson of Thursby Software Systems for implementing the Microsoft set password protocol.\par
+\par
+Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Danilo Almeida, Jeffrey Altman, Jay Berkenbilt, Richard Basch, Mitch Berger, John Carr, Don Davis, Alexandra Ellwood, Nancy Gilman, Matt Hancher, Sam Hartman, Paul Hill, Marc Horowitz, Eva Jacobus, Miroslav Jurisic, Barry Jaspan, Geoffrey King, John Kohl, Peter Litwack, Scott McGuire, Kevin Mitchell, Cliff Neuman, Paul Park, Ezra Peisach, Chris Provenzano, Ken Raeburn, Jon Rochlis, Jeff Schiller, Jen Selby, Brad Thompson, Harry Tsai, Ted Ts'o, Marshall Vale, Tom Yu.\par
+\pard\nowidctlpar\f1\fs24\par
+}
+
\ No newline at end of file
diff --git a/krb5-1.21.3/src/windows/installer/wix/lang/strings_1033.wxl b/krb5-1.21.3/src/windows/installer/wix/lang/strings_1033.wxl
new file mode 100644
index 00000000..7207e9a8
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/lang/strings_1033.wxl
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<WixLocalization Culture="en-US" xmlns="http://schemas.microsoft.com/wix/2006/localization">
+<!--
+
+  Copyright (C) 2004 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+    <String Id="ProductName64">Kerberos for Windows (64-bit)</String>
+    <String Id="ProductNameShort64">KFW64</String>
+    <String Id="ProductName">Kerberos for Windows (32-bit)</String>
+    <String Id="ProductNameShort">KFW32</String>
+    <String Id="ProductMIT">MIT</String>
+    <String Id="ProductDebug">Debug/Checked</String>
+    <String Id="ProductBeta">Beta</String>
+    
+    <String Id="Manufacturer">Massachusetts Institute of Technology</String>
+    
+    <String Id="KerberosTitle">Kerberos for Windows</String>
+    <String Id="KerberosDesc">Kerberos for Windows</String>
+    
+    <String Id="KerberosClientTitle">Client</String>
+    <String Id="KerberosClientDesc">Kerberos client utilities, libraries and documentation</String>
+    
+    <String Id="StrKerberosClientDebugTitle">Debug symbols</String>
+    <String Id="StrKerberosClientDebugDesc">Debugging symbols for Kerberos for Windows components.</String>
+
+    <String Id="StrLeashExeTitle">Leash Credentials Manager</String>
+    <String Id="StrLeashExeDesc">Leash credentials manager</String>
+    
+    <String Id="KerberosSDKTitle">SDK</String>
+    <String Id="KerberosSDKDesc">Libraries and header files for developing software with Kerberos</String>
+    
+    <String Id="KerberosDocTitle">Documentation</String>
+    <String Id="KerberosDocDesc">Documentation</String>
+    
+    <String Id="AdminRequired">You need administrative privileges to install Kerberos for Windows</String>
+    <String Id="OsVersionRequired">This product requires Windows XP or Higher.  The current operating system is not supported.</String>
+    <String Id="OsXPSP3">This product requires Windows XP Service Pack 3</String>
+    <String Id="OsVistaSP2">This product requires Windows Vista Service Pack 2</String>
+    <String Id="CMNotSelected">Neither Leash nor Network Identity Manager has been selected for this package.  Please contact your administrator or the provider of this installation package to resolve this issue.</String>
+    <String Id="CMDupSelected">Both Leash and Network Identity Manager has been selected for this package.  Only one of these can be selected at one time.  Please contact your administrator or the provider of this installation package to resolve this issue.</String>
+
+    <String Id="CantRemoveNSIS">The NSIS based installation of Kerberos for Windows could not be uninstalled because the NSIS uninstaller must be run in Full UI mode.</String>
+    <String Id="IE501Required">Kerberos for Windows requires Microsoft Internet Explorer version 5.01 or higher.  Please resolve this and run the installer again.</String>
+
+    <String Id="ARPComments">Build of</String>
+
+    <String Id="StrPlatform64">This build of Kerberos for Windows is for 64-bit Windows versions.  Please install the 32-bit version on this operating system.</String>
+    <String Id="StrPlatformNot64">This build of Kerberos for Windows is for 32-bit Windows versions.  Please install the 64-bit version on this operating system.</String>
+</WixLocalization>
diff --git a/krb5-1.21.3/src/windows/installer/wix/lang/ui_1033.wxi b/krb5-1.21.3/src/windows/installer/wix/lang/ui_1033.wxi
new file mode 100644
index 00000000..cc98b51e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/lang/ui_1033.wxi
@@ -0,0 +1,1240 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004,2005, 2006 by the Massachusetts Institute of Technology.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+<Include xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
+    <UI>
+      <Dialog Id="AdminWelcomeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Property="InstallMode" Value="Server Image">1</Publish>
+          <Publish Event="NewDialog" Value="AdminInstallPointDlg">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="135" Y="70" Width="220" Height="30" Transparent="yes" NoPrefix="yes">
+          <Text>The [Wizard] will create a server image of [ProductName], at a specified network location.  Click Next to continue or Cancel to exit the [Wizard].</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="60" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}Welcome to the [ProductName] [Wizard]</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="ExitDialog" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Finish" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Finish]">
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Cancel]" />
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="135" Y="110" Width="220" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Click the Finish button to exit the [Wizard].</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="100" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}Completing the [ProductName] [Wizard]</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="FatalError" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Finish" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Finish]">
+          <Publish Event="EndDialog" Value="Exit">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Cancel]" />
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="100" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}[ProductName] [Wizard] ended prematurely</Text>
+        </Control>
+        <Control Id="Description1" Type="Text" X="135" Y="110" Width="220" Height="40" Transparent="yes" NoPrefix="yes">
+          <Text>[ProductName] setup ended prematurely because of an error.  Your system has not been modified.  To install this program at a later time, please run the installation again.</Text>
+        </Control>
+        <Control Id="Description2" Type="Text" X="135" Y="155" Width="220" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Click the Finish button to exit the [Wizard].</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="PrepareDlg" Width="370" Height="270" Title="[ProductName] [Setup]" Modeless="yes">
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="135" Y="110" Width="220" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Please wait while the [Wizard] prepares to guide you through the installation.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="100" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}Welcome to the [ProductName] [Wizard]</Text>
+        </Control>
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" TabSkip="yes" Text="[ButtonText_Back]" />
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Disabled="yes" TabSkip="yes" Text="[ButtonText_Next]" />
+        <Control Id="ActionData" Type="Text" X="135" Y="125" Width="220" Height="30" Transparent="yes" NoPrefix="yes">
+          <Subscribe Event="ActionData" Attribute="Text" />
+        </Control>
+        <Control Id="ActionText" Type="Text" X="135" Y="100" Width="220" Height="20" Transparent="yes" NoPrefix="yes">
+          <Subscribe Event="ActionText" Attribute="Text" />
+        </Control>
+      </Dialog>
+      <Dialog Id="ProgressDlg" Width="370" Height="270" Title="[ProductName] [Setup]" Modeless="yes">
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Next]" />
+        <Control Id="Text" Type="Text" X="35" Y="65" Width="300" Height="20">
+          <Text>Please wait while the [Wizard] [Progress2] [ProductName].  This may take several minutes.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Title" Type="Text" X="20" Y="15" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont][Progress1] [ProductName]</Text>
+        </Control>
+        <Control Id="ActionText" Type="Text" X="70" Y="100" Width="265" Height="10">
+          <Subscribe Event="ActionText" Attribute="Text" />
+        </Control>
+        <Control Id="ProgressBar" Type="ProgressBar" X="35" Y="115" Width="300" Height="10" ProgressBlocks="yes" Text="Progress done">
+          <Subscribe Event="SetProgress" Attribute="Progress" />
+        </Control>
+        <Control Id="StatusLabel" Type="Text" X="35" Y="100" Width="35" Height="10" Text="Status:" />
+      </Dialog>
+      <Dialog Id="UserExit" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Finish" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Finish]">
+          <Publish Event="EndDialog" Value="Exit">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Cancel]" />
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="100" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}[ProductName] [Wizard] was interrupted</Text>
+        </Control>
+        <Control Id="Description1" Type="Text" X="135" Y="110" Width="220" Height="40" Transparent="yes" NoPrefix="yes">
+          <Text>[ProductName] setup was interrupted.  Your system has not been modified.  To install this program at a later time, please run the installation again.</Text>
+        </Control>
+        <Control Id="Description2" Type="Text" X="135" Y="155" Width="220" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Click the Finish button to exit the [Wizard].</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="AdminBrowseDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="PathEdit" Type="PathEdit" X="84" Y="202" Width="261" Height="17" Property="TARGETDIR" />
+        <Control Id="OK" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_OK]">
+          <Publish Event="SetTargetPath" Value="TARGETDIR">1</Publish>
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="240" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="Reset" Value="0">1</Publish>
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="ComboLabel" Type="Text" X="25" Y="58" Width="44" Height="10" TabSkip="no" Text="&amp;Look in:" />
+        <Control Id="DirectoryCombo" Type="DirectoryCombo" X="70" Y="55" Width="220" Height="80" Property="TARGETDIR" Removable="yes" Fixed="yes" Remote="yes">
+          <Subscribe Event="IgnoreChange" Attribute="IgnoreChange" />
+        </Control>
+        <Control Id="Up" Type="PushButton" X="298" Y="55" Width="19" Height="19" ToolTip="Up One Level" Icon="yes" FixedSize="yes" IconSize="16" Text="Up">
+          <Publish Event="DirectoryListUp" Value="0">1</Publish>
+        </Control>
+        <Control Id="NewFolder" Type="PushButton" X="325" Y="55" Width="19" Height="19" ToolTip="Create A New Folder" Icon="yes" FixedSize="yes" IconSize="16" Text="New">
+          <Publish Event="DirectoryListNew" Value="0">1</Publish>
+        </Control>
+        <Control Id="DirectoryList" Type="DirectoryList" X="25" Y="83" Width="320" Height="110" Property="TARGETDIR" Sunken="yes" TabSkip="no" />
+        <Control Id="PathLabel" Type="Text" X="25" Y="205" Width="59" Height="10" TabSkip="no" Text="&amp;Folder name:" />
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Browse to the destination folder</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Change current destination folder</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="AdminInstallPointDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Text" Type="Text" X="25" Y="80" Width="320" Height="10" TabSkip="no">
+          <Text>&amp;Enter a new network location or click Browse to browse to one.</Text>
+        </Control>
+        <Control Id="PathEdit" Type="PathEdit" X="25" Y="93" Width="320" Height="18" Property="TARGETDIR" />
+        <Control Id="Browse" Type="PushButton" X="289" Y="119" Width="56" Height="17" Text="[ButtonText_Browse]">
+          <Publish Event="SpawnDialog" Value="AdminBrowseDlg">1</Publish>
+        </Control>
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="AdminWelcomeDlg">1</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="SetTargetPath" Value="TARGETDIR">1</Publish>
+          <Publish Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="20" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Please specify a network location for the server image of [ProductName] product</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Network Location</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="BrowseDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="PathEdit" Type="PathEdit" X="84" Y="202" Width="261" Height="18" Property="_BrowseProperty" Indirect="yes" />
+        <Control Id="OK" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_OK]">
+          <Publish Event="SetTargetPath" Value="[_BrowseProperty]">1</Publish>
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="240" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="Reset" Value="0">1</Publish>
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="ComboLabel" Type="Text" X="25" Y="58" Width="44" Height="10" TabSkip="no" Text="&amp;Look in:" />
+        <Control Id="DirectoryCombo" Type="DirectoryCombo" X="70" Y="55" Width="220" Height="80" Property="_BrowseProperty" Indirect="yes" Fixed="yes" Remote="yes">
+          <Subscribe Event="IgnoreChange" Attribute="IgnoreChange" />
+        </Control>
+        <Control Id="Up" Type="PushButton" X="298" Y="55" Width="19" Height="19" ToolTip="Up One Level" Icon="yes" FixedSize="yes" IconSize="16" Text="Up">
+          <Publish Event="DirectoryListUp" Value="0">1</Publish>
+        </Control>
+        <Control Id="NewFolder" Type="PushButton" X="325" Y="55" Width="19" Height="19" ToolTip="Create A New Folder" Icon="yes" FixedSize="yes" IconSize="16" Text="New">
+          <Publish Event="DirectoryListNew" Value="0">1</Publish>
+        </Control>
+        <Control Id="DirectoryList" Type="DirectoryList" X="25" Y="83" Width="320" Height="110" Property="_BrowseProperty" Sunken="yes" Indirect="yes" TabSkip="no" />
+        <Control Id="PathLabel" Type="Text" X="25" Y="205" Width="59" Height="10" TabSkip="no" Text="&amp;Folder name:" />
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Browse to the destination folder</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Change current destination folder</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="CancelDlg" Y="10" Width="260" Height="85" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="No" Type="PushButton" X="132" Y="57" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_No]">
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="Yes" Type="PushButton" X="72" Y="57" Width="56" Height="17" Text="[ButtonText_Yes]">
+          <Publish Event="EndDialog" Value="Exit">1</Publish>
+        </Control>
+        <Control Id="Text" Type="Text" X="48" Y="15" Width="194" Height="30">
+          <Text>Are you sure you want to cancel [ProductName] installation?</Text>
+        </Control>
+        <Control Id="Icon" Type="Icon" X="15" Y="15" Width="24" Height="24" ToolTip="Information icon" FixedSize="yes" IconSize="32" Text="[InfoIcon]" />
+      </Dialog>
+      <Dialog Id="CustomizeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" TrackDiskSpace="yes">
+        <Control Id="Tree" Type="SelectionTree" X="25" Y="85" Width="175" Height="95" Property="_BrowseProperty" Sunken="yes" TabSkip="no" Text="Tree of selections" />
+        <Control Id="Browse" Type="PushButton" X="304" Y="200" Width="56" Height="17" Text="[ButtonText_Browse]">
+          <Publish Event="SelectionBrowse" Value="BrowseDlg">1</Publish>
+          <Condition Action="hide">Installed</Condition>
+        </Control>
+        <Control Id="Reset" Type="PushButton" X="42" Y="243" Width="56" Height="17" Text="[ButtonText_Reset]">
+          <Publish Event="Reset" Value="0">1</Publish>
+          <Subscribe Event="SelectionNoItems" Attribute="Enabled" />
+        </Control>
+        <Control Id="DiskCost" Type="PushButton" X="111" Y="243" Width="56" Height="17">
+          <Text>Disk &amp;Usage</Text>
+          <Publish Event="SpawnDialog" Value="DiskCostDlg">1</Publish>
+          <Subscribe Event="SelectionNoItems" Attribute="Enabled" />
+        </Control>
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="MaintenanceTypeDlg">InstallMode = "Change"</Publish>
+          <Publish Event="NewDialog" Value="SetupTypeDlg">InstallMode = "Custom"</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="NewDialog" Value="VerifyReadyDlg">( &amp;feaKfwClient &lt;&gt; 3 And !feaKfwClient &lt;&gt; 3 ) And Not FoundProcesses</Publish>
+          <Publish Event="NewDialog" Value="RunningProcessDlg">( &amp;feaKfwClient &lt;&gt; 3 And !feaKfwClient &lt;&gt; 3 ) And FoundProcesses</Publish>
+          <Publish Event="NewDialog" Value="KerberosOptions">&amp;feaKfwClient = 3 Or !feaKfwClient = 3</Publish>
+          <Subscribe Event="SelectionNoItems" Attribute="Enabled" />
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="25" Y="55" Width="320" Height="20">
+          <Text>Click on the icons in the tree below to change the way features will be installed.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Select the way you want features to be installed.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Custom Setup</Text>
+        </Control>
+        <Control Id="Box" Type="GroupBox" X="210" Y="81" Width="140" Height="98" />
+        <Control Id="ItemDescription" Type="Text" X="215" Y="90" Width="131" Height="30">
+          <Text>Multiline description of the currently selected item.</Text>
+          <Subscribe Event="SelectionDescription" Attribute="Text" />
+        </Control>
+        <Control Id="ItemSize" Type="Text" X="215" Y="130" Width="131" Height="45">
+          <Text>The size of the currently selected item.</Text>
+          <Subscribe Event="SelectionSize" Attribute="Text" />
+        </Control>
+        <Control Id="Location" Type="Text" X="75" Y="200" Width="215" Height="20">
+          <Text>&lt;The selection's path&gt;</Text>
+          <Subscribe Event="SelectionPath" Attribute="Text" />
+          <Subscribe Event="SelectionPathOn" Attribute="Visible" />
+          <Condition Action="hide">Installed</Condition>
+        </Control>
+        <Control Id="LocationLabel" Type="Text" X="25" Y="200" Width="50" Height="10" Text="Location:">
+          <Subscribe Event="SelectionPathOn" Attribute="Visible" />
+          <Condition Action="hide">Installed</Condition>
+        </Control>
+      </Dialog>
+      <Dialog Id="DiskCostDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="OK" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_OK]">
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="20" Y="53" Width="330" Height="40">
+          <Text>The highlighted volumes (if any) do not have enough disk space available for the currently selected features.  You can either remove some files from the highlighted volumes, or choose to install less features onto local drive(s), or select different destination drive(s).</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="20" Y="20" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>The disk space required for the installation of the selected features.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Disk Space Requirements</Text>
+        </Control>
+        <Control Id="VolumeList" Type="VolumeCostList" X="20" Y="100" Width="330" Height="120" Sunken="yes" Fixed="yes" Remote="yes">
+          <Text>{120}{70}{70}{70}{70}</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="ErrorDlg" Y="10" Width="270" Height="105" Title="Installer Information" ErrorDialog="yes" NoMinimize="yes">
+        <Control Id="ErrorText" Type="Text" X="48" Y="15" Width="205" Height="60" TabSkip="no" Text="Information text" />
+        <Control Id="Y" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_Yes]">
+          <Publish Event="EndDialog" Value="ErrorYes">1</Publish>
+        </Control>
+        <Control Id="A" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="EndDialog" Value="ErrorAbort">1</Publish>
+        </Control>
+        <Control Id="C" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="EndDialog" Value="ErrorCancel">1</Publish>
+        </Control>
+        <Control Id="ErrorIcon" Type="Icon" X="15" Y="15" Width="24" Height="24" ToolTip="Information icon" FixedSize="yes" IconSize="32" Text="[InfoIcon]" />
+        <Control Id="I" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_Ignore]">
+          <Publish Event="EndDialog" Value="ErrorIgnore">1</Publish>
+        </Control>
+        <Control Id="N" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_No]">
+          <Publish Event="EndDialog" Value="ErrorNo">1</Publish>
+        </Control>
+        <Control Id="O" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_OK]">
+          <Publish Event="EndDialog" Value="ErrorOk">1</Publish>
+        </Control>
+        <Control Id="R" Type="PushButton" X="100" Y="80" Width="56" Height="17" TabSkip="yes" Text="[ButtonText_Retry]">
+          <Publish Event="EndDialog" Value="ErrorRetry">1</Publish>
+        </Control>
+      </Dialog>
+      <Dialog Id="FilesInUse" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" KeepModeless="yes">
+        <Control Id="Retry" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Retry]">
+          <Publish Event="EndDialog" Value="Retry">1</Publish>
+        </Control>
+        <Control Id="Ignore" Type="PushButton" X="235" Y="243" Width="56" Height="17" Text="[ButtonText_Ignore]">
+          <Publish Event="EndDialog" Value="Ignore">1</Publish>
+        </Control>
+        <Control Id="Exit" Type="PushButton" X="166" Y="243" Width="56" Height="17" Text="[ButtonText_Exit]">
+          <Publish Event="EndDialog" Value="Exit">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="20" Y="55" Width="330" Height="30">
+          <Text>The following applications are using files that need to be updated by this setup. Close these applications and then click Retry to continue the installation or Cancel to exit it.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="20" Y="23" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Some files that need to be updated are currently in use.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Files in Use</Text>
+        </Control>
+        <Control Id="List" Type="ListBox" X="20" Y="87" Width="330" Height="130" Property="FileInUseProcess" Sunken="yes" TabSkip="yes" />
+      </Dialog>
+
+      <Dialog Id="RunningProcessDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" KeepModeless="yes">
+
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="CustomizeDlg">(InstallMode = "Custom" OR InstallMode = "Change") AND &amp;feaKfwClient &lt;&gt; 3 And !feaKfwClient &lt;&gt; 3</Publish>
+          <Publish Event="NewDialog" Value="KerberosOptions">(InstallMode = "Custom" OR InstallMode = "Change") AND ( &amp;feaKfwClient = 3 Or !feaKfwClient = 3 )</Publish>
+          <Publish Event="NewDialog" Value="MaintenanceTypeDlg">InstallMode = "Repair"</Publish>
+          <Publish Event="NewDialog" Value="SetupTypeDlg">InstallMode = "Typical" OR InstallMode = "Complete"</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="NewDialog" Value="VerifyReadyDlg">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="20" Y="55" Width="330" Height="30">
+          <Text>The following applications are currently running and need to be closed in order for the installation to progress.  Please close them manually or click Next to let [Wizard] close them for you.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="20" Y="23" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Some running processes need to be closed.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Close Running Proccesses</Text>
+        </Control>
+        <Control Id="List" Type="ListBox" X="20" Y="87" Width="330" Height="130" Property="KillableProcesses" Sunken="yes" TabSkip="yes" />
+      </Dialog>
+
+
+      <Dialog Id="CCPErrorDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" KeepModeless="yes">
+
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]" Disabled="yes">
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Text="[ButtonText_Finish]">
+		  <Publish Event="EndDialog" Value="Exit">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Disabled="yes" Text="[ButtonText_Cancel]">
+        </Control>
+
+		<Control Id="ErrorText" Type="Text" X="20" Y="70" Width="280" Height="75">
+		  <Text>[ProductName] requires a newer version of iphlpapi.dll than the one that is currently installed on this computer.  This file is included in Microsoft Internet Explorer version 5.01 or later.  Please install this and re-run the [ProductName] installer.</Text>
+		</Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="20" Y="23" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>[ProgramName] requires a newer version of iphlpapi.dll</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Compliance Check Failed!</Text>
+        </Control>
+      </Dialog>
+
+      <Dialog Id="LicenseAgreementDlg" Width="370" Height="270" Title="[ProductName] License Agreement" NoMinimize="yes">
+        <Control Id="Buttons" Type="RadioButtonGroup" X="20" Y="187" Width="330" Height="40" Property="IAgree" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="WelcomeDlg">1</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="NewDialog" Value="UserRegistrationDlg">IAgree = "Yes" AND ShowUserRegistrationDlg = 1</Publish>
+          <Publish Event="SpawnWaitDialog" Value="WaitForCostingDlg">CostingComplete = 1</Publish>
+          <Publish Event="NewDialog" Value="RemovePreviousDlg">IAgree = "Yes" AND ShowUserRegistrationDlg &lt;&gt; 1 AND (UPGRADEPISMERE OR UPGRADEKFW OR UPGRADENSIS &lt;&gt; "")</Publish>
+          <Publish Event="NewDialog" Value="SetupTypeDlg">IAgree = "Yes" AND ShowUserRegistrationDlg &lt;&gt; 1 AND NOT (UPGRADEPISMERE OR UPGRADEKFW OR UPGRADENSIS &lt;&gt; "")</Publish>
+          <Condition Action="disable">IAgree &lt;&gt; "Yes"</Condition>
+          <Condition Action="enable">IAgree = "Yes"</Condition>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="AgreementText" Type="ScrollableText" X="20" Y="60" Width="330" Height="120" Sunken="yes" TabSkip="no">
+          <Text SourceFile=".\lang\license.rtf"/>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Please read the following license agreement carefully</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]End-User License Agreement</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="MaintenanceTypeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="ChangeLabel" Type="Text" X="105" Y="65" Width="100" Height="10" TabSkip="no">
+          <Text>[DlgTitleFont]&amp;Modify</Text>
+        </Control>
+        <Control Id="ChangeButton" Type="PushButton" X="50" Y="65" Width="38" Height="38" ToolTip="Modify Installation" Default="yes" Icon="yes" FixedSize="yes" IconSize="32" Text="[CustomSetupIcon]">
+          <Publish Property="InstallMode" Value="Change">1</Publish>
+          <Publish Property="Progress1" Value="Changing">1</Publish>
+          <Publish Property="Progress2" Value="changes">1</Publish>
+          <Publish Event="NewDialog" Value="CustomizeDlg">1</Publish>
+        </Control>
+        <Control Id="RepairLabel" Type="Text" X="105" Y="114" Width="100" Height="10" TabSkip="no">
+          <Text>[DlgTitleFont]Re&amp;pair</Text>
+        </Control>
+        <Control Id="RepairButton" Type="PushButton" X="50" Y="114" Width="38" Height="38" ToolTip="Repair Installation" Icon="yes" FixedSize="yes" IconSize="32" Text="[RepairIcon]">
+          <Publish Property="InstallMode" Value="Repair">1</Publish>
+          <Publish Property="Progress1" Value="Repairing">1</Publish>
+          <Publish Property="Progress2" Value="repaires">1</Publish>
+          <Publish Event="NewDialog" Value="VerifyRepairDlg">1</Publish>
+        </Control>
+        <Control Id="RemoveLabel" Type="Text" X="105" Y="163" Width="100" Height="10" TabSkip="no">
+          <Text>[DlgTitleFont]&amp;Remove</Text>
+        </Control>
+        <Control Id="RemoveButton" Type="PushButton" X="50" Y="163" Width="38" Height="38" ToolTip="Remove Installation" Icon="yes" FixedSize="yes" IconSize="32" Text="[RemoveIcon]">
+          <Publish Property="InstallMode" Value="Remove">1</Publish>
+          <Publish Property="Progress1" Value="Removing">1</Publish>
+          <Publish Property="Progress2" Value="removes">1</Publish>
+          <Publish Event="NewDialog" Value="VerifyRemoveDlg">1</Publish>
+        </Control>
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="MaintenanceWelcomeDlg">1</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Next]" />
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Select the operation you wish to perform.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="240" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Modify, Repair or Remove installation</Text>
+        </Control>
+        <Control Id="ChangeText" Type="Text" X="105" Y="78" Width="230" Height="20">
+          <Text>Allows users to change the way features are installed.</Text>
+        </Control>
+        <Control Id="RemoveText" Type="Text" X="105" Y="176" Width="230" Height="20">
+          <Text>Removes [ProductName] from your computer.</Text>
+        </Control>
+        <Control Id="RepairText" Type="Text" X="105" Y="127" Width="230" Height="30">
+          <Text>Repairs errors in the most recent installation state - fixes missing or corrupt files, shortcuts and registry entries.</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="MaintenanceWelcomeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="SpawnWaitDialog" Value="WaitForCostingDlg">CostingComplete = 1</Publish>
+          <Publish Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="135" Y="70" Width="220" Height="60" Transparent="yes" NoPrefix="yes">
+          <Text>The [Wizard] will allow you to change the way [ProductName] features are installed on your computer or even to remove [ProductName] from your computer.  Click Next to continue or Cancel to exit the [Wizard].</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="60" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}Welcome to the [ProductName] [Wizard]</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="OutOfDiskDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="OK" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_OK]">
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="20" Y="53" Width="330" Height="40">
+          <Text>The highlighted volumes do not have enough disk space available for the currently selected features.  You can either remove some files from the highlighted volumes, or choose to install less features onto local drive(s), or select different destination drive(s).</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="20" Y="20" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Disk space required for the installation exceeds available disk space.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Out of Disk Space</Text>
+        </Control>
+        <Control Id="VolumeList" Type="VolumeCostList" X="20" Y="100" Width="330" Height="120" Sunken="yes" Fixed="yes" Remote="yes">
+          <Text>{120}{70}{70}{70}{70}</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="OutOfRbDiskDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="No" Type="PushButton" X="304" Y="243" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_No]">
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="Yes" Type="PushButton" X="240" Y="243" Width="56" Height="17" Text="[ButtonText_Yes]">
+          <Publish Event="EnableRollback" Value="False">1</Publish>
+          <Publish Event="EndDialog" Value="Return">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="20" Y="53" Width="330" Height="40">
+          <Text>The highlighted volumes do not have enough disk space available for the currently selected features.  You can either remove some files from the highlighted volumes, or choose to install less features onto local drive(s), or select different destination drive(s).</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="20" Y="20" Width="280" Height="20" Transparent="yes" NoPrefix="yes">
+          <Text>Disk space required for the installation exceeds available disk space.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Out of Disk Space</Text>
+        </Control>
+        <Control Id="VolumeList" Type="VolumeCostList" X="20" Y="140" Width="330" Height="80" Sunken="yes" Fixed="yes" Remote="yes" ShowRollbackCost="yes">
+          <Text>{120}{70}{70}{70}{70}</Text>
+        </Control>
+        <Control Id="Text2" Type="Text" X="20" Y="94" Width="330" Height="40">
+          <Text>Alternatively, you may choose to disable the installer's rollback functionality.  This allows the installer to restore your computer's original state should the installation be interrupted in any way.  Click Yes if you wish to take the risk to disable rollback.</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="RemovePreviousDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Confirm" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="Confirm">
+          <Publish Event="NewDialog" Value="SetupTypeDlg">1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" FixedSize="yes" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="LicenseAgreementDlg">ShowUserRegistrationDlg &lt;&gt; 1</Publish>
+          <Publish Event="NewDialog" Value="UserRegistrationDlg">ShowUserRegistrationDlg = 1</Publish>
+        </Control>
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Other versions of [ProductName] need to be removed.</Text>
+        </Control>
+        <Control Id="Text" Type="Text" X="25" Y="70" Width="320" Height="45">
+          <Text>Click Confirm to uninstall the following version of Kerberos for Windows installed on this computer.  Installation of [ProductName] cannot continue unless this program is removed.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Uninstall previous versions</Text>
+        </Control>
+        <Control Id="RemoveIcon" Type="Icon" X="25" Y="130" Width="32" Height="32" IconSize="32" Text="[RemoveIcon]" />
+        <Control Id="RemoveProductPismere" Type="Text" X="60" Y="146" Width="200" Height="15" Hidden="yes" Transparent="yes" NoPrefix="yes">
+          <Text>MIT Project Pismere Kerberos for Windows : Product code [UPGRADEPISMERE]</Text>
+          <Condition Action="show">UPGRADEPISMERE</Condition>
+        </Control>
+        <Control Id="RemoveProductKfw" Type="Text" X="60" Y="146" Width="200" Height="15" Hidden="yes" Transparent="yes" NoPrefix="yes">
+          <Text>MIT Kerberos for Windows : Product code [UPGRADEKFW]</Text>
+          <Condition Action="show">UPGRADEKFW</Condition>
+        </Control>
+        <Control Id="RemoveProductKfwNSIS" Type="Text" X="60" Y="146" Width="200" Height="15" Hidden="yes" Transparent="yes" NoPrefix="yes">
+          <Text>MIT Kerberos for Windows (NSIS installer): [NSISVERSION]</Text>
+          <Condition Action="show">UPGRADENSIS &lt;&gt; ""</Condition>
+        </Control>
+      </Dialog>
+      <Dialog Id="ResumeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Install" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Install]">
+          <Publish Event="SpawnWaitDialog" Value="WaitForCostingDlg">CostingComplete = 1</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfRbDiskDlg">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND (PROMPTROLLBACKCOST="P" OR NOT PROMPTROLLBACKCOST)</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="EnableRollback" Value="False">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfDiskDlg">(OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 1) OR (OutOfDiskSpace = 1 AND PROMPTROLLBACKCOST="F")</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="135" Y="70" Width="220" Height="30" Transparent="yes" NoPrefix="yes">
+          <Text>The [Wizard] will complete the installation of [ProductName] on your computer.  Click Install to continue or Cancel to exit the [Wizard].</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="60" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}Resuming the [ProductName] [Wizard]</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="SetupTypeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="TypicalLabel" Type="Text" X="105" Y="65" Width="100" Height="10" TabSkip="no">
+          <Text>[DlgTitleFont]&amp;Typical</Text>
+        </Control>
+        <Control Id="TypicalButton" Type="PushButton" X="50" Y="65" Width="38" Height="38" ToolTip="Typical Installation" Default="yes" Icon="yes" FixedSize="yes" IconSize="32" Text="[InstallerIcon]">
+          <Publish Property="InstallMode" Value="Typical">1</Publish>
+          <Publish Event="SetInstallLevel" Value="50">1</Publish>
+          <Publish Event="NewDialog" Value="VerifyReadyDlg">Not FoundProcesses</Publish>
+          <Publish Event="NewDialog" Value="RunningProcessDlg">FoundProcesses</Publish>
+        </Control>
+        <Control Id="CustomLabel" Type="Text" X="105" Y="118" Width="100" Height="10" TabSkip="no">
+          <Text>[DlgTitleFont]C&amp;ustom</Text>
+        </Control>
+        <Control Id="CustomButton" Type="PushButton" X="50" Y="118" Width="38" Height="38" ToolTip="Custom Installation" Icon="yes" FixedSize="yes" IconSize="32" Text="[CustomSetupIcon]">
+          <Publish Property="InstallMode" Value="Custom">1</Publish>
+          <Publish Event="NewDialog" Value="CustomizeDlg">1</Publish>
+        </Control>
+        <Control Id="CompleteLabel" Type="Text" X="105" Y="171" Width="100" Height="10" TabSkip="no">
+          <Text>[DlgTitleFont]C&amp;omplete</Text>
+        </Control>
+        <Control Id="CompleteButton" Type="PushButton" X="50" Y="171" Width="38" Height="38" ToolTip="Complete Installation" Icon="yes" FixedSize="yes" IconSize="32" Text="[CompleteSetupIcon]">
+          <Publish Property="InstallMode" Value="Complete">1</Publish>
+          <Publish Event="SetInstallLevel" Value="1000">1</Publish>
+          <Publish Event="NewDialog" Value="VerifyReadyDlg">Not FoundProcesses</Publish>
+          <Publish Event="NewDialog" Value="RunningProcessDlg">FoundProcesses</Publish>
+        </Control>
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="LicenseAgreementDlg">ShowUserRegistrationDlg &lt;&gt; 1 AND NOT (UPGRADEPISMERE OR UPGRADEKFW)</Publish>
+          <Publish Event="NewDialog" Value="UserRegistrationDlg">ShowUserRegistrationDlg = 1 AND NOT (UPGRADEPISMERE OR UPGRADEKFW)</Publish>
+          <Publish Event="NewDialog" Value="RemovePreviousDlg">UPGRADEPISMERE OR UPGRADEKFW OR UPGRADENSIS &lt;&gt; ""</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Next]" />
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Choose the setup type that best suits your needs</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Choose Setup Type</Text>
+        </Control>
+        <Control Id="CompleteText" Type="Text" X="105" Y="184" Width="230" Height="20">
+          <Text>All program features will be installed.  (Requires most disk space)</Text>
+        </Control>
+        <Control Id="CustomText" Type="Text" X="105" Y="131" Width="230" Height="30">
+          <Text>Allows users to choose which program features will be installed and where they will be installed. Recommended for advanced users.</Text>
+        </Control>
+        <Control Id="TypicalText" Type="Text" X="105" Y="78" Width="230" Height="20">
+          <Text>Installs the most common program features. Recommended for most users.</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="UserRegistrationDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="NameLabel" Type="Text" X="45" Y="73" Width="100" Height="15" TabSkip="no" Text="&amp;User Name:" />
+        <Control Id="NameEdit" Type="Edit" X="45" Y="85" Width="220" Height="18" Property="USERNAME" Text="{80}" />
+        <Control Id="OrganizationLabel" Type="Text" X="45" Y="110" Width="100" Height="15" TabSkip="no" Text="&amp;Organization:" />
+        <Control Id="OrganizationEdit" Type="Edit" X="45" Y="122" Width="220" Height="18" Property="COMPANYNAME" Text="{80}" />
+        <Control Id="CDKeyLabel" Type="Text" X="45" Y="147" Width="50" Height="10" TabSkip="no">
+          <Text>CD &amp;Key:</Text>
+        </Control>
+        <Control Id="CDKeyEdit" Type="MaskedEdit" X="45" Y="159" Width="250" Height="16" Property="PIDKEY" Text="[PIDTemplate]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="LicenseAgreementDlg">1</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="ValidateProductID" Value="0">0</Publish>
+          <Publish Event="SpawnWaitDialog" Value="WaitForCostingDlg">CostingComplete = 1</Publish>
+          <Publish Event="NewDialog" Value="SetupTypeDlg">ProductID</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>Please enter your customer information</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Customer Information</Text>
+        </Control>
+      </Dialog>
+
+      <Dialog Id="KerberosOptions" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+
+		<Control Id="txtLeash" Type="Text" X="25" Y="55" Width="280" Height="30">
+			<Text>MIT Kerberos may be installed with the following optional functionality.  Please check those items that you wish to activate.</Text>
+		</Control>
+
+        <Control Id="koAutoStartText" Type="CheckBox" X="25" Y="95" Width="280" Height="30" CheckBoxValue="1" Property="LEASHAUTOSTART" >
+			<Text>Autostart MIT Kerberos each time you login to Windows</Text>
+        </Control>
+        
+        <Control Id="koAutoInitText" Type="CheckBox" X="25" Y="130" Width="280" Height="30" CheckBoxValue="-autoinit" Property="LEASHAUTOINIT" >
+			<Text>Get tickets (if there are no existing tickets) when MIT Kerberos is started</Text>
+        </Control>
+
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="CustomizeDlg">1</Publish>
+        </Control>
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="NewDialog" Value="VerifyReadyDlg">Not FoundProcesses</Publish>
+          <Publish Event="NewDialog" Value="RunningProcessDlg">FoundProcesses</Publish>
+          <Publish Event="AddLocal" Value="feaKfwLeashStartup">LEASHAUTOSTART = 1</Publish>
+          <Publish Event="Remove" Value="feaKfwLeashStartup">LEASHAUTOSTART &lt;&gt; 1</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>MIT Kerberos startup options</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Kerberos Options</Text>
+        </Control>
+      </Dialog>
+
+      <Dialog Id="VerifyReadyDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" TrackDiskSpace="yes">
+        <Control Id="Install" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Install]">
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfRbDiskDlg">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND (PROMPTROLLBACKCOST="P" OR NOT PROMPTROLLBACKCOST)</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="EnableRollback" Value="False">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfDiskDlg">(OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 1) OR (OutOfDiskSpace = 1 AND PROMPTROLLBACKCOST="F")</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="AdminInstallPointDlg">InstallMode = "Server Image"</Publish>
+          <Publish Event="NewDialog" Value="CustomizeDlg">(InstallMode = "Custom" OR InstallMode = "Change") AND &amp;feaKfwClient &lt;&gt; 3 And !feaKfwClient &lt;&gt; 3</Publish>
+          <Publish Event="NewDialog" Value="KerberosOptions">(InstallMode = "Custom" OR InstallMode = "Change") AND ( &amp;feaKfwClient = 3 Or !feaKfwClient = 3 )</Publish>
+          <Publish Event="NewDialog" Value="MaintenanceTypeDlg">InstallMode = "Repair"</Publish>
+          <Publish Event="NewDialog" Value="SetupTypeDlg">InstallMode = "Typical" OR InstallMode = "Complete"</Publish>
+        </Control>
+        <Control Id="Text" Type="Text" X="25" Y="70" Width="320" Height="20">
+          <Text>Click Install to begin the installation.  If you want to review or change any of your installation settings, click Back.  Click Cancel to exit the wizard.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>The [Wizard] is ready to begin the [InstallMode] installation</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Ready to Install</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="VerifyRemoveDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" TrackDiskSpace="yes">
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
+        </Control>
+        <Control Id="Remove" Type="PushButton" X="236" Y="243" Width="56" Height="17" Text="[ButtonText_Remove]">
+          <Publish Event="Remove" Value="All">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfRbDiskDlg">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND (PROMPTROLLBACKCOST="P" OR NOT PROMPTROLLBACKCOST)</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="EnableRollback" Value="False">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfDiskDlg">(OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 1) OR (OutOfDiskSpace = 1 AND PROMPTROLLBACKCOST="F")</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Text" Type="Text" X="25" Y="70" Width="320" Height="30">
+          <Text>Click Remove to remove [ProductName] from your computer.  If you want to review or change any of your installation settings, click Back.  Click Cancel to exit the wizard.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>You have chosen to remove the program from your computer.</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Remove Kerberos for Windows</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="VerifyRepairDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes" TrackDiskSpace="yes">
+        <Control Id="Repair" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Repair]">
+          <Publish Event="ReinstallMode" Value="ecmus">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="Reinstall" Value="All">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace &lt;&gt; 1</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfRbDiskDlg">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND (PROMPTROLLBACKCOST="P" OR NOT PROMPTROLLBACKCOST)</Publish>
+          <Publish Event="EndDialog" Value="Return">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="EnableRollback" Value="False">OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 0 AND PROMPTROLLBACKCOST="D"</Publish>
+          <Publish Event="SpawnDialog" Value="OutOfDiskDlg">(OutOfDiskSpace = 1 AND OutOfNoRbDiskSpace = 1) OR (OutOfDiskSpace = 1 AND PROMPTROLLBACKCOST="F")</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="374" Height="44" TabSkip="no" Text="[BannerBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="[ButtonText_Back]">
+          <Publish Event="NewDialog" Value="MaintenanceTypeDlg">1</Publish>
+        </Control>
+        <Control Id="Text" Type="Text" X="25" Y="70" Width="320" Height="30">
+          <Text>Click Repair to repair the installation of [ProductName].  If you want to review or change any of your installation settings, click Back.  Click Cancel to exit the wizard.</Text>
+        </Control>
+        <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="374" Height="0" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="25" Y="23" Width="280" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>The [Wizard] is ready to begin the repair of [ProductName].</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes">
+          <Text>[DlgTitleFont]Repair Kerberos for Windows</Text>
+        </Control>
+      </Dialog>
+      <Dialog Id="WaitForCostingDlg" Y="10" Width="260" Height="85" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Return" Type="PushButton" X="102" Y="57" Width="56" Height="17" Default="yes" Cancel="yes" Text="[ButtonText_Return]">
+          <Publish Event="EndDialog" Value="Exit">1</Publish>
+        </Control>
+        <Control Id="Text" Type="Text" X="48" Y="15" Width="194" Height="30">
+          <Text>Please wait while the installer finishes determining your disk space requirements.</Text>
+        </Control>
+        <Control Id="Icon" Type="Icon" X="15" Y="15" Width="24" Height="24" ToolTip="Exclamation icon" FixedSize="yes" IconSize="32" Text="[ExclamationIcon]" />
+      </Dialog>
+      <Dialog Id="WelcomeDlg" Width="370" Height="270" Title="[ProductName] [Setup]" NoMinimize="yes">
+        <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="[ButtonText_Next]">
+          <Publish Event="NewDialog" Value="LicenseAgreementDlg">(Installed) Or (CCP_Success = 1)</Publish>
+          <Publish Event="NewDialog" Value="CCPErrorDlg">(Not Installed) And (CCP_Success &lt;&gt; 1)</Publish>
+        </Control>
+        <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="[ButtonText_Cancel]">
+          <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
+        </Control>
+        <Control Id="Bitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="234" TabSkip="no" Text="[DialogBitmap]" />
+        <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Disabled="yes" Text="[ButtonText_Back]" />
+        <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="374" Height="0" />
+        <Control Id="Description" Type="Text" X="135" Y="110" Width="220" Height="30" Transparent="yes" NoPrefix="yes">
+          <Text>The [Wizard] will install [ProductName] on your computer.  Click Next to continue or Cancel to exit the [Wizard].</Text>
+        </Control>
+        <Control Id="Title" Type="Text" X="135" Y="20" Width="220" Height="100" Transparent="yes" NoPrefix="yes">
+          <Text>{\VerdanaBold13}Welcome to the [ProductName] [Wizard]</Text>
+        </Control>
+      </Dialog>
+      <RadioButtonGroup Property="IAgree">
+        <RadioButton Text="{\DlgFont8}I &amp;accept the terms in the License Agreement" X="5" Y="0" Width="250" Height="15" Value="Yes"></RadioButton>
+        <RadioButton Text="{\DlgFont8}I &amp;do not accept the terms in the License Agreement" X="5" Y="20" Width="250" Height="15" Value="No"></RadioButton>
+      </RadioButtonGroup>
+      <TextStyle Id="DlgFont8" FaceName="Tahoma" Size="8" />
+      <TextStyle Id="DlgFontBold8" FaceName="Tahoma" Size="8" Bold="yes" />
+      <TextStyle Id="VerdanaBold13" FaceName="Verdana" Size="13" Bold="yes" />
+      <UIText Id="AbsentPath" />
+      <UIText Id="bytes">bytes</UIText>
+      <UIText Id="GB">GB</UIText>
+      <UIText Id="KB">KB</UIText>
+      <UIText Id="MB">MB</UIText>
+      <UIText Id="MenuAbsent">Entire feature will be unavailable</UIText>
+      <UIText Id="MenuAdvertise">Feature will be installed when required</UIText>
+      <UIText Id="MenuAllCD">Entire feature will be installed to run from CD</UIText>
+      <UIText Id="MenuAllLocal">Entire feature will be installed on local hard drive</UIText>
+      <UIText Id="MenuAllNetwork">Entire feature will be installed to run from network</UIText>
+      <UIText Id="MenuCD">Will be installed to run from CD</UIText>
+      <UIText Id="MenuLocal">Will be installed on local hard drive</UIText>
+      <UIText Id="MenuNetwork">Will be installed to run from network</UIText>
+      <UIText Id="ScriptInProgress">Gathering required information...</UIText>
+      <UIText Id="SelAbsentAbsent">This feature will remain uninstalled</UIText>
+      <UIText Id="SelAbsentAdvertise">This feature will be set to be installed when required</UIText>
+      <UIText Id="SelAbsentCD">This feature will be installed to run from CD</UIText>
+      <UIText Id="SelAbsentLocal">This feature will be installed on the local hard drive</UIText>
+      <UIText Id="SelAbsentNetwork">This feature will be installed to run from the network</UIText>
+      <UIText Id="SelAdvertiseAbsent">This feature will become unavailable</UIText>
+      <UIText Id="SelAdvertiseAdvertise">Will be installed when required</UIText>
+      <UIText Id="SelAdvertiseCD">This feature will be available to run from CD</UIText>
+      <UIText Id="SelAdvertiseLocal">This feature will be installed on your local hard drive</UIText>
+      <UIText Id="SelAdvertiseNetwork">This feature will be available to run from the network</UIText>
+      <UIText Id="SelCDAbsent">This feature will be uninstalled completely, you won't be able to run it from CD</UIText>
+      <UIText Id="SelCDAdvertise">This feature will change from run from CD state to set to be installed when required</UIText>
+      <UIText Id="SelCDCD">This feature will remain to be run from CD</UIText>
+      <UIText Id="SelCDLocal">This feature will change from run from CD state to be installed on the local hard drive</UIText>
+      <UIText Id="SelChildCostNeg">This feature frees up [1] on your hard drive.</UIText>
+      <UIText Id="SelChildCostPos">This feature requires [1] on your hard drive.</UIText>
+      <UIText Id="SelCostPending">Compiling cost for this feature...</UIText>
+      <UIText Id="SelLocalAbsent">This feature will be completely removed</UIText>
+      <UIText Id="SelLocalAdvertise">This feature will be removed from your local hard drive, but will be set to be installed when required</UIText>
+      <UIText Id="SelLocalCD">This feature will be removed from your local hard drive, but will be still available to run from CD</UIText>
+      <UIText Id="SelLocalLocal">This feature will remain on you local hard drive</UIText>
+      <UIText Id="SelLocalNetwork">This feature will be removed from your local hard drive, but will be still available to run from the network</UIText>
+      <UIText Id="SelNetworkAbsent">This feature will be uninstalled completely, you won't be able to run it from the network</UIText>
+      <UIText Id="SelNetworkAdvertise">This feature will change from run from network state to set to be installed when required</UIText>
+      <UIText Id="SelNetworkLocal">This feature will change from run from network state to be installed on the local hard drive</UIText>
+      <UIText Id="SelNetworkNetwork">This feature will remain to be run from the network</UIText>
+      <UIText Id="SelParentCostNegNeg">This feature frees up [1] on your hard drive. It has [2] of [3] subfeatures selected. The subfeatures free up [4] on your hard drive.</UIText>
+      <UIText Id="SelParentCostNegPos">This feature frees up [1] on your hard drive. It has [2] of [3] subfeatures selected. The subfeatures require [4] on your hard drive.</UIText>
+      <UIText Id="SelParentCostPosNeg">This feature requires [1] on your hard drive. It has [2] of [3] subfeatures selected. The subfeatures free up [4] on your hard drive.</UIText>
+      <UIText Id="SelParentCostPosPos">This feature requires [1] on your hard drive. It has [2] of [3] subfeatures selected. The subfeatures require [4] on your hard drive.</UIText>
+      <UIText Id="TimeRemaining">Time remaining: {[1] minutes }{[2] seconds}</UIText>
+      <UIText Id="VolumeCostAvailable">Available</UIText>
+      <UIText Id="VolumeCostDifference">Difference</UIText>
+      <UIText Id="VolumeCostRequired">Required</UIText>
+      <UIText Id="VolumeCostSize">Disk Size</UIText>
+      <UIText Id="VolumeCostVolume">Volume</UIText>
+      <ProgressText Action="InstallValidate">Validating install</ProgressText>
+      <ProgressText Action="InstallFiles" Template="File: [1],  Directory: [9],  Size: [6]">Copying new files</ProgressText>
+      <ProgressText Action="InstallAdminPackage" Template="File: [1], Directory: [9], Size: [6]">Copying network install files</ProgressText>
+      <ProgressText Action="FileCost">Computing space requirements</ProgressText>
+      <ProgressText Action="CostInitialize">Computing space requirements</ProgressText>
+      <ProgressText Action="CostFinalize">Computing space requirements</ProgressText>
+      <ProgressText Action="CreateShortcuts" Template="Shortcut: [1]">Creating shortcuts</ProgressText>
+      <ProgressText Action="PublishComponents" Template="Component ID: [1], Qualifier: [2]">Publishing Qualified Components</ProgressText>
+      <ProgressText Action="PublishFeatures" Template="Feature: [1]">Publishing Product Features</ProgressText>
+      <ProgressText Action="PublishProduct">Publishing product information</ProgressText>
+      <ProgressText Action="RegisterClassInfo" Template="Class Id: [1]">Registering Class servers</ProgressText>
+      <ProgressText Action="RegisterExtensionInfo" Template="Extension: [1]">Registering extension servers</ProgressText>
+      <ProgressText Action="RegisterMIMEInfo" Template="MIME Content Type: [1], Extension: [2]">Registering MIME info</ProgressText>
+      <ProgressText Action="RegisterProgIdInfo" Template="ProgId: [1]">Registering program identifiers</ProgressText>
+      <ProgressText Action="AllocateRegistrySpace" Template="Free space: [1]">Allocating registry space</ProgressText>
+      <ProgressText Action="AppSearch" Template="Property: [1], Signature: [2]">Searching for installed applications</ProgressText>
+      <ProgressText Action="BindImage" Template="File: [1]">Binding executables</ProgressText>
+      <ProgressText Action="CCPSearch">Searching for qualifying products</ProgressText>
+      <ProgressText Action="CreateFolders" Template="Folder: [1]">Creating folders</ProgressText>
+      <ProgressText Action="DeleteServices" Template="Service: [1]">Deleting services</ProgressText>
+      <ProgressText Action="DuplicateFiles" Template="File: [1],  Directory: [9],  Size: [6]">Creating duplicate files</ProgressText>
+      <ProgressText Action="FindRelatedProducts" Template="Found application: [1]">Searching for related applications</ProgressText>
+      <ProgressText Action="InstallODBC">Installing ODBC components</ProgressText>
+      <ProgressText Action="InstallServices" Template="Service: [2]">Installing new services</ProgressText>
+      <ProgressText Action="LaunchConditions">Evaluating launch conditions</ProgressText>
+      <ProgressText Action="MigrateFeatureStates" Template="Application: [1]">Migrating feature states from related applications</ProgressText>
+      <ProgressText Action="MoveFiles" Template="File: [1],  Directory: [9],  Size: [6]">Moving files</ProgressText>
+      <ProgressText Action="PatchFiles" Template="File: [1],  Directory: [2],  Size: [3]">Patching files</ProgressText>
+      <ProgressText Action="ProcessComponents">Updating component registration</ProgressText>
+      <ProgressText Action="RegisterComPlus" Template="AppId: [1]{{, AppType: [2], Users: [3], RSN: [4]}}">Registering COM+ Applications and Components</ProgressText>
+      <ProgressText Action="RegisterFonts" Template="Font: [1]">Registering fonts</ProgressText>
+      <ProgressText Action="RegisterProduct" Template="[1]">Registering product</ProgressText>
+      <ProgressText Action="RegisterTypeLibraries" Template="LibID: [1]">Registering type libraries</ProgressText>
+      <ProgressText Action="RegisterUser" Template="[1]">Registering user</ProgressText>
+      <ProgressText Action="RemoveDuplicateFiles" Template="File: [1], Directory: [9]">Removing duplicated files</ProgressText>
+      <ProgressText Action="RemoveEnvironmentStrings" Template="Name: [1], Value: [2], Action [3]">Updating environment strings</ProgressText>
+      <ProgressText Action="RemoveExistingProducts" Template="Application: [1], Command line: [2]">Removing applications</ProgressText>
+      <ProgressText Action="RemoveFiles" Template="File: [1], Directory: [9]">Removing files</ProgressText>
+      <ProgressText Action="RemoveFolders" Template="Folder: [1]">Removing folders</ProgressText>
+      <ProgressText Action="RemoveIniValues" Template="File: [1],  Section: [2],  Key: [3], Value: [4]">Removing INI files entries</ProgressText>
+      <ProgressText Action="RemoveODBC">Removing ODBC components</ProgressText>
+      <ProgressText Action="RemoveRegistryValues" Template="Key: [1], Name: [2]">Removing system registry values</ProgressText>
+      <ProgressText Action="RemoveShortcuts" Template="Shortcut: [1]">Removing shortcuts</ProgressText>
+      <ProgressText Action="RMCCPSearch">Searching for qualifying products</ProgressText>
+      <ProgressText Action="SelfRegModules" Template="File: [1], Folder: [2]">Registering modules</ProgressText>
+      <ProgressText Action="SelfUnregModules" Template="File: [1], Folder: [2]">Unregistering modules</ProgressText>
+      <ProgressText Action="SetODBCFolders">Initializing ODBC directories</ProgressText>
+      <ProgressText Action="StartServices" Template="Service: [1]">Starting services</ProgressText>
+      <ProgressText Action="StopServices" Template="Service: [1]">Stopping services</ProgressText>
+      <ProgressText Action="UnpublishComponents" Template="Component ID: [1], Qualifier: [2]">Unpublishing Qualified Components</ProgressText>
+      <ProgressText Action="UnpublishFeatures" Template="Feature: [1]">Unpublishing Product Features</ProgressText>
+      <ProgressText Action="UnregisterClassInfo" Template="Class Id: [1]">Unregister Class servers</ProgressText>
+      <ProgressText Action="UnregisterComPlus" Template="AppId: [1]{{, AppType: [2]}}">Unregistering COM+ Applications and Components</ProgressText>
+      <ProgressText Action="UnregisterExtensionInfo" Template="Extension: [1]">Unregistering extension servers</ProgressText>
+      <ProgressText Action="UnregisterFonts" Template="Font: [1]">Unregistering fonts</ProgressText>
+      <ProgressText Action="UnregisterMIMEInfo" Template="MIME Content Type: [1], Extension: [2]">Unregistering MIME info</ProgressText>
+      <ProgressText Action="UnregisterProgIdInfo" Template="ProgId: [1]">Unregistering program identifiers</ProgressText>
+      <ProgressText Action="UnregisterTypeLibraries" Template="LibID: [1]">Unregistering type libraries</ProgressText>
+      <ProgressText Action="WriteEnvironmentStrings" Template="Name: [1], Value: [2], Action [3]">Updating environment strings</ProgressText>
+      <ProgressText Action="WriteIniValues" Template="File: [1],  Section: [2],  Key: [3], Value: [4]">Writing INI files values</ProgressText>
+      <ProgressText Action="WriteRegistryValues" Template="Key: [1], Name: [2], Value: [3]">Writing system registry values</ProgressText>
+      <ProgressText Action="Advertise">Advertising application</ProgressText>
+      <ProgressText Action="GenerateScript" Template="[1]">Generating script operations for action:</ProgressText>
+      <ProgressText Action="InstallSFPCatalogFile" Template="File: [1],  Dependencies: [2]">Installing system catalog</ProgressText>
+      <ProgressText Action="MsiPublishAssemblies" Template="Application Context:[1], Assembly Name:[2]">Publishing assembly information</ProgressText>
+      <ProgressText Action="MsiUnpublishAssemblies" Template="Application Context:[1], Assembly Name:[2]">Unpublishing assembly information</ProgressText>
+      <ProgressText Action="Rollback" Template="[1]">Rolling back action:</ProgressText>
+      <ProgressText Action="RollbackCleanup" Template="File: [1]">Removing backup files</ProgressText>
+      <ProgressText Action="UnmoveFiles" Template="File: [1], Directory: [9]">Removing moved files</ProgressText>
+      <ProgressText Action="UnpublishProduct">Unpublishing product information</ProgressText>
+      <Error Id="0">{{Fatal error: }}</Error>
+      <Error Id="1">{{Error [1]. }}</Error>
+      <Error Id="2">Warning [1]. </Error>
+      <Error Id="3" />
+      <Error Id="4">Info [1]. </Error>
+      <Error Id="5">The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is [1]. {{The arguments are: [2], [3], [4]}}</Error>
+      <Error Id="6" />
+      <Error Id="7">{{Disk full: }}</Error>
+      <Error Id="8">Action [Time]: [1]. [2]</Error>
+      <Error Id="9">[ProductName]</Error>
+      <Error Id="10">{[2]}{, [3]}{, [4]}</Error>
+      <Error Id="11">Message type: [1], Argument: [2]</Error>
+      <Error Id="12">=== Logging started: [Date]  [Time] ===</Error>
+      <Error Id="13">=== Logging stopped: [Date]  [Time] ===</Error>
+      <Error Id="14">Action start [Time]: [1].</Error>
+      <Error Id="15">Action ended [Time]: [1]. Return value [2].</Error>
+      <Error Id="16">Time remaining: {[1] minutes }{[2] seconds}</Error>
+      <Error Id="17">Out of memory. Shut down other applications before retrying.</Error>
+      <Error Id="18">Installer is no longer responding.</Error>
+      <Error Id="19">Installer stopped prematurely.</Error>
+      <Error Id="20">Please wait while Windows configures [ProductName]</Error>
+      <Error Id="21">Gathering required information...</Error>
+      <Error Id="22">Removing older versions of this application...</Error>
+      <Error Id="23">Preparing to remove older versions of this application...</Error>
+      <Error Id="32">{[ProductName] }Setup completed successfully.</Error>
+      <Error Id="33">{[ProductName] }Setup failed.</Error>
+      <Error Id="1101">Error reading from file: [2]. {{ System error [3].}}  Verify that the file exists and that you can access it.</Error>
+      <Error Id="1301">Cannot create the file '[2]'.  A directory with this name already exists.  Cancel the install and try installing to a different location.</Error>
+      <Error Id="1302">Please insert the disk: [2]</Error>
+      <Error Id="1303">The installer has insufficient privileges to access this directory: [2].  The installation cannot continue.  Log on as administrator or contact your system administrator.</Error>
+      <Error Id="1304">Error writing to file: [2].  Verify that you have access to that directory.</Error>
+      <Error Id="1305">Error reading from file [2]. {{ System error [3].}} Verify that the file exists and that you can access it.</Error>
+      <Error Id="1306">Another application has exclusive access to the file '[2]'.  Please shut down all other applications, then click Retry.</Error>
+      <Error Id="1307">There is not enough disk space to install this file: [2].  Free some disk space and click Retry, or click Cancel to exit.</Error>
+      <Error Id="1308">Source file not found: [2].  Verify that the file exists and that you can access it.</Error>
+      <Error Id="1309">Error reading from file: [3]. {{ System error [2].}}  Verify that the file exists and that you can access it.</Error>
+      <Error Id="1310">Error writing to file: [3]. {{ System error [2].}}  Verify that you have access to that directory.</Error>
+      <Error Id="1311">Source file not found{{(cabinet)}}: [2].  Verify that the file exists and that you can access it.</Error>
+      <Error Id="1312">Cannot create the directory '[2]'.  A file with this name already exists.  Please rename or remove the file and click retry, or click Cancel to exit.</Error>
+      <Error Id="1313">The volume [2] is currently unavailable.  Please select another.</Error>
+      <Error Id="1314">The specified path '[2]' is unavailable.</Error>
+      <Error Id="1315">Unable to write to the specified folder: [2].</Error>
+      <Error Id="1316">A network error occurred while attempting to read from the file: [2]</Error>
+      <Error Id="1317">An error occurred while attempting to create the directory: [2]</Error>
+      <Error Id="1318">A network error occurred while attempting to create the directory: [2]</Error>
+      <Error Id="1319">A network error occurred while attempting to open the source file cabinet: [2]</Error>
+      <Error Id="1320">The specified path is too long: [2]</Error>
+      <Error Id="1321">The Installer has insufficient privileges to modify this file: [2].</Error>
+      <Error Id="1322">A portion of the folder path '[2]' is invalid.  It is either empty or exceeds the length allowed by the system.</Error>
+      <Error Id="1323">The folder path '[2]' contains words that are not valid in folder paths.</Error>
+      <Error Id="1324">The folder path '[2]' contains an invalid character.</Error>
+      <Error Id="1325">'[2]' is not a valid short file name.</Error>
+      <Error Id="1326">Error getting file security: [3] GetLastError: [2]</Error>
+      <Error Id="1327">Invalid Drive: [2]</Error>
+      <Error Id="1328">Error applying patch to file [2].  It has probably been updated by other means, and can no longer be modified by this patch.  For more information contact your patch vendor.  {{System Error: [3]}}</Error>
+      <Error Id="1329">A file that is required cannot be installed because the cabinet file [2] is not digitally signed.  This may indicate that the cabinet file is corrupt.</Error>
+      <Error Id="1330">A file that is required cannot be installed because the cabinet file [2] has an invalid digital signature.  This may indicate that the cabinet file is corrupt.{{  Error [3] was returned by WinVerifyTrust.}}</Error>
+      <Error Id="1331">Failed to correctly copy [2] file: CRC error.</Error>
+      <Error Id="1332">Failed to correctly move [2] file: CRC error.</Error>
+      <Error Id="1333">Failed to correctly patch [2] file: CRC error.</Error>
+      <Error Id="1334">The file '[2]' cannot be installed because the file cannot be found in cabinet file '[3]'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.</Error>
+      <Error Id="1335">The cabinet file '[2]' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.</Error>
+      <Error Id="1336">There was an error creating a temporary file that is needed to complete this installation.{{  Folder: [3]. System error code: [2]}}</Error>
+      <Error Id="1401">Could not create key: [2]. {{ System error [3].}}  Verify that you have sufficient access to that key, or contact your support personnel. </Error>
+      <Error Id="1402">Could not open key: [2]. {{ System error [3].}}  Verify that you have sufficient access to that key, or contact your support personnel. </Error>
+      <Error Id="1403">Could not delete value [2] from key [3]. {{ System error [4].}}  Verify that you have sufficient access to that key, or contact your support personnel. </Error>
+      <Error Id="1404">Could not delete key [2]. {{ System error [3].}}  Verify that you have sufficient access to that key, or contact your support personnel. </Error>
+      <Error Id="1405">Could not read value [2] from key [3]. {{ System error [4].}}  Verify that you have sufficient access to that key, or contact your support personnel. </Error>
+      <Error Id="1406">Could not write value [2] to key [3]. {{ System error [4].}}  Verify that you have sufficient access to that key, or contact your support personnel.</Error>
+      <Error Id="1407">Could not get value names for key [2]. {{ System error [3].}}  Verify that you have sufficient access to that key, or contact your support personnel.</Error>
+      <Error Id="1408">Could not get sub key names for key [2]. {{ System error [3].}}  Verify that you have sufficient access to that key, or contact your support personnel.</Error>
+      <Error Id="1409">Could not read security information for key [2]. {{ System error [3].}}  Verify that you have sufficient access to that key, or contact your support personnel.</Error>
+      <Error Id="1410">Could not increase the available registry space. [2] KB of free registry space is required for the installation of this application.</Error>
+      <Error Id="1500">Another installation is in progress. You must complete that installation before continuing this one.</Error>
+      <Error Id="1501">Error accessing secured data. Please make sure the Windows Installer is configured properly and try the install again.</Error>
+      <Error Id="1502">User '[2]' has previously initiated an install for product '[3]'.  That user will need to run that install again before they can use that product.  Your current install will now continue.</Error>
+      <Error Id="1503">User '[2]' has previously initiated an install for product '[3]'.  That user will need to run that install again before they can use that product.</Error>
+      <Error Id="1601">Out of disk space -- Volume: '[2]'; required space: [3] KB; available space: [4] KB.  Free some disk space and retry.</Error>
+      <Error Id="1602">Are you sure you want to cancel?</Error>
+      <Error Id="1603">The file [2][3] is being held in use{ by the following process: Name: [4], Id: [5], Window Title: '[6]'}.  Close that application and retry.</Error>
+      <Error Id="1604">The product '[2]' is already installed, preventing the installation of this product.  The two products are incompatible.</Error>
+      <Error Id="1605">There is not enough disk space on the volume '[2]' to continue the install with recovery enabled. [3] KB are required, but only [4] KB are available. Click Ignore to continue the install without saving recovery information, click Retry to check for available space again, or click Cancel to quit the installation.</Error>
+      <Error Id="1606">Could not access network location [2].</Error>
+      <Error Id="1607">The following applications should be closed before continuing the install:</Error>
+      <Error Id="1608">Could not find any previously installed compliant products on the machine for installing this product.</Error>
+      <Error Id="1609">An error occurred while applying security settings. [2] is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. {{Unable to locate the user's SID, system error [3]}}</Error>
+      <Error Id="1701">The key [2] is not valid.  Verify that you entered the correct key.</Error>
+      <Error Id="1702">The installer must restart your system before configuration of [2] can continue.  Click Yes to restart now or No if you plan to manually restart later.</Error>
+      <Error Id="1703">You must restart your system for the configuration changes made to [2] to take effect. Click Yes to restart now or No if you plan to manually restart later.</Error>
+      <Error Id="1704">An installation for [2] is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?</Error>
+      <Error Id="1705">A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?</Error>
+      <Error Id="1706">An installation package for the product [2] cannot be found. Try the installation again using a valid copy of the installation package '[3]'.</Error>
+      <Error Id="1707">Installation completed successfully.</Error>
+      <Error Id="1708">Installation failed.</Error>
+      <Error Id="1709">Product: [2] -- [3]</Error>
+      <Error Id="1710">You may either restore your computer to its previous state or continue the install later. Would you like to restore?</Error>
+      <Error Id="1711">An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.</Error>
+      <Error Id="1712">One or more of the files required to restore your computer to its previous state could not be found.  Restoration will not be possible.</Error>
+      <Error Id="1713">[2] cannot install one of its required products. Contact your technical support group.  {{System Error: [3].}}</Error>
+      <Error Id="1714">The older version of [2] cannot be removed.  Contact your technical support group.  {{System Error [3].}}</Error>
+      <Error Id="1715">Installed [2]</Error>
+      <Error Id="1716">Configured [2]</Error>
+      <Error Id="1717">Removed [2]</Error>
+      <Error Id="1718">File [2] was rejected by digital signature policy.</Error>
+      <Error Id="1719">The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</Error>
+      <Error Id="1720">There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor.  {{Custom action [2] script error [3], [4]: [5] Line [6], Column [7], [8] }}</Error>
+      <Error Id="1721">There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. {{Action: [2], location: [3], command: [4] }}</Error>
+      <Error Id="1722">There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  {{Action [2], location: [3], command: [4] }}</Error>
+      <Error Id="1723">There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  {{Action [2], entry: [3], library: [4] }}</Error>
+      <Error Id="1724">Removal completed successfully.</Error>
+      <Error Id="1725">Removal failed.</Error>
+      <Error Id="1726">Advertisement completed successfully.</Error>
+      <Error Id="1727">Advertisement failed.</Error>
+      <Error Id="1728">Configuration completed successfully.</Error>
+      <Error Id="1729">Configuration failed.</Error>
+      <Error Id="1730">You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.</Error>
+      <Error Id="1801">The path [2] is not valid.  Please specify a valid path.</Error>
+      <Error Id="1802">Out of memory. Shut down other applications before retrying.</Error>
+      <Error Id="1803">There is no disk in drive [2]. Please insert one and click Retry, or click Cancel to go back to the previously selected volume.</Error>
+      <Error Id="1804">There is no disk in drive [2]. Please insert one and click Retry, or click Cancel to return to the browse dialog and select a different volume.</Error>
+      <Error Id="1805">The folder [2] does not exist.  Please enter a path to an existing folder.</Error>
+      <Error Id="1806">You have insufficient privileges to read this folder.</Error>
+      <Error Id="1807">A valid destination folder for the install could not be determined.</Error>
+      <Error Id="1901">Error attempting to read from the source install database: [2].</Error>
+      <Error Id="1902">Scheduling reboot operation: Renaming file [2] to [3]. Must reboot to complete operation.</Error>
+      <Error Id="1903">Scheduling reboot operation: Deleting file [2]. Must reboot to complete operation.</Error>
+      <Error Id="1904">Module [2] failed to register.  HRESULT [3].  Contact your support personnel.</Error>
+      <Error Id="1905">Module [2] failed to unregister.  HRESULT [3].  Contact your support personnel.</Error>
+      <Error Id="1906">Failed to cache package [2]. Error: [3]. Contact your support personnel.</Error>
+      <Error Id="1907">Could not register font [2].  Verify that you have sufficient permissions to install fonts, and that the system supports this font.</Error>
+      <Error Id="1908">Could not unregister font [2]. Verify that you that you have sufficient permissions to remove fonts.</Error>
+      <Error Id="1909">Could not create Shortcut [2]. Verify that the destination folder exists and that you can access it.</Error>
+      <Error Id="1910">Could not remove Shortcut [2]. Verify that the shortcut file exists and that you can access it.</Error>
+      <Error Id="1911">Could not register type library for file [2].  Contact your support personnel.</Error>
+      <Error Id="1912">Could not unregister type library for file [2].  Contact your support personnel.</Error>
+      <Error Id="1913">Could not update the ini file [2][3].  Verify that the file exists and that you can access it.</Error>
+      <Error Id="1914">Could not schedule file [2] to replace file [3] on reboot.  Verify that you have write permissions to file [3].</Error>
+      <Error Id="1915">Error removing ODBC driver manager, ODBC error [2]: [3]. Contact your support personnel.</Error>
+      <Error Id="1916">Error installing ODBC driver manager, ODBC error [2]: [3]. Contact your support personnel.</Error>
+      <Error Id="1917">Error removing ODBC driver: [4], ODBC error [2]: [3]. Verify that you have sufficient privileges to remove ODBC drivers.</Error>
+      <Error Id="1918">Error installing ODBC driver: [4], ODBC error [2]: [3]. Verify that the file [4] exists and that you can access it.</Error>
+      <Error Id="1919">Error configuring ODBC data source: [4], ODBC error [2]: [3]. Verify that the file [4] exists and that you can access it.</Error>
+      <Error Id="1920">Service '[2]' ([3]) failed to start.  Verify that you have sufficient privileges to start system services.</Error>
+      <Error Id="1921">Service '[2]' ([3]) could not be stopped.  Verify that you have sufficient privileges to stop system services.</Error>
+      <Error Id="1922">Service '[2]' ([3]) could not be deleted.  Verify that you have sufficient privileges to remove system services.</Error>
+      <Error Id="1923">Service '[2]' ([3]) could not be installed.  Verify that you have sufficient privileges to install system services.</Error>
+      <Error Id="1924">Could not update environment variable '[2]'.  Verify that you have sufficient privileges to modify environment variables.</Error>
+      <Error Id="1925">You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.</Error>
+      <Error Id="1926">Could not set file security for file '[3]'. Error: [2].  Verify that you have sufficient privileges to modify the security permissions for this file.</Error>
+      <Error Id="1927">Component Services (COM+ 1.0) are not installed on this computer.  This installation requires Component Services in order to complete successfully.  Component Services are available on Windows 2000.</Error>
+      <Error Id="1928">Error registering COM+ Application.  Contact your support personnel for more information.</Error>
+      <Error Id="1929">Error unregistering COM+ Application.  Contact your support personnel for more information.</Error>
+      <Error Id="1930">The description for service '[2]' ([3]) could not be changed.</Error>
+      <Error Id="1931">The Windows Installer service cannot update the system file [2] because the file is protected by Windows.  You may need to update your operating system for this program to work correctly. {{Package version: [3], OS Protected version: [4]}}</Error>
+      <Error Id="1932">The Windows Installer service cannot update the protected Windows file [2]. {{Package version: [3], OS Protected version: [4], SFP Error: [5]}}</Error>
+      <Error Id="1933">The Windows Installer service cannot update one or more protected Windows files. {{SFP Error: [2].  List of protected files:\r\n[3]}}</Error>
+      <Error Id="1934">User installations are disabled via policy on the machine.</Error>
+      <Error Id="1935">An error occurred during the installation of assembly component [2]. HRESULT: [3]. {{assembly interface: [4], function: [5], assembly name: [6]}}</Error>
+      
+      <Error Id="4001">Custom action data not found. STATUS [2]</Error>
+      <Error Id="4003">NSIS Uninstallation failed. Status [2]</Error>
+      <Error Id="4004">ABORT: [2]</Error>
+      <Error Id="4005">Custom action failed. Phase [2]</Error>
+      <Error Id="4006">Failed to determine running processes. Status [2]</Error>
+      <Error Id="4007">Failed to install Kerberos network provider.  Status [2]</Error>
+      <Error Id="4008">NSIS Uninstallation failed to initialize.  Uninstaller path [2] returned error [3]</Error>
+      <AdminUISequence>
+        <Show Dialog="FatalError" OnExit="error" />
+        <Show Dialog="UserExit" OnExit="cancel" />
+        <Show Dialog="ExitDialog" OnExit="success" />
+        <Show Dialog="PrepareDlg" Before="CostInitialize" />
+        <Show Dialog="AdminWelcomeDlg" After="CostFinalize" />
+        <Show Dialog="ProgressDlg" After="AdminWelcomeDlg" />
+      </AdminUISequence>
+      <InstallUISequence>
+		<Custom Action="ListRunningProcesses" After="MigrateFeatureStates" />
+        <Show Dialog="FatalError" OnExit="error" />
+        <Show Dialog="UserExit" OnExit="cancel" />
+        <Show Dialog="ExitDialog" OnExit="success" />
+        <Show Dialog="PrepareDlg" After="LaunchConditions" />
+        <Show Dialog="WelcomeDlg" After="ListRunningProcesses">NOT Installed</Show>
+        <Show Dialog="ResumeDlg" After="WelcomeDlg">Installed AND (RESUME OR Preselected)</Show>
+        <Show Dialog="MaintenanceWelcomeDlg" After="ResumeDlg">Installed AND NOT RESUME AND NOT Preselected</Show>
+        <Show Dialog="ProgressDlg" After="MaintenanceWelcomeDlg" />
+      </InstallUISequence>
+    </UI>
+    <Property Id="ErrorDialog"><![CDATA[ErrorDlg]]></Property>
+    <Property Id="DefaultUIFont"><![CDATA[DlgFont8]]></Property>
+    <Property Id="ButtonText_No"><![CDATA[&No]]></Property>
+    <Property Id="ButtonText_Install"><![CDATA[&Install]]></Property>
+    <Property Id="ButtonText_Next"><![CDATA[&Next >]]></Property>
+    <Property Id="Setup"><![CDATA[Setup]]></Property>
+    <Property Id="ButtonText_Browse"><![CDATA[Br&owse]]></Property>
+    <Property Id="CustomSetupIcon"><![CDATA[custicon]]></Property>
+    <Property Id="RepairIcon"><![CDATA[repairic]]></Property>
+    <Property Id="ExclamationIcon"><![CDATA[exclamic]]></Property>
+    <Property Id="ButtonText_Repair"><![CDATA[&Repair]]></Property>
+    <Property Id="ButtonText_Back"><![CDATA[< &Back]]></Property>
+    <Property Id="InstallMode"><![CDATA[Typical]]></Property>
+    <Property Id="Progress2"><![CDATA[installs]]></Property>
+    <Property Id="Progress1"><![CDATA[Installing]]></Property>
+    <Property Id="Wizard"><![CDATA[Setup Wizard]]></Property>
+    <Property Id="RemoveIcon"><![CDATA[removico]]></Property>
+    <Property Id="ButtonText_Yes"><![CDATA[&Yes]]></Property>
+    <Property Id="ButtonText_Ignore"><![CDATA[&Ignore]]></Property>
+    <Property Id="ButtonText_Reset"><![CDATA[&Reset]]></Property>
+    <Property Id="ButtonText_Refresh"><![CDATA[&Refresh]]></Property>
+    <Property Id="ButtonText_Remove"><![CDATA[&Remove]]></Property>
+    <Property Id="ShowUserRegistrationDlg"><![CDATA[0]]></Property>
+    <Property Id="ButtonText_Exit"><![CDATA[&Exit]]></Property>
+    <Property Id="ButtonText_Return"><![CDATA[&Return]]></Property>
+    <Property Id="ButtonText_OK"><![CDATA[OK]]></Property>
+    <Property Id="CompleteSetupIcon"><![CDATA[completi]]></Property>
+    <Property Id="ButtonText_Resume"><![CDATA[&Resume]]></Property>
+    <Property Id="ButtonText_Close"><![CDATA[&Close]]></Property>
+    <Property Id="InstallerIcon"><![CDATA[insticon]]></Property>
+    <Property Id="ButtonText_Finish"><![CDATA[&Finish]]></Property>
+    <Property Id="PROMPTROLLBACKCOST"><![CDATA[P]]></Property>
+    <Property Id="PIDTemplate"><![CDATA[12345<###-%%%%%%%>@@@@@]]></Property>
+    <Property Id="DlgTitleFont"><![CDATA[{&DlgFontBold8}]]></Property>
+    <Property Id="ButtonText_Cancel"><![CDATA[Cancel]]></Property>
+    <Property Id="InfoIcon"><![CDATA[info]]></Property>
+    <Property Id="ButtonText_Retry"><![CDATA[&Retry]]></Property>
+    <Property Id="IAgree"><![CDATA[No]]></Property>
+    <Property Id="BannerBitmap"><![CDATA[bannrbmp]]></Property>
+    <Property Id="DialogBitmap"><![CDATA[dlgbmp]]></Property>
+    <Binary Id="bannrbmp" SourceFile="Binary\bannrbmp.bmp" />
+    <Binary Id="completi" SourceFile="Binary\completi.ico" />
+    <Binary Id="custicon" SourceFile="Binary\custicon.ico" />
+    <Binary Id="dlgbmp" SourceFile="Binary\dlgbmp.bmp" />
+    <Binary Id="exclamic" SourceFile="Binary\exclamic.ico" />
+    <Binary Id="info" SourceFile="Binary\info.bmp" />
+    <Binary Id="insticon" SourceFile="Binary\insticon.ico" />
+    <Binary Id="New" SourceFile="Binary\New.bmp" />
+    <Binary Id="removico" SourceFile="Binary\removico.ico" />
+    <Binary Id="repairic" SourceFile="Binary\repairic.ico" />
+    <Binary Id="Up" SourceFile="Binary\up.bmp" />
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/msi-deployment-guide.txt b/krb5-1.21.3/src/windows/installer/wix/msi-deployment-guide.txt
new file mode 100644
index 00000000..2d3bb866
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/msi-deployment-guide.txt
@@ -0,0 +1,846 @@
+
+Kerberos for Windows
+
+                         MSI Deployment Guide
+
+----------------------------------------------------------------------
+
+     Contents
+
+     1.    Introduction
+     1.1     Requirements
+     1.2     Authoring a Transform
+     2.	   Configuration Options
+     2.1     Configurable Properties
+     2.1.1     Setting Properties
+     2.1.2     Leash GUI Properties
+     2.1.3     Leash DLL Properties
+     2.1.4     Kerberos IV Properties
+     2.1.5     Kerberos V Properties
+     2.2     Existing Registry Entries
+     2.3     Replacing Configuration Files
+     3.    Network Identity Manager Settings
+     3.1     Common Settings for NetIDMgr
+     3.1.1     General Settings
+     3.1.2     Common Plug-in Settings
+     3.1.3     Settings for the Kerberos 5 Credentials Provider Plug-in
+     3.1.4     Settings for the kerberos 4 Credentials Provider Plug-in
+     4.	   Additional Resources
+     5.	   Upgrades
+     6.	   FAQ
+
+----------------------------------------------------------------------
+
+1.  Introduction
+
+    Beginning with "Kerberos for Windows" version 2.6.5, a MSI installer
+    option is available for those who wish to use "Windows Installer"
+    for installing Kerberos and for organizations that wish to deploy
+    Kerberos through Group Policy.
+
+    This document provides a guide for authoring transforms used to
+    customize the MSI package for a particular organization.  Although
+    many settings can be deployed via transforms, in an Active
+    Directory environment it is advisable to deploy registry settings
+    and configuration files through group policy and/or startup
+    scripts so that machines where "Kerberos for Windows" is already
+    installed will pick up these customizations.
+
+1.1 Requirements
+
+    The information in this document applies to MSI packages
+    distributed with "Kerberos for Windows" releases from 2.6.5 and
+    onwards or MSI packages built from corresponding source
+    releases.  Not all releases support all the configuration options
+    documented here.
+
+    Authoring a "Windows Installer" transform requires additional
+    software for editing the MSI database tables and generating the
+    transform from the modified MSI package.  ORCA.EXE and MSITRAN.EXE
+    which are included in the Windows Platform SDK ("Windows Installer"
+    SDK) can be used for this purpose.
+
+    For reference, the schema for the MSI package is based on
+    SCHEMA.MSI distributed with the Platform SDK.
+
+    For general information about "Windows Installer", refer to :
+
+    http://msdn.microsoft.com/library/en-us/msi/setup/windows_installer_start_page.asp
+
+    For general information about authoring MSI transforms, refer to :
+
+    http://msdn.microsoft.com/library/en-us/msi/setup/transforms.asp
+
+    The remainder of this document assumes some familiarity with
+    authoring transforms.  While the MSDN documentation for Windows
+    Installer is a bit dense, it is recommended that you read through
+    the guide on MSI transforms found at the second link above.  Also
+    MSDN includes a step-by-step example for creating a transform at:
+
+    http://msdn.microsoft.com/library/en-us/msi/setup/a_customization_transform_example.asp
+
+1.2  Authoring a Transform
+
+    Transforms describe a set of modifications to be performed on an
+    existing MSI for the purpose of customizing it.  This is
+    ordinarily done by making a copy of the MSI to be customized,
+    modifying the copy and then using the old and the new MSI to
+    generate a transform.
+
+    E.g:
+       > copy kfw.msi kfw-modified.msi
+       
+       (edit the kfw-modified.msi to include the necessary changes)
+
+       > msitran -g kfw.msi kfw-modified.msi kfw-transform.mst
+
+       (generates kfw-transform.mst, which is the transform)
+
+    Transforms have an extension of .mst.  'msitran' is a tool
+    distributed as part of the "Windows Installer" SDK (which in turn is
+    a part of the Windows Platform SDK).
+
+    You can test a transform by :
+
+       > copy kfw.msi kfw-test.msi
+       > msitran -a kfw-transform.mst kfw-test.msi
+
+    and then checking the resulting kfw-test.msi to see if all the
+    changes you have made above to kfw-modified.msi is present in
+    kfw-test.msi.  'msitran' will complain if some modification in the
+    transform can not be successfully applied.
+
+    As mentioned above, you can use a tool like ORCA.EXE to edit the
+    MSI databases directly when editing kfw-modified.msi.  More
+    details are given below.
+
+----------------------------------------------------------------------
+
+2.  Configuration Options
+
+    The logic necessary to implement all of the settings described in
+    the release notes are present in the MSI.  Most of these can be
+    controlled by setting the corresponding properties to the desired
+    value.  Some settings may require modifying existing registry
+    entries (though not recommended) or adding new resources (like
+    files or registry keys).  Instructions for performing these tasks
+    are below.
+
+2.1 Configurable Properties
+
+    Most configurable properties correspond to registry keys or
+    values.  Please refer to the release notes for more information
+    about how these registry settings are used.
+
+    Due to the logic invoked based on the existence of these registry
+    keys or values, they are only set if the associated property is
+    defined to have a non null value.  If the associated property is
+    not defined in the MSI, the registry key or value will not be
+    touched.  By default, the MSI does not contain these properties
+    and hence will not set the registry keys.  You will need to add
+    properties as needed to the MSI.
+
+    When one of the configurable properties is set, the installer will
+    use the property value to set the corresponding setting in the
+    HKEY_LOCAL_MACHINE registry hive.  HKEY_CURRENT_USER hive is not
+    touched by the installer.
+
+    For each property, the associated registry setting is referenced
+    by the same text used in the release notes ('Registry and
+    Environment Settings' section).
+
+    Strings are quoted using single quotes (e.g. 'a string'). An empty
+    string is denoted as ''.  Note that you can't author null values
+    into the 'Property' table.
+
+    Numeric values should be authored as decimal strings.
+
+2.1.1  Setting Properties
+
+    In order to set a property,
+
+    a.  Open the MSI in ORCA.EXE
+
+    b.  Select the 'Property' table from the list of tables on the left.
+
+    c.  Find the property in the list of properties on the right,
+        double click the value and type the new value.
+
+    d.  If the property does not exist in the property list, right
+        click the list and select 'Add Row', type the property name
+        and the desired value.
+
+2.1.2    Leash GUI properties
+
+    LEASHCREATEMISSINGCONFIG
+	Setting: automatic generation of missing configuration files
+	Values : '0' or '1'
+
+    LEASHAUTORENEWTICKETS
+	Setting: automatic ticket renewal
+	Values : '0' or '1'
+
+2.1.3    Leash32 DLL properties
+
+    LEASHLIFETIME
+	Setting: default lifetime (minutes)
+	Values : numeric
+
+    LEASHRENEWTILL
+	Setting: default renew till time (minutes)
+	Values : numeric
+
+    LEASHRENEWABLE
+	Setting: default renewable tickets setting
+	Values : '0' or '1'
+
+    LEASHFORWARDABLE
+	Setting: default forwardable tickets setting
+	Values : '0' or '1'
+
+    LEASHNOADDRESSES
+	Setting: default addressless tickets setting
+	Values : '0' or '1'
+
+    LEASHPROXIABLE
+	Setting: default proxiable tickets setting
+	Values : '0' or '1'
+
+    LEASHPUBLICIP
+	Setting: default public ipv4 address
+	Values : numeric
+
+    LEASHHIDEKINITOPTIONS
+	Setting: hide advanced kinit options in dialog
+	Values : '0' or '1'
+
+    LEASHLIFEMIN
+	Setting: minimum kinit dialog lifetime
+	Values : numeric
+
+    LEASHLIFEMAX
+	Setting: maximum kinit dialog lifetime
+	Values : numeric
+
+    LEASHRENEWMIN
+	Setting: minimum kinit dialog renew till time
+	Values : numeric
+
+    LEASHRENEWMAX
+	Setting: maximum kinit dialog renew till time
+	Values : numeric
+
+    LEASHUPPERCASEREALM
+	Setting: upper case realm
+	Values : '0' or '1'
+
+    LEASHTIMEHOST
+	Setting: timesync host
+	Values : string
+
+    LEASHPRESERVEKINITOPTIONS
+	Setting: Preserve ticket initialization dialog options
+	Values : numeric
+
+2.1.4  Kerberos 5 properties
+
+    KRB5CONFIG
+	Setting: location of krb5.ini
+	Values : string
+
+    KRB5CCNAME
+	Setting: Default credentials cache name
+	Values : string
+
+    KRB5PRESERVEIDENTITY
+	Setting: MSLSA: credential cache client principal identity generation
+	Values : '0' or '1'
+
+2.2 Existing Registry Entries
+
+    You can change existing registry values subject to the
+    restrictions mentioned in the Windows Platform SDK.  Pay special
+    attention to component keypaths and try to only change the 'Value'
+    column in the 'Registry' table.  If you want to add additional
+    registry keys please refer to section 3 (Additional Resources).
+
+2.3 Replacing Configuration Files
+
+    The Kerberos configuration files (krb5.ini, krb.con, krbrealm.con)
+    can be replaced by your own configuration files.  These files are
+    contained in separate MSI components so that you can disable them
+    individually.
+
+    The recommended method for replacing these files is to first
+    disable the components containing the configuration files that you
+    want to replace, and then add new components for the replacement
+    files.  This is outlined below (assuming you are using ORCA.EXE to
+    author the transform).
+
+    Note that transforms are not a good way to add a new file as an
+    embedded stream.  The method outlined here places the file in the
+    same directory as the MSI for deployment.
+
+    The walkthrough below is to add a custom 'krb5.ini' file.
+
+    1) Disable the component that contains the configuration file that
+       you want to replace.
+
+       1.1) Locate and select the 'Component' table in the 'Tables'
+            list.
+
+       1.2) In the Component table, locate the component you need to
+            change ( Ctrl-F invokes the 'Find' dialog).  The component
+            names are listed below in section 2.3.1.  For this
+            example, the component name is 'cmf_krb5_ini'.
+
+       1.3) Go to the 'Condition' column of the component.
+
+       1.4) Enter a condition that evaluates to
+            false. I.e. 'DONOTINSTALL'. (Note that an undefined
+            property always evaluates to false).
+
+       Note that you can also use this step to disable other
+       configuration files without providing replacements.
+
+    2) Add a new component containing the new configuration file.
+
+       2.1) Select the 'Component' table in the 'Tables' list.
+
+       2.2) Select 'Tables'->'Add Row' (Ctrl-R).
+
+       2.3) Enter the following :
+
+            Component     : cmf_my_krb5_ini
+	    ComponentId   : {835BAAC6-5E54-BFFE-DBCB2F240711}
+	    Directory_	  : WindowsFolder
+	    Attributes	  : 144
+	    Condition	  :
+	    KeyPath	  : fil_my_krb5_ini
+
+	    Note that the ComponentId is an uppercase GUID.  You can
+	    generate one using GUIDGEN.EXE or UUIDGEN.EXE, both of
+	    which are included in the Platform SDK.
+
+	    The Attributes value of 144 is a sum of
+	    msidbComponentAttributesPermanent (16) and
+	    msidbComponentAttributesNeverOverwrite (128).  This
+	    ensures that local modifications are not overwritten or
+	    lost during an installation or uninstallation.  These are
+	    the same settings used on the default configuration files.
+
+	    'fil_my_krb5_ini' is a key into the 'File' table which we
+	    will fill later.
+
+    3) Add a new feature to hold the new component.
+
+       3.1) Select the 'Feature' table.
+
+       3.2) Add a new row (Ctrl-R or 'Tables'->'Add Row') with the
+            following values:
+
+	    Feature       : fea_my_krb5_ini
+	    Feature_Parent: feaKfwClient
+	    Title	  :
+	    Description	  :
+	    Display	  : 0
+	    Level	  : 30
+	    Directory_	  :
+	    Attributes	  : 8
+
+	    It is important to create the new feature under the
+	    'feaKfwClient' feature, which will ensure that the
+	    configuration file will be installed when the client
+	    binaries are installed.
+
+	    Setting 'Display' to 0 will hide this feature from the
+	    feature selection dialog during an interactive
+	    installation.  A value of 30 for 'Level' allows this
+	    feature to be installed by default (on a 'Typical'
+	    installation).
+
+	    The 'Attributes' value is
+	    msidbFeatureAttributesDisallowAdvertise (8), which is set
+	    on all features in the KfW MSI.  The KfW MSI is not
+	    designed for an advertised installation.
+
+    4) Join the component and the feature.
+
+       4.1) Select the 'FeatureComponents' table.
+
+       4.2) Add a new row with the following values:
+
+	    Feature    : fea_my_krb5_ini
+	    Component  : cmf_my_krb5_ini
+
+    5) Add an entry to the 'File' table.
+
+       5.1) Select the 'File' table.
+
+       5.2) Add a new row with the following values:
+
+	    File        : fil_my_krb5_ini
+	    Component_	: cmf_my_krb5_ini
+	    FileName	: krb5.ini
+	    FileSize	: (enter file size here)
+	    ...
+	    Attributes	: 8192
+	    Sequence	: 1000
+	    (leave other fields blank)
+
+	    The 'Attributes' value is msidbFileAttributesNonCompressed
+	    (8192).  This is because we will be placing this file in
+	    the same directory as the MSI instead of embedding the
+	    file in it.  Transforms do not support updating compressed
+	    sources or adding new cabinet streams.
+
+	    Finally, the 'Sequence' value of 1000 will be used later
+	    to distinguish the file as being in a separate source
+	    location than the other files in the MSI.
+
+    6) Set a media source for the file.
+
+       6.1) Select the 'Media' table.
+
+       6.2) Add a row with the following values :
+
+	    DiskId       : 2
+	    LastSequence : 1000
+	    ...
+	    (leave other fields blank)
+
+	    The sequence number of 1000 designates this as the media
+	    source for the newly added file.
+
+2.3.1 Components for Configuration Files
+
+      krb5.ini : 'cmf_krb5_ini' (ID {C1AF0670-BBF1-4AA6-B2A6-6C8B1584A1F4})
+      krb.con  : 'cmf_krb_con'  (ID {5391A051-CF14-45FF-BF64-CEE78A7A90C2})
+      krbrealm.con: 'cmf_krbrealm_con' (ID {D667B54F-1C98-43FB-87C6-0F0517623B90})
+
+----------------------------------------------------------------------
+
+3.   Network Identity Manager Settings
+
+    Configuration options for Network Identity Manager (NetIDMgr) are
+    stored in the Windows registry.  Each option can exist in the user
+    registry hive or the machine registry hive or both.  The value
+    defined in the user hive always overrides the value defined in the
+    machine registry hive.
+
+    All registry keys used by NetIDMgr exist under the key
+    'Software\MIT\NetIDMgr' under the user and machine hive.
+    Deploying a specific configuration option can be achieved by
+    setting the corresponding registry value either by authoring the
+    keys into the MSI via a transform or by deploying a registry based
+    Group Policy Object.  For deployment purposes, it is advisable to
+    deploy values to the machine hive instead of the user hive.
+    Deploying per user settings via the MSI is not supported at this
+    time.
+
+3.1    Common settings for NetIDMgr
+
+    The following sections describe a partial list of options that can
+    be specified for NetIDMgr.  Each set of options is described as a
+    set of registry values.  Each section is preceded by the registry
+    key under which the values of that section must be specified.
+
+3.1.1    General settings
+
+    Registry key : 'Software\MIT\NetIDMgr\CredWindow'
+    --------------
+
+    Value   : AllowAutoRenew
+    Type    : DWORD (Boolean)
+    Default : 1
+
+        Enables automatic credential renewal.
+
+
+    Value   : AllowCritical
+    Type    : DWORD (Boolean)
+    Default : 1	
+
+        Enables critical warning notifications.
+
+
+    Value   : AllowWarn	
+    Type    : DWORD (Boolean)
+    Default : 1	
+
+        Enables warning notifications.
+
+
+    Value   : AutoDetectNet
+    Type    : DWORD  (0 or 1)
+    Default : 1
+
+        If '1', automatically detects network connectivity changes.
+        Network connectivity change notifications are then sent out to
+        individual plug-ins which can perform actions such as renewing
+        credentials or obtaining new credentials.
+
+
+    Value   : AutoImport
+    Type    : DWORD  (0 or 1)
+    Default : 1
+
+        If '1', imports credentials from the Windows LSA cache when
+        NetIDMgr starts.
+
+
+    Value   : AutoInit
+    Type    : DWORD  (0 or 1)
+    Default : 0
+
+        If this value is '1', shows the new credentials dialog if
+        there are no credentials when NetIDMgr starts.
+
+
+    Value   : AutoStart	
+    Type    : DWORD (0 or 1)
+    Default : 0	
+
+        Start NetIDMgr when Windows starts
+
+
+    Value   : AutoRenewThreshold
+    Type    : DWORD (seconds)
+    Default : 600
+
+        Specifies the time period before credential expiration that will
+        trigger a credential renewal.  Requires AllowAutoRenew to be enabled.
+
+
+    Value   : CriticalThreshold	
+    Type    : DWORD (seconds)
+    Default : 300
+
+        Specifies the time period before credential expiration that will
+        trigger the second and final warning balloon.  Requires AllowCritical
+        to be enabled.
+        
+
+    Value   : DefaultAllowAutoRenew
+    Type    : DWORD (Boolean)
+    Default : 1
+
+	Specifies the Default AllowAutoRenew value for new identities.
+
+
+    Value   : DefaultSticky
+    Type    : DWORD  (0 or 1)
+    Default : 1
+
+        If '0', new identities will not be pinned to the display by default.
+        If '1', new identities will be pinned to the display by default.
+
+
+    Value   : DefaultWindowMode
+    Type    : DWORD  (0 or 1)
+    Default : 1
+
+        If '0', Advanced mode is used
+        If '1', Basic mode is used
+
+    Value   : DestroyCredsOnExit
+    Type    : DWORD  (0 or 1)
+    Default : 0
+
+        If '1', all credentials will be destroyed when NetIDMgr exits.
+
+    Value   : KeepRunning
+    Type    : DWORD  (0 or 1)
+    Default : 1
+
+        If '1', when NetIDMgr application is closed, it will continue
+        to run in the Windows System Notification Area (System Tray).
+        The application can be exited by choosing the 'Exit' menu
+        option.  If '0', closing the application will cause it to
+        exit completely.
+
+    Value   : LogToFile
+    Type    : DWORD  (0 or 1)
+    Default : 0
+
+        If '1', debugging information is logged to %TEMP%\nidmdbg.log
+
+
+    Value   : NotificationAction
+    Type    : DWORD  (50008 or 50025)
+    Default : 50025
+
+        If '50025', the default notification icon menu action will be to
+        Show the Network Identity Manager application windows.
+        If '50008', the default notification icon menu action will be to 
+        display the Obtain New Credentials dialog.
+
+
+    Value   : RefreshTimeout	
+    Type    : DWORD (seconds)
+    Default : 60
+
+        Specifies how often the credential list is refreshed.
+
+
+    Value   : RenewAtHalfLife
+    Type    : DWORD (Boolean)
+    Default : 1
+
+	Enables the use of a half-life algorithm for credential renewals.
+
+
+    Value   : WarnThreshold
+    Type    : DWORD (seconds)
+    Default : 900
+
+        Specifies the time period before credential expiration that will
+        trigger the first warning balloon.  Requires AllowWarn to be enabled.
+
+
+3.1.2    Common Plug-in settings
+
+    Registry key : 'Software\MIT\NetIDMgr\PluginManager\Plugins\<plug-in name>'
+    --------------
+
+    The '<plug-in name>' is one of the following for the standard plug-ins :
+
+    Krb5Cred : Kerberos 5 credentials provider
+    Krb5Ident: Kerberos 5 Identity provider
+
+    Consult the vendors for the plug-in names of other third party
+    plug-ins.  Additionally, the plug-ins configuration panel in the
+    NetIDMgr application provides a list of currently registered
+    plug-ins.
+
+    Value   : Disabled
+    Type    : DWORD (0 or 1)
+    Default : 0
+
+        If '1', the plug-in will not be loaded.
+
+    Value   : NoUnload
+    Type    : DWORD (0 or 1)
+    Default : 0
+
+        If '1', the plug-in will not be unloaded from memory when the
+        NetIDMgr application exits or if the plug-in is stopped.  The
+        plug-in binary will remain loaded until NetIDMgr terminates.
+
+3.1.3    Settings for the Kerberos 5 credentials provider plug-in
+
+    Registry key : 'Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters'
+    --------------
+
+    Value   : AutoRenewTickets
+    Type    : DWORD (0 or 1)
+    Default : 1
+
+        If '1', automatically renews expiring tickets.  The thresholds
+        at which renewals happen are controlled in general NetIDMgr
+        settings.
+
+    Value   : CreateMissingConfig
+    Type    : DWORD (0 or 1)
+    Default : 0
+
+        If '1', creates any missing configuration files.
+
+    Value   : MsLsaList
+    Type    : DWORD (0 or 1)
+    Default : 1
+
+        If '1', includes credentials from the MSLSA cache in the
+        credentials listing.
+
+
+    Value   : UseFullRealmList
+    Type    : DWORD (0 or 1)
+    Default : 0
+
+        If '1', uses the full realms list as determined by parsing the
+        krb5.ini configuration file in the new credentials dialog box.
+        If this is '0', only the last recently used list of realms
+        will be used.
+
+
+3.1.3.1    Per-identity settings
+
+    Registry key 1: 'Software\MIT\NetIDMgr\KCDB\Identity\<principal name>\Krb5Cred'
+    Registry key 2: 'Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters\Realms\<realm>'
+    Registry key 3: 'Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred\Parameters'
+    --------------
+
+    These settings are generally maintained per-identity.  However, if
+    a particular setting is not specified for an identity or if the
+    identity is new, then the values will be looked up in the
+    per-realm configuration key and in the global parameters key in
+    turn.  Global defaults should be set in the global parameters key
+    (key 3).
+
+    Value   : Addressless
+    Type    : DWORD (boolean)
+    Default : 1
+
+        Determines if addressless tickets will be obtained for new identities.
+
+
+    Value   : DefaultLifetime
+    Type    : DWORD
+    Default : 36000
+
+        Default ticket lifetime, in seconds.
+
+    Value   : DefaultRenewLifetime
+    Type    : DWORD
+    Default : 604800
+
+        Default renewable lifetime, in seconds.
+
+    Value   : FileCCList
+    Type    : SZ
+    Default : <not specified>
+
+        Specifies a comma delimited list of FILE credential caches to monitor
+        for credentials.
+
+    Value   : Forwardable
+    Type    : DWORD (0 or 1)
+    Default : 0
+
+        Obtain forwardable tickets.
+
+    Value   : MaxLifetime
+    Type    : DWORD
+    Default : 86400
+
+        Maximum lifetime, in seconds.  This value is used to set the
+        range of the user interface controls that allow setting the
+        lifetime of a ticket.
+
+    Value   : MaxRenewLifetime
+    Type    : DWORD
+    Default : 2592000
+
+        Maximum renewable lifetime, in seconds.  The value is used to
+        set the range of the user interface controls that allow
+        setting the renewable lifetime of a ticket.
+
+    Value   : MinLifetime
+    Type    : DWORD
+    Default : 60
+
+        Minimum lifetime, in seconds.  This value is used to set the
+        range of the user interface controls that allow setting the
+        lifetime of a ticket.
+
+    Value   : MinRenewLifetime
+    Type    : DWORD
+    Default : 60
+
+        Minimum renewable lifetime, in seconds.  This value is used to
+        set the range of the user interface controls that allow
+        setting the renewable lifetime of a ticket.
+
+    Value   : Proxiable
+    Type    : DWORD (0 or 1)
+    Default : 0
+
+        Obtain proxiable tickets.
+
+    Value   : Renewable
+    Type    : DWORD (0 or 1)
+    Default : 1
+
+        Obtain renewable tickets.
+
+
+----------------------------------------------------------------------
+
+4.   Additional Resources
+
+    If you want to add registry keys or files you need to create new
+    components and features for those.
+
+    Add new features under the 'feaKfwClient' feature and set the
+    'Level' column for those features to equal the 'Level' for their
+    parent features for consistency.  Note that none of the features
+    in the "Kerberos for Windows" MSI package are designed to be
+    installed to run from 'source' or 'advertised'.  It is recommended
+    that you set 'msidbFeatureAttributesFavorLocal' (0),
+    'msidbFeatureAttributesFollowParent' (2) and
+    'msidbFeatureAttributesDisallowAdvertise' (8) attributes for new
+    features.
+
+    If you are creating new components, retain the same component GUID
+    when creating new transforms against new releases of the Kerberos
+    MSI package.
+
+    It is beyond the scope of this document to provide a comprehensive
+    overview of how to add new resources through a transform.  Please
+    refer to the "Windows Installer" documentation for details.  The
+    relevant section is at :
+
+    http://msdn.microsoft.com/library/en-us/msi/setup/using_transforms_to_add_resources.asp
+
+    A sample walkthrough of adding a new configuration file is in
+    section 2.3.
+
+----------------------------------------------------------------------
+
+5.  Upgrades
+
+    The MSI package is designed to uninstall previous versions of
+    "Kerberos for Windows" during installation.  Note that it doesn't
+    directly upgrade an existing installation.  This is intentional
+    and ensures that development releases which do not have strictly
+    increasing version numbers are properly upgraded.
+
+    Versions of Kerberos that are upgraded by the MSI package are :
+
+    1) "Kerberos for Windows" 32-bit i386 MSI package
+
+       Upgrade code {61211594-AAA1-4A98-A299-757326763CC7}
+       Up to current release
+
+    2) "Kerberos for Windows" 64-bit amd64 MSI package
+
+       Upgrade code {6DA9CD86-6028-4852-8C94-452CAC229244}
+       Up to current release
+
+    2) "MIT Project Pismere Kerberos for Windows" MSI package and 
+       "MIT SWRT Kerberos for Windows" MSI
+
+       Upgrade code {83977767-388D-4DF8-BB08-3BF2401635BD}
+       All versions
+
+    3) "Kerberos for Windows" NSIS package
+
+       All versions
+
+       Note that versions of the "Kerberos for Windows" NSIS package had
+       a bug where it couldn't be uninstalled properly in unattended
+       mode.  Therefore the MSI package will not try to uninstall an
+       "Kerberos for Windows" NSIS package if running unattended.  This
+       means that group policy based deployments will fail on machines
+       that have the "Kerberos for Windows" NSIS package installed.
+
+       Note that the NSIS package is only available for 32-bit i386.
+       You cannot install both the 32-bit NSIS and 64-bit amd64 MSI 
+       packages on the same machine.  To install both 32-bit and 64-bit
+       KFW, you must use the MSI packages of both.
+
+    If you have used a different MSI package to install Kerberos for
+    Windows and wish to upgrade it you can author rows into the
+    'Upgrade' table to have the "Kerberos for Windows" MSI replace these
+    installations for you.
+
+----------------------------------------------------------------------
+
+6.  FAQ
+
+    (Q/A's will be added here as needed)
+
+----------------------------------------------------------------------
+$Id$
+
diff --git a/krb5-1.21.3/src/windows/installer/wix/platform.wxi b/krb5-1.21.3/src/windows/installer/wix/platform.wxi
new file mode 100644
index 00000000..8d21fd23
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/platform.wxi
@@ -0,0 +1,175 @@
+<?xml version="1.0"?>
+<Include>
+<!-- Platform specific GUID's and other definitions -->
+  <!-- Note that we need 32 bit dlls for both 32 and 64 bit platforms -->
+  <?define cmf_comerr32_dll_guid="D8F455F9-E648-4C61-A69D-7116ADEC2DBB"?>
+  <?define cmf_comerr32_dll_name="comerr32.dll"?>
+  <?define cmf_gssapi32_dll_guid="5B0F2989-BB85-40BF-BB7A-E77693972CF9"?>
+  <?define cmf_gssapi32_dll_name="gssapi32.dll"?>
+  <?define cmf_krb5_32_dll_guid="31E40356-CBAC-4FC6-9A34-C6F6C72A27CA"?>
+  <?define cmf_krb5_32_dll_name="krb5_32.dll"?>
+  <?define cmf_k5sprt32_dll_guid="F2381331-9201-4c02-866F-2038676771D4"?>
+  <?define cmf_k5sprt32_dll_name="k5sprt32.dll"?>
+  <?define cmf_krbcc32_dll_guid="A50FA27D-F203-4C19-9047-B7976171FB94"?>
+  <?define cmf_krbcc32_dll_name="krbcc32.dll"?>
+  <?define cmf_leashw32_dll_guid="8C145D48-A2FC-4C28-BC05-4368545F1184"?>
+  <?define cmf_leashw32_dll_name="leashw32.dll"?>
+  <?define cmf_xpprof32_dll_guid="A7DF8BAF-7188-4C24-89FB-C8EB51571FD2"?>
+  <?define cmf_xpprof32_dll_name="xpprof32.dll"?>
+  <?define cmf_spake32_dll_guid="36A1695B-A2B4-4A93-8C35-733A121923D4"?>
+  <?define cmf_spake32_dll_name="spake32.dll"?>
+  <?if $(sys.BUILDARCH) = "x64" ?>
+        <?define UpgradeCode="6DA9CD86-6028-4852-8C94-452CAC229244"?>
+        <?define PISystemFolder="System64Folder"?>
+        <?define PIProgramFilesFolder="ProgramFiles64Folder"?>
+
+        <?define cmf_kfwlogon_DLL_guid="CFC0B7C9-9A59-4022-89B3-25E0941D0369"?>
+        <?define cmf_kfwcpcc_EXE_guid="83F51B6D-F3C6-44cf-AC91-D1D6498FFA44"?>
+        <?define cmp_ClientSystemDebug_guid="7B25B1E0-A22A-43c7-BA97-C30FCA3B1230"?>
+        <?define rcm_krb5_1_guid="21883AD6-1C00-4f1d-9922-477CF63CE6BF"?>
+        <?define rcm_krb5_2_guid="88CEA446-4617-46bc-916F-2AAA1E1EACF8"?>
+        <?define rcm_krb5_3_guid="28BFF4DB-D09E-4031-AB5D-232F6F707A45"?>
+        <?define cmf_comerr64_dll_guid="3C34EFDA-3F93-4aa6-AA44-718AA25DD346"?>
+        <?define cmf_comerr64_dll_name="comerr64.dll"?>
+        <?define cmf_gss_exe_guid="805EBB97-4860-40d4-A038-5E56717EAFB4"?>
+        <?define cmf_gss_client_exe_guid="5F192562-436C-4800-93C7-148F7D46F521"?>
+        <?define cmf_gss_server_exe_guid="33651319-01CB-4f2c-9B96-50F0F53E9CDF"?>
+        <?define cmf_gssapi64_dll_guid="ACD1D3FA-3E96-47a6-8A39-88BDA2EA3C9D"?>
+        <?define cmf_gssapi64_dll_name="gssapi64.dll"?>
+        <?define cmf_k524init_exe_guid="63630B70-D9B1-47bc-905D-E4DFA6F9D0D1"?>
+        <?define cmf_kclnt64_dll_guid="C26B3CAA-607C-42db-956C-9AA379CCE892"?>
+        <?define cmf_kclnt64_dll_name="kclnt64.dll"?>
+        <?define cmf_kdestroy_exe_guid="58AB2858-3513-4e4d-B76C-915B0D0DEE82"?>
+        <?define cmf_kcpytkt_exe_guid="B2BA9697-4E42-433d-BA85-79A49A622D84"?>
+        <?define cmf_kdeltkt_exe_guid="998BF60D-75EF-4807-BDA3-7DDE47C4F00F"?>
+        <?define cmf_kinit_exe_guid="6855B2B9-D3EB-42ce-B0EA-EFCD5960B635"?>
+        <?define cmf_klist_exe_guid="1AE98193-6596-4460-9B42-15C734E28CE8"?>
+        <?define cmf_kpasswd_exe_guid="669A2965-413F-4003-9F43-4615CC7C3B1A"?>
+        <?define cmf_kswitch_exe_guid="EFBA642C-D1E8-441b-A31D-8B44715B2EAB"?>
+        <?define cmf_kvno_exe_guid="56C95EBA-2A53-4567-AA44-9A0EE01BB390"?>
+        <?define cmf_krb5_64_dll_guid="8B7190D6-76BD-442b-893B-1EED4E26EC0A"?>
+        <?define cmf_krb5_64_dll_name="krb5_64.dll"?>
+        <?define cmf_k5sprt64_dll_guid="2DD8CE7D-8C8E-4cfb-BC73-765858DD1418"?>
+        <?define cmf_k5sprt64_dll_name="k5sprt64.dll"?>
+        <?define cmf_krb524_dll_guid="4FAFB2A6-FC42-466b-9A86-42C3150252E2"?>
+        <?define cmf_krb524_dll_name="krb524.dll"?>
+        <?define cmf_krbcc64_dll_guid="56DAD1B9-4A59-46e6-81CA-54E2B6C9D618"?>
+        <?define cmf_krbcc64_dll_name="krbcc64.dll"?>
+        <?define cmf_ccapiserver_exe_guid="0192F58B-9129-426d-A271-E18455EDC80E"?>
+        <?define cmf_ccapiserver_exe_name="ccapiserver.exe"?>
+        <?define cmf_krbv4w32_dll_guid="D195FADB-A3B0-4023-A824-8895552CDC56"?>
+        <?define cmf_krbv4w32_dll_name="krbv4w64.dll"?>
+        <?define cmf_leash_exe_guid="D195FADB-A3B0-4023-A824-8895552CDC56"?>
+        <?define csc_leash_exe_guid="9D43350A-A8AE-4405-AB82-64E90E5A1A70"?>
+        <?define rcm_leash_1_guid="7E5517FF-FB76-431f-A92B-2895C9BE7E98"?>
+        <?define rcm_leash_2_guid="008208AC-46BE-4ca4-BEA7-8FCAAD8BA7C3"?>
+        <?define rcm_leash_3_guid="66D97178-E735-499b-961F-C7B8B8074E1A"?>
+        <?define rcm_leash_4_guid="D20180CC-B68D-4a6d-95E4-5EB07B9EADCD"?>
+        <?define rcm_leash_5_guid="AF3B73AE-86ED-42f5-987A-9831B8799D2F"?>
+        <?define csc_LeashStartup_guid="228192C5-D847-4c46-A726-0E8211742349"?>
+        <?define cmf_leash32_hlp_guid="EF1B0ED6-9C01-4adb-9F11-C3FF07F669D5"?>
+        <?define cmf_leash32_chm_guid="769B54EB-9B96-4abe-9B72-9EF346C8C03D"?>
+        <?define cmf_leashw64_dll_guid="7222B9E1-EE70-4ccb-929F-43D45574AA83"?>
+        <?define cmf_leashw64_dll_name="leashw64.dll"?>
+        <?define rcm_leashdll_1_guid="64BC62DF-F1D6-423a-B4E0-E75E214BAC26"?>
+        <?define rcm_leashdll_2_guid="2CEF4DC7-684B-4a53-9053-5EB26264B009"?>
+        <?define rcm_leashdll_3_guid="D93DE8B4-919E-48ef-812D-BFCC26460608"?>
+        <?define rcm_leashdll_4_guid="989B5FC5-63DC-47d6-BBBC-EE1B355127F6"?>
+        <?define rcm_leashdll_5_guid="BF38025F-ED64-4dde-8BDD-250C1BB73909"?>
+        <?define rcm_leashdll_6_guid="AC35CE64-9D8D-4a21-AB1F-18803C69E7B4"?>
+        <?define rcm_leashdll_7_guid="02014C27-BAC8-4b86-95F8-43F9BF55064A"?>
+        <?define rcm_leashdll_8_guid="DE70F57C-D3F8-4c1d-B868-A77DA04D9DD3"?>
+        <?define rcm_leashdll_9_guid="A809042D-66F3-4a6a-B8EC-77C40C88F3E3"?>
+        <?define rcm_leashdll_10_guid="E61875A4-F33C-419f-97B8-D2ACA3EBD4BB"?>
+        <?define rcm_leashdll_11_guid="3732992E-34C4-430a-B081-C8601BA44A61"?>
+        <?define rcm_leashdll_12_guid="2237072A-1955-4ca4-ABB3-78037E16F696"?>
+        <?define rcm_leashdll_13_guid="6F626DB7-B0A6-4c1d-889E-A2DA742DFC4B"?>
+        <?define rcm_leashdll_14_guid="109674B4-7390-49cc-9DB1-B9402E4C5645"?>
+        <?define rcm_leashdll_15_guid="8AC8500D-2279-4a3c-82E9-4C0ED79A6EFC"?>
+        <?define rcm_leashdll_16_guid="ED6BD7FE-7879-4da6-882D-98DEF6198F60"?>
+        <?define rcm_leashdll_17_guid="E5F8A4DF-442E-4d24-B5E2-9F36A4F7E15D"?>
+        <?define cmf_ms2mit_exe_guid="8AEC1FDA-4A45-4878-8C0B-465D46ACE306"?>
+        <?define cmf_mit2ms_exe_guid="3CE7BAE8-22DA-4911-B370-4C700861BDFD"?>
+        <?define cmf_xpprof64_dll_guid="B1112677-50A4-4430-846B-F824C859E3DF"?>
+        <?define cmf_xpprof64_dll_name="xpprof64.dll"?>
+        <?define cmf_spake64_dll_guid="0E97B52A-EC8E-494C-BF5D-83AAACFEFDBA"?>
+        <?define cmf_spake64_dll_name="spake64.dll"?>
+        <?define cmf_nidmgr32_dll_guid="8538212A-9BD5-4d62-BF29-36D853385F0A"?>
+        <?define cmf_nidmgr32_dll_name="nidmgr64.dll"?>
+        <?define cmf_nidmgr32_dll_w2k_guid="01655D48-C596-48f8-A0C3-5DB3FC833444"?>
+        <?define cmf_krb5cred_dll_guid="CC182AB1-E333-4501-8DEA-5A8D4FD36D0D"?>
+        <?define cmf_krb5cred_dll_name="krb5cred.dll"?>
+        <?define cmf_krb5cred_en_us_dll_guid="223B7E9D-290F-40b8-89B3-F8337A8E082D"?>
+        <?define cmf_krb5cred_en_us_dll_name="krb5cred_en_us.dll"?>
+        <?define cmf_bin_debug_guid="F3432C85-89D9-4bd6-BD82-4ED49A118338"?>
+        <?define cmf_preauth_debug_guid="53491A4E-CB96-44D9-9B92-4ADF37C3A2D6"?>
+<?elseif $(sys.BUILDARCH) = "x86"?>
+        <?define UpgradeCode="61211594-AAA1-4A98-A299-757326763CC7"?>
+        <?define PISystemFolder="SystemFolder"?>
+        <?define PIProgramFilesFolder="ProgramFilesFolder"?>
+
+        <?define cmf_kfwlogon_DLL_guid="2F104FEB-2D61-458A-BAE3-B153F151E728"?>
+        <?define cmf_kfwcpcc_EXE_guid="C3284E7A-3665-45A6-B64E-C909B1D1BAA6"?>
+        <?define cmp_ClientSystemDebug_guid="2D13ED48-53C2-4878-B196-2AD7F4100998"?>
+        <?define rcm_krb5_1_guid="E190F8B9-51FA-4FB1-884C-C8AFA37F8653"?>
+        <?define rcm_krb5_2_guid="AE7D4305-6193-4094-8C82-73862AE01DCE"?>
+        <?define rcm_krb5_3_guid="853EE035-99AA-489A-8FB6-74C76624E92A"?>
+        <?define cmf_gss_exe_guid="8CAF09C4-68A2-46DC-A618-AEF16D832E54"?>
+        <?define cmf_gss_client_exe_guid="983E0887-0C8B-49AB-8F59-DFE3A4E45E89"?>
+        <?define cmf_gss_server_exe_guid="B165FE41-D0DD-4DFC-92E6-A99ADA23BE8B"?>
+        <?define cmf_k524init_exe_guid="20BE4EA5-C465-4AF3-9A4F-BB80934167E3"?>
+        <?define cmf_kclnt32_dll_guid="D396C1E7-080E-49F5-92BA-73BCEDF09C8E"?>
+        <?define cmf_kclnt32_dll_name="kclnt32.dll"?>
+        <?define cmf_kdestroy_exe_guid="D1E9C111-7760-4EE6-86CF-D4B4064B0ABA"?>
+        <?define cmf_kcpytkt_exe_guid="6B20E57C-0033-4dcf-B3C9-74ED0B2CF46E"?>
+        <?define cmf_kdeltkt_exe_guid="C7528C87-9B61-439a-8EA8-AD4BE3D758F9"?>
+        <?define cmf_kinit_exe_guid="80643A09-EF28-4714-BC62-B64FC5B17CAA"?>
+        <?define cmf_klist_exe_guid="24FB6003-BC7A-4BF1-9503-82D398EC02D7"?>
+        <?define cmf_kpasswd_exe_guid="3FA4AB96-FF12-460A-814E-3380E220787C"?>
+        <?define cmf_kswitch_exe_guid="C1A575D3-DEF3-4fce-861E-9C6BA7F93072"?>
+        <?define cmf_kvno_exe_guid="7759D524-1F88-4483-975F-DDD33A511512"?>
+        <?define cmf_krb524_dll_guid="98685874-A9AA-4BC5-9830-271D9CF52C17"?>
+        <?define cmf_krb524_dll_name="krb524.dll"?>
+        <?define cmf_ccapiserver_exe_guid="7D5F0817-DACF-4B54-BB8D-94DD63626DB5"?>
+        <?define cmf_ccapiserver_exe_name="ccapiserver.exe"?>
+        <?define cmf_krbv4w32_dll_guid="DFA23F6C-5297-4876-AF52-6F7CF2CB34AC"?>
+        <?define cmf_krbv4w32_dll_name="krbv4w32.dll"?>
+        <?define cmf_leash_exe_guid="990D5F6B-4CEE-4706-96F4-F7AF12F97DF7"?>
+        <?define csc_leash_exe_guid="8A096700-47B1-4A0B-B7B5-44F75086DEAE"?>
+        <?define rcm_leash_1_guid="B91648A0-26F7-43BB-A954-202FF3811E3C"?>
+        <?define rcm_leash_2_guid="0D8DCC52-F855-4C46-86A1-198E6EE0CB8A"?>
+        <?define rcm_leash_3_guid="9610A7E3-251F-4286-B776-1C3AF5DE7815"?>
+        <?define rcm_leash_4_guid="815AED84-2437-4EBC-B561-F847833DB3A5"?>
+        <?define rcm_leash_5_guid="A0D3D75F-762E-4D5C-909B-53E7396CEDB6"?>
+        <?define csc_LeashStartup_guid="0DF73BCD-F34E-4B01-AA71-0EE08EB62F70"?>
+        <?define cmf_leash32_hlp_guid="919616D6-1605-4A79-8E33-C18A0D0F25E3"?>
+        <?define cmf_leash32_chm_guid="C50E5E0A-B822-4419-855B-1713637BCA6A"?>
+        <?define rcm_leashdll_1_guid="54C949DA-AF1E-4412-81AF-F502BD5904D2"?>
+        <?define rcm_leashdll_2_guid="9B553794-45E7-49FB-B6D9-1C3C9BB6E00D"?>
+        <?define rcm_leashdll_3_guid="E3D1284C-17F6-41E3-9AA7-2ED05432060F"?>
+        <?define rcm_leashdll_4_guid="A02831D5-48B2-4E82-A670-EDCEBC197273"?>
+        <?define rcm_leashdll_5_guid="5FDB0C01-6668-43E3-9C83-2CD364D97BF3"?>
+        <?define rcm_leashdll_6_guid="999BD59C-5C1E-446E-9D38-F4E26DD27D09"?>
+        <?define rcm_leashdll_7_guid="C908AA17-DD21-4193-BA1D-535A2FD3D803"?>
+        <?define rcm_leashdll_8_guid="02926245-2327-46F9-AEF6-89E2DB0D90E1"?>
+        <?define rcm_leashdll_9_guid="B45BBA29-7A67-4FF7-AAA4-80044D46C451"?>
+        <?define rcm_leashdll_10_guid="1DDC4D78-BDB4-48CD-A4E9-024FA9706100"?>
+        <?define rcm_leashdll_11_guid="39134333-58C7-4C6B-B690-2322D3AE928A"?>
+        <?define rcm_leashdll_12_guid="BBB6F5C3-290F-4A21-A630-E8630C6EAB67"?>
+        <?define rcm_leashdll_13_guid="0F86A73E-DB31-45E7-9156-BE0EC99076A7"?>
+        <?define rcm_leashdll_14_guid="FE0F06A2-62E7-46C1-9BFF-337C50DB78C7"?>
+        <?define rcm_leashdll_15_guid="2DAC4693-6435-4278-A584-3D2B74BE87D5"?>
+        <?define rcm_leashdll_16_guid="FE3DDD47-CCDE-44F8-8C86-97F2C3545443"?>
+        <?define rcm_leashdll_17_guid="1B685E1B-32F2-49A5-9B7D-4288741A2C17"?>
+        <?define cmf_ms2mit_exe_guid="63D189DC-5EE4-49E2-B5E9-6E74A28602C8"?>
+        <?define cmf_mit2ms_exe_guid="4F487781-5B55-48c1-A3FA-8BC6ECA4FEA1"?>
+        <?define cmf_krb5cred_dll_guid="27A7723A-F0D9-4F06-892C-54F0AC6014C3"?>
+        <?define cmf_krb5cred_dll_name="krb5cred.dll"?>
+        <?define cmf_krb5cred_en_us_dll_guid="EA9ABE05-A85B-43BB-8741-50D3C3128632"?>
+        <?define cmf_krb5cred_en_us_dll_name="krb5cred_en_us.dll"?>
+        <?define cmf_bin_debug_guid="C8468854-8261-4781-8119-A612636841E3"?>
+        <?define cmf_preauth_debug_guid="169C0A38-EB79-4AA9-B78B-998B55084ECD"?>
+<?else?>
+        <?error Unknown platform?>
+<?endif?>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/property.wxi b/krb5-1.21.3/src/windows/installer/wix/property.wxi
new file mode 100644
index 00000000..6c362f90
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/property.wxi
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+
+  Copyright (C) 2004, 2005, 2006 by the Massachusetts Institute of Technology.
+  Copyright (C) 2007 Secure Endpoints Inc.
+  All rights reserved.
+ 
+  Export of this software from the United States of America may
+    require a specific license from the United States Government.
+    It is the responsibility of any person or organization contemplating
+    export to obtain such a license before exporting.
+ 
+  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+  distribute this software and its documentation for any purpose and
+  without fee is hereby granted, provided that the above copyright
+  notice appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation, and that
+  the name of M.I.T. not be used in advertising or publicity pertaining
+  to distribution of the software without specific, written prior
+  permission.  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. makes no representations about the suitability of
+  this software for any purpose.  It is provided "as is" without express
+  or implied warranty.
+  
+  -->
+<Include xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
+
+    <!-- Important:  This product should only be installed in all-user mode -->
+    <Property Id="ALLUSERS">1</Property>
+
+    <Property Id="LEASHAUTOINIT" Admin="yes" Secure="yes">-autoinit</Property>
+    <Property Id="LEASHAUTOSTART" Admin="yes" Secure="yes">1</Property>
+    
+    <Property Id="ARPCOMMENTS">$(var.ARPComments)</Property>
+    <Property Id="ARPCONTACT">kerberos@mit.edu</Property>
+    <Property Id="ARPURLINFOABOUT">https://web.mit.edu/kerberos</Property>
+    <Property Id="ARPHELPLINK">https://web.mit.edu/kerberos</Property>
+    <Property Id="INSTALLLEVEL">50</Property>
+    <Property Id="ComponentDownload">https://web.mit.edu/kerberos</Property>
+
+    <Property Id="UPGRADENSIS">
+        <RegistrySearch Win64="no" Id="regsrch_NSIS" Root="HKLM" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\Kerberos for Windows" Name="UninstallString" Type="raw"/>
+    </Property>
+    
+    <Property Id="NSISVERSION">
+        <RegistrySearch Win64="no" Id="regsrch_NSISV" Root="HKLM" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\Kerberos for Windows" Name="DisplayVersion" Type="raw" />
+    </Property>
+
+    <Property Id="CantRemoveNSISError">!(loc.CantRemoveNSIS)</Property>
+    <Property Id="NoIE501Error">!(loc.IE501Required)</Property>
+
+    <!--  Additional properties relating to the UI are in the appropriate UI.wxi file -->
+    
+    <!-- Configuration properties.  If these properties are defined, then
+         the corresponding component will be enabled. If the corresponding
+         variable value is the empty string (""), then the properties will
+         not be defined. -->
+<?ifdef UseDefaultProperties?>
+    <Property Id="LEASHCREATEMISSINGCONFIG" Admin="yes" Secure="yes">$(var.LeashCreateMissingConfig)</Property>
+    <Property Id="LEASHAUTORENEWTICKETS" Admin="yes" Secure="yes">$(var.LeashAutoRenewTickets)</Property>
+    <Property Id="LEASHLIFETIME" Admin="yes" Secure="yes">$(var.LeashLifetime)</Property>
+    <Property Id="LEASHRENEWTILL" Admin="yes" Secure="yes">$(var.LeashRenewTill)</Property>
+    <Property Id="LEASHRENEWABLE" Admin="yes" Secure="yes">$(var.LeashRenewable)</Property>
+    <Property Id="LEASHFORWARDABLE" Admin="yes" Secure="yes">$(var.LeashForwardable)</Property>
+    <Property Id="LEASHNOADDRESSES" Admin="yes" Secure="yes">$(var.LeashNoAddresses)</Property>
+    <Property Id="LEASHPROXIABLE" Admin="yes" Secure="yes">$(var.LeashProxiable)</Property>
+    <Property Id="LEASHPUBLICIP" Admin="yes" Secure="yes">$(var.LeashPublicIp)</Property>
+    <Property Id="LEASHHIDEKINITOPTIONS" Admin="yes" Secure="yes">$(var.LeashHideKinitOptions)</Property>
+    <Property Id="LEASHLIFEMIN" Admin="yes" Secure="yes">$(var.LeashLifeMin)</Property>
+    <Property Id="LEASHLIFEMAX" Admin="yes" Secure="yes">$(var.LeashLifeMax)</Property>
+    <Property Id="LEASHRENEWMIN" Admin="yes" Secure="yes">$(var.LeashRenewMin)</Property>
+    <Property Id="LEASHRENEWMAX" Admin="yes" Secure="yes">$(var.LeashRenewMax)</Property>
+    <Property Id="LEASHUPPERCASEREALM" Admin="yes" Secure="yes">$(var.LeashUppercaseRealm)</Property>
+    <Property Id="LEASHTIMEHOST" Admin="yes" Secure="yes">$(var.LeashTimeHost)</Property>
+    <Property Id="LEASHPRESERVEKINITOPTIONS" Admin="yes" Secure="yes">$(var.LeashPreserveKinitOptions)</Property>
+    <Property Id="KRB5CONFIG" Admin="yes" Secure="yes">$(var.Krb5Config)</Property>
+    <Property Id="KRB5CCNAME" Admin="yes" Secure="yes">$(var.Krb5CcName)</Property>
+    <Property Id="KRB5PRESERVEIDENTITY" Admin="yes" Secure="yes">$(var.Krb5PreserveIdentity)</Property>
+<?endif?>
+<?ifdef UseLeash?>
+    <Property Id="USELEASH" Admin="yes" Secure="yes">$(var.UseLeash)</Property>
+<?endif?>
+<?ifdef UseNetIDMgr?>
+    <Property Id="USENETIDMGR" Admin="yes" Secure="yes">$(var.UseNetIDMgr)</Property>
+<?endif?>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/runtime.wxi b/krb5-1.21.3/src/windows/installer/wix/runtime.wxi
new file mode 100644
index 00000000..3d5c1dfe
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/runtime.wxi
@@ -0,0 +1,17 @@
+<?xml version="1.0"?> 
+<Include>
+    <?ifdef CL1600 ?>
+      <?if $(sys.BUILDARCH) = "x64" ?>
+        <MergeRef Id="MSVCRT$(var.VCVer)MEM64"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MFC64"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MFL64"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MEM86"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MFC86"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MFL86"/>
+      <?else?>
+        <MergeRef Id="MSVCRT$(var.VCVer)MEM86"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MFC86"/>
+        <MergeRef Id="MSVCRT$(var.VCVer)MFL86"/>
+      <?endif?>
+    <?endif?>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/runtime_debug.wxi b/krb5-1.21.3/src/windows/installer/wix/runtime_debug.wxi
new file mode 100644
index 00000000..30bc566e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/runtime_debug.wxi
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<Include>
+  <?ifdef Debug?>
+    <?ifdef CL1310 ?>
+        <ComponentRef Id="cmf_runtime_debug1310" />
+    <?endif?>
+    <?ifdef CL1300 ?>
+        <ComponentRef Id="cmf_runtime_debug1300" />
+    <?endif?>
+    <?ifdef CL1200 ?>
+        <ComponentRef Id="cmf_runtime_debug1200" />
+    <?endif?>
+  <?endif?>
+</Include>
diff --git a/krb5-1.21.3/src/windows/installer/wix/site-local.wxi b/krb5-1.21.3/src/windows/installer/wix/site-local.wxi
new file mode 100644
index 00000000..86afc006
--- /dev/null
+++ b/krb5-1.21.3/src/windows/installer/wix/site-local.wxi
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Include xmlns="http://schemas.microsoft.com/wix/2003/01/wi">
+
+    <!-- User configurable options -->
+
+    <!-- Items enclosed in double percent marks will be substituted by
+        the build script. -->
+
+    <!-- TargetDir should point to build target directory and must end with
+         a backslash.  If not specified, assume we are in TargetDir\install -->
+
+    <!-- <?define TargetDir="%TARGETDIR%\"?> -->
+
+    <!-- ConfigDir should point to directory containing configuration files
+         (krb5.ini, krb.con, krbrealm.con) to be bundled with the installer.
+         The directory name should end with a backslash. -->
+
+    <!-- <?define ConfigDir="%CONFIGDIR-WIX%\"?> -->
+
+    <!-- VersionMajor, VersionMinor and VersionPatch must all be specified, or
+         none should be specified (in which case, the defaults will be
+         selected below. -->
+
+    <!-- version defs go here -->
+    <!--    <?define VersionMajor="%VERSION_MAJOR%"?>
+        <?define VersionMinor="%VERSION_MINOR%"?>
+        <?define VersionPatch="%VERSION_PATCH%"?> -->
+
+    <!-- BuildLang is the language code for the installation.  If you are
+         changing this, you should also change the ProductCode below. -->
+    <?ifndef BuildLang?>
+        <?define BuildLang="1033"?>
+    <?endif?>
+
+    <!-- ProductCode is an uppercase GUID.  Each release should have its
+         own ProductCode.  If one is not defined, we generate a random one. -->
+    <?ifndef ProductCode?>
+        <?define ProductCode="????????-????-????-????-????????????"?>
+    <?endif?>
+
+    <!-- One of the following must be defined and must correspond to the
+         version of compiler used for building Kerberos for Windows -->
+
+    <!-- <?define CL1200?> -->
+    <!-- <?define CL1300?> -->
+    <!-- <?define CL1310?> -->
+    <!-- <?define CL1400?> -->
+    <?define CL1600?>
+
+    <!-- At most one of the following could be defined and must correspond
+         to the type of build performed. -->
+    <?define Release?>
+
+    <!-- Optional defines -->
+    <?define Beta="1"?> <!-- Numeric Beta identifier -->
+    <!-- <?define OldHelp?> --> <!-- Specifies the use of the old leash32.hlp file
+                           instead of the new leash32.chm file -->
+
+
+    <!-- End of user configurable options -->
+
+    <!-- Assert that required options are defined, or select defaults if
+         they weren't -->
+
+    <?ifndef TargetDir?>
+        <?define TargetDir="$(sys.SOURCEFILEDIR)..\..\..\"?>
+    <?endif?>
+
+    <?ifndef VersionMajor?>
+        <?define VersionMajor="4"?>
+        <?define VersionMinor="3"?>
+        <?define VersionPatch="0"?>
+    <?else?>
+        <?if Not ($(var.VersionMinor) And $(var.VersionPatch))?>
+            <?error VersionMajor, VersionMinor and VersionPatch should be specified together?>
+        <?endif?>
+    <?endif?>
+
+    <?ifndef ProductCode?>
+        <?error Must define ProductCode?>
+    <?endif?>
+
+    <?ifndef BuildLang?>
+        <?error Must define BuildLang?>
+    <?endif?>
+
+    <!-- The build makefile defines 'Date' and 'Time' which are strings that
+         identify the time at which the build was performed. -->
+</Include>
diff --git a/krb5-1.21.3/src/windows/kerberos.ver b/krb5-1.21.3/src/windows/kerberos.ver
new file mode 100644
index 00000000..03cb0464
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kerberos.ver
@@ -0,0 +1,58 @@
+/* kerberos.ver. This is similar to patchlevel.h, but version numbers are independent */
+/*
+ * Copyright (C) 2004-2011 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This is the master file for version stamping purposes.  The
+ * checked-in version will contain the correct version information at
+ * all times.  Prior to an official release x.y.z,
+ * KRB5_MAJOR_RELEASE=x, KRB5_MINOR_RELEASE=y, and KRB5_PATCHLEVEL=z.
+ * KRB5_RELTAIL will reflect the release state.  It will be
+ * "prerelease" for unreleased code either on the trunk or on a
+ * release branch.  It will be undefined for a final release.
+ *
+ * Immediately following a final release, the release version numbers
+ * will be incremented, and KRB5_RELTAIL will revert to "prerelease".
+ *
+ * KRB5_RELTAG contains the CVS tag name corresponding to the release.
+ * KRB5_RELDATE identifies the date of the release.  They should
+ * normally be undefined for checked-in code.
+ */
+
+/*
+ * ==========
+ * IMPORTANT:
+ * ==========
+ *
+ * If you are a vendor supplying modified code derived from MIT
+ * Kerberos, you SHOULD update KRB5_RELTAIL to identify your
+ * organization.
+ */
+#define KRB5_MAJOR_RELEASE 4
+#define KRB5_MINOR_RELEASE 3
+#define KRB5_PATCHLEVEL 0
+#define KRB5_RELTAIL "beta1"
+/* #undef KRB5_RELDATE */
+
+#define KRB5_PRODUCTNAME_STR "MIT Kerberos for Windows"
diff --git a/krb5-1.21.3/src/windows/kfwlogon/Makefile.in b/krb5-1.21.3/src/windows/kfwlogon/Makefile.in
new file mode 100644
index 00000000..d5ebe2bf
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kfwlogon/Makefile.in
@@ -0,0 +1,50 @@
+# Makefile for the KFW Network Provider
+#
+
+mydir=.
+BUILDTOP=$(REL)..$(S)..
+LOCALINCLUDES = -I$(BUILDTOP) -I$(BUILDTOP)\include -I$(BUILDTOP)\windows\include
+PROG_LIBPATH=-L$(TOPLIBD) -L$(KRB5_LIBDIR)
+
+!if defined(VISUALSTUDIOVERSION)
+!if $(VISUALSTUDIOVERSION:.=) >= 140
+!ifdef NODEBUG
+WINCRTEXTRA = ucrt.lib vcruntime.lib
+!else
+WINCRTEXTRA = ucrtd.lib vcruntimed.lib
+!endif
+!endif
+!endif
+SYSLIBS = kernel32.lib user32.lib advapi32.lib wsock32.lib secur32.lib userenv.lib $(WINCRTEXTRA)
+
+VERSIONRC = $(BUILDTOP)\windows\version.rc
+RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+KFWLOGON=$(OUTPRE)kfwlogon.dll
+KFWCPCC=$(OUTPRE)kfwcpcc.exe
+
+LIBRES=$(KFWLOGON:.dll=.res)
+EXERES=$(KFWCPCC:.exe=.res)
+
+$(LIBRES): $(VERSIONRC)
+        $(RC) $(RCFLAGS) -DKFWLOGON_LIB -fo $@ -r $**
+$(EXERES): $(VERSIONRC)
+        $(RC) $(RCFLAGS) -DKFWCPCC_APP -fo $@ -r $**
+
+all-windows: $(OUTPRE)kfwlogon.dll $(OUTPRE)kfwcpcc.exe
+
+$(KFWLOGON): $(OUTPRE)kfwlogon.obj $(OUTPRE)kfwcommon.obj $(LIBRES)
+    link $(DLL_LINKOPTS) -out:$@ $(OUTPRE)kfwlogon.obj $(OUTPRE)kfwcommon.obj -entry:DllEntryPoint -def:kfwlogon.def $(SYSLIBS) $(KLIB) $(CLIB) ../lib/$(OUTPRE)libwin.lib $(LIBRES)
+    $(_VC_MANIFEST_EMBED_DLL)
+
+$(KFWCPCC): $(OUTPRE)kfwcpcc.obj $(OUTPRE)kfwcommon.obj $(EXERES)
+    link $(EXE_LINKOPTS) -out:$@ $(OUTPRE)kfwcpcc.obj $(OUTPRE)kfwcommon.obj $(SYSLIBS) $(KLIB) $(CLIB) ../lib/$(OUTPRE)libwin.lib $(EXERES)
+    $(_VC_MANIFEST_EMBED_EXE)
+
+install:
+        copy $(OUTPRE)kfwlogon.dll $(DESTDIR)
+        copy $(OUTPRE)kfwcpcc.exe  $(DESTDIR)
+
+clean:
+        $(RM) $(OUTPRE)*.exe $(OUTPRE)*.dll $(OUTPRE)*.res
+
diff --git a/krb5-1.21.3/src/windows/kfwlogon/kfwcommon.c b/krb5-1.21.3/src/windows/kfwlogon/kfwcommon.c
new file mode 100644
index 00000000..9249a237
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kfwlogon/kfwcommon.c
@@ -0,0 +1,1281 @@
+/*
+Copyright 2005,2006 by the Massachusetts Institute of Technology
+Copyright 2007 by Secure Endpoints Inc.
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of the Massachusetts
+Institute of Technology (M.I.T.) not be used in advertising or publicity
+pertaining to distribution of the software without specific, written
+prior permission.
+
+M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+*/
+
+#include "kfwlogon.h"
+#include <windows.h>
+#include <Aclapi.h>
+#include <userenv.h>
+#include <Sddl.h>
+
+#include <io.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+
+#include <winsock2.h>
+#include <lm.h>
+#include <nb30.h>
+
+#include <errno.h>
+#include <malloc.h>
+
+
+/* Function Pointer Declarations for Delayed Loading */
+// CCAPI
+DECL_FUNC_PTR(cc_initialize);
+DECL_FUNC_PTR(cc_shutdown);
+DECL_FUNC_PTR(cc_get_NC_info);
+DECL_FUNC_PTR(cc_free_NC_info);
+
+// leash functions
+DECL_FUNC_PTR(Leash_get_default_lifetime);
+DECL_FUNC_PTR(Leash_get_default_forwardable);
+DECL_FUNC_PTR(Leash_get_default_renew_till);
+DECL_FUNC_PTR(Leash_get_default_noaddresses);
+DECL_FUNC_PTR(Leash_get_default_proxiable);
+DECL_FUNC_PTR(Leash_get_default_publicip);
+DECL_FUNC_PTR(Leash_get_default_life_min);
+DECL_FUNC_PTR(Leash_get_default_life_max);
+DECL_FUNC_PTR(Leash_get_default_renew_min);
+DECL_FUNC_PTR(Leash_get_default_renew_max);
+DECL_FUNC_PTR(Leash_get_default_renewable);
+DECL_FUNC_PTR(Leash_get_default_mslsa_import);
+
+// krb5 functions
+DECL_FUNC_PTR(krb5_change_password);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
+DECL_FUNC_PTR(krb5_get_init_creds_password);
+DECL_FUNC_PTR(krb5_build_principal_ext);
+DECL_FUNC_PTR(krb5_cc_get_name);
+DECL_FUNC_PTR(krb5_cc_resolve);
+DECL_FUNC_PTR(krb5_cc_default);
+DECL_FUNC_PTR(krb5_cc_default_name);
+DECL_FUNC_PTR(krb5_cc_set_default_name);
+DECL_FUNC_PTR(krb5_cc_initialize);
+DECL_FUNC_PTR(krb5_cc_destroy);
+DECL_FUNC_PTR(krb5_cc_close);
+DECL_FUNC_PTR(krb5_cc_store_cred);
+DECL_FUNC_PTR(krb5_cc_copy_creds);
+DECL_FUNC_PTR(krb5_cc_retrieve_cred);
+DECL_FUNC_PTR(krb5_cc_get_principal);
+DECL_FUNC_PTR(krb5_cc_start_seq_get);
+DECL_FUNC_PTR(krb5_cc_next_cred);
+DECL_FUNC_PTR(krb5_cc_end_seq_get);
+DECL_FUNC_PTR(krb5_cc_remove_cred);
+DECL_FUNC_PTR(krb5_cc_set_flags);
+DECL_FUNC_PTR(krb5_cc_get_type);
+DECL_FUNC_PTR(krb5_free_context);
+DECL_FUNC_PTR(krb5_free_cred_contents);
+DECL_FUNC_PTR(krb5_free_principal);
+DECL_FUNC_PTR(krb5_get_in_tkt_with_password);
+DECL_FUNC_PTR(krb5_init_context);
+DECL_FUNC_PTR(krb5_parse_name);
+DECL_FUNC_PTR(krb5_timeofday);
+DECL_FUNC_PTR(krb5_timestamp_to_sfstring);
+DECL_FUNC_PTR(krb5_unparse_name);
+DECL_FUNC_PTR(krb5_get_credentials);
+DECL_FUNC_PTR(krb5_mk_req);
+DECL_FUNC_PTR(krb5_sname_to_principal);
+DECL_FUNC_PTR(krb5_get_credentials_renew);
+DECL_FUNC_PTR(krb5_free_data);
+DECL_FUNC_PTR(krb5_free_data_contents);
+DECL_FUNC_PTR(krb5_free_unparsed_name);
+DECL_FUNC_PTR(krb5_os_localaddr);
+DECL_FUNC_PTR(krb5_copy_keyblock_contents);
+DECL_FUNC_PTR(krb5_copy_data);
+DECL_FUNC_PTR(krb5_free_creds);
+DECL_FUNC_PTR(krb5_build_principal);
+DECL_FUNC_PTR(krb5_get_renewed_creds);
+DECL_FUNC_PTR(krb5_get_default_config_files);
+DECL_FUNC_PTR(krb5_free_config_files);
+DECL_FUNC_PTR(krb5_get_default_realm);
+DECL_FUNC_PTR(krb5_free_default_realm);
+DECL_FUNC_PTR(krb5_free_ticket);
+DECL_FUNC_PTR(krb5_decode_ticket);
+DECL_FUNC_PTR(krb5_get_host_realm);
+DECL_FUNC_PTR(krb5_free_host_realm);
+DECL_FUNC_PTR(krb5_free_addresses);
+DECL_FUNC_PTR(krb5_c_random_make_octets);
+
+// ComErr functions
+DECL_FUNC_PTR(com_err);
+DECL_FUNC_PTR(error_message);
+
+// Profile functions
+DECL_FUNC_PTR(profile_init);
+DECL_FUNC_PTR(profile_release);
+DECL_FUNC_PTR(profile_get_subsection_names);
+DECL_FUNC_PTR(profile_free_list);
+DECL_FUNC_PTR(profile_get_string);
+DECL_FUNC_PTR(profile_release_string);
+
+// Service functions
+DECL_FUNC_PTR(OpenSCManagerA);
+DECL_FUNC_PTR(OpenServiceA);
+DECL_FUNC_PTR(QueryServiceStatus);
+DECL_FUNC_PTR(CloseServiceHandle);
+DECL_FUNC_PTR(LsaNtStatusToWinError);
+
+// LSA Functions
+DECL_FUNC_PTR(LsaConnectUntrusted);
+DECL_FUNC_PTR(LsaLookupAuthenticationPackage);
+DECL_FUNC_PTR(LsaCallAuthenticationPackage);
+DECL_FUNC_PTR(LsaFreeReturnBuffer);
+DECL_FUNC_PTR(LsaGetLogonSessionData);
+
+// CCAPI
+FUNC_INFO ccapi_fi[] = {
+    MAKE_FUNC_INFO(cc_initialize),
+    MAKE_FUNC_INFO(cc_shutdown),
+    MAKE_FUNC_INFO(cc_get_NC_info),
+    MAKE_FUNC_INFO(cc_free_NC_info),
+    END_FUNC_INFO
+};
+
+FUNC_INFO leash_fi[] = {
+    MAKE_FUNC_INFO(Leash_get_default_lifetime),
+    MAKE_FUNC_INFO(Leash_get_default_renew_till),
+    MAKE_FUNC_INFO(Leash_get_default_forwardable),
+    MAKE_FUNC_INFO(Leash_get_default_noaddresses),
+    MAKE_FUNC_INFO(Leash_get_default_proxiable),
+    MAKE_FUNC_INFO(Leash_get_default_publicip),
+    MAKE_FUNC_INFO(Leash_get_default_life_min),
+    MAKE_FUNC_INFO(Leash_get_default_life_max),
+    MAKE_FUNC_INFO(Leash_get_default_renew_min),
+    MAKE_FUNC_INFO(Leash_get_default_renew_max),
+    MAKE_FUNC_INFO(Leash_get_default_renewable),
+    END_FUNC_INFO
+};
+
+FUNC_INFO leash_opt_fi[] = {
+    MAKE_FUNC_INFO(Leash_get_default_mslsa_import),
+    END_FUNC_INFO
+};
+
+FUNC_INFO k5_fi[] = {
+    MAKE_FUNC_INFO(krb5_change_password),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
+    MAKE_FUNC_INFO(krb5_get_init_creds_password),
+    MAKE_FUNC_INFO(krb5_build_principal_ext),
+    MAKE_FUNC_INFO(krb5_cc_get_name),
+    MAKE_FUNC_INFO(krb5_cc_resolve),
+    MAKE_FUNC_INFO(krb5_cc_default),
+    MAKE_FUNC_INFO(krb5_cc_default_name),
+    MAKE_FUNC_INFO(krb5_cc_set_default_name),
+    MAKE_FUNC_INFO(krb5_cc_initialize),
+    MAKE_FUNC_INFO(krb5_cc_destroy),
+    MAKE_FUNC_INFO(krb5_cc_close),
+    MAKE_FUNC_INFO(krb5_cc_copy_creds),
+    MAKE_FUNC_INFO(krb5_cc_store_cred),
+    MAKE_FUNC_INFO(krb5_cc_retrieve_cred),
+    MAKE_FUNC_INFO(krb5_cc_get_principal),
+    MAKE_FUNC_INFO(krb5_cc_start_seq_get),
+    MAKE_FUNC_INFO(krb5_cc_next_cred),
+    MAKE_FUNC_INFO(krb5_cc_end_seq_get),
+    MAKE_FUNC_INFO(krb5_cc_remove_cred),
+    MAKE_FUNC_INFO(krb5_cc_set_flags),
+    MAKE_FUNC_INFO(krb5_cc_get_type),
+    MAKE_FUNC_INFO(krb5_free_context),
+    MAKE_FUNC_INFO(krb5_free_cred_contents),
+    MAKE_FUNC_INFO(krb5_free_principal),
+    MAKE_FUNC_INFO(krb5_get_in_tkt_with_password),
+    MAKE_FUNC_INFO(krb5_init_context),
+    MAKE_FUNC_INFO(krb5_parse_name),
+    MAKE_FUNC_INFO(krb5_timeofday),
+    MAKE_FUNC_INFO(krb5_timestamp_to_sfstring),
+    MAKE_FUNC_INFO(krb5_unparse_name),
+    MAKE_FUNC_INFO(krb5_get_credentials),
+    MAKE_FUNC_INFO(krb5_mk_req),
+    MAKE_FUNC_INFO(krb5_sname_to_principal),
+    MAKE_FUNC_INFO(krb5_get_credentials_renew),
+    MAKE_FUNC_INFO(krb5_free_data),
+    MAKE_FUNC_INFO(krb5_free_data_contents),
+    MAKE_FUNC_INFO(krb5_free_unparsed_name),
+    MAKE_FUNC_INFO(krb5_os_localaddr),
+    MAKE_FUNC_INFO(krb5_copy_keyblock_contents),
+    MAKE_FUNC_INFO(krb5_copy_data),
+    MAKE_FUNC_INFO(krb5_free_creds),
+    MAKE_FUNC_INFO(krb5_build_principal),
+    MAKE_FUNC_INFO(krb5_get_renewed_creds),
+    MAKE_FUNC_INFO(krb5_free_addresses),
+    MAKE_FUNC_INFO(krb5_get_default_config_files),
+    MAKE_FUNC_INFO(krb5_free_config_files),
+    MAKE_FUNC_INFO(krb5_get_default_realm),
+    MAKE_FUNC_INFO(krb5_free_default_realm),
+    MAKE_FUNC_INFO(krb5_free_ticket),
+    MAKE_FUNC_INFO(krb5_decode_ticket),
+    MAKE_FUNC_INFO(krb5_get_host_realm),
+    MAKE_FUNC_INFO(krb5_free_host_realm),
+    MAKE_FUNC_INFO(krb5_free_addresses),
+    MAKE_FUNC_INFO(krb5_c_random_make_octets),
+    END_FUNC_INFO
+};
+
+FUNC_INFO profile_fi[] = {
+        MAKE_FUNC_INFO(profile_init),
+        MAKE_FUNC_INFO(profile_release),
+        MAKE_FUNC_INFO(profile_get_subsection_names),
+        MAKE_FUNC_INFO(profile_free_list),
+        MAKE_FUNC_INFO(profile_get_string),
+        MAKE_FUNC_INFO(profile_release_string),
+        END_FUNC_INFO
+};
+
+FUNC_INFO ce_fi[] = {
+    MAKE_FUNC_INFO(com_err),
+    MAKE_FUNC_INFO(error_message),
+    END_FUNC_INFO
+};
+
+FUNC_INFO service_fi[] = {
+    MAKE_FUNC_INFO(OpenSCManagerA),
+    MAKE_FUNC_INFO(OpenServiceA),
+    MAKE_FUNC_INFO(QueryServiceStatus),
+    MAKE_FUNC_INFO(CloseServiceHandle),
+    MAKE_FUNC_INFO(LsaNtStatusToWinError),
+    END_FUNC_INFO
+};
+
+FUNC_INFO lsa_fi[] = {
+    MAKE_FUNC_INFO(LsaConnectUntrusted),
+    MAKE_FUNC_INFO(LsaLookupAuthenticationPackage),
+    MAKE_FUNC_INFO(LsaCallAuthenticationPackage),
+    MAKE_FUNC_INFO(LsaFreeReturnBuffer),
+    MAKE_FUNC_INFO(LsaGetLogonSessionData),
+    END_FUNC_INFO
+};
+
+/* Static Declarations */
+static int       inited = 0;
+static HINSTANCE hKrb5 = 0;
+static HINSTANCE hKrb524 = 0;
+static HINSTANCE hSecur32 = 0;
+static HINSTANCE hAdvApi32 = 0;
+static HINSTANCE hComErr = 0;
+static HINSTANCE hService = 0;
+static HINSTANCE hProfile = 0;
+static HINSTANCE hLeash = 0;
+static HINSTANCE hLeashOpt = 0;
+static HINSTANCE hCCAPI = 0;
+
+static DWORD TraceOption = 0;
+static HANDLE hDLL;
+
+BOOL IsDebugLogging(void)
+{
+    DWORD LSPsize;
+    HKEY NPKey;
+    DWORD dwDebug = FALSE;
+
+    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+		     "System\\CurrentControlSet\\Services\\MIT Kerberos\\NetworkProvider",
+		     0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS)
+    {
+	LSPsize=sizeof(dwDebug);
+	if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS)
+	{
+	    dwDebug = FALSE;
+	}
+	RegCloseKey (NPKey);
+    }
+
+    return(dwDebug ? TRUE : FALSE);
+}
+
+void DebugEvent0(char *a)
+{
+    HANDLE h; char *ptbuf[1];
+
+    if (IsDebugLogging()) {
+	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
+	if (h) {
+            ptbuf[0] = a;
+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
+            DeregisterEventSource(h);
+        }
+    }
+}
+
+#define MAXBUF_ 512
+void DebugEvent(char *b,...)
+{
+    HANDLE h; char *ptbuf[1],buf[MAXBUF_+1];
+    va_list marker;
+
+    if (IsDebugLogging()) {
+	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
+        if (h) {
+            va_start(marker,b);
+            StringCbVPrintf(buf, MAXBUF_+1,b,marker);
+            buf[MAXBUF_] = '\0';
+            ptbuf[0] = buf;
+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
+            DeregisterEventSource(h);
+            va_end(marker);
+        }
+    }
+}
+
+static HANDLE hInitMutex = NULL;
+static BOOL bInit = FALSE;
+
+/* KFW_initialize cannot be called from DllEntryPoint */
+void
+KFW_initialize(void)
+{
+    static int inited = 0;
+
+    if ( !inited ) {
+        char mutexName[MAX_PATH];
+        HANDLE hMutex = NULL;
+
+        sprintf(mutexName, "AFS KFW Init pid=%d", getpid());
+
+        hMutex = CreateMutex( NULL, TRUE, mutexName );
+        if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+            if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
+                return;
+            }
+        }
+        if ( !inited ) {
+            inited = 1;
+            LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
+            LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
+            LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
+            LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
+            LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
+            LoadFuncs(LEASH_DLL, leash_fi, &hLeash, 0, 1, 0, 0);
+            LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0);
+            LoadFuncs(LEASH_DLL, leash_opt_fi, &hLeashOpt, 0, 1, 0, 0);
+        }
+        ReleaseMutex(hMutex);
+        CloseHandle(hMutex);
+    }
+}
+
+void
+KFW_cleanup(void)
+{
+    if (hLeashOpt)
+        FreeLibrary(hLeashOpt);
+    if (hCCAPI)
+        FreeLibrary(hCCAPI);
+    if (hLeash)
+        FreeLibrary(hLeash);
+    if (hKrb524)
+        FreeLibrary(hKrb524);
+    if (hSecur32)
+        FreeLibrary(hSecur32);
+    if (hService)
+        FreeLibrary(hService);
+    if (hComErr)
+        FreeLibrary(hComErr);
+    if (hProfile)
+        FreeLibrary(hProfile);
+    if (hKrb5)
+        FreeLibrary(hKrb5);
+}
+
+
+int
+KFW_is_available(void)
+{
+    KFW_initialize();
+    if ( hKrb5 && hComErr && hService &&
+#ifdef USE_MS2MIT
+         hSecur32 &&
+#endif /* USE_MS2MIT */
+         hProfile && hLeash && hCCAPI )
+        return TRUE;
+
+    return FALSE;
+}
+
+/* Given a principal return an existing ccache or create one and return */
+int
+KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc)
+{
+    krb5_context ctx;
+    char * pname = 0;
+    char * ccname = 0;
+    krb5_error_code code;
+
+    if (!pkrb5_init_context)
+        return 0;
+
+    if ( alt_ctx ) {
+        ctx = alt_ctx;
+    } else {
+        code = pkrb5_init_context(&ctx);
+        if (code) goto cleanup;
+    }
+
+    if ( principal ) {
+        code = pkrb5_unparse_name(ctx, principal, &pname);
+        if (code) goto cleanup;
+
+	ccname = (char *)malloc(strlen(pname) + 5);
+	sprintf(ccname,"API:%s",pname);
+
+	DebugEvent0(ccname);
+	code = pkrb5_cc_resolve(ctx, ccname, cc);
+    } else {
+        code = pkrb5_cc_default(ctx, cc);
+        if (code) goto cleanup;
+    }
+
+  cleanup:
+    if (ccname)
+        free(ccname);
+    if (pname)
+        pkrb5_free_unparsed_name(ctx,pname);
+    if (ctx && (ctx != alt_ctx))
+        pkrb5_free_context(ctx);
+    return(code);
+}
+
+
+int
+KFW_kinit( krb5_context alt_ctx,
+            krb5_ccache  alt_cc,
+            HWND hParent,
+            char *principal_name,
+            char *password,
+            krb5_deltat lifetime,
+            DWORD                       forwardable,
+            DWORD                       proxiable,
+            krb5_deltat                 renew_life,
+            DWORD                       addressless,
+            DWORD                       publicIP
+            )
+{
+    krb5_error_code		        code = 0;
+    krb5_context		        ctx = 0;
+    krb5_ccache			        cc = 0;
+    krb5_principal		        me = 0;
+    char*                       name = 0;
+    krb5_creds			        my_creds;
+    krb5_get_init_creds_opt     options;
+    krb5_address **             addrs = NULL;
+    int                         i = 0, addr_count = 0;
+
+    if (!pkrb5_init_context)
+        return 0;
+
+    pkrb5_get_init_creds_opt_init(&options);
+    memset(&my_creds, 0, sizeof(my_creds));
+
+    if (alt_ctx)
+    {
+        ctx = alt_ctx;
+    }
+    else
+    {
+        code = pkrb5_init_context(&ctx);
+        if (code) goto cleanup;
+    }
+
+    if ( alt_cc ) {
+        cc = alt_cc;
+    } else {
+        code = pkrb5_cc_default(ctx, &cc);
+        if (code) goto cleanup;
+    }
+
+    code = pkrb5_parse_name(ctx, principal_name, &me);
+    if (code)
+	goto cleanup;
+
+    code = pkrb5_unparse_name(ctx, me, &name);
+    if (code)
+	goto cleanup;
+
+    if (lifetime == 0)
+        lifetime = pLeash_get_default_lifetime();
+    lifetime *= 60;
+
+    if (renew_life > 0)
+	renew_life *= 60;
+
+    if (lifetime)
+        pkrb5_get_init_creds_opt_set_tkt_life(&options, lifetime);
+	pkrb5_get_init_creds_opt_set_forwardable(&options,
+                                                 forwardable ? 1 : 0);
+	pkrb5_get_init_creds_opt_set_proxiable(&options,
+                                               proxiable ? 1 : 0);
+	pkrb5_get_init_creds_opt_set_renew_life(&options,
+                                               renew_life);
+    if (addressless)
+        pkrb5_get_init_creds_opt_set_address_list(&options,NULL);
+    else {
+	if (publicIP)
+        {
+            // we are going to add the public IP address specified by the user
+            // to the list provided by the operating system
+            krb5_address ** local_addrs=NULL;
+            DWORD           netIPAddr;
+
+            pkrb5_os_localaddr(ctx, &local_addrs);
+            while ( local_addrs[i++] );
+            addr_count = i + 1;
+
+            addrs = (krb5_address **) malloc((addr_count+1) * sizeof(krb5_address *));
+            if ( !addrs ) {
+                pkrb5_free_addresses(ctx, local_addrs);
+                goto cleanup;
+            }
+            memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1));
+            i = 0;
+            while ( local_addrs[i] ) {
+                addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+                if (addrs[i] == NULL) {
+                    pkrb5_free_addresses(ctx, local_addrs);
+                    goto cleanup;
+                }
+
+                addrs[i]->magic = local_addrs[i]->magic;
+                addrs[i]->addrtype = local_addrs[i]->addrtype;
+                addrs[i]->length = local_addrs[i]->length;
+                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+                if (!addrs[i]->contents) {
+                    pkrb5_free_addresses(ctx, local_addrs);
+                    goto cleanup;
+                }
+
+                memcpy(addrs[i]->contents,local_addrs[i]->contents,
+                        local_addrs[i]->length);        /* safe */
+                i++;
+            }
+            pkrb5_free_addresses(ctx, local_addrs);
+
+            addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+            if (addrs[i] == NULL)
+                goto cleanup;
+
+            addrs[i]->magic = KV5M_ADDRESS;
+            addrs[i]->addrtype = AF_INET;
+            addrs[i]->length = 4;
+            addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+            if (!addrs[i]->contents)
+                goto cleanup;
+
+            netIPAddr = htonl(publicIP);
+            memcpy(addrs[i]->contents,&netIPAddr,4);
+
+            pkrb5_get_init_creds_opt_set_address_list(&options,addrs);
+
+        }
+    }
+
+    code = pkrb5_get_init_creds_password(ctx,
+                                       &my_creds,
+                                       me,
+                                       password, // password
+                                       NULL,     // no prompter
+                                       hParent, // prompter data
+                                       0, // start time
+                                       0, // service name
+                                       &options);
+    if (code)
+	goto cleanup;
+
+    code = pkrb5_cc_initialize(ctx, cc, me);
+    if (code)
+	goto cleanup;
+
+    code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
+    if (code)
+	goto cleanup;
+
+ cleanup:
+    if ( addrs ) {
+        for ( i=0;i<addr_count;i++ ) {
+            if ( addrs[i] ) {
+                if ( addrs[i]->contents )
+                    free(addrs[i]->contents);
+                free(addrs[i]);
+            }
+        }
+    }
+    if (my_creds.client == me)
+	my_creds.client = 0;
+    pkrb5_free_cred_contents(ctx, &my_creds);
+    if (name)
+        pkrb5_free_unparsed_name(ctx, name);
+    if (me)
+        pkrb5_free_principal(ctx, me);
+    if (cc && (cc != alt_cc))
+        pkrb5_cc_close(ctx, cc);
+    if (ctx && (ctx != alt_ctx))
+        pkrb5_free_context(ctx);
+    return(code);
+}
+
+
+int
+KFW_get_cred( char * username,
+	      char * password,
+	      int lifetime,
+	      char ** reasonP )
+{
+    krb5_context ctx = 0;
+    krb5_ccache cc = 0;
+    char * realm = 0;
+    krb5_principal principal = 0;
+    char * pname = 0;
+    krb5_error_code code;
+
+    if (!pkrb5_init_context || !username || !password || !password[0])
+        return 0;
+
+    DebugEvent0(username);
+
+    code = pkrb5_init_context(&ctx);
+    if ( code ) goto cleanup;
+
+    code = pkrb5_get_default_realm(ctx, &realm);
+
+    if (realm) {
+        pname = malloc(strlen(username) + strlen(realm) + 2);
+	if (!pname)
+	    goto cleanup;
+	strcpy(pname, username);
+	strcat(pname, "@");
+	strcat(pname, realm);
+    } else {
+	goto cleanup;
+    }
+
+    DebugEvent0(realm);
+    DebugEvent0(pname);
+
+    code = pkrb5_parse_name(ctx, pname, &principal);
+    if ( code ) goto cleanup;
+
+    DebugEvent0("parsed name");
+    code = KFW_get_ccache(ctx, principal, &cc);
+    if ( code ) goto cleanup;
+
+    DebugEvent0("got ccache");
+
+    if ( lifetime == 0 )
+        lifetime = pLeash_get_default_lifetime();
+
+    DebugEvent0("got lifetime");
+
+    code = KFW_kinit( ctx, cc, HWND_DESKTOP,
+		      pname,
+		      password,
+		      lifetime,
+		      pLeash_get_default_forwardable(),
+		      pLeash_get_default_proxiable(),
+		      pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0,
+		      pLeash_get_default_noaddresses(),
+		      pLeash_get_default_publicip());
+    DebugEvent0("kinit returned");
+    if ( code ) goto cleanup;
+
+  cleanup:
+    if ( pname )
+        free(pname);
+    if ( realm )
+	pkrb5_free_default_realm(ctx, realm);
+    if ( cc )
+        pkrb5_cc_close(ctx, cc);
+
+    if ( code && reasonP ) {
+        *reasonP = (char *)perror_message(code);
+    }
+    return(code);
+}
+
+int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)
+{
+    // SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY;
+    PSID pSystemSID = NULL;
+    DWORD SystemSIDlength = 0, UserSIDlength = 0;
+    PACL ccacheACL = NULL;
+    DWORD ccacheACLlength = 0;
+    PTOKEN_USER pTokenUser = NULL;
+    DWORD retLen;
+    DWORD gle;
+    int ret = 0;
+
+    if (!filename) {
+	DebugEvent0("KFW_set_ccache_dacl - invalid parms");
+	return 1;
+    }
+
+    DebugEvent0("KFW_set_ccache_dacl");
+
+    /* Get System SID */
+    if (!ConvertStringSidToSid("S-1-5-18", &pSystemSID)) {
+	DebugEvent("KFW_set_ccache_dacl - ConvertStringSidToSid GLE = 0x%x", GetLastError());
+	ret = 1;
+	goto cleanup;
+    }
+
+    /* Create ACL */
+    SystemSIDlength = GetLengthSid(pSystemSID);
+    ccacheACLlength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE)
+        + SystemSIDlength - sizeof(DWORD);
+
+    if (hUserToken) {
+	if (!GetTokenInformation(hUserToken, TokenUser, NULL, 0, &retLen))
+	{
+	    if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {
+		pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);
+
+		if (!GetTokenInformation(hUserToken, TokenUser, pTokenUser, retLen, &retLen))
+		{
+		    DebugEvent("GetTokenInformation failed: GLE = %lX", GetLastError());
+		}
+	    }
+	}
+
+	if (pTokenUser) {
+	    UserSIDlength = GetLengthSid(pTokenUser->User.Sid);
+
+	    ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength
+		- sizeof(DWORD);
+	}
+    }
+
+    ccacheACL = (PACL) LocalAlloc(LPTR, ccacheACLlength);
+    if (!ccacheACL) {
+	DebugEvent("KFW_set_ccache_dacl - LocalAlloc GLE = 0x%x", GetLastError());
+	ret = 1;
+	goto cleanup;
+    }
+
+    InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION);
+    AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,
+                         STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
+                         pSystemSID);
+    if (pTokenUser) {
+	AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,
+			     STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
+			     pTokenUser->User.Sid);
+	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
+				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
+				   NULL,
+				   NULL,
+				   ccacheACL,
+				   NULL)) {
+	    gle = GetLastError();
+	    DebugEvent("SetNamedSecurityInfo DACL (1) failed: GLE = 0x%lX", gle);
+	    if (gle != ERROR_NO_TOKEN)
+		ret = 1;
+	}
+	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
+				   OWNER_SECURITY_INFORMATION,
+				   pTokenUser->User.Sid,
+				   NULL,
+				   NULL,
+				   NULL)) {
+	    gle = GetLastError();
+	    DebugEvent("SetNamedSecurityInfo OWNER (2) failed: GLE = 0x%lX", gle);
+	    if (gle != ERROR_NO_TOKEN)
+		ret = 1;
+	}
+    } else {
+	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
+				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
+				   NULL,
+				   NULL,
+				   ccacheACL,
+				   NULL)) {
+	    gle = GetLastError();
+	    DebugEvent("SetNamedSecurityInfo DACL (3) failed: GLE = 0x%lX", gle);
+	    if (gle != ERROR_NO_TOKEN)
+		ret = 1;
+	}
+    }
+
+  cleanup:
+    if (pSystemSID)
+	LocalFree(pSystemSID);
+    if (pTokenUser)
+	LocalFree(pTokenUser);
+    if (ccacheACL)
+	LocalFree(ccacheACL);
+    return ret;
+}
+
+int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID)
+{
+    // SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY;
+    PSID pSystemSID = NULL;
+    DWORD SystemSIDlength = 0, UserSIDlength = 0;
+    PACL ccacheACL = NULL;
+    DWORD ccacheACLlength = 0;
+    DWORD gle;
+    int ret = 0;
+
+    if (!filename) {
+	DebugEvent0("KFW_set_ccache_dacl_with_user_sid - invalid parms");
+	return 1;
+    }
+
+    DebugEvent0("KFW_set_ccache_dacl_with_user_sid");
+
+    /* Get System SID */
+    if (!ConvertStringSidToSid("S-1-5-18", &pSystemSID)) {
+	DebugEvent("KFW_set_ccache_dacl - ConvertStringSidToSid GLE = 0x%x", GetLastError());
+	ret = 1;
+	goto cleanup;
+    }
+
+    /* Create ACL */
+    SystemSIDlength = GetLengthSid(pSystemSID);
+    ccacheACLlength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE)
+        + SystemSIDlength - sizeof(DWORD);
+
+    if (pUserSID) {
+	UserSIDlength = GetLengthSid(pUserSID);
+
+	ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength
+	    - sizeof(DWORD);
+    }
+
+    ccacheACL = (PACL) LocalAlloc(LPTR, ccacheACLlength);
+    if (!ccacheACL) {
+	DebugEvent("KFW_set_ccache_dacl - LocalAlloc GLE = 0x%x", GetLastError());
+	ret = 1;
+	goto cleanup;
+    }
+
+    InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION);
+    AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,
+                         STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
+                         pSystemSID);
+    if (pUserSID) {
+	AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,
+			     STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
+			     pUserSID);
+	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
+				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
+				   NULL,
+				   NULL,
+				   ccacheACL,
+				   NULL)) {
+	    gle = GetLastError();
+	    DebugEvent("SetNamedSecurityInfo DACL (4) failed: GLE = 0x%lX", gle);
+	    if (gle != ERROR_NO_TOKEN)
+		ret = 1;
+	}
+	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
+				   OWNER_SECURITY_INFORMATION,
+				   pUserSID,
+				   NULL,
+				   NULL,
+				   NULL)) {
+	    gle = GetLastError();
+	    DebugEvent("SetNamedSecurityInfo OWNER (5) failed: GLE = 0x%lX", gle);
+	    if (gle != ERROR_NO_TOKEN)
+		ret = 1;
+	}
+    } else {
+	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
+				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
+				   NULL,
+				   NULL,
+				   ccacheACL,
+				   NULL)) {
+	    gle = GetLastError();
+	    DebugEvent("SetNamedSecurityInfo DACL (6) failed: GLE = 0x%lX", gle);
+	    if (gle != ERROR_NO_TOKEN)
+		ret = 1;
+	}
+    }
+
+  cleanup:
+    if (pSystemSID)
+	LocalFree(pSystemSID);
+    if (ccacheACL)
+	LocalFree(ccacheACL);
+    return ret;
+}
+
+int KFW_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size)
+{
+    int  retval = 0;
+    DWORD dwSize = size-1;	/* leave room for nul */
+    DWORD dwLen  = 0;
+
+    if (!hUserToken || !newfilename || size <= 0)
+	return 1;
+
+    *newfilename = '\0';
+
+    dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, dwSize);
+    if ( !dwLen || dwLen > dwSize )
+	dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, dwSize);
+    if ( !dwLen || dwLen > dwSize )
+	return 1;
+
+    newfilename[dwSize] = '\0';
+    return 0;
+}
+
+void
+KFW_copy_cache_to_system_file(const char * user, const char * filename)
+{
+    char cachename[MAX_PATH + 8] = "FILE:";
+    krb5_context		ctx = 0;
+    krb5_error_code		code;
+    krb5_principal              princ = 0;
+    krb5_ccache			cc  = 0;
+    krb5_ccache                 ncc = 0;
+    PSECURITY_ATTRIBUTES        pSA = NULL;
+
+    if (!pkrb5_init_context || !user || !filename)
+        return;
+
+    strncat(cachename, filename, sizeof(cachename));
+    cachename[sizeof(cachename)-1] = '\0';
+
+    DebugEvent("KFW_Logon_Event - ccache %s", cachename);
+
+    DeleteFile(filename);
+
+    code = pkrb5_init_context(&ctx);
+    if (code) goto cleanup;
+
+    code = pkrb5_parse_name(ctx, user, &princ);
+    if (code) goto cleanup;
+
+    code = KFW_get_ccache(ctx, princ, &cc);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_resolve(ctx, cachename, &ncc);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_initialize(ctx, ncc, princ);
+    if (code) goto cleanup;
+
+    code = KFW_set_ccache_dacl(filename, NULL);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_copy_creds(ctx,cc,ncc);
+
+  cleanup:
+    if ( cc ) {
+        pkrb5_cc_close(ctx, cc);
+        cc = 0;
+    }
+    if ( ncc ) {
+        pkrb5_cc_close(ctx, ncc);
+        ncc = 0;
+    }
+    if ( princ ) {
+        pkrb5_free_principal(ctx, princ);
+        princ = 0;
+    }
+
+    if (ctx)
+        pkrb5_free_context(ctx);
+}
+
+int
+KFW_copy_file_cache_to_default_cache(char * filename)
+{
+    char cachename[MAX_PATH + 8] = "FILE:";
+    krb5_context		ctx = 0;
+    krb5_error_code		code;
+    krb5_principal              princ = 0;
+    krb5_ccache			cc  = 0;
+    krb5_ccache                 ncc = 0;
+    int retval = 1;
+
+    if (!pkrb5_init_context || !filename)
+        return 1;
+
+    if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
+        return 1;
+
+    code = pkrb5_init_context(&ctx);
+    if (code) return 1;
+
+    strcat(cachename, filename);
+
+    code = pkrb5_cc_resolve(ctx, cachename, &cc);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_cc_resolve failed");
+	goto cleanup;
+    }
+
+    code = pkrb5_cc_get_principal(ctx, cc, &princ);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_cc_get_principal failed");
+	goto cleanup;
+    }
+
+    code = pkrb5_cc_default(ctx, &ncc);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_cc_default failed");
+	goto cleanup;
+    }
+    if (!code) {
+        code = pkrb5_cc_initialize(ctx, ncc, princ);
+
+        if (!code)
+            code = pkrb5_cc_copy_creds(ctx,cc,ncc);
+	if (code) {
+	    DebugEvent0("kfwcpcc krb5_cc_copy_creds failed");
+	    goto cleanup;
+	}
+    }
+    if ( ncc ) {
+        pkrb5_cc_close(ctx, ncc);
+        ncc = 0;
+    }
+
+    retval=0;   /* success */
+
+  cleanup:
+    if ( cc ) {
+        pkrb5_cc_close(ctx, cc);
+        cc = 0;
+    }
+
+    DeleteFile(filename);
+
+    if ( princ ) {
+        pkrb5_free_principal(ctx, princ);
+        princ = 0;
+    }
+
+    if (ctx)
+        pkrb5_free_context(ctx);
+
+    return 0;
+}
+
+
+int
+KFW_copy_file_cache_to_api_cache(char * filename)
+{
+    char cachename[MAX_PATH + 8] = "FILE:";
+    krb5_context		ctx = 0;
+    krb5_error_code		code;
+    krb5_principal              princ = 0;
+    krb5_ccache			cc  = 0;
+    krb5_ccache                 ncc = 0;
+    char 			*name = NULL;
+    int retval = 1;
+
+    if (!pkrb5_init_context || !filename)
+        return 1;
+
+    if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
+        return 1;
+
+    code = pkrb5_init_context(&ctx);
+    if (code) return 1;
+
+    strcat(cachename, filename);
+
+    code = pkrb5_cc_resolve(ctx, cachename, &cc);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_cc_resolve failed");
+	goto cleanup;
+    }
+
+    code = pkrb5_cc_get_principal(ctx, cc, &princ);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_cc_get_principal failed");
+	goto cleanup;
+    }
+
+    code = pkrb5_unparse_name(ctx, princ, &name);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_unparse_name failed");
+	goto cleanup;
+    }
+
+    sprintf(cachename, "API:%s", name);
+
+    code = pkrb5_cc_resolve(ctx, cachename, &ncc);
+    if (code) {
+	DebugEvent0("kfwcpcc krb5_cc_default failed");
+	goto cleanup;
+    }
+    if (!code) {
+        code = pkrb5_cc_initialize(ctx, ncc, princ);
+
+        if (!code)
+            code = pkrb5_cc_copy_creds(ctx,cc,ncc);
+	if (code) {
+	    DebugEvent0("kfwcpcc krb5_cc_copy_creds failed");
+	    goto cleanup;
+	}
+    }
+    if ( ncc ) {
+        pkrb5_cc_close(ctx, ncc);
+        ncc = 0;
+    }
+
+    retval=0;   /* success */
+
+  cleanup:
+    if (name)
+	pkrb5_free_unparsed_name(ctx, name);
+
+    if ( cc ) {
+        pkrb5_cc_close(ctx, cc);
+        cc = 0;
+    }
+
+    DeleteFile(filename);
+
+    if ( princ ) {
+        pkrb5_free_principal(ctx, princ);
+        princ = 0;
+    }
+
+    if (ctx)
+        pkrb5_free_context(ctx);
+
+    return 0;
+}
+
+
+int
+KFW_destroy_tickets_for_principal(char * user)
+{
+    krb5_context		ctx = 0;
+    krb5_error_code		code;
+    krb5_principal      princ = 0;
+    krb5_ccache			cc  = 0;
+
+    if (!pkrb5_init_context)
+        return 0;
+
+    code = pkrb5_init_context(&ctx);
+    if (code) return 1;
+
+    code = pkrb5_parse_name(ctx, user, &princ);
+    if (code) goto loop_cleanup;
+
+    code = KFW_get_ccache(ctx, princ, &cc);
+    if (code) goto loop_cleanup;
+
+    code = pkrb5_cc_destroy(ctx, cc);
+    if (!code) cc = 0;
+
+  loop_cleanup:
+    if ( cc ) {
+        pkrb5_cc_close(ctx, cc);
+        cc = 0;
+    }
+    if ( princ ) {
+        pkrb5_free_principal(ctx, princ);
+        princ = 0;
+    }
+
+    pkrb5_free_context(ctx);
+    return 0;
+}
+
+
+/* There are scenarios in which an interactive logon will not
+ * result in the LogonScript being executed.  This will result
+ * in orphaned cache files being left in the Temp directory.
+ * This function will search for cache files in the Temp
+ * directory and delete any that are older than five minutes.
+ */
+void
+KFW_cleanup_orphaned_caches(void)
+{
+    char * temppath = NULL;
+    char * curdir = NULL;
+    DWORD count, count2;
+    WIN32_FIND_DATA FindFileData;
+    HANDLE hFind = INVALID_HANDLE_VALUE;
+    FILETIME now;
+    ULARGE_INTEGER uli_now;
+    FILETIME expired;
+
+    count = GetTempPath(0, NULL);
+    if (count <= 0)
+        return;
+    temppath = (char *) malloc(count);
+    if (!temppath)
+        goto cleanup;
+    count2 = GetTempPath(count, temppath);
+    if (count2 <= 0 || count2 > count)
+        goto cleanup;
+
+    count = GetCurrentDirectory(0, NULL);
+    curdir = (char *)malloc(count);
+    if (!curdir)
+        goto cleanup;
+    count2 = GetCurrentDirectory(count, curdir);
+    if (count2 <= 0 || count2 > count)
+        goto cleanup;
+
+    if (!SetCurrentDirectory(temppath))
+        goto cleanup;
+
+    GetSystemTimeAsFileTime(&now);
+    uli_now.u.LowPart = now.dwLowDateTime;
+    uli_now.u.HighPart = now.dwHighDateTime;
+
+    uli_now.QuadPart -= 3000000000;        /* 5 minutes == 3 billion 100 nano seconds */
+
+    expired.dwLowDateTime = uli_now.u.LowPart;
+    expired.dwHighDateTime = uli_now.u.HighPart;
+
+    hFind = FindFirstFile("kfwlogon-*", &FindFileData);
+    if (hFind != INVALID_HANDLE_VALUE) {
+        do {
+            if (CompareFileTime(&FindFileData.ftCreationTime, &expired) < 0) {
+                DebugEvent("Deleting orphaned cache file: \"%s\"", FindFileData.cFileName);
+                DeleteFile(FindFileData.cFileName);
+            }
+        } while ( FindNextFile(hFind, &FindFileData) );
+    }
+
+    SetCurrentDirectory(curdir);
+
+  cleanup:
+    if (temppath)
+        free(temppath);
+    if (hFind != INVALID_HANDLE_VALUE)
+        FindClose(hFind);
+    if (curdir)
+        free(curdir);
+}
diff --git a/krb5-1.21.3/src/windows/kfwlogon/kfwcpcc.c b/krb5-1.21.3/src/windows/kfwlogon/kfwcpcc.c
new file mode 100644
index 00000000..0ddd0a19
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kfwlogon/kfwcpcc.c
@@ -0,0 +1,37 @@
+/*
+
+Copyright 2005 by the Massachusetts Institute of Technology
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of the Massachusetts
+Institute of Technology (M.I.T.) not be used in advertising or publicity
+pertaining to distribution of the software without specific, written
+prior permission.
+
+M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+*/
+
+#include <windows.h>
+#include "kfwlogon.h"
+
+int main(int argc, char *argv[])
+{
+    if ( argc != 2 )
+        return 1;
+
+    KFW_initialize();
+
+    return KFW_copy_file_cache_to_api_cache(argv[1]);
+}
diff --git a/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.c b/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.c
new file mode 100644
index 00000000..833e2608
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.c
@@ -0,0 +1,623 @@
+/*
+Copyright 2005,2006 by the Massachusetts Institute of Technology
+Copyright 2007 by Secure Endpoints Inc.
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of the Massachusetts
+Institute of Technology (M.I.T.) not be used in advertising or publicity
+pertaining to distribution of the software without specific, written
+prior permission.
+
+M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+*/
+
+#include "kfwlogon.h"
+
+#include <io.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <fcntl.h>
+
+#include <winsock2.h>
+#include <lm.h>
+#include <nb30.h>
+
+static HANDLE hDLL;
+
+static HANDLE hInitMutex = NULL;
+static BOOL bInit = FALSE;
+
+
+BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved)
+{
+    hDLL = dll;
+    switch (reason) {
+    case DLL_PROCESS_ATTACH:
+        /* Initialization Mutex */
+        hInitMutex = CreateMutex(NULL, FALSE, NULL);
+        break;
+
+    case DLL_PROCESS_DETACH:
+        CloseHandle(hInitMutex);
+        break;
+
+    case DLL_THREAD_ATTACH:
+    case DLL_THREAD_DETACH:
+    default:
+        /* Everything else succeeds but does nothing. */
+        break;
+    }
+
+    return TRUE;
+}
+
+DWORD APIENTRY NPGetCaps(DWORD index)
+{
+    switch (index) {
+    case WNNC_NET_TYPE:
+        /* We aren't a file system; We don't have our own type; use somebody else's. */
+        return WNNC_NET_SUN_PC_NFS;
+    case WNNC_START:
+        /* Say we are already started, even though we might wait after we receive NPLogonNotify */
+        return 1;
+
+    default:
+        return 0;
+    }
+}
+
+
+static BOOL
+WINAPI
+UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOutStringLen)
+{
+    CPINFO CodePageInfo;
+
+    GetCPInfo(CP_ACP, &CodePageInfo);
+
+    if (CodePageInfo.MaxCharSize > 1)
+        // Only supporting non-Unicode strings
+        return FALSE;
+
+    if (uInputString.Buffer && ((LPBYTE) uInputString.Buffer)[1] == '\0')
+    {
+        // Looks like unicode, better translate it
+        // UNICODE_STRING specifies the length of the buffer string in Bytes not WCHARS
+        WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) uInputString.Buffer, uInputString.Length/2,
+                            lpszOutputString, nOutStringLen-1, NULL, NULL);
+        lpszOutputString[min(uInputString.Length/2,nOutStringLen-1)] = '\0';
+        return TRUE;
+    }
+
+    lpszOutputString[0] = '\0';
+    return FALSE;
+}  // UnicodeStringToANSI
+
+
+static BOOL
+is_windows_vista(void)
+{
+   static BOOL fChecked = FALSE;
+   static BOOL fIsWinVista = FALSE;
+
+   if (!fChecked)
+   {
+       OSVERSIONINFO Version;
+
+       memset (&Version, 0x00, sizeof(Version));
+       Version.dwOSVersionInfoSize = sizeof(Version);
+
+       if (GetVersionEx (&Version))
+       {
+           if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+               Version.dwMajorVersion >= 6)
+               fIsWinVista = TRUE;
+       }
+       fChecked = TRUE;
+   }
+
+   return fIsWinVista;
+}
+
+
+/* Construct a Logon Script that will cause the LogonEventHandler to be executed
+ * under in the logon session
+ */
+
+#define RUNDLL32_CMDLINE "rundll32.exe kfwlogon.dll,LogonEventHandler "
+VOID
+ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) {
+    DWORD dwLogonScriptLen;
+    LPWSTR lpScript;
+    LPSTR lpTemp;
+
+    if (!lpLogonScript)
+	return;
+    *lpLogonScript = NULL;
+
+    if (!filename)
+	return;
+
+    dwLogonScriptLen = strlen(RUNDLL32_CMDLINE) + strlen(filename) + 2;
+    lpTemp = (LPSTR) malloc(dwLogonScriptLen);
+    if (!lpTemp)
+	return;
+
+    _snprintf(lpTemp, dwLogonScriptLen, "%s%s", RUNDLL32_CMDLINE, filename);
+
+    SetLastError(0);
+    dwLogonScriptLen = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, lpTemp, -1, NULL, 0);
+    DebugEvent("ConfigureLogonScript %s requires %d bytes gle=0x%x", lpTemp, dwLogonScriptLen, GetLastError());
+
+    lpScript = LocalAlloc(LMEM_ZEROINIT, dwLogonScriptLen * 2);
+    if (lpScript) {
+	if (MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, lpTemp, -1, lpScript, 2 * dwLogonScriptLen))
+	    *lpLogonScript = lpScript;
+	else {
+	    DebugEvent("ConfigureLogonScript - MultiByteToWideChar failed gle = 0x%x", GetLastError());
+	    LocalFree(lpScript);
+	}
+    } else {
+	DebugEvent("LocalAlloc failed gle=0x%x", GetLastError());
+    }
+    free(lpTemp);
+}
+
+
+DWORD APIENTRY NPLogonNotify(
+	PLUID lpLogonId,
+	LPCWSTR lpAuthentInfoType,
+	LPVOID lpAuthentInfo,
+	LPCWSTR lpPreviousAuthentInfoType,
+	LPVOID lpPreviousAuthentInfo,
+	LPWSTR lpStationName,
+	LPVOID StationHandle,
+	LPWSTR *lpLogonScript)
+{
+    char uname[MAX_USERNAME_LENGTH+1]="";
+    char password[MAX_PASSWORD_LENGTH+1]="";
+    char logonDomain[MAX_DOMAIN_LENGTH+1]="";
+
+    MSV1_0_INTERACTIVE_LOGON *IL;
+
+    DWORD code = 0;
+
+    char *reason;
+    char *ctemp;
+
+    BOOLEAN interactive = TRUE;
+    HWND hwndOwner = (HWND)StationHandle;
+    BOOLEAN lowercased_name = TRUE;
+
+    /* Can we load KFW binaries? */
+    if ( !KFW_is_available() )
+        return 0;
+
+    DebugEvent0("NPLogonNotify start");
+
+    /* Remote Desktop / Terminal Server connections to existing sessions
+     * are interactive logons.  Unfortunately, because the session already
+     * exists the logon script does not get executed and this prevents
+     * us from being able to execute the rundll32 entrypoint
+     * LogonEventHandlerA which would process the credential cache this
+     * routine will produce.  Therefore, we must cleanup orphaned cache
+     * files from this routine.  We will take care of it before doing
+     * anything else.
+     */
+    KFW_cleanup_orphaned_caches();
+
+    /* Are we interactive? */
+    if (lpStationName)
+        interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);
+
+    if ( !interactive ) {
+	char station[64]="station";
+        DWORD rv;
+
+        SetLastError(0);
+	rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1,
+			    station, sizeof(station), NULL, NULL);
+        DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d",
+                    lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError());
+        return 0;
+    } else
+        DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);
+
+    /* Initialize Logon Script to none */
+    *lpLogonScript=NULL;
+
+    /* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for
+     * our purposes */
+
+    if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") &&
+         wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )
+    {
+	char msg[64];
+	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1,
+			    msg, sizeof(msg), NULL, NULL);
+	msg[sizeof(msg)-1]='\0';
+        DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);
+        return 0;
+    }
+
+    IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;
+
+    /* Convert from Unicode to ANSI */
+
+    /*TODO: Use SecureZeroMemory to erase passwords */
+    if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) ||
+	!UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) ||
+	!UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH))
+	return 0;
+
+    /* Make sure AD-DOMAINS sent from login that is sent to us is stripped */
+    ctemp = strchr(uname, '@');
+    if (ctemp) *ctemp = 0;
+
+    /* is the name all lowercase? */
+    for ( ctemp = uname; *ctemp ; ctemp++) {
+        if ( !islower(*ctemp) ) {
+            lowercased_name = FALSE;
+            break;
+        }
+    }
+
+    code = KFW_get_cred(uname, password, 0, &reason);
+    DebugEvent("NPLogonNotify - KFW_get_cred  uname=[%s] code=[%d]",uname, code);
+
+    /* remove any kerberos 5 tickets currently held by the SYSTEM account
+     * for this user
+     */
+    if (!code) {
+	char filename[MAX_PATH+1] = "";
+	char acctname[MAX_USERNAME_LENGTH+MAX_DOMAIN_LENGTH+3]="";
+	PSID pUserSid = NULL;
+	LPTSTR pReferencedDomainName = NULL;
+	DWORD dwSidLen = 0, dwDomainLen = 0, count;
+	SID_NAME_USE eUse;
+
+	if (_snprintf(acctname, sizeof(acctname), "%s\\%s", logonDomain, uname) < 0) {
+	    code = -1;
+	    goto cleanup;
+	}
+
+	count = GetTempPath(sizeof(filename), filename);
+        if (count == 0 || count > (sizeof(filename)-1)) {
+            code = -1;
+            goto cleanup;
+        }
+
+	if (_snprintf(filename, sizeof(filename), "%s\\kfwlogon-%x.%x",
+		       filename, lpLogonId->HighPart, lpLogonId->LowPart) < 0)
+	{
+	    code = -1;
+	    goto cleanup;
+	}
+
+	KFW_copy_cache_to_system_file(uname, filename);
+
+	/* Need to determine the SID */
+
+	/* First get the size of the required buffers */
+	LookupAccountName (NULL,
+			   acctname,
+			   pUserSid,
+			   &dwSidLen,
+			   pReferencedDomainName,
+			   &dwDomainLen,
+			   &eUse);
+	if(dwSidLen){
+	    pUserSid = (PSID) malloc (dwSidLen);
+	    memset(pUserSid,0,dwSidLen);
+	}
+
+	if(dwDomainLen){
+	    pReferencedDomainName = (LPTSTR) malloc (dwDomainLen * sizeof(TCHAR));
+	    memset(pReferencedDomainName,0,dwDomainLen * sizeof(TCHAR));
+	}
+
+	//Now get the SID and the domain name
+	if (pUserSid && LookupAccountName( NULL,
+					   acctname,
+					   pUserSid,
+					   &dwSidLen,
+					   pReferencedDomainName,
+					   &dwDomainLen,
+					   &eUse))
+	{
+	    DebugEvent("LookupAccountName obtained user %s sid in domain %s", acctname, pReferencedDomainName);
+	    code = KFW_set_ccache_dacl_with_user_sid(filename, pUserSid);
+
+#ifdef USE_WINLOGON_EVENT
+	    /* If we are on Vista, setup a LogonScript
+	     * that will execute the LogonEventHandler entry point via rundll32.exe
+	     */
+	    if (is_windows_vista()) {
+		ConfigureLogonScript(lpLogonScript, filename);
+		if (*lpLogonScript)
+		    DebugEvent0("LogonScript assigned");
+		else
+		    DebugEvent0("No Logon Script");
+	    }
+#else
+	    ConfigureLogonScript(lpLogonScript, filename);
+	    if (*lpLogonScript)
+		    DebugEvent0("LogonScript assigned");
+	    else
+		    DebugEvent0("No Logon Script");
+#endif
+	} else {
+	    DebugEvent0("LookupAccountName failed");
+	    DeleteFile(filename);
+	    code = -1;
+	}
+
+      cleanup:
+	if (pUserSid)
+	    free(pUserSid);
+	if (pReferencedDomainName)
+	    free(pReferencedDomainName);
+    }
+
+    KFW_destroy_tickets_for_principal(uname);
+
+    if (code) {
+        char msg[128];
+        HANDLE h;
+        char *ptbuf[1];
+
+        StringCbPrintf(msg, sizeof(msg), "Kerberos ticket acquisition failed: %s", reason);
+
+        h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
+        ptbuf[0] = msg;
+        ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL, 1, 0, ptbuf, NULL);
+        DeregisterEventSource(h);
+        SetLastError(code);
+    }
+
+    if (code)
+	DebugEvent0("NPLogonNotify failure");
+    else
+	DebugEvent0("NPLogonNotify success");
+
+    return code;
+}
+
+
+DWORD APIENTRY NPPasswordChangeNotify(
+	LPCWSTR lpAuthentInfoType,
+	LPVOID lpAuthentInfo,
+	LPCWSTR lpPreviousAuthentInfoType,
+	LPVOID lpPreviousAuthentInfo,
+	LPWSTR lpStationName,
+	LPVOID StationHandle,
+	DWORD dwChangeInfo)
+{
+    return 0;
+}
+
+#include <userenv.h>
+#include <Winwlx.h>
+
+#ifdef COMMENT
+typedef struct _WLX_NOTIFICATION_INFO {
+    ULONG Size;
+    ULONG Flags;
+    PWSTR UserName;
+    PWSTR Domain;
+    PWSTR WindowStation;
+    HANDLE hToken;
+    HDESK hDesktop;
+    PFNMSGECALLBACK pStatusCallback;
+} WLX_NOTIFICATION_INFO, *PWLX_NOTIFICATION_INFO;
+#endif
+
+VOID KFW_Startup_Event( PWLX_NOTIFICATION_INFO pInfo )
+{
+    DebugEvent0("KFW_Startup_Event");
+}
+
+static BOOL
+GetSecurityLogonSessionData(HANDLE hToken, PSECURITY_LOGON_SESSION_DATA * ppSessionData)
+{
+    NTSTATUS Status = 0;
+    TOKEN_STATISTICS Stats;
+    DWORD   ReqLen;
+    BOOL    Success;
+
+    if (!ppSessionData)
+        return FALSE;
+    *ppSessionData = NULL;
+
+
+    Success = GetTokenInformation( hToken, TokenStatistics, &Stats, sizeof(TOKEN_STATISTICS), &ReqLen );
+    if ( !Success )
+        return FALSE;
+
+    Status = LsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData );
+    if ( FAILED(Status) || !ppSessionData )
+        return FALSE;
+
+    return TRUE;
+}
+
+VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
+{
+#ifdef USE_WINLOGON_EVENT
+    WCHAR szUserW[128] = L"";
+    char  szUserA[128] = "";
+    char szPath[MAX_PATH] = "";
+    char szLogonId[128] = "";
+    DWORD count;
+    char filename[MAX_PATH] = "";
+    char newfilename[MAX_PATH] = "";
+    char commandline[MAX_PATH+256] = "";
+    STARTUPINFO startupinfo;
+    PROCESS_INFORMATION procinfo;
+    HANDLE hf = NULL;
+
+    LUID LogonId = {0, 0};
+    PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL;
+
+    HKEY hKey1 = NULL, hKey2 = NULL;
+
+    DebugEvent0("KFW_Logon_Event - Start");
+
+    GetSecurityLogonSessionData( pInfo->hToken, &pLogonSessionData );
+
+    if ( pLogonSessionData ) {
+        LogonId = pLogonSessionData->LogonId;
+        DebugEvent("KFW_Logon_Event - LogonId(%d,%d)", LogonId.HighPart, LogonId.LowPart);
+
+        _snprintf(szLogonId, sizeof(szLogonId), "kfwlogon-%d.%d",LogonId.HighPart, LogonId.LowPart);
+        LsaFreeReturnBuffer( pLogonSessionData );
+    } else {
+        DebugEvent0("KFW_Logon_Event - Unable to determine LogonId");
+        return;
+    }
+
+    count = GetEnvironmentVariable("TEMP", filename, sizeof(filename));
+    if ( count > sizeof(filename) || count == 0 ) {
+        GetWindowsDirectory(filename, sizeof(filename));
+    }
+
+    if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) {
+        DebugEvent0("KFW_Logon_Event - filename too long");
+	return;
+    }
+
+    strcat(filename, "\\");
+    strcat(filename, szLogonId);
+
+    hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING,
+		    FILE_ATTRIBUTE_NORMAL, NULL);
+    if (hf == INVALID_HANDLE_VALUE) {
+        DebugEvent0("KFW_Logon_Event - file cannot be opened");
+	return;
+    }
+    CloseHandle(hf);
+
+    if (KFW_set_ccache_dacl(filename, pInfo->hToken)) {
+        DebugEvent0("KFW_Logon_Event - unable to set dacl");
+	DeleteFile(filename);
+	return;
+    }
+
+    if (KFW_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename))) {
+        DebugEvent0("KFW_Logon_Event - unable to obtain temp directory");
+	return;
+    }
+
+    if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {
+        DebugEvent0("KFW_Logon_Event - new filename too long");
+	return;
+    }
+
+    strcat(newfilename, "\\");
+    strcat(newfilename, szLogonId);
+
+    if (!MoveFileEx(filename, newfilename,
+		     MOVEFILE_COPY_ALLOWED | MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {
+        DebugEvent("KFW_Logon_Event - MoveFileEx failed GLE = 0x%x", GetLastError());
+	return;
+    }
+
+    _snprintf(commandline, sizeof(commandline), "kfwcpcc.exe \"%s\"", newfilename);
+
+    GetStartupInfo(&startupinfo);
+    if (CreateProcessAsUser( pInfo->hToken,
+                             "kfwcpcc.exe",
+                             commandline,
+                             NULL,
+                             NULL,
+                             FALSE,
+                             CREATE_NEW_PROCESS_GROUP | DETACHED_PROCESS,
+                             NULL,
+                             NULL,
+                             &startupinfo,
+                             &procinfo))
+    {
+	DebugEvent("KFW_Logon_Event - CommandLine %s", commandline);
+
+	WaitForSingleObject(procinfo.hProcess, 30000);
+
+	CloseHandle(procinfo.hThread);
+	CloseHandle(procinfo.hProcess);
+    } else {
+	DebugEvent0("KFW_Logon_Event - CreateProcessFailed");
+    }
+
+    DeleteFile(newfilename);
+
+    DebugEvent0("KFW_Logon_Event - End");
+#endif /* USE_WINLOGON_EVENT */
+}
+
+
+/* Documentation on the use of RunDll32 entrypoints can be found
+ * at https://support.microsoft.com/kb/164787
+ */
+void CALLBACK
+LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
+{
+    HANDLE hf = NULL;
+    char commandline[MAX_PATH+256] = "";
+    STARTUPINFO startupinfo;
+    PROCESS_INFORMATION procinfo;
+
+    DebugEvent0("LogonEventHandler - Start");
+
+    /* Validate lpszCmdLine as a file */
+    hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING,
+		    FILE_ATTRIBUTE_NORMAL, NULL);
+    if (hf == INVALID_HANDLE_VALUE) {
+        DebugEvent("LogonEventHandler - \"%s\" cannot be opened", lpszCmdLine);
+	return;
+    }
+    CloseHandle(hf);
+
+
+    _snprintf(commandline, sizeof(commandline), "kfwcpcc.exe \"%s\"", lpszCmdLine);
+
+    GetStartupInfo(&startupinfo);
+    SetLastError(0);
+    if (CreateProcess( NULL,
+		       commandline,
+		       NULL,
+		       NULL,
+		       FALSE,
+		       CREATE_NEW_PROCESS_GROUP | DETACHED_PROCESS,
+		       NULL,
+		       NULL,
+		       &startupinfo,
+		       &procinfo))
+    {
+	DebugEvent("KFW_Logon_Event - CommandLine %s", commandline);
+
+	WaitForSingleObject(procinfo.hProcess, 30000);
+
+	CloseHandle(procinfo.hThread);
+	CloseHandle(procinfo.hProcess);
+    } else {
+	DebugEvent("KFW_Logon_Event - CreateProcessFailed \"%s\" GLE 0x%x",
+                     commandline, GetLastError());
+        DebugEvent("KFW_Logon_Event PATH %s", getenv("PATH"));
+    }
+
+    DeleteFile(lpszCmdLine);
+
+    DebugEvent0("KFW_Logon_Event - End");
+}
diff --git a/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.def b/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.def
new file mode 100644
index 00000000..85ba1028
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.def
@@ -0,0 +1,14 @@
+LIBRARY KFWLOGON
+
+EXPORTS
+
+    DllEntryPoint
+    NPGetCaps
+    NPLogonNotify
+    NPPasswordChangeNotify
+    KFW_Logon_Event
+    LogonEventHandlerA
+
+
+
+
diff --git a/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.h b/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.h
new file mode 100644
index 00000000..622d5665
--- /dev/null
+++ b/krb5-1.21.3/src/windows/kfwlogon/kfwlogon.h
@@ -0,0 +1,215 @@
+/*
+
+Copyright 2005,2006 by the Massachusetts Institute of Technology
+Copyright 2007 by Secure Endpoints Inc.
+
+All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted,
+provided that the above copyright notice appear in all copies and that
+both that copyright notice and this permission notice appear in
+supporting documentation, and that the name of the Massachusetts
+Institute of Technology (M.I.T.) not be used in advertising or publicity
+pertaining to distribution of the software without specific, written
+prior permission.
+
+M.I.T. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+M.I.T. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+*/
+
+/* We only support VC 1200 and above anyway */
+#pragma once
+
+/* _WIN32_WINNT must be 0x0501 or greater to pull in definition of
+ * all required LSA data types when the Vista SDK NtSecAPI.h is used.
+ */
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0501
+#else
+#if _WIN32_WINNT < 0x0501
+#undef _WIN32_WINNT
+#define _WIN32_WINNT 0x0501
+#endif
+#endif
+
+#include <windows.h>
+#include <npapi.h>
+#define SECURITY_WIN32
+#include <security.h>
+#include <ntsecapi.h>
+#include <tchar.h>
+#include <strsafe.h>
+
+typedef int errcode_t;
+
+#include <loadfuncs-lsa.h>
+#include <krb5.h>
+#include <loadfuncs-com_err.h>
+#include <loadfuncs-krb5.h>
+#include <loadfuncs-profile.h>
+#include <loadfuncs-leash.h>
+
+// service definitions
+#define SERVICE_DLL   "advapi32.dll"
+typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD);
+typedef SC_HANDLE (WINAPI *FP_OpenServiceA)(SC_HANDLE, char *, DWORD);
+typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS);
+typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE);
+
+/* In order to avoid including the private CCAPI headers */
+typedef int cc_int32;
+
+#define CC_API_VER_1 1
+#define CC_API_VER_2 2
+
+#define CCACHE_API cc_int32
+
+/*
+** The Official Error Codes
+*/
+#define CC_NOERROR           0
+#define CC_BADNAME           1
+#define CC_NOTFOUND          2
+#define CC_END               3
+#define CC_IO                4
+#define CC_WRITE             5
+#define CC_NOMEM             6
+#define CC_FORMAT            7
+#define CC_LOCKED            8
+#define CC_BAD_API_VERSION   9
+#define CC_NO_EXIST          10
+#define CC_NOT_SUPP          11
+#define CC_BAD_PARM          12
+#define CC_ERR_CACHE_ATTACH  13
+#define CC_ERR_CACHE_RELEASE 14
+#define CC_ERR_CACHE_FULL    15
+#define CC_ERR_CRED_VERSION  16
+
+enum {
+    CC_CRED_VUNKNOWN = 0,       // For validation
+    /* CC_CRED_V4 = 1, */
+    CC_CRED_V5 = 2,
+    CC_CRED_VMAX = 3            // For validation
+};
+
+typedef struct opaque_dll_control_block_type* apiCB;
+typedef struct _infoNC {
+    char*     name;
+    char*     principal;
+    cc_int32  vers;
+} infoNC;
+
+TYPEDEF_FUNC(
+CCACHE_API,
+CALLCONV_C,
+cc_initialize,
+    (
+    apiCB** cc_ctx,           // <  DLL's primary control structure.
+                              //    returned here, passed everywhere else
+    cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
+    cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
+    const char** vendor       // <  if ~NULL, vendor name in read only C string
+    )
+);
+
+TYPEDEF_FUNC(
+CCACHE_API,
+CALLCONV_C,
+cc_shutdown,
+    (
+    apiCB** cc_ctx            // <> DLL's primary control structure. NULL after
+    )
+);
+
+TYPEDEF_FUNC(
+CCACHE_API,
+CALLCONV_C,
+cc_get_NC_info,
+    (
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    struct _infoNC*** ppNCi // <  (NULL before call) null terminated,
+                            //    list of a structs (free via cc_free_infoNC())
+    )
+);
+
+TYPEDEF_FUNC(
+CCACHE_API,
+CALLCONV_C,
+cc_free_NC_info,
+    (
+    apiCB* cc_ctx,
+    struct _infoNC*** ppNCi // <  free list of structs returned by
+                            //    cc_get_cache_names().  set to NULL on return
+    )
+);
+/* End private ccapiv2 headers */
+
+#ifdef _WIN64
+#define CCAPI_DLL   "krbcc64.dll"
+#else
+#define CCAPI_DLL   "krbcc32.dll"
+#endif
+
+
+/* */
+#define MAX_USERNAME_LENGTH 256
+#define MAX_PASSWORD_LENGTH 256
+#define MAX_DOMAIN_LENGTH 256
+
+#define KFW_LOGON_EVENT_NAME TEXT("MIT Kerberos")
+
+BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved);
+
+DWORD APIENTRY NPGetCaps(DWORD index);
+
+DWORD APIENTRY NPLogonNotify(
+	PLUID lpLogonId,
+	LPCWSTR lpAuthentInfoType,
+	LPVOID lpAuthentInfo,
+	LPCWSTR lpPreviousAuthentInfoType,
+	LPVOID lpPreviousAuthentInfo,
+	LPWSTR lpStationName,
+	LPVOID StationHandle,
+	LPWSTR *lpLogonScript);
+
+DWORD APIENTRY NPPasswordChangeNotify(
+	LPCWSTR lpAuthentInfoType,
+	LPVOID lpAuthentInfo,
+	LPCWSTR lpPreviousAuthentInfoType,
+	LPVOID lpPreviousAuthentInfo,
+	LPWSTR lpStationName,
+	LPVOID StationHandle,
+	DWORD dwChangeInfo);
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void DebugEvent0(char *a);
+void DebugEvent(char *b,...);
+
+DWORD MapAuthError(DWORD code);
+
+static BOOL WINAPI UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOutStringLen);
+
+int KFW_is_available(void);
+int KFW_get_cred( char * username, char * password, int lifetime, char ** reasonP );
+void KFW_copy_cache_to_system_file(const char * user, const char * filename);
+int KFW_destroy_tickets_for_principal(char * user);
+int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken);
+int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID);
+int KFW_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size);
+void KFW_cleanup_orphaned_caches(void);
+
+void CALLBACK LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/krb5-1.21.3/src/windows/leash/KrbListTickets.cpp b/krb5-1.21.3/src/windows/leash/KrbListTickets.cpp
new file mode 100644
index 00000000..85f97456
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/KrbListTickets.cpp
@@ -0,0 +1,389 @@
+#include "stdafx.h"
+#include "lglobals.h"
+#include "krb5.h"
+
+static void
+FreeTicketList(TicketList** ticketList)
+{
+    TicketList* tempList = *ticketList, *killList;
+
+    while (tempList) {
+        killList = tempList;
+        tempList = tempList->next;
+        free(killList->service);
+        if (killList->encTypes)
+            free(killList->encTypes);
+        free(killList);
+    }
+
+    *ticketList = NULL;
+}
+
+void
+LeashKRB5FreeTicketInfo(TICKETINFO *ticketinfo)
+{
+    if (ticketinfo->principal) {
+        free(ticketinfo->principal);
+        ticketinfo->principal = NULL;
+    }
+    if (ticketinfo->ccache_name) {
+        pkrb5_free_string(NULL, ticketinfo->ccache_name);
+        ticketinfo->ccache_name = NULL;
+    }
+    if (ticketinfo->ticket_list)
+        FreeTicketList(&ticketinfo->ticket_list);
+}
+
+void
+LeashKRB5FreeTickets(TICKETINFO **ticketinfolist)
+{
+    TICKETINFO *ticketinfo = *ticketinfolist, *next;
+    while (ticketinfo) {
+        next = ticketinfo->next;
+        LeashKRB5FreeTicketInfo(ticketinfo);
+        free(ticketinfo);
+        ticketinfo = next;
+    }
+    *ticketinfolist = NULL;
+}
+
+/*
+ * LeashKRB5Error()
+ */
+int
+LeashKRB5Error(krb5_error_code rc, LPCSTR FailedFunctionName)
+{
+#ifdef USE_MESSAGE_BOX
+    char message[256];
+    const char *errText;
+
+    errText = perror_message(rc);
+    _snprintf(message, sizeof(message),
+              "%s\n(Kerberos error %ld)\n\n%s failed",
+              errText,
+              rc,
+              FailedFunctionName);
+    message[sizeof(message)-1] = 0;
+
+    MessageBox(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
+               MB_TASKMODAL |
+               MB_SETFOREGROUND);
+#endif /* USE_MESSAGE_BOX */
+    return rc;
+}
+
+
+static void
+etype_string(krb5_enctype enctype, char *buf, size_t buflen)
+{
+    krb5_error_code retval;
+
+    if ((retval = pkrb5_enctype_to_name(enctype, FALSE, buf, buflen))) {
+        /* XXX if there's an error != EINVAL, I should probably report it */
+        sprintf_s(buf, buflen, "etype %d", enctype);
+    }
+}
+
+
+static void
+CredToTicketInfo(krb5_creds KRBv5Credentials, TICKETINFO *ticketinfo)
+{
+    ticketinfo->issued = (DWORD)KRBv5Credentials.times.starttime;
+    ticketinfo->valid_until = (DWORD)KRBv5Credentials.times.endtime;
+    ticketinfo->renew_until = KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE ?
+        (DWORD)KRBv5Credentials.times.renew_till : (DWORD)0;
+    _tzset();
+    if ( ticketinfo->valid_until - time(0) <= 0L )
+        ticketinfo->btickets = EXPD_TICKETS;
+    else
+        ticketinfo->btickets = GOOD_TICKETS;
+}
+
+static int
+CredToTicketList(krb5_context ctx, krb5_creds KRBv5Credentials,
+                 char *PrincipalName, TicketList ***ticketListTail)
+{
+    krb5_error_code code = 0;
+    krb5_ticket *tkt=NULL;
+    char *sServerName = NULL;
+    char Buffer[256], sestype[100], tkttype[100];
+    char *functionName = NULL;
+    TicketList *list = NULL;
+
+    functionName = "krb5_unparse_name()";
+    code = (*pkrb5_unparse_name)(ctx, KRBv5Credentials.server, &sServerName);
+    if (code)
+        goto cleanup;
+
+    if (!KRBv5Credentials.times.starttime)
+        KRBv5Credentials.times.starttime = KRBv5Credentials.times.authtime;
+
+    memset(Buffer, '\0', sizeof(Buffer));
+
+    // @fixme: calloc for ptr init
+    list = (TicketList *)calloc(1, sizeof(TicketList));
+    if (!list) {
+        code = ENOMEM;
+        functionName = "calloc()";
+        goto cleanup;
+    }
+    list->service = strdup(sServerName);
+    if (!list->service) {
+        code = ENOMEM;
+        functionName = "calloc()";
+        goto cleanup;
+    }
+    list->issued = (DWORD)KRBv5Credentials.times.starttime;
+    list->valid_until = (DWORD)KRBv5Credentials.times.endtime;
+    if (KRBv5Credentials.ticket_flags & TKT_FLG_RENEWABLE)
+        list->renew_until = (DWORD)KRBv5Credentials.times.renew_till;
+    else
+        list->renew_until = 0;
+
+    etype_string(KRBv5Credentials.keyblock.enctype, sestype, sizeof(sestype));
+    if (!pkrb5_decode_ticket(&KRBv5Credentials.ticket, &tkt)) {
+        etype_string(tkt->enc_part.enctype, tkttype, sizeof(tkttype));
+        wsprintf(Buffer, "Session Key: %s  Ticket: %s", sestype, tkttype);
+        pkrb5_free_ticket(ctx, tkt);
+        tkt = NULL;
+    } else {
+        wsprintf(Buffer, "Session Key: %s", sestype);
+    }
+
+    list->encTypes = (char *)calloc(1, strlen(Buffer)+1);
+    if (!list->encTypes) {
+        functionName = "calloc()";
+        code = ENOMEM;
+        goto cleanup;
+    }
+    strcpy(list->encTypes, Buffer);
+
+    list->flags = KRBv5Credentials.ticket_flags;
+cleanup:
+    if (code) {
+        LeashKRB5Error(code, functionName);
+        if (list)
+            FreeTicketList(&list);
+    } else {
+        **ticketListTail = list;
+        *ticketListTail = &list->next;
+    }
+
+    if (sServerName != NULL)
+        (*pkrb5_free_unparsed_name)(ctx, sServerName);
+
+    return code;
+}
+
+// return 0 if ticketinfo was successfully appended to list, 1 otherwise
+int
+do_ccache(krb5_context ctx,
+          krb5_ccache cache,
+          TICKETINFO **ticketInfoTail)
+{
+    krb5_cc_cursor cur;
+    krb5_creds creds;
+    krb5_principal princ = NULL;
+    krb5_flags flags;
+    krb5_error_code code;
+    char *defname = NULL;
+    char *functionName = NULL;
+    TicketList **ticketListTail;
+    TICKETINFO *ticketinfo = NULL;
+    int retval = 1;
+
+    // Don't need the actual ticket.
+    flags = KRB5_TC_NOTICKET;
+    code = pkrb5_cc_set_flags(ctx, cache, flags);
+    if (code) {
+        if (code == KRB5_FCC_NOFILE || code == KRB5_CC_NOTFOUND) {
+            // Normal behavior; skip cache but suppress error message box
+            code = 0;
+        } else {
+            functionName = "krb5_cc_set_flags";
+        }
+        goto cleanup;
+    }
+    code = pkrb5_cc_get_principal(ctx, cache, &princ);
+    if (code) {
+        // Normal behavior; skip cache but suppress error message box
+        code = 0;
+        goto cleanup;
+    }
+    code = pkrb5_unparse_name(ctx, princ, &defname);
+    if (code) {
+        functionName = "krb5_unparse_name";
+        goto cleanup;
+    }
+    code = pkrb5_cc_start_seq_get(ctx, cache, &cur);
+    if (code) {
+        // MSLSA errors here if no TGT is found; suppress error message box
+        code = 0;
+        goto cleanup;
+    }
+    if (*ticketInfoTail)
+        ticketinfo = *ticketInfoTail;
+    else
+        // @fixme: calloc to init pointers
+        ticketinfo = (TICKETINFO *)calloc(1, sizeof(TICKETINFO));
+
+    if (ticketinfo == NULL) {
+        functionName = "calloc";
+        code = ENOMEM;
+        goto cleanup;
+    }
+    ticketinfo->next = NULL;
+    ticketinfo->ticket_list = NULL;
+    ticketinfo->principal = strdup(defname);
+    if (ticketinfo->principal == NULL) {
+        functionName = "strdup";
+        code = ENOMEM;
+        goto cleanup;
+    }
+    code = pkrb5_cc_get_full_name(ctx, cache, &ticketinfo->ccache_name);
+    if (code) {
+        functionName = "krb5_cc_get_full_name";
+        goto cleanup;
+    }
+    *ticketInfoTail = ticketinfo;
+    ticketListTail = &ticketinfo->ticket_list;
+    while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) {
+        if (!pkrb5_is_config_principal(ctx, creds.server)) {
+            CredToTicketList(ctx, creds, defname, &ticketListTail);
+            CredToTicketInfo(creds, ticketinfo);
+        }
+        pkrb5_free_cred_contents(ctx, &creds);
+    }
+    if (code == KRB5_CC_END) {
+        code = pkrb5_cc_end_seq_get(ctx, cache, &cur);
+        if (code) {
+            functionName = "krb5_cc_end_seq_get";
+            goto cleanup;
+        }
+        flags = 0;
+        code = pkrb5_cc_set_flags(ctx, cache, flags);
+        if (code) {
+            functionName = "krb5_cc_set_flags";
+            goto cleanup;
+        }
+    } else {
+        functionName = "krb5_cc_next_cred";
+        goto cleanup;
+    }
+cleanup:
+    if (code)
+        LeashKRB5Error(code, functionName);
+    if (ticketinfo) {
+        if (ticketinfo == *ticketInfoTail)
+            retval = 0;
+        else
+            LeashKRB5FreeTickets(&ticketinfo);
+    }
+    if (defname)
+        pkrb5_free_unparsed_name(ctx, defname);
+    if (princ)
+        pkrb5_free_principal(ctx, princ);
+    return retval;
+}
+
+
+//
+// Returns 0 for success, 1 for failure
+//
+int
+do_all_ccaches(krb5_context ctx, TICKETINFO **ticketinfotail)
+{
+    krb5_error_code code;
+    krb5_ccache cache;
+    krb5_cccol_cursor cursor;
+    int retval = 1;
+    char *functionName = NULL;
+
+    code = pkrb5_cccol_cursor_new(ctx, &cursor);
+    if (code) {
+        functionName = "krb5_cccol_cursor_new";
+        goto cleanup;
+    }
+    retval = 0;
+    while (!(code = pkrb5_cccol_cursor_next(ctx, cursor, &cache)) &&
+           cache != NULL) {
+        // Note that ticketinfotail will be updated here to point to the tail
+        // of the list but the caller of this function will remain with a
+        // pointer to the head.
+        if (do_ccache(ctx, cache, ticketinfotail) == 0)
+            ticketinfotail = &((*ticketinfotail)->next);
+        pkrb5_cc_close(ctx, cache);
+    }
+    if (code)
+         functionName = "krb5_cccol_cursor_next";
+    pkrb5_cccol_cursor_free(ctx, &cursor);
+cleanup:
+    if (code)
+        LeashKRB5Error(code, functionName);
+    return retval;
+}
+
+void
+LeashKRB5ListDefaultTickets(TICKETINFO *ticketinfo)
+{
+    krb5_error_code	code;
+    krb5_context ctx = 0;
+    krb5_ccache cache = 0;
+    char *functionName = NULL;
+
+    ticketinfo->btickets = NO_TICKETS;
+    ticketinfo->principal = NULL;
+    ticketinfo->ccache_name = NULL;
+    ticketinfo->next = NULL;
+    ticketinfo->ticket_list = NULL;
+    ticketinfo->renew_until = 0;
+    ticketinfo->valid_until = 0;
+    ticketinfo->issued = 0;
+
+    code = pkrb5_init_context(&ctx);
+    if (code) {
+        functionName = "krb5_init_context";
+        goto cleanup;
+    }
+
+    code = pkrb5_cc_default(ctx, &cache);
+    if (code) {
+        functionName = "krb5_cc_default";
+        goto cleanup;
+    }
+    if (cache != NULL)
+        do_ccache(ctx, cache, &ticketinfo);
+cleanup:
+    if (code)
+        LeashKRB5Error(code, functionName);
+    if (cache)
+        pkrb5_cc_close(ctx, cache);
+    if (ctx)
+        pkrb5_free_context(ctx);
+}
+
+
+/*
+ * LeashKRB5ListAllTickets()
+ */
+
+void
+LeashKRB5ListAllTickets(TICKETINFO **ticketinfo)
+{
+    krb5_error_code	code;
+    krb5_context ctx = 0;
+    char *functionName = NULL;
+
+    code = pkrb5_init_context(&ctx);
+    if (code) {
+        functionName = "krb5_init_context";
+        goto cleanup;
+    }
+
+    do_all_ccaches(ctx, ticketinfo);
+cleanup:
+    if (code)
+        LeashKRB5Error(code, functionName);
+    if (ctx)
+        pkrb5_free_context(ctx);
+}
diff --git a/krb5-1.21.3/src/windows/leash/Leash.cpp b/krb5-1.21.3/src/windows/leash/Leash.cpp
new file mode 100644
index 00000000..9ba1e9a6
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/Leash.cpp
@@ -0,0 +1,1205 @@
+//**************************************************************************
+// File:	Leash.cpp
+// By:		Arthur David Leather
+// Created:	12/02/98
+// Copyright:	1998 Massachusetts Institute of Technology - All rights
+//		reserved.
+//
+// Description:	CPP file for Leash.h. Contains variables and functions
+//		for Leash
+//
+// History:
+//
+// MM/DD/YY	Inits	Description of Change
+// 12/02/98	ADL	Original
+//**************************************************************************
+
+#include "stdafx.h"
+#include "Leash.h"
+
+#include "MainFrm.h"
+#include "LeashDoc.h"
+#include "LeashView.h"
+#include "LeashAboutBox.h"
+
+#include "reminder.h"
+#include <leasherr.h>
+#include "lglobals.h"
+#include <krb5.h>
+#include <com_err.h>
+
+#include <errno.h>
+
+#include <afxwin.h>
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+TicketInfoWrapper ticketinfo;
+
+HWND CLeashApp::m_hProgram = 0;
+HINSTANCE CLeashApp::m_hLeashDLL = 0;
+HINSTANCE CLeashApp::m_hComErr = 0;
+HINSTANCE CLeashApp::m_hKrb5DLL = 0;
+HINSTANCE CLeashApp::m_hKrb5ProfileDLL= 0;
+HINSTANCE CLeashApp::m_hPsapi = 0;
+HINSTANCE CLeashApp::m_hToolHelp32 = 0;
+krb5_context CLeashApp::m_krbv5_context = 0;
+profile_t CLeashApp::m_krbv5_profile = 0;
+HINSTANCE CLeashApp::m_hKrbLSA = 0;
+int CLeashApp::m_useRibbon = TRUE;
+BOOL CLeashApp::m_bUpdateDisplay = FALSE;
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashApp
+
+
+BEGIN_MESSAGE_MAP(CLeashApp, CWinApp)
+	//{{AFX_MSG_MAP(CLeashApp)
+	//}}AFX_MSG_MAP
+	// Standard file based document commands
+	ON_COMMAND(ID_FILE_NEW, CWinApp::OnFileNew)
+	ON_COMMAND(ID_FILE_OPEN, CWinApp::OnFileOpen)
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashApp construction
+CLeashApp::CLeashApp()
+{
+    m_krbv5_context = NULL;
+    m_krbv5_profile = NULL;
+    // TODO: add construction code here,
+    // Place all significant initialization in InitInstance
+
+    // Memory may not be initialized to zeros (in debug)
+    memset(&ticketinfo, 0, sizeof(ticketinfo));
+
+    ticketinfo.lockObj = CreateMutex(NULL, FALSE, NULL);
+
+#ifdef USE_HTMLHELP
+#if _MSC_VER >= 1300
+    EnableHtmlHelp();
+#endif
+#endif
+}
+
+CLeashApp::~CLeashApp()
+{
+    if ( m_krbv5_context ) {
+        pkrb5_free_context(m_krbv5_context);
+        m_krbv5_context = NULL;
+    }
+
+    if ( m_krbv5_profile ) {
+        pprofile_release(m_krbv5_profile);
+        m_krbv5_profile = NULL;
+    }
+
+#ifdef COMMENT
+	/* Do not free the locking objects.  Doing so causes an invalid handle access */
+    CloseHandle(ticketinfo.lockObj);
+#endif
+	AfxFreeLibrary(m_hLeashDLL);
+	AfxFreeLibrary(m_hKrb5DLL);
+	AfxFreeLibrary(m_hKrb5ProfileDLL);
+	AfxFreeLibrary(m_hPsapi);
+    AfxFreeLibrary(m_hToolHelp32);
+    AfxFreeLibrary(m_hKrbLSA);
+#ifdef DEBUG
+    _CrtDumpMemoryLeaks();
+#endif
+}
+
+/////////////////////////////////////////////////////////////////////////////
+// The one and only CLeashApp object
+
+CLeashApp theApp;
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashApp initialization
+
+void CLeashApp::ParseParam (LPCTSTR lpszParam,BOOL bFlag,BOOL bLast)
+{
+	//CCommandLineInfo::ParseParam(lpszParam, bFlag, bLast) ;
+}
+
+extern "C" {
+    LRESULT WINAPI LeashWindowProc( HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
+    {
+        switch ( Msg ) {
+        case WM_SYSCOMMAND:
+            if (SC_CLOSE == (wParam & 0xfff0)) {
+                wParam = (wParam & ~0xfff0) | SC_MINIMIZE;
+            }
+            break;
+        }
+        return ::DefWindowProc(hWnd, Msg, wParam, lParam);
+    }
+}
+
+BOOL CLeashApp::InitInstance()
+{
+#ifdef DEBUG
+    _CrtSetReportMode( _CRT_WARN, _CRTDBG_MODE_FILE );
+    _CrtSetReportFile( _CRT_WARN, _CRTDBG_FILE_STDOUT );
+    _CrtSetReportMode( _CRT_ERROR, _CRTDBG_MODE_FILE );
+    _CrtSetReportFile( _CRT_ERROR, _CRTDBG_FILE_STDOUT );
+
+    int tmp = _CrtSetDbgFlag( _CRTDBG_REPORT_FLAG);
+    _CrtSetDbgFlag( tmp | _CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
+#endif
+    AfxOleInit();
+    // NOTE: Not used at this time
+    /// Set LEASH_DLL to the path where the Leash.exe is
+    char modulePath[MAX_PATH];
+    krb5_error_code code;
+    DWORD result = GetModuleFileName(AfxGetInstanceHandle(), modulePath, MAX_PATH);
+    ASSERT(result);
+
+    char* pPath = modulePath + strlen(modulePath) - 1;
+    while (*pPath != '\\')
+    {
+        *pPath = 0;
+        pPath--;
+    }
+    strcat(modulePath, LEASH_HELP_FILE);
+    m_helpFile = modulePath;
+
+    ///strcat(dllFile, LEASH_DLL);
+    ///m_leashDLL = dllFile;
+
+    BOOL autoInit = FALSE;
+    HWND hMsg = GetForegroundWindow();
+    if (!InitDLLs())
+        return FALSE; //exit program, can't load LEASHDLL
+    code = pkrb5_init_context(&m_krbv5_context);
+    if (code) {
+        // @TODO: report error
+        return FALSE;
+    }
+
+    // Check for args (switches)
+    LPCTSTR exeFile		= __targv[0];
+    for (int argi = 1; argi < __argc; argi++) {
+        LPCTSTR optionParam =  __targv[argi];
+
+        if (!optionParam)
+            continue;
+
+        if (*optionParam  == '-' || *optionParam  == '/')
+        {
+            if (0 == stricmp(optionParam+1, "kinit") ||
+                0 == stricmp(optionParam+1, "i"))
+            {
+                LSH_DLGINFO_EX ldi;
+		char username[64]="";
+		char realm[192]="";
+		int i=0, j=0;
+                if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0)
+                    throw("Unable to lock ticketinfo");
+
+                LeashKRB5ListDefaultTickets(&ticketinfo.Krb5);
+
+                if ( ticketinfo.Krb5.btickets && ticketinfo.Krb5.principal ) {
+                    for (; ticketinfo.Krb5.principal[i] && ticketinfo.Krb5.principal[i] != '@'; i++)
+                    {
+                        username[i] = ticketinfo.Krb5.principal[i];
+                    }
+                    username[i] = '\0';
+                    if (ticketinfo.Krb5.principal[i]) {
+                        for (i++ ; ticketinfo.Krb5.principal[i] ; i++, j++)
+                        {
+                            realm[j] = ticketinfo.Krb5.principal[i];
+                        }
+                    }
+                    realm[j] = '\0';
+                }
+
+                LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
+
+                ReleaseMutex(ticketinfo.lockObj);
+
+				ldi.size = LSH_DLGINFO_EX_V1_SZ;
+				ldi.dlgtype = DLGTYPE_PASSWD;
+                ldi.title = "MIT Kerberos: Get Ticket";
+                ldi.username = username;
+				ldi.realm = realm;
+                ldi.dlgtype = DLGTYPE_PASSWD;
+                ldi.use_defaults = 1;
+
+                if (!pLeash_kinit_dlg_ex(hMsg, &ldi))
+                {
+                    MessageBox(hMsg, "There was an error getting tickets!",
+                               "Error", MB_OK);
+                    return FALSE;
+                }
+                return TRUE;
+            }
+            else if (0 == stricmp(optionParam+1, "destroy") ||
+                     0 == stricmp(optionParam+1, "d"))
+            {
+                if (pLeash_kdestroy())
+                {
+                    MessageBox(hMsg,
+                               "There was an error destroying tickets!",
+                               "Error", MB_OK);
+                    return FALSE;
+                }
+                return TRUE;
+            }
+            else if (0 == stricmp(optionParam+1, "renew") ||
+                     0 == stricmp(optionParam+1, "r"))
+            {
+                if (!pLeash_renew())
+                {
+                    MessageBox(hMsg,
+                               "There was an error renewing tickets!",
+                               "Error", MB_OK);
+                    return FALSE;
+                }
+                return TRUE;
+            }
+            else if (0 == stricmp(optionParam+1, "autoinit") ||
+                     0 == stricmp(optionParam+1, "a"))
+            {
+                autoInit = TRUE;
+            }
+            else if (0 == stricmp(optionParam+1, "console") ||
+                     0 == stricmp(optionParam+1, "c"))
+            {
+                FILE *dummy;
+                AllocConsole();
+                freopen_s(&dummy, "CONOUT$", "w", stderr);
+                freopen_s(&dummy, "CONOUT$", "w", stdout);
+            }
+            else if (0 == stricmp(optionParam+1, "noribbon"))
+            {
+                m_useRibbon = FALSE;
+            }
+            else
+            {
+                MessageBox(hMsg,
+                           "'-kinit' or '-i' to perform ticket initialization (and exit)\n"
+                            "'-renew' or '-r' to perform ticket renewal (and exit)\n"
+                            "'-destroy' or '-d' to perform ticket destruction (and exit)\n"
+                            "'-autoinit' or '-a' to perform automatic ticket initialization\n"
+                            "'-console' or '-c' to attach a console for debugging\n",
+                           "MIT Kerberos Error", MB_OK);
+                return FALSE;
+            }
+        }
+        else
+        {
+            MessageBox(hMsg,
+                        "'-kinit' or '-i' to perform ticket initialization (and exit)\n"
+                        "'-renew' or '-r' to perform ticket renewal (and exit)\n"
+                        "'-destroy' or '-d' to perform ticket destruction (and exit)\n"
+                        "'-autoinit' or '-a' to perform automatic ticket initialization\n",
+                       "MIT Kerberos Error", MB_OK);
+            return FALSE;
+        }
+    }
+
+    // Insure only one instance of Leash
+    if (!FirstInstance())
+        return FALSE;
+
+    if (!CWinAppEx::InitInstance())
+        return FALSE;
+
+    //register our unique wnd class name to find it later
+    WNDCLASS wndcls;
+    memset(&wndcls, 0, sizeof(WNDCLASS));
+    wndcls.style = CS_DBLCLKS | CS_HREDRAW | CS_VREDRAW;
+    wndcls.lpfnWndProc = ::LeashWindowProc;
+    wndcls.hInstance = AfxGetInstanceHandle();
+    wndcls.hIcon = LoadIcon(IDR_MAINFRAME);
+    wndcls.hCursor = LoadCursor(IDC_ARROW);
+    wndcls.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1);
+    wndcls.lpszMenuName = NULL;
+    //now the wnd class name to find it
+    wndcls.lpszClassName = _T("LEASH.0WNDCLASS");
+
+    //register the new class
+    if(!AfxRegisterClass(&wndcls))
+    {
+        TRACE("Class registration failed\n");
+        return FALSE;
+    }
+
+    AfxEnableControlContainer();
+
+	// Standard initialization
+	// If you are not using these features and wish to reduce the size
+	//  of your final executable, you should remove from the following
+	//  the specific initialization routines you do not need.
+
+#if _MSC_VER < 1300
+#ifdef _AFXDLL
+    Enable3dControls();			// Call this when using MFC in a shared DLL
+#else
+    Enable3dControlsStatic();	// Call this when linking to MFC statically
+#endif
+#endif
+
+    // Registry key under which our settings are stored.
+    if (m_pszAppName)
+        free((void*)m_pszAppName);
+    m_pszAppName = _tcsdup("MIT Kerberos");
+    SetRegistryKey(_T("MIT"));
+
+    LoadStdProfileSettings(); // Load standard INI file options (including MRU)
+
+    // Register the application's document templates.  Document templates
+    //  serve as the connection between documents, frame windows and views.
+
+    CSingleDocTemplate* pDocTemplate;
+    pDocTemplate = new CSingleDocTemplate(
+        IDR_MAINFRAME,
+        RUNTIME_CLASS(LeashDoc),
+        RUNTIME_CLASS(CMainFrame),       // main SDI frame window
+        RUNTIME_CLASS(CLeashView));
+    AddDocTemplate(pDocTemplate);
+
+	// Parse command line for standard shell commands, DDE, file open
+    CCommandLineInfo cmdInfo;
+    ParseCommandLine(cmdInfo);
+
+	// Dispatch commands specified on the command line
+    if (!ProcessShellCommand(cmdInfo))
+        return FALSE;
+
+    // Check to see if there are any tickets in the cache.  If not and
+    // autoinitialization is enabled, display the initial tickets dialog.
+    {
+        if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0)
+            throw("Unable to lock ticketinfo");
+        LeashKRB5ListDefaultTickets(&ticketinfo.Krb5);
+        BOOL b_autoinit = !ticketinfo.Krb5.btickets;
+        LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
+        ReleaseMutex(ticketinfo.lockObj);
+
+        if (autoInit) {
+            if ( b_autoinit )
+                AfxBeginThread(InitWorker, m_pMainWnd->m_hWnd);
+
+            IpAddrChangeMonitorInit(m_pMainWnd->m_hWnd);
+        }
+    }
+
+    // The one and only window has been initialized, so show and update it.
+    m_pMainWnd->SetWindowText("MIT Kerberos");
+    m_pMainWnd->UpdateWindow();
+    m_pMainWnd->ShowWindow(SW_SHOW);
+    m_pMainWnd->SetForegroundWindow();
+
+    ValidateConfigFiles();
+
+    return TRUE;
+}
+
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashApp commands
+
+// leash functions
+DECL_FUNC_PTR(Leash_kdestroy);
+DECL_FUNC_PTR(Leash_changepwd_dlg);
+DECL_FUNC_PTR(Leash_changepwd_dlg_ex);
+DECL_FUNC_PTR(Leash_kinit_dlg);
+DECL_FUNC_PTR(Leash_kinit_dlg_ex);
+DECL_FUNC_PTR(Leash_timesync);
+DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
+DECL_FUNC_PTR(Leash_set_default_uppercaserealm);
+DECL_FUNC_PTR(Leash_renew);
+
+FUNC_INFO leash_fi[] = {
+    MAKE_FUNC_INFO(Leash_kdestroy),
+    MAKE_FUNC_INFO(Leash_changepwd_dlg),
+    MAKE_FUNC_INFO(Leash_changepwd_dlg_ex),
+    MAKE_FUNC_INFO(Leash_kinit_dlg),
+	MAKE_FUNC_INFO(Leash_kinit_dlg_ex),
+    MAKE_FUNC_INFO(Leash_timesync),
+    MAKE_FUNC_INFO(Leash_get_default_uppercaserealm),
+    MAKE_FUNC_INFO(Leash_set_default_uppercaserealm),
+    MAKE_FUNC_INFO(Leash_renew),
+    END_FUNC_INFO
+};
+
+// com_err functions
+DECL_FUNC_PTR(error_message);
+FUNC_INFO ce_fi[] =  {
+    MAKE_FUNC_INFO(error_message),
+    END_FUNC_INFO
+};
+
+// psapi functions
+DECL_FUNC_PTR(GetModuleFileNameExA);
+DECL_FUNC_PTR(EnumProcessModules);
+
+FUNC_INFO psapi_fi[] = {
+    MAKE_FUNC_INFO(GetModuleFileNameExA),
+    MAKE_FUNC_INFO(EnumProcessModules),
+    END_FUNC_INFO
+};
+
+// toolhelp functions
+DECL_FUNC_PTR(CreateToolhelp32Snapshot);
+DECL_FUNC_PTR(Module32First);
+DECL_FUNC_PTR(Module32Next);
+
+FUNC_INFO toolhelp_fi[] = {
+    MAKE_FUNC_INFO(CreateToolhelp32Snapshot),
+    MAKE_FUNC_INFO(Module32First),
+    MAKE_FUNC_INFO(Module32Next),
+    END_FUNC_INFO
+};
+
+// krb5 functions
+DECL_FUNC_PTR(krb5_cc_default_name);
+DECL_FUNC_PTR(krb5_cc_set_default_name);
+DECL_FUNC_PTR(krb5_get_default_config_files);
+DECL_FUNC_PTR(krb5_free_config_files);
+DECL_FUNC_PTR(krb5_free_context);
+DECL_FUNC_PTR(krb5_get_default_realm);
+DECL_FUNC_PTR(krb5_free_default_realm);
+DECL_FUNC_PTR(krb5_init_context);
+DECL_FUNC_PTR(krb5_cc_default);
+DECL_FUNC_PTR(krb5_parse_name);
+DECL_FUNC_PTR(krb5_free_principal);
+DECL_FUNC_PTR(krb5_cc_close);
+DECL_FUNC_PTR(krb5_cc_get_principal);
+DECL_FUNC_PTR(krb5_build_principal);
+DECL_FUNC_PTR(krb5_c_random_make_octets);
+DECL_FUNC_PTR(krb5_get_init_creds_password);
+DECL_FUNC_PTR(krb5_free_cred_contents);
+DECL_FUNC_PTR(krb5_cc_resolve);
+DECL_FUNC_PTR(krb5_unparse_name);
+DECL_FUNC_PTR(krb5_free_unparsed_name);
+DECL_FUNC_PTR(krb5_cc_destroy);
+DECL_FUNC_PTR(krb5_cccol_cursor_new);
+DECL_FUNC_PTR(krb5_cccol_cursor_free);
+DECL_FUNC_PTR(krb5_cccol_cursor_next);
+DECL_FUNC_PTR(krb5_cc_start_seq_get);
+DECL_FUNC_PTR(krb5_cc_next_cred);
+DECL_FUNC_PTR(krb5_cc_end_seq_get);
+DECL_FUNC_PTR(krb5_cc_get_name);
+DECL_FUNC_PTR(krb5_cc_set_flags);
+DECL_FUNC_PTR(krb5_is_config_principal);
+DECL_FUNC_PTR(krb5_free_ticket);
+DECL_FUNC_PTR(krb5_decode_ticket);
+DECL_FUNC_PTR(krb5_cc_switch);
+DECL_FUNC_PTR(krb5_build_principal_ext);
+DECL_FUNC_PTR(krb5_get_renewed_creds);
+DECL_FUNC_PTR(krb5_cc_initialize);
+DECL_FUNC_PTR(krb5_cc_store_cred);
+DECL_FUNC_PTR(krb5_cc_get_full_name);
+DECL_FUNC_PTR(krb5_free_string);
+DECL_FUNC_PTR(krb5_enctype_to_name);
+DECL_FUNC_PTR(krb5_cc_get_type);
+DECL_FUNC_PTR(krb5int_cc_user_set_default_name);
+
+FUNC_INFO krb5_fi[] = {
+    MAKE_FUNC_INFO(krb5_cc_default_name),
+    MAKE_FUNC_INFO(krb5_cc_set_default_name),
+    MAKE_FUNC_INFO(krb5_get_default_config_files),
+    MAKE_FUNC_INFO(krb5_free_config_files),
+    MAKE_FUNC_INFO(krb5_free_context),
+    MAKE_FUNC_INFO(krb5_get_default_realm),
+    MAKE_FUNC_INFO(krb5_free_default_realm),
+    MAKE_FUNC_INFO(krb5_init_context),
+    MAKE_FUNC_INFO(krb5_cc_default),
+    MAKE_FUNC_INFO(krb5_parse_name),
+    MAKE_FUNC_INFO(krb5_free_principal),
+    MAKE_FUNC_INFO(krb5_cc_close),
+    MAKE_FUNC_INFO(krb5_cc_get_principal),
+    MAKE_FUNC_INFO(krb5_build_principal),
+    MAKE_FUNC_INFO(krb5_c_random_make_octets),
+    MAKE_FUNC_INFO(krb5_get_init_creds_password),
+    MAKE_FUNC_INFO(krb5_free_cred_contents),
+    MAKE_FUNC_INFO(krb5_cc_resolve),
+    MAKE_FUNC_INFO(krb5_unparse_name),
+    MAKE_FUNC_INFO(krb5_free_unparsed_name),
+    MAKE_FUNC_INFO(krb5_cc_destroy),
+    MAKE_FUNC_INFO(krb5_cccol_cursor_new),
+    MAKE_FUNC_INFO(krb5_cccol_cursor_next),
+    MAKE_FUNC_INFO(krb5_cccol_cursor_free),
+    MAKE_FUNC_INFO(krb5_cc_start_seq_get),
+    MAKE_FUNC_INFO(krb5_cc_next_cred),
+    MAKE_FUNC_INFO(krb5_cc_end_seq_get),
+    MAKE_FUNC_INFO(krb5_cc_get_name),
+    MAKE_FUNC_INFO(krb5_cc_set_flags),
+    MAKE_FUNC_INFO(krb5_is_config_principal),
+    MAKE_FUNC_INFO(krb5_free_ticket),
+    MAKE_FUNC_INFO(krb5_decode_ticket),
+    MAKE_FUNC_INFO(krb5_cc_switch),
+    MAKE_FUNC_INFO(krb5_build_principal_ext),
+    MAKE_FUNC_INFO(krb5_get_renewed_creds),
+    MAKE_FUNC_INFO(krb5_cc_initialize),
+    MAKE_FUNC_INFO(krb5_cc_store_cred),
+    MAKE_FUNC_INFO(krb5_cc_get_full_name),
+    MAKE_FUNC_INFO(krb5_free_string),
+    MAKE_FUNC_INFO(krb5_enctype_to_name),
+    MAKE_FUNC_INFO(krb5_cc_get_type),
+    MAKE_FUNC_INFO(krb5int_cc_user_set_default_name),
+    END_FUNC_INFO
+};
+
+// profile functions
+DECL_FUNC_PTR(profile_release);
+DECL_FUNC_PTR(profile_init);
+DECL_FUNC_PTR(profile_flush);
+DECL_FUNC_PTR(profile_rename_section);
+DECL_FUNC_PTR(profile_update_relation);
+DECL_FUNC_PTR(profile_clear_relation);
+DECL_FUNC_PTR(profile_add_relation);
+DECL_FUNC_PTR(profile_get_relation_names);
+DECL_FUNC_PTR(profile_get_subsection_names);
+DECL_FUNC_PTR(profile_get_values);
+DECL_FUNC_PTR(profile_free_list);
+DECL_FUNC_PTR(profile_abandon);
+DECL_FUNC_PTR(profile_get_string);
+DECL_FUNC_PTR(profile_release_string);
+
+FUNC_INFO profile_fi[] = {
+    MAKE_FUNC_INFO(profile_release),
+    MAKE_FUNC_INFO(profile_init),
+    MAKE_FUNC_INFO(profile_flush),
+    MAKE_FUNC_INFO(profile_rename_section),
+    MAKE_FUNC_INFO(profile_update_relation),
+    MAKE_FUNC_INFO(profile_clear_relation),
+    MAKE_FUNC_INFO(profile_add_relation),
+    MAKE_FUNC_INFO(profile_get_relation_names),
+    MAKE_FUNC_INFO(profile_get_subsection_names),
+    MAKE_FUNC_INFO(profile_get_values),
+    MAKE_FUNC_INFO(profile_free_list),
+    MAKE_FUNC_INFO(profile_abandon),
+    MAKE_FUNC_INFO(profile_get_string),
+    MAKE_FUNC_INFO(profile_release_string),
+    END_FUNC_INFO
+};
+
+// Tries to load the .DLL files.  If it works, we get some functions from them
+// and return a TRUE.  If it doesn't work, we return a FALSE.
+BOOL CLeashApp::InitDLLs()
+{
+    m_hLeashDLL = AfxLoadLibrary(LEASHDLL);
+    m_hKrb5DLL = AfxLoadLibrary(KERB5DLL);
+    m_hKrb5ProfileDLL = AfxLoadLibrary(KERB5_PPROFILE_DLL);
+    m_hComErr = AfxLoadLibrary(COMERR_DLL);
+
+#define PSAPIDLL "psapi.dll"
+#define TOOLHELPDLL "kernel32.dll"
+
+    m_hPsapi = AfxLoadLibrary(PSAPIDLL);
+    m_hToolHelp32 = AfxLoadLibrary(TOOLHELPDLL);
+
+    HWND hwnd = GetForegroundWindow();
+    if (!m_hLeashDLL)
+    {
+        // We couldn't load the m_hLeashDLL.
+        m_msgError = "Couldn't load the Leash DLL or one of its dependents.";
+        MessageBox(hwnd, m_msgError, "Error", MB_OK);
+        return FALSE;
+    }
+
+    if (!LoadFuncs(LEASHDLL, leash_fi, 0, 0, 1, 0, 0))
+    {
+        MessageBox(hwnd,
+                   "Functions within the Leash DLL didn't load properly!",
+                   "Error", MB_OK);
+        return FALSE;
+    }
+
+    if (!LoadFuncs(COMERR_DLL, ce_fi, &m_hComErr, 0, 0, 1, 0)) {
+        MessageBox(hwnd,
+                   "Functions within " COMERR_DLL "didn't load properly!",
+                   "Error", MB_OK);
+        return FALSE;
+    }
+
+    if (m_hKrb5DLL)
+    {
+        if (!LoadFuncs(KERB5DLL, krb5_fi, 0, 0, 1, 0, 0))
+        {
+            MessageBox(hwnd,
+                       "Unexpected error while loading " KERB5DLL ".\n"
+                       "Kerberos 5 functionality will be disabled.\n",
+                       "Error", MB_OK);
+            AfxFreeLibrary(m_hKrb5DLL);
+            m_hKrb5DLL = 0;
+        }
+        else if (!m_hKrb5ProfileDLL ||
+                 !LoadFuncs(KERB5_PPROFILE_DLL, profile_fi, 0, 0, 1, 0, 0))
+        {
+            MessageBox(hwnd,
+                       "Unexpected error while loading " KERB5_PPROFILE_DLL "."
+                       "\nKerberos 5 functionality will be disabled.\n",
+                       "Error", MB_OK);
+            AfxFreeLibrary(m_hKrb5ProfileDLL);
+            m_hKrb5ProfileDLL = 0;
+            // Use m_hKrb5DLL to undo LoadLibrary in loadfuncs...
+            UnloadFuncs(krb5_fi, m_hKrb5DLL);
+            AfxFreeLibrary(m_hKrb5DLL);
+            m_hKrb5DLL = 0;
+        }
+
+    }
+
+    OSVERSIONINFO osvi;
+    memset(&osvi, 0, sizeof(OSVERSIONINFO));
+    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+    GetVersionEx(&osvi);
+
+    // XXX: We should really use feature testing, first
+    // checking for CreateToolhelp32Snapshot.  If that's
+    // not around, we try the psapi stuff.
+    //
+    // Only load LSA functions if on NT/2000/XP
+    if(osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
+    {
+        // Windows 9x
+        AfxFreeLibrary(m_hPsapi);
+        m_hPsapi = NULL;
+        if (!m_hToolHelp32 ||
+            !LoadFuncs(TOOLHELPDLL, toolhelp_fi, 0, 0, 1, 0, 0))
+        {
+            MessageBox(hwnd, "Could not load " TOOLHELPDLL "!", "Error",
+                       MB_OK);
+            return FALSE;
+        }
+    }
+    else if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
+    {
+        // Windows NT
+        AfxFreeLibrary(m_hToolHelp32);
+        m_hToolHelp32 = NULL;
+        if (!m_hPsapi ||
+            !LoadFuncs(PSAPIDLL, psapi_fi, 0, 0, 1, 0, 0))
+        {
+            MessageBox(hwnd, "Could not load " PSAPIDLL "!", "Error", MB_OK);
+            return FALSE;
+        }
+
+		m_hKrbLSA  = AfxLoadLibrary(SECUR32DLL);
+    }
+    else
+    {
+        MessageBox(hwnd,
+                   "Unrecognized Operating System!",
+                   "Error", MB_OK);
+        return FALSE;
+    }
+
+    return TRUE;
+}
+
+
+BOOL CLeashApp::FirstInstance()
+{
+    CWnd* pWndprev;
+    CWnd* pWndchild;
+
+    //find if it exists
+    pWndprev = CWnd::FindWindow(_T("LEASH.0WNDCLASS"), NULL);
+    if (pWndprev)
+    {
+        //if it has popups
+        pWndchild = pWndprev->GetLastActivePopup();
+        //if iconic restore
+        if (pWndprev->IsIconic())
+            pWndprev->ShowWindow(SW_RESTORE);
+
+        //bring the wnd to foreground
+        pWndchild->SetForegroundWindow();
+
+        return FALSE;
+    }
+    //we could not find prev instance
+    else
+        return TRUE;
+}
+
+void
+CLeashApp::ValidateConfigFiles()
+{
+    char confname[257];
+    char realm[256]="";
+
+    CWinApp * pApp = AfxGetApp();
+    if (pApp)
+        if (!pApp->GetProfileInt("Settings", "CreateMissingConfig", FALSE_FLAG))
+            return;
+
+    if ( m_hKrb5DLL ) {
+        // Create the empty KRB5.INI file
+        if (!GetProfileFile(confname,sizeof(confname))) {
+            const char *filenames[2];
+		    filenames[0] = confname;
+		    filenames[1] = NULL;
+		    long retval = pprofile_init(filenames, &m_krbv5_profile);
+			if (!retval)
+				return;
+			else if (retval == ENOENT) {
+				FILE * f = fopen(confname,"w");
+				if (f != NULL) {
+					fclose(f);
+					retval = pprofile_init(filenames, &m_krbv5_profile);
+				}
+			}
+
+
+            const char*  lookupKdc[] = {"libdefaults", "dns_lookup_kdc", NULL};
+            const char*  lookupRealm[] = {"libdefaults", "dns_lookup_realm", NULL};
+            const char*  defRealm[] = {"libdefaults", "default_realm", NULL};
+            const char*  noAddresses[] = {"libdefaults", "noaddresses", NULL};
+
+            // activate DNS KDC Lookups
+            const char** names = lookupKdc;
+            retval = pprofile_add_relation(m_krbv5_profile,
+                                           names,
+                                           "true");
+
+            // activate No Addresses
+            names = noAddresses;
+            retval = pprofile_add_relation(m_krbv5_profile,
+                                           names,
+                                           "true");
+
+            // Get Windows 2000/XP/2003 Kerberos config
+            if ( m_hKrbLSA && m_hKrb5DLL )
+            {
+                char domain[256]="";
+                HKEY hk=0;
+                DWORD dwType, dwSize, dwIndex;
+
+                if ( !RegOpenKeyEx(HKEY_CURRENT_USER,
+                                    "Volatile Environment", 0,
+                                    KEY_READ, &hk) )
+                {
+                    dwSize = sizeof(domain);
+                    RegQueryValueEx(hk, "USERDNSDOMAIN", 0, 0, (LPBYTE)domain, &dwSize);
+                    RegCloseKey(hk);
+                }
+                else if (!RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+                             "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
+                             0, KEY_READ, &hk))
+                {
+
+                    dwSize = sizeof(domain);
+                    RegQueryValueEx( hk, "DefaultDomainName",
+                                     NULL, &dwType, (unsigned char *)&domain, &dwSize);
+                    RegCloseKey(hk);
+                }
+
+                char realmkey[256]="SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains\\";
+                size_t  keylen = strlen(realmkey)-1;
+
+                if ( domain[0] ) {
+                    strncpy(realm,domain,256);
+                    realm[255] = '\0';
+                    strncat(realmkey,domain,256-strlen(realmkey));
+                    realmkey[255] = '\0';
+                }
+
+                if ( domain[0] &&
+                     !RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+                                   realmkey,
+                                   0,
+                                   KEY_READ,
+                                   &hk)
+                     )
+                {
+                    RegCloseKey(hk);
+
+                    realmkey[keylen] = '\0';
+                    RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+                                 realmkey,
+                                 0,
+                                 KEY_READ|KEY_ENUMERATE_SUB_KEYS,
+                                 &hk);
+
+                    dwIndex = 0;
+                    unsigned char subkey[256];
+                    FILETIME ft;
+                    dwSize = 256;
+                    while ( ERROR_SUCCESS == RegEnumKeyEx(hk,dwIndex++,
+                                                          (char *)subkey,
+                                                          &dwSize,
+                                                          0,
+                                                          0,
+                                                          0,
+                                                          &ft) )
+                    {
+                        HKEY hksub;
+
+                        if ( !RegOpenKeyEx(hk,
+                                   (char *)subkey,
+                                   0,
+                                   KEY_READ,
+                                   &hksub) )
+                        {
+                            unsigned char * lpszValue = NULL, *p;
+                            dwSize = 0;
+							dwType = 0;
+                            RegQueryValueEx( hksub, "KdcNames",
+                                             NULL, &dwType, lpszValue, &dwSize);
+                            if ( dwSize > 0 ) {
+                                lpszValue = (unsigned char *)malloc(dwSize+1);
+                                dwSize += 1;
+                                RegQueryValueEx( hksub, "KdcNames",
+                                                 NULL, &dwType, lpszValue, &dwSize);
+
+                                p = lpszValue;
+                                while ( *p ) {
+                                    const char*  realmKdc[] = {"realms", (const char *)subkey, "kdc", NULL};
+                                    names = realmKdc;
+                                    retval = pprofile_add_relation(m_krbv5_profile,
+                                                                    names,
+                                                                    (const char *)p);
+
+                                    p += strlen((char*)p) + 1;
+                                }
+                                free(lpszValue);
+                            }
+                            RegCloseKey(hksub);
+                        }
+                    }
+                    RegCloseKey(hk);
+                }
+            } else {
+                // activate DNS Realm Lookups (temporarily)
+                names = lookupRealm;
+                retval = pprofile_add_relation(m_krbv5_profile,
+                                                names,
+                                                "true");
+            }
+
+            // Save to Kerberos Five config. file "Krb5.ini"
+            retval = pprofile_flush(m_krbv5_profile);
+
+
+            // Use DNS to retrieve the realm (if possible)
+            if (!realm[0]) {
+                krb5_context ctx = 0;
+                krb5_principal me = 0;
+                krb5_error_code code = 0;
+
+                code = pkrb5_init_context(&ctx);
+                if (code) goto no_k5_realm;
+
+                code = pkrb5_parse_name(ctx, "foo", &me);
+                if (code) goto no_k5_realm;
+
+                if ( krb5_princ_realm(ctx,me)->length < sizeof(realm) - 1) {
+                    memcpy(realm, krb5_princ_realm(ctx,me)->data,
+                            krb5_princ_realm(ctx,me)->length);
+                    realm[krb5_princ_realm(ctx,me)->length] = '\0';
+                }
+
+              no_k5_realm:
+                if ( me )
+                    pkrb5_free_principal(ctx,me);
+                if ( ctx )
+                    pkrb5_free_context(ctx);
+            }
+
+            // disable DNS Realm Lookups
+            retval = pprofile_update_relation(m_krbv5_profile,
+                                             names,
+                                             "true", "false");
+
+            // save the default realm if it was discovered
+            if ( realm[0] ) {
+                names = defRealm;
+                retval = pprofile_add_relation(m_krbv5_profile,
+                                               names,
+                                               realm);
+
+                // It would be nice to be able to generate a list of KDCs
+                // but to do so based upon the contents of DNS would be
+                // wrong for several reasons:
+                // . it would make static the values inserted into DNS SRV
+                //   records
+                // . DNS cannot necessarily be trusted
+            }
+
+            // Save to Kerberos Five config. file "Krb5.ini"
+            retval = pprofile_flush(m_krbv5_profile);
+
+            pprofile_release(m_krbv5_profile);
+            m_krbv5_profile = NULL;
+
+        }
+    }
+}
+
+BOOL
+CLeashApp::GetProfileFile(
+    LPSTR confname,
+    UINT szConfname
+    )
+{
+    char **configFile = NULL;
+    if (!m_hKrb5DLL)
+        return NULL;
+
+    if (pkrb5_get_default_config_files(&configFile))
+    {
+        GetWindowsDirectory(confname,szConfname);
+        confname[szConfname-1] = '\0';
+        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
+        confname[szConfname-1] = '\0';
+        return FALSE;
+    }
+
+    *confname = 0;
+
+    if (configFile)
+    {
+        strncpy(confname, *configFile, szConfname);
+        confname[szConfname-1] = '\0';
+        pkrb5_free_config_files(configFile);
+    }
+
+    if (!*confname)
+    {
+        GetWindowsDirectory(confname,szConfname);
+        confname[szConfname-1] = '\0';
+        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
+        confname[szConfname-1] = '\0';
+    }
+
+    return FALSE;
+}
+
+#define PROBE_USERNAME               "KERBEROS-KDC-PROBE"
+#define PROBE_PASSWORD_LEN           16
+
+BOOL
+CLeashApp::ProbeKDC(void)
+{
+    krb5_context ctx=0;
+    krb5_ccache  cc=0;
+    krb5_principal principal = 0;
+    krb5_principal probeprinc = 0;
+    krb5_creds     creds;
+    krb5_error_code code;
+    krb5_data pwdata;
+    char   password[PROBE_PASSWORD_LEN+1];
+    long   success = FALSE;
+
+    if (!pkrb5_init_context)
+        return success;
+
+    memset(&creds, 0, sizeof(creds));
+
+    code = pkrb5_init_context(&ctx);
+    if (code)
+        goto cleanup;
+
+    code = pkrb5_cc_default(ctx, &cc);
+    if (code)
+        goto cleanup;
+
+    code = pkrb5_cc_get_principal(ctx, cc, &principal);
+    if ( code )
+        code = pkrb5_parse_name(ctx, "foo", &principal);
+    if ( code )
+        goto cleanup;
+
+    code = pkrb5_build_principal( ctx, &probeprinc,
+                                  krb5_princ_realm(ctx,principal)->length,
+                                  krb5_princ_realm(ctx,principal)->data,
+                                  PROBE_USERNAME, NULL, NULL);
+    if ( code )
+        goto cleanup;
+
+    pwdata.data = password;
+    pwdata.length = PROBE_PASSWORD_LEN;
+    code = pkrb5_c_random_make_octets(ctx, &pwdata);
+    if (code) {
+        int i;
+        for ( i=0 ; i<PROBE_PASSWORD_LEN ; i )
+            password[i] = 'x';
+    }
+    password[PROBE_PASSWORD_LEN] = '\0';
+
+    code = pkrb5_get_init_creds_password(ctx,
+                                         &creds,
+                                         probeprinc,
+                                         password, // password
+                                         NULL, // prompter
+                                         0, // prompter data
+                                         0, // start time
+                                         0, // service name
+                                         0  // no options
+                                         );
+
+    switch ( code ) {
+    case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
+    case KRB5KDC_ERR_CLIENT_REVOKED:
+    case KRB5KDC_ERR_CLIENT_NOTYET:
+    case KRB5KDC_ERR_PREAUTH_FAILED:
+    case KRB5KDC_ERR_PREAUTH_REQUIRED:
+    case KRB5KDC_ERR_PADATA_TYPE_NOSUPP:
+        success = TRUE;
+        break;
+    }
+  cleanup:
+    if (creds.client == probeprinc)
+        creds.client = 0;
+    pkrb5_free_cred_contents(ctx, &creds);
+    if (principal)
+        pkrb5_free_principal(ctx,principal);
+    if (probeprinc)
+        pkrb5_free_principal(ctx,probeprinc);
+    if (cc)
+        pkrb5_cc_close(ctx,cc);
+    if (ctx)
+        pkrb5_free_context(ctx);
+    return success;
+}
+
+VOID
+CLeashApp::ObtainTicketsViaUserIfNeeded(HWND hWnd)
+{
+    if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0)
+        throw("Unable to lock ticketinfo");
+    LeashKRB5ListDefaultTickets(&ticketinfo.Krb5);
+    int btickets = ticketinfo.Krb5.btickets;
+    LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
+    ReleaseMutex(ticketinfo.lockObj);
+
+    if (ProbeKDC() && (!btickets || !pLeash_renew())) {
+        LSH_DLGINFO_EX ldi;
+        ldi.size = LSH_DLGINFO_EX_V1_SZ;
+        ldi.dlgtype = DLGTYPE_PASSWD;
+        ldi.title = "MIT Kerberos: Get Ticket";
+        ldi.username = NULL;
+        ldi.realm = NULL;
+        ldi.dlgtype = DLGTYPE_PASSWD;
+        ldi.use_defaults = 1;
+
+        pLeash_kinit_dlg_ex(hWnd, &ldi);
+    }
+    return;
+}
+
+// IP Change Monitoring Functions
+#include <Iphlpapi.h>
+
+
+DWORD
+CLeashApp::GetNumOfIpAddrs(void)
+{
+    PMIB_IPADDRTABLE pIpAddrTable = 0;
+    ULONG            dwSize;
+    DWORD            code;
+    DWORD            index;
+    DWORD            validAddrs = 0;
+
+    dwSize = 0;
+    code = GetIpAddrTable(NULL, &dwSize, 0);
+    if (code == ERROR_INSUFFICIENT_BUFFER) {
+        pIpAddrTable = (PMIB_IPADDRTABLE) malloc(dwSize);
+        code = GetIpAddrTable(pIpAddrTable, &dwSize, 0);
+        if ( code == NO_ERROR ) {
+            for ( index=0; index < pIpAddrTable->dwNumEntries; index++ ) {
+                if (pIpAddrTable->table[index].dwAddr != 0)
+                    validAddrs++;
+            }
+        }
+        free(pIpAddrTable);
+    }
+    return validAddrs;
+}
+
+UINT
+CLeashApp::IpAddrChangeMonitor(void * hWnd)
+{
+    DWORD Result;
+    DWORD prevNumOfAddrs = GetNumOfIpAddrs();
+    DWORD NumOfAddrs;
+
+    if ( !hWnd )
+        return 0;
+
+    while ( TRUE ) {
+        Result = NotifyAddrChange(NULL,NULL);
+        if ( Result != NO_ERROR ) {
+            // We do not have permission to open the device
+            return 0;
+        }
+
+        NumOfAddrs = GetNumOfIpAddrs();
+        if ( NumOfAddrs != prevNumOfAddrs ) {
+            // wait for the network state to stabilize
+            Sleep(2000);
+            // this call should probably be mutex protected
+            ObtainTicketsViaUserIfNeeded((HWND)hWnd);
+        }
+        prevNumOfAddrs = NumOfAddrs;
+    }
+
+    return 0;
+}
+
+
+DWORD
+CLeashApp::IpAddrChangeMonitorInit(HWND hWnd)
+{
+    AfxBeginThread(IpAddrChangeMonitor, hWnd);
+    return 0;
+}
+
+UINT
+CLeashApp::InitWorker(void * hWnd)
+{
+    if ( ProbeKDC() ) {
+        LSH_DLGINFO_EX ldi;
+        ldi.size = LSH_DLGINFO_EX_V1_SZ;
+        ldi.dlgtype = DLGTYPE_PASSWD;
+        ldi.title = "Initialize Ticket";
+        ldi.username = NULL;
+        ldi.realm = NULL;
+        ldi.use_defaults = 1;
+
+        pLeash_kinit_dlg_ex((HWND)hWnd, &ldi);
+        ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+    }
+    return 0;
+}
+
+#ifdef USE_HTMLHELP
+#if _MSC_VER < 1300
+void
+CLeashApp::WinHelp(DWORD dwData, UINT nCmd)
+{
+	switch (nCmd)
+	{
+		case HELP_CONTEXT:
+			::HtmlHelp(GetDesktopWindow(), m_helpFile, HH_HELP_CONTEXT, dwData );
+			break;
+		case HELP_FINDER:
+			::HtmlHelp(GetDesktopWindow(), m_helpFile, HH_DISPLAY_TOPIC, 0);
+            break;
+	}
+}
+#endif
+#endif
+
+
+BOOL CLeashApp::OnIdle(LONG lCount)
+{
+    // TODO: Add your specialized code here and/or call the base class
+    BOOL retval = CWinAppEx::OnIdle(lCount);
+    if ((lCount == 0) && m_bUpdateDisplay) {
+        m_bUpdateDisplay = FALSE;
+        m_pMainWnd->SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+    }
+    return retval;
+}
diff --git a/krb5-1.21.3/src/windows/leash/Leash.h b/krb5-1.21.3/src/windows/leash/Leash.h
new file mode 100644
index 00000000..801df5fb
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/Leash.h
@@ -0,0 +1,162 @@
+//	**************************************************************************************
+//	File:			Leash.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:	H file for Leash.cpp. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#if !defined(AFX_Leash_H__6F45AD91_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
+#define AFX_Leash_H__6F45AD91_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_
+
+#if _MSC_VER >= 1000
+#pragma once
+#endif // _MSC_VER >= 1000
+
+#ifndef __AFXWIN_H__
+	#error include 'stdafx.h' before including this file for PCH
+#endif
+
+// Help
+#define HID_GET_TICKETS_COMMAND			98343 // ID_INIT_TICKET + 65536
+#define HID_RENEW_TICKETS_COMMAND       98312 // ID_RENEW_TICKET + 65536
+#define HID_DESTROY_TICKETS_COMMAND     98313
+#define HID_SYNCHRONIZE_TIME_OPTION     98314
+#define HID_CHANGE_PASSWORD_COMMAND		98315
+#define HID_UPDATE_DISPLAY_COMMAND      98316
+#define HID_DEBUG_WINDOW_OPTION			98317
+#define HID_LEASH_PROGRAM               98319
+#define HID_ABOUT_KERBEROS              98320
+#define HID_LARGE_ICONS_OPTION          98322
+#define HID_DESTROY_TICKETS_ON_EXIT		98321
+#define HID_UPPERCASE_REALM_OPTION      98323
+#define HID_RESET_WINDOW_OPTION			98326
+#define HID_KRB5_PROPERTIES_COMMAND		98330
+#define HID_LEASH_PROPERTIES_COMMAND	98331
+#define HID_LOW_TICKET_ALARM_OPTION		98334
+#define HID_KRBCHECK_OPTION				98335
+#define HID_KERBEROS_PROPERTIES_COMMAND 98337
+#define HID_HELP_CONTENTS               98340
+#define HID_WHY_USE_LEASH32				98341
+
+#define HID_ABOUT_LEASH32_COMMAND       123200
+#define HID_EXIT_COMMAND                123201
+#define HID_TOOLBAR_OPTION				124928
+#define HID_STATUS_BAR_OPTION           124929
+#define HID_LEASH_COMMANDS              131200
+#define HID_ABOUT_LEASH32_MODULES       131225
+#define HID_DEBUG_WINDOW				131229
+#define HID_KERBEROS_PROPERTIES_EDIT	131233
+#define HID_LEASH_PROPERTIES_EDIT		131239
+#define HID_KRB5_PROPERTIES_FORWARDING  131240
+#define HID_KRB5_PROPERTIES_EDIT	    131241
+#define HID_KERBEROS_PROPERTIES_LISTRLM 131250
+#define HID_KERBEROS_PROPERTIES_ADDRLM  131253
+#define HID_KERBEROS_PROPERTIES_EDITRLM 131254
+#define HID_KERBEROS_PROPERTIES_ADDDOM  131255
+#define HID_KERBEROS_PROPERTIES_EDITDOM 131256
+#define HID_KERBEROS_PROPERTIES_ADDHOST 131269
+#define HID_KERBEROS_PROPERTIES_EDITHOST 131271
+#define HID_KERBEROS_PROPERTIES_LISTDOM 131279
+
+#define USE_HTMLHELP
+
+#ifdef USE_HTMLHELP
+#if _MSC_VER >= 1300
+#define CALL_HTMLHELP
+#endif
+#endif
+
+////Is this a good place for these defines?
+#if !defined(MAX_HSTNM)
+#define         MAX_HSTNM       100
+#endif
+
+
+#include "resource.h"       // main symbols
+#include "lglobals.h"
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashApp:
+// See Leash.cpp for the implementation of this class
+//
+
+class CLeashApp : public CWinAppEx
+{
+private:
+	CString		m_leashDLL;
+	CString		m_krbDLL;
+    CString     m_helpFile;
+	CString		m_msgError;
+
+	BOOL		InitDLLs();
+	BOOL		FirstInstance();
+
+public:
+	static HWND			m_hProgram;
+	static HINSTANCE	m_hLeashDLL;
+	static HINSTANCE	m_hComErr;
+////
+	static HINSTANCE	m_hKrb5DLL;
+	static HINSTANCE	m_hKrb5ProfileDLL;
+	static HINSTANCE	m_hPsapi;
+	static HINSTANCE	m_hToolHelp32;
+	static krb5_context m_krbv5_context;
+	static profile_t    m_krbv5_profile;
+	static HINSTANCE    m_hKrbLSA;
+	static int          m_useRibbon; // temporary while ribbon UI in dev
+	static BOOL         m_bUpdateDisplay;
+
+	CLeashApp();
+	virtual ~CLeashApp();
+
+    static BOOL  GetProfileFile(LPSTR confname, UINT szConfname);
+    static void  ValidateConfigFiles();
+    static void  ObtainTicketsViaUserIfNeeded(HWND hWnd);
+    static DWORD GetNumOfIpAddrs(void);
+    static UINT  IpAddrChangeMonitor(void *);
+           DWORD IpAddrChangeMonitorInit(HWND hWnd);
+    static BOOL  ProbeKDC(void);
+    static UINT  InitWorker(void *);
+
+	// Overrides
+	// ClassWizard generated virtual function overrides
+	//{{AFX_VIRTUAL(CLeashApp)
+	public:
+	virtual BOOL InitInstance();
+#ifdef USE_HTMLHELP
+#if _MSC_VER < 1300
+    virtual void WinHelp(DWORD dwData, UINT nCmd);
+#endif
+#endif
+    //}}AFX_VIRTUAL
+
+    virtual void ParseParam (LPCTSTR lpszParam,BOOL bFlag,BOOL bLast );
+
+  protected:
+// Implementation
+
+	//{{AFX_MSG(CLeashApp)
+    //}}AFX_MSG
+	DECLARE_MESSAGE_MAP()
+public:
+    virtual BOOL OnIdle(LONG lCount);
+};
+
+extern CLeashApp theApp;
+
+/////////////////////////////////////////////////////////////////////////////
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Developer Studio will insert additional declarations immediately before the previous line.
+
+
+
+#endif // !defined(AFX_Leash_H__6F45AD91_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/Leash.rc b/krb5-1.21.3/src/windows/leash/Leash.rc
new file mode 100644
index 00000000..a140dfc6
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/Leash.rc
@@ -0,0 +1,767 @@
+// Microsoft Visual C++ generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#include "afxres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (United States) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE
+BEGIN
+    "#include ""afxres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE
+BEGIN
+    "#define _AFX_NO_SPLITTER_RESOURCES\r\n"
+    "#define _AFX_NO_OLE_RESOURCES\r\n"
+    "#define _AFX_NO_TRACKER_RESOURCES\r\n"
+    "#define _AFX_NO_PROPERTY_RESOURCES\r\n"
+    "\r\n"
+    "#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)\r\n"
+    "#ifdef _WIN32\r\n"
+    "LANGUAGE 9, 1\r\n"
+    "#pragma code_page(1252)\r\n"
+    "#endif\r\n"
+    "#include ""res\\Leash.rc2""  // non-Microsoft Visual C++ edited resources\r\n"
+    "#include ""afxres.rc""         // Standard components\r\n"
+    "#endif\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+IDR_MAINFRAME           ICON                    "res\\Leash.ico"
+IDR_LeashTYPE           ICON                    "res\\Leash_Doc.ico"
+IDI_LEASH_PRINCIPAL_GOOD ICON                    "res\\Leash_user_green.ico"
+IDI_LEASH_PRINCIPAL_LOW ICON                    "res\\Leash_user_orange.ico"
+IDI_LEASH_PRINCIPAL_EXPIRED ICON                    "res\\Leash_user_red.ico"
+IDI_LEASH_PRINCIPAL_NONE ICON                    "res\\Leash_user_out.ico"
+IDI_LEASH               ICON                    "res\\Leash.ico"
+IDI_TICKETTYPE_GOOD     ICON                    "res\\Leash_tickets_green.ico"
+IDI_TICKETTYPE_LOW      ICON                    "res\\Leash_tickets_orange.ico"
+IDI_TICKETTYPE_EXPIRED  ICON                    "res\\Leash_tickets_red.ico"
+IDI_TICKETTYPE_NOTINSTALLED ICON                    "res\\Leash_tickets_out.ico"
+IDI_TICKET_GOOD         ICON                    "res\\Leash_tkt_green.ico"
+IDI_TICKET_LOW          ICON                    "res\\Leash_tkt_orange.ico"
+IDI_TICKET_EXPIRED      ICON                    "res\\Leash_tkt_red.ico"
+IDI_LEASH_TRAY_GOOD     ICON                    "res\\status_greenK.ico"
+IDI_LEASH_TRAY_LOW      ICON                    "res\\status_yelloK.ico"
+IDI_LEASH_TRAY_EXPIRED  ICON                    "res\\status_redK.ico"
+IDI_LEASH_TRAY_NONE     ICON                    "res\\status_grayK.ico"
+IDI_LEASH_TICKET_ADDRESS ICON                    "res\\address.ico"
+IDI_LEASH_TICKET_SESSION ICON                    "res\\key.ico"
+IDI_LEASH_TICKET_ENCRYPTION ICON                    "res\\encryption.ico"
+IDI_TOOLBAR_INIT        ICON                    "res\\new.ico"
+IDI_TOOLBAR_RENEW       ICON                    "res\\renew.ico"
+IDI_TOOLBAR_DESTROY     ICON                    "res\\destroy.ico"
+IDI_TOOLBAR_PASSWORD    ICON                    "res\\password.ico"
+IDI_TOOLBAR_REFRESH     ICON                    "res\\refresh.ico"
+IDI_TOOLBAR_SYNC        ICON                    "res\\sync.ico"
+IDI_TOOLBAR_INIT_DISABLED ICON                    "res\\new_disabled.ico"
+IDI_TOOLBAR_RENEW_DISABLED ICON                    "res\\renew_disabled.ico"
+IDI_TOOLBAR_DESTROY_DISABLED ICON                    "res\\destroy_disabled.ico"
+IDI_TOOLBAR_PASSWORD_DISABLED ICON                    "res\\password_disabled.ico"
+IDI_TOOLBAR_REFRESH_DISABLED ICON                    "res\\refresh_disabled.ico"
+IDI_TOOLBAR_SYNC_DISABLED ICON                    "res\\sync_disabled.ico"
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Menu
+//
+
+IDR_MAINFRAME MENU
+BEGIN
+    POPUP "&File"
+    BEGIN
+        MENUITEM "&Get Ticket(s)\tCtrl+T",      ID_INIT_TICKET
+        MENUITEM "&Renew Ticket(s)\tCtrl+R",    ID_RENEW_TICKET
+        MENUITEM "&Destroy Ticket(s)\tCtrl+D",  ID_DESTROY_TICKET
+        MENUITEM SEPARATOR
+        MENUITEM "&Change Password...",         ID_CHANGE_PASSWORD
+        MENUITEM SEPARATOR
+        MENUITEM "E&xit",                       ID_APP_EXIT
+    END
+    POPUP "&View"
+    BEGIN
+        MENUITEM "&Time Issued",                ID_TIME_ISSUED
+        MENUITEM "&Renewable Until",            ID_RENEWABLE_UNTIL
+        MENUITEM "&Valid Until",                ID_VALID_UNTIL
+        MENUITEM "&Encryption Type",            ID_ENCRYPTION_TYPE
+        MENUITEM "&Flags",                      ID_SHOW_TICKET_FLAGS
+        MENUITEM "&Credential Cache Name",      ID_CCACHE_NAME
+    END
+    POPUP "&Options"
+    BEGIN
+        MENUITEM "Upper &Case Realm Name",      ID_UPPERCASE_REALM
+        MENUITEM "&Automatic Ticket Renewal",   ID_AUTO_RENEW
+        MENUITEM "&Expiration Alarm",           ID_LOW_TICKET_ALARM
+        MENUITEM "&Destroy Tickets on Exit",    ID_KILL_TIX_ONEXIT
+    END
+    POPUP "&Help"
+    BEGIN
+        MENUITEM "Why Use Leash",               ID_HELP_WHYUSELEASH32
+        MENUITEM "About &Kerberos ",            ID_HELP_KERBEROS_
+        MENUITEM SEPARATOR
+        MENUITEM "&Contents",                   ID_HELP_LEASH32
+        MENUITEM "&Index",                      ID_HELP_LEASH_
+        MENUITEM SEPARATOR
+        MENUITEM "&About Leash",                ID_APP_ABOUT
+    END
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Accelerator
+//
+
+IDR_MAINFRAME ACCELERATORS
+BEGIN
+    "C",            ID_EDIT_COPY,           VIRTKEY, CONTROL, NOINVERT
+    "D",            ID_DESTROY_TICKET,      VIRTKEY, CONTROL, NOINVERT
+    "M",            ID_MAKE_DEFAULT,        VIRTKEY, CONTROL, NOINVERT
+    "N",            ID_FILE_NEW,            VIRTKEY, CONTROL, NOINVERT
+    "O",            ID_FILE_OPEN,           VIRTKEY, CONTROL, NOINVERT
+    "P",            ID_CHANGE_PASSWORD,     VIRTKEY, CONTROL, NOINVERT
+    "R",            ID_RENEW_TICKET,        VIRTKEY, CONTROL, NOINVERT
+    "S",            ID_FILE_SAVE,           VIRTKEY, CONTROL, NOINVERT
+    "T",            ID_INIT_TICKET,         VIRTKEY, CONTROL, NOINVERT
+    "V",            ID_EDIT_PASTE,          VIRTKEY, CONTROL, NOINVERT
+    VK_BACK,        ID_EDIT_UNDO,           VIRTKEY, ALT, NOINVERT
+    VK_DELETE,      ID_BUTTON_REALM_REMOVE, VIRTKEY, NOINVERT
+    VK_DELETE,      ID_EDIT_CUT,            VIRTKEY, SHIFT, NOINVERT
+    VK_F1,          ID_HELP,                VIRTKEY, NOINVERT
+    VK_F1,          ID_CONTEXT_HELP,        VIRTKEY, SHIFT, NOINVERT
+    VK_F5,          ID_UPDATE_DISPLAY,      VIRTKEY, NOINVERT
+    VK_F6,          ID_NEXT_PANE,           VIRTKEY, NOINVERT
+    VK_F6,          ID_PREV_PANE,           VIRTKEY, SHIFT, NOINVERT
+    VK_INSERT,      ID_EDIT_COPY,           VIRTKEY, CONTROL, NOINVERT
+    VK_INSERT,      ID_EDIT_PASTE,          VIRTKEY, SHIFT, NOINVERT
+    "X",            ID_EDIT_CUT,            VIRTKEY, CONTROL, NOINVERT
+    "Z",            ID_EDIT_UNDO,           VIRTKEY, CONTROL, NOINVERT
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+IDD_FRAMEOWNER DIALOG  0, 0, 219, 49
+STYLE DS_SETFONT | WS_POPUP
+FONT 8, "MS Sans Serif"
+BEGIN
+END
+
+IDD_LEASH_FORMVIEW DIALOGEX 0, 0, 349, 163
+STYLE DS_SETFONT | DS_3DLOOK | WS_CHILD
+FONT 8, "MS Sans Serif", 0, 0, 0x0
+BEGIN
+    CONTROL         "Tree1",IDC_TREEVIEW,"SysTreeView32",TVS_HASBUTTONS |
+                    TVS_HASLINES | TVS_LINESATROOT | TVS_DISABLEDRAGDROP |
+                    TVS_INFOTIP | WS_HSCROLL | WS_TABSTOP,0,19,164,13
+    LTEXT           "Your Kerberos Tickets (Issued/Expires/[Renew]/Principal)",
+                    IDC_LABEL_KERB_TICKETS,6,5,280,12
+    CONTROL         "",IDC_LEASH_MAINVIEW,"SysListView32",LVS_REPORT |
+                    LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,0,43,347,88
+END
+
+IDD_LEASH_ABOUTBOX DIALOGEX 0, 0, 310, 146
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "About MIT Kerberos"
+FONT 8, "MS Sans Serif", 0, 0, 0x0
+BEGIN
+    CONTROL         "Leash Modules",IDC_LEASH_MODULES,"Button",
+                    BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,10,127,64,10
+    CONTROL         "Missing Modules",IDC_NOT_LOADED_MODULES,"Button",
+                    BS_AUTORADIOBUTTON | WS_TABSTOP,77,127,68,10
+    CONTROL         "All Modules",IDC_ALL_MODULES,"Button",
+                    BS_AUTORADIOBUTTON | WS_TABSTOP,148,127,52,10
+    PUSHBUTTON      "&Properties",IDC_PROPERTIES,209,125,56,14
+    DEFPUSHBUTTON   "&OK",IDOK,268,125,35,14
+    LISTBOX         IDC_LEASH_MODULE_LB,7,50,296,62,LBS_SORT |
+                    LBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_HSCROLL |
+                    WS_TABSTOP
+    ICON            IDR_MAINFRAME,IDC_STATIC_ABOUTBOX_LEASH,11,9,20,20
+    LTEXT           "Modules Loaded:",IDC_STATIC_MODULES_LOADED,8,40,56,8
+    LTEXT           "3",IDC_STATIC_NO_OF_MODULES,67,40,8,8
+    EDITTEXT        IDC_ABOUT_COPYRIGHT,40,19,263,11,ES_AUTOHSCROLL |
+                    ES_READONLY | NOT WS_BORDER | WS_GROUP | NOT WS_TABSTOP
+    EDITTEXT        IDC_ABOUT_VERSION,40,8,263,11,ES_AUTOHSCROLL |
+                    ES_READONLY | NOT WS_BORDER | WS_GROUP | NOT WS_TABSTOP
+END
+
+IDD_LEASH_DEBUG_WINDOW DIALOG  200, 200, 338, 197
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION |
+    WS_SYSMENU
+CAPTION "Leash Debug Window"
+FONT 8, "MS Sans Serif"
+BEGIN
+    PUSHBUTTON      "Copy &All To Clipboard",IDC_COPY_TO_CLIPBOARD,181,179,
+                    96,14
+    LISTBOX         IDC_DEBUG_LISTBOX,7,7,324,162,LBS_NOINTEGRALHEIGHT |
+                    WS_VSCROLL | WS_TABSTOP
+    PUSHBUTTON      "&Cancel",IDCANCEL,281,179,50,14
+    LTEXT           "Log File Location:",IDC_LOG_FILE_LOCATION_LABEL,10,182,
+                    57,8
+    LTEXT           "C:\\TEMP\\",IDC_LOG_FILE_LOCATION_TEXT,68,182,105,8
+END
+
+IDD_LEASH_MESSAGE_BOX DIALOG  0, 0, 257, 60
+STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_CENTER | WS_POPUP |
+    WS_CAPTION
+CAPTION "MIT Kerberos Warning"
+FONT 8, "MS Sans Serif"
+BEGIN
+    DEFPUSHBUTTON   "OK",IDOK,104,42,50,14
+    CTEXT           "Leash Warning Here!!!",IDC_LEASH_WARNING_MSG,0,7,257,27
+END
+
+IDD_KRB_PROP_CONTENT DIALOG  0, 0, 314, 172
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Default Realm Configuration"
+FONT 8, "MS Sans Serif"
+BEGIN
+    COMBOBOX        IDC_EDIT_DEFAULT_REALM,12,28,289,84,CBS_DROPDOWNLIST |
+                    CBS_SORT | WS_VSCROLL | WS_TABSTOP
+    EDITTEXT        IDC_EDIT_REALM_HOSTNAME,12,57,289,12,ES_AUTOHSCROLL |
+                    ES_READONLY | NOT WS_TABSTOP
+    LTEXT           "Your Kerberos Realm:",IDC_STATIC_DEFAULT_REALM,12,17,70,
+                    8
+    GROUPBOX        "Kerberos Realm/Host Server",IDC_STATIC_KRB,7,3,300,77
+    GROUPBOX        "Computer Host/Domain Name",IDC_STATIC_KRBREALM,7,89,300,
+                    75
+    LTEXT           "Your Computer's Host Name",IDC_STATIC_HOST,12,101,90,8
+    LTEXT           "Your Computer's Domain Name:",IDC_STATIC_DOMAIN,12,129,
+                    101,8
+    EDITTEXT        IDC_EDIT_HOSTNAME,12,112,289,12,ES_AUTOHSCROLL |
+                    ES_READONLY | NOT WS_TABSTOP
+    EDITTEXT        IDC_EDIT_DOMAINNAME,12,140,289,12,ES_AUTOHSCROLL |
+                    ES_READONLY | NOT WS_TABSTOP
+    LTEXT           "Your Kerberos Server:",IDC_STATIC_REALM_HOSTNAME,12,46,
+                    70,8
+END
+
+IDD_LEASH_FILESPECIAL DIALOG  0, 0, 241, 112
+STYLE DS_SETFONT | WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS
+FONT 8, "MS Sans Serif"
+BEGIN
+    GROUPBOX        "",stc32,7,7,227,98,NOT WS_VISIBLE
+END
+
+IDD_KRB5_PROP_CONTENT DIALOG  0, 0, 321, 126
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Configuration Options"
+FONT 8, "MS Sans Serif"
+BEGIN
+    GROUPBOX        "Ticket Options",IDC_STATIC_TICKET_OPTIONS,7,7,307,41
+    CONTROL         "&Forwardable",IDC_CHECK_FORWARDABLE,"Button",
+                    BS_AUTOCHECKBOX | WS_TABSTOP,18,23,55,10
+    CONTROL         "&Proxiable",IDC_CHECK_PROXIABLE,"Button",
+                    BS_AUTOCHECKBOX | WS_TABSTOP,94,23,45,10
+    CONTROL         "&Renewable",IDC_CHECK_RENEWABLE,"Button",
+                    BS_AUTOCHECKBOX | WS_TABSTOP,160,23,52,10
+    CONTROL         "No &Addresses",IDC_CHECK_NO_ADDRESS,"Button",
+                    BS_AUTOCHECKBOX | WS_TABSTOP,233,23,60,10
+END
+
+IDD_KRB5_PROP_LOCATION DIALOG  0, 0, 321, 173
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "File Location"
+FONT 8, "MS Sans Serif"
+BEGIN
+    GROUPBOX        "&Ticket File",IDC_STATIC__KRB5_TICKETFILE,7,8,307,67
+    EDITTEXT        IDC_EDIT_KRB5_TXT_FILE,17,21,291,12,ES_AUTOHSCROLL
+    LTEXT           "Ticket file name is set in your computer's environment!\nTo edit, remove it from the environment.",
+                    IDC_STATIC_TICKETFILE,12,51,284,19
+    GROUPBOX        "&Configuration File",IDC_STATIC_TICKET_FILE,7,86,307,80
+    EDITTEXT        IDC_EDIT_KRB5INI_LOCATION,17,100,237,12,ES_AUTOHSCROLL |
+                    WS_GROUP
+    PUSHBUTTON      "&Browse",IDC_BUTTON_KRB5INI_BROWSE,259,99,50,14,
+                    WS_GROUP
+    CONTROL         "Confirm that new configuration file &exists.",
+                    IDC_CHECK_CONFIRM_KRB5_EXISTS,"Button",BS_AUTOCHECKBOX |
+                    WS_TABSTOP,12,123,143,10
+    LTEXT           "Configuration file location is set in your computer's environment!\nTo edit, remove it from the environment.",
+                    IDC_STATIC_INIFILES,12,142,284,19
+END
+
+IDD_KRB_REALMHOST_MAINT DIALOG  0, 0, 316, 213
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Realm / Server Mapping"
+FONT 8, "MS Sans Serif"
+BEGIN
+    DEFPUSHBUTTON   "In&sert",IDC_BUTTON_REALM_HOST_ADD,27,190,34,14
+    PUSHBUTTON      "&Remove",ID_BUTTON_REALM_REMOVE,64,190,34,14
+    PUSHBUTTON      "Re&name",IDC_BUTTON_REALM_EDIT,102,190,34,14
+    LISTBOX         IDC_LIST_KDC_REALM,7,21,146,160,LBS_SORT |
+                    LBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
+    LISTBOX         IDC_LIST_KDC_HOST,163,21,146,78,LBS_NOINTEGRALHEIGHT |
+                    WS_VSCROLL | WS_HSCROLL | WS_TABSTOP
+    LTEXT           "Kerberos Realms",IDC_STATIC_REALM,8,11,54,8
+    LTEXT           "Servers Hosting a KDC",IDC_STATIC,163,11,74,8
+    PUSHBUTTON      "&Make Admin",IDC_BUTTON_ADMINSERVER,176,106,55,14,
+                    WS_DISABLED
+    DEFPUSHBUTTON   "Inser&t",IDC_BUTTON_KDCHOST_ADD,183,127,34,14
+    PUSHBUTTON      "Rem&ove",IDC_BUTTON_KDCHOST_REMOVE,220,127,34,14
+    PUSHBUTTON      "Ed&it",IDC_BUTTON_KDCHOST_EDIT,257,126,34,14
+    PUSHBUTTON      "R&emove Admin",IDC_BUTTON_REMOVE_ADMINSERVER,242,106,55,
+                    14,WS_DISABLED
+    CONTROL         "Use DNS KDC Lookup",IDC_DNS_KDC,"Button",
+                    BS_AUTOCHECKBOX | WS_TABSTOP,169,158,131,10
+END
+
+IDD_KRB_ADD_REALM DIALOG  0, 0, 295, 94
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Add a Kerberos Realm"
+FONT 8, "MS Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT_REALM,70,39,213,12,ES_UPPERCASE |
+                    ES_AUTOHSCROLL
+    PUSHBUTTON      "&OK",IDOK,232,67,50,14
+    PUSHBUTTON      "&Cancel",IDCANCEL,179,67,50,14
+    LTEXT           "Kerberos Realm:",IDC_STATIC_REALM_HOSTNAME,12,41,53,8
+    LTEXT           "NOTE: You are about to add a Realm to the ""Kerberos Realm"" Listbox!!!",
+                    IDC_STATIC_NOTE,11,15,271,8
+END
+
+IDD_KRB_EDIT_REALM DIALOG  0, 0, 295, 94
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Edit Kerberos Realm"
+FONT 8, "MS Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT_REALM,70,39,213,12,ES_UPPERCASE |
+                    ES_AUTOHSCROLL
+    PUSHBUTTON      "&OK",IDOK,231,67,50,14
+    PUSHBUTTON      "&Cancel",IDCANCEL,179,67,50,14
+    LTEXT           "Kerberos Realm:",IDC_STATIC_DEFAULT_REALM,12,41,53,8
+    LTEXT           "NOTE: You are about to edit a Realm to the ""Kerberos Realm"" Listbox!!!",
+                    IDC_STATIC_NOTE,11,15,267,8
+END
+
+IDD_KRB_ADD_KDC_HOSTSERVER DIALOG  0, 0, 295, 94
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Add a Kerberos Host Server"
+FONT 8, "MS Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT_KDC_HOST,70,39,213,12,ES_AUTOHSCROLL
+    DEFPUSHBUTTON   "OK",IDOK,231,67,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,179,67,50,14
+    LTEXT           "Kerberos Server:",IDC_STATIC_DEFAULT_REALM,11,41,54,8
+    LTEXT           "NOTE: You are about to add a Server to the"" Server Hosting a KDC"" Listbox!!! ",
+                    IDC_STATIC_NOTE,11,15,267,8
+END
+
+IDD_KRB_EDIT_KDC_HOSTSERVER DIALOG  0, 0, 295, 94
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Edit a Kerberos Server"
+FONT 8, "MS Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT_KDC_HOST,70,39,213,12,ES_AUTOHSCROLL
+    PUSHBUTTON      "&OK",IDOK,231,67,50,14
+    PUSHBUTTON      "&Cancel",IDCANCEL,180,67,50,14
+    LTEXT           "Kerberos Server:",IDC_STATIC_REALM,11,41,54,8
+    LTEXT           "NOTE: You are about to edit a Server to the"" Server Hosting a KDC"" Listbox!!! ",
+                    IDC_STATIC_NOTE,11,15,267,8
+END
+
+IDD_KRB_DOMAINREALM_MAINT DIALOG  0, 0, 314, 213
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "DNS / Realm Mapping"
+FONT 8, "MS Sans Serif"
+BEGIN
+    LISTBOX         IDC_LIST_DOMAINREALM,7,7,299,174,LBS_SORT |
+                    LBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
+    DEFPUSHBUTTON   "&Insert",IDC_BUTTON_HOST_ADD,77,192,50,14
+    PUSHBUTTON      "&Remove",ID_BUTTON_HOST_REMOVE,131,192,50,14
+    PUSHBUTTON      "&Edit",IDC_BUTTON_HOST_EDIT,185,192,50,14
+END
+
+IDD_KRB_PROP_MISC DIALOGEX 0, 0, 314, 215
+STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Ticket Lifetime and Other Initialization Options"
+FONT 8, "MS Sans Serif", 0, 0, 0x0
+BEGIN
+    GROUPBOX        "Default Ticket Lifetime",
+                    IDC_STATIC_KRB_DEFAULT_LIFETIME,7,7,147,39
+    GROUPBOX        "Ticket Lifetime Range",IDC_STATIC_LIFETIME_RANGE,7,47,
+                    148,97
+    GROUPBOX        "Ticket Renew Till Range",IDC_STATIC_RENEW_TILL_RANGE,
+                    155,47,152,97
+    EDITTEXT        IDC_EDIT_LIFETIME_D,21,23,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFETIME_H,59,23,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFETIME_M,97,23,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFE_MIN_D,23,77,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFE_MIN_H,59,77,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFE_MIN_M,98,77,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFE_MAX_D,23,109,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFE_MAX_H,59,109,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_LIFE_MAX_M,99,109,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    GROUPBOX        "Minimum Lifetime",IDC_STATIC_LIFE_RANGE_MIN,16,64,132,
+                    32
+    GROUPBOX        "Maximum Lifetime",IDC_STATIC,16,99,132,30
+    GROUPBOX        "Minimum Renewable Lifetime",IDC_STATIC,161,64,136,31
+    GROUPBOX        "Maximum Renewable Lifetime",IDC_STATIC,162,98,136,31
+    EDITTEXT        IDC_EDIT_RENEWTILL_D,168,23,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEWTILL_H,206,23,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEWTILL_M,244,23,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEW_MIN_D,168,77,25,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEW_MIN_H,207,77,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEW_MIN_M,245,77,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEW_MAX_D,168,109,26,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEW_MAX_H,208,109,21,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    EDITTEXT        IDC_EDIT_RENEW_MAX_M,246,109,20,14,ES_RIGHT |
+                    ES_AUTOHSCROLL | ES_NUMBER
+    LTEXT           "d",IDC_STATIC,46,80,8,8
+    LTEXT           "h",IDC_STATIC,82,79,8,8
+    LTEXT           "m",IDC_STATIC,121,80,8,8
+    LTEXT           "d",IDC_STATIC,45,112,8,8
+    LTEXT           "h",IDC_STATIC,81,112,8,8
+    LTEXT           "m",IDC_STATIC,123,112,8,8
+    LTEXT           "d",IDC_STATIC,194,80,8,8
+    LTEXT           "h",IDC_STATIC,229,80,8,8
+    LTEXT           "m",IDC_STATIC,267,80,8,8
+    LTEXT           "d",IDC_STATIC,194,112,8,8
+    LTEXT           "h",IDC_STATIC,230,112,8,8
+    LTEXT           "m",IDC_STATIC,267,112,8,8
+    LTEXT           "d",IDC_STATIC,45,26,8,8
+    LTEXT           "h",IDC_STATIC,83,26,8,8
+    LTEXT           "m",IDC_STATIC,120,26,8,8
+    GROUPBOX        "Default Ticket Renewable Lifetime",
+                    IDC_STATIC_KRB_DEFAULT_RENEWTILL,155,7,151,39
+    LTEXT           "d",IDC_STATIC,192,26,8,8
+    LTEXT           "h",IDC_STATIC,230,26,8,8
+    LTEXT           "m",IDC_STATIC,267,26,8,8
+    GROUPBOX        "Ticket Initialization Options",IDC_STATIC,7,151,300,59
+    CONTROL         "Preserve Ticket Initialization Dialog Options",
+                    IDC_CHECK_PRESERVE_KINIT_OPTIONS,"Button",
+                    BS_AUTOCHECKBOX | WS_TABSTOP,20,182,208,10
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO
+BEGIN
+    IDD_LEASH_FORMVIEW, DIALOG
+    BEGIN
+        RIGHTMARGIN, 347
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 156
+    END
+
+    IDD_LEASH_ABOUTBOX, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 303
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 139
+    END
+
+    IDD_LEASH_DEBUG_WINDOW, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 331
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 190
+    END
+
+    IDD_LEASH_MESSAGE_BOX, DIALOG
+    BEGIN
+    END
+
+    IDD_KRB_PROP_CONTENT, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 307
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 164
+    END
+
+    IDD_LEASH_FILESPECIAL, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 234
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 105
+    END
+
+    IDD_KRB5_PROP_CONTENT, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 314
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 55
+        HORZGUIDE, 48
+    END
+
+    IDD_KRB5_PROP_LOCATION, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 314
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 166
+    END
+
+    IDD_KRB_REALMHOST_MAINT, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 309
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 206
+    END
+
+    IDD_KRB_ADD_REALM, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 288
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 87
+    END
+
+    IDD_KRB_EDIT_REALM, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 288
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 87
+    END
+
+    IDD_KRB_ADD_KDC_HOSTSERVER, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 288
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 87
+    END
+
+    IDD_KRB_EDIT_KDC_HOSTSERVER, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 288
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 87
+    END
+
+    IDD_KRB_DOMAINREALM_MAINT, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 307
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 206
+    END
+
+    IDD_KRB_PROP_MISC, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 307
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 210
+    END
+END
+#endif    // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Toolbar
+//
+
+IDR_MAINFRAME TOOLBAR  18, 18
+BEGIN
+    BUTTON      ID_INIT_TICKET
+    BUTTON      ID_RENEW_TICKET
+    BUTTON      ID_DESTROY_TICKET
+    SEPARATOR
+    BUTTON      ID_CHANGE_PASSWORD
+    SEPARATOR
+    BUTTON      ID_UPDATE_DISPLAY
+    BUTTON      ID_SYN_TIME
+END
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Bitmap
+//
+
+IDR_MAINFRAME           BITMAP                  "res\\Leash_toolbar.bmp"
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// String Table
+//
+
+STRINGTABLE
+BEGIN
+    IDR_MAINFRAME           "Leash32\n\nLeash32\n\n\nLeash32.Document\nLeash32 Document"
+END
+
+STRINGTABLE
+BEGIN
+    AFX_IDS_APP_TITLE       "Leash"
+    AFX_IDS_IDLEMESSAGE     "For Help, press F1"
+    AFX_IDS_HELPMODEMESSAGE "Select an object on which to get Help"
+END
+
+STRINGTABLE
+BEGIN
+    ID_VIEW_TOOLBAR         "Show or hide the toolbar\nToggle ToolBar"
+    ID_VIEW_STATUS_BAR      "Show or hide the status bar\nToggle StatusBar"
+END
+
+STRINGTABLE
+BEGIN
+    AFX_IDS_SCSIZE          "Change the window size"
+    AFX_IDS_SCMOVE          "Change the window position"
+    AFX_IDS_SCMINIMIZE      "Reduce the window to an icon"
+    AFX_IDS_SCMAXIMIZE      "Enlarge the window to full size"
+    AFX_IDS_SCNEXTWINDOW    "Switch to the next document window"
+    AFX_IDS_SCPREVWINDOW    "Switch to the previous document window"
+    AFX_IDS_SCCLOSE         "Close the active window and prompts to save the documents"
+END
+
+STRINGTABLE
+BEGIN
+    AFX_IDS_SCRESTORE       "Restore the window to normal size"
+    AFX_IDS_SCTASKLIST      "Activate Task List"
+END
+
+STRINGTABLE
+BEGIN
+    ID_PROPERTIES           "Enables you to change settings"
+    ID_INIT_TICKET          "Obtain a new ticket\n Get Ticket"
+    ID_AUTO_RENEW           "Automatically attempt to renew tickets.\n Automatic Ticket Renewal"
+    ID_TIME_ISSUED          "Display column showing when your tickets will expire.\n Issued"
+    ID_RENEWABLE_UNTIL      "Display column showing the date and time each renewable ticket can no longer be renewed.\n Renewable Until"
+    ID_SHOW_TICKET_FLAGS    "Display column showing how your tickets were flagged when you obtained them.\n Flags"
+END
+
+STRINGTABLE
+BEGIN
+    ID_RENEW_TICKET         "Extend the tickets' valid lifetime, resetting it to the length of the original ticket, for the selected principal(s).\n Renew Tickets(s) "
+    ID_DESTROY_TICKET       "Dispose of all tickets for the selected principal(s).\n Destroy Ticket(s) "
+    ID_SYN_TIME             "Synchronize Time\n Synchronize Time  "
+    ID_CHANGE_PASSWORD      "Modify password\n Change Password "
+    ID_UPDATE_DISPLAY       "Refresh ticket tree display\n Update Display "
+    ID_DEBUG_MODE           "Show or hide the Debug window"
+    ID_CFG_FILES            "Configure dialog"
+END
+
+STRINGTABLE
+BEGIN
+    ID_KILL_TIX_ONEXIT      "Automatically dispose of tickets on exit.\n Destroy Tickets on Exit"
+    ID_LARGE_ICONS          "Show large or small tree icons"
+    ID_UPPERCASE_REALM      "Allow realm names that include lower case letters.\n Allow Mixed Case Realm Name"
+    ID_OPTIONS_RESETWINDOWSIZE
+                            "Puts Leash's main window back to its default size "
+    ID_RESET_WINDOW_SIZE    "Refresh Leash window to its default size/position"
+    ID_SYSTEM_CONTROL_PANEL "Open your System Properties window"
+    ID_OPTIONS_LOWTICKETALARMSOUND
+                            "Turn alarm off or on,  when ticket time is low"
+    ID_LOW_TICKET_ALARM     "Provide an audible alarm 15, 10, and 5 minutes before tickets expire.\n Expiration Alarm"
+END
+
+STRINGTABLE
+BEGIN
+    ID_FORGET_PRINCIPALS    "Clear the Principal history.  This only affects autocompletion in the Get Tickets and Change Password dialogs.\n Forget Principals"
+    ID_ENCRYPTION_TYPE      "Display column showing the encryption type for your tickets and session keys.\n Encryption Type"
+    ID_VALID_UNTIL          "Display column showing when your tickets will expire.\n Valid Until"
+    ID_CCACHE_NAME          "Display column showing the name of the credential cache containing this ticket.\n Cache Name"
+END
+
+STRINGTABLE
+BEGIN
+    ID_MAKE_DEFAULT         "Make the selected principal the default principal.\n Make Default"
+    ID_EXPORT_TICKET        "Export tickets to your Windows Logon Sesion.\n Export Tickets"
+END
+
+#endif    // English (United States) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+#define _AFX_NO_SPLITTER_RESOURCES
+#define _AFX_NO_OLE_RESOURCES
+#define _AFX_NO_TRACKER_RESOURCES
+#define _AFX_NO_PROPERTY_RESOURCES
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+#ifdef _WIN32
+LANGUAGE 9, 1
+#pragma code_page(1252)
+#endif
+#include "res\Leash.rc2"  // non-Microsoft Visual C++ edited resources
+#include "afxres.rc"         // Standard components
+#endif
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
+
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// UIFILE
+//
+
+#include "kfwribbon.rc"
diff --git a/krb5-1.21.3/src/windows/leash/LeashAboutBox.cpp b/krb5-1.21.3/src/windows/leash/LeashAboutBox.cpp
new file mode 100644
index 00000000..8c621c35
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashAboutBox.cpp
@@ -0,0 +1,377 @@
+//*****************************************************************************
+// File:	LeashAboutBox.cpp
+// By:		Arthur David Leather
+// Created:	12/02/98
+// Copyright:	@1998 Massachusetts Institute of Technology - All rights
+//              reserved.
+// Description:	CPP file for LeashAboutBox.h. Contains variables and functions
+//		for the Leash About Box Dialog Box
+//
+// History:
+//
+// MM/DD/YY	Inits	Description of Change
+// 12/02/98	ADL	Original
+//*****************************************************************************
+
+
+#include "stdafx.h"
+#include "leash.h"
+#include "LeashAboutBox.h"
+#include "reminder.h"
+#include "lglobals.h"
+#include "psapi.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashAboutBox dialog
+
+
+CLeashAboutBox::CLeashAboutBox(CWnd* pParent /*=NULL*/)
+	: CDialog(CLeashAboutBox::IDD, pParent)
+        , m_bListModules(FALSE)
+{
+    m_missingFileError = FALSE;
+
+    //{{AFX_DATA_INIT(CLeashAboutBox)
+    m_fileItem = _T("");
+    //}}AFX_DATA_INIT
+}
+
+
+void CLeashAboutBox::DoDataExchange(CDataExchange* pDX)
+{
+    CDialog::DoDataExchange(pDX);
+    //{{AFX_DATA_MAP(CLeashAboutBox)
+    DDX_Control(pDX, IDC_PROPERTIES, m_propertiesButton);
+    DDX_Control(pDX, IDC_LEASH_MODULES, m_radio_LeashDLLs);
+    DDX_Control(pDX, IDC_LEASH_MODULE_LB, m_LB_DLLsLoaded);
+    DDX_LBString(pDX, IDC_LEASH_MODULE_LB, m_fileItem);
+    //}}AFX_DATA_MAP
+}
+
+
+BEGIN_MESSAGE_MAP(CLeashAboutBox, CDialog)
+    //{{AFX_MSG_MAP(CLeashAboutBox)
+    ON_WM_HSCROLL()
+    ON_LBN_SELCHANGE(IDC_LEASH_MODULE_LB, OnSelchangeLeashModuleLb)
+    ON_BN_CLICKED(IDC_ALL_MODULES, OnAllModules)
+    ON_BN_CLICKED(IDC_LEASH_MODULES, OnLeashModules)
+    ON_LBN_DBLCLK(IDC_LEASH_MODULE_LB, OnDblclkLeashModuleLb)
+    ON_BN_CLICKED(IDC_PROPERTIES, OnProperties)
+    ON_LBN_SETFOCUS(IDC_LEASH_MODULE_LB, OnSetfocusLeashModuleLb)
+    ON_BN_CLICKED(IDC_NOT_LOADED_MODULES, OnNotLoadedModules)
+    //}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+;
+/////////////////////////////////////////////////////////////////////////////
+// CLeashAboutBox message handlers
+
+void CLeashAboutBox::OnHScroll(UINT nSBCode, UINT nPos, CScrollBar* pScrollBar)
+{
+    CDialog::OnHScroll(nSBCode, nPos, pScrollBar);
+}
+
+BOOL CLeashAboutBox::GetModules95(DWORD processID, BOOL allModules)
+{
+    char szModNames[1024];
+    MODULEENTRY32 me32 = {0};
+    HANDLE hProcessSnap = NULL;
+
+    hProcessSnap = pCreateToolhelp32Snapshot(TH32CS_SNAPMODULE, processID);
+    if (hProcessSnap == (HANDLE)-1)
+        return FALSE;
+
+    me32.dwSize = sizeof(MODULEENTRY32);
+    if (pModule32First(hProcessSnap, &me32))
+    {
+        do
+        {
+            lstrcpy(szModNames, me32.szExePath);
+            strupr(szModNames);
+
+            if (!allModules)
+            {
+                if (!strstr(szModNames, "SYSTEM"))
+                    m_LB_DLLsLoaded.AddString(me32.szExePath);
+            }
+            else
+                m_LB_DLLsLoaded.AddString(me32.szExePath);
+        }
+        while (pModule32Next(hProcessSnap, &me32));
+    }
+
+    return TRUE;
+}
+
+void CLeashAboutBox::GetModulesNT(DWORD processID, BOOL allModules)
+{
+    char checkName[1024];
+    HMODULE hMods[1024];
+    HANDLE hProcess;
+    DWORD cbNeeded;
+    unsigned int i;
+
+    // Get a list of all the modules in this process.
+    hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
+                           FALSE, processID);
+
+    if (pEnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
+    {
+        for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
+        {
+            char szModName[2048];
+
+            // Get the full path to the module's file.
+            if (pGetModuleFileNameEx(hProcess, hMods[i], szModName,
+                                     sizeof(szModName)))
+            {
+                lstrcpy(checkName, szModName);
+                strupr(checkName);
+
+                if (!allModules)
+                {
+                    if (!strstr(checkName, "SYSTEM32"))
+                        m_LB_DLLsLoaded.AddString(szModName);
+                }
+                else
+                    m_LB_DLLsLoaded.AddString(szModName);
+            }
+        }
+    }
+
+    CloseHandle(hProcess);
+}
+
+void CLeashAboutBox::HighlightFirstItem()
+{
+    UINT numModules = m_LB_DLLsLoaded.GetCount();
+    CHAR numModulesBuffer [25];
+    _itoa(numModules, numModulesBuffer, 10);
+
+    if (numModules)
+    {
+        m_LB_DLLsLoaded.SetCurSel(0);
+        m_propertiesButton.EnableWindow();
+    }
+    else
+        m_propertiesButton.EnableWindow(FALSE);
+
+    GetDlgItem(IDC_STATIC_NO_OF_MODULES)->SetWindowText(numModulesBuffer);
+}
+
+DWORD
+CLeashAboutBox::SetVersionInfo(
+    UINT id_version,
+    UINT id_copyright
+    )
+{
+    TCHAR filename[1024];
+    DWORD dwVersionHandle;
+    LPVOID pVersionInfo = 0;
+    DWORD retval = 0;
+    LPDWORD pLangInfo = 0;
+    LPTSTR szVersion = 0;
+    LPTSTR szCopyright = 0;
+    UINT len = 0;
+    TCHAR sname_version[] = TEXT("FileVersion");
+    TCHAR sname_copyright[] = TEXT("LegalCopyright");
+    TCHAR szVerQ[(sizeof("\\StringFileInfo\\12345678\\") +
+                  max(sizeof(sname_version) / sizeof(TCHAR),
+                      sizeof(sname_copyright) / sizeof(TCHAR)))];
+    TCHAR * cp = szVerQ;
+
+    if (!GetModuleFileName(NULL, filename, sizeof(filename)))
+        return GetLastError();
+
+    DWORD size = GetFileVersionInfoSize(filename, &dwVersionHandle);
+
+    if (!size)
+        return GetLastError();
+
+    pVersionInfo = malloc(size);
+    if (!pVersionInfo)
+        return ERROR_NOT_ENOUGH_MEMORY;
+
+    if (!GetFileVersionInfo(filename, dwVersionHandle, size, pVersionInfo))
+    {
+        retval = GetLastError();
+        goto cleanup;
+    }
+
+    if (!VerQueryValue(pVersionInfo, TEXT("\\VarFileInfo\\Translation"),
+                       (LPVOID*)&pLangInfo, &len))
+    {
+        retval = GetLastError();
+        goto cleanup;
+    }
+
+
+    cp += wsprintf(szVerQ,
+                   TEXT("\\StringFileInfo\\%04x%04x\\"),
+                   LOWORD(*pLangInfo), HIWORD(*pLangInfo));
+
+    lstrcpy(cp, sname_version);
+    if (!VerQueryValue(pVersionInfo, szVerQ, (LPVOID*)&szVersion, &len))
+    {
+        retval = GetLastError() || ERROR_NOT_ENOUGH_MEMORY;
+        goto cleanup;
+    }
+    TCHAR version[100];
+    _sntprintf(version, sizeof(version), TEXT("MIT Kerberos Version %s"), szVersion);
+    version[sizeof(version) - 1] = 0;
+    GetDlgItem(id_version)->SetWindowText(version);
+
+    lstrcpy(cp, sname_copyright);
+    if (!VerQueryValue(pVersionInfo, szVerQ, (LPVOID*)&szCopyright, &len))
+    {
+        retval = GetLastError() || ERROR_NOT_ENOUGH_MEMORY;
+        goto cleanup;
+    }
+    GetDlgItem(id_copyright)->SetWindowText(szCopyright);
+
+ cleanup:
+    if (pVersionInfo)
+        free(pVersionInfo);
+    return retval;
+}
+
+BOOL CLeashAboutBox::OnInitDialog()
+{
+    CDialog::OnInitDialog();
+
+    // XXX - we need to add some sensible behavior on error.
+    // We need to get the version info and display it...
+    SetVersionInfo(IDC_ABOUT_VERSION, IDC_ABOUT_COPYRIGHT);
+
+    if (!CLeashApp::m_hToolHelp32 && !CLeashApp::m_hPsapi)
+        m_missingFileError = TRUE;
+
+    if (m_bListModules) {
+        m_radio_LeashDLLs.SetCheck(TRUE);
+        OnLeashModules();
+
+        HighlightFirstItem();
+
+        if (!CLeashApp::m_hPsapi)
+            GetDlgItem(IDC_PROPERTIES)->EnableWindow(FALSE);
+    } else {
+        m_radio_LeashDLLs.ShowWindow(SW_HIDE);
+        GetDlgItem(IDC_NOT_LOADED_MODULES)->ShowWindow(SW_HIDE);
+        GetDlgItem(IDC_ALL_MODULES)->ShowWindow(SW_HIDE);
+        GetDlgItem(IDC_PROPERTIES)->ShowWindow(SW_HIDE);
+        GetDlgItem(IDC_STATIC_MODULES_LOADED)->ShowWindow(SW_HIDE);
+        GetDlgItem(IDC_STATIC_NO_OF_MODULES)->ShowWindow(SW_HIDE);
+        m_LB_DLLsLoaded.ShowWindow(SW_HIDE);
+        // shrink window, move 'OK' button
+        const int hideDiff = 150;
+        RECT okRect;
+        CWnd* pOK = GetDlgItem(IDOK);
+        pOK->GetWindowRect(&okRect);
+        ScreenToClient(&okRect);
+        pOK->SetWindowPos(0, okRect.left, okRect.top - hideDiff,
+                          0, 0, SWP_NOZORDER | SWP_NOSIZE);
+        RECT dlgRect;
+        GetWindowRect( &dlgRect );
+
+        SetWindowPos(0,0,0,
+                     dlgRect.right-dlgRect.left,
+                     dlgRect.bottom-dlgRect.top - hideDiff,
+                     SWP_NOZORDER|SWP_NOMOVE);
+    }
+    return TRUE;  // return TRUE unless you set the focus to a control
+    // EXCEPTION: OCX Property Pages should return FALSE
+}
+
+void CLeashAboutBox::OnSelchangeLeashModuleLb()
+{
+}
+
+void CLeashAboutBox::OnAllModules()
+{
+    if (!CLeashApp::m_hToolHelp32 && !CLeashApp::m_hPsapi)
+        return; //error
+
+    m_LB_DLLsLoaded.ResetContent();
+
+    if (!CLeashApp::m_hPsapi)
+        GetModules95(GetCurrentProcessId());
+    //m_LB_DLLsLoaded.AddString("Doesn't work in Windows 95");
+    else
+        GetModulesNT(GetCurrentProcessId());
+
+    HighlightFirstItem();
+}
+
+void CLeashAboutBox::OnLeashModules()
+{
+    if (!CLeashApp::m_hToolHelp32 && !CLeashApp::m_hPsapi)
+        return; // error
+
+    m_LB_DLLsLoaded.ResetContent();
+
+    if (!CLeashApp::m_hPsapi)
+        GetModules95(GetCurrentProcessId(), FALSE);
+    //m_LB_DLLsLoaded.AddString("Doesn't work in Windows 95");
+    else
+        GetModulesNT(GetCurrentProcessId(), FALSE);
+
+    HighlightFirstItem();
+}
+
+void CLeashAboutBox::OnNotLoadedModules()
+{
+    m_LB_DLLsLoaded.ResetContent();
+
+    if (!CLeashApp::m_hKrb5DLL)
+        m_LB_DLLsLoaded.AddString(KERB5DLL);
+
+    HighlightFirstItem();
+}
+
+void CLeashAboutBox::OnDblclkLeashModuleLb()
+{
+    m_LB_DLLsLoaded.GetText(m_LB_DLLsLoaded.GetCurSel(), m_fileItem);
+
+    SHELLEXECUTEINFO sei;
+    ZeroMemory(&sei,sizeof(sei));
+    sei.cbSize = sizeof(sei);
+    sei.lpFile = m_fileItem;
+    sei.lpVerb = "properties";
+    sei.fMask  = SEE_MASK_INVOKEIDLIST;
+
+    if (!ShellExecuteEx(&sei))
+    {
+        MessageBox("Can't find selected file or Properties dialog", "Error",
+                   MB_OK);
+    }
+}
+
+void CLeashAboutBox::OnProperties()
+{
+    OnDblclkLeashModuleLb();
+}
+
+void CLeashAboutBox::OnSetfocusLeashModuleLb()
+{
+    if (m_LB_DLLsLoaded.GetCount())
+        m_propertiesButton.EnableWindow(TRUE);
+}
+
+BOOL CLeashAboutBox::PreTranslateMessage(MSG* pMsg)
+{
+    if (m_missingFileError)
+    {
+        ::MessageBox(NULL, "OnInitDialog::We can't find file\"PSAPI.DLL\" "
+                     "or \"KERNEL32.DLL\"!!!\n"
+                     "About Box will not work properly.",
+                     "Error", MB_OK);
+
+        m_missingFileError = FALSE;
+    }
+    return CDialog::PreTranslateMessage(pMsg);
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashAboutBox.h b/krb5-1.21.3/src/windows/leash/LeashAboutBox.h
new file mode 100644
index 00000000..c6dbfc17
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashAboutBox.h
@@ -0,0 +1,82 @@
+//*****************************************************************************
+// File:	LeashAboutBox.cpp
+// By:		Arthur David Leather
+// Created:	12/02/98
+// Copyright:	@1998 Massachusetts Institute of Technology - All rights
+//              reserved.
+// Description:	H file for LeashAboutBox.cpp. Contains variables and functions
+//		for the Leash About Box Dialog Box
+//
+// History:
+//
+// MM/DD/YY	Inits	Description of Change
+// 12/02/98	ADL	Original
+//*****************************************************************************
+
+
+#if !defined(AFX_LEASHABOUTBOX_H__B49E3501_4801_11D2_8F7D_0000861B8A3C__INCLUDED_)
+#define AFX_LEASHABOUTBOX_H__B49E3501_4801_11D2_8F7D_0000861B8A3C__INCLUDED_
+
+#if _MSC_VER > 1000
+#pragma once
+#endif // _MSC_VER > 1000
+// LeashAboutBox.h : header file
+//
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashAboutBox dialog
+
+class CLeashAboutBox : public CDialog
+{
+    BOOL m_missingFileError;
+    DWORD SetVersionInfo(UINT id_ver, UINT id_copyright);
+    BOOL GetModules95(DWORD processID, BOOL allModules = TRUE);
+    void GetModulesNT(DWORD processID, BOOL allModules = TRUE);
+    void HighlightFirstItem();
+
+// Construction
+public:
+    CLeashAboutBox(CWnd* pParent = NULL);   // standard constructor
+
+// Dialog Data
+    //{{AFX_DATA(CLeashAboutBox)
+    enum { IDD = IDD_LEASH_ABOUTBOX };
+    CButton	m_propertiesButton;
+    CButton	m_radio_LeashDLLs;
+    CListBox	m_LB_DLLsLoaded;
+    CString	m_fileItem;
+    BOOL        m_bListModules;
+    //}}AFX_DATA
+
+
+// Overrides
+    // ClassWizard generated virtual function overrides
+    //{{AFX_VIRTUAL(CLeashAboutBox)
+public:
+    virtual BOOL PreTranslateMessage(MSG* pMsg);
+protected:
+    virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
+    //}}AFX_VIRTUAL
+
+// Implementation
+protected:
+
+    // Generated message map functions
+    //{{AFX_MSG(CLeashAboutBox)
+    afx_msg void OnHScroll(UINT nSBCode, UINT nPos, CScrollBar* pScrollBar);
+    virtual BOOL OnInitDialog();
+    afx_msg void OnSelchangeLeashModuleLb();
+    afx_msg void OnAllModules();
+    afx_msg void OnLeashModules();
+    afx_msg void OnDblclkLeashModuleLb();
+    afx_msg void OnProperties();
+    afx_msg void OnSetfocusLeashModuleLb();
+    afx_msg void OnNotLoadedModules();
+    //}}AFX_MSG
+    DECLARE_MESSAGE_MAP()
+};
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_LEASHABOUTBOX_H__B49E3501_4801_11D2_8F7D_0000861B8A3C__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/LeashDebugWindow.cpp b/krb5-1.21.3/src/windows/leash/LeashDebugWindow.cpp
new file mode 100644
index 00000000..e8c4553e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashDebugWindow.cpp
@@ -0,0 +1,187 @@
+//	**************************************************************************************
+//	File:			LeashDebugWindow.cpp
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:	CPP file for LeashDebugWindow.h. Contains variables and functions
+//					for the Leash Debug Window
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+
+#include "stdafx.h"
+#include "leash.h"
+#include "LeashDebugWindow.h"
+#include "lglobals.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashDebugWindow dialog
+
+
+CLeashDebugWindow::CLeashDebugWindow(CWnd* pParent /*=NULL*/)
+	: CDialog(CLeashDebugWindow::IDD, pParent)
+{
+	//{{AFX_DATA_INIT(CLeashDebugWindow)
+	//}}AFX_DATA_INIT
+
+	m_pView = NULL;
+}
+
+CLeashDebugWindow::CLeashDebugWindow(CFormView* pView)
+{
+	m_pView = pView;
+}
+
+void CLeashDebugWindow::DoDataExchange(CDataExchange* pDX)
+{
+	CDialog::DoDataExchange(pDX);
+	//{{AFX_DATA_MAP(CLeashDebugWindow)
+	DDX_Control(pDX, IDC_DEBUG_LISTBOX, m_debugListBox);
+	DDX_Control(pDX, IDC_LOG_FILE_LOCATION_TEXT, m_debugFile);
+	//}}AFX_DATA_MAP
+}
+
+
+BEGIN_MESSAGE_MAP(CLeashDebugWindow, CDialog)
+	//{{AFX_MSG_MAP(CLeashDebugWindow)
+	ON_WM_SHOWWINDOW()
+	ON_BN_CLICKED(IDC_COPY_TO_CLIPBOARD, OnCopyToClipboard)
+	ON_WM_DESTROY()
+	ON_WM_CLOSE()
+	//}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashDebugWindow message handlers
+
+
+BOOL CLeashDebugWindow::Create(const LPCSTR debugFilePath)
+{
+	m_debugFilePath = debugFilePath;
+	return CDialog::Create(CLeashDebugWindow::IDD);
+}
+
+
+void CLeashDebugWindow::OnCancel()
+{
+	if (m_pView != NULL)
+	{
+		CWinApp* pApp;
+		pApp = AfxGetApp();
+		pApp->WriteProfileInt("Settings", "DebugWindow", FALSE_FLAG);
+		m_pView->PostMessage(WM_GOODBYE, IDCANCEL);	// modeless case
+////        pset_krb_debug(OFF);
+////	    pset_krb_ap_req_debug(OFF);
+    }
+	else
+	{
+		CDialog::OnCancel(); // modal case
+	}
+}
+
+void CLeashDebugWindow::OnOK()
+{
+	if (m_pView != NULL)
+	{
+		// modeless case
+		UpdateData(TRUE);
+		m_pView->PostMessage(WM_GOODBYE, IDOK);
+	}
+	else
+	{
+		CDialog::OnOK(); // modal case
+	}
+}
+
+BOOL CLeashDebugWindow::OnInitDialog()
+{
+	CDialog::OnInitDialog();
+
+	// Set Debug flags
+////	pset_krb_debug(ON); //(int)m_debugListBox.GetSafeHwnd()
+////    pset_krb_ap_req_debug(ON);
+
+	if (*m_debugFilePath != 0)
+	  SetDlgItemText(IDC_LOG_FILE_LOCATION_TEXT, m_debugFilePath);
+    else
+	  SetDlgItemText(IDC_LOG_FILE_LOCATION_TEXT, "Not Available");
+
+	if (!m_debugListBox.GetCount())
+	  GetDlgItem(IDC_COPY_TO_CLIPBOARD)->EnableWindow(FALSE);
+
+	m_CopyButton = FALSE;
+
+	return TRUE;  // return TRUE unless you set the focus to a control
+	              // EXCEPTION: OCX Property Pages should return FALSE
+}
+
+void CLeashDebugWindow::OnShowWindow(BOOL bShow, UINT nStatus)
+{
+	CDialog::OnShowWindow(bShow, nStatus);
+}
+
+void CLeashDebugWindow::OnCopyToClipboard()
+{
+    if (!OpenClipboard())
+	{
+        MessageBox("Unable to open Clipboard!", "Error", MB_OK);
+		return;
+	}
+
+	EmptyClipboard();
+
+    int maxItems = m_debugListBox.GetCount();
+	const int MAX_MEM = maxItems * 90; // 90 chars per line seems safe like a safe bet
+
+	HGLOBAL hDebugText = GlobalAlloc(GMEM_DDESHARE | GMEM_MOVEABLE, MAX_MEM);
+    if (NULL != hDebugText)
+    {
+		CString listboxItem;
+		LPSTR pDebugText = (LPSTR) GlobalLock(hDebugText);
+		if (!pDebugText)
+		{
+		    MessageBox("Unable to write to Clipboard!", "Error", MB_OK);
+			ASSERT(pDebugText);
+			return;
+		}
+
+		*pDebugText = 0;
+		for (int xItem = 0; xItem < maxItems; xItem++)
+		{
+			m_debugListBox.GetText(xItem, listboxItem);
+			strcat(pDebugText, listboxItem);
+			strcat(pDebugText, "\r\n");
+		}
+
+		GlobalUnlock(hDebugText);
+    }
+
+    if (NULL != hDebugText)
+        SetClipboardData(CF_TEXT, hDebugText);
+
+	CloseClipboard();
+	MessageBox("Copy to Clipboard was Successful!\r\n Paste it in your favorite editor.",
+                "Note", MB_OK);
+}
+
+BOOL CLeashDebugWindow::PreTranslateMessage(MSG* pMsg)
+{
+	if (!m_CopyButton && m_debugListBox.GetCount())
+	{
+		m_CopyButton = TRUE;
+		GetDlgItem(IDC_COPY_TO_CLIPBOARD)->EnableWindow(TRUE);
+	}
+
+	return CDialog::PreTranslateMessage(pMsg);
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashDebugWindow.h b/krb5-1.21.3/src/windows/leash/LeashDebugWindow.h
new file mode 100644
index 00000000..49893702
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashDebugWindow.h
@@ -0,0 +1,78 @@
+//	**************************************************************************************
+//	File:			LeashDebugWindow.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:	H file for LeashDebugWindow.cpp. Contains variables and functions
+//					for the Leash Debug Window
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#if !defined(AFX_LEASHDEBUGWINDOW_H__DB6F7EE8_570E_11D2_9460_0000861B8A3C__INCLUDED_)
+#define AFX_LEASHDEBUGWINDOW_H__DB6F7EE8_570E_11D2_9460_0000861B8A3C__INCLUDED_
+
+#if _MSC_VER > 1000
+#pragma once
+#endif // _MSC_VER > 1000
+// LeashDebugWindow.h
+//
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashDebugWindow dialog
+
+#define WM_GOODBYE WM_USER + 5
+
+class CLeashDebugWindow : public CDialog
+{
+private:
+	BOOL m_CopyButton;
+	CFormView* m_pView;
+	CString m_debugFilePath;
+
+// Construction
+public:
+	CLeashDebugWindow(CWnd* pParent = NULL);
+	CLeashDebugWindow(CFormView* pView);
+	BOOL Create(const LPCSTR debugFilePath);
+
+
+// Dialog Data
+	//{{AFX_DATA(CLeashDebugWindow)
+	enum { IDD = IDD_LEASH_DEBUG_WINDOW };
+	CStatic	m_debugFile;
+	CListBox	m_debugListBox;
+	//}}AFX_DATA
+
+
+// Overrides
+	// ClassWizard generated virtual function overrides
+	//{{AFX_VIRTUAL(CLeashDebugWindow)
+	public:
+	virtual BOOL PreTranslateMessage(MSG* pMsg);
+	protected:
+	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
+	//}}AFX_VIRTUAL
+
+// Implementation
+protected:
+
+	// Generated message map functions
+	//{{AFX_MSG(CLeashDebugWindow)
+	virtual void OnCancel();
+	virtual void OnOK();
+	afx_msg void OnShowWindow(BOOL bShow, UINT nStatus);
+	afx_msg void OnCopyToClipboard();
+	virtual BOOL OnInitDialog();
+	//}}AFX_MSG
+	DECLARE_MESSAGE_MAP()
+};
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_LEASHDEBUGWINDOW_H__DB6F7EE8_570E_11D2_9460_0000861B8A3C__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/LeashDoc.cpp b/krb5-1.21.3/src/windows/leash/LeashDoc.cpp
new file mode 100644
index 00000000..af4a9b8f
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashDoc.cpp
@@ -0,0 +1,94 @@
+//	**************************************************************************************
+//	File:			LeashDoc.cpp
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:    CPP file for LeashDoc.h. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#include "stdafx.h"
+#include "Leash.h"
+
+#include "LeashDoc.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+// LeashDoc
+
+IMPLEMENT_DYNCREATE(LeashDoc, CDocument)
+
+BEGIN_MESSAGE_MAP(LeashDoc, CDocument)
+	//{{AFX_MSG_MAP(LeashDoc)
+	//}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// LeashDoc construction/destruction
+
+LeashDoc::LeashDoc()
+{
+	// TODO: add one-time construction code here
+
+}
+
+LeashDoc::~LeashDoc()
+{
+}
+
+BOOL LeashDoc::OnNewDocument()
+{
+	if (!CDocument::OnNewDocument())
+		return FALSE;
+
+	// TODO: add reinitialization code here
+	// (SDI documents will reuse this document)
+
+	return TRUE;
+}
+
+
+
+/////////////////////////////////////////////////////////////////////////////
+// LeashDoc serialization
+
+void LeashDoc::Serialize(CArchive& ar)
+{
+	if (ar.IsStoring())
+	{
+		// TODO: add storing code here
+	}
+	else
+	{
+		// TODO: add loading code here
+	}
+}
+
+/////////////////////////////////////////////////////////////////////////////
+// LeashDoc diagnostics
+
+#ifdef _DEBUG
+void LeashDoc::AssertValid() const
+{
+	CDocument::AssertValid();
+}
+
+void LeashDoc::Dump(CDumpContext& dc) const
+{
+	CDocument::Dump(dc);
+}
+#endif //_DEBUG
+
+/////////////////////////////////////////////////////////////////////////////
+// LeashDoc commands
diff --git a/krb5-1.21.3/src/windows/leash/LeashDoc.h b/krb5-1.21.3/src/windows/leash/LeashDoc.h
new file mode 100644
index 00000000..33b2fd97
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashDoc.h
@@ -0,0 +1,66 @@
+//	**************************************************************************************
+//	File:			LeashDoc.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:    H file for LeashDoc.cpp. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#if !defined(AFX_LeashDOC_H__6F45AD97_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
+#define AFX_LeashDOC_H__6F45AD97_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_
+
+#if _MSC_VER >= 1000
+#pragma once
+#endif // _MSC_VER >= 1000
+
+
+class LeashDoc : public CDocument
+{
+protected: // create from serialization only
+	LeashDoc();
+	DECLARE_DYNCREATE(LeashDoc)
+
+// Attributes
+public:
+
+// Operations
+public:
+
+// Overrides
+	// ClassWizard generated virtual function overrides
+	//{{AFX_VIRTUAL(LeashDoc)
+	public:
+	virtual BOOL OnNewDocument();
+	virtual void Serialize(CArchive& ar);
+	//}}AFX_VIRTUAL
+
+// Implementation
+public:
+	virtual ~LeashDoc();
+#ifdef _DEBUG
+	virtual void AssertValid() const;
+	virtual void Dump(CDumpContext& dc) const;
+#endif
+
+protected:
+
+// Generated message map functions
+protected:
+	//{{AFX_MSG(LeashDoc)
+	//}}AFX_MSG
+	DECLARE_MESSAGE_MAP()
+};
+
+/////////////////////////////////////////////////////////////////////////////
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Developer Studio will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_LeashDOC_H__6F45AD97_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/LeashFrame.cpp b/krb5-1.21.3/src/windows/leash/LeashFrame.cpp
new file mode 100644
index 00000000..22478330
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashFrame.cpp
@@ -0,0 +1,118 @@
+//	**************************************************************************************
+//	File:			LeashFrame.cpp
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:	CPP file for LeashFrame.h. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#include "stdafx.h"
+#include "LeashFrame.h"
+
+#ifdef _DEBUG
+#undef THIS_FILE
+static char BASED_CODE THIS_FILE[] = __FILE__;
+#endif
+///////////////////////////////////////////////////////////////
+// CLeashFrame
+
+const CRect CLeashFrame::s_rectDefault(0, 0, 740, 400);  // static public (l,t,r,b)
+const char CLeashFrame::s_profileHeading[] = "Window size";
+const char CLeashFrame::s_profileRect[] = "Rect";
+const char CLeashFrame::s_profileIcon[] = "icon";
+const char CLeashFrame::s_profileMax[] = "max";
+const char CLeashFrame::s_profileTool[] = "tool";
+const char CLeashFrame::s_profileStatus[] = "status";
+
+IMPLEMENT_DYNAMIC(CLeashFrame, CFrameWndEx)
+
+BEGIN_MESSAGE_MAP(CLeashFrame, CFrameWndEx)
+	//{{AFX_MSG_MAP(CLeashFrame)
+	ON_WM_DESTROY()
+	//}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+
+///////////////////////////////////////////////////////////////
+CLeashFrame::CLeashFrame()
+{
+    m_bFirstTime = TRUE;
+}
+
+///////////////////////////////////////////////////////////////
+CLeashFrame::~CLeashFrame()
+{
+}
+
+///////////////////////////////////////////////////////////////
+void CLeashFrame::OnDestroy()
+{
+	CString strText;
+	BOOL bIconic, bMaximized;
+
+	WINDOWPLACEMENT wndpl;
+	wndpl.length = sizeof(WINDOWPLACEMENT);
+	// gets current window position and
+	//  iconized/maximized status
+	BOOL bRet = GetWindowPlacement(&wndpl);
+	if (wndpl.showCmd == SW_SHOWNORMAL)
+	{
+		bIconic = FALSE;
+		bMaximized = FALSE;
+	}
+	else if (wndpl.showCmd == SW_SHOWMAXIMIZED)
+	{
+		bIconic = FALSE;
+		bMaximized = TRUE;
+	}
+	else if (wndpl.showCmd == SW_SHOWMINIMIZED)
+	{
+		bIconic = TRUE;
+		if (wndpl.flags)
+		{
+			bMaximized = TRUE;
+		}
+		else
+		{
+			bMaximized = FALSE;
+		}
+	}
+
+	strText.Format("%04d %04d %04d %04d",
+	               wndpl.rcNormalPosition.left,
+	               wndpl.rcNormalPosition.top,
+	               wndpl.rcNormalPosition.right,
+	               wndpl.rcNormalPosition.bottom);
+
+	AfxGetApp()->WriteProfileString(s_profileHeading,
+	                                s_profileRect, strText);
+
+	AfxGetApp()->WriteProfileInt(s_profileHeading,
+	                             s_profileIcon, bIconic);
+
+	AfxGetApp()->WriteProfileInt(s_profileHeading,
+	                             s_profileMax, bMaximized);
+
+	SaveBarState(AfxGetApp()->m_pszProfileName);
+
+	CFrameWndEx::OnDestroy();
+}
+
+///////////////////////////////////////////////////////////////
+void CLeashFrame::ActivateFrame(int nCmdShow)
+{
+
+    if (m_bFirstTime)
+	{
+		m_bFirstTime = FALSE;
+
+    }
+
+	CFrameWndEx::ActivateFrame(nCmdShow);
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashFrame.h b/krb5-1.21.3/src/windows/leash/LeashFrame.h
new file mode 100644
index 00000000..9e17587a
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashFrame.h
@@ -0,0 +1,50 @@
+//	**************************************************************************************
+//	File:			LeashFrame.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:	H file for LeashFrame.cpp. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#ifndef _LEASH_PERSISTENT_FRAME
+#define _LEASH_PERSISTENT_FRAME
+
+class CLeashFrame : public CFrameWndEx
+{ // remembers where it was on the desktop
+	DECLARE_DYNAMIC(CLeashFrame)
+    static const CRect s_rectDefault;
+	static const char s_profileHeading[];
+	static const char s_profileRect[];
+	static const char s_profileIcon[];
+	static const char s_profileMax[];
+	static const char s_profileTool[];
+	static const char s_profileStatus[];
+
+  private:
+	BOOL m_bFirstTime;
+
+  protected: // Create from serialization only
+	CLeashFrame();
+	~CLeashFrame();
+
+	//{{AFX_VIRTUAL(CLeashFrame)
+	public:
+	virtual void ActivateFrame(int nCmdShow = -1);
+	protected:
+	//}}AFX_VIRTUAL
+
+	//{{AFX_MSG(CLeashFrame)
+	afx_msg void OnDestroy();
+	//}}AFX_MSG
+
+	DECLARE_MESSAGE_MAP()
+};
+
+#endif // _LEASH_PERSISTENT_FRAME
diff --git a/krb5-1.21.3/src/windows/leash/LeashMessageBox.cpp b/krb5-1.21.3/src/windows/leash/LeashMessageBox.cpp
new file mode 100644
index 00000000..fd96bc82
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashMessageBox.cpp
@@ -0,0 +1,83 @@
+//	**************************************************************************************
+//	File:			LeashMessageBox.cpp
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:    CPP file for LeashMessageBox.h. Contains variables and functions
+//					for the Leash Special Message Dialog Box
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+
+#include "stdafx.h"
+#include "leash.h"
+#include "LeashMessageBox.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+DWORD CLeashMessageBox ::m_dwTime;
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashMessageBox dialog
+
+CLeashMessageBox::CLeashMessageBox(CWnd* pParent, const CString msgText, DWORD dwTime)
+	: CDialog(CLeashMessageBox::IDD, pParent)
+{
+	m_dwTime = dwTime;
+
+	//{{AFX_DATA_INIT(CLeashMessageBox)
+	m_messageText = _T(msgText);
+	//}}AFX_DATA_INIT
+}
+
+CLeashMessageBox::~CLeashMessageBox()
+{
+}
+
+void CLeashMessageBox::DoDataExchange(CDataExchange* pDX)
+{
+	CDialog::DoDataExchange(pDX);
+	//{{AFX_DATA_MAP(CLeashMessageBox)
+	DDX_Text(pDX, IDC_LEASH_WARNING_MSG, m_messageText);
+	//}}AFX_DATA_MAP
+}
+
+
+BEGIN_MESSAGE_MAP(CLeashMessageBox, CDialog)
+	//{{AFX_MSG_MAP(CLeashMessageBox)
+	ON_WM_DESTROY()
+	//}}AFX_MSG_MAP
+END_MESSAGE_MAP()
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashMessageBox message handlers
+
+void CALLBACK CLeashMessageBox::MessageBoxTimer(HWND hwnd, UINT uiMsg, UINT_PTR idEvent, DWORD dwTime)
+{
+	::KillTimer(hwnd, 2);
+	::SendMessage(hwnd, WM_CLOSE, 0, 0);
+}
+
+void CLeashMessageBox::OnOK()
+{
+	KillTimer(2);
+    SendMessage(WM_CLOSE, 0, 0);
+}
+
+BOOL CLeashMessageBox::OnInitDialog()
+{
+	CDialog::OnInitDialog();
+	UINT_PTR idTimer = SetTimer(2, m_dwTime, &MessageBoxTimer);
+
+	return TRUE;  // return TRUE unless you set the focus to a control
+	              // EXCEPTION: OCX Property Pages should return FALSE
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashMessageBox.h b/krb5-1.21.3/src/windows/leash/LeashMessageBox.h
new file mode 100644
index 00000000..93174059
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashMessageBox.h
@@ -0,0 +1,70 @@
+//	**************************************************************************************
+//	File:			LeashMessageBox.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:    H file for LeashMessageBox.cpp. Contains variables and functions
+//					for the Leash Special Message Dialog Box
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#if !defined(AFX_LEASHMESSAGEBOX_H__865865B6_56F6_11D2_945F_0000861B8A3C__INCLUDED_)
+#define AFX_LEASHMESSAGEBOX_H__865865B6_56F6_11D2_945F_0000861B8A3C__INCLUDED_
+
+#if _MSC_VER > 1000
+#pragma once
+#endif // _MSC_VER > 1000
+// LeashMessageBox.h : header file
+//
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashMessageBox dialog
+
+#include "windows.h"
+
+class CLeashMessageBox : public CDialog
+{
+private:
+	static DWORD m_dwTime;
+	static void CALLBACK MessageBoxTimer(HWND hwnd, UINT uiMsg, UINT_PTR idEvent, DWORD dwTime);
+
+	// Construction
+public:
+	CLeashMessageBox(CWnd* pParent = NULL,            const CString msgText = "Place your message here!!!",
+					 DWORD dwTime = 0);
+	~CLeashMessageBox();
+
+// Dialog Data
+	//{{AFX_DATA(CLeashMessageBox)
+	enum { IDD = IDD_MESSAGE_BOX };
+	CString	m_messageText;
+	//}}AFX_DATA
+
+
+// Overrides
+	// ClassWizard generated virtual function overrides
+	//{{AFX_VIRTUAL(CLeashMessageBox)
+	protected:
+	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
+	//}}AFX_VIRTUAL
+
+// Implementation
+protected:
+
+	// Generated message map functions
+	//{{AFX_MSG(CLeashMessageBox)
+	virtual BOOL OnInitDialog();
+	virtual void OnOK();
+	//}}AFX_MSG
+	DECLARE_MESSAGE_MAP()
+};
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Visual C++ will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_LEASHMESSAGEBOX_H__865865B6_56F6_11D2_945F_0000861B8A3C__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/LeashUIApplication.cpp b/krb5-1.21.3/src/windows/leash/LeashUIApplication.cpp
new file mode 100644
index 00000000..e9f539b5
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashUIApplication.cpp
@@ -0,0 +1,291 @@
+// -*- mode: c++; c-basic-offset: 4; indent-tabs-mode: nil -*-
+// leash/LeashUIApplication.cpp - Implement IUIApplication for leash
+//
+// Copyright (C) 2014 by the Massachusetts Institute of Technology.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+// * Redistributions of source code must retain the above copyright
+//   notice, this list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright
+//   notice, this list of conditions and the following disclaimer in
+//   the documentation and/or other materials provided with the
+//   distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Implementation of the LeashUIApplication class.  In addition
+// to the minimum requirements for the IUIApplication interface,
+// it also saves and loads the ribbon state across application
+// sessions, and initiates a redraw of the parent window when
+// the ribbon size changes.
+
+#include <UIRibbon.h>
+#include <UIRibbonPropertyHelpers.h>
+#include "kfwribbon.h"
+#include "LeashUIApplication.h"
+#include "LeashUICommandHandler.h"
+
+HWND LeashUIApplication::mainwin;
+
+// The input hwnd is the window to which to bind the ribbon, i.e.,
+// the Leash CMainFrame.
+HRESULT
+LeashUIApplication::CreateInstance(IUIApplication **out, HWND hwnd)
+{
+    LeashUIApplication *app = NULL;
+    LeashUICommandHandler *handler;
+    HRESULT ret;
+
+    if (out == NULL)
+        return E_POINTER;
+    *out = NULL;
+
+    app = new LeashUIApplication();
+    ret = LeashUICommandHandler::CreateInstance(&app->commandHandler, hwnd);
+    if (FAILED(ret))
+        goto out;
+    ret = app->InitializeRibbon(hwnd);
+    if (FAILED(ret))
+        goto out;
+    mainwin = hwnd;
+    // Only the Leash-specific handler type has the back-pointer.
+    handler = static_cast<LeashUICommandHandler *>(app->commandHandler);
+    handler->app = app;
+    *out = static_cast<IUIApplication *>(app);
+    app = NULL;
+    ret = S_OK;
+
+out:
+    if (app != NULL)
+        app->Release();
+    return ret;
+}
+
+// Create a ribbon framework and ribbon for the LeashUIApplication.
+// CoInitializeEx() is required to be called before calling any COM
+// functions.  AfxOleInit(), called from CLeashApp::InitInstance(),
+// makes that call, but it is only scoped to the calling thread,
+// and the LeashUIApplication is created from CMainFrame, which is
+// the frame for the MFC document template.  It is unclear if the
+// Leash main thread will be the same thread which runs the frame
+// from the document template, so call CoInitializeEx() ourselves
+// just in case.  It is safe to call multiple times (it will return
+// S_FALSE on subsequent calls).
+HRESULT
+LeashUIApplication::InitializeRibbon(HWND hwnd)
+{
+    HRESULT ret;
+
+    if (hwnd == NULL)
+        return -1;
+    ret = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
+    if (FAILED(ret))
+        return ret;
+    ret = CoCreateInstance(CLSID_UIRibbonFramework, NULL,
+                           CLSCTX_INPROC_SERVER,
+                           IID_PPV_ARGS(&ribbonFramework));
+    if (FAILED(ret))
+        return ret;
+    ret = ribbonFramework->Initialize(hwnd, this);
+    if (FAILED(ret))
+        return ret;
+    ret = ribbonFramework->LoadUI(GetModuleHandle(NULL),
+                                  L"KFW_RIBBON_RIBBON");
+    if (FAILED(ret))
+        return ret;
+    return S_OK;
+}
+
+// Import ribbon state (minimization state and Quick Access Toolbar
+// customizations) from a serialized stream stored in the registry.
+// In particular, the serialized state does not include the state
+// of checkboxes and other ribbon controls.
+//
+// This functionality is not very important, since we do not offer
+// much in the way of QAT customization.  Paired with SaveRibbonState().
+HRESULT
+LeashUIApplication::LoadRibbonState(IUIRibbon *ribbon)
+{
+    HRESULT ret;
+    IStream *s;
+
+    s = SHOpenRegStream2(HKEY_CURRENT_USER, "Software\\MIT\\Kerberos5",
+                         "RibbonState", STGM_READ);
+    if (s == NULL)
+        return E_FAIL;
+    ret = ribbon->LoadSettingsFromStream(s);
+    s->Release();
+    return ret;
+}
+
+// Serialize the ribbon state (minimization state and Quick Access Toolbar
+// customizations) to the registry.  Paired with LoadRibbonState().
+HRESULT
+LeashUIApplication::SaveRibbonState()
+{
+    HRESULT ret;
+    IStream *s = NULL;
+    IUIRibbon *ribbon = NULL;
+
+    // No ribbon means no state to save.
+    if (ribbonFramework == NULL)
+        return S_OK;
+    // ViewID of 0 is the ribbon itself.
+    ret = ribbonFramework->GetView(0, IID_PPV_ARGS(&ribbon));
+    if (FAILED(ret))
+        return ret;
+
+    s = SHOpenRegStream2(HKEY_CURRENT_USER, "Software\\MIT\\Kerberos5",
+                         "RibbonState", STGM_WRITE);
+    if (s == NULL) {
+        ret = E_FAIL;
+        goto out;
+    }
+    ret = ribbon->SaveSettingsToStream(s);
+
+out:
+    if (s != NULL)
+        s->Release();
+    if (ribbon != NULL)
+        ribbon->Release();
+    return ret;
+}
+
+UINT
+LeashUIApplication::GetRibbonHeight()
+{
+    return ribbonHeight;
+}
+
+ULONG
+LeashUIApplication::AddRef()
+{
+    return InterlockedIncrement(&refcnt);
+}
+
+ULONG
+LeashUIApplication::Release()
+{
+    LONG tmp;
+
+    tmp = InterlockedDecrement(&refcnt);
+    if (tmp == 0) {
+        if (commandHandler != NULL)
+            commandHandler->Release();
+        if (ribbonFramework != NULL)
+            ribbonFramework->Release();
+        delete this;
+    }
+    return tmp;
+}
+
+HRESULT
+LeashUIApplication::QueryInterface(REFIID iid, void **ppv)
+{
+    if (ppv == NULL)
+        return E_POINTER;
+
+    if (iid == __uuidof(IUnknown)) {
+        *ppv = static_cast<IUnknown*>(this);
+    } else if (iid == __uuidof(IUIApplication)) {
+        *ppv = static_cast<IUIApplication*>(this);
+    } else {
+        *ppv = NULL;
+        return E_NOINTERFACE;
+    }
+
+    AddRef();
+    return S_OK;
+}
+
+// This is called by the ribbon framework on events which change the (ribbon)
+// view, such as creation and resizing.  (There may be other non-ribbon views
+// in the future, but for now, the ribbon is the only one.)  With the hybrid
+// COM/MFC setup used by Leash, the destroy event is not always received,
+// since the main thread is in the MFC half, and that thread gets the
+// WM_DESTROY message from the system; the MFC code does not know that it
+// needs to cleanly destroy the IUIFramework.
+HRESULT
+LeashUIApplication::OnViewChanged(UINT32 viewId, UI_VIEWTYPE typeID,
+                                  IUnknown *view, UI_VIEWVERB verb,
+                                  INT32 uReasonCode)
+{
+    IUIRibbon *ribbon;
+    HRESULT ret;
+
+    // A viewId means "the ribbon".
+    if (viewId != 0 || typeID != UI_VIEWTYPE_RIBBON)
+        return E_NOTIMPL;
+
+    switch(verb) {
+        case UI_VIEWVERB_DESTROY:
+            return SaveRibbonState();
+        case UI_VIEWVERB_CREATE:
+            ret = view->QueryInterface(IID_PPV_ARGS(&ribbon));
+            if (FAILED(ret))
+                return ret;
+            ret = LoadRibbonState(ribbon);
+            ribbon->Release();
+            if (FAILED(ret))
+                return ret;
+            // FALLTHROUGH
+        case UI_VIEWVERB_SIZE:
+            ret = view->QueryInterface(IID_PPV_ARGS(&ribbon));
+            if (FAILED(ret))
+                return ret;
+            ret = ribbon->GetHeight(&ribbonHeight);
+            ribbon->Release();
+            if (FAILED(ret))
+                return ret;
+            // Tell the main frame to recalculate its layout and redraw.
+            SendMessage(mainwin, WM_RIBBON_RESIZE, 0, NULL);
+            return S_OK;
+        case UI_VIEWVERB_ERROR:
+            // FALLTHROUGH
+        default:
+            return E_NOTIMPL;
+    }
+}
+
+// Provide a command handler to which the command with ID commandId will
+// be bound.  All of our commands get the same handler.
+//
+// The typeID argument is just an enum which classifies what type of
+// command this is, grouping types of buttons together, collections,
+// etc.  Since we only have one command handler, it can safely be ignored.
+HRESULT
+LeashUIApplication::OnCreateUICommand(UINT32 commandId, UI_COMMANDTYPE typeID,
+                                      IUICommandHandler **commandHandler)
+{
+    return this->commandHandler->QueryInterface(IID_PPV_ARGS(commandHandler));
+}
+
+// It looks like this is called by the framework when the window with the
+// ribbon is going away, to give the application a chance to free any
+// application-specific resources (not from the framework) that were bound
+// to a command in OnCreateUICommand.
+//
+// We do not have any such resources, so we do not need to implement this
+// function other than by returning success.
+HRESULT
+LeashUIApplication::OnDestroyUICommand(UINT32 commandId, UI_COMMANDTYPE typeID,
+                                       IUICommandHandler *commandHandler)
+{
+    return S_OK;
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashUIApplication.h b/krb5-1.21.3/src/windows/leash/LeashUIApplication.h
new file mode 100644
index 00000000..64f43522
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashUIApplication.h
@@ -0,0 +1,86 @@
+// -*- mode: c++; c-basic-offset: 4; indent-tabs-mode: nil -*-
+// leash/LeashUIApplication.h - UIApplication implementation for Leash
+//
+// Copyright (C) 2014 by the Massachusetts Institute of Technology.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+// * Redistributions of source code must retain the above copyright
+//   notice, this list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright
+//   notice, this list of conditions and the following disclaimer in
+//   the documentation and/or other materials provided with the
+//   distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// The class description for the LeashUIApplication class, which
+// implements the UIApplication interfaces.  All applications using
+// the windows framework are required to implement this interface.
+// Leash is an MFC application, but in order to use the ribbon
+// from the windows framework, we must implement this interface so
+// that we have a UIApplication to hang the ribbon off of, even if we
+// do not make use of any other UIApplication features.
+
+#ifndef LEASH_LEASHUIAPPLICATION_H__
+#define LEASH_LEASHUIAPPLICATION_H__
+
+#include <UIRibbon.h>
+
+#define WM_RIBBON_RESIZE (WM_USER + 10)
+
+class LeashUIApplication : public IUIApplication
+{
+public:
+    // The "ribbon state" here is just whether it's minimized, and the
+    // contents of the Quick Access Toolbar.
+    HRESULT LoadRibbonState(IUIRibbon *ribbon);
+    HRESULT SaveRibbonState();
+    // Export how much space the ribbon is taking up.
+    UINT GetRibbonHeight();
+    // Do the real work here, not in the constructor
+    static HRESULT CreateInstance(IUIApplication **out, HWND hwnd);
+
+    // IUnknown virtual methods
+    ULONG STDMETHODCALLTYPE AddRef();
+    ULONG STDMETHODCALLTYPE Release();
+    HRESULT STDMETHODCALLTYPE QueryInterface(REFIID iid, void **ppv);
+
+    // IUIApplication virtual methods
+    HRESULT STDMETHODCALLTYPE OnViewChanged(UINT32 viewId, UI_VIEWTYPE typeID,
+                                            IUnknown *view, UI_VIEWVERB verb,
+                                            INT32 uReasonCode);
+    HRESULT STDMETHODCALLTYPE
+        OnCreateUICommand(UINT32 commandId, UI_COMMANDTYPE typeID,
+                          IUICommandHandler **commandHandler);
+    HRESULT STDMETHODCALLTYPE
+        OnDestroyUICommand(UINT32 commandId, UI_COMMANDTYPE typeID,
+                           IUICommandHandler *commandHandler);
+
+private:
+    LeashUIApplication() : refcnt(1), commandHandler(NULL),
+                           ribbonFramework(NULL) {}
+    HRESULT InitializeRibbon(HWND hwnd);
+    static HWND mainwin;
+    LONG refcnt;
+    UINT ribbonHeight;
+    IUICommandHandler *commandHandler;
+    IUIFramework *ribbonFramework;
+};
+
+#endif // LEASH_LEASHUIAPPLICATION_H__
diff --git a/krb5-1.21.3/src/windows/leash/LeashUICommandHandler.cpp b/krb5-1.21.3/src/windows/leash/LeashUICommandHandler.cpp
new file mode 100644
index 00000000..d5839145
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashUICommandHandler.cpp
@@ -0,0 +1,267 @@
+// -*- mode: c++; c-basic-offset: 4; indent-tabs-mode: nil -*-
+// leash/LeashUICommandHandler.cpp - implements IUICommandHandler interfaces
+//
+// Copyright (C) 2014 by the Massachusetts Institute of Technology.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+// * Redistributions of source code must retain the above copyright
+//   notice, this list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright
+//   notice, this list of conditions and the following disclaimer in
+//   the documentation and/or other materials provided with the
+//   distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file contains the class implementation of the leash implementation
+// of the UICommandHandler interface.  Its primary responsibility is
+// to accept UI events (i.e., button presses) and perform the
+// corresponding actions to the leash data structures and display
+// presentation.
+
+#include <UIRibbon.h>
+#include <UIRibbonPropertyHelpers.h>
+#include "kfwribbon.h"
+#include "LeashUICommandHandler.h"
+#include "resource.h"
+
+#include <loadfuncs-leash.h>
+
+// Allowing mixed-case realms has both a machine and user-specific knob,
+// and thus needs a function to manage it.
+extern DWORD Leash_get_default_uppercaserealm();
+extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
+
+HRESULT
+LeashUICommandHandler::CreateInstance(IUICommandHandler **out, HWND hwnd)
+{
+    LeashUICommandHandler *handler;
+
+    if (out == NULL)
+        return E_POINTER;
+
+    handler = new LeashUICommandHandler();
+    handler->mainwin = hwnd;
+    *out = static_cast<IUICommandHandler *>(handler);
+    return S_OK;
+}
+
+ULONG
+LeashUICommandHandler::AddRef()
+{
+    return InterlockedIncrement(&refcnt);
+}
+
+ULONG
+LeashUICommandHandler::Release()
+{
+    LONG tmp;
+
+    tmp = InterlockedDecrement(&refcnt);
+    if (tmp == 0)
+        delete this;
+    return tmp;
+}
+
+HRESULT
+LeashUICommandHandler::QueryInterface(REFIID iid, void **ppv)
+{
+    if (ppv == NULL)
+        return E_POINTER;
+
+    if (iid == __uuidof(IUnknown)) {
+        *ppv = static_cast<IUnknown*>(this);
+    } else if (iid == __uuidof(IUICommandHandler)) {
+        *ppv = static_cast<IUICommandHandler*>(this);
+    } else {
+        *ppv = NULL;
+        return E_NOINTERFACE;
+    }
+
+    AddRef();
+    return S_OK;
+}
+
+// Called by the framework when a control is activated that may require
+// an action to be taken, such as a button being pressed or a checkbox
+// state flipped.  (It is not called when the user changes tabs on the
+// ribbon.)  Just proxy these commands through to the existing MFC
+// handlers by sendding the appropriate message to the main window.
+// Action only needs to be taken on the EXECUTE verb, so we can
+// ignore the additional properties surrounding the action, which would
+// be relevant for other verbs.
+//
+// The commandIds are taken from the XML ribbon description.
+HRESULT
+LeashUICommandHandler::Execute(UINT32 commandId, UI_EXECUTIONVERB verb,
+                               const PROPERTYKEY *key,
+                               const PROPVARIANT *currentValue,
+                               IUISimplePropertySet *commandExecutionProperties)
+{
+    if (verb != UI_EXECUTIONVERB_EXECUTE)
+        return E_NOTIMPL;
+
+    switch(commandId) {
+        case cmdGetTicketButton:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_INIT_TICKET, 1), 0);
+            break;
+        case cmdRenewTicketButton:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_RENEW_TICKET, 1), 0);
+            break;
+        case cmdDestroyTicketButton:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_DESTROY_TICKET, 1),
+                        0);
+            break;
+        case cmdMakeDefaultButton:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_MAKE_DEFAULT, 1),
+                        0);
+            break;
+        case cmdChangePasswordButton:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_CHANGE_PASSWORD, 1),
+                        0);
+            break;
+        case cmdIssuedCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_TIME_ISSUED, 1), 0);
+            break;
+        case cmdRenewUntilCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_RENEWABLE_UNTIL, 1),
+                        0);
+            break;
+        case cmdValidUntilCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_VALID_UNTIL, 1), 0);
+            break;
+        case cmdEncTypeCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_ENCRYPTION_TYPE, 1),
+                        0);
+            break;
+        case cmdFlagsCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_SHOW_TICKET_FLAGS,
+                                                        1), 0);
+            break;
+        case cmdCcacheNameCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_CCACHE_NAME, 1), 0);
+            break;
+        case cmdAutoRenewCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_AUTO_RENEW, 1), 0);
+            break;
+        case cmdExpireAlarmCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_LOW_TICKET_ALARM,
+                                                        1), 0);
+            break;
+        case cmdDestroyOnExitCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_KILL_TIX_ONEXIT, 1),
+                        0);
+            break;
+        case cmdMixedCaseCheckBox:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_UPPERCASE_REALM, 1),
+                        0);
+            break;
+        case cmdHelp:
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(ID_HELP_LEASH32, 1), 0);
+            break;
+        case cmdAbout:
+            // ID_APP_ABOUT (0xe140) is defined in afxres.h, an MFC header
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(0xe140, 1), 0);
+            break;
+        case cmdExit:
+            // Save Ribbon customizations here, since this is the only
+            // path to a clean exit from the application.
+            if (app != NULL)
+                app->SaveRibbonState();
+            // ID_APP_EXIT (0xe141) is defined in afxres.h, an MFC header
+            SendMessage(mainwin, WM_COMMAND, MAKEWPARAM(0xe141, 1), 0);
+            break;
+        default:
+            // Lots of commands we don't need to pass on
+            return S_OK;
+    }
+    return S_OK;
+}
+
+// Looks up a given registry key in this application's Settings space
+// (analogous to CWinApp::GetProfileInt()), converting it to a
+// (boolean) PROPVARIANT which is returned in *out.  Uses the given
+// default value if the registry key cannot be loaded.
+static HRESULT
+RegKeyToProperty(const char *regkey, bool default, PROPVARIANT *out)
+{
+    DWORD bsize = sizeof(DWORD), enabled;
+    LONG code;
+
+    code = RegGetValue(HKEY_CURRENT_USER,
+                       "Software\\MIT\\MIT Kerberos\\Settings",
+                       regkey, RRF_RT_DWORD, NULL, &enabled,
+                       &bsize);
+    if (code == ERROR_FILE_NOT_FOUND) {
+        code = ERROR_SUCCESS;
+        enabled = default ? 1 : 0;
+    }
+    if (FAILED(code) || bsize != sizeof(enabled))
+        return E_FAIL;
+    return UIInitPropertyFromBoolean(UI_PKEY_BooleanValue, enabled, out);
+}
+
+// Called by the framework when the value of a property needs to be
+// re-evaluated, e.g., if it has been explicitly invalidated, or at
+// program startup.  This is the way to specify the initial/default
+// state for ribbon elements which have state, such as checkboxes.
+// The registry values which are modified by the MFC checkbox
+// action handlers can be read directly from here in order to present
+// a consistent visual interface.  The MFC handlers only write to the
+// registry when a value is changed, though, so we must duplicate
+// the default values which are hardcoded in CLeashView::sm_viewColumns[]
+// and elsewhere in LeashView.cpp.
+HRESULT
+LeashUICommandHandler::UpdateProperty(UINT32 commandId, REFPROPERTYKEY key,
+                                      const PROPVARIANT *currentValue,
+                                      PROPVARIANT *newValue)
+{
+    if (key != UI_PKEY_BooleanValue)
+        return E_NOTIMPL;
+
+    // These default values duplicate those hardcoded in
+    // CLeashView::sm_viewColumns[] and elsewhere in LeashView.cpp.
+    switch(commandId) {
+        case cmdIssuedCheckBox:
+            return RegKeyToProperty("Issued", false, newValue);
+        case cmdRenewUntilCheckBox:
+            return RegKeyToProperty("Renewable Until", false, newValue);
+        case cmdValidUntilCheckBox:
+            return RegKeyToProperty("Valid Until", true, newValue);
+        case cmdEncTypeCheckBox:
+            return RegKeyToProperty("Encryption Type", false, newValue);
+        case cmdFlagsCheckBox:
+            return RegKeyToProperty("Flags", false, newValue);
+        case cmdCcacheNameCheckBox:
+            return RegKeyToProperty("Credential Cache", false, newValue);
+        case cmdAutoRenewCheckBox:
+            return RegKeyToProperty("AutoRenewTickets", true, newValue);
+        case cmdExpireAlarmCheckBox:
+            return RegKeyToProperty("LowTicketAlarm", true, newValue);
+        case cmdDestroyOnExitCheckBox:
+            return RegKeyToProperty("DestroyTicketsOnExit", false, newValue);
+        case cmdMixedCaseCheckBox:
+            return UIInitPropertyFromBoolean(UI_PKEY_BooleanValue,
+                pLeash_get_default_uppercaserealm(), newValue);
+        default:
+            return E_NOTIMPL;
+    }
+
+    return E_NOTIMPL;
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashUICommandHandler.h b/krb5-1.21.3/src/windows/leash/LeashUICommandHandler.h
new file mode 100644
index 00000000..4991c915
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashUICommandHandler.h
@@ -0,0 +1,72 @@
+// -*- mode: c++; c-basic-offset: 4; indent-tabs-mode: nil -*-
+// leash/LeashUICommandHandler.h - implements IUICommandHandler interfaces
+//
+// Copyright (C) 2014 by the Massachusetts Institute of Technology.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+// * Redistributions of source code must retain the above copyright
+//   notice, this list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright
+//   notice, this list of conditions and the following disclaimer in
+//   the documentation and/or other materials provided with the
+//   distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+// OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file contains the class definition for the leash implementation
+// of the UICommandHandler interface.  Its primary responsibility is
+// to accept UI events (i.e., button presses) and perform the
+// corresponding actions to the leash data structures and display
+// presentation.  It also supplies values for the state of various
+// interface elements when the framework needs an authoritative value.
+
+#ifndef WINDOWS_LEASHUICOMMANDHANDLER_H__
+#define WINDOWS_LEASHUICOMMANDHANDLER_H__
+
+#include <UIRibbon.h>
+#include "LeashUIApplication.h"
+
+class LeashUICommandHandler : public IUICommandHandler
+{
+public:
+    LeashUIApplication *app;
+    // Actual work for creation is done here, not the constructor.
+    static HRESULT CreateInstance(IUICommandHandler **out, HWND hwnd);
+
+    // IUnknown virtual methods
+    ULONG STDMETHODCALLTYPE AddRef();
+    ULONG STDMETHODCALLTYPE Release();
+    HRESULT STDMETHODCALLTYPE QueryInterface(REFIID iid, void **ppv);
+
+    // IUICommandHandler virtual methods
+    HRESULT STDMETHODCALLTYPE Execute(UINT32 commandId, UI_EXECUTIONVERB verb,
+                    const PROPERTYKEY *key, const PROPVARIANT *currentValue,
+                    IUISimplePropertySet *commandExecutionProperties);
+    HRESULT STDMETHODCALLTYPE UpdateProperty(UINT32 commandId,
+                                             REFPROPERTYKEY key,
+                                             const PROPVARIANT *currentValue,
+                                             PROPVARIANT *newValue);
+
+private:
+    LeashUICommandHandler() : refcnt(1) {}
+    HWND mainwin; // Something to which to send messages.
+    LONG refcnt;
+};
+
+#endif // WINDOWS_LEASHUICOMMANDHANDLER_H__
diff --git a/krb5-1.21.3/src/windows/leash/LeashView.cpp b/krb5-1.21.3/src/windows/leash/LeashView.cpp
new file mode 100644
index 00000000..9413d752
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashView.cpp
@@ -0,0 +1,2480 @@
+//*****************************************************************************
+// File:	LeashView.cpp
+// By:		Arthur David Leather
+// Created:	12/02/98
+// Copyright	@1998 Massachusetts Institute of Technology - All rights reserved.
+// Description:	CPP file for LeashView.h. Contains variables and functions
+//		for the Leash FormView
+//
+// History:
+//
+// MM/DD/YY	Inits	Description of Change
+// 12/02/98	ADL		Original
+// 20030508     JEA     Added
+//*****************************************************************************
+
+#include "stdafx.h"
+#include <afxpriv.h>
+#include "Leash.h"
+#include "LeashDoc.h"
+#include "LeashView.h"
+#include "MainFrm.h"
+#include "reminder.h"
+#include "lglobals.h"
+#include "LeashDebugWindow.h"
+#include "LeashMessageBox.h"
+#include "LeashAboutBox.h"
+#include <krb5.h>
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static CHAR THIS_FILE[] = __FILE__;
+#endif
+
+#pragma comment(lib, "uxtheme")
+/////////////////////////////////////////////////////////////////////////////
+// CLeashView
+
+IMPLEMENT_DYNCREATE(CLeashView, CListView)
+
+BEGIN_MESSAGE_MAP(CLeashView, CListView)
+	//{{AFX_MSG_MAP(CLeashView)
+    ON_MESSAGE(WM_WARNINGPOPUP, OnWarningPopup)
+	ON_MESSAGE(WM_GOODBYE, OnGoodbye)
+    ON_MESSAGE(WM_TRAYICON, OnTrayIcon)
+    ON_NOTIFY(TVN_ITEMEXPANDED, IDC_TREEVIEW, OnItemexpandedTreeview)
+	ON_WM_CREATE()
+	ON_WM_SHOWWINDOW()
+	ON_COMMAND(ID_INIT_TICKET, OnInitTicket)
+	ON_COMMAND(ID_RENEW_TICKET, OnRenewTicket)
+	ON_COMMAND(ID_DESTROY_TICKET, OnDestroyTicket)
+	ON_COMMAND(ID_CHANGE_PASSWORD, OnChangePassword)
+	ON_COMMAND(ID_MAKE_DEFAULT, OnMakeDefault)
+	ON_COMMAND(ID_UPDATE_DISPLAY, OnUpdateDisplay)
+	ON_COMMAND(ID_SYN_TIME, OnSynTime)
+	ON_COMMAND(ID_DEBUG_MODE, OnDebugMode)
+	ON_COMMAND(ID_LARGE_ICONS, OnLargeIcons)
+	ON_COMMAND(ID_TIME_ISSUED, OnTimeIssued)
+	ON_COMMAND(ID_VALID_UNTIL, OnValidUntil)
+	ON_COMMAND(ID_RENEWABLE_UNTIL, OnRenewableUntil)
+	ON_COMMAND(ID_SHOW_TICKET_FLAGS, OnShowTicketFlags)
+	ON_COMMAND(ID_ENCRYPTION_TYPE, OnEncryptionType)
+	ON_COMMAND(ID_CCACHE_NAME, OnCcacheName)
+	ON_UPDATE_COMMAND_UI(ID_TIME_ISSUED, OnUpdateTimeIssued)
+	ON_UPDATE_COMMAND_UI(ID_VALID_UNTIL, OnUpdateValidUntil)
+	ON_UPDATE_COMMAND_UI(ID_RENEWABLE_UNTIL, OnUpdateRenewableUntil)
+	ON_UPDATE_COMMAND_UI(ID_SHOW_TICKET_FLAGS, OnUpdateShowTicketFlags)
+	ON_UPDATE_COMMAND_UI(ID_ENCRYPTION_TYPE, OnUpdateEncryptionType)
+	ON_UPDATE_COMMAND_UI(ID_CCACHE_NAME, OnUpdateCcacheName)
+	ON_COMMAND(ID_UPPERCASE_REALM, OnUppercaseRealm)
+	ON_COMMAND(ID_KILL_TIX_ONEXIT, OnKillTixOnExit)
+	ON_UPDATE_COMMAND_UI(ID_UPPERCASE_REALM, OnUpdateUppercaseRealm)
+	ON_UPDATE_COMMAND_UI(ID_KILL_TIX_ONEXIT, OnUpdateKillTixOnExit)
+	ON_WM_DESTROY()
+	ON_UPDATE_COMMAND_UI(ID_DESTROY_TICKET, OnUpdateDestroyTicket)
+	ON_UPDATE_COMMAND_UI(ID_INIT_TICKET, OnUpdateInitTicket)
+	ON_UPDATE_COMMAND_UI(ID_RENEW_TICKET, OnUpdateRenewTicket)
+	ON_COMMAND(ID_APP_ABOUT, OnAppAbout)
+	ON_UPDATE_COMMAND_UI(ID_DEBUG_MODE, OnUpdateDebugMode)
+	ON_UPDATE_COMMAND_UI(ID_CFG_FILES, OnUpdateCfgFiles)
+    ON_COMMAND(ID_LEASH_RESTORE, OnLeashRestore)
+    ON_COMMAND(ID_LEASH_MINIMIZE, OnLeashMinimize)
+	ON_COMMAND(ID_LOW_TICKET_ALARM, OnLowTicketAlarm)
+	ON_COMMAND(ID_AUTO_RENEW, OnAutoRenew)
+	ON_UPDATE_COMMAND_UI(ID_LOW_TICKET_ALARM, OnUpdateLowTicketAlarm)
+	ON_UPDATE_COMMAND_UI(ID_AUTO_RENEW, OnUpdateAutoRenew)
+	ON_UPDATE_COMMAND_UI(ID_MAKE_DEFAULT, OnUpdateMakeDefault)
+	ON_UPDATE_COMMAND_UI(ID_PROPERTIES, OnUpdateProperties)
+	ON_COMMAND(ID_HELP_KERBEROS_, OnHelpKerberos)
+	ON_COMMAND(ID_HELP_LEASH32, OnHelpLeash32)
+	ON_COMMAND(ID_HELP_WHYUSELEASH32, OnHelpWhyuseleash32)
+	ON_WM_SIZE()
+	ON_WM_LBUTTONDOWN()
+	ON_WM_CLOSE()
+	ON_WM_HSCROLL()
+	ON_WM_VSCROLL()
+    ON_WM_SYSCOLORCHANGE()
+    ON_MESSAGE(ID_OBTAIN_TGT_WITH_LPARAM, OnObtainTGTWithParam)
+    ON_NOTIFY(HDN_ITEMCHANGED, 0, OnItemChanged)
+	//}}AFX_MSG_MAP
+
+    ON_NOTIFY_REFLECT(LVN_ITEMCHANGING, &CLeashView::OnLvnItemchanging)
+    ON_NOTIFY_REFLECT(LVN_ITEMACTIVATE, &CLeashView::OnLvnItemActivate)
+    ON_NOTIFY_REFLECT(LVN_KEYDOWN, &CLeashView::OnLvnKeydown)
+    ON_NOTIFY_REFLECT(NM_CUSTOMDRAW, &CLeashView::OnNMCustomdraw)
+END_MESSAGE_MAP()
+
+
+time_t CLeashView::m_ticketTimeLeft = 0;  // # of seconds left before tickets expire
+INT  CLeashView::m_ticketStatusKrb5 = 0; // Defense Condition: are we low on tickets?
+INT  CLeashView::m_warningOfTicketTimeLeftKrb5 = 0; // Prevents warning box from coming up repeatively
+INT  CLeashView::m_warningOfTicketTimeLeftLockKrb5 = 0;
+INT  CLeashView::m_updateDisplayCount;
+INT  CLeashView::m_alreadyPlayedDisplayCount;
+INT  CLeashView::m_autoRenewTickets = 0;
+BOOL CLeashView::m_lowTicketAlarmSound;
+INT  CLeashView::m_autoRenewalAttempted = 0;
+LONG CLeashView::m_timerMsgNotInProgress = 1;
+ViewColumnInfo CLeashView::sm_viewColumns[] =
+{
+    {"Principal", true, -1, 200},                        // PRINCIPAL
+    {"Issued", false, ID_TIME_ISSUED, 100},              // TIME_ISSUED
+    {"Renewable Until", false, ID_RENEWABLE_UNTIL, 100}, // RENEWABLE_UNTIL
+    {"Valid Until", true, ID_VALID_UNTIL, 100},          // VALID_UNTIL
+    {"Encryption Type", false, ID_ENCRYPTION_TYPE, 100}, // ENCRYPTION_TYPE
+    {"Flags", false, ID_SHOW_TICKET_FLAGS, 100},         // TICKET_FLAGS
+    {"Credential Cache", false, ID_CCACHE_NAME, 105},    // CACHE_NAME
+};
+
+static struct TicketFlag {
+    unsigned long m_flag;
+    const LPTSTR m_description;
+} sm_TicketFlags[] =
+{
+    {TKT_FLG_FORWARDABLE, _T("Forwardable")},
+    {TKT_FLG_FORWARDED, _T("Forwarded")},
+    {TKT_FLG_PROXIABLE, _T("Proxiable")},
+    {TKT_FLG_PROXY, _T("Proxy")},
+    {TKT_FLG_RENEWABLE, _T("Renewable")},
+};
+
+static void krb5TicketFlagsToString(unsigned long flags, LPTSTR *outStr)
+{
+    const int numFlags = sizeof(sm_TicketFlags) / sizeof(sm_TicketFlags[0]);
+    int strSize = 1;
+    LPTSTR str;
+    // pass 1: compute size
+    for (int i = 0; i < numFlags; i++) {
+        if (flags & sm_TicketFlags[i].m_flag) {
+            if (strSize > 1)
+                strSize += 2;
+            strSize += strlen(sm_TicketFlags[i].m_description);
+        }
+    }
+    // allocate
+    str = (LPSTR)malloc(strSize);
+    if (str != NULL) {
+        *str = 0;
+        // pass 2: construct string
+        for (int i = 0; i < numFlags; i++) {
+            if (flags & sm_TicketFlags[i].m_flag) {
+                if (str[0])
+                    _tcscat_s(str, strSize, _T(", "));
+                _tcscat_s(str, strSize, sm_TicketFlags[i].m_description);
+            }
+        }
+    }
+    *outStr = str;
+}
+
+
+static HFONT CreateBoldFont(HFONT font)
+{
+    // @TODO: Should probably enumerate fonts here instead since this
+    // does not actually seem to guarantee returning a new font
+    // distinguishable from the original.
+    LOGFONT fontAttributes = { 0 };
+    ::GetObject(font, sizeof(fontAttributes), &fontAttributes);
+    fontAttributes.lfWeight = FW_BOLD;
+    HFONT boldFont = ::CreateFontIndirect(&fontAttributes);
+    return boldFont;
+}
+
+static HFONT CreateItalicFont(HFONT font)
+{
+    LOGFONT fontAttributes = { 0 };
+    ::GetObject(font, sizeof(fontAttributes), &fontAttributes);
+    fontAttributes.lfItalic = TRUE;
+    HFONT italicFont = ::CreateFontIndirect(&fontAttributes);
+    return italicFont;
+}
+
+static HFONT CreateBoldItalicFont(HFONT font)
+{
+    LOGFONT fontAttributes = { 0 };
+    ::GetObject(font, sizeof(fontAttributes), &fontAttributes);
+    fontAttributes.lfWeight = FW_BOLD;
+    fontAttributes.lfItalic = TRUE;
+    HFONT boldItalicFont = ::CreateFontIndirect(&fontAttributes);
+    return boldItalicFont;
+}
+
+bool change_icon_size = true;
+
+void TimestampToFileTime(time_t t, LPFILETIME pft)
+{
+    // Note that LONGLONG is a 64-bit value
+    ULONGLONG ll;
+
+    ll = UInt32x32To64((DWORD)t, 10000000) + 116444736000000000;
+    pft->dwLowDateTime = (DWORD)ll;
+    pft->dwHighDateTime = ll >> 32;
+}
+
+// allocate outstr
+void TimestampToLocalizedString(time_t t, LPTSTR *outStr)
+{
+    FILETIME ft, lft;
+    SYSTEMTIME st;
+    TimestampToFileTime(t, &ft);
+    FileTimeToLocalFileTime(&ft, &lft);
+    FileTimeToSystemTime(&lft, &st);
+    TCHAR timeFormat[80]; // 80 is max required for LOCALE_STIMEFORMAT
+    GetLocaleInfo(LOCALE_SYSTEM_DEFAULT,
+                  LOCALE_STIMEFORMAT,
+                  timeFormat,
+                  sizeof(timeFormat) / sizeof(timeFormat[0]));
+
+    int timeSize = GetTimeFormat(LOCALE_SYSTEM_DEFAULT,
+                                 TIME_NOSECONDS,
+                                 &st,
+                                 timeFormat,
+                                 NULL,
+                                 0);
+    // Using dateFormat prevents localization of Month/day order,
+    // but there is no other way AFAICT to suppress the year
+    TCHAR * dateFormat = "MMM dd'  '";
+    int dateSize = GetDateFormat(LOCALE_SYSTEM_DEFAULT,
+        0, // flags
+        &st,
+        dateFormat, // format
+        NULL, // date string
+        0);
+
+    if (*outStr)
+        free(*outStr);
+
+    // Allocate string for combined date and time,
+    // but only need one terminating NULL
+    LPTSTR str = (LPSTR)malloc((dateSize + timeSize - 1) * sizeof(TCHAR));
+    if (!str) {
+        // LeashWarn allocation failure
+        *outStr = NULL;
+        return;
+    }
+    GetDateFormat(LOCALE_SYSTEM_DEFAULT,
+        0, // flags
+        &st,
+        dateFormat, // format
+        &str[0],
+        dateSize);
+
+    GetTimeFormat(LOCALE_SYSTEM_DEFAULT,
+                    TIME_NOSECONDS,
+                    &st,
+                    timeFormat,
+                    &str[dateSize - 1],
+                    timeSize);
+    *outStr = str;
+}
+
+#define SECONDS_PER_MINUTE (60)
+#define SECONDS_PER_HOUR (60 * SECONDS_PER_MINUTE)
+#define SECONDS_PER_DAY (24 * SECONDS_PER_HOUR)
+#define MAX_DURATION_STR 255
+// convert time in seconds to string
+void DurationToString(long delta, LPTSTR *outStr)
+{
+    int days;
+    int hours;
+    int minutes;
+    TCHAR minutesStr[MAX_DURATION_STR+1];
+    TCHAR hoursStr[MAX_DURATION_STR+1];
+
+    if (*outStr)
+        free(*outStr);
+    *outStr = (LPSTR)malloc((MAX_DURATION_STR + 1)* sizeof(TCHAR));
+    if (!(*outStr))
+        return;
+
+    days = delta / SECONDS_PER_DAY;
+    delta -= days * SECONDS_PER_DAY;
+    hours = delta / SECONDS_PER_HOUR;
+    delta -= hours * SECONDS_PER_HOUR;
+    minutes = delta / SECONDS_PER_MINUTE;
+
+    _snprintf(minutesStr, MAX_DURATION_STR, "%d m", minutes);
+    minutesStr[MAX_DURATION_STR] = 0;
+
+    _snprintf(hoursStr, MAX_DURATION_STR, "%d h", hours);
+    hoursStr[MAX_DURATION_STR] = 0;
+
+    if (days > 0) {
+        _snprintf(*outStr, MAX_DURATION_STR, "(%d d, %s remaining)", days,
+                  hoursStr);
+    } else if (hours > 0) {
+        _snprintf(*outStr, MAX_DURATION_STR, "(%s, %s remaining)", hoursStr,
+                  minutesStr);
+    } else {
+        _snprintf(*outStr, MAX_DURATION_STR, "(%s remaining)", minutesStr);
+    }
+    (*outStr)[MAX_DURATION_STR] = 0;
+}
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashView construction/destruction
+
+CLeashView::CLeashView()
+{
+////@#+Need removing as well!
+    m_startup = TRUE;
+    m_warningOfTicketTimeLeftKrb5 = 0;
+    m_warningOfTicketTimeLeftLockKrb5 = 0;
+    m_largeIcons = 0;
+    m_destroyTicketsOnExit = 0;
+    m_debugWindow = 0;
+    m_upperCaseRealm = 0;
+    m_lowTicketAlarm = 0;
+
+    m_pDebugWindow = NULL;
+    m_pDebugWindow = new CLeashDebugWindow(this);
+    if (!m_pDebugWindow)
+    {
+        AfxMessageBox("There is a problem with the Leash Debug Window!",
+                   MB_OK|MB_ICONSTOP);
+    }
+
+    m_debugStartUp = TRUE;
+    m_isMinimum = FALSE;
+    m_lowTicketAlarmSound = FALSE;
+    m_alreadyPlayed = FALSE;
+    ResetTreeNodes();
+    m_hMenu = NULL;
+    m_pApp = NULL;
+    m_ccacheDisplay = NULL;
+    m_autoRenewTickets = 0;
+    m_autoRenewalAttempted = 0;
+    m_pWarningMessage = NULL;
+    m_bIconAdded = FALSE;
+    m_bIconDeleted = FALSE;
+    m_BaseFont = NULL;
+    m_BoldFont = NULL;
+    m_ItalicFont = NULL;
+    m_aListItemInfo = NULL;
+}
+
+
+CLeashView::~CLeashView()
+{
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem) {
+        CCacheDisplayData *next = elem->m_next;
+        delete elem;
+        elem = next;
+    }
+    m_ccacheDisplay = NULL;
+    // destroys window if not already destroyed
+    if (m_pDebugWindow)
+        delete m_pDebugWindow;
+    if (m_BoldFont)
+        DeleteObject(m_BoldFont);
+    if (m_ItalicFont)
+        DeleteObject(m_ItalicFont);
+    if (m_aListItemInfo)
+        delete[] m_aListItemInfo;
+}
+
+void CLeashView::OnItemChanged(NMHDR* pNmHdr, LRESULT* pResult)
+{
+    NMHEADER* pHdr = (NMHEADER*)pNmHdr;
+    if (!pHdr->pitem)
+        return;
+    if (!pHdr->pitem->mask & HDI_WIDTH)
+        return;
+
+    // Sync column width and save to registry
+    for (int i = 0, columnIndex = 0; i < NUM_VIEW_COLUMNS; i++) {
+        ViewColumnInfo &info = sm_viewColumns[i];
+        if ((info.m_enabled) && (columnIndex++ == pHdr->iItem)) {
+            info.m_columnWidth = pHdr->pitem->cxy;
+            if (m_pApp)
+                m_pApp->WriteProfileInt("ColumnWidths", info.m_name, info.m_columnWidth);
+            break;
+        }
+    }
+}
+
+BOOL CLeashView::PreCreateWindow(CREATESTRUCT& cs)
+{
+    // TODO: Modify the Window class or styles here by modifying
+    //  the CREATESTRUCT cs
+
+    return CListView::PreCreateWindow(cs);
+}
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashView diagnostics
+
+#ifdef _DEBUG
+VOID CLeashView::AssertValid() const
+{
+    CListView::AssertValid();
+}
+
+VOID CLeashView::Dump(CDumpContext& dc) const
+{
+    CListView::Dump(dc);
+}
+
+/*
+LeashDoc* CLeashView::GetDocument() // non-debug version is inline
+{
+    ASSERT(m_pDocument->IsKindOf(RUNTIME_CLASS(LeashDoc)));
+    return (LeashDoc*)m_pDocument;
+}
+*/
+#endif //_DEBUG
+
+/////////////////////////////////////////////////////////////////////////////
+// CLeashView message handlers
+
+BOOL CLeashView::Create(LPCTSTR lpszClassName, LPCTSTR lpszWindowName,
+                        DWORD dwStyle, const RECT& rect, CWnd* pParentWnd,
+                        UINT nID, CCreateContext* pContext)
+{
+    return CListView::Create(lpszClassName, lpszWindowName, dwStyle, rect,
+                             pParentWnd, nID, pContext);
+}
+
+INT CLeashView::OnCreate(LPCREATESTRUCT lpCreateStruct)
+{
+    if (CListView::OnCreate(lpCreateStruct) == -1)
+        return -1;
+    return 0;
+}
+
+VOID CLeashView::OnClose(void)
+{
+    printf("OnClose\n");
+}
+
+time_t CLeashView::LeashTime()
+{
+    _tzset();
+    return time(0);
+}
+
+// Call while possessing a lock to ticketinfo.lockObj
+INT CLeashView::GetLowTicketStatus(int ver)
+{
+    BOOL b_notix = (ver == 5 && !ticketinfo.Krb5.btickets);
+
+    if (b_notix)
+        return NO_TICKETS;
+
+    if (m_ticketTimeLeft <= 0L)
+        return ZERO_MINUTES_LEFT;
+
+    if (m_ticketTimeLeft <= 20 * 60)
+        return (INT)(m_ticketTimeLeft / 5 / 60) + 2 -
+            (m_ticketTimeLeft % (5 * 60) == 0 ? 1 : 0);
+
+    return PLENTY_OF_TIME;
+}
+
+VOID CLeashView::UpdateTicketTime(TICKETINFO& ti)
+{
+    if (!ti.btickets) {
+        m_ticketTimeLeft = 0L;
+        return;
+    }
+
+    m_ticketTimeLeft = ti.valid_until - LeashTime();
+
+    if (m_ticketTimeLeft <= 0L)
+        ti.btickets = EXPIRED_TICKETS;
+}
+
+
+VOID CALLBACK EXPORT CLeashView::TimerProc(HWND hWnd, UINT nMsg,
+                                           UINT_PTR nIDEvent, DWORD dwTime)
+{
+    // All of the work is being done in the PreTranslateMessage method
+    // in order to have access to the object
+}
+
+VOID  CLeashView::ApplicationInfoMissingMsg()
+{
+    AfxMessageBox("There is a problem finding Leash application information!",
+               MB_OK|MB_ICONSTOP);
+}
+
+VOID CLeashView::OnShowWindow(BOOL bShow, UINT nStatus)
+{
+    CListView::OnShowWindow(bShow, nStatus);
+
+    // Get State of Icons Size
+    m_pApp = AfxGetApp();
+    if (!m_pApp)
+    {
+        ApplicationInfoMissingMsg();
+    }
+    else
+    {
+        m_largeIcons = m_pApp->GetProfileInt("Settings", "LargeIcons", ON);
+
+        // Get State of Destroy Tickets On Exit
+        m_destroyTicketsOnExit = m_pApp->GetProfileInt("Settings", "DestroyTicketsOnExit", OFF);
+
+        // Get State of Low Ticket Alarm
+        m_lowTicketAlarm = m_pApp->GetProfileInt("Settings", "LowTicketAlarm", ON);
+
+        // Get State of Auto Renew Tickets
+        m_autoRenewTickets = m_pApp->GetProfileInt("Settings", "AutoRenewTickets", ON);
+
+        // Get State of Upper Case Realm
+        m_upperCaseRealm = pLeash_get_default_uppercaserealm();
+
+        // UI main display column widths
+        for (int i=0; i<NUM_VIEW_COLUMNS; i++) {
+            ViewColumnInfo &info = sm_viewColumns[i];
+            info.m_enabled = m_pApp->GetProfileInt("Settings",
+                                                   info.m_name,
+                                                   info.m_enabled);
+            info.m_columnWidth = m_pApp->GetProfileInt("ColumnWidths",
+                                                   info.m_name,
+                                                   info.m_columnWidth);
+        }
+
+        OnLargeIcons();
+    }
+
+    SetTimer(1, ONE_SECOND, TimerProc);
+
+    if (!CLeashApp::m_hKrb5DLL)
+    {
+////Update not to mention K4
+        AfxMessageBox("Kerberos Five is not loaded!!!"
+                   "\r\nYou will not be able to retrieve tickets and/or "
+                   "tokens.",
+                   MB_OK|MB_ICONWARNING);
+    }
+
+    SetDlgItemText(IDC_LABEL_KERB_TICKETS,
+		   "Your Kerberos Tickets (Issued/Expires/[Renew]/Principal)");
+
+    // CLeashApp::m_krbv5_context = NULL;
+}
+
+VOID CLeashView::OnInitTicket()
+{
+    try {
+        InitTicket(m_hWnd);
+    }
+    catch(...) {
+        AfxMessageBox("Ticket Getting operation already in progress", MB_OK, 0);
+    }
+}
+
+UINT CLeashView::InitTicket(void * hWnd)
+{
+    LSH_DLGINFO_EX ldi;
+    char username[64];
+    char realm[192];
+    int i=0, j=0;
+    if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) {
+        throw("Unable to lock ticketinfo");
+    }
+    LeashKRB5ListDefaultTickets(&ticketinfo.Krb5);
+    char * principal = ticketinfo.Krb5.principal;
+    if (principal)
+        for (; principal[i] && principal[i] != '@'; i++)
+            username[i] = principal[i];
+    username[i] = '\0';
+    if (principal && principal[i]) {
+        for (i++ ; principal[i] ; i++, j++)
+        {
+            realm[j] = principal[i];
+        }
+    }
+    realm[j] = '\0';
+    LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
+    ReleaseMutex(ticketinfo.lockObj);
+
+    ldi.size = sizeof(ldi);
+    ldi.dlgtype = DLGTYPE_PASSWD;
+    ldi.title = ldi.in.title;
+    strcpy_s(ldi.in.title,"MIT Kerberos: Get Ticket");
+    ldi.username = ldi.in.username;
+    strcpy(ldi.in.username,username);
+    ldi.realm = ldi.in.realm;
+    strcpy(ldi.in.realm,realm);
+    ldi.dlgtype = DLGTYPE_PASSWD;
+    ldi.use_defaults = 1;
+
+    if (!hWnd)
+    {
+        AfxMessageBox("There is a problem finding the Leash Window!",
+                   MB_OK|MB_ICONSTOP);
+        return 0;
+    }
+
+    int result = pLeash_kinit_dlg_ex((HWND)hWnd, &ldi);
+
+    if (-1 == result)
+    {
+        AfxMessageBox("There is a problem getting tickets!",
+                   MB_OK|MB_ICONSTOP);
+    }
+    else if ( result )
+    {
+        if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) {
+            throw("Unable to lock ticketinfo");
+        }
+        m_warningOfTicketTimeLeftKrb5 = 0;
+        m_ticketStatusKrb5 = 0;
+        ReleaseMutex(ticketinfo.lockObj);
+        m_autoRenewalAttempted = 0;
+        ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+    }
+    return 0;
+}
+
+static UINT krenew(void *param)
+{
+    char *ccache_name = (char *)param;
+    krb5_context ctx = 0;
+    krb5_ccache ccache = NULL;
+    krb5_principal me = 0;
+    krb5_principal server = 0;
+    krb5_creds my_creds;
+    krb5_data *realm = 0;
+
+    memset(&my_creds, 0, sizeof(krb5_creds));
+    if (ccache_name == NULL)
+        // Bad param
+        goto cleanup;
+
+    krb5_error_code code = pkrb5_init_context(&ctx);
+    if (code) {
+        // TODO: spew error
+        goto cleanup;
+    }
+    code = pkrb5_cc_resolve(ctx, ccache_name, &ccache);
+    if (code) {
+        // TODO: spew error
+        goto cleanup;
+    }
+
+    code = pkrb5_cc_get_principal(ctx, ccache, &me);
+    if (code)
+        goto cleanup;
+
+    realm = krb5_princ_realm(ctx, me);
+
+    code = pkrb5_build_principal_ext(ctx, &server,
+                                    realm->length, realm->data,
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    realm->length, realm->data,
+                                    0);
+    if (code)
+        goto cleanup;
+
+    my_creds.client = me;
+    my_creds.server = server;
+
+#ifdef KRB5_TC_NOTICKET
+    pkrb5_cc_set_flags(ctx, ccache, 0);
+#endif
+    code = pkrb5_get_renewed_creds(ctx, &my_creds, me, ccache, NULL);
+#ifdef KRB5_TC_NOTICKET
+    pkrb5_cc_set_flags(ctx, ccache, KRB5_TC_NOTICKET);
+#endif
+    if (code) {
+/* TODO
+        if (code != KRB5KDC_ERR_ETYPE_NOSUPP || code != KRB5_KDC_UNREACH)
+            Leash_krb5_error(code, "krb5_get_renewed_creds()", 0, &ctx,
+                             &ccache);
+*/
+        goto cleanup;
+    }
+
+    code = pkrb5_cc_initialize(ctx, ccache, me);
+    if (code)
+        goto cleanup;
+
+    code = pkrb5_cc_store_cred(ctx, ccache, &my_creds);
+    if (code)
+        goto cleanup;
+
+cleanup:
+    if (my_creds.client == me)
+        my_creds.client = 0;
+    if (my_creds.server == server)
+        my_creds.server = 0;
+    pkrb5_free_cred_contents(ctx, &my_creds);
+    if (me != NULL)
+        pkrb5_free_principal(ctx, me);
+    if (server != NULL)
+        pkrb5_free_principal(ctx, server);
+    if (ccache != NULL)
+        pkrb5_cc_close(ctx, ccache);
+    if (ctx != NULL)
+        pkrb5_free_context(ctx);
+    if (ccache_name != NULL)
+        free(ccache_name);
+
+    CLeashApp::m_bUpdateDisplay = TRUE;
+    return 0;
+}
+
+VOID CLeashView::OnRenewTicket()
+{
+    if ( !CLeashApp::m_hKrb5DLL )
+        return;
+
+    // @TODO: grab list mutex
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem != NULL) {
+        if (elem->m_selected) {
+            char *ccache_name = strdup(elem->m_ccacheName);
+            if (ccache_name)
+                AfxBeginThread(krenew, (void *)ccache_name);
+        }
+        elem = elem->m_next;
+    }
+    // release list mutex
+}
+
+UINT CLeashView::RenewTicket(void * hWnd)
+{
+    if ( !CLeashApp::m_hKrb5DLL )
+        return 0;
+
+    // Try to renew
+    BOOL b_renewed = pLeash_renew();
+    if ( b_renewed ) {
+        m_warningOfTicketTimeLeftKrb5 = 0;
+        m_ticketStatusKrb5 = 0;
+        m_autoRenewalAttempted = 0;
+        ReleaseMutex(ticketinfo.lockObj);
+        ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+        return 0;
+    }
+
+    AfxBeginThread(InitTicket,hWnd);
+
+    return 0;
+}
+
+static void kdestroy(const char *ccache_name)
+{
+    krb5_context ctx;
+    krb5_ccache ccache=NULL;
+    int code = pkrb5_init_context(&ctx);
+    if (code) {
+        // TODO: spew error
+        goto cleanup;
+    }
+    code = pkrb5_cc_resolve(ctx, ccache_name, &ccache);
+    if (code) {
+        // TODO: spew error
+        goto cleanup;
+    }
+    code = pkrb5_cc_destroy(ctx, ccache);
+    if (code) {
+        goto cleanup;
+    }
+cleanup:
+    if (ctx)
+        pkrb5_free_context(ctx);
+}
+
+
+VOID CLeashView::OnDestroyTicket()
+{
+    // @TODO: grab mutex
+    BOOL destroy = FALSE;
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem) {
+        if (elem->m_selected) {
+            // @TODO add princ to msg text
+            destroy = TRUE;
+        }
+        elem = elem->m_next;
+    }
+    // release mutex
+
+    if (destroy)
+    {
+        INT whatToDo;
+
+        whatToDo = AfxMessageBox("Are you sure you want to destroy these tickets?",
+                                    MB_ICONEXCLAMATION|MB_YESNO, 0);
+
+        if (whatToDo == IDYES)
+        {
+            // grab list mutex
+            elem = m_ccacheDisplay;
+            while (elem) {
+                if (elem->m_selected)
+                    kdestroy(elem->m_ccacheName);
+                elem = elem->m_next;
+            }
+            // release list mutex
+            SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+        }
+    }
+    m_autoRenewalAttempted = 0;
+}
+
+VOID CLeashView::OnMakeDefault()
+{
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    int code = 0;
+    krb5_context ctx;
+    krb5_ccache cc;
+    while (elem) {
+        if (elem->m_selected) {
+            pkrb5_init_context(&ctx);
+            code = pkrb5_cc_resolve(ctx, elem->m_ccacheName, &cc);
+            if (!code)
+                code = pkrb5_cc_switch(ctx, cc);
+            if (!code) {
+                const char *cctype = pkrb5_cc_get_type(ctx, cc);
+                if (cctype != NULL) {
+                    char defname[20];
+                    sprintf_s(defname, "%s:", cctype);
+                    code = pkrb5int_cc_user_set_default_name(ctx, defname);
+                }
+            }
+            pkrb5_free_context(ctx);
+            CLeashApp::m_bUpdateDisplay = TRUE;
+            break;
+        }
+        elem = elem->m_next;
+    }
+}
+
+VOID CLeashView::OnChangePassword()
+{
+    krb5_context ctx = 0;
+    krb5_ccache ccache = 0;
+    krb5_principal princ = 0;
+    char *pname = NULL;
+    char *username = NULL;
+    char *realm = NULL;
+    int code = 0;
+
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem != NULL) {
+        if (elem->m_selected) {
+            if (elem->m_ccacheName)
+                break;
+        }
+        elem = elem->m_next;
+    }
+    if (elem != NULL) {
+        code = pkrb5_init_context(&ctx);
+        if (code) {
+            // TODO: spew error
+            goto cleanup;
+        }
+        code = pkrb5_cc_resolve(ctx, elem->m_ccacheName, &ccache);
+        if (code) {
+            // TODO: spew error
+            goto cleanup;
+        }
+        code = pkrb5_cc_get_principal(ctx, ccache, &princ);
+        if (code) {
+            goto cleanup;
+        }
+        code = pkrb5_unparse_name(ctx, princ, &pname);
+        if (code) {
+            goto cleanup;
+        }
+    }
+
+    LSH_DLGINFO_EX ldi;
+    if (pname != NULL) {
+        username = pname;
+        realm = strchr(pname, '@');
+        if (realm != NULL)
+            *realm++ = '\0';
+    }
+    ldi.size = sizeof(ldi);
+    ldi.dlgtype = DLGTYPE_CHPASSWD;
+    ldi.title = ldi.in.title;
+    strcpy_s(ldi.in.title, "MIT Kerberos: Change Password");
+    ldi.username = ldi.in.username;
+    strcpy_s(ldi.in.username, username ? username : "");
+    ldi.realm = ldi.in.realm;
+    strcpy_s(ldi.in.realm, realm ? realm : "");
+    ldi.use_defaults = 1;
+
+    int result = pLeash_changepwd_dlg_ex(m_hWnd, &ldi);
+    if (-1 == result) {
+        AfxMessageBox("There is a problem changing password!",
+                   MB_OK|MB_ICONSTOP);
+    }
+cleanup:
+    if (pname != NULL)
+        pkrb5_free_unparsed_name(ctx, pname);
+    if (princ != NULL)
+        pkrb5_free_principal(ctx, princ);
+    if (ccache != NULL)
+        pkrb5_cc_close(ctx, ccache);
+    if (ctx != NULL)
+        pkrb5_free_context(ctx);
+}
+
+static CCacheDisplayData **
+FindCCacheDisplayData(const char * ccacheName, CCacheDisplayData **pList)
+{
+    CCacheDisplayData *elem;
+    while ((elem = *pList)) {
+        if (strcmp(ccacheName, elem->m_ccacheName)==0)
+            return pList;
+        pList = &elem->m_next;
+    }
+    return NULL;
+}
+
+void CLeashView::AddDisplayItem(CListCtrl &list,
+                                CCacheDisplayData *elem,
+                                int iItem,
+                                char *principal,
+                                time_t issued,
+                                time_t valid_until,
+                                time_t renew_until,
+                                char *encTypes,
+                                unsigned long flags,
+                                char *ccache_name)
+{
+    TCHAR* localTimeStr=NULL;
+    TCHAR* durationStr=NULL;
+    TCHAR* flagsStr=NULL;
+    TCHAR tempStr[MAX_DURATION_STR+1];
+    time_t now = LeashTime();
+
+    list.InsertItem(iItem, principal, -1);
+
+    int iSubItem = 1;
+    if (sm_viewColumns[TIME_ISSUED].m_enabled) {
+        if (issued == 0) {
+            list.SetItemText(iItem, iSubItem++, "Unknown");
+        } else {
+            TimestampToLocalizedString(issued, &localTimeStr);
+            list.SetItemText(iItem, iSubItem++, localTimeStr);
+        }
+    }
+    if (sm_viewColumns[RENEWABLE_UNTIL].m_enabled) {
+        if (valid_until == 0) {
+            list.SetItemText(iItem, iSubItem++, "Unknown");
+        } else if (valid_until < now) {
+            list.SetItemText(iItem, iSubItem++, "Expired");
+        } else if (renew_until) {
+            TimestampToLocalizedString(renew_until, &localTimeStr);
+            DurationToString(renew_until - now, &durationStr);
+            if (localTimeStr && durationStr) {
+                _snprintf(tempStr, MAX_DURATION_STR, "%s %s", localTimeStr, durationStr);
+                tempStr[MAX_DURATION_STR] = 0;
+                list.SetItemText(iItem, iSubItem++, tempStr);
+            }
+        } else {
+            list.SetItemText(iItem, iSubItem++, "Not renewable");
+        }
+    }
+    if (sm_viewColumns[VALID_UNTIL].m_enabled) {
+        if (valid_until == 0) {
+            list.SetItemText(iItem, iSubItem++, "Unknown");
+        } else if (valid_until < now) {
+            list.SetItemText(iItem, iSubItem++, "Expired");
+        } else {
+            TimestampToLocalizedString(valid_until, &localTimeStr);
+            DurationToString(valid_until - now, &durationStr);
+            if (localTimeStr && durationStr) {
+                _snprintf(tempStr, MAX_DURATION_STR, "%s %s", localTimeStr, durationStr);
+                tempStr[MAX_DURATION_STR] = 0;
+                list.SetItemText(iItem, iSubItem++, tempStr);
+            }
+        }
+    }
+
+    if (sm_viewColumns[ENCRYPTION_TYPE].m_enabled) {
+        list.SetItemText(iItem, iSubItem++, encTypes);
+    }
+    if (sm_viewColumns[TICKET_FLAGS].m_enabled) {
+        krb5TicketFlagsToString(flags, &flagsStr);
+        list.SetItemText(iItem, iSubItem++, flagsStr);
+    }
+    if (sm_viewColumns[CACHE_NAME].m_enabled) {
+        list.SetItemText(iItem, iSubItem++, ccache_name);
+    }
+    if (flagsStr)
+        free(flagsStr);
+    if (localTimeStr)
+        free(localTimeStr);
+    if (durationStr)
+        free(durationStr);
+}
+
+BOOL CLeashView::IsExpanded(TICKETINFO *info)
+{
+    CCacheDisplayData **pElem = FindCCacheDisplayData(info->ccache_name,
+                                                      &m_ccacheDisplay);
+    return (pElem && (*pElem)->m_expanded) ? TRUE : FALSE;
+}
+
+BOOL CLeashView::IsExpired(TICKETINFO *info)
+{
+    return LeashTime() > info->valid_until ? TRUE : FALSE;
+}
+
+BOOL CLeashView::IsExpired(TicketList *ticket)
+{
+    return LeashTime() > ticket->valid_until ? TRUE : FALSE;
+}
+
+CCacheDisplayData *
+FindCCacheDisplayElem(CCacheDisplayData *pElem, int itemIndex)
+{
+    while (pElem != NULL) {
+        if (pElem->m_index == itemIndex)
+            return pElem;
+        pElem = pElem->m_next;
+    }
+    return NULL;
+}
+
+VOID CLeashView::OnUpdateDisplay()
+{
+    CListCtrl& list = GetListCtrl();
+    // @TODO: there is probably a more sensible place to initialize these...
+    if ((m_BaseFont == NULL) && (list.GetFont())) {
+        m_BaseFont = *list.GetFont();
+        m_BoldFont = CreateBoldFont(m_BaseFont);
+        m_ItalicFont = CreateItalicFont(m_BaseFont);
+        m_BoldItalicFont = CreateBoldItalicFont(m_BaseFont);
+    }
+    // Determine currently focused item
+    int focusItem = list.GetNextItem(-1, LVNI_FOCUSED);
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem) {
+        if (focusItem >= elem->m_index) {
+            elem->m_focus = focusItem - elem->m_index;
+            focusItem = -1;
+        } else {
+            elem->m_focus = -1;
+        }
+        elem = elem->m_next;
+    }
+
+    list.DeleteAllItems();
+    ModifyStyle(LVS_TYPEMASK, LVS_REPORT);
+	UpdateWindow();
+    // Delete all of the columns.
+    while (list.DeleteColumn(0));
+
+    list.SetImageList(&m_imageList, LVSIL_SMALL);
+
+    // Reconstruct based on current options
+    int columnIndex = 0;
+    int itemIndex = 0;
+    for (int i = 0; i < NUM_VIEW_COLUMNS; i++) {
+        ViewColumnInfo &info = sm_viewColumns[i];
+        if (info.m_enabled) {
+            list.InsertColumn(columnIndex++,
+                (info.m_name), // @LOCALIZEME!
+                LVCFMT_LEFT,
+                info.m_columnWidth,
+                itemIndex++);
+        }
+    }
+
+    INT ticketIconStatusKrb5;
+    INT ticketIconStatus_SelectedKrb5;
+    INT iconStatusKrb5;
+
+    if (WaitForSingleObject( ticketinfo.lockObj, 100 ) != WAIT_OBJECT_0)
+        throw("Unable to lock ticketinfo");
+
+    // Get Kerb 5 tickets in list
+    LeashKRB5ListDefaultTickets(&ticketinfo.Krb5);
+    if (CLeashApp::m_hKrb5DLL && !CLeashApp::m_krbv5_profile)
+    {
+        CHAR confname[MAX_PATH];
+        if (CLeashApp::GetProfileFile(confname, sizeof(confname)))
+        {
+            AfxMessageBox("Can't locate Kerberos Five Config. file!",
+                        MB_OK|MB_ICONSTOP);
+        }
+
+        const char *filenames[2];
+        filenames[0] = confname;
+        filenames[1] = NULL;
+        pprofile_init(filenames, &CLeashApp::m_krbv5_profile);
+    }
+
+    /*
+     * Update Ticket Status for Krb5 so that we may use their state
+     * to select the appropriate Icon for the Parent Node
+     */
+
+    /* Krb5 */
+    UpdateTicketTime(ticketinfo.Krb5);
+    m_ticketStatusKrb5 = GetLowTicketStatus(5);
+    if ((!ticketinfo.Krb5.btickets) ||
+        EXPIRED_TICKETS == ticketinfo.Krb5.btickets ||
+        m_ticketStatusKrb5 == ZERO_MINUTES_LEFT)
+    {
+        ticketIconStatusKrb5 = EXPIRED_CLOCK;
+        ticketIconStatus_SelectedKrb5 = EXPIRED_CLOCK;
+        iconStatusKrb5 = EXPIRED_TICKET;
+    }
+    else if (TICKETS_LOW == ticketinfo.Krb5.btickets ||
+             m_ticketStatusKrb5 == FIVE_MINUTES_LEFT ||
+             m_ticketStatusKrb5 == TEN_MINUTES_LEFT ||
+             m_ticketStatusKrb5 == FIFTEEN_MINUTES_LEFT)
+    {
+        ticketIconStatusKrb5 = LOW_CLOCK;
+        ticketIconStatus_SelectedKrb5 = LOW_CLOCK;
+        iconStatusKrb5 = LOW_TICKET;
+    }
+    else if ( CLeashApp::m_hKrb5DLL )
+    {
+        ticketIconStatusKrb5 = ACTIVE_CLOCK;
+        ticketIconStatus_SelectedKrb5 = ACTIVE_CLOCK;
+        iconStatusKrb5 = ACTIVE_TICKET;
+    } else
+    {
+        ticketIconStatusKrb5 = EXPIRED_CLOCK;
+        ticketIconStatus_SelectedKrb5 = EXPIRED_CLOCK;
+        iconStatusKrb5 = TICKET_NOT_INSTALLED;
+    }
+
+    int trayIcon = NONE_PARENT_NODE;
+    if (CLeashApp::m_hKrb5DLL && ticketinfo.Krb5.btickets) {
+        switch ( iconStatusKrb5 ) {
+        case ACTIVE_TICKET:
+            trayIcon = ACTIVE_PARENT_NODE;
+            break;
+        case LOW_TICKET:
+            trayIcon = LOW_PARENT_NODE;
+            break;
+        case EXPIRED_TICKET:
+            trayIcon = EXPIRED_PARENT_NODE;
+            break;
+        }
+    }
+    SetTrayIcon(NIM_MODIFY, trayIcon);
+
+    CCacheDisplayData* prevCCacheDisplay = m_ccacheDisplay;
+    m_ccacheDisplay = NULL;
+
+    const char *def_ccache_name = ticketinfo.Krb5.ccache_name;
+    TICKETINFO *principallist = NULL;
+    LeashKRB5ListAllTickets(&principallist);
+    int iItem = 0;
+    TicketList* tempList;
+    TICKETINFO *principal = principallist;
+    while (principal != NULL) {
+        CCacheDisplayData **pOldElem;
+        pOldElem = FindCCacheDisplayData(principal->ccache_name,
+                                         &prevCCacheDisplay);
+        if (pOldElem) {
+            // remove from old list
+            elem = *pOldElem;
+            *pOldElem = elem->m_next;
+            elem->m_next = NULL;
+        } else {
+            elem = new CCacheDisplayData(principal->ccache_name);
+        }
+        elem->m_isDefault = def_ccache_name &&
+                            (strcmp(def_ccache_name, elem->m_ccacheName) == 0);
+        elem->m_isRenewable = principal->renew_until != 0;
+
+        elem->m_next = m_ccacheDisplay;
+        m_ccacheDisplay = elem;
+        elem->m_index = iItem;
+
+        AddDisplayItem(list,
+                       elem,
+                       iItem++,
+                       principal->principal,
+                       principal->issued,
+                       principal->valid_until,
+                       principal->renew_until,
+                       "",
+                       principal->flags,
+                       principal->ccache_name);
+        if (elem->m_expanded) {
+            for (tempList = principal->ticket_list;
+                 tempList != NULL;
+                 tempList = tempList->next) {
+                AddDisplayItem(list,
+                               elem,
+                               iItem++,
+                               tempList->service,
+                               tempList->issued,
+                               tempList->valid_until,
+                               tempList->renew_until,
+                               tempList->encTypes,
+                               tempList->flags,
+                               principal->ccache_name);
+            }
+        }
+        if ((elem->m_focus >= 0) &&
+            (iItem > elem->m_index + elem->m_focus)) {
+            list.SetItemState(elem->m_index + elem->m_focus, LVIS_FOCUSED,
+                              LVIS_FOCUSED);
+        }
+        if (elem->m_selected)
+            list.SetItemState(elem->m_index, LVIS_SELECTED, LVIS_SELECTED);
+
+        principal = principal->next;
+    }
+
+    // create list item font data array
+    if (m_aListItemInfo != NULL)
+        delete[] m_aListItemInfo;
+    m_aListItemInfo = new ListItemInfo[iItem];
+    iItem = 0;
+    for (principal = principallist; principal != NULL;
+         principal = principal->next) {
+        //
+        HFONT font, durationFont;
+        elem = FindCCacheDisplayElem(m_ccacheDisplay, iItem);
+        if (elem != NULL && elem->m_isDefault) {
+            font = m_BoldFont;
+            durationFont = IsExpired(principal) ? m_BoldItalicFont : m_BoldFont;
+        } else {
+            font = m_BaseFont;
+            durationFont = IsExpired(principal) ? m_ItalicFont : m_BaseFont;
+        }
+        m_aListItemInfo[iItem].m_font = font;
+        m_aListItemInfo[iItem++].m_durationFont = durationFont;
+
+        if (IsExpanded(principal)) {
+            for (TicketList *ticket = principal->ticket_list;
+                 ticket != NULL; ticket = ticket->next) {
+                font = m_BaseFont;
+                durationFont = IsExpired(ticket) ? m_ItalicFont : m_BaseFont;
+                m_aListItemInfo[iItem].m_font = font;
+                m_aListItemInfo[iItem++].m_durationFont = durationFont;
+            }
+        }
+    }
+
+    // delete ccache items that no longer exist
+    while (prevCCacheDisplay != NULL) {
+        CCacheDisplayData *next = prevCCacheDisplay->m_next;
+        delete prevCCacheDisplay;
+        prevCCacheDisplay = next;
+    }
+
+    LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
+    LeashKRB5FreeTickets(&principallist);
+
+    ReleaseMutex(ticketinfo.lockObj);
+}
+
+VOID CLeashView::OnSynTime()
+{
+    LONG returnValue;
+    returnValue = pLeash_timesync(1);
+}
+
+VOID CLeashView::OnActivateView(BOOL bActivate, CView* pActivateView,
+                                CView* pDeactiveView)
+{
+    UINT check = NULL;
+
+    if (m_alreadyPlayed)
+    {
+        CListView::OnActivateView(bActivate, pActivateView, pDeactiveView);
+        return;
+    }
+
+    // The following code has put here because at the time
+    // 'checking and unchecking' a menuitem with the
+    // 'OnUpdate.....(CCmdUI* pCmdUI) functions' were unreliable
+    // in CLeashView -->> Better done in CMainFrame
+    if( CLeashApp::m_hProgram != 0 )
+    {
+        m_hMenu = ::GetMenu(CLeashApp::m_hProgram);
+    } else {
+        return;
+    }
+
+    if (m_hMenu) {
+        if (!m_largeIcons)
+            check = CheckMenuItem(m_hMenu, ID_LARGE_ICONS, MF_CHECKED);
+        else
+            check = CheckMenuItem(m_hMenu, ID_LARGE_ICONS, MF_UNCHECKED);
+
+        if( check != MF_CHECKED || check != MF_UNCHECKED )
+        {
+            m_debugStartUp = 1;
+        }
+
+        if (!m_destroyTicketsOnExit)
+            check = CheckMenuItem(m_hMenu, ID_KILL_TIX_ONEXIT, MF_UNCHECKED);
+        else
+            check = CheckMenuItem(m_hMenu, ID_KILL_TIX_ONEXIT, MF_CHECKED);
+
+        if (!m_upperCaseRealm)
+            check = CheckMenuItem(m_hMenu, ID_UPPERCASE_REALM, MF_UNCHECKED);
+        else
+            check = CheckMenuItem(m_hMenu, ID_UPPERCASE_REALM, MF_CHECKED);
+
+        for (int i=0; i<NUM_VIEW_COLUMNS; i++) {
+            ViewColumnInfo &info = sm_viewColumns[i];
+            if (info.m_id >= 0)
+                CheckMenuItem(m_hMenu, info.m_id,
+                              info.m_enabled ? MF_CHECKED : MF_UNCHECKED);
+        }
+
+        if (!m_lowTicketAlarm)
+            CheckMenuItem(m_hMenu, ID_LOW_TICKET_ALARM, MF_UNCHECKED);
+        else
+            CheckMenuItem(m_hMenu, ID_LOW_TICKET_ALARM, MF_CHECKED);
+
+        if (!m_autoRenewTickets)
+            CheckMenuItem(m_hMenu, ID_AUTO_RENEW, MF_UNCHECKED);
+        else
+            CheckMenuItem(m_hMenu, ID_AUTO_RENEW, MF_CHECKED);
+
+        m_debugWindow = m_pApp->GetProfileInt("Settings", "DebugWindow", 0);
+        if (!m_debugWindow)
+            check = CheckMenuItem(m_hMenu, ID_DEBUG_MODE, MF_UNCHECKED);
+        else
+            check = CheckMenuItem(m_hMenu, ID_DEBUG_MODE, MF_CHECKED);
+    }
+    m_lowTicketAlarmSound = !!m_lowTicketAlarm;
+    m_alreadyPlayed = TRUE;
+    if (m_pApp)
+    {
+        m_debugWindow = m_pApp->GetProfileInt("Settings", "DebugWindow", 0);
+
+        if (m_hMenu)
+        {
+            if (!m_debugWindow)
+            {
+                CheckMenuItem(m_hMenu, ID_DEBUG_MODE, MF_UNCHECKED);
+            }
+            else
+            {
+                CheckMenuItem(m_hMenu, ID_DEBUG_MODE, MF_CHECKED);
+            }
+        }
+    }
+    else
+    {
+        ApplicationInfoMissingMsg();
+    }
+
+    m_alreadyPlayed = TRUE;
+
+    if (m_debugStartUp)
+    {
+        OnDebugMode();
+    }
+
+    m_debugStartUp = FALSE;
+
+    CListView::OnActivateView(bActivate, pActivateView, pDeactiveView);
+}
+
+////@#+Is this KRB4 only?
+VOID CLeashView::OnDebugMode()
+{
+    if (!m_pDebugWindow)
+    {
+        AfxMessageBox("There is a problem with the Leash Debug Window!",
+                   MB_OK|MB_ICONSTOP);
+        return;
+    }
+
+
+    // Check all possible 'KRB' system variables, then delete debug file
+    CHAR*  Env[] = {"TEMP", "TMP", "HOME", NULL};
+    CHAR** pEnv = Env;
+    CHAR debugFilePath[MAX_PATH];
+    *debugFilePath = 0;
+
+    while (*pEnv)
+    {
+        CHAR* ptestenv = getenv(*pEnv);
+        if (ptestenv)
+        {
+            // reset debug file
+            strcpy(debugFilePath, ptestenv);
+            strcat(debugFilePath, "\\LshDebug.log");
+            remove(debugFilePath);
+            break;
+        }
+
+        pEnv++;
+    }
+
+    if (!m_debugStartUp)
+    {
+        if (m_debugWindow%2 == 0)
+            m_debugWindow = ON;
+        else
+            m_debugWindow = OFF;
+    }
+
+    if (!m_pApp)
+    {
+        ApplicationInfoMissingMsg();
+    }
+    else if (!m_debugWindow)
+    {
+        if (m_hMenu)
+            CheckMenuItem(m_hMenu, ID_DEBUG_MODE, MF_UNCHECKED);
+
+        m_pApp->WriteProfileInt("Settings", "DebugWindow", FALSE_FLAG);
+        m_pDebugWindow->DestroyWindow();
+        return;
+    }
+    else
+    {
+        if (m_hMenu)
+            CheckMenuItem(m_hMenu, ID_DEBUG_MODE, MF_CHECKED);
+
+        m_pApp->WriteProfileInt("Settings", "DebugWindow", TRUE_FLAG);
+    }
+
+    // Creates the Debug dialog if not created already
+    if (m_pDebugWindow->GetSafeHwnd() == 0)
+    { // displays the Debug Window
+        m_pDebugWindow->Create(debugFilePath);
+    }
+}
+
+void CLeashView::ToggleViewColumn(eViewColumn viewOption)
+{
+    if ((viewOption < 0) || (viewOption >= NUM_VIEW_COLUMNS)) {
+        //LeashWarn("ToggleViewColumn(): invalid view option index %i", viewOption);
+        return;
+    }
+    ViewColumnInfo &info = sm_viewColumns[viewOption];
+    info.m_enabled = !info.m_enabled;
+    if (m_pApp)
+        m_pApp->WriteProfileInt("Settings", info.m_name, info.m_enabled);
+    // Don't update display immediately; wait for next idle so our
+    // checkbox controls will be more responsive
+    CLeashApp::m_bUpdateDisplay = TRUE;
+}
+
+VOID CLeashView::OnRenewableUntil()
+{
+    ToggleViewColumn(RENEWABLE_UNTIL);
+}
+
+VOID CLeashView::OnUpdateRenewableUntil(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(sm_viewColumns[RENEWABLE_UNTIL].m_enabled);
+}
+
+VOID CLeashView::OnShowTicketFlags()
+{
+    ToggleViewColumn(TICKET_FLAGS);
+}
+
+VOID CLeashView::OnUpdateShowTicketFlags(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(sm_viewColumns[TICKET_FLAGS].m_enabled);
+}
+
+VOID CLeashView::OnTimeIssued()
+{
+    ToggleViewColumn(TIME_ISSUED);
+}
+
+VOID CLeashView::OnUpdateTimeIssued(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(sm_viewColumns[TIME_ISSUED].m_enabled);
+}
+
+VOID CLeashView::OnValidUntil()
+{
+    ToggleViewColumn(VALID_UNTIL);
+}
+
+VOID CLeashView::OnUpdateValidUntil(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(sm_viewColumns[VALID_UNTIL].m_enabled);
+}
+
+VOID CLeashView::OnEncryptionType()
+{
+    ToggleViewColumn(ENCRYPTION_TYPE);
+}
+
+VOID CLeashView::OnUpdateEncryptionType(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(sm_viewColumns[ENCRYPTION_TYPE].m_enabled);
+}
+
+VOID CLeashView::OnCcacheName()
+{
+    ToggleViewColumn(CACHE_NAME);
+}
+
+VOID CLeashView::OnUpdateCcacheName(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(sm_viewColumns[CACHE_NAME].m_enabled);
+}
+
+VOID CLeashView::OnLargeIcons()
+{
+    INT x, y, n;
+
+    if (change_icon_size)
+    {
+        if (m_largeIcons%2 == 0)
+            m_largeIcons = ON;
+        else
+            m_largeIcons = OFF;
+    }
+    else
+    {
+        if (m_largeIcons%2 == 0)
+            m_largeIcons = OFF;
+        else
+            m_largeIcons = ON;
+    }
+
+    x = y = SMALL_ICONS;
+
+    if (!m_pApp)
+        ApplicationInfoMissingMsg();
+    else
+    {
+        if (!m_largeIcons)
+        {
+            if (m_hMenu)
+                CheckMenuItem(m_hMenu, ID_LARGE_ICONS, MF_CHECKED);
+
+            x = y = LARGE_ICONS;
+
+	    if (!m_startup)
+	    {
+                m_pApp->WriteProfileInt("Settings", "LargeIcons", TRUE_FLAG);
+	    }
+        }
+        else
+        {
+            if (m_hMenu)
+                CheckMenuItem(m_hMenu, ID_LARGE_ICONS, MF_UNCHECKED);
+
+            x = y = SMALL_ICONS;
+
+            if (!m_startup)
+            {
+                m_pApp->WriteProfileInt("Settings", "LargeIcons", FALSE_FLAG);
+            }
+        }
+    }
+
+    HICON hIcon[IMAGE_COUNT];
+    for (n = 0; n < IMAGE_COUNT; n++)
+    {
+        hIcon[n] = NULL;
+    }
+
+    m_imageList.DeleteImageList( );
+
+    UINT bitsPerPixel = GetDeviceCaps( ::GetDC(::GetDesktopWindow()), BITSPIXEL);
+    UINT ilcColor;
+    if ( bitsPerPixel >= 32 )
+        ilcColor = ILC_COLOR32;
+    else if ( bitsPerPixel >= 24 )
+        ilcColor = ILC_COLOR24;
+    else if ( bitsPerPixel >= 16 )
+        ilcColor = ILC_COLOR16;
+    else if ( bitsPerPixel >= 8 )
+        ilcColor = ILC_COLOR8;
+    else
+        ilcColor = ILC_COLOR;
+    m_imageList.Create(x, y, ilcColor | ILC_MASK, IMAGE_COUNT, 1);
+    m_imageList.SetBkColor(GetSysColor(COLOR_WINDOW));
+
+    hIcon[ACTIVE_TRAY_ICON] = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_GOOD);
+    hIcon[LOW_TRAY_ICON] = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_LOW);
+    hIcon[EXPIRED_TRAY_ICON] = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_EXPIRED);
+    hIcon[NONE_TRAY_ICON]  = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_NONE);
+    hIcon[ACTIVE_PARENT_NODE] = AfxGetApp()->LoadIcon(IDI_LEASH_PRINCIPAL_GOOD);
+    hIcon[LOW_PARENT_NODE] = AfxGetApp()->LoadIcon(IDI_LEASH_PRINCIPAL_LOW);
+    hIcon[EXPIRED_PARENT_NODE] = AfxGetApp()->LoadIcon(IDI_LEASH_PRINCIPAL_EXPIRED);
+    hIcon[NONE_PARENT_NODE]  = AfxGetApp()->LoadIcon(IDI_LEASH_PRINCIPAL_NONE);
+    hIcon[ACTIVE_TICKET] = AfxGetApp()->LoadIcon(IDI_TICKETTYPE_GOOD);
+    hIcon[LOW_TICKET] = AfxGetApp()->LoadIcon(IDI_TICKETTYPE_LOW);
+    hIcon[EXPIRED_TICKET] = AfxGetApp()->LoadIcon(IDI_TICKETTYPE_EXPIRED);
+    hIcon[TICKET_NOT_INSTALLED] = AfxGetApp()->LoadIcon(IDI_TICKETTYPE_NOTINSTALLED);
+    hIcon[ACTIVE_CLOCK] = AfxGetApp()->LoadIcon(IDI_TICKET_GOOD);
+    hIcon[LOW_CLOCK] = AfxGetApp()->LoadIcon(IDI_TICKET_LOW);
+    hIcon[EXPIRED_CLOCK] = AfxGetApp()->LoadIcon(IDI_TICKET_EXPIRED);
+    hIcon[TKT_ADDRESS] = AfxGetApp()->LoadIcon(IDI_LEASH_TICKET_ADDRESS);
+    hIcon[TKT_SESSION] = AfxGetApp()->LoadIcon(IDI_LEASH_TICKET_SESSION);
+    hIcon[TKT_ENCRYPTION] = AfxGetApp()->LoadIcon(IDI_LEASH_TICKET_ENCRYPTION);
+
+    for (n = 0; n < IMAGE_COUNT; n++)
+    {
+        if ( !hIcon[n] ) {
+            AfxMessageBox("Can't find one or more images in the Leash Ticket Tree!",
+                        MB_OK|MB_ICONSTOP);
+            return;
+        }
+        m_imageList.Add(hIcon[n]);
+    }
+
+    if (!m_startup)
+        SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+}
+
+VOID CLeashView::OnKillTixOnExit()
+{
+    m_destroyTicketsOnExit = !m_destroyTicketsOnExit;
+
+    if (m_pApp)
+        m_pApp->WriteProfileInt("Settings", "DestroyTicketsOnExit",
+                                m_destroyTicketsOnExit);
+}
+
+VOID CLeashView::OnUpdateKillTixOnExit(CCmdUI *pCmdUI)
+{
+    pCmdUI->SetCheck(m_destroyTicketsOnExit);
+}
+
+VOID CLeashView::OnUppercaseRealm()
+{
+    m_upperCaseRealm = !m_upperCaseRealm;
+
+    pLeash_set_default_uppercaserealm(m_upperCaseRealm);
+}
+
+VOID CLeashView::OnUpdateUppercaseRealm(CCmdUI *pCmdUI)
+{
+    // description is now 'allow mixed case', so reverse logic
+    pCmdUI->SetCheck(!m_upperCaseRealm);
+}
+
+VOID CLeashView::ResetTreeNodes()
+{
+    m_hPrincipalState = 0;
+    m_hKerb5State = 0;
+}
+
+VOID CLeashView::OnDestroy()
+{
+    CCacheDisplayData *elem;
+    SetTrayIcon(NIM_DELETE);
+
+    if (m_destroyTicketsOnExit) {
+        elem = m_ccacheDisplay;
+        while (elem != NULL) {
+            kdestroy(elem->m_ccacheName);
+            elem = elem->m_next;
+        }
+    }
+    CListView::OnDestroy();
+}
+
+VOID CLeashView::OnUpdateDestroyTicket(CCmdUI* pCmdUI)
+{
+    // @TODO: mutex
+    BOOL enable = FALSE;
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem != NULL) {
+        if (elem->m_selected) {
+            enable = TRUE;
+            break;
+        }
+        elem = elem->m_next;
+    }
+
+    pCmdUI->Enable(enable);
+}
+
+VOID CLeashView::OnUpdateInitTicket(CCmdUI* pCmdUI)
+{
+  if (!CLeashApp::m_hKrb5DLL)
+        pCmdUI->Enable(FALSE);
+    else
+        pCmdUI->Enable(TRUE);
+}
+
+VOID CLeashView::OnUpdateRenewTicket(CCmdUI* pCmdUI)
+{
+    // @TODO: mutex
+    BOOL enable = FALSE;
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem != NULL) {
+        if (elem->m_selected) { // @TODO: && elem->m_renewable
+            enable = TRUE;
+            break;
+        }
+        elem = elem->m_next;
+    }
+
+    pCmdUI->Enable(enable);
+}
+
+LRESULT CLeashView::OnGoodbye(WPARAM wParam, LPARAM lParam)
+{
+    m_pDebugWindow->DestroyWindow();
+    return 0L;
+}
+
+VOID CLeashView::OnLeashRestore()
+{
+    if ( CMainFrame::m_isMinimum ) {
+        CMainFrame * frame = (CMainFrame *)GetParentFrame();
+        frame->ShowTaskBarButton(TRUE);
+        frame->ShowWindow(SW_SHOWNORMAL);
+    }
+}
+
+VOID CLeashView::OnLeashMinimize()
+{
+    if ( !CMainFrame::m_isMinimum ) {
+        CMainFrame * frame = (CMainFrame *)GetParentFrame();
+        // frame->ShowTaskBarButton(FALSE);
+        frame->ShowWindow(SW_HIDE);
+        frame->ShowWindow(SW_MINIMIZE);
+    }
+}
+
+LRESULT CLeashView::OnTrayIcon(WPARAM wParam, LPARAM lParam)
+{
+    switch ( lParam ) {
+    case WM_LBUTTONDOWN:
+        if ( CMainFrame::m_isMinimum )
+            OnLeashRestore();
+        else
+            OnLeashMinimize();
+        break;
+    case WM_RBUTTONDOWN:
+        {
+            int nFlags;
+            CMenu * menu = new CMenu();
+            menu->CreatePopupMenu();
+            if ( !CMainFrame::m_isMinimum )
+                menu->AppendMenu(MF_STRING, ID_LEASH_MINIMIZE, "&Close MIT Kerberos Window");
+            else
+                menu->AppendMenu(MF_STRING, ID_LEASH_RESTORE, "&Open MIT Kerberos Window");
+            menu->AppendMenu(MF_SEPARATOR);
+            menu->AppendMenu(MF_STRING, ID_INIT_TICKET, "&Get Tickets");
+            if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0)
+                throw("Unable to lock ticketinfo");
+            if (!ticketinfo.Krb5.btickets ||
+		!CLeashApp::m_hKrb5DLL)
+                nFlags = MF_STRING | MF_GRAYED;
+            else
+                nFlags = MF_STRING;
+            menu->AppendMenu(nFlags, ID_RENEW_TICKET, "&Renew Tickets");
+            if (!ticketinfo.Krb5.btickets)
+                nFlags = MF_STRING | MF_GRAYED;
+            else
+                nFlags = MF_STRING;
+            ReleaseMutex(ticketinfo.lockObj);
+            menu->AppendMenu(MF_STRING, ID_DESTROY_TICKET, "&Destroy Tickets");
+            menu->AppendMenu(MF_STRING, ID_CHANGE_PASSWORD, "&Change Password");
+
+            menu->AppendMenu(MF_SEPARATOR);
+            if ( m_autoRenewTickets )
+                nFlags = MF_STRING | MF_CHECKED;
+            else
+                nFlags = MF_STRING | MF_UNCHECKED;
+            menu->AppendMenu(nFlags, ID_AUTO_RENEW, "&Automatic Ticket Renewal");
+            if ( m_lowTicketAlarm )
+                nFlags = MF_STRING | MF_CHECKED;
+            else
+                nFlags = MF_STRING | MF_UNCHECKED;
+            menu->AppendMenu(nFlags, ID_LOW_TICKET_ALARM, "&Expiration Alarm");
+            menu->AppendMenu(MF_SEPARATOR);
+            menu->AppendMenu(MF_STRING, ID_APP_EXIT, "E&xit");
+            menu->SetDefaultItem(ID_LEASH_RESTORE);
+
+            POINT pt;
+            GetCursorPos(&pt);
+
+	    SetForegroundWindow();
+            menu->TrackPopupMenu(TPM_RIGHTALIGN | TPM_RIGHTBUTTON,
+                                pt.x, pt.y, GetParentFrame());
+	    PostMessage(WM_NULL, 0, 0);
+            menu->DestroyMenu();
+            delete menu;
+        }
+        break;
+    case WM_MOUSEMOVE:
+        // SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+        break;
+    }
+    return 0L;
+}
+
+VOID CLeashView::OnAppAbout()
+{
+    CLeashAboutBox leashAboutBox;
+    // To debug loaded dlls:
+    // leashAboutBox.m_bListModules = TRUE;
+    leashAboutBox.DoModal();
+}
+
+
+VOID CLeashView::OnInitialUpdate()
+{
+    CListView::OnInitialUpdate();
+    CLeashApp::m_hProgram = ::FindWindow(_T("LEASH.0WNDCLASS"), NULL);
+    EnableToolTips();
+}
+
+VOID CLeashView::OnItemexpandedTreeview(NMHDR* pNMHDR, LRESULT* pResult)
+{
+    NM_TREEVIEW* pNMTreeView = (NM_TREEVIEW*)pNMHDR;
+
+    if (m_hPrincipal == pNMTreeView->itemNew.hItem)
+        m_hPrincipalState = pNMTreeView->action;
+    else if (m_hKerb5 == pNMTreeView->itemNew.hItem)
+        m_hKerb5State = pNMTreeView->action;
+
+    CMainFrame::m_isBeingResized = TRUE;
+    *pResult = 0;
+}
+
+VOID CLeashView::OnUpdateDebugMode(CCmdUI* pCmdUI)
+{
+        pCmdUI->Enable(FALSE);
+}
+
+VOID CLeashView::OnUpdateCfgFiles(CCmdUI* pCmdUI)
+{
+        pCmdUI->Enable(FALSE);
+}
+
+/*
+void CLeashView::GetRowWidthHeight(CDC* pDC, LPCSTR theString, int& nRowWidth,
+                                   int& nRowHeight, int& nCharWidth)
+{
+    TEXTMETRIC tm;
+
+    //CEx29aDoc* pDoc = GetDocument();
+	pDC->GetTextMetrics(&tm);
+    nCharWidth = tm.tmAveCharWidth + 1;
+    nRowWidth = strlen(theString);
+
+    //int nFields = theString.GetLength();
+
+    //for(int i = 0; i < nFields; i++)
+    //{
+	//    nRowWidth += nCharWidth;
+	//}
+
+    nRowWidth *= nCharWidth;
+    nRowHeight = tm.tmHeight;
+}
+*/
+
+void CLeashView::SetTrayText(int nim, CString tip)
+{
+    if ( (nim == NIM_MODIFY) && (m_bIconDeleted) )
+        return;
+    if ( (nim == NIM_MODIFY) && (!m_bIconAdded) )
+        nim = NIM_ADD;
+
+    if ( (nim != NIM_DELETE) || IsWindow(m_hWnd) )
+    {
+        NOTIFYICONDATA nid;
+        memset (&nid, 0x00, sizeof(NOTIFYICONDATA));
+        nid.cbSize = sizeof(NOTIFYICONDATA);
+        nid.hWnd = m_hWnd;
+        nid.uID = 0;
+        nid.uFlags = NIF_MESSAGE | NIF_TIP;
+        nid.uCallbackMessage = WM_TRAYICON;
+        strncpy(nid.szTip, (LPCTSTR) tip, sizeof(nid.szTip));
+        nid.szTip[sizeof(nid.szTip)-1] = '\0';
+        Shell_NotifyIcon (nim, &nid);
+    }
+
+    if ( nim == NIM_ADD )
+        m_bIconAdded = TRUE;
+    if ( nim == NIM_DELETE )
+        m_bIconDeleted = TRUE;
+}
+
+void CLeashView::SetTrayIcon(int nim, int state)
+{
+    static HICON hIcon[IMAGE_COUNT];
+    static BOOL bIconInit = FALSE;
+
+    if ( (nim == NIM_MODIFY) && (m_bIconDeleted) )
+        return;
+    if ( (nim == NIM_MODIFY) && (!m_bIconAdded) )
+        nim = NIM_ADD;
+
+    if ( (nim != NIM_DELETE) || IsWindow(m_hWnd) )
+    {
+        if ( !bIconInit ) {
+            // The state is reported as the parent node value although
+            // we want to use the Tray Version of the icons
+            hIcon[ACTIVE_PARENT_NODE] = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_GOOD);
+            hIcon[LOW_PARENT_NODE] = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_LOW);
+            hIcon[EXPIRED_PARENT_NODE] = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_EXPIRED);
+            hIcon[NONE_PARENT_NODE]  = AfxGetApp()->LoadIcon(IDI_LEASH_TRAY_NONE);
+            bIconInit = TRUE;
+        }
+
+        NOTIFYICONDATA nid;
+        memset (&nid, 0x00, sizeof(NOTIFYICONDATA));
+        nid.cbSize = sizeof(NOTIFYICONDATA);
+        nid.hWnd = m_hWnd;
+        nid.uID = 0;
+        nid.uFlags = NIF_ICON | NIF_MESSAGE | NIF_TIP;
+        nid.uCallbackMessage = WM_TRAYICON;
+        nid.hIcon = hIcon[state];
+        Shell_NotifyIcon (nim, &nid);
+    }
+
+    if ( nim == NIM_ADD )
+        m_bIconAdded = TRUE;
+    if ( nim == NIM_DELETE )
+        m_bIconDeleted = TRUE;
+}
+
+BOOL CLeashView::PostWarningMessage(const CString& message)
+{
+    if (m_pWarningMessage)
+    {
+        return FALSE; // can't post more than one warning at a time
+    }
+    m_pWarningMessage = new CString(message);
+    PostMessage(WM_WARNINGPOPUP);
+    return TRUE;
+}
+
+LRESULT CLeashView::OnWarningPopup(WPARAM wParam, LPARAM lParam)
+{
+    CLeashMessageBox leashMessageBox(CMainFrame::m_isMinimum ? GetDesktopWindow() : NULL,
+                                        *m_pWarningMessage, 100000);
+    leashMessageBox.DoModal();
+    delete m_pWarningMessage;
+    m_pWarningMessage = NULL;
+    return 0L;
+}
+
+BOOL CLeashView::PreTranslateMessage(MSG* pMsg)
+{
+	if ( pMsg->message == ID_OBTAIN_TGT_WITH_LPARAM )
+	{
+		OutputDebugString("Obtain TGT with LParam\n");
+	}
+
+    if ( pMsg->message == WM_TIMER ) {
+        try {
+        if (InterlockedDecrement(&m_timerMsgNotInProgress) == 0) {
+
+            CString ticketStatusKrb5 = TCHAR(NOT_INSTALLED);
+            CString strTimeDate;
+            CString lowTicketWarningKrb5;
+
+          timer_start:
+            if (WaitForSingleObject( ticketinfo.lockObj, 100 ) != WAIT_OBJECT_0)
+                throw("Unable to lock ticketinfo");
+            if (CLeashApp::m_hKrb5DLL)
+            {
+                // KRB5
+                UpdateTicketTime(ticketinfo.Krb5);
+
+                if (!ticketinfo.Krb5.btickets)
+                {
+                    ticketStatusKrb5 = "Kerb-5: No Tickets";
+                }
+                else if (EXPIRED_TICKETS == ticketinfo.Krb5.btickets)
+                {
+                    ticketStatusKrb5 = "Kerb-5: Expired Ticket(s)";
+                    m_ticketTimeLeft = 0;
+                    lowTicketWarningKrb5 = "Your Kerberos Five ticket(s) have expired";
+                    if (!m_warningOfTicketTimeLeftLockKrb5)
+                        m_warningOfTicketTimeLeftKrb5 = 0;
+                    m_warningOfTicketTimeLeftLockKrb5 = ZERO_MINUTES_LEFT;
+                }
+                else
+                {
+                    m_ticketStatusKrb5 = GetLowTicketStatus(5);
+                    switch (m_ticketStatusKrb5)
+                    {
+                    case TWENTY_MINUTES_LEFT:
+                        break;
+                    case FIFTEEN_MINUTES_LEFT:
+                        ticketinfo.Krb5.btickets = TICKETS_LOW;
+                        lowTicketWarningKrb5 = "Less then 15 minutes left on your Kerberos Five ticket(s)";
+                        break;
+                    case TEN_MINUTES_LEFT:
+                        ticketinfo.Krb5.btickets = TICKETS_LOW;
+                        lowTicketWarningKrb5 = "Less then 10 minutes left on your Kerberos Five ticket(s)";
+                        if (!m_warningOfTicketTimeLeftLockKrb5)
+                            m_warningOfTicketTimeLeftKrb5 = 0;
+                        m_warningOfTicketTimeLeftLockKrb5 = TEN_MINUTES_LEFT;
+                        break;
+                    case FIVE_MINUTES_LEFT:
+                        ticketinfo.Krb5.btickets = TICKETS_LOW;
+                        if (m_warningOfTicketTimeLeftLockKrb5 == TEN_MINUTES_LEFT)
+                            m_warningOfTicketTimeLeftKrb5 = 0;
+                        m_warningOfTicketTimeLeftLockKrb5 = FIVE_MINUTES_LEFT;
+                        lowTicketWarningKrb5 = "Less then 5 minutes left on your Kerberos Five ticket(s)";
+                        break;
+                    default:
+                        m_ticketStatusKrb5 = 0;
+                        break;
+                    }
+                }
+
+                if (CMainFrame::m_isMinimum)
+                {
+                    // minimized display
+                    ticketStatusKrb5.Format("Kerb-5: %02d:%02d Left",
+                                             (m_ticketTimeLeft / 60L / 60L),
+                                             (m_ticketTimeLeft / 60L % 60L));
+                }
+                else
+                {
+                    // normal display
+                    if (GOOD_TICKETS == ticketinfo.Krb5.btickets || TICKETS_LOW == ticketinfo.Krb5.btickets)
+                    {
+                        if ( m_ticketTimeLeft >= 60 ) {
+                            ticketStatusKrb5.Format("Kerb-5 Ticket Life: %02d:%02d",
+                                                     (m_ticketTimeLeft / 60L / 60L),
+                                                     (m_ticketTimeLeft / 60L % 60L));
+                        } else {
+                            ticketStatusKrb5.Format("Kerb-5 Ticket Life: < 1 min");
+                        }
+                    }
+#ifndef NO_STATUS_BAR
+                    if (CMainFrame::m_wndStatusBar)
+                    {
+                        CMainFrame::m_wndStatusBar.SetPaneInfo(1, 111112, SBPS_NORMAL, 130);
+                        CMainFrame::m_wndStatusBar.SetPaneText(1, ticketStatusKrb5, SBT_POPOUT);
+                    }
+#endif
+                }
+            }
+            else
+            {
+                // not installed
+                ticketStatusKrb5.Format("Kerb-5: Not Available");
+#ifndef NO_STATUS_BAR
+                if (CMainFrame::m_wndStatusBar)
+                {
+                    CMainFrame::m_wndStatusBar.SetPaneInfo(1, 111112, SBPS_NORMAL, 130);
+                    CMainFrame::m_wndStatusBar.SetPaneText(1, ticketStatusKrb5, SBT_POPOUT);
+                }
+#endif
+            }
+            //KRB5
+
+            if ( m_ticketStatusKrb5 == TWENTY_MINUTES_LEFT &&
+                 m_autoRenewTickets && !m_autoRenewalAttempted && ticketinfo.Krb5.renew_until &&
+                 (ticketinfo.Krb5.renew_until - LeashTime() > 20 * 60))
+            {
+                m_autoRenewalAttempted = 1;
+                ReleaseMutex(ticketinfo.lockObj);
+                AfxBeginThread(RenewTicket,m_hWnd);
+                goto timer_start;
+            }
+
+            BOOL warningKrb5 = m_ticketStatusKrb5 > NO_TICKETS &&
+                m_ticketStatusKrb5 < TWENTY_MINUTES_LEFT &&
+                    !m_warningOfTicketTimeLeftKrb5;
+
+            // Play warning message only once per each case statement above
+            if (warningKrb5)
+            {
+
+                CString lowTicketWarning = "";
+                int warnings = 0;
+
+                if (warningKrb5) {
+                    lowTicketWarning += lowTicketWarningKrb5;
+                    m_warningOfTicketTimeLeftKrb5 = ON;
+                    warnings++;
+                }
+
+                ReleaseMutex(ticketinfo.lockObj);
+                AlarmBeep();
+                PostWarningMessage(lowTicketWarning);
+                if (WaitForSingleObject( ticketinfo.lockObj, 100 ) != WAIT_OBJECT_0)
+                    throw("Unable to lock ticketinfo");
+            }
+
+            CTime tTimeDate = CTime::GetCurrentTime();
+
+            if (CMainFrame::m_isMinimum)
+            {
+	      strTimeDate = ( "MIT Kerberos - "
+			      "[" + ticketStatusKrb5 + "] - " +
+			      "[" + ticketinfo.Krb5.principal + "]" + " - " +
+			      tTimeDate.Format("%A, %B %d, %Y  %H:%M "));
+            }
+            else
+            {
+                strTimeDate = ("MIT Kerberos - " +
+                                tTimeDate.Format("%A, %B %d, %Y  %H:%M ")
+                                //timeDate.Format("%d %b %y %H:%M:%S - ")
+                                );
+            }
+            ::SetWindowText(CLeashApp::m_hProgram, strTimeDate);
+
+            if (CLeashApp::m_hKrb5DLL) {
+                if ( ticketinfo.Krb5.btickets )
+                    strTimeDate = ( "MIT Kerberos: "
+                                    "[" + ticketStatusKrb5 + "]" +
+                                    " - [" + ticketinfo.Krb5.principal + "]");
+                else
+                    strTimeDate = "MIT Kerberos: No Tickets";
+            }
+            ReleaseMutex(ticketinfo.lockObj);
+
+            SetTrayText(NIM_MODIFY, strTimeDate);
+
+            m_updateDisplayCount++;
+            m_alreadyPlayedDisplayCount++;
+        }
+        } catch (...) {
+        }
+        InterlockedIncrement(&m_timerMsgNotInProgress);
+    }  // WM_TIMER
+
+
+    if (UPDATE_DISPLAY_TIME == m_updateDisplayCount)
+    {
+        m_updateDisplayCount = 0;
+        SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+    }
+
+    if (m_alreadyPlayedDisplayCount > 2)
+    {
+        m_alreadyPlayedDisplayCount = 0;
+        m_alreadyPlayed = FALSE;
+    }
+
+    if (CMainFrame::m_isBeingResized)
+    {
+        m_startup = FALSE;
+
+        UpdateWindow();
+
+        CMainFrame::m_isBeingResized = FALSE;
+    }
+
+	if (::IsWindow(pMsg->hwnd))
+		return CListView::PreTranslateMessage(pMsg);
+	else
+		return FALSE;
+}
+
+VOID CLeashView::OnLowTicketAlarm()
+{
+    m_lowTicketAlarm = !m_lowTicketAlarm;
+
+    if (m_pApp)
+        m_pApp->WriteProfileInt("Settings", "LowTicketAlarm", m_lowTicketAlarm);
+}
+
+VOID CLeashView::OnUpdateLowTicketAlarm(CCmdUI* pCmdUI)
+{
+    pCmdUI->SetCheck(m_lowTicketAlarm);
+}
+
+VOID CLeashView::OnAutoRenew()
+{
+    m_autoRenewTickets = !m_autoRenewTickets;
+
+    if (m_pApp)
+        m_pApp->WriteProfileInt("Settings", "AutoRenewTickets", m_autoRenewTickets);
+
+    m_autoRenewalAttempted = 0;
+}
+
+VOID CLeashView::OnUpdateAutoRenew(CCmdUI* pCmdUI)
+{
+    pCmdUI->SetCheck(m_autoRenewTickets);
+}
+
+VOID CLeashView::OnUpdateMakeDefault(CCmdUI* pCmdUI)
+{
+    // enable if exactly one principal is selected and that principal is not
+    // the default principal
+    BOOL enable = FALSE;
+    CCacheDisplayData *elem = m_ccacheDisplay;
+    while (elem != NULL) {
+        if (elem->m_selected) {
+            if (enable) {
+                // multiple selection; disable button
+                enable = FALSE;
+                break;
+            }
+            if (elem->m_isDefault)
+                break;
+
+            enable = TRUE;
+        }
+        elem = elem->m_next;
+    }
+    pCmdUI->Enable(enable);
+}
+
+VOID CLeashView::AlarmBeep()
+{
+	if (m_lowTicketAlarmSound)
+	{
+		::Beep(2000, 200);
+		::Beep(200, 200);
+		::Beep(700, 200);
+	}
+}
+
+VOID CLeashView::OnUpdateProperties(CCmdUI* pCmdUI)
+{
+    if (CLeashApp::m_hKrb5DLL)
+        pCmdUI->Enable();
+    else
+        pCmdUI->Enable(FALSE);
+}
+
+void CLeashView::OnHelpLeash32()
+{
+#ifdef CALL_HTMLHELP
+	AfxGetApp()->HtmlHelp(HID_LEASH_PROGRAM);
+#else
+    AfxGetApp()->WinHelp(HID_LEASH_PROGRAM);
+#endif
+}
+
+void CLeashView::OnHelpKerberos()
+{
+#ifdef CALL_HTMLHELP
+    AfxGetApp()->HtmlHelp(HID_ABOUT_KERBEROS);
+#else
+    AfxGetApp()->WinHelp(HID_ABOUT_KERBEROS);
+#endif
+}
+
+void CLeashView::OnHelpWhyuseleash32()
+{
+#ifdef CALL_HTMLHELP
+    AfxGetApp()->HtmlHelp(HID_WHY_USE_LEASH32);
+#else
+    AfxGetApp()->WinHelp(HID_WHY_USE_LEASH32);
+#endif
+}
+
+void CLeashView::OnSysColorChange()
+{
+    change_icon_size = FALSE;
+    CWnd::OnSysColorChange();
+    OnLargeIcons();
+    m_imageList.SetBkColor(GetSysColor(COLOR_WINDOW));
+    change_icon_size = TRUE;
+}
+
+
+LRESULT
+CLeashView::OnObtainTGTWithParam(WPARAM wParam, LPARAM lParam)
+{
+    LRESULT res = 0;
+    char *param = 0;
+    LSH_DLGINFO_EX ldi;
+    ldi.size = sizeof(ldi);
+    ldi.dlgtype = DLGTYPE_PASSWD;
+    ldi.use_defaults = 1;
+    ldi.title = ldi.in.title;
+    ldi.username = ldi.in.username;
+    ldi.realm = ldi.in.realm;
+
+    if (lParam)
+        param = (char *) MapViewOfFile((HANDLE)lParam,
+                                       FILE_MAP_ALL_ACCESS,
+                                       0,
+                                       0,
+                                       4096);
+
+    if ( param ) {
+        if ( *param )
+            strcpy_s(ldi.in.title,param);
+        param += strlen(param) + 1;
+        if ( *param )
+            strcpy_s(ldi.in.username,param);
+        param += strlen(param) + 1;
+        if ( *param )
+            strcpy_s(ldi.in.realm,param);
+        param += strlen(param) + 1;
+	if ( *param )
+	    strcpy_s(ldi.in.ccache,param);
+    } else {
+        strcpy_s(ldi.in.title, "MIT Kerberos: Get Ticket");
+    }
+
+    if (strlen(ldi.username) > 0 && strlen(ldi.realm) > 0)
+        ldi.dlgtype |= DLGFLAG_READONLYPRINC;
+
+    res = pLeash_kinit_dlg_ex(m_hWnd, &ldi);
+    if (param)
+        UnmapViewOfFile(param);
+    if (lParam)
+        CloseHandle((HANDLE )lParam);
+    ::SendMessage(m_hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
+    return res;
+}
+
+
+// Find the CCacheDisplayData corresponding to the specified item, if it exists
+static CCacheDisplayData *
+FindCCacheDisplayData(int item, CCacheDisplayData *elem)
+{
+    while (elem != NULL) {
+        if (elem->m_index == item)
+            break;
+        elem = elem->m_next;
+    }
+    return elem;
+}
+
+
+void CLeashView::OnLvnItemActivate(NMHDR *pNMHDR, LRESULT *pResult)
+{
+    LPNMITEMACTIVATE pNMIA = reinterpret_cast<LPNMITEMACTIVATE>(pNMHDR);
+    // TODO: Add your control notification handler code here
+    CCacheDisplayData *elem = FindCCacheDisplayData(pNMIA->iItem,
+                                                    m_ccacheDisplay);
+    if (elem != NULL) {
+        elem->m_expanded = !elem->m_expanded;
+        OnUpdateDisplay();
+    }
+    *pResult = 0;
+}
+
+
+void CLeashView::OnLvnKeydown(NMHDR *pNMHDR, LRESULT *pResult)
+{
+    LPNMLVKEYDOWN pLVKeyDow = reinterpret_cast<LPNMLVKEYDOWN>(pNMHDR);
+    int expand = -1; // -1 = unchanged; 0 = collapse; 1 = expand
+    switch (pLVKeyDow->wVKey) {
+    case VK_RIGHT:
+        // expand focus item
+        expand = 1;
+        break;
+    case VK_LEFT:
+        // collapse focus item
+        expand = 0;
+        break;
+    default:
+        break;
+    }
+    if (expand >= 0) {
+        int focusedItem = GetListCtrl().GetNextItem(-1, LVNI_FOCUSED);
+        if (focusedItem >= 0) {
+            CCacheDisplayData *elem = FindCCacheDisplayData(focusedItem,
+                                                            m_ccacheDisplay);
+            if (elem != NULL) {
+                if (elem->m_expanded != expand) {
+                    elem->m_expanded = expand;
+                    OnUpdateDisplay();
+                }
+            }
+        }
+    }
+    *pResult = 0;
+}
+
+void CLeashView::OnLvnItemchanging(NMHDR *pNMHDR, LRESULT *pResult)
+{
+    CCacheDisplayData *elem;
+    LRESULT result = 0;
+    LPNMLISTVIEW pNMLV = reinterpret_cast<LPNMLISTVIEW>(pNMHDR);
+    // TODO: Add your control notification handler code here
+    if ((pNMLV->uNewState ^ pNMLV->uOldState) & LVIS_SELECTED) {
+        // selection state changing
+        elem = FindCCacheDisplayData(pNMLV->iItem, m_ccacheDisplay);
+        if (elem == NULL) {
+            // this is an individual ticket, not a cache, so prevent selection
+            if (pNMLV->uNewState & LVIS_SELECTED) {
+                unsigned int newState =  pNMLV->uNewState & ~LVIS_SELECTED;
+                result = 1; // suppress changes
+                if (newState != pNMLV->uOldState) {
+                    // but need to make other remaining changes still
+                    GetListCtrl().SetItemState(pNMLV->iItem, newState,
+                                               newState ^ pNMLV->uOldState);
+                }
+            }
+        } else {
+            elem->m_selected = (pNMLV->uNewState & LVIS_SELECTED) ? 1 : 0;
+        }
+    }
+    *pResult = result;
+}
+
+HFONT CLeashView::GetSubItemFont(int iItem, int iSubItem)
+{
+    HFONT retval = m_BaseFont;
+    int iColumn, columnSubItem = 0;
+
+    // Translate subitem to column index
+    for (iColumn = 0; iColumn < NUM_VIEW_COLUMNS; iColumn++) {
+        if (sm_viewColumns[iColumn].m_enabled) {
+            if (columnSubItem == iSubItem)
+                break;
+            else
+                columnSubItem++;
+        }
+    }
+    switch (iColumn) {
+    case RENEWABLE_UNTIL:
+    case VALID_UNTIL:
+        retval = m_aListItemInfo[iItem].m_durationFont;
+        break;
+    default:
+        retval = m_aListItemInfo[iItem].m_font;
+        break;
+    }
+    return retval;
+}
+
+void CLeashView::OnNMCustomdraw(NMHDR *pNMHDR, LRESULT *pResult)
+{
+    HFONT font;
+    CCacheDisplayData *pElem;
+    *pResult = CDRF_DODEFAULT;
+    int iItem;
+
+    LPNMLVCUSTOMDRAW pNMLVCD = reinterpret_cast<LPNMLVCUSTOMDRAW>(pNMHDR);
+    switch (pNMLVCD->nmcd.dwDrawStage) {
+    case CDDS_PREPAINT:
+        *pResult = CDRF_NOTIFYITEMDRAW;
+        break;
+    case CDDS_ITEMPREPAINT:
+        *pResult = CDRF_NOTIFYSUBITEMDRAW;
+        break;
+    case CDDS_SUBITEM | CDDS_ITEMPREPAINT:
+        iItem = pNMLVCD->nmcd.dwItemSpec;
+        pElem = FindCCacheDisplayElem(m_ccacheDisplay, iItem);
+        font = GetSubItemFont(iItem, pNMLVCD->iSubItem);
+        SelectObject(pNMLVCD->nmcd.hdc, font);
+        if (pElem != NULL && pNMLVCD->iSubItem == 0) {
+            CListCtrl &list = GetListCtrl();
+            CRect drawRect, nextRect;
+            if (list.GetSubItemRect(iItem, 0, LVIR_BOUNDS, drawRect)) {
+                HTHEME hTheme = OpenThemeData(pNMLVCD->nmcd.hdr.hwndFrom,
+                                              L"Explorer::TreeView");
+                drawRect.right = drawRect.left +
+                                 (drawRect.bottom - drawRect.top);
+                // @TODO: need hot states, too: TVP_HOTGLYPH, HGLPS_OPENED,
+                //        HGLPS_CLOSED
+                int state = pElem->m_expanded ? GLPS_OPENED : GLPS_CLOSED;
+                DrawThemeBackground(hTheme,
+                                    pNMLVCD->nmcd.hdc,
+                                    TVP_GLYPH, state,
+                                    &drawRect, NULL);
+            }
+        }
+        *pResult = CDRF_NEWFONT;
+        break;
+    default:
+        break;
+    }
+}
diff --git a/krb5-1.21.3/src/windows/leash/LeashView.h b/krb5-1.21.3/src/windows/leash/LeashView.h
new file mode 100644
index 00000000..48107e79
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/LeashView.h
@@ -0,0 +1,339 @@
+//	**************************************************************************************
+//	File:			LeashView.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:	H file for LeashView.cpp. Contains variables and functions
+//					for the Leash FormView
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#if !defined(AFX_LeashVIEW_H__6F45AD99_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
+#define AFX_LeashVIEW_H__6F45AD99_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_
+
+#if _MSC_VER >= 1000
+#pragma once
+#endif // _MSC_VER >= 1000
+
+#define GOOD_TICKETS	1  // Don't change this value
+#define EXPIRED_TICKETS 2  // Don't change this value
+#define TICKETS_LOW		3
+#define ONE_SECOND		1000
+#define SMALL_ICONS     16
+#define LARGE_ICONS     32
+
+#define UPDATE_DISPLAY_TIME 60  //seconds
+
+#define ACTIVE_CLOCK          0
+#define LOW_CLOCK             1
+#define EXPIRED_CLOCK         2
+#define ACTIVE_TICKET         3
+#define LOW_TICKET            4
+#define EXPIRED_TICKET        5
+#define TICKET_NOT_INSTALLED  6
+#define ACTIVE_PARENT_NODE    7
+#define LOW_PARENT_NODE       8
+#define EXPIRED_PARENT_NODE   9
+#define NONE_PARENT_NODE      10
+#define LOW_TRAY_ICON         11
+#define EXPIRED_TRAY_ICON     12
+#define ACTIVE_TRAY_ICON      13
+#define NONE_TRAY_ICON        14
+#define TKT_ADDRESS           15
+#define TKT_SESSION           16
+#define TKT_ENCRYPTION        17
+#define IMAGE_COUNT           18
+
+#define NODE_IS_EXPANDED 2
+
+#define CX_BORDER   1
+#define CY_BORDER   1
+
+#ifdef NO_TICKETS
+#undef NO_TICKETS // XXX - this is evil but necessary thanks to silliness...
+#endif
+
+#define WM_TRAYICON (WM_USER+100)
+#define WM_WARNINGPOPUP (WM_USER+101)
+
+enum ticketTimeLeft{NO_TICKETS, ZERO_MINUTES_LEFT, FIVE_MINUTES_LEFT, TEN_MINUTES_LEFT,
+					FIFTEEN_MINUTES_LEFT, TWENTY_MINUTES_LEFT, PLENTY_OF_TIME,
+                    NOT_INSTALLED};
+// Don't change 'NO_TICKET's' value
+
+class CLeashDebugWindow;
+class ViewColumnInfo
+{
+public:
+    const char * m_name;
+    int m_enabled;
+    int m_id;
+    int m_columnWidth;
+};
+
+enum eViewColumn {
+    PRINCIPAL,
+    TIME_ISSUED,
+    RENEWABLE_UNTIL,
+    VALID_UNTIL,
+    ENCRYPTION_TYPE,
+    TICKET_FLAGS,
+    CACHE_NAME,
+    NUM_VIEW_COLUMNS
+};
+
+class CCacheDisplayData
+{
+public:
+    CCacheDisplayData(const char *ccache_name) :
+      m_next(NULL),
+      m_ccacheName(strdup(ccache_name)),
+      m_index(-1),
+      m_focus(-1),
+      m_expanded(0),
+      m_selected(0),
+      m_isRenewable(0),
+      m_isDefault(0)
+    {
+    }
+
+    ~CCacheDisplayData()
+    {
+        if (m_ccacheName)
+            free(m_ccacheName);
+    }
+
+    CCacheDisplayData *m_next;
+    char *m_ccacheName;
+    int m_index;               // item index in list view
+    int m_focus;               // sub-item with focus
+    unsigned int m_expanded;   // true when each individual ticket is displayed
+    unsigned int m_selected;   // true when this ccache is selected
+    unsigned int m_isRenewable; // true when tgt is renewable
+    unsigned int m_isDefault;  // true when this is the default ccache
+};
+
+struct ListItemInfo
+{
+    ListItemInfo() : m_font(NULL), m_durationFont(NULL) {}
+    HFONT m_durationFont; // For renewable/valid until; italic when expired
+    HFONT m_font;         // For all other items
+};
+
+class CLeashView : public CListView
+{
+private:
+////@#+Remove
+    CLeashDebugWindow*	m_pDebugWindow;
+    CCacheDisplayData*  m_ccacheDisplay;
+	CImageList			m_imageList;
+	CWinApp*			m_pApp;
+	HTREEITEM			m_hPrincipal;
+	HTREEITEM			m_hKerb5;
+    HTREEITEM           m_hk5tkt;
+	TV_INSERTSTRUCT		m_tvinsert;
+	HMENU				m_hMenu;
+    BOOL				m_startup;
+	BOOL				m_isMinimum;
+	BOOL				m_debugStartUp;
+	BOOL				m_alreadyPlayed;
+    INT					m_upperCaseRealm;
+	INT					m_destroyTicketsOnExit;
+	INT					m_debugWindow;
+	INT					m_largeIcons;
+	INT					m_lowTicketAlarm;
+	INT					m_hPrincipalState;
+	INT					m_hKerb5State;
+    CString*            m_pWarningMessage;
+    BOOL                m_bIconAdded;
+    BOOL                m_bIconDeleted;
+    HFONT               m_BaseFont;
+    HFONT               m_BoldFont;
+    HFONT               m_ItalicFont;
+    HFONT               m_BoldItalicFont;
+    ListItemInfo*       m_aListItemInfo;
+
+    static ViewColumnInfo sm_viewColumns[NUM_VIEW_COLUMNS];
+
+    static INT		   	m_autoRenewTickets;
+    static INT          m_ticketStatusKrb5;
+    static INT          m_autoRenewalAttempted;
+	static INT			m_warningOfTicketTimeLeftKrb5;
+    static INT			m_warningOfTicketTimeLeftLockKrb5;
+    static INT			m_updateDisplayCount;
+    static INT	        m_alreadyPlayedDisplayCount;
+    static time_t		m_ticketTimeLeft;
+    static BOOL			m_lowTicketAlarmSound;
+    static LONG         m_timerMsgNotInProgress;
+
+    void ToggleViewColumn(eViewColumn viewOption);
+	VOID ResetTreeNodes();
+    VOID ApplicationInfoMissingMsg();
+    VOID GetScrollBarState(CSize sizeClient, CSize& needSb,
+	                       CSize& sizeRange, CPoint& ptMove,
+                           BOOL bInsideClient);
+    VOID UpdateBars();
+    VOID GetScrollBarSizes(CSize& sizeSb);
+    BOOL GetTrueClientSize(CSize& size, CSize& sizeSb);
+    HFONT GetSubItemFont(int iItem, int iSubItem);
+
+    //void   GetRowWidthHeight(CDC* pDC, LPCSTR theString, int& nRowWidth,
+    //                         int& nRowHeight, int& nCharWidth);
+    static VOID	AlarmBeep();
+    static VOID	CALLBACK EXPORT TimerProc(HWND hWnd, UINT nMsg, UINT_PTR nIDEvent,
+					  DWORD dwTime);
+    static VOID	UpdateTicketTime(TICKETINFO& ticketinfo);
+    static INT	GetLowTicketStatus(int);
+    static time_t	LeashTime();
+    static BOOL IsExpired(TicketList *ticket);
+    static BOOL IsExpired(TICKETINFO *info);
+    static VOID AddDisplayItem(CListCtrl &list,
+                               CCacheDisplayData *elem,
+                               int iItem,
+                               char *principal,
+                               time_t issued,
+                               time_t valid_until,
+                               time_t renew_until,
+                               char *encTypes,
+                               unsigned long flags,
+                               char *cache_name);
+
+    void   SetTrayIcon(int nim, int state=0);
+    void   SetTrayText(int nim, CString tip);
+
+    BOOL   UpdateDisplay();
+    static UINT InitTicket(void *);
+    static UINT RenewTicket(void *);
+    static UINT ImportTicket(void *);
+    // Queue a warning popup message.
+    // This is a workaround to the MFC deficiency that you cannot safely create
+    // a modal dialog while processing messages within AfxPreTranslateMessage()
+    // returns TRUE if message is queued successfully.
+    BOOL PostWarningMessage(const CString& message);
+    afx_msg LRESULT OnWarningPopup(WPARAM wParam, LPARAM lParam);
+
+    BOOL    IsExpanded(TICKETINFO *);
+
+protected: // create from serialization only
+	DECLARE_DYNCREATE(CLeashView)
+
+// Attributes
+public:
+    CLeashView();
+	//LeashDoc* GetDocument();
+
+	//{{AFX_DATA(CLeashView)
+	enum { IDD = IDD_DIALOG1 };
+		// NOTE: the ClassWizard will add data members here
+	//}}AFX_DATA
+
+// Operations
+public:
+
+// Overrides
+	// ClassWizard generated virtual function overrides
+	//{{AFX_VIRTUAL(CLeashView)
+	public:
+	virtual BOOL PreCreateWindow(CREATESTRUCT& cs);
+	virtual BOOL Create(LPCTSTR lpszClassName, LPCTSTR lpszWindowName, DWORD dwStyle, const RECT& rect, CWnd* pParentWnd, UINT nID, CCreateContext* pContext = NULL);
+	virtual VOID OnInitialUpdate();
+	virtual BOOL PreTranslateMessage(MSG* pMsg);
+	protected:
+	virtual VOID OnActivateView(BOOL bActivate, CView* pActivateView, CView* pDeactiveView);
+	//}}AFX_VIRTUAL
+
+// Implementation
+public:
+	virtual ~CLeashView();
+
+#ifdef _DEBUG
+	virtual VOID AssertValid() const;
+	virtual VOID Dump(CDumpContext& dc) const;
+#endif
+
+// Generated message map functions
+protected:
+	//{{AFX_MSG(CLeashView)
+    afx_msg VOID OnItemexpandedTreeview(NMHDR* pNMHDR, LRESULT* pResult);
+	afx_msg INT OnCreate(LPCREATESTRUCT lpCreateStruct);
+	afx_msg VOID OnShowWindow(BOOL bShow, UINT nStatus);
+    afx_msg VOID OnClose(void);
+	afx_msg VOID OnInitTicket();
+	afx_msg VOID OnRenewTicket();
+	afx_msg VOID OnDestroyTicket();
+	afx_msg VOID OnMakeDefault();
+	afx_msg VOID OnChangePassword();
+	afx_msg VOID OnUpdateDisplay();
+	afx_msg VOID OnSynTime();
+	afx_msg VOID OnDebugMode();
+	afx_msg VOID OnLargeIcons();
+	afx_msg VOID OnTimeIssued();
+	afx_msg VOID OnValidUntil();
+	afx_msg VOID OnRenewableUntil();
+	afx_msg VOID OnShowTicketFlags();
+	afx_msg VOID OnEncryptionType();
+	afx_msg VOID OnCcacheName();
+	afx_msg VOID OnUppercaseRealm();
+	afx_msg VOID OnKillTixOnExit();
+	afx_msg VOID OnDestroy();
+	afx_msg VOID OnUpdateDestroyTicket(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateInitTicket(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateRenewTicket(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateTimeIssued(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateValidUntil(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateRenewableUntil(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateShowTicketFlags(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateEncryptionType(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateCcacheName(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateUppercaseRealm(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateKillTixOnExit(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateLowTicketAlarm(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateAutoRenew(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateMakeDefault(CCmdUI* pCmdUI);
+	afx_msg VOID OnAppAbout();
+	afx_msg VOID OnUpdateDebugMode(CCmdUI* pCmdUI);
+	afx_msg VOID OnUpdateCfgFiles(CCmdUI* pCmdUI);
+	afx_msg VOID OnKrb5Properties();
+	afx_msg void OnLeashProperties();
+	afx_msg void OnLeashRestore();
+	afx_msg void OnLeashMinimize();
+	afx_msg void OnLowTicketAlarm();
+	afx_msg void OnUpdateKrb5Properties(CCmdUI* pCmdUI);
+    afx_msg void OnKrbProperties();
+	afx_msg void OnUpdateProperties(CCmdUI* pCmdUI);
+	afx_msg void OnHelpKerberos();
+	afx_msg void OnHelpLeash32();
+	afx_msg void OnHelpWhyuseleash32();
+    afx_msg void OnSysColorChange();
+    afx_msg void OnAutoRenew();
+	afx_msg LRESULT OnGoodbye(WPARAM wParam, LPARAM lParam);
+	afx_msg LRESULT OnTrayIcon(WPARAM wParam, LPARAM lParam);
+    afx_msg LRESULT OnObtainTGTWithParam(WPARAM wParam, LPARAM lParam);
+    afx_msg void OnItemChanged(NMHDR* pNmHdr, LRESULT* pResult);
+    //}}AFX_MSG
+	DECLARE_MESSAGE_MAP()
+public:
+    afx_msg void OnLvnItemchanging(NMHDR *pNMHDR, LRESULT *pResult);
+    afx_msg void OnLvnItemActivate(NMHDR *pNMHDR, LRESULT *pResult);
+    afx_msg void OnLvnKeydown(NMHDR *pNMHDR, LRESULT *pResult);
+    afx_msg void OnNMCustomdraw(NMHDR *pNMHDR, LRESULT *pResult);
+};
+
+/*
+#ifndef _DEBUG  // debug version in CLeashView.cpp
+inline LeashDoc* CLeashView::GetDocument()
+   { return (LeashDoc*)m_pDocument; }
+#endif
+*/
+
+/////////////////////////////////////////////////////////////////////////////
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Developer Studio will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_LeashVIEW_H__6F45AD99_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/Lglobals.h b/krb5-1.21.3/src/windows/leash/Lglobals.h
new file mode 100644
index 00000000..1fe0101a
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/Lglobals.h
@@ -0,0 +1,191 @@
+//*****************************************************************************
+// File:	lgobals.h
+// By:		Arthur David Leather
+// Created:	12/02/98
+// Copyright:	@1998 Massachusetts Institute of Technology - All rights
+//              reserved.
+// Description:	H file for lgobals.cpp. Contains global variables and helper
+//		functions
+//
+// History:
+//
+// MM/DD/YY	Inits	Description of Change
+// 02/02/98	ADL	Original
+//*****************************************************************************
+
+#if !defined LEASHGLOBALS_H
+#define LEASHGLOBALS_H
+
+#include <tlhelp32.h>
+#include <loadfuncs-com_err.h>
+#include <loadfuncs-krb5.h>
+////#include <loadfuncs-krb.h>
+#include <loadfuncs-profile.h>
+#include <loadfuncs-leash.h>
+#include <krb5.h>
+
+// toolhelp functions
+TYPEDEF_FUNC(
+    HANDLE,
+    WINAPI,
+    CreateToolhelp32Snapshot,
+    (DWORD, DWORD)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    WINAPI,
+    Module32First,
+    (HANDLE, LPMODULEENTRY32)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    WINAPI,
+    Module32Next,
+    (HANDLE, LPMODULEENTRY32)
+    );
+
+// psapi functions
+TYPEDEF_FUNC(
+    DWORD,
+    WINAPI,
+    GetModuleFileNameExA,
+    (HANDLE, HMODULE, LPSTR, DWORD)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    WINAPI,
+    EnumProcessModules,
+    (HANDLE, HMODULE*, DWORD, LPDWORD)
+    );
+
+#define pGetModuleFileNameEx pGetModuleFileNameExA
+
+extern DECL_FUNC_PTR(Leash_kdestroy);
+extern DECL_FUNC_PTR(Leash_changepwd_dlg);
+extern DECL_FUNC_PTR(Leash_changepwd_dlg_ex);
+extern DECL_FUNC_PTR(Leash_kinit_dlg);
+extern DECL_FUNC_PTR(Leash_kinit_dlg_ex);
+extern DECL_FUNC_PTR(Leash_timesync);
+extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
+extern DECL_FUNC_PTR(Leash_set_default_uppercaserealm);
+extern DECL_FUNC_PTR(Leash_renew);
+
+// psapi functions
+extern DECL_FUNC_PTR(GetModuleFileNameExA);
+extern DECL_FUNC_PTR(EnumProcessModules);
+
+// toolhelp functions
+extern DECL_FUNC_PTR(CreateToolhelp32Snapshot);
+extern DECL_FUNC_PTR(Module32First);
+extern DECL_FUNC_PTR(Module32Next);
+
+// com_err functions
+extern DECL_FUNC_PTR(error_message);
+
+// krb5 functions
+extern DECL_FUNC_PTR(krb5_cc_default_name);
+extern DECL_FUNC_PTR(krb5_cc_set_default_name);
+extern DECL_FUNC_PTR(krb5_get_default_config_files);
+extern DECL_FUNC_PTR(krb5_free_config_files);
+extern DECL_FUNC_PTR(krb5_free_context);
+extern DECL_FUNC_PTR(krb5_get_default_realm);
+extern DECL_FUNC_PTR(krb5_free_default_realm);
+extern DECL_FUNC_PTR(krb5_cc_get_principal);
+extern DECL_FUNC_PTR(krb5_build_principal);
+extern DECL_FUNC_PTR(krb5_c_random_make_octets);
+extern DECL_FUNC_PTR(krb5_get_init_creds_password);
+extern DECL_FUNC_PTR(krb5_free_cred_contents);
+extern DECL_FUNC_PTR(krb5_cc_resolve);
+extern DECL_FUNC_PTR(krb5_unparse_name);
+extern DECL_FUNC_PTR(krb5_free_unparsed_name);
+extern DECL_FUNC_PTR(krb5_free_principal);
+extern DECL_FUNC_PTR(krb5_cc_close);
+extern DECL_FUNC_PTR(krb5_cc_default);
+extern DECL_FUNC_PTR(krb5_cc_destroy);
+extern DECL_FUNC_PTR(krb5_cc_set_flags);
+extern DECL_FUNC_PTR(krb5_cc_get_name);
+extern DECL_FUNC_PTR(krb5_cc_start_seq_get);
+extern DECL_FUNC_PTR(krb5_cc_end_seq_get);
+extern DECL_FUNC_PTR(krb5_cc_next_cred);
+extern DECL_FUNC_PTR(krb5_cccol_cursor_new);
+extern DECL_FUNC_PTR(krb5_cccol_cursor_next);
+extern DECL_FUNC_PTR(krb5_cccol_cursor_free);
+extern DECL_FUNC_PTR(krb5_decode_ticket);
+extern DECL_FUNC_PTR(krb5_free_ticket);
+extern DECL_FUNC_PTR(krb5_init_context);
+extern DECL_FUNC_PTR(krb5_is_config_principal);
+extern DECL_FUNC_PTR(krb5_cc_switch);
+extern DECL_FUNC_PTR(krb5_build_principal_ext);
+extern DECL_FUNC_PTR(krb5_get_renewed_creds);
+extern DECL_FUNC_PTR(krb5_cc_initialize);
+extern DECL_FUNC_PTR(krb5_cc_store_cred);
+extern DECL_FUNC_PTR(krb5_cc_get_full_name);
+extern DECL_FUNC_PTR(krb5_free_string);
+extern DECL_FUNC_PTR(krb5_enctype_to_name);
+extern DECL_FUNC_PTR(krb5_cc_get_type);
+extern DECL_FUNC_PTR(krb5int_cc_user_set_default_name);
+// extern DECL_FUNC_PTR(krb5_get_host_realm);
+
+// profile functions
+extern DECL_FUNC_PTR(profile_release);
+extern DECL_FUNC_PTR(profile_init);
+extern DECL_FUNC_PTR(profile_flush);
+extern DECL_FUNC_PTR(profile_rename_section);
+extern DECL_FUNC_PTR(profile_update_relation);
+extern DECL_FUNC_PTR(profile_clear_relation);
+extern DECL_FUNC_PTR(profile_add_relation);
+extern DECL_FUNC_PTR(profile_get_relation_names);
+extern DECL_FUNC_PTR(profile_get_subsection_names);
+extern DECL_FUNC_PTR(profile_get_values);
+extern DECL_FUNC_PTR(profile_free_list);
+extern DECL_FUNC_PTR(profile_abandon);
+extern DECL_FUNC_PTR(profile_get_string);
+extern DECL_FUNC_PTR(profile_release_string);
+
+#define SKIP_MINSIZE  0
+#define LEFT_SIDE     1
+#define RIGHT_SIDE    2
+#define TOP_SIDE      3
+#define RESET_MINSIZE 4
+#define BOTTOM_SIDE   6
+
+#define ADMIN_SERVER "admin_server"
+
+#define ON  1
+#define OFF 0
+#define TRUE_FLAG		1
+#define FALSE_FLAG		0
+#ifdef _WIN64
+#define LEASHDLL "leashw64.dll"
+#define KERB5DLL "krb5_64.dll"
+#define KERB5_PPROFILE_DLL "xpprof64.dll"
+#else
+#define LEASHDLL "leashw32.dll"
+#define KERB5DLL "krb5_32.dll"
+#define KERB5_PPROFILE_DLL "xpprof32.dll"
+#endif
+#define SECUR32DLL "secur32.dll"
+#define KRB_FILE		"KRB.CON"
+#define KRBREALM_FILE	"KRBREALM.CON"
+#define TICKET_FILE		"TICKET.KRB"
+
+#define LEASH_HELP_FILE "leash.chm"
+
+// Get ticket info for the default ccache only
+extern void LeashKRB5ListDefaultTickets(TICKETINFO *ticketinfo);
+// clean up ticket info
+extern void LeashKRB5FreeTicketInfo(TICKETINFO *ticketinfo);
+
+// Allocate TICKETINFO for each ccache that contain tickets
+extern void LeashKRB5ListAllTickets(TICKETINFO **ticketinfolist);
+// clean up ticket info list
+extern void LeashKRB5FreeTickets(TICKETINFO **ticketinfolist);
+
+class TicketInfoWrapper {
+  public:
+    HANDLE     lockObj;
+    TICKETINFO Krb5;
+};
+extern TicketInfoWrapper ticketinfo;
+
+#endif
diff --git a/krb5-1.21.3/src/windows/leash/MainFrm.cpp b/krb5-1.21.3/src/windows/leash/MainFrm.cpp
new file mode 100644
index 00000000..29796b38
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/MainFrm.cpp
@@ -0,0 +1,464 @@
+//	**************************************************************************************
+//	File:			MainFrm.cpp
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:    CPP file for MainFrm.h. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#include "stdafx.h"
+#include "LeashUIApplication.h"
+#include "Leash.h"
+#include "MainFrm.h"
+#include "lglobals.h"
+//#include "KrbRealmHostMaintenance.h"
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#undef THIS_FILE
+static char THIS_FILE[] = __FILE__;
+#endif
+
+/////////////////////////////////////////////////////////////////////////////
+// CMainFrame
+
+#define MIN_LEFT      179
+#define MIN_TOP		  61
+#define MIN_RIGHT	  530
+#define MIN_BOTTOM	  280
+
+#ifndef NO_STATUS_BAR
+CMFCStatusBar CMainFrame::m_wndStatusBar;
+#endif
+CMFCToolBar   CMainFrame::m_wndToolBar;
+CImageList CMainFrame::m_imageList;
+CImageList CMainFrame::m_disabledImageList;
+BOOL	   CMainFrame::m_isMinimum;
+BOOL       CMainFrame::m_isBeingResized;
+int        CMainFrame::m_whatSide;
+
+IMPLEMENT_DYNCREATE(CMainFrame, CLeashFrame)
+
+BEGIN_MESSAGE_MAP(CMainFrame, CLeashFrame)
+	//{{AFX_MSG_MAP(CMainFrame)
+	ON_WM_CREATE()
+	ON_WM_SIZING()
+    ON_WM_CLOSE()
+	ON_WM_GETMINMAXINFO()
+    ON_COMMAND(ID_APP_EXIT, OnClose)
+	//}}AFX_MSG_MAP
+	// Global help commands
+	ON_COMMAND(ID_HELP_LEASH_, CMainFrame::OnHelpFinder)
+	ON_COMMAND(ID_HELP, CMainFrame::OnHelp)
+	ON_COMMAND(ID_CONTEXT_HELP, CMainFrame::OnContextHelp)
+	ON_MESSAGE_VOID(WM_RIBBON_RESIZE, OnRibbonResize)
+END_MESSAGE_MAP()
+
+static UINT indicators[] =
+{
+	ID_SEPARATOR,           // status line indicator
+	ID_SEPARATOR,
+    ID_SEPARATOR,
+    ID_SEPARATOR
+};
+
+
+/////////////////////////////////////////////////////////////////////////////
+// CMainFrame construction/destruction
+
+CMainFrame::CMainFrame()
+{
+	m_winRectLeft = 0;
+	m_winRectTop = 0;
+	m_winRectRight = 0;
+	m_winRectBottom = 0;
+	m_whatSide = RESET_MINSIZE;
+	m_isMinimum = FALSE;
+    m_isBeingResized = FALSE;
+    m_bOwnerCreated = FALSE;
+    pApplication = NULL;
+}
+
+CMainFrame::~CMainFrame()
+{
+}
+
+int CMainFrame::OnCreate(LPCREATESTRUCT lpCreateStruct)
+{
+    if (CLeashApp::m_useRibbon) {
+        HWND hwnd;
+        HRESULT hr;
+        // Fixup tooltips (cribbed from http://social.msdn.microsoft.com/Forums/en/vcmfcatl/thread/5c5b4879-d278-4d79-8894-99e7f9b322df)
+
+        CMFCToolTipInfo ttParams;
+        ttParams.m_bVislManagerTheme = TRUE;
+        ttParams.m_bVislManagerTheme = FALSE;
+        ttParams.m_bDrawSeparator = FALSE;
+        ttParams.m_clrFillGradient = afxGlobalData.clrBarFace;
+        ttParams.m_clrFill = RGB(255, 255, 255);
+        ttParams.m_clrBorder = afxGlobalData.clrBarShadow;
+        ttParams.m_clrText = afxGlobalData.clrBarText;
+
+        theApp.GetTooltipManager()->SetTooltipParams(AFX_TOOLTIP_TYPE_ALL,
+                RUNTIME_CLASS(CMFCToolTipCtrl), &ttParams);
+
+        CMFCVisualManager::SetDefaultManager(RUNTIME_CLASS(CMFCVisualManagerWindows7));
+        CDockingManager::SetDockingMode(DT_SMART);
+        m_wndRibbonBar.SetWindows7Look(TRUE);
+
+        // Initialize the ribbon, keeping a handle to the IUIApplication
+        // so that we can query the ribbon height and save space for it
+        // when calculating our layout.
+        hwnd = this->GetSafeHwnd();
+        if (hwnd == NULL)
+            printf("Failed to get HWND\n");
+        hr = LeashUIApplication::CreateInstance(&pApplication, hwnd);
+        if (FAILED(hr)) {
+            MessageBox("LeashUIApplication::CreateInstance!", "Error", MB_OK);
+            return -1;
+        }
+    }
+
+	if (CLeashFrame::OnCreate(lpCreateStruct) == -1)
+		return -1;
+
+    ShowWindow(SW_HIDE);
+
+/* NT4 and NT5 aren't shipped with a version of MFC that supports
+// 'CreateEx()' as of 2/1/99
+#if _MFC_VER > 0x0421
+
+	if (!m_wndToolBar.CreateEx(this) ||
+		!m_wndToolBar.LoadToolBar(IDR_MAINFRAME))
+	{
+		TRACE0("Failed to create toolbar\n");
+		return -1;      // fail to create
+	}
+
+#else
+
+	if (!m_wndToolBar.Create(this) ||
+		!m_wndToolBar.LoadToolBar(IDR_MAINFRAME))
+	{
+		TRACE0("Failed to create toolbar\n");
+		return -1;      // fail to create
+	}
+
+#endif
+*/
+	if ((!CLeashApp::m_useRibbon) &&
+		(!m_wndToolBar.Create(this) ||
+		 !m_wndToolBar.LoadToolBar(IDR_MAINFRAME)))
+	{
+		MessageBox("There is problem creating the Leash Toolbar!",
+                   "Error", MB_OK);
+        TRACE0("Failed to create toolbar\n");
+		return -1;      // fail to create
+	}
+
+#ifndef NO_STATUS_BAR
+	if (!m_wndStatusBar.Create(this) ||
+	    !m_wndStatusBar.SetIndicators(indicators, 3))
+	{
+		MessageBox("There is problem creating the Leash Status Bar!",
+                   "Error", MB_OK);
+        TRACE0("Failed to create status bar\n");
+		return -1;      // fail to create
+	}
+#endif
+
+
+	// TODO: Remove this if you don't want tool tips or a resizable toolbar
+	//m_wndToolBar.SetPaneStyle(m_wndToolBar.GetPaneStyle() |
+	//	                     CBRS_TOOLTIPS | CBRS_FLYBY | CBRS_SIZE_DYNAMIC);
+
+    if (!CLeashApp::m_useRibbon) {
+	// TODO: Delete these three lines if you don't want the toolbar to
+	//  be dockable
+	m_wndToolBar.EnableDocking(CBRS_ALIGN_ANY);
+	EnableDocking(CBRS_ALIGN_ANY);
+	DockPane(&m_wndToolBar);
+    }
+
+	return 0;
+}
+
+BOOL CMainFrame::PreTranslateMessage(MSG* pMsg)
+{
+    return CLeashFrame::PreTranslateMessage(pMsg);
+}
+
+BOOL CMainFrame::PreCreateWindow(CREATESTRUCT& cs)
+{
+	// Use the specific class name we established earlier
+    // Remove the Minimize and Maximize buttons
+    cs.style &= ~WS_MINIMIZEBOX;
+    cs.style &= ~WS_MAXIMIZEBOX;
+    // Initialize the extended window style to display a TaskBar entry with WS_EX_APPWINDOW
+    cs.dwExStyle |= WS_EX_APPWINDOW;
+//    cs.dwExStyle |= WS_EX_OVERLAPPEDWINDOW ;
+	cs.lpszClass = _T("LEASH.0WNDCLASS");
+    cs.lpszName = _T("MIT Kerberos");
+
+    CString strText = AfxGetApp()->GetProfileString(CLeashFrame::s_profileHeading,
+                                                    CLeashFrame::s_profileRect);
+    if (!strText.IsEmpty())
+    {
+        CRect rect;
+
+        rect.left = atoi((const char*) strText);
+        rect.top = atoi((const char*) strText + 5);
+        rect.right = atoi((const char*) strText + 10);
+        rect.bottom = atoi((const char*) strText + 15);
+
+        cs.x = rect.left;
+        cs.y = rect.top;
+        cs.cx = rect.right - rect.left;
+        cs.cy = rect.bottom - rect.top;
+
+        if ( cs.x < 0 )
+            cs.x = CW_USEDEFAULT;
+        if ( cs.y < 0 )
+            cs.y = CW_USEDEFAULT;
+        if ( cs.cx <= 0 )
+            cs.cx = CLeashFrame::s_rectDefault.right;
+        if ( cs.cy <= 0 )
+            cs.cy = CLeashFrame::s_rectDefault.bottom;
+    }
+    else
+    {
+        cs.cx = CLeashFrame::s_rectDefault.right;
+        cs.cy = CLeashFrame::s_rectDefault.bottom;
+        cs.y = CW_USEDEFAULT;
+        cs.x = CW_USEDEFAULT;
+    }
+
+    // Change the following line to call
+	// CLeashFrame::PreCreateWindow(cs) if this is an SDI application.
+	if (!CLeashFrame::PreCreateWindow(cs))
+        return FALSE;
+
+    // We create a parent window for our application to ensure that
+    // it has an owner.  This way we can disable the TaskBar entry
+    // by removing the WS_EX_APPWINDOW style later on.
+    if ( !m_bOwnerCreated )
+    {
+        m_bOwnerCreated = m_MainFrameOwner.Create(IDD_FRAMEOWNER);
+        if ( m_bOwnerCreated )
+            m_MainFrameOwner.ShowWindow(SW_HIDE);
+    }
+    if ( m_bOwnerCreated )
+        cs.hwndParent = m_MainFrameOwner.GetSafeHwnd();
+
+    return TRUE;
+}
+
+
+BOOL CMainFrame::ShowTaskBarButton(BOOL bVisible)
+{
+    if (!m_bOwnerCreated)
+        return FALSE;
+
+    if (bVisible) {
+        ShowWindow(SW_HIDE);
+        ModifyStyleEx(0, WS_EX_APPWINDOW);
+        ShowWindow(SW_SHOW);
+    } else {
+        ShowWindow(SW_HIDE);
+        ModifyStyleEx(WS_EX_APPWINDOW, 0);
+        ShowWindow(SW_SHOW);
+    }
+    return TRUE;
+}
+
+/////////////////////////////////////////////////////////////////////////////
+// CMainFrame diagnostics
+
+#ifdef _DEBUG
+void CMainFrame::AssertValid() const
+{
+	CLeashFrame::AssertValid();
+}
+
+void CMainFrame::Dump(CDumpContext& dc) const
+{
+	CLeashFrame::Dump(dc);
+}
+
+#endif //_DEBUG
+
+/////////////////////////////////////////////////////////////////////////////
+// CMainFrame message handlers
+
+void CMainFrame::OnResetWindowSize()
+{
+    WINDOWPLACEMENT wndpl;
+	wndpl.length = sizeof(WINDOWPLACEMENT);
+
+    if (!GetWindowPlacement(&wndpl))
+    {
+        MessageBox("There is a problem getting Leash Window size!",
+                   "Error", MB_OK);
+        return;
+    }
+
+    wndpl.rcNormalPosition = CLeashFrame::s_rectDefault;
+
+	m_whatSide = SKIP_MINSIZE;
+
+    if (!SetWindowPlacement(&wndpl))
+    {
+        MessageBox("There is a problem setting Leash Window size!",
+                   "Error", MB_OK);
+    }
+
+	m_whatSide = RESET_MINSIZE;
+}
+
+void CMainFrame::OnSizing(UINT fwSide, LPRECT pRect)
+{ // Keeps track of Leash window size for function CMainFrame::RecalcLayout
+	m_winRectLeft = pRect->left;
+	m_winRectTop = pRect->top;
+	m_winRectRight = pRect->right;
+	m_winRectBottom = pRect->bottom;
+
+	if (m_whatSide)
+	  m_whatSide = fwSide;
+
+	CLeashFrame::OnSizing(fwSide, pRect);
+}
+
+void CMainFrame::RecalcLayout(BOOL bNotify)
+{ // MINSIZE - Insurance that we have a minimum Leash window size
+	int width = MIN_RIGHT - MIN_LEFT;
+	int height = MIN_BOTTOM - MIN_TOP;
+        LeashUIApplication *leashUI;
+        RECT border;
+        border.left = border.right = border.bottom = 0;
+        // Leave room for the ribbon.
+        leashUI = static_cast<LeashUIApplication*>(pApplication);
+        border.top = (leashUI != NULL) ? leashUI->GetRibbonHeight() : 0;
+        NegotiateBorderSpace(CFrameWnd::borderSet, &border);
+
+    BOOL change = FALSE;
+	WINDOWPLACEMENT wndpl;
+	wndpl.length = sizeof(WINDOWPLACEMENT);
+
+    if (!GetWindowPlacement(&wndpl))
+    {
+        MessageBox("There is a problem getting Leash Window size!",
+                   "Error", MB_OK);
+        return;
+    }
+
+	if (m_whatSide)
+	{
+		if ((m_winRectRight - m_winRectLeft) < width)
+		{
+			if (m_whatSide == LEFT_SIDE) {
+                wndpl.rcNormalPosition.left = wndpl.rcNormalPosition.right - width;
+                change = TRUE;
+			} else if (m_whatSide == RIGHT_SIDE) {
+                wndpl.rcNormalPosition.right = wndpl.rcNormalPosition.left + width;
+                change = TRUE;
+            }
+		}
+		else if ((m_winRectBottom - m_winRectTop) < height)
+		{
+			if (m_whatSide == TOP_SIDE) {
+                wndpl.rcNormalPosition.top = wndpl.rcNormalPosition.bottom - height;
+                change = TRUE;
+			} else if (m_whatSide == BOTTOM_SIDE) {
+                wndpl.rcNormalPosition.bottom = wndpl.rcNormalPosition.top + height;
+                change = TRUE;
+            }
+		}
+	}
+
+    if ( change ) {
+        if (!SetWindowPlacement(&wndpl))
+        {
+            MessageBox("There is a problem setting Leash Window size!",
+                        "Error", MB_OK);
+        }
+    }
+    m_isBeingResized = TRUE;
+
+    CLeashFrame::RecalcLayout(bNotify);
+}
+
+
+void CMainFrame::OnGetMinMaxInfo(MINMAXINFO FAR* lpMMI)
+{
+    lpMMI->ptMinTrackSize.x = 650;
+    lpMMI->ptMinTrackSize.y = 240;
+	CLeashFrame::OnGetMinMaxInfo(lpMMI);
+}
+
+void CMainFrame::OnClose(void)
+{
+    CLeashFrame::OnClose();
+}
+
+LRESULT CMainFrame::WindowProc(UINT message, WPARAM wParam, LPARAM lParam)
+{
+    BOOL oldMin = m_isMinimum;
+    //printf("CMainFrame::WindowProc() Msg: %x, WPARAM: %x, LPARAM: %x\n", message, wParam, lParam);
+	switch(message)
+	{
+    case WM_CLOSE:
+        printf("received WM_CLOSE!");
+        break;
+    case WM_SIZE:
+        switch ( wParam ) {
+        case SIZE_MINIMIZED:
+            m_isMinimum = TRUE;
+            break;
+        case SIZE_MAXIMIZED:
+        case SIZE_RESTORED:
+            m_isMinimum = FALSE;
+            break;
+        }
+        break;
+    case ID_OBTAIN_TGT_WITH_LPARAM:
+        GetActiveView()->SendMessage(ID_OBTAIN_TGT_WITH_LPARAM, wParam,
+                                     lParam);
+        break;
+	}
+
+    if ( oldMin != m_isMinimum ) {
+        if ( m_isMinimum ) {
+            ShowTaskBarButton(FALSE);
+            ShowWindow(SW_HIDE);
+        }
+    }
+    return CLeashFrame::WindowProc(message, wParam, lParam);
+}
+
+// Signalled by LeashUIApplication::OnViewChanged when the ribbon height
+// changes.
+void CMainFrame::OnRibbonResize()
+{
+    RecalcLayout(TRUE);
+}
+
+/*
+void CMainFrame::OnHelp()
+{
+
+}
+*/
+
+/*
+void CMainFrame::OnContextHelp()
+{
+
+}
+*/
diff --git a/krb5-1.21.3/src/windows/leash/MainFrm.h b/krb5-1.21.3/src/windows/leash/MainFrm.h
new file mode 100644
index 00000000..37485ca5
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/MainFrm.h
@@ -0,0 +1,103 @@
+//	**************************************************************************************
+//	File:			MainFrm.h
+//	By:				Arthur David Leather
+//	Created:		12/02/98
+//	Copyright		@1998 Massachusetts Institute of Technology - All rights reserved.
+//	Description:    H file for MainFrm.cpp. Contains variables and functions
+//					for Leash
+//
+//	History:
+//
+//	MM/DD/YY	Inits	Description of Change
+//	12/02/98	ADL		Original
+//	**************************************************************************************
+
+
+#if !defined(AFX_MAINFRM_H__6F45AD95_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
+#define AFX_MAINFRM_H__6F45AD95_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_
+
+#if _MSC_VER >= 1000
+#pragma once
+#endif // _MSC_VER >= 1000
+
+#include "LeashFrame.h"
+#include "LeashUIApplication.h"
+
+class CMainFrame : public CLeashFrame
+{
+private:
+	int m_winRectLeft;
+	int m_winRectTop;
+	int m_winRectRight;
+	int m_winRectBottom;
+    BOOL m_bOwnerCreated;
+    CDialog m_MainFrameOwner;
+    IUIApplication *pApplication;
+
+protected: // create from serialization only
+    // Ribbon bar for the application
+    CMFCRibbonBar m_wndRibbonBar;
+    // Our own custom application button we can keep hidden.
+    CMFCRibbonApplicationButton m_wndApplicationButton;
+
+
+	CMainFrame();
+	DECLARE_DYNCREATE(CMainFrame)
+
+// Attributes
+public:
+	static int         m_whatSide;
+#ifndef NO_STATUS_BAR
+    static CMFCStatusBar  m_wndStatusBar;
+#endif
+	static CMFCToolBar    m_wndToolBar;
+	static BOOL		   m_isMinimum;
+    static BOOL        m_isBeingResized;
+    static CImageList  m_imageList;
+    static CImageList  m_disabledImageList;
+
+// Operations
+public:
+// Overrides
+	// ClassWizard generated virtual function overrides
+	//{{AFX_VIRTUAL(CMainFrame)
+	public:
+	virtual BOOL PreCreateWindow(CREATESTRUCT& cs);
+	virtual void RecalcLayout(BOOL bNotify = TRUE);
+	virtual BOOL PreTranslateMessage(MSG* pMsg);
+	protected:
+	virtual LRESULT WindowProc(UINT message, WPARAM wParam, LPARAM lParam);
+	//}}AFX_VIRTUAL
+
+// Implementation
+public:
+	virtual ~CMainFrame();
+#ifdef _DEBUG
+	virtual void AssertValid() const;
+	virtual void Dump(CDumpContext& dc) const;
+#endif
+    BOOL ShowTaskBarButton(BOOL bVisible);
+
+protected:  // control bar embedded members
+
+
+// Generated message map functions
+protected:
+	//{{AFX_MSG(CMainFrame)
+	afx_msg int OnCreate(LPCREATESTRUCT lpCreateStruct);
+	afx_msg void OnResetWindowSize();
+	afx_msg void OnSizing(UINT fwSide, LPRECT pRect);
+	afx_msg void OnGetMinMaxInfo(MINMAXINFO FAR* lpMMI);
+	afx_msg void OnRibbonResize();
+    afx_msg void OnClose(void);
+    //afx_msg void OnContextHelp();
+    //}}AFX_MSG
+	DECLARE_MESSAGE_MAP()
+};
+
+/////////////////////////////////////////////////////////////////////////////
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Developer Studio will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_MAINFRM_H__6F45AD95_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/Makefile.in b/krb5-1.21.3/src/windows/leash/Makefile.in
new file mode 100644
index 00000000..645cdec7
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/Makefile.in
@@ -0,0 +1,70 @@
+# makefile: Leash executable
+#
+
+EXE_NAME=leash
+
+SUBDIRS= htmlhelp
+
+OBJS=   \
+	$(OUTPRE)Leash.obj \
+	$(OUTPRE)LeashAboutBox.obj \
+	$(OUTPRE)LeashDebugWindow.obj \
+	$(OUTPRE)LeashDoc.obj \
+	$(OUTPRE)LeashFrame.obj \
+	$(OUTPRE)LeashMessageBox.obj \
+	$(OUTPRE)LeashUIApplication.obj \
+	$(OUTPRE)LeashUICommandHandler.obj \
+	$(OUTPRE)LeashView.obj \
+	$(OUTPRE)MainFrm.obj \
+	$(OUTPRE)StdAfx.obj \
+	$(OUTPRE)KrbListTickets.obj
+
+RESFILE = $(OUTPRE)Leash.res
+XOBJS	= $(RESFILE)
+
+##### Options
+# Set NODEBUG if building release instead of debug
+BUILDTOP=..\..
+
+LOCALINCLUDES= -I$(BUILDTOP) -I$(BUILDTOP)\include -I$(BUILDTOP)\windows\include
+
+##### RC Compiler
+RFLAGS	= $(LOCALINCLUDES)
+RCFLAGS	= $(RFLAGS) -D_WIN32 -DLEASH_APP
+
+DEFINES = -DWINSOCK -DWIN32 -DWINDOWS -D_AFXDLL -DNO_STATUS_BAR -DUSE_MESSAGE_BOX
+!ifdef NODEBUG
+DEFINES = $(DEFINES)
+!else
+DEFINES = $(DEFINES) -DDBG
+!endif
+
+##### Linker
+LINK	= link
+LIBS	= $(GLIB) $(CLIB)
+SYSLIBS	= kernel32.lib Iphlpapi.lib ws2_32.lib user32.lib gdi32.lib comdlg32.lib comctl32.lib version.lib
+LFLAGS	= /nologo $(LOPTS)
+
+all: Makefile $(OUTPRE)$(EXE_NAME).exe
+
+$(OUTPRE)$(EXE_NAME).exe: $(OBJS) $(XOBJS) $(LIBS)
+	$(LINK) $(LFLAGS) /out:$@ /ENTRY:WinMainCRTStartup $(OBJS) $(XOBJS) \
+	  $(LIBS) $(SYSLIBS) ../lib/$(OUTPRE)libwin.lib
+	copy $@ "$(OUTPRE)MIT Kerberos.exe"
+
+kfwribbon.bml kfwribbon.h kfwribbon.rc: kfwribbon.xml
+	uicc.exe kfwribbon.xml kfwribbon.bml /res:kfwribbon.rc /header:kfwribbon.h /name:KFW_RIBBON
+
+$(RESFILE): Leash.rc res/Leash.rc2 kfwribbon.rc ver.rc ../version.rc ../kerberos.ver
+
+$(OUTPRE)LeashUIApplication.obj $(OUTPRE)LeashUICommandHandler.obj: kfwribbon.h
+
+clean:
+	if exist $(OUTPRE)*.exe del $(OUTPRE)*.exe
+	if exist $(OUTPRE)*.obj del $(OUTPRE)*.obj
+	if exist $(OUTPRE)*.res del $(OUTPRE)*.res
+	if exist $(OUTPRE)*.pdb del $(OUTPRE)*.pdb
+	if exist *.err del *.err
+	if exist *.bml del *.bml
+	if exist kfwribbon.h del kfwribbon.h
+	if exist kfwribbon.rc del kfwribbon.rc
diff --git a/krb5-1.21.3/src/windows/leash/StdAfx.cpp b/krb5-1.21.3/src/windows/leash/StdAfx.cpp
new file mode 100644
index 00000000..ef6942b3
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/StdAfx.cpp
@@ -0,0 +1,5 @@
+// stdafx.cpp : source file that includes just the standard includes
+//	Leash.pch will be the pre-compiled header
+//	stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
diff --git a/krb5-1.21.3/src/windows/leash/StdAfx.h b/krb5-1.21.3/src/windows/leash/StdAfx.h
new file mode 100644
index 00000000..c147b4fc
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/StdAfx.h
@@ -0,0 +1,30 @@
+// stdafx.h : include file for standard system include files,
+//  or project specific include files that are used frequently, but
+//      are changed infrequently
+//
+
+#if _MSC_VER >= 1000
+#pragma once
+#endif // _MSC_VER >= 1000
+
+#if !defined(AFX_STDAFX_H__6F45AD93_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
+#define AFX_STDAFX_H__6F45AD93_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_
+
+#define VC_EXTRALEAN		// Exclude rarely-used stuff from Windows headers
+#define WINVER 0x0600       // Target Vista+
+#define _WIN32_WINNT 0x0600 // Target Vista+
+#include <afxwin.h>         // MFC core and standard components
+#include <afxcview.h>
+#include <afxext.h>         // MFC extensions
+#include <afxdisp.h>        // MFC OLE automation classes
+#ifndef _AFX_NO_AFXCMN_SUPPORT
+#include <afxcmn.h>			// MFC support for Windows Common Controls
+#include "htmlhelp.h"
+
+#endif // _AFX_NO_AFXCMN_SUPPORT
+#include <afxcontrolbars.h>
+
+//{{AFX_INSERT_LOCATION}}
+// Microsoft Developer Studio will insert additional declarations immediately before the previous line.
+
+#endif // !defined(AFX_STDAFX_H__6F45AD93_561B_11D0_8FCF_00C04FC2A0C2__INCLUDED_)
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Change_Password.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Change_Password.PNG
new file mode 100644
index 00000000..719ed862
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Change_Password.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Destroy_Ticket.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Destroy_Ticket.PNG
new file mode 100644
index 00000000..d746dcae
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Destroy_Ticket.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Get_Ticket.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Get_Ticket.PNG
new file mode 100644
index 00000000..7db4e6a0
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Get_Ticket.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Home_Tab.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Home_Tab.PNG
new file mode 100644
index 00000000..90cd2e42
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Home_Tab.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Make_Default.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Make_Default.PNG
new file mode 100644
index 00000000..dc85a1c5
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Make_Default.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Options_Tab.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Options_Tab.PNG
new file mode 100644
index 00000000..29b15c7c
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Options_Tab.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Renew_Ticket.PNG b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Renew_Ticket.PNG
new file mode 100644
index 00000000..078f61ef
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/Renew_Ticket.PNG differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Images/checkbox.png b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/checkbox.png
new file mode 100644
index 00000000..b7dac3bd
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/htmlhelp/Images/checkbox.png differ
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Index.hhk b/krb5-1.21.3/src/windows/leash/htmlhelp/Index.hhk
new file mode 100644
index 00000000..583ab1f4
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/Index.hhk
@@ -0,0 +1,444 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<!-- Sitemap 1.0 -->
+</HEAD><BODY>
+<UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="bugs">
+		<param name="See Also" value="bugs">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="discuss in Usenet group">
+			<param name="Name" value="Discuss Bugs">
+			<param name="Local" value="HTML\Report_Bugs.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="send bug report">
+			<param name="Name" value="Report Bugs">
+			<param name="Local" value="HTML\Report_Bugs.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="command line">
+		<param name="Name" value="Command_Line">
+		<param name="Local" value="HTML\Command_Line.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="kcpytkt">
+			<param name="Name" value="KCPYTKT">
+			<param name="Local" value="HTML\KCPYTKT.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="kdestroy">
+			<param name="Name" value="KDESTROY">
+			<param name="Local" value="HTML\KDESTROY.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="kinit">
+			<param name="Name" value="KINIT">
+			<param name="Local" value="HTML\KINIT.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="klist">
+			<param name="Name" value="KLIST">
+			<param name="Local" value="HTML\KLIST.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="kpasswd">
+			<param name="Name" value="KPASSWD">
+			<param name="Local" value="HTML\KPASSWD.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="kswitch">
+			<param name="Name" value="KSWITCH">
+			<param name="Local" value="HTML\KSWITCH.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="kvno">
+			<param name="Name" value="KVNO">
+			<param name="Local" value="HTML\KVNO.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Ctrl: See keyboard shortcuts">
+		<param name="Name" value="keyboard shortcuts">
+		<param name="See Also" value="keyboard shortcuts">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="default principal">
+		<param name="See Also" value="default principal">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="about">
+			<param name="Name" value="About principals">
+			<param name="Local" value="HTML\Principals.htm#default-principal">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="set or make default">
+			<param name="Name" value="Make Default">
+			<param name="Local" value="HTML\Make_Default.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="definitions">
+		<param name="See Also" value="definitions">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="full glossary">
+			<param name="Name" value="Glossary">
+			<param name="Local" value="HTML\Glossary.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="of Kerberos terms">
+			<param name="Name" value="Kerberos Terminology">
+			<param name="Local" value="HTML\Kerberos_Terminology.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="destroy ticket">
+		<param name="Name" value="Destroy Tickets">
+		<param name="Local" value="Html\Destroy_Tickets.htm">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="encryption types">
+		<param name="Name" value="Encryption_Types">
+		<param name="Local" value="HTML\Encryption_Types.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="learn about">
+			<param name="Name" value="Encryption_Types">
+			<param name="Local" value="HTML\Encryption_Types.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="view">
+			<param name="Name" value="View Encryption Type">
+			<param name="Local" value="Html\View_Tickets.htm#encryption-type">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="expiration">
+		<param name="See Also" value="expiration">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="alarm option">
+			<param name="Name" value="Options Tab">
+			<param name="Local" value="HTML\Options_Tab.htm#expiration-alarm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="of renewable ticket">
+			<param name="Name" value="Tickets">
+			<param name="Local" value="Html\Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="of ticket">
+			<param name="Name" value="Tickets">
+			<param name="Local" value="Html\Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="see also: ticket">
+			<param name="See Also" value="ticket">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="flags">
+		<param name="Name" value="flags">
+		<param name="See Also" value="flags">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="definition">
+			<param name="Name" value="Glossary">
+			<param name="Local" value="HTML\Glossary.htm#flags">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="view or choose for ticket">
+			<param name="Name" value="Ticket Settings and Flags">
+			<param name="Local" value="Html\Ticket_Settings.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="forwardable tickets">
+		<param name="Name" value="Tickets">
+		<param name="Local" value="Html\Tickets.htm#forwardable">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="about">
+			<param name="Name" value="Tickets">
+			<param name="Local" value="Html\Tickets.htm#forwardable">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="get">
+			<param name="Name" value="Get Tickets">
+			<param name="Local" value="Html\Get_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="see also: ticket">
+			<param name="See Also" value="ticket">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="view tickets flagged as forwardable">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="glossary">
+		<param name="Name" value="Glossary">
+		<param name="Local" value="HTML\Glossary.htm">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Kerberos">
+		<param name="Name" value="What is Kerberos? ">
+		<param name="Local" value="Html\Kerberos.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="introduction">
+			<param name="Name" value="What is Kerberos? ">
+			<param name="Local" value="Html\Kerberos.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="key terminology">
+			<param name="Name" value="Kerberos Terminology">
+			<param name="Local" value="HTML\Kerberos_Terminology.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="protocol">
+			<param name="Name" value="How Kerberos Works">
+			<param name="Local" value="HTML\How_Kerberos_Works.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="keyboard shortcuts">
+		<param name="Name" value="Keyboard Shortcuts  ">
+		<param name="Local" value="HTML\Keyboard_Shortcuts.htm">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="krbtgt">
+		<param name="Name" value="Glossary: krbtgt">
+		<param name="Local" value="HTML\Glossary.htm#krbtgt">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="password">
+		<param name="Name" value="Passwords">
+		<param name="Local" value="Html\Passwords.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="change">
+			<param name="Name" value="Change Password">
+			<param name="Local" value="Html\Change_Password.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="forgotten">
+			<param name="Name" value="Forget Password">
+			<param name="Local" value="Html\Forget_Password.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="tips for strong password">
+			<param name="Name" value="Password Tips">
+			<param name="Local" value="Html\Password_Tips.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="principal">
+		<param name="See Also" value="principal">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="about">
+			<param name="Name" value="Principals">
+			<param name="Local" value="HTML\Principals.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="clear auto-complete list">
+			<param name="Name" value="Forget Saved Principals ">
+			<param name="Local" value="HTML\Forget_Principals.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="clear history">
+			<param name="Name" value="Forget Saved Principals ">
+			<param name="Local" value="HTML\Forget_Principals.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="default, about">
+			<param name="Name" value="About default principals">
+			<param name="Local" value="HTML\Principals.htm#default-principal">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="definition">
+			<param name="Name" value="Kerberos Terminology">
+			<param name="Local" value="HTML\Kerberos_Terminology.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="make default">
+			<param name="Name" value="Make Default">
+			<param name="Local" value="HTML\Make_Default.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="manage multiple">
+			<param name="Name" value="Multiple Principals">
+			<param name="Local" value="HTML\Manage_Multiple_Principals.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="view tickets for">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="realm">
+		<param name="See Also" value="realm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="allow mixed case name option">
+			<param name="Name" value="Options Menu">
+			<param name="Local" value="HTML\Options_Tab.htm#mixed-case-realm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="definition">
+			<param name="Name" value="Kerberos Terminology">
+			<param name="Local" value="HTML\Kerberos_Terminology.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="renewable tickets">
+		<param name="See Also" value="renewable tickets">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="about">
+			<param name="Name" value="Tickets">
+			<param name="Local" value="Html\Tickets.htm#renewable">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="find renewable until deadline">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="get">
+			<param name="Name" value="Get Tickets">
+			<param name="Local" value="Html\Get_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="renew">
+			<param name="Name" value="Renew_Tickets">
+			<param name="Local" value="Html\Renew_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="renew automatically">
+			<param name="Name" value="Renew_Tickets">
+			<param name="Local" value="Html\Renew_Tickets.htm#renew-automatically">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="see also:  ticket">
+			<param name="See Also" value="ticket">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="view tickets flagged as renewable">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="renewable until">
+		<param name="Name" value="Glossar: renewable until">
+		<param name="Local" value="Html\Glossary.htm#renewable_until">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="shortcut keys">
+		<param name="Name" value="Keyboard Shortcuts  ">
+		<param name="Local" value="HTML\Keyboard_Shortcuts.htm">
+		</OBJECT>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="ticket">
+		<param name="Name" value="Tickets">
+		<param name="See Also" value="Tickets">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="about">
+			<param name="Name" value="Tickets">
+			<param name="Local" value="Html\Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="destroy">
+			<param name="Name" value="Destroy Tickets">
+			<param name="Local" value="Html\Destroy_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="expiration">
+			<param name="Name" value="Tickets">
+			<param name="Local" value="Html\Tickets.htm#expiration">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="flags, set">
+			<param name="Name" value="Ticket Settings">
+			<param name="Local" value="Html\Ticket_Settings.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="flags, view">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="get new">
+			<param name="Name" value="Get Tickets">
+			<param name="Local" value="Html\Get_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="renew automatically">
+			<param name="Name" value="Renew_Tickets">
+			<param name="Local" value="Html\Renew_Tickets.htm#renew-automatically">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="renew once">
+			<param name="Name" value="Renew_Tickets">
+			<param name="Local" value="Html\Renew_Tickets.htm#renew-once">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="settings ">
+			<param name="Name" value="Ticket Settings">
+			<param name="Local" value="Html\Ticket_Settings.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="view">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="valid until">
+		<param name="Name" value="Valid Until">
+		<param name="See Also" value="valid until">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="definition">
+			<param name="Name" value="Glossary: valid until">
+			<param name="Local" value="HTML\Glossary.htm#valid-until">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="read column in main window">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm#valid-until">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="show/hide column">
+			<param name="Name" value="View Options Panel">
+			<param name="Local" value="HTML\Options_Tab.htm#view-options">
+			</OBJECT>
+	</UL>
+</UL>
+</BODY></HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Leash.css b/krb5-1.21.3/src/windows/leash/htmlhelp/Leash.css
new file mode 100644
index 00000000..d20dd4e9
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/Leash.css
@@ -0,0 +1,215 @@
+body {
+	font-family : Verdana, Geneva, sans-serif;
+	font-size:100%;
+	background-color : white;
+	color : black; }
+p {
+	font-size:.8em;
+	background-color : white;
+	color : black;
+}
+
+
+ h1 {
+	font-family : Verdana, Geneva, sans-serif;
+	font-size : 1.5em;
+	color : black; }
+
+ h2 {
+	font-family : Verdana, Geneva, sans-serif;
+	font-size : 1.12em;
+	color : black; }
+
+ h3 {
+	font-family : Verdana, Geneva, sans-serif;
+	font-size : .9 em;
+	color : black; }
+
+
+ol li {
+	font-size: .8em;
+	margin-top: 4px;
+	margin-bottom: 10px;
+}
+
+ul li {
+	font-size: .8em;
+	margin-top: 4px;
+	margin-bottom: 4px;
+}
+
+table, th, td
+{
+border: 1 solid black;
+border-collapse:collapse;
+}
+
+#table-inner
+{
+border: 0;
+border-collapse:collapse;
+}
+
+#th-inner
+{
+border: 0;
+border-collapse:collapse;
+}
+
+#th-title
+{
+border: 0;
+border-collapse:collapse;
+background-color:#F0F8FF;
+}
+
+#td-inner
+{
+border: 0;
+border-collapse:collapse;
+align-left;
+}
+
+table {
+padding-top: 10px;
+text-align: left;
+width: 100%;
+padding-bottom: 10px;
+	table-layout: auto;
+}
+
+
+th  {
+	font-family : Verdana, Arial, Helvetica, sans-serif;
+	font-size:1em;
+	background-color: #E0E5EB;
+	color : black;
+	padding:8px;
+	width: auto;
+	vertical-align:top;
+
+}
+
+#th2  {
+	font-family : Verdana, Arial, Helvetica, sans-serif;
+	font-size:0.825em;
+	background-color:#F0F8FF;
+	color : black;
+	padding:8px;
+	width: auto;
+	vertical-align:top;
+}
+
+#th2small  {
+	font-family : Verdana, Arial, Helvetica, sans-serif;
+	font-size:0.6em;
+	background-color:#F0F8FF;
+	color : black;
+	padding:6px;
+	width: auto;
+	vertical-align:top;
+}
+
+td {
+	font-family : Verdana, Arial, Helvetica, sans-serif;
+	font-size:0.825em;
+	color : black;
+	padding-left:5px;
+	padding-top:8px;
+	padding-bottom:8px;
+	width: auto;
+	vertical-align:top;
+ }
+
+#helpul
+{
+font-family : Verdana, Geneva, sans-serif;
+list-style:none;
+	font-size: 1em;
+	margin-top: 0;
+	margin-left:0;
+	padding-left: 0;
+}
+
+ol li ul li {
+Verdana, Arial, sans-serif;
+	list-style:none;
+	position:relative;
+	left:-10px;
+	font-size : 1em;
+}
+
+#tableul {
+	Verdana, Geneva, sans-serif;
+	font-size : 1.12em;
+}
+
+#helph2 {
+	font-family : Verdana, Geneva, sans-serif;
+	font-size : 1.12em;
+	color : black;
+	margin-bottom: 4px;
+ }
+
+
+
+#typed
+{
+	font-size: 1em;
+	font-family :"Courier New", Courier, monospace;
+}
+
+#button
+{
+	font-size: 1em;
+	Arial, Helvetica, sans-serif;
+}
+
+.typed
+{
+	font-size: 1em;
+	font-family :"Courier New", Courier, monospace;
+}
+.command
+{
+	font-size: 1em;
+	font-family :"Courier New", Courier, monospace;
+	 white-space: nowrap;
+	}
+
+.noborder, .noborder tr, .noborder th, .noborder td {
+    border: none;
+}
+
+.smallfont {
+	font-family : Verdana, Geneva, sans-serif;
+	font-size:.8em;
+	font-weight:normal;
+}
+
+dl
+{
+	margin:0;
+	padding: 0;
+	font-family: Verdana, Geneva, sans-serif;
+	font-size:0.825em;
+}
+
+dt
+{
+	margin:0;
+	padding: 0;
+	font-weight: bold;
+}
+
+ dd
+{
+	margin: 0 0 1em 0;
+	padding: 0;
+}
+
+ A:link { color : blue; }
+
+ A:visited { color : purple; }
+
+ A:active { color : navy; }
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/MITKerberosHelp.hhp b/krb5-1.21.3/src/windows/leash/htmlhelp/MITKerberosHelp.hhp
new file mode 100644
index 00000000..ac02401e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/MITKerberosHelp.hhp
@@ -0,0 +1,106 @@
+[OPTIONS]
+Binary Index=No
+Compatibility=1.1 or later
+Compiled file=MITKerberosHelp.chm
+Contents file=TOC.hhc
+Default Window=Leash Help
+Default topic=HTML\Using_Leash_Menus.htm
+Display compile progress=No
+Full text search stop list file=stoplist.stp
+Full-text search=Yes
+Index file=Index.hhk
+Language=0x409 English (United States)
+Title=MIT Kerberos Help
+
+[WINDOWS]
+Leash Help="MIT Kerberos Help","TOC.hhc","Index.hhk",,,,,,,0x62420,,0x100e,[0,0,585,559],,,,,,,0
+MIT Kerberos Help="MIT Kerberos Help","TOC.hhc","Index.hhk","Html\Getting_Started.htm",,,,,,0x20,,0x0,[271,372,593,566],,,,,,,0
+
+
+[FILES]
+Leash.css
+HTML\FAQ.htm
+HTML\Command_Line.htm
+HTML\KDESTROY.htm
+HTML\KLIST.htm
+HTML\KINIT.htm
+HTML\Troubleshooting.htm
+HTML\Kerberos_Terminology.htm
+HTML\Report_Bugs.htm
+HTML\Encryption_Types.htm
+HTML\KCPYTKT.htm
+HTML\KVNO.htm
+HTML\KSWITCH.htm
+HTML\KPASSWD.htm
+HTML\Glossary.htm
+HTML\Debugging.htm
+HTML\Keyboard_Shortcuts.htm
+HTML\How_Kerberos_Works.htm
+HTML\Principals.htm
+HTML\Make_Default.htm
+HTML\Manage_Multiple_Principals.htm
+HTML\Forget_Principals.htm
+HTML\Home_Tab.htm
+HTML\Options_Tab.htm
+HTML\Getting_Started.htm
+HTML\Change_Password.htm
+HTML\Forget_Password.htm
+HTML\Kerberos.htm
+HTML\Password_Tips.htm
+HTML\Using_Leash_Menus.htm
+HTML\Passwords.htm
+HTML\Tickets.htm
+HTML\Destroy_Tickets.htm
+HTML\Get_Tickets.htm
+HTML\Renew_Tickets.htm
+HTML\Ticket_Settings.htm
+HTML\View_Tickets.htm
+
+[ALIAS]
+HID_ABOUT_KERBEROS = html\Getting_Started.htm
+HID_CHANGE_PASSWORD_COMMAND = html\Change_Password.htm
+HID_DESTROY_TICKETS_COMMAND = html\Destroy_Tickets.htm
+HID_DESTROY_TICKETS_ON_EXIT = html\Options_Tab.htm
+HID_GET_TICKETS_COMMAND = html\Get_Tickets.htm
+HID_RENEW_TICKETS_COMMAND = html\Renew_Tickets.htm
+HID_HELP_CONTENTS = html\Getting_Started.htm
+HID_LEASH_COMMANDS = html\Getting_Started.htm
+HID_LEASH_PROGRAM = html\Getting_Started.htm
+hid_app_about = html\hid_app_about.htm
+hid_app_exit = html\hid_app_exit.htm
+hid_help_index = html\hid_help_index.htm
+hid_help_using = html\hid_help_using.htm
+hid_context_help = html\hid_context_help.htm
+hid_sc_size = html\hid_sc_size.htm
+hid_sc_move = html\hid_sc_move.htm
+hid_sc_minimize = html\hid_sc_minimize.htm
+hid_sc_maximize = html\hid_sc_maximize.htm
+hid_sc_close = html\hid_sc_close.htm
+hid_sc_restore = html\hid_sc_restore.htm
+
+[MAP]
+#define HID_ABOUT_KERBEROS              98320
+#define HID_ABOUT_LEASH32_COMMAND       123200
+#define HID_ABOUT_LEASH32_MODULES       131225
+#define HID_CHANGE_PASSWORD_COMMAND		98315
+#define HID_DEBUG_WINDOW				131229
+#define HID_DEBUG_WINDOW_OPTION			98317
+#define HID_DESTROY_TICKETS_COMMAND     98313
+#define HID_DESTROY_TICKETS_ON_EXIT		98321
+#define HID_GET_TICKETS_COMMAND			98343
+#define HID_RENEW_TICKETS_COMMAND       98312
+#define HID_HELP_CONTENTS				98340
+#define HID_KRBCHECK_OPTION				98335
+#define HID_LEASH_COMMANDS              131200
+#define HID_LEASH_PROGRAM               98319
+#define HID_LOW_TICKET_ALARM_OPTION		98334
+#define KRB_BAD_NAME		            39525457
+#define KRB_BAD_TIME		            39525413
+#DEFINE KRB_ERROR_78		            39525454
+#define KRB_INCORR_PASSWD	            39525438
+#define KRB_NO_TKT_FILE 	            39525446
+#define KRB_UNKNOWN_REALM	            39525433
+#define KRB_UNKNOWN_USER	            39525384
+#define LSH_INVINSTANCE 	            40591875
+
+[INFOTYPES]
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/Makefile.in b/krb5-1.21.3/src/windows/leash/htmlhelp/Makefile.in
new file mode 100644
index 00000000..a0f3dfd1
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/Makefile.in
@@ -0,0 +1,20 @@
+BUILDTOP=..\..\..
+
+TARGETTYPE=NONE
+
+HHCOUT=MITKerberosHelp.chm
+TARGET=..\$(OUTPRE)"MIT Kerberos.chm"
+HHP=MITKerberosHelp.hhp
+ERR=leash.log
+
+all: $(HHCOUT)
+
+clean:
+	@if exist $(HHCOUT) del $(HHCOUT)
+	@if exist $(TARGET) del $(TARGET)
+	@if exist $(ERR) del $(ERR)
+
+$(HHCOUT): $(HHP)
+   - hhc $(HHP)
+   @if exist $(TARGET) del $(TARGET)
+   @copy $(HHCOUT) $(TARGET)
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/TOC.hhc b/krb5-1.21.3/src/windows/leash/htmlhelp/TOC.hhc
new file mode 100644
index 00000000..2c13588e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/TOC.hhc
@@ -0,0 +1,188 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<!-- Sitemap 1.0 -->
+</HEAD><BODY>
+<OBJECT type="text/site properties">
+	<param name="Window Styles" value="0x800425">
+</OBJECT>
+<UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Getting Started">
+		<param name="Local" value="Html\Getting_Started.htm">
+		<param name="URL" value="Html\Getting_Started.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Getting Started">
+			<param name="Local" value="Html\Getting_Started.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="What is Kerberos?">
+			<param name="Local" value="Html\Kerberos.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Kerberos Terminology">
+			<param name="Local" value="HTML\Kerberos_Terminology.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="How Does Kerberos Work?">
+			<param name="Local" value="HTML\How_Kerberos_Works.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="FAQ">
+			<param name="Local" value="HTML\FAQ.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Glossary">
+			<param name="Local" value="HTML\Glossary.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Tickets">
+		<param name="Local" value="Html\Tickets.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="About Tickets">
+			<param name="Local" value="Html\Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Get Tickets">
+			<param name="Local" value="Html\Get_Tickets.htm">
+			<param name="URL" value="Html\Get_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Renew Tickets">
+			<param name="Local" value="Html\Renew_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="View Tickets">
+			<param name="Local" value="Html\View_Tickets.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Ticket Settings &amp; Flags">
+			<param name="Local" value="Html\Ticket_Settings.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Destroy Tickets">
+			<param name="Local" value="Html\Destroy_Tickets.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Principals">
+		<param name="Local" value="HTML\Principals.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="About Principals">
+			<param name="Local" value="HTML\Principals.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Manage Multiple Principals">
+			<param name="Local" value="HTML\Manage_Multiple_Principals.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Make Default Principal">
+			<param name="Local" value="HTML\Make_Default.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Clear Principal History">
+			<param name="Local" value="HTML\Forget_Principals.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Passwords">
+		<param name="Local" value="Html\Passwords.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="About Passwords">
+			<param name="Local" value="Html\Passwords.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Change Passsword">
+			<param name="Local" value="Html\Change_Password.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Forgotten Password">
+			<param name="Local" value="Html\Forget_Password.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Password Tips ">
+			<param name="Local" value="Html\Password_Tips.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Using Kerberos Menus">
+		<param name="Local" value="Html\Using_Leash_Menus.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Home Tab">
+			<param name="Local" value="HTML\Home_Tab.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Options Tab">
+			<param name="Local" value="HTML\Options_Tab.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Keyboard Shortcuts">
+			<param name="Local" value="HTML\Keyboard_Shortcuts.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Troubleshooting">
+		<param name="Local" value="HTML\Troubleshooting.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Troubleshooting">
+			<param name="Local" value="HTML\Troubleshooting.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Report Bugs">
+			<param name="Local" value="HTML\Report_Bugs.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="Encryption Types">
+			<param name="Local" value="HTML\Encryption_Types.htm">
+			</OBJECT>
+	</UL>
+	<LI> <OBJECT type="text/sitemap">
+		<param name="Name" value="Command Prompt">
+		<param name="Local" value="HTML\Command_Line.htm">
+		</OBJECT>
+	<UL>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KINIT">
+			<param name="Local" value="HTML\KINIT.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KLIST">
+			<param name="Local" value="HTML\KLIST.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KDESTROY">
+			<param name="Local" value="HTML\KDESTROY.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KPASSWD">
+			<param name="Local" value="HTML\KPASSWD.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KSWITCH">
+			<param name="Local" value="HTML\KSWITCH.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KVNO">
+			<param name="Local" value="HTML\KVNO.htm">
+			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="KCPYTKT">
+			<param name="Local" value="HTML\KCPYTKT.htm">
+			</OBJECT>
+	</UL>
+</UL>
+</BODY></HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Change_Password.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Change_Password.htm
new file mode 100644
index 00000000..4f24c535
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Change_Password.htm
@@ -0,0 +1,51 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Change Password</Title>
+</HEAD>
+<BODY>
+<H1>Change Password </H1>
+
+<p>
+
+To change your password:</p>
+<ol>
+<li> Create or choose a strong new password. It's best to start with a phrase instead of a word. <br>
+ <a href="HTML/Password_Tips.htm">About: Password Tips and Examples</a></li>
+
+<li>If you have multiple <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principals</a>, you can select the principal you want to manage by clicking it in the main window. Or you can wait and  enter your principal in the Change Password window. </li>
+
+<li>Click the Change Password button in the ribbon menu at the of the main window.</li>
+
+<li> Verify your principal (your Kerberos identity) or enter a different one.  </li>
+
+<li>Enter your current password.</li>
+
+<li> Enter your new password twice. You must enter it the second time to make sure you have typed it correctly, since you cannot visually confirm what you have typed.</li>
+
+<li>Click Okay.</li>
+
+</ol>
+
+
+<H2>Related Help</H2>
+<ul id="helpul">
+<li><a href="HTML/Passwords.htm">About passwords</a></li>
+<li><a href="HTML/Password_Tips.htm">Password tips and examples</a></li>
+<li><a href="HTML/Forget_Password.htm">If you forget your password</a></li>
+
+
+</ul>
+
+<SCRIPT Language=JavaScript>
+popfont="Arial,.625,"
+popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' "
+</SCRIPT>
+
+<OBJECT id=popup type="application/x-oleobject"
+classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</OBJECT>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Command_Line.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Command_Line.htm
new file mode 100644
index 00000000..f69bea78
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Command_Line.htm
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Command_Line</Title>
+</HEAD>
+<BODY>
+<H1>Kerberos with Command Prompt </H1>
+<p>
+MIT Kerberos can be run from the Command Prompt in Windows. The following commands are available. Click a command name to see the relevant UNIX man page.</p>
+
+<table class="noborder" >
+<tr><td> <a href="HTML/KINIT.htm">KINIT</a></td><td> Log in to MIT Kerberos and obtain tickets. </td></tr>
+<tr><td>  <a href="HTML/KLIST.htm">KLIST</a></td><td>  List all of your valid tickets. </td></tr>
+<tr><td>  <a href="HTML/KDESTROY.htm">KDESTROY</a>&nbsp;</td><td>  Destroy all of your tickets. </td></tr>
+<tr><td>   <a href="HTML/KPASSWD.htm"> KPASSWD</a></td><td>  Change password. </td></tr>
+<tr><td> <a href="HTML/KSWITCH.htm">KSWITCH</a></td><td> Specify primary (default) cache.    </td></tr>
+<tr><td> <a href="HTML/KVNO.htm">KVNO</a></td><td> Acquire a service ticket for the specified principal(s) and show the key version numbers.    </td></tr>
+<tr><td> <a href="HTML/KCPYTKT.htm">KCPYTKT</a></td><td> Copy the specified service tickets to the destination credentials cache.    </td></tr>
+
+
+</table>
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Debugging.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Debugging.htm
new file mode 100644
index 00000000..2c167870
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Debugging.htm
@@ -0,0 +1,17 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Debugging</Title>
+</HEAD>
+<BODY>
+<H1>Debugging</h1>
+<p>
+MIT Kerberos is an interface to the Kerberos protocol. It issues commands to the Kerberos server on your behalf in response to buttons you click and options you select.</p>
+<p>
+If you are having a problem with MIT Kerberos not working as you expect, or you if you are writing an application that depends on Kerberos tickets, you might want to see exactly what commands are being issued on your behalf
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Destroy_Tickets.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Destroy_Tickets.htm
new file mode 100644
index 00000000..b269abbe
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Destroy_Tickets.htm
@@ -0,0 +1,63 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css"><title>&lt;a&gt;Destroy Tickets&lt;/a&gt;</title>
+
+</head>
+<body>
+<h1>Destroy Tickets</h1>
+<p>
+Destroy your tickets when you no longer need them to increase
+security. Once the tickets are destroyed they can no longer be used by
+anyone. </p>
+<table>
+<tbody>
+<tr>
+<th id="th2">How to...</th>
+<td>
+<ul id="helpul">
+<li><a href="#destroy-once"> Destroy tickets immediately</li>
+<li><a href="#destroy-automatically">
+Destroy tickets automatically on exit</a></li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+<h2><a name="destroy-once">Destroy tickets immediately</a></h2>
+<p>To immediately destroy all of your MIT Kerberos tickets:</p>
+<ol>
+<li>Click the Destroy Ticket button in the Home tab or use the <a href="JavaScript:popup.TextPopup(popupKeyboardShortcut, popfont,9,9,-1,-1)">keyboard
+shortcut</a> [Ctrl + d].</li>
+<li>Click Okay to confirm that you want to destroy the tickets.
+</li>
+</ol>
+<p>
+
+<a href="#top">Back to Top</a> </p>
+
+
+
+<h2><a name="destroy-automatically">Destroy tickets
+automatically on exit</a></h2>
+<p>
+To automatically destroy your tickets when you exit MIT Kerberos:</p>
+<ol>
+<li>Open the Options tab. </li>
+<li>Find the Ticket Options panel. </li>
+<li>If the Destroy Tickets on Exit checkbox is not already selected, click to select it. </li>
+</ol>
+<p>
+Your tickets are not affected immediately, but they will be
+automatically destroyed as soon as you exit MIT Kerberos. </p>
+
+<p><a href="#top">Back to Top</a> </p>
+<h2>Related help</h2>
+<ul id="helpul">
+<li><a href="HTML/View_Tickets.htm">View tickets </a></li>
+<li><a href="HTML/Tickets.htm">About tickets</a></li>
+<li><a href="HTML/Get_Tickets.htm">Get tickets</a></li>
+</ul>
+<script language="JavaScript"> popfont="Arial,.725,"
+popupKeyboardShortcut="To use a keyboard shortcut, hold down the [Ctrl] key on your computer keyboard and press the appropriate letter. " </script> <object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"> </object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Encryption_Types.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Encryption_Types.htm
new file mode 100644
index 00000000..1aebdd0b
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Encryption_Types.htm
@@ -0,0 +1,139 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Encryption_Types</title></head>
+
+<body>
+<h1>Encryption Types</h1>
+<p>
+Kerberos supports several types of encryption for securing session keys
+and the tickets. The type used for a particular ticket or session key
+is automatically negotiated when you request a ticket or a service. </p>
+<ul>
+<li>When encrypting tickets, the Key Distribution Center (KDC) for your
+Kerberos installation checks for an encryption type that is shared by
+both the KDC and the service you are attempting to use.</li>
+<li> When encrypting session keys, the KDC checks for an encryption
+type shared by the KDC, the service, and the client requesting the
+session (you). </li>
+</ul>
+
+<table>
+<tbody><tr>
+<th id="th2">How to...</th> <th id="th2">Learn about...</th></tr>
+<tr>
+<td>
+<ul id="helpul">
+<li><a href="#view"> View encryption types</a></li>
+</ul>
+</td>
+<td>
+<ul id="helpul">
+<li><a href="#weak"> Weak encryption types</a></li>
+<li><a href="#supported"> Supported encryption types</a></li>
+<li><a href="#related-help"> Related help</a></li>
+</ul>
+</td>
+</tr>
+</tbody></table>
+
+<p></p>
+<h2><a name="weak"> Weak Encryption Types </a></h2>
+<p>
+In the table of Encryption Types below, some encryption types are noted as <b>weak</b>.
+Most of them are encryption types that used to be strong but now, with
+more computing power available, are considered weak and therefore
+undesirable. However, they are still sometimes used for backwards
+compatibility. If Kerberos is installed in a network that contains some
+older machines running operating systems that do not support the newer
+encryption types, administrators can choose to allow the weaker
+encryption when connecting to the older machines.</p>
+<p>
+<a href="#top">Back to Top</a> </p>
+<h2><a name="view">View Encryption Types</a></h2>
+<ol>
+<li>Click the Options tab and find the View Options panel. </li>
+<li>Click the Encryption Type checkbox to select it. This opens the
+Encryption Type column in the main window, showing the encryption type
+associated with each of your tickets and session keys. <br>
+<a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use Ticket Options  Panel</a></li>
+<li>Click and drag the line to the right of the Encryption Type column
+header to widen the column enough to see both the ticket and session
+key.</li>
+<li> Click the blue triangle to the left of a principal name to see all
+tickets and session keys issued to that principal. Each ticket and key
+will have an entry in the Encryption type column. <br>
+<a href="HTML/View_Tickets.htm">How to: View Tickets </a>
+</li></ol>
+
+
+<p>
+<a href="#top">Back to Top</a> </p>
+
+<a name="supported"><p></p></a>
+<h2>Supported Encryption Types </h2>
+<table>
+<tbody><tr>
+<th>Encryption Type </th>
+<th>Description</th>
+</tr>
+<tr>
+<th id="th2"> des3- </th>
+   <td> The triple DES family improves on
+the original DES (Data Encryption Standard) by using 3 separate 56-bit
+keys. Some modes of 3DES are considered weak while others are strong
+(if slow). <ul id="helpul">
+<li> des3-cbc-sha1</li>
+<li> des3-cbc-raw  (<b>weak</b>) </li>
+<li>des3-hmac-sha1 </li>
+<li>des3-cbc-sha1-kd </li>
+</ul>
+</td>
+ </tr>
+<tr>
+<th id="th2"> aes </th>
+     <td>The AES Advanced Encryption Standard
+family, like 3DES, is a symmetric block cipher and was designed
+to replace them. It can use multiple key sizes. Kerberos specifies use
+for 256-bit and 128-bit keys.
+<ul id="helpul">
+<li> aes256-cts-hmac-sha1-96 </li>
+<li> aes128-cts-hmac-sha1-96 </li>
+</ul>
+</td>
+</tr>
+<tr>
+<th id="th2"> rc4 or <br> arcfour</th>
+<td>The RC4 (Rivest Cipher 4) is a symmetric stream cipher that can use
+multiple key sizes. The exportable variations are considered weak, but
+other variations are strong.
+<ul id="helpul">
+<li> arcfour-hmac </li>
+<li> rc4-hmac </li>
+<li> arcfour-hmac-md5</li>
+<li> arcfour-hmac-exp (<b>weak</b>) </li>
+<li> rc4-hmac-exp (<b>weak</b>) </li>
+<li> arcfour-hmac-md5-exp(<b>weak</b>) </li>
+</ul>
+</td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+<h2><a name="related-help">Related Help</a></h2>
+<ul id="helpul">
+<li><a href="HTML/View_Tickets.htm">View tickets</a></li>
+<li><a href="HTML/Kerberos_Terminology.htm#ticket">Kerberos Terminology: Tickets</a></li>
+</ul>
+
+
+<script language="JavaScript">
+popfont="Arial,.825,"
+popupRealm=" Kerberos realms  are a way of logically grouping resources and identities that use Kerberos. Your realm is the home of your Kerberos identity and your point of entry to the network resources controlled by Kerberos."
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/FAQ.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/FAQ.htm
new file mode 100644
index 00000000..e8150bec
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/FAQ.htm
@@ -0,0 +1,104 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>FAQ</title></head>
+
+<body>
+<h1><a name="top">Frequently Asked Questions (FAQ)</a></h1>
+<ul id="helpul">
+
+<li> <a href="#get-tickets">How do I get tickets? </a> </li>
+<li> <a href="#expiration-warning"> Will I be warned when my tickets are about to expire? </a> </li>
+<li>  <a href="#automatic-destroy"> Are my tickets destroyed automatically when I exit MIT Kerberos? </a> </li>
+<li> <a href="#renewable">Why should I use renewable tickets?</a> </li>
+<li> <a href="#renewable-closed"> If I set my tickets to renew automatically, will the renewals keep happening if I close MIT Kerberos?</a> </li>
+<li> <a href="#forwardable">How do I forward my forwardable tickets?</a></li>
+<li> <a href="#RSA-SecurID">How do I use my RSA SecurID token with Kerberos?</a></li>
+
+<li><a href="#Command-line">Can I use Kerberos with the command line prompt? </a> </li>
+<li><a href="#properties">Where can I set Kerberos properties?  </a></li>
+
+</ul>
+
+<h3> <a name="get-tickets">How do I get tickets?</a> </h3>
+
+<p>Click the Get Ticket  button in the Home tab. In the Get Ticket window, enter your principal (your Kerberos identity) and password and click Okay.  <a href="HTML/Get_Tickets.htm">How to: Get Tickets</a>
+</p>
+
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3> <a name="expiration-warning">Will I be warned when my tickets are about to expire?</a> </h3>
+<p>Yes. A pop up window warns you 15, 10, and 5 minutes before your
+ticket expires. If you would also like an audible alarm at these
+intervals, go to the Options tab and select Expiration Alarm in the
+Ticket Options panel.
+<br> <a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use Ticket Options Panel</a> </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3><a name="automatic-destroy">Are my tickets destroyed automatically when I exit MIT Kerberos?</a></h3>
+<p>
+Only if Destroy Tickets on Exit is selected in Ticket Options panel in the Options tab. <br>
+<a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use Ticket Options Panel</a> </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3><a name="renewable">Why should I use renewable tickets?</a> </h3>
+<p>
+Renewable tickets add convenience, especially if you turn on the option
+to automatically renew them. They allow you to run a batch job without
+interruption and to work through a long session without continually
+reentering your password. <br>
+<a href="HTML/Tickets.htm#renewable">About: Renewable Tickets</a> </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3><a name="renewable-closed"> If I set my tickets to renew automatically, will the renewals keep happening if I exit MIT Kerberos?</a> </h3>
+<p>
+No. MIT Kerberos can only renew your tickets if the program is running
+and active. It cannot renew your tickets if you exit the program or if
+your computer is turned off or in hibernation mode.</p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3> <a name="forwardable">How to I forward my forwardable tickets?</a></h3>
+<p>That depends. Often they are forwarded automatically as needed. Ask
+your help desk or administrator for information specific to your
+installation.</p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3><a name="RSA-SecurID">How do I use my RSA SecurID token with Kerberos?</a></h3>
+<p>
+If your company uses RSA SecurID to control access to Kerberos, you
+will be prompted to enter your SecurID password after you request a
+ticket. <br>
+<a href="HTML/Get_Tickets.htm">How to: Get Tickets</a> </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+
+<h3><a name="Command-line">Can I use Kerberos with the command line prompt? </a> </h3>
+<p>
+Yes. Click <a href="HTML/Command_Line.htm">here</a> for a list of available commands. </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+
+<h3><a name="properties">Where can I set Kerberos properties?  </a> </h3>
+<p>
+You cannot use the MIT Kerberos program to set preferences such as
+default ticket lifetimes. Instead, edit the appropriate configuration
+file. For more information, visit the <a href="https://web.mit.edu/kerberos/krb5-latest/doc/krb_admins/conf_files/index.html" target="new"> MIT Kerberos documentation site. </a>
+
+ </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+
+
+
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Forget_Password.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Forget_Password.htm
new file mode 100644
index 00000000..d565cc78
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Forget_Password.htm
@@ -0,0 +1,23 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Forget Password</Title>
+</HEAD>
+<BODY>
+<H1>Forgotten Password</H1>
+<p>
+If you forget your password, contact your administrator or help desk. </p>
+<p>
+ Usually you will be given  a new, temporary password. If so, open MIT Kerberos and use the temporary password to change your password to a new one that only you know.</p>
+
+<H3>Related help</H3>
+
+<ul id="helpul">
+<li><a href="HTML/Change_Password.htm">Change password</a></li>
+<li><a href="HTML/Password_Tips.htm">Password tips and examples</a></li>
+</ul>
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Forget_Principals.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Forget_Principals.htm
new file mode 100644
index 00000000..c0f590b1
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Forget_Principals.htm
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Clear Principal History</title></head>
+
+<body>
+<h1> Clear Principal History</h1>
+<p>
+Kerberos saves your principals for you if you select "Remember this
+principal" in the Get Ticket window. Saved principals then
+auto-complete when you start to type them
+in the Get Ticket and Change Password windows.</p>
+<p>
+If you have saved a principal that you will no longer use, and you do
+not want that principal to auto-complete, clear your principal history.
+</p>
+
+ <p>
+<b>Note: </b>When you clear your principal history, MIT Kerberos clears <em>all</em> of your saved principals. It is not possible to remove some principals while keeping others.
+</p>
+
+
+
+<h3>Clear Principal History</h3>
+<ol>
+<li>Click the Get Ticket button.</li>
+<li>If the advanced options are hidden, click Show Advanced. </li>
+<li>Find the Clear History button to the right of the Principal field and click it.</li>
+<li>Click Cancel to return to the main window. </li>
+</ol>
+
+
+<h3>Related help</h3>
+<ul id="helpul">
+<li><a href="HTML/Principals.htm">About principals</a></li>
+<li><a href="HTML/Manage_Multiple_Principals.htm">Manage multiple principals</a></li>
+<li><a href="HTML/Get_Tickets.htm">Get tickets</a></li>
+</ul>
+
+
+
+<script language="JavaScript">
+popfont="Arial,.725,,plain "
+popupRealm="The Kerberos realm is the group of network resources that you gain access to when you log on with a Kerberos username and password. Often it is named after the DNS domain it corrosponds to. In Windows, realms are called 'domains.' "
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Get_Tickets.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Get_Tickets.htm
new file mode 100644
index 00000000..86370454
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Get_Tickets.htm
@@ -0,0 +1,60 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Get Tickets</Title>
+</HEAD>
+<BODY>
+
+ <H1>Get Tickets</H1>
+
+
+<p>
+Before you can access services that use Kerberos for authentication, you must obtain a Kerberos ticket. If your company uses RSA SecurID to control access to Kerberos, you will be prompted to enter your SecurID password after you request a ticket.</p>
+<p>
+To get a ticket:
+<ol>
+<li>Click the Get Ticket button in the Home tab or use the <a href="JavaScript:popup.TextPopup(popupKeyboardShortcut, popfont,9,9,-1,-1)">keyboard shortcut</a>  [Ctrl + t].</li>
+<li>Your principal is your user name combined with the Kerberos <a href="JavaScript:popup.TextPopup(popupRealm, popfont,9,9,-1,-1)">realm</a> you are part of. For example, <span class="typed">jdoe@SALES.WIDGET.COM.</span> Enter your principal.  Principals you have previously entered and saved will auto-complete. </li>
+
+
+
+<li>Enter your password. </li>
+
+<li>To save this principal so Kerberos will auto-complete it for you in the future, select the "Remember this principal" checkbox. If you have multiple principals, Kerberos can remember all of them.</li>
+
+<li>To verify or change ticket settings, click <font id="button"> Show Advanced </font> at the bottom of the window and then make any necessary changes.  </li> <ul >
+<li><b>To change the ticket lifetime</b>, click and drag the Ticket Lifetime slider.  </li>
+<li><b>To get a forwardable ticket</b>, select  the Forwardable and Proxiable checkbox.</li>
+<li><b>To get a renewable ticket</b>, select  the Renewable checkbox.</li>
+</ul>
+<a href="HTML/Ticket_Settings.htm">About: Ticket Settings and Flags</a>
+
+
+<li>Click <font id="button"> Okay</font>.
+<p></p>
+If your company uses RSA SecurID, a popup window will open requiring you to enter your SecurID password. Enter that password (your PIN plus the code currently displayed on your RSA SecurID token) and click Okay.</li>
+</ol>
+<p>
+Your new ticket is listed in the main window.
+
+</p>
+
+<H2>Related Help</H2>
+<ul id="helpul">
+<li><a href="HTML/Tickets.htm">About tickets</a></li>
+<li><a href="HTML/Ticket_Settings.htm">Ticket settings and flags</a></li>
+<li><a href="HTML/Forget_Principals.htm">Clear principal history</a></li>
+</ul>
+<SCRIPT Language=JavaScript>
+popfont="Arial,.725,"
+popupRealm="The Kerberos realm is the group of network resources that you gain access to when you log on with a Kerberos username and password. Often it is named after the DNS domain it corrosponds to. In Windows, realms are called 'domains.' "
+popupKeyboardShortcut="To use a keyboard shortcut, hold down the [Ctrl] key on your computer keyboard and press the appropriate letter.  "
+</SCRIPT>
+
+<OBJECT id=popup type="application/x-oleobject"
+classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</OBJECT>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Getting_Started.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Getting_Started.htm
new file mode 100644
index 00000000..e520d44e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Getting_Started.htm
@@ -0,0 +1,117 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Getting Started</title></head>
+
+<body>
+<h1><a name="top">Getting Started</a></h1>
+<h2>Get tickets and get to work! </h2>
+
+<p> MIT Kerberos provides an easy way to manage your Kerberos tickets.
+Jump to one of the following starting places, scroll down to browse, or
+use the table of contents to the left of this page to pick a topic.
+</p><ul>
+<li> Unfamiliar with Kerberos tickets?  <a href="#unfamiliar">Click here</a></li>
+<li> Familiar with Kerberos tickets but new to MIT Kerberos? <a href="#familiar">Click here. </a></li>
+<li> Just want a quick introduction to getting tickets?<a href="#get-tickets"> Click here</a></li>
+<li> Want help using this help system? <a href="#help-system"> Click here</a></li>
+</ul>
+
+<h3><a name="unfamiliar">Unfamiliar with Kerberos?</a></h3>
+<p>Kerberos is a network authentication protocol that uses the concept
+of short term "tickets" to allow users to securely access services over
+a physically insecure network. Kerberos, or MIT Kerberos, is also the
+name of this application. MIT Kerberos provides an easy interface for
+managing Kerberos tickets.</p>
+
+<p>Click an introductory topic below to jump to the topic page. Click
+the back button or "Getting Started" in the table of contents to the
+left to return to this page.</p>
+<table>
+<tbody><tr><th id="th2">Topic</th><th id="th2">Description</th></tr>
+<tr>
+<td><a href="HTML/Kerberos.htm">What is Kerberos?</a></td>
+<td> Introduction to Kerberos and what it offers.</td></tr>
+<tr>
+<td><a href="HTML/Kerberos_Terminology.htm">Kerberos Terminology</a></td>
+<td>Explanation of principals, realms, and tickets. Provides an overview of how Kerberos works.  </td></tr>
+<tr>
+<td><a href="HTML/Tickets.htm">About Tickets</a></td>
+<td> Learn about tickets, ticket expiration, renewable tickets, and forwardable tickets.</td></tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+<p>
+</p><h3><a name="familiar">Familiar with Kerberos tickets but new to MIT Kerberos?</a></h3>
+<p>
+MIT Kerberos is an easy to use interface for managing your Kerberos
+tickets. The main window shows all of your tickets. The ribbon menu at
+the top of the window contains command buttons in the Home tab. Click
+the Options tab to reach checkboxes that control what ticket
+information is displayed and checkboxes that control MIT Kerberos's
+automatic behavior.</p>
+<p>
+Browse the table below to see where to find the commands and options you need.
+</p>
+<table>
+<tbody><tr><th colspan="2">How to...</th>
+</tr><tr><th id="th2"> Get new MIT Kerberos tickets</th> <td>Click the Get Ticket button. <br>
+ <a href="HTML/Get_Tickets.htm">How to: Get Tickets</a> </td></tr>
+<tr><th id="th2"> Change ticket flags and settings (e.g., flag a ticket as renewable)</th> <td>In the Get Ticket window, click the Show Advanced button to reach ticket settings and flags. <br>
+ <a href="HTML/Ticket_Settings.htm">About: Ticket Settings and Flags</a> </td></tr>
+
+<tr><th id="th2">  Change your password</th> <td>Click the Change Password button. <br>
+ <a href="HTML/Change_Password.htm">How to: Change Password</a> </td></tr>
+<tr><th id="th2">Change what ticket information is displayed </th> <td>In the Options tab, select or deselect checkboxes in the View Options panel. <br>
+ <a href="HTML/Options_Tab.htm#using-view-options">How to: Use View Options Panel</a> </td></tr>
+<tr><th id="th2">Set Kerberos's automatic functions (auto renew, auto destroy, audible ticket expiration alarm)</th> <td>In the Options tab, select or deselect checkboxes in the Ticket Options panel.  <br>
+<a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use Ticket Options Panel</a> </td></tr>
+<tr><th id="th2">Renew your tickets</th> <td>Click the Renew Tickets button to renew your tickets one time.  To have MIT Kerberos automatically renew all of your tickets, go to the Options tab and select  Automatic Ticket Renewal in the Ticket Options panel. <br>
+<a href="HTML/Renew_Tickets.htm">How to: Renew Tickets</a> </td></tr>
+<tr><th id="th2"> Destroy your MIT Kerberos tickets </th> <td>Click the Destroy Tickets button. <br>
+ <a href="HTML/Destroy_Tickets.htm">How to: Destroy Tickets</a> </td></tr>
+<tr><th id="th2">Manage multiple principals </th> <td>
+When you get tickets for a principal, MIT Kerberos offers to remember the
+principal for you. The next time you start to enter a saved principal, Kerberos will auto-complete it for you. <p></p>
+In the main window, click a principal to select it. The Renew Ticket,
+Change Password, and Make Default buttons then apply to the selected
+principal.<br>
+<br> <a href="HTML/Manage_Multiple_Principals.htm">How to: Manage Multiple Principals</a>
+ </td></tr>
+<tr><th id="th2">Change Kerberos properties</th> <td> You can allow
+realm names that use lower case letters by selecting Allow Mixed Case
+Realm in the Ticket Options panel in the Options tab. <br>
+<a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use Ticket Options Panel</a>
+<p></p>
+However, most properties are set by modifying the appropriate configuration file.</td></tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+
+
+<h2><a name="get-tickets"> Introduction to Getting Tickets</a></h2>
+<p>
+Click the Get Ticket button and enter your principal (your Kerberos
+identity) and password to obtain a ticket. The ticket allows you to
+securely access all of the computers and services set up to
+authenticate you through Kerberos, until the ticket expires, without
+requiring you to enter your password again. <br>
+<a href="HTML/Get_Tickets.htm">How to: Get Tickets</a>
+ </p>
+
+
+<h2><a name="help-system">Using This Help System</a></h2>
+<p>
+Use the table of contents to the left to explore the available help.
+Or, if you are looking for information about a particular subject,
+click the Index or Search tab. </p>
+<p>
+The help pages contain many links to other pages in the help system. If
+you click a link, you can return to the page you started on with the
+Back button or by finding your spot in the table of contents. </p>
+<p>
+<a href="#top">Back to Top</a> </p>
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Glossary.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Glossary.htm
new file mode 100644
index 00000000..34ab8373
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Glossary.htm
@@ -0,0 +1,72 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Glossary</Title>
+</HEAD>
+<BODY>
+<H1>Glossary</H1>
+<dl>
+<dt> default principal  </dt>
+<dd> Your default principal is the one whose tickets are used when an application or service asks for tickets without specifying which principal is being authenticated. If you have only one principal, that principal is always the default.  <br><a href="HTML/Principals.htm#default-principal">About: Default Principals</a></dd>
+<dt> domain  </dt>
+<dd>  In Windows, realms are called domains. <br><a href="HTML/Kerberos_Terminology.htm#realm">About: Kerberos Terminology (Realms)</a></dd>
+<dt> encryption key  </dt>
+<dd>  A value that a specific code or algorithm uses to make information unreadable to anyone without a matching key. </dd>
+<dt> encryption type  </dt>
+<dd> The type of encryption used to encode your tickets and session keys.  You can show the encryption types used for your tickets and session keys by selecting that option in the  View Options panel in the Options tab. <br><a href="HTML/Options_Tab.htm#using-view-options"> How to: Use View Options Panel</a>
+  </dd>
+<dt>expiration alarm   </dt>
+<dd> Optional audible alarm that warns you 15, 10, and 5 minutes before your tickets expire. Turn the alarm on or off in the Ticket Options panel in the Options tab.  <br><a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use the Ticket Options Panel</a>
+  </dd>
+<dt>  <a name="flags"> flags</a> </dt>
+<dd>  Properties (renewable and/or forwardable) assigned to a ticket when you obtain it.  Show or hide flags with the  View Options panel in the Options tab. <br>
+<a href="HTML/Options_Tab.htm#using-view-options"> How to: Use View Options Panel</a>
+<br><a href="HTML/Ticket_Settings.htm">About: Ticket Settings and Flags </a>
+ </dd>
+<dt>   forwardable  </dt>
+<dd>  Tickets flagged as forwardable when you obtain them can be forwarded to the remote host when you connect via telnet, ssh, ftp, rlogin, or similar applications, so you will not need to get new tickets to use remote services. <br><a href="HTML/Ticket_Settings.htm">About: Ticket Settings and Flags </a>
+ </dd>
+
+
+ <dt>   issued</dt>
+<dd>The date and time that your tickets were issued. Show or hide this information with the  View Options panel in the Options tab. <br><a href="HTML/Options_Tab.htm#using-view-options"> How to: Use View Options Panel</a>
+   </dd>
+
+<dt> <a name="krbtgt"> krbtgt </a></dt>
+<dd> The Kerberos Ticket Granting Ticket. If you click on a principal in the main window, you will see all of that principal's tickets. The first one will be for <span class="typed">krbtgt</span> because with Kerberos you first obtain a Ticket Granting Ticket that is then used to obtain Service Tickets for each service you use.  <br><a href="HTML/Kerberos_Terminology.htm#ticket">About: Kerberos Terminology (Tickets)</a> </dd>
+<dt>  principal </dt>
+<dd>  A unique identity in Kerberos. For users, it is the identity you use to log on with Kerberos. Principals are a combination of your user name and the name of the realm you belong to. <br><a href="HTML/Principals.htm">About: Principals</a>
+ </dd>
+
+
+<dt> realm  </dt>
+<dd>   Kerberos realms are a way of logically grouping resources and identities that use Kerberos. Your realm is the home of your Kerberos identity and your point of entry to the network resources controlled by Kerberos. In Windows, realms are called <em>domains</em>.
+<br><a href="HTML/Kerberos_Terminology.htm#realm">About: Kerberos Terminology (Realms)</a>
+</dd>
+<dt> <a name="renewable-until">renewable until  </a></dt>
+<dd> The date and time after which your renewable tickets cannot be renewed any more. Show or hide this information with the  View Options panel in the Options tab. <br><a href="HTML/Options_Tab.htm#using-view-options"> How to: Use View Options Panel</a>
+  </dd>
+<dt> RSA SecurID  </dt>
+<dd>A method of using two-factor authentication to control user access to network resources.  The two authentication factors are something the user knows (a secret PIN) and something the user has (an automatically generated code displayed either on a special device or on a device the user already owns, such as a phone). If your company uses RSA SecurID, you will need to enter your SecurID password after you use your Kerberos password to submit a Get Ticket request.   <br><a href="HTML/Get_Tickets.htm">How to: Get tickets</a>
+   </dd>
+<dt>  SecurID </dt>
+<dd>  See RSA SecurID </dd>
+<dt>session key   </dt>
+<dd>
+A key used to encrypt and decrypt communications between computers. View the encryption type of your session keys by selecting Encryption Type  in the  View Options panel in the Options tab. <br>
+<a href="HTML/Options_Tab.htm#using-view-options"> How to: Use View Options Panel</a><br>
+<a href="HTML/Encryption_Types.htm">About: Encryption Types</a>
+  </dd>
+
+<dt>  ticket </dt>
+<dd> Obtain your ticket by entering your user name and password. The ticket is an encrypted block of data that authenticates you to the group of network resources using Kerberos, allowing you to access those resources for the lifetime of the ticket. <br><a href="HTML/Tickets.htm">About:Tickets</a>
+
+  </dd>
+<dt> <a name="valid-until">valid until  </a></dt>
+<dd>  The date and time your ticket will expire. Show or hide this information with the  View Options panel in the Options tab. <br><a href="HTML/Options_Tab.htm#using-view-options"> How to: Use View Options Panel</a>
+ </dd>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Home_Tab.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Home_Tab.htm
new file mode 100644
index 00000000..dcd3b753
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Home_Tab.htm
@@ -0,0 +1,83 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Home Tab</title></head>
+<body>
+<h1>Using the Home Tab</h1>
+<img src="Images/Home_Tab.PNG" alt="Home Tab "   width="341" height="116" />
+<p>
+Use the buttons in the Home tab to work with tickets and passwords.  Several button functions can also be reached with keyboard shortcuts. <br>
+<a href="HTML/Keyboard_Shortcuts.htm">How to: Use Keyboard Shortcuts</a>
+</p>
+
+
+<table>
+<tbody>
+<tr><th>Button</th><th>Function</th></tr>
+ <tr><th id="th2"> <img src="Images/Get_Ticket.PNG" alt="Get Tickets"   width="47" height="77" /> </th>
+
+<td>Click this button to get new MIT Kerberos tickets.
+<p></p>
+Clicking the button opens the Get Ticket window. Enter your Kerberos <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a> and password.  To verify or change ticket settings and flags, click  the  Show Advanced button. When you are finished, click Okay. <br>
+<a href="HTML/Get_Tickets.htm">How to: Get Tickets </a></td></tr>
+
+ <tr><th id="th2"> <img src="Images/Renew_Ticket.PNG" alt="Renew Tickets"   width="47" height="77" /> </th>
+<td>Click this button to renew your tickets.
+<p></p>
+All of your renewable tickets that have not yet expired will have their renewable lifetimes extended.  Each ticket will be reset to the length of the original ticket's lifespan. <br>
+<a href="HTML/Renew_Tickets.htm">How to: Renew Tickets</a>
+<p></p>
+<b>Note: </b> If you have multiple <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principals</a>, first select the principal(s) with tickets you want to renew.
+
+ </td>
+</tr>
+
+ <tr><th id="th2"> <img src="Images/Destroy_Ticket.PNG" alt="Destroy Tickets"   width="47" height="77" /> </th>
+<td>Click this button to immediately destroy all of your MIT Kerberos tickets. <br>
+<a href="HTML/Destroy_Tickets.htm">How to: Destroy Tickets</a>
+</td></tr>
+
+ <tr><th id="th2"> <img src="Images/Make_Default.PNG" alt="Make Default "   width="47" height="77" /> </th>
+ <td>Make the selected <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a> the default principal.
+<p></p>
+<b>Note: </b>You won't need to use this button if  you have only one principal.
+<p></p>
+Select a principal by clicking it. Then click Make Default to make the selected principal the default one. The default principal is the one whose tickets are used when an
+application or service asks for tickets without specifying which
+principal is being authenticated.<br>
+<a href="HTML/Make_Default.htm"> How to: Make Default Principal </a>
+
+</td></tr>
+ <tr><th id="th2"> <img src="Images/Change_Password.PNG" alt="Change Password "   width="47" height="77" /> </th>
+ <td> Change your MIT Kerberos password. <br>
+<a href="HTML/Change_Password.htm">How to: Change Password </a>
+<p></p>
+<b>Note: </b>If you have multiple <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principals</a>, you can enter the appropriate one in the Change Password window, or you can click a principal to select it before using the
+Change Password button.</td>
+</tr>
+</tbody></table>
+
+<h3> Related help</h3>
+<ul id="helpul">
+<li><a href="HTML/Get_Tickets.htm">Get Tickets</a></li>
+<li><a href="HTML/Renew_Tickets.htm">Renew Tickets</a></li>
+<li><a href="HTML/Destroy_Tickets.htm">Destroy Tickets</a></li>
+<li><a href="HTML/Tickets.htm#renewable">About Renewable Tickets </a></li>
+<li><a href="HTML/Change_Password.htm">Change Password</a></li>
+</ul>
+
+<script language="JavaScript">
+popfont="Arial,.725;"
+popupRealm="Kerberos realms are a way of logically grouping resources and identities that use Kerberos. Your realm is the home of your Kerberos identity and your point of entry to the network resources controlled by Kerberos. Windows calls realms 'domains.' "
+</script>
+<script language="JavaScript">
+popfont="Arial,.725,"
+popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' "
+popupKeyboardShortcut="To use a keyboard shortcut, hold down the [Ctrl] key on your computer keyboard and press the appropriate letter.  "
+</script>
+
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/How_Kerberos_Works.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/How_Kerberos_Works.htm
new file mode 100644
index 00000000..4a13fd49
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/How_Kerberos_Works.htm
@@ -0,0 +1,24 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>How Kerberos Works</Title>
+</HEAD>
+<BODY>
+<H1> How Does Kerberos Work?</H1>
+<p>
+The Kerberos protocol uses secret-key cryptography to allow the user and the service the user is accessing to prove their identities to each other and then to encrypt the rest of their communications. This mutual authentication and subsequent encryption maintain privacy and data integrity for both user and service. </p>
+<p>
+A basic understanding of Kerberos can be gained by reading the <a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a> page. You do not need to know the inner workings of the encryption and authentication to use Kerberos. However, if you are curious to know more, the MIT Kerberos Consortium has an excellent website with links to several varieties of documentation, including a tutorial of the Kerberos protocol. <a href="https://www.kerberos.org/docs/index.html" target="new">MIT Kerberos Consortium documentation page</a>
+
+<H2>Related Help</H2>
+<ul id="helpul">
+<li><a href="HTML/Kerberos.htm">What is Kerberos?</a></li>
+<li><a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a></li>
+<li><a href="HTML/Encryption_Types.htm">Encryption types</a></li>
+</ul>
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KCPYTKT.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KCPYTKT.htm
new file mode 100644
index 00000000..c3acfb0f
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KCPYTKT.htm
@@ -0,0 +1,83 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>KCPYTKT</Title>
+</HEAD>
+<BODY>
+<H1>KCPYTKT Command</H1>
+
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the KCPYTKT command.</th>
+</tr>
+</table>
+<H2>SYNOPSIS</H2>
+<table>
+<tr>
+<th id="th2">kcpytkt </th>
+<td>
+<span class="command">[<strong>-h</strong>]</span>
+<span class="command">[<strong>-c</strong>  <em>source_ccache</em></span>
+<span class="command">[<strong>-e</strong> <em>etype</em>]</span>
+<span class="command">[<strong>-f</strong> <em>flags</em>]</span>
+<span class="command"> <em> dest_ccache</em></span>
+<span class="command"><em>service1 service2</em> ..</span>
+</td>
+</tr>
+</table>
+
+<H2>DESCRIPTION</H2>
+<p>
+       <span class="command">  <em>kcpykt </em></span>  copies the specified service tickets to the destination credentials cache.</p>
+
+
+<H2>OPTIONS</H2>
+
+
+<table>
+<tr>
+<th id="th2"><span class="command"><strong>-c</strong> </span></th>
+<td> Specifies the source credentials cache from which service tickets will be
+copied.  If no ccache is specified, the default ccache is used.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-e</strong> <em>etype</em></span></th>
+<td> Specifies the session key enctype of the service tickets you wish to delete.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-h</strong></span></th>
+<td> Prints a usage statement and exits.
+</td>
+</tr>
+      </table>
+
+
+<H2>ENVIRONMENT</H2>
+<p>     <B>kcpytkt</B> uses the following environment variables:</p>
+<table>
+<tr>
+<th id="th2"> KRB5CCNAME</th>
+<td>      Location of the credentials (ticket) cache. </td>
+</tr>
+</table>
+
+<H2>FILES</H2>
+<table>
+<tr>
+  <th id="th2">     <span class="command">   /tmp/krb5cc_[uid] </span></th>
+<td>       default  location  of  the credentials (ticket) cache ([uid] is the decimal UID of the user). </td></tr>
+
+</table>
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li><a href="HTML/KINIT.htm"><B>kinit</B></a> </li>
+<li><a href="HTML/KDESTROY.htm"><B>kdestroy</B></a></li>
+<li>krb5(3)</li>
+</ul>
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KDESTROY.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KDESTROY.htm
new file mode 100644
index 00000000..540eb4aa
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KDESTROY.htm
@@ -0,0 +1,108 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+
+<Title>KDESTROY</Title>
+</HEAD>
+<BODY>
+<H1>KDESTROY Command</H1>
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the KDESTROY command.</th>
+</tr>
+</table>
+
+<H2>SYNOPSIS</H2>
+<table>
+<tr>
+<th id="th2">kdestroy</th>
+<td>
+<span class="command">[<B>-A</B>]    </span>
+<span class="command"> [<B>-q</B>]  </span>
+<span class="command">   [<B>-c</B> <I>cache</I><B>_</B><I>name]</I>   </span>
+
+</td>
+</tr>
+</table>
+
+
+<H2>DESCRIPTION</H2>
+<p>
+The  <I>kdestroy</I> utility destroys the user's active Kerberos
+authorization tickets by writing zeros to the specified
+credentials cache  that  contains  them.  If  the  credentials
+cache is not specified, the default credentials cache is
+destroyed.
+</P>
+
+<H2>OPTIONS</H2>
+<table>
+<tr>
+<th id="th2"><span class="command"> -A </span>  </th>
+<td>Destroys all caches in the collection, if a cache collection  is available. </td>
+<tr>
+<th id="th2"><span class="command"> -q </span></th>
+<td>Run quietly.  Normally <B>kdestroy</B> beeps if it fails to destroy the user's tickets.   The  <B>-q</B>  flag  suppresses  this behavior.
+</td>
+<tr>
+<th id="th2"> <span class="command"> -c</B=th> <I>cache</I><B>_</B><I>name</I></span></th>
+<td>Use  <span class="command"><I>cache</I><B>_</B><I>name</I></span> as the credentials (ticket) cache name and location; if this option is not used, the  default  cache  name  and location are used.<br>
+The  default credentials cache may vary between systems.  If the KRB5CCNAME environment variable is set, its  value  is  used  to
+name the default ticket cache.
+</td>
+</tr>
+</table>
+<p>
+ Most  installations  recommend  that  you place the <I>kdestroy</I> command
+in  your <I>.logout</I> file, so that your  tickets  are  destroyed  automatically
+when you log out.
+</p>
+
+<H2>ENVIRONMENT</H2>
+<p>
+<B>Kdestroy</B> uses the following environment variables:</p>
+
+<table>
+<tr>
+<th id="th2"> KRB5CCNAME</th>
+<td>      Location of the default Kerberos 5 credentials (ticket)
+                       cache, in the form <I>type</I>:<I>residual</I>.  If no type prefix is
+                       present,  the  <B>FILE</B>  type  is assumed.  The type of the
+                       default cache may determine the availability of a cache
+                       collection;  for  instance, a default cache of type <B>DIR</B>
+                       causes caches within the directory to be present in the
+                       collection. </td>
+</tr>
+</table>
+
+
+
+<H2>FILES</H2>
+<table>
+<tr>
+  <th id="th2">     <span class="command">   /tmp/krb5cc_[uid]  </span></th>
+<td>       default  location  of  Kerberos  5 credentials cache ([uid] is the decimal UID of the user). </td></tr>
+
+</table>
+
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li><a href="HTML/KINIT.htm"><B>kinit(1)</B></a> </li>
+<li> <a href="HTML/KLIST.htm"><B>klist(1)</B></a></li>
+<li><B>krb5(3)</B></li>
+</ul>
+
+<H2>BUGS</H2><P>
+Only the tickets in the  specified  credentials  cache  are  destroyed.
+Separate  ticket  caches  are  used  to hold root instance and password
+changing tickets.  These should probably be destroyed too, or all of  a
+user's tickets kept in a single credentials cache.
+
+</P>
+
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KINIT.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KINIT.htm
new file mode 100644
index 00000000..eeee211a
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KINIT.htm
@@ -0,0 +1,193 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+
+<title>KINIT</title></head>
+
+<body>
+<h1>KINIT Command</h1>
+<table>
+<tbody><tr><th id="th2"> The following information reproduces the information from UNIX man page for the KINIT command.</th>
+</tr>
+</tbody></table>
+
+
+
+
+<h2>SYNOPSIS</h2><table>
+<tbody><tr>
+<th id="th2">kinit</th>
+<td>
+<span class="command">  [<b>-V</b>] </span>
+<span class="command">[<b>-l</b> <i>lifetime</i>]</span>
+<span class="command">  [<b>-s</b> <i>start</i><b>_</b><i>time</i>] </span>
+<span class="command"> [<b>-r</b>&nbsp;<i>renewable</i><b>_</b><i>life</i>] </span>
+<span class="command"> [<b>-p</b> | <b>-P</b>]</span>
+<span class="command">  [<b>-f</b> | <b>-F</b>]</span>
+<span class="command">  [<b>-a</b>]</span>
+<span class="command">  [<b>-A</b>] </span>
+<span class="command"> [<b>-C</b>] </span>
+<span class="command"> [<b>-E</b>] </span>
+<span class="command"> [<b>-v</b>]</span>
+<span class="command">  [<b>-R</b>] </span>
+<span class="command">[<b>-k</b> [<b>-t</b> <i>keytab</i><b>_</b><i>file</i>]] </span>
+<span class="command">  [<b>-c</b> <i>cache</i><b>_</b><i>name</i>] </span>
+<span class="command"> [<b>-n</b>]</span>
+<span class="command">  [<b>-S</b> <i>service</i><b>_</b><i>name</i>]</span>
+<span class="command"> [<b>-T</b> <i>armor</i><b>_</b><i>ccache</i>] </span>
+<span class="command"> [<b>-X</b>  <i>attribute</i>[=<i>value</i>]] </span>
+<span class="command"> [<i>principal</i>] </span>
+</td>
+</tr>
+</tbody></table>
+<h2>DESCRIPTION</h2>
+<p>
+       <i>kinit</i> obtains and caches an initial ticket-granting ticket for  <i>principal</i>.
+</p>
+
+
+<h2>OPTIONS</h2>
+<table>
+<tbody><tr>
+<th id="th2"> <span class="command">-V</span></th>
+<td>display verbose output.</td></tr>
+<tr>
+<th id="th2"><span class="command">-l</span></th>
+<td> <i>lifetime</i>
+              requests  a  ticket  with  the lifetime <i>lifetime</i>.  The value for
+              <i>lifetime</i> must be followed immediately by one  of  the  following
+              delimiters:
+<ul id="helpul">
+<li> <b>s</b>  seconds </li>
+<li><b>m</b>  minutes</li>
+ <li><b>h</b>  hours</li>
+<li><b>d</b>  days</li>
+</ul>
+              as  in "kinit -l 90m".  You cannot mix units; a value of `3h30m'
+              will result in an error.
+
+              If the <b>-l</b> option is not specified, the default  ticket  lifetime
+              (configured by each site) is used.  Specifying a ticket lifetime
+              longer than the maximum  ticket  lifetime  (configured  by  each
+              site) results in a ticket with the maximum lifetime.
+</td>
+</tr>
+<tr><th id="th2"> <span class="command">-s <i>start</i><b>_</b><i>time</i></span> </th>
+<td> requests  a  postdated  ticket,  valid  starting  at <span class="command">-<i>start</i><b>_</b><i>time</i>.</span> Postdated tickets are issued with the <i>invalid</i> flag set, and need to be fed back to the kdc before use.</td></tr>
+<tr>
+<th id="th2"> <span class="command"><b>-r</b> <i>renewable</i><b>_</b><i>life</i></span></th>
+<td> requests  renewable  tickets,  with  a  total lifetime of <span class="command">-<i>renewable</i><b>_</b><i>life</i>.</span>  The duration is in the same format as the <b>-l</b> option, with the same delimiters.</td></tr>
+<tr>
+<th id="th2"> <span class="command"><b>-f </b></span></th>
+<td> request forwardable tickets.</td></tr>
+<tr>
+<th id="th2"> <span class="command"><b>-F</b></span></th>
+<td> do not request forwardable tickets. </td></tr>
+<tr>
+<th id="th2"> <span class="command"><b>-p</b></span></th>
+<td> request proxiable tickets. </td></tr>
+<tr>
+<th id="th2"> <span class="command"><b>-P </b></span></th>
+<td> do not request proxiable tickets.</td></tr>
+<tr>
+<th id="th2"> <span class="command"><b>-a</b></span></th>
+<td> request tickets with the local address[es].</td></tr>
+<tr>
+  <th id="th2"> <span class="command"><b>-A</b></span></th>
+<td> request address-less tickets.</td></tr>
+<tr>
+<th id="th2"> <span class="command">   <b>-k</b> [<b>-t</b> <i>keytab</i><b>_</b><i>file</i>] </span></th>
+<td> requests a ticket, obtained from  a  key  in  the  local  host's
+              <i>keytab</i>  file.   The  name and location of the keytab file may be
+              specified with the <span class="command">  <b>-t</b> <i>keytab</i><b>_</b><i>file</i> </span> option; otherwise the  default
+              name  and  location  will  be used.  By default a host ticket is
+              requested but any principal may be specified. On a KDC, the special
+              keytab  location  <b>KDB:</b>  can be used to indicate that kinit
+              should open the KDC database and look up the key directly.  This
+              permits an administrator to obtain tickets as any principal that
+              supports password-based authentication.</td></tr>
+<tr>
+<th id="th2"> <span class="command"> <b>-n</b></span></th>
+<td> Requests anonymous processing. Two types of anonymous principals
+are supported. For fully anonymous Kerberos, configure pkinit on the
+KDC and configure <span class="command"> <i>pkinit</i><b>_</b><i>anchors</i></span> in  the  client's
+              krb5.conf.   Then use the <b>-n</b> option with a principal of the form
+              <i>@REALM</i> (an empty principal name followed by the  at-sign  and  a
+              realm  name).  If permitted by the KDC, an anonymous ticket will
+              be returned.  A second form of anonymous tickets  is  supported;
+              these  realm-exposed tickets hide the identity of the client but
+              not the client's realm.  For this mode, use <b>kinit</b> <b>-n</b> with a normal principal name.  If supported by the KDC, the principal (but
+              not realm) will be replaced by the anonymous principal.   As  of
+              release  1.8, the MIT Kerberos KDC only supports fully anonymous
+              operation.</td></tr>
+<tr>
+  <th id="th2"> <span class="command"><b>-T</b> <i>armor</i><b>_</b><i>ccache</i></span></th>
+<td>  Specifies the name of a credential cache that already contains a
+              ticket.   If  supported  by the KDC, This ccache will be used to
+              armor the request so that an attacker would have  to  know  both
+              the  key  of  the armor ticket and the key of the principal used
+              for authentication in order to attack the request. Armoring also
+              makes  sure  that  the  response from the KDC is not modified in
+              transit.</td></tr>
+<tr>
+  <th id="th2"> <span class="command"> <b>-c</b> <i>cache</i><b>_</b><i>name</i> </span></th>
+<td>  use <span class="command"><i>cache</i><b>_</b><i>name</i></span>
+as the Kerberos 5 credentials (ticket) cache name and location; if this
+option is not used, the default cache name and location are used. The
+default credentials cache may vary between systems. If the <b>KRB5CCNAME</b>  environment  variable  is  set, its value is used to
+              name the default ticket cache.  If a principal name is specified
+              and the type of the default credentials cache supports a collection
+              (such as the DIR type), an existing cache  containing  credentials
+              for  the principal is selected or a new one is created
+              and becomes the new primary cache.  Otherwise, any existing contents
+              of the default cache are destroyed by <i>kinit</i>.</td></tr>
+<tr>
+  <th id="th2"> <span class="command"> <b>-S</b> <i>service</i><b>_</b><i>name</i></span></th>
+<td> specify  an  alternate  service name to use when getting initial
+              tickets.</td></tr>
+ <tr>
+  <th id="th2"> <span class="command"> <b>flag_RSA_PROTOCOL</b>[=yes] </span></th>
+<td> specify use of RSA, rather than the default Diffie-Hellman protocol. </td></tr>
+</tbody></table>
+
+<h2>ENVIRONMENT</h2>
+<p>
+       <b>Kinit</b> uses the following environment variables:
+</p>
+<table>
+<tbody><tr>
+  <th id="th2">   KRB5CCNAME </th>
+<td>       Location of the default Kerberos 5 credentials (ticket)
+                       cache, in the form<span class="command"> <i>type</i>:<i>residual</i>.</span>  If no type prefix is
+                       present,  the  <b>FILE</b>  type  is assumed.  The type of the
+                       default cache may determine the availability of a cache
+                       collection;  for  instance, a default cache of type <b>DIR</b>
+                       causes caches within the directory to be present in the
+                       collection.</td>
+</tr>
+</tbody></table>
+
+<h2>FILES</h2>
+<table>
+<tbody><tr>
+  <th id="th2">     <span class="command">   /tmp/krb5cc_[uid] </span></th>
+<td>       default  location  of  Kerberos  5 credentials cache ([uid] is the decimal UID of the user). </td></tr>
+<tr>
+  <th id="th2">     <span class="command">    /etc/krb5.keytab  </span></th>
+<td>    default location for the local host's <b>keytab</b> file.</td></tr>
+</tbody></table>
+
+<h2>SEE ALSO</h2>
+<ul id="helpul">
+<li><a href="HTML/KLIST.htm"><b>klist(1)</b></a></li>
+<li> <a href="HTML/KDESTROY.htm"><b>kdestroy(1)</b></a></li>
+<li><a href="HTML/KSWITCH.htm"><b>kswitch(1)</b></a></li>
+
+<li><b>kerberos(1)</b></li>
+</ul>
+
+
+
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KLIST.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KLIST.htm
new file mode 100644
index 00000000..6a543aff
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KLIST.htm
@@ -0,0 +1,149 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>KLIST</Title>
+</HEAD>
+<BODY>
+<H1>KLIST Command</H1>
+
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the KLIST command.</th>
+</tr>
+</table>
+<H2>SYNOPSIS</H2>
+<table>
+<tr>
+<th id="th2">klist</th>
+<td>
+<span class="command">[<B>-e</B>]    </span>
+<span class="command">  [[<B>-c</B>]  [<B>-l</B>]  [<B>-A</B>]  [<B>-f</B>]  [<B>-s</B>]  [<B>-a</B>   [<B>-n</B>]]] </span>
+<span class="command">  [<B>-k</B> [<B>-t</B>] [<B>-K</B>]]   </span>
+<span class="command"> [<I>cache</I><B>_</B><I>name</I> | <I>keytab</I><B>_</B><I>name</I>]   </span>
+</td>
+</tr>
+</table>
+
+<H2>DESCRIPTION</H2>
+<p>
+       <span class="command">  <em>klist</em></span>  lists the Kerberos principal and Kerberos tickets held in a  credentials cache, or the keys held in a <B>keytab</B> file.
+</p>
+
+<H2>OPTIONS</H2>
+
+<table>
+<tr>
+<th id="th2"><span class="command">  <B>-e</B>  </span></th>
+<td> Displays  the encryption types of the session key and the ticket
+              for each credential in the credential cache, or each key in  the
+              keytab file.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-c</B>  </span></th>
+<td> List  tickets  held in a credentials cache.  This is the default
+              if neither <B>-c</B> nor <B>-k</B> is specified.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-l</B>   </span></th>
+<td>          If a cache collection is available, displays a table summarizing
+              the caches present in the collection.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-A &nbsp; &nbsp</B>   </span></th>
+<td>       If a cache collection is available, displays the contents of all
+              of the caches in the collection.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command">  <B>-f</B>  </span></th>
+<td>         Shows the flags present in the credentials, using the  following
+              abbreviations:
+<table class="noborder" >
+
+              <tr><td>   F</td><td><B>F</B>orwardable </td></tr>
+                  <tr><td> f</td><td><B>f</B>orwarded </td></tr>
+                 <tr><td>  P</td><td><B>P</B>roxiable</td></tr>
+               <tr><td>    p</td><td><B>p</B>roxy</td></tr>
+                 <tr><td>  D</td><td>post<B>D</B>ateable</td></tr>
+                 <tr><td>  d</td><td> post<B>d</B>ated</td></tr>
+              <tr><td>     R</td><td><B>R</B>enewable</td></tr>
+                 <tr><td>  I</td><td><B>I</B>nitial</td></tr>
+                <tr><td>   i</td><td><B>i</B>nvalid</td></tr>
+            <tr><td>       H</td><td><B>H</B>ardware authenticated</td></tr>
+               <tr><td>    A </td><td>pre<B>A</B>uthenticated</td></tr>
+              <tr><td>     T</td><td><B>T</B>ransit policy checked</td></tr>
+             <tr><td>      O</td><td><B>O</B>kay as delegate</td></tr>
+                 <tr><td>  a</td><td><B>a</B>nonymous</td></tr>
+</table>
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-s</B>   </span></th>
+<td>           Causes  <B>klist</B>  to run silently (produce no output), but to still
+              set the exit status according to whether it  finds  the  credentials
+              cache.   The  exit status is `0' if <B>klist</B> finds a credentials
+              cache, and `1' if it does not or if the tickets are
+               expired.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command">  <B>-a</B> </span></th>
+<td>Display list of addresses in credentials.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-n</B>  </span></th>
+<td>Show numeric addresses instead of reverse-resolving addresses.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-k</B>  </span></th>
+<td>List keys held in a <B>keytab</B> file.
+</td>
+</tr>
+
+      </table>
+
+
+<H2>ENVIRONMENT</H2>
+<p>     <B>Klist</B> uses the following environment variables:</p>
+<table>
+<tr>
+<th id="th2"> KRB5CCNAME</th>
+<td>      Location of the default Kerberos 5 credentials (ticket)
+                       cache, in the form <I>type</I>:<I>residual</I>.  If no type prefix is
+                       present,  the  <B>FILE</B>  type  is assumed.  The type of the
+                       default cache may determine the availability of a cache
+                       collection;  for  instance, a default cache of type <B>DIR</B>
+                       causes caches within the directory to be present in the
+                       collection. </td>
+</tr>
+</table>
+
+<H2>FILES</H2>
+<table>
+<tr>
+  <th id="th2">     <span class="command">   /tmp/krb5cc_[uid] </span></th>
+<td>       default  location  of  Kerberos  5 credentials cache ([uid] is the decimal UID of the user). </td></tr>
+<tr>
+  <th id="th2">     <span class="command">    /etc/krb5.keytab  </span></th>
+<td>    default location for the local host's <B>keytab</B> file.</td></tr>
+</table>
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li><a href="HTML/KINIT.htm"><B>kinit(1)</B></a> </li>
+<li><a href="HTML/KDESTROY.htm"><B>kdestroy(1)</B></a></li>
+<li><B>krb5(3)</B></li>
+
+<PRE>
+
+                                                                      <B>KLIST(1)</B>
+
+</PRE>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KPASSWD.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KPASSWD.htm
new file mode 100644
index 00000000..660e581c
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KPASSWD.htm
@@ -0,0 +1,55 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+
+<Title>KPASSWD</Title>
+</HEAD>
+<BODY>
+<H1>KPASSWD Command</H1>
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the KPASSWD command.</th>
+</tr>
+</table>
+
+
+<H2>SYNOPSIS</H2>
+<table>
+<tr>
+<th id="th2">kpasswd</th>
+<td>
+<span class="command">  [principal]  </span>
+</td>
+</tr>
+</table>
+
+
+<H2>DESCRIPTION</H2>
+<p>
+The kpasswd command is used to change a Kerberos principal's password. kpasswd first prompts for the current Kerberos password, then prompts the user twice for the new password, and the password is changed.
+
+If the principal is governed by a policy that specifies the length and/or number of character classes required in the new password, the new password must conform to the policy. (The five character classes are lower case, upper case, numbers, punctuation, and all other characters.)
+</P>
+
+<H2>OPTIONS</H2>
+<table>
+<tr>
+<th id="th2"><span class="command"> principal </span>  </th>
+<td>
+    Change the password for the Kerberos principal principal. Otherwise, kpasswd uses the principal name from an existing ccache if there is one; if not, the principal is derived from the identity of the user invoking the kpasswd command.</td></tr>
+</table>
+
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li><B>kadmin</B></li>
+<li> <B>kadmind</B></li>
+
+</ul>
+
+
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KSWITCH.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KSWITCH.htm
new file mode 100644
index 00000000..b4f10df5
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KSWITCH.htm
@@ -0,0 +1,80 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>KSWITCH</Title>
+</HEAD>
+<BODY>
+<H1>KSWITCH Command</H1>
+
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the KSWITCH command.</th>
+</tr>
+</table>
+<H2>SYNOPSIS</H2>
+<table>
+<tr>
+<th id="th2">kswitch </th>
+<td>
+
+<span class="command"> { <B>-c</B> <I>cache</I><B>_</B><I>name</I> | <B>-p</B> <I>principal</I> }</span>
+</td>
+</tr>
+</table>
+
+<H2>DESCRIPTION</H2>
+<p>
+       <span class="command">  <I>kswitch </I></span>  makes the specified credential cache the primary cache for the collection, if a cache collection is available.
+</p>
+
+<H2>OPTIONS</H2>
+
+
+<table>
+<tr>
+<th id="th2"><span class="command">  <B>-c</B> <I>cache</I><B>_</B><I>name</I>   </span></th>
+<td> Directly specifies the credential cache to be made primary.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"> <B>-p</B> <I>principal</I>  </span></th>
+<td> Causes the cache collection to be searched for a cache containing credentials for principal. If one is found, that collection is made primary.
+</td>
+</tr>
+      </table>
+
+
+<H2>ENVIRONMENT</H2>
+<p>     <B>kswitch</B> uses the following environment variables:</p>
+<table>
+<tr>
+<th id="th2"> KRB5CCNAME</th>
+<td>      Location of the default Kerberos 5 credentials (ticket)
+                       cache, in the form <I>type</I>:<I>residual</I>.  If no type prefix is
+                       present,  the  <B>FILE</B>  type  is assumed.  The type of the
+                       default cache may determine the availability of a cache
+                       collection;  for  instance, a default cache of type <B>DIR</B>
+                       causes caches within the directory to be present in the
+                       collection. </td>
+</tr>
+</table>
+
+<H2>FILES</H2>
+<table>
+<tr>
+  <th id="th2">     <span class="command">   /tmp/krb5cc_[uid] </span></th>
+<td>       default  location  of  Kerberos  5 credentials cache ([uid] is the decimal UID of the user). </td></tr>
+
+</table>
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li><a href="HTML/KINIT.htm"><B>kinit</B></a> </li>
+<li><a href="HTML/KDESTROY.htm"><B>kdestroy</B></a></li>
+<li><a href="HTML/KLIST.htm"><B>klist</B></a> </li>
+<li><B>kerberos (1)</B></li>
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/KVNO.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KVNO.htm
new file mode 100644
index 00000000..c23f4e6e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/KVNO.htm
@@ -0,0 +1,104 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>KVNO</Title>
+</HEAD>
+<BODY>
+<H1>KVNO Command</H1>
+
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the KVNO command.</th>
+</tr>
+</table>
+<H2>SYNOPSIS</H2>
+<table>
+<tr>
+<th id="th2">kvno </th>
+<td>
+<span class="command">[<strong>-c</strong> <em>ccache</em>]</span>
+<span class="command">[<strong>-e</strong> <em>etype</em>]</span>
+<span class="command">[<strong>-q</strong>]</span>
+<span class="command">[<strong>-h</strong>]</span>
+<span class="command">[<strong>-P</strong>]</span>
+<span class="command">[<strong>-S</strong> <em>sname</em>]</span>
+<span class="command">[<strong>-U</strong> <em>for_user</em>]</span>
+<span class="command"><em>service1 service2</em> ..</span>
+</td>
+</tr>
+</table>
+
+<H2>DESCRIPTION</H2>
+<p>
+       <span class="command">  <em>kvno </em></span>  acquires a service ticket for the specified Kerberos principals and prints out the key version numbers of each.</p>
+
+
+<H2>OPTIONS</H2>
+
+
+<table>
+<tr>
+<th id="th2"><span class="command"><strong>-c</strong> <em>ccache</em></span></th>
+<td> Specifies the name of a credentials cache to use (if not the default).
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-e</strong> <em>etype</em></span></th>
+<td> Specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in certain backward compatibility situations.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-q</strong></span></th>
+<td> Suppress printing output when successful. If a service ticket cannot be obtained, an error message will still be printed and kvno will exit with nonzero status.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-h</strong></span></th>
+<td> Prints a usage statement and exits.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-P</strong></span></th>
+<td> Specifies that the <em>service1 service2</em> ... arguments are to be treated as services for which credentials should be acquired using constrained delegation. This option is only valid when used in conjunction with protocol transition.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-S</strong> <em>sname</em></span></th>
+<td> Specifies that the <em>service1 service2</em> ... arguments are interpreted as hostnames, and the service principals are to be constructed from those hostnames and the service name <em>sname</em>. The service hostnames will be canonicalized according to the usual rules for constructing service principals.
+</td>
+</tr>
+<tr>
+<th id="th2"><span class="command"><strong>-U</strong> <em>for_user</em></span></th>
+<td> Specifies that protocol transition (S4U2Self) is to be used to acquire a ticket on behalf of <em>for_user.</em>  If constrained delegation is not requested, the service name must match the credentials cache client principal.
+</td>
+</tr>
+
+      </table>
+
+
+<H2>ENVIRONMENT</H2>
+<p>     <B>Kvno</B> uses the following environment variables:</p>
+<table>
+<tr>
+<th id="th2"> KRB5CCNAME</th>
+<td>      Location of the credentials (ticket) cache. </td>
+</tr>
+</table>
+
+<H2>FILES</H2>
+<table>
+<tr>
+  <th id="th2">     <span class="command">   /tmp/krb5cc_[uid] </span></th>
+<td>       default  location  of  Kerberos  5 credentials cache ([uid] is the decimal UID of the user). </td></tr>
+
+</table>
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li><a href="HTML/KINIT.htm"><B>kinit</B></a> </li>
+<li><a href="HTML/KDESTROY.htm"><B>kdestroy</B></a></li>
+</ul>
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Kerberos.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Kerberos.htm
new file mode 100644
index 00000000..ac15de3c
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Kerberos.htm
@@ -0,0 +1,76 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+
+<title>What is Kerberos?</title></head>
+
+<body>
+
+<h1> Kerberos </h1>
+<h2>What is Kerberos? </h2>
+<p>
+Kerberos is a network authentication protocol that allows users to
+securely access services over a physically insecure network. Kerberos,
+or MIT Kerberos, is also the name of this application. MIT Kerberos
+provides an easy interface to the Kerberos protocol.</p>
+
+<p>
+In addition to providing secure access to services, Kerberos adds
+convenience by allowing you to sign on just once to use many network
+resources such as servers, hosts, or other services.</p>
+<p>
+Kerberos gives you this convenience and security through the use of
+single sign on, mutual authentication, and secret key encryption. </p>
+
+<p>
+<table>
+<tbody><tr>
+<th>Single Sign On </th>
+</tr>
+<tr>
+<td>  Your Kerberos identity (your <em><a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a></em>)
+and your password allow you to log on just once to access all of the
+servers, hosts, and other resources that use the Kerberos installation.
+No matter how many resources you use, you will not need to enter your
+password again. </td>
+</tr>
+<tr>
+<th>Mutual Authentication </th>
+</tr>
+<tr>
+<td> Authentication is proof of identity. Any protocol or service that
+demands a password is authenticating the user. However, Kerberos
+provides <i>mutual</i> authentication, so in addition to proving your
+identity to the server, it proves that the server you are communicating
+with is what it claims to be. This protects you against <a href="JavaScript:popup.TextPopup(popupPhishing, popfont,9,9,-1,-1)"> phishing </a> and <a href="JavaScript:popup.TextPopup(popupSpoofing, popfont,9,9,-1,-1)"> spoofing. </a></td>
+</tr>
+<tr>
+<th>Secret-Key Encryption </th>
+</tr>
+<tr>
+<td>
+Kerberos prevents malicious attempts to intercept your password by
+encrypting your password before transmitting it. In addition, once you
+and the server have proved your identities to each other, Kerberos uses
+secret-key cryptography to secure the rest of your communications. This
+helps maintain your privacy and the integrity of your data.</td>
+</tr>
+ </tbody></table>
+</p><h2>Related Help</h2>
+<ul id="helpul">
+<li><a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a></li>
+<li><a href="HTML/Encryption_Types.htm">Encryption types</a></li>
+<li><a href="HTML/How_Kerberos_Works.htm">How does Kerberos work?</a></li>
+</ul>
+
+<script language="JavaScript">
+popfont="Arial,.725,"
+popupPhishing="A type of email scam. The scammer sends an email that appears  to come from a legitimate company asking you to log on to the company website using the included link. The link takes you instead to a fake website modeled after that of the real company. If you try to log on, the fake website harvests your username and password for later malicious use."
+popupSpoofing="To 'spoof' means to fake. Hackers can spoof email (making you think the email came from a trusted source), websites (making you think a website is legitimate), and IP addresses. IP spoofing can be used to hijack your browser and take you to fradulent web page that looks legitimate and can be used harvest your username and password."
+popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' "
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Kerberos_Terminology.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Kerberos_Terminology.htm
new file mode 100644
index 00000000..82837655
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Kerberos_Terminology.htm
@@ -0,0 +1,105 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Kerberos Terminology</title></head>
+
+<body>
+<h1><a name="top"> Kerberos Terminology</a></h1>
+<p>
+It is helpful to understand three terms when using Kerberos; <a href="#principal"> principals</a>, <a href="#realm"> realms</a>, and <a href="#ticket"> tickets</a>.</p>
+<p>
+<table>
+<tbody><tr>
+<th><a name="principal">Principals</a></th>
+</tr>
+<tr>
+<td>
+ A Kerberos <i>principal</i> is a unique identity that uses
+Kerberos. For users, it is the identity you use to log on to Kerberos.
+Principals are a combination of your user name and the name of the <a href="#realm"> realm</a> (or domain) you belong to, in the form <span class="typed">username@REALM.NAME.</span> For example: <span class="typed">jdoe@SALES.WIDGET.COM.</span>
+Some people will have more than one principal. An administrator might
+have a regular principal and a separate one with administrative rights.
+Or if a particular installation uses multiple realms and requires a
+separate log-on for each one, people with access to multiple realms
+will have a principal for each realm.
+<p></p>
+Because Kerberos provides <em>mutual</em> authentication, the
+network resources that use Kerberos also have unique principals.
+However, you do not need to know a service's principal to access it.<p></p>
+<a href="#top">Back to Top</a>
+</td>
+</tr>
+<tr>
+<th> <a name="realm"> Realms</a> </th>
+</tr>
+<tr>
+<td>
+ Kerberos <i>realms</i> are a way of logically grouping
+resources and identities that use Kerberos. Your realm is the home of
+your Kerberos identity and your point of entry to the network resources
+controlled by Kerberos. In Windows, realms are called <em>domains.</em>
+<p></p>
+When a Kerberos installation is set up, administrators decide how to
+group identities and network resources into realms. For example, some
+installations group all network resources into one realm. Others group
+all identities into one realm that is solely used as an entry point to
+resources grouped in other realms. Depending on your installation and
+your needs, you might have a <a href="#principal"> principal</a>
+(or principals) in only one realm that provides you with all the access
+you need, or you might have different principals for accessing
+different realms.
+<p></p>Realms are usually named after the DNS domain they correspond
+to, but using all upper case letters. For example, Widget Makers
+Incorporated might have a realm named <span type="" typed="">WIDGETMAKERSINC.COM.</span>  By definition, each network resource in a Kerberos realm uses the same Kerberos installation  for authentication.<p></p>
+  <p></p>
+<a href="#top">Back to Top</a>
+</td>
+</tr>
+
+<tr>
+<th> <a name="ticket">Tickets</a></th>
+</tr>
+<tr>
+<td>
+Kerberos uses the concept of <i>tickets </i> to keep passwords
+from being transmitted in the clear and to provide users the
+convenience of a single log-on to access multiple services and hosts. <p></p>
+Once a you provide a valid principal and password, Kerberos issues you
+a ticket with a limited lifetime. This ticket is an encrypted block of
+data that authenticates you. In most cases the ticket allows you to
+access all of the appropriate network resources in the realm you use,
+for the lifetime of the ticket, without having to take any further
+action. <p></p>
+When you access one of these resources, MIT Kerberos passes your
+initial Ticket Granting Ticket (TGT) to the service. Kerberos verifies
+the ticket and then issues a separate ticket that allows access to that
+service. You don't have to worry about obtaining or managing these new
+service tickets; they are automatically issued. Service tickets can be
+viewed with MIT Kerberos but cannot be directly obtained or destroyed
+through it.
+<p></p>
+Tickets contain two <a href="JavaScript:popup.TextPopup(popupEncryptionKey, popfont,9,9,-1,-1)">encryption keys</a>:
+the ticket key and the session key. The ticket key is shared between
+the Kerberos infrastructure and the service you are using. The session
+key is shared between you and the service, and is used to encrypt and
+decrypt communication with the service. <p></p>
+<a href="#top">Back to Top</a>
+</td>
+</tr>
+</tbody></table>
+</p><h2>Related Help</h2>
+<ul id="helpul">
+<li><a href="HTML/Kerberos.htm">What is Kerberos?</a></li>
+<li><a href="HTML/How_Kerberos_Works.htm">How does Kerberos work?</a></li>
+<li><a href="HTML/Encryption_Types.htm">Encryption types</a></li>
+</ul>
+
+<script language="JavaScript">
+popfont="Arial,.725,"
+popupEncryptionKey="A value that a specific code or algorithim uses to makes information unreadable to anyone without a matching key."
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Keyboard_Shortcuts.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Keyboard_Shortcuts.htm
new file mode 100644
index 00000000..9f10350f
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Keyboard_Shortcuts.htm
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Keyboard Shortcuts</title></head>
+
+<body>
+<h1>Keyboard Shortcuts </h1>
+
+<p>
+You can use keyboard shortcuts to reach several of the more frequently
+used functions in MIT Kerberos. To use a shortcut, hold down the <span class="typed"> [Ctrl] </span> key on your computer's keyboard while pressing the appropriate letter key as shown in the table below.
+</p>
+
+<table>
+<tbody><tr>
+<th>Function</th>
+<th>Keyboard Shortcut</th>
+</tr>
+ <tr><th id="th2">Get Ticket </th>
+ <td><span class="typed"> Ctrl + t </span></td>
+</tr>
+
+ <tr><th id="th2">Renew Ticket</th>
+ <td><span class="typed"> Ctrl + r </span></td>
+</tr>
+
+ <tr><th id="th2">Destroy Ticket</th>
+ <td><span class="typed"> Ctrl + d </span></td>
+</tr>
+</tbody></table>
+
+<h3> Related help</h3>
+<ul id="helpul">
+<li><a href="HTML/Get_Tickets.htm">Get Tickets</a></li>
+<li><a href="HTML/Renew_Tickets.htm">Renew Tickets</a></li>
+<li><a href="HTML/Destroy_Tickets.htm">Destroy Tickets</a></li>
+</ul>
+
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/MS2MIT.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/MS2MIT.htm
new file mode 100644
index 00000000..30ec7135
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/MS2MIT.htm
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>MS2MIT</Title>
+</HEAD>
+<BODY>
+<H1>MS2MIT Command</H1>
+<table>
+<tr><th id="th2"> The following information reproduces the information from UNIX man page for the MS2MIT command.</th>
+</tr>
+</table>
+
+<H2>SYNOPSIS</H2>
+
+<span class="command"> <B>ms2mit</B>  </span>
+
+<H2>DESCRIPTION</H2>
+<p>
+The <span class="command"> ms2mit  </span> command is used to  import Kerberos credentials from the current Windows Logon  Session and insert them into the MIT Kerberos default Credentials Cache. </p>
+
+<H2>SEE ALSO</H2>
+<ul id="helpul">
+<li> <a href="HTML/KLIST.htm"><B>klist (1)</B></a></li>
+<li><a href="HTML/KDESTROY.htm"><B>kdestroy (1)</B></a> </li>
+<li><B>krb5 (3)</B></li>
+</ul>
+
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Make_Default.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Make_Default.htm
new file mode 100644
index 00000000..8f2e55a5
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Make_Default.htm
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Make Default</Title>
+</HEAD>
+<BODY>
+<H1> Make  Default Principal </H1>
+<p>
+Your <em>default</em> principal is the one whose tickets are used when an application or service asks for tickets without specifying which principal is being authenticated. If you plan to use an application, service, or network that only one of your principals has access to, first set that principal to be the default. </p>
+<p>
+If you have only one principal, that principal is automatically the default.</p>
+
+<H3>Set Default Principal</H3>
+<ol>
+<li>Select the principal by clicking it in the main window (if the principal is not listed, first get tickets for it). </li>
+<li>Click the Make Default button. </li>
+</ol>
+<p>
+The default principal appears in bold font in the main window.</p>
+
+<h3>Related help</h3>
+<ul id="helpul">
+<li><a href="HTML/Principals.htm">About principals</a></li>
+<li><a href="HTML/Manage_Multiple_Principals.htm">Manage multiple principals</a></li>
+</ul>
+
+
+
+<SCRIPT Language=JavaScript>
+popfont="Arial,.725,,plain "
+popupRealm="The Kerberos realm is the group of network resources that you gain access to when you log on with a Kerberos username and password. Often it is named after the DNS domain it corrosponds to. In Windows, realms are called 'domains.' "
+</SCRIPT>
+
+<OBJECT id=popup type="application/x-oleobject"
+classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</OBJECT>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Manage_Multiple_Principals.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Manage_Multiple_Principals.htm
new file mode 100644
index 00000000..e91b18e9
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Manage_Multiple_Principals.htm
@@ -0,0 +1,87 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Multiple Principals</Title>
+</HEAD>
+<BODY>
+<H1> Manage Multiple Principals </H1>
+<p>
+If you have multiple principals, several features in MIT Kerberos will help you manage them. </p>
+<ul>
+<li>You can save principals when you enter them in the Get Ticket window. Kerberos will then auto-complete your principal as you start to enter it  to get tickets or to change your password.</li>
+<li>The Make Default button lets you easily and quickly change the default principal.</li>
+</ul>
+
+
+<p>
+All of your principals with tickets are listed in the main window. The default principal is in bold font.
+</p>
+
+<table>
+<tr>
+<th>On this page</th> <th>On other pages</th></tr>
+
+<tr>
+<td >
+<b>How to....</b>
+<ul id="helpul">
+<li><a href=#manage-multiple> Manage multiple principals</a></li>
+</ul>
+
+</td>
+<td>
+<b>How to...</b>
+<ul id="helpul">
+<li><a href="HTML/View_Tickets.htm"> View  tickets for all principals</a></li>
+<li><a href=HTML/Make_Default.htm> Set the default principal</a></li>
+</ul>
+</td>
+</tr>
+</table>
+
+
+
+<H2><a name="manage-multiple">Manage Multiple Principals</a></H2>
+<table>
+<tr>
+<th id="th2">Enter and save principals</th>
+<td>
+When you get tickets for a principal for the first time, enter the principal in the Principal field of the Get Ticket window. Select the "Remember this principal" checkbox to save it. The next time you get tickets or change your password, Kerberos will auto-complete your principal as you enter it.  </td></tr>
+
+<tr>
+<th id="th2">Select principal before using buttons</th>
+<td>
+Select a principal in the main window by clicking it. The selected principal will now be affected by the buttons in the Home tab (e.g., Change Password). Note that you can select multiple principals before you click the Renew Tickets button.
+
+</td></tr>
+<tr>
+<th id="th2">Renew tickets </th>
+<td>
+If the Automatic Ticket Renewal option is selected, all renewable tickets for all principals are renewed automatically. To renew tickets just for some principals, click the principal(s) with tickets you want to renew in the main window, then click the Renew Ticket button.
+</td></tr>
+<tr>
+<th id="th2">Choose default principal</th>
+<td>
+To choose which principal's tickets are used by default when you access a Kerberized service, select a principal in the main window by clicking it and then click the Make Default button. <br> <a href="HTML/Make_Default.htm">How to: Make Default Principal</a></td>
+</tr>
+<th id="th2">Clear saved principals</th>
+<td>
+If you have saved a principal that you will no longer use, and you do not want that principal to auto-complete in the Get Ticket and Change Password windows, you can clear your principal history by clicking the Clear History button in the  Get Ticket window.  Note that MIT Kerberos will immediately clear <em>all</em> of your saved principals.  <br>
+<a href="HTML/Forget_Principals.htm">How to: Clear Principal History</a></td></tr>
+</table>
+
+
+
+
+<SCRIPT Language=JavaScript>
+popfont="Arial,.725,,plain "
+popupRealm="The Kerberos realm is the group of network resources that you gain access to when you log on with a Kerberos username and password. Often it is named after the DNS domain it corrosponds to. In Windows, realms are called 'domains.' "
+</SCRIPT>
+
+<OBJECT id=popup type="application/x-oleobject"
+classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</OBJECT>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Options_Tab.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Options_Tab.htm
new file mode 100644
index 00000000..90246961
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Options_Tab.htm
@@ -0,0 +1,181 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Options Tab</title></head>
+
+<body>
+<h1><a name="top">Using the Options Tab </a> </h1>
+<img src="Images/Options_Tab.PNG" alt="Home Tab "   width="583" height="115" />
+<p>
+Click the Options tab to reach the checkboxes that control ticket and
+view options. The Options tab has two panels. Use the View Options
+panel to choose which information is displayed for your tickets. Use
+the Ticket Options panel to turn MIT Kerberos's automatic features on
+or off. </p>
+<p>
+Scroll down to browse information about both panels, or jump to a section by clicking a link below.</p>
+<table>
+<tbody><tr>
+<th id="th2">Learn about....</th><th id="th2">How to....</th></tr>
+<tr><td>
+<ul id="helpul">
+<li><a href="#view-options">View Options </a></li>
+<li><a href="#ticket-options">Ticket Options </a></li>
+</ul></td>
+<td>
+<ul id="helpul">
+<li><a href="#using-view-options">Use the View Options Panel</a></li>
+<li><a href="#using-ticket-options">Use the Ticket Options Panel</a></li>
+
+</ul></td>
+</tr>
+</tbody></table>
+
+<h2> <a name="using-view-options">Using the View Options Panel</a></h2>
+<p>
+Click the Options tab at the top of the ribbon menu and look to the
+left to find the View Options panel. View Options control which ticket information columns are  displayed in the main window.</p>
+<p>
+Select a checkbox to show the information column in the main window.
+Deselect it to hide the column. Some options are selected by default.
+For example, "Valid Until" is selected by default, so the main window
+shows the Valid Until column showing when your tickets will expire. <br>
+<a href="HTML/View_Tickets.htm">How to: View Tickets </a> </p>
+
+<h2><a name="#view-options">View Options </a></h2>
+
+<table>
+<tbody><tr>
+<th>
+Checkbox </th>
+<th>
+Select to...</th>
+
+</tr>
+<tr>
+ <tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner"><a name="issued">Issued  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </a></td> </th> </tr>
+</table>
+<td> See the date and time your ticket was originally obtained. </td>
+ </tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Renewable Until </td> </th> </tr>
+</table>
+<td><a name="renewable-until">See the date and time that your renewable tickets expire completely and cannot be renewed. </a> After this time you must get new tickets to access services authenticated by Kerberos.
+<p></p>
+ If this column shows <em>Not Renewable</em>, the ticket was not flagged as renewable when you obtained it.
+<p></p>
+<b>Related Help:</b>
+<ul id="helpul">
+<li> <a href="HTML/Tickets.htm#renewable"> About: Renewable Tickets</a> </li>
+<li><a href="HTML/Renew_Tickets.htm"> How to: Renew Tickets</a></li>
+<li><a href="HTML/Ticket_Settings.htm"> About: Ticket Settings and Flags</a></li>
+</ul>
+</td></tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Valid Until </td> </th> </tr>
+</table>
+<td> <a name="valid-until">
+See when your ticket will expire. </a>Note that you cannot renew a ticket if you let it expire.
+<p></p>
+Kerberos alerts you to expiring tickets with a warning in a pop up window.
+To add an audible warning, select the Expiration Alarm checkbox in the Ticket Options panel. <br><a href="#using-ticket-options">How to: Use Ticket Options Panel</a>
+ </td></tr>
+ <tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Encryption Type </td> </th> </tr>
+</table>
+<td><a name="encryption-type">See the encryption type used to encrypt each session key and ticket. </a> This can be useful when troubleshooting.
+<p></p>
+ Kerberos supports multiple  types of encryption. The type used for a particular  ticket or session key is automatically negotiated when you request a ticket or a service. <br>
+<a href="HTML/Encryption_Types.htm#supported-types">About: Encryption Types</a> </td></tr>
+<tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Flags   &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </td> </th> </tr>
+</table>
+<td> <a name="flags">See how the tickets were flagged (renewable and/or fowardable) when you obtained them. </a>
+<p></p>
+ You cannot change the flags on existing tickets. If you need a ticket with different flags, you must get a new ticket. <br>
+<a href="HTML/Ticket_Settings.htm">About: Ticket Settings and Flags </a>
+</td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+
+
+<h2> <a name="using-ticket-options">Using the Ticket Options Panel</a></h2>
+<p>
+Click the Options tab at the top of the ribbon menu and look to the
+right to find the Ticket Options panel. Ticket Options control MIT
+Kerberos's automatic features.</p>
+<p>
+Select a Ticket Option checkbox to turn that feature on. Deselect it to turn the feature off. </p>
+
+<h2><a name="#ticket-options">Ticket Options </a></h2>
+<table>
+<tbody><tr>
+<th>
+Checkbox</th>
+<th>
+Select to...</th>
+</tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+ <img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Automatic Ticket Renewal </td> </th> </tr>
+</table>
+<td>
+<a name="automatic-renewal">Automatically renew tickets flagged as renewable, without promptings or requiring a password, until the renewal lifetime is reached. </a>
+<p></p>
+ Renewing your tickets allows you to run
+batch jobs without interruption and to work through a long session
+without continually reentering your
+password.  <br>
+ <a href="HTML/Tickets.htm#renewable">About: Renewable Tickets</a>
+<p></p>
+<b>Note: </b>Automatic ticket renewal will not work if you exit MIT Kerberos or if your machine is in hibernation mode.
+ </td></tr>
+
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Expiration Alarm</td> </th> </tr>
+</table>
+<td><a name="expiration-alarm">Have MIT Kerberos provide an audible alarm 15, 10, and 5 minutes before your tickets expire.</a>
+<p></p>
+ Regardless of whether this option is on, MIT Kerberos alerts you to expiring tickets at the same intervals with pop up window. However, the pop up
+window will not always be visible on a busy desktop. <br>
+ <a href="HTML/Tickets.htm#expiration">About: Ticket Expiration</a></td></tr>
+ <tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner"> Destroy Tickets on Exit  </td> </th> </tr>
+</table>
+<td> <a name="destroy-tickets">Have MIT Kerberos destroy your tickets when you exit the program. </a>
+<p></p>
+Turning this option on provides greater security. However, you will
+need to turn this off if you want to exit MIT Kerberos while leaving
+processes running which require your valid tickets. </td></tr>
+
+
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Allow Mixed Case Realm Name</td> </th> </tr>
+</table>
+<td><a name="mixed-case-realm"> Use a Kerberos realm with lower case letters in its name.</a>
+<p></p>
+Kerberos <em>realms</em> are a way of logically grouping resources and identities that use Kerberos.
+By convention, realm names use all upper case letters. This helps
+distinguish a realm from the DNS domain it corresponds to. Realm names
+are case sensitive. So for convenience, anything you enter in the realm
+field of the Get Ticket window is converted to upper case, unless you
+turn this option on. </td></tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Password_Tips.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Password_Tips.htm
new file mode 100644
index 00000000..1b99e154
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Password_Tips.htm
@@ -0,0 +1,51 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Password Tips</Title>
+
+</HEAD>
+<BODY>
+<H1>Password Tips and Examples</H1>
+<p>
+As computing power has gotten faster and cheaper, password cracking generators have gotten better as well. A password cracking program can rapidly try all English words, all combinations of seven or fewer characters, and common passwords such as <tt>12345678</tt> and <tt>password123</tt>. In addition, anyone with access to your personal information can try names and dates from that information.   </p>
+
+<H3>Good Password Requirements</H3>
+<p>
+A strong password:  </p>
+<ul>
+<li>Is at least 8 characters long (preferably longer)</li>
+<li>Doesn't include your name or other easily obtained personal information</li>
+<li>Uses a mix of lower case letters, uppercase letters, numbers, and symbols </li>
+<li>Is only used for one program </li>
+</ul>
+<H3>Password Advice and Examples</H3>
+<p>
+To create a strong password that is still easy to remember, try starting with a phrase or sentence. Then play around with symbols, shorthands, and misspellings to make it more secure.  Remember that you can have spaces in your password. Some examples:</p>
+<ul>
+<li> "Beans and rice are my favorite foods" can become <tt>Beans&ricearemyFavoriteFoods!</tt>, <tt>Rbeans&ricemyfavoritefoods?</tt> or <tt>BeansNRiceRFavz!</tt></li>
+<li>"I can't wait 2 go to Spain" can become <tt>Ican'twait2go2Spain!</tt></li>
+<li>"Meet me at the store" can become <tt>mEEtme@zeStore</tt></li>
+<li>"Cat or dog?" can become <tt>?KatsRd0gs</tt> or you can leave it as is. </li>
+</ul>
+<H3>What Makes a Bad Password</H3>
+<p>
+Do <b>not</b> base your password on any of the following. They are far too easy to guess (even if you spell them backwards).</p>
+<ul>
+<li>Any names, including yours or that of your parents, children, pets, friends, characters from popular media, etc.</li>
+<li> Your phone number, address, birthday, etc.</li>
+<li>Your social security, drivers license, or license plate numbers. </li>
+<li> One or two words found in a dictionary.</li>
+<li> The phrases "Let me in," "open up," or something similar.</li>
+<li> Simple patterns like "lolololololo" or "12345678." </li>
+<li> Any password used as an example in a manual or in help (including the examples given here).</li>
+<li> A password that you use elsewhere, especially an insecure program or website.</li>
+</ul>
+<H3>Related Help</H3>
+<ul id="helpul">
+<li><a href="HTML/Change_Password.htm">Change Password</a></li>
+<li><a href="HTML/Forget_Password.htm">If you forget your password</a></li>
+</ul>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Passwords.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Passwords.htm
new file mode 100644
index 00000000..9ca591df
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Passwords.htm
@@ -0,0 +1,63 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<style type="text/css">
+td
+{
+vertical-align:top;
+}
+</style>
+<Title>Passwords</Title>
+</HEAD>
+<BODY>
+<H1>About Passwords</H1>
+<P>
+Kerberos offers strong and reliable security for computers and network systems that use it for authentication, but  it is only as secure as the password you choose. A weak password can jeopardize not only your privacy and information, but also any computers or networks that you access with that password.</P>
+
+<table>
+<tr><th>On this page</th><th colspan="2">On other pages</th></tr>
+<tr>
+<td > <b>Learn about...</b>
+<ul id="helpul">
+<li><a href=#choose> Choosing  passwords </a></li>
+<li><a href=#maintain> Maintaining passwords</a></li>
+</ul>
+</td>
+
+<td > <b>Learn about...</b>
+<ul id="helpul">
+<li><a href="HTML/Password_Tips.htm"> Password tips</a></li>
+<li><a href="HTML/Forget_Password.htm"> Forgotten passwords</a></li>
+</ul>
+</td>
+<td>
+<b>How to...</b>
+<ul id="helpul">
+<li><a href="HTML/Change_Password.htm">Change password</a></li>
+
+</ul>
+</td>
+</tr>
+</table>
+
+<H2><a name="choose">Choosing  Passwords </a></H2>
+<p>
+Create a strong password that is not a word found in the dictionary or based on easily available information about yourself. Usually the easiest way to do that is to start with a phrase, not a word.
+For best security choose a unique password that you have not used with any other application. That way if one application is somehow hacked or compromised, the damage is limited to that application. <br>
+<a href="HTML/Password_Tips.htm">About: Password Tips and Examples</a></P>
+
+<H2><a name="maintain">Maintaining Passwords</a></H2>
+<p>
+ If you ever suspect that your password has been compromised, change it immediately. It's a good idea to occasionally change your password even if you think it is still secure. This habit can limit the damage if your password is compromised without your knowledge.</P>
+
+
+<H3>Related Help</H3>
+<ul id="helpul">
+<li> <a href="Html/Password_Tips.htm">Password tips and examples</a></li>
+<li> <a href="Html/Change_Password.htm">Change password</a></li>
+<li> <a href="Html/Forget_Password.htm">If you forget your password</a></li>
+</ul>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Principals.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Principals.htm
new file mode 100644
index 00000000..6fbfdd8e
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Principals.htm
@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Principals</Title>
+</HEAD>
+<BODY>
+<H1> <a name="top">About Principals </a></H1>
+<p>
+Your principal is your Kerberos identity. It is your user name plus the Kerberos <a href="JavaScript:popup.TextPopup(popupRealm, popfont, 9,9,-1,-1)">realm</a> (or Windows domain)  you are part of. For example, if your user name is <span class="typed">jdoe</span> and you are part of the <span class="typed">SALES.WIDGET.COM</span> realm, your principal is <span class="typed">jdoe@SALES.WIDGET.COM.</span>
+</p>
+<table>
+<tr>
+<th id="th2">Learn about...</th>
+<td>
+<ul id="helpul">
+<li><a href=#single-principal>  Using a single principal </a></li>
+<li><a href=#manage-multiple> Multiple principals</a></li>
+<li><a href=#default-principal> Default principal</a></li>
+</td>
+</tr>
+</table>
+<H2><a name="single-principal">Using a Single Principal</a></H2>
+<p>
+If like many users you just have one Kerberos identity, you will have just one principal.
+</p><p>
+In most installations, MIT Kerberos knows your realm, so when you start to enter your principal in the Get Ticket window it will auto-complete the realm for you. If you select the "Remember this principal" checkbox, the next time you get tickets Kerberos will auto-complete your principal as soon as you start to type. </p>
+<p>
+The main window shows your principal, along with information about tickets issued to it. <br>
+   <a href="HTML/View_Tickets.htm"> How to: View Tickets </a>
+</p>
+<p>
+<a href=#top>Back to top</a></p>
+
+<H2><a name="manage-multiple">Multiple principals</a></H2>
+<p>
+Some users have multiple principals. For example, administrators often have one principal with standard access and an administrative principal with administrative access. Also, some Kerberos installations require multiple principals to access multiple realms.
+<br>
+ <a href="HTML/Manage_Multiple_Principals.htm">How to:  Manage Multiple Principals</a> <br> <a href="HTML/Make_Default.htm">How to: Make  Default Principal</a>
+</p>
+<p>
+<a href=#top>Back to top</a></p>
+
+<H2> <a name="default-principal">Default Principal</a></H2>
+<p>
+Your default principal appears in bold font in the main window. If you have a single principal, that principal is always the default. But if you have multiple principals you will need to change the default principal depending on what service or host you need to access. </p>
+<p>
+When you try to use a Kerberized application, the application attempts to authenticate you by requesting your credentials from Kerberos. Some applications do this by asking for a specific principal's credentials, but others ask generically.
+<p>
+When applications make a generic request, Kerberos does not know which of your principals is being authenticated and checks the default principal for tickets. If the default principal is not the correct one, the application will usually simply fail to work with no warning or notice.
+</p>
+<p>
+To set your default principal, select a principal in the main window and then click the Make Default button.<br>
+ <a href="HTML/Make_Default.htm">How to: Make Default Principal </a>
+</p>
+<p>
+<a href=#top>Back to top</a></p>
+<SCRIPT Language=JavaScript>
+popfont="Arial,.725,"
+popupRealm="The Kerberos realm is the group of network resources that you gain access to when you log on with a Kerberos username and password. Often it is named after the DNS domain it corrosponds to. In Windows, realms are called 'domains.' "
+popupKeyboardShortcut="To use a keyboard shortcut, hold down the [Ctrl] key on your computer keyboard and press the appropriate letter.  "
+</SCRIPT>
+
+<OBJECT id=popup type="application/x-oleobject"
+classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</OBJECT>
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Renew_Tickets.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Renew_Tickets.htm
new file mode 100644
index 00000000..51c16bb9
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Renew_Tickets.htm
@@ -0,0 +1,109 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+
+<title>Renew_Tickets</title><link rel="stylesheet" type="text/css" href="Leash.css"></head>
+
+<body>
+<a name="top"><h1>Renew Tickets</h1></a>
+<p>
+Renew a ticket to extend its usable lifetime. Each time a ticket is
+renewed, its lifespan is reset to the original length of the ticket. It
+can then be used until the new time listed in the "Valid Until" column
+in the main window. </p>
+
+<table>
+<tbody><tr>
+ <th id="th2">Learn about...</th><th id="th2">How to...</th></tr>
+<tr>
+<td>
+<ul id="helpul">
+<li><a href="#conditions"> What's necessary to renew tickets</a></li>
+<li><a href="#related-help"> Related help</a></li>
+</ul>
+</td>
+<td>
+<ul id="helpul">
+<li><a href="#renew-once"> Renew ticket once</a></li>
+<li><a href="#renew-automatically"> Renew tickets automatically</a></li>
+<li><a href="#renewable-until">Find  how long a ticket can be renewed</a></li>
+</ul>
+</td>
+
+</tr>
+</tbody></table>
+
+
+
+<a name="renew-once"><p></p></a>
+<h2>Renew ticket once</h2>
+
+<ol>
+<li>If you have more than one <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a>, click to select all principals with tickets you want to renew. </li>
+<li>Click the Renew Ticket button in the Home tab or use the <a href="JavaScript:popup.TextPopup(popupKeyboardShortcut, popfont,9,9,-1,-1)">keyboard shortcut</a>  [Ctrl + r].</li>
+</ol>
+<p>
+The ticket lifetime is reset for all of the selected principal's renewable tickets.</p>
+<p>
+<a href="#top">Back to Top</a> </p>
+
+
+<a name="renew-automatically"><p></p></a>
+<h2>Renew tickets automatically</h2>
+<ol>
+<li>Open the Options tab in the main window.</li>
+<li> In the Ticket  Options panel, select the Automatic Ticket Renewal checkbox if it is not already checked.</li>
+</ol>
+<p>
+Your renewable  tickets will automatically reset their lifetimes
+before they expire, until the renewable lifetime of the tickets is
+reached. </p>
+<p>
+<b>Note: </b>This feature only works while MIT Kerberos is active and
+running. This means that if your machine is in hibernation mode or if
+Kerberos is not running when it is time to renew your tickets, your
+tickets will not be renewed and will expire instead. </p>
+<p>
+<a href="#top">Back to Top</a> </p>
+<a name="conditions"><p></p></a>
+<h2>What's necessary to renew tickets</h2>
+<p>
+You can renew a ticket if the following conditions are met:</p>
+<ul>
+<li> When you obtained the ticket, the Renewable flag was selected. <br> <a href="HTML/Ticket_Settings.htm">About: Ticket Settings and Flags </a></li>
+<li> The "Renewable Until" deadline has not been reached. Show or hide
+the Renewable Until column with the View Options panel in the Options
+tab. <br> <a href="Options_Tab.htm#using-view-options">How to: Use View Options Panel</a></li>
+<li> The ticket has not already expired. </li>
+<li>MIT Kerberos is running and your computer is not in hibernation mode.</li>
+</ul>
+<p>
+<a href="#top">Back to Top</a> </p>
+<a name="renewable-until"><p></p></a>
+<h2>Find  how long a ticket can be renewed</h2>
+<ol>
+<li>Open the Options tab in the main window.</li>
+<li> In the View  Options panel, select the Renewable Until checkbox.</li>
+</ol>
+<p> The Renewable Until column will appear. You can renew your ticket
+repeatedly until the date and time in this column is reached. </p>
+<p>
+<a href="#top">Back to Top</a> </p>
+<a name="related-help"><p></p></a>
+<h2>Related help</h2>
+<ul id="helpul">
+<li><a href="HTML/Tickets.htm#renewable">About renewable  tickets</a></li>
+<li><a href="HTML/Ticket_Settings.htm">Ticket settings and flags</a></li>
+<li><a href="HTML/Get_Tickets.htm">Get  tickets</a></li>
+</ul>
+<p>
+<a href="#top">Back to Top</a> </p>
+<script language="JavaScript">
+popfont="Arial,.725,"
+popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' "
+popupKeyboardShortcut="To use a keyboard shortcut, hold down the [Ctrl] key on your computer keyboard and press the appropriate letter.  "
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Renew_Tickets2.html b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Renew_Tickets2.html
new file mode 100644
index 00000000..c20dc973
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Renew_Tickets2.html
@@ -0,0 +1,32 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "https://www.w3.org/TR/html4/strict.dtd">
+<html><head><meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Renew Tickets</title></head><body>
+
+<ul>
+<li><b> Upper Case Realm Name: </b> Turn this option on to convert the realm name you enter in the Initialize Ticket window to all upper case regardless of how you type it. A <i>realm</i> is the area authenticated by a unique Kerberos installation. By convention, the realm is named after the DNS domain it corrosponds to, but uses all upper case letters. Since realm names are case sensitive it is important to use all caps when entering the realm name.
+
+</li>
+<p>
+<li><b> Automatic Ticket Renewal:</b> Turn this on to have MIT Kerberos  automatically renew your Kerberos tickets for their entire renewable lifetime, without promptings or requiring a password. Please note that automatic ticket renewal will not work  if you exit MIT Kerberos.</li>
+ <p>
+<li><b> Expiration Alarm: </b>  Turn this on and MIT Kerberos will provide an audible alarm 15, 10, and 5 minutes before your tickets expire. Regardless of whether this option is on, MIT Kerberos will provide a visual pop up window alerting you to expiring tickets at the same intervals.</li>
+<p>
+<li><b> Destroy Tickets on Exit:</b> Turn this on and MIT Kerberos will destroy your tickets when you exit MIT Kerberos.  If this option is turned off, your tickets are unaffected when you exit MIT Kerberos. </li>
+</ul>
+
+
+<table style="text-align: left; width: 100%;" border="1" cellpadding="2" cellspacing="2"><tbody><tr><td style="text-align: center; width: 181px; background-color: rgb(204, 204, 204);" valign="undefined"><span style="font-weight: bold;">Option</span></td><td style="text-align: center; width: 155px; background-color: rgb(204, 204, 204);" valign="undefined"><span style="font-weight: bold;">Turn this on to...</span></td><td style="width: 259px; text-align: center; background-color: rgb(204, 204, 204);" valign="undefined"><span style="font-weight: bold;">Details</span></td></tr><tr><td style="font-weight: bold; width: 181px; background-color: rgb(204, 255, 255);" align="undefined" valign="undefined">Upper Case Realm Name</td><td style="width: 155px;" align="undefined" valign="undefined">Automatically convert the realm name you enter in the Initialize Ticket window to all upper case regardless of how you type it. </td><td style="width: 259px;" align="undefined" valign="undefined">A&nbsp;<span style="font-style: italic;">realm</span>
+is the area authenticated by a unique Kerberos installation. By
+convention, the realm is named after the DNS domain it corrosponds to,
+but uses all upper case letters. Since realm names are case sensitive
+it is important to use all caps when entering the realm name. <br></td></tr><tr><td style="font-weight: bold; width: 181px; background-color: rgb(204, 255, 255);" align="undefined" valign="undefined">Automatic Ticket Renewal</td><td style="width: 155px;" align="undefined" valign="undefined">Automatically renew your Kerberos tickets for their entire renewable lifetime, without promptings or requiring a password.</td><td style="width: 259px;" align="undefined" valign="undefined">Renewing
+your tickets allows you to run batch jobs without interruption and to
+work through a long session without continually reentering your
+password. Please note that automatic ticket renewal will not work if
+you exit MIT Kerberos or if your current &nbsp;tickets are not renewable.<br></td></tr><tr><td style="font-weight: bold; width: 181px; background-color: rgb(204, 255, 255);" align="undefined" valign="undefined">Expiration Alarm</td><td style="width: 155px;" align="undefined" valign="undefined">Have MIT Kerberos&nbsp; provide an audible alarm 15, 10, and 5 minutes before your tickets expire.</td><td style="width: 259px;" align="undefined" valign="undefined">Regardless
+of whether this option is on, MIT Kerberos will provide a visual pop up window
+alerting you to expiring tickets at the same intervals, but the pop up
+window will not always be visible on a busy desktop.</td></tr><tr><td style="font-weight: bold; width: 181px; background-color: rgb(204, 255, 255);" align="undefined" valign="undefined">Destroy Tickets on Exit</td><td style="width: 155px;" align="undefined" valign="undefined">Have MIT Kerberos destroy your tickets when you exit MIT Kerberos.&nbsp; </td><td style="width: 259px;" align="undefined" valign="undefined">If
+this option is turned off, your tickets are unaffected when you exit
+MIT Kerberos. For highest security you should always destroy your tickets when
+you are finished using them, and this makes it more automatic. </td></tr></tbody></table><br></body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Report_Bugs.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Report_Bugs.htm
new file mode 100644
index 00000000..5524e753
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Report_Bugs.htm
@@ -0,0 +1,23 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<HTML>
+<HEAD>
+<meta name="GENERATOR" content="Microsoft&reg; HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Report_Bugs</Title>
+</HEAD>
+<BODY>
+<H1>Report Bugs or Request Assistance</h1>
+<H2>Bug Reports</H2>
+<p> We strive to provide a robust product. If you find bugs in Kerberos for Windows, we want to know about them. Please email bug reports to <span class="typed">  kfw-bugs@MIT.EDU</span>. Please provide as much detail as you can so that we can replicate the issue. </p>
+
+<H2>Requesting Assistance/Joining Discussion</H2>
+<p>
+The Usenet newsgroup <span class="typed">  comp.protocols.kerberos</span> is dedicated to discussing Kerberos issues. The mailing list <span class="typed"> kerberos@MIT.EDU  </span> is gatewayed to the newsgroup.</p>
+<p>
+To subscribe to the mailing list, email a request to <span class="typed">  kerberos-request@MIT.EDU</span> or submit the <a href=
+http://mailman.mit.edu/mailman/listinfo/kerberos target="new">online subscription form</a>
+</p>
+
+
+</BODY>
+</HTML>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Ticket_Settings.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Ticket_Settings.htm
new file mode 100644
index 00000000..abc9f979
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Ticket_Settings.htm
@@ -0,0 +1,175 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<style type="text/css">
+td
+{
+vertical-align:top;
+}
+</style>
+<title>Ticket Settings</title></head>
+
+<body>
+<a name="top"><h1>Ticket Settings and Flags</h1></a>
+<p>When you obtain a new ticket you have a chance to view and change
+the ticket's settings and flags in the Get Ticket window. You cannot
+change settings or flags on an existing ticket.</p>
+
+<table>
+<tbody><tr>
+<th id="th2">Learn about...</th> <th id="th2">How to...</th> </tr>
+<tr><td>
+<ul id="helpul">
+<li> <a href="#lifetime"> Ticket lifetime setting </a> </li>
+<li><a href="#forwardable"> Forwardable &amp; Proxiable flag</a></li>
+<li><a href="#renewable"> Renewable flag</a></li>
+</ul>
+</td>
+<td>
+<ul id="helpul">
+<li> <a href="#choose"> Choose settings and flags for new tickets </a> </li>
+<li><a href="#view">View settings and flags for existing tickets</a></li>
+<li> <a href="#lifetime"> Adjust the ticket lifetime setting </a> </li>
+<li><a href="#forwardable"> Flag a ticket as forwardable</a></li>
+<li><a href="#renewable"> Flag a ticket as renewable </a></li>
+</ul>
+</td>
+</tr>
+</tbody></table>
+
+<h2><a name="choose">Choose Settings and Flags</a></h2>
+<p>
+To  adjust settings for a new ticket:</p>
+<ol>
+<li>Click the Get Ticket button.</li>
+<li>In the Get Ticket window,  click the Show Advanced button if the settings are not already visible. </li>
+<li>Make adjustments as necessary. Options that you may not change are visible but appear in gray. </li>
+<li>Click Okay to finish getting your ticket. </li>
+</ol>
+<p>
+<a href="#top">Back to Top</a> </p>
+<h2><a name="view">View Settings and Flags</a></h2>
+<p>
+You can view settings and flags for existing tickets in the main
+window. If the information you want is not visible, go to the Options
+tab and use the checkboxes in the View Options panel to open the
+relevant column. <br>
+<a href="HTML/View_Tickets.htm">How to: View Tickets </a></p>
+
+<table>
+<tbody><tr>
+<th>Setting or Flag</th> <th>Relevant Column</th>
+</tr><tr>
+<th id="th2">Ticket lifetime </th><td>Valid Until</td>
+</tr><tr>
+<th id="th2">Renewable lifetime </th><td>Renewable Until</td>
+</tr><tr>
+<th id="th2">"Renewable" and "Forwardable and Proxiable" flags </th><td>Flags</td>
+</tr></tbody></table>
+
+<p>
+<a href="#top">Back to Top</a> </p>
+<p></p>
+
+
+<a name="lifetime"><h2>Ticket Lifetime </h2></a>
+<table>
+<tbody><tr>
+<th id="th2">When to change:</th>
+<td>You want to adjust the length of time your ticket will be valid before it expires.</td></tr>
+<tr>
+<th id="th2">How to change:</th>
+<td>When you get your ticket, click the Show Advanced button in the Get
+Ticket window. The Ticket Lifetime slider is below the Password field.
+Move the slider left to shorten the lifetime; move the slider right to
+lengthen the lifetime. </td>
+</tr>
+<tr>
+<th id="th2">More info</th>
+<td>
+Your Kerberos ticket will expire at the end of the lifetime specified
+with this slider control. Longer lifetimes are more convenient but less
+secure. To get a longer usable ticket lifetime without losing security,
+flag the ticket as renewable and then in the main window select the
+Automatic Ticket Renewal option. <br>
+<a href="HTML/Tickets.htm#renewable">About: Renewable Tickets</a>
+</td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to top</a></p>
+
+
+<a name="forwardable"><h2>Flag as Forwardable and Proxiable </h2></a>
+<table>
+<tbody><tr>
+<th id="th2">When to use this flag:</th>
+<td>You will use Kerberized services on a remote host. </td></tr>
+<tr>
+<th id="th2">How to change:</th>
+<td>When you get your ticket, click the Show Advanced button in the Get
+Ticket window. The "Flag this ticket as" section is below the Ticket
+Lifetime slider. If the "forwardable and proxiable" checkbox is
+selected, the ticket will be forwardable. Click the checkbox to select
+or deselect it. </td>
+</tr>
+<tr>
+<th id="th2">More info</th>
+<td>
+You can forward tickets flagged as forwardable to the remote host when
+you connect via telnet, ssh, ftp, rlogin, or similar applications, and
+you will not need to get new tickets to use remote services. Often your tickets will be forwarded automatically as needed. Ask your help desk or administrator for information specific to your installation.
+
+</td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to top</a></p>
+
+
+
+
+
+<a name="renewable"><h2>Flag as Renewable </h2></a>
+<table>
+<tbody><tr>
+<th id="th2">When to use this flag:</th>
+<td>You want a long interactive session without having to keep entering your password, or you plan to run a long batch job.</td></tr>
+<tr>
+<th id="th2">How to change:</th>
+<td>When you get your ticket, click the Show Advanced button in the Get
+Ticket window. The "Flag this ticket as" section is below the Ticket
+Lifetime slider. If the "renewable" checkbox is selected, the ticket
+will be renewable. Click the checkbox to select or deselect it. <p></p>
+You can adjust the renewable lifetime of the ticket with the Renew
+Until slider. Move the slider left to shorten the renewable lifetime of
+the ticket or move the slider right to lengthen it. </td>
+</tr>
+<tr>
+<th id="th2">More info</th>
+<td>
+A renewable ticket still has the normal lifetime, but before it expires
+it can be renewed. Each renewal resets the ticket to the length of the
+original lifetime (e.g. 10 hours). You can renew the ticket as often as
+needed until the "Renewable Until" deadline is reached (e.g., 6 days).
+You do not need to enter your password to renew tickets. <p></p>
+If you let your ticket expire, you cannot renew it even if the ticket
+is still within the renewable lifetime. For convenience, you can set
+your tickets to automatically renew.<br>
+<a href="HTML/Tickets.htm#renewable">About: Renewable Tickets</a>
+</td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h2>Related help</h2>
+<ul id="helpul">
+<li><a href="HTML/Tickets.htm">About tickets</a></li>
+<li><a href="HTML/Renew_Tickets.htm">Renew Tickets</a></li>
+</ul>
+
+
+
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Tickets.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Tickets.htm
new file mode 100644
index 00000000..e2b94500
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Tickets.htm
@@ -0,0 +1,139 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Tickets</title></head>
+
+<body>
+ <h1><a name="top">About Tickets</a></h1>
+<p>
+The MIT Kerberos program helps you manage your Kerberos tickets. Click
+the Get Ticket button and enter your principal (your Kerberos identity)
+and password to obtain a ticket. The ticket allows you to securely
+access all of the computers and services set up to authenticate you
+through Kerberos, until the ticket expires, without requiring you to
+enter your password again. </p>
+
+<table>
+<tbody><tr><th>On this page</th><th>On other pages</th></tr>
+<tr>
+<td><b>Learn about...</b>
+<ul id="helpul">
+<li><a href="#expiration"> Ticket expiration </a></li>
+<li><a href="#renewable"> Renewable tickets</a></li>
+<li><a href="#forwardable"> Forwardable tickets </a></li>
+</ul>
+</td>
+<td>
+<b>How to...</b>
+<ul id="helpul">
+<li><a href="HTML/Get_Tickets.htm">Get tickets</a></li>
+<li><a href="HTML/Renew_Tickets.htm">Renew tickets</a></li>
+<li><a href="HTML/View_Tickets.htm">View tickets</a></li>
+<li><a href="HTML/Ticket_Settings.htm">Work with ticket settings and flags</a>
+</li><li><a href="HTML/Destroy_Tickets.htm">Destroy tickets</a></li>
+</ul>
+</td>
+</tr>
+</tbody></table>
+<p></p>
+
+
+<table>
+<tbody><tr><th colspan="2"><a name="expiration">Ticket Expiration</a></th></tr>
+<tr><td colspan="2">Your tickets are valid for a set amount of time
+before they expire and cannot be used again. Usually tickets are valid
+for around the length of a work day (e.g., 8 hours). A pop up window
+warns you 15, 10, and 5 minutes before your tickets expire. To add an
+audible alarm at the same intervals, go to the Options tab and select
+Expiration Alarm in the Ticket Options panel.</td></tr>
+<tr> <th id="th2">Adjust</th><th id="th2">View</th></tr>
+<tr>
+<td>When you get your ticket, click Show Advanced to view and adjust
+the ticket's lifetime. Note that some Kerberos installations will not
+allow you to adjust the ticket lifetime. <br> <a href="HTML/Get_Tickets.htm">How to: Get Tickets </a></td>
+<td>The main window includes a <b>Valid Until</b> column for each of
+your tickets. After the time listed in this column, the ticket will
+expire and you must get a new ticket to access network resources that
+use Kerberos. <br> <a href="HTML/View_Tickets.htm">How to: View Tickets </a></td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+<p></p>
+<table>
+<tbody><tr><th colspan="2"><a name="renewable">Renewable Tickets </a> </th></tr>
+<tr><td colspan="2">When you get your ticket, you have the option of
+flagging the ticket as renewable. Renewable tickets allow you to run
+batch jobs without interruption and to work through a long session
+without continually reentering your password. <p></p>
+</td></tr><tr> <th id="th2">Renewable Ticket Expiration</th>
+<td>Renewable tickets have a normal ticket lifetime, but they also have
+a renewable lifetime that is much longer (usually several days). Each
+time you renew your ticket, Kerberos resets the ticket lifetime to the
+length of the original ticket. You can renew the ticket as often as you
+need to (once at time or automatically) until the renewable lifetime is
+reached. Then you must obtain a new ticket. </td></tr>
+<tr> <th id="th2">Obtain Renewable Tickets</th>
+<td>When you get your ticket, click Show Advanced and then select
+Renewable under "Flag this ticket as." Use the Renewable Until slider
+to adjust the ticket's renewable lifetime. <br>
+<a href="HTML/Get_Tickets.htm">How to: Get Tickets </a></td>
+</tr>
+<tr> <th id="th2">Renew Once</th>
+<td> Click the Renew button. Note that you cannot renew expired tickets even if the ticket is still within its renewable lifespan.  <br>
+ <a href="HTML/Renew_Tickets.htm#renew-once">How to: Renew Ticket Once </a></td></tr>
+<tr><th id="th2">Renew Automatically</th>
+<td>Go to the Options tab and select Automatic Ticket Renewal in the
+Ticket Options panel. Note that MIT Kerberos must be active and running
+in order to renew tickets. This means that if your machine is in
+hibernation mode or if MIT Kerberos is not running when it is time to
+renew your tickets, your tickets will not be renewed. <br>
+<a href="HTML/Renew_Tickets.htm#renew-once">How to: Renew Tickets Automatically </a> </td>
+</tr><tr>
+<th id="th2">View </th>
+<td>
+In the Options tab, the View Options panel checkboxes control what
+information is displayed for your tickets. Two columns relate to
+renewable tickets: Renewable Until and Flags.
+<p></p>To see the date and time your renewable tickets expire and can
+no longer be renewed, go to the Options tab and select the Renewable
+Until checkbox in the View Options panel. To see which of your tickets
+are renewable, select Flags.
+<br>
+ <a href="HTML/View_Tickets.htm">How to: View Tickets </a> </td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+<p></p>
+<table>
+<tbody><tr><th colspan="2"><a name="forwardable">Forwardable Tickets </a></th></tr>
+<tr><td colspan="2">When you get your ticket, you have the option of
+flagging the ticket as forwardable and proxiable. Forwardable and
+proxiable tickets can be forwarded to the remote host when you connect
+via telnet, ssh, ftp, rlogin, or similar applications, so you will not
+need to get new tickets to use remote services.</td></tr>
+<tr> <th id="th2">Obtain Forwardable Tickets</th><th id="th2"> View</th></tr>
+<tr>
+<td>When you get your ticket, click Show Advanced and  then select Forwardable and Proxiable under "Flag this ticket as."   <br>
+<a href="HTML/Get_Tickets.htm">How to: Get Tickets </a></td>
+<td> In the Options tab, the View Options panel checkboxes control what
+information is displayed for your tickets. Select the Flags checkbox to
+open a column indicating which of your tickets are forwardable. <br> <a href="HTML/View_Tickets.htm">How to: View Tickets </a> </td>
+</tr>
+</tbody></table>
+<p>
+<a href="#top">Back to Top</a> </p>
+
+
+<script language="JavaScript">
+popfont="Arial,.825,,"
+popupTicket="A Kerberos ticket is an encrypted block of data that includes authentication for the user and an expiration time."
+
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Troubleshooting.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Troubleshooting.htm
new file mode 100644
index 00000000..991d2209
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Troubleshooting.htm
@@ -0,0 +1,80 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>Troubleshooting</title></head>
+
+<body>
+<h1> <a name="" top="">Troubleshooting</a></h1>
+<ul id="helpul">
+<li> <a href="#renew">  When I try to renew my ticket, why do I get an error message and see the Get Ticket window? </a></li>
+<li><a href="#expire">   Why did my tickets expire even though I had Automatically Renew Tickets turned on?  </a></li>
+
+<li> <a href="#ticket-lifetime">  Why doesn't my ticket lifetime match the lifetime I selected with the slider in the Get Ticket window?  </a></li>
+
+
+
+<li> <a href="#set-preferences">  How do I set properties like the default ticket lifetime?  </a></li>
+<li> <a href="#set-preferences"> I have multiple principals and have
+tickets for all of them, but sometimes an application that requires
+Kerberos doesn't work. What's going on? </a></li>
+</ul>
+
+
+<a name="renew">  <h3> When I try to renew my ticket, why do I get an error message and see the Get Ticket window? </h3> </a>
+<p>
+The ticket cannot be renewed. This could be because the ticket was not
+flagged as renewable when you obtained it, or because it expired before
+you could renew it, or because the ticket's renewable lifetime has been
+reached. <a href="HTML/Tickets.htm#renewable">About: Renewable Tickets</a> </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<a name="expire">  </a><h3><a name=" expire">  Why did my tickets expire even though I had Automatically Renew Tickets turned on?  </a></h3>
+<p> MIT Kerberos can only renew your tickets if the program is running
+and active. It cannot renew your tickets if you exit the program or if
+your computer is turned off or in hibernation mode.</p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<a name="ticket-lifetime">  </a><h3><a name="ticket-lifetime"> Why doesn't my ticket lifetime match the lifetime I selected with the slider in the Get Ticket window?  </a></h3>
+<p> Your Kerberos installation is configured for a maximum ticket
+lifetime length that is determined by the administrators. If your
+installation uses a shorter maximum ticket lifetime than the default,
+the Ticket Lifetime slider might show the default maximum instead of
+the actual maximum.</p>
+<p> For example, if your Kerberos installation has been configured to
+issue tickets that expire in 5 hours or less, you might be able to move
+the slider to show 12 hours but you would still be issued a ticket with
+a lifetime of only 5 hours.</p>
+<p>
+<a href="#top">Back to top</a></p>
+
+
+<h3> <a name="set-preferences"> How do I set properties like the default ticket lifetime?</a></h3>
+<p>
+You cannot use the MIT Kerberos program to set properties such as
+default ticket lifetimes. Instead, edit the appropriate configuration
+file. For more information, visit the <a href="https://web.mit.edu/kerberos/krb5-latest/doc/krb_admins/conf_files/index.html" target="new"> MIT Kerberos documentation site. </a>
+ </p>
+<p>
+<a href="#top">Back to top</a></p>
+
+<h3>  <a name="default-principal"> I have multiple principals and have
+tickets for all of them, but sometimes an application that requires
+Kerberos doesn't work. What's going on? </a></h3>
+<p>
+When you try to use a Keberized application, it requests your
+credentials from Kerberos. Some applications do this by asking for a
+specific principal's credentials, but others ask generically. When
+applications make a generic request, Kerberos does not know which
+principal is being authenticated and checks the default principal for
+tickets. If the default principal is not the one being authenticated,
+the application will usually simply fail to work with no warning or
+notice. <a href="HTML/Make_Default.htm">How to: Make Default Principal</a>
+
+
+ </p>
+<p>
+<a href="#top">Back to top</a></p>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/Using_Leash_Menus.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Using_Leash_Menus.htm
new file mode 100644
index 00000000..c2829f02
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/Using_Leash_Menus.htm
@@ -0,0 +1,136 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1"><title>Using MIT Kerberos Menus</title>
+<link rel="stylesheet" type="text/css" href="Leash.css" />
+<Title>Using Kerberos Menus</Title>
+<h1><a name="top">Using Kerberos Menus<a></h1>
+</head>
+<body>
+<p>
+MIT Kerberos uses a ribbon menu. Most commands and options are available in the two tabs in the ribbon at the top of the main window.  The Home tab contains command buttons. The Options tab contains checkboxes for controlling ticket and view options.</p>
+<p> A few commands and options are controlled in the Get Ticket window. The Get Ticket window allows you to choose ticket settings and to clear your principal history.</p>
+<p>
+Browse the tables below to see what each button and option does. Or click <a href="HTML/Getting_Started.htm#familiar">here</a> for an introduction to using MIT Kerberos.</p>
+<p></p>
+
+<table>
+<tr>
+<th>On this page</th><th>On other pages</th></tr>
+<tr><td>
+<b>Learn about....</b>
+<ul id="helpul">
+<li> <a href="#home">Home Tab</a> </li>
+<li> <a href="#options">Options Tab </a></th>
+<li> <a href="#view-options">Options Tab: View Options Panel </a></li>
+<li> <a href="#ticket-options">Options Tab: Ticket Options Panel </a>  </li>
+</ul></td>
+<td>
+<b>How to....</b>
+<ul id="helpul">
+<li><a href="HTML/Keyboard_Shortcuts.htm"> Use Keyboard Shortcuts </a></li>
+<li><a href="HTML/Ticket_Settings.htm"> Use Ticket Settings and Flags </a></li>
+<li><a href="HTML/Forget_Principals.htm"> Clear Principal History</a></li>
+</ul></td>
+</tr>
+</table>
+<H1><a name="home">Home Tab</a>   </H1>
+<img src="Images/Home_Tab.PNG" alt="Home Tab "   width="341" height="116" />
+<p>
+MIT Kerberos opens with the Home tab visible. Use the buttons in the Home tab to work with tickets and passwords and to change your default principal. Depending on your installation and your needs, you might not need every button.</p>
+<p>The table below gives a quick explanation of each of the buttons. To jump to a detailed How To page for a  button, click the button name.   </p>
+<table>
+<tr><th>Button </th> <th>Function</th></tr>
+ <tr><th id="th2">  <img src="Images/Get_Ticket.PNG" alt="Get Tickets"   width="47" height="77" /> </th> <td>Get a new MIT Kerberos ticket. <p></p> <a href="HTML/Get_Tickets.htm">How to: Get Tickets</a> </td></tr>
+ <tr><th id="th2"> <img src="Images/Renew_Ticket.PNG" alt="Renew Tickets"   width="47" height="77" /> </th> <td>Renew tickets for the selected principal(s). Renewing a ticket extends its valid lifetime,  resetting it to the length of the original ticket. <p></p> <a href="HTML/Renew_Tickets.htm">How to: Renew Tickets</a> </td></tr>
+ <tr><th id="th2"><img src="Images/Destroy_Ticket.PNG" alt="Destroy Tickets"   width="47" height="77" /> </th> <td>Destroy all of your MIT Kerberos tickets.<p></p>
+<a href="HTML/Destroy_Tickets.htm">How to: Destroy Tickets</a></td></tr>
+ <tr><th id="th2"> <img src="Images/Make_Default.PNG" alt="Make Default "   width="47" height="77" />  </th> <td>Make the selected principal the default principal. Not necessary if you have only one principal. <p></p> <a href="HTML/Make_Default.htm">How to: Make Default</a></td></tr>
+ <tr><th id="th2">  <img src="Images/Change_Password.PNG" alt="Change Password "   width="47" height="77" /> </th> <td> Change your MIT Kerberos  password. <p></p> <a href="HTML/Change_Password.htm">How to: Change Password</a></td></tr>
+</table>
+<p>
+<a href=#top>Back to Top</a> </p>
+<H1> <a name="options">Options Tab</a></H1>
+<img src="Images/Options_Tab.PNG" alt="Home Tab "   width="583" height="115" />
+<p>
+Click the Options tab to reach the checkboxes that control ticket and view options.  The Options tab has two panels. Use the View Options panel to choose which information is displayed for your tickets. Use the Ticket Options panel to turn MIT Kerberos's automatic features on or off. </p>
+
+<H2><a name="view-options">View Options Panel</a> </H2>
+<p>The View Options checkboxes control what ticket information is displayed. Select a checkbox to see the information column it controls, or deselect the checkbox to hide it.</p>
+<p>The table below gives a quick explanation of each of the View options.  </p>
+<p></p>
+<table>
+
+<tr><th>Checkbox</th><th>Information Displayed When Checked</th></tr>
+ <tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Issued  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </td> </th> </tr>
+</table>
+ <td>The date and time that your tickets were issued.</td> </tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Renewable Until </td> </th> </tr>
+</table>
+<td>The date and time when you will no longer be able to renew your current tickets. <p></p>
+<a href="HTML/Options_Tab.htm#renewable-until"> About: Renewable Until</a> </td> </tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Valid Until </td> </th> </tr>
+</table>
+ <td>When your ticket will expire.<p></p>
+<a href="HTML/Options_Tab.htm#valid-until"> About: Valid Until</a></td></tr>
+ <tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Encryption Type </td> </th> </tr>
+</table>
+<td>The type of encryption used to encrypt your tickets and session keys. <p></p>
+<a href="HTML/Options_Tab.htm#encryption-type"> About: Encryption Type</a></td> </tr>
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Flags   &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </td> </th> </tr>
+</table>
+ <td>How the tickets were flagged (renewable and/or fowardable) when you obtained them. <p></p>
+<a href="HTML/Options_Tab.htm#flags"> About: Flags</a> </td></tr>
+</table>
+<p>
+<a href=#top>Back to Top</a> </p>
+<H2><a name="ticket-options">  Ticket Options Panel</a></H2>
+<p>
+The Ticket Options checkboxes control MIT Kerberos's automatic features. Select a checkbox to turn a feature on, or deselect a checkbox to turn the feature off.
+</p>
+<p>The table below gives a quick explanation of each of the Ticket options.   </p>
+
+
+<table>
+<tr><th>Checkbox </th><th>Select This Option to:</th></tr>
+
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+ <img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Automatic Ticket Renewal </td> </th> </tr>
+</table>
+<td>Automatically renew your Kerberos tickets for their entire renewable lifetime, without promptings or requiring a password, when possible. <p></p>
+<a href="HTML./Options_Tab.htm#automatic-renewal"> About: Automatic Ticket Renewal</a></td></tr>
+
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Expiration Alarm</td> </th> </tr>
+</table>
+<td>Have MIT Kerberos provide an audible alarm 15, 10, and 5 minutes before your tickets expire. <p></p>
+<a href="HTML./Options_Tab.htm#expiration-alarm"> About: Expiration Alarm</a> </td></tr>
+
+ <tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner"> Destroy Tickets on Exit  </td> </th> </tr>
+</table>
+ <td>Have MIT Kerberos destroy your tickets when you exit the program. <p></p>
+<a href="HTML./Options_Tab.htm#destroy-tickets"> About: Destroy Tickets on Exit  </a> </td></tr>
+
+<tr><th id="th2">
+<table id="table-inner"><tr id="table-inner"><td id="table-inner">
+<img src="Images/checkbox.PNG" alt="checkbox image"   width="20" height="20" /> </td> <td id="table-inner">Allow Mixed Case Realm Name</td> </th> </tr>
+</table>
+ <td>Allow you to get tickets for a realm that has a name that includes lower case letters. <p></p>
+<a href="HTML./Options_Tab.htm#mixed-case-realm"> About: Allow Mixed Case Realm Name</a></td></tr>
+</table>
+<p>
+<a href=#top>Back to Top</a> </p>
+</body></html>
diff --git a/krb5-1.21.3/src/windows/leash/htmlhelp/html/View_Tickets.htm b/krb5-1.21.3/src/windows/leash/htmlhelp/html/View_Tickets.htm
new file mode 100644
index 00000000..447ba5db
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/htmlhelp/html/View_Tickets.htm
@@ -0,0 +1,123 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html><head>
+<meta name="GENERATOR" content="Microsoft® HTML Help Workshop 4.1">
+<link rel="stylesheet" type="text/css" href="Leash.css">
+<title>View Tickets</title></head>
+
+<body>
+<h1>View Tickets</h1>
+<p>
+ MIT Kerberos displays your tickets in the main window. The tickets (if any) are organized by the <a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a> who owns them.  To the right of the principal are columns with information about the tickets.
+</p><ul>
+<li>To show or hide information columns,  use the View Options panel in the Options tab. <a href="HTML/Options_Tab.htm#using-view-options">How to: Use View Options Panel </a> </li>
+<li>To make a column wider or narrower, click and drag the line separating two column headings. </li>
+<li>To see information for all of a principal's tickets, click the
+arrow next to the principal name. Otherwise the information displayed
+applies only to the initial Ticket Granting Ticket (TGT). </li>
+</ul>
+<p>
+ Use the table below to jump to a column description, or scroll down to view all available columns.</p>
+
+<table>
+<tbody><tr>
+<th id="th2">Learn about...</th>
+<td>
+<ul id="helpul">
+<li><a href="#principal"> Principal</a></li>
+<li><a href="#issued"> Issued</a></li>
+<li><a href="#renewable-until"> Renewable Until</a></li>
+<li><a href="#valid-until"> Valid Until</a></li>
+<li><a href="#encryption-type"> Encryption Type</a></li>
+<li><a href="#flags"> Flags (renewable and forwardable)</a></li>
+
+
+</ul>
+</td>
+</tr>
+</tbody></table>
+<a name="table"><p></p></a>
+ <table>
+<tbody><tr>
+<th>Column</th>
+<th>Description</th>
+</tr>
+ <tr>
+<th id="th2"> Principal   </th>
+
+<td> <a name="principal"> The identity that has obtained the ticket. </a>This is your user name (e.g.,  <tt>Jsmith</tt>) plus the Kerberos <a href="JavaScript:popup.TextPopup(popupRealm, popfont,9,9,-1,-1)"> realm</a> (or Windows domain) you belong to  (e.g.,<tt> @SERVER.MEGACORP.COM</tt>).  If like many users you have only one Kerberos name and belong to only one realm, you will have only one principal.
+<p></p>
+The principal that is currently the default principal appears in bold. <a href="HTML/Principals.htm#default-principal">About: Default Principals</a>
+<p></p>
+The information displayed in the columns to the right of the principal
+applies only to the principal's initial Ticket Granting Ticket (TGT).
+Click the arrow in front of the principal name to expand the view.
+The expanded view shows all of the tickets and session keys issued to
+the principal. The TGT is listed with a prefix of <em>krbtgt</em>. Any other tickets and session keys were automatically issued when you accessed a service through Kerberos. <br>
+<a href="HTML/Kerberos_Terminology.htm#ticket">About: Kerberos Terminology (Tickets)</a></td>
+</tr>
+
+ <tr>
+<th id="th2"> <a name="issued">Issued</a> </th>
+
+<td>The date and time the ticket was originally obtained.</td>
+</tr>
+ <tr>
+<th id="th2">  Renewable Until </th>
+
+<td> <a name="renewable-until">The date and time marking the end of each ticket's renewable lifetime.</a> If the column is <a href="JavaScript:popup.TextPopup(popupWideEnough, popfont,9,9,-1,-1)"> wide enough</a>
+you will also see the number of days and hours remaining in the
+ticket's renewable lifetime. After this time, you cannot renew the
+ticket and must instead get a new one. <p></p>
+If this column shows <em>Not Renewable</em>, the ticket was not flagged as renewable when you obtained it.
+<p></p>
+<b>Related Help:</b><ul id="helpul">
+<li> <a href="HTML/Tickets.htm#renewable"> About renewable tickets</a> </li>
+<li><a href="HTML/Renew_Tickets.htm"> Renew tickets</a></li>
+</ul>
+</td>
+</tr>
+ <tr>
+<th id="th2">  Valid Until </th>
+
+<td> <a name="valid-until"> The date and time the ticket will expire and can no longer be used or renewed.</a> If the column is <a href="JavaScript:popup.TextPopup(popupWideEnough, popfont,9,9,-1,-1)"> wide enough</a>
+you will also see the number of hours and minutes remaining before the
+ticket expires. Kerberos alerts you to expiring tickets with a warning
+in a pop up window. <p></p>
+To add an audible warning, open the Options tab and select <b>Expiration Alarm</b> in the Ticket Options panel. <br>
+<a href="HTML/Options_Tab.htm#using-ticket-options">How to: Use Ticket Options Panel</a>
+</td>
+</tr>
+ <tr>
+<th id="th2"> Encryption Type </th>
+
+<td><a name="encryption-type">Shows what type of  encryption was used to encode the session key and the ticket.</a>
+Kerberos supports multiple types of encryption. The type used for a
+particular ticket or session key is automatically negotiated when you
+request a ticket or a service.<br>
+<a href="HTML/Encryption_Types.htm#supported-types">About: Encryption Types</a> </td>
+</tr>
+<tr>
+<th id="th2">   Flags </th>
+<td><a name="flags">Shows how the tickets were flagged (renewable and/or fowardable) when you obtained them. </a> You cannot change how an existing flag is set. If you need a ticket with different flags, you must get a new ticket.
+<p></p>
+<em> Forwardable and Proxiable</em> tickets can be forwarded to the remote host when you connect via telnet, ssh, ftp, rlogin, or similar applications.
+<p></p>
+<em> Renewable</em> tickets can be renewed until the time and day shown
+in the Renewable Until column. Each time a ticket is renewed, its
+lifetime is extended by the length of the original ticket. </td>
+</tr>
+
+</tbody></table>
+<p>
+
+
+<script language="JavaScript">
+popfont="Arial,.725,"
+popupRealm="Kerberos realms are a way of logically grouping resources and identities that use Kerberos. Your realm is the home of your Kerberos identity and your point of entry to the network resources controlled by Kerberos. Windows calls realms 'domains.' "
+popupWideEnough="Click and drag the line to the right of the column heading to widen the column or make it narrower."
+popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' "
+</script>
+
+<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
+</object>
+</p></body></html>
diff --git a/krb5-1.21.3/src/windows/leash/kfwribbon.xml b/krb5-1.21.3/src/windows/leash/kfwribbon.xml
new file mode 100644
index 00000000..975991b0
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/kfwribbon.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Application xmlns="http://schemas.microsoft.com/windows/2009/Ribbon">
+  <Application.Commands>
+    <Command Name="cmdAppMenu" LabelTitle="Application Menu" />
+    <Command Name="cmdQAT" LabelTitle="" />
+    <Command Name="cmdHelp" LabelTitle="Help" />
+    <Command Name="cmdAbout" LabelTitle="About MIT Kerberos" />
+    <Command Name="cmdExit" LabelTitle="Exit application" />
+    <Command Name="cmdHomeTab" LabelTitle="Home" Keytip="H" />
+    <Command Name="cmdOptionsTab" LabelTitle="Options" Keytip="O" />
+    <Command Name="cmdChangePasswordGroup" LabelTitle="" />
+    <Command Name="cmdTicketGroup" LabelTitle=" " />
+    <Command Name="cmdViewOptionsGroup" LabelTitle="View Options" />
+    <Command Name="cmdTicketOptionsGroup" LabelTitle="Ticket Options" />
+    <Command Name="cmdGetTicketButton"
+             LabelTitle="Get Ticket"
+             Keytip="T">
+      <Command.LargeImages>
+        <Image>res/getticketlarge.bmp</Image>
+      </Command.LargeImages>
+    </Command>
+    <Command Name="cmdRenewTicketButton"
+             LabelTitle="Renew Ticket"
+             Keytip="R">
+      <Command.LargeImages>
+        <Image>res/renewlarge.bmp</Image>
+      </Command.LargeImages>
+    </Command>
+    <Command Name="cmdDestroyTicketButton"
+             LabelTitle="Destroy Ticket"
+             Keytip="D">
+      <Command.LargeImages>
+        <Image>res/destroylarge.bmp</Image>
+      </Command.LargeImages>
+    </Command>
+    <Command Name="cmdMakeDefaultButton"
+             LabelTitle="Make Default"
+             Keytip="M">
+      <Command.LargeImages>
+        <Image>res/makedefaultlarge.bmp</Image>
+      </Command.LargeImages>
+    </Command>
+    <Command Name="cmdChangePasswordButton"
+             LabelTitle="Change Password"
+             Keytip="C">
+      <Command.LargeImages>
+        <Image>res/cpwlarge.bmp</Image>
+      </Command.LargeImages>
+    </Command>
+    <Command Name="cmdIssuedCheckBox"
+             LabelTitle="Issued"
+             Keytip="I" />
+    <Command Name="cmdRenewUntilCheckBox"
+             LabelTitle="Renewable Until"
+             Keytip="R" />
+    <Command Name="cmdValidUntilCheckBox"
+             LabelTitle="Valid Until"
+             Keytip="V" />
+    <Command Name="cmdEncTypeCheckBox"
+             LabelTitle="Encryption Type"
+             Keytip="E" />
+    <Command Name="cmdFlagsCheckBox"
+             LabelTitle="Flags"
+             Keytip="F" />
+    <Command Name="cmdCcacheNameCheckBox"
+             LabelTitle="Credential Cache Name"
+             Keytip="N" />
+    <Command Name="cmdAutoRenewCheckBox"
+             LabelTitle="Automatic Ticket Renewal"
+             Keytip="R" />
+    <Command Name="cmdExpireAlarmCheckBox"
+             LabelTitle="Expiration Alarm"
+             Keytip="A" />
+    <Command Name="cmdDestroyOnExitCheckBox"
+             LabelTitle="Destroy Tickets on Exit"
+             Keytip="D" />
+    <Command Name="cmdMixedCaseCheckBox"
+             LabelTitle="Allow Mixed Case Realm Names"
+             Keytip="M" />
+  </Application.Commands>
+  <Application.Views>
+    <Ribbon>
+      <Ribbon.ApplicationMenu>
+        <ApplicationMenu CommandName="cmdAppMenu">
+          <MenuGroup>
+            <Button CommandName="cmdHelp" />
+            <Button CommandName="cmdAbout" />
+            <Button CommandName="cmdExit" />
+          </MenuGroup>
+        </ApplicationMenu>
+      </Ribbon.ApplicationMenu>
+      <Ribbon.QuickAccessToolbar>
+        <QuickAccessToolbar CommandName="cmdQAT" />
+      </Ribbon.QuickAccessToolbar>
+      <Ribbon.Tabs>
+        <Tab CommandName="cmdHomeTab">
+          <Tab.ScalingPolicy>
+            <ScalingPolicy>
+              <ScalingPolicy.IdealSizes>
+                <Scale Group="cmdTicketGroup" Size="Large" />
+                <Scale Group="cmdChangePasswordGroup" Size="Large" />
+              </ScalingPolicy.IdealSizes>
+            </ScalingPolicy>
+          </Tab.ScalingPolicy>
+          <Group CommandName="cmdTicketGroup" SizeDefinition="FourButtons">
+            <Button CommandName="cmdGetTicketButton" />
+            <Button CommandName="cmdRenewTicketButton" />
+            <Button CommandName="cmdDestroyTicketButton" />
+            <Button CommandName="cmdMakeDefaultButton" />
+          </Group>
+          <Group CommandName="cmdChangePasswordGroup"
+                 SizeDefinition="OneButton">
+            <Button CommandName="cmdChangePasswordButton" />
+          </Group>
+        </Tab>
+        <Tab CommandName="cmdOptionsTab">
+          <Group CommandName="cmdViewOptionsGroup">
+            <CheckBox CommandName="cmdIssuedCheckBox" />
+            <CheckBox CommandName="cmdRenewUntilCheckBox" />
+            <CheckBox CommandName="cmdValidUntilCheckBox" />
+            <CheckBox CommandName="cmdEncTypeCheckBox" />
+            <CheckBox CommandName="cmdFlagsCheckBox" />
+            <CheckBox CommandName="cmdCcacheNameCheckBox" />
+          </Group>
+          <Group CommandName="cmdTicketOptionsGroup" >
+            <CheckBox CommandName="cmdAutoRenewCheckBox" />
+            <CheckBox CommandName="cmdExpireAlarmCheckBox" />
+            <CheckBox CommandName="cmdDestroyOnExitCheckBox" />
+            <CheckBox CommandName="cmdMixedCaseCheckBox" />
+          </Group>
+        </Tab>
+      </Ribbon.Tabs>
+    </Ribbon>
+  </Application.Views>
+</Application>
diff --git a/krb5-1.21.3/src/windows/leash/reminder.h b/krb5-1.21.3/src/windows/leash/reminder.h
new file mode 100644
index 00000000..05dd4bdd
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/reminder.h
@@ -0,0 +1,12 @@
+#ifndef __REMINDER_H__
+#define __REMINDER_H__
+
+#define Stringize( L )        #L
+#define MakeString( M, L )    M(L)
+#define $LINE                 MakeString( Stringize, __LINE__ )
+#define Reminder              __FILE__ "(" $LINE ") : Reminder: "
+
+#endif
+
+//Put this in your .cpp file where ever you need it (NOTE: Don't end this statement with a ';' char)
+//i.e. -->> #pragma message(Reminder "Your message reminder here!!!")
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash.ico b/krb5-1.21.3/src/windows/leash/res/Leash.ico
new file mode 100644
index 00000000..235c6f44
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash.rc2 b/krb5-1.21.3/src/windows/leash/res/Leash.rc2
new file mode 100644
index 00000000..0a5dcb61
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/res/Leash.rc2
@@ -0,0 +1,14 @@
+//
+// Leash.RC2 - resources Microsoft Visual C++ does not edit directly
+//
+
+#ifdef APSTUDIO_INVOKED
+	#error this file is not editable by Microsoft Visual C++
+#endif //APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+// Add manually edited resources here...
+#include "..\ver.rc"
+
+/////////////////////////////////////////////////////////////////////////////
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash2.ico b/krb5-1.21.3/src/windows/leash/res/Leash2.ico
new file mode 100644
index 00000000..22f5fa4b
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash2.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_Doc.ico b/krb5-1.21.3/src/windows/leash/res/Leash_Doc.ico
new file mode 100644
index 00000000..323cd618
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_Doc.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tickets_green.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_green.ico
new file mode 100644
index 00000000..0d2f04e5
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_green.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tickets_orange.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_orange.ico
new file mode 100644
index 00000000..913f9c9c
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_orange.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tickets_out.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_out.ico
new file mode 100644
index 00000000..7a9b377d
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_out.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tickets_red.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_red.ico
new file mode 100644
index 00000000..a1eb326d
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tickets_red.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tkt_green.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tkt_green.ico
new file mode 100644
index 00000000..34898960
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tkt_green.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tkt_orange.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tkt_orange.ico
new file mode 100644
index 00000000..4e3a908c
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tkt_orange.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_tkt_red.ico b/krb5-1.21.3/src/windows/leash/res/Leash_tkt_red.ico
new file mode 100644
index 00000000..596a7bb6
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_tkt_red.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_toolbar.bmp b/krb5-1.21.3/src/windows/leash/res/Leash_toolbar.bmp
new file mode 100644
index 00000000..0293306b
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_toolbar.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_user_green.ico b/krb5-1.21.3/src/windows/leash/res/Leash_user_green.ico
new file mode 100644
index 00000000..903616dd
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_user_green.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_user_orange.ico b/krb5-1.21.3/src/windows/leash/res/Leash_user_orange.ico
new file mode 100644
index 00000000..57075fc8
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_user_orange.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_user_out.ico b/krb5-1.21.3/src/windows/leash/res/Leash_user_out.ico
new file mode 100644
index 00000000..a4e493c5
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_user_out.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/Leash_user_red.ico b/krb5-1.21.3/src/windows/leash/res/Leash_user_red.ico
new file mode 100644
index 00000000..9627d0d9
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/Leash_user_red.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/address.ico b/krb5-1.21.3/src/windows/leash/res/address.ico
new file mode 100644
index 00000000..1c4e81f4
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/address.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/cpwlarge.bmp b/krb5-1.21.3/src/windows/leash/res/cpwlarge.bmp
new file mode 100755
index 00000000..59eebb1a
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/cpwlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/cursor1.cur b/krb5-1.21.3/src/windows/leash/res/cursor1.cur
new file mode 100644
index 00000000..048f06b4
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/cursor1.cur differ
diff --git a/krb5-1.21.3/src/windows/leash/res/destroy.ico b/krb5-1.21.3/src/windows/leash/res/destroy.ico
new file mode 100644
index 00000000..fa7fa667
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/destroy.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/destroy_disabled.ico b/krb5-1.21.3/src/windows/leash/res/destroy_disabled.ico
new file mode 100644
index 00000000..7cc6eabd
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/destroy_disabled.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/destroylarge.bmp b/krb5-1.21.3/src/windows/leash/res/destroylarge.bmp
new file mode 100755
index 00000000..419da299
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/destroylarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/encryption.ico b/krb5-1.21.3/src/windows/leash/res/encryption.ico
new file mode 100644
index 00000000..65323ce6
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/encryption.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/exportlarge.bmp b/krb5-1.21.3/src/windows/leash/res/exportlarge.bmp
new file mode 100755
index 00000000..612f60be
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/exportlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/getticketlarge.bmp b/krb5-1.21.3/src/windows/leash/res/getticketlarge.bmp
new file mode 100755
index 00000000..4ced4efa
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/getticketlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/import.bmp b/krb5-1.21.3/src/windows/leash/res/import.bmp
new file mode 100644
index 00000000..00c75778
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/import.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/importlarge.bmp b/krb5-1.21.3/src/windows/leash/res/importlarge.bmp
new file mode 100755
index 00000000..f6e985b7
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/importlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/key.ico b/krb5-1.21.3/src/windows/leash/res/key.ico
new file mode 100644
index 00000000..34bd815a
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/key.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/makedefaultlarge.bmp b/krb5-1.21.3/src/windows/leash/res/makedefaultlarge.bmp
new file mode 100755
index 00000000..12816188
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/makedefaultlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/new.ico b/krb5-1.21.3/src/windows/leash/res/new.ico
new file mode 100644
index 00000000..6362690f
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/new.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/new_disabled.ico b/krb5-1.21.3/src/windows/leash/res/new_disabled.ico
new file mode 100644
index 00000000..3bbfa448
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/new_disabled.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/newlarge.bmp b/krb5-1.21.3/src/windows/leash/res/newlarge.bmp
new file mode 100755
index 00000000..1dfdd0f6
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/newlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/openlarge.bmp b/krb5-1.21.3/src/windows/leash/res/openlarge.bmp
new file mode 100755
index 00000000..a1f001b7
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/openlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/password.ico b/krb5-1.21.3/src/windows/leash/res/password.ico
new file mode 100644
index 00000000..3c842857
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/password.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/password_disabled.ico b/krb5-1.21.3/src/windows/leash/res/password_disabled.ico
new file mode 100644
index 00000000..d2a098ba
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/password_disabled.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/refresh.ico b/krb5-1.21.3/src/windows/leash/res/refresh.ico
new file mode 100644
index 00000000..310d9249
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/refresh.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/refresh_disabled.ico b/krb5-1.21.3/src/windows/leash/res/refresh_disabled.ico
new file mode 100644
index 00000000..a94d08bd
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/refresh_disabled.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/renew.ico b/krb5-1.21.3/src/windows/leash/res/renew.ico
new file mode 100644
index 00000000..31127c07
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/renew.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/renew_disabled.ico b/krb5-1.21.3/src/windows/leash/res/renew_disabled.ico
new file mode 100644
index 00000000..672baed7
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/renew_disabled.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/renewlarge.bmp b/krb5-1.21.3/src/windows/leash/res/renewlarge.bmp
new file mode 100755
index 00000000..4494b936
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/renewlarge.bmp differ
diff --git a/krb5-1.21.3/src/windows/leash/res/status_grayK.ico b/krb5-1.21.3/src/windows/leash/res/status_grayK.ico
new file mode 100644
index 00000000..f963f0d4
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/status_grayK.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/status_greenK.ico b/krb5-1.21.3/src/windows/leash/res/status_greenK.ico
new file mode 100644
index 00000000..d1557aa0
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/status_greenK.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/status_redK.ico b/krb5-1.21.3/src/windows/leash/res/status_redK.ico
new file mode 100644
index 00000000..3a624be1
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/status_redK.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/status_yelloK.ico b/krb5-1.21.3/src/windows/leash/res/status_yelloK.ico
new file mode 100644
index 00000000..08ba599e
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/status_yelloK.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/sync.ico b/krb5-1.21.3/src/windows/leash/res/sync.ico
new file mode 100644
index 00000000..a3f06700
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/sync.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/res/sync_disabled.ico b/krb5-1.21.3/src/windows/leash/res/sync_disabled.ico
new file mode 100644
index 00000000..0d806ab2
Binary files /dev/null and b/krb5-1.21.3/src/windows/leash/res/sync_disabled.ico differ
diff --git a/krb5-1.21.3/src/windows/leash/resource.h b/krb5-1.21.3/src/windows/leash/resource.h
new file mode 100644
index 00000000..146c539d
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/resource.h
@@ -0,0 +1,322 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by Leash.rc
+//
+#define IDD_ABOUTBOX                    100
+#define IDD_TEST2_FORM                  102
+#define ID_HELLO_WORLD                  114
+#define IDR_MAINFRAME                   128
+#define IDR_LeashTYPE                   129
+#define IDD_DIALOG1                     130
+#define IDD_FORMVIEW                    130
+#define IDD_LEASH_FORMVIEW              130
+#define IDI_TICKET_EXPIRED              141
+#define IDI_LEASH                       143
+#define IDI_TICKETTYPE_GOOD             144
+#define IDI_TICKET_GOOD                 145
+#define IDI_TICKET_LOW                  146
+#define IDI_TICKETTYPE_NOTINSTALLED     147
+#define IDI_TICKETTYPE_EXPIRED          148
+#define IDI_TICKETTYPE_LOW              149
+#define IDD_LEASH_ABOUTBOX              153
+#define IDD_DIALOG2                     154
+#define IDD_MESSAGE_BOX                 154
+#define IDD_LEASH_MESSAGE_BOX           154
+#define IDD_DIALOG3                     155
+#define IDD_DIALOG4                     156
+#define IDD_DEBUG_WINDOW                157
+#define IDD_LEASH_DEBUG_WINDOW          157
+#define IDD_PAGE1                       160
+#define IDD_PAGE2                       161
+#define IDD_KRB_PROP_CONTENT            161
+#define IDD_LEASH_PROPERTIES            167
+#define IDD_KERB5_PAGE_PROP             168
+#define IDD_KRB5_PROP_CONTENT           168
+#define IDD_KRB5_PROP_LOCATION          169
+#define IDD_KRB_REALMHOST_MAINT         178
+#define IDC_CURSOR1                     179
+#define IDD_KRB_ADD_REALM               181
+#define IDD_KRB_EDIT_REALM              182
+#define IDD_DIALOG5                     187
+#define IDD_KRB_ADD_KDC_HOSTSERVER      197
+#define IDD_KRB_EDIT_KDC_HOSTSERVER     199
+#define IDD_DIALOG6                     207
+#define IDD_KRB_DOMAINREALM_MAINT       207
+#define IDD_DIALOG7                     210
+#define IDI_ICON1                       221
+#define IDD_AUTHENTICATE                229
+#define IDI_LEASH_PRINCIPAL_GOOD        230
+#define IDI_LEASH_PRINCIPAL_LOW         231
+#define IDI_LEASH_PRINCIPAL_EXPIRED     232
+#define IDI_LEASH_PRINCIPAL_NONE        233
+#define IDB_BITMAP1                     239
+#define IDI_TOOLBAR_INIT                240
+#define IDI_TOOLBAR_RENEW               241
+#define IDI_TOOLBAR_DESTROY             243
+#define IDI_TOOLBAR_PASSWORD            244
+#define IDI_TOOLBAR_REFRESH             245
+#define IDI_TOOLBAR_SYNC                246
+#define IDI_TOOLBAR_INIT_DISABLED       247
+#define IDI_TOOLBAR_RENEW_DISABLED      248
+#define IDI_TOOLBAR_DESTROY_DISABLED    250
+#define IDI_TOOLBAR_PASSWORD_DISABLED   251
+#define IDI_TOOLBAR_REFRESH_DISABLED    252
+#define IDI_TOOLBAR_SYNC_DISABLED       253
+#define MENU_TRAYICON                   254
+#define ID_LEASH_RESTORE                255
+#define IDD_FRAMEOWNER                  256
+#define ID_LEASH_MINIMIZE               257
+#define IDI_LEASH_TRAY_GOOD             258
+#define IDI_LEASH_TRAY_LOW              259
+#define IDI_LEASH_TRAY_EXPIRED          260
+#define IDI_LEASH_TRAY_NONE             261
+#define IDI_LEASH_TICKET_ADDRESS        262
+#define IDI_LEASH_TICKET_SESSION        263
+#define IDI_LEASH_TICKET_ENCRYPTION     264
+#define IDC_PROGRESS1                   1000
+#define IDC_TRACKBAR1                   1001
+#define IDC_TRACKBAR2                   1002
+#define IDC_BUDDY_SPIN1                 1003
+#define IDC_SPIN1                       1004
+#define IDC_LISTVIEW1                   1005
+#define IDC_TREEVIEW1                   1006
+#define IDC_TREEVIEW                    1006
+#define IDC_STATIC_TRACK1               1007
+#define IDC_STATIC_TRACK2               1008
+#define IDC_STATIC_LISTVIEW1            1009
+#define IDC_STATIC_TREEVIEW1            1010
+#define IDC_LABEL_KERB_TICKETS          1011
+#define IDC_LIST1                       1012
+#define IDC_LEASH_MODULE_LB             1012
+#define IDC_LIST_UTILITY                1012
+#define IDC_LIST_KDC_REALM              1012
+#define IDC_LIST_REMOVE_HOST            1012
+#define IDC_LISTBOX_DLL_LOADED          1013
+#define IDC_STATIC_ABOUTBOX_LEASH       1014
+#define IDC_STATIC_VERSION              1015
+#define IDC_STATIC_COPYRIGHT            1016
+#define IDC_STATIC_MODULES_LOADED       1018
+#define IDC_LEASH_WARNING_MSG           1019
+#define IDC_DEBUG_LISTBOX               1022
+#define IDC_COPY_TO_CLIPBOARD           1023
+#define IDC_LOG_FILE_LOCATION_LABEL     1024
+#define IDC_LOG_FILE_LOCATION_TEXT      1025
+#define IDC_LEASH_MODULES               1029
+#define IDC_ALL_MODULES                 1030
+#define IDC_PROPERTIES                  1031
+#define IDC_STATIC_NO_OF_MODULES        1036
+#define IDC_BUTTON_LEASHINI_DETAILS     1037
+#define IDC_BUTTON_LEASHINI_HELP        1037
+#define IDC_STATIC_LEASHINI_LOCATION    1038
+#define IDC_BUTTON_LEASHINI_HELP2       1039
+#define IDC_EDIT_LEASHINI               1040
+#define IDC_EDIT_KRB_LOCATION           1041
+#define IDC_EDIT_KRBREALM_LOCATION      1042
+#define IDC_STATIC_KRBCON_LOCATION      1043
+#define IDC_STATIC_KRBREALM_LOCATION    1044
+#define IDC_EDIT_KRB_KRBREALM_LOC       1045
+#define IDC_EDIT_KRB_LOC                1045
+#define IDC_EDIT_KRBREALM_LOC           1046
+#define IDC_BUTTON_KRB_BROWSE           1047
+#define IDC_BUTTON_KRBREALM_BROWSE      1048
+#define IDC_STATIC_LEASH                1049
+#define IDC_STATIC_KRB                  1050
+#define IDC_EDITKRB5_LOCATION           1051
+#define IDC_STATIC_KRB5_LOCATION        1052
+#define IDC_STATIC_KRB5INI_LOCATION     1052
+#define IDC_BUTTON_KRB_DETAILS          1053
+#define IDC_BUTTON_KRBFILES_HELP        1053
+#define IDC_BUTTON_KRBTKT_HELP          1054
+#define IDC_STATIC_NDIR                 1055
+#define IDC_EDIT_NDIR                   1056
+#define IDC_STATIC_LEASH_PROPERTIES     1057
+#define IDC_STATIC_DEFAULT_REALM        1058
+#define IDC_EDIT_DEFAULT_REALM          1059
+#define IDC_EDIT_REALM_HOSTNAME         1060
+#define IDC_RADIO_ADMIN_SERVER          1062
+#define IDC_RADIO_NO_ADMIN_SERVER       1063
+#define IDC_EDIT_KRBTKFILE              1064
+#define IDC_STATIC_KRBTKFILE            1065
+#define IDC_NOT_LOADED_MODULES          1066
+#define IDC_STATIC_TICKET_FILE          1067
+#define IDC_EDIT_TICKET_FILE            1068
+#define IDC_STATIC_KRB5_TICKET_FILE     1068
+#define IDC_BUTTON_TICKETFILE_BROWSE    1069
+#define IDC_EDIT_KRB5_TXT_FILE          1069
+#define IDC_STATIC_CONFIG_FILES         1070
+#define IDC_BUTTON_KRB5_TICKETFILE_BROWSE 1070
+#define IDC_STATIC_TICKETFILE           1071
+#define IDC_CHECK_PROXIABLE             1073
+#define IDC_CHECK_FORWARDABLE           1074
+#define IDC_EDIT_KRB5INI_LOCATION       1076
+#define IDC_BUTTON_KRB5INI_BROWSE       1077
+#define IDC_BUTTON_KRB5INI_HELP         1078
+#define IDC_STATIC__KRB5_TICKETFILE     1079
+#define IDC_BUTTON_KRB5TKT_HELP         1080
+#define IDC_EDIT_TIME_SERVER            1081
+#define IDC_STATIC_TIMESERVER           1082
+#define IDC_STATIC_OPTIONS              1083
+#define IDC_STATIC_TICKET_OPTIONS       1085
+#define IDC_BUTTON1                     1086
+#define IDC_RESET_DEFAULTS              1086
+#define IDC_BUTTON_KRB_HELP             1087
+#define IDC_STATIC_KRBREALM             1088
+#define IDC_BUTTON_KRBREALM_HELP        1089
+#define IDC_STATIC_HOST                 1092
+#define IDC_STATIC_DOMAIN               1093
+#define IDC_EDIT_HOSTNAME               1096
+#define IDC_EDIT_DOMAINNAME             1097
+#define IDC_STATIC_REALM_HOSTNAME       1098
+#define ID_BUTTON_HOSTNAME_REMOVE       1100
+#define IDC_STATIC_CFG_LOCATION         1103
+#define IDC_BUTTON_HOSTNAME_ADD         1104
+#define IDC_BUTTON_HOSTMAINT_HELP       1105
+#define IDC_BUTTON_HOSTNAME_EDIT        1106
+#define IDC_STATIC_HAS_ADMINSERVER_     1107
+#define IDC_STATIC_NO_ADMINSERVER       1108
+#define IDC_BUTTON_REALM_HOST_ADD       1110
+#define ID_BUTTON_REALM_HOST_REMOVE     1111
+#define ID_BUTTON_REALM_REMOVE          1111
+#define IDC_BUTTON_REALM_HOST_EDIT      1112
+#define IDC_BUTTON_REALM_EDIT           1112
+#define IDC_BUTTON_REALMHOST_MAINT_HELP 1113
+#define IDC_EDIT_DOMAINHOSTNAME         1115
+#define IDC_LIST_DOMAINREALM            1116
+#define IDC_EDIT_DOMAINHOST             1117
+#define IDC_BUTTON_KDCHOST_ADD          1117
+#define IDC_EDIT_REALMNAME              1118
+#define IDC_BUTTON_KDCHOST_REMOVE       1118
+#define stc32                           0x045f
+#define IDC_EDIT_DOMAINREALMNAME        1119
+#define IDC_BUTTON_KDCHOST_EDIT         1119
+#define IDC_STATIC_TICKET_FILEPATH      1120
+#define IDC_LIST_KDC_HOST               1123
+#define IDC_STATIC_REALM                1124
+#define IDC_BUTTON_ADMINSERVER          1125
+#define IDC_BUTTON_REMOVE_ADMINSERVER   1126
+#define IDC_STATIC_NOTE                 1129
+#define IDC_EDIT_KDC_HOST               1130
+#define IDC_EDIT_REALM                  1131
+#define IDC_BUTTON_REALMHOST_MAINT_HELP2 1136
+#define IDC_BUTTON_HOST_ADD             1138
+#define ID_BUTTON_HOST_REMOVE           1139
+#define IDC_BUTTON_HOST_EDIT            1140
+#define IDC_STATIC_KRBCON               1141
+#define IDC_STATIC_KRBCON_LABEL         1142
+#define IDC_STATIC_KRBREALM_LABEL       1143
+#define IDC_STATIC_TXT                  1145
+#define IDC_STATIC_TIMEHOST             1147
+#define IDC_STATIC_CONFILES             1148
+#define IDC_STATIC_KRBREALMS            1149
+#define IDC_STATIC_INIFILES             1150
+#define IDC_CHECK_CONFIRM_KRB5_EXISTS   1151
+#define IDC_STATIC_KRB_DEFAULT_LIFETIME 1154
+#define IDC_STATIC_TIME_UNITS           1155
+#define IDC_STATIC_KRB_DEFAULT_RENEWTILL 1155
+#define IDC_EDIT_DEFAULT_LIFETIME       1156
+#define IDC_ABOUT_COPYRIGHT             1158
+#define IDC_ABOUT_VERSION               1159
+#define IDC_CHECK_RENEWABLE             1159
+#define IDC_CHECK_NO_ADDRESS            1160
+#define IDC_IPADDRESS_PUBLIC            1162
+#define IDC_STATIC_IPADDR               1163
+#define IDC_STATIC_NAME                 1164
+#define IDC_STATIC_PWD                  1165
+#define IDC_EDIT1                       1166
+#define IDC_EDIT_LIFE_MIN_D             1166
+#define IDC_COMBO1                      1167
+#define IDC_EDIT_LIFETIME_D             1167
+#define IDC_EDIT2                       1168
+#define IDC_EDIT_LIFE_MIN_H             1168
+#define IDC_STATIC_LIFETIME             1169
+#define IDC_EDIT_RENEWTILL_D            1169
+#define IDC_SLIDER1                     1170
+#define IDC_EDIT_LIFETIME_H             1170
+#define IDC_STATIC_KRB5                 1171
+#define IDC_EDIT_RENEWTILL_H            1171
+#define IDC_CHECK1                      1172
+#define IDC_CHECK2                      1173
+#define IDC_CHECK_PRESERVE_KINIT_OPTIONS 1173
+#define IDC_CHECK3                      1174
+#define IDC_SLIDER2                     1175
+#define IDC_STATIC_LIFETIME_VALUE       1176
+#define IDC_STATIC_RENEW_TILL_VALUE     1177
+#define IDC_PICTURE                     1179
+#define IDC_DNS_KDC                     1180
+#define IDC_CHECK_CREATE_MISSING_CFG    1182
+#define IDC_GROUP_LEASH_MISC            1183
+#define IDC_STATIC_LIFETIME_RANGE       1184
+#define IDC_STATIC_RENEW_TILL_RANGE     1185
+#define IDC_EDIT_LIFE_MIN_M             1190
+#define IDC_EDIT_LIFE_MAX_D             1191
+#define IDC_EDIT_LIFE_MAX_H             1192
+#define IDC_EDIT_LIFE_MAX_M             1193
+#define IDC_STATIC_LIFE_RANGE_MIN       1194
+#define IDC_EDIT_RENEW_MIN_D            1195
+#define IDC_EDIT_RENEW_MIN_H            1196
+#define IDC_EDIT_RENEW_MIN_M            1197
+#define IDC_EDIT_RENEW_MAX_D            1198
+#define IDC_EDIT_RENEW_MAX_H            1199
+#define IDC_EDIT_RENEW_MAX_M            1200
+#define IDC_EDIT_LIFETIME_M             1201
+#define IDC_EDIT_RENEWTILL_M            1202
+#define IDC_STATIC_LEASH_MSLSA          1206
+#define IDC_LEASH_MAINVIEW              1207
+#define IDC_LIST3                       1208
+#define IDD_FILESPECIAL                 1536
+#define IDD_LEASH_FILESPECIAL           1536
+#define IDD_KRB_PROP_MISC               1537
+#define ID_RENEW_TICKET                 32776
+#define ID_DESTROY_TICKET               32777
+#define ID_SYN_TIME                     32778
+#define ID_CHANGE_PASSWORD              32779
+#define ID_UPDATE_DISPLAY               32780
+#define ID_DEBUG_MODE                   32781
+#define ID_CFG_FILES                    32782
+#define ID_HELP_LEASH_                  32783
+#define ID_HELP_KERBEROS_               32784
+#define ID_KILL_TIX_ONEXIT              32785
+#define ID_LARGE_ICONS                  32786
+#define ID_UPPERCASE_REALM              32787
+#define ID_OPTIONS_RESETWINDOWSIZE      32789
+#define ID_RESET_WINDOW_SIZE            32790
+#define ID_SYSTEM_CONTROL_PANEL         32792
+#define ID_KRB5_PROPERTIES              32794
+#define ID_LEASH_PROPERTIES             32795
+#define ID_OPTIONS_LOWTICKETALARMSOUND  32796
+#define ID_LOW_TICKET_ALARM             32798
+#define ID_KRBCHECK                     32799
+#define ID_PROPERTIES                   32801
+#define ID_NEW_ITEM                     32802
+#define ID_HELP_CONTENTS                32803
+#define ID_HELP_FIND                    32803
+#define ID_HELP_LEASH32                 32804
+#define ID_HELP_WHYUSELEASH32           32805
+#define ID_INIT_TICKET                  32807
+#define ID_AUTO_RENEW                   32808
+#define ID_OBTAIN_TGT_WITH_LPARAM       32809
+#define ID_TIME_ISSUED                  32810
+#define ID_RENEWABLE_UNTIL              32811
+#define ID_SHOW_TICKET_FLAGS            32812
+#define ID_BUTTON2                      32813
+#define ID_BUTTON5                      32816
+#define ID_BUTTON4                      32818
+#define ID_FORGET_PRINCIPALS            32818
+#define ID_ENCRYPTION_TYPE              32826
+#define ID_VALID_UNTIL                  32828
+#define ID_MAKE_DEFAULT                 32835
+#define ID_CHECK2                       32836
+#define ID_EXPORT_TICKET                32837
+#define ID_CCACHE_NAME                  32841
+
+// Next default values for new objects
+//
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_3D_CONTROLS                     1
+#define _APS_NEXT_RESOURCE_VALUE        269
+#define _APS_NEXT_COMMAND_VALUE         32841
+#define _APS_NEXT_CONTROL_VALUE         1209
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/krb5-1.21.3/src/windows/leash/ver.rc b/krb5-1.21.3/src/windows/leash/ver.rc
new file mode 100644
index 00000000..09575d47
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leash/ver.rc
@@ -0,0 +1,3 @@
+#define VER_FILEDESCRIPTION_STR 	"Leash Application"
+
+#include "..\version.rc"
diff --git a/krb5-1.21.3/src/windows/leashdll/Makefile.in b/krb5-1.21.3/src/windows/leashdll/Makefile.in
new file mode 100644
index 00000000..76df81bd
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/Makefile.in
@@ -0,0 +1,58 @@
+BUILDTOP=..\..
+
+DLL_NAME=leashw$(BITS)
+DEF_FILE=leashw32.def
+
+OBJS=	$(OUTPRE)krb5routines.$(OBJEXT) \
+	$(OUTPRE)leashdll.$(OBJEXT) \
+	$(OUTPRE)leasherr.$(OBJEXT) \
+	$(OUTPRE)lsh_pwd.$(OBJEXT) \
+	$(OUTPRE)lshfunc.$(OBJEXT) \
+	$(OUTPRE)lshutil.$(OBJEXT) \
+	$(OUTPRE)timesync.$(OBJEXT) \
+	$(OUTPRE)winerr.$(OBJEXT) \
+	$(OUTPRE)winutil.$(OBJEXT)
+
+#TODO: Fix resource compilation
+RESFILE = $(OUTPRE)lsh_pwd.res
+XOBJS	= $(RESFILE)
+
+RCFLAGS = -I$(BUILDTOP)\include -I$(BUILDTOP) -DLEASHDLL_LIB
+
+###From another project inside K 1.9:
+###VERSIONRC = $(BUILDTOP)\windows\version.rc
+###RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+
+# Set NODEBUG if building release instead of debug
+
+LOCALINCLUDES = -I$(BUILDTOP)\include -I$(BUILDTOP)\windows\include
+
+WINLIBS = kernel32.lib advapi32.lib user32.lib gdi32.lib Version.lib \
+	  ws2_32.lib dnsapi.lib $(BUILDTOP)\ccapi\lib\win\srctmp\$(CCLIB).lib
+
+WINDLLFLAGS = /nologo /dll /incremental:no /release $(LOPTS)
+
+
+DEFINES = -DWINSOCK -DWIN32 -DWINDOWS -DUSE_MESSAGE_BOX
+!ifdef NODEBUG
+DEFINES = $(DEFINES)
+!else
+DEFINES = $(DEFINES) -DDBG
+!endif
+
+all-windows:
+all-windows: $(OUTPRE)$(DLL_NAME).dll
+
+clean-windows::
+	$(RM) $(OUTPRE)$(DLL_NAME).dll
+
+$(OUTPRE)$(DLL_NAME).dll: $(DEF_FILE) $(OBJS) $(XOBJS)
+	link $(WINDLLFLAGS) -def:$(DEF_FILE) -out:$*.dll \
+	$(OBJS) $(XOBJS) $(WINLIBS) ../lib/$(OUTPRE)libwin.lib
+	$(_VC_MANIFEST_EMBED_DLL)
+
+#TODO: Add dependencies on include files here
+
+$(RESFILE): lsh_pwd.rc ../version.rc ../kerberos.ver
+
diff --git a/krb5-1.21.3/src/windows/leashdll/krb5routines.c b/krb5-1.21.3/src/windows/leashdll/krb5routines.c
new file mode 100644
index 00000000..4380d293
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/krb5routines.c
@@ -0,0 +1,838 @@
+// Module name: krb5routines.c
+
+#include <windows.h>
+#define SECURITY_WIN32
+#include <security.h>
+
+/* _WIN32_WINNT must be 0x0501 or greater to pull in definition of
+ * all required LSA data types when the Vista SDK NtSecAPI.h is used.
+ */
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0501
+#else
+#if _WIN32_WINNT < 0x0501
+#undef _WIN32_WINNT
+#define _WIN32_WINNT 0x0501
+#endif
+#endif
+#include <ntsecapi.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <assert.h>
+
+#include <winsock2.h>
+
+/* Private Include files */
+#include "leashdll.h"
+#include <leashwin.h>
+#include "leash-int.h"
+
+#define KRB5_DEFAULT_LIFE            60*60*10 /* 10 hours */
+
+char *GetTicketFlag(krb5_creds *cred)
+{
+   static char buf[32];
+   int i = 0;
+
+   buf[i++] = ' ';
+   buf[i++] = '(';
+
+   if (cred->ticket_flags & TKT_FLG_FORWARDABLE)
+     buf[i++] = 'F';
+
+   if (cred->ticket_flags & TKT_FLG_FORWARDED)
+     buf[i++] = 'f';
+
+   if (cred->ticket_flags & TKT_FLG_PROXIABLE)
+     buf[i++] = 'P';
+
+   if (cred->ticket_flags & TKT_FLG_PROXY)
+     buf[i++] = 'p';
+
+   if (cred->ticket_flags & TKT_FLG_MAY_POSTDATE)
+     buf[i++] = 'D';
+
+   if (cred->ticket_flags & TKT_FLG_POSTDATED)
+     buf[i++] = 'd';
+
+   if (cred->ticket_flags & TKT_FLG_INVALID)
+     buf[i++] = 'i';
+
+   if (cred->ticket_flags & TKT_FLG_RENEWABLE)
+     buf[i++] = 'R';
+
+   if (cred->ticket_flags & TKT_FLG_INITIAL)
+     buf[i++] = 'I';
+
+   if (cred->ticket_flags & TKT_FLG_HW_AUTH)
+     buf[i++] = 'H';
+
+   if (cred->ticket_flags & TKT_FLG_PRE_AUTH)
+     buf[i++] = 'A';
+
+   buf[i++] = ')';
+   buf[i] = '\0';
+
+   if (i <= 3)
+     buf[0] = '\0';
+
+   return buf;
+}
+
+int
+LeashKRB5_renew(void)
+{
+    krb5_error_code		        code = 0;
+    krb5_context		        ctx = 0;
+    krb5_ccache			        cc = 0;
+    krb5_principal		        me = 0;
+    krb5_principal              server = 0;
+    krb5_creds			        my_creds;
+    krb5_data                   *realm = 0;
+
+    if ( !pkrb5_init_context )
+        goto cleanup;
+
+	memset(&my_creds, 0, sizeof(krb5_creds));
+
+    code = pkrb5_init_context(&ctx);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_default(ctx, &cc);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_get_principal(ctx, cc, &me);
+    if (code) goto cleanup;
+
+    realm = krb5_princ_realm(ctx, me);
+
+    code = pkrb5_build_principal_ext(ctx, &server,
+                                    realm->length,realm->data,
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    realm->length,realm->data,
+                                    0);
+    if ( code ) goto cleanup;
+
+    my_creds.client = me;
+    my_creds.server = server;
+
+    pkrb5_cc_set_flags(ctx, cc, 0);
+    code = pkrb5_get_renewed_creds(ctx, &my_creds, me, cc, NULL);
+    pkrb5_cc_set_flags(ctx, cc, KRB5_TC_NOTICKET);
+    if (code) {
+        if (code != KRB5KDC_ERR_ETYPE_NOSUPP && code != KRB5_KDC_UNREACH &&
+            code != KRB5_CC_NOTFOUND)
+            Leash_krb5_error(code, "krb5_get_renewed_creds()", 0, &ctx, &cc);
+        goto cleanup;
+    }
+
+    code = pkrb5_cc_initialize(ctx, cc, me);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
+    if (code) goto cleanup;
+
+  cleanup:
+    if (my_creds.client == me)
+        my_creds.client = 0;
+    if (my_creds.server == server)
+        my_creds.server = 0;
+    pkrb5_free_cred_contents(ctx, &my_creds);
+    if (me)
+        pkrb5_free_principal(ctx, me);
+    if (server)
+        pkrb5_free_principal(ctx, server);
+    if (cc)
+        pkrb5_cc_close(ctx, cc);
+    if (ctx)
+        pkrb5_free_context(ctx);
+    return(code);
+}
+
+static krb5_error_code KRB5_CALLCONV
+leash_krb5_prompter( krb5_context context,
+					 void *data,
+					 const char *name,
+					 const char *banner,
+					 int num_prompts,
+					 krb5_prompt prompts[]);
+
+int
+Leash_krb5_kinit(
+krb5_context alt_ctx,
+HWND hParent,
+char *principal_name,
+char *password,
+krb5_deltat lifetime,
+DWORD                       forwardable,
+DWORD                       proxiable,
+krb5_deltat                 renew_life,
+DWORD                       addressless,
+DWORD                       publicIP
+)
+{
+    krb5_error_code		        code = 0;
+    krb5_context		        ctx = 0;
+    krb5_ccache			        cc = 0, defcache = 0;
+    krb5_principal		        me = 0;
+    char*                       name = 0;
+    krb5_creds			        my_creds;
+    krb5_get_init_creds_opt *   options = NULL;
+    krb5_address **             addrs = NULL;
+    int                         i = 0, addr_count = 0;
+    int                         cc_new = 0;
+    const char *                deftype = NULL;
+
+    if (!pkrb5_init_context)
+        return 0;
+
+    memset(&my_creds, 0, sizeof(my_creds));
+
+    if (alt_ctx)
+    {
+        ctx = alt_ctx;
+    }
+    else
+    {
+        code = pkrb5_init_context(&ctx);
+        if (code) goto cleanup;
+    }
+
+    code = pkrb5_get_init_creds_opt_alloc(ctx, &options);
+    if (code) goto cleanup;
+
+    code = pkrb5_cc_default(ctx, &defcache);
+    if (code) goto cleanup;
+
+    code = pkrb5_parse_name(ctx, principal_name, &me);
+    if (code) goto cleanup;
+
+    deftype = pkrb5_cc_get_type(ctx, defcache);
+    if (me != NULL && pkrb5_cc_support_switch(ctx, deftype)) {
+        /* Use an existing cache for the specified principal if we can. */
+        code = pkrb5_cc_cache_match(ctx, me, &cc);
+        if (code != 0 && code != KRB5_CC_NOTFOUND)
+            goto cleanup;
+        if (code == KRB5_CC_NOTFOUND) {
+            code = pkrb5_cc_new_unique(ctx, deftype, NULL, &cc);
+            if (code)
+                goto cleanup;
+            cc_new = 1;
+        }
+        pkrb5_cc_close(ctx, defcache);
+    } else {
+        cc = defcache;
+    }
+
+    code = pkrb5_unparse_name(ctx, me, &name);
+    if (code) goto cleanup;
+
+    if (lifetime == 0)
+        lifetime = Leash_get_default_lifetime();
+    else
+        lifetime *= 5*60;
+
+	if (renew_life > 0)
+		renew_life *= 5*60;
+
+    if (lifetime)
+        pkrb5_get_init_creds_opt_set_tkt_life(options, lifetime);
+	pkrb5_get_init_creds_opt_set_forwardable(options,
+                                             forwardable ? 1 : 0);
+	pkrb5_get_init_creds_opt_set_proxiable(options,
+                                           proxiable ? 1 : 0);
+	pkrb5_get_init_creds_opt_set_renew_life(options,
+                                            renew_life);
+    if (addressless)
+        pkrb5_get_init_creds_opt_set_address_list(options,NULL);
+    else {
+		if (publicIP)
+        {
+            // we are going to add the public IP address specified by the user
+            // to the list provided by the operating system
+            krb5_address ** local_addrs=NULL;
+            DWORD           netIPAddr;
+
+            pkrb5_os_localaddr(ctx, &local_addrs);
+            while ( local_addrs[i++] );
+            addr_count = i + 1;
+
+            addrs = (krb5_address **) malloc((addr_count+1) * sizeof(krb5_address *));
+            if ( !addrs ) {
+                pkrb5_free_addresses(ctx, local_addrs);
+                assert(0);
+            }
+            memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1));
+            i = 0;
+            while ( local_addrs[i] ) {
+                addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+                if (addrs[i] == NULL) {
+                    pkrb5_free_addresses(ctx, local_addrs);
+                    assert(0);
+                }
+
+                addrs[i]->magic = local_addrs[i]->magic;
+                addrs[i]->addrtype = local_addrs[i]->addrtype;
+                addrs[i]->length = local_addrs[i]->length;
+                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+                if (!addrs[i]->contents) {
+                    pkrb5_free_addresses(ctx, local_addrs);
+                    assert(0);
+                }
+
+                memcpy(addrs[i]->contents,local_addrs[i]->contents,
+                        local_addrs[i]->length);        /* safe */
+                i++;
+            }
+            pkrb5_free_addresses(ctx, local_addrs);
+
+            addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+            if (addrs[i] == NULL)
+                assert(0);
+
+            addrs[i]->magic = KV5M_ADDRESS;
+            addrs[i]->addrtype = AF_INET;
+            addrs[i]->length = 4;
+            addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+            if (!addrs[i]->contents)
+                assert(0);
+
+            netIPAddr = htonl(publicIP);
+            memcpy(addrs[i]->contents,&netIPAddr,4);
+
+            pkrb5_get_init_creds_opt_set_address_list(options,addrs);
+
+        }
+    }
+
+    code = pkrb5_get_init_creds_opt_set_out_ccache(ctx, options, cc);
+    if (code)
+        goto cleanup;
+
+    code = pkrb5_get_init_creds_password(ctx,
+                                       &my_creds,
+                                       me,
+                                       password, // password
+                                       leash_krb5_prompter, // prompter
+                                       hParent, // prompter data
+                                       0, // start time
+                                       0, // service name
+                                       options);
+    // @TODO: make this an option
+    if ((!code) && (cc != defcache)) {
+        code = pkrb5_cc_switch(ctx, cc);
+        if (!code) {
+            const char *cctype = pkrb5_cc_get_type(ctx, cc);
+            if (cctype != NULL) {
+                char defname[20];
+                sprintf_s(defname, sizeof(defname), "%s:", cctype);
+                pkrb5int_cc_user_set_default_name(ctx, defname);
+            }
+        }
+    }
+ cleanup:
+    if (code && cc_new) {
+        // don't leave newly-generated empty ccache lying around on failure
+        pkrb5_cc_destroy(ctx, cc);
+        cc = NULL;
+    }
+    if ( addrs ) {
+        for ( i=0;i<addr_count;i++ ) {
+            if ( addrs[i] ) {
+                if ( addrs[i]->contents )
+                    free(addrs[i]->contents);
+                free(addrs[i]);
+            }
+        }
+    }
+    if (my_creds.client == me)
+	my_creds.client = 0;
+    pkrb5_free_cred_contents(ctx, &my_creds);
+    if (name)
+	pkrb5_free_unparsed_name(ctx, name);
+    if (me)
+	pkrb5_free_principal(ctx, me);
+    if (cc)
+	pkrb5_cc_close(ctx, cc);
+    if (options)
+        pkrb5_get_init_creds_opt_free(ctx, options);
+    if (ctx && (ctx != alt_ctx))
+	pkrb5_free_context(ctx);
+    return(code);
+}
+
+
+/**************************************/
+/* LeashKRB5destroyTicket():          */
+/**************************************/
+int
+Leash_krb5_kdestroy(
+    void
+    )
+{
+    krb5_context		ctx;
+    krb5_ccache			cache;
+    krb5_error_code		rc;
+
+    ctx = NULL;
+    cache = NULL;
+    rc = Leash_krb5_initialize(&ctx);
+    if (rc)
+        return(rc);
+
+    if (rc = pkrb5_cc_default(ctx, &cache))
+        return(rc);
+
+    rc = pkrb5_cc_destroy(ctx, cache);
+
+    if (ctx != NULL)
+        pkrb5_free_context(ctx);
+
+    return(rc);
+
+}
+
+krb5_error_code
+Leash_krb5_cc_default(krb5_context *ctx, krb5_ccache *cache)
+{
+    krb5_error_code rc;
+    krb5_flags flags;
+
+    char *functionName = NULL;
+    if (*cache == 0) {
+        rc = pkrb5_cc_default(*ctx, cache);
+        if (rc) {
+            functionName = "krb5_cc_default()";
+            goto on_error;
+        }
+    }
+    flags = KRB5_TC_NOTICKET;
+    rc = pkrb5_cc_set_flags(*ctx, *cache, flags);
+    if (rc) {
+        if (rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) {
+            if (*cache != NULL && *ctx != NULL)
+                pkrb5_cc_close(*ctx, *cache);
+        } else {
+            functionName = "krb5_cc_set_flags()";
+            goto on_error;
+        }
+    }
+on_error:
+    if (rc && functionName) {
+        Leash_krb5_error(rc, functionName, 0, ctx, cache);
+    }
+    return rc;
+}
+
+/**************************************/
+/* Leash_krb5_initialize():             */
+/**************************************/
+int Leash_krb5_initialize(krb5_context *ctx)
+{
+    LPCSTR          functionName = NULL;
+    krb5_error_code	rc;
+
+    if (pkrb5_init_context == NULL)
+        return 1;
+
+    if (*ctx == 0) {
+        if (rc = (*pkrb5_init_context)(ctx)) {
+            functionName = "krb5_init_context()";
+            return Leash_krb5_error(rc, functionName, 0, ctx, NULL);
+        }
+    }
+    return 0;
+}
+
+
+/**************************************/
+/* Leash_krb5_error():           */
+/**************************************/
+int
+Leash_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
+                 int FreeContextFlag, krb5_context * ctx,
+                 krb5_ccache * cache)
+{
+#ifdef USE_MESSAGE_BOX
+    char message[256];
+    const char *errText;
+
+    errText = perror_message(rc);
+    _snprintf(message, sizeof(message),
+              "%s\n(Kerberos error %ld)\n\n%s failed",
+              errText,
+              rc,
+              FailedFunctionName);
+    message[sizeof(message)-1] = 0;
+
+    MessageBox(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
+               MB_TASKMODAL |
+               MB_SETFOREGROUND);
+#endif /* USE_MESSAGE_BOX */
+
+    if (ctx != NULL && *ctx != NULL) {
+        if (cache != NULL && *cache != NULL) {
+            pkrb5_cc_close(*ctx, *cache);
+            *cache = NULL;
+        }
+
+        if (FreeContextFlag) {
+            pkrb5_free_context(*ctx);
+            *ctx = NULL;
+        }
+    }
+
+    return rc;
+}
+
+
+/* User Query data structures and functions */
+
+struct textField {
+    char * buf;                       /* Destination buffer address */
+    int    len;                       /* Destination buffer length */
+    char * label;                     /* Label for this field */
+    char * def;                       /* Default response for this field */
+    int    echo;                      /* 0 = no, 1 = yes, 2 = asterisks */
+};
+
+static int                mid_cnt = 0;
+static struct textField * mid_tb = NULL;
+
+#define ID_TEXT       150
+#define ID_MID_TEXT 300
+
+static BOOL CALLBACK
+MultiInputDialogProc( HWND hDialog, UINT message, WPARAM wParam, LPARAM lParam)
+{
+    int i;
+
+    switch ( message ) {
+    case WM_INITDIALOG:
+        if ( GetDlgCtrlID((HWND) wParam) != ID_MID_TEXT )
+        {
+            SetFocus(GetDlgItem( hDialog, ID_MID_TEXT));
+            return FALSE;
+        }
+		for ( i=0; i < mid_cnt ; i++ ) {
+			if (mid_tb[i].echo == 0)
+				SendDlgItemMessage(hDialog, ID_MID_TEXT+i, EM_SETPASSWORDCHAR, 32, 0);
+		    else if (mid_tb[i].echo == 2)
+				SendDlgItemMessage(hDialog, ID_MID_TEXT+i, EM_SETPASSWORDCHAR, '*', 0);
+		}
+        return TRUE;
+
+    case WM_COMMAND:
+        switch ( LOWORD(wParam) ) {
+        case IDOK:
+            for ( i=0; i < mid_cnt ; i++ ) {
+                if ( !GetDlgItemText(hDialog, ID_MID_TEXT+i, mid_tb[i].buf, mid_tb[i].len) )
+                    *mid_tb[i].buf = '\0';
+            }
+            /* fallthrough */
+        case IDCANCEL:
+            EndDialog(hDialog, LOWORD(wParam));
+            return TRUE;
+        }
+    }
+    return FALSE;
+}
+
+static LPWORD
+lpwAlign( LPWORD lpIn )
+{
+    ULONG ul;
+
+    ul = (ULONG) lpIn;
+    ul += 3;
+    ul >>=2;
+    ul <<=2;
+    return (LPWORD) ul;;
+}
+
+/*
+ * dialog widths are measured in 1/4 character widths
+ * dialog height are measured in 1/8 character heights
+ */
+
+static LRESULT
+MultiInputDialog( HINSTANCE hinst, HWND hwndOwner,
+                  char * ptext[], int numlines, int width,
+                  int tb_cnt, struct textField * tb)
+{
+    HGLOBAL hgbl;
+    LPDLGTEMPLATE lpdt;
+    LPDLGITEMTEMPLATE lpdit;
+    LPWORD lpw;
+    LPWSTR lpwsz;
+    LRESULT ret;
+    int nchar, i;
+    size_t pwid;
+
+    hgbl = GlobalAlloc(GMEM_ZEROINIT, 4096);
+    if (!hgbl)
+        return -1;
+
+    mid_cnt = tb_cnt;
+    mid_tb = tb;
+
+    lpdt = (LPDLGTEMPLATE)GlobalLock(hgbl);
+
+    // Define a dialog box.
+
+    lpdt->style = WS_POPUP | WS_BORDER | WS_SYSMENU
+                   | DS_MODALFRAME | WS_CAPTION | DS_CENTER
+                   | DS_SETFOREGROUND | DS_3DLOOK
+                   | DS_SHELLFONT | DS_NOFAILCREATE;
+    lpdt->cdit = numlines + (2 * tb_cnt) + 2;  // number of controls
+    lpdt->x  = 10;
+    lpdt->y  = 10;
+    lpdt->cx = 20 + width * 4;
+    lpdt->cy = 20 + (numlines + tb_cnt + 4) * 14;
+
+    lpw = (LPWORD) (lpdt + 1);
+    *lpw++ = 0;   // no menu
+    *lpw++ = 0;   // predefined dialog box class (by default)
+
+    lpwsz = (LPWSTR) lpw;
+    nchar = MultiByteToWideChar (CP_ACP, 0, "", -1, lpwsz, 128);
+    lpw   += nchar;
+    *lpw++ = 8;                        // font size (points)
+    lpwsz = (LPWSTR) lpw;
+    nchar = MultiByteToWideChar (CP_ACP, 0, "MS Shell Dlg",
+                                    -1, lpwsz, 128);
+    lpw   += nchar;
+
+    //-----------------------
+    // Define an OK button.
+    //-----------------------
+    lpw = lpwAlign (lpw); // align DLGITEMTEMPLATE on DWORD boundary
+    lpdit = (LPDLGITEMTEMPLATE) lpw;
+    lpdit->style = WS_CHILD | WS_VISIBLE | BS_DEFPUSHBUTTON | WS_TABSTOP | WS_BORDER;
+    lpdit->dwExtendedStyle = 0;
+    lpdit->x  = (lpdt->cx - 14)/4 - 20;
+    lpdit->y  = 10 + (numlines + tb_cnt + 2) * 14;
+    lpdit->cx = 40;
+    lpdit->cy = 14;
+    lpdit->id = IDOK;  // OK button identifier
+
+    lpw = (LPWORD) (lpdit + 1);
+    *lpw++ = 0xFFFF;
+    *lpw++ = 0x0080;    // button class
+
+    lpwsz = (LPWSTR) lpw;
+    nchar = MultiByteToWideChar (CP_ACP, 0, "OK", -1, lpwsz, 50);
+    lpw   += nchar;
+    *lpw++ = 0;           // no creation data
+
+    //-----------------------
+    // Define an Cancel button.
+    //-----------------------
+    lpw = lpwAlign (lpw); // align DLGITEMTEMPLATE on DWORD boundary
+    lpdit = (LPDLGITEMTEMPLATE) lpw;
+    lpdit->style = WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON | WS_TABSTOP | WS_BORDER;
+    lpdit->dwExtendedStyle = 0;
+    lpdit->x  = (lpdt->cx - 14)*3/4 - 20;
+    lpdit->y  = 10 + (numlines + tb_cnt + 2) * 14;
+    lpdit->cx = 40;
+    lpdit->cy = 14;
+    lpdit->id = IDCANCEL;  // CANCEL button identifier
+
+    lpw = (LPWORD) (lpdit + 1);
+    *lpw++ = 0xFFFF;
+    *lpw++ = 0x0080;    // button class
+
+    lpwsz = (LPWSTR) lpw;
+    nchar = MultiByteToWideChar (CP_ACP, 0, "Cancel", -1, lpwsz, 50);
+    lpw   += nchar;
+    *lpw++ = 0;           // no creation data
+
+    /* Add controls for preface data */
+    for ( i=0; i<numlines; i++) {
+        /*-----------------------
+         * Define a static text control.
+         *-----------------------*/
+        lpw = lpwAlign (lpw); /* align DLGITEMTEMPLATE on DWORD boundary */
+        lpdit = (LPDLGITEMTEMPLATE) lpw;
+        lpdit->style = WS_CHILD | WS_VISIBLE | SS_LEFT;
+        lpdit->dwExtendedStyle = 0;
+        lpdit->x  = 10;
+        lpdit->y  = 10 + i * 14;
+        lpdit->cx = strlen(ptext[i]) * 4 + 10;
+        lpdit->cy = 14;
+        lpdit->id = ID_TEXT + i;  // text identifier
+
+        lpw = (LPWORD) (lpdit + 1);
+        *lpw++ = 0xFFFF;
+        *lpw++ = 0x0082;                         // static class
+
+        lpwsz = (LPWSTR) lpw;
+        nchar = MultiByteToWideChar (CP_ACP, 0, ptext[i],
+                                         -1, lpwsz, 2*width);
+        lpw   += nchar;
+        *lpw++ = 0;           // no creation data
+    }
+
+    for ( i=0, pwid = 0; i<tb_cnt; i++) {
+        if ( pwid < strlen(tb[i].label) )
+            pwid = strlen(tb[i].label);
+    }
+
+    for ( i=0; i<tb_cnt; i++) {
+        /* Prompt */
+        /*-----------------------
+         * Define a static text control.
+         *-----------------------*/
+        lpw = lpwAlign (lpw); /* align DLGITEMTEMPLATE on DWORD boundary */
+        lpdit = (LPDLGITEMTEMPLATE) lpw;
+        lpdit->style = WS_CHILD | WS_VISIBLE | SS_LEFT;
+        lpdit->dwExtendedStyle = 0;
+        lpdit->x  = 10;
+        lpdit->y  = 10 + (numlines + i + 1) * 14;
+        lpdit->cx = pwid * 4;
+        lpdit->cy = 14;
+        lpdit->id = ID_TEXT + numlines + i;  // text identifier
+
+        lpw = (LPWORD) (lpdit + 1);
+        *lpw++ = 0xFFFF;
+        *lpw++ = 0x0082;                         // static class
+
+        lpwsz = (LPWSTR) lpw;
+        nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].label ? tb[i].label : "",
+                                     -1, lpwsz, 128);
+        lpw   += nchar;
+        *lpw++ = 0;           // no creation data
+
+        /*-----------------------
+         * Define an edit control.
+         *-----------------------*/
+        lpw = lpwAlign (lpw); /* align DLGITEMTEMPLATE on DWORD boundary */
+        lpdit = (LPDLGITEMTEMPLATE) lpw;
+        lpdit->style = WS_CHILD | WS_VISIBLE | ES_LEFT | WS_TABSTOP | WS_BORDER | (tb[i].echo == 1 ? 0L : ES_PASSWORD);
+        lpdit->dwExtendedStyle = 0;
+        lpdit->x  = 10 + (pwid + 1) * 4;
+        lpdit->y  = 10 + (numlines + i + 1) * 14;
+        lpdit->cx = (width - (pwid + 1)) * 4;
+        lpdit->cy = 14;
+        lpdit->id = ID_MID_TEXT + i;             // identifier
+
+        lpw = (LPWORD) (lpdit + 1);
+        *lpw++ = 0xFFFF;
+        *lpw++ = 0x0081;                         // edit class
+
+        lpwsz = (LPWSTR) lpw;
+        nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].def ? tb[i].def : "",
+                                     -1, lpwsz, 128);
+        lpw   += nchar;
+        *lpw++ = 0;           // no creation data
+    }
+
+    GlobalUnlock(hgbl);
+    ret = DialogBoxIndirect(hinst, (LPDLGTEMPLATE) hgbl,
+							hwndOwner, (DLGPROC) MultiInputDialogProc);
+    GlobalFree(hgbl);
+
+    switch ( ret ) {
+    case 0:     /* Timeout */
+        return -1;
+    case IDOK:
+        return 1;
+    case IDCANCEL:
+        return 0;
+    default: {
+        char buf[256];
+        sprintf(buf,"DialogBoxIndirect() failed: %d",GetLastError());
+        MessageBox(hwndOwner,
+                    buf,
+                    "GetLastError()",
+                    MB_OK | MB_ICONINFORMATION | MB_TASKMODAL);
+        return -1;
+    }
+    }
+}
+
+static int
+multi_field_dialog(HWND hParent, char * preface, int n, struct textField tb[])
+{
+	extern HINSTANCE hLeashInst;
+    size_t maxwidth = 0;
+    int numlines = 0;
+    size_t len;
+    char * plines[16], *p = preface ? preface : "";
+    int i;
+
+    for ( i=0; i<16; i++ )
+        plines[i] = NULL;
+
+    while (*p && numlines < 16) {
+        plines[numlines++] = p;
+        for ( ;*p && *p != '\r' && *p != '\n'; p++ );
+        if ( *p == '\r' && *(p+1) == '\n' ) {
+            *p++ = '\0';
+            p++;
+        } else if ( *p == '\n' ) {
+            *p++ = '\0';
+        }
+        if ( strlen(plines[numlines-1]) > maxwidth )
+            maxwidth = strlen(plines[numlines-1]);
+    }
+
+    for ( i=0;i<n;i++ ) {
+        len = strlen(tb[i].label) + 1 + (tb[i].len > 40 ? 40 : tb[i].len);
+        if ( maxwidth < len )
+            maxwidth = len;
+    }
+
+    return(MultiInputDialog(hLeashInst, hParent, plines, numlines, maxwidth, n, tb));
+}
+
+static krb5_error_code KRB5_CALLCONV
+leash_krb5_prompter( krb5_context context,
+					 void *data,
+					 const char *name,
+					 const char *banner,
+					 int num_prompts,
+					 krb5_prompt prompts[])
+{
+    krb5_error_code     errcode = 0;
+    int                 i;
+    struct textField * tb = NULL;
+    int    len = 0, blen=0, nlen=0;
+	HWND hParent = (HWND)data;
+
+    if (name)
+        nlen = strlen(name)+2;
+
+    if (banner)
+        blen = strlen(banner)+2;
+
+    tb = (struct textField *) malloc(sizeof(struct textField) * num_prompts);
+    if ( tb != NULL ) {
+        int ok;
+        memset(tb,0,sizeof(struct textField) * num_prompts);
+        for ( i=0; i < num_prompts; i++ ) {
+            tb[i].buf = prompts[i].reply->data;
+            tb[i].len = prompts[i].reply->length;
+            tb[i].label = prompts[i].prompt;
+            tb[i].def = NULL;
+            tb[i].echo = (prompts[i].hidden ? 2 : 1);
+        }
+
+        ok = multi_field_dialog(hParent,(char *)banner,num_prompts,tb);
+        if ( ok ) {
+            for ( i=0; i < num_prompts; i++ )
+                prompts[i].reply->length = strlen(prompts[i].reply->data);
+        } else
+            errcode = -2;
+    }
+
+    if ( tb )
+        free(tb);
+    if (errcode) {
+        for (i = 0; i < num_prompts; i++) {
+            memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+        }
+    }
+    return errcode;
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/leash-int.h b/krb5-1.21.3/src/windows/leashdll/leash-int.h
new file mode 100644
index 00000000..a2f33b2b
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leash-int.h
@@ -0,0 +1,271 @@
+#ifndef __LEASH_INT_H__
+#define __LEASH_INT_H__
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "leashdll.h"
+#include <leashwin.h>
+
+#include "tlhelp32.h"
+
+#define MIT_PWD_DLL_CLASS "MITPasswordWndDLL"
+
+BOOL
+Register_MITPasswordEditControl(
+    HINSTANCE hInst
+    );
+
+BOOL
+Unregister_MITPasswordEditControl(
+    HINSTANCE hInst
+    );
+
+// Some defines swiped from leash.h
+//  These are necessary but they must be kept sync'ed with leash.h
+#define HELPFILE "leash32.hlp"
+extern char KRB_HelpFile[_MAX_PATH];
+
+// Function Prototypes.
+int DoNiftyErrorReport(long errnum, LPSTR what);
+LONG Leash_timesync(int);
+
+// Crap...
+#include <krb5.h>
+
+long
+Leash_int_kinit_ex(
+    krb5_context ctx,
+    HWND hParent,
+    char * principal,
+    char * password,
+    int lifetime,
+    int forwardable,
+    int proxiable,
+    int renew_life,
+    int addressless,
+    unsigned long publicIP,
+    int displayErrors
+    );
+
+long
+Leash_int_checkpwd(
+    char * principal,
+    char * password,
+    int    displayErrors
+    );
+
+long
+Leash_int_changepwd(
+    char * principal,
+    char * password,
+    char * newpassword,
+    char** result_string,
+    int    displayErrors
+    );
+
+int
+Leash_krb5_kdestroy(
+    void
+    );
+
+int
+Leash_krb5_kinit(
+    krb5_context,
+    HWND hParent,
+    char * principal_name,
+    char * password,
+    krb5_deltat lifetime,
+    DWORD       forwardable,
+    DWORD       proxiable,
+    krb5_deltat renew_life,
+    DWORD       addressless,
+    DWORD       publicIP
+    );
+
+int
+LeashKRB5_renew(void);
+
+int
+config_boolean_to_int(
+    const char *s
+    );
+
+BOOL GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData);
+BOOL IsKerberosLogon(VOID);
+
+int Leash_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
+                     int FreeContextFlag, krb5_context *ctx,
+                     krb5_ccache *cache);
+int Leash_krb5_initialize(krb5_context *);
+krb5_error_code
+Leash_krb5_cc_default(krb5_context *ctx, krb5_ccache *cache);
+
+LPSTR err_describe(LPSTR buf, long code);
+
+// toolhelp functions
+TYPEDEF_FUNC(
+    HANDLE,
+    WINAPI,
+    CreateToolhelp32Snapshot,
+    (DWORD, DWORD)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    WINAPI,
+    Module32First,
+    (HANDLE, LPMODULEENTRY32)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    WINAPI,
+    Module32Next,
+    (HANDLE, LPMODULEENTRY32)
+    );
+
+// psapi functions
+TYPEDEF_FUNC(
+    DWORD,
+    WINAPI,
+    GetModuleFileNameExA,
+    (HANDLE, HMODULE, LPSTR, DWORD)
+    );
+TYPEDEF_FUNC(
+    BOOL,
+    WINAPI,
+    EnumProcessModules,
+    (HANDLE, HMODULE*, DWORD, LPDWORD)
+    );
+
+#define pGetModuleFileNameEx pGetModuleFileNameExA
+#define TOOLHELPDLL "kernel32.dll"
+#define PSAPIDLL "psapi.dll"
+
+// psapi functions
+extern DECL_FUNC_PTR(GetModuleFileNameExA);
+extern DECL_FUNC_PTR(EnumProcessModules);
+
+// toolhelp functions
+extern DECL_FUNC_PTR(CreateToolhelp32Snapshot);
+extern DECL_FUNC_PTR(Module32First);
+extern DECL_FUNC_PTR(Module32Next);
+
+/* In order to avoid including the private CCAPI headers */
+typedef int cc_int32;
+
+#define CC_API_VER_1 1
+#define CC_API_VER_2 2
+
+#define CCACHE_API cc_int32
+
+/*
+** The Official Error Codes
+*/
+#define CC_NOERROR           0
+#define CC_BADNAME           1
+#define CC_NOTFOUND          2
+#define CC_END               3
+#define CC_IO                4
+#define CC_WRITE             5
+#define CC_NOMEM             6
+#define CC_FORMAT            7
+#define CC_LOCKED            8
+#define CC_BAD_API_VERSION   9
+#define CC_NO_EXIST          10
+#define CC_NOT_SUPP          11
+#define CC_BAD_PARM          12
+#define CC_ERR_CACHE_ATTACH  13
+#define CC_ERR_CACHE_RELEASE 14
+#define CC_ERR_CACHE_FULL    15
+#define CC_ERR_CRED_VERSION  16
+
+enum {
+    CC_CRED_VUNKNOWN = 0,       // For validation
+    /* CC_CRED_V4 = 1, */
+    CC_CRED_V5 = 2,
+    CC_CRED_VMAX = 3            // For validation
+};
+
+typedef struct opaque_dll_control_block_type* apiCB;
+typedef struct _infoNC {
+    char*     name;
+    char*     principal;
+    cc_int32  vers;
+} infoNC;
+
+TYPEDEF_FUNC(
+CCACHE_API,
+__cdecl,
+cc_initialize,
+    (
+    apiCB** cc_ctx,           // <  DLL's primary control structure.
+                              //    returned here, passed everywhere else
+    cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
+    cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
+    const char** vendor       // <  if ~NULL, vendor name in read only C string
+    )
+);
+
+TYPEDEF_FUNC(
+CCACHE_API,
+__cdecl,
+cc_shutdown,
+    (
+    apiCB** cc_ctx            // <> DLL's primary control structure. NULL after
+    )
+);
+
+TYPEDEF_FUNC(
+CCACHE_API,
+__cdecl,
+cc_get_NC_info,
+    (
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    struct _infoNC*** ppNCi // <  (NULL before call) null terminated,
+                            //    list of a structs (free via cc_free_infoNC())
+    )
+);
+
+TYPEDEF_FUNC(
+CCACHE_API,
+__cdecl,
+cc_free_NC_info,
+    (
+    apiCB* cc_ctx,
+    struct _infoNC*** ppNCi // <  free list of structs returned by
+                            //    cc_get_cache_names().  set to NULL on return
+    )
+);
+#define CCAPI_DLL   "krbcc32.dll"
+
+/* The following definitions are summarized from KRB5, Leash32, and
+ * Leashw32 modules.  They are current as of KfW 2.6.2.  There is no
+ * guarantee that changes to other modules will be updated in this list.
+ */
+
+/* Must match the values used in Leash32.exe */
+#define LEASH_SETTINGS_REGISTRY_KEY_NAME "Software\\MIT\\Leash32\\Settings"
+#define LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM   "UpperCaseRealm"
+
+/* These values are defined and used within Leashw32.dll */
+#define LEASH_REGISTRY_KEY_NAME "Software\\MIT\\Leash"
+#define LEASH_REGISTRY_VALUE_LIFETIME "lifetime"
+#define LEASH_REGISTRY_VALUE_RENEW_TILL "renew_till"
+#define LEASH_REGISTRY_VALUE_RENEWABLE "renewable"
+#define LEASH_REGISTRY_VALUE_FORWARDABLE "forwardable"
+#define LEASH_REGISTRY_VALUE_NOADDRESSES "noaddresses"
+#define LEASH_REGISTRY_VALUE_PROXIABLE "proxiable"
+#define LEASH_REGISTRY_VALUE_PUBLICIP "publicip"
+#define LEASH_REGISTRY_VALUE_KINIT_OPT "hide_kinit_options"
+#define LEASH_REGISTRY_VALUE_LIFE_MIN "life_min"
+#define LEASH_REGISTRY_VALUE_LIFE_MAX "life_max"
+#define LEASH_REGISTRY_VALUE_RENEW_MIN "renew_min"
+#define LEASH_REGISTRY_VALUE_RENEW_MAX "renew_max"
+#define LEASH_REGISTRY_VALUE_PRESERVE_KINIT "preserve_kinit_options"
+
+/* must match values used within krb5_32.dll */
+#define KRB5_REGISTRY_KEY_NAME "Software\\MIT\\Kerberos5"
+#define KRB5_REGISTRY_VALUE_CCNAME      "ccname"
+#define KRB5_REGISTRY_VALUE_CONFIGFILE  "config"
+
+#endif /* __LEASH_INT_H__ */
diff --git a/krb5-1.21.3/src/windows/leashdll/leashdll.c b/krb5-1.21.3/src/windows/leashdll/leashdll.c
new file mode 100644
index 00000000..b1813a0c
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leashdll.c
@@ -0,0 +1,354 @@
+#include <windows.h>
+#include "leashdll.h"
+#include <leashwin.h>
+#include "leash-int.h"
+
+HINSTANCE hLeashInst;
+
+HINSTANCE hKrb5 = 0;
+HINSTANCE hKrb524 = 0;
+HINSTANCE hSecur32 = 0;
+HINSTANCE hComErr = 0;
+HINSTANCE hService = 0;
+HINSTANCE hProfile = 0;
+HINSTANCE hPsapi = 0;
+HINSTANCE hToolHelp32 = 0;
+HINSTANCE hCcapi = 0;
+
+// krb5 functions
+DECL_FUNC_PTR(krb5_change_password);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_alloc);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_free);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_out_ccache);
+DECL_FUNC_PTR(krb5_get_init_creds_password);
+DECL_FUNC_PTR(krb5_build_principal_ext);
+DECL_FUNC_PTR(krb5_cc_get_name);
+DECL_FUNC_PTR(krb5_cc_resolve);
+DECL_FUNC_PTR(krb5_cc_default);
+DECL_FUNC_PTR(krb5_cc_default_name);
+DECL_FUNC_PTR(krb5_cc_set_default_name);
+DECL_FUNC_PTR(krb5_cc_initialize);
+DECL_FUNC_PTR(krb5_cc_destroy);
+DECL_FUNC_PTR(krb5_cc_close);
+DECL_FUNC_PTR(krb5_cc_store_cred);
+DECL_FUNC_PTR(krb5_cc_copy_creds);
+// DECL_FUNC_PTR(krb5_cc_retrieve_cred);
+DECL_FUNC_PTR(krb5_cc_get_principal);
+DECL_FUNC_PTR(krb5_cc_start_seq_get);
+DECL_FUNC_PTR(krb5_cc_next_cred);
+DECL_FUNC_PTR(krb5_cc_end_seq_get);
+// DECL_FUNC_PTR(krb5_cc_remove_cred);
+DECL_FUNC_PTR(krb5_cc_set_flags);
+// DECL_FUNC_PTR(krb5_cc_get_type);
+DECL_FUNC_PTR(krb5_free_context);
+DECL_FUNC_PTR(krb5_free_cred_contents);
+DECL_FUNC_PTR(krb5_free_principal);
+DECL_FUNC_PTR(krb5_get_in_tkt_with_password);
+DECL_FUNC_PTR(krb5_init_context);
+DECL_FUNC_PTR(krb5_parse_name);
+DECL_FUNC_PTR(krb5_timeofday);
+DECL_FUNC_PTR(krb5_timestamp_to_sfstring);
+DECL_FUNC_PTR(krb5_unparse_name);
+DECL_FUNC_PTR(krb5_get_credentials);
+DECL_FUNC_PTR(krb5_mk_req);
+DECL_FUNC_PTR(krb5_sname_to_principal);
+DECL_FUNC_PTR(krb5_get_credentials_renew);
+DECL_FUNC_PTR(krb5_free_data);
+DECL_FUNC_PTR(krb5_free_data_contents);
+// DECL_FUNC_PTR(krb5_get_realm_domain);
+DECL_FUNC_PTR(krb5_free_unparsed_name);
+DECL_FUNC_PTR(krb5_os_localaddr);
+DECL_FUNC_PTR(krb5_copy_keyblock_contents);
+DECL_FUNC_PTR(krb5_copy_data);
+DECL_FUNC_PTR(krb5_free_creds);
+DECL_FUNC_PTR(krb5_build_principal);
+DECL_FUNC_PTR(krb5_get_renewed_creds);
+DECL_FUNC_PTR(krb5_get_default_config_files);
+DECL_FUNC_PTR(krb5_free_config_files);
+DECL_FUNC_PTR(krb5_get_default_realm);
+DECL_FUNC_PTR(krb5_free_ticket);
+DECL_FUNC_PTR(krb5_decode_ticket);
+DECL_FUNC_PTR(krb5_get_host_realm);
+DECL_FUNC_PTR(krb5_free_host_realm);
+DECL_FUNC_PTR(krb5_c_random_make_octets);
+DECL_FUNC_PTR(krb5_free_addresses);
+DECL_FUNC_PTR(krb5_free_default_realm);
+DECL_FUNC_PTR(krb5_principal_compare);
+DECL_FUNC_PTR(krb5_string_to_deltat);
+DECL_FUNC_PTR(krb5_is_config_principal);
+DECL_FUNC_PTR(krb5_cccol_cursor_new);
+DECL_FUNC_PTR(krb5_cccol_cursor_free);
+DECL_FUNC_PTR(krb5_cccol_cursor_next);
+DECL_FUNC_PTR(krb5_cc_cache_match);
+DECL_FUNC_PTR(krb5_cc_get_type);
+DECL_FUNC_PTR(krb5_cc_new_unique);
+DECL_FUNC_PTR(krb5_cc_support_switch);
+DECL_FUNC_PTR(krb5_cc_switch);
+DECL_FUNC_PTR(krb5_cc_get_full_name);
+DECL_FUNC_PTR(krb5_free_string);
+DECL_FUNC_PTR(krb5int_cc_user_set_default_name);
+
+// ComErr functions
+DECL_FUNC_PTR(com_err);
+DECL_FUNC_PTR(error_message);
+
+// Profile functions
+DECL_FUNC_PTR(profile_init);
+DECL_FUNC_PTR(profile_release);
+DECL_FUNC_PTR(profile_get_subsection_names);
+DECL_FUNC_PTR(profile_free_list);
+DECL_FUNC_PTR(profile_get_string);
+DECL_FUNC_PTR(profile_release_string);
+DECL_FUNC_PTR(profile_get_integer);
+
+// Service functions
+DECL_FUNC_PTR(OpenSCManagerA);
+DECL_FUNC_PTR(OpenServiceA);
+DECL_FUNC_PTR(QueryServiceStatus);
+DECL_FUNC_PTR(CloseServiceHandle);
+DECL_FUNC_PTR(LsaNtStatusToWinError);
+
+// LSA Functions
+DECL_FUNC_PTR(LsaConnectUntrusted);
+DECL_FUNC_PTR(LsaLookupAuthenticationPackage);
+DECL_FUNC_PTR(LsaCallAuthenticationPackage);
+DECL_FUNC_PTR(LsaFreeReturnBuffer);
+DECL_FUNC_PTR(LsaGetLogonSessionData);
+
+// CCAPI Functions
+DECL_FUNC_PTR(cc_initialize);
+DECL_FUNC_PTR(cc_shutdown);
+DECL_FUNC_PTR(cc_get_NC_info);
+DECL_FUNC_PTR(cc_free_NC_info);
+
+FUNC_INFO k5_fi[] = {
+    MAKE_FUNC_INFO(krb5_change_password),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_alloc),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_free),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_out_ccache),
+    MAKE_FUNC_INFO(krb5_get_init_creds_password),
+    MAKE_FUNC_INFO(krb5_build_principal_ext),
+    MAKE_FUNC_INFO(krb5_cc_get_name),
+    MAKE_FUNC_INFO(krb5_cc_resolve),
+    MAKE_FUNC_INFO(krb5_cc_default),
+    MAKE_FUNC_INFO(krb5_cc_default_name),
+    MAKE_FUNC_INFO(krb5_cc_set_default_name),
+    MAKE_FUNC_INFO(krb5_cc_initialize),
+    MAKE_FUNC_INFO(krb5_cc_destroy),
+    MAKE_FUNC_INFO(krb5_cc_close),
+    MAKE_FUNC_INFO(krb5_cc_copy_creds),
+    MAKE_FUNC_INFO(krb5_cc_store_cred),
+// MAKE_FUNC_INFO(krb5_cc_retrieve_cred),
+    MAKE_FUNC_INFO(krb5_cc_get_principal),
+    MAKE_FUNC_INFO(krb5_cc_start_seq_get),
+    MAKE_FUNC_INFO(krb5_cc_next_cred),
+    MAKE_FUNC_INFO(krb5_cc_end_seq_get),
+// MAKE_FUNC_INFO(krb5_cc_remove_cred),
+    MAKE_FUNC_INFO(krb5_cc_set_flags),
+// MAKE_FUNC_INFO(krb5_cc_get_type),
+    MAKE_FUNC_INFO(krb5_free_context),
+    MAKE_FUNC_INFO(krb5_free_cred_contents),
+    MAKE_FUNC_INFO(krb5_free_principal),
+    MAKE_FUNC_INFO(krb5_get_in_tkt_with_password),
+    MAKE_FUNC_INFO(krb5_init_context),
+    MAKE_FUNC_INFO(krb5_parse_name),
+    MAKE_FUNC_INFO(krb5_timeofday),
+    MAKE_FUNC_INFO(krb5_timestamp_to_sfstring),
+    MAKE_FUNC_INFO(krb5_unparse_name),
+    MAKE_FUNC_INFO(krb5_get_credentials),
+    MAKE_FUNC_INFO(krb5_mk_req),
+    MAKE_FUNC_INFO(krb5_sname_to_principal),
+    MAKE_FUNC_INFO(krb5_get_credentials_renew),
+    MAKE_FUNC_INFO(krb5_free_data),
+    MAKE_FUNC_INFO(krb5_free_data_contents),
+//  MAKE_FUNC_INFO(krb5_get_realm_domain),
+    MAKE_FUNC_INFO(krb5_free_unparsed_name),
+    MAKE_FUNC_INFO(krb5_os_localaddr),
+    MAKE_FUNC_INFO(krb5_copy_keyblock_contents),
+    MAKE_FUNC_INFO(krb5_copy_data),
+    MAKE_FUNC_INFO(krb5_free_creds),
+    MAKE_FUNC_INFO(krb5_build_principal),
+    MAKE_FUNC_INFO(krb5_get_renewed_creds),
+    MAKE_FUNC_INFO(krb5_free_addresses),
+    MAKE_FUNC_INFO(krb5_get_default_config_files),
+    MAKE_FUNC_INFO(krb5_free_config_files),
+    MAKE_FUNC_INFO(krb5_get_default_realm),
+    MAKE_FUNC_INFO(krb5_free_ticket),
+    MAKE_FUNC_INFO(krb5_decode_ticket),
+    MAKE_FUNC_INFO(krb5_get_host_realm),
+    MAKE_FUNC_INFO(krb5_free_host_realm),
+    MAKE_FUNC_INFO(krb5_c_random_make_octets),
+    MAKE_FUNC_INFO(krb5_free_default_realm),
+    MAKE_FUNC_INFO(krb5_principal_compare),
+    MAKE_FUNC_INFO(krb5_string_to_deltat),
+    MAKE_FUNC_INFO(krb5_is_config_principal),
+    MAKE_FUNC_INFO(krb5_cccol_cursor_new),
+    MAKE_FUNC_INFO(krb5_cccol_cursor_next),
+    MAKE_FUNC_INFO(krb5_cccol_cursor_free),
+    MAKE_FUNC_INFO(krb5_cc_cache_match),
+    MAKE_FUNC_INFO(krb5_cc_get_type),
+    MAKE_FUNC_INFO(krb5_cc_new_unique),
+    MAKE_FUNC_INFO(krb5_cc_support_switch),
+    MAKE_FUNC_INFO(krb5_cc_switch),
+    MAKE_FUNC_INFO(krb5_cc_get_full_name),
+    MAKE_FUNC_INFO(krb5_free_string),
+    MAKE_FUNC_INFO(krb5int_cc_user_set_default_name),
+    END_FUNC_INFO
+};
+
+FUNC_INFO profile_fi[] = {
+    MAKE_FUNC_INFO(profile_init),
+    MAKE_FUNC_INFO(profile_release),
+    MAKE_FUNC_INFO(profile_get_subsection_names),
+    MAKE_FUNC_INFO(profile_free_list),
+    MAKE_FUNC_INFO(profile_get_string),
+    MAKE_FUNC_INFO(profile_release_string),
+    MAKE_FUNC_INFO(profile_get_integer),
+    END_FUNC_INFO
+};
+
+FUNC_INFO ce_fi[] = {
+    MAKE_FUNC_INFO(com_err),
+    MAKE_FUNC_INFO(error_message),
+    END_FUNC_INFO
+};
+
+FUNC_INFO service_fi[] = {
+    MAKE_FUNC_INFO(OpenSCManagerA),
+    MAKE_FUNC_INFO(OpenServiceA),
+    MAKE_FUNC_INFO(QueryServiceStatus),
+    MAKE_FUNC_INFO(CloseServiceHandle),
+    MAKE_FUNC_INFO(LsaNtStatusToWinError),
+    END_FUNC_INFO
+};
+
+FUNC_INFO lsa_fi[] = {
+    MAKE_FUNC_INFO(LsaConnectUntrusted),
+    MAKE_FUNC_INFO(LsaLookupAuthenticationPackage),
+    MAKE_FUNC_INFO(LsaCallAuthenticationPackage),
+    MAKE_FUNC_INFO(LsaFreeReturnBuffer),
+    MAKE_FUNC_INFO(LsaGetLogonSessionData),
+    END_FUNC_INFO
+};
+
+// CCAPI v2
+FUNC_INFO ccapi_fi[] = {
+    MAKE_FUNC_INFO(cc_initialize),
+    MAKE_FUNC_INFO(cc_shutdown),
+    MAKE_FUNC_INFO(cc_get_NC_info),
+    MAKE_FUNC_INFO(cc_free_NC_info),
+    END_FUNC_INFO
+};
+
+// psapi functions
+DECL_FUNC_PTR(GetModuleFileNameExA);
+DECL_FUNC_PTR(EnumProcessModules);
+
+FUNC_INFO psapi_fi[] = {
+    MAKE_FUNC_INFO(GetModuleFileNameExA),
+    MAKE_FUNC_INFO(EnumProcessModules),
+    END_FUNC_INFO
+};
+
+// toolhelp functions
+DECL_FUNC_PTR(CreateToolhelp32Snapshot);
+DECL_FUNC_PTR(Module32First);
+DECL_FUNC_PTR(Module32Next);
+
+FUNC_INFO toolhelp_fi[] = {
+    MAKE_FUNC_INFO(CreateToolhelp32Snapshot),
+    MAKE_FUNC_INFO(Module32First),
+    MAKE_FUNC_INFO(Module32Next),
+    END_FUNC_INFO
+};
+
+BOOL WINAPI
+DllMain(
+    HANDLE hinstDLL,
+    DWORD fdwReason,
+    LPVOID lpReserved
+    )
+{
+    hLeashInst = hinstDLL;
+
+    switch (fdwReason)
+    {
+    case DLL_PROCESS_ATTACH:
+    {
+        OSVERSIONINFO osvi;
+        LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
+        LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
+        LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
+        LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
+	LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
+	LoadFuncs(CCAPI_DLL, ccapi_fi, &hCcapi, 0, 1, 0, 0);
+
+        memset(&osvi, 0, sizeof(OSVERSIONINFO));
+        osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+        GetVersionEx(&osvi);
+
+        // XXX: We should really use feature testing, first
+        // checking for CreateToolhelp32Snapshot.  If that's
+        // not around, we try the psapi stuff.
+        //
+        // Only load LSA functions if on NT/2000/XP
+        if(osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
+        {
+            // Windows 9x
+            LoadFuncs(TOOLHELPDLL, toolhelp_fi, &hToolHelp32, 0, 1, 0, 0);
+            hPsapi = 0;
+        }
+        else if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
+        {
+            // Windows NT
+            LoadFuncs(PSAPIDLL, psapi_fi, &hPsapi, 0, 1, 0, 0);
+            hToolHelp32 = 0;
+        }
+
+
+        /*
+         * Register window class for the MITPasswordControl that
+         * replaces normal edit controls for password input.
+         * zero any fields we don't explicitly set
+         */
+        hLeashInst = hinstDLL;
+
+        Register_MITPasswordEditControl(hLeashInst);
+
+        return TRUE;
+    }
+    case DLL_PROCESS_DETACH:
+        if (hKrb5)
+            FreeLibrary(hKrb5);
+	if (hCcapi)
+	    FreeLibrary(hCcapi);
+	if (hProfile)
+	    FreeLibrary(hProfile);
+        if (hComErr)
+            FreeLibrary(hComErr);
+        if (hService)
+            FreeLibrary(hService);
+        if (hSecur32)
+            FreeLibrary(hSecur32);
+        if (hPsapi)
+            FreeLibrary(hPsapi);
+        if (hToolHelp32)
+            FreeLibrary(hToolHelp32);
+
+        return TRUE;
+    default:
+        return TRUE;
+    }
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/leashdll.h b/krb5-1.21.3/src/windows/leashdll/leashdll.h
new file mode 100644
index 00000000..c95afe7b
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leashdll.h
@@ -0,0 +1,182 @@
+#ifndef _LEASHDLL_H_
+#define _LEASHDLL_H_
+
+#include <com_err.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Internal Stuff */
+
+#include <windows.h>
+#define SECURITY_WIN32
+#include <security.h>
+
+/* _WIN32_WINNT must be 0x0501 or greater to pull in definition of
+ * all required LSA data types when the Vista SDK NtSecAPI.h is used.
+ */
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0501
+#else
+#if _WIN32_WINNT < 0x0501
+#undef _WIN32_WINNT
+#define _WIN32_WINNT 0x0501
+#endif
+#endif
+#include <ntsecapi.h>
+
+#include <krb5.h>
+
+extern HINSTANCE hKrb5;
+extern HINSTANCE hProfile;
+
+#define TIMEHOST "TIMEHOST"
+
+#define LEASH_DEBUG_CLASS_GENERIC   0
+
+#define LEASH_PRIORITY_LOW  0
+#define LEASH_PRIORITY_HIGH 1
+
+///////////////////////////////////////////////////////////////////////////////
+
+#ifdef _WIN64
+#define LEASH_DLL     "leashw64.dll"
+#define KRBCC32_DLL   "krbcc64.dll"
+#else
+#define LEASH_DLL     "leashw32.dll"
+#define KRBCC32_DLL   "krbcc32.dll"
+#endif
+#define SERVICE_DLL   "advapi32.dll"
+#define SECUR32_DLL   "secur32.dll"
+
+//////////////////////////////////////////////////////////////////////////////
+
+#include <loadfuncs-com_err.h>
+#include <loadfuncs-krb5.h>
+#include <loadfuncs-profile.h>
+#include <loadfuncs-lsa.h>
+
+#include <errno.h>
+
+// service definitions
+typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD);
+typedef SC_HANDLE (WINAPI *FP_OpenServiceA)(SC_HANDLE, char *, DWORD);
+typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS);
+typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE);
+
+//////////////////////////////////////////////////////////////////////////////
+
+// krb5 functions
+extern DECL_FUNC_PTR(krb5_change_password);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_alloc);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_free);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_out_ccache);
+extern DECL_FUNC_PTR(krb5_get_init_creds_password);
+extern DECL_FUNC_PTR(krb5_build_principal_ext);
+extern DECL_FUNC_PTR(krb5_cc_get_name);
+extern DECL_FUNC_PTR(krb5_cc_resolve);
+extern DECL_FUNC_PTR(krb5_cc_default);
+extern DECL_FUNC_PTR(krb5_cc_default_name);
+extern DECL_FUNC_PTR(krb5_cc_set_default_name);
+extern DECL_FUNC_PTR(krb5_cc_initialize);
+extern DECL_FUNC_PTR(krb5_cc_destroy);
+extern DECL_FUNC_PTR(krb5_cc_close);
+extern DECL_FUNC_PTR(krb5_cc_copy_creds);
+extern DECL_FUNC_PTR(krb5_cc_store_cred);
+// extern DECL_FUNC_PTR(krb5_cc_retrieve_cred);
+extern DECL_FUNC_PTR(krb5_cc_get_principal);
+extern DECL_FUNC_PTR(krb5_cc_start_seq_get);
+extern DECL_FUNC_PTR(krb5_cc_next_cred);
+extern DECL_FUNC_PTR(krb5_cc_end_seq_get);
+// extern DECL_FUNC_PTR(krb5_cc_remove_cred);
+extern DECL_FUNC_PTR(krb5_cc_set_flags);
+// extern DECL_FUNC_PTR(krb5_cc_get_type);
+extern DECL_FUNC_PTR(krb5_cc_get_full_name);
+extern DECL_FUNC_PTR(krb5_free_context);
+extern DECL_FUNC_PTR(krb5_free_cred_contents);
+extern DECL_FUNC_PTR(krb5_free_principal);
+extern DECL_FUNC_PTR(krb5_free_string);
+extern DECL_FUNC_PTR(krb5_get_in_tkt_with_password);
+extern DECL_FUNC_PTR(krb5_init_context);
+extern DECL_FUNC_PTR(krb5_parse_name);
+extern DECL_FUNC_PTR(krb5_timeofday);
+extern DECL_FUNC_PTR(krb5_timestamp_to_sfstring);
+extern DECL_FUNC_PTR(krb5_unparse_name);
+extern DECL_FUNC_PTR(krb5_get_credentials);
+extern DECL_FUNC_PTR(krb5_mk_req);
+extern DECL_FUNC_PTR(krb5_sname_to_principal);
+extern DECL_FUNC_PTR(krb5_get_credentials_renew);
+extern DECL_FUNC_PTR(krb5_free_data);
+extern DECL_FUNC_PTR(krb5_free_data_contents);
+// extern DECL_FUNC_PTR(krb5_get_realm_domain);
+extern DECL_FUNC_PTR(krb5_free_unparsed_name);
+extern DECL_FUNC_PTR(krb5_os_localaddr);
+extern DECL_FUNC_PTR(krb5_copy_keyblock_contents);
+extern DECL_FUNC_PTR(krb5_copy_data);
+extern DECL_FUNC_PTR(krb5_free_creds);
+extern DECL_FUNC_PTR(krb5_build_principal);
+extern DECL_FUNC_PTR(krb5_get_renewed_creds);
+extern DECL_FUNC_PTR(krb5_free_addresses);
+extern DECL_FUNC_PTR(krb5_get_default_config_files);
+extern DECL_FUNC_PTR(krb5_free_config_files);
+extern DECL_FUNC_PTR(krb5_get_default_realm);
+extern DECL_FUNC_PTR(krb5_free_ticket);
+extern DECL_FUNC_PTR(krb5_decode_ticket);
+extern DECL_FUNC_PTR(krb5_get_host_realm);
+extern DECL_FUNC_PTR(krb5_free_host_realm);
+extern DECL_FUNC_PTR(krb5_c_random_make_octets);
+extern DECL_FUNC_PTR(krb5_free_default_realm);
+extern DECL_FUNC_PTR(krb5_principal_compare);
+extern DECL_FUNC_PTR(krb5_string_to_deltat);
+extern DECL_FUNC_PTR(krb5_is_config_principal);
+extern DECL_FUNC_PTR(krb5_cccol_cursor_new);
+extern DECL_FUNC_PTR(krb5_cccol_cursor_next);
+extern DECL_FUNC_PTR(krb5_cccol_cursor_free);
+extern DECL_FUNC_PTR(krb5_cc_cache_match);
+extern DECL_FUNC_PTR(krb5_cc_get_type);
+extern DECL_FUNC_PTR(krb5_cc_new_unique);
+extern DECL_FUNC_PTR(krb5_cc_support_switch);
+extern DECL_FUNC_PTR(krb5_cc_switch);
+extern DECL_FUNC_PTR(krb5int_cc_user_set_default_name);
+
+// ComErr functions
+extern DECL_FUNC_PTR(com_err);
+extern DECL_FUNC_PTR(error_message);
+
+// Profile functions
+extern DECL_FUNC_PTR(profile_init);
+extern DECL_FUNC_PTR(profile_release);
+extern DECL_FUNC_PTR(profile_get_subsection_names);
+extern DECL_FUNC_PTR(profile_free_list);
+extern DECL_FUNC_PTR(profile_get_string);
+extern DECL_FUNC_PTR(profile_release_string);
+extern DECL_FUNC_PTR(profile_get_integer);
+
+// Service functions
+
+extern DECL_FUNC_PTR(OpenSCManagerA);
+extern DECL_FUNC_PTR(OpenServiceA);
+extern DECL_FUNC_PTR(QueryServiceStatus);
+extern DECL_FUNC_PTR(CloseServiceHandle);
+extern DECL_FUNC_PTR(LsaNtStatusToWinError);
+
+// LSA Functions
+
+extern DECL_FUNC_PTR(LsaConnectUntrusted);
+extern DECL_FUNC_PTR(LsaLookupAuthenticationPackage);
+extern DECL_FUNC_PTR(LsaCallAuthenticationPackage);
+extern DECL_FUNC_PTR(LsaFreeReturnBuffer);
+extern DECL_FUNC_PTR(LsaGetLogonSessionData);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LEASHDLL_H_ */
diff --git a/krb5-1.21.3/src/windows/leashdll/leasherr.c b/krb5-1.21.3/src/windows/leashdll/leasherr.c
new file mode 100644
index 00000000..da06b5a8
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leasherr.c
@@ -0,0 +1,105 @@
+// ATTENTION: someone in the past edited this file manually
+// I am continuing this tradition just to get the release out. 3/6/97
+// This needs to be revisited and repaired!!!XXXX
+// pbh
+
+
+ /*
+ * leasherr.c
+ * This file is the C file for leasherr.et.
+ * Please do not edit it as it is automatically generated.
+ */
+
+#include <stdlib.h>
+#include <windows.h>
+
+static const char* const text[] = {
+	"Only one instance of Leash can be run at a time.",
+	"Principal invalid.",
+	"Realm failed.",
+	"Instance invalid.",
+	"Realm invalid.",
+	"Unexpected end of Kerberos memory storage.",
+	"Warning! Your Kerberos tickets expire soon.",
+	"You did not type the same new password.",
+	"You can only use printable characters in a password.",
+	"Fatal error; cannot run this program.",
+	"Couldn't initialize WinSock.",
+	"Couldn't find the timeserver host entry.",
+	"Couldn't open a socket.",
+	"Couldn't connect to timeserver.",
+	"Couldn't get time from server.",
+	"Couldn't get local time of day.",
+	"Couldn't set local time of day.",
+	"Error while receiving time from server.",
+	"Protocol problem with timeserver.",
+	"The time was already reset. Try using a different program to synchronize the time.",
+    0
+};
+
+typedef LPSTR (*err_func)(int, long);
+struct error_table {
+    char const * const * msgs;
+    err_func func;
+    long base;
+    int n_msgs;
+};
+struct et_list {
+#ifdef WINDOWS
+	HANDLE next;
+#else
+	struct et_list *next;
+#endif
+	const struct error_table * table;
+};
+
+static const struct error_table et = { text, (err_func)0, 40591872L, 20 };
+
+#ifdef WINDOWS
+void initialize_lsh_error_table(HANDLE *__et_list) {
+//    struct et_list *_link,*_et_list;
+    struct et_list *_link;
+    HANDLE ghlink;
+
+    ghlink=GlobalAlloc(GHND,sizeof(struct et_list));
+    _link=GlobalLock(ghlink);
+    _link->next=*__et_list;
+    _link->table=&et;
+    GlobalUnlock(ghlink);
+    *__et_list=ghlink;
+}
+#else
+void initialize_lsh_error_table(struct et_list **__et_list) {
+    struct et_list *_link;
+
+    _link=malloc(sizeof(struct et_list));
+    _link->next=*__et_list;
+    _link->table=&et;
+    *__et_list=_link;
+}
+#endif
+
+#ifdef WINDOWS
+
+void Leash_initialize_krb_error_func(err_func func, HANDLE *__et_list)
+{
+}
+
+void Leash_initialize_kadm_error_table(HANDLE *__et_list)
+{
+}
+#else
+#include <krberr.h>
+
+void Leash_initialize_krb_error_func(err_func func, struct et_list **__et_list)
+{
+    (*pinitialize_krb_error_func)(func,__et_list);
+}
+
+#include <kadm_err.h>
+
+void Leash_initialize_kadm_error_table(struct et_list **__et_list)
+{
+    initialize_kadm_error_table(__et_list);
+}
+#endif
diff --git a/krb5-1.21.3/src/windows/leashdll/leasherr.et b/krb5-1.21.3/src/windows/leashdll/leasherr.et
new file mode 100644
index 00000000..d1d027bd
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leasherr.et
@@ -0,0 +1,22 @@
+ERROR_TABLE lsh
+  ERROR_CODE LSH_ONLYONEME,        "Only one instance of Leash can be run at a time."
+  ERROR_CODE LSH_INVPRINCIPAL, "Principal invalid."
+  ERROR_CODE LSH_FAILEDREALM,  "Realm failed."
+  ERROR_CODE LSH_INVINSTANCE,  "Instance invalid."
+  ERROR_CODE LSH_INVREALM,     "Realm invalid."
+  ERROR_CODE LSH_EOF,          "Unexpected end of Kerberos memory storage."
+  ERROR_CODE LSH_EXPIRESOON,   "Warning! Your Kerberos tickets expire soon."
+  ERROR_CODE LSH_NOMATCH,      "You did not type the same new password."
+  ERROR_CODE LSH_BADCHARS,     "You can only use printable characters in a password."
+  ERROR_CODE LSH_FATAL_ERROR,  "Fatal error; cannot run this program."
+  ERROR_CODE LSH_BADWINSOCK,   "Couldn't initialize WinSock."
+  ERROR_CODE LSH_BADTIMESERV,  "Couldn't find the timeserver host entry."
+  ERROR_CODE LSH_NOSOCKET,     "Couldn't open a socket."
+  ERROR_CODE LSH_NOCONNECT,    "Couldn't connect to timeserver."
+  ERROR_CODE LSH_TIMEFAILED,   "Couldn't get time from server."
+  ERROR_CODE LSH_GETTIMEOFDAY, "Couldn't get local time of day."
+  ERROR_CODE LSH_SETTIMEOFDAY, "Couldn't set local time of day."
+  ERROR_CODE LSH_RECVTIME,     "Error while receiving time from server."
+  ERROR_CODE LSH_RECVBYTES,    "Protocol problem with timeserver."
+  ERROR_CODE LSH_ALREADY_SETTIME, "The time was already reset. Try using a different program to synchronize the time."
+end
diff --git a/krb5-1.21.3/src/windows/leashdll/leashids.h b/krb5-1.21.3/src/windows/leashdll/leashids.h
new file mode 100644
index 00000000..ae623830
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leashids.h
@@ -0,0 +1,116 @@
+// *** Child Windows
+#define ID_MAINLIST			100
+#define ID_COUNTDOWN		101
+
+#define ID_DESTROY				111
+#define ID_CHANGEPASSWORD		112
+#define ID_INITTICKETS			113
+#define ID_SYNCTIME				114
+
+#define ID_UPDATESTATE			120
+#define ID_UPDATEDISPLAY		121
+#define ID_KRBDLL_DEBUG 		122
+
+
+// *** Menus
+
+#define ID_EXIT					200
+
+#define ID_HELP_LEASH			210
+#define ID_HELP_KERBEROS		211
+#define ID_ABOUT				212
+
+#define ID_CHECKV				299
+
+// *** Password Dialog
+#define ID_PRINCIPAL			301
+#define ID_OLDPASSWORD			302
+#define ID_CONFIRMPASSWORD1		303
+#define ID_CONFIRMPASSWORD2		304
+#define ID_PICFRAME				305
+
+#define ID_PRINCCAPTION			311
+#define ID_OLDPCAPTION			312
+#define ID_CONFIRMCAPTION1		313
+#define ID_CONFIRMCAPTION2		314
+#define CAPTION_OFFSET			 10
+
+#define ID_DURATION			320
+
+#define ID_RESTART			351
+
+#define ID_CLOSEME			380
+
+// *** About dialog stuff
+#define ID_LEASH_CPYRT		400
+#define ID_LEASH_AUTHOR		401
+#define ID_KERB_CPYRT		402
+#define ID_KERB_AUTHOR		403
+#define ID_LEGALESE			404
+#define ID_ASSISTANCE		405
+
+// *** Keyboard accelerator crud
+#define ID_HELP					1000
+#define ID_CONTEXTSENSITIVEHELP	1001
+#define ID_ENDCSHELP			1002
+#define ID_HELPFIRST			1000
+#define ID_HELPLAST				1002
+
+// *** window messages
+#define WM_STARTUP			(WM_USER + 1)
+#define WM_F1DOWN			(WM_USER + 2)
+#define WM_DOHELP			(WM_USER + 3)
+#define WM_PAINTICON		0x0026
+
+// *** command messages
+#define ID_NEXTSTATE		      10000
+
+#define LSH_TIME_HOST                    1970
+#define LSH_DEFAULT_TICKET_LIFE          1971
+#define LSH_DEFAULT_TICKET_RENEW_TILL    1972
+#define LSH_DEFAULT_TICKET_FORWARD       1973
+#define LSH_DEFAULT_TICKET_NOADDRESS     1974
+#define LSH_DEFAULT_TICKET_PROXIABLE     1975
+#define LSH_DEFAULT_TICKET_PUBLICIP      1976
+#define LSH_DEFAULT_DIALOG_KINIT_OPT     1978
+#define LSH_DEFAULT_DIALOG_LIFE_MIN      1979
+#define LSH_DEFAULT_DIALOG_LIFE_MAX      1980
+#define LSH_DEFAULT_DIALOG_RENEW_MIN     1981
+#define LSH_DEFAULT_DIALOG_RENEW_MAX     1982
+#define LSH_DEFAULT_TICKET_RENEW         1983
+#define LSH_DEFAULT_DIALOG_LOCK_LOCATION 1984
+#define LSH_DEFAULT_UPPERCASEREALM       1985
+#define LSH_DEFAULT_MSLSA_IMPORT         1986
+#define LSH_DEFAULT_PRESERVE_KINIT       1987
+
+// Authenticate Dialog
+#define IDD_AUTHENTICATE                1162
+#define IDC_STATIC_IPADDR               1163
+#define IDC_STATIC_NAME                 1164
+#define IDC_STATIC_PWD                  1165
+#define IDC_EDIT_PRINCIPAL              1166
+#define IDC_COMBO_REALM                 1167
+#define IDC_EDIT_PASSWORD               1168
+#define IDC_STATIC_LIFETIME             1169
+#define IDC_SLIDER_LIFETIME             1170
+#define IDC_STATIC_KRB5                 1171
+#define IDC_CHECK_FORWARDABLE           1172
+#define IDC_CHECK_NOADDRESS             1173
+#define IDC_CHECK_RENEWABLE             1174
+#define IDC_SLIDER_RENEWLIFE            1175
+#define IDC_STATIC_LIFETIME_VALUE       1176
+#define IDC_STATIC_RENEW_TILL_VALUE     1177
+#define IDC_PICTURE_LEASH               1179
+#define IDC_BUTTON_OPTIONS              1086
+#define IDC_STATIC_REALM                1087
+#define IDC_STATIC_COPYRIGHT            1088
+#define IDC_STATIC_NOTICE               1089
+#define IDC_STATIC_RENEW                1090
+#define IDD_PASSWORD                    1091
+#define IDC_BUTTON_CLEAR_HISTORY        1092
+#define IDC_CHECK_REMEMBER_PRINCIPAL    1093
+#define IDC_EDIT_PASSWORD2              1192
+#define IDC_STATIC_PWD2                 1193
+#define IDC_EDIT_PASSWORD3              1194
+#define IDC_STATIC_PWD3                 1195
+#define IDC_STATIC_VERSION              1196
diff --git a/krb5-1.21.3/src/windows/leashdll/leashw32.def b/krb5-1.21.3/src/windows/leashdll/leashw32.def
new file mode 100644
index 00000000..378090ba
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/leashw32.def
@@ -0,0 +1,74 @@
+LIBRARY   LEASHW32
+
+DESCRIPTION 'DLL for Kerberos ticket initialization'
+
+HEAPSIZE  8092
+STACKSIZE 36864
+
+EXPORTS
+	Leash_kinit_dlg
+    Leash_kinit_dlg_ex
+	Leash_changepwd_dlg
+	Leash_changepwd_dlg_ex
+	Leash_kinit
+    Leash_kinit_ex
+	Leash_kdestroy
+	Leash_klist
+	Leash_checkpwd
+	Leash_changepwd
+	Leash_get_lsh_errno
+	initialize_lsh_error_table
+	Leash_initialize_krb_error_func
+	Leash_initialize_kadm_error_table
+	Leash_set_help_file
+	Leash_get_help_file
+	Leash_timesync
+	Leash_get_default_lifetime
+	Leash_set_default_lifetime
+    Leash_reset_default_lifetime
+	Leash_get_default_renew_till
+	Leash_set_default_renew_till
+    Leash_reset_default_renew_till
+	Leash_get_default_forwardable
+	Leash_set_default_forwardable
+    Leash_reset_default_forwardable
+	Leash_get_default_renewable
+	Leash_set_default_renewable
+    Leash_reset_default_renewable
+	Leash_get_default_noaddresses
+	Leash_set_default_noaddresses
+    Leash_reset_default_noaddresses
+	Leash_get_default_proxiable
+	Leash_set_default_proxiable
+    Leash_reset_default_proxiable
+	Leash_get_default_publicip
+	Leash_set_default_publicip
+    Leash_reset_default_publicip
+	Leash_get_default_life_min
+	Leash_set_default_life_min
+    Leash_reset_default_life_min
+	Leash_get_default_life_max
+	Leash_set_default_life_max
+    Leash_reset_default_life_max
+	Leash_get_default_renew_min
+	Leash_set_default_renew_min
+    Leash_reset_default_renew_min
+	Leash_get_default_renew_max
+	Leash_set_default_renew_max
+    Leash_reset_default_renew_max
+	Leash_get_default_uppercaserealm
+	Leash_set_default_uppercaserealm
+    Leash_reset_default_uppercaserealm
+	Leash_get_default_mslsa_import
+	Leash_set_default_mslsa_import
+    Leash_reset_default_mslsa_import
+	Leash_get_default_preserve_kinit_settings
+	Leash_set_default_preserve_kinit_settings
+    Leash_reset_default_preserve_kinit_settings
+    Leash_import
+    Leash_importable
+    Leash_renew
+    Leash_reset_defaults
+
+	; XXX - These have to go...
+    not_an_API_Leash_AcquireInitialTicketsIfNeeded
diff --git a/krb5-1.21.3/src/windows/leashdll/lsh_pwd.c b/krb5-1.21.3/src/windows/leashdll/lsh_pwd.c
new file mode 100644
index 00000000..f9448110
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/lsh_pwd.c
@@ -0,0 +1,1895 @@
+#define SCALE_FACTOR 31/20
+
+/* LSH_PWD.C
+
+   Jason Hunter
+   8/2/94
+   DCNS/IS MIT
+
+   Re-written for KFW 2.6 by Jeffrey Altman <jaltman@mit.edu>
+
+   Contains the callback functions for the EnterPassword an
+   ChangePassword dialog boxes and well as the API function
+   calls:
+
+   Lsh_Enter_Password_Dialog
+   Lsh_Change_Password_Dialog
+
+   for calling the dialogs.
+
+   Also contains the callback for the MITPasswordControl.
+
+*/
+
+/* Standard Include files */
+#include <windows.h>
+#include <windowsx.h>
+#include <stdio.h>
+#include <string.h>
+
+/* Private Inlclude files */
+#include "leashdll.h"
+#include <leashwin.h>
+#include "leash-int.h"
+#include "leashids.h"
+#include <leasherr.h>
+#include <krb5.h>
+#include <commctrl.h>
+
+extern void * Leash_pec_create(HWND hEditCtl);
+extern void Leash_pec_destroy(void *pAutoComplete);
+extern void Leash_pec_add_principal(char *principal);
+extern void Leash_pec_clear_history(void *pec);
+
+/* Global Variables. */
+static long lsh_errno;
+static char *err_context;       /* error context */
+extern HINSTANCE hLeashInst;
+extern HINSTANCE hKrb5;
+
+
+INT_PTR
+CALLBACK
+PasswordProc(
+    HWND hwndDlg,
+    UINT uMsg,
+    WPARAM wParam,
+    LPARAM lParam
+    );
+
+INT_PTR
+CALLBACK
+AuthenticateProc(
+    HWND hwndDlg,
+    UINT uMsg,
+    WPARAM wParam,
+    LPARAM lParam
+    );
+
+INT_PTR
+CALLBACK
+NewPasswordProc(
+    HWND hwndDlg,
+    UINT uMsg,
+    WPARAM wParam,
+    LPARAM lParam
+    );
+
+
+long Leash_get_lsh_errno(LONG *err_val)
+{
+    return lsh_errno;
+}
+
+/*/////// ******** API Calls follow here.   ******** /////////*/
+
+static int
+NetId_dialog(LPLSH_DLGINFO lpdlginfo)
+{
+    LRESULT             lrc;
+    HWND    	        hNetIdMgr;
+    HWND    		hForeground;
+
+    hNetIdMgr = FindWindow("IDMgrRequestDaemonCls", "IDMgrRequestDaemon");
+    if (hNetIdMgr != NULL) {
+	char desiredPrincipal[512];
+	NETID_DLGINFO *dlginfo;
+	char		*desiredName = 0;
+	char            *desiredRealm = 0;
+	HANDLE hMap;
+	DWORD  tid = GetCurrentThreadId();
+	char mapname[256];
+
+	strcpy(desiredPrincipal, lpdlginfo->principal);
+
+	/* do we want a specific client principal? */
+	if (desiredPrincipal[0]) {
+	    char * p;
+	    desiredName = desiredPrincipal;
+	    for (p = desiredName; *p && *p != '@'; p++);
+	    if ( *p == '@' ) {
+		*p = '\0';
+		desiredRealm = ++p;
+	    }
+	}
+
+	sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
+
+	hMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
+				 0, 4096, mapname);
+	if (hMap == NULL) {
+	    return -1;
+	} else if (hMap != NULL && GetLastError() == ERROR_ALREADY_EXISTS) {
+	    CloseHandle(hMap);
+	    return -1;
+	}
+
+	dlginfo = (NETID_DLGINFO *)MapViewOfFileEx(hMap, FILE_MAP_READ|FILE_MAP_WRITE,
+						 0, 0, 4096, NULL);
+	if (dlginfo == NULL) {
+	    CloseHandle(hMap);
+	    return -1;
+	}
+
+	hForeground = GetForegroundWindow();
+
+	memset(dlginfo, 0, sizeof(NETID_DLGINFO));
+
+	dlginfo->size = sizeof(NETID_DLGINFO);
+	if (lpdlginfo->dlgtype == DLGTYPE_PASSWD)
+	    dlginfo->dlgtype = NETID_DLGTYPE_TGT;
+	else
+	    dlginfo->dlgtype = NETID_DLGTYPE_CHPASSWD;
+	dlginfo->in.use_defaults = 1;
+
+	if (lpdlginfo->title) {
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				lpdlginfo->title, -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
+	    char mytitle[NETID_TITLE_SZ];
+	    sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				mytitle, -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	} else {
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				"Obtain Kerberos TGT", -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	}
+	if (desiredName)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				desiredName, -1,
+				dlginfo->in.username, NETID_USERNAME_SZ);
+	if (desiredRealm)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				desiredRealm, -1,
+				dlginfo->in.realm, NETID_REALM_SZ);
+	lrc = SendMessage(hNetIdMgr, 32810, 0, (LPARAM) tid);
+
+	UnmapViewOfFile(dlginfo);
+	CloseHandle(hMap);
+
+	SetForegroundWindow(hForeground);
+	return lrc;
+    }
+    return -1;
+}
+
+static int
+NetId_dialog_ex(LPLSH_DLGINFO_EX lpdlginfo)
+{
+    HWND    	        hNetIdMgr;
+    HWND    		hForeground;
+
+    hNetIdMgr = FindWindow("IDMgrRequestDaemonCls", "IDMgrRequestDaemon");
+    if (hNetIdMgr != NULL) {
+	NETID_DLGINFO   *dlginfo;
+	char		*desiredName = lpdlginfo->username;
+	char            *desiredRealm = lpdlginfo->realm;
+	LPSTR            title;
+	char            *ccache;
+	LRESULT         lrc;
+	HANDLE hMap;
+	DWORD  tid = GetCurrentThreadId();
+	char mapname[256];
+
+	sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
+
+	hMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
+				 0, 4096, mapname);
+	if (hMap == NULL) {
+	    return -1;
+	} else if (hMap != NULL && GetLastError() == ERROR_ALREADY_EXISTS) {
+	    CloseHandle(hMap);
+	    return -1;
+	}
+
+	dlginfo = (NETID_DLGINFO *)MapViewOfFileEx(hMap, FILE_MAP_READ|FILE_MAP_WRITE,
+						 0, 0, 4096, NULL);
+	if (dlginfo == NULL) {
+	    CloseHandle(hMap);
+	    return -1;
+	}
+
+	hForeground = GetForegroundWindow();
+
+	if (lpdlginfo->size == LSH_DLGINFO_EX_V1_SZ ||
+	    lpdlginfo->size == LSH_DLGINFO_EX_V2_SZ)
+	{
+	    title = lpdlginfo->title;
+	    desiredName = lpdlginfo->username;
+	    desiredRealm = lpdlginfo->realm;
+	    ccache = NULL;
+	} else {
+	    title = lpdlginfo->in.title;
+	    desiredName = lpdlginfo->in.username;
+	    desiredRealm = lpdlginfo->in.realm;
+	    ccache = lpdlginfo->in.ccache;
+	}
+
+	memset(dlginfo, 0, sizeof(NETID_DLGINFO));
+
+	dlginfo->size = sizeof(NETID_DLGINFO);
+	if (lpdlginfo->dlgtype == DLGTYPE_PASSWD)
+	    dlginfo->dlgtype = NETID_DLGTYPE_TGT;
+	else
+	    dlginfo->dlgtype = NETID_DLGTYPE_CHPASSWD;
+
+	dlginfo->in.use_defaults = lpdlginfo->use_defaults;
+	dlginfo->in.forwardable  = lpdlginfo->forwardable;
+	dlginfo->in.noaddresses  = lpdlginfo->noaddresses;
+	dlginfo->in.lifetime     = lpdlginfo->lifetime;
+	dlginfo->in.renew_till   = lpdlginfo->renew_till;
+	dlginfo->in.proxiable    = lpdlginfo->proxiable;
+	dlginfo->in.publicip     = lpdlginfo->publicip;
+
+	if (title) {
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				title, -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
+	    char mytitle[NETID_TITLE_SZ];
+	    sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				mytitle, -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	} else {
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				"Obtain Kerberos TGT", -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	}
+	if (desiredName)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				desiredName, -1,
+				dlginfo->in.username, NETID_USERNAME_SZ);
+	if (desiredRealm)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				desiredRealm, -1,
+				dlginfo->in.realm, NETID_REALM_SZ);
+	if (ccache)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				ccache, -1,
+				dlginfo->in.ccache, NETID_CCACHE_NAME_SZ);
+	lrc = SendMessage(hNetIdMgr, 32810, 0, (LPARAM) tid);
+
+	if (lrc > 0) {
+	    if (lpdlginfo->size == LSH_DLGINFO_EX_V2_SZ)
+	    {
+		WideCharToMultiByte(CP_ACP, 0, dlginfo->out.username, -1,
+				     lpdlginfo->out.username, LEASH_USERNAME_SZ,
+				     NULL, NULL);
+		WideCharToMultiByte(CP_ACP, 0, dlginfo->out.realm, -1,
+				     lpdlginfo->out.realm, LEASH_REALM_SZ,
+				     NULL, NULL);
+	    }
+	    if (lpdlginfo->size == LSH_DLGINFO_EX_V3_SZ)
+	    {
+		WideCharToMultiByte(CP_ACP, 0, dlginfo->out.ccache, -1,
+				     lpdlginfo->out.ccache, LEASH_CCACHE_NAME_SZ,
+				     NULL, NULL);
+	    }
+	}
+
+	UnmapViewOfFile(dlginfo);
+	CloseHandle(hMap);
+
+	SetForegroundWindow(hForeground);
+	return lrc;
+    }
+    return -1;
+}
+
+
+#define LEASH_DLG_MUTEX_NAME  TEXT("Leash_Dialog_Mutex")
+int Leash_kinit_dlg(HWND hParent, LPLSH_DLGINFO lpdlginfo)
+{
+    int rc;
+    HANDLE hMutex;
+
+    rc = NetId_dialog(lpdlginfo);
+    if (rc > -1)
+	return rc;
+
+    hMutex = CreateMutex(NULL, TRUE, LEASH_DLG_MUTEX_NAME);
+    if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+        if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
+            return -1;
+        }
+        ReleaseMutex(hMutex);
+        CloseHandle(hMutex);
+        return 1;   /* pretend the dialog was displayed and succeeded */
+    }
+
+    lpdlginfo->dlgtype = DLGTYPE_PASSWD;
+
+    /* set the help file */
+    Leash_set_help_file(NULL);
+
+    /* Call the Dialog box with the DLL's Password Callback and the
+       DLL's instance handle. */
+    rc =  DialogBoxParam(hLeashInst, "EnterPasswordDlg", hParent,
+                          PasswordProc, (LPARAM)lpdlginfo);
+
+    ReleaseMutex(hMutex);
+    CloseHandle(hMutex);
+    return rc;
+}
+
+
+int Leash_kinit_dlg_ex(HWND hParent, LPLSH_DLGINFO_EX lpdlginfo)
+{
+    int rc;
+    HANDLE hMutex;
+
+    rc = NetId_dialog_ex(lpdlginfo);
+    if (rc > -1)
+	return rc;
+
+    hMutex = CreateMutex(NULL, TRUE, LEASH_DLG_MUTEX_NAME);
+    if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+        if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
+            return -1;
+        }
+        ReleaseMutex(hMutex);
+        CloseHandle(hMutex);
+        return 1;   /* pretend the dialog was displayed and succeeded */
+    }
+
+    /* set the help file */
+    Leash_set_help_file(NULL);
+
+    /* Call the Dialog box with the DLL's Password Callback and the
+       DLL's instance handle. */
+    rc = DialogBoxParam(hLeashInst, MAKEINTRESOURCE(IDD_AUTHENTICATE), hParent,
+                          AuthenticateProc, (LPARAM)lpdlginfo);
+    ReleaseMutex(hMutex);
+    CloseHandle(hMutex);
+    return rc;
+}
+
+
+int Leash_changepwd_dlg(HWND hParent, LPLSH_DLGINFO lpdlginfo)
+{
+    int rc;
+    HANDLE hMutex;
+
+    rc = NetId_dialog(lpdlginfo);
+    if (rc > -1)
+	return rc;
+
+    hMutex = CreateMutex(NULL, TRUE, LEASH_DLG_MUTEX_NAME);
+    if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+        if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
+            return -1;
+        }
+        ReleaseMutex(hMutex);
+        CloseHandle(hMutex);
+        return 1;   /* pretend the dialog was displayed and succeeded */
+    }
+
+    lpdlginfo->dlgtype = DLGTYPE_CHPASSWD;
+
+    /* Call the Dialog box with the DLL's Password Callback and the
+       DLL's instance handle. */
+    rc = DialogBoxParam(hLeashInst, "CHANGEPASSWORDDLG", hParent,
+                          PasswordProc, (LPARAM)lpdlginfo);
+    ReleaseMutex(hMutex);
+    CloseHandle(hMutex);
+    return rc;
+}
+
+int Leash_changepwd_dlg_ex(HWND hParent, LPLSH_DLGINFO_EX lpdlginfo)
+{
+    int rc;
+    HANDLE hMutex;
+
+    rc = NetId_dialog_ex(lpdlginfo);
+    if (rc > -1)
+	return rc;
+
+    hMutex = CreateMutex(NULL, TRUE, LEASH_DLG_MUTEX_NAME);
+    if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+        if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
+            return -1;
+        }
+        ReleaseMutex(hMutex);
+        CloseHandle(hMutex);
+        return 1;   /* pretend the dialog was displayed and succeeded */
+    }
+
+    lpdlginfo->dlgtype = DLGTYPE_CHPASSWD;
+
+    /* Call the Dialog box with the DLL's Password Callback and the
+       DLL's instance handle. */
+    rc = DialogBoxParam(hLeashInst, MAKEINTRESOURCE(IDD_PASSWORD), hParent,
+                          NewPasswordProc, (LPARAM)lpdlginfo);
+    ReleaseMutex(hMutex);
+    CloseHandle(hMutex);
+    return rc;
+}
+
+
+/*  These little utils are taken from lshutil.c
+    they are added here for the Call back function.
+****** beginning of added utils from lshutil.c  ******/
+
+BOOL IsDlgItem(HWND hWnd, WORD id)
+{
+    HWND hChild;
+
+    hChild = GetDlgItem(hWnd, id);
+    return hChild ? IsWindow(hChild) : 0;
+}
+
+int lsh_getkeystate(WORD keyid)
+{
+    static BYTE keys[256];
+
+    GetKeyboardState((LPBYTE) &keys);
+    return (int) keys[keyid];
+}
+
+LPSTR krb_err_func(int offset, long code)
+{
+    return(NULL);
+}
+
+/****** End of Added utils from leash.c  ******/
+
+
+int PaintLogoBitmap( HANDLE hPicFrame )
+{
+    HBITMAP hBitmap;
+    HBITMAP hOldBitmap;
+    BITMAP Bitmap;
+    HDC hdc, hdcMem;
+    RECT rect;
+
+    /* Invalidate the drawing space of the picframe. */
+    InvalidateRect( hPicFrame, NULL, TRUE);
+    UpdateWindow( hPicFrame );
+
+    hdc = GetDC(hPicFrame);
+    hdcMem = CreateCompatibleDC(hdc);
+    GetClientRect(hPicFrame, &rect);
+    hBitmap = LoadBitmap(hLeashInst, "LOGOBITMAP");
+    hOldBitmap = SelectObject(hdcMem, hBitmap);
+    GetObject(hBitmap, sizeof(Bitmap), (LPSTR) &Bitmap);
+    StretchBlt(hdc, 0, 0, rect.right, rect.bottom, hdcMem, 0, 0,
+               Bitmap.bmWidth, Bitmap.bmHeight, SRCCOPY);
+
+    SelectObject(hdcMem, hOldBitmap); /* pbh 8-15-94 */
+    ReleaseDC(hPicFrame, hdc);
+    DeleteObject( hBitmap );  /* pbh 8-15-94 */
+    DeleteDC( hdcMem );       /* pbh 8-15-94 */
+
+    return 0;
+}
+
+
+/* Callback function for the Password Dialog box that initilializes and
+   renews tickets. */
+
+INT_PTR
+CALLBACK
+PasswordProc(
+    HWND hDialog,
+    UINT message,
+    WPARAM wParam,
+    LPARAM lParam
+    )
+{
+    static POINT Position = { -1, -1 };
+    static short state;
+    int lifetime;
+#define ISCHPASSWD (lpdi->dlgtype == DLGTYPE_CHPASSWD)
+#define STATE_INIT     0
+#define STATE_PRINCIPAL 1
+#define STATE_OLDPWD   2
+#define STATE_NEWPWD1  3
+#define STATE_NEWPWD2  4
+#define STATE_CLOSED   5
+#define NEXTSTATE(newstate) SendMessage(hDialog, WM_COMMAND, ID_NEXTSTATE, newstate)
+    static int ids[STATE_NEWPWD2 + 1] = {
+        0,
+        ID_PRINCIPAL, ID_OLDPASSWORD, ID_CONFIRMPASSWORD1,
+        ID_CONFIRMPASSWORD2};
+    static char principal[255], oldpassword[255], newpassword[255],
+        newpassword2[255];
+    static char *strings[STATE_NEWPWD2 + 1] = {
+        NULL, principal, oldpassword, newpassword, newpassword2};
+    static LPLSH_DLGINFO lpdi;
+    char gbuf[200];                 /* global buffer for random stuff. */
+
+
+#define checkfirst(id, stuff) IsDlgItem(hDialog, id) ? stuff : 0
+#define CGetDlgItemText(hDlg, id, cp, len) checkfirst(id, GetDlgItemText(hDlg, id, cp, len))
+#define CSetDlgItemText(hDlg, id, cp) checkfirst(id, SetDlgItemText(hDlg, id, cp))
+#define CSetDlgItemInt(hDlg, id, i, b) checkfirst(id, SetDlgItemInt(hDlg, id, i, b))
+#define CSendDlgItemMessage(hDlg, id, m, w, l) checkfirst(id, SendDlgItemMessage(hDlg, id, m, w, l))
+#define CSendMessage(hwnd, m, w, l) IsWindow(hwnd) ? SendMessage(hwnd, m, w, l) : 0
+#define CShowWindow(hwnd, state) IsWindow(hwnd) ? ShowWindow(hwnd, state) : 0
+
+#define GETITEMTEXT(id, cp, maxlen) \
+  GetDlgItemText(hDialog, id, (LPSTR)(cp), maxlen)
+#define CloseMe(x) SendMessage(hDialog, WM_COMMAND, ID_CLOSEME, x)
+
+
+#define EDITFRAMEIDOFFSET               500
+
+    switch (message) {
+
+    case WM_INITDIALOG:
+
+        *( (LPLSH_DLGINFO far *)(&lpdi) ) = (LPLSH_DLGINFO)(LPSTR)lParam;
+        lpdi->dlgstatemax = ISCHPASSWD ? STATE_NEWPWD2
+            : STATE_OLDPWD;
+        SetWindowText(hDialog, lpdi->title);
+        /* stop at old password for normal password dlg */
+
+        SetProp(hDialog, "HANDLES_HELP", (HANDLE)1);
+
+        if (lpdi->principal)
+            lstrcpy(principal, lpdi->principal);
+        else
+	{
+            principal[0] = '\0';
+            /* is there a principal already being used? if so, use it. */
+	    }
+
+        CSetDlgItemText(hDialog, ID_PRINCIPAL, principal);
+
+        lifetime = Leash_get_default_lifetime();
+        if (lifetime <= 0)
+            lifetime = 600; /* 10 hours */
+
+        CSetDlgItemInt(hDialog, ID_DURATION, lifetime, FALSE);
+
+        /* setup text of stuff. */
+
+        if (Position.x > 0 && Position.y > 0 &&
+            Position.x < GetSystemMetrics(SM_CXSCREEN) &&
+            Position.y < GetSystemMetrics(SM_CYSCREEN))
+            SetWindowPos(hDialog, 0, Position.x, Position.y, 0, 0,
+                         SWP_NOSIZE | SWP_NOZORDER);
+
+        /* set window pos to last saved window pos */
+
+
+        /* replace standard edit control with our own password edit
+           control for password entry. */
+        {
+            RECT r;
+            POINT pxy, psz;
+            HWND hwnd;
+            int i;
+
+            for (i = ID_OLDPASSWORD; i <= ids[lpdi->dlgstatemax]; i++)
+            {
+                hwnd = GetDlgItem(hDialog, i);
+                GetWindowRect(hwnd, &r);
+                psz.x = r.right - r.left;
+                psz.y = r.bottom - r.top;
+
+                pxy.x = r.left; pxy.y = r.top;
+                ScreenToClient(hDialog, &pxy);
+
+                /* create a substitute window: */
+
+                DestroyWindow(hwnd);
+                /* kill off old edit window. */
+
+                CreateWindow(MIT_PWD_DLL_CLASS,	/* our password window :o] */
+                             "",		/* no text */
+                             WS_CHILD | WS_VISIBLE | WS_TABSTOP, /* child window, visible,tabstop */
+                             pxy.x, pxy.y,	/* x, y coords */
+                             psz.x, psz.y,	/* width, height */
+                             hDialog,		/* the parent */
+                             (HMENU)i,		/* same id *//* id offset for the frames */
+                             (HANDLE)hLeashInst,/* instance handles */
+                             NULL);		/* createstruct */
+            }
+        }
+
+        state = STATE_INIT;
+        NEXTSTATE(STATE_PRINCIPAL);
+        break;
+
+    case WM_PAINT:
+        PaintLogoBitmap( GetDlgItem(hDialog, ID_PICFRAME) );
+        break;
+
+    case WM_COMMAND:
+        switch (wParam) {
+        case ID_HELP:
+	{
+            WinHelp(GetWindow(hDialog,GW_OWNER), KRB_HelpFile, HELP_CONTEXT,
+                    ISCHPASSWD ? ID_CHANGEPASSWORD : ID_INITTICKETS);
+	}
+	break;
+        case ID_CLOSEME:
+	{
+            int i;
+
+            for (i = STATE_PRINCIPAL; i <= lpdi->dlgstatemax; i++)
+	    {
+                memset(strings[i], '\0', 255);
+                SetDlgItemText(hDialog, ids[i], "");
+	    }
+            /* I claim these passwords in the name
+               of planet '\0'... */
+
+            RemoveProp(hDialog, "HANDLES_HELP");
+            state = STATE_CLOSED;
+            EndDialog(hDialog, (int)lParam);
+        return TRUE;
+	}
+	break;
+        case ID_DURATION:
+            break;
+        case ID_PRINCIPAL:
+        case ID_OLDPASSWORD:
+        case ID_CONFIRMPASSWORD1:
+        case ID_CONFIRMPASSWORD2:
+            if (HIWORD(lParam) == EN_SETFOCUS)
+            {
+                /* nothing, for now. */
+            }
+            break;
+        case ID_NEXTSTATE:
+	{
+            RECT rbtn, redit;
+            POINT p;
+            int idfocus, i, s;
+            HWND hfocus, hbtn;
+            int oldstate = state;
+
+            state = (int)lParam;
+            idfocus = ids[state];
+
+#ifdef ONE_NEWPWDBOX
+            if (state == STATE_NEWPWD2)
+                SendDlgItemMessage(hDialog, ID_CONFIRMPASSWORD1, WM_SETTEXT,
+                                   0, (LONG)(LPSTR)"");
+#endif
+
+            for (s = STATE_PRINCIPAL; s <= lpdi->dlgstatemax; s++)
+	    {
+                i = ids[s];
+
+                if (s > state)
+                    SendDlgItemMessage(hDialog, i, WM_SETTEXT, 0,
+                                       (LONG)(LPSTR)"");
+                EnableWindow(GetDlgItem(hDialog, i), i == idfocus);
+                ShowWindow(GetDlgItem(hDialog, i),
+                           (i <= idfocus ? SW_SHOW : SW_HIDE));
+                /* ShowWindow(GetDlgItem(hDialog, i + CAPTION_OFFSET),
+                   (i <= idfocus ? SW_SHOW : SW_HIDE));*/
+                /* show caption? */
+	    }
+#ifdef ONE_NEWPWDBOX
+            CSetDlgItemText(hDialog, ID_CONFIRMCAPTION1,
+                            state < STATE_NEWPWD2 ?
+                            "Enter new password:" :
+                            "Enter new password again:");
+            if (state == STATE_NEWPWD2)
+	    {
+                HWND htext;
+                htext = GetDlgItem(hDialog, ID_CONFIRMCAPTION1);
+                FlashAnyWindow(htext);
+                WinSleep(50);
+                FlashAnyWindow(htext);
+	    }
+#endif
+
+            hfocus = GetDlgItem(hDialog, idfocus);
+            if ( hfocus != (HWND)NULL ){
+                SetFocus(hfocus); /* switch focus */
+                if (idfocus >= ID_OLDPASSWORD)
+                    SendMessage(hfocus, WM_SETTEXT, 0, (LPARAM) (LPSTR) "");
+                else
+                {
+                    SendMessage(hfocus, EM_SETSEL, 0, MAKELONG(0, -1));
+                }
+                GetWindowRect(hfocus, &redit);
+            }
+
+            hbtn   = GetDlgItem(hDialog, IDOK);
+            if( IsWindow(hbtn) ){
+                GetWindowRect(hbtn, &rbtn);
+                p.x = rbtn.left; p.y = redit.top;
+                ScreenToClient(hDialog, &p);
+
+                SetWindowPos(hbtn, 0, p.x, p.y, 0, 0,
+                             SWP_NOSIZE | SWP_NOZORDER);
+            }
+	}
+	break;
+        case IDOK:
+	{
+	    char* p_Principal;
+            DWORD value = 0;
+
+	    GETITEMTEXT(ids[state], (LPSTR)strings[state], 255);
+
+            switch(state)
+            {
+            case STATE_PRINCIPAL:
+            {
+                if (!principal[0])
+                {
+                    MessageBox(hDialog,
+                                "You are not allowed to enter a blank principal.",
+                               "Invalid Principal",
+                               MB_OK | MB_ICONSTOP);
+                    NEXTSTATE(STATE_PRINCIPAL);
+                    return TRUE;
+                }
+
+	        // Change 'principal' to upper case after checking
+	        // "UpperCase" value in the Registry
+                p_Principal = strchr(principal, '@');
+
+                if (p_Principal && Leash_get_default_uppercaserealm())
+                    strupr(p_Principal);
+                break;
+            }
+	    case STATE_OLDPWD:
+            {
+		int duration;
+
+		if (!ISCHPASSWD)
+                    duration = GetDlgItemInt(hDialog, ID_DURATION, 0, FALSE);
+                if (!oldpassword[0])
+                {
+                    MessageBox(hDialog, "You are not allowed to enter a "
+                               "blank password.",
+                               "Invalid Password",
+                               MB_OK | MB_ICONSTOP);
+                    NEXTSTATE(STATE_OLDPWD);
+                    return TRUE;
+                }
+                if (lpdi->dlgtype == DLGTYPE_CHPASSWD)
+                    lsh_errno = Leash_int_checkpwd(principal, oldpassword, 1);
+                else
+                {
+                    lsh_errno = Leash_int_kinit_ex( 0,
+                                                    hDialog,
+                                                    principal,
+                                                    oldpassword,
+                                                    duration,
+                                                    Leash_get_default_forwardable(),
+                                                    Leash_get_default_proxiable(),
+                                                    Leash_get_default_renew_till(),
+                                                    Leash_get_default_noaddresses(),
+                                                    Leash_get_default_publicip(),
+                                                    1
+                                                    );
+                }
+		if (lsh_errno != 0)
+                {
+		    int next_state = state;
+		    int capslock;
+		    char *cp;
+
+		    err_context = "";
+
+		    switch(lsh_errno)
+                    {
+                    case LSH_INVPRINCIPAL:
+                    case LSH_INVINSTANCE:
+                    case LSH_INVREALM:
+			next_state = STATE_PRINCIPAL;
+			break;
+                    }
+		    capslock = lsh_getkeystate(VK_CAPITAL);
+                    /* low-order bit means caps lock is
+                       toggled; if so, warn user since there's
+                       been an error. */
+		    if (capslock & 1)
+                    {
+			lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
+			cp = gbuf + lstrlen((LPSTR)gbuf);
+			if (cp != gbuf)
+                            *cp++ = ' ';
+			lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
+			err_context = gbuf;
+                    }
+
+// XXX		    DoNiftyErrorReport(lsh_errno, ISCHPASSWD ? ""
+// XXX				       : "Ticket initialization failed.");
+		    NEXTSTATE(next_state);
+		    return TRUE;
+                }
+		if (ISCHPASSWD)
+                    break;
+		CloseMe(TRUE); /* success */
+            }
+            break;
+	    case STATE_NEWPWD1:
+            {
+                int i = 0;
+                int bit8 = 0;
+
+                for( i = 0; i < 255; i++ ){
+                    if( newpassword[i] == '\0' ){
+                        if ( bit8 ) {
+                            MessageBox(hDialog,
+                                        "Passwords should not contain non-ASCII characters.",
+                                        "Internationalization Warning",
+                                        MB_OK | MB_ICONINFORMATION);
+                        }
+                        i = 255;
+                        break;
+                    } else if( !isprint(newpassword[i]) ){
+                        memset(newpassword, '\0', 255);
+                        /* I claim these passwords in the name of planet '\0'... */
+                        MessageBox(hDialog,
+                                   "Passwords may not contain non-printable characters.",
+                                    "Invalid Password",
+                                    MB_OK | MB_ICONSTOP);
+                        NEXTSTATE(STATE_NEWPWD1);
+                        return TRUE;
+                    } else if ( newpassword[i] > 127 )
+                        bit8 = 1;
+                }
+            }
+            break;
+	    case STATE_NEWPWD2:
+                if (lstrcmp(newpassword, newpassword2))
+                {
+                    NEXTSTATE(STATE_NEWPWD1);
+                    MessageBox(hDialog,
+                                "The new password was not entered the same way twice.",
+                                "Password validation error",
+                                MB_OK | MB_ICONSTOP);
+                    return TRUE;
+                }
+                else
+                {
+                    /* make them type both pwds again if error */
+                    int next_state = STATE_NEWPWD1;
+                    int capslock;
+                    char *cp;
+
+                    capslock = lsh_getkeystate(VK_CAPITAL);
+                    /* low-order bit means caps lock is
+                       toggled; if so, warn user since there's
+                       been an error. */
+                    if (capslock & 1)
+                    {
+                        lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
+                        cp = gbuf + lstrlen((LPSTR)gbuf);
+                        if (cp != gbuf)
+                            *cp++ = ' ';
+                        lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
+                        err_context = gbuf;
+                    }
+
+                    if ((lsh_errno =
+                         Leash_int_changepwd(principal, oldpassword,
+                                         newpassword, 0, 1))
+                        == 0){
+                        CloseMe(TRUE);
+                    }
+                    else {
+                        // XXX - DoNiftyErrorReport(lsh_errno, "Error while changing password.");
+                        NEXTSTATE(next_state);
+                        return TRUE;
+
+                    }
+		}
+                break;
+	    }
+            /* increment state, but send the old state as a
+               parameter */
+            SendMessage(hDialog, WM_COMMAND, ID_NEXTSTATE, state + 1);
+	}
+	break;
+        case IDCANCEL:
+            CloseMe(FALSE);
+            break;
+        case ID_RESTART:
+	{
+            int i;
+
+            for (i = ID_OLDPASSWORD; i <= ids[lpdi->dlgstatemax]; i++)
+                SetDlgItemText(hDialog, i, "");
+            SendMessage(hDialog, WM_COMMAND, ID_NEXTSTATE,
+                        STATE_PRINCIPAL);
+	}
+	break;
+        }
+        break;
+
+    case WM_MOVE:
+        if (state != STATE_CLOSED)
+#ifdef _WIN32
+#define LONG2POINT(l,pt) ((pt).x=(SHORT)LOWORD(l),  \
+			  (pt).y=(SHORT)HIWORD(l))
+            LONG2POINT(lParam,Position);
+#else
+        Position = MAKEPOINT(lParam);
+#endif
+        break;
+    }
+    return FALSE;
+}
+
+
+#define KRB_FILE                "KRB.CON"
+#define KRBREALM_FILE           "KRBREALM.CON"
+#define KRB5_FILE               "KRB5.INI"
+
+BOOL
+GetProfileFile(
+    LPSTR confname,
+    UINT szConfname
+    )
+{
+    char **configFile = NULL;
+    if (hKrb5 &&
+         pkrb5_get_default_config_files(&configFile))
+    {
+        GetWindowsDirectory(confname,szConfname);
+        confname[szConfname-1] = '\0';
+        strncat(confname, "\\",sizeof(confname)-strlen(confname));
+        confname[szConfname-1] = '\0';
+        strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
+        confname[szConfname-1] = '\0';
+        return FALSE;
+    }
+
+    *confname = 0;
+
+    if (hKrb5 && configFile)
+    {
+        strncpy(confname, *configFile, szConfname);
+        pkrb5_free_config_files(configFile);
+    }
+
+    if (!*confname)
+    {
+        GetWindowsDirectory(confname,szConfname);
+        confname[szConfname-1] = '\0';
+        strncat(confname, "\\",sizeof(confname)-strlen(confname));
+        confname[szConfname-1] = '\0';
+        strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
+        confname[szConfname-1] = '\0';
+    }
+
+    return FALSE;
+}
+
+int
+readstring(FILE * file, char * buf, int len)
+{
+	int  c,i;
+	memset(buf, '\0', sizeof(buf));
+	for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++)
+	{
+		if (i < sizeof(buf)) {
+			if (c == '\n') {
+				buf[i] = '\0';
+				return i;
+			} else {
+				buf[i] = c;
+			}
+		} else {
+			if (c == '\n') {
+				buf[len-1] = '\0';
+				return(i);
+			}
+		}
+	}
+	if (c == EOF) {
+		if (i > 0 && i < len) {
+			buf[i] = '\0';
+			return(i);
+		} else {
+			buf[len-1] = '\0';
+			return(-1);
+		}
+	}
+    return(-1);
+}
+
+typedef struct _slider_info {
+	int slider_id;
+	int text_id;
+	int min;
+	int max;
+	int increment;
+	struct _slider_info * next;
+} slider_info;
+static slider_info * sliders = NULL;
+
+static slider_info *
+FreeSlider(slider_info * s)
+{
+	slider_info * n = NULL;
+
+	if (s) {
+		n = s->next;
+		free(s);
+	}
+	return n;
+}
+
+static void
+CleanupSliders(void)
+{
+	while(sliders)
+		sliders = FreeSlider(sliders);
+}
+
+
+static unsigned short
+NewSliderValue(HWND hDialog, int id)
+{
+	int value = 0;
+	slider_info * s = sliders;
+	while(s) {
+		if (s->slider_id == id) {
+			int pos = CSendDlgItemMessage( hDialog, id,
+										 TBM_GETPOS,
+										 (WPARAM) 0, (LPARAM) 0);
+			value = s->min + (pos * s->increment);
+			break;
+		}
+		s = s->next;
+	}
+	return(value);
+}
+
+static const char *
+NewSliderString(int id, int pos)
+{
+	static char buf[64]="";
+	char * p = buf;
+	int value = 0;
+	int must_hours = 0;
+	slider_info * s = sliders;
+	while(s) {
+		if (s->slider_id == id) {
+			value = s->min + pos * s->increment;
+			*p = 0;
+			if (value >= 60 * 24) {
+				sprintf(p,"%d day(s) ",value / (60 * 24));
+				value %= (60 * 24);
+				p += strlen(p);
+				must_hours = 1;
+			}
+			if (must_hours || value >= 60) {
+				sprintf(p,"%d hour(s) ",value / 60);
+				value %= 60;
+				p += strlen(p);
+			}
+			sprintf(p,"%d minute(s) ",value);
+			break;
+		}
+		s = s->next;
+	}
+	return(buf);
+}
+
+static void
+SetupSlider( HWND hDialog,
+			 int sliderID,
+			 int textFieldID,
+			 int minimum,
+			 int maximum,
+			 int value)
+{
+    int min = minimum;
+    int max = maximum;
+    int increment = 0;
+    int range;
+	int roundedMinimum;
+	int roundedMaximum;
+	int roundedValue;
+	slider_info * new_info;
+
+    if (max < min) {
+        // swap values
+        int temp = max;
+        max = min;
+        min = temp;
+    }
+	range = max - min;
+
+    if (range < 5*60)             { increment = 1;       //  1 s if under   5 m
+    } else if (range < 30*60)     { increment = 5;       //  5 s if under  30 m
+    } else if (range < 60*60)     { increment = 15;      // 15 s if under   1 h
+    } else if (range < 2*60*60)   { increment = 30;      // 30 s if under   2 h
+    } else if (range < 5*60*60)   { increment = 60;      //  1 m if under   5 h
+    } else if (range < 50*60*60)  { increment = 5*60;    //  5 m if under  50 h
+    } else if (range < 200*60*60) { increment = 15*60;   // 15 m if under 200 h
+    } else if (range < 500*60*60) { increment = 30*60;   // 30 m if under 500 h
+    } else                        { increment = 60*60; } //  1 h otherwise
+
+    roundedMinimum = (min / increment) * increment;
+    if (roundedMinimum > min) { roundedMinimum -= increment; }
+    if (roundedMinimum <= 0)  { roundedMinimum += increment; } // make positive
+
+    roundedMaximum = (max / increment) * increment;
+    if (roundedMaximum < max) { roundedMaximum += increment; }
+
+    roundedValue = (value / increment) * increment;
+    if (roundedValue < roundedMinimum) { roundedValue = roundedMinimum; }
+    if (roundedValue > roundedMaximum) { roundedValue = roundedMaximum; }
+
+    if (roundedMinimum == roundedMaximum) {
+        // [textField setTextColor: [NSColor grayColor]];
+		EnableWindow(GetDlgItem(hDialog,sliderID),FALSE);
+    } else {
+        // [textField setTextColor: [NSColor blackColor]];
+		EnableWindow(GetDlgItem(hDialog,sliderID),TRUE);
+    }
+
+	CSendDlgItemMessage( hDialog, sliderID,
+						 TBM_SETRANGEMIN,
+						 (WPARAM) FALSE,
+						 (LPARAM) 0 );
+	CSendDlgItemMessage( hDialog, sliderID,
+						 TBM_SETRANGEMAX,
+						 (WPARAM) FALSE,
+						 (LPARAM) (roundedMaximum - roundedMinimum) / increment );
+	CSendDlgItemMessage( hDialog, sliderID,
+						 TBM_SETPOS,
+						 (WPARAM) TRUE,
+						 (LPARAM) (roundedValue - roundedMinimum) / increment);
+
+	new_info = (slider_info *) malloc(sizeof(slider_info));
+	new_info->slider_id = sliderID;
+	new_info->text_id = textFieldID;
+	new_info->min = roundedMinimum;
+	new_info->max = roundedMaximum;
+	new_info->increment = increment;
+	new_info->next = sliders;
+	sliders = new_info;
+
+	SetWindowText(GetDlgItem(hDialog, textFieldID),
+				   NewSliderString(sliderID,(roundedValue - roundedMinimum) / increment));
+}
+
+
+static void
+AdjustOptions(HWND hDialog, int show, int hideDiff)
+{
+    RECT rect;
+    RECT dlgRect;
+    HWND hwnd;
+    int diff;
+
+    Leash_set_hide_kinit_options(!show);
+
+    ShowWindow(GetDlgItem(hDialog,IDC_STATIC_LIFETIME),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_STATIC_LIFETIME_VALUE),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_SLIDER_LIFETIME),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_SLIDER_RENEWLIFE),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_STATIC_RENEW),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_STATIC_RENEW_TILL_VALUE),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_CHECK_FORWARDABLE),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_CHECK_NOADDRESS),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_CHECK_RENEWABLE),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_STATIC_KRB5),show);
+    ShowWindow(GetDlgItem(hDialog,IDC_BUTTON_CLEAR_HISTORY),show);
+
+    GetWindowRect( hDialog, &dlgRect );
+    diff = dlgRect.top + GetSystemMetrics(SM_CYCAPTION)
+         + GetSystemMetrics(SM_CYDLGFRAME) + (show ? -1 : 1) * hideDiff;
+
+    hwnd = GetDlgItem(hDialog,IDOK);
+    GetWindowRect(hwnd,&rect);
+    SetWindowPos(hwnd,0,rect.left-dlgRect.left-GetSystemMetrics(SM_CXDLGFRAME),rect.top-diff,0,0,SWP_NOZORDER|SWP_NOSIZE);
+    hwnd = GetDlgItem(hDialog,IDCANCEL);
+    GetWindowRect(hwnd,&rect);
+    SetWindowPos(hwnd,0,rect.left-dlgRect.left-GetSystemMetrics(SM_CXDLGFRAME),rect.top-diff,0,0,SWP_NOZORDER|SWP_NOSIZE);
+    hwnd = GetDlgItem(hDialog,IDC_BUTTON_OPTIONS);
+    GetWindowRect(hwnd,&rect);
+    SetWindowPos(hwnd,0,rect.left-dlgRect.left-GetSystemMetrics(SM_CXDLGFRAME),rect.top-diff,0,0,SWP_NOZORDER|SWP_NOSIZE);
+    hwnd = GetDlgItem(hDialog,IDC_STATIC_VERSION);
+    GetWindowRect(hwnd,&rect);
+    SetWindowPos(hwnd,0,rect.left-dlgRect.left-GetSystemMetrics(SM_CXDLGFRAME),rect.top-diff,0,0,SWP_NOZORDER|SWP_NOSIZE);
+    hwnd = GetDlgItem(hDialog,IDC_STATIC_COPYRIGHT);
+    GetWindowRect(hwnd,&rect);
+    SetWindowPos(hwnd,0,rect.left-dlgRect.left-GetSystemMetrics(SM_CXDLGFRAME),rect.top-diff,0,0,SWP_NOZORDER|SWP_NOSIZE);
+    SetWindowPos(hDialog,0,0,0,
+                 dlgRect.right-dlgRect.left,
+                 dlgRect.bottom-dlgRect.top+(show ? 1 : - 1) * hideDiff,
+                 SWP_NOZORDER|SWP_NOMOVE);
+
+    CSetDlgItemText(hDialog, IDC_BUTTON_OPTIONS,
+                    show ? "Hide Advanced" : "Show Advanced");
+
+}
+
+/* Callback function for the Authentication Dialog box that initializes and
+   renews tickets. */
+
+INT_PTR
+CALLBACK
+AuthenticateProc(
+    HWND hDialog,
+    UINT message,
+    WPARAM wParam,
+    LPARAM lParam
+    )
+{
+    static POINT Position = { -1, -1 };
+    static char principal[256]="";
+    static char password[256]="";
+    static int  lifetime=0;
+    static int  renew_till=0;
+    static int  forwardable=0;
+    static int  noaddresses=0;
+    static int  proxiable=0;
+    static int  publicip=0;
+    static LPLSH_DLGINFO_EX lpdi;
+    static HWND hDlg=0;
+    static HWND hSliderLifetime=0;
+    static HWND hSliderRenew=0;
+    static RECT dlgRect;
+    static int  hideDiff = 0;
+    static void *pAutoComplete = 0;
+    long realm_count = 0;
+    int disable_noaddresses = 0;
+    HWND hEditCtrl=0;
+    HWND hFocusCtrl=0;
+    BOOL bReadOnlyPrinc=0;
+
+    switch (message) {
+
+    case WM_INITDIALOG:
+	hDlg = hDialog;
+
+        hEditCtrl = GetDlgItem(hDialog, IDC_EDIT_PRINCIPAL);
+        if (hEditCtrl)
+            pAutoComplete = Leash_pec_create(hEditCtrl);
+	hSliderLifetime = GetDlgItem(hDialog, IDC_STATIC_LIFETIME_VALUE);
+	hSliderRenew = GetDlgItem(hDialog, IDC_STATIC_RENEW_TILL_VALUE);
+
+        *( (LPLSH_DLGINFO_EX far *)(&lpdi) ) = (LPLSH_DLGINFO_EX)(LPSTR)lParam;
+
+	if ((lpdi->size != LSH_DLGINFO_EX_V1_SZ &&
+	     lpdi->size != LSH_DLGINFO_EX_V2_SZ &&
+	      lpdi->size < LSH_DLGINFO_EX_V3_SZ) ||
+	     (lpdi->dlgtype & DLGTYPE_MASK) != DLGTYPE_PASSWD) {
+
+	    MessageBox(hDialog, "An incorrect initialization data structure was provided.",
+			"AuthenticateProc()",
+			MB_OK | MB_ICONSTOP);
+	    return FALSE;
+	}
+        bReadOnlyPrinc = (lpdi->dlgtype & DLGFLAG_READONLYPRINC) ?
+                         TRUE : FALSE;
+
+        if ( lpdi->size >= LSH_DLGINFO_EX_V2_SZ ) {
+            lpdi->out.username[0] = 0;
+            lpdi->out.realm[0] = 0;
+        }
+        if ( lpdi->size >= LSH_DLGINFO_EX_V3_SZ ) {
+            lpdi->out.ccache[0] = 0;
+        }
+
+        if ( lpdi->size >= LSH_DLGINFO_EX_V3_SZ )
+	    SetWindowText(hDialog, lpdi->in.title);
+	else
+	    SetWindowText(hDialog, lpdi->title);
+
+        SetProp(hDialog, "HANDLES_HELP", (HANDLE)1);
+	if (lpdi->use_defaults) {
+	    lifetime = Leash_get_default_lifetime();
+	    if (lifetime <= 0)
+		lifetime = 600; /* 10 hours */
+	    if (Leash_get_default_renewable()) {
+                renew_till = Leash_get_default_renew_till();
+                if (renew_till < 0)
+                    renew_till = 10800; /* 7 days */
+            } else
+                renew_till = 0;
+	    forwardable = Leash_get_default_forwardable();
+	    if (forwardable < 0)
+		forwardable = 0;
+	    noaddresses = Leash_get_default_noaddresses();
+	    if (noaddresses < 0)
+		noaddresses = 0;
+	    proxiable = Leash_get_default_proxiable();
+	    if (proxiable < 0)
+		proxiable = 0;
+	    publicip = Leash_get_default_publicip();
+	    if (publicip < 0)
+		publicip = 0;
+	} else {
+	    forwardable = lpdi->forwardable;
+	    noaddresses = lpdi->noaddresses;
+	    lifetime = lpdi->lifetime;
+	    renew_till = lpdi->renew_till;
+	    proxiable = lpdi->proxiable;
+	    publicip = lpdi->publicip;
+	}
+        if (lpdi->username && (strlen(lpdi->username) > 0) &&
+            lpdi->realm && (strlen(lpdi->realm) > 0)) {
+            sprintf_s(principal, sizeof(principal), "%s@%s", lpdi->username,
+                      lpdi->realm);
+        } else {
+            principal[0] = 0;
+        }
+        Edit_SetReadOnly(hEditCtrl, bReadOnlyPrinc);
+        CSetDlgItemText(hDialog, IDC_EDIT_PRINCIPAL, principal);
+        CSetDlgItemText(hDialog, IDC_EDIT_PASSWORD, "");
+
+	/* Set Lifetime Slider
+	*   min value = 5
+	*   max value = 1440
+	*   current value
+	*/
+
+	SetupSlider( hDialog,
+		     IDC_SLIDER_LIFETIME,
+		     IDC_STATIC_LIFETIME_VALUE,
+		     Leash_get_default_life_min(),
+		     Leash_get_default_life_max(),
+		     lifetime );
+
+        CheckDlgButton(hDialog, IDC_CHECK_REMEMBER_PRINCIPAL, TRUE);
+	/* Set Forwardable checkbox */
+	CheckDlgButton(hDialog, IDC_CHECK_FORWARDABLE, forwardable);
+	/* Set NoAddress checkbox */
+	CheckDlgButton(hDialog, IDC_CHECK_NOADDRESS, noaddresses);
+        if ( disable_noaddresses )
+            EnableWindow(GetDlgItem(hDialog,IDC_CHECK_NOADDRESS),FALSE);
+	/* Set Renewable checkbox */
+	CheckDlgButton(hDialog, IDC_CHECK_RENEWABLE, renew_till);
+	/* if not renewable, disable Renew Till slider */
+	/* if renewable, set Renew Till slider
+	*     min value
+	*     max value
+	*     current value
+	*/
+	SetupSlider( hDialog,
+		     IDC_SLIDER_RENEWLIFE,
+		     IDC_STATIC_RENEW_TILL_VALUE,
+		     Leash_get_default_renew_min(),
+		     Leash_get_default_renew_max(),
+		     renew_till);
+	if (renew_till) {
+	    EnableWindow(GetDlgItem(hDialog,IDC_SLIDER_RENEWLIFE),TRUE);
+	} else {
+	    EnableWindow(GetDlgItem(hDialog,IDC_SLIDER_RENEWLIFE),FALSE);
+	}
+
+        // Compute sizes of items necessary to show/hide the advanced options
+        GetWindowRect( hDialog, &dlgRect );
+        {
+            RECT okRect, staticRect;
+            GetWindowRect(GetDlgItem(hDialog,IDC_STATIC_LIFETIME),&staticRect);
+            GetWindowRect(GetDlgItem(hDialog,IDOK),&okRect);
+            hideDiff = okRect.top - staticRect.top;
+        }
+
+        if ( hKrb5 ) {
+            if (Leash_get_hide_kinit_options())
+                AdjustOptions(hDialog,0,hideDiff);
+        } else {
+            AdjustOptions(hDialog,0,hideDiff);
+            EnableWindow(GetDlgItem(hDialog,IDC_BUTTON_OPTIONS),FALSE);
+            ShowWindow(GetDlgItem(hDialog,IDC_BUTTON_OPTIONS),SW_HIDE);
+        }
+
+        /* setup text of stuff. */
+
+        if (Position.x > 0 && Position.y > 0 &&
+            Position.x < GetSystemMetrics(SM_CXSCREEN) &&
+            Position.y < GetSystemMetrics(SM_CYSCREEN))
+            SetWindowPos(hDialog, HWND_TOP, Position.x, Position.y, 0, 0, SWP_NOSIZE);
+        else /* Center the window on the desktop */
+            SetWindowPos(hDialog, HWND_TOP,
+                         (GetSystemMetrics(SM_CXSCREEN) - dlgRect.right + dlgRect.left)/2,
+                         (GetSystemMetrics(SM_CYSCREEN) - dlgRect.bottom + dlgRect.top)/2,
+                         0, 0,
+                         SWP_NOSIZE);
+
+        /* Take keyboard focus */
+        SetActiveWindow(hDialog);
+        SetForegroundWindow(hDialog);
+        /* put focus on password if princ is read-only */
+        hFocusCtrl = (bReadOnlyPrinc || principal[0] != '\0') ?
+            GetDlgItem(hDialog, IDC_EDIT_PASSWORD) : hEditCtrl;
+        if (((HWND)wParam) != hFocusCtrl) {
+            SetFocus(hFocusCtrl);
+        }
+        break;
+
+	case WM_HSCROLL:
+	switch (LOWORD(wParam)) {
+	case TB_THUMBTRACK:
+	case TB_THUMBPOSITION:
+	    {
+		long pos = HIWORD(wParam); // the position of the slider
+		int  ctrlID = GetDlgCtrlID((HWND)lParam);
+
+		if (ctrlID == IDC_SLIDER_RENEWLIFE) {
+		    SetWindowText(GetDlgItem(hDialog, IDC_STATIC_RENEW_TILL_VALUE),
+				   NewSliderString(IDC_SLIDER_RENEWLIFE,pos));
+		}
+		if (ctrlID == IDC_SLIDER_LIFETIME) {
+		    SetWindowText(GetDlgItem(hDialog, IDC_STATIC_LIFETIME_VALUE),
+				   NewSliderString(IDC_SLIDER_LIFETIME,pos));
+		}
+	    }
+	    break;
+        case TB_BOTTOM:
+        case TB_TOP:
+        case TB_ENDTRACK:
+        case TB_LINEDOWN:
+        case TB_LINEUP:
+        case TB_PAGEDOWN:
+        case TB_PAGEUP:
+	default:
+	    {
+		int  ctrlID = GetDlgCtrlID((HWND)lParam);
+		long pos = SendMessage(GetDlgItem(hDialog,ctrlID), TBM_GETPOS, 0, 0); // the position of the slider
+
+		if (ctrlID == IDC_SLIDER_RENEWLIFE) {
+		    SetWindowText(GetDlgItem(hDialog, IDC_STATIC_RENEW_TILL_VALUE),
+				   NewSliderString(IDC_SLIDER_RENEWLIFE,pos));
+		}
+		if (ctrlID == IDC_SLIDER_LIFETIME) {
+		    SetWindowText(GetDlgItem(hDialog, IDC_STATIC_LIFETIME_VALUE),
+				   NewSliderString(IDC_SLIDER_LIFETIME,pos));
+		}
+	    }
+	}
+        break;
+
+    case WM_COMMAND:
+        switch (wParam) {
+	case IDC_BUTTON_OPTIONS:
+	    {
+                AdjustOptions(hDialog,Leash_get_hide_kinit_options(),hideDiff);
+                GetWindowRect(hDialog,&dlgRect);
+                if ( dlgRect.bottom > GetSystemMetrics(SM_CYSCREEN))
+                    SetWindowPos( hDialog,0,
+                                  dlgRect.left,
+                                  GetSystemMetrics(SM_CYSCREEN) - dlgRect.bottom + dlgRect.top,
+                                  0,0,
+                                  SWP_NOZORDER|SWP_NOSIZE);
+
+	    }
+	    break;
+    case IDC_BUTTON_CLEAR_HISTORY:
+        Leash_pec_clear_history(pAutoComplete);
+        break;
+	case IDC_CHECK_RENEWABLE:
+	    {
+		if (IsDlgButtonChecked(hDialog, IDC_CHECK_RENEWABLE)) {
+		    EnableWindow(hSliderRenew,TRUE);
+		} else {
+		    EnableWindow(hSliderRenew,FALSE);
+		}
+	    }
+	    break;
+        case ID_HELP:
+	    {
+		WinHelp(GetWindow(hDialog,GW_OWNER), KRB_HelpFile, HELP_CONTEXT,
+			 ID_INITTICKETS);
+	    }
+	    break;
+        case ID_CLOSEME:
+	    {
+		CleanupSliders();
+		memset(password,0,sizeof(password));
+		RemoveProp(hDialog, "HANDLES_HELP");
+        if (pAutoComplete) {
+            Leash_pec_destroy(pAutoComplete);
+            pAutoComplete = NULL;
+        }
+		EndDialog(hDialog, (int)lParam);
+                return TRUE;
+	    }
+	    break;
+        case IDOK:
+	    {
+		DWORD value = 0;
+
+		CGetDlgItemText(hDialog, IDC_EDIT_PRINCIPAL, principal, sizeof(principal));
+		CGetDlgItemText(hDialog, IDC_EDIT_PASSWORD, password, sizeof(password));
+
+		if (!principal[0]) {
+		    MessageBox(hDialog,
+                       "You are not allowed to enter a blank principal.",
+                       "Invalid Principal",
+                       MB_OK | MB_ICONSTOP);
+		    return TRUE;
+		}
+        // @TODO: parse realm portion and auto-uppercase
+/*
+		if (Leash_get_default_uppercaserealm())
+		{
+		    // found
+		    strupr(realm);
+		}
+*/
+
+		if (!password[0])
+		{
+		    MessageBox(hDialog,
+                                "You are not allowed to enter a blank password.",
+				"Invalid Password",
+				MB_OK | MB_ICONSTOP);
+		    return TRUE;
+		}
+
+		lifetime = NewSliderValue(hDialog, IDC_SLIDER_LIFETIME);
+
+		forwardable = proxiable =
+                    IsDlgButtonChecked(hDialog, IDC_CHECK_FORWARDABLE);
+		noaddresses = IsDlgButtonChecked(hDialog, IDC_CHECK_NOADDRESS);
+		if (IsDlgButtonChecked(hDialog, IDC_CHECK_RENEWABLE)) {
+		    renew_till = NewSliderValue(hDialog, IDC_SLIDER_RENEWLIFE);
+		} else {
+		    renew_till= 0;
+		}
+
+		lsh_errno = Leash_int_kinit_ex( 0,
+						hDialog,
+						principal, password, lifetime,
+						forwardable,
+						proxiable,
+						renew_till,
+						noaddresses,
+						publicip,
+						1
+						);
+		if (lsh_errno != 0)
+		{
+#ifdef COMMENT
+		    char gbuf[256];
+		    int capslock;
+		    char *cp;
+#endif
+		    err_context = "";
+		    switch(lsh_errno)
+		    {
+		    case LSH_INVPRINCIPAL:
+		    case LSH_INVINSTANCE:
+                        CSendDlgItemMessage(hDialog, IDC_EDIT_PRINCIPAL, EM_SETSEL, 0, 256);
+                        SetFocus(GetDlgItem(hDialog,IDC_EDIT_PRINCIPAL));
+                        break;
+		    case LSH_INVREALM:
+                        CSendDlgItemMessage(hDialog, IDC_COMBO_REALM, EM_SETSEL, 0, 256);
+                        SetFocus(GetDlgItem(hDialog,IDC_COMBO_REALM));
+			break;
+                    default:
+                        CSendDlgItemMessage(hDialog, IDC_EDIT_PASSWORD, EM_SETSEL, 0, 256);
+                        SetFocus(GetDlgItem(hDialog,IDC_EDIT_PASSWORD));
+			return(TRUE);
+		    }
+#ifdef COMMENT
+		    capslock = lsh_getkeystate(VK_CAPITAL);
+		    /* low-order bit means caps lock is
+		    toggled; if so, warn user since there's
+		    been an error. */
+		    if (capslock & 1)
+		    {
+			lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
+			cp = gbuf + lstrlen((LPSTR)gbuf);
+			if (cp != gbuf)
+			    *cp++ = ' ';
+			lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
+			err_context = gbuf;
+		    }
+
+		    // XXX DoNiftyErrorReport(lsh_errno, ISCHPASSWD ? ""
+		    // XXX : "Ticket initialization failed.");
+#endif /* COMMENT */
+		    return TRUE;
+		}
+
+                if ( Leash_get_default_preserve_kinit_settings() )
+                {
+                    Leash_set_default_lifetime(lifetime);
+                    if ( renew_till > 0 ) {
+                        Leash_set_default_renew_till(renew_till);
+                        Leash_set_default_renewable(1);
+                    } else {
+                        Leash_set_default_renewable(0);
+                    }
+                    Leash_set_default_forwardable(forwardable);
+                    Leash_set_default_noaddresses(noaddresses);
+                }
+/* @TODO: out username/realm
+                if ( lpdi->size >= LSH_DLGINFO_EX_V2_SZ ) {
+                    strncpy(lpdi->out.username, username, LEASH_USERNAME_SZ);
+                    lpdi->out.username[LEASH_USERNAME_SZ-1] = 0;
+                    strncpy(lpdi->out.realm, realm, LEASH_REALM_SZ);
+                    lpdi->out.realm[LEASH_REALM_SZ-1] = 0;
+                }
+*/
+                if (IsDlgButtonChecked(hDialog, IDC_CHECK_REMEMBER_PRINCIPAL))
+                    Leash_pec_add_principal(principal);
+
+                CloseMe(TRUE); /* success */
+                return FALSE;
+	    }
+	    break;
+        case IDCANCEL:
+            CloseMe(FALSE);
+            break;
+        }
+        break;
+
+    case WM_MOVE:
+#ifdef _WIN32
+#define LONG2POINT(l,pt) ((pt).x=(SHORT)LOWORD(l),  \
+			 (pt).y=(SHORT)HIWORD(l))
+    LONG2POINT(lParam,Position);
+#else
+	Position = MAKEPOINT(lParam);
+#endif
+        break;
+    }
+    return FALSE;
+}
+
+/* Callback function for the Change Password Dialog box */
+
+INT_PTR
+CALLBACK
+NewPasswordProc(
+    HWND hDialog,
+    UINT message,
+    WPARAM wParam,
+    LPARAM lParam
+    )
+{
+    static POINT Position = { -1, -1 };
+    static char password[256]="";
+    static char password2[256]="";
+    static char password3[256]="";
+    static LPLSH_DLGINFO_EX lpdi;
+    static HWND hDlg=0;
+    static void *pAutoComplete = NULL;
+    char principal[256];
+    long realm_count = 0;
+    HWND hEditCtrl = NULL;
+
+    switch (message) {
+
+    case WM_INITDIALOG:
+	hDlg = hDialog;
+
+        *( (LPLSH_DLGINFO_EX far *)(&lpdi) ) = (LPLSH_DLGINFO_EX)(LPSTR)lParam;
+
+	if ((lpdi->size < LSH_DLGINFO_EX_V3_SZ &&
+	      lpdi->size != LSH_DLGINFO_EX_V1_SZ &&
+	      lpdi->size != LSH_DLGINFO_EX_V2_SZ) ||
+	     lpdi->dlgtype != DLGTYPE_CHPASSWD) {
+
+	    MessageBox(hDialog, "An incorrect initialization data structure was provided.",
+			"PasswordProc()",
+			MB_OK | MB_ICONSTOP);
+	    return FALSE;
+	}
+
+        if ( lpdi->size >= LSH_DLGINFO_EX_V2_SZ ) {
+            lpdi->out.username[0] = 0;
+            lpdi->out.realm[0] = 0;
+        }
+        if ( lpdi->size >= LSH_DLGINFO_EX_V3_SZ ) {
+            lpdi->out.ccache[0] = 0;
+        }
+
+        if ( lpdi->size >= LSH_DLGINFO_EX_V3_SZ )
+	    SetWindowText(hDialog, lpdi->in.title);
+	else
+	    SetWindowText(hDialog, lpdi->title);
+
+        SetProp(hDialog, "HANDLES_HELP", (HANDLE)1);
+
+        if (lpdi->username != NULL && (strlen(lpdi->username) > 0) &&
+            lpdi->realm != NULL && (strlen(lpdi->realm) > 0)) {
+            sprintf_s(principal,
+                      sizeof(principal), "%s@%s", lpdi->username, lpdi->realm);
+        } else {
+            principal[0] = 0;
+        }
+
+        CSetDlgItemText(hDialog, IDC_EDIT_PRINCIPAL, principal);
+        CSetDlgItemText(hDialog, IDC_EDIT_PASSWORD, "");
+        CSetDlgItemText(hDialog, IDC_EDIT_PASSWORD2, "");
+        CSetDlgItemText(hDialog, IDC_EDIT_PASSWORD3, "");
+
+        hEditCtrl = GetDlgItem(hDialog, IDC_EDIT_PRINCIPAL);
+        if (hEditCtrl)
+            pAutoComplete = Leash_pec_create(hEditCtrl);
+
+        /* setup text of stuff. */
+
+        if (Position.x > 0 && Position.y > 0 &&
+            Position.x < GetSystemMetrics(SM_CXSCREEN) &&
+            Position.y < GetSystemMetrics(SM_CYSCREEN))
+            SetWindowPos(hDialog, 0, Position.x, Position.y, 0, 0,
+                         SWP_NOSIZE | SWP_NOZORDER);
+        else { /* Center the window on the desktop */
+            RECT dlgRect;
+            GetWindowRect( hDialog, &dlgRect );
+            SetWindowPos(hDialog, 0,
+                         (GetSystemMetrics(SM_CXSCREEN) - dlgRect.right + dlgRect.left)/2,
+                         (GetSystemMetrics(SM_CYSCREEN) - dlgRect.bottom + dlgRect.top)/2,
+                         0, 0,
+                         SWP_NOSIZE | SWP_NOZORDER);
+        }
+        /* set window pos to last saved window pos */
+        break;
+
+    case WM_COMMAND:
+        switch (wParam) {
+        case ID_HELP:
+	    {
+		WinHelp(GetWindow(hDialog,GW_OWNER), KRB_HelpFile, HELP_CONTEXT,
+			 ID_INITTICKETS);
+	    }
+	    break;
+        case ID_CLOSEME:
+	    {
+		CleanupSliders();
+		memset(password,0,sizeof(password));
+		memset(password2,0,sizeof(password2));
+		memset(password3,0,sizeof(password3));
+		RemoveProp(hDialog, "HANDLES_HELP");
+		EndDialog(hDialog, (int)lParam);
+                if (pAutoComplete != NULL) {
+                    Leash_pec_destroy(pAutoComplete);
+                    pAutoComplete = NULL;
+                }
+                return TRUE;
+	    }
+	    break;
+        case IDOK:
+	    {
+		DWORD value = 0;
+		int i = 0;
+                int bit8 = 0;
+
+		CGetDlgItemText(hDialog, IDC_EDIT_PRINCIPAL, principal, sizeof(principal));
+		CGetDlgItemText(hDialog, IDC_EDIT_PASSWORD, password, sizeof(password));
+		CGetDlgItemText(hDialog, IDC_EDIT_PASSWORD2, password2, sizeof(password2));
+		CGetDlgItemText(hDialog, IDC_EDIT_PASSWORD3, password3, sizeof(password3));
+
+		if (!principal[0])
+		{
+		    MessageBox(hDialog, "You are not allowed to enter a "
+				"blank username.",
+				"Invalid Principal",
+				MB_OK | MB_ICONSTOP);
+		    return TRUE;
+		}
+
+		if (!password[0] || !password2[0] || !password3[0])
+		{
+		    MessageBox(hDialog, "You are not allowed to enter a "
+				"blank password.",
+				"Invalid Password",
+				MB_OK | MB_ICONSTOP);
+		    return TRUE;
+		}
+
+		for( i = 0; i < 255; i++ ){
+                    if( password2[i] == '\0' ){
+                        if ( bit8 ) {
+                            MessageBox(hDialog,
+                                        "Passwords should not contain non-ASCII characters.",
+                                        "Internationalization Warning",
+                                        MB_OK | MB_ICONINFORMATION);
+                        }
+                        i = 255;
+                        break;
+                    } else if( !isprint(password2[i]) ){
+                        memset(password2, '\0', sizeof(password2));
+                        memset(password3, '\0', sizeof(password3));
+                        /* I claim these passwords in the name of planet '\0'... */
+                        MessageBox(hDialog,
+                                   "Passwords may not contain non-printable characters.",
+                                    "Invalid Password",
+                                    MB_OK | MB_ICONSTOP);
+                        return TRUE;
+                    } else if ( password2[i] > 127 )
+                        bit8 = 1;
+		}
+
+		if (lstrcmp(password2, password3))
+		{
+                    MessageBox(hDialog,
+                                "The new password was not entered the same way twice.",
+                                "Password validation error",
+                                MB_OK | MB_ICONSTOP);
+                    return TRUE;
+		}
+
+                lsh_errno = Leash_int_changepwd(principal, password, password2, 0, 1);
+		if (lsh_errno != 0)
+		{
+#ifdef COMMENT
+		    char gbuf[256];
+		    int capslock;
+		    char *cp;
+#endif /* COMMENT */
+
+		    err_context = "";
+		    switch(lsh_errno)
+		    {
+		    case LSH_INVPRINCIPAL:
+		    case LSH_INVINSTANCE:
+		    case LSH_INVREALM:
+			break;
+		    default:
+			return(TRUE);
+		    }
+#ifdef COMMENT
+		    capslock = lsh_getkeystate(VK_CAPITAL);
+		    /* low-order bit means caps lock is
+		    toggled; if so, warn user since there's
+		    been an error. */
+		    if (capslock & 1)
+		    {
+			lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
+			cp = gbuf + lstrlen((LPSTR)gbuf);
+			if (cp != gbuf)
+			    *cp++ = ' ';
+			lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
+			err_context = gbuf;
+		    }
+
+		    // XXX   DoNiftyErrorReport(lsh_errno, ISCHPASSWD ? ""
+		    // XXX   : "Ticket initialization failed.");
+#endif /* COMMENT */
+                    return TRUE;
+		}
+                Leash_pec_add_principal(principal);
+                MessageBox(NULL, "Password successfully changed.",
+                           "Password change", MB_OK);
+                CloseMe(TRUE); /* success */
+	    }
+	    break;
+        case IDCANCEL:
+            CloseMe(FALSE);
+            break;
+        }
+        break;
+
+    case WM_MOVE:
+#ifdef _WIN32
+#define LONG2POINT(l,pt) ((pt).x=(SHORT)LOWORD(l),  \
+		   (pt).y=(SHORT)HIWORD(l))
+    LONG2POINT(lParam,Position);
+#else
+	Position = MAKEPOINT(lParam);
+#endif
+        break;
+    }
+    return FALSE;
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/lsh_pwd.rc b/krb5-1.21.3/src/windows/leashdll/lsh_pwd.rc
new file mode 100644
index 00000000..5fdf346a
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/lsh_pwd.rc
@@ -0,0 +1,249 @@
+//Microsoft Developer Studio generated resource script.
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#define APSTUDIO_HIDDEN_SYMBOLS
+#include "windows.h"
+#undef APSTUDIO_HIDDEN_SYMBOLS
+#include "leashids.h"
+#include "winver.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// English (U.S.) resources
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+#ifdef _WIN32
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+#pragma code_page(1252)
+#endif //_WIN32
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Bitmap
+//
+
+LOGOBITMAP              BITMAP  DISCARDABLE     "res\\islogo.bmp"
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+LEASHICON               ICON    DISCARDABLE     "res\\leash.ico"
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Dialog
+//
+
+ENTERPASSWORDDLG DIALOG DISCARDABLE  23, 48, 262, 108
+STYLE DS_MODALFRAME | WS_POPUP | WS_CLIPCHILDREN | WS_CAPTION | WS_SYSMENU
+CAPTION "Enter Password"
+FONT 10, "System"
+BEGIN
+    EDITTEXT        ID_PRINCIPAL,6,17,96,12,ES_AUTOHSCROLL
+    LTEXT           "Enter your username:",ID_PRINCCAPTION,6,7,140,8
+    DEFPUSHBUTTON   "OK",IDOK,110,42,32,14
+    EDITTEXT        ID_OLDPASSWORD,6,43,96,12,ES_PASSWORD | ES_AUTOHSCROLL
+    LTEXT           "Enter your password:",ID_OLDPCAPTION,6,33,91,8
+    EDITTEXT        ID_DURATION,40,59,20,12
+    LTEXT           "Duration:",-1,6,61,30,8
+    LTEXT           "minutes",-1,62,61,64,8
+    ICON            "LeashIcon",-1,6,78,18,20
+    PUSHBUTTON      "&Cancel",IDCANCEL,30,78,32,14
+    PUSHBUTTON      "&Restart",ID_RESTART,70,78,32,14
+    PUSHBUTTON      "&Help",ID_HELP,110,78,32,14
+    CONTROL         "",ID_PICFRAME,"Static",SS_BLACKFRAME,153,4,100,100
+END
+
+CHANGEPASSWORDDLG DIALOG DISCARDABLE  27, 41, 270, 155
+STYLE DS_MODALFRAME | WS_POPUP | WS_CLIPCHILDREN | WS_CAPTION | WS_SYSMENU
+CAPTION "Change Password"
+FONT 8, "System"
+BEGIN
+    EDITTEXT        ID_PRINCIPAL,6,35,96,12,ES_AUTOHSCROLL
+    DEFPUSHBUTTON   "OK",IDOK,110,60,32,14
+    EDITTEXT        ID_OLDPASSWORD,6,61,96,12,ES_PASSWORD | ES_AUTOHSCROLL
+    EDITTEXT        ID_CONFIRMPASSWORD1,6,87,96,12,ES_PASSWORD |
+                    ES_AUTOHSCROLL
+    EDITTEXT        ID_CONFIRMPASSWORD2,6,113,96,12,ES_PASSWORD |
+                    ES_AUTOHSCROLL
+    LTEXT           "Enter your username:",ID_PRINCCAPTION,6,25,140,8
+    LTEXT           "Enter your old password:",ID_OLDPCAPTION,6,51,91,8
+    LTEXT           "Enter your new password:",ID_CONFIRMCAPTION1,6,77,96,8
+    LTEXT           "Retype your new password:",ID_CONFIRMCAPTION2,6,103,100,
+                    8
+    ICON            "LeashIcon",-1,6,134,18,20
+    PUSHBUTTON      "&Cancel",IDCANCEL,30,134,32,14
+    PUSHBUTTON      "&Restart",ID_RESTART,70,134,32,14
+    PUSHBUTTON      "&Help",ID_HELP,110,134,32,14
+    LTEXT           "To change your password, fill in the following fields as they appear.",
+                    -1,6,3,140,21
+    CONTROL         "",ID_PICFRAME,"Static",SS_BLACKFRAME,157,27,100,100
+END
+
+IDD_AUTHENTICATE DIALOGEX 0, 0, 370, 248
+STYLE DS_MODALFRAME | DS_3DLOOK | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Authenticate to Kerberos"
+FONT 8, "Microsoft Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT_PRINCIPAL,89,42,199,14,ES_AUTOHSCROLL
+    EDITTEXT        IDC_EDIT_PASSWORD,89,58,259,14,ES_PASSWORD |
+                    ES_AUTOHSCROLL
+    DEFPUSHBUTTON   "OK",IDOK,302,219,49,14
+    PUSHBUTTON      "Cancel",IDCANCEL,249,219,49,14
+    PUSHBUTTON      "Hide Advanced",IDC_BUTTON_OPTIONS,146,219,89,14
+    PUSHBUTTON      "Clear History",IDC_BUTTON_CLEAR_HISTORY,288,42,60,14
+    CONTROL         "Remember this principal", IDC_CHECK_REMEMBER_PRINCIPAL,
+                    "Button", BS_AUTOCHECKBOX | WS_TABSTOP,89,72,100,14
+    CONTROL         "Ticket Lifetime",IDC_SLIDER_LIFETIME,"msctls_trackbar32",
+                    TBS_BOTH | TBS_NOTICKS | WS_TABSTOP,90,97,258,15
+    CONTROL         "Forwardable and Proxiable (can be forwarded to other machines)",
+                    IDC_CHECK_FORWARDABLE,"Button",BS_AUTOCHECKBOX |
+                    WS_TABSTOP,89,123,253,10
+    CONTROL         "Renewable (can be renewed during the renewable lifetime)",
+                    IDC_CHECK_RENEWABLE,"Button",BS_AUTOCHECKBOX |
+                    WS_TABSTOP,89,135,253,10
+    CONTROL         "Slider2",IDC_SLIDER_RENEWLIFE,"msctls_trackbar32",
+                    TBS_BOTH | TBS_NOTICKS | WS_TABSTOP,90,178,258,15
+    RTEXT           "Principal:",IDC_STATIC_NAME,13,44,74,8
+    RTEXT           "Password:",IDC_STATIC_PWD,13,60,74,8
+    RTEXT           "Ticket Lifetime:",IDC_STATIC_LIFETIME,23,87,65,8,0,
+                    WS_EX_RIGHT
+    LTEXT           "Flag this ticket as:",IDC_STATIC_KRB5,32,123,56,8
+    LTEXT           "HMS",IDC_STATIC_LIFETIME_VALUE,90,87,131,8
+    LTEXT           "HMS",IDC_STATIC_RENEW_TILL_VALUE,90,164,141,8
+    ICON            LEASHICON,IDC_PICTURE_LEASH,21,15,20,20
+    LTEXT           "Please Authenticate",
+                    IDC_STATIC_NOTICE,51,23,276,8
+    RTEXT           "Renewable Lifetime:",IDC_STATIC_RENEW,10,164,79,8
+END
+
+IDD_PASSWORD DIALOG DISCARDABLE  0, 0, 382, 150
+STYLE DS_MODALFRAME | DS_3DLOOK | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Change Password"
+FONT 8, "Microsoft Sans Serif"
+BEGIN
+    EDITTEXT        IDC_EDIT_PRINCIPAL,99,40,259,14,ES_AUTOHSCROLL
+    EDITTEXT        IDC_EDIT_PASSWORD,99,60,259,14,ES_PASSWORD |
+                    ES_AUTOHSCROLL
+    EDITTEXT        IDC_EDIT_PASSWORD2,99,85,259,14,ES_PASSWORD |
+                    ES_AUTOHSCROLL
+    EDITTEXT        IDC_EDIT_PASSWORD3,99,105,259,14,ES_PASSWORD |
+                    ES_AUTOHSCROLL
+    DEFPUSHBUTTON   "OK",IDOK,313,125,49,14
+    PUSHBUTTON      "Cancel",IDCANCEL,256,125,49,14
+    RTEXT           "Principal:",IDC_STATIC_NAME,22,43,74,12
+    RTEXT           "Old Password:",IDC_STATIC_PWD,22,63,74,12
+    ICON            LEASHICON,IDC_PICTURE_LEASH,15,15,20,20
+    LTEXT           "Change your Kerberos password or phrase",
+                    IDC_STATIC_NOTICE,48,20,276,8
+    RTEXT           "New Password:",IDC_STATIC_PWD2,22,88,74,12
+    RTEXT           "New Password (again):",IDC_STATIC_PWD3,22,108,74,12
+END
+
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE DISCARDABLE
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE DISCARDABLE
+BEGIN
+    "#define APSTUDIO_HIDDEN_SYMBOLS\r\n"
+    "#include ""windows.h""\r\n"
+    "#undef APSTUDIO_HIDDEN_SYMBOLS\r\n"
+    "#include ""leashids.h""\r\n"
+    "#include ""ver.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE DISCARDABLE
+BEGIN
+    "\r\n"
+    "#include ""..\\version.rc""\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// DESIGNINFO
+//
+
+#ifdef APSTUDIO_INVOKED
+GUIDELINES DESIGNINFO DISCARDABLE
+BEGIN
+    IDD_PASSWORD, DIALOG
+    BEGIN
+        LEFTMARGIN, 7
+        RIGHTMARGIN, 375
+        TOPMARGIN, 7
+        BOTTOMMARGIN, 191
+    END
+END
+#endif    // APSTUDIO_INVOKED
+
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// String Table
+//
+
+STRINGTABLE DISCARDABLE
+BEGIN
+    LSH_TIME_HOST           "time"
+    LSH_DEFAULT_TICKET_LIFE "600"
+    LSH_DEFAULT_TICKET_RENEW_TILL "10080"
+    LSH_DEFAULT_TICKET_FORWARD "1"
+    LSH_DEFAULT_TICKET_NOADDRESS "1"
+    LSH_DEFAULT_TICKET_PROXIABLE "0"
+    LSH_DEFAULT_TICKET_PUBLICIP "0"
+    LSH_DEFAULT_DIALOG_KINIT_OPT "1"
+    LSH_DEFAULT_DIALOG_LIFE_MIN "30"
+    LSH_DEFAULT_DIALOG_LIFE_MAX "1440"
+    LSH_DEFAULT_DIALOG_RENEW_MIN "600"
+    LSH_DEFAULT_DIALOG_RENEW_MAX "43200"
+    LSH_DEFAULT_TICKET_RENEW "1"
+    LSH_DEFAULT_UPPERCASEREALM "1"
+    LSH_DEFAULT_PRESERVE_KINIT "0"
+END
+
+STRINGTABLE DISCARDABLE
+BEGIN
+    LSH_DEFAULT_DIALOG_LOCK_LOCATION "0"
+END
+
+#endif    // English (U.S.) resources
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 3 resource.
+//
+
+#include "..\version.rc"
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // not APSTUDIO_INVOKED
diff --git a/krb5-1.21.3/src/windows/leashdll/lshfunc.c b/krb5-1.21.3/src/windows/leashdll/lshfunc.c
new file mode 100644
index 00000000..14cb361d
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/lshfunc.c
@@ -0,0 +1,2684 @@
+#include <windows.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <winsock2.h>
+#include "leashdll.h"
+#include <time.h>
+
+#include <leashwin.h>
+#include "leasherr.h"
+#include "leash-int.h"
+#include "leashids.h"
+
+#include "reminder.h"
+
+static char FAR *err_context;
+
+char KRB_HelpFile[_MAX_PATH] =	HELPFILE;
+
+#define LEN     64                /* Maximum Hostname Length */
+
+#define LIFE    DEFAULT_TKT_LIFE  /* lifetime of ticket in 5-minute units */
+
+static
+char*
+clean_string(
+    char* s
+    )
+{
+    char* p = s;
+    char* b = s;
+
+    if (!s) return s;
+
+    for (p = s; *p; p++) {
+        switch (*p) {
+        case '\007':
+            /* Add more cases here */
+            break;
+        default:
+            *b = *p;
+            b++;
+        }
+    }
+    *b = *p;
+    return s;
+}
+
+static
+int
+leash_error_message(
+    const char *error,
+    int rcL,
+    int rc5,
+    int rcA,
+    char* result_string,
+    int  displayMB
+    )
+{
+    char message[2048];
+    char *p = message;
+    int size = sizeof(message) - 1; /* -1 to leave room for NULL terminator */
+    int n;
+
+    if (!rc5 && !rcL)
+        return 0;
+
+    n = _snprintf(p, size, "%s\n\n", error);
+    p += n;
+    size -= n;
+
+    if (rc5 && !result_string)
+    {
+        n = _snprintf(p, size,
+                      "Kerberos 5: %s (error %ld)\n",
+                      perror_message(rc5),
+                      rc5
+            );
+        p += n;
+        size -= n;
+    }
+    if (rcL)
+    {
+        char buffer[1024];
+        n = _snprintf(p, size,
+                      "\n%s\n",
+                      err_describe(buffer, rcL)
+            );
+        p += n;
+        size -= n;
+    }
+    if (result_string)
+    {
+        n = _snprintf(p, size,
+                      "%s\n",
+                      result_string);
+        p += n;
+        size -= n;
+    }
+#ifdef USE_MESSAGE_BOX
+    *p = 0; /* ensure NULL termination of message */
+    if ( displayMB )
+        MessageBox(NULL, message, "MIT Kerberos",
+                   MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND);
+#endif /* USE_MESSAGE_BOX */
+    if (rc5) return rc5;
+    if (rcL) return rcL;
+    return 0;
+}
+
+
+static
+char *
+make_postfix(
+    const char * base,
+    const char * postfix,
+    char ** rcopy
+    )
+{
+    int base_size;
+    int ret_size;
+    char * copy = 0;
+    char * ret = 0;
+
+    base_size = strlen(base) + 1;
+    ret_size = base_size + strlen(postfix) + 1;
+    copy = malloc(base_size);
+    ret = malloc(ret_size);
+
+    if (!copy || !ret)
+        goto cleanup;
+
+    strncpy(copy, base, base_size);
+    copy[base_size - 1] = 0;
+
+    strncpy(ret, base, base_size);
+    strncpy(ret + (base_size - 1), postfix, ret_size - (base_size - 1));
+    ret[ret_size - 1] = 0;
+
+ cleanup:
+    if (!copy || !ret) {
+        if (copy)
+            free(copy);
+        if (ret)
+            free(ret);
+        copy = ret = 0;
+    }
+    // INVARIANT: (ret ==> copy) && (copy ==> ret)
+    *rcopy = copy;
+    return ret;
+}
+
+static
+long
+make_temp_cache_v5(
+    const char * postfix,
+    krb5_context * pctx
+    )
+{
+    static krb5_context ctx = 0;
+    static char * old_cache = 0;
+
+    // INVARIANT: old_cache ==> ctx && ctx ==> old_cache
+
+    if (pctx)
+        *pctx = 0;
+
+    if (!pkrb5_init_context || !pkrb5_free_context || !pkrb5_cc_resolve ||
+        !pkrb5_cc_default_name || !pkrb5_cc_set_default_name)
+        return 0;
+
+    if (old_cache) {
+        krb5_ccache cc = 0;
+        if (!pkrb5_cc_resolve(ctx, pkrb5_cc_default_name(ctx), &cc))
+            pkrb5_cc_destroy(ctx, cc);
+        pkrb5_cc_set_default_name(ctx, old_cache);
+        free(old_cache);
+        old_cache = 0;
+    }
+    if (ctx) {
+        pkrb5_free_context(ctx);
+        ctx = 0;
+    }
+
+    if (postfix)
+    {
+        char * tmp_cache = 0;
+        krb5_error_code rc = 0;
+
+        rc = pkrb5_init_context(&ctx);
+        if (rc) goto cleanup;
+
+        tmp_cache = make_postfix(pkrb5_cc_default_name(ctx), postfix,
+                                 &old_cache);
+
+        if (!tmp_cache) {
+            rc = ENOMEM;
+            goto cleanup;
+        }
+
+        rc = pkrb5_cc_set_default_name(ctx, tmp_cache);
+
+    cleanup:
+        if (rc && ctx) {
+            pkrb5_free_context(ctx);
+            ctx = 0;
+        }
+        if (tmp_cache)
+            free(tmp_cache);
+        if (pctx)
+            *pctx = ctx;
+        return rc;
+    }
+    return 0;
+}
+
+long
+Leash_checkpwd(
+    char *principal,
+    char *password
+    )
+{
+    return Leash_int_checkpwd(principal, password, 0);
+}
+
+long
+Leash_int_checkpwd(
+    char * principal,
+    char * password,
+    int    displayErrors
+    )
+{
+    long rc = 0;
+	krb5_context ctx = 0;	// statically allocated in make_temp_cache_v5
+    // XXX - we ignore errors in make_temp_cache_v?  This is BAD!!!
+    make_temp_cache_v5("_checkpwd", &ctx);
+    rc = Leash_int_kinit_ex( ctx, 0,
+							 principal, password, 0, 0, 0, 0,
+							 Leash_get_default_noaddresses(),
+							 Leash_get_default_publicip(),
+                             displayErrors
+							 );
+    make_temp_cache_v5(0, &ctx);
+    return rc;
+}
+
+static
+long
+Leash_changepwd_v5(
+    char * principal,
+    char * password,
+    char * newpassword,
+    char** error_str
+    )
+{
+    krb5_error_code rc = 0;
+    int result_code;
+    krb5_data result_code_string, result_string;
+    krb5_context context = 0;
+    krb5_principal princ = 0;
+    krb5_get_init_creds_opt opts;
+    krb5_creds creds;
+    DWORD addressless = 0;
+
+    result_string.data = 0;
+    result_code_string.data = 0;
+
+    if ( !pkrb5_init_context )
+        goto cleanup;
+
+   if (rc = pkrb5_init_context(&context))
+       goto cleanup;
+
+   if (rc = pkrb5_parse_name(context, principal, &princ))
+       goto cleanup;
+
+   pkrb5_get_init_creds_opt_init(&opts);
+   pkrb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
+   pkrb5_get_init_creds_opt_set_renew_life(&opts, 0);
+   pkrb5_get_init_creds_opt_set_forwardable(&opts, 0);
+   pkrb5_get_init_creds_opt_set_proxiable(&opts, 0);
+
+   addressless = Leash_get_default_noaddresses();
+   if (addressless)
+       pkrb5_get_init_creds_opt_set_address_list(&opts,NULL);
+
+
+   if (rc = pkrb5_get_init_creds_password(context, &creds, princ, password,
+                                          0, 0, 0, "kadmin/changepw", &opts))
+       goto cleanup;
+
+   if (rc = pkrb5_change_password(context, &creds, newpassword,
+                                  &result_code, &result_code_string,
+                                  &result_string))
+       goto cleanup;
+
+   if (result_code) {
+       int len = result_code_string.length +
+           (result_string.length ? (sizeof(": ") - 1) : 0) +
+           result_string.length;
+       if (len && error_str) {
+           *error_str = malloc(len + 1);
+           if (*error_str)
+               _snprintf(*error_str, len + 1,
+                         "%.*s%s%.*s",
+                         result_code_string.length, result_code_string.data,
+                         result_string.length?": ":"",
+                         result_string.length, result_string.data);
+       }
+      rc = result_code;
+      goto cleanup;
+   }
+
+ cleanup:
+   if (result_string.data)
+       pkrb5_free_data_contents(context, &result_string);
+
+   if (result_code_string.data)
+       pkrb5_free_data_contents(context, &result_code_string);
+
+   if (princ)
+       pkrb5_free_principal(context, princ);
+
+   if (context)
+       pkrb5_free_context(context);
+
+   return rc;
+}
+
+/*
+ * Leash_changepwd
+ *
+ * Try to change the password using krb5.
+ */
+long
+Leash_changepwd(
+    char * principal,
+    char * password,
+    char * newpassword,
+    char** result_string
+    )
+{
+    return Leash_int_changepwd(principal, password, newpassword, result_string, 0);
+}
+
+long
+Leash_int_changepwd(
+    char * principal,
+    char * password,
+    char * newpassword,
+    char** result_string,
+    int    displayErrors
+    )
+{
+    char* v5_error_str = 0;
+    char* error_str = 0;
+    int rc5 = 0;
+    int rc = 0;
+    if (hKrb5)
+        rc = rc5 = Leash_changepwd_v5(principal, password, newpassword,
+                                      &v5_error_str);
+    if (!rc)
+        return 0;
+    if (v5_error_str) {
+        int len = 0;
+        char v5_prefix[] = "Kerberos 5: ";
+        char sep[] = "\n";
+
+        clean_string(v5_error_str);
+
+        if (v5_error_str)
+            len += sizeof(sep) + sizeof(v5_prefix) + strlen(v5_error_str) +
+                sizeof(sep);
+        error_str = malloc(len + 1);
+        if (error_str) {
+            char* p = error_str;
+            int size = len + 1;
+            int n;
+            if (v5_error_str) {
+                n = _snprintf(p, size, "%s%s%s%s",
+                              sep, v5_prefix, v5_error_str, sep);
+                p += n;
+                size -= n;
+            }
+            if (result_string)
+                *result_string = error_str;
+        }
+    }
+    return leash_error_message("Error while changing password.",
+                               0, rc5, 0, error_str,
+                               displayErrors
+                               );
+}
+
+int (*Lcom_err)(LPSTR,long,LPSTR,...);
+LPSTR (*Lerror_message)(long);
+LPSTR (*Lerror_table_name)(long);
+
+
+long
+Leash_kinit(
+    char * principal,
+    char * password,
+    int lifetime
+    )
+{
+    return Leash_int_kinit_ex( 0, 0,
+                               principal,
+                               password,
+                               lifetime,
+                               Leash_get_default_forwardable(),
+                               Leash_get_default_proxiable(),
+                               Leash_get_default_renew_till(),
+                               Leash_get_default_noaddresses(),
+                               Leash_get_default_publicip(),
+                               0
+                               );
+}
+
+long
+Leash_kinit_ex(
+    char * principal,
+    char * password,
+    int lifetime,
+    int forwardable,
+    int proxiable,
+    int renew_life,
+    int addressless,
+    unsigned long publicip
+    )
+{
+    return Leash_int_kinit_ex( 0, /* krb5 context */
+			       0, /* parent window */
+                               principal,
+                               password,
+                               lifetime,
+			       forwardable,
+			       proxiable,
+			       renew_life,
+			       addressless,
+			       publicip,
+                               0
+			       );
+}
+
+long
+Leash_int_kinit_ex(
+    krb5_context ctx,
+    HWND hParent,
+    char * principal,
+    char * password,
+    int lifetime,
+    int forwardable,
+    int proxiable,
+    int renew_life,
+    int addressless,
+    unsigned long publicip,
+    int displayErrors
+    )
+{
+    char    aname[ANAME_SZ];
+    char    inst[INST_SZ];
+    char    realm[REALM_SZ];
+    char    first_part[256];
+    char    second_part[256];
+    char    temp[1024];
+    char*   custom_msg;
+    int     count;
+    int     i;
+    int rc5 = 0;
+    int rcA = 0;
+    int rcB = 0;
+    int rcL = 0;
+
+    if (lifetime < 5)
+        lifetime = 1;
+    else
+        lifetime /= 5;
+
+    if (renew_life > 0 && renew_life < 5)
+	renew_life = 1;
+    else
+	renew_life /= 5;
+
+    /* This should be changed if the maximum ticket lifetime */
+    /* changes */
+
+    if (lifetime > 255)
+        lifetime = 255;
+
+    err_context = "parsing principal";
+
+    memset(temp, '\0', sizeof(temp));
+    memset(inst, '\0', sizeof(inst));
+    memset(realm, '\0', sizeof(realm));
+    memset(first_part, '\0', sizeof(first_part));
+    memset(second_part, '\0', sizeof(second_part));
+
+    sscanf(principal, "%[/0-9a-zA-Z._-]@%[/0-9a-zA-Z._-]", first_part, second_part);
+    strcpy(temp, first_part);
+    strcpy(realm, second_part);
+    memset(first_part, '\0', sizeof(first_part));
+    memset(second_part, '\0', sizeof(second_part));
+    if (sscanf(temp, "%[@0-9a-zA-Z._-]/%[@0-9a-zA-Z._-]", first_part, second_part) == 2)
+    {
+        strcpy(aname, first_part);
+        strcpy(inst, second_part);
+    }
+    else
+    {
+        count = 0;
+        i = 0;
+        for (i = 0; temp[i]; i++)
+        {
+            if (temp[i] == '.')
+                ++count;
+        }
+        if (count > 1)
+        {
+            strcpy(aname, temp);
+        }
+        else
+        {
+            {
+                strcpy(aname, temp);
+            }
+        }
+    }
+
+    memset(temp, '\0', sizeof(temp));
+    strcpy(temp, aname);
+    if (strlen(inst) != 0)
+    {
+        strcat(temp, "/");
+        strcat(temp, inst);
+    }
+    if (strlen(realm) != 0)
+    {
+        strcat(temp, "@");
+        strcat(temp, realm);
+    }
+
+    rc5 = Leash_krb5_kinit(ctx, hParent,
+                            temp, password, lifetime,
+                            forwardable,
+                            proxiable,
+                            renew_life,
+                            addressless,
+                            publicip
+                            );
+    custom_msg = (rc5 == KRB5KRB_AP_ERR_BAD_INTEGRITY) ? "Password incorrect" : NULL;
+    return leash_error_message("Ticket initialization failed.",
+                               rcL, rc5, rcA, custom_msg,
+                               displayErrors);
+}
+
+long FAR
+Leash_renew(void)
+{
+    if ( hKrb5 && !LeashKRB5_renew() ) {
+        int lifetime;
+        lifetime = Leash_get_default_lifetime() / 5;
+        return 1;
+    }
+    return 0;
+}
+
+BOOL
+GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData)
+{
+    NTSTATUS Status = 0;
+    HANDLE  TokenHandle;
+    TOKEN_STATISTICS Stats;
+    DWORD   ReqLen;
+    BOOL    Success;
+    PSECURITY_LOGON_SESSION_DATA pSessionData;
+
+    if (!ppSessionData)
+        return FALSE;
+    *ppSessionData = NULL;
+
+    Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
+    if ( !Success )
+        return FALSE;
+
+    Success = GetTokenInformation( TokenHandle, TokenStatistics, &Stats, sizeof(TOKEN_STATISTICS), &ReqLen );
+    CloseHandle( TokenHandle );
+    if ( !Success )
+        return FALSE;
+
+    Status = pLsaGetLogonSessionData( &Stats.AuthenticationId, &pSessionData );
+    if ( FAILED(Status) || !pSessionData )
+        return FALSE;
+
+	*ppSessionData = pSessionData;
+    return TRUE;
+}
+
+// IsKerberosLogon() does not validate whether or not there are valid tickets in the
+// cache.  It validates whether or not it is reasonable to assume that if we
+// attempted to retrieve valid tickets we could do so.  Microsoft does not
+// automatically renew expired tickets.  Therefore, the cache could contain
+// expired or invalid tickets.  Microsoft also caches the user's password
+// and will use it to retrieve new TGTs if the cache is empty and tickets
+// are requested.
+
+BOOL
+IsKerberosLogon(VOID)
+{
+    PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
+    BOOL    Success = FALSE;
+
+    if ( GetSecurityLogonSessionData(&pSessionData) ) {
+        if ( pSessionData->AuthenticationPackage.Buffer ) {
+            WCHAR buffer[256];
+            WCHAR *usBuffer;
+            int usLength;
+
+            Success = FALSE;
+            usBuffer = (pSessionData->AuthenticationPackage).Buffer;
+            usLength = (pSessionData->AuthenticationPackage).Length;
+            if (usLength < 256)
+            {
+                lstrcpynW (buffer, usBuffer, usLength);
+                lstrcatW (buffer,L"");
+                if ( !lstrcmpW(L"Kerberos",buffer) )
+                    Success = TRUE;
+            }
+        }
+        pLsaFreeReturnBuffer(pSessionData);
+    }
+    return Success;
+}
+
+static BOOL
+IsWindowsVista (void)
+{
+    static BOOL fChecked = FALSE;
+    static BOOL fIsVista = FALSE;
+
+    if (!fChecked)
+    {
+        OSVERSIONINFO Version;
+
+        memset (&Version, 0x00, sizeof(Version));
+        Version.dwOSVersionInfoSize = sizeof(Version);
+
+        if (GetVersionEx (&Version))
+        {
+            if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 6)
+                fIsVista = TRUE;
+        }
+        fChecked = TRUE;
+    }
+
+    return fIsVista;
+}
+
+static BOOL
+IsProcessUacLimited (void)
+{
+    static BOOL fChecked = FALSE;
+    static BOOL fIsUAC = FALSE;
+
+    if (!fChecked)
+    {
+        NTSTATUS Status = 0;
+        HANDLE  TokenHandle;
+        DWORD   ElevationLevel;
+        DWORD   ReqLen;
+        BOOL    Success;
+
+        if (IsWindowsVista()) {
+            Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
+            if ( Success ) {
+                Success = GetTokenInformation( TokenHandle,
+                                               TokenOrigin+1 /* ElevationLevel */,
+                                               &ElevationLevel, sizeof(DWORD), &ReqLen );
+                CloseHandle( TokenHandle );
+                if ( Success && ElevationLevel == 3 /* Limited */ )
+                    fIsUAC = TRUE;
+            }
+        }
+        fChecked = TRUE;
+    }
+    return fIsUAC;
+
+}
+
+long FAR
+Leash_importable(void)
+{
+    /* Import functionality has been removed. */
+    return FALSE;
+}
+
+long FAR
+Leash_import(void)
+{
+    /* Import functionality has been removed. */
+    return 0;
+}
+
+long
+Leash_kdestroy(void)
+{
+    Leash_krb5_kdestroy();
+
+    return 0;
+}
+
+long FAR Leash_klist(HWND hlist, TICKETINFO FAR *ticketinfo)
+{
+    return(255);
+}
+
+
+// This function can be used to set the help file that will be
+// referenced the DLL's PasswordProcDLL function and err_describe
+// function.  Returns true if the help file has been set to the
+// argument or the environment variable KERB_HELP. Returns FALSE if
+// the default helpfile as defined in by HELPFILE in lsh_pwd.h is
+// used.
+BOOL Leash_set_help_file( char *szHelpFile )
+{
+    char tmpHelpFile[256];
+    BOOL ret = 0;
+
+    if( szHelpFile == NULL ){
+	GetEnvironmentVariable("KERB_HELP", tmpHelpFile, sizeof(tmpHelpFile));
+    } else {
+	strcpy( KRB_HelpFile, szHelpFile );
+	ret++;
+    }
+
+    if( !ret && tmpHelpFile[0] ){
+	strcpy( KRB_HelpFile, tmpHelpFile );
+	ret++;
+    }
+
+    if( !ret){
+	strcpy( KRB_HelpFile, HELPFILE );
+    }
+
+    return(ret);
+}
+
+
+
+LPSTR Leash_get_help_file(void)
+{
+    return( KRB_HelpFile);
+}
+
+int
+Leash_debug(
+    int class,
+    int priority,
+    char* fmt, ...
+    )
+{
+
+    return 0;
+}
+
+
+static int
+get_profile_file(LPSTR confname, UINT szConfname)
+{
+    char **configFile = NULL;
+    if (hKrb5) {
+        if (pkrb5_get_default_config_files(&configFile) || !configFile[0])
+        {
+            GetWindowsDirectory(confname,szConfname);
+            confname[szConfname-1] = '\0';
+            strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
+            confname[szConfname-1] = '\0';
+            return FALSE;
+        }
+
+        *confname = 0;
+
+        if (configFile)
+        {
+            strncpy(confname, *configFile, szConfname);
+            confname[szConfname-1] = '\0';
+            pkrb5_free_config_files(configFile);
+        }
+    }
+
+    if (!*confname)
+    {
+        GetWindowsDirectory(confname,szConfname);
+        confname[szConfname-1] = '\0';
+        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
+        confname[szConfname-1] = '\0';
+    }
+
+    return FALSE;
+}
+
+static const char *const conf_yes[] = {
+    "y", "yes", "true", "t", "1", "on",
+    0,
+};
+
+static const char *const conf_no[] = {
+    "n", "no", "false", "nil", "0", "off",
+    0,
+};
+
+int
+config_boolean_to_int(const char *s)
+{
+    const char *const *p;
+
+    for(p=conf_yes; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 1;
+    }
+
+    for(p=conf_no; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 0;
+    }
+
+    /* Default to "no" */
+    return 0;
+}
+
+/*
+ * Leash_get_default_lifetime:
+ *
+ * This function is used to get the default ticket lifetime for this
+ * process in minutes.  A return value of 0 indicates no setting or
+ * "default" setting obtained.
+ *
+ * Here is where we look in order:
+ *
+ * - LIFETIME environment variable
+ * - HKCU\Software\MIT\Leash,lifetime
+ * - HKLM\Software\MIT\Leash,lifetime
+ * - string resource in the leash DLL
+ */
+
+static BOOL
+get_DWORD_from_registry(
+    HKEY hBaseKey,
+    char * key,
+    char * value,
+    DWORD * result
+    )
+{
+    HKEY hKey;
+    DWORD dwCount;
+    LONG rc;
+
+    rc = RegOpenKeyEx(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey);
+    if (rc)
+        return FALSE;
+
+    dwCount = sizeof(DWORD);
+    rc = RegQueryValueEx(hKey, value, 0, 0, (LPBYTE) result, &dwCount);
+    RegCloseKey(hKey);
+
+    return rc?FALSE:TRUE;
+}
+
+static
+BOOL
+get_default_lifetime_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_LIFETIME,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_lifetime(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LIFETIME);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_lifetime(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LIFETIME, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_lifetime(
+    )
+{
+    HMODULE hmLeash;
+    char env[32];
+    DWORD result;
+
+
+    if (GetEnvironmentVariable("LIFETIME",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+
+    if (get_default_lifetime_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_lifetime_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+	return result;
+    }
+
+    if ( hKrb5 ) {
+        CHAR confname[MAX_PATH];
+
+        if (!get_profile_file(confname, sizeof(confname)))
+        {
+            profile_t profile;
+            const char *filenames[2];
+            long retval;
+
+            filenames[0] = confname;
+            filenames[1] = NULL;
+            if (!pprofile_init(filenames, &profile)) {
+                char * value = NULL;
+
+                retval = pprofile_get_string(profile, "libdefaults", "ticket_lifetime", NULL, NULL, &value);
+                if (retval == 0 && value) {
+                    krb5_deltat d;
+
+		    retval = pkrb5_string_to_deltat(value, &d);
+
+                    if (retval == KRB5_DELTAT_BADFORMAT) {
+                        /* Historically some sites use relations of
+                           the form 'ticket_lifetime = 24000' where
+                           the unit is left out but is assumed to be
+                           seconds. Then there are other sites which
+                           use the form 'ticket_lifetime = 600' where
+                           the unit is assumed to be minutes.  While
+                           these are technically wrong (a unit needs
+                           to be specified), we try to accommodate for
+                           this using the safe assumption that the
+                           unit is seconds and tack an 's' to the end
+                           and see if that works. */
+
+			/* Of course, Leash is one of the platforms
+			   that historically assumed no units and minutes
+			   so this change is going to break some people
+			   but its better to be consistent. */
+                        size_t cch;
+                        char buf[256];
+
+			do {
+			    cch = strlen(value) + 2; /* NUL and new 's' */
+			    if (cch > sizeof(buf))
+				break;
+
+			    strcpy(buf, value);
+			    strcat(buf, "s");
+
+			    retval = pkrb5_string_to_deltat(buf, &d);
+
+			    if (retval == 0) {
+				result = d / 60;
+			    }
+			} while(0);
+                    } else if (retval == 0) {
+                        result = d / 60;
+                    }
+
+                    pprofile_release_string(value);
+                }
+                pprofile_release(profile);
+		/* value has been released but we can still use a check for
+		 * non-NULL to see if we were able to read a value.
+		 */
+		if (retval == 0 && value)
+		    return result;
+            }
+        }
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char lifetime[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_LIFE,
+                       lifetime, sizeof(lifetime)))
+        {
+            lifetime[sizeof(lifetime) - 1] = 0;
+            return atoi(lifetime);
+        }
+    }
+    return 0;
+}
+
+static
+BOOL
+get_default_renew_till_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_RENEW_TILL,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_renew_till(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEW_TILL);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_renew_till(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEW_TILL, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_renew_till(
+    )
+{
+    HMODULE hmLeash;
+    char env[32];
+    DWORD result;
+
+    if(GetEnvironmentVariable("RENEW_TILL",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+    if (get_default_renew_till_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_renew_till_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    if ( hKrb5 ) {
+        CHAR confname[MAX_PATH];
+        if (!get_profile_file(confname, sizeof(confname)))
+        {
+            profile_t profile;
+            const char *filenames[2];
+            int value=0;
+            long retval;
+            filenames[0] = confname;
+            filenames[1] = NULL;
+
+	    if (!pprofile_init(filenames, &profile)) {
+                char * value = NULL;
+
+		retval = pprofile_get_string(profile, "libdefaults", "renew_lifetime", NULL, NULL, &value);
+                if (retval == 0 && value) {
+                    krb5_deltat d;
+
+		    retval = pkrb5_string_to_deltat(value, &d);
+		    if (retval == KRB5_DELTAT_BADFORMAT) {
+                        /* Historically some sites use relations of
+                           the form 'ticket_lifetime = 24000' where
+                           the unit is left out but is assumed to be
+                           seconds. Then there are other sites which
+                           use the form 'ticket_lifetime = 600' where
+                           the unit is assumed to be minutes.  While
+                           these are technically wrong (a unit needs
+                           to be specified), we try to accommodate for
+                           this using the safe assumption that the
+                           unit is seconds and tack an 's' to the end
+                           and see if that works. */
+
+			/* Of course, Leash is one of the platforms
+			   that historically assumed no units and minutes
+			   so this change is going to break some people
+			   but its better to be consistent. */
+                        size_t cch;
+                        char buf[256];
+			do {
+			    cch = strlen(value) + 2; /* NUL and new 's' */
+			    if (cch > sizeof(buf))
+				break;
+
+			    strcpy(buf, value);
+			    strcat(buf, "s");
+
+			    retval = pkrb5_string_to_deltat(buf, &d);
+			    if (retval == 0) {
+				result = d / 60;
+			    }
+			} while(0);
+                    } else if (retval == 0) {
+			result = d / 60;
+                    }
+                    pprofile_release_string(value);
+                }
+		pprofile_release(profile);
+		/* value has been released but we can still use a check for
+		 * non-NULL to see if we were able to read a value.
+		 */
+		if (retval == 0 && value)
+		    return result;
+
+		pprofile_release(profile);
+            }
+        }
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char renew_till[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_RENEW_TILL,
+                       renew_till, sizeof(renew_till)))
+        {
+            renew_till[sizeof(renew_till) - 1] = 0;
+            return atoi(renew_till);
+        }
+    }
+    return 0;
+}
+
+static
+BOOL
+get_default_forwardable_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_FORWARDABLE,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_forwardable(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_FORWARDABLE);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_forwardable(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_FORWARDABLE, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_forwardable(
+    )
+{
+    HMODULE hmLeash;
+
+    char env[32];
+    DWORD result;
+
+    if(GetEnvironmentVariable("FORWARDABLE",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+    if (get_default_forwardable_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_forwardable_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    if ( hKrb5 ) {
+        CHAR confname[MAX_PATH];
+        if (!get_profile_file(confname, sizeof(confname)))
+        {
+            profile_t profile;
+            const char *filenames[2];
+            char *value=0;
+            long retval;
+            filenames[0] = confname;
+            filenames[1] = NULL;
+            if (!pprofile_init(filenames, &profile)) {
+                retval = pprofile_get_string(profile, "libdefaults","forwardable", 0, 0, &value);
+                if ( value ) {
+                    result = config_boolean_to_int(value);
+                    pprofile_release_string(value);
+                    pprofile_release(profile);
+                    return result;
+                }
+                pprofile_release(profile);
+            }
+        }
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char forwardable[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_FORWARD,
+                       forwardable, sizeof(forwardable)))
+        {
+            forwardable[sizeof(forwardable) - 1] = 0;
+            return atoi(forwardable);
+        }
+    }
+    return 0;
+}
+
+static
+BOOL
+get_default_renewable_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_RENEWABLE,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_renewable(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEWABLE);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_renewable(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEWABLE, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_renewable(
+    )
+{
+    HMODULE hmLeash;
+    char env[32];
+    DWORD result;
+
+    if(GetEnvironmentVariable("RENEWABLE",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+    if (get_default_renewable_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_renewable_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    if ( hKrb5 ) {
+        CHAR confname[MAX_PATH];
+        if (!get_profile_file(confname, sizeof(confname)))
+        {
+            profile_t profile;
+            const char *filenames[2];
+            char *value=0;
+            long retval;
+            filenames[0] = confname;
+            filenames[1] = NULL;
+            if (!pprofile_init(filenames, &profile)) {
+                retval = pprofile_get_string(profile, "libdefaults","renewable", 0, 0, &value);
+                if ( value ) {
+                    result = config_boolean_to_int(value);
+                    pprofile_release_string(value);
+                    pprofile_release(profile);
+                    return result;
+                }
+                pprofile_release(profile);
+            }
+        }
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char renewable[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_RENEW,
+                       renewable, sizeof(renewable)))
+        {
+            renewable[sizeof(renewable) - 1] = 0;
+            return atoi(renewable);
+        }
+    }
+    return 0;
+}
+
+static
+BOOL
+get_default_noaddresses_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_NOADDRESSES,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_noaddresses(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_NOADDRESSES);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_noaddresses(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_NOADDRESSES, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_noaddresses(
+    )
+{
+    HMODULE hmLeash;
+    char env[32];
+    DWORD result;
+
+    if ( hKrb5 ) {
+        // if the profile file cannot be opened then the value will be true
+        // if the noaddresses name cannot be found then the value will be true
+        // if true in the library, we can't alter it by other means
+        CHAR confname[MAX_PATH];
+        result = 1;
+        if (!get_profile_file(confname, sizeof(confname)))
+        {
+            profile_t profile;
+            const char *filenames[2];
+            char *value=0;
+            long retval;
+            filenames[0] = confname;
+            filenames[1] = NULL;
+            if (!pprofile_init(filenames, &profile)) {
+                retval = pprofile_get_string(profile, "libdefaults","noaddresses", 0, "true", &value);
+                if ( value ) {
+                    result = config_boolean_to_int(value);
+                    pprofile_release_string(value);
+                }
+                pprofile_release(profile);
+            }
+        }
+
+        if ( result )
+            return 1;
+    }
+
+    // The library default is false, check other locations
+
+    if(GetEnvironmentVariable("NOADDRESSES",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+    if (get_default_noaddresses_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_noaddresses_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char noaddresses[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_NOADDRESS,
+                       noaddresses, sizeof(noaddresses)))
+        {
+            noaddresses[sizeof(noaddresses) - 1] = 0;
+        }
+    }
+    return 1;
+}
+
+static
+BOOL
+get_default_proxiable_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_PROXIABLE,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_proxiable(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_PROXIABLE);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_proxiable(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_PROXIABLE, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_proxiable(
+    )
+{
+    HMODULE hmLeash;
+    char env[32];
+    DWORD result;
+
+    if(GetEnvironmentVariable("PROXIABLE",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+    if (get_default_proxiable_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_proxiable_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    if ( hKrb5 ) {
+        CHAR confname[MAX_PATH];
+        if (!get_profile_file(confname, sizeof(confname)))
+        {
+            profile_t profile;
+            const char *filenames[2];
+            char *value=0;
+            long retval;
+            filenames[0] = confname;
+            filenames[1] = NULL;
+            if (!pprofile_init(filenames, &profile)) {
+                retval = pprofile_get_string(profile, "libdefaults","proxiable", 0, 0, &value);
+                if ( value ) {
+                    result = config_boolean_to_int(value);
+                    pprofile_release_string(value);
+                    pprofile_release(profile);
+                    return result;
+                }
+                pprofile_release(profile);
+            }
+        }
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char proxiable[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_PROXIABLE,
+                       proxiable, sizeof(proxiable)))
+        {
+            proxiable[sizeof(proxiable) - 1] = 0;
+            return atoi(proxiable);
+        }
+    }
+    return 0;
+}
+
+static
+BOOL
+get_default_publicip_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_PUBLICIP,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_publicip(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_PUBLICIP);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_publicip(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_PUBLICIP, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_publicip(
+    )
+{
+    HMODULE hmLeash;
+    char env[32];
+    DWORD result;
+
+    if(GetEnvironmentVariable("PUBLICIP",env,sizeof(env)))
+    {
+        return atoi(env);
+    }
+
+    if (get_default_publicip_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_publicip_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char publicip[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_TICKET_PUBLICIP,
+                       publicip, sizeof(publicip)))
+        {
+            publicip[sizeof(publicip) - 1] = 0;
+            return atoi(publicip);
+        }
+    }
+    return 0;
+}
+
+static
+BOOL
+get_hide_kinit_options_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_KINIT_OPT,
+                                   result);
+}
+
+DWORD
+Leash_reset_hide_kinit_options(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_KINIT_OPT);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_hide_kinit_options(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_KINIT_OPT, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_hide_kinit_options(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_hide_kinit_options_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_hide_kinit_options_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char hide_kinit_options[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_KINIT_OPT,
+                       hide_kinit_options, sizeof(hide_kinit_options)))
+        {
+            hide_kinit_options[sizeof(hide_kinit_options) - 1] = 0;
+            return atoi(hide_kinit_options);
+        }
+    }
+    return 0;	/* hide unless otherwise indicated */
+}
+
+
+
+static
+BOOL
+get_default_life_min_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_LIFE_MIN,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_life_min(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LIFE_MIN);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_life_min(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LIFE_MIN, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_life_min(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_default_life_min_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_life_min_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char life_min[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LIFE_MIN,
+                       life_min, sizeof(life_min)))
+        {
+            life_min[sizeof(life_min) - 1] = 0;
+            return atoi(life_min);
+        }
+    }
+    return 5; 	/* 5 minutes */
+}
+
+static
+BOOL
+get_default_life_max_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_LIFE_MAX,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_life_max(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LIFE_MAX);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_life_max(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LIFE_MAX, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_life_max(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_default_life_max_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_life_max_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char life_max[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LIFE_MAX,
+                       life_max, sizeof(life_max)))
+        {
+            life_max[sizeof(life_max) - 1] = 0;
+            return atoi(life_max);
+        }
+    }
+    return 1440;
+}
+
+static
+BOOL
+get_default_renew_min_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_RENEW_MIN,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_renew_min(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEW_MIN);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_renew_min(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEW_MIN, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_renew_min(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_default_renew_min_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_renew_min_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char renew_min[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_RENEW_MIN,
+                       renew_min, sizeof(renew_min)))
+        {
+            renew_min[sizeof(renew_min) - 1] = 0;
+            return atoi(renew_min);
+        }
+    }
+    return 600;  	/* 10 hours */
+}
+
+static
+BOOL
+get_default_renew_max_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_RENEW_MAX,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_renew_max(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEW_MAX);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_renew_max(
+    DWORD minutes
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEW_MAX, 0, REG_DWORD,
+                       (LPBYTE) &minutes, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_renew_max(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_default_renew_max_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_renew_max_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char renew_max[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_RENEW_MAX,
+                       renew_max, sizeof(renew_max)))
+        {
+            renew_max[sizeof(renew_max) - 1] = 0;
+            return atoi(renew_max);
+        }
+    }
+    return 60 * 24 * 30;
+}
+
+static
+BOOL
+get_default_uppercaserealm_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_SETTINGS_REGISTRY_KEY_NAME,
+                                   LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_uppercaserealm(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_uppercaserealm(
+    DWORD onoff
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM, 0, REG_DWORD,
+                       (LPBYTE) &onoff, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_uppercaserealm(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_default_uppercaserealm_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_uppercaserealm_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char uppercaserealm[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_UPPERCASEREALM,
+                       uppercaserealm, sizeof(uppercaserealm)))
+        {
+            uppercaserealm[sizeof(uppercaserealm) - 1] = 0;
+            return atoi(uppercaserealm);
+        }
+    }
+    return 1;
+}
+
+DWORD
+Leash_reset_default_mslsa_import(
+    )
+{
+    return ERROR_INVALID_FUNCTION;
+}
+
+DWORD
+Leash_set_default_mslsa_import(
+    DWORD onoffmatch
+    )
+{
+    return ERROR_INVALID_FUNCTION;
+}
+
+DWORD
+Leash_get_default_mslsa_import(
+    )
+{
+    return 0;
+}
+
+
+static
+BOOL
+get_default_preserve_kinit_settings_from_registry(
+    HKEY hBaseKey,
+    DWORD * result
+    )
+{
+    return get_DWORD_from_registry(hBaseKey,
+                                   LEASH_REGISTRY_KEY_NAME,
+                                   LEASH_REGISTRY_VALUE_PRESERVE_KINIT,
+                                   result);
+}
+
+DWORD
+Leash_reset_default_preserve_kinit_settings(
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
+    if (rc)
+        return rc;
+
+    rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_PRESERVE_KINIT);
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_set_default_preserve_kinit_settings(
+    DWORD onoff
+    )
+{
+    HKEY hKey;
+    LONG rc;
+
+    rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
+                        0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc)
+        return rc;
+
+    rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_PRESERVE_KINIT, 0, REG_DWORD,
+                       (LPBYTE) &onoff, sizeof(DWORD));
+    RegCloseKey(hKey);
+
+    return rc;
+}
+
+DWORD
+Leash_get_default_preserve_kinit_settings(
+    )
+{
+    HMODULE hmLeash;
+    DWORD result;
+
+    if (get_default_preserve_kinit_settings_from_registry(HKEY_CURRENT_USER, &result) ||
+        get_default_preserve_kinit_settings_from_registry(HKEY_LOCAL_MACHINE, &result))
+    {
+        return result;
+    }
+
+    hmLeash = GetModuleHandle(LEASH_DLL);
+    if (hmLeash)
+    {
+        char preserve_kinit_settings[80];
+        if (LoadString(hmLeash, LSH_DEFAULT_PRESERVE_KINIT,
+                       preserve_kinit_settings, sizeof(preserve_kinit_settings)))
+        {
+            preserve_kinit_settings[sizeof(preserve_kinit_settings) - 1] = 0;
+            return atoi(preserve_kinit_settings);
+        }
+    }
+    return 1;
+}
+
+void
+Leash_reset_defaults(void)
+{
+    Leash_reset_default_lifetime();
+    Leash_reset_default_renew_till();
+    Leash_reset_default_renewable();
+    Leash_reset_default_forwardable();
+    Leash_reset_default_noaddresses();
+    Leash_reset_default_proxiable();
+    Leash_reset_default_publicip();
+    Leash_reset_hide_kinit_options();
+    Leash_reset_default_life_min();
+    Leash_reset_default_life_max();
+    Leash_reset_default_renew_min();
+    Leash_reset_default_renew_max();
+    Leash_reset_default_uppercaserealm();
+    Leash_reset_default_preserve_kinit_settings();
+}
+
+static void
+acquire_tkt_send_msg_leash(const char *title,
+                           const char *ccachename,
+                           const char *name,
+                           const char *realm)
+{
+    DWORD leashProcessId = 0;
+    DWORD bufsize = 4096;
+    DWORD step;
+    HANDLE hLeashProcess = NULL;
+    HANDLE hMapFile = NULL;
+    HANDLE hTarget = NULL;
+    HWND hLeashWnd = FindWindow("LEASH.0WNDCLASS", NULL);
+    char *strs;
+    void *view;
+    if (!hLeashWnd)
+        // no leash window
+        return;
+
+    GetWindowThreadProcessId(hLeashWnd, &leashProcessId);
+    hLeashProcess = OpenProcess(PROCESS_DUP_HANDLE,
+                                FALSE,
+                                leashProcessId);
+    if (!hLeashProcess)
+        // can't get process handle; use GetLastError() for more info
+        return;
+
+    hMapFile = CreateFileMapping(INVALID_HANDLE_VALUE, // use paging file
+                                 NULL,                 // default security
+                                 PAGE_READWRITE,       // read/write access
+                                 0,                    // max size (high 32)
+                                 bufsize,              // max size (low 32)
+                                 NULL);                // name
+    if (!hMapFile) {
+        // GetLastError() for more info
+        CloseHandle(hLeashProcess);
+        return;
+    }
+
+    SetForegroundWindow(hLeashWnd);
+
+    view = MapViewOfFile(hMapFile,
+                         FILE_MAP_ALL_ACCESS,
+                         0,
+                         0,
+                         bufsize);
+    if (view != NULL) {
+        /* construct a marshalling of data
+         *   <title><principal><realm><ccache>
+         * then send to Leash
+         */
+        strs = (char *)view;
+        // first reserve space for three more NULLs (4 strings total)
+        bufsize -= 3;
+        // Dialog title
+        if (title != NULL)
+            strcpy_s(strs, bufsize, title);
+        else if (name != NULL && realm != NULL)
+            sprintf_s(strs, bufsize,
+                      "MIT Kerberos: Get Ticket for %s@%s", name, realm);
+        else
+            strcpy_s(strs, bufsize, "MIT Kerberos: Get Ticket");
+        step = strlen(strs);
+        strs += step + 1;
+        bufsize -= step;
+        // name and realm
+        if (name != NULL) {
+            strcpy_s(strs, bufsize, name);
+            step = strlen(strs);
+            strs += step + 1;
+            bufsize -= step;
+            if (realm != NULL) {
+                strcpy_s(strs, bufsize, realm);
+                step = strlen(strs);
+                strs += step + 1;
+                bufsize -= step;
+            } else {
+                *strs = 0;
+                strs++;
+            }
+        } else {
+            *strs = 0;
+            strs++;
+            *strs = 0;
+            strs++;
+        }
+
+        /* Append the ccache name */
+        if (ccachename != NULL)
+            strcpy_s(strs, bufsize, ccachename);
+        else
+            *strs = 0;
+
+        UnmapViewOfFile(view);
+    }
+    // Duplicate the file mapping handle to one leash can use
+    if (DuplicateHandle(GetCurrentProcess(),
+                        hMapFile,
+                        hLeashProcess,
+                        &hTarget,
+                        PAGE_READWRITE,
+                        FALSE,
+                        DUPLICATE_SAME_ACCESS |
+                        DUPLICATE_CLOSE_SOURCE)) {
+        /* 32809 = ID_OBTAIN_TGT_WITH_LPARAM in src/windows/leash/resource.h */
+        SendMessage(hLeashWnd, 32809, 0, (LPARAM) hTarget);
+    } else {
+        // GetLastError()
+    }
+}
+
+static int
+acquire_tkt_send_msg(krb5_context ctx, const char * title,
+		     const char * ccachename,
+		     krb5_principal desiredKrb5Principal,
+		     char * out_ccname, int out_cclen)
+{
+    krb5_error_code 	err;
+    HWND    	        hNetIdMgr;
+    HWND    		hForeground;
+    char		*desiredName = 0;
+    char                *desiredRealm = 0;
+
+    /* do we want a specific client principal? */
+    if (desiredKrb5Principal != NULL) {
+	err = pkrb5_unparse_name (ctx, desiredKrb5Principal, &desiredName);
+	if (!err) {
+	    char * p;
+	    for (p = desiredName; *p && *p != '@'; p++);
+	    if ( *p == '@' ) {
+		*p = '\0';
+		desiredRealm = ++p;
+	    }
+	}
+    }
+
+    hForeground = GetForegroundWindow();
+    hNetIdMgr = FindWindow("IDMgrRequestDaemonCls", "IDMgrRequestDaemon");
+    if (hNetIdMgr != NULL) {
+	HANDLE hMap;
+	DWORD  tid = GetCurrentThreadId();
+	char mapname[256];
+	NETID_DLGINFO *dlginfo;
+
+	sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
+
+	hMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
+				 0, 4096, mapname);
+	if (hMap == NULL) {
+	    return -1;
+	} else if (hMap != NULL && GetLastError() == ERROR_ALREADY_EXISTS) {
+	    CloseHandle(hMap);
+	    return -1;
+	}
+
+	dlginfo = (NETID_DLGINFO *)MapViewOfFileEx(hMap, FILE_MAP_READ|FILE_MAP_WRITE,
+						 0, 0, 4096, NULL);
+	if (dlginfo == NULL) {
+	    CloseHandle(hMap);
+	    return -1;
+	}
+
+	memset(dlginfo, 0, sizeof(NETID_DLGINFO));
+
+	dlginfo->size = sizeof(NETID_DLGINFO);
+	dlginfo->dlgtype = NETID_DLGTYPE_TGT;
+	dlginfo->in.use_defaults = 1;
+
+	if (title) {
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				title, -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
+	    char mytitle[NETID_TITLE_SZ];
+	    sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				mytitle, -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	} else {
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				"Obtain Kerberos TGT", -1,
+				dlginfo->in.title, NETID_TITLE_SZ);
+	}
+	if (desiredName)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				desiredName, -1,
+				dlginfo->in.username, NETID_USERNAME_SZ);
+	if (desiredRealm)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				desiredRealm, -1,
+				dlginfo->in.realm, NETID_REALM_SZ);
+	if (ccachename)
+	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
+				ccachename, -1,
+				dlginfo->in.ccache, NETID_CCACHE_NAME_SZ);
+	SendMessage(hNetIdMgr, 32810, 0, (LPARAM) tid);
+
+	if (out_ccname && out_cclen > 0) {
+	    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK, dlginfo->out.ccache, -1,
+				out_ccname, out_cclen, NULL, NULL);
+	}
+
+	UnmapViewOfFile(dlginfo);
+	CloseHandle(hMap);
+    } else {
+        acquire_tkt_send_msg_leash(title,
+                                   ccachename, desiredName, desiredRealm);
+    }
+
+    SetForegroundWindow(hForeground);
+    if (desiredName != NULL)
+	pkrb5_free_unparsed_name(ctx, desiredName);
+
+    return 0;
+}
+
+static BOOL cc_have_tickets(krb5_context ctx, krb5_ccache cache)
+{
+    krb5_cc_cursor cur = NULL;
+    krb5_creds creds;
+    krb5_flags flags;
+    krb5_error_code code;
+    BOOL have_tickets = FALSE;
+
+    // Don't need the actual ticket.
+    flags = KRB5_TC_NOTICKET;
+    code = pkrb5_cc_set_flags(ctx, cache, flags);
+    if (code)
+        goto cleanup;
+    code = pkrb5_cc_start_seq_get(ctx, cache, &cur);
+    if (code)
+        goto cleanup;
+
+    _tzset();
+    while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) {
+        if ((!pkrb5_is_config_principal(ctx, creds.server)) &&
+            ((time_t)(DWORD)creds.times.endtime - time(0) > 0))
+            have_tickets = TRUE;
+
+        pkrb5_free_cred_contents(ctx, &creds);
+    }
+    if (code == KRB5_CC_END) {
+        code = pkrb5_cc_end_seq_get(ctx, cache, &cur);
+        if (code)
+            goto cleanup;
+        flags = 0;
+        code = pkrb5_cc_set_flags(ctx, cache, flags);
+        if (code)
+            goto cleanup;
+    }
+cleanup:
+    return have_tickets;
+}
+
+static BOOL
+cc_have_tickets_for_princ(krb5_context ctx,
+                          krb5_ccache cache,
+                          krb5_principal princ)
+{
+    krb5_error_code code;
+    krb5_principal cc_princ = NULL;
+    BOOL have_tickets = FALSE;
+    code = pkrb5_cc_get_principal(ctx, cache, &cc_princ);
+    if (code)
+        goto cleanup;
+
+    if (pkrb5_principal_compare(ctx, princ, cc_princ))
+        have_tickets = cc_have_tickets(ctx, cache);
+
+cleanup:
+    if (cc_princ != NULL)
+        pkrb5_free_principal(ctx, cc_princ);
+    return have_tickets;
+}
+
+static BOOL cc_default_have_tickets(krb5_context ctx)
+{
+    krb5_ccache cache = NULL;
+    BOOL have_tickets = FALSE;
+    if (pkrb5_cc_default(ctx, &cache) == 0)
+        have_tickets = cc_have_tickets(ctx, cache);
+    if (cache != NULL)
+        pkrb5_cc_close(ctx, cache);
+    return have_tickets;
+}
+
+static BOOL
+cccol_have_tickets_for_princ(krb5_context ctx,
+                             krb5_principal princ,
+                             char *ccname,
+                             int cclen)
+{
+    krb5_error_code code;
+    krb5_ccache cache;
+    krb5_cccol_cursor cursor;
+    BOOL have_tickets = FALSE;
+    char *ccfullname;
+
+    code = pkrb5_cccol_cursor_new(ctx, &cursor);
+    if (code)
+        goto cleanup;
+
+    while (!have_tickets &&
+           !(code = pkrb5_cccol_cursor_next(ctx, cursor, &cache)) &&
+           cache != NULL) {
+        if (cc_have_tickets_for_princ(ctx, cache, princ)) {
+            if (pkrb5_cc_get_full_name(ctx, cache, &ccfullname)==0) {
+                strcpy_s(ccname, cclen, ccfullname);
+                pkrb5_free_string(ctx, ccfullname);
+                have_tickets = TRUE;
+            }
+        }
+        pkrb5_cc_close(ctx, cache);
+    }
+    pkrb5_cccol_cursor_free(ctx, &cursor);
+cleanup:
+
+    return have_tickets;
+}
+
+static void
+acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen)
+{
+    krb5_context        ctx;
+    DWORD		gle;
+    char ccachename[272]="";
+    char loginenv[16];
+    BOOL prompt;
+    BOOL haveTickets;
+
+    GetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT", loginenv, sizeof(loginenv));
+    prompt = (GetLastError() == ERROR_ENVVAR_NOT_FOUND);
+
+    ctx = context;
+
+    SetLastError(0);
+    GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
+    gle = GetLastError();
+    if ( ((gle == ERROR_ENVVAR_NOT_FOUND) || !ccachename[0]) && context ) {
+        const char * ccdef = pkrb5_cc_default_name(ctx);
+	SetEnvironmentVariable("KRB5CCNAME", ccdef ? ccdef : NULL);
+	GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
+    }
+
+    haveTickets = cc_default_have_tickets(ctx);
+
+    if ( prompt && !haveTickets ) {
+	acquire_tkt_send_msg(ctx, NULL, ccachename, NULL, ccname, cclen);
+        /*
+         * If the ticket manager returned an alternative credential cache
+         * remember it as the default for this process.
+         */
+        if ( ccname && ccname[0] && strcmp(ccachename,ccname) ) {
+            SetEnvironmentVariable("KRB5CCNAME",ccname);
+        }
+
+    } else if (ccachename[0] && ccname) {
+	strncpy(ccname, ccachename, cclen);
+	ccname[cclen-1] = '\0';
+    }
+    if ( !context )
+        pkrb5_free_context(ctx);
+}
+
+
+static void
+acquire_tkt_for_princ(krb5_context ctx, krb5_principal desiredPrincipal,
+		      char * ccname, int cclen)
+{
+    DWORD		gle;
+    char 		ccachename[272]="";
+    char 		loginenv[16];
+    BOOL 		prompt;
+
+    GetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT", loginenv, sizeof(loginenv));
+    prompt = (GetLastError() == ERROR_ENVVAR_NOT_FOUND);
+
+    SetLastError(0);
+    GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
+    gle = GetLastError();
+    if ((gle == ERROR_ENVVAR_NOT_FOUND || !ccachename[0]) && ctx != NULL) {
+        const char * ccdef = pkrb5_cc_default_name(ctx);
+	SetEnvironmentVariable("KRB5CCNAME", ccdef ? ccdef : NULL);
+	GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
+    }
+    if (!cccol_have_tickets_for_princ(ctx, desiredPrincipal, ccname, cclen)) {
+        if (prompt) {
+	        acquire_tkt_send_msg(ctx, NULL,
+                                 ccachename, desiredPrincipal, ccname, cclen);
+            /*
+             * If the ticket manager returned an alternative credential cache
+             * remember it as the default for this process.
+             */
+            if (ccname != NULL && ccname[0] &&
+                strcmp(ccachename, ccname)) {
+                SetEnvironmentVariable("KRB5CCNAME",ccname);
+            }
+        }
+	}
+}
+
+
+void FAR
+not_an_API_Leash_AcquireInitialTicketsIfNeeded(krb5_context context,
+					       krb5_principal desiredKrb5Principal,
+					       char * ccname, int cclen)
+{
+    if (!desiredKrb5Principal) {
+	acquire_tkt_no_princ(context, ccname, cclen);
+    } else {
+        acquire_tkt_for_princ(context, desiredKrb5Principal, ccname, cclen);
+    }
+    return;
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/lshutil.cpp b/krb5-1.21.3/src/windows/leashdll/lshutil.cpp
new file mode 100644
index 00000000..867f6051
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/lshutil.cpp
@@ -0,0 +1,596 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* leashdll/lshutil.cpp - text manipulation for principal entry */
+/*
+ * Copyright (C) 2012 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ *
+ * Leash Principal Edit Control
+ *
+ * Edit control customized to enter a principal.
+ * -Autocomplete functionality using history of previously successful
+ *  authentications
+ * -Option to automatically convert realm to uppercase as user types
+ * -Suggest default realm when no matches available from history
+ */
+
+#include <windows.h>
+#include <wtypes.h>  // LPOLESTR
+#include <Shldisp.h> // IAutoComplete
+#include <ShlGuid.h> // CLSID_AutoComplete
+#include <shobjidl.h> // IAutoCompleteDropDown
+#include <objbase.h> // CoCreateInstance
+#include <tchar.h>
+#include <map>
+#include <vector>
+
+#include "leashwin.h"
+#include "leashdll.h"
+
+#pragma comment(lib, "ole32.lib") // CoCreateInstance
+
+//
+// DynEnumString:
+// IEnumString implementation that can be dynamically updated after creation.
+//
+class DynEnumString : public IEnumString
+{
+public:
+    // IUnknown
+    STDMETHODIMP_(ULONG) AddRef()
+    {
+        return ++m_refcount;
+    }
+
+    STDMETHODIMP_(ULONG) Release()
+    {
+        ULONG refcount = --m_refcount;
+        if (refcount == 0)
+            delete this;
+        return refcount;
+    }
+
+    STDMETHODIMP QueryInterface(REFIID riid, void** ppvObject)
+    {
+        IUnknown *punk = NULL;
+        if (riid == IID_IUnknown)
+            punk = static_cast<IUnknown*>(this);
+        else if (riid == IID_IEnumString)
+            punk = static_cast<IEnumString*>(this);
+        *ppvObject = punk;
+        if (punk == NULL)
+            return E_NOINTERFACE;
+        punk->AddRef();
+        return S_OK;
+    }
+
+    // IEnumString
+public:
+    STDMETHODIMP Clone(IEnumString **ppclone)
+    {
+        LPTSTR *data = m_aStrings.data();
+        ULONG count = m_aStrings.size();
+        *ppclone = new DynEnumString(count, data);
+        return S_OK;
+    }
+
+    STDMETHODIMP Next(ULONG count, LPOLESTR *elements, ULONG *pFetched)
+    {
+        ULONG fetched = 0;
+        while (fetched < count) {
+            if (m_iter == m_aStrings.end())
+                break;
+            LPTSTR src = *m_iter++;
+            // @TODO: add _UNICODE version
+            DWORD nLengthW = ::MultiByteToWideChar(CP_ACP,
+                                                   0, &src[0], -1, NULL, 0);
+            LPOLESTR copy =
+                (LPOLESTR )::CoTaskMemAlloc(sizeof(OLECHAR) * nLengthW);
+            if (copy != NULL) {
+                if (::MultiByteToWideChar(CP_ACP,
+                                          0, &src[0], -1, copy, nLengthW)) {
+                    elements[fetched++] = copy;
+                } else {
+                    // failure...
+                    // TODO: debug spew
+                    ::CoTaskMemFree(copy);
+                    copy = NULL;
+                }
+            }
+        }
+        *pFetched = fetched;
+
+        return fetched == count ? S_OK : S_FALSE;
+    }
+
+    STDMETHODIMP Reset()
+    {
+        m_iter = m_aStrings.begin();
+        return S_OK;
+    }
+
+    STDMETHODIMP Skip(ULONG count)
+    {
+        for (ULONG i=0; i<count; i++) {
+            if (m_iter == m_aStrings.end()) {
+                m_iter = m_aStrings.begin();
+                break;
+            }
+            m_iter++;
+        }
+        return S_OK;
+    }
+
+    // Custom interface
+    DynEnumString(ULONG count, LPTSTR *strings)
+    {
+        m_aStrings.reserve(count + 1);
+        for (ULONG i = 0; i < count; i++) {
+            AddString(strings[i]);
+        }
+        m_iter = m_aStrings.begin();
+        m_refcount = 1;
+    }
+
+    virtual ~DynEnumString()
+    {
+        RemoveAll();
+    }
+
+    void RemoveAll()
+    {
+        for (m_iter = m_aStrings.begin();
+             m_iter != m_aStrings.end();
+             m_iter++)
+            delete[] (*m_iter);
+        m_aStrings.erase(m_aStrings.begin(), m_aStrings.end());
+    }
+
+    void AddString(LPTSTR str)
+    {
+        LPTSTR copy = NULL;
+        if (str) {
+            copy = _tcsdup(str);
+            if (copy)
+                m_aStrings.push_back(copy);
+        }
+    }
+
+
+    void RemoveString(LPTSTR str)
+    {
+        std::vector<LPTSTR>::const_iterator i;
+        for (i = m_aStrings.begin(); i != m_aStrings.end(); i++) {
+            if (_tcscmp(*i, str) == 0) {
+                delete[] (*i);
+                m_aStrings.erase(i);
+                break;
+            }
+        }
+    }
+
+private:
+    ULONG m_refcount;
+    std::vector<LPTSTR>::iterator m_iter;
+    std::vector<LPTSTR> m_aStrings;
+};
+
+// Registry key to store history of successfully authenticated principals
+#define LEASH_REGISTRY_PRINCIPALS_KEY_NAME "Software\\MIT\\Leash\\Principals"
+
+// Free principal list obtained by getPrincipalList()
+static void freePrincipalList(LPTSTR *princs, int count)
+{
+    int i;
+    if (count) {
+        for (i = 0; i < count; i++)
+            if (princs[i])
+                free(princs[i]);
+        delete[] princs;
+    }
+}
+
+// Retrieve history of successfully authenticated principals from registry
+static void getPrincipalList(LPTSTR **outPrincs, int *outPrincCount)
+{
+    DWORD count = 0;
+    DWORD valCount = 0;
+    DWORD maxLen = 0;
+    LPTSTR tempValName = NULL;
+    LPTSTR *princs = NULL;
+    *outPrincs = NULL;
+    HKEY hKey = NULL;
+    unsigned long rc = RegCreateKeyEx(HKEY_CURRENT_USER,
+                                      LEASH_REGISTRY_PRINCIPALS_KEY_NAME, 0, 0,
+                                      0, KEY_READ, 0, &hKey, 0);
+    if (rc == S_OK) {
+        // get string count
+        rc = RegQueryInfoKey(
+            hKey,
+            NULL, // __out_opt    LPTSTR lpClass,
+            NULL, // __inout_opt  LPDWORD lpcClass,
+            NULL, // __reserved   LPDWORD lpReserved,
+            NULL, // __out_opt    LPDWORD lpcSubKeys,
+            NULL, // __out_opt    LPDWORD lpcMaxSubKeyLen,
+            NULL, // __out_opt    LPDWORD lpcMaxClassLen,
+            &valCount, //__out_opt    LPDWORD lpcValues,
+            &maxLen, // __out_opt    LPDWORD lpcMaxValueNameLen,
+            NULL, // __out_opt    LPDWORD lpcMaxValueLen,
+            NULL, // __out_opt    LPDWORD lpcbSecurityDescriptor,
+            NULL  // __out_opt    PFILETIME lpftLastWriteTime
+        );
+    }
+    if (valCount == 0)
+        goto cleanup;
+
+    princs = new LPTSTR[valCount];
+    if (princs == NULL)
+        goto cleanup;
+
+    tempValName = new TCHAR[maxLen+1];
+    if (tempValName == NULL)
+        goto cleanup;
+
+    // enumerate values...
+    for (DWORD iReg = 0; iReg < valCount; iReg++) {
+        LPTSTR princ = NULL;
+        DWORD size = maxLen+1;
+        rc = RegEnumValue(hKey, iReg, tempValName, &size,
+                          NULL, NULL, NULL, NULL);
+        if (rc == ERROR_SUCCESS)
+            princ = _tcsdup(tempValName);
+        if (princ != NULL)
+            princs[count++] = princ;
+    }
+
+    *outPrincCount = count;
+    count = 0;
+    *outPrincs = princs;
+    princs = NULL;
+
+cleanup:
+    if (tempValName)
+        delete[] tempValName;
+    if (princs)
+        freePrincipalList(princs, count);
+    if (hKey)
+        RegCloseKey(hKey);
+    return;
+}
+
+
+// HookWindow
+// Utility class to process messages relating to the specified hwnd
+class HookWindow
+{
+public:
+    typedef std::pair<HWND, HookWindow*> map_elem;
+    typedef std::map<HWND, HookWindow*> map;
+
+    HookWindow(HWND in_hwnd) : m_hwnd(in_hwnd)
+    {
+        // add 'this' to static hash
+        m_ctrl_id = GetDlgCtrlID(in_hwnd);
+        m_parent = ::GetParent(m_hwnd);
+        sm_map.insert(map_elem(m_parent, this));
+        // grab current window proc and replace with our wndproc
+        m_parent_wndproc = SetWindowLongPtr(m_parent,
+                                            GWLP_WNDPROC,
+                                            (ULONG_PTR)(&sWindowProc));
+    }
+
+    virtual ~HookWindow()
+    {
+        // unhook hwnd and restore old wndproc
+        SetWindowLongPtr(m_parent, GWLP_WNDPROC, m_parent_wndproc);
+        sm_map.erase(m_parent);
+    }
+
+    // Process a message
+    // return 'false' to forward message to parent wndproc
+    virtual bool WindowProc(UINT msg, WPARAM wParam, LPARAM lParam,
+                            LRESULT *lr) = 0;
+
+protected:
+    static LRESULT sWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam,
+                               LPARAM lParam);
+
+    HWND m_hwnd;
+    HWND m_parent;
+    ULONG_PTR m_parent_wndproc;
+    int m_ctrl_id;
+
+    static map sm_map;
+};
+
+HookWindow::map HookWindow::sm_map;
+
+LRESULT HookWindow::sWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam,
+                                LPARAM lParam)
+{
+    LRESULT result;
+    // hash hwnd to get object and call actual window proc,
+    // then parent window proc as necessary
+    HookWindow::map::const_iterator iter = sm_map.find(hwnd);
+    if (iter != sm_map.end()) {
+        if (!iter->second->WindowProc(uMsg, wParam, lParam, &result))
+            result = CallWindowProc((WNDPROC )iter->second->m_parent_wndproc,
+                           hwnd, uMsg, wParam, lParam);
+    } else {
+        result = ::DefWindowProc(hwnd, uMsg, wParam, lParam);
+    }
+    return result;
+}
+
+//
+class PrincipalEditControl : public HookWindow
+{
+public:
+    PrincipalEditControl(HWND hwnd, bool bUpperCaseRealm) : HookWindow(hwnd)
+        ,m_ignore_change(0)
+        ,m_bUpperCaseRealm(bUpperCaseRealm)
+        ,m_defaultRealm(NULL)
+        ,m_ctx(0)
+        ,m_enumString(NULL)
+        ,m_acdd(NULL)
+        ,m_princStr(NULL)
+    {
+        pkrb5_init_context(&m_ctx);
+        GetDefaultRealm();
+        InitAutocomplete();
+    }
+
+    ~PrincipalEditControl()
+    {
+        DestroyAutocomplete();
+        if (m_princStr)
+            delete[] m_princStr;
+        if (m_ctx && m_defaultRealm)
+            pkrb5_free_default_realm(m_ctx, m_defaultRealm);
+        if (m_ctx)
+            pkrb5_free_context(m_ctx);
+    }
+
+    void ClearHistory()
+    {
+        if (m_enumString != NULL)
+            m_enumString->RemoveAll();
+        if (m_acdd != NULL)
+            m_acdd->ResetEnumerator();
+        if (m_princStr != NULL) {
+            delete[] m_princStr;
+            m_princStr = NULL;
+        }
+    }
+
+protected:
+    // Convert str to upper case
+    // This should be more-or-less _UNICODE-agnostic
+    static bool StrToUpper(LPTSTR str)
+    {
+        bool bChanged = false;
+        int c;
+        if (str != NULL) {
+            while ((c = *str) != NULL) {
+                if (__isascii(c) && islower(c)) {
+                    bChanged = true;
+                    *str = _toupper(c);
+                }
+                str++;
+            }
+        }
+        return bChanged;
+    }
+
+    void GetDefaultRealm()
+    {
+        // @TODO: _UNICODE support here
+        if ((m_defaultRealm == NULL) && m_ctx) {
+            pkrb5_get_default_realm(m_ctx, &m_defaultRealm);
+        }
+    }
+
+    // Append default realm to user and add to the autocomplete enum string
+    void SuggestDefaultRealm(LPTSTR user)
+    {
+        if (m_defaultRealm == NULL)
+            return;
+
+        int princ_len = _tcslen(user) + _tcslen(m_defaultRealm) + 1;
+        LPTSTR princStr = new TCHAR[princ_len];
+        if (princStr) {
+            _sntprintf_s(princStr, princ_len, _TRUNCATE, "%s%s", user,
+                         m_defaultRealm);
+            if (m_princStr != NULL && (_tcscmp(princStr, m_princStr) == 0)) {
+                // this string is already added, ok to just bail
+                delete[] princStr;
+            } else {
+                if (m_princStr != NULL) {
+                    // get rid of the old suggestion
+                    m_enumString->RemoveString(m_princStr);
+                    delete[] m_princStr;
+                }
+                // add the new one
+                m_enumString->AddString(princStr);
+                if (m_acdd != NULL)
+                    m_acdd->ResetEnumerator();
+                m_princStr = princStr;
+            }
+        }
+    }
+
+    bool AdjustRealmCase(LPTSTR princStr, LPTSTR realmStr)
+    {
+        bool bChanged = StrToUpper(realmStr);
+        if (bChanged) {
+            DWORD selStart, selEnd;
+            ::SendMessage(m_hwnd, EM_GETSEL, (WPARAM)&selStart,
+                          (LPARAM)&selEnd);
+            ::SetWindowText(m_hwnd, princStr);
+            ::SendMessage(m_hwnd, EM_SETSEL, (WPARAM)selStart, (LPARAM)selEnd);
+        }
+        return bChanged;
+    }
+
+    bool ProcessText()
+    {
+        bool bChanged = false;
+        int text_len = GetWindowTextLength(m_hwnd);
+        if (text_len > 0) {
+            LPTSTR str = new TCHAR [++text_len];
+            if (str != NULL) {
+                GetWindowText(m_hwnd, str, text_len);
+                LPTSTR realmStr = strchr(str, '@');
+                if (realmStr != NULL) {
+                    ++realmStr;
+                    if (*realmStr == 0) {
+                        SuggestDefaultRealm(str);
+                    }
+                    else if (m_bUpperCaseRealm) {
+                        AdjustRealmCase(str, realmStr);
+                        bChanged = true;
+                    }
+                }
+                delete[] str;
+            }
+        }
+        return bChanged;
+    }
+
+    virtual bool WindowProc(UINT msg, WPARAM wp, LPARAM lp, LRESULT *lr)
+    {
+        bool bChanged = false;
+        switch (msg) {
+        case WM_COMMAND:
+            if ((LOWORD(wp)==m_ctrl_id) &&
+                (HIWORD(wp)==EN_CHANGE)) {
+                if ((!m_ignore_change++) && ProcessText()) {
+                    bChanged = true;
+                    *lr = 0;
+                }
+                m_ignore_change--;
+            }
+        default:
+            break;
+        }
+        return bChanged;
+    }
+
+    void InitAutocomplete()
+    {
+        CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
+
+        // read strings from registry
+        LPTSTR *princs = NULL;
+        int count = 0;
+        getPrincipalList(&princs, &count);
+
+        // Create our custom IEnumString implementation
+        HRESULT hRes;
+        DynEnumString *pEnumString = new DynEnumString(count, princs);
+        if (princs)
+            freePrincipalList(princs, count);
+
+        m_enumString = pEnumString;
+
+        // Create and initialize IAutoComplete object using IEnumString
+        IAutoComplete *pac = NULL;
+        hRes = CoCreateInstance(CLSID_AutoComplete, NULL, CLSCTX_INPROC_SERVER,
+                                IID_PPV_ARGS(&pac));
+        if (pac != NULL) {
+            pac->Init(m_hwnd, pEnumString, NULL, NULL);
+
+            IAutoCompleteDropDown* pacdd = NULL;
+            hRes = pac->QueryInterface(IID_IAutoCompleteDropDown, (LPVOID*)&pacdd);
+            pac->Release();
+            m_acdd = pacdd;
+        }
+    }
+
+    void DestroyAutocomplete()
+    {
+        if (m_acdd != NULL)
+            m_acdd->Release();
+        if (m_enumString != NULL)
+            m_enumString->Release();
+    }
+
+    int m_ignore_change;
+    bool m_bUpperCaseRealm;
+    LPTSTR m_defaultRealm;
+    LPTSTR m_princStr;
+    krb5_context m_ctx;
+    DynEnumString *m_enumString;
+    IAutoCompleteDropDown *m_acdd;
+};
+
+
+
+extern "C" void Leash_pec_add_principal(char *principal)
+{
+    // write princ to registry
+    HKEY hKey;
+    unsigned long rc = RegCreateKeyEx(HKEY_CURRENT_USER,
+                                      LEASH_REGISTRY_PRINCIPALS_KEY_NAME,
+                                      0, 0, 0, KEY_WRITE, 0, &hKey, 0);
+    if (rc) {
+        // TODO: log failure
+        return;
+    }
+    rc = RegSetValueEx(hKey, principal, 0, REG_NONE, NULL, 0);
+    if (rc) {
+        // TODO: log failure
+    }
+    if (hKey)
+        RegCloseKey(hKey);
+}
+
+extern "C" void Leash_pec_clear_history(void *pec)
+{
+    // clear princs from registry
+    RegDeleteKey(HKEY_CURRENT_USER,
+                 LEASH_REGISTRY_PRINCIPALS_KEY_NAME);
+    // ...and from the specified widget
+    static_cast<PrincipalEditControl *>(pec)->ClearHistory();
+}
+
+
+extern "C" void *Leash_pec_create(HWND hEdit)
+{
+    return new PrincipalEditControl(
+        hEdit,
+        Leash_get_default_uppercaserealm() ? true : false);
+}
+
+extern "C" void Leash_pec_destroy(void *pec)
+{
+    if (pec != NULL)
+        delete ((PrincipalEditControl *)pec);
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/reminder.h b/krb5-1.21.3/src/windows/leashdll/reminder.h
new file mode 100644
index 00000000..05dd4bdd
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/reminder.h
@@ -0,0 +1,12 @@
+#ifndef __REMINDER_H__
+#define __REMINDER_H__
+
+#define Stringize( L )        #L
+#define MakeString( M, L )    M(L)
+#define $LINE                 MakeString( Stringize, __LINE__ )
+#define Reminder              __FILE__ "(" $LINE ") : Reminder: "
+
+#endif
+
+//Put this in your .cpp file where ever you need it (NOTE: Don't end this statement with a ';' char)
+//i.e. -->> #pragma message(Reminder "Your message reminder here!!!")
diff --git a/krb5-1.21.3/src/windows/leashdll/res/islogo.bmp b/krb5-1.21.3/src/windows/leashdll/res/islogo.bmp
new file mode 100644
index 00000000..c4af48f2
Binary files /dev/null and b/krb5-1.21.3/src/windows/leashdll/res/islogo.bmp differ
diff --git a/krb5-1.21.3/src/windows/leashdll/res/leash.ico b/krb5-1.21.3/src/windows/leashdll/res/leash.ico
new file mode 100644
index 00000000..235c6f44
Binary files /dev/null and b/krb5-1.21.3/src/windows/leashdll/res/leash.ico differ
diff --git a/krb5-1.21.3/src/windows/leashdll/resource.h b/krb5-1.21.3/src/windows/leashdll/resource.h
new file mode 100644
index 00000000..637c9387
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/resource.h
@@ -0,0 +1,19 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Developer Studio generated include file.
+// Used by lsh_pwd.rc
+//
+#define IDOK2                           5
+#define IDCANCEL2                       6
+#define LEASHICON                       100
+
+// Next default values for new objects
+//
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NO_MFC                     1
+#define _APS_NEXT_RESOURCE_VALUE        103
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1002
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
diff --git a/krb5-1.21.3/src/windows/leashdll/timesync.c b/krb5-1.21.3/src/windows/leashdll/timesync.c
new file mode 100644
index 00000000..84765e91
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/timesync.c
@@ -0,0 +1,292 @@
+/* timesync stuff for leash - 7/28/94 - evanr */
+
+#include <windows.h>
+#include "leashdll.h"
+
+#include <time.h>
+#include <sys\timeb.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <winsock2.h>
+
+#include <stdio.h>
+#include "leasherr.h"
+#include "leashids.h"
+
+int ProcessTimeSync(char *, int, char *);
+
+#define TM_OFFSET 2208988800
+
+/* timezone.h has a winsock.h conflict */
+struct timezone {
+    int     tz_minuteswest;
+    int     tz_dsttime;
+};
+
+/************************************/
+/* settimeofday():                  */
+/************************************/
+int
+settimeofday(
+    struct timeval *tv,
+    struct timezone *tz
+    )
+{
+    SYSTEMTIME systime;
+    struct tm *newtime;
+
+    newtime = gmtime((time_t *)&(tv->tv_sec));
+    systime.wYear = 1900+newtime->tm_year;
+    systime.wMonth = 1+newtime->tm_mon;
+    systime.wDay = newtime->tm_mday;
+    systime.wHour = newtime->tm_hour;
+    systime.wMinute = newtime->tm_min;
+    systime.wSecond = newtime->tm_sec;
+    systime.wMilliseconds = 0;
+    return SetSystemTime(&systime);
+}
+
+/************************************/
+/* gettimeofday():                  */
+/************************************/
+int
+gettimeofday(
+    struct timeval *tv,
+    struct timezone *tz
+    )
+{
+    struct _timeb tb;
+    _tzset();
+    _ftime(&tb);
+    if (tv) {
+	tv->tv_sec = tb.time;
+	tv->tv_usec = tb.millitm * 1000;
+    }
+    if (tz) {
+	tz->tz_minuteswest = tb.timezone;
+	tz->tz_dsttime = tb.dstflag;
+    }
+    return 0;
+}
+
+
+LONG
+get_time_server_name(
+    char *timeServerName,
+    const char *valueName
+    )
+{
+    HMODULE     hmLeash;
+    char        hostname[128];
+    char        value[80];
+    DWORD       dwType;
+    DWORD       dwCount;
+    int         check = 0;
+    HKEY    	hKey;
+    HKEY        rKey1;
+    HKEY        rKey2;
+    LONG        lResult;
+    BOOL 	bEnv;
+
+    memset(value, '\0', sizeof(value));
+    memset(hostname, '\0', sizeof(hostname));
+
+    GetEnvironmentVariable("TIMEHOST", hostname, sizeof(hostname));
+    bEnv = (GetLastError() == ERROR_ENVVAR_NOT_FOUND);
+
+    if (!(bEnv && hostname[0]))
+    {
+        // Check registry for TIMEHOST
+        rKey1 = HKEY_CURRENT_USER;
+        rKey2 = HKEY_LOCAL_MACHINE;
+
+        for (check = 0; check < 2; check++)
+        {
+            if (ERROR_SUCCESS == RegOpenKeyEx(check == 0 ? rKey1 : rKey2,
+                                              "Software\\MIT\\Leash32\\Settings",
+                                              0, KEY_QUERY_VALUE, &hKey))
+            {
+                memset(value, '\0', sizeof(value));
+                lResult = RegQueryValueEx(hKey, (LPTSTR)valueName, NULL,
+                                          &dwType, NULL, &dwCount);
+                if (lResult == ERROR_SUCCESS)
+                {
+                    lResult = RegQueryValueEx(hKey, (LPTSTR)valueName,
+                                              NULL, &dwType,
+                                              (LPTSTR)value, &dwCount);
+                    if (lResult == ERROR_SUCCESS && *value)
+                    {
+                        // found
+                        strcpy(hostname, value);
+                        break;
+                    }
+                }
+            }
+        }
+
+        if (!*hostname)
+        {
+            // Check resource string for TIMEHOST
+            if ((hmLeash = GetModuleHandle(LEASH_DLL)) != NULL)
+            {
+                if (!LoadString(hmLeash, LSH_TIME_HOST, hostname,
+                                sizeof(hostname)))
+                    memset(hostname, '\0', sizeof(hostname));
+            }
+        }
+        if (!*hostname)
+        {
+            // OK, _Default_ it will be! :)
+            strcpy(hostname, "time");
+        }
+    }
+    strcpy(timeServerName, hostname);
+    return 0;
+}
+
+/************************************/
+/* Leash_timesync():                */
+/************************************/
+LONG Leash_timesync(int MessageP)
+{
+    char                tmpstr[2048];
+    char                hostname[128];
+    int                 Port;
+    int                 rc;
+    struct servent      *sp;
+    WORD                wVersionRequested;
+    WSADATA             wsaData;
+    char                name[80];
+
+    if (pkrb5_init_context == NULL)
+        return(0);
+
+    wVersionRequested = 0x0101;
+    memset(name, '\0', sizeof(name));
+    memset(hostname, '\0', sizeof(hostname));
+    memset(tmpstr, '\0', sizeof(tmpstr));
+
+    if ((rc = WSAStartup(wVersionRequested, &wsaData)))
+    {
+        wsprintf(tmpstr, "Couldn't initialize WinSock to synchronize time\n\rError Number: %d", rc);
+        WSACleanup();
+        return(LSH_BADWINSOCK);
+    }
+
+    sp = getservbyname("time", "udp");
+    if (sp == 0)
+        Port = htons(IPPORT_TIMESERVER);
+    else
+        Port = sp->s_port;
+
+    get_time_server_name(hostname, TIMEHOST);
+
+    rc = ProcessTimeSync(hostname, Port, tmpstr);
+
+#ifdef USE_MESSAGE_BOX
+    if(MessageP != 0)
+    {
+        if (rc && !*tmpstr)
+        {
+            strcpy(tmpstr, "Unable to synchronize time!\n\n");
+            if (*hostname)
+            {
+                char                tmpstr1[2048];
+
+                memset(tmpstr1, '\0', sizeof(tmpstr1));
+                sprintf(tmpstr1, "Unreachable server: %s\n", hostname);
+                strcat(tmpstr, tmpstr1);
+            }
+        }
+
+	MessageBox(NULL, tmpstr, "Time Server",
+                   MB_ICONERROR | MB_OK);
+    }
+#endif /* USE_MESSAGE_BOX */
+    WSACleanup();
+    return(rc);
+}
+
+
+/************************************/
+/* ProcessTimeSync():               */
+/************************************/
+int ProcessTimeSync(char *hostname, int Port, char *tmpstr)
+{
+    char                buffer[512];
+    int                 cc;
+    long                *nettime;
+    int                 s;
+    long                hosttime;
+    struct hostent      *host;
+    struct              timeval tv;
+    struct              timezone tz;
+    u_long              argp;
+    struct sockaddr_in  sin;
+    int                 i;
+
+    if ((host = gethostbyname(hostname)) == NULL)
+        return(LSH_BADTIMESERV);
+
+    sin.sin_port = (short)Port;
+    sin.sin_family = host->h_addrtype;
+    memcpy((struct sockaddr *)&sin.sin_addr, host->h_addr, host->h_length);
+    if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+    {
+        return(LSH_NOSOCKET);
+    }
+
+    argp = 1;
+    if (ioctlsocket(s, FIONBIO, &argp) != 0)
+    {
+        closesocket(s);
+        return(LSH_NOCONNECT);
+    }
+
+    if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0)
+    {
+        closesocket(s);
+        return(LSH_NOCONNECT);
+    }
+    send(s, buffer, 40, 0);
+    if (gettimeofday (&tv, &tz) < 0)
+    {
+        closesocket(s);
+        return(LSH_GETTIMEOFDAY);
+    }
+
+    for (i = 0; i < 4; i++)
+    {
+        if ((cc = recv(s, buffer, 512, 0)) > 0)
+            break;
+        Sleep(500);
+    }
+    if (i == 4)
+    {
+        closesocket(s);
+        return(LSH_RECVTIME);
+    }
+
+    if (cc != 4)
+    {
+        closesocket(s);
+        return(LSH_RECVBYTES);
+    }
+
+    nettime = (long *)buffer;
+    hosttime = (long) ntohl (*nettime) - TM_OFFSET;
+    (&tv)->tv_sec = hosttime;
+    if (settimeofday(&tv, &tz) < 0)
+    {
+        closesocket(s);
+        return(LSH_SETTIMEOFDAY);
+    }
+
+    sprintf(tmpstr, "The time has been synchronized with the server:   %s\n\n", hostname);
+    strcat(tmpstr, "To be able to use the Kerberos server, it was necessary to \nset the system time to:  ") ;
+    strcat(tmpstr, ctime((time_t *)&hosttime));
+    strcat(tmpstr, "\n");
+    closesocket(s);
+    return(0);
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/ver.rc b/krb5-1.21.3/src/windows/leashdll/ver.rc
new file mode 100644
index 00000000..88bb7d94
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/ver.rc
@@ -0,0 +1,4 @@
+#define VER_FILEDESCRIPTION_STR 	"Leash Helper DLL"
+
+#include <kerberos.ver>
+#include <ver.inc>
diff --git a/krb5-1.21.3/src/windows/leashdll/winerr.c b/krb5-1.21.3/src/windows/leashdll/winerr.c
new file mode 100644
index 00000000..a10d4854
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/winerr.c
@@ -0,0 +1,78 @@
+/*  WINERR.C
+
+    Jason Hunter
+    8/2/94
+    DCNS/IS MIT
+
+
+  Contains the error functions for leash and kerberos.  Prints out keen windows
+  error messages in english.
+
+*/
+
+#include <stdio.h>
+
+// Private Include files
+#include "leashdll.h"
+#include <leashwin.h>
+
+// Global Variables.
+static long lsh_errno;
+static char *err_context;       /* error context */
+extern int (*Lcom_err)(LPSTR,long,LPSTR,...);
+extern LPSTR (*Lerror_message)(long);
+extern LPSTR (*Lerror_table_name)(long);
+
+#ifdef WIN16
+#define UNDERSCORE "_"
+#else
+#define UNDERSCORE
+#endif
+
+HWND GetRootParent (HWND Child)
+{
+    HWND Last;
+    while (Child)
+    {
+        Last = Child;
+        Child = GetParent (Child);
+    }
+    return Last;
+}
+
+
+LPSTR err_describe(LPSTR buf, long code)
+{
+    LPSTR cp, com_err_msg;
+    int offset;
+    long table_num;
+    char *etype;
+
+    offset = (int) (code & 255);
+    table_num = code - offset;
+    com_err_msg = Lerror_message(code);
+
+    lstrcpy(buf, com_err_msg);
+    return buf;
+
+
+////Is this needed at all after the return above?
+    cp = buf;
+    if(com_err_msg != buf)
+        lstrcpy(buf, com_err_msg);
+    cp = buf + lstrlen(buf);
+    *cp++ = '\n';
+    etype = Lerror_table_name(table_num);
+    wsprintf((LPSTR) cp, (LPSTR) "(%s error %d"
+#ifdef DEBUG_COM_ERR
+             " (absolute error %ld)"
+#endif
+             ")", etype, offset
+             //")\nPress F1 for help on this error.", etype, offset
+#ifdef DEBUG_COM_ERR
+             , code
+#endif
+        );
+
+    return (LPSTR)buf;
+}
diff --git a/krb5-1.21.3/src/windows/leashdll/winutil.c b/krb5-1.21.3/src/windows/leashdll/winutil.c
new file mode 100644
index 00000000..65609bcd
--- /dev/null
+++ b/krb5-1.21.3/src/windows/leashdll/winutil.c
@@ -0,0 +1,138 @@
+#include <windows.h>
+#include "leash-int.h"
+
+//#include <string.h>
+
+static ATOM sAtom = 0;
+static HINSTANCE shInstance = 0;
+
+/* Callback for the MITPasswordControl
+This is a replacement for the normal edit control.  It does not show the
+annoying password char in the edit box so that the number of chars in the
+password are not known.
+*/
+
+#define PASSWORDCHAR '#'
+#define DLGHT(ht) (HIWORD(GetDialogBaseUnits())*(ht)/8)
+#define DLGWD(wd) (LOWORD(GetDialogBaseUnits())*(wd)/4)
+
+static
+LRESULT
+CALLBACK
+MITPasswordEditProc(
+    HWND hWnd,
+    UINT message,
+    WPARAM wParam,
+    LPARAM lParam
+    )
+{
+    static SIZE pwdcharsz;
+    BOOL pass_the_buck = FALSE;
+
+    if (message > WM_USER && message < 0x7FFF)
+        pass_the_buck = TRUE;
+
+    switch(message)
+    {
+    case WM_GETTEXT:
+    case WM_GETTEXTLENGTH:
+    case WM_SETTEXT:
+        pass_the_buck = TRUE;
+        break;
+    case WM_PAINT:
+    {
+        HDC hdc;
+        PAINTSTRUCT ps;
+        RECT r;
+
+        hdc = BeginPaint(hWnd, &ps);
+        GetClientRect(hWnd, &r);
+        Rectangle(hdc, 0, 0, r.right, r.bottom);
+        EndPaint(hWnd, &ps);
+    }
+    break;
+    case WM_SIZE:
+    {
+        MoveWindow(GetDlgItem(hWnd, 1), DLGWD(2), DLGHT(2),
+		   pwdcharsz.cx / 2, pwdcharsz.cy, TRUE);
+    }
+    break;
+    case WM_LBUTTONDOWN:
+    case WM_SETFOCUS:
+    {
+        SetFocus(GetDlgItem(hWnd, 1));
+    }
+    break;
+    case WM_CREATE:
+    {
+        HWND heditchild;
+        char pwdchar = PASSWORDCHAR;
+        HDC hdc;
+        /* Create a child window of this control for default processing. */
+        hdc = GetDC(hWnd);
+        GetTextExtentPoint32(hdc, &pwdchar, 1, &pwdcharsz);
+        ReleaseDC(hWnd, hdc);
+
+        heditchild =
+            CreateWindow("edit", "", WS_CHILD | WS_VISIBLE | ES_AUTOHSCROLL |
+                         ES_LEFT | ES_PASSWORD | WS_TABSTOP,
+                         0, 0, 0, 0,
+                         hWnd,
+                         (HMENU)1,
+                         ((LPCREATESTRUCT)lParam)->hInstance,
+                         NULL);
+        SendMessage(heditchild, EM_SETPASSWORDCHAR, PASSWORDCHAR, 0L);
+    }
+    break;
+    }
+
+    if (pass_the_buck)
+        return SendMessage(GetDlgItem(hWnd, 1), message, wParam, lParam);
+    return DefWindowProc(hWnd, message, wParam, lParam);
+}
+
+BOOL
+Register_MITPasswordEditControl(
+    HINSTANCE hInst
+    )
+{
+    if (!sAtom) {
+        WNDCLASS wndclass;
+
+        memset(&wndclass, 0, sizeof(WNDCLASS));
+
+        shInstance = hInst;
+
+        wndclass.style = CS_HREDRAW | CS_VREDRAW;
+        wndclass.lpfnWndProc = (WNDPROC)MITPasswordEditProc;
+        wndclass.cbClsExtra = sizeof(HWND);
+        wndclass.cbWndExtra = 0;
+        wndclass.hInstance = shInstance;
+        wndclass.hbrBackground = (void *)(COLOR_WINDOW + 1);
+        wndclass.lpszClassName = MIT_PWD_DLL_CLASS;
+        wndclass.hCursor = LoadCursor((HINSTANCE)NULL, IDC_IBEAM);
+
+        sAtom = RegisterClass(&wndclass);
+    }
+    return sAtom ? TRUE : FALSE;
+}
+
+BOOL
+Unregister_MITPasswordEditControl(
+    HINSTANCE hInst
+    )
+{
+    BOOL result = TRUE;
+
+    if ((hInst != shInstance) || !sAtom) {
+        SetLastError(ERROR_INVALID_PARAMETER);
+        return FALSE;
+    }
+
+    result = UnregisterClass(MIT_PWD_DLL_CLASS, hInst);
+    if (result) {
+        sAtom = 0;
+        shInstance = 0;
+    }
+    return result;
+}
diff --git a/krb5-1.21.3/src/windows/lib/Makefile.in b/krb5-1.21.3/src/windows/lib/Makefile.in
new file mode 100644
index 00000000..50044e25
--- /dev/null
+++ b/krb5-1.21.3/src/windows/lib/Makefile.in
@@ -0,0 +1,21 @@
+BUILDTOP = ..\..
+
+LOCALINCLUDES = -I$(BUILDTOP)\windows\include
+
+lib-windows: $(OUTPRE)libwin.lib
+
+SRCS=	loadfuncs.c
+
+
+OBJS=	$(OUTPRE)loadfuncs.obj
+
+
+$(OUTPRE)libwin.lib: $(OBJS)
+       lib /nologo /out:$*.lib $(OBJS)
+
+all-windows: lib-windows
+
+clean-windows::
+	$(RM) $(OUTPRE)*.exp $(OUTPRE)*.map $(OUTPRE)libwin.lib $(OUTPRE)*.obj
+
+install-windows:
diff --git a/krb5-1.21.3/src/windows/lib/cacheapi.h b/krb5-1.21.3/src/windows/lib/cacheapi.h
new file mode 100644
index 00000000..9aab4a09
--- /dev/null
+++ b/krb5-1.21.3/src/windows/lib/cacheapi.h
@@ -0,0 +1,392 @@
+/* windows/lib/cacheapi.h */
+/*
+ * Copyright 1997 by the Regents of the University of Michigan
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Regents of the University of Michigan (UM) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Permission to use, copy, modify and distribute this software and its
+ * documentation for any purpose and without fee or royalty is hereby
+ * granted, provided that you agree to comply with the following copyright
+ * notice and statements, including the disclaimer, and that the same
+ * appear on ALL copies of the software and documentation, including
+ * modifications that you make for internal use or for distribution:
+ *
+ * Copyright 1997 by the Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND UM MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, UM MAKES NO REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY
+ * OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE LICENSED
+ * SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS,
+ * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the University of Michigan or UM may NOT be used in
+ * advertising or publicity pertaining to distribution of the software.
+ * Title to copyright in this software and any associated documentation
+ * shall at all times remain with UM, and USER agrees to preserve same.
+ *
+ * The University of Michigan
+ * c/o Steve Rothwell <sgr@umich.edu>
+ * 535 W. William Street
+ * Ann Arbor, Michigan 48013-4943
+ * U.S.A.
+ */
+
+/*
+**  CacheAPI.h
+**
+**      The externally visible functions and data structures
+**      for the Kerberos Common Cache DLL
+**      This should be the ONLY externally visible file.
+**      This is ALL anyone should need to call the API.
+**
+**
+*/
+
+#ifndef Krb_CCacheAPI_h_
+#define Krb_CCacheAPI_h_
+
+#include <windows.h>
+
+//typedef int cc_int32;
+#define cc_int32  long
+#define cc_uint32 unsigned long
+
+typedef cc_int32  cc_time_t;
+
+#define CC_API_VER_1	1
+#define CC_API_VER_2	2
+
+//enum {
+//	CC_API_VER_1 = 1,
+//	CC_API_VER_2 = 2
+//};
+
+#define CCACHE_API __declspec(dllexport) cc_int32
+
+/*
+** The Official Error Codes
+*/
+#define CC_NOERROR           0
+#define CC_BADNAME           1
+#define CC_NOTFOUND          2
+#define CC_END               3
+#define CC_IO                4
+#define CC_WRITE             5
+#define CC_NOMEM             6
+#define CC_FORMAT            7
+#define CC_LOCKED            8
+#define CC_BAD_API_VERSION   9
+#define CC_NO_EXIST          10
+#define CC_NOT_SUPP          11
+#define CC_BAD_PARM          12
+#define CC_ERR_CACHE_ATTACH  13
+#define CC_ERR_CACHE_RELEASE 14
+#define CC_ERR_CACHE_FULL    15
+#define CC_ERR_CRED_VERSION  16
+
+/*
+** types, structs, & constants
+*/
+// Flag bits promised by Ted "RSN"
+#define CC_FLAGS_RESERVED 0xFFFFFFFF
+
+typedef cc_uint32 cc_nc_flags;       // set via constants above
+
+typedef struct opaque_dll_control_block_type* apiCB;
+typedef struct opaque_ccache_pointer_type* ccache_p;
+typedef struct opaque_credential_iterator_type* ccache_cit;
+
+typedef struct _cc_data
+{
+    cc_uint32       type;		// should be one of _cc_data_type
+    cc_uint32       length;
+    unsigned char*  data;		// the proverbial bag-o-bits
+} cc_data;
+
+// V5 Credentials
+typedef struct _cc_creds {
+    char*           client;
+    char*           server;
+    cc_data         keyblock;
+    cc_time_t       authtime;
+    cc_time_t       starttime;
+    cc_time_t       endtime;
+    cc_time_t       renew_till;
+    cc_uint32       is_skey;
+    cc_uint32       ticket_flags;
+    cc_data **  addresses;
+    cc_data         ticket;
+    cc_data         second_ticket;
+    cc_data **  authdata;
+} cc_creds;
+
+
+typedef union cred_ptr_union_type {
+    cc_creds*    pV5Cred;
+} cred_ptr_union;
+
+typedef struct cred_union_type {
+    cc_int32        cred_type;
+    cred_ptr_union  cred;
+} cred_union;
+
+typedef struct _infoNC {
+    char*     name;
+    char*     principal;
+    cc_int32  vers;
+} infoNC;
+
+/*
+** The official (externally visible) API
+*/
+
+#ifdef __cplusplus
+extern "C" /* this entire list of functions */
+{
+#endif /* __cplusplus */
+
+/*
+** Main cache routines : initialize, shutdown, get_cache_names, & get_change_time
+*/
+CCACHE_API
+cc_initialize(
+    apiCB** cc_ctx,           // <  DLL's primary control structure.
+                              //    returned here, passed everywhere else
+    cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
+    cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
+    const char** vendor       // <  if ~NULL, vendor name in read only C string
+    );
+
+CCACHE_API
+cc_shutdown(
+    apiCB** cc_ctx            // <> DLL's primary control structure. NULL after call.
+    );
+
+CCACHE_API
+cc_get_change_time(
+    apiCB* cc_ctx,       // >  DLL's primary control structure
+    cc_time_t* time      // <  time of last change to main cache
+    );
+
+/*
+** Named Cache (NC) routines
+**   create, open, close, destroy, get_principal, get_cred_version, &
+**   lock_request
+**
+** Multiple NCs are allowed within the main cache.  Each has a Name and
+** kerberos version # (V5).  Caller gets "ccache_ptr"s for NCs.
+*/
+CCACHE_API
+cc_create(
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    const char* name,       // >  name of cache to be [destroyed if exists, then] created
+    const char* principal,
+    cc_int32 vers,          // >  ticket version (CC_CRED_V5)
+    cc_uint32 cc_flags,     // >  options
+    ccache_p** ccache_ptr   // <  NC control structure
+    );
+
+CCACHE_API
+cc_open(
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    const char* name,       // >  name of pre-created cache
+    cc_int32 vers,          // >  ticket version (CC_CRED_V5)
+    cc_uint32 cc_flags,     // >  options
+    ccache_p** ccache_ptr   // <  NC control structure
+    );
+
+CCACHE_API
+cc_close(
+    apiCB* cc_ctx,         // >  DLL's primary control structure
+    ccache_p** ccache_ptr  // <> NC control structure. NULL after call.
+    );
+
+CCACHE_API
+cc_destroy(
+    apiCB* cc_ctx,         // >  DLL's primary control structure
+    ccache_p** ccache_ptr  // <> NC control structure. NULL after call.
+    );
+
+/*
+** Ways to get information about the NCs
+*/
+
+CCACHE_API
+cc_seq_fetch_NCs_begin(
+    apiCB* cc_ctx,
+    ccache_cit** itNCs
+    );
+
+CCACHE_API
+cc_seq_fetch_NCs_end(
+    apiCB* cc_ctx,
+    ccache_cit** itNCs
+    );
+
+CCACHE_API
+cc_seq_fetch_NCs_next(
+    apiCB* cc_ctx,
+    ccache_p** ccache_ptr,
+    ccache_cit* itNCs
+    );
+
+CCACHE_API
+cc_seq_fetch_NCs(
+    apiCB* cc_ctx,         // >  DLL's primary control structure
+    ccache_p** ccache_ptr, // <  NC control structure (free via cc_close())
+    ccache_cit** itNCs     // <> iterator used by DLL,
+                           //    set to NULL before first call
+                           //    returned NULL at CC_END
+    );
+
+CCACHE_API
+cc_get_NC_info(
+    apiCB* cc_ctx,          // >  DLL's primary control structure
+    struct _infoNC*** ppNCi // <  (NULL before call) null terminated,
+                            //    list of a structs (free via cc_free_infoNC())
+    );
+
+CCACHE_API
+cc_free_NC_info(
+    apiCB* cc_ctx,
+    struct _infoNC*** ppNCi // <  free list of structs returned by
+                            //    cc_get_cache_names().  set to NULL on return
+    );
+
+/*
+** Functions that provide distinguishing characteristics of NCs.
+*/
+
+CCACHE_API
+cc_get_name(
+    apiCB* cc_ctx,              // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    char** name                 // < name of NC associated with ccache_ptr
+                                //   (free via cc_free_name())
+    );
+
+CCACHE_API
+cc_set_principal(
+    apiCB* cc_ctx,                  // > DLL's primary control structure
+    const ccache_p* ccache_pointer, // > NC control structure
+    const cc_int32 vers,
+    const char* principal           // > name of principal associated with NC
+                                    //   Free via cc_free_principal()
+    );
+
+CCACHE_API
+cc_get_principal(
+    apiCB* cc_ctx,                  // > DLL's primary control structure
+    const ccache_p* ccache_pointer, // > NC control structure
+    char** principal                // < name of principal associated with NC
+                                    //   Free via cc_free_principal()
+    );
+
+CCACHE_API
+cc_get_cred_version(
+    apiCB* cc_ctx,              // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    cc_int32* vers              // < ticket version associated with NC
+    );
+
+#define CC_LOCK_UNLOCK   1
+#define CC_LOCK_READER   2
+#define CC_LOCK_WRITER   3
+#define CC_LOCK_NOBLOCK 16
+
+CCACHE_API
+cc_lock_request(
+    apiCB* cc_ctx,     	        // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    const cc_int32 lock_type    // > one (or combination) of above defined
+                                //   lock types
+    );
+
+/*
+** Credentials routines (work within an NC)
+** store, remove_cred, seq_fetch_creds
+*/
+CCACHE_API
+cc_store(
+    apiCB* cc_ctx,               // > DLL's primary control structure
+    ccache_p* ccache_ptr,        // > NC control structure
+    const cred_union creds       // > credentials to be copied into NC
+    );
+
+CCACHE_API
+cc_remove_cred(
+    apiCB* cc_ctx,            // > DLL's primary control structure
+    ccache_p* ccache_ptr,     // > NC control structure
+    const cred_union cred     // > credentials to remove from NC
+    );
+
+CCACHE_API
+cc_seq_fetch_creds(
+    apiCB* cc_ctx,              // > DLL's primary control structure
+    const ccache_p* ccache_ptr, // > NC control structure
+    cred_union** creds,         // < filled in by DLL, free via cc_free_creds()
+    ccache_cit** itCreds        // <> iterator used by DLL, set to NULL
+                                //    before first call -- Also NULL for final
+                                //    call if loop ends before CC_END
+    );
+
+CCACHE_API
+cc_seq_fetch_creds_begin(
+    apiCB* cc_ctx,
+    const ccache_p* ccache_ptr,
+    ccache_cit** itCreds
+    );
+
+CCACHE_API
+cc_seq_fetch_creds_end(
+    apiCB* cc_ctx,
+    ccache_cit** itCreds
+    );
+
+CCACHE_API
+cc_seq_fetch_creds_next(
+    apiCB* cc_ctx,
+    cred_union** cred,
+    ccache_cit* itCreds
+    );
+
+/*
+** methods of liberation,
+** or freeing space via the free that goes with the malloc used to get it
+** It's important to use the free carried in the DLL, not the one supplied
+** by your compiler vendor.
+**
+** freeing a NULL pointer is not treated as an error
+*/
+CCACHE_API
+cc_free_principal(
+    apiCB* cc_ctx,   // >  DLL's primary control structure
+    char** principal // <> ptr to principal to be freed, returned as NULL
+                     //    (from cc_get_principal())
+    );
+
+CCACHE_API
+cc_free_name(
+    apiCB* cc_ctx,   // >  DLL's primary control structure
+    char** name      // <> ptr to name to be freed, returned as NULL
+                     //    (from cc_get_name())
+    );
+
+CCACHE_API
+cc_free_creds(
+    apiCB* cc_ctx,     // > DLL's primary control structure
+    cred_union** pCred // <> cred (from cc_seq_fetch_creds()) to be freed
+                       //    Returned as NULL.
+    );
+
+#ifdef __cplusplus
+} /* end extern "C" */
+#endif /* __cplusplus */
+
+#endif /* Krb_CCacheAPI_h_ */
diff --git a/krb5-1.21.3/src/windows/lib/loadfuncs.c b/krb5-1.21.3/src/windows/lib/loadfuncs.c
new file mode 100644
index 00000000..a577d3b7
--- /dev/null
+++ b/krb5-1.21.3/src/windows/lib/loadfuncs.c
@@ -0,0 +1,88 @@
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include "loadfuncs.h"
+
+//
+// UnloadFuncs:
+//
+// This function will reset all the function pointers of a function loaded
+// by LaodFuncs and will free the DLL instance provided.
+//
+
+void
+UnloadFuncs(
+    FUNC_INFO fi[],
+    HINSTANCE h
+    )
+{
+    int n;
+    if (fi)
+        for (n = 0; fi[n].func_ptr_var; n++)
+            *(fi[n].func_ptr_var) = NULL;
+    if (h) FreeLibrary(h);
+}
+
+
+//
+// LoadFuncs:
+//
+// This function try to load the functions for a DLL.  It returns 0 on failure
+// and non-zero on success.  The parameters are described below.
+//
+
+int
+LoadFuncs(
+    const char* dll_name,
+    FUNC_INFO fi[],
+    HINSTANCE* ph,  // [out, optional] - DLL handle
+    int* pindex,    // [out, optional] - index of last func loaded (-1 if none)
+    int cleanup,    // cleanup function pointers and unload on error
+    int go_on,      // continue loading even if some functions cannot be loaded
+    int silent      // do not pop-up a system dialog if DLL cannot be loaded
+
+    )
+{
+    HINSTANCE h;
+    int i, n, last_i;
+    int error = 0;
+    UINT em;
+
+    if (ph) *ph = 0;
+    if (pindex) *pindex = -1;
+
+    for (n = 0; fi[n].func_ptr_var; n++)
+	*(fi[n].func_ptr_var) = NULL;
+
+    if (silent)
+	em = SetErrorMode(SEM_FAILCRITICALERRORS);
+    h = LoadLibrary(dll_name);
+    if (silent)
+        SetErrorMode(em);
+
+    if (!h)
+        return 0;
+
+    last_i = -1;
+    for (i = 0; (go_on || !error) && (i < n); i++)
+    {
+	void* p = (void*)GetProcAddress(h, fi[i].func_name);
+	if (!p)
+	    error = 1;
+        else
+        {
+            last_i = i;
+	    *(fi[i].func_ptr_var) = p;
+        }
+    }
+    if (pindex) *pindex = last_i;
+    if (error && cleanup && !go_on) {
+	for (i = 0; i < n; i++) {
+	    *(fi[i].func_ptr_var) = NULL;
+	}
+	FreeLibrary(h);
+	return 0;
+    }
+    if (ph) *ph = h;
+    if (error) return 0;
+    return 1;
+}
diff --git a/krb5-1.21.3/src/windows/ms2mit/Makefile.in b/krb5-1.21.3/src/windows/ms2mit/Makefile.in
new file mode 100644
index 00000000..6674cd61
--- /dev/null
+++ b/krb5-1.21.3/src/windows/ms2mit/Makefile.in
@@ -0,0 +1,39 @@
+# Makefile for the Microsoft to MIT cache converter.
+# Works for k5 release only.
+#
+
+mydir=.
+BUILDTOP=$(REL)..$(S)..
+DEFINES = 
+PROG_LIBPATH=-L$(TOPLIBD) -L$(KRB5_LIBDIR)
+
+VERSIONRC = $(BUILDTOP)\windows\version.rc
+RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
+
+MS2MIT=$(OUTPRE)ms2mit.exe
+MIT2MS=$(OUTPRE)mit2ms.exe
+
+MS2MITRES=$(MS2MIT:.exe=.res)
+MIT2MSRES=$(MIT2MS:.exe=.res)
+
+$(MS2MITRES): $(VERSIONRC)
+        $(RC) $(RCFLAGS) -DMS2MIT_APP -fo $@ -r $**
+$(MIT2MSRES): $(VERSIONRC)
+        $(RC) $(RCFLAGS) -DMIT2MS_APP -fo $@ -r $**
+
+all-windows: $(MS2MIT) $(MIT2MS)
+
+$(MS2MIT): $(OUTPRE)ms2mit.obj $(MS2MITRES)
+    link $(EXE_LINKOPTS) -out:$@ $(OUTPRE)ms2mit.obj $(SLIB) user32.lib advapi32.lib $(KLIB) $(CLIB) $(MS2MITRES)
+    $(_VC_MANIFEST_EMBED_EXE)
+
+$(MIT2MS): $(OUTPRE)mit2ms.obj $(MIT2MSRES)
+    link $(EXE_LINKOPTS) -out:$@ $(OUTPRE)mit2ms.obj $(SLIB) user32.lib advapi32.lib $(KLIB) $(CLIB) $(MIT2MSRES)
+    $(_VC_MANIFEST_EMBED_EXE)
+
+install:
+	copy $(OUTPRE)ms2mit.exe $(DESTDIR)
+	copy $(OUTPRE)mit2ms.exe $(DESTDIR)
+
+clean:
+	$(RM) $(OUTPRE)*.exe
diff --git a/krb5-1.21.3/src/windows/ms2mit/mit2ms.c b/krb5-1.21.3/src/windows/ms2mit/mit2ms.c
new file mode 100644
index 00000000..24153cec
--- /dev/null
+++ b/krb5-1.21.3/src/windows/ms2mit/mit2ms.c
@@ -0,0 +1,143 @@
+/* windows/ms2mit/mit2ms.c */
+/*
+ * Copyright (C) 2003,2004 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "krb5.h"
+#include <stdio.h>
+#include <string.h>
+#include "k5-platform.h"
+
+static char *prog;
+
+static void
+xusage(void)
+{
+    fprintf(stderr, "xusage: %s [-c ccache]\n", prog);
+    exit(1);
+}
+
+void
+main(
+    int argc,
+    char *argv[]
+    )
+{
+    krb5_context kcontext;
+    krb5_error_code code;
+    krb5_ccache ccache=NULL;
+    krb5_ccache mslsa_ccache=NULL;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_principal princ;
+    int initial_ticket = 0;
+    int option;
+    char * ccachestr = 0;
+
+    prog = strrchr(argv[0], '/');
+    prog = prog ? (prog + 1) : argv[0];
+
+    while ((option = getopt(argc, argv, "c:h")) != -1) {
+        switch (option) {
+        case 'c':
+            ccachestr = optarg;
+            break;
+        case 'h':
+        default:
+            xusage();
+            break;
+        }
+    }
+
+    if (code = krb5_init_context(&kcontext)) {
+        com_err(argv[0], code, "while initializing kerberos library");
+        exit(1);
+    }
+
+    if (ccachestr)
+        code = krb5_cc_resolve(kcontext, ccachestr, &ccache);
+    else
+        code = krb5_cc_default(kcontext, &ccache);
+    if (code) {
+        com_err(argv[0], code, "while getting default ccache");
+        krb5_free_principal(kcontext, princ);
+        krb5_free_context(kcontext);
+        exit(1);
+    }
+
+    /* Enumerate tickets from cache looking for an initial ticket */
+    if ((code = krb5_cc_start_seq_get(kcontext, ccache, &cursor))) {
+        com_err(argv[0], code, "while initiating the cred sequence of MS LSA ccache");
+        krb5_cc_close(kcontext, ccache);
+        krb5_free_context(kcontext);
+        exit(1);
+    }
+
+    while (!(code = krb5_cc_next_cred(kcontext, ccache, &cursor, &creds)))
+    {
+        if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
+            krb5_free_cred_contents(kcontext, &creds);
+            initial_ticket = 1;
+            break;
+        }
+        krb5_free_cred_contents(kcontext, &creds);
+    }
+    krb5_cc_end_seq_get(kcontext, ccache, &cursor);
+
+    if ( !initial_ticket ) {
+        fprintf(stderr, "%s: Initial Ticket Getting Tickets are not available from the MIT default cache\n",
+                argv[0]);
+        krb5_cc_close(kcontext, ccache);
+        krb5_free_context(kcontext);
+        exit(1);
+    }
+
+    if (code = krb5_cc_get_principal(kcontext, ccache, &princ)) {
+        com_err(argv[0], code, "while obtaining default MIT principal");
+        krb5_cc_close(kcontext, ccache);
+        krb5_free_context(kcontext);
+        exit(1);
+    }
+
+    if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) {
+        com_err(argv[0], code, "while opening MS LSA ccache");
+        krb5_cc_close(kcontext, ccache);
+        krb5_free_context(kcontext);
+        exit(1);
+    }
+
+    if (code = krb5_cc_copy_creds(kcontext, ccache, mslsa_ccache)) {
+        com_err (argv[0], code, "while copying default MIT ccache to MSLSA ccache");
+        krb5_free_principal(kcontext, princ);
+        krb5_cc_close(kcontext, ccache);
+        krb5_cc_close(kcontext, mslsa_ccache);
+        krb5_free_context(kcontext);
+        exit(1);
+    }
+
+    krb5_free_principal(kcontext, princ);
+    krb5_cc_close(kcontext, ccache);
+    krb5_cc_close(kcontext, mslsa_ccache);
+    krb5_free_context(kcontext);
+    return(0);
+}
diff --git a/krb5-1.21.3/src/windows/ms2mit/ms2mit.c b/krb5-1.21.3/src/windows/ms2mit/ms2mit.c
new file mode 100644
index 00000000..2b4373cc
--- /dev/null
+++ b/krb5-1.21.3/src/windows/ms2mit/ms2mit.c
@@ -0,0 +1,201 @@
+/* windows/ms2mit/ms2mit.c */
+/*
+ * Copyright (C) 2003 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "krb5.h"
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+static char *prog;
+
+static void
+xusage(void)
+{
+    fprintf(stderr, "xusage: %s [-c ccache]\n", prog);
+    exit(1);
+}
+
+/* Return true if princ is a local (not cross-realm) krbtgt principal. */
+krb5_boolean
+is_local_tgt(krb5_principal princ)
+{
+    return princ->length == 2 &&
+        data_eq_string(princ->data[0], KRB5_TGS_NAME) &&
+        data_eq(princ->realm, princ->data[1]);
+}
+
+/*
+ * Check if a ccache has any tickets.
+ */
+static krb5_error_code
+cc_has_tickets(krb5_context kcontext, krb5_ccache ccache, int *has_tickets)
+{
+    krb5_error_code code;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_timestamp now = time(0);
+
+    *has_tickets = 0;
+
+    code = krb5_cc_set_flags(kcontext, ccache, KRB5_TC_NOTICKET);
+    if (code)
+        return code;
+
+    code = krb5_cc_start_seq_get(kcontext, ccache, &cursor);
+    if (code)
+        return code;
+
+    while (!*has_tickets) {
+        code = krb5_cc_next_cred(kcontext, ccache, &cursor, &creds);
+        if (code)
+            break;
+
+        if (!krb5_is_config_principal(kcontext, creds.server) &&
+            ts_after(creds.times.endtime, now))
+            *has_tickets = 1;
+
+        krb5_free_cred_contents(kcontext, &creds);
+    }
+    krb5_cc_end_seq_get(kcontext, ccache, &cursor);
+
+    return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+    krb5_context kcontext = NULL;
+    krb5_error_code code;
+    krb5_ccache ccache=NULL;
+    krb5_ccache mslsa_ccache=NULL;
+    krb5_cc_cursor cursor;
+    krb5_creds creds;
+    krb5_principal princ = NULL;
+    int found_tgt = 0;
+    int has_tickets;
+    int option;
+    char * ccachestr = 0;
+
+    prog = strrchr(argv[0], '/');
+    prog = prog ? (prog + 1) : argv[0];
+
+    while ((option = getopt(argc, argv, "c:h")) != -1) {
+        switch (option) {
+        case 'c':
+            ccachestr = optarg;
+            break;
+        case 'h':
+        default:
+            xusage();
+            break;
+        }
+    }
+
+    if (code = krb5_init_context(&kcontext)) {
+        com_err(argv[0], code, "while initializing kerberos library");
+        goto cleanup;
+    }
+
+    if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) {
+        com_err(argv[0], code, "while opening MS LSA ccache");
+        goto cleanup;
+    }
+
+    /* Enumerate tickets from cache looking for a TGT */
+    if ((code = krb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) {
+        com_err(argv[0], code, "while initiating the cred sequence of MS LSA ccache");
+        goto cleanup;
+    }
+
+    while (!found_tgt) {
+        code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds);
+        if (code)
+            break;
+
+        /* Check if the ticket is a TGT */
+        if (is_local_tgt(creds.server))
+            found_tgt = 1;
+
+        krb5_free_cred_contents(kcontext, &creds);
+    }
+    krb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor);
+
+    if (!found_tgt) {
+        fprintf(stderr, "%s: Initial Ticket Getting Tickets are not available from the MS LSA\n",
+                argv[0]);
+        /* Only set the LSA cache as the default if it actually has tickets. */
+        code = cc_has_tickets(kcontext, mslsa_ccache, &has_tickets);
+        if (code)
+            goto cleanup;
+
+        if (has_tickets)
+            code = krb5int_cc_user_set_default_name(kcontext, "MSLSA:");
+
+        goto cleanup;
+    }
+
+    if (code = krb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) {
+        com_err(argv[0], code, "while obtaining MS LSA principal");
+        goto cleanup;
+    }
+
+    if (ccachestr)
+        code = krb5_cc_resolve(kcontext, ccachestr, &ccache);
+    else
+        code = krb5_cc_resolve(kcontext, "API:", &ccache);
+    if (code) {
+        com_err(argv[0], code, "while getting default ccache");
+        goto cleanup;
+    }
+    if (code = krb5_cc_initialize(kcontext, ccache, princ)) {
+        com_err (argv[0], code, "when initializing ccache");
+        goto cleanup;
+    }
+
+    if (code = krb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) {
+        com_err (argv[0], code, "while copying MS LSA ccache to default ccache");
+        goto cleanup;
+    }
+
+    /* Don't try and set the default cache if the cache name was specified. */
+    if (ccachestr == NULL) {
+        /* On success set the default cache to API. */
+        code = krb5int_cc_user_set_default_name(kcontext, "API:");
+        if (code) {
+            com_err(argv[0], code, "when setting default to API");
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    krb5_free_principal(kcontext, princ);
+    if (ccache != NULL)
+        krb5_cc_close(kcontext, ccache);
+    if (mslsa_ccache != NULL)
+        krb5_cc_close(kcontext, mslsa_ccache);
+    krb5_free_context(kcontext);
+    return code ? 1 : 0;
+}
diff --git a/krb5-1.21.3/src/windows/version.rc b/krb5-1.21.3/src/windows/version.rc
new file mode 100644
index 00000000..53294e77
--- /dev/null
+++ b/krb5-1.21.3/src/windows/version.rc
@@ -0,0 +1,318 @@
+#include <windows.h>
+#include <winver.h>
+#include "kerberos.ver"
+#include "winlevel.h"
+
+/*
+ * BEGIN COMMON VERSION INFO for GSS and Kerberos version resources
+ */
+
+#define XSTR(x) #x
+#define STR(x) XSTR(x)
+
+#define MAJOR_MINOR STR(KRB5_MAJOR_RELEASE) "." STR(KRB5_MINOR_RELEASE)
+
+#if KRB5_PATCHLEVEL != 0
+#define MAYBE_PATCH "." STR(KRB5_PATCHLEVEL)
+#else
+#define MAYBE_PATCH ""
+#endif
+
+#ifdef KRB5_RELTAIL
+#define RELTAIL "-" KRB5_RELTAIL
+#else
+#define RELTAIL ""
+#endif
+
+#ifdef BETA
+#define BETA_FLAG VS_FF_PRERELEASE
+#else
+#define BETA_FLAG 0
+#endif
+
+#if !defined(_WIN32)
+#define Targ_OS VOS__WINDOWS16
+#else
+#define Targ_OS VOS__WINDOWS32
+#endif
+
+/* we're going to stamp all the DLLs with the same version number */
+
+#define K5_PRODUCT_VERSION_STRING MAJOR_MINOR MAYBE_PATCH RELTAIL "\0"
+#define K5_PRODUCT_VERSION        KRB5_MAJOR_RELEASE, KRB5_MINOR_RELEASE, KRB5_PATCHLEVEL, KRB5_BUILDLEVEL
+
+#define K5_COPYRIGHT "Copyright (C) 1997-2024 by the Massachusetts Institute of Technology\0"
+#define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0"
+
+/* 
+ * END COMMON VERSION INFO
+ */
+
+
+/*
+ * BEGIN SPECIFIC VERSION INFO for GSS and Kerberos version resources
+ */
+
+#ifdef SUPPORT_LIB
+#define K5_DESCRIPTION "Kerberos v5 support - internal support code for " KRB5_PRODUCTNAME_STR
+#define K5_INTERNAL_NAME "krb5support\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "k5sprt64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "k5sprt32.dll\0"
+#endif
+#endif /* support */
+
+#ifdef CE_LIB
+#define K5_DESCRIPTION "COM_ERR - Common Error Handler for " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "comerr\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "comerr64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "comerr32.dll\0"
+#endif
+#endif /* comerr */
+
+#ifdef PROF_LIB
+#define K5_DESCRIPTION "PROFILE - Profile Library " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "profile\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "xpprof64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "xpprof32.dll\0"
+#endif
+#endif /* profile */
+
+#ifdef KRB5_LIB
+#define K5_DESCRIPTION "Kerberos v5 - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "krb5\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "krb5_64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "krb5_32.dll\0"
+#endif
+#endif /* KRB5 */
+
+#ifdef GSSAPI_LIB
+#define K5_DESCRIPTION "GSSAPI - GSS API implementation for Kerberos 5 mechanism\0"
+#define K5_INTERNAL_NAME "gssapi\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "gssapi64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "gssapi32.dll\0"
+#endif
+#endif /* GSSAPI */
+
+#ifdef CCAPI_LIB
+#define K5_DESCRIPTION "Kerberos Credentials Cache DLL\0"
+#define K5_INTERNAL_NAME "krbcc\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "krbcc64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "krbcc32.dll\0"
+#endif
+#endif /* CCAPI_LIB */
+
+#ifdef CCAPISERVER_APP
+#define K5_DESCRIPTION "Kerberos Credentials Cache API Server\0"
+#define K5_FILETYPE	VFT_APP
+#define K5_INTERNAL_NAME "CCAPISERVER\0"
+#define K5_ORIGINAL_NAME "ccapiserver.exe\0"
+#endif /* CCAPISERVER_APP */
+
+#ifdef LEASH_APP
+#define K5_DESCRIPTION "MIT Kerberos Ticket Manager - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_FILETYPE	VFT_APP
+#define K5_INTERNAL_NAME "LEASH\0"
+#define K5_ORIGINAL_NAME "MIT Kerberos.exe\0"
+#endif
+
+#ifdef LEASHDLL_LIB
+#define K5_DESCRIPTION "Leash Helper API - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "leashw\0"
+#define K5_FILETYPE	VFT_DLL
+#if defined(_WIN64)
+#define K5_ORIGINAL_NAME "leashw64.dll\0"
+#else
+#define K5_ORIGINAL_NAME "leashw32.dll\0"
+#endif
+#endif /* LEASHDLL_LIB */
+
+#ifdef KRB5_APP
+#define K5_DESCRIPTION "KRB5 Ticket Manager - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_FILETYPE	VFT_APP
+#define K5_INTERNAL_NAME "KRB5\0"
+#define K5_ORIGINAL_NAME "krb5.exe\0"
+#endif /* KRB5_APP */
+
+#ifdef GSS_APP
+#define K5_DESCRIPTION "GSS - GSS Sample Application for " KRB5_PRODUCTNAME_STR "\0"
+#define K5_FILETYPE	VFT_APP
+#define K5_INTERNAL_NAME "GSS\0"
+#define K5_ORIGINAL_NAME "gss.exe\0"
+#endif
+
+#ifdef MS2MIT_APP
+#define K5_DESCRIPTION "Microsoft LSA to MIT Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "ms2mit\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "ms2mit.exe\0"
+#endif /* MS2MIT_APP */
+
+#ifdef MIT2MS_APP
+#define K5_DESCRIPTION "MIT to Microsoft LSA Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "mit2ms\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "mit2ms.exe\0"
+#endif /* MIT2MS_APP */
+
+#ifdef KVNO_APP
+#define K5_DESCRIPTION "Key Version Number Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kvno\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kvno.exe\0"
+#endif /* KVNO_APP */
+
+#ifdef KPASSWD_APP
+#define K5_DESCRIPTION "Kerberos Change Password Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kpasswd\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kpasswd.exe\0"
+#endif /* KPASSWD_APP */
+
+#ifdef KFWLOGON_LIB
+#define K5_DESCRIPTION "Kerberos Network Provider - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kfwlogon\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kfwlogon.dll\0"
+#endif /* KFWLOGON_LIB */
+
+#ifdef KFWCPCC_APP
+#define K5_DESCRIPTION "Copy Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kfwcpcc\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kfwcpcc.exe\0"
+#endif /* KFWCPCC_APP */
+
+#ifdef KCPYTKT_APP
+#define K5_DESCRIPTION "Kerberos Copy Ticket Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kcpytkt\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kcpytkt.exe\0"
+#endif /* KCPYTKT_APP */
+
+#ifdef KDELTKT_APP
+#define K5_DESCRIPTION "Kerberos Delete Ticket Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kdeltkt\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kdeltkt.exe\0"
+#endif /* KDELTKT_APP */
+
+#ifdef KDESTROY_APP
+#define K5_DESCRIPTION "Kerberos Destroy Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kdestroy\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kdestroy.exe\0"
+#endif /* KDESTROY_APP */
+
+#ifdef KINIT_APP
+#define K5_DESCRIPTION "Kerberos Initialize Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "kinit\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "kinit.exe\0"
+#endif /* KINIT_APP */
+
+#ifdef KLIST_APP
+#define K5_DESCRIPTION "Kerberos List Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "klist\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "klist.exe\0"
+#endif /* KLIST_APP */
+
+#ifdef KSWITCH_APP
+#define K5_DESCRIPTION "Kerberos Switch Credential Cache Application - MIT GSS / Kerberos v5 distribution\0"
+#define K5_INTERNAL_NAME "kswitch\0"
+#define K5_FILETYPE	VFT_APP
+#define K5_ORIGINAL_NAME "kswitch.exe\0"
+#endif /* KSWITCH_APP */
+
+#ifdef GSS_CLIENT_APP
+#define K5_DESCRIPTION "GSS Sample Client Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "gss-client\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "gss-client.exe\0"
+#endif /* GSS_CLIENT_APP */
+
+#ifdef GSS_SERVER_APP
+#define K5_DESCRIPTION "GSS Sample Server Application - " KRB5_PRODUCTNAME_STR "\0"
+#define K5_INTERNAL_NAME "gss-server\0"
+#define K5_FILETYPE	VFT_DLL
+#define K5_ORIGINAL_NAME "gss-server.exe\0"
+#endif /* GSS_SERVER_APP */
+
+
+/* 
+ * END SPECIFIC VERSION INFO
+ */
+
+VS_VERSION_INFO VERSIONINFO
+FILEVERSION	K5_PRODUCT_VERSION
+PRODUCTVERSION	K5_PRODUCT_VERSION
+FILEFLAGSMASK   VS_FFI_FILEFLAGSMASK
+FILEFLAGS	(VS_FF_DEBUG | VS_FF_PRIVATEBUILD | BETA_FLAG)
+FILEOS		Targ_OS
+FILETYPE        K5_FILETYPE
+BEGIN
+    BLOCK "VarFileInfo"
+    BEGIN
+	VALUE "Translation", 0x0409, 1252
+    END
+
+    BLOCK "StringFileInfo"
+    BEGIN
+	BLOCK "040904E4"
+	BEGIN
+#if defined(VER_EXTRA_LABEL) && defined(VER_EXTRA_VALUE)
+            VALUE VER_EXTRA_LABEL,   VER_EXTRA_VALUE
+#endif
+#ifdef VER_COMMENT
+            VALUE "Comment",         VER_COMMENT
+#endif
+#ifdef VER_USERNAME
+            VALUE "Built By",        VER_USERNAME
+#endif
+#ifdef VER_HOSTNAME
+            VALUE "Build Host",      VER_HOSTNAME
+#endif
+#ifdef VER_DATE
+            VALUE "Build Time",      VER_DATE
+#endif
+#ifdef VER_VENDOR
+            VALUE "Modified by Vendor",  VER_VENDOR
+#endif
+            VALUE "CompanyName",        K5_COMPANY_NAME
+	    VALUE "FileDescription",	K5_DESCRIPTION
+	    VALUE "FileVersion",	K5_PRODUCT_VERSION_STRING
+	    VALUE "InternalName",	K5_INTERNAL_NAME
+#ifdef VER_LEGALTRADEMARK_STR
+            VALUE VER_LEGALTRADEMARK_STR
+#else
+	    VALUE "LegalTrademarks",	"\0"
+#endif
+	    VALUE "OriginalFilename",	K5_ORIGINAL_NAME
+	    VALUE "ProductName",	K5_ORIGINAL_NAME
+	    VALUE "ProductVersion",	K5_PRODUCT_VERSION_STRING
+
+	    VALUE "LegalCopyright",	K5_COPYRIGHT
+#ifdef VER_SPECIALBUILD
+            VALUE "SpecialBuild",       VER_SPECIALBUILD
+#endif
+	END
+    END
+END
diff --git a/krb5-1.21.3/src/windows/winlevel.h b/krb5-1.21.3/src/windows/winlevel.h
new file mode 100644
index 00000000..caba33b3
--- /dev/null
+++ b/krb5-1.21.3/src/windows/winlevel.h
@@ -0,0 +1,31 @@
+/* windows/winlevel.h */
+/*
+ * Copyright (C) 2006 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * This value should be an ever increasing number that is
+ * updated for each alpha, beta, final release.   This will ensure
+ * that file identifiers are unique
+ */
+#define KRB5_BUILDLEVEL		1
diff --git a/libssh/.clang-format b/libssh/.clang-format
new file mode 100644
index 00000000..0865b160
--- /dev/null
+++ b/libssh/.clang-format
@@ -0,0 +1,28 @@
+---
+# https://clang.llvm.org/docs/ClangFormatStyleOptions.html
+BasedOnStyle: LLVM
+IndentWidth: 4
+UseTab: Never
+AllowShortIfStatementsOnASingleLine: false
+BreakBeforeBraces: Custom
+BraceWrapping:
+    AfterEnum: false
+    AfterFunction: true
+    AfterStruct: false
+    AfterUnion: false
+    AfterExternBlock: false
+    BeforeElse: false
+    BeforeWhile: false
+IndentCaseLabels: false
+IndentCaseBlocks: false
+ColumnLimit: 80
+AlignAfterOpenBracket: Align
+AllowAllParametersOfDeclarationOnNextLine: false
+BinPackArguments: false
+BinPackParameters: false
+AllowAllArgumentsOnNextLine: false
+AllowShortFunctionsOnASingleLine: Empty
+BreakAfterReturnType: ExceptShortType
+AlwaysBreakAfterReturnType: AllDefinitions
+AlignEscapedNewlines: Left
+ForEachMacros: ['ssh_callbacks_iterate']
diff --git a/libssh/.gitlab-ci.yml b/libssh/.gitlab-ci.yml
deleted file mode 100644
index 6097b8e0..00000000
--- a/libssh/.gitlab-ci.yml
+++ /dev/null
@@ -1,528 +0,0 @@
----
-variables:
-  BUILD_IMAGES_PROJECT: libssh/build-images
-  CENTOS7_BUILD: buildenv-centos7
-  CENTOS9_BUILD: buildenv-c9s
-  COVERITY_BUILD: buildenv-coverity
-  FEDORA_BUILD: buildenv-fedora
-  MINGW_BUILD: buildenv-mingw
-  TUMBLEWEED_BUILD: buildenv-tumbleweed
-  UBUNTU_BUILD: buildenv-ubuntu
-  ALPINE_BUILD: buildenv-alpine
-
-stages:
-  - build
-  - test
-  - analysis
-
-.build:
-  stage: build
-  variables:
-    CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON"
-    CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON"
-    CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DWITH_BENCHMARKS=ON"
-    CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS
-  before_script: &build
-    - uname -a
-    - cat /etc/os-release
-    - mount
-    - df -h
-    - cat /proc/swaps
-    - free -h
-    - mkdir -p obj && cd obj
-  script:
-    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
-      make -j$(nproc) &&
-      make -j$(nproc) install
-  # Do not use after_script as it does not make the targets fail
-  tags:
-    - shared
-  except:
-    - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-
-.tests:
-  extends: .build
-  stage: test
-  # This is needed to prevent passing artifacts from previous stages
-  dependencies: []
-  script:
-    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-    # Do not use after_script as it does not make the targets fail
-
-.fedora:
-  extends: .tests
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON
-
-.tumbleweed:
-  extends: .tests
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
-
-
-###############################################################################
-#                               CentOS builds                                 #
-###############################################################################
-# pkd tests fail on CentOS7 docker images, so we don't use -DSERVER_TESTING=ON
-centos7/openssl_1.0.x/x86_64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
-  extends: .tests
-  script:
-    - cmake3 $CMAKE_OPTIONS .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-centos9s/openssl_3.0.x/x86_64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
-  extends: .tests
-  script:
-    - export OPENSSL_ENABLE_SHA1_SIGNATURES=1
-    - cmake3 $CMAKE_OPTIONS .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-
-###############################################################################
-#                               Fedora builds                                 #
-###############################################################################
-fedora/build:
-  extends: .build
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
-
-fedora/docs:
-  extends: .build
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
-  script:
-    - cmake .. && make docs
-
-fedora/ninja:
-  extends: .fedora
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
-  script:
-    - cmake -G Ninja $CMAKE_OPTIONS ../ && ninja && ninja test
-
-fedora/openssl_3.0.x/x86_64:
-  extends: .fedora
-
-fedora/openssl_3.0.x/x86_64/fips:
-  extends: .fedora
-  before_script:
-    - echo "# userspace fips" > /etc/system-fips
-    # We do not need the kernel part, but in case we ever do:
-    # mkdir -p /var/tmp/userspace-fips
-    # echo 1 > /var/tmp/userspace-fips/fips_enabled
-    # mount --bind /var/tmp/userspace-fips/fips_enabled \
-    # /proc/sys/crypto/fips_enabled
-    - update-crypto-policies --show
-    - update-crypto-policies --set FIPS
-    - update-crypto-policies --show
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_BLOWFISH_CIPHER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
-  script:
-    - cmake $CMAKE_OPTIONS .. &&
-      make -j$(nproc) &&
-      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
-
-fedora/openssl_3.0.x/x86_64/minimal:
-  extends: .fedora
-  variables:
-  script:
-    - cmake $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=OFF
-      -DWITH_SERVER=OFF
-      -DWITH_ZLIB=OFF
-      -DWITH_PCAP=OFF
-      -DWITH_DSA=OFF
-      -DUNIT_TESTING=ON
-      -DCLIENT_TESTING=ON
-      -DWITH_GEX=OFF .. &&
-      make -j$(nproc)
-
-# Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite
-# so, this is only enabled for unit tests right now.
-# TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON
-fedora/address-sanitizer:
-  extends: .fedora
-  stage: analysis
-  script:
-    - cmake
-      -DCMAKE_BUILD_TYPE=AddressSanitizer
-      -DCMAKE_C_COMPILER=clang
-      -DCMAKE_CXX_COMPILER=clang++
-      -DPICKY_DEVELOPER=ON
-      $CMAKE_BUILD_OPTIONS
-      -DUNIT_TESTING=ON
-      -DFUZZ_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-# This is disabled as it report OpenSSL issues
-# It also has the same issues with cwrap as AddressSanitizer
-.fedora/memory-sanitizer:
-  extends: .fedora
-  stage: analysis
-  script:
-    - cmake
-      -DCMAKE_BUILD_TYPE=MemorySanitizer
-      -DCMAKE_C_COMPILER=clang
-      -DCMAKE_CXX_COMPILER=clang++
-      -DPICKY_DEVELOPER=ON
-      $CMAKE_BUILD_OPTIONS
-      -DUNIT_TESTING=ON
-      -DFUZZ_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-fedora/undefined-sanitizer:
-  extends: .fedora
-  stage: analysis
-  script:
-    - cmake
-      -DCMAKE_BUILD_TYPE=UndefinedSanitizer
-      -DCMAKE_C_COMPILER=clang
-      -DCMAKE_CXX_COMPILER=clang++
-      -DPICKY_DEVELOPER=ON
-      $CMAKE_BUILD_OPTIONS
-      -DUNIT_TESTING=ON
-      -DFUZZ_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-fedora/libgcrypt/x86_64:
-  extends: .fedora
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: "-DWITH_GCRYPT=ON -DWITH_DEBUG_CRYPTO=ON"
-
-fedora/mbedtls/x86_64:
-  extends: .fedora
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DSA=OFF"
-
-# Unit testing only, no client and pkd testing, because cwrap is not available
-# for MinGW
-fedora/mingw64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
-  extends: .tests
-  script:
-    - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
-    - export WINEDEBUG=-all
-    - mingw64-cmake $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=ON
-      -DWITH_SERVER=ON
-      -DWITH_ZLIB=ON
-      -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-# Unit testing only, no client and pkd testing, because cwrap is not available
-# for MinGW
-fedora/mingw32:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
-  extends: .tests
-  script:
-    - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin
-    - export WINEDEBUG=-all
-    - mingw32-cmake $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=ON
-      -DWITH_SERVER=ON
-      -DWITH_ZLIB=ON
-      -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-
-###############################################################################
-#                               Fedora csbuild                                #
-###############################################################################
-.csbuild:
-  stage: analysis
-  variables:
-    GIT_DEPTH: "100"
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
-  before_script:
-    - |
-      if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then
-          export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
-      fi
-
-      # Check if the commit exists in this branch
-      # This is not the case for a force push
-      git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20")
-
-      export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA"
-  tags:
-    - shared
-  except:
-    - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj-csbuild/
-
-fedora/csbuild/openssl_3.0.x:
-  extends: .csbuild
-  script:
-    - csbuild
-      --build-dir=obj-csbuild
-      --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
-      --git-commit-range $CI_COMMIT_RANGE
-      --color
-      --print-current --print-fixed
-
-fedora/csbuild/libgcrypt:
-  extends: .csbuild
-  script:
-    - csbuild
-      --build-dir=obj-csbuild
-      --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)"
-      --git-commit-range $CI_COMMIT_RANGE
-      --color
-      --print-current --print-fixed
-
-fedora/csbuild/mbedtls:
-  extends: .csbuild
-  script:
-    - csbuild
-      --build-dir=obj-csbuild
-      --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_MBEDTLS=ON @SRCDIR@ && make clean && make -j$(nproc)"
-      --git-commit-range $CI_COMMIT_RANGE
-      --color
-      --print-current --print-fixed
-
-
-###############################################################################
-#                               Ubuntu builds                                 #
-###############################################################################
-ubuntu/openssl_1.1.x/x86_64:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
-  extends: .tests
-
-
-###############################################################################
-#                               Alpine builds                                 #
-###############################################################################
-alpine/musl:
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD
-  extends: .tests
-  script:
-    - cmake $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=ON
-      -DWITH_SERVER=ON
-      -DWITH_ZLIB=ON
-      -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-
-###############################################################################
-#                             Tumbleweed builds                               #
-###############################################################################
-tumbleweed/openssl_1.1.x/x86_64/gcc:
-  extends: .tumbleweed
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: "-DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
-
-tumbleweed/openssl_1.1.x/x86/gcc:
-  extends: .tumbleweed
-  script:
-    - cmake
-      -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
-      $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=ON
-      -DWITH_SERVER=ON
-      -DWITH_ZLIB=ON
-      -DWITH_PCAP=ON
-      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON ..
-
-tumbleweed/openssl_1.1.x/x86_64/gcc7:
-  extends: .tumbleweed
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
-
-tumbleweed/openssl_1.1.x/x86/gcc7:
-  extends: .tumbleweed
-  script:
-    - cmake
-      -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake
-      -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7
-      $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON .. &&
-      make -j$(nproc) &&
-      ctest --output-on-failure
-
-tumbleweed/openssl_1.1.x/x86_64/clang:
-  extends: .tumbleweed
-  variables:
-    CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
-
-tumbleweed/static-analysis:
-  extends: .tests
-  stage: analysis
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
-  script:
-    - export CCC_CC=clang
-    - export CCC_CXX=clang++
-    - scan-build cmake
-      -DCMAKE_BUILD_TYPE=Debug
-      -DCMAKE_C_COMPILER=clang
-      -DCMAKE_CXX_COMPILER=clang++
-      -DPICKY_DEVELOPER=ON
-      $CMAKE_BUILD_OPTIONS
-      $CMAKE_TEST_OPTIONS .. &&
-      scan-build --status-bugs -o scan make -j$(nproc)
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/scan
-
-
-###############################################################################
-#                               FreeBSD builds                                #
-###############################################################################
-# That is a specific runner that we cannot enable universally.
-# We restrict it to builds under the $BUILD_IMAGES_PROJECT project.
-freebsd/x86_64:
-  image:
-  extends: .tests
-  before_script:
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON ..
-  script:
-    - cmake $CMAKE_DEFAULT_OPTIONS
-      -DWITH_SFTP=ON
-      -DWITH_SERVER=ON
-      -DWITH_ZLIB=ON
-      -DWITH_PCAP=ON
-      -DUNIT_TESTING=ON .. &&
-      make &&
-      ctest --output-on-failure
-  tags:
-    - private
-    - freebsd
-  only:
-    - branches@libssh/libssh-mirror
-    - branches@cryptomilk/libssh-mirror
-    - branches@jjelen/libssh-mirror
-    - branches@marco.fortina/libssh-mirror
-
-
-###############################################################################
-#                           Visual Studio builds                              #
-###############################################################################
-.vs:
-  stage: test
-  cache:
-    key: vcpkg.${CI_JOB_NAME}
-    paths:
-      - .vcpkg
-  variables:
-    ErrorActionPreference: STOP
-  script:
-    - cmake --build .
-    - ctest --output-on-failure
-  tags:
-    - windows
-    - shared-windows
-  except:
-    - tags
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/
-  before_script:
-    - choco install --no-progress -y cmake
-    - $env:Path += ';C:\Program Files\CMake\bin'
-    - If (!(test-path .vcpkg\archives)) { mkdir -p .vcpkg\archives }
-    - $env:VCPKG_DEFAULT_BINARY_CACHE="$PWD\.vcpkg\archives"
-    - echo $env:VCPKG_DEFAULT_BINARY_CACHE
-    - $env:VCPKG_DEFAULT_TRIPLET="$TRIPLET-windows"
-    - vcpkg install cmocka
-    - vcpkg install openssl
-    - vcpkg install zlib
-    - vcpkg integrate install
-    - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1}
-    - cmake
-        -A $PLATFORM
-        -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake
-        -DPICKY_DEVELOPER=ON
-        -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-        -DUNIT_TESTING=ON ..
-
-visualstudio/x86_64:
-  extends: .vs
-  variables:
-    PLATFORM: "x64"
-    TRIPLET: "x64"
-
-visualstudio/x86:
-  extends: .vs
-  variables:
-    PLATFORM: "win32"
-    TRIPLET: "x86"
-
-###############################################################################
-#                                 Coverity                                    #
-###############################################################################
-#
-# git push -o ci.variable="COVERITY_SCAN_TOKEN=XXXXXX" \
-#          -o ci.variable="COVERITY_SCAN_PROJECT_NAME=XXXXXX" \
-#          -o ci.variable="COVERITY_SCAN_EMAIL=XXXXXX" \
-#          -f gitlab
-
-coverity:
-  stage: analysis
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$COVERITY_BUILD
-  script:
-    - mkdir obj && cd obj
-    - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
-    - tar xf /tmp/coverity_tool.tgz
-    - cmake -DCMAKE_BUILD_TYPE=Debug $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS ..
-    - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$(nproc)
-    - tar czf cov-int.tar.gz cov-int
-    - curl
-      --form token=$COVERITY_SCAN_TOKEN
-      --form email=$COVERITY_SCAN_EMAIL
-      --form file=@cov-int.tar.gz
-      --form version="`git describe --tags`"
-      --form description="CI build"
-      https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
-  tags:
-    - shared
-  only:
-    refs:
-      - master
-      - schedules
-    variables:
-      - $COVERITY_SCAN_TOKEN != null
-      - $COVERITY_SCAN_PROJECT_NAME != null
-      - $COVERITY_SCAN_EMAIL != null
-  artifacts:
-    expire_in: 1 week
-    when: on_failure
-    paths:
-      - obj/cov-int/*.txt
diff --git a/libssh/CHANGELOG b/libssh/CHANGELOG
index 5d05bcac..224f0b07 100644
--- a/libssh/CHANGELOG
+++ b/libssh/CHANGELOG
@@ -1,6 +1,150 @@
 CHANGELOG
 =========
 
+version 0.11.3 (released 2025-09-09)
+ * Security:
+   * CVE-2025-8114: Fix NULL pointer dereference after allocation failure
+   * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX
+   * Potential UAF when send() fails during key exchange
+ * Fix possible timeout during KEX if client sends authentication too early (#311)
+ * Cleanup OpenSSL PKCS#11 provider when loaded
+ * Zeroize buffers containing private key blobs during export
+
+version 0.11.2 (released 2025-06-24)
+ * Security:
+   * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion
+   * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file()
+   * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management
+   * CVE-2025-5351 - Double free in functions exporting keys
+   * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures
+   * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding
+   * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL
+ * Compatibility
+   * Fixed compatibility with CPM.cmake
+   * Compatibility with OpenSSH 10.0
+   * Tests compatibility with new Dropbear releases
+   * Removed p11-kit remoting from the pkcs11 testsuite
+ * Bugfixes
+   * Implement missing packet filter for DH GEX
+   * Properly process the SSH2_MSG_DEBUG message
+   * Allow escaping quotes in quoted arguments to ssh configuration
+   * Do not fail with unknown match keywords in ssh configuration
+   * Process packets before selecting signature algorithm during authentication
+   * Do not fail hard when the SFTP status message is not sent by noncompliant
+     servers
+
+version 0.11.1 (released 2024-08-30)
+ * Fixed default TTY modes that are set when stdin is not connected to tty (#270)
+ * Fixed zlib cleanup procedure, which could crash on i386
+ * Various test fixes improving their stability
+ * Fixed cygwin build
+
+version 0.11.0 (released 2024-07-31)
+  * Deprecations and Removals:
+    * Dropped support for DSA
+    * Deprecated Blowfish cipher (will be removed in next release)
+    * Deprecated SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY
+    * Removed the usage of deprecated OpenSSL APIs (Note: Minimum supported
+      OpenSSL version is 1.1.1)
+    * Disabled preauth compression (zlib) by default
+    * Support for pkcs#11 engines are deprecated, pkcs11-provider is used instead
+    * Deprecation of old async SFTP API
+    * libgcrypt cryptographic backend is deprecated
+    * Deprecation of knownhosts hashing
+  * SFTP Improvements:
+    * Added support for async SFTP IO
+    * Added support for sftp_limits() and applied capping to SFTP read/write
+      operations accordingly
+    * Added sftp_home_directory() API support for sftp extension "home-directory"
+    * Added sftp_lsetstat() API for lsetstat extensions
+    * Added sftp_expand_path() to canonicalize path using expand-path@openssh.com
+      extension
+    * Implemented stat and realpath in sftpserver
+    * Added sftp_readlink() API to support hardlink@openssh.com
+    * New extensible callback based SFTP server
+    * Introduced the posix-rename@openssh.com extension
+  * New functions and features:
+    * Added support for PKCS #11 provider for OpenSSL 3.0
+    * Added testing for GSSAPI Authentication
+    * Implemented proxy jump using libssh
+    * Recategorized loglevels to show fatal errors and alignment with OpenSSH
+      log levels
+    * Added ssh_channel_request_pty_size_modes() API to set terminal modes for
+      PTYs
+    * Added function to check username syntax
+    * Added support to check all keys in authorized_keys instead of one in
+      example server implementation
+    * Handled hostkey similar to OpenSSH
+    * Added ssh_session_socket_close() API in order to not close socket passed
+      through options on error conditions
+    * Added option SSH_BIND_OPTIONS_IMPORT_KEY_STR to read user-supplied key
+      string in ssh_bind_options_set()
+    * Improved log handling around ssh_set_callbacks
+    * Added ssh_set_error_invalid in ssh_options_set()
+    * Prevented signature blob to start with 1 bit in libgcrypt
+    * Added support to unbreak key comparison of Ed25519 keys imported from PEM
+      or OpenSSH container
+    * Added support to calculate missing CRT parameters when building RSA key
+    * Added ssh_pki_export_privkey_base64_format() and
+      ssh_pki_export_privkey_file_format() to support exporting keys in different
+      formats (PEM, OpenSSH)
+    * Added support to compare certificates and handle automatic certificate
+      authentication
+    * Added support to make compile-commands generation conditional
+    * Built fuzzers for normal testing
+    * Avoided passing other events to callbacks when called recursively
+    * Added control master and path options
+    * Refactored channel_rcv_data, check for errors and report more useful errors
+    * Added support to connect to other host addresses than just the first one
+    * Terminated the server properly when the MaxAuthTries is reached
+    * Added support for no-more-sessions@openssh.com request in both client and
+      server
+    * Added callback to support forwarded-tcpip requests
+    * Bumped minimal CMake version to 3.12
+    * Added support for MBedTLS 3.6.x
+    * Added support for +,-,^ modifiers in front of algorithm lists in options
+    * Added callbacks for channel open response, and channel request response
+    * Replaced chroot() from chroot_wrapper internal library with chroot()
+      from priv_wrapper package
+    * Added a placeholder for non-expanded identities
+    * Improved handling of channel transfer window sizes
+
+version 0.10.6 (released 2023-12-18)
+ * Fix CVE-2023-6004: Command injection using proxycommand
+ * Fix CVE-2023-48795: Potential downgrade attack using strict kex
+ * Fix CVE-2023-6918: Missing checks for return values of MD functions
+ * Fix ssh_send_issue_banner() for CMD(PowerShell)
+ * Avoid passing other events to callbacks when poll is called recursively (#202)
+ * Allow @ in usernames when parsing from URI composes
+
+version 0.10.5 (released 2023-05-04)
+ * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing
+ * Fix CVE-2023-2283: a possible authorization bypass in
+   pki_verify_data_signature under low-memory conditions.
+ * Fix several memory leaks in GSSAPI handling code
+ * Escape braces in ProxyCommand created from ProxyJump options for zsh
+   compatibility.
+ * Fix pkg-config path relocation for MinGW
+ * Improve doxygen documentation
+ * Fix build with cygwin due to the glob support
+ * Do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYS
+ * Add support for SSH_SUPPRESS_DEPRECATED
+ * Avoid functions declarations without prototype to build with clang 15
+ * Fix spelling issues
+ * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles repetitively
+ * Add support sk-* keys through configuration
+ * Improve checking for Argp library
+ * Log information about received extensions
+ * Correctly handle rekey with delayed compression
+ * Move the EC keys handling to OpenSSL 3.0 API
+ * Record peer disconnect message
+ * Avoid deadlock when write buffering occurs and we call poll recursively to
+   flush the output buffer
+ * Disable preauthentication compression by default
+ * Add CentOS 8 Stream / OpenSSL 1.1.1 to CI
+ * Add accidentally removed default compile flags
+ * Solve incorrect parsing of ProxyCommand option
+
 version 0.10.4 (released 2022-09-07)
   * Fixed issues with KDF on big endian
 
@@ -40,9 +184,6 @@ version 0.10.0 (released 2022-08-26)
   * Deprecated old pubkey, privatekey API
   * Avoided some needless large stack buffers to minimize memory footprint
   * Removed support for OpenSSL < 1.0.1
-  * Fixed parsing username@host in login name
-  * Free global init mutex in the destructor on Windows
-  * Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats
 
 version 0.9.6 (released 2021-08-26)
   * CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
@@ -75,7 +216,7 @@ version 0.9.4 (released 2020-04-09)
   * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
     AES-CTR keys with OpenSSL
   * Added diffie-hellman-group14-sha256
-  * Fixed serveral possible memory leaks
+  * Fixed several possible memory leaks
 
 version 0.9.3 (released 2019-12-10)
   * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
@@ -226,7 +367,7 @@ version 0.6.1 (released 2014-02-08)
   * Fixed DSA signature extraction.
   * Fixed some memory leaks.
   * Fixed read of non-connected socket.
-  * Fixed thread dectection.
+  * Fixed thread detection.
 
 version 0.6.0 (released 2014-01-08)
   * Added new publicy key API.
@@ -251,7 +392,7 @@ version 0.6.0 (released 2014-01-08)
 version 0.5.5 (released 2013-07-26)
   * BUG 103: Fix ProxyCommand parsing.
   * Fix setting -D_FORTIFY_SOURCE=2.
-  * Fix pollset error return if emtpy.
+  * Fix pollset error return if empty.
   * Fix NULL pointer checks in channel functions.
   * Several bugfixes.
 
@@ -267,7 +408,7 @@ version 0.5.3 (released 2012-11-20)
   * BUG #84 - Fix bug in sftp_mkdir not returning on error.
   * BUG #85 - Fixed a possible channel infinite loop if the connection dropped.
   * BUG #88 - Added missing channel request_state and set it to accepted.
-  * BUG #89 - Reset error state to no error on successful SSHv1 authentiction.
+  * BUG #89 - Reset error state to no error on successful SSHv1 authentication.
   * Fixed a possible use after free in ssh_free().
   * Fixed multiple possible NULL pointer dereferences.
   * Fixed multiple memory leaks in error paths.
@@ -328,7 +469,7 @@ version 0.4.7 (released 2010-12-28)
   * Fixed a possible memory leak in ssh_get_user_home().
   * Fixed a memory leak in sftp_xstat.
   * Fixed uninitialized fd->revents member.
-  * Fixed timout value in ssh_channel_accept().
+  * Fixed timeout value in ssh_channel_accept().
   * Fixed length checks in ssh_analyze_banner().
   * Fixed a possible data overread and crash bug.
   * Fixed setting max_fd which breaks ssh_select().
@@ -351,7 +492,7 @@ version 0.4.5 (released 2010-07-13)
   * Added option to bind a client to an ip address.
   * Fixed the ssh socket polling function.
   * Fixed Windows related bugs in bsd_poll().
-  * Fixed serveral build warnings.
+  * Fixed several build warnings.
 
 version 0.4.4 (released 2010-06-01)
   * Fixed a bug in the expand function for escape sequences.
@@ -370,17 +511,17 @@ version 0.4.3 (released 2010-05-18)
   * Fixed sftp_chown.
   * Fixed sftp_rename on protocol version 3.
   * Fixed a blocking bug in channel_poll.
-  * Fixed config parsing wich has overwritten user specified values.
+  * Fixed config parsing which has overwritten user specified values.
   * Fixed hashed [host]:port format in knownhosts
   * Fixed Windows build.
-  * Fixed doublefree happening after a negociation error.
+  * Fixed doublefree happening after a negotiation error.
   * Fixed aes*-ctr with <= OpenSSL 0.9.7b.
   * Fixed some documentation.
   * Fixed exec example which has broken read usage.
   * Fixed broken algorithm choice for server.
   * Fixed a typo that we don't export all symbols.
   * Removed the unneeded dependency to doxygen.
-  * Build examples only on the Linux plattform.
+  * Build examples only on the Linux platform.
 
 version 0.4.2 (released 2010-03-15)
   * Added owner and group information in sftp attributes.
@@ -402,7 +543,7 @@ version 0.4.1 (released 2010-02-13)
   * Added an example for exec.
   * Added private key type detection feature in privatekey_from_file().
   * Fixed zlib compression fallback.
-  * Fixed kex bug that client preference should be prioritary
+  * Fixed kex bug that client preference should be priority
   * Fixed known_hosts file set by the user.
   * Fixed a memleak in channel_accept().
   * Fixed underflow when leave_function() are unbalanced
@@ -540,7 +681,7 @@ version 0.11-dev
   * Keyboard-interactive authentication working.
 
 version 0.1 (released 2004-03-05)
-  * Begining of sftp subsystem implementation.
+  * Beginning of sftp subsystem implementation.
   * Some cleanup into channels implementation
   * Now every channel functions is called by its CHANNEL handler.
   * Added channel_poll() and channel_read().
@@ -561,7 +702,7 @@ version 0.0.4 (released 2003-10-10)
   * Added a wrapper.c file. The goal is to provide a similar API to every
     cryptographic functions. bignums and sha/md5 are wrapped now.
   * More work than it first looks.
-  * Support for other crypto libs planed (lighter libs)
+  * Support for other crypto libs planned (lighter libs)
   * Fixed stupid select() bug.
   * Libssh now compiles and links with openssl 0.9.6
   * RSA pubkey authentication code now works !
diff --git a/libssh/CMakeLists.txt b/libssh/CMakeLists.txt
index 7bc3331c..a794bb9b 100644
--- a/libssh/CMakeLists.txt
+++ b/libssh/CMakeLists.txt
@@ -1,5 +1,4 @@
-cmake_minimum_required(VERSION 3.3.0)
-cmake_policy(SET CMP0048 NEW)
+cmake_minimum_required(VERSION 3.14.0)
 
 # Specify search path for CMake modules to be loaded by include()
 # and find_package()
@@ -10,7 +9,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.10.4 LANGUAGES C)
+project(libssh VERSION 0.11.3 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +21,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.9.4")
+set(LIBRARY_VERSION "4.10.3")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
@@ -49,32 +48,12 @@ endif (WITH_ZLIB)
 
 if (WITH_GCRYPT)
   find_package(GCrypt 1.5.0 REQUIRED)
-  if (NOT GCRYPT_FOUND)
-    message(FATAL_ERROR "Could not find GCrypt")
-  endif (NOT GCRYPT_FOUND)
+  message(WARNING "libgcrypt cryptographic backend is deprecated and will be removed in future releases.")
 elseif(WITH_MBEDTLS)
     find_package(MbedTLS REQUIRED)
-    if (NOT MBEDTLS_FOUND)
-      message(FATAL_ERROR "Could not find mbedTLS")
-    endif (NOT MBEDTLS_FOUND)
-else (WITH_GCRYPT)
-  find_package(OpenSSL 1.0.1)
-  if (OPENSSL_FOUND)
-    # On CMake < 3.16, OPENSSL_CRYPTO_LIBRARIES is usually a synonym for OPENSSL_CRYPTO_LIBRARY, but is not defined
-    # when building on Windows outside of Cygwin. We provide the synonym here, if FindOpenSSL didn't define it already.
-    if (NOT DEFINED OPENSSL_CRYPTO_LIBRARIES)
-      set(OPENSSL_CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-    endif (NOT DEFINED OPENSSL_CRYPTO_LIBRARIES)
-  else (OPENSSL_FOUND)
-    find_package(GCrypt)
-    if (NOT GCRYPT_FOUND)
-      find_package(MbedTLS)
-      if (NOT MBEDTLS_FOUND)
-        message(FATAL_ERROR "Could not find OpenSSL, GCrypt or mbedTLS")
-      endif (NOT MBEDTLS_FOUND)
-    endif (NOT GCRYPT_FOUND)
-  endif (OPENSSL_FOUND)
-endif(WITH_GCRYPT)
+else()
+  find_package(OpenSSL 1.1.1 REQUIRED)
+endif()
 
 if (UNIT_TESTING)
     find_package(CMocka REQUIRED)
@@ -89,13 +68,6 @@ if (WITH_GSSAPI)
     find_package(GSSAPI)
 endif (WITH_GSSAPI)
 
-if (WITH_PKCS11_URI)
-    find_package(softhsm)
-    if (NOT SOFTHSM_FOUND)
-        message(SEND_ERROR "Could not find softhsm module!")
-     endif (NOT SOFTHSM_FOUND)
-endif (WITH_PKCS11_URI)
-
 if (WITH_NACL)
     find_package(NaCl)
     if (NOT NACL_FOUND)
@@ -103,10 +75,6 @@ if (WITH_NACL)
     endif (NOT NACL_FOUND)
 endif (WITH_NACL)
 
-if (BSD OR SOLARIS OR OSX OR CYGWIN)
-    find_package(Argp)
-endif (BSD OR SOLARIS OR OSX OR CYGWIN)
-
 # Disable symbol versioning in non UNIX platforms
 if (UNIX)
     find_package(ABIMap 0.3.1)
@@ -118,6 +86,10 @@ endif (UNIX)
 include(ConfigureChecks.cmake)
 configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)
 
+if (NOT HAVE_ARGP_PARSE)
+  find_package(Argp)
+endif (NOT HAVE_ARGP_PARSE)
+
 # check subdirectories
 add_subdirectory(doc)
 add_subdirectory(include)
@@ -125,7 +97,7 @@ add_subdirectory(src)
 
 # pkg-config file
 if (UNIX OR MINGW)
-configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc)
+configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc @ONLY)
 install(
   FILES
     ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc
@@ -216,16 +188,36 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
     endif(UPDATE_ABI)
 endif (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
 
+# Coverage
+if (WITH_COVERAGE)
+    ENABLE_LANGUAGE(CXX)
+    include(CodeCoverage)
+    setup_target_for_coverage_lcov(
+        NAME "coverage"
+        EXECUTABLE make test
+        DEPENDENCIES ssh tests)
+    set(GCOVR_ADDITIONAL_ARGS --xml-pretty --exclude-unreachable-branches --print-summary)
+    setup_target_for_coverage_gcovr_xml(
+        NAME "coverage_xml"
+        EXECUTABLE make test
+        DEPENDENCIES ssh tests)
+endif (WITH_COVERAGE)
+
 add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source DEPENDS ${_SYMBOL_TARGET} VERBATIM)
 
-# Link compile database for clangd
-execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink
-                "${CMAKE_BINARY_DIR}/compile_commands.json"
-                "${CMAKE_SOURCE_DIR}/compile_commands.json")
+get_directory_property(hasParent PARENT_DIRECTORY)
+if(NOT(hasParent))
+  # Link compile database for clangd if we are the master project
+  execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink
+    "${CMAKE_BINARY_DIR}/compile_commands.json"
+    "${CMAKE_SOURCE_DIR}/compile_commands.json")
+endif()
 
 message(STATUS "********************************************")
 message(STATUS "********** ${PROJECT_NAME} build options : **********")
 
+message(STATUS "Build type: ${CMAKE_BUILD_TYPE}")
+message(STATUS "Coverage: ${WITH_COVERAGE}")
 message(STATUS "zlib support: ${WITH_ZLIB}")
 message(STATUS "libgcrypt support: ${WITH_GCRYPT}")
 message(STATUS "libmbedTLS support: ${WITH_MBEDTLS}")
@@ -235,13 +227,14 @@ message(STATUS "Server support : ${WITH_SERVER}")
 message(STATUS "GSSAPI support : ${WITH_GSSAPI}")
 message(STATUS "GEX support : ${WITH_GEX}")
 message(STATUS "Support insecure none cipher and MAC : ${WITH_INSECURE_NONE}")
+message(STATUS "Support exec : ${WITH_EXEC}")
 message(STATUS "Pcap debugging support : ${WITH_PCAP}")
 message(STATUS "Build shared library: ${BUILD_SHARED_LIBS}")
 message(STATUS "Unit testing: ${UNIT_TESTING}")
 message(STATUS "Client code testing: ${CLIENT_TESTING}")
-message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}")
+message(STATUS "Blowfish cipher support: ${HAVE_BLOWFISH}")
 message(STATUS "PKCS #11 URI support: ${WITH_PKCS11_URI}")
-message(STATUS "DSA support: ${WITH_DSA}")
+message(STATUS "With PKCS #11 provider support: ${WITH_PKCS11_PROVIDER}")
 set(_SERVER_TESTING OFF)
 if (WITH_SERVER)
     set(_SERVER_TESTING ${SERVER_TESTING})
diff --git a/libssh/CONTRIBUTING.md b/libssh/CONTRIBUTING.md
index 4f5bb42f..8e26015c 100644
--- a/libssh/CONTRIBUTING.md
+++ b/libssh/CONTRIBUTING.md
@@ -274,7 +274,7 @@ This is bad:
      * This is a multi line comment,
      * with some more words...*/
 
-### Indention & Whitespace & 80 columns
+### Indentation & Whitespace & 80 columns
 
 To avoid confusion, indentations have to be 4 spaces. Do not use tabs!.  When
 wrapping parameters for function calls, align the parameter list with the first
@@ -478,6 +478,45 @@ Macros like `STATUS_NOT_OK_RETURN` that change control flow (return/goto/etc)
 from within the macro are considered bad, because they look like function calls
 that never change control flow. Please do not introduce them.
 
+### Switch/case indentation
+
+The `case` should not be indented to avoid wasting too much horizontal space.
+When the case block contains local variables that need to be wrapped in braces,
+they should not be indented again either.
+
+Good example:
+
+    switch (x) {
+    case 0:
+        do_stuff();
+        break;
+    case 1: {
+        int y;
+        do_stuff();
+        break;
+    }
+    default:
+        do_other_stuff();
+        break;
+    }
+
+Bad example:
+
+    switch (x) {
+        case 0:
+            do_stuff();
+            break;
+        case 1:
+            {
+                int y;
+                do_stuff();
+                break;
+            }
+        default:
+            do_other_stuff();
+            break;
+    }
+
 
 Have fun and happy libssh hacking!
 
diff --git a/libssh/CPackConfig.cmake b/libssh/CPackConfig.cmake
index 5bd52c56..81ed6d06 100644
--- a/libssh/CPackConfig.cmake
+++ b/libssh/CPackConfig.cmake
@@ -10,7 +10,7 @@ set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})
 
 # SOURCE GENERATOR
 set(CPACK_SOURCE_GENERATOR "TXZ")
-set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]git/;/[.]clangd/;/[.]cache/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
+set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]bare/;/[.]git/;/[.]git;/[.]clangd/;/[.]cache/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
 set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")
 
 ### NSIS INSTALLER
diff --git a/libssh/CompilerChecks.cmake b/libssh/CompilerChecks.cmake
index 9acae281..e9890e2f 100644
--- a/libssh/CompilerChecks.cmake
+++ b/libssh/CompilerChecks.cmake
@@ -16,7 +16,6 @@ if (UNIX)
         endif()
     endif()
 
-    add_c_compiler_flag("-std=gnu99" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wpedantic" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wall" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wshadow" SUPPORTED_COMPILER_FLAGS)
@@ -43,6 +42,13 @@ if (UNIX)
     add_c_compiler_flag("-Wno-format-zero-length" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wmissing-field-initializers" SUPPORTED_COMPILER_FLAGS)
     add_c_compiler_flag("-Wsign-compare" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Wold-style-definition" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Werror=old-style-definition" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Wimplicit-int" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Werror=implicit-int" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Wint-conversion" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Werror=int-conversion" SUPPORTED_COMPILER_FLAGS)
+    add_c_compiler_flag("-Werror=unused-variable" SUPPORTED_COMPILER_FLAGS)
 
     check_c_compiler_flag("-Wformat" REQUIRED_FLAGS_WFORMAT)
     if (REQUIRED_FLAGS_WFORMAT)
@@ -70,7 +76,7 @@ if (UNIX)
     check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
     if (WITH_STACK_PROTECTOR_STRONG)
         list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
-        # This is needed as Solaris has a seperate libssp
+        # This is needed as Solaris has a separate libssp
         if (SOLARIS)
             list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong")
         endif()
@@ -78,7 +84,7 @@ if (UNIX)
         check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
         if (WITH_STACK_PROTECTOR)
             list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
-            # This is needed as Solaris has a seperate libssp
+            # This is needed as Solaris has a separate libssp
             if (SOLARIS)
                 list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector")
             endif()
@@ -86,9 +92,12 @@ if (UNIX)
     endif (WITH_STACK_PROTECTOR_STRONG)
 
     if (NOT WINDOWS AND NOT CYGWIN)
-        check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
-        if (WITH_STACK_CLASH_PROTECTION)
-            list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
+        # apple m* chips do not support this option
+        if (NOT ${CMAKE_SYSTEM_PROCESSOR} STREQUAL arm64)
+            check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
+            if (WITH_STACK_CLASH_PROTECTION)
+                list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
+            endif()
         endif()
     endif()
 
diff --git a/libssh/ConfigureChecks.cmake b/libssh/ConfigureChecks.cmake
index 7103f303..8765dc6e 100644
--- a/libssh/ConfigureChecks.cmake
+++ b/libssh/ConfigureChecks.cmake
@@ -44,6 +44,8 @@ int main(void){ return 0; }
 endif(CMAKE_COMPILER_IS_GNUCC AND NOT MINGW AND NOT OS2)
 
 # HEADER FILES
+check_function_exists(argp_parse HAVE_ARGP_PARSE)
+
 set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${ARGP_INCLUDE_DIR})
 check_include_file(argp.h HAVE_ARGP_H)
 unset(CMAKE_REQUIRED_INCLUDES)
@@ -62,6 +64,7 @@ check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
 check_include_file(byteswap.h HAVE_BYTESWAP_H)
 check_include_file(glob.h HAVE_GLOB_H)
 check_include_file(valgrind/valgrind.h HAVE_VALGRIND_VALGRIND_H)
+check_include_file(ifaddrs.h HAVE_IFADDRS_H)
 
 if (WIN32)
   check_include_file(io.h HAVE_IO_H)
@@ -75,78 +78,32 @@ endif (WIN32)
 
 if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES OpenSSL::Crypto)
+
     check_include_file(openssl/des.h HAVE_OPENSSL_DES_H)
     if (NOT HAVE_OPENSSL_DES_H)
         message(FATAL_ERROR "Could not detect openssl/des.h")
     endif()
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/aes.h HAVE_OPENSSL_AES_H)
     if (NOT HAVE_OPENSSL_AES_H)
         message(FATAL_ERROR "Could not detect openssl/aes.h")
     endif()
 
     if (WITH_BLOWFISH_CIPHER)
-        set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-        check_include_file(openssl/blowfish.h HAVE_OPENSSL_BLOWFISH_H)
+        check_include_file(openssl/blowfish.h HAVE_BLOWFISH)
     endif()
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ecdh.h HAVE_OPENSSL_ECDH_H)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ec.h HAVE_OPENSSL_EC_H)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(EVP_KDF_CTX_new HAVE_OPENSSL_EVP_KDF_CTX_NEW)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_DigestSign HAVE_OPENSSL_EVP_DIGESTSIGN)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_DigestVerify HAVE_OPENSSL_EVP_DIGESTVERIFY)
-
-    check_function_exists(OPENSSL_ia32cap_loc HAVE_OPENSSL_IA32CAP_LOC)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_ED25519 "openssl/evp.h" FOUND_OPENSSL_ED25519)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(EVP_chacha20 HAVE_OPENSSL_EVP_CHACHA20)
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_POLY1305 "openssl/evp.h" HAVE_OPENSSL_EVP_POLY1305)
-
-    if (HAVE_OPENSSL_EVP_DIGESTSIGN AND HAVE_OPENSSL_EVP_DIGESTVERIFY AND
-        FOUND_OPENSSL_ED25519)
-        set(HAVE_OPENSSL_ED25519 1)
-    endif()
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_symbol_exists(EVP_PKEY_X25519 "openssl/evp.h" HAVE_OPENSSL_X25519)
-
     unset(CMAKE_REQUIRED_INCLUDES)
     unset(CMAKE_REQUIRED_LIBRARIES)
 endif()
@@ -170,12 +127,6 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS)
 
 endif ()
 
-if (WITH_DSA)
-    if (NOT WITH_MBEDTLS)
-        set(HAVE_DSA 1)
-    endif (NOT WITH_MBEDTLS)
-endif()
-
 # FUNCTIONS
 
 check_function_exists(isblank HAVE_ISBLANK)
@@ -285,6 +236,10 @@ if (MBEDTLS_FOUND)
     set(CMAKE_REQUIRED_INCLUDES "${MBEDTLS_INCLUDE_DIR}/mbedtls")
     check_include_file(chacha20.h HAVE_MBEDTLS_CHACHA20_H)
     check_include_file(poly1305.h HAVE_MBEDTLS_POLY1305_H)
+    if (WITH_BLOWFISH_CIPHER)
+        check_include_file(blowfish.h HAVE_BLOWFISH)
+    endif()
+
     unset(CMAKE_REQUIRED_INCLUDES)
 
 endif (MBEDTLS_FOUND)
@@ -320,7 +275,7 @@ int main(void) {
 # For detecting attributes we need to treat warnings as
 # errors
 if (UNIX OR MINGW)
-    # Get warnings for attributs
+    # Get warnings for attributes
     check_c_compiler_flag("-Wattributes" REQUIRED_FLAGS_WERROR)
     if (REQUIRED_FLAGS_WERROR)
         string(APPEND CMAKE_REQUIRED_FLAGS "-Wattributes ")
@@ -489,22 +444,22 @@ if (WITH_PKCS11_URI)
     if (WITH_GCRYPT)
         message(FATAL_ERROR "PKCS #11 is not supported for gcrypt.")
         set(WITH_PKCS11_URI 0)
-    endif()
-    if (WITH_MBEDTLS)
+    elseif (WITH_MBEDTLS)
         message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
         set(WITH_PKCS11_URI 0)
-    endif()
-    if (HAVE_OPENSSL AND NOT OPENSSL_VERSION VERSION_GREATER_EQUAL "1.1.1")
-        message(FATAL_ERROR "PKCS #11 requires at least OpenSSL 1.1.1")
-        set(WITH_PKCS11_URI 0)
-    endif()
-endif()
-
-if (WITH_MBEDTLS)
-    if (WITH_DSA)
-        message(FATAL_ERROR "DSA is not supported with mbedTLS crypto")
-        set(HAVE_DSA 0)
-    endif()
+    elseif (OPENSSL_FOUND AND OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0")
+        find_library(PKCS11_PROVIDER
+            NAMES
+                pkcs11.so
+            PATH_SUFFIXES
+                ossl-modules
+        )
+        if (NOT PKCS11_PROVIDER)
+            set(WITH_PKCS11_PROVIDER 0)
+            message(WARNING "Could not find pkcs11 provider! Falling back to engines")
+            message(WARNING "The support for engines is deprecated in OpenSSL and will be removed from libssh in the future releases.")
+        endif (NOT PKCS11_PROVIDER)
+    endif ()
 endif()
 
 # ENDIAN
diff --git a/libssh/DefineOptions.cmake b/libssh/DefineOptions.cmake
index 068db988..f1a6a244 100644
--- a/libssh/DefineOptions.cmake
+++ b/libssh/DefineOptions.cmake
@@ -2,27 +2,29 @@ option(WITH_GSSAPI "Build with GSSAPI support" ON)
 option(WITH_ZLIB "Build with ZLIB support" ON)
 option(WITH_SFTP "Build with SFTP support" ON)
 option(WITH_SERVER "Build with SSH server support" ON)
-option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
+option(WITH_DEBUG_CRYPTO "Build with crypto debug output" OFF)
 option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
 option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
-option(WITH_DSA "Build with DSA" OFF)
-option(WITH_GCRYPT "Compile against libgcrypt" OFF)
+option(WITH_GCRYPT "Compile against libgcrypt (deprecated)" OFF)
 option(WITH_MBEDTLS "Compile against libmbedtls" OFF)
 option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)
 option(WITH_PCAP "Compile with Pcap generation support" ON)
 option(WITH_INTERNAL_DOC "Compile doxygen internal documentation" OFF)
 option(BUILD_SHARED_LIBS "Build shared libraries" ON)
 option(WITH_PKCS11_URI "Build with PKCS#11 URI support" OFF)
+option(WITH_PKCS11_PROVIDER "Use the PKCS#11 provider for accessing pkcs11 objects" OFF)
 option(UNIT_TESTING "Build with unit tests" OFF)
 option(CLIENT_TESTING "Build with client tests; requires openssh" OFF)
 option(SERVER_TESTING "Build with server tests; requires openssh and dropbear" OFF)
-option(WITH_BENCHMARKS "Build benchmarks tools" OFF)
+option(GSSAPI_TESTING "Build with GSSAPI tests; requires krb5-server,krb5-libs and krb5-workstation" OFF)
+option(WITH_BENCHMARKS "Build benchmarks tools; enables unit testing and client tests" OFF)
 option(WITH_EXAMPLES "Build examples" ON)
 option(WITH_NACL "Build with libnacl (curve25519)" ON)
 option(WITH_SYMBOL_VERSIONING "Build with symbol versioning" ON)
 option(WITH_ABI_BREAK "Allow ABI break" OFF)
 option(WITH_GEX "Enable DH Group exchange mechanisms" ON)
 option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not suitable for production!)" OFF)
+option(WITH_EXEC "Enable libssh to execute arbitrary commands from configuration files or options (match exec, proxy commands and OpenSSH-based proxy-jumps)." ON)
 option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF)
 option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
 
@@ -37,7 +39,7 @@ if (WITH_BENCHMARKS)
   set(CLIENT_TESTING ON)
 endif()
 
-if (UNIT_TESTING OR CLIENT_TESTING OR SERVER_TESTING)
+if (UNIT_TESTING OR CLIENT_TESTING OR SERVER_TESTING OR GSSAPI_TESTING)
   set(BUILD_STATIC_LIB ON)
 endif()
 
@@ -60,3 +62,7 @@ endif (NOT GLOBAL_CLIENT_CONFIG)
 if (FUZZ_TESTING)
   set(WITH_INSECURE_NONE ON)
 endif (FUZZ_TESTING)
+
+if (WIN32)
+    set(WITH_EXEC 0)
+endif(WIN32)
diff --git a/libssh/INSTALL b/libssh/INSTALL
index c2eae34b..a6a9cfec 100644
--- a/libssh/INSTALL
+++ b/libssh/INSTALL
@@ -7,11 +7,13 @@
 In order to build libssh, you need to install several components:
 
 - A C compiler
-- [CMake](https://www.cmake.org) >= 3.3.0
-- [openssl](https://www.openssl.org) >= 1.0.1
-or
-- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
+- [CMake](https://www.cmake.org) >= 3.12.0
 - [libz](https://www.zlib.net) >= 1.2
+- [openssl](https://www.openssl.org) >= 1.1.1
+or
+- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.5
+or
+- [Mbed TLS](https://www.trustedfirmware.org/projects/mbed-tls/)
 
 optional:
 - [cmocka](https://cmocka.org/) >= 1.1.0
@@ -19,6 +21,7 @@ optional:
 - [nss_wrapper](https://cwrap.org/) >= 1.1.2
 - [uid_wrapper](https://cwrap.org/) >= 1.2.0
 - [pam_wrapper](https://cwrap.org/) >= 1.0.1
+- [priv_wrapper](https://cwrap.org/) >= 1.0.0
 
 Note that these version numbers are version we know works correctly. If you
 build and run libssh successfully with an older version, please let us know.
@@ -39,7 +42,7 @@ GNU/Linux, MacOS X, MSYS/MinGW:
     cmake -DUNIT_TESTING=ON -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug ..
     make
 
-On Windows you should choose a makefile gernerator with -G or use
+On Windows you should choose a makefile generator with -G or use
 
     cmake-gui.exe ..
 
diff --git a/libssh/cmake/Modules/AddCMockaTest.cmake b/libssh/cmake/Modules/AddCMockaTest.cmake
index 4b0c2dad..f49961ba 100644
--- a/libssh/cmake/Modules/AddCMockaTest.cmake
+++ b/libssh/cmake/Modules/AddCMockaTest.cmake
@@ -116,5 +116,10 @@ function(ADD_CMOCKA_TEST _TARGET_NAME)
     add_test(${_TARGET_NAME}
         ${TARGET_SYSTEM_EMULATOR} ${_TARGET_NAME}
     )
+    if (WITH_COVERAGE)
+        ENABLE_LANGUAGE(CXX)
+        include(CodeCoverage)
+        append_coverage_compiler_flags_to_target(${_TARGET_NAME})
+    endif (WITH_COVERAGE)
 
 endfunction (ADD_CMOCKA_TEST)
diff --git a/libssh/cmake/Modules/CodeCoverage.cmake b/libssh/cmake/Modules/CodeCoverage.cmake
new file mode 100644
index 00000000..0fd70ae2
--- /dev/null
+++ b/libssh/cmake/Modules/CodeCoverage.cmake
@@ -0,0 +1,750 @@
+# Copyright (c) 2012 - 2017, Lars Bilke
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its contributors
+#    may be used to endorse or promote products derived from this software without
+#    specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# CHANGES:
+#
+# 2012-01-31, Lars Bilke
+# - Enable Code Coverage
+#
+# 2013-09-17, Joakim Söderberg
+# - Added support for Clang.
+# - Some additional usage instructions.
+#
+# 2016-02-03, Lars Bilke
+# - Refactored functions to use named parameters
+#
+# 2017-06-02, Lars Bilke
+# - Merged with modified version from github.com/ufz/ogs
+#
+# 2019-05-06, Anatolii Kurotych
+# - Remove unnecessary --coverage flag
+#
+# 2019-12-13, FeRD (Frank Dana)
+# - Deprecate COVERAGE_LCOVR_EXCLUDES and COVERAGE_GCOVR_EXCLUDES lists in favor
+#   of tool-agnostic COVERAGE_EXCLUDES variable, or EXCLUDE setup arguments.
+# - CMake 3.4+: All excludes can be specified relative to BASE_DIRECTORY
+# - All setup functions: accept BASE_DIRECTORY, EXCLUDE list
+# - Set lcov basedir with -b argument
+# - Add automatic --demangle-cpp in lcovr, if 'c++filt' is available (can be
+#   overridden with NO_DEMANGLE option in setup_target_for_coverage_lcovr().)
+# - Delete output dir, .info file on 'make clean'
+# - Remove Python detection, since version mismatches will break gcovr
+# - Minor cleanup (lowercase function names, update examples...)
+#
+# 2019-12-19, FeRD (Frank Dana)
+# - Rename Lcov outputs, make filtered file canonical, fix cleanup for targets
+#
+# 2020-01-19, Bob Apthorpe
+# - Added gfortran support
+#
+# 2020-02-17, FeRD (Frank Dana)
+# - Make all add_custom_target()s VERBATIM to auto-escape wildcard characters
+#   in EXCLUDEs, and remove manual escaping from gcovr targets
+#
+# 2021-01-19, Robin Mueller
+# - Add CODE_COVERAGE_VERBOSE option which will allow to print out commands which are run
+# - Added the option for users to set the GCOVR_ADDITIONAL_ARGS variable to supply additional
+#   flags to the gcovr command
+#
+# 2020-05-04, Mihchael Davis
+#     - Add -fprofile-abs-path to make gcno files contain absolute paths
+#     - Fix BASE_DIRECTORY not working when defined
+#     - Change BYPRODUCT from folder to index.html to stop ninja from complaining about double defines
+#
+# 2021-05-10, Martin Stump
+#     - Check if the generator is multi-config before warning about non-Debug builds
+#
+# 2022-02-22, Marko Wehle
+#     - Change gcovr output from -o <filename> for --xml <filename> and --html <filename> output respectively.
+#       This will allow for Multiple Output Formats at the same time by making use of GCOVR_ADDITIONAL_ARGS, e.g. GCOVR_ADDITIONAL_ARGS "--txt".
+#
+# 2022-09-28, Sebastian Mueller
+#     - fix append_coverage_compiler_flags_to_target to correctly add flags
+#     - replace "-fprofile-arcs -ftest-coverage" with "--coverage" (equivalent)
+#
+# USAGE:
+#
+# 1. Copy this file into your cmake modules path.
+#
+# 2. Add the following line to your CMakeLists.txt (best inside an if-condition
+#    using a CMake option() to enable it just optionally):
+#      include(CodeCoverage)
+#
+# 3. Append necessary compiler flags for all supported source files:
+#      append_coverage_compiler_flags()
+#    Or for specific target:
+#      append_coverage_compiler_flags_to_target(YOUR_TARGET_NAME)
+#
+# 3.a (OPTIONAL) Set appropriate optimization flags, e.g. -O0, -O1 or -Og
+#
+# 4. If you need to exclude additional directories from the report, specify them
+#    using full paths in the COVERAGE_EXCLUDES variable before calling
+#    setup_target_for_coverage_*().
+#    Example:
+#      set(COVERAGE_EXCLUDES
+#          '${PROJECT_SOURCE_DIR}/src/dir1/*'
+#          '/path/to/my/src/dir2/*')
+#    Or, use the EXCLUDE argument to setup_target_for_coverage_*().
+#    Example:
+#      setup_target_for_coverage_lcov(
+#          NAME coverage
+#          EXECUTABLE testrunner
+#          EXCLUDE "${PROJECT_SOURCE_DIR}/src/dir1/*" "/path/to/my/src/dir2/*")
+#
+# 4.a NOTE: With CMake 3.4+, COVERAGE_EXCLUDES or EXCLUDE can also be set
+#     relative to the BASE_DIRECTORY (default: PROJECT_SOURCE_DIR)
+#     Example:
+#       set(COVERAGE_EXCLUDES "dir1/*")
+#       setup_target_for_coverage_gcovr_html(
+#           NAME coverage
+#           EXECUTABLE testrunner
+#           BASE_DIRECTORY "${PROJECT_SOURCE_DIR}/src"
+#           EXCLUDE "dir2/*")
+#
+# 5. Use the functions described below to create a custom make target which
+#    runs your test executable and produces a code coverage report.
+#
+# 6. Build a Debug build:
+#      cmake -DCMAKE_BUILD_TYPE=Debug ..
+#      make
+#      make my_coverage_target
+#
+
+include(CMakeParseArguments)
+
+option(CODE_COVERAGE_VERBOSE "Verbose information" FALSE)
+
+# Check prereqs
+find_program( GCOV_PATH gcov )
+find_program( LCOV_PATH  NAMES lcov lcov.bat lcov.exe lcov.perl)
+find_program( FASTCOV_PATH NAMES fastcov fastcov.py )
+find_program( GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat )
+find_program( GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
+find_program( CPPFILT_PATH NAMES c++filt )
+
+if(NOT GCOV_PATH)
+    message(FATAL_ERROR "gcov not found! Aborting...")
+endif() # NOT GCOV_PATH
+
+# Check supported compiler (Clang, GNU and Flang)
+get_property(LANGUAGES GLOBAL PROPERTY ENABLED_LANGUAGES)
+foreach(LANG ${LANGUAGES})
+  if("${CMAKE_${LANG}_COMPILER_ID}" MATCHES "(Apple)?[Cc]lang")
+    if("${CMAKE_${LANG}_COMPILER_VERSION}" VERSION_LESS 3)
+      message(FATAL_ERROR "Clang version must be 3.0.0 or greater! Aborting...")
+    endif()
+  elseif(NOT "${CMAKE_${LANG}_COMPILER_ID}" MATCHES "GNU"
+         AND NOT "${CMAKE_${LANG}_COMPILER_ID}" MATCHES "(LLVM)?[Ff]lang")
+    message(FATAL_ERROR "Compiler is not GNU or Flang! Aborting...")
+  endif()
+endforeach()
+
+set(COVERAGE_COMPILER_FLAGS "-g --coverage -fprofile-update=atomic"
+    CACHE INTERNAL "")
+
+if(CMAKE_CXX_COMPILER_ID MATCHES "(GNU|Clang)")
+    include(CheckCXXCompilerFlag)
+    check_cxx_compiler_flag(-fprofile-abs-path HAVE_cxx_fprofile_abs_path)
+    if(HAVE_cxx_fprofile_abs_path)
+        set(COVERAGE_CXX_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-abs-path")
+    endif()
+endif()
+if(CMAKE_C_COMPILER_ID MATCHES "(GNU|Clang)")
+    include(CheckCCompilerFlag)
+    check_c_compiler_flag(-fprofile-abs-path HAVE_c_fprofile_abs_path)
+    if(HAVE_c_fprofile_abs_path)
+        set(COVERAGE_C_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-abs-path")
+    endif()
+endif()
+
+set(CMAKE_Fortran_FLAGS_COVERAGE
+    ${COVERAGE_COMPILER_FLAGS}
+    CACHE STRING "Flags used by the Fortran compiler during coverage builds."
+    FORCE )
+set(CMAKE_CXX_FLAGS_COVERAGE
+    ${COVERAGE_COMPILER_FLAGS}
+    CACHE STRING "Flags used by the C++ compiler during coverage builds."
+    FORCE )
+set(CMAKE_C_FLAGS_COVERAGE
+    ${COVERAGE_COMPILER_FLAGS}
+    CACHE STRING "Flags used by the C compiler during coverage builds."
+    FORCE )
+set(CMAKE_EXE_LINKER_FLAGS_COVERAGE
+    ""
+    CACHE STRING "Flags used for linking binaries during coverage builds."
+    FORCE )
+set(CMAKE_SHARED_LINKER_FLAGS_COVERAGE
+    ""
+    CACHE STRING "Flags used by the shared libraries linker during coverage builds."
+    FORCE )
+mark_as_advanced(
+    CMAKE_Fortran_FLAGS_COVERAGE
+    CMAKE_CXX_FLAGS_COVERAGE
+    CMAKE_C_FLAGS_COVERAGE
+    CMAKE_EXE_LINKER_FLAGS_COVERAGE
+    CMAKE_SHARED_LINKER_FLAGS_COVERAGE )
+
+get_property(GENERATOR_IS_MULTI_CONFIG GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
+if(NOT (CMAKE_BUILD_TYPE STREQUAL "Debug" OR GENERATOR_IS_MULTI_CONFIG))
+    message(WARNING "Code coverage results with an optimised (non-Debug) build may be misleading")
+endif() # NOT (CMAKE_BUILD_TYPE STREQUAL "Debug" OR GENERATOR_IS_MULTI_CONFIG)
+
+if(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR CMAKE_Fortran_COMPILER_ID STREQUAL "GNU")
+    link_libraries(gcov)
+endif()
+
+# Defines a target for running and collection code coverage information
+# Builds dependencies, runs the given executable and outputs reports.
+# NOTE! The executable should always have a ZERO as exit code otherwise
+# the coverage generation will not complete.
+#
+# setup_target_for_coverage_lcov(
+#     NAME testrunner_coverage                    # New target name
+#     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
+#     DEPENDENCIES testrunner                     # Dependencies to build first
+#     BASE_DIRECTORY "../"                        # Base directory for report
+#                                                 #  (defaults to PROJECT_SOURCE_DIR)
+#     EXCLUDE "src/dir1/*" "src/dir2/*"           # Patterns to exclude (can be relative
+#                                                 #  to BASE_DIRECTORY, with CMake 3.4+)
+#     NO_DEMANGLE                                 # Don't demangle C++ symbols
+#                                                 #  even if c++filt is found
+# )
+function(setup_target_for_coverage_lcov)
+
+    set(options NO_DEMANGLE SONARQUBE)
+    set(oneValueArgs BASE_DIRECTORY NAME)
+    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES LCOV_ARGS GENHTML_ARGS)
+    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+    if(NOT LCOV_PATH)
+        message(FATAL_ERROR "lcov not found! Aborting...")
+    endif() # NOT LCOV_PATH
+
+    if(NOT GENHTML_PATH)
+        message(FATAL_ERROR "genhtml not found! Aborting...")
+    endif() # NOT GENHTML_PATH
+
+    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
+    if(DEFINED Coverage_BASE_DIRECTORY)
+        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
+    else()
+        set(BASEDIR ${PROJECT_SOURCE_DIR})
+    endif()
+
+    # Collect excludes (CMake 3.4+: Also compute absolute paths)
+    set(LCOV_EXCLUDES "")
+    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_LCOV_EXCLUDES})
+        if(CMAKE_VERSION VERSION_GREATER 3.4)
+            get_filename_component(EXCLUDE ${EXCLUDE} ABSOLUTE BASE_DIR ${BASEDIR})
+        endif()
+        list(APPEND LCOV_EXCLUDES "${EXCLUDE}")
+    endforeach()
+    list(REMOVE_DUPLICATES LCOV_EXCLUDES)
+
+    # Conditional arguments
+    if(CPPFILT_PATH AND NOT ${Coverage_NO_DEMANGLE})
+      set(GENHTML_EXTRA_ARGS "--demangle-cpp")
+    endif()
+
+    # Setting up commands which will be run to generate coverage data.
+    # Cleanup lcov
+    set(LCOV_CLEAN_CMD
+        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} -directory .
+        -b ${BASEDIR} --zerocounters
+    )
+    # Create baseline to make sure untouched files show up in the report
+    set(LCOV_BASELINE_CMD
+        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} -c -i -d . -b
+        ${BASEDIR} -o ${Coverage_NAME}.base
+    )
+    # Run tests
+    set(LCOV_EXEC_TESTS_CMD
+        ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS}
+    )
+    # Capturing lcov counters and generating report
+    set(LCOV_CAPTURE_CMD
+        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} --directory . -b
+        ${BASEDIR} --capture --output-file ${Coverage_NAME}.capture
+    )
+    # add baseline counters
+    set(LCOV_BASELINE_COUNT_CMD
+        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} -a ${Coverage_NAME}.base
+        -a ${Coverage_NAME}.capture --output-file ${Coverage_NAME}.total
+    )
+    # filter collected data to final coverage report
+    set(LCOV_FILTER_CMD
+        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} --remove
+        ${Coverage_NAME}.total ${LCOV_EXCLUDES} --output-file ${Coverage_NAME}.info
+    )
+    # Generate HTML output
+    set(LCOV_GEN_HTML_CMD
+        ${GENHTML_PATH} ${GENHTML_EXTRA_ARGS} ${Coverage_GENHTML_ARGS} -o
+        ${Coverage_NAME} ${Coverage_NAME}.info
+    )
+    if(${Coverage_SONARQUBE})
+        # Generate SonarQube output
+        set(GCOVR_XML_CMD
+            ${GCOVR_PATH} --sonarqube ${Coverage_NAME}_sonarqube.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
+            ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
+        )
+        set(GCOVR_XML_CMD_COMMAND
+            COMMAND ${GCOVR_XML_CMD}
+        )
+        set(GCOVR_XML_CMD_BYPRODUCTS ${Coverage_NAME}_sonarqube.xml)
+        set(GCOVR_XML_CMD_COMMENT COMMENT "SonarQube code coverage info report saved in ${Coverage_NAME}_sonarqube.xml.")
+    endif()
+
+
+    if(CODE_COVERAGE_VERBOSE)
+        message(STATUS "Executed command report")
+        message(STATUS "Command to clean up lcov: ")
+        string(REPLACE ";" " " LCOV_CLEAN_CMD_SPACED "${LCOV_CLEAN_CMD}")
+        message(STATUS "${LCOV_CLEAN_CMD_SPACED}")
+
+        message(STATUS "Command to create baseline: ")
+        string(REPLACE ";" " " LCOV_BASELINE_CMD_SPACED "${LCOV_BASELINE_CMD}")
+        message(STATUS "${LCOV_BASELINE_CMD_SPACED}")
+
+        message(STATUS "Command to run the tests: ")
+        string(REPLACE ";" " " LCOV_EXEC_TESTS_CMD_SPACED "${LCOV_EXEC_TESTS_CMD}")
+        message(STATUS "${LCOV_EXEC_TESTS_CMD_SPACED}")
+
+        message(STATUS "Command to capture counters and generate report: ")
+        string(REPLACE ";" " " LCOV_CAPTURE_CMD_SPACED "${LCOV_CAPTURE_CMD}")
+        message(STATUS "${LCOV_CAPTURE_CMD_SPACED}")
+
+        message(STATUS "Command to add baseline counters: ")
+        string(REPLACE ";" " " LCOV_BASELINE_COUNT_CMD_SPACED "${LCOV_BASELINE_COUNT_CMD}")
+        message(STATUS "${LCOV_BASELINE_COUNT_CMD_SPACED}")
+
+        message(STATUS "Command to filter collected data: ")
+        string(REPLACE ";" " " LCOV_FILTER_CMD_SPACED "${LCOV_FILTER_CMD}")
+        message(STATUS "${LCOV_FILTER_CMD_SPACED}")
+
+        message(STATUS "Command to generate lcov HTML output: ")
+        string(REPLACE ";" " " LCOV_GEN_HTML_CMD_SPACED "${LCOV_GEN_HTML_CMD}")
+        message(STATUS "${LCOV_GEN_HTML_CMD_SPACED}")
+
+        if(${Coverage_SONARQUBE})
+            message(STATUS "Command to generate SonarQube XML output: ")
+            string(REPLACE ";" " " GCOVR_XML_CMD_SPACED "${GCOVR_XML_CMD}")
+            message(STATUS "${GCOVR_XML_CMD_SPACED}")
+        endif()
+    endif()
+
+    # Setup target
+    add_custom_target(${Coverage_NAME}
+        COMMAND ${LCOV_CLEAN_CMD}
+        COMMAND ${LCOV_BASELINE_CMD}
+        COMMAND ${LCOV_EXEC_TESTS_CMD}
+        COMMAND ${LCOV_CAPTURE_CMD}
+        COMMAND ${LCOV_BASELINE_COUNT_CMD}
+        COMMAND ${LCOV_FILTER_CMD}
+        COMMAND ${LCOV_GEN_HTML_CMD}
+        ${GCOVR_XML_CMD_COMMAND}
+
+        # Set output files as GENERATED (will be removed on 'make clean')
+        BYPRODUCTS
+            ${Coverage_NAME}.base
+            ${Coverage_NAME}.capture
+            ${Coverage_NAME}.total
+            ${Coverage_NAME}.info
+            ${GCOVR_XML_CMD_BYPRODUCTS}
+            ${Coverage_NAME}/index.html
+        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+        DEPENDS ${Coverage_DEPENDENCIES}
+        VERBATIM # Protect arguments to commands
+        COMMENT "Resetting code coverage counters to zero.\nProcessing code coverage counters and generating report."
+    )
+
+    # Show where to find the lcov info report
+    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        COMMAND ;
+        COMMENT "Lcov code coverage info report saved in ${Coverage_NAME}.info."
+        ${GCOVR_XML_CMD_COMMENT}
+    )
+
+    # Show info where to find the report
+    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        COMMAND ;
+        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
+    )
+
+endfunction() # setup_target_for_coverage_lcov
+
+# Defines a target for running and collection code coverage information
+# Builds dependencies, runs the given executable and outputs reports.
+# NOTE! The executable should always have a ZERO as exit code otherwise
+# the coverage generation will not complete.
+#
+# setup_target_for_coverage_gcovr_xml(
+#     NAME ctest_coverage                    # New target name
+#     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
+#     DEPENDENCIES executable_target         # Dependencies to build first
+#     BASE_DIRECTORY "../"                   # Base directory for report
+#                                            #  (defaults to PROJECT_SOURCE_DIR)
+#     EXCLUDE "src/dir1/*" "src/dir2/*"      # Patterns to exclude (can be relative
+#                                            #  to BASE_DIRECTORY, with CMake 3.4+)
+# )
+# The user can set the variable GCOVR_ADDITIONAL_ARGS to supply additional flags to the
+# GCVOR command.
+function(setup_target_for_coverage_gcovr_xml)
+
+    set(options NONE)
+    set(oneValueArgs BASE_DIRECTORY NAME)
+    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
+    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+    if(NOT GCOVR_PATH)
+        message(FATAL_ERROR "gcovr not found! Aborting...")
+    endif() # NOT GCOVR_PATH
+
+    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
+    if(DEFINED Coverage_BASE_DIRECTORY)
+        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
+    else()
+        set(BASEDIR ${PROJECT_SOURCE_DIR})
+    endif()
+
+    # Collect excludes (CMake 3.4+: Also compute absolute paths)
+    set(GCOVR_EXCLUDES "")
+    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_GCOVR_EXCLUDES})
+        if(CMAKE_VERSION VERSION_GREATER 3.4)
+            get_filename_component(EXCLUDE ${EXCLUDE} ABSOLUTE BASE_DIR ${BASEDIR})
+        endif()
+        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
+    endforeach()
+    list(REMOVE_DUPLICATES GCOVR_EXCLUDES)
+
+    # Combine excludes to several -e arguments
+    set(GCOVR_EXCLUDE_ARGS "")
+    foreach(EXCLUDE ${GCOVR_EXCLUDES})
+        list(APPEND GCOVR_EXCLUDE_ARGS "-e")
+        list(APPEND GCOVR_EXCLUDE_ARGS "${EXCLUDE}")
+    endforeach()
+
+    # Set up commands which will be run to generate coverage data
+    # Run tests
+    set(GCOVR_XML_EXEC_TESTS_CMD
+        ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS}
+    )
+    # Running gcovr
+    set(GCOVR_XML_CMD
+        ${GCOVR_PATH} --xml ${Coverage_NAME}.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
+        ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
+    )
+
+    if(CODE_COVERAGE_VERBOSE)
+        message(STATUS "Executed command report")
+
+        message(STATUS "Command to run tests: ")
+        string(REPLACE ";" " " GCOVR_XML_EXEC_TESTS_CMD_SPACED "${GCOVR_XML_EXEC_TESTS_CMD}")
+        message(STATUS "${GCOVR_XML_EXEC_TESTS_CMD_SPACED}")
+
+        message(STATUS "Command to generate gcovr XML coverage data: ")
+        string(REPLACE ";" " " GCOVR_XML_CMD_SPACED "${GCOVR_XML_CMD}")
+        message(STATUS "${GCOVR_XML_CMD_SPACED}")
+    endif()
+
+    add_custom_target(${Coverage_NAME}
+        COMMAND ${GCOVR_XML_EXEC_TESTS_CMD}
+        COMMAND ${GCOVR_XML_CMD}
+
+        BYPRODUCTS ${Coverage_NAME}.xml
+        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+        DEPENDS ${Coverage_DEPENDENCIES}
+        VERBATIM # Protect arguments to commands
+        COMMENT "Running gcovr to produce Cobertura code coverage report."
+    )
+
+    # Show info where to find the report
+    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        COMMAND ;
+        COMMENT "Cobertura code coverage report saved in ${Coverage_NAME}.xml."
+    )
+endfunction() # setup_target_for_coverage_gcovr_xml
+
+# Defines a target for running and collection code coverage information
+# Builds dependencies, runs the given executable and outputs reports.
+# NOTE! The executable should always have a ZERO as exit code otherwise
+# the coverage generation will not complete.
+#
+# setup_target_for_coverage_gcovr_html(
+#     NAME ctest_coverage                    # New target name
+#     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
+#     DEPENDENCIES executable_target         # Dependencies to build first
+#     BASE_DIRECTORY "../"                   # Base directory for report
+#                                            #  (defaults to PROJECT_SOURCE_DIR)
+#     EXCLUDE "src/dir1/*" "src/dir2/*"      # Patterns to exclude (can be relative
+#                                            #  to BASE_DIRECTORY, with CMake 3.4+)
+# )
+# The user can set the variable GCOVR_ADDITIONAL_ARGS to supply additional flags to the
+# GCVOR command.
+function(setup_target_for_coverage_gcovr_html)
+
+    set(options NONE)
+    set(oneValueArgs BASE_DIRECTORY NAME)
+    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
+    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+    if(NOT GCOVR_PATH)
+        message(FATAL_ERROR "gcovr not found! Aborting...")
+    endif() # NOT GCOVR_PATH
+
+    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
+    if(DEFINED Coverage_BASE_DIRECTORY)
+        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
+    else()
+        set(BASEDIR ${PROJECT_SOURCE_DIR})
+    endif()
+
+    # Collect excludes (CMake 3.4+: Also compute absolute paths)
+    set(GCOVR_EXCLUDES "")
+    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_GCOVR_EXCLUDES})
+        if(CMAKE_VERSION VERSION_GREATER 3.4)
+            get_filename_component(EXCLUDE ${EXCLUDE} ABSOLUTE BASE_DIR ${BASEDIR})
+        endif()
+        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
+    endforeach()
+    list(REMOVE_DUPLICATES GCOVR_EXCLUDES)
+
+    # Combine excludes to several -e arguments
+    set(GCOVR_EXCLUDE_ARGS "")
+    foreach(EXCLUDE ${GCOVR_EXCLUDES})
+        list(APPEND GCOVR_EXCLUDE_ARGS "-e")
+        list(APPEND GCOVR_EXCLUDE_ARGS "${EXCLUDE}")
+    endforeach()
+
+    # Set up commands which will be run to generate coverage data
+    # Run tests
+    set(GCOVR_HTML_EXEC_TESTS_CMD
+        ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS}
+    )
+    # Create folder
+    set(GCOVR_HTML_FOLDER_CMD
+        ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}
+    )
+    # Running gcovr
+    set(GCOVR_HTML_CMD
+        ${GCOVR_PATH} --html ${Coverage_NAME}/index.html --html-details -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
+        ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
+    )
+
+    if(CODE_COVERAGE_VERBOSE)
+        message(STATUS "Executed command report")
+
+        message(STATUS "Command to run tests: ")
+        string(REPLACE ";" " " GCOVR_HTML_EXEC_TESTS_CMD_SPACED "${GCOVR_HTML_EXEC_TESTS_CMD}")
+        message(STATUS "${GCOVR_HTML_EXEC_TESTS_CMD_SPACED}")
+
+        message(STATUS "Command to create a folder: ")
+        string(REPLACE ";" " " GCOVR_HTML_FOLDER_CMD_SPACED "${GCOVR_HTML_FOLDER_CMD}")
+        message(STATUS "${GCOVR_HTML_FOLDER_CMD_SPACED}")
+
+        message(STATUS "Command to generate gcovr HTML coverage data: ")
+        string(REPLACE ";" " " GCOVR_HTML_CMD_SPACED "${GCOVR_HTML_CMD}")
+        message(STATUS "${GCOVR_HTML_CMD_SPACED}")
+    endif()
+
+    add_custom_target(${Coverage_NAME}
+        COMMAND ${GCOVR_HTML_EXEC_TESTS_CMD}
+        COMMAND ${GCOVR_HTML_FOLDER_CMD}
+        COMMAND ${GCOVR_HTML_CMD}
+
+        BYPRODUCTS ${PROJECT_BINARY_DIR}/${Coverage_NAME}/index.html  # report directory
+        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+        DEPENDS ${Coverage_DEPENDENCIES}
+        VERBATIM # Protect arguments to commands
+        COMMENT "Running gcovr to produce HTML code coverage report."
+    )
+
+    # Show info where to find the report
+    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        COMMAND ;
+        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
+    )
+
+endfunction() # setup_target_for_coverage_gcovr_html
+
+# Defines a target for running and collection code coverage information
+# Builds dependencies, runs the given executable and outputs reports.
+# NOTE! The executable should always have a ZERO as exit code otherwise
+# the coverage generation will not complete.
+#
+# setup_target_for_coverage_fastcov(
+#     NAME testrunner_coverage                    # New target name
+#     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
+#     DEPENDENCIES testrunner                     # Dependencies to build first
+#     BASE_DIRECTORY "../"                        # Base directory for report
+#                                                 #  (defaults to PROJECT_SOURCE_DIR)
+#     EXCLUDE "src/dir1/" "src/dir2/"             # Patterns to exclude.
+#     NO_DEMANGLE                                 # Don't demangle C++ symbols
+#                                                 #  even if c++filt is found
+#     SKIP_HTML                                   # Don't create html report
+#     POST_CMD perl -i -pe s!${PROJECT_SOURCE_DIR}/!!g ctest_coverage.json  # E.g. for stripping source dir from file paths
+# )
+function(setup_target_for_coverage_fastcov)
+
+    set(options NO_DEMANGLE SKIP_HTML)
+    set(oneValueArgs BASE_DIRECTORY NAME)
+    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES FASTCOV_ARGS GENHTML_ARGS POST_CMD)
+    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+    if(NOT FASTCOV_PATH)
+        message(FATAL_ERROR "fastcov not found! Aborting...")
+    endif()
+
+    if(NOT Coverage_SKIP_HTML AND NOT GENHTML_PATH)
+        message(FATAL_ERROR "genhtml not found! Aborting...")
+    endif()
+
+    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
+    if(Coverage_BASE_DIRECTORY)
+        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
+    else()
+        set(BASEDIR ${PROJECT_SOURCE_DIR})
+    endif()
+
+    # Collect excludes (Patterns, not paths, for fastcov)
+    set(FASTCOV_EXCLUDES "")
+    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_FASTCOV_EXCLUDES})
+        list(APPEND FASTCOV_EXCLUDES "${EXCLUDE}")
+    endforeach()
+    list(REMOVE_DUPLICATES FASTCOV_EXCLUDES)
+
+    # Conditional arguments
+    if(CPPFILT_PATH AND NOT ${Coverage_NO_DEMANGLE})
+        set(GENHTML_EXTRA_ARGS "--demangle-cpp")
+    endif()
+
+    # Set up commands which will be run to generate coverage data
+    set(FASTCOV_EXEC_TESTS_CMD ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS})
+
+    set(FASTCOV_CAPTURE_CMD ${FASTCOV_PATH} ${Coverage_FASTCOV_ARGS} --gcov ${GCOV_PATH}
+        --search-directory ${BASEDIR}
+        --process-gcno
+        --output ${Coverage_NAME}.json
+        --exclude ${FASTCOV_EXCLUDES}
+    )
+
+    set(FASTCOV_CONVERT_CMD ${FASTCOV_PATH}
+        -C ${Coverage_NAME}.json --lcov --output ${Coverage_NAME}.info
+    )
+
+    if(Coverage_SKIP_HTML)
+        set(FASTCOV_HTML_CMD ";")
+    else()
+        set(FASTCOV_HTML_CMD ${GENHTML_PATH} ${GENHTML_EXTRA_ARGS} ${Coverage_GENHTML_ARGS}
+            -o ${Coverage_NAME} ${Coverage_NAME}.info
+        )
+    endif()
+
+    set(FASTCOV_POST_CMD ";")
+    if(Coverage_POST_CMD)
+        set(FASTCOV_POST_CMD ${Coverage_POST_CMD})
+    endif()
+
+    if(CODE_COVERAGE_VERBOSE)
+        message(STATUS "Code coverage commands for target ${Coverage_NAME} (fastcov):")
+
+        message("   Running tests:")
+        string(REPLACE ";" " " FASTCOV_EXEC_TESTS_CMD_SPACED "${FASTCOV_EXEC_TESTS_CMD}")
+        message("     ${FASTCOV_EXEC_TESTS_CMD_SPACED}")
+
+        message("   Capturing fastcov counters and generating report:")
+        string(REPLACE ";" " " FASTCOV_CAPTURE_CMD_SPACED "${FASTCOV_CAPTURE_CMD}")
+        message("     ${FASTCOV_CAPTURE_CMD_SPACED}")
+
+        message("   Converting fastcov .json to lcov .info:")
+        string(REPLACE ";" " " FASTCOV_CONVERT_CMD_SPACED "${FASTCOV_CONVERT_CMD}")
+        message("     ${FASTCOV_CONVERT_CMD_SPACED}")
+
+        if(NOT Coverage_SKIP_HTML)
+            message("   Generating HTML report: ")
+            string(REPLACE ";" " " FASTCOV_HTML_CMD_SPACED "${FASTCOV_HTML_CMD}")
+            message("     ${FASTCOV_HTML_CMD_SPACED}")
+        endif()
+        if(Coverage_POST_CMD)
+            message("   Running post command: ")
+            string(REPLACE ";" " " FASTCOV_POST_CMD_SPACED "${FASTCOV_POST_CMD}")
+            message("     ${FASTCOV_POST_CMD_SPACED}")
+        endif()
+    endif()
+
+    # Setup target
+    add_custom_target(${Coverage_NAME}
+
+        # Cleanup fastcov
+        COMMAND ${FASTCOV_PATH} ${Coverage_FASTCOV_ARGS} --gcov ${GCOV_PATH}
+            --search-directory ${BASEDIR}
+            --zerocounters
+
+        COMMAND ${FASTCOV_EXEC_TESTS_CMD}
+        COMMAND ${FASTCOV_CAPTURE_CMD}
+        COMMAND ${FASTCOV_CONVERT_CMD}
+        COMMAND ${FASTCOV_HTML_CMD}
+        COMMAND ${FASTCOV_POST_CMD}
+
+        # Set output files as GENERATED (will be removed on 'make clean')
+        BYPRODUCTS
+             ${Coverage_NAME}.info
+             ${Coverage_NAME}.json
+             ${Coverage_NAME}/index.html  # report directory
+
+        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+        DEPENDS ${Coverage_DEPENDENCIES}
+        VERBATIM # Protect arguments to commands
+        COMMENT "Resetting code coverage counters to zero. Processing code coverage counters and generating report."
+    )
+
+    set(INFO_MSG "fastcov code coverage info report saved in ${Coverage_NAME}.info and ${Coverage_NAME}.json.")
+    if(NOT Coverage_SKIP_HTML)
+        string(APPEND INFO_MSG " Open ${PROJECT_BINARY_DIR}/${Coverage_NAME}/index.html in your browser to view the coverage report.")
+    endif()
+    # Show where to find the fastcov info report
+    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
+        COMMAND ${CMAKE_COMMAND} -E echo ${INFO_MSG}
+    )
+
+endfunction() # setup_target_for_coverage_fastcov
+
+function(append_coverage_compiler_flags)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
+    set(CMAKE_Fortran_FLAGS "${CMAKE_Fortran_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
+    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
+endfunction() # append_coverage_compiler_flags
+
+# Setup coverage for specific library
+function(append_coverage_compiler_flags_to_target name)
+    separate_arguments(_flag_list NATIVE_COMMAND "${COVERAGE_COMPILER_FLAGS}")
+    target_compile_options(${name} PRIVATE ${_flag_list})
+    if(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR CMAKE_CXX_COMPILER_ID STREQUAL "GNU" OR CMAKE_Fortran_COMPILER_ID STREQUAL "GNU")
+        target_link_libraries(${name} PRIVATE gcov)
+    endif()
+endfunction()
diff --git a/libssh/cmake/Modules/DefineCMakeDefaults.cmake b/libssh/cmake/Modules/DefineCMakeDefaults.cmake
index ef4fb337..6f369faa 100644
--- a/libssh/cmake/Modules/DefineCMakeDefaults.cmake
+++ b/libssh/cmake/Modules/DefineCMakeDefaults.cmake
@@ -6,7 +6,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON)
 
 # Put the include dirs which are in the source or build tree
 # before all other include dirs, so the headers in the sources
-# are prefered over the already installed ones
+# are preferred over the already installed ones
 # since cmake 2.4.1
 set(CMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE ON)
 
diff --git a/libssh/cmake/Modules/ExtractSymbols.cmake b/libssh/cmake/Modules/ExtractSymbols.cmake
index f7829334..95c850b6 100644
--- a/libssh/cmake/Modules/ExtractSymbols.cmake
+++ b/libssh/cmake/Modules/ExtractSymbols.cmake
@@ -50,15 +50,28 @@ file(READ ${HEADERS_LIST_FILE} HEADERS_LIST)
 
 set(symbols)
 foreach(header ${HEADERS_LIST})
+    file(READ ${header} header_content)
 
     # Filter only lines containing the FILTER_PATTERN
-    file(STRINGS ${header} contain_filter
-      REGEX "^.*${FILTER_PATTERN}.*[(]"
+    # separated from the function name with one optional newline
+    string(REGEX MATCHALL
+      "${FILTER_PATTERN}[^(\n]*\n?[^(\n]*[(]"
+      contain_filter
+      "${header_content}"
+    )
+
+    # Remove the optional newline now
+    string(REGEX REPLACE
+      "(.+)\n?(.*)"
+      "\\1\\2"
+      oneline
+      "${contain_filter}"
     )
 
     # Remove function-like macros
-    foreach(line ${contain_filter})
-        if (NOT ${line} MATCHES ".*#[ ]*define")
+    # and anything with two underscores that sounds suspicious
+    foreach(line ${oneline})
+        if (NOT ${line} MATCHES ".*(#[ ]*define|__)")
             list(APPEND not_macro ${line})
         endif()
     endforeach()
diff --git a/libssh/cmake/Modules/FindABIMap.cmake b/libssh/cmake/Modules/FindABIMap.cmake
index 5117b498..e7f725d2 100644
--- a/libssh/cmake/Modules/FindABIMap.cmake
+++ b/libssh/cmake/Modules/FindABIMap.cmake
@@ -220,13 +220,12 @@
 
 # Search for python which is required
 if (ABIMap_FIND_REQURIED)
-    find_package(PythonInterp REQUIRED)
+    find_package(Python REQUIRED)
 else()
-    find_package(PythonInterp)
+    find_package(Python)
 endif()
 
-
-if (PYTHONINTERP_FOUND)
+if (TARGET Python::Interpreter)
     # Search for abimap tool used to generate the map files
     find_program(ABIMAP_EXECUTABLE NAMES abimap DOC "path to the abimap executable")
     mark_as_advanced(ABIMAP_EXECUTABLE)
diff --git a/libssh/cmake/Modules/FindArgp.cmake b/libssh/cmake/Modules/FindArgp.cmake
index 454965ac..13d74637 100644
--- a/libssh/cmake/Modules/FindArgp.cmake
+++ b/libssh/cmake/Modules/FindArgp.cmake
@@ -1,4 +1,8 @@
 # - Try to find ARGP
+#
+# The argp can be either shipped as part of libc (ex. glibc) or as a separate
+# library that requires additional linking (ex. Windows, Mac, musl libc, ...)
+#
 # Once done this will define
 #
 #  ARGP_ROOT_DIR - Set this variable to the root installation of ARGP
@@ -60,7 +64,7 @@ if (ARGP_LIBRARY)
 endif (ARGP_LIBRARY)
 
 include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(ARGP DEFAULT_MSG ARGP_LIBRARIES ARGP_INCLUDE_DIR)
+find_package_handle_standard_args(Argp DEFAULT_MSG ARGP_LIBRARIES ARGP_INCLUDE_DIR)
 
 # show the ARGP_INCLUDE_DIR and ARGP_LIBRARIES variables only in the advanced view
 mark_as_advanced(ARGP_INCLUDE_DIR ARGP_LIBRARIES)
diff --git a/libssh/cmake/Modules/FindGCrypt.cmake b/libssh/cmake/Modules/FindGCrypt.cmake
index b1f73d81..e28cb846 100644
--- a/libssh/cmake/Modules/FindGCrypt.cmake
+++ b/libssh/cmake/Modules/FindGCrypt.cmake
@@ -39,6 +39,15 @@ find_path(GCRYPT_INCLUDE_DIR
         include
 )
 
+find_path(GCRYPT_ERROR_INCLUDE_DIR
+    NAMES
+        gpg-error.h
+    HINTS
+        ${_GCRYPT_ROOT_HINTS_AND_PATHS}
+    PATH_SUFFIXES
+        include
+)
+
 find_library(GCRYPT_LIBRARY
     NAMES
         gcrypt
@@ -56,8 +65,10 @@ find_library(GCRYPT_ERROR_LIBRARY
         libgpg-error6-0
     HINTS
         ${_GCRYPT_ROOT_HINTS_AND_PATHS}
+    PATH_SUFFIXES
+        lib        
 )
-set(GCRYPT_LIBRARIES ${GCRYPT_LIBRARY}  ${GCRYPT_ERROR_LIBRARY})
+set(GCRYPT_LIBRARIES ${GCRYPT_ERROR_LIBRARY} ${GCRYPT_LIBRARY})
 
 if (GCRYPT_INCLUDE_DIR)
     file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" _gcrypt_version_str REGEX "^#define GCRYPT_VERSION \"[0-9]+\\.[0-9]+\\.[0-9]")
@@ -83,5 +94,25 @@ else (GCRYPT_VERSION)
         GCRYPT_LIBRARIES)
 endif (GCRYPT_VERSION)
 
-# show the GCRYPT_INCLUDE_DIRS and GCRYPT_LIBRARIES variables only in the advanced view
-mark_as_advanced(GCRYPT_INCLUDE_DIR GCRYPT_LIBRARIES)
+# show the GCRYPT_INCLUDE_DIRS, GCRYPT_LIBRARIES and GCRYPT_ERROR_INCLUDE_DIR variables only in the advanced view
+mark_as_advanced(GCRYPT_INCLUDE_DIR GCRYPT_ERROR_INCLUDE_DIR GCRYPT_LIBRARIES)
+
+if(GCRYPT_FOUND)
+  if(NOT TARGET libgcrypt::libgcrypt)
+      add_library(libgcrypt::libgcrypt UNKNOWN IMPORTED)
+      set_target_properties(libgcrypt::libgcrypt PROPERTIES
+                            INTERFACE_INCLUDE_DIRECTORIES "${GCRYPT_INCLUDE_DIR}"
+                            INTERFACE_LINK_LIBRARIES libgcrypt::libgcrypt
+                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                            IMPORTED_LOCATION "${GCRYPT_LIBRARY}")
+  endif()
+  
+  if(NOT TARGET libgpg-error::libgpg-error)
+      add_library(libgpg-error::libgpg-error UNKNOWN IMPORTED)
+      set_target_properties(libgpg-error::libgpg-error PROPERTIES
+                            INTERFACE_INCLUDE_DIRECTORIES "${GCRYPT_ERROR_INCLUDE_DIR}"
+                            INTERFACE_LINK_LIBRARIES libgpg-error::libgpg-error
+                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                            IMPORTED_LOCATION "${GCRYPT_ERROR_LIBRARY}")
+  endif()
+endif()
diff --git a/libssh/cmake/Modules/FindGSSAPI.cmake b/libssh/cmake/Modules/FindGSSAPI.cmake
index 4c3f44b1..d227d8dd 100644
--- a/libssh/cmake/Modules/FindGSSAPI.cmake
+++ b/libssh/cmake/Modules/FindGSSAPI.cmake
@@ -5,7 +5,7 @@
 #  GSSAPI_ROOT_DIR - Set this variable to the root installation of GSSAPI
 #
 # Read-Only variables:
-#  GSSAPI_FLAVOR_MIT - set to TURE if MIT Kerberos has been found
+#  GSSAPI_FLAVOR_MIT - set to TRUE if MIT Kerberos has been found
 #  GSSAPI_FLAVOR_HEIMDAL - set to TRUE if Heimdal Keberos has been found
 #  GSSAPI_FOUND - system has GSSAPI
 #  GSSAPI_INCLUDE_DIR - the GSSAPI include directory
diff --git a/libssh/cmake/Modules/FindMbedTLS.cmake b/libssh/cmake/Modules/FindMbedTLS.cmake
index baec8adc..67119ab8 100644
--- a/libssh/cmake/Modules/FindMbedTLS.cmake
+++ b/libssh/cmake/Modules/FindMbedTLS.cmake
@@ -34,7 +34,7 @@ set(_MBEDTLS_ROOT_HINTS_AND_PATHS
 
 find_path(MBEDTLS_INCLUDE_DIR
     NAMES
-        mbedtls/config.h
+        mbedtls/ssl.h
     HINTS
         ${_MBEDTLS_ROOT_HINTS_AND_PATHS}
     PATH_SUFFIXES
@@ -73,6 +73,14 @@ set(MBEDTLS_LIBRARIES ${MBEDTLS_SSL_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY}
         ${MBEDTLS_X509_LIBRARY})
 
 if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
+    # mbedtls 2.8
+    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _mbedtls_version_str REGEX
+            "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
+
+    string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*"
+            "\\1" MBEDTLS_VERSION "${_mbedtls_version_str}")
+elseif (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h")
+    # mbedtls 3.6
     file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _mbedtls_version_str REGEX
             "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
 
@@ -93,8 +101,8 @@ if (MBEDTLS_VERSION)
             in the system variable MBEDTLS_ROOT_DIR"
     )
 else (MBEDTLS_VERSION)
-    find_package_handle_standard_args(MBedTLS
-        "Could NOT find mbedTLS, try to set the path to mbedLS root folder in
+    find_package_handle_standard_args(MbedTLS
+        "Could NOT find mbedTLS, try to set the path to mbedTLS root folder in
         the system variable MBEDTLS_ROOT_DIR"
         MBEDTLS_INCLUDE_DIR
         MBEDTLS_LIBRARIES)
@@ -102,3 +110,32 @@ endif (MBEDTLS_VERSION)
 
 # show the MBEDTLS_INCLUDE_DIRS and MBEDTLS_LIBRARIES variables only in the advanced view
 mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES)
+
+if(MBEDTLS_FOUND)
+  if(NOT TARGET MbedTLS::mbedcrypto)
+      add_library(MbedTLS::mbedcrypto UNKNOWN IMPORTED)
+      set_target_properties(MbedTLS::mbedcrypto PROPERTIES
+                            INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}"
+                            INTERFACE_LINK_LIBRARIES MbedTLS::mbedcrypto
+                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                            IMPORTED_LOCATION "${MBEDTLS_CRYPTO_LIBRARY}")
+  endif()
+
+  if(NOT TARGET MbedTLS::mbedx509)
+      add_library(MbedTLS::mbedx509 UNKNOWN IMPORTED)
+      set_target_properties(MbedTLS::mbedx509 PROPERTIES
+                            INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}"
+                            INTERFACE_LINK_LIBRARIES MbedTLS::mbedx509
+                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                            IMPORTED_LOCATION "${MBEDTLS_X509_LIBRARY}")
+  endif()
+
+  if(NOT TARGET MbedTLS::mbedtls)
+      add_library(MbedTLS::mbedtls UNKNOWN IMPORTED)
+      set_target_properties(MbedTLS::mbedtls PROPERTIES
+                            INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}"
+                            INTERFACE_LINK_LIBRARIES MbedTLS::mbedtls
+                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                            IMPORTED_LOCATION "${MBEDTLS_LIBRARY}")
+  endif()
+endif()
diff --git a/libssh/config.h.cmake b/libssh/config.h.cmake
index 1357615b..8dce5273 100644
--- a/libssh/config.h.cmake
+++ b/libssh/config.h.cmake
@@ -58,15 +58,15 @@
 /* Define to 1 if you have the <stdint.h> header file. */
 #cmakedefine HAVE_STDINT_H 1
 
+/* Define to 1 if you have the <ifaddrs.h> header file. */
+#cmakedefine HAVE_IFADDRS_H 1
+
 /* Define to 1 if you have the <openssl/aes.h> header file. */
 #cmakedefine HAVE_OPENSSL_AES_H 1
 
 /* Define to 1 if you have the <wspiapi.h> header file. */
 #cmakedefine HAVE_WSPIAPI_H 1
 
-/* Define to 1 if you have the <openssl/blowfish.h> header file. */
-#cmakedefine HAVE_OPENSSL_BLOWFISH_H 1
-
 /* Define to 1 if you have the <openssl/des.h> header file. */
 #cmakedefine HAVE_OPENSSL_DES_H 1
 
@@ -82,30 +82,18 @@
 /* Define to 1 if you have the <pthread.h> header file. */
 #cmakedefine HAVE_PTHREAD_H 1
 
-/* Define to 1 if you have eliptic curve cryptography in openssl */
+/* Define to 1 if you have elliptic curve cryptography in openssl */
 #cmakedefine HAVE_OPENSSL_ECC 1
 
-/* Define to 1 if you have eliptic curve cryptography in gcrypt */
+/* Define to 1 if you have elliptic curve cryptography in gcrypt */
 #cmakedefine HAVE_GCRYPT_ECC 1
 
-/* Define to 1 if you have eliptic curve cryptography */
+/* Define to 1 if you have elliptic curve cryptography */
 #cmakedefine HAVE_ECC 1
 
-/* Define to 1 if you have DSA */
-#cmakedefine HAVE_DSA 1
-
-/* Define to 1 if you have gl_flags as a glob_t sturct member */
+/* Define to 1 if you have gl_flags as a glob_t struct member */
 #cmakedefine HAVE_GLOB_GL_FLAGS_MEMBER 1
 
-/* Define to 1 if you have OpenSSL with Ed25519 support */
-#cmakedefine HAVE_OPENSSL_ED25519 1
-
-/* Define to 1 if you have OpenSSL with X25519 support */
-#cmakedefine HAVE_OPENSSL_X25519 1
-
-/* Define to 1 if you have OpenSSL with Poly1305 support */
-#cmakedefine HAVE_OPENSSL_EVP_POLY1305 1
-
 /* Define to 1 if you have gcrypt with ChaCha20/Poly1305 support */
 #cmakedefine HAVE_GCRYPT_CHACHA_POLY 1
 
@@ -120,15 +108,6 @@
 /* Define to 1 if you have the `FIPS_mode' function. */
 #cmakedefine HAVE_OPENSSL_FIPS_MODE 1
 
-/* Define to 1 if you have the `EVP_DigestSign' function. */
-#cmakedefine HAVE_OPENSSL_EVP_DIGESTSIGN 1
-
-/* Define to 1 if you have the `EVP_DigestVerify' function. */
-#cmakedefine HAVE_OPENSSL_EVP_DIGESTVERIFY 1
-
-/* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */
-#cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1
-
 /* Define to 1 if you have the `snprintf' function. */
 #cmakedefine HAVE_SNPRINTF 1
 
@@ -201,6 +180,9 @@
 /* Define to 1 if you have the `cmocka_set_test_filter' function. */
 #cmakedefine HAVE_CMOCKA_SET_TEST_FILTER 1
 
+/* Define to 1 if we have support for blowfish */
+#cmakedefine HAVE_BLOWFISH 1
+
 /*************************** LIBRARIES ***************************/
 
 /* Define to 1 if you have the `crypto' library (-lcrypto). */
@@ -252,9 +234,14 @@
 /* Define to 1 if you want to enable DH group exchange algorithms */
 #cmakedefine WITH_GEX 1
 
-/* Define to 1 if you want to enable none cipher and MAC */
+/* Define to 1 if you want to enable insecure none cipher and MAC */
 #cmakedefine WITH_INSECURE_NONE 1
 
+/* Define to 1 if you want to allow libssh to execute arbitrary commands from
+ * configuration files or options (match exec, proxy commands and OpenSSH-based
+ * proxy-jumps). */
+#cmakedefine WITH_EXEC 1
+
 /* Define to 1 if you want to enable blowfish cipher support */
 #cmakedefine WITH_BLOWFISH_CIPHER 1
 
@@ -276,6 +263,9 @@
 /* Define to 1 if you want to enable PKCS #11 URI support */
 #cmakedefine WITH_PKCS11_URI 1
 
+/* Define to 1 if we want to build a support for PKCS #11 provider. */
+#cmakedefine WITH_PKCS11_PROVIDER 1
+
 /*************************** ENDIAN *****************************/
 
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
diff --git a/libssh/doc/CMakeLists.txt b/libssh/doc/CMakeLists.txt
index 259424b4..c8b5a7e5 100644
--- a/libssh/doc/CMakeLists.txt
+++ b/libssh/doc/CMakeLists.txt
@@ -14,11 +14,13 @@ if (DOXYGEN_FOUND)
     set(DOXYGEN_OPTIMIZE_OUTPUT_FOR_C YES)
     set(DOXYGEN_MARKDOWN_SUPPORT YES)
     set(DOXYGEN_FULL_PATH_NAMES NO)
+    set(DOXYGEN_GENERATE_TAGFILE "tags.xml")
 
     set(DOXYGEN_PREDEFINED DOXYGEN
                            WITH_SERVER
                            WITH_SFTP
-                           PRINTF_ATTRIBUTE(x,y))
+                           PRINTF_ATTRIBUTE\(x,y\))
+    set(DOXYGEN_DOT_GRAPH_MAX_NODES 100)
 
     set(DOXYGEN_EXCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/that_style)
     set(DOXYGEN_HTML_HEADER ${CMAKE_CURRENT_SOURCE_DIR}/that_style/header.html)
@@ -34,6 +36,44 @@ if (DOXYGEN_FOUND)
                                  ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/folderclosed.svg
                                  ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/folderopen.svg
                                  ${CMAKE_CURRENT_SOURCE_DIR}/that_style/js/striped_bg.js)
+     set(DOXYGEN_EXCLUDE_PATTERNS */src/external/* fe25519.h ge25519.h sc25519.h
+                                  blf.h)
+     set(DOXYGEN_EXCLUDE_SYMBOLS_STRUCTS chacha20_poly1305_keysched,dh_ctx,dh_ctx,dh_keypair,error_struct,
+                                         packet_struct,pem_get_password_struct,ssh_tokens_st,
+                                         sftp_attributes_struct,sftp_client_message_struct,
+                                         sftp_dir_struct,sftp_ext_struct,sftp_file_struct,sftp_message_struct,
+                                         sftp_packet_struct,sftp_request_queue_struct,sftp_session_struct,
+                                         sftp_status_message_struct,ssh_agent_state_struct,
+                                         ssh_agent_struct,ssh_auth_auto_state_struct,ssh_auth_request,
+                                         ssh_bind_config_keyword_table_s,ssh_bind_config_match_keyword_table_s,
+                                         ssh_bind_struct,ssh_buffer_struct,ssh_channel_callbacks_struct,
+                                         ssh_channel_read_termination_struct,ssh_channel_request,
+                                         ssh_channel_request_open,ssh_channel_struct,ssh_cipher_struct,
+                                         ssh_common_struct,ssh_config_keyword_table_s,
+                                         ssh_config_match_keyword_table_s,ssh_connector_struct,
+                                         ssh_counter_struct,ssh_crypto_struct,ssh_event_fd_wrapper,
+                                         ssh_event_struct,ssh_global_request,ssh_gssapi_struct,ssh_hmac_struct,
+                                         ssh_iterator,ssh_kbdint_struct,ssh_kex_struct,ssh_key_struct,
+                                         ssh_knownhosts_entry,ssh_list,ssh_mac_ctx_struct,ssh_message_struct,
+                                         ssh_packet_callbacks_struct,ssh_packet_header,ssh_poll_ctx_struct,
+                                         ssh_poll_handle_struct,ssh_pollfd_struct,ssh_private_key_struct,
+                                         ssh_public_key_struct,ssh_scp_struct,ssh_service_request,
+                                         ssh_session_struct,ssh_signature_struct,ssh_socket_struct,
+                                         ssh_string_struct,ssh_threads_callbacks_struct,ssh_timestamp,)
+     set(DOXYGEN_EXCLUDE_SYMBOLS_MACRO SSH_FXP*,SSH_SOCKET*,SERVERBANNER,SOCKOPT_TYPE_ARG4,SSH_FILEXFER*,
+                                       SSH_FXF*,SSH_S_*,SFTP_*,NSS_BUFLEN_PASSWD,CLOCK,MAX_LINE_SIZE,
+                                       PKCS11_URI,KNOWNHOSTS_MAXTYPES,)
+     set(DOXYGEN_EXCLUDE_SYMBOLS_TYPEDEFS sftp_attributes,sftp_client_message,sftp_dir,sftp_ext,sftp_file,
+                                          sftp_message,sftp_packet,sftp_request_queue,sftp_session,
+                                          sftp_status_message,sftp_statvfs_t,poll_fn,ssh_callback_int,
+                                          ssh_callback_data,ssh_callback_int_int,ssh_message_callback,
+                                          ssh_channel_callback_int,ssh_channel_callback_data,ssh_callbacks,
+                                          ssh_gssapi_select_oid_callback,ssh_gssapi_accept_sec_ctx_callback,
+                                          ssh_gssapi_verify_mic_callback,ssh_server_callbacks,ssh_socket_callbacks,
+                                          ssh_packet_callbacks,ssh_channel_callbacks,ssh_bind,ssh_bind_callbacks,)
+     set(DOXYGEN_EXCLUDE_SYMBOLS ${DOXYGEN_EXCLUDE_SYMBOLS_STRUCTS}
+                                 ${DOXYGEN_EXCLUDE_SYMBOLS_MACRO}
+                                 ${DOXYGEN_EXCLUDE_SYMBOLS_TYPEDEFS})
 
     # This updates the Doxyfile if we do changes here
     set(_doxyfile_template "${CMAKE_BINARY_DIR}/CMakeDoxyfile.in")
@@ -44,6 +84,8 @@ if (DOXYGEN_FOUND)
                      ${CMAKE_SOURCE_DIR}/include/libssh
                      ${CMAKE_SOURCE_DIR}/src
                      ${CMAKE_CURRENT_SOURCE_DIR})
+
+    add_custom_target(docs_coverage COMMAND ${CMAKE_SOURCE_DIR}/doc/doc_coverage.sh ${CMAKE_BINARY_DIR})
 endif() # DOXYGEN_FOUND
 
 endif() # CMAKE_VERSION
diff --git a/libssh/doc/authentication.dox b/libssh/doc/authentication.dox
index 7d0ab81d..a0b2df84 100644
--- a/libssh/doc/authentication.dox
+++ b/libssh/doc/authentication.dox
@@ -105,7 +105,7 @@ Here is a small example of password authentication:
 @code
 int authenticate_password(ssh_session session)
 {
-  char *password;
+  char *password = NULL;
   int rc;
 
   password = getpass("Enter your password: ");
@@ -218,7 +218,7 @@ int authenticate_kbdint(ssh_session session)
   rc = ssh_userauth_kbdint(session, NULL, NULL);
   while (rc == SSH_AUTH_INFO)
   {
-    const char *name, *instruction;
+    const char *name = NULL, *instruction = NULL;
     int nprompts, iprompt;
 
     name = ssh_userauth_kbdint_getname(session);
@@ -231,7 +231,7 @@ int authenticate_kbdint(ssh_session session)
       printf("%s\n", instruction);
     for (iprompt = 0; iprompt < nprompts; iprompt++)
     {
-      const char *prompt;
+      const char *prompt = NULL;
       char echo;
 
       prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
@@ -251,7 +251,7 @@ int authenticate_kbdint(ssh_session session)
       }
       else
       {
-        char *ptr;
+        char *ptr = NULL;
 
         ptr = getpass(prompt);
         if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
@@ -354,7 +354,7 @@ The following example shows how to retrieve and dispose the issue banner:
 int display_banner(ssh_session session)
 {
   int rc;
-  char *banner;
+  char *banner = NULL;
 
 /*
  *** Does not work without calling ssh_userauth_none() first ***
diff --git a/libssh/doc/command.dox b/libssh/doc/command.dox
index 588151c6..e82748ce 100644
--- a/libssh/doc/command.dox
+++ b/libssh/doc/command.dox
@@ -22,7 +22,7 @@ a SSH session that uses this channel:
 @code
 int show_remote_files(ssh_session session)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   int rc;
 
   channel = ssh_channel_new(session);
diff --git a/libssh/doc/curve25519-sha256@libssh.org.txt b/libssh/doc/curve25519-sha256@libssh.org.txt
index 75541902..04d88575 100644
--- a/libssh/doc/curve25519-sha256@libssh.org.txt
+++ b/libssh/doc/curve25519-sha256@libssh.org.txt
@@ -3,13 +3,13 @@ curve25519-sha256@libssh.org.txt        Aris Adamantiadis <aris@badcode.be>
 
 1. Introduction
 
-This document describes the key exchange methode curve25519-sha256@libssh.org
+This document describes the key exchange method curve25519-sha256@libssh.org
 for SSH version 2 protocol. It is provided as an alternative to the existing
 key exchange mechanisms based on either Diffie-Hellman or Elliptic Curve Diffie-
 Hellman [RFC5656].
 The reason is the following : During summer of 2013, revelations from ex-
 consultant at NSA Edward Snowden gave proof that NSA willingly inserts backdoors
-into softwares, hardware components and published standards. While it is still
+into software, hardware components and published standards. While it is still
 believed that the mathematics behind ECC cryptography are still sound and solid,
 some people (including Bruce Schneier [SCHNEIER]), showed their lack of confidence
 in NIST-published curves such as nistp256, nistp384, nistp521, for which constant
@@ -42,8 +42,8 @@ The following is an overview of the key exchange process:
 Client                                                            Server
 ------                                                            ------
 Generate ephemeral key pair.
-SSH_MSG_KEX_ECDH_INIT          -------->                      
-                                            Verify that client public key 
+SSH_MSG_KEX_ECDH_INIT          -------->
+                                            Verify that client public key
                                             length is 32 bytes.
                                              Generate ephemeral key pair.
                                                    Compute shared secret.
@@ -55,7 +55,7 @@ Compute shared secret.
 Generate exchange hash.
 Verify server's signature.
 
-*   Optional but strongly recommanded as this protects against MITM attacks.
+*   Optional but strongly recommended as this protects against MITM attacks.
 
 This is implemented using the same messages as described in RFC5656 chapter 4
 
@@ -109,7 +109,7 @@ This number is calculated using the following procedure:
      side's public key and the local private key scalar.
 
      The whole 32 bytes of the number X are then converted into a big integer k.
-     This conversion follows the network byte order. This step differs from 
+     This conversion follows the network byte order. This step differs from
      RFC5656.
 
 [RFC5656]    https://tools.ietf.org/html/rfc5656
diff --git a/libssh/doc/doc_coverage.sh b/libssh/doc/doc_coverage.sh
new file mode 100755
index 00000000..2f653275
--- /dev/null
+++ b/libssh/doc/doc_coverage.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+################################################################################
+# .doc_coverage.sh                                                             #
+# Script to detect overall documentation coverage of libssh. The script uses   #
+# doxygen to generate the documentation then parses it's output.               #
+#                                                                              #
+# maintainer: Norbert Pocs <npocs@redhat.com>                                  #
+################################################################################
+BUILD_DIR="$1"
+DOXYFILE_PATH="$BUILD_DIR/doc/Doxyfile.docs"
+INDEX_XML_PATH="$BUILD_DIR/doc/xml/index.xml"
+# filters
+F_EXCLUDE_FILES=' wrapper.h legacy.h crypto.h priv.h chacha.h curve25519.h '
+F_UNDOC_FUNC='(function).*is not documented'
+F_FUNC='kind="function"'
+F_HEADERS='libssh_8h_|group__libssh__'
+F_CUT_BEFORE='.*<name>'
+F_CUT_AFTER='<\/name><\/member>'
+# Doxygen options
+O_QUIET='QUIET=YES'
+O_GEN_XML='GENERATE_XML=YES'
+
+# check if build dir given
+if [ $# -eq 0 ]; then
+  echo "Please provide the build directory e.g.: ./build"
+  exit 255
+fi
+
+# modify doxyfile to our needs:
+# QUIET - less output
+# GENERATE_XML - xml needed to inspect all the functions
+# (note: the options are needed to be on separate lines)
+# We want to exclude irrelevant files
+MOD_DOXYFILE=$(cat "$DOXYFILE_PATH"; echo "$O_QUIET"; echo "$O_GEN_XML")
+MOD_DOXYFILE=${MOD_DOXYFILE//EXCLUDE_PATTERNS.*=/EXCLUDE_PATTERNS=$F_EXCLUDE_FILES/g}
+
+# call doxygen to get the warning messages
+# and also generate the xml for inspection
+DOXY_WARNINGS=$(echo "$MOD_DOXYFILE" | doxygen - 2>&1)
+
+# get the number of undocumented functions
+UNDOC_FUNC=$(echo "$DOXY_WARNINGS" | grep -cE "$F_UNDOC_FUNC")
+
+# filter out the lines consisting of functions of our interest
+FUNC_LINES=$(grep "$F_FUNC" "$INDEX_XML_PATH" | grep -E "$F_HEADERS")
+# cut the irrelevant information and leave just the function names
+ALL_FUNC=$(echo "$FUNC_LINES" | sed -e "s/$F_CUT_BEFORE//g" -e "s/$F_CUT_AFTER//")
+# remove duplicates and get the number of functions
+ALL_FUNC=$(echo "$ALL_FUNC" | sort - | uniq | wc -l)
+
+# percentage of the documented functions
+awk "BEGIN {printf \"Documentation coverage is %.2f%\n\", 100 - (${UNDOC_FUNC}/${ALL_FUNC}*100)}"
diff --git a/libssh/doc/forwarding.dox b/libssh/doc/forwarding.dox
index 2b202b4d..3ca3aa8a 100644
--- a/libssh/doc/forwarding.dox
+++ b/libssh/doc/forwarding.dox
@@ -100,7 +100,7 @@ used to retrieve google's home page from the remote SSH server.
 @code
 int direct_forwarding(ssh_session session)
 {
-  ssh_channel forwarding_channel;
+  ssh_channel forwarding_channel = NULL;
   int rc = SSH_ERROR;
   char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n";
   int nbytes, nwritten;
@@ -161,7 +161,7 @@ local libssh application, which handles them:
 int web_server(ssh_session session)
 {
   int rc;
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   char buffer[256];
   int nbytes, nwritten;
   int port = 0;
diff --git a/libssh/doc/guided_tour.dox b/libssh/doc/guided_tour.dox
index 69576f18..1a41d6cb 100644
--- a/libssh/doc/guided_tour.dox
+++ b/libssh/doc/guided_tour.dox
@@ -5,7 +5,7 @@
 A SSH session goes through the following steps:
 
  - Before connecting to the server, you can set up if you wish one or other
-   server public key authentication, i.e. DSA or RSA. You can choose
+   server public key authentication, i.e. RSA, ED25519 or ECDSA. You can choose
    cryptographic algorithms you trust and compression algorithms if any. You
    must of course set up the hostname.
 
@@ -15,7 +15,7 @@ A SSH session goes through the following steps:
    file.
 
  - The client must authenticate: the classical ways are password, or
-   public keys (from dsa and rsa key-pairs generated by openssh).
+   public keys (from ecdsa, ed25519 and rsa key-pairs generated by openssh).
    If a SSH agent is running, it is possible to use it.
 
  - Now that the user has been authenticated, you must open one or several
@@ -79,7 +79,7 @@ Here is a small example of how to use it:
 
 int main()
 {
-  ssh_session my_ssh_session;
+  ssh_session my_ssh_session = NULL;
   int verbosity = SSH_LOG_PROTOCOL;
   int port = 22;
 
@@ -126,7 +126,7 @@ Here's an example:
 
 int main()
 {
-  ssh_session my_ssh_session;
+  ssh_session my_ssh_session = NULL;
   int rc;
 
   my_ssh_session = ssh_new();
@@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session)
     ssh_key srv_pubkey = NULL;
     size_t hlen;
     char buf[10];
-    char *hexa;
-    char *p;
+    char *hexa = NULL;
+    char *p = NULL;
     int cmp;
     int rc;
 
@@ -317,9 +317,9 @@ The example below shows an authentication with password:
 
 int main()
 {
-  ssh_session my_ssh_session;
+  ssh_session my_ssh_session = NULL;
   int rc;
-  char *password;
+  char *password = NULL;
 
   // Open session and set options
   my_ssh_session = ssh_new();
@@ -380,7 +380,7 @@ The example below shows how to execute a remote command:
 @code
 int show_remote_processes(ssh_session session)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   int rc;
   char buffer[256];
   int nbytes;
diff --git a/libssh/doc/introduction.dox b/libssh/doc/introduction.dox
index f2f3d3dd..a610d819 100644
--- a/libssh/doc/introduction.dox
+++ b/libssh/doc/introduction.dox
@@ -14,8 +14,8 @@ libssh is a Free Software / Open Source project. The libssh library
 is distributed under LGPL license. The libssh project has nothing to do with
 "libssh2", which is a completely different and independent project.
 
-libssh can run on top of either libgcrypt or libcrypto,
-two general-purpose cryptographic libraries.
+libssh can run on top of either libcrypto, mbedtls or libgcrypt (deprecated)
+general-purpose cryptographic libraries.
 
 This tutorial concentrates for its main part on the "client" side of libssh.
 To learn how to accept incoming SSH connections (how to write a SSH server),
@@ -44,6 +44,10 @@ Table of contents:
 
 @subpage libssh_tutor_threads
 
+@subpage libssh_tutor_pkcs11
+
+@subpage libssh_tutor_sftp_aio
+
 @subpage libssh_tutor_todo
 
 */
diff --git a/libssh/doc/mainpage.dox b/libssh/doc/mainpage.dox
index a3d64087..dc67f231 100644
--- a/libssh/doc/mainpage.dox
+++ b/libssh/doc/mainpage.dox
@@ -20,7 +20,7 @@ the interesting functions as you go.
 The libssh library provides:
 
  - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
- - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256,ssh-dss
+ - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256
  - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc
  - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
  - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
@@ -33,7 +33,7 @@ The libssh library provides:
  - <strong>Thread-safe</strong>: Just don't share sessions
  - <strong>Non-blocking</strong>: it can be used both blocking and non-blocking
  - <strong>Your sockets</strong>: the app hands over the socket, or uses libssh sockets
- - <b>OpenSSL</b> or <b>gcrypt</b>: builds with either
+ - <b>OpenSSL</b>, <b>MBedTLS</b> or <b>gcrypt</b> (deprecated): builds with either
 
 @section main-additional-features Additional Features
 
@@ -149,7 +149,7 @@ The libssh Team
 
 @subsection main-rfc-secsh Secure Shell (SSH)
 
-The following RFC documents described SSH-2 protcol as an Internet standard.
+The following RFC documents described SSH-2 protocol as an Internet standard.
 
  - <a href="https://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
     The Secure Shell (SSH) Protocol Assigned Numbers
@@ -213,15 +213,15 @@ It was later modified and expanded by the following RFCs.
     Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol
  - <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8709</a>,
     Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol
+ - <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8731</a>,
+    Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448
+ - <a href="https://tools.ietf.org/html/rfc9142" target="_blank">RFC 9142</a>,
+    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
 
 There are also drafts that are being currently developed and followed.
 
- - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-10" target="_blank">draft-ietf-curdle-ssh-kex-sha2-10</a>
-    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
- - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-03</a>
+ - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-08</a>
     SSH Agent Protocol
- - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-12" target="_blank">draft-ietf-curdle-ssh-curves-12</a>
-    Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448
 
 Interesting cryptography documents:
 
diff --git a/libssh/doc/pkcs11.dox b/libssh/doc/pkcs11.dox
index 0bdfc6dc..b358432c 100644
--- a/libssh/doc/pkcs11.dox
+++ b/libssh/doc/pkcs11.dox
@@ -9,11 +9,11 @@ objects stored on the tokens can be uniquely identified is called PKCS #11 URI
 (Uniform Resource Identifier) and is defined in RFC 7512
 (https://tools.ietf.org/html/rfc7512).
 
-Pre-requisites:
+# Pre-requisites (OpenSSL < 3.0):
 
-OpenSSL defines an abstract layer called the "engine" to achieve cryptographic
-acceleration. The engine_pkcs11 module acts like an interface between the PKCS #11
-modules and the OpenSSL engine.
+OpenSSL 1.x defines an abstract layer called the "engine" to achieve
+cryptographic acceleration. The engine_pkcs11 module acts like an interface
+between the PKCS #11 modules and the OpenSSL application.
 
 To build and use libssh with PKCS #11 support:
 1. Enable the cmake option: $ cmake -DWITH_PKCS11_URI=ON
@@ -21,6 +21,23 @@ To build and use libssh with PKCS #11 support:
 3. Install and configure engine_pkcs11 (https://github.com/OpenSC/libp11).
 4. Plug in a working smart card or configure softhsm (https://www.opendnssec.org/softhsm).
 
+@warning The support for Engines was deprecated in OpenSSL 3.0 so this approach
+is deprecated in libssh 0.11.x.
+
+# Pre-requisites (OpenSSL 3.0.8+)
+
+The OpenSSL 3.0 is deprecating usage of low-level engines in favor of high-level
+"providers" to provide alternative implementation of cryptographic operations
+or acceleration.
+
+To build and use libssh with PKCS #11 support using OpenSSL providers:
+1. Install and configure pkcs11 provider (https://github.com/latchset/pkcs11-provider).
+2. Enable the cmake options: $ cmake -DWITH_PKCS11_URI=ON -DWITH_PKCS11_PROVIDER=ON
+3. Build with OpenSSL.
+4. Plug in a working smart card or configure softhsm (https://www.opendnssec.org/softhsm).
+
+# New API functions
+
 The functions  ssh_pki_import_pubkey_file() and ssh_pki_import_privkey_file() that
 import the public and private keys from files respectively are now modified to support
 PKCS #11 URIs. These functions automatically detect if the provided filename is a file path
@@ -31,7 +48,7 @@ corresponding to the PKCS #11 URI are loaded from the PKCS #11 device.
 If you wish to authenticate using public keys on your own, follow the steps mentioned under
 "Authentication with public keys" in Chapter 2 - A deeper insight into authentication.
 
-The function pki_uri_import() is used to populate the public/private ssh_key from the 
+The function pki_uri_import() is used to populate the public/private ssh_key from the
 engine with PKCS #11 URIs as the look up.
 
 Here is a minimalistic example of public key authentication using PKCS #11 URIs:
@@ -64,4 +81,6 @@ We recommend the users to provide a specific PKCS #11 URI so that it matches onl
 If the engine discovers multiple slots that could potentially contain the private keys referenced
 by the provided PKCS #11 URI, the engine will not try to authenticate.
 
+For testing, the SoftHSM PKCS#11 library is used.
+
 */
diff --git a/libssh/doc/sftp.dox b/libssh/doc/sftp.dox
index 1f99cfdf..4c176a4b 100644
--- a/libssh/doc/sftp.dox
+++ b/libssh/doc/sftp.dox
@@ -139,7 +139,7 @@ Unlike its equivalent in the SCP subsystem, this function does NOT change the
 current directory to the newly created subdirectory.
 
 
-@subsection sftp_write Copying a file to the remote computer
+@subsection sftp_write Writing to a file on the remote computer
 
 You handle the contents of a remote file just like you would do with a
 local file: you open the file in a given mode, move the file pointer in it,
@@ -203,16 +203,14 @@ int sftp_helloworld(ssh_session session, sftp_session sftp)
 
 @subsection sftp_read Reading a file from the remote computer
 
-The nice thing with reading a file over the network through SFTP is that it
-can be done both in a synchronous way or an asynchronous way. If you read the file
-asynchronously, your program can do something else while it waits for the
-results to come.
-
-Synchronous read is done with sftp_read().
+A synchronous read from a remote file is done using sftp_read(). This
+section describes how to download a remote file using sftp_read(). The
+next section will discuss more about synchronous/asynchronous read/write
+operations using libssh sftp API.
 
 Files are normally transferred in chunks. A good chunk size is 16 KB. The following
 example transfers the remote file "/etc/profile" in 16 KB chunks. For each chunk we
-request, sftp_read blocks till the data has been received:
+request, sftp_read() blocks till the data has been received:
 
 @code
 // Good chunk size
@@ -273,87 +271,39 @@ int sftp_read_sync(ssh_session session, sftp_session sftp)
 }
 @endcode
 
-Asynchronous read is done in two steps, first sftp_async_read_begin(), which
-returns a "request handle", and then sftp_async_read(), which uses that request handle.
-If the file has been opened in nonblocking mode, then sftp_async_read()
-might return SSH_AGAIN, which means that the request hasn't completed yet
-and that the function should be called again later on. Otherwise,
-sftp_async_read() waits for the data to come. To open a file in nonblocking mode,
-call sftp_file_set_nonblocking() right after you opened it. Default is blocking mode.
+@subsection sftp_aio Performing an asynchronous read/write on a file on the remote computer
 
-The example below reads a very big file in asynchronous, nonblocking, mode. Each
-time the data is not ready yet, a counter is incremented.
+sftp_read() performs a "synchronous" read operation on a remote file.
+This means that sftp_read() will first request the server to read some
+data from the remote file and then would wait until the server response
+containing data to read (or an error) arrives at the client side.
 
-@code
-// Good chunk size
-#define MAX_XFER_BUF_SIZE 16384
+sftp_write() performs a "synchronous" write operation on a remote file.
+This means that sftp_write() will first request the server to write some
+data to the remote file and then would wait until the server response
+containing information about the status of the write operation arrives at the
+client side.
 
-int sftp_read_async(ssh_session session, sftp_session sftp)
-{
-  int access_type;
-  sftp_file file;
-  char buffer[MAX_XFER_BUF_SIZE];
-  int async_request;
-  int nbytes;
-  long counter;
-  int rc;
+If your client program wants to do something other than waiting for the
+response after requesting a read/write, the synchronous sftp_read() and
+sftp_write() can't be used. In such a case the "asynchronous" sftp aio API
+should be used.
 
-  access_type = O_RDONLY;
-  file = sftp_open(sftp, "some_very_big_file",
-                   access_type, 0);
-  if (file == NULL) {
-    fprintf(stderr, "Can't open file for reading: %s\n",
-                     ssh_get_error(session));
-    return SSH_ERROR;
-  }
-  sftp_file_set_nonblocking(file);
-
-  async_request = sftp_async_read_begin(file, sizeof(buffer));
-  counter = 0L;
-  usleep(10000);
-  if (async_request >= 0) {
-    nbytes = sftp_async_read(file, buffer, sizeof(buffer),
-                             async_request);
-  } else {
-      nbytes = -1;
-  }
+Please go through @ref libssh_tutor_sftp_aio for a detailed description
+of the sftp aio API.
 
-  while (nbytes > 0 || nbytes == SSH_AGAIN) {
-    if (nbytes > 0) {
-      write(1, buffer, nbytes);
-      async_request = sftp_async_read_begin(file, sizeof(buffer));
-    } else {
-        counter++;
-    }
-    usleep(10000);
+The sftp aio API provides two categories of functions :
+  - sftp_aio_begin_*() : For requesting a read/write from the server.
+  - sftp_aio_wait_*() : For waiting for the response of a previously
+    issued read/write request from the server.
 
-    if (async_request >= 0) {
-      nbytes = sftp_async_read(file, buffer, sizeof(buffer),
-                               async_request);
-    } else {
-        nbytes = -1;
-    }
-  }
-
-  if (nbytes < 0) {
-    fprintf(stderr, "Error while reading file: %s\n",
-            ssh_get_error(session));
-    sftp_close(file);
-    return SSH_ERROR;
-  }
-
-  printf("The counter has reached value: %ld\n", counter);
-
-  rc = sftp_close(file);
-  if (rc != SSH_OK) {
-    fprintf(stderr, "Can't close the read file: %s\n",
-            ssh_get_error(session));
-    return rc;
-  }
+Hence, the client program can call sftp_aio_begin_*() to request a read/write
+and then can perform any number of operations (other than waiting) before
+calling sftp_aio_wait_*() for waiting for the response of the previously
+issued request.
 
-  return SSH_OK;
-}
-@endcode
+We call read/write operations performed in the manner described above as
+"asynchronous" read/write operations on a remote file.
 
 @subsection sftp_ls Listing the contents of a directory
 
diff --git a/libssh/doc/sftp_aio.dox b/libssh/doc/sftp_aio.dox
new file mode 100644
index 00000000..9c26f5e1
--- /dev/null
+++ b/libssh/doc/sftp_aio.dox
@@ -0,0 +1,705 @@
+/**
+
+@page libssh_tutor_sftp_aio Chapter 10: The SFTP asynchronous I/O
+
+@section sftp_aio_api The SFTP asynchronous I/O
+
+NOTE : Please read @ref libssh_tutor_sftp before reading this page. The
+synchronous sftp_read() and sftp_write() have been described there.
+
+SFTP AIO stands for "SFTP Asynchronous Input/Output". This API contains
+functions which perform async read/write operations on remote files.
+
+File transfers performed using the asynchronous sftp aio API can be
+significantly faster than the file transfers performed using the synchronous
+sftp read/write API (see sftp_read() and sftp_write()).
+
+The sftp aio API functions are divided into two categories :
+  - sftp_aio_begin_*() [see sftp_aio_begin_read(), sftp_aio_begin_write()]:
+    These functions send a request for an i/o operation to the server and
+    provide the caller an sftp aio handle corresponding to the sent request.
+
+  - sftp_aio_wait_*() [see sftp_aio_wait_read(), sftp_aio_wait_write()]:
+    These functions wait for the server response corresponding to a previously
+    issued request. Which request ? the request corresponding to the sftp aio
+    handle supplied by the caller to these functions.
+
+Conceptually, you can think of the sftp aio handle as a request identifier.
+
+Technically, the sftp_aio_begin_*() functions dynamically allocate memory to
+store information about the i/o request they send and provide the caller a
+handle to this memory, we call this handle an sftp aio handle.
+
+sftp_aio_wait_*() functions use the information stored in that memory (handled
+by the caller supplied sftp aio handle) to identify a request, and then they
+wait for that request's response. These functions also release the memory
+handled by the caller supplied sftp aio handle (except when they return
+SSH_AGAIN).
+
+sftp_aio_free() can also be used to release the memory handled by an sftp aio
+handle but unlike the sftp_aio_wait_*() functions, it doesn't wait for a
+response. This should be used to release the memory corresponding to an sftp
+aio handle when some failure occurs. An example has been provided at the
+end of this page to show the usage of sftp_aio_free().
+
+To begin with, this tutorial will provide basic examples that describe the
+usage of sftp aio API to perform a single read/write operation.
+
+The later sections describe the usage of the sftp aio API to obtain faster file
+transfers as compared to the transfers performed using the synchronous sftp
+read/write API.
+
+On encountering an error, the sftp aio API functions set the sftp and ssh
+errors just like any other libssh sftp API function. These errors can be
+obtained using sftp_get_error(), ssh_get_error() and ssh_get_error_code().
+The code examples provided on this page ignore error handling for the sake of
+brevity.
+
+@subsection sftp_aio_read Using the sftp aio API for reading (a basic example)
+
+For performing an async read operation on a sftp file (see sftp_open()),
+the first step is to call sftp_aio_begin_read() to send a read request to the
+server. The caller is provided an sftp aio handle corresponding to the sent
+read request.
+
+The second step is to pass a pointer to this aio handle to
+sftp_aio_wait_read(), this function waits for the server response which
+indicates the success/failure of the read request. On success, the response
+indicates EOF or contains the data read from the sftp file.
+
+The following code example shows how a read operation can be performed
+on an sftp file using the sftp aio API.
+
+@code
+ssize_t read_chunk(sftp_file file, void *buf, size_t to_read)
+{
+    ssize_t bytes_requested, bytes_read;
+
+    // Variable to store an sftp aio handle
+    sftp_aio aio = NULL;
+
+    // Send a read request to the sftp server
+    bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+    if (bytes_requested == SSH_ERROR) {
+        // handle error
+    }
+
+    // Here its possible that (bytes_requested < to_read) as specified in
+    // the function documentation of sftp_aio_begin_read()
+
+    // Wait for the response of the read request corresponding to the
+    // sftp aio handle stored in the aio variable.
+    bytes_read = sftp_aio_wait_read(&aio, buf, to_read);
+    if (bytes_read == SSH_ERROR) {
+        // handle error
+    }
+
+    return bytes_read;
+}
+@endcode
+
+@subsection sftp_aio_write Using the sftp aio API for writing (a basic example)
+
+For performing an async write operation on a sftp file (see sftp_open()),
+the first step is to call sftp_aio_begin_write() to send a write request to
+the server. The caller is provided an sftp aio handle corresponding to the
+sent write request.
+
+The second step is to pass a pointer to this aio handle to
+sftp_aio_wait_write(), this function waits for the server response which
+indicates the success/failure of the write request.
+
+The following code example shows how a write operation can be performed on an
+sftp file using the sftp aio API.
+
+@code
+ssize_t write_chunk(sftp_file file, void *buf, size_t to_write)
+{
+    ssize_t bytes_requested, bytes_written;
+
+    // Variable to store an sftp aio handle
+    sftp_aio aio = NULL;
+
+    // Send a write request to the sftp server
+    bytes_requested = sftp_aio_begin_write(file, buf, to_write, &aio);
+    if (bytes_requested == SSH_ERROR) {
+        // handle error
+    }
+
+    // Here its possible that (bytes_requested < to_write) as specified in
+    // the function documentation of sftp_aio_begin_write()
+
+    // Wait for the response of the write request corresponding to
+    // the sftp aio handle stored in the aio variable.
+    bytes_written = sftp_aio_wait_write(&aio);
+    if (bytes_written == SSH_ERROR) {
+        // handle error
+    }
+
+    return bytes_written;
+}
+@endcode
+
+@subsection sftp_aio_actual_use Using the sftp aio API to speed up a transfer
+
+The above examples were provided to introduce the sftp aio API.
+This is not how the sftp aio API is intended to be used, because the
+above usage offers no advantage over the synchronous sftp read/write API
+which does the same thing i.e issue a request and then immediately wait for
+its response.
+
+The facility that the sftp aio API provides is that the user can do
+anything between issuing a request and getting the corresponding response.
+Any number of operations can be performed after calling sftp_aio_begin_*()
+[which issues a request] and before calling sftp_aio_wait_*() [which waits
+for a response]
+
+The code can leverage this feature by calling sftp_aio_begin_*() multiple times
+to issue multiple requests before calling sftp_aio_wait_*() to wait for the
+response of an earlier issued request. This approach will keep a certain number
+of requests outstanding at the client side.
+
+After issuing those requests, while the client code does something else (for
+example waiting for an outstanding request's response, processing an obtained
+response, issuing another request or any other operation the client wants
+to perform), at the same time :
+
+  - Some of those outstanding requests may be travelling over the
+    network towards the server.
+
+  - Some of the outstanding requests may have reached the server and may
+    be queued for processing at the server side.
+
+  - Some of the outstanding requests may have been processed and the
+    corresponding responses may be travelling over the network towards the
+    client.
+
+  - Some of the responses corresponding to the outstanding requests may
+    have already reached the client side.
+
+Clearly in this case, operations that the client performs and operations
+involved in transfer/processing of a outstanding request can occur in
+parallel. Also, operations involved in transfer/processing of two or more
+outstanding requests may also occur in parallel (for example when one request
+travels to the server, another request's response may be incoming towards the
+client). Such kind of parallelism makes the overall transfer faster as compared
+to a transfer performed using the synchronous sftp read/write API.
+
+When the synchronous sftp read/write API is used to perform a transfer,
+a strict sequence is followed:
+
+  - The client issues a single read/write request.
+  - Then waits for its response.
+  - On obtaining the response, the client processes it.
+  - After the processing ends, the client issues the next read/write request.
+
+A file transfer performed in this manner would be slower than the case where
+multiple read/write requests are kept outstanding at the client side. Because
+here at any given time, operations related to transfer/processing of only one
+request/response pair occurs. This is in contrast to the multiple outstanding
+requests scenario where operations related to transfer/processing of multiple
+request/response pairs may occur at the same time.
+
+Although it's true that keeping multiple requests outstanding can speed up a
+transfer, those outstanding requests come at a cost of increased memory
+consumption both at the client side and the server side. Hence care must be
+taken to use a reasonable limit for the number of requests kept outstanding.
+
+The further sections provide code examples to show how uploads/downloads
+can be performed using the sftp aio API and the concept of outstanding requests
+discussed in this section. In those code examples, error handling has been
+ignored and at some places pseudo code has been used for the sake of brevity.
+
+The complete code for performing uploads/downloads using the sftp aio API,
+can be found at https://gitlab.com/libssh/libssh-mirror/-/tree/master.
+
+  - libssh benchmarks for uploads performed using the sftp aio API [See
+    tests/benchmarks/bench_sftp.c]
+  - libssh benchmarks for downloads performed using the sftp aio API. [See
+    tests/benchmarks/bench_sftp.c]
+  - libssh sftp ft API code for performing a local to remote transfer (upload).
+    [See src/sftp_ft.c]
+  - libssh sftp ft API code for performing a remote to local transfer
+    (download). [See src/sftp_ft.c]
+
+@subsection sftp_aio_cap Capping applied by the sftp aio API
+
+Before the code examples for uploads and downloads, its important
+to know about the capping applied by the sftp aio API.
+
+sftp_aio_begin_read() caps the number of bytes the caller can request
+to read from the remote file. That cap is the value of the max_read_length
+field of the sftp_limits_t returned by sftp_limits(). Say that cap is LIM
+and the caller passes x as the number of bytes to read to
+sftp_aio_begin_read(), then (assuming no error occurs) :
+
+  - if x <= LIM, then sftp_aio_begin_read() will request the server
+    to read x bytes from the remote file, and will return x.
+
+  - if x > LIM, then sftp_aio_begin_read() will request the server
+    to read LIM bytes from the remote file and will return LIM.
+
+Hence to request server to read x bytes (> LIM), the caller would have
+to call sftp_aio_begin_read() multiple times, typically in a loop and
+break out of the loop when the summation of return values of the multiple
+sftp_aio_begin_read() calls becomes equal to x.
+
+For the sake of simplicity, the code example for download in the upcoming
+section would always ask sftp_aio_begin_read() to read x <= LIM bytes,
+so that its return value is guaranteed to be x, unless an error occurs.
+
+Similarly, sftp_aio_begin_write() caps the number of bytes the caller
+can request to write to the remote file. That cap is the value of
+max_write_length field of the sftp_limits_t returned by sftp_limits().
+Say that cap is LIM and the caller passes x as the number of bytes to
+write to sftp_aio_begin_write(), then (assuming no error occurs) :
+
+  - if x <= LIM, then sftp_aio_begin_write() will request the server
+    to write x bytes to the remote file, and will return x.
+
+  - if x > LIM, then sftp_aio_begin_write() will request the server
+    to write LIM bytes to the remote file and will return LIM.
+
+Hence to request server to write x bytes (> LIM), the caller would have
+to call sftp_aio_begin_write() multiple times, typically in a loop and
+break out of the loop when the summation of return values of the multiple
+sftp_aio_begin_write() calls becomes equal to x.
+
+For the sake of simplicity, the code example for upload in the upcoming
+section would always ask sftp_aio_begin_write() to write x <= LIM bytes,
+so that its return value is guaranteed to be x, unless an error occurs.
+
+@subsection sftp_aio_download_example Performing a download using the sftp aio API
+
+Terminologies used in the following code snippets :
+
+  - sftp : The sftp_session opened using sftp_new() and initialised using
+    sftp_init()
+
+  - file : The sftp file handle of the remote file to download data
+    from. (See sftp_open())
+
+  - file_size : the size of the sftp file to download. This size can be obtained
+    by statting the remote file to download (e.g by using sftp_stat())
+
+  - We will need to maintain a queue which will be used to store the sftp aio
+    handles corresponding to the outstanding requests.
+
+First, we issue the read requests while ensuring that their count
+doesn't exceed a particular limit decided by us, and the number of bytes
+requested don't exceed the size of the file to download.
+
+@code
+sftp_aio aio = NULL;
+
+// Chunk size to use for the transfer
+size_t chunk_size;
+
+// For the limits structure that would be used
+// by the code to set the chunk size
+sftp_limits_t lim = NULL;
+
+// Max number of requests to keep outstanding at a time
+size_t in_flight_requests = 5;
+
+// Number of bytes for which requests have been sent
+size_t total_bytes_requested = 0;
+
+// Number of bytes which have been downloaded
+size_t bytes_downloaded = 0;
+
+// Buffer to use for the download
+char *buffer = NULL;
+
+// Helper variables
+size_t to_read;
+ssize_t bytes_requested;
+
+// Get the sftp limits
+lim = sftp_limits(sftp);
+if (lim == NULL) {
+    // handle error
+}
+
+// Set the chunk size for download = the max limit for reading
+// The reason for this has been given in the "Capping applied by
+// the sftp aio API" section (Its to make the code simpler)
+//
+// Assigning a size_t type variable a uint64_t type value here,
+// theoretically could cause an overflow, but practically
+// max_read_length would never exceed SIZE_MAX so its okay.
+chunk_size = lim->max_read_length;
+
+buffer = malloc(chunk_size);
+if (buffer == NULL) {
+    // handle error
+}
+
+... // Code to open the remote file (to download) using sftp_open().
+... // Code to stat the remote file's file size.
+... // Code to open the local file in which downloaded data is to be stored.
+... // Code to initialize the queue which will be used to store sftp aio
+    // handles.
+
+for (i = 0;
+     i < in_flight_requests && total_bytes_requested < file_size;
+     ++i) {
+    to_read = file_size - total_bytes_requested;
+    if (to_read > chunk_size) {
+        to_read = chunk_size;
+    }
+
+    // Issue a read request
+    bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+    if (bytes_requested == SSH_ERROR) {
+        // handle error
+    }
+
+    if ((size_t)bytes_requested < to_read) {
+        // Should not happen for this code, as the to_read is <=
+        // max limit for reading (chunk size), so there is no reason
+        // for sftp_aio_begin_read() to return a lesser value.
+    }
+
+    total_bytes_requested += (size_t)bytes_requested;
+
+    // Pseudo code
+    ENQUEUE aio in the queue;
+}
+
+@endcode
+
+At this point, at max in_flight_requests number of requests may be
+outstanding. Now we wait for the response corresponding to the earliest
+issued outstanding request.
+
+On getting that response, we issue another read request if there are
+still some bytes in the sftp file (to download) for which we haven't sent the
+read request. (This happens when total_bytes_requested < file_size)
+
+This issuing of another read request (under a condition) is done to
+keep the number of outstanding requests equal to the value of the
+in_flight_requests variable.
+
+This process has to be repeated for every remaining outstanding request.
+
+@code
+while (the queue is not empty) {
+    // Pseudo code
+    aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
+
+    // Wait for the response of the request corresponding to the aio
+    bytes_read = sftp_aio_wait_read(&aio, buffer, chunk_size);
+    if (bytes_read == SSH_ERROR) {
+        //handle error
+    }
+
+    bytes_downloaded += bytes_read;
+    if (bytes_read != chunk_size && bytes_downloaded != file_size) {
+        // A short read encountered on the remote file before reaching EOF,
+        // short read before reaching EOF should never happen for the sftp aio
+        // API which respects the max limit for reading. This probably
+        // indicates a bad server.
+    }
+
+    // Pseudo code
+    WRITE bytes_read bytes from the buffer into the local file
+    in which downloaded data is to be stored ;
+
+    if (total_bytes_requested == file_size) {
+        // no need to issue more read requests
+        continue;
+    }
+
+    // else issue a read request
+    to_read = file_size - total_bytes_requested;
+    if (to_read > chunk_size) {
+        to_read = chunk_size;
+    }
+
+    bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+    if (bytes_requested == SSH_ERROR) {
+        // handle error
+    }
+
+    if ((size_t)bytes_requested < to_read) {
+        // Should not happen for this code, as the to_read is <=
+        // max limit for reading (chunk size), so there is no reason
+        // for sftp_aio_begin_read() to return a lesser value.
+    }
+
+    total_bytes_requested += bytes_requested;
+
+    // Pseudo code
+    ENQUEUE aio in the queue;
+}
+
+free(buffer);
+sftp_limits_free(lim);
+
+... // Code to destroy the queue which was used to store the sftp aio
+    // handles.
+@endcode
+
+After exiting the while (the queue is not empty) loop, the download
+would've been complete (assuming no error occurs).
+
+@subsection sftp_aio_upload_example Performing an upload using the sftp aio API
+
+Terminologies used in the following code snippets :
+
+  - sftp : The sftp_session opened using sftp_new() and initialised using
+    sftp_init()
+
+  - file : The sftp file handle of the remote file in which uploaded data
+    is to be stored. (See sftp_open())
+
+  - file_size : The size of the local file to upload. This size can be
+    obtained by statting the local file to upload (e.g by using stat())
+
+  - We will need maintain a queue which will be used to store the sftp aio
+    handles corresponding to the outstanding requests.
+
+First, we issue the write requests while ensuring that their count
+doesn't exceed a particular limit decided by us, and the number of bytes
+requested to write don't exceed the size of the file to upload.
+
+@code
+sftp_aio aio = NULL;
+
+// The chunk size to use for the transfer
+size_t chunk_size;
+
+// For the limits structure that would be used by
+// the code to set the chunk size
+sftp_limits_t lim = NULL;
+
+// Max number of requests to keep outstanding at a time
+size_t in_flight_requests = 5;
+
+// Total number of bytes for which write requests have been sent
+size_t total_bytes_requested = 0;
+
+// Buffer to use for the upload
+char *buffer = NULL;
+
+// Helper variables
+size_t to_write;
+ssize_t bytes_requested;
+
+// Get the sftp limits
+lim = sftp_limits(sftp);
+if (lim == NULL) {
+    // handle error
+}
+
+// Set the chunk size for upload = the max limit for writing.
+// The reason for this has been given in the "Capping applied by
+// the sftp aio API" section (Its to make the code simpler)
+//
+// Assigning a size_t type variable a uint64_t type value here,
+// theoretically could cause an overflow, but practically
+// max_write_length would never exceed SIZE_MAX so its okay.
+chunk_size = lim->max_write_length;
+
+buffer = malloc(chunk_size);
+if (buffer == NULL) {
+    // handle error
+}
+
+... // Code to open the local file (to upload) [e.g using open(), fopen()].
+... // Code to stat the local file's file size [e.g using stat()].
+... // Code to open the remote file in which uploaded data will be stored [see
+    // sftp_open()].
+... // Code to initialize the queue which will be used to store sftp aio
+    // handles.
+
+for (i = 0;
+     i < in_flight_requests && total_bytes_requested < file_size;
+     ++i) {
+    to_write = file_size - total_bytes_requested;
+    if (to_write > chunk_size) {
+        to_write = chunk_size;
+    }
+
+    // Pseudo code
+    READ to_write bytes from the local file (to upload) into the buffer;
+
+    bytes_requested = sftp_aio_begin_write(file, buffer, to_write, &aio);
+    if (bytes_requested == SSH_ERROR) {
+        // handle error
+    }
+
+    if ((size_t)bytes_requested < to_write) {
+        // Should not happen for this code, as the to_write is <=
+        // max limit for writing (chunk size), so there is no reason
+        // for sftp_aio_begin_write() to return a lesser value.
+    }
+
+    total_bytes_requested += (size_t)bytes_requested;
+
+    // Pseudo code
+    ENQUEUE aio in the queue;
+}
+
+@endcode
+
+At this point, at max in_flight_requests number of requests may be
+outstanding. Now we wait for the response corresponding to the earliest
+issued outstanding request.
+
+On getting that response, we issue another write request if there are
+still some bytes in the local file (to upload) for which we haven't sent
+the write request. (This happens when total_bytes_requested < file_size)
+
+This issuing of another write request (under a condition) is done to
+keep the number of outstanding requests equal to the value of the
+in_flight_requests variable.
+
+This process has to be repeated for every remaining outstanding request.
+
+@code
+while (the queue is not empty) {
+    // Pseudo code
+    aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
+
+    // Wait for the response of the request corresponding to the aio
+    bytes_written = sftp_aio_wait_write(&aio);
+    if (bytes_written == SSH_ERROR) {
+        // handle error
+    }
+
+    // sftp_aio_wait_write() won't report a short write, so no need
+    // to check for a short write here.
+
+    if (total_bytes_requested == file_size) {
+        // no need to issue more write requests
+        continue;
+    }
+
+    // else issue a write request
+    to_write = file_size - total_bytes_requested;
+    if (to_write > chunk_size) {
+        to_write = chunk_size;
+    }
+
+    // Pseudo code
+    READ to_write bytes from the local file (to upload) into a buffer;
+
+    bytes_requested = sftp_aio_begin_write(file, buffer, to_write, &aio);
+    if (bytes_requested == SSH_ERROR) {
+        // handle error
+    }
+
+    if ((size_t)bytes_requested < to_write) {
+        // Should not happen for this code, as the to_write is <=
+        // max limit for writing (chunk size), so there is no reason
+        // for sftp_aio_begin_write() to return a lesser value.
+    }
+
+    total_bytes_requested += (size_t)bytes_requested;
+
+    // Pseudo code
+    ENQUEUE aio in the queue;
+}
+
+free(buffer);
+
+... // Code to destroy the queue which was used to store the sftp aio
+    // handles.
+@endcode
+
+After exiting the while (the queue is not empty) loop, the upload
+would've been complete (assuming no error occurs).
+
+@subsection sftp_aio_free Example showing the usage of sftp_aio_free()
+
+The purpose of sftp_aio_free() was discussed at the beginning of this page,
+the following code example shows how it can be used during cleanup.
+
+@code
+void print_sftp_error(sftp_session sftp)
+{
+    if (sftp == NULL) {
+        return;
+    }
+
+    fprintf(stderr, "sftp error : %d\n", sftp_get_error(sftp));
+    fprintf(stderr, "ssh error : %s\n", ssh_get_error(sftp->session));
+}
+
+// Returns 0 on success, -1 on error
+int write_strings(sftp_file file)
+{
+    const char * strings[] = {
+        "This is the first string",
+        "This is the second string",
+        "This is the third string",
+        "This is the fourth string"
+    };
+
+    size_t string_count = sizeof(strings) / sizeof(strings[0]);
+    size_t i;
+
+    sftp_session sftp = NULL;
+    sftp_aio aio = NULL;
+
+    int rc;
+
+    if (file == NULL) {
+        return -1;
+    }
+
+    ... // Code to initialize the queue which will be used to store sftp aio
+        // handles
+
+    sftp = file->sftp;
+    for (i = 0; i < string_count; ++i) {
+        rc = sftp_aio_begin_write(file,
+                                  strings[i],
+                                  strlen(strings[i]),
+                                  &aio);
+        if (rc == SSH_ERROR) {
+            print_sftp_error(sftp);
+            goto err;
+        }
+
+        // Pseudo code
+        ENQUEUE aio in the queue of sftp aio handles
+    }
+
+    for (i = 0; i < string_count; ++i) {
+        // Pseudo code
+        aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
+
+        rc = sftp_aio_wait_write(&aio);
+        if (rc == SSH_ERROR) {
+            print_sftp_error(sftp);
+            goto err;
+        }
+    }
+
+
+    ... // Code to destroy the queue in which sftp aio handles were
+        // stored
+
+    return 0;
+
+err:
+
+    while (queue is not empty) {
+        // Pseudo code
+        aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
+
+        sftp_aio_free(aio);
+    }
+
+    ... // Code to destroy the queue in which sftp aio handles were
+        // stored.
+
+    return -1;
+}
+
+@endcode
+
+*/
diff --git a/libssh/doc/shell.dox b/libssh/doc/shell.dox
index d770f27a..35fc5c9a 100644
--- a/libssh/doc/shell.dox
+++ b/libssh/doc/shell.dox
@@ -26,7 +26,7 @@ The code sample below achieves these tasks:
 @code
 int shell_session(ssh_session session)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   int rc;
 
   channel = ssh_channel_new(session);
@@ -65,8 +65,17 @@ to as a "pty", for "pseudo-teletype". The remote processes won't see the
 difference with a real text-oriented terminal.
 
 If needed, you request the pty with the function ssh_channel_request_pty().
-Then you define its dimensions (number of rows and columns)
-with ssh_channel_change_pty_size().
+If you want define its dimensions (number of rows and columns),
+call ssh_channel_request_pty_size() instead. It's also possible to change
+the dimensions after creating the pty with ssh_channel_change_pty_size().
+
+These two functions configure the pty using the same terminal modes that
+stdin has. If stdin isn't a TTY, they use default modes that configure
+the pty with in canonical mode and e.g. preserving CR and LF characters.
+If you want to change the terminal modes used by the pty (e.g. to change
+CRLF handling), use ssh_channel_request_pty_size_modes(). This function
+accepts an additional "modes" buffer that is expected to contain encoded
+terminal modes according to RFC 4254 section 8.
 
 Be your session interactive or not, the next step is to request a
 shell with ssh_channel_request_shell().
diff --git a/libssh/examples/CMakeLists.txt b/libssh/examples/CMakeLists.txt
index 466865f7..4fb842b0 100644
--- a/libssh/examples/CMakeLists.txt
+++ b/libssh/examples/CMakeLists.txt
@@ -29,6 +29,12 @@ if (UNIX AND NOT WIN32)
         add_executable(samplesftp samplesftp.c ${examples_SRCS})
         target_compile_options(samplesftp PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
         target_link_libraries(samplesftp ssh::ssh)
+
+        if (WITH_SERVER)
+            add_executable(sample_sftpserver sample_sftpserver.c ${examples_SRCS})
+            target_compile_options(sample_sftpserver PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+            target_link_libraries(sample_sftpserver ssh::ssh ${ARGP_LIBRARIES})
+        endif (WITH_SERVER)
     endif (WITH_SFTP)
 
     add_executable(ssh-client ssh_client.c ${examples_SRCS})
@@ -39,34 +45,34 @@ if (UNIX AND NOT WIN32)
     target_compile_options(ssh-X11-client PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
     target_link_libraries(ssh-X11-client ssh::ssh)
 
-    if (WITH_SERVER AND (ARGP_LIBRARY OR HAVE_ARGP_H))
+    if (WITH_SERVER AND (ARGP_LIBRARIES OR HAVE_ARGP_H))
         if (HAVE_LIBUTIL)
             add_executable(ssh_server_fork ssh_server.c)
             target_compile_options(ssh_server_fork PRIVATE ${DEFAULT_C_COMPILE_FLAGS} -DWITH_FORK)
-            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARY} util)
+            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARIES} util)
 
             add_executable(ssh_server_pthread ssh_server.c)
             target_compile_options(ssh_server_pthread PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(ssh_server_pthread ssh::ssh ${ARGP_LIBRARY} pthread util)
+            target_link_libraries(ssh_server_pthread ssh::ssh ${ARGP_LIBRARIES} pthread util)
         endif (HAVE_LIBUTIL)
 
         if (WITH_GSSAPI AND GSSAPI_FOUND)
             add_executable(proxy proxy.c)
             target_compile_options(proxy PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARY})
+            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARIES})
 
             add_executable(sshd_direct-tcpip sshd_direct-tcpip.c)
             target_compile_options(sshd_direct-tcpip PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARY})
+            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARIES})
         endif (WITH_GSSAPI AND GSSAPI_FOUND)
 
         add_executable(samplesshd-kbdint samplesshd-kbdint.c)
         target_compile_options(samplesshd-kbdint PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARY})
+        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARIES})
 
         add_executable(keygen2 keygen2.c ${examples_SRCS})
         target_compile_options(keygen2 PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(keygen2 ssh::ssh ${ARGP_LIBRARY})
+        target_link_libraries(keygen2 ssh::ssh ${ARGP_LIBRARIES})
 
     endif()
 endif (UNIX AND NOT WIN32)
@@ -75,9 +81,9 @@ if (WITH_SERVER)
     add_executable(samplesshd-cb samplesshd-cb.c)
     target_compile_options(samplesshd-cb PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
     target_link_libraries(samplesshd-cb ssh::ssh)
-    if (ARGP_LIBRARY OR HAVE_ARGP_H)
-        target_link_libraries(samplesshd-cb ${ARGP_LIBRARY})
-    endif(ARGP_LIBRARY OR HAVE_ARGP_H)
+    if (ARGP_LIBRARIES OR HAVE_ARGP_H)
+        target_link_libraries(samplesshd-cb ${ARGP_LIBRARIES})
+    endif(ARGP_LIBRARIES OR HAVE_ARGP_H)
 endif()
 
 add_executable(exec exec.c ${examples_SRCS})
diff --git a/libssh/examples/authentication.c b/libssh/examples/authentication.c
index 7c47c8bd..31de7cfc 100644
--- a/libssh/examples/authentication.c
+++ b/libssh/examples/authentication.c
@@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
 
     err = ssh_userauth_kbdint(session, NULL, NULL);
     while (err == SSH_AUTH_INFO) {
-        const char *instruction;
-        const char *name;
+        const char *instruction = NULL;
+        const char *name = NULL;
         char buffer[128];
         int i, n;
 
@@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
         }
 
         for (i = 0; i < n; i++) {
-            const char *answer;
-            const char *prompt;
+            const char *answer = NULL;
+            const char *prompt = NULL;
             char echo;
 
             prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
@@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
             }
 
             if (echo) {
-                char *p;
+                char *p = NULL;
 
                 printf("%s", prompt);
 
@@ -143,7 +143,7 @@ int authenticate_console(ssh_session session)
     int rc;
     int method;
     char password[128] = {0};
-    char *banner;
+    char *banner = NULL;
 
     // Try to authenticate
     rc = ssh_userauth_none(session, NULL);
diff --git a/libssh/examples/connect_ssh.c b/libssh/examples/connect_ssh.c
index c9e4ef6e..06094272 100644
--- a/libssh/examples/connect_ssh.c
+++ b/libssh/examples/connect_ssh.c
@@ -22,7 +22,7 @@ clients must be made or how a client should react.
 #include <stdio.h>
 
 ssh_session connect_ssh(const char *host, const char *user,int verbosity){
-  ssh_session session;
+  ssh_session session = NULL;
   int auth=0;
 
   session=ssh_new();
diff --git a/libssh/examples/exec.c b/libssh/examples/exec.c
index 77d3be47..f90df364 100644
--- a/libssh/examples/exec.c
+++ b/libssh/examples/exec.c
@@ -5,8 +5,8 @@
 #include "examples_common.h"
 
 int main(void) {
-    ssh_session session;
-    ssh_channel channel;
+    ssh_session session = NULL;
+    ssh_channel channel = NULL;
     char buffer[256];
     int rbytes, wbytes, total = 0;
     int rc;
diff --git a/libssh/examples/keygen.c b/libssh/examples/keygen.c
index 2ab00113..99f8c98c 100644
--- a/libssh/examples/keygen.c
+++ b/libssh/examples/keygen.c
@@ -27,14 +27,14 @@ int main(void)
     rv = ssh_pki_generate(SSH_KEYTYPE_ED25519, 0, &key);
     if (rv != SSH_OK) {
         fprintf(stderr, "Failed to generate private key");
-	return -1;
+        return -1;
     }
 
-    /* Write it to a file testkey in the current dirrectory */
+    /* Write it to a file testkey in the current directory */
     rv = ssh_pki_export_privkey_file(key, NULL, NULL, NULL, "testkey");
     if (rv != SSH_OK) {
         fprintf(stderr, "Failed to write private key file");
-	return -1;
+        return -1;
     }
 
     return 0;
diff --git a/libssh/examples/keygen2.c b/libssh/examples/keygen2.c
index 82aae7e9..5a8806fc 100644
--- a/libssh/examples/keygen2.c
+++ b/libssh/examples/keygen2.c
@@ -38,6 +38,7 @@ struct arguments_st {
     unsigned long bits;
     char *file;
     char *passphrase;
+    char *format;
     int action_list;
 };
 
@@ -52,7 +53,6 @@ static struct argp_option options[] = {
                  "Accepted values are: "
                  "1024, 2048, 3072 (default), 4096, and 8192 for TYPE=\"rsa\"; "
                  "256 (default), 384, and 521 for TYPE=\"ecdsa\"; "
-                 "1024 (default) and 2048 for TYPE=\"dsa\"; "
                  "can be omitted for TYPE=\"ed25519\" "
                  "(it will be ignored if provided).\n",
         .group = 0
@@ -86,7 +86,7 @@ static struct argp_option options[] = {
         .flags = 0,
         .doc   = "The type of the key to be generated. "
                  "Accepted values are: "
-                 "\"rsa\", \"ecdsa\", \"ed25519\", and \"dsa\".\n",
+                 "\"rsa\", \"ecdsa\", and \"ed25519\".\n",
         .group = 0
     },
     {
@@ -97,6 +97,16 @@ static struct argp_option options[] = {
         .doc   = "List the Fingerprint of the given key\n",
         .group = 0
     },
+    {
+        .name  = "format",
+        .key   = 'm',
+        .arg   = "FORMAT",
+        .flags = 0,
+        .doc   = "Write the file in specific format. The supported values are "
+                "'PEM'and 'OpenSSH' file format. By default Ed25519 "
+                "keys are exported in OpenSSH format and others in PEM.\n",
+        .group = 0
+    },
     {
         /* End of the options */
         0
@@ -153,9 +163,6 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
             if (!strcmp(arg, "rsa")) {
                 arguments->type = SSH_KEYTYPE_RSA;
             }
-            else if (!strcmp(arg, "dsa")) {
-                arguments->type = SSH_KEYTYPE_DSS;
-            }
             else if (!strcmp(arg, "ecdsa")) {
                 arguments->type = SSH_KEYTYPE_ECDSA;
             }
@@ -172,6 +179,9 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
         case 'l':
             arguments->action_list = 1;
             break;
+        case 'm':
+            arguments->format = strdup(arg);
+            break;
         case ARGP_KEY_ARG:
             if (state->arg_num > 0) {
                 /* Too many arguments. */
@@ -253,29 +263,6 @@ static int validate_args(struct arguments_st *args)
             }
         }
 
-        break;
-    case SSH_KEYTYPE_DSS:
-        switch (args->bits) {
-        case 0:
-            /* If not provided, use default value */
-            args->bits = 1024;
-            break;
-        case 1024:
-        case 2048:
-            break;
-        default:
-            fprintf(stderr, "Error: Invalid bits parameter provided\n");
-            rc = EINVAL;
-            break;
-        }
-        if (args->file == NULL) {
-            args->file = strdup("id_dsa");
-            if (args->file == NULL) {
-                rc = ENOMEM;
-                break;
-            }
-        }
-
         break;
     case SSH_KEYTYPE_ED25519:
         /* Ignore value and overwrite with a zero */
@@ -323,6 +310,7 @@ list_fingerprint(char *file)
     rc = ssh_get_publickey_hash(key, SSH_PUBLICKEY_HASH_SHA256, &hash, &hlen);
     if (rc != SSH_OK) {
         fprintf(stderr, "Failed to get key fingerprint\n");
+        ssh_key_free(key);
         return;
     }
     ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
@@ -409,8 +397,36 @@ int main(int argc, char *argv[])
     }
 
     /* Write the private key */
-    rc = ssh_pki_export_privkey_file(key, arguments.passphrase, NULL, NULL,
-                                     arguments.file);
+    if (arguments.format != NULL) {
+        if (strcasecmp(arguments.format, "PEM") == 0) {
+            rc = ssh_pki_export_privkey_file_format(key,
+                                                    arguments.passphrase,
+                                                    NULL,
+                                                    NULL,
+                                                    arguments.file,
+                                                    SSH_FILE_FORMAT_PEM);
+        } else if (strcasecmp(arguments.format, "OpenSSH") == 0) {
+            rc = ssh_pki_export_privkey_file_format(key,
+                                                    arguments.passphrase,
+                                                    NULL,
+                                                    NULL,
+                                                    arguments.file,
+                                                    SSH_FILE_FORMAT_OPENSSH);
+        } else {
+            rc = ssh_pki_export_privkey_file_format(key,
+                                                    arguments.passphrase,
+                                                    NULL,
+                                                    NULL,
+                                                    arguments.file,
+                                                    SSH_FILE_FORMAT_DEFAULT);
+        }
+    } else {
+        rc = ssh_pki_export_privkey_file(key,
+                                         arguments.passphrase,
+                                         NULL,
+                                         NULL,
+                                         arguments.file);
+    }
     if (rc != SSH_OK) {
         fprintf(stderr, "Error: Failed to write private key file");
         goto end;
diff --git a/libssh/examples/knownhosts.c b/libssh/examples/knownhosts.c
index 0726bfa8..2857a085 100644
--- a/libssh/examples/knownhosts.c
+++ b/libssh/examples/knownhosts.c
@@ -38,7 +38,7 @@ int verify_knownhost(ssh_session session)
     char buf[10];
     unsigned char *hash = NULL;
     size_t hlen;
-    ssh_key srv_pubkey;
+    ssh_key srv_pubkey = NULL;
     int rc;
 
     rc = ssh_get_server_publickey(session, &srv_pubkey);
diff --git a/libssh/examples/libssh_scp.c b/libssh/examples/libssh_scp.c
index 6fdf8a4f..fc2ceeb7 100644
--- a/libssh/examples/libssh_scp.c
+++ b/libssh/examples/libssh_scp.c
@@ -26,9 +26,9 @@ program.
 #define BUF_SIZE 16384
 #endif
 
-static char **sources;
+static char **sources = NULL;
 static int nsources;
-static char *destination;
+static char *destination = NULL;
 static int verbosity = 0;
 
 struct location {
@@ -114,9 +114,10 @@ static void location_free(struct location *loc)
     }
 }
 
-static struct location *parse_location(char *loc) {
-    struct location *location;
-    char *ptr;
+static struct location *parse_location(char *loc)
+{
+    struct location *location = NULL;
+    char *ptr = NULL;
 
     location = malloc(sizeof(struct location));
     if (location == NULL) {
@@ -229,11 +230,11 @@ static int open_location(struct location *loc, int flag) {
             return -1;
         }
         return 0;
-    } else {
+    } else if (loc->path != NULL) {
         loc->file = fopen(loc->path, flag == READ ? "r":"w");
         if (!loc->file) {
             if (errno == EISDIR) {
-                if (loc->path != NULL && chdir(loc->path)) {
+                if (chdir(loc->path)) {
                     fprintf(stderr,
                             "Error changing directory to %s: %s\n",
                             loc->path, strerror(errno));
diff --git a/libssh/examples/proxy.c b/libssh/examples/proxy.c
index 159a37e5..ab69b18e 100644
--- a/libssh/examples/proxy.c
+++ b/libssh/examples/proxy.c
@@ -35,8 +35,8 @@ clients must be made or how a client should react.
 static int authenticated=0;
 static int tries = 0;
 static int error = 0;
-static ssh_channel chan=NULL;
-static char *username;
+static ssh_channel chan = NULL;
+static char *username = NULL;
 static ssh_gssapi_creds client_creds = NULL;
 
 static int auth_password(ssh_session session, const char *user,
@@ -142,20 +142,12 @@ static struct argp_option options[] = {
         .doc   = "Set the host key.",
         .group = 0
     },
-    {
-        .name  = "dsakey",
-        .key   = 'd',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the dsa key.",
-        .group = 0
-    },
     {
         .name  = "rsakey",
         .key   = 'r',
         .arg   = "FILE",
         .flags = 0,
-        .doc   = "Set the rsa key.",
+        .doc   = "Set the rsa host key (deprecated alias to 'k').",
         .group = 0
     },
     {
@@ -180,15 +172,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
         case 'p':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
             break;
-        case 'd':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
-            break;
+        case 'r':
+            /* deprecated */
         case 'k':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
             break;
-        case 'r':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
-            break;
         case 'v':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
             break;
@@ -216,11 +204,12 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */
 
-int main(int argc, char **argv){
-    ssh_session session;
-    ssh_bind sshbind;
-    ssh_event mainloop;
-    ssh_session client_session;
+int main(int argc, char **argv)
+{
+    ssh_session session = NULL;
+    ssh_bind sshbind = NULL;
+    ssh_event mainloop = NULL;
+    ssh_session client_session = NULL;
 
     struct ssh_server_callbacks_struct cb = {
         .userdata = NULL,
@@ -231,13 +220,13 @@ int main(int argc, char **argv){
 
     char buf[BUF_SIZE];
     char host[128]="";
-    char *ptr;
+    char *ptr = NULL;
     int i,r, rc;
 
     sshbind=ssh_bind_new();
     session=ssh_new();
 
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "sshd_rsa");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, "sshd_rsa");
 
 #ifdef HAVE_ARGP_H
     /*
@@ -348,4 +337,3 @@ int main(int argc, char **argv){
     ssh_finalize();
     return 0;
 }
-
diff --git a/libssh/examples/sample_sftpserver.c b/libssh/examples/sample_sftpserver.c
new file mode 100644
index 00000000..b96f4ef7
--- /dev/null
+++ b/libssh/examples/sample_sftpserver.c
@@ -0,0 +1,515 @@
+/* This is a sample implementation of a libssh based SSH server */
+/*
+Copyright 2014 Audrius Butkevicius
+
+This file is part of the SSH Library
+
+You are free to copy this file, modify it in any way, consider it being public
+domain. This does not apply to the rest of the library though, but it is
+allowed to cut-and-paste working code from this file to any license of
+program.
+The goal is to show the API in action.
+*/
+
+#include "config.h"
+
+#include <libssh/callbacks.h>
+#include <libssh/server.h>
+#include <libssh/sftp.h>
+#include <libssh/sftpserver.h>
+
+#include <poll.h>
+#ifdef HAVE_ARGP_H
+#include <argp.h>
+#endif
+#include <fcntl.h>
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+#include <signal.h>
+#include <stdlib.h>
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <stdbool.h>
+
+/* below are for sftp */
+#include <sys/statvfs.h>
+#include <errno.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <time.h>
+#include <inttypes.h>
+
+#ifndef KEYS_FOLDER
+#ifdef _WIN32
+#define KEYS_FOLDER
+#else
+#define KEYS_FOLDER "/etc/ssh/"
+#endif
+#endif
+
+#define USER "myuser"
+#define PASS "mypassword"
+#define BUF_SIZE 1048576
+#define SESSION_END (SSH_CLOSED | SSH_CLOSED_ERROR)
+
+static void set_default_keys(ssh_bind sshbind,
+                             int rsa_already_set,
+                             int ecdsa_already_set)
+{
+    if (!rsa_already_set)
+    {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
+                             KEYS_FOLDER "ssh_host_rsa_key");
+    }
+    if (!ecdsa_already_set)
+    {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
+                             KEYS_FOLDER "ssh_host_ecdsa_key");
+    }
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
+                         KEYS_FOLDER "ssh_host_ed25519_key");
+}
+#define DEF_STR_SIZE 1024
+char authorizedkeys[DEF_STR_SIZE] = {0};
+#ifdef HAVE_ARGP_H
+const char *argp_program_version = "libssh sftp server example " SSH_STRINGIFY(LIBSSH_VERSION);
+const char *argp_program_bug_address = "<libssh@libssh.org>";
+
+/* Program documentation. */
+static char doc[] = "Sftp server implemented with libssh -- a Secure Shell protocol implementation";
+
+/* A description of the arguments we accept. */
+static char args_doc[] = "BINDADDR";
+
+/* The options we understand. */
+static struct argp_option options[] = {
+    {.name = "port",
+     .key = 'p',
+     .arg = "PORT",
+     .flags = 0,
+     .doc = "Set the port to bind.",
+     .group = 0},
+    {.name = "hostkey",
+     .key = 'k',
+     .arg = "FILE",
+     .flags = 0,
+     .doc = "Set a host key.  Can be used multiple times.  "
+            "Implies no default keys.",
+     .group = 0},
+    {.name = "rsakey",
+     .key = 'r',
+     .arg = "FILE",
+     .flags = 0,
+     .doc = "Set the rsa key.",
+     .group = 0},
+    {.name = "ecdsakey",
+     .key = 'e',
+     .arg = "FILE",
+     .flags = 0,
+     .doc = "Set the ecdsa key.",
+     .group = 0},
+    {.name = "authorizedkeys",
+     .key = 'a',
+     .arg = "FILE",
+     .flags = 0,
+     .doc = "Set the authorized keys file.",
+     .group = 0},
+    {.name = "no-default-keys",
+     .key = 'n',
+     .arg = NULL,
+     .flags = 0,
+     .doc = "Do not set default key locations.",
+     .group = 0},
+    {.name = "verbose",
+     .key = 'v',
+     .arg = NULL,
+     .flags = 0,
+     .doc = "Get verbose output.",
+     .group = 0},
+    {NULL, 0, NULL, 0, NULL, 0}};
+
+/* Parse a single option. */
+static error_t parse_opt(int key, char *arg, struct argp_state *state)
+{
+    /* Get the input argument from argp_parse, which we
+     * know is a pointer to our arguments structure. */
+    ssh_bind sshbind = state->input;
+    static int no_default_keys = 0;
+    static int rsa_already_set = 0, ecdsa_already_set = 0;
+
+    switch (key)
+    {
+    case 'n':
+        no_default_keys = 1;
+        break;
+    case 'p':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
+        break;
+    case 'k':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+        /* We can't track the types of keys being added with this
+           option, so let's ensure we keep the keys we're adding
+           by just not setting the default keys */
+        no_default_keys = 1;
+        break;
+    case 'r':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+        rsa_already_set = 1;
+        break;
+    case 'e':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+        ecdsa_already_set = 1;
+        break;
+    case 'a':
+        strncpy(authorizedkeys, arg, DEF_STR_SIZE - 1);
+        break;
+    case 'v':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
+                             "3");
+        break;
+    case ARGP_KEY_ARG:
+        if (state->arg_num >= 1)
+        {
+            /* Too many arguments. */
+            argp_usage(state);
+        }
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, arg);
+        break;
+    case ARGP_KEY_END:
+        if (state->arg_num < 1)
+        {
+            /* Not enough arguments. */
+            argp_usage(state);
+        }
+
+        if (!no_default_keys)
+        {
+            set_default_keys(sshbind,
+                             rsa_already_set,
+                             ecdsa_already_set);
+        }
+
+        break;
+    default:
+        return ARGP_ERR_UNKNOWN;
+    }
+    return 0;
+}
+
+/* Our argp parser. */
+static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
+#endif /* HAVE_ARGP_H */
+
+/* A userdata struct for channel. */
+struct channel_data_struct
+{
+    /* Event which is used to poll the above descriptors. */
+    ssh_event event;
+    sftp_session sftp;
+};
+
+/* A userdata struct for session. */
+struct session_data_struct
+{
+    /* Pointer to the channel the session will allocate. */
+    ssh_channel channel;
+    int auth_attempts;
+    int authenticated;
+};
+
+static int auth_password(ssh_session session, const char *user,
+                         const char *pass, void *userdata)
+{
+    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
+
+    (void)session;
+
+    if (strcmp(user, USER) == 0 && strcmp(pass, PASS) == 0)
+    {
+        sdata->authenticated = 1;
+        return SSH_AUTH_SUCCESS;
+    }
+
+    sdata->auth_attempts++;
+    return SSH_AUTH_DENIED;
+}
+
+static int auth_publickey(ssh_session session,
+                          const char *user,
+                          struct ssh_key_struct *pubkey,
+                          char signature_state,
+                          void *userdata)
+{
+    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
+
+    (void)session;
+    (void)user;
+
+    if (signature_state == SSH_PUBLICKEY_STATE_NONE)
+    {
+        return SSH_AUTH_SUCCESS;
+    }
+
+    if (signature_state != SSH_PUBLICKEY_STATE_VALID)
+    {
+        return SSH_AUTH_DENIED;
+    }
+
+    // valid so far.  Now look through authorized keys for a match
+    if (authorizedkeys[0])
+    {
+        ssh_key key = NULL;
+        int result;
+        struct stat buf;
+
+        if (stat(authorizedkeys, &buf) == 0)
+        {
+            result = ssh_pki_import_pubkey_file(authorizedkeys, &key);
+            if ((result != SSH_OK) || (key == NULL))
+            {
+                fprintf(stderr,
+                        "Unable to import public key file %s\n",
+                        authorizedkeys);
+            }
+            else
+            {
+                result = ssh_key_cmp(key, pubkey, SSH_KEY_CMP_PUBLIC);
+                ssh_key_free(key);
+                if (result == 0)
+                {
+                    sdata->authenticated = 1;
+                    return SSH_AUTH_SUCCESS;
+                }
+            }
+        }
+    }
+
+    // no matches
+    sdata->authenticated = 0;
+    return SSH_AUTH_DENIED;
+}
+
+static ssh_channel channel_open(ssh_session session, void *userdata)
+{
+    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
+
+    sdata->channel = ssh_channel_new(session);
+    return sdata->channel;
+}
+
+static void handle_session(ssh_event event, ssh_session session)
+{
+    int n;
+
+    /* Our struct holding information about the channel. */
+    struct channel_data_struct cdata = {
+        .sftp = NULL,
+    };
+
+    /* Our struct holding information about the session. */
+    struct session_data_struct sdata = {
+        .channel = NULL,
+        .auth_attempts = 0,
+        .authenticated = 0,
+    };
+
+    struct ssh_channel_callbacks_struct channel_cb = {
+        .userdata = &(cdata.sftp),
+        .channel_data_function = sftp_channel_default_data_callback,
+        .channel_subsystem_request_function = sftp_channel_default_subsystem_request,
+    };
+
+    struct ssh_server_callbacks_struct server_cb = {
+        .userdata = &sdata,
+        .auth_password_function = auth_password,
+        .channel_open_request_session_function = channel_open,
+    };
+
+    if (authorizedkeys[0])
+    {
+        server_cb.auth_pubkey_function = auth_publickey;
+        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_PUBLICKEY);
+    }
+    else
+        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD);
+
+    ssh_callbacks_init(&server_cb);
+    ssh_callbacks_init(&channel_cb);
+
+    ssh_set_server_callbacks(session, &server_cb);
+
+    if (ssh_handle_key_exchange(session) != SSH_OK)
+    {
+        fprintf(stderr, "%s\n", ssh_get_error(session));
+        return;
+    }
+
+    ssh_event_add_session(event, session);
+
+    n = 0;
+    while (sdata.authenticated == 0 || sdata.channel == NULL) {
+        /* If the user has used up all attempts, or if he hasn't been able to
+         * authenticate in 10 seconds (n * 100ms), disconnect. */
+        if (sdata.auth_attempts >= 3 || n >= 100) {
+            return;
+        }
+
+        if (ssh_event_dopoll(event, 100) == SSH_ERROR) {
+            fprintf(stderr, "%s\n", ssh_get_error(session));
+            return;
+        }
+        n++;
+    }
+
+    ssh_set_channel_callbacks(sdata.channel, &channel_cb);
+
+    do {
+        /* Poll the main event which takes care of the session, the channel and
+         * even our child process's stdout/stderr (once it's started). */
+        if (ssh_event_dopoll(event, -1) == SSH_ERROR) {
+            ssh_channel_close(sdata.channel);
+        }
+
+        /* If child process's stdout/stderr has been registered with the event,
+         * or the child process hasn't started yet, continue. */
+        if (cdata.event != NULL) {
+            continue;
+        }
+        /* FIXME The server keeps hanging in the poll above when the client
+         * closes the channel */
+    } while (ssh_channel_is_open(sdata.channel));
+
+    ssh_channel_send_eof(sdata.channel);
+    ssh_channel_close(sdata.channel);
+
+    /* Wait up to 5 seconds for the client to terminate the session. */
+    for (n = 0; n < 50 && (ssh_get_status(session) & SESSION_END) == 0; n++) {
+        ssh_event_dopoll(event, 100);
+    }
+}
+
+/* SIGCHLD handler for cleaning up dead children. */
+static void sigchld_handler(int signo)
+{
+    (void)signo;
+
+    while (waitpid(-1, NULL, WNOHANG) > 0)
+        ;
+}
+
+int main(int argc, char **argv)
+{
+    ssh_bind sshbind = NULL;
+    ssh_session session = NULL;
+    ssh_event event = NULL;
+    struct sigaction sa;
+    int rc;
+
+    /* Set up SIGCHLD handler. */
+    sa.sa_handler = sigchld_handler;
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART | SA_NOCLDSTOP;
+    if (sigaction(SIGCHLD, &sa, NULL) != 0)
+    {
+        fprintf(stderr, "Failed to register SIGCHLD handler\n");
+        return 1;
+    }
+
+    rc = ssh_init();
+    if (rc < 0)
+    {
+        fprintf(stderr, "ssh_init failed\n");
+        goto exit;
+    }
+
+    sshbind = ssh_bind_new();
+    if (sshbind == NULL)
+    {
+        fprintf(stderr, "ssh_bind_new failed\n");
+        goto exit;
+    }
+
+#ifdef HAVE_ARGP_H
+    argp_parse(&argp, argc, argv, 0, 0, sshbind);
+#else
+    (void)argc;
+    (void)argv;
+
+    set_default_keys(sshbind, 0, 0);
+#endif /* HAVE_ARGP_H */
+
+    if (ssh_bind_listen(sshbind) < 0)
+    {
+        fprintf(stderr, "%s\n", ssh_get_error(sshbind));
+        goto exit;
+    }
+
+    while (1)
+    {
+        session = ssh_new();
+        if (session == NULL)
+        {
+            fprintf(stderr, "Failed to allocate session\n");
+            continue;
+        }
+
+        /* Blocks until there is a new incoming connection. */
+        if (ssh_bind_accept(sshbind, session) != SSH_ERROR)
+        {
+            switch (fork())
+            {
+            case 0:
+                /* Remove the SIGCHLD handler inherited from parent. */
+                sa.sa_handler = SIG_DFL;
+                sigaction(SIGCHLD, &sa, NULL);
+                /* Remove socket binding, which allows us to restart the
+                 * parent process, without terminating existing sessions. */
+                ssh_bind_free(sshbind);
+
+                event = ssh_event_new();
+                if (event != NULL)
+                {
+                    /* Blocks until the SSH session ends by either
+                     * child process exiting, or client disconnecting. */
+                    handle_session(event, session);
+                    ssh_event_free(event);
+                }
+                else
+                {
+                    fprintf(stderr, "Could not create polling context\n");
+                }
+                ssh_disconnect(session);
+                ssh_free(session);
+
+                exit(0);
+            case -1:
+                fprintf(stderr, "Failed to fork\n");
+            }
+        }
+        else
+        {
+            fprintf(stderr, "%s\n", ssh_get_error(sshbind));
+        }
+        /* Since the session has been passed to a child fork, do some cleaning
+         * up at the parent process. */
+        ssh_disconnect(session);
+        ssh_free(session);
+    }
+
+exit:
+    ssh_bind_free(sshbind);
+    ssh_finalize();
+    return 0;
+}
diff --git a/libssh/examples/samplesftp.c b/libssh/examples/samplesftp.c
index 9c8cd34a..d82a556a 100644
--- a/libssh/examples/samplesftp.c
+++ b/libssh/examples/samplesftp.c
@@ -33,21 +33,18 @@ clients must be made or how a client should react.
 #define BUF_SIZE 65536
 #endif
 
-static int verbosity;
-static char *destination;
-
 static void do_sftp(ssh_session session) {
     sftp_session sftp = sftp_new(session);
     sftp_dir dir;
     sftp_attributes file;
     sftp_statvfs_t sftpstatvfs;
     struct statvfs sysstatvfs;
-    sftp_file fichier;
+    sftp_file source;
     sftp_file to;
     int len = 1;
     unsigned int i;
     char data[BUF_SIZE] = {0};
-    char *lnk;
+    char *lnk = NULL;
 
     unsigned int count;
 
@@ -86,6 +83,7 @@ static void do_sftp(ssh_session session) {
         goto end;
     }
     printf("readlink /tmp/sftp_symlink_test: %s\n", lnk);
+    ssh_string_free_char(lnk);
 
     sftp_unlink(sftp, "/tmp/sftp_symlink_test");
 
@@ -173,7 +171,7 @@ static void do_sftp(ssh_session session) {
         sftp_attributes_free(file);
     }
 
-    /* when file = NULL, an error has occured OR the directory listing is end of
+    /* when file = NULL, an error has occurred OR the directory listing is end of
      * file */
     if (!sftp_dir_eof(dir)) {
         fprintf(stderr, "Error: %s\n", ssh_get_error(session));
@@ -188,8 +186,8 @@ static void do_sftp(ssh_session session) {
     /* the small buffer size was intended to stress the library. of course, you
      * can use a buffer till 20kbytes without problem */
 
-    fichier = sftp_open(sftp, "/usr/bin/ssh", O_RDONLY, 0);
-    if (!fichier) {
+    source = sftp_open(sftp, "/usr/bin/ssh", O_RDONLY, 0);
+    if (!source) {
         fprintf(stderr, "Error opening /usr/bin/ssh: %s\n",
                 ssh_get_error(session));
         goto end;
@@ -200,16 +198,16 @@ static void do_sftp(ssh_session session) {
     if (!to) {
         fprintf(stderr, "Error opening ssh-copy for writing: %s\n",
                 ssh_get_error(session));
-        sftp_close(fichier);
+        sftp_close(source);
         goto end;
     }
 
-    while ((len = sftp_read(fichier, data, 4096)) > 0) {
+    while ((len = sftp_read(source, data, 4096)) > 0) {
         if (sftp_write(to, data, len) != len) {
             fprintf(stderr, "Error writing %d bytes: %s\n",
                     len, ssh_get_error(session));
             sftp_close(to);
-            sftp_close(fichier);
+            sftp_close(source);
             goto end;
         }
     }
@@ -219,10 +217,10 @@ static void do_sftp(ssh_session session) {
         fprintf(stderr, "Error reading file: %s\n", ssh_get_error(session));
     }
 
-    sftp_close(fichier);
+    sftp_close(source);
     sftp_close(to);
-    printf("fichiers ferm\n");
-    to = sftp_open(sftp, "/tmp/grosfichier", O_WRONLY|O_CREAT, 0644);
+    printf("file closed\n");
+    to = sftp_open(sftp, "/tmp/large_file", O_WRONLY|O_CREAT, 0644);
 
     for (i = 0; i < 1000; ++i) {
         len = sftp_write(to, data, sizeof(data));
@@ -243,50 +241,63 @@ static void usage(const char *argv0) {
     fprintf(stderr, "Usage : %s [-v] remotehost\n"
             "sample sftp test client - libssh-%s\n"
             "Options :\n"
+            "  -l user : log in as user\n"
+            "  -p port : connect to port\n"
             "  -v : increase log verbosity\n",
             argv0,
             ssh_version(0));
     exit(0);
 }
 
-static int opts(int argc, char **argv) {
-    int i;
-
-    while ((i = getopt(argc, argv, "v")) != -1) {
-        switch(i) {
-        case 'v':
-            verbosity++;
-            break;
-        default:
-            fprintf(stderr, "unknown option %c\n", optopt);
-            usage(argv[0]);
-            return -1;
-        }
-    }
+int main(int argc, char **argv)
+{
+    ssh_session session = NULL;
+    char *destination = NULL;
+    int auth = 0;
+    int state;
 
-    destination = argv[optind];
-    if (destination == NULL) {
+    ssh_init();
+    session = ssh_new();
+
+    if (ssh_options_getopt(session, &argc, argv)) {
+        fprintf(stderr,
+                "Error parsing command line: %s\n",
+                ssh_get_error(session));
+        ssh_free(session);
+        ssh_finalize();
         usage(argv[0]);
-        return -1;
+        return EXIT_FAILURE;
     }
-    return 0;
-}
+    if (argc < 1) {
+        usage(argv[0]);
+        return EXIT_FAILURE;
+    }
+    destination = argv[1];
 
-int main(int argc, char **argv) {
-    ssh_session session;
+    if (ssh_options_set(session, SSH_OPTIONS_HOST, destination) < 0) {
+        return -1;
+    }
+    if (ssh_connect(session)) {
+        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
+        return -1;
+    }
 
-    if (opts(argc, argv) < 0) {
-        return EXIT_FAILURE;
+    state = verify_knownhost(session);
+    if (state != 0) {
+        return -1;
     }
 
-    session = connect_ssh(destination, NULL, verbosity);
-    if (session == NULL) {
-        return EXIT_FAILURE;
+    auth = authenticate_console(session);
+    if (auth != SSH_AUTH_SUCCESS) {
+        return -1;
     }
 
     do_sftp(session);
     ssh_disconnect(session);
     ssh_free(session);
+
+    ssh_finalize();
+
     return 0;
 }
 
diff --git a/libssh/examples/samplesshd-cb.c b/libssh/examples/samplesshd-cb.c
index e5b48994..31e035ff 100644
--- a/libssh/examples/samplesshd-cb.c
+++ b/libssh/examples/samplesshd-cb.c
@@ -172,20 +172,12 @@ static struct argp_option options[] = {
         .doc   = "Set the host key.",
         .group = 0
     },
-    {
-        .name  = "dsakey",
-        .key   = 'd',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the dsa key.",
-        .group = 0
-    },
     {
         .name  = "rsakey",
         .key   = 'r',
         .arg   = "FILE",
         .flags = 0,
-        .doc   = "Set the rsa key.",
+        .doc   = "Set the rsa key (deprecated alias for 'k').",
         .group = 0
     },
     {
@@ -218,15 +210,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
         case 'p':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
             break;
-        case 'd':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
-            break;
+        case 'r':
         case 'k':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
             break;
-        case 'r':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
-            break;
         case 'v':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
             break;
@@ -257,10 +244,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */
 
-int main(int argc, char **argv){
-    ssh_session session;
-    ssh_bind sshbind;
-    ssh_event mainloop;
+int main(int argc, char **argv)
+{
+    ssh_session session = NULL;
+    ssh_bind sshbind = NULL;
+    ssh_event mainloop = NULL;
     struct ssh_server_callbacks_struct cb = {
         .userdata = NULL,
         .auth_none_function = auth_none,
@@ -278,8 +266,7 @@ int main(int argc, char **argv){
     sshbind=ssh_bind_new();
     session=ssh_new();
 
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, KEYS_FOLDER "ssh_host_dsa_key");
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
 
 #ifdef HAVE_ARGP_H
     /*
@@ -353,4 +340,3 @@ int main(int argc, char **argv){
     ssh_finalize();
     return 0;
 }
-
diff --git a/libssh/examples/samplesshd-kbdint.c b/libssh/examples/samplesshd-kbdint.c
index 9b09cf27..919eb338 100644
--- a/libssh/examples/samplesshd-kbdint.c
+++ b/libssh/examples/samplesshd-kbdint.c
@@ -112,20 +112,12 @@ static struct argp_option options[] = {
     .doc   = "Set the host key.",
     .group = 0
   },
-  {
-    .name  = "dsakey",
-    .key   = 'd',
-    .arg   = "FILE",
-    .flags = 0,
-    .doc   = "Set the dsa key.",
-    .group = 0
-  },
   {
     .name  = "rsakey",
     .key   = 'r',
     .arg   = "FILE",
     .flags = 0,
-    .doc   = "Set the rsa key.",
+    .doc   = "Set the rsa key (deprecated alias for 'k').",
     .group = 0
   },
   {
@@ -151,15 +143,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
       ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
       port = atoi(arg);
       break;
-    case 'd':
-      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
-      break;
+    case 'r':
     case 'k':
       ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
       break;
-    case 'r':
-      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
-      break;
     case 'v':
       ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
       break;
@@ -187,8 +174,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */
 
-static const char *name;
-static const char *instruction;
+static const char *name = NULL;
+static const char *instruction = NULL;
 static const char *prompts[2];
 static char echo[] = { 1, 0 };
 
@@ -292,11 +279,12 @@ static int authenticate(ssh_session session) {
     return 0;
 }
 
-int main(int argc, char **argv){
-    ssh_session session;
-    ssh_bind sshbind;
-    ssh_message message;
-    ssh_channel chan=0;
+int main(int argc, char **argv)
+{
+    ssh_session session = NULL;
+    ssh_bind sshbind = NULL;
+    ssh_message message = NULL;
+    ssh_channel chan = NULL;
     char buf[BUF_SIZE];
     int auth=0;
     int shell=0;
@@ -306,10 +294,8 @@ int main(int argc, char **argv){
     sshbind=ssh_bind_new();
     session=ssh_new();
 
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY,
-                                            KEYS_FOLDER "ssh_host_dsa_key");
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
-                                            KEYS_FOLDER "ssh_host_rsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
+                         KEYS_FOLDER "ssh_host_rsa_key");
 
 #ifdef HAVE_ARGP_H
     /*
@@ -369,9 +355,9 @@ int main(int argc, char **argv){
         }
     } while(!chan);
 
-    if(!chan) {
-        printf("Error: cleint did not ask for a channel session (%s)\n",
-                                                    ssh_get_error(session));
+    if (!chan) {
+        printf("Error: client did not ask for a channel session (%s)\n",
+               ssh_get_error(session));
         ssh_finalize();
         return 1;
     }
@@ -426,4 +412,3 @@ int main(int argc, char **argv){
     ssh_finalize();
     return 0;
 }
-
diff --git a/libssh/examples/scp_download.c b/libssh/examples/scp_download.c
index e6c1e796..dcaa2cb7 100644
--- a/libssh/examples/scp_download.c
+++ b/libssh/examples/scp_download.c
@@ -108,7 +108,7 @@ static int fetch_files(ssh_session session){
   int size;
   char buffer[BUF_SIZE];
   int mode;
-  char *filename;
+  char *filename = NULL;
   int r;
   ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*");
   if(ssh_scp_init(scp) != SSH_OK){
@@ -167,7 +167,7 @@ static int fetch_files(ssh_session session){
 }
 
 int main(int argc, char **argv){
-  ssh_session session;
+  ssh_session session = NULL;
   if(opts(argc,argv)<0)
     return EXIT_FAILURE;
   session=connect_ssh(host,NULL,verbosity);
diff --git a/libssh/examples/senddata.c b/libssh/examples/senddata.c
index 21181fb9..78383a2b 100644
--- a/libssh/examples/senddata.c
+++ b/libssh/examples/senddata.c
@@ -6,7 +6,7 @@
 #define LIMIT 0x100000000UL
 
 int main(void) {
-  ssh_session session;
+  ssh_session session = NULL;
   ssh_channel channel;
   char buffer[1024*1024];
   int rc;
@@ -47,7 +47,7 @@ int main(void) {
     if(total > LIMIT)
       break;
   }
-    
+
   if (rc < 0) {
     printf("error : %s\n",ssh_get_error(session));
     ssh_channel_close(channel);
diff --git a/libssh/examples/ssh_X11_client.c b/libssh/examples/ssh_X11_client.c
index 369b9b4a..195b259b 100644
--- a/libssh/examples/ssh_X11_client.c
+++ b/libssh/examples/ssh_X11_client.c
@@ -66,10 +66,11 @@
  * If you liked this work and wish to support the developer please donate to:
  * Bitcoin: 1N2rQimKbeUQA8N2LU5vGopYQJmZsBM2d6
  *
-*/
+ */
 
 #include <errno.h>
 #include <fcntl.h>
+#include <inttypes.h>
 #include <poll.h>
 #include <pthread.h>
 #include <stddef.h>
@@ -91,17 +92,17 @@
 
 /*
  * Data Structures and Macros
-*/
+ */
 
 #define _PATH_UNIX_X 	"/tmp/.X11-unix/X%d"
 #define _XAUTH_CMD	"/usr/bin/xauth list %s 2>/dev/null"
 
 typedef struct item {
-	ssh_channel channel;
-	int fd_in;
-	int fd_out;
-	int protected;
-	struct item *next;
+    ssh_channel channel;
+    int fd_in;
+    int fd_out;
+    int protected;
+    struct item *next;
 } node_t;
 
 node_t *node = NULL;
@@ -109,17 +110,18 @@ node_t *node = NULL;
 
 /*
  * Mutex
-*/
+ */
 
 pthread_mutex_t mutex;
 
 
 /*
  * Function declarations
-*/
+ */
 
 /* Linked nodes to manage channel/fd tuples */
-static void insert_item(ssh_channel channel, int fd_in, int fd_out, int protected);
+static int insert_item(ssh_channel channel, int fd_in, int fd_out,
+                       int protected);
 static void delete_item(ssh_channel channel);
 static node_t * search_item(ssh_channel channel);
 
@@ -135,13 +137,18 @@ static int x11_connect_display(void);
 static int copy_fd_to_channel_callback(int fd, int revents, void *userdata);
 
 /* Read data from channel */
-static int copy_channel_to_fd_callback(ssh_session session, ssh_channel channel, void *data, uint32_t len, int is_stderr, void *userdata);
+static int copy_channel_to_fd_callback(ssh_session session, ssh_channel channel,
+                                       void *data, uint32_t len, int is_stderr,
+                                       void *userdata);
 
 /* EOF&Close channel */
-static void channel_close_callback(ssh_session session, ssh_channel channel, void *userdata);
+static void channel_close_callback(ssh_session session, ssh_channel channel,
+                                   void *userdata);
 
 /* X11 Request */
-static ssh_channel x11_open_request_callback(ssh_session session, const char *shost, int sport, void *userdata);
+static ssh_channel x11_open_request_callback(ssh_session session,
+                                             const char *shost, int sport,
+                                             void *userdata);
 
 /* Main loop */
 static int main_loop(ssh_channel channel);
@@ -155,28 +162,28 @@ int enableX11 = 1;
 
 /*
  * Callbacks Data Structures
-*/
+ */
 
 /* SSH Channel Callbacks */
 struct ssh_channel_callbacks_struct channel_cb =
 {
-	.channel_data_function = copy_channel_to_fd_callback,
-	.channel_eof_function = channel_close_callback,
-	.channel_close_function = channel_close_callback,
-	.userdata = NULL
+    .channel_data_function = copy_channel_to_fd_callback,
+    .channel_eof_function = channel_close_callback,
+    .channel_close_function = channel_close_callback,
+    .userdata = NULL
 };
 
 /* SSH Callbacks */
 struct ssh_callbacks_struct cb =
 {
-	.channel_open_request_x11_function = x11_open_request_callback,
-	.userdata = NULL
+    .channel_open_request_x11_function = x11_open_request_callback,
+    .userdata = NULL
 };
 
 
 /*
  * SSH Event Context
-*/
+ */
 
 short events = POLLIN | POLLPRI | POLLERR | POLLHUP | POLLNVAL;
 ssh_event event;
@@ -184,535 +191,586 @@ ssh_event event;
 
 /*
  * Internal data structures
-*/
+ */
 
 struct termios _saved_tio;
 
 
 /*
  * Internal functions
-*/
+ */
 
-int64_t
-_current_timestamp(void) {
-	struct timeval tv;
-	int64_t milliseconds;
+int64_t _current_timestamp(void)
+{
+    struct timeval tv;
+    int64_t milliseconds;
 
-	gettimeofday(&tv, NULL);
-	milliseconds = (int64_t)(tv.tv_sec) * 1000 + (tv.tv_usec / 1000);
+    gettimeofday(&tv, NULL);
+    milliseconds = (int64_t)(tv.tv_sec) * 1000 + (tv.tv_usec / 1000);
 
-	return milliseconds;
+    return milliseconds;
 }
 
-static void
-_logging_callback(int priority, const char *function, const char *buffer, void *userdata)
+static void _logging_callback(int priority, const char *function,
+                              const char *buffer, void *userdata)
 {
-	FILE *fp = NULL;
-	char buf[100];
-	int64_t milliseconds;
+    FILE *fp = NULL;
+    char buf[100];
+    int64_t milliseconds;
 
-	time_t now = time (0);
+    time_t now = time(0);
 
-	(void)userdata;
+    (void)userdata;
 
-	strftime(buf, 100, "%Y-%m-%d %H:%M:%S", localtime (&now));
+    strftime(buf, 100, "%Y-%m-%d %H:%M:%S", localtime(&now));
 
-	fp = fopen("debug.log","a");
-	if(fp == NULL)
-	{
-		printf("Error!");
-		exit(-11);
-	}
+    fp = fopen("debug.log","a");
+    if (fp == NULL) {
+        printf("Error!");
+        exit(-11);
+    }
 
-	milliseconds = _current_timestamp();
+    milliseconds = _current_timestamp();
 
-	fprintf(fp, "[%s.%jd, %d] %s: %s\n", buf, milliseconds, priority, function, buffer);
-	fclose(fp);
+    fprintf(fp, "[%s.%" PRId64 ", %d] %s: %s\n", buf, milliseconds, priority,
+            function, buffer);
+    fclose(fp);
 }
 
-static int
-_enter_term_raw_mode(void)
+static int _enter_term_raw_mode(void)
 {
-	struct termios tio;
-	int ret = tcgetattr(fileno(stdin), &tio);
-	if (ret != -1) {
-		_saved_tio = tio;
-		tio.c_iflag |= IGNPAR;
-		tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
+    struct termios tio;
+    int ret = tcgetattr(fileno(stdin), &tio);
+    if (ret != -1) {
+        _saved_tio = tio;
+        tio.c_iflag |= IGNPAR;
+        tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
 #ifdef IUCLC
-		tio.c_iflag &= ~IUCLC;
+        tio.c_iflag &= ~IUCLC;
 #endif
-		tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
+        tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
 #ifdef IEXTEN
-		tio.c_lflag &= ~IEXTEN;
+        tio.c_lflag &= ~IEXTEN;
 #endif
-		tio.c_oflag &= ~OPOST;
-		tio.c_cc[VMIN] = 1;
-		tio.c_cc[VTIME] = 0;
-		ret = tcsetattr(fileno(stdin), TCSADRAIN, &tio);
-	}
-	return ret;
+        tio.c_oflag &= ~OPOST;
+        tio.c_cc[VMIN] = 1;
+        tio.c_cc[VTIME] = 0;
+        ret = tcsetattr(fileno(stdin), TCSADRAIN, &tio);
+    }
+
+    return ret;
 }
 
-static int
-_leave_term_raw_mode(void)
+static int _leave_term_raw_mode(void)
 {
-	int ret = tcsetattr(fileno(stdin), TCSADRAIN, &_saved_tio);
-	return ret;
+    int ret = tcsetattr(fileno(stdin), TCSADRAIN, &_saved_tio);
+    return ret;
 }
 
 
 /*
  * Functions
-*/
+ */
 
-static void
-insert_item(ssh_channel channel, int fd_in, int fd_out, int protected)
+static int insert_item(ssh_channel channel, int fd_in, int fd_out,
+                       int protected)
 {
-	node_t *node_iterator = NULL, *new = NULL;
-
-	pthread_mutex_lock(&mutex);
-
-	if (node == NULL) {
-		/* Calloc ensure that node is full of 0 */
-		node = (node_t *) calloc(1, sizeof(node_t));
-		node->channel = channel;
-		node->fd_in = fd_in;
-		node->fd_out = fd_out;
-		node->protected = protected;
-		node->next = NULL;
-	} else {
-		node_iterator = node;
-		while (node_iterator->next != NULL)
-			node_iterator = node_iterator->next;
-		/* Create the new node */
-		new = (node_t *) malloc(sizeof(node_t));
-		new->channel = channel;
-		new->fd_in = fd_in;
-		new->fd_out = fd_out;
-		new->protected = protected;
-		new->next = NULL;
-		node_iterator->next = new;
-
-	}
-
-	pthread_mutex_unlock(&mutex);
+    node_t *node_iterator = NULL, *new = NULL;
+
+    pthread_mutex_lock(&mutex);
+
+    if (node == NULL) {
+        /* Calloc ensure that node is full of 0 */
+        node = (node_t *) calloc(1, sizeof(node_t));
+        if (node == NULL) {
+            pthread_mutex_unlock(&mutex);
+            return -1;
+        }
+        node->channel = channel;
+        node->fd_in = fd_in;
+        node->fd_out = fd_out;
+        node->protected = protected;
+        node->next = NULL;
+    } else {
+        node_iterator = node;
+        while (node_iterator->next != NULL) {
+            node_iterator = node_iterator->next;
+        }
+        /* Create the new node */
+        new = (node_t *) malloc(sizeof(node_t));
+        if (new == NULL) {
+            pthread_mutex_unlock(&mutex);
+            return -1;
+        }
+        new->channel = channel;
+        new->fd_in = fd_in;
+        new->fd_out = fd_out;
+        new->protected = protected;
+        new->next = NULL;
+        node_iterator->next = new;
+
+    }
+
+    pthread_mutex_unlock(&mutex);
+    return 0;
 }
 
 
-static void
-delete_item(ssh_channel channel)
+static void delete_item(ssh_channel channel)
 {
-	node_t *current = NULL, *previous = NULL;
+    node_t *current = NULL, *previous = NULL;
 
-	pthread_mutex_lock(&mutex);
+    pthread_mutex_lock(&mutex);
 
-	for (current = node; current; previous = current, current = current->next) {
-		if (current->channel != channel)
-			continue;
+    for (current = node; current; previous = current, current = current->next) {
+        if (current->channel != channel) {
+            continue;
+        }
 
-		if (previous == NULL)
-			node = current->next;
-		else
-			previous->next = current->next;
+        if (previous == NULL) {
+            node = current->next;
+        } else {
+            previous->next = current->next;
+        }
 
-		free(current);
-		pthread_mutex_unlock(&mutex);
-		return;
-	}
+        free(current);
+        pthread_mutex_unlock(&mutex);
+        return;
+    }
 
-	pthread_mutex_unlock(&mutex);
+    pthread_mutex_unlock(&mutex);
 }
 
 
-static node_t *
-search_item(ssh_channel channel)
+static node_t *search_item(ssh_channel channel)
 {
-	node_t *current = node;
+    node_t *current = NULL;
 
-	pthread_mutex_lock(&mutex);
+    pthread_mutex_lock(&mutex);
 
-	while (current != NULL) {
-		if (current->channel == channel) {
-			pthread_mutex_unlock(&mutex);
-			return current;
-		} else {
-			current = current->next;
-		}
-	}
+    current = node;
+    while (current != NULL) {
+        if (current->channel == channel) {
+            pthread_mutex_unlock(&mutex);
+            return current;
+        } else {
+            current = current->next;
+        }
+    }
 
-	pthread_mutex_unlock(&mutex);
+    pthread_mutex_unlock(&mutex);
 
-	return NULL;
+    return NULL;
 }
 
 
 
-static void
-set_nodelay(int fd)
+static void set_nodelay(int fd)
 {
-	int opt;
-	socklen_t optlen;
-
-	optlen = sizeof(opt);
-	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "getsockopt TCP_NODELAY: %.100s", strerror(errno));
-		return;
-	}
-	if (opt == 1) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd %d is TCP_NODELAY", fd);
-		return;
-	}
-	opt = 1;
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd %d setting TCP_NODELAY", fd);
-	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt)) == -1)
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "setsockopt TCP_NODELAY: %.100s", strerror(errno));
+    int opt, rc;
+    socklen_t optlen;
+
+    optlen = sizeof(opt);
+
+    rc = getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen);
+    if (rc == -1) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "getsockopt TCP_NODELAY: %.100s",
+                 strerror(errno));
+        return;
+    }
+    if (opt == 1) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd %d is TCP_NODELAY", fd);
+        return;
+    }
+    opt = 1;
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd %d setting TCP_NODELAY", fd);
+
+    rc = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
+    if (rc == -1) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "setsockopt TCP_NODELAY: %.100s",
+                 strerror(errno));
+    }
 }
 
 
-const char *
-ssh_gai_strerror(int gaierr)
+const char *ssh_gai_strerror(int gaierr)
 {
-	if (gaierr == EAI_SYSTEM && errno != 0)
-		return strerror(errno);
-	return gai_strerror(gaierr);
+    if (gaierr == EAI_SYSTEM && errno != 0) {
+        return strerror(errno);
+    }
+    return gai_strerror(gaierr);
 }
 
 
 
-static int
-x11_get_proto(const char *display, char **_proto, char **_cookie)
+static int x11_get_proto(const char *display, char **_proto, char **_cookie)
 {
-	char cmd[1024], line[512], xdisplay[512];
-	static char proto[512], cookie[512];
-	FILE *f = NULL;
-	int ret = 0;
-
-	*_proto = proto;
-	*_cookie = cookie;
-
-	proto[0] = cookie[0] = '\0';
-
-	if (strncmp(display, "localhost:", 10) == 0) {
-		if ((ret = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", display + 10)) < 0 || (size_t)ret >= sizeof(xdisplay)) {
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "display name too long. display: %s", display);
-			return -1;
-		}
-		display = xdisplay;
-	}
-
-	snprintf(cmd, sizeof(cmd), _XAUTH_CMD, display);
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "xauth cmd: %s", cmd);
-
-	f = popen(cmd, "r");
-	if (f && fgets(line, sizeof(line), f) && sscanf(line, "%*s %511s %511s", proto, cookie) == 2) {
-		ret = 0;
-	} else {
-		ret = 1;
-	}
-
-	if (f) pclose(f);
-
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "proto: %s - cookie: %s - ret: %d", proto, cookie, ret);
-
-	return ret;
+    char cmd[1024], line[512], xdisplay[512];
+    static char proto[512], cookie[512];
+    FILE *f = NULL;
+    int ret = 0;
+
+    *_proto = proto;
+    *_cookie = cookie;
+
+    proto[0] = cookie[0] = '\0';
+
+    if (strncmp(display, "localhost:", 10) == 0) {
+        ret = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", display + 10);
+        if (ret < 0 || (size_t)ret >= sizeof(xdisplay)) {
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                     "display name too long. display: %s", display);
+            return -1;
+        }
+        display = xdisplay;
+    }
+
+    snprintf(cmd, sizeof(cmd), _XAUTH_CMD, display);
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "xauth cmd: %s", cmd);
+
+    f = popen(cmd, "r");
+    if (f && fgets(line, sizeof(line), f) &&
+        sscanf(line, "%*s %511s %511s", proto, cookie) == 2) {
+        ret = 0;
+    } else {
+        ret = 1;
+    }
+
+    if (f) {
+        pclose(f);
+    }
+
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "proto: %s - cookie: %s - ret: %d",
+             proto, cookie, ret);
+
+    return ret;
 }
 
-static int
-connect_local_xsocket_path(const char *pathname)
+static int connect_local_xsocket_path(const char *pathname)
 {
-	int sock;
-	struct sockaddr_un addr;
-
-	sock = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (sock == -1) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %.100s", strerror(errno));
-		return -1;
-	}
-
-	memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	addr.sun_path[0] = '\0';
-	/* pathname is guaranteed to be initialized and larger than addr.sun_path[108] */
-	memcpy(addr.sun_path + 1, pathname, sizeof(addr.sun_path) - 1);
-	if (connect(sock, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(pathname)) == 0)
-		return sock;
-	close(sock);
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s: %.100s", addr.sun_path, strerror(errno));
-	return -1;
+    int sock, rc;
+    struct sockaddr_un addr;
+
+    sock = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (sock == -1) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %.100s",
+                 strerror(errno));
+        return -1;
+    }
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    addr.sun_path[0] = '\0';
+    /* pathname is guaranteed to be initialized and larger than addr.sun_path[108] */
+    memcpy(addr.sun_path + 1, pathname, sizeof(addr.sun_path) - 1);
+    rc = connect(sock, (struct sockaddr *)&addr,
+                 offsetof(struct sockaddr_un, sun_path) + 1 + strlen(pathname));
+    if (rc == 0) {
+        return sock;
+    }
+    close(sock);
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s: %.100s",
+             addr.sun_path, strerror(errno));
+
+    return -1;
 }
 
 
-static int
-connect_local_xsocket(int display_number)
+static int connect_local_xsocket(int display_number)
 {
-	char buf[1024] = {0};
-	snprintf(buf, sizeof(buf), _PATH_UNIX_X, display_number);
-	return connect_local_xsocket_path(buf);
+    char buf[1024] = {0};
+    snprintf(buf, sizeof(buf), _PATH_UNIX_X, display_number);
+    return connect_local_xsocket_path(buf);
 }
 
 
-static int
-x11_connect_display()
+static int x11_connect_display(void)
 {
-	int display_number;
-	const char *display = NULL;
-	char buf[1024], *cp = NULL;
-	struct addrinfo hints, *ai = NULL, *aitop = NULL;
-	char strport[NI_MAXSERV];
-	int gaierr = 0, sock = 0;
-
-	/* Try to open a socket for the local X server. */
-	display = getenv("DISPLAY");
-
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "display: %s", display);
-
-	if (!display) {
-		return -1;
-	}
-
-	/* Check if it is a unix domain socket. */
-	if (strncmp(display, "unix:", 5) == 0 || display[0] == ':') {
-		/* Connect to the unix domain socket. */
-		if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "Could not parse display number from DISPLAY: %.100s", display);
-			return -1;
-		}
-
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "display_number: %d", display_number);
-
-		/* Create a socket. */
-		sock = connect_local_xsocket(display_number);
-
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %d", sock);
-
-		if (sock < 0)
-			return -1;
-
-		/* OK, we now have a connection to the display. */
-		return sock;
-	}
-
-	/* Connect to an inet socket. */
-	strncpy(buf, display, sizeof(buf) - 1);
-	cp = strchr(buf, ':');
-	if (!cp) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "Could not find ':' in DISPLAY: %.100s", display);
-		return -1;
-	}
-	*cp = 0;
-	if (sscanf(cp + 1, "%d", &display_number) != 1) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "Could not parse display number from DISPLAY: %.100s", display);
-		return -1;
-	}
-
-	/* Look up the host address */
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = AF_INET;
-	hints.ai_socktype = SOCK_STREAM;
-	snprintf(strport, sizeof(strport), "%u", 6000 + display_number);
-	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "%.100s: unknown host. (%s)", buf, ssh_gai_strerror(gaierr));
-		return -1;
-	}
-	for (ai = aitop; ai; ai = ai->ai_next) {
-		/* Create a socket. */
-		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (sock == -1) {
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %.100s", strerror(errno));
-			continue;
-		}
-		/* Connect it to the display. */
-		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno));
-			close(sock);
-			continue;
-		}
-		/* Success */
-		break;
-	}
-	freeaddrinfo(aitop);
-	if (!ai) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s port %u: %.100s", buf, 6000 + display_number, strerror(errno));
-		return -1;
-	}
-	set_nodelay(sock);
-	return sock;
+    int display_number;
+    const char *display = NULL;
+    char buf[1024], *cp = NULL;
+    struct addrinfo hints, *ai = NULL, *aitop = NULL;
+    char strport[NI_MAXSERV];
+    int gaierr = 0, sock = 0;
+
+    /* Try to open a socket for the local X server. */
+    display = getenv("DISPLAY");
+
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "display: %s", display);
+
+    if (display == 0) {
+        return -1;
+    }
+
+    /* Check if it is a unix domain socket. */
+    if (strncmp(display, "unix:", 5) == 0 || display[0] == ':') {
+        /* Connect to the unix domain socket. */
+        if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                     "Could not parse display number from DISPLAY: %.100s",
+                     display);
+            return -1;
+        }
+
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "display_number: %d",
+                 display_number);
+
+        /* Create a socket. */
+        sock = connect_local_xsocket(display_number);
+
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %d", sock);
+
+        if (sock < 0) {
+            return -1;
+        }
+
+        /* OK, we now have a connection to the display. */
+        return sock;
+    }
+
+    /* Connect to an inet socket. */
+    strncpy(buf, display, sizeof(buf) - 1);
+    cp = strchr(buf, ':');
+    if (cp == 0) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                 "Could not find ':' in DISPLAY: %.100s", display);
+        return -1;
+    }
+    *cp = 0;
+    if (sscanf(cp + 1, "%d", &display_number) != 1) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                 "Could not parse display number from DISPLAY: %.100s",
+                 display);
+        return -1;
+    }
+
+    /* Look up the host address */
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    snprintf(strport, sizeof(strport), "%u", 6000 + display_number);
+    gaierr = getaddrinfo(buf, strport, &hints, &aitop);
+    if (gaierr != 0) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "%.100s: unknown host. (%s)",
+                 buf, ssh_gai_strerror(gaierr));
+        return -1;
+    }
+    for (ai = aitop; ai; ai = ai->ai_next) {
+        /* Create a socket. */
+        sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+        if (sock == -1) {
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %.100s",
+                     strerror(errno));
+            continue;
+        }
+        /* Connect it to the display. */
+        if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                     "connect %.100s port %u: %.100s", buf,
+                     6000 + display_number, strerror(errno));
+            close(sock);
+            continue;
+        }
+        /* Success */
+        break;
+    }
+    freeaddrinfo(aitop);
+    if (ai == 0) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s port %u: %.100s",
+                 buf, 6000 + display_number, strerror(errno));
+        return -1;
+    }
+    set_nodelay(sock);
+
+    return sock;
 }
 
 
 
-static int
-copy_fd_to_channel_callback(int fd, int revents, void *userdata)
+static int copy_fd_to_channel_callback(int fd, int revents, void *userdata)
 {
-	ssh_channel channel = (ssh_channel)userdata;
-	char buf[2097152];
-	int sz = 0, ret = 0;
-
-	node_t *temp_node = search_item(channel);
-
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "event: %d - fd: %d", revents, fd);
-
-	if (!channel) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "channel does not exist.");
-		if (temp_node->protected == 0) {
-			close(fd);
-		}
-		return -1;
-	}
-
-	if (fcntl(fd, F_GETFD) == -1) {
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "fcntl error. fd: %d", fd);
-		ssh_channel_close(channel);
-		return -1;
-	}
-
-	if ((revents & POLLIN) || (revents & POLLPRI)) {
-		sz = read(fd, buf, sizeof(buf));
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "sz: %d", sz);
-		if (sz > 0) {
-			ret = ssh_channel_write(channel, buf, sz);
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "channel_write ret: %d", ret);
-		} else if (sz < 0) {
-			ssh_channel_close(channel);
-			return -1;
-		} else {
-			/* sz = 0. Why the hell I'm here? */
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "Why the hell am I here?: sz: %d", sz);
-			if (temp_node->protected == 0) {
-				close(fd);
-			}
-			return -1;
-		}
-	}
-
-	if ((revents & POLLHUP) || (revents & POLLNVAL) || (revents & POLLERR)) {
-		ssh_channel_close(channel);
-		return -1;
-	}
-
-	return sz;
+    ssh_channel channel = (ssh_channel)userdata;
+    char buf[2097152];
+    int sz = 0, ret = 0;
+
+    node_t *temp_node = search_item(channel);
+
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "event: %d - fd: %d", revents, fd);
+
+    if (channel == NULL) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "channel does not exist.");
+        if (temp_node->protected == 0) {
+            close(fd);
+        }
+        return -1;
+    }
+
+    if (fcntl(fd, F_GETFD) == -1) {
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fcntl error. fd: %d", fd);
+        ssh_channel_close(channel);
+        return -1;
+    }
+
+    if ((revents & POLLIN) || (revents & POLLPRI)) {
+        sz = read(fd, buf, sizeof(buf));
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "sz: %d", sz);
+        if (sz > 0) {
+            ret = ssh_channel_write(channel, buf, sz);
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__, "channel_write ret: %d", ret);
+        } else if (sz < 0) {
+            ssh_channel_close(channel);
+            return -1;
+        } else {
+            /* sz = 0. Why the hell I'm here? */
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                     "Why the hell am I here?: sz: %d", sz);
+            if (temp_node->protected == 0) {
+                close(fd);
+            }
+            return -1;
+        }
+    }
+
+    if ((revents & POLLHUP) || (revents & POLLNVAL) || (revents & POLLERR)) {
+        ssh_channel_close(channel);
+        return -1;
+    }
+
+    return sz;
 }
 
 
-static int
-copy_channel_to_fd_callback(ssh_session session, ssh_channel channel, void *data, uint32_t len, int is_stderr, void *userdata)
+static int copy_channel_to_fd_callback(ssh_session session, ssh_channel channel,
+                                       void *data, uint32_t len, int is_stderr,
+                                       void *userdata)
 {
-	node_t *temp_node = NULL;
-	int fd, sz;
+    node_t *temp_node = NULL;
+    int fd, sz;
 
-	(void)session;
-	(void)is_stderr;
-	(void)userdata;
+    (void)session;
+    (void)is_stderr;
+    (void)userdata;
 
-	temp_node = search_item(channel);
+    temp_node = search_item(channel);
 
-	fd = temp_node->fd_out;
+    fd = temp_node->fd_out;
 
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "len: %d - fd: %d - is_stderr: %d", len, fd, is_stderr);
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "len: %d - fd: %d - is_stderr: %d",
+             len, fd, is_stderr);
 
-	sz = write(fd, data, len);
+    sz = write(fd, data, len);
 
-	return sz;
+    return sz;
 }
 
 
-static void
-channel_close_callback(ssh_session session, ssh_channel channel, void *userdata)
+static void channel_close_callback(ssh_session session, ssh_channel channel,
+                                   void *userdata)
 {
-	node_t *temp_node = NULL;
+    node_t *temp_node = NULL;
 
-	(void)session;
-	(void)userdata;
+    (void)session;
+    (void)userdata;
 
-	temp_node = search_item(channel);
+    temp_node = search_item(channel);
 
-	if (temp_node != NULL) {
-		int fd = temp_node->fd_in;
+    if (temp_node != NULL) {
+        int fd = temp_node->fd_in;
 
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd: %d", fd);
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd: %d", fd);
 
-		delete_item(channel);
-		ssh_event_remove_fd(event, fd);
+        delete_item(channel);
+        ssh_event_remove_fd(event, fd);
 
-		if (temp_node->protected == 0) {
-			close(fd);
-		}
-	}
+        if (temp_node->protected == 0) {
+            close(fd);
+        }
+    }
 }
 
 
-static ssh_channel
-x11_open_request_callback(ssh_session session, const char *shost, int sport, void *userdata)
+static ssh_channel x11_open_request_callback(ssh_session session,
+                                             const char *shost, int sport,
+                                             void *userdata)
 {
-	ssh_channel channel = NULL;
-	int sock;
+    ssh_channel channel = NULL;
+    int sock, rv;
 
-	(void)shost;
-	(void)sport;
-	(void)userdata;
+    (void)shost;
+    (void)sport;
+    (void)userdata;
 
-	channel	= ssh_channel_new(session);
+    channel	= ssh_channel_new(session);
 
-	sock = x11_connect_display();
+    sock = x11_connect_display();
 
-	_ssh_log(SSH_LOG_FUNCTIONS, __func__, "sock: %d", sock);
+    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "sock: %d", sock);
 
-	insert_item(channel, sock, sock, 0);
+    rv = insert_item(channel, sock, sock, 0);
+    if (rv != 0) {
+        ssh_channel_free(channel);
+        return NULL;
+    }
 
-	ssh_event_add_fd(event, sock, events, copy_fd_to_channel_callback, channel);
-	ssh_event_add_session(event, session);
+    ssh_event_add_fd(event, sock, events, copy_fd_to_channel_callback, channel);
+    ssh_event_add_session(event, session);
 
-	ssh_add_channel_callbacks(channel, &channel_cb);
+    ssh_add_channel_callbacks(channel, &channel_cb);
 
-	return channel;
+    return channel;
 }
 
 
 
 /*
  * MAIN LOOP
-*/
+ */
 
-static int
-main_loop(ssh_channel channel)
+static int main_loop(ssh_channel channel)
 {
-	ssh_session session = ssh_channel_get_session(channel);
-
-	insert_item(channel, fileno(stdin), fileno(stdout), 1);
-
-	ssh_callbacks_init(&channel_cb);
-	ssh_set_channel_callbacks(channel, &channel_cb);
-
-	event = ssh_event_new();
-	if (event == NULL) {
-		printf("Couldn't get a event\n");
-		return -1;
-	}
-
-	if (ssh_event_add_fd(event, fileno(stdin), events, copy_fd_to_channel_callback, channel) != SSH_OK) {
-		printf("Couldn't add an fd to the event\n");
-		return -1;
-	}
-
-	if(ssh_event_add_session(event, session) != SSH_OK) {
-		printf("Couldn't add the session to the event\n");
-		return -1;
-	}
-
-	do {
-		if (ssh_event_dopoll(event, 1000) == SSH_ERROR) {
-			printf("Error : %s\n", ssh_get_error(session));
-			/* fall through */
-		}
-	} while (!ssh_channel_is_closed(channel));
-
-	delete_item(channel);
-	ssh_event_remove_fd(event, fileno(stdin));
-	ssh_event_remove_session(event, session);
-	ssh_event_free(event);
-
-	return 0;
+    ssh_session session = ssh_channel_get_session(channel);
+    int rv;
+
+    rv = insert_item(channel, fileno(stdin), fileno(stdout), 1);
+    if (rv != 0) {
+        return -1;
+    }
+
+    ssh_callbacks_init(&channel_cb);
+    ssh_set_channel_callbacks(channel, &channel_cb);
+
+    event = ssh_event_new();
+    if (event == NULL) {
+        printf("Couldn't get a event\n");
+        return -1;
+    }
+
+    rv = ssh_event_add_fd(event, fileno(stdin), events,
+                          copy_fd_to_channel_callback, channel);
+    if (rv != SSH_OK) {
+        printf("Couldn't add an fd to the event\n");
+        return -1;
+    }
+
+    rv = ssh_event_add_session(event, session);
+    if (rv != SSH_OK) {
+        printf("Couldn't add the session to the event\n");
+        return -1;
+    }
+
+    do {
+        if (ssh_event_dopoll(event, 1000) == SSH_ERROR) {
+            printf("Error : %s\n", ssh_get_error(session));
+            /* fall through */
+        }
+    } while (!ssh_channel_is_closed(channel));
+
+    delete_item(channel);
+    ssh_event_remove_fd(event, fileno(stdin));
+    ssh_event_remove_session(event, session);
+    ssh_event_free(event);
+
+    return 0;
 }
 
 
@@ -720,147 +778,174 @@ main_loop(ssh_channel channel)
  * USAGE
  */
 
-static void
-usage(void)
+static void usage(void)
 {
-	fprintf(stderr,
-		"Usage : ssh-X11-client [options] [login@]hostname\n"
-		"sample X11 client - libssh-%s\n"
-		"Options :\n"
-		"  -l user : Specifies the user to log in as on the remote machine.\n"
-		"  -p port : Port to connect to on the remote host.\n"
-		"  -v      : Verbose mode. Multiple -v options increase the verbosity. The maximum is 5.\n"
-		"  -C      : Requests compression of all data.\n"
-		"  -x      : Disables X11 forwarding.\n"
-		"\n",
-		ssh_version(0));
-
-	exit(0);
+    fprintf(stderr,
+            "Usage : ssh-X11-client [options] [login@]hostname\n"
+            "sample X11 client - libssh-%s\n"
+            "Options :\n"
+            "  -l user : Specifies the user to log in as on the remote "
+            "machine.\n"
+            "  -p port : Port to connect to on the remote host.\n"
+            "  -v      : Verbose mode. Multiple -v options increase the "
+            "verbosity. The maximum is 5.\n"
+            "  -C      : Requests compression of all data.\n"
+            "  -x      : Disables X11 forwarding.\n"
+            "\n",
+            ssh_version(0));
+
+    exit(0);
 }
 
 static int opts(int argc, char **argv)
 {
-	int i;
-
-	while ((i = getopt(argc,argv,"x")) != -1) {
-		switch(i) {
-		case 'x':
-			enableX11 = 0;
-			break;
-		default:
-			fprintf(stderr, "Unknown option %c\n", optopt);
-			return -1;
-		}
-	}
-
-	if (optind < argc) {
-		hostname = argv[optind++];
-	}
-
-	if (hostname == NULL) {
-		return -1;
-	}
-
-	return 0;
+    int i;
+
+    while ((i = getopt(argc,argv,"x")) != -1) {
+        switch (i) {
+        case 'x':
+            enableX11 = 0;
+            break;
+        default:
+            fprintf(stderr, "Unknown option %c\n", optopt);
+            return -1;
+        }
+    }
+
+    if (optind < argc) {
+        hostname = argv[optind++];
+    }
+
+    if (hostname == NULL) {
+        return -1;
+    }
+
+    return 0;
 }
 
 /*
  * MAIN
-*/
+ */
 
-int
-main(int argc, char **argv)
+int main(int argc, char **argv)
 {
-	char *password = NULL;
-
-	ssh_session session = NULL;
-	ssh_channel channel = NULL;
-
-	int ret;
-
-	const char *display = NULL;
-	char *proto = NULL, *cookie = NULL;
-
-	ssh_set_log_callback(_logging_callback);
-	ret = ssh_init();
-	if (ret != SSH_OK) return ret;
-
-	session = ssh_new();
-	if (session == NULL) exit(-1);
-
-	if (ssh_options_getopt(session, &argc, argv) || opts(argc, argv)) {
-		fprintf(stderr, "Error parsing command line: %s\n", ssh_get_error(session));
-		ssh_free(session);
-		ssh_finalize();
-		usage();
-	}
-
-	if (ssh_options_set(session, SSH_OPTIONS_HOST, hostname) < 0) {
-		return -1;
-	}
-
-	ret = ssh_connect(session);
-	if (ret != SSH_OK) {
-		fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
-		exit(-1);
-	}
-
-	password = getpass("Password: ");
-	ret = ssh_userauth_password(session, NULL, password);
-	if (ret != SSH_AUTH_SUCCESS) {
-		fprintf(stderr, "Error authenticating with password: %s\n", ssh_get_error(session));
-		exit(-1);
-	}
-
-	channel = ssh_channel_new(session);
-	if (channel == NULL) return SSH_ERROR;
-
-	ret = ssh_channel_open_session(channel);
-	if (ret != SSH_OK) return ret;
-
-	ret = ssh_channel_request_pty(channel);
-	if (ret != SSH_OK) return ret;
-
-	ret = ssh_channel_change_pty_size(channel, 80, 24);
-	if (ret != SSH_OK) return ret;
-
-	if (enableX11 == 1) {
-		display = getenv("DISPLAY");
-
-		_ssh_log(SSH_LOG_FUNCTIONS, __func__, "display: %s", display);
-
-		if (display) {
-			ssh_callbacks_init(&cb);
-			ret = ssh_set_callbacks(session, &cb);
-			if (ret != SSH_OK) return ret;
-
-			if (x11_get_proto(display, &proto, &cookie) != 0) {
-				_ssh_log(SSH_LOG_FUNCTIONS, __func__, "Using fake authentication data for X11 forwarding");
-				proto = NULL;
-				cookie = NULL;
-			}
-
-			_ssh_log(SSH_LOG_FUNCTIONS, __func__, "proto: %s - cookie: %s", proto, cookie);
-			/* See https://gitlab.com/libssh/libssh-mirror/-/blob/master/src/channels.c#L2062 for details. */
-			ret = ssh_channel_request_x11(channel, 0, proto, cookie, 0);
-			if (ret != SSH_OK) return ret;
-		}
-	}
-
-	ret = _enter_term_raw_mode();
-	if (ret != 0) exit(-1);
-
-	ret = ssh_channel_request_shell(channel);
-	if (ret != SSH_OK) return ret;
-
-	ret = main_loop(channel);
-	if (ret != SSH_OK) return ret;
-
-	_leave_term_raw_mode();
-
-	ssh_channel_close(channel);
-	ssh_channel_free(channel);
-	ssh_disconnect(session);
-	ssh_free(session);
-	ssh_finalize();
+    char *password = NULL;
+
+    ssh_session session = NULL;
+    ssh_channel channel = NULL;
+
+    int ret;
+
+    const char *display = NULL;
+    char *proto = NULL, *cookie = NULL;
+
+    ssh_set_log_callback(_logging_callback);
+    ret = ssh_init();
+    if (ret != SSH_OK) {
+        return ret;
+    }
+
+    session = ssh_new();
+    if (session == NULL) {
+        exit(-1);
+    }
+
+    if (ssh_options_getopt(session, &argc, argv) || opts(argc, argv)) {
+        fprintf(stderr, "Error parsing command line: %s\n",
+                ssh_get_error(session));
+        ssh_free(session);
+        ssh_finalize();
+        usage();
+    }
+
+    if (ssh_options_set(session, SSH_OPTIONS_HOST, hostname) < 0) {
+        return -1;
+    }
+
+    ret = ssh_connect(session);
+    if (ret != SSH_OK) {
+        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
+        exit(-1);
+    }
+
+    password = getpass("Password: ");
+    ret = ssh_userauth_password(session, NULL, password);
+    if (ret != SSH_AUTH_SUCCESS) {
+        fprintf(stderr, "Error authenticating with password: %s\n",
+                ssh_get_error(session));
+        exit(-1);
+    }
+
+    channel = ssh_channel_new(session);
+    if (channel == NULL) {
+        return SSH_ERROR;
+    }
+
+    ret = ssh_channel_open_session(channel);
+    if (ret != SSH_OK) {
+        return ret;
+    }
+
+    ret = ssh_channel_request_pty(channel);
+    if (ret != SSH_OK) {
+        return ret;
+    }
+
+    ret = ssh_channel_change_pty_size(channel, 80, 24);
+    if (ret != SSH_OK) {
+        return ret;
+    }
+
+    if (enableX11 == 1) {
+        display = getenv("DISPLAY");
+
+        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "display: %s", display);
+
+        if (display) {
+            ssh_callbacks_init(&cb);
+            ret = ssh_set_callbacks(session, &cb);
+            if (ret != SSH_OK) {
+                return ret;
+            }
+
+            ret = x11_get_proto(display, &proto, &cookie);
+            if (ret != 0) {
+                _ssh_log(SSH_LOG_FUNCTIONS, __func__,
+                         "Using fake authentication data for X11 forwarding");
+                proto = NULL;
+                cookie = NULL;
+            }
+
+            _ssh_log(SSH_LOG_FUNCTIONS, __func__, "proto: %s - cookie: %s",
+                     proto, cookie);
+            /* See https://gitlab.com/libssh/libssh-mirror/-/blob/master/src/channels.c#L2062 for details. */
+            ret = ssh_channel_request_x11(channel, 0, proto, cookie, 0);
+            if (ret != SSH_OK) {
+                return ret;
+            }
+        }
+    }
+
+    ret = _enter_term_raw_mode();
+    if (ret != 0) {
+        exit(-1);
+    }
+
+    ret = ssh_channel_request_shell(channel);
+    if (ret != SSH_OK) {
+        return ret;
+    }
+
+    ret = main_loop(channel);
+    if (ret != SSH_OK) {
+        return ret;
+    }
+
+    _leave_term_raw_mode();
+
+    ssh_channel_close(channel);
+    ssh_channel_free(channel);
+    ssh_disconnect(session);
+    ssh_free(session);
+    ssh_finalize();
 }
diff --git a/libssh/examples/ssh_client.c b/libssh/examples/ssh_client.c
index aaf0cb5b..3d7d692b 100644
--- a/libssh/examples/ssh_client.c
+++ b/libssh/examples/ssh_client.c
@@ -53,7 +53,7 @@ static struct termios terminal;
 
 static char *pcap_file = NULL;
 
-static char *proxycommand;
+static char *proxycommand = NULL;
 
 static int auth_callback(const char *prompt,
                          char *buf,
@@ -94,7 +94,6 @@ static void usage(void)
             "Options :\n"
             "  -l user : log in as user\n"
             "  -p port : connect to port\n"
-            "  -d : use DSS to verify host public key\n"
             "  -r : use RSA to verify host public key\n"
             "  -F file : parse configuration file instead of default one\n"
 #ifdef WITH_PCAP
@@ -252,7 +251,7 @@ static void select_loop(ssh_session session,ssh_channel channel)
 
 static void shell(ssh_session session)
 {
-    ssh_channel channel;
+    ssh_channel channel = NULL;
     struct termios terminal_local;
     int interactive=isatty(0);
 
@@ -298,25 +297,41 @@ static void shell(ssh_session session)
 static void batch_shell(ssh_session session)
 {
     ssh_channel channel;
-    char buffer[PATH_MAX];
-    size_t i;
-    int s = 0;
+    char *buffer = NULL;
+    size_t i, s, n;
+
+    channel = ssh_channel_new(session);
+    if (channel == NULL) {
+        return;
+    }
 
+    n = 0;
     for (i = 0; i < MAXCMD && cmds[i]; ++i) {
-        s += snprintf(buffer + s, sizeof(buffer) - s, "%s ", cmds[i]);
+        /* Including space after cmds[i] */
+        n += strlen(cmds[i]) + 1;
     }
+    /* Trailing \0 */
+    n += 1;
 
-    channel = ssh_channel_new(session);
-    if (channel == NULL) {
+    buffer = malloc(n);
+    if (buffer == NULL) {
+        ssh_channel_free(channel);
         return;
     }
 
+    s = 0;
+    for (i = 0; i < MAXCMD && cmds[i]; ++i) {
+        s += snprintf(buffer + s, n - s, "%s ", cmds[i]);
+    }
+
     ssh_channel_open_session(channel);
     if (ssh_channel_request_exec(channel, buffer)) {
         printf("Error executing '%s' : %s\n", buffer, ssh_get_error(session));
+        free(buffer);
         ssh_channel_free(channel);
         return;
     }
+    free(buffer);
     select_loop(session, channel);
     ssh_channel_free(channel);
 }
@@ -324,7 +339,7 @@ static void batch_shell(ssh_session session)
 static int client(ssh_session session)
 {
     int auth = 0;
-    char *banner;
+    char *banner = NULL;
     int state;
 
     if (user) {
@@ -408,7 +423,7 @@ static void cleanup_pcap(void)
 
 int main(int argc, char **argv)
 {
-    ssh_session session;
+    ssh_session session = NULL;
 
     ssh_init();
     session = ssh_new();
diff --git a/libssh/examples/ssh_server.c b/libssh/examples/ssh_server.c
index 85eb1689..fa2e1960 100644
--- a/libssh/examples/ssh_server.c
+++ b/libssh/examples/ssh_server.c
@@ -45,36 +45,10 @@ The goal is to show the API in action.
 #define BUF_SIZE 1048576
 #endif
 
-#ifndef KEYS_FOLDER
-#ifdef _WIN32
-#define KEYS_FOLDER
-#else
-#define KEYS_FOLDER "/etc/ssh/"
-#endif
-#endif
-
 #define SESSION_END (SSH_CLOSED | SSH_CLOSED_ERROR)
 #define SFTP_SERVER_PATH "/usr/lib/sftp-server"
+#define AUTH_KEYS_MAX_LINE_SIZE 2048
 
-static void set_default_keys(ssh_bind sshbind,
-                             int rsa_already_set,
-                             int dsa_already_set,
-                             int ecdsa_already_set) {
-    if (!rsa_already_set) {
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
-                             KEYS_FOLDER "ssh_host_rsa_key");
-    }
-    if (!dsa_already_set) {
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY,
-                             KEYS_FOLDER "ssh_host_dsa_key");
-    }
-    if (!ecdsa_already_set) {
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY,
-                             KEYS_FOLDER "ssh_host_ecdsa_key");
-    }
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
-                         KEYS_FOLDER "ssh_host_ed25519_key");
-}
 #define DEF_STR_SIZE 1024
 char authorizedkeys[DEF_STR_SIZE] = {0};
 char username[128] = "myuser";
@@ -109,20 +83,12 @@ static struct argp_option options[] = {
                  "Implies no default keys.",
         .group = 0
     },
-    {
-        .name  = "dsakey",
-        .key   = 'd',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the dsa key.",
-        .group = 0
-    },
     {
         .name  = "rsakey",
         .key   = 'r',
         .arg   = "FILE",
         .flags = 0,
-        .doc   = "Set the rsa key.",
+        .doc   = "Set the rsa key (deprecated alias for 'k').",
         .group = 0
     },
     {
@@ -130,7 +96,7 @@ static struct argp_option options[] = {
         .key   = 'e',
         .arg   = "FILE",
         .flags = 0,
-        .doc   = "Set the ecdsa key.",
+        .doc   = "Set the ecdsa key (deprecated alias for 'k').",
         .group = 0
     },
     {
@@ -157,14 +123,6 @@ static struct argp_option options[] = {
         .doc   = "Set expected password.",
         .group = 0
     },
-    {
-        .name  = "no-default-keys",
-        .key   = 'n',
-        .arg   = NULL,
-        .flags = 0,
-        .doc   = "Do not set default key locations.",
-        .group = 0
-    },
     {
         .name  = "verbose",
         .key   = 'v',
@@ -177,75 +135,53 @@ static struct argp_option options[] = {
 };
 
 /* Parse a single option. */
-static error_t parse_opt (int key, char *arg, struct argp_state *state) {
+static error_t
+parse_opt(int key, char *arg, struct argp_state *state)
+{
     /* Get the input argument from argp_parse, which we
      * know is a pointer to our arguments structure. */
     ssh_bind sshbind = state->input;
-    static int no_default_keys = 0;
-    static int rsa_already_set = 0, dsa_already_set = 0, ecdsa_already_set = 0;
 
     switch (key) {
-        case 'n':
-            no_default_keys = 1;
-            break;
-        case 'p':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
-            break;
-        case 'd':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
-            dsa_already_set = 1;
-            break;
-        case 'k':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
-            /* We can't track the types of keys being added with this
-               option, so let's ensure we keep the keys we're adding
-               by just not setting the default keys */
-            no_default_keys = 1;
-            break;
-        case 'r':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
-            rsa_already_set = 1;
-            break;
-        case 'e':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg);
-            ecdsa_already_set = 1;
-            break;
-        case 'a':
-            strncpy(authorizedkeys, arg, DEF_STR_SIZE-1);
-            break;
-        case 'u':
-            strncpy(username, arg, sizeof(username) - 1);
-            break;
-        case 'P':
-            strncpy(password, arg, sizeof(password) - 1);
-            break;
-        case 'v':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
-                                 "3");
-            break;
-        case ARGP_KEY_ARG:
-            if (state->arg_num >= 1) {
-                /* Too many arguments. */
-                argp_usage (state);
-            }
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, arg);
-            break;
-        case ARGP_KEY_END:
-            if (state->arg_num < 1) {
-                /* Not enough arguments. */
-                argp_usage (state);
-            }
-
-            if (!no_default_keys) {
-                set_default_keys(sshbind,
-                                 rsa_already_set,
-                                 dsa_already_set,
-                                 ecdsa_already_set);
-            }
-
-            break;
-        default:
-            return ARGP_ERR_UNKNOWN;
+    case 'p':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
+        break;
+    case 'k':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+        break;
+    case 'r':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+        break;
+    case 'e':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+        break;
+    case 'a':
+        strncpy(authorizedkeys, arg, DEF_STR_SIZE - 1);
+        break;
+    case 'u':
+        strncpy(username, arg, sizeof(username) - 1);
+        break;
+    case 'P':
+        strncpy(password, arg, sizeof(password) - 1);
+        break;
+    case 'v':
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
+        break;
+    case ARGP_KEY_ARG:
+        if (state->arg_num >= 1) {
+            /* Too many arguments. */
+            argp_usage(state);
+        }
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, arg);
+        break;
+    case ARGP_KEY_END:
+        if (state->arg_num < 1) {
+            /* Not enough arguments. */
+            argp_usage(state);
+        }
+        break;
+    default:
+        return ARGP_ERR_UNKNOWN;
     }
     return 0;
 }
@@ -253,21 +189,17 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 /* Our argp parser. */
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #else
-static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
+static int
+parse_opt(int argc, char **argv, ssh_bind sshbind)
+{
     int no_default_keys = 0;
     int rsa_already_set = 0;
-    int dsa_already_set = 0;
     int ecdsa_already_set = 0;
     int key;
 
-    while((key = getopt(argc, argv, "a:d:e:k:np:P:r:u:v")) != -1) {
-        if (key == 'n') {
-            no_default_keys = 1;
-        } else if (key == 'p') {
+    while((key = getopt(argc, argv, "a:e:k:p:P:r:u:v")) != -1) {
+        if (key == 'p') {
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, optarg);
-        } else if (key == 'd') {
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, optarg);
-            dsa_already_set = 1;
         } else if (key == 'k') {
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
             /* We can't track the types of keys being added with this
@@ -275,10 +207,10 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
             by just not setting the default keys */
             no_default_keys = 1;
         } else if (key == 'r') {
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, optarg);
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
             rsa_already_set = 1;
         } else if (key == 'e') {
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, optarg);
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
             ecdsa_already_set = 1;
         } else if (key == 'a') {
             strncpy(authorizedkeys, optarg, DEF_STR_SIZE-1);
@@ -299,14 +231,12 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
                "libssh %s -- a Secure Shell protocol implementation\n"
                "\n"
                "  -a, --authorizedkeys=FILE  Set the authorized keys file.\n"
-               "  -d, --dsakey=FILE          Set the dsa key.\n"
-               "  -e, --ecdsakey=FILE        Set the ecdsa key.\n"
+               "  -e, --ecdsakey=FILE        Set the ecdsa key (deprecated alias for 'k').\n"
                "  -k, --hostkey=FILE         Set a host key.  Can be used multiple times.\n"
                "                             Implies no default keys.\n"
-               "  -n, --no-default-keys      Do not set default key locations.\n"
                "  -p, --port=PORT            Set the port to bind.\n"
                "  -P, --pass=PASSWORD        Set expected password.\n"
-               "  -r, --rsakey=FILE          Set the rsa key.\n"
+               "  -r, --rsakey=FILE          Set the rsa key (deprecated alias for 'k').\n"
                "  -u, --user=USERNAME        Set expected username.\n"
                "  -v, --verbose              Get verbose output.\n"
                "  -?, --help                 Give this help list\n"
@@ -329,7 +259,6 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
     if (!no_default_keys) {
         set_default_keys(sshbind,
                          rsa_already_set,
-                         dsa_already_set,
                          ecdsa_already_set);
     }
 
@@ -363,49 +292,74 @@ struct session_data_struct {
     int authenticated;
 };
 
-static int data_function(ssh_session session, ssh_channel channel, void *data,
-                         uint32_t len, int is_stderr, void *userdata) {
-    struct channel_data_struct *cdata = (struct channel_data_struct *) userdata;
+static int
+data_function(ssh_session session,
+              ssh_channel channel,
+              void *data,
+              uint32_t len,
+              int is_stderr,
+              void *userdata)
+{
+    struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
 
-    (void) session;
-    (void) channel;
-    (void) is_stderr;
+    (void)session;
+    (void)channel;
+    (void)is_stderr;
 
     if (len == 0 || cdata->pid < 1 || kill(cdata->pid, 0) < 0) {
         return 0;
     }
 
-    return write(cdata->child_stdin, (char *) data, len);
+    return write(cdata->child_stdin, (char *)data, len);
 }
 
-static int pty_request(ssh_session session, ssh_channel channel,
-                       const char *term, int cols, int rows, int py, int px,
-                       void *userdata) {
+static int
+pty_request(ssh_session session,
+            ssh_channel channel,
+            const char *term,
+            int cols,
+            int rows,
+            int py,
+            int px,
+            void *userdata)
+{
     struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
+    int rc;
 
-    (void) session;
-    (void) channel;
-    (void) term;
+    (void)session;
+    (void)channel;
+    (void)term;
 
     cdata->winsize->ws_row = rows;
     cdata->winsize->ws_col = cols;
     cdata->winsize->ws_xpixel = px;
     cdata->winsize->ws_ypixel = py;
 
-    if (openpty(&cdata->pty_master, &cdata->pty_slave, NULL, NULL,
-                cdata->winsize) != 0) {
+    rc = openpty(&cdata->pty_master,
+                 &cdata->pty_slave,
+                 NULL,
+                 NULL,
+                 cdata->winsize);
+    if (rc != 0) {
         fprintf(stderr, "Failed to open pty\n");
         return SSH_ERROR;
     }
     return SSH_OK;
 }
 
-static int pty_resize(ssh_session session, ssh_channel channel, int cols,
-                      int rows, int py, int px, void *userdata) {
+static int
+pty_resize(ssh_session session,
+           ssh_channel channel,
+           int cols,
+           int rows,
+           int py,
+           int px,
+           void *userdata)
+{
     struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
 
-    (void) session;
-    (void) channel;
+    (void)session;
+    (void)channel;
 
     cdata->winsize->ws_row = rows;
     cdata->winsize->ws_col = cols;
@@ -419,30 +373,36 @@ static int pty_resize(ssh_session session, ssh_channel channel, int cols,
     return SSH_ERROR;
 }
 
-static int exec_pty(const char *mode, const char *command,
-                    struct channel_data_struct *cdata) {
-    switch(cdata->pid = fork()) {
-        case -1:
-            close(cdata->pty_master);
-            close(cdata->pty_slave);
-            fprintf(stderr, "Failed to fork\n");
-            return SSH_ERROR;
-        case 0:
-            close(cdata->pty_master);
-            if (login_tty(cdata->pty_slave) != 0) {
-                exit(1);
-            }
-            execl("/bin/sh", "sh", mode, command, NULL);
-            exit(0);
-        default:
-            close(cdata->pty_slave);
-            /* pty fd is bi-directional */
-            cdata->child_stdout = cdata->child_stdin = cdata->pty_master;
+static int
+exec_pty(const char *mode,
+         const char *command,
+         struct channel_data_struct *cdata)
+{
+    cdata->pid = fork();
+    switch (cdata->pid) {
+    case -1:
+        close(cdata->pty_master);
+        close(cdata->pty_slave);
+        fprintf(stderr, "Failed to fork\n");
+        return SSH_ERROR;
+    case 0:
+        close(cdata->pty_master);
+        if (login_tty(cdata->pty_slave) != 0) {
+            exit(1);
+        }
+        execl("/bin/sh", "sh", mode, command, NULL);
+        exit(0);
+    default:
+        close(cdata->pty_slave);
+        /* pty fd is bi-directional */
+        cdata->child_stdout = cdata->child_stdin = cdata->pty_master;
     }
     return SSH_OK;
 }
 
-static int exec_nopty(const char *command, struct channel_data_struct *cdata) {
+static int
+exec_nopty(const char *command, struct channel_data_struct *cdata)
+{
     int in[2], out[2], err[2];
 
     /* Do the plumbing to be able to talk with the child process. */
@@ -456,23 +416,24 @@ static int exec_nopty(const char *command, struct channel_data_struct *cdata) {
         goto stderr_failed;
     }
 
-    switch(cdata->pid = fork()) {
-        case -1:
-            goto fork_failed;
-        case 0:
-            /* Finish the plumbing in the child process. */
-            close(in[1]);
-            close(out[0]);
-            close(err[0]);
-            dup2(in[0], STDIN_FILENO);
-            dup2(out[1], STDOUT_FILENO);
-            dup2(err[1], STDERR_FILENO);
-            close(in[0]);
-            close(out[1]);
-            close(err[1]);
-            /* exec the requested command. */
-            execl("/bin/sh", "sh", "-c", command, NULL);
-            exit(0);
+    cdata->pid = fork();
+    switch (cdata->pid) {
+    case -1:
+        goto fork_failed;
+    case 0:
+        /* Finish the plumbing in the child process. */
+        close(in[1]);
+        close(out[0]);
+        close(err[0]);
+        dup2(in[0], STDIN_FILENO);
+        dup2(out[1], STDOUT_FILENO);
+        dup2(err[1], STDERR_FILENO);
+        close(in[0]);
+        close(out[1]);
+        close(err[1]);
+        /* exec the requested command. */
+        execl("/bin/sh", "sh", "-c", command, NULL);
+        exit(0);
     }
 
     close(in[0]);
@@ -498,15 +459,18 @@ static int exec_nopty(const char *command, struct channel_data_struct *cdata) {
     return SSH_ERROR;
 }
 
-static int exec_request(ssh_session session, ssh_channel channel,
-                        const char *command, void *userdata) {
-    struct channel_data_struct *cdata = (struct channel_data_struct *) userdata;
-
+static int
+exec_request(ssh_session session,
+             ssh_channel channel,
+             const char *command,
+             void *userdata)
+{
+    struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
 
-    (void) session;
-    (void) channel;
+    (void)session;
+    (void)channel;
 
-    if(cdata->pid > 0) {
+    if (cdata->pid > 0) {
         return SSH_ERROR;
     }
 
@@ -516,14 +480,15 @@ static int exec_request(ssh_session session, ssh_channel channel,
     return exec_nopty(command, cdata);
 }
 
-static int shell_request(ssh_session session, ssh_channel channel,
-                         void *userdata) {
-    struct channel_data_struct *cdata = (struct channel_data_struct *) userdata;
+static int
+shell_request(ssh_session session, ssh_channel channel, void *userdata)
+{
+    struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
 
-    (void) session;
-    (void) channel;
+    (void)session;
+    (void)channel;
 
-    if(cdata->pid > 0) {
+    if (cdata->pid > 0) {
         return SSH_ERROR;
     }
 
@@ -534,20 +499,28 @@ static int shell_request(ssh_session session, ssh_channel channel,
     return SSH_OK;
 }
 
-static int subsystem_request(ssh_session session, ssh_channel channel,
-                             const char *subsystem, void *userdata) {
-    /* subsystem requests behave simillarly to exec requests. */
+static int
+subsystem_request(ssh_session session,
+                  ssh_channel channel,
+                  const char *subsystem,
+                  void *userdata)
+{
+    /* subsystem requests behave similarly to exec requests. */
     if (strcmp(subsystem, "sftp") == 0) {
         return exec_request(session, channel, SFTP_SERVER_PATH, userdata);
     }
     return SSH_ERROR;
 }
 
-static int auth_password(ssh_session session, const char *user,
-                         const char *pass, void *userdata) {
-    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
+static int
+auth_password(ssh_session session,
+              const char *user,
+              const char *pass,
+              void *userdata)
+{
+    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
 
-    (void) session;
+    (void)session;
 
     if (strcmp(user, username) == 0 && strcmp(pass, password) == 0) {
         sdata->authenticated = 1;
@@ -558,16 +531,26 @@ static int auth_password(ssh_session session, const char *user,
     return SSH_AUTH_DENIED;
 }
 
-static int auth_publickey(ssh_session session,
-                          const char *user,
-                          struct ssh_key_struct *pubkey,
-                          char signature_state,
-                          void *userdata)
+static int
+auth_publickey(ssh_session session,
+               const char *user,
+               struct ssh_key_struct *pubkey,
+               char signature_state,
+               void *userdata)
 {
-    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
-
-    (void) user;
-    (void) session;
+    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
+    ssh_key key = NULL;
+    FILE *fp = NULL;
+    char line[AUTH_KEYS_MAX_LINE_SIZE] = {0};
+    char *p = NULL;
+    const char *q = NULL;
+    unsigned int lineno = 0;
+    int result;
+    int i;
+    enum ssh_keytypes_e type;
+
+    (void)user;
+    (void)session;
 
     if (signature_state == SSH_PUBLICKEY_STATE_NONE) {
         return SSH_AUTH_SUCCESS;
@@ -577,45 +560,107 @@ static int auth_publickey(ssh_session session,
         return SSH_AUTH_DENIED;
     }
 
-    // valid so far.  Now look through authorized keys for a match
-    if (authorizedkeys[0]) {
-        ssh_key key = NULL;
-        int result;
-        struct stat buf;
-
-        if (stat(authorizedkeys, &buf) == 0) {
-            result = ssh_pki_import_pubkey_file( authorizedkeys, &key );
-            if ((result != SSH_OK) || (key==NULL)) {
-                fprintf(stderr,
-                        "Unable to import public key file %s\n",
-                        authorizedkeys);
-            } else {
-                result = ssh_key_cmp( key, pubkey, SSH_KEY_CMP_PUBLIC );
-                ssh_key_free(key);
-                if (result == 0) {
-                    sdata->authenticated = 1;
-                    return SSH_AUTH_SUCCESS;
-                }
+    fp = fopen(authorizedkeys, "r");
+    if (fp == NULL) {
+        fprintf(stderr, "Error: opening authorized keys file %s failed, reason: %s\n",
+                authorizedkeys, strerror(errno));
+        return SSH_AUTH_DENIED;
+    }
+
+    while (fgets(line, sizeof(line), fp)) {
+        lineno++;
+
+        /* Skip leading whitespace and ignore comments */
+        p = line;
+
+        for (i = 0; i < AUTH_KEYS_MAX_LINE_SIZE; i++) {
+            if (!isspace((int)p[i])) {
+                break;
             }
         }
+
+        if (i >= AUTH_KEYS_MAX_LINE_SIZE) {
+            fprintf(stderr,
+                    "warning: The line %d in %s too long! Skipping.\n",
+                    lineno,
+                    authorizedkeys);
+            continue;
+        }
+
+        if (p[i] == '#' || p[i] == '\0' || p[i] == '\n') {
+            continue;
+        }
+
+        q = &p[i];
+        for (; i < AUTH_KEYS_MAX_LINE_SIZE; i++) {
+            if (isspace((int)p[i])) {
+                p[i] = '\0';
+                break;
+            }
+        }
+
+        type = ssh_key_type_from_name(q);
+
+        i++;
+        if (i >= AUTH_KEYS_MAX_LINE_SIZE) {
+            fprintf(stderr,
+                    "warning: The line %d in %s too long! Skipping.\n",
+                    lineno,
+                    authorizedkeys);
+            continue;
+        }
+
+        q = &p[i];
+        for (; i < AUTH_KEYS_MAX_LINE_SIZE; i++) {
+            if (isspace((int)p[i])) {
+                p[i] = '\0';
+                break;
+            }
+        }
+
+        result = ssh_pki_import_pubkey_base64(q, type, &key);
+        if (result != SSH_OK) {
+            fprintf(stderr,
+                    "Warning: Cannot import key on line no. %d in authorized keys file: %s\n",
+                    lineno,
+                    authorizedkeys);
+            continue;
+        }
+
+        result = ssh_key_cmp(key, pubkey, SSH_KEY_CMP_PUBLIC);
+        ssh_key_free(key);
+        if (result == 0) {
+            sdata->authenticated = 1;
+            fclose(fp);
+            return SSH_AUTH_SUCCESS;
+        }
     }
+    if (ferror(fp) != 0) {
+        fprintf(stderr,
+                "Error: Reading from authorized keys file %s failed, reason: %s\n",
+                authorizedkeys, strerror(errno));
+    }
+    fclose(fp);
 
-    // no matches
-    sdata->authenticated = 0;
+    /* no matches */
     return SSH_AUTH_DENIED;
 }
 
-static ssh_channel channel_open(ssh_session session, void *userdata) {
-    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
+static ssh_channel
+channel_open(ssh_session session, void *userdata)
+{
+    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
 
     sdata->channel = ssh_channel_new(session);
     return sdata->channel;
 }
 
-static int process_stdout(socket_t fd, int revents, void *userdata) {
+static int
+process_stdout(socket_t fd, int revents, void *userdata)
+{
     char buf[BUF_SIZE];
     int n = -1;
-    ssh_channel channel = (ssh_channel) userdata;
+    ssh_channel channel = (ssh_channel)userdata;
 
     if (channel != NULL && (revents & POLLIN) != 0) {
         n = read(fd, buf, BUF_SIZE);
@@ -627,10 +672,12 @@ static int process_stdout(socket_t fd, int revents, void *userdata) {
     return n;
 }
 
-static int process_stderr(socket_t fd, int revents, void *userdata) {
+static int
+process_stderr(socket_t fd, int revents, void *userdata)
+{
     char buf[BUF_SIZE];
     int n = -1;
-    ssh_channel channel = (ssh_channel) userdata;
+    ssh_channel channel = (ssh_channel)userdata;
 
     if (channel != NULL && (revents & POLLIN) != 0) {
         n = read(fd, buf, BUF_SIZE);
@@ -642,7 +689,9 @@ static int process_stderr(socket_t fd, int revents, void *userdata) {
     return n;
 }
 
-static void handle_session(ssh_event event, ssh_session session) {
+static void
+handle_session(ssh_event event, ssh_session session)
+{
     int n;
     int rc = 0;
 
@@ -755,8 +804,8 @@ static void handle_session(ssh_event event, ssh_session session) {
                 ssh_channel_close(sdata.channel);
             }
         }
-    } while(ssh_channel_is_open(sdata.channel) &&
-            (cdata.pid == 0 || waitpid(cdata.pid, &rc, WNOHANG) == 0));
+    } while (ssh_channel_is_open(sdata.channel) &&
+             (cdata.pid == 0 || waitpid(cdata.pid, &rc, WNOHANG) == 0));
 
     close(cdata.pty_master);
     close(cdata.child_stdin);
@@ -789,12 +838,14 @@ static void handle_session(ssh_event event, ssh_session session) {
 
 #ifdef WITH_FORK
 /* SIGCHLD handler for cleaning up dead children. */
-static void sigchld_handler(int signo) {
-    (void) signo;
+static void sigchld_handler(int signo)
+{
+    (void)signo;
     while (waitpid(-1, NULL, WNOHANG) > 0);
 }
 #else
-static void *session_thread(void *arg) {
+static void *session_thread(void *arg)
+{
     ssh_session session = arg;
     ssh_event event;
 
@@ -813,9 +864,10 @@ static void *session_thread(void *arg) {
 }
 #endif
 
-int main(int argc, char **argv) {
-    ssh_bind sshbind;
-    ssh_session session;
+int main(int argc, char **argv)
+{
+    ssh_bind sshbind = NULL;
+    ssh_session session = NULL;
     int rc;
 #ifdef WITH_FORK
     struct sigaction sa;
@@ -853,7 +905,8 @@ int main(int argc, char **argv) {
     }
 #endif /* HAVE_ARGP_H */
 
-    if(ssh_bind_listen(sshbind) < 0) {
+    rc = ssh_bind_listen(sshbind);
+    if (rc < 0) {
         fprintf(stderr, "%s\n", ssh_get_error(sshbind));
         ssh_bind_free(sshbind);
         ssh_finalize();
@@ -868,34 +921,36 @@ int main(int argc, char **argv) {
         }
 
         /* Blocks until there is a new incoming connection. */
-        if(ssh_bind_accept(sshbind, session) != SSH_ERROR) {
+        rc = ssh_bind_accept(sshbind, session);
+        if (rc != SSH_ERROR) {
 #ifdef WITH_FORK
             ssh_event event;
 
-            switch(fork()) {
-                case 0:
-                    /* Remove the SIGCHLD handler inherited from parent. */
-                    sa.sa_handler = SIG_DFL;
-                    sigaction(SIGCHLD, &sa, NULL);
-                    /* Remove socket binding, which allows us to restart the
-                     * parent process, without terminating existing sessions. */
-                    ssh_bind_free(sshbind);
-
-                    event = ssh_event_new();
-                    if (event != NULL) {
-                        /* Blocks until the SSH session ends by either
-                         * child process exiting, or client disconnecting. */
-                        handle_session(event, session);
-                        ssh_event_free(event);
-                    } else {
-                        fprintf(stderr, "Could not create polling context\n");
-                    }
-                    ssh_disconnect(session);
-                    ssh_free(session);
-
-                    exit(0);
-                case -1:
-                    fprintf(stderr, "Failed to fork\n");
+            pid_t pid = fork();
+            switch (pid) {
+            case 0:
+                /* Remove the SIGCHLD handler inherited from parent. */
+                sa.sa_handler = SIG_DFL;
+                sigaction(SIGCHLD, &sa, NULL);
+                /* Remove socket binding, which allows us to restart the
+                 * parent process, without terminating existing sessions. */
+                ssh_bind_free(sshbind);
+
+                event = ssh_event_new();
+                if (event != NULL) {
+                    /* Blocks until the SSH session ends by either
+                     * child process exiting, or client disconnecting. */
+                    handle_session(event, session);
+                    ssh_event_free(event);
+                } else {
+                    fprintf(stderr, "Could not create polling context\n");
+                }
+                ssh_disconnect(session);
+                ssh_free(session);
+
+                exit(0);
+            case -1:
+                fprintf(stderr, "Failed to fork\n");
             }
 #else
             pthread_t tid;
diff --git a/libssh/examples/sshd_direct-tcpip.c b/libssh/examples/sshd_direct-tcpip.c
index 18a870b9..9bb09111 100644
--- a/libssh/examples/sshd_direct-tcpip.c
+++ b/libssh/examples/sshd_direct-tcpip.c
@@ -15,7 +15,7 @@ clients must be made or how a client should react.
 
 /*
  Example:
-  ./sshd_direct-tcpip -v -p 2022 -d serverkey.dsa -r serverkey.rsa 127.0.0.1
+  ./sshd_direct-tcpip -v -p 2022 -r serverkey.rsa 127.0.0.1
 */
 
 #include "config.h"
@@ -27,6 +27,9 @@ clients must be made or how a client should react.
 #ifdef HAVE_ARGP_H
 #include <argp.h>
 #endif
+#ifndef _WIN32
+#include <netinet/in.h>
+#endif
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <stdbool.h>
@@ -91,6 +94,9 @@ cleanup_push(struct cleanup_node_struct** head_ref,
 {
     // Allocate memory for node
     struct cleanup_node_struct *new_node = malloc(sizeof *new_node);
+    if (new_node == NULL) {
+        return;
+    }
 
     if (*head_ref != NULL) {
         new_node->next = *head_ref;
@@ -197,7 +203,7 @@ subsystem_request(UNUSED_PARAM(ssh_session session),
                   UNUSED_PARAM(void *userdata))
 {
     _ssh_log(SSH_LOG_PROTOCOL,
-             "=== subsystem_request", "Channel subsystem reqeuest: %s",
+             "=== subsystem_request", "Channel subsystem request: %s",
              subsystem);
     return 0;
 }
@@ -293,7 +299,7 @@ my_channel_eof_function(ssh_session session,
 
     _ssh_log(SSH_LOG_PROTOCOL,
              "=== my_channel_eof_function",
-             "Got EOF on channel. Shuting down write on socket (fd = %d).",
+             "Got EOF on channel. Shutting down write on socket (fd = %d).",
              *event_fd_data->p_fd);
 
     stack_socket_close(session, event_fd_data);
@@ -355,7 +361,7 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
 {
     struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
     ssh_channel channel = event_fd_data->channel;
-    ssh_session session;
+    ssh_session session = NULL;
     int len, i, wr;
     char buf[BUF_SIZE];
     int blocking;
@@ -449,8 +455,8 @@ open_tcp_socket(ssh_message msg)
 {
     struct sockaddr_in sin;
     int forwardsock = -1;
-    struct hostent *host;
-    const char *dest_hostname;
+    struct hostent *host = NULL;
+    const char *dest_hostname = NULL;
     int dest_port;
 
     forwardsock = socket(AF_INET, SOCK_STREAM, 0);
@@ -493,8 +499,8 @@ message_callback(UNUSED_PARAM(ssh_session session),
                  UNUSED_PARAM(void *userdata))
 {
     ssh_channel channel;
-    int socket_fd, *pFd;
-    struct ssh_channel_callbacks_struct *cb_chan;
+    int socket_fd, *pFd = NULL;
+    struct ssh_channel_callbacks_struct *cb_chan = NULL;
     struct event_fd_data_struct *event_fd_data;
 
     _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
@@ -520,7 +526,7 @@ message_callback(UNUSED_PARAM(ssh_session session),
                 }
 
                 pFd = malloc(sizeof *pFd);
-                cb_chan = malloc(sizeof *cb_chan);
+                cb_chan = calloc(1, sizeof *cb_chan);
                 event_fd_data = malloc(sizeof *event_fd_data);
                 if (pFd == NULL || cb_chan == NULL || event_fd_data == NULL) {
                     SAFE_FREE(pFd);
@@ -583,20 +589,12 @@ static struct argp_option options[] = {
         .doc   = "Set the host key.",
         .group = 0
     },
-    {
-        .name  = "dsakey",
-        .key   = 'd',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the dsa key.",
-        .group = 0
-    },
     {
         .name  = "rsakey",
         .key   = 'r',
         .arg   = "FILE",
         .flags = 0,
-        .doc   = "Set the rsa key.",
+        .doc   = "Set the rsa key (deprecated alias for 'k').",
         .group = 0
     },
     {
@@ -623,15 +621,10 @@ parse_opt (int key, char *arg, struct argp_state *state)
         case 'p':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
             break;
-        case 'd':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
-            break;
+        case 'r':
         case 'k':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
             break;
-        case 'r':
-            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
-            break;
         case 'v':
             ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1");
             break;
@@ -662,8 +655,8 @@ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 int
 main(int argc, char **argv)
 {
-    ssh_session session;
-    ssh_bind sshbind;
+    ssh_session session = NULL;
+    ssh_bind sshbind = NULL;
     struct ssh_server_callbacks_struct cb = {
         .userdata = NULL,
         .auth_password_function = auth_password,
@@ -682,8 +675,7 @@ main(int argc, char **argv)
     session = ssh_new();
     mainloop = ssh_event_new();
 
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, KEYS_FOLDER "ssh_host_dsa_key");
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
 
 #ifdef HAVE_ARGP_H
     /*
diff --git a/libssh/examples/sshnetcat.c b/libssh/examples/sshnetcat.c
index 9bc5d52e..8a1153a6 100644
--- a/libssh/examples/sshnetcat.c
+++ b/libssh/examples/sshnetcat.c
@@ -39,7 +39,7 @@ clients must be made or how a client should react.
 #define BUF_SIZE 4096
 #endif
 
-char *host;
+char *host = NULL;
 const char *desthost="localhost";
 const char *port="22";
 
@@ -193,7 +193,7 @@ static void forwarding(ssh_session session){
 
 static int client(ssh_session session){
   int auth=0;
-  char *banner;
+  char *banner = NULL;
   int state;
 
   if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
@@ -238,14 +238,15 @@ void set_pcap(ssh_session session){
 }
 
 void cleanup_pcap(void);
-void cleanup_pcap(){
+void cleanup_pcap(void)
+{
 	ssh_pcap_file_free(pcap);
-	pcap=NULL;
+	pcap = NULL;
 }
 #endif
 
 int main(int argc, char **argv){
-    ssh_session session;
+    ssh_session session = NULL;
 
     session = ssh_new();
 
diff --git a/libssh/include/libssh/CMakeLists.txt b/libssh/include/libssh/CMakeLists.txt
index 83e7b9f8..93445680 100644
--- a/libssh/include/libssh/CMakeLists.txt
+++ b/libssh/include/libssh/CMakeLists.txt
@@ -20,6 +20,13 @@ if (WITH_SERVER)
     ${libssh_HDRS}
     server.h
   )
+
+  if (WITH_SFTP)
+    set(libssh_HDRS
+        ${libssh_HDRS}
+        sftpserver.h
+    )
+  endif (WITH_SFTP)
 endif (WITH_SERVER)
 
 install(
diff --git a/libssh/include/libssh/agent.h b/libssh/include/libssh/agent.h
index 72052159..caf8d3e2 100644
--- a/libssh/include/libssh/agent.h
+++ b/libssh/include/libssh/agent.h
@@ -70,6 +70,10 @@
 #define SSH_AGENT_RSA_SHA2_256                   0x02
 #define SSH_AGENT_RSA_SHA2_512                   0x04
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_agent_struct {
   struct ssh_socket_struct *sock;
   ssh_buffer ident;
@@ -115,4 +119,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
                                const ssh_key pubkey,
                                struct ssh_buffer_struct *data);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* __AGENT_H */
diff --git a/libssh/include/libssh/auth.h b/libssh/include/libssh/auth.h
index 90b377d4..b358b7a2 100644
--- a/libssh/include/libssh/auth.h
+++ b/libssh/include/libssh/auth.h
@@ -23,6 +23,10 @@
 #include "config.h"
 #include "libssh/callbacks.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_userauth_banner);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_failure);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_success);
@@ -100,4 +104,8 @@ enum ssh_auth_service_state_e {
   SSH_AUTH_SERVICE_DENIED,
 };
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* AUTH_H_ */
diff --git a/libssh/include/libssh/bignum.h b/libssh/include/libssh/bignum.h
index 726ed7b9..6b5dc1a2 100644
--- a/libssh/include/libssh/bignum.h
+++ b/libssh/include/libssh/bignum.h
@@ -25,9 +25,16 @@
 #include "libssh/libgcrypt.h"
 #include "libssh/libmbedcrypto.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 bignum ssh_make_string_bn(ssh_string string);
 ssh_string ssh_make_bignum_string(bignum num);
 void ssh_print_bignum(const char *which, const_bignum num);
 
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* BIGNUM_H_ */
diff --git a/libssh/include/libssh/bind.h b/libssh/include/libssh/bind.h
index c0439d2c..cd9199b6 100644
--- a/libssh/include/libssh/bind.h
+++ b/libssh/include/libssh/bind.h
@@ -25,6 +25,10 @@
 #include "libssh/kex.h"
 #include "libssh/session.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_bind_struct {
   struct ssh_common_struct common; /* stuff common to ssh_bind and ssh_session */
   struct ssh_bind_callbacks_struct *bind_callbacks;
@@ -35,11 +39,9 @@ struct ssh_bind_struct {
   char *wanted_methods[SSH_KEX_METHODS];
   char *banner;
   char *ecdsakey;
-  char *dsakey;
   char *rsakey;
   char *ed25519key;
   ssh_key ecdsa;
-  ssh_key dsa;
   ssh_key rsa;
   ssh_key ed25519;
   char *bindaddr;
@@ -57,5 +59,8 @@ struct ssh_bind_struct {
 struct ssh_poll_handle_struct *ssh_bind_get_poll(struct ssh_bind_struct
     *sshbind);
 
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* BIND_H_ */
diff --git a/libssh/include/libssh/bind_config.h b/libssh/include/libssh/bind_config.h
index 7ee19b87..5f2dccce 100644
--- a/libssh/include/libssh/bind_config.h
+++ b/libssh/include/libssh/bind_config.h
@@ -28,6 +28,10 @@
 
 #include "libssh/server.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 enum ssh_bind_config_opcode_e {
     /* Known but not allowed in Match block */
     BIND_CFG_NOT_ALLOWED_IN_MATCH = -4,
@@ -71,4 +75,8 @@ int ssh_bind_config_parse_file(ssh_bind sshbind, const char *filename);
  */
 int ssh_bind_config_parse_string(ssh_bind bind, const char *input);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* BIND_CONFIG_H_ */
diff --git a/libssh/include/libssh/blf.h b/libssh/include/libssh/blf.h
index ce131e6b..71928a7d 100644
--- a/libssh/include/libssh/blf.h
+++ b/libssh/include/libssh/blf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
+/* $OpenBSD: blf.h,v 1.8 2021/11/29 01:04:45 djm Exp $ */
 /*
  * Blowfish - a fast block cipher designed by Bruce Schneier
  *
@@ -13,10 +13,7 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *      This product includes software developed by Niels Provos.
- * 4. The name of the author may not be used to endorse or promote products
+ * 3. The name of the author may not be used to endorse or promote products
  *    derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
@@ -49,6 +46,10 @@
 #define BLF_MAXKEYLEN ((BLF_N-2)*4)	/* 448 bits */
 #define BLF_MAXUTILIZED ((BLF_N+2)*4)	/* 576 bits */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Blowfish context */
 typedef struct BlowfishContext {
 	uint32_t S[4][256];	/* S-Boxes */
@@ -84,4 +85,9 @@ void ssh_blf_cbc_decrypt(ssh_blf_ctx *, uint8_t *, uint8_t *, uint32_t);
 uint32_t Blowfish_stream2word(const uint8_t *, uint16_t , uint16_t *);
 
 #endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _BLF_H */
diff --git a/libssh/include/libssh/buffer.h b/libssh/include/libssh/buffer.h
index a55a1b40..d22178e7 100644
--- a/libssh/include/libssh/buffer.h
+++ b/libssh/include/libssh/buffer.h
@@ -27,6 +27,10 @@
 
 #define SSH_BUFFER_PACK_END ((uint32_t) 0x4f65feb3)
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void ssh_buffer_set_secure(ssh_buffer buffer);
 int ssh_buffer_add_ssh_string(ssh_buffer buffer, ssh_string string);
 int ssh_buffer_add_u8(ssh_buffer buffer, uint8_t data);
@@ -38,10 +42,6 @@ int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len);
 
 void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len);
 int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer, uint32_t len);
-int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
-                       const char *format,
-                       size_t argc,
-                       va_list ap);
 int _ssh_buffer_pack(struct ssh_buffer_struct *buffer,
                      const char *format,
                      size_t argc,
@@ -74,4 +74,8 @@ ssh_string ssh_buffer_get_ssh_string(ssh_buffer buffer);
 uint32_t ssh_buffer_pass_bytes_end(ssh_buffer buffer, uint32_t len);
 uint32_t ssh_buffer_pass_bytes(ssh_buffer buffer, uint32_t len);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* BUFFER_H_ */
diff --git a/libssh/include/libssh/callbacks.h b/libssh/include/libssh/callbacks.h
index 36fe7f8c..4ef80a4c 100644
--- a/libssh/include/libssh/callbacks.h
+++ b/libssh/include/libssh/callbacks.h
@@ -27,6 +27,7 @@
 
 #include <libssh/libssh.h>
 #include <string.h>
+#include <stdbool.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -81,9 +82,9 @@ typedef void (*ssh_log_callback) (ssh_session session, int priority,
  *
  * @param priority  Priority of the log, the smaller being the more important.
  *
- * @param function  The function name calling the the logging fucntions.
+ * @param function  The function name calling the logging functions.
  *
- * @param message   The actual message
+ * @param buffer   The actual message
  *
  * @param userdata Userdata to be passed to the callback function.
  */
@@ -117,6 +118,8 @@ typedef void (*ssh_global_request_callback) (ssh_session session,
  * sends back an X11 connection attempt. This is a client-side API
  * @param session current session handler
  * @param userdata Userdata to be passed to the callback function.
+ * @param originator_address    IP address of the machine who sent the request
+ * @param originator_port   port number of the machine who sent the request
  * @returns a valid ssh_channel handle if the request is to be allowed
  * @returns NULL if the request should not be allowed
  * @warning The channel pointer returned by this callback must be closed by the application.
@@ -136,6 +139,26 @@ typedef ssh_channel (*ssh_channel_open_request_x11_callback) (ssh_session sessio
 typedef ssh_channel (*ssh_channel_open_request_auth_agent_callback) (ssh_session session,
       void *userdata);
 
+/**
+ * @brief Handles an SSH new channel open "forwarded-tcpip" request. This
+ * happens when the server forwards an incoming TCP connection on a port it was
+ * previously requested to listen on. This is a client-side API
+ * @param session current session handler
+ * @param destination_address the address that the TCP connection connected to
+ * @param destination_port the port that the TCP connection connected to
+ * @param originator_address the originator IP address
+ * @param originator_port the originator port
+ * @param userdata Userdata to be passed to the callback function.
+ * @returns a valid ssh_channel handle if the request is to be allowed
+ * @returns NULL if the request should not be allowed
+ * @warning The channel pointer returned by this callback must be closed by the
+ * application.
+ */
+typedef ssh_channel (*ssh_channel_open_request_forwarded_tcpip_callback) (ssh_session session,
+      const char *destination_address, int destination_port,
+      const char *originator_address, int originator_port,
+      void *userdata);
+
 /**
  * The structure to replace libssh functions with appropriate callbacks.
  */
@@ -169,6 +192,11 @@ struct ssh_callbacks_struct {
   /** This function will be called when an incoming "auth-agent" request is received.
    */
   ssh_channel_open_request_auth_agent_callback channel_open_request_auth_agent_function;
+  /**
+   * This function will be called when an incoming "forwarded-tcpip"
+   * request is received.
+   */
+  ssh_channel_open_request_forwarded_tcpip_callback channel_open_request_forwarded_tcpip_function;
 };
 typedef struct ssh_callbacks_struct *ssh_callbacks;
 
@@ -255,6 +283,7 @@ typedef ssh_channel (*ssh_channel_open_request_session_callback) (ssh_session se
 
 /*
  * @brief handle the beginning of a GSSAPI authentication, server side.
+ *        Callback should select the oid and also acquire the server credential.
  * @param session current session handler
  * @param user the username of the client
  * @param n_oid number of available oids
@@ -268,7 +297,7 @@ typedef ssh_string (*ssh_gssapi_select_oid_callback) (ssh_session session, const
 		int n_oid, ssh_string *oids, void *userdata);
 
 /*
- * @brief handle the negociation of a security context, server side.
+ * @brief handle the negotiation of a security context, server side.
  * @param session current session handler
  * @param[in] input_token input token provided by client
  * @param[out] output_token output of the gssapi accept_sec_context method,
@@ -337,6 +366,7 @@ struct ssh_server_callbacks_struct {
    */
   ssh_channel_open_request_session_callback channel_open_request_session_function;
   /** This function will be called when a new gssapi authentication is attempted.
+   * This should select the oid and acquire credential for the server.
    */
   ssh_gssapi_select_oid_callback gssapi_select_oid_function;
   /** This function will be called when a gssapi token comes in.
@@ -397,7 +427,7 @@ struct ssh_socket_callbacks_struct {
    */
   ssh_callback_int_int exception;
   /** This function is called when the ssh_socket_connect was used on the socket
-   * on nonblocking state, and the connection successed.
+   * on nonblocking state, and the connection succeeded.
    */
   ssh_callback_int_int connected;
 };
@@ -625,6 +655,7 @@ typedef void (*ssh_channel_signal_callback) (ssh_session session,
  * @brief SSH channel exit status callback. Called when a channel has received an exit status
  * @param session Current session handler
  * @param channel the actual channel
+ * @param exit_status Exit status of the ran command
  * @param userdata Userdata to be passed to the callback function.
  */
 typedef void (*ssh_channel_exit_status_callback) (ssh_session session,
@@ -637,7 +668,7 @@ typedef void (*ssh_channel_exit_status_callback) (ssh_session session,
  * @param session Current session handler
  * @param channel the actual channel
  * @param signal the signal name (without the SIG prefix)
- * @param core a boolean telling wether a core has been dumped or not
+ * @param core a boolean telling whether a core has been dumped or not
  * @param errmsg the description of the exception
  * @param lang the language of the description (format: RFC 3066)
  * @param userdata Userdata to be passed to the callback function.
@@ -652,12 +683,13 @@ typedef void (*ssh_channel_exit_signal_callback) (ssh_session session,
 
 /**
  * @brief SSH channel PTY request from a client.
+ * @param session the session
  * @param channel the channel
  * @param term The type of terminal emulation
  * @param width width of the terminal, in characters
  * @param height height of the terminal, in characters
  * @param pxwidth width of the terminal, in pixels
- * @param pxheight height of the terminal, in pixels
+ * @param pwheight height of the terminal, in pixels
  * @param userdata Userdata to be passed to the callback function.
  * @returns 0 if the pty request is accepted
  * @returns -1 if the request is denied
@@ -671,6 +703,7 @@ typedef int (*ssh_channel_pty_request_callback) (ssh_session session,
 
 /**
  * @brief SSH channel Shell request from a client.
+ * @param session the session
  * @param channel the channel
  * @param userdata Userdata to be passed to the callback function.
  * @returns 0 if the shell request is accepted
@@ -683,6 +716,7 @@ typedef int (*ssh_channel_shell_request_callback) (ssh_session session,
  * @brief SSH auth-agent-request from the client. This request is
  * sent by a client when agent forwarding is available.
  * Server is free to ignore this callback, no answer is expected.
+ * @param session the session
  * @param channel the channel
  * @param userdata Userdata to be passed to the callback function.
  */
@@ -694,7 +728,12 @@ typedef void (*ssh_channel_auth_agent_req_callback) (ssh_session session,
  * @brief SSH X11 request from the client. This request is
  * sent by a client when X11 forwarding is requested(and available).
  * Server is free to ignore this callback, no answer is expected.
+ * @param session the session
  * @param channel the channel
+ * @param single_connection If true, only one channel should be forwarded
+ * @param auth_protocol The X11 authentication method to be used
+ * @param auth_cookie   Authentication cookie encoded hexadecimal
+ * @param screen_number Screen number
  * @param userdata Userdata to be passed to the callback function.
  */
 typedef void (*ssh_channel_x11_req_callback) (ssh_session session,
@@ -706,11 +745,12 @@ typedef void (*ssh_channel_x11_req_callback) (ssh_session session,
                                             void *userdata);
 /**
  * @brief SSH channel PTY windows change (terminal size) from a client.
+ * @param session the session
  * @param channel the channel
  * @param width width of the terminal, in characters
  * @param height height of the terminal, in characters
  * @param pxwidth width of the terminal, in pixels
- * @param pxheight height of the terminal, in pixels
+ * @param pwheight height of the terminal, in pixels
  * @param userdata Userdata to be passed to the callback function.
  * @returns 0 if the pty request is accepted
  * @returns -1 if the request is denied
@@ -723,6 +763,7 @@ typedef int (*ssh_channel_pty_window_change_callback) (ssh_session session,
 
 /**
  * @brief SSH channel Exec request from a client.
+ * @param session the session
  * @param channel the channel
  * @param command the shell command to be executed
  * @param userdata Userdata to be passed to the callback function.
@@ -736,6 +777,7 @@ typedef int (*ssh_channel_exec_request_callback) (ssh_session session,
 
 /**
  * @brief SSH channel environment request from a client.
+ * @param session the session
  * @param channel the channel
  * @param env_name name of the environment value to be set
  * @param env_value value of the environment value to be set
@@ -752,6 +794,7 @@ typedef int (*ssh_channel_env_request_callback) (ssh_session session,
                                             void *userdata);
 /**
  * @brief SSH channel subsystem request from a client.
+ * @param session the session
  * @param channel the channel
  * @param subsystem the subsystem required
  * @param userdata Userdata to be passed to the callback function.
@@ -766,6 +809,8 @@ typedef int (*ssh_channel_subsystem_request_callback) (ssh_session session,
 /**
  * @brief SSH channel write will not block (flow control).
  *
+ * @param session the session
+ *
  * @param channel the channel
  *
  * @param[in] bytes size of the remote window in bytes. Writing as much data
@@ -780,6 +825,28 @@ typedef int (*ssh_channel_write_wontblock_callback) (ssh_session session,
                                                      uint32_t bytes,
                                                      void *userdata);
 
+/**
+ * @brief SSH channel open callback. Called when a channel open succeeds or fails.
+ * @param session Current session handler
+ * @param channel the actual channel
+ * @param is_success is 1 when the open succeeds, and 0 otherwise.
+ * @param userdata Userdata to be passed to the callback function.
+ */
+typedef void (*ssh_channel_open_resp_callback) (ssh_session session,
+                                                ssh_channel channel,
+                                                bool is_success,
+                                                void *userdata);
+
+/**
+ * @brief SSH channel request response callback. Called when a response to the pending request is received.
+ * @param session Current session handler
+ * @param channel the actual channel
+ * @param userdata Userdata to be passed to the callback function.
+ */
+typedef void (*ssh_channel_request_resp_callback) (ssh_session session,
+                                                   ssh_channel channel,
+                                                   void *userdata);
+
 struct ssh_channel_callbacks_struct {
   /** DON'T SET THIS use ssh_callbacks_init() instead. */
   size_t size;
@@ -847,6 +914,14 @@ struct ssh_channel_callbacks_struct {
    * not to block.
    */
   ssh_channel_write_wontblock_callback channel_write_wontblock_function;
+  /**
+   * This functions will be called when the channel has received a channel open confirmation or failure.
+   */
+  ssh_channel_open_resp_callback channel_open_response_function;
+  /**
+   * This functions will be called when the channel has received the response to the pending request.
+   */
+  ssh_channel_request_resp_callback channel_request_response_function;
 };
 
 typedef struct ssh_channel_callbacks_struct *ssh_channel_callbacks;
@@ -917,7 +992,7 @@ LIBSSH_API int ssh_remove_channel_callbacks(ssh_channel channel,
 
 /** @} */
 
-/** @group libssh_threads
+/** @addtogroup libssh_threads
  * @{
  */
 
@@ -983,13 +1058,14 @@ LIBSSH_API struct ssh_threads_callbacks_struct *ssh_threads_get_pthread(void);
  * @see ssh_threads_set_callbacks
  */
 LIBSSH_API struct ssh_threads_callbacks_struct *ssh_threads_get_noop(void);
+/** @} */
 
 /**
  * @brief Set the logging callback function.
  *
  * @param[in]  cb  The callback to set.
  *
- * @return         0 on success, < 0 on errror.
+ * @return         0 on success, < 0 on error.
  */
 LIBSSH_API int ssh_set_log_callback(ssh_logging_callback cb);
 
@@ -1000,7 +1076,45 @@ LIBSSH_API int ssh_set_log_callback(ssh_logging_callback cb);
  */
 LIBSSH_API ssh_logging_callback ssh_get_log_callback(void);
 
-/** @} */
+/**
+ * @brief SSH proxyjump before connection callback. Called before calling
+ * ssh_connect()
+ * @param session Jump session handler
+ * @param userdata Userdata to be passed to the callback function.
+ *
+ * @return         0 on success, < 0 on error.
+ */
+typedef int (*ssh_jump_before_connection_callback)(ssh_session session,
+                                                   void *userdata);
+
+/**
+ * @brief SSH proxyjump verify knownhost callback. Verify the host.
+ *        If not specified default function will be used.
+ * @param session Jump session handler
+ * @param userdata Userdata to be passed to the callback function.
+ *
+ * @return         0 on success, < 0 on error.
+ */
+typedef int (*ssh_jump_verify_knownhost_callback)(ssh_session session,
+                                                  void *userdata);
+
+/**
+ * @brief SSH proxyjump user authentication callback. Authenticate the user.
+ * @param session Jump session handler
+ * @param userdata Userdata to be passed to the callback function.
+ *
+ * @return         0 on success, < 0 on error.
+ */
+typedef int (*ssh_jump_authenticate_callback)(ssh_session session,
+                                              void *userdata);
+
+struct ssh_jump_callbacks_struct {
+    void *userdata;
+    ssh_jump_before_connection_callback before_connection;
+    ssh_jump_verify_knownhost_callback verify_knownhost;
+    ssh_jump_authenticate_callback authenticate;
+};
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/libssh/include/libssh/chacha.h b/libssh/include/libssh/chacha.h
index 867f532d..ab3fe492 100644
--- a/libssh/include/libssh/chacha.h
+++ b/libssh/include/libssh/chacha.h
@@ -18,6 +18,10 @@ struct chacha_ctx {
 #define CHACHA_CTRLEN     8
 #define CHACHA_STATELEN   (CHACHA_NONCELEN+CHACHA_CTRLEN)
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void chacha_keysetup(struct chacha_ctx *x, const uint8_t *k, uint32_t kbits)
 #ifdef HAVE_GCC_BOUNDED_ATTRIBUTE
     __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN)))
@@ -37,4 +41,8 @@ void chacha_encrypt_bytes(struct chacha_ctx *x, const uint8_t *m,
 #endif
     ;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif    /* CHACHA_H */
diff --git a/libssh/include/libssh/channels.h b/libssh/include/libssh/channels.h
index ce8540ae..7a3535ec 100644
--- a/libssh/include/libssh/channels.h
+++ b/libssh/include/libssh/channels.h
@@ -22,6 +22,10 @@
 #define CHANNELS_H_
 #include "libssh/priv.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**  @internal
  * Describes the different possible states in a
  * outgoing (client) channel request
@@ -35,7 +39,7 @@ enum ssh_channel_request_state_e {
 	SSH_CHANNEL_REQ_STATE_ACCEPTED,
 	/** A request has been replied and refused */
 	SSH_CHANNEL_REQ_STATE_DENIED,
-	/** A request has been replied and an error happend */
+	/** A request has been replied and an error happened */
 	SSH_CHANNEL_REQ_STATE_ERROR
 };
 
@@ -76,7 +80,12 @@ struct ssh_channel_struct {
     ssh_buffer stdout_buffer;
     ssh_buffer stderr_buffer;
     void *userarg;
-    int exit_status;
+    struct {
+        bool status;
+        uint32_t code;
+        char *signal;
+        bool core_dumped;
+    } exit;
     enum ssh_channel_request_state_e request_state;
     struct ssh_list *callbacks; /* list of ssh_channel_callbacks */
 
@@ -109,4 +118,8 @@ int ssh_global_request(ssh_session session,
                        ssh_buffer buffer,
                        int reply);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* CHANNELS_H_ */
diff --git a/libssh/include/libssh/config.h b/libssh/include/libssh/config.h
index a24d11a1..4f8a9b6f 100644
--- a/libssh/include/libssh/config.h
+++ b/libssh/include/libssh/config.h
@@ -62,6 +62,10 @@ enum ssh_config_opcode_e {
     SOC_PUBKEYACCEPTEDKEYTYPES,
     SOC_REKEYLIMIT,
     SOC_IDENTITYAGENT,
+    SOC_IDENTITIESONLY,
+    SOC_CONTROLMASTER,
+    SOC_CONTROLPATH,
+    SOC_CERTIFICATE,
 
     SOC_MAX /* Keep this one last in the list */
 };
diff --git a/libssh/include/libssh/config_parser.h b/libssh/include/libssh/config_parser.h
index e974917c..f5d1fee8 100644
--- a/libssh/include/libssh/config_parser.h
+++ b/libssh/include/libssh/config_parser.h
@@ -26,6 +26,13 @@
 #ifndef CONFIG_PARSER_H_
 #define CONFIG_PARSER_H_
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "libssh/libssh.h"
+#include <stdbool.h>
+
 char *ssh_config_get_cmd(char **str);
 
 char *ssh_config_get_token(char **str);
@@ -45,13 +52,35 @@ int ssh_config_get_yesno(char **str, int notfound);
  *                       be stored or NULL if we do not care about the result.
  * @param[out]  port     Pointer to the location, where the new port will
  *                       be stored or NULL if we do not care about the result.
+ * @param[in]   ignore_port Set to true if we should not attempt to parse
+ *                       port number.
  *
  * @returns     SSH_OK if the provided string is in format of SSH URI,
  *              SSH_ERROR on failure
  */
 int ssh_config_parse_uri(const char *tok,
-        char **username,
-        char **hostname,
-        char **port);
+                         char **username,
+                         char **hostname,
+                         char **port,
+                         bool ignore_port);
+
+/**
+ * @brief: Parse the ProxyJump configuration line and if parsing,
+ * stores the result in the configuration option
+ *
+ * @param[in]   session    The ssh session
+ * @param[in]   s          The string to be parsed.
+ * @param[in]   do_parsing Whether to parse or not.
+ *
+ * @returns     SSH_OK if the provided string is formatted and parsed correctly
+ *              SSH_ERROR on failure
+ */
+int ssh_config_parse_proxy_jump(ssh_session session,
+                                const char *s,
+                                bool do_parsing);
+
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* LIBSSH_CONFIG_H_ */
diff --git a/libssh/include/libssh/crypto.h b/libssh/include/libssh/crypto.h
index 1d73613b..92a6357c 100644
--- a/libssh/include/libssh/crypto.h
+++ b/libssh/include/libssh/crypto.h
@@ -86,9 +86,9 @@ enum ssh_key_exchange_e {
 
 enum ssh_cipher_e {
     SSH_NO_CIPHER=0,
-#ifdef WITH_BLOWFISH_CIPHER
+#ifdef HAVE_BLOWFISH
     SSH_BLOWFISH_CBC,
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH */
     SSH_3DES_CBC,
     SSH_AES128_CBC,
     SSH_AES192_CBC,
@@ -111,11 +111,7 @@ struct ssh_crypto_struct {
 #endif /* WITH_GEX */
 #ifdef HAVE_ECDH
 #ifdef HAVE_OPENSSL_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     EC_KEY *ecdh_privkey;
 #else
     EVP_PKEY *ecdh_privkey;
@@ -216,6 +212,10 @@ struct ssh_cipher_struct {
     void (*cleanup)(struct ssh_cipher_struct *cipher);
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
 int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
                       unsigned char *key, size_t key_len,
@@ -223,8 +223,11 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
                       size_t requested_len);
 
 int secure_memcmp(const void *s1, const void *s2, size_t n);
-#ifdef HAVE_LIBCRYPTO
-ENGINE *pki_get_engine(void);
-#endif /* HAVE_LIBCRYPTO */
+
+void compress_cleanup(struct ssh_crypto_struct *crypto);
+
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* _CRYPTO_H_ */
diff --git a/libssh/include/libssh/curve25519.h b/libssh/include/libssh/curve25519.h
index f0cc6348..a55f52c7 100644
--- a/libssh/include/libssh/curve25519.h
+++ b/libssh/include/libssh/curve25519.h
@@ -33,6 +33,10 @@
 #define crypto_scalarmult crypto_scalarmult_curve25519
 #else
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define CURVE25519_PUBKEY_SIZE 32
 #define CURVE25519_PRIVKEY_SIZE 32
 int crypto_scalarmult_base(unsigned char *q, const unsigned char *n);
@@ -48,9 +52,14 @@ typedef unsigned char ssh_curve25519_privkey[CURVE25519_PRIVKEY_SIZE];
 
 
 int ssh_client_curve25519_init(ssh_session session);
+void ssh_client_curve25519_remove_callbacks(ssh_session session);
 
 #ifdef WITH_SERVER
 void ssh_server_curve25519_init(ssh_session session);
 #endif /* WITH_SERVER */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* CURVE25519_H_ */
diff --git a/libssh/include/libssh/dh-gex.h b/libssh/include/libssh/dh-gex.h
index 4fc23d82..0f547e37 100644
--- a/libssh/include/libssh/dh-gex.h
+++ b/libssh/include/libssh/dh-gex.h
@@ -23,10 +23,19 @@
 #ifndef SRC_DH_GEX_H_
 #define SRC_DH_GEX_H_
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_client_dhgex_init(ssh_session session);
+void ssh_client_dhgex_remove_callbacks(ssh_session session);
 
 #ifdef WITH_SERVER
 void ssh_server_dhgex_init(ssh_session session);
 #endif /* WITH_SERVER */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* SRC_DH_GEX_H_ */
diff --git a/libssh/include/libssh/dh.h b/libssh/include/libssh/dh.h
index 353dc233..34c4a7ed 100644
--- a/libssh/include/libssh/dh.h
+++ b/libssh/include/libssh/dh.h
@@ -30,6 +30,10 @@ struct dh_ctx;
 #define DH_CLIENT_KEYPAIR 0
 #define DH_SERVER_KEYPAIR 1
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* functions implemented by crypto backends */
 int ssh_dh_init_common(struct ssh_crypto_struct *crypto);
 void ssh_dh_cleanup(struct ssh_crypto_struct *crypto);
@@ -53,7 +57,7 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
                             bignum *priv, bignum *pub);
 #endif /* OPENSSL_VERSION_NUMBER */
 int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
-                            const bignum priv, const bignum pub);
+                            bignum priv, bignum pub);
 
 int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote,
                                  bignum *dest);
@@ -73,8 +77,10 @@ int ssh_dh_get_current_server_publickey_blob(ssh_session session,
 ssh_key ssh_dh_get_next_server_publickey(ssh_session session);
 int ssh_dh_get_next_server_publickey_blob(ssh_session session,
                                           ssh_string *pubkey_blob);
+int dh_handshake(ssh_session session);
 
 int ssh_client_dh_init(ssh_session session);
+void ssh_client_dh_remove_callbacks(ssh_session session);
 #ifdef WITH_SERVER
 void ssh_server_dh_init(ssh_session session);
 #endif /* WITH_SERVER */
@@ -82,4 +88,8 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet);
 int ssh_fallback_group(uint32_t pmax, bignum *p, bignum *g);
 bool ssh_dh_is_known_group(bignum modulus, bignum generator);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* DH_H_ */
diff --git a/libssh/include/libssh/ecdh.h b/libssh/include/libssh/ecdh.h
index 17fe02e7..4c4c54eb 100644
--- a/libssh/include/libssh/ecdh.h
+++ b/libssh/include/libssh/ecdh.h
@@ -42,9 +42,14 @@
 #define HAVE_ECDH 1
 #endif
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks;
 /* Backend-specific functions.  */
 int ssh_client_ecdh_init(ssh_session session);
+void ssh_client_ecdh_remove_callbacks(ssh_session session);
 int ecdh_build_k(ssh_session session);
 
 #ifdef WITH_SERVER
@@ -53,4 +58,8 @@ void ssh_server_ecdh_init(ssh_session session);
 SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init);
 #endif /* WITH_SERVER */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* ECDH_H_ */
diff --git a/libssh/include/libssh/ed25519.h b/libssh/include/libssh/ed25519.h
index 8a3263c8..72a86c0b 100644
--- a/libssh/include/libssh/ed25519.h
+++ b/libssh/include/libssh/ed25519.h
@@ -24,10 +24,10 @@
 
 /**
  * @defgroup ed25519 ed25519 API
- * @internal
  * @brief API for DJB's ed25519
  *
- * @{ */
+ * @{
+ */
 
 #define ED25519_PK_LEN 32
 #define ED25519_SK_LEN 64
@@ -37,6 +37,10 @@ typedef uint8_t ed25519_pubkey[ED25519_PK_LEN];
 typedef uint8_t ed25519_privkey[ED25519_SK_LEN];
 typedef uint8_t ed25519_signature[ED25519_SIG_LEN];
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /** @internal
  * @brief generate an ed25519 key pair
  * @param[out] pk generated public key
@@ -76,4 +80,8 @@ int crypto_sign_ed25519_open(
     const ed25519_pubkey pk);
 
 /** @} */
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* ED25519_H_ */
diff --git a/libssh/include/libssh/fe25519.h b/libssh/include/libssh/fe25519.h
index 438d85db..0dfb0613 100644
--- a/libssh/include/libssh/fe25519.h
+++ b/libssh/include/libssh/fe25519.h
@@ -33,6 +33,10 @@ typedef struct {
   uint32_t v[32];
 } fe25519;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void fe25519_freeze(fe25519 *r);
 
 void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
@@ -65,4 +69,8 @@ void fe25519_invert(fe25519 *r, const fe25519 *x);
 
 void fe25519_pow2523(fe25519 *r, const fe25519 *x);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif
diff --git a/libssh/include/libssh/ge25519.h b/libssh/include/libssh/ge25519.h
index 329bd042..480f29dc 100644
--- a/libssh/include/libssh/ge25519.h
+++ b/libssh/include/libssh/ge25519.h
@@ -28,6 +28,10 @@ typedef struct
   fe25519 t;
 } ge25519;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern const ge25519 ge25519_base;
 
 int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
@@ -40,4 +44,8 @@ void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25
 
 void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif
diff --git a/libssh/include/libssh/gssapi.h b/libssh/include/libssh/gssapi.h
index ccd83664..d0f3eb95 100644
--- a/libssh/include/libssh/gssapi.h
+++ b/libssh/include/libssh/gssapi.h
@@ -22,13 +22,45 @@
 #define GSSAPI_H_
 
 #include "config.h"
+#ifdef WITH_GSSAPI
 #include "session.h"
+#include <gssapi/gssapi.h>
 
 /* all OID begin with the tag identifier + length */
 #define SSH_OID_TAG 06
 
 typedef struct ssh_gssapi_struct *ssh_gssapi;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** current state of an GSSAPI authentication */
+enum ssh_gssapi_state_e {
+    SSH_GSSAPI_STATE_NONE, /* no status */
+    SSH_GSSAPI_STATE_RCV_TOKEN, /* Expecting a token */
+    SSH_GSSAPI_STATE_RCV_MIC, /* Expecting a MIC */
+};
+
+struct ssh_gssapi_struct{
+    enum ssh_gssapi_state_e state; /* current state */
+    struct gss_OID_desc_struct mech; /* mechanism being elected for auth */
+    gss_cred_id_t server_creds; /* credentials of server */
+    gss_cred_id_t client_creds; /* creds delegated by the client */
+    gss_ctx_id_t ctx; /* the authentication context */
+    gss_name_t client_name; /* Identity of the client */
+    char *user; /* username of client */
+    char *canonic_user; /* canonic form of the client's username */
+    char *service; /* name of the service */
+    struct {
+        gss_name_t server_name; /* identity of server */
+        OM_uint32 flags; /* flags used for init context */
+        gss_OID oid; /* mech being used for authentication */
+        gss_cred_id_t creds; /* creds used to initialize context */
+        gss_cred_id_t client_deleg_creds; /* delegated creds (const, not freeable) */
+    } client;
+};
+
 #ifdef WITH_SERVER
 int ssh_gssapi_handle_userauth(ssh_session session, const char *user, uint32_t n_oid, ssh_string *oids);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server);
@@ -40,6 +72,15 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response);
 
 
+int ssh_gssapi_init(ssh_session session);
+void ssh_gssapi_log_error(int verb, const char *msg_a, int maj_stat, int min_stat);
 int ssh_gssapi_auth_mic(ssh_session session);
+void ssh_gssapi_free(ssh_session session);
+char *ssh_gssapi_name_to_char(gss_name_t name);
+
+#ifdef __cplusplus
+}
+#endif
 
+#endif /* WITH_GSSAPI */
 #endif /* GSSAPI_H */
diff --git a/libssh/include/libssh/kex.h b/libssh/include/libssh/kex.h
index 3a1f4a6f..4a2ecb99 100644
--- a/libssh/include/libssh/kex.h
+++ b/libssh/include/libssh/kex.h
@@ -31,15 +31,24 @@ struct ssh_kex_struct {
     char *methods[SSH_KEX_METHODS];
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_kexinit);
 
-int ssh_send_kex(ssh_session session, int server_kex);
+int ssh_send_kex(ssh_session session);
 void ssh_list_kex(struct ssh_kex_struct *kex);
 int ssh_set_client_kex(ssh_session session);
+int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex);
 int ssh_kex_select_methods(ssh_session session);
 int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
 char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
 char *ssh_keep_fips_algos(enum ssh_kex_types_e algo, const char *list);
+char *ssh_add_to_default_algos(enum ssh_kex_types_e algo, const char *list);
+char *ssh_remove_from_default_algos(enum ssh_kex_types_e algo,
+                                    const char *list);
+char *ssh_prefix_default_algos(enum ssh_kex_types_e algo, const char *list);
 char **ssh_space_tokenize(const char *chain);
 int ssh_get_kex1(ssh_session session);
 char *ssh_find_matching(const char *in_d, const char *what_d);
@@ -56,4 +65,8 @@ int ssh_hashbufin_add_cookie(ssh_session session, unsigned char *cookie);
 int ssh_hashbufout_add_cookie(ssh_session session);
 int ssh_generate_session_keys(ssh_session session);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* KEX_H_ */
diff --git a/libssh/include/libssh/keys.h b/libssh/include/libssh/keys.h
index 934189c2..1379539e 100644
--- a/libssh/include/libssh/keys.h
+++ b/libssh/include/libssh/keys.h
@@ -29,42 +29,36 @@ struct ssh_public_key_struct {
     int type;
     const char *type_c; /* Don't free it ! it is static */
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa_pub;
     gcry_sexp_t rsa_pub;
 #elif defined(HAVE_LIBCRYPTO)
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    DSA *dsa_pub;
-    RSA *rsa_pub;
-#else /* OPENSSL_VERSION_NUMBER */
     EVP_PKEY *key_pub;
-#endif
 #elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa_pub;
-    void *dsa_pub;
 #endif
 };
 
 struct ssh_private_key_struct {
     int type;
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa_priv;
     gcry_sexp_t rsa_priv;
 #elif defined(HAVE_LIBCRYPTO)
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    DSA *dsa_priv;
-    RSA *rsa_priv;
-#else
     EVP_PKEY *key_priv;
-#endif /* OPENSSL_VERSION_NUMBER */
 #elif defined(HAVE_LIBMBEDCRYPTO)
     mbedtls_pk_context *rsa_priv;
-    void *dsa_priv;
 #endif
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 const char *ssh_type_to_char(int type);
 int ssh_type_from_name(const char *name);
 
 ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* KEYS_H_ */
diff --git a/libssh/include/libssh/knownhosts.h b/libssh/include/libssh/knownhosts.h
index 44e434c0..b50018cd 100644
--- a/libssh/include/libssh/knownhosts.h
+++ b/libssh/include/libssh/knownhosts.h
@@ -22,6 +22,10 @@
 #ifndef SSH_KNOWNHOSTS_H_
 #define SSH_KNOWNHOSTS_H_
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session);
 char *ssh_known_hosts_get_algorithms_names(ssh_session session);
 enum ssh_known_hosts_e
@@ -29,4 +33,8 @@ ssh_session_get_known_hosts_entry_file(ssh_session session,
                                        const char *filename,
                                        struct ssh_knownhosts_entry **pentry);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* SSH_KNOWNHOSTS_H_ */
diff --git a/libssh/include/libssh/legacy.h b/libssh/include/libssh/legacy.h
index c0b50e24..38bef4da 100644
--- a/libssh/include/libssh/legacy.h
+++ b/libssh/include/libssh/legacy.h
@@ -31,6 +31,10 @@
 typedef struct ssh_private_key_struct* ssh_private_key;
 typedef struct ssh_public_key_struct* ssh_public_key;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 LIBSSH_API int ssh_auth_list(ssh_session session);
 LIBSSH_API int ssh_userauth_offer_pubkey(ssh_session session, const char *username, int type, ssh_string publickey);
 LIBSSH_API int ssh_userauth_pubkey(ssh_session session, const char *username, ssh_string publickey, ssh_private_key privatekey);
@@ -117,4 +121,8 @@ SSH_DEPRECATED LIBSSH_API size_t string_len(ssh_string str);
 SSH_DEPRECATED LIBSSH_API ssh_string string_new(size_t size);
 SSH_DEPRECATED LIBSSH_API char *string_to_char(ssh_string str);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* LEGACY_H_ */
diff --git a/libssh/include/libssh/libcrypto.h b/libssh/include/libssh/libcrypto.h
index 16e5f98f..f9aea0d7 100644
--- a/libssh/include/libssh/libcrypto.h
+++ b/libssh/include/libssh/libcrypto.h
@@ -25,13 +25,14 @@
 
 #ifdef HAVE_LIBCRYPTO
 
-#include <openssl/dsa.h>
+#include "libssh/libssh.h"
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
 #include <openssl/md5.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
+#include <openssl/ec.h>
 
 typedef EVP_MD_CTX* SHACTX;
 typedef EVP_MD_CTX* SHA256CTX;
@@ -39,11 +40,6 @@ typedef EVP_MD_CTX* SHA384CTX;
 typedef EVP_MD_CTX* SHA512CTX;
 typedef EVP_MD_CTX* MD5CTX;
 typedef EVP_MD_CTX* HMACCTX;
-#ifdef HAVE_ECC
-typedef EVP_MD_CTX *EVPCTX;
-#else
-typedef void *EVPCTX;
-#endif
 
 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
 #define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
@@ -58,8 +54,15 @@ typedef void *EVPCTX;
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 #endif
 
+/* Use ssh_crypto_free() to release memory allocated by bignum_bn2dec(),
+   bignum_bn2hex() and other functions that use crypto-library functions that
+   are documented to allocate memory that needs to be de-allocate with
+   OPENSSL_free. */
+#define ssh_crypto_free(x) OPENSSL_free(x)
+
 #include <openssl/bn.h>
 #include <openssl/opensslv.h>
+
 typedef BIGNUM*  bignum;
 typedef const BIGNUM* const_bignum;
 typedef BN_CTX* bignum_CTX;
@@ -116,6 +119,17 @@ typedef BN_CTX* bignum_CTX;
 #define ssh_fips_mode() false
 #endif
 
+ssh_string pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p);
+int pki_key_ecgroup_name_to_nid(const char *group);
+
+#if defined(WITH_PKCS11_URI)
+#if defined(WITH_PKCS11_PROVIDER)
+int pki_load_pkcs11_provider(void);
+#else
+ENGINE *pki_get_engine(void);
+#endif
+#endif /* WITH_PKCS11_PROVIDER */
+
 #endif /* HAVE_LIBCRYPTO */
 
 #endif /* LIBCRYPTO_H_ */
diff --git a/libssh/include/libssh/libgcrypt.h b/libssh/include/libssh/libgcrypt.h
index 347d851b..a8044545 100644
--- a/libssh/include/libssh/libgcrypt.h
+++ b/libssh/include/libssh/libgcrypt.h
@@ -32,7 +32,6 @@ typedef gcry_md_hd_t SHA384CTX;
 typedef gcry_md_hd_t SHA512CTX;
 typedef gcry_md_hd_t MD5CTX;
 typedef gcry_md_hd_t HMACCTX;
-typedef gcry_md_hd_t EVPCTX;
 #define SHA_DIGEST_LENGTH 20
 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
 #define MD5_DIGEST_LEN 16
@@ -49,6 +48,8 @@ typedef gcry_md_hd_t EVPCTX;
 
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 
+#define ssh_crypto_free(x) gcry_free(x)
+
 typedef gcry_mpi_t bignum;
 typedef const struct gcry_mpi *const_bignum;
 typedef void* bignum_CTX;
@@ -104,6 +105,10 @@ int ssh_gcry_rand_range(bignum rnd, bignum max);
     } while(0)
 /* Helper functions for data conversions.  */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Extract an MPI from the given s-expression SEXP named NAME which is
    encoded using INFORMAT and store it in a newly allocated ssh_string
    encoded using OUTFORMAT.  */
@@ -114,6 +119,10 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp,
 
 #define ssh_fips_mode() false
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* HAVE_LIBGCRYPT */
 
 #endif /* LIBGCRYPT_H_ */
diff --git a/libssh/include/libssh/libmbedcrypto.h b/libssh/include/libssh/libmbedcrypto.h
index fe53019b..71ebcccd 100644
--- a/libssh/include/libssh/libmbedcrypto.h
+++ b/libssh/include/libssh/libmbedcrypto.h
@@ -34,6 +34,7 @@
 #include <mbedtls/cipher.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/ctr_drbg.h>
+#include <mbedtls/platform.h>
 
 typedef mbedtls_md_context_t *SHACTX;
 typedef mbedtls_md_context_t *SHA256CTX;
@@ -41,7 +42,6 @@ typedef mbedtls_md_context_t *SHA384CTX;
 typedef mbedtls_md_context_t *SHA512CTX;
 typedef mbedtls_md_context_t *MD5CTX;
 typedef mbedtls_md_context_t *HMACCTX;
-typedef mbedtls_md_context_t *EVPCTX;
 
 #define SHA_DIGEST_LENGTH 20
 #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
@@ -59,6 +59,8 @@ typedef mbedtls_md_context_t *EVPCTX;
 
 #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
 
+#define ssh_crypto_free(x) mbedtls_free(x)
+
 typedef mbedtls_mpi *bignum;
 typedef const mbedtls_mpi *const_bignum;
 typedef void* bignum_CTX;
@@ -73,9 +75,13 @@ struct mbedtls_ecdsa_sig {
     bignum s;
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 bignum ssh_mbedcry_bn_new(void);
 void ssh_mbedcry_bn_free(bignum num);
-unsigned char *ssh_mbedcry_bn2num(const_bignum num, int radix);
+char *ssh_mbedcry_bn2num(const_bignum num, int radix);
 int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom);
 int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
 int ssh_mbedcry_rand_range(bignum dest, bignum max);
@@ -101,7 +107,7 @@ int ssh_mbedcry_hex2bn(bignum *dest, char *data);
     } while(0)
 #define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
 #define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
-#define bignum_bn2hex(num, dest) (*dest)=ssh_mbedcry_bn2num(num, 16)
+#define bignum_bn2hex(num, dest) (*dest)=(unsigned char *)ssh_mbedcry_bn2num(num, 16)
 #define bignum_hex2bn(data, dest) ssh_mbedcry_hex2bn(dest, data)
 #define bignum_rand(rnd, bits) ssh_mbedcry_rand((rnd), (bits), 0, 1)
 #define bignum_rand_range(rnd, max) ssh_mbedcry_rand_range(rnd, max)
@@ -123,7 +129,7 @@ int ssh_mbedcry_hex2bn(bignum *dest, char *data);
         *(dest) = bignum_new(); \
     } \
     if (*(dest) != NULL) { \
-        mbedtls_mpi_copy(orig, *(dest)); \
+        mbedtls_mpi_copy(*(dest), orig); \
     } \
     } while(0)
 
@@ -136,5 +142,9 @@ ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const
 
 #define ssh_fips_mode() false
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* HAVE_LIBMBEDCRYPTO */
 #endif /* LIBMBEDCRYPTO_H_ */
diff --git a/libssh/include/libssh/libssh.h b/libssh/include/libssh/libssh.h
index 7857a77b..3bddb019 100644
--- a/libssh/include/libssh/libssh.h
+++ b/libssh/include/libssh/libssh.h
@@ -1,7 +1,7 @@
 /*
  * This file is part of the SSH Library
  *
- * Copyright (c) 2003-2022 by Aris Adamantiadis and the libssh team
+ * Copyright (c) 2003-2025 by Aris Adamantiadis and the libssh team
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -50,18 +50,13 @@
 #endif
 
 #include <stdarg.h>
+#include <stdint.h>
+#include <inttypes.h>
 
 #ifdef _MSC_VER
-  /* Visual Studio hasn't inttypes.h so it doesn't know uint32_t */
-  typedef int int32_t;
-  typedef unsigned int uint32_t;
-  typedef unsigned short uint16_t;
-  typedef unsigned char uint8_t;
-  typedef unsigned long long uint64_t;
   typedef int mode_t;
 #else /* _MSC_VER */
   #include <unistd.h>
-  #include <inttypes.h>
   #include <sys/types.h>
 #endif /* _MSC_VER */
 
@@ -82,7 +77,7 @@
 #define PRINTF_ATTRIBUTE(a,b)
 #endif /* __GNUC__ */
 
-#ifdef __GNUC__
+#if !defined(SSH_SUPPRESS_DEPRECATED) && defined(__GNUC__)
 #define SSH_DEPRECATED __attribute__ ((deprecated))
 #else
 #define SSH_DEPRECATED
@@ -196,7 +191,8 @@ enum ssh_global_requests_e {
 	SSH_GLOBAL_REQUEST_UNKNOWN=0,
 	SSH_GLOBAL_REQUEST_TCPIP_FORWARD,
 	SSH_GLOBAL_REQUEST_CANCEL_TCPIP_FORWARD,
-	SSH_GLOBAL_REQUEST_KEEPALIVE
+	SSH_GLOBAL_REQUEST_KEEPALIVE,
+	SSH_GLOBAL_REQUEST_NO_MORE_SESSIONS
 };
 
 enum ssh_publickey_state_e {
@@ -277,12 +273,12 @@ enum ssh_error_types_e {
 /* some types for keys */
 enum ssh_keytypes_e{
   SSH_KEYTYPE_UNKNOWN=0,
-  SSH_KEYTYPE_DSS=1,
+  SSH_KEYTYPE_DSS=1, /* deprecated */
   SSH_KEYTYPE_RSA,
   SSH_KEYTYPE_RSA1,
   SSH_KEYTYPE_ECDSA, /* deprecated */
   SSH_KEYTYPE_ED25519,
-  SSH_KEYTYPE_DSS_CERT01,
+  SSH_KEYTYPE_DSS_CERT01, /* deprecated */
   SSH_KEYTYPE_RSA_CERT01,
   SSH_KEYTYPE_ECDSA_P256,
   SSH_KEYTYPE_ECDSA_P384,
@@ -299,7 +295,8 @@ enum ssh_keytypes_e{
 
 enum ssh_keycmp_e {
   SSH_KEY_CMP_PUBLIC = 0,
-  SSH_KEY_CMP_PRIVATE
+  SSH_KEY_CMP_PRIVATE = 1,
+  SSH_KEY_CMP_CERTIFICATE = 2,
 };
 
 #define SSH_ADDRSTRLEN 46
@@ -328,16 +325,16 @@ enum {
 	/** No logging at all
 	 */
 	SSH_LOG_NOLOG=0,
-	/** Only warnings
+	/** Only unrecoverable errors
 	 */
 	SSH_LOG_WARNING,
-	/** High level protocol information
+	/** Information for the users
 	 */
 	SSH_LOG_PROTOCOL,
-	/** Lower level protocol infomations, packet level
+	/** Debug information, to see what is going on
 	 */
 	SSH_LOG_PACKET,
-	/** Every function path
+	/** Trace information and recoverable error messages
 	 */
 	SSH_LOG_FUNCTIONS
 };
@@ -353,61 +350,75 @@ enum {
 
 /** No logging at all */
 #define SSH_LOG_NONE 0
-/** Show only warnings */
+/** Show only fatal warnings */
 #define SSH_LOG_WARN 1
 /** Get some information what's going on */
 #define SSH_LOG_INFO 2
-/** Get detailed debuging information **/
+/** Get detailed debugging information **/
 #define SSH_LOG_DEBUG 3
 /** Get trace output, packet information, ... */
 #define SSH_LOG_TRACE 4
 
 /** @} */
 
+enum ssh_control_master_options_e {
+  SSH_CONTROL_MASTER_NO,
+  SSH_CONTROL_MASTER_AUTO,
+  SSH_CONTROL_MASTER_YES,
+  SSH_CONTROL_MASTER_ASK,
+  SSH_CONTROL_MASTER_AUTOASK
+};
+
 enum ssh_options_e {
-  SSH_OPTIONS_HOST,
-  SSH_OPTIONS_PORT,
-  SSH_OPTIONS_PORT_STR,
-  SSH_OPTIONS_FD,
-  SSH_OPTIONS_USER,
-  SSH_OPTIONS_SSH_DIR,
-  SSH_OPTIONS_IDENTITY,
-  SSH_OPTIONS_ADD_IDENTITY,
-  SSH_OPTIONS_KNOWNHOSTS,
-  SSH_OPTIONS_TIMEOUT,
-  SSH_OPTIONS_TIMEOUT_USEC,
-  SSH_OPTIONS_SSH1,
-  SSH_OPTIONS_SSH2,
-  SSH_OPTIONS_LOG_VERBOSITY,
-  SSH_OPTIONS_LOG_VERBOSITY_STR,
-  SSH_OPTIONS_CIPHERS_C_S,
-  SSH_OPTIONS_CIPHERS_S_C,
-  SSH_OPTIONS_COMPRESSION_C_S,
-  SSH_OPTIONS_COMPRESSION_S_C,
-  SSH_OPTIONS_PROXYCOMMAND,
-  SSH_OPTIONS_BINDADDR,
-  SSH_OPTIONS_STRICTHOSTKEYCHECK,
-  SSH_OPTIONS_COMPRESSION,
-  SSH_OPTIONS_COMPRESSION_LEVEL,
-  SSH_OPTIONS_KEY_EXCHANGE,
-  SSH_OPTIONS_HOSTKEYS,
-  SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
-  SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY,
-  SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
-  SSH_OPTIONS_HMAC_C_S,
-  SSH_OPTIONS_HMAC_S_C,
-  SSH_OPTIONS_PASSWORD_AUTH,
-  SSH_OPTIONS_PUBKEY_AUTH,
-  SSH_OPTIONS_KBDINT_AUTH,
-  SSH_OPTIONS_GSSAPI_AUTH,
-  SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
-  SSH_OPTIONS_NODELAY,
-  SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
-  SSH_OPTIONS_PROCESS_CONFIG,
-  SSH_OPTIONS_REKEY_DATA,
-  SSH_OPTIONS_REKEY_TIME,
-  SSH_OPTIONS_RSA_MIN_SIZE,
-  SSH_OPTIONS_IDENTITY_AGENT,
+    SSH_OPTIONS_HOST,
+    SSH_OPTIONS_PORT,
+    SSH_OPTIONS_PORT_STR,
+    SSH_OPTIONS_FD,
+    SSH_OPTIONS_USER,
+    SSH_OPTIONS_SSH_DIR,
+    SSH_OPTIONS_IDENTITY,
+    SSH_OPTIONS_ADD_IDENTITY,
+    SSH_OPTIONS_KNOWNHOSTS,
+    SSH_OPTIONS_TIMEOUT,
+    SSH_OPTIONS_TIMEOUT_USEC,
+    SSH_OPTIONS_SSH1,
+    SSH_OPTIONS_SSH2,
+    SSH_OPTIONS_LOG_VERBOSITY,
+    SSH_OPTIONS_LOG_VERBOSITY_STR,
+    SSH_OPTIONS_CIPHERS_C_S,
+    SSH_OPTIONS_CIPHERS_S_C,
+    SSH_OPTIONS_COMPRESSION_C_S,
+    SSH_OPTIONS_COMPRESSION_S_C,
+    SSH_OPTIONS_PROXYCOMMAND,
+    SSH_OPTIONS_BINDADDR,
+    SSH_OPTIONS_STRICTHOSTKEYCHECK,
+    SSH_OPTIONS_COMPRESSION,
+    SSH_OPTIONS_COMPRESSION_LEVEL,
+    SSH_OPTIONS_KEY_EXCHANGE,
+    SSH_OPTIONS_HOSTKEYS,
+    SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
+    SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY,
+    SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
+    SSH_OPTIONS_HMAC_C_S,
+    SSH_OPTIONS_HMAC_S_C,
+    SSH_OPTIONS_PASSWORD_AUTH,
+    SSH_OPTIONS_PUBKEY_AUTH,
+    SSH_OPTIONS_KBDINT_AUTH,
+    SSH_OPTIONS_GSSAPI_AUTH,
+    SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
+    SSH_OPTIONS_NODELAY,
+    SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+    SSH_OPTIONS_PROCESS_CONFIG,
+    SSH_OPTIONS_REKEY_DATA,
+    SSH_OPTIONS_REKEY_TIME,
+    SSH_OPTIONS_RSA_MIN_SIZE,
+    SSH_OPTIONS_IDENTITY_AGENT,
+    SSH_OPTIONS_IDENTITIES_ONLY,
+    SSH_OPTIONS_CONTROL_MASTER,
+    SSH_OPTIONS_CONTROL_PATH,
+    SSH_OPTIONS_CERTIFICATE,
+    SSH_OPTIONS_PROXYJUMP,
+    SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND,
 };
 
 enum {
@@ -445,8 +456,19 @@ LIBSSH_API int ssh_blocking_flush(ssh_session session, int timeout);
 LIBSSH_API ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms);
 LIBSSH_API int ssh_channel_change_pty_size(ssh_channel channel,int cols,int rows);
 LIBSSH_API int ssh_channel_close(ssh_channel channel);
+#define SSH_CHANNEL_FREE(x)      \
+    do {                         \
+        if ((x) != NULL) {       \
+            ssh_channel_free(x); \
+            (x) = NULL;          \
+        }                        \
+    } while (0)
 LIBSSH_API void ssh_channel_free(ssh_channel channel);
-LIBSSH_API int ssh_channel_get_exit_status(ssh_channel channel);
+LIBSSH_API int ssh_channel_get_exit_state(ssh_channel channel,
+                                          uint32_t *pexit_code,
+                                          char **pexit_signal,
+                                          int *pcore_dumped);
+SSH_DEPRECATED LIBSSH_API int ssh_channel_get_exit_status(ssh_channel channel);
 LIBSSH_API ssh_session ssh_channel_get_session(ssh_channel channel);
 LIBSSH_API int ssh_channel_is_closed(ssh_channel channel);
 LIBSSH_API int ssh_channel_is_eof(ssh_channel channel);
@@ -470,6 +492,8 @@ LIBSSH_API int ssh_channel_request_exec(ssh_channel channel, const char *cmd);
 LIBSSH_API int ssh_channel_request_pty(ssh_channel channel);
 LIBSSH_API int ssh_channel_request_pty_size(ssh_channel channel, const char *term,
     int cols, int rows);
+LIBSSH_API int ssh_channel_request_pty_size_modes(ssh_channel channel, const char *term,
+    int cols, int rows, const unsigned char* modes, size_t modes_len);
 LIBSSH_API int ssh_channel_request_shell(ssh_channel channel);
 LIBSSH_API int ssh_channel_request_send_signal(ssh_channel channel, const char *signum);
 LIBSSH_API int ssh_channel_request_send_break(ssh_channel channel, uint32_t length);
@@ -533,6 +557,7 @@ LIBSSH_API socket_t ssh_get_fd(ssh_session session);
 LIBSSH_API char *ssh_get_hexa(const unsigned char *what, size_t len);
 LIBSSH_API char *ssh_get_issue_banner(ssh_session session);
 LIBSSH_API int ssh_get_openssh_version(ssh_session session);
+LIBSSH_API int ssh_request_no_more_sessions(ssh_session session);
 
 LIBSSH_API int ssh_get_server_publickey(ssh_session session, ssh_key *key);
 
@@ -676,6 +701,12 @@ typedef int (*ssh_auth_callback) (const char *prompt, char *buf, size_t len,
 
 /** @} */
 
+enum ssh_file_format_e {
+    SSH_FILE_FORMAT_DEFAULT = 0,
+    SSH_FILE_FORMAT_OPENSSH,
+    SSH_FILE_FORMAT_PEM,
+};
+
 LIBSSH_API ssh_key ssh_key_new(void);
 #define SSH_KEY_FREE(x) \
     do { if ((x) != NULL) { ssh_key_free(x); x = NULL; } } while(0)
@@ -702,6 +733,13 @@ LIBSSH_API int ssh_pki_export_privkey_base64(const ssh_key privkey,
                                              ssh_auth_callback auth_fn,
                                              void *auth_data,
                                              char **b64_key);
+LIBSSH_API int
+ssh_pki_export_privkey_base64_format(const ssh_key privkey,
+                                     const char *passphrase,
+                                     ssh_auth_callback auth_fn,
+                                     void *auth_data,
+                                     char **b64_key,
+                                     enum ssh_file_format_e format);
 LIBSSH_API int ssh_pki_import_privkey_file(const char *filename,
                                            const char *passphrase,
                                            ssh_auth_callback auth_fn,
@@ -712,6 +750,13 @@ LIBSSH_API int ssh_pki_export_privkey_file(const ssh_key privkey,
                                            ssh_auth_callback auth_fn,
                                            void *auth_data,
                                            const char *filename);
+LIBSSH_API int
+ssh_pki_export_privkey_file_format(const ssh_key privkey,
+                                   const char *passphrase,
+                                   ssh_auth_callback auth_fn,
+                                   void *auth_data,
+                                   const char *filename,
+                                   enum ssh_file_format_e format);
 
 LIBSSH_API int ssh_pki_copy_cert_to_privkey(const ssh_key cert_key,
                                             ssh_key privkey);
@@ -767,10 +812,8 @@ LIBSSH_API int ssh_userauth_try_publickey(ssh_session session,
 LIBSSH_API int ssh_userauth_publickey(ssh_session session,
                                       const char *username,
                                       const ssh_key privkey);
-#ifndef _WIN32
 LIBSSH_API int ssh_userauth_agent(ssh_session session,
                                   const char *username);
-#endif
 LIBSSH_API int ssh_userauth_publickey_auto_get_current_identity(ssh_session session,
                                                                 char** value);
 LIBSSH_API int ssh_userauth_publickey_auto(ssh_session session,
diff --git a/libssh/include/libssh/libsshpp.hpp b/libssh/include/libssh/libsshpp.hpp
index 602c7aec..553a7777 100644
--- a/libssh/include/libssh/libsshpp.hpp
+++ b/libssh/include/libssh/libsshpp.hpp
@@ -498,8 +498,22 @@ class Channel {
     return_throwable;
   }
 
-  int getExitStatus(){
-    return ssh_channel_get_exit_status(channel);
+  /*
+   * @deprecated Please use getExitState()
+   */
+  int getExitStatus() {
+        uint32_t exit_status = (uint32_t)-1;
+        ssh_channel_get_exit_state(channel, &exit_status, NULL, NULL);
+        return exit_status;
+  }
+  void_throwable getExitState(uint32_t & pexit_code,
+                              char **pexit_signal,
+                              int & pcore_dumped) {
+      ssh_throw(ssh_channel_get_exit_state(channel,
+                                           &pexit_code,
+                                           pexit_signal,
+                                           &pcore_dumped));
+      return_throwable;
   }
   Session &getSession(){
     return *session;
@@ -587,9 +601,12 @@ class Channel {
     ssh_throw(err);
     return_throwable;
   }
-  void_throwable requestPty(const char *term=NULL, int cols=0, int rows=0){
+  void_throwable requestPty(const char *term=NULL, int cols=0, int rows=0,
+      const unsigned char* modes=NULL, size_t modes_len=0){
     int err;
-    if(term != NULL && cols != 0 && rows != 0)
+    if(term != NULL && cols != 0 && rows != 0 && modes != NULL)
+      err=ssh_channel_request_pty_size_modes(channel,term,cols,rows,modes,modes_len);
+    else if(term != NULL && cols != 0 && rows != 0)
       err=ssh_channel_request_pty_size(channel,term,cols,rows);
     else
       err=ssh_channel_request_pty(channel);
diff --git a/libssh/include/libssh/messages.h b/libssh/include/libssh/messages.h
index 1341d708..160306cc 100644
--- a/libssh/include/libssh/messages.h
+++ b/libssh/include/libssh/messages.h
@@ -92,6 +92,10 @@ struct ssh_message_struct {
     struct ssh_global_request global_request;
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_channel_open);
 SSH_PACKET_CALLBACK(ssh_packet_global_request);
 
@@ -104,4 +108,8 @@ int ssh_message_handle_channel_request(ssh_session session, ssh_channel channel,
     const char *request, uint8_t want_reply);
 ssh_message ssh_message_pop_head(ssh_session session);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MESSAGES_H_ */
diff --git a/libssh/include/libssh/misc.h b/libssh/include/libssh/misc.h
index 569e2b7d..ab726a0e 100644
--- a/libssh/include/libssh/misc.h
+++ b/libssh/include/libssh/misc.h
@@ -21,6 +21,26 @@
 #ifndef MISC_H_
 #define MISC_H_
 
+#ifdef _WIN32
+
+# ifdef _MSC_VER
+#  ifndef _SSIZE_T_DEFINED
+#   undef ssize_t
+#   include <BaseTsd.h>
+    typedef _W64 SSIZE_T ssize_t;
+#   define _SSIZE_T_DEFINED
+#  endif /* _SSIZE_T_DEFINED */
+# endif /* _MSC_VER */
+
+#else
+#include <sys/types.h>
+#include <stdbool.h>
+#endif /* _WIN32 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* in misc.c */
 /* gets the user home dir. */
 char *ssh_get_user_home_dir(void);
@@ -46,6 +66,12 @@ struct ssh_iterator {
   const void *data;
 };
 
+struct ssh_jump_info_struct {
+    char *hostname;
+    char *username;
+    int port;
+};
+
 struct ssh_timestamp {
   long seconds;
   long useconds;
@@ -75,19 +101,20 @@ const void *_ssh_list_pop_head(struct ssh_list *list);
 
 /** @brief fetch the head element of a list and remove it from list
  * @param type type of the element to return
- * @param list the ssh_list to use
+ * @param ssh_list the ssh_list to use
  * @return the first element of the list, or NULL if the list is empty
  */
 #define ssh_list_pop_head(type, ssh_list)\
   ((type)_ssh_list_pop_head(ssh_list))
 
+#define SSH_LIST_FREE(x) \
+    do { if ((x) != NULL) { ssh_list_free(x); (x) = NULL; } } while(0)
+
 int ssh_make_milliseconds(unsigned long sec, unsigned long usec);
 void ssh_timestamp_init(struct ssh_timestamp *ts);
 int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout);
 int ssh_timeout_update(struct ssh_timestamp *ts, int timeout);
 
-int ssh_match_group(const char *group, const char *object);
-
 void uint64_inc(unsigned char *counter);
 
 void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len);
@@ -96,7 +123,21 @@ int ssh_mkdirs(const char *pathname, mode_t mode);
 
 int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len);
 int ssh_newline_vis(const char *string, char *buf, size_t buf_len);
-int ssh_tmpname(char *template);
+int ssh_tmpname(char *name);
 
 char *ssh_strreplace(const char *src, const char *pattern, const char *repl);
+
+ssize_t ssh_readn(int fd, void *buf, size_t nbytes);
+ssize_t ssh_writen(int fd, const void *buf, size_t nbytes);
+
+int ssh_check_hostname_syntax(const char *hostname);
+int ssh_check_username_syntax(const char *username);
+
+void ssh_proxyjumps_free(struct ssh_list *proxy_jump_list);
+bool ssh_libssh_proxy_jumps(void);
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MISC_H_ */
diff --git a/libssh/include/libssh/options.h b/libssh/include/libssh/options.h
index e8dc6c69..d32e1589 100644
--- a/libssh/include/libssh/options.h
+++ b/libssh/include/libssh/options.h
@@ -21,11 +21,22 @@
 #ifndef _OPTIONS_H
 #define _OPTIONS_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_config_parse_file(ssh_session session, const char *filename);
 int ssh_config_parse_string(ssh_session session, const char *input);
 int ssh_options_set_algo(ssh_session session,
                          enum ssh_kex_types_e algo,
-                         const char *list);
+                         const char *list,
+                         char **place);
 int ssh_options_apply(ssh_session session);
 
+char *ssh_options_get_algo(ssh_session session, enum ssh_kex_types_e algo);
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _OPTIONS_H */
diff --git a/libssh/include/libssh/packet.h b/libssh/include/libssh/packet.h
index dec3a439..531d7e4b 100644
--- a/libssh/include/libssh/packet.h
+++ b/libssh/include/libssh/packet.h
@@ -51,9 +51,14 @@ enum ssh_packet_filter_result_e {
 
 int ssh_packet_send(ssh_session session);
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 SSH_PACKET_CALLBACK(ssh_packet_unimplemented);
 SSH_PACKET_CALLBACK(ssh_packet_disconnect_callback);
 SSH_PACKET_CALLBACK(ssh_packet_ignore_callback);
+SSH_PACKET_CALLBACK(ssh_packet_debug_callback);
 SSH_PACKET_CALLBACK(ssh_packet_dh_reply);
 SSH_PACKET_CALLBACK(ssh_packet_newkeys);
 SSH_PACKET_CALLBACK(ssh_packet_service_accept);
@@ -63,6 +68,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
 SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
 #endif
 
+int ssh_packet_send_newkeys(ssh_session session);
 int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum);
 int ssh_packet_parse_type(ssh_session session);
 //int packet_flush(ssh_session session, int enforce_blocking);
@@ -88,4 +94,8 @@ int ssh_packet_set_newkeys(ssh_session session,
 struct ssh_crypto_struct *ssh_packet_get_current_crypto(ssh_session session,
         enum ssh_crypto_direction_e direction);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PACKET_H_ */
diff --git a/libssh/include/libssh/pcap.h b/libssh/include/libssh/pcap.h
index 2e43ae87..2a6c3c27 100644
--- a/libssh/include/libssh/pcap.h
+++ b/libssh/include/libssh/pcap.h
@@ -27,6 +27,10 @@
 #ifdef WITH_PCAP
 typedef struct ssh_pcap_context_struct* ssh_pcap_context;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_pcap_file_write_packet(ssh_pcap_file pcap, ssh_buffer packet, uint32_t original_len);
 
 ssh_pcap_context ssh_pcap_context_new(ssh_session session);
@@ -41,5 +45,9 @@ int ssh_pcap_context_write(ssh_pcap_context,enum ssh_pcap_direction direction, v
 		uint32_t len, uint32_t origlen);
 
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* WITH_PCAP */
 #endif /* PCAP_H_ */
diff --git a/libssh/include/libssh/pki.h b/libssh/include/libssh/pki.h
index 1d5250ff..11e48503 100644
--- a/libssh/include/libssh/pki.h
+++ b/libssh/include/libssh/pki.h
@@ -33,8 +33,8 @@
 #include <openssl/evp.h>
 #endif
 #include "libssh/crypto.h"
-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
-/* If using OpenSSL implementation, define the signature lenght which would be
+#ifdef HAVE_LIBCRYPTO
+/* If using OpenSSL implementation, define the signature length which would be
  * defined in libssh/ed25519.h otherwise */
 #define ED25519_SIG_LEN 64
 #else
@@ -57,40 +57,24 @@ struct ssh_key_struct {
     const char *type_c; /* Don't free it ! it is static */
     int ecdsa_nid;
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa;
     gcry_sexp_t rsa;
     gcry_sexp_t ecdsa;
 #elif defined(HAVE_LIBMBEDCRYPTO)
-    mbedtls_pk_context *rsa;
+    mbedtls_pk_context *pk;
     mbedtls_ecdsa_context *ecdsa;
-    void *dsa;
 #elif defined(HAVE_LIBCRYPTO)
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    DSA *dsa;
-    RSA *rsa;
-#endif /* OPENSSL_VERSION_NUMBER */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move into the #if above
- */
-# if defined(HAVE_OPENSSL_ECC)
-    EC_KEY *ecdsa;
-# else
-    void *ecdsa;
-# endif /* HAVE_OPENSSL_EC_H */
     /* This holds either ENGINE key for PKCS#11 support or just key in
-     * high-level format required by OpenSSL 3.0 */
+     * high-level format */
     EVP_PKEY *key;
-#endif /* HAVE_LIBGCRYPT */
-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
     uint8_t *ed25519_pubkey;
     uint8_t *ed25519_privkey;
-#else
+#endif /* HAVE_LIBGCRYPT */
+#ifndef HAVE_LIBCRYPTO
     ed25519_pubkey *ed25519_pubkey;
     ed25519_privkey *ed25519_privkey;
-#endif
+#endif /* HAVE_LIBCRYPTO */
     ssh_string sk_application;
-    void *cert;
+    ssh_buffer cert;
     enum ssh_keytypes_e cert_type;
 };
 
@@ -99,16 +83,15 @@ struct ssh_signature_struct {
     enum ssh_digest_e hash_type;
     const char *type_c;
 #if defined(HAVE_LIBGCRYPT)
-    gcry_sexp_t dsa_sig;
     gcry_sexp_t rsa_sig;
     gcry_sexp_t ecdsa_sig;
 #elif defined(HAVE_LIBMBEDCRYPTO)
     ssh_string rsa_sig;
     struct mbedtls_ecdsa_sig ecdsa_sig;
 #endif /* HAVE_LIBGCRYPT */
-#if !defined(HAVE_LIBCRYPTO) || !defined(HAVE_OPENSSL_ED25519)
+#ifndef HAVE_LIBCRYPTO
     ed25519_signature *ed25519_sig;
-#endif
+#endif /* HAVE_LIBGCRYPT */
     ssh_string raw_sig;
 
     /* Security Key specific additions */
@@ -118,6 +101,10 @@ struct ssh_signature_struct {
 
 typedef struct ssh_signature_struct *ssh_signature;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* SSH Key Functions */
 void ssh_key_clean (ssh_key key);
 
@@ -134,12 +121,11 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name);
     ((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
 
 #define is_cert_type(kt)\
-      ((kt) == SSH_KEYTYPE_DSS_CERT01 ||\
-       (kt) == SSH_KEYTYPE_RSA_CERT01 ||\
-       (kt) == SSH_KEYTYPE_SK_ECDSA_CERT01 ||\
-       (kt) == SSH_KEYTYPE_SK_ED25519_CERT01 ||\
-      ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
-       (kt) <= SSH_KEYTYPE_ED25519_CERT01))
+    ((kt) == SSH_KEYTYPE_RSA_CERT01 ||\
+     (kt) == SSH_KEYTYPE_SK_ECDSA_CERT01 ||\
+     (kt) == SSH_KEYTYPE_SK_ED25519_CERT01 ||\
+    ((kt) >= SSH_KEYTYPE_ECDSA_P256_CERT01 &&\
+     (kt) <= SSH_KEYTYPE_ED25519_CERT01))
 
 /* SSH Signature Functions */
 ssh_signature ssh_signature_new(void);
@@ -167,6 +153,10 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
 int ssh_pki_import_cert_blob(const ssh_string cert_blob,
                              ssh_key *pkey);
 
+/* SSH Private Key Functions */
+int ssh_pki_export_privkey_blob(const ssh_key key,
+                                ssh_string *pblob);
+
 
 /* SSH Signing Functions */
 ssh_string ssh_pki_do_sign(ssh_session session, ssh_buffer sigbuf,
@@ -189,7 +179,13 @@ bool ssh_key_size_allowed(ssh_session session, ssh_key key);
 int ssh_key_size(ssh_key key);
 
 /* PKCS11 URI function to check if filename is a path or a PKCS11 URI */
+#ifdef WITH_PKCS11_URI
 bool ssh_pki_is_uri(const char *filename);
 char *ssh_pki_export_pub_uri_from_priv_uri(const char *priv_uri);
+#endif /* WITH_PKCS11_URI */
+
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* PKI_H_ */
diff --git a/libssh/include/libssh/pki_priv.h b/libssh/include/libssh/pki_priv.h
index c0edb851..2061ebd7 100644
--- a/libssh/include/libssh/pki_priv.h
+++ b/libssh/include/libssh/pki_priv.h
@@ -23,6 +23,10 @@
 
 #include "libssh/pki.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* defined in bcrypt_pbkdf.c */
 int bcrypt_pbkdf(const char *pass,
                  size_t passlen,
@@ -34,8 +38,6 @@ int bcrypt_pbkdf(const char *pass,
 
 #define RSA_HEADER_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
 #define RSA_HEADER_END "-----END RSA PRIVATE KEY-----"
-#define DSA_HEADER_BEGIN "-----BEGIN DSA PRIVATE KEY-----"
-#define DSA_HEADER_END "-----END DSA PRIVATE KEY-----"
 #define ECDSA_HEADER_BEGIN "-----BEGIN EC PRIVATE KEY-----"
 #define ECDSA_HEADER_END "-----END EC PRIVATE KEY-----"
 #define OPENSSH_HEADER_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----"
@@ -61,7 +63,6 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
 /* SSH Key Functions */
 ssh_key pki_key_dup(const ssh_key key, int demote);
 int pki_key_generate_rsa(ssh_key key, int parameter);
-int pki_key_generate_dss(ssh_key key, int parameter);
 int pki_key_generate_ecdsa(ssh_key key, int parameter);
 int pki_key_generate_ed25519(ssh_key key);
 
@@ -87,24 +88,13 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                               ssh_key *pkey);
 
 /* SSH Public Key Functions */
-int pki_pubkey_build_dss(ssh_key key,
-                         ssh_string p,
-                         ssh_string q,
-                         ssh_string g,
-                         ssh_string pubkey);
 int pki_pubkey_build_rsa(ssh_key key,
                          ssh_string e,
                          ssh_string n);
 int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e);
-ssh_string pki_publickey_to_blob(const ssh_key key);
+ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type);
 
 /* SSH Private Key Functions */
-int pki_privkey_build_dss(ssh_key key,
-                          ssh_string p,
-                          ssh_string q,
-                          ssh_string g,
-                          ssh_string pubkey,
-                          ssh_string privkey);
 int pki_privkey_build_rsa(ssh_key key,
                           ssh_string n,
                           ssh_string e,
@@ -116,7 +106,6 @@ int pki_privkey_build_ecdsa(ssh_key key,
                             int nid,
                             ssh_string e,
                             ssh_string exp);
-ssh_string pki_publickey_to_blob(const ssh_key key);
 
 /* SSH Signature Functions */
 ssh_signature pki_sign_data(const ssh_key privkey,
@@ -142,15 +131,18 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
                                const unsigned char *hash,
                                size_t hlen,
                                enum ssh_digest_e hash_type);
+#ifndef HAVE_LIBCRYPTO
 int pki_ed25519_sign(const ssh_key privkey, ssh_signature sig,
         const unsigned char *hash, size_t hlen);
 int pki_ed25519_verify(const ssh_key pubkey, ssh_signature sig,
         const unsigned char *hash, size_t hlen);
+#endif /* HAVE_LIBCRYPTO */
 int pki_ed25519_key_cmp(const ssh_key k1,
                 const ssh_key k2,
                 enum ssh_keycmp_e what);
-int pki_ed25519_key_dup(ssh_key new, const ssh_key key);
+int pki_ed25519_key_dup(ssh_key new_key, const ssh_key key);
 int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key);
+int pki_ed25519_private_key_to_blob(ssh_buffer buffer, const ssh_key privkey);
 ssh_string pki_ed25519_signature_to_blob(ssh_signature sig);
 int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob);
 int pki_privkey_build_ed25519(ssh_key key,
@@ -164,8 +156,14 @@ ssh_key ssh_pki_openssh_privkey_import(const char *text_key,
 ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
         const char *passphrase, ssh_auth_callback auth_fn, void *auth_data);
 
+#ifdef WITH_PKCS11_URI
 /* URI Function */
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type);
+#endif /* WITH_PKCS11_URI */
 
 bool ssh_key_size_allowed_rsa(int min_size, ssh_key key);
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* PKI_PRIV_H_ */
diff --git a/libssh/include/libssh/poll.h b/libssh/include/libssh/poll.h
index 3aa9a49b..478764b6 100644
--- a/libssh/include/libssh/poll.h
+++ b/libssh/include/libssh/poll.h
@@ -114,6 +114,10 @@ typedef unsigned long int nfds_t;
 #endif /* WIN32 */
 #endif /* HAVE_POLL */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void ssh_poll_init(void);
 void ssh_poll_cleanup(void);
 int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout);
@@ -153,9 +157,14 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx);
 int ssh_poll_ctx_add(ssh_poll_ctx ctx, ssh_poll_handle p);
 int ssh_poll_ctx_add_socket (ssh_poll_ctx ctx, struct ssh_socket_struct *s);
 void ssh_poll_ctx_remove(ssh_poll_ctx ctx, ssh_poll_handle p);
+bool ssh_poll_is_locked(ssh_poll_handle p);
 int ssh_poll_ctx_dopoll(ssh_poll_ctx ctx, int timeout);
 ssh_poll_ctx ssh_poll_get_default_ctx(ssh_session session);
 int ssh_event_add_poll(ssh_event event, ssh_poll_handle p);
 void ssh_event_remove_poll(ssh_event event, ssh_poll_handle p);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* POLL_H_ */
diff --git a/libssh/include/libssh/poly1305.h b/libssh/include/libssh/poly1305.h
index 513f1b99..a22fea87 100644
--- a/libssh/include/libssh/poly1305.h
+++ b/libssh/include/libssh/poly1305.h
@@ -7,6 +7,10 @@
 #define POLY1305_H
 #include "libssh/chacha20-poly1305-common.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void poly1305_auth(uint8_t out[POLY1305_TAGLEN], const uint8_t *m, size_t inlen,
     const uint8_t key[POLY1305_KEYLEN])
 #ifdef HAVE_GCC_BOUNDED_ATTRIBUTE
@@ -16,4 +20,8 @@ void poly1305_auth(uint8_t out[POLY1305_TAGLEN], const uint8_t *m, size_t inlen,
 #endif
     ;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif	/* POLY1305_H */
diff --git a/libssh/include/libssh/priv.h b/libssh/include/libssh/priv.h
index bab761b0..35fd8506 100644
--- a/libssh/include/libssh/priv.h
+++ b/libssh/include/libssh/priv.h
@@ -47,6 +47,14 @@
 # endif
 #endif /* !defined(HAVE_STRTOULL) */
 
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if !defined(HAVE_STRNDUP)
 char *strndup(const char *s, size_t n);
 #endif /* ! HAVE_STRNDUP */
@@ -158,6 +166,20 @@ int ssh_gettimeofday(struct timeval *__p, void *__t);
 
 #define _XCLOSESOCKET closesocket
 
+# ifdef HAVE_IO_H
+#  include <io.h>
+#  undef open
+#  define open _open
+#  undef close
+#  define close _close
+#  undef read
+#  define read _read
+#  undef write
+#  define write _write
+#  undef unlink
+#  define unlink _unlink
+# endif /* HAVE_IO_H */
+
 #else /* _WIN32 */
 
 #include <unistd.h>
@@ -252,6 +274,10 @@ void ssh_log_common(struct ssh_common_struct *common,
                     const char *function,
                     const char *format, ...) PRINTF_ATTRIBUTE(4, 5);
 
+void _ssh_remove_legacy_log_cb(void);
+
+/* log.c */
+void _ssh_reset_log_cb(void);
 
 /* ERROR HANDLING */
 
@@ -286,6 +312,7 @@ int ssh_auth_reply_success(ssh_session session, int partial);
 /* client.c */
 
 int ssh_send_banner(ssh_session session, int is_server);
+void ssh_session_socket_close(ssh_session session);
 
 /* connect.c */
 socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
@@ -303,6 +330,12 @@ int decompress_buffer(ssh_session session,ssh_buffer buf, size_t maxlen);
 int match_pattern_list(const char *string, const char *pattern,
     size_t len, int dolower);
 int match_hostname(const char *host, const char *pattern, unsigned int len);
+#ifndef _WIN32
+int match_cidr_address_list(const char *address,
+                            const char *addrlist,
+                            int sa_family);
+#endif
+int match_group(const char *group, const char *object);
 
 /* connector.c */
 int ssh_connector_set_event(ssh_connector connector, ssh_event event);
@@ -351,6 +384,7 @@ void explicit_bzero(void *s, size_t n);
  */
 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
 
+#ifndef __VA_NARG__
 /**
  * Get the argument count of variadic arguments
  */
@@ -382,6 +416,7 @@ void explicit_bzero(void *s, size_t n);
         29, 28, 27, 26, 25, 24, 23, 22, 21, 20, \
         19, 18, 17, 16, 15, 14, 13, 12, 11, 10, \
          9,  8,  7,  6,  5,  4,  3,  2,  1,  0
+#endif
 
 #define CLOSE_SOCKET(s) do { if ((s) != SSH_INVALID_SOCKET) { _XCLOSESOCKET(s); (s) = SSH_INVALID_SOCKET;} } while(0)
 
@@ -434,4 +469,12 @@ bool is_ssh_initialized(void);
 #define SSH_ERRNO_MSG_MAX   1024
 char *ssh_strerror(int err_num, char *buf, size_t buflen);
 
+/** 55 defined options (5 bytes each) + terminator */
+#define SSH_TTY_MODES_MAX_BUFSIZE   (55 * 5 + 1)
+int encode_current_tty_opts(unsigned char *buf, size_t buflen);
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _LIBSSH_PRIV_H */
diff --git a/libssh/include/libssh/sc25519.h b/libssh/include/libssh/sc25519.h
index 5a2c1b85..43b09a05 100644
--- a/libssh/include/libssh/sc25519.h
+++ b/libssh/include/libssh/sc25519.h
@@ -35,6 +35,10 @@ typedef struct {
   uint32_t v[16];
 } shortsc25519;
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
 
 void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
@@ -71,4 +75,8 @@ void sc25519_window5(signed char r[51], const sc25519 *s);
 
 void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif
diff --git a/libssh/include/libssh/scp.h b/libssh/include/libssh/scp.h
index d356d89b..089fcfc9 100644
--- a/libssh/include/libssh/scp.h
+++ b/libssh/include/libssh/scp.h
@@ -47,9 +47,17 @@ struct ssh_scp_struct {
   int request_mode;
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_scp_read_string(ssh_scp scp, char *buffer, size_t len);
 int ssh_scp_integer_mode(const char *mode);
 char *ssh_scp_string_mode(int mode);
 int ssh_scp_response(ssh_scp scp, char **response);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif
diff --git a/libssh/include/libssh/server.h b/libssh/include/libssh/server.h
index c1a9c15c..e437f292 100644
--- a/libssh/include/libssh/server.h
+++ b/libssh/include/libssh/server.h
@@ -36,28 +36,29 @@ extern "C" {
 #endif
 
 enum ssh_bind_options_e {
-  SSH_BIND_OPTIONS_BINDADDR,
-  SSH_BIND_OPTIONS_BINDPORT,
-  SSH_BIND_OPTIONS_BINDPORT_STR,
-  SSH_BIND_OPTIONS_HOSTKEY,
-  SSH_BIND_OPTIONS_DSAKEY,
-  SSH_BIND_OPTIONS_RSAKEY,
-  SSH_BIND_OPTIONS_BANNER,
-  SSH_BIND_OPTIONS_LOG_VERBOSITY,
-  SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
-  SSH_BIND_OPTIONS_ECDSAKEY,
-  SSH_BIND_OPTIONS_IMPORT_KEY,
-  SSH_BIND_OPTIONS_KEY_EXCHANGE,
-  SSH_BIND_OPTIONS_CIPHERS_C_S,
-  SSH_BIND_OPTIONS_CIPHERS_S_C,
-  SSH_BIND_OPTIONS_HMAC_C_S,
-  SSH_BIND_OPTIONS_HMAC_S_C,
-  SSH_BIND_OPTIONS_CONFIG_DIR,
-  SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-  SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
-  SSH_BIND_OPTIONS_PROCESS_CONFIG,
-  SSH_BIND_OPTIONS_MODULI,
-  SSH_BIND_OPTIONS_RSA_MIN_SIZE,
+    SSH_BIND_OPTIONS_BINDADDR,
+    SSH_BIND_OPTIONS_BINDPORT,
+    SSH_BIND_OPTIONS_BINDPORT_STR,
+    SSH_BIND_OPTIONS_HOSTKEY,
+    SSH_BIND_OPTIONS_DSAKEY, /* deprecated */
+    SSH_BIND_OPTIONS_RSAKEY, /* deprecated */
+    SSH_BIND_OPTIONS_BANNER,
+    SSH_BIND_OPTIONS_LOG_VERBOSITY,
+    SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
+    SSH_BIND_OPTIONS_ECDSAKEY, /* deprecated */
+    SSH_BIND_OPTIONS_IMPORT_KEY,
+    SSH_BIND_OPTIONS_KEY_EXCHANGE,
+    SSH_BIND_OPTIONS_CIPHERS_C_S,
+    SSH_BIND_OPTIONS_CIPHERS_S_C,
+    SSH_BIND_OPTIONS_HMAC_C_S,
+    SSH_BIND_OPTIONS_HMAC_S_C,
+    SSH_BIND_OPTIONS_CONFIG_DIR,
+    SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
+    SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+    SSH_BIND_OPTIONS_PROCESS_CONFIG,
+    SSH_BIND_OPTIONS_MODULI,
+    SSH_BIND_OPTIONS_RSA_MIN_SIZE,
+    SSH_BIND_OPTIONS_IMPORT_KEY_STR,
 };
 
 typedef struct ssh_bind_struct* ssh_bind;
@@ -117,7 +118,7 @@ LIBSSH_API int ssh_bind_listen(ssh_bind ssh_bind_o);
  *
  * @param[in] userdata  A pointer to private data to pass to the callbacks.
  *
- * @return              SSH_OK on success, SSH_ERROR if an error occured.
+ * @return              SSH_OK on success, SSH_ERROR if an error occurred.
  *
  * @code
  *     struct ssh_callbacks_struct cb = {
@@ -222,6 +223,9 @@ LIBSSH_API int ssh_server_init_kex(ssh_session session);
 /**
  * @brief Free a ssh servers bind.
  *
+ * Note that this will also free options that have been set on the bind,
+ * including keys set with SSH_BIND_OPTIONS_IMPORT_KEY.
+ *
  * @param  ssh_bind_o     The ssh server bind to free.
  */
 LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o);
@@ -280,7 +284,7 @@ LIBSSH_API int ssh_message_reply_default(ssh_message msg);
  *
  * @param[in] msg       The message to get the username from.
  *
- * @return              The username or NULL if an error occured.
+ * @return              The username or NULL if an error occurred.
  *
  * @see ssh_message_get()
  * @see ssh_message_type()
@@ -292,11 +296,11 @@ LIBSSH_API const char *ssh_message_auth_user(ssh_message msg);
  *
  * @param[in] msg       The message to get the password from.
  *
- * @return              The username or NULL if an error occured.
+ * @return              The password or NULL if an error occurred.
  *
  * @see ssh_message_get()
  * @see ssh_message_type()
- * @warning This function should not be used anymore as there is a
+ * @deprecated This function should not be used anymore as there is a
  * callback based server implementation now auth_password_function.
  */
 SSH_DEPRECATED LIBSSH_API const char *ssh_message_auth_password(ssh_message msg);
@@ -314,14 +318,19 @@ SSH_DEPRECATED LIBSSH_API const char *ssh_message_auth_password(ssh_message msg)
  * @see ssh_key_cmp()
  * @see ssh_message_get()
  * @see ssh_message_type()
- * @warning This function should not be used anymore as there is a
+ * @deprecated This function should not be used anymore as there is a
  * callback based server implementation auth_pubkey_function.
  */
 SSH_DEPRECATED LIBSSH_API ssh_key ssh_message_auth_pubkey(ssh_message msg);
 
 LIBSSH_API int ssh_message_auth_kbdint_is_response(ssh_message msg);
 
-/* Replaced by callback based server implementation auth_pubkey_function */
+/**
+ * @param[in] msg       The message to get the public key state from.
+ *
+ * @deprecated This function should not be used anymore as there is a
+ * callback based server implementation auth_pubkey_function
+ */
 SSH_DEPRECATED LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg);
 
 LIBSSH_API int ssh_message_auth_reply_success(ssh_message msg,int partial);
diff --git a/libssh/include/libssh/session.h b/libssh/include/libssh/session.h
index d3e5787c..aed94072 100644
--- a/libssh/include/libssh/session.h
+++ b/libssh/include/libssh/session.h
@@ -71,10 +71,24 @@ enum ssh_pending_call_e {
 };
 
 /* libssh calls may block an undefined amount of time */
-#define SSH_SESSION_FLAG_BLOCKING 1
+#define SSH_SESSION_FLAG_BLOCKING 0x0001
 
 /* Client successfully authenticated */
-#define SSH_SESSION_FLAG_AUTHENTICATED 2
+#define SSH_SESSION_FLAG_AUTHENTICATED 0x0002
+
+/* Do not accept new session channels (no-more-sessions@openssh.com) */
+#define SSH_SESSION_FLAG_NO_MORE_SESSIONS 0x0004
+
+/* The KEXINIT message can be sent first by either of the parties so this flag
+ * indicates that the message was already sent to make sure it is sent and avoid
+ * sending it twice during key exchange to simplify the state machine. */
+#define SSH_SESSION_FLAG_KEXINIT_SENT 0x0008
+
+/* The current SSH2 session implements the "strict KEX" feature and should behave
+ * differently on SSH2_MSG_NEWKEYS. */
+#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
+/* Unexpected packets have been sent while the session was still unencrypted */
+#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
 
 /* codes to use with ssh_handle_packets*() */
 /* Infinite timeout */
@@ -93,6 +107,13 @@ enum ssh_pending_call_e {
 #define SSH_OPT_FLAG_KBDINT_AUTH 0x4
 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
 
+/* Escape expansion of different variables */
+#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
+#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
+#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
+#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
+#define SSH_OPT_EXP_FLAG_CONTROL_PATH 0x10
+
 /* extensions flags */
 /* negotiation enabled */
 #define SSH_EXT_NEGOTIATION     0x01
@@ -119,6 +140,7 @@ struct ssh_session_struct {
     uint32_t send_seq;
     uint32_t recv_seq;
     struct ssh_timestamp last_rekey_time;
+    bool proxy_root;
 
     int connected;
     /* !=0 when the user got a session handle */
@@ -132,10 +154,8 @@ struct ssh_session_struct {
     /* Extensions negotiated using RFC 8308 */
     uint32_t extensions;
 
-    ssh_string banner; /* that's the issue banner from
-                       the server */
-    char *discon_msg; /* disconnect message from
-                         the remote host */
+    ssh_string banner; /* that's the issue banner from the server */
+    char *peer_discon_msg; /* disconnect message from the remote host */
     char *disconnect_message; /* disconnect message to be set */
     ssh_buffer in_buffer;
     PACKET in_packet;
@@ -160,32 +180,39 @@ struct ssh_session_struct {
         uint32_t current_method;
     } auth;
 
+    /* Sending this flag before key exchange to save one round trip during the
+     * key exchange. This might make sense on high-latency connections.
+     * So far internal only for testing. Usable only on the client side --
+     * there is no key exchange method that would start with server message */
+    bool send_first_kex_follows;
     /*
      * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
      * the received SSH_MSG_KEXINIT, but the guess was wrong, this
      * field will be set such that the following guessed packet will
-     * be ignored.  Once that packet has been received and ignored,
-     * this field is cleared.
+     * be ignored on the receiving side.  Once that packet has been received and
+     * ignored, this field is cleared.
+     * On the sending side, this is set after we got peer KEXINIT message and we
+     * need to resend the initial message of the negotiated KEX algorithm.
      */
-    int first_kex_follows_guess_wrong;
+    bool first_kex_follows_guess_wrong;
 
     ssh_buffer in_hashbuf;
     ssh_buffer out_hashbuf;
     struct ssh_crypto_struct *current_crypto;
-    struct ssh_crypto_struct *next_crypto;  /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
+    /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
+    struct ssh_crypto_struct *next_crypto;
 
     struct ssh_list *channels; /* linked list of channels */
     uint32_t maxchannel;
     ssh_agent agent; /* ssh agent */
 
-/* keyb interactive data */
+    /* keyboard interactive data */
     struct ssh_kbdint_struct *kbdint;
     struct ssh_gssapi_struct *gssapi;
 
     /* server host keys */
     struct {
         ssh_key rsa_key;
-        ssh_key dsa_key;
         ssh_key ecdsa_key;
         ssh_key ed25519_key;
         /* The type of host key wanted by client */
@@ -195,7 +222,8 @@ struct ssh_session_struct {
 
     /* auths accepted by server */
     struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
-    int (*ssh_message_callback)( struct ssh_session_struct *session, ssh_message msg, void *userdata);
+    int (*ssh_message_callback)(struct ssh_session_struct *session,
+                                ssh_message msg, void *userdata);
     void *ssh_message_callback_data;
     ssh_server_callbacks server_callbacks;
     void (*ssh_connection_callback)( struct ssh_session_struct *session);
@@ -209,6 +237,11 @@ struct ssh_session_struct {
 #endif
     struct {
         struct ssh_list *identity;
+        struct ssh_list *identity_non_exp;
+        struct ssh_list *certificate;
+        struct ssh_list *certificate_non_exp;
+        struct ssh_list *proxy_jumps;
+        struct ssh_list *proxy_jumps_user_cb;
         char *username;
         char *host;
         char *bindaddr; /* bind the client to an ip addr */
@@ -218,8 +251,6 @@ struct ssh_session_struct {
         char *wanted_methods[SSH_KEX_METHODS];
         char *pubkey_accepted_types;
         char *ProxyCommand;
-        char *custombanner;
-        char *moduli_file;
         char *agent_socket;
         unsigned long timeout; /* seconds */
         unsigned long timeout_usec;
@@ -231,13 +262,24 @@ struct ssh_session_struct {
         char *gss_client_identity;
         int gss_delegate_creds;
         int flags;
+        int exp_flags;
         int nodelay;
         bool config_processed;
         uint8_t options_seen[SOC_MAX];
         uint64_t rekey_data;
         uint32_t rekey_time;
         int rsa_min_size;
+        bool identities_only;
+        int control_master;
+        char *control_path;
     } opts;
+
+    /* server options */
+    struct {
+        char *custombanner;
+        char *moduli_file;
+    } server_opts;
+
     /* counters */
     ssh_counter socket_counter;
     ssh_counter raw_counter;
diff --git a/libssh/include/libssh/sftp.h b/libssh/include/libssh/sftp.h
index c855df8a..cf4458c3 100644
--- a/libssh/include/libssh/sftp.h
+++ b/libssh/include/libssh/sftp.h
@@ -77,6 +77,8 @@ typedef struct sftp_request_queue_struct* sftp_request_queue;
 typedef struct sftp_session_struct* sftp_session;
 typedef struct sftp_status_message_struct* sftp_status_message;
 typedef struct sftp_statvfs_struct* sftp_statvfs_t;
+typedef struct sftp_limits_struct* sftp_limits_t;
+typedef struct sftp_aio_struct* sftp_aio;
 
 struct sftp_session_struct {
     ssh_session session;
@@ -90,6 +92,7 @@ struct sftp_session_struct {
     void **handles;
     sftp_ext ext;
     sftp_packet read_packet;
+    sftp_limits_t limits;
 };
 
 struct sftp_packet_struct {
@@ -200,6 +203,16 @@ struct sftp_statvfs_struct {
   uint64_t f_namemax; /** maximum filename length */
 };
 
+/**
+ * @brief SFTP limits structure.
+ */
+struct sftp_limits_struct {
+    uint64_t max_packet_length;   /** maximum number of bytes in a single sftp packet */
+    uint64_t max_read_length;     /** maximum length in a SSH_FXP_READ packet */
+    uint64_t max_write_length;    /** maximum length in a SSH_FXP_WRITE packet */
+    uint64_t max_open_handles;    /** maximum number of active handles allowed by server */
+};
+
 /**
  * @brief Creates a new sftp session.
  *
@@ -476,13 +489,18 @@ LIBSSH_API void sftp_file_set_blocking(sftp_file handle);
 /**
  * @brief Read from a file using an opened sftp file handle.
  *
+ * This function caps the length a user is allowed to read from an sftp file.
+ *
+ * The value used for the cap is same as the value of the max_read_length
+ * field of the sftp_limits_t returned by sftp_limits().
+ *
  * @param file          The opened sftp file handle to be read from.
  *
  * @param buf           Pointer to buffer to receive read data.
  *
  * @param count         Size of the buffer in bytes.
  *
- * @return              Number of bytes written, < 0 on error with ssh and sftp
+ * @return              Number of bytes read, < 0 on error with ssh and sftp
  *                      error set.
  *
  * @see sftp_get_error()
@@ -520,7 +538,8 @@ LIBSSH_API ssize_t sftp_read(sftp_file file, void *buf, size_t count);
  * @see                 sftp_async_read()
  * @see                 sftp_open()
  */
-LIBSSH_API int sftp_async_read_begin(sftp_file file, uint32_t len);
+SSH_DEPRECATED LIBSSH_API int sftp_async_read_begin(sftp_file file,
+                                                    uint32_t len);
 
 /**
  * @brief Wait for an asynchronous read to complete and save the data.
@@ -545,11 +564,19 @@ LIBSSH_API int sftp_async_read_begin(sftp_file file, uint32_t len);
  *
  * @see sftp_async_read_begin()
  */
-LIBSSH_API int sftp_async_read(sftp_file file, void *data, uint32_t len, uint32_t id);
+SSH_DEPRECATED LIBSSH_API int sftp_async_read(sftp_file file,
+                                              void *data,
+                                              uint32_t len,
+                                              uint32_t id);
 
 /**
  * @brief Write to a file using an opened sftp file handle.
  *
+ * This function caps the length a user is allowed to write to an sftp file.
+ *
+ * The value used for the cap is same as the value of the max_write_length
+ * field of the sftp_limits_t returned by sftp_limits().
+ *
  * @param file          Open sftp file handle to write to.
  *
  * @param buf           Pointer to buffer to write data.
@@ -565,6 +592,229 @@ LIBSSH_API int sftp_async_read(sftp_file file, void *data, uint32_t len, uint32_
  */
 LIBSSH_API ssize_t sftp_write(sftp_file file, const void *buf, size_t count);
 
+/**
+ * @brief Deallocate memory corresponding to a sftp aio handle.
+ *
+ * This function deallocates memory corresponding to the aio handle returned
+ * by the sftp_aio_begin_*() functions. Users can use this function to free
+ * memory corresponding to an aio handle for an outstanding async i/o request
+ * on encountering some error.
+ *
+ * @param aio           sftp aio handle corresponding to which memory has
+ *                      to be deallocated.
+ *
+ * @see sftp_aio_begin_read()
+ * @see sftp_aio_wait_read()
+ * @see sftp_aio_begin_write()
+ * @see sftp_aio_wait_write()
+ */
+LIBSSH_API void sftp_aio_free(sftp_aio aio);
+#define SFTP_AIO_FREE(x) \
+    do { if(x != NULL) {sftp_aio_free(x); x = NULL;} } while(0)
+
+/**
+ * @brief Start an asynchronous read from a file using an opened sftp
+ * file handle.
+ *
+ * Its goal is to avoid the slowdowns related to the request/response pattern
+ * of a synchronous read. To do so, you must call 2 functions :
+ *
+ * sftp_aio_begin_read() and sftp_aio_wait_read().
+ *
+ * - The first step is to call sftp_aio_begin_read(). This function sends a
+ *   read request to the sftp server, dynamically allocates memory to store
+ *   information about the sent request and provides the caller an sftp aio
+ *   handle to that memory.
+ *
+ * - The second step is to call sftp_aio_wait_read() and pass it the address
+ *   of a location storing the sftp aio handle provided by
+ *   sftp_aio_begin_read().
+ *
+ * These two functions do not close the open sftp file handle passed to
+ * sftp_aio_begin_read() irrespective of whether they fail or not.
+ *
+ * It is the responsibility of the caller to ensure that the open sftp file
+ * handle passed to sftp_aio_begin_read() must not be closed before the
+ * corresponding call to sftp_aio_wait_read(). After sftp_aio_wait_read()
+ * returns, it is caller's decision whether to immediately close the file by
+ * calling sftp_close() or to keep it open and perform some more operations
+ * on it.
+ *
+ * This function caps the length a user is allowed to read from an sftp file,
+ * the value of len parameter after capping is returned on success.
+ *
+ * The value used for the cap is same as the value of the max_read_length
+ * field of the sftp_limits_t returned by sftp_limits().
+ *
+ * @param file          The opened sftp file handle to be read from.
+ *
+ * @param len           Number of bytes to read.
+ *
+ * @param aio           Pointer to a location where the sftp aio handle
+ *                      (corresponding to the sent request) should be stored.
+ *
+ * @returns             On success, the number of bytes the server is
+ *                      requested to read (value of len parameter after
+ *                      capping). On error, SSH_ERROR with sftp and ssh
+ *                      errors set.
+ *
+ * @warning             When calling this function, the internal file offset is
+ *                      updated corresponding to the number of bytes requested
+ *                      to read.
+ *
+ * @warning             A call to sftp_aio_begin_read() sends a request to
+ *                      the server. When the server answers, libssh allocates
+ *                      memory to store it until sftp_aio_wait_read() is called.
+ *                      Not calling sftp_aio_wait_read() will lead to memory
+ *                      leaks.
+ *
+ * @see                 sftp_aio_wait_read()
+ * @see                 sftp_aio_free()
+ * @see                 sftp_open()
+ * @see                 sftp_close()
+ * @see                 sftp_get_error()
+ * @see                 ssh_get_error()
+ */
+LIBSSH_API ssize_t sftp_aio_begin_read(sftp_file file,
+                                       size_t len,
+                                       sftp_aio *aio);
+
+/**
+ * @brief Wait for an asynchronous read to complete and store the read data
+ * in the supplied buffer.
+ *
+ * A pointer to an sftp aio handle should be passed while calling
+ * this function. Except when the return value is SSH_AGAIN,
+ * this function releases the memory corresponding to the supplied
+ * aio handle and assigns NULL to that aio handle using the passed
+ * pointer to that handle.
+ *
+ * If the file is opened in non-blocking mode and the request hasn't been
+ * executed yet, this function returns SSH_AGAIN and must be called again
+ * using the same sftp aio handle.
+ *
+ * @param aio           Pointer to the sftp aio handle returned by
+ *                      sftp_aio_begin_read().
+ *
+ * @param buf           Pointer to the buffer in which read data will be stored.
+ *
+ * @param buf_size      Size of the buffer in bytes. It should be bigger or
+ *                      equal to the length parameter of the
+ *                      sftp_aio_begin_read() call.
+ *
+ * @return              Number of bytes read, 0 on EOF, SSH_ERROR if an error
+ *                      occurred, SSH_AGAIN if the file is opened in nonblocking
+ *                      mode and the request hasn't been executed yet.
+ *
+ * @warning             A call to this function with an invalid sftp aio handle
+ *                      may never return.
+ *
+ * @see sftp_aio_begin_read()
+ * @see sftp_aio_free()
+ */
+LIBSSH_API ssize_t sftp_aio_wait_read(sftp_aio *aio,
+                                      void *buf,
+                                      size_t buf_size);
+
+/**
+ * @brief Start an asynchronous write to a file using an opened sftp
+ * file handle.
+ *
+ * Its goal is to avoid the slowdowns related to the request/response pattern
+ * of a synchronous write. To do so, you must call 2 functions :
+ *
+ * sftp_aio_begin_write() and sftp_aio_wait_write().
+ *
+ * - The first step is to call sftp_aio_begin_write(). This function sends a
+ *   write request to the sftp server, dynamically allocates memory to store
+ *   information about the sent request and provides the caller an sftp aio
+ *   handle to that memory.
+ *
+ * - The second step is to call sftp_aio_wait_write() and pass it the address
+ *   of a location storing the sftp aio handle provided by
+ *   sftp_aio_begin_write().
+ *
+ * These two functions do not close the open sftp file handle passed to
+ * sftp_aio_begin_write() irrespective of whether they fail or not.
+ *
+ * It is the responsibility of the caller to ensure that the open sftp file
+ * handle passed to sftp_aio_begin_write() must not be closed before the
+ * corresponding call to sftp_aio_wait_write(). After sftp_aio_wait_write()
+ * returns, it is caller's decision whether to immediately close the file by
+ * calling sftp_close() or to keep it open and perform some more operations
+ * on it.
+ *
+ * This function caps the length a user is allowed to write to an sftp file,
+ * the value of len parameter after capping is returned on success.
+ *
+ * The value used for the cap is same as the value of the max_write_length
+ * field of the sftp_limits_t returned by sftp_limits().
+ *
+ * @param file          The opened sftp file handle to write to.
+ *
+ * @param buf           Pointer to the buffer containing data to write.
+ *
+ * @param len           Number of bytes to write.
+ *
+ * @param aio           Pointer to a location where the sftp aio handle
+ *                      (corresponding to the sent request) should be stored.
+ *
+ * @returns             On success, the number of bytes the server is
+ *                      requested to write (value of len parameter after
+ *                      capping). On error, SSH_ERROR with sftp and ssh errors
+ *                      set.
+ *
+ * @warning             When calling this function, the internal file offset is
+ *                      updated corresponding to the number of bytes requested
+ *                      to write.
+ *
+ * @warning             A call to sftp_aio_begin_write() sends a request to
+ *                      the server. When the server answers, libssh allocates
+ *                      memory to store it until sftp_aio_wait_write() is
+ *                      called. Not calling sftp_aio_wait_write() will lead to
+ *                      memory leaks.
+ *
+ * @see                 sftp_aio_wait_write()
+ * @see                 sftp_aio_free()
+ * @see                 sftp_open()
+ * @see                 sftp_close()
+ * @see                 sftp_get_error()
+ * @see                 ssh_get_error()
+ */
+LIBSSH_API ssize_t sftp_aio_begin_write(sftp_file file,
+                                        const void *buf,
+                                        size_t len,
+                                        sftp_aio *aio);
+
+/**
+ * @brief Wait for an asynchronous write to complete.
+ *
+ * A pointer to an sftp aio handle should be passed while calling
+ * this function. Except when the return value is SSH_AGAIN,
+ * this function releases the memory corresponding to the supplied
+ * aio handle and assigns NULL to that aio handle using the passed
+ * pointer to that handle.
+ *
+ * If the file is opened in non-blocking mode and the request hasn't
+ * been executed yet, this function returns SSH_AGAIN and must be called
+ * again using the same sftp aio handle.
+ *
+ * @param aio           Pointer to the sftp aio handle returned by
+ *                      sftp_aio_begin_write().
+ *
+ * @return              Number of bytes written on success, SSH_ERROR
+ *                      if an error occurred, SSH_AGAIN if the file is
+ *                      opened in nonblocking mode and the request hasn't
+ *                      been executed yet.
+ *
+ * @warning             A call to this function with an invalid sftp aio handle
+ *                      may never return.
+ *
+ * @see sftp_aio_begin_write()
+ * @see sftp_aio_free()
+ */
+LIBSSH_API ssize_t sftp_aio_wait_write(sftp_aio *aio);
+
 /**
  * @brief Seek to a specific location in a file.
  *
@@ -605,8 +855,7 @@ LIBSSH_API unsigned long sftp_tell(sftp_file file);
  * @param file          Open sftp file handle.
  *
  * @return              The offset of the current byte relative to the beginning
- *                      of the file associated with the file descriptor. < 0 on
- *                      error.
+ *                      of the file associated with the file descriptor.
  */
 LIBSSH_API uint64_t sftp_tell64(sftp_file file);
 
@@ -681,6 +930,11 @@ LIBSSH_API int sftp_rename(sftp_session sftp, const char *original, const  char
 /**
  * @brief Set file attributes on a file, directory or symbolic link.
  *
+ * Note, that this function can only set time values using 32 bit values due to
+ * the restrictions in the SFTP protocol version 3 implemented by libssh.
+ * The support for 64 bit time values was introduced in SFTP version 5, which is
+ * not implemented by libssh nor any major SFTP servers.
+ *
  * @param sftp          The sftp session handle.
  *
  * @param file          The file which attributes should be changed.
@@ -694,6 +948,29 @@ LIBSSH_API int sftp_rename(sftp_session sftp, const char *original, const  char
  */
 LIBSSH_API int sftp_setstat(sftp_session sftp, const char *file, sftp_attributes attr);
 
+/**
+ * @brief This request is like setstat (excluding mode and size) but sets file
+ * attributes on symlinks themselves.
+ *
+ * Note, that this function can only set time values using 32 bit values due to
+ * the restrictions in the SFTP protocol version 3 implemented by libssh.
+ * The support for 64 bit time values was introduced in SFTP version 5, which is
+ * not implemented by libssh nor any major SFTP servers.
+ *
+ * @param sftp          The sftp session handle.
+ *
+ * @param file          The symbolic link which attributes should be changed.
+ *
+ * @param attr          The file attributes structure with the attributes set
+ *                      which should be changed.
+ *
+ * @return              0 on success, < 0 on error with ssh and sftp error set.
+ *
+ * @see sftp_get_error()
+ */
+LIBSSH_API int
+sftp_lsetstat(sftp_session sftp, const char *file, sftp_attributes attr);
+
 /**
  * @brief Change the file owner and group
  *
@@ -767,11 +1044,29 @@ LIBSSH_API int sftp_symlink(sftp_session sftp, const char *target, const char *d
  * @param  path         Specifies the path name of the symlink to be read.
  *
  * @return              The target of the link, NULL on error.
+ *                      The caller needs to free the memory
+ *                      using ssh_string_free_char().
  *
  * @see sftp_get_error()
  */
 LIBSSH_API char *sftp_readlink(sftp_session sftp, const char *path);
 
+/**
+ * @brief Create a hard link.
+ *
+ * @param  sftp         The sftp session handle.
+ *
+ * @param  oldpath      Specifies the pathname of the file for
+ *                      which the new hardlink is to be created.
+ *
+ * @param  newpath      Specifies the pathname of the hardlink to be created.
+ *
+ * @return              0 on success, -1 on error with ssh and sftp error set.
+ *
+ * @see sftp_get_error()
+ */
+LIBSSH_API int sftp_hardlink(sftp_session sftp, const char *oldpath, const char *newpath);
+
 /**
  * @brief Get information about a mounted file system.
  *
@@ -819,6 +1114,24 @@ LIBSSH_API void sftp_statvfs_free(sftp_statvfs_t statvfs_o);
  */
 LIBSSH_API int sftp_fsync(sftp_file file);
 
+/**
+ * @brief Get information about the various limits the server might impose.
+ *
+ * @param  sftp         The sftp session handle.
+ *
+ * @return A limits structure or NULL on error.
+ *
+ * @see sftp_get_error()
+ */
+LIBSSH_API sftp_limits_t sftp_limits(sftp_session sftp);
+
+/**
+ * @brief Free the memory of an allocated limits.
+ *
+ * @param  limits      The limits to free.
+ */
+LIBSSH_API void sftp_limits_free(sftp_limits_t limits);
+
 /**
  * @brief Canonicalize a sftp path.
  *
@@ -841,6 +1154,40 @@ LIBSSH_API char *sftp_canonicalize_path(sftp_session sftp, const char *path);
  */
 LIBSSH_API int sftp_server_version(sftp_session sftp);
 
+/**
+ * @brief Canonicalize path using expand-path@openssh.com extension
+ *
+ * @param sftp          The sftp session handle.
+ *
+ * @param path          The path to be canonicalized.
+ *
+ * @return              A pointer to the newly allocated canonicalized path,
+ *                      NULL on error. The caller needs to free the memory
+ *                      using ssh_string_free_char().
+ */
+LIBSSH_API char *sftp_expand_path(sftp_session sftp, const char *path);
+
+/**
+ * @brief Get the specified user's home directory
+ *
+ * This calls the "home-directory" extension. You should check if the extension
+ * is supported using:
+ *
+ * @code
+ * int supported  = sftp_extension_supported(sftp, "home-directory", "1");
+ * @endcode
+ *
+ * @param sftp          The sftp session handle.
+ *
+ * @param username      username of the user whose home directory is requested.
+ *
+ * @return              On success, a newly allocated string containing the
+ *                      absolute real-path of the home directory of the user.
+ *                      NULL on error. The caller needs to free the memory
+ *                      using ssh_string_free_char().
+ */
+LIBSSH_API char *sftp_home_directory(sftp_session sftp, const char *username);
+
 #ifdef WITH_SERVER
 /**
  * @brief Create a new sftp server session.
@@ -860,7 +1207,7 @@ LIBSSH_API sftp_session sftp_server_new(ssh_session session, ssh_channel chan);
  *
  * @return             0 on success, < 0 on error.
  */
-LIBSSH_API int sftp_server_init(sftp_session sftp);
+SSH_DEPRECATED LIBSSH_API int sftp_server_init(sftp_session sftp);
 
 /**
  * @brief Close and deallocate a sftp server session.
diff --git a/libssh/include/libssh/sftp_priv.h b/libssh/include/libssh/sftp_priv.h
index ccde008a..8470a8ad 100644
--- a/libssh/include/libssh/sftp_priv.h
+++ b/libssh/include/libssh/sftp_priv.h
@@ -21,6 +21,10 @@
 #ifndef SFTP_PRIV_H
 #define SFTP_PRIV_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 sftp_packet sftp_packet_read(sftp_session sftp);
 int sftp_packet_write(sftp_session sftp, uint8_t type, ssh_buffer payload);
 void sftp_packet_free(sftp_packet packet);
@@ -28,5 +32,52 @@ int buffer_add_attributes(ssh_buffer buffer, sftp_attributes attr);
 sftp_attributes sftp_parse_attr(sftp_session session,
                                 ssh_buffer buf,
                                 int expectname);
+/**
+ * @brief Reply to the SSH_FXP_INIT message with the SSH_FXP_VERSION message
+ *
+ * @param  client_msg         The pointer to client message.
+ *
+ * @return                    0 on success, < 0 on error with ssh and sftp error set.
+ *
+ * @see sftp_get_error()
+ */
+int sftp_reply_version(sftp_client_message client_msg);
+/**
+ * @brief Decode the data from channel buffer into sftp read_packet.
+ *
+ * @param  sftp         The sftp session handle.
+ *
+ * @param  data         The pointer to the data buffer of channel.
+ * @param  len          The data buffer length
+ *
+ * @return              Length of data decoded.
+ */
+int sftp_decode_channel_data_to_packet(sftp_session sftp, void *data, uint32_t len);
+
+void sftp_set_error(sftp_session sftp, int errnum);
+
+void sftp_message_free(sftp_message msg);
+
+int sftp_read_and_dispatch(sftp_session sftp);
+
+sftp_message sftp_dequeue(sftp_session sftp, uint32_t id);
+
+/*
+ * Assigns a new SFTP ID for new requests and assures there is no collision
+ * between them.
+ * Returns a new ID ready to use in a request
+ */
+static inline uint32_t sftp_get_new_id(sftp_session session)
+{
+    return ++session->id_counter;
+}
+
+sftp_status_message parse_status_msg(sftp_message msg);
+
+void status_msg_free(sftp_status_message status);
+
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* SFTP_PRIV_H */
diff --git a/libssh/include/libssh/sftpserver.h b/libssh/include/libssh/sftpserver.h
new file mode 100644
index 00000000..01b17c7f
--- /dev/null
+++ b/libssh/include/libssh/sftpserver.h
@@ -0,0 +1,77 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2022 Zeyu Sheng <shengzeyu19_98@163.com>
+ * Copyright (c) 2023 Red Hat, Inc.
+ *
+ * Authors: Jakub Jelen <jjelen@redhat.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef SFTP_SERVER_H
+#define SFTP_SERVER_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+#include "libssh/libssh.h"
+#include "libssh/sftp.h"
+
+/**
+ * @defgroup libssh_sftp_server The libssh SFTP server API
+ *
+ * @brief SFTP server handling functions
+ *
+ * TODO
+ *
+ * @{
+ */
+
+#define SSH_SFTP_CALLBACK(name) \
+    static int name(sftp_client_message message)
+
+typedef int (*sftp_server_message_callback)(sftp_client_message message);
+
+struct sftp_message_handler
+{
+    const char *name;
+    const char *extended_name;
+    uint8_t type;
+
+    sftp_server_message_callback cb;
+};
+
+LIBSSH_API int sftp_channel_default_subsystem_request(ssh_session session,
+                                                      ssh_channel channel,
+                                                      const char *subsystem,
+                                                      void *userdata);
+LIBSSH_API int sftp_channel_default_data_callback(ssh_session session,
+                                                  ssh_channel channel,
+                                                  void *data,
+                                                  uint32_t len,
+                                                  int is_stderr,
+                                                  void *userdata);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SFTP_SERVER_H */
diff --git a/libssh/include/libssh/socket.h b/libssh/include/libssh/socket.h
index ae56f5f6..50e7db75 100644
--- a/libssh/include/libssh/socket.h
+++ b/libssh/include/libssh/socket.h
@@ -35,11 +35,13 @@ void ssh_socket_reset(ssh_socket s);
 void ssh_socket_free(ssh_socket s);
 void ssh_socket_set_fd(ssh_socket s, socket_t fd);
 socket_t ssh_socket_get_fd(ssh_socket s);
+void ssh_socket_set_connected(ssh_socket s, struct ssh_poll_handle_struct *p);
 int ssh_socket_unix(ssh_socket s, const char *path);
+#if WITH_EXEC
 void ssh_execute_command(const char *command, socket_t in, socket_t out);
-#ifndef _WIN32
 int ssh_socket_connect_proxycommand(ssh_socket s, const char *command);
 #endif
+int ssh_socket_connect_proxyjump(ssh_socket s);
 void ssh_socket_close(ssh_socket s);
 int ssh_socket_write(ssh_socket s,const void *buffer, uint32_t len);
 int ssh_socket_is_open(ssh_socket s);
diff --git a/libssh/include/libssh/string.h b/libssh/include/libssh/string.h
index 8c7db1df..35b2ea2e 100644
--- a/libssh/include/libssh/string.h
+++ b/libssh/include/libssh/string.h
@@ -22,6 +22,10 @@
 #define STRING_H_
 #include "libssh/priv.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* must be 32 bits number + immediately our data */
 #ifdef _MSC_VER
 #pragma pack(1)
@@ -38,4 +42,8 @@ __attribute__ ((packed))
 #endif
 ;
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* STRING_H_ */
diff --git a/libssh/include/libssh/threads.h b/libssh/include/libssh/threads.h
index 522f91d5..47340d17 100644
--- a/libssh/include/libssh/threads.h
+++ b/libssh/include/libssh/threads.h
@@ -49,6 +49,10 @@
 
 #endif
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 int ssh_threads_init(void);
 void ssh_threads_finalize(void);
 const char *ssh_threads_get_type(void);
@@ -60,4 +64,8 @@ struct ssh_threads_callbacks_struct *ssh_threads_get_default(void);
 int crypto_thread_init(struct ssh_threads_callbacks_struct *user_callbacks);
 void crypto_thread_finalize(void);
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* THREADS_H_ */
diff --git a/libssh/include/libssh/token.h b/libssh/include/libssh/token.h
index 9896fb06..550ad792 100644
--- a/libssh/include/libssh/token.h
+++ b/libssh/include/libssh/token.h
@@ -31,6 +31,10 @@ struct ssh_tokens_st {
     char **tokens;
 };
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 struct ssh_tokens_st *ssh_tokenize(const char *chain, char separator);
 
 void ssh_tokens_free(struct ssh_tokens_st *tokens);
@@ -45,4 +49,13 @@ char *ssh_remove_duplicates(const char *list);
 
 char *ssh_append_without_duplicates(const char *list,
                                     const char *appended_list);
+char *ssh_prefix_without_duplicates(const char *list,
+                                    const char *prefixed_list);
+char *ssh_remove_all_matching(const char *list,
+                              const char *remove_list);
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* TOKEN_H_ */
diff --git a/libssh/include/libssh/wrapper.h b/libssh/include/libssh/wrapper.h
index f4a33d2d..b3e28eac 100644
--- a/libssh/include/libssh/wrapper.h
+++ b/libssh/include/libssh/wrapper.h
@@ -29,6 +29,10 @@
 #include "libssh/libgcrypt.h"
 #include "libssh/libmbedcrypto.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 enum ssh_kdf_digest {
     SSH_KDF_SHA1=1,
     SSH_KDF_SHA256,
@@ -68,33 +72,33 @@ struct ssh_crypto_struct;
 
 typedef struct ssh_mac_ctx_struct *ssh_mac_ctx;
 MD5CTX md5_init(void);
-void md5_update(MD5CTX c, const void *data, size_t len);
-void md5_final(unsigned char *md,MD5CTX c);
+void md5_ctx_free(MD5CTX);
+int md5_update(MD5CTX c, const void *data, size_t len);
+int md5_final(unsigned char *md, MD5CTX c);
 
 SHACTX sha1_init(void);
-void sha1_update(SHACTX c, const void *data, size_t len);
-void sha1_final(unsigned char *md,SHACTX c);
-void sha1(const unsigned char *digest,size_t len,unsigned char *hash);
+void sha1_ctx_free(SHACTX);
+int sha1_update(SHACTX c, const void *data, size_t len);
+int sha1_final(unsigned char *md,SHACTX c);
+int sha1(const unsigned char *digest,size_t len, unsigned char *hash);
 
 SHA256CTX sha256_init(void);
-void sha256_update(SHA256CTX c, const void *data, size_t len);
-void sha256_final(unsigned char *md,SHA256CTX c);
-void sha256(const unsigned char *digest, size_t len, unsigned char *hash);
+void sha256_ctx_free(SHA256CTX);
+int sha256_update(SHA256CTX c, const void *data, size_t len);
+int sha256_final(unsigned char *md,SHA256CTX c);
+int sha256(const unsigned char *digest, size_t len, unsigned char *hash);
 
 SHA384CTX sha384_init(void);
-void sha384_update(SHA384CTX c, const void *data, size_t len);
-void sha384_final(unsigned char *md,SHA384CTX c);
-void sha384(const unsigned char *digest, size_t len, unsigned char *hash);
+void sha384_ctx_free(SHA384CTX);
+int sha384_update(SHA384CTX c, const void *data, size_t len);
+int sha384_final(unsigned char *md,SHA384CTX c);
+int sha384(const unsigned char *digest, size_t len, unsigned char *hash);
 
 SHA512CTX sha512_init(void);
-void sha512_update(SHA512CTX c, const void *data, size_t len);
-void sha512_final(unsigned char *md,SHA512CTX c);
-void sha512(const unsigned char *digest, size_t len, unsigned char *hash);
-
-void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen);
-EVPCTX evp_init(int nid);
-void evp_update(EVPCTX ctx, const void *data, size_t len);
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
+void sha512_ctx_free(SHA512CTX);
+int sha512_update(SHA512CTX c, const void *data, size_t len);
+int sha512_final(unsigned char *md,SHA512CTX c);
+int sha512(const unsigned char *digest, size_t len, unsigned char *hash);
 
 HMACCTX hmac_init(const void *key,size_t len, enum ssh_hmac_e type);
 int hmac_update(HMACCTX c, const void *data, size_t len);
@@ -122,9 +126,13 @@ const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm);
 
 #if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER >= 0x30000000L
 int evp_build_pkey(const char* name, OSSL_PARAM_BLD *param_bld, EVP_PKEY **pkey, int selection);
-int evp_dup_dsa_pkey(const ssh_key key, ssh_key new, int demote);
-int evp_dup_rsa_pkey(const ssh_key key, ssh_key new, int demote);
-int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new, int demote);
+int evp_dup_dsa_pkey(const ssh_key key, ssh_key new_key, int demote);
+int evp_dup_rsa_pkey(const ssh_key key, ssh_key new_key, int demote);
+int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new_key, int demote);
 #endif /* HAVE_LIBCRYPTO && OPENSSL_VERSION_NUMBER */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* WRAPPER_H_ */
diff --git a/libssh/libssh.pc.cmake b/libssh/libssh.pc.cmake
index b37cb3fc..f288b94d 100644
--- a/libssh/libssh.pc.cmake
+++ b/libssh/libssh.pc.cmake
@@ -1,6 +1,10 @@
-Name: ${PROJECT_NAME}
-Description: The SSH Library
-Version: ${PROJECT_VERSION}
-Libs: -L${CMAKE_INSTALL_FULL_LIBDIR} -lssh
-Cflags: -I${CMAKE_INSTALL_FULL_INCLUDEDIR}
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
 
+Name: @PROJECT_NAME@
+Description: The SSH Library
+Version: @PROJECT_VERSION@
+Libs: -L${libdir} -lssh
+Cflags: -I${includedir}
diff --git a/libssh/src/ABI/current b/libssh/src/ABI/current
index f4cfd30c..fc2ad41b 100644
--- a/libssh/src/ABI/current
+++ b/libssh/src/ABI/current
@@ -1 +1 @@
-4.9.4
\ No newline at end of file
+4.10.3
\ No newline at end of file
diff --git a/libssh/src/ABI/libssh-4.10.0.symbols b/libssh/src/ABI/libssh-4.10.0.symbols
new file mode 100644
index 00000000..34949837
--- /dev/null
+++ b/libssh/src/ABI/libssh-4.10.0.symbols
@@ -0,0 +1,445 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_aio_begin_read
+sftp_aio_begin_write
+sftp_aio_free
+sftp_aio_wait_read
+sftp_aio_wait_write
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_channel_default_data_callback
+sftp_channel_default_subsystem_request
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_expand_path
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_hardlink
+sftp_home_directory
+sftp_init
+sftp_limits
+sftp_limits_free
+sftp_lsetstat
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_state
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_pty_size_modes
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_base64_format
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_file_format
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_request_no_more_sessions
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff --git a/libssh/src/ABI/libssh-4.10.1.symbols b/libssh/src/ABI/libssh-4.10.1.symbols
new file mode 100644
index 00000000..34949837
--- /dev/null
+++ b/libssh/src/ABI/libssh-4.10.1.symbols
@@ -0,0 +1,445 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_aio_begin_read
+sftp_aio_begin_write
+sftp_aio_free
+sftp_aio_wait_read
+sftp_aio_wait_write
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_channel_default_data_callback
+sftp_channel_default_subsystem_request
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_expand_path
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_hardlink
+sftp_home_directory
+sftp_init
+sftp_limits
+sftp_limits_free
+sftp_lsetstat
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_state
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_pty_size_modes
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_base64_format
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_file_format
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_request_no_more_sessions
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff --git a/libssh/src/ABI/libssh-4.10.2.symbols b/libssh/src/ABI/libssh-4.10.2.symbols
new file mode 100644
index 00000000..34949837
--- /dev/null
+++ b/libssh/src/ABI/libssh-4.10.2.symbols
@@ -0,0 +1,445 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_aio_begin_read
+sftp_aio_begin_write
+sftp_aio_free
+sftp_aio_wait_read
+sftp_aio_wait_write
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_channel_default_data_callback
+sftp_channel_default_subsystem_request
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_expand_path
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_hardlink
+sftp_home_directory
+sftp_init
+sftp_limits
+sftp_limits_free
+sftp_lsetstat
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_state
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_pty_size_modes
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_base64_format
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_file_format
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_request_no_more_sessions
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff --git a/libssh/src/ABI/libssh-4.10.3.symbols b/libssh/src/ABI/libssh-4.10.3.symbols
new file mode 100644
index 00000000..34949837
--- /dev/null
+++ b/libssh/src/ABI/libssh-4.10.3.symbols
@@ -0,0 +1,445 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_aio_begin_read
+sftp_aio_begin_write
+sftp_aio_free
+sftp_aio_wait_read
+sftp_aio_wait_write
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_channel_default_data_callback
+sftp_channel_default_subsystem_request
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_expand_path
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_hardlink
+sftp_home_directory
+sftp_init
+sftp_limits
+sftp_limits_free
+sftp_lsetstat
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_state
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_pty_size_modes
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_base64_format
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_file_format
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_request_no_more_sessions
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff --git a/libssh/src/ABI/libssh-4.9.5.symbols b/libssh/src/ABI/libssh-4.9.5.symbols
new file mode 100644
index 00000000..a26e2c5e
--- /dev/null
+++ b/libssh/src/ABI/libssh-4.9.5.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff --git a/libssh/src/ABI/libssh-4.9.6.symbols b/libssh/src/ABI/libssh-4.9.6.symbols
new file mode 100644
index 00000000..a26e2c5e
--- /dev/null
+++ b/libssh/src/ABI/libssh-4.9.6.symbols
@@ -0,0 +1,427 @@
+_ssh_log
+buffer_free
+buffer_get
+buffer_get_len
+buffer_new
+channel_accept_x11
+channel_change_pty_size
+channel_close
+channel_forward_accept
+channel_forward_cancel
+channel_forward_listen
+channel_free
+channel_get_exit_status
+channel_get_session
+channel_is_closed
+channel_is_eof
+channel_is_open
+channel_new
+channel_open_forward
+channel_open_session
+channel_poll
+channel_read
+channel_read_buffer
+channel_read_nonblocking
+channel_request_env
+channel_request_exec
+channel_request_pty
+channel_request_pty_size
+channel_request_send_signal
+channel_request_sftp
+channel_request_shell
+channel_request_subsystem
+channel_request_x11
+channel_select
+channel_send_eof
+channel_set_blocking
+channel_write
+channel_write_stderr
+privatekey_free
+privatekey_from_file
+publickey_free
+publickey_from_file
+publickey_from_privatekey
+publickey_to_string
+sftp_async_read
+sftp_async_read_begin
+sftp_attributes_free
+sftp_canonicalize_path
+sftp_chmod
+sftp_chown
+sftp_client_message_free
+sftp_client_message_get_data
+sftp_client_message_get_filename
+sftp_client_message_get_flags
+sftp_client_message_get_submessage
+sftp_client_message_get_type
+sftp_client_message_set_filename
+sftp_close
+sftp_closedir
+sftp_dir_eof
+sftp_extension_supported
+sftp_extensions_get_count
+sftp_extensions_get_data
+sftp_extensions_get_name
+sftp_file_set_blocking
+sftp_file_set_nonblocking
+sftp_free
+sftp_fstat
+sftp_fstatvfs
+sftp_fsync
+sftp_get_client_message
+sftp_get_error
+sftp_handle
+sftp_handle_alloc
+sftp_handle_remove
+sftp_init
+sftp_lstat
+sftp_mkdir
+sftp_new
+sftp_new_channel
+sftp_open
+sftp_opendir
+sftp_read
+sftp_readdir
+sftp_readlink
+sftp_rename
+sftp_reply_attr
+sftp_reply_data
+sftp_reply_handle
+sftp_reply_name
+sftp_reply_names
+sftp_reply_names_add
+sftp_reply_status
+sftp_rewind
+sftp_rmdir
+sftp_seek
+sftp_seek64
+sftp_send_client_message
+sftp_server_free
+sftp_server_init
+sftp_server_new
+sftp_server_version
+sftp_setstat
+sftp_stat
+sftp_statvfs
+sftp_statvfs_free
+sftp_symlink
+sftp_tell
+sftp_tell64
+sftp_unlink
+sftp_utimes
+sftp_write
+ssh_accept
+ssh_add_channel_callbacks
+ssh_auth_list
+ssh_basename
+ssh_bind_accept
+ssh_bind_accept_fd
+ssh_bind_fd_toaccept
+ssh_bind_free
+ssh_bind_get_fd
+ssh_bind_listen
+ssh_bind_new
+ssh_bind_options_parse_config
+ssh_bind_options_set
+ssh_bind_set_blocking
+ssh_bind_set_callbacks
+ssh_bind_set_fd
+ssh_blocking_flush
+ssh_buffer_add_data
+ssh_buffer_free
+ssh_buffer_get
+ssh_buffer_get_data
+ssh_buffer_get_len
+ssh_buffer_new
+ssh_buffer_reinit
+ssh_channel_accept_forward
+ssh_channel_accept_x11
+ssh_channel_cancel_forward
+ssh_channel_change_pty_size
+ssh_channel_close
+ssh_channel_free
+ssh_channel_get_exit_status
+ssh_channel_get_session
+ssh_channel_is_closed
+ssh_channel_is_eof
+ssh_channel_is_open
+ssh_channel_listen_forward
+ssh_channel_new
+ssh_channel_open_auth_agent
+ssh_channel_open_forward
+ssh_channel_open_forward_port
+ssh_channel_open_forward_unix
+ssh_channel_open_reverse_forward
+ssh_channel_open_session
+ssh_channel_open_x11
+ssh_channel_poll
+ssh_channel_poll_timeout
+ssh_channel_read
+ssh_channel_read_nonblocking
+ssh_channel_read_timeout
+ssh_channel_request_auth_agent
+ssh_channel_request_env
+ssh_channel_request_exec
+ssh_channel_request_pty
+ssh_channel_request_pty_size
+ssh_channel_request_send_break
+ssh_channel_request_send_exit_signal
+ssh_channel_request_send_exit_status
+ssh_channel_request_send_signal
+ssh_channel_request_sftp
+ssh_channel_request_shell
+ssh_channel_request_subsystem
+ssh_channel_request_x11
+ssh_channel_select
+ssh_channel_send_eof
+ssh_channel_set_blocking
+ssh_channel_set_counter
+ssh_channel_window_size
+ssh_channel_write
+ssh_channel_write_stderr
+ssh_clean_pubkey_hash
+ssh_connect
+ssh_connector_free
+ssh_connector_new
+ssh_connector_set_in_channel
+ssh_connector_set_in_fd
+ssh_connector_set_out_channel
+ssh_connector_set_out_fd
+ssh_copyright
+ssh_dirname
+ssh_disconnect
+ssh_dump_knownhost
+ssh_event_add_connector
+ssh_event_add_fd
+ssh_event_add_session
+ssh_event_dopoll
+ssh_event_free
+ssh_event_new
+ssh_event_remove_connector
+ssh_event_remove_fd
+ssh_event_remove_session
+ssh_execute_message_callbacks
+ssh_finalize
+ssh_forward_accept
+ssh_forward_cancel
+ssh_forward_listen
+ssh_free
+ssh_get_cipher_in
+ssh_get_cipher_out
+ssh_get_clientbanner
+ssh_get_disconnect_message
+ssh_get_error
+ssh_get_error_code
+ssh_get_fd
+ssh_get_fingerprint_hash
+ssh_get_hexa
+ssh_get_hmac_in
+ssh_get_hmac_out
+ssh_get_issue_banner
+ssh_get_kex_algo
+ssh_get_log_callback
+ssh_get_log_level
+ssh_get_log_userdata
+ssh_get_openssh_version
+ssh_get_poll_flags
+ssh_get_pubkey
+ssh_get_pubkey_hash
+ssh_get_publickey
+ssh_get_publickey_hash
+ssh_get_random
+ssh_get_server_publickey
+ssh_get_serverbanner
+ssh_get_status
+ssh_get_version
+ssh_getpass
+ssh_gssapi_get_creds
+ssh_gssapi_set_creds
+ssh_handle_key_exchange
+ssh_init
+ssh_is_blocking
+ssh_is_connected
+ssh_is_server_known
+ssh_key_cmp
+ssh_key_dup
+ssh_key_free
+ssh_key_is_private
+ssh_key_is_public
+ssh_key_new
+ssh_key_type
+ssh_key_type_from_name
+ssh_key_type_to_char
+ssh_known_hosts_parse_line
+ssh_knownhosts_entry_free
+ssh_log
+ssh_message_auth_interactive_request
+ssh_message_auth_kbdint_is_response
+ssh_message_auth_password
+ssh_message_auth_pubkey
+ssh_message_auth_publickey
+ssh_message_auth_publickey_state
+ssh_message_auth_reply_pk_ok
+ssh_message_auth_reply_pk_ok_simple
+ssh_message_auth_reply_success
+ssh_message_auth_set_methods
+ssh_message_auth_user
+ssh_message_channel_request_channel
+ssh_message_channel_request_command
+ssh_message_channel_request_env_name
+ssh_message_channel_request_env_value
+ssh_message_channel_request_open_destination
+ssh_message_channel_request_open_destination_port
+ssh_message_channel_request_open_originator
+ssh_message_channel_request_open_originator_port
+ssh_message_channel_request_open_reply_accept
+ssh_message_channel_request_open_reply_accept_channel
+ssh_message_channel_request_pty_height
+ssh_message_channel_request_pty_pxheight
+ssh_message_channel_request_pty_pxwidth
+ssh_message_channel_request_pty_term
+ssh_message_channel_request_pty_width
+ssh_message_channel_request_reply_success
+ssh_message_channel_request_subsystem
+ssh_message_channel_request_x11_auth_cookie
+ssh_message_channel_request_x11_auth_protocol
+ssh_message_channel_request_x11_screen_number
+ssh_message_channel_request_x11_single_connection
+ssh_message_free
+ssh_message_get
+ssh_message_global_request_address
+ssh_message_global_request_port
+ssh_message_global_request_reply_success
+ssh_message_reply_default
+ssh_message_retrieve
+ssh_message_service_reply_success
+ssh_message_service_service
+ssh_message_subtype
+ssh_message_type
+ssh_mkdir
+ssh_new
+ssh_options_copy
+ssh_options_get
+ssh_options_get_port
+ssh_options_getopt
+ssh_options_parse_config
+ssh_options_set
+ssh_pcap_file_close
+ssh_pcap_file_free
+ssh_pcap_file_new
+ssh_pcap_file_open
+ssh_pki_copy_cert_to_privkey
+ssh_pki_export_privkey_base64
+ssh_pki_export_privkey_file
+ssh_pki_export_privkey_to_pubkey
+ssh_pki_export_pubkey_base64
+ssh_pki_export_pubkey_file
+ssh_pki_generate
+ssh_pki_import_cert_base64
+ssh_pki_import_cert_file
+ssh_pki_import_privkey_base64
+ssh_pki_import_privkey_file
+ssh_pki_import_pubkey_base64
+ssh_pki_import_pubkey_file
+ssh_pki_key_ecdsa_name
+ssh_print_hash
+ssh_print_hexa
+ssh_privatekey_type
+ssh_publickey_to_file
+ssh_remove_channel_callbacks
+ssh_scp_accept_request
+ssh_scp_close
+ssh_scp_deny_request
+ssh_scp_free
+ssh_scp_init
+ssh_scp_leave_directory
+ssh_scp_new
+ssh_scp_pull_request
+ssh_scp_push_directory
+ssh_scp_push_file
+ssh_scp_push_file64
+ssh_scp_read
+ssh_scp_request_get_filename
+ssh_scp_request_get_permissions
+ssh_scp_request_get_size
+ssh_scp_request_get_size64
+ssh_scp_request_get_warning
+ssh_scp_write
+ssh_select
+ssh_send_debug
+ssh_send_ignore
+ssh_send_issue_banner
+ssh_send_keepalive
+ssh_server_init_kex
+ssh_service_request
+ssh_session_export_known_hosts_entry
+ssh_session_get_known_hosts_entry
+ssh_session_has_known_hosts_entry
+ssh_session_is_known_server
+ssh_session_set_disconnect_message
+ssh_session_update_known_hosts
+ssh_set_agent_channel
+ssh_set_agent_socket
+ssh_set_auth_methods
+ssh_set_blocking
+ssh_set_callbacks
+ssh_set_channel_callbacks
+ssh_set_counters
+ssh_set_fd_except
+ssh_set_fd_toread
+ssh_set_fd_towrite
+ssh_set_log_callback
+ssh_set_log_level
+ssh_set_log_userdata
+ssh_set_message_callback
+ssh_set_pcap_file
+ssh_set_server_callbacks
+ssh_silent_disconnect
+ssh_string_burn
+ssh_string_copy
+ssh_string_data
+ssh_string_fill
+ssh_string_free
+ssh_string_free_char
+ssh_string_from_char
+ssh_string_get_char
+ssh_string_len
+ssh_string_new
+ssh_string_to_char
+ssh_threads_get_default
+ssh_threads_get_noop
+ssh_threads_get_pthread
+ssh_threads_set_callbacks
+ssh_try_publickey_from_file
+ssh_userauth_agent
+ssh_userauth_agent_pubkey
+ssh_userauth_autopubkey
+ssh_userauth_gssapi
+ssh_userauth_kbdint
+ssh_userauth_kbdint_getanswer
+ssh_userauth_kbdint_getinstruction
+ssh_userauth_kbdint_getname
+ssh_userauth_kbdint_getnanswers
+ssh_userauth_kbdint_getnprompts
+ssh_userauth_kbdint_getprompt
+ssh_userauth_kbdint_setanswer
+ssh_userauth_list
+ssh_userauth_none
+ssh_userauth_offer_pubkey
+ssh_userauth_password
+ssh_userauth_privatekey_file
+ssh_userauth_pubkey
+ssh_userauth_publickey
+ssh_userauth_publickey_auto
+ssh_userauth_publickey_auto_get_current_identity
+ssh_userauth_try_publickey
+ssh_version
+ssh_vlog
+ssh_write_knownhost
+string_burn
+string_copy
+string_data
+string_fill
+string_free
+string_from_char
+string_len
+string_new
+string_to_char
\ No newline at end of file
diff --git a/libssh/src/CMakeLists.txt b/libssh/src/CMakeLists.txt
index c090fef7..e0243bb0 100644
--- a/libssh/src/CMakeLists.txt
+++ b/libssh/src/CMakeLists.txt
@@ -9,50 +9,20 @@ set(LIBSSH_LINK_LIBRARIES
   ${LIBSSH_REQUIRED_LIBRARIES}
 )
 
-if (OPENSSL_CRYPTO_LIBRARIES)
-  set(LIBSSH_PRIVATE_INCLUDE_DIRS
-    ${LIBSSH_PRIVATE_INCLUDE_DIRS}
-    ${OPENSSL_INCLUDE_DIR}
-  )
-
-  set(LIBSSH_LINK_LIBRARIES
-    ${LIBSSH_LINK_LIBRARIES}
-    ${OPENSSL_CRYPTO_LIBRARIES}
-  )
-endif (OPENSSL_CRYPTO_LIBRARIES)
-
-if (MBEDTLS_CRYPTO_LIBRARY)
-    set(LIBSSH_PRIVATE_INCLUDE_DIRS
-      ${LIBSSH_PRIVATE_INCLUDE_DIRS}
-      ${MBEDTLS_INCLUDE_DIR}
-    )
-  set(LIBSSH_LINK_LIBRARIES
-    ${LIBSSH_LINK_LIBRARIES}
-    ${MBEDTLS_CRYPTO_LIBRARY}
-  )
-endif (MBEDTLS_CRYPTO_LIBRARY)
+if (TARGET OpenSSL::Crypto)
+  list(APPEND LIBSSH_LINK_LIBRARIES OpenSSL::Crypto)
+endif ()
 
-if (GCRYPT_LIBRARIES)
-  set(LIBSSH_PRIVATE_INCLUDE_DIRS
-    ${LIBSSH_PRIVATE_INCLUDE_DIRS}
-    ${GCRYPT_INCLUDE_DIR}
-  )
+if (TARGET MbedTLS::mbedcrypto)
+  list(APPEND LIBSSH_LINK_LIBRARIES MbedTLS::mbedcrypto)
+endif ()
 
-  set(LIBSSH_LINK_LIBRARIES
-    ${LIBSSH_LINK_LIBRARIES}
-    ${GCRYPT_LIBRARIES})
-endif()
+if (TARGET libgcrypt::libgcrypt)
+  list(APPEND LIBSSH_LINK_LIBRARIES ${GCRYPT_LIBRARIES})
+endif ()
 
 if (WITH_ZLIB)
-  set(LIBSSH_PRIVATE_INCLUDE_DIRS
-    ${LIBSSH_PRIVATE_INCLUDE_DIRS}
-    ${ZLIB_INCLUDE_DIR}
-  )
-
-  set(LIBSSH_LINK_LIBRARIES
-    ${LIBSSH_LINK_LIBRARIES}
-    ${ZLIB_LIBRARY}
-  )
+  list(APPEND LIBSSH_LINK_LIBRARIES ZLIB::ZLIB)
 endif (WITH_ZLIB)
 
 if (WITH_GSSAPI AND GSSAPI_FOUND)
@@ -86,11 +56,12 @@ if (MINGW AND Threads_FOUND)
   )
 endif()
 
-# This needs to be last for mingw to build
+# The ws2_32 needs to be last for mingw to build
 # https://gitlab.com/libssh/libssh-mirror/-/issues/84
 if (WIN32)
   set(LIBSSH_LINK_LIBRARIES
     ${LIBSSH_LINK_LIBRARIES}
+    iphlpapi
     ws2_32
   )
 endif (WIN32)
@@ -120,6 +91,7 @@ set(libssh_SRCS
   ecdh.c
   error.c
   getpass.c
+  gzip.c
   init.c
   kdf.c
   kex.c
@@ -143,6 +115,7 @@ set(libssh_SRCS
   socket.c
   string.c
   threads.c
+  ttyopts.c
   wrapper.c
   external/bcrypt_pbkdf.c
   external/blowfish.c
@@ -238,33 +211,22 @@ else (WITH_GCRYPT)
         libcrypto.c
         dh_crypto.c
        )
-    if (NOT HAVE_OPENSSL_ED25519)
-        set(libssh_SRCS
-            ${libssh_SRCS}
-            pki_ed25519.c
-            external/ed25519.c
-            external/fe25519.c
-            external/ge25519.c
-            external/sc25519.c
-           )
-    endif (NOT HAVE_OPENSSL_ED25519)
-    if (NOT (HAVE_OPENSSL_EVP_CHACHA20 AND HAVE_OPENSSL_EVP_POLY1305))
+    if (NOT HAVE_OPENSSL_EVP_CHACHA20)
         set(libssh_SRCS
             ${libssh_SRCS}
             external/chacha.c
             external/poly1305.c
             chachapoly.c
         )
-    endif (NOT (HAVE_OPENSSL_EVP_CHACHA20 AND HAVE_OPENSSL_EVP_POLY1305))
-    if(OPENSSL_VERSION VERSION_LESS "1.1.0")
-        set(libssh_SRCS ${libssh_SRCS} libcrypto-compat.c)
-    endif()
+    endif (NOT HAVE_OPENSSL_EVP_CHACHA20)
 endif (WITH_GCRYPT)
 
 if (WITH_SFTP)
   set(libssh_SRCS
     ${libssh_SRCS}
     sftp.c
+    sftp_common.c
+    sftp_aio.c
   )
 
   if (WITH_SERVER)
@@ -291,13 +253,6 @@ if (WITH_GEX)
   )
 endif (WITH_GEX)
 
-if (WITH_ZLIB)
-  set(libssh_SRCS
-    ${libssh_SRCS}
-    gzip.c
-  )
-endif(WITH_ZLIB)
-
 if (WITH_GSSAPI AND GSSAPI_FOUND)
   set(libssh_SRCS
     ${libssh_SRCS}
@@ -306,7 +261,7 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
 endif (WITH_GSSAPI AND GSSAPI_FOUND)
 
 if (NOT WITH_NACL)
-    if (NOT HAVE_LIBCRYPTO OR NOT HAVE_OPENSSL_ED25519)
+    if (NOT HAVE_LIBCRYPTO)
         set(libssh_SRCS
             ${libssh_SRCS}
             external/curve25519_ref.c
@@ -348,9 +303,16 @@ endif (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT AND ABIMAP_FOUND)
 # This gets built as a static library, if -DBUILD_SHARED_LIBS=OFF is passed to
 # cmake.
 add_library(ssh ${libssh_SRCS})
+target_compile_options(ssh
+                       PRIVATE
+                           ${DEFAULT_C_COMPILE_FLAGS})
+if (CYGWIN)
+    target_compile_definitions(ssh PRIVATE _GNU_SOURCE)
+endif ()
 target_include_directories(ssh
                            PUBLIC
                                $<BUILD_INTERFACE:${libssh_SOURCE_DIR}/include>
+                               $<BUILD_INTERFACE:${libssh_BINARY_DIR}/include>
                                $<INSTALL_INTERFACE:include>
                            PRIVATE ${LIBSSH_PRIVATE_INCLUDE_DIRS})
 
@@ -374,6 +336,8 @@ endif (WITH_SYMBOL_VERSIONING AND HAVE_LD_VERSION_SCRIPT)
 
 set_target_properties(ssh
     PROPERTIES
+      C_STANDARD
+        99
       VERSION
         ${LIBRARY_VERSION}
       SOVERSION
@@ -390,6 +354,10 @@ if (MINGW)
     target_link_libraries(ssh PRIVATE "-Wl,--enable-stdcall-fixup")
     target_compile_definitions(ssh PRIVATE "_POSIX_SOURCE")
 endif ()
+if (WITH_COVERAGE)
+    include(CodeCoverage)
+    append_coverage_compiler_flags_to_target(ssh)
+endif (WITH_COVERAGE)
 
 
 install(TARGETS ssh
@@ -404,10 +372,17 @@ install(EXPORT libssh-config
 
 if (BUILD_STATIC_LIB)
   add_library(ssh-static STATIC ${libssh_SRCS})
+  target_compile_options(ssh-static
+                         PRIVATE
+                             ${DEFAULT_C_COMPILE_FLAGS})
+  if (CYGWIN)
+    target_compile_definitions(ssh-static PRIVATE _GNU_SOURCE)
+  endif ()
 
   target_include_directories(ssh-static
                              PUBLIC
                                  $<BUILD_INTERFACE:${libssh_SOURCE_DIR}/include>
+                                 $<BUILD_INTERFACE:${libssh_BINARY_DIR}/include>
                                  $<INSTALL_INTERFACE:include>
                              PRIVATE ${LIBSSH_PRIVATE_INCLUDE_DIRS})
   target_link_libraries(ssh-static
@@ -435,6 +410,9 @@ if (BUILD_STATIC_LIB)
   if (WIN32)
     target_compile_definitions(ssh-static PUBLIC "LIBSSH_STATIC")
   endif (WIN32)
+    if (WITH_COVERAGE)
+        append_coverage_compiler_flags_to_target(ssh-static)
+    endif (WITH_COVERAGE)
 endif (BUILD_STATIC_LIB)
 
 message(STATUS "Threads_FOUND=${Threads_FOUND}")
diff --git a/libssh/src/agent.c b/libssh/src/agent.c
index 299b4ad1..58d7d03d 100644
--- a/libssh/src/agent.c
+++ b/libssh/src/agent.c
@@ -150,11 +150,21 @@ static void agent_set_channel(struct ssh_agent_struct *agent, ssh_channel channe
   agent->channel = channel;
 }
 
+/**
+ * @addtogroup libssh_auth
+ *
+ * @{
+ */
+
 /** @brief sets the SSH agent channel.
  * The SSH agent channel will be used to authenticate this client using
  * an agent through a channel, from another session. The most likely use
  * is to implement SSH Agent forwarding into a SSH proxy.
+ *
+ * @param session the session
+ *
  * @param[in] channel a SSH channel from another session.
+ *
  * @returns SSH_OK in case of success
  *          SSH_ERROR in case of an error
  */
@@ -189,6 +199,10 @@ int ssh_set_agent_socket(ssh_session session, socket_t fd){
   return SSH_OK;
 }
 
+/**
+ * @}
+ */
+
 void ssh_agent_close(struct ssh_agent_struct *agent) {
   if (agent == NULL) {
     return;
@@ -261,19 +275,19 @@ static int agent_talk(struct ssh_session_struct *session,
   char err_msg[SSH_ERRNO_MSG_MAX] = {0};
 
   len = ssh_buffer_get_len(request);
-  SSH_LOG(SSH_LOG_TRACE, "Request length: %u", len);
+  SSH_LOG(SSH_LOG_TRACE, "Request length: %" PRIu32, len);
   PUSH_BE_U32(payload, 0, len);
 
   /* send length and then the request packet */
   if (atomicio(session->agent, payload, 4, 0) == 4) {
     if (atomicio(session->agent, ssh_buffer_get(request), len, 0)
         != len) {
-      SSH_LOG(SSH_LOG_WARN, "atomicio sending request failed: %s",
-          ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
+      SSH_LOG(SSH_LOG_TRACE, "atomicio sending request failed: %s",
+          strerror(errno));
       return -1;
     }
   } else {
-    SSH_LOG(SSH_LOG_WARN,
+    SSH_LOG(SSH_LOG_TRACE,
         "atomicio sending request length failed: %s",
         ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
     return -1;
@@ -281,27 +295,27 @@ static int agent_talk(struct ssh_session_struct *session,
 
   /* wait for response, read the length of the response packet */
   if (atomicio(session->agent, payload, 4, 1) != 4) {
-    SSH_LOG(SSH_LOG_WARN, "atomicio read response length failed: %s",
-        ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
+    SSH_LOG(SSH_LOG_TRACE, "atomicio read response length failed: %s",
+        strerror(errno));
     return -1;
   }
 
   len = PULL_BE_U32(payload, 0);
   if (len > 256 * 1024) {
     ssh_set_error(session, SSH_FATAL,
-        "Authentication response too long: %u", len);
+        "Authentication response too long: %" PRIu32, len);
     return -1;
   }
-  SSH_LOG(SSH_LOG_TRACE, "Response length: %u", len);
+  SSH_LOG(SSH_LOG_TRACE, "Response length: %" PRIu32, len);
 
   payload = ssh_buffer_allocate(reply, len);
   if (payload == NULL) {
-    SSH_LOG(SSH_LOG_WARN, "Not enough space");
+    SSH_LOG(SSH_LOG_DEBUG, "Not enough space");
     return -1;
   }
 
   if (atomicio(session->agent, payload, len, 1) != len) {
-    SSH_LOG(SSH_LOG_WARN,
+    SSH_LOG(SSH_LOG_DEBUG,
         "Error reading response from authentication socket.");
     /* Rollback the unused space */
     ssh_buffer_pass_bytes_end(reply, len);
@@ -349,7 +363,7 @@ uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session)
     rc = ssh_buffer_get_u8(reply, (uint8_t *) &type);
     if (rc != sizeof(uint8_t)) {
         ssh_set_error(session, SSH_FATAL,
-                "Bad authentication reply size: %d", rc);
+                "Bad authentication reply size: %" PRIu32, rc);
         SSH_BUFFER_FREE(reply);
         return 0;
     }
@@ -357,7 +371,7 @@ uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session)
     type = bswap_32(type);
 #endif
 
-    SSH_LOG(SSH_LOG_WARN,
+    SSH_LOG(SSH_LOG_TRACE,
             "Answer type: %d, expected answer: %d",
             type, SSH2_AGENT_IDENTITIES_ANSWER);
 
@@ -390,9 +404,7 @@ uint32_t ssh_agent_get_ident_count(struct ssh_session_struct *session)
         return 0;
     }
 
-    if (session->agent->ident) {
-        ssh_buffer_reinit(session->agent->ident);
-    }
+    ssh_buffer_free(session->agent->ident);
     session->agent->ident = reply;
 
     return session->agent->count;
@@ -410,8 +422,9 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session,
 
 /* caller has to free comment */
 ssh_key ssh_agent_get_next_ident(struct ssh_session_struct *session,
-    char **comment) {
-    struct ssh_key_struct *key;
+                                 char **comment)
+{
+    struct ssh_key_struct *key = NULL;
     struct ssh_string_struct *blob = NULL;
     struct ssh_string_struct *tmp = NULL;
     int rc;
@@ -480,10 +493,10 @@ ssh_string ssh_agent_sign_data(ssh_session session,
                                const ssh_key pubkey,
                                struct ssh_buffer_struct *data)
 {
-    ssh_buffer request;
-    ssh_buffer reply;
-    ssh_string key_blob;
-    ssh_string sig_blob;
+    ssh_buffer request = NULL;
+    ssh_buffer reply = NULL;
+    ssh_string key_blob = NULL;
+    ssh_string sig_blob = NULL;
     unsigned int type = 0;
     unsigned int flags = 0;
     uint32_t dlen;
@@ -577,7 +590,7 @@ ssh_string ssh_agent_sign_data(ssh_session session,
 #endif
 
     if (agent_failed(type)) {
-        SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
+        SSH_LOG(SSH_LOG_DEBUG, "Agent reports failure in signing the key");
         SSH_BUFFER_FREE(reply);
         return NULL;
     } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
diff --git a/libssh/src/auth.c b/libssh/src/auth.c
index aa3aa965..d5983a65 100644
--- a/libssh/src/auth.c
+++ b/libssh/src/auth.c
@@ -47,7 +47,7 @@
 #include "libssh/legacy.h"
 
 /**
- * @defgroup libssh_auth The SSH authentication functions.
+ * @defgroup libssh_auth The SSH authentication functions
  * @ingroup libssh
  *
  * Functions to authenticate with a server.
@@ -72,7 +72,7 @@ static int ssh_userauth_request_service(ssh_session session)
 
     rc = ssh_service_request(session, "ssh-userauth");
     if ((rc != SSH_OK) && (rc != SSH_AGAIN)) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Failed to request \"ssh-userauth\" service");
     }
 
@@ -195,14 +195,15 @@ static int ssh_userauth_get_response(ssh_session session)
  *
  * This banner should be shown to user prior to authentication
  */
-SSH_PACKET_CALLBACK(ssh_packet_userauth_banner) {
-    ssh_string banner;
+SSH_PACKET_CALLBACK(ssh_packet_userauth_banner)
+{
+    ssh_string banner = NULL;
     (void)type;
     (void)user;
 
     banner = ssh_buffer_get_ssh_string(packet);
     if (banner == NULL) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Invalid SSH_USERAUTH_BANNER packet");
     } else {
         SSH_LOG(SSH_LOG_DEBUG,
@@ -240,7 +241,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure) {
 
     if (partial) {
         session->auth.state = SSH_AUTH_STATE_PARTIAL;
-        SSH_LOG(SSH_LOG_INFO,
+        SSH_LOG(SSH_LOG_DEBUG,
                 "Partial success for '%s'. Authentication that can continue: %s",
                 current_method,
                 auth_methods);
@@ -250,7 +251,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_failure) {
                       "Access denied for '%s'. Authentication that can continue: %s",
                       current_method,
                       auth_methods);
-        SSH_LOG(SSH_LOG_INFO,
+        SSH_LOG(SSH_LOG_DEBUG,
                 "%s",
                 ssh_get_error(session));
 
@@ -521,6 +522,17 @@ int ssh_userauth_try_publickey(ssh_session session,
             return SSH_AUTH_ERROR;
     }
 
+    /* Note, that this is intentionally before checking the signature type
+     * compatibility to make sure the possible EXT_INFO packet is processed,
+     * extensions recorded and the right signature type is used below
+     */
+    rc = ssh_userauth_request_service(session);
+    if (rc == SSH_AGAIN) {
+        return SSH_AUTH_AGAIN;
+    } else if (rc == SSH_ERROR) {
+        return SSH_AUTH_ERROR;
+    }
+
     /* Check if the given public key algorithm is allowed */
     sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
     if (sig_type_c == NULL) {
@@ -544,19 +556,13 @@ int ssh_userauth_try_publickey(ssh_session session,
         return SSH_AUTH_DENIED;
     }
 
-    rc = ssh_userauth_request_service(session);
-    if (rc == SSH_AGAIN) {
-        return SSH_AUTH_AGAIN;
-    } else if (rc == SSH_ERROR) {
-        return SSH_AUTH_ERROR;
-    }
-
     /* public key */
     rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_s);
     if (rc < 0) {
         goto fail;
     }
 
+    SSH_LOG(SSH_LOG_TRACE, "Trying signature type %s", sig_type_c);
     /* request */
     rc = ssh_buffer_pack(session->out_buffer, "bsssbsS",
             SSH2_MSG_USERAUTH_REQUEST,
@@ -651,6 +657,17 @@ int ssh_userauth_publickey(ssh_session session,
             return SSH_AUTH_ERROR;
     }
 
+    /* Note, that this is intentionally before checking the signature type
+     * compatibility to make sure the possible EXT_INFO packet is processed,
+     * extensions recorded and the right signature type is used below
+     */
+    rc = ssh_userauth_request_service(session);
+    if (rc == SSH_AGAIN) {
+        return SSH_AUTH_AGAIN;
+    } else if (rc == SSH_ERROR) {
+        return SSH_AUTH_ERROR;
+    }
+
     /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
     key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
 
@@ -677,19 +694,13 @@ int ssh_userauth_publickey(ssh_session session,
         return SSH_AUTH_DENIED;
     }
 
-    rc = ssh_userauth_request_service(session);
-    if (rc == SSH_AGAIN) {
-        return SSH_AUTH_AGAIN;
-    } else if (rc == SSH_ERROR) {
-        return SSH_AUTH_ERROR;
-    }
-
     /* get public key or cert */
     rc = ssh_pki_export_pubkey_blob(privkey, &str);
     if (rc < 0) {
         goto fail;
     }
 
+    SSH_LOG(SSH_LOG_TRACE, "Sending signature type %s", sig_type_c);
     /* request */
     rc = ssh_buffer_pack(session->out_buffer, "bsssbsS",
             SSH2_MSG_USERAUTH_REQUEST,
@@ -754,18 +765,23 @@ static int ssh_userauth_agent_publickey(ssh_session session,
     bool allowed;
     int rc;
 
-    switch(session->pending_call_state) {
-        case SSH_PENDING_CALL_NONE:
-            break;
-        case SSH_PENDING_CALL_AUTH_AGENT:
-            goto pending;
-        default:
-            ssh_set_error(session,
-                          SSH_FATAL,
-                          "Bad call during pending SSH call in ssh_userauth_try_publickey");
-            return SSH_ERROR;
+    switch (session->pending_call_state) {
+    case SSH_PENDING_CALL_NONE:
+        break;
+    case SSH_PENDING_CALL_AUTH_AGENT:
+        goto pending;
+    default:
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Bad call during pending SSH call in %s",
+                      __func__);
+        return SSH_ERROR;
     }
 
+    /* Note, that this is intentionally before checking the signature type
+     * compatibility to make sure the possible EXT_INFO packet is processed,
+     * extensions recorded and the right signature type is used below
+     */
     rc = ssh_userauth_request_service(session);
     if (rc == SSH_AGAIN) {
         return SSH_AUTH_AGAIN;
@@ -807,14 +823,14 @@ static int ssh_userauth_agent_publickey(ssh_session session,
 
     /* request */
     rc = ssh_buffer_pack(session->out_buffer, "bsssbsS",
-            SSH2_MSG_USERAUTH_REQUEST,
-            username ? username : session->opts.username,
-            "ssh-connection",
-            "publickey",
-            1, /* private key */
-            sig_type_c, /* algo */
-            pubkey_s /* public key */
-            );
+                         SSH2_MSG_USERAUTH_REQUEST,
+                         username ? username : session->opts.username,
+                         "ssh-connection",
+                         "publickey",
+                         1, /* private key */
+                         sig_type_c, /* algo */
+                         pubkey_s /* public key */
+                         );
     SSH_STRING_FREE(pubkey_s);
     if (rc < 0) {
         goto fail;
@@ -858,6 +874,7 @@ static int ssh_userauth_agent_publickey(ssh_session session,
 enum ssh_agent_state_e {
     SSH_AGENT_STATE_NONE = 0,
     SSH_AGENT_STATE_PUBKEY,
+    SSH_AGENT_STATE_CERT,
     SSH_AGENT_STATE_AUTH
 };
 
@@ -905,7 +922,12 @@ int ssh_userauth_agent(ssh_session session,
                        const char *username)
 {
     int rc = SSH_AUTH_ERROR;
-    struct ssh_agent_state_struct *state;
+    struct ssh_agent_state_struct *state = NULL;
+    ssh_key *configKeys = NULL;
+    ssh_key *configCerts = NULL;
+    size_t configKeysCount = 0;
+    size_t configCertsCount = 0;
+    size_t i;
 
     if (session == NULL) {
         return SSH_AUTH_ERROR;
@@ -922,7 +944,7 @@ int ssh_userauth_agent(ssh_session session,
             return SSH_AUTH_ERROR;
         }
         ZERO_STRUCTP(session->agent_state);
-        session->agent_state->state=SSH_AGENT_STATE_NONE;
+        session->agent_state->state = SSH_AGENT_STATE_NONE;
     }
 
     state = session->agent_state;
@@ -934,62 +956,230 @@ int ssh_userauth_agent(ssh_session session,
         return SSH_AUTH_DENIED;
     }
 
+    if (session->opts.identities_only) {
+        /*
+         * Read keys mentioned in the config, so we can check if key from agent
+         * is in there.
+         */
+        size_t identityLen = ssh_list_count(session->opts.identity);
+        size_t certsLen = ssh_list_count(session->opts.certificate);
+        struct ssh_iterator *it = ssh_list_get_iterator(session->opts.identity);
+
+        configKeys = malloc(identityLen * sizeof(ssh_key));
+        configCerts = malloc((certsLen + identityLen) * sizeof(ssh_key));
+        if (configKeys == NULL || configCerts == NULL) {
+            free(configKeys);
+            free(configCerts);
+            ssh_set_error_oom(session);
+            return SSH_AUTH_ERROR;
+        }
+
+        while (it != NULL && configKeysCount < identityLen) {
+            const char *privkeyFile = it->data;
+            size_t certPathLen;
+            char *certFile = NULL;
+            ssh_key pubkey = NULL;
+            ssh_key cert = NULL;
+
+            /*
+             * Read the private key file listed in the config, but we're only
+             * interested in the public key. Don't try to decrypt private key.
+             */
+            rc = ssh_pki_import_pubkey_file(privkeyFile, &pubkey);
+            if (rc == SSH_OK) {
+                configKeys[configKeysCount++] = pubkey;
+            } else {
+                char *pubkeyFile = NULL;
+                size_t pubkeyPathLen = strlen(privkeyFile) + sizeof(".pub");
+
+                SSH_KEY_FREE(pubkey);
+
+                /*
+                * If we couldn't get the public key from the private key file,
+                * try a .pub file instead.
+                */
+                pubkeyFile = malloc(pubkeyPathLen);
+                if (!pubkeyFile) {
+                    ssh_set_error_oom(session);
+                    rc = SSH_AUTH_ERROR;
+                    goto done;
+                }
+                snprintf(pubkeyFile, pubkeyPathLen, "%s.pub", privkeyFile);
+                rc = ssh_pki_import_pubkey_file(pubkeyFile, &pubkey);
+                free(pubkeyFile);
+                if (rc == SSH_OK) {
+                    configKeys[configKeysCount++] = pubkey;
+                } else if (pubkey) {
+                    SSH_KEY_FREE(pubkey);
+                }
+            }
+            /* Now try to see if there is a certificate with default name
+             * do not merge it yet with the key as we need to try first the
+             * non-certified key */
+            certPathLen = strlen(privkeyFile) + sizeof("-cert.pub");
+            certFile = malloc(certPathLen);
+            if (!certFile) {
+                ssh_set_error_oom(session);
+                rc = SSH_AUTH_ERROR;
+                goto done;
+            }
+            snprintf(certFile, certPathLen, "%s-cert.pub", privkeyFile);
+            rc = ssh_pki_import_cert_file(certFile, &cert);
+            free(certFile);
+            if (rc == SSH_OK) {
+                configCerts[configCertsCount++] = cert;
+            } else if (cert) {
+                SSH_KEY_FREE(cert);
+            }
+
+            it = it->next;
+        }
+        /* And now load separately-listed certificates. */
+        it = ssh_list_get_iterator(session->opts.certificate);
+        while (it != NULL && configCertsCount < certsLen + identityLen) {
+            const char *certFile = it->data;
+            ssh_key cert = NULL;
+
+            rc = ssh_pki_import_cert_file(certFile, &cert);
+            if (rc == SSH_OK) {
+                configCerts[configCertsCount++] = cert;
+            } else if (cert) {
+                SSH_KEY_FREE(cert);
+            }
+
+            it = it->next;
+        }
+    }
+
     while (state->pubkey != NULL) {
         if (state->state == SSH_AGENT_STATE_NONE) {
             SSH_LOG(SSH_LOG_DEBUG,
-                    "Trying identity %s", state->comment);
+                    "Trying identity %s",
+                    state->comment);
+            if (session->opts.identities_only) {
+                /* Check if this key is one of the keys listed in the config */
+                bool found_key = false;
+                for (i = 0; i < configKeysCount; i++) {
+                    int cmp = ssh_key_cmp(state->pubkey,
+                                          configKeys[i],
+                                          SSH_KEY_CMP_PUBLIC);
+                    if (cmp == 0) {
+                        found_key = true;
+                        break;
+                    }
+                }
+                /* or in separate certificates */
+                for (i = 0; i < configCertsCount; i++) {
+                    int cmp = ssh_key_cmp(state->pubkey,
+                                          configCerts[i],
+                                          SSH_KEY_CMP_PUBLIC);
+                    if (cmp == 0) {
+                        found_key = true;
+                        break;
+                    }
+                }
+
+                if (!found_key) {
+                    SSH_LOG(SSH_LOG_DEBUG,
+                            "Identities only is enabled and identity %s was "
+                            "not listed in config, skipping",
+                            state->comment);
+                    SSH_STRING_FREE_CHAR(state->comment);
+                    state->comment = NULL;
+                    SSH_KEY_FREE(state->pubkey);
+                    state->pubkey = ssh_agent_get_next_ident(
+                        session, &state->comment);
+
+                    if (state->pubkey == NULL) {
+                        rc = SSH_AUTH_DENIED;
+                    }
+                    continue;
+                }
+            }
         }
         if (state->state == SSH_AGENT_STATE_NONE ||
-                state->state == SSH_AGENT_STATE_PUBKEY) {
+            state->state == SSH_AGENT_STATE_PUBKEY ||
+            state->state == SSH_AGENT_STATE_CERT) {
             rc = ssh_userauth_try_publickey(session, username, state->pubkey);
             if (rc == SSH_AUTH_ERROR) {
-                ssh_agent_state_free (state);
+                ssh_agent_state_free(state);
                 session->agent_state = NULL;
-                return rc;
+                goto done;
             } else if (rc == SSH_AUTH_AGAIN) {
-                state->state = SSH_AGENT_STATE_PUBKEY;
-                return rc;
+                state->state = (state->state == SSH_AGENT_STATE_NONE ?
+                                SSH_AGENT_STATE_PUBKEY : state->state);
+                goto done;
             } else if (rc != SSH_AUTH_SUCCESS) {
                 SSH_LOG(SSH_LOG_DEBUG,
-                        "Public key of %s refused by server", state->comment);
+                        "Public key of %s refused by server",
+                        state->comment);
+                if (state->state == SSH_AGENT_STATE_PUBKEY) {
+                    for (i = 0; i < configCertsCount; i++) {
+                        int cmp = ssh_key_cmp(state->pubkey,
+                                              configCerts[i],
+                                              SSH_KEY_CMP_PUBLIC);
+                        if (cmp == 0) {
+                            SSH_LOG(SSH_LOG_DEBUG,
+                                    "Retry with matching certificate");
+                            SSH_KEY_FREE(state->pubkey);
+                            state->pubkey = ssh_key_dup(configCerts[i]);
+                            state->state = SSH_AGENT_STATE_CERT;
+                            continue;
+                        }
+                    }
+                }
                 SSH_STRING_FREE_CHAR(state->comment);
                 state->comment = NULL;
-                ssh_key_free(state->pubkey);
-                state->pubkey = ssh_agent_get_next_ident(session, &state->comment);
+                SSH_KEY_FREE(state->pubkey);
+                state->pubkey = ssh_agent_get_next_ident(session,
+                                                         &state->comment);
                 state->state = SSH_AGENT_STATE_NONE;
                 continue;
             }
 
             SSH_LOG(SSH_LOG_DEBUG,
-                    "Public key of %s accepted by server", state->comment);
+                    "Public key of %s accepted by server",
+                    state->comment);
             state->state = SSH_AGENT_STATE_AUTH;
         }
         if (state->state == SSH_AGENT_STATE_AUTH) {
             rc = ssh_userauth_agent_publickey(session, username, state->pubkey);
-            if (rc == SSH_AUTH_AGAIN)
-                return rc;
+            if (rc == SSH_AUTH_AGAIN) {
+                goto done;
+            }
             SSH_STRING_FREE_CHAR(state->comment);
             state->comment = NULL;
             if (rc == SSH_AUTH_ERROR || rc == SSH_AUTH_PARTIAL) {
-                ssh_agent_state_free (session->agent_state);
+                ssh_agent_state_free(session->agent_state);
                 session->agent_state = NULL;
-                return rc;
+                goto done;
             } else if (rc != SSH_AUTH_SUCCESS) {
-                SSH_LOG(SSH_LOG_INFO,
+                SSH_LOG(SSH_LOG_DEBUG,
                         "Server accepted public key but refused the signature");
-                ssh_key_free(state->pubkey);
-                state->pubkey = ssh_agent_get_next_ident(session, &state->comment);
+                SSH_KEY_FREE(state->pubkey);
+                state->pubkey = ssh_agent_get_next_ident(session,
+                                                         &state->comment);
                 state->state = SSH_AGENT_STATE_NONE;
                 continue;
             }
             ssh_agent_state_free (session->agent_state);
             session->agent_state = NULL;
-            return SSH_AUTH_SUCCESS;
+            rc = SSH_AUTH_SUCCESS;
+            goto done;
         }
     }
 
     ssh_agent_state_free (session->agent_state);
     session->agent_state = NULL;
+done:
+    for (i = 0; i < configKeysCount; i++) {
+        ssh_key_free(configKeys[i]);
+    }
+    free(configKeys);
+    for (i = 0; i < configCertsCount; i++) {
+        ssh_key_free(configCerts[i]);
+    }
+    free(configCerts);
     return rc;
 }
 
@@ -997,6 +1187,8 @@ enum ssh_auth_auto_state_e {
     SSH_AUTH_AUTO_STATE_NONE = 0,
     SSH_AUTH_AUTO_STATE_PUBKEY,
     SSH_AUTH_AUTO_STATE_KEY_IMPORTED,
+    SSH_AUTH_AUTO_STATE_CERTIFICATE_FILE,
+    SSH_AUTH_AUTO_STATE_CERTIFICATE_OPTION,
     SSH_AUTH_AUTO_STATE_PUBKEY_ACCEPTED
 };
 
@@ -1005,6 +1197,8 @@ struct ssh_auth_auto_state_struct {
     struct ssh_iterator *it;
     ssh_key privkey;
     ssh_key pubkey;
+    ssh_key cert;
+    struct ssh_iterator *cert_it;
 };
 
 /**
@@ -1039,7 +1233,8 @@ int ssh_userauth_publickey_auto_get_current_identity(ssh_session session,
         return SSH_ERROR;
     }
 
-    if (session->auth.auto_state != NULL && session->auth.auto_state->it != NULL) {
+    if (session->auth.auto_state != NULL &&
+        session->auth.auto_state->it != NULL) {
         id = session->auth.auto_state->it->data;
     }
 
@@ -1083,6 +1278,9 @@ int ssh_userauth_publickey_auto_get_current_identity(ssh_session session,
  * @note Most server implementations do not permit changing the username during
  * authentication. The username should only be set with ssh_options_set() only
  * before you connect to the server.
+ *
+ * The OpenSSH iterates over the identities and first try the plain public key
+ * and then the certificate if it is in place.
  */
 int ssh_userauth_publickey_auto(ssh_session session,
                                 const char *username,
@@ -1090,7 +1288,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
 {
     ssh_auth_callback auth_fn = NULL;
     void *auth_data = NULL;
-    struct ssh_auth_auto_state_struct *state;
+    struct ssh_auth_auto_state_struct *state = NULL;
     int rc;
 
     if (session == NULL) {
@@ -1121,7 +1319,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
         rc = ssh_userauth_agent(session, username);
         if (rc == SSH_AUTH_SUCCESS ||
             rc == SSH_AUTH_PARTIAL ||
-            rc == SSH_AUTH_AGAIN ) {
+            rc == SSH_AUTH_AGAIN) {
             return rc;
         }
         state->state = SSH_AUTH_AUTO_STATE_PUBKEY;
@@ -1136,10 +1334,13 @@ int ssh_userauth_publickey_auto(ssh_session session,
 
         if (state->state == SSH_AUTH_AUTO_STATE_PUBKEY) {
             SSH_LOG(SSH_LOG_DEBUG,
-                    "Trying to authenticate with %s", privkey_file);
+                    "Trying to authenticate with %s",
+                    privkey_file);
+            state->cert = NULL;
             state->privkey = NULL;
             state->pubkey = NULL;
 
+#ifdef WITH_PKCS11_URI
             if (ssh_pki_is_uri(privkey_file)) {
                 char *pub_uri_from_priv = NULL;
                 SSH_LOG(SSH_LOG_INFO,
@@ -1148,84 +1349,165 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 if (pub_uri_from_priv == NULL) {
                     return SSH_ERROR;
                 } else {
-                    snprintf(pubkey_file, sizeof(pubkey_file), "%s",
+                    snprintf(pubkey_file,
+                             sizeof(pubkey_file),
+                             "%s",
                              pub_uri_from_priv);
                     SAFE_FREE(pub_uri_from_priv);
                 }
-            } else {
-                snprintf(pubkey_file, sizeof(pubkey_file), "%s.pub", privkey_file);
+            } else
+#endif /* WITH_PKCS11_URI */
+            {
+                snprintf(pubkey_file,
+                         sizeof(pubkey_file),
+                         "%s.pub",
+                         privkey_file);
             }
 
             rc = ssh_pki_import_pubkey_file(pubkey_file, &state->pubkey);
             if (rc == SSH_ERROR) {
                 ssh_set_error(session,
-                        SSH_FATAL,
-                        "Failed to import public key: %s",
-                        pubkey_file);
+                              SSH_FATAL,
+                              "Failed to import public key: %s",
+                              pubkey_file);
                 SAFE_FREE(session->auth.auto_state);
                 return SSH_AUTH_ERROR;
             } else if (rc == SSH_EOF) {
                 /* Read the private key and save the public key to file */
                 rc = ssh_pki_import_privkey_file(privkey_file,
-                        passphrase,
-                        auth_fn,
-                        auth_data,
-                        &state->privkey);
+                                                 passphrase,
+                                                 auth_fn,
+                                                 auth_data,
+                                                 &state->privkey);
                 if (rc == SSH_ERROR) {
                     ssh_set_error(session,
-                            SSH_FATAL,
-                            "Failed to read private key: %s",
-                            privkey_file);
-                    state->it=state->it->next;
+                                  SSH_FATAL,
+                                  "Failed to read private key: %s",
+                                  privkey_file);
+                    state->it = state->it->next;
                     continue;
                 } else if (rc == SSH_EOF) {
                     /* If the file doesn't exist, continue */
                     SSH_LOG(SSH_LOG_DEBUG,
                             "Private key %s doesn't exist.",
                             privkey_file);
-                    state->it=state->it->next;
+                    state->it = state->it->next;
                     continue;
                 }
 
-                rc = ssh_pki_export_privkey_to_pubkey(state->privkey, &state->pubkey);
+                rc = ssh_pki_export_privkey_to_pubkey(state->privkey,
+                                                      &state->pubkey);
                 if (rc == SSH_ERROR) {
-                    ssh_key_free(state->privkey);
+                    SSH_KEY_FREE(state->privkey);
                     SAFE_FREE(session->auth.auto_state);
                     return SSH_AUTH_ERROR;
                 }
 
                 rc = ssh_pki_export_pubkey_file(state->pubkey, pubkey_file);
                 if (rc == SSH_ERROR) {
-                    SSH_LOG(SSH_LOG_WARN,
+                    SSH_LOG(SSH_LOG_TRACE,
                             "Could not write public key to file: %s",
                             pubkey_file);
                 }
             }
             state->state = SSH_AUTH_AUTO_STATE_KEY_IMPORTED;
         }
-        if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED) {
-            rc = ssh_userauth_try_publickey(session, username, state->pubkey);
+        if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED ||
+            state->state == SSH_AUTH_AUTO_STATE_CERTIFICATE_FILE ||
+            state->state == SSH_AUTH_AUTO_STATE_CERTIFICATE_OPTION) {
+            ssh_key k = state->pubkey;
+            if (state->state != SSH_AUTH_AUTO_STATE_KEY_IMPORTED) {
+                k = state->cert;
+            }
+            rc = ssh_userauth_try_publickey(session, username, k);
             if (rc == SSH_AUTH_ERROR) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "Public key authentication error for %s",
                         privkey_file);
-                ssh_key_free(state->privkey);
-                state->privkey = NULL;
-                ssh_key_free(state->pubkey);
-                state->pubkey = NULL;
+                SSH_KEY_FREE(state->cert);
+                SSH_KEY_FREE(state->privkey);
+                SSH_KEY_FREE(state->pubkey);
                 SAFE_FREE(session->auth.auto_state);
                 return rc;
             } else if (rc == SSH_AUTH_AGAIN) {
                 return rc;
             } else if (rc != SSH_AUTH_SUCCESS) {
+                int r; /* do not reuse `rc` as it is used to return from here */
+                SSH_KEY_FREE(state->cert);
                 SSH_LOG(SSH_LOG_DEBUG,
-                        "Public key for %s refused by server",
-                        privkey_file);
-                ssh_key_free(state->privkey);
-                state->privkey = NULL;
-                ssh_key_free(state->pubkey);
-                state->pubkey = NULL;
-                state->it=state->it->next;
+                        "Public key for %s%s refused by server",
+                        privkey_file,
+                        (state->state != SSH_AUTH_AUTO_STATE_KEY_IMPORTED
+                            ? " (with certificate)" : ""));
+                /* Try certificate file by appending -cert.pub (if present) */
+                if (state->state == SSH_AUTH_AUTO_STATE_KEY_IMPORTED) {
+                    char cert_file[PATH_MAX] = {0};
+                    ssh_key cert = NULL;
+
+                    snprintf(cert_file,
+                             sizeof(cert_file),
+                             "%s-cert.pub",
+                             privkey_file);
+                    SSH_LOG(SSH_LOG_TRACE,
+                            "Trying to load the certificate %s (default path)",
+                            cert_file);
+                    r = ssh_pki_import_cert_file(cert_file, &cert);
+                    if (r == SSH_OK) {
+                        /* TODO check the pubkey and certs match */
+                        SSH_LOG(SSH_LOG_TRACE,
+                                "Certificate loaded %s. Retry the authentication.",
+                                cert_file);
+                        state->state = SSH_AUTH_AUTO_STATE_CERTIFICATE_FILE;
+                        SSH_KEY_FREE(state->cert);
+                        state->cert = cert;
+                        /* try to authenticate with this certificate */
+                        continue;
+                    }
+                    /* if the file does not exists, try configuration options */
+                    state->state = SSH_AUTH_AUTO_STATE_CERTIFICATE_OPTION;
+                }
+                /* Try certificate files loaded through options */
+                if (state->state == SSH_AUTH_AUTO_STATE_CERTIFICATE_OPTION) {
+                    SSH_KEY_FREE(state->cert);
+                    if (state->cert_it == NULL) {
+                        state->cert_it = ssh_list_get_iterator(session->opts.certificate);
+                    }
+                    while (state->cert_it != NULL) {
+                        const char *cert_file = state->cert_it->data;
+                        ssh_key cert = NULL;
+
+                        SSH_LOG(SSH_LOG_TRACE,
+                                "Trying to load the certificate %s (options)",
+                                cert_file);
+                        r = ssh_pki_import_cert_file(cert_file, &cert);
+                        if (r == SSH_OK) {
+                            int cmp = ssh_key_cmp(cert,
+                                                  state->pubkey,
+                                                  SSH_KEY_CMP_PUBLIC);
+                            if (cmp != 0) {
+                                state->cert_it = state->cert_it->next;
+                                SSH_KEY_FREE(cert);
+                                continue; /* with next cert */
+                            }
+                            SSH_LOG(SSH_LOG_TRACE,
+                                    "Found matching certificate %s in options. Retry the authentication.",
+                                    cert_file);
+                            state->cert = cert;
+                            cert = NULL;
+                            state->state = SSH_AUTH_AUTO_STATE_CERTIFICATE_OPTION;
+                            /* try to authenticate with this identity */
+                            break; /* try this cert */
+                        }
+                        /* continue with next identity */
+                    }
+                    if (state->cert != NULL) {
+                        continue; /* retry with the certificate */
+                    }
+                }
+                SSH_KEY_FREE(state->cert);
+                SSH_KEY_FREE(state->privkey);
+                SSH_KEY_FREE(state->pubkey);
+                state->it = state->it->next;
                 state->state = SSH_AUTH_AUTO_STATE_PUBKEY;
                 continue;
             }
@@ -1235,25 +1517,25 @@ int ssh_userauth_publickey_auto(ssh_session session,
             /* Public key has been accepted by the server */
             if (state->privkey == NULL) {
                 rc = ssh_pki_import_privkey_file(privkey_file,
-                        passphrase,
-                        auth_fn,
-                        auth_data,
-                        &state->privkey);
+                                                 passphrase,
+                                                 auth_fn,
+                                                 auth_data,
+                                                 &state->privkey);
                 if (rc == SSH_ERROR) {
-                    ssh_key_free(state->pubkey);
-                    state->pubkey=NULL;
+                    SSH_KEY_FREE(state->cert);
+                    SSH_KEY_FREE(state->pubkey);
                     ssh_set_error(session,
-                            SSH_FATAL,
-                            "Failed to read private key: %s",
-                            privkey_file);
-                    state->it=state->it->next;
+                                  SSH_FATAL,
+                                  "Failed to read private key: %s",
+                                  privkey_file);
+                    state->it = state->it->next;
                     state->state = SSH_AUTH_AUTO_STATE_PUBKEY;
                     continue;
                 } else if (rc == SSH_EOF) {
                     /* If the file doesn't exist, continue */
-                    ssh_key_free(state->pubkey);
-                    state->pubkey = NULL;
-                    SSH_LOG(SSH_LOG_INFO,
+                    SSH_KEY_FREE(state->cert);
+                    SSH_KEY_FREE(state->pubkey);
+                    SSH_LOG(SSH_LOG_DEBUG,
                             "Private key %s doesn't exist.",
                             privkey_file);
                     state->it = state->it->next;
@@ -1261,16 +1543,33 @@ int ssh_userauth_publickey_auto(ssh_session session,
                     continue;
                 }
             }
+            if (state->cert != NULL && !is_cert_type(state->privkey->cert_type)) {
+                rc = ssh_pki_copy_cert_to_privkey(state->cert, state->privkey);
+                if (rc != SSH_OK) {
+                    SSH_KEY_FREE(state->cert);
+                    SSH_KEY_FREE(state->privkey);
+                    SSH_KEY_FREE(state->pubkey);
+                    ssh_set_error(session,
+                                  SSH_FATAL,
+                                  "Failed to copy cert to private key");
+                    state->it = state->it->next;
+                    state->state = SSH_AUTH_AUTO_STATE_PUBKEY;
+                    continue;
+                }
+            }
 
             rc = ssh_userauth_publickey(session, username, state->privkey);
             if (rc != SSH_AUTH_AGAIN && rc != SSH_AUTH_DENIED) {
-                ssh_key_free(state->privkey);
-                ssh_key_free(state->pubkey);
+                bool cert_used = (state->cert != NULL);
+                SSH_KEY_FREE(state->cert);
+                SSH_KEY_FREE(state->privkey);
+                SSH_KEY_FREE(state->pubkey);
                 SAFE_FREE(session->auth.auto_state);
                 if (rc == SSH_AUTH_SUCCESS) {
-                    SSH_LOG(SSH_LOG_INFO,
-                            "Successfully authenticated using %s",
-                            privkey_file);
+                    SSH_LOG(SSH_LOG_DEBUG,
+                            "Successfully authenticated using %s%s",
+                            privkey_file,
+                            (cert_used ? " and certificate" : ""));
                 }
                 return rc;
             }
@@ -1278,18 +1577,19 @@ int ssh_userauth_publickey_auto(ssh_session session,
                 return rc;
             }
 
-            ssh_key_free(state->privkey);
-            ssh_key_free(state->pubkey);
+            SSH_KEY_FREE(state->cert);
+            SSH_KEY_FREE(state->privkey);
+            SSH_KEY_FREE(state->pubkey);
 
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_DEBUG,
                     "The server accepted the public key but refused the signature");
             state->it = state->it->next;
             state->state = SSH_AUTH_AUTO_STATE_PUBKEY;
             /* continue */
         }
     }
-    SSH_LOG(SSH_LOG_INFO,
-            "Tried every public key, none matched");
+    SSH_LOG(SSH_LOG_WARN,
+            "Access denied: Tried every public key, none matched");
     SAFE_FREE(session->auth.auto_state);
     return SSH_AUTH_DENIED;
 }
@@ -1395,7 +1695,7 @@ int ssh_userauth_agent_pubkey(ssh_session session,
                               const char *username,
                               ssh_public_key publickey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
     int rc;
 
     key = ssh_key_new();
@@ -1406,21 +1706,23 @@ int ssh_userauth_agent_pubkey(ssh_session session,
     key->type = publickey->type;
     key->type_c = ssh_key_type_to_char(key->type);
     key->flags = SSH_KEY_FLAG_PUBLIC;
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = publickey->dsa_pub;
-    key->rsa = publickey->rsa_pub;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    key->pk = publickey->rsa_pub;
+#elif defined(HAVE_LIBCRYPTO)
     key->key = publickey->key_pub;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    key->rsa = publickey->rsa_pub;
+#endif /* HAVE_LIBCRYPTO */
 
     rc = ssh_userauth_agent_publickey(session, username, key);
 
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = NULL;
-    key->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    key->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     key->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    key->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
     ssh_key_free(key);
 
     return rc;
@@ -1677,10 +1979,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request) {
     }
 
     SSH_LOG(SSH_LOG_DEBUG,
-            "%d keyboard-interactive prompts", nprompts);
+            "%" PRIu32 " keyboard-interactive prompts", nprompts);
     if (nprompts > KBDINT_MAX_PROMPT) {
         ssh_set_error(session, SSH_FATAL,
-                "Too much prompts requested by the server: %u (0x%.4x)",
+                "Too much prompts requested by the server: %" PRIu32 " (0x%.4" PRIx32 ")",
                 nprompts, nprompts);
         ssh_kbdint_free(session->kbdint);
         session->kbdint = NULL;
@@ -1925,7 +2227,8 @@ int ssh_userauth_kbdint_getnanswers(ssh_session session)
  *
  * @param[in]  i index  The number of the ith answer.
  *
- * @return              0 on success, < 0 on error.
+ * @return              The answer string, or NULL if the answer is not
+ *                      available. Do not free the string.
  */
 const char *ssh_userauth_kbdint_getanswer(ssh_session session, unsigned int i)
 {
@@ -2031,7 +2334,7 @@ int ssh_userauth_gssapi(ssh_session session)
     } else if (rc == SSH_ERROR) {
         return SSH_AUTH_ERROR;
     }
-    SSH_LOG(SSH_LOG_PROTOCOL, "Authenticating with gssapi-with-mic");
+    SSH_LOG(SSH_LOG_DEBUG, "Authenticating with gssapi-with-mic");
 
     session->auth.current_method = SSH_AUTH_METHOD_GSSAPI_MIC;
     session->auth.state = SSH_AUTH_STATE_NONE;
diff --git a/libssh/src/base64.c b/libssh/src/base64.c
index 4148f49c..c4099c14 100644
--- a/libssh/src/base64.c
+++ b/libssh/src/base64.c
@@ -29,6 +29,9 @@
 #include "libssh/priv.h"
 #include "libssh/buffer.h"
 
+/* Do not allow encoding more than 256MB of data */
+#define BASE64_MAX_INPUT_LEN 256 * 1024 * 1024
+
 static
 const uint8_t alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                          "abcdefghijklmnopqrstuvwxyz"
@@ -57,119 +60,120 @@ static int get_equals(char *string);
  * @returns A buffer containing the decoded string, NULL if something went
  *          wrong (e.g. incorrect char).
  */
-ssh_buffer base64_to_bin(const char *source) {
-  ssh_buffer buffer = NULL;
-  unsigned char block[3];
-  char *base64;
-  char *ptr;
-  size_t len;
-  int equals;
-
-  base64 = strdup(source);
-  if (base64 == NULL) {
-    return NULL;
-  }
-  ptr = base64;
+ssh_buffer base64_to_bin(const char *source)
+{
+    ssh_buffer buffer = NULL;
+    unsigned char block[3];
+    char *base64 = NULL;
+    char *ptr = NULL;
+    size_t len;
+    int equals;
+
+    base64 = strdup(source);
+    if (base64 == NULL) {
+        return NULL;
+    }
+    ptr = base64;
 
-  /* Get the number of equals signs, which mirrors the padding */
-  equals = get_equals(ptr);
-  if (equals > 2) {
-    SAFE_FREE(base64);
-    return NULL;
-  }
+    /* Get the number of equals signs, which mirrors the padding */
+    equals = get_equals(ptr);
+    if (equals > 2) {
+        SAFE_FREE(base64);
+        return NULL;
+    }
 
-  buffer = ssh_buffer_new();
-  if (buffer == NULL) {
-    SAFE_FREE(base64);
-    return NULL;
-  }
-  /*
-   * The base64 buffer often contains sensitive data. Make sure we don't leak
-   * sensitive data
-   */
-  ssh_buffer_set_secure(buffer);
-
-  len = strlen(ptr);
-  while (len > 4) {
-    if (_base64_to_bin(block, ptr, 3) < 0) {
-      goto error;
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        SAFE_FREE(base64);
+        return NULL;
     }
-    if (ssh_buffer_add_data(buffer, block, 3) < 0) {
-      goto error;
+    /*
+     * The base64 buffer often contains sensitive data. Make sure we don't leak
+     * sensitive data
+     */
+    ssh_buffer_set_secure(buffer);
+
+    len = strlen(ptr);
+    while (len > 4) {
+        if (_base64_to_bin(block, ptr, 3) < 0) {
+            goto error;
+        }
+        if (ssh_buffer_add_data(buffer, block, 3) < 0) {
+            goto error;
+        }
+        len -= 4;
+        ptr += 4;
     }
-    len -= 4;
-    ptr += 4;
-  }
-
-  /*
-   * Depending on the number of bytes resting, there are 3 possibilities
-   * from the RFC.
-   */
-  switch (len) {
+
+    /*
+     * Depending on the number of bytes resting, there are 3 possibilities
+     * from the RFC.
+     */
+    switch (len) {
     /*
      * (1) The final quantum of encoding input is an integral multiple of
      *     24 bits. Here, the final unit of encoded output will be an integral
      *     multiple of 4 characters with no "=" padding
      */
     case 4:
-      if (equals != 0) {
-        goto error;
-      }
-      if (_base64_to_bin(block, ptr, 3) < 0) {
-        goto error;
-      }
-      if (ssh_buffer_add_data(buffer, block, 3) < 0) {
-        goto error;
-      }
-      SAFE_FREE(base64);
+        if (equals != 0) {
+            goto error;
+        }
+        if (_base64_to_bin(block, ptr, 3) < 0) {
+            goto error;
+        }
+        if (ssh_buffer_add_data(buffer, block, 3) < 0) {
+            goto error;
+        }
+        SAFE_FREE(base64);
 
-      return buffer;
+        return buffer;
     /*
      * (2) The final quantum of encoding input is exactly 8 bits; here, the
      *     final unit of encoded output will be two characters followed by
      *     two "=" padding characters.
      */
     case 2:
-      if (equals != 2){
-        goto error;
-      }
+        if (equals != 2) {
+            goto error;
+        }
 
-      if (_base64_to_bin(block, ptr, 1) < 0) {
-        goto error;
-      }
-      if (ssh_buffer_add_data(buffer, block, 1) < 0) {
-        goto error;
-      }
-      SAFE_FREE(base64);
+        if (_base64_to_bin(block, ptr, 1) < 0) {
+            goto error;
+        }
+        if (ssh_buffer_add_data(buffer, block, 1) < 0) {
+            goto error;
+        }
+        SAFE_FREE(base64);
 
-      return buffer;
+        return buffer;
     /*
      * The final quantum of encoding input is exactly 16 bits. Here, the final
      * unit of encoded output will be three characters followed by one "="
      * padding character.
      */
     case 3:
-      if (equals != 1) {
-        goto error;
-      }
-      if (_base64_to_bin(block, ptr, 2) < 0) {
-        goto error;
-      }
-      if (ssh_buffer_add_data(buffer,block,2) < 0) {
-        goto error;
-      }
-      SAFE_FREE(base64);
+        if (equals != 1) {
+            goto error;
+        }
+        if (_base64_to_bin(block, ptr, 2) < 0) {
+            goto error;
+        }
+        if (ssh_buffer_add_data(buffer, block, 2) < 0) {
+            goto error;
+        }
+        SAFE_FREE(base64);
 
-      return buffer;
+        return buffer;
     default:
-      /* 4,3,2 are the only padding size allowed */
-      goto error;
-  }
+        /* 4,3,2 are the only padding size allowed */
+        goto error;
+    }
 
 error:
-  SAFE_FREE(base64);
-  SSH_BUFFER_FREE(buffer);
-  return NULL;
+    SAFE_FREE(base64);
+    SSH_BUFFER_FREE(buffer);
+    return NULL;
 }
 
 #define BLOCK(letter, n) do {ptr = strchr((const char *)alphabet, source[n]); \
@@ -179,59 +183,62 @@ ssh_buffer base64_to_bin(const char *source) {
                          } while(0)
 
 /* Returns 0 if ok, -1 if not (ie invalid char into the stuff) */
-static int to_block4(unsigned long *block, const char *source, int num) {
-  const char *ptr = NULL;
-  unsigned int i;
+static int to_block4(unsigned long *block, const char *source, int num)
+{
+    const char *ptr = NULL;
+    unsigned int i;
 
-  *block = 0;
-  if (num < 1) {
-    return 0;
-  }
+    *block = 0;
+    if (num < 1) {
+        return 0;
+    }
 
-  BLOCK(A, 0); /* 6 bit */
-  BLOCK(B,1); /* 12 bit */
+    BLOCK(A, 0); /* 6 bit */
+    BLOCK(B, 1); /* 12 bit */
 
-  if (num < 2) {
-    return 0;
-  }
+    if (num < 2) {
+        return 0;
+    }
 
-  BLOCK(C, 2); /* 18 bit */
+    BLOCK(C, 2); /* 18 bit */
 
-  if (num < 3) {
-    return 0;
-  }
+    if (num < 3) {
+        return 0;
+    }
 
-  BLOCK(D, 3); /* 24 bit */
+    BLOCK(D, 3); /* 24 bit */
 
-  return 0;
+    return 0;
 }
 
 /* num = numbers of final bytes to be decoded */
-static int _base64_to_bin(unsigned char dest[3], const char *source, int num) {
-  unsigned long block;
+static int _base64_to_bin(unsigned char dest[3], const char *source, int num)
+{
+    unsigned long block;
 
-  if (to_block4(&block, source, num) < 0) {
-    return -1;
-  }
-  dest[0] = GET_A(block);
-  dest[1] = GET_B(block);
-  dest[2] = GET_C(block);
+    if (to_block4(&block, source, num) < 0) {
+        return -1;
+    }
+    dest[0] = GET_A(block);
+    dest[1] = GET_B(block);
+    dest[2] = GET_C(block);
 
-  return 0;
+    return 0;
 }
 
 /* Count the number of "=" signs and replace them by zeroes */
-static int get_equals(char *string) {
-  char *ptr = string;
-  int num = 0;
+static int get_equals(char *string)
+{
+    char *ptr = string;
+    int num = 0;
 
-  while ((ptr=strchr(ptr,'=')) != NULL) {
-    num++;
-    *ptr = '\0';
-    ptr++;
-  }
+    while ((ptr = strchr(ptr, '=')) != NULL) {
+        num++;
+        *ptr = '\0';
+        ptr++;
+    }
 
-  return num;
+    return num;
 }
 
 /* thanks sysk for debugging my mess :) */
@@ -274,7 +281,15 @@ uint8_t *bin_to_base64(const uint8_t *source, size_t len)
 {
     uint8_t *base64 = NULL;
     uint8_t *ptr = NULL;
-    size_t flen = len + (3 - (len % 3)); /* round to upper 3 multiple */
+    size_t flen = 0;
+
+    /* Set the artificial upper limit for the input. Otherwise on 32b arch, the
+     * following line could overflow for sizes larger than SIZE_MAX / 4 */
+    if (len > BASE64_MAX_INPUT_LEN) {
+        return NULL;
+    }
+
+    flen = len + (3 - (len % 3)); /* round to upper 3 multiple */
     flen = (4 * flen) / 3 + 1;
 
     base64 = malloc(flen);
@@ -283,7 +298,7 @@ uint8_t *bin_to_base64(const uint8_t *source, size_t len)
     }
     ptr = base64;
 
-    while(len > 0){
+    while (len > 0) {
         _bin_to_base64(ptr, source, len > 3 ? 3 : len);
         ptr += 4;
         if (len < 3) {
diff --git a/libssh/src/bignum.c b/libssh/src/bignum.c
index e9b95194..72429460 100644
--- a/libssh/src/bignum.c
+++ b/libssh/src/bignum.c
@@ -44,7 +44,7 @@ ssh_string ssh_make_bignum_string(bignum num) {
 
 #ifdef DEBUG_CRYPTO
   SSH_LOG(SSH_LOG_TRACE,
-          "%zu bits, %zu bytes, %zu padding\n",
+          "%zu bits, %zu bytes, %zu padding",
           bits, len, pad);
 #endif /* DEBUG_CRYPTO */
 
@@ -70,7 +70,7 @@ bignum ssh_make_string_bn(ssh_string string)
 
 #ifdef DEBUG_CRYPTO
     SSH_LOG(SSH_LOG_TRACE,
-            "Importing a %zu bits, %zu bytes object ...\n",
+            "Importing a %zu bits, %zu bytes object ...",
             len * 8, len);
 #endif /* DEBUG_CRYPTO */
 
@@ -86,12 +86,7 @@ void ssh_print_bignum(const char *name, const_bignum num)
     if (num != NULL) {
         bignum_bn2hex(num, &hex);
     }
-    SSH_LOG(SSH_LOG_DEBUG, "%s value: %s\n", name, (hex == NULL) ? "(null)" : (char *) hex);
-#ifdef HAVE_LIBGCRYPT
-    SAFE_FREE(hex);
-#elif defined HAVE_LIBCRYPTO
-    OPENSSL_free(hex);
-#elif defined HAVE_LIBMBEDCRYPTO
-    SAFE_FREE(hex);
-#endif
+    SSH_LOG(SSH_LOG_DEBUG, "%s value: %s", name,
+            (hex == NULL) ? "(null)" : (char *)hex);
+    ssh_crypto_free(hex);
 }
diff --git a/libssh/src/bind.c b/libssh/src/bind.c
index 77acbb66..7013b02e 100644
--- a/libssh/src/bind.c
+++ b/libssh/src/bind.c
@@ -74,7 +74,7 @@
 static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
     int port) {
     char port_c[6];
-    struct addrinfo *ai;
+    struct addrinfo *ai = NULL;
     struct addrinfo hints;
     int opt = 1;
     socket_t s;
@@ -132,8 +132,9 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,
     return s;
 }
 
-ssh_bind ssh_bind_new(void) {
-    ssh_bind ptr;
+ssh_bind ssh_bind_new(void)
+{
+    ssh_bind ptr = NULL;
 
     ptr = calloc(1, sizeof(struct ssh_bind_struct));
     if (ptr == NULL) {
@@ -149,15 +150,6 @@ ssh_bind ssh_bind_new(void) {
 static int ssh_bind_import_keys(ssh_bind sshbind) {
   int rc;
 
-  if (sshbind->ecdsakey == NULL &&
-      sshbind->dsakey == NULL &&
-      sshbind->rsakey == NULL &&
-      sshbind->ed25519key == NULL) {
-      ssh_set_error(sshbind, SSH_FATAL,
-                    "ECDSA, ED25519, DSA, or RSA host key file must be set");
-      return SSH_ERROR;
-  }
-
 #ifdef HAVE_ECC
   if (sshbind->ecdsa == NULL && sshbind->ecdsakey != NULL) {
       rc = ssh_pki_import_privkey_file(sshbind->ecdsakey,
@@ -181,30 +173,6 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
   }
 #endif
 
-#ifdef HAVE_DSA
-  if (sshbind->dsa == NULL && sshbind->dsakey != NULL) {
-      rc = ssh_pki_import_privkey_file(sshbind->dsakey,
-                                       NULL,
-                                       NULL,
-                                       NULL,
-                                       &sshbind->dsa);
-      if (rc == SSH_ERROR || rc == SSH_EOF) {
-          ssh_set_error(sshbind, SSH_FATAL,
-                  "Failed to import private DSA host key");
-          return SSH_ERROR;
-      }
-
-      if (ssh_key_type(sshbind->dsa) != SSH_KEYTYPE_DSS) {
-          ssh_set_error(sshbind, SSH_FATAL,
-                  "The DSA host key has the wrong type: %d",
-                  ssh_key_type(sshbind->dsa));
-          ssh_key_free(sshbind->dsa);
-          sshbind->dsa = NULL;
-          return SSH_ERROR;
-      }
-  }
-#endif
-
   if (sshbind->rsa == NULL && sshbind->rsakey != NULL) {
       rc = ssh_pki_import_privkey_file(sshbind->rsakey,
                                        NULL,
@@ -251,94 +219,120 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
 }
 
 int ssh_bind_listen(ssh_bind sshbind) {
-  const char *host;
-  socket_t fd;
-  int rc;
+    const char *host = NULL;
+    socket_t fd;
+    int rc;
 
-  if (sshbind->rsa == NULL &&
-      sshbind->dsa == NULL &&
-      sshbind->ecdsa == NULL &&
-      sshbind->ed25519 == NULL) {
-      rc = ssh_bind_import_keys(sshbind);
-      if (rc != SSH_OK) {
-          return SSH_ERROR;
-      }
-  }
+    /* Apply global bind configurations, if it hasn't been applied before */
+    rc = ssh_bind_options_parse_config(sshbind, NULL);
+    if (rc != 0) {
+        ssh_set_error(sshbind, SSH_FATAL,"Could not parse global config");
+        return SSH_ERROR;
+    }
 
-  if (sshbind->bindfd == SSH_INVALID_SOCKET) {
-      host = sshbind->bindaddr;
-      if (host == NULL) {
-          host = "0.0.0.0";
-      }
+    /* Set default hostkey paths if no hostkey was found before */
+    if (sshbind->ecdsakey == NULL &&
+        sshbind->rsakey == NULL &&
+        sshbind->ed25519key == NULL) {
 
-      fd = bind_socket(sshbind, host, sshbind->bindport);
-      if (fd == SSH_INVALID_SOCKET) {
-          ssh_key_free(sshbind->dsa);
-          sshbind->dsa = NULL;
-          ssh_key_free(sshbind->rsa);
-          sshbind->rsa = NULL;
-          /* XXX should this clear also other structures that were allocated */
-          return -1;
-      }
+        sshbind->ecdsakey = strdup("/etc/ssh/ssh_host_ecdsa_key");
+        sshbind->rsakey = strdup("/etc/ssh/ssh_host_rsa_key");
+        sshbind->ed25519key = strdup("/etc/ssh/ssh_host_ed25519_key");
+    }
 
-      if (listen(fd, 10) < 0) {
-        char err_msg[SSH_ERRNO_MSG_MAX] = {0};
-          ssh_set_error(sshbind, SSH_FATAL,
-                  "Listening to socket %d: %s",
-                  fd, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
-          CLOSE_SOCKET(fd);
-          ssh_key_free(sshbind->dsa);
-          sshbind->dsa = NULL;
-          ssh_key_free(sshbind->rsa);
-          sshbind->rsa = NULL;
-          /* XXX should this clear also other structures that were allocated */
-          return -1;
-      }
+    /* Apply global bind configurations, if it hasn't been applied before */
+    rc = ssh_bind_options_parse_config(sshbind, NULL);
+    if (rc != 0) {
+        ssh_set_error(sshbind, SSH_FATAL, "Could not parse global config");
+        return SSH_ERROR;
+    }
+
+    /* Set default hostkey paths if no hostkey was found before */
+    if (sshbind->ecdsakey == NULL &&
+        sshbind->rsakey == NULL &&
+        sshbind->ed25519key == NULL) {
+
+        sshbind->ecdsakey = strdup("/etc/ssh/ssh_host_ecdsa_key");
+        sshbind->rsakey = strdup("/etc/ssh/ssh_host_rsa_key");
+        sshbind->ed25519key = strdup("/etc/ssh/ssh_host_ed25519_key");
+    }
+
+    if (sshbind->rsa == NULL &&
+        sshbind->ecdsa == NULL &&
+        sshbind->ed25519 == NULL) {
+        rc = ssh_bind_import_keys(sshbind);
+        if (rc != SSH_OK) {
+            return SSH_ERROR;
+        }
+    }
+
+    if (sshbind->bindfd == SSH_INVALID_SOCKET) {
+        host = sshbind->bindaddr;
+        if (host == NULL) {
+            host = "0.0.0.0";
+        }
+
+        fd = bind_socket(sshbind, host, sshbind->bindport);
+        if (fd == SSH_INVALID_SOCKET) {
+            return SSH_ERROR;
+        }
+
+        if (listen(fd, 10) < 0) {
+            char err_msg[SSH_ERRNO_MSG_MAX] = {0};
+            ssh_set_error(sshbind,
+                          SSH_FATAL,
+                          "Listening to socket %d: %s",
+                          fd,
+                          ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
+            CLOSE_SOCKET(fd);
+            return SSH_ERROR;
+        }
 
-      sshbind->bindfd = fd;
+        sshbind->bindfd = fd;
   } else {
-      SSH_LOG(SSH_LOG_INFO, "Using app-provided bind socket");
+      SSH_LOG(SSH_LOG_DEBUG, "Using app-provided bind socket");
   }
   return 0;
 }
 
-int ssh_bind_set_callbacks(ssh_bind sshbind, ssh_bind_callbacks callbacks,
-    void *userdata){
-  if (sshbind == NULL) {
-    return SSH_ERROR;
-  }
-  if (callbacks == NULL) {
-    ssh_set_error_invalid(sshbind);
-    return SSH_ERROR;
-  }
-  if(callbacks->size <= 0 || callbacks->size > 1024 * sizeof(void *)){
-    ssh_set_error(sshbind,SSH_FATAL,
-        "Invalid callback passed in (badly initialized)");
-    return SSH_ERROR;
-  }
-  sshbind->bind_callbacks = callbacks;
-  sshbind->bind_callbacks_userdata=userdata;
-  return 0;
+int ssh_bind_set_callbacks(ssh_bind sshbind, ssh_bind_callbacks callbacks, void *userdata)
+{
+    if (sshbind == NULL) {
+        return SSH_ERROR;
+    }
+    if (callbacks == NULL) {
+        ssh_set_error_invalid(sshbind);
+        return SSH_ERROR;
+    }
+    if (callbacks->size <= 0 || callbacks->size > 1024 * sizeof(void *)) {
+        ssh_set_error(sshbind,
+                      SSH_FATAL,
+                      "Invalid callback passed in (badly initialized)");
+        return SSH_ERROR;
+    }
+    sshbind->bind_callbacks = callbacks;
+    sshbind->bind_callbacks_userdata = userdata;
+    return 0;
 }
 
 /** @internal
  * @brief callback being called by poll when an event happens
  *
  */
-static int ssh_bind_poll_callback(ssh_poll_handle sshpoll,
-    socket_t fd, int revents, void *user){
-  ssh_bind sshbind=(ssh_bind)user;
-  (void)sshpoll;
-  (void)fd;
-
-  if(revents & POLLIN){
-    /* new incoming connection */
-    if(ssh_callbacks_exists(sshbind->bind_callbacks,incoming_connection)){
-      sshbind->bind_callbacks->incoming_connection(sshbind,
-          sshbind->bind_callbacks_userdata);
+static int ssh_bind_poll_callback(ssh_poll_handle sshpoll, socket_t fd, int revents, void *user)
+{
+    ssh_bind sshbind = (ssh_bind)user;
+    (void)sshpoll;
+    (void)fd;
+
+    if (revents & POLLIN) {
+        /* new incoming connection */
+        if (ssh_callbacks_exists(sshbind->bind_callbacks, incoming_connection)) {
+            sshbind->bind_callbacks->incoming_connection(sshbind,
+                                                         sshbind->bind_callbacks_userdata);
+        }
     }
-  }
-  return 0;
+    return 0;
 }
 
 /** @internal
@@ -366,20 +360,24 @@ ssh_poll_handle ssh_bind_get_poll(ssh_bind sshbind)
     return sshbind->poll;
 }
 
-void ssh_bind_set_blocking(ssh_bind sshbind, int blocking) {
-  sshbind->blocking = blocking ? 1 : 0;
+void ssh_bind_set_blocking(ssh_bind sshbind, int blocking)
+{
+    sshbind->blocking = blocking ? 1 : 0;
 }
 
-socket_t ssh_bind_get_fd(ssh_bind sshbind) {
-  return sshbind->bindfd;
+socket_t ssh_bind_get_fd(ssh_bind sshbind)
+{
+    return sshbind->bindfd;
 }
 
-void ssh_bind_set_fd(ssh_bind sshbind, socket_t fd) {
-  sshbind->bindfd = fd;
+void ssh_bind_set_fd(ssh_bind sshbind, socket_t fd)
+{
+    sshbind->bindfd = fd;
 }
 
-void ssh_bind_fd_toaccept(ssh_bind sshbind) {
-  sshbind->toaccept = 1;
+void ssh_bind_fd_toaccept(ssh_bind sshbind)
+{
+    sshbind->toaccept = 1;
 }
 
 void ssh_bind_free(ssh_bind sshbind){
@@ -401,13 +399,10 @@ void ssh_bind_free(ssh_bind sshbind){
   SAFE_FREE(sshbind->config_dir);
   SAFE_FREE(sshbind->pubkey_accepted_key_types);
 
-  SAFE_FREE(sshbind->dsakey);
   SAFE_FREE(sshbind->rsakey);
   SAFE_FREE(sshbind->ecdsakey);
   SAFE_FREE(sshbind->ed25519key);
 
-  ssh_key_free(sshbind->dsa);
-  sshbind->dsa = NULL;
   ssh_key_free(sshbind->rsa);
   sshbind->rsa = NULL;
   ssh_key_free(sshbind->ecdsa);
@@ -424,7 +419,9 @@ void ssh_bind_free(ssh_bind sshbind){
   SAFE_FREE(sshbind);
 }
 
-int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
+int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd)
+{
+    ssh_poll_handle handle = NULL;
     int i, rc;
 
     if (sshbind == NULL) {
@@ -436,13 +433,6 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
         return SSH_ERROR;
     }
 
-    /* Apply global bind configurations, if it hasn't been applied before */
-    rc = ssh_bind_options_parse_config(sshbind, NULL);
-    if (rc != 0) {
-        ssh_set_error(sshbind, SSH_FATAL,"Could not parse global config");
-        return SSH_ERROR;
-    }
-
     session->server = 1;
 
     /* Copy options from bind to session */
@@ -473,7 +463,7 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
                 return SSH_ERROR;
             }
         } else {
-            char *p;
+            char *p = NULL;
             /* If something was set to the session prior to calling this
              * function, keep only what is allowed by the options set in
              * sshbind */
@@ -491,16 +481,16 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
     session->common.log_verbosity = sshbind->common.log_verbosity;
 
     if (sshbind->banner != NULL) {
-        session->opts.custombanner = strdup(sshbind->banner);
-        if (session->opts.custombanner == NULL) {
+        session->server_opts.custombanner = strdup(sshbind->banner);
+        if (session->server_opts.custombanner == NULL) {
             ssh_set_error_oom(sshbind);
             return SSH_ERROR;
         }
     }
 
     if (sshbind->moduli_file != NULL) {
-        session->opts.moduli_file = strdup(sshbind->moduli_file);
-        if (session->opts.moduli_file == NULL) {
+        session->server_opts.moduli_file = strdup(sshbind->moduli_file);
+        if (session->server_opts.moduli_file == NULL) {
             ssh_set_error_oom(sshbind);
             return SSH_ERROR;
         }
@@ -516,7 +506,12 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
       return SSH_ERROR;
     }
     ssh_socket_set_fd(session->socket, fd);
-    ssh_socket_get_poll_handle(session->socket);
+    handle = ssh_socket_get_poll_handle(session->socket);
+    if (handle == NULL) {
+        ssh_set_error_oom(sshbind);
+        return SSH_ERROR;
+    }
+    ssh_socket_set_connected(session->socket, handle);
 
     /* We must try to import any keys that could be imported in case
      * we are not using ssh_bind_listen (which is the other place
@@ -524,7 +519,6 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
      * only using ssh_bind_accept_fd to manage sockets ourselves.
      */
     if (sshbind->rsa == NULL &&
-        sshbind->dsa == NULL &&
         sshbind->ecdsa == NULL &&
         sshbind->ed25519 == NULL) {
         rc = ssh_bind_import_keys(sshbind);
@@ -541,15 +535,6 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
           return SSH_ERROR;
         }
     }
-#endif
-#ifdef HAVE_DSA
-    if (sshbind->dsa) {
-        session->srv.dsa_key = ssh_key_dup(sshbind->dsa);
-        if (session->srv.dsa_key == NULL) {
-          ssh_set_error_oom(sshbind);
-          return SSH_ERROR;
-        }
-    }
 #endif
     if (sshbind->rsa) {
         session->srv.rsa_key = ssh_key_dup(sshbind->rsa);
diff --git a/libssh/src/bind_config.c b/libssh/src/bind_config.c
index 27c42c95..9e4a7fd4 100644
--- a/libssh/src/bind_config.c
+++ b/libssh/src/bind_config.c
@@ -200,7 +200,7 @@ local_parse_file(ssh_bind bind,
                  uint8_t *seen,
                  unsigned int depth)
 {
-    FILE *f;
+    FILE *f = NULL;
     char line[MAX_LINE_SIZE] = {0};
     unsigned int count = 0;
     int rv;
@@ -363,7 +363,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
         if (p && (*parser_flags & PARSING)) {
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set Hostkey value '%s'",
                         count, p);
             }
@@ -374,7 +374,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
         if (p && (*parser_flags & PARSING)) {
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDADDR, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set ListenAddress value '%s'",
                         count, p);
             }
@@ -385,7 +385,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
         if (p && (*parser_flags & PARSING)) {
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set Port value '%s'",
                         count, p);
             }
@@ -396,7 +396,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
         if (p && (*parser_flags & PARSING)) {
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_C_S, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set C->S Ciphers value '%s'",
                         count, p);
                 break;
@@ -404,7 +404,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
 
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_CIPHERS_S_C, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set S->C Ciphers value '%s'",
                         count, p);
             }
@@ -415,7 +415,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
         if (p && (*parser_flags & PARSING)) {
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_C_S, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set C->S MAC value '%s'",
                         count, p);
                 break;
@@ -423,7 +423,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
 
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_S_C, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set S->C MAC value '%s'",
                         count, p);
             }
@@ -437,10 +437,10 @@ ssh_bind_config_parse_line(ssh_bind bind,
             if (strcasecmp(p, "quiet") == 0) {
                 value = SSH_LOG_NONE;
             } else if (strcasecmp(p, "fatal") == 0 ||
-                    strcasecmp(p, "error")== 0 ||
-                    strcasecmp(p, "info") == 0) {
+                    strcasecmp(p, "error")== 0) {
                 value = SSH_LOG_WARN;
-            } else if (strcasecmp(p, "verbose") == 0) {
+            } else if (strcasecmp(p, "verbose") == 0 ||
+                    strcasecmp(p, "info") == 0) {
                 value = SSH_LOG_INFO;
             } else if (strcasecmp(p, "DEBUG") == 0 ||
                     strcasecmp(p, "DEBUG1") == 0) {
@@ -453,7 +453,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
                 rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY,
                         &value);
                 if (rc != 0) {
-                    SSH_LOG(SSH_LOG_WARN,
+                    SSH_LOG(SSH_LOG_TRACE,
                             "line %d: Failed to set LogLevel value '%s'",
                             count, p);
                 }
@@ -465,7 +465,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
         if (p && (*parser_flags & PARSING)) {
             rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_KEY_EXCHANGE, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set KexAlgorithms value '%s'",
                         count, p);
             }
@@ -540,13 +540,13 @@ ssh_bind_config_parse_line(ssh_bind bind,
                 /* Skip one argument */
                 p = ssh_config_get_str_tok(&s, NULL);
                 if (p == NULL || p[0] == '\0') {
-                    SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword "
+                    SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword "
                             "'%s' requires argument\n", count, p2);
                     SAFE_FREE(x);
                     return -1;
                 }
                 args++;
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_DEBUG,
                         "line %d: Unsupported Match keyword '%s', ignoring\n",
                         count,
                         p2);
@@ -576,7 +576,7 @@ ssh_bind_config_parse_line(ssh_bind bind,
             rc = ssh_bind_options_set(bind,
                                  SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set PubKeyAcceptedKeyTypes value '%s'",
                         count, p);
             }
@@ -588,26 +588,26 @@ ssh_bind_config_parse_line(ssh_bind bind,
             rc = ssh_bind_options_set(bind,
                                  SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, p);
             if (rc != 0) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Failed to set HostkeyAlgorithms value '%s'",
                         count, p);
             }
         }
         break;
     case BIND_CFG_NOT_ALLOWED_IN_MATCH:
-        SSH_LOG(SSH_LOG_WARN, "Option not allowed in Match block: %s, line: %d",
+        SSH_LOG(SSH_LOG_DEBUG, "Option not allowed in Match block: %s, line: %d",
                 keyword, count);
         break;
     case BIND_CFG_UNKNOWN:
-        SSH_LOG(SSH_LOG_WARN, "Unknown option: %s, line: %d",
+        SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d",
                 keyword, count);
         break;
     case BIND_CFG_UNSUPPORTED:
-        SSH_LOG(SSH_LOG_WARN, "Unsupported option: %s, line: %d",
+        SSH_LOG(SSH_LOG_TRACE, "Unsupported option: %s, line: %d",
                 keyword, count);
         break;
     case BIND_CFG_NA:
-        SSH_LOG(SSH_LOG_WARN, "Option not applicable: %s, line: %d",
+        SSH_LOG(SSH_LOG_TRACE, "Option not applicable: %s, line: %d",
                 keyword, count);
         break;
     default:
@@ -626,7 +626,7 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
 {
     char line[MAX_LINE_SIZE] = {0};
     unsigned int count = 0;
-    FILE *f;
+    FILE *f = NULL;
     uint32_t parser_flags;
     int rv;
 
diff --git a/libssh/src/buffer.c b/libssh/src/buffer.c
index e0068015..449fa941 100644
--- a/libssh/src/buffer.c
+++ b/libssh/src/buffer.c
@@ -26,6 +26,7 @@
 #include <limits.h>
 #include <stdarg.h>
 #include <stdbool.h>
+#include <stdio.h>
 
 #ifndef _WIN32
 #include <netinet/in.h>
@@ -56,7 +57,7 @@ struct ssh_buffer_struct {
 #define BUFFER_SIZE_MAX 0x10000000
 
 /**
- * @defgroup libssh_buffer The SSH buffer functions.
+ * @defgroup libssh_buffer The SSH buffer functions
  * @ingroup libssh
  *
  * Functions to handle SSH buffers.
@@ -370,7 +371,8 @@ int ssh_buffer_allocate_size(struct ssh_buffer_struct *buffer,
  */
 void *ssh_buffer_allocate(struct ssh_buffer_struct *buffer, uint32_t len)
 {
-    void *ptr;
+    void *ptr = NULL;
+
     buffer_verify(buffer);
 
     if (buffer->used + len < len) {
@@ -747,7 +749,8 @@ uint32_t ssh_buffer_get_u64(struct ssh_buffer_struct *buffer, uint64_t *data){
  */
 int ssh_buffer_validate_length(struct ssh_buffer_struct *buffer, size_t len)
 {
-    if (buffer->pos + len < len || buffer->pos + len > buffer->used) {
+    if (buffer == NULL || buffer->pos + len < len ||
+        buffer->pos + len > buffer->used) {
         return SSH_ERROR;
     }
 
@@ -850,7 +853,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
             break;
         case 'S':
             string = va_arg(ap, ssh_string);
-            needed_size += 4 + ssh_string_len(string);
+            needed_size += sizeof(uint32_t) + ssh_string_len(string);
             string = NULL;
             break;
         case 's':
@@ -878,7 +881,7 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
             cstring = NULL;
             break;
         default:
-            SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p);
+            SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p);
             rc = SSH_ERROR;
         }
         if (rc != SSH_OK){
@@ -917,13 +920,14 @@ static int ssh_buffer_pack_allocate_va(struct ssh_buffer_struct *buffer,
  *                      SSH_ERROR on error
  * @see ssh_buffer_add_format() for format list values.
  */
-int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
-                       const char *format,
-                       size_t argc,
-                       va_list ap)
+static int
+ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
+                   const char *format,
+                   size_t argc,
+                   va_list ap)
 {
     int rc = SSH_ERROR;
-    const char *p;
+    const char *p = NULL;
     union {
         uint8_t byte;
         uint16_t word;
@@ -932,7 +936,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
         ssh_string string;
         void *data;
     } o;
-    char *cstring;
+    char *cstring = NULL;
     bignum b;
     size_t len;
     size_t count;
@@ -1007,7 +1011,7 @@ int ssh_buffer_pack_va(struct ssh_buffer_struct *buffer,
             cstring = NULL;
             break;
         default:
-            SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p);
+            SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p);
             rc = SSH_ERROR;
         }
         if (rc != SSH_OK){
@@ -1091,7 +1095,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
                          va_list ap)
 {
     int rc = SSH_ERROR;
-    const char *p = format, *last;
+    const char *p = format, *last = NULL;
     union {
         uint8_t *byte;
         uint16_t *word;
@@ -1239,7 +1243,7 @@ int ssh_buffer_unpack_va(struct ssh_buffer_struct *buffer,
             rc = SSH_OK;
             break;
         default:
-            SSH_LOG(SSH_LOG_WARN, "Invalid buffer format %c", *p);
+            SSH_LOG(SSH_LOG_TRACE, "Invalid buffer format %c", *p);
         }
         if (rc != SSH_OK) {
             break;
diff --git a/libssh/src/callbacks.c b/libssh/src/callbacks.c
index 3ed2f11c..94098ebd 100644
--- a/libssh/src/callbacks.c
+++ b/libssh/src/callbacks.c
@@ -45,6 +45,15 @@ static void ssh_legacy_log_callback(int priority,
     log_fn(session, priority, buffer, log_data);
 }
 
+void
+_ssh_remove_legacy_log_cb(void)
+{
+    if (ssh_get_log_callback() == ssh_legacy_log_callback) {
+        _ssh_reset_log_cb();
+        ssh_set_log_userdata(NULL);
+    }
+}
+
 int ssh_set_callbacks(ssh_session session, ssh_callbacks cb) {
   if (session == NULL || cb == NULL) {
     return SSH_ERROR;
@@ -113,7 +122,7 @@ int ssh_add_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
 
 int ssh_remove_channel_callbacks(ssh_channel channel, ssh_channel_callbacks cb)
 {
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
 
     if (channel == NULL || channel->callbacks == NULL){
         return SSH_ERROR;
diff --git a/libssh/src/chachapoly.c b/libssh/src/chachapoly.c
index 2cd23854..354a0d26 100644
--- a/libssh/src/chachapoly.c
+++ b/libssh/src/chachapoly.c
@@ -42,7 +42,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
                                     void *key,
                                     void *IV)
 {
-    struct chacha20_poly1305_keysched *sched;
+    struct chacha20_poly1305_keysched *sched = NULL;
     uint8_t *u8key = key;
     (void)IV;
 
diff --git a/libssh/src/channels.c b/libssh/src/channels.c
index 1d422801..c8a5d8bf 100644
--- a/libssh/src/channels.c
+++ b/libssh/src/channels.c
@@ -52,16 +52,19 @@
 #include "libssh/server.h"
 #endif
 
-#define WINDOWBASE 1280000
-#define WINDOWLIMIT (WINDOWBASE/2)
-
 /*
  * All implementations MUST be able to process packets with an
  * uncompressed payload length of 32768 bytes or less and a total packet
  * size of 35000 bytes or less.
  */
 #define CHANNEL_MAX_PACKET 32768
-#define CHANNEL_INITIAL_WINDOW 64000
+
+/*
+ * WINDOW_DEFAULT matches the default OpenSSH session window size.
+ * This controls how much data the peer can send before needing to receive
+ * a round-trip SSH2_MSG_CHANNEL_WINDOW_ADJUST message that increases the window.
+ */
+#define WINDOW_DEFAULT (64*CHANNEL_MAX_PACKET)
 
 /**
  * @defgroup libssh_channel The SSH channel functions
@@ -119,7 +122,7 @@ ssh_channel ssh_channel_new(ssh_session session)
     }
 
     channel->session = session;
-    channel->exit_status = -1;
+    channel->exit.code = (uint32_t)-1;
     channel->flags = SSH_CHANNEL_FLAG_NOT_BOUND;
 
     if (session->channels == NULL) {
@@ -165,7 +168,7 @@ uint32_t ssh_channel_new_id(ssh_session session)
  */
 SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
   uint32_t channelid=0;
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   int rc;
   (void)type;
   (void)user;
@@ -178,7 +181,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
   channel=ssh_channel_from_local(session,channelid);
   if(channel==NULL){
     ssh_set_error(session, SSH_FATAL,
-        "Unknown channel id %"PRIu32,
+        "Unknown channel id %" PRIu32,
         (uint32_t) channelid);
     /* TODO: Set error marking in channel object */
 
@@ -192,8 +195,8 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
   if (rc != SSH_OK)
       goto error;
 
-  SSH_LOG(SSH_LOG_PROTOCOL,
-      "Received a CHANNEL_OPEN_CONFIRMATION for channel %d:%d",
+  SSH_LOG(SSH_LOG_DEBUG,
+      "Received a CHANNEL_OPEN_CONFIRMATION for channel %" PRIu32 ":%" PRIu32,
       channel->local_channel,
       channel->remote_channel);
 
@@ -205,13 +208,21 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
       goto error;
   }
 
-  SSH_LOG(SSH_LOG_PROTOCOL,
-      "Remote window : %"PRIu32", maxpacket : %"PRIu32,
-      (uint32_t) channel->remote_window,
-      (uint32_t) channel->remote_maxpacket);
+  SSH_LOG(SSH_LOG_DEBUG,
+      "Remote window : %" PRIu32 ", maxpacket : %" PRIu32,
+      channel->remote_window,
+      channel->remote_maxpacket);
 
   channel->state = SSH_CHANNEL_STATE_OPEN;
   channel->flags &= ~SSH_CHANNEL_FLAG_NOT_BOUND;
+
+  ssh_callbacks_execute_list(channel->callbacks,
+                             ssh_channel_callbacks,
+                             channel_open_response_function,
+                             channel->session,
+                             channel,
+                             true /* is_success */);
+
   return SSH_PACKET_USED;
 
 error:
@@ -226,7 +237,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_conf){
  */
 SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
 
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   char *error = NULL;
   uint32_t code;
   int rc;
@@ -255,12 +266,20 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
   }
 
   ssh_set_error(session, SSH_REQUEST_DENIED,
-      "Channel opening failure: channel %u error (%"PRIu32") %s",
+      "Channel opening failure: channel %" PRIu32 " error (%" PRIu32 ") %s",
       channel->local_channel,
-      (uint32_t) code,
+      code,
       error);
   SAFE_FREE(error);
   channel->state=SSH_CHANNEL_STATE_OPEN_DENIED;
+
+  ssh_callbacks_execute_list(channel->callbacks,
+                             ssh_channel_callbacks,
+                             channel_open_response_function,
+                             channel->session,
+                             channel,
+                             false /* is_success */);
+
   return SSH_PACKET_USED;
 
 error:
@@ -327,8 +346,8 @@ channel_open(ssh_channel channel,
     channel->local_maxpacket = maxpacket;
     channel->local_window = window;
 
-    SSH_LOG(SSH_LOG_PROTOCOL,
-            "Creating a channel %d with %d window and %d max packet",
+    SSH_LOG(SSH_LOG_DEBUG,
+            "Creating a channel %" PRIu32 " with %" PRIu32 " window and %" PRIu32 " max packet",
             channel->local_channel, window, maxpacket);
 
     rc = ssh_buffer_pack(session->out_buffer,
@@ -356,7 +375,7 @@ channel_open(ssh_channel channel,
     }
 
     SSH_LOG(SSH_LOG_PACKET,
-            "Sent a SSH_MSG_CHANNEL_OPEN type %s for channel %d",
+            "Sent a SSH_MSG_CHANNEL_OPEN type %s for channel %" PRIu32,
             type, channel->local_channel);
 
 pending:
@@ -386,7 +405,7 @@ channel_open(ssh_channel channel,
 /* return channel with corresponding local id, or NULL if not found */
 ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
   struct ssh_iterator *it;
-  ssh_channel channel;
+  ssh_channel channel = NULL;
 
   for (it = ssh_list_get_iterator(session->channels); it != NULL ; it=it->next) {
     channel = ssh_iterator_value(ssh_channel, it);
@@ -406,32 +425,43 @@ ssh_channel ssh_channel_from_local(ssh_session session, uint32_t id) {
  * @brief grows the local window and sends a packet to the other party
  * @param session SSH session
  * @param channel SSH channel
- * @param minimumsize The minimum acceptable size for the new window.
  * @return            SSH_OK if successful; SSH_ERROR otherwise.
  */
 static int grow_window(ssh_session session,
-                       ssh_channel channel,
-                       uint32_t minimumsize)
+                       ssh_channel channel)
 {
-  uint32_t new_window = minimumsize > WINDOWBASE ? minimumsize : WINDOWBASE;
+  uint32_t used;
+  uint32_t increment;
   int rc;
 
-  if (new_window <= channel->local_window) {
-    SSH_LOG(SSH_LOG_PROTOCOL,
-        "growing window (channel %d:%d) to %d bytes : not needed (%d bytes)",
-        channel->local_channel, channel->remote_channel, new_window,
+  /* Calculate the increment taking into account what the peer may still send
+   * (local_window) and what we've already buffered (stdout_buffer and
+   * stderr_buffer).
+  */
+  used = channel->local_window;
+  if (channel->stdout_buffer != NULL) {
+    used += ssh_buffer_get_len(channel->stdout_buffer);
+  }
+  if (channel->stderr_buffer != NULL) {
+    used += ssh_buffer_get_len(channel->stderr_buffer);
+  }
+  /* Avoid a negative increment in case the peer sent more than the window allowed */
+  increment = WINDOW_DEFAULT > used ? WINDOW_DEFAULT - used : 0;
+  /* Don't grow until we can request at least half a window */
+  if (increment < (WINDOW_DEFAULT / 2)) {
+    SSH_LOG(SSH_LOG_DEBUG,
+        "growing window (channel %" PRIu32 ":%" PRIu32 ") to %" PRIu32 " bytes : not needed (%" PRIu32 " bytes)",
+        channel->local_channel, channel->remote_channel, WINDOW_DEFAULT,
         channel->local_window);
 
     return SSH_OK;
   }
-  /* WINDOW_ADJUST packet needs a relative increment rather than an absolute
-   * value, so we give here the missing bytes needed to reach new_window
-   */
+
   rc = ssh_buffer_pack(session->out_buffer,
                        "bdd",
                        SSH2_MSG_CHANNEL_WINDOW_ADJUST,
                        channel->remote_channel,
-                       new_window - channel->local_window);
+                       increment);
   if (rc != SSH_OK) {
     ssh_set_error_oom(session);
     goto error;
@@ -441,13 +471,13 @@ static int grow_window(ssh_session session,
     goto error;
   }
 
-  SSH_LOG(SSH_LOG_PROTOCOL,
-      "growing window (channel %d:%d) to %d bytes",
+  SSH_LOG(SSH_LOG_DEBUG,
+      "growing window (channel %" PRIu32 ":%" PRIu32 ") by %" PRIu32 " bytes",
       channel->local_channel,
       channel->remote_channel,
-      new_window);
+      increment);
 
-  channel->local_window = new_window;
+  channel->local_window += increment;
 
   return SSH_OK;
 error:
@@ -471,7 +501,7 @@ static int grow_window(ssh_session session,
  */
 static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
 {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   uint32_t chan;
   int rc;
 
@@ -485,7 +515,7 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
   channel = ssh_channel_from_local(session, chan);
   if (channel == NULL) {
     ssh_set_error(session, SSH_FATAL,
-        "Server specified invalid channel %"PRIu32,
+        "Server specified invalid channel %" PRIu32,
         (uint32_t) chan);
   }
 
@@ -493,9 +523,11 @@ static ssh_channel channel_from_msg(ssh_session session, ssh_buffer packet)
 }
 
 SSH_PACKET_CALLBACK(channel_rcv_change_window) {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   uint32_t bytes;
   int rc;
+  bool was_empty;
+
   (void)user;
   (void)type;
 
@@ -512,127 +544,157 @@ SSH_PACKET_CALLBACK(channel_rcv_change_window) {
     return SSH_PACKET_USED;
   }
 
-  SSH_LOG(SSH_LOG_PROTOCOL,
-      "Adding %d bytes to channel (%d:%d) (from %d bytes)",
+  SSH_LOG(SSH_LOG_DEBUG,
+      "Adding %" PRIu32 " bytes to channel (%" PRIu32 ":%" PRIu32 ") (from %" PRIu32 " bytes)",
       bytes,
       channel->local_channel,
       channel->remote_channel,
       channel->remote_window);
 
+  was_empty = channel->remote_window == 0;
+
   channel->remote_window += bytes;
 
+  /* Writing to the channel is non-blocking until the receive window is empty.
+     When the receive window becomes non-zero again, call channel_write_wontblock_function. */
+  if (was_empty && bytes > 0) {
+    ssh_callbacks_execute_list(channel->callbacks,
+                               ssh_channel_callbacks,
+                               channel_write_wontblock_function,
+                               session,
+                               channel,
+                               channel->remote_window);
+  }
+
   return SSH_PACKET_USED;
 }
 
 /* is_stderr is set to 1 if the data are extended, ie stderr */
-SSH_PACKET_CALLBACK(channel_rcv_data){
-  ssh_channel channel;
-  ssh_string str;
-  ssh_buffer buf;
-  uint32_t len;
-  int is_stderr;
-  int rest;
-  (void)user;
+SSH_PACKET_CALLBACK(channel_rcv_data)
+{
+    ssh_channel channel = NULL;
+    ssh_string str = NULL;
+    ssh_buffer buf = NULL;
+    void *data = NULL;
+    uint32_t len;
+    int extended, is_stderr = 0;
+    int rest;
 
-  if(type==SSH2_MSG_CHANNEL_DATA)
-	  is_stderr=0;
-  else
-	  is_stderr=1;
+    (void)user;
 
-  channel = channel_from_msg(session,packet);
-  if (channel == NULL) {
-    SSH_LOG(SSH_LOG_FUNCTIONS,
-        "%s", ssh_get_error(session));
+    if (type == SSH2_MSG_CHANNEL_DATA) {
+        extended = 0;
+    } else { /* SSH_MSG_CHANNEL_EXTENDED_DATA */
+        extended = 1;
+    }
 
-    return SSH_PACKET_USED;
-  }
+    channel = channel_from_msg(session, packet);
+    if (channel == NULL) {
+        SSH_LOG(SSH_LOG_FUNCTIONS, "%s", ssh_get_error(session));
 
-  if (is_stderr) {
-    uint32_t ignore;
-    /* uint32 data type code. we can ignore it */
-    ssh_buffer_get_u32(packet, &ignore);
-  }
+        return SSH_PACKET_USED;
+    }
 
-  str = ssh_buffer_get_ssh_string(packet);
-  if (str == NULL) {
-    SSH_LOG(SSH_LOG_PACKET, "Invalid data packet!");
+    if (extended) {
+        uint32_t data_type_code, rc;
+        rc = ssh_buffer_get_u32(packet, &data_type_code);
+        if (rc != sizeof(uint32_t)) {
+            SSH_LOG(SSH_LOG_PACKET,
+                    "Failed to read data type code: rc = %" PRIu32, rc);
 
-    return SSH_PACKET_USED;
-  }
-  len = ssh_string_len(str);
+            return SSH_PACKET_USED;
+        }
+        is_stderr = 1;
+        data_type_code = ntohl(data_type_code);
+        if (data_type_code != SSH2_EXTENDED_DATA_STDERR) {
+            SSH_LOG(SSH_LOG_PACKET, "Invalid data type code %" PRIu32 "!",
+                    data_type_code);
+        }
+    }
 
-  SSH_LOG(SSH_LOG_PACKET,
-      "Channel receiving %u bytes data in %d (local win=%d remote win=%d)",
-      len,
-      is_stderr,
-      channel->local_window,
-      channel->remote_window);
+    str = ssh_buffer_get_ssh_string(packet);
+    if (str == NULL) {
+        SSH_LOG(SSH_LOG_PACKET, "Invalid data packet!");
 
-  /* What shall we do in this case? Let's accept it anyway */
-  if (len > channel->local_window) {
-    SSH_LOG(SSH_LOG_RARE,
-        "Data packet too big for our window(%u vs %d)",
-        len,
-        channel->local_window);
-  }
+        return SSH_PACKET_USED;
+    }
+    len = ssh_string_len(str);
 
-  if (channel_default_bufferize(channel, ssh_string_data(str), len,
-        is_stderr) < 0) {
-    SSH_STRING_FREE(str);
+    SSH_LOG(SSH_LOG_PACKET,
+            "Channel receiving %" PRIu32 " bytes data%s (local win=%" PRIu32
+            " remote win=%" PRIu32 ")",
+            len,
+            is_stderr ? " in stderr"  : "",
+            channel->local_window,
+            channel->remote_window);
 
-    return SSH_PACKET_USED;
-  }
+    if (len > channel->local_window) {
+        SSH_LOG(SSH_LOG_RARE,
+                "Data packet too big for our window(%" PRIu32 " vs %" PRIu32 ")",
+                len,
+                channel->local_window);
+
+        SSH_STRING_FREE(str);
+
+        ssh_set_error(session, SSH_FATAL, "Window exceeded");
+
+        return SSH_PACKET_USED;
+    }
+
+    data = ssh_string_data(str);
+    if (channel_default_bufferize(channel, data, len, is_stderr) < 0) {
+        SSH_STRING_FREE(str);
+
+        return SSH_PACKET_USED;
+    }
 
-  if (len <= channel->local_window) {
     channel->local_window -= len;
-  } else {
-    channel->local_window = 0; /* buggy remote */
-  }
 
-  SSH_LOG(SSH_LOG_PACKET,
-      "Channel windows are now (local win=%d remote win=%d)",
-      channel->local_window,
-      channel->remote_window);
+    SSH_LOG(SSH_LOG_PACKET,
+            "Channel windows are now (local win=%" PRIu32 " remote win=%" PRIu32 ")",
+            channel->local_window,
+            channel->remote_window);
 
-  SSH_STRING_FREE(str);
+    SSH_STRING_FREE(str);
 
-  if (is_stderr) {
-      buf = channel->stderr_buffer;
-  } else {
-      buf = channel->stdout_buffer;
-  }
+    if (is_stderr) {
+        buf = channel->stderr_buffer;
+    } else {
+        buf = channel->stdout_buffer;
+    }
 
-  ssh_callbacks_iterate(channel->callbacks,
-                        ssh_channel_callbacks,
-                        channel_data_function) {
-      if (ssh_buffer_get(buf) == NULL) {
-          break;
-      }
-      rest = ssh_callbacks_iterate_exec(channel_data_function,
-                                        channel->session,
-                                        channel,
-                                        ssh_buffer_get(buf),
-                                        ssh_buffer_get_len(buf),
-                                        is_stderr);
-      if (rest > 0) {
-          if (channel->counter != NULL) {
-              channel->counter->in_bytes += rest;
-          }
-          ssh_buffer_pass_bytes(buf, rest);
-      }
-  }
-  ssh_callbacks_iterate_end();
+    ssh_callbacks_iterate(channel->callbacks,
+                          ssh_channel_callbacks,
+                          channel_data_function) {
+        if (ssh_buffer_get(buf) == NULL) {
+            break;
+        }
+        rest = ssh_callbacks_iterate_exec(channel_data_function,
+                                          channel->session,
+                                          channel,
+                                          ssh_buffer_get(buf),
+                                          ssh_buffer_get_len(buf),
+                                          is_stderr);
+        if (rest > 0) {
+            int rc;
+            if (channel->counter != NULL) {
+                channel->counter->in_bytes += rest;
+            }
+            ssh_buffer_pass_bytes(buf, rest);
 
-  if (channel->local_window + ssh_buffer_get_len(buf) < WINDOWLIMIT) {
-      if (grow_window(session, channel, 0) < 0) {
-          return -1;
-      }
-  }
-  return SSH_PACKET_USED;
+            rc = grow_window(session, channel);
+            if (rc == SSH_ERROR) {
+              return -1;
+            }
+        }
+    }
+    ssh_callbacks_iterate_end();
+
+    return SSH_PACKET_USED;
 }
 
 SSH_PACKET_CALLBACK(channel_rcv_eof) {
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   (void)user;
   (void)type;
 
@@ -644,7 +706,7 @@ SSH_PACKET_CALLBACK(channel_rcv_eof) {
   }
 
   SSH_LOG(SSH_LOG_PACKET,
-      "Received eof on channel (%d:%d)",
+      "Received eof on channel (%" PRIu32 ":%" PRIu32 ")",
       channel->local_channel,
       channel->remote_channel);
   /* channel->remote_window = 0; */
@@ -676,8 +738,9 @@ static bool ssh_channel_has_unread_data(ssh_channel channel)
     return false;
 }
 
-SSH_PACKET_CALLBACK(channel_rcv_close) {
-    ssh_channel channel;
+SSH_PACKET_CALLBACK(channel_rcv_close)
+{
+    ssh_channel channel = NULL;
     (void)user;
     (void)type;
 
@@ -689,7 +752,7 @@ SSH_PACKET_CALLBACK(channel_rcv_close) {
     }
 
     SSH_LOG(SSH_LOG_PACKET,
-        "Received close on channel (%d:%d)",
+        "Received close on channel (%" PRIu32 ":%" PRIu32 ")",
         channel->local_channel,
         channel->remote_channel);
 
@@ -722,98 +785,103 @@ SSH_PACKET_CALLBACK(channel_rcv_close) {
     return SSH_PACKET_USED;
 }
 
-SSH_PACKET_CALLBACK(channel_rcv_request) {
-	ssh_channel channel;
-	char *request=NULL;
+SSH_PACKET_CALLBACK(channel_rcv_request)
+{
+    ssh_channel channel = NULL;
+    char *request = NULL;
     uint8_t want_reply;
     int rc;
-	(void)user;
-	(void)type;
-
-	channel = channel_from_msg(session,packet);
-	if (channel == NULL) {
-		SSH_LOG(SSH_LOG_FUNCTIONS,"%s", ssh_get_error(session));
-		return SSH_PACKET_USED;
-	}
-
-	rc = ssh_buffer_unpack(packet, "sb",
-	        &request,
-	        &want_reply);
-	if (rc != SSH_OK) {
-		SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
-		return SSH_PACKET_USED;
-	}
-
-	if (strcmp(request,"exit-status") == 0) {
+    (void)user;
+    (void)type;
+
+    channel = channel_from_msg(session, packet);
+    if (channel == NULL) {
+        SSH_LOG(SSH_LOG_FUNCTIONS, "%s", ssh_get_error(session));
+        return SSH_PACKET_USED;
+    }
+
+    rc = ssh_buffer_unpack(packet, "sb", &request, &want_reply);
+    if (rc != SSH_OK) {
+        SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
+        return SSH_PACKET_USED;
+    }
+
+    if (strcmp(request, "exit-status") == 0) {
         SAFE_FREE(request);
-        rc = ssh_buffer_unpack(packet, "d", &channel->exit_status);
+        rc = ssh_buffer_unpack(packet, "d", &channel->exit.code);
         if (rc != SSH_OK) {
             SSH_LOG(SSH_LOG_PACKET, "Invalid exit-status packet");
             return SSH_PACKET_USED;
         }
-        SSH_LOG(SSH_LOG_PACKET, "received exit-status %d", channel->exit_status);
+        channel->exit.status = true;
+
+        SSH_LOG(SSH_LOG_PACKET,
+                "received exit-status %u",
+                channel->exit.code);
 
         ssh_callbacks_execute_list(channel->callbacks,
                                    ssh_channel_callbacks,
                                    channel_exit_status_function,
                                    channel->session,
                                    channel,
-                                   channel->exit_status);
+                                   channel->exit.code);
 
-		return SSH_PACKET_USED;
-	}
+        return SSH_PACKET_USED;
+    }
 
-	if (strcmp(request,"signal") == 0) {
+    if (strcmp(request, "signal") == 0) {
         char *sig = NULL;
 
-		SAFE_FREE(request);
-		SSH_LOG(SSH_LOG_PACKET, "received signal");
+        SAFE_FREE(request);
+        SSH_LOG(SSH_LOG_PACKET, "received signal");
 
-		rc = ssh_buffer_unpack(packet, "s", &sig);
-		if (rc != SSH_OK) {
-			SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
-			return SSH_PACKET_USED;
-		}
+        rc = ssh_buffer_unpack(packet, "s", &sig);
+        if (rc != SSH_OK) {
+            SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
+            return SSH_PACKET_USED;
+        }
 
-		SSH_LOG(SSH_LOG_PACKET,
-				"Remote connection sent a signal SIG %s", sig);
+        SSH_LOG(SSH_LOG_PACKET, "Remote connection sent a signal SIG %s", sig);
         ssh_callbacks_execute_list(channel->callbacks,
                                    ssh_channel_callbacks,
                                    channel_signal_function,
                                    channel->session,
                                    channel,
                                    sig);
-		SAFE_FREE(sig);
-
-		return SSH_PACKET_USED;
-	}
-
-	if (strcmp(request, "exit-signal") == 0) {
-		const char *core = "(core dumped)";
-		char *sig = NULL;
-		char *errmsg = NULL;
-		char *lang = NULL;
-		uint8_t core_dumped;
-
-		SAFE_FREE(request);
-
-		rc = ssh_buffer_unpack(packet, "sbss",
-		        &sig, /* signal name */
-		        &core_dumped,    /* core dumped */
-		        &errmsg, /* error message */
-		        &lang);
-		if (rc != SSH_OK) {
-			SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
-			return SSH_PACKET_USED;
-		}
-
-		if (core_dumped == 0) {
-			core = "";
-		}
-
-		SSH_LOG(SSH_LOG_PACKET,
-				"Remote connection closed by signal SIG %s %s", sig, core);
-		ssh_callbacks_execute_list(channel->callbacks,
+        SAFE_FREE(sig);
+
+        return SSH_PACKET_USED;
+    }
+
+    if (strcmp(request, "exit-signal") == 0) {
+        const char *core = "(core dumped)";
+        char *sig = NULL;
+        char *errmsg = NULL;
+        char *lang = NULL;
+        uint8_t core_dumped;
+
+        SAFE_FREE(request);
+
+        rc = ssh_buffer_unpack(packet,
+                               "sbss",
+                               &sig,         /* signal name */
+                               &core_dumped, /* core dumped */
+                               &errmsg,      /* error message */
+                               &lang);
+        if (rc != SSH_OK) {
+            SSH_LOG(SSH_LOG_PACKET, "Invalid MSG_CHANNEL_REQUEST");
+            return SSH_PACKET_USED;
+        }
+
+        if (core_dumped == 0) {
+            core = "";
+        }
+
+        SSH_LOG(SSH_LOG_PACKET,
+                "Remote connection closed by signal SIG %s %s",
+                sig,
+                core);
+        ssh_callbacks_execute_list(channel->callbacks,
                                    ssh_channel_callbacks,
                                    channel_exit_signal_function,
                                    channel->session,
@@ -823,73 +891,84 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
                                    errmsg,
                                    lang);
 
+        channel->exit.core_dumped = core_dumped;
+        if (sig != NULL) {
+            SAFE_FREE(channel->exit.signal);
+            channel->exit.signal = sig;
+        }
+        channel->exit.status = true;
+
         SAFE_FREE(lang);
         SAFE_FREE(errmsg);
-		SAFE_FREE(sig);
-
-		return SSH_PACKET_USED;
-	}
-	if(strcmp(request,"keepalive@openssh.com")==0){
-	  SAFE_FREE(request);
-	  SSH_LOG(SSH_LOG_PROTOCOL,"Responding to Openssh's keepalive");
-
-      rc = ssh_buffer_pack(session->out_buffer,
-                           "bd",
-                           SSH2_MSG_CHANNEL_FAILURE,
-                           channel->remote_channel);
-      if (rc != SSH_OK) {
-          return SSH_PACKET_USED;
-      }
-	  ssh_packet_send(session);
 
-	  return SSH_PACKET_USED;
-	}
-
-  if (strcmp(request, "auth-agent-req@openssh.com") == 0) {
-    int status;
-
-    SAFE_FREE(request);
-    SSH_LOG(SSH_LOG_PROTOCOL, "Received an auth-agent-req request");
-
-    status = SSH2_MSG_CHANNEL_FAILURE;
-    ssh_callbacks_iterate(channel->callbacks,
-                          ssh_channel_callbacks,
-                          channel_auth_agent_req_function) {
-        ssh_callbacks_iterate_exec(channel_auth_agent_req_function,
-                                   channel->session,
-                                   channel);
-        /* in lieu of a return value, if the callback exists it's supported */
-        status = SSH2_MSG_CHANNEL_SUCCESS;
-        break;
+        return SSH_PACKET_USED;
     }
-    ssh_callbacks_iterate_end();
+    if (strcmp(request, "keepalive@openssh.com") == 0) {
+        SAFE_FREE(request);
+        SSH_LOG(SSH_LOG_DEBUG, "Responding to Openssh's keepalive");
 
-    if (want_reply) {
         rc = ssh_buffer_pack(session->out_buffer,
                              "bd",
-                             status,
+                             SSH2_MSG_CHANNEL_FAILURE,
                              channel->remote_channel);
         if (rc != SSH_OK) {
             return SSH_PACKET_USED;
         }
         ssh_packet_send(session);
+
+        return SSH_PACKET_USED;
     }
 
-    return SSH_PACKET_USED;
-  }
+    if (strcmp(request, "auth-agent-req@openssh.com") == 0) {
+        int status;
+
+        SAFE_FREE(request);
+        SSH_LOG(SSH_LOG_DEBUG, "Received an auth-agent-req request");
+
+        status = SSH2_MSG_CHANNEL_FAILURE;
+        ssh_callbacks_iterate (channel->callbacks,
+                               ssh_channel_callbacks,
+                               channel_auth_agent_req_function) {
+            ssh_callbacks_iterate_exec(channel_auth_agent_req_function,
+                                       channel->session,
+                                       channel);
+            /* in lieu of a return value, if the callback exists it's supported
+             */
+            status = SSH2_MSG_CHANNEL_SUCCESS;
+            break;
+        }
+        ssh_callbacks_iterate_end();
+
+        if (want_reply) {
+            rc = ssh_buffer_pack(session->out_buffer,
+                                 "bd",
+                                 status,
+                                 channel->remote_channel);
+            if (rc != SSH_OK) {
+                return SSH_PACKET_USED;
+            }
+            ssh_packet_send(session);
+        }
+
+        return SSH_PACKET_USED;
+    }
 #ifdef WITH_SERVER
-	/* If we are here, that means we have a request that is not in the understood
-	 * client requests. That means we need to create a ssh message to be passed
-	 * to the user code handling ssh messages
-	 */
-	ssh_message_handle_channel_request(session,channel,packet,request,want_reply);
+    /* If we are here, that means we have a request that is not in the
+     * understood client requests. That means we need to create a ssh message to
+     * be passed to the user code handling ssh messages
+     */
+    ssh_message_handle_channel_request(session,
+                                       channel,
+                                       packet,
+                                       request,
+                                       want_reply);
 #else
-    SSH_LOG(SSH_LOG_WARNING, "Unhandled channel request %s", request);
+    SSH_LOG(SSH_LOG_DEBUG, "Unhandled channel request %s", request);
 #endif
 
-	SAFE_FREE(request);
+    SAFE_FREE(request);
 
-	return SSH_PACKET_USED;
+    return SSH_PACKET_USED;
 }
 
 /*
@@ -902,7 +981,7 @@ int channel_default_bufferize(ssh_channel channel,
                               void *data, uint32_t len,
                               bool is_stderr)
 {
-  ssh_session session;
+  ssh_session session = NULL;
 
   if(channel == NULL) {
       return -1;
@@ -916,7 +995,7 @@ int channel_default_bufferize(ssh_channel channel,
   }
 
   SSH_LOG(SSH_LOG_PACKET,
-          "placing %u bytes into channel buffer (%s)",
+          "placing %" PRIu32 " bytes into channel buffer (%s)",
           len,
           is_stderr ? "stderr" : "stdout");
   if (!is_stderr) {
@@ -979,7 +1058,7 @@ int ssh_channel_open_session(ssh_channel channel)
 
   return channel_open(channel,
                       "session",
-                      CHANNEL_INITIAL_WINDOW,
+                      WINDOW_DEFAULT,
                       CHANNEL_MAX_PACKET,
                       NULL);
 }
@@ -1007,7 +1086,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel)
 
   return channel_open(channel,
                       "auth-agent@openssh.com",
-                      CHANNEL_INITIAL_WINDOW,
+                      WINDOW_DEFAULT,
                       CHANNEL_MAX_PACKET,
                       NULL);
 }
@@ -1041,7 +1120,7 @@ int ssh_channel_open_auth_agent(ssh_channel channel)
 int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
     int remoteport, const char *sourcehost, int localport)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   ssh_buffer payload = NULL;
   ssh_string str = NULL;
   int rc = SSH_ERROR;
@@ -1076,7 +1155,7 @@ int ssh_channel_open_forward(ssh_channel channel, const char *remotehost,
 
   rc = channel_open(channel,
                     "direct-tcpip",
-                    CHANNEL_INITIAL_WINDOW,
+                    WINDOW_DEFAULT,
                     CHANNEL_MAX_PACKET,
                     payload);
 
@@ -1159,7 +1238,7 @@ int ssh_channel_open_forward_unix(ssh_channel channel,
 
     rc = channel_open(channel,
                       "direct-streamlocal@openssh.com",
-                      CHANNEL_INITIAL_WINDOW,
+                      WINDOW_DEFAULT,
                       CHANNEL_MAX_PACKET,
                       payload);
 
@@ -1179,7 +1258,7 @@ int ssh_channel_open_forward_unix(ssh_channel channel,
  */
 void ssh_channel_free(ssh_channel channel)
 {
-    ssh_session session;
+    ssh_session session = NULL;
 
     if (channel == NULL) {
         return;
@@ -1212,6 +1291,11 @@ void ssh_channel_free(ssh_channel channel)
     }
     channel->flags |= SSH_CHANNEL_FLAG_FREED_LOCAL;
 
+    if (channel->callbacks != NULL) {
+        ssh_list_free(channel->callbacks);
+        channel->callbacks = NULL;
+    }
+
     /* The idea behind the flags is the following : it is well possible
      * that a client closes a channel that still exists on the server side.
      * We definitively close the channel when we receive a close message *and*
@@ -1245,6 +1329,7 @@ void ssh_channel_do_free(ssh_channel channel)
         ssh_list_free(channel->callbacks);
         channel->callbacks = NULL;
     }
+    SAFE_FREE(channel->exit.signal);
 
     channel->session = NULL;
     SAFE_FREE(channel);
@@ -1280,7 +1365,7 @@ void ssh_channel_do_free(ssh_channel channel)
  */
 int ssh_channel_send_eof(ssh_channel channel)
 {
-    ssh_session session;
+    ssh_session session = NULL;
     int rc = SSH_ERROR;
     int err;
 
@@ -1306,7 +1391,7 @@ int ssh_channel_send_eof(ssh_channel channel)
 
     rc = ssh_packet_send(session);
     SSH_LOG(SSH_LOG_PACKET,
-        "Sent a EOF on client channel (%d:%d)",
+        "Sent a EOF on client channel (%" PRIu32 ":%" PRIu32 ")",
         channel->local_channel,
         channel->remote_channel);
     if (rc != SSH_OK) {
@@ -1341,7 +1426,7 @@ int ssh_channel_send_eof(ssh_channel channel)
  */
 int ssh_channel_close(ssh_channel channel)
 {
-    ssh_session session;
+    ssh_session session = NULL;
     int rc = 0;
 
     if(channel == NULL) {
@@ -1371,7 +1456,7 @@ int ssh_channel_close(ssh_channel channel)
 
     rc = ssh_packet_send(session);
     SSH_LOG(SSH_LOG_PACKET,
-            "Sent a close on client channel (%d:%d)",
+            "Sent a close on client channel (%" PRIu32 ":%" PRIu32 ")",
             channel->local_channel,
             channel->remote_channel);
 
@@ -1437,10 +1522,9 @@ static int channel_write_common(ssh_channel channel,
                                 const void *data,
                                 uint32_t len, int is_stderr)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   uint32_t origlen = len;
   size_t effectivelen;
-  size_t maxpacketlen;
   int rc;
 
   if(channel == NULL) {
@@ -1453,20 +1537,14 @@ static int channel_write_common(ssh_channel channel,
   }
 
   if (len > INT_MAX) {
-      SSH_LOG(SSH_LOG_PROTOCOL,
-              "Length (%u) is bigger than INT_MAX", len);
+      SSH_LOG(SSH_LOG_TRACE,
+              "Length (%" PRIu32 ") is bigger than INT_MAX", len);
       return SSH_ERROR;
   }
 
-  /*
-   * Handle the max packet len from remote side, be nice
-   * 10 bytes for the headers
-   */
-  maxpacketlen = channel->remote_maxpacket - 10;
-
   if (channel->local_eof) {
     ssh_set_error(session, SSH_REQUEST_DENIED,
-        "Can't write to channel %d:%d  after EOF was sent",
+        "Can't write to channel %" PRIu32 ":%" PRIu32 "  after EOF was sent",
         channel->local_channel,
         channel->remote_channel);
     return -1;
@@ -1490,14 +1568,14 @@ static int channel_write_common(ssh_channel channel,
   }
   while (len > 0) {
     if (channel->remote_window < len) {
-      SSH_LOG(SSH_LOG_PROTOCOL,
-          "Remote window is %d bytes. going to write %d bytes",
+      SSH_LOG(SSH_LOG_DEBUG,
+          "Remote window is %" PRIu32 " bytes. going to write %" PRIu32 " bytes",
           channel->remote_window,
           len);
-      /* What happens when the channel window is zero? */
+      /* When the window is zero, wait for it to grow */
       if(channel->remote_window == 0) {
           /* nothing can be written */
-          SSH_LOG(SSH_LOG_PROTOCOL,
+          SSH_LOG(SSH_LOG_DEBUG,
                 "Wait for a growing window message...");
           rc = ssh_handle_packets_termination(session, SSH_TIMEOUT_DEFAULT,
               ssh_channel_waitwindow_termination,channel);
@@ -1508,12 +1586,17 @@ static int channel_write_common(ssh_channel channel,
             goto out;
           continue;
       }
+      /* When the window is non-zero, accept data up to the window size */
       effectivelen = MIN(len, channel->remote_window);
     } else {
       effectivelen = len;
     }
 
-    effectivelen = MIN(effectivelen, maxpacketlen);
+    /*
+     * Like OpenSSH, don't subtract bytes for the header fields
+     * and allow to send a payload of remote_maxpacket length.
+     */
+    effectivelen = MIN(effectivelen, channel->remote_maxpacket);
 
     rc = ssh_buffer_pack(session->out_buffer,
                          "bd",
@@ -1539,7 +1622,8 @@ static int channel_write_common(ssh_channel channel,
     rc = ssh_buffer_pack(session->out_buffer,
                          "dP",
                          effectivelen,
-                         (size_t)effectivelen, data);
+                         (size_t)effectivelen,
+                         data);
     if (rc != SSH_OK) {
         ssh_set_error_oom(session);
         goto error;
@@ -1694,7 +1778,7 @@ void ssh_channel_set_blocking(ssh_channel channel, int blocking)
  * @brief handle a SSH_CHANNEL_SUCCESS packet and set the channel state.
  */
 SSH_PACKET_CALLBACK(ssh_packet_channel_success){
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   (void)type;
   (void)user;
 
@@ -1705,7 +1789,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
   }
 
   SSH_LOG(SSH_LOG_PACKET,
-      "Received SSH_CHANNEL_SUCCESS on channel (%d:%d)",
+      "Received SSH_CHANNEL_SUCCESS on channel (%" PRIu32 ":%" PRIu32 ")",
       channel->local_channel,
       channel->remote_channel);
   if(channel->request_state != SSH_CHANNEL_REQ_STATE_PENDING){
@@ -1713,6 +1797,12 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
         channel->request_state);
   } else {
     channel->request_state=SSH_CHANNEL_REQ_STATE_ACCEPTED;
+
+    ssh_callbacks_execute_list(channel->callbacks,
+                               ssh_channel_callbacks,
+                               channel_request_response_function,
+                               channel->session,
+                               channel);
   }
 
   return SSH_PACKET_USED;
@@ -1724,7 +1814,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_success){
  * @brief Handle a SSH_CHANNEL_FAILURE packet and set the channel state.
  */
 SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
-  ssh_channel channel;
+  ssh_channel channel = NULL;
   (void)type;
   (void)user;
 
@@ -1736,7 +1826,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
   }
 
   SSH_LOG(SSH_LOG_PACKET,
-      "Received SSH_CHANNEL_FAILURE on channel (%d:%d)",
+      "Received SSH_CHANNEL_FAILURE on channel (%" PRIu32 ":%" PRIu32 ")",
       channel->local_channel,
       channel->remote_channel);
   if(channel->request_state != SSH_CHANNEL_REQ_STATE_PENDING){
@@ -1744,6 +1834,12 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_failure){
         channel->request_state);
   } else {
     channel->request_state=SSH_CHANNEL_REQ_STATE_DENIED;
+
+    ssh_callbacks_execute_list(channel->callbacks,
+                               ssh_channel_callbacks,
+                               channel_request_response_function,
+                               channel->session,
+                               channel);
   }
 
   return SSH_PACKET_USED;
@@ -1822,7 +1918,7 @@ static int channel_request(ssh_channel channel, const char *request,
       rc=SSH_ERROR;
       break;
     case SSH_CHANNEL_REQ_STATE_ACCEPTED:
-      SSH_LOG(SSH_LOG_PROTOCOL,
+      SSH_LOG(SSH_LOG_DEBUG,
           "Channel request %s success",request);
       rc=SSH_OK;
       break;
@@ -1855,15 +1951,19 @@ static int channel_request(ssh_channel channel, const char *request,
  *
  * @param[in]  row      The number of rows.
  *
+ * @param[in]  modes    Encoded SSH terminal modes for the PTY
+ *
+ * @param[in]  modes_len Number of bytes in 'modes'
+ *
  * @return              SSH_OK on success,
  *                      SSH_ERROR if an error occurred,
  *                      SSH_AGAIN if in nonblocking mode and call has
  *                      to be done again.
  */
-int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
-    int col, int row)
+int ssh_channel_request_pty_size_modes(ssh_channel channel, const char *terminal,
+    int col, int row, const unsigned char* modes, size_t modes_len)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   ssh_buffer buffer = NULL;
   int rc = SSH_ERROR;
 
@@ -1891,14 +1991,15 @@ int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
   }
 
   rc = ssh_buffer_pack(buffer,
-                       "sdddddb",
+                       "sdddddP",
                        terminal,
                        col,
                        row,
                        0, /* pix */
                        0, /* pix */
-                       1, /* add a 0byte string */
-                       0);
+                       (uint32_t)modes_len,
+                       (size_t)modes_len,
+                       modes);
 
   if (rc != SSH_OK) {
     ssh_set_error_oom(session);
@@ -1912,6 +2013,23 @@ int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
   return rc;
 }
 
+int ssh_channel_request_pty_size(ssh_channel channel, const char *terminal,
+    int col, int row)
+{
+    /* use modes from the current TTY */
+    unsigned char modes_buf[SSH_TTY_MODES_MAX_BUFSIZE];
+    int rc = encode_current_tty_opts(modes_buf, sizeof(modes_buf));
+    if (rc < 0) {
+        return rc;
+    }
+    return ssh_channel_request_pty_size_modes(channel,
+                                              terminal,
+                                              col,
+                                              row,
+                                              modes_buf,
+                                              (size_t)rc);
+}
+
 /**
  * @brief Request a PTY.
  *
@@ -2174,7 +2292,7 @@ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
 #endif
   ssh_message msg = NULL;
   ssh_channel channel = NULL;
-  struct ssh_iterator *iterator;
+  struct ssh_iterator *iterator = NULL;
   int t;
 
   /*
@@ -2396,7 +2514,7 @@ int ssh_global_request(ssh_session session,
   }
   switch(session->global_req_state){
     case SSH_CHANNEL_REQ_STATE_ACCEPTED:
-      SSH_LOG(SSH_LOG_PROTOCOL, "Global request %s success",request);
+      SSH_LOG(SSH_LOG_DEBUG, "Global request %s success",request);
       rc=SSH_OK;
       break;
     case SSH_CHANNEL_REQ_STATE_DENIED:
@@ -2499,7 +2617,8 @@ ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms)
 
 /**
  * @brief Accept an incoming TCP/IP forwarding channel and get some information
- * about incomming connection
+ * about incoming connection
+ *
  * @param[in]  session    The ssh session to use.
  *
  * @param[in]  timeout_ms A timeout in milliseconds.
@@ -2515,7 +2634,8 @@ ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int*
 
 /**
  * @brief Accept an incoming TCP/IP forwarding channel and get information
- * about incomming connection
+ * about incoming connection
+ *
  * @param[in]  session    The ssh session to use.
  *
  * @param[in]  timeout_ms A timeout in milliseconds.
@@ -2813,7 +2933,6 @@ int ssh_channel_request_send_break(ssh_channel channel, uint32_t length)
     return rc;
 }
 
-
 /**
  * @brief Read data from a channel into a buffer.
  *
@@ -2827,8 +2946,8 @@ int ssh_channel_request_send_break(ssh_channel channel, uint32_t length)
  *
  * @param is_stderr     A boolean value to mark reading from the stderr stream.
  *
- * @return              The number of bytes read, 0 on end of file or SSH_ERROR
- *                      on error.
+ * @return              The number of bytes read, 0 on end of file, SSH_AGAIN on
+ *                      timeout and SSH_ERROR on error.
  * @deprecated          Please use ssh_channel_read instead
  * @warning             This function doesn't work in nonblocking/timeout mode
  * @see ssh_channel_read
@@ -2836,7 +2955,7 @@ int ssh_channel_request_send_break(ssh_channel channel, uint32_t length)
 int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
     int is_stderr)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   char *buffer_tmp = NULL;
   int r;
   uint32_t total=0;
@@ -2906,14 +3025,13 @@ int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
 
 struct ssh_channel_read_termination_struct {
   ssh_channel channel;
-  uint32_t count;
   ssh_buffer buffer;
 };
 
 static int ssh_channel_read_termination(void *s)
 {
   struct ssh_channel_read_termination_struct *ctx = s;
-  if (ssh_buffer_get_len(ctx->buffer) >= ctx->count ||
+  if (ssh_buffer_get_len(ctx->buffer) >= 1 ||
       ctx->channel->remote_eof ||
       ctx->channel->session->session_state == SSH_SESSION_STATE_ERROR)
     return 1;
@@ -2921,8 +3039,6 @@ static int ssh_channel_read_termination(void *s)
     return 0;
 }
 
-/* TODO: FIXME Fix the blocking behaviours */
-
 /**
  * @brief Reads data from a channel.
  *
@@ -2934,9 +3050,8 @@ static int ssh_channel_read_termination(void *s)
  *
  * @param[in]  is_stderr A boolean value to mark reading from the stderr flow.
  *
- * @return              The number of bytes read, 0 on end of file or SSH_ERROR
- *                      on error. In nonblocking mode it can return 0 if no data
- *                      is available or SSH_AGAIN.
+ * @return              The number of bytes read, 0 on end of file, SSH_AGAIN on
+ *                      timeout and SSH_ERROR on error.
  *
  * @warning This function may return less than count bytes of data, and won't
  *          block until count bytes have been read.
@@ -2964,9 +3079,8 @@ int ssh_channel_read(ssh_channel channel, void *dest, uint32_t count, int is_std
  * @param[in]  timeout_ms  A timeout in milliseconds. A value of -1 means
  *                         infinite timeout.
  *
- * @return              The number of bytes read, 0 on end of file or SSH_ERROR
- *                      on error. In nonblocking mode it Can return 0 if no data
- *                      is available or SSH_AGAIN.
+ * @return              The number of bytes read, 0 on end of file, SSH_AGAIN on
+ *                      timeout, SSH_ERROR on error.
  *
  * @warning This function may return less than count bytes of data, and won't
  *          block until count bytes have been read.
@@ -2977,7 +3091,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
                              int is_stderr,
                              int timeout_ms)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   ssh_buffer stdbuf;
   uint32_t len;
   struct ssh_channel_read_termination_struct ctx;
@@ -3002,28 +3116,17 @@ int ssh_channel_read_timeout(ssh_channel channel,
     stdbuf=channel->stderr_buffer;
   }
 
-  /*
-   * We may have problem if the window is too small to accept as much data
-   * as asked
-   */
   SSH_LOG(SSH_LOG_PACKET,
-      "Read (%d) buffered : %d bytes. Window: %d",
+      "Read (%" PRIu32 ") buffered : %" PRIu32 " bytes. Window: %" PRIu32,
       count,
       ssh_buffer_get_len(stdbuf),
       channel->local_window);
 
-  if (count > ssh_buffer_get_len(stdbuf) + channel->local_window) {
-    if (grow_window(session, channel, count - ssh_buffer_get_len(stdbuf)) < 0) {
-      return -1;
-    }
-  }
-
   /* block reading until at least one byte has been read
   *  and ignore the trivial case count=0
   */
   ctx.channel = channel;
   ctx.buffer = stdbuf;
-  ctx.count = 1;
 
   if (timeout_ms < SSH_TIMEOUT_DEFAULT) {
       timeout_ms = SSH_TIMEOUT_INFINITE;
@@ -3033,8 +3136,8 @@ int ssh_channel_read_timeout(ssh_channel channel,
                                       timeout_ms,
                                       ssh_channel_read_termination,
                                       &ctx);
-  if (rc == SSH_ERROR){
-    return rc;
+  if (rc == SSH_ERROR || rc == SSH_AGAIN) {
+      return rc;
   }
 
   /*
@@ -3065,11 +3168,10 @@ int ssh_channel_read_timeout(ssh_channel channel,
   if (channel->delayed_close && !ssh_channel_has_unread_data(channel)) {
       channel->state = SSH_CHANNEL_STATE_CLOSED;
   }
-  /* Authorize some buffering while userapp is busy */
-  if (channel->local_window < WINDOWLIMIT) {
-    if (grow_window(session, channel, 0) < 0) {
-      return -1;
-    }
+
+  rc = grow_window(session, channel);
+  if (rc == SSH_ERROR) {
+    return -1;
   }
 
   return len;
@@ -3079,7 +3181,7 @@ int ssh_channel_read_timeout(ssh_channel channel,
  * @brief Do a nonblocking read on the channel.
  *
  * A nonblocking read on the specified channel. it will return <= count bytes of
- * data read atomically.
+ * data read atomically. It will also trigger any callbacks set on the channel.
  *
  * @param[in]  channel  The channel to read from.
  *
@@ -3089,10 +3191,8 @@ int ssh_channel_read_timeout(ssh_channel channel,
  *
  * @param[in]  is_stderr A boolean to select the stderr stream.
  *
- * @return              The number of bytes read, 0 if nothing is available or
- *                      SSH_ERROR on error.
- *
- * @warning Don't forget to check for EOF as it would return 0 here.
+ * @return              The number of bytes read, SSH_AGAIN if nothing is
+ * available, SSH_ERROR on error, and SSH_EOF if the channel is EOF.
  *
  * @see ssh_channel_is_eof()
  */
@@ -3101,7 +3201,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
                                  uint32_t count,
                                  int is_stderr)
 {
-    ssh_session session;
+    ssh_session session = NULL;
     uint32_t to_read;
     int rc;
     int blocking;
@@ -3142,6 +3242,8 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
 /**
  * @brief Polls a channel for data to read.
  *
+ * If callbacks are set on the channel, they will be called.
+ *
  * @param[in]  channel  The channel to poll.
  *
  * @param[in]  is_stderr A boolean to select the stderr stream.
@@ -3169,7 +3271,7 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr)
     stdbuf = channel->stderr_buffer;
   }
 
-  if (ssh_buffer_get_len(stdbuf) == 0 && channel->remote_eof == 0) {
+  if (channel->remote_eof == 0) {
     if (channel->session->session_state == SSH_SESSION_STATE_ERROR){
       return SSH_ERROR;
     }
@@ -3211,8 +3313,8 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr)
  */
 int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
 {
-    ssh_session session;
-    ssh_buffer stdbuf;
+    ssh_session session = NULL;
+    ssh_buffer stdbuf = NULL;
     struct ssh_channel_read_termination_struct ctx;
     size_t len;
     int rc;
@@ -3229,7 +3331,6 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
     }
     ctx.buffer = stdbuf;
     ctx.channel = channel;
-    ctx.count = 1;
     rc = ssh_handle_packets_termination(channel->session,
                                         timeout,
                                         ssh_channel_read_termination,
@@ -3280,17 +3381,95 @@ ssh_session ssh_channel_get_session(ssh_channel channel)
 
 static int ssh_channel_exit_status_termination(void *c)
 {
-  ssh_channel channel = c;
-  if(channel->exit_status != -1 ||
-      /* When a channel is closed, no exit status message can
-       * come anymore */
-      (channel->flags & SSH_CHANNEL_FLAG_CLOSED_REMOTE) ||
-      channel->session->session_state == SSH_SESSION_STATE_ERROR)
-    return 1;
-  else
+    ssh_channel channel = c;
+    if (channel->exit.status ||
+        /* When a channel is closed, no exit status message can
+         * come anymore */
+        (channel->flags & SSH_CHANNEL_FLAG_CLOSED_REMOTE) ||
+        channel->session->session_state == SSH_SESSION_STATE_ERROR)
+    {
+        return 1;
+    }
     return 0;
 }
 
+/**
+ * @brief Get the exit state of the channel (error code from the executed
+ *        instruction or signal).
+ *
+ * @param[in]  channel  The channel to get the status from.
+ *
+ * @param[out] pexit_code   A pointer to an uint32_t to store the exit status.
+ *
+ * @param[out] pexit_signal A pointer to store the exit signal as a string.
+ *                         The signal is without the SIG prefix, e.g. "TERM" or
+ *                         "KILL"). The caller has to free the memory.
+ *
+ * @param[out] pcore_dumped A pointer to store a boolean value if it dumped a
+ *                          core.
+ *
+ * @return              SSH_OK on success, SSH_AGAIN if we don't have a status
+ *                      or an SSH error.
+ * @warning             This function may block until a timeout (or never)
+ *                      if the other side is not willing to close the channel.
+ *                      When a channel is freed the function returns
+ *                      SSH_ERROR immediately.
+ *
+ * If you're looking for an async handling of this register a callback for the
+ * exit status!
+ *
+ * @see ssh_channel_exit_status_callback
+ * @see ssh_channel_exit_signal_callback
+ */
+int ssh_channel_get_exit_state(ssh_channel channel,
+                               uint32_t *pexit_code,
+                               char **pexit_signal,
+                               int *pcore_dumped)
+{
+    ssh_session session = NULL;
+    int rc;
+
+    if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
+        return SSH_ERROR;
+    }
+    session = channel->session;
+
+    rc = ssh_handle_packets_termination(channel->session,
+                                        SSH_TIMEOUT_DEFAULT,
+                                        ssh_channel_exit_status_termination,
+                                        channel);
+    if (rc == SSH_ERROR || channel->session->session_state ==
+        SSH_SESSION_STATE_ERROR) {
+        return SSH_ERROR;
+    }
+
+    /* If we don't have any kind of exit state, return SSH_AGAIN */
+    if (!channel->exit.status) {
+        return SSH_AGAIN;
+    }
+
+    if (pexit_code != NULL) {
+        *pexit_code = channel->exit.code;
+    }
+
+    if (pexit_signal != NULL) {
+        *pexit_signal = NULL;
+        if (channel->exit.signal != NULL) {
+            *pexit_signal = strdup(channel->exit.signal);
+            if (pexit_signal == NULL) {
+                ssh_set_error_oom(session);
+                return SSH_ERROR;
+            }
+        }
+    }
+
+    if (pcore_dumped != NULL) {
+        *pcore_dumped = channel->exit.core_dumped;
+    }
+
+    return SSH_OK;
+}
+
 /**
  * @brief Get the exit status of the channel (error code from the executed
  *        instruction).
@@ -3308,21 +3487,19 @@ static int ssh_channel_exit_status_termination(void *c)
  * exit status.
  *
  * @see ssh_channel_exit_status_callback
+ * @deprecated Please use ssh_channel_exit_state()
  */
 int ssh_channel_get_exit_status(ssh_channel channel)
 {
-  int rc;
-  if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
-      return SSH_ERROR;
-  }
-  rc = ssh_handle_packets_termination(channel->session,
-                                      SSH_TIMEOUT_DEFAULT,
-                                      ssh_channel_exit_status_termination,
-                                      channel);
-  if (rc == SSH_ERROR || channel->session->session_state ==
-      SSH_SESSION_STATE_ERROR)
-    return SSH_ERROR;
-  return channel->exit_status;
+    uint32_t exit_status = (uint32_t)-1;
+    int rc;
+
+    rc = ssh_channel_get_exit_state(channel, &exit_status, NULL, NULL);
+    if (rc != SSH_OK) {
+        return SSH_ERROR;
+    }
+
+    return exit_status;
 }
 
 /*
@@ -3339,7 +3516,7 @@ channel_protocol_select(ssh_channel *rchans, ssh_channel *wchans,
                         ssh_channel *echans, ssh_channel *rout,
                         ssh_channel *wout, ssh_channel *eout)
 {
-  ssh_channel chan;
+  ssh_channel chan = NULL;
   int i;
   int j = 0;
 
@@ -3420,7 +3597,7 @@ static size_t count_ptrs(ssh_channel *ptrs)
 int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
                        ssh_channel *exceptchans, struct timeval * timeout)
 {
-  ssh_channel *rchans, *wchans, *echans;
+  ssh_channel *rchans = NULL, *wchans = NULL, *echans = NULL;
   ssh_channel dummy = NULL;
   ssh_event event = NULL;
   int rc;
@@ -3523,9 +3700,15 @@ int ssh_channel_select(ssh_channel *readchans, ssh_channel *writechans,
     firstround=0;
   } while(1);
 
-  memcpy(readchans, rchans, (count_ptrs(rchans) + 1) * sizeof(ssh_channel ));
-  memcpy(writechans, wchans, (count_ptrs(wchans) + 1) * sizeof(ssh_channel ));
-  memcpy(exceptchans, echans, (count_ptrs(echans) + 1) * sizeof(ssh_channel ));
+  if (readchans != &dummy) {
+      memcpy(readchans, rchans, (count_ptrs(rchans) + 1) * sizeof(ssh_channel));
+  }
+  if (writechans != &dummy) {
+      memcpy(writechans, wchans, (count_ptrs(wchans) + 1) * sizeof(ssh_channel));
+  }
+  if (exceptchans != &dummy) {
+      memcpy(exceptchans, echans, (count_ptrs(echans) + 1) * sizeof(ssh_channel));
+  }
   SAFE_FREE(rchans);
   SAFE_FREE(wchans);
   SAFE_FREE(echans);
@@ -3607,7 +3790,7 @@ int ssh_channel_write_stderr(ssh_channel channel, const void *data, uint32_t len
 int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost,
                                      int remoteport, const char *sourcehost, int localport)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   ssh_buffer payload = NULL;
   int rc = SSH_ERROR;
 
@@ -3641,7 +3824,7 @@ int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost
 pending:
   rc = channel_open(channel,
                     "forwarded-tcpip",
-                    CHANNEL_INITIAL_WINDOW,
+                    WINDOW_DEFAULT,
                     CHANNEL_MAX_PACKET,
                     payload);
 
@@ -3671,7 +3854,7 @@ int ssh_channel_open_reverse_forward(ssh_channel channel, const char *remotehost
 int ssh_channel_open_x11(ssh_channel channel,
                          const char *orig_addr, int orig_port)
 {
-  ssh_session session;
+  ssh_session session = NULL;
   ssh_buffer payload = NULL;
   int rc = SSH_ERROR;
 
@@ -3704,7 +3887,7 @@ int ssh_channel_open_x11(ssh_channel channel,
 pending:
   rc = channel_open(channel,
                     "x11",
-                    CHANNEL_INITIAL_WINDOW,
+                    WINDOW_DEFAULT,
                     CHANNEL_MAX_PACKET,
                     payload);
 
@@ -3809,4 +3992,4 @@ int ssh_channel_request_send_exit_signal(ssh_channel channel, const char *sig,
 
 #endif
 
-/* @} */
+/** @} */
diff --git a/libssh/src/client.c b/libssh/src/client.c
index a35a28e1..95c57efc 100644
--- a/libssh/src/client.c
+++ b/libssh/src/client.c
@@ -47,6 +47,12 @@
 #include "libssh/pki.h"
 #include "libssh/kex.h"
 
+#ifndef _WIN32
+#ifdef HAVE_PTHREAD
+extern int proxy_disconnect;
+#endif /* HAVE_PTHREAD */
+#endif /* _WIN32 */
+
 #define set_status(session, status) do {\
         if (session->common.callbacks && session->common.callbacks->connect_status_function) \
             session->common.callbacks->connect_status_function(session->common.callbacks->userdata, status); \
@@ -73,7 +79,7 @@ static void socket_callback_connected(int code, int errno_code, void *user)
 		return;
 	}
 
-	SSH_LOG(SSH_LOG_RARE,"Socket connection callback: %d (%d)",code, errno_code);
+	SSH_LOG(SSH_LOG_TRACE,"Socket connection callback: %d (%d)",code, errno_code);
 	if(code == SSH_SOCKET_CONNECTED_OK)
 		session->session_state=SSH_SESSION_STATE_SOCKET_CONNECTED;
 	else {
@@ -185,13 +191,13 @@ int ssh_send_banner(ssh_session session, int server)
     int rc = SSH_ERROR;
 
     if (server == 1) {
-        if (session->opts.custombanner == NULL){
+        if (session->server_opts.custombanner == NULL) {
             session->serverbanner = strdup(banner);
             if (session->serverbanner == NULL) {
                 goto end;
             }
         } else {
-            len = strlen(session->opts.custombanner);
+            len = strlen(session->server_opts.custombanner);
             session->serverbanner = malloc(len + 8 + 1);
             if(session->serverbanner == NULL) {
                 goto end;
@@ -199,7 +205,7 @@ int ssh_send_banner(ssh_session session, int server)
             snprintf(session->serverbanner,
                      len + 8 + 1,
                      "SSH-2.0-%s",
-                     session->opts.custombanner);
+                     session->server_opts.custombanner);
         }
 
         snprintf(buffer,
@@ -246,10 +252,13 @@ int ssh_send_banner(ssh_session session, int server)
  * @warning this function returning is no proof that DH handshake is
  * completed
  */
-static int dh_handshake(ssh_session session)
+int dh_handshake(ssh_session session)
 {
   int rc = SSH_AGAIN;
 
+  SSH_LOG(SSH_LOG_TRACE, "dh_handshake_state = %d, kex_type = %d",
+          session->dh_handshake_state,  session->next_crypto->kex_type);
+
   switch (session->dh_handshake_state) {
     case DH_STATE_INIT:
       switch(session->next_crypto->kex_type){
@@ -314,8 +323,13 @@ static int ssh_service_request_termination(void *s)
 }
 
 /**
- * @internal
+ * @addtogroup libssh_session
  *
+ * @{
+ */
+
+/**
+ * @internal
  * @brief Request a service from the SSH server.
  *
  * Service requests are for example: ssh-userauth, ssh-connection, etc.
@@ -376,12 +390,6 @@ int ssh_service_request(ssh_session session, const char *service)
   return rc;
 }
 
-/**
- * @addtogroup libssh_session
- *
- * @{
- */
-
 /**
  * @internal
  *
@@ -392,96 +400,100 @@ static void ssh_client_connection_callback(ssh_session session)
 {
     int rc;
 
-    switch(session->session_state) {
-        case SSH_SESSION_STATE_NONE:
-        case SSH_SESSION_STATE_CONNECTING:
-            break;
-        case SSH_SESSION_STATE_SOCKET_CONNECTED:
-            ssh_set_fd_towrite(session);
-            ssh_send_banner(session, 0);
+    SSH_LOG(SSH_LOG_DEBUG, "session_state=%d", session->session_state);
 
-            break;
-        case SSH_SESSION_STATE_BANNER_RECEIVED:
-            if (session->serverbanner == NULL) {
-                goto error;
-            }
-            set_status(session, 0.4f);
-            SSH_LOG(SSH_LOG_PROTOCOL,
-                    "SSH server banner: %s", session->serverbanner);
+    switch (session->session_state) {
+    case SSH_SESSION_STATE_NONE:
+    case SSH_SESSION_STATE_CONNECTING:
+        break;
+    case SSH_SESSION_STATE_SOCKET_CONNECTED:
+        ssh_set_fd_towrite(session);
+        ssh_send_banner(session, 0);
 
-            /* Here we analyze the different protocols the server allows. */
-            rc = ssh_analyze_banner(session, 0);
-            if (rc < 0) {
-                ssh_set_error(session, SSH_FATAL,
-                        "No version of SSH protocol usable (banner: %s)",
-                        session->serverbanner);
-                goto error;
-            }
+        break;
+    case SSH_SESSION_STATE_BANNER_RECEIVED:
+        if (session->serverbanner == NULL) {
+            goto error;
+        }
+        set_status(session, 0.4f);
+        SSH_LOG(SSH_LOG_DEBUG, "SSH server banner: %s", session->serverbanner);
 
-            ssh_packet_register_socket_callback(session, session->socket);
+        /* Here we analyze the different protocols the server allows. */
+        rc = ssh_analyze_banner(session, 0);
+        if (rc < 0) {
+            ssh_set_error(session, SSH_FATAL,
+                          "No version of SSH protocol usable (banner: %s)",
+                          session->serverbanner);
+            goto error;
+        }
+
+        ssh_packet_register_socket_callback(session, session->socket);
+
+        ssh_packet_set_default_callbacks(session);
+        session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
+        rc = ssh_set_client_kex(session);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        rc = ssh_send_kex(session);
+        if (rc < 0) {
+            goto error;
+        }
+        set_status(session, 0.5f);
 
-            ssh_packet_set_default_callbacks(session);
-            session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
+        break;
+    case SSH_SESSION_STATE_INITIAL_KEX:
+        /* TODO: This state should disappear in favor of get_key handle */
+        break;
+    case SSH_SESSION_STATE_KEXINIT_RECEIVED:
+        set_status(session, 0.6f);
+        ssh_list_kex(&session->next_crypto->server_kex);
+        if ((session->flags & SSH_SESSION_FLAG_KEXINIT_SENT) == 0) {
+            /* in rekeying state if next_crypto client_kex might be empty */
             rc = ssh_set_client_kex(session);
             if (rc != SSH_OK) {
                 goto error;
             }
-            rc = ssh_send_kex(session, 0);
+            rc = ssh_send_kex(session);
             if (rc < 0) {
                 goto error;
             }
-            set_status(session, 0.5f);
-
-            break;
-        case SSH_SESSION_STATE_INITIAL_KEX:
-            /* TODO: This state should disappear in favor of get_key handle */
-            break;
-        case SSH_SESSION_STATE_KEXINIT_RECEIVED:
-            set_status(session,0.6f);
-            ssh_list_kex(&session->next_crypto->server_kex);
-            if (session->next_crypto->client_kex.methods[0] == NULL) {
-                /* in rekeying state if next_crypto client_kex is empty */
-                rc = ssh_set_client_kex(session);
-                if (rc != SSH_OK) {
-                    goto error;
-                }
-                rc = ssh_send_kex(session, 0);
-                if (rc < 0) {
-                    goto error;
-                }
-            }
-            if (ssh_kex_select_methods(session) == SSH_ERROR)
-                goto error;
-            set_status(session,0.8f);
-            session->session_state=SSH_SESSION_STATE_DH;
-            if (dh_handshake(session) == SSH_ERROR) {
-                goto error;
-            }
-            FALL_THROUGH;
-        case SSH_SESSION_STATE_DH:
-            if(session->dh_handshake_state==DH_STATE_FINISHED){
-                set_status(session,1.0f);
-                session->connected = 1;
-                if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
-                    session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
-                else
-                    session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
-            }
-            break;
-        case SSH_SESSION_STATE_AUTHENTICATING:
-            break;
-        case SSH_SESSION_STATE_ERROR:
+        }
+        if (ssh_kex_select_methods(session) == SSH_ERROR)
             goto error;
-        default:
-            ssh_set_error(session,SSH_FATAL,"Invalid state %d",session->session_state);
+        set_status(session, 0.8f);
+        session->session_state = SSH_SESSION_STATE_DH;
+
+        /* If the init packet was already sent in previous step, this will be no
+         * operation */
+        if (dh_handshake(session) == SSH_ERROR) {
+            goto error;
+        }
+        FALL_THROUGH;
+    case SSH_SESSION_STATE_DH:
+        if (session->dh_handshake_state == DH_STATE_FINISHED) {
+            set_status(session, 1.0f);
+            session->connected = 1;
+            if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
+                session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
+            } else {
+                session->session_state = SSH_SESSION_STATE_AUTHENTICATING;
+            }
+        }
+        break;
+    case SSH_SESSION_STATE_AUTHENTICATING:
+        break;
+    case SSH_SESSION_STATE_ERROR:
+        goto error;
+    default:
+        ssh_set_error(session, SSH_FATAL, "Invalid state %d",
+                      session->session_state);
     }
 
     return;
 error:
-    ssh_socket_close(session->socket);
-    session->alive = 0;
-    session->session_state=SSH_SESSION_STATE_ERROR;
-
+    ssh_session_socket_close(session);
+    SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(session));
 }
 
 /** @internal
@@ -566,7 +578,7 @@ int ssh_connect(ssh_session session)
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL,
+    SSH_LOG(SSH_LOG_DEBUG,
             "libssh %s, using threading %s",
             ssh_copyright(),
             ssh_threads_get_type());
@@ -584,10 +596,22 @@ int ssh_connect(ssh_session session)
         ssh_socket_set_fd(session->socket, session->opts.fd);
         ret = SSH_OK;
 #ifndef _WIN32
+#ifdef HAVE_PTHREAD
+    } else if (ssh_libssh_proxy_jumps() &&
+               ssh_list_count(session->opts.proxy_jumps) != 0) {
+        ret = ssh_socket_connect_proxyjump(session->socket);
+#endif /* HAVE_PTHREAD */
+#endif /* _WIN32 */
     } else if (session->opts.ProxyCommand != NULL) {
+#ifdef WITH_EXEC
         ret = ssh_socket_connect_proxycommand(session->socket,
                 session->opts.ProxyCommand);
-#endif
+#else
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "The libssh is built without support for proxy commands.");
+        ret = SSH_ERROR;
+#endif /* WITH_EXEC */
     } else {
         ret = ssh_socket_connect(session->socket,
                                  session->opts.host,
@@ -601,7 +625,7 @@ int ssh_connect(ssh_session session)
     set_status(session, 0.2f);
 
     session->alive = 1;
-    SSH_LOG(SSH_LOG_PROTOCOL,
+    SSH_LOG(SSH_LOG_DEBUG,
             "Socket connecting, now waiting for the callbacks to work");
 
 pending:
@@ -692,6 +716,28 @@ int ssh_get_openssh_version(ssh_session session)
 
     return session->openssh;
 }
+
+/**
+ * @brief Most SSH connections will only ever request a single session, but an
+ * attacker may abuse a running ssh client to surreptitiously open
+ * additional sessions under their control. OpenSSH provides a global
+ * request "no-more-sessions@openssh.com" to mitigate this attack.
+ *
+ * @param[in]  session  The SSH session to use.
+ *
+ * @returns             SSH_OK on success, SSH_ERROR on error.
+ * @returns             SSH_AGAIN, if the session is in nonblocking mode,
+ *                      and call must be done again.
+ */
+int ssh_request_no_more_sessions(ssh_session session)
+{
+    if (session == NULL) {
+        return SSH_ERROR;
+    }
+
+    return ssh_global_request(session, "no-more-sessions@openssh.com", NULL, 1);
+}
+
 /**
  * @brief Add disconnect message when ssh_session is disconnected
  * To add a disconnect message to give peer a better hint.
@@ -725,14 +771,13 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
     return SSH_OK;
 }
 
-
 /**
  * @brief Disconnect from a session (client or server).
  *
  * The session can then be reused to open a new session.
  *
- * @note Note that this function wont close the socket if it was set with
- * @ssh_options_set and SSH_OPTIONS_FD. You're responsible for closing the
+ * @note Note that this function won't close the socket if it was set with
+ * ssh_options_set and SSH_OPTIONS_FD. You're responsible for closing the
  * socket. This is new behavior in libssh 0.10.
  *
  * @param[in]  session  The SSH session to use.
@@ -740,13 +785,23 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
 void
 ssh_disconnect(ssh_session session)
 {
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
     int rc;
 
     if (session == NULL) {
         return;
     }
 
+#ifndef _WIN32
+#ifdef HAVE_PTHREAD
+    /* Only send the disconnect to all other threads when the root session calls
+     * ssh_disconnect() */
+    if (session->proxy_root) {
+        proxy_disconnect = 1;
+    }
+#endif /* HAVE_PTHREAD */
+#endif /* _WIN32 */
+
     if (session->disconnect_message == NULL) {
         session->disconnect_message = strdup("Bye Bye") ;
         if (session->disconnect_message == NULL) {
@@ -768,10 +823,7 @@ ssh_disconnect(ssh_session session)
         }
 
         ssh_packet_send(session);
-        /* Do not close the socket, if the fd was set via options. */
-        if (session->opts.fd == SSH_INVALID_SOCKET) {
-            ssh_socket_close(session->socket);
-        }
+        ssh_session_socket_close(session);
     }
 
 error:
@@ -834,9 +886,16 @@ ssh_disconnect(ssh_session session)
     }
 }
 
+/**
+ * @brief Copyright information
+ *
+ * Returns copyright information
+ *
+ * @returns SSH_STRING copyright
+ */
 const char *ssh_copyright(void)
 {
-    return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2022 "
+    return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2025 "
            "Aris Adamantiadis, Andreas Schneider "
            "and libssh contributors. "
            "Distributed under the LGPL, please refer to COPYING "
diff --git a/libssh/src/config.c b/libssh/src/config.c
index 41ba1054..b4171efd 100644
--- a/libssh/src/config.c
+++ b/libssh/src/config.c
@@ -39,6 +39,11 @@
 # include <errno.h>
 # include <signal.h>
 # include <sys/wait.h>
+# include <net/if.h>
+# include <netinet/in.h>
+#endif
+#ifdef HAVE_IFADDRS_H
+#include <ifaddrs.h>
 #endif
 
 #include "libssh/config_parser.h"
@@ -92,7 +97,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "canonicalizehostname", SOC_UNSUPPORTED},
   { "canonicalizemaxdots", SOC_UNSUPPORTED},
   { "canonicalizepermittedcnames", SOC_UNSUPPORTED},
-  { "certificatefile", SOC_UNSUPPORTED},
+  { "certificatefile", SOC_CERTIFICATE},
   { "kbdinteractiveauthentication", SOC_UNSUPPORTED},
   { "checkhostip", SOC_UNSUPPORTED},
   { "connectionattempts", SOC_UNSUPPORTED},
@@ -103,7 +108,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "hostbasedauthentication", SOC_UNSUPPORTED},
   { "hostbasedacceptedalgorithms", SOC_UNSUPPORTED},
   { "hostkeyalias", SOC_UNSUPPORTED},
-  { "identitiesonly", SOC_UNSUPPORTED},
+  { "identitiesonly", SOC_IDENTITIESONLY},
   { "identityagent", SOC_IDENTITYAGENT},
   { "ipqos", SOC_UNSUPPORTED},
   { "kbdinteractivedevices", SOC_UNSUPPORTED},
@@ -160,7 +165,8 @@ enum ssh_config_match_e {
     MATCH_HOST,
     MATCH_ORIGINALHOST,
     MATCH_USER,
-    MATCH_LOCALUSER
+    MATCH_LOCALUSER,
+    MATCH_LOCALNETWORK
 };
 
 struct ssh_config_match_keyword_table_s {
@@ -168,16 +174,18 @@ struct ssh_config_match_keyword_table_s {
     enum ssh_config_match_e opcode;
 };
 
-static struct ssh_config_match_keyword_table_s ssh_config_match_keyword_table[] = {
-    { "all", MATCH_ALL },
-    { "canonical", MATCH_CANONICAL },
-    { "final", MATCH_FINAL },
-    { "exec", MATCH_EXEC },
-    { "host", MATCH_HOST },
-    { "originalhost", MATCH_ORIGINALHOST },
-    { "user", MATCH_USER },
-    { "localuser", MATCH_LOCALUSER },
-    { NULL, MATCH_UNKNOWN },
+static struct ssh_config_match_keyword_table_s
+    ssh_config_match_keyword_table[] = {
+        {"all", MATCH_ALL},
+        {"canonical", MATCH_CANONICAL},
+        {"final", MATCH_FINAL},
+        {"exec", MATCH_EXEC},
+        {"host", MATCH_HOST},
+        {"originalhost", MATCH_ORIGINALHOST},
+        {"user", MATCH_USER},
+        {"localuser", MATCH_LOCALUSER},
+        {"localnetwork", MATCH_LOCALNETWORK},
+        {NULL, MATCH_UNKNOWN},
 };
 
 static int ssh_config_parse_line(ssh_session session, const char *line,
@@ -203,7 +211,7 @@ local_parse_file(ssh_session session,
                  unsigned int depth,
                  bool global)
 {
-    FILE *f;
+    FILE *f = NULL;
     char line[MAX_LINE_SIZE] = {0};
     unsigned int count = 0;
     int rv;
@@ -299,20 +307,8 @@ ssh_config_match(char *value, const char *pattern, bool negate)
     return result;
 }
 
-#ifdef _WIN32
-static int
-ssh_match_exec(ssh_session session, const char *command, bool negate)
-{
-    (void) session;
-    (void) command;
-    (void) negate;
-
-    SSH_LOG(SSH_LOG_TRACE, "Unsupported 'exec' command on Windows '%s'",
-            command);
-    return 0;
-}
-#else /* _WIN32 */
-
+#ifdef WITH_EXEC
+/* FIXME reuse the ssh_execute_command() from socket.c */
 static int
 ssh_exec_shell(char *cmd)
 {
@@ -356,7 +352,7 @@ ssh_exec_shell(char *cmd)
         if (rc == -1) {
             SSH_LOG(SSH_LOG_WARN, "dup2: %s",
                     ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
-	    exit(1);
+            exit(1);
         }
         if (devnull > STDERR_FILENO) {
             close(devnull);
@@ -395,7 +391,7 @@ ssh_exec_shell(char *cmd)
         }
     }
     if (!WIFEXITED(status)) {
-        SSH_LOG(SSH_LOG_WARN, "Command %s exitted abnormally", cmd);
+        SSH_LOG(SSH_LOG_WARN, "Command %s exited abnormally", cmd);
         return -1;
     }
     SSH_LOG(SSH_LOG_TRACE, "Command '%s' returned %d", cmd, WEXITSTATUS(status));
@@ -425,12 +421,33 @@ ssh_match_exec(ssh_session session, const char *command, bool negate)
     free(cmd);
     return result;
 }
-#endif  /* _WIN32 */
+#else
+static int
+ssh_match_exec(ssh_session session, const char *command, bool negate)
+{
+    (void)session;
+    (void)command;
+    (void)negate;
+
+    SSH_LOG(SSH_LOG_TRACE,
+            "Unsupported 'exec' command on Windows '%s'",
+            command);
+    return 0;
+}
+#endif /* WITH_EXEC */
 
-/* @brief: Parse the ProxyJump configuration line and if parsing,
+/**
+ * @brief: Parse the ProxyJump configuration line and if parsing,
  * stores the result in the configuration option
+ *
+ * @param[in]   session    The ssh session
+ * @param[in]   s          The string to be parsed.
+ * @param[in]   do_parsing Whether to parse or not.
+ *
+ * @returns     SSH_OK if the provided string is formatted and parsed correctly
+ *              SSH_ERROR on failure
  */
-static int
+int
 ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
 {
     char *c = NULL, *cp = NULL, *endp = NULL;
@@ -439,12 +456,16 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
     char *port = NULL;
     char *next = NULL;
     int cmp, rv = SSH_ERROR;
+    struct ssh_jump_info_struct *jump_host = NULL;
     bool parse_entry = do_parsing;
+    bool libssh_proxy_jump = ssh_libssh_proxy_jumps();
 
     /* Special value none disables the proxy */
     cmp = strcasecmp(s, "none");
-    if (cmp == 0 && do_parsing) {
-        ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, s);
+    if (cmp == 0) {
+        if (!libssh_proxy_jump && do_parsing) {
+            ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, s);
+        }
         return SSH_OK;
     }
 
@@ -462,25 +483,65 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
             /* Split out the token */
             *endp = '\0';
         }
-        if (parse_entry) {
+        if (parse_entry && libssh_proxy_jump) {
+            jump_host = calloc(1, sizeof(struct ssh_jump_info_struct));
+            if (jump_host == NULL) {
+                ssh_set_error_oom(session);
+                rv = SSH_ERROR;
+                goto out;
+            }
+
+            rv = ssh_config_parse_uri(cp,
+                                      &jump_host->username,
+                                      &jump_host->hostname,
+                                      &port,
+                                      false);
+            if (rv != SSH_OK) {
+                ssh_set_error_invalid(session);
+                SAFE_FREE(jump_host);
+                goto out;
+            }
+            if (port == NULL) {
+                jump_host->port = 22;
+            } else {
+                jump_host->port = strtol(port, NULL, 10);
+                SAFE_FREE(port);
+            }
+
+            /* Prepend because we will recursively proxy jump */
+            rv = ssh_list_prepend(session->opts.proxy_jumps, jump_host);
+            if (rv != SSH_OK) {
+                ssh_set_error_oom(session);
+                SAFE_FREE(jump_host);
+                goto out;
+            }
+        } else if (parse_entry) {
             /* We actually care only about the first item */
-            rv = ssh_config_parse_uri(cp, &username, &hostname, &port);
+            rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false);
+            if (rv != SSH_OK) {
+                ssh_set_error_invalid(session);
+                goto out;
+            }
             /* The rest of the list needs to be passed on */
             if (endp != NULL) {
                 next = strdup(endp + 1);
                 if (next == NULL) {
                     ssh_set_error_oom(session);
                     rv = SSH_ERROR;
+                    goto out;
                 }
             }
         } else {
             /* The rest is just sanity-checked to avoid failures later */
-            rv = ssh_config_parse_uri(cp, NULL, NULL, NULL);
+            rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false);
+            if (rv != SSH_OK) {
+                ssh_set_error_invalid(session);
+                goto out;
+            }
         }
-        if (rv != SSH_OK) {
-            goto out;
+        if (!libssh_proxy_jump) {
+            parse_entry = 0;
         }
-        parse_entry = 0;
         if (endp != NULL) {
             cp = endp + 1;
         } else {
@@ -488,10 +549,10 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
         }
     } while (cp != NULL);
 
-    if (hostname != NULL && do_parsing) {
+    if (!libssh_proxy_jump && hostname != NULL && do_parsing) {
         char com[512] = {0};
 
-        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W [%%h]:%%p %s",
+        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W '[%%h]:%%p' %s",
                       username ? " -l " : "",
                       username ? username : "",
                       port ? " -p " : "",
@@ -500,15 +561,23 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
                       next ? next : "",
                       hostname);
         if (rv < 0 || rv >= (int)sizeof(com)) {
-            SSH_LOG(SSH_LOG_WARN, "Too long ProxyJump configuration line");
+            SSH_LOG(SSH_LOG_TRACE, "Too long ProxyJump configuration line");
             rv = SSH_ERROR;
             goto out;
         }
-        ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, com);
+        rv = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, com);
+        if (rv != SSH_OK) {
+            ssh_set_error_oom(session);
+            goto out;
+        }
     }
+
     rv = SSH_OK;
 
 out:
+    if (rv != SSH_OK) {
+        ssh_proxyjumps_free(session->opts.proxy_jumps);
+    }
     SAFE_FREE(username);
     SAFE_FREE(hostname);
     SAFE_FREE(port);
@@ -572,6 +641,99 @@ ssh_config_make_absolute(ssh_session session,
     return out;
 }
 
+#ifdef HAVE_IFADDRS_H
+/**
+ * @brief Checks if host address matches the local network specified.
+ *
+ * Verify whether a local network interface address matches any of the CIDR
+ * patterns.
+ *
+ * @param addrlist The CIDR pattern-list to be checked, can contain both
+ *                 IPv4 and IPv6 addresses and has to be comma separated
+ *                 (',' only, space after comma not allowed).
+ *
+ * @param negate   The negate condition. The return value is negated
+ *                 (returns 1 instead of 0 and vice versa).
+ *
+ * @return 1 if match found.
+ * @return 0 if no match found.
+ * @return -1 on errors.
+ */
+static int
+ssh_match_localnetwork(const char *addrlist, bool negate)
+{
+    struct ifaddrs *ifa = NULL, *ifaddrs = NULL;
+    int r, found = 0;
+    char address[NI_MAXHOST], err_msg[SSH_ERRNO_MSG_MAX] = {0};
+    socklen_t sa_len;
+
+    r = getifaddrs(&ifaddrs);
+    if (r != 0) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Match localnetwork: getifaddrs() failed: %s",
+                ssh_strerror(r, err_msg, SSH_ERRNO_MSG_MAX));
+        return -1;
+    }
+
+    for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
+        if (ifa->ifa_addr == NULL || (ifa->ifa_flags & IFF_UP) == 0) {
+            continue;
+        }
+
+        switch (ifa->ifa_addr->sa_family) {
+        case AF_INET:
+            sa_len = sizeof(struct sockaddr_in);
+            break;
+        case AF_INET6:
+            sa_len = sizeof(struct sockaddr_in6);
+            break;
+        default:
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Interface %s: unsupported address family %d",
+                    ifa->ifa_name,
+                    ifa->ifa_addr->sa_family);
+            continue;
+        }
+
+        r = getnameinfo(ifa->ifa_addr,
+                        sa_len,
+                        address,
+                        sizeof(address),
+                        NULL,
+                        0,
+                        NI_NUMERICHOST);
+        if (r != 0) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Interface %s getnameinfo failed: %s",
+                    ifa->ifa_name,
+                    gai_strerror(r));
+            continue;
+        }
+        SSH_LOG(SSH_LOG_TRACE,
+                "Interface %s address %s",
+                ifa->ifa_name,
+                address);
+
+        r = match_cidr_address_list(address,
+                                    addrlist,
+                                    ifa->ifa_addr->sa_family);
+        if (r == 1) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Matched interface %s: address %s in %s",
+                    ifa->ifa_name,
+                    address,
+                    addrlist);
+            found = 1;
+            break;
+        }
+    }
+
+    freeifaddrs(ifaddrs);
+
+    return (found == (negate ? 0 : 1));
+}
+#endif /* HAVE_IFADDRS_H */
+
 static int
 ssh_config_parse_line(ssh_session session,
                       const char *line,
@@ -623,7 +785,9 @@ ssh_config_parse_line(ssh_session session,
       opcode != SOC_MATCH &&
       opcode != SOC_INCLUDE &&
       opcode != SOC_IDENTITY &&
-      opcode > SOC_UNSUPPORTED) { /* Ignore all unknown types here */
+      opcode != SOC_CERTIFICATE &&
+      opcode > SOC_UNSUPPORTED &&
+      opcode < SOC_MAX) { /* Ignore all unknown types here */
       /* Skip all the options that were already applied */
       if (seen[opcode] != 0) {
           SAFE_FREE(x);
@@ -667,7 +831,7 @@ ssh_config_parse_line(ssh_session session,
                 break;
             }
             args++;
-            SSH_LOG(SSH_LOG_TRACE, "line %d: Processing Match keyword '%s'",
+            SSH_LOG(SSH_LOG_DEBUG, "line %d: Processing Match keyword '%s'",
                     count, p);
 
             /* If the option is prefixed with ! the result should be negated */
@@ -699,7 +863,7 @@ ssh_config_parse_line(ssh_session session,
 
             case MATCH_FINAL:
             case MATCH_CANONICAL:
-                SSH_LOG(SSH_LOG_INFO,
+                SSH_LOG(SSH_LOG_DEBUG,
                         "line %d: Unsupported Match keyword '%s', skipping",
                         count,
                         p);
@@ -711,13 +875,13 @@ ssh_config_parse_line(ssh_session session,
                 /* Skip one argument (including in quotes) */
                 p = ssh_config_get_token(&s);
                 if (p == NULL || p[0] == '\0') {
-                    SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword "
+                    SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword "
                             "'%s' requires argument", count, p2);
                     SAFE_FREE(x);
                     return -1;
                 }
                 if (result != 1) {
-                    SSH_LOG(SSH_LOG_INFO, "line %d: Skipped match exec "
+                    SSH_LOG(SSH_LOG_DEBUG, "line %d: Skipped match exec "
                             "'%s' as previous conditions already failed.",
                             count, p2);
                     continue;
@@ -730,15 +894,17 @@ ssh_config_parse_line(ssh_session session,
                 /* Here we match only one argument */
                 p = ssh_config_get_str_tok(&s, NULL);
                 if (p == NULL || p[0] == '\0') {
-                    ssh_set_error(session, SSH_FATAL,
-                                  "line %d: ERROR - Match user keyword "
-                                  "requires argument", count);
+                    ssh_set_error(session,
+                                  SSH_FATAL,
+                                  "line %d: ERROR - Match localuser keyword "
+                                  "requires argument",
+                                  count);
                     SAFE_FREE(x);
                     return -1;
                 }
                 localuser = ssh_get_local_username();
                 if (localuser == NULL) {
-                    SSH_LOG(SSH_LOG_WARN, "line %d: Can not get local username "
+                    SSH_LOG(SSH_LOG_TRACE, "line %d: Can not get local username "
                             "for conditional matching.", count);
                     SAFE_FREE(x);
                     return -1;
@@ -752,13 +918,13 @@ ssh_config_parse_line(ssh_session session,
                 /* Skip one argument */
                 p = ssh_config_get_str_tok(&s, NULL);
                 if (p == NULL || p[0] == '\0') {
-                    SSH_LOG(SSH_LOG_WARN, "line %d: Match keyword "
+                    SSH_LOG(SSH_LOG_TRACE, "line %d: Match keyword "
                             "'%s' requires argument", count, p2);
                     SAFE_FREE(x);
                     return -1;
                 }
                 args++;
-                SSH_LOG(SSH_LOG_INFO,
+                SSH_LOG(SSH_LOG_TRACE,
                         "line %d: Unsupported Match keyword '%s', ignoring",
                         count,
                         p2);
@@ -793,19 +959,68 @@ ssh_config_parse_line(ssh_session session,
                 args++;
                 break;
 
-            case MATCH_UNKNOWN:
-            default:
-                ssh_set_error(session, SSH_FATAL,
-                              "ERROR - Unknown argument '%s' for Match keyword", p);
+            case MATCH_LOCALNETWORK:
+                /* Here we match only one argument */
+                p = ssh_config_get_str_tok(&s, NULL);
+                if (p == NULL || p[0] == '\0') {
+                    ssh_set_error(session,
+                                  SSH_FATAL,
+                                  "line %d: ERROR - Match local network keyword"
+                                  "requires argument",
+                                  count);
+                    SAFE_FREE(x);
+                    return -1;
+                }
+#ifdef HAVE_IFADDRS_H
+                rv = match_cidr_address_list(NULL, p, -1);
+                if (rv == -1) {
+                    ssh_set_error(session,
+                                  SSH_FATAL,
+                                  "line %d: ERROR - List invalid entry: %s",
+                                  count,
+                                  p);
+                    SAFE_FREE(x);
+                    return -1;
+                }
+                rv = ssh_match_localnetwork(p, negate);
+                if (rv == -1) {
+                    ssh_set_error(session,
+                                  SSH_FATAL,
+                                  "line %d: ERROR - Error while retrieving "
+                                  "network interface information -"
+                                  " List entry: %s",
+                                  count,
+                                  p);
+                    SAFE_FREE(x);
+                    return -1;
+                }
+
+                result &= rv;
+#else /* HAVE_IFADDRS_H */
+                ssh_set_error(session,
+                              SSH_FATAL,
+                              "line %d: ERROR - match localnetwork "
+                              "not supported on this platform",
+                              count);
                 SAFE_FREE(x);
                 return -1;
+#endif /* HAVE_IFADDRS_H */
+                args++;
+                break;
+
+            case MATCH_UNKNOWN:
+            default:
+                SSH_LOG(SSH_LOG_WARN,
+                        "Unknown argument '%s' for Match keyword. Not matching",
+                        p);
+                result = 0;
+                break;
             }
         } while (p != NULL && p[0] != '\0');
         if (args == 0) {
-            ssh_set_error(session, SSH_FATAL,
-                          "ERROR - Match keyword requires an argument");
-            SAFE_FREE(x);
-            return -1;
+            SSH_LOG(SSH_LOG_WARN,
+                    "ERROR - Match keyword requires an argument. Not matching");
+            result = 0;
         }
         *parsing = result;
         break;
@@ -920,7 +1135,8 @@ ssh_config_parse_line(ssh_session session,
             return -1;
         }
         /* We share the seen value with the ProxyCommand */
-        rv = ssh_config_parse_proxy_jump(session, p,
+        rv = ssh_config_parse_proxy_jump(session,
+                                         p,
                                          (*parsing && !seen[SOC_PROXYCOMMAND]));
         if (rv != SSH_OK) {
             SAFE_FREE(x);
@@ -965,10 +1181,10 @@ ssh_config_parse_line(ssh_session session,
             if (strcasecmp(p, "quiet") == 0) {
                 value = SSH_LOG_NONE;
             } else if (strcasecmp(p, "fatal") == 0 ||
-                    strcasecmp(p, "error")== 0 ||
-                    strcasecmp(p, "info") == 0) {
+                    strcasecmp(p, "error")== 0) {
                 value = SSH_LOG_WARN;
-            } else if (strcasecmp(p, "verbose") == 0) {
+            } else if (strcasecmp(p, "verbose") == 0 ||
+                    strcasecmp(p, "info") == 0) {
                 value = SSH_LOG_INFO;
             } else if (strcasecmp(p, "DEBUG") == 0 ||
                     strcasecmp(p, "DEBUG1") == 0) {
@@ -1006,20 +1222,20 @@ ssh_config_parse_line(ssh_session session,
         if (p == NULL) {
             break;
         } else if (strcmp(p, "default") == 0) {
-            /* Default rekey limits enforced automaticaly */
+            /* Default rekey limits enforced automatically */
             ll = 0;
         } else {
             char *endp = NULL;
             ll = strtoll(p, &endp, 10);
             if (p == endp || ll < 0) {
                 /* No number or negative */
-                SSH_LOG(SSH_LOG_WARN, "Invalid argument to rekey limit");
+                SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit");
                 break;
             }
             switch (*endp) {
             case 'G':
                 if (ll > LLONG_MAX / 1024) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1027,7 +1243,7 @@ ssh_config_parse_line(ssh_session session,
                 FALL_THROUGH;
             case 'M':
                 if (ll > LLONG_MAX / 1024) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1035,7 +1251,7 @@ ssh_config_parse_line(ssh_session session,
                 FALL_THROUGH;
             case 'K':
                 if (ll > LLONG_MAX / 1024) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1051,7 +1267,7 @@ ssh_config_parse_line(ssh_session session,
                 break;
             }
             if (*endp != ' ' && *endp != '\0') {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "Invalid trailing characters after the rekey limit: %s",
                         endp);
                 break;
@@ -1072,14 +1288,14 @@ ssh_config_parse_line(ssh_session session,
             ll = strtoll(p, &endp, 10);
             if (p == endp || ll < 0) {
                 /* No number or negative */
-                SSH_LOG(SSH_LOG_WARN, "Invalid argument to rekey limit");
+                SSH_LOG(SSH_LOG_TRACE, "Invalid argument to rekey limit");
                 break;
             }
             switch (*endp) {
             case 'w':
             case 'W':
                 if (ll > LLONG_MAX / 7) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1088,7 +1304,7 @@ ssh_config_parse_line(ssh_session session,
             case 'd':
             case 'D':
                 if (ll > LLONG_MAX / 24) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1097,7 +1313,7 @@ ssh_config_parse_line(ssh_session session,
             case 'h':
             case 'H':
                 if (ll > LLONG_MAX / 60) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1106,7 +1322,7 @@ ssh_config_parse_line(ssh_session session,
             case 'm':
             case 'M':
                 if (ll > LLONG_MAX / 60) {
-                    SSH_LOG(SSH_LOG_WARN, "Possible overflow of rekey limit");
+                    SSH_LOG(SSH_LOG_TRACE, "Possible overflow of rekey limit");
                     ll = -1;
                     break;
                 }
@@ -1125,7 +1341,7 @@ ssh_config_parse_line(ssh_session session,
                 break;
             }
             if (*endp != '\0') {
-                SSH_LOG(SSH_LOG_WARN, "Invalid trailing characters after the"
+                SSH_LOG(SSH_LOG_TRACE, "Invalid trailing characters after the"
                         " rekey limit: %s", endp);
                 break;
             }
@@ -1161,15 +1377,15 @@ ssh_config_parse_line(ssh_session session,
         }
         break;
     case SOC_NA:
-      SSH_LOG(SSH_LOG_INFO, "Unapplicable option: %s, line: %d",
+      SSH_LOG(SSH_LOG_TRACE, "Unapplicable option: %s, line: %d",
               keyword, count);
       break;
     case SOC_UNSUPPORTED:
-      SSH_LOG(SSH_LOG_INFO, "Unsupported option: %s, line: %d",
+      SSH_LOG(SSH_LOG_RARE, "Unsupported option: %s, line: %d",
               keyword, count);
       break;
     case SOC_UNKNOWN:
-      SSH_LOG(SSH_LOG_INFO, "Unknown option: %s, line: %d",
+      SSH_LOG(SSH_LOG_TRACE, "Unknown option: %s, line: %d",
               keyword, count);
       break;
     case SOC_IDENTITYAGENT:
@@ -1178,6 +1394,51 @@ ssh_config_parse_line(ssh_session session,
           ssh_options_set(session, SSH_OPTIONS_IDENTITY_AGENT, p);
       }
       break;
+    case SOC_IDENTITIESONLY:
+      i = ssh_config_get_yesno(&s, -1);
+      if (i >= 0 && *parsing) {
+        bool b = i;
+        ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &b);
+      }
+      break;
+    case SOC_CONTROLMASTER:
+      p = ssh_config_get_str_tok(&s, NULL);
+      if (p && *parsing) {
+          int value = -1;
+
+          if (strcasecmp(p, "auto") == 0) {
+              value = SSH_CONTROL_MASTER_AUTO;
+          } else if (strcasecmp(p, "yes") == 0) {
+              value = SSH_CONTROL_MASTER_YES;
+          } else if (strcasecmp(p, "no") == 0) {
+              value = SSH_CONTROL_MASTER_NO;
+          } else if (strcasecmp(p, "autoask") == 0) {
+              value = SSH_CONTROL_MASTER_AUTOASK;
+          } else if (strcasecmp(p, "ask") == 0) {
+              value = SSH_CONTROL_MASTER_ASK;
+          }
+
+          if (value != -1) {
+              ssh_options_set(session, SSH_OPTIONS_CONTROL_MASTER, &value);
+          }
+      }
+      break;
+    case SOC_CONTROLPATH:
+      p = ssh_config_get_str_tok(&s, NULL);
+      if (p == NULL) {
+        SAFE_FREE(x);
+        return -1;
+      }
+      if (*parsing) {
+          ssh_options_set(session, SSH_OPTIONS_CONTROL_PATH, p);
+      }
+      break;
+    case SOC_CERTIFICATE:
+        p = ssh_config_get_str_tok(&s, NULL);
+        if (p && *parsing) {
+            ssh_options_set(session, SSH_OPTIONS_CERTIFICATE, p);
+        }
+        break;
     default:
       ssh_set_error(session, SSH_FATAL, "ERROR - unimplemented opcode: %d",
               opcode);
@@ -1201,7 +1462,7 @@ int ssh_config_parse_file(ssh_session session, const char *filename)
 {
     char line[MAX_LINE_SIZE] = {0};
     unsigned int count = 0;
-    FILE *f;
+    FILE *f = NULL;
     int parsing, rv;
     bool global = 0;
 
@@ -1260,12 +1521,12 @@ int ssh_config_parse_string(ssh_session session, const char *input)
         }
         if (c == NULL) {
             /* should not happen, would mean a string without trailing '\0' */
-            SSH_LOG(SSH_LOG_WARN, "No trailing '\\0' in config string");
+            SSH_LOG(SSH_LOG_TRACE, "No trailing '\\0' in config string");
             return SSH_ERROR;
         }
         line_len = c - line_start;
         if (line_len > MAX_LINE_SIZE - 1) {
-            SSH_LOG(SSH_LOG_WARN, "Line %u too long: %u characters",
+            SSH_LOG(SSH_LOG_TRACE, "Line %u too long: %u characters",
                     line_num, line_len);
             return SSH_ERROR;
         }
diff --git a/libssh/src/config_parser.c b/libssh/src/config_parser.c
index 2f91d39f..06264f84 100644
--- a/libssh/src/config_parser.c
+++ b/libssh/src/config_parser.c
@@ -30,16 +30,17 @@
 
 #include "libssh/config_parser.h"
 #include "libssh/priv.h"
+#include "libssh/misc.h"
 
 /* Returns the original string after skipping the leading whitespace
- * and optional quotes.
+ * until finding LF.
  * This is useful in case we need to get the rest of the line (for example
  * external command).
  */
 char *ssh_config_get_cmd(char **str)
 {
-    register char *c;
-    char *r;
+    register char *c = NULL;
+    char *r = NULL;
 
     /* Ignore leading spaces */
     for (c = *str; *c; c++) {
@@ -48,15 +49,6 @@ char *ssh_config_get_cmd(char **str)
         }
     }
 
-    if (*c == '\"') {
-        for (r = ++c; *c; c++) {
-            if (*c == '\"') {
-                *c = '\0';
-                goto out;
-            }
-        }
-    }
-
     for (r = c; *c; c++) {
         if (*c == '\n') {
             *c = '\0';
@@ -75,7 +67,7 @@ char *ssh_config_get_cmd(char **str)
  */
 char *ssh_config_get_token(char **str)
 {
-    register char *c;
+    register char *c = NULL;
     bool had_equal = false;
     char *r = NULL;
 
@@ -90,6 +82,13 @@ char *ssh_config_get_token(char **str)
     if (*c == '\"') {
         for (r = ++c; *c; c++) {
             if (*c == '\"' || *c == '\n') {
+                if (*c == '\"' && r != c && *(c - 1) == '\\') {
+                    /* Escaped quote: Move the remaining one char left */
+                    int remaining_len = strlen(c);
+                    memmove(c - 1, c, remaining_len);
+                    c[remaining_len - 1] = '\0';
+                    continue;
+                }
                 *c = '\0';
                 c++;
                 break;
@@ -124,7 +123,7 @@ char *ssh_config_get_token(char **str)
 
 long ssh_config_get_long(char **str, long notfound)
 {
-    char *p, *endp;
+    char *p = NULL, *endp = NULL;
     long i;
 
     p = ssh_config_get_token(str);
@@ -141,7 +140,7 @@ long ssh_config_get_long(char **str, long notfound)
 
 const char *ssh_config_get_str_tok(char **str, const char *def)
 {
-    char *p;
+    char *p = NULL;
 
     p = ssh_config_get_token(str);
     if (p && *p) {
@@ -153,7 +152,7 @@ const char *ssh_config_get_str_tok(char **str, const char *def)
 
 int ssh_config_get_yesno(char **str, int notfound)
 {
-    const char *p;
+    const char *p = NULL;
 
     p = ssh_config_get_str_tok(str, NULL);
     if (p == NULL) {
@@ -170,12 +169,14 @@ int ssh_config_get_yesno(char **str, int notfound)
 }
 
 int ssh_config_parse_uri(const char *tok,
-        char **username,
-        char **hostname,
-        char **port)
+                         char **username,
+                         char **hostname,
+                         char **port,
+                         bool ignore_port)
 {
     char *endp = NULL;
     long port_n;
+    int rc;
 
     /* Sanitize inputs */
     if (username != NULL) {
@@ -189,7 +190,7 @@ int ssh_config_parse_uri(const char *tok,
     }
 
     /* Username part (optional) */
-    endp = strchr(tok, '@');
+    endp = strrchr(tok, '@');
     if (endp != NULL) {
         /* Zero-length username is not valid */
         if (tok == endp) {
@@ -200,6 +201,10 @@ int ssh_config_parse_uri(const char *tok,
             if (*username == NULL) {
                 goto error;
             }
+            rc = ssh_check_username_syntax(*username);
+            if (rc != SSH_OK) {
+                goto error;
+            }
         }
         tok = endp + 1;
         /* If there is second @ character, this does not look like our URI */
@@ -217,12 +222,17 @@ int ssh_config_parse_uri(const char *tok,
         if (endp == NULL) {
             goto error;
         }
-    } else {
-        /* Hostnames or aliases expand to the last colon or to the end */
+    } else if (!ignore_port) {
+        /* Hostnames or aliases expand to the last colon (if port is requested)
+         * or to the end */
         endp = strrchr(tok, ':');
         if (endp == NULL) {
             endp = strchr(tok, '\0');
         }
+    } else {
+        /* If no port is requested, expand to the end of line
+         * (to accommodate the IPv6 addresses) */
+        endp = strchr(tok, '\0');
     }
     if (tok == endp) {
         /* Zero-length hostnames are not valid */
@@ -233,6 +243,14 @@ int ssh_config_parse_uri(const char *tok,
         if (*hostname == NULL) {
             goto error;
         }
+        /* if not an ip, check syntax */
+        rc = ssh_is_ipaddr(*hostname);
+        if (rc == 0) {
+            rc = ssh_check_hostname_syntax(*hostname);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+        }
     }
     /* Skip also the closing bracket */
     if (*endp == ']') {
@@ -246,7 +264,7 @@ int ssh_config_parse_uri(const char *tok,
         /* Verify the port is valid positive number */
         port_n = strtol(endp + 1, &port_end, 10);
         if (port_n < 1 || *port_end != '\0') {
-            SSH_LOG(SSH_LOG_WARN, "Failed to parse port number."
+            SSH_LOG(SSH_LOG_TRACE, "Failed to parse port number."
                     " The value '%ld' is invalid or there are some"
                     " trailing characters: '%s'", port_n, port_end);
             goto error;
diff --git a/libssh/src/connect.c b/libssh/src/connect.c
index 57e37e63..2cb64037 100644
--- a/libssh/src/connect.c
+++ b/libssh/src/connect.c
@@ -54,11 +54,6 @@
 #define NTDDI_VERSION 0x05010000 /* NTDDI_WINXP */
 #endif
 
-#if _MSC_VER >= 1400
-#include <io.h>
-#undef close
-#define close _close
-#endif /* _MSC_VER */
 #include <winsock2.h>
 #include <ws2tcpip.h>
 
@@ -136,7 +131,7 @@ static int getai(const char *host, int port, struct addrinfo **ai)
 #endif
     }
 
-    if (ssh_is_ipaddr(host)) {
+    if (ssh_is_ipaddr(host) == 1) {
         /* this is an IP address */
         SSH_LOG(SSH_LOG_PACKET, "host %s matches an IP address", host);
         hints.ai_flags |= AI_NUMERICHOST;
@@ -168,7 +163,7 @@ static int set_tcp_nodelay(socket_t socket)
 socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
                                       const char *bind_addr, int port)
 {
-    socket_t s = -1;
+    socket_t s = -1, first = -1;
     int rc;
     struct addrinfo *ai = NULL;
     struct addrinfo *itr = NULL;
@@ -194,8 +189,8 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
         }
 
         if (bind_addr) {
-            struct addrinfo *bind_ai;
-            struct addrinfo *bind_itr;
+            struct addrinfo *bind_ai = NULL;
+            struct addrinfo *bind_itr = NULL;
 
             SSH_LOG(SSH_LOG_PACKET, "Resolving %s", bind_addr);
 
@@ -258,12 +253,22 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
 
         errno = 0;
         rc = connect(s, itr->ai_addr, itr->ai_addrlen);
-        if (rc == -1 && (errno != 0) && (errno != EINPROGRESS)) {
-            ssh_set_error(session, SSH_FATAL,
-                          "Failed to connect: %s",
-                          ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
-            ssh_connect_socket_close(s);
-            s = -1;
+        if (rc == -1) {
+            if ((errno != 0) && (errno != EINPROGRESS)) {
+                ssh_set_error(session, SSH_FATAL,
+                              "Failed to connect: %s",
+                              ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
+                ssh_connect_socket_close(s);
+                s = -1;
+            } else {
+                if (first == -1) {
+                    first = s;
+                } else { /* errno == EINPROGRESS */
+                    /* save only the first "working" socket */
+                    ssh_connect_socket_close(s);
+                    s = -1;
+                }
+            }
             continue;
         }
 
@@ -272,6 +277,12 @@ socket_t ssh_connect_host_nonblocking(ssh_session session, const char *host,
 
     freeaddrinfo(ai);
 
+    /* first let's go through all the addresses looking for immediate
+     * connection, otherwise return the first address without error or error */
+    if (s == -1) {
+        s = first;
+    }
+
     return s;
 }
 
diff --git a/libssh/src/connector.c b/libssh/src/connector.c
index c9f2cf03..34faed7b 100644
--- a/libssh/src/connector.c
+++ b/libssh/src/connector.c
@@ -34,19 +34,7 @@
 #define CHUNKSIZE 4096
 #endif
 
-#ifdef _WIN32
-# ifdef HAVE_IO_H
-#  include <io.h>
-#  undef open
-#  define open _open
-#  undef close
-#  define close _close
-#  undef read
-#  define read _read
-#  undef unlink
-#  define unlink _unlink
-# endif /* HAVE_IO_H */
-#else
+#ifndef _WIN32
 # include <sys/types.h>
 # include <sys/socket.h>
 #endif
@@ -303,9 +291,11 @@ static void ssh_connector_fd_in_cb(ssh_connector connector)
                  * Loop around write in case the write blocks even for CHUNKSIZE
                  * bytes
                  */
-                while (total != r) {
-                    w = ssh_connector_fd_write(connector, buffer + total, r - total);
-                    if (w < 0){
+                while (total < r) {
+                    w = ssh_connector_fd_write(connector,
+                                               buffer + total,
+                                               r - total);
+                    if (w < 0) {
                         ssh_connector_except(connector, connector->out_fd);
                         return;
                     }
@@ -326,35 +316,40 @@ static void ssh_connector_fd_in_cb(ssh_connector connector)
 /** @internal
  * @brief Callback called when a poll event is received on an output fd
  */
-static void ssh_connector_fd_out_cb(ssh_connector connector){
+static void
+ssh_connector_fd_out_cb(ssh_connector connector)
+{
     unsigned char buffer[CHUNKSIZE];
     ssize_t r;
     ssize_t w;
     ssize_t total = 0;
-    SSH_LOG(SSH_LOG_TRACE, "connector POLLOUT event for fd %d", connector->out_fd);
+    SSH_LOG(SSH_LOG_TRACE, "connector POLLOUT event for fd %d",
+            connector->out_fd);
 
-    if(connector->in_available){
-        if (connector->in_channel != NULL){
-            r = ssh_channel_read_nonblocking(connector->in_channel, buffer, CHUNKSIZE, 0);
-            if(r == SSH_ERROR){
+    if (connector->in_available) {
+        if (connector->in_channel != NULL) {
+            r = ssh_channel_read_nonblocking(connector->in_channel, buffer,
+                                             CHUNKSIZE, 0);
+            if (r == SSH_ERROR) {
                 ssh_connector_except_channel(connector, connector->in_channel);
                 return;
-            } else if(r == 0 && ssh_channel_is_eof(connector->in_channel)){
+            } else if (r == 0 && ssh_channel_is_eof(connector->in_channel)) {
                 close(connector->out_fd);
                 connector->out_fd = SSH_INVALID_SOCKET;
                 return;
-            } else if(r>0) {
+            } else if (r > 0) {
                 /* loop around write in case the write blocks even for CHUNKSIZE bytes */
-                while (total != r){
-                        w = ssh_connector_fd_write(connector, buffer + total, r - total);
-                    if (w < 0){
+                while (total != r) {
+                    w = ssh_connector_fd_write(connector, buffer + total,
+                                               r - total);
+                    if (w < 0) {
                         ssh_connector_except(connector, connector->out_fd);
                         return;
                     }
                     total += w;
                 }
             }
-        } else if (connector->in_fd != SSH_INVALID_SOCKET){
+        } else if (connector->in_fd != SSH_INVALID_SOCKET) {
             /* fallback on the socket input callback */
             connector->out_wontblock = 1;
             ssh_connector_fd_in_cb(connector);
@@ -632,8 +627,9 @@ int ssh_connector_set_event(ssh_connector connector, ssh_event event)
     return rc;
 }
 
-int ssh_connector_remove_event(ssh_connector connector) {
-    ssh_session session;
+int ssh_connector_remove_event(ssh_connector connector)
+{
+    ssh_session session = NULL;
 
     if (connector->in_poll != NULL) {
         ssh_event_remove_poll(connector->event, connector->in_poll);
diff --git a/libssh/src/curve25519.c b/libssh/src/curve25519.c
index 6a930faf..3f57f25d 100644
--- a/libssh/src/curve25519.c
+++ b/libssh/src/curve25519.c
@@ -39,7 +39,7 @@
 #include "libssh/pki.h"
 #include "libssh/bignum.h"
 
-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
+#ifdef HAVE_LIBCRYPTO
 #include <openssl/err.h>
 #endif
 
@@ -59,7 +59,7 @@ static struct ssh_packet_callbacks_struct ssh_curve25519_client_callbacks = {
 static int ssh_curve25519_init(ssh_session session)
 {
     int rc;
-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
+#ifdef HAVE_LIBCRYPTO
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
     size_t pubkey_len = CURVE25519_PUBKEY_SIZE;
@@ -136,7 +136,7 @@ static int ssh_curve25519_init(ssh_session session)
         crypto_scalarmult_base(session->next_crypto->curve25519_client_pubkey,
                                session->next_crypto->curve25519_privkey);
     }
-#endif /* defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519) */
+#endif /* HAVE_LIBCRYPTO */
 
     return SSH_OK;
 }
@@ -172,11 +172,16 @@ int ssh_client_curve25519_init(ssh_session session)
     return rc;
 }
 
+void ssh_client_curve25519_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_curve25519_client_callbacks);
+}
+
 static int ssh_curve25519_build_k(ssh_session session)
 {
     ssh_curve25519_pubkey k;
 
-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519)
+#ifdef HAVE_LIBCRYPTO
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL, *pubkey = NULL;
     size_t shared_key_len = sizeof(k);
@@ -255,7 +260,7 @@ static int ssh_curve25519_build_k(ssh_session session)
         crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
                           session->next_crypto->curve25519_server_pubkey);
     }
-#endif /* defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_X25519) */
+#endif /* HAVE_LIBCRYPTO */
 
     bignum_bin2bn(k, CURVE25519_PUBKEY_SIZE, &session->next_crypto->shared_secret);
     if (session->next_crypto->shared_secret == NULL) {
@@ -285,7 +290,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
   (void)type;
   (void)user;
 
-  ssh_packet_remove_callbacks(session, &ssh_curve25519_client_callbacks);
+  ssh_client_curve25519_remove_callbacks(session);
 
   pubkey_blob = ssh_buffer_get_ssh_string(packet);
   if (pubkey_blob == NULL) {
@@ -330,16 +335,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
   }
 
   /* Send the MSG_NEWKEYS */
-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-    goto error;
-  }
-
-  rc=ssh_packet_send(session);
+  rc = ssh_packet_send_newkeys(session);
   if (rc == SSH_ERROR) {
     goto error;
   }
-
-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
 
   return SSH_PACKET_USED;
@@ -381,7 +380,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
     ssh_string q_s_string = NULL;
     ssh_string server_pubkey_blob = NULL;
 
-    /* SSH host keys (rsa,dsa,ecdsa) */
+    /* SSH host keys (rsa, ed25519 and ecdsa) */
     ssh_key privkey = NULL;
     enum ssh_digest_e digest = SSH_DIGEST_AUTO;
     ssh_string sig_blob = NULL;
@@ -408,8 +407,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
     memcpy(session->next_crypto->curve25519_client_pubkey,
            ssh_string_data(q_c_string), CURVE25519_PUBKEY_SIZE);
     SSH_STRING_FREE(q_c_string);
-    /* Build server's keypair */
 
+    /* Build server's key pair */
     rc = ssh_curve25519_init(session);
     if (rc != SSH_OK) {
         ssh_set_error(session, SSH_FATAL, "Failed to generate curve25519 keys");
@@ -491,24 +490,19 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
         goto error;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_ECDH_REPLY sent");
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_ECDH_REPLY sent");
     rc = ssh_packet_send(session);
     if (rc == SSH_ERROR) {
         return SSH_ERROR;
     }
 
-    /* Send the MSG_NEWKEYS */
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc < 0) {
-        goto error;
-    }
-
     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
+
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
     if (rc == SSH_ERROR) {
         goto error;
     }
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
 
     return SSH_PACKET_USED;
 error:
diff --git a/libssh/src/dh-gex.c b/libssh/src/dh-gex.c
index d0d2890b..46ba934e 100644
--- a/libssh/src/dh-gex.c
+++ b/libssh/src/dh-gex.c
@@ -37,7 +37,7 @@
 #include "libssh/buffer.h"
 #include "libssh/session.h"
 
-/* Minimum, recommanded and maximum size of DH group */
+/* Minimum, recommended and maximum size of DH group */
 #define DH_PMIN 2048
 #define DH_PREQ 2048
 #define DH_PMAX 8192
@@ -116,7 +116,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     (void) type;
     (void) user;
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_DH_GEX_GROUP received");
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_DH_GEX_GROUP received");
 
     if (bignum_ctx_invalid(ctx)) {
         goto error;
@@ -248,6 +248,11 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_group)
     return SSH_PACKET_USED;
 }
 
+void ssh_client_dhgex_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_dhgex_client_callbacks);
+}
+
 static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
 {
     struct ssh_crypto_struct *crypto=session->next_crypto;
@@ -256,9 +261,9 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
     bignum server_pubkey = NULL;
     (void)type;
     (void)user;
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEX_DH_GEX_REPLY received");
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEX_DH_GEX_REPLY received");
 
-    ssh_packet_remove_callbacks(session, &ssh_dhgex_client_callbacks);
+    ssh_client_dhgex_remove_callbacks(session);
     rc = ssh_buffer_unpack(packet,
                            "SBS",
                            &pubkey_blob, &server_pubkey,
@@ -292,15 +297,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
     }
 
     /* Send the MSG_NEWKEYS */
-    if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-        goto error;
-    }
-
-    rc = ssh_packet_send(session);
+    rc = ssh_packet_send_newkeys(session);
     if (rc == SSH_ERROR) {
         goto error;
     }
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
 
     return SSH_PACKET_USED;
@@ -435,7 +435,7 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli,
             if (rc == EOF) {
                 break;
             }
-            SSH_LOG(SSH_LOG_INFO, "Invalid moduli entry line %zu", line);
+            SSH_LOG(SSH_LOG_DEBUG, "Invalid moduli entry line %zu", line);
             do {
                 firstbyte = getc(moduli);
             } while(firstbyte != '\n' && firstbyte != EOF);
@@ -450,10 +450,9 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli,
         proposed_size = size + 1;
         if (proposed_size != *best_size &&
             dhgroup_better_size(pmin, pn, pmax, *best_size, proposed_size)) {
-            best_nlines = 0;
+            best_nlines = 1;
             *best_size = proposed_size;
-        }
-        if (proposed_size == *best_size) {
+        } else if (proposed_size == *best_size) {
             best_nlines++;
         }
 
@@ -473,14 +472,14 @@ static int ssh_retrieve_dhgroup_file(FILE *moduli,
         }
     }
     if (*best_size != 0) {
-        SSH_LOG(SSH_LOG_INFO,
+        SSH_LOG(SSH_LOG_DEBUG,
                 "Selected %zu bits modulus out of %zu candidates in %zu lines",
                 *best_size,
                 best_nlines - 1,
                 line);
     } else {
-        SSH_LOG(SSH_LOG_WARNING,
-                "No moduli found for [%u:%u:%u]",
+        SSH_LOG(SSH_LOG_DEBUG,
+                "No moduli found for [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "]",
                 pmin,
                 pn,
                 pmax);
@@ -526,7 +525,7 @@ static int ssh_retrieve_dhgroup(char *moduli_file,
 
     if (moduli == NULL) {
         char err_msg[SSH_ERRNO_MSG_MAX] = {0};
-        SSH_LOG(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_DEBUG,
                 "Unable to open moduli file: %s",
                 ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
                 return ssh_fallback_group(pmax, p, g);
@@ -572,12 +571,12 @@ static int ssh_retrieve_dhgroup(char *moduli_file,
 static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request);
 static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_init);
 
-static ssh_packet_callback dhgex_server_callbacks[]= {
-    NULL, /* SSH_MSG_KEX_DH_GEX_REQUEST_OLD */
-    NULL, /* SSH_MSG_KEX_DH_GEX_GROUP */
+static ssh_packet_callback dhgex_server_callbacks[] = {
+    NULL,                           /* SSH_MSG_KEX_DH_GEX_REQUEST_OLD */
+    NULL,                           /* SSH_MSG_KEX_DH_GEX_GROUP */
     ssh_packet_server_dhgex_init,   /* SSH_MSG_KEX_DH_GEX_INIT */
     NULL,                           /* SSH_MSG_KEX_DH_GEX_REPLY */
-    ssh_packet_server_dhgex_request /* SSH_MSG_GEX_DH_GEX_REQUEST */
+    ssh_packet_server_dhgex_request /* SSH_MSG_KEX_DH_GEX_REQUEST */
 
 };
 
@@ -621,12 +620,12 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
         ssh_set_error_invalid(session);
         goto error;
     }
-    SSH_LOG(SSH_LOG_INFO, "dh-gex: DHGEX_REQUEST[%u:%u:%u]", pmin, pn, pmax);
+    SSH_LOG(SSH_LOG_DEBUG, "dh-gex: DHGEX_REQUEST[%" PRIu32 ":%" PRIu32 ":%" PRIu32 "]", pmin, pn, pmax);
 
     if (pmin > pn || pn > pmax || pn > DH_PMAX || pmax < DH_PMIN) {
         ssh_set_error(session,
                       SSH_FATAL,
-                      "Invalid dh-gex arguments [%u:%u:%u]",
+                      "Invalid dh-gex arguments [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "]",
                       pmin,
                       pn,
                       pmax);
@@ -643,7 +642,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
             pn = pmin;
         }
     }
-    rc = ssh_retrieve_dhgroup(session->opts.moduli_file,
+    rc = ssh_retrieve_dhgroup(session->server_opts.moduli_file,
                               pmin,
                               pn,
                               pmax,
@@ -653,7 +652,7 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_dhgex_request)
     if (rc == SSH_ERROR) {
         ssh_set_error(session,
                       SSH_FATAL,
-                      "Couldn't find DH group for [%u:%u:%u]",
+                      "Couldn't find DH group for [%" PRIu32 ":%" PRIu32 ":%" PRIu32 "]",
                       pmin,
                       pn,
                       pmax);
diff --git a/libssh/src/dh.c b/libssh/src/dh.c
index 1251eb64..e19e43d1 100644
--- a/libssh/src/dh.c
+++ b/libssh/src/dh.c
@@ -25,6 +25,8 @@
 
 #include "config.h"
 
+#include <stdio.h>
+
 #include "libssh/priv.h"
 #include "libssh/crypto.h"
 #include "libssh/buffer.h"
@@ -352,6 +354,11 @@ int ssh_client_dh_init(ssh_session session){
   return SSH_ERROR;
 }
 
+void ssh_client_dh_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_dh_client_callbacks);
+}
+
 SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
   struct ssh_crypto_struct *crypto=session->next_crypto;
   ssh_string pubkey_blob = NULL;
@@ -361,7 +368,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
   (void)type;
   (void)user;
 
-  ssh_packet_remove_callbacks(session, &ssh_dh_client_callbacks);
+  ssh_client_dh_remove_callbacks(session);
 
   rc = ssh_buffer_unpack(packet, "SBS", &pubkey_blob, &server_pubkey,
           &crypto->dh_server_signature);
@@ -391,16 +398,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
   }
 
   /* Send the MSG_NEWKEYS */
-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-    goto error;
-  }
-
-  rc=ssh_packet_send(session);
+  rc = ssh_packet_send_newkeys(session);
   if (rc == SSH_ERROR) {
     goto error;
   }
-
-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
   return SSH_PACKET_USED;
 error:
@@ -544,15 +545,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
     }
     SSH_LOG(SSH_LOG_DEBUG, "Sent KEX_DH_[GEX]_REPLY");
 
-    if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-        ssh_buffer_reinit(session->out_buffer);
-        goto error;
-    }
     session->dh_handshake_state=DH_STATE_NEWKEYS_SENT;
-    if (ssh_packet_send(session) == SSH_ERROR) {
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
         goto error;
     }
-    SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_NEWKEYS sent");
 
     return SSH_OK;
 error:
diff --git a/libssh/src/dh_crypto.c b/libssh/src/dh_crypto.c
index a847c6a2..cedfbc81 100644
--- a/libssh/src/dh_crypto.c
+++ b/libssh/src/dh_crypto.c
@@ -154,12 +154,9 @@ int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer,
 #endif /* OPENSSL_VERSION_NUMBER */
 
 int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
-                            const bignum priv, const bignum pub)
+                            bignum priv, bignum pub)
 {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    bignum priv_key = NULL;
-    bignum pub_key = NULL;
-#else
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     int rc;
     OSSL_PARAM *params = NULL, *out_params = NULL, *merged_params = NULL;
     OSSL_PARAM_BLD *param_bld = NULL;
@@ -172,7 +169,11 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
         return SSH_ERROR;
     }
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    (void)DH_set0_key(ctx->keypair[peer], pub, priv);
+
+    return SSH_OK;
+#else
     rc = EVP_PKEY_todata(ctx->keypair[peer], EVP_PKEY_KEYPAIR, &out_params);
     if (rc != 1) {
         return SSH_ERROR;
@@ -195,35 +196,22 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
         rc = SSH_ERROR;
         goto out;
     }
-#endif /* OPENSSL_VERSION_NUMBER */
 
     if (priv) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        priv_key = priv;
-#else
         rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv);
         if (rc != 1) {
             rc = SSH_ERROR;
             goto out;
         }
-#endif /* OPENSSL_VERSION_NUMBER */
     }
     if (pub) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        pub_key = pub;
-#else
         rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pub);
         if (rc != 1) {
             rc = SSH_ERROR;
             goto out;
         }
-#endif /* OPENSSL_VERSION_NUMBER */
     }
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    (void)DH_set0_key(ctx->keypair[peer], pub_key, priv_key);
 
-    return SSH_OK;
-#else
     params = OSSL_PARAM_BLD_to_param(param_bld);
     if (params == NULL) {
         rc = SSH_ERROR;
@@ -248,6 +236,8 @@ int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer,
 
     rc = SSH_OK;
 out:
+    bignum_safe_free(priv);
+    bignum_safe_free(pub);
     EVP_PKEY_CTX_free(evp_ctx);
     OSSL_PARAM_free(out_params);
     OSSL_PARAM_free(params);
@@ -341,8 +331,16 @@ int ssh_dh_set_parameters(struct dh_ctx *ctx,
             goto done;
         }
 
-        OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
-        OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
+        rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, modulus);
+        if (rc != 1) {
+            rc = SSH_ERROR;
+            goto done;
+        }
+        rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, generator);
+        if (rc != 1) {
+            rc = SSH_ERROR;
+            goto done;
+        }
         params = OSSL_PARAM_BLD_to_param(param_bld);
         if (params == NULL) {
             OSSL_PARAM_BLD_free(param_bld);
@@ -406,9 +404,14 @@ int ssh_dh_set_parameters(struct dh_ctx *ctx,
  */
 int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
 {
-    struct dh_ctx *ctx;
+    struct dh_ctx *ctx = NULL;
     int rc;
 
+    /* Cleanup any previously allocated dh_ctx */
+    if (crypto->dh_ctx != NULL) {
+        ssh_dh_cleanup(crypto);
+    }
+
     ctx = calloc(1, sizeof(*ctx));
     if (ctx == NULL) {
         return SSH_ERROR;
@@ -458,7 +461,8 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
 /** @internal
  * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
  *        security as well as the corresponding public key.
- * @param[out] parms a dh_ctx that will hold the new keys.
+ *
+ * @param[out] params a dh_ctx that will hold the new keys.
  * @param peer Select either client or server key storage. Valid values are:
  *        DH_CLIENT_KEYPAIR or DH_SERVER_KEYPAIR
  *
diff --git a/libssh/src/dh_key.c b/libssh/src/dh_key.c
index bda54b17..d9743ceb 100644
--- a/libssh/src/dh_key.c
+++ b/libssh/src/dh_key.c
@@ -237,6 +237,11 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
     struct dh_ctx *ctx = NULL;
     int rc;
 
+    /* Cleanup any previously allocated dh_ctx */
+    if (crypto->dh_ctx != NULL) {
+        ssh_dh_cleanup(crypto);
+    }
+
     ctx = calloc(1, sizeof(*ctx));
     if (ctx == NULL) {
         return SSH_ERROR;
@@ -289,8 +294,10 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
 /** @internal
  * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
  *        security as well as the corresponding public key.
- * @param[out] parms a dh_kex paramters structure with preallocated bignum
+ *
+ * @param[out] params a dh_kex parameters structure with preallocated bignum
  *             where to store the parameters
+ *
  * @return SSH_OK on success, SSH_ERROR on error
  */
 int ssh_dh_keypair_gen_keys(struct dh_ctx *dh_ctx, int peer)
diff --git a/libssh/src/ecdh.c b/libssh/src/ecdh.c
index a4c07ccb..af80beec 100644
--- a/libssh/src/ecdh.c
+++ b/libssh/src/ecdh.c
@@ -43,6 +43,11 @@ struct ssh_packet_callbacks_struct ssh_ecdh_client_callbacks = {
     .user = NULL
 };
 
+void ssh_client_ecdh_remove_callbacks(ssh_session session)
+{
+    ssh_packet_remove_callbacks(session, &ssh_ecdh_client_callbacks);
+}
+
 /** @internal
  * @brief parses a SSH_MSG_KEX_ECDH_REPLY packet and sends back
  * a SSH_MSG_NEWKEYS
@@ -55,7 +60,7 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){
   (void)type;
   (void)user;
 
-  ssh_packet_remove_callbacks(session, &ssh_ecdh_client_callbacks);
+  ssh_client_ecdh_remove_callbacks(session);
   pubkey_blob = ssh_buffer_get_ssh_string(packet);
   if (pubkey_blob == NULL) {
     ssh_set_error(session,SSH_FATAL, "No public key in packet");
@@ -88,16 +93,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){
   }
 
   /* Send the MSG_NEWKEYS */
-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
-    goto error;
-  }
-
-  rc=ssh_packet_send(session);
+  rc = ssh_packet_send_newkeys(session);
   if (rc == SSH_ERROR) {
     goto error;
   }
-
-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
 
   return SSH_PACKET_USED;
diff --git a/libssh/src/ecdh_crypto.c b/libssh/src/ecdh_crypto.c
index 51084b7a..fb707c32 100644
--- a/libssh/src/ecdh_crypto.c
+++ b/libssh/src/ecdh_crypto.c
@@ -30,16 +30,14 @@
 
 #ifdef HAVE_ECDH
 #include <openssl/ecdh.h>
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 #define NISTP256 NID_X9_62_prime256v1
 #define NISTP384 NID_secp384r1
 #define NISTP521 NID_secp521r1
 #else
+#include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/param_build.h>
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #include "libcrypto-compat.h"
@@ -48,11 +46,7 @@
 /** @internal
  * @brief Map the given key exchange enum value to its curve name.
  */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
 #else
 static const char *ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
@@ -64,183 +58,197 @@ static const char *ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
     } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP521) {
         return NISTP521;
     }
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     return SSH_ERROR;
 #else
     return NULL;
 #endif
 }
 
-/** @internal
- * @brief Starts ecdh-sha2-nistp256 key exchange
+/* @internal
+ * @brief Generate ECDH key pair for ecdh key exchange and store it in the
+ * session->next_crypto structure
  */
-int ssh_client_ecdh_init(ssh_session session){
-  int rc;
-  ssh_string client_pubkey;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-  EC_KEY *key;
-  const EC_GROUP *group;
-  const EC_POINT *pubkey;
-  int curve;
-  int len;
-  bignum_CTX ctx = BN_CTX_new();
-  if (ctx == NULL) {
-      return SSH_ERROR;
-  }
+static ssh_string ssh_ecdh_generate(ssh_session session)
+{
+    ssh_string pubkey_string = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    const EC_POINT *point = NULL;
+    const EC_GROUP *group = NULL;
+    EC_KEY *key = NULL;
+    int curve;
 #else
-  const char *curve = NULL;
-  EVP_PKEY *key = NULL;
-  OSSL_PARAM *out_params = NULL;
-  const OSSL_PARAM *pubkey_param = NULL;
-  const uint8_t *pubkey = NULL;
-  size_t pubkey_len;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-  rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT);
-  if (rc < 0) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-      BN_CTX_free(ctx);
+    EC_POINT *point = NULL;
+    EC_GROUP *group = NULL;
+    const char *curve = NULL;
+    EVP_PKEY *key = NULL;
+    OSSL_PARAM *out_params = NULL;
+    const OSSL_PARAM *pubkey_param = NULL;
+    const void *pubkey = NULL;
+    size_t pubkey_len;
+    int nid;
+    int rc;
 #endif /* OPENSSL_VERSION_NUMBER */
-      return SSH_ERROR;
-  }
 
-  curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-  if (curve == SSH_ERROR) {
-      BN_CTX_free(ctx);
-      return SSH_ERROR;
-  }
+    curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    if (curve == SSH_ERROR) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to get curve name");
+        return NULL;
+    }
 
-  key = EC_KEY_new_by_curve_name(curve);
+    key = EC_KEY_new_by_curve_name(curve);
 #else
-  if (curve == NULL) {
-      return SSH_ERROR;
-  }
-
-  key = EVP_EC_gen(curve);
-#endif /* OPENSSL_VERSION_NUMBER */
+    if (curve == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to get curve name");
+        return NULL;
+    }
 
-  if (key == NULL) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-      BN_CTX_free(ctx);
+    key = EVP_EC_gen(curve);
 #endif /* OPENSSL_VERSION_NUMBER */
-      return SSH_ERROR;
-  }
+    if (key == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to generate key");
+        return NULL;
+    }
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-  group = EC_KEY_get0_group(key);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    group = EC_KEY_get0_group(key);
 
-  EC_KEY_generate_key(key);
+    EC_KEY_generate_key(key);
 
-  pubkey=EC_KEY_get0_public_key(key);
-  len = EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED,
-      NULL,0,ctx);
+    point = EC_KEY_get0_public_key(key);
 
-  client_pubkey = ssh_string_new(len);
-  if (client_pubkey == NULL) {
-      BN_CTX_free(ctx);
-      EC_KEY_free(key);
-      return SSH_ERROR;
-  }
-
-  EC_POINT_point2oct(group,pubkey,POINT_CONVERSION_UNCOMPRESSED,
-      ssh_string_data(client_pubkey),len,ctx);
-  BN_CTX_free(ctx);
+    pubkey_string = pki_key_make_ecpoint_string(group, point);
 #else
-  rc = EVP_PKEY_todata(key, EVP_PKEY_PUBLIC_KEY, &out_params);
-  if (rc != 1) {
-      EVP_PKEY_free(key);
-      return SSH_ERROR;
-  }
+    rc = EVP_PKEY_todata(key, EVP_PKEY_PUBLIC_KEY, &out_params);
+    if (rc != 1) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to export public key");
+        EVP_PKEY_free(key);
+        return NULL;
+    }
 
-  pubkey_param = OSSL_PARAM_locate_const(out_params, OSSL_PKEY_PARAM_PUB_KEY);
-  if (pubkey_param == NULL) {
-      EVP_PKEY_free(key);
-      OSSL_PARAM_free(out_params);
-      return SSH_ERROR;
-  }
+    pubkey_param = OSSL_PARAM_locate_const(out_params, OSSL_PKEY_PARAM_PUB_KEY);
+    if (pubkey_param == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to find public key");
+        EVP_PKEY_free(key);
+        OSSL_PARAM_free(out_params);
+        return NULL;
+    }
 
-  rc = OSSL_PARAM_get_octet_string_ptr(pubkey_param,
-                                       (const void**)&pubkey,
-                                       &pubkey_len);
-  if (rc != 1) {
-      OSSL_PARAM_free(out_params);
-      EVP_PKEY_free(key);
-      return SSH_ERROR;
-  }
+    rc = OSSL_PARAM_get_octet_string_ptr(pubkey_param,
+                                         (const void**)&pubkey,
+                                         &pubkey_len);
+    if (rc != 1) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to read public key");
+        OSSL_PARAM_free(out_params);
+        EVP_PKEY_free(key);
+        return NULL;
+    }
 
-  client_pubkey = ssh_string_new(pubkey_len);
-  if (client_pubkey == NULL) {
-      OSSL_PARAM_free(out_params);
-      EVP_PKEY_free(key);
-      return SSH_ERROR;
-  }
+    /* Convert the data to low-level representation */
+    nid = pki_key_ecgroup_name_to_nid(curve);
+    group = EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
+    if (group == NULL) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Could not create group: %s",
+                      ERR_error_string(ERR_get_error(), NULL));
+        OSSL_PARAM_free(out_params);
+        EVP_PKEY_free(key);
+        return NULL;
+    }
+    point = EC_POINT_new(group);
+    if (point == NULL) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Could not create point: %s",
+                      ERR_error_string(ERR_get_error(), NULL));
+        EC_GROUP_free(group);
+        OSSL_PARAM_free(out_params);
+        EVP_PKEY_free(key);
+        return NULL;
+    }
+    rc = EC_POINT_oct2point(group, point, pubkey, pubkey_len, NULL);
+    OSSL_PARAM_free(out_params);
+    if (rc != 1) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to export public key");
+        EC_GROUP_free(group);
+        EC_POINT_free(point);
+        EVP_PKEY_free(key);
+        return NULL;
+    }
 
-  memcpy(ssh_string_data(client_pubkey), pubkey, pubkey_len);
-  OSSL_PARAM_free(out_params);
+    pubkey_string = pki_key_make_ecpoint_string(group, point);
+    EC_GROUP_free(group);
+    EC_POINT_free(point);
 #endif /* OPENSSL_VERSION_NUMBER */
-
-  rc = ssh_buffer_add_ssh_string(session->out_buffer,client_pubkey);
-  if (rc < 0) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-      EC_KEY_free(key);
+    if (pubkey_string == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to convert public key");
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+        EC_KEY_free(key);
 #else
-      EVP_PKEY_free(key);
+        EVP_PKEY_free(key);
 #endif /* OPENSSL_VERSION_NUMBER */
-      SSH_STRING_FREE(client_pubkey);
-      return SSH_ERROR;
-  }
+        return NULL;
+    }
+
+    /* Free any previously allocated privkey */
+    if (session->next_crypto->ecdh_privkey != NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+        EC_KEY_free(session->next_crypto->ecdh_privkey);
+#else
+        EVP_PKEY_free(session->next_crypto->ecdh_privkey);
+#endif
+        session->next_crypto->ecdh_privkey = NULL;
+    }
+
+    session->next_crypto->ecdh_privkey = key;
+    return pubkey_string;
+}
 
-  session->next_crypto->ecdh_privkey = key;
-  session->next_crypto->ecdh_client_pubkey = client_pubkey;
+/** @internal
+ * @brief Starts ecdh-sha2-nistp256 key exchange
+ */
+int ssh_client_ecdh_init(ssh_session session)
+{
+    ssh_string client_pubkey = NULL;
+    int rc;
 
-  /* register the packet callbacks */
-  ssh_packet_set_callbacks(session, &ssh_ecdh_client_callbacks);
-  session->dh_handshake_state = DH_STATE_INIT_SENT;
+    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_KEX_ECDH_INIT);
+    if (rc < 0) {
+        return SSH_ERROR;
+    }
 
-  rc = ssh_packet_send(session);
+    client_pubkey = ssh_ecdh_generate(session);
+    if (client_pubkey == NULL) {
+        return SSH_ERROR;
+    }
 
-  return rc;
+    rc = ssh_buffer_add_ssh_string(session->out_buffer, client_pubkey);
+    if (rc < 0) {
+        ssh_string_free(client_pubkey);
+        return SSH_ERROR;
+    }
+
+    ssh_string_free(session->next_crypto->ecdh_client_pubkey);
+    session->next_crypto->ecdh_client_pubkey = client_pubkey;
+
+    /* register the packet callbacks */
+    ssh_packet_set_callbacks(session, &ssh_ecdh_client_callbacks);
+    session->dh_handshake_state = DH_STATE_INIT_SENT;
+
+    rc = ssh_packet_send(session);
+
+    return rc;
 }
 
-int ecdh_build_k(ssh_session session) {
+int ecdh_build_k(ssh_session session)
+{
   struct ssh_crypto_struct *next_crypto = session->next_crypto;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
- #if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
   const EC_GROUP *group = EC_KEY_get0_group(next_crypto->ecdh_privkey);
-  EC_POINT *pubkey;
-  void *buffer;
+  EC_POINT *pubkey = NULL;
+  void *buffer = NULL;
   int rc;
   int len = (EC_GROUP_get_degree(group) + 7) / 8;
   bignum_CTX ctx = bignum_ctx_new();
@@ -292,59 +300,86 @@ int ecdh_build_k(ssh_session session) {
   bignum_bin2bn(buffer, len, &next_crypto->shared_secret);
   free(buffer);
 #else
+  const char *curve = NULL;
   EVP_PKEY *pubkey = NULL;
   void *secret = NULL;
   size_t secret_len;
   int rc;
-  OSSL_PARAM params[2];
+  ssh_string peer_pubkey = NULL;
+  OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
   EVP_PKEY_CTX *dh_ctx = EVP_PKEY_CTX_new_from_pkey(NULL,
                                                     next_crypto->ecdh_privkey,
                                                     NULL);
-  EVP_PKEY_CTX *pubkey_ctx = EVP_PKEY_CTX_new_from_pkey(NULL,
-                                                        next_crypto->ecdh_privkey,
-                                                        NULL);
-  if (dh_ctx == NULL || pubkey_ctx == NULL) {
+
+  if (dh_ctx == NULL || param_bld == NULL) {
+      ssh_set_error_oom(session);
       EVP_PKEY_CTX_free(dh_ctx);
-      EVP_PKEY_CTX_free(pubkey_ctx);
+      OSSL_PARAM_BLD_free(param_bld);
       return -1;
   }
 
   rc = EVP_PKEY_derive_init(dh_ctx);
   if (rc != 1) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not init PKEY derive: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
       EVP_PKEY_CTX_free(dh_ctx);
-      EVP_PKEY_CTX_free(pubkey_ctx);
+      OSSL_PARAM_BLD_free(param_bld);
       return -1;
   }
 
-  rc = EVP_PKEY_fromdata_init(pubkey_ctx);
+  if (session->server) {
+      peer_pubkey = next_crypto->ecdh_client_pubkey;
+  } else {
+      peer_pubkey = next_crypto->ecdh_server_pubkey;
+  }
+  rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
+                                        OSSL_PKEY_PARAM_PUB_KEY,
+                                        ssh_string_data(peer_pubkey),
+                                        ssh_string_len(peer_pubkey));
   if (rc != 1) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not push the pub key: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
       EVP_PKEY_CTX_free(dh_ctx);
-      EVP_PKEY_CTX_free(pubkey_ctx);
+      OSSL_PARAM_BLD_free(param_bld);
       return -1;
   }
-
-  if (session->server) {
-      params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
-                              ssh_string_data(next_crypto->ecdh_client_pubkey),
-                              ssh_string_len(next_crypto->ecdh_client_pubkey));
-  } else {
-      params[0] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
-                              ssh_string_data(next_crypto->ecdh_server_pubkey),
-                              ssh_string_len(next_crypto->ecdh_server_pubkey));
-  }
-  params[1] = OSSL_PARAM_construct_end();
-
-  rc = EVP_PKEY_fromdata(pubkey_ctx, &pubkey, EVP_PKEY_PUBLIC_KEY, params);
+  curve = ecdh_kex_type_to_curve(next_crypto->kex_type);
+  rc = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+                                       OSSL_PKEY_PARAM_GROUP_NAME,
+                                       (char *)curve,
+                                       strlen(curve));
   if (rc != 1) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not push the group name: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
       EVP_PKEY_CTX_free(dh_ctx);
-      EVP_PKEY_CTX_free(pubkey_ctx);
+      OSSL_PARAM_BLD_free(param_bld);
       return -1;
   }
 
-  EVP_PKEY_CTX_free(pubkey_ctx);
+  rc = evp_build_pkey("EC", param_bld, &pubkey, EVP_PKEY_PUBLIC_KEY);
+  OSSL_PARAM_BLD_free(param_bld);
+  if (rc != SSH_OK) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not build the pkey: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
+      EVP_PKEY_CTX_free(dh_ctx);
+      return -1;
+  }
 
   rc = EVP_PKEY_derive_set_peer(dh_ctx, pubkey);
+  EVP_PKEY_free(pubkey);
   if (rc != 1) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not set peer pubkey: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
       EVP_PKEY_CTX_free(dh_ctx);
       return -1;
   }
@@ -352,19 +387,29 @@ int ecdh_build_k(ssh_session session) {
   /* get the max length of the secret */
   rc = EVP_PKEY_derive(dh_ctx, NULL, &secret_len);
   if (rc != 1) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not set peer pubkey: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
       EVP_PKEY_CTX_free(dh_ctx);
       return -1;
   }
 
   secret = malloc(secret_len);
   if (secret == NULL) {
+      ssh_set_error_oom(session);
       EVP_PKEY_CTX_free(dh_ctx);
       return -1;
   }
 
   rc = EVP_PKEY_derive(dh_ctx, secret, &secret_len);
   if (rc != 1) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Could not derive shared key: %s",
+                    ERR_error_string(ERR_get_error(), NULL));
       EVP_PKEY_CTX_free(dh_ctx);
+      free(secret);
       return -1;
   }
 
@@ -374,11 +419,7 @@ int ecdh_build_k(ssh_session session) {
   free(secret);
 #endif /* OPENSSL_VERSION_NUMBER */
   if (next_crypto->shared_secret == NULL) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
       EC_KEY_free(next_crypto->ecdh_privkey);
 #else
       EVP_PKEY_free(next_crypto->ecdh_privkey);
@@ -386,11 +427,7 @@ int ecdh_build_k(ssh_session session) {
       next_crypto->ecdh_privkey = NULL;
       return -1;
   }
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
   EC_KEY_free(next_crypto->ecdh_privkey);
 #else
   EVP_PKEY_free(next_crypto->ecdh_privkey);
@@ -413,31 +450,13 @@ int ecdh_build_k(ssh_session session) {
 /** @brief Handle a SSH_MSG_KEXDH_INIT packet (server) and send a
  * SSH_MSG_KEXDH_REPLY
  */
-SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
+SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init)
+{
     /* ECDH keys */
-    ssh_string q_c_string;
-    ssh_string q_s_string;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    EC_KEY *ecdh_key;
-    const EC_GROUP *group;
-    const EC_POINT *ecdh_pubkey;
-    bignum_CTX ctx;
-    int curve;
-    int len;
-#else
-    EVP_PKEY *ecdh_key = NULL;
-    const void *pubkey_ptr = NULL;
-    size_t len;
-    OSSL_PARAM *params = NULL;
-    const OSSL_PARAM *pubkey = NULL;
-    const char *curve = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
-    /* SSH host keys (rsa,dsa,ecdsa) */
-    ssh_key privkey;
+    ssh_string q_c_string = NULL;
+    ssh_string q_s_string = NULL;
+    /* SSH host keys (rsa, ed25519 and ecdsa) */
+    ssh_key privkey = NULL;
     enum ssh_digest_e digest = SSH_DIGEST_AUTO;
     ssh_string sig_blob = NULL;
     ssh_string pubkey_blob = NULL;
@@ -445,125 +464,22 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
     (void)type;
     (void)user;
 
+    SSH_LOG(SSH_LOG_TRACE, "Processing SSH_MSG_KEXDH_INIT");
+
     ssh_packet_remove_callbacks(session, &ssh_ecdh_server_callbacks);
     /* Extract the client pubkey from the init packet */
     q_c_string = ssh_buffer_get_ssh_string(packet);
     if (q_c_string == NULL) {
-        ssh_set_error(session,SSH_FATAL, "No Q_C ECC point in packet");
+        ssh_set_error(session, SSH_FATAL, "No Q_C ECC point in packet");
         goto error;
     }
     session->next_crypto->ecdh_client_pubkey = q_c_string;
 
-    curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    if (curve == SSH_ERROR) {
-        return SSH_ERROR;
-    }
-#else
-    if (curve == NULL) {
-        return SSH_ERROR;
-    }
-#endif /* OPENSSL_VERSION_NUMBER */
-
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    ecdh_key = EC_KEY_new_by_curve_name(curve);
-#else
-    ecdh_key = EVP_EC_gen(curve);
-#endif /* OPENSSL_VERSION_NUMBER */
-    if (ecdh_key == NULL) {
-        ssh_set_error_oom(session);
-        goto error;
-    }
-
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    /* Build server's keypair */
-    ctx = BN_CTX_new();
-    if (ctx == NULL) {
-        EC_KEY_free(ecdh_key);
-        return SSH_ERROR;
-    }
-
-    group = EC_KEY_get0_group(ecdh_key);
-    EC_KEY_generate_key(ecdh_key);
-
-    ecdh_pubkey = EC_KEY_get0_public_key(ecdh_key);
-    len = EC_POINT_point2oct(group,
-                             ecdh_pubkey,
-                             POINT_CONVERSION_UNCOMPRESSED,
-                             NULL,
-                             0,
-                             ctx);
-#else
-    rc = EVP_PKEY_todata(ecdh_key, EVP_PKEY_PUBLIC_KEY, &params);
-    if (rc != 1) {
-        EVP_PKEY_free(ecdh_key);
-        return SSH_ERROR;
-    }
-
-    pubkey = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
-    if (pubkey == NULL) {
-        OSSL_PARAM_free(params);
-        EVP_PKEY_free(ecdh_key);
-        return SSH_ERROR;
-    }
-
-    rc = OSSL_PARAM_get_octet_string_ptr(pubkey, &pubkey_ptr, &len);
-    if (rc != 1) {
-        OSSL_PARAM_free(params);
-        EVP_PKEY_free(ecdh_key);
-        return SSH_ERROR;
-    }
-#endif /* OPENSSL_VERSION_NUMBER */
-    q_s_string = ssh_string_new(len);
+    q_s_string = ssh_ecdh_generate(session);
     if (q_s_string == NULL) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-        EC_KEY_free(ecdh_key);
-        BN_CTX_free(ctx);
-#else
-        EVP_PKEY_free(ecdh_key);
-#endif /* OPENSSL_VERSION_NUMBER */
         goto error;
     }
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    EC_POINT_point2oct(group,
-                       ecdh_pubkey,
-                       POINT_CONVERSION_UNCOMPRESSED,
-                       ssh_string_data(q_s_string),
-                       len,
-                       ctx);
-    BN_CTX_free(ctx);
-#else
-    if (memcpy(ssh_string_data(q_s_string), pubkey_ptr, len)) {
-        OSSL_PARAM_free(params);
-        EVP_PKEY_free(ecdh_key);
-        return SSH_ERROR;
-    }
-
-    OSSL_PARAM_free(params);
-#endif /* OPENSSL_VERSION_NUMBER */
-
-    session->next_crypto->ecdh_privkey = ecdh_key;
     session->next_crypto->ecdh_server_pubkey = q_s_string;
 
     /* build k and session_id */
@@ -613,24 +529,18 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
         goto error;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent");
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEXDH_REPLY sent");
     rc = ssh_packet_send(session);
     if (rc == SSH_ERROR) {
         goto error;
     }
 
-    /* Send the MSG_NEWKEYS */
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc < 0) {
-        goto error;
-    }
-
     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
-    if (rc == SSH_ERROR){
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
         goto error;
     }
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
 
     return SSH_PACKET_USED;
 error:
diff --git a/libssh/src/ecdh_gcrypt.c b/libssh/src/ecdh_gcrypt.c
index d9c41bf9..5dcd3929 100644
--- a/libssh/src/ecdh_gcrypt.c
+++ b/libssh/src/ecdh_gcrypt.c
@@ -101,8 +101,15 @@ int ssh_client_ecdh_init(ssh_session session)
         goto out;
     }
 
+    /* Free any previously allocated privkey */
+    if (session->next_crypto->ecdh_privkey != NULL) {
+        gcry_sexp_release(session->next_crypto->ecdh_privkey);
+        session->next_crypto->ecdh_privkey = NULL;
+    }
     session->next_crypto->ecdh_privkey = key;
     key = NULL;
+
+    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
     session->next_crypto->ecdh_client_pubkey = client_pubkey;
     client_pubkey = NULL;
 
@@ -132,9 +139,9 @@ int ecdh_build_k(ssh_session session)
 #else
     size_t k_len = 0;
     enum ssh_key_exchange_e kex_type = session->next_crypto->kex_type;
-    ssh_string s;
+    ssh_string s = NULL;
 #endif
-    ssh_string pubkey_raw;
+    ssh_string pubkey_raw = NULL;
     gcry_sexp_t pubkey = NULL;
     ssh_string privkey = NULL;
     int rc = SSH_ERROR;
@@ -267,12 +274,12 @@ int ecdh_build_k(ssh_session session)
 SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
     gpg_error_t err;
     /* ECDH keys */
-    ssh_string q_c_string;
-    ssh_string q_s_string;
+    ssh_string q_c_string = NULL;
+    ssh_string q_s_string = NULL;
     gcry_sexp_t param = NULL;
     gcry_sexp_t key = NULL;
-    /* SSH host keys (rsa,dsa,ecdsa) */
-    ssh_key privkey;
+    /* SSH host keys (rsa, ed25519 and ecdsa) */
+    ssh_key privkey = NULL;
     enum ssh_digest_e digest = SSH_DIGEST_AUTO;
     ssh_string sig_blob = NULL;
     ssh_string pubkey_blob = NULL;
@@ -295,7 +302,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
     }
     session->next_crypto->ecdh_client_pubkey = q_c_string;
 
-    /* Build server's keypair */
+    /* Build server's key pair */
     err = gcry_sexp_build(&param, NULL, "(genkey(ecdh(curve %s) (flags transient-key)))",
                           curve);
     if (err) {
@@ -366,23 +373,19 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
         goto out;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent");
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEXDH_REPLY sent");
     rc = ssh_packet_send(session);
     if (rc != SSH_OK) {
         goto out;
     }
 
-
+    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
     /* Send the MSG_NEWKEYS */
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc != SSH_OK) {
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
         goto out;
     }
 
-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
-
  out:
     gcry_sexp_release(param);
     gcry_sexp_release(key);
diff --git a/libssh/src/ecdh_mbedcrypto.c b/libssh/src/ecdh_mbedcrypto.c
index cfe017a0..860543d6 100644
--- a/libssh/src/ecdh_mbedcrypto.c
+++ b/libssh/src/ecdh_mbedcrypto.c
@@ -70,6 +70,12 @@ int ssh_client_ecdh_init(ssh_session session)
         return SSH_ERROR;
     }
 
+    /* Free any previously allocated privkey */
+    if (session->next_crypto->ecdh_privkey != NULL) {
+        mbedtls_ecp_keypair_free(session->next_crypto->ecdh_privkey);
+        SAFE_FREE(session->next_crypto->ecdh_privkey);
+    }
+
     session->next_crypto->ecdh_privkey = malloc(sizeof(mbedtls_ecp_keypair));
     if (session->next_crypto->ecdh_privkey == NULL) {
         return SSH_ERROR;
@@ -110,6 +116,7 @@ int ssh_client_ecdh_init(ssh_session session)
         goto out;
     }
 
+    SSH_STRING_FREE(session->next_crypto->ecdh_client_pubkey);
     session->next_crypto->ecdh_client_pubkey = client_pubkey;
     client_pubkey = NULL;
 
@@ -311,23 +318,20 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
         goto out;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_KEXDH_REPLY sent");
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_KEXDH_REPLY sent");
     rc = ssh_packet_send(session);
     if (rc != SSH_OK) {
         rc = SSH_ERROR;
         goto out;
     }
 
-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
-    if (rc < 0) {
-        rc = SSH_ERROR;
+    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_packet_send_newkeys(session);
+    if (rc == SSH_ERROR) {
         goto out;
     }
 
-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
-    rc = ssh_packet_send(session);
-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
-
 out:
     mbedtls_ecp_group_free(&grp);
     if (rc == SSH_ERROR) {
diff --git a/libssh/src/error.c b/libssh/src/error.c
index 8930d26a..3f8d78cd 100644
--- a/libssh/src/error.c
+++ b/libssh/src/error.c
@@ -29,7 +29,7 @@
 #include "libssh/session.h"
 
 /**
- * @defgroup libssh_error The SSH error functions.
+ * @defgroup libssh_error The SSH error functions
  * @ingroup libssh
  *
  * Functions for error handling.
@@ -63,8 +63,8 @@ void _ssh_set_error(void *error,
     va_end(va);
 
     err->error.error_code = code;
-    if (ssh_get_log_level() >= SSH_LOG_WARN) {
-        ssh_log_function(SSH_LOG_WARN,
+    if (ssh_get_log_level() == SSH_LOG_TRACE) {
+        ssh_log_function(SSH_LOG_TRACE,
                          function,
                          err->error.error_buffer);
     }
diff --git a/libssh/src/external/bcrypt_pbkdf.c b/libssh/src/external/bcrypt_pbkdf.c
index 75c02151..85f4be47 100644
--- a/libssh/src/external/bcrypt_pbkdf.c
+++ b/libssh/src/external/bcrypt_pbkdf.c
@@ -42,7 +42,7 @@
  * function with the following modifications:
  * 1. The input password and salt are preprocessed with SHA512.
  * 2. The output length is expanded to 256 bits.
- * 3. Subsequently the magic string to be encrypted is lengthened and modifed
+ * 3. Subsequently the magic string to be encrypted is lengthened and modified
  *    to "OxychromaticBlowfishSwatDynamite"
  * 4. The hash function is defined to perform 64 rounds of initial state
  *    expansion. (More rounds are performed by iterating the hash.)
diff --git a/libssh/src/external/blowfish.c b/libssh/src/external/blowfish.c
index 4008a9c0..42d5df1e 100644
--- a/libssh/src/external/blowfish.c
+++ b/libssh/src/external/blowfish.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
+/* $OpenBSD: blowfish.c,v 1.20 2021/11/29 01:04:45 djm Exp $ */
 /*
  * Blowfish block cipher for OpenBSD
  * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@@ -14,10 +14,7 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *      This product includes software developed by Niels Provos.
- * 4. The name of the author may not be used to endorse or promote products
+ * 3. The name of the author may not be used to endorse or promote products
  *    derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
diff --git a/libssh/src/gcrypt_missing.c b/libssh/src/gcrypt_missing.c
index e931ec5b..5f84e6b6 100644
--- a/libssh/src/gcrypt_missing.c
+++ b/libssh/src/gcrypt_missing.c
@@ -47,7 +47,7 @@ int ssh_gcry_dec2bn(bignum *bn, const char *data) {
 
 char *ssh_gcry_bn2dec(bignum bn) {
   bignum bndup, num, ten;
-  char *ret;
+  char *ret = NULL;
   int count, count2;
   int size, rsize;
   char decnum;
@@ -55,7 +55,7 @@ char *ssh_gcry_bn2dec(bignum bn) {
   size = gcry_mpi_get_nbits(bn) * 3;
   rsize = size / 10 + size / 1000 + 2;
 
-  ret = malloc(rsize + 1);
+  ret = gcry_malloc(rsize + 1);
   if (ret == NULL) {
     return NULL;
   }
diff --git a/libssh/src/getpass.c b/libssh/src/getpass.c
index 6be33c77..c19c4bc0 100644
--- a/libssh/src/getpass.c
+++ b/libssh/src/getpass.c
@@ -46,7 +46,7 @@
  */
 static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
 {
-    char *tmp;
+    char *tmp = NULL;
     char *ptr = NULL;
     int ok = 0;
 
@@ -78,7 +78,7 @@ static int ssh_gets(const char *prompt, char *buf, size_t len, int verify)
         }
 
         if (verify) {
-            char *key_string;
+            char *key_string = NULL;
 
             key_string = calloc(1, len);
             if (key_string == NULL) {
diff --git a/libssh/src/getrandom_crypto.c b/libssh/src/getrandom_crypto.c
index 078560ec..df8bd19f 100644
--- a/libssh/src/getrandom_crypto.c
+++ b/libssh/src/getrandom_crypto.c
@@ -24,6 +24,12 @@
 #include "libssh/crypto.h"
 #include <openssl/rand.h>
 
+/**
+ * @addtogroup libssh_misc
+ *
+ * @{
+ */
+
 /**
  * @brief Get random bytes
  *
@@ -52,3 +58,7 @@ ssh_get_random(void *where, int len, int strong)
     /* Returns -1 when not supported, 0 on error, 1 on success */
     return !!RAND_bytes(where, len);
 }
+
+/**
+ * @}
+ */
diff --git a/libssh/src/gssapi.c b/libssh/src/gssapi.c
index bbfcb6e6..0d122750 100644
--- a/libssh/src/gssapi.c
+++ b/libssh/src/gssapi.c
@@ -38,46 +38,19 @@
 #include <libssh/string.h>
 #include <libssh/server.h>
 
-/** current state of an GSSAPI authentication */
-enum ssh_gssapi_state_e {
-    SSH_GSSAPI_STATE_NONE, /* no status */
-    SSH_GSSAPI_STATE_RCV_TOKEN, /* Expecting a token */
-    SSH_GSSAPI_STATE_RCV_MIC, /* Expecting a MIC */
-};
-
-struct ssh_gssapi_struct{
-    enum ssh_gssapi_state_e state; /* current state */
-    struct gss_OID_desc_struct mech; /* mechanism being elected for auth */
-    gss_cred_id_t server_creds; /* credentials of server */
-    gss_cred_id_t client_creds; /* creds delegated by the client */
-    gss_ctx_id_t ctx; /* the authentication context */
-    gss_name_t client_name; /* Identity of the client */
-    char *user; /* username of client */
-    char *canonic_user; /* canonic form of the client's username */
-    char *service; /* name of the service */
-    struct {
-        gss_name_t server_name; /* identity of server */
-        OM_uint32 flags; /* flags used for init context */
-        gss_OID oid; /* mech being used for authentication */
-        gss_cred_id_t creds; /* creds used to initialize context */
-        gss_cred_id_t client_deleg_creds; /* delegated creds (const, not freeable) */
-    } client;
-};
-
-
 /** @internal
  * @initializes a gssapi context for authentication
  */
-static int ssh_gssapi_init(ssh_session session)
+int
+ssh_gssapi_init(ssh_session session)
 {
     if (session->gssapi != NULL)
         return SSH_OK;
-    session->gssapi = malloc(sizeof(struct ssh_gssapi_struct));
-    if(!session->gssapi){
+    session->gssapi = calloc(1, sizeof(struct ssh_gssapi_struct));
+    if (session->gssapi == NULL) {
         ssh_set_error_oom(session);
         return SSH_ERROR;
     }
-    ZERO_STRUCTP(session->gssapi);
     session->gssapi->server_creds = GSS_C_NO_CREDENTIAL;
     session->gssapi->client_creds = GSS_C_NO_CREDENTIAL;
     session->gssapi->ctx = GSS_C_NO_CONTEXT;
@@ -85,21 +58,60 @@ static int ssh_gssapi_init(ssh_session session)
     return SSH_OK;
 }
 
+void
+ssh_gssapi_log_error(int verb, const char *msg_a, int maj_stat, int min_stat)
+{
+    gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
+    OM_uint32 dummy_min;
+    OM_uint32 message_context = 0;
+
+    do {
+        gss_display_status(&dummy_min,
+                           maj_stat,
+                           GSS_C_GSS_CODE,
+                           GSS_C_NO_OID,
+                           &message_context,
+                           &msg);
+        SSH_LOG(verb, "GSSAPI(%s): %s", msg_a, (const char *)msg.value);
+        gss_release_buffer(&dummy_min, &msg);
+
+    } while (message_context != 0);
+
+    do {
+        gss_display_status(&dummy_min,
+                           min_stat,
+                           GSS_C_MECH_CODE,
+                           GSS_C_NO_OID,
+                           &message_context,
+                           &msg);
+        SSH_LOG(verb, "GSSAPI(%s): %s", msg_a, (const char *)msg.value);
+        gss_release_buffer(&dummy_min, &msg);
+
+    } while (message_context != 0);
+}
+
 /** @internal
  * @frees a gssapi context
  */
-static void ssh_gssapi_free(ssh_session session)
+void
+ssh_gssapi_free(ssh_session session)
 {
     OM_uint32 min;
     if (session->gssapi == NULL)
         return;
     SAFE_FREE(session->gssapi->user);
-    SAFE_FREE(session->gssapi->mech.elements);
+
+    gss_release_name(&min, &session->gssapi->client.server_name);
     gss_release_cred(&min,&session->gssapi->server_creds);
     if (session->gssapi->client.creds !=
                     session->gssapi->client.client_deleg_creds) {
         gss_release_cred(&min, &session->gssapi->client.creds);
     }
+    gss_release_oid(&min, &session->gssapi->client.oid);
+    gss_delete_sec_context(&min, &session->gssapi->ctx, GSS_C_NO_BUFFER);
+
+    SAFE_FREE(session->gssapi->mech.elements);
+    SAFE_FREE(session->gssapi->canonic_user);
     SAFE_FREE(session->gssapi);
 }
 
@@ -133,55 +145,6 @@ static int ssh_gssapi_send_response(ssh_session session, ssh_string oid)
 
 #endif /* WITH_SERVER */
 
-static void ssh_gssapi_log_error(int verb,
-                                 const char *msg,
-                                 int maj_stat,
-                                 int min_stat)
-{
-    gss_buffer_desc msg_maj = {
-        .length = 0,
-    };
-    gss_buffer_desc msg_min = {
-        .length = 0,
-    };
-    OM_uint32 dummy_maj, dummy_min;
-    OM_uint32 message_context = 0;
-
-    dummy_maj = gss_display_status(&dummy_min,
-                                   maj_stat,
-                                   GSS_C_GSS_CODE,
-                                   GSS_C_NO_OID,
-                                   &message_context,
-                                   &msg_maj);
-    if (dummy_maj != 0) {
-        goto out;
-    }
-
-    dummy_maj = gss_display_status(&dummy_min,
-                                   min_stat,
-                                   GSS_C_MECH_CODE,
-                                   GSS_C_NO_OID,
-                                   &message_context,
-                                   &msg_min);
-    if (dummy_maj != 0) {
-        goto out;
-    }
-
-    SSH_LOG(verb,
-            "GSSAPI(%s): %s - %s",
-            msg,
-            (const char *)msg_maj.value,
-            (const char *)msg_min.value);
-
-out:
-    if (msg_maj.value) {
-        gss_release_buffer(&dummy_min, &msg_maj);
-    }
-    if (msg_min.value) {
-        gss_release_buffer(&dummy_min, &msg_min);
-    }
-}
-
 #ifdef WITH_SERVER
 
 /** @internal
@@ -196,7 +159,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
     gss_name_t server_name; /* local server fqdn */
     OM_uint32 maj_stat, min_stat;
     size_t i;
-    char *ptr;
+    char *ptr = NULL;
     gss_OID_set supported; /* oids supported by server */
     gss_OID_set both_supported; /* oids supported by both client and server */
     gss_OID_set selected; /* oid selected for authentication */
@@ -205,30 +168,43 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
     struct gss_OID_desc_struct oid;
     int rc;
 
-    if (ssh_callbacks_exists(session->server_callbacks, gssapi_select_oid_function)){
-        ssh_string oid_s = session->server_callbacks->gssapi_select_oid_function(session,
-                user, n_oid, oids,
-                session->server_callbacks->userdata);
-        if (oid_s != NULL){
-            if (ssh_gssapi_init(session) == SSH_ERROR)
-                return SSH_ERROR;
-            session->gssapi->state = SSH_GSSAPI_STATE_RCV_TOKEN;
+    /* Destroy earlier GSSAPI context if any */
+    ssh_gssapi_free(session);
+    rc = ssh_gssapi_init(session);
+    if (rc == SSH_ERROR)
+        return rc;
+
+    /* Callback should select oid and acquire credential */
+    if (ssh_callbacks_exists(session->server_callbacks,
+                             gssapi_select_oid_function)) {
+        ssh_string oid_s = NULL;
+        session->gssapi->state = SSH_GSSAPI_STATE_RCV_TOKEN;
+        SAFE_FREE(session->gssapi->user);
+        session->gssapi->user = strdup(user);
+        oid_s = session->server_callbacks->gssapi_select_oid_function(
+            session,
+            user,
+            n_oid,
+            oids,
+            session->server_callbacks->userdata);
+        if (oid_s != NULL) {
             rc = ssh_gssapi_send_response(session, oid_s);
-            SSH_STRING_FREE(oid_s);
             return rc;
         } else {
-            return ssh_auth_reply_default(session,0);
+            return ssh_auth_reply_default(session, 0);
         }
     }
+    /* Default implementation for selecting oid and acquiring credential */
     gss_create_empty_oid_set(&min_stat, &both_supported);
 
     maj_stat = gss_indicate_mechs(&min_stat, &supported);
     if (maj_stat != GSS_S_COMPLETE) {
-        SSH_LOG(SSH_LOG_WARNING, "indicate mecks %d, %d", maj_stat, min_stat);
-        ssh_gssapi_log_error(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_DEBUG, "indicate mechs %d, %d", maj_stat, min_stat);
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "indicate mechs",
                              maj_stat,
                              min_stat);
+        gss_release_oid_set(&min_stat, &both_supported);
         return SSH_ERROR;
     }
 
@@ -246,7 +222,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
             continue;
         }
         if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){
-            SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID");
+            SSH_LOG(SSH_LOG_TRACE,"GSSAPI: received invalid OID");
             continue;
         }
         oid.elements = &oid_s[2];
@@ -259,25 +235,23 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
     }
     gss_release_oid_set(&min_stat, &supported);
     if (oid_count == 0){
-        SSH_LOG(SSH_LOG_PROTOCOL,"GSSAPI: no OID match");
+        SSH_LOG(SSH_LOG_DEBUG,"GSSAPI: no OID match");
         ssh_auth_reply_default(session, 0);
         gss_release_oid_set(&min_stat, &both_supported);
         return SSH_OK;
     }
-    /* from now we have room for context */
-    if (ssh_gssapi_init(session) == SSH_ERROR)
-        return SSH_ERROR;
 
     name_buf.value = service_name;
     name_buf.length = strlen(name_buf.value) + 1;
     maj_stat = gss_import_name(&min_stat, &name_buf,
             (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name);
     if (maj_stat != GSS_S_COMPLETE) {
-        SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat);
-        ssh_gssapi_log_error(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_DEBUG, "importing name %d, %d", maj_stat, min_stat);
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "importing name",
                              maj_stat,
                              min_stat);
+        gss_release_oid_set(&min_stat, &both_supported);
         return -1;
     }
 
@@ -288,8 +262,8 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
     gss_release_oid_set(&min_stat, &both_supported);
 
     if (maj_stat != GSS_S_COMPLETE) {
-        SSH_LOG(SSH_LOG_WARNING, "error acquiring credentials %d, %d", maj_stat, min_stat);
-        ssh_gssapi_log_error(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_TRACE, "error acquiring credentials %d, %d", maj_stat, min_stat);
+        ssh_gssapi_log_error(SSH_LOG_TRACE,
                              "acquiring creds",
                              maj_stat,
                              min_stat);
@@ -297,7 +271,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "acquiring credentials %d, %d", maj_stat, min_stat);
+    SSH_LOG(SSH_LOG_DEBUG, "acquiring credentials %d, %d", maj_stat, min_stat);
 
     /* finding which OID from client we selected */
     for (i=0 ; i< n_oid ; ++i){
@@ -308,7 +282,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
             continue;
         }
         if(len < 2 || oid_s[0] != SSH_OID_TAG || ((size_t)oid_s[1]) != len - 2){
-            SSH_LOG(SSH_LOG_WARNING,"GSSAPI: received invalid OID");
+            SSH_LOG(SSH_LOG_TRACE,"GSSAPI: received invalid OID");
             continue;
         }
         oid.elements = &oid_s[2];
@@ -323,6 +297,7 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
     session->gssapi->mech.elements = malloc(oid.length);
     if (session->gssapi->mech.elements == NULL){
         ssh_set_error_oom(session);
+        gss_release_oid_set(&min_stat, &selected);
         return SSH_ERROR;
     }
     memcpy(session->gssapi->mech.elements, oid.elements, oid.length);
@@ -333,18 +308,20 @@ ssh_gssapi_handle_userauth(ssh_session session, const char *user,
     return ssh_gssapi_send_response(session, oids[i]);
 }
 
-static char *ssh_gssapi_name_to_char(gss_name_t name)
+char *
+ssh_gssapi_name_to_char(gss_name_t name)
 {
     gss_buffer_desc buffer;
     OM_uint32 maj_stat, min_stat;
-    char *ptr;
+    char *ptr = NULL;
     maj_stat = gss_display_name(&min_stat, name, &buffer, NULL);
-    ssh_gssapi_log_error(SSH_LOG_WARNING,
+    ssh_gssapi_log_error(SSH_LOG_DEBUG,
                          "converting name",
                          maj_stat,
                          min_stat);
     ptr = malloc(buffer.length + 1);
     if (ptr == NULL) {
+        gss_release_buffer(&min_stat, &buffer);
         return NULL;
     }
     memcpy(ptr, buffer.value, buffer.length);
@@ -354,9 +331,10 @@ static char *ssh_gssapi_name_to_char(gss_name_t name)
 
 }
 
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
-    ssh_string token;
-    char *hexa;
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server)
+{
+    ssh_string token = NULL;
+    char *hexa = NULL;
     OM_uint32 maj_stat, min_stat;
     gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
     gss_name_t client_name = GSS_C_NO_NAME;
@@ -380,13 +358,11 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
     }
 
     if (ssh_callbacks_exists(session->server_callbacks, gssapi_accept_sec_ctx_function)){
-        ssh_string out_token=NULL;
+        ssh_string out_token = NULL;
         rc = session->server_callbacks->gssapi_accept_sec_ctx_function(session,
                 token, &out_token, session->server_callbacks->userdata);
         if (rc == SSH_ERROR){
             ssh_auth_reply_default(session, 0);
-            ssh_gssapi_free(session);
-            session->gssapi=NULL;
             return SSH_PACKET_USED;
         }
         if (ssh_string_len(out_token) != 0){
@@ -400,9 +376,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
             }
             ssh_packet_send(session);
             SSH_STRING_FREE(out_token);
-        } else {
-            session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
         }
+        session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
         return SSH_PACKET_USED;
     }
     hexa = ssh_get_hexa(ssh_string_data(token),ssh_string_len(token));
@@ -414,7 +389,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
     maj_stat = gss_accept_sec_context(&min_stat, &session->gssapi->ctx, session->gssapi->server_creds,
             &input_token, input_bindings, &client_name, NULL /*mech_oid*/, &output_token, &ret_flags,
             NULL /*time*/, &session->gssapi->client_creds);
-    ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
+    ssh_gssapi_log_error(SSH_LOG_DEBUG,
                          "accepting token",
                          maj_stat,
                          min_stat);
@@ -424,13 +399,12 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
         session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name);
     }
     if (GSS_ERROR(maj_stat)){
-        ssh_gssapi_log_error(SSH_LOG_WARNING,
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "Gssapi error",
                              maj_stat,
                              min_stat);
+        gss_release_buffer(&min_stat, &output_token);
         ssh_auth_reply_default(session,0);
-        ssh_gssapi_free(session);
-        session->gssapi=NULL;
         return SSH_PACKET_USED;
     }
 
@@ -438,13 +412,22 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_server){
         hexa = ssh_get_hexa(output_token.value, output_token.length);
         SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
         SAFE_FREE(hexa);
-        ssh_buffer_pack(session->out_buffer,
-                        "bdP",
-                        SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
-                        output_token.length,
-                        (size_t)output_token.length, output_token.value);
+        rc = ssh_buffer_pack(session->out_buffer,
+                             "bdP",
+                             SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
+                             output_token.length,
+                             (size_t)output_token.length, output_token.value);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(session);
+            ssh_auth_reply_default(session, 0);
+            return SSH_PACKET_USED;
+        }
         ssh_packet_send(session);
     }
+
+    gss_release_buffer(&min_stat, &output_token);
+    gss_release_name(&min_stat, &client_name);
+
     if(maj_stat == GSS_S_COMPLETE){
         session->gssapi->state = SSH_GSSAPI_STATE_RCV_MIC;
     }
@@ -491,7 +474,7 @@ static ssh_buffer ssh_gssapi_build_mic(ssh_session session)
 
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
 {
-    ssh_string mic_token;
+    ssh_string mic_token = NULL;
     OM_uint32 maj_stat, min_stat;
     gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
     gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
@@ -531,7 +514,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
         mic_token_buf.value = ssh_string_data(mic_token);
 
         maj_stat = gss_verify_mic(&min_stat, session->gssapi->ctx, &mic_buf, &mic_token_buf, NULL);
-        ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "verifying MIC",
                              maj_stat,
                              min_stat);
@@ -562,7 +545,6 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_mic)
     ssh_auth_reply_default(session,0);
 
 end:
-    ssh_gssapi_free(session);
     if (mic_buffer != NULL) {
         SSH_BUFFER_FREE(mic_buffer);
     }
@@ -593,6 +575,7 @@ ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session)
  * Unlike ssh_gssapi_get_creds() this is called on the client side of an ssh
  * connection.
  *
+ * @param[in] session The session
  * @param[in] creds gssapi credentials handle.
  */
 void ssh_gssapi_set_creds(ssh_session session, const ssh_gssapi_creds creds)
@@ -648,12 +631,12 @@ ssh_gssapi_send_auth_mic(ssh_session session, ssh_string *oid_set, int n_oid)
 static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
 {
     OM_uint32 maj_stat, min_stat, lifetime;
-    gss_OID_set actual_mechs;
+    gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
     gss_buffer_desc namebuf;
     gss_name_t client_id = GSS_C_NO_NAME;
     gss_OID oid;
     unsigned int i;
-    char *ptr;
+    char *ptr = NULL;
     int ret;
 
     if (session->gssapi->client.client_deleg_creds == NULL) {
@@ -674,6 +657,10 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
                                     &session->gssapi->client.creds,
                                     &actual_mechs, NULL);
         if (GSS_ERROR(maj_stat)) {
+            ssh_gssapi_log_error(SSH_LOG_WARN,
+                                 "acquiring credential",
+                                 maj_stat,
+                                 min_stat);
             ret = SSH_ERROR;
             goto end;
         }
@@ -710,6 +697,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
     ret = SSH_OK;
 
 end:
+    gss_release_oid_set(&min_stat, &actual_mechs);
     gss_release_name(&min_stat, &client_id);
     return ret;
 }
@@ -724,7 +712,7 @@ static int ssh_gssapi_match(ssh_session session, gss_OID_set *valid_oids)
 int ssh_gssapi_auth_mic(ssh_session session)
 {
     size_t i;
-    gss_OID_set selected; /* oid selected for authentication */
+    gss_OID_set selected = GSS_C_NO_OID_SET; /* oid selected for authentication */
     ssh_string *oids = NULL;
     int rc;
     size_t n_oids = 0;
@@ -733,6 +721,8 @@ int ssh_gssapi_auth_mic(ssh_session session)
     gss_buffer_desc hostname;
     const char *gss_host = session->opts.host;
 
+    /* Destroy earlier GSSAPI context if any */
+    ssh_gssapi_free(session);
     rc = ssh_gssapi_init(session);
     if (rc == SSH_ERROR) {
         return SSH_AUTH_ERROR;
@@ -750,8 +740,8 @@ int ssh_gssapi_auth_mic(ssh_session session)
                                (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
                                &session->gssapi->client.server_name);
     if (maj_stat != GSS_S_COMPLETE) {
-        SSH_LOG(SSH_LOG_WARNING, "importing name %d, %d", maj_stat, min_stat);
-        ssh_gssapi_log_error(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_DEBUG, "importing name %d, %d", maj_stat, min_stat);
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "importing name",
                              maj_stat,
                              min_stat);
@@ -765,7 +755,7 @@ int ssh_gssapi_auth_mic(ssh_session session)
         return SSH_AUTH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "Authenticating with gssapi to host %s with user %s",
+    SSH_LOG(SSH_LOG_DEBUG, "Authenticating with gssapi to host %s with user %s",
             session->opts.host, session->gssapi->user);
     rc = ssh_gssapi_match(session, &selected);
     if (rc == SSH_ERROR) {
@@ -773,7 +763,7 @@ int ssh_gssapi_auth_mic(ssh_session session)
     }
 
     n_oids = selected->count;
-    SSH_LOG(SSH_LOG_PROTOCOL, "Sending %zu oids", n_oids);
+    SSH_LOG(SSH_LOG_DEBUG, "Sending %zu oids", n_oids);
 
     oids = calloc(n_oids, sizeof(ssh_string));
     if (oids == NULL) {
@@ -801,6 +791,8 @@ int ssh_gssapi_auth_mic(ssh_session session)
         SSH_STRING_FREE(oids[i]);
     }
     free(oids);
+    gss_release_oid_set(&min_stat, &selected);
+
     if (rc != SSH_ERROR) {
         return SSH_AUTH_AGAIN;
     }
@@ -845,11 +837,12 @@ static gss_OID ssh_gssapi_oid_from_string(ssh_string oid_s)
 }
 
 SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
-    ssh_string oid_s;
+    int rc;
+    ssh_string oid_s = NULL;
     gss_uint32 maj_stat, min_stat;
     gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
     gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
-    char *hexa;
+    char *hexa = NULL;
     (void)type;
     (void)user;
 
@@ -886,7 +879,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
                                     0, NULL, &input_token, NULL,
                                     &output_token, NULL, NULL);
     if(GSS_ERROR(maj_stat)){
-        ssh_gssapi_log_error(SSH_LOG_WARNING,
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "Initializing gssapi context",
                              maj_stat,
                              min_stat);
@@ -896,20 +889,24 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_response){
         hexa = ssh_get_hexa(output_token.value, output_token.length);
         SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s", hexa);
         SAFE_FREE(hexa);
-        ssh_buffer_pack(session->out_buffer,
-                        "bdP",
-                        SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
-                        output_token.length,
-                        (size_t)output_token.length, output_token.value);
+        rc = ssh_buffer_pack(session->out_buffer,
+                             "bdP",
+                             SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
+                             output_token.length,
+                             (size_t)output_token.length, output_token.value);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(session);
+            goto error;
+        }
         ssh_packet_send(session);
         session->auth.state = SSH_AUTH_STATE_GSSAPI_TOKEN;
     }
+
+    gss_release_buffer(&min_stat, &output_token);
     return SSH_PACKET_USED;
 
 error:
     session->auth.state = SSH_AUTH_STATE_ERROR;
-    ssh_gssapi_free(session);
-    session->gssapi = NULL;
     return SSH_PACKET_USED;
 }
 
@@ -933,9 +930,11 @@ static int ssh_gssapi_send_mic(ssh_session session)
 
     maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT,
                            &mic_buf, &mic_token_buf);
+
+    SSH_BUFFER_FREE(mic_buffer);
+
     if (GSS_ERROR(maj_stat)){
-        SSH_BUFFER_FREE(mic_buffer);
-        ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "generating MIC",
                              maj_stat,
                              min_stat);
@@ -947,8 +946,10 @@ static int ssh_gssapi_send_mic(ssh_session session)
                          SSH2_MSG_USERAUTH_GSSAPI_MIC,
                          mic_token_buf.length,
                          (size_t)mic_token_buf.length, mic_token_buf.value);
+
+    gss_release_buffer(&min_stat, &mic_token_buf);
+
     if (rc != SSH_OK) {
-        SSH_BUFFER_FREE(mic_buffer);
         ssh_set_error_oom(session);
         return SSH_ERROR;
     }
@@ -956,9 +957,11 @@ static int ssh_gssapi_send_mic(ssh_session session)
     return ssh_packet_send(session);
 }
 
-SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
-    ssh_string token;
-    char *hexa;
+SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client)
+{
+    int rc;
+    ssh_string token = NULL;
+    char *hexa = NULL;
     OM_uint32 maj_stat, min_stat;
     gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
     (void)user;
@@ -992,13 +995,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
                                     0, NULL, &input_token, NULL,
                                     &output_token, NULL, NULL);
 
-    ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
+    ssh_gssapi_log_error(SSH_LOG_DEBUG,
                          "accepting token",
                          maj_stat,
                          min_stat);
     SSH_STRING_FREE(token);
     if (GSS_ERROR(maj_stat)){
-        ssh_gssapi_log_error(SSH_LOG_PROTOCOL,
+        ssh_gssapi_log_error(SSH_LOG_DEBUG,
                              "Gssapi error",
                              maj_stat,
                              min_stat);
@@ -1009,14 +1012,20 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
         hexa = ssh_get_hexa(output_token.value, output_token.length);
         SSH_LOG(SSH_LOG_PACKET, "GSSAPI: sending token %s",hexa);
         SAFE_FREE(hexa);
-        ssh_buffer_pack(session->out_buffer,
-                        "bdP",
-                        SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
-                        output_token.length,
-                        (size_t)output_token.length, output_token.value);
+        rc = ssh_buffer_pack(session->out_buffer,
+                             "bdP",
+                             SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
+                             output_token.length,
+                             (size_t)output_token.length, output_token.value);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(session);
+            goto error;
+        }
         ssh_packet_send(session);
     }
 
+    gss_release_buffer(&min_stat, &output_token);
+
     if (maj_stat == GSS_S_COMPLETE) {
         ssh_gssapi_send_mic(session);
         session->auth.state = SSH_AUTH_STATE_GSSAPI_MIC_SENT;
@@ -1026,7 +1035,5 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_gssapi_token_client){
 
 error:
     session->auth.state = SSH_AUTH_STATE_ERROR;
-    ssh_gssapi_free(session);
-    session->gssapi = NULL;
     return SSH_PACKET_USED;
 }
diff --git a/libssh/src/gzip.c b/libssh/src/gzip.c
index 148cc21c..e814080a 100644
--- a/libssh/src/gzip.c
+++ b/libssh/src/gzip.c
@@ -24,211 +24,279 @@
 
 #include "config.h"
 
-#include <string.h>
 #include <stdlib.h>
-#include <zlib.h>
+#include <string.h>
 
-#include "libssh/priv.h"
 #include "libssh/buffer.h"
 #include "libssh/crypto.h"
+#include "libssh/priv.h"
 #include "libssh/session.h"
 
+#ifdef WITH_ZLIB
+#include <zlib.h>
+
 #ifndef BLOCKSIZE
 #define BLOCKSIZE 4092
 #endif
 
-static z_stream *initcompress(ssh_session session, int level) {
-  z_stream *stream = NULL;
-  int status;
+static z_stream *
+initcompress(ssh_session session, int level)
+{
+    z_stream *stream = NULL;
+    int status;
 
-  stream = calloc(1, sizeof(z_stream));
-  if (stream == NULL) {
-    return NULL;
-  }
+    stream = calloc(1, sizeof(z_stream));
+    if (stream == NULL) {
+        return NULL;
+    }
 
-  status = deflateInit(stream, level);
-  if (status != Z_OK) {
-    SAFE_FREE(stream);
-    ssh_set_error(session, SSH_FATAL,
-        "status %d inititalising zlib deflate", status);
-    return NULL;
-  }
+    status = deflateInit(stream, level);
+    if (status != Z_OK) {
+        deflateEnd(stream);
+        SAFE_FREE(stream);
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "status %d initialising zlib deflate",
+                      status);
+        return NULL;
+    }
 
-  return stream;
+    return stream;
 }
 
-static ssh_buffer gzip_compress(ssh_session session, ssh_buffer source, int level)
+static ssh_buffer
+gzip_compress(ssh_session session, ssh_buffer source, int level)
 {
-  struct ssh_crypto_struct *crypto = NULL;
-  z_stream *zout = NULL;
-  void *in_ptr = ssh_buffer_get(source);
-  uint32_t in_size = ssh_buffer_get_len(source);
-  ssh_buffer dest = NULL;
-  unsigned char out_buf[BLOCKSIZE] = {0};
-  uint32_t len;
-  int status;
-
-  crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
-  if (crypto == NULL) {
-      return NULL;
-  }
-  zout = crypto->compress_out_ctx;
-  if (zout == NULL) {
-    zout = crypto->compress_out_ctx = initcompress(session, level);
+    struct ssh_crypto_struct *crypto = NULL;
+    z_stream *zout = NULL;
+    void *in_ptr = ssh_buffer_get(source);
+    uint32_t in_size = ssh_buffer_get_len(source);
+    ssh_buffer dest = NULL;
+    unsigned char out_buf[BLOCKSIZE] = {0};
+    uint32_t len;
+    int status;
+
+    crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
+    if (crypto == NULL) {
+        return NULL;
+    }
+    zout = crypto->compress_out_ctx;
     if (zout == NULL) {
-      return NULL;
+        zout = crypto->compress_out_ctx = initcompress(session, level);
+        if (zout == NULL) {
+            return NULL;
+        }
     }
-  }
-
-  dest = ssh_buffer_new();
-  if (dest == NULL) {
-    return NULL;
-  }
 
-  zout->next_out = out_buf;
-  zout->next_in = in_ptr;
-  zout->avail_in = in_size;
-  do {
-    zout->avail_out = BLOCKSIZE;
-    status = deflate(zout, Z_PARTIAL_FLUSH);
-    if (status != Z_OK) {
-      SSH_BUFFER_FREE(dest);
-      ssh_set_error(session, SSH_FATAL,
-          "status %d deflating zlib packet", status);
-      return NULL;
+    dest = ssh_buffer_new();
+    if (dest == NULL) {
+        return NULL;
     }
-    len = BLOCKSIZE - zout->avail_out;
-    if (ssh_buffer_add_data(dest, out_buf, len) < 0) {
-      SSH_BUFFER_FREE(dest);
-      return NULL;
-    }
-    zout->next_out = out_buf;
-  } while (zout->avail_out == 0);
 
-  return dest;
+    zout->next_out = out_buf;
+    zout->next_in = in_ptr;
+    zout->avail_in = in_size;
+    do {
+        zout->avail_out = BLOCKSIZE;
+        status = deflate(zout, Z_PARTIAL_FLUSH);
+        if (status != Z_OK) {
+            SSH_BUFFER_FREE(dest);
+            ssh_set_error(session,
+                          SSH_FATAL,
+                          "status %d deflating zlib packet",
+                          status);
+            return NULL;
+        }
+        len = BLOCKSIZE - zout->avail_out;
+        if (ssh_buffer_add_data(dest, out_buf, len) < 0) {
+            SSH_BUFFER_FREE(dest);
+            return NULL;
+        }
+        zout->next_out = out_buf;
+    } while (zout->avail_out == 0);
+
+    return dest;
 }
 
-int compress_buffer(ssh_session session, ssh_buffer buf) {
-  ssh_buffer dest = NULL;
+int
+compress_buffer(ssh_session session, ssh_buffer buf)
+{
+    ssh_buffer dest = NULL;
+    int rv;
 
-  dest = gzip_compress(session, buf, session->opts.compressionlevel);
-  if (dest == NULL) {
-    return -1;
-  }
+    dest = gzip_compress(session, buf, session->opts.compressionlevel);
+    if (dest == NULL) {
+        return -1;
+    }
 
-  if (ssh_buffer_reinit(buf) < 0) {
-    SSH_BUFFER_FREE(dest);
-    return -1;
-  }
+    if (ssh_buffer_reinit(buf) < 0) {
+        SSH_BUFFER_FREE(dest);
+        return -1;
+    }
 
-  if (ssh_buffer_add_data(buf, ssh_buffer_get(dest), ssh_buffer_get_len(dest)) < 0) {
-    SSH_BUFFER_FREE(dest);
-    return -1;
-  }
+    rv = ssh_buffer_add_data(buf,
+                             ssh_buffer_get(dest),
+                             ssh_buffer_get_len(dest));
+    if (rv < 0) {
+        SSH_BUFFER_FREE(dest);
+        return -1;
+    }
 
-  SSH_BUFFER_FREE(dest);
-  return 0;
+    SSH_BUFFER_FREE(dest);
+    return 0;
 }
 
 /* decompression */
 
-static z_stream *initdecompress(ssh_session session) {
-  z_stream *stream = NULL;
-  int status;
+static z_stream *
+initdecompress(ssh_session session)
+{
+    z_stream *stream = NULL;
+    int status;
 
-  stream = calloc(1, sizeof(z_stream));
-  if (stream == NULL) {
-    return NULL;
-  }
+    stream = calloc(1, sizeof(z_stream));
+    if (stream == NULL) {
+        return NULL;
+    }
 
-  status = inflateInit(stream);
-  if (status != Z_OK) {
-    SAFE_FREE(stream);
-    ssh_set_error(session, SSH_FATAL,
-        "Status = %d initiating inflate context!", status);
-    return NULL;
-  }
+    status = inflateInit(stream);
+    if (status != Z_OK) {
+        inflateEnd(stream);
+        SAFE_FREE(stream);
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Status = %d initiating inflate context!",
+                      status);
+        return NULL;
+    }
 
-  return stream;
+    return stream;
 }
 
-static ssh_buffer gzip_decompress(ssh_session session, ssh_buffer source, size_t maxlen)
+static ssh_buffer
+gzip_decompress(ssh_session session, ssh_buffer source, size_t maxlen)
 {
-  struct ssh_crypto_struct *crypto = NULL;
-  z_stream *zin = NULL;
-  void *in_ptr = ssh_buffer_get(source);
-  uint32_t in_size = ssh_buffer_get_len(source);
-  unsigned char out_buf[BLOCKSIZE] = {0};
-  ssh_buffer dest = NULL;
-  uint32_t len;
-  int status;
-
-  crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
-  if (crypto == NULL) {
-      return NULL;
-  }
-
-  zin = crypto->compress_in_ctx;
-  if (zin == NULL) {
-    zin = crypto->compress_in_ctx = initdecompress(session);
+    struct ssh_crypto_struct *crypto = NULL;
+    z_stream *zin = NULL;
+    void *in_ptr = ssh_buffer_get(source);
+    uint32_t in_size = ssh_buffer_get_len(source);
+    unsigned char out_buf[BLOCKSIZE] = {0};
+    ssh_buffer dest = NULL;
+    uint32_t len;
+    int status;
+
+    crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
+    if (crypto == NULL) {
+        return NULL;
+    }
+
+    zin = crypto->compress_in_ctx;
     if (zin == NULL) {
-      return NULL;
+        zin = crypto->compress_in_ctx = initdecompress(session);
+        if (zin == NULL) {
+            return NULL;
+        }
+    }
+
+    dest = ssh_buffer_new();
+    if (dest == NULL) {
+        return NULL;
     }
-  }
 
-  dest = ssh_buffer_new();
-  if (dest == NULL) {
-    return NULL;
-  }
+    zin->next_out = out_buf;
+    zin->next_in = in_ptr;
+    zin->avail_in = in_size;
+
+    do {
+        zin->avail_out = BLOCKSIZE;
+        status = inflate(zin, Z_PARTIAL_FLUSH);
+        if (status != Z_OK && status != Z_BUF_ERROR) {
+            ssh_set_error(session,
+                          SSH_FATAL,
+                          "status %d inflating zlib packet",
+                          status);
+            SSH_BUFFER_FREE(dest);
+            return NULL;
+        }
+
+        len = BLOCKSIZE - zin->avail_out;
+        if (ssh_buffer_add_data(dest, out_buf, len) < 0) {
+            SSH_BUFFER_FREE(dest);
+            return NULL;
+        }
+        if (ssh_buffer_get_len(dest) > maxlen) {
+            /* Size of packet exceeded, avoid a denial of service attack */
+            SSH_BUFFER_FREE(dest);
+            return NULL;
+        }
+        zin->next_out = out_buf;
+    } while (zin->avail_out == 0);
+
+    return dest;
+}
 
-  zin->next_out = out_buf;
-  zin->next_in = in_ptr;
-  zin->avail_in = in_size;
+int
+decompress_buffer(ssh_session session, ssh_buffer buf, size_t maxlen)
+{
+    ssh_buffer dest = NULL;
+    int rv;
 
-  do {
-    zin->avail_out = BLOCKSIZE;
-    status = inflate(zin, Z_PARTIAL_FLUSH);
-    if (status != Z_OK && status != Z_BUF_ERROR) {
-      ssh_set_error(session, SSH_FATAL,
-          "status %d inflating zlib packet", status);
-      SSH_BUFFER_FREE(dest);
-      return NULL;
+    dest = gzip_decompress(session, buf, maxlen);
+    if (dest == NULL) {
+        return -1;
     }
 
-    len = BLOCKSIZE - zin->avail_out;
-    if (ssh_buffer_add_data(dest,out_buf,len) < 0) {
-      SSH_BUFFER_FREE(dest);
-      return NULL;
+    if (ssh_buffer_reinit(buf) < 0) {
+        SSH_BUFFER_FREE(dest);
+        return -1;
     }
-    if (ssh_buffer_get_len(dest) > maxlen){
-      /* Size of packet exceeded, avoid a denial of service attack */
-      SSH_BUFFER_FREE(dest);
-      return NULL;
+
+    rv = ssh_buffer_add_data(buf,
+                             ssh_buffer_get(dest),
+                             ssh_buffer_get_len(dest));
+    if (rv < 0) {
+        SSH_BUFFER_FREE(dest);
+        return -1;
     }
-    zin->next_out = out_buf;
-  } while (zin->avail_out == 0);
 
-  return dest;
+    SSH_BUFFER_FREE(dest);
+    return 0;
 }
 
-int decompress_buffer(ssh_session session,ssh_buffer buf, size_t maxlen){
-  ssh_buffer dest = NULL;
+void
+compress_cleanup(struct ssh_crypto_struct *crypto)
+{
+    if (crypto->compress_out_ctx) {
+        deflateEnd(crypto->compress_out_ctx);
+    }
+    SAFE_FREE(crypto->compress_out_ctx);
 
-  dest = gzip_decompress(session,buf, maxlen);
-  if (dest == NULL) {
-    return -1;
-  }
+    if (crypto->compress_in_ctx) {
+        inflateEnd(crypto->compress_in_ctx);
+    }
+    SAFE_FREE(crypto->compress_in_ctx);
+}
+#else /* WITH_ZLIB */
 
-  if (ssh_buffer_reinit(buf) < 0) {
-    SSH_BUFFER_FREE(dest);
+int
+compress_buffer(UNUSED_PARAM(ssh_session session), UNUSED_PARAM(ssh_buffer buf))
+{
+    /* without zlib compiled in, this should never happen */
     return -1;
-  }
-
-  if (ssh_buffer_add_data(buf, ssh_buffer_get(dest), ssh_buffer_get_len(dest)) < 0) {
-    SSH_BUFFER_FREE(dest);
+}
+int
+decompress_buffer(UNUSED_PARAM(ssh_session session),
+                  UNUSED_PARAM(ssh_buffer buf),
+                  UNUSED_PARAM(size_t maxlen))
+{
+    /* without zlib compiled in, this should never happen */
     return -1;
-  }
+}
 
-  SSH_BUFFER_FREE(dest);
-  return 0;
+void
+compress_cleanup(UNUSED_PARAM(struct ssh_crypto_struct *crypto))
+{
+    /* no-op */
 }
+
+#endif /* WITH_ZLIB */
diff --git a/libssh/src/init.c b/libssh/src/init.c
index 7f184b9c..e516c331 100644
--- a/libssh/src/init.c
+++ b/libssh/src/init.c
@@ -22,6 +22,9 @@
  */
 
 #include "config.h"
+
+#include <stdio.h>
+
 #include "libssh/priv.h"
 #include "libssh/socket.h"
 #include "libssh/dh.h"
@@ -278,7 +281,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL,
  *
  * @see ssh_init()
  */
-bool is_ssh_initialized() {
+bool is_ssh_initialized(void) {
 
     bool is_initialized = false;
 
diff --git a/libssh/src/kdf.c b/libssh/src/kdf.c
index 44f06631..6bc477ce 100644
--- a/libssh/src/kdf.c
+++ b/libssh/src/kdf.c
@@ -58,65 +58,102 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
     }
 
     ctx->digest_type = type;
-    switch(type){
+    switch (type) {
     case SSH_KDF_SHA1:
         ctx->ctx.sha1_ctx = sha1_init();
+        if (ctx->ctx.sha1_ctx == NULL) {
+            goto err;
+        }
         return ctx;
     case SSH_KDF_SHA256:
         ctx->ctx.sha256_ctx = sha256_init();
+        if (ctx->ctx.sha256_ctx == NULL) {
+            goto err;
+        }
         return ctx;
     case SSH_KDF_SHA384:
         ctx->ctx.sha384_ctx = sha384_init();
+        if (ctx->ctx.sha384_ctx == NULL) {
+            goto err;
+        }
         return ctx;
     case SSH_KDF_SHA512:
         ctx->ctx.sha512_ctx = sha512_init();
+        if (ctx->ctx.sha512_ctx == NULL) {
+            goto err;
+        }
         return ctx;
-    default:
-        SAFE_FREE(ctx);
-        return NULL;
     }
+err:
+    SAFE_FREE(ctx);
+    return NULL;
 }
 
-static void ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
+static void ssh_mac_ctx_free(ssh_mac_ctx ctx)
 {
-    switch(ctx->digest_type){
+    if (ctx == NULL) {
+        return;
+    }
+
+    switch (ctx->digest_type) {
     case SSH_KDF_SHA1:
-        sha1_update(ctx->ctx.sha1_ctx, data, len);
+        sha1_ctx_free(ctx->ctx.sha1_ctx);
         break;
     case SSH_KDF_SHA256:
-        sha256_update(ctx->ctx.sha256_ctx, data, len);
+        sha256_ctx_free(ctx->ctx.sha256_ctx);
         break;
     case SSH_KDF_SHA384:
-        sha384_update(ctx->ctx.sha384_ctx, data, len);
+        sha384_ctx_free(ctx->ctx.sha384_ctx);
         break;
     case SSH_KDF_SHA512:
-        sha512_update(ctx->ctx.sha512_ctx, data, len);
+        sha512_ctx_free(ctx->ctx.sha512_ctx);
         break;
     }
+    SAFE_FREE(ctx);
 }
 
-static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
+static int ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
 {
-    switch(ctx->digest_type){
+    switch (ctx->digest_type) {
+    case SSH_KDF_SHA1:
+        return sha1_update(ctx->ctx.sha1_ctx, data, len);
+    case SSH_KDF_SHA256:
+        return sha256_update(ctx->ctx.sha256_ctx, data, len);
+    case SSH_KDF_SHA384:
+        return sha384_update(ctx->ctx.sha384_ctx, data, len);
+    case SSH_KDF_SHA512:
+        return sha512_update(ctx->ctx.sha512_ctx, data, len);
+    }
+    return SSH_ERROR;
+}
+
+static int ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
+{
+    int rc = SSH_ERROR;
+
+    switch (ctx->digest_type) {
     case SSH_KDF_SHA1:
-        sha1_final(md,ctx->ctx.sha1_ctx);
+        rc = sha1_final(md, ctx->ctx.sha1_ctx);
         break;
     case SSH_KDF_SHA256:
-        sha256_final(md,ctx->ctx.sha256_ctx);
+        rc = sha256_final(md, ctx->ctx.sha256_ctx);
         break;
     case SSH_KDF_SHA384:
-        sha384_final(md,ctx->ctx.sha384_ctx);
+        rc = sha384_final(md, ctx->ctx.sha384_ctx);
         break;
     case SSH_KDF_SHA512:
-        sha512_final(md,ctx->ctx.sha512_ctx);
+        rc = sha512_final(md, ctx->ctx.sha512_ctx);
         break;
     }
     SAFE_FREE(ctx);
+    return rc;
 }
 
 int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
-                      unsigned char *key, size_t key_len,
-                      uint8_t key_type, unsigned char *output,
+                      unsigned char *key,
+                      size_t key_len,
+                      uint8_t key_type,
+                      unsigned char *output,
                       size_t requested_len)
 {
     /* Can't use VLAs with Visual Studio, so allocate the biggest
@@ -124,6 +161,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
     unsigned char digest[DIGEST_MAX_LEN];
     size_t output_len = crypto->digest_len;
     ssh_mac_ctx ctx;
+    int rc;
 
     if (DIGEST_MAX_LEN < crypto->digest_len) {
         return -1;
@@ -134,11 +172,30 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
         return -1;
     }
 
-    ssh_mac_update(ctx, key, key_len);
-    ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
-    ssh_mac_update(ctx, &key_type, 1);
-    ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
-    ssh_mac_final(digest, ctx);
+    rc = ssh_mac_update(ctx, key, key_len);
+    if (rc != SSH_OK) {
+        ssh_mac_ctx_free(ctx);
+        return -1;
+    }
+    rc = ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
+    if (rc != SSH_OK) {
+        ssh_mac_ctx_free(ctx);
+        return -1;
+    }
+    rc = ssh_mac_update(ctx, &key_type, 1);
+    if (rc != SSH_OK) {
+        ssh_mac_ctx_free(ctx);
+        return -1;
+    }
+    rc = ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
+    if (rc != SSH_OK) {
+        ssh_mac_ctx_free(ctx);
+        return -1;
+    }
+    rc = ssh_mac_final(digest, ctx);
+    if (rc != SSH_OK) {
+        return -1;
+    }
 
     if (requested_len < output_len) {
         output_len = requested_len;
@@ -150,10 +207,25 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
         if (ctx == NULL) {
             return -1;
         }
-        ssh_mac_update(ctx, key, key_len);
-        ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
-        ssh_mac_update(ctx, output, output_len);
-        ssh_mac_final(digest, ctx);
+        rc = ssh_mac_update(ctx, key, key_len);
+        if (rc != SSH_OK) {
+            ssh_mac_ctx_free(ctx);
+            return -1;
+        }
+        rc = ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
+        if (rc != SSH_OK) {
+            ssh_mac_ctx_free(ctx);
+            return -1;
+        }
+        rc = ssh_mac_update(ctx, output, output_len);
+        if (rc != SSH_OK) {
+            ssh_mac_ctx_free(ctx);
+            return -1;
+        }
+        rc = ssh_mac_final(digest, ctx);
+        if (rc != SSH_OK) {
+            return -1;
+        }
         if (requested_len < output_len + crypto->digest_len) {
             memcpy(output + output_len, digest, requested_len - output_len);
         } else {
diff --git a/libssh/src/kex.c b/libssh/src/kex.c
index 192eb881..29e43571 100644
--- a/libssh/src/kex.c
+++ b/libssh/src/kex.c
@@ -28,6 +28,7 @@
 #include <stdio.h>
 #include <stdbool.h>
 
+#include "libssh/libssh.h"
 #include "libssh/priv.h"
 #include "libssh/buffer.h"
 #include "libssh/dh.h"
@@ -45,22 +46,17 @@
 #include "libssh/bignum.h"
 #include "libssh/token.h"
 
-#ifdef WITH_BLOWFISH_CIPHER
-# if defined(HAVE_OPENSSL_BLOWFISH_H) || defined(HAVE_LIBGCRYPT) || defined(HAVE_LIBMBEDCRYPTO)
-#  define BLOWFISH "blowfish-cbc,"
-# else
-#  define BLOWFISH ""
-# endif
+#ifdef HAVE_BLOWFISH
+# define BLOWFISH ",blowfish-cbc"
 #else
 # define BLOWFISH ""
 #endif
 
 #ifdef HAVE_LIBGCRYPT
 # define AES "aes256-gcm@openssh.com,aes128-gcm@openssh.com," \
-             "aes256-ctr,aes192-ctr,aes128-ctr,"
-# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
-# define DES "3des-cbc"
-# define DES_SUPPORTED "3des-cbc"
+             "aes256-ctr,aes192-ctr,aes128-ctr"
+# define AES_CBC ",aes256-cbc,aes192-cbc,aes128-cbc"
+# define DES_SUPPORTED ",3des-cbc"
 
 #elif defined(HAVE_LIBMBEDCRYPTO)
 # ifdef MBEDTLS_GCM_C
@@ -68,29 +64,29 @@
 # else
 #  define GCM ""
 # endif /* MBEDTLS_GCM_C */
-# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
-# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
-# define DES "3des-cbc"
-# define DES_SUPPORTED "3des-cbc"
+# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr"
+# define AES_CBC ",aes256-cbc,aes192-cbc,aes128-cbc"
+# define DES_SUPPORTED ",3des-cbc"
 
 #elif defined(HAVE_LIBCRYPTO)
 # ifdef HAVE_OPENSSL_AES_H
 #  define GCM "aes256-gcm@openssh.com,aes128-gcm@openssh.com,"
-#  define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
-#  define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
+#  define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr"
+#  define AES_CBC ",aes256-cbc,aes192-cbc,aes128-cbc"
 # else /* HAVE_OPENSSL_AES_H */
 #  define AES ""
 #  define AES_CBC ""
 # endif /* HAVE_OPENSSL_AES_H */
 
-# define DES "3des-cbc"
-# define DES_SUPPORTED "3des-cbc"
+# define DES_SUPPORTED ",3des-cbc"
 #endif /* HAVE_LIBCRYPTO */
 
 #ifdef WITH_ZLIB
 #define ZLIB "none,zlib@openssh.com,zlib"
+#define ZLIB_DEFAULT "none,zlib@openssh.com"
 #else
 #define ZLIB "none"
+#define ZLIB_DEFAULT "none"
 #endif /* WITH_ZLIB */
 
 #ifdef HAVE_CURVE25519
@@ -99,25 +95,24 @@
 #define CURVE25519 ""
 #endif /* HAVE_CURVE25519 */
 
-#ifdef HAVE_ECDH
+#ifdef HAVE_ECC
 #define ECDH "ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,"
-#define EC_HOSTKEYS "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,"
-#define EC_PUBLIC_KEY_ALGORITHMS "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
+#define EC_HOSTKEYS "ecdsa-sha2-nistp521," \
+                    "ecdsa-sha2-nistp384," \
+                    "ecdsa-sha2-nistp256,"
+#define EC_SK_HOSTKEYS "sk-ecdsa-sha2-nistp256@openssh.com,"
+#define EC_FIPS_PUBLIC_KEY_ALGOS "ecdsa-sha2-nistp521-cert-v01@openssh.com," \
                                  "ecdsa-sha2-nistp384-cert-v01@openssh.com," \
                                  "ecdsa-sha2-nistp256-cert-v01@openssh.com,"
+#define EC_PUBLIC_KEY_ALGORITHMS EC_FIPS_PUBLIC_KEY_ALGOS \
+                                 "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,"
 #else
+#define ECDH ""
 #define EC_HOSTKEYS ""
+#define EC_SK_HOSTKEYS ""
+#define EC_FIPS_PUBLIC_KEY_ALGOS ""
 #define EC_PUBLIC_KEY_ALGORITHMS ""
-#define ECDH ""
-#endif /* HAVE_ECDH */
-
-#ifdef HAVE_DSA
-#define DSA_HOSTKEYS ",ssh-dss"
-#define DSA_PUBLIC_KEY_ALGORITHMS ",ssh-dss-cert-v01@openssh.com"
-#else
-#define DSA_HOSTKEYS ""
-#define DSA_PUBLIC_KEY_ALGORITHMS ""
-#endif /* HAVE_DSA */
+#endif /* HAVE_ECC */
 
 #ifdef WITH_INSECURE_NONE
 #define NONE ",none"
@@ -127,21 +122,24 @@
 
 #define HOSTKEYS "ssh-ed25519," \
                  EC_HOSTKEYS \
+                 "sk-ssh-ed25519@openssh.com," \
+                 EC_SK_HOSTKEYS \
                  "rsa-sha2-512," \
                  "rsa-sha2-256," \
-                 "ssh-rsa" \
-                 DSA_HOSTKEYS
+                 "ssh-rsa"
 #define DEFAULT_HOSTKEYS "ssh-ed25519," \
                          EC_HOSTKEYS \
+                         "sk-ssh-ed25519@openssh.com," \
+                         EC_SK_HOSTKEYS \
                          "rsa-sha2-512," \
                          "rsa-sha2-256"
 
 #define PUBLIC_KEY_ALGORITHMS "ssh-ed25519-cert-v01@openssh.com," \
+                              "sk-ssh-ed25519-cert-v01@openssh.com," \
                               EC_PUBLIC_KEY_ALGORITHMS \
                               "rsa-sha2-512-cert-v01@openssh.com," \
                               "rsa-sha2-256-cert-v01@openssh.com," \
-                              "ssh-rsa-cert-v01@openssh.com" \
-                              DSA_PUBLIC_KEY_ALGORITHMS "," \
+                              "ssh-rsa-cert-v01@openssh.com," \
                               HOSTKEYS
 #define DEFAULT_PUBLIC_KEY_ALGORITHMS "ssh-ed25519-cert-v01@openssh.com," \
                                       EC_PUBLIC_KEY_ALGORITHMS \
@@ -173,6 +171,9 @@
 
 /* RFC 8308 */
 #define KEX_EXTENSION_CLIENT "ext-info-c"
+/* Strict kex mitigation against CVE-2023-48795 */
+#define KEX_STRICT_CLIENT "kex-strict-c-v00@openssh.com"
+#define KEX_STRICT_SERVER "kex-strict-s-v00@openssh.com"
 
 /* Allowed algorithms in FIPS mode */
 #define FIPS_ALLOWED_CIPHERS "aes256-gcm@openssh.com,"\
@@ -186,7 +187,7 @@
                               "rsa-sha2-512," \
                               "rsa-sha2-256"
 
-#define FIPS_ALLOWED_PUBLIC_KEY_ALGORITHMS EC_PUBLIC_KEY_ALGORITHMS \
+#define FIPS_ALLOWED_PUBLIC_KEY_ALGORITHMS EC_FIPS_PUBLIC_KEY_ALGOS \
                                            "rsa-sha2-512-cert-v01@openssh.com," \
                                            "rsa-sha2-256-cert-v01@openssh.com," \
                                            FIPS_ALLOWED_HOSTKEYS
@@ -214,8 +215,8 @@ static const char *fips_methods[] = {
     FIPS_ALLOWED_CIPHERS,
     FIPS_ALLOWED_MACS,
     FIPS_ALLOWED_MACS,
-    ZLIB,
-    ZLIB,
+    ZLIB_DEFAULT,
+    ZLIB_DEFAULT,
     "",
     "",
     NULL
@@ -229,8 +230,8 @@ static const char *default_methods[] = {
     CHACHA20 AES,
     "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
     "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
-    ZLIB,
-    ZLIB,
+    ZLIB_DEFAULT,
+    ZLIB_DEFAULT,
     "",
     "",
     NULL
@@ -312,10 +313,14 @@ static int cmp_first_kex_algo(const char *client_str,
     size_t client_kex_len;
     size_t server_kex_len;
 
-    char *colon;
+    char *colon = NULL;
 
     int is_wrong = 1;
 
+    if (client_str == NULL || server_str == NULL) {
+        return is_wrong;
+    }
+
     colon = strchr(client_str, ',');
     if (colon == NULL) {
         client_kex_len = strlen(client_str);
@@ -342,10 +347,10 @@ static int cmp_first_kex_algo(const char *client_str,
 SSH_PACKET_CALLBACK(ssh_packet_kexinit)
 {
     int i, ok;
+    struct ssh_crypto_struct *crypto = session->next_crypto;
     int server_kex = session->server;
     ssh_string str = NULL;
     char *strings[SSH_KEX_METHODS] = {0};
-    char *rsa_sig_ext = NULL;
     int rc = SSH_ERROR;
     size_t len;
 
@@ -355,35 +360,67 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
     (void)type;
     (void)user;
 
+    SSH_LOG(SSH_LOG_TRACE, "KEXINIT received");
+
     if (session->session_state == SSH_SESSION_STATE_AUTHENTICATED) {
-        SSH_LOG(SSH_LOG_INFO, "Initiating key re-exchange");
+        if (session->dh_handshake_state == DH_STATE_FINISHED) {
+            SSH_LOG(SSH_LOG_DEBUG, "Peer initiated key re-exchange");
+            /* Reset the sent flag if the re-kex was initiated by the peer */
+            session->flags &= ~SSH_SESSION_FLAG_KEXINIT_SENT;
+        } else if (session->flags & SSH_SESSION_FLAG_KEXINIT_SENT &&
+                   session->dh_handshake_state == DH_STATE_INIT_SENT) {
+            /* This happens only when we are sending our-guessed first kex
+             * packet right after our KEXINIT packet. */
+            SSH_LOG(SSH_LOG_DEBUG, "Received peer kexinit answer.");
+        } else if (session->session_state != SSH_SESSION_STATE_INITIAL_KEX) {
+            ssh_set_error(session, SSH_FATAL,
+                          "SSH_KEXINIT received in wrong state");
+            goto error;
+        }
     } else if (session->session_state != SSH_SESSION_STATE_INITIAL_KEX) {
-        ssh_set_error(session,SSH_FATAL,"SSH_KEXINIT received in wrong state");
+        ssh_set_error(session, SSH_FATAL,
+                      "SSH_KEXINIT received in wrong state");
         goto error;
     }
 
     if (server_kex) {
-        len = ssh_buffer_get_data(packet,session->next_crypto->client_kex.cookie, 16);
+#ifdef WITH_SERVER
+        len = ssh_buffer_get_data(packet, crypto->client_kex.cookie, 16);
         if (len != 16) {
-            ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet");
+            ssh_set_error(session, SSH_FATAL,
+                          "ssh_packet_kexinit: no cookie in packet");
             goto error;
         }
 
-        ok = ssh_hashbufin_add_cookie(session, session->next_crypto->client_kex.cookie);
+        ok = ssh_hashbufin_add_cookie(session, crypto->client_kex.cookie);
         if (ok < 0) {
-            ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
+            ssh_set_error(session, SSH_FATAL,
+                          "ssh_packet_kexinit: adding cookie failed");
+            goto error;
+        }
+
+        ok = server_set_kex(session);
+        if (ok == SSH_ERROR) {
             goto error;
         }
+#endif /* WITH_SERVER */
     } else {
-        len = ssh_buffer_get_data(packet,session->next_crypto->server_kex.cookie, 16);
+        len = ssh_buffer_get_data(packet, crypto->server_kex.cookie, 16);
         if (len != 16) {
-            ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: no cookie in packet");
+            ssh_set_error(session, SSH_FATAL,
+                          "ssh_packet_kexinit: no cookie in packet");
             goto error;
         }
 
-        ok = ssh_hashbufin_add_cookie(session, session->next_crypto->server_kex.cookie);
+        ok = ssh_hashbufin_add_cookie(session, crypto->server_kex.cookie);
         if (ok < 0) {
-            ssh_set_error(session, SSH_FATAL, "ssh_packet_kexinit: adding cookie failed");
+            ssh_set_error(session, SSH_FATAL,
+                          "ssh_packet_kexinit: adding cookie failed");
+            goto error;
+        }
+
+        ok = ssh_set_client_kex(session);
+        if (ok == SSH_ERROR) {
             goto error;
         }
     }
@@ -396,7 +433,8 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
 
         rc = ssh_buffer_add_ssh_string(session->in_hashbuf, str);
         if (rc < 0) {
-            ssh_set_error(session, SSH_FATAL, "Error adding string in hash buffer");
+            ssh_set_error(session, SSH_FATAL,
+                          "Error adding string in hash buffer");
             goto error;
         }
 
@@ -409,14 +447,16 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
         str = NULL;
     }
 
-    /* copy the server kex info into an array of strings */
+    /* copy the peer kex info into an array of strings */
     if (server_kex) {
+#ifdef WITH_SERVER
         for (i = 0; i < SSH_KEX_METHODS; i++) {
-            session->next_crypto->client_kex.methods[i] = strings[i];
+            crypto->client_kex.methods[i] = strings[i];
         }
+#endif /* WITH_SERVER */
     } else { /* client */
         for (i = 0; i < SSH_KEX_METHODS; i++) {
-            session->next_crypto->server_kex.methods[i] = strings[i];
+            crypto->server_kex.methods[i] = strings[i];
         }
     }
 
@@ -430,30 +470,70 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
      * that its value is included when computing the session ID (see
      * 'make_sessionid').
      */
-    if (server_kex) {
-        rc = ssh_buffer_get_u8(packet, &first_kex_packet_follows);
-        if (rc != 1) {
-            goto error;
-        }
 
-        rc = ssh_buffer_add_u8(session->in_hashbuf, first_kex_packet_follows);
-        if (rc < 0) {
-            goto error;
-        }
+    rc = ssh_buffer_get_u8(packet, &first_kex_packet_follows);
+    if (rc != 1) {
+        goto error;
+    }
 
-        rc = ssh_buffer_add_u32(session->in_hashbuf, kexinit_reserved);
-        if (rc < 0) {
-            goto error;
-        }
+    rc = ssh_buffer_add_u8(session->in_hashbuf, first_kex_packet_follows);
+    if (rc < 0) {
+        goto error;
+    }
 
+    rc = ssh_buffer_add_u32(session->in_hashbuf, kexinit_reserved);
+    if (rc < 0) {
+        goto error;
+    }
+
+    /*
+     * Remember whether 'first_kex_packet_follows' was set and the client
+     * guess was wrong: in this case the next SSH_MSG_KEXDH_INIT message
+     * must be ignored on the server side.
+     * Client needs to start the Key exchange over with the correct method
+     */
+    if (first_kex_packet_follows || session->send_first_kex_follows) {
+        char **client_methods = crypto->client_kex.methods;
+        char **server_methods = crypto->server_kex.methods;
+        session->first_kex_follows_guess_wrong =
+            cmp_first_kex_algo(client_methods[SSH_KEX],
+                               server_methods[SSH_KEX]) ||
+            cmp_first_kex_algo(client_methods[SSH_HOSTKEYS],
+                               server_methods[SSH_HOSTKEYS]);
+            SSH_LOG(SSH_LOG_DEBUG, "The initial guess was %s.",
+                    session->first_kex_follows_guess_wrong ? "wrong" : "right");
+    }
+
+    /*
+     * handle the "strict KEX" feature. If supported by peer, then set up the
+     * flag and verify packet sequence numbers.
+     */
+    if (server_kex) {
+        ok = match_group(crypto->client_kex.methods[SSH_KEX],
+                         KEX_STRICT_CLIENT);
+        if (ok) {
+            SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
+            session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
+        }
+    } else {
+        /* client kex */
+        ok = match_group(crypto->server_kex.methods[SSH_KEX],
+                         KEX_STRICT_SERVER);
+        if (ok) {
+            SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
+            session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
+        }
+    }
+#ifdef WITH_SERVER
+    if (server_kex) {
         /*
          * If client sent a ext-info-c message in the kex list, it supports
          * RFC 8308 extension negotiation.
          */
-        ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
-                             KEX_EXTENSION_CLIENT);
+        ok = match_group(crypto->client_kex.methods[SSH_KEX],
+                         KEX_EXTENSION_CLIENT);
         if (ok) {
-            const char *hostkeys = NULL;
+            const char *hostkeys = NULL, *wanted_hostkeys = NULL;
 
             /* The client supports extension negotiation */
             session->extensions |= SSH_EXT_NEGOTIATION;
@@ -463,27 +543,26 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
              * by the client and enable the respective extensions to provide
              * correct signature in the next packet if RSA is negotiated
              */
-            hostkeys = session->next_crypto->client_kex.methods[SSH_HOSTKEYS];
-            ok = ssh_match_group(hostkeys, "rsa-sha2-512");
+            hostkeys = crypto->client_kex.methods[SSH_HOSTKEYS];
+            wanted_hostkeys = session->opts.wanted_methods[SSH_HOSTKEYS];
+            ok = match_group(hostkeys, "rsa-sha2-512");
             if (ok) {
                 /* Check if rsa-sha2-512 is allowed by config */
-                if (session->opts.wanted_methods[SSH_HOSTKEYS] != NULL) {
-                    char *is_allowed =
-                        ssh_find_matching(session->opts.wanted_methods[SSH_HOSTKEYS],
-                                          "rsa-sha2-512");
+                if (wanted_hostkeys != NULL) {
+                    char *is_allowed = ssh_find_matching(wanted_hostkeys,
+                                                         "rsa-sha2-512");
                     if (is_allowed != NULL) {
                         session->extensions |= SSH_EXT_SIG_RSA_SHA512;
                     }
                     SAFE_FREE(is_allowed);
                 }
             }
-            ok = ssh_match_group(hostkeys, "rsa-sha2-256");
+            ok = match_group(hostkeys, "rsa-sha2-256");
             if (ok) {
                 /* Check if rsa-sha2-256 is allowed by config */
-                if (session->opts.wanted_methods[SSH_HOSTKEYS] != NULL) {
-                    char *is_allowed =
-                        ssh_find_matching(session->opts.wanted_methods[SSH_HOSTKEYS],
-                                          "rsa-sha2-256");
+                if (wanted_hostkeys != NULL) {
+                    char *is_allowed = ssh_find_matching(wanted_hostkeys,
+                                                         "rsa-sha2-256");
                     if (is_allowed != NULL) {
                         session->extensions |= SSH_EXT_SIG_RSA_SHA256;
                     }
@@ -497,9 +576,10 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
              */
             if ((session->extensions & SSH_EXT_SIG_RSA_SHA256) &&
                 (session->extensions & SSH_EXT_SIG_RSA_SHA512)) {
+                char *rsa_sig_ext = NULL;
                 session->extensions &= ~(SSH_EXT_SIG_RSA_SHA256 | SSH_EXT_SIG_RSA_SHA512);
                 rsa_sig_ext = ssh_find_matching("rsa-sha2-512,rsa-sha2-256",
-                                                session->next_crypto->client_kex.methods[SSH_HOSTKEYS]);
+                                                hostkeys);
                 if (rsa_sig_ext == NULL) {
                     goto error; /* should never happen */
                 } else if (strcmp(rsa_sig_ext, "rsa-sha2-512") == 0) {
@@ -518,24 +598,17 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
                     session->extensions & SSH_EXT_SIG_RSA_SHA256 ? "SHA256" : "",
                     session->extensions & SSH_EXT_SIG_RSA_SHA512 ? " SHA512" : "");
         }
-
-        /*
-         * Remember whether 'first_kex_packet_follows' was set and the client
-         * guess was wrong: in this case the next SSH_MSG_KEXDH_INIT message
-         * must be ignored.
-         */
-        if (first_kex_packet_follows) {
-          session->first_kex_follows_guess_wrong =
-            cmp_first_kex_algo(session->next_crypto->client_kex.methods[SSH_KEX],
-                               session->next_crypto->server_kex.methods[SSH_KEX]) ||
-            cmp_first_kex_algo(session->next_crypto->client_kex.methods[SSH_HOSTKEYS],
-                               session->next_crypto->server_kex.methods[SSH_HOSTKEYS]);
-        }
     }
+#endif /* WITH_SERVER */
 
     /* Note, that his overwrites authenticated state in case of rekeying */
     session->session_state = SSH_SESSION_STATE_KEXINIT_RECEIVED;
-    session->dh_handshake_state = DH_STATE_INIT;
+    /* if we already sent our initial key exchange packet, do not reset the
+     * DH state. We will know if we were right with our guess only in
+     * dh_handshake_state() */
+    if (session->send_first_kex_follows == false) {
+        session->dh_handshake_state = DH_STATE_INIT;
+    }
     session->ssh_connection_callback(session);
     return SSH_PACKET_USED;
 
@@ -543,7 +616,9 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
     SSH_STRING_FREE(str);
     for (i = 0; i < SSH_KEX_METHODS; i++) {
         if (server_kex) {
+#ifdef WITH_SERVER
             session->next_crypto->client_kex.methods[i] = NULL;
+#endif /* WITH_SERVER */
         } else { /* client */
             session->next_crypto->server_kex.methods[i] = NULL;
         }
@@ -601,7 +676,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
     /* This removes the certificate types, unsupported for now */
     wanted_without_certs = ssh_find_all_matching(HOSTKEYS, wanted);
     if (wanted_without_certs == NULL) {
-        SSH_LOG(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_TRACE,
                 "List of allowed host key algorithms is empty or contains only "
                 "unsupported algorithms");
         return NULL;
@@ -654,7 +729,7 @@ char *ssh_client_select_hostkeys(ssh_session session)
         fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, new_hostkeys);
         SAFE_FREE(new_hostkeys);
         if (fips_hostkeys == NULL) {
-            SSH_LOG(SSH_LOG_WARNING,
+            SSH_LOG(SSH_LOG_TRACE,
                     "None of the wanted host keys or keys in known_hosts files "
                     "is allowed in FIPS mode.");
             return NULL;
@@ -676,12 +751,15 @@ char *ssh_client_select_hostkeys(ssh_session session)
 int ssh_set_client_kex(ssh_session session)
 {
     struct ssh_kex_struct *client = &session->next_crypto->client_kex;
-    const char *wanted;
-    char *kex = NULL;
-    char *kex_tmp = NULL;
+    const char *wanted = NULL;
     int ok;
     int i;
-    size_t kex_len, len;
+
+    /* Skip if already set, for example for the rekey or when we do the guessing
+     * it could have been already used to make some protocol decisions. */
+    if (client->methods[0] != NULL) {
+        return SSH_OK;
+    }
 
     ok = ssh_get_random(client->cookie, 16, 0);
     if (!ok) {
@@ -689,8 +767,6 @@ int ssh_set_client_kex(ssh_session session)
         return SSH_ERROR;
     }
 
-    memset(client->methods, 0, SSH_KEX_METHODS * sizeof(char **));
-
     /* Set the list of allowed algorithms in order of preference, if it hadn't
      * been set yet. */
     for (i = 0; i < SSH_KEX_METHODS; i++) {
@@ -726,23 +802,52 @@ int ssh_set_client_kex(ssh_session session)
         return SSH_OK;
     }
 
-    /* Here we append  ext-info-c  to the list of kex algorithms */
-    kex = client->methods[SSH_KEX];
+    ok = ssh_kex_append_extensions(session, client);
+    if (ok != SSH_OK){
+        return ok;
+    }
+
+    return SSH_OK;
+}
+
+int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex)
+{
+    char *kex = NULL;
+    char *kex_tmp = NULL;
+    size_t kex_len, len;
+
+    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com for client
+     * and kex-strict-s-v00@openssh.com for server to the list of kex algorithms
+     */
+    kex = pkex->methods[SSH_KEX];
     len = strlen(kex);
-    if (len + strlen(KEX_EXTENSION_CLIENT) + 2 < len) {
+    if (session->server) {
+        /* Comma, nul byte */
+        kex_len = len + 1 + strlen(KEX_STRICT_SERVER) + 1;
+    } else {
+        /* Comma, comma, nul byte */
+        kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 +
+                  strlen(KEX_STRICT_CLIENT) + 1;
+    }
+    if (kex_len >= MAX_PACKET_LEN) {
         /* Overflow */
         return SSH_ERROR;
     }
-    kex_len = len + strlen(KEX_EXTENSION_CLIENT) + 2; /* comma, NULL */
     kex_tmp = realloc(kex, kex_len);
     if (kex_tmp == NULL) {
-        free(kex);
         ssh_set_error_oom(session);
         return SSH_ERROR;
     }
-    snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_EXTENSION_CLIENT);
-    client->methods[SSH_KEX] = kex_tmp;
-
+    if (session->server){
+        snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_STRICT_SERVER);
+    } else {
+        snprintf(kex_tmp + len,
+                 kex_len - len,
+                 ",%s,%s",
+                 KEX_EXTENSION_CLIENT,
+                 KEX_STRICT_CLIENT);
+    }
+    pkex->methods[SSH_KEX] = kex_tmp;
     return SSH_OK;
 }
 
@@ -760,71 +865,142 @@ static const char *ssh_find_aead_hmac(const char *cipher)
     return NULL;
 }
 
+static enum ssh_key_exchange_e
+kex_select_kex_type(const char *kex)
+{
+    if (strcmp(kex, "diffie-hellman-group1-sha1") == 0) {
+        return SSH_KEX_DH_GROUP1_SHA1;
+    } else if (strcmp(kex, "diffie-hellman-group14-sha1") == 0) {
+        return SSH_KEX_DH_GROUP14_SHA1;
+    } else if (strcmp(kex, "diffie-hellman-group14-sha256") == 0) {
+        return SSH_KEX_DH_GROUP14_SHA256;
+    } else if (strcmp(kex, "diffie-hellman-group16-sha512") == 0) {
+        return SSH_KEX_DH_GROUP16_SHA512;
+    } else if (strcmp(kex, "diffie-hellman-group18-sha512") == 0) {
+        return SSH_KEX_DH_GROUP18_SHA512;
+#ifdef WITH_GEX
+    } else if (strcmp(kex, "diffie-hellman-group-exchange-sha1") == 0) {
+        return SSH_KEX_DH_GEX_SHA1;
+    } else if (strcmp(kex, "diffie-hellman-group-exchange-sha256") == 0) {
+        return SSH_KEX_DH_GEX_SHA256;
+#endif /* WITH_GEX */
+    } else if (strcmp(kex, "ecdh-sha2-nistp256") == 0) {
+        return SSH_KEX_ECDH_SHA2_NISTP256;
+    } else if (strcmp(kex, "ecdh-sha2-nistp384") == 0) {
+        return SSH_KEX_ECDH_SHA2_NISTP384;
+    } else if (strcmp(kex, "ecdh-sha2-nistp521") == 0) {
+        return SSH_KEX_ECDH_SHA2_NISTP521;
+    } else if (strcmp(kex, "curve25519-sha256@libssh.org") == 0) {
+        return SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG;
+    } else if (strcmp(kex, "curve25519-sha256") == 0) {
+        return SSH_KEX_CURVE25519_SHA256;
+    }
+    /* should not happen. We should be getting only valid names at this stage */
+    return 0;
+}
+
+
+/** @internal
+ * @brief Reverts guessed callbacks set during the dh_handshake()
+ * @param session session handle
+ * @returns void
+ */
+static void revert_kex_callbacks(ssh_session session)
+{
+    switch (session->next_crypto->kex_type) {
+    case SSH_KEX_DH_GROUP1_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA1:
+    case SSH_KEX_DH_GROUP14_SHA256:
+    case SSH_KEX_DH_GROUP16_SHA512:
+    case SSH_KEX_DH_GROUP18_SHA512:
+        ssh_client_dh_remove_callbacks(session);
+        break;
+#ifdef WITH_GEX
+    case SSH_KEX_DH_GEX_SHA1:
+    case SSH_KEX_DH_GEX_SHA256:
+        ssh_client_dhgex_remove_callbacks(session);
+        break;
+#endif /* WITH_GEX */
+#ifdef HAVE_ECDH
+    case SSH_KEX_ECDH_SHA2_NISTP256:
+    case SSH_KEX_ECDH_SHA2_NISTP384:
+    case SSH_KEX_ECDH_SHA2_NISTP521:
+        ssh_client_ecdh_remove_callbacks(session);
+        break;
+#endif
+#ifdef HAVE_CURVE25519
+    case SSH_KEX_CURVE25519_SHA256:
+    case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
+        ssh_client_curve25519_remove_callbacks(session);
+        break;
+#endif
+    }
+}
+
 /** @brief Select the different methods on basis of client's and
  * server's kex messages, and watches out if a match is possible.
  */
 int ssh_kex_select_methods (ssh_session session)
 {
-    struct ssh_kex_struct *server = &session->next_crypto->server_kex;
-    struct ssh_kex_struct *client = &session->next_crypto->client_kex;
+    struct ssh_crypto_struct *crypto = session->next_crypto;
+    struct ssh_kex_struct *server = &crypto->server_kex;
+    struct ssh_kex_struct *client = &crypto->client_kex;
     char *ext_start = NULL;
     const char *aead_hmac = NULL;
+    enum ssh_key_exchange_e kex_type;
     int i;
 
-    /* Here we should drop the  ext-info-c  from the list so we avoid matching.
+    /* Here we should drop the extensions from the list so we avoid matching.
      * it. We added it to the end, so we can just truncate the string here */
-    ext_start = strstr(client->methods[SSH_KEX], ","KEX_EXTENSION_CLIENT);
-    if (ext_start != NULL) {
-        ext_start[0] = '\0';
+    if (session->client) {
+        ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT);
+        if (ext_start != NULL) {
+            ext_start[0] = '\0';
+        }
+    }
+    if (session->server) {
+        ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER);
+        if (ext_start != NULL) {
+            ext_start[0] = '\0';
+        }
     }
 
     for (i = 0; i < SSH_KEX_METHODS; i++) {
-        session->next_crypto->kex_methods[i]=ssh_find_matching(server->methods[i],client->methods[i]);
+        crypto->kex_methods[i] = ssh_find_matching(server->methods[i],
+                                                   client->methods[i]);
 
         if (i == SSH_MAC_C_S || i == SSH_MAC_S_C) {
-            aead_hmac = ssh_find_aead_hmac(session->next_crypto->kex_methods[i-2]);
+            aead_hmac = ssh_find_aead_hmac(crypto->kex_methods[i - 2]);
             if (aead_hmac) {
-                free(session->next_crypto->kex_methods[i]);
-                session->next_crypto->kex_methods[i] = strdup(aead_hmac);
+                free(crypto->kex_methods[i]);
+                crypto->kex_methods[i] = strdup(aead_hmac);
             }
         }
-        if (session->next_crypto->kex_methods[i] == NULL && i < SSH_LANG_C_S){
-            ssh_set_error(session,SSH_FATAL,"kex error : no match for method %s: server [%s], client [%s]",
-                    ssh_kex_descriptions[i],server->methods[i],client->methods[i]);
+        if (crypto->kex_methods[i] == NULL && i < SSH_LANG_C_S) {
+            ssh_set_error(session, SSH_FATAL,
+                          "kex error : no match for method %s: server [%s], "
+                          "client [%s]", ssh_kex_descriptions[i],
+                          server->methods[i], client->methods[i]);
             return SSH_ERROR;
-        } else if ((i >= SSH_LANG_C_S) && (session->next_crypto->kex_methods[i] == NULL)) {
+        } else if ((i >= SSH_LANG_C_S) && (crypto->kex_methods[i] == NULL)) {
             /* we can safely do that for languages */
-            session->next_crypto->kex_methods[i] = strdup("");
+            crypto->kex_methods[i] = strdup("");
         }
     }
-    if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group1-sha1") == 0){
-      session->next_crypto->kex_type=SSH_KEX_DH_GROUP1_SHA1;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha1") == 0){
-      session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA1;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha256") == 0){
-      session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA256;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group16-sha512") == 0){
-      session->next_crypto->kex_type=SSH_KEX_DH_GROUP16_SHA512;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group18-sha512") == 0){
-      session->next_crypto->kex_type=SSH_KEX_DH_GROUP18_SHA512;
-#ifdef WITH_GEX
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group-exchange-sha1") == 0){
-      session->next_crypto->kex_type=SSH_KEX_DH_GEX_SHA1;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group-exchange-sha256") == 0){
-        session->next_crypto->kex_type=SSH_KEX_DH_GEX_SHA256;
-#endif /* WITH_GEX */
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
-      session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP256;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp384") == 0){
-      session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP384;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp521") == 0){
-      session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP521;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256@libssh.org") == 0){
-      session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG;
-    } else if (strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256") == 0){
-      session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256;
-    }
-    SSH_LOG(SSH_LOG_INFO, "Negotiated %s,%s,%s,%s,%s,%s,%s,%s,%s,%s",
+
+    /* We can not set this value directly as the old value is needed to revert
+     * callbacks if we are client */
+    kex_type = kex_select_kex_type(crypto->kex_methods[SSH_KEX]);
+    if (session->client && session->first_kex_follows_guess_wrong) {
+        SSH_LOG(SSH_LOG_DEBUG, "Our guess was wrong. Restarting the KEX");
+        /* We need to remove the wrong callbacks and start kex again */
+        revert_kex_callbacks(session);
+        session->dh_handshake_state = DH_STATE_INIT;
+        session->first_kex_follows_guess_wrong = false;
+    }
+    crypto->kex_type = kex_type;
+
+    SSH_LOG(SSH_LOG_DEBUG, "Negotiated %s,%s,%s,%s,%s,%s,%s,%s,%s,%s",
             session->next_crypto->kex_methods[SSH_KEX],
             session->next_crypto->kex_methods[SSH_HOSTKEYS],
             session->next_crypto->kex_methods[SSH_CRYPT_C_S],
@@ -841,63 +1017,116 @@ int ssh_kex_select_methods (ssh_session session)
 
 
 /* this function only sends the predefined set of kex methods */
-int ssh_send_kex(ssh_session session, int server_kex)
+int ssh_send_kex(ssh_session session)
 {
-  struct ssh_kex_struct *kex = (server_kex ? &session->next_crypto->server_kex :
-      &session->next_crypto->client_kex);
-  ssh_string str = NULL;
-  int i;
-  int rc;
-
-  rc = ssh_buffer_pack(session->out_buffer,
-                       "bP",
-                       SSH2_MSG_KEXINIT,
-                       16,
-                       kex->cookie); /* cookie */
-  if (rc != SSH_OK)
-    goto error;
-  if (ssh_hashbufout_add_cookie(session) < 0) {
-    goto error;
-  }
+    struct ssh_kex_struct *kex = (session->server ?
+        &session->next_crypto->server_kex :
+        &session->next_crypto->client_kex);
+    ssh_string str = NULL;
+    int i;
+    int rc;
+    int first_kex_packet_follows = 0;
+
+    /* Only client can initiate the handshake methods we implement. If we
+     * already received the peer mechanisms, there is no point in guessing */
+    if (session->client &&
+        session->session_state != SSH_SESSION_STATE_KEXINIT_RECEIVED &&
+        session->send_first_kex_follows) {
+        first_kex_packet_follows = 1;
+    }
+
+    SSH_LOG(SSH_LOG_TRACE,
+            "Sending KEXINIT packet, first_kex_packet_follows = %d",
+            first_kex_packet_follows);
+
+    rc = ssh_buffer_pack(session->out_buffer,
+                         "bP",
+                         SSH2_MSG_KEXINIT,
+                         (size_t)16,
+                         kex->cookie); /* cookie */
+    if (rc != SSH_OK)
+        goto error;
+    if (ssh_hashbufout_add_cookie(session) < 0) {
+        goto error;
+    }
+
+    ssh_list_kex(kex);
+
+    for (i = 0; i < SSH_KEX_METHODS; i++) {
+        str = ssh_string_from_char(kex->methods[i]);
+        if (str == NULL) {
+            goto error;
+        }
 
-  ssh_list_kex(kex);
+        rc = ssh_buffer_add_ssh_string(session->out_hashbuf, str);
+        if (rc < 0) {
+            goto error;
+        }
+        rc = ssh_buffer_add_ssh_string(session->out_buffer, str);
+        if (rc < 0) {
+            goto error;
+        }
+        SSH_STRING_FREE(str);
+        str = NULL;
+    }
 
-  for (i = 0; i < SSH_KEX_METHODS; i++) {
-    str = ssh_string_from_char(kex->methods[i]);
-    if (str == NULL) {
-      goto error;
+    rc = ssh_buffer_pack(session->out_buffer,
+                         "bd",
+                         first_kex_packet_follows,
+                         0);
+    if (rc != SSH_OK) {
+        goto error;
     }
 
-    if (ssh_buffer_add_ssh_string(session->out_hashbuf, str) < 0) {
-      goto error;
+    /* Prepare also the first_kex_packet_follows and reserved to 0 */
+    rc = ssh_buffer_add_u8(session->out_hashbuf, first_kex_packet_follows);
+    if (rc < 0) {
+        goto error;
     }
-    if (ssh_buffer_add_ssh_string(session->out_buffer, str) < 0) {
-      goto error;
+    rc = ssh_buffer_add_u32(session->out_hashbuf, 0);
+    if (rc < 0) {
+        goto error;
     }
-    SSH_STRING_FREE(str);
-    str = NULL;
-  }
 
-  rc = ssh_buffer_pack(session->out_buffer,
-                       "bd",
-                       0,
-                       0);
-  if (rc != SSH_OK) {
-    goto error;
-  }
+    rc = ssh_packet_send(session);
+    if (rc == SSH_ERROR) {
+        return -1;
+    }
 
-  if (ssh_packet_send(session) == SSH_ERROR) {
-    return -1;
-  }
+    session->flags |= SSH_SESSION_FLAG_KEXINIT_SENT;
+    SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_KEXINIT sent");
+
+    /* If we indicated that we are sending the guessed key exchange packet,
+     * do it now. The packet is simple, but we need to do some preparations */
+    if (first_kex_packet_follows == 1) {
+        char *list = kex->methods[SSH_KEX];
+        char *colon = strchr(list, ',');
+        size_t kex_name_len = colon ? (size_t)(colon - list) : strlen(list);
+        char *kex_name = calloc(kex_name_len + 1, 1);
+        if (kex_name == NULL) {
+            ssh_set_error_oom(session);
+            goto error;
+        }
+        snprintf(kex_name, kex_name_len + 1, "%.*s", (int)kex_name_len, list);
+        SSH_LOG(SSH_LOG_TRACE, "Sending the first kex packet for %s", kex_name);
+
+        session->next_crypto->kex_type = kex_select_kex_type(kex_name);
+        free(kex_name);
+
+        /* run the first step of the DH handshake */
+        session->dh_handshake_state = DH_STATE_INIT;
+        if (dh_handshake(session) == SSH_ERROR) {
+            goto error;
+        }
+    }
+    return 0;
 
-  SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_KEXINIT sent");
-  return 0;
 error:
-  ssh_buffer_reinit(session->out_buffer);
-  ssh_buffer_reinit(session->out_hashbuf);
-  SSH_STRING_FREE(str);
+    ssh_buffer_reinit(session->out_buffer);
+    ssh_buffer_reinit(session->out_hashbuf);
+    SSH_STRING_FREE(str);
 
-  return -1;
+    return -1;
 }
 
 /*
@@ -940,7 +1169,7 @@ int ssh_send_rekex(ssh_session session)
     }
 
     session->dh_handshake_state = DH_STATE_INIT;
-    rc = ssh_send_kex(session, session->server);
+    rc = ssh_send_kex(session);
     if (rc < 0) {
         SSH_LOG(SSH_LOG_PACKET, "Failed to send kex");
         return rc;
@@ -983,6 +1212,111 @@ char *ssh_keep_fips_algos(enum ssh_kex_types_e algo, const char *list)
     return ssh_find_all_matching(fips_methods[algo], list);
 }
 
+/**
+ * @internal
+ *
+ * @brief Return a newly allocated string containing the default
+ * algorithms plus the algorithms specified in list. If the system
+ * runs in fips mode, this will add only fips approved algorithms.
+ * Empty list will cause error.
+ *
+ * @param[in] algo  The type of the methods to filter
+ * @param[in] list  The list to be appended
+ *
+ * @return A newly allocated list containing the default algorithms and the
+ * algorithms in list at the end; NULL in case of error.
+ */
+char *ssh_add_to_default_algos(enum ssh_kex_types_e algo, const char *list)
+{
+    char *tmp = NULL, *ret = NULL;
+
+    if (algo > SSH_LANG_S_C || list == NULL || list[0] == '\0') {
+        return NULL;
+    }
+
+    if (ssh_fips_mode()) {
+        tmp = ssh_append_without_duplicates(fips_methods[algo], list);
+        ret = ssh_find_all_matching(fips_methods[algo], tmp);
+    } else {
+        tmp = ssh_append_without_duplicates(default_methods[algo], list);
+        ret = ssh_find_all_matching(supported_methods[algo], tmp);
+    }
+
+    free(tmp);
+    return ret;
+}
+
+/**
+ * @internal
+ *
+ * @brief Return a newly allocated string containing the default
+ * algorithms excluding the algorithms specified in list. If the system
+ * runs in fips mode, this will remove from the fips_methods list.
+ *
+ * @param[in] algo  The type of the methods to filter
+ * @param[in] list  The list to be exclude
+ *
+ * @return A newly allocated list containing the default algorithms without the
+ * algorithms in list; NULL in case of error.
+ */
+char *ssh_remove_from_default_algos(enum ssh_kex_types_e algo, const char *list)
+{
+    if (algo > SSH_LANG_S_C) {
+        return NULL;
+    }
+
+    if (list == NULL || list[0] == '\0') {
+        if (ssh_fips_mode()) {
+            return strdup(fips_methods[algo]);
+        } else {
+            return strdup(default_methods[algo]);
+        }
+    }
+
+    if (ssh_fips_mode()) {
+        return ssh_remove_all_matching(fips_methods[algo], list);
+    } else {
+        return ssh_remove_all_matching(default_methods[algo], list);
+    }
+}
+
+/**
+ * @internal
+ *
+ * @brief Return a newly allocated string containing the default
+ * algorithms with prioritized algorithms specified in list. If the
+ * algorithms are present in the default list they get prioritized, if not
+ * they are added to the front of the default list. If the system
+ * runs in fips mode, this will work with the fips_methods list.
+ * Empty list will cause error.
+ *
+ * @param[in] algo  The type of the methods to filter
+ * @param[in] list  The list to be pushed to priority
+ *
+ * @return A newly allocated list containing the default algorithms prioritized
+ * with the algorithms in list at the beginning of the list; NULL in case
+ * of error.
+ */
+char *ssh_prefix_default_algos(enum ssh_kex_types_e algo, const char *list)
+{
+    char *ret = NULL, *tmp = NULL;
+
+    if (algo > SSH_LANG_S_C || list == NULL || list[0] == '\0') {
+        return NULL;
+    }
+
+    if (ssh_fips_mode()) {
+        tmp = ssh_prefix_without_duplicates(fips_methods[algo], list);
+        ret = ssh_find_all_matching(fips_methods[algo], tmp);
+    } else {
+        tmp = ssh_prefix_without_duplicates(default_methods[algo], list);
+        ret = ssh_find_all_matching(supported_methods[algo], tmp);
+    }
+
+    free(tmp);
+    return ret;
+}
+
 int ssh_make_sessionid(ssh_session session)
 {
     ssh_string num = NULL;
@@ -1025,33 +1359,6 @@ int ssh_make_sessionid(ssh_session session)
         client_hash = session->in_hashbuf;
     }
 
-    /*
-     * Handle the two final fields for the KEXINIT message (RFC 4253 7.1):
-     *
-     *      boolean      first_kex_packet_follows
-     *      uint32       0 (reserved for future extension)
-     */
-    rc = ssh_buffer_add_u8(server_hash, 0);
-    if (rc < 0) {
-        goto error;
-    }
-    rc = ssh_buffer_add_u32(server_hash, 0);
-    if (rc < 0) {
-        goto error;
-    }
-
-    /* These fields are handled for the server case in ssh_packet_kexinit. */
-    if (session->client) {
-        rc = ssh_buffer_add_u8(client_hash, 0);
-        if (rc < 0) {
-            goto error;
-        }
-        rc = ssh_buffer_add_u32(client_hash, 0);
-        if (rc < 0) {
-            goto error;
-        }
-    }
-
     rc = ssh_dh_get_next_server_publickey_blob(session, &server_pubkey_blob);
     if (rc != SSH_OK) {
         goto error;
@@ -1060,10 +1367,10 @@ int ssh_make_sessionid(ssh_session session)
     rc = ssh_buffer_pack(buf,
                          "dPdPS",
                          ssh_buffer_get_len(client_hash),
-                         ssh_buffer_get_len(client_hash),
+                         (size_t)ssh_buffer_get_len(client_hash),
                          ssh_buffer_get(client_hash),
                          ssh_buffer_get_len(server_hash),
-                         ssh_buffer_get_len(server_hash),
+                         (size_t)ssh_buffer_get_len(server_hash),
                          ssh_buffer_get(server_hash),
                          server_pubkey_blob);
     SSH_STRING_FREE(server_pubkey_blob);
@@ -1141,7 +1448,7 @@ int ssh_make_sessionid(ssh_session session)
     case SSH_KEX_ECDH_SHA2_NISTP521:
         if (session->next_crypto->ecdh_client_pubkey == NULL ||
             session->next_crypto->ecdh_server_pubkey == NULL) {
-            SSH_LOG(SSH_LOG_WARNING, "ECDH parameted missing");
+            SSH_LOG(SSH_LOG_TRACE, "ECDH parameter missing");
             goto error;
         }
         rc = ssh_buffer_pack(buf,
@@ -1159,9 +1466,11 @@ int ssh_make_sessionid(ssh_session session)
         rc = ssh_buffer_pack(buf,
                              "dPdP",
                              CURVE25519_PUBKEY_SIZE,
-                             (size_t)CURVE25519_PUBKEY_SIZE, session->next_crypto->curve25519_client_pubkey,
+                             (size_t)CURVE25519_PUBKEY_SIZE,
+                             session->next_crypto->curve25519_client_pubkey,
                              CURVE25519_PUBKEY_SIZE,
-                             (size_t)CURVE25519_PUBKEY_SIZE, session->next_crypto->curve25519_server_pubkey);
+                             (size_t)CURVE25519_PUBKEY_SIZE,
+                             session->next_crypto->curve25519_server_pubkey);
 
         if (rc != SSH_OK) {
             goto error;
@@ -1178,6 +1487,8 @@ int ssh_make_sessionid(ssh_session session)
     ssh_log_hexdump("hash buffer", ssh_buffer_get(buf), ssh_buffer_get_len(buf));
 #endif
 
+    /* Set rc for the following switch statement in case we goto error. */
+    rc = SSH_ERROR;
     switch (session->next_crypto->kex_type) {
     case SSH_KEX_DH_GROUP1_SHA1:
     case SSH_KEX_DH_GROUP14_SHA1:
@@ -1237,6 +1548,7 @@ int ssh_make_sessionid(ssh_session session)
                session->next_crypto->secret_hash);
         break;
     }
+
     /* During the first kex, secret hash and session ID are equal. However, after
      * a key re-exchange, a new secret hash is calculated. This hash will not replace
      * but complement existing session id.
@@ -1245,6 +1557,7 @@ int ssh_make_sessionid(ssh_session session)
         session->next_crypto->session_id = malloc(session->next_crypto->digest_len);
         if (session->next_crypto->session_id == NULL) {
             ssh_set_error_oom(session);
+            rc = SSH_ERROR;
             goto error;
         }
         memcpy(session->next_crypto->session_id, session->next_crypto->secret_hash,
diff --git a/libssh/src/known_hosts.c b/libssh/src/known_hosts.c
index 84e15572..3ef83e21 100644
--- a/libssh/src/known_hosts.c
+++ b/libssh/src/known_hosts.c
@@ -70,7 +70,7 @@
  * @param[out] found_type A pointer to a string to be set with the found key
  *                        type.
  *
- * @returns             The found_type type of key (ie "dsa","ssh-rsa"). Don't
+ * @returns             The found_type type of key (ie "ssh-rsa"). Don't
  *                      free that value. NULL if no match was found or the file
  *                      was not found.
  */
@@ -79,8 +79,8 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
                                                     const char **found_type)
 {
     char buffer[MAX_LINE_SIZE] = {0};
-    char *ptr;
-    struct ssh_tokens_st *tokens;
+    char *ptr = NULL;
+    struct ssh_tokens_st *tokens = NULL;
 
     if (*file == NULL) {
         *file = fopen(filename,"r");
@@ -149,10 +149,10 @@ static struct ssh_tokens_st *ssh_get_knownhost_line(FILE **file,
 static int check_public_key(ssh_session session, char **tokens) {
   ssh_string pubkey_blob = NULL;
   ssh_buffer pubkey_buffer;
-  char *pubkey_64;
+  char *pubkey_64 = NULL;
   int rc;
 
-    /* ssh-dss or ssh-rsa */
+    /* ssh-rsa, ssh-ed25519, .. */
     pubkey_64 = tokens[2];
     pubkey_buffer = base64_to_bin(pubkey_64);
 
@@ -205,11 +205,11 @@ static int match_hashed_host(const char *host, const char *sourcehash)
    * hash := HMAC_SHA1(key=salt,data=host)
    */
   unsigned char buffer[256] = {0};
-  ssh_buffer salt;
-  ssh_buffer hash;
-  HMACCTX mac;
-  char *source;
-  char *b64hash;
+  ssh_buffer salt = NULL;
+  ssh_buffer hash = NULL;
+  HMACCTX mac = NULL;
+  char *source = NULL;
+  char *b64hash = NULL;
   int match, rc;
   size_t size;
 
@@ -304,14 +304,14 @@ static int match_hashed_host(const char *host, const char *sourcehash)
 int ssh_is_server_known(ssh_session session)
 {
     FILE *file = NULL;
-    char *host;
-    char *hostport;
-    const char *type;
+    char *host = NULL;
+    char *hostport = NULL;
+    const char *type = NULL;
     int match;
     int i = 0;
-    char *files[3];
+    char *files[3] = {0};
 
-    struct ssh_tokens_st *tokens;
+    struct ssh_tokens_st *tokens = NULL;
 
     int ret = SSH_SERVER_NOT_KNOWN;
 
@@ -443,12 +443,13 @@ int ssh_is_server_known(ssh_session session)
  * @deprecated Please use ssh_session_export_known_hosts_entry()
  * @brief This function is deprecated.
  */
-char * ssh_dump_knownhost(ssh_session session) {
+char *ssh_dump_knownhost(ssh_session session)
+{
     ssh_key server_pubkey = NULL;
-    char *host;
-    char *hostport;
-    char *buffer;
-    char *b64_key;
+    char *host = NULL;
+    char *hostport = NULL;
+    char *buffer = NULL;
+    char *b64_key = NULL;
     int rc;
 
     if (session->opts.host == NULL) {
@@ -513,9 +514,9 @@ char * ssh_dump_knownhost(ssh_session session) {
  */
 int ssh_write_knownhost(ssh_session session)
 {
-    FILE *file;
+    FILE *file = NULL;
     char *buffer = NULL;
-    char *dir;
+    char *dir = NULL;
     int rc;
 
     if (session->opts.knownhosts == NULL) {
diff --git a/libssh/src/knownhosts.c b/libssh/src/knownhosts.c
index 49bdf574..a2d08a75 100644
--- a/libssh/src/knownhosts.c
+++ b/libssh/src/knownhosts.c
@@ -61,7 +61,7 @@ static int hash_hostname(const char *name,
                          size_t *hash_size)
 {
     int rc;
-    HMACCTX mac_ctx;
+    HMACCTX mac_ctx = NULL;
 
     mac_ctx = hmac_init(salt, salt_size, SSH_HMAC_SHA1);
     if (mac_ctx == NULL) {
@@ -81,8 +81,8 @@ static int hash_hostname(const char *name,
 
 static int match_hashed_hostname(const char *host, const char *hashed_host)
 {
-    char *hashed;
-    char *b64_hash;
+    char *hashed = NULL;
+    char *b64_hash = NULL;
     ssh_buffer salt = NULL;
     ssh_buffer hash = NULL;
     unsigned char hashed_buf[256] = {0};
@@ -229,13 +229,13 @@ static int ssh_known_hosts_read_entries(const char *match,
     char line[MAX_LINE_SIZE];
     size_t lineno = 0;
     size_t len = 0;
-    FILE *fp;
+    FILE *fp = NULL;
     int rc;
 
     fp = fopen(filename, "r");
     if (fp == NULL) {
         char err_msg[SSH_ERRNO_MSG_MAX] = {0};
-        SSH_LOG(SSH_LOG_WARN, "Failed to open the known_hosts file '%s': %s",
+        SSH_LOG(SSH_LOG_TRACE, "Failed to open the known_hosts file '%s': %s",
                 filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
         /* The missing file is not an error here */
         return SSH_OK;
@@ -288,7 +288,7 @@ static int ssh_known_hosts_read_entries(const char *match,
         for (it = ssh_list_get_iterator(*entries);
              it != NULL;
              it = it->next) {
-            struct ssh_knownhosts_entry *entry2;
+            struct ssh_knownhosts_entry *entry2 = NULL;
             int cmp;
             entry2 = ssh_iterator_value(struct ssh_knownhosts_entry *, it);
             cmp = ssh_known_hosts_entries_compare(entry, entry2);
@@ -312,8 +312,8 @@ static int ssh_known_hosts_read_entries(const char *match,
 
 static char *ssh_session_get_host_port(ssh_session session)
 {
-    char *host_port;
-    char *host;
+    char *host_port = NULL;
+    char *host = NULL;
 
     if (session->opts.host == NULL) {
         ssh_set_error(session,
@@ -480,20 +480,17 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
         return "rsa-sha2-512,rsa-sha2-256,ssh-rsa";
     case SSH_KEYTYPE_ED25519:
         return "ssh-ed25519";
-#ifdef HAVE_DSA
-    case SSH_KEYTYPE_DSS:
-        return "ssh-dss";
-#else
-        SSH_LOG(SSH_LOG_WARN, "DSS keys are not supported by this build");
-        break;
-#endif
-#ifdef HAVE_ECDH
+    case SSH_KEYTYPE_SK_ED25519:
+        return "sk-ssh-ed25519@openssh.com";
+#ifdef HAVE_ECC
     case SSH_KEYTYPE_ECDSA_P256:
         return "ecdsa-sha2-nistp256";
     case SSH_KEYTYPE_ECDSA_P384:
         return "ecdsa-sha2-nistp384";
     case SSH_KEYTYPE_ECDSA_P521:
         return "ecdsa-sha2-nistp521";
+    case SSH_KEYTYPE_SK_ECDSA:
+        return "sk-ecdsa-sha2-nistp256@openssh.com";
 #else
     case SSH_KEYTYPE_ECDSA_P256:
     case SSH_KEYTYPE_ECDSA_P384:
@@ -503,7 +500,7 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
 #endif
     case SSH_KEYTYPE_UNKNOWN:
     default:
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "The given type %d is not a base private key type "
                 "or is unsupported",
                 type);
@@ -533,7 +530,7 @@ char *ssh_known_hosts_get_algorithms_names(ssh_session session)
     char *host_port = NULL;
     size_t count;
     bool needcomma = false;
-    char *names;
+    char *names = NULL;
 
     int rc;
 
@@ -641,7 +638,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
 {
     struct ssh_knownhosts_entry *e = NULL;
     char *known_host = NULL;
-    char *p;
+    char *p = NULL;
     char *save_tok = NULL;
     enum ssh_keytypes_e key_type;
     int match = 0;
@@ -749,7 +746,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
 
     key_type = ssh_key_type_from_name(p);
     if (key_type == SSH_KEYTYPE_UNKNOWN) {
-        SSH_LOG(SSH_LOG_WARN, "key type '%s' unknown!", p);
+        SSH_LOG(SSH_LOG_TRACE, "key type '%s' unknown!", p);
         rc = SSH_ERROR;
         goto out;
     }
@@ -765,7 +762,7 @@ int ssh_known_hosts_parse_line(const char *hostname,
                                       key_type,
                                       &e->publickey);
     if (rc != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Failed to parse %s key for entry: %s!",
                 ssh_key_type_to_char(key_type),
                 e->unparsed);
@@ -836,7 +833,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
     if (session->opts.knownhosts != NULL) {
         known_hosts_found = ssh_file_readaccess_ok(session->opts.knownhosts);
         if (!known_hosts_found) {
-            SSH_LOG(SSH_LOG_WARN, "Cannot access file %s",
+            SSH_LOG(SSH_LOG_TRACE, "Cannot access file %s",
                     session->opts.knownhosts);
         }
     }
@@ -845,7 +842,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)
         global_known_hosts_found =
                 ssh_file_readaccess_ok(session->opts.global_knownhosts);
         if (!global_known_hosts_found) {
-            SSH_LOG(SSH_LOG_WARN, "Cannot access file %s",
+            SSH_LOG(SSH_LOG_TRACE, "Cannot access file %s",
                     session->opts.global_knownhosts);
         }
     }
@@ -1227,7 +1224,7 @@ ssh_session_get_known_hosts_entry(ssh_session session,
  *          SSH_KNOWN_HOSTS_NOT_FOUND: The known host file does not exist. The
  *                                     host is thus unknown. File will be
  *                                     created if host key is accepted.\n
- *          SSH_KNOWN_HOSTS_ERROR:     There had been an eror checking the host.
+ *          SSH_KNOWN_HOSTS_ERROR:     There had been an error checking the host.
  *
  * @see ssh_knownhosts_entry_free()
  */
diff --git a/libssh/src/legacy.c b/libssh/src/legacy.c
index 7b165dbe..65a47d6e 100644
--- a/libssh/src/legacy.c
+++ b/libssh/src/legacy.c
@@ -48,7 +48,7 @@ int ssh_auth_list(ssh_session session) {
 int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
     int type, ssh_string publickey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
     int rc;
 
     (void) type; /* unused */
@@ -70,7 +70,7 @@ int ssh_userauth_pubkey(ssh_session session,
                         ssh_string publickey,
                         ssh_private_key privatekey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
     int rc;
 
     (void) publickey; /* unused */
@@ -83,20 +83,22 @@ int ssh_userauth_pubkey(ssh_session session,
     key->type = privatekey->type;
     key->type_c = ssh_key_type_to_char(key->type);
     key->flags = SSH_KEY_FLAG_PRIVATE|SSH_KEY_FLAG_PUBLIC;
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = privatekey->dsa_priv;
-    key->rsa = privatekey->rsa_priv;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    key->pk = privatekey->rsa_priv;
+#elif defined(HAVE_LIBCRYPTO)
     key->key = privatekey->key_priv;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    key->rsa = privatekey->rsa_priv;
+#endif /* HAVE_LIBCRYPTO */
 
     rc = ssh_userauth_publickey(session, username, key);
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = NULL;
-    key->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    key->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     key->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    key->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
     ssh_key_free(key);
 
     return rc;
@@ -358,26 +360,11 @@ void publickey_free(ssh_public_key key) {
   }
 
   switch(key->type) {
-    case SSH_KEYTYPE_DSS:
-#ifdef HAVE_LIBGCRYPT
-      gcry_sexp_release(key->dsa_pub);
-#elif defined HAVE_LIBCRYPTO
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-      DSA_free(key->dsa_pub);
-#else
-      EVP_PKEY_free(key->key_pub);
-#endif /* OPENSSL_VERSION_NUMBER */
-#endif /* HAVE_LIBGCRYPT */
-      break;
     case SSH_KEYTYPE_RSA:
 #ifdef HAVE_LIBGCRYPT
       gcry_sexp_release(key->rsa_pub);
 #elif defined HAVE_LIBCRYPTO
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-      RSA_free(key->rsa_pub);
-#else
       EVP_PKEY_free(key->key_pub);
-#endif /* OPENSSL_VERSION_NUMBER */
 #elif defined HAVE_LIBMBEDCRYPTO
       mbedtls_pk_free(key->rsa_pub);
       SAFE_FREE(key->rsa_pub);
@@ -389,10 +376,11 @@ void publickey_free(ssh_public_key key) {
   SAFE_FREE(key);
 }
 
-ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
-    struct ssh_public_key_struct *p;
-    ssh_key privkey;
-    ssh_key pubkey;
+ssh_public_key publickey_from_privatekey(ssh_private_key prv)
+{
+    struct ssh_public_key_struct *p = NULL;
+    ssh_key privkey = NULL;
+    ssh_key pubkey = NULL;
     int rc;
 
     privkey = ssh_key_new();
@@ -403,20 +391,22 @@ ssh_public_key publickey_from_privatekey(ssh_private_key prv) {
     privkey->type = prv->type;
     privkey->type_c = ssh_key_type_to_char(privkey->type);
     privkey->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    privkey->dsa = prv->dsa_priv;
-    privkey->rsa = prv->rsa_priv;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    privkey->pk = prv->rsa_priv;
+#elif defined(HAVE_LIBCRYPTO)
     privkey->key = prv->key_priv;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    privkey->rsa = prv->rsa_priv;
+#endif /* HAVE_LIBCRYPTO */
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    privkey->dsa = NULL;
-    privkey->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    privkey->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     privkey->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    privkey->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
     ssh_key_free(privkey);
     if (rc < 0) {
         return NULL;
@@ -434,8 +424,8 @@ ssh_private_key privatekey_from_file(ssh_session session,
                                      const char *passphrase) {
     ssh_auth_callback auth_fn = NULL;
     void *auth_data = NULL;
-    ssh_private_key privkey;
-    ssh_key key;
+    ssh_private_key privkey = NULL;
+    ssh_key key = NULL;
     int rc;
 
     (void) type; /* unused */
@@ -451,7 +441,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
                                      auth_fn,
                                      auth_data,
                                      &key);
-    if (rc == SSH_ERROR) {
+    if (rc != SSH_OK) {
         return NULL;
     }
 
@@ -462,17 +452,16 @@ ssh_private_key privatekey_from_file(ssh_session session,
     }
 
     privkey->type = key->type;
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    privkey->dsa_priv = key->dsa;
-    privkey->rsa_priv = key->rsa;
-
-    key->dsa = NULL;
-    key->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    privkey->rsa_priv = key->pk;
+    key->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     privkey->key_priv = key->key;
-
     key->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    privkey->rsa_priv = key->rsa;
+    key->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
 
     ssh_key_free(key);
 
@@ -491,15 +480,9 @@ void privatekey_free(ssh_private_key prv) {
   }
 
 #ifdef HAVE_LIBGCRYPT
-  gcry_sexp_release(prv->dsa_priv);
   gcry_sexp_release(prv->rsa_priv);
 #elif defined HAVE_LIBCRYPTO
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-  DSA_free(prv->dsa_priv);
-  RSA_free(prv->rsa_priv);
-#else
   EVP_PKEY_free(prv->key_priv);
-#endif /* OPENSSL_VERSION_NUMBER */
 #elif defined HAVE_LIBMBEDCRYPTO
   mbedtls_pk_free(prv->rsa_priv);
   SAFE_FREE(prv->rsa_priv);
@@ -510,7 +493,7 @@ void privatekey_free(ssh_private_key prv) {
 
 ssh_string publickey_from_file(ssh_session session, const char *filename,
     int *type) {
-    ssh_key key;
+    ssh_key key = NULL;
     ssh_string key_str = NULL;
     int rc;
 
@@ -543,9 +526,10 @@ int ssh_type_from_name(const char *name) {
     return ssh_key_type_from_name(name);
 }
 
-ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
-    struct ssh_public_key_struct *pubkey;
-    ssh_key key;
+ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s)
+{
+    struct ssh_public_key_struct *pubkey = NULL;
+    ssh_key key = NULL;
     int rc;
 
     (void) session; /* unused */
@@ -564,24 +548,26 @@ ssh_public_key publickey_from_string(ssh_session session, ssh_string pubkey_s) {
     pubkey->type = key->type;
     pubkey->type_c = key->type_c;
 
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    pubkey->dsa_pub = key->dsa;
-    key->dsa = NULL;
-    pubkey->rsa_pub = key->rsa;
-    key->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    pubkey->rsa_pub = key->pk;
+    key->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     pubkey->key_pub = key->key;
     key->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    pubkey->rsa_pub = key->rsa;
+    key->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
 
     ssh_key_free(key);
 
     return pubkey;
 }
 
-ssh_string publickey_to_string(ssh_public_key pubkey) {
-    ssh_key key;
-    ssh_string key_blob;
+ssh_string publickey_to_string(ssh_public_key pubkey)
+{
+    ssh_key key = NULL;
+    ssh_string key_blob = NULL;
     int rc;
 
     if (pubkey == NULL) {
@@ -596,24 +582,26 @@ ssh_string publickey_to_string(ssh_public_key pubkey) {
     key->type = pubkey->type;
     key->type_c = pubkey->type_c;
 
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = pubkey->dsa_pub;
-    key->rsa = pubkey->rsa_pub;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    key->pk = pubkey->rsa_pub;
+#elif defined(HAVE_LIBCRYPTO)
     key->key = pubkey->key_pub;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    key->rsa = pubkey->rsa_pub;
+#endif /* HAVE_LIBCRYPTO */
 
     rc = ssh_pki_export_pubkey_blob(key, &key_blob);
     if (rc < 0) {
         key_blob = NULL;
     }
 
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = NULL;
-    key->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    key->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     key->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    key->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
     ssh_key_free(key);
 
     return key_blob;
@@ -624,11 +612,11 @@ int ssh_publickey_to_file(ssh_session session,
                           ssh_string pubkey,
                           int type)
 {
-    FILE *fp;
-    char *user;
+    FILE *fp = NULL;
+    char *user = NULL;
     char buffer[1024];
     char host[256];
-    unsigned char *pubkey_64;
+    unsigned char *pubkey_64 = NULL;
     size_t len;
     int rc;
     if(session==NULL)
@@ -695,9 +683,9 @@ int ssh_try_publickey_from_file(ssh_session session,
                                 const char *keyfile,
                                 ssh_string *publickey,
                                 int *type) {
-    char *pubkey_file;
+    char *pubkey_file = NULL;
     size_t len;
-    ssh_string pubkey_string;
+    ssh_string pubkey_string = NULL;
     int pubkey_type;
 
     if (session == NULL || keyfile == NULL || publickey == NULL || type == NULL) {
diff --git a/libssh/src/libcrypto-compat.c b/libssh/src/libcrypto-compat.c
deleted file mode 100644
index 33b8dffd..00000000
--- a/libssh/src/libcrypto-compat.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "config.h"
-
-#include <string.h>
-#include "libcrypto-compat.h"
-
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-{
-    /* If the fields n and e in r are NULL, the corresponding input
-     * parameters MUST be non-NULL for n and e.  d may be
-     * left NULL (in case only the public key is used).
-     */
-    if ((r->n == NULL && n == NULL)
-        || (r->e == NULL && e == NULL))
-        return 0;
-
-    if (n != NULL) {
-        BN_free(r->n);
-        r->n = n;
-    }
-    if (e != NULL) {
-        BN_free(r->e);
-        r->e = e;
-    }
-    if (d != NULL) {
-        BN_free(r->d);
-        r->d = d;
-    }
-
-    return 1;
-}
-
-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
-{
-    /* If the fields p and q in r are NULL, the corresponding input
-     * parameters MUST be non-NULL.
-     */
-    if ((r->p == NULL && p == NULL)
-        || (r->q == NULL && q == NULL))
-        return 0;
-
-    if (p != NULL) {
-        BN_free(r->p);
-        r->p = p;
-    }
-    if (q != NULL) {
-        BN_free(r->q);
-        r->q = q;
-    }
-
-    return 1;
-}
-
-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
-{
-    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
-     * parameters MUST be non-NULL.
-     */
-    if ((r->dmp1 == NULL && dmp1 == NULL)
-        || (r->dmq1 == NULL && dmq1 == NULL)
-        || (r->iqmp == NULL && iqmp == NULL))
-        return 0;
-
-    if (dmp1 != NULL) {
-        BN_free(r->dmp1);
-        r->dmp1 = dmp1;
-    }
-    if (dmq1 != NULL) {
-        BN_free(r->dmq1);
-        r->dmq1 = dmq1;
-    }
-    if (iqmp != NULL) {
-        BN_free(r->iqmp);
-        r->iqmp = iqmp;
-    }
-
-    return 1;
-}
-
-void RSA_get0_key(const RSA *r,
-                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-{
-    if (n != NULL)
-        *n = r->n;
-    if (e != NULL)
-        *e = r->e;
-    if (d != NULL)
-        *d = r->d;
-}
-
-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
-{
-    if (p != NULL)
-        *p = r->p;
-    if (q != NULL)
-        *q = r->q;
-}
-
-void RSA_get0_crt_params(const RSA *r,
-                         const BIGNUM **dmp1, const BIGNUM **dmq1,
-                         const BIGNUM **iqmp)
-{
-    if (dmp1 != NULL)
-        *dmp1 = r->dmp1;
-    if (dmq1 != NULL)
-        *dmq1 = r->dmq1;
-    if (iqmp != NULL)
-        *iqmp = r->iqmp;
-}
-
-void DSA_get0_pqg(const DSA *d,
-                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-{
-    if (p != NULL)
-        *p = d->p;
-    if (q != NULL)
-        *q = d->q;
-    if (g != NULL)
-        *g = d->g;
-}
-
-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-{
-    /* If the fields p, q and g in d are NULL, the corresponding input
-     * parameters MUST be non-NULL.
-     */
-    if ((d->p == NULL && p == NULL)
-        || (d->q == NULL && q == NULL)
-        || (d->g == NULL && g == NULL))
-        return 0;
-
-    if (p != NULL) {
-        BN_free(d->p);
-        d->p = p;
-    }
-    if (q != NULL) {
-        BN_free(d->q);
-        d->q = q;
-    }
-    if (g != NULL) {
-        BN_free(d->g);
-        d->g = g;
-    }
-
-    return 1;
-}
-
-void DSA_get0_key(const DSA *d,
-                  const BIGNUM **pub_key, const BIGNUM **priv_key)
-{
-    if (pub_key != NULL)
-        *pub_key = d->pub_key;
-    if (priv_key != NULL)
-        *priv_key = d->priv_key;
-}
-
-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
-{
-    /* If the field pub_key in d is NULL, the corresponding input
-     * parameters MUST be non-NULL.  The priv_key field may
-     * be left NULL.
-     */
-    if (d->pub_key == NULL && pub_key == NULL)
-        return 0;
-
-    if (pub_key != NULL) {
-        BN_free(d->pub_key);
-        d->pub_key = pub_key;
-    }
-    if (priv_key != NULL) {
-        BN_free(d->priv_key);
-        d->priv_key = priv_key;
-    }
-
-    return 1;
-}
-
-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-{
-    if (pr != NULL)
-        *pr = sig->r;
-    if (ps != NULL)
-        *ps = sig->s;
-}
-
-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-{
-    if (r == NULL || s == NULL)
-        return 0;
-    BN_clear_free(sig->r);
-    BN_clear_free(sig->s);
-    sig->r = r;
-    sig->s = s;
-    return 1;
-}
-
-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-{
-    if (pr != NULL)
-        *pr = sig->r;
-    if (ps != NULL)
-        *ps = sig->s;
-}
-
-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-{
-    if (r == NULL || s == NULL)
-        return 0;
-    BN_clear_free(sig->r);
-    BN_clear_free(sig->s);
-    sig->r = r;
-    sig->s = s;
-    return 1;
-}
-
-EVP_MD_CTX *EVP_MD_CTX_new(void)
-{
-    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
-    if (ctx != NULL) {
-        EVP_MD_CTX_init(ctx);
-    }
-    return ctx;
-}
-
-void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-{
-    EVP_MD_CTX_cleanup(ctx);
-    OPENSSL_free(ctx);
-}
-
-void DH_get0_pqg(const DH *dh,
-                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-{
-    if (p) {
-        *p = dh->p;
-    }
-    if (q) {
-        *q = NULL;
-    }
-    if (g) {
-        *g = dh->g;
-    }
-}
-
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-{
-    if (p) {
-        if (dh->p) {
-            BN_free(dh->p);
-        }
-        dh->p = p;
-    }
-    if (g) {
-        if (dh->g) {
-            BN_free(dh->g);
-        }
-        dh->g = g;
-    }
-    return 1;
-}
-
-void DH_get0_key(const DH *dh,
-                 const BIGNUM **pub_key, const BIGNUM **priv_key)
-{
-    if (pub_key) {
-        *pub_key = dh->pub_key;
-    }
-    if (priv_key) {
-        *priv_key = dh->priv_key;
-    }
-}
-
-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-{
-    if (pub_key) {
-        if (dh->pub_key) {
-            BN_free(dh->pub_key);
-        }
-        dh->pub_key = pub_key;
-    }
-    if (priv_key) {
-        if (dh->priv_key) {
-            BN_free(dh->priv_key);
-        }
-        dh->priv_key = priv_key;
-    }
-    return 1;
-}
-
-const char *OpenSSL_version(int type)
-{
-    return SSLeay_version(type);
-}
-unsigned long OpenSSL_version_num(void)
-{
-    return SSLeay();
-}
diff --git a/libssh/src/libcrypto-compat.h b/libssh/src/libcrypto-compat.h
index 48e30bd1..0f2dc184 100644
--- a/libssh/src/libcrypto-compat.h
+++ b/libssh/src/libcrypto-compat.h
@@ -7,47 +7,8 @@
 #define NISTP384 "P-384"
 #define NISTP521 "P-521"
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/ecdsa.h>
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/bn.h>
-
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
-
-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
-
-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-
-EVP_MD_CTX *EVP_MD_CTX_new(void);
-void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
-
-void DH_get0_pqg(const DH *dh,
-                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-void DH_get0_key(const DH *dh,
-                 const BIGNUM **pub_key, const BIGNUM **priv_key);
-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-
-const char *OpenSSL_version(int type);
-unsigned long OpenSSL_version_num(void);
-
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#define EVP_PKEY_eq EVP_PKEY_cmp
 #endif /* OPENSSL_VERSION_NUMBER */
 
 #endif /* LIBCRYPTO_COMPAT_H */
diff --git a/libssh/src/libcrypto.c b/libssh/src/libcrypto.c
index 468b63f0..e21a82bc 100644
--- a/libssh/src/libcrypto.c
+++ b/libssh/src/libcrypto.c
@@ -34,26 +34,29 @@
 #include "libssh/wrapper.h"
 #include "libssh/libcrypto.h"
 #include "libssh/pki.h"
-#if defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305)
+#ifdef HAVE_OPENSSL_EVP_CHACHA20
 #include "libssh/bytearray.h"
 #include "libssh/chacha20-poly1305-common.h"
 #endif
 
 #ifdef HAVE_LIBCRYPTO
 
+#include <openssl/err.h>
+#include <openssl/md5.h>
 #include <openssl/opensslv.h>
 #include <openssl/sha.h>
-#include <openssl/md5.h>
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-#include <openssl/dsa.h>
 #include <openssl/rsa.h>
 #include <openssl/hmac.h>
 #else
-#include <openssl/param_build.h>
 #include <openssl/core_names.h>
+#include <openssl/param_build.h>
+#include <openssl/provider.h>
 #endif /* OPENSSL_VERSION_NUMBER */
 #include <openssl/rand.h>
+#if defined(WITH_PKCS11_URI) && !defined(WITH_PKCS11_PROVIDER)
 #include <openssl/engine.h>
+#endif
 
 #include "libcrypto-compat.h"
 
@@ -85,7 +88,6 @@
 
 static int libcrypto_initialized = 0;
 
-static ENGINE *engine = NULL;
 
 void ssh_reseed(void){
 #ifndef _WIN32
@@ -95,6 +97,39 @@ void ssh_reseed(void){
 #endif
 }
 
+#if defined(WITH_PKCS11_URI)
+#if defined(WITH_PKCS11_PROVIDER)
+static OSSL_PROVIDER *provider = NULL;
+static bool pkcs11_provider_failed = false;
+
+int pki_load_pkcs11_provider(void)
+{
+    if (OSSL_PROVIDER_available(NULL, "pkcs11") == 1) {
+        /* the provider is already available.
+         * Loaded through a configuration file? */
+        return SSH_OK;
+    }
+
+    if (pkcs11_provider_failed) {
+        /* the loading failed previously -- do not retry */
+        return SSH_ERROR;
+    }
+
+    provider = OSSL_PROVIDER_try_load(NULL, "pkcs11", 1);
+    if (provider != NULL) {
+        return SSH_OK;
+    }
+
+    SSH_LOG(SSH_LOG_TRACE,
+            "Failed to load the pkcs11 provider: %s",
+            ERR_error_string(ERR_get_error(), NULL));
+    /* Do not attempt to load it again */
+    pkcs11_provider_failed = true;
+    return SSH_ERROR;
+}
+#else
+static ENGINE *engine = NULL;
+
 ENGINE *pki_get_engine(void)
 {
     int ok;
@@ -104,80 +139,28 @@ ENGINE *pki_get_engine(void)
 
         engine = ENGINE_by_id("pkcs11");
         if (engine == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Could not load the engine: %s",
                     ERR_error_string(ERR_get_error(), NULL));
             return NULL;
         }
-        SSH_LOG(SSH_LOG_INFO, "Engine loaded successfully");
+        SSH_LOG(SSH_LOG_DEBUG, "Engine loaded successfully");
 
         ok = ENGINE_init(engine);
         if (!ok) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Could not initialize the engine: %s",
                     ERR_error_string(ERR_get_error(), NULL));
             ENGINE_free(engine);
             return NULL;
         }
 
-        SSH_LOG(SSH_LOG_INFO, "Engine init success");
+        SSH_LOG(SSH_LOG_DEBUG, "Engine init success");
     }
     return engine;
 }
-
-#ifdef HAVE_OPENSSL_ECC
-static const EVP_MD *nid_to_evpmd(int nid)
-{
-    switch (nid) {
-        case NID_X9_62_prime256v1:
-            return EVP_sha256();
-        case NID_secp384r1:
-            return EVP_sha384();
-        case NID_secp521r1:
-            return EVP_sha512();
-        default:
-            return NULL;
-    }
-
-    return NULL;
-}
-
-void evp(int nid, unsigned char *digest, size_t len, unsigned char *hash, unsigned int *hlen)
-{
-    const EVP_MD *evp_md = nid_to_evpmd(nid);
-    EVP_MD_CTX *md = EVP_MD_CTX_new();
-
-    EVP_DigestInit(md, evp_md);
-    EVP_DigestUpdate(md, digest, len);
-    EVP_DigestFinal(md, hash, hlen);
-    EVP_MD_CTX_free(md);
-}
-
-EVPCTX evp_init(int nid)
-{
-    const EVP_MD *evp_md = nid_to_evpmd(nid);
-
-    EVPCTX ctx = EVP_MD_CTX_new();
-    if (ctx == NULL) {
-        return NULL;
-    }
-
-    EVP_DigestInit(ctx, evp_md);
-
-    return ctx;
-}
-
-void evp_update(EVPCTX ctx, const void *data, size_t len)
-{
-    EVP_DigestUpdate(ctx, data, len);
-}
-
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
-{
-    EVP_DigestFinal(ctx, md, mdlen);
-    EVP_MD_CTX_free(ctx);
-}
-#endif /* HAVE_OPENSSL_ECC */
+#endif /* defined(WITH_PKCS11_PROVIDER) */
+#endif /* defined(WITH_PKCS11_URI) */
 
 #ifdef HAVE_OPENSSL_EVP_KDF_CTX
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
@@ -217,17 +200,29 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
             uint8_t key_type, unsigned char *output,
             size_t requested_len)
 {
-    int rc = -1;
+    int ret = SSH_ERROR, rv;
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
 #else
-    EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
-    EVP_KDF_CTX *ctx = EVP_KDF_CTX_new(kdf);
-    OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+    EVP_KDF_CTX *ctx = NULL;
+    OSSL_PARAM_BLD *param_bld = NULL;
     OSSL_PARAM *params = NULL;
-    const char *md = sshkdf_digest_to_md(crypto->digest_type);
+    const char *md = NULL;
+    EVP_KDF *kdf = NULL;
 
+    md = sshkdf_digest_to_md(crypto->digest_type);
+    if (md == NULL) {
+        return -1;
+    }
+
+    kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
+    if (kdf == NULL) {
+        return -1;
+    }
+    ctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
+
+    param_bld = OSSL_PARAM_BLD_new();
     if (param_bld == NULL) {
         EVP_KDF_CTX_free(ctx);
         return -1;
@@ -239,81 +234,86 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
     }
 
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD,
+    rv = EVP_KDF_ctrl(ctx,
+                      EVP_KDF_CTRL_SET_MD,
                       sshkdf_digest_to_md(crypto->digest_type));
-    if (rc != 1) {
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
-    if (rc != 1) {
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY, key, key_len);
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
-                      crypto->secret_hash, crypto->digest_len);
-    if (rc != 1) {
+    rv = EVP_KDF_ctrl(ctx,
+                      EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
+                      crypto->secret_hash,
+                      crypto->digest_len);
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
-    if (rc != 1) {
+    rv = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, key_type);
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
-                      crypto->session_id, crypto->session_id_len);
-    if (rc != 1) {
+    rv = EVP_KDF_ctrl(ctx,
+                      EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
+                      crypto->session_id,
+                      crypto->session_id_len);
+    if (rv != 1) {
         goto out;
     }
-    rc = EVP_KDF_derive(ctx, output, requested_len);
-    if (rc != 1) {
+    rv = EVP_KDF_derive(ctx, output, requested_len);
+    if (rv != 1) {
         goto out;
     }
 #else
-    rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
-                                         md, strlen(md));
-    if (rc != 1) {
-        rc = -1;
+    rv = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+                                         OSSL_KDF_PARAM_DIGEST,
+                                         md,
+                                         strlen(md));
+    if (rv != 1) {
         goto out;
     }
-    rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
-                                          key, key_len);
-    if (rc != 1) {
-        rc = -1;
+    rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
+                                          OSSL_KDF_PARAM_KEY,
+                                          key,
+                                          key_len);
+    if (rv != 1) {
         goto out;
     }
-    rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
+    rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
                                           OSSL_KDF_PARAM_SSHKDF_XCGHASH,
                                           crypto->secret_hash,
                                           crypto->digest_len);
-    if (rc != 1) {
-        rc = -1;
+    if (rv != 1) {
         goto out;
     }
-    rc = OSSL_PARAM_BLD_push_octet_string(param_bld,
+    rv = OSSL_PARAM_BLD_push_octet_string(param_bld,
                                           OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
                                           crypto->session_id,
                                           crypto->session_id_len);
-    if (rc != 1) {
-        rc = -1;
+    if (rv != 1) {
         goto out;
     }
-    rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
-                                         (const char*)&key_type, 1);
-    if (rc != 1) {
-        rc = -1;
+    rv = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+                                         OSSL_KDF_PARAM_SSHKDF_TYPE,
+                                         (const char *)&key_type,
+                                         1);
+    if (rv != 1) {
         goto out;
     }
 
     params = OSSL_PARAM_BLD_to_param(param_bld);
     if (params == NULL) {
-        rc = -1;
         goto out;
     }
 
-    rc = EVP_KDF_derive(ctx, output, requested_len, params);
-    if (rc != 1) {
-        rc = -1;
+    rv = EVP_KDF_derive(ctx, output, requested_len, params);
+    if (rv != 1) {
         goto out;
     }
 #endif /* OPENSSL_VERSION_NUMBER */
+    ret = SSH_OK;
 
 out:
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -321,8 +321,8 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
     OSSL_PARAM_free(params);
 #endif
     EVP_KDF_CTX_free(ctx);
-    if (rc < 0) {
-        return rc;
+    if (ret < 0) {
+        return ret;
     }
     return 0;
 }
@@ -437,17 +437,17 @@ static void evp_cipher_init(struct ssh_cipher_struct *cipher)
     case SSH_3DES_CBC:
         cipher->cipher = EVP_des_ede3_cbc();
         break;
-#ifdef WITH_BLOWFISH_CIPHER
+#ifdef HAVE_BLOWFISH
     case SSH_BLOWFISH_CBC:
         cipher->cipher = EVP_bf_cbc();
         break;
         /* ciphers not using EVP */
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH */
     case SSH_AEAD_CHACHA20_POLY1305:
-        SSH_LOG(SSH_LOG_WARNING, "The ChaCha cipher cannot be handled here");
+        SSH_LOG(SSH_LOG_TRACE, "The ChaCha cipher cannot be handled here");
         break;
     case SSH_NO_CIPHER:
-        SSH_LOG(SSH_LOG_WARNING, "No valid ciphertype found");
+        SSH_LOG(SSH_LOG_TRACE, "No valid ciphertype found");
         break;
     }
 }
@@ -461,7 +461,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
 
     rc = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV);
     if (rc != 1){
-        SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptInit_ex failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptInit_ex failed");
         return SSH_ERROR;
     }
 
@@ -473,7 +473,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
                                  -1,
                                  (uint8_t *)IV);
         if (rc != 1) {
-            SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_IV_FIXED failed");
+            SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_IV_FIXED failed");
             return SSH_ERROR;
         }
     }
@@ -491,7 +491,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
 
     rc = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV);
     if (rc != 1){
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptInit_ex failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptInit_ex failed");
         return SSH_ERROR;
     }
 
@@ -503,7 +503,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
                                  -1,
                                  (uint8_t *)IV);
         if (rc != 1) {
-            SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_IV_FIXED failed");
+            SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_IV_FIXED failed");
             return SSH_ERROR;
         }
     }
@@ -528,11 +528,11 @@ static void evp_cipher_encrypt(struct ssh_cipher_struct *cipher,
                            (unsigned char *)in,
                            (int)len);
     if (rc != 1){
-        SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed");
         return;
     }
     if (outlen != (int)len){
-        SSH_LOG(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_DEBUG,
                 "EVP_EncryptUpdate: output size %d for %zu in",
                 outlen,
                 len);
@@ -554,11 +554,11 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher,
                            (unsigned char *)in,
                            (int)len);
     if (rc != 1){
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed");
         return;
     }
     if (outlen != (int)len){
-        SSH_LOG(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_DEBUG,
                 "EVP_DecryptUpdate: output size %d for %zu in",
                 outlen,
                 len);
@@ -613,7 +613,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
                              1,
                              lastiv);
     if (rc == 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_IV_GEN failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
         return;
     }
 
@@ -625,7 +625,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
                            (int)aadlen);
     outlen = tmplen;
     if (rc == 0 || outlen != aadlen) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to pass authenticated data");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to pass authenticated data");
         return;
     }
     memcpy(out, in, aadlen);
@@ -638,7 +638,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
                            (int)len - aadlen);
     outlen = tmplen;
     if (rc != 1 || outlen != (int)len - aadlen) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed");
         return;
     }
 
@@ -647,7 +647,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
                           NULL,
                           &tmplen);
     if (rc < 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptFinal failed: Failed to create a tag");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal failed: Failed to create a tag");
         return;
     }
 
@@ -656,7 +656,7 @@ evp_cipher_aead_encrypt(struct ssh_cipher_struct *cipher,
                              authlen,
                              (unsigned char *)tag);
     if (rc != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_GET_TAG failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_GET_TAG failed");
         return;
     }
 }
@@ -684,7 +684,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
                              1,
                              lastiv);
     if (rc == 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_IV_GEN failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_IV_GEN failed");
         return SSH_ERROR;
     }
 
@@ -694,7 +694,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
                              authlen,
                              (unsigned char *)complete_packet + aadlen + encrypted_size);
     if (rc == 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CTRL_GCM_SET_TAG failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CTRL_GCM_SET_TAG failed");
         return SSH_ERROR;
     }
 
@@ -705,7 +705,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
                            (unsigned char *)complete_packet,
                            (int)aadlen);
     if (rc == 0) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to pass authenticated data");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to pass authenticated data");
         return SSH_ERROR;
     }
     /* Do not copy the length to the target buffer, because it is already processed */
@@ -716,14 +716,14 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
                            (unsigned char *)out,
                            &outlen,
                            (unsigned char *)complete_packet + aadlen,
-                           encrypted_size /* already substracted aadlen*/);
+                           encrypted_size /* already subtracted aadlen */);
     if (rc != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed");
         return SSH_ERROR;
     }
 
     if (outlen != (int)encrypted_size) {
-        SSH_LOG(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_TRACE,
                 "EVP_DecryptUpdate: output size %d for %zd in",
                 outlen,
                 encrypted_size);
@@ -735,14 +735,14 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
                           NULL,
                           &outlen);
     if (rc < 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptFinal failed: Failed authentication");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptFinal failed: Failed authentication");
         return SSH_ERROR;
     }
 
     return SSH_OK;
 }
 
-#if defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305)
+#ifdef HAVE_OPENSSL_EVP_CHACHA20
 
 struct chacha20_poly1305_keysched {
     /* cipher handle used for encrypting the packets */
@@ -817,24 +817,24 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
     /* K2 uses the first half of the key */
     ctx->main_evp = EVP_CIPHER_CTX_new();
     if (ctx->main_evp == NULL) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed");
         goto out;
     }
     rv = EVP_EncryptInit_ex(ctx->main_evp, EVP_chacha20(), NULL, u8key, NULL);
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed");
         goto out;
     }
     /* K1 uses the second half of the key */
     ctx->header_evp = EVP_CIPHER_CTX_new();
     if (ctx->header_evp == NULL) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CIPHER_CTX_new failed");
         goto out;
     }
-    ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
+    rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
                              u8key + CHACHA20_KEYLEN, NULL);
-    if (ret != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed");
+    if (rv != 1) {
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit failed");
         goto out;
     }
 
@@ -844,18 +844,18 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     ctx->mctx = EVP_MD_CTX_new();
     if (ctx->mctx == NULL) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MD_CTX_new failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MD_CTX_new failed");
         return SSH_ERROR;
     }
 #else
     mac = EVP_MAC_fetch(NULL, "poly1305", NULL);
     if (mac == NULL) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_fetch failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_fetch failed");
         goto out;
     }
     ctx->mctx = EVP_MAC_CTX_new(mac);
     if (ctx->mctx == NULL) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_CTX_new failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_CTX_new failed");
         goto out;
     }
 #endif /* OPENSSL_VERSION_NUMBER */
@@ -893,13 +893,13 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
 
     ret = EVP_CipherInit_ex(ctx->header_evp, NULL, NULL, NULL, seqbuf, do_encrypt);
     if (ret != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit_ex(header_evp) failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit_ex(header_evp) failed");
         return SSH_ERROR;
     }
 
     ret = EVP_CipherInit_ex(ctx->main_evp, NULL, NULL, NULL, seqbuf, do_encrypt);
     if (ret != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit_ex(main_evp) failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherInit_ex(main_evp) failed");
         return SSH_ERROR;
     }
 
@@ -928,7 +928,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
     rv = EVP_CipherUpdate(ctx->main_evp, poly_key, &len,
                            (unsigned char *)zero_block, sizeof(zero_block));
     if (rv != 1 || len != CHACHA20_BLOCKSIZE) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptUpdate failed");
         goto out;
     }
 #ifdef DEBUG_CRYPTO
@@ -942,12 +942,12 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
         ctx->key = EVP_PKEY_new_mac_key(EVP_PKEY_POLY1305, NULL,
                                         poly_key, POLY1305_KEYLEN);
         if (ctx->key == NULL) {
-            SSH_LOG(SSH_LOG_WARNING, "EVP_PKEY_new_mac_key failed");
+            SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_new_mac_key failed");
             goto out;
         }
         rv = EVP_DigestSignInit(ctx->mctx, &ctx->pctx, NULL, NULL, ctx->key);
         if (rv != 1) {
-            SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignInit failed");
+            SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignInit failed");
             goto out;
         }
     } else {
@@ -956,14 +956,14 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
                                 EVP_PKEY_CTRL_SET_MAC_KEY,
                                 POLY1305_KEYLEN, (void *)poly_key);
         if (rv <= 0) {
-            SSH_LOG(SSH_LOG_WARNING, "EVP_PKEY_CTX_ctrl failed");
+            SSH_LOG(SSH_LOG_TRACE, "EVP_PKEY_CTX_ctrl failed");
             goto out;
         }
     }
 #else
     rv = EVP_MAC_init(ctx->mctx, poly_key, POLY1305_KEYLEN, NULL);
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_init failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_init failed");
         goto out;
     }
 #endif /* OPENSSL_VERSION_NUMBER */
@@ -1000,7 +1000,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
 
     rv = EVP_CipherUpdate(ctx->header_evp, out, &outlen, in, len);
     if (rv != 1 || outlen != sizeof(uint32_t)) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
         return SSH_ERROR;
     }
 
@@ -1010,7 +1010,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
 
     rv = EVP_CipherFinal_ex(ctx->header_evp, out + outlen, &outlen);
     if (rv != 1 || outlen != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherFinal_ex failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherFinal_ex failed");
         return SSH_ERROR;
     }
 
@@ -1035,7 +1035,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
     /* Prepare the Poly1305 key */
     rv = chacha20_poly1305_packet_setup(cipher, seq, 0);
     if (rv != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
         goto out;
     }
 
@@ -1048,26 +1048,26 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
     rv = EVP_DigestSignUpdate(ctx->mctx, complete_packet,
                               encrypted_size + sizeof(uint32_t));
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed");
         goto out;
     }
 
     rv = EVP_DigestSignFinal(ctx->mctx, tag, &taglen);
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "poly1305 verify error");
+        SSH_LOG(SSH_LOG_TRACE, "poly1305 verify error");
         goto out;
     }
 #else
     rv = EVP_MAC_update(ctx->mctx, complete_packet,
                         encrypted_size + sizeof(uint32_t));
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
         goto out;
     }
 
     rv = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN);
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_final failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_final failed");
         goto out;
     }
 #endif /* OPENSSL_VERSION_NUMBER */
@@ -1089,13 +1089,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
                           (uint8_t *)complete_packet + sizeof(uint32_t),
                           encrypted_size);
     if (rv != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
         goto out;
     }
 
     rv = EVP_CipherFinal_ex(ctx->main_evp, out + len, &len);
     if (rv != 1 || len != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherFinal_ex failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherFinal_ex failed");
         goto out;
     }
 
@@ -1120,7 +1120,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     /* Prepare the Poly1305 key */
     ret = chacha20_poly1305_packet_setup(cipher, seq, 1);
     if (ret != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
         return;
     }
 
@@ -1135,7 +1135,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                            (unsigned char *)&in_packet->length,
                            sizeof(uint32_t));
     if (ret != 1 || outlen != sizeof(uint32_t)) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
         return;
     }
 #ifdef DEBUG_CRYPTO
@@ -1144,7 +1144,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
 #endif /* DEBUG_CRYPTO */
     ret = EVP_CipherFinal_ex(ctx->header_evp, (uint8_t *)out + outlen, &outlen);
     if (ret != 1 || outlen != 0) {
-        SSH_LOG(SSH_LOG_PACKET, "EVP_EncryptFinal_ex failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_EncryptFinal_ex failed");
         return;
     }
 
@@ -1156,7 +1156,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                            in_packet->payload,
                            len - sizeof(uint32_t));
     if (ret != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_CipherUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_CipherUpdate failed");
         return;
     }
 
@@ -1164,29 +1164,29 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     ret = EVP_DigestSignUpdate(ctx->mctx, out_packet, len);
     if (ret <= 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignUpdate failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignUpdate failed");
         return;
     }
     ret = EVP_DigestSignFinal(ctx->mctx, tag, &taglen);
     if (ret <= 0) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_DigestSignFinal failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_DigestSignFinal failed");
         return;
     }
 #else
     ret = EVP_MAC_update(ctx->mctx, (void*)out_packet, len);
     if (ret != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_update failed");
         return;
     }
 
     ret = EVP_MAC_final(ctx->mctx, tag, &taglen, POLY1305_TAGLEN);
     if (ret != 1) {
-        SSH_LOG(SSH_LOG_WARNING, "EVP_MAC_final failed");
+        SSH_LOG(SSH_LOG_TRACE, "EVP_MAC_final failed");
         return;
     }
 #endif /* OPENSSL_VERSION_NUMBER */
 }
-#endif /* defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305) */
+#endif /* HAVE_OPENSSL_EVP_CHACHA20 */
 
 #ifdef WITH_INSECURE_NONE
 static void
@@ -1203,7 +1203,7 @@ none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
  * The table of supported ciphers
  */
 static struct ssh_cipher_struct ssh_ciphertab[] = {
-#ifdef WITH_BLOWFISH_CIPHER
+#ifdef HAVE_BLOWFISH
   {
     .name = "blowfish-cbc",
     .blocksize = 8,
@@ -1215,7 +1215,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .decrypt = evp_cipher_decrypt,
     .cleanup = evp_cipher_cleanup
   },
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH */
 #ifdef HAS_AES
   {
     .name = "aes128-ctr",
@@ -1326,7 +1326,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
   },
 #endif /* HAS_DES */
   {
-#if defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305)
+#ifdef HAVE_OPENSSL_EVP_CHACHA20
     .ciphertype = SSH_AEAD_CHACHA20_POLY1305,
     .name = "chacha20-poly1305@openssh.com",
     .blocksize = CHACHA20_BLOCKSIZE/8,
@@ -1342,7 +1342,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .cleanup = chacha20_poly1305_cleanup
 #else
     .name = "chacha20-poly1305@openssh.com"
-#endif /* defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305) */
+#endif /* HAVE_OPENSSL_EVP_CHACHA20 */
   },
 #ifdef WITH_INSECURE_NONE
   {
@@ -1369,7 +1369,7 @@ struct ssh_cipher_struct *ssh_get_ciphertab(void)
  */
 int ssh_crypto_init(void)
 {
-#if !defined(HAVE_OPENSSL_EVP_CHACHA20) || !defined(HAVE_OPENSSL_EVP_POLY1305)
+#ifndef HAVE_OPENSSL_EVP_CHACHA20
     size_t i;
 #endif
 
@@ -1377,7 +1377,7 @@ int ssh_crypto_init(void)
         return SSH_OK;
     }
     if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER){
-        SSH_LOG(SSH_LOG_WARNING, "libssh compiled with %s "
+        SSH_LOG(SSH_LOG_DEBUG, "libssh compiled with %s "
             "headers, currently running with %s.",
             OPENSSL_VERSION_TEXT,
             OpenSSL_version(OpenSSL_version_num())
@@ -1394,11 +1394,8 @@ int ssh_crypto_init(void)
         OPENSSL_ia32cap &= ~(1LL << 57);
     }
 #endif /* CAN_DISABLE_AESNI */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    OpenSSL_add_all_algorithms();
-#endif /* OPENSSL_VERSION_NUMBER */
 
-#if !defined(HAVE_OPENSSL_EVP_CHACHA20) || !defined(HAVE_OPENSSL_EVP_POLY1305)
+#ifndef HAVE_OPENSSL_EVP_CHACHA20
     for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
         int cmp;
 
@@ -1410,7 +1407,7 @@ int ssh_crypto_init(void)
             break;
         }
     }
-#endif /* !defined(HAVE_OPENSSL_EVP_CHACHA20) || !defined(HAVE_OPENSSL_EVP_POLY1305) */
+#endif /* HAVE_OPENSSL_EVP_CHACHA20 */
 
     libcrypto_initialized = 1;
 
@@ -1437,12 +1434,14 @@ void ssh_crypto_finalize(void)
         engine = NULL;
     }
 #endif
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ENGINE_cleanup();
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+#if defined(WITH_PKCS11_URI)
+#if defined(WITH_PKCS11_PROVIDER)
+    if (provider != NULL) {
+        OSSL_PROVIDER_unload(provider);
+        provider = NULL;
+    }
+#endif /* WITH_PKCS11_PROVIDER */
+#endif /* WITH_PKCS11_URI */
 
     libcrypto_initialized = 0;
 }
@@ -1488,6 +1487,9 @@ int evp_build_pkey(const char* name, OSSL_PARAM_BLD *param_bld,
 
     rc = EVP_PKEY_fromdata(ctx, pkey, selection, params);
     if (rc != 1) {
+        SSH_LOG(SSH_LOG_WARNING,
+                "Failed to import private key: %s\n",
+                ERR_error_string(ERR_get_error(), NULL));
         OSSL_PARAM_free(params);
         EVP_PKEY_CTX_free(ctx);
         return -1;
@@ -1514,57 +1516,59 @@ int evp_build_pkey(const char* name, OSSL_PARAM_BLD *param_bld,
  *
  * @return 0 on success, -1 on error
  */
-static int evp_dup_pkey(const char* name, const ssh_key key, int demote,
-                        ssh_key new_key)
+static int
+evp_dup_pkey(const char *name, const ssh_key key, int demote, ssh_key new_key)
 {
     int rc;
-    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, name, NULL);
+    EVP_PKEY_CTX *ctx = NULL;
     OSSL_PARAM *params = NULL;
 
-    if (ctx == NULL) {
-        return -1;
-    }
-
-    if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
-        rc = EVP_PKEY_todata(key->key, EVP_PKEY_KEYPAIR, &params);
+    /* The simple case -- just reference the existing key */
+    if (!demote || (key->flags & SSH_KEY_FLAG_PRIVATE) == 0) {
+        rc = EVP_PKEY_up_ref(key->key);
         if (rc != 1) {
-            EVP_PKEY_CTX_free(ctx);
             return -1;
         }
+        new_key->key = key->key;
+        return SSH_OK;
+    }
 
-        rc = EVP_PKEY_fromdata_init(ctx);
-        if (rc != 1) {
-            EVP_PKEY_CTX_free(ctx);
-            OSSL_PARAM_free(params);
-            return -1;
-        }
+    /* demote == 1 */
+    ctx = EVP_PKEY_CTX_new_from_name(NULL, name, NULL);
+    if (ctx == NULL) {
+        return -1;
+    }
 
-        rc = EVP_PKEY_fromdata(ctx, &(new_key->key), EVP_PKEY_KEYPAIR, params);
-        if (rc != 1) {
-            EVP_PKEY_CTX_free(ctx);
-            OSSL_PARAM_free(params);
-            return -1;
-        }
-    } else {
-        rc = EVP_PKEY_todata(key->key, EVP_PKEY_PUBLIC_KEY, &params);
-        if (rc != 1) {
-            EVP_PKEY_CTX_free(ctx);
-            return -1;
-        }
+    rc = EVP_PKEY_todata(key->key, EVP_PKEY_PUBLIC_KEY, &params);
+    if (rc != 1) {
+        EVP_PKEY_CTX_free(ctx);
+        return -1;
+    }
 
-        rc = EVP_PKEY_fromdata_init(ctx);
-        if (rc != 1) {
+    if (strcmp(name, "EC") == 0) {
+        OSSL_PARAM *locate_param = NULL;
+        /* For ECC keys provided by engine or provider, we need to have the
+         * explicit public part available, otherwise the key will not be
+         * usable */
+        locate_param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
+        if (locate_param == NULL) {
             EVP_PKEY_CTX_free(ctx);
             OSSL_PARAM_free(params);
             return -1;
         }
+    }
+    rc = EVP_PKEY_fromdata_init(ctx);
+    if (rc != 1) {
+        EVP_PKEY_CTX_free(ctx);
+        OSSL_PARAM_free(params);
+        return -1;
+    }
 
-        rc = EVP_PKEY_fromdata(ctx, &(new_key->key), EVP_PKEY_PUBLIC_KEY, params);
-        if (rc != 1) {
-            EVP_PKEY_CTX_free(ctx);
-            OSSL_PARAM_free(params);
-            return -1;
-        }
+    rc = EVP_PKEY_fromdata(ctx, &(new_key->key), EVP_PKEY_PUBLIC_KEY, params);
+    if (rc != 1) {
+        EVP_PKEY_CTX_free(ctx);
+        OSSL_PARAM_free(params);
+        return -1;
     }
 
     OSSL_PARAM_free(params);
@@ -1573,20 +1577,65 @@ static int evp_dup_pkey(const char* name, const ssh_key key, int demote,
     return SSH_OK;
 }
 
-int evp_dup_dsa_pkey(const ssh_key key, ssh_key new, int demote)
+int evp_dup_rsa_pkey(const ssh_key key, ssh_key new_key, int demote)
 {
-    return evp_dup_pkey("DSA", key, demote, new);
+    return evp_dup_pkey("RSA", key, demote, new_key);
 }
 
-int evp_dup_rsa_pkey(const ssh_key key, ssh_key new, int demote)
+int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new_key, int demote)
 {
-    return evp_dup_pkey("RSA", key, demote, new);
+    return evp_dup_pkey("EC", key, demote, new_key);
 }
+#endif /* OPENSSL_VERSION_NUMBER */
 
-int evp_dup_ecdsa_pkey(const ssh_key key, ssh_key new, int demote)
+ssh_string
+pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p)
 {
-    return evp_dup_pkey("EC", key, demote, new);
+    ssh_string s = NULL;
+    size_t len;
+
+    len = EC_POINT_point2oct(g,
+                             p,
+                             POINT_CONVERSION_UNCOMPRESSED,
+                             NULL,
+                             0,
+                             NULL);
+    if (len == 0) {
+        return NULL;
+    }
+
+    s = ssh_string_new(len);
+    if (s == NULL) {
+        return NULL;
+    }
+
+    len = EC_POINT_point2oct(g,
+                             p,
+                             POINT_CONVERSION_UNCOMPRESSED,
+                             ssh_string_data(s),
+                             ssh_string_len(s),
+                             NULL);
+    if (len != ssh_string_len(s)) {
+        SSH_STRING_FREE(s);
+        return NULL;
+    }
+
+    return s;
 }
-#endif /* OPENSSL_VERSION_NUMBER */
 
+int pki_key_ecgroup_name_to_nid(const char *group)
+{
+    if (strcmp(group, NISTP256) == 0 ||
+        strcmp(group, "secp256r1") == 0 ||
+        strcmp(group, "prime256v1") == 0) {
+        return NID_X9_62_prime256v1;
+    } else if (strcmp(group, NISTP384) == 0 ||
+               strcmp(group, "secp384r1") == 0) {
+        return NID_secp384r1;
+    } else if (strcmp(group, NISTP521) == 0 ||
+               strcmp(group, "secp521r1") == 0) {
+        return NID_secp521r1;
+    }
+    return -1;
+}
 #endif /* LIBCRYPTO */
diff --git a/libssh/src/libgcrypt.c b/libssh/src/libgcrypt.c
index da5588ad..195bb755 100644
--- a/libssh/src/libgcrypt.c
+++ b/libssh/src/libgcrypt.c
@@ -69,59 +69,6 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
 void ssh_reseed(void){
 }
 
-#ifdef HAVE_GCRYPT_ECC
-static int nid_to_md_algo(int nid)
-{
-    switch (nid) {
-    case NID_gcrypt_nistp256:
-        return GCRY_MD_SHA256;
-    case NID_gcrypt_nistp384:
-        return GCRY_MD_SHA384;
-    case NID_gcrypt_nistp521:
-        return GCRY_MD_SHA512;
-    }
-    return GCRY_MD_NONE;
-}
-
-void evp(int nid, unsigned char *digest, size_t len,
-         unsigned char *hash, unsigned int *hlen)
-{
-    int algo = nid_to_md_algo(nid);
-
-    /* Note: What gcrypt calls 'hash' is called 'digest' here and
-       vice-versa.  */
-    gcry_md_hash_buffer(algo, hash, digest, len);
-    *hlen = gcry_md_get_algo_dlen(algo);
-}
-
-EVPCTX evp_init(int nid)
-{
-    gcry_error_t err;
-    int algo = nid_to_md_algo(nid);
-    EVPCTX ctx;
-
-    err = gcry_md_open(&ctx, algo, 0);
-    if (err) {
-        return NULL;
-    }
-
-    return ctx;
-}
-
-void evp_update(EVPCTX ctx, const void *data, size_t len)
-{
-    gcry_md_write(ctx, data, len);
-}
-
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
-{
-    int algo = gcry_md_get_algo(ctx);
-    *mdlen = gcry_md_get_algo_dlen(algo);
-    memcpy(md, gcry_md_read(ctx, algo), *mdlen);
-    gcry_md_close(ctx);
-}
-#endif
-
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
             uint8_t key_type, unsigned char *output,
@@ -169,7 +116,7 @@ int hmac_final(HMACCTX c, unsigned char *hashmacbuf, size_t *len) {
   return 1;
 }
 
-#ifdef WITH_BLOWFISH_CIPHER
+#ifdef HAVE_BLOWFISH
 /* the wrapper functions for blowfish */
 static int blowfish_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV){
   if (cipher->key == NULL) {
@@ -198,15 +145,15 @@ static int blowfish_set_key(struct ssh_cipher_struct *cipher, void *key, void *I
 }
 
 static void blowfish_encrypt(struct ssh_cipher_struct *cipher, void *in,
-    void *out, unsigned long len) {
+    void *out, size_t len) {
   gcry_cipher_encrypt(cipher->key[0], out, len, in, len);
 }
 
 static void blowfish_decrypt(struct ssh_cipher_struct *cipher, void *in,
-    void *out, unsigned long len) {
+    void *out, size_t len) {
   gcry_cipher_decrypt(cipher->key[0], out, len, in, len);
 }
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH */
 
 static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
   int mode=GCRY_CIPHER_MODE_CBC;
@@ -241,7 +188,7 @@ static int aes_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
         }
         break;
       default:
-        SSH_LOG(SSH_LOG_WARNING, "Unksupported key length %u.", cipher->keysize);
+        SSH_LOG(SSH_LOG_TRACE, "Unsupported key length %u.", cipher->keysize);
         SAFE_FREE(cipher->key);
         return -1;
     }
@@ -334,7 +281,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
      */
     uint64_inc(cipher->last_iv + 4);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
                 gpg_strerror(err));
         return;
     }
@@ -342,7 +289,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
     /* Pass the authenticated data (packet_length) */
     err = gcry_cipher_authenticate(cipher->key[0], in, aadlen);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_authenticate failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_authenticate failed: %s",
                 gpg_strerror(err));
         return;
     }
@@ -355,7 +302,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
                               (unsigned char *)in + aadlen,
                               len - aadlen);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
                 gpg_strerror(err));
         return;
     }
@@ -365,7 +312,7 @@ aes_gcm_encrypt(struct ssh_cipher_struct *cipher,
                              (void *)tag,
                              authlen);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_gettag failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_gettag failed: %s",
                 gpg_strerror(err));
         return;
     }
@@ -390,7 +337,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
     err = gcry_cipher_setiv(cipher->key[0],
                             cipher->last_iv,
                             AES_GCM_IVLEN);
-    /* This actualy does not increment the packet counter for the
+    /* This actually does not increment the packet counter for the
      * current encryption operation, but for the next one. The first
      * operation needs to be completed with the derived IV.
      *
@@ -399,7 +346,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
      */
     uint64_inc(cipher->last_iv + 4);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
                 gpg_strerror(err));
         return SSH_ERROR;
     }
@@ -409,7 +356,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
                                    complete_packet,
                                    aadlen);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_authenticate failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_authenticate failed: %s",
                 gpg_strerror(err));
         return SSH_ERROR;
     }
@@ -423,7 +370,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
                               (unsigned char *)complete_packet + aadlen,
                               encrypted_size);
     if (err) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s",
                 gpg_strerror(err));
         return SSH_ERROR;
     }
@@ -433,10 +380,10 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
                                (unsigned char *)complete_packet + aadlen + encrypted_size,
                                authlen);
     if (gpg_err_code(err) == GPG_ERR_CHECKSUM) {
-        SSH_LOG(SSH_LOG_WARNING, "The authentication tag does not match");
+        SSH_LOG(SSH_LOG_DEBUG, "The authentication tag does not match");
         return SSH_ERROR;
     } else if (err != GPG_ERR_NO_ERROR) {
-        SSH_LOG(SSH_LOG_WARNING, "General error while decryption: %s",
+        SSH_LOG(SSH_LOG_TRACE, "General error while decryption: %s",
                 gpg_strerror(err));
         return SSH_ERROR;
     }
@@ -469,12 +416,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
 }
 
 static void des3_encrypt(struct ssh_cipher_struct *cipher, void *in,
-    void *out, unsigned long len) {
+    void *out, size_t len) {
   gcry_cipher_encrypt(cipher->key[0], out, len, in, len);
 }
 
 static void des3_decrypt(struct ssh_cipher_struct *cipher, void *in,
-    void *out, unsigned long len) {
+    void *out, size_t len) {
   gcry_cipher_decrypt(cipher->key[0], out, len, in, len);
 }
 
@@ -522,7 +469,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
         err = gcry_cipher_open(&ctx->main_hd, GCRY_CIPHER_CHACHA20,
                                GCRY_CIPHER_MODE_STREAM, 0);
         if (err != 0) {
-            SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_open failed: %s",
+            SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_open failed: %s",
                     gpg_strerror(err));
             SAFE_FREE(cipher->chacha20_schedule);
             return -1;
@@ -530,7 +477,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
         err = gcry_cipher_open(&ctx->header_hd, GCRY_CIPHER_CHACHA20,
                                GCRY_CIPHER_MODE_STREAM, 0);
         if (err != 0) {
-            SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_open failed: %s",
+            SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_open failed: %s",
                     gpg_strerror(err));
             gcry_cipher_close(ctx->main_hd);
             SAFE_FREE(cipher->chacha20_schedule);
@@ -538,7 +485,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
         }
         err = gcry_mac_open(&ctx->mac_hd, GCRY_MAC_POLY1305, 0, NULL);
         if (err != 0) {
-            SSH_LOG(SSH_LOG_WARNING, "gcry_mac_open failed: %s",
+            SSH_LOG(SSH_LOG_TRACE, "gcry_mac_open failed: %s",
                     gpg_strerror(err));
             gcry_cipher_close(ctx->main_hd);
             gcry_cipher_close(ctx->header_hd);
@@ -551,7 +498,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
 
     err = gcry_cipher_setkey(ctx->main_hd, u8key, CHACHA20_KEYLEN);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setkey failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setkey failed: %s",
                 gpg_strerror(err));
         chacha20_cleanup(cipher);
         return -1;
@@ -560,7 +507,7 @@ static int chacha20_set_encrypt_key(struct ssh_cipher_struct *cipher,
     err = gcry_cipher_setkey(ctx->header_hd, u8key + CHACHA20_KEYLEN,
                              CHACHA20_KEYLEN);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setkey failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setkey failed: %s",
                 gpg_strerror(err));
         chacha20_cleanup(cipher);
         return -1;
@@ -587,7 +534,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     /* step 1, prepare the poly1305 key */
     err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -599,13 +546,13 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                               zero_block,
                               sizeof(zero_block));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
                 gpg_strerror(err));
         goto out;
     }
     err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_mac_setkey failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_mac_setkey failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -613,7 +560,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     /* step 2, encrypt length field */
     err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -623,7 +570,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                               (uint8_t *)&in_packet->length,
                               sizeof(uint32_t));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -635,7 +582,7 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                               in_packet->payload,
                               len - sizeof(uint32_t));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -643,13 +590,13 @@ static void chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     /* step 4, compute the MAC */
     err = gcry_mac_write(ctx->mac_hd, (uint8_t *)out_packet, len);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_mac_write failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_mac_write failed: %s",
                 gpg_strerror(err));
         goto out;
     }
     err = gcry_mac_read(ctx->mac_hd, tag, &taglen);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_mac_read failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_mac_read failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -675,7 +622,7 @@ static int chacha20_poly1305_aead_decrypt_length(
 
     err = gcry_cipher_setiv(ctx->header_hd, (uint8_t *)&seq, sizeof(seq));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
                 gpg_strerror(err));
         return SSH_ERROR;
     }
@@ -685,7 +632,7 @@ static int chacha20_poly1305_aead_decrypt_length(
                               in,
                               sizeof(uint32_t));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s",
                 gpg_strerror(err));
         return SSH_ERROR;
     }
@@ -711,7 +658,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
     /* step 1, prepare the poly1305 key */
     err = gcry_cipher_setiv(ctx->main_hd, (uint8_t *)&seq, sizeof(seq));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_setiv failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_setiv failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -723,13 +670,13 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
                               zero_block,
                               sizeof(zero_block));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_encrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_encrypt failed: %s",
                 gpg_strerror(err));
         goto out;
     }
     err = gcry_mac_setkey(ctx->mac_hd, poly_key, POLY1305_KEYLEN);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_mac_setkey failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_mac_setkey failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -738,7 +685,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
     err = gcry_mac_write(ctx->mac_hd, (uint8_t *)complete_packet,
                          encrypted_size + sizeof(uint32_t));
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_mac_write failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_mac_write failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -747,7 +694,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
         SSH_LOG(SSH_LOG_PACKET, "poly1305 verify error");
         goto out;
     } else if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_mac_verify failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_mac_verify failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -759,7 +706,7 @@ static int chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
                               (uint8_t *)complete_packet + sizeof(uint32_t),
                               encrypted_size);
     if (err != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "gcry_cipher_decrypt failed: %s",
+        SSH_LOG(SSH_LOG_TRACE, "gcry_cipher_decrypt failed: %s",
                 gpg_strerror(err));
         goto out;
     }
@@ -785,7 +732,7 @@ none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
 
 /* the table of supported ciphers */
 static struct ssh_cipher_struct ssh_ciphertab[] = {
-#ifdef WITH_BLOWFISH_CIPHER
+#ifdef HAVE_BLOWFISH
   {
     .name            = "blowfish-cbc",
     .blocksize       = 8,
@@ -797,7 +744,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .encrypt     = blowfish_encrypt,
     .decrypt     = blowfish_decrypt
   },
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH */
   {
     .name            = "aes128-ctr",
     .blocksize       = 16,
diff --git a/libssh/src/libmbedcrypto.c b/libssh/src/libmbedcrypto.c
index 6d84bd51..e3282456 100644
--- a/libssh/src/libmbedcrypto.c
+++ b/libssh/src/libmbedcrypto.c
@@ -51,80 +51,6 @@ void ssh_reseed(void)
     mbedtls_ctr_drbg_reseed(&ssh_mbedtls_ctr_drbg, NULL, 0);
 }
 
-static mbedtls_md_type_t nid_to_md_algo(int nid)
-{
-    switch (nid) {
-        case NID_mbedtls_nistp256:
-            return MBEDTLS_MD_SHA256;
-        case NID_mbedtls_nistp384:
-            return MBEDTLS_MD_SHA384;
-        case NID_mbedtls_nistp521:
-            return MBEDTLS_MD_SHA512;
-    }
-    return MBEDTLS_MD_NONE;
-}
-
-void evp(int nid, unsigned char *digest, size_t len,
-        unsigned char *hash, unsigned int *hlen)
-{
-    mbedtls_md_type_t algo = nid_to_md_algo(nid);
-    const mbedtls_md_info_t *md_info =
-        mbedtls_md_info_from_type(algo);
-
-
-    if (md_info != NULL) {
-        *hlen = mbedtls_md_get_size(md_info);
-        mbedtls_md(md_info, digest, len, hash);
-    }
-}
-
-EVPCTX evp_init(int nid)
-{
-    EVPCTX ctx = NULL;
-    int rc;
-    mbedtls_md_type_t algo = nid_to_md_algo(nid);
-    const mbedtls_md_info_t *md_info =
-        mbedtls_md_info_from_type(algo);
-
-    if (md_info == NULL) {
-        return NULL;
-    }
-
-    ctx = malloc(sizeof(mbedtls_md_context_t));
-    if (ctx == NULL) {
-        return NULL;
-    }
-
-    mbedtls_md_init(ctx);
-
-    rc = mbedtls_md_setup(ctx, md_info, 0);
-    if (rc != 0) {
-        SAFE_FREE(ctx);
-        return NULL;
-    }
-
-    rc = mbedtls_md_starts(ctx);
-    if (rc != 0) {
-        SAFE_FREE(ctx);
-        return NULL;
-    }
-
-    return ctx;
-}
-
-void evp_update(EVPCTX ctx, const void *data, size_t len)
-{
-    mbedtls_md_update(ctx, data, len);
-}
-
-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
-{
-    *mdlen = mbedtls_md_get_size(ctx->MBEDTLS_PRIVATE(md_info));
-    mbedtls_md_finish(ctx, md);
-    mbedtls_md_free(ctx);
-    SAFE_FREE(ctx);
-}
-
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
             uint8_t key_type, unsigned char *output,
@@ -193,7 +119,7 @@ int hmac_update(HMACCTX c, const void *data, size_t len)
 int hmac_final(HMACCTX c, unsigned char *hashmacbuf, size_t *len)
 {
     int rc;
-    *len = (unsigned int)mbedtls_md_get_size(c->md_info);
+    *len = (unsigned int)mbedtls_md_get_size(c->MBEDTLS_PRIVATE(md_info));
     rc = !mbedtls_md_hmac_finish(c, hashmacbuf);
     mbedtls_md_free(c);
     SAFE_FREE(c);
@@ -207,7 +133,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
             void *IV)
 {
     const mbedtls_cipher_info_t *cipher_info = NULL;
-    mbedtls_cipher_context_t *ctx;
+    mbedtls_cipher_context_t *ctx = NULL;
     size_t key_bitlen = 0;
     size_t iv_size = 0;
     int rc;
@@ -217,7 +143,7 @@ cipher_init(struct ssh_cipher_struct *cipher,
     } else if (operation == MBEDTLS_DECRYPT) {
         ctx = &cipher->decrypt_ctx;
     } else {
-        SSH_LOG(SSH_LOG_WARNING, "unknown operation");
+        SSH_LOG(SSH_LOG_TRACE, "unknown operation");
         return 1;
     }
 
@@ -226,21 +152,21 @@ cipher_init(struct ssh_cipher_struct *cipher,
 
     rc = mbedtls_cipher_setup(ctx, cipher_info);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setup failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_setup failed");
         goto error;
     }
 
     key_bitlen = mbedtls_cipher_info_get_key_bitlen(cipher_info);
     rc = mbedtls_cipher_setkey(ctx, key, key_bitlen, operation);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_setkey failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_setkey failed");
         goto error;
     }
 
     iv_size = mbedtls_cipher_info_get_iv_size(cipher_info);
     rc = mbedtls_cipher_set_iv(ctx, IV, iv_size);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_iv failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_iv failed");
         goto error;
     }
 
@@ -259,13 +185,13 @@ cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
 
     rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
+        SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
         goto error;
     }
 
     rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
         goto error;
     }
 
@@ -283,23 +209,23 @@ cipher_set_encrypt_key_cbc(struct ssh_cipher_struct *cipher,
 
     rc = cipher_init(cipher, MBEDTLS_ENCRYPT, key, IV);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
+        SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
         goto error;
     }
 
-    /* libssh only encypts and decrypts packets that are multiples of a block
+    /* libssh only encrypts and decrypts packets that are multiples of a block
      * size, and no padding is used */
     rc = mbedtls_cipher_set_padding_mode(&cipher->encrypt_ctx,
             MBEDTLS_PADDING_NONE);
 
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_padding_mode failed");
         goto error;
     }
 
     rc = mbedtls_cipher_reset(&cipher->encrypt_ctx);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
         goto error;
     }
 
@@ -327,7 +253,7 @@ cipher_set_key_gcm(struct ssh_cipher_struct *cipher,
                             key, key_bitlen);
 
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_setkey failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_setkey failed");
         goto error;
     }
 
@@ -350,13 +276,13 @@ cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
 
     rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
+        SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
         goto error;
     }
 
     mbedtls_cipher_reset(&cipher->decrypt_ctx);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
         goto error;
     }
 
@@ -375,20 +301,20 @@ cipher_set_decrypt_key_cbc(struct ssh_cipher_struct *cipher,
 
     rc = cipher_init(cipher, MBEDTLS_DECRYPT, key, IV);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "cipher_init failed");
+        SSH_LOG(SSH_LOG_TRACE, "cipher_init failed");
         goto error;
     }
 
     rc = mbedtls_cipher_set_padding_mode(&cipher->decrypt_ctx,
             MBEDTLS_PADDING_NONE);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_set_padding_mode failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_set_padding_mode failed");
         goto error;
     }
 
     mbedtls_cipher_reset(&cipher->decrypt_ctx);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed");
         goto error;
     }
 
@@ -408,7 +334,7 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher,
     int rc = 0;
     rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during encryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during encryption");
         return;
     }
 
@@ -424,12 +350,12 @@ static void cipher_encrypt(struct ssh_cipher_struct *cipher,
     total_len += outlen;
 
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during encryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_finish failed during encryption");
         return;
     }
 
     if (total_len != len) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu",
+        SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu",
                 outlen, len);
         return;
     }
@@ -443,12 +369,12 @@ static void cipher_encrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void
     int rc = 0;
     rc = mbedtls_cipher_update(&cipher->encrypt_ctx, in, len, out, &outlen);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during encryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during encryption");
         return;
     }
 
     if (outlen != len) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu",
+        SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu",
                 outlen, len);
         return;
     }
@@ -466,7 +392,7 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher,
 
     rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during decryption");
         return;
     }
 
@@ -480,14 +406,14 @@ static void cipher_decrypt(struct ssh_cipher_struct *cipher,
             outlen, &outlen);
 
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed during decryption");
         return;
     }
 
     total_len += outlen;
 
     if (total_len != len) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu",
+        SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu",
                 outlen, len);
         return;
     }
@@ -501,7 +427,7 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void
     int rc = 0;
     rc = mbedtls_cipher_update(&cipher->decrypt_ctx, in, len, out, &outlen);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update failed during decryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_update failed during decryption");
         return;
     }
 
@@ -520,19 +446,19 @@ static void cipher_decrypt_cbc(struct ssh_cipher_struct *cipher, void *in, void
     }
 
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_finish failed during decryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_finish failed during decryption");
         return;
     }
 
     rc = mbedtls_cipher_reset(&cipher->decrypt_ctx);
 
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_reset failed during decryption");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_cipher_reset failed during decryption");
         return;
     }
 
     if (outlen != len) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_cipher_update: output size %zu for %zu",
+        SSH_LOG(SSH_LOG_DEBUG, "mbedtls_cipher_update: output size %zu for %zu",
                 outlen, len);
         return;
     }
@@ -586,7 +512,7 @@ cipher_encrypt_gcm(struct ssh_cipher_struct *cipher,
                                    authlen,
                                    tag); /* tag */
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_crypt_and_tag failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_crypt_and_tag failed");
         return;
     }
 
@@ -620,7 +546,7 @@ cipher_decrypt_gcm(struct ssh_cipher_struct *cipher,
                                   (const uint8_t *)complete_packet + aadlen, /* input */
                                   (unsigned char *)out); /* output */
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_gcm_auth_decrypt failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_gcm_auth_decrypt failed");
         return SSH_ERROR;
     }
 
@@ -694,14 +620,14 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
     /* K2 uses the first half of the key */
     rv = mbedtls_chacha20_setkey(&ctx->main_ctx, u8key);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_setkey(main_ctx) failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_setkey(main_ctx) failed");
         goto out;
     }
 
     /* K1 uses the second half of the key */
     rv = mbedtls_chacha20_setkey(&ctx->header_ctx, u8key + CHACHA20_KEYLEN);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_setkey(header_ctx) failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_setkey(header_ctx) failed");
         goto out;
     }
 
@@ -725,7 +651,7 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
 
     /* The nonce in mbedTLS is 96 b long. The counter is passed through separate
      * parameter of 32 b size.
-     * Encode the seqence number into the last 8 bytes.
+     * Encode the sequence number into the last 8 bytes.
      */
     PUSH_BE_U64(seqbuf, 4, seq);
 #ifdef DEBUG_CRYPTO
@@ -734,13 +660,13 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
 
     ret = mbedtls_chacha20_starts(&ctx->header_ctx, seqbuf, 0);
     if (ret != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_starts(header_ctx) failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_starts(header_ctx) failed");
         return SSH_ERROR;
     }
 
     ret = mbedtls_chacha20_starts(&ctx->main_ctx, seqbuf, 0);
     if (ret != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_starts(main_ctx) failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_starts(main_ctx) failed");
         return SSH_ERROR;
     }
 
@@ -769,7 +695,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
     rv = mbedtls_chacha20_update(&ctx->main_ctx, sizeof(zero_block),
                                  zero_block, poly_key);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
         goto out;
     }
 #ifdef DEBUG_CRYPTO
@@ -779,7 +705,7 @@ chacha20_poly1305_packet_setup(struct ssh_cipher_struct *cipher,
     /* Set the Poly1305 key */
     rv = mbedtls_poly1305_starts(&ctx->poly_ctx, poly_key);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_starts failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_starts failed");
         goto out;
     }
 
@@ -815,7 +741,7 @@ chacha20_poly1305_aead_decrypt_length(struct ssh_cipher_struct *cipher,
 
     rv = mbedtls_chacha20_update(&ctx->header_ctx, sizeof(uint32_t), in, out);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
         return SSH_ERROR;
     }
 
@@ -843,7 +769,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
     /* Prepare the Poly1305 key */
     rv = chacha20_poly1305_packet_setup(cipher, seq, 0);
     if (rv != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
         goto out;
     }
 
@@ -855,13 +781,13 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
     rv = mbedtls_poly1305_update(&ctx->poly_ctx, complete_packet,
                                  encrypted_size + sizeof(uint32_t));
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_update failed");
         goto out;
     }
 
     rv = mbedtls_poly1305_finish(&ctx->poly_ctx, tag);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_finish failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_finish failed");
         goto out;
     }
 
@@ -882,7 +808,7 @@ chacha20_poly1305_aead_decrypt(struct ssh_cipher_struct *cipher,
                                  (uint8_t *)complete_packet + sizeof(uint32_t),
                                  out);
     if (rv != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
         goto out;
     }
 
@@ -906,7 +832,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     /* Prepare the Poly1305 key */
     ret = chacha20_poly1305_packet_setup(cipher, seq, 1);
     if (ret != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to setup packet");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to setup packet");
         return;
     }
 
@@ -919,7 +845,7 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
                                   (unsigned char *)&in_packet->length,
                                   (unsigned char *)&out_packet->length);
     if (ret != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
         return;
     }
 #ifdef DEBUG_CRYPTO
@@ -932,19 +858,19 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
     ret = mbedtls_chacha20_update(&ctx->main_ctx, len - sizeof(uint32_t),
                                   in_packet->payload, out_packet->payload);
     if (ret != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_chacha20_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_chacha20_update failed");
         return;
     }
 
     /* step 4, compute the MAC */
     ret = mbedtls_poly1305_update(&ctx->poly_ctx, (const unsigned char *)out_packet, len);
     if (ret != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_update failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_update failed");
         return;
     }
     ret = mbedtls_poly1305_finish(&ctx->poly_ctx, tag);
     if (ret != 0) {
-        SSH_LOG(SSH_LOG_WARNING, "mbedtls_poly1305_finish failed");
+        SSH_LOG(SSH_LOG_TRACE, "mbedtls_poly1305_finish failed");
         return;
     }
 }
@@ -972,7 +898,7 @@ none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
 #endif /* WITH_INSECURE_NONE */
 
 static struct ssh_cipher_struct ssh_ciphertab[] = {
-#ifdef WITH_BLOWFISH_CIPHER
+#ifdef HAVE_BLOWFISH
     {
         .name = "blowfish-cbc",
         .blocksize = 8,
@@ -984,7 +910,7 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
         .decrypt = cipher_decrypt_cbc,
         .cleanup = cipher_cleanup
     },
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH */
     {
         .name = "aes128-ctr",
         .blocksize = 16,
diff --git a/libssh/src/libssh.map b/libssh/src/libssh.map
index eeb625c5..02f5f683 100644
--- a/libssh/src/libssh.map
+++ b/libssh/src/libssh.map
@@ -459,3 +459,25 @@ LIBSSH_4_9_0    # Released
         ssh_vlog;
 } LIBSSH_4_8_1;
 
+LIBSSH_4_10_0    # Released
+{
+    global:
+        sftp_aio_begin_read;
+        sftp_aio_begin_write;
+        sftp_aio_free;
+        sftp_aio_wait_read;
+        sftp_aio_wait_write;
+        sftp_channel_default_data_callback;
+        sftp_channel_default_subsystem_request;
+        sftp_expand_path;
+        sftp_hardlink;
+        sftp_home_directory;
+        sftp_limits;
+        sftp_limits_free;
+        sftp_lsetstat;
+        ssh_channel_get_exit_state;
+        ssh_channel_request_pty_size_modes;
+        ssh_pki_export_privkey_base64_format;
+        ssh_pki_export_privkey_file_format;
+        ssh_request_no_more_sessions;
+} LIBSSH_4_9_0;
diff --git a/libssh/src/log.c b/libssh/src/log.c
index 8ce1e71e..5970b135 100644
--- a/libssh/src/log.c
+++ b/libssh/src/log.c
@@ -44,10 +44,10 @@
 
 static LIBSSH_THREAD int ssh_log_level;
 static LIBSSH_THREAD ssh_logging_callback ssh_log_cb;
-static LIBSSH_THREAD void *ssh_log_userdata;
+static LIBSSH_THREAD void *ssh_log_userdata = NULL;
 
 /**
- * @defgroup libssh_log The SSH logging functions.
+ * @defgroup libssh_log The SSH logging functions
  * @ingroup libssh
  *
  * Logging functions for debugging and problem resolving.
@@ -221,6 +221,12 @@ int ssh_set_log_callback(ssh_logging_callback cb) {
   return SSH_OK;
 }
 
+void
+_ssh_reset_log_cb(void)
+{
+    ssh_log_cb = NULL;
+}
+
 ssh_logging_callback ssh_get_log_callback(void) {
   return ssh_log_cb;
 }
diff --git a/libssh/src/match.c b/libssh/src/match.c
index 3e58f733..2c004c98 100644
--- a/libssh/src/match.c
+++ b/libssh/src/match.c
@@ -40,6 +40,16 @@
 #include <ctype.h>
 #include <stdbool.h>
 #include <sys/types.h>
+#ifndef _WIN32
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#endif
+
+/* for systems without IPv6 support matching should still work */
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46
+#endif
 
 #include "libssh/priv.h"
 
@@ -198,3 +208,421 @@ int match_pattern_list(const char *string, const char *pattern,
 int match_hostname(const char *host, const char *pattern, unsigned int len) {
   return match_pattern_list(host, pattern, len, 1);
 }
+
+#ifndef _WIN32
+/**
+ * @brief Tries to match the host IPv6 address against a given network address
+ * with specified prefix length in CIDR notation.
+ *
+ * @param[in] host_addr     The host address to verify.
+ *
+ * @param[in] net_addr      The network id address against which the match is
+ *                          being verified
+ *
+ * @param[in] bits          The prefix length
+ *
+ * @return 0 on a negative match.
+ * @return 1 on a positive match.
+ */
+static int
+cidr_match_6(struct in6_addr *host_addr,
+             struct in6_addr *net_addr,
+             unsigned int bits)
+{
+    const uint8_t *a = host_addr->s6_addr;
+    const uint8_t *b = net_addr->s6_addr;
+
+    unsigned int byte_whole, bits_left;
+
+    /* The number of a complete byte covered by the prefix */
+    byte_whole = bits / 8;
+
+    /*
+     * The number of bits remaining in the incomplete (last) byte
+     * covered by the prefix
+     */
+    bits_left = bits % 8;
+
+    if (byte_whole) {
+        if (memcmp(a, b, byte_whole) != 0) {
+            return 0;
+        }
+    }
+
+    if (bits_left) {
+        if ((a[byte_whole] ^ b[byte_whole]) & (0xFFu << (8 - bits_left))) {
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+/**
+ * @brief Tries to match the host IPv4 address against a given network address
+ * with specified prefix length in CIDR notation.
+ *
+ * @param[in] host_addr     The host address to verify.
+ *
+ * @param[in] net_addr      The network id address against which the match is
+ *                          being verified
+ *
+ * @param[in] bits          The prefix length
+ *
+ * @return 0 on a negative match.
+ * @return 1 on a positive match.
+ */
+static int
+cidr_match_4(struct in_addr *host_addr,
+             struct in_addr *net_addr,
+             unsigned int bits)
+{
+    if (bits == 0) {
+        /* C99 6.5.7 (3): u32 << 32 is undefined behaviour */
+        return 1;
+    }
+
+    return !((host_addr->s_addr ^ net_addr->s_addr) &
+             htonl((0xFFFFFFFFu << (32 - bits)) & 0xFFFFFFFFu));
+}
+
+/**
+ * @brief Checks if the mask length is valid according to the address family
+ * (IPv4 or IPv6).
+ *
+ * @param[in] family    The address family (e.g. AF_INET or AF_INET6)
+ *
+ * @param[in] mask      The subnet mask (prefix)
+ *
+ * @return true if the mask length does not exceed the maximum valid length
+ * according to the address family (IPv4 or IPv6).
+ * @return false if the mask length exceeds the maximum valid length
+ * or there is no match with IPv4 or IPv6 address family.
+ */
+static bool
+masklen_valid(int family, unsigned int mask)
+{
+    switch (family) {
+    case AF_INET:
+        return mask <= 32;
+    case AF_INET6:
+        return mask <= 128;
+    default:
+        return false;
+    }
+}
+
+/**
+ * @brief Extracts address family given a network address.
+ *
+ * @param[in] address   The network address.
+ *
+ * @return The value of the address family if no errors.
+ * @return -1 in case of errors.
+ */
+static int
+get_address_family(const char *address)
+{
+    struct addrinfo hints, *ai = NULL;
+    int rc = -1, rv;
+
+    ZERO_STRUCT(hints);
+    if (address == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Bad arguments");
+        goto out;
+    }
+
+    hints.ai_flags = AI_NUMERICHOST;
+    rv = getaddrinfo(address, NULL, &hints, &ai);
+    if (rv != 0) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "Couldn't get address information - getaddrinfo() failed: %s",
+                gai_strerror(rv));
+        goto out;
+    }
+
+    rc = ai->ai_family;
+    freeaddrinfo(ai);
+
+out:
+    return rc;
+}
+
+/**
+ * @brief Tries to match the host address against a CIDR list provided
+ * by the user. If the host address family is unknown, it can be derived by
+ * passing -1 as sa_family argument.
+ *
+ * It can be also used to validate a CIDR list when the passed address is NULL
+ * and sa_family is -1.
+ *
+ * @param[in] address   The host address to verify (NULL to validate CIDR list).
+ *
+ * @param[in] addrlist  The CIDR list against which the match is being verified.
+ *                      The CIDR list can contain both IPv4 and IPv6 addresses
+ *                      and has to be comma separated
+ *                      (',' only, space after comma not allowed).
+ *
+ * @param[in] sa_family The socket address family (e.g. AF_INET or AF_INET6,
+ *                      -1 to validate CIDR list or unknown address family).
+ *
+ * @usage To validate CIDR list: match_cidr_address_list(NULL, addrlist, -1).
+ * @usage To verify a match with unknown address family:
+ *        match_cidr_address_list(address, addrlist, -1).
+ * @return  1 only on positive match.
+ * @return  0 on negative match or valid CIDR list.
+ * @return  -1 on errors or invalid CIDR list.
+ */
+int
+match_cidr_address_list(const char *address,
+                        const char *addrlist,
+                        int sa_family)
+{
+    char *list = NULL, *cp = NULL, *a = NULL, *b = NULL, *sp = NULL;
+    char addr_buffer[64], addr[NI_MAXHOST];
+    struct in_addr try_addr, match_addr;
+    struct in6_addr try_addr6, match_addr6;
+    unsigned long mask_len;
+    size_t addr_len, tmp_len;
+    int rc = 0, r, ai_family;
+
+    ZERO_STRUCT(try_addr);
+    ZERO_STRUCT(try_addr6);
+    ZERO_STRUCT(match_addr);
+    ZERO_STRUCT(match_addr6);
+
+    if (sa_family != AF_INET && sa_family != AF_INET6 && sa_family != -1) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "Invalid argument: sa_family %d is not valid",
+                sa_family);
+        return -1;
+    }
+
+    if (address != NULL) {
+        strncpy(addr, address, NI_MAXHOST - 1);
+
+        /* Remove interface in case of IPv6 address: addr%interface */
+        a = strchr(addr, '%');
+        if (a != NULL) {
+            *a = '\0';
+        }
+
+        /*
+         * If sa_family is set to -1 and address is not NULL then
+         * the socket address family should be derived
+         */
+        if (sa_family == -1) {
+            r = get_address_family(addr);
+            if (r == -1) {
+                SSH_LOG(SSH_LOG_TRACE,
+                        "Failed to derive address family for address "
+                        "\"%.100s\"",
+                        addr);
+                return -1;
+            }
+            sa_family = r;
+        }
+
+        /*
+         * Translate host address from dot notation to binary network format
+         * according to family type,
+         * i.e. IPv4 (store in in_addr) or IPv6 (store in in6_addr)
+         */
+        if (sa_family == AF_INET) {
+            if (inet_pton(AF_INET, addr, &try_addr) == 0) {
+                SSH_LOG(SSH_LOG_TRACE,
+                        "Couldn't parse IPv4 address \"%.100s\"",
+                        addr);
+                return -1;
+            }
+        } else if (sa_family == AF_INET6) {
+            if (inet_pton(AF_INET6, addr, &try_addr6) == 0) {
+                SSH_LOG(SSH_LOG_TRACE,
+                        "Couldn't parse IPv6 address \"%.100s\"",
+                        addr);
+                return -1;
+            }
+        } else {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Address family %d for address \"%.100s\" "
+                    "is not recognized",
+                    sa_family,
+                    addr);
+            return -1;
+        }
+    }
+
+    b = list = strdup(addrlist);
+    if (b == NULL) {
+        return -1;
+    }
+
+    while ((cp = strsep(&list, ",")) != NULL) {
+        if (*cp == '\0') {
+            SSH_LOG(SSH_LOG_TRACE, "Empty entry in list \"%.100s\"", b);
+            rc = -1;
+            break;
+        }
+
+        /*
+         * Stop junk from reaching address translation. +3 for the "/prefix".
+         * INET6_ADDRSTRLEN is 46 and includes space for '\0' terminator. The
+         * maximum IPv6 address printable is the one that carries IPv4 too.
+         * E.g. ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255 is 46 chars
+         * long ('\0' included) and the maximum prefix length possible is 96.
+         * This explains why +3. All the other IPv6 addresses with maximum /127
+         * prefix length (39 + 4) are covered just by INET6_ADDRSTRLEN itself
+         */
+        addr_len = strlen(cp);
+        if (addr_len > INET6_ADDRSTRLEN + 3) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "List entry \"%.100s\" too long: %zu > %d (MAX ALLOWED)",
+                    cp,
+                    addr_len,
+                    INET6_ADDRSTRLEN + 3);
+            rc = -1;
+            break;
+        }
+
+#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
+        tmp_len = strspn(cp, VALID_CIDR_CHARS);
+        if (tmp_len != addr_len) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "List entry \"%.100s\" contains invalid characters "
+                    "-> \"%c\" is an invalid character",
+                    cp,
+                    cp[tmp_len]);
+            rc = -1;
+            break;
+        }
+#undef VALID_CIDR_CHARS
+
+        strncpy(addr_buffer, cp, sizeof(addr_buffer) - 1);
+        sp = strchr(addr_buffer, '/');
+        if (sp != NULL) {
+            *sp = '\0';
+            sp++;
+            mask_len = strtoul(sp, &cp, 10);
+            if (*sp < '0' || *sp > '9' || *cp != '\0') {
+                SSH_LOG(SSH_LOG_TRACE, "Error while parsing prefix: %s", sp);
+                rc = -1;
+                break;
+            }
+            if (mask_len > 128) {
+                SSH_LOG(SSH_LOG_TRACE,
+                        "Invalid prefix: %lu exceeds the maximum allowed "
+                        "(>128)",
+                        mask_len);
+                rc = -1;
+                break;
+            }
+        } else {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Missing prefix length for list entry \"%.100s\"",
+                    addr_buffer);
+            rc = -1;
+            break;
+        }
+
+        ai_family = get_address_family(addr_buffer);
+        if (ai_family == -1) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Couldn't get address family for \"%.100s\"",
+                    addr_buffer);
+            rc = -1;
+            break;
+        }
+
+        if (ai_family == AF_INET) {
+            if (inet_pton(AF_INET, addr_buffer, &match_addr) == 0) {
+                SSH_LOG(SSH_LOG_TRACE,
+                        "Couldn't parse IPv4 address \"%.100s\"",
+                        addr_buffer);
+                rc = -1;
+                break;
+            }
+        } else if (ai_family == AF_INET6) {
+            if (inet_pton(AF_INET6, addr_buffer, &match_addr6) == 0) {
+                SSH_LOG(SSH_LOG_TRACE,
+                        "Couldn't parse IPv6 address \"%.100s\"",
+                        addr_buffer);
+                rc = -1;
+                break;
+            }
+        } else {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Address family %d for address \"%.100s\" "
+                    "is not recognized",
+                    ai_family,
+                    addr_buffer);
+            rc = -1;
+            break;
+        }
+
+        if (masklen_valid(ai_family, mask_len) != true) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Invalid mask length %lu for list entry \"%.100s\"",
+                    mask_len,
+                    addr_buffer);
+            rc = -1;
+            break;
+        }
+
+        /* Verify match between host address and network address*/
+        if (((ai_family == AF_INET && sa_family == AF_INET) &&
+             cidr_match_4(&try_addr, &match_addr, mask_len)) ||
+            ((ai_family == AF_INET6 && sa_family == AF_INET6) &&
+             cidr_match_6(&try_addr6, &match_addr6, mask_len))) {
+            rc = 1;
+            break;
+        }
+    }
+    SAFE_FREE(b);
+
+    return rc;
+}
+#endif /* _WIN32 */
+
+/**
+ * @brief Tries to match an object against a comma separated group of objects
+ *
+ * The characters '*' and '?' are NOT considered wildcards and an object in the
+ * group preceded by a ! does NOT indicate negation. The characters '*', '?'
+ * and '!' are treated normally like other characters, only ',' (comma) is
+ * treated specially and is considered as a delimiter that separates objects in
+ * the group.
+ *
+ * @param[in] group     Group of objects (comma separated) to match against.
+ *
+ * @param[in] object    Object to match.
+ *
+ * @returns             1 if there is a match, 0 if there is no match at all.
+ */
+int match_group(const char *group, const char *object)
+{
+    const char *a = NULL;
+    const char *z = NULL;
+
+    if (group == NULL || object == NULL) {
+        return 0;
+    }
+
+    z = group;
+    do {
+        a = strchr(z, ',');
+        if (a == NULL) {
+            if (strcmp(z, object) == 0) {
+                return 1;
+            }
+            return 0;
+        } else {
+            if (strncmp(z, object, a - z) == 0) {
+                return 1;
+            }
+        }
+        z = a + 1;
+    } while (1);
+
+    /* not reached */
+    return 0;
+}
diff --git a/libssh/src/mbedcrypto_missing.c b/libssh/src/mbedcrypto_missing.c
index ac0d688c..2c1a8d7a 100644
--- a/libssh/src/mbedcrypto_missing.c
+++ b/libssh/src/mbedcrypto_missing.c
@@ -45,7 +45,7 @@ void ssh_mbedcry_bn_free(bignum bn)
     SAFE_FREE(bn);
 }
 
-unsigned char *ssh_mbedcry_bn2num(const_bignum num, int radix)
+char *ssh_mbedcry_bn2num(const_bignum num, int radix)
 {
     char *buf = NULL;
     size_t olen;
@@ -56,7 +56,7 @@ unsigned char *ssh_mbedcry_bn2num(const_bignum num, int radix)
         return NULL;
     }
 
-    buf = malloc(olen);
+    buf = mbedtls_calloc(1, olen);
     if (buf == NULL) {
         return NULL;
     }
@@ -67,7 +67,7 @@ unsigned char *ssh_mbedcry_bn2num(const_bignum num, int radix)
         return NULL;
     }
 
-    return (unsigned char *) buf;
+    return buf;
 }
 
 int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom)
diff --git a/libssh/src/md_crypto.c b/libssh/src/md_crypto.c
index f5104f04..f7cda8dd 100644
--- a/libssh/src/md_crypto.c
+++ b/libssh/src/md_crypto.c
@@ -25,6 +25,7 @@
 #include "libssh/crypto.h"
 #include "libssh/wrapper.h"
 
+#include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
@@ -46,28 +47,49 @@ sha1_init(void)
 }
 
 void
+sha1_ctx_free(SHACTX c)
+{
+    EVP_MD_CTX_free(c);
+}
+
+int
 sha1_update(SHACTX c, const void *data, size_t len)
 {
-    EVP_DigestUpdate(c, data, len);
+    int rc = EVP_DigestUpdate(c, data, len);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha1_final(unsigned char *md, SHACTX c)
 {
     unsigned int mdlen = 0;
+    int rc = EVP_DigestFinal(c, md, &mdlen);
 
-    EVP_DigestFinal(c, md, &mdlen);
     EVP_MD_CTX_free(c);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha1(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     SHACTX c = sha1_init();
-    if (c != NULL) {
-        sha1_update(c, digest, len);
-        sha1_final(hash, c);
+    int rc;
+
+    if (c == NULL) {
+        return SSH_ERROR;
     }
+    rc = sha1_update(c, digest, len);
+    if (rc != SSH_OK) {
+        EVP_MD_CTX_free(c);
+        return SSH_ERROR;
+    }
+    return sha1_final(hash, c);
 }
 
 SHA256CTX
@@ -87,28 +109,49 @@ sha256_init(void)
 }
 
 void
+sha256_ctx_free(SHA256CTX c)
+{
+    EVP_MD_CTX_free(c);
+}
+
+int
 sha256_update(SHA256CTX c, const void *data, size_t len)
 {
-    EVP_DigestUpdate(c, data, len);
+    int rc = EVP_DigestUpdate(c, data, len);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha256_final(unsigned char *md, SHA256CTX c)
 {
     unsigned int mdlen = 0;
+    int rc = EVP_DigestFinal(c, md, &mdlen);
 
-    EVP_DigestFinal(c, md, &mdlen);
     EVP_MD_CTX_free(c);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha256(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     SHA256CTX c = sha256_init();
-    if (c != NULL) {
-        sha256_update(c, digest, len);
-        sha256_final(hash, c);
+    int rc;
+
+    if (c == NULL) {
+        return SSH_ERROR;
+    }
+    rc = sha256_update(c, digest, len);
+    if (rc != SSH_OK) {
+        EVP_MD_CTX_free(c);
+        return SSH_ERROR;
     }
+    return sha256_final(hash, c);
 }
 
 SHA384CTX
@@ -128,28 +171,49 @@ sha384_init(void)
 }
 
 void
+sha384_ctx_free(SHA384CTX c)
+{
+    EVP_MD_CTX_free(c);
+}
+
+int
 sha384_update(SHA384CTX c, const void *data, size_t len)
 {
-    EVP_DigestUpdate(c, data, len);
+    int rc = EVP_DigestUpdate(c, data, len);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha384_final(unsigned char *md, SHA384CTX c)
 {
     unsigned int mdlen = 0;
+    int rc = EVP_DigestFinal(c, md, &mdlen);
 
-    EVP_DigestFinal(c, md, &mdlen);
     EVP_MD_CTX_free(c);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha384(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     SHA384CTX c = sha384_init();
-    if (c != NULL) {
-        sha384_update(c, digest, len);
-        sha384_final(hash, c);
+    int rc;
+
+    if (c == NULL) {
+        return SSH_ERROR;
     }
+    rc = sha384_update(c, digest, len);
+    if (rc != SSH_OK) {
+        EVP_MD_CTX_free(c);
+        return SSH_ERROR;
+    }
+    return sha384_final(hash, c);
 }
 
 SHA512CTX
@@ -169,28 +233,49 @@ sha512_init(void)
 }
 
 void
+sha512_ctx_free(SHA512CTX c)
+{
+    EVP_MD_CTX_free(c);
+}
+
+int
 sha512_update(SHA512CTX c, const void *data, size_t len)
 {
-    EVP_DigestUpdate(c, data, len);
+    int rc = EVP_DigestUpdate(c, data, len);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha512_final(unsigned char *md, SHA512CTX c)
 {
     unsigned int mdlen = 0;
+    int rc = EVP_DigestFinal(c, md, &mdlen);
 
-    EVP_DigestFinal(c, md, &mdlen);
     EVP_MD_CTX_free(c);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha512(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     SHA512CTX c = sha512_init();
-    if (c != NULL) {
-        sha512_update(c, digest, len);
-        sha512_final(hash, c);
+    int rc;
+
+    if (c == NULL) {
+        return SSH_ERROR;
+    }
+    rc = sha512_update(c, digest, len);
+    if (rc != SSH_OK) {
+        EVP_MD_CTX_free(c);
+        return SSH_ERROR;
     }
+    return sha512_final(hash, c);
 }
 
 MD5CTX
@@ -210,16 +295,30 @@ md5_init(void)
 }
 
 void
+md5_ctx_free(MD5CTX c)
+{
+    EVP_MD_CTX_free(c);
+}
+
+int
 md5_update(MD5CTX c, const void *data, size_t len)
 {
-    EVP_DigestUpdate(c, data, len);
+    int rc = EVP_DigestUpdate(c, data, len);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 md5_final(unsigned char *md, MD5CTX c)
 {
     unsigned int mdlen = 0;
+    int rc = EVP_DigestFinal(c, md, &mdlen);
 
-    EVP_DigestFinal(c, md, &mdlen);
     EVP_MD_CTX_free(c);
+    if (rc != 1) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
diff --git a/libssh/src/md_gcrypt.c b/libssh/src/md_gcrypt.c
index 1f0a71f3..93c7b0d9 100644
--- a/libssh/src/md_gcrypt.c
+++ b/libssh/src/md_gcrypt.c
@@ -36,24 +36,40 @@ sha1_init(void)
     return ctx;
 }
 
-void
+int
 sha1_update(SHACTX c, const void *data, size_t len)
 {
     gcry_md_write(c, data, len);
+    return SSH_OK;
 }
 
 void
+sha1_ctx_free(SHACTX c)
+{
+    gcry_md_close(c);
+}
+
+int
 sha1_final(unsigned char *md, SHACTX c)
 {
+    unsigned char *tmp = NULL;
+
     gcry_md_final(c);
-    memcpy(md, gcry_md_read(c, 0), SHA_DIGEST_LEN);
+    tmp = gcry_md_read(c, 0);
+    if (tmp == NULL) {
+        gcry_md_close(c);
+        return SSH_ERROR;
+    }
+    memcpy(md, tmp, SHA_DIGEST_LEN);
     gcry_md_close(c);
+    return SSH_OK;
 }
 
-void
+int
 sha1(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
+    return SSH_OK;
 }
 
 SHA256CTX
@@ -66,23 +82,39 @@ sha256_init(void)
 }
 
 void
+sha256_ctx_free(SHA256CTX c)
+{
+    gcry_md_close(c);
+}
+
+int
 sha256_update(SHACTX c, const void *data, size_t len)
 {
     gcry_md_write(c, data, len);
+    return SSH_OK;
 }
 
-void
+int
 sha256_final(unsigned char *md, SHACTX c)
 {
+    unsigned char *tmp = NULL;
+
     gcry_md_final(c);
-    memcpy(md, gcry_md_read(c, 0), SHA256_DIGEST_LEN);
+    tmp = gcry_md_read(c, 0);
+    if (tmp == NULL) {
+        gcry_md_close(c);
+        return SSH_ERROR;
+    }
+    memcpy(md, tmp, SHA256_DIGEST_LEN);
     gcry_md_close(c);
+    return SSH_OK;
 }
 
-void
+int
 sha256(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     gcry_md_hash_buffer(GCRY_MD_SHA256, hash, digest, len);
+    return SSH_OK;
 }
 
 SHA384CTX
@@ -95,23 +127,39 @@ sha384_init(void)
 }
 
 void
+sha384_ctx_free(SHA384CTX c)
+{
+    gcry_md_close(c);
+}
+
+int
 sha384_update(SHACTX c, const void *data, size_t len)
 {
     gcry_md_write(c, data, len);
+    return SSH_OK;
 }
 
-void
+int
 sha384_final(unsigned char *md, SHACTX c)
 {
+    unsigned char *tmp = NULL;
+
     gcry_md_final(c);
-    memcpy(md, gcry_md_read(c, 0), SHA384_DIGEST_LEN);
+    tmp = gcry_md_read(c, 0);
+    if (tmp == NULL) {
+        gcry_md_close(c);
+        return SSH_ERROR;
+    }
+    memcpy(md, tmp, SHA384_DIGEST_LEN);
     gcry_md_close(c);
+    return SSH_OK;
 }
 
-void
+int
 sha384(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     gcry_md_hash_buffer(GCRY_MD_SHA384, hash, digest, len);
+    return SSH_OK;
 }
 
 SHA512CTX
@@ -124,23 +172,39 @@ sha512_init(void)
 }
 
 void
+sha512_ctx_free(SHA512CTX c)
+{
+    gcry_md_close(c);
+}
+
+int
 sha512_update(SHACTX c, const void *data, size_t len)
 {
     gcry_md_write(c, data, len);
+    return SSH_OK;
 }
 
-void
+int
 sha512_final(unsigned char *md, SHACTX c)
 {
+    unsigned char *tmp = NULL;
+
     gcry_md_final(c);
-    memcpy(md, gcry_md_read(c, 0), SHA512_DIGEST_LEN);
+    tmp = gcry_md_read(c, 0);
+    if (tmp == NULL) {
+        gcry_md_close(c);
+        return SSH_ERROR;
+    }
+    memcpy(md, tmp, SHA512_DIGEST_LEN);
     gcry_md_close(c);
+    return SSH_OK;
 }
 
-void
+int
 sha512(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     gcry_md_hash_buffer(GCRY_MD_SHA512, hash, digest, len);
+    return SSH_OK;
 }
 
 MD5CTX
@@ -153,15 +217,30 @@ md5_init(void)
 }
 
 void
+md5_ctx_free(MD5CTX c)
+{
+    gcry_md_close(c);
+}
+
+int
 md5_update(MD5CTX c, const void *data, size_t len)
 {
     gcry_md_write(c, data, len);
+    return SSH_OK;
 }
 
-void
+int
 md5_final(unsigned char *md, MD5CTX c)
 {
+    unsigned char *tmp = NULL;
+
     gcry_md_final(c);
-    memcpy(md, gcry_md_read(c, 0), MD5_DIGEST_LEN);
+    tmp = gcry_md_read(c, 0);
+    if (tmp == NULL) {
+        gcry_md_close(c);
+        return SSH_ERROR;
+    }
+    memcpy(md, tmp, MD5_DIGEST_LEN);
     gcry_md_close(c);
+    return SSH_OK;
 }
diff --git a/libssh/src/md_mbedcrypto.c b/libssh/src/md_mbedcrypto.c
index 227e20ab..b3529b4b 100644
--- a/libssh/src/md_mbedcrypto.c
+++ b/libssh/src/md_mbedcrypto.c
@@ -64,27 +64,48 @@ sha1_init(void)
 }
 
 void
+sha1_ctx_free(SHACTX c)
+{
+    mbedtls_md_free(c);
+    SAFE_FREE(c);
+}
+
+int
 sha1_update(SHACTX c, const void *data, size_t len)
 {
-    mbedtls_md_update(c, data, len);
+    int rc = mbedtls_md_update(c, data, len);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha1_final(unsigned char *md, SHACTX c)
 {
-    mbedtls_md_finish(c, md);
-    mbedtls_md_free(c);
-    SAFE_FREE(c);
+    int rc = mbedtls_md_finish(c, md);
+    sha1_ctx_free(c);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha1(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     const mbedtls_md_info_t *md_info =
         mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
-    if (md_info != NULL) {
-        mbedtls_md(md_info, digest, len, hash);
+    int rc;
+
+    if (md_info == NULL) {
+        return SSH_ERROR;
+    }
+    rc = mbedtls_md(md_info, digest, len, hash);
+    if (rc != 0) {
+        return SSH_ERROR;
     }
+    return SSH_OK;
 }
 
 SHA256CTX
@@ -122,27 +143,48 @@ sha256_init(void)
 }
 
 void
+sha256_ctx_free(SHA256CTX c)
+{
+    mbedtls_md_free(c);
+    SAFE_FREE(c);
+}
+
+int
 sha256_update(SHA256CTX c, const void *data, size_t len)
 {
-    mbedtls_md_update(c, data, len);
+    int rc = mbedtls_md_update(c, data, len);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha256_final(unsigned char *md, SHA256CTX c)
 {
-    mbedtls_md_finish(c, md);
+    int rc = mbedtls_md_finish(c, md);
     mbedtls_md_free(c);
     SAFE_FREE(c);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha256(const unsigned char *digest, size_t len, unsigned char *hash)
 {
+    int rc;
     const mbedtls_md_info_t *md_info =
         mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
-    if (md_info != NULL) {
-        mbedtls_md(md_info, digest, len, hash);
+    if (md_info == NULL) {
+        return SSH_ERROR;
+    }
+    rc = mbedtls_md(md_info, digest, len, hash);
+    if (rc != 0) {
+        return SSH_ERROR;
     }
+    return SSH_OK;
 }
 
 SHA384CTX
@@ -180,27 +222,48 @@ sha384_init(void)
 }
 
 void
+sha384_ctx_free(SHA384CTX c)
+{
+    mbedtls_md_free(c);
+    SAFE_FREE(c);
+}
+
+int
 sha384_update(SHA384CTX c, const void *data, size_t len)
 {
-    mbedtls_md_update(c, data, len);
+    int rc = mbedtls_md_update(c, data, len);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha384_final(unsigned char *md, SHA384CTX c)
 {
-    mbedtls_md_finish(c, md);
-    mbedtls_md_free(c);
-    SAFE_FREE(c);
+    int rc = mbedtls_md_finish(c, md);
+    sha384_ctx_free(c);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha384(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     const mbedtls_md_info_t *md_info =
         mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
-    if (md_info != NULL) {
-        mbedtls_md(md_info, digest, len, hash);
+    int rc;
+
+    if (md_info == NULL) {
+        return SSH_ERROR;
+    }
+    rc = mbedtls_md(md_info, digest, len, hash);
+    if (rc != 0) {
+        return SSH_ERROR;
     }
+    return SSH_OK;
 }
 
 SHA512CTX
@@ -237,27 +300,48 @@ sha512_init(void)
 }
 
 void
+sha512_ctx_free(SHA512CTX c)
+{
+    mbedtls_md_free(c);
+    SAFE_FREE(c);
+}
+
+int
 sha512_update(SHA512CTX c, const void *data, size_t len)
 {
-    mbedtls_md_update(c, data, len);
+    int rc = mbedtls_md_update(c, data, len);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha512_final(unsigned char *md, SHA512CTX c)
 {
-    mbedtls_md_finish(c, md);
-    mbedtls_md_free(c);
-    SAFE_FREE(c);
+    int rc = mbedtls_md_finish(c, md);
+    sha512_ctx_free(c);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 sha512(const unsigned char *digest, size_t len, unsigned char *hash)
 {
     const mbedtls_md_info_t *md_info =
         mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
-    if (md_info != NULL) {
-        mbedtls_md(md_info, digest, len, hash);
+    int rc;
+
+    if (md_info == NULL) {
+        return SSH_ERROR;
     }
+    rc = mbedtls_md(md_info, digest, len, hash);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
 MD5CTX
@@ -294,15 +378,30 @@ md5_init(void)
 }
 
 void
+md5_ctx_free(MD5CTX c)
+{
+    mbedtls_md_free(c);
+    SAFE_FREE(c);
+}
+
+int
 md5_update(MD5CTX c, const void *data, size_t len)
 {
-    mbedtls_md_update(c, data, len);
+    int rc = mbedtls_md_update(c, data, len);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
 
-void
+int
 md5_final(unsigned char *md, MD5CTX c)
 {
-    mbedtls_md_finish(c, md);
+    int rc = mbedtls_md_finish(c, md);
     mbedtls_md_free(c);
     SAFE_FREE(c);
+    if (rc != 0) {
+        return SSH_ERROR;
+    }
+    return SSH_OK;
 }
diff --git a/libssh/src/messages.c b/libssh/src/messages.c
index ff199f96..a9f5279f 100644
--- a/libssh/src/messages.c
+++ b/libssh/src/messages.c
@@ -40,8 +40,8 @@
 #include "libssh/session.h"
 #include "libssh/misc.h"
 #include "libssh/pki.h"
-#include "libssh/dh.h"
 #include "libssh/messages.h"
+#include "libssh/socket.h"
 #ifdef WITH_SERVER
 #include "libssh/server.h"
 #include "libssh/gssapi.h"
@@ -97,6 +97,41 @@ static int ssh_message_reply_default(ssh_message msg) {
 
 #endif
 
+static int ssh_send_disconnect(ssh_session session)
+{
+    int rc = SSH_ERROR;
+
+    if (session == NULL) {
+        return SSH_ERROR;
+    }
+
+    if (session->disconnect_message == NULL) {
+        session->disconnect_message = strdup("Bye Bye");
+        if (session->disconnect_message == NULL) {
+            ssh_set_error_oom(session);
+            return SSH_ERROR;
+        }
+    }
+
+    if (session->socket != NULL && ssh_socket_is_open(session->socket)) {
+        rc = ssh_buffer_pack(session->out_buffer,
+                             "bdss",
+                             SSH2_MSG_DISCONNECT,
+                             SSH2_DISCONNECT_BY_APPLICATION,
+                             session->disconnect_message,
+                             ""); /* language tag */
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(session);
+            return SSH_ERROR;
+        }
+
+        rc = ssh_packet_send(session);
+        ssh_session_socket_close(session);
+    }
+
+    return rc;
+}
+
 #ifdef WITH_SERVER
 
 static int ssh_execute_server_request(ssh_session session, ssh_message msg)
@@ -160,7 +195,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
                 if (channel != NULL) {
                     rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
                     if (rc != SSH_OK) {
-                        SSH_LOG(SSH_LOG_WARNING,
+                        SSH_LOG(SSH_LOG_TRACE,
                                 "Failed to send reply for accepting a channel "
                                 "open");
                     }
@@ -237,7 +272,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
                                                     msg->channel_request.pxwidth,
                                                     msg->channel_request.pxheight);
                     if (rc != SSH_OK) {
-                        SSH_LOG(SSH_LOG_WARNING,
+                        SSH_LOG(SSH_LOG_TRACE,
                                 "Failed to iterate callbacks for window change");
                     }
                     return SSH_OK;
@@ -303,7 +338,7 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
                 if (rc == 0) {
                     ssh_message_reply_default(msg);
                 } else {
-                    ssh_disconnect(session);
+                    ssh_send_disconnect(session);
                 }
 
                 return SSH_OK;
@@ -317,6 +352,17 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
     return SSH_AGAIN;
 }
 
+static int ssh_reply_channel_open_request(ssh_message msg, ssh_channel channel)
+{
+    if (channel != NULL) {
+        return ssh_message_channel_request_open_reply_accept_channel(msg, channel);
+    }
+
+    ssh_message_reply_default(msg);
+
+    return SSH_OK;
+}
+
 static int ssh_execute_client_request(ssh_session session, ssh_message msg)
 {
     ssh_channel channel = NULL;
@@ -329,30 +375,26 @@ static int ssh_execute_client_request(ssh_session session, ssh_message msg)
                 msg->channel_request_open.originator,
                 msg->channel_request_open.originator_port,
                 session->common.callbacks->userdata);
-        if (channel != NULL) {
-            rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
-
-            return rc;
-        } else {
-            ssh_message_reply_default(msg);
-        }
 
-        return SSH_OK;
+        return ssh_reply_channel_open_request(msg, channel);
     } else if (msg->type == SSH_REQUEST_CHANNEL_OPEN
                && msg->channel_request_open.type == SSH_CHANNEL_AUTH_AGENT
                && ssh_callbacks_exists(session->common.callbacks, channel_open_request_auth_agent_function)) {
         channel = session->common.callbacks->channel_open_request_auth_agent_function (session,
                 session->common.callbacks->userdata);
 
-        if (channel != NULL) {
-            rc = ssh_message_channel_request_open_reply_accept_channel(msg, channel);
-
-            return rc;
-        } else {
-            ssh_message_reply_default(msg);
-        }
+        return ssh_reply_channel_open_request(msg, channel);
+    } else if (msg->type == SSH_REQUEST_CHANNEL_OPEN
+               && msg->channel_request_open.type == SSH_CHANNEL_FORWARDED_TCPIP
+               && ssh_callbacks_exists(session->common.callbacks, channel_open_request_forwarded_tcpip_function)) {
+        channel = session->common.callbacks->channel_open_request_forwarded_tcpip_function(session,
+                msg->channel_request_open.destination,
+                msg->channel_request_open.destination_port,
+                msg->channel_request_open.originator,
+                msg->channel_request_open.originator_port,
+                session->common.callbacks->userdata);
 
-        return SSH_OK;
+        return ssh_reply_channel_open_request(msg, channel);
     }
 
     return rc;
@@ -479,7 +521,7 @@ static void ssh_message_queue(ssh_session session, ssh_message message)
  */
 ssh_message ssh_message_pop_head(ssh_session session){
   ssh_message msg=NULL;
-  struct ssh_iterator *i;
+  struct ssh_iterator *i = NULL;
   if(session->ssh_message_list == NULL)
     return NULL;
   i=ssh_list_get_iterator(session->ssh_message_list);
@@ -493,7 +535,7 @@ ssh_message ssh_message_pop_head(ssh_session session){
 /* Returns 1 if there is a message available */
 static int ssh_message_termination(void *s){
   ssh_session session = s;
-  struct ssh_iterator *it;
+  struct ssh_iterator *it = NULL;
   if(session->session_state == SSH_SESSION_STATE_ERROR)
     return 1;
   it = ssh_list_get_iterator(session->ssh_message_list);
@@ -694,7 +736,7 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
                                                 ssh_string algo)
 {
     struct ssh_crypto_struct *crypto = NULL;
-    ssh_buffer buffer;
+    ssh_buffer buffer = NULL;
     ssh_string str=NULL;
     int rc;
 
@@ -715,8 +757,9 @@ static ssh_buffer ssh_msg_userauth_build_digest(ssh_session session,
 
     rc = ssh_buffer_pack(buffer,
                          "dPbsssbsS",
-                         crypto->session_id_len, /* session ID string */
-                         crypto->session_id_len, crypto->session_id,
+                         (uint32_t)crypto->session_id_len, /* session ID string */
+                         crypto->session_id_len,
+                         crypto->session_id,
                          SSH2_MSG_USERAUTH_REQUEST, /* type */
                          msg->auth_request.username,
                          service,
@@ -775,7 +818,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
 
   cmp = strcmp(service, "ssh-connection");
   if (cmp != 0) {
-      SSH_LOG(SSH_LOG_WARNING,
+      SSH_LOG(SSH_LOG_TRACE,
               "Invalid service request: %s",
               service);
       goto end;
@@ -891,9 +934,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
         if (rc == SSH_OK) {
             /* Check if the signature from client matches server preferences */
             if (session->opts.pubkey_accepted_types) {
-                if (!ssh_match_group(session->opts.pubkey_accepted_types,
-                            sig->type_c))
-                {
+                cmp = match_group(session->opts.pubkey_accepted_types,
+                                  sig->type_c);
+                if (cmp != 1) {
                     ssh_set_error(session,
                             SSH_FATAL,
                             "Public key from client (%s) doesn't match server "
@@ -933,9 +976,9 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
 #ifdef WITH_GSSAPI
   if (strcmp(method, "gssapi-with-mic") == 0) {
      uint32_t n_oid;
-     ssh_string *oids;
-     ssh_string oid;
-     char *hexa;
+     ssh_string *oids = NULL;
+     ssh_string oid = NULL;
+     char *hexa = NULL;
      int i;
      ssh_buffer_get_u32(packet, &n_oid);
      n_oid=ntohl(n_oid);
@@ -969,7 +1012,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_request){
      ssh_gssapi_handle_userauth(session, msg->auth_request.username, n_oid, oids);
 
      for(i=0;i<(int)n_oid;++i){
-    	 SAFE_FREE(oids[i]);
+         SAFE_FREE(oids[i]);
      }
      SAFE_FREE(oids);
      /* bypass the message queue thing */
@@ -1019,7 +1062,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
 SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
   uint32_t nanswers;
   uint32_t i;
-  ssh_string tmp;
+  ssh_string tmp = NULL;
   int rc;
 
   ssh_message msg = NULL;
@@ -1055,7 +1098,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
   }
 
   if (session->kbdint == NULL) {
-    SSH_LOG(SSH_LOG_PROTOCOL, "Warning: Got a keyboard-interactive "
+    SSH_LOG(SSH_LOG_DEBUG, "Warning: Got a keyboard-interactive "
                         "response but it seems we didn't send the request.");
 
     session->kbdint = ssh_kbdint_new();
@@ -1076,10 +1119,10 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
       session->kbdint->nanswers = 0;
   }
 
-  SSH_LOG(SSH_LOG_PACKET,"kbdint: %d answers",nanswers);
+  SSH_LOG(SSH_LOG_PACKET,"kbdint: %" PRIu32 " answers", nanswers);
   if (nanswers > KBDINT_MAX_PROMPT) {
     ssh_set_error(session, SSH_FATAL,
-        "Too much answers received from client: %u (0x%.4x)",
+        "Too much answers received from client: %" PRIu32 " (0x%.4" PRIx32 ")",
         nanswers, nanswers);
     ssh_kbdint_free(session->kbdint);
     session->kbdint = NULL;
@@ -1089,8 +1132,8 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response){
 
   if(nanswers != session->kbdint->nprompts) {
     /* warn but let the application handle this case */
-    SSH_LOG(SSH_LOG_PROTOCOL, "Warning: Number of prompts and answers"
-                " mismatch: p=%u a=%u", session->kbdint->nprompts, nanswers);
+    SSH_LOG(SSH_LOG_DEBUG, "Warning: Number of prompts and answers"
+                " mismatch: p=%" PRIu32 " a=%" PRIu32, session->kbdint->nprompts, nanswers);
   }
   session->kbdint->nanswers = nanswers;
 
@@ -1170,7 +1213,15 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
     goto error;
   }
 
-  if (strcmp(type_c,"session") == 0) {
+  if (strcmp(type_c, "session") == 0) {
+    if (session->flags & SSH_SESSION_FLAG_NO_MORE_SESSIONS) {
+        ssh_session_set_disconnect_message(session, "No more sessions allowed!");
+        ssh_set_error(session, SSH_FATAL, "No more sessions allowed!");
+        session->session_state = SSH_SESSION_STATE_ERROR;
+        ssh_send_disconnect(session);
+        goto error;
+    }
+
     msg->channel_request_open.type = SSH_CHANNEL_SESSION;
     SAFE_FREE(type_c);
     goto end;
@@ -1183,9 +1234,9 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
                            &destination_port,
                            &msg->channel_request_open.originator,
                            &originator_port);
-	if (rc != SSH_OK) {
-		goto error;
-	}
+    if (rc != SSH_OK) {
+      goto error;
+    }
 
     msg->channel_request_open.destination_port = (uint16_t) destination_port;
     msg->channel_request_open.originator_port = (uint16_t) originator_port;
@@ -1251,7 +1302,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open){
  * @returns             SSH_OK on success, SSH_ERROR if an error occurred.
  */
 int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_channel chan) {
-    ssh_session session;
+    ssh_session session = NULL;
     int rc;
 
     if (msg == NULL) {
@@ -1282,7 +1333,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
     }
 
     SSH_LOG(SSH_LOG_PACKET,
-            "Accepting a channel request_open for chan %d",
+            "Accepting a channel request_open for chan %" PRIu32,
             chan->remote_channel);
 
     rc = ssh_packet_send(session);
@@ -1302,7 +1353,7 @@ int ssh_message_channel_request_open_reply_accept_channel(ssh_message msg, ssh_c
  * @returns NULL in case of error
  */
 ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) {
-	ssh_channel chan;
+	ssh_channel chan = NULL;
 	int rc;
 
 	if (msg == NULL) {
@@ -1341,165 +1392,185 @@ ssh_channel ssh_message_channel_request_open_reply_accept(ssh_message msg) {
  *
  * @returns             SSH_OK on success, SSH_ERROR if an error occurred.
  */
-int ssh_message_handle_channel_request(ssh_session session, ssh_channel channel, ssh_buffer packet,
-    const char *request, uint8_t want_reply) {
-  ssh_message msg = NULL;
-  int rc;
-
-  msg = ssh_message_new(session);
-  if (msg == NULL) {
-    ssh_set_error_oom(session);
-    goto error;
-  }
-
-  SSH_LOG(SSH_LOG_PACKET,
-      "Received a %s channel_request for channel (%d:%d) (want_reply=%hhd)",
-      request, channel->local_channel, channel->remote_channel, want_reply);
-
-  msg->type = SSH_REQUEST_CHANNEL;
-  msg->channel_request.channel = channel;
-  msg->channel_request.want_reply = want_reply;
-
-  if (strcmp(request, "pty-req") == 0) {
-    rc = ssh_buffer_unpack(packet, "sddddS",
-            &msg->channel_request.TERM,
-            &msg->channel_request.width,
-            &msg->channel_request.height,
-            &msg->channel_request.pxwidth,
-            &msg->channel_request.pxheight,
-            &msg->channel_request.modes
-            );
+int
+ssh_message_handle_channel_request(ssh_session session,
+                                   ssh_channel channel,
+                                   ssh_buffer packet,
+                                   const char *request,
+                                   uint8_t want_reply)
+{
+    ssh_message msg = NULL;
+    int rc;
 
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_PTY;
+    msg = ssh_message_new(session);
+    if (msg == NULL) {
+        ssh_set_error_oom(session);
+        goto error;
+    }
 
-    if (rc != SSH_OK) {
-      goto error;
+    SSH_LOG(SSH_LOG_PACKET,
+            "Received a %s channel_request for channel (%" PRIu32 ":%" PRIu32
+            ") (want_reply=%hhu)",
+            request,
+            channel->local_channel,
+            channel->remote_channel,
+            want_reply);
+
+    msg->type = SSH_REQUEST_CHANNEL;
+    msg->channel_request.channel = channel;
+    msg->channel_request.want_reply = want_reply;
+
+    if (strcmp(request, "pty-req") == 0) {
+        rc = ssh_buffer_unpack(packet,
+                               "sddddS",
+                               &msg->channel_request.TERM,
+                               &msg->channel_request.width,
+                               &msg->channel_request.height,
+                               &msg->channel_request.pxwidth,
+                               &msg->channel_request.pxheight,
+                               &msg->channel_request.modes);
+
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_PTY;
+
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        goto end;
     }
-    goto end;
-  }
 
-  if (strcmp(request, "window-change") == 0) {
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_WINDOW_CHANGE;
-    rc = ssh_buffer_unpack(packet, "dddd",
-            &msg->channel_request.width,
-            &msg->channel_request.height,
-            &msg->channel_request.pxwidth,
-            &msg->channel_request.pxheight);
-    if (rc != SSH_OK){
-        goto error;
+    if (strcmp(request, "window-change") == 0) {
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_WINDOW_CHANGE;
+        rc = ssh_buffer_unpack(packet,
+                               "dddd",
+                               &msg->channel_request.width,
+                               &msg->channel_request.height,
+                               &msg->channel_request.pxwidth,
+                               &msg->channel_request.pxheight);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        goto end;
     }
-    goto end;
-  }
 
-  if (strcmp(request, "subsystem") == 0) {
-    rc = ssh_buffer_unpack(packet, "s",
-            &msg->channel_request.subsystem);
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_SUBSYSTEM;
-    if (rc != SSH_OK){
-        goto error;
+    if (strcmp(request, "subsystem") == 0) {
+        rc = ssh_buffer_unpack(packet, "s", &msg->channel_request.subsystem);
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_SUBSYSTEM;
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        goto end;
     }
-    goto end;
-  }
 
-  if (strcmp(request, "shell") == 0) {
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_SHELL;
-    goto end;
-  }
+    if (strcmp(request, "shell") == 0) {
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_SHELL;
+        goto end;
+    }
 
-  if (strcmp(request, "exec") == 0) {
-    rc = ssh_buffer_unpack(packet, "s",
-            &msg->channel_request.command);
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_EXEC;
-    if (rc != SSH_OK) {
-      goto error;
+    if (strcmp(request, "exec") == 0) {
+        rc = ssh_buffer_unpack(packet, "s", &msg->channel_request.command);
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_EXEC;
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        goto end;
     }
-    goto end;
-  }
 
-  if (strcmp(request, "env") == 0) {
-    rc = ssh_buffer_unpack(packet, "ss",
-            &msg->channel_request.var_name,
-            &msg->channel_request.var_value);
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_ENV;
-    if (rc != SSH_OK) {
-      goto error;
+    if (strcmp(request, "env") == 0) {
+        rc = ssh_buffer_unpack(packet,
+                               "ss",
+                               &msg->channel_request.var_name,
+                               &msg->channel_request.var_value);
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_ENV;
+        if (rc != SSH_OK) {
+            goto error;
+        }
+        goto end;
     }
-    goto end;
-  }
 
-  if (strcmp(request, "x11-req") == 0) {
-    rc = ssh_buffer_unpack(packet, "bssd",
-            &msg->channel_request.x11_single_connection,
-            &msg->channel_request.x11_auth_protocol,
-            &msg->channel_request.x11_auth_cookie,
-            &msg->channel_request.x11_screen_number);
+    if (strcmp(request, "x11-req") == 0) {
+        rc = ssh_buffer_unpack(packet,
+                               "bssd",
+                               &msg->channel_request.x11_single_connection,
+                               &msg->channel_request.x11_auth_protocol,
+                               &msg->channel_request.x11_auth_cookie,
+                               &msg->channel_request.x11_screen_number);
 
-    msg->channel_request.type = SSH_CHANNEL_REQUEST_X11;
-    if (rc != SSH_OK) {
-      goto error;
-    }
+        msg->channel_request.type = SSH_CHANNEL_REQUEST_X11;
+        if (rc != SSH_OK) {
+            goto error;
+        }
 
-    goto end;
-  }
+        goto end;
+    }
 
-  msg->channel_request.type = SSH_CHANNEL_REQUEST_UNKNOWN;
+    msg->channel_request.type = SSH_CHANNEL_REQUEST_UNKNOWN;
 end:
-  ssh_message_queue(session,msg);
+    ssh_message_queue(session, msg);
 
-  return SSH_OK;
+    return SSH_OK;
 error:
-  SSH_MESSAGE_FREE(msg);
+    SSH_MESSAGE_FREE(msg);
 
-  return SSH_ERROR;
+    return SSH_ERROR;
 }
 
-int ssh_message_channel_request_reply_success(ssh_message msg) {
-  uint32_t channel;
-  int rc;
+/** @internal
+ *
+ * @brief       Sends a successful channel request reply
+ *
+ * @param msg   A message to reply to
+ *
+ * @returns     SSH_OK on success, SSH_ERROR if an error occurred.
+ */
+int ssh_message_channel_request_reply_success(ssh_message msg)
+{
+    uint32_t channel;
+    int rc;
 
-  if (msg == NULL) {
-    return SSH_ERROR;
-  }
+    if (msg == NULL) {
+        return SSH_ERROR;
+    }
 
-  if (msg->channel_request.want_reply) {
-    channel = msg->channel_request.channel->remote_channel;
+    if (msg->channel_request.want_reply) {
+        channel = msg->channel_request.channel->remote_channel;
 
-    SSH_LOG(SSH_LOG_PACKET,
-        "Sending a channel_request success to channel %d", channel);
+        SSH_LOG(SSH_LOG_PACKET,
+                "Sending a channel_request success to channel %" PRIu32,
+                channel);
+
+        rc = ssh_buffer_pack(msg->session->out_buffer,
+                             "bd",
+                             SSH2_MSG_CHANNEL_SUCCESS,
+                             channel);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(msg->session);
+            return SSH_ERROR;
+        }
 
-    rc = ssh_buffer_pack(msg->session->out_buffer,
-                         "bd",
-                         SSH2_MSG_CHANNEL_SUCCESS,
-                         channel);
-    if (rc != SSH_OK){
-      ssh_set_error_oom(msg->session);
-      return SSH_ERROR;
+        return ssh_packet_send(msg->session);
     }
 
-    return ssh_packet_send(msg->session);
-  }
-
-  SSH_LOG(SSH_LOG_PACKET,
-      "The client doesn't want to know the request succeeded");
+    SSH_LOG(SSH_LOG_PACKET,
+            "The client doesn't want to know the request succeeded");
 
-  return SSH_OK;
+    return SSH_OK;
 }
 
 #ifdef WITH_SERVER
-SSH_PACKET_CALLBACK(ssh_packet_global_request){
+SSH_PACKET_CALLBACK(ssh_packet_global_request)
+{
     ssh_message msg = NULL;
-    char *request=NULL;
+    char *request = NULL;
     uint8_t want_reply;
     int rc = SSH_PACKET_USED;
     int r;
+
     (void)user;
     (void)type;
     (void)packet;
 
-    SSH_LOG(SSH_LOG_PROTOCOL,"Received SSH_MSG_GLOBAL_REQUEST packet");
-    r = ssh_buffer_unpack(packet, "sb",
-            &request,
-            &want_reply);
+    SSH_LOG(SSH_LOG_DEBUG,"Received SSH_MSG_GLOBAL_REQUEST packet");
+    r = ssh_buffer_unpack(packet, "sb", &request, &want_reply);
     if (r != SSH_OK){
         goto error;
     }
@@ -1518,25 +1589,35 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){
             goto reply_with_failure;
         }
 
-        r = ssh_buffer_unpack(packet, "sd",
-                &msg->global_request.bind_address,
-                &msg->global_request.bind_port
-                );
+        r = ssh_buffer_unpack(packet,
+                              "sd",
+                              &msg->global_request.bind_address,
+                              &msg->global_request.bind_port);
         if (r != SSH_OK){
             goto reply_with_failure;
         }
         msg->global_request.type = SSH_GLOBAL_REQUEST_TCPIP_FORWARD;
         msg->global_request.want_reply = want_reply;
 
-        SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply,
+        SSH_LOG(SSH_LOG_DEBUG,
+                "Received SSH_MSG_GLOBAL_REQUEST %s %hhu %s:%d",
+                request,
+                want_reply,
                 msg->global_request.bind_address,
                 msg->global_request.bind_port);
 
-        if(ssh_callbacks_exists(session->common.callbacks, global_request_function)) {
-            SSH_LOG(SSH_LOG_PROTOCOL, "Calling callback for SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request,
-                    want_reply, msg->global_request.bind_address,
+        if (ssh_callbacks_exists(session->common.callbacks,
+                                 global_request_function)) {
+            SSH_LOG(SSH_LOG_DEBUG,
+                    "Calling callback for SSH_MSG_GLOBAL_REQUEST %s %hhu %s:%d",
+                    request,
+                    want_reply,
+                    msg->global_request.bind_address,
                     msg->global_request.bind_port);
-            session->common.callbacks->global_request_function(session, msg, session->common.callbacks->userdata);
+            session->common.callbacks->global_request_function(
+                session,
+                msg,
+                session->common.callbacks->userdata);
         } else {
             SAFE_FREE(request);
             ssh_message_queue(session, msg);
@@ -1549,21 +1630,29 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){
             goto reply_with_failure;
         }
 
-        r = ssh_buffer_unpack(packet, "sd",
-                &msg->global_request.bind_address,
-                &msg->global_request.bind_port);
+        r = ssh_buffer_unpack(packet,
+                              "sd",
+                              &msg->global_request.bind_address,
+                              &msg->global_request.bind_port);
         if (r != SSH_OK){
             goto reply_with_failure;
         }
         msg->global_request.type = SSH_GLOBAL_REQUEST_CANCEL_TCPIP_FORWARD;
         msg->global_request.want_reply = want_reply;
 
-        SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_GLOBAL_REQUEST %s %d %s:%d", request, want_reply,
+        SSH_LOG(SSH_LOG_DEBUG,
+                "Received SSH_MSG_GLOBAL_REQUEST %s %hhu %s:%d",
+                request,
+                want_reply,
                 msg->global_request.bind_address,
                 msg->global_request.bind_port);
 
-        if(ssh_callbacks_exists(session->common.callbacks, global_request_function)) {
-            session->common.callbacks->global_request_function(session, msg, session->common.callbacks->userdata);
+        if (ssh_callbacks_exists(session->common.callbacks,
+                                 global_request_function)) {
+            session->common.callbacks->global_request_function(
+                session,
+                msg,
+                session->common.callbacks->userdata);
         } else {
             SAFE_FREE(request);
             ssh_message_queue(session, msg);
@@ -1572,15 +1661,49 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){
     } else if(strcmp(request, "keepalive@openssh.com") == 0) {
         msg->global_request.type = SSH_GLOBAL_REQUEST_KEEPALIVE;
         msg->global_request.want_reply = want_reply;
-        SSH_LOG(SSH_LOG_PROTOCOL, "Received keepalive@openssh.com %d", want_reply);
-        if(ssh_callbacks_exists(session->common.callbacks, global_request_function)) {
-            session->common.callbacks->global_request_function(session, msg, session->common.callbacks->userdata);
-        } else {
+        SSH_LOG(SSH_LOG_DEBUG,
+                "Received keepalive@openssh.com %hhu",
+                want_reply);
+        if (ssh_callbacks_exists(session->common.callbacks,
+                                 global_request_function)) {
+            SSH_LOG(SSH_LOG_DEBUG,
+                    "Calling callback for SSH_MSG_GLOBAL_REQUEST %s %hhu",
+                    request,
+                    want_reply);
+            session->common.callbacks->global_request_function(
+                session,
+                msg,
+                session->common.callbacks->userdata);
+        } else if (want_reply) {
             ssh_message_global_request_reply_success(msg, 0);
         }
+    } else if (strcmp(request, "no-more-sessions@openssh.com") == 0) {
+        msg->global_request.type = SSH_GLOBAL_REQUEST_NO_MORE_SESSIONS;
+        msg->global_request.want_reply = want_reply;
+
+        SSH_LOG(SSH_LOG_PROTOCOL,
+                "Received no-more-sessions@openssh.com %hhu",
+                want_reply);
+        if (ssh_callbacks_exists(session->common.callbacks,
+                                 global_request_function)) {
+            SSH_LOG(SSH_LOG_DEBUG,
+                    "Calling callback for SSH_MSG_GLOBAL_REQUEST %s %hhu",
+                    request,
+                    want_reply);
+            session->common.callbacks->global_request_function(
+                session,
+                msg,
+                session->common.callbacks->userdata);
+        } else if (want_reply) {
+            ssh_message_global_request_reply_success(msg, 0);
+        }
+
+        session->flags |= SSH_SESSION_FLAG_NO_MORE_SESSIONS;
     } else {
-        SSH_LOG(SSH_LOG_PROTOCOL, "UNKNOWN SSH_MSG_GLOBAL_REQUEST %s, "
-                "want_reply = %d", request, want_reply);
+        SSH_LOG(SSH_LOG_DEBUG,
+                "UNKNOWN SSH_MSG_GLOBAL_REQUEST %s, want_reply = %hhu",
+                request,
+                want_reply);
         goto reply_with_failure;
     }
 
@@ -1591,8 +1714,7 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){
 reply_with_failure:
     /* Only report the failure if requested */
     if (want_reply) {
-        r = ssh_buffer_add_u8(session->out_buffer,
-                SSH2_MSG_REQUEST_FAILURE);
+        r = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_REQUEST_FAILURE);
         if (r < 0) {
             ssh_set_error_oom(session);
             goto error;
@@ -1612,7 +1734,7 @@ SSH_PACKET_CALLBACK(ssh_packet_global_request){
 error:
     SAFE_FREE(msg);
     SAFE_FREE(request);
-    SSH_LOG(SSH_LOG_WARNING, "Invalid SSH_MSG_GLOBAL_REQUEST packet");
+    SSH_LOG(SSH_LOG_TRACE, "Invalid SSH_MSG_GLOBAL_REQUEST packet");
     return rc;
 }
 
diff --git a/libssh/src/misc.c b/libssh/src/misc.c
index 3f2652d4..774211fb 100644
--- a/libssh/src/misc.c
+++ b/libssh/src/misc.c
@@ -27,11 +27,12 @@
 #ifndef _WIN32
 /* This is needed for a standard getpwuid_r on opensolaris */
 #define _POSIX_PTHREAD_SEMANTICS
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <netinet/in.h>
 #include <pwd.h>
-#include <sys/types.h>
 #include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
+#include <sys/types.h>
 
 #endif /* _WIN32 */
 
@@ -59,6 +60,7 @@
 #include <ws2tcpip.h>
 #include <shlobj.h>
 #include <direct.h>
+#include <netioapi.h>
 
 #ifdef HAVE_IO_H
 #include <io.h>
@@ -71,7 +73,7 @@
 #include "libssh/session.h"
 
 #ifdef HAVE_LIBGCRYPT
-#define GCRYPT_STRING "/gnutls"
+#define GCRYPT_STRING "/gcrypt"
 #else
 #define GCRYPT_STRING ""
 #endif
@@ -94,8 +96,10 @@
 #define ZLIB_STRING ""
 #endif
 
+#define ARPA_DOMAIN_MAX_LEN 63
+
 /**
- * @defgroup libssh_misc The SSH helper functions.
+ * @defgroup libssh_misc The SSH helper functions
  * @ingroup libssh
  *
  * Different helper functions used in the SSH Library.
@@ -177,20 +181,26 @@ int ssh_gettimeofday(struct timeval *__p, void *__t)
 char *ssh_get_local_username(void)
 {
     DWORD size = 0;
-    char *user;
+    char *user = NULL;
+    int rc;
 
     /* get the size */
     GetUserName(NULL, &size);
 
-    user = (char *) malloc(size);
+    user = (char *)malloc(size);
     if (user == NULL) {
         return NULL;
     }
 
     if (GetUserName(user, &size)) {
-        return user;
+        rc = ssh_check_username_syntax(user);
+        if (rc == SSH_OK) {
+            return user;
+        }
     }
 
+    free(user);
+
     return NULL;
 }
 
@@ -220,22 +230,37 @@ int ssh_is_ipaddr_v4(const char *str)
 int ssh_is_ipaddr(const char *str)
 {
     int rc = SOCKET_ERROR;
+    char *s = strdup(str);
 
-    if (strchr(str, ':')) {
+    if (s == NULL) {
+        return -1;
+    }
+    if (strchr(s, ':')) {
         struct sockaddr_storage ss;
         int sslen = sizeof(ss);
-
-        /* TODO link-local (IP:v6:addr%ifname). */
-        rc = WSAStringToAddressA((LPSTR) str,
+        char *network_interface = strchr(s, '%');
+
+        /* link-local (IP:v6:addr%ifname). */
+        if (network_interface != NULL) {
+            rc = if_nametoindex(network_interface + 1);
+            if (rc == 0) {
+                free(s);
+                return 0;
+            }
+            *network_interface = '\0';
+        }
+        rc = WSAStringToAddressA((LPSTR) s,
                                  AF_INET6,
                                  NULL,
                                  (struct sockaddr*)&ss,
                                  &sslen);
         if (rc == 0) {
+            free(s);
             return 1;
         }
     }
 
+    free(s);
     return ssh_is_ipaddr_v4(str);
 }
 #else /* _WIN32 */
@@ -308,7 +333,7 @@ char *ssh_get_local_username(void)
     struct passwd pwd;
     struct passwd *pwdbuf = NULL;
     char buf[NSS_BUFLEN_PASSWD];
-    char *name;
+    char *name = NULL;
     int rc;
 
     rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
@@ -317,8 +342,10 @@ char *ssh_get_local_username(void)
     }
 
     name = strdup(pwd.pw_name);
+    rc = ssh_check_username_syntax(name);
 
-    if (name == NULL) {
+    if (rc != SSH_OK) {
+        free(name);
         return NULL;
     }
 
@@ -341,17 +368,32 @@ int ssh_is_ipaddr_v4(const char *str)
 int ssh_is_ipaddr(const char *str)
 {
     int rc = -1;
+    char *s = strdup(str);
 
-    if (strchr(str, ':')) {
+    if (s == NULL) {
+        return -1;
+    }
+    if (strchr(s, ':')) {
         struct in6_addr dest6;
-
-        /* TODO link-local (IP:v6:addr%ifname). */
-        rc = inet_pton(AF_INET6, str, &dest6);
+        char *network_interface = strchr(s, '%');
+
+        /* link-local (IP:v6:addr%ifname). */
+        if (network_interface != NULL) {
+            rc = if_nametoindex(network_interface + 1);
+            if (rc == 0) {
+                free(s);
+                return 0;
+            }
+            *network_interface = '\0';
+        }
+        rc = inet_pton(AF_INET6, s, &dest6);
         if (rc > 0) {
+            free(s);
             return 1;
         }
     }
 
+    free(s);
     return ssh_is_ipaddr_v4(str);
 }
 
@@ -359,7 +401,7 @@ int ssh_is_ipaddr(const char *str)
 
 char *ssh_lowercase(const char* str)
 {
-  char *new, *p;
+  char *new = NULL, *p = NULL;
 
   if (str == NULL) {
     return NULL;
@@ -413,7 +455,7 @@ char *ssh_hostport(const char *host, int port)
 char *ssh_get_hexa(const unsigned char *what, size_t len)
 {
     const char h[] = "0123456789abcdef";
-    char *hexa;
+    char *hexa = NULL;
     size_t i;
     size_t hlen = len * 3;
 
@@ -634,7 +676,7 @@ void ssh_log_hexdump(const char *descr, const unsigned char *what, size_t len)
     return;
 
 error:
-    SSH_LOG(SSH_LOG_WARN, "Could not print to buffer");
+    SSH_LOG(SSH_LOG_DEBUG, "Could not print to buffer");
     return;
 }
 
@@ -674,15 +716,16 @@ const char *ssh_version(int req_version)
 struct ssh_list *ssh_list_new(void)
 {
     struct ssh_list *ret = malloc(sizeof(struct ssh_list));
-    if (!ret)
+    if (ret == NULL) {
         return NULL;
+    }
     ret->root = ret->end = NULL;
     return ret;
 }
 
 void ssh_list_free(struct ssh_list *list)
 {
-    struct ssh_iterator *ptr, *next;
+    struct ssh_iterator *ptr = NULL, *next = NULL;
     if (!list)
         return;
     ptr = list->root;
@@ -703,7 +746,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list)
 
 struct ssh_iterator *ssh_list_find(const struct ssh_list *list, void *value)
 {
-    struct ssh_iterator *it;
+    struct ssh_iterator *it = NULL;
 
     for (it = ssh_list_get_iterator(list); it != NULL ; it = it->next)
         if (it->data == value)
@@ -734,8 +777,9 @@ static struct ssh_iterator *ssh_iterator_new(const void *data)
 {
     struct ssh_iterator *iterator = malloc(sizeof(struct ssh_iterator));
 
-    if (!iterator)
+    if (iterator == NULL) {
         return NULL;
+    }
     iterator->next = NULL;
     iterator->data = data;
     return iterator;
@@ -792,7 +836,7 @@ int ssh_list_prepend(struct ssh_list *list, const void *data)
 
 void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator)
 {
-  struct ssh_iterator *ptr, *prev;
+  struct ssh_iterator *ptr = NULL, *prev = NULL;
 
   if (list == NULL) {
       return;
@@ -826,7 +870,7 @@ void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator)
  * @brief Removes the top element of the list and returns the data value
  * attached to it.
  *
- * @param[in[  list     The ssh_list to remove the element.
+ * @param[in]  list     The ssh_list to remove the element.
  *
  * @returns             A pointer to the element being stored in head, or NULL
  *                      if the list is empty.
@@ -933,7 +977,7 @@ char *ssh_dirname (const char *path)
 char *ssh_basename (const char *path)
 {
   char *new = NULL;
-  const char *s;
+  const char *s = NULL;
   size_t len;
 
   if (path == NULL || *path == '\0') {
@@ -1071,8 +1115,8 @@ int ssh_mkdirs(const char *pathname, mode_t mode)
  */
 char *ssh_path_expand_tilde(const char *d)
 {
-    char *h = NULL, *r;
-    const char *p;
+    char *h = NULL, *r = NULL;
+    const char *p = NULL;
     size_t ld;
     size_t lh = 0;
 
@@ -1087,7 +1131,7 @@ char *ssh_path_expand_tilde(const char *d)
 #ifdef _WIN32
         return strdup(d);
 #else
-        struct passwd *pw;
+        struct passwd *pw = NULL;
         size_t s = p - d;
         char u[128];
 
@@ -1148,7 +1192,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
     char *buf = NULL;
     char *r = NULL;
     char *x = NULL;
-    const char *p;
+    const char *p = NULL;
     size_t i, l;
 
     r = ssh_path_expand_tilde(s);
@@ -1301,8 +1345,8 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
  */
 int ssh_analyze_banner(ssh_session session, int server)
 {
-    const char *banner;
-    const char *openssh;
+    const char *banner = NULL;
+    const char *openssh = NULL;
 
     if (server) {
         banner = session->clientbanner;
@@ -1330,7 +1374,7 @@ int ssh_analyze_banner(ssh_session session, int server)
           return -1;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "Analyzing banner: %s", banner);
+    SSH_LOG(SSH_LOG_DEBUG, "Analyzing banner: %s", banner);
 
     switch (banner[4]) {
         case '2':
@@ -1353,6 +1397,7 @@ int ssh_analyze_banner(ssh_session session, int server)
         char *tmp = NULL;
         unsigned long int major = 0UL;
         unsigned long int minor = 0UL;
+        int off = 0;
 
         /*
          * The banner is typical:
@@ -1372,8 +1417,9 @@ int ssh_analyze_banner(ssh_session session, int server)
             }
 
             errno = 0;
-            minor = strtoul(openssh + 10, &tmp, 10);
-            if ((tmp == (openssh + 10)) ||
+            off = major >= 10 ? 11 : 10;
+            minor = strtoul(openssh + off, &tmp, 10);
+            if ((tmp == (openssh + off)) ||
                 ((errno == ERANGE) && (major == ULONG_MAX)) ||
                 ((errno != 0) && (major == 0)) ||
                 (minor > 100)) {
@@ -1384,7 +1430,7 @@ int ssh_analyze_banner(ssh_session session, int server)
 
             session->openssh = SSH_VERSION_INT(((int) major), ((int) minor), 0);
 
-            SSH_LOG(SSH_LOG_PROTOCOL,
+            SSH_LOG(SSH_LOG_DEBUG,
                     "We are talking to an OpenSSH %s version: %lu.%lu (%x)",
                     server ? "client" : "server",
                     major, minor, session->openssh);
@@ -1488,7 +1534,7 @@ int ssh_timeout_elapsed(struct ssh_timestamp *ts, int timeout)
                   * -2 means user-defined timeout as available in
                   * session->timeout, session->timeout_usec.
                   */
-            SSH_LOG(SSH_LOG_WARN, "ssh_timeout_elapsed called with -2. this needs to "
+            SSH_LOG(SSH_LOG_DEBUG, "ssh_timeout_elapsed called with -2. this needs to "
                             "be fixed. please set a breakpoint on misc.c:%d and "
                             "fix the caller\n", __LINE__);
             return 0;
@@ -1527,32 +1573,6 @@ int ssh_timeout_update(struct ssh_timestamp *ts, int timeout)
   return ret >= 0 ? ret: 0;
 }
 
-
-int ssh_match_group(const char *group, const char *object)
-{
-    const char *a;
-    const char *z;
-
-    z = group;
-    do {
-        a = strchr(z, ',');
-        if (a == NULL) {
-            if (strcmp(z, object) == 0) {
-                return 1;
-            }
-            return 0;
-        } else {
-            if (strncmp(z, object, a - z) == 0) {
-                return 1;
-            }
-        }
-        z = a + 1;
-    } while(1);
-
-    /* not reached */
-    return 0;
-}
-
 #if !defined(HAVE_EXPLICIT_BZERO)
 void explicit_bzero(void *s, size_t n)
 {
@@ -1642,20 +1662,20 @@ int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len)
     enum ssh_quote_state_e state = NO_QUOTE;
 
     if (file_name == NULL || buf == NULL || buf_len == 0) {
-        SSH_LOG(SSH_LOG_WARNING, "Invalid parameter");
+        SSH_LOG(SSH_LOG_TRACE, "Invalid parameter");
         return SSH_ERROR;
     }
 
     /* Only allow file names smaller than 32kb. */
     if (strlen(file_name) > 32 * 1024) {
-        SSH_LOG(SSH_LOG_WARNING, "File name too long");
+        SSH_LOG(SSH_LOG_TRACE, "File name too long");
         return SSH_ERROR;
     }
 
     /* Paranoia check */
     required_buf_len = (size_t)3 * strlen(file_name) + 1;
     if (required_buf_len > buf_len) {
-        SSH_LOG(SSH_LOG_WARNING, "Buffer too small");
+        SSH_LOG(SSH_LOG_TRACE, "Buffer too small");
         return SSH_ERROR;
     }
 
@@ -1813,7 +1833,7 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len)
     }
 
     if ((2 * strlen(string) + 1) > buf_len) {
-        SSH_LOG(SSH_LOG_WARNING, "Buffer too small");
+        SSH_LOG(SSH_LOG_TRACE, "Buffer too small");
         return SSH_ERROR;
     }
 
@@ -1836,23 +1856,23 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len)
  *
  * @brief Replaces the last 6 characters of a string from 'X' to 6 random hexdigits.
  *
- * @param[in,out]  template   Any input string with last 6 characters as 'X'.
+ * @param[in,out]  name   Any input string with last 6 characters as 'X'.
  * @returns -1 as error when the last 6 characters of the input to be replaced are not 'X'
  * 0 otherwise.
  */
-int ssh_tmpname(char *template)
+int ssh_tmpname(char *name)
 {
     char *tmp = NULL;
     size_t i = 0;
     int rc = 0;
     uint8_t random[6];
 
-    if (template == NULL) {
+    if (name == NULL) {
         goto err;
     }
 
-    tmp = template + strlen(template) - 6;
-    if (tmp < template) {
+    tmp = name + strlen(name) - 6;
+    if (tmp < name) {
         goto err;
     }
 
@@ -1953,7 +1973,7 @@ char *ssh_strreplace(const char *src, const char *pattern, const char *replace)
  */
 char *ssh_strerror(int err_num, char *buf, size_t buflen)
 {
-#if defined(__linux__) && defined(__GLIBC__) && defined(_GNU_SOURCE)
+#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__CYGWIN__)) && defined(_GNU_SOURCE)
     /* GNU extension on Linux */
     return strerror_r(err_num, buf, buflen);
 #else
@@ -1971,7 +1991,257 @@ char *ssh_strerror(int err_num, char *buf, size_t buflen)
         buf[0] = '\0';
     }
     return buf;
-#endif /* defined(__linux__) && defined(__GLIBC__) && defined(_GNU_SOURCE) */
+#endif /* ((defined(__linux__) && defined(__GLIBC__)) || defined(__CYGWIN__)) && defined(_GNU_SOURCE) */
+}
+
+/**
+ * @brief Read the requested number of bytes from a local file.
+ *
+ * A call to read() may perform a short read even when sufficient data is
+ * present in the file. This function can be used to avoid such short reads.
+ *
+ * This function tries to read the requested number of bytes from the file
+ * until one of the following occurs :
+ *     - Requested number of bytes are read.
+ *     - EOF is encountered before reading the requested number of bytes.
+ *     - An error occurs.
+ *
+ * On encountering an error due to an interrupt, this function ignores that
+ * error and continues trying to read the data.
+ *
+ * @param[in] fd          The file descriptor of the local file to read from.
+ *
+ * @param[out] buf        Pointer to a buffer in which read data will be
+ *                        stored.
+ *
+ * @param[in] nbytes      Number of bytes to read.
+ *
+ * @returns               Number of bytes read on success,
+ *                        SSH_ERROR on error with errno set to indicate the
+ *                        error.
+ */
+ssize_t ssh_readn(int fd, void *buf, size_t nbytes)
+{
+    size_t total_bytes_read = 0;
+    ssize_t bytes_read;
+
+    if (fd < 0 || buf == NULL || nbytes == 0) {
+        errno = EINVAL;
+        return SSH_ERROR;
+    }
+
+    do {
+        bytes_read = read(fd,
+                          ((char *)buf) + total_bytes_read,
+                          nbytes - total_bytes_read);
+        if (bytes_read == -1) {
+            if (errno == EINTR) {
+                /* Ignoring errors due to signal interrupts */
+                continue;
+            }
+
+            return SSH_ERROR;
+        }
+
+        if (bytes_read == 0) {
+            /* EOF encountered on the local file before reading nbytes */
+            break;
+        }
+
+        total_bytes_read += (size_t)bytes_read;
+    } while (total_bytes_read < nbytes);
+
+    return total_bytes_read;
+}
+
+/**
+ * @brief Write the requested number of bytes to a local file.
+ *
+ * A call to write() may perform a short write on a local file. This function
+ * can be used to avoid short writes.
+ *
+ * This function tries to write the requested number of bytes until those many
+ * bytes are written or some error occurs.
+ *
+ * On encountering an error due to an interrupt, this function ignores that
+ * error and continues trying to write the data.
+ *
+ * @param[in] fd          The file descriptor of the local file to write to.
+ *
+ * @param[in] buf         Pointer to a buffer in which data to write is stored.
+ *
+ * @param[in] nbytes      Number of bytes to write.
+ *
+ * @returns               Number of bytes written on success,
+ *                        SSH_ERROR on error with errno set to indicate the
+ *                        error.
+ */
+ssize_t ssh_writen(int fd, const void *buf, size_t nbytes)
+{
+    size_t total_bytes_written = 0;
+    ssize_t bytes_written;
+
+    if (fd < 0 || buf == NULL || nbytes == 0) {
+        errno = EINVAL;
+        return SSH_ERROR;
+    }
+
+    do {
+        bytes_written = write(fd,
+                              ((const char *)buf) + total_bytes_written,
+                              nbytes - total_bytes_written);
+        if (bytes_written == -1) {
+            if (errno == EINTR) {
+                /* Ignoring errors due to signal interrupts */
+                continue;
+            }
+
+            return SSH_ERROR;
+        }
+
+        total_bytes_written += (size_t)bytes_written;
+    } while (total_bytes_written < nbytes);
+
+    return total_bytes_written;
+}
+
+/**
+ * @brief Checks syntax of a domain name
+ *
+ * The check is made based on the RFC1035 section 2.3.1
+ * Allowed characters are: hyphen, period, digits (0-9) and letters (a-zA-Z)
+ *
+ * The label should be no longer than 63 characters
+ * The label should start with a letter and end with a letter or number
+ * The label in this implementation can start with a number to allow virtual
+ * URLs to pass. Note that this will make IPv4 addresses to pass
+ * this check too.
+ *
+ * @param hostname The domain name to be checked, has to be null terminated
+ *
+ * @return SSH_OK if the hostname passes syntax check
+ *         SSH_ERROR otherwise or if hostname is NULL or empty string
+ */
+int ssh_check_hostname_syntax(const char *hostname)
+{
+    char *it = NULL, *s = NULL, *buf = NULL;
+    size_t it_len;
+    char c;
+
+    if (hostname == NULL || strlen(hostname) == 0) {
+        return SSH_ERROR;
+    }
+
+    /* strtok_r writes into the string, keep the input clean */
+    s = strdup(hostname);
+    if (s == NULL) {
+        return SSH_ERROR;
+    }
+
+    it = strtok_r(s, ".", &buf);
+    /* if the token has 0 length */
+    if (it == NULL) {
+        free(s);
+        return SSH_ERROR;
+    }
+    do {
+        it_len = strlen(it);
+        if (it_len > ARPA_DOMAIN_MAX_LEN ||
+            /* the first char must be a letter, but some virtual urls start
+             * with a number */
+            isalnum(it[0]) == 0 ||
+            isalnum(it[it_len - 1]) == 0) {
+            free(s);
+            return SSH_ERROR;
+        }
+        while (*it != '\0') {
+            c = *it;
+            /* the "." is allowed too, but tokenization removes it from the
+             * string */
+            if (isalnum(c) == 0 && c != '-') {
+                free(s);
+                return SSH_ERROR;
+            }
+            it++;
+        }
+    } while ((it = strtok_r(NULL, ".", &buf)) != NULL);
+
+    free(s);
+
+    return SSH_OK;
+}
+
+/**
+ * @brief Checks syntax of a username
+ *
+ * This check disallows metacharacters in the username
+ *
+ * @param username The username to be checked, has to be null terminated
+ *
+ * @return SSH_OK if the username passes syntax check
+ *         SSH_ERROR otherwise or if username is NULL or empty string
+ */
+int ssh_check_username_syntax(const char *username)
+{
+    size_t username_len;
+
+    if (username == NULL || *username == '-') {
+        return SSH_ERROR;
+    }
+
+    username_len = strlen(username);
+    if (username_len == 0 || username[username_len - 1] == '\\' ||
+        strpbrk(username, "'`\";&<>|(){}") != NULL) {
+        return SSH_ERROR;
+    }
+    for (size_t i = 0; i < username_len; i++) {
+        if (isspace(username[i]) != 0 && username[i + 1] == '-') {
+            return SSH_ERROR;
+        }
+    }
+
+    return SSH_OK;
+}
+
+/**
+ * @brief Free proxy jump list
+ *
+ * Frees everything in a proxy jump list, but doesn't free the ssh_list
+ *
+ * @param proxy_jump_list
+ *
+ */
+void
+ssh_proxyjumps_free(struct ssh_list *proxy_jump_list)
+{
+    struct ssh_jump_info_struct *jump = NULL;
+
+    for (jump =
+             ssh_list_pop_head(struct ssh_jump_info_struct *, proxy_jump_list);
+         jump != NULL;
+         jump = ssh_list_pop_head(struct ssh_jump_info_struct *,
+                                  proxy_jump_list)) {
+        SAFE_FREE(jump->hostname);
+        SAFE_FREE(jump->username);
+        SAFE_FREE(jump);
+    }
+}
+
+/**
+ * @brief Check if libssh proxy jumps is enabled
+ *
+ * If env variable OPENSSH_PROXYJUMP is set to 1 then proxyjump will be
+ * through the OpenSSH binary.
+ *
+ * @return false if OPENSSH_PROXYJUMP=1
+ *         true otherwise
+ */
+bool
+ssh_libssh_proxy_jumps(void)
+{
+    const char *t = getenv("OPENSSH_PROXYJUMP");
+
+    return !(t != NULL && t[0] == '1');
 }
 
 /** @} */
diff --git a/libssh/src/options.c b/libssh/src/options.c
index 49aaefa2..785296dd 100644
--- a/libssh/src/options.c
+++ b/libssh/src/options.c
@@ -37,6 +37,7 @@
 #include "libssh/session.h"
 #include "libssh/misc.h"
 #include "libssh/options.h"
+#include "libssh/config_parser.h"
 #ifdef WITH_SERVER
 #include "libssh/server.h"
 #include "libssh/bind.h"
@@ -52,7 +53,7 @@
  * @brief Duplicate the options of a session structure.
  *
  * If you make several sessions with the same options this is useful. You
- * cannot use twice the same option structure in ssh_session_connect.
+ * cannot use twice the same option structure in ssh_connect.
  *
  * @param src           The session to use to copy the options.
  *
@@ -61,13 +62,14 @@
  *
  * @returns             0 on success, -1 on error with errno set.
  *
- * @see ssh_session_connect()
+ * @see ssh_connect()
  * @see ssh_free()
  */
 int ssh_options_copy(ssh_session src, ssh_session *dest)
 {
-    ssh_session new;
+    ssh_session new = NULL;
     struct ssh_iterator *it = NULL;
+    struct ssh_list *list = NULL;
     char *id = NULL;
     int i;
 
@@ -105,24 +107,51 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
     }
 
     /* Remove the default identities */
-    for (id = ssh_list_pop_head(char *, new->opts.identity);
+    for (id = ssh_list_pop_head(char *, new->opts.identity_non_exp);
          id != NULL;
-         id = ssh_list_pop_head(char *, new->opts.identity)) {
+         id = ssh_list_pop_head(char *, new->opts.identity_non_exp)) {
         SAFE_FREE(id);
     }
     /* Copy the new identities from the source list */
-    if (src->opts.identity != NULL) {
+    list = new->opts.identity_non_exp;
+    it = ssh_list_get_iterator(src->opts.identity_non_exp);
+    for (i = 0; i < 2; i++) {
+        while (it) {
+            int rc;
+
+            id = strdup((char *)it->data);
+            if (id == NULL) {
+                ssh_free(new);
+                return -1;
+            }
+
+            rc = ssh_list_append(list, id);
+            if (rc < 0) {
+                free(id);
+                ssh_free(new);
+                return -1;
+            }
+            it = it->next;
+        }
+
+        /* copy the identity list if there is any already */
+        list = new->opts.identity;
         it = ssh_list_get_iterator(src->opts.identity);
+    }
+
+    list = new->opts.certificate_non_exp;
+    it = ssh_list_get_iterator(src->opts.certificate_non_exp);
+    for (i = 0; i < 2; i++) {
         while (it) {
             int rc;
 
-            id = strdup((char *) it->data);
+            id = strdup((char *)it->data);
             if (id == NULL) {
                 ssh_free(new);
                 return -1;
             }
 
-            rc = ssh_list_append(new->opts.identity, id);
+            rc = ssh_list_append(list, id);
             if (rc < 0) {
                 free(id);
                 ssh_free(new);
@@ -130,6 +159,10 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
             }
             it = it->next;
         }
+
+        /* copy the certificate list if there is any already */
+        list = new->opts.certificate;
+        it = ssh_list_get_iterator(src->opts.certificate);
     }
 
     if (src->opts.sshdir != NULL) {
@@ -198,6 +231,14 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
         }
     }
 
+    if (src->opts.control_path != NULL) {
+        new->opts.control_path = strdup(src->opts.control_path);
+        if (new->opts.control_path == NULL) {
+            ssh_free(new);
+            return -1;
+        }
+    }
+
     memcpy(new->opts.options_seen, src->opts.options_seen,
            sizeof(new->opts.options_seen));
 
@@ -211,6 +252,7 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
     new->opts.flags                 = src->opts.flags;
     new->opts.nodelay               = src->opts.nodelay;
     new->opts.config_processed      = src->opts.config_processed;
+    new->opts.control_master        = src->opts.control_master;
     new->common.log_verbosity       = src->common.log_verbosity;
     new->common.callbacks           = src->common.callbacks;
 
@@ -221,14 +263,30 @@ int ssh_options_copy(ssh_session src, ssh_session *dest)
 
 int ssh_options_set_algo(ssh_session session,
                          enum ssh_kex_types_e algo,
-                         const char *list)
+                         const char *list,
+                         char **place)
 {
-    char *p = NULL;
+    /* When the list start with +,-,^ the filtration of unknown algorithms
+     * gets handled inside the helper functions, otherwise the list is taken
+     * as it is. */
+    char *p = (char *)list;
+
+    if (algo < SSH_COMP_C_S) {
+        if (list[0] == '+') {
+            p = ssh_add_to_default_algos(algo, list+1);
+        } else if (list[0] == '-') {
+            p = ssh_remove_from_default_algos(algo, list+1);
+        } else if (list[0] == '^') {
+            p = ssh_prefix_default_algos(algo, list+1);
+        }
+    }
 
-    if (ssh_fips_mode()) {
-        p = ssh_keep_fips_algos(algo, list);
-    } else {
-        p = ssh_keep_known_algos(algo, list);
+    if (p == list) {
+        if (ssh_fips_mode()) {
+            p = ssh_keep_fips_algos(algo, list);
+        } else {
+            p = ssh_keep_known_algos(algo, list);
+        }
     }
 
     if (p == NULL) {
@@ -238,8 +296,8 @@ int ssh_options_set_algo(ssh_session session,
         return -1;
     }
 
-    SAFE_FREE(session->opts.wanted_methods[algo]);
-    session->opts.wanted_methods[algo] = p;
+    SAFE_FREE(*place);
+    *place = p;
 
     return 0;
 }
@@ -253,10 +311,17 @@ int ssh_options_set_algo(ssh_session session,
  *              following:
  *
  *              - SSH_OPTIONS_HOST:
- *                The hostname or ip address to connect to (const char *).
+ *                The hostname or ip address to connect to. It can be also in
+ *                the format of URI, containing also username, such as
+ *                [username@]hostname. The IPv6 addresses can be enclosed
+ *                within square braces, for example [::1]. The IPv4 address
+ *                supports any format supported by OS. The hostname needs to be
+ *                encoded to match RFC1035, so for IDN it needs to be encoded
+ *                in punycode.
+ *                (const char *).
  *
  *              - SSH_OPTIONS_PORT:
- *                The port to connect to (unsigned int *).
+ *                The port to connect to (unsigned int).
  *
  *              - SSH_OPTIONS_PORT_STR:
  *                The port to connect to (const char *).
@@ -315,13 +380,28 @@ int ssh_options_set_algo(ssh_session session,
  *                Add a new identity file (const char *, format string) to
  *                the identity list.\n
  *                \n
- *                By default identity, id_dsa and id_rsa are checked.\n
+ *                By default id_rsa, id_ecdsa and id_ed25519 files are used.\n
  *                \n
  *                The identity used to authenticate with public key will be
  *                prepended to the list.
  *                It may include "%s" which will be replaced by the
  *                user home directory.
  *
+ *              - SSH_OPTIONS_CERTIFICATE:
+ *                Add a new certificate file (const char *, format string) to
+ *                the certificate list.\n
+ *                \n
+ *                By default id_rsa-cert.pub, id_ecdsa-cert.pub and
+ *                id_ed25519-cert.pub files are used, when the underlying
+ *                private key is present.\n
+ *                \n
+ *                The certificate itself can not be used to authenticate to
+ *                remote server so it needs to be paired with private key
+ *                (aka identity file) provided with separate option, from agent
+ *                or from PKCS#11 token.
+ *                It may include "%s" which will be replaced by the
+ *                user home directory.
+ *
  *              - SSH_OPTIONS_TIMEOUT:
  *                Set a timeout for the connection in seconds (long).
  *
@@ -345,6 +425,7 @@ int ssh_options_set_algo(ssh_session session,
  *                - SSH_LOG_PROTOCOL: High level protocol information
  *                - SSH_LOG_PACKET: Lower level protocol information, packet level
  *                - SSH_LOG_FUNCTIONS: Every function path
+ *                The default is SSH_LOG_NOLOG.
  *
  *              - SSH_OPTIONS_LOG_VERBOSITY_STR:
  *                Set the session logging verbosity via a
@@ -356,34 +437,60 @@ int ssh_options_set_algo(ssh_session session,
  *
  *              - SSH_OPTIONS_CIPHERS_C_S:
  *                Set the symmetric cipher client to server (const char *,
- *                comma-separated list).
+ *                comma-separated list). The list can be prepended by +,-,^
+ *                which can append, remove or move to the beginning
+ *                (prioritizing) of the default list respectively. Giving an
+ *                empty list after + and ^ will cause error.
  *
  *              - SSH_OPTIONS_CIPHERS_S_C:
  *                Set the symmetric cipher server to client (const char *,
- *                comma-separated list).
+ *                comma-separated list). The list can be prepended by +,-,^
+ *                which can append, remove or move to the beginning
+ *                (prioritizing) of the default list respectively. Giving an
+ *                empty list after + and ^ will cause error.
  *
  *              - SSH_OPTIONS_KEY_EXCHANGE:
  *                Set the key exchange method to be used (const char *,
  *                comma-separated list). ex:
  *                "ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
+ *                The list can be prepended by +,-,^ which will append,
+ *                remove or move to the beginning (prioritizing) of the
+ *                default list respectively. Giving an empty list
+ *                after + and ^ will cause error.
  *
  *              - SSH_OPTIONS_HMAC_C_S:
  *                Set the Message Authentication Code algorithm client to server
- *                (const char *, comma-separated list).
+ *                (const char *, comma-separated list). The list can be
+ *                prepended by +,-,^ which will append, remove or move to
+ *                the beginning (prioritizing) of the default list
+ *                respectively. Giving an empty list after + and ^ will
+ *                cause error.
  *
  *              - SSH_OPTIONS_HMAC_S_C:
  *                Set the Message Authentication Code algorithm server to client
- *                (const char *, comma-separated list).
+ *                (const char *, comma-separated list). The list can be
+ *                prepended by +,-,^ which will append, remove or move to
+ *                the beginning (prioritizing) of the default list
+ *                respectively. Giving an empty list after + and ^ will
+ *                cause error.
  *
  *              - SSH_OPTIONS_HOSTKEYS:
  *                Set the preferred server host key types (const char *,
  *                comma-separated list). ex:
- *                "ssh-rsa,ssh-dss,ecdh-sha2-nistp256"
+ *                "ssh-rsa,ecdh-sha2-nistp256". The list can be
+ *                prepended by +,-,^ which will append, remove or move to
+ *                the beginning (prioritizing) of the default list
+ *                respectively. Giving an empty list after + and ^ will
+ *                cause error.
  *
  *              - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
  *                Set the preferred public key algorithms to be used for
  *                authentication (const char *, comma-separated list). ex:
- *                "ssh-rsa,rsa-sha2-256,ssh-dss,ecdh-sha2-nistp256"
+ *                "ssh-rsa,rsa-sha2-256,ecdh-sha2-nistp256"
+ *                The list can be prepended by +,-,^ which will append,
+ *                remove or move to the beginning (prioritizing) of the
+ *                default list respectively. Giving an empty list
+ *                after + and ^ will cause error.
  *
  *              - SSH_OPTIONS_COMPRESSION_C_S:
  *                Set the compression to use for client to server
@@ -412,6 +519,20 @@ int ssh_options_set_algo(ssh_session session,
  *                Set the command to be executed in order to connect to
  *                server (const char *).
  *
+ *              - SSH_OPTIONS_PROXYJUMP:
+ *                Set the comma separated jump hosts in order to connect to
+ *                server (const char *). Set to "none" to disable.
+ *                Example:
+ *                  "alice@127.0.0.1:5555,bob@127.0.0.2"
+ *
+ *                If environment variable OPENSSH_PROXYJUMP is set to 1 then proxyjump will be
+ *                handled by the OpenSSH binary.
+ *
+ *              - SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND:
+ *                Append the callbacks struct for a jump in order of
+ *                SSH_OPTIONS_PROXYJUMP. Append as many times
+ *                as the number of jumps (struct ssh_jump_callbacks_struct *).
+ *
  *              - SSH_OPTIONS_GSSAPI_SERVER_IDENTITY
  *                Set it to specify the GSSAPI server identity that libssh
  *                should expect when connecting to the server (const char *).
@@ -464,7 +585,7 @@ int ssh_options_set_algo(ssh_session session,
  *                (uint64_t, 0=default)
  *
  *              - SSH_OPTIONS_REKEY_TIME
- *                Set the time limit for a session before intializing a rekey
+ *                Set the time limit for a session before initializing a rekey
  *                in seconds. RFC 4253 Section 9 recommends one hour.
  *                (uint32_t, 0=off)
  *
@@ -475,27 +596,69 @@ int ssh_options_set_algo(ssh_session session,
  *                configuration option as they are considered completely broken.
  *                Setting 0 will revert the value to defaults.
  *                Default is 1024 bits or 2048 bits in FIPS mode.
- *                (int *)
+ *                (int)
 
  *              - SSH_OPTIONS_IDENTITY_AGENT
  *                Set the path to the SSH agent socket. If unset, the
  *                SSH_AUTH_SOCK environment is consulted.
  *                (const char *)
+
+ *              - SSH_OPTIONS_IDENTITIES_ONLY
+ *                Use only keys specified in the SSH config, even if agent
+ *                offers more.
+ *                (bool)
+ *
+ *              - SSH_OPTIONS_CONTROL_MASTER
+ *                Set the option to enable the sharing of multiple sessions over a
+ *                single network connection using connection multiplexing (int).
+ *
+ *                The possible options are among the following:
+ *                 - SSH_CONTROL_MASTER_AUTO: enable connection sharing if possible
+ *                 - SSH_CONTROL_MASTER_YES: enable connection sharing unconditionally
+ *                 - SSH_CONTROL_MASTER_ASK: ask for confirmation if connection sharing is to be enabled
+ *                 - SSH_CONTROL_MASTER_AUTOASK: enable connection sharing if possible,
+ *                                               but ask for confirmation
+ *                 - SSH_CONTROL_MASTER_NO: disable connection sharing unconditionally
+ *
+ *                The default is SSH_CONTROL_MASTER_NO.
+ *
+ *              - SSH_OPTIONS_CONTROL_PATH
+ *                Set the path to the control socket used for connection sharing.
+ *                Set to "none" to disable connection sharing.
+ *                (const char *)
+ *
  *
  * @param  value The value to set. This is a generic pointer and the
  *               datatype which is used should be set according to the
  *               type set.
  *
  * @return       0 on success, < 0 on error.
+ *
+ * @warning      When the option value to set is represented via a pointer
+ *               (e.g const char * in case of strings, ssh_key in case of a
+ *               libssh key), the value parameter should be that pointer.
+ *               Do NOT pass a pointer to a pointer (const char **, ssh_key *)
+ *
+ * @warning      When the option value to set is not a pointer (e.g int,
+ *               unsigned int, bool, long), the value parameter should be
+ *               a pointer to the location storing the value to set (int *,
+ *               unsigned int *, bool *, long *)
+ *
+ * @warning      If the value parameter has an invalid type (e.g if its not a
+ *               pointer when it should have been a pointer, or if its a pointer
+ *               to a pointer when it should have just been a pointer), then the
+ *               behaviour is undefined.
  */
 int ssh_options_set(ssh_session session, enum ssh_options_e type,
                     const void *value)
 {
-    const char *v;
-    char *p, *q;
+    const char *v = NULL;
+    char *p = NULL, *q = NULL;
     long int i;
     unsigned int u;
     int rc;
+    char **wanted_methods = session->opts.wanted_methods;
+    struct ssh_jump_callbacks_struct *j = NULL;
 
     if (session == NULL) {
         return -1;
@@ -508,33 +671,19 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                q = strdup(value);
-                if (q == NULL) {
-                    ssh_set_error_oom(session);
+                char *username = NULL, *hostname = NULL;
+                rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true);
+                if (rc != SSH_OK) {
+                    ssh_set_error_invalid(session);
                     return -1;
                 }
-                p = strrchr(q, '@');
-
-                SAFE_FREE(session->opts.host);
-
-                if (p) {
-                    *p = '\0';
-                    session->opts.host = strdup(p + 1);
-                    if (session->opts.host == NULL) {
-                        SAFE_FREE(q);
-                        ssh_set_error_oom(session);
-                        return -1;
-                    }
-
+                if (username != NULL) {
                     SAFE_FREE(session->opts.username);
-                    session->opts.username = strdup(q);
-                    SAFE_FREE(q);
-                    if (session->opts.username == NULL) {
-                        ssh_set_error_oom(session);
-                        return -1;
-                    }
-                } else {
-                    session->opts.host = q;
+                    session->opts.username = username;
+                }
+                if (hostname != NULL) {
+                    SAFE_FREE(session->opts.host);
+                    session->opts.host = hostname;
                 }
             }
             break;
@@ -565,7 +714,9 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 }
                 i = strtol(q, &p, 10);
                 if (q == p) {
+                    SSH_LOG(SSH_LOG_DEBUG, "No port number was parsed");
                     SAFE_FREE(q);
+                    return -1;
                 }
                 SAFE_FREE(q);
                 if (i <= 0) {
@@ -625,6 +776,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                     ssh_set_error_oom(session);
                     return -1;
                 }
+                rc = ssh_check_username_syntax(session->opts.username);
+                if (rc != SSH_OK) {
+                    ssh_set_error_invalid(session);
+                    return -1;
+                }
             }
             break;
         case SSH_OPTIONS_SSH_DIR:
@@ -657,7 +813,27 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
             if (q == NULL) {
                 return -1;
             }
-            rc = ssh_list_prepend(session->opts.identity, q);
+            if (session->opts.exp_flags & SSH_OPT_EXP_FLAG_IDENTITY) {
+                rc = ssh_list_append(session->opts.identity_non_exp, q);
+            } else {
+                rc = ssh_list_prepend(session->opts.identity_non_exp, q);
+            }
+            if (rc < 0) {
+                free(q);
+                return -1;
+            }
+            break;
+        case SSH_OPTIONS_CERTIFICATE:
+            v = value;
+            if (v == NULL || v[0] == '\0') {
+                ssh_set_error_invalid(session);
+                return -1;
+            }
+            q = strdup(v);
+            if (q == NULL) {
+                return -1;
+            }
+            rc = ssh_list_append(session->opts.certificate_non_exp, q);
             if (rc < 0) {
                 free(q);
                 return -1;
@@ -677,6 +853,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                     ssh_set_error_oom(session);
                     return -1;
                 }
+                session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_KNOWNHOSTS;
             }
             break;
         case SSH_OPTIONS_GLOBAL_KNOWNHOSTS:
@@ -698,6 +875,7 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                     ssh_set_error_oom(session);
                     return -1;
                 }
+                session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS;
             }
             break;
         case SSH_OPTIONS_TIMEOUT:
@@ -761,7 +939,9 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 }
                 i = strtol(q, &p, 10);
                 if (q == p) {
+                    SSH_LOG(SSH_LOG_DEBUG, "No log verbositiy was parsed");
                     SAFE_FREE(q);
+                    return -1;
                 }
                 SAFE_FREE(q);
                 if (i < 0) {
@@ -779,7 +959,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_options_set_algo(session, SSH_CRYPT_C_S, v) < 0)
+                rc = ssh_options_set_algo(session,
+                                          SSH_CRYPT_C_S,
+                                          v,
+                                          &wanted_methods[SSH_CRYPT_C_S]);
+                if (rc < 0)
                     return -1;
             }
             break;
@@ -789,7 +973,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_options_set_algo(session, SSH_CRYPT_S_C, v) < 0)
+                rc = ssh_options_set_algo(session,
+                                          SSH_CRYPT_S_C,
+                                          v,
+                                          &wanted_methods[SSH_CRYPT_S_C]);
+                if (rc < 0)
                     return -1;
             }
             break;
@@ -799,7 +987,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_options_set_algo(session, SSH_KEX, v) < 0)
+                rc = ssh_options_set_algo(session,
+                                          SSH_KEX,
+                                          v,
+                                          &wanted_methods[SSH_KEX]);
+                if (rc < 0)
                     return -1;
             }
             break;
@@ -809,7 +1001,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_options_set_algo(session, SSH_HOSTKEYS, v) < 0)
+                rc = ssh_options_set_algo(session,
+                                          SSH_HOSTKEYS,
+                                          v,
+                                          &wanted_methods[SSH_HOSTKEYS]);
+                if (rc < 0)
                     return -1;
             }
             break;
@@ -819,20 +1015,12 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_fips_mode()) {
-                    p = ssh_keep_fips_algos(SSH_HOSTKEYS, v);
-                } else {
-                    p = ssh_keep_known_algos(SSH_HOSTKEYS, v);
-                }
-                if (p == NULL) {
-                    ssh_set_error(session, SSH_REQUEST_DENIED,
-                        "Setting method: no known public key algorithm (%s)",
-                         v);
+                rc = ssh_options_set_algo(session,
+                                          SSH_HOSTKEYS,
+                                          v,
+                                          &session->opts.pubkey_accepted_types);
+                if (rc < 0)
                     return -1;
-                }
-
-                SAFE_FREE(session->opts.pubkey_accepted_types);
-                session->opts.pubkey_accepted_types = p;
             }
             break;
         case SSH_OPTIONS_HMAC_C_S:
@@ -841,7 +1029,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_options_set_algo(session, SSH_MAC_C_S, v) < 0)
+                rc = ssh_options_set_algo(session,
+                                          SSH_MAC_C_S,
+                                          v,
+                                          &wanted_methods[SSH_MAC_C_S]);
+                if (rc < 0)
                     return -1;
             }
             break;
@@ -851,7 +1043,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (ssh_options_set_algo(session, SSH_MAC_S_C, v) < 0)
+                rc = ssh_options_set_algo(session,
+                                          SSH_MAC_S_C,
+                                          v,
+                                          &wanted_methods[SSH_MAC_S_C]);
+                if (rc < 0)
                     return -1;
             }
             break;
@@ -861,16 +1057,18 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (strcasecmp(value,"yes")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib,none") < 0)
-                        return -1;
-                } else if (strcasecmp(value,"no")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_C_S,"none,zlib@openssh.com,zlib") < 0)
-                        return -1;
-                } else {
-                    if (ssh_options_set_algo(session, SSH_COMP_C_S, v) < 0)
-                        return -1;
+                const char *tmp = v;
+                if (strcasecmp(value, "yes") == 0){
+                    tmp = "zlib@openssh.com,none";
+                } else if (strcasecmp(value, "no") == 0){
+                    tmp = "none,zlib@openssh.com";
                 }
+                rc = ssh_options_set_algo(session,
+                                          SSH_COMP_C_S,
+                                          tmp,
+                                          &wanted_methods[SSH_COMP_C_S]);
+                if (rc < 0)
+                    return -1;
             }
             break;
         case SSH_OPTIONS_COMPRESSION_S_C:
@@ -879,16 +1077,19 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                if (strcasecmp(value,"yes")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib,none") < 0)
-                        return -1;
-                } else if (strcasecmp(value,"no")==0){
-                    if(ssh_options_set_algo(session,SSH_COMP_S_C,"none,zlib@openssh.com,zlib") < 0)
-                        return -1;
-                } else {
-                    if (ssh_options_set_algo(session, SSH_COMP_S_C, v) < 0)
-                        return -1;
+                const char *tmp = v;
+                if (strcasecmp(value, "yes") == 0){
+                    tmp = "zlib@openssh.com,none";
+                } else if (strcasecmp(value, "no") == 0){
+                    tmp = "none,zlib@openssh.com";
                 }
+
+                rc = ssh_options_set_algo(session,
+                                          SSH_COMP_S_C,
+                                          tmp,
+                                          &wanted_methods[SSH_COMP_S_C]);
+                if (rc < 0)
+                    return -1;
             }
             break;
         case SSH_OPTIONS_COMPRESSION:
@@ -940,6 +1141,33 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                         return -1;
                     }
                     session->opts.ProxyCommand = q;
+                    session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_PROXYCOMMAND;
+                }
+            }
+            break;
+        case SSH_OPTIONS_PROXYJUMP:
+            v = value;
+            if (v == NULL || v[0] == '\0') {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                ssh_proxyjumps_free(session->opts.proxy_jumps);
+                rc = ssh_config_parse_proxy_jump(session, v, true);
+                if (rc != SSH_OK) {
+                    return SSH_ERROR;
+                }
+            }
+            break;
+        case SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND:
+            j = (struct ssh_jump_callbacks_struct *)value;
+            if (j == NULL) {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                rc = ssh_list_prepend(session->opts.proxy_jumps_user_cb, j);
+                if (rc != SSH_OK) {
+                    ssh_set_error_oom(session);
+                    return SSH_ERROR;
                 }
             }
             break;
@@ -1052,10 +1280,19 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 return -1;
             } else {
                 int *x = (int *)value;
+
+                if (*x < 0) {
+                    ssh_set_error_invalid(session);
+                    return -1;
+                }
+
+                /* (*x == 0) is allowed as it is used to revert to default */
+
                 if (*x > 0 && *x < 768) {
                     ssh_set_error(session, SSH_REQUEST_DENIED,
-                                  "The provided value (%u) for minimal RSA key "
-                                  "size is too small. Use at least 768 bits.", *x);
+                                  "The provided value (%d) for minimal RSA key "
+                                  "size is too small. Use at least 768 bits.",
+                                  *x);
                     return -1;
                 }
                 session->opts.rsa_min_size = *x;
@@ -1077,6 +1314,46 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 }
             }
             break;
+        case SSH_OPTIONS_IDENTITIES_ONLY:
+            if (value == NULL) {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                bool *x = (bool *)value;
+                session->opts.identities_only = *x;
+            }
+            break;
+        case SSH_OPTIONS_CONTROL_MASTER:
+            if (value == NULL) {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                int *x = (int *) value;
+                if (*x < SSH_CONTROL_MASTER_NO || *x > SSH_CONTROL_MASTER_AUTOASK) {
+                    ssh_set_error_invalid(session);
+                    return -1;
+                }
+                session->opts.control_master = *x;
+            }
+            break;
+        case SSH_OPTIONS_CONTROL_PATH:
+            v = value;
+            if (v == NULL || v[0] == '\0') {
+                ssh_set_error_invalid(session);
+                return -1;
+            } else {
+                SAFE_FREE(session->opts.control_path);
+                rc = strcasecmp(v, "none");
+                if (rc != 0) {
+                    session->opts.control_path = ssh_path_expand_tilde(v);
+                    if (session->opts.control_path == NULL) {
+                        ssh_set_error_oom(session);
+                        return -1;
+                    }
+                    session->opts.exp_flags &= ~SSH_OPT_EXP_FLAG_CONTROL_PATH;
+                }
+            }
+            break;
         default:
             ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
             return -1;
@@ -1086,6 +1363,46 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
     return 0;
 }
 
+/**
+ * @brief This function returns the current algorithms used for algorithm
+ * negotiation. It is either libssh default, option manually set or option
+ * read from configuration file.
+ *
+ * This function will return NULL on error
+ *
+ * @param session An allocated SSH session structure.
+ * @param algo One of the ssh_kex_types_e values.
+ */
+char *ssh_options_get_algo(ssh_session session,
+                           enum ssh_kex_types_e algo)
+{
+    char *value = NULL;
+
+    /* Check session and algo values are valid */
+
+    if (session == NULL) {
+        return NULL;
+    }
+
+    if (algo >= SSH_LANG_C_S) {
+        ssh_set_error_invalid(session);
+        return NULL;
+    }
+
+    /* Get the option the user has set, if there is one */
+    value = session->opts.wanted_methods[algo];
+    if (value == NULL) {
+        /* The user has not set a value, return the appropriate default */
+        if (ssh_fips_mode())
+            value = (char *)ssh_kex_get_fips_methods(algo);
+        else
+            value = (char *)ssh_kex_get_default_methods(algo);
+    }
+
+    return value;
+}
+
+
 /**
  * @brief This function can get ssh the ssh port. It must only be used on
  *        a valid ssh session. This function is useful when the session
@@ -1138,7 +1455,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
  *              - SSH_OPTIONS_IDENTITY:
  *                Get the first identity file name (const char *).\n
  *                \n
- *                By default identity, id_dsa and id_rsa are checked.
+ *                By default id_rsa, id_ecdsa and id_ed25519 files are used.
  *
  *              - SSH_OPTIONS_PROXYCOMMAND:
  *                Get the proxycommand necessary to log into the
@@ -1151,6 +1468,46 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
  *              - SSH_OPTIONS_KNOWNHOSTS:
  *                Get the path to the known_hosts file being used.
  *
+ *              - SSH_OPTIONS_CONTROL_PATH:
+ *                Get the path to the control socket being used for connection
+ *                multiplexing.
+ *
+ *              - SSH_OPTIONS_KEY_EXCHANGE:
+ *                Get the key exchange methods to be used. If the option has
+ *                not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_HOSTKEYS:
+ *                Get the preferred server host key types. If the option has
+ *                not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
+ *                Get the preferred public key algorithms to be used for
+ *                authentication.
+ *
+ *              - SSH_OPTIONS_CIPHERS_C_S:
+ *                Get the symmetric cipher client to server. If the option has
+ *                not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_CIPHERS_S_C:
+ *                Get the symmetric cipher server to client. If the option has
+ *                not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_HMAC_C_S:
+ *                Get the Message Authentication Code algorithm client to server
+ *                If the option has not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_HMAC_S_C:
+ *                Get the Message Authentication Code algorithm server to client
+ *                If the option has not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_COMPRESSION_C_S:
+ *                Get the compression to use for client to server communication
+ *                If the option has not been set, returns the defaults.
+ *
+ *              - SSH_OPTIONS_COMPRESSION_S_C:
+ *                Get the compression to use for server to client communication
+ *                If the option has not been set, returns the defaults.
+ *
  * @param  value The value to get into. As a char**, space will be
  *               allocated by the function for the value, it is
  *               your responsibility to free the memory using
@@ -1160,7 +1517,7 @@ int ssh_options_get_port(ssh_session session, unsigned int* port_target) {
  */
 int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
 {
-    char* src = NULL;
+    char *src = NULL;
 
     if (session == NULL) {
         return SSH_ERROR;
@@ -1173,34 +1530,78 @@ int ssh_options_get(ssh_session session, enum ssh_options_e type, char** value)
 
     switch(type)
     {
-        case SSH_OPTIONS_HOST: {
+        case SSH_OPTIONS_HOST:
             src = session->opts.host;
             break;
-        }
-        case SSH_OPTIONS_USER: {
+
+        case SSH_OPTIONS_USER:
             src = session->opts.username;
             break;
-        }
+
         case SSH_OPTIONS_IDENTITY: {
-            struct ssh_iterator *it = ssh_list_get_iterator(session->opts.identity);
+            struct ssh_iterator *it = NULL;
+            it = ssh_list_get_iterator(session->opts.identity);
+            if (it == NULL) {
+                it = ssh_list_get_iterator(session->opts.identity_non_exp);
+            }
             if (it == NULL) {
                 return SSH_ERROR;
             }
             src = ssh_iterator_value(char *, it);
             break;
         }
-        case SSH_OPTIONS_PROXYCOMMAND: {
+
+        case SSH_OPTIONS_PROXYCOMMAND:
             src = session->opts.ProxyCommand;
             break;
-        }
-        case SSH_OPTIONS_KNOWNHOSTS: {
+
+        case SSH_OPTIONS_KNOWNHOSTS:
             src = session->opts.knownhosts;
             break;
-        }
-        case SSH_OPTIONS_GLOBAL_KNOWNHOSTS: {
+
+        case SSH_OPTIONS_GLOBAL_KNOWNHOSTS:
             src = session->opts.global_knownhosts;
             break;
-        }
+        case SSH_OPTIONS_CONTROL_PATH:
+            src = session->opts.control_path;
+            break;
+
+        case SSH_OPTIONS_CIPHERS_C_S:
+            src = ssh_options_get_algo(session, SSH_CRYPT_C_S);
+            break;
+
+        case SSH_OPTIONS_CIPHERS_S_C:
+            src = ssh_options_get_algo(session, SSH_CRYPT_S_C);
+            break;
+
+        case SSH_OPTIONS_KEY_EXCHANGE:
+            src = ssh_options_get_algo(session, SSH_KEX);
+            break;
+
+        case SSH_OPTIONS_HOSTKEYS:
+            src = ssh_options_get_algo(session, SSH_HOSTKEYS);
+            break;
+
+        case SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES:
+            src = session->opts.pubkey_accepted_types;
+            break;
+
+        case SSH_OPTIONS_HMAC_C_S:
+            src = ssh_options_get_algo(session, SSH_MAC_C_S);
+            break;
+
+        case SSH_OPTIONS_HMAC_S_C:
+            src = ssh_options_get_algo(session, SSH_MAC_S_C);
+            break;
+
+        case SSH_OPTIONS_COMPRESSION_C_S:
+            src = ssh_options_get_algo(session, SSH_COMP_C_S);
+            break;
+
+        case SSH_OPTIONS_COMPRESSION_S_C:
+            src = ssh_options_get_algo(session, SSH_COMP_S_C);
+            break;
+
         default:
             ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
             return SSH_ERROR;
@@ -1256,8 +1657,6 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
     size_t i = 0;
     int argc = *argcptr;
     int debuglevel = 0;
-    int usersa = 0;
-    int usedss = 0;
     int compress = 0;
     int cont = 1;
     size_t current = 0;
@@ -1271,7 +1670,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
     }
 
     opterr = 0; /* shut up getopt */
-    while((opt = getopt(argc, argv, "c:i:Cl:p:vb:rd12")) != -1) {
+    while((opt = getopt(argc, argv, "c:i:Cl:p:vb:r12")) != -1) {
         switch(opt) {
         case 'l':
             user = optarg;
@@ -1283,10 +1682,6 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
             debuglevel++;
             break;
         case 'r':
-            usersa++;
-            break;
-        case 'd':
-            usedss++;
             break;
         case 'c':
             cipher = optarg;
@@ -1350,11 +1745,6 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
         optind++;
     }
 
-    if (usersa && usedss) {
-        ssh_set_error(session, SSH_FATAL, "Either RSA or DSS must be chosen");
-        cont = 0;
-    }
-
     ssh_set_log_level(debuglevel);
 
     optind = saveoptind;
@@ -1431,7 +1821,7 @@ int ssh_options_getopt(ssh_session session, int *argcptr, char **argv)
  */
 int ssh_options_parse_config(ssh_session session, const char *filename)
 {
-  char *expanded_filename;
+  char *expanded_filename = NULL;
   int r;
 
   if (session == NULL) {
@@ -1477,8 +1867,7 @@ int ssh_options_parse_config(ssh_session session, const char *filename)
 
 int ssh_options_apply(ssh_session session)
 {
-    struct ssh_iterator *it;
-    char *tmp;
+    char *tmp = NULL;
     int rc;
 
     if (session->opts.sshdir == NULL) {
@@ -1495,70 +1884,124 @@ int ssh_options_apply(ssh_session session)
         }
     }
 
-    if (session->opts.knownhosts == NULL) {
-        tmp = ssh_path_expand_escape(session, "%d/known_hosts");
-    } else {
-        tmp = ssh_path_expand_escape(session, session->opts.knownhosts);
-    }
-    if (tmp == NULL) {
-        return -1;
+    if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS) == 0) {
+        if (session->opts.knownhosts == NULL) {
+            tmp = ssh_path_expand_escape(session, "%d/known_hosts");
+        } else {
+            tmp = ssh_path_expand_escape(session, session->opts.knownhosts);
+        }
+        if (tmp == NULL) {
+            return -1;
+        }
+        free(session->opts.knownhosts);
+        session->opts.knownhosts = tmp;
+        session->opts.exp_flags |= SSH_OPT_EXP_FLAG_KNOWNHOSTS;
     }
-    free(session->opts.knownhosts);
-    session->opts.knownhosts = tmp;
 
-    if (session->opts.global_knownhosts == NULL) {
-        tmp = strdup("/etc/ssh/ssh_known_hosts");
-    } else {
-        tmp = ssh_path_expand_escape(session, session->opts.global_knownhosts);
-    }
-    if (tmp == NULL) {
-        return -1;
+    if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS) == 0) {
+        if (session->opts.global_knownhosts == NULL) {
+            tmp = strdup("/etc/ssh/ssh_known_hosts");
+        } else {
+            tmp = ssh_path_expand_escape(session,
+                                         session->opts.global_knownhosts);
+        }
+        if (tmp == NULL) {
+            return -1;
+        }
+        free(session->opts.global_knownhosts);
+        session->opts.global_knownhosts = tmp;
+        session->opts.exp_flags |= SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS;
     }
-    free(session->opts.global_knownhosts);
-    session->opts.global_knownhosts = tmp;
 
-    if (session->opts.ProxyCommand != NULL) {
-        char *p = NULL;
-        size_t plen = strlen(session->opts.ProxyCommand) +
-                      5 /* strlen("exec ") */;
 
-        p = malloc(plen + 1 /* \0 */);
-        if (p == NULL) {
-            return -1;
-        }
+    if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND) == 0) {
+        if (session->opts.ProxyCommand != NULL) {
+            char *p = NULL;
+            size_t plen = strlen(session->opts.ProxyCommand) +
+                          5 /* strlen("exec ") */;
 
-        rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
-        if ((size_t)rc != plen) {
-            free(p);
-            return -1;
+            if (strncmp(session->opts.ProxyCommand, "exec ", 5) != 0) {
+                p = malloc(plen + 1 /* \0 */);
+                if (p == NULL) {
+                    return -1;
+                }
+
+                rc = snprintf(p, plen + 1, "exec %s", session->opts.ProxyCommand);
+                if ((size_t)rc != plen) {
+                    free(p);
+                    return -1;
+                }
+                tmp = ssh_path_expand_escape(session, p);
+                free(p);
+            } else {
+                tmp = ssh_path_expand_escape(session,
+                                             session->opts.ProxyCommand);
+            }
+
+            if (tmp == NULL) {
+                return -1;
+            }
+            free(session->opts.ProxyCommand);
+            session->opts.ProxyCommand = tmp;
+            session->opts.exp_flags |= SSH_OPT_EXP_FLAG_PROXYCOMMAND;
         }
+    }
 
-        tmp = ssh_path_expand_escape(session, p);
-        free(p);
-        if (tmp == NULL) {
-            return -1;
+    if ((session->opts.exp_flags & SSH_OPT_EXP_FLAG_CONTROL_PATH) == 0) {
+        if (session->opts.control_path != NULL) {
+            tmp = ssh_path_expand_escape(session, session->opts.control_path);
+            if (tmp == NULL) {
+                return -1;
+            }
+            free(session->opts.control_path);
+            session->opts.control_path = tmp;
+            session->opts.exp_flags |= SSH_OPT_EXP_FLAG_CONTROL_PATH;
         }
-        free(session->opts.ProxyCommand);
-        session->opts.ProxyCommand = tmp;
     }
 
-    for (it = ssh_list_get_iterator(session->opts.identity);
-         it != NULL;
-         it = it->next) {
-        char *id = (char *) it->data;
-        if (strncmp(id, "pkcs11:", 6) == 0) {
+    for (tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp);
+         tmp != NULL;
+         tmp = ssh_list_pop_head(char *, session->opts.identity_non_exp)) {
+        char *id = tmp;
+        if (strncmp(id, "pkcs11:", 6) != 0) {
             /* PKCS#11 URIs are using percent-encoding so we can not mix
              * it with ssh expansion of ssh escape characters.
-             * Skip these identities now, before we will have PKCS#11 support
              */
-             continue;
+            tmp = ssh_path_expand_escape(session, id);
+            if (tmp == NULL) {
+                return -1;
+            }
+            free(id);
+        }
+
+        /* use append to keep the order at first call and use prepend
+         * to put anything that comes on the nth calls to the beginning */
+        if (session->opts.exp_flags & SSH_OPT_EXP_FLAG_IDENTITY) {
+            rc = ssh_list_prepend(session->opts.identity, tmp);
+        } else {
+            rc = ssh_list_append(session->opts.identity, tmp);
         }
+        if (rc != SSH_OK) {
+            return -1;
+        }
+    }
+    session->opts.exp_flags |= SSH_OPT_EXP_FLAG_IDENTITY;
+
+    for (tmp = ssh_list_pop_head(char *, session->opts.certificate_non_exp);
+         tmp != NULL;
+         tmp = ssh_list_pop_head(char *, session->opts.certificate_non_exp)) {
+        char *id = tmp;
+
         tmp = ssh_path_expand_escape(session, id);
         if (tmp == NULL) {
             return -1;
         }
         free(id);
-        it->data = tmp;
+
+        rc = ssh_list_append(session->opts.certificate, tmp);
+        if (rc != SSH_OK) {
+            return -1;
+        }
     }
 
     return 0;
@@ -1604,26 +2047,12 @@ ssh_bind_set_key(ssh_bind sshbind, char **key_loc, const void *value)
 
 static int ssh_bind_set_algo(ssh_bind sshbind,
                              enum ssh_kex_types_e algo,
-                             const char *list)
+                             const char *list,
+                             char **place)
 {
-    char *p = NULL;
-
-    if (ssh_fips_mode()) {
-        p = ssh_keep_fips_algos(algo, list);
-    } else {
-        p = ssh_keep_known_algos(algo, list);
-    }
-    if (p == NULL) {
-        ssh_set_error(sshbind, SSH_REQUEST_DENIED,
-                      "Setting method: no algorithm for method \"%s\" (%s)",
-                      ssh_kex_get_description(algo), list);
-        return -1;
-    }
-
-    SAFE_FREE(sshbind->wanted_methods[algo]);
-    sshbind->wanted_methods[algo] = p;
-
-    return 0;
+    /* sshbind is needed only for ssh_set_error which takes void*
+     * the typecast is only to satisfy function parameter type */
+    return ssh_options_set_algo((ssh_session)sshbind, algo, list, place);
 }
 
 /**
@@ -1636,8 +2065,8 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
  *
  *                      - SSH_BIND_OPTIONS_HOSTKEY:
  *                        Set the path to an ssh host key, regardless
- *                        of type.  Only one key from each key type
- *                        (RSA, DSA, ECDSA) is allowed in an ssh_bind
+ *                        of type.  Only one key from per key type
+ *                        (RSA, ED25519 and ECDSA) is allowed in an ssh_bind
  *                        at a time, and later calls to this function
  *                        with this option for the same key type will
  *                        override prior calls (const char *).
@@ -1646,13 +2075,13 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
  *                        Set the IP address to bind (const char *).
  *
  *                      - SSH_BIND_OPTIONS_BINDPORT:
- *                        Set the port to bind (unsigned int *).
+ *                        Set the port to bind (unsigned int).
  *
  *                      - SSH_BIND_OPTIONS_BINDPORT_STR:
  *                        Set the port to bind (const char *).
  *
  *                      - SSH_BIND_OPTIONS_LOG_VERBOSITY:
- *                        Set the session logging verbosity (int *).
+ *                        Set the session logging verbosity (int).
  *                        The logging verbosity should have one of the
  *                        following values, which are listed in order
  *                        of increasing verbosity.  Every log message
@@ -1661,46 +2090,52 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
  *                        - SSH_LOG_NOLOG: No logging
  *                        - SSH_LOG_WARNING: Only warnings
  *                        - SSH_LOG_PROTOCOL: High level protocol information
- *                        - SSH_LOG_PACKET: Lower level protocol information, packet level
+ *                        - SSH_LOG_PACKET: Lower level protocol information,
+ *                          packet level
  *                        - SSH_LOG_FUNCTIONS: Every function path
+ *                        The default is SSH_LOG_NOLOG.
  *
  *                      - SSH_BIND_OPTIONS_LOG_VERBOSITY_STR:
  *                        Set the session logging verbosity via a
  *                        string that will be converted to a numerical
  *                        value (e.g. "3") and interpreted according
  *                        to the values of
- *                        SSH_BIND_OPTIONS_LOG_VERBOSITY above (const
- *                        char *).
- *
- *                      - SSH_BIND_OPTIONS_DSAKEY:
- *                        Set the path to the ssh host dsa key, SSHv2
- *                        only (const char *).
+ *                        SSH_BIND_OPTIONS_LOG_VERBOSITY above
+ *                        (const char *).
  *
  *                      - SSH_BIND_OPTIONS_RSAKEY:
- *                        Set the path to the ssh host rsa key, SSHv2
- *                        only (const char *).
+ *                        Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY
+ *                        (const char *).
  *
  *                      - SSH_BIND_OPTIONS_ECDSAKEY:
- *                        Set the path to the ssh host ecdsa key,
- *                        SSHv2 only (const char *).
+ *                        Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY
+ *                        (const char *).
  *
  *                      - SSH_BIND_OPTIONS_BANNER:
  *                        Set the server banner sent to clients (const char *).
  *
+ *                      - SSH_BIND_OPTIONS_DSAKEY:
+ *                        This is DEPRECATED, please do not use.
+ *
  *                      - SSH_BIND_OPTIONS_IMPORT_KEY:
- *                        Set the Private Key for the server directly (ssh_key)
+ *                        Set the Private Key for the server directly
+ *                        (ssh_key). It will be free'd by ssh_bind_free().
+ *
+ *                      - SSH_BIND_OPTIONS_IMPORT_KEY_STR:
+ *                        Set the Private key for the server from a
+ *                        base64 encoded buffer (const char *).
  *
  *                      - SSH_BIND_OPTIONS_CIPHERS_C_S:
- *                        Set the symmetric cipher client to server (const char *,
- *                        comma-separated list).
+ *                        Set the symmetric cipher client to server
+ *                        (const char *, comma-separated list).
  *
  *                      - SSH_BIND_OPTIONS_CIPHERS_S_C:
- *                        Set the symmetric cipher server to client (const char *,
- *                        comma-separated list).
+ *                        Set the symmetric cipher server to client
+ *                        (const char *, comma-separated list).
  *
  *                      - SSH_BIND_OPTIONS_KEY_EXCHANGE:
- *                        Set the key exchange method to be used (const char *,
- *                        comma-separated list). ex:
+ *                        Set the key exchange method to be used
+ *                        (const char *, comma-separated list). ex:
  *                        "ecdh-sha2-nistp256,diffie-hellman-group14-sha1"
  *
  *                      - SSH_BIND_OPTIONS_HMAC_C_S:
@@ -1756,110 +2191,77 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
  *                      datatype which should be used is described at the
  *                      corresponding value of type above.
  *
- * @return              0 on success, < 0 on error, invalid option, or parameter.
+ * @return              0 on success, < 0 on error, invalid option, or
+ *                      parameter.
+ *
+ * @warning             When the option value to set is represented via a
+ *                      pointer (e.g const char * in case of strings, ssh_key
+ *                      in case of a libssh key), the value parameter should be
+ *                      that pointer. Do NOT pass a pointer to a pointer (const
+ *                      char **, ssh_key *)
+ *
+ * @warning             When the option value to set is not a pointer (e.g int,
+ *                      unsigned int, bool, long), the value parameter should be
+ *                      a pointer to the location storing the value to set (int
+ *                      *, unsigned int *, bool *, long *)
+ *
+ * @warning             If the value parameter has an invalid type (e.g if its
+ *                      not a pointer when it should have been a pointer, or if
+ *                      its a pointer to a pointer when it should have just been
+ *                      a pointer), then the behaviour is undefined.
  */
-int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
-    const void *value)
+int
+ssh_bind_options_set(ssh_bind sshbind,
+                     enum ssh_bind_options_e type,
+                     const void *value)
 {
-  bool allowed;
-  char *p, *q;
-  const char *v;
-  int i, rc;
+    bool allowed;
+    char *p = NULL, *q = NULL;
+    const char *v = NULL;
+    int i, rc;
+    char **wanted_methods = sshbind->wanted_methods;
 
-  if (sshbind == NULL) {
-    return -1;
-  }
+    if (sshbind == NULL) {
+        return -1;
+    }
 
-  switch (type) {
+    switch (type) {
+    case SSH_BIND_OPTIONS_RSAKEY:
+    case SSH_BIND_OPTIONS_ECDSAKEY:
+        /* deprecated */
     case SSH_BIND_OPTIONS_HOSTKEY:
-      if (value == NULL) {
-        ssh_set_error_invalid(sshbind);
-        return -1;
-      } else {
-          int key_type;
-          ssh_key key;
-          ssh_key *bind_key_loc = NULL;
-          char **bind_key_path_loc;
-
-          rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key);
-          if (rc != SSH_OK) {
-              return -1;
-          }
-          allowed = ssh_bind_key_size_allowed(sshbind, key);
-          if (!allowed) {
-              ssh_set_error(sshbind,
-                            SSH_FATAL,
-                            "The host key size %d is too small.",
-                            ssh_key_size(key));
-              ssh_key_free(key);
-              return -1;
-          }
-
-          key_type = ssh_key_type(key);
-          switch (key_type) {
-          case SSH_KEYTYPE_DSS:
-#ifdef HAVE_DSA
-              bind_key_loc = &sshbind->dsa;
-              bind_key_path_loc = &sshbind->dsakey;
-#else
-              ssh_set_error(sshbind,
-                            SSH_FATAL,
-                            "DSS key used and libssh compiled "
-                            "without DSA support");
-#endif
-              break;
-          case SSH_KEYTYPE_ECDSA_P256:
-          case SSH_KEYTYPE_ECDSA_P384:
-          case SSH_KEYTYPE_ECDSA_P521:
-#ifdef HAVE_ECC
-              bind_key_loc = &sshbind->ecdsa;
-              bind_key_path_loc = &sshbind->ecdsakey;
-#else
-              ssh_set_error(sshbind,
-                            SSH_FATAL,
-                            "ECDSA key used and libssh compiled "
-                            "without ECDSA support");
-#endif
-              break;
-          case SSH_KEYTYPE_RSA:
-              bind_key_loc = &sshbind->rsa;
-              bind_key_path_loc = &sshbind->rsakey;
-              break;
-          case SSH_KEYTYPE_ED25519:
-              bind_key_loc = &sshbind->ed25519;
-              bind_key_path_loc = &sshbind->ed25519key;
-              break;
-          default:
-              ssh_set_error(sshbind,
-                            SSH_FATAL,
-                            "Unsupported key type %d", key_type);
-          }
-
-          if (bind_key_loc == NULL) {
-              ssh_key_free(key);
-              return -1;
-          }
-
-          /* Set the location of the key on disk even though we don't
-             need it in case some other function wants it */
-          rc = ssh_bind_set_key(sshbind, bind_key_path_loc, value);
-          if (rc < 0) {
-              ssh_key_free(key);
-              return -1;
-          }
-          ssh_key_free(*bind_key_loc);
-          *bind_key_loc = key;
-      }
-      break;
     case SSH_BIND_OPTIONS_IMPORT_KEY:
+    case SSH_BIND_OPTIONS_IMPORT_KEY_STR:
         if (value == NULL) {
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
             int key_type;
             ssh_key *bind_key_loc = NULL;
-            ssh_key key = (ssh_key)value;
-
+            ssh_key key = NULL;
+            char **bind_key_path_loc = NULL;
+
+            if (type == SSH_BIND_OPTIONS_IMPORT_KEY_STR) {
+                const char *key_str = (const char *)value;
+                rc = ssh_pki_import_privkey_base64(key_str,
+                                                   NULL,
+                                                   NULL,
+                                                   NULL,
+                                                   &key);
+                if (rc == SSH_ERROR) {
+                    ssh_set_error(sshbind,
+                                  SSH_FATAL,
+                                  "Failed to import key from buffer");
+                    return -1;
+                }
+            } else if (type == SSH_BIND_OPTIONS_IMPORT_KEY) {
+                key = (ssh_key)value;
+            } else {
+                rc = ssh_pki_import_privkey_file(value, NULL, NULL, NULL, &key);
+                if (rc != SSH_OK) {
+                    return -1;
+                }
+            }
             allowed = ssh_bind_key_size_allowed(sshbind, key);
             if (!allowed) {
                 ssh_set_error(sshbind,
@@ -1868,154 +2270,155 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
                               ssh_key_size(key));
                 return -1;
             }
-
             key_type = ssh_key_type(key);
             switch (key_type) {
-                case SSH_KEYTYPE_DSS:
-#ifdef HAVE_DSA
-                    bind_key_loc = &sshbind->dsa;
-#else
-                    ssh_set_error(sshbind,
-                                  SSH_FATAL,
-                                  "DSA key used and libssh compiled "
-                                  "without DSA support");
-#endif
-                    break;
-                case SSH_KEYTYPE_ECDSA_P256:
-                case SSH_KEYTYPE_ECDSA_P384:
-                case SSH_KEYTYPE_ECDSA_P521:
+            case SSH_KEYTYPE_ECDSA_P256:
+            case SSH_KEYTYPE_ECDSA_P384:
+            case SSH_KEYTYPE_ECDSA_P521:
 #ifdef HAVE_ECC
-                    bind_key_loc = &sshbind->ecdsa;
+                bind_key_loc = &sshbind->ecdsa;
+                bind_key_path_loc = &sshbind->ecdsakey;
 #else
-                    ssh_set_error(sshbind,
-                                  SSH_FATAL,
-                                  "ECDSA key used and libssh compiled "
-                                  "without ECDSA support");
+                ssh_set_error(sshbind,
+                              SSH_FATAL,
+                              "ECDSA key used and libssh compiled "
+                              "without ECDSA support");
 #endif
-                    break;
-                case SSH_KEYTYPE_RSA:
-                    bind_key_loc = &sshbind->rsa;
-                    break;
-                case SSH_KEYTYPE_ED25519:
-                    bind_key_loc = &sshbind->ed25519;
-                    break;
-                default:
-                    ssh_set_error(sshbind,
-                                  SSH_FATAL,
-                                  "Unsupported key type %d", key_type);
+                break;
+            case SSH_KEYTYPE_RSA:
+                bind_key_loc = &sshbind->rsa;
+                bind_key_path_loc = &sshbind->rsakey;
+                break;
+            case SSH_KEYTYPE_ED25519:
+                bind_key_loc = &sshbind->ed25519;
+                bind_key_path_loc = &sshbind->ed25519key;
+                break;
+            default:
+                ssh_set_error(sshbind,
+                              SSH_FATAL,
+                              "Unsupported key type %d",
+                              key_type);
+            }
+            if (type == SSH_BIND_OPTIONS_RSAKEY ||
+                type == SSH_BIND_OPTIONS_ECDSAKEY ||
+                type == SSH_BIND_OPTIONS_HOSTKEY) {
+                if (bind_key_loc == NULL) {
+                    ssh_key_free(key);
+                    return -1;
+                }
+                /* Set the location of the key on disk even though we don't
+                   need it in case some other function wants it */
+                rc = ssh_bind_set_key(sshbind, bind_key_path_loc, value);
+                if (rc < 0) {
+                    ssh_key_free(key);
+                    return -1;
+                }
+            } else {
+                if (bind_key_loc == NULL) {
+                    return -1;
+                }
             }
-            if (bind_key_loc == NULL)
-                return -1;
             ssh_key_free(*bind_key_loc);
             *bind_key_loc = key;
         }
         break;
     case SSH_BIND_OPTIONS_BINDADDR:
-      if (value == NULL) {
-        ssh_set_error_invalid(sshbind);
-        return -1;
-      } else {
-        SAFE_FREE(sshbind->bindaddr);
-        sshbind->bindaddr = strdup(value);
-        if (sshbind->bindaddr == NULL) {
-          ssh_set_error_oom(sshbind);
-          return -1;
+        if (value == NULL) {
+            ssh_set_error_invalid(sshbind);
+            return -1;
+        } else {
+            SAFE_FREE(sshbind->bindaddr);
+            sshbind->bindaddr = strdup(value);
+            if (sshbind->bindaddr == NULL) {
+                ssh_set_error_oom(sshbind);
+                return -1;
+            }
         }
-      }
-      break;
+        break;
     case SSH_BIND_OPTIONS_BINDPORT:
-      if (value == NULL) {
-        ssh_set_error_invalid(sshbind);
-        return -1;
-      } else {
-        int *x = (int *) value;
-        sshbind->bindport = *x & 0xffffU;
-      }
-      break;
-    case SSH_BIND_OPTIONS_BINDPORT_STR:
-      if (value == NULL) {
-        sshbind->bindport = 22 & 0xffffU;
-      } else {
-        q = strdup(value);
-        if (q == NULL) {
-          ssh_set_error_oom(sshbind);
-          return -1;
-        }
-        i = strtol(q, &p, 10);
-        if (q == p) {
-          SAFE_FREE(q);
-        }
-        SAFE_FREE(q);
-
-        sshbind->bindport = i & 0xffffU;
-      }
-      break;
-    case SSH_BIND_OPTIONS_LOG_VERBOSITY:
-      if (value == NULL) {
-        ssh_set_error_invalid(sshbind);
-        return -1;
-      } else {
-        int *x = (int *) value;
-        ssh_set_log_level(*x & 0xffffU);
-      }
-      break;
-    case SSH_BIND_OPTIONS_LOG_VERBOSITY_STR:
-      if (value == NULL) {
-      	ssh_set_log_level(0);
-      } else {
-        q = strdup(value);
-        if (q == NULL) {
-          ssh_set_error_oom(sshbind);
-          return -1;
-        }
-        i = strtol(q, &p, 10);
-        if (q == p) {
-          SAFE_FREE(q);
+        if (value == NULL) {
+            ssh_set_error_invalid(sshbind);
+            return -1;
+        } else {
+            int *x = (int *)value;
+            sshbind->bindport = *x & 0xffffU;
         }
-        SAFE_FREE(q);
+        break;
+    case SSH_BIND_OPTIONS_BINDPORT_STR:
+        if (value == NULL) {
+            sshbind->bindport = 22 & 0xffffU;
+        } else {
+            q = strdup(value);
+            if (q == NULL) {
+                ssh_set_error_oom(sshbind);
+                return -1;
+            }
+            i = strtol(q, &p, 10);
+            if (q == p) {
+                SSH_LOG(SSH_LOG_DEBUG, "No bind port was parsed");
+                SAFE_FREE(q);
+                return -1;
+            }
+            SAFE_FREE(q);
 
-        ssh_set_log_level(i & 0xffffU);
-      }
-      break;
-    case SSH_BIND_OPTIONS_DSAKEY:
-        rc = ssh_bind_set_key(sshbind, &sshbind->dsakey, value);
-        if (rc < 0) {
-            return -1;
+            sshbind->bindport = i & 0xffffU;
         }
         break;
-    case SSH_BIND_OPTIONS_RSAKEY:
-        rc = ssh_bind_set_key(sshbind, &sshbind->rsakey, value);
-        if (rc < 0) {
+    case SSH_BIND_OPTIONS_LOG_VERBOSITY:
+        if (value == NULL) {
+            ssh_set_error_invalid(sshbind);
             return -1;
+        } else {
+            int *x = (int *)value;
+            ssh_set_log_level(*x & 0xffffU);
         }
         break;
-    case SSH_BIND_OPTIONS_ECDSAKEY:
-        rc = ssh_bind_set_key(sshbind, &sshbind->ecdsakey, value);
-        if (rc < 0) {
-            return -1;
+    case SSH_BIND_OPTIONS_LOG_VERBOSITY_STR:
+        if (value == NULL) {
+            ssh_set_log_level(0);
+        } else {
+            q = strdup(value);
+            if (q == NULL) {
+                ssh_set_error_oom(sshbind);
+                return -1;
+            }
+            i = strtol(q, &p, 10);
+            if (q == p) {
+                SSH_LOG(SSH_LOG_DEBUG, "No log verbositiy was parsed");
+                SAFE_FREE(q);
+                return -1;
+            }
+            SAFE_FREE(q);
+
+            ssh_set_log_level(i & 0xffffU);
         }
         break;
     case SSH_BIND_OPTIONS_BANNER:
-      if (value == NULL) {
-        ssh_set_error_invalid(sshbind);
-        return -1;
-      } else {
-        SAFE_FREE(sshbind->banner);
-        sshbind->banner = strdup(value);
-        if (sshbind->banner == NULL) {
-          ssh_set_error_oom(sshbind);
-          return -1;
+        if (value == NULL) {
+            ssh_set_error_invalid(sshbind);
+            return -1;
+        } else {
+            SAFE_FREE(sshbind->banner);
+            sshbind->banner = strdup(value);
+            if (sshbind->banner == NULL) {
+                ssh_set_error_oom(sshbind);
+                return -1;
+            }
         }
-      }
-      break;
+        break;
     case SSH_BIND_OPTIONS_CIPHERS_C_S:
         v = value;
         if (v == NULL || v[0] == '\0') {
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            if (ssh_bind_set_algo(sshbind, SSH_CRYPT_C_S, v) < 0)
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_CRYPT_C_S,
+                                   v,
+                                   &wanted_methods[SSH_CRYPT_C_S]);
+            if (rc < 0) {
                 return -1;
+            }
         }
         break;
     case SSH_BIND_OPTIONS_CIPHERS_S_C:
@@ -2024,8 +2427,13 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            if (ssh_bind_set_algo(sshbind, SSH_CRYPT_S_C, v) < 0)
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_CRYPT_S_C,
+                                   v,
+                                   &wanted_methods[SSH_CRYPT_S_C]);
+            if (rc < 0) {
                 return -1;
+            }
         }
         break;
     case SSH_BIND_OPTIONS_KEY_EXCHANGE:
@@ -2034,7 +2442,10 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            rc = ssh_bind_set_algo(sshbind, SSH_KEX, v);
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_KEX,
+                                   v,
+                                   &wanted_methods[SSH_KEX]);
             if (rc < 0) {
                 return -1;
             }
@@ -2046,18 +2457,28 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            if (ssh_bind_set_algo(sshbind, SSH_MAC_C_S, v) < 0)
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_MAC_C_S,
+                                   v,
+                                   &wanted_methods[SSH_MAC_C_S]);
+            if (rc < 0) {
                 return -1;
+            }
         }
         break;
-     case SSH_BIND_OPTIONS_HMAC_S_C:
+    case SSH_BIND_OPTIONS_HMAC_S_C:
         v = value;
         if (v == NULL || v[0] == '\0') {
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            if (ssh_bind_set_algo(sshbind, SSH_MAC_S_C, v) < 0)
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_MAC_S_C,
+                                   v,
+                                   &wanted_methods[SSH_MAC_S_C]);
+            if (rc < 0) {
                 return -1;
+            }
         }
         break;
     case SSH_BIND_OPTIONS_CONFIG_DIR:
@@ -2082,20 +2503,13 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            if (ssh_fips_mode()) {
-                p = ssh_keep_fips_algos(SSH_HOSTKEYS, v);
-            } else {
-                p = ssh_keep_known_algos(SSH_HOSTKEYS, v);
-            }
-            if (p == NULL) {
-                ssh_set_error(sshbind, SSH_REQUEST_DENIED,
-                    "Setting method: no known public key algorithm (%s)",
-                     v);
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_HOSTKEYS,
+                                   v,
+                                   &sshbind->pubkey_accepted_key_types);
+            if (rc < 0) {
                 return -1;
             }
-
-            SAFE_FREE(sshbind->pubkey_accepted_key_types);
-            sshbind->pubkey_accepted_key_types = p;
         }
         break;
     case SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS:
@@ -2104,7 +2518,10 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             ssh_set_error_invalid(sshbind);
             return -1;
         } else {
-            rc = ssh_bind_set_algo(sshbind, SSH_HOSTKEYS, v);
+            rc = ssh_bind_set_algo(sshbind,
+                                   SSH_HOSTKEYS,
+                                   v,
+                                   &wanted_methods[SSH_HOSTKEYS]);
             if (rc < 0) {
                 return -1;
             }
@@ -2138,22 +2555,35 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
             return -1;
         } else {
             int *x = (int *)value;
+
+            if (*x < 0) {
+                ssh_set_error_invalid(sshbind);
+                return -1;
+            }
+
+            /* (*x == 0) is allowed as it is used to revert to default */
+
             if (*x > 0 && *x < 768) {
-                ssh_set_error(sshbind, SSH_REQUEST_DENIED,
-                              "The provided value (%u) for minimal RSA key "
-                              "size is too small. Use at least 768 bits.", *x);
+                ssh_set_error(sshbind,
+                              SSH_REQUEST_DENIED,
+                              "The provided value (%d) for minimal RSA key "
+                              "size is too small. Use at least 768 bits.",
+                              *x);
                 return -1;
             }
             sshbind->rsa_min_size = *x;
         }
         break;
     default:
-      ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
-      return -1;
-    break;
-  }
+        ssh_set_error(sshbind,
+                      SSH_REQUEST_DENIED,
+                      "Unknown ssh option %d",
+                      type);
+        return -1;
+        break;
+    }
 
-  return 0;
+    return 0;
 }
 
 static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
@@ -2161,7 +2591,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
     char *buf = NULL;
     char *r = NULL;
     char *x = NULL;
-    const char *p;
+    const char *p = NULL;
     size_t i, l;
 
     r = ssh_path_expand_tilde(s);
@@ -2267,7 +2697,7 @@ static char *ssh_bind_options_expand_escape(ssh_bind sshbind, const char *s)
 int ssh_bind_options_parse_config(ssh_bind sshbind, const char *filename)
 {
     int rc = 0;
-    char *expanded_filename;
+    char *expanded_filename = NULL;
 
     if (sshbind == NULL) {
         return -1;
diff --git a/libssh/src/packet.c b/libssh/src/packet.c
index e01351aa..f54b3158 100644
--- a/libssh/src/packet.c
+++ b/libssh/src/packet.c
@@ -52,9 +52,9 @@
 
 static ssh_packet_callback default_packet_handlers[]= {
   ssh_packet_disconnect_callback,          // SSH2_MSG_DISCONNECT                 1
-  ssh_packet_ignore_callback,              // SSH2_MSG_IGNORE	                    2
+  ssh_packet_ignore_callback,              // SSH2_MSG_IGNORE                     2
   ssh_packet_unimplemented,                // SSH2_MSG_UNIMPLEMENTED              3
-  ssh_packet_ignore_callback,              // SSH2_MSG_DEBUG	                    4
+  ssh_packet_debug_callback,               // SSH2_MSG_DEBUG                      4
 #if WITH_SERVER
   ssh_packet_service_request,              // SSH2_MSG_SERVICE_REQUEST	          5
 #else
@@ -294,6 +294,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
          *   or session_state == SSH_SESSION_STATE_INITIAL_KEX
          * - dh_handshake_state == DH_STATE_INIT
          *   or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
+         *   or dh_handshake_state == DH_STATE_REQUEST_SENT (dh-gex)
          *   or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
          *
          * Transitions:
@@ -313,6 +314,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
 
         if ((session->dh_handshake_state != DH_STATE_INIT) &&
             (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
+            (session->dh_handshake_state != DH_STATE_REQUEST_SENT) &&
             (session->dh_handshake_state != DH_STATE_FINISHED))
         {
             rc = SSH_PACKET_DENIED;
@@ -366,6 +368,11 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
          * - session->dh_handshake_state = DH_STATE_NEWKEYS_SENT
          * */
 
+        if (session->client) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
         if (session->session_state != SSH_SESSION_STATE_DH) {
             rc = SSH_PACKET_DENIED;
             break;
@@ -384,6 +391,8 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
       // SSH2_MSG_ECMQV_REPLY:                        // 31
       // SSH2_MSG_KEX_DH_GEX_GROUP:                   // 31
 
+        /* Client only */
+
         /*
          * States required:
          * - session_state == SSH_SESSION_STATE_DH
@@ -394,6 +403,11 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
          * - session->dh_handshake_state = DH_STATE_NEWKEYS_SENT
          * */
 
+        if (session->server) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
         if (session->session_state != SSH_SESSION_STATE_DH) {
             rc = SSH_PACKET_DENIED;
             break;
@@ -408,15 +422,98 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
         rc = SSH_PACKET_ALLOWED;
         break;
     case SSH2_MSG_KEX_DH_GEX_INIT:                    // 32
-        /* TODO Not filtered */
+        /* Server only */
+
+        /*
+         * States required:
+         * - session_state == SSH_SESSION_STATE_DH
+         * - dh_handshake_state == DH_STATE_GROUP_SENT
+         *
+         * Transitions:
+         * - session->dh_handshake_state = DH_STATE_GROUP_SENT
+         * then calls ssh_packet_server_dhgex_init which triggers:
+         * - session->dh_handshake_state = DH_STATE_NEWKEYS_SENT
+         * */
+
+        if (session->client) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
+        if (session->session_state != SSH_SESSION_STATE_DH) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
+        /* Only allowed if dh_handshake_state is in initial state */
+        if (session->dh_handshake_state != DH_STATE_GROUP_SENT) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
         rc = SSH_PACKET_ALLOWED;
         break;
     case SSH2_MSG_KEX_DH_GEX_REPLY:                   // 33
-        /* TODO Not filtered */
+
+        /* Client only */
+
+        /*
+         * States required:
+         * - session_state == SSH_SESSION_STATE_DH
+         * - dh_handshake_state == DH_STATE_INIT_SENT
+         *
+         * Transitions:
+         * - session->dh_handshake_state = DH_STATE_NEWKEYS_SENT
+         * */
+
+        if (session->server) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
+        if (session->session_state != SSH_SESSION_STATE_DH) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
+        if (session->dh_handshake_state != DH_STATE_INIT_SENT) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
         rc = SSH_PACKET_ALLOWED;
         break;
     case SSH2_MSG_KEX_DH_GEX_REQUEST:                 // 34
-        /* TODO Not filtered */
+
+        /* Server only */
+
+        /*
+         * States required:
+         * - session_state == SSH_SESSION_STATE_DH
+         * - dh_handshake_state == DH_STATE_INIT
+         *
+         * Transitions:
+         * - session->dh_handshake_state = DH_STATE_INIT_SENT
+         * then calls ssh_packet_server_dhgex_request which triggers:
+         * - session->dh_handshake_state = DH_STATE_GROUP_SENT
+         * */
+
+        if (session->client) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
+        if (session->session_state != SSH_SESSION_STATE_DH) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
+        /* Only allowed if dh_handshake_state is in initial state */
+        if (session->dh_handshake_state != DH_STATE_INIT) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
         rc = SSH_PACKET_ALLOWED;
         break;
     case SSH2_MSG_USERAUTH_REQUEST:                   // 50
@@ -1052,9 +1149,11 @@ static bool ssh_packet_need_rekey(ssh_session session,
  * @param user pointer to current ssh_session
  * @param data pointer to the data received
  * @len length of data received. It might not be enough for a complete packet
- * @returns number of bytes read and processed.
+ * @returns number of bytes read and processed. Zero means only partial packet
+ * received and negative value means error.
  */
-size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+size_t
+ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
 {
     ssh_session session = (ssh_session)user;
     uint32_t blocksize = 8;
@@ -1066,7 +1165,7 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
     uint8_t *cleartext_packet = NULL;
     uint8_t *packet_second_block = NULL;
     uint8_t *mac = NULL;
-    size_t packet_remaining;
+    size_t packet_remaining, packet_offset;
     uint32_t packet_len, compsize, payloadsize;
     uint8_t padding;
     size_t processed = 0; /* number of bytes processed from the callback */
@@ -1112,7 +1211,7 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
                     session->packet_state == PACKET_STATE_PROCESSING ?
                     "PROCESSING" : "unknown");
 #endif
-    switch(session->packet_state) {
+    switch (session->packet_state) {
         case PACKET_STATE_INIT:
             if (receivedlen < lenfield_blocksize + etm_packet_offset) {
                 /*
@@ -1145,11 +1244,13 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
             }
 
             if (!etm) {
-                ptr = ssh_buffer_allocate(session->in_buffer, lenfield_blocksize);
+                ptr = ssh_buffer_allocate(session->in_buffer,
+                                          lenfield_blocksize);
                 if (ptr == NULL) {
                     goto error;
                 }
-                packet_len = ssh_packet_decrypt_len(session, ptr, (uint8_t *)data);
+                packet_len = ssh_packet_decrypt_len(session, ptr,
+                                                    (uint8_t *)data);
                 to_be_read = packet_len - lenfield_blocksize + sizeof(uint32_t);
             } else {
                 /* Length is unencrypted in case of Encrypt-then-MAC */
@@ -1161,7 +1262,7 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
             if (packet_len > MAX_PACKET_LEN) {
                 ssh_set_error(session,
                               SSH_FATAL,
-                              "read_packet(): Packet len too high(%u %.4x)",
+                              "read_packet(): Packet len too high(%" PRIu32 " %.4" PRIx32 ")",
                               packet_len, packet_len);
                 goto error;
             }
@@ -1179,28 +1280,27 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
             FALL_THROUGH;
         case PACKET_STATE_SIZEREAD:
             packet_len = session->in_packet.len;
-            processed = lenfield_blocksize + etm_packet_offset;
+            packet_offset = processed = lenfield_blocksize + etm_packet_offset;
             to_be_read = packet_len + sizeof(uint32_t) + current_macsize;
             /* if to_be_read is zero, the whole packet was blocksize bytes. */
             if (to_be_read != 0) {
-                if (receivedlen  < (unsigned long)to_be_read) {
+                if (receivedlen < (unsigned long)to_be_read) {
                     /* give up, not enough data in buffer */
                     SSH_LOG(SSH_LOG_PACKET,
                             "packet: partial packet (read len) "
-                            "[len=%d, receivedlen=%d, to_be_read=%ld]",
+                            "[len=%" PRIu32 ", receivedlen=%zu, to_be_read=%ld]",
                             packet_len,
-                            (int)receivedlen,
+                            receivedlen,
                             to_be_read);
                     return 0;
                 }
 
-                packet_second_block = (uint8_t*)data + lenfield_blocksize + etm_packet_offset;
+                packet_second_block = (uint8_t*)data + packet_offset;
                 processed = to_be_read - current_macsize;
             }
 
             /* remaining encrypted bytes from the packet, MAC not included */
-            packet_remaining =
-                packet_len - (lenfield_blocksize - sizeof(uint32_t) + etm_packet_offset);
+            packet_remaining = packet_len - (packet_offset - sizeof(uint32_t));
             cleartext_packet = ssh_buffer_allocate(session->in_buffer,
                                                    packet_remaining);
             if (cleartext_packet == NULL) {
@@ -1223,16 +1323,16 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
                         }
                     }
                     /*
-                     * Decrypt the packet. In case of EtM mode, the length is already
-                     * known as it's unencrypted. In the other case, lenfield_blocksize bytes
-                     * already have been decrypted.
+                     * Decrypt the packet. In case of EtM mode, the length is
+                     * already known as it's unencrypted. In the other case,
+                     * lenfield_blocksize bytes already have been decrypted.
                      */
                     if (packet_remaining > 0) {
                         rc = ssh_packet_decrypt(session,
                                                 cleartext_packet,
                                                 (uint8_t *)data,
-                                                lenfield_blocksize + etm_packet_offset,
-                                                processed - (lenfield_blocksize + etm_packet_offset));
+                                                packet_offset,
+                                                processed - packet_offset);
                         if (rc < 0) {
                             ssh_set_error(session,
                                           SSH_FATAL,
@@ -1242,9 +1342,10 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
                     }
 
                     if (crypto->in_hmac != SSH_HMAC_NONE && !etm) {
+                        ssh_buffer in = session->in_buffer;
                         rc = ssh_packet_hmac_verify(session,
-                                                    ssh_buffer_get(session->in_buffer),
-                                                    ssh_buffer_get_len(session->in_buffer),
+                                                    ssh_buffer_get(in),
+                                                    ssh_buffer_get_len(in),
                                                     mac,
                                                     crypto->in_hmac);
                         if (rc < 0) {
@@ -1286,7 +1387,7 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
             if (padding > ssh_buffer_get_len(session->in_buffer)) {
                 ssh_set_error(session,
                               SSH_FATAL,
-                              "Invalid padding: %d (%d left)",
+                              "Invalid padding: %d (%" PRIu32 " left)",
                               padding,
                               ssh_buffer_get_len(session->in_buffer));
                 goto error;
@@ -1294,16 +1395,28 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
             ssh_buffer_pass_bytes_end(session->in_buffer, padding);
             compsize = ssh_buffer_get_len(session->in_buffer);
 
-#ifdef WITH_ZLIB
-            if (crypto && crypto->do_compress_in
-                && ssh_buffer_get_len(session->in_buffer) > 0) {
-                rc = decompress_buffer(session, session->in_buffer,MAX_PACKET_LEN);
+            if (crypto && crypto->do_compress_in &&
+                ssh_buffer_get_len(session->in_buffer) > 0) {
+                rc = decompress_buffer(session, session->in_buffer,
+                                       MAX_PACKET_LEN);
                 if (rc < 0) {
                     goto error;
                 }
             }
-#endif /* WITH_ZLIB */
             payloadsize = ssh_buffer_get_len(session->in_buffer);
+            if (session->recv_seq == UINT32_MAX) {
+                /* Overflowing sequence numbers is always fishy */
+                if (crypto == NULL) {
+                    /* don't allow sequence number overflow when unencrypted */
+                    ssh_set_error(session,
+                                  SSH_FATAL,
+                                  "Incoming sequence number overflow");
+                    goto error;
+                } else {
+                    SSH_LOG(SSH_LOG_WARNING,
+                            "Incoming sequence number overflow");
+                }
+            }
             session->recv_seq++;
             if (crypto != NULL) {
                 struct ssh_cipher_struct *cipher = NULL;
@@ -1324,13 +1437,27 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
             session->packet_state = PACKET_STATE_PROCESSING;
             ssh_packet_parse_type(session);
             SSH_LOG(SSH_LOG_PACKET,
-                    "packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
-                    session->in_packet.type, packet_len, padding, compsize, payloadsize);
+                    "packet: read type %hhd [len=%" PRIu32 ",padding=%hhd,"
+                    "comp=%" PRIu32 ",payload=%" PRIu32 "]",
+                    session->in_packet.type, packet_len, padding, compsize,
+                    payloadsize);
+            if (crypto == NULL) {
+                /* In strict kex, only a few packets are allowed. Taint the session
+                 * if we received packets that are normally allowed but to be
+                 * refused if we are in strict kex when KEX is over.
+                 */
+                uint8_t type = session->in_packet.type;
 
+                if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
+                    (type < SSH2_MSG_KEXDH_INIT ||
+                     type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
+                    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+                }
+            }
             /* Check if the packet is expected */
             filter_result = ssh_packet_incoming_filter(session);
 
-            switch(filter_result) {
+            switch (filter_result) {
             case SSH_PACKET_ALLOWED:
                 /* Execute callbacks */
                 ssh_packet_process(session, session->in_packet.type);
@@ -1342,6 +1469,9 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
                               session->in_packet.type);
                 goto error;
             case SSH_PACKET_UNKNOWN:
+                if (crypto == NULL) {
+                    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+                }
                 ssh_packet_send_unimplemented(session, session->recv_seq - 1);
                 break;
             }
@@ -1355,7 +1485,8 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
 
                 ptr = ((uint8_t*)data) + processed;
 
-                rc = ssh_packet_socket_callback(ptr, receivedlen - processed,user);
+                rc = ssh_packet_socket_callback(ptr, receivedlen - processed,
+                                                user);
                 processed += rc;
             }
 
@@ -1381,16 +1512,16 @@ size_t ssh_packet_socket_callback(const void *data, size_t receivedlen, void *us
                   session->packet_state);
 
 error:
-    session->session_state= SSH_SESSION_STATE_ERROR;
-    SSH_LOG(SSH_LOG_PACKET,"Packet: processed %zu bytes", processed);
+    session->session_state = SSH_SESSION_STATE_ERROR;
+    SSH_LOG(SSH_LOG_PACKET, "Packet: processed %zu bytes", processed);
     return processed;
 }
 
 static void ssh_packet_socket_controlflow_callback(int code, void *userdata)
 {
     ssh_session session = userdata;
-    struct ssh_iterator *it;
-    ssh_channel channel;
+    struct ssh_iterator *it = NULL;
+    ssh_channel channel = NULL;
 
     if (code == SSH_SOCKET_FLOW_WRITEWONTBLOCK) {
         SSH_LOG(SSH_LOG_TRACE, "sending channel_write_wontblock callback");
@@ -1410,18 +1541,23 @@ static void ssh_packet_socket_controlflow_callback(int code, void *userdata)
     }
 }
 
-void ssh_packet_register_socket_callback(ssh_session session, ssh_socket s){
-	session->socket_callbacks.data=ssh_packet_socket_callback;
-	session->socket_callbacks.connected=NULL;
-    session->socket_callbacks.controlflow = ssh_packet_socket_controlflow_callback;
-	session->socket_callbacks.userdata=session;
-	ssh_socket_set_callbacks(s,&session->socket_callbacks);
+void ssh_packet_register_socket_callback(ssh_session session, ssh_socket s)
+{
+    struct ssh_socket_callbacks_struct *callbacks = &session->socket_callbacks;
+
+    callbacks->data = ssh_packet_socket_callback;
+    callbacks->connected = NULL;
+    callbacks->controlflow = ssh_packet_socket_controlflow_callback;
+    callbacks->userdata = session;
+    ssh_socket_set_callbacks(s, callbacks);
 }
 
 /** @internal
  * @brief sets the callbacks for the packet layer
  */
-void ssh_packet_set_callbacks(ssh_session session, ssh_packet_callbacks callbacks){
+void
+ssh_packet_set_callbacks(ssh_session session, ssh_packet_callbacks callbacks)
+{
     if (session->packet_callbacks == NULL) {
         session->packet_callbacks = ssh_list_new();
         if (session->packet_callbacks == NULL) {
@@ -1435,8 +1571,11 @@ void ssh_packet_set_callbacks(ssh_session session, ssh_packet_callbacks callback
 /** @internal
  * @brief remove the callbacks from the packet layer
  */
-void ssh_packet_remove_callbacks(ssh_session session, ssh_packet_callbacks callbacks){
+void
+ssh_packet_remove_callbacks(ssh_session session, ssh_packet_callbacks callbacks)
+{
     struct ssh_iterator *it = NULL;
+
     it = ssh_list_find(session->packet_callbacks, callbacks);
     if (it != NULL) {
         ssh_list_remove(session->packet_callbacks, it);
@@ -1446,12 +1585,15 @@ void ssh_packet_remove_callbacks(ssh_session session, ssh_packet_callbacks callb
 /** @internal
  * @brief sets the default packet handlers
  */
-void ssh_packet_set_default_callbacks(ssh_session session){
-	session->default_packet_callbacks.start=1;
-	session->default_packet_callbacks.n_callbacks=sizeof(default_packet_handlers)/sizeof(ssh_packet_callback);
-	session->default_packet_callbacks.user=session;
-	session->default_packet_callbacks.callbacks=default_packet_handlers;
-	ssh_packet_set_callbacks(session, &session->default_packet_callbacks);
+void ssh_packet_set_default_callbacks(ssh_session session)
+{
+    struct ssh_packet_callbacks_struct *c = &session->default_packet_callbacks;
+
+    c->start = 1;
+    c->n_callbacks = sizeof(default_packet_handlers) / sizeof(ssh_packet_callback);
+    c->user = session;
+    c->callbacks = default_packet_handlers;
+    ssh_packet_set_callbacks(session, c);
 }
 
 /** @internal
@@ -1505,9 +1647,35 @@ void ssh_packet_process(ssh_session session, uint8_t type)
             SSH_LOG(SSH_LOG_RARE, "Failed to send unimplemented: %s",
                     ssh_get_error(session));
         }
+        if (session->current_crypto == NULL) {
+            session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
+        }
     }
 }
 
+/** @internal
+ * @brief sends a SSH_MSG_NEWKEYS when enabling the new negotiated ciphers
+ * @param session the SSH session
+ * @return SSH_ERROR on error, else SSH_OK
+ */
+int ssh_packet_send_newkeys(ssh_session session)
+{
+    int rc;
+
+    /* Send the MSG_NEWKEYS */
+    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+    if (rc < 0) {
+        return rc;
+    }
+
+    rc = ssh_packet_send(session);
+    if (rc == SSH_ERROR) {
+        return rc;
+    }
+    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
+    return rc;
+}
+
 /** @internal
  * @brief sends a SSH_MSG_UNIMPLEMENTED answer to an unhandled packet
  * @param session the SSH session
@@ -1543,12 +1711,12 @@ SSH_PACKET_CALLBACK(ssh_packet_unimplemented){
 
     rc = ssh_buffer_unpack(packet, "d", &seq);
     if (rc != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARNING,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Could not unpack SSH_MSG_UNIMPLEMENTED packet");
     }
 
     SSH_LOG(SSH_LOG_RARE,
-            "Received SSH_MSG_UNIMPLEMENTED (sequence number %d)",seq);
+            "Received SSH_MSG_UNIMPLEMENTED (sequence number %" PRIu32 ")",seq);
 
     return SSH_PACKET_USED;
 }
@@ -1626,7 +1794,6 @@ static int packet_send2(ssh_session session)
         lenfield_blocksize = 0;
     }
 
-#ifdef WITH_ZLIB
     if (crypto != NULL && crypto->do_compress_out &&
         ssh_buffer_get_len(session->out_buffer) > 0) {
         rc = compress_buffer(session,session->out_buffer);
@@ -1635,7 +1802,6 @@ static int packet_send2(ssh_session session)
         }
         currentlen = ssh_buffer_get_len(session->out_buffer);
     }
-#endif /* WITH_ZLIB */
     compsize = currentlen;
     /* compressed payload + packet len (4) + padding_size len (1) */
     /* totallen - lenfield_blocksize - etm_packet_offset must be equal to 0 (mod blocksize) */
@@ -1714,8 +1880,8 @@ static int packet_send2(ssh_session session)
     }
 
     SSH_LOG(SSH_LOG_PACKET,
-            "packet: wrote [type=%u, len=%u, padding_size=%hhd, comp=%u, "
-            "payload=%u]",
+            "packet: wrote [type=%u, len=%" PRIu32 ", padding_size=%hhd, comp=%" PRIu32 ", "
+            "payload=%" PRIu32 "]",
             type,
             finallen,
             padding_size,
@@ -1755,10 +1921,12 @@ static bool
 ssh_packet_in_rekey(ssh_session session)
 {
     /* We know we are rekeying if we are authenticated and the DH
-     * status is not finished
+     * status is not finished, but we only queue packets until we've
+     * sent our NEWKEYS.
      */
     return (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) &&
-           (session->dh_handshake_state != DH_STATE_FINISHED);
+           (session->dh_handshake_state != DH_STATE_FINISHED) &&
+           (session->dh_handshake_state != DH_STATE_NEWKEYS_SENT);
 }
 
 int ssh_packet_send(ssh_session session)
@@ -1799,7 +1967,7 @@ int ssh_packet_send(ssh_session session)
 
         if (need_rekey) {
             /* Send the KEXINIT packet instead.
-             * This recursivelly calls the packet_send(), but it should
+             * This recursively calls the packet_send(), but it should
              * not get into rekeying again.
              * After that we need to handle the key exchange responses
              * up to the point where we can send the rest of the queue.
@@ -1814,8 +1982,12 @@ int ssh_packet_send(ssh_session session)
 
     /* We finished the key exchange so we can try to send our queue now */
     if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
-        struct ssh_iterator *it;
+        struct ssh_iterator *it = NULL;
 
+        if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
+            /* reset packet sequence number when running in strict kex mode */
+            session->send_seq = 0;
+        }
         for (it = ssh_list_get_iterator(session->out_queue);
              it != NULL;
              it = ssh_list_get_iterator(session->out_queue)) {
@@ -1867,7 +2039,7 @@ ssh_init_rekey_state(struct ssh_session_struct *session,
                                  session->opts.rekey_data / cipher->blocksize);
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL,
+    SSH_LOG(SSH_LOG_DEBUG,
             "Set rekey after %" PRIu64 " blocks",
             cipher->max_blocks);
 }
@@ -1895,7 +2067,7 @@ ssh_packet_set_newkeys(ssh_session session,
     session->next_crypto->used |= direction;
     if (session->current_crypto != NULL) {
         if (session->current_crypto->used & direction) {
-            SSH_LOG(SSH_LOG_WARNING, "This direction isn't used anymore.");
+            SSH_LOG(SSH_LOG_TRACE, "This direction isn't used anymore.");
         }
         /* Mark the current requested direction unused */
         session->current_crypto->used &= ~direction;
@@ -1930,7 +2102,7 @@ ssh_packet_set_newkeys(ssh_session session,
         memcpy(session->next_crypto->session_id,
                session->current_crypto->session_id,
                session_id_len);
-	session->next_crypto->session_id_len = session_id_len;
+        session->next_crypto->session_id_len = session_id_len;
 
         return SSH_OK;
     }
@@ -1969,7 +2141,7 @@ ssh_packet_set_newkeys(ssh_session session,
     ssh_init_rekey_state(session, in_cipher);
     if (session->opts.rekey_time != 0) {
         ssh_timestamp_init(&session->last_rekey_time);
-        SSH_LOG(SSH_LOG_PROTOCOL, "Set rekey after %" PRIu32 " seconds",
+        SSH_LOG(SSH_LOG_DEBUG, "Set rekey after %" PRIu32 " seconds",
                 session->opts.rekey_time/1000);
     }
 
diff --git a/libssh/src/packet_cb.c b/libssh/src/packet_cb.c
index 39575b17..54c94c84 100644
--- a/libssh/src/packet_cb.c
+++ b/libssh/src/packet_cb.c
@@ -45,136 +45,200 @@
  *
  * @brief Handle a SSH_DISCONNECT packet.
  */
-SSH_PACKET_CALLBACK(ssh_packet_disconnect_callback){
-  int rc;
-  uint32_t code = 0;
-  char *error = NULL;
-  ssh_string error_s;
-  (void)user;
-  (void)type;
-
-  rc = ssh_buffer_get_u32(packet, &code);
-  if (rc != 0) {
-    code = ntohl(code);
-  }
-
-  error_s = ssh_buffer_get_ssh_string(packet);
-  if (error_s != NULL) {
-    error = ssh_string_to_char(error_s);
-    SSH_STRING_FREE(error_s);
-  }
-  SSH_LOG(SSH_LOG_PACKET, "Received SSH_MSG_DISCONNECT %d:%s",
-                          code, error != NULL ? error : "no error");
-  ssh_set_error(session, SSH_FATAL,
-      "Received SSH_MSG_DISCONNECT: %d:%s",
-      code, error != NULL ? error : "no error");
-  SAFE_FREE(error);
-
-  ssh_socket_close(session->socket);
-  session->alive = 0;
-  session->session_state = SSH_SESSION_STATE_ERROR;
-  /* TODO: handle a graceful disconnect */
-  return SSH_PACKET_USED;
+SSH_PACKET_CALLBACK(ssh_packet_disconnect_callback)
+{
+    int rc;
+    uint32_t code = 0;
+    char *error = NULL;
+    ssh_string error_s = NULL;
+
+    (void)user;
+    (void)type;
+
+    rc = ssh_buffer_get_u32(packet, &code);
+    if (rc != 0) {
+        code = ntohl(code);
+    }
+
+    error_s = ssh_buffer_get_ssh_string(packet);
+    if (error_s != NULL) {
+        error = ssh_string_to_char(error_s);
+        SSH_STRING_FREE(error_s);
+    }
+
+    if (error != NULL) {
+        session->peer_discon_msg = strdup(error);
+    }
+
+    SSH_LOG(SSH_LOG_PACKET,
+            "Received SSH_MSG_DISCONNECT %" PRIu32 ":%s",
+            code,
+            error != NULL ? error : "no error");
+    ssh_set_error(session,
+                  SSH_FATAL,
+                  "Received SSH_MSG_DISCONNECT: %" PRIu32 ":%s",
+                  code,
+                  error != NULL ? error : "no error");
+    SAFE_FREE(error);
+
+    ssh_session_socket_close(session);
+    /* correctly handle disconnect during authorization */
+    session->auth.state = SSH_AUTH_STATE_FAILED;
+
+    /* TODO: handle a graceful disconnect */
+    return SSH_PACKET_USED;
 }
 
 /**
  * @internal
  *
- * @brief Handle a SSH_IGNORE and SSH_DEBUG packet.
+ * @brief Handle a SSH_IGNORE packet.
  */
-SSH_PACKET_CALLBACK(ssh_packet_ignore_callback){
+SSH_PACKET_CALLBACK(ssh_packet_ignore_callback)
+{
     (void)session; /* unused */
-	(void)user;
-	(void)type;
-	(void)packet;
-	SSH_LOG(SSH_LOG_PROTOCOL,"Received %s packet",type==SSH2_MSG_IGNORE ? "SSH_MSG_IGNORE" : "SSH_MSG_DEBUG");
-	/* TODO: handle a graceful disconnect */
-	return SSH_PACKET_USED;
+    (void)user;
+    (void)type;
+    (void)packet;
+
+    SSH_LOG(SSH_LOG_DEBUG, "Received SSH_MSG_IGNORE packet");
+
+    return SSH_PACKET_USED;
 }
 
-SSH_PACKET_CALLBACK(ssh_packet_newkeys){
-  ssh_string sig_blob = NULL;
-  ssh_signature sig = NULL;
-  int rc;
-  (void)packet;
-  (void)user;
-  (void)type;
-  SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_NEWKEYS");
-
-  if (session->session_state != SSH_SESSION_STATE_DH ||
-      session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) {
-      ssh_set_error(session,
-                    SSH_FATAL,
-                    "ssh_packet_newkeys called in wrong state : %d:%d",
-                    session->session_state,session->dh_handshake_state);
-      goto error;
-  }
-
-  if(session->server){
-    /* server things are done in server.c */
-    session->dh_handshake_state=DH_STATE_FINISHED;
-  } else {
-    ssh_key server_key;
-
-    /* client */
-
-    /* Verify the host's signature. FIXME do it sooner */
-    sig_blob = session->next_crypto->dh_server_signature;
-    session->next_crypto->dh_server_signature = NULL;
-
-    /* get the server public key */
-    server_key = ssh_dh_get_next_server_publickey(session);
-    if (server_key == NULL) {
-        goto error;
-    }
+/**
+ * @internal
+ *
+ * @brief Handle a SSH_DEBUG packet.
+ */
+SSH_PACKET_CALLBACK(ssh_packet_debug_callback)
+{
+    uint8_t always_display = -1;
+    char *message = NULL;
+    int rc;
 
-    rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
-    ssh_string_burn(sig_blob);
-    SSH_STRING_FREE(sig_blob);
+    (void)session; /* unused */
+    (void)type;
+    (void)user;
+
+    rc = ssh_buffer_unpack(packet, "bs", &always_display, &message);
     if (rc != SSH_OK) {
+        SSH_LOG(SSH_LOG_PACKET, "Error reading debug message");
+        return SSH_PACKET_USED;
+    }
+    SSH_LOG(SSH_LOG_DEBUG,
+            "Received SSH_MSG_DEBUG packet with message %s%s",
+            message,
+            always_display != 0 ? " (always display)" : "");
+    SAFE_FREE(message);
+
+    return SSH_PACKET_USED;
+}
+
+SSH_PACKET_CALLBACK(ssh_packet_newkeys)
+{
+    ssh_string sig_blob = NULL;
+    ssh_signature sig = NULL;
+    int rc;
+
+    (void)packet;
+    (void)user;
+    (void)type;
+
+    SSH_LOG(SSH_LOG_DEBUG, "Received SSH_MSG_NEWKEYS");
+
+    if (session->session_state != SSH_SESSION_STATE_DH ||
+        session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "ssh_packet_newkeys called in wrong state : %d:%d",
+                      session->session_state,
+                      session->dh_handshake_state);
         goto error;
     }
 
-    /* Check if signature from server matches user preferences */
-    if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
-        if (!ssh_match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
-                             sig->type_c)) {
+    if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
+        /* reset packet sequence number when running in strict kex mode */
+        session->recv_seq = 0;
+        /* Check that we aren't tainted */
+        if (session->flags & SSH_SESSION_FLAG_KEX_TAINTED) {
             ssh_set_error(session,
                           SSH_FATAL,
-                          "Public key from server (%s) doesn't match user "
-                          "preference (%s)",
-                          sig->type_c,
-                          session->opts.wanted_methods[SSH_HOSTKEYS]);
+                          "Received unexpected packets in strict KEX mode.");
             goto error;
         }
     }
 
-    rc = ssh_pki_signature_verify(session,
-                                  sig,
-                                  server_key,
-                                  session->next_crypto->secret_hash,
-                                  session->next_crypto->digest_len);
-    SSH_SIGNATURE_FREE(sig);
-    if (rc == SSH_ERROR) {
-      goto error;
-    }
-    SSH_LOG(SSH_LOG_PROTOCOL,"Signature verified and valid");
+    if (session->server) {
+        /* server things are done in server.c */
+        session->dh_handshake_state=DH_STATE_FINISHED;
+    } else {
+        ssh_key server_key = NULL;
 
-    /* When receiving this packet, we switch on the incomming crypto. */
-    rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN);
-    if (rc != SSH_OK) {
-        goto error;
+        /* client */
+
+        /* Verify the host's signature. FIXME do it sooner */
+        sig_blob = session->next_crypto->dh_server_signature;
+        session->next_crypto->dh_server_signature = NULL;
+
+        /* get the server public key */
+        server_key = ssh_dh_get_next_server_publickey(session);
+        if (server_key == NULL) {
+            goto error;
+        }
+
+        rc = ssh_pki_import_signature_blob(sig_blob, server_key, &sig);
+        ssh_string_burn(sig_blob);
+        SSH_STRING_FREE(sig_blob);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+
+        /* Check if signature from server matches user preferences */
+        if (session->opts.wanted_methods[SSH_HOSTKEYS]) {
+            rc = match_group(session->opts.wanted_methods[SSH_HOSTKEYS],
+                             sig->type_c);
+            if (rc == 0) {
+                ssh_set_error(session,
+                              SSH_FATAL,
+                              "Public key from server (%s) doesn't match user "
+                              "preference (%s)",
+                              sig->type_c,
+                              session->opts.wanted_methods[SSH_HOSTKEYS]);
+                goto error;
+            }
+        }
+
+        rc = ssh_pki_signature_verify(session,
+                                      sig,
+                                      server_key,
+                                      session->next_crypto->secret_hash,
+                                      session->next_crypto->digest_len);
+        SSH_SIGNATURE_FREE(sig);
+        if (rc == SSH_ERROR) {
+            ssh_set_error(session,
+                          SSH_FATAL,
+                          "Failed to verify server hostkey signature");
+            goto error;
+        }
+        SSH_LOG(SSH_LOG_DEBUG, "Signature verified and valid");
+
+        /* When receiving this packet, we switch on the incoming crypto. */
+        rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN);
+        if (rc != SSH_OK) {
+            goto error;
+        }
     }
-  }
-  session->dh_handshake_state = DH_STATE_FINISHED;
-  session->ssh_connection_callback(session);
-  return SSH_PACKET_USED;
+    session->dh_handshake_state = DH_STATE_FINISHED;
+    session->ssh_connection_callback(session);
+    return SSH_PACKET_USED;
+
 error:
-  SSH_SIGNATURE_FREE(sig);
-  ssh_string_burn(sig_blob);
-  SSH_STRING_FREE(sig_blob);
-  session->session_state = SSH_SESSION_STATE_ERROR;
-  return SSH_PACKET_USED;
+    SSH_SIGNATURE_FREE(sig);
+    ssh_string_burn(sig_blob);
+    SSH_STRING_FREE(sig_blob);
+    session->session_state = SSH_SESSION_STATE_ERROR;
+    return SSH_PACKET_USED;
 }
 
 /**
@@ -182,16 +246,16 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
  * @brief handles a SSH_SERVICE_ACCEPT packet
  *
  */
-SSH_PACKET_CALLBACK(ssh_packet_service_accept){
-	(void)packet;
-	(void)type;
-	(void)user;
+SSH_PACKET_CALLBACK(ssh_packet_service_accept)
+{
+    (void)packet;
+    (void)type;
+    (void)user;
 
     session->auth.service_state = SSH_AUTH_SERVICE_ACCEPTED;
-	SSH_LOG(SSH_LOG_PACKET,
-	      "Received SSH_MSG_SERVICE_ACCEPT");
+    SSH_LOG(SSH_LOG_PACKET, "Received SSH_MSG_SERVICE_ACCEPT");
 
-	return SSH_PACKET_USED;
+    return SSH_PACKET_USED;
 }
 
 /**
@@ -204,6 +268,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
     int rc;
     uint32_t nr_extensions = 0;
     uint32_t i;
+
     (void)type;
     (void)user;
 
@@ -221,7 +286,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
         return SSH_PACKET_USED;
     }
 
-    SSH_LOG(SSH_LOG_PACKET, "Follows %u extensions", nr_extensions);
+    SSH_LOG(SSH_LOG_PACKET, "Follows %" PRIu32 " extensions", nr_extensions);
 
     for (i = 0; i < nr_extensions; i++) {
         char *name = NULL;
@@ -238,12 +303,18 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info)
         if (cmp == 0) {
             /* TODO check for NULL bytes */
             SSH_LOG(SSH_LOG_PACKET, "Extension: %s=<%s>", name, value);
-            if (ssh_match_group(value, "rsa-sha2-512")) {
+
+            rc = match_group(value, "rsa-sha2-512");
+            if (rc == 1) {
                 session->extensions |= SSH_EXT_SIG_RSA_SHA512;
             }
-            if (ssh_match_group(value, "rsa-sha2-256")) {
+
+            rc = match_group(value, "rsa-sha2-256");
+            if (rc == 1) {
                 session->extensions |= SSH_EXT_SIG_RSA_SHA256;
             }
+        } else {
+            SSH_LOG(SSH_LOG_PACKET, "Unknown extension: %s", name);
         }
         free(name);
         free(value);
diff --git a/libssh/src/packet_crypt.c b/libssh/src/packet_crypt.c
index fe3f489e..96e9586c 100644
--- a/libssh/src/packet_crypt.c
+++ b/libssh/src/packet_crypt.c
@@ -262,7 +262,7 @@ int ssh_packet_hmac_verify(ssh_session session,
 {
     struct ssh_crypto_struct *crypto = NULL;
     unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
-    HMACCTX ctx;
+    HMACCTX ctx = NULL;
     size_t hmaclen = DIGEST_MAX_LEN;
     uint32_t seq;
     int cmp;
diff --git a/libssh/src/pcap.c b/libssh/src/pcap.c
index 9492df50..3d295427 100644
--- a/libssh/src/pcap.c
+++ b/libssh/src/pcap.c
@@ -44,14 +44,11 @@
 #include "libssh/socket.h"
 
 /**
- * @internal
- *
  * @defgroup libssh_pcap The libssh pcap functions
  * @ingroup libssh
  *
  * The pcap file generation
  *
- *
  * @{
  */
 
@@ -63,7 +60,7 @@ struct pcap_hdr_s {
 	uint32_t magic_number;   /* magic number */
 	uint16_t version_major;  /* major version number */
 	uint16_t version_minor;  /* minor version number */
-	int32_t   thiszone;       /* GMT to local correction */
+	int32_t  thiszone;       /* GMT to local correction */
 	uint32_t sigfigs;        /* accuracy of timestamps */
 	uint32_t snaplen;        /* max length of captured packets, in octets */
 	uint32_t network;        /* data link type */
@@ -98,7 +95,6 @@ struct pcaprec_hdr_s {
  * in a SSH session only. Multiple pcap contexts may be used into
  * a single pcap file.
  */
-
 struct ssh_pcap_context_struct {
 	ssh_session session;
 	ssh_pcap_file file;
@@ -126,10 +122,11 @@ struct ssh_pcap_file_struct {
 /**
  * @brief create a new ssh_pcap_file object
  */
-ssh_pcap_file ssh_pcap_file_new(void) {
-    struct ssh_pcap_file_struct *pcap;
+ssh_pcap_file ssh_pcap_file_new(void)
+{
+    struct ssh_pcap_file_struct *pcap = NULL;
 
-    pcap = (struct ssh_pcap_file_struct *) malloc(sizeof(struct ssh_pcap_file_struct));
+    pcap = malloc(sizeof(struct ssh_pcap_file_struct));
     if (pcap == NULL) {
         return NULL;
     }
@@ -141,163 +138,182 @@ ssh_pcap_file ssh_pcap_file_new(void) {
 /** @internal
  * @brief writes a packet on file
  */
-static int ssh_pcap_file_write(ssh_pcap_file pcap, ssh_buffer packet){
-	int err;
-	uint32_t len;
-	if(pcap == NULL || pcap->output==NULL)
-		return SSH_ERROR;
-	len=ssh_buffer_get_len(packet);
-	err=fwrite(ssh_buffer_get(packet),len,1,pcap->output);
-	if(err<0)
-		return SSH_ERROR;
-	else
-		return SSH_OK;
+static int ssh_pcap_file_write(ssh_pcap_file pcap, ssh_buffer packet)
+{
+    int err;
+    uint32_t len;
+    if (pcap == NULL || pcap->output == NULL) {
+        return SSH_ERROR;
+    }
+    len = ssh_buffer_get_len(packet);
+    err = fwrite(ssh_buffer_get(packet), len, 1, pcap->output);
+    if (err < 0) {
+        return SSH_ERROR;
+    } else {
+        return SSH_OK;
+    }
 }
 
 /** @internal
  * @brief prepends a packet with the pcap header and writes packet
  * on file
  */
-int ssh_pcap_file_write_packet(ssh_pcap_file pcap, ssh_buffer packet, uint32_t original_len){
-	ssh_buffer header=ssh_buffer_new();
-	struct timeval now;
-	int err;
-	if(header == NULL)
-		return SSH_ERROR;
-	gettimeofday(&now,NULL);
+int ssh_pcap_file_write_packet(ssh_pcap_file pcap, ssh_buffer packet, uint32_t original_len)
+{
+    ssh_buffer header = ssh_buffer_new();
+    struct timeval now;
+    int err;
+
+    if (header == NULL) {
+        return SSH_ERROR;
+    }
+
+    gettimeofday(&now, NULL);
     err = ssh_buffer_allocate_size(header,
                                    sizeof(uint32_t) * 4 +
                                    ssh_buffer_get_len(packet));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u32(header,htonl(now.tv_sec));
+    err = ssh_buffer_add_u32(header, htonl(now.tv_sec));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u32(header,htonl(now.tv_usec));
+    err = ssh_buffer_add_u32(header, htonl(now.tv_usec));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u32(header,htonl(ssh_buffer_get_len(packet)));
+    err = ssh_buffer_add_u32(header, htonl(ssh_buffer_get_len(packet)));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u32(header,htonl(original_len));
+    err = ssh_buffer_add_u32(header, htonl(original_len));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_buffer(header,packet);
+    err = ssh_buffer_add_buffer(header, packet);
     if (err < 0) {
         goto error;
     }
-	err=ssh_pcap_file_write(pcap,header);
+    err = ssh_pcap_file_write(pcap, header);
 error:
-	SSH_BUFFER_FREE(header);
-	return err;
+    SSH_BUFFER_FREE(header);
+    return err;
 }
 
 /**
  * @brief opens a new pcap file and creates header
  */
-int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename){
-	ssh_buffer header;
-	int err;
-	if(pcap == NULL)
-		return SSH_ERROR;
-	if(pcap->output){
-		fclose(pcap->output);
-		pcap->output=NULL;
-	}
-	pcap->output=fopen(filename,"wb");
-	if(pcap->output==NULL)
-		return SSH_ERROR;
-	header=ssh_buffer_new();
-	if(header==NULL)
-		return SSH_ERROR;
+int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename)
+{
+    ssh_buffer header = NULL;
+    int err;
+
+    if (pcap == NULL) {
+        return SSH_ERROR;
+    }
+    if (pcap->output) {
+        fclose(pcap->output);
+        pcap->output = NULL;
+    }
+    pcap->output = fopen(filename, "wb");
+    if (pcap->output == NULL) {
+        return SSH_ERROR;
+    }
+    header = ssh_buffer_new();
+    if (header == NULL) {
+        return SSH_ERROR;
+    }
     err = ssh_buffer_allocate_size(header,
                                    sizeof(uint32_t) * 5 +
                                    sizeof(uint16_t) * 2);
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u32(header,htonl(PCAP_MAGIC));
+    err = ssh_buffer_add_u32(header, htonl(PCAP_MAGIC));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u16(header,htons(PCAP_VERSION_MAJOR));
+    err = ssh_buffer_add_u16(header, htons(PCAP_VERSION_MAJOR));
     if (err < 0) {
         goto error;
     }
-    err = ssh_buffer_add_u16(header,htons(PCAP_VERSION_MINOR));
+    err = ssh_buffer_add_u16(header, htons(PCAP_VERSION_MINOR));
     if (err < 0) {
         goto error;
     }
-	/* currently hardcode GMT to 0 */
-    err = ssh_buffer_add_u32(header,htonl(0));
+    /* currently hardcode GMT to 0 */
+    err = ssh_buffer_add_u32(header, htonl(0));
     if (err < 0) {
         goto error;
     }
-	/* accuracy */
-    err = ssh_buffer_add_u32(header,htonl(0));
+    /* accuracy */
+    err = ssh_buffer_add_u32(header, htonl(0));
     if (err < 0) {
         goto error;
     }
-	/* size of the biggest packet */
-    err = ssh_buffer_add_u32(header,htonl(MAX_PACKET_LEN));
+    /* size of the biggest packet */
+    err = ssh_buffer_add_u32(header, htonl(MAX_PACKET_LEN));
     if (err < 0) {
         goto error;
     }
-	/* we will write sort-of IP */
-    err = ssh_buffer_add_u32(header,htonl(DLT_RAW));
+    /* we will write sort-of IP */
+    err = ssh_buffer_add_u32(header, htonl(DLT_RAW));
     if (err < 0) {
         goto error;
     }
-	err=ssh_pcap_file_write(pcap,header);
+    err = ssh_pcap_file_write(pcap,header);
 error:
-	SSH_BUFFER_FREE(header);
-	return err;
+    SSH_BUFFER_FREE(header);
+    return err;
 }
 
-int ssh_pcap_file_close(ssh_pcap_file pcap){
-	int err;
-	if(pcap ==NULL || pcap->output==NULL)
-		return SSH_ERROR;
-	err=fclose(pcap->output);
-	pcap->output=NULL;
-	if(err != 0)
-		return SSH_ERROR;
-	else
-		return SSH_OK;
+int ssh_pcap_file_close(ssh_pcap_file pcap)
+{
+    int err;
+
+    if (pcap == NULL || pcap->output == NULL) {
+        return SSH_ERROR;
+    }
+    err = fclose(pcap->output);
+    pcap->output = NULL;
+    if (err != 0) {
+        return SSH_ERROR;
+    } else {
+        return SSH_OK;
+    }
 }
 
-void ssh_pcap_file_free(ssh_pcap_file pcap){
-	ssh_pcap_file_close(pcap);
-	SAFE_FREE(pcap);
+void ssh_pcap_file_free(ssh_pcap_file pcap)
+{
+    ssh_pcap_file_close(pcap);
+    SAFE_FREE(pcap);
 }
 
 
 /** @internal
  * @brief allocates a new ssh_pcap_context object
  */
-
-ssh_pcap_context ssh_pcap_context_new(ssh_session session){
-	ssh_pcap_context ctx = (struct ssh_pcap_context_struct *) malloc(sizeof(struct ssh_pcap_context_struct));
-	if(ctx==NULL){
-		ssh_set_error_oom(session);
-		return NULL;
-	}
-	ZERO_STRUCTP(ctx);
-	ctx->session=session;
-	return ctx;
+ssh_pcap_context ssh_pcap_context_new(ssh_session session)
+{
+    ssh_pcap_context ctx = (struct ssh_pcap_context_struct *)malloc(sizeof(struct ssh_pcap_context_struct));
+    if (ctx == NULL) {
+        ssh_set_error_oom(session);
+        return NULL;
+    }
+    ZERO_STRUCTP(ctx);
+    ctx->session = session;
+    return ctx;
 }
 
-void ssh_pcap_context_free(ssh_pcap_context ctx){
-	SAFE_FREE(ctx);
+void ssh_pcap_context_free(ssh_pcap_context ctx)
+{
+    SAFE_FREE(ctx);
 }
 
-void ssh_pcap_context_set_file(ssh_pcap_context ctx, ssh_pcap_file pcap){
-	ctx->file=pcap;
+void ssh_pcap_context_set_file(ssh_pcap_context ctx, ssh_pcap_file pcap)
+{
+    ctx->file = pcap;
 }
 
 /** @internal
@@ -384,7 +400,7 @@ static int ssh_pcap_context_connect(ssh_pcap_context ctx)
  */
 int ssh_pcap_context_write(ssh_pcap_context ctx,
                            enum ssh_pcap_direction direction,
-		           void *data,
+                           void *data,
                            uint32_t len,
                            uint32_t origlen)
 {
@@ -418,7 +434,7 @@ int ssh_pcap_context_write(ssh_pcap_context ctx,
                          0);         /* checksum */
 
     ctx->file->ipsequence++;
-    if (rc != SSH_OK){
+    if (rc != SSH_OK) {
         goto error;
     }
     if (direction == SSH_PCAP_DIR_OUT) {
@@ -511,19 +527,21 @@ int ssh_pcap_context_write(ssh_pcap_context ctx,
  * sessions.
  * @returns SSH_ERROR in case of error, SSH_OK otherwise.
  */
-int ssh_set_pcap_file(ssh_session session, ssh_pcap_file pcap){
-	ssh_pcap_context ctx=ssh_pcap_context_new(session);
-	if(ctx==NULL){
-		ssh_set_error_oom(session);
-		return SSH_ERROR;
-	}
-	ctx->file=pcap;
-	if(session->pcap_ctx)
-		ssh_pcap_context_free(session->pcap_ctx);
-	session->pcap_ctx=ctx;
-	return SSH_OK;
+int ssh_set_pcap_file(ssh_session session, ssh_pcap_file pcap)
+{
+    ssh_pcap_context ctx = ssh_pcap_context_new(session);
+    if (ctx == NULL) {
+        ssh_set_error_oom(session);
+        return SSH_ERROR;
+    }
+    ctx->file = pcap;
+    if (session->pcap_ctx) {
+        ssh_pcap_context_free(session->pcap_ctx);
+    }
+    session->pcap_ctx = ctx;
+    return SSH_OK;
 }
-
+/** @} */
 
 #else /* WITH_PCAP */
 
@@ -532,30 +550,36 @@ int ssh_set_pcap_file(ssh_session session, ssh_pcap_file pcap){
 #include "libssh/libssh.h"
 #include "libssh/priv.h"
 
-int ssh_pcap_file_close(ssh_pcap_file pcap){
-	(void) pcap;
-	return SSH_ERROR;
+int ssh_pcap_file_close(ssh_pcap_file pcap)
+{
+    (void)pcap;
+
+    return SSH_ERROR;
 }
 
-void ssh_pcap_file_free(ssh_pcap_file pcap){
-	(void) pcap;
+void ssh_pcap_file_free(ssh_pcap_file pcap)
+{
+    (void)pcap;
 }
 
-ssh_pcap_file ssh_pcap_file_new(void){
-	return NULL;
+ssh_pcap_file ssh_pcap_file_new(void)
+{
+    return NULL;
 }
-int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename){
-	(void) pcap;
-	(void) filename;
-	return SSH_ERROR;
+int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename)
+{
+    (void)pcap;
+    (void)filename;
+
+    return SSH_ERROR;
 }
 
-int ssh_set_pcap_file(ssh_session session, ssh_pcap_file pcapfile){
-	(void) pcapfile;
-	ssh_set_error(session,SSH_REQUEST_DENIED,"Pcap support not compiled in");
-	return SSH_ERROR;
+int ssh_set_pcap_file(ssh_session session, ssh_pcap_file pcapfile)
+{
+    (void)pcapfile;
+
+    ssh_set_error(session, SSH_REQUEST_DENIED, "Pcap support not compiled in");
+    return SSH_ERROR;
 }
 
 #endif
-
-/** @} */
diff --git a/libssh/src/pki.c b/libssh/src/pki.c
index 8f62ce2b..17b4845d 100644
--- a/libssh/src/pki.c
+++ b/libssh/src/pki.c
@@ -43,20 +43,6 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
-#ifdef _WIN32
-# ifdef HAVE_IO_H
-#  include <io.h>
-#  undef open
-#  define open _open
-#  undef close
-#  define close _close
-#  undef read
-#  define read _read
-#  undef unlink
-#  define unlink _unlink
-# endif /* HAVE_IO_H */
-#endif /* _WIN32 */
-
 #include "libssh/libssh.h"
 #include "libssh/session.h"
 #include "libssh/priv.h"
@@ -77,13 +63,6 @@ enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey)
 {
     char *start = NULL;
 
-#ifdef HAVE_DSA
-    start = strstr(privkey, DSA_HEADER_BEGIN);
-    if (start != NULL) {
-        return SSH_KEYTYPE_DSS;
-    }
-#endif /* HAVE_DSA */
-
     start = strstr(privkey, RSA_HEADER_BEGIN);
     if (start != NULL) {
         return SSH_KEYTYPE_RSA;
@@ -137,6 +116,13 @@ ssh_key ssh_key_new (void)
     return ptr;
 }
 
+/**
+ * @brief duplicates the key
+ *
+ * @param key An ssh_key to duplicate
+ *
+ * @return A duplicated ssh_key key
+ */
 ssh_key ssh_key_dup(const ssh_key key)
 {
     if (key == NULL) {
@@ -158,14 +144,14 @@ void ssh_key_clean (ssh_key key)
     pki_key_clean(key);
 
     if (key->ed25519_privkey != NULL){
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
         /* In OpenSSL implementation the private key is only the private
          * original seed. In the internal implementation the private key is the
          * concatenation of the original private seed with the public key.*/
         explicit_bzero(key->ed25519_privkey, ED25519_KEY_LEN);
 #else
         explicit_bzero(key->ed25519_privkey, sizeof(ed25519_privkey));
-#endif /* HAVE_OPENSSL_ED25519 */
+#endif /* HAVE_LIBCRYPTO*/
         SAFE_FREE(key->ed25519_privkey);
     }
     SAFE_FREE(key->ed25519_pubkey);
@@ -201,9 +187,9 @@ void ssh_key_free (ssh_key key)
 /**
  * @brief returns the type of a ssh key
  * @param[in] key the ssh_key handle
- * @returns one of SSH_KEYTYPE_RSA, SSH_KEYTYPE_DSS,
+ * @returns one of SSH_KEYTYPE_RSA,
  *          SSH_KEYTYPE_ECDSA_P256, SSH_KEYTYPE_ECDSA_P384,
- *          SSH_KEYTYPE_ECDSA_P521, SSH_KEYTYPE_ED25519, SSH_KEYTYPE_DSS_CERT01,
+ *          SSH_KEYTYPE_ECDSA_P521, SSH_KEYTYPE_ED25519,
  *          SSH_KEYTYPE_RSA_CERT01, SSH_KEYTYPE_ECDSA_P256_CERT01,
  *          SSH_KEYTYPE_ECDSA_P384_CERT01, SSH_KEYTYPE_ECDSA_P521_CERT01, or
  *          SSH_KEYTYPE_ED25519_CERT01.
@@ -222,6 +208,8 @@ enum ssh_keytypes_e ssh_key_type(const ssh_key key)
  *
  * @param[in]  type     The algorithm type to convert.
  *
+ * @param[in] hash_type The hash type to convert
+ *
  * @return              A string for the keytype or NULL if unknown.
  */
 const char *
@@ -272,8 +260,6 @@ ssh_key_signature_to_char(enum ssh_keytypes_e type,
  */
 const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
   switch (type) {
-    case SSH_KEYTYPE_DSS:
-      return "ssh-dss";
     case SSH_KEYTYPE_RSA:
       return "ssh-rsa";
     case SSH_KEYTYPE_ECDSA:
@@ -286,8 +272,6 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
       return "ecdsa-sha2-nistp521";
     case SSH_KEYTYPE_ED25519:
       return "ssh-ed25519";
-    case SSH_KEYTYPE_DSS_CERT01:
-      return "ssh-dss-cert-v01@openssh.com";
     case SSH_KEYTYPE_RSA_CERT01:
       return "ssh-rsa-cert-v01@openssh.com";
     case SSH_KEYTYPE_ECDSA_P256_CERT01:
@@ -306,7 +290,9 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
       return "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com";
     case SSH_KEYTYPE_SK_ED25519_CERT01:
       return "sk-ssh-ed25519-cert-v01@openssh.com";
+    case SSH_KEYTYPE_DSS:   /* deprecated */
     case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
     case SSH_KEYTYPE_UNKNOWN:
       return NULL;
   }
@@ -324,8 +310,6 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
 
     if (strcmp(name, "ssh-rsa") == 0) {
         return SSH_DIGEST_SHA1;
-    } else if (strcmp(name, "ssh-dss") == 0) {
-        return SSH_DIGEST_SHA1;
     } else if (strcmp(name, "rsa-sha2-256") == 0) {
         return SSH_DIGEST_SHA256;
     } else if (strcmp(name, "rsa-sha2-512") == 0) {
@@ -344,7 +328,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
         return SSH_DIGEST_AUTO;
     }
 
-    SSH_LOG(SSH_LOG_WARN, "Unknown signature name %s", name);
+    SSH_LOG(SSH_LOG_TRACE, "Unknown signature name %s", name);
 
     /* TODO we should rather fail */
     return SSH_DIGEST_AUTO;
@@ -360,7 +344,7 @@ enum ssh_digest_e ssh_key_hash_from_name(const char *name)
  */
 int ssh_key_algorithm_allowed(ssh_session session, const char *type)
 {
-    const char *allowed_list;
+    const char *allowed_list = NULL;
 
     if (session->client) {
         allowed_list = session->opts.pubkey_accepted_types;
@@ -376,18 +360,18 @@ int ssh_key_algorithm_allowed(ssh_session session, const char *type)
     else if (session->server) {
         allowed_list = session->opts.wanted_methods[SSH_HOSTKEYS];
         if (allowed_list == NULL) {
-            SSH_LOG(SSH_LOG_WARN, "Session invalid: no host key available");
+            SSH_LOG(SSH_LOG_TRACE, "Session invalid: no host key available");
             return 0;
         }
     }
 #endif /* WITH_SERVER */
     else {
-        SSH_LOG(SSH_LOG_WARN, "Session invalid: not set as client nor server");
+        SSH_LOG(SSH_LOG_TRACE, "Session invalid: not set as client nor server");
         return 0;
     }
 
     SSH_LOG(SSH_LOG_DEBUG, "Checking %s with list <%s>", type, allowed_list);
-    return ssh_match_group(allowed_list, type);
+    return match_group(allowed_list, type);
 }
 
 bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)
@@ -441,9 +425,6 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
                                        enum ssh_keytypes_e type)
 {
     switch (type) {
-    case SSH_KEYTYPE_DSS_CERT01:
-    case SSH_KEYTYPE_DSS:
-        return SSH_DIGEST_SHA1;
     case SSH_KEYTYPE_RSA_CERT01:
         /* If we are talking to an old OpenSSH version which does not support
          * SHA2 in certificates */
@@ -485,10 +466,12 @@ enum ssh_digest_e ssh_key_type_to_hash(ssh_session session,
     case SSH_KEYTYPE_ED25519:
         return SSH_DIGEST_AUTO;
     case SSH_KEYTYPE_RSA1:
+    case SSH_KEYTYPE_DSS:   /* deprecated */
+    case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
     case SSH_KEYTYPE_ECDSA:
     case SSH_KEYTYPE_UNKNOWN:
     default:
-        SSH_LOG(SSH_LOG_WARN, "Digest algorithm to be used with key type %u "
+        SSH_LOG(SSH_LOG_TRACE, "Digest algorithm to be used with key type %u "
                 "is not defined", type);
     }
 
@@ -567,12 +550,8 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name)
 
     if (strcmp(name, "rsa") == 0) {
         return SSH_KEYTYPE_RSA;
-    } else if (strcmp(name, "dsa") == 0) {
-        return SSH_KEYTYPE_DSS;
     } else if (strcmp(name, "ssh-rsa") == 0) {
         return SSH_KEYTYPE_RSA;
-    } else if (strcmp(name, "ssh-dss") == 0) {
-        return SSH_KEYTYPE_DSS;
     } else if (strcmp(name, "ssh-ecdsa") == 0
             || strcmp(name, "ecdsa") == 0
             || strcmp(name, "ecdsa-sha2-nistp256") == 0) {
@@ -583,8 +562,6 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name)
         return SSH_KEYTYPE_ECDSA_P521;
     } else if (strcmp(name, "ssh-ed25519") == 0){
         return SSH_KEYTYPE_ED25519;
-    } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
-        return SSH_KEYTYPE_DSS_CERT01;
     } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
         return SSH_KEYTYPE_RSA_CERT01;
     } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) {
@@ -609,7 +586,7 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name)
 }
 
 /**
- * @brief Get the pubic key type corresponding to a certificate type.
+ * @brief Get the public key type corresponding to a certificate type.
  *
  * @param[in] type   The certificate or public key type.
  *
@@ -618,8 +595,6 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name)
 enum ssh_keytypes_e ssh_key_type_plain(enum ssh_keytypes_e type)
 {
     switch (type) {
-        case SSH_KEYTYPE_DSS_CERT01:
-            return SSH_KEYTYPE_DSS;
         case SSH_KEYTYPE_RSA_CERT01:
             return SSH_KEYTYPE_RSA;
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
@@ -689,8 +664,8 @@ int ssh_key_cmp(const ssh_key k1,
         return 1;
     }
 
-    if (k1->type != k2->type) {
-        SSH_LOG(SSH_LOG_WARN, "key types don't match!");
+    if (ssh_key_type_plain(k1->type) != ssh_key_type_plain(k2->type)) {
+        SSH_LOG(SSH_LOG_DEBUG, "key types don't match!");
         return 1;
     }
 
@@ -710,6 +685,22 @@ int ssh_key_cmp(const ssh_key k1,
         }
     }
 
+    if (what == SSH_KEY_CMP_CERTIFICATE) {
+        if (!is_cert_type(k1->type) ||
+            !is_cert_type(k2->type)) {
+            return 1;
+        }
+        if (k1->cert == NULL || k2->cert == NULL) {
+            return 1;
+        }
+        if (ssh_buffer_get_len(k1->cert) != ssh_buffer_get_len(k2->cert)) {
+            return 1;
+        }
+        return memcmp(ssh_buffer_get(k1->cert),
+                      ssh_buffer_get(k2->cert),
+                      ssh_buffer_get_len(k1->cert));
+    }
+
     if (k1->type == SSH_KEYTYPE_ED25519 ||
         k1->type == SSH_KEYTYPE_SK_ED25519) {
         return pki_ed25519_key_cmp(k1, k2, what);
@@ -720,7 +711,7 @@ int ssh_key_cmp(const ssh_key k1,
 
 ssh_signature ssh_signature_new(void)
 {
-    struct ssh_signature_struct *sig;
+    struct ssh_signature_struct *sig = NULL;
 
     sig = malloc(sizeof(struct ssh_signature_struct));
     if (sig == NULL) {
@@ -738,11 +729,6 @@ void ssh_signature_free(ssh_signature sig)
     }
 
     switch(sig->type) {
-        case SSH_KEYTYPE_DSS:
-#ifdef HAVE_LIBGCRYPT
-            gcry_sexp_release(sig->dsa_sig);
-#endif /* HAVE_LIBGCRYPT */
-            break;
         case SSH_KEYTYPE_RSA:
 #ifdef HAVE_LIBGCRYPT
             gcry_sexp_release(sig->rsa_sig);
@@ -763,12 +749,13 @@ void ssh_signature_free(ssh_signature sig)
             break;
         case SSH_KEYTYPE_ED25519:
         case SSH_KEYTYPE_SK_ED25519:
-#ifndef HAVE_OPENSSL_ED25519
+#ifndef HAVE_LIBCRYPTO
             /* When using OpenSSL, the signature is stored in sig->raw_sig */
             SAFE_FREE(sig->ed25519_sig);
-#endif /* HAVE_OPENSSL_ED25519 */
+#endif /* HAVE_LIBCRYPTO */
             break;
-        case SSH_KEYTYPE_DSS_CERT01:
+        case SSH_KEYTYPE_DSS:   /* deprecated */
+        case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
         case SSH_KEYTYPE_ECDSA_P384_CERT01:
@@ -812,7 +799,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
                                   void *auth_data,
                                   ssh_key *pkey)
 {
-    ssh_key key;
+    ssh_key key = NULL;
     char *openssh_header = NULL;
 
     if (b64_key == NULL || pkey == NULL) {
@@ -823,7 +810,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_INFO,
+    SSH_LOG(SSH_LOG_DEBUG,
             "Trying to decode privkey passphrase=%s",
             passphrase ? "true" : "false");
 
@@ -849,9 +836,10 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
 
     return SSH_OK;
 }
+
+
  /**
- * @brief Convert a private key to a pem base64 encoded key, or OpenSSH format for
- *        keytype ssh-ed25519
+ * @brief Convert a private key to a base64 encoded key in given format
  *
  * @param[in]  privkey  The private key to export.
  *
@@ -865,15 +853,19 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
  * @param[out] b64_key  A pointer to store the allocated base64 encoded key. You
  *                      need to free the buffer using ssh_string_from_char().
  *
+ * @param[in]  format   The file format (OpenSSH, PEM, or default)
+ *
  * @return     SSH_OK on success, SSH_ERROR on error.
  *
  * @see ssh_string_free_char()
  */
-int ssh_pki_export_privkey_base64(const ssh_key privkey,
-                                  const char *passphrase,
-                                  ssh_auth_callback auth_fn,
-                                  void *auth_data,
-                                  char **b64_key)
+int
+ssh_pki_export_privkey_base64_format(const ssh_key privkey,
+                                     const char *passphrase,
+                                     ssh_auth_callback auth_fn,
+                                     void *auth_data,
+                                     char **b64_key,
+                                     enum ssh_file_format_e format)
 {
     ssh_string blob = NULL;
     char *b64 = NULL;
@@ -882,16 +874,32 @@ int ssh_pki_export_privkey_base64(const ssh_key privkey,
         return SSH_ERROR;
     }
 
-    if (privkey->type == SSH_KEYTYPE_ED25519){
-        blob = ssh_pki_openssh_privkey_export(privkey,
-                                              passphrase,
-                                              auth_fn,
-                                              auth_data);
-    } else {
+    /*
+     * For historic reasons, the Ed25519 keys are exported in OpenSSH file
+     * format by default also when built with OpenSSL.
+     */
+#ifdef HAVE_LIBCRYPTO
+    if (format == SSH_FILE_FORMAT_DEFAULT &&
+        privkey->type != SSH_KEYTYPE_ED25519) {
+        format = SSH_FILE_FORMAT_PEM;
+    }
+#endif /* HAVE_LIBCRYPTO */
+
+    switch (format) {
+    case SSH_FILE_FORMAT_PEM:
         blob = pki_private_key_to_pem(privkey,
                                       passphrase,
                                       auth_fn,
                                       auth_data);
+        break;
+    case SSH_FILE_FORMAT_DEFAULT:
+        /* default except (OpenSSL && !ED25519) handled above */
+    case SSH_FILE_FORMAT_OPENSSH:
+        blob = ssh_pki_openssh_privkey_export(privkey,
+                                              passphrase,
+                                              auth_fn,
+                                              auth_data);
+        break;
     }
     if (blob == NULL) {
         return SSH_ERROR;
@@ -908,6 +916,42 @@ int ssh_pki_export_privkey_base64(const ssh_key privkey,
     return SSH_OK;
 }
 
+ /**
+ * @brief Convert a private key to a pem base64 encoded key, or OpenSSH format for
+ *        keytype ssh-ed25519
+ *
+ * @param[in]  privkey  The private key to export.
+ *
+ * @param[in]  passphrase The passphrase to use to encrypt the key with or
+ *             NULL. An empty string means no passphrase.
+ *
+ * @param[in]  auth_fn  An auth function you may want to use or NULL.
+ *
+ * @param[in]  auth_data Private data passed to the auth function.
+ *
+ * @param[out] b64_key  A pointer to store the allocated base64 encoded key. You
+ *                      need to free the buffer using ssh_string_from_char().
+ *
+ * @return     SSH_OK on success, SSH_ERROR on error.
+ *
+ * @see ssh_string_free_char()
+ */
+int ssh_pki_export_privkey_base64(const ssh_key privkey,
+                                  const char *passphrase,
+                                  ssh_auth_callback auth_fn,
+                                  void *auth_data,
+                                  char **b64_key)
+{
+    return ssh_pki_export_privkey_base64_format(privkey,
+                                                passphrase,
+                                                auth_fn,
+                                                auth_data,
+                                                b64_key,
+                                                SSH_FILE_FORMAT_DEFAULT);
+}
+
+
+
 /**
  * @brief Import a private key from a file or a PKCS #11 device.
  *
@@ -935,8 +979,8 @@ int ssh_pki_import_privkey_file(const char *filename,
                                 void *auth_data,
                                 ssh_key *pkey) {
     struct stat sb;
-    char *key_buf;
-    FILE *file;
+    char *key_buf = NULL;
+    FILE *file = NULL;
     off_t size;
     int rc;
     char err_msg[SSH_ERRNO_MSG_MAX] = {0};
@@ -954,7 +998,7 @@ int ssh_pki_import_privkey_file(const char *filename,
 
     file = fopen(filename, "rb");
     if (file == NULL) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Error opening %s: %s",
                 filename,
                 ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -964,7 +1008,7 @@ int ssh_pki_import_privkey_file(const char *filename,
     rc = fstat(fileno(file), &sb);
     if (rc < 0) {
         fclose(file);
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Error getting stat of %s: %s",
                 filename,
                 ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -978,7 +1022,7 @@ int ssh_pki_import_privkey_file(const char *filename,
     }
 
     if (sb.st_size > MAX_PRIVKEY_SIZE) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Private key is bigger than 4M.");
         fclose(file);
         return SSH_ERROR;
@@ -987,7 +1031,7 @@ int ssh_pki_import_privkey_file(const char *filename,
     key_buf = malloc(sb.st_size + 1);
     if (key_buf == NULL) {
         fclose(file);
-        SSH_LOG(SSH_LOG_WARN, "Out of memory!");
+        SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
         return SSH_ERROR;
     }
 
@@ -996,7 +1040,7 @@ int ssh_pki_import_privkey_file(const char *filename,
 
     if (size != sb.st_size) {
         SAFE_FREE(key_buf);
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Error reading %s: %s",
                 filename,
                 ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
@@ -1015,8 +1059,7 @@ int ssh_pki_import_privkey_file(const char *filename,
 }
 
 /**
- * @brief Export a private key to a pem file on disk, or OpenSSH format for
- *        keytype ssh-ed25519
+ * @brief Export a private key to a file in format specified in the argument
  *
  * @param[in]  privkey  The private key to export.
  *
@@ -1029,16 +1072,21 @@ int ssh_pki_import_privkey_file(const char *filename,
  *
  * @param[in]  filename  The path where to store the pem file.
  *
+ * @param[in]  format    The file format (OpenSSH, PEM, or default)
+ *
  * @return     SSH_OK on success, SSH_ERROR on error.
  */
-int ssh_pki_export_privkey_file(const ssh_key privkey,
-                                const char *passphrase,
-                                ssh_auth_callback auth_fn,
-                                void *auth_data,
-                                const char *filename)
+
+int
+ssh_pki_export_privkey_file_format(const ssh_key privkey,
+                                   const char *passphrase,
+                                   ssh_auth_callback auth_fn,
+                                   void *auth_data,
+                                   const char *filename,
+                                   enum ssh_file_format_e format)
 {
-    ssh_string blob;
-    FILE *fp;
+    ssh_string blob = NULL;
+    FILE *fp = NULL;
     int rc;
 
     if (privkey == NULL || !ssh_key_is_private(privkey)) {
@@ -1053,16 +1101,32 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
         return SSH_EOF;
     }
 
-    if (privkey->type == SSH_KEYTYPE_ED25519){
-        blob = ssh_pki_openssh_privkey_export(privkey,
-                                              passphrase,
-                                              auth_fn,
-                                              auth_data);
-    } else {
+    /*
+     * For historic reasons, the Ed25519 keys are exported in OpenSSH file
+     * format by default also when built with OpenSSL.
+     */
+#ifdef HAVE_LIBCRYPTO
+    if (format == SSH_FILE_FORMAT_DEFAULT &&
+        privkey->type != SSH_KEYTYPE_ED25519) {
+        format = SSH_FILE_FORMAT_PEM;
+    }
+#endif /* HAVE_LIBCRYPTO */
+
+    switch (format) {
+    case SSH_FILE_FORMAT_PEM:
         blob = pki_private_key_to_pem(privkey,
                                       passphrase,
                                       auth_fn,
                                       auth_data);
+        break;
+    case SSH_FILE_FORMAT_DEFAULT:
+        /* default except (OpenSSL && !ED25519) handled above */
+    case SSH_FILE_FORMAT_OPENSSH:
+        blob = ssh_pki_openssh_privkey_export(privkey,
+                                              passphrase,
+                                              auth_fn,
+                                              auth_data);
+        break;
     }
     if (blob == NULL) {
         fclose(fp);
@@ -1081,11 +1145,43 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
     return SSH_OK;
 }
 
-/* temporary function to migrate seemlessly to ssh_key */
+/**
+ * @brief Export a private key to a pem file on disk, or OpenSSH format for
+ *        keytype ssh-ed25519
+ *
+ * @param[in]  privkey  The private key to export.
+ *
+ * @param[in]  passphrase The passphrase to use to encrypt the key with or
+ *             NULL. An empty string means no passphrase.
+ *
+ * @param[in]  auth_fn  An auth function you may want to use or NULL.
+ *
+ * @param[in]  auth_data Private data passed to the auth function.
+ *
+ * @param[in]  filename  The path where to store the pem file.
+ *
+ * @return     SSH_OK on success, SSH_ERROR on error.
+ */
+int
+ssh_pki_export_privkey_file(const ssh_key privkey,
+                            const char *passphrase,
+                            ssh_auth_callback auth_fn,
+                            void *auth_data,
+                            const char *filename)
+{
+    return ssh_pki_export_privkey_file_format(privkey,
+                                              passphrase,
+                                              auth_fn,
+                                              auth_data,
+                                              filename,
+                                              SSH_FILE_FORMAT_DEFAULT);
+}
+
+/* temporary function to migrate seamlessly to ssh_key */
 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
 {
-    ssh_public_key pub;
-    ssh_key tmp;
+    ssh_public_key pub = NULL;
+    ssh_key tmp = NULL;
 
     if (key == NULL) {
         return NULL;
@@ -1105,15 +1201,16 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
     pub->type = tmp->type;
     pub->type_c = tmp->type_c;
 
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    pub->dsa_pub = tmp->dsa;
-    tmp->dsa = NULL;
-    pub->rsa_pub = tmp->rsa;
-    tmp->rsa = NULL;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    pub->rsa_pub = tmp->pk;
+    tmp->pk = NULL;
+#elif defined(HAVE_LIBCRYPTO)
     pub->key_pub = tmp->key;
     tmp->key = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    pub->rsa_pub = tmp->rsa;
+    tmp->rsa = NULL;
+#endif /* HAVE_LIBCRYPTO */
 
     ssh_key_free(tmp);
 
@@ -1122,7 +1219,7 @@ ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
 
 ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
 {
-    ssh_private_key privkey;
+    ssh_private_key privkey = NULL;
 
     privkey = calloc(1, sizeof(struct ssh_private_key_struct));
     if (privkey == NULL) {
@@ -1131,12 +1228,13 @@ ssh_private_key ssh_pki_convert_key_to_privatekey(const ssh_key key)
     }
 
     privkey->type = key->type;
-#if !defined(HAVE_LIBCRYPTO) || OPENSSL_VERSION_NUMBER < 0x30000000L
-    privkey->dsa_priv = key->dsa;
-    privkey->rsa_priv = key->rsa;
-#else
+#if defined(HAVE_LIBMBEDCRYPTO)
+    privkey->rsa_priv = key->pk;
+#elif defined(HAVE_LIBCRYPTO)
     privkey->key_priv = key->key;
-#endif /* OPENSSL_VERSION_NUMBER */
+#else
+    privkey->rsa_priv = key->rsa;
+#endif /* HAVE_LIBCRYPTO */
 
     return privkey;
 }
@@ -1158,46 +1256,6 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
     key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
 
     switch (type) {
-        case SSH_KEYTYPE_DSS:
-            {
-                ssh_string p = NULL;
-                ssh_string q = NULL;
-                ssh_string g = NULL;
-                ssh_string pubkey = NULL;
-                ssh_string privkey = NULL;
-
-                rc = ssh_buffer_unpack(buffer, "SSSSS", &p, &q, &g,
-                                       &pubkey, &privkey);
-                if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
-                    goto fail;
-                }
-
-                rc = pki_privkey_build_dss(key, p, q, g, pubkey, privkey);
-#ifdef DEBUG_CRYPTO
-                ssh_log_hexdump("p", ssh_string_data(p), ssh_string_len(p));
-                ssh_log_hexdump("q", ssh_string_data(q), ssh_string_len(q));
-                ssh_log_hexdump("g", ssh_string_data(g), ssh_string_len(g));
-                ssh_log_hexdump("pubkey", ssh_string_data(pubkey),
-                               ssh_string_len(pubkey));
-                ssh_log_hexdump("privkey", ssh_string_data(privkey),
-                               ssh_string_len(privkey));
-#endif /* DEBUG_CRYPTO */
-                ssh_string_burn(p);
-                SSH_STRING_FREE(p);
-                ssh_string_burn(q);
-                SSH_STRING_FREE(q);
-                ssh_string_burn(g);
-                SSH_STRING_FREE(g);
-                ssh_string_burn(pubkey);
-                SSH_STRING_FREE(pubkey);
-                ssh_string_burn(privkey);
-                SSH_STRING_FREE(privkey);
-                if (rc == SSH_ERROR) {
-                    goto fail;
-                }
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             {
                 ssh_string n = NULL;
@@ -1210,7 +1268,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                 rc = ssh_buffer_unpack(buffer, "SSSSSS", &n, &e, &d,
                                        &iqmp, &p, &q);
                 if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
+                    SSH_LOG(SSH_LOG_TRACE, "Unpack error");
                     goto fail;
                 }
 
@@ -1219,8 +1277,9 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                 ssh_log_hexdump("n", ssh_string_data(n), ssh_string_len(n));
                 ssh_log_hexdump("e", ssh_string_data(e), ssh_string_len(e));
                 ssh_log_hexdump("d", ssh_string_data(d), ssh_string_len(d));
-                ssh_log_hexdump("iqmp", ssh_string_data(iqmp),
-                               ssh_string_len(iqmp));
+                ssh_log_hexdump("iqmp",
+                                ssh_string_data(iqmp),
+                                ssh_string_len(iqmp));
                 ssh_log_hexdump("p", ssh_string_data(p), ssh_string_len(p));
                 ssh_log_hexdump("q", ssh_string_data(q), ssh_string_len(q));
 #endif /* DEBUG_CRYPTO */
@@ -1237,7 +1296,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                 ssh_string_burn(q);
                 SSH_STRING_FREE(q);
                 if (rc == SSH_ERROR) {
-                    SSH_LOG(SSH_LOG_WARN, "Failed to build RSA private key");
+                    SSH_LOG(SSH_LOG_TRACE, "Failed to build RSA private key");
                     goto fail;
                 }
             }
@@ -1254,7 +1313,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
 
                 rc = ssh_buffer_unpack(buffer, "SSS", &i, &e, &exp);
                 if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
+                    SSH_LOG(SSH_LOG_TRACE, "Unpack error");
                     goto fail;
                 }
 
@@ -1274,7 +1333,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                 ssh_string_burn(exp);
                 SSH_STRING_FREE(exp);
                 if (rc < 0) {
-                    SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key");
+                    SSH_LOG(SSH_LOG_TRACE, "Failed to build ECDSA private key");
                     goto fail;
                 }
             }
@@ -1286,7 +1345,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
 
                 rc = ssh_buffer_unpack(buffer, "SS", &pubkey, &privkey);
                 if (rc != SSH_OK){
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
+                    SSH_LOG(SSH_LOG_TRACE, "Unpack error");
                     goto fail;
                 }
 
@@ -1295,12 +1354,11 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
                 SSH_STRING_FREE(privkey);
                 SSH_STRING_FREE(pubkey);
                 if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Failed to build ed25519 key");
+                    SSH_LOG(SSH_LOG_TRACE, "Failed to build ed25519 key");
                     goto fail;
                 }
             }
             break;
-        case SSH_KEYTYPE_DSS_CERT01:
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
         case SSH_KEYTYPE_ECDSA_P384_CERT01:
@@ -1313,7 +1371,7 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_UNKNOWN:
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown private key type (%d)", type);
+            SSH_LOG(SSH_LOG_TRACE, "Unknown private key type (%d)", type);
             goto fail;
     }
 
@@ -1342,39 +1400,6 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
     key->flags = SSH_KEY_FLAG_PUBLIC;
 
     switch (type) {
-        case SSH_KEYTYPE_DSS:
-            {
-                ssh_string p = NULL;
-                ssh_string q = NULL;
-                ssh_string g = NULL;
-                ssh_string pubkey = NULL;
-
-                rc = ssh_buffer_unpack(buffer, "SSSS", &p, &q, &g, &pubkey);
-                if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
-                    goto fail;
-                }
-
-                rc = pki_pubkey_build_dss(key, p, q, g, pubkey);
-#ifdef DEBUG_CRYPTO
-                ssh_log_hexdump("p", ssh_string_data(p), ssh_string_len(p));
-                ssh_log_hexdump("q", ssh_string_data(q), ssh_string_len(q));
-                ssh_log_hexdump("g", ssh_string_data(g), ssh_string_len(g));
-#endif /* DEBUG_CRYPTO */
-                ssh_string_burn(p);
-                SSH_STRING_FREE(p);
-                ssh_string_burn(q);
-                SSH_STRING_FREE(q);
-                ssh_string_burn(g);
-                SSH_STRING_FREE(g);
-                ssh_string_burn(pubkey);
-                SSH_STRING_FREE(pubkey);
-                if (rc == SSH_ERROR) {
-                    SSH_LOG(SSH_LOG_WARN, "Failed to build DSA public key");
-                    goto fail;
-                }
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             {
                 ssh_string e = NULL;
@@ -1382,7 +1407,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
 
                 rc = ssh_buffer_unpack(buffer, "SS", &e, &n);
                 if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
+                    SSH_LOG(SSH_LOG_TRACE, "Unpack error");
                     goto fail;
                 }
 
@@ -1396,7 +1421,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
                 ssh_string_burn(n);
                 SSH_STRING_FREE(n);
                 if (rc == SSH_ERROR) {
-                    SSH_LOG(SSH_LOG_WARN, "Failed to build RSA public key");
+                    SSH_LOG(SSH_LOG_TRACE, "Failed to build RSA public key");
                     goto fail;
                 }
             }
@@ -1414,7 +1439,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
 
                 rc = ssh_buffer_unpack(buffer, "SS", &i, &e);
                 if (rc != SSH_OK) {
-                    SSH_LOG(SSH_LOG_WARN, "Unpack error");
+                    SSH_LOG(SSH_LOG_TRACE, "Unpack error");
                     goto fail;
                 }
 
@@ -1430,7 +1455,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
                 ssh_string_burn(e);
                 SSH_STRING_FREE(e);
                 if (rc < 0) {
-                    SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA public key");
+                    SSH_LOG(SSH_LOG_TRACE, "Failed to build ECDSA public key");
                     goto fail;
                 }
 
@@ -1443,7 +1468,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
                 if (type == SSH_KEYTYPE_SK_ECDSA) {
                     ssh_string application = ssh_buffer_get_ssh_string(buffer);
                     if (application == NULL) {
-                        SSH_LOG(SSH_LOG_WARN, "SK Unpack error");
+                        SSH_LOG(SSH_LOG_TRACE, "SK Unpack error");
                         goto fail;
                     }
                     key->sk_application = application;
@@ -1458,7 +1483,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
             ssh_string pubkey = ssh_buffer_get_ssh_string(buffer);
 
             if (ssh_string_len(pubkey) != ED25519_KEY_LEN) {
-                SSH_LOG(SSH_LOG_WARN, "Invalid public key length");
+                SSH_LOG(SSH_LOG_TRACE, "Invalid public key length");
                 ssh_string_burn(pubkey);
                 SSH_STRING_FREE(pubkey);
                 goto fail;
@@ -1478,14 +1503,13 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
             if (type == SSH_KEYTYPE_SK_ED25519) {
                 ssh_string application = ssh_buffer_get_ssh_string(buffer);
                 if (application == NULL) {
-                    SSH_LOG(SSH_LOG_WARN, "SK Unpack error");
+                    SSH_LOG(SSH_LOG_TRACE, "SK Unpack error");
                     goto fail;
                 }
                 key->sk_application = application;
             }
         }
         break;
-        case SSH_KEYTYPE_DSS_CERT01:
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
         case SSH_KEYTYPE_ECDSA_P384_CERT01:
@@ -1496,7 +1520,7 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_UNKNOWN:
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown public key protocol %d", type);
+            SSH_LOG(SSH_LOG_TRACE, "Unknown public key protocol %d", type);
             goto fail;
     }
 
@@ -1512,9 +1536,9 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
                                   enum ssh_keytypes_e type,
                                   ssh_key *pkey)
 {
-    ssh_buffer cert;
-    ssh_string tmp_s;
-    const char *type_c;
+    ssh_buffer cert = NULL;
+    ssh_string tmp_s = NULL;
+    const char *type_c = NULL;
     ssh_key key = NULL;
     int rc;
 
@@ -1553,9 +1577,6 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
     SSH_STRING_FREE(tmp_s);
 
     switch (type) {
-        case SSH_KEYTYPE_DSS_CERT01:
-            rc = pki_import_pubkey_buffer(buffer, SSH_KEYTYPE_DSS, &key);
-            break;
         case SSH_KEYTYPE_RSA_CERT01:
             rc = pki_import_pubkey_buffer(buffer, SSH_KEYTYPE_RSA, &key);
             break;
@@ -1586,7 +1607,7 @@ static int pki_import_cert_buffer(ssh_buffer buffer,
 
     key->type = type;
     key->type_c = type_c;
-    key->cert = (void*) cert;
+    key->cert = cert;
 
     *pkey = key;
     return SSH_OK;
@@ -1674,26 +1695,26 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
 
     buffer = ssh_buffer_new();
     if (buffer == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Out of memory!");
+        SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
         return SSH_ERROR;
     }
 
     rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob),
             ssh_string_len(key_blob));
     if (rc < 0) {
-        SSH_LOG(SSH_LOG_WARN, "Out of memory!");
+        SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
         goto fail;
     }
 
     type_s = ssh_buffer_get_ssh_string(buffer);
     if (type_s == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Out of memory!");
+        SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
         goto fail;
     }
 
     type = ssh_key_type_from_name(ssh_string_get_char(type_s));
     if (type == SSH_KEYTYPE_UNKNOWN) {
-        SSH_LOG(SSH_LOG_WARN, "Unknown key type found!");
+        SSH_LOG(SSH_LOG_TRACE, "Unknown key type found!");
         goto fail;
     }
     SSH_STRING_FREE(type_s);
@@ -1714,6 +1735,7 @@ int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
     return SSH_ERROR;
 }
 
+#ifdef WITH_PKCS11_URI
 /**
  *@brief Detect if the pathname in cmp is a PKCS #11 URI.
  *
@@ -1757,6 +1779,7 @@ char *ssh_pki_export_pub_uri_from_priv_uri(const char *priv_uri)
 
     return pub_uri_temp;
 }
+#endif /* WITH_PKCS11_URI */
 
 /**
  * @brief Import a public key from a file or a PKCS #11 device.
@@ -1776,13 +1799,14 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
 {
     enum ssh_keytypes_e type;
     struct stat sb;
-    char *key_buf, *p;
+    char *key_buf = NULL, *p = NULL;
     size_t buflen, i;
-    const char *q;
-    FILE *file;
+    const char *q = NULL;
+    FILE *file = NULL;
     off_t size;
     int rc, cmp;
     char err_msg[SSH_ERRNO_MSG_MAX] = {0};
+    ssh_key priv_key = NULL;
 
     if (pkey == NULL || filename == NULL || *filename == '\0') {
         return SSH_ERROR;
@@ -1797,7 +1821,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
 
     file = fopen(filename, "rb");
     if (file == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Error opening %s: %s",
+        SSH_LOG(SSH_LOG_TRACE, "Error opening %s: %s",
                     filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
         return SSH_EOF;
     }
@@ -1805,7 +1829,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
     rc = fstat(fileno(file), &sb);
     if (rc < 0) {
         fclose(file);
-        SSH_LOG(SSH_LOG_WARN, "Error gettint stat of %s: %s",
+        SSH_LOG(SSH_LOG_TRACE, "Error gettint stat of %s: %s",
                     filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
         switch (errno) {
             case ENOENT:
@@ -1823,7 +1847,7 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
     key_buf = malloc(sb.st_size + 1);
     if (key_buf == NULL) {
         fclose(file);
-        SSH_LOG(SSH_LOG_WARN, "Out of memory!");
+        SSH_LOG(SSH_LOG_TRACE, "Out of memory!");
         return SSH_ERROR;
     }
 
@@ -1832,8 +1856,8 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
 
     if (size != sb.st_size) {
         SAFE_FREE(key_buf);
-        SSH_LOG(SSH_LOG_WARN, "Error reading %s: %s",
-                    filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
+        SSH_LOG(SSH_LOG_TRACE, "Error reading %s: %s",
+                filename, ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
         return SSH_ERROR;
     }
     key_buf[size] = '\0';
@@ -1845,7 +1869,24 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
         *pkey = ssh_pki_openssh_pubkey_import(key_buf);
         SAFE_FREE(key_buf);
         if (*pkey == NULL) {
-            SSH_LOG(SSH_LOG_WARN, "Failed to import public key from OpenSSH"
+            SSH_LOG(SSH_LOG_TRACE, "Failed to import public key from OpenSSH"
+                                  " private key file");
+            return SSH_ERROR;
+        }
+        return SSH_OK;
+    }
+
+    /*
+     * Try to parse key as PEM. Set empty passphrase, so user won't be prompted
+     * for passphrase. Don't try to decrypt encrypted private key.
+     */
+    priv_key = pki_private_key_from_base64(key_buf, "", NULL, NULL);
+    if (priv_key) {
+        rc = ssh_pki_export_privkey_to_pubkey(priv_key, pkey);
+        ssh_key_free(priv_key);
+        SAFE_FREE(key_buf);
+        if (rc != SSH_OK) {
+            SSH_LOG(SSH_LOG_WARN, "Failed to import public key from PEM"
                                   " private key file");
             return SSH_ERROR;
         }
@@ -1867,6 +1908,10 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
         return SSH_ERROR;
     }
 
+    if (i >= buflen) {
+        SAFE_FREE(key_buf);
+        return SSH_ERROR;
+    }
     q = &p[i + 1];
     for (; i < buflen; i++) {
         if (isspace((int)p[i])) {
@@ -1938,17 +1983,27 @@ int ssh_pki_import_cert_blob(const ssh_string cert_blob,
  */
 int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
 {
-    return ssh_pki_import_pubkey_file(filename, pkey);
+    int rc;
+
+    rc = ssh_pki_import_pubkey_file(filename, pkey);
+    if (rc == SSH_OK) {
+        /* check the key is a cert type. */
+        if (!is_cert_type((*pkey)->type)) {
+            SSH_KEY_FREE(*pkey);
+            return SSH_ERROR;
+        }
+    }
+
+    return rc;
 }
 
 /**
- * @brief Generates a keypair.
+ * @brief Generates a key pair.
  *
  * @param[in] type      Type of key to create
  *
  * @param[in] parameter Parameter to the creation of key:
  *                      rsa : length of the key in bits (e.g. 1024, 2048, 4096)
- *                      dsa : length of the key in bits (e.g. 1024, 2048, 3072)
  * @param[out] pkey     A pointer to store the allocated private key. You need
  *                      to free the memory using ssh_key_free().
  *
@@ -1978,11 +2033,6 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
             if(rc == SSH_ERROR)
                 goto error;
             break;
-        case SSH_KEYTYPE_DSS:
-            rc = pki_key_generate_dss(key, parameter);
-            if(rc == SSH_ERROR)
-                goto error;
-            break;
 #ifdef HAVE_ECC
         case SSH_KEYTYPE_ECDSA: /* deprecated */
             rc = pki_key_generate_ecdsa(key, parameter);
@@ -2018,7 +2068,6 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
                 goto error;
             }
             break;
-        case SSH_KEYTYPE_DSS_CERT01:
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
         case SSH_KEYTYPE_ECDSA_P384_CERT01:
@@ -2056,7 +2105,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
 int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
                                      ssh_key *pkey)
 {
-    ssh_key pubkey;
+    ssh_key pubkey = NULL;
 
     if (privkey == NULL || !ssh_key_is_private(privkey)) {
         return SSH_ERROR;
@@ -2094,13 +2143,48 @@ int ssh_pki_export_privkey_to_pubkey(const ssh_key privkey,
 int ssh_pki_export_pubkey_blob(const ssh_key key,
                                ssh_string *pblob)
 {
-    ssh_string blob;
+    ssh_string blob = NULL;
+
+    if (key == NULL) {
+        return SSH_OK;
+    }
+
+    blob = pki_key_to_blob(key, SSH_KEY_PUBLIC);
+    if (blob == NULL) {
+        return SSH_ERROR;
+    }
+
+    *pblob = blob;
+    return SSH_OK;
+}
+
+/**
+ * @internal
+ *
+ * @brief Create a key_blob from a private key.
+ *
+ * The "key_blob" is encoded as per draft-miller-ssh-agent-08 section 4.2
+ * "Adding keys to the agent" for any of the supported key types.
+ *
+ * @param[in]  key      A private key to create the private ssh_string from.
+ *
+ * @param[out] pblob    A pointer to store the newly allocated key blob. You
+ *                      need to free it using ssh_string_free().
+ *
+ * @return              SSH_OK on success, SSH_ERROR otherwise.
+ *
+ * @see ssh_string_free()
+ */
+int ssh_pki_export_privkey_blob(const ssh_key key,
+                                ssh_string *pblob)
+{
+    ssh_string blob = NULL;
 
     if (key == NULL) {
         return SSH_OK;
     }
 
-    blob = pki_publickey_to_blob(key);
+    blob = pki_key_to_blob(key, SSH_KEY_PRIVATE);
     if (blob == NULL) {
         return SSH_ERROR;
     }
@@ -2124,14 +2208,14 @@ int ssh_pki_export_pubkey_blob(const ssh_key key,
 int ssh_pki_export_pubkey_base64(const ssh_key key,
                                  char **b64_key)
 {
-    ssh_string key_blob;
-    unsigned char *b64;
+    ssh_string key_blob = NULL;
+    unsigned char *b64 = NULL;
 
     if (key == NULL || b64_key == NULL) {
         return SSH_ERROR;
     }
 
-    key_blob = pki_publickey_to_blob(key);
+    key_blob = pki_key_to_blob(key, SSH_KEY_PUBLIC);
     if (key_blob == NULL) {
         return SSH_ERROR;
     }
@@ -2147,14 +2231,26 @@ int ssh_pki_export_pubkey_base64(const ssh_key key,
     return SSH_OK;
 }
 
+/**
+ * @brief Export public key to file
+ *
+ * Exports the public key in AuthorizedKeysFile acceptable format.
+ * For more information see `man sshd`
+ *
+ * @param key A key to export
+ *
+ * @param filename The name of the output file
+ *
+ * @returns SSH_OK on success, SSH_ERROR otherwise.
+ */
 int ssh_pki_export_pubkey_file(const ssh_key key,
                                const char *filename)
 {
     char key_buf[MAX_LINE_SIZE];
     char host[256];
-    char *b64_key;
-    char *user;
-    FILE *fp;
+    char *b64_key = NULL;
+    char *user = NULL;
+    FILE *fp = NULL;
     int rc;
 
     if (key == NULL || filename == NULL || *filename == '\0') {
@@ -2215,8 +2311,8 @@ int ssh_pki_export_pubkey_file(const ssh_key key,
  * @returns SSH_OK on success, SSH_ERROR otherwise.
  **/
 int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
-  ssh_buffer cert_buffer;
-  int rc;
+  ssh_buffer cert_buffer = NULL;
+  int rc, cmp;
 
   if (certkey == NULL || privkey == NULL) {
       return SSH_ERROR;
@@ -2230,6 +2326,12 @@ int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
       return SSH_ERROR;
   }
 
+  /* make sure the public keys match */
+  cmp = ssh_key_cmp(certkey, privkey, SSH_KEY_CMP_PUBLIC);
+  if (cmp != 0) {
+    return SSH_ERROR;
+  }
+
   cert_buffer = ssh_buffer_new();
   if (cert_buffer == NULL) {
       return SSH_ERROR;
@@ -2250,7 +2352,7 @@ int ssh_pki_export_signature_blob(const ssh_signature sig,
                                   ssh_string *sig_blob)
 {
     ssh_buffer buf = NULL;
-    ssh_string str;
+    ssh_string str = NULL;
     int rc;
 
     if (sig == NULL || sig_blob == NULL) {
@@ -2314,7 +2416,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
     enum ssh_keytypes_e type;
     enum ssh_digest_e hash_type;
     ssh_string algorithm = NULL, blob = NULL;
-    ssh_buffer buf;
+    ssh_buffer buf = NULL;
     const char *alg = NULL;
     uint8_t flags = 0;
     uint32_t counter = 0;
@@ -2400,22 +2502,11 @@ int pki_key_check_hash_compatible(ssh_key key,
     }
 
     switch(key->type) {
-    case SSH_KEYTYPE_DSS_CERT01:
-    case SSH_KEYTYPE_DSS:
-        if (hash_type == SSH_DIGEST_SHA1) {
-            if (ssh_fips_mode()) {
-                SSH_LOG(SSH_LOG_WARN, "SHA1 is not allowed in FIPS mode");
-                return SSH_ERROR;
-            } else {
-                return SSH_OK;
-            }
-        }
-        break;
     case SSH_KEYTYPE_RSA_CERT01:
     case SSH_KEYTYPE_RSA:
         if (hash_type == SSH_DIGEST_SHA1) {
             if (ssh_fips_mode()) {
-                SSH_LOG(SSH_LOG_WARN, "SHA1 is not allowed in FIPS mode");
+                SSH_LOG(SSH_LOG_TRACE, "SHA1 is not allowed in FIPS mode");
                 return SSH_ERROR;
             } else {
                 return SSH_OK;
@@ -2456,14 +2547,16 @@ int pki_key_check_hash_compatible(ssh_key key,
             return SSH_OK;
         }
         break;
+    case SSH_KEYTYPE_DSS:   /* deprecated */
+    case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
     case SSH_KEYTYPE_RSA1:
     case SSH_KEYTYPE_ECDSA:
     case SSH_KEYTYPE_UNKNOWN:
-        SSH_LOG(SSH_LOG_WARN, "Unknown key type %d", key->type);
+        SSH_LOG(SSH_LOG_TRACE, "Unknown key type %d", key->type);
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_WARN, "Key type %d incompatible with hash type  %d",
+    SSH_LOG(SSH_LOG_TRACE, "Key type %d incompatible with hash type  %d",
             key->type, hash_type);
 
     return SSH_ERROR;
@@ -2491,7 +2584,7 @@ int ssh_pki_signature_verify(ssh_session session,
             sig->type_c);
 
     if (key_type != sig->type) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Can not verify %s signature with %s key",
                 sig->type_c, key->type_c);
         return SSH_ERROR;
@@ -2500,7 +2593,7 @@ int ssh_pki_signature_verify(ssh_session session,
     allowed = ssh_key_size_allowed(session, key);
     if (!allowed) {
         ssh_set_error(session, SSH_FATAL, "The '%s' key of size %d is not "
-                      "allowd by RSA_MIN_SIZE", key->type_c, ssh_key_size(key));
+                      "allowed by RSA_MIN_SIZE", key->type_c, ssh_key_size(key));
         return SSH_ERROR;
     }
 
@@ -2522,7 +2615,7 @@ int ssh_pki_signature_verify(ssh_session session,
 
         ctx = sha256_init();
         if (ctx == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Can not create SHA256CTX for application hash");
            return SSH_ERROR;
         }
@@ -2532,7 +2625,7 @@ int ssh_pki_signature_verify(ssh_session session,
 
         ctx = sha256_init();
         if (ctx == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Can not create SHA256CTX for input hash");
            return SSH_ERROR;
         }
@@ -2544,10 +2637,14 @@ int ssh_pki_signature_verify(ssh_session session,
             return SSH_ERROR;
         }
 
-        rc = ssh_buffer_pack(sk_buffer, "PbdP",
-                             SHA256_DIGEST_LEN, application_hash,
-                             sig->sk_flags, sig->sk_counter,
-                             SHA256_DIGEST_LEN, input_hash);
+        rc = ssh_buffer_pack(sk_buffer,
+                             "PbdP",
+                             (size_t)SHA256_DIGEST_LEN,
+                             application_hash,
+                             sig->sk_flags,
+                             sig->sk_counter,
+                             (size_t)SHA256_DIGEST_LEN,
+                             input_hash);
         if (rc != SSH_OK) {
             SSH_BUFFER_FREE(sk_buffer);
             explicit_bzero(input_hash, SHA256_DIGEST_LEN);
@@ -2641,7 +2738,8 @@ ssh_string ssh_pki_do_sign(ssh_session session,
     rc = ssh_buffer_pack(sign_input,
                          "SP",
                          session_id,
-                         ssh_buffer_get_len(sigbuf), ssh_buffer_get(sigbuf));
+                         (size_t)ssh_buffer_get_len(sigbuf),
+                         ssh_buffer_get(sigbuf));
     if (rc != SSH_OK) {
         goto end;
     }
@@ -2674,9 +2772,9 @@ ssh_string ssh_pki_do_sign_agent(ssh_session session,
                                  const ssh_key pubkey)
 {
     struct ssh_crypto_struct *crypto = NULL;
-    ssh_string session_id;
-    ssh_string sig_blob;
-    ssh_buffer sig_buf;
+    ssh_string session_id = NULL;
+    ssh_string sig_blob = NULL;
+    ssh_buffer sig_buf = NULL;
     int rc;
 
     crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_BOTH);
diff --git a/libssh/src/pki_container_openssh.c b/libssh/src/pki_container_openssh.c
index cc97da7f..fd3fff2a 100644
--- a/libssh/src/pki_container_openssh.c
+++ b/libssh/src/pki_container_openssh.c
@@ -69,20 +69,20 @@ static int pki_openssh_import_privkey_blob(ssh_buffer key_blob_buffer,
 
     rc = ssh_buffer_unpack(key_blob_buffer, "s", &type_s);
     if (rc == SSH_ERROR){
-        SSH_LOG(SSH_LOG_WARN, "Unpack error");
+        SSH_LOG(SSH_LOG_TRACE, "Unpack error");
         return SSH_ERROR;
     }
 
     type = ssh_key_type_from_name(type_s);
     if (type == SSH_KEYTYPE_UNKNOWN) {
-        SSH_LOG(SSH_LOG_WARN, "Unknown key type '%s' found!", type_s);
+        SSH_LOG(SSH_LOG_TRACE, "Unknown key type '%s' found!", type_s);
         return SSH_ERROR;
     }
     SAFE_FREE(type_s);
 
     rc = pki_import_privkey_buffer(type, key_blob_buffer, &key);
     if (rc != SSH_OK) {
-        SSH_LOG(SSH_LOG_WARN, "Failed to read key in OpenSSH format");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to read key in OpenSSH format");
         goto fail;
     }
 
@@ -133,17 +133,17 @@ static int pki_private_key_decrypt(ssh_string blob,
     }
 
     if (ciphers[i].name == NULL){
-        SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername);
+        SSH_LOG(SSH_LOG_TRACE, "Unsupported cipher %s", ciphername);
         return SSH_ERROR;
     }
 
     cmp = strcmp(kdfname, "bcrypt");
     if (cmp != 0) {
-        SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
+        SSH_LOG(SSH_LOG_TRACE, "Unsupported KDF %s", kdfname);
         return SSH_ERROR;
     }
     if (ssh_string_len(blob) % cipher.blocksize != 0) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Encrypted string not multiple of blocksize: %zu",
                 ssh_string_len(blob));
         return SSH_ERROR;
@@ -167,12 +167,12 @@ static int pki_private_key_decrypt(ssh_string blob,
     /* We need material for key (keysize bits / 8) and IV (blocksize)  */
     key_material_len =  cipher.keysize/8 + cipher.blocksize;
     if (key_material_len > sizeof(key_material)) {
-        SSH_LOG(SSH_LOG_WARN, "Key material too big");
+        SSH_LOG(SSH_LOG_TRACE, "Key material too big");
         return SSH_ERROR;
     }
 
     SSH_LOG(SSH_LOG_DEBUG,
-            "Decryption: %d key, %d IV, %d rounds, %zu bytes salt",
+            "Decryption: %d key, %d IV, %" PRIu32 " rounds, %zu bytes salt",
             cipher.keysize/8,
             cipher.blocksize,
             rounds,
@@ -181,7 +181,7 @@ static int pki_private_key_decrypt(ssh_string blob,
     if (passphrase == NULL) {
         if (auth_fn == NULL) {
             SAFE_FREE(salt);
-            SSH_LOG(SSH_LOG_WARN, "No passphrase provided");
+            SSH_LOG(SSH_LOG_TRACE, "No passphrase provided");
             return SSH_ERROR;
         }
         rc = auth_fn("Passphrase",
@@ -234,12 +234,12 @@ ssh_pki_openssh_import(const char *text_key,
                        bool private)
 {
     const char *ptr = text_key;
-    const char *end;
-    char *base64;
+    const char *end = NULL;
+    char *base64 = NULL;
     int cmp;
     int rc;
     int i;
-    ssh_buffer buffer = NULL, privkey_buffer=NULL;
+    ssh_buffer buffer = NULL, privkey_buffer = NULL;
     char *magic = NULL, *ciphername = NULL, *kdfname = NULL;
     uint32_t nkeys = 0, checkint1 = 0, checkint2 = 0xFFFF;
     ssh_string kdfoptions = NULL;
@@ -251,7 +251,7 @@ ssh_pki_openssh_import(const char *text_key,
 
     cmp = strncmp(ptr, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN));
     if (cmp != 0) {
-        SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (no header)");
+        SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (no header)");
         goto out;
     }
     ptr += strlen(OPENSSH_HEADER_BEGIN);
@@ -260,7 +260,7 @@ ssh_pki_openssh_import(const char *text_key,
     }
     end = strstr(ptr, OPENSSH_HEADER_END);
     if (end == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (no footer)");
+        SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (no footer)");
         goto out;
     }
     base64 = malloc(end - ptr + 1);
@@ -277,7 +277,7 @@ ssh_pki_openssh_import(const char *text_key,
     buffer = base64_to_bin(base64);
     SAFE_FREE(base64);
     if (buffer == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (base64 error)");
+        SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (base64 error)");
         goto out;
     }
     rc = ssh_buffer_unpack(buffer, "PssSdSS",
@@ -290,21 +290,21 @@ ssh_pki_openssh_import(const char *text_key,
                            &pubkey0,
                            &privkeys);
     if (rc == SSH_ERROR) {
-        SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (unpack error)");
+        SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (unpack error)");
         goto out;
     }
     cmp = strncmp(magic, OPENSSH_AUTH_MAGIC, strlen(OPENSSH_AUTH_MAGIC));
     if (cmp != 0) {
-        SSH_LOG(SSH_LOG_WARN, "Not an OpenSSH private key (bad magic)");
+        SSH_LOG(SSH_LOG_TRACE, "Not an OpenSSH private key (bad magic)");
         goto out;
     }
-    SSH_LOG(SSH_LOG_INFO,
-            "Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %d",
+    SSH_LOG(SSH_LOG_DEBUG,
+            "Opening OpenSSH private key: ciphername: %s, kdf: %s, nkeys: %" PRIu32,
             ciphername,
             kdfname,
             nkeys);
     if (nkeys != 1) {
-        SSH_LOG(SSH_LOG_WARN, "Opening OpenSSH private key: only 1 key supported (%d available)", nkeys);
+        SSH_LOG(SSH_LOG_TRACE, "Opening OpenSSH private key: only 1 key supported (%" PRIu32 " available)", nkeys);
         goto out;
     }
 
@@ -314,7 +314,7 @@ ssh_pki_openssh_import(const char *text_key,
     if (!private) {
         rc = ssh_pki_import_pubkey_blob(pubkey0, &key);
         if (rc != SSH_OK) {
-            SSH_LOG(SSH_LOG_WARN, "Failed to import public key blob");
+            SSH_LOG(SSH_LOG_TRACE, "Failed to import public key blob");
         }
         /* in either case we clean up here */
         goto out;
@@ -343,7 +343,7 @@ ssh_pki_openssh_import(const char *text_key,
 
     rc = ssh_buffer_unpack(privkey_buffer, "dd", &checkint1, &checkint2);
     if (rc == SSH_ERROR || checkint1 != checkint2) {
-        SSH_LOG(SSH_LOG_WARN, "OpenSSH private key unpack error (correct password?)");
+        SSH_LOG(SSH_LOG_TRACE, "OpenSSH private key unpack error (correct password?)");
         goto out;
     }
     rc = pki_openssh_import_privkey_blob(privkey_buffer, &key);
@@ -358,7 +358,7 @@ ssh_pki_openssh_import(const char *text_key,
         if (padding != i) {
             ssh_key_free(key);
             key = NULL;
-            SSH_LOG(SSH_LOG_WARN, "Invalid padding");
+            SSH_LOG(SSH_LOG_TRACE, "Invalid padding");
             goto out;
         }
     }
@@ -394,37 +394,6 @@ ssh_key ssh_pki_openssh_pubkey_import(const char *text_key)
 }
 
 
-/** @internal
- * @brief exports a private key to a string blob.
- * @param[in] privkey private key to convert
- * @param[out] buffer buffer to write the blob in.
- * @returns SSH_OK on success
- * @warning only supports ed25519 key type at the moment.
- */
-static int pki_openssh_export_privkey_blob(const ssh_key privkey,
-                                           ssh_buffer buffer)
-{
-    int rc;
-
-    if (privkey->type != SSH_KEYTYPE_ED25519) {
-        SSH_LOG(SSH_LOG_WARN, "Type %s not supported", privkey->type_c);
-        return SSH_ERROR;
-    }
-    if (privkey->ed25519_privkey == NULL ||
-        privkey->ed25519_pubkey == NULL) {
-        return SSH_ERROR;
-    }
-    rc = ssh_buffer_pack(buffer,
-                         "sdPdPP",
-                         privkey->type_c,
-                         (uint32_t)ED25519_KEY_LEN,
-                         (size_t)ED25519_KEY_LEN, privkey->ed25519_pubkey,
-                         (uint32_t)(2 * ED25519_KEY_LEN),
-                         (size_t)ED25519_KEY_LEN, privkey->ed25519_privkey,
-                         (size_t)ED25519_KEY_LEN, privkey->ed25519_pubkey);
-    return rc;
-}
-
 /** @internal
  * @brief encrypts an ed25519 private key blob
  *
@@ -462,29 +431,29 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer,
     }
 
     if (ciphers[i].name == NULL){
-        SSH_LOG(SSH_LOG_WARN, "Unsupported cipher %s", ciphername);
+        SSH_LOG(SSH_LOG_TRACE, "Unsupported cipher %s", ciphername);
         return SSH_ERROR;
     }
 
     cmp = strcmp(kdfname, "bcrypt");
     if (cmp != 0){
-        SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname);
+        SSH_LOG(SSH_LOG_TRACE, "Unsupported KDF %s", kdfname);
         return SSH_ERROR;
     }
     /* We need material for key (keysize bits / 8) and IV (blocksize)  */
     key_material_len =  cipher.keysize/8 + cipher.blocksize;
     if (key_material_len > sizeof(key_material)){
-        SSH_LOG(SSH_LOG_WARN, "Key material too big");
+        SSH_LOG(SSH_LOG_TRACE, "Key material too big");
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_WARN, "Encryption: %d key, %d IV, %d rounds, %zu bytes salt",
+    SSH_LOG(SSH_LOG_DEBUG, "Encryption: %d key, %d IV, %" PRIu32 " rounds, %zu bytes salt",
                 cipher.keysize/8,
                 cipher.blocksize, rounds, ssh_string_len(salt));
 
     if (passphrase == NULL){
         if (auth_fn == NULL){
-            SSH_LOG(SSH_LOG_WARN, "No passphrase provided");
+            SSH_LOG(SSH_LOG_TRACE, "No passphrase provided");
             return SSH_ERROR;
         }
         rc = auth_fn("Passphrase",
@@ -536,16 +505,16 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
                                           ssh_auth_callback auth_fn,
                                           void *auth_data)
 {
-    ssh_buffer buffer;
-    ssh_string str = NULL;
-    ssh_string pubkey_s=NULL;
+    ssh_buffer buffer = NULL;
+    ssh_string str = NULL, blob = NULL;
+    ssh_string pubkey_s = NULL;
     ssh_buffer privkey_buffer = NULL;
     uint32_t rnd;
     uint32_t rounds = 16;
-    ssh_string salt=NULL;
-    ssh_string kdf_options=NULL;
+    ssh_string salt = NULL;
+    ssh_string kdf_options = NULL;
     int to_encrypt=0;
-    unsigned char *b64;
+    unsigned char *b64 = NULL;
     uint32_t str_len, len;
     uint8_t padding = 1;
     int ok;
@@ -554,17 +523,13 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
     if (privkey == NULL) {
         return NULL;
     }
-    if (privkey->type != SSH_KEYTYPE_ED25519){
-        SSH_LOG(SSH_LOG_WARN, "Unsupported key type %s", privkey->type_c);
-        return NULL;
-    }
     if (passphrase != NULL || auth_fn != NULL){
-        SSH_LOG(SSH_LOG_INFO, "Enabling encryption for private key export");
+        SSH_LOG(SSH_LOG_DEBUG, "Enabling encryption for private key export");
         to_encrypt = 1;
     }
     buffer = ssh_buffer_new();
-    pubkey_s = pki_publickey_to_blob(privkey);
-    if(buffer == NULL || pubkey_s == NULL){
+    rc = ssh_pki_export_pubkey_blob(privkey, &pubkey_s);
+    if (buffer == NULL || rc != SSH_OK) {
         goto error;
     }
 
@@ -578,22 +543,18 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
         goto error;
     }
 
-    /* checkint1 & 2 */
-    rc = ssh_buffer_pack(privkey_buffer,
-                         "dd",
-                         rnd,
-                         rnd);
-    if (rc == SSH_ERROR){
-        goto error;
-    }
-
-    rc = pki_openssh_export_privkey_blob(privkey, privkey_buffer);
-    if (rc == SSH_ERROR){
+    rc = ssh_pki_export_privkey_blob(privkey, &blob);
+    if (rc != SSH_OK) {
         goto error;
     }
 
-    /* comment */
-    rc = ssh_buffer_pack(privkey_buffer, "s", "" /* comment */);
+    rc = ssh_buffer_pack(privkey_buffer,
+                         "ddPs",
+                         rnd, /* checkint 1 & 2 */
+                         rnd,
+                         ssh_string_len(blob),
+                         ssh_string_data(blob),
+                         "" /* comment */);
     if (rc == SSH_ERROR){
         goto error;
     }
@@ -630,7 +591,11 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
             goto error;
         }
 
-        ssh_buffer_pack(kdf_buf, "Sd", salt, rounds);
+        rc = ssh_buffer_pack(kdf_buf, "Sd", salt, rounds);
+        if (rc != SSH_OK) {
+            SSH_BUFFER_FREE(kdf_buf);
+            goto error;
+        }
         kdf_options = ssh_string_new(ssh_buffer_get_len(kdf_buf));
         if (kdf_options == NULL){
             SSH_BUFFER_FREE(kdf_buf);
@@ -657,15 +622,17 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
 
     rc = ssh_buffer_pack(buffer,
                          "PssSdSdP",
-                         (size_t)strlen(OPENSSH_AUTH_MAGIC) + 1, OPENSSH_AUTH_MAGIC,
+                         strlen(OPENSSH_AUTH_MAGIC) + 1,
+                         OPENSSH_AUTH_MAGIC,
                          to_encrypt ? "aes128-cbc" : "none", /* ciphername */
-                         to_encrypt ? "bcrypt" : "none", /* kdfname */
-                         kdf_options, /* kdfoptions */
-                         (uint32_t) 1, /* nkeys */
+                         to_encrypt ? "bcrypt" : "none",     /* kdfname */
+                         kdf_options,                        /* kdfoptions */
+                         (uint32_t)1,                        /* nkeys */
                          pubkey_s,
-                         (uint32_t)ssh_buffer_get_len(privkey_buffer),
+                         ssh_buffer_get_len(privkey_buffer),
                          /* rest of buffer is a string */
-                         (size_t)ssh_buffer_get_len(privkey_buffer), ssh_buffer_get(privkey_buffer));
+                         (size_t)ssh_buffer_get_len(privkey_buffer),
+                         ssh_buffer_get(privkey_buffer));
     if (rc != SSH_OK) {
         goto error;
     }
@@ -706,6 +673,8 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey,
     }
 
 error:
+    ssh_string_burn(blob);
+    ssh_string_free(blob);
     if (privkey_buffer != NULL) {
         void *bufptr = ssh_buffer_get(privkey_buffer);
         explicit_bzero(bufptr, ssh_buffer_get_len(privkey_buffer));
diff --git a/libssh/src/pki_crypto.c b/libssh/src/pki_crypto.c
index 33544d6a..cbbd1347 100644
--- a/libssh/src/pki_crypto.c
+++ b/libssh/src/pki_crypto.c
@@ -33,7 +33,9 @@
 
 #include <openssl/pem.h>
 #include <openssl/evp.h>
+#if defined(WITH_PKCS11_URI) && !defined(WITH_PKCS11_PROVIDER)
 #include <openssl/engine.h>
+#endif
 #include <openssl/err.h>
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 #include <openssl/dsa.h>
@@ -42,6 +44,9 @@
 #include <openssl/params.h>
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
+#if defined(WITH_PKCS11_URI) && defined(WITH_PKCS11_PROVIDER)
+#include <openssl/store.h>
+#endif
 #endif /* OPENSSL_VERSION_NUMBER */
 
 #ifdef HAVE_OPENSSL_EC_H
@@ -91,37 +96,20 @@ void pki_key_clean(ssh_key key)
 {
     if (key == NULL)
         return;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    DSA_free(key->dsa);
-    key->dsa = NULL;
-    RSA_free(key->rsa);
-    key->rsa = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
-#ifdef HAVE_OPENSSL_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move whole HAVE_OPENSSL_ECC into #if < 0x3 above
- */
-#if 1
-    EC_KEY_free(key->ecdsa);
-    key->ecdsa = NULL;
-#endif
-#endif /* HAVE_OPENSSL_ECC */
     EVP_PKEY_free(key->key);
     key->key = NULL;
 }
 
 #ifdef HAVE_OPENSSL_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 static int pki_key_ecdsa_to_nid(EC_KEY *k)
 {
     const EC_GROUP *g = EC_KEY_get0_group(k);
     int nid;
 
+    if (g == NULL) {
+        return -1;
+    }
     nid = EC_GROUP_get_curve_name(g);
     if (nid) {
         return nid;
@@ -133,34 +121,22 @@ static int pki_key_ecdsa_to_nid(EC_KEY *k)
 static int pki_key_ecdsa_to_nid(EVP_PKEY *k)
 {
     char gname[25] = { 0 };
-    int nid, rc;
-
-    rc = EVP_PKEY_get_utf8_string_param(k, "group", gname, 25, NULL);
-    if (rc != 1)
-        return -1;
+    int rc;
 
-    if (strcmp(gname, NISTP256) == 0
-        || strcmp(gname, "secp256r1") == 0
-        || strcmp(gname, "prime256v1") == 0) {
-        nid = NID_X9_62_prime256v1;
-    } else if (strcmp(gname, NISTP384) == 0
-               || strcmp(gname, "secp384r1") == 0) {
-        nid = NID_secp384r1;
-    } else if (strcmp(gname, NISTP521) == 0
-               || strcmp(gname, "secp521r1") == 0) {
-        nid = NID_secp521r1;
-    } else
+    rc = EVP_PKEY_get_utf8_string_param(k,
+                                        OSSL_PKEY_PARAM_GROUP_NAME,
+                                        gname,
+                                        25,
+                                        NULL);
+    if (rc != 1) {
         return -1;
+    }
 
-    return nid;
+    return pki_key_ecgroup_name_to_nid(gname);
 }
 #endif /* OPENSSL_VERSION_NUMBER */
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EC_KEY *k)
 #else
 static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EVP_PKEY *k)
@@ -227,181 +203,157 @@ int pki_key_ecdsa_nid_from_name(const char *name)
     return -1;
 }
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-static ssh_string make_ecpoint_string(const EC_GROUP *g,
-                                      const EC_POINT *p)
-{
-    ssh_string s;
-    size_t len;
-
-    len = EC_POINT_point2oct(g,
-                             p,
-                             POINT_CONVERSION_UNCOMPRESSED,
-                             NULL,
-                             0,
-                             NULL);
-    if (len == 0) {
-        return NULL;
-    }
-
-    s = ssh_string_new(len);
-    if (s == NULL) {
-        return NULL;
-    }
-
-    len = EC_POINT_point2oct(g,
-                             p,
-                             POINT_CONVERSION_UNCOMPRESSED,
-                             ssh_string_data(s),
-                             ssh_string_len(s),
-                             NULL);
-    if (len != ssh_string_len(s)) {
-        SSH_STRING_FREE(s);
-        return NULL;
-    }
-
-    return s;
-}
-#endif /* OPENSSL_VERSION_NUMBER */
-
 int pki_privkey_build_ecdsa(ssh_key key, int nid, ssh_string e, ssh_string exp)
 {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+    int rc = 0;
+    BIGNUM *bexp = NULL;
+
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     EC_POINT *p = NULL;
     const EC_GROUP *g = NULL;
-    int ok;
-    BIGNUM *bexp = NULL;
+    EC_KEY *ecdsa = NULL;
 #else
-    int rc;
-    const BIGNUM *expb;
     const char *group_name = OSSL_EC_curve_nid2name(nid);
     OSSL_PARAM_BLD *param_bld = NULL;
 
     if (group_name == NULL) {
         return -1;
     }
-    expb = ssh_make_string_bn(exp);
 #endif /* OPENSSL_VERSION_NUMBER */
 
+    bexp = ssh_make_string_bn(exp);
+    if (bexp == NULL) {
+        return -1;
+    }
+
     key->ecdsa_nid = nid;
     key->type_c = pki_key_ecdsa_nid_to_name(nid);
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
-    if (key->ecdsa == NULL) {
-        return -1;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
+    if (ecdsa == NULL) {
+        rc = -1;
+        goto cleanup;
     }
 
-    g = EC_KEY_get0_group(key->ecdsa);
+    g = EC_KEY_get0_group(ecdsa);
 
     p = EC_POINT_new(g);
     if (p == NULL) {
-        return -1;
+        rc = -1;
+        goto cleanup;
     }
 
-    ok = EC_POINT_oct2point(g,
+    rc = EC_POINT_oct2point(g,
                             p,
                             ssh_string_data(e),
                             ssh_string_len(e),
                             NULL);
-    if (!ok) {
-        EC_POINT_free(p);
-        return -1;
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
     }
 
     /* EC_KEY_set_public_key duplicates p */
-    ok = EC_KEY_set_public_key(key->ecdsa, p);
-    EC_POINT_free(p);
-    if (!ok) {
-        return -1;
+    rc = EC_KEY_set_public_key(ecdsa, p);
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
     }
 
-    bexp = ssh_make_string_bn(exp);
-    if (bexp == NULL) {
-        EC_KEY_free(key->ecdsa);
-        return -1;
-    }
     /* EC_KEY_set_private_key duplicates exp */
-    ok = EC_KEY_set_private_key(key->ecdsa, bexp);
-    BN_free(bexp);
-    if (!ok) {
-        EC_KEY_free(key->ecdsa);
-        return -1;
+    rc = EC_KEY_set_private_key(ecdsa, bexp);
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
     }
 
-    return 0;
+    key->key = EVP_PKEY_new();
+    if (key->key == NULL) {
+        rc = -1;
+        goto cleanup;
+    }
+
+    /* ecdsa will be freed when the EVP_PKEY key->key is freed */
+    rc = EVP_PKEY_assign_EC_KEY(key->key, ecdsa);
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
+    }
+    /* ssh_key is now the owner of this memory */
+    ecdsa = NULL;
+
+    /* set rc to 0 if everything went well */
+    rc = 0;
+
+cleanup:
+    EC_KEY_free(ecdsa);
+    EC_POINT_free(p);
+    BN_free(bexp);
+    return rc;
 #else
     param_bld = OSSL_PARAM_BLD_new();
-    if (param_bld == NULL)
-        goto err;
+    if (param_bld == NULL){
+        rc = -1;
+        goto cleanup;
+    }
 
     rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_PKEY_PARAM_GROUP_NAME,
                                          group_name, strlen(group_name));
-    if (rc != 1)
-        goto err;
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
+    }
+
     rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY,
                                           ssh_string_data(e), ssh_string_len(e));
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, expb);
-    if (rc != 1)
-        goto err;
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
+    }
+
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, bexp);
+    if (rc != 1) {
+        rc = -1;
+        goto cleanup;
+    }
 
     rc = evp_build_pkey("EC", param_bld, &(key->key), EVP_PKEY_KEYPAIR);
-    OSSL_PARAM_BLD_free(param_bld);
 
-    return rc;
-err:
+cleanup:
     OSSL_PARAM_BLD_free(param_bld);
-    return -1;
+    BN_free(bexp);
+    return rc;
 #endif /* OPENSSL_VERSION_NUMBER */
 }
 
 int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
 {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+    int rc;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     EC_POINT *p = NULL;
     const EC_GROUP *g = NULL;
+    EC_KEY *ecdsa = NULL;
     int ok;
 #else
-    int rc;
     const char *group_name = OSSL_EC_curve_nid2name(nid);
-    OSSL_PARAM_BLD *param_bld;
+    OSSL_PARAM_BLD *param_bld = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
 
     key->ecdsa_nid = nid;
     key->type_c = pki_key_ecdsa_nid_to_name(nid);
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
- #if 1
-    key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
-    if (key->ecdsa == NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
+    if (ecdsa == NULL) {
         return -1;
     }
 
-    g = EC_KEY_get0_group(key->ecdsa);
+    g = EC_KEY_get0_group(ecdsa);
 
     p = EC_POINT_new(g);
     if (p == NULL) {
+        EC_KEY_free(ecdsa);
         return -1;
     }
 
@@ -411,14 +363,28 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
                             ssh_string_len(e),
                             NULL);
     if (!ok) {
+        EC_KEY_free(ecdsa);
         EC_POINT_free(p);
         return -1;
     }
 
     /* EC_KEY_set_public_key duplicates p */
-    ok = EC_KEY_set_public_key(key->ecdsa, p);
+    ok = EC_KEY_set_public_key(ecdsa, p);
     EC_POINT_free(p);
     if (!ok) {
+        EC_KEY_free(ecdsa);
+        return -1;
+    }
+
+    key->key = EVP_PKEY_new();
+    if (key->key == NULL) {
+        EC_KEY_free(ecdsa);
+        return -1;
+    }
+
+    rc = EVP_PKEY_assign_EC_KEY(key->key, ecdsa);
+    if (rc != 1) {
+        EC_KEY_free(ecdsa);
         return -1;
     }
 
@@ -467,80 +433,13 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
     }
 
     switch (key->type) {
-    case SSH_KEYTYPE_DSS: {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        const BIGNUM *p = NULL, *q = NULL, *g = NULL,
-          *pub_key = NULL, *priv_key = NULL;
-        BIGNUM *np, *nq, *ng, *npub_key, *npriv_key;
-        new->dsa = DSA_new();
-        if (new->dsa == NULL) {
-            goto fail;
-        }
-
-        /*
-         * p        = public prime number
-         * q        = public 160-bit subprime, q | p-1
-         * g        = public generator of subgroup
-         * pub_key  = public key y = g^x
-         * priv_key = private key x
-         */
-        DSA_get0_pqg(key->dsa, &p, &q, &g);
-        np = BN_dup(p);
-        nq = BN_dup(q);
-        ng = BN_dup(g);
-        if (np == NULL || nq == NULL || ng == NULL) {
-            BN_free(np);
-            BN_free(nq);
-            BN_free(ng);
-            goto fail;
-        }
-
-        /* Memory management of np, nq and ng is transferred to DSA object */
-        rc = DSA_set0_pqg(new->dsa, np, nq, ng);
-        if (rc == 0) {
-            BN_free(np);
-            BN_free(nq);
-            BN_free(ng);
-            goto fail;
-        }
-
-        DSA_get0_key(key->dsa, &pub_key, &priv_key);
-        npub_key = BN_dup(pub_key);
-        if (npub_key == NULL) {
-            goto fail;
-        }
-
-        /* Memory management of npubkey is transferred to DSA object */
-        rc = DSA_set0_key(new->dsa, npub_key, NULL);
-        if (rc == 0) {
-            goto fail;
-        }
-
-        if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
-            npriv_key = BN_dup(priv_key);
-            if (npriv_key == NULL) {
-                goto fail;
-            }
-
-            /* Memory management of npriv_key is transferred to DSA object */
-            rc = DSA_set0_key(new->dsa, NULL, npriv_key);
-            if (rc == 0) {
-                goto fail;
-            }
-        }
-#else
-        rc = evp_dup_dsa_pkey(key, new, demote);
-        if (rc != SSH_OK) {
-            goto fail;
-        }
-#endif /* OPENSSL_VERSION_NUMBER */
-        break;
-    }
     case SSH_KEYTYPE_RSA:
     case SSH_KEYTYPE_RSA1: {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
         const BIGNUM *n = NULL, *e = NULL, *d = NULL;
         BIGNUM *nn, *ne, *nd;
+        RSA *new_rsa = NULL;
+        const RSA *key_rsa = EVP_PKEY_get0_RSA(key->key);
 #endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
 #ifdef WITH_PKCS11_URI
         /* Take the PKCS#11 keys as they are */
@@ -554,8 +453,8 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
         }
 #endif /* WITH_PKCS11_URI */
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-        new->rsa = RSA_new();
-        if (new->rsa == NULL) {
+        new_rsa = RSA_new();
+        if (new_rsa == NULL) {
             goto fail;
         }
 
@@ -569,18 +468,20 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
          * dmq1 = d mod (q-1)
          * iqmp = q^-1 mod p
          */
-        RSA_get0_key(key->rsa, &n, &e, &d);
+        RSA_get0_key(key_rsa, &n, &e, &d);
         nn = BN_dup(n);
         ne = BN_dup(e);
         if (nn == NULL || ne == NULL) {
+            RSA_free(new_rsa);
             BN_free(nn);
             BN_free(ne);
             goto fail;
         }
 
         /* Memory management of nn and ne is transferred to RSA object */
-        rc = RSA_set0_key(new->rsa, nn, ne, NULL);
+        rc = RSA_set0_key(new_rsa, nn, ne, NULL);
         if (rc == 0) {
+            RSA_free(new_rsa);
             BN_free(nn);
             BN_free(ne);
             goto fail;
@@ -593,43 +494,48 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
 
             nd = BN_dup(d);
             if (nd == NULL) {
+                RSA_free(new_rsa);
                 goto fail;
             }
 
             /* Memory management of nd is transferred to RSA object */
-            rc = RSA_set0_key(new->rsa, NULL, NULL, nd);
+            rc = RSA_set0_key(new_rsa, NULL, NULL, nd);
             if (rc == 0) {
+                RSA_free(new_rsa);
                 goto fail;
             }
 
             /* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the
              * RSA operations are much faster when these values are available.
              */
-            RSA_get0_factors(key->rsa, &p, &q);
+            RSA_get0_factors(key_rsa, &p, &q);
             if (p != NULL && q != NULL) { /* need to set both of them */
                 np = BN_dup(p);
                 nq = BN_dup(q);
                 if (np == NULL || nq == NULL) {
+                    RSA_free(new_rsa);
                     BN_free(np);
                     BN_free(nq);
                     goto fail;
                 }
 
                 /* Memory management of np and nq is transferred to RSA object */
-                rc = RSA_set0_factors(new->rsa, np, nq);
+                rc = RSA_set0_factors(new_rsa, np, nq);
                 if (rc == 0) {
+                    RSA_free(new_rsa);
                     BN_free(np);
                     BN_free(nq);
                     goto fail;
                 }
             }
 
-            RSA_get0_crt_params(key->rsa, &dmp1, &dmq1, &iqmp);
+            RSA_get0_crt_params(key_rsa, &dmp1, &dmq1, &iqmp);
             if (dmp1 != NULL || dmq1 != NULL || iqmp != NULL) {
                 ndmp1 = BN_dup(dmp1);
                 ndmq1 = BN_dup(dmq1);
                 niqmp = BN_dup(iqmp);
                 if (ndmp1 == NULL || ndmq1 == NULL || niqmp == NULL) {
+                    RSA_free(new_rsa);
                     BN_free(ndmp1);
                     BN_free(ndmq1);
                     BN_free(niqmp);
@@ -638,8 +544,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
 
                 /* Memory management of ndmp1, ndmq1 and niqmp is transferred
                  * to RSA object */
-                rc = RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);
+                rc = RSA_set0_crt_params(new_rsa, ndmp1, ndmq1, niqmp);
                 if (rc == 0) {
+                    RSA_free(new_rsa);
                     BN_free(ndmp1);
                     BN_free(ndmq1);
                     BN_free(niqmp);
@@ -647,6 +554,21 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
                 }
             }
         }
+
+        new->key = EVP_PKEY_new();
+        if (new->key == NULL) {
+            RSA_free(new_rsa);
+            goto fail;
+        }
+
+        rc = EVP_PKEY_assign_RSA(new->key, new_rsa);
+        if (rc != 1) {
+            EVP_PKEY_free(new->key);
+            RSA_free(new_rsa);
+            goto fail;
+        }
+
+        new_rsa = NULL;
 #else
         rc = evp_dup_rsa_pkey(key, new, demote);
         if (rc != SSH_OK) {
@@ -668,44 +590,56 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
                 goto fail;
             }
             new->key = key->key;
-            rc = EC_KEY_up_ref(key->ecdsa);
-            if (rc != 1) {
-                goto fail;
-            }
-            new->ecdsa = key->ecdsa;
             return new;
         }
 #endif /* WITH_PKCS11_URI */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
         /* privkey -> pubkey */
         if (demote && ssh_key_is_private(key)) {
-            const EC_POINT *p;
+            const EC_POINT *p = NULL;
+            EC_KEY *new_ecdsa = NULL, *old_ecdsa = NULL;
             int ok;
 
-            new->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
-            if (new->ecdsa == NULL) {
+            new_ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
+            if (new_ecdsa == NULL) {
                 goto fail;
             }
 
-            p = EC_KEY_get0_public_key(key->ecdsa);
+            old_ecdsa = EVP_PKEY_get0_EC_KEY(key->key);
+            if (old_ecdsa == NULL) {
+                EC_KEY_free(new_ecdsa);
+                goto fail;
+            }
+
+            p = EC_KEY_get0_public_key(old_ecdsa);
             if (p == NULL) {
+                EC_KEY_free(new_ecdsa);
+                goto fail;
+            }
+
+            ok = EC_KEY_set_public_key(new_ecdsa, p);
+            if (ok != 1) {
+                EC_KEY_free(new_ecdsa);
+                goto fail;
+            }
+
+            new->key = EVP_PKEY_new();
+            if (new->key == NULL) {
+                EC_KEY_free(new_ecdsa);
                 goto fail;
             }
 
-            ok = EC_KEY_set_public_key(new->ecdsa, p);
-            if (!ok) {
+            ok = EVP_PKEY_assign_EC_KEY(new->key, new_ecdsa);
+            if (ok != 1) {
+                EC_KEY_free(new_ecdsa);
                 goto fail;
             }
         } else {
-            rc = EC_KEY_up_ref(key->ecdsa);
+            rc = EVP_PKEY_up_ref(key->key);
             if (rc != 1) {
                 goto fail;
             }
-            new->ecdsa = key->ecdsa;
+            new->key = key->key;
         }
 #else
         rc = evp_dup_ecdsa_pkey(key, new, demote);
@@ -736,7 +670,8 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
 int pki_key_generate_rsa(ssh_key key, int parameter){
 	int rc;
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    BIGNUM *e;
+    BIGNUM *e = NULL;
+    RSA *key_rsa = NULL;
 #else
     OSSL_PARAM params[3];
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
@@ -745,15 +680,34 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
 
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
     e = BN_new();
-    key->rsa = RSA_new();
+    key_rsa = RSA_new();
+    if (key_rsa == NULL) {
+        return SSH_ERROR;
+    }
 
     BN_set_word(e, 65537);
-    rc = RSA_generate_key_ex(key->rsa, parameter, e, NULL);
+    rc = RSA_generate_key_ex(key_rsa, parameter, e, NULL);
 
     BN_free(e);
 
-    if (rc <= 0 || key->rsa == NULL)
+    if (rc <= 0 || key_rsa == NULL) {
+        return SSH_ERROR;
+    }
+
+    key->key = EVP_PKEY_new();
+    if (key->key == NULL) {
+        RSA_free(key_rsa);
+        return SSH_ERROR;
+    }
+
+    rc = EVP_PKEY_assign_RSA(key->key, key_rsa);
+    if (rc != 1) {
+        RSA_free(key_rsa);
+        EVP_PKEY_free(key->key);
         return SSH_ERROR;
+    }
+
+    key_rsa = NULL;
 #else
     key->key = NULL;
 
@@ -782,282 +736,113 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
 	return SSH_OK;
 }
 
-int pki_key_generate_dss(ssh_key key, int parameter){
-    int rc;
+#ifdef HAVE_OPENSSL_ECC
+int pki_key_generate_ecdsa(ssh_key key, int parameter)
+{
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = DSA_new();
-    if (key->dsa == NULL) {
-        return SSH_ERROR;
+    EC_KEY *ecdsa = NULL;
+    int ok;
+#else
+    const char *group_name = NULL;
+#endif /* OPENSSL_VERSION_NUMBER */
+    switch (parameter) {
+        case 256:
+            key->ecdsa_nid = NID_X9_62_prime256v1;
+            key->type = SSH_KEYTYPE_ECDSA_P256;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+            group_name = NISTP256;
+#endif /* OPENSSL_VERSION_NUMBER */
+            break;
+        case 384:
+            key->ecdsa_nid = NID_secp384r1;
+            key->type = SSH_KEYTYPE_ECDSA_P384;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+            group_name = NISTP384;
+#endif /* OPENSSL_VERSION_NUMBER */
+            break;
+        case 521:
+            key->ecdsa_nid = NID_secp521r1;
+            key->type = SSH_KEYTYPE_ECDSA_P521;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+            group_name = NISTP521;
+#endif /* OPENSSL_VERSION_NUMBER */
+            break;
+        default:
+            SSH_LOG(SSH_LOG_TRACE, "Invalid parameter %d for ECDSA key "
+                    "generation", parameter);
+            return SSH_ERROR;
     }
-    rc = DSA_generate_parameters_ex(key->dsa,
-                                    parameter,
-                                    NULL,  /* seed */
-                                    0,     /* seed_len */
-                                    NULL,  /* counter_ret */
-                                    NULL,  /* h_ret */
-                                    NULL); /* cb */
-    if (rc != 1) {
-        DSA_free(key->dsa);
-        key->dsa = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
+    if (ecdsa == NULL) {
         return SSH_ERROR;
     }
-    rc = DSA_generate_key(key->dsa);
-    if (rc != 1) {
-        DSA_free(key->dsa);
-        key->dsa=NULL;
+    ok = EC_KEY_generate_key(ecdsa);
+    if (!ok) {
+        EC_KEY_free(ecdsa);
         return SSH_ERROR;
     }
-#else
-    OSSL_PARAM params[3];
-    EVP_PKEY *param_key = NULL;
-    EVP_PKEY_CTX *pctx = NULL;
-    EVP_PKEY_CTX *gctx = NULL;
-    int qbits = parameter < 2048 ? 160 : 256;
+
+    EC_KEY_set_asn1_flag(ecdsa, OPENSSL_EC_NAMED_CURVE);
 
     key->key = EVP_PKEY_new();
     if (key->key == NULL) {
-        return SSH_ERROR;
-    }
-    pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
-    if (pctx == NULL) {
+        EC_KEY_free(ecdsa);
         return SSH_ERROR;
     }
 
-    rc = EVP_PKEY_paramgen_init(pctx);
-    if (rc != 1) {
-        EVP_PKEY_CTX_free(pctx);
-        return SSH_ERROR;
-    }
-    params[0] = OSSL_PARAM_construct_int("pbits", &parameter);
-    params[1] = OSSL_PARAM_construct_int("qbits", &qbits);
-    params[2] = OSSL_PARAM_construct_end();
-    rc = EVP_PKEY_CTX_set_params(pctx, params);
-    if (rc != 1) {
-        EVP_PKEY_CTX_free(pctx);
+    ok = EVP_PKEY_assign_EC_KEY(key->key, ecdsa);
+    if (ok != 1) {
         return SSH_ERROR;
     }
-    /* generating the domain parameters */
-    rc = EVP_PKEY_generate(pctx, &param_key);
-    if (rc != 1) {
-        EVP_PKEY_CTX_free(pctx);
-        EVP_PKEY_free(param_key);
-        return SSH_ERROR;
-    }
-    EVP_PKEY_CTX_free(pctx);
-
-    gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
-    if (gctx == NULL) {
-        EVP_PKEY_free(param_key);
-        return SSH_ERROR;
-    }
-
-    EVP_PKEY_free(param_key);
-    rc = EVP_PKEY_keygen_init(gctx);
-    if (rc != 1) {
-        EVP_PKEY_CTX_free(gctx);
-        return SSH_ERROR;
-    }
-    /* generating the key from the domain parameters */
-    rc = EVP_PKEY_generate(gctx, &key->key);
-    if (rc != 1) {
-        EVP_PKEY_free(key->key);
-        key->key = NULL;
-        EVP_PKEY_CTX_free(gctx);
-        return SSH_ERROR;
-    }
-    EVP_PKEY_CTX_free(gctx);
-#endif /* OPENSSL_VERSION_NUMBER */
-    return SSH_OK;
-}
-
-#ifdef HAVE_OPENSSL_ECC
-int pki_key_generate_ecdsa(ssh_key key, int parameter) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    int ok;
-#else
-    const char *group_name = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
-    switch (parameter) {
-        case 256:
-            key->ecdsa_nid = NID_X9_62_prime256v1;
-            key->type = SSH_KEYTYPE_ECDSA_P256;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
-            group_name = NISTP256;
-#endif /* OPENSSL_VERSION_NUMBER */
-            break;
-        case 384:
-            key->ecdsa_nid = NID_secp384r1;
-            key->type = SSH_KEYTYPE_ECDSA_P384;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
-            group_name = NISTP384;
-#endif /* OPENSSL_VERSION_NUMBER */
-            break;
-        case 521:
-            key->ecdsa_nid = NID_secp521r1;
-            key->type = SSH_KEYTYPE_ECDSA_P521;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
-            group_name = NISTP521;
-#endif /* OPENSSL_VERSION_NUMBER */
-            break;
-        default:
-            SSH_LOG(SSH_LOG_WARN, "Invalid parameter %d for ECDSA key "
-                    "generation", parameter);
-            return SSH_ERROR;
-    }
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
-    if (key->ecdsa == NULL) {
-        return SSH_ERROR;
-    }
-#else
-    key->key = EVP_EC_gen(group_name);
-    if (key->key == NULL) {
+
+#else
+    key->key = EVP_EC_gen(group_name);
+    if (key->key == NULL) {
         return SSH_ERROR;
     }
 #endif /* OPENSSL_VERSION_NUMBER */
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-    ok = EC_KEY_generate_key(key->ecdsa);
-    if (!ok) {
-        EC_KEY_free(key->ecdsa);
-        return SSH_ERROR;
-    }
-
-    EC_KEY_set_asn1_flag(key->ecdsa, OPENSSL_EC_NAMED_CURVE);
-#endif /* OPENSSL_VERSION_NUMBER */
     return SSH_OK;
 }
 #endif /* HAVE_OPENSSL_ECC */
 
 /* With OpenSSL 3.0 and higher the parameter 'what'
- * is ignored and the comparision is done by OpenSSL
+ * is ignored and the comparison is done by OpenSSL
  */
 int pki_key_compare(const ssh_key k1,
                     const ssh_key k2,
                     enum ssh_keycmp_e what)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     int rc;
-    (void) what;
-#endif /* OPENSSL_VERSION_NUMBER */
 
-    switch (k1->type) {
-        case SSH_KEYTYPE_DSS:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-            {
-                const BIGNUM *p1, *p2, *q1, *q2, *g1, *g2,
-                    *pub_key1, *pub_key2, *priv_key1, *priv_key2;
-                if (DSA_size(k1->dsa) != DSA_size(k2->dsa)) {
-                    return 1;
-                }
-                DSA_get0_pqg(k1->dsa, &p1, &q1, &g1);
-                DSA_get0_pqg(k2->dsa, &p2, &q2, &g2);
-                if (bignum_cmp(p1, p2) != 0) {
-                    return 1;
-                }
-                if (bignum_cmp(q1, q2) != 0) {
-                    return 1;
-                }
-                if (bignum_cmp(g1, g2) != 0) {
-                    return 1;
-                }
-                DSA_get0_key(k1->dsa, &pub_key1, &priv_key1);
-                DSA_get0_key(k2->dsa, &pub_key2, &priv_key2);
-                if (bignum_cmp(pub_key1, pub_key2) != 0) {
-                    return 1;
-                }
-
-                if (what == SSH_KEY_CMP_PRIVATE) {
-                    if (bignum_cmp(priv_key1, priv_key2) != 0) {
-                        return 1;
-                    }
-                }
-                break;
-            }
-#endif /* OPENSSL_VERSION_NUMBER */
-        case SSH_KEYTYPE_RSA:
-        case SSH_KEYTYPE_RSA1:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-            {
-                const BIGNUM *e1, *e2, *n1, *n2, *p1, *p2, *q1, *q2;
-                if (RSA_size(k1->rsa) != RSA_size(k2->rsa)) {
-                    return 1;
-                }
-                RSA_get0_key(k1->rsa, &n1, &e1, NULL);
-                RSA_get0_key(k2->rsa, &n2, &e2, NULL);
-                if (bignum_cmp(e1, e2) != 0) {
-                    return 1;
-                }
-                if (bignum_cmp(n1, n2) != 0) {
-                    return 1;
-                }
-
-                if (what == SSH_KEY_CMP_PRIVATE) {
-                    RSA_get0_factors(k1->rsa, &p1, &q1);
-                    RSA_get0_factors(k2->rsa, &p2, &q2);
-                    if (bignum_cmp(p1, p2) != 0) {
-                        return 1;
-                    }
+    (void)what;
 
-                    if (bignum_cmp(q1, q2) != 0) {
-                        return 1;
-                    }
-                }
-                break;
-            }
-#endif /* OPENSSL_VERSION_NUMBER */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * delete this part of #if because it gets done below EC
- */
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-            rc = EVP_PKEY_eq(k1->key, k2->key);
-            if (rc != 1) {
-                return 1;
-            }
-            break;
-#endif /* OPENSSL_VERSION_NUMBER */
+    switch (ssh_key_type_plain(k1->type)) {
         case SSH_KEYTYPE_ECDSA_P256:
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521:
         case SSH_KEYTYPE_SK_ECDSA:
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 #ifdef HAVE_OPENSSL_ECC
             {
-                const EC_POINT *p1 = EC_KEY_get0_public_key(k1->ecdsa);
-                const EC_POINT *p2 = EC_KEY_get0_public_key(k2->ecdsa);
-                const EC_GROUP *g1 = EC_KEY_get0_group(k1->ecdsa);
-                const EC_GROUP *g2 = EC_KEY_get0_group(k2->ecdsa);
+                const EC_KEY *ec1 = EVP_PKEY_get0_EC_KEY(k1->key);
+                const EC_KEY *ec2 = EVP_PKEY_get0_EC_KEY(k2->key);
+                const EC_POINT *p1 = NULL;
+                const EC_POINT *p2 = NULL;
+                const EC_GROUP *g1 = NULL;
+                const EC_GROUP *g2 = NULL;
+
+                if (ec1 == NULL || ec2 == NULL) {
+                    return 1;
+                }
 
-                if (p1 == NULL || p2 == NULL) {
+                p1 = EC_KEY_get0_public_key(ec1);
+                p2 = EC_KEY_get0_public_key(ec2);
+                g1 = EC_KEY_get0_group(ec1);
+                g2 = EC_KEY_get0_group(ec2);
+
+                if (p1 == NULL || p2 == NULL || g1 == NULL || g2 == NULL) {
                     return 1;
                 }
 
@@ -1070,8 +855,8 @@ int pki_key_compare(const ssh_key k1,
                 }
 
                 if (what == SSH_KEY_CMP_PRIVATE) {
-                    if (bignum_cmp(EC_KEY_get0_private_key(k1->ecdsa),
-                                   EC_KEY_get0_private_key(k2->ecdsa))) {
+                    if (bignum_cmp(EC_KEY_get0_private_key(ec1),
+                                   EC_KEY_get0_private_key(ec2))) {
                         return 1;
                     }
                 }
@@ -1079,20 +864,16 @@ int pki_key_compare(const ssh_key k1,
             }
 #endif /* HAVE_OPENSSL_ECC */
 #endif /* OPENSSL_VERSION_NUMBER */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * else
- */
-#if 0
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1:
             rc = EVP_PKEY_eq(k1->key, k2->key);
             if (rc != 1) {
                 return 1;
             }
             break;
-#endif /* OPENSSL_VERSION_NUMBER */
         case SSH_KEYTYPE_ED25519:
         case SSH_KEYTYPE_SK_ED25519:
-            /* ed25519 keys handled globaly */
+            /* ed25519 keys handled globally */
         case SSH_KEYTYPE_UNKNOWN:
         default:
             return 1;
@@ -1117,66 +898,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
     }
 
     switch (key->type) {
-        case SSH_KEYTYPE_DSS:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-            pkey = EVP_PKEY_new();
-            if (pkey == NULL) {
-                goto err;
-            }
-
-            rc = EVP_PKEY_set1_DSA(pkey, key->dsa);
-            break;
-#endif /* OPENSSL_VERSION_NUMBER */
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-            pkey = EVP_PKEY_new();
-            if (pkey == NULL) {
-                goto err;
-            }
-
-            rc = EVP_PKEY_set1_RSA(pkey, key->rsa);
-            break;
-#endif /* OPENSSL_VERSION_NUMBER */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Delete this part, because it is done below HAVE_ECC
- */
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-            rc = EVP_PKEY_up_ref(key->key);
-            if (rc != 1) {
-                goto err;
-            }
-            pkey = key->key;
-
-            /* Mark the operation as successful as for the other key types */
-            rc = 1;
-
-            break;
-#endif /* OPENSSL_VERSION_NUMBER */
         case SSH_KEYTYPE_ECDSA_P256:
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521:
-#ifdef HAVE_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-            pkey = EVP_PKEY_new();
-            if (pkey == NULL) {
-                goto err;
-            }
-
-            rc = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa);
-            break;
-#endif /* OPENSSL_VERSION_NUMBER */
-#endif /* HAVE_ECC */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
             rc = EVP_PKEY_up_ref(key->key);
             if (rc != 1) {
                 goto err;
@@ -1187,9 +913,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             rc = 1;
 
             break;
-#endif /* OPENSSL_VERSION_NUMBER */
         case SSH_KEYTYPE_ED25519:
-#ifdef HAVE_OPENSSL_ED25519
             /* In OpenSSL, the input is the private key seed only, which means
              * the first half of the SSH private key (the second half is the
              * public key) */
@@ -1206,11 +930,6 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             /* Mark the operation as successful as for the other key types */
             rc = 1;
             break;
-#else
-            SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
-            goto err;
-#endif /* HAVE_OPENSSL_ED25519 */
-        case SSH_KEYTYPE_DSS_CERT01:
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_ECDSA_P256_CERT01:
         case SSH_KEYTYPE_ECDSA_P384_CERT01:
@@ -1218,11 +937,11 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
         case SSH_KEYTYPE_ED25519_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", key->type);
+            SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", key->type);
             goto err;
     }
     if (rc != 1) {
-        SSH_LOG(SSH_LOG_WARN, "Failed to initialize EVP_PKEY structure");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to initialize EVP_PKEY structure");
         goto err;
     }
 
@@ -1249,6 +968,9 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
     pkey = NULL;
 
     if (rc != 1) {
+        SSH_LOG(SSH_LOG_WARNING,
+                "Failed to write private key: %s\n",
+                ERR_error_string(ERR_get_error(), NULL));
         goto err;
     }
 
@@ -1282,19 +1004,10 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 {
     BIO *mem = NULL;
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    DSA *dsa = NULL;
-    RSA *rsa = NULL;
-#endif /* OPENSSL_VERSION_NUMBER */
-#ifdef HAVE_OPENSSL_ECC
     EC_KEY *ecdsa = NULL;
-#else
-    void *ecdsa = NULL;
-#endif /* HAVE_OPENSSL_ECC */
-#ifdef HAVE_OPENSSL_ED25519
+#endif /* OPENSSL_VERSION_NUMBER */
     uint8_t *ed25519 = NULL;
-#else
-    ed25519_privkey *ed25519 = NULL;
-#endif /* HAVE_OPENSSL_ED25519 */
+    uint8_t *ed25519_pubkey = NULL;
     ssh_key key = NULL;
     enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
     EVP_PKEY *pkey = NULL;
@@ -1317,47 +1030,22 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
     BIO_free(mem);
 
     if (pkey == NULL) {
-        SSH_LOG(SSH_LOG_WARN,
-                "Parsing private key: %s",
+        SSH_LOG(SSH_LOG_TRACE,
+                "Error parsing private key: %s",
                 ERR_error_string(ERR_get_error(), NULL));
         return NULL;
     }
     switch (EVP_PKEY_base_id(pkey)) {
-    case EVP_PKEY_DSA:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        dsa = EVP_PKEY_get1_DSA(pkey);
-        if (dsa == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
-                    "Parsing private key: %s",
-                    ERR_error_string(ERR_get_error(),NULL));
-            goto fail;
-        }
-#endif
-        type = SSH_KEYTYPE_DSS;
-        break;
     case EVP_PKEY_RSA:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        rsa = EVP_PKEY_get1_RSA(pkey);
-        if (rsa == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
-                    "Parsing private key: %s",
-                    ERR_error_string(ERR_get_error(),NULL));
-            goto fail;
-        }
-#endif /* OPENSSL_VERSION_NUMBER */
         type = SSH_KEYTYPE_RSA;
         break;
     case EVP_PKEY_EC:
 #ifdef HAVE_OPENSSL_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-        ecdsa = EVP_PKEY_get1_EC_KEY(pkey);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+        ecdsa = EVP_PKEY_get0_EC_KEY(pkey);
         if (ecdsa == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
-                    "Parsing private key: %s",
+            SSH_LOG(SSH_LOG_TRACE,
+		    "Error parsing private key: %s",
                     ERR_error_string(ERR_get_error(), NULL));
             goto fail;
         }
@@ -1365,27 +1053,18 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 
         /* pki_privatekey_type_from_string always returns P256 for ECDSA
          * keys, so we need to figure out the correct type here */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
         type = pki_key_ecdsa_to_key_type(ecdsa);
 #else
         type = pki_key_ecdsa_to_key_type(pkey);
 #endif /* OPENSSL_VERSION_NUMBER */
         if (type == SSH_KEYTYPE_UNKNOWN) {
-            SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
+            SSH_LOG(SSH_LOG_TRACE, "Invalid private key.");
             goto fail;
         }
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Remove these three lines
- */
         break;
 #endif /* HAVE_OPENSSL_ECC */
-#ifdef HAVE_OPENSSL_ED25519
     case EVP_PKEY_ED25519:
     {
         size_t key_len;
@@ -1406,7 +1085,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 
         ed25519 = malloc(key_len);
         if (ed25519 == NULL) {
-            SSH_LOG(SSH_LOG_WARN, "Out of memory");
+            SSH_LOG(SSH_LOG_TRACE, "Out of memory");
             goto fail;
         }
 
@@ -1418,13 +1097,28 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
                     ERR_error_string(ERR_get_error(), NULL));
             goto fail;
         }
+
+        /* length matches the private key length */
+        ed25519_pubkey = malloc(ED25519_KEY_LEN);
+        if (ed25519_pubkey == NULL) {
+            SSH_LOG(SSH_LOG_TRACE, "Out of memory");
+            goto fail;
+        }
+
+        evp_rc = EVP_PKEY_get_raw_public_key(pkey, (uint8_t *)ed25519_pubkey,
+                                             &key_len);
+        if (evp_rc != 1) {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Failed to get ed25519 raw public key:  %s",
+                    ERR_error_string(ERR_get_error(), NULL));
+            goto fail;
+        }
         type = SSH_KEYTYPE_ED25519;
 
     }
     break;
-#endif /* HAVE_OPENSSL_ED25519 */
     default:
-        SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d",
+        SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d",
                 EVP_PKEY_base_id(pkey));
         EVP_PKEY_free(pkey);
         return NULL;
@@ -1438,25 +1132,13 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
     key->type = type;
     key->type_c = ssh_key_type_to_char(type);
     key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = dsa;
-    key->rsa = rsa;
-#endif /* OPENSSL_VERSION_NUMBER */
     key->key = pkey;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move key->ecdsa line into the #if above this
- */
-    key->ecdsa = ecdsa;
     key->ed25519_privkey = ed25519;
+    key->ed25519_pubkey = ed25519_pubkey;
 #ifdef HAVE_OPENSSL_ECC
     if (is_ecdsa_key_type(key->type)) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-        key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+        key->ecdsa_nid = pki_key_ecdsa_to_nid(ecdsa);
 #else
         key->ecdsa_nid = pki_key_ecdsa_to_nid(key->key);
 #endif /* OPENSSL_VERSION_NUMBER */
@@ -1467,276 +1149,189 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 fail:
     EVP_PKEY_free(pkey);
     ssh_key_free(key);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    DSA_free(dsa);
-    RSA_free(rsa);
-#endif /* OPENSSL_VERSION_NUMBER */
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move HAVE_OPENSSL_ECC #ifdef inside the #if above
- */
-#ifdef HAVE_OPENSSL_ECC
-    EC_KEY_free(ecdsa);
-#endif
-#ifdef HAVE_OPENSSL_ED25519
     SAFE_FREE(ed25519);
-#endif
+    SAFE_FREE(ed25519_pubkey);
     return NULL;
 }
 
-int pki_privkey_build_dss(ssh_key key,
+int pki_privkey_build_rsa(ssh_key key,
+                          ssh_string n,
+                          ssh_string e,
+                          ssh_string d,
+                          ssh_string iqmp,
                           ssh_string p,
-                          ssh_string q,
-                          ssh_string g,
-                          ssh_string pubkey,
-                          ssh_string privkey)
+                          ssh_string q)
 {
     int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    BIGNUM *bp, *bq, *bg, *bpub_key, *bpriv_key;
-#else
-    const BIGNUM *pb, *qb, *gb, *pubb, *privb;
-    OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
+    BIGNUM *be = NULL, *bn = NULL, *bd = NULL;
+    BIGNUM *biqmp = NULL, *bp = NULL, *bq = NULL;
+    BIGNUM *aux = NULL, *d_consttime = NULL;
+    BIGNUM *bdmq1 = NULL, *bdmp1 = NULL;
+    BN_CTX *ctx = NULL;
 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = DSA_new();
-    if (key->dsa == NULL) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+    if (param_bld == NULL) {
+        return SSH_ERROR;
+    }
+#else
+    RSA *key_rsa = RSA_new();
+    if (key_rsa == NULL) {
         return SSH_ERROR;
     }
+#endif /* OPENSSL_VERSION_NUMBER */
 
+    bn = ssh_make_string_bn(n);
+    be = ssh_make_string_bn(e);
+    bd = ssh_make_string_bn(d);
+    biqmp = ssh_make_string_bn(iqmp);
     bp = ssh_make_string_bn(p);
     bq = ssh_make_string_bn(q);
-    bg = ssh_make_string_bn(g);
-    bpub_key = ssh_make_string_bn(pubkey);
-    bpriv_key = ssh_make_string_bn(privkey);
-    if (bp == NULL || bq == NULL ||
-        bg == NULL || bpub_key == NULL) {
+    if (be == NULL || bn == NULL || bd == NULL ||
+        /*biqmp == NULL ||*/ bp == NULL || bq == NULL) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+
+    /* Calculate remaining CRT parameters for OpenSSL to be happy
+     * taken from OpenSSH */
+    if ((ctx = BN_CTX_new()) == NULL) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+    if ((aux = BN_new()) == NULL ||
+        (bdmq1 = BN_new()) == NULL ||
+        (bdmp1 = BN_new()) == NULL) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+    if ((d_consttime = BN_dup(bd)) == NULL) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+    BN_set_flags(aux, BN_FLG_CONSTTIME);
+    BN_set_flags(d_consttime, BN_FLG_CONSTTIME);
+
+    if ((BN_sub(aux, bq, BN_value_one()) == 0) ||
+        (BN_mod(bdmq1, d_consttime, aux, ctx) == 0) ||
+        (BN_sub(aux, bp, BN_value_one()) == 0) ||
+        (BN_mod(bdmp1, d_consttime, aux, ctx) == 0)) {
+        rc = SSH_ERROR;
         goto fail;
     }
 
-    /* Memory management of bp, qq and bg is transferred to DSA object */
-    rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    /* Memory management of be, bn and bd is transferred to RSA object */
+    rc = RSA_set0_key(key_rsa, bn, be, bd);
     if (rc == 0) {
         goto fail;
     }
 
-    /* Memory management of bpub_key and bpriv_key is transferred to DSA object */
-    rc = DSA_set0_key(key->dsa, bpub_key, bpriv_key);
+    /* Memory management of bp and bq is transferred to RSA object */
+    rc = RSA_set0_factors(key_rsa, bp, bq);
     if (rc == 0) {
         goto fail;
     }
 
-    return SSH_OK;
-fail:
-    DSA_free(key->dsa);
-    return SSH_ERROR;
-#else
-    param_bld = OSSL_PARAM_BLD_new();
-    if (param_bld == NULL)
-        goto err;
+    /* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the RSA
+     * operations are much faster when these values are available.
+     * https://www.openssl.org/docs/man1.0.2/crypto/rsa.html
+     * And OpenSSL fails to export these keys to PEM if these are missing:
+     * https://github.com/openssl/openssl/issues/21826
+     */
+    rc = RSA_set0_crt_params(key_rsa, bdmp1, bdmq1, biqmp);
+    if (rc == 0) {
+        goto fail;
+    }
+    bignum_safe_free(aux);
+    bignum_safe_free(d_consttime);
 
-    pb = ssh_make_string_bn(p);
-    qb = ssh_make_string_bn(q);
-    gb = ssh_make_string_bn(g);
-    pubb = ssh_make_string_bn(pubkey);
-    privb = ssh_make_string_bn(privkey);
-
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, pb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, qb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, gb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pubb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, privb);
-    if (rc != 1)
-        goto err;
-
-    rc = evp_build_pkey("DSA", param_bld, &(key->key), EVP_PKEY_KEYPAIR);
-    OSSL_PARAM_BLD_free(param_bld);
-
-    return rc;
-err:
-    OSSL_PARAM_BLD_free(param_bld);
-    return -1;
-#endif /* OPENSSL_VERSION_NUMBER */
-}
-
-int pki_pubkey_build_dss(ssh_key key,
-                         ssh_string p,
-                         ssh_string q,
-                         ssh_string g,
-                         ssh_string pubkey) {
-    int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    BIGNUM *bp = NULL, *bq = NULL, *bg = NULL, *bpub_key = NULL;
-#else
-    const BIGNUM *pb, *qb, *gb, *pubb;
-    OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->dsa = DSA_new();
-    if (key->dsa == NULL) {
-        return SSH_ERROR;
-    }
-
-    bp = ssh_make_string_bn(p);
-    bq = ssh_make_string_bn(q);
-    bg = ssh_make_string_bn(g);
-    bpub_key = ssh_make_string_bn(pubkey);
-    if (bp == NULL || bq == NULL ||
-        bg == NULL || bpub_key == NULL) {
-        goto fail;
-    }
-
-    /* Memory management of bp, bq and bg is transferred to DSA object */
-    rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
-    if (rc == 0) {
+    key->key = EVP_PKEY_new();
+    if (key->key == NULL) {
         goto fail;
     }
 
-    /* Memory management of npub_key is transferred to DSA object */
-    rc = DSA_set0_key(key->dsa, bpub_key, NULL);
-    if (rc == 0) {
+    rc = EVP_PKEY_assign_RSA(key->key, key_rsa);
+    if (rc != 1) {
         goto fail;
     }
 
     return SSH_OK;
 fail:
-    DSA_free(key->dsa);
+    RSA_free(key_rsa);
+    EVP_PKEY_free(key->key);
     return SSH_ERROR;
 #else
-    param_bld = OSSL_PARAM_BLD_new();
-    if (param_bld == NULL)
-        goto err;
-
-    pb = ssh_make_string_bn(p);
-    qb = ssh_make_string_bn(q);
-    gb = ssh_make_string_bn(g);
-    pubb = ssh_make_string_bn(pubkey);
-
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, pb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, qb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, gb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pubb);
-    if (rc != 1)
-        goto err;
-
-    rc = evp_build_pkey("DSA", param_bld, &(key->key), EVP_PKEY_PUBLIC_KEY);
-    OSSL_PARAM_BLD_free(param_bld);
-
-    return rc;
-err:
-    OSSL_PARAM_BLD_free(param_bld);
-    return -1;
-#endif /* OPENSSL_VERSION_NUMBER */
-}
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, bn);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, be);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, bd);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
 
-int pki_privkey_build_rsa(ssh_key key,
-                          ssh_string n,
-                          ssh_string e,
-                          ssh_string d,
-                          UNUSED_PARAM(ssh_string iqmp),
-                          ssh_string p,
-                          ssh_string q)
-{
-    int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    BIGNUM *be, *bn, *bd/*, *biqmp*/, *bp, *bq;
-#else
-    const BIGNUM *nb, *eb, *db, *pb, *qb;
-    OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_FACTOR1, bp);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->rsa = RSA_new();
-    if (key->rsa == NULL) {
-        return SSH_ERROR;
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_FACTOR2, bq);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
     }
 
-    bn = ssh_make_string_bn(n);
-    be = ssh_make_string_bn(e);
-    bd = ssh_make_string_bn(d);
-    /*biqmp = ssh_make_string_bn(iqmp);*/
-    bp = ssh_make_string_bn(p);
-    bq = ssh_make_string_bn(q);
-    if (be == NULL || bn == NULL || bd == NULL ||
-        /*biqmp == NULL ||*/ bp == NULL || bq == NULL) {
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_EXPONENT1, bdmp1);
+    if (rc != 1) {
+        rc = SSH_ERROR;
         goto fail;
     }
 
-    /* Memory management of be, bn and bd is transferred to RSA object */
-    rc = RSA_set0_key(key->rsa, bn, be, bd);
-    if (rc == 0) {
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_EXPONENT2, bdmq1);
+    if (rc != 1) {
+        rc = SSH_ERROR;
         goto fail;
     }
 
-    /* Memory management of bp and bq is transferred to RSA object */
-    rc = RSA_set0_factors(key->rsa, bp, bq);
-    if (rc == 0) {
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, biqmp);
+    if (rc != 1) {
+        rc = SSH_ERROR;
         goto fail;
     }
 
-    /* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the RSA
-     * operations are much faster when these values are available.
-     * https://www.openssl.org/docs/man1.0.2/crypto/rsa.html
-     */
-    /* RSA_set0_crt_params(key->rsa, biqmp, NULL, NULL);
-    TODO calculate missing crt_params */
+    rc = evp_build_pkey("RSA", param_bld, &(key->key), EVP_PKEY_KEYPAIR);
+    if (rc != SSH_OK) {
+        SSH_LOG(SSH_LOG_WARNING,
+                "Failed to import private key: %s\n",
+                ERR_error_string(ERR_get_error(), NULL));
+        rc = SSH_ERROR;
+        goto fail;
+    }
 
-    return SSH_OK;
 fail:
-    RSA_free(key->rsa);
-    return SSH_ERROR;
-#else
-    param_bld = OSSL_PARAM_BLD_new();
-    if (param_bld == NULL)
-        goto err;
-
-    nb = ssh_make_string_bn(n);
-    eb = ssh_make_string_bn(e);
-    db = ssh_make_string_bn(d);
-    pb = ssh_make_string_bn(p);
-    qb = ssh_make_string_bn(q);
-
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, nb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, eb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_D, db);
-    if (rc != 1)
-        goto err;
-
-    rc = evp_build_pkey("RSA", param_bld, &(key->key), EVP_PKEY_KEYPAIR);
     OSSL_PARAM_BLD_free(param_bld);
+    bignum_safe_free(bn);
+    bignum_safe_free(be);
+    bignum_safe_free(bd);
+    bignum_safe_free(bp);
+    bignum_safe_free(bq);
+    bignum_safe_free(biqmp);
 
-    rc = EVP_PKEY_set_bn_param(key->key, OSSL_PKEY_PARAM_RSA_FACTOR1, pb);
-    if (rc != 1)
-        goto err;
-
-    rc = EVP_PKEY_set_bn_param(key->key, OSSL_PKEY_PARAM_RSA_FACTOR2, qb);
-    if (rc != 1)
-        goto err;
-
+    bignum_safe_free(aux);
+    bignum_safe_free(d_consttime);
+    bignum_safe_free(bdmp1);
+    bignum_safe_free(bdmq1);
+    BN_CTX_free(ctx);
     return rc;
-err:
-    OSSL_PARAM_BLD_free(param_bld);
-    return -1;
 #endif /* OPENSSL_VERSION_NUMBER */
 }
 
@@ -1744,61 +1339,72 @@ int pki_pubkey_build_rsa(ssh_key key,
                          ssh_string e,
                          ssh_string n) {
     int rc;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
     BIGNUM *be = NULL, *bn = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
+    if (param_bld == NULL) {
+        return SSH_ERROR;
+    }
 #else
-    const BIGNUM *eb, *nb;
-    OSSL_PARAM_BLD *param_bld;
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->rsa = RSA_new();
-    if (key->rsa == NULL) {
+    RSA *key_rsa = RSA_new();
+    if (key_rsa == NULL) {
         return SSH_ERROR;
     }
+#endif /* OPENSSL_VERSION_NUMBER */
 
     be = ssh_make_string_bn(e);
     bn = ssh_make_string_bn(n);
     if (be == NULL || bn == NULL) {
+        rc = SSH_ERROR;
         goto fail;
     }
 
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     /* Memory management of bn and be is transferred to RSA object */
-    rc = RSA_set0_key(key->rsa, bn, be, NULL);
+    rc = RSA_set0_key(key_rsa, bn, be, NULL);
     if (rc == 0) {
         goto fail;
     }
 
+    key->key = EVP_PKEY_new();
+    if (key->key == NULL) {
+        goto fail;
+    }
+
+    rc = EVP_PKEY_assign_RSA(key->key, key_rsa);
+    if (rc != 1) {
+        goto fail;
+    }
+
     return SSH_OK;
 fail:
-    RSA_free(key->rsa);
+    EVP_PKEY_free(key->key);
+    RSA_free(key_rsa);
     return SSH_ERROR;
 #else
-    nb = ssh_make_string_bn(n);
-    eb = ssh_make_string_bn(e);
-
-    param_bld = OSSL_PARAM_BLD_new();
-    if (param_bld == NULL)
-        goto err;
-
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, nb);
-    if (rc != 1)
-        goto err;
-    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, eb);
-    if (rc != 1)
-        goto err;
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, bn);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
+    rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, be);
+    if (rc != 1) {
+        rc = SSH_ERROR;
+        goto fail;
+    }
 
     rc = evp_build_pkey("RSA", param_bld, &(key->key), EVP_PKEY_PUBLIC_KEY);
+
+fail:
     OSSL_PARAM_BLD_free(param_bld);
+    bignum_safe_free(bn);
+    bignum_safe_free(be);
 
     return rc;
-err:
-    OSSL_PARAM_BLD_free(param_bld);
-    return -1;
 #endif /* OPENSSL_VERSION_NUMBER */
 }
 
-ssh_string pki_publickey_to_blob(const ssh_key key)
+ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
 {
     ssh_buffer buffer;
     ssh_string type_s;
@@ -1808,10 +1414,13 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     ssh_string p = NULL;
     ssh_string g = NULL;
     ssh_string q = NULL;
+    ssh_string d = NULL;
+    ssh_string iqmp = NULL;
     int rc;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     BIGNUM *bp = NULL, *bq = NULL, *bg = NULL, *bpub_key = NULL,
-           *bn = NULL, *be = NULL;
+           *bn = NULL, *be = NULL,
+           *bd = NULL, *biqmp = NULL;
     OSSL_PARAM *params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
 
@@ -1819,6 +1428,8 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     if (buffer == NULL) {
         return NULL;
     }
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buffer);
 
     if (key->cert != NULL) {
         rc = ssh_buffer_add_buffer(buffer, key->cert);
@@ -1843,156 +1454,175 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     }
 
     switch (key->type) {
-        case SSH_KEYTYPE_DSS: {
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1: {
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-            const BIGNUM *bp, *bq, *bg, *bpub_key;
-            DSA_get0_pqg(key->dsa, &bp, &bq, &bg);
-            DSA_get0_key(key->dsa, &bpub_key, NULL);
+            const BIGNUM *be = NULL, *bn = NULL;
+            const RSA *key_rsa = EVP_PKEY_get0_RSA(key->key);
+            RSA_get0_key(key_rsa, &bn, &be, NULL);
 #else
             const OSSL_PARAM *out_param = NULL;
             rc = EVP_PKEY_todata(key->key, EVP_PKEY_PUBLIC_KEY, &params);
             if (rc != 1) {
                 goto fail;
             }
-            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P);
-            if (out_param == NULL) {
-                SSH_LOG(SSH_LOG_WARN, "DSA: No param P has been found");
-                goto fail;
-            }
-            rc = OSSL_PARAM_get_BN(out_param, &bp);
-            if (rc != 1) {
-                goto fail;
-            }
-            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q);
-            if (out_param == NULL) {
-                SSH_LOG(SSH_LOG_WARN, "DSA: No param Q has been found");
-                goto fail;
-            }
-            rc = OSSL_PARAM_get_BN(out_param, &bq);
-            if (rc != 1) {
-                goto fail;
-            }
-            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G);
+            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
             if (out_param == NULL) {
-                SSH_LOG(SSH_LOG_WARN, "DSA: No param G has been found");
+                SSH_LOG(SSH_LOG_TRACE, "RSA: No param E has been found");
                 goto fail;
             }
-            rc = OSSL_PARAM_get_BN(out_param, &bg);
+            rc = OSSL_PARAM_get_BN(out_param, &be);
             if (rc != 1) {
                 goto fail;
             }
-            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
+            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
             if (out_param == NULL) {
-                SSH_LOG(SSH_LOG_WARN, "DSA: No param PUB_KEY has been found");
+                SSH_LOG(SSH_LOG_TRACE, "RSA: No param N has been found");
                 goto fail;
             }
-            rc = OSSL_PARAM_get_BN(out_param, &bpub_key);
+            rc = OSSL_PARAM_get_BN(out_param, &bn);
             if (rc != 1) {
                 goto fail;
             }
 #endif /* OPENSSL_VERSION_NUMBER */
-            p = ssh_make_bignum_string((BIGNUM *)bp);
-            if (p == NULL) {
+            e = ssh_make_bignum_string((BIGNUM *)be);
+            if (e == NULL) {
                 goto fail;
             }
 
-            q = ssh_make_bignum_string((BIGNUM *)bq);
-            if (q == NULL) {
+            n = ssh_make_bignum_string((BIGNUM *)bn);
+            if (n == NULL) {
                 goto fail;
             }
 
-            g = ssh_make_bignum_string((BIGNUM *)bg);
-            if (g == NULL) {
-                goto fail;
-            }
+            if (type == SSH_KEY_PUBLIC) {
+                /* The N and E parts are swapped in the public key export ! */
+                rc = ssh_buffer_add_ssh_string(buffer, e);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, n);
+                if (rc < 0) {
+                    goto fail;
+                }
+            } else if (type == SSH_KEY_PRIVATE) {
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+                const BIGNUM *bd, *biqmp, *bp, *bq;
+                RSA_get0_key(key_rsa, NULL, NULL, &bd);
+                RSA_get0_factors(key_rsa, &bp, &bq);
+                RSA_get0_crt_params(key_rsa, NULL, NULL, &biqmp);
+#else
+                OSSL_PARAM_free(params);
+                rc = EVP_PKEY_todata(key->key, EVP_PKEY_KEYPAIR, &params);
+                if (rc != 1) {
+                    goto fail;
+                }
 
-            n = ssh_make_bignum_string((BIGNUM *)bpub_key);
-            if (n == NULL) {
-                goto fail;
-            }
+                out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
+                if (out_param == NULL) {
+                    SSH_LOG(SSH_LOG_TRACE, "RSA: No param D has been found");
+                    goto fail;
+                }
+                rc = OSSL_PARAM_get_BN(out_param, &bd);
+                if (rc != 1) {
+                    goto fail;
+                }
 
-            if (ssh_buffer_add_ssh_string(buffer, p) < 0) {
-                goto fail;
-            }
-            if (ssh_buffer_add_ssh_string(buffer, q) < 0) {
-                goto fail;
-            }
-            if (ssh_buffer_add_ssh_string(buffer, g) < 0) {
-                goto fail;
-            }
-            if (ssh_buffer_add_ssh_string(buffer, n) < 0) {
-                goto fail;
-            }
+                out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR1);
+                if (out_param == NULL) {
+                    SSH_LOG(SSH_LOG_TRACE, "RSA: No param P has been found");
+                    goto fail;
+                }
+                rc = OSSL_PARAM_get_BN(out_param, &bp);
+                if (rc != 1) {
+                    goto fail;
+                }
 
-            ssh_string_burn(p);
-            SSH_STRING_FREE(p);
-            p = NULL;
-            ssh_string_burn(g);
-            SSH_STRING_FREE(g);
-            g = NULL;
-            ssh_string_burn(q);
-            SSH_STRING_FREE(q);
-            q = NULL;
-            ssh_string_burn(n);
-            SSH_STRING_FREE(n);
-            n = NULL;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-            bignum_safe_free(bp);
-            bignum_safe_free(bq);
-            bignum_safe_free(bg);
-            bignum_safe_free(bpub_key);
-            OSSL_PARAM_free(params);
-#endif /* OPENSSL_VERSION_NUMBER */
+                out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR2);
+                if (out_param == NULL) {
+                    SSH_LOG(SSH_LOG_TRACE, "RSA: No param Q has been found");
+                    goto fail;
+                }
+                rc = OSSL_PARAM_get_BN(out_param, &bq);
+                if (rc != 1) {
+                    goto fail;
+                }
 
-            break;
-        }
-        case SSH_KEYTYPE_RSA:
-        case SSH_KEYTYPE_RSA1: {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-            const BIGNUM *be, *bn;
-            RSA_get0_key(key->rsa, &bn, &be, NULL);
-#else
-            const OSSL_PARAM *out_param = NULL;
-            rc = EVP_PKEY_todata(key->key, EVP_PKEY_PUBLIC_KEY, &params);
-            if (rc != 1) {
-                goto fail;
-            }
-            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
-            if (out_param == NULL) {
-                SSH_LOG(SSH_LOG_WARN, "RSA: No param E has been found");
-                goto fail;
-            }
-            rc = OSSL_PARAM_get_BN(out_param, &be);
-            if (rc != 1) {
-                goto fail;
-            }
-            out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
-            if (out_param == NULL) {
-                SSH_LOG(SSH_LOG_WARN, "RSA: No param N has been found");
-                goto fail;
-            }
-            rc = OSSL_PARAM_get_BN(out_param, &bn);
-            if (rc != 1) {
-                goto fail;
-            }
+                out_param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT1);
+                if (out_param == NULL) {
+                    SSH_LOG(SSH_LOG_TRACE, "RSA: No param IQMP has been found");
+                    goto fail;
+                }
+                rc = OSSL_PARAM_get_BN(out_param, &biqmp);
+                if (rc != 1) {
+                    goto fail;
+                }
 #endif /* OPENSSL_VERSION_NUMBER */
-            e = ssh_make_bignum_string((BIGNUM *)be);
-            if (e == NULL) {
-                goto fail;
-            }
+                rc = ssh_buffer_add_ssh_string(buffer, n);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, e);
+                if (rc < 0) {
+                    goto fail;
+                }
 
-            n = ssh_make_bignum_string((BIGNUM *)bn);
-            if (n == NULL) {
-                goto fail;
-            }
+                d = ssh_make_bignum_string((BIGNUM *)bd);
+                if (d == NULL) {
+                    goto fail;
+                }
 
-            if (ssh_buffer_add_ssh_string(buffer, e) < 0) {
-                goto fail;
-            }
-            if (ssh_buffer_add_ssh_string(buffer, n) < 0) {
-                goto fail;
-            }
+                iqmp = ssh_make_bignum_string((BIGNUM *)biqmp);
+                if (iqmp == NULL) {
+                    goto fail;
+                }
+
+                p = ssh_make_bignum_string((BIGNUM *)bp);
+                if (p == NULL) {
+                    goto fail;
+                }
+
+                q = ssh_make_bignum_string((BIGNUM *)bq);
+                if (q == NULL) {
+                    goto fail;
+                }
+
+                rc = ssh_buffer_add_ssh_string(buffer, d);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, iqmp);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, p);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, q);
+                if (rc < 0) {
+                    goto fail;
+                }
 
+                ssh_string_burn(d);
+                SSH_STRING_FREE(d);
+                d = NULL;
+                ssh_string_burn(iqmp);
+                SSH_STRING_FREE(iqmp);
+                iqmp = NULL;
+                ssh_string_burn(p);
+                SSH_STRING_FREE(p);
+                p = NULL;
+                ssh_string_burn(q);
+                SSH_STRING_FREE(q);
+                q = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+                bignum_safe_free(bd);
+                bignum_safe_free(biqmp);
+                bignum_safe_free(bp);
+                bignum_safe_free(bq);
+#endif /* OPENSSL_VERSION_NUMBER */
+            }
             ssh_string_burn(e);
             SSH_STRING_FREE(e);
             e = NULL;
@@ -2003,18 +1633,29 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
             bignum_safe_free(bn);
             bignum_safe_free(be);
             OSSL_PARAM_free(params);
+            params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
             break;
         }
         case SSH_KEYTYPE_ED25519:
         case SSH_KEYTYPE_SK_ED25519:
-            rc = pki_ed25519_public_key_to_blob(buffer, key);
-            if (rc == SSH_ERROR){
-                goto fail;
-            }
-            if (key->type == SSH_KEYTYPE_SK_ED25519 &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
+            if (type == SSH_KEY_PUBLIC) {
+                rc = pki_ed25519_public_key_to_blob(buffer, key);
+                if (rc == SSH_ERROR){
+                    goto fail;
+                }
+                /* public key can contain certificate sk information */
+                if (key->type == SSH_KEYTYPE_SK_ED25519) {
+                    rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
+                    if (rc < 0) {
+                        goto fail;
+                    }
+                }
+            } else {
+                rc = pki_ed25519_private_key_to_blob(buffer, key);
+                if (rc == SSH_ERROR){
+                    goto fail;
+                }
             }
             break;
         case SSH_KEYTYPE_ECDSA_P256:
@@ -2023,14 +1664,17 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
         case SSH_KEYTYPE_SK_ECDSA:
 #ifdef HAVE_OPENSSL_ECC
             {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
-                const void *pubkey;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+                EC_GROUP *group = NULL;
+                EC_POINT *point = NULL;
+                const void *pubkey = NULL;
                 size_t pubkey_len;
-                OSSL_PARAM *params, *locate_param;
+                OSSL_PARAM *locate_param = NULL;
+#else
+                const EC_GROUP *group = NULL;
+                const EC_POINT *point = NULL;
+                const BIGNUM *exp = NULL;
+                EC_KEY *ec = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
 
                 type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
@@ -2046,39 +1690,36 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
                     return NULL;
                 }
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+                ec = EVP_PKEY_get0_EC_KEY(key->key);
+                if (ec == NULL) {
+                    goto fail;
+                }
 #ifdef WITH_PKCS11_URI
-            if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) {
-                SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public"
-                        " ECDSA key objects in the PKCS #11 device. Unlike RSA,"
-                        " ECDSA public keys cannot be derived from their private keys.");
-                goto fail;
-            }
+                if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(ec)) {
+                    SSH_LOG(SSH_LOG_TRACE, "It is mandatory to have separate"
+                            " public ECDSA key objects in the PKCS #11 device."
+                            " Unlike RSA, ECDSA public keys cannot be derived"
+                            " from their private keys.");
+                    goto fail;
+                }
 #endif /* WITH_PKCS11_URI */
-                e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa),
-                                        EC_KEY_get0_public_key(key->ecdsa));
-#else
-                rc = ssh_buffer_add_ssh_string(buffer, type_s);
-                SSH_STRING_FREE(type_s);
-                if (rc < 0) {
-                    SSH_BUFFER_FREE(buffer);
-                    return NULL;
+                group = EC_KEY_get0_group(ec);
+                point = EC_KEY_get0_public_key(ec);
+                if (group == NULL || point == NULL) {
+                    goto fail;
                 }
-
+                e = pki_key_make_ecpoint_string(group, point);
+#else
                 rc = EVP_PKEY_todata(key->key, EVP_PKEY_PUBLIC_KEY, &params);
                 if (rc < 0) {
-                    OSSL_PARAM_free(params);
                     goto fail;
                 }
 
                 locate_param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
 #ifdef WITH_PKCS11_URI
                 if (ssh_key_is_private(key) && !locate_param) {
-                    SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate"
+                    SSH_LOG(SSH_LOG_TRACE, "It is mandatory to have separate"
                             " public ECDSA key objects in the PKCS #11 device."
                             " Unlike RSA, ECDSA public keys cannot be derived"
                             " from their private keys.");
@@ -2088,59 +1729,84 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
 
                 rc = OSSL_PARAM_get_octet_string_ptr(locate_param, &pubkey, &pubkey_len);
                 if (rc != 1) {
-                    OSSL_PARAM_free(params);
-                    OSSL_PARAM_free(locate_param);
+                    goto fail;
+                }
+                /* Convert the data to low-level representation */
+                group = EC_GROUP_new_by_curve_name_ex(NULL, NULL, key->ecdsa_nid);
+                point = EC_POINT_new(group);
+                rc = EC_POINT_oct2point(group, point, pubkey, pubkey_len, NULL);
+                if (group == NULL || point == NULL || rc != 1) {
+                    EC_GROUP_free(group);
+                    EC_POINT_free(point);
                     goto fail;
                 }
 
-                e = ssh_string_new(pubkey_len);
+                e = pki_key_make_ecpoint_string(group, point);
+                EC_GROUP_free(group);
+                EC_POINT_free(point);
 #endif /* OPENSSL_VERSION_NUMBER */
                 if (e == NULL) {
                     SSH_BUFFER_FREE(buffer);
                     return NULL;
                 }
 
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
-                if (memcpy(ssh_string_data(e), pubkey, pubkey_len) == NULL) {
-                    OSSL_PARAM_free(params);
-                    OSSL_PARAM_free(locate_param);
-                    goto fail;
-                }
-#endif /* OPENSSL_VERSION_NUMBER */
                 rc = ssh_buffer_add_ssh_string(buffer, e);
                 if (rc < 0) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
-                    OSSL_PARAM_free(params);
-                    OSSL_PARAM_free(locate_param);
-#endif /* OPENSSL_VERSION_NUMBER */
                     goto fail;
                 }
 
                 ssh_string_burn(e);
                 SSH_STRING_FREE(e);
                 e = NULL;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
+                if (type == SSH_KEY_PRIVATE) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+                    OSSL_PARAM_free(params);
+                    rc = EVP_PKEY_todata(key->key, EVP_PKEY_KEYPAIR, &params);
+                    if (rc < 0) {
+                        goto fail;
+                    }
+
+                    locate_param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
+                    rc = OSSL_PARAM_get_BN(locate_param, &bd);
+                    if (rc != 1) {
+                        goto fail;
+                    }
+                    d = ssh_make_bignum_string((BIGNUM *)bd);
+                    if (d == NULL) {
+                        goto fail;
+                    }
+                    if (ssh_buffer_add_ssh_string(buffer, d) < 0) {
+                        goto fail;
+                    }
+#else
+                    exp = EC_KEY_get0_private_key(ec);
+                    if (exp == NULL) {
+                        goto fail;
+                    }
+                    d = ssh_make_bignum_string((BIGNUM *)exp);
+                    if (d == NULL) {
+                        goto fail;
+                    }
+                    rc = ssh_buffer_add_ssh_string(buffer, d);
+                    if (rc < 0) {
+                        goto fail;
+                    }
+#endif /* OPENSSL_VERSION_NUMBER */
+                    ssh_string_burn(d);
+                    SSH_STRING_FREE(d);
+                    d = NULL;
+                } else if (key->type == SSH_KEYTYPE_SK_ECDSA) {
+                    /* public key can contain certificate sk information */
+                    rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
+                    if (rc < 0) {
+                        goto fail;
+                    }
+                }
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+                bignum_safe_free(bd);
                 OSSL_PARAM_free(params);
-                OSSL_PARAM_free(locate_param);
+                params = NULL;
 #endif /* OPENSSL_VERSION_NUMBER */
-
-            if (key->type == SSH_KEYTYPE_SK_ECDSA &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
-            }
-
                 break;
             }
 #endif /* HAVE_OPENSSL_ECC */
@@ -2176,6 +1842,10 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     SSH_STRING_FREE(q);
     ssh_string_burn(n);
     SSH_STRING_FREE(n);
+    ssh_string_burn(d);
+    SSH_STRING_FREE(d);
+    ssh_string_burn(iqmp);
+    SSH_STRING_FREE(iqmp);
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     bignum_safe_free(bp);
     bignum_safe_free(bq);
@@ -2183,98 +1853,14 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     bignum_safe_free(bpub_key);
     bignum_safe_free(bn);
     bignum_safe_free(be);
+    bignum_safe_free(bd);
+    bignum_safe_free(biqmp);
     OSSL_PARAM_free(params);
 #endif /* OPENSSL_VERSION_NUMBER */
 
     return NULL;
 }
 
-static ssh_string pki_dsa_signature_to_blob(const ssh_signature sig)
-{
-    char buffer[40] = { 0 };
-    ssh_string sig_blob = NULL;
-    const BIGNUM *pr = NULL, *ps = NULL;
-
-    ssh_string r = NULL;
-    size_t r_len, r_offset_in, r_offset_out;
-
-    ssh_string s = NULL;
-    size_t s_len, s_offset_in, s_offset_out;
-
-    const unsigned char *raw_sig_data = NULL;
-    size_t raw_sig_len;
-    int rc;
-
-    DSA_SIG *dsa_sig;
-
-    if (sig == NULL || sig->raw_sig == NULL) {
-        return NULL;
-    }
-    raw_sig_data = ssh_string_data(sig->raw_sig);
-    if (raw_sig_data == NULL) {
-        return NULL;
-    }
-    raw_sig_len = ssh_string_len(sig->raw_sig);
-
-    dsa_sig = d2i_DSA_SIG(NULL, &raw_sig_data, raw_sig_len);
-    if (dsa_sig == NULL) {
-        return NULL;
-    }
-
-    DSA_SIG_get0(dsa_sig, &pr, &ps);
-    if (pr == NULL || ps == NULL) {
-        goto error;
-    }
-
-    r = ssh_make_bignum_string((BIGNUM *)pr);
-    if (r == NULL) {
-        goto error;
-    }
-
-    s = ssh_make_bignum_string((BIGNUM *)ps);
-    if (s == NULL) {
-        goto error;
-    }
-
-    r_len = ssh_string_len(r);
-    r_offset_in  = (r_len > 20) ? (r_len - 20) : 0;
-    r_offset_out = (r_len < 20) ? (20 - r_len) : 0;
-
-    s_len = ssh_string_len(s);
-    s_offset_in  = (s_len > 20) ? (s_len - 20) : 0;
-    s_offset_out = (s_len < 20) ? (20 - s_len) : 0;
-
-    memcpy(buffer + r_offset_out,
-           ((char *)ssh_string_data(r)) + r_offset_in,
-           r_len - r_offset_in);
-    memcpy(buffer + 20 + s_offset_out,
-           ((char *)ssh_string_data(s)) + s_offset_in,
-           s_len - s_offset_in);
-
-    DSA_SIG_free(dsa_sig);
-    SSH_STRING_FREE(r);
-    SSH_STRING_FREE(s);
-
-    sig_blob = ssh_string_new(40);
-    if (sig_blob == NULL) {
-        return NULL;
-    }
-
-    rc = ssh_string_fill(sig_blob, buffer, 40);
-    if (rc < 0) {
-        SSH_STRING_FREE(sig_blob);
-        return NULL;
-    }
-
-    return sig_blob;
-
-error:
-    DSA_SIG_free(dsa_sig);
-    SSH_STRING_FREE(r);
-    SSH_STRING_FREE(s);
-    return NULL;
-}
-
 static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
 {
     ssh_string r = NULL;
@@ -2288,7 +1874,7 @@ static ssh_string pki_ecdsa_signature_to_blob(const ssh_signature sig)
     const unsigned char *raw_sig_data = NULL;
     size_t raw_sig_len;
 
-    ECDSA_SIG *ecdsa_sig;
+    ECDSA_SIG *ecdsa_sig = NULL;
 
     int rc;
 
@@ -2367,9 +1953,6 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
     ssh_string sig_blob = NULL;
 
     switch(sig->type) {
-        case SSH_KEYTYPE_DSS:
-            sig_blob = pki_dsa_signature_to_blob(sig);
-            break;
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
             sig_blob = ssh_string_copy(sig->raw_sig);
@@ -2386,7 +1969,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
 #endif /* HAVE_OPENSSL_ECC */
         default:
         case SSH_KEYTYPE_UNKNOWN:
-            SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", sig->type_c);
+            SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s", sig->type_c);
             return NULL;
     }
 
@@ -2406,195 +1989,70 @@ static int pki_signature_from_rsa_blob(const ssh_key pubkey,
     size_t len = ssh_string_len(sig_blob);
 
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
-    if (pubkey->rsa == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL");
+    const RSA *rsa = EVP_PKEY_get0_RSA(pubkey->key);
+
+    if (rsa == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "RSA field NULL");
         goto errout;
     }
 
-    rsalen = RSA_size(pubkey->rsa);
+    rsalen = RSA_size(rsa);
 #else
     if (EVP_PKEY_get_base_id(pubkey->key) != EVP_PKEY_RSA) {
-        SSH_LOG(SSH_LOG_WARN, "Key has no RSA pubkey");
+        SSH_LOG(SSH_LOG_TRACE, "Key has no RSA pubkey");
         goto errout;
     }
 
     rsalen = EVP_PKEY_size(pubkey->key);
 #endif /* OPENSSL_VERSION_NUMBER */
     if (len > rsalen) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Signature is too big: %lu > %lu",
                 (unsigned long)len,
-                (unsigned long)rsalen);
-        goto errout;
-    }
-
-#ifdef DEBUG_CRYPTO
-    SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
-    ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len);
-#endif /* DEBUG_CRYPTO */
-
-    if (len == rsalen) {
-        sig->raw_sig = ssh_string_copy(sig_blob);
-    } else {
-        /* pad the blob to the expected rsalen size */
-        SSH_LOG(SSH_LOG_DEBUG,
-                "RSA signature len %lu < %lu",
-                (unsigned long)len,
-                (unsigned long)rsalen);
-
-        pad_len = rsalen - len;
-
-        sig_blob_padded = ssh_string_new(rsalen);
-        if (sig_blob_padded == NULL) {
-            goto errout;
-        }
-
-        blob_padded_data = (char *) ssh_string_data(sig_blob_padded);
-        blob_orig = (char *) ssh_string_data(sig_blob);
-
-        if (blob_padded_data == NULL || blob_orig == NULL) {
-            goto errout;
-        }
-
-        /* front-pad the buffer with zeroes */
-        explicit_bzero(blob_padded_data, pad_len);
-        /* fill the rest with the actual signature blob */
-        memcpy(blob_padded_data + pad_len, blob_orig, len);
-
-        sig->raw_sig = sig_blob_padded;
-    }
-
-    return SSH_OK;
-
-errout:
-    SSH_STRING_FREE(sig_blob_padded);
-    return SSH_ERROR;
-}
-
-static int pki_signature_from_dsa_blob(UNUSED_PARAM(const ssh_key pubkey),
-                                       const ssh_string sig_blob,
-                                       ssh_signature sig)
-{
-    DSA_SIG *dsa_sig = NULL;
-    BIGNUM *pr = NULL, *ps = NULL;
-
-    ssh_string r;
-    ssh_string s = NULL;
-
-    size_t len;
-
-    size_t raw_sig_len = 0;
-    unsigned char *raw_sig_data = NULL;
-    unsigned char *temp_raw_sig = NULL;
-
-    int rc;
-
-    len = ssh_string_len(sig_blob);
-
-    /* 40 is the dual signature blob len. */
-    if (len != 40) {
-        SSH_LOG(SSH_LOG_WARN,
-                "Signature has wrong size: %lu",
-                (unsigned long)len);
-        goto error;
-    }
-
-#ifdef DEBUG_CRYPTO
-    ssh_log_hexdump("r", ssh_string_data(sig_blob), 20);
-    ssh_log_hexdump("s", (unsigned char *)ssh_string_data(sig_blob) + 20, 20);
-#endif /* DEBUG_CRYPTO */
-
-    r = ssh_string_new(20);
-    if (r == NULL) {
-        goto error;
-    }
-    rc = ssh_string_fill(r, ssh_string_data(sig_blob), 20);
-    if (rc < 0) {
-        SSH_STRING_FREE(r);
-        goto error;
-    }
-
-    pr = ssh_make_string_bn(r);
-    ssh_string_burn(r);
-    SSH_STRING_FREE(r);
-    if (pr == NULL) {
-        goto error;
-    }
-
-    s = ssh_string_new(20);
-    if (s == NULL) {
-        goto error;
-    }
-    rc = ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
-    if (rc < 0) {
-        SSH_STRING_FREE(s);
-        goto error;
+                (unsigned long)rsalen);
+        goto errout;
     }
 
-    ps = ssh_make_string_bn(s);
-    ssh_string_burn(s);
-    SSH_STRING_FREE(s);
-    if (ps == NULL) {
-        goto error;
-    }
+#ifdef DEBUG_CRYPTO
+    SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
+    ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len);
+#endif /* DEBUG_CRYPTO */
 
-    dsa_sig = DSA_SIG_new();
-    if (dsa_sig == NULL) {
-        goto error;
-    }
+    if (len == rsalen) {
+        sig->raw_sig = ssh_string_copy(sig_blob);
+    } else {
+        /* pad the blob to the expected rsalen size */
+        SSH_LOG(SSH_LOG_DEBUG,
+                "RSA signature len %lu < %lu",
+                (unsigned long)len,
+                (unsigned long)rsalen);
 
-    /* Memory management of pr and ps is transferred to DSA signature
-     * object */
-    rc = DSA_SIG_set0(dsa_sig, pr, ps);
-    if (rc == 0) {
-        goto error;
-    }
-    ps = NULL;
-    pr = NULL;
+        pad_len = rsalen - len;
 
-    /* Get the expected size of the buffer */
-    rc = i2d_DSA_SIG(dsa_sig, NULL);
-    if (rc <= 0) {
-        goto error;
-    }
-    raw_sig_len = rc;
+        sig_blob_padded = ssh_string_new(rsalen);
+        if (sig_blob_padded == NULL) {
+            goto errout;
+        }
 
-    raw_sig_data = (unsigned char *)calloc(1, raw_sig_len);
-    if (raw_sig_data == NULL) {
-        goto error;
-    }
-    temp_raw_sig = raw_sig_data;
+        blob_padded_data = (char *) ssh_string_data(sig_blob_padded);
+        blob_orig = (char *) ssh_string_data(sig_blob);
 
-    /* It is necessary to use a temporary pointer as i2d_* "advances" the
-     * pointer */
-    raw_sig_len = i2d_DSA_SIG(dsa_sig, &temp_raw_sig);
-    if (raw_sig_len <= 0) {
-        goto error;
-    }
+        if (blob_padded_data == NULL || blob_orig == NULL) {
+            goto errout;
+        }
 
-    sig->raw_sig = ssh_string_new(raw_sig_len);
-    if (sig->raw_sig == NULL) {
-        explicit_bzero(raw_sig_data, raw_sig_len);
-        goto error;
-    }
+        /* front-pad the buffer with zeroes */
+        explicit_bzero(blob_padded_data, pad_len);
+        /* fill the rest with the actual signature blob */
+        memcpy(blob_padded_data + pad_len, blob_orig, len);
 
-    rc = ssh_string_fill(sig->raw_sig, raw_sig_data, raw_sig_len);
-    if (rc < 0) {
-        explicit_bzero(raw_sig_data, raw_sig_len);
-        goto error;
+        sig->raw_sig = sig_blob_padded;
     }
 
-    explicit_bzero(raw_sig_data, raw_sig_len);
-    SAFE_FREE(raw_sig_data);
-    DSA_SIG_free(dsa_sig);
-
     return SSH_OK;
 
-error:
-    bignum_safe_free(ps);
-    bignum_safe_free(pr);
-    SAFE_FREE(raw_sig_data);
-    DSA_SIG_free(dsa_sig);
+errout:
+    SSH_STRING_FREE(sig_blob_padded);
     return SSH_ERROR;
 }
 
@@ -2605,8 +2063,8 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
     ECDSA_SIG *ecdsa_sig = NULL;
     BIGNUM *pr = NULL, *ps = NULL;
 
-    ssh_string r;
-    ssh_string s;
+    ssh_string r = NULL;
+    ssh_string s = NULL;
 
     ssh_buffer buf = NULL;
     uint32_t rlen;
@@ -2623,6 +2081,9 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
         return SSH_ERROR;
     }
 
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buf);
+
     rc = ssh_buffer_add_data(buf,
                              ssh_string_data(sig_blob),
                              ssh_string_len(sig_blob));
@@ -2656,7 +2117,7 @@ static int pki_signature_from_ecdsa_blob(UNUSED_PARAM(const ssh_key pubkey),
     if (rlen != 0) {
         ssh_string_burn(s);
         SSH_STRING_FREE(s);
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Signature has remaining bytes in inner "
                 "sigblob: %lu",
                 (unsigned long)rlen);
@@ -2745,7 +2206,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     int rc;
 
     if (ssh_key_type_plain(pubkey->type) != type) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Incompatible public key provided (%d) expecting (%d)",
                 type,
                 pubkey->type);
@@ -2762,12 +2223,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     sig->hash_type = hash_type;
 
     switch(type) {
-        case SSH_KEYTYPE_DSS:
-            rc = pki_signature_from_dsa_blob(pubkey, sig_blob, sig);
-            if (rc != SSH_OK) {
-                goto error;
-            }
-            break;
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA1:
             rc = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
@@ -2799,7 +2254,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
 #endif
         default:
         case SSH_KEYTYPE_UNKNOWN:
-            SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
+            SSH_LOG(SSH_LOG_TRACE, "Unknown signature type");
             goto error;
     }
 
@@ -2842,60 +2297,12 @@ static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type)
 static EVP_PKEY *pki_key_to_pkey(ssh_key key)
 {
     EVP_PKEY *pkey = NULL;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
     int rc = 0;
-#endif
 
     switch (key->type) {
-    case SSH_KEYTYPE_DSS:
-    case SSH_KEYTYPE_DSS_CERT01:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        if (key->dsa == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "NULL key->dsa");
-            goto error;
-        }
-        pkey = EVP_PKEY_new();
-        if (pkey == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "Out of memory");
-            return NULL;
-        }
-
-        EVP_PKEY_set1_DSA(pkey, key->dsa);
-        break;
-#endif /* OPENSSL_VERSION_NUMBER */
     case SSH_KEYTYPE_RSA:
     case SSH_KEYTYPE_RSA1:
     case SSH_KEYTYPE_RSA_CERT01:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        if (key->rsa == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "NULL key->rsa");
-            goto error;
-        }
-        pkey = EVP_PKEY_new();
-        if (pkey == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "Out of memory");
-            return NULL;
-        }
-
-        EVP_PKEY_set1_RSA(pkey, key->rsa);
-        break;
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Remove this #else part from here
- */
-#else
-        if (key->key == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "NULL key->key");
-            goto error;
-        }
-        rc = EVP_PKEY_up_ref(key->key);
-        if (rc != 1) {
-            SSH_LOG(SSH_LOG_TRACE, "Failed to reference EVP_PKEY");
-            return NULL;
-        }
-        pkey = key->key;
-        break;
-#endif /* OPENSSL_VERSION_NUMBER */
     case SSH_KEYTYPE_ECDSA_P256:
     case SSH_KEYTYPE_ECDSA_P384:
     case SSH_KEYTYPE_ECDSA_P521:
@@ -2904,48 +2311,21 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
     case SSH_KEYTYPE_ECDSA_P521_CERT01:
     case SSH_KEYTYPE_SK_ECDSA:
     case SSH_KEYTYPE_SK_ECDSA_CERT01:
-# if defined(HAVE_OPENSSL_ECC)
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-        if (key->ecdsa == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "NULL key->ecdsa");
-            goto error;
-        }
-        pkey = EVP_PKEY_new();
-        if (pkey == NULL) {
-            SSH_LOG(SSH_LOG_TRACE, "Out of memory");
-            return NULL;
-        }
-
-        EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa);
-        break;
-#endif /* OPENSSL_VERSION_NUMBER */
-# endif
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER >= 0x30000000L
- */
-#if 0
         if (key->key == NULL) {
             SSH_LOG(SSH_LOG_TRACE, "NULL key->key");
             goto error;
         }
-        rc = EVP_PKEY_uo_ref(key->key);
+        rc = EVP_PKEY_up_ref(key->key);
         if (rc != 1) {
             SSH_LOG(SSH_LOG_TRACE, "Failed to reference EVP_PKEY");
             return NULL;
         }
         pkey = key->key;
         break;
-#endif /* OPENSSL_VERSION_NUMBER */
     case SSH_KEYTYPE_ED25519:
     case SSH_KEYTYPE_ED25519_CERT01:
     case SSH_KEYTYPE_SK_ED25519:
     case SSH_KEYTYPE_SK_ED25519_CERT01:
-# if defined(HAVE_OPENSSL_ED25519)
         if (ssh_key_is_private(key)) {
             if (key->ed25519_privkey == NULL) {
                 SSH_LOG(SSH_LOG_TRACE, "NULL key->ed25519_privkey");
@@ -2973,7 +2353,6 @@ static EVP_PKEY *pki_key_to_pkey(ssh_key key)
             return NULL;
         }
         break;
-#endif
     case SSH_KEYTYPE_UNKNOWN:
     default:
         SSH_LOG(SSH_LOG_TRACE, "Unknown private key algorithm for type: %d",
@@ -3029,14 +2408,6 @@ ssh_signature pki_sign_data(const ssh_key privkey,
         return NULL;
     }
 
-#ifndef HAVE_OPENSSL_ED25519
-    if (privkey->type == SSH_KEYTYPE_ED25519 ||
-        privkey->type == SSH_KEYTYPE_ED25519_CERT01)
-    {
-        return pki_do_sign_hash(privkey, input, input_len, hash_type);
-    }
-#endif
-
     /* Set hash algorithm to be used */
     md = pki_digest_to_md(hash_type);
     if (md == NULL) {
@@ -3075,7 +2446,6 @@ ssh_signature pki_sign_data(const ssh_key privkey,
         goto out;
     }
 
-#ifdef HAVE_OPENSSL_EVP_DIGESTSIGN
     rc = EVP_DigestSign(ctx, raw_sig_data, &raw_sig_len, input, input_len);
     if (rc != 1) {
         SSH_LOG(SSH_LOG_TRACE,
@@ -3083,23 +2453,6 @@ ssh_signature pki_sign_data(const ssh_key privkey,
                 ERR_error_string(ERR_get_error(), NULL));
         goto out;
     }
-#else
-    rc = EVP_DigestSignUpdate(ctx, input, input_len);
-    if (rc != 1) {
-        SSH_LOG(SSH_LOG_TRACE,
-                "EVP_DigestSignUpdate() failed: %s",
-                ERR_error_string(ERR_get_error(), NULL));
-        goto out;
-    }
-
-    rc = EVP_DigestSignFinal(ctx, raw_sig_data, &raw_sig_len);
-    if (rc != 1) {
-        SSH_LOG(SSH_LOG_TRACE,
-                "EVP_DigestSignFinal() failed: %s",
-                ERR_error_string(ERR_get_error(), NULL));
-        goto out;
-    }
-#endif
 
 #ifdef DEBUG_CRYPTO
         ssh_log_hexdump("Generated signature", raw_sig_data, raw_sig_len);
@@ -3166,15 +2519,15 @@ int pki_verify_data_signature(ssh_signature signature,
     unsigned char *raw_sig_data = NULL;
     unsigned int raw_sig_len;
 
+    /* Function return code
+     * Do not change this variable throughout the function until the signature
+     * is successfully verified!
+     */
     int rc = SSH_ERROR;
-    int evp_rc;
+    int ok;
 
     if (pubkey == NULL || ssh_key_is_private(pubkey) || input == NULL ||
-        signature == NULL || (signature->raw_sig == NULL
-#ifndef HAVE_OPENSSL_ED25519
-        && signature->ed25519_sig == NULL
-#endif
-        ))
+        signature == NULL || signature->raw_sig == NULL)
     {
         SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
                                "pki_verify_data_signature()");
@@ -3182,21 +2535,11 @@ int pki_verify_data_signature(ssh_signature signature,
     }
 
     /* Check if public key and hash type are compatible */
-    rc = pki_key_check_hash_compatible(pubkey, signature->hash_type);
-    if (rc != SSH_OK) {
+    ok = pki_key_check_hash_compatible(pubkey, signature->hash_type);
+    if (ok != SSH_OK) {
         return SSH_ERROR;
     }
 
-#ifndef HAVE_OPENSSL_ED25519
-    if (pubkey->type == SSH_KEYTYPE_ED25519 ||
-        pubkey->type == SSH_KEYTYPE_ED25519_CERT01 ||
-        pubkey->type == SSH_KEYTYPE_SK_ED25519 ||
-        pubkey->type == SSH_KEYTYPE_SK_ED25519_CERT01)
-    {
-        return pki_ed25519_verify(pubkey, signature, input, input_len);
-    }
-#endif
-
     /* Get the signature to be verified */
     raw_sig_data = ssh_string_data(signature->raw_sig);
     raw_sig_len = ssh_string_len(signature->raw_sig);
@@ -3228,41 +2571,27 @@ int pki_verify_data_signature(ssh_signature signature,
     }
 
     /* Verify the signature */
-    evp_rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
-    if (evp_rc != 1){
+    ok = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
+    if (ok != 1){
         SSH_LOG(SSH_LOG_TRACE,
                 "EVP_DigestVerifyInit() failed: %s",
                 ERR_error_string(ERR_get_error(), NULL));
         goto out;
     }
 
-#ifdef HAVE_OPENSSL_EVP_DIGESTVERIFY
-    evp_rc = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
-#else
-    evp_rc = EVP_DigestVerifyUpdate(ctx, input, input_len);
-    if (evp_rc != 1) {
+    ok = EVP_DigestVerify(ctx, raw_sig_data, raw_sig_len, input, input_len);
+    if (ok != 1) {
         SSH_LOG(SSH_LOG_TRACE,
-                "EVP_DigestVerifyUpdate() failed: %s",
+                "Signature invalid: %s",
                 ERR_error_string(ERR_get_error(), NULL));
         goto out;
     }
 
-    evp_rc = EVP_DigestVerifyFinal(ctx, raw_sig_data, raw_sig_len);
-#endif
-    if (evp_rc == 1) {
-        SSH_LOG(SSH_LOG_TRACE, "Signature valid");
-        rc = SSH_OK;
-    } else {
-        SSH_LOG(SSH_LOG_TRACE,
-                "Signature invalid: %s",
-                ERR_error_string(ERR_get_error(), NULL));
-        rc = SSH_ERROR;
-    }
+    SSH_LOG(SSH_LOG_TRACE, "Signature valid");
+    rc = SSH_OK;
 
 out:
-    if (ctx != NULL) {
-        EVP_MD_CTX_free(ctx);
-    }
+    EVP_MD_CTX_free(ctx);
     EVP_PKEY_free(pkey);
     return rc;
 }
@@ -3273,8 +2602,6 @@ int ssh_key_size(ssh_key key)
     EVP_PKEY *pkey = NULL;
 
     switch (key->type) {
-    case SSH_KEYTYPE_DSS:
-    case SSH_KEYTYPE_DSS_CERT01:
     case SSH_KEYTYPE_RSA:
     case SSH_KEYTYPE_RSA_CERT01:
     case SSH_KEYTYPE_RSA1:
@@ -3299,13 +2626,14 @@ int ssh_key_size(ssh_key key)
     case SSH_KEYTYPE_SK_ED25519_CERT01:
         /* ed25519 keys have fixed size */
         return 255;
+    case SSH_KEYTYPE_DSS:   /* deprecated */
+    case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
     case SSH_KEYTYPE_UNKNOWN:
     default:
         return SSH_ERROR;
     }
 }
 
-#ifdef HAVE_OPENSSL_ED25519
 int pki_key_generate_ed25519(ssh_key key)
 {
     int evp_rc;
@@ -3390,50 +2718,18 @@ int pki_key_generate_ed25519(ssh_key key)
 
     return SSH_ERROR;
 }
-#else
-ssh_signature pki_do_sign_hash(const ssh_key privkey,
-                               const unsigned char *hash,
-                               size_t hlen,
-                               enum ssh_digest_e hash_type)
-{
-    ssh_signature sig = NULL;
-    int rc;
-
-    sig = ssh_signature_new();
-    if (sig == NULL) {
-        return NULL;
-    }
-
-    sig->type = privkey->type;
-    sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
-    sig->hash_type = hash_type;
-
-    switch(privkey->type) {
-        case SSH_KEYTYPE_ED25519:
-            rc = pki_ed25519_sign(privkey, sig, hash, hlen);
-            if (rc != SSH_OK) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
-        default:
-            ssh_signature_free(sig);
-            return NULL;
-    }
 
-    return sig;
-}
-#endif /* HAVE_OPENSSL_ED25519 */
+#ifdef WITH_PKCS11_URI
 
 /**
  * @internal
  *
- * @brief Populate the public/private ssh_key from the engine with
+ * @brief Populate the public/private ssh_key from the engine/provider with
  * PKCS#11 URIs as the look up.
  *
  * @param[in]   uri_name    The PKCS#11 URI
  * @param[in]   nkey        The ssh-key context for
- *                          the key loaded from the engine.
+ *                          the key loaded from the engine/provider.
  * @param[in]   key_type    The type of the key used. Public/Private.
  *
  * @return  SSH_OK if ssh-key is valid; SSH_ERROR otherwise.
@@ -3442,27 +2738,19 @@ int pki_uri_import(const char *uri_name,
                      ssh_key *nkey,
                      enum ssh_key_e key_type)
 {
-    ENGINE *engine = NULL;
     EVP_PKEY *pkey = NULL;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    RSA *rsa = NULL;
-#endif
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move HAVE_OPENSSL_ECC #ifdef into #if above
- */
-#ifdef HAVE_OPENSSL_ECC
-    EC_KEY *ecdsa = NULL;
-#else
-    void *ecdsa = NULL;
-#endif
     ssh_key key = NULL;
     enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L && HAVE_OPENSSL_ECC
+    EC_KEY *ecdsa = NULL;
+#endif
+#ifndef WITH_PKCS11_PROVIDER
+    ENGINE *engine = NULL;
 
     /* Do the init only once */
     engine = pki_get_engine();
     if (engine == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Failed to initialize engine");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to initialize engine");
         goto fail;
     }
 
@@ -3470,26 +2758,85 @@ int pki_uri_import(const char *uri_name,
     case SSH_KEY_PRIVATE:
         pkey = ENGINE_load_private_key(engine, uri_name, NULL, NULL);
         if (pkey == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Could not load key: %s",
-                    ERR_error_string(ERR_get_error(),NULL));
+                    ERR_error_string(ERR_get_error(), NULL));
             goto fail;
         }
         break;
     case SSH_KEY_PUBLIC:
         pkey = ENGINE_load_public_key(engine, uri_name, NULL, NULL);
         if (pkey == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Could not load key: %s",
-                    ERR_error_string(ERR_get_error(),NULL));
+                    ERR_error_string(ERR_get_error(), NULL));
             goto fail;
         }
         break;
     default:
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Invalid key type: %d", key_type);
         goto fail;
     }
+#else /* WITH_PKCS11_PROVIDER */
+    OSSL_STORE_CTX *store = NULL;
+    OSSL_STORE_INFO *info = NULL;
+    int rv, expect_type = OSSL_STORE_INFO_PKEY;
+
+    /* The provider can be either configured in openssl.cnf or dynamically
+     * loaded, assuming it does not need any special configuration */
+    rv = pki_load_pkcs11_provider();
+    if (rv != SSH_OK) {
+        SSH_LOG(SSH_LOG_TRACE, "Failed to load or initialize pkcs11 provider");
+        goto fail;
+    }
+
+    store = OSSL_STORE_open(uri_name, NULL, NULL, NULL, NULL);
+    if (store == NULL) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "Failed to open OpenSSL store: %s",
+                ERR_error_string(ERR_get_error(), NULL));
+        goto fail;
+    }
+    if (key_type == SSH_KEY_PUBLIC) {
+        expect_type = OSSL_STORE_INFO_PUBKEY;
+    }
+    rv = OSSL_STORE_expect(store, expect_type);
+    if (rv != 1) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "Failed to set the store preference. Ignoring the error: %s",
+                ERR_error_string(ERR_get_error(), NULL));
+    }
+
+    for (info = OSSL_STORE_load(store);
+         info != NULL;
+         info = OSSL_STORE_load(store)) {
+        int ossl_type = OSSL_STORE_INFO_get_type(info);
+
+        if (ossl_type == OSSL_STORE_INFO_PUBKEY && key_type == SSH_KEY_PUBLIC) {
+            pkey = OSSL_STORE_INFO_get1_PUBKEY(info);
+        } else if (ossl_type == OSSL_STORE_INFO_PKEY &&
+                   key_type == SSH_KEY_PRIVATE) {
+            pkey = OSSL_STORE_INFO_get1_PKEY(info);
+        } else {
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Ignoring object not matching our type: %d",
+                    ossl_type);
+            OSSL_STORE_INFO_free(info);
+            continue;
+        }
+        OSSL_STORE_INFO_free(info);
+        break;
+    }
+    OSSL_STORE_close(store);
+    if (pkey == NULL) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "No key found in the pkcs11 store: %s",
+                ERR_error_string(ERR_get_error(), NULL));
+        goto fail;
+    }
+
+#endif /* WITH_PKCS11_PROVIDER */
 
     key = ssh_key_new();
     if (key == NULL) {
@@ -3498,27 +2845,14 @@ int pki_uri_import(const char *uri_name,
 
     switch (EVP_PKEY_base_id(pkey)) {
     case EVP_PKEY_RSA:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-        rsa = EVP_PKEY_get1_RSA(pkey);
-        if (rsa == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
-                    "Parsing pub key: %s",
-                    ERR_error_string(ERR_get_error(),NULL));
-            goto fail;
-        }
-#endif /* OPENSSL_VERSION_NUMBER */
         type = SSH_KEYTYPE_RSA;
         break;
     case EVP_PKEY_EC:
 #ifdef HAVE_OPENSSL_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-        ecdsa = EVP_PKEY_get1_EC_KEY(pkey);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+        ecdsa = EVP_PKEY_get0_EC_KEY(pkey);
         if (ecdsa == NULL) {
-            SSH_LOG(SSH_LOG_WARN,
+            SSH_LOG(SSH_LOG_TRACE,
                     "Parsing pub key: %s",
                     ERR_error_string(ERR_get_error(), NULL));
             goto fail;
@@ -3531,14 +2865,14 @@ int pki_uri_import(const char *uri_name,
         type = pki_key_ecdsa_to_key_type(pkey);
 #endif /* OPENSSL_VERSION_NUMBER */
         if (type == SSH_KEYTYPE_UNKNOWN) {
-            SSH_LOG(SSH_LOG_WARN, "Invalid pub key.");
+            SSH_LOG(SSH_LOG_TRACE, "Invalid pub key.");
             goto fail;
         }
 
         break;
 #endif
     default:
-        SSH_LOG(SSH_LOG_WARN, "Unknown or invalid public key type %d",
+        SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid public key type %d",
                 EVP_PKEY_base_id(pkey));
         goto fail;
     }
@@ -3550,22 +2884,10 @@ int pki_uri_import(const char *uri_name,
     if (key_type == SSH_KEY_PRIVATE) {
         key->flags |= SSH_KEY_FLAG_PRIVATE;
     }
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    key->rsa = rsa;
-#endif
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move line key->ecdsa into #if above
- */
-    key->ecdsa = ecdsa;
 #ifdef HAVE_OPENSSL_ECC
     if (is_ecdsa_key_type(key->type)) {
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
-        key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+        key->ecdsa_nid = pki_key_ecdsa_to_nid(ecdsa);
 #else
         key->ecdsa_nid = pki_key_ecdsa_to_nid(key->key);
 #endif /* OPENSSL_VERSION_NUMBER */
@@ -3579,18 +2901,9 @@ int pki_uri_import(const char *uri_name,
 fail:
     EVP_PKEY_free(pkey);
     ssh_key_free(key);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    RSA_free(rsa);
-#endif
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * Move HAVE_OPENSSL_ECC #ifdef into #if above
- */
-#ifdef HAVE_OPENSSL_ECC
-    EC_KEY_free(ecdsa);
-#endif
 
     return SSH_ERROR;
 }
+#endif /* WITH_PKCS11_URI */
 
 #endif /* _PKI_CRYPTO_H */
diff --git a/libssh/src/pki_ed25519.c b/libssh/src/pki_ed25519.c
index 6a5a4a8a..0674fb63 100644
--- a/libssh/src/pki_ed25519.c
+++ b/libssh/src/pki_ed25519.c
@@ -62,7 +62,7 @@ int pki_ed25519_sign(const ssh_key privkey,
                      size_t hlen)
 {
     int rc;
-    uint8_t *buffer;
+    uint8_t *buffer = NULL;
     uint64_t dlen = 0;
 
     buffer = malloc(hlen + ED25519_SIG_LEN);
@@ -104,8 +104,8 @@ int pki_ed25519_verify(const ssh_key pubkey,
                        size_t hlen)
 {
     uint64_t mlen = 0;
-    uint8_t *buffer;
-    uint8_t *buffer2;
+    uint8_t *buffer = NULL;
+    uint8_t *buffer2 = NULL;
     int rc;
 
     if (pubkey == NULL || sig == NULL ||
diff --git a/libssh/src/pki_ed25519_common.c b/libssh/src/pki_ed25519_common.c
index 7aa05269..3faa168c 100644
--- a/libssh/src/pki_ed25519_common.c
+++ b/libssh/src/pki_ed25519_common.c
@@ -34,11 +34,11 @@ int pki_privkey_build_ed25519(ssh_key key,
     if (ssh_string_len(pubkey) != ED25519_KEY_LEN ||
         ssh_string_len(privkey) != (2 * ED25519_KEY_LEN))
     {
-        SSH_LOG(SSH_LOG_WARN, "Invalid ed25519 key len");
+        SSH_LOG(SSH_LOG_TRACE, "Invalid ed25519 key len");
         return SSH_ERROR;
     }
 
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
     /* In OpenSSL implementation, the private key is the original private seed,
      * without the public key. */
     key->ed25519_privkey = malloc(ED25519_KEY_LEN);
@@ -56,7 +56,7 @@ int pki_privkey_build_ed25519(ssh_key key,
         goto error;
     }
 
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
     memcpy(key->ed25519_privkey, ssh_string_data(privkey),
            ED25519_KEY_LEN);
 #else
@@ -99,7 +99,7 @@ int pki_ed25519_key_cmp(const ssh_key k1,
         if (k1->ed25519_privkey == NULL || k2->ed25519_privkey == NULL) {
             return 1;
         }
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
         /* In OpenSSL implementation, the private key is the original private
          * seed, without the public key. */
         cmp = memcmp(k1->ed25519_privkey, k2->ed25519_privkey, ED25519_KEY_LEN);
@@ -121,6 +121,10 @@ int pki_ed25519_key_cmp(const ssh_key k1,
         if (cmp != 0) {
             return 1;
         }
+        break;
+    case SSH_KEY_CMP_CERTIFICATE:
+        /* handled globally */
+        return 1;
     }
 
     return 0;
@@ -137,39 +141,39 @@ int pki_ed25519_key_cmp(const ssh_key k1,
  *
  * @return SSH_ERROR on error, SSH_OK on success
  */
-int pki_ed25519_key_dup(ssh_key new, const ssh_key key)
+int pki_ed25519_key_dup(ssh_key new_key, const ssh_key key)
 {
     if (key->ed25519_privkey == NULL && key->ed25519_pubkey == NULL) {
         return SSH_ERROR;
     }
 
     if (key->ed25519_privkey != NULL) {
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
         /* In OpenSSL implementation, the private key is the original private
          * seed, without the public key. */
-        new->ed25519_privkey = malloc(ED25519_KEY_LEN);
+        new_key->ed25519_privkey = malloc(ED25519_KEY_LEN);
 #else
         /* In the internal implementation, the private key is the concatenation
          * of the private seed with the public key. */
-        new->ed25519_privkey = malloc(2 * ED25519_KEY_LEN);
+        new_key->ed25519_privkey = malloc(2 * ED25519_KEY_LEN);
 #endif
-        if (new->ed25519_privkey == NULL) {
+        if (new_key->ed25519_privkey == NULL) {
             return SSH_ERROR;
         }
-#ifdef HAVE_OPENSSL_ED25519
-        memcpy(new->ed25519_privkey, key->ed25519_privkey, ED25519_KEY_LEN);
+#ifdef HAVE_LIBCRYPTO
+        memcpy(new_key->ed25519_privkey, key->ed25519_privkey, ED25519_KEY_LEN);
 #else
-        memcpy(new->ed25519_privkey, key->ed25519_privkey, 2 * ED25519_KEY_LEN);
+        memcpy(new_key->ed25519_privkey, key->ed25519_privkey, 2 * ED25519_KEY_LEN);
 #endif
     }
 
     if (key->ed25519_pubkey != NULL) {
-        new->ed25519_pubkey = malloc(ED25519_KEY_LEN);
-        if (new->ed25519_pubkey == NULL) {
-            SAFE_FREE(new->ed25519_privkey);
+        new_key->ed25519_pubkey = malloc(ED25519_KEY_LEN);
+        if (new_key->ed25519_pubkey == NULL) {
+            SAFE_FREE(new_key->ed25519_privkey);
             return SSH_ERROR;
         }
-        memcpy(new->ed25519_pubkey, key->ed25519_pubkey, ED25519_KEY_LEN);
+        memcpy(new_key->ed25519_pubkey, key->ed25519_pubkey, ED25519_KEY_LEN);
     }
 
     return SSH_OK;
@@ -202,6 +206,34 @@ int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key)
     return rc;
 }
 
+/** @internal
+ * @brief exports a ed25519 private key to a string blob.
+ * @param[in] privkey private key to convert
+ * @param[out] buffer buffer to write the blob in.
+ * @returns SSH_OK on success
+ */
+int pki_ed25519_private_key_to_blob(ssh_buffer buffer, const ssh_key privkey)
+{
+    int rc;
+
+    if (privkey->type != SSH_KEYTYPE_ED25519) {
+        SSH_LOG(SSH_LOG_TRACE, "Type %s not supported", privkey->type_c);
+        return SSH_ERROR;
+    }
+    if (privkey->ed25519_privkey == NULL ||
+        privkey->ed25519_pubkey == NULL) {
+        return SSH_ERROR;
+    }
+    rc = ssh_buffer_pack(buffer,
+                         "dPdPP",
+                         (uint32_t)ED25519_KEY_LEN,
+                         (size_t)ED25519_KEY_LEN, privkey->ed25519_pubkey,
+                         (uint32_t)(2 * ED25519_KEY_LEN),
+                         (size_t)ED25519_KEY_LEN, privkey->ed25519_privkey,
+                         (size_t)ED25519_KEY_LEN, privkey->ed25519_pubkey);
+    return rc;
+}
+
 /**
  * @internal
  *
@@ -213,10 +245,10 @@ int pki_ed25519_public_key_to_blob(ssh_buffer buffer, ssh_key key)
  */
 ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
 {
-    ssh_string sig_blob;
+    ssh_string sig_blob = NULL;
     int rc;
 
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
     /* When using the OpenSSL implementation, the signature is stored in raw_sig
      * which is shared by all algorithms.*/
     if (sig->raw_sig == NULL) {
@@ -235,7 +267,7 @@ ssh_string pki_ed25519_signature_to_blob(ssh_signature sig)
         return NULL;
     }
 
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
     rc = ssh_string_fill(sig_blob, ssh_string_data(sig->raw_sig),
                          ssh_string_len(sig->raw_sig));
 #else
@@ -266,11 +298,11 @@ int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob)
 
     len = ssh_string_len(sig_blob);
     if (len != ED25519_SIG_LEN){
-        SSH_LOG(SSH_LOG_WARN, "Invalid ssh-ed25519 signature len: %zu", len);
+        SSH_LOG(SSH_LOG_TRACE, "Invalid ssh-ed25519 signature len: %zu", len);
         return SSH_ERROR;
     }
 
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
     sig->raw_sig = ssh_string_copy(sig_blob);
 #else
     sig->ed25519_sig = malloc(ED25519_SIG_LEN);
@@ -282,4 +314,3 @@ int pki_signature_from_ed25519_blob(ssh_signature sig, ssh_string sig_blob)
 
     return SSH_OK;
 }
-
diff --git a/libssh/src/pki_gcrypt.c b/libssh/src/pki_gcrypt.c
index b619b1a3..96901faa 100644
--- a/libssh/src/pki_gcrypt.c
+++ b/libssh/src/pki_gcrypt.c
@@ -45,8 +45,6 @@
 #define MAXLINESIZE 80
 #define RSA_HEADER_BEGIN "-----BEGIN RSA PRIVATE KEY-----"
 #define RSA_HEADER_END "-----END RSA PRIVATE KEY-----"
-#define DSA_HEADER_BEGIN "-----BEGIN DSA PRIVATE KEY-----"
-#define DSA_HEADER_END "-----END DSA PRIVATE KEY-----"
 #define ECDSA_HEADER_BEGIN "-----BEGIN EC PRIVATE KEY-----"
 #define ECDSA_HEADER_END "-----END EC PRIVATE KEY-----"
 
@@ -152,10 +150,10 @@ static ssh_string asn1_get_int(ssh_buffer buffer) {
 
 static ssh_string asn1_get_bit_string(ssh_buffer buffer)
 {
-    ssh_string str;
+    ssh_string str = NULL;
     unsigned char type;
     uint32_t size;
-    unsigned char unused, last, *p;
+    unsigned char unused, last, *p = NULL;
     uint32_t len;
 
     len = ssh_buffer_get_data(buffer, &type, 1);
@@ -288,14 +286,11 @@ void pki_key_clean(ssh_key key)
     if (key == NULL)
         return;
 
-    if (key->dsa)
-        gcry_sexp_release(key->dsa);
     if (key->rsa)
         gcry_sexp_release(key->rsa);
     if (key->ecdsa)
         gcry_sexp_release(key->ecdsa);
 
-    key->dsa = NULL;
     key->rsa = NULL;
     key->ecdsa = NULL;
 }
@@ -417,10 +412,10 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
                 ssh_auth_callback cb, void *userdata, const char *desc) {
     ssh_buffer buffer = NULL;
     ssh_buffer out = NULL;
-    const char *p;
+    const char *p = NULL;
     unsigned char *iv = NULL;
-    const char *header_begin;
-    const char *header_end;
+    const char *header_begin = NULL;
+    const char *header_end = NULL;
     unsigned int header_begin_size;
     unsigned int header_end_size;
     unsigned int key_len = 0;
@@ -436,10 +431,6 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
     }
 
     switch(type) {
-        case SSH_KEYTYPE_DSS:
-            header_begin = DSA_HEADER_BEGIN;
-            header_end = DSA_HEADER_END;
-            break;
         case SSH_KEYTYPE_RSA:
             header_begin = RSA_HEADER_BEGIN;
             header_end = RSA_HEADER_END;
@@ -557,170 +548,116 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
     return out;
 }
 
-static int b64decode_rsa_privatekey(const char *pkey, gcry_sexp_t *r,
-    ssh_auth_callback cb, void *userdata, const char *desc) {
-  const unsigned char *data;
-  ssh_string n = NULL;
-  ssh_string e = NULL;
-  ssh_string d = NULL;
-  ssh_string p = NULL;
-  ssh_string q = NULL;
-  ssh_string unused1 = NULL;
-  ssh_string unused2 = NULL;
-  ssh_string u = NULL;
-  ssh_string v = NULL;
-  ssh_buffer buffer = NULL;
-  int rc = 1;
-
-  buffer = privatekey_string_to_buffer(pkey, SSH_KEYTYPE_RSA, cb, userdata, desc);
-  if (buffer == NULL) {
-    return 0;
-  }
-
-  if (!asn1_check_sequence(buffer)) {
-    SSH_BUFFER_FREE(buffer);
-    return 0;
-  }
-
-  v = asn1_get_int(buffer);
-  if (v == NULL) {
-    SSH_BUFFER_FREE(buffer);
-    return 0;
-  }
-
-  data = ssh_string_data(v);
-  if (ssh_string_len(v) != 1 || data[0] != 0) {
-    SSH_STRING_FREE(v);
-    SSH_BUFFER_FREE(buffer);
-    return 0;
-  }
-
-  n = asn1_get_int(buffer);
-  e = asn1_get_int(buffer);
-  d = asn1_get_int(buffer);
-  q = asn1_get_int(buffer);
-  p = asn1_get_int(buffer);
-  unused1 = asn1_get_int(buffer);
-  unused2 = asn1_get_int(buffer);
-  u = asn1_get_int(buffer);
-
-  SSH_BUFFER_FREE(buffer);
-
-  if (n == NULL || e == NULL || d == NULL || p == NULL || q == NULL ||
-      unused1 == NULL || unused2 == NULL|| u == NULL) {
-    rc = 0;
-    goto error;
-  }
+static int
+b64decode_rsa_privatekey(const char *pkey,
+                         gcry_sexp_t *r,
+                         ssh_auth_callback cb,
+                         void *userdata,
+                         const char *desc)
+{
+    const unsigned char *data = NULL;
+    ssh_string n = NULL;
+    ssh_string e = NULL;
+    ssh_string d = NULL;
+    ssh_string p = NULL;
+    ssh_string q = NULL;
+    ssh_string unused1 = NULL;
+    ssh_string unused2 = NULL;
+    ssh_string u = NULL;
+    ssh_string v = NULL;
+    ssh_buffer buffer = NULL;
+    int rc = 1;
+    gcry_error_t rv = 0;
 
-  if (gcry_sexp_build(r, NULL,
-      "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
-      ssh_string_len(n), ssh_string_data(n),
-      ssh_string_len(e), ssh_string_data(e),
-      ssh_string_len(d), ssh_string_data(d),
-      ssh_string_len(p), ssh_string_data(p),
-      ssh_string_len(q), ssh_string_data(q),
-      ssh_string_len(u), ssh_string_data(u))) {
-    rc = 0;
-  }
+    buffer = privatekey_string_to_buffer(pkey,
+                                         SSH_KEYTYPE_RSA,
+                                         cb,
+                                         userdata,
+                                         desc);
+    if (buffer == NULL) {
+        return 0;
+    }
 
-error:
-  ssh_string_burn(n);
-  SSH_STRING_FREE(n);
-  ssh_string_burn(e);
-  SSH_STRING_FREE(e);
-  ssh_string_burn(d);
-  SSH_STRING_FREE(d);
-  ssh_string_burn(p);
-  SSH_STRING_FREE(p);
-  ssh_string_burn(q);
-  SSH_STRING_FREE(q);
-  SSH_STRING_FREE(unused1);
-  SSH_STRING_FREE(unused2);
-  ssh_string_burn(u);
-  SSH_STRING_FREE(u);
-  SSH_STRING_FREE(v);
-
-  return rc;
-}
+    if (!asn1_check_sequence(buffer)) {
+        SSH_BUFFER_FREE(buffer);
+        return 0;
+    }
 
-static int b64decode_dsa_privatekey(const char *pkey, gcry_sexp_t *r, ssh_auth_callback cb,
-    void *userdata, const char *desc) {
-  const unsigned char *data;
-  ssh_buffer buffer = NULL;
-  ssh_string p = NULL;
-  ssh_string q = NULL;
-  ssh_string g = NULL;
-  ssh_string y = NULL;
-  ssh_string x = NULL;
-  ssh_string v = NULL;
-  int rc = 1;
-
-  buffer = privatekey_string_to_buffer(pkey, SSH_KEYTYPE_DSS, cb, userdata, desc);
-  if (buffer == NULL) {
-    return 0;
-  }
+    v = asn1_get_int(buffer);
+    if (v == NULL) {
+        SSH_BUFFER_FREE(buffer);
+        return 0;
+    }
 
-  if (!asn1_check_sequence(buffer)) {
-    SSH_BUFFER_FREE(buffer);
-    return 0;
-  }
+    data = ssh_string_data(v);
+    if (ssh_string_len(v) != 1 || data[0] != 0) {
+        SSH_STRING_FREE(v);
+        SSH_BUFFER_FREE(buffer);
+        return 0;
+    }
 
-  v = asn1_get_int(buffer);
-  if (v == NULL) {
-    SSH_BUFFER_FREE(buffer);
-    return 0;
-  }
+    n = asn1_get_int(buffer);
+    e = asn1_get_int(buffer);
+    d = asn1_get_int(buffer);
+    q = asn1_get_int(buffer);
+    p = asn1_get_int(buffer);
+    unused1 = asn1_get_int(buffer);
+    unused2 = asn1_get_int(buffer);
+    u = asn1_get_int(buffer);
 
-  data = ssh_string_data(v);
-  if (ssh_string_len(v) != 1 || data[0] != 0) {
-    SSH_STRING_FREE(v);
     SSH_BUFFER_FREE(buffer);
-    return 0;
-  }
-
-  p = asn1_get_int(buffer);
-  q = asn1_get_int(buffer);
-  g = asn1_get_int(buffer);
-  y = asn1_get_int(buffer);
-  x = asn1_get_int(buffer);
-  SSH_BUFFER_FREE(buffer);
 
-  if (p == NULL || q == NULL || g == NULL || y == NULL || x == NULL) {
-    rc = 0;
-    goto error;
-  }
+    if (n == NULL || e == NULL || d == NULL || p == NULL || q == NULL ||
+        unused1 == NULL || unused2 == NULL || u == NULL) {
+        rc = 0;
+        goto error;
+    }
 
-  if (gcry_sexp_build(r, NULL,
-        "(private-key(dsa(p %b)(q %b)(g %b)(y %b)(x %b)))",
-        ssh_string_len(p), ssh_string_data(p),
-        ssh_string_len(q), ssh_string_data(q),
-        ssh_string_len(g), ssh_string_data(g),
-        ssh_string_len(y), ssh_string_data(y),
-        ssh_string_len(x), ssh_string_data(x))) {
-    rc = 0;
-  }
+    rv = gcry_sexp_build(
+        r,
+        NULL,
+        "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
+        ssh_string_len(n),
+        ssh_string_data(n),
+        ssh_string_len(e),
+        ssh_string_data(e),
+        ssh_string_len(d),
+        ssh_string_data(d),
+        ssh_string_len(p),
+        ssh_string_data(p),
+        ssh_string_len(q),
+        ssh_string_data(q),
+        ssh_string_len(u),
+        ssh_string_data(u));
+    if (rv) {
+        rc = 0;
+    }
 
 error:
-  ssh_string_burn(p);
-  SSH_STRING_FREE(p);
-  ssh_string_burn(q);
-  SSH_STRING_FREE(q);
-  ssh_string_burn(g);
-  SSH_STRING_FREE(g);
-  ssh_string_burn(y);
-  SSH_STRING_FREE(y);
-  ssh_string_burn(x);
-  SSH_STRING_FREE(x);
-  SSH_STRING_FREE(v);
-
-  return rc;
+    ssh_string_burn(n);
+    SSH_STRING_FREE(n);
+    ssh_string_burn(e);
+    SSH_STRING_FREE(e);
+    ssh_string_burn(d);
+    SSH_STRING_FREE(d);
+    ssh_string_burn(p);
+    SSH_STRING_FREE(p);
+    ssh_string_burn(q);
+    SSH_STRING_FREE(q);
+    SSH_STRING_FREE(unused1);
+    SSH_STRING_FREE(unused2);
+    ssh_string_burn(u);
+    SSH_STRING_FREE(u);
+    SSH_STRING_FREE(v);
+
+    return rc;
 }
 
 #ifdef HAVE_GCRYPT_ECC
 static int pki_key_ecdsa_to_nid(gcry_sexp_t k)
 {
-    gcry_sexp_t sexp;
-    const char *tmp;
+    gcry_sexp_t sexp = NULL;
+    const char *tmp = NULL;
     size_t size;
 
     sexp = gcry_sexp_find_token(k, "curve", 0);
@@ -868,7 +805,7 @@ static int b64decode_ecdsa_privatekey(const char *pkey, gcry_sexp_t *r,
                                       void *userdata,
                                       const char *desc)
 {
-    const unsigned char *data;
+    const unsigned char *data = NULL;
     ssh_buffer buffer = NULL;
     gcry_error_t err = 0;
     ssh_string v = NULL;
@@ -955,7 +892,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
     (void) auth_fn;
     (void) auth_data;
 
-    SSH_LOG(SSH_LOG_WARN, "PEM export not supported by gcrypt backend!");
+    SSH_LOG(SSH_LOG_TRACE, "PEM export not supported by gcrypt backend!");
 
     return NULL;
 }
@@ -965,7 +902,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
                                     ssh_auth_callback auth_fn,
                                     void *auth_data)
 {
-    gcry_sexp_t dsa = NULL;
     gcry_sexp_t rsa = NULL;
     gcry_sexp_t ecdsa = NULL;
     ssh_key key = NULL;
@@ -974,30 +910,11 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
 
     type = pki_privatekey_type_from_string(b64_key);
     if (type == SSH_KEYTYPE_UNKNOWN) {
-        SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
+        SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key.");
         return NULL;
     }
 
     switch (type) {
-        case SSH_KEYTYPE_DSS:
-            if (passphrase == NULL) {
-                if (auth_fn) {
-                    valid = b64decode_dsa_privatekey(b64_key, &dsa, auth_fn,
-                            auth_data, "Passphrase for private key:");
-                } else {
-                    valid = b64decode_dsa_privatekey(b64_key, &dsa, NULL, NULL,
-                            NULL);
-                }
-            } else {
-                valid = b64decode_dsa_privatekey(b64_key, &dsa, NULL, (void *)
-                        passphrase, NULL);
-            }
-
-            if (!valid) {
-                SSH_LOG(SSH_LOG_WARN, "Parsing private key");
-                goto fail;
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             if (passphrase == NULL) {
                 if (auth_fn) {
@@ -1013,7 +930,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
             }
 
             if (!valid) {
-                SSH_LOG(SSH_LOG_WARN, "Parsing private key");
+                SSH_LOG(SSH_LOG_TRACE, "Error parsing private key");
                 goto fail;
             }
             break;
@@ -1044,7 +961,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
             }
 
             if (!valid) {
-                SSH_LOG(SSH_LOG_WARN, "Parsing private key");
+                SSH_LOG(SSH_LOG_TRACE, "Error parsing private key");
                 goto fail;
             }
 
@@ -1052,7 +969,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
              * keys, so we need to figure out the correct type here */
             type = pki_key_ecdsa_to_key_type(ecdsa);
             if (type == SSH_KEYTYPE_UNKNOWN) {
-                SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
+                SSH_LOG(SSH_LOG_TRACE, "Invalid private key.");
                 goto fail;
             }
             break;
@@ -1062,7 +979,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_UNKNOWN:
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type);
+            SSH_LOG(SSH_LOG_TRACE, "Unknown or invalid private key type %d", type);
             return NULL;
     }
 
@@ -1074,7 +991,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
     key->type = type;
     key->type_c = ssh_key_type_to_char(type);
     key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
-    key->dsa = dsa;
     key->rsa = rsa;
     key->ecdsa = ecdsa;
 #ifdef HAVE_GCRYPT_ECC
@@ -1086,52 +1002,12 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
     return key;
 fail:
     ssh_key_free(key);
-    gcry_sexp_release(dsa);
     gcry_sexp_release(rsa);
     gcry_sexp_release(ecdsa);
 
     return NULL;
 }
 
-int pki_privkey_build_dss(ssh_key key,
-                          ssh_string p,
-                          ssh_string q,
-                          ssh_string g,
-                          ssh_string pubkey,
-                          ssh_string privkey)
-{
-    gcry_sexp_build(&key->dsa, NULL,
-            "(private-key(dsa(p %b)(q %b)(g %b)(y %b)(x %b)))",
-            ssh_string_len(p), ssh_string_data(p),
-            ssh_string_len(q), ssh_string_data(q),
-            ssh_string_len(g), ssh_string_data(g),
-            ssh_string_len(pubkey), ssh_string_data(pubkey),
-            ssh_string_len(privkey), ssh_string_data(privkey));
-    if (key->dsa == NULL) {
-        return SSH_ERROR;
-    }
-
-    return SSH_OK;
-}
-
-int pki_pubkey_build_dss(ssh_key key,
-                         ssh_string p,
-                         ssh_string q,
-                         ssh_string g,
-                         ssh_string pubkey) {
-    gcry_sexp_build(&key->dsa, NULL,
-            "(public-key(dsa(p %b)(q %b)(g %b)(y %b)))",
-            ssh_string_len(p), ssh_string_data(p),
-            ssh_string_len(q), ssh_string_data(q),
-            ssh_string_len(g), ssh_string_data(g),
-            ssh_string_len(pubkey), ssh_string_data(pubkey));
-    if (key->dsa == NULL) {
-        return SSH_ERROR;
-    }
-
-    return SSH_OK;
-}
-
 int pki_privkey_build_rsa(ssh_key key,
                           ssh_string n,
                           ssh_string e,
@@ -1213,7 +1089,7 @@ int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
 
 ssh_key pki_key_dup(const ssh_key key, int demote)
 {
-    ssh_key new;
+    ssh_key new = NULL;
     gcry_error_t err = 0;
     int rc;
 
@@ -1243,32 +1119,6 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
     }
 
     switch(key->type) {
-        case SSH_KEYTYPE_DSS:
-            err = gcry_sexp_extract_param(key->dsa,
-                                          NULL,
-                                          "pqgyx?",
-                                          &p,
-                                          &q,
-                                          &g,
-                                          &y,
-                                          &x,
-                                          NULL);
-            if (err != 0) {
-                break;
-            }
-
-            if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
-                err = gcry_sexp_build(&new->dsa,
-                        NULL,
-                        "(private-key(dsa(p %m)(q %m)(g %m)(y %m)(x %m)))",
-                        p, q, g, y, x);
-            } else {
-                err = gcry_sexp_build(&new->dsa,
-                        NULL,
-                        "(public-key(dsa(p %m)(q %m)(g %m)(y %m)))",
-                        p, q, g, y);
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             err = gcry_sexp_extract_param(key->rsa,
                                           NULL,
@@ -1369,43 +1219,43 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
     return new;
 }
 
-static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int type){
-    gcry_sexp_t parms;
+static int
+pki_key_generate(ssh_key key, int parameter, const char *type_s, int type)
+{
+    gcry_sexp_t params = NULL;
     int rc;
-    rc = gcry_sexp_build(&parms,
-            NULL,
-            "(genkey(%s(nbits %d)(transient-key)))",
-            type_s,
-            parameter);
-    if (rc != 0)
+    rc = gcry_sexp_build(&params,
+                         NULL,
+                         "(genkey(%s(nbits %d)(transient-key)))",
+                         type_s,
+                         parameter);
+    if (rc != 0) {
         return SSH_ERROR;
+    }
+
     switch (type) {
     case SSH_KEYTYPE_RSA:
-        rc = gcry_pk_genkey(&key->rsa, parms);
-        break;
-    case SSH_KEYTYPE_DSS:
-        rc = gcry_pk_genkey(&key->dsa, parms);
+        rc = gcry_pk_genkey(&key->rsa, params);
         break;
     case SSH_KEYTYPE_ECDSA_P256:
     case SSH_KEYTYPE_ECDSA_P384:
     case SSH_KEYTYPE_ECDSA_P521:
-        rc = gcry_pk_genkey(&key->ecdsa, parms);
+        rc = gcry_pk_genkey(&key->ecdsa, params);
         break;
     default:
         assert (! "reached");
     }
-    gcry_sexp_release(parms);
+    gcry_sexp_release(params);
     if (rc != 0)
         return SSH_ERROR;
     return SSH_OK;
 }
 
-int pki_key_generate_rsa(ssh_key key, int parameter){
+int
+pki_key_generate_rsa(ssh_key key, int parameter)
+{
     return pki_key_generate(key, parameter, "rsa", SSH_KEYTYPE_RSA);
 }
-int pki_key_generate_dss(ssh_key key, int parameter){
-    return pki_key_generate(key, parameter, "dsa", SSH_KEYTYPE_DSS);
-}
 
 #ifdef HAVE_GCRYPT_ECC
 int pki_key_generate_ecdsa(ssh_key key, int parameter) {
@@ -1434,9 +1284,9 @@ static int _bignum_cmp(const gcry_sexp_t s1,
                        const gcry_sexp_t s2,
                        const char *what)
 {
-    gcry_sexp_t sexp;
-    bignum b1;
-    bignum b2;
+    gcry_sexp_t sexp = NULL;
+    bignum b1 = NULL;
+    bignum b2 = NULL;
     int result;
 
     sexp = gcry_sexp_find_token(s1, what, 0);
@@ -1472,30 +1322,8 @@ int pki_key_compare(const ssh_key k1,
                     enum ssh_keycmp_e what)
 {
     switch (k1->type) {
-        case SSH_KEYTYPE_DSS:
-            if (_bignum_cmp(k1->dsa, k2->dsa, "p") != 0) {
-                return 1;
-            }
-
-            if (_bignum_cmp(k1->dsa, k2->dsa, "q") != 0) {
-                return 1;
-            }
-
-            if (_bignum_cmp(k1->dsa, k2->dsa, "g") != 0) {
-                return 1;
-            }
-
-            if (_bignum_cmp(k1->dsa, k2->dsa, "y") != 0) {
-                return 1;
-            }
-
-            if (what == SSH_KEY_CMP_PRIVATE) {
-                if (_bignum_cmp(k1->dsa, k2->dsa, "x") != 0) {
-                    return 1;
-                }
-            }
-            break;
         case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA_CERT01:
             if (_bignum_cmp(k1->rsa, k2->rsa, "e") != 0) {
                 return 1;
             }
@@ -1523,13 +1351,19 @@ int pki_key_compare(const ssh_key k1,
             }
             break;
         case SSH_KEYTYPE_ED25519:
+        case SSH_KEYTYPE_ED25519_CERT01:
         case SSH_KEYTYPE_SK_ED25519:
-		/* ed25519 keys handled globaly */
-		return 0;
+        case SSH_KEYTYPE_SK_ED25519_CERT01:
+            /* ed25519 keys handled globally */
+            return 0;
         case SSH_KEYTYPE_ECDSA_P256:
+        case SSH_KEYTYPE_ECDSA_P256_CERT01:
         case SSH_KEYTYPE_ECDSA_P384:
+        case SSH_KEYTYPE_ECDSA_P384_CERT01:
         case SSH_KEYTYPE_ECDSA_P521:
+        case SSH_KEYTYPE_ECDSA_P521_CERT01:
         case SSH_KEYTYPE_SK_ECDSA:
+        case SSH_KEYTYPE_SK_ECDSA_CERT01:
 #ifdef HAVE_GCRYPT_ECC
             if (k1->ecdsa_nid != k2->ecdsa_nid) {
                 return 1;
@@ -1546,15 +1380,9 @@ int pki_key_compare(const ssh_key k1,
             }
             break;
 #endif
-        case SSH_KEYTYPE_DSS_CERT01:
-        case SSH_KEYTYPE_RSA_CERT01:
-        case SSH_KEYTYPE_ECDSA:
-        case SSH_KEYTYPE_ECDSA_P256_CERT01:
-        case SSH_KEYTYPE_ECDSA_P384_CERT01:
-        case SSH_KEYTYPE_ECDSA_P521_CERT01:
-        case SSH_KEYTYPE_SK_ECDSA_CERT01:
-        case SSH_KEYTYPE_ED25519_CERT01:
-        case SSH_KEYTYPE_SK_ED25519_CERT01:
+        case SSH_KEYTYPE_DSS:        /* deprecated */
+        case SSH_KEYTYPE_DSS_CERT01: /* deprecated */
+        case SSH_KEYTYPE_ECDSA:      /* deprecated */
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_UNKNOWN:
             return 1;
@@ -1563,22 +1391,26 @@ int pki_key_compare(const ssh_key k1,
     return 0;
 }
 
-ssh_string pki_publickey_to_blob(const ssh_key key)
+ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
 {
-    ssh_buffer buffer;
-    ssh_string type_s;
+    ssh_buffer buffer = NULL;
+    ssh_string type_s = NULL;
     ssh_string str = NULL;
     ssh_string e = NULL;
     ssh_string n = NULL;
+    ssh_string d = NULL;
     ssh_string p = NULL;
     ssh_string g = NULL;
     ssh_string q = NULL;
+    ssh_string u = NULL;
     int rc;
 
     buffer = ssh_buffer_new();
     if (buffer == NULL) {
         return NULL;
     }
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buffer);
 
     if (key->cert != NULL) {
         rc = ssh_buffer_add_buffer(buffer, key->cert);
@@ -1603,66 +1435,6 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     }
 
     switch (key->type) {
-        case SSH_KEYTYPE_DSS:
-            p = ssh_sexp_extract_mpi(key->dsa,
-                                     "p",
-                                     GCRYMPI_FMT_USG,
-                                     GCRYMPI_FMT_STD);
-            if (p == NULL) {
-                goto fail;
-            }
-
-            q = ssh_sexp_extract_mpi(key->dsa,
-                                     "q",
-                                     GCRYMPI_FMT_USG,
-                                     GCRYMPI_FMT_STD);
-            if (q == NULL) {
-                goto fail;
-            }
-
-            g = ssh_sexp_extract_mpi(key->dsa,
-                                     "g",
-                                     GCRYMPI_FMT_USG,
-                                     GCRYMPI_FMT_STD);
-            if (g == NULL) {
-                goto fail;
-            }
-
-            n = ssh_sexp_extract_mpi(key->dsa,
-                                     "y",
-                                     GCRYMPI_FMT_USG,
-                                     GCRYMPI_FMT_STD);
-            if (n == NULL) {
-                goto fail;
-            }
-
-            rc = ssh_buffer_add_ssh_string(buffer, p);
-            if (rc < 0) {
-                goto fail;
-            }
-            rc = ssh_buffer_add_ssh_string(buffer, q);
-            if (rc < 0) {
-                goto fail;
-            }
-            rc = ssh_buffer_add_ssh_string(buffer, g);
-            if (rc < 0) {
-                goto fail;
-            }
-            rc = ssh_buffer_add_ssh_string(buffer, n);
-            if (rc < 0) {
-                goto fail;
-            }
-
-            ssh_string_burn(p);
-            SSH_STRING_FREE(p);
-            ssh_string_burn(g);
-            SSH_STRING_FREE(g);
-            ssh_string_burn(q);
-            SSH_STRING_FREE(q);
-            ssh_string_burn(n);
-            SSH_STRING_FREE(n);
-
-            break;
         case SSH_KEYTYPE_RSA:
             e = ssh_sexp_extract_mpi(key->rsa,
                                      "e",
@@ -1680,30 +1452,108 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
                 goto fail;
             }
 
-            rc = ssh_buffer_add_ssh_string(buffer, e);
-            if (rc < 0) {
-                goto fail;
-            }
-            rc = ssh_buffer_add_ssh_string(buffer, n);
-            if (rc < 0) {
-                goto fail;
-            }
+            if (type == SSH_KEY_PUBLIC) {
+                /* The N and E parts are swapped in the public key export ! */
+                rc = ssh_buffer_add_ssh_string(buffer, e);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, n);
+                if (rc < 0) {
+                    goto fail;
+                }
+            } else if (type == SSH_KEY_PRIVATE) {
+                rc = ssh_buffer_add_ssh_string(buffer, n);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, e);
+                if (rc < 0) {
+                    goto fail;
+                }
 
+                d = ssh_sexp_extract_mpi(key->rsa,
+                                        "d",
+                                        GCRYMPI_FMT_USG,
+                                        GCRYMPI_FMT_STD);
+                if (d == NULL) {
+                    goto fail;
+                }
+
+                p = ssh_sexp_extract_mpi(key->rsa,
+                                        "p",
+                                        GCRYMPI_FMT_USG,
+                                        GCRYMPI_FMT_STD);
+                if (p == NULL) {
+                    goto fail;
+                }
+
+                q = ssh_sexp_extract_mpi(key->rsa,
+                                        "q",
+                                        GCRYMPI_FMT_USG,
+                                        GCRYMPI_FMT_STD);
+                if (q == NULL) {
+                    goto fail;
+                }
+
+                u = ssh_sexp_extract_mpi(key->rsa,
+                                         "u",
+                                         GCRYMPI_FMT_USG,
+                                         GCRYMPI_FMT_STD);
+                if (u == NULL) {
+                    goto fail;
+                }
+
+                rc = ssh_buffer_add_ssh_string(buffer, d);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, u);
+                if (rc < 0) {
+                    goto fail;
+                }
+                /* Swap the P and Q as the iqmp in gcrypt is ipmq ... */
+                rc = ssh_buffer_add_ssh_string(buffer, q);
+                if (rc < 0) {
+                    goto fail;
+                }
+                rc = ssh_buffer_add_ssh_string(buffer, p);
+                if (rc < 0) {
+                    goto fail;
+                }
+                ssh_string_burn(d);
+                SSH_STRING_FREE(d);
+                ssh_string_burn(p);
+                SSH_STRING_FREE(p);
+                ssh_string_burn(q);
+                SSH_STRING_FREE(q);
+                ssh_string_burn(u);
+                SSH_STRING_FREE(u);
+            }
             ssh_string_burn(e);
             SSH_STRING_FREE(e);
             ssh_string_burn(n);
             SSH_STRING_FREE(n);
-
             break;
         case SSH_KEYTYPE_ED25519:
         case SSH_KEYTYPE_SK_ED25519:
-            rc = pki_ed25519_public_key_to_blob(buffer, key);
-            if (rc != SSH_OK){
-                goto fail;
-            }
-            if (key->type == SSH_KEYTYPE_SK_ED25519 &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
+            if (type == SSH_KEY_PUBLIC) {
+                rc = pki_ed25519_public_key_to_blob(buffer, key);
+                if (rc == SSH_ERROR) {
+                    goto fail;
+                }
+                /* public key can contain certificate sk information */
+                if (key->type == SSH_KEYTYPE_SK_ED25519) {
+                    rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
+                    if (rc < 0) {
+                        goto fail;
+                    }
+                }
+            } else {
+                rc = pki_ed25519_private_key_to_blob(buffer, key);
+                if (rc == SSH_ERROR) {
+                    goto fail;
+                }
             }
             break;
         case SSH_KEYTYPE_ECDSA_P256:
@@ -1714,22 +1564,19 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
             type_s = ssh_string_from_char(
                        pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
             if (type_s == NULL) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
+                goto fail;
             }
 
             rc = ssh_buffer_add_ssh_string(buffer, type_s);
             SSH_STRING_FREE(type_s);
             if (rc < 0) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
+                goto fail;
             }
 
             e = ssh_sexp_extract_mpi(key->ecdsa, "q", GCRYMPI_FMT_STD,
                                      GCRYMPI_FMT_STD);
             if (e == NULL) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
+                goto fail;
             }
 
             rc = ssh_buffer_add_ssh_string(buffer, e);
@@ -1741,9 +1588,27 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
             SSH_STRING_FREE(e);
             e = NULL;
 
-            if (key->type == SSH_KEYTYPE_SK_ECDSA &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
+            if (type == SSH_KEY_PRIVATE) {
+                d = ssh_sexp_extract_mpi(key->ecdsa, "d", GCRYMPI_FMT_STD,
+                                         GCRYMPI_FMT_STD);
+                if (d == NULL) {
+                    goto fail;
+                }
+
+                rc = ssh_buffer_add_ssh_string(buffer, d);
+                if (rc < 0) {
+                    goto fail;
+                }
+
+                ssh_string_burn(d);
+                SSH_STRING_FREE(d);
+                d = NULL;
+            } else if (key->type == SSH_KEYTYPE_SK_ECDSA) {
+                /* public key can contain certificate sk information */
+                rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
+                if (rc < 0) {
+                    goto fail;
+                }
             }
 
             break;
@@ -1787,78 +1652,27 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
 
 ssh_string pki_signature_to_blob(const ssh_signature sig)
 {
-    char buffer[40] = { 0 };
-
-    const char *r = NULL;
-    size_t r_len, r_offset_in, r_offset_out;
-
-    const char *s = NULL;
-    size_t s_len, s_offset_in, s_offset_out;
+    const char *s = NULL;  /* used in RSA */
 
-    gcry_sexp_t sexp;
+    gcry_sexp_t sexp = NULL;
     size_t size = 0;
     ssh_string sig_blob = NULL;
     int rc;
 
     switch(sig->type) {
-        case SSH_KEYTYPE_DSS:
-            sexp = gcry_sexp_find_token(sig->dsa_sig, "r", 0);
-            if (sexp == NULL) {
-                return NULL;
-            }
-            r = gcry_sexp_nth_data(sexp, 1, &size);
-            /* libgcrypt put 0 when first bit is set */
-            if (*r == 0) {
-                size--;
-                r++;
-            }
-
-            r_len = size;
-            r_offset_in  = (r_len > 20) ? (r_len - 20) : 0;
-            r_offset_out = (r_len < 20) ? (20 - r_len) : 0;
-            memcpy(buffer + r_offset_out,
-                   r + r_offset_in,
-                   r_len - r_offset_in);
-
-            gcry_sexp_release(sexp);
-
-            sexp = gcry_sexp_find_token(sig->dsa_sig, "s", 0);
-            if (sexp == NULL) {
-                return NULL;
-            }
-            s = gcry_sexp_nth_data(sexp,1,&size);
-            if (*s == 0) {
-                size--;
-                s++;
-            }
-
-            s_len = size;
-            s_offset_in  = (s_len > 20) ? (s_len - 20) : 0;
-            s_offset_out = (s_len < 20) ? (20 - s_len) : 0;
-            memcpy(buffer + 20 + s_offset_out,
-                   s + s_offset_in,
-                   s_len - s_offset_in);
-
-            gcry_sexp_release(sexp);
-
-            sig_blob = ssh_string_new(40);
-            if (sig_blob == NULL) {
-                return NULL;
-            }
-
-            rc = ssh_string_fill(sig_blob, buffer, 40);
-            if (rc < 0) {
-                SSH_STRING_FREE(sig_blob);
-                return NULL;
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             sexp = gcry_sexp_find_token(sig->rsa_sig, "s", 0);
             if (sexp == NULL) {
                 return NULL;
             }
             s = gcry_sexp_nth_data(sexp, 1, &size);
-            if (*s == 0) {
+
+            /*
+             * Remove leading zeroes, but only the ones that do not make the MPI
+             * representation look like a negative value (first bit is one),
+             * which might confuse some implementations.
+             */
+            while (size > 1 && s[0] == 0 && (s[1] & 0x80) == 0) {
                 size--;
                 s++;
             }
@@ -1882,9 +1696,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
         case SSH_KEYTYPE_ECDSA_P521:
 #ifdef HAVE_GCRYPT_ECC
             {
-                ssh_string R;
-                ssh_string S;
-                ssh_buffer b;
+                ssh_string R = NULL;
+                ssh_string S = NULL;
+                ssh_buffer b = NULL;
 
                 b = ssh_buffer_new();
                 if (b == NULL) {
@@ -1938,7 +1752,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_UNKNOWN:
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %d", sig->type);
+            SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %d", sig->type);
             return NULL;
             break;
     }
@@ -1951,14 +1765,14 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                                       enum ssh_keytypes_e type,
                                       enum ssh_digest_e hash_type)
 {
-    ssh_signature sig;
+    ssh_signature sig = NULL;
     gcry_error_t err;
     size_t len;
     size_t rsalen;
     int rc;
 
     if (ssh_key_type_plain(pubkey->type) != type) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Incompatible public key provided (%d) expecting (%d)",
                 type,
                 pubkey->type);
@@ -1977,40 +1791,11 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     len = ssh_string_len(sig_blob);
 
     switch(type) {
-        case SSH_KEYTYPE_DSS:
-            /* 40 is the dual signature blob len. */
-            if (len != 40) {
-                SSH_LOG(SSH_LOG_WARN,
-                        "Signature has wrong size: %lu",
-                        (unsigned long)len);
-                ssh_signature_free(sig);
-                return NULL;
-            }
-
-#ifdef DEBUG_CRYPTO
-            SSH_LOG(SSH_LOG_DEBUG,
-                    "DSA signature len: %lu",
-                    (unsigned long)len);
-            ssh_log_hexdump("DSA signature", ssh_string_data(sig_blob), len);
-#endif
-
-            err = gcry_sexp_build(&sig->dsa_sig,
-                                  NULL,
-                                  "(sig-val(dsa(r %b)(s %b)))",
-                                  20,
-                                  ssh_string_data(sig_blob),
-                                  20,
-                                  (unsigned char *)ssh_string_data(sig_blob) + 20);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             rsalen = (gcry_pk_get_nbits(pubkey->rsa) + 7) / 8;
 
             if (len > rsalen) {
-                SSH_LOG(SSH_LOG_WARN,
+                SSH_LOG(SSH_LOG_TRACE,
                         "Signature is too big: %lu > %lu",
                         (unsigned long)len,
                         (unsigned long)rsalen);
@@ -2054,8 +1839,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
         case SSH_KEYTYPE_SK_ECDSA:
 #ifdef HAVE_GCRYPT_ECC
             { /* build ecdsa siganature */
-                ssh_buffer b;
-                ssh_string r, s;
+                ssh_buffer b = NULL;
+                ssh_string r = NULL, s = NULL;
                 uint32_t rlen;
 
                 b = ssh_buffer_new();
@@ -2063,6 +1848,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                     ssh_signature_free(sig);
                     return NULL;
                 }
+                /* The buffer will contain sensitive information. */
+                ssh_buffer_set_secure(b);
 
                 rc = ssh_buffer_add_data(b,
                                          ssh_string_data(sig_blob),
@@ -2091,7 +1878,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
                 }
 
                 if (rlen != 0) {
-                    SSH_LOG(SSH_LOG_WARN,
+                    SSH_LOG(SSH_LOG_TRACE,
                             "Signature has remaining bytes in inner "
                             "sigblob: %lu",
                             (unsigned long)rlen);
@@ -2129,7 +1916,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
         case SSH_KEYTYPE_RSA1:
         case SSH_KEYTYPE_UNKNOWN:
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
+            SSH_LOG(SSH_LOG_TRACE, "Unknown signature type");
             return NULL;
     }
 
@@ -2141,10 +1928,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
                                size_t hlen,
                                enum ssh_digest_e hash_type)
 {
-    unsigned char ghash[hlen + 1];
     const char *hash_c = NULL;
-    ssh_signature sig;
-    gcry_sexp_t sexp;
+    ssh_signature sig = NULL;
+    gcry_sexp_t sexp = NULL;
     gcry_error_t err;
 
     sig = ssh_signature_new();
@@ -2155,28 +1941,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
     sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
     sig->hash_type = hash_type;
     switch (privkey->type) {
-        case SSH_KEYTYPE_DSS:
-            /* That is to mark the number as positive */
-            if(hash[0] >= 0x80) {
-                memcpy(ghash + 1, hash, hlen);
-                ghash[0] = 0;
-                hash = ghash;
-                hlen += 1;
-            }
-
-            err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-
-            err = gcry_pk_sign(&sig->dsa_sig, sexp, privkey->dsa);
-            gcry_sexp_release(sexp);
-            if (err) {
-                ssh_signature_free(sig);
-                return NULL;
-            }
-            break;
         case SSH_KEYTYPE_RSA:
             switch (hash_type) {
             case SSH_DIGEST_SHA1:
@@ -2190,7 +1954,7 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
                 break;
             case SSH_DIGEST_AUTO:
             default:
-                SSH_LOG(SSH_LOG_WARN, "Incompatible key algorithm");
+                SSH_LOG(SSH_LOG_TRACE, "Incompatible key algorithm");
                 return NULL;
             }
             err = gcry_sexp_build(&sexp,
@@ -2342,7 +2106,7 @@ int pki_verify_data_signature(ssh_signature signature,
                               size_t input_len)
 {
     const char *hash_type = NULL;
-    gcry_sexp_t sexp;
+    gcry_sexp_t sexp = NULL;
     gcry_error_t err;
 
     unsigned char ghash[SHA512_DIGEST_LEN + 1] = {0};
@@ -2409,32 +2173,6 @@ int pki_verify_data_signature(ssh_signature signature,
     }
 
     switch(pubkey->type) {
-        case SSH_KEYTYPE_DSS:
-        case SSH_KEYTYPE_DSS_CERT01:
-            /* That is to mark the number as positive */
-            if(hash[0] >= 0x80) {
-                hash = ghash;
-                hlen += 1;
-            }
-
-            err = gcry_sexp_build(&sexp, NULL, "%b", hlen, hash);
-            if (err) {
-                SSH_LOG(SSH_LOG_TRACE,
-                        "DSA hash error: %s", gcry_strerror(err));
-                return SSH_ERROR;
-            }
-            err = gcry_pk_verify(signature->dsa_sig, sexp, pubkey->dsa);
-            gcry_sexp_release(sexp);
-            if (err) {
-                SSH_LOG(SSH_LOG_TRACE, "Invalid DSA signature");
-                if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) {
-                    SSH_LOG(SSH_LOG_TRACE,
-                            "DSA verify error: %s",
-                            gcry_strerror(err));
-                }
-                return SSH_ERROR;
-            }
-            break;
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA_CERT01:
             err = gcry_sexp_build(&sexp,
@@ -2515,9 +2253,6 @@ int pki_verify_data_signature(ssh_signature signature,
 int ssh_key_size(ssh_key key)
 {
     switch (key->type) {
-    case SSH_KEYTYPE_DSS:
-    case SSH_KEYTYPE_DSS_CERT01:
-        return gcry_pk_get_nbits(key->dsa);
     case SSH_KEYTYPE_RSA:
     case SSH_KEYTYPE_RSA_CERT01:
     case SSH_KEYTYPE_RSA1:
@@ -2537,19 +2272,23 @@ int ssh_key_size(ssh_key key)
     case SSH_KEYTYPE_SK_ED25519_CERT01:
         /* ed25519 keys have fixed size */
         return 255;
+    case SSH_KEYTYPE_DSS:   /* deprecated */
+    case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
     case SSH_KEYTYPE_UNKNOWN:
     default:
         return SSH_ERROR;
     }
 }
 
+#ifdef WITH_PKCS11_URI
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
 {
     (void) uri_name;
     (void) key;
     (void) key_type;
-    SSH_LOG(SSH_LOG_WARN,
+    SSH_LOG(SSH_LOG_TRACE,
             "gcrypt does not support PKCS #11");
     return SSH_ERROR;
 }
+#endif /* WITH_PKCS11_URI */
 #endif /* HAVE_LIBGCRYPT */
diff --git a/libssh/src/pki_mbedcrypto.c b/libssh/src/pki_mbedcrypto.c
index 4439b3cd..265ef543 100644
--- a/libssh/src/pki_mbedcrypto.c
+++ b/libssh/src/pki_mbedcrypto.c
@@ -43,9 +43,9 @@ void pki_key_clean(ssh_key key)
     if (key == NULL)
         return;
 
-    if (key->rsa != NULL) {
-        mbedtls_pk_free(key->rsa);
-        SAFE_FREE(key->rsa);
+    if (key->pk != NULL) {
+        mbedtls_pk_free(key->pk);
+        SAFE_FREE(key->pk);
     }
 
     if (key->ecdsa != NULL) {
@@ -128,56 +128,43 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
             if (valid < 0) {
                 goto fail;
             }
-#if MBEDTLS_VERSION_MAJOR > 2
             valid = mbedtls_pk_parse_key(
                 pk,
                 (const unsigned char *)b64_key,
                 b64len,
                 tmp,
-                strnlen((const char *)tmp, MAX_PASSPHRASE_SIZE),
+                strnlen((const char *)tmp, MAX_PASSPHRASE_SIZE)
+#if MBEDTLS_VERSION_MAJOR > 2
+                    ,
                 mbedtls_ctr_drbg_random,
-                ctr_drbg);
-#else
-            valid = mbedtls_pk_parse_key(
-                pk,
-                (const unsigned char *)b64_key,
-                b64len,
-                tmp,
-                strnlen((const char *)tmp, MAX_PASSPHRASE_SIZE));
+                ctr_drbg
 #endif
+            );
         } else {
-#if MBEDTLS_VERSION_MAJOR > 2
             valid = mbedtls_pk_parse_key(pk,
                                          (const unsigned char *)b64_key,
                                          b64len,
                                          NULL,
-                                         0,
+                                         0
+#if MBEDTLS_VERSION_MAJOR > 2
+                                         ,
                                          mbedtls_ctr_drbg_random,
-                                         ctr_drbg);
-#else
-            valid = mbedtls_pk_parse_key(pk,
-                                         (const unsigned char *)b64_key,
-                                         b64len,
-                                         NULL,
-                                         0);
+                                         ctr_drbg
 #endif
+            );
         }
     } else {
-#if MBEDTLS_VERSION_MAJOR > 2
         valid = mbedtls_pk_parse_key(pk,
                                      (const unsigned char *)b64_key,
                                      b64len,
                                      (const unsigned char *)passphrase,
-                                     strnlen(passphrase, MAX_PASSPHRASE_SIZE),
+                                     strnlen(passphrase, MAX_PASSPHRASE_SIZE)
+#if MBEDTLS_VERSION_MAJOR > 2
+                                         ,
                                      mbedtls_ctr_drbg_random,
-                                     ctr_drbg);
-#else
-        valid = mbedtls_pk_parse_key(pk,
-                                     (const unsigned char *)b64_key,
-                                     b64len,
-                                     (const unsigned char *)passphrase,
-                                     strnlen(passphrase, MAX_PASSPHRASE_SIZE));
+                                     ctr_drbg
 #endif
+        );
     }
     if (valid != 0) {
         char error_buf[100];
@@ -196,7 +183,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
     switch (mbed_type) {
     case MBEDTLS_PK_RSA:
     case MBEDTLS_PK_RSA_ALT:
-        key->rsa = pk;
+        key->pk = pk;
         pk = NULL;
         key->type = SSH_KEYTYPE_RSA;
         break;
@@ -204,7 +191,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
     case MBEDTLS_PK_ECDSA: {
         /* type will be set later */
         mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*pk);
-        pk = NULL;
 
         key->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
         if (key->ecdsa == NULL) {
@@ -213,8 +199,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
 
         mbedtls_ecdsa_init(key->ecdsa);
         mbedtls_ecdsa_from_keypair(key->ecdsa, keypair);
-        mbedtls_pk_free(pk);
-        SAFE_FREE(pk);
+        key->pk = pk;
 
         key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
 
@@ -222,7 +207,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
          * keys, so we need to figure out the correct type here */
         key->type = pki_key_ecdsa_to_key_type(key->ecdsa);
         if (key->type == SSH_KEYTYPE_UNKNOWN) {
-            SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
+            SSH_LOG(SSH_LOG_TRACE, "Invalid private key.");
             goto fail;
         }
         break;
@@ -259,21 +244,21 @@ int pki_privkey_build_rsa(ssh_key key,
     const mbedtls_pk_info_t *pk_info = NULL;
     int rc;
 
-    key->rsa = malloc(sizeof(mbedtls_pk_context));
-    if (key->rsa == NULL) {
+    key->pk = malloc(sizeof(mbedtls_pk_context));
+    if (key->pk == NULL) {
         return SSH_ERROR;
     }
 
-    mbedtls_pk_init(key->rsa);
+    mbedtls_pk_init(key->pk);
     pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
-    mbedtls_pk_setup(key->rsa, pk_info);
+    mbedtls_pk_setup(key->pk, pk_info);
 
-    rc = mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA);
+    rc = mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA);
     if (rc == 0) {
         goto fail;
     }
 
-    rsa = mbedtls_pk_rsa(*key->rsa);
+    rsa = mbedtls_pk_rsa(*key->pk);
     rc = mbedtls_rsa_import_raw(rsa,
                                 ssh_string_data(n), ssh_string_len(n),
                                 ssh_string_data(p), ssh_string_len(p),
@@ -281,27 +266,27 @@ int pki_privkey_build_rsa(ssh_key key,
                                 ssh_string_data(d), ssh_string_len(d),
                                 ssh_string_data(e), ssh_string_len(e));
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARN, "Failed to import private RSA key");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to import private RSA key");
         goto fail;
     }
 
     rc = mbedtls_rsa_complete(rsa);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARN, "Failed to complete private RSA key");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to complete private RSA key");
         goto fail;
     }
 
     rc = mbedtls_rsa_check_privkey(rsa);
     if (rc != 0) {
-        SSH_LOG(SSH_LOG_WARN, "Inconsistent private RSA key");
+        SSH_LOG(SSH_LOG_TRACE, "Inconsistent private RSA key");
         goto fail;
     }
 
     return SSH_OK;
 
 fail:
-    mbedtls_pk_free(key->rsa);
-    SAFE_FREE(key->rsa);
+    mbedtls_pk_free(key->pk);
+    SAFE_FREE(key->pk);
     return SSH_ERROR;
 }
 
@@ -315,27 +300,25 @@ int pki_pubkey_build_rsa(ssh_key key, ssh_string e, ssh_string n)
 #endif
     int rc;
 
-    key->rsa = malloc(sizeof(mbedtls_pk_context));
-    if (key->rsa == NULL) {
+    key->pk = malloc(sizeof(mbedtls_pk_context));
+    if (key->pk == NULL) {
         return SSH_ERROR;
     }
 
-    mbedtls_pk_init(key->rsa);
+    mbedtls_pk_init(key->pk);
     pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
-    mbedtls_pk_setup(key->rsa, pk_info);
+    mbedtls_pk_setup(key->pk, pk_info);
 
-    rc = mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA);
+    rc = mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA);
     if (rc == 0) {
         goto fail;
     }
 
+    rsa = mbedtls_pk_rsa(*key->pk);
 #if MBEDTLS_VERSION_MAJOR > 2
     mbedtls_mpi_init(&N);
     mbedtls_mpi_init(&E);
-#endif
 
-    rsa = mbedtls_pk_rsa(*key->rsa);
-#if MBEDTLS_VERSION_MAJOR > 2
     rc = mbedtls_mpi_read_binary(&N, ssh_string_data(n),
                                  ssh_string_len(n));
 #else
@@ -374,8 +357,8 @@ int pki_pubkey_build_rsa(ssh_key key, ssh_string e, ssh_string n)
     goto exit;
 fail:
     rc = SSH_ERROR;
-    mbedtls_pk_free(key->rsa);
-    SAFE_FREE(key->rsa);
+    mbedtls_pk_free(key->pk);
+    SAFE_FREE(key->pk);
 exit:
 #if MBEDTLS_VERSION_MAJOR > 2
     mbedtls_mpi_free(&N);
@@ -422,23 +405,22 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
         case SSH_KEYTYPE_RSA: {
             mbedtls_rsa_context *rsa, *new_rsa;
 
-            new->rsa = malloc(sizeof(mbedtls_pk_context));
-            if (new->rsa == NULL) {
+            new->pk = malloc(sizeof(mbedtls_pk_context));
+            if (new->pk == NULL) {
                 goto fail;
             }
 
-            mbedtls_pk_init(new->rsa);
+            mbedtls_pk_init(new->pk);
             pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
-            mbedtls_pk_setup(new->rsa, pk_info);
+            mbedtls_pk_setup(new->pk, pk_info);
 
-            if (!mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA) ||
-                !mbedtls_pk_can_do(new->rsa, MBEDTLS_PK_RSA))
-            {
+            if (!mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA) ||
+                !mbedtls_pk_can_do(new->pk, MBEDTLS_PK_RSA)) {
                 goto fail;
             }
 
-            rsa = mbedtls_pk_rsa(*key->rsa);
-            new_rsa = mbedtls_pk_rsa(*new->rsa);
+            rsa = mbedtls_pk_rsa(*key->pk);
+            new_rsa = mbedtls_pk_rsa(*new->pk);
 
             if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
 #if MBEDTLS_VERSION_MAJOR > 2
@@ -587,27 +569,27 @@ int pki_key_generate_rsa(ssh_key key, int parameter)
     int rc;
     const mbedtls_pk_info_t *info = NULL;
 
-    key->rsa = malloc(sizeof(mbedtls_pk_context));
-    if (key->rsa == NULL) {
+    key->pk = malloc(sizeof(mbedtls_pk_context));
+    if (key->pk == NULL) {
         return SSH_ERROR;
     }
 
-    mbedtls_pk_init(key->rsa);
+    mbedtls_pk_init(key->pk);
 
     info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
-    rc = mbedtls_pk_setup(key->rsa, info);
+    rc = mbedtls_pk_setup(key->pk, info);
     if (rc != 0) {
         return SSH_ERROR;
     }
 
-    if (mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA)) {
-        rc = mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key->rsa),
+    if (mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA)) {
+        rc = mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key->pk),
                                  mbedtls_ctr_drbg_random,
                                  ssh_get_mbedtls_ctr_drbg_context(),
                                  parameter,
                                  65537);
         if (rc != 0) {
-            mbedtls_pk_free(key->rsa);
+            mbedtls_pk_free(key->pk);
             return SSH_ERROR;
         }
     }
@@ -638,33 +620,31 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
     mbedtls_mpi_init(&E2);
 #endif
 
-    switch (k1->type) {
+    switch (ssh_key_type_plain(k1->type)) {
         case SSH_KEYTYPE_RSA: {
             mbedtls_rsa_context *rsa1, *rsa2;
-            if (!mbedtls_pk_can_do(k1->rsa, MBEDTLS_PK_RSA) ||
-                !mbedtls_pk_can_do(k2->rsa, MBEDTLS_PK_RSA))
-            {
+            if (!mbedtls_pk_can_do(k1->pk, MBEDTLS_PK_RSA) ||
+                !mbedtls_pk_can_do(k2->pk, MBEDTLS_PK_RSA)) {
                 break;
             }
 
-            if (mbedtls_pk_get_type(k1->rsa) != mbedtls_pk_get_type(k2->rsa) ||
-                mbedtls_pk_get_bitlen(k1->rsa) !=
-                mbedtls_pk_get_bitlen(k2->rsa))
-            {
+            if (mbedtls_pk_get_type(k1->pk) != mbedtls_pk_get_type(k2->pk) ||
+                mbedtls_pk_get_bitlen(k1->pk) !=
+                    mbedtls_pk_get_bitlen(k2->pk)) {
                 rc = 1;
                 goto cleanup;
             }
 
             if (what == SSH_KEY_CMP_PUBLIC) {
 #if MBEDTLS_VERSION_MAJOR > 2
-                rsa1 = mbedtls_pk_rsa(*k1->rsa);
+                rsa1 = mbedtls_pk_rsa(*k1->pk);
                 rc = mbedtls_rsa_export(rsa1, &N1, NULL, NULL, NULL, &E1);
                 if (rc != 0) {
                     rc = 1;
                     goto cleanup;
                 }
 
-                rsa2 = mbedtls_pk_rsa(*k2->rsa);
+                rsa2 = mbedtls_pk_rsa(*k2->pk);
                 rc = mbedtls_rsa_export(rsa2, &N2, NULL, NULL, NULL, &E2);
                 if (rc != 0) {
                     rc = 1;
@@ -681,8 +661,8 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
                     goto cleanup;
                 }
 #else
-                rsa1 = mbedtls_pk_rsa(*k1->rsa);
-                rsa2 = mbedtls_pk_rsa(*k2->rsa);
+                rsa1 = mbedtls_pk_rsa(*k1->pk);
+                rsa2 = mbedtls_pk_rsa(*k2->pk);
                 if (mbedtls_mpi_cmp_mpi(&rsa1->N, &rsa2->N) != 0) {
                     rc = 1;
                     goto cleanup;
@@ -695,14 +675,14 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
 #endif
             } else if (what == SSH_KEY_CMP_PRIVATE) {
 #if MBEDTLS_VERSION_MAJOR > 2
-                rsa1 = mbedtls_pk_rsa(*k1->rsa);
+                rsa1 = mbedtls_pk_rsa(*k1->pk);
                 rc = mbedtls_rsa_export(rsa1, &N1, &P1, &Q1, NULL, &E1);
                 if (rc != 0) {
                     rc = 1;
                     goto cleanup;
                 }
 
-                rsa2 = mbedtls_pk_rsa(*k2->rsa);
+                rsa2 = mbedtls_pk_rsa(*k2->pk);
                 rc = mbedtls_rsa_export(rsa2, &N2, &P2, &Q2, NULL, &E2);
                 if (rc != 0) {
                     rc = 1;
@@ -729,8 +709,8 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
                     goto cleanup;
                 }
 #else
-                rsa1 = mbedtls_pk_rsa(*k1->rsa);
-                rsa2 = mbedtls_pk_rsa(*k2->rsa);
+                rsa1 = mbedtls_pk_rsa(*k1->pk);
+                rsa2 = mbedtls_pk_rsa(*k2->pk);
                 if (mbedtls_mpi_cmp_mpi(&rsa1->N, &rsa2->N) != 0) {
                     rc = 1;
                     goto cleanup;
@@ -878,28 +858,40 @@ static const char* pki_key_ecdsa_nid_to_char(int nid)
     return "unknown";
 }
 
-ssh_string pki_publickey_to_blob(const ssh_key key)
+ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type)
 {
     ssh_buffer buffer = NULL;
     ssh_string type_s = NULL;
     ssh_string e = NULL;
     ssh_string n = NULL;
+    ssh_string p = NULL;
+    ssh_string q = NULL;
+    ssh_string d = NULL;
+    ssh_string iqmp = NULL;
     ssh_string str = NULL;
-#if MBEDTLS_VERSION_MAJOR > 2
-    mbedtls_mpi E;
-    mbedtls_mpi N;
-#endif
     int rc;
-
 #if MBEDTLS_VERSION_MAJOR > 2
+    mbedtls_mpi E = {0};
+    mbedtls_mpi N = {0};
+    mbedtls_mpi D = {0};
+    mbedtls_mpi IQMP = {0};
+    mbedtls_mpi P = {0};
+    mbedtls_mpi Q = {0};
+
     mbedtls_mpi_init(&E);
     mbedtls_mpi_init(&N);
+    mbedtls_mpi_init(&D);
+    mbedtls_mpi_init(&IQMP);
+    mbedtls_mpi_init(&P);
+    mbedtls_mpi_init(&Q);
 #endif
 
     buffer = ssh_buffer_new();
     if (buffer == NULL) {
         return NULL;
     }
+    /* The buffer will contain sensitive information. Make sure it is erased */
+    ssh_buffer_set_secure(buffer);
 
     if (key->cert != NULL) {
         rc = ssh_buffer_add_buffer(buffer, key->cert);
@@ -925,146 +917,241 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
     }
 
     switch (key->type) {
-        case SSH_KEYTYPE_RSA: {
-            mbedtls_rsa_context *rsa;
-            if (mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA) == 0) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
-            }
+    case SSH_KEYTYPE_RSA: {
+        mbedtls_rsa_context *rsa = NULL;
+        mbedtls_mpi *E_ptr = NULL, *N_ptr = NULL;
 
-            rsa = mbedtls_pk_rsa(*key->rsa);
+        if (mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA) == 0) {
+            SSH_BUFFER_FREE(buffer);
+            return NULL;
+        }
 
+        rsa = mbedtls_pk_rsa(*key->pk);
 #if MBEDTLS_VERSION_MAJOR > 2
-            rc = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E);
-            if (rc != 0) {
-                goto fail;
+        rc = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E);
+        if (rc != 0) {
+            goto out;
+        }
+
+        E_ptr = &E;
+        N_ptr = &N;
+#else
+        E_ptr = &rsa->E;
+        N_ptr = &rsa->N;
+#endif
+
+        e = ssh_make_bignum_string(E_ptr);
+        if (e == NULL) {
+            goto out;
+        }
+
+        n = ssh_make_bignum_string(N_ptr);
+        if (n == NULL) {
+            goto out;
+        }
+
+        if (type == SSH_KEY_PUBLIC) {
+            /* The N and E parts are swapped in the public key export ! */
+            rc = ssh_buffer_add_ssh_string(buffer, e);
+            if (rc < 0) {
+                goto out;
             }
 
-            e = ssh_make_bignum_string(&E);
-            if (e == NULL) {
-                goto fail;
+            rc = ssh_buffer_add_ssh_string(buffer, n);
+            if (rc < 0) {
+                goto out;
             }
+        } else if (type == SSH_KEY_PRIVATE) {
+            mbedtls_mpi *P_ptr = NULL, *Q_ptr = NULL, *D_ptr = NULL;
+            mbedtls_mpi *IQMP_ptr = NULL;
 
-            n = ssh_make_bignum_string(&N);
-            if (n == NULL) {
-                goto fail;
+            rc = ssh_buffer_add_ssh_string(buffer, n);
+            if (rc < 0) {
+                goto out;
             }
-#else
-            e = ssh_make_bignum_string(&rsa->E);
-            if (e == NULL) {
-                goto fail;
+
+            rc = ssh_buffer_add_ssh_string(buffer, e);
+            if (rc < 0) {
+                goto out;
             }
 
-            n = ssh_make_bignum_string(&rsa->N);
-            if (n == NULL) {
-                goto fail;
+#if MBEDTLS_VERSION_MAJOR > 2
+            rc = mbedtls_rsa_export(rsa, NULL, &P, &Q, &D, NULL);
+            if (rc != 0) {
+                goto out;
             }
+
+            rc = mbedtls_rsa_export_crt(rsa, NULL, NULL, &IQMP);
+            if (rc != 0) {
+                goto out;
+            }
+
+            P_ptr = &P;
+            Q_ptr = &Q;
+            D_ptr = &D;
+            IQMP_ptr = &IQMP;
+#else
+            P_ptr = &rsa->P;
+            Q_ptr = &rsa->Q;
+            D_ptr = &rsa->D;
+            IQMP_ptr = &rsa->QP;
 #endif
 
-            if (ssh_buffer_add_ssh_string(buffer, e) < 0) {
-                goto fail;
+            p = ssh_make_bignum_string(P_ptr);
+            if (p == NULL) {
+                goto out;
             }
 
-            if (ssh_buffer_add_ssh_string(buffer, n) < 0) {
-                goto fail;
+            q = ssh_make_bignum_string(Q_ptr);
+            if (q == NULL) {
+                goto out;
             }
 
-            ssh_string_burn(e);
-            SSH_STRING_FREE(e);
-            e = NULL;
-            ssh_string_burn(n);
-            SSH_STRING_FREE(n);
-            n = NULL;
+            d = ssh_make_bignum_string(D_ptr);
+            if (d == NULL) {
+                goto out;
+            }
 
-            break;
-        }
-        case SSH_KEYTYPE_ECDSA_P256:
-        case SSH_KEYTYPE_ECDSA_P384:
-        case SSH_KEYTYPE_ECDSA_P521:
-        case SSH_KEYTYPE_SK_ECDSA:
-            type_s =
-                ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
-            if (type_s == NULL) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
+            iqmp = ssh_make_bignum_string(IQMP_ptr);
+            if (iqmp == NULL) {
+                goto out;
             }
 
-            rc = ssh_buffer_add_ssh_string(buffer, type_s);
-            SSH_STRING_FREE(type_s);
+            rc = ssh_buffer_add_ssh_string(buffer, d);
             if (rc < 0) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
+                goto out;
             }
 
-            e = make_ecpoint_string(&key->ecdsa->MBEDTLS_PRIVATE(grp),
-                            &key->ecdsa->MBEDTLS_PRIVATE(Q));
+            rc = ssh_buffer_add_ssh_string(buffer, iqmp);
+            if (rc < 0) {
+                goto out;
+            }
 
-            if (e == NULL) {
-                SSH_BUFFER_FREE(buffer);
-                return NULL;
+            rc = ssh_buffer_add_ssh_string(buffer, p);
+            if (rc < 0) {
+                goto out;
             }
 
-            rc = ssh_buffer_add_ssh_string(buffer, e);
+            rc = ssh_buffer_add_ssh_string(buffer, q);
             if (rc < 0) {
-                goto fail;
+                goto out;
             }
+        }
+        break;
+    }
+    case SSH_KEYTYPE_ECDSA_P256:
+    case SSH_KEYTYPE_ECDSA_P384:
+    case SSH_KEYTYPE_ECDSA_P521:
+    case SSH_KEYTYPE_SK_ECDSA:
+        type_s =
+            ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
+        if (type_s == NULL) {
+            SSH_BUFFER_FREE(buffer);
+            return NULL;
+        }
 
-            ssh_string_burn(e);
-            SSH_STRING_FREE(e);
-            e = NULL;
+        rc = ssh_buffer_add_ssh_string(buffer, type_s);
+        SSH_STRING_FREE(type_s);
+        if (rc < 0) {
+            SSH_BUFFER_FREE(buffer);
+            return NULL;
+        }
 
-            if (key->type == SSH_KEYTYPE_SK_ECDSA &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
+        e = make_ecpoint_string(&key->ecdsa->MBEDTLS_PRIVATE(grp),
+                                &key->ecdsa->MBEDTLS_PRIVATE(Q));
+
+        if (e == NULL) {
+            SSH_BUFFER_FREE(buffer);
+            return NULL;
+        }
+
+        rc = ssh_buffer_add_ssh_string(buffer, e);
+        if (rc < 0) {
+            goto out;
+        }
+
+        if (type == SSH_KEY_PRIVATE) {
+            d = ssh_make_bignum_string(&key->ecdsa->MBEDTLS_PRIVATE(d));
+
+            if (d == NULL) {
+                SSH_BUFFER_FREE(buffer);
+                goto out;
             }
 
-            break;
-        case SSH_KEYTYPE_ED25519:
-        case SSH_KEYTYPE_SK_ED25519:
+            rc = ssh_buffer_add_ssh_string(buffer, d);
+            if (rc < 0) {
+                goto out;
+            }
+        } else if (key->type == SSH_KEYTYPE_SK_ECDSA) {
+            /* public key can contain certificate sk information */
+            rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
+            if (rc < 0) {
+                goto out;
+            }
+        }
+        break;
+    case SSH_KEYTYPE_ED25519:
+    case SSH_KEYTYPE_SK_ED25519:
+        if (type == SSH_KEY_PUBLIC) {
             rc = pki_ed25519_public_key_to_blob(buffer, key);
-            if (rc != SSH_OK) {
-                goto fail;
+            if (rc == SSH_ERROR) {
+                goto out;
             }
-            if (key->type == SSH_KEYTYPE_SK_ED25519 &&
-                ssh_buffer_add_ssh_string(buffer, key->sk_application) < 0) {
-                goto fail;
+            /* public key can contain certificate sk information */
+            if (key->type == SSH_KEYTYPE_SK_ED25519) {
+                rc = ssh_buffer_add_ssh_string(buffer, key->sk_application);
+                if (rc < 0) {
+                    goto out;
+                }
             }
-            break;
-        default:
-            goto fail;
+        } else {
+            rc = pki_ed25519_private_key_to_blob(buffer, key);
+            if (rc == SSH_ERROR) {
+                goto out;
+            }
+        }
+        break;
+    default:
+        goto out;
     }
 makestring:
     str = ssh_string_new(ssh_buffer_get_len(buffer));
     if (str == NULL) {
-        goto fail;
+        goto out;
     }
 
-    rc = ssh_string_fill(str, ssh_buffer_get(buffer),
-            ssh_buffer_get_len(buffer));
+    rc = ssh_string_fill(str,
+                         ssh_buffer_get(buffer),
+                         ssh_buffer_get_len(buffer));
     if (rc < 0) {
-        goto fail;
+        ssh_string_burn(str);
+        SSH_STRING_FREE(str);
     }
 
+out:
     SSH_BUFFER_FREE(buffer);
-#if MBEDTLS_VERSION_MAJOR > 2
-    mbedtls_mpi_free(&N);
-    mbedtls_mpi_free(&E);
-#endif
-    return str;
-fail:
-    SSH_BUFFER_FREE(buffer);
-    ssh_string_burn(str);
-    SSH_STRING_FREE(str);
     ssh_string_burn(e);
     SSH_STRING_FREE(e);
     ssh_string_burn(n);
     SSH_STRING_FREE(n);
+    ssh_string_burn(d);
+    SSH_STRING_FREE(d);
+    ssh_string_burn(iqmp);
+    SSH_STRING_FREE(iqmp);
+    ssh_string_burn(p);
+    SSH_STRING_FREE(p);
+    ssh_string_burn(q);
+    SSH_STRING_FREE(q);
 #if MBEDTLS_VERSION_MAJOR > 2
     mbedtls_mpi_free(&N);
     mbedtls_mpi_free(&E);
+    mbedtls_mpi_free(&D);
+    mbedtls_mpi_free(&IQMP);
+    mbedtls_mpi_free(&P);
+    mbedtls_mpi_free(&Q);
 #endif
 
-    return NULL;
+    return str;
 }
 
 ssh_string pki_signature_to_blob(const ssh_signature sig)
@@ -1078,9 +1165,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
         case SSH_KEYTYPE_ECDSA_P256:
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521: {
-            ssh_string r;
-            ssh_string s;
-            ssh_buffer b;
+            ssh_string r = NULL;
+            ssh_string s = NULL;
+            ssh_buffer b = NULL;
             int rc;
 
             b = ssh_buffer_new();
@@ -1133,7 +1220,7 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
             sig_blob = pki_ed25519_signature_to_blob(sig);
             break;
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s",
+            SSH_LOG(SSH_LOG_TRACE, "Unknown signature key type: %s",
                     sig->type_c);
             return NULL;
     }
@@ -1152,21 +1239,21 @@ static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey, const
     size_t rsalen = 0;
     size_t len = ssh_string_len(sig_blob);
 
-    if (pubkey->rsa == NULL) {
-        SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL");
+    if (pubkey->pk == NULL) {
+        SSH_LOG(SSH_LOG_TRACE, "Pubkey RSA field NULL");
         goto errout;
     }
 
-    rsalen = mbedtls_pk_get_bitlen(pubkey->rsa) / 8;
+    rsalen = mbedtls_pk_get_bitlen(pubkey->pk) / 8;
     if (len > rsalen) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Signature is too big: %lu > %lu",
                 (unsigned long) len,
                 (unsigned long) rsalen);
         goto errout;
     }
 #ifdef DEBUG_CRYPTO
-    SSH_LOG(SSH_LOG_DEBUG, "RSA signature len: %lu", (unsigned long)len);
+    SSH_LOG(SSH_LOG_TRACE, "RSA signature len: %lu", (unsigned long)len);
     ssh_log_hexdump("RSA signature", ssh_string_data(sig_blob), len);
 #endif
 
@@ -1207,7 +1294,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
     int rc;
 
     if (ssh_key_type_plain(pubkey->type) != type) {
-        SSH_LOG(SSH_LOG_WARN,
+        SSH_LOG(SSH_LOG_TRACE,
                 "Incompatible public key provided (%d) expecting (%d)",
                 type,
                 pubkey->type);
@@ -1234,9 +1321,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521:
         case SSH_KEYTYPE_SK_ECDSA: {
-            ssh_buffer b;
-            ssh_string r;
-            ssh_string s;
+            ssh_buffer b = NULL;
+            ssh_string r = NULL;
+            ssh_string s = NULL;
             size_t rlen;
 
             b = ssh_buffer_new();
@@ -1292,7 +1379,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
             }
 
             if (rlen != 0) {
-                SSH_LOG(SSH_LOG_WARN, "Signature has remaining bytes in inner "
+                SSH_LOG(SSH_LOG_TRACE, "Signature has remaining bytes in inner "
                         "sigblob: %lu",
                         (unsigned long)rlen);
                 ssh_signature_free(sig);
@@ -1310,7 +1397,7 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
             }
             break;
         default:
-            SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
+            SSH_LOG(SSH_LOG_TRACE, "Unknown signature type");
             return NULL;
     }
 
@@ -1341,7 +1428,7 @@ static ssh_string rsa_do_sign_hash(const unsigned char *digest,
         break;
     case SSH_DIGEST_AUTO:
     default:
-        SSH_LOG(SSH_LOG_WARN, "Incompatible key algorithm");
+        SSH_LOG(SSH_LOG_TRACE, "Incompatible key algorithm");
         return NULL;
     }
 
@@ -1405,7 +1492,7 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
 
     switch(privkey->type) {
         case SSH_KEYTYPE_RSA:
-            sig->rsa_sig = rsa_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
+            sig->rsa_sig = rsa_do_sign_hash(hash, hlen, privkey->pk, hash_type);
             if (sig->rsa_sig == NULL) {
                 ssh_signature_free(sig);
                 return NULL;
@@ -1613,9 +1700,12 @@ int pki_verify_data_signature(ssh_signature signature,
     switch (pubkey->type) {
         case SSH_KEYTYPE_RSA:
         case SSH_KEYTYPE_RSA_CERT01:
-            rc = mbedtls_pk_verify(pubkey->rsa, md, hash, hlen,
-                    ssh_string_data(signature->rsa_sig),
-                    ssh_string_len(signature->rsa_sig));
+            rc = mbedtls_pk_verify(pubkey->pk,
+                                   md,
+                                   hash,
+                                   hlen,
+                                   ssh_string_data(signature->rsa_sig),
+                                   ssh_string_len(signature->rsa_sig));
             if (rc != 0) {
                 char error_buf[100];
                 mbedtls_strerror(rc, error_buf, 100);
@@ -1874,43 +1964,13 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter)
     return SSH_OK;
 }
 
-int pki_privkey_build_dss(ssh_key key, ssh_string p, ssh_string q, ssh_string g,
-        ssh_string pubkey, ssh_string privkey)
-{
-    (void) key;
-    (void) p;
-    (void) q;
-    (void) g;
-    (void) pubkey;
-    (void) privkey;
-    return SSH_ERROR;
-}
-
-int pki_pubkey_build_dss(ssh_key key, ssh_string p, ssh_string q, ssh_string g,
-        ssh_string pubkey)
-{
-    (void) key;
-    (void) p;
-    (void) q;
-    (void) g;
-    (void) pubkey;
-    return SSH_ERROR;
-}
-
-int pki_key_generate_dss(ssh_key key, int parameter)
-{
-    (void) key;
-    (void) parameter;
-    return SSH_ERROR;
-}
-
 int ssh_key_size(ssh_key key)
 {
     switch (key->type) {
     case SSH_KEYTYPE_RSA:
     case SSH_KEYTYPE_RSA_CERT01:
     case SSH_KEYTYPE_RSA1:
-        return mbedtls_pk_get_bitlen(key->rsa);
+        return mbedtls_pk_get_bitlen(key->pk);
     case SSH_KEYTYPE_ECDSA_P256:
     case SSH_KEYTYPE_ECDSA_P256_CERT01:
     case SSH_KEYTYPE_SK_ECDSA:
@@ -1928,14 +1988,15 @@ int ssh_key_size(ssh_key key)
     case SSH_KEYTYPE_SK_ED25519_CERT01:
         /* ed25519 keys have fixed size */
         return 255;
-    case SSH_KEYTYPE_DSS:
-    case SSH_KEYTYPE_DSS_CERT01:
+    case SSH_KEYTYPE_DSS:   /* deprecated */
+    case SSH_KEYTYPE_DSS_CERT01:    /* deprecated */
     case SSH_KEYTYPE_UNKNOWN:
     default:
         return SSH_ERROR;
     }
 }
 
+#ifdef WITH_PKCS11_URI
 int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
 {
     (void) uri_name;
@@ -1945,4 +2006,5 @@ int pki_uri_import(const char *uri_name, ssh_key *key, enum ssh_key_e key_type)
             "mbedcrypto does not support PKCS #11");
     return SSH_ERROR;
 }
+#endif /* WITH_PKCS11_URI */
 #endif /* HAVE_LIBMBEDCRYPTO */
diff --git a/libssh/src/poll.c b/libssh/src/poll.c
index 1246f456..3c9eb3c2 100644
--- a/libssh/src/poll.c
+++ b/libssh/src/poll.c
@@ -44,7 +44,7 @@
 #endif
 
 /**
- * @defgroup libssh_poll The SSH poll functions.
+ * @defgroup libssh_poll The SSH poll functions
  * @ingroup libssh
  *
  * Add a generic way to handle sockets asynchronously.
@@ -68,7 +68,7 @@ struct ssh_poll_handle_struct {
     size_t idx;
   } x;
   short events;
-  int lock;
+  uint32_t lock_cnt;
   ssh_poll_callback cb;
   void *cb_data;
 };
@@ -287,7 +287,7 @@ static int bsd_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout)
     if (rc < 0) {
         return -1;
     }
-    /* A timeout occured */
+    /* A timeout occurred */
     if (rc == 0) {
         return 0;
     }
@@ -412,7 +412,8 @@ short ssh_poll_get_events(ssh_poll_handle p)
 
 /**
  * @brief  Set the events of a poll object. The events will also be propagated
- *         to an associated poll context.
+ *         to an associated poll context unless the fd is locked. In that case,
+ *         only the POLLOUT can be set.
  *
  * @param  p            Pointer to an already allocated poll object.
  * @param  events       Poll events.
@@ -420,8 +421,14 @@ short ssh_poll_get_events(ssh_poll_handle p)
 void ssh_poll_set_events(ssh_poll_handle p, short events)
 {
     p->events = events;
-    if (p->ctx != NULL && !p->lock) {
-        p->ctx->pollfds[p->x.idx].events = events;
+    if (p->ctx != NULL) {
+        if (!ssh_poll_is_locked(p)) {
+            p->ctx->pollfds[p->x.idx].events = events;
+        } else if (!(p->ctx->pollfds[p->x.idx].events & POLLOUT)) {
+            /* if locked, allow only setting POLLOUT to prevent recursive
+             * callbacks */
+            p->ctx->pollfds[p->x.idx].events = events & POLLOUT;
+        }
     }
 }
 
@@ -553,8 +560,8 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx)
 
 static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size)
 {
-  ssh_poll_handle *pollptrs;
-  ssh_pollfd_t *pollfds;
+  ssh_poll_handle *pollptrs = NULL;
+  ssh_pollfd_t *pollfds = NULL;
 
   pollptrs = realloc(ctx->pollptrs, sizeof(ssh_poll_handle) * new_size);
   if (pollptrs == NULL) {
@@ -621,7 +628,7 @@ int ssh_poll_ctx_add(ssh_poll_ctx ctx, ssh_poll_handle p)
  */
 int ssh_poll_ctx_add_socket (ssh_poll_ctx ctx, ssh_socket s)
 {
-    ssh_poll_handle p;
+    ssh_poll_handle p = NULL;
     int ret;
 
     p = ssh_socket_get_poll_handle(s);
@@ -662,6 +669,20 @@ void ssh_poll_ctx_remove(ssh_poll_ctx ctx, ssh_poll_handle p)
   }
 }
 
+/**
+ * @brief  Returns if a poll object is locked.
+ *
+ * @param  p            Pointer to an already allocated poll object.
+ * @returns true if the poll object is locked; false otherwise.
+ */
+bool ssh_poll_is_locked(ssh_poll_handle p)
+{
+    if (p == NULL) {
+        return false;
+    }
+    return p->lock_cnt > 0;
+}
+
 /**
  * @brief  Poll all the sockets associated through a poll object with a
  *         poll context. If any of the events are set after the poll, the
@@ -691,6 +712,15 @@ int ssh_poll_ctx_dopoll(ssh_poll_ctx ctx, int timeout)
         return SSH_ERROR;
     }
 
+    /* Allow only POLLOUT events on locked sockets as that means we are called
+     * recursively and we only want process the POLLOUT events here to flush
+     * output buffer */
+    for (i = 0; i < ctx->polls_used; i++) {
+        /* The lock allows only POLLOUT events: drop the rest */
+        if (ssh_poll_is_locked(ctx->pollptrs[i])) {
+            ctx->pollfds[i].events &= POLLOUT;
+        }
+    }
     ssh_timestamp_init(&ts);
     do {
         int tm = ssh_timeout_update(&ts, timeout);
@@ -706,17 +736,24 @@ int ssh_poll_ctx_dopoll(ssh_poll_ctx ctx, int timeout)
 
     used = ctx->polls_used;
     for (i = 0; i < used && rc > 0; ) {
-        if (!ctx->pollfds[i].revents || ctx->pollptrs[i]->lock) {
+        revents = ctx->pollfds[i].revents;
+        /* Do not pass any other events except for POLLOUT to callback when
+         * called recursively more than 2 times. On s390x the poll will be
+         * spammed with POLLHUP events causing infinite recursion when the user
+         * callback issues some write/flush/poll calls. */
+        if (ctx->pollptrs[i]->lock_cnt > 2) {
+            revents &= POLLOUT;
+        }
+        if (revents == 0) {
             i++;
         } else {
             int ret;
 
             p = ctx->pollptrs[i];
             fd = ctx->pollfds[i].fd;
-            revents = ctx->pollfds[i].revents;
             /* avoid having any event caught during callback */
             ctx->pollfds[i].events = 0;
-            p->lock = 1;
+            p->lock_cnt++;
             if (p->cb && (ret = p->cb(p, fd, revents, p->cb_data)) < 0) {
                 if (ret == -2) {
                     return -1;
@@ -727,7 +764,7 @@ int ssh_poll_ctx_dopoll(ssh_poll_ctx ctx, int timeout)
             } else {
                 ctx->pollfds[i].revents = 0;
                 ctx->pollfds[i].events = p->events;
-                p->lock = 0;
+                p->lock_cnt--;
                 i++;
             }
 
@@ -839,7 +876,7 @@ ssh_event_add_fd(ssh_event event, socket_t fd, short events,
                  ssh_event_callback cb, void *userdata)
 {
     ssh_poll_handle p;
-    struct ssh_event_fd_wrapper *pw;
+    struct ssh_event_fd_wrapper *pw = NULL;
 
     if(event == NULL || event->ctx == NULL || cb == NULL
                                            || fd == SSH_INVALID_SOCKET) {
@@ -909,7 +946,7 @@ int ssh_event_add_session(ssh_event event, ssh_session session)
 {
     ssh_poll_handle p;
 #ifdef WITH_SERVER
-    struct ssh_iterator *iterator;
+    struct ssh_iterator *iterator = NULL;
 #endif
 
     if(event == NULL || event->ctx == NULL || session == NULL) {
@@ -981,7 +1018,7 @@ int ssh_event_add_connector(ssh_event event, ssh_connector connector)
  * @returns SSH_OK      on success.
  *          SSH_ERROR   Error happened during the poll. Check errno to get more
  *                      details about why it failed.
- *          SSH_AGAIN   Timeout occured
+ *          SSH_AGAIN   Timeout occurred
  */
 int ssh_event_dopoll(ssh_event event, int timeout)
 {
@@ -1056,7 +1093,7 @@ int ssh_event_remove_session(ssh_event event, ssh_session session)
     register size_t i, used;
     int rc = SSH_ERROR;
 #ifdef WITH_SERVER
-    struct ssh_iterator *iterator;
+    struct ssh_iterator *iterator = NULL;
 #endif
 
     if (event == NULL || event->ctx == NULL || session == NULL) {
diff --git a/libssh/src/scp.c b/libssh/src/scp.c
index ef5aa139..a1e3687f 100644
--- a/libssh/src/scp.c
+++ b/libssh/src/scp.c
@@ -66,7 +66,7 @@ ssh_scp ssh_scp_new(ssh_session session, int mode, const char *location)
 {
     ssh_scp scp = NULL;
 
-    if (session == NULL) {
+    if (session == NULL || location == NULL) {
         goto error;
     }
 
@@ -146,7 +146,7 @@ int ssh_scp_init(ssh_scp scp)
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "Initializing scp session %s %son location '%s'",
+    SSH_LOG(SSH_LOG_DEBUG, "Initializing scp session %s %son location '%s'",
             scp->mode == SSH_SCP_WRITE?"write":"read",
             scp->recursive ? "recursive " : "",
             scp->location);
@@ -266,7 +266,7 @@ int ssh_scp_close(ssh_scp scp)
          */
         while (!ssh_channel_is_eof(scp->channel)) {
             rc = ssh_channel_read(scp->channel, buffer, sizeof(buffer), 0);
-            if (rc == SSH_ERROR || rc == 0) {
+            if (rc == SSH_ERROR || rc == SSH_AGAIN || rc == 0) {
                 break;
             }
         }
@@ -376,7 +376,7 @@ int ssh_scp_push_directory(ssh_scp scp, const char *dirname, int mode)
         goto error;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL,
+    SSH_LOG(SSH_LOG_DEBUG,
             "SCP pushing directory %s with permissions '%s'",
             vis_encoded, perms);
 
@@ -517,7 +517,7 @@ int ssh_scp_push_file64(ssh_scp scp, const char *filename, uint64_t size,
         goto error;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL,
+    SSH_LOG(SSH_LOG_DEBUG,
             "SCP pushing file %s, size %" PRIu64 " with permissions '%s'",
             vis_encoded, size, perms);
 
@@ -603,6 +603,12 @@ int ssh_scp_response(ssh_scp scp, char **response)
 
     rc = ssh_channel_read(scp->channel, &code, 1, 0);
     if (rc == SSH_ERROR) {
+        scp->state = SSH_SCP_ERROR;
+        return SSH_ERROR;
+    }
+    if (rc == SSH_AGAIN) {
+        ssh_set_error(scp->session, SSH_FATAL, "SCP: ssh_channel_read timeout");
+        scp->state = SSH_SCP_ERROR;
         return SSH_ERROR;
     }
 
@@ -760,6 +766,14 @@ int ssh_scp_read_string(ssh_scp scp, char *buffer, size_t len)
             break;
         }
 
+        if (err == SSH_AGAIN) {
+            ssh_set_error(scp->session,
+                          SSH_FATAL,
+                          "SCP: ssh_channel_read timeout");
+            err = SSH_ERROR;
+            break;
+        }
+
         read++;
         if (buffer[read - 1] == '\n') {
             break;
@@ -825,7 +839,7 @@ int ssh_scp_pull_request(ssh_scp scp)
         *p = '\0';
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "Received SCP request: '%s'", buffer);
+    SSH_LOG(SSH_LOG_DEBUG, "Received SCP request: '%s'", buffer);
     switch(buffer[0]) {
     case 'C':
         /* File */
@@ -991,7 +1005,7 @@ int ssh_scp_accept_request(ssh_scp scp)
  *
  * @param[in]  size     The size of the buffer.
  *
- * @returns             The nNumber of bytes read, SSH_ERROR if an error occurred
+ * @returns             The number of bytes read, SSH_ERROR if an error occurred
  *                      while reading.
  */
 int ssh_scp_read(ssh_scp scp, void *buffer, size_t size)
@@ -1027,12 +1041,16 @@ int ssh_scp_read(ssh_scp scp, void *buffer, size_t size)
     }
 
     rc = ssh_channel_read(scp->channel, buffer, size, 0);
-    if (rc != SSH_ERROR) {
-        scp->processed += rc;
-    } else {
+    if (rc == SSH_ERROR) {
+        scp->state = SSH_SCP_ERROR;
+        return SSH_ERROR;
+    }
+    if (rc == SSH_AGAIN) {
+        ssh_set_error(scp->session, SSH_FATAL, "SCP: ssh_channel_read timeout");
         scp->state = SSH_SCP_ERROR;
         return SSH_ERROR;
     }
+    scp->processed += rc;
 
     /* Check if we arrived at end of file */
     if (scp->processed == scp->filelen) {
diff --git a/libssh/src/server.c b/libssh/src/server.c
index 04949a94..c6ad11f9 100644
--- a/libssh/src/server.c
+++ b/libssh/src/server.c
@@ -85,14 +85,18 @@ int server_set_kex(ssh_session session)
 {
     struct ssh_kex_struct *server = &session->next_crypto->server_kex;
     int i, j, rc;
-    const char *wanted, *allowed;
-    char *kept;
+    const char *wanted = NULL, *allowed = NULL;
+    char *kept = NULL;
     char hostkeys[128] = {0};
     enum ssh_keytypes_e keytype;
     size_t len;
     int ok;
 
-    ZERO_STRUCTP(server);
+    /* Skip if already set, for example for the rekey or when we do the guessing
+     * it could have been already used to make some protocol decisions. */
+    if (server->methods[0] != NULL) {
+        return SSH_OK;
+    }
 
     ok = ssh_get_random(server->cookie, 16, 0);
     if (!ok) {
@@ -112,15 +116,6 @@ int server_set_kex(ssh_session session)
         snprintf(hostkeys + len, sizeof(hostkeys) - len,
                  ",%s", session->srv.ecdsa_key->type_c);
     }
-#endif
-#ifdef HAVE_DSA
-    if (session->srv.dsa_key != NULL) {
-        len = strlen(hostkeys);
-        keytype = ssh_key_type(session->srv.dsa_key);
-
-        snprintf(hostkeys + len, sizeof(hostkeys) - len,
-                 ",%s", ssh_key_type_to_char(keytype));
-    }
 #endif
     if (session->srv.rsa_key != NULL) {
         /* We support also the SHA2 variants */
@@ -160,7 +155,8 @@ int server_set_kex(ssh_session session)
 
     rc = ssh_options_set_algo(session,
                               SSH_HOSTKEYS,
-                              kept);
+                              kept,
+                              &session->opts.wanted_methods[SSH_HOSTKEYS]);
     SAFE_FREE(kept);
     if (rc < 0) {
         return -1;
@@ -191,7 +187,13 @@ int server_set_kex(ssh_session session)
         }
     }
 
-    return 0;
+    /* Do not append the extensions during rekey */
+    if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
+        return SSH_OK;
+    }
+
+    rc = ssh_kex_append_extensions(session, server);
+    return rc;
 }
 
 int ssh_server_init_kex(ssh_session session) {
@@ -209,9 +211,10 @@ int ssh_server_init_kex(ssh_session session) {
     return server_set_kex(session);
 }
 
-static int ssh_server_send_extensions(ssh_session session) {
+static int ssh_server_send_extensions(ssh_session session)
+{
     int rc;
-    const char *hostkey_algorithms;
+    const char *hostkey_algorithms = NULL;
 
     SSH_LOG(SSH_LOG_PACKET, "Sending SSH_MSG_EXT_INFO");
 
@@ -276,14 +279,11 @@ ssh_get_key_params(ssh_session session,
                    ssh_key *privkey,
                    enum ssh_digest_e *digest)
 {
-    ssh_key pubkey;
-    ssh_string pubkey_blob;
+    ssh_key pubkey = NULL;
+    ssh_string pubkey_blob = NULL;
     int rc;
 
     switch(session->srv.hostkey) {
-      case SSH_KEYTYPE_DSS:
-        *privkey = session->srv.dsa_key;
-        break;
       case SSH_KEYTYPE_RSA:
         *privkey = session->srv.rsa_key;
         break;
@@ -335,116 +335,127 @@ ssh_get_key_params(ssh_session session,
  * @brief A function to be called each time a step has been done in the
  * connection.
  */
-static void ssh_server_connection_callback(ssh_session session){
+static void ssh_server_connection_callback(ssh_session session)
+{
     int rc;
 
-    switch(session->session_state){
-        case SSH_SESSION_STATE_NONE:
-        case SSH_SESSION_STATE_CONNECTING:
-        case SSH_SESSION_STATE_SOCKET_CONNECTED:
-            break;
-        case SSH_SESSION_STATE_BANNER_RECEIVED:
-            if (session->clientbanner == NULL) {
+    switch (session->session_state) {
+    case SSH_SESSION_STATE_NONE:
+    case SSH_SESSION_STATE_CONNECTING:
+    case SSH_SESSION_STATE_SOCKET_CONNECTED:
+        break;
+    case SSH_SESSION_STATE_BANNER_RECEIVED:
+        if (session->clientbanner == NULL) {
+            goto error;
+        }
+        set_status(session, 0.4f);
+        SSH_LOG(SSH_LOG_DEBUG,
+                "SSH client banner: %s", session->clientbanner);
+
+        /* Here we analyze the different protocols the server allows. */
+        rc = ssh_analyze_banner(session, 1);
+        if (rc < 0) {
+            ssh_set_error(session, SSH_FATAL,
+                    "No version of SSH protocol usable (banner: %s)",
+                    session->clientbanner);
+            goto error;
+        }
+
+        /* from now, the packet layer is handling incoming packets */
+        ssh_packet_register_socket_callback(session, session->socket);
+
+        ssh_packet_set_default_callbacks(session);
+        set_status(session, 0.5f);
+        session->session_state = SSH_SESSION_STATE_INITIAL_KEX;
+        rc = ssh_send_kex(session);
+        if (rc < 0) {
+            goto error;
+        }
+        break;
+    case SSH_SESSION_STATE_INITIAL_KEX:
+        /* TODO: This state should disappear in favor of get_key handle */
+        break;
+    case SSH_SESSION_STATE_KEXINIT_RECEIVED:
+        set_status(session, 0.6f);
+        if ((session->flags & SSH_SESSION_FLAG_KEXINIT_SENT) == 0) {
+            rc = server_set_kex(session);
+            if (rc == SSH_ERROR) {
                 goto error;
             }
-            set_status(session, 0.4f);
-            SSH_LOG(SSH_LOG_PROTOCOL,
-                    "SSH client banner: %s", session->clientbanner);
-
-            /* Here we analyze the different protocols the server allows. */
-            rc = ssh_analyze_banner(session, 1);
+            /* We are in a rekeying, so we need to send the server kex */
+            rc = ssh_send_kex(session);
             if (rc < 0) {
-                ssh_set_error(session, SSH_FATAL,
-                        "No version of SSH protocol usable (banner: %s)",
-                        session->clientbanner);
                 goto error;
             }
+        }
+        ssh_list_kex(&session->next_crypto->client_kex); // log client kex
+        rc = ssh_kex_select_methods(session);
+        if (rc < 0) {
+            goto error;
+        }
+        rc = crypt_set_algorithms_server(session);
+        if (rc == SSH_ERROR) {
+            goto error;
+        }
+        set_status(session, 0.8f);
+        session->session_state = SSH_SESSION_STATE_DH;
+        break;
+    case SSH_SESSION_STATE_DH:
+        if (session->dh_handshake_state == DH_STATE_FINISHED) {
 
-            /* from now, the packet layer is handling incoming packets */
-            ssh_packet_register_socket_callback(session, session->socket);
-
-            ssh_packet_set_default_callbacks(session);
-            set_status(session, 0.5f);
-            session->session_state=SSH_SESSION_STATE_INITIAL_KEX;
-            if (ssh_send_kex(session, 1) < 0) {
-                goto error;
-            }
-            break;
-        case SSH_SESSION_STATE_INITIAL_KEX:
-            /* TODO: This state should disappear in favor of get_key handle */
-            break;
-        case SSH_SESSION_STATE_KEXINIT_RECEIVED:
-            set_status(session,0.6f);
-            if(session->next_crypto->server_kex.methods[0]==NULL){
-                if(server_set_kex(session) == SSH_ERROR)
-                    goto error;
-                /* We are in a rekeying, so we need to send the server kex */
-                if(ssh_send_kex(session, 1) < 0)
-                    goto error;
-            }
-            ssh_list_kex(&session->next_crypto->client_kex); // log client kex
-            if (ssh_kex_select_methods(session) < 0) {
+            rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN);
+            if (rc != SSH_OK) {
                 goto error;
             }
-            if (crypt_set_algorithms_server(session) == SSH_ERROR)
-                goto error;
-            set_status(session,0.8f);
-            session->session_state=SSH_SESSION_STATE_DH;
-            break;
-        case SSH_SESSION_STATE_DH:
-            if(session->dh_handshake_state==DH_STATE_FINISHED){
-
-                rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN);
-                if (rc != SSH_OK) {
-                    goto error;
-                }
 
+            /*
+             * If the client supports extension negotiation, we will send
+             * our supported extensions now. This is the first message after
+             * sending NEWKEYS message and after turning on crypto.
+             */
+            if (session->extensions & SSH_EXT_NEGOTIATION &&
+                session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
                 /*
-                 * If the client supports extension negotiation, we will send
-                 * our supported extensions now. This is the first message after
-                 * sending NEWKEYS message and after turning on crypto.
+                 * Only send an SSH_MSG_EXT_INFO message the first time the
+                 * client undergoes NEWKEYS.  It is unexpected for this message
+                 * to be sent upon rekey, and may cause clients to log error
+                 * messages.
+                 *
+                 * The session_state can not be used for this purpose because it
+                 * is re-set to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.
+                 * So, use the connected flag which transitions from non-zero
+                 * below.
+                 *
+                 * See also:
+                 * - https://bugzilla.mindrot.org/show_bug.cgi?id=2929
                  */
-                if (session->extensions & SSH_EXT_NEGOTIATION &&
-                    session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
-
-                    /*
-                     * Only send an SSH_MSG_EXT_INFO message the first time the client
-                     * undergoes NEWKEYS.  It is unexpected for this message to be sent
-                     * upon rekey, and may cause clients to log error messages.
-                     *
-                     * The session_state can not be used for this purpose because it is
-                     * re-set to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.  So,
-                     * use the connected flag which transitions from non-zero below.
-                     *
-                     * See also:
-                     * - https://bugzilla.mindrot.org/show_bug.cgi?id=2929
-                     */
-                    if (session->connected == 0) {
-                        ssh_server_send_extensions(session);
-                    }
+                if (session->connected == 0) {
+                    ssh_server_send_extensions(session);
                 }
+            }
 
-                set_status(session,1.0f);
-                session->connected = 1;
-                session->session_state=SSH_SESSION_STATE_AUTHENTICATING;
-                if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
-                    session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
+            set_status(session, 1.0f);
+            session->connected = 1;
+            session->session_state = SSH_SESSION_STATE_AUTHENTICATING;
+            if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED)
+                session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
 
-            }
-            break;
-        case SSH_SESSION_STATE_AUTHENTICATING:
-            break;
-        case SSH_SESSION_STATE_ERROR:
-            goto error;
-        default:
-            ssh_set_error(session,SSH_FATAL,"Invalid state %d",session->session_state);
+        }
+        break;
+    case SSH_SESSION_STATE_AUTHENTICATING:
+        break;
+    case SSH_SESSION_STATE_ERROR:
+        goto error;
+    default:
+        ssh_set_error(session, SSH_FATAL, "Invalid state %d",
+                      session->session_state);
     }
 
     return;
 error:
     ssh_socket_close(session->socket);
     session->alive = 0;
-    session->session_state=SSH_SESSION_STATE_ERROR;
+    session->session_state = SSH_SESSION_STATE_ERROR;
 }
 
 /**
@@ -458,16 +469,17 @@ static void ssh_server_connection_callback(ssh_session session){
  * @param  user is a pointer to session
  * @returns Number of bytes processed, or zero if the banner is not complete.
  */
-static size_t callback_receive_banner(const void *data, size_t len, void *user) {
-    char *buffer = (char *) data;
-    ssh_session session = (ssh_session) user;
+static size_t callback_receive_banner(const void *data, size_t len, void *user)
+{
+    char *buffer = (char *)data;
+    ssh_session session = (ssh_session)user;
     char *str = NULL;
     size_t i;
     size_t processed = 0;
 
     for (i = 0; i < len; i++) {
 #ifdef WITH_PCAP
-        if(session->pcap_ctx && buffer[i] == '\n') {
+        if (session->pcap_ctx && buffer[i] == '\n') {
             ssh_pcap_context_write(session->pcap_ctx,
                                    SSH_PCAP_DIR_IN,
                                    buffer,
@@ -476,11 +488,11 @@ static size_t callback_receive_banner(const void *data, size_t len, void *user)
         }
 #endif
         if (buffer[i] == '\r') {
-            buffer[i]='\0';
+            buffer[i] = '\0';
         }
 
         if (buffer[i] == '\n') {
-            buffer[i]='\0';
+            buffer[i] = '\0';
 
             str = strdup(buffer);
             /* number of bytes read */
@@ -493,10 +505,11 @@ static size_t callback_receive_banner(const void *data, size_t len, void *user)
             return processed;
         }
 
-        if(i > 127) {
+        if (i > 127) {
             /* Too big banner */
             session->session_state = SSH_SESSION_STATE_ERROR;
-            ssh_set_error(session, SSH_FATAL, "Receiving banner: too large banner");
+            ssh_set_error(session, SSH_FATAL,
+                          "Receiving banner: too large banner");
 
             return 0;
         }
@@ -510,6 +523,7 @@ static int ssh_server_kex_termination(void *s){
   ssh_session session = s;
   if (session->session_state != SSH_SESSION_STATE_ERROR &&
       session->session_state != SSH_SESSION_STATE_AUTHENTICATING &&
+      session->session_state != SSH_SESSION_STATE_AUTHENTICATED &&
       session->session_state != SSH_SESSION_STATE_DISCONNECTED)
     return 0;
   else
@@ -535,9 +549,10 @@ int ssh_send_issue_banner(ssh_session session, const ssh_string banner)
             "Sending a server issue banner");
 
     rc = ssh_buffer_pack(session->out_buffer,
-                         "bS",
+                         "bSs",
                          SSH2_MSG_USERAUTH_BANNER,
-                         banner);
+                         banner,
+                         "");
     if (rc != SSH_OK) {
         ssh_set_error_oom(session);
         return SSH_ERROR;
@@ -548,10 +563,14 @@ int ssh_send_issue_banner(ssh_session session, const ssh_string banner)
 }
 
 /* Do the banner and key exchange */
-int ssh_handle_key_exchange(ssh_session session) {
+int ssh_handle_key_exchange(ssh_session session)
+{
     int rc;
-    if (session->session_state != SSH_SESSION_STATE_NONE)
-      goto pending;
+
+    if (session->session_state != SSH_SESSION_STATE_NONE) {
+        goto pending;
+    }
+
     rc = ssh_send_banner(session, 1);
     if (rc < 0) {
         return SSH_ERROR;
@@ -562,27 +581,28 @@ int ssh_handle_key_exchange(ssh_session session) {
     session->ssh_connection_callback = ssh_server_connection_callback;
     session->session_state = SSH_SESSION_STATE_SOCKET_CONNECTED;
     ssh_socket_set_callbacks(session->socket,&session->socket_callbacks);
-    session->socket_callbacks.data=callback_receive_banner;
-    session->socket_callbacks.exception=ssh_socket_exception_callback;
-    session->socket_callbacks.userdata=session;
+    session->socket_callbacks.data = callback_receive_banner;
+    session->socket_callbacks.exception = ssh_socket_exception_callback;
+    session->socket_callbacks.userdata = session;
 
     rc = server_set_kex(session);
     if (rc < 0) {
         return SSH_ERROR;
     }
-    pending:
+pending:
     rc = ssh_handle_packets_termination(session, SSH_TIMEOUT_USER,
-        ssh_server_kex_termination,session);
+                                        ssh_server_kex_termination,session);
     SSH_LOG(SSH_LOG_PACKET, "ssh_handle_key_exchange: current state : %d",
-        session->session_state);
-    if (rc != SSH_OK)
-      return rc;
+            session->session_state);
+    if (rc != SSH_OK) {
+        return rc;
+    }
     if (session->session_state == SSH_SESSION_STATE_ERROR ||
         session->session_state == SSH_SESSION_STATE_DISCONNECTED) {
-      return SSH_ERROR;
+        return SSH_ERROR;
     }
 
-  return SSH_OK;
+    return SSH_OK;
 }
 
 /* messages */
@@ -671,7 +691,7 @@ static int ssh_message_channel_request_reply_default(ssh_message msg) {
     channel = msg->channel_request.channel->remote_channel;
 
     SSH_LOG(SSH_LOG_PACKET,
-        "Sending a default channel_request denied to channel %d", channel);
+        "Sending a default channel_request denied to channel %" PRIu32, channel);
 
     rc = ssh_buffer_pack(msg->session->out_buffer,
                          "bd",
@@ -695,8 +715,16 @@ static int ssh_message_service_request_reply_default(ssh_message msg) {
   return ssh_message_service_reply_success(msg);
 }
 
-int ssh_message_service_reply_success(ssh_message msg) {
-    ssh_session session;
+/**
+ * @brief   Sends SERVICE_ACCEPT to the client
+ *
+ * @param msg The message to reply to
+ *
+ * @returns SSH_OK when success otherwise SSH_ERROR
+ */
+int ssh_message_service_reply_success(ssh_message msg)
+{
+    ssh_session session = NULL;
     int rc;
 
     if (msg == NULL) {
@@ -719,6 +747,15 @@ int ssh_message_service_reply_success(ssh_message msg) {
     return rc;
 }
 
+/**
+ * @brief Send a global request success message
+ *
+ * @param msg The message
+ *
+ * @param bound_port The remote bind port
+ *
+ * @returns SSH_OK on success, otherwise SSH_ERROR
+ */
 int ssh_message_global_request_reply_success(ssh_message msg, uint16_t bound_port) {
     int rc;
 
@@ -797,6 +834,13 @@ int ssh_message_reply_default(ssh_message msg) {
   return -1;
 }
 
+/**
+ * @brief Gets the service name from the service request message
+ *
+ * @param msg The service request message
+ *
+ * @returns the service name from the message
+ */
 const char *ssh_message_service_service(ssh_message msg){
   if (msg == NULL) {
     return NULL;
@@ -828,7 +872,6 @@ ssh_key ssh_message_auth_pubkey(ssh_message msg) {
   return msg->auth_request.pubkey;
 }
 
-/* Get the publickey of an auth request */
 ssh_public_key ssh_message_auth_publickey(ssh_message msg){
   if (msg == NULL) {
     return NULL;
@@ -844,6 +887,13 @@ enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg){
 	  return msg->auth_request.signature_state;
 }
 
+/**
+ *  @brief Check if the message is a keyboard-interactive response
+ *
+ *  @param msg The message to check
+ *
+ *  @returns 1 if the message is a response, otherwise 0
+ */
 int ssh_message_auth_kbdint_is_response(ssh_message msg) {
   if (msg == NULL) {
     return -1;
@@ -853,6 +903,17 @@ int ssh_message_auth_kbdint_is_response(ssh_message msg) {
 }
 
 /* FIXME: methods should be unsigned */
+/**
+ * @brief Sets the supported authentication methods to a message
+ *
+ * @param msg The message
+ *
+ * @param methods Methods to set to the message.
+ * The supported methods are listed in ssh_set_auth_methods
+ * @see ssh_set_auth_methods
+ *
+ * @returns 0 on success, otherwise -1
+ */
 int ssh_message_auth_set_methods(ssh_message msg, int methods) {
   if (msg == NULL || msg->session == NULL) {
     return -1;
@@ -907,9 +968,8 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
 
   /* fill in the kbdint structure */
   if (msg->session->kbdint == NULL) {
-    SSH_LOG(SSH_LOG_PROTOCOL, "Warning: Got a "
-                                        "keyboard-interactive response but it "
-                                        "seems we didn't send the request.");
+    SSH_LOG(SSH_LOG_DEBUG, "Warning: Got a keyboard-interactive response "
+                           "but it seems we didn't send the request.");
 
     msg->session->kbdint = ssh_kbdint_new();
     if (msg->session->kbdint == NULL) {
@@ -973,6 +1033,17 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
   return rc;
 }
 
+/**
+ * @brief Sends SSH2_MSG_USERAUTH_SUCCESS or SSH2_MSG_USERAUTH_FAILURE message
+ * depending on the success of the authentication method
+ *
+ * @param session The session to reply to
+ *
+ * @param partial Denotes if the authentication process was partially completed
+ * (unsuccessful)
+ *
+ * @returns SSH_OK on success, otherwise SSH_ERROR
+ */
 int ssh_auth_reply_success(ssh_session session, int partial)
 {
     struct ssh_crypto_struct *crypto = NULL;
@@ -1004,13 +1075,13 @@ int ssh_auth_reply_success(ssh_session session, int partial)
 
     crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
     if (crypto != NULL && crypto->delayed_compress_out) {
-        SSH_LOG(SSH_LOG_PROTOCOL, "Enabling delayed compression OUT");
+        SSH_LOG(SSH_LOG_DEBUG, "Enabling delayed compression OUT");
         crypto->do_compress_out = 1;
     }
 
     crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
     if (crypto != NULL && crypto->delayed_compress_in) {
-        SSH_LOG(SSH_LOG_PROTOCOL, "Enabling delayed compression IN");
+        SSH_LOG(SSH_LOG_DEBUG, "Enabling delayed compression IN");
         crypto->do_compress_in = 1;
     }
     return r;
@@ -1022,7 +1093,17 @@ int ssh_message_auth_reply_success(ssh_message msg, int partial) {
 	return ssh_auth_reply_success(msg->session, partial);
 }
 
-/* Answer OK to a pubkey auth request */
+/**
+ * @brief Answer SSH2_MSG_USERAUTH_PK_OK to a pubkey authentication request
+ *
+ * @param msg The message
+ *
+ * @param algo The algorithm of the accepted public key
+ *
+ * @param pubkey The accepted public key
+ *
+ * @returns SSH_OK on success, otherwise SSH_ERROR
+ */
 int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pubkey) {
     int rc;
     if (msg == NULL) {
@@ -1043,8 +1124,16 @@ int ssh_message_auth_reply_pk_ok(ssh_message msg, ssh_string algo, ssh_string pu
     return rc;
 }
 
-int ssh_message_auth_reply_pk_ok_simple(ssh_message msg) {
-    ssh_string algo;
+/**
+ * @brief Answer SSH2_MSG_USERAUTH_PK_OK to a pubkey authentication request
+ *
+ * @param msg The message
+ *
+ * @returns SSH_OK on success, otherwise SSH_ERROR
+ */
+int ssh_message_auth_reply_pk_ok_simple(ssh_message msg)
+{
+    ssh_string algo = NULL;
     ssh_string pubkey_blob = NULL;
     int ret;
 
@@ -1193,6 +1282,13 @@ int ssh_execute_message_callbacks(ssh_session session){
   return SSH_OK;
 }
 
+/**
+ * @brief Sends a keepalive message to the session
+ *
+ * @param session   The session to send the message to
+ *
+ * @returns SSH_OK
+ */
 int ssh_send_keepalive(ssh_session session)
 {
     /* Client denies the request, so the error code is not meaningful */
diff --git a/libssh/src/session.c b/libssh/src/session.c
index 6025c133..9fd5d946 100644
--- a/libssh/src/session.c
+++ b/libssh/src/session.c
@@ -39,11 +39,12 @@
 #include "libssh/buffer.h"
 #include "libssh/poll.h"
 #include "libssh/pki.h"
+#include "libssh/gssapi.h"
 
 #define FIRST_CHANNEL 42 // why not ? it helps to find bugs.
 
 /**
- * @defgroup libssh_session The SSH session functions.
+ * @defgroup libssh_session The SSH session functions
  * @ingroup libssh
  *
  * Functions that manage a session.
@@ -58,7 +59,7 @@
  */
 ssh_session ssh_new(void)
 {
-    ssh_session session;
+    ssh_session session = NULL;
     char *id = NULL;
     int rc;
 
@@ -96,6 +97,7 @@ ssh_session ssh_new(void)
     session->auth.supported_methods = 0;
     ssh_set_blocking(session, 1);
     session->maxchannel = FIRST_CHANNEL;
+    session->proxy_root = true;
 
     session->agent = ssh_agent_new(session);
     if (session->agent == NULL) {
@@ -108,57 +110,75 @@ ssh_session ssh_new(void)
     session->opts.fd = -1;
     session->opts.compressionlevel = 7;
     session->opts.nodelay = 0;
+    session->opts.identities_only = false;
+    session->opts.control_master = SSH_CONTROL_MASTER_NO;
 
     session->opts.flags = SSH_OPT_FLAG_PASSWORD_AUTH |
                           SSH_OPT_FLAG_PUBKEY_AUTH |
                           SSH_OPT_FLAG_KBDINT_AUTH |
                           SSH_OPT_FLAG_GSSAPI_AUTH;
 
+    session->opts.exp_flags = 0;
+
     session->opts.identity = ssh_list_new();
     if (session->opts.identity == NULL) {
         goto err;
     }
+    session->opts.identity_non_exp = ssh_list_new();
+    if (session->opts.identity_non_exp == NULL) {
+        goto err;
+    }
 
-    id = strdup("%d/id_ed25519");
-    if (id == NULL) {
+    session->opts.certificate = ssh_list_new();
+    if (session->opts.certificate == NULL) {
+        goto err;
+    }
+    session->opts.certificate_non_exp = ssh_list_new();
+    if (session->opts.certificate_non_exp == NULL) {
         goto err;
     }
+    /* the default certificates are loaded automatically from the default
+     * identities later */
 
-    rc = ssh_list_append(session->opts.identity, id);
-    if (rc == SSH_ERROR) {
+    session->opts.proxy_jumps = ssh_list_new();
+    if (session->opts.proxy_jumps == NULL) {
         goto err;
     }
 
-#ifdef HAVE_ECC
-    id = strdup("%d/id_ecdsa");
+    session->opts.proxy_jumps_user_cb = ssh_list_new();
+    if (session->opts.proxy_jumps_user_cb == NULL) {
+        goto err;
+    }
+
+    id = strdup("%d/id_ed25519");
     if (id == NULL) {
         goto err;
     }
-    rc = ssh_list_append(session->opts.identity, id);
+
+    rc = ssh_list_append(session->opts.identity_non_exp, id);
     if (rc == SSH_ERROR) {
         goto err;
     }
-#endif
 
-    id = strdup("%d/id_rsa");
+#ifdef HAVE_ECC
+    id = strdup("%d/id_ecdsa");
     if (id == NULL) {
         goto err;
     }
-    rc = ssh_list_append(session->opts.identity, id);
+    rc = ssh_list_append(session->opts.identity_non_exp, id);
     if (rc == SSH_ERROR) {
         goto err;
     }
+#endif
 
-#ifdef HAVE_DSA
-    id = strdup("%d/id_dsa");
+    id = strdup("%d/id_rsa");
     if (id == NULL) {
         goto err;
     }
-    rc = ssh_list_append(session->opts.identity, id);
+    rc = ssh_list_append(session->opts.identity_non_exp, id);
     if (rc == SSH_ERROR) {
         goto err;
     }
-#endif
 
     /* Explicitly initialize states */
     session->session_state = SSH_SESSION_STATE_NONE;
@@ -240,12 +260,8 @@ void ssh_free(ssh_session session)
   crypto_free(session->current_crypto);
   crypto_free(session->next_crypto);
 
-#ifndef _WIN32
   ssh_agent_free(session->agent);
-#endif /* _WIN32 */
 
-  ssh_key_free(session->srv.dsa_key);
-  session->srv.dsa_key = NULL;
   ssh_key_free(session->srv.rsa_key);
   session->srv.rsa_key = NULL;
   ssh_key_free(session->srv.ecdsa_key);
@@ -272,9 +288,13 @@ void ssh_free(ssh_session session)
     ssh_list_free(session->packet_callbacks);
   }
 
+#ifdef WITH_GSSAPI
+    ssh_gssapi_free(session);
+#endif
+
   /* options */
   if (session->opts.identity) {
-      char *id;
+      char *id = NULL;
 
       for (id = ssh_list_pop_head(char *, session->opts.identity);
            id != NULL;
@@ -284,15 +304,50 @@ void ssh_free(ssh_session session)
       ssh_list_free(session->opts.identity);
   }
 
+  if (session->opts.identity_non_exp) {
+      char *id = NULL;
+
+      for (id = ssh_list_pop_head(char *, session->opts.identity_non_exp);
+           id != NULL;
+           id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) {
+          SAFE_FREE(id);
+      }
+      ssh_list_free(session->opts.identity_non_exp);
+  }
+
+    if (session->opts.certificate) {
+        char *cert = NULL;
+
+        for (cert = ssh_list_pop_head(char *, session->opts.certificate);
+             cert != NULL;
+             cert = ssh_list_pop_head(char *, session->opts.certificate)) {
+            SAFE_FREE(cert);
+        }
+        ssh_list_free(session->opts.certificate);
+    }
+
+    if (session->opts.certificate_non_exp) {
+        char *cert = NULL;
+
+        for (cert = ssh_list_pop_head(char *, session->opts.certificate_non_exp);
+             cert != NULL;
+             cert = ssh_list_pop_head(char *, session->opts.certificate_non_exp)) {
+            SAFE_FREE(cert);
+        }
+        ssh_list_free(session->opts.certificate_non_exp);
+    }
+
+    ssh_proxyjumps_free(session->opts.proxy_jumps);
+    SSH_LIST_FREE(session->opts.proxy_jumps);
+    SSH_LIST_FREE(session->opts.proxy_jumps_user_cb);
+
     while ((b = ssh_list_pop_head(struct ssh_buffer_struct *,
                                   session->out_queue)) != NULL) {
         SSH_BUFFER_FREE(b);
     }
     ssh_list_free(session->out_queue);
 
-#ifndef _WIN32
-  ssh_agent_state_free (session->agent_state);
-#endif
+  ssh_agent_state_free(session->agent_state);
   session->agent_state = NULL;
 
   SAFE_FREE(session->auth.auto_state);
@@ -300,11 +355,10 @@ void ssh_free(ssh_session session)
   SAFE_FREE(session->clientbanner);
   SAFE_FREE(session->banner);
   SAFE_FREE(session->disconnect_message);
+  SAFE_FREE(session->peer_discon_msg);
 
   SAFE_FREE(session->opts.agent_socket);
   SAFE_FREE(session->opts.bindaddr);
-  SAFE_FREE(session->opts.custombanner);
-  SAFE_FREE(session->opts.moduli_file);
   SAFE_FREE(session->opts.username);
   SAFE_FREE(session->opts.host);
   SAFE_FREE(session->opts.sshdir);
@@ -314,6 +368,7 @@ void ssh_free(ssh_session session)
   SAFE_FREE(session->opts.gss_server_identity);
   SAFE_FREE(session->opts.gss_client_identity);
   SAFE_FREE(session->opts.pubkey_accepted_types);
+  SAFE_FREE(session->opts.control_path);
 
   for (i = 0; i < SSH_KEX_METHODS; i++) {
       if (session->opts.wanted_methods[i]) {
@@ -321,6 +376,11 @@ void ssh_free(ssh_session session)
       }
   }
 
+  SAFE_FREE(session->server_opts.custombanner);
+  SAFE_FREE(session->server_opts.moduli_file);
+
+  _ssh_remove_legacy_log_cb();
+
   /* burn connection, it could contain sensitive data */
   explicit_bzero(session, sizeof(struct ssh_session_struct));
   SAFE_FREE(session);
@@ -458,6 +518,21 @@ const char* ssh_get_hmac_out(ssh_session session) {
     return NULL;
 }
 
+/**
+ * @internal
+ * @brief Close the connection socket if it is a socket created by us.
+ * Does not close the sockets provided by the user through options API.
+ */
+void
+ssh_session_socket_close(ssh_session session)
+{
+    if (session->opts.fd == SSH_INVALID_SOCKET) {
+        ssh_socket_close(session->socket);
+    }
+    session->alive = 0;
+    session->session_state = SSH_SESSION_STATE_ERROR;
+}
+
 /**
  * @brief Disconnect impolitely from a remote host by closing the socket.
  *
@@ -465,14 +540,15 @@ const char* ssh_get_hmac_out(ssh_session session) {
  *
  * @param[in]  session  The SSH session to disconnect.
  */
-void ssh_silent_disconnect(ssh_session session) {
-  if (session == NULL) {
-    return;
-  }
+void
+ssh_silent_disconnect(ssh_session session)
+{
+    if (session == NULL) {
+        return;
+    }
 
-  ssh_socket_close(session->socket);
-  session->alive = 0;
-  ssh_disconnect(session);
+    ssh_session_socket_close(session);
+    ssh_disconnect(session);
 }
 
 /**
@@ -633,9 +709,10 @@ void ssh_set_fd_except(ssh_session session) {
  *
  * @return              SSH_OK on success, SSH_ERROR otherwise.
  */
-int ssh_handle_packets(ssh_session session, int timeout) {
-    ssh_poll_handle spoll;
-    ssh_poll_ctx ctx;
+int ssh_handle_packets(ssh_session session, int timeout)
+{
+    ssh_poll_handle spoll = NULL;
+    ssh_poll_ctx ctx = NULL;
     int tm = timeout;
     int rc;
 
@@ -644,20 +721,29 @@ int ssh_handle_packets(ssh_session session, int timeout) {
     }
 
     spoll = ssh_socket_get_poll_handle(session->socket);
+    if (spoll == NULL) {
+        ssh_set_error_oom(session);
+        return SSH_ERROR;
+    }
     ssh_poll_add_events(spoll, POLLIN);
     ctx = ssh_poll_get_ctx(spoll);
 
-    if (!ctx) {
+    if (ctx == NULL) {
         ctx = ssh_poll_get_default_ctx(session);
+        if (ctx == NULL) {
+            ssh_set_error_oom(session);
+            return SSH_ERROR;
+        }
         ssh_poll_ctx_add(ctx, spoll);
     }
 
     if (timeout == SSH_TIMEOUT_USER) {
-        if (ssh_is_blocking(session))
-          tm = ssh_make_milliseconds(session->opts.timeout,
-                                     session->opts.timeout_usec);
-        else
-          tm = 0;
+        if (ssh_is_blocking(session)) {
+            tm = ssh_make_milliseconds(session->opts.timeout,
+                                       session->opts.timeout_usec);
+        } else {
+            tm = 0;
+        }
     }
     rc = ssh_poll_ctx_dopoll(ctx, tm);
     if (rc == SSH_ERROR) {
@@ -819,11 +905,11 @@ const char *ssh_get_disconnect_message(ssh_session session) {
   if (session->session_state != SSH_SESSION_STATE_DISCONNECTED) {
     ssh_set_error(session, SSH_REQUEST_DENIED,
         "Connection not closed yet");
-  } else if(!session->discon_msg) {
+  } else if(!session->peer_discon_msg) {
     ssh_set_error(session, SSH_FATAL,
         "Connection correctly closed but no disconnect message");
   } else {
-    return session->discon_msg;
+    return session->peer_discon_msg;
   }
 
   return NULL;
@@ -979,8 +1065,8 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
 {
     ssh_key pubkey = NULL;
     ssh_string pubkey_blob = NULL;
-    MD5CTX ctx;
-    unsigned char *h;
+    MD5CTX ctx = NULL;
+    unsigned char *h = NULL;
     int rc;
 
     if (session == NULL || hash == NULL) {
@@ -1000,40 +1086,50 @@ int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
     *hash = NULL;
     if (session->current_crypto == NULL ||
         session->current_crypto->server_pubkey == NULL) {
-        ssh_set_error(session,SSH_FATAL,"No current cryptographic context");
+        ssh_set_error(session, SSH_FATAL, "No current cryptographic context");
+        return SSH_ERROR;
+    }
+
+    rc = ssh_get_server_publickey(session, &pubkey);
+    if (rc != SSH_OK) {
+        return SSH_ERROR;
+    }
+
+    rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob);
+    ssh_key_free(pubkey);
+    if (rc != SSH_OK) {
         return SSH_ERROR;
     }
 
     h = calloc(MD5_DIGEST_LEN, sizeof(unsigned char));
     if (h == NULL) {
+        SSH_STRING_FREE(pubkey_blob);
         return SSH_ERROR;
     }
 
     ctx = md5_init();
     if (ctx == NULL) {
+        SSH_STRING_FREE(pubkey_blob);
         SAFE_FREE(h);
         return SSH_ERROR;
     }
 
-    rc = ssh_get_server_publickey(session, &pubkey);
+    rc = md5_update(ctx,
+                    ssh_string_data(pubkey_blob),
+                    ssh_string_len(pubkey_blob));
     if (rc != SSH_OK) {
-        md5_final(h, ctx);
+        SSH_STRING_FREE(pubkey_blob);
+        md5_ctx_free(ctx);
         SAFE_FREE(h);
-        return SSH_ERROR;
+        return rc;
     }
-
-    rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob);
-    ssh_key_free(pubkey);
+    SSH_STRING_FREE(pubkey_blob);
+    rc = md5_final(h, ctx);
     if (rc != SSH_OK) {
-        md5_final(h, ctx);
         SAFE_FREE(h);
-        return SSH_ERROR;
+        return rc;
     }
 
-    md5_update(ctx, ssh_string_data(pubkey_blob), ssh_string_len(pubkey_blob));
-    SSH_STRING_FREE(pubkey_blob);
-    md5_final(h, ctx);
-
     *hash = h;
 
     return MD5_DIGEST_LEN;
@@ -1062,7 +1158,7 @@ void ssh_clean_pubkey_hash(unsigned char **hash)
  * @param[out] key      A pointer to store the allocated key. You need to free
  *                      the key using ssh_key_free().
  *
- * @return              SSH_OK on success, SSH_ERROR on errror.
+ * @return              SSH_OK on success, SSH_ERROR on error.
  *
  * @see ssh_key_free()
  */
@@ -1126,7 +1222,7 @@ int ssh_get_publickey_hash(const ssh_key key,
                            unsigned char **hash,
                            size_t *hlen)
 {
-    ssh_string blob;
+    ssh_string blob = NULL;
     unsigned char *h = NULL;
     int rc;
 
@@ -1138,7 +1234,7 @@ int ssh_get_publickey_hash(const ssh_key key,
     switch (type) {
     case SSH_PUBLICKEY_HASH_SHA1:
         {
-            SHACTX ctx;
+            SHACTX ctx = NULL;
 
             h = calloc(1, SHA_DIGEST_LEN);
             if (h == NULL) {
@@ -1153,15 +1249,24 @@ int ssh_get_publickey_hash(const ssh_key key,
                 goto out;
             }
 
-            sha1_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
-            sha1_final(h, ctx);
+            rc = sha1_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+            if (rc != SSH_OK) {
+                free(h);
+                sha1_ctx_free(ctx);
+                goto out;
+            }
+            rc = sha1_final(h, ctx);
+            if (rc != SSH_OK) {
+                free(h);
+                goto out;
+            }
 
             *hlen = SHA_DIGEST_LEN;
         }
         break;
     case SSH_PUBLICKEY_HASH_SHA256:
         {
-            SHA256CTX ctx;
+            SHA256CTX ctx = NULL;
 
             h = calloc(1, SHA256_DIGEST_LEN);
             if (h == NULL) {
@@ -1176,20 +1281,29 @@ int ssh_get_publickey_hash(const ssh_key key,
                 goto out;
             }
 
-            sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
-            sha256_final(h, ctx);
+            rc = sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+            if (rc != SSH_OK) {
+                free(h);
+                sha256_ctx_free(ctx);
+                goto out;
+            }
+            rc = sha256_final(h, ctx);
+            if (rc != SSH_OK) {
+                free(h);
+                goto out;
+            }
 
             *hlen = SHA256_DIGEST_LEN;
         }
         break;
     case SSH_PUBLICKEY_HASH_MD5:
         {
-            MD5CTX ctx;
+            MD5CTX ctx = NULL;
 
             /* In FIPS mode, we cannot use MD5 */
             if (ssh_fips_mode()) {
-                SSH_LOG(SSH_LOG_WARN, "In FIPS mode MD5 is not allowed."
-                                      "Try using SSH_PUBLICKEY_HASH_SHA256");
+                SSH_LOG(SSH_LOG_TRACE, "In FIPS mode MD5 is not allowed."
+                                       "Try using SSH_PUBLICKEY_HASH_SHA256");
                 rc = SSH_ERROR;
                 goto out;
             }
@@ -1207,8 +1321,17 @@ int ssh_get_publickey_hash(const ssh_key key,
                 goto out;
             }
 
-            md5_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
-            md5_final(h, ctx);
+            rc = md5_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+            if (rc != SSH_OK) {
+                free(h);
+                md5_ctx_free(ctx);
+                goto out;
+            }
+            rc = md5_final(h, ctx);
+            if (rc != SSH_OK) {
+                free(h);
+                goto out;
+            }
 
             *hlen = MD5_DIGEST_LEN;
         }
diff --git a/libssh/src/sftp.c b/libssh/src/sftp.c
index e01012a8..37b4133b 100644
--- a/libssh/src/sftp.c
+++ b/libssh/src/sftp.c
@@ -56,21 +56,12 @@
 
 #ifdef WITH_SFTP
 
-/* Buffer size maximum is 256M */
-#define SFTP_PACKET_SIZE_MAX 0x10000000
-
 struct sftp_ext_struct {
   uint32_t count;
   char **name;
   char **data;
 };
 
-/* functions */
-static int sftp_enqueue(sftp_session session, sftp_message msg);
-static void sftp_message_free(sftp_message msg);
-static void sftp_set_error(sftp_session sftp, int errnum);
-static void status_msg_free(sftp_status_message status);
-
 static sftp_ext sftp_ext_new(void) {
   sftp_ext ext;
 
@@ -266,66 +257,38 @@ sftp_server_new(ssh_session session, ssh_channel chan)
     return NULL;
 }
 
-int sftp_server_init(sftp_session sftp){
-  ssh_session session = sftp->session;
-  sftp_packet packet = NULL;
-  ssh_buffer reply = NULL;
-  uint32_t version;
-  int rc;
-
-  packet = sftp_packet_read(sftp);
-  if (packet == NULL) {
-    return -1;
-  }
-
-  if (packet->type != SSH_FXP_INIT) {
-    ssh_set_error(session, SSH_FATAL,
-        "Packet read of type %d instead of SSH_FXP_INIT",
-        packet->type);
-
-    return -1;
-  }
-
-  SSH_LOG(SSH_LOG_PACKET, "Received SSH_FXP_INIT");
-
-  ssh_buffer_get_u32(packet->payload, &version);
-  version = ntohl(version);
-  SSH_LOG(SSH_LOG_PACKET, "Client version: %d", version);
-  sftp->client_version = (int)version;
-
-  reply = ssh_buffer_new();
-  if (reply == NULL) {
-    ssh_set_error_oom(session);
-    return -1;
-  }
+/* @deprecated in favor of sftp_server_new() and callbacks based sftp server */
+int sftp_server_init(sftp_session sftp)
+{
+    ssh_session session = sftp->session;
+    sftp_client_message msg = NULL;
+    int rc;
 
-  rc = ssh_buffer_pack(reply, "dssss",
-                      LIBSFTP_VERSION,
-                      "posix-rename@openssh.com",
-                      "1",
-                      "hardlink@openssh.com",
-                      "1");
-  if (rc != SSH_OK) {
-    ssh_set_error_oom(session);
-    SSH_BUFFER_FREE(reply);
-    return -1;
-  }
+    /* handles setting the sftp->client_version */
+    msg = sftp_get_client_message(sftp);
+    if (msg == NULL) {
+        return -1;
+    }
 
-  if (sftp_packet_write(sftp, SSH_FXP_VERSION, reply) < 0) {
-    SSH_BUFFER_FREE(reply);
-    return -1;
-  }
-  SSH_BUFFER_FREE(reply);
+    if (msg->type != SSH_FXP_INIT) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Packet read of type %d instead of SSH_FXP_INIT",
+                      msg->type);
+        return -1;
+    }
 
-  SSH_LOG(SSH_LOG_PROTOCOL, "Server version sent");
+    SSH_LOG(SSH_LOG_PACKET, "Received SSH_FXP_INIT");
 
-  if (version > LIBSFTP_VERSION) {
-    sftp->version = LIBSFTP_VERSION;
-  } else {
-    sftp->version = (int)version;
-  }
+    rc = sftp_reply_version(msg);
+    if (rc != SSH_OK) {
+        ssh_set_error(session,
+                      SSH_FATAL,
+                      "Failed to process the SSH_FXP_INIT message");
+        return -1;
+    }
 
-  return 0;
+    return 0;
 }
 
 void sftp_server_free(sftp_session sftp)
@@ -353,6 +316,7 @@ void sftp_server_free(sftp_session sftp)
 
     SAFE_FREE(sftp);
 }
+
 #endif /* WITH_SERVER */
 
 void sftp_free(sftp_session sftp)
@@ -383,169 +347,64 @@ void sftp_free(sftp_session sftp)
     SAFE_FREE(sftp->read_packet);
 
     sftp_ext_free(sftp->ext);
+    sftp_limits_free(sftp->limits);
 
     SAFE_FREE(sftp);
 }
 
-int sftp_packet_write(sftp_session sftp, uint8_t type, ssh_buffer payload)
-{
-    uint8_t header[5] = {0};
-    uint32_t payload_size;
-    int size;
-    int rc;
-
-    /* Add size of type */
-    payload_size = ssh_buffer_get_len(payload) + sizeof(uint8_t);
-    PUSH_BE_U32(header, 0, payload_size);
-    PUSH_BE_U8(header, 4, type);
-
-    rc = ssh_buffer_prepend_data(payload, header, sizeof(header));
-    if (rc < 0) {
-        ssh_set_error_oom(sftp->session);
-        sftp_set_error(sftp, SSH_FX_FAILURE);
-        return -1;
-    }
-
-    size = ssh_channel_write(sftp->channel,
-                             ssh_buffer_get(payload),
-                             ssh_buffer_get_len(payload));
-    if (size < 0) {
-        sftp_set_error(sftp, SSH_FX_FAILURE);
-        return -1;
-    }
-
-    if ((uint32_t)size != ssh_buffer_get_len(payload)) {
-        SSH_LOG(SSH_LOG_PACKET,
-                "Had to write %d bytes, wrote only %d",
-                ssh_buffer_get_len(payload),
-                size);
-    }
-
-    return size;
-}
-
-sftp_packet sftp_packet_read(sftp_session sftp)
+/* @internal
+ * Process the incoming data and copy them from the SSH packet buffer to the
+ * SFTP packet buffer.
+ * @returns number of decoded bytes.
+ */
+int
+sftp_decode_channel_data_to_packet(sftp_session sftp, void *data, uint32_t len)
 {
-    uint8_t tmpbuf[4];
-    uint8_t *buffer = NULL;
     sftp_packet packet = sftp->read_packet;
-    uint32_t size;
-    int nread;
-    bool is_eof;
-    int rc;
+    size_t nread;
+    size_t payload_len;
+    size_t data_offset;
+    size_t to_read, rc;
 
-    packet->sftp = sftp;
-
-    /*
-     * If the packet has a payload, then just reinit the buffer, otherwise
-     * allocate a new one.
-     */
-    if (packet->payload != NULL) {
-        rc = ssh_buffer_reinit(packet->payload);
-        if (rc != 0) {
-            ssh_set_error_oom(sftp->session);
-            sftp_set_error(sftp, SSH_FX_FAILURE);
-            return NULL;
-        }
-    } else {
-        packet->payload = ssh_buffer_new();
-        if (packet->payload == NULL) {
-            ssh_set_error_oom(sftp->session);
-            sftp_set_error(sftp, SSH_FX_FAILURE);
-            return NULL;
-        }
+    if (packet->sftp == NULL) {
+        packet->sftp = sftp;
     }
 
-    nread = 0;
-    do {
-        int s;
-
-        // read from channel until 4 bytes have been read or an error occurs
-        s = ssh_channel_read(sftp->channel, tmpbuf + nread, 4 - nread, 0);
-        if (s < 0) {
-            goto error;
-        } else if (s == 0) {
-            is_eof = ssh_channel_is_eof(sftp->channel);
-            if (is_eof) {
-                ssh_set_error(sftp->session,
-                              SSH_FATAL,
-                              "Received EOF while reading sftp packet size");
-                sftp_set_error(sftp, SSH_FX_EOF);
-                goto error;
-            }
-        } else {
-            nread += s;
-        }
-    } while (nread < 4);
-
-    size = PULL_BE_U32(tmpbuf, 0);
-    if (size == 0 || size > SFTP_PACKET_SIZE_MAX) {
-        ssh_set_error(sftp->session, SSH_FATAL, "Invalid sftp packet size!");
-        sftp_set_error(sftp, SSH_FX_FAILURE);
-        goto error;
+    data_offset = sizeof(uint32_t) + sizeof(uint8_t);
+    /* not enough bytes to read */
+    if (len < data_offset) {
+        return SSH_ERROR;
     }
 
-    do {
-        nread = ssh_channel_read(sftp->channel, tmpbuf, 1, 0);
-        if (nread < 0) {
-            goto error;
-        } else if (nread == 0) {
-            is_eof = ssh_channel_is_eof(sftp->channel);
-            if (is_eof) {
-                ssh_set_error(sftp->session,
-                              SSH_FATAL,
-                              "Received EOF while reading sftp packet type");
-                sftp_set_error(sftp, SSH_FX_EOF);
-                goto error;
-            }
-        }
-    } while (nread < 1);
-
-    packet->type = tmpbuf[0];
-
-    /* Remove the packet type size */
-    size -= sizeof(uint8_t);
+    payload_len = PULL_BE_U32(data, 0);
+    packet->type = PULL_BE_U8(data, 4);
 
-    /* Allocate the receive buffer from payload */
-    buffer = ssh_buffer_allocate(packet->payload, size);
-    if (buffer == NULL) {
-        ssh_set_error_oom(sftp->session);
-        sftp_set_error(sftp, SSH_FX_FAILURE);
-        goto error;
+    /* We should check the legality of payload length */
+    if (payload_len > len - sizeof(uint32_t) || payload_len < sizeof(uint8_t)) {
+        return SSH_ERROR;
     }
-    while (size > 0 && size < SFTP_PACKET_SIZE_MAX) {
-        nread = ssh_channel_read(sftp->channel, buffer, size, 0);
-        if (nread < 0) {
-            /* TODO: check if there are cases where an error needs to be set here */
-            goto error;
-        }
 
-        if (nread > 0) {
-            buffer += nread;
-            size -= nread;
-        } else { /* nread == 0 */
-            /* Retry the reading unless the remote was closed */
-            is_eof = ssh_channel_is_eof(sftp->channel);
-            if (is_eof) {
-                ssh_set_error(sftp->session,
-                              SSH_REQUEST_DENIED,
-                              "Received EOF while reading sftp packet");
-                sftp_set_error(sftp, SSH_FX_EOF);
-                goto error;
-            }
-        }
+    to_read = payload_len - sizeof(uint8_t);
+    rc = ssh_buffer_add_data(packet->payload,
+                             (void*)((uint8_t *)data + data_offset),
+                             to_read);
+    if (rc != 0) {
+        return SSH_ERROR;
     }
+    nread = ssh_buffer_get_len(packet->payload);
 
-    return packet;
-error:
-    ssh_buffer_reinit(packet->payload);
-    return NULL;
-}
+    /* We should check if we copied the whole data */
+    if (nread != to_read) {
+        return SSH_ERROR;
+    }
 
-static void sftp_set_error(sftp_session sftp, int errnum) {
-  if (sftp != NULL) {
-    sftp->errnum = errnum;
-  }
+    /*
+     * We should return how many bytes we decoded, including packet length
+     * header and the payload length.
+     * This can't overflow as we pulled this from unit32_t and checked this fits
+     * into the buffer's max size of 0x10000000 (256MB).
+     */
+    return (int)(payload_len + sizeof(uint32_t));
 }
 
 /* Get the last sftp error */
@@ -557,199 +416,155 @@ int sftp_get_error(sftp_session sftp) {
   return sftp->errnum;
 }
 
-static void sftp_message_free(sftp_message msg)
-{
-    if (msg == NULL) {
-        return;
-    }
-
-    SSH_BUFFER_FREE(msg->payload);
-    SAFE_FREE(msg);
-}
+static sftp_limits_t sftp_limits_use_extension(sftp_session sftp);
+static sftp_limits_t sftp_limits_use_default(sftp_session sftp);
 
-static sftp_message sftp_get_message(sftp_packet packet)
+/* Initialize the sftp session with the server. */
+int sftp_init(sftp_session sftp)
 {
-    sftp_session sftp = packet->sftp;
-    sftp_message msg = NULL;
+    sftp_packet packet = NULL;
+    ssh_buffer buffer = NULL;
+    char *ext_name = NULL;
+    char *ext_data = NULL;
+    uint32_t version;
     int rc;
 
-    switch(packet->type) {
-    case SSH_FXP_STATUS:
-    case SSH_FXP_HANDLE:
-    case SSH_FXP_DATA:
-    case SSH_FXP_ATTRS:
-    case SSH_FXP_NAME:
-    case SSH_FXP_EXTENDED_REPLY:
-        break;
-    default:
-        ssh_set_error(packet->sftp->session,
-                      SSH_FATAL,
-                      "Unknown packet type %d",
-                      packet->type);
-        sftp_set_error(packet->sftp, SSH_FX_FAILURE);
-        return NULL;
-    }
-
-    msg = calloc(1, sizeof(struct sftp_message_struct));
-    if (msg == NULL) {
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
         ssh_set_error_oom(sftp->session);
-        sftp_set_error(packet->sftp, SSH_FX_FAILURE);
-        return NULL;
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
     }
 
-    msg->sftp = packet->sftp;
-    msg->packet_type = packet->type;
-
-    /* Move the payload from the packet to the message */
-    msg->payload = packet->payload;
-    packet->payload = NULL;
-
-    rc = ssh_buffer_unpack(msg->payload, "d", &msg->id);
+    rc = ssh_buffer_pack(buffer, "d", LIBSFTP_VERSION);
     if (rc != SSH_OK) {
-        ssh_set_error(packet->sftp->session, SSH_FATAL,
-                "Invalid packet %d: no ID", packet->type);
-        sftp_message_free(msg);
-        sftp_set_error(packet->sftp, SSH_FX_FAILURE);
-        return NULL;
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
     }
 
-    SSH_LOG(SSH_LOG_PACKET,
-            "Packet with id %d type %d",
-            msg->id,
-            msg->packet_type);
-
-    return msg;
-}
+    rc = sftp_packet_write(sftp, SSH_FXP_INIT, buffer);
+    if (rc == SSH_ERROR) {
+        SSH_BUFFER_FREE(buffer);
+        return -1;
+    }
 
-static int sftp_read_and_dispatch(sftp_session sftp)
-{
-    sftp_packet packet = NULL;
-    sftp_message msg = NULL;
+    SSH_BUFFER_FREE(buffer);
 
     packet = sftp_packet_read(sftp);
     if (packet == NULL) {
-        /* something nasty happened reading the packet */
         return -1;
     }
 
-    msg = sftp_get_message(packet);
-    if (msg == NULL) {
+    if (packet->type != SSH_FXP_VERSION) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Received a %d messages instead of SSH_FXP_VERSION",
+                      packet->type);
         return -1;
     }
 
-    if (sftp_enqueue(sftp, msg) < 0) {
-        sftp_message_free(msg);
+    /* TODO: are we sure there are 4 bytes ready? */
+    rc = ssh_buffer_unpack(packet->payload, "d", &version);
+    if (rc != SSH_OK) {
+        ssh_set_error(sftp->session,
+                      SSH_FATAL,
+                      "Unable to unpack SSH_FXP_VERSION packet");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
         return -1;
     }
 
-    return 0;
-}
+    SSH_LOG(SSH_LOG_DEBUG,
+            "SFTP server version %" PRIu32,
+            version);
+    rc = ssh_buffer_unpack(packet->payload, "s", &ext_name);
+    while (rc == SSH_OK) {
+        uint32_t count = sftp->ext->count;
+        char **tmp;
 
-void sftp_packet_free(sftp_packet packet)
-{
-  if (packet == NULL) {
-    return;
-  }
+        rc = ssh_buffer_unpack(packet->payload, "s", &ext_data);
+        if (rc == SSH_ERROR) {
+            break;
+        }
 
-  SSH_BUFFER_FREE(packet->payload);
-  free(packet);
-}
+        SSH_LOG(SSH_LOG_DEBUG,
+                "SFTP server extension: %s, version: %s",
+                ext_name, ext_data);
 
-/* Initialize the sftp session with the server. */
-int sftp_init(sftp_session sftp) {
-  sftp_packet packet = NULL;
-  ssh_buffer buffer = NULL;
-  char *ext_name = NULL;
-  char *ext_data = NULL;
-  uint32_t version;
-  int rc;
+        count++;
+        tmp = realloc(sftp->ext->name, count * sizeof(char *));
+        if (tmp == NULL) {
+            ssh_set_error_oom(sftp->session);
+            SAFE_FREE(ext_name);
+            SAFE_FREE(ext_data);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return -1;
+        }
 
-  buffer = ssh_buffer_new();
-  if (buffer == NULL) {
-    ssh_set_error_oom(sftp->session);
-    sftp_set_error(sftp, SSH_FX_FAILURE);
-    return -1;
-  }
+        tmp[count - 1] = ext_name;
+        sftp->ext->name = tmp;
 
-  rc = ssh_buffer_pack(buffer, "d", LIBSFTP_VERSION);
-  if (rc != SSH_OK) {
-    ssh_set_error_oom(sftp->session);
-    SSH_BUFFER_FREE(buffer);
-    sftp_set_error(sftp, SSH_FX_FAILURE);
-    return -1;
-  }
-  if (sftp_packet_write(sftp, SSH_FXP_INIT, buffer) < 0) {
-    SSH_BUFFER_FREE(buffer);
-    return -1;
-  }
-  SSH_BUFFER_FREE(buffer);
+        tmp = realloc(sftp->ext->data, count * sizeof(char *));
+        if (tmp == NULL) {
+            ssh_set_error_oom(sftp->session);
+            SAFE_FREE(ext_name);
+            SAFE_FREE(ext_data);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return -1;
+        }
 
-  packet = sftp_packet_read(sftp);
-  if (packet == NULL) {
-    return -1;
-  }
+        tmp[count - 1] = ext_data;
+        sftp->ext->data = tmp;
 
-  if (packet->type != SSH_FXP_VERSION) {
-    ssh_set_error(sftp->session, SSH_FATAL,
-        "Received a %d messages instead of SSH_FXP_VERSION", packet->type);
-    return -1;
-  }
+        sftp->ext->count = count;
 
-  /* TODO: are we sure there are 4 bytes ready? */
-  rc = ssh_buffer_unpack(packet->payload, "d", &version);
-  if (rc != SSH_OK){
-      sftp_set_error(sftp, SSH_FX_FAILURE);
-      return -1;
-  }
-  SSH_LOG(SSH_LOG_PROTOCOL,
-      "SFTP server version %d",
-      version);
-  rc = ssh_buffer_unpack(packet->payload, "s", &ext_name);
-  while (rc == SSH_OK) {
-    uint32_t count = sftp->ext->count;
-    char **tmp;
-
-    rc = ssh_buffer_unpack(packet->payload, "s", &ext_data);
-    if (rc == SSH_ERROR) {
-      break;
+        rc = ssh_buffer_unpack(packet->payload, "s", &ext_name);
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL,
-        "SFTP server extension: %s, version: %s",
-        ext_name, ext_data);
+    sftp->version = sftp->server_version = (int)version;
 
-    count++;
-    tmp = realloc(sftp->ext->name, count * sizeof(char *));
-    if (tmp == NULL) {
-      ssh_set_error_oom(sftp->session);
-      SAFE_FREE(ext_name);
-      SAFE_FREE(ext_data);
-      sftp_set_error(sftp, SSH_FX_FAILURE);
-      return -1;
-    }
-    tmp[count - 1] = ext_name;
-    sftp->ext->name = tmp;
+    /* Set the limits */
+    rc = sftp_extension_supported(sftp, "limits@openssh.com", "1");
+    if (rc == 1) {
+        /* Get the ssh and sftp errors */
+        const char *static_ssh_err_msg = ssh_get_error(sftp->session);
+        int ssh_err_code = ssh_get_error_code(sftp->session);
+        int sftp_err_code = sftp_get_error(sftp);
+        char *ssh_err_msg = strdup(static_ssh_err_msg);
+        if (ssh_err_msg == NULL) {
+            ssh_set_error_oom(sftp->session);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return -1;
+        }
 
-    tmp = realloc(sftp->ext->data, count * sizeof(char *));
-    if (tmp == NULL) {
-      ssh_set_error_oom(sftp->session);
-      SAFE_FREE(ext_name);
-      SAFE_FREE(ext_data);
-      sftp_set_error(sftp, SSH_FX_FAILURE);
-      return -1;
+        sftp->limits = sftp_limits_use_extension(sftp);
+        if (sftp->limits == NULL) {
+            /* fallback and use the default limits on failure */
+            SSH_LOG(SSH_LOG_TRACE,
+                    "Failed to get the limits from a server claiming to "
+                    "support the limits@openssh.com extension, falling back "
+                    "and using the default limits");
+
+            /* Restore the sftp and ssh errors to their previous state */
+            ssh_set_error(sftp->session, ssh_err_code, "%s", ssh_err_msg);
+            sftp_set_error(sftp, sftp_err_code);
+            SAFE_FREE(ssh_err_msg);
+
+            sftp->limits = sftp_limits_use_default(sftp);
+            if (sftp->limits == NULL) {
+                return -1;
+            }
+        } else {
+            SAFE_FREE(ssh_err_msg);
+        }
+    } else {
+        sftp->limits = sftp_limits_use_default(sftp);
+        if (sftp->limits == NULL) {
+            return -1;
+        }
     }
-    tmp[count - 1] = ext_data;
-    sftp->ext->data = tmp;
-
-    sftp->ext->count = count;
-
-    rc = ssh_buffer_unpack(packet->payload, "s", &ext_name);
-  }
-
-  sftp->version = sftp->server_version = (int)version;
-
 
-  return 0;
+    return 0;
 }
 
 unsigned int sftp_extensions_get_count(sftp_session sftp) {
@@ -815,189 +630,29 @@ int sftp_extension_supported(sftp_session sftp, const char *name,
   return 0;
 }
 
-static sftp_request_queue request_queue_new(sftp_message msg) {
-  sftp_request_queue queue = NULL;
+static sftp_file parse_handle_msg(sftp_message msg){
+  sftp_file file;
+
+  if(msg->packet_type != SSH_FXP_HANDLE) {
+    ssh_set_error(msg->sftp->session, SSH_FATAL,
+        "Not a ssh_fxp_handle message passed in!");
+    return NULL;
+  }
 
-  queue = calloc(1, sizeof(struct sftp_request_queue_struct));
-  if (queue == NULL) {
+  file = calloc(1, sizeof(struct sftp_file_struct));
+  if (file == NULL) {
     ssh_set_error_oom(msg->sftp->session);
     sftp_set_error(msg->sftp, SSH_FX_FAILURE);
     return NULL;
   }
 
-  queue->message = msg;
-
-  return queue;
-}
-
-static void request_queue_free(sftp_request_queue queue) {
-  if (queue == NULL) {
-    return;
-  }
-
-  ZERO_STRUCTP(queue);
-  SAFE_FREE(queue);
-}
-
-static int sftp_enqueue(sftp_session sftp, sftp_message msg) {
-  sftp_request_queue queue = NULL;
-  sftp_request_queue ptr;
-
-  queue = request_queue_new(msg);
-  if (queue == NULL) {
-    return -1;
-  }
-
-  SSH_LOG(SSH_LOG_PACKET,
-      "Queued msg id %d type %d",
-      msg->id, msg->packet_type);
-
-  if(sftp->queue == NULL) {
-    sftp->queue = queue;
-  } else {
-    ptr = sftp->queue;
-    while(ptr->next) {
-      ptr=ptr->next; /* find end of linked list */
-    }
-    ptr->next = queue; /* add it on bottom */
-  }
-
-  return 0;
-}
-
-/*
- * Pulls a message from the queue based on the ID.
- * Returns NULL if no message has been found.
- */
-static sftp_message sftp_dequeue(sftp_session sftp, uint32_t id){
-  sftp_request_queue prev = NULL;
-  sftp_request_queue queue;
-  sftp_message msg;
-
-  if(sftp->queue == NULL) {
-    return NULL;
-  }
-
-  queue = sftp->queue;
-  while (queue) {
-    if(queue->message->id == id) {
-      /* remove from queue */
-      if (prev == NULL) {
-        sftp->queue = queue->next;
-      } else {
-        prev->next = queue->next;
-      }
-      msg = queue->message;
-      request_queue_free(queue);
-      SSH_LOG(SSH_LOG_PACKET,
-          "Dequeued msg id %d type %d",
-          msg->id,
-          msg->packet_type);
-      return msg;
-    }
-    prev = queue;
-    queue = queue->next;
-  }
-
-  return NULL;
-}
-
-/*
- * Assigns a new SFTP ID for new requests and assures there is no collision
- * between them.
- * Returns a new ID ready to use in a request
- */
-static inline uint32_t sftp_get_new_id(sftp_session session) {
-  return ++session->id_counter;
-}
-
-static sftp_status_message parse_status_msg(sftp_message msg){
-  sftp_status_message status;
-  int rc;
-
-  if (msg->packet_type != SSH_FXP_STATUS) {
-    ssh_set_error(msg->sftp->session, SSH_FATAL,
-        "Not a ssh_fxp_status message passed in!");
-    sftp_set_error(msg->sftp, SSH_FX_BAD_MESSAGE);
-    return NULL;
-  }
-
-  status = calloc(1, sizeof(struct sftp_status_message_struct));
-  if (status == NULL) {
-    ssh_set_error_oom(msg->sftp->session);
-    sftp_set_error(msg->sftp, SSH_FX_FAILURE);
-    return NULL;
-  }
-
-  status->id = msg->id;
-  rc = ssh_buffer_unpack(msg->payload, "d",
-          &status->status);
-  if (rc != SSH_OK){
-    SAFE_FREE(status);
-    ssh_set_error(msg->sftp->session, SSH_FATAL,
-        "Invalid SSH_FXP_STATUS message");
-    sftp_set_error(msg->sftp, SSH_FX_FAILURE);
-    return NULL;
-  }
-  rc = ssh_buffer_unpack(msg->payload, "ss",
-          &status->errormsg,
-          &status->langmsg);
-
-  if(rc != SSH_OK && msg->sftp->version >=3){
-      /* These are mandatory from version 3 */
-      SAFE_FREE(status);
-      ssh_set_error(msg->sftp->session, SSH_FATAL,
-        "Invalid SSH_FXP_STATUS message");
-      sftp_set_error(msg->sftp, SSH_FX_FAILURE);
-      return NULL;
-  }
-  if (status->errormsg == NULL)
-    status->errormsg = strdup("No error message in packet");
-  if (status->langmsg == NULL)
-    status->langmsg = strdup("");
-  if (status->errormsg == NULL || status->langmsg == NULL) {
-    ssh_set_error_oom(msg->sftp->session);
-    sftp_set_error(msg->sftp, SSH_FX_FAILURE);
-    status_msg_free(status);
-    return NULL;
-  }
-
-  return status;
-}
-
-static void status_msg_free(sftp_status_message status){
-  if (status == NULL) {
-    return;
-  }
-
-  SAFE_FREE(status->errormsg);
-  SAFE_FREE(status->langmsg);
-  SAFE_FREE(status);
-}
-
-static sftp_file parse_handle_msg(sftp_message msg){
-  sftp_file file;
-
-  if(msg->packet_type != SSH_FXP_HANDLE) {
-    ssh_set_error(msg->sftp->session, SSH_FATAL,
-        "Not a ssh_fxp_handle message passed in!");
-    return NULL;
-  }
-
-  file = calloc(1, sizeof(struct sftp_file_struct));
-  if (file == NULL) {
-    ssh_set_error_oom(msg->sftp->session);
-    sftp_set_error(msg->sftp, SSH_FX_FAILURE);
-    return NULL;
-  }
-
-  file->handle = ssh_buffer_get_ssh_string(msg->payload);
-  if (file->handle == NULL) {
-    ssh_set_error(msg->sftp->session, SSH_FATAL,
-        "Invalid SSH_FXP_HANDLE message");
-    SAFE_FREE(file);
-    sftp_set_error(msg->sftp, SSH_FX_FAILURE);
-    return NULL;
+  file->handle = ssh_buffer_get_ssh_string(msg->payload);
+  if (file->handle == NULL) {
+    ssh_set_error(msg->sftp->session, SSH_FATAL,
+        "Invalid SSH_FXP_HANDLE message");
+    SAFE_FREE(file);
+    sftp_set_error(msg->sftp, SSH_FX_FAILURE);
+    return NULL;
   }
 
   file->sftp = msg->sftp;
@@ -1014,7 +669,7 @@ sftp_dir sftp_opendir(sftp_session sftp, const char *path)
     sftp_file file = NULL;
     sftp_dir dir = NULL;
     sftp_status_message status;
-    ssh_buffer payload;
+    ssh_buffer payload = NULL;
     uint32_t id;
     int rc;
 
@@ -1065,7 +720,7 @@ sftp_dir sftp_opendir(sftp_session sftp, const char *path)
             }
             sftp_set_error(sftp, status->status);
             ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
-                    "SFTP server: %s", status->errormsg);
+                          "SFTP server: %s", status->errormsg);
             status_msg_free(status);
             return NULL;
         case SSH_FXP_HANDLE:
@@ -1092,452 +747,14 @@ sftp_dir sftp_opendir(sftp_session sftp, const char *path)
             return dir;
         default:
             ssh_set_error(sftp->session, SSH_FATAL,
-                    "Received message %d during opendir!", msg->packet_type);
+                          "Received message %d during opendir!",
+                          msg->packet_type);
             sftp_message_free(msg);
     }
 
     return NULL;
 }
 
-/*
- * Parse the attributes from a payload from some messages. It is coded on
- * baselines from the protocol version 4.
- * This code is more or less dead but maybe we will need it in the future.
- */
-static sftp_attributes sftp_parse_attr_4(sftp_session sftp, ssh_buffer buf,
-    int expectnames) {
-  sftp_attributes attr;
-  ssh_string owner = NULL;
-  ssh_string group = NULL;
-  uint32_t flags = 0;
-  int ok = 0;
-
-  /* unused member variable */
-  (void) expectnames;
-
-  attr = calloc(1, sizeof(struct sftp_attributes_struct));
-  if (attr == NULL) {
-    ssh_set_error_oom(sftp->session);
-    sftp_set_error(sftp, SSH_FX_FAILURE);
-    return NULL;
-  }
-
-  /* This isn't really a loop, but it is like a try..catch.. */
-  do {
-    if (ssh_buffer_get_u32(buf, &flags) != 4) {
-      break;
-    }
-
-    flags = ntohl(flags);
-    attr->flags = flags;
-
-    if (flags & SSH_FILEXFER_ATTR_SIZE) {
-      if (ssh_buffer_get_u64(buf, &attr->size) != 8) {
-        break;
-      }
-      attr->size = ntohll(attr->size);
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_OWNERGROUP) {
-      owner = ssh_buffer_get_ssh_string(buf);
-      if (owner == NULL) {
-        break;
-      }
-      attr->owner = ssh_string_to_char(owner);
-      SSH_STRING_FREE(owner);
-      if (attr->owner == NULL) {
-        break;
-      }
-
-      group = ssh_buffer_get_ssh_string(buf);
-      if (group == NULL) {
-        break;
-      }
-      attr->group = ssh_string_to_char(group);
-      SSH_STRING_FREE(group);
-      if (attr->group == NULL) {
-        break;
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
-      if (ssh_buffer_get_u32(buf, &attr->permissions) != 4) {
-        break;
-      }
-      attr->permissions = ntohl(attr->permissions);
-
-      /* FIXME on windows! */
-      switch (attr->permissions & SSH_S_IFMT) {
-        case SSH_S_IFSOCK:
-        case SSH_S_IFBLK:
-        case SSH_S_IFCHR:
-        case SSH_S_IFIFO:
-          attr->type = SSH_FILEXFER_TYPE_SPECIAL;
-          break;
-        case SSH_S_IFLNK:
-          attr->type = SSH_FILEXFER_TYPE_SYMLINK;
-          break;
-        case SSH_S_IFREG:
-          attr->type = SSH_FILEXFER_TYPE_REGULAR;
-          break;
-        case SSH_S_IFDIR:
-          attr->type = SSH_FILEXFER_TYPE_DIRECTORY;
-          break;
-        default:
-          attr->type = SSH_FILEXFER_TYPE_UNKNOWN;
-          break;
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_ACCESSTIME) {
-      if (ssh_buffer_get_u64(buf, &attr->atime64) != 8) {
-        break;
-      }
-      attr->atime64 = ntohll(attr->atime64);
-
-      if (flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES) {
-        if (ssh_buffer_get_u32(buf, &attr->atime_nseconds) != 4) {
-          break;
-        }
-        attr->atime_nseconds = ntohl(attr->atime_nseconds);
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_CREATETIME) {
-      if (ssh_buffer_get_u64(buf, &attr->createtime) != 8) {
-        break;
-      }
-      attr->createtime = ntohll(attr->createtime);
-
-      if (flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES) {
-        if (ssh_buffer_get_u32(buf, &attr->createtime_nseconds) != 4) {
-          break;
-        }
-        attr->createtime_nseconds = ntohl(attr->createtime_nseconds);
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_MODIFYTIME) {
-      if (ssh_buffer_get_u64(buf, &attr->mtime64) != 8) {
-        break;
-      }
-      attr->mtime64 = ntohll(attr->mtime64);
-
-      if (flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES) {
-        if (ssh_buffer_get_u32(buf, &attr->mtime_nseconds) != 4) {
-          break;
-        }
-        attr->mtime_nseconds = ntohl(attr->mtime_nseconds);
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_ACL) {
-      if ((attr->acl = ssh_buffer_get_ssh_string(buf)) == NULL) {
-        break;
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_EXTENDED) {
-      if (ssh_buffer_get_u32(buf,&attr->extended_count) != 4) {
-        break;
-      }
-      attr->extended_count = ntohl(attr->extended_count);
-
-      while(attr->extended_count &&
-          (attr->extended_type = ssh_buffer_get_ssh_string(buf)) &&
-          (attr->extended_data = ssh_buffer_get_ssh_string(buf))){
-        attr->extended_count--;
-      }
-
-      if (attr->extended_count) {
-        break;
-      }
-    }
-    ok = 1;
-  } while (0);
-
-  if (ok == 0) {
-    /* break issued somewhere */
-    SSH_STRING_FREE(attr->acl);
-    SSH_STRING_FREE(attr->extended_type);
-    SSH_STRING_FREE(attr->extended_data);
-    SAFE_FREE(attr->owner);
-    SAFE_FREE(attr->group);
-    SAFE_FREE(attr);
-
-    ssh_set_error(sftp->session, SSH_FATAL, "Invalid ATTR structure");
-
-    return NULL;
-  }
-
-  return attr;
-}
-
-enum sftp_longname_field_e {
-  SFTP_LONGNAME_PERM = 0,
-  SFTP_LONGNAME_FIXME,
-  SFTP_LONGNAME_OWNER,
-  SFTP_LONGNAME_GROUP,
-  SFTP_LONGNAME_SIZE,
-  SFTP_LONGNAME_DATE,
-  SFTP_LONGNAME_TIME,
-  SFTP_LONGNAME_NAME,
-};
-
-static char *sftp_parse_longname(const char *longname,
-        enum sftp_longname_field_e longname_field) {
-    const char *p, *q;
-    size_t len, field = 0;
-
-    p = longname;
-    /* Find the beginning of the field which is specified by sftp_longname_field_e. */
-    while(field != longname_field) {
-        if(isspace(*p)) {
-            field++;
-            p++;
-            while(*p && isspace(*p)) {
-                p++;
-            }
-        } else {
-            p++;
-        }
-    }
-
-    q = p;
-    while (! isspace(*q)) {
-        q++;
-    }
-
-    len = q - p;
-
-    return strndup(p, len);
-}
-
-/* sftp version 0-3 code. It is different from the v4 */
-/* maybe a paste of the draft is better than the code */
-/*
-        uint32   flags
-        uint64   size           present only if flag SSH_FILEXFER_ATTR_SIZE
-        uint32   uid            present only if flag SSH_FILEXFER_ATTR_UIDGID
-        uint32   gid            present only if flag SSH_FILEXFER_ATTR_UIDGID
-        uint32   permissions    present only if flag SSH_FILEXFER_ATTR_PERMISSIONS
-        uint32   atime          present only if flag SSH_FILEXFER_ACMODTIME
-        uint32   mtime          present only if flag SSH_FILEXFER_ACMODTIME
-        uint32   extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED
-        string   extended_type
-        string   extended_data
-        ...      more extended data (extended_type - extended_data pairs),
-                   so that number of pairs equals extended_count              */
-static sftp_attributes sftp_parse_attr_3(sftp_session sftp, ssh_buffer buf,
-        int expectname) {
-    sftp_attributes attr;
-    int rc;
-
-    attr = calloc(1, sizeof(struct sftp_attributes_struct));
-    if (attr == NULL) {
-        ssh_set_error_oom(sftp->session);
-        sftp_set_error(sftp, SSH_FX_FAILURE);
-        return NULL;
-    }
-
-    if (expectname) {
-        rc = ssh_buffer_unpack(buf, "ss",
-                &attr->name,
-                &attr->longname);
-        if (rc != SSH_OK){
-            goto error;
-        }
-        SSH_LOG(SSH_LOG_PROTOCOL, "Name: %s", attr->name);
-
-        /* Set owner and group if we talk to openssh and have the longname */
-        if (ssh_get_openssh_version(sftp->session)) {
-            attr->owner = sftp_parse_longname(attr->longname, SFTP_LONGNAME_OWNER);
-            if (attr->owner == NULL) {
-                goto error;
-            }
-
-            attr->group = sftp_parse_longname(attr->longname, SFTP_LONGNAME_GROUP);
-            if (attr->group == NULL) {
-                goto error;
-            }
-        }
-    }
-
-    rc = ssh_buffer_unpack(buf, "d", &attr->flags);
-    if (rc != SSH_OK){
-        goto error;
-    }
-    SSH_LOG(SSH_LOG_PROTOCOL,
-            "Flags: %.8"PRIx32"\n", (uint32_t) attr->flags);
-
-    if (attr->flags & SSH_FILEXFER_ATTR_SIZE) {
-        rc = ssh_buffer_unpack(buf, "q", &attr->size);
-        if(rc != SSH_OK) {
-            goto error;
-        }
-        SSH_LOG(SSH_LOG_PROTOCOL,
-                "Size: %"PRIu64"\n",
-                (uint64_t) attr->size);
-    }
-
-    if (attr->flags & SSH_FILEXFER_ATTR_UIDGID) {
-        rc = ssh_buffer_unpack(buf, "dd",
-                &attr->uid,
-                &attr->gid);
-        if (rc != SSH_OK){
-            goto error;
-        }
-    }
-
-    if (attr->flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
-        rc = ssh_buffer_unpack(buf, "d", &attr->permissions);
-        if (rc != SSH_OK){
-            goto error;
-        }
-
-        switch (attr->permissions & SSH_S_IFMT) {
-        case SSH_S_IFSOCK:
-        case SSH_S_IFBLK:
-        case SSH_S_IFCHR:
-        case SSH_S_IFIFO:
-            attr->type = SSH_FILEXFER_TYPE_SPECIAL;
-            break;
-        case SSH_S_IFLNK:
-            attr->type = SSH_FILEXFER_TYPE_SYMLINK;
-            break;
-        case SSH_S_IFREG:
-            attr->type = SSH_FILEXFER_TYPE_REGULAR;
-            break;
-        case SSH_S_IFDIR:
-            attr->type = SSH_FILEXFER_TYPE_DIRECTORY;
-            break;
-        default:
-            attr->type = SSH_FILEXFER_TYPE_UNKNOWN;
-            break;
-        }
-    }
-
-    if (attr->flags & SSH_FILEXFER_ATTR_ACMODTIME) {
-        rc = ssh_buffer_unpack(buf, "dd",
-                &attr->atime,
-                &attr->mtime);
-        if (rc != SSH_OK){
-            goto error;
-        }
-    }
-
-    if (attr->flags & SSH_FILEXFER_ATTR_EXTENDED) {
-        rc = ssh_buffer_unpack(buf, "d", &attr->extended_count);
-        if (rc != SSH_OK){
-            goto error;
-        }
-
-        if (attr->extended_count > 0){
-            rc = ssh_buffer_unpack(buf, "ss",
-                    &attr->extended_type,
-                    &attr->extended_data);
-            if (rc != SSH_OK){
-                goto error;
-            }
-            attr->extended_count--;
-        }
-        /* just ignore the remaining extensions */
-
-        while (attr->extended_count > 0){
-            ssh_string tmp1,tmp2;
-            rc = ssh_buffer_unpack(buf, "SS", &tmp1, &tmp2);
-            if (rc != SSH_OK){
-                goto error;
-            }
-            SAFE_FREE(tmp1);
-            SAFE_FREE(tmp2);
-            attr->extended_count--;
-        }
-    }
-
-    return attr;
-
-    error:
-    SSH_STRING_FREE(attr->extended_type);
-    SSH_STRING_FREE(attr->extended_data);
-    SAFE_FREE(attr->name);
-    SAFE_FREE(attr->longname);
-    SAFE_FREE(attr->owner);
-    SAFE_FREE(attr->group);
-    SAFE_FREE(attr);
-    ssh_set_error(sftp->session, SSH_FATAL, "Invalid ATTR structure");
-    sftp_set_error(sftp, SSH_FX_FAILURE);
-
-    return NULL;
-}
-
-int buffer_add_attributes(ssh_buffer buffer, sftp_attributes attr)
-{
-  uint32_t flags = (attr ? attr->flags : 0);
-  int rc;
-
-  flags &= (SSH_FILEXFER_ATTR_SIZE | SSH_FILEXFER_ATTR_UIDGID |
-      SSH_FILEXFER_ATTR_PERMISSIONS | SSH_FILEXFER_ATTR_ACMODTIME);
-
-  rc = ssh_buffer_pack(buffer, "d", flags);
-  if (rc != SSH_OK) {
-    return -1;
-  }
-
-  if (attr != NULL) {
-    if (flags & SSH_FILEXFER_ATTR_SIZE) {
-      rc = ssh_buffer_pack(buffer, "q", attr->size);
-      if (rc != SSH_OK) {
-        return -1;
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_UIDGID) {
-      rc = ssh_buffer_pack(buffer, "dd", attr->uid, attr->gid);
-      if (rc != SSH_OK) {
-        return -1;
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
-      rc = ssh_buffer_pack(buffer, "d", attr->permissions);
-      if (rc != SSH_OK) {
-        return -1;
-      }
-    }
-
-    if (flags & SSH_FILEXFER_ATTR_ACMODTIME) {
-      rc = ssh_buffer_pack(buffer, "dd", attr->atime, attr->mtime);
-      if (rc != SSH_OK) {
-        return -1;
-      }
-    }
-  }
-  return 0;
-}
-
-
-sftp_attributes sftp_parse_attr(sftp_session session,
-                                ssh_buffer buf,
-                                int expectname)
-{
-  switch(session->version) {
-    case 4:
-      return sftp_parse_attr_4(session, buf, expectname);
-    case 3:
-    case 2:
-    case 1:
-    case 0:
-      return sftp_parse_attr_3(session, buf, expectname);
-    default:
-      ssh_set_error(session->session, SSH_FATAL,
-          "Version %d unsupported by client", session->server_version);
-      return NULL;
-  }
-
-  return NULL;
-}
-
 /* Get the version of the SFTP protocol supported by the server */
 int sftp_server_version(sftp_session sftp) {
   return sftp->server_version;
@@ -1581,7 +798,7 @@ sftp_attributes sftp_readdir(sftp_session sftp, sftp_dir dir)
         }
 
         SSH_LOG(SSH_LOG_PACKET,
-                "Sent a ssh_fxp_readdir with id %d", id);
+                "Sent a ssh_fxp_readdir with id %" PRIu32, id);
 
         while (msg == NULL) {
             if (sftp_read_and_dispatch(sftp) < 0) {
@@ -1609,7 +826,7 @@ sftp_attributes sftp_readdir(sftp_session sftp, sftp_dir dir)
                 }
 
                 ssh_set_error(sftp->session, SSH_FATAL,
-                        "Unknown error status: %d", status->status);
+                        "Unknown error status: %" PRIu32, status->status);
                 status_msg_free(status);
 
                 return NULL;
@@ -1638,7 +855,7 @@ sftp_attributes sftp_readdir(sftp_session sftp, sftp_dir dir)
         return NULL;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "Count is %d", dir->count);
+    SSH_LOG(SSH_LOG_DEBUG, "Count is %" PRIu32, dir->count);
 
     attr = sftp_parse_attr(sftp, dir->buffer, 1);
     if (attr == NULL) {
@@ -1755,6 +972,10 @@ static int sftp_handle_close(sftp_session sftp, ssh_string handle)
 int sftp_close(sftp_file file){
   int err = SSH_NO_ERROR;
 
+  if (file == NULL) {
+      return err;
+  }
+
   SAFE_FREE(file->name);
   if (file->handle){
     err = sftp_handle_close(file->sftp,file->handle);
@@ -1792,7 +1013,7 @@ sftp_file sftp_open(sftp_session sftp,
     sftp_status_message status;
     struct sftp_attributes_struct attr;
     sftp_file handle;
-    ssh_buffer buffer;
+    ssh_buffer buffer = NULL;
     sftp_attributes stat_data;
     uint32_t sftp_flags = 0;
     uint32_t id;
@@ -1824,7 +1045,8 @@ sftp_file sftp_open(sftp_session sftp,
     if ((flags & O_APPEND) == O_APPEND) {
         sftp_flags |= SSH_FXF_APPEND;
     }
-    SSH_LOG(SSH_LOG_PACKET,"Opening file %s with sftp flags %x",file,sftp_flags);
+    SSH_LOG(SSH_LOG_PACKET, "Opening file %s with sftp flags %" PRIx32,
+            file, sftp_flags);
     id = sftp_get_new_id(sftp);
 
     rc = ssh_buffer_pack(buffer,
@@ -1862,62 +1084,66 @@ sftp_file sftp_open(sftp_session sftp,
     }
 
     switch (msg->packet_type) {
-        case SSH_FXP_STATUS:
-            status = parse_status_msg(msg);
-            sftp_message_free(msg);
-            if (status == NULL) {
-                return NULL;
-            }
-            sftp_set_error(sftp, status->status);
-            ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
-                    "SFTP server: %s", status->errormsg);
-            status_msg_free(status);
+    case SSH_FXP_STATUS:
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return NULL;
+        }
+        sftp_set_error(sftp, status->status);
+        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                      "SFTP server: %s", status->errormsg);
+        status_msg_free(status);
 
+        return NULL;
+    case SSH_FXP_HANDLE:
+        handle = parse_handle_msg(msg);
+        if (handle == NULL) {
             return NULL;
-        case SSH_FXP_HANDLE:
-            handle = parse_handle_msg(msg);
-            if (handle == NULL) {
+        }
+        sftp_message_free(msg);
+        if ((flags & O_APPEND) == O_APPEND) {
+            stat_data = sftp_stat(sftp, file);
+            if (stat_data == NULL) {
+                sftp_close(handle);
                 return NULL;
             }
-            sftp_message_free(msg);
-            if ((flags & O_APPEND) == O_APPEND) {
-                stat_data = sftp_stat(sftp, file);
-                if (stat_data == NULL) {
-                    sftp_close(handle);
-                    return NULL;
-                }
-                if ((stat_data->flags & SSH_FILEXFER_ATTR_SIZE) != SSH_FILEXFER_ATTR_SIZE) {
-                    ssh_set_error(sftp->session,
-                            SSH_FATAL,
-                            "Cannot open in append mode. Unknown file size.");
-                    sftp_close(handle);
-                    sftp_set_error(sftp, SSH_FX_FAILURE);
-                    return NULL;
-                }
-
-                handle->offset = stat_data->size;
+            if ((stat_data->flags & SSH_FILEXFER_ATTR_SIZE) != SSH_FILEXFER_ATTR_SIZE) {
+                ssh_set_error(sftp->session,
+                              SSH_FATAL,
+                              "Cannot open in append mode. Unknown file size.");
+                sftp_attributes_free(stat_data);
+                sftp_close(handle);
+                sftp_set_error(sftp, SSH_FX_FAILURE);
+                return NULL;
             }
-            return handle;
-        default:
-            ssh_set_error(sftp->session, SSH_FATAL,
-                    "Received message %d during open!", msg->packet_type);
-            sftp_message_free(msg);
-            sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+
+            handle->offset = stat_data->size;
+            sftp_attributes_free(stat_data);
+        }
+        return handle;
+    default:
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Received message %d during open!", msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
     }
 
     return NULL;
 }
 
-void sftp_file_set_nonblocking(sftp_file handle){
-    handle->nonblocking=1;
+void sftp_file_set_nonblocking(sftp_file handle)
+{
+    handle->nonblocking = 1;
 }
-void sftp_file_set_blocking(sftp_file handle){
-    handle->nonblocking=0;
+void sftp_file_set_blocking(sftp_file handle)
+{
+    handle->nonblocking = 0;
 }
 
 /* Read from a file using an opened sftp file handle. */
 ssize_t sftp_read(sftp_file handle, void *buf, size_t count) {
-  sftp_session sftp = handle->sftp;
+  sftp_session sftp;
   sftp_message msg = NULL;
   sftp_status_message status;
   ssh_string datastring;
@@ -1926,10 +1152,27 @@ ssize_t sftp_read(sftp_file handle, void *buf, size_t count) {
   uint32_t id;
   int rc;
 
+  if (handle == NULL) {
+      return -1;
+  }
+  sftp = handle->sftp;
+
   if (handle->eof) {
     return 0;
   }
 
+  /*
+   * limit the reads to the maximum specified in Section 3 of
+   * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02
+   * or to the values provided by the limits@openssh.com extension.
+   *
+   * TODO: We should iterate over the blocks rather than writing less than
+   * requested to provide less surprises to the calling applications.
+   */
+  if (count > sftp->limits->max_read_length) {
+      count = sftp->limits->max_read_length;
+  }
+
   buffer = ssh_buffer_new();
   if (buffer == NULL) {
     ssh_set_error_oom(sftp->session);
@@ -2125,7 +1368,7 @@ int sftp_async_read(sftp_file file, void *data, uint32_t size, uint32_t id){
       if (ssh_string_len(datastring) > size) {
         ssh_set_error(sftp->session, SSH_FATAL,
             "Received a too big DATA packet from sftp server: "
-            "%zu and asked for %u",
+            "%zu and asked for %" PRIu32,
             ssh_string_len(datastring), size);
         SSH_STRING_FREE(datastring);
         return SSH_ERROR;
@@ -2147,7 +1390,7 @@ int sftp_async_read(sftp_file file, void *data, uint32_t size, uint32_t id){
 }
 
 ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
-  sftp_session sftp = file->sftp;
+  sftp_session sftp;
   sftp_message msg = NULL;
   sftp_status_message status;
   ssh_buffer buffer;
@@ -2156,6 +1399,11 @@ ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
   size_t packetlen;
   int rc;
 
+  if (file == NULL) {
+      return -1;
+  }
+  sftp = file->sftp;
+
   buffer = ssh_buffer_new();
   if (buffer == NULL) {
     ssh_set_error_oom(sftp->session);
@@ -2165,6 +1413,18 @@ ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
 
   id = sftp_get_new_id(file->sftp);
 
+  /*
+   * limit the writes to the maximum specified in Section 3 of
+   * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02
+   * or to the values provided by the limits@openssh.com extension.
+   *
+   * TODO: We should iterate over the blocks rather than writing less than
+   * requested to provide less surprises to the calling applications.
+   */
+  if (count > sftp->limits->max_write_length) {
+      count = sftp->limits->max_write_length;
+  }
+
   rc = ssh_buffer_pack(buffer,
                        "dSqdP",
                        id,
@@ -2514,85 +1774,115 @@ int sftp_mkdir(sftp_session sftp, const char *directory, mode_t mode)
 }
 
 /* code written by nick */
-int sftp_rename(sftp_session sftp, const char *original, const char *newname) {
-  sftp_status_message status = NULL;
-  sftp_message msg = NULL;
-  ssh_buffer buffer;
-  uint32_t id;
-  int rc;
+int sftp_rename(sftp_session sftp, const char *original, const char *newname)
+{
+    sftp_status_message status = NULL;
+    sftp_message msg = NULL;
+    ssh_buffer buffer = NULL;
+    uint32_t id;
+    const char *extension_name = "posix-rename@openssh.com";
+    int request_type;
+    int rc;
 
-  buffer = ssh_buffer_new();
-  if (buffer == NULL) {
-    ssh_set_error_oom(sftp->session);
-    sftp_set_error(sftp, SSH_FX_FAILURE);
-    return -1;
-  }
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
 
-  id = sftp_get_new_id(sftp);
+    id = sftp_get_new_id(sftp);
 
-  rc = ssh_buffer_pack(buffer,
-                       "dss",
-                       id,
-                       original,
-                       newname);
-  if (rc != SSH_OK) {
-    ssh_set_error_oom(sftp->session);
-    SSH_BUFFER_FREE(buffer);
-    sftp_set_error(sftp, SSH_FX_FAILURE);
-    return -1;
-  }
+    /*
+     * posix-rename@openssh.com extension will be used
+     * if it is supported by sftp
+     */
+    if (sftp_extension_supported(sftp,
+                                 extension_name,
+                                 "1")) {
+        rc = ssh_buffer_pack(buffer,
+                             "dsss",
+                             id,
+                             extension_name,
+                             original,
+                             newname);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(sftp->session);
+            SSH_BUFFER_FREE(buffer);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return -1;
+        }
 
-  if (sftp->version >= 4){
-      /* POSIX rename atomically replaces newpath, we should do the same
-       * only available on >=v4 */
-      ssh_buffer_add_u32(buffer, SSH_FXF_RENAME_OVERWRITE);
-  }
+        request_type = SSH_FXP_EXTENDED;
+    } else {
+        rc = ssh_buffer_pack(buffer,
+                             "dss",
+                             id,
+                             original,
+                             newname);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(sftp->session);
+            SSH_BUFFER_FREE(buffer);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return -1;
+        }
 
-  if (sftp_packet_write(sftp, SSH_FXP_RENAME, buffer) < 0) {
-    SSH_BUFFER_FREE(buffer);
-    return -1;
-  }
-  SSH_BUFFER_FREE(buffer);
+        if (sftp->version >= 4) {
+            /*
+             * POSIX rename atomically replaces newpath,
+             * we should do the same only available on >=v4
+             */
+            ssh_buffer_add_u32(buffer, SSH_FXF_RENAME_OVERWRITE);
+        }
 
-  while (msg == NULL) {
-    if (sftp_read_and_dispatch(sftp) < 0) {
-      return -1;
+        request_type = SSH_FXP_RENAME;
     }
-    msg = sftp_dequeue(sftp, id);
-  }
 
-  /* By specification, this command only returns SSH_FXP_STATUS */
-  if (msg->packet_type == SSH_FXP_STATUS) {
-    status = parse_status_msg(msg);
-    sftp_message_free(msg);
-    if (status == NULL) {
-      return -1;
+    rc = sftp_packet_write(sftp, request_type, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc < 0) {
+        return -1;
     }
-    sftp_set_error(sftp, status->status);
-    switch (status->status) {
-      case SSH_FX_OK:
+
+    while (msg == NULL) {
+        if (sftp_read_and_dispatch(sftp) < 0) {
+            return -1;
+        }
+        msg = sftp_dequeue(sftp, id);
+    }
+
+    /* By specification, this command only returns SSH_FXP_STATUS */
+    if (msg->packet_type == SSH_FXP_STATUS) {
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return -1;
+        }
+        sftp_set_error(sftp, status->status);
+        switch (status->status) {
+            case SSH_FX_OK:
+                status_msg_free(status);
+                return 0;
+            default:
+                break;
+        }
+        /*
+         * Status should be SSH_FX_OK if the command was successful,
+         * if it didn't, then there was an error
+         */
+        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                      "SFTP server: %s", status->errormsg);
         status_msg_free(status);
-        return 0;
-      default:
-        break;
+        return -1;
+    } else {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Received message %d when attempting to rename",
+                      msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
     }
-    /*
-     * Status should be SSH_FX_OK if the command was successful, if it didn't,
-     * then there was an error
-     */
-    ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
-        "SFTP server: %s", status->errormsg);
-    status_msg_free(status);
-    return -1;
-  } else {
-    ssh_set_error(sftp->session, SSH_FATAL,
-        "Received message %d when attempting to rename",
-        msg->packet_type);
-    sftp_message_free(msg);
-    sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
-  }
 
-  return -1;
+    return -1;
 }
 
 /* Code written by Nick */
@@ -2605,6 +1895,10 @@ int sftp_setstat(sftp_session sftp, const char *file, sftp_attributes attr)
     sftp_status_message status = NULL;
     int rc;
 
+    if (sftp == NULL || file == NULL || attr == NULL) {
+        return -1;
+    }
+
     buffer = ssh_buffer_new();
     if (buffer == NULL) {
         ssh_set_error_oom(sftp->session);
@@ -2679,6 +1973,95 @@ int sftp_setstat(sftp_session sftp, const char *file, sftp_attributes attr)
     return -1;
 }
 
+int
+sftp_lsetstat(sftp_session sftp, const char *file, sftp_attributes attr)
+{
+    uint32_t id;
+    ssh_buffer buffer = NULL;
+    sftp_message msg = NULL;
+    sftp_status_message status = NULL;
+    const char *extension_name = "lsetstat@openssh.com";
+    int rc;
+
+    if (sftp == NULL || file == NULL || attr == NULL) {
+        return -1;
+    }
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    id = sftp_get_new_id(sftp);
+
+    rc = ssh_buffer_pack(buffer, "dss", id, extension_name, file);
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    rc = buffer_add_attributes(buffer, attr);
+    if (rc != 0) {
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    rc = sftp_packet_write(sftp, SSH_FXP_EXTENDED, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc < 0) {
+        return -1;
+    }
+
+    while (msg == NULL) {
+        if (sftp_read_and_dispatch(sftp) < 0) {
+            return -1;
+        }
+        msg = sftp_dequeue(sftp, id);
+    }
+
+    /* By specification, this command only returns SSH_FXP_STATUS */
+    if (msg->packet_type == SSH_FXP_STATUS) {
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return -1;
+        }
+        sftp_set_error(sftp, status->status);
+        switch (status->status) {
+        case SSH_FX_OK:
+            status_msg_free(status);
+            return 0;
+        default:
+            break;
+        }
+        /*
+         * The status should be SSH_FX_OK if the command was successful, if it
+         * didn't, then there was an error
+         */
+        ssh_set_error(sftp->session,
+                      SSH_REQUEST_DENIED,
+                      "SFTP server: %s",
+                      status->errormsg);
+        status_msg_free(status);
+        return -1;
+    } else {
+        ssh_set_error(sftp->session,
+                      SSH_FATAL,
+                      "Received message %d when attempting to lsetstat",
+                      msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+    }
+
+    return -1;
+}
+
 /* Change the file owner and group */
 int sftp_chown(sftp_session sftp, const char *file, uid_t owner, gid_t group) {
 	struct sftp_attributes_struct attr;
@@ -2720,7 +2103,8 @@ int sftp_utimes(sftp_session sftp, const char *file,
   return sftp_setstat(sftp, file, &attr);
 }
 
-int sftp_symlink(sftp_session sftp, const char *target, const char *dest) {
+int sftp_symlink(sftp_session sftp, const char *target, const char *dest)
+{
   sftp_status_message status = NULL;
   sftp_message msg = NULL;
   ssh_buffer buffer;
@@ -2744,7 +2128,10 @@ int sftp_symlink(sftp_session sftp, const char *target, const char *dest) {
 
   id = sftp_get_new_id(sftp);
 
-  /* TODO check for version number if they ever fix it. */
+  /* The OpenSSH sftp server has order of the arguments reversed, see the
+   * section "4.1 sftp: Reversal of arguments to SSH_FXP_SYMLINK' in
+   * https://github.com/openssh/openssh-portable/blob/master/PROTOCOL
+   * for more information */
   if (ssh_get_openssh_version(sftp->session)) {
       rc = ssh_buffer_pack(buffer,
                            "dss",
@@ -2904,6 +2291,94 @@ char *sftp_readlink(sftp_session sftp, const char *path)
     return NULL;
 }
 
+int sftp_hardlink(sftp_session sftp, const char *oldpath, const char *newpath)
+{
+    ssh_buffer buffer = NULL;
+    uint32_t id;
+    const char *extension_name = "hardlink@openssh.com";
+    sftp_status_message status = NULL;
+    sftp_message msg = NULL;
+    int rc;
+
+    if (sftp == NULL) {
+        return -1;
+    }
+
+    if (oldpath == NULL || newpath == NULL) {
+        ssh_set_error_invalid(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    id = sftp_get_new_id(sftp);
+
+    rc = ssh_buffer_pack(buffer,
+                         "dsss",
+                         id,
+                         extension_name,
+                         oldpath,
+                         newpath);
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    rc = sftp_packet_write(sftp, SSH_FXP_EXTENDED, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc < 0) {
+        return -1;
+    }
+
+    while (msg == NULL) {
+        if (sftp_read_and_dispatch(sftp) < 0) {
+            return -1;
+        }
+        msg = sftp_dequeue(sftp, id);
+    }
+
+    /* By specification, this command only returns SSH_FXP_STATUS */
+    if (msg->packet_type == SSH_FXP_STATUS) {
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return -1;
+        }
+        sftp_set_error(sftp, status->status);
+        switch (status->status) {
+            case SSH_FX_OK:
+                status_msg_free(status);
+                return 0;
+            default:
+                break;
+        }
+        /*
+         * Status should be SSH_FX_OK if the command was successful,
+         * if it didn't, then there was an error
+         */
+        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                      "SFTP server: %s", status->errormsg);
+        status_msg_free(status);
+        return -1;
+    } else {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Received message %d when attempting to create hardlink",
+                      msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+    }
+
+    return -1;
+}
+
 static sftp_statvfs_t sftp_parse_statvfs(sftp_session sftp, ssh_buffer buf) {
   sftp_statvfs_t  statvfs;
   int rc;
@@ -3113,26 +2588,140 @@ int sftp_fsync(sftp_file file)
         sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
     }
 
-    rc = -1;
-done:
-    SSH_BUFFER_FREE(buffer);
+    rc = -1;
+done:
+    SSH_BUFFER_FREE(buffer);
+
+    return rc;
+}
+
+sftp_statvfs_t sftp_fstatvfs(sftp_file file)
+{
+    sftp_status_message status = NULL;
+    sftp_message msg = NULL;
+    sftp_session sftp;
+    ssh_buffer buffer;
+    uint32_t id;
+    int rc;
+
+    if (file == NULL) {
+        return NULL;
+    }
+    sftp = file->sftp;
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    id = sftp_get_new_id(sftp);
+
+    rc = ssh_buffer_pack(buffer,
+                         "dsS",
+                         id,
+                         "fstatvfs@openssh.com",
+                         file->handle);
+    if (rc < 0) {
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    rc = sftp_packet_write(sftp, SSH_FXP_EXTENDED, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc < 0) {
+        return NULL;
+    }
+
+    while (msg == NULL) {
+        if (sftp_read_and_dispatch(sftp) < 0) {
+            return NULL;
+        }
+        msg = sftp_dequeue(sftp, id);
+    }
+
+    if (msg->packet_type == SSH_FXP_EXTENDED_REPLY) {
+        sftp_statvfs_t buf = sftp_parse_statvfs(sftp, msg->payload);
+        sftp_message_free(msg);
+        if (buf == NULL) {
+            return NULL;
+        }
+
+        return buf;
+    } else if (msg->packet_type == SSH_FXP_STATUS) { /* bad response (error) */
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return NULL;
+        }
+        sftp_set_error(sftp, status->status);
+        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                "SFTP server: %s", status->errormsg);
+        status_msg_free(status);
+    } else { /* this shouldn't happen */
+        ssh_set_error(sftp->session, SSH_FATAL,
+                "Received message %d when attempting to set stats", msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+    }
+
+    return NULL;
+}
+
+void sftp_statvfs_free(sftp_statvfs_t statvfs) {
+    if (statvfs == NULL) {
+        return;
+    }
+
+    SAFE_FREE(statvfs);
+}
+
+static sftp_limits_t sftp_limits_new(void)
+{
+    return calloc(1, sizeof(struct sftp_limits_struct));
+}
+
+static sftp_limits_t sftp_parse_limits(sftp_session sftp, ssh_buffer buf)
+{
+    sftp_limits_t limits = NULL;
+    int rc;
+
+    limits = sftp_limits_new();
+    if (limits == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    rc = ssh_buffer_unpack(buf, "qqqq",
+            &limits->max_packet_length,  /** maximum number of bytes in a single sftp packet */
+            &limits->max_read_length,    /** maximum length in a SSH_FXP_READ packet */
+            &limits->max_write_length,   /** maximum length in a SSH_FXP_WRITE packet */
+            &limits->max_open_handles    /** maximum number of active handles allowed by server */
+            );
+    if (rc != SSH_OK) {
+        SAFE_FREE(limits);
+        ssh_set_error(sftp->session, SSH_FATAL, "Invalid limits structure");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
 
-    return rc;
+    return limits;
 }
 
-sftp_statvfs_t sftp_fstatvfs(sftp_file file)
+static sftp_limits_t sftp_limits_use_extension(sftp_session sftp)
 {
     sftp_status_message status = NULL;
     sftp_message msg = NULL;
-    sftp_session sftp;
     ssh_buffer buffer;
     uint32_t id;
     int rc;
 
-    if (file == NULL) {
+    if (sftp == NULL)
         return NULL;
-    }
-    sftp = file->sftp;
 
     buffer = ssh_buffer_new();
     if (buffer == NULL) {
@@ -3144,11 +2733,10 @@ sftp_statvfs_t sftp_fstatvfs(sftp_file file)
     id = sftp_get_new_id(sftp);
 
     rc = ssh_buffer_pack(buffer,
-                         "dsS",
+                         "ds",
                          id,
-                         "fstatvfs@openssh.com",
-                         file->handle);
-    if (rc < 0) {
+                         "limits@openssh.com");
+    if (rc != SSH_OK) {
         ssh_set_error_oom(sftp->session);
         SSH_BUFFER_FREE(buffer);
         sftp_set_error(sftp, SSH_FX_FAILURE);
@@ -3169,13 +2757,13 @@ sftp_statvfs_t sftp_fstatvfs(sftp_file file)
     }
 
     if (msg->packet_type == SSH_FXP_EXTENDED_REPLY) {
-        sftp_statvfs_t buf = sftp_parse_statvfs(sftp, msg->payload);
+        sftp_limits_t limits = sftp_parse_limits(sftp, msg->payload);
         sftp_message_free(msg);
-        if (buf == NULL) {
+        if (limits == NULL) {
             return NULL;
         }
 
-        return buf;
+        return limits;
     } else if (msg->packet_type == SSH_FXP_STATUS) { /* bad response (error) */
         status = parse_status_msg(msg);
         sftp_message_free(msg);
@@ -3183,12 +2771,16 @@ sftp_statvfs_t sftp_fstatvfs(sftp_file file)
             return NULL;
         }
         sftp_set_error(sftp, status->status);
-        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
-                "SFTP server: %s", status->errormsg);
+        ssh_set_error(sftp->session,
+                      SSH_REQUEST_DENIED,
+                      "SFTP server: %s",
+                      status->errormsg);
         status_msg_free(status);
     } else { /* this shouldn't happen */
-        ssh_set_error(sftp->session, SSH_FATAL,
-                "Received message %d when attempting to set stats", msg->packet_type);
+        ssh_set_error(sftp->session,
+                      SSH_FATAL,
+                      "Received message %d when attempting to get limits",
+                      msg->packet_type);
         sftp_message_free(msg);
         sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
     }
@@ -3196,12 +2788,72 @@ sftp_statvfs_t sftp_fstatvfs(sftp_file file)
     return NULL;
 }
 
-void sftp_statvfs_free(sftp_statvfs_t statvfs) {
-    if (statvfs == NULL) {
+static sftp_limits_t sftp_limits_use_default(sftp_session sftp)
+{
+    sftp_limits_t limits = NULL;
+
+    if (sftp == NULL) {
+        return NULL;
+    }
+
+    limits = sftp_limits_new();
+    if (limits == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    limits->max_packet_length = 34000;
+    limits->max_read_length = 32768;
+    limits->max_write_length = 32768;
+
+    /*
+     * For max-open-handles field openssh says :
+     * If the server doesn't enforce a specific limit, then the field may
+     * be set to 0.  This implies the server relies on the OS to enforce
+     * limits (e.g. available memory or file handles), and such limits
+     * might be dynamic.  The client SHOULD take care to not try to exceed
+     * reasonable limits.
+     */
+    limits->max_open_handles = 0;
+
+    return limits;
+}
+
+sftp_limits_t sftp_limits(sftp_session sftp)
+{
+    sftp_limits_t limits = NULL;
+
+    if (sftp == NULL) {
+        return NULL;
+    }
+
+    if (sftp->limits == NULL) {
+        ssh_set_error(sftp, SSH_FATAL,
+                      "Uninitialized sftp session, "
+                      "sftp_init() was not called or failed");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    limits = sftp_limits_new();
+    if (limits == NULL) {
+        ssh_set_error_oom(sftp);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    memcpy(limits, sftp->limits, sizeof(struct sftp_limits_struct));
+    return limits;
+}
+
+void sftp_limits_free(sftp_limits_t limits)
+{
+    if (limits == NULL) {
         return;
     }
 
-    SAFE_FREE(statvfs);
+    SAFE_FREE(limits);
 }
 
 /* another code written by Nick */
@@ -3449,4 +3101,225 @@ sftp_attributes sftp_fstat(sftp_file file)
     return NULL;
 }
 
+char *sftp_expand_path(sftp_session sftp, const char *path)
+{
+    sftp_status_message status = NULL;
+    sftp_message msg = NULL;
+    ssh_buffer buffer = NULL;
+    uint32_t id;
+    int rc;
+
+    if (sftp == NULL) {
+        return NULL;
+    }
+
+    if (path == NULL) {
+        ssh_set_error(sftp->session,
+                      SSH_FATAL,
+                      "NULL received as an argument instead of the path to expand");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    id = sftp_get_new_id(sftp);
+
+    rc = ssh_buffer_pack(buffer,
+                         "dss",
+                         id,
+                         "expand-path@openssh.com",
+                         path);
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    rc = sftp_packet_write(sftp, SSH_FXP_EXTENDED, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc < 0) {
+        return NULL;
+    }
+
+    while (msg == NULL) {
+        rc = sftp_read_and_dispatch(sftp);
+        if (rc < 0) {
+            return NULL;
+        }
+        msg = sftp_dequeue(sftp, id);
+    }
+
+    if (msg->packet_type == SSH_FXP_NAME) {
+        uint32_t ignored = 0;
+        char *cname = NULL;
+
+        rc = ssh_buffer_unpack(msg->payload,
+                               "ds",
+                               &ignored,
+                               &cname);
+        sftp_message_free(msg);
+        if (rc != SSH_OK) {
+            ssh_set_error(sftp->session,
+                          SSH_ERROR,
+                          "Failed to parse expanded path");
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return NULL;
+        }
+
+        return cname;
+    } else if (msg->packet_type == SSH_FXP_STATUS) {
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return NULL;
+        }
+        sftp_set_error(sftp, status->status);
+        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                      "SFTP server: %s", status->errormsg);
+        status_msg_free(status);
+    } else {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Received message %d when attempting to expand path",
+                      msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+    }
+
+    return NULL;
+}
+
+char *
+sftp_home_directory(sftp_session sftp, const char *username)
+{
+    sftp_status_message status = NULL;
+    sftp_message msg = NULL;
+    ssh_buffer buffer = NULL;
+    uint32_t id;
+    int rc;
+
+    if (sftp == NULL) {
+        return NULL;
+    }
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    id = sftp_get_new_id(sftp);
+
+    rc = ssh_buffer_pack(buffer,
+                         "dss",
+                         id,
+                         "home-directory",
+                         username ? username : "");
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(sftp->session);
+        SSH_BUFFER_FREE(buffer);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    rc = sftp_packet_write(sftp, SSH_FXP_EXTENDED, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc < 0) {
+        return NULL;
+    }
+
+    while (msg == NULL) {
+        rc = sftp_read_and_dispatch(sftp);
+        if (rc < 0) {
+            return NULL;
+        }
+        msg = sftp_dequeue(sftp, id);
+    }
+
+    if (msg->packet_type == SSH_FXP_NAME) {
+        uint32_t count = 0;
+        char *homepath = NULL;
+        char *longpath = NULL;
+        sftp_attributes attr = NULL;
+
+        rc = ssh_buffer_unpack(msg->payload, "ds", &count, &homepath);
+        if (rc != SSH_OK) {
+            ssh_set_error(sftp->session,
+                          SSH_ERROR,
+                          "Failed to query user home directory");
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return NULL;
+        }
+        /*
+          for SFTP version > 3, longname field in SSH_FXP_NAME is omitted.
+        */
+        if (sftp->version <= 3) {
+            rc = ssh_buffer_unpack(msg->payload, "s", &longpath);
+            if (rc != SSH_OK) {
+                ssh_set_error(sftp->session,
+                              SSH_ERROR,
+                              "Failed to extract longname from payload");
+                sftp_set_error(sftp, SSH_FX_FAILURE);
+                return NULL;
+            }
+        }
+        attr = sftp_parse_attr(sftp, msg->payload, 0);
+        if (attr == NULL) {
+            ssh_set_error(sftp->session,
+                          SSH_FATAL,
+                          "Couldn't parse the SFTP attributes");
+            return NULL;
+        }
+        sftp_message_free(msg);
+
+        if (count != 1) {
+            if (count > 1) {
+                ssh_set_error(sftp->session,
+                              SSH_ERROR,
+                              "Multiple results returned");
+            } else {
+                ssh_set_error(sftp->session, SSH_ERROR, "No result returned");
+            }
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return NULL;
+        }
+
+        if (longpath) {
+            free(longpath);
+        }
+        sftp_attributes_free(attr);
+        return homepath;
+    } else if (msg->packet_type == SSH_FXP_STATUS) {
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return NULL;
+        }
+
+        sftp_set_error(sftp, status->status);
+        ssh_set_error(sftp->session,
+                      SSH_REQUEST_DENIED,
+                      "SFTP server: %s",
+                      status->errormsg);
+        status_msg_free(status);
+    } else {
+        ssh_set_error(
+            sftp->session,
+            SSH_FATAL,
+            "Received message %d when attempting to query user home directory",
+            msg->packet_type);
+        sftp_message_free(msg);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+    }
+
+    return NULL;
+}
+
 #endif /* WITH_SFTP */
diff --git a/libssh/src/sftp_aio.c b/libssh/src/sftp_aio.c
new file mode 100644
index 00000000..c1c54561
--- /dev/null
+++ b/libssh/src/sftp_aio.c
@@ -0,0 +1,500 @@
+/*
+ * sftp_aio.c - Secure FTP functions for asynchronous i/o
+ *
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2005-2008 by Aris Adamantiadis
+ * Copyright (c) 2008-2018 by Andreas Schneider <asn@cryptomilk.org>
+ * Copyright (c) 2023 by Eshan Kelkar <eshankelkar@galorithm.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "libssh/sftp.h"
+#include "libssh/sftp_priv.h"
+#include "libssh/buffer.h"
+#include "libssh/session.h"
+
+#ifdef WITH_SFTP
+
+struct sftp_aio_struct {
+    sftp_file file;
+    uint32_t id;
+    size_t len;
+};
+
+static sftp_aio sftp_aio_new(void)
+{
+    sftp_aio aio = NULL;
+    aio = calloc(1, sizeof(struct sftp_aio_struct));
+    return aio;
+}
+
+void sftp_aio_free(sftp_aio aio)
+{
+    SAFE_FREE(aio);
+}
+
+ssize_t sftp_aio_begin_read(sftp_file file, size_t len, sftp_aio *aio)
+{
+    sftp_session sftp = NULL;
+    ssh_buffer buffer = NULL;
+    sftp_aio aio_handle = NULL;
+    uint32_t id;
+    int rc;
+
+    if (file == NULL ||
+        file->sftp == NULL ||
+        file->sftp->session == NULL) {
+        return SSH_ERROR;
+    }
+
+    sftp = file->sftp;
+    if (len == 0) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid argument, 0 passed as the number of "
+                      "bytes to read");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    /* Apply a cap on the length a user is allowed to read */
+    if (len > sftp->limits->max_read_length) {
+        len = sftp->limits->max_read_length;
+    }
+
+    if (aio == NULL) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid argument, NULL passed instead of a pointer to "
+                      "a location to store an sftp aio handle");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    id = sftp_get_new_id(sftp);
+
+    rc = ssh_buffer_pack(buffer,
+                         "dSqd",
+                         id,
+                         file->handle,
+                         file->offset,
+                         len);
+
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SSH_BUFFER_FREE(buffer);
+        return SSH_ERROR;
+    }
+
+    aio_handle = sftp_aio_new();
+    if (aio_handle == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SSH_BUFFER_FREE(buffer);
+        return SSH_ERROR;
+    }
+
+    aio_handle->file = file;
+    aio_handle->id = id;
+    aio_handle->len = len;
+
+    rc = sftp_packet_write(sftp, SSH_FXP_READ, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc == SSH_ERROR) {
+        SFTP_AIO_FREE(aio_handle);
+        return SSH_ERROR;
+    }
+
+    /* Assume we read len bytes from the file */
+    file->offset += len;
+    *aio = aio_handle;
+    return len;
+}
+
+ssize_t sftp_aio_wait_read(sftp_aio *aio,
+                           void *buf,
+                           size_t buf_size)
+{
+    sftp_file file = NULL;
+    size_t bytes_requested;
+    sftp_session sftp = NULL;
+    sftp_message msg = NULL;
+    sftp_status_message status = NULL;
+    uint32_t string_len, host_len;
+    int rc, err;
+
+    /*
+     * This function releases the memory of the structure
+     * that (*aio) points to in all cases except when the
+     * return value is SSH_AGAIN.
+     *
+     * If the return value is SSH_AGAIN, the user should call this
+     * function again to get the response for the request corresponding
+     * to the structure that (*aio) points to, hence we don't release the
+     * structure's memory when SSH_AGAIN is returned.
+     */
+
+    if (aio == NULL || *aio == NULL) {
+        return SSH_ERROR;
+    }
+
+    file = (*aio)->file;
+    bytes_requested = (*aio)->len;
+
+    if (file == NULL ||
+        file->sftp == NULL ||
+        file->sftp->session == NULL) {
+        SFTP_AIO_FREE(*aio);
+        return SSH_ERROR;
+    }
+
+    sftp = file->sftp;
+    if (bytes_requested == 0) {
+        /* should never happen */
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid sftp aio, len for requested i/o is 0");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SFTP_AIO_FREE(*aio);
+        return SSH_ERROR;
+    }
+
+    if (buf == NULL) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid argument, NULL passed "
+                      "instead of a buffer's address");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SFTP_AIO_FREE(*aio);
+        return SSH_ERROR;
+    }
+
+    if (buf_size < bytes_requested) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Buffer size (%zu, passed by the caller) is "
+                      "smaller than the number of bytes requested "
+                      "to read (%zu, as per the supplied sftp aio)",
+                      buf_size, bytes_requested);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SFTP_AIO_FREE(*aio);
+        return SSH_ERROR;
+    }
+
+    /* handle an existing request */
+    while (msg == NULL) {
+        if (file->nonblocking) {
+            if (ssh_channel_poll(sftp->channel, 0) == 0) {
+                /* we cannot block */
+                return SSH_AGAIN;
+            }
+        }
+
+        if (sftp_read_and_dispatch(sftp) < 0) {
+            /* something nasty has happened */
+            SFTP_AIO_FREE(*aio);
+            return SSH_ERROR;
+        }
+
+        msg = sftp_dequeue(sftp, (*aio)->id);
+    }
+
+    /*
+     * Release memory for the structure that (*aio) points to
+     * as all further points of return are for success or
+     * failure.
+     */
+    SFTP_AIO_FREE(*aio);
+
+    switch (msg->packet_type) {
+    case SSH_FXP_STATUS:
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return SSH_ERROR;
+        }
+
+        sftp_set_error(sftp, status->status);
+        if (status->status != SSH_FX_EOF) {
+            ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                          "SFTP server : %s", status->errormsg);
+            err = SSH_ERROR;
+        } else {
+            file->eof = 1;
+            /* Update the offset correctly */
+            file->offset = file->offset - bytes_requested;
+            err = SSH_OK;
+        }
+
+        status_msg_free(status);
+        return err;
+
+    case SSH_FXP_DATA:
+        rc = ssh_buffer_get_u32(msg->payload, &string_len);
+        if (rc == 0) {
+            /* Insufficient data in the buffer */
+            ssh_set_error(sftp->session, SSH_FATAL,
+                          "Received invalid DATA packet from sftp server");
+            sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+            sftp_message_free(msg);
+            return SSH_ERROR;
+        }
+
+        host_len = ntohl(string_len);
+        if (host_len > buf_size) {
+            /*
+             * This should never happen, as according to the
+             * SFTP protocol the server reads bytes less than
+             * or equal to the number of bytes requested to read.
+             *
+             * And we have checked before that the buffer size is
+             * greater than or equal to the number of bytes requested
+             * to read, hence code of this if block should never
+             * get executed.
+             */
+            ssh_set_error(sftp->session, SSH_FATAL,
+                          "DATA packet (%u bytes) received from sftp server "
+                          "cannot fit into the supplied buffer (%zu bytes)",
+                          host_len, buf_size);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            sftp_message_free(msg);
+            return SSH_ERROR;
+        }
+
+        string_len = ssh_buffer_get_data(msg->payload, buf, host_len);
+        if (string_len != host_len) {
+            /* should never happen */
+            ssh_set_error(sftp->session, SSH_FATAL,
+                          "Received invalid DATA packet from sftp server");
+            sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+            sftp_message_free(msg);
+            return SSH_ERROR;
+        }
+
+        /* Update the offset with the correct value */
+        file->offset = file->offset - (bytes_requested - string_len);
+        sftp_message_free(msg);
+        return string_len;
+
+    default:
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Received message %d during read!", msg->packet_type);
+        sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+        sftp_message_free(msg);
+        return SSH_ERROR;
+    }
+
+    return SSH_ERROR; /* not reached */
+}
+
+ssize_t sftp_aio_begin_write(sftp_file file,
+                             const void *buf,
+                             size_t len,
+                             sftp_aio *aio)
+{
+    sftp_session sftp = NULL;
+    ssh_buffer buffer = NULL;
+    sftp_aio aio_handle = NULL;
+    uint32_t id;
+    int rc;
+
+    if (file == NULL ||
+        file->sftp == NULL ||
+        file->sftp->session == NULL) {
+        return SSH_ERROR;
+    }
+
+    sftp = file->sftp;
+    if (buf == NULL) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid argument, NULL passed instead "
+                      "of a buffer's address");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    if (len == 0) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid argument, 0 passed as the number "
+                      "of bytes to write");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    /* Apply a cap on the length a user is allowed to write */
+    if (len > sftp->limits->max_write_length) {
+        len = sftp->limits->max_write_length;
+    }
+
+    if (aio == NULL) {
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid argument, NULL passed instead of a pointer to "
+                      "a location to store an sftp aio handle");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    buffer = ssh_buffer_new();
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return SSH_ERROR;
+    }
+
+    id = sftp_get_new_id(sftp);
+    rc = ssh_buffer_pack(buffer,
+                         "dSqdP",
+                         id,
+                         file->handle,
+                         file->offset,
+                         len, /* len of datastring */
+                         len, buf);
+
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SSH_BUFFER_FREE(buffer);
+        return SSH_ERROR;
+    }
+
+    aio_handle = sftp_aio_new();
+    if (aio_handle == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SSH_BUFFER_FREE(buffer);
+        return SSH_ERROR;
+    }
+
+    aio_handle->file = file;
+    aio_handle->id = id;
+    aio_handle->len = len;
+
+    rc = sftp_packet_write(sftp, SSH_FXP_WRITE, buffer);
+    SSH_BUFFER_FREE(buffer);
+    if (rc == SSH_ERROR) {
+        SFTP_AIO_FREE(aio_handle);
+        return SSH_ERROR;
+    }
+
+    /* Assume we wrote len bytes to the file */
+    file->offset += len;
+    *aio = aio_handle;
+    return len;
+}
+
+ssize_t sftp_aio_wait_write(sftp_aio *aio)
+{
+    sftp_file file = NULL;
+    size_t bytes_requested;
+
+    sftp_session sftp = NULL;
+    sftp_message msg = NULL;
+    sftp_status_message status = NULL;
+
+    /*
+     * This function releases the memory of the structure
+     * that (*aio) points to in all cases except when the
+     * return value is SSH_AGAIN.
+     *
+     * If the return value is SSH_AGAIN, the user should call this
+     * function again to get the response for the request corresponding
+     * to the structure that (*aio) points to, hence we don't release the
+     * structure's memory when SSH_AGAIN is returned.
+     */
+
+    if (aio == NULL || *aio == NULL) {
+        return SSH_ERROR;
+    }
+
+    file = (*aio)->file;
+    bytes_requested = (*aio)->len;
+
+    if (file == NULL ||
+        file->sftp == NULL ||
+        file->sftp->session == NULL) {
+        SFTP_AIO_FREE(*aio);
+        return SSH_ERROR;
+    }
+
+    sftp = file->sftp;
+    if (bytes_requested == 0) {
+        /* This should never happen */
+        ssh_set_error(sftp->session, SSH_FATAL,
+                      "Invalid sftp aio, len for requested i/o is 0");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        SFTP_AIO_FREE(*aio);
+        return SSH_ERROR;
+    }
+
+    while (msg == NULL) {
+        if (file->nonblocking) {
+            if (ssh_channel_poll(sftp->channel, 0) == 0) {
+                /* we cannot block */
+                return SSH_AGAIN;
+            }
+        }
+
+        if (sftp_read_and_dispatch(sftp) < 0) {
+            /* something nasty has happened */
+            SFTP_AIO_FREE(*aio);
+            return SSH_ERROR;
+        }
+
+        msg = sftp_dequeue(sftp, (*aio)->id);
+    }
+
+    /*
+     * Release memory for the structure that (*aio) points to
+     * as all further points of return are for success or
+     * failure.
+     */
+    SFTP_AIO_FREE(*aio);
+
+    if (msg->packet_type == SSH_FXP_STATUS) {
+        status = parse_status_msg(msg);
+        sftp_message_free(msg);
+        if (status == NULL) {
+            return SSH_ERROR;
+        }
+
+        sftp_set_error(sftp, status->status);
+        if (status->status == SSH_FX_OK) {
+            status_msg_free(status);
+            return bytes_requested;
+        }
+
+        ssh_set_error(sftp->session, SSH_REQUEST_DENIED,
+                      "SFTP server: %s", status->errormsg);
+        status_msg_free(status);
+        return SSH_ERROR;
+    }
+
+    ssh_set_error(sftp->session, SSH_FATAL,
+                  "Received message %d during write!",
+                  msg->packet_type);
+    sftp_message_free(msg);
+    sftp_set_error(sftp, SSH_FX_BAD_MESSAGE);
+    return SSH_ERROR;
+}
+
+#endif /* WITH_SFTP */
diff --git a/libssh/src/sftp_common.c b/libssh/src/sftp_common.c
new file mode 100644
index 00000000..13512b8d
--- /dev/null
+++ b/libssh/src/sftp_common.c
@@ -0,0 +1,928 @@
+/*
+ * sftp_common.c - Secure FTP functions which are private and are used
+ *                 internally by other sftp api functions spread across
+ *                 various source files.
+ *
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2005-2008 by Aris Adamantiadis
+ * Copyright (c) 2008-2018 by Andreas Schneider <asn@cryptomilk.org>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include <ctype.h>
+
+#include "libssh/sftp.h"
+#include "libssh/sftp_priv.h"
+#include "libssh/buffer.h"
+#include "libssh/session.h"
+#include "libssh/bytearray.h"
+
+#ifdef WITH_SFTP
+
+/* Buffer size maximum is 256M */
+#define SFTP_PACKET_SIZE_MAX 0x10000000
+
+sftp_packet sftp_packet_read(sftp_session sftp)
+{
+    uint8_t tmpbuf[4];
+    uint8_t *buffer = NULL;
+    sftp_packet packet = sftp->read_packet;
+    uint32_t size;
+    int nread;
+    bool is_eof;
+    int rc;
+
+    packet->sftp = sftp;
+
+    /*
+     * If the packet has a payload, then just reinit the buffer, otherwise
+     * allocate a new one.
+     */
+    if (packet->payload != NULL) {
+        rc = ssh_buffer_reinit(packet->payload);
+        if (rc != 0) {
+            ssh_set_error_oom(sftp->session);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return NULL;
+        }
+    } else {
+        packet->payload = ssh_buffer_new();
+        if (packet->payload == NULL) {
+            ssh_set_error_oom(sftp->session);
+            sftp_set_error(sftp, SSH_FX_FAILURE);
+            return NULL;
+        }
+    }
+
+    nread = 0;
+    do {
+        int s;
+
+        /* read from channel until 4 bytes have been read or an error occurs */
+        s = ssh_channel_read(sftp->channel, tmpbuf + nread, 4 - nread, 0);
+        if (s < 0) {
+            goto error;
+        } else if (s == 0) {
+            is_eof = ssh_channel_is_eof(sftp->channel);
+            if (is_eof) {
+                ssh_set_error(sftp->session,
+                              SSH_FATAL,
+                              "Received EOF while reading sftp packet size");
+                sftp_set_error(sftp, SSH_FX_EOF);
+                goto error;
+            } else {
+                ssh_set_error(sftp->session,
+                              SSH_FATAL,
+                              "Timeout while reading sftp packet size");
+                sftp_set_error(sftp, SSH_FX_FAILURE);
+                goto error;
+            }
+        } else {
+            nread += s;
+        }
+    } while (nread < 4);
+
+    size = PULL_BE_U32(tmpbuf, 0);
+    if (size == 0 || size > SFTP_PACKET_SIZE_MAX) {
+        ssh_set_error(sftp->session, SSH_FATAL, "Invalid sftp packet size!");
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        goto error;
+    }
+
+    do {
+        nread = ssh_channel_read(sftp->channel, tmpbuf, 1, 0);
+        if (nread < 0) {
+            goto error;
+        } else if (nread == 0) {
+            is_eof = ssh_channel_is_eof(sftp->channel);
+            if (is_eof) {
+                ssh_set_error(sftp->session,
+                              SSH_FATAL,
+                              "Received EOF while reading sftp packet type");
+                sftp_set_error(sftp, SSH_FX_EOF);
+                goto error;
+            } else {
+                ssh_set_error(sftp->session,
+                              SSH_FATAL,
+                              "Timeout while reading sftp packet type");
+                sftp_set_error(sftp, SSH_FX_FAILURE);
+                goto error;
+            }
+        }
+    } while (nread < 1);
+
+    packet->type = tmpbuf[0];
+
+    /* Remove the packet type size */
+    size -= sizeof(uint8_t);
+
+    /* Allocate the receive buffer from payload */
+    buffer = ssh_buffer_allocate(packet->payload, size);
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        goto error;
+    }
+    while (size > 0 && size < SFTP_PACKET_SIZE_MAX) {
+        nread = ssh_channel_read(sftp->channel, buffer, size, 0);
+        if (nread < 0) {
+            /* TODO: check if there are cases where an error needs to be set here */
+            goto error;
+        }
+
+        if (nread > 0) {
+            buffer += nread;
+            size -= nread;
+        } else { /* nread == 0 */
+            /* Retry the reading unless the remote was closed */
+            is_eof = ssh_channel_is_eof(sftp->channel);
+            if (is_eof) {
+                ssh_set_error(sftp->session,
+                              SSH_REQUEST_DENIED,
+                              "Received EOF while reading sftp packet");
+                sftp_set_error(sftp, SSH_FX_EOF);
+                goto error;
+            } else {
+                ssh_set_error(sftp->session,
+                              SSH_FATAL,
+                              "Timeout while reading sftp packet");
+                sftp_set_error(sftp, SSH_FX_FAILURE);
+                goto error;
+            }
+        }
+    }
+
+    return packet;
+error:
+    ssh_buffer_reinit(packet->payload);
+    return NULL;
+}
+
+int sftp_packet_write(sftp_session sftp, uint8_t type, ssh_buffer payload)
+{
+    uint8_t header[5] = {0};
+    uint32_t payload_size;
+    int size;
+    int rc;
+
+    /* Add size of type */
+    payload_size = ssh_buffer_get_len(payload) + sizeof(uint8_t);
+    PUSH_BE_U32(header, 0, payload_size);
+    PUSH_BE_U8(header, 4, type);
+
+    rc = ssh_buffer_prepend_data(payload, header, sizeof(header));
+    if (rc < 0) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    size = ssh_channel_write(sftp->channel,
+                             ssh_buffer_get(payload),
+                             ssh_buffer_get_len(payload));
+    if (size < 0) {
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return -1;
+    }
+
+    if ((uint32_t)size != ssh_buffer_get_len(payload)) {
+        SSH_LOG(SSH_LOG_PACKET,
+                "Had to write %" PRIu32 " bytes, wrote only %d",
+                ssh_buffer_get_len(payload),
+                size);
+    }
+
+    return size;
+}
+
+void sftp_packet_free(sftp_packet packet)
+{
+    if (packet == NULL) {
+        return;
+    }
+
+    SSH_BUFFER_FREE(packet->payload);
+    free(packet);
+}
+
+int buffer_add_attributes(ssh_buffer buffer, sftp_attributes attr)
+{
+    uint32_t flags = (attr ? attr->flags : 0);
+    int rc;
+
+    flags &= (SSH_FILEXFER_ATTR_SIZE | SSH_FILEXFER_ATTR_UIDGID |
+              SSH_FILEXFER_ATTR_PERMISSIONS | SSH_FILEXFER_ATTR_ACMODTIME);
+
+    rc = ssh_buffer_pack(buffer, "d", flags);
+    if (rc != SSH_OK) {
+        return -1;
+    }
+
+    if (attr != NULL) {
+        if (flags & SSH_FILEXFER_ATTR_SIZE) {
+            rc = ssh_buffer_pack(buffer, "q", attr->size);
+            if (rc != SSH_OK) {
+                return -1;
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_UIDGID) {
+            rc = ssh_buffer_pack(buffer, "dd", attr->uid, attr->gid);
+            if (rc != SSH_OK) {
+                return -1;
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
+            rc = ssh_buffer_pack(buffer, "d", attr->permissions);
+            if (rc != SSH_OK) {
+                return -1;
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_ACMODTIME) {
+            rc = ssh_buffer_pack(buffer, "dd", attr->atime, attr->mtime);
+            if (rc != SSH_OK) {
+                return -1;
+            }
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * Parse the attributes from a payload from some messages. It is coded on
+ * baselines from the protocol version 4.
+ * This code is more or less dead but maybe we will need it in the future.
+ */
+static sftp_attributes sftp_parse_attr_4(sftp_session sftp,
+                                         ssh_buffer buf,
+                                         int expectnames)
+{
+    sftp_attributes attr = NULL;
+    ssh_string owner = NULL;
+    ssh_string group = NULL;
+    uint32_t flags = 0;
+    int ok = 0;
+
+    /* unused member variable */
+    (void) expectnames;
+
+    attr = calloc(1, sizeof(struct sftp_attributes_struct));
+    if (attr == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    /* This isn't really a loop, but it is like a try..catch.. */
+    do {
+        if (ssh_buffer_get_u32(buf, &flags) != 4) {
+            break;
+        }
+
+        flags = ntohl(flags);
+        attr->flags = flags;
+
+        if (flags & SSH_FILEXFER_ATTR_SIZE) {
+            if (ssh_buffer_get_u64(buf, &attr->size) != 8) {
+                break;
+            }
+            attr->size = ntohll(attr->size);
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_OWNERGROUP) {
+            owner = ssh_buffer_get_ssh_string(buf);
+            if (owner == NULL) {
+                break;
+            }
+            attr->owner = ssh_string_to_char(owner);
+            SSH_STRING_FREE(owner);
+            if (attr->owner == NULL) {
+                break;
+            }
+
+            group = ssh_buffer_get_ssh_string(buf);
+            if (group == NULL) {
+                break;
+            }
+            attr->group = ssh_string_to_char(group);
+            SSH_STRING_FREE(group);
+            if (attr->group == NULL) {
+                break;
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
+            if (ssh_buffer_get_u32(buf, &attr->permissions) != 4) {
+                break;
+            }
+            attr->permissions = ntohl(attr->permissions);
+
+            /* FIXME on windows! */
+            switch (attr->permissions & SSH_S_IFMT) {
+            case SSH_S_IFSOCK:
+            case SSH_S_IFBLK:
+            case SSH_S_IFCHR:
+            case SSH_S_IFIFO:
+                attr->type = SSH_FILEXFER_TYPE_SPECIAL;
+                break;
+            case SSH_S_IFLNK:
+                attr->type = SSH_FILEXFER_TYPE_SYMLINK;
+                break;
+            case SSH_S_IFREG:
+                attr->type = SSH_FILEXFER_TYPE_REGULAR;
+                break;
+            case SSH_S_IFDIR:
+                attr->type = SSH_FILEXFER_TYPE_DIRECTORY;
+                break;
+            default:
+                attr->type = SSH_FILEXFER_TYPE_UNKNOWN;
+                break;
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_ACCESSTIME) {
+            if (ssh_buffer_get_u64(buf, &attr->atime64) != 8) {
+                break;
+            }
+            attr->atime64 = ntohll(attr->atime64);
+
+            if (flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES) {
+                if (ssh_buffer_get_u32(buf, &attr->atime_nseconds) != 4) {
+                    break;
+                }
+                attr->atime_nseconds = ntohl(attr->atime_nseconds);
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_CREATETIME) {
+            if (ssh_buffer_get_u64(buf, &attr->createtime) != 8) {
+                break;
+            }
+            attr->createtime = ntohll(attr->createtime);
+
+            if (flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES) {
+                if (ssh_buffer_get_u32(buf, &attr->createtime_nseconds) != 4) {
+                    break;
+                }
+                attr->createtime_nseconds = ntohl(attr->createtime_nseconds);
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_MODIFYTIME) {
+            if (ssh_buffer_get_u64(buf, &attr->mtime64) != 8) {
+                break;
+            }
+            attr->mtime64 = ntohll(attr->mtime64);
+
+            if (flags & SSH_FILEXFER_ATTR_SUBSECOND_TIMES) {
+                if (ssh_buffer_get_u32(buf, &attr->mtime_nseconds) != 4) {
+                    break;
+                }
+                attr->mtime_nseconds = ntohl(attr->mtime_nseconds);
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_ACL) {
+            if ((attr->acl = ssh_buffer_get_ssh_string(buf)) == NULL) {
+                break;
+            }
+        }
+
+        if (flags & SSH_FILEXFER_ATTR_EXTENDED) {
+            if (ssh_buffer_get_u32(buf,&attr->extended_count) != 4) {
+                break;
+            }
+            attr->extended_count = ntohl(attr->extended_count);
+
+            while (attr->extended_count &&
+                   (attr->extended_type = ssh_buffer_get_ssh_string(buf)) &&
+                   (attr->extended_data = ssh_buffer_get_ssh_string(buf))) {
+                attr->extended_count--;
+            }
+
+            if (attr->extended_count) {
+                break;
+            }
+        }
+        ok = 1;
+    } while (0);
+
+    if (ok == 0) {
+        /* break issued somewhere */
+        SSH_STRING_FREE(attr->acl);
+        SSH_STRING_FREE(attr->extended_type);
+        SSH_STRING_FREE(attr->extended_data);
+        SAFE_FREE(attr->owner);
+        SAFE_FREE(attr->group);
+        SAFE_FREE(attr);
+
+        ssh_set_error(sftp->session, SSH_FATAL, "Invalid ATTR structure");
+
+        return NULL;
+    }
+
+    return attr;
+}
+
+enum sftp_longname_field_e {
+    SFTP_LONGNAME_PERM = 0,
+    SFTP_LONGNAME_FIXME,
+    SFTP_LONGNAME_OWNER,
+    SFTP_LONGNAME_GROUP,
+    SFTP_LONGNAME_SIZE,
+    SFTP_LONGNAME_DATE,
+    SFTP_LONGNAME_TIME,
+    SFTP_LONGNAME_NAME,
+};
+
+static char * sftp_parse_longname(const char *longname,
+                                  enum sftp_longname_field_e longname_field)
+{
+    const char *p, *q;
+    size_t len, field = 0;
+
+    p = longname;
+    /*
+     * Find the beginning of the field which is specified
+     * by sftp_longname_field_e.
+     */
+    while (field != longname_field) {
+        if (isspace(*p)) {
+            field++;
+            p++;
+            while (*p && isspace(*p)) {
+                p++;
+            }
+        } else {
+            p++;
+        }
+    }
+
+    q = p;
+    while (! isspace(*q)) {
+        q++;
+    }
+
+    len = q - p;
+
+    return strndup(p, len);
+}
+
+/* sftp version 0-3 code. It is different from the v4 */
+/* maybe a paste of the draft is better than the code */
+/*
+        uint32   flags
+        uint64   size           present only if flag SSH_FILEXFER_ATTR_SIZE
+        uint32   uid            present only if flag SSH_FILEXFER_ATTR_UIDGID
+        uint32   gid            present only if flag SSH_FILEXFER_ATTR_UIDGID
+        uint32   permissions    present only if flag SSH_FILEXFER_ATTR_PERMISSIONS
+        uint32   atime          present only if flag SSH_FILEXFER_ACMODTIME
+        uint32   mtime          present only if flag SSH_FILEXFER_ACMODTIME
+        uint32   extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED
+        string   extended_type
+        string   extended_data
+        ...      more extended data (extended_type - extended_data pairs),
+                   so that number of pairs equals extended_count              */
+static sftp_attributes sftp_parse_attr_3(sftp_session sftp,
+                                         ssh_buffer buf,
+                                         int expectname)
+{
+    sftp_attributes attr;
+    int rc;
+
+    attr = calloc(1, sizeof(struct sftp_attributes_struct));
+    if (attr == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    if (expectname) {
+        rc = ssh_buffer_unpack(buf, "ss",
+                               &attr->name,
+                               &attr->longname);
+        if (rc != SSH_OK){
+            goto error;
+        }
+        SSH_LOG(SSH_LOG_DEBUG, "Name: %s", attr->name);
+
+        /* Set owner and group if we talk to openssh and have the longname */
+        if (ssh_get_openssh_version(sftp->session)) {
+            attr->owner = sftp_parse_longname(attr->longname,
+                                              SFTP_LONGNAME_OWNER);
+            if (attr->owner == NULL) {
+                goto error;
+            }
+
+            attr->group = sftp_parse_longname(attr->longname,
+                                              SFTP_LONGNAME_GROUP);
+            if (attr->group == NULL) {
+                goto error;
+            }
+        }
+    }
+
+    rc = ssh_buffer_unpack(buf, "d", &attr->flags);
+    if (rc != SSH_OK){
+        goto error;
+    }
+    SSH_LOG(SSH_LOG_DEBUG,
+            "Flags: %.8" PRIx32 "\n", attr->flags);
+
+    if (attr->flags & SSH_FILEXFER_ATTR_SIZE) {
+        rc = ssh_buffer_unpack(buf, "q", &attr->size);
+        if(rc != SSH_OK) {
+            goto error;
+        }
+        SSH_LOG(SSH_LOG_DEBUG,
+                "Size: %" PRIu64 "\n",
+                (uint64_t) attr->size);
+    }
+
+    if (attr->flags & SSH_FILEXFER_ATTR_UIDGID) {
+        rc = ssh_buffer_unpack(buf, "dd",
+                               &attr->uid,
+                               &attr->gid);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+    }
+
+    if (attr->flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
+        rc = ssh_buffer_unpack(buf, "d", &attr->permissions);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+
+        switch (attr->permissions & SSH_S_IFMT) {
+        case SSH_S_IFSOCK:
+        case SSH_S_IFBLK:
+        case SSH_S_IFCHR:
+        case SSH_S_IFIFO:
+            attr->type = SSH_FILEXFER_TYPE_SPECIAL;
+            break;
+        case SSH_S_IFLNK:
+            attr->type = SSH_FILEXFER_TYPE_SYMLINK;
+            break;
+        case SSH_S_IFREG:
+            attr->type = SSH_FILEXFER_TYPE_REGULAR;
+            break;
+        case SSH_S_IFDIR:
+            attr->type = SSH_FILEXFER_TYPE_DIRECTORY;
+            break;
+        default:
+            attr->type = SSH_FILEXFER_TYPE_UNKNOWN;
+            break;
+        }
+    }
+
+    if (attr->flags & SSH_FILEXFER_ATTR_ACMODTIME) {
+        rc = ssh_buffer_unpack(buf, "dd",
+                               &attr->atime,
+                               &attr->mtime);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+    }
+
+    if (attr->flags & SSH_FILEXFER_ATTR_EXTENDED) {
+        rc = ssh_buffer_unpack(buf, "d", &attr->extended_count);
+        if (rc != SSH_OK) {
+            goto error;
+        }
+
+        if (attr->extended_count > 0) {
+            rc = ssh_buffer_unpack(buf, "ss",
+                                   &attr->extended_type,
+                                   &attr->extended_data);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            attr->extended_count--;
+        }
+        /* just ignore the remaining extensions */
+
+        while (attr->extended_count > 0) {
+            ssh_string tmp1,tmp2;
+            rc = ssh_buffer_unpack(buf, "SS", &tmp1, &tmp2);
+            if (rc != SSH_OK){
+                goto error;
+            }
+            SAFE_FREE(tmp1);
+            SAFE_FREE(tmp2);
+            attr->extended_count--;
+        }
+    }
+
+    return attr;
+
+error:
+    SSH_STRING_FREE(attr->extended_type);
+    SSH_STRING_FREE(attr->extended_data);
+    SAFE_FREE(attr->name);
+    SAFE_FREE(attr->longname);
+    SAFE_FREE(attr->owner);
+    SAFE_FREE(attr->group);
+    SAFE_FREE(attr);
+    ssh_set_error(sftp->session, SSH_FATAL, "Invalid ATTR structure");
+    sftp_set_error(sftp, SSH_FX_FAILURE);
+
+    return NULL;
+}
+
+sftp_attributes sftp_parse_attr(sftp_session session,
+                                ssh_buffer buf,
+                                int expectname)
+{
+    switch (session->version) {
+    case 4:
+        return sftp_parse_attr_4(session, buf, expectname);
+    case 3:
+    case 2:
+    case 1:
+    case 0:
+        return sftp_parse_attr_3(session, buf, expectname);
+    default:
+        ssh_set_error(session->session, SSH_FATAL,
+                      "Version %d unsupported by client",
+                      session->server_version);
+        return NULL;
+    }
+
+    return NULL;
+}
+
+void sftp_set_error(sftp_session sftp, int errnum)
+{
+    if (sftp != NULL) {
+        sftp->errnum = errnum;
+    }
+}
+
+void sftp_message_free(sftp_message msg)
+{
+    if (msg == NULL) {
+        return;
+    }
+
+    SSH_BUFFER_FREE(msg->payload);
+    SAFE_FREE(msg);
+}
+
+static sftp_request_queue request_queue_new(sftp_message msg)
+{
+    sftp_request_queue queue = NULL;
+
+    queue = calloc(1, sizeof(struct sftp_request_queue_struct));
+    if (queue == NULL) {
+        ssh_set_error_oom(msg->sftp->session);
+        sftp_set_error(msg->sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    queue->message = msg;
+
+    return queue;
+}
+
+static void request_queue_free(sftp_request_queue queue)
+{
+    if (queue == NULL) {
+        return;
+    }
+
+    ZERO_STRUCTP(queue);
+    SAFE_FREE(queue);
+}
+
+static int
+sftp_enqueue(sftp_session sftp, sftp_message msg)
+{
+    sftp_request_queue queue = NULL;
+    sftp_request_queue ptr;
+
+    queue = request_queue_new(msg);
+    if (queue == NULL) {
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PACKET,
+            "Queued msg id %" PRIu32 " type %d",
+            msg->id, msg->packet_type);
+
+    if(sftp->queue == NULL) {
+        sftp->queue = queue;
+    } else {
+        ptr = sftp->queue;
+        while(ptr->next) {
+            ptr=ptr->next; /* find end of linked list */
+        }
+        ptr->next = queue; /* add it on bottom */
+    }
+
+    return 0;
+}
+
+/*
+ * Pulls a message from the queue based on the ID.
+ * Returns NULL if no message has been found.
+ */
+sftp_message sftp_dequeue(sftp_session sftp, uint32_t id)
+{
+    sftp_request_queue prev = NULL;
+    sftp_request_queue queue;
+    sftp_message msg;
+
+    if(sftp->queue == NULL) {
+        return NULL;
+    }
+
+    queue = sftp->queue;
+    while (queue) {
+        if (queue->message->id == id) {
+            /* remove from queue */
+            if (prev == NULL) {
+                sftp->queue = queue->next;
+            } else {
+                prev->next = queue->next;
+            }
+            msg = queue->message;
+            request_queue_free(queue);
+            SSH_LOG(SSH_LOG_PACKET,
+                    "Dequeued msg id %" PRIu32 " type %d",
+                    msg->id,
+                    msg->packet_type);
+            return msg;
+        }
+        prev = queue;
+        queue = queue->next;
+    }
+
+    return NULL;
+}
+
+static sftp_message sftp_get_message(sftp_packet packet)
+{
+    sftp_session sftp = packet->sftp;
+    sftp_message msg = NULL;
+    int rc;
+
+    switch (packet->type) {
+    case SSH_FXP_STATUS:
+    case SSH_FXP_HANDLE:
+    case SSH_FXP_DATA:
+    case SSH_FXP_ATTRS:
+    case SSH_FXP_NAME:
+    case SSH_FXP_EXTENDED_REPLY:
+        break;
+    default:
+        ssh_set_error(packet->sftp->session,
+                      SSH_FATAL,
+                      "Unknown packet type %d",
+                      packet->type);
+        sftp_set_error(packet->sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    msg = calloc(1, sizeof(struct sftp_message_struct));
+    if (msg == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_set_error(packet->sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    msg->sftp = packet->sftp;
+    msg->packet_type = packet->type;
+
+    /* Move the payload from the packet to the message */
+    msg->payload = packet->payload;
+    packet->payload = NULL;
+
+    rc = ssh_buffer_unpack(msg->payload, "d", &msg->id);
+    if (rc != SSH_OK) {
+        ssh_set_error(packet->sftp->session, SSH_FATAL,
+                "Invalid packet %d: no ID", packet->type);
+        sftp_message_free(msg);
+        sftp_set_error(packet->sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    SSH_LOG(SSH_LOG_PACKET,
+            "Packet with id %" PRIu32 " type %d",
+            msg->id,
+            msg->packet_type);
+
+    return msg;
+}
+
+int sftp_read_and_dispatch(sftp_session sftp)
+{
+    sftp_packet packet = NULL;
+    sftp_message msg = NULL;
+
+    packet = sftp_packet_read(sftp);
+    if (packet == NULL) {
+        /* something nasty happened reading the packet */
+        return -1;
+    }
+
+    msg = sftp_get_message(packet);
+    if (msg == NULL) {
+        return -1;
+    }
+
+    if (sftp_enqueue(sftp, msg) < 0) {
+        sftp_message_free(msg);
+        return -1;
+    }
+
+    return 0;
+}
+
+sftp_status_message parse_status_msg(sftp_message msg)
+{
+    sftp_status_message status = NULL;
+    int rc;
+
+    if (msg->packet_type != SSH_FXP_STATUS) {
+        ssh_set_error(msg->sftp->session, SSH_FATAL,
+                      "Not a ssh_fxp_status message passed in!");
+        sftp_set_error(msg->sftp, SSH_FX_BAD_MESSAGE);
+        return NULL;
+    }
+
+    status = calloc(1, sizeof(struct sftp_status_message_struct));
+    if (status == NULL) {
+        ssh_set_error_oom(msg->sftp->session);
+        sftp_set_error(msg->sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    status->id = msg->id;
+    rc = ssh_buffer_unpack(msg->payload, "d",
+                           &status->status);
+    if (rc != SSH_OK) {
+        SAFE_FREE(status);
+        ssh_set_error(msg->sftp->session, SSH_FATAL,
+                      "Invalid SSH_FXP_STATUS message");
+        sftp_set_error(msg->sftp, SSH_FX_FAILURE);
+        return NULL;
+    }
+
+    rc = ssh_buffer_unpack(msg->payload, "ss",
+                           &status->errormsg,
+                           &status->langmsg);
+
+    if (rc != SSH_OK && msg->sftp->version >= 3) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Invalid SSH_FXP_STATUS message. Missing error message.");
+    }
+
+    if (status->errormsg == NULL)
+        status->errormsg = strdup("No error message in packet");
+
+    if (status->langmsg == NULL)
+        status->langmsg = strdup("");
+
+    if (status->errormsg == NULL || status->langmsg == NULL) {
+        ssh_set_error_oom(msg->sftp->session);
+        sftp_set_error(msg->sftp, SSH_FX_FAILURE);
+        status_msg_free(status);
+        return NULL;
+    }
+
+    return status;
+}
+
+void status_msg_free(sftp_status_message status)
+{
+    if (status == NULL) {
+        return;
+    }
+
+    SAFE_FREE(status->errormsg);
+    SAFE_FREE(status->langmsg);
+    SAFE_FREE(status);
+}
+
+#endif /* WITH_SFTP */
diff --git a/libssh/src/sftpserver.c b/libssh/src/sftpserver.c
index 9117f155..6c52e003 100644
--- a/libssh/src/sftpserver.c
+++ b/libssh/src/sftpserver.c
@@ -3,7 +3,8 @@
  *
  * This file is part of the SSH Library
  *
- * Copyright (c) 2005      by Aris Adamantiadis
+ * Copyright (c) 2005 Aris Adamantiadis
+ * Copyright (c) 2022 Zeyu Sheng <shengzeyu19_98@163.com>
  *
  * The SSH Library is free software; you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -23,16 +24,32 @@
 
 #include "config.h"
 
-#include <stdio.h>
 
 #ifndef _WIN32
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <dirent.h>
+#include <sys/statvfs.h>
 #endif
 
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif /* HAVE_SYS_TIME_H */
+#ifdef HAVE_SYS_UTIME_H
+#include <sys/utime.h>
+#endif /* HAVE_SYS_UTIME_H */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <time.h>
+
 #include "libssh/libssh.h"
 #include "libssh/sftp.h"
 #include "libssh/sftp_priv.h"
+#include "libssh/sftpserver.h"
 #include "libssh/ssh2.h"
 #include "libssh/priv.h"
 #include "libssh/buffer.h"
@@ -40,518 +57,1813 @@
 
 #define SFTP_HANDLES 256
 
-sftp_client_message sftp_get_client_message(sftp_session sftp) {
-  ssh_session session = sftp->session;
-  sftp_packet packet;
-  sftp_client_message msg;
-  ssh_buffer payload;
-  int rc;
+#define MAX_ENTRIES_NUM_IN_PACKET 50
+#define MAX_LONG_NAME_LEN 350
 
-  msg = malloc(sizeof (struct sftp_client_message_struct));
-  if (msg == NULL) {
-    ssh_set_error_oom(session);
-    return NULL;
-  }
-  ZERO_STRUCTP(msg);
+static sftp_client_message
+sftp_make_client_message(sftp_session sftp, sftp_packet packet)
+{
+    ssh_session session = sftp->session;
+    sftp_client_message msg = NULL;
+    ssh_buffer payload = NULL;
+    int rc;
+    int version;
 
-  packet = sftp_packet_read(sftp);
-  if (packet == NULL) {
-    ssh_set_error_oom(session);
-    sftp_client_message_free(msg);
-    return NULL;
-  }
-
-  payload = packet->payload;
-  msg->type = packet->type;
-  msg->sftp = sftp;
-
-  /* take a copy of the whole packet */
-  msg->complete_message = ssh_buffer_new();
-  if (msg->complete_message == NULL) {
-      ssh_set_error_oom(session);
-      sftp_client_message_free(msg);
-      return NULL;
-  }
-
-  rc = ssh_buffer_add_data(msg->complete_message,
-                           ssh_buffer_get(payload),
-                           ssh_buffer_get_len(payload));
-  if (rc < 0) {
-      ssh_set_error_oom(session);
-      sftp_client_message_free(msg);
-      return NULL;
-  }
-
-  ssh_buffer_get_u32(payload, &msg->id);
-
-  switch(msg->type) {
-    case SSH_FXP_CLOSE:
-    case SSH_FXP_READDIR:
-      msg->handle = ssh_buffer_get_ssh_string(payload);
-      if (msg->handle == NULL) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_READ:
-      rc = ssh_buffer_unpack(payload,
-                             "Sqd",
-                             &msg->handle,
-                             &msg->offset,
-                             &msg->len);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_WRITE:
-      rc = ssh_buffer_unpack(payload,
-                             "SqS",
-                             &msg->handle,
-                             &msg->offset,
-                             &msg->data);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_REMOVE:
-    case SSH_FXP_RMDIR:
-    case SSH_FXP_OPENDIR:
-    case SSH_FXP_READLINK:
-    case SSH_FXP_REALPATH:
-      rc = ssh_buffer_unpack(payload,
-                             "s",
-                             &msg->filename);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_RENAME:
-    case SSH_FXP_SYMLINK:
-      rc = ssh_buffer_unpack(payload,
-                             "sS",
-                             &msg->filename,
-                             &msg->data);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_MKDIR:
-    case SSH_FXP_SETSTAT:
-      rc = ssh_buffer_unpack(payload,
-                             "s",
-                             &msg->filename);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      msg->attr = sftp_parse_attr(sftp, payload, 0);
-      if (msg->attr == NULL) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_FSETSTAT:
-      msg->handle = ssh_buffer_get_ssh_string(payload);
-      if (msg->handle == NULL) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      msg->attr = sftp_parse_attr(sftp, payload, 0);
-      if (msg->attr == NULL) {
+    msg = calloc(1, sizeof(struct sftp_client_message_struct));
+    if (msg == NULL) {
         ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
         return NULL;
-      }
-      break;
-    case SSH_FXP_LSTAT:
-    case SSH_FXP_STAT:
-      rc = ssh_buffer_unpack(payload,
-                             "s",
-                             &msg->filename);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      if(sftp->version > 3) {
-        ssh_buffer_unpack(payload, "d", &msg->flags);
-      }
-      break;
-    case SSH_FXP_OPEN:
-      rc = ssh_buffer_unpack(payload,
-                             "sd",
-                             &msg->filename,
-                             &msg->flags);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      msg->attr = sftp_parse_attr(sftp, payload, 0);
-      if (msg->attr == NULL) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_FSTAT:
-      rc = ssh_buffer_unpack(payload,
-                             "S",
-                             &msg->handle);
-      if (rc != SSH_OK) {
-        ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-      break;
-    case SSH_FXP_EXTENDED:
-      rc = ssh_buffer_unpack(payload,
-                             "s",
-                             &msg->submessage);
-      if (rc != SSH_OK) {
+    }
+
+    payload = packet->payload;
+    msg->type = packet->type;
+    msg->sftp = sftp;
+
+    /* take a copy of the whole packet */
+    msg->complete_message = ssh_buffer_new();
+    if (msg->complete_message == NULL) {
         ssh_set_error_oom(session);
-        sftp_client_message_free(msg);
-        return NULL;
-      }
-
-      if (strcmp(msg->submessage, "hardlink@openssh.com") == 0 ||
-          strcmp(msg->submessage, "posix-rename@openssh.com") == 0) {
-        rc = ssh_buffer_unpack(payload,
-                               "sS",
-                               &msg->filename,
-                               &msg->data);
-        if (rc != SSH_OK) {
-          ssh_set_error_oom(session);
-          sftp_client_message_free(msg);
-          return NULL;
+        goto error;
+    }
+
+    rc = ssh_buffer_add_data(msg->complete_message,
+                             ssh_buffer_get(payload),
+                             ssh_buffer_get_len(payload));
+    if (rc < 0) {
+        goto error;
+    }
+
+    if (msg->type != SSH_FXP_INIT) {
+        rc = ssh_buffer_get_u32(payload, &msg->id);
+        if (rc != sizeof(uint32_t)) {
+            goto error;
         }
-      }
-      break;
-    default:
-      ssh_set_error(sftp->session, SSH_FATAL,
-                    "Received unhandled sftp message %d", msg->type);
-      sftp_client_message_free(msg);
-      return NULL;
-  }
+    }
+
+    switch (msg->type) {
+        case SSH_FXP_INIT:
+            rc = ssh_buffer_unpack(payload,
+                                   "d",
+                                   &version);
+            if (rc != SSH_OK) {
+                printf("unpack init failed!\n");
+                goto error;
+            }
+            version = ntohl(version);
+            sftp->client_version = version;
+            break;
+        case SSH_FXP_CLOSE:
+        case SSH_FXP_READDIR:
+            msg->handle = ssh_buffer_get_ssh_string(payload);
+            if (msg->handle == NULL) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_READ:
+            rc = ssh_buffer_unpack(payload,
+                                   "Sqd",
+                                   &msg->handle,
+                                   &msg->offset,
+                                   &msg->len);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_WRITE:
+            rc = ssh_buffer_unpack(payload,
+                                   "SqS",
+                                   &msg->handle,
+                                   &msg->offset,
+                                   &msg->data);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_REMOVE:
+        case SSH_FXP_RMDIR:
+        case SSH_FXP_OPENDIR:
+        case SSH_FXP_READLINK:
+        case SSH_FXP_REALPATH:
+            rc = ssh_buffer_unpack(payload,
+                                   "s",
+                                   &msg->filename);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_RENAME:
+        case SSH_FXP_SYMLINK:
+            rc = ssh_buffer_unpack(payload,
+                                   "sS",
+                                   &msg->filename,
+                                   &msg->data);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_MKDIR:
+        case SSH_FXP_SETSTAT:
+            rc = ssh_buffer_unpack(payload,
+                                   "s",
+                                   &msg->filename);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            msg->attr = sftp_parse_attr(sftp, payload, 0);
+            if (msg->attr == NULL) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_FSETSTAT:
+            msg->handle = ssh_buffer_get_ssh_string(payload);
+            if (msg->handle == NULL) {
+                goto error;
+            }
+            msg->attr = sftp_parse_attr(sftp, payload, 0);
+            if (msg->attr == NULL) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_LSTAT:
+        case SSH_FXP_STAT:
+            rc = ssh_buffer_unpack(payload,
+                                   "s",
+                                   &msg->filename);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            if (sftp->version > 3) {
+                ssh_buffer_unpack(payload, "d", &msg->flags);
+            }
+            break;
+        case SSH_FXP_OPEN:
+            rc = ssh_buffer_unpack(payload,
+                                   "sd",
+                                   &msg->filename,
+                                   &msg->flags);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            msg->attr = sftp_parse_attr(sftp, payload, 0);
+            if (msg->attr == NULL) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_FSTAT:
+            rc = ssh_buffer_unpack(payload,
+                                   "S",
+                                   &msg->handle);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+            break;
+        case SSH_FXP_EXTENDED:
+            rc = ssh_buffer_unpack(payload,
+                                   "s",
+                                   &msg->submessage);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+
+            if (strcmp(msg->submessage, "hardlink@openssh.com") == 0 ||
+                strcmp(msg->submessage, "posix-rename@openssh.com") == 0) {
+                rc = ssh_buffer_unpack(payload,
+                                       "sS",
+                                       &msg->filename,
+                                       &msg->data);
+                if (rc != SSH_OK) {
+                    goto error;
+                }
+            } else if (strcmp(msg->submessage, "statvfs@openssh.com") == 0 ){
+                rc = ssh_buffer_unpack(payload,
+                                       "s",
+                                       &msg->filename);
+                if (rc != SSH_OK) {
+                    goto error;
+                }
+            }
+            break;
+        default:
+            ssh_set_error(sftp->session, SSH_FATAL,
+                          "Received unhandled sftp message %d", msg->type);
+            goto error;
+    }
+
+    return msg;
+
+error:
+    sftp_client_message_free(msg);
+    return NULL;
+}
 
-  return msg;
+sftp_client_message sftp_get_client_message(sftp_session sftp)
+{
+    sftp_packet packet = NULL;
+
+    packet = sftp_packet_read(sftp);
+    if (packet == NULL) {
+        return NULL;
+    }
+    return sftp_make_client_message(sftp, packet);
 }
 
-/* Send an sftp client message. Can be used in cas of proxying */
-int sftp_send_client_message(sftp_session sftp, sftp_client_message msg){
-	return sftp_packet_write(sftp, msg->type, msg->complete_message);
+/**
+ * @brief Get the client message from a sftp packet.
+ *
+ * @param  sftp         The sftp session handle.
+ *
+ * @return              The pointer to the generated sftp client message.
+ */
+static sftp_client_message
+sftp_get_client_message_from_packet(sftp_session sftp)
+{
+    sftp_packet packet = NULL;
+
+    packet = sftp->read_packet;
+    if (packet == NULL) {
+        return NULL;
+    }
+    return sftp_make_client_message(sftp, packet);
 }
 
-uint8_t sftp_client_message_get_type(sftp_client_message msg){
-	return msg->type;
+/* Send an sftp client message. Can be used in case of proxying */
+int sftp_send_client_message(sftp_session sftp, sftp_client_message msg)
+{
+    return sftp_packet_write(sftp, msg->type, msg->complete_message);
 }
 
-const char *sftp_client_message_get_filename(sftp_client_message msg){
-	return msg->filename;
+uint8_t sftp_client_message_get_type(sftp_client_message msg)
+{
+    return msg->type;
 }
 
-void sftp_client_message_set_filename(sftp_client_message msg, const char *newname){
-	free(msg->filename);
-	msg->filename = strdup(newname);
+const char *sftp_client_message_get_filename(sftp_client_message msg)
+{
+    return msg->filename;
 }
 
-const char *sftp_client_message_get_data(sftp_client_message msg){
-	if (msg->str_data == NULL)
-		msg->str_data = ssh_string_to_char(msg->data);
-	return msg->str_data;
+void
+sftp_client_message_set_filename(sftp_client_message msg, const char *newname)
+{
+    free(msg->filename);
+    msg->filename = strdup(newname);
 }
 
-uint32_t sftp_client_message_get_flags(sftp_client_message msg){
-	return msg->flags;
+const char *sftp_client_message_get_data(sftp_client_message msg)
+{
+    if (msg->str_data == NULL)
+        msg->str_data = ssh_string_to_char(msg->data);
+    return msg->str_data;
 }
 
-const char *sftp_client_message_get_submessage(sftp_client_message msg){
-        return msg->submessage;
+uint32_t sftp_client_message_get_flags(sftp_client_message msg)
+{
+    return msg->flags;
 }
 
-void sftp_client_message_free(sftp_client_message msg) {
-  if (msg == NULL) {
-    return;
-  }
+const char *sftp_client_message_get_submessage(sftp_client_message msg)
+{
+    return msg->submessage;
+}
+
+void sftp_client_message_free(sftp_client_message msg)
+{
+    if (msg == NULL) {
+        return;
+    }
 
-  SAFE_FREE(msg->filename);
-  SAFE_FREE(msg->submessage);
-  SSH_STRING_FREE(msg->data);
-  SSH_STRING_FREE(msg->handle);
-  sftp_attributes_free(msg->attr);
-  SSH_BUFFER_FREE(msg->complete_message);
-  SAFE_FREE(msg->str_data);
-  ZERO_STRUCTP(msg);
-  SAFE_FREE(msg);
+    SAFE_FREE(msg->filename);
+    SAFE_FREE(msg->submessage);
+    SSH_STRING_FREE(msg->data);
+    SSH_STRING_FREE(msg->handle);
+    sftp_attributes_free(msg->attr);
+    SSH_BUFFER_FREE(msg->complete_message);
+    SAFE_FREE(msg->str_data);
+    ZERO_STRUCTP(msg);
+    SAFE_FREE(msg);
 }
 
-int sftp_reply_name(sftp_client_message msg, const char *name,
-    sftp_attributes attr) {
-  ssh_buffer out;
-  ssh_string file;
+int
+sftp_reply_name(sftp_client_message msg, const char *name, sftp_attributes attr)
+{
+    ssh_buffer out = NULL;
+    ssh_string file = NULL;
 
-  out = ssh_buffer_new();
-  if (out == NULL) {
-    return -1;
-  }
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        return -1;
+    }
 
-  file = ssh_string_from_char(name);
-  if (file == NULL) {
-    SSH_BUFFER_FREE(out);
-    return -1;
-  }
-
-  if (ssh_buffer_add_u32(out, msg->id) < 0 ||
-      ssh_buffer_add_u32(out, htonl(1)) < 0 ||
-      ssh_buffer_add_ssh_string(out, file) < 0 ||
-      ssh_buffer_add_ssh_string(out, file) < 0 || /* The protocol is broken here between 3 & 4 */
-      buffer_add_attributes(out, attr) < 0 ||
-      sftp_packet_write(msg->sftp, SSH_FXP_NAME, out) < 0) {
+    file = ssh_string_from_char(name);
+    if (file == NULL) {
+        SSH_BUFFER_FREE(out);
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending name %s", ssh_string_get_char(file));
+
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        ssh_buffer_add_u32(out, htonl(1)) < 0 ||
+        ssh_buffer_add_ssh_string(out, file) < 0 ||
+        ssh_buffer_add_ssh_string(out, file) < 0 || /* The protocol is broken here between 3 & 4 */
+        buffer_add_attributes(out, attr) < 0 ||
+        sftp_packet_write(msg->sftp, SSH_FXP_NAME, out) < 0) {
+        SSH_BUFFER_FREE(out);
+        SSH_STRING_FREE(file);
+        return -1;
+    }
     SSH_BUFFER_FREE(out);
     SSH_STRING_FREE(file);
-    return -1;
-  }
-  SSH_BUFFER_FREE(out);
-  SSH_STRING_FREE(file);
 
-  return 0;
+    return 0;
 }
 
-int sftp_reply_handle(sftp_client_message msg, ssh_string handle){
-  ssh_buffer out;
+int sftp_reply_handle(sftp_client_message msg, ssh_string handle)
+{
+    ssh_buffer out;
 
-  out = ssh_buffer_new();
-  if (out == NULL) {
-    return -1;
-  }
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        return -1;
+    }
+
+    ssh_log_hexdump("Sending handle:",
+                    (const unsigned char *)ssh_string_get_char(handle),
+                    ssh_string_len(handle));
 
-  if (ssh_buffer_add_u32(out, msg->id) < 0 ||
-      ssh_buffer_add_ssh_string(out, handle) < 0 ||
-      sftp_packet_write(msg->sftp, SSH_FXP_HANDLE, out) < 0) {
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        ssh_buffer_add_ssh_string(out, handle) < 0 ||
+        sftp_packet_write(msg->sftp, SSH_FXP_HANDLE, out) < 0) {
+        SSH_BUFFER_FREE(out);
+        return -1;
+    }
     SSH_BUFFER_FREE(out);
-    return -1;
-  }
-  SSH_BUFFER_FREE(out);
 
-  return 0;
+    return 0;
 }
 
-int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr) {
-  ssh_buffer out;
+int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr)
+{
+    ssh_buffer out;
 
-  out = ssh_buffer_new();
-  if (out == NULL) {
-    return -1;
-  }
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending attr");
 
-  if (ssh_buffer_add_u32(out, msg->id) < 0 ||
-      buffer_add_attributes(out, attr) < 0 ||
-      sftp_packet_write(msg->sftp, SSH_FXP_ATTRS, out) < 0) {
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        buffer_add_attributes(out, attr) < 0 ||
+        sftp_packet_write(msg->sftp, SSH_FXP_ATTRS, out) < 0) {
+        SSH_BUFFER_FREE(out);
+        return -1;
+    }
     SSH_BUFFER_FREE(out);
-    return -1;
-  }
-  SSH_BUFFER_FREE(out);
 
-  return 0;
+    return 0;
 }
 
-int sftp_reply_names_add(sftp_client_message msg, const char *file,
-    const char *longname, sftp_attributes attr) {
-  ssh_string name;
+int
+sftp_reply_names_add(sftp_client_message msg, const char *file,
+                     const char *longname, sftp_attributes attr)
+{
+    ssh_string name = NULL;
 
-  name = ssh_string_from_char(file);
-  if (name == NULL) {
-    return -1;
-  }
+    name = ssh_string_from_char(file);
+    if (name == NULL) {
+        return -1;
+    }
 
-  if (msg->attrbuf == NULL) {
-    msg->attrbuf = ssh_buffer_new();
     if (msg->attrbuf == NULL) {
-      SSH_STRING_FREE(name);
-      return -1;
+        msg->attrbuf = ssh_buffer_new();
+        if (msg->attrbuf == NULL) {
+            SSH_STRING_FREE(name);
+            return -1;
+        }
     }
-  }
 
-  if (ssh_buffer_add_ssh_string(msg->attrbuf, name) < 0) {
-    SSH_STRING_FREE(name);
-    return -1;
-  }
+    if (ssh_buffer_add_ssh_string(msg->attrbuf, name) < 0) {
+        SSH_STRING_FREE(name);
+        return -1;
+    }
 
-  SSH_STRING_FREE(name);
-  name = ssh_string_from_char(longname);
-  if (name == NULL) {
-    return -1;
-  }
-  if (ssh_buffer_add_ssh_string(msg->attrbuf,name) < 0 ||
-      buffer_add_attributes(msg->attrbuf,attr) < 0) {
     SSH_STRING_FREE(name);
-    return -1;
-  }
-  SSH_STRING_FREE(name);
-  msg->attr_num++;
+    name = ssh_string_from_char(longname);
+    if (name == NULL) {
+        return -1;
+    }
+    if (ssh_buffer_add_ssh_string(msg->attrbuf, name) < 0 ||
+        buffer_add_attributes(msg->attrbuf, attr) < 0) {
+        SSH_STRING_FREE(name);
+        return -1;
+    }
+    SSH_STRING_FREE(name);
+    msg->attr_num++;
 
-  return 0;
+    return 0;
 }
 
-int sftp_reply_names(sftp_client_message msg) {
-  ssh_buffer out;
+int sftp_reply_names(sftp_client_message msg)
+{
+    ssh_buffer out;
 
-  out = ssh_buffer_new();
-  if (out == NULL) {
-    SSH_BUFFER_FREE(msg->attrbuf);
-    return -1;
-  }
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        SSH_BUFFER_FREE(msg->attrbuf);
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending %d names", msg->attr_num);
+
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        ssh_buffer_add_u32(out, htonl(msg->attr_num)) < 0 ||
+        ssh_buffer_add_data(out, ssh_buffer_get(msg->attrbuf),
+                            ssh_buffer_get_len(msg->attrbuf)) < 0 ||
+        sftp_packet_write(msg->sftp, SSH_FXP_NAME, out) < 0) {
+        SSH_BUFFER_FREE(out);
+        SSH_BUFFER_FREE(msg->attrbuf);
+        return -1;
+    }
 
-  if (ssh_buffer_add_u32(out, msg->id) < 0 ||
-      ssh_buffer_add_u32(out, htonl(msg->attr_num)) < 0 ||
-      ssh_buffer_add_data(out, ssh_buffer_get(msg->attrbuf),
-        ssh_buffer_get_len(msg->attrbuf)) < 0 ||
-      sftp_packet_write(msg->sftp, SSH_FXP_NAME, out) < 0) {
     SSH_BUFFER_FREE(out);
     SSH_BUFFER_FREE(msg->attrbuf);
-    return -1;
-  }
-
-  SSH_BUFFER_FREE(out);
-  SSH_BUFFER_FREE(msg->attrbuf);
 
-  msg->attr_num = 0;
-  msg->attrbuf = NULL;
+    msg->attr_num = 0;
+    msg->attrbuf = NULL;
 
-  return 0;
+    return 0;
 }
 
-int sftp_reply_status(sftp_client_message msg, uint32_t status,
-    const char *message) {
-  ssh_buffer out;
-  ssh_string s;
+int
+sftp_reply_status(sftp_client_message msg, uint32_t status, const char *message)
+{
+    ssh_buffer out = NULL;
+    ssh_string s = NULL;
 
-  out = ssh_buffer_new();
-  if (out == NULL) {
-    return -1;
-  }
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        return -1;
+    }
 
-  s = ssh_string_from_char(message ? message : "");
-  if (s == NULL) {
-    SSH_BUFFER_FREE(out);
-    return -1;
-  }
+    s = ssh_string_from_char(message ? message : "");
+    if (s == NULL) {
+        SSH_BUFFER_FREE(out);
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending status %d, message: %s", status,
+            ssh_string_get_char(s));
+
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        ssh_buffer_add_u32(out, htonl(status)) < 0 ||
+        ssh_buffer_add_ssh_string(out, s) < 0 ||
+        ssh_buffer_add_u32(out, 0) < 0 || /* language string */
+        sftp_packet_write(msg->sftp, SSH_FXP_STATUS, out) < 0) {
+        SSH_BUFFER_FREE(out);
+        SSH_STRING_FREE(s);
+        return -1;
+    }
 
-  if (ssh_buffer_add_u32(out, msg->id) < 0 ||
-      ssh_buffer_add_u32(out, htonl(status)) < 0 ||
-      ssh_buffer_add_ssh_string(out, s) < 0 ||
-      ssh_buffer_add_u32(out, 0) < 0 || /* language string */
-      sftp_packet_write(msg->sftp, SSH_FXP_STATUS, out) < 0) {
     SSH_BUFFER_FREE(out);
     SSH_STRING_FREE(s);
-    return -1;
-  }
-
-  SSH_BUFFER_FREE(out);
-  SSH_STRING_FREE(s);
 
-  return 0;
+    return 0;
 }
 
-int sftp_reply_data(sftp_client_message msg, const void *data, int len) {
-  ssh_buffer out;
+int sftp_reply_data(sftp_client_message msg, const void *data, int len)
+{
+    ssh_buffer out;
 
-  out = ssh_buffer_new();
-  if (out == NULL) {
-    return -1;
-  }
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending data, length: %d", len);
 
-  if (ssh_buffer_add_u32(out, msg->id) < 0 ||
-      ssh_buffer_add_u32(out, ntohl(len)) < 0 ||
-      ssh_buffer_add_data(out, data, len) < 0 ||
-      sftp_packet_write(msg->sftp, SSH_FXP_DATA, out) < 0) {
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        ssh_buffer_add_u32(out, ntohl(len)) < 0 ||
+        ssh_buffer_add_data(out, data, len) < 0 ||
+        sftp_packet_write(msg->sftp, SSH_FXP_DATA, out) < 0) {
+        SSH_BUFFER_FREE(out);
+        return -1;
+    }
     SSH_BUFFER_FREE(out);
-    return -1;
-  }
-  SSH_BUFFER_FREE(out);
 
-  return 0;
+    return 0;
+}
+
+/**
+ * @brief Handle the statvfs request, return information the mounted file system.
+ *
+ * @param  msg          The sftp client message.
+ *
+ * @param  st           The statvfs state of target file.
+ *
+ * @return              0 on success, < 0 on error with ssh and sftp error set.
+ *
+ * @see sftp_get_error()
+ */
+static int
+sftp_reply_statvfs(sftp_client_message msg, sftp_statvfs_t st)
+{
+    int ret = 0;
+    ssh_buffer out;
+    out = ssh_buffer_new();
+    if (out == NULL) {
+        return -1;
+    }
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending statvfs reply");
+
+    if (ssh_buffer_add_u32(out, msg->id) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_bsize)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_frsize)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_blocks)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_bfree)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_bavail)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_files)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_ffree)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_favail)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_fsid)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_flag)) < 0 ||
+        ssh_buffer_add_u64(out, ntohll(st->f_namemax)) < 0 ||
+        sftp_packet_write(msg->sftp, SSH_FXP_EXTENDED_REPLY, out) < 0) {
+        ret = -1;
+    }
+    SSH_BUFFER_FREE(out);
+
+    return ret;
+}
+
+int sftp_reply_version(sftp_client_message client_msg)
+{
+    sftp_session sftp = client_msg->sftp;
+    ssh_session session = sftp->session;
+    int version;
+    ssh_buffer reply;
+    int rc;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Sending version packet");
+
+    version = sftp->client_version;
+    reply = ssh_buffer_new();
+    if (reply == NULL) {
+        ssh_set_error_oom(session);
+        return -1;
+    }
+
+    rc = ssh_buffer_pack(reply, "dssssss",
+                         LIBSFTP_VERSION,
+                         "posix-rename@openssh.com",
+                         "1",
+                         "hardlink@openssh.com",
+                         "1",
+                         "statvfs@openssh.com",
+                         "2");
+    if (rc != SSH_OK) {
+        ssh_set_error_oom(session);
+        SSH_BUFFER_FREE(reply);
+        return -1;
+    }
+
+    rc = sftp_packet_write(sftp, SSH_FXP_VERSION, reply);
+    if (rc < 0) {
+        SSH_BUFFER_FREE(reply);
+        return -1;
+    }
+    SSH_BUFFER_FREE(reply);
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Server version sent");
+
+    if (version > LIBSFTP_VERSION) {
+        sftp->version = LIBSFTP_VERSION;
+    } else {
+        sftp->version = version;
+    }
+
+    return SSH_OK;
 }
 
+
 /*
  * This function will return you a new handle to give the client.
  * the function accepts an info that can be retrieved later with
  * the handle. Care is given that a corrupted handle won't give a
  * valid info (or worse).
  */
-ssh_string sftp_handle_alloc(sftp_session sftp, void *info) {
-  ssh_string ret;
-  uint32_t val;
-  uint32_t i;
+ssh_string sftp_handle_alloc(sftp_session sftp, void *info)
+{
+    ssh_string ret = NULL;
+    uint32_t val;
+    uint32_t i;
 
-  if (sftp->handles == NULL) {
-    sftp->handles = calloc(SFTP_HANDLES, sizeof(void *));
     if (sftp->handles == NULL) {
-      return NULL;
+        sftp->handles = calloc(SFTP_HANDLES, sizeof(void *));
+        if (sftp->handles == NULL) {
+            return NULL;
+        }
     }
-  }
 
-  for (i = 0; i < SFTP_HANDLES; i++) {
-    if (sftp->handles[i] == NULL) {
-      break;
+    for (i = 0; i < SFTP_HANDLES; i++) {
+        if (sftp->handles[i] == NULL) {
+            break;
+        }
     }
-  }
 
-  if (i == SFTP_HANDLES) {
-    return NULL; /* no handle available */
-  }
+    if (i == SFTP_HANDLES) {
+        return NULL; /* no handle available */
+    }
 
-  val = i;
-  ret = ssh_string_new(4);
-  if (ret == NULL) {
-    return NULL;
-  }
+    val = i;
+    ret = ssh_string_new(4);
+    if (ret == NULL) {
+        return NULL;
+    }
 
-  memcpy(ssh_string_data(ret), &val, sizeof(uint32_t));
-  sftp->handles[i] = info;
+    memcpy(ssh_string_data(ret), &val, sizeof(uint32_t));
+    sftp->handles[i] = info;
 
-  return ret;
+    return ret;
 }
 
-void *sftp_handle(sftp_session sftp, ssh_string handle){
-  uint32_t val;
+void *sftp_handle(sftp_session sftp, ssh_string handle)
+{
+    uint32_t val;
 
-  if (sftp->handles == NULL) {
-    return NULL;
-  }
+    if (sftp->handles == NULL) {
+        return NULL;
+    }
 
-  if (ssh_string_len(handle) != sizeof(uint32_t)) {
-    return NULL;
-  }
+    if (ssh_string_len(handle) != sizeof(uint32_t)) {
+        return NULL;
+    }
 
-  memcpy(&val, ssh_string_data(handle), sizeof(uint32_t));
+    memcpy(&val, ssh_string_data(handle), sizeof(uint32_t));
 
-  if (val > SFTP_HANDLES) {
-    return NULL;
-  }
+    if (val >= SFTP_HANDLES) {
+        return NULL;
+    }
+
+    return sftp->handles[val];
+}
+
+void sftp_handle_remove(sftp_session sftp, void *handle)
+{
+    int i;
+
+    for (i = 0; i < SFTP_HANDLES; i++) {
+        if (sftp->handles[i] == handle) {
+            sftp->handles[i] = NULL;
+            break;
+        }
+    }
+}
+
+/* Default SFTP handlers */
+
+static const char *
+ssh_str_error(int u_errno)
+{
+    switch (u_errno) {
+    case SSH_FX_NO_SUCH_FILE:
+        return "No such file";
+    case SSH_FX_PERMISSION_DENIED:
+        return "Permission denied";
+    case SSH_FX_BAD_MESSAGE:
+        return "Bad message";
+    case SSH_FX_OP_UNSUPPORTED:
+        return "Operation not supported";
+    default:
+        return "Operation failed";
+    }
+}
+
+static int
+unix_errno_to_ssh_stat(int u_errno)
+{
+    int ret = SSH_OK;
+    switch (u_errno) {
+    case 0:
+        break;
+    case ENOENT:
+    case ENOTDIR:
+    case EBADF:
+    case ELOOP:
+        ret = SSH_FX_NO_SUCH_FILE;
+        break;
+    case EPERM:
+    case EACCES:
+    case EFAULT:
+        ret = SSH_FX_PERMISSION_DENIED;
+        break;
+    case ENAMETOOLONG:
+    case EINVAL:
+        ret = SSH_FX_BAD_MESSAGE;
+        break;
+    case ENOSYS:
+        ret = SSH_FX_OP_UNSUPPORTED;
+        break;
+    default:
+        ret = SSH_FX_FAILURE;
+        break;
+    }
+
+    return ret;
+}
+
+static void
+stat_to_filexfer_attrib(const struct stat *z_st, struct sftp_attributes_struct *z_attr)
+{
+    z_attr->flags = 0 | (uint32_t)SSH_FILEXFER_ATTR_SIZE;
+    z_attr->size = z_st->st_size;
+
+    z_attr->flags |= (uint32_t)SSH_FILEXFER_ATTR_UIDGID;
+    z_attr->uid = z_st->st_uid;
+    z_attr->gid = z_st->st_gid;
+
+    z_attr->flags |= (uint32_t)SSH_FILEXFER_ATTR_PERMISSIONS;
+    z_attr->permissions = z_st->st_mode;
+
+    z_attr->flags |= (uint32_t)SSH_FILEXFER_ATTR_ACMODTIME;
+    z_attr->atime = z_st->st_atime;
+    z_attr->mtime = z_st->st_mtime;
+}
+
+static void
+clear_filexfer_attrib(struct sftp_attributes_struct *z_attr)
+{
+    z_attr->flags = 0;
+    z_attr->size = 0;
+    z_attr->uid = 0;
+    z_attr->gid = 0;
+    z_attr->permissions = 0;
+    z_attr->atime = 0;
+    z_attr->mtime = 0;
+}
+
+#ifndef _WIN32
+/* internal */
+enum sftp_handle_type
+{
+    SFTP_NULL_HANDLE,
+    SFTP_DIR_HANDLE,
+    SFTP_FILE_HANDLE
+};
+
+struct sftp_handle
+{
+    enum sftp_handle_type type;
+    int fd;
+    DIR *dirp;
+    char *name;
+};
+
+SSH_SFTP_CALLBACK(process_unsupposed);
+SSH_SFTP_CALLBACK(process_open);
+SSH_SFTP_CALLBACK(process_read);
+SSH_SFTP_CALLBACK(process_write);
+SSH_SFTP_CALLBACK(process_close);
+SSH_SFTP_CALLBACK(process_opendir);
+SSH_SFTP_CALLBACK(process_readdir);
+SSH_SFTP_CALLBACK(process_rmdir);
+SSH_SFTP_CALLBACK(process_realpath);
+SSH_SFTP_CALLBACK(process_mkdir);
+SSH_SFTP_CALLBACK(process_lstat);
+SSH_SFTP_CALLBACK(process_stat);
+SSH_SFTP_CALLBACK(process_readlink);
+SSH_SFTP_CALLBACK(process_symlink);
+SSH_SFTP_CALLBACK(process_remove);
+SSH_SFTP_CALLBACK(process_extended_statvfs);
+SSH_SFTP_CALLBACK(process_setstat);
+
+const struct sftp_message_handler message_handlers[] = {
+    {"open", NULL, SSH_FXP_OPEN, process_open},
+    {"close", NULL, SSH_FXP_CLOSE, process_close},
+    {"read", NULL, SSH_FXP_READ, process_read},
+    {"write", NULL, SSH_FXP_WRITE, process_write},
+    {"lstat", NULL, SSH_FXP_LSTAT, process_lstat},
+    {"fstat", NULL, SSH_FXP_FSTAT, process_unsupposed},
+    {"setstat", NULL, SSH_FXP_SETSTAT, process_setstat},
+    {"fsetstat", NULL, SSH_FXP_FSETSTAT, process_unsupposed},
+    {"opendir", NULL, SSH_FXP_OPENDIR, process_opendir},
+    {"readdir", NULL, SSH_FXP_READDIR, process_readdir},
+    {"remove", NULL, SSH_FXP_REMOVE, process_remove},
+    {"mkdir", NULL, SSH_FXP_MKDIR, process_mkdir},
+    {"rmdir", NULL, SSH_FXP_RMDIR, process_rmdir},
+    {"realpath", NULL, SSH_FXP_REALPATH, process_realpath},
+    {"stat", NULL, SSH_FXP_STAT, process_stat},
+    {"rename", NULL, SSH_FXP_RENAME, process_unsupposed},
+    {"readlink", NULL, SSH_FXP_READLINK, process_readlink},
+    {"symlink", NULL, SSH_FXP_SYMLINK, process_symlink},
+    {"init", NULL, SSH_FXP_INIT, sftp_reply_version},
+    {NULL, NULL, 0, NULL},
+};
+
+const struct sftp_message_handler extended_handlers[] = {
+    /* here are some extended type handlers */
+    {"statvfs", "statvfs@openssh.com", 0, process_extended_statvfs},
+    {NULL, NULL, 0, NULL},
+};
+
+static int
+process_open(sftp_client_message client_msg)
+{
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    uint32_t msg_flag = sftp_client_message_get_flags(client_msg);
+    uint32_t mode = client_msg->attr->permissions;
+    ssh_string handle_s = NULL;
+    struct sftp_handle *h = NULL;
+    int file_flag;
+    int fd = -1;
+    int status;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing open: filename %s, mode=0%o" PRIu32,
+            filename, mode);
+
+    if (((msg_flag & (uint32_t)SSH_FXF_READ) == SSH_FXF_READ) &&
+        ((msg_flag & (uint32_t)SSH_FXF_WRITE) == SSH_FXF_WRITE)) {
+        file_flag = O_RDWR; // file must exist
+        if ((msg_flag & (uint32_t)SSH_FXF_CREAT) == SSH_FXF_CREAT)
+            file_flag |= O_CREAT;
+    } else if ((msg_flag & (uint32_t)SSH_FXF_WRITE) == SSH_FXF_WRITE) {
+        file_flag = O_WRONLY;
+        if ((msg_flag & (uint32_t)SSH_FXF_APPEND) == SSH_FXF_APPEND)
+            file_flag |= O_APPEND;
+        if ((msg_flag & (uint32_t)SSH_FXF_CREAT) == SSH_FXF_CREAT)
+            file_flag |= O_CREAT;
+    } else if ((msg_flag & (uint32_t)SSH_FXF_READ) == SSH_FXF_READ) {
+        file_flag = O_RDONLY;
+    } else {
+        SSH_LOG(SSH_LOG_PROTOCOL, "undefined message flag: %" PRIu32, msg_flag);
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, "Flag error");
+        return SSH_ERROR;
+    }
+
+    fd = open(filename, file_flag, mode);
+    if (fd == -1) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "error open file with error: %s",
+                strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        sftp_reply_status(client_msg, status, "Write error");
+        return SSH_ERROR;
+    }
 
-  return sftp->handles[val];
+    h = calloc(1, sizeof (struct sftp_handle));
+    if (h == NULL) {
+        close(fd);
+        SSH_LOG(SSH_LOG_PROTOCOL, "failed to allocate a new handle");
+        sftp_reply_status(client_msg, SSH_FX_FAILURE,
+                          "Failed to allocate new handle");
+        return SSH_ERROR;
+    }
+    h->fd = fd;
+    h->type = SFTP_FILE_HANDLE;
+    handle_s = sftp_handle_alloc(client_msg->sftp, h);
+    if (handle_s != NULL) {
+        sftp_reply_handle(client_msg, handle_s);
+        ssh_string_free(handle_s);
+    } else {
+        free(h);
+        close(fd);
+        SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate handle");
+        sftp_reply_status(client_msg, SSH_FX_FAILURE,
+                          "Failed to allocate handle");
+    }
+
+    return SSH_OK;
+}
+
+static int
+process_read(sftp_client_message client_msg)
+{
+    sftp_session sftp = client_msg->sftp;
+    ssh_string handle = client_msg->handle;
+    struct sftp_handle *h = NULL;
+    ssize_t readn = 0;
+    int fd = -1;
+    char *buffer = NULL;
+    off_t off;
+
+    ssh_log_hexdump("Processing read: handle:",
+                    (const unsigned char *)ssh_string_get_char(handle),
+                    ssh_string_len(handle));
+
+    h = sftp_handle(sftp, handle);
+    if (h != NULL && h->type == SFTP_FILE_HANDLE) {
+        fd = h->fd;
+    }
+
+    if (fd < 0) {
+        sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL, "invalid fd (%d) received from handle", fd);
+        return SSH_ERROR;
+    }
+    off = lseek(fd, client_msg->offset, SEEK_SET);
+    if (off == -1) {
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL,
+                "error seeking file fd: %d at offset: %" PRIu64,
+                fd, client_msg->offset);
+        return SSH_ERROR;
+    }
+
+    buffer = malloc(client_msg->len);
+    if (buffer == NULL) {
+        ssh_set_error_oom(sftp->session);
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate memory for read data");
+        return SSH_ERROR;
+    }
+    readn = ssh_readn(fd, buffer, client_msg->len);
+    if (readn < 0) {
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL, "read file error!");
+        free(buffer);
+        return SSH_ERROR;
+    } else if (readn > 0) {
+        sftp_reply_data(client_msg, buffer, readn);
+    } else {
+        sftp_reply_status(client_msg, SSH_FX_EOF, NULL);
+    }
+
+    free(buffer);
+    return SSH_OK;
+}
+
+static int
+process_write(sftp_client_message client_msg)
+{
+    sftp_session sftp = client_msg->sftp;
+    ssh_string handle = client_msg->handle;
+    struct sftp_handle *h = NULL;
+    ssize_t written = 0;
+    int fd = -1;
+    const char *msg_data = NULL;
+    uint32_t len;
+    off_t off;
+
+    ssh_log_hexdump("Processing write: handle",
+                    (const unsigned char *)ssh_string_get_char(handle),
+                    ssh_string_len(handle));
+
+    h = sftp_handle(sftp, handle);
+    if (h != NULL && h->type == SFTP_FILE_HANDLE) {
+        fd = h->fd;
+    }
+    if (fd < 0) {
+        sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL, "write file fd error!");
+        return SSH_ERROR;
+    }
+
+    msg_data = ssh_string_get_char(client_msg->data);
+    len = ssh_string_len(client_msg->data);
+
+    off = lseek(fd, client_msg->offset, SEEK_SET);
+    if (off == -1) {
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
+        SSH_LOG(SSH_LOG_PROTOCOL,
+                "error seeking file at offset: %" PRIu64,
+                client_msg->offset);
+        return SSH_ERROR;
+    }
+    written = ssh_writen(fd, msg_data, len);
+    if (written != (ssize_t)len) {
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, "Write error");
+        SSH_LOG(SSH_LOG_PROTOCOL, "file write error!");
+        return SSH_ERROR;
+    }
+
+    sftp_reply_status(client_msg, SSH_FX_OK, NULL);
+
+    return SSH_OK;
+}
+
+static int
+process_close(sftp_client_message client_msg)
+{
+    sftp_session sftp = client_msg->sftp;
+    ssh_string handle = client_msg->handle;
+    struct sftp_handle *h = NULL;
+    int ret;
+
+    ssh_log_hexdump("Processing close: handle:",
+                    (const unsigned char *)ssh_string_get_char(handle),
+                    ssh_string_len(handle));
+
+    h = sftp_handle(sftp, handle);
+    if (h == NULL) {
+        SSH_LOG(SSH_LOG_PROTOCOL, "invalid handle");
+        sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, "Invalid handle");
+        return SSH_OK;
+    } else if (h->type == SFTP_FILE_HANDLE) {
+        int fd = h->fd;
+        close(fd);
+        ret = SSH_OK;
+    } else if (h->type == SFTP_DIR_HANDLE) {
+        DIR *dir = h->dirp;
+        closedir(dir);
+        ret = SSH_OK;
+    } else {
+        ret = SSH_ERROR;
+    }
+    SAFE_FREE(h->name);
+    sftp_handle_remove(sftp, h);
+    SAFE_FREE(h);
+
+    if (ret == SSH_OK) {
+        sftp_reply_status(client_msg, SSH_FX_OK, NULL);
+    } else {
+        SSH_LOG(SSH_LOG_PROTOCOL, "closing file failed");
+        sftp_reply_status(client_msg, SSH_FX_BAD_MESSAGE, "Invalid handle");
+    }
+
+    return SSH_OK;
+}
+
+static int
+process_opendir(sftp_client_message client_msg)
+{
+    DIR *dir = NULL;
+    const char *dir_name = sftp_client_message_get_filename(client_msg);
+    ssh_string handle_s = NULL;
+    struct sftp_handle *h = NULL;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing opendir %s", dir_name);
+
+    dir = opendir(dir_name);
+    if (dir == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "No such directory");
+        return SSH_ERROR;
+    }
+
+    h = calloc(1, sizeof (struct sftp_handle));
+    if (h == NULL) {
+        closedir(dir);
+        SSH_LOG(SSH_LOG_PROTOCOL, "failed to allocate a new handle");
+        sftp_reply_status(client_msg, SSH_FX_FAILURE,
+                          "Failed to allocate new handle");
+        return SSH_ERROR;
+    }
+    h->dirp = dir;
+    h->name = strdup(dir_name);
+    h->type = SFTP_DIR_HANDLE;
+    handle_s = sftp_handle_alloc(client_msg->sftp, h);
+
+    if (handle_s != NULL) {
+        sftp_reply_handle(client_msg, handle_s);
+        ssh_string_free(handle_s);
+    } else {
+        free(h);
+        closedir(dir);
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, "No handle available");
+    }
+
+    return SSH_OK;
+}
+
+static int
+readdir_long_name(char *z_file_name, struct stat *z_st, char *z_long_name)
+{
+    char tmpbuf[MAX_LONG_NAME_LEN];
+    char time[50];
+    char *ptr = z_long_name;
+    int mode = z_st->st_mode;
+
+    *ptr = '\0';
+
+    switch (mode & S_IFMT) {
+    case S_IFDIR:
+        *ptr++ = 'd';
+        break;
+    default:
+        *ptr++ = '-';
+        break;
+    }
+
+    /* user */
+    if (mode & 0400)
+        *ptr++ = 'r';
+    else
+        *ptr++ = '-';
+
+    if (mode & 0200)
+        *ptr++ = 'w';
+    else
+        *ptr++ = '-';
+
+    if (mode & 0100) {
+        if (mode & S_ISUID)
+            *ptr++ = 's';
+        else
+            *ptr++ = 'x';
+    } else
+        *ptr++ = '-';
+
+    /* group */
+    if (mode & 040)
+        *ptr++ = 'r';
+    else
+        *ptr++ = '-';
+    if (mode & 020)
+        *ptr++ = 'w';
+    else
+        *ptr++ = '-';
+    if (mode & 010)
+        *ptr++ = 'x';
+    else
+        *ptr++ = '-';
+
+    /* other */
+    if (mode & 04)
+        *ptr++ = 'r';
+    else
+        *ptr++ = '-';
+    if (mode & 02)
+        *ptr++ = 'w';
+    else
+        *ptr++ = '-';
+    if (mode & 01)
+        *ptr++ = 'x';
+    else
+        *ptr++ = '-';
+
+    *ptr++ = ' ';
+    *ptr = '\0';
+
+    snprintf(tmpbuf, sizeof(tmpbuf), "%3d %d %d %d", (int)z_st->st_nlink,
+             (int)z_st->st_uid, (int)z_st->st_gid, (int)z_st->st_size);
+    strcat(z_long_name, tmpbuf);
+
+    ctime_r(&z_st->st_mtime, time);
+    if ((ptr = strchr(time, '\n'))) {
+        *ptr = '\0';
+    }
+    snprintf(tmpbuf, sizeof(tmpbuf), " %s %s", time + 4, z_file_name);
+    strcat(z_long_name, tmpbuf);
+
+    return SSH_OK;
+}
+
+static int
+process_readdir(sftp_client_message client_msg)
+{
+    sftp_session sftp = client_msg->sftp;
+    ssh_string handle = client_msg->handle;
+    struct sftp_handle *h = NULL;
+    int ret = SSH_OK;
+    int entries = 0;
+    struct dirent *dentry = NULL;
+    DIR *dir = NULL;
+    char long_path[PATH_MAX];
+    int srclen;
+    const char *handle_name = NULL;
+
+    ssh_log_hexdump("Processing readdir: handle",
+                    (const unsigned char *)ssh_string_get_char(handle),
+                    ssh_string_len(handle));
+
+    h = sftp_handle(sftp, client_msg->handle);
+    if (h != NULL && h->type == SFTP_DIR_HANDLE) {
+        dir = h->dirp;
+        handle_name = h->name;
+    }
+    if (dir == NULL) {
+        SSH_LOG(SSH_LOG_PROTOCOL, "got wrong handle from msg");
+        sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, NULL);
+        return SSH_ERROR;
+    }
+
+    if (handle_name == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, NULL);
+        return SSH_ERROR;
+    }
+
+    srclen = strlen(handle_name);
+    if (srclen + 2 >= PATH_MAX) {
+        SSH_LOG(SSH_LOG_PROTOCOL, "handle string length exceed max length!");
+        sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, NULL);
+        return SSH_ERROR;
+    }
+
+    for (int i = 0; i < MAX_ENTRIES_NUM_IN_PACKET; i++) {
+        dentry = readdir(dir);
+
+        if (dentry != NULL) {
+            struct sftp_attributes_struct attr;
+            struct stat st;
+            char long_name[MAX_LONG_NAME_LEN];
+
+            if (strlen(dentry->d_name) + srclen + 1 >= PATH_MAX) {
+                SSH_LOG(SSH_LOG_PROTOCOL,
+                        "handle string length exceed max length!");
+                sftp_reply_status(client_msg, SSH_FX_INVALID_HANDLE, NULL);
+                return SSH_ERROR;
+            }
+            snprintf(long_path, PATH_MAX, "%s/%s", handle_name, dentry->d_name);
+
+            if (lstat(long_path, &st) == 0) {
+                stat_to_filexfer_attrib(&st, &attr);
+            } else {
+                clear_filexfer_attrib(&attr);
+            }
+
+            if (readdir_long_name(dentry->d_name, &st, long_name) == 0) {
+                sftp_reply_names_add(client_msg, dentry->d_name, long_name, &attr);
+            } else {
+                printf("readdir long name error\n");
+            }
+
+            entries++;
+        } else {
+            break;
+        }
+    }
+
+    if (entries > 0) {
+        ret = sftp_reply_names(client_msg);
+    } else {
+        sftp_reply_status(client_msg, SSH_FX_EOF, NULL);
+    }
+
+    return ret;
+}
+
+static int
+process_mkdir(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    uint32_t msg_flags = client_msg->attr->flags;
+    uint32_t permission = client_msg->attr->permissions;
+    uint32_t mode = (msg_flags & (uint32_t)SSH_FILEXFER_ATTR_PERMISSIONS)
+                    ? permission & (uint32_t)07777 : 0777;
+    int status = SSH_FX_OK;
+    int rv;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing mkdir %s, mode=0%o" PRIu32,
+            filename, mode);
+
+    if (filename == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    rv = mkdir(filename, mode);
+    if (rv < 0) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "failed to mkdir: %s", strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        ret = SSH_ERROR;
+    }
+
+    sftp_reply_status(client_msg, status, NULL);
+
+    return ret;
+}
+
+static int
+process_rmdir(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    int status = SSH_FX_OK;
+    int rv;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing rmdir %s", filename);
+
+    if (filename == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    rv = rmdir(filename);
+    if (rv < 0) {
+        status = unix_errno_to_ssh_stat(errno);
+        ret = SSH_ERROR;
+    }
+
+    sftp_reply_status(client_msg, status, NULL);
+
+    return ret;
+}
+
+static int
+process_realpath(sftp_client_message client_msg)
+{
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    char *path = NULL;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing realpath %s", filename);
+
+    if (filename[0] == '\0') {
+        path = realpath(".", NULL);
+    } else {
+        path = realpath(filename, NULL);
+    }
+    if (path == NULL) {
+        int saved_errno = errno;
+        int status = unix_errno_to_ssh_stat(saved_errno);
+        const char *err_msg = ssh_str_error(status);
+
+        SSH_LOG(SSH_LOG_PROTOCOL, "realpath failed: %s", strerror(saved_errno));
+        sftp_reply_status(client_msg, status, err_msg);
+        return SSH_ERROR;
+    }
+    sftp_reply_name(client_msg, path, NULL);
+    free(path);
+    return SSH_OK;
+}
+
+static int
+process_lstat(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    struct sftp_attributes_struct attr;
+    struct stat st;
+    int status = SSH_FX_OK;
+    int rv;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing lstat %s", filename);
+
+    if (filename == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    rv = lstat(filename, &st);
+    if (rv < 0) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "lstat failed: %s", strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        sftp_reply_status(client_msg, status, NULL);
+        ret = SSH_ERROR;
+    } else {
+        stat_to_filexfer_attrib(&st, &attr);
+        sftp_reply_attr(client_msg, &attr);
+    }
+
+    return ret;
+}
+
+static int
+process_stat(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    struct sftp_attributes_struct attr;
+    struct stat st;
+    int status = SSH_FX_OK;
+    int rv;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing stat %s", filename);
+
+    if (filename == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    rv = stat(filename, &st);
+    if (rv < 0) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "lstat failed: %s", strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        sftp_reply_status(client_msg, status, NULL);
+        ret = SSH_ERROR;
+    } else {
+        stat_to_filexfer_attrib(&st, &attr);
+        sftp_reply_attr(client_msg, &attr);
+    }
+
+    return ret;
+}
+
+static int
+process_setstat(sftp_client_message client_msg)
+{
+    int rv;
+    int ret = SSH_OK;
+    int status = SSH_FX_OK;
+    uint32_t msg_flags = client_msg->attr->flags;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing setstat %s", filename);
+
+    if (filename == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    if (msg_flags & SSH_FILEXFER_ATTR_SIZE) {
+        rv = truncate(filename, client_msg->attr->size);
+        if (rv < 0) {
+            int saved_errno = errno;
+            SSH_LOG(SSH_LOG_PROTOCOL,
+                    "changing size failed: %s",
+                    strerror(saved_errno));
+            status = unix_errno_to_ssh_stat(saved_errno);
+            sftp_reply_status(client_msg, status, NULL);
+            return rv;
+        }
+    }
+
+    if (msg_flags & SSH_FILEXFER_ATTR_PERMISSIONS) {
+        rv = chmod(filename, client_msg->attr->permissions);
+        if (rv < 0) {
+            int saved_errno = errno;
+            SSH_LOG(SSH_LOG_PROTOCOL,
+                    "chmod failed: %s",
+                    strerror(saved_errno));
+            status = unix_errno_to_ssh_stat(saved_errno);
+            sftp_reply_status(client_msg, status, NULL);
+            return rv;
+        }
+    }
+
+    if (msg_flags & SSH_FILEXFER_ATTR_UIDGID) {
+        rv = chown(filename, client_msg->attr->uid, client_msg->attr->gid);
+        if (rv < 0) {
+            int saved_errno = errno;
+            SSH_LOG(SSH_LOG_PROTOCOL,
+                    "chwon failed: %s",
+                    strerror(saved_errno));
+            status = unix_errno_to_ssh_stat(saved_errno);
+            sftp_reply_status(client_msg, status, NULL);
+            return rv;
+        }
+    }
+
+    if (msg_flags & SSH_FILEXFER_ATTR_ACMODTIME) {
+#ifdef HAVE_SYS_TIME_H
+        struct timeval tv[2];
+
+        tv[0].tv_sec = client_msg->attr->atime;
+        tv[0].tv_usec = 0;
+        tv[1].tv_sec = client_msg->attr->mtime;
+        tv[1].tv_usec = 0;
+
+        rv = utimes(filename, tv);
+        if (rv < 0) {
+            int saved_errno = errno;
+            SSH_LOG(SSH_LOG_PROTOCOL,
+                    "utimes failed: %s",
+                    strerror(saved_errno));
+            status = unix_errno_to_ssh_stat(saved_errno);
+            sftp_reply_status(client_msg, status, NULL);
+            return rv;
+        }
+#else
+        struct _utimbuf tf;
+
+        tf.actime = client_msg->attr->atime;
+        tf.modtime = client_msg->attr->mtime;
+
+        rv = _utime(filename, &tf);
+        if (rv < 0) {
+            int saved_errno = errno;
+            SSH_LOG(SSH_LOG_PROTOCOL,
+                    "utimes failed: %s",
+                    strerror(saved_errno));
+            status = unix_errno_to_ssh_stat(saved_errno);
+            sftp_reply_status(client_msg, status, NULL);
+            return rv;
+        }
+#endif
+    }
+
+    sftp_reply_status(client_msg, status, NULL);
+    return ret;
+}
+
+static int
+process_readlink(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    char buf[PATH_MAX];
+    int len = -1;
+    const char *err_msg = NULL;
+    int status = SSH_FX_OK;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "Processing readlink %s", filename);
+
+    if (filename == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    len = readlink(filename, buf, sizeof(buf) - 1);
+    if (len < 0) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "readlink failed: %s", strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        err_msg = ssh_str_error(status);
+        sftp_reply_status(client_msg, status, err_msg);
+        ret = SSH_ERROR;
+    } else {
+        buf[len] = '\0';
+        sftp_reply_name(client_msg, buf, NULL);
+    }
+
+    return ret;
+}
+
+/* Note, that this function is using reversed order of the arguments than the
+ * OpenSSH sftp server as they have the arguments switched. See
+ * section "4.1 sftp: Reversal of arguments to SSH_FXP_SYMLINK' in
+ * https://github.com/openssh/openssh-portable/blob/master/PROTOCOL
+ * for more information */
+static int
+process_symlink(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *destpath = sftp_client_message_get_filename(client_msg);
+    const char *srcpath = ssh_string_get_char(client_msg->data);
+    int status = SSH_FX_OK;
+    int rv;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "processing symlink: src=%s dest=%s",
+            srcpath, destpath);
+
+    if (srcpath == NULL || destpath == NULL) {
+        sftp_reply_status(client_msg, SSH_FX_NO_SUCH_FILE, "File name error");
+        return SSH_ERROR;
+    }
+
+    rv = symlink(srcpath, destpath);
+    if (rv < 0) {
+        int saved_errno = errno;
+        status = unix_errno_to_ssh_stat(saved_errno);
+        SSH_LOG(SSH_LOG_PROTOCOL, "symlink failed: %s", strerror(saved_errno));
+        sftp_reply_status(client_msg, status, "Write error");
+        ret = SSH_ERROR;
+    } else {
+        sftp_reply_status(client_msg, SSH_FX_OK, "write success");
+    }
+
+    return ret;
+}
+
+static int
+process_remove(sftp_client_message client_msg)
+{
+    int ret = SSH_OK;
+    const char *filename = sftp_client_message_get_filename(client_msg);
+    int rv;
+    int status = SSH_FX_OK;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "processing remove: %s", filename);
+
+    rv = unlink(filename);
+    if (rv < 0) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "unlink failed: %s", strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        ret = SSH_ERROR;
+    }
+
+    sftp_reply_status(client_msg, status, NULL);
+
+    return ret;
+}
+
+static int
+process_unsupposed(sftp_client_message client_msg)
+{
+    sftp_reply_status(client_msg, SSH_FX_OP_UNSUPPORTED,
+                      "Operation not supported");
+    SSH_LOG(SSH_LOG_PROTOCOL, "Message type %d not implemented",
+            sftp_client_message_get_type(client_msg));
+    return SSH_OK;
+}
+
+static int
+process_extended_statvfs(sftp_client_message client_msg)
+{
+    const char *path = sftp_client_message_get_filename(client_msg);
+    sftp_statvfs_t sftp_statvfs;
+    struct statvfs st;
+    uint64_t flag;
+    int status;
+    int rv;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "processing extended statvfs: %s", path);
+
+    rv = statvfs(path, &st);
+    if (rv != 0) {
+        int saved_errno = errno;
+        SSH_LOG(SSH_LOG_PROTOCOL, "statvfs failed: %s", strerror(saved_errno));
+        status = unix_errno_to_ssh_stat(saved_errno);
+        sftp_reply_status(client_msg, status, NULL);
+        return SSH_ERROR;
+    }
+
+    sftp_statvfs = calloc(1, sizeof(struct sftp_statvfs_struct));
+    if (sftp_statvfs == NULL) {
+        SSH_LOG(SSH_LOG_PROTOCOL, "Failed to allocate statvfs structure");
+        sftp_reply_status(client_msg, SSH_FX_FAILURE, NULL);
+        return SSH_ERROR;
+    }
+    flag = (st.f_flag & ST_RDONLY) ? SSH_FXE_STATVFS_ST_RDONLY : 0;
+    flag |= (st.f_flag & ST_NOSUID) ? SSH_FXE_STATVFS_ST_NOSUID : 0;
+
+    sftp_statvfs->f_bsize = st.f_bsize;
+    sftp_statvfs->f_frsize = st.f_frsize;
+    sftp_statvfs->f_blocks = st.f_blocks;
+    sftp_statvfs->f_bfree = st.f_bfree;
+    sftp_statvfs->f_bavail = st.f_bavail;
+    sftp_statvfs->f_files = st.f_files;
+    sftp_statvfs->f_ffree = st.f_ffree;
+    sftp_statvfs->f_favail = st.f_favail;
+    sftp_statvfs->f_fsid = st.f_fsid;
+    sftp_statvfs->f_flag = flag;
+    sftp_statvfs->f_namemax = st.f_namemax;
+
+    rv = sftp_reply_statvfs(client_msg, sftp_statvfs);
+    free(sftp_statvfs);
+    if (rv == 0) {
+        return SSH_OK;
+    }
+    return SSH_ERROR;
+}
+
+static int
+process_extended(sftp_client_message sftp_msg)
+{
+    int status = SSH_ERROR;
+    const char *subtype = sftp_msg->submessage;
+    sftp_server_message_callback handler = NULL;
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "processing extended message: %s", subtype);
+
+    for (int i = 0; extended_handlers[i].cb != NULL; i++) {
+        if (strcmp(subtype, extended_handlers[i].extended_name) == 0) {
+            handler = extended_handlers[i].cb;
+            break;
+        }
+    }
+    if (handler != NULL) {
+        status = handler(sftp_msg);
+        return status;
+    }
+
+    sftp_reply_status(sftp_msg, SSH_FX_OP_UNSUPPORTED,
+                      "Extended Operation not supported");
+    SSH_LOG(SSH_LOG_PROTOCOL, "Extended Message type %s not implemented",
+            subtype);
+    return SSH_OK;
+}
+
+static int
+dispatch_sftp_request(sftp_client_message sftp_msg)
+{
+    int status = SSH_ERROR;
+    sftp_server_message_callback handler = NULL;
+    uint8_t type = sftp_client_message_get_type(sftp_msg);
+
+    SSH_LOG(SSH_LOG_PROTOCOL, "processing request type: %u", type);
+
+    for (int i = 0; message_handlers[i].cb != NULL; i++) {
+        if (type == message_handlers[i].type) {
+            handler = message_handlers[i].cb;
+            break;
+        }
+    }
+
+    if (handler != NULL) {
+        status = handler(sftp_msg);
+    } else {
+        sftp_reply_status(sftp_msg, SSH_FX_OP_UNSUPPORTED,
+                          "Operation not supported");
+        SSH_LOG(SSH_LOG_PROTOCOL, "Message type %u not implemented", type);
+        return SSH_OK;
+    }
+
+    return status;
+}
+
+static int
+process_client_message(sftp_client_message client_msg)
+{
+    int status = SSH_OK;
+    if (client_msg == NULL) {
+        return SSH_ERROR;
+    }
+
+    switch (client_msg->type) {
+    case SSH_FXP_EXTENDED:
+        status = process_extended(client_msg);
+        break;
+    default:
+        status = dispatch_sftp_request(client_msg);
+    }
+
+    if (status != SSH_OK)
+        SSH_LOG(SSH_LOG_PROTOCOL,
+                "error occurred during processing client message!");
+
+    return status;
 }
 
-void sftp_handle_remove(sftp_session sftp, void *handle) {
-  int i;
+/**
+ * @brief Default subsystem request handler for SFTP subsystem
+ *
+ * @param[in]  session   The ssh session
+ * @param[in]  channel   The existing ssh channel
+ * @param[in]  subsystem The subsystem name. Only "sftp" is handled
+ * @param[out] userdata  The pointer to sftp_session which will get the
+ *                       resulting SFTP session
+ *
+ * @return SSH_OK when the SFTP server was successfully initialized, SSH_ERROR
+ *         otherwise.
+ */
+int
+sftp_channel_default_subsystem_request(ssh_session session,
+                                       ssh_channel channel,
+                                       const char *subsystem,
+                                       void *userdata)
+{
+    if (strcmp(subsystem, "sftp") == 0) {
+        sftp_session *sftp = (sftp_session *)userdata;
+
+        /* initialize sftp session and file handler */
+        *sftp = sftp_server_new(session, channel);
+        if (*sftp == NULL) {
+            return SSH_ERROR;
+        }
 
-  for (i = 0; i < SFTP_HANDLES; i++) {
-    if (sftp->handles[i] == handle) {
-      sftp->handles[i] = NULL;
-      break;
+        return SSH_OK;
     }
-  }
+    return SSH_ERROR;
 }
+
+/**
+ * @brief Default data callback for sftp server
+ *
+ * @param[in] session   The ssh session
+ * @param[in] channel   The ssh channel with SFTP session opened
+ * @param[in] data      The data to be processed.
+ * @param[in] len       The length of input data to be processed
+ * @param[in] is_stderr Unused channel flag for stderr flagging
+ * @param[in] userdata  The pointer to sftp_session
+ *
+ * @return number of bytes processed, -1 when error occurs.
+ */
+int
+sftp_channel_default_data_callback(UNUSED_PARAM(ssh_session session),
+                                   UNUSED_PARAM(ssh_channel channel),
+                                   void *data,
+                                   uint32_t len,
+                                   UNUSED_PARAM(int is_stderr),
+                                   void *userdata)
+{
+    sftp_session *sftpp = (sftp_session *)userdata;
+    sftp_session sftp = NULL;
+    sftp_client_message msg;
+    int decode_len;
+    int rc;
+
+    if (sftpp == NULL) {
+        SSH_LOG(SSH_LOG_WARNING, "NULL userdata passed to callback");
+        return SSH_ERROR;
+    }
+    sftp = *sftpp;
+
+    decode_len = sftp_decode_channel_data_to_packet(sftp, data, len);
+    if (decode_len == SSH_ERROR)
+        return SSH_ERROR;
+
+    msg = sftp_get_client_message_from_packet(sftp);
+    rc = process_client_message(msg);
+    sftp_client_message_free(msg);
+    if (rc != SSH_OK)
+        SSH_LOG(SSH_LOG_PROTOCOL, "process sftp failed!");
+
+    return decode_len;
+}
+#else
+/* Not available on Windows for now */
+int
+sftp_channel_default_data_callback(UNUSED_PARAM(ssh_session session),
+                                   UNUSED_PARAM(ssh_channel channel),
+                                   UNUSED_PARAM(void *data),
+                                   UNUSED_PARAM(uint32_t len),
+                                   UNUSED_PARAM(int is_stderr),
+                                   UNUSED_PARAM(void *userdata))
+{
+    return -1;
+}
+
+int
+sftp_channel_default_subsystem_request(UNUSED_PARAM(ssh_session session),
+                                       UNUSED_PARAM(ssh_channel channel),
+                                       UNUSED_PARAM(const char *subsystem),
+                                       UNUSED_PARAM(void *userdata))
+{
+    return SSH_ERROR;
+}
+#endif
diff --git a/libssh/src/socket.c b/libssh/src/socket.c
index 4e637ae1..abb23777 100644
--- a/libssh/src/socket.c
+++ b/libssh/src/socket.c
@@ -37,17 +37,6 @@ struct sockaddr_un {
   char sun_path[UNIX_PATH_MAX];
 };
 #endif
-#if _MSC_VER >= 1400
-#include <io.h>
-#undef open
-#define open _open
-#undef close
-#define close _close
-#undef read
-#define read _read
-#undef write
-#define write _write
-#endif /* _MSC_VER */
 #else /* _WIN32 */
 #include <fcntl.h>
 #include <sys/types.h>
@@ -55,6 +44,9 @@ struct sockaddr_un {
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <signal.h>
+#ifdef HAVE_PTHREAD
+#include <pthread.h>
+#endif
 #endif /* _WIN32 */
 
 #include "libssh/priv.h"
@@ -65,8 +57,6 @@ struct sockaddr_un {
 #include "libssh/session.h"
 
 /**
- * @internal
- *
  * @defgroup libssh_socket The SSH socket functions.
  * @ingroup libssh
  *
@@ -103,6 +93,15 @@ struct ssh_socket_struct {
 #endif
 };
 
+#ifdef HAVE_PTHREAD
+struct jump_thread_data_struct {
+    ssh_session session;
+    socket_t fd;
+};
+
+int proxy_disconnect = 0;
+#endif /* HAVE_PTHREAD */
+
 static int sockets_initialized = 0;
 
 static ssize_t ssh_socket_unbuffered_read(ssh_socket s,
@@ -223,6 +222,15 @@ void ssh_socket_set_callbacks(ssh_socket s, ssh_socket_callbacks callbacks)
     s->callbacks = callbacks;
 }
 
+void ssh_socket_set_connected(ssh_socket s, struct ssh_poll_handle_struct *p)
+{
+    s->state = SSH_SOCKET_CONNECTED;
+    /* POLLOUT is the event to wait for in a nonblocking connect */
+    if (p != NULL) {
+        ssh_poll_set_events(p, POLLIN | POLLOUT);
+    }
+}
+
 /**
  * @brief               SSH poll callback. This callback will be used when an event
  *                      caught on the socket.
@@ -230,7 +238,7 @@ void ssh_socket_set_callbacks(ssh_socket s, ssh_socket_callbacks callbacks)
  * @param p             Poll object this callback belongs to.
  * @param fd            The raw socket.
  * @param revents       The current poll events on the socket.
- * @param userdata      Userdata to be passed to the callback function,
+ * @param v_s           Userdata to be passed to the callback function,
  *                      in this case the socket object.
  *
  * @return              0 on success, < 0 when the poll object has been removed
@@ -252,7 +260,8 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
     if (!ssh_socket_is_open(s)) {
         return -1;
     }
-    SSH_LOG(SSH_LOG_TRACE, "Poll callback on socket %d (%s%s%s), out buffer %d",fd,
+    SSH_LOG(SSH_LOG_TRACE,
+            "Poll callback on socket %d (%s%s%s), out buffer %" PRIu32, fd,
             (revents & POLLIN) ? "POLLIN ":"",
             (revents & POLLOUT) ? "POLLOUT ":"",
             (revents & POLLERR) ? "POLLERR":"",
@@ -323,12 +332,13 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
 
         /* Call the callback */
         if (s->callbacks != NULL && s->callbacks->data != NULL) {
+            size_t processed;
             do {
-                nread = s->callbacks->data(ssh_buffer_get(s->in_buffer),
-                                       ssh_buffer_get_len(s->in_buffer),
-                                       s->callbacks->userdata);
-                ssh_buffer_pass_bytes(s->in_buffer, nread);
-            } while ((nread > 0) && (s->state == SSH_SOCKET_CONNECTED));
+                processed = s->callbacks->data(ssh_buffer_get(s->in_buffer),
+                                               ssh_buffer_get_len(s->in_buffer),
+                                               s->callbacks->userdata);
+                ssh_buffer_pass_bytes(s->in_buffer, processed);
+            } while ((processed > 0) && (s->state == SSH_SOCKET_CONNECTED));
 
             /* p may have been freed, so don't use it
              * anymore in this function */
@@ -345,10 +355,7 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
         /* First, POLLOUT is a sign we may be connected */
         if (s->state == SSH_SOCKET_CONNECTING) {
             SSH_LOG(SSH_LOG_PACKET, "Received POLLOUT in connecting state");
-            s->state = SSH_SOCKET_CONNECTED;
-            if (p != NULL) {
-                ssh_poll_set_events(p, POLLOUT | POLLIN);
-            }
+            ssh_socket_set_connected(s, p);
 
             rc = ssh_socket_set_blocking(ssh_socket_get_fd(s));
             if (rc < 0) {
@@ -376,7 +383,7 @@ int ssh_socket_pollcallback(struct ssh_poll_handle_struct *p,
             ssh_socket_nonblocking_flush(s);
         } else if (s->callbacks != NULL && s->callbacks->controlflow != NULL) {
             /* Otherwise advertise the upper level that write can be done */
-            SSH_LOG(SSH_LOG_TRACE,"sending control flow event");
+            SSH_LOG(SSH_LOG_TRACE, "sending control flow event");
             s->callbacks->controlflow(SSH_SOCKET_FLOW_WRITEWONTBLOCK,
                                       s->callbacks->userdata);
         }
@@ -401,7 +408,7 @@ ssh_poll_handle ssh_socket_get_poll_handle(ssh_socket s)
     if (s->poll_handle) {
         return s->poll_handle;
     }
-    s->poll_handle = ssh_poll_new(s->fd,0,ssh_socket_pollcallback,s);
+    s->poll_handle = ssh_poll_new(s->fd, 0, ssh_socket_pollcallback, s);
     return s->poll_handle;
 }
 
@@ -471,7 +478,7 @@ void ssh_socket_close(ssh_socket s)
 #endif
     }
 
-    if (s->poll_handle != NULL) {
+    if (s->poll_handle != NULL && !ssh_poll_is_locked(s->poll_handle)) {
         ssh_poll_free(s->poll_handle);
         s->poll_handle = NULL;
     }
@@ -489,13 +496,13 @@ void ssh_socket_close(ssh_socket s)
         while (waitpid(pid, &status, 0) == -1) {
             if (errno != EINTR) {
                 char err_msg[SSH_ERRNO_MSG_MAX] = {0};
-                SSH_LOG(SSH_LOG_WARN, "waitpid failed: %s",
+                SSH_LOG(SSH_LOG_TRACE, "waitpid failed: %s",
                         ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
                 return;
             }
         }
         if (!WIFEXITED(status)) {
-            SSH_LOG(SSH_LOG_WARN, "Proxy command exited abnormally");
+            SSH_LOG(SSH_LOG_TRACE, "Proxy command exited abnormally");
             return;
         }
         SSH_LOG(SSH_LOG_TRACE, "Proxy command returned %d", WEXITSTATUS(status));
@@ -513,17 +520,23 @@ void ssh_socket_close(ssh_socket s)
  */
 void ssh_socket_set_fd(ssh_socket s, socket_t fd)
 {
+    ssh_poll_handle h = NULL;
+
     s->fd = fd;
 
     if (s->poll_handle) {
         ssh_poll_set_fd(s->poll_handle,fd);
     } else {
         s->state = SSH_SOCKET_CONNECTING;
+        h = ssh_socket_get_poll_handle(s);
+        if (h == NULL) {
+            return;
+        }
 
         /* POLLOUT is the event to wait for in a nonblocking connect */
-        ssh_poll_set_events(ssh_socket_get_poll_handle(s), POLLOUT);
+        ssh_poll_set_events(h, POLLOUT);
 #ifdef _WIN32
-        ssh_poll_add_events(ssh_socket_get_poll_handle(s), POLLWRNORM);
+        ssh_poll_add_events(h, POLLWRNORM);
 #endif
     }
 }
@@ -557,9 +570,9 @@ static ssize_t ssh_socket_unbuffered_read(ssh_socket s,
         return -1;
     }
     if (s->fd_is_socket) {
-        rc = recv(s->fd,buffer, len, 0);
+        rc = recv(s->fd, buffer, len, 0);
     } else {
-        rc = read(s->fd,buffer, len);
+        rc = read(s->fd, buffer, len);
     }
 #ifdef _WIN32
     s->last_errno = WSAGetLastError();
@@ -570,6 +583,8 @@ static ssize_t ssh_socket_unbuffered_read(ssh_socket s,
 
     if (rc < 0) {
         s->data_except = 1;
+    } else {
+        SSH_LOG(SSH_LOG_TRACE, "read %zd", rc);
     }
 
     return rc;
@@ -607,12 +622,13 @@ static ssize_t ssh_socket_unbuffered_write(ssh_socket s,
     /* Reactive the POLLOUT detector in the poll multiplexer system */
     if (s->poll_handle) {
         SSH_LOG(SSH_LOG_PACKET, "Enabling POLLOUT for socket");
-        ssh_poll_set_events(s->poll_handle,ssh_poll_get_events(s->poll_handle) | POLLOUT);
+        ssh_poll_add_events(s->poll_handle, POLLOUT);
     }
     if (w < 0) {
         s->data_except = 1;
     }
 
+    SSH_LOG(SSH_LOG_TRACE, "wrote %zd", w);
     return w;
 }
 
@@ -735,6 +751,8 @@ int ssh_socket_nonblocking_flush(ssh_socket s)
     /* Is there some data pending? */
     len = ssh_buffer_get_len(s->out_buffer);
     if (s->poll_handle && len > 0) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "did not send all the data, queuing pollout event");
         /* force the poll system to catch pollout events */
         ssh_poll_add_events(s->poll_handle, POLLOUT);
 
@@ -852,8 +870,6 @@ int ssh_socket_set_blocking(socket_t fd)
  * @param bind_addr address to bind to, or NULL for default.
  * @returns SSH_OK socket is being connected.
  * @returns SSH_ERROR error while connecting to remote host.
- * @bug It only tries connecting to one of the available AI's
- * which is problematic for hosts having DNS fail-over.
  */
 int ssh_socket_connect(ssh_socket s,
                        const char *host,
@@ -868,7 +884,7 @@ int ssh_socket_connect(ssh_socket s,
         return SSH_ERROR;
     }
     fd = ssh_connect_host_nonblocking(s->session, host, bind_addr, port);
-    SSH_LOG(SSH_LOG_PROTOCOL, "Nonblocking connection socket: %d", fd);
+    SSH_LOG(SSH_LOG_DEBUG, "Nonblocking connection socket: %d", fd);
     if (fd == SSH_INVALID_SOCKET) {
         return SSH_ERROR;
     }
@@ -877,7 +893,7 @@ int ssh_socket_connect(ssh_socket s,
     return SSH_OK;
 }
 
-#ifndef _WIN32
+#ifdef WITH_EXEC
 /**
  * @internal
  * @brief executes a command and redirect input and outputs
@@ -896,7 +912,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
     /* Prepare /dev/null socket for the stderr redirection */
     devnull = open("/dev/null", O_WRONLY);
     if (devnull == -1) {
-        SSH_LOG(SSH_LOG_WARNING, "Failed to open /dev/null");
+        SSH_LOG(SSH_LOG_TRACE, "Failed to open /dev/null");
         exit(1);
     }
 
@@ -906,9 +922,14 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
      */
     shell = getenv("SHELL");
     if (shell == NULL || shell[0] == '\0') {
-        /* Fall back to bash. There are issues with dash or
-         * whatever people tend to link to /bin/sh */
-        shell = "/bin/bash";
+        /* Fall back to the /bin/sh only if the bash is not available. But there are
+         * issues with dash or whatever people tend to link to /bin/sh */
+        rc = access("/bin/bash", 0);
+        if (rc != 0) {
+            shell = "/bin/sh";
+        } else {
+            shell = "/bin/bash";
+        }
     }
     args[0] = shell;
 
@@ -938,11 +959,11 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
  * @returns SSH_OK socket is being connected.
  * @returns SSH_ERROR error while executing the command.
  */
-
 int
 ssh_socket_connect_proxycommand(ssh_socket s, const char *command)
 {
     socket_t pair[2];
+    ssh_poll_handle h = NULL;
     int pid;
     int rc;
 
@@ -955,7 +976,7 @@ ssh_socket_connect_proxycommand(ssh_socket s, const char *command)
         return SSH_ERROR;
     }
 
-    SSH_LOG(SSH_LOG_PROTOCOL, "Executing proxycommand '%s'", command);
+    SSH_LOG(SSH_LOG_DEBUG, "Executing proxycommand '%s'", command);
     pid = fork();
     if (pid == 0) {
         ssh_execute_command(command, pair[0], pair[0]);
@@ -963,18 +984,314 @@ ssh_socket_connect_proxycommand(ssh_socket s, const char *command)
     }
     s->proxy_pid = pid;
     close(pair[0]);
-    SSH_LOG(SSH_LOG_PROTOCOL, "ProxyCommand connection pipe: [%d,%d]",pair[0],pair[1]);
+    SSH_LOG(SSH_LOG_DEBUG, "ProxyCommand connection pipe: [%d,%d]",pair[0],pair[1]);
     ssh_socket_set_fd(s, pair[1]);
-    s->state=SSH_SOCKET_CONNECTED;
-    s->fd_is_socket=0;
-    /* POLLOUT is the event to wait for in a nonblocking connect */
-    ssh_poll_set_events(ssh_socket_get_poll_handle(s), POLLIN | POLLOUT);
+    s->fd_is_socket = 0;
+    h = ssh_socket_get_poll_handle(s);
+    if (h == NULL) {
+        return SSH_ERROR;
+    }
+    ssh_socket_set_connected(s, h);
     if (s->callbacks && s->callbacks->connected) {
         s->callbacks->connected(SSH_SOCKET_CONNECTED_OK, 0, s->callbacks->userdata);
     }
 
     return SSH_OK;
 }
+#endif /* WITH_EXEC */
+
+#ifndef _WIN32
+#ifdef HAVE_PTHREAD
+static int
+verify_knownhost(ssh_session session)
+{
+    enum ssh_known_hosts_e state;
+
+    state = ssh_session_is_known_server(session);
+
+    switch (state) {
+    case SSH_KNOWN_HOSTS_OK:
+        break; /* ok */
+    default:
+        SSH_LOG(SSH_LOG_WARN, "Couldn't verify knownhost during proxyjump.");
+        return SSH_ERROR;
+    }
+
+    return SSH_OK;
+}
+
+static void *
+jump_thread_func(void *arg)
+{
+    struct jump_thread_data_struct *jump_thread_data = NULL;
+    struct ssh_jump_info_struct *jis = NULL;
+    struct ssh_jump_callbacks_struct *cb = NULL;
+    ssh_session jump_session = NULL;
+    ssh_channel caa = NULL;
+    int rc;
+    ssh_event event = NULL;
+    ssh_connector connector_in = NULL, connector_out = NULL;
+    ssh_session session = NULL;
+    int next_port;
+    char *next_hostname = NULL;
+
+    jump_thread_data = (struct jump_thread_data_struct *)arg;
+    session = jump_thread_data->session;
+
+    next_port = session->opts.port;
+    next_hostname = strdup(session->opts.host);
+
+    jump_session = ssh_new();
+    if (jump_session == NULL) {
+        goto exit;
+    }
+
+    jump_session->proxy_root = false;
+    /* Reset the global variable if it was previously 1 */
+    if (session->proxy_root) {
+        proxy_disconnect = 0;
+    }
+
+    for (jis = ssh_list_pop_head(struct ssh_jump_info_struct *,
+                                 session->opts.proxy_jumps);
+         jis != NULL;
+         jis = ssh_list_pop_head(struct ssh_jump_info_struct *,
+                                 session->opts.proxy_jumps)) {
+        rc = ssh_list_append(jump_session->opts.proxy_jumps, jis);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(session);
+            goto exit;
+        }
+    }
+    for (jis =
+            ssh_list_pop_head(struct ssh_jump_info_struct *,
+                              session->opts.proxy_jumps_user_cb);
+         jis != NULL;
+         jis = ssh_list_pop_head(struct ssh_jump_info_struct *,
+                                 session->opts.proxy_jumps_user_cb)) {
+        rc = ssh_list_append(jump_session->opts.proxy_jumps_user_cb, jis);
+        if (rc != SSH_OK) {
+            ssh_set_error_oom(session);
+            goto exit;
+        }
+    }
+
+    ssh_options_set(jump_session,
+                    SSH_OPTIONS_LOG_VERBOSITY,
+                    &session->common.log_verbosity);
+
+    /* Pop the information about the current jump */
+    jis = ssh_list_pop_head(struct ssh_jump_info_struct *,
+                            jump_session->opts.proxy_jumps);
+    if (jis == NULL) {
+        SSH_LOG(SSH_LOG_WARN, "Inconsistent list of proxy jumps received");
+        goto exit;
+    }
+
+    ssh_options_set(jump_session, SSH_OPTIONS_HOST, jis->hostname);
+    ssh_options_set(jump_session, SSH_OPTIONS_USER, jis->username);
+    ssh_options_set(jump_session, SSH_OPTIONS_PORT, &jis->port);
+
+    /* Pop the callbacks for the current jump */
+    cb = ssh_list_pop_head(struct ssh_jump_callbacks_struct *,
+                           jump_session->opts.proxy_jumps_user_cb);
+
+    if (cb != NULL) {
+        rc = cb->before_connection(jump_session, cb->userdata);
+        if (rc != SSH_OK) {
+            SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(jump_session));
+            goto exit;
+        }
+    }
+
+    /* If there are more jumps then this will make a new thread and call the
+     * current function again, until there are no jumps. When there are no jumps
+     * it connects normally. */
+    rc = ssh_connect(jump_session);
+    if (rc != SSH_OK) {
+        SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(jump_session));
+        goto exit;
+    }
+
+    /* Use the callback or default implementation for verifying knownhost */
+    if (cb != NULL && cb->verify_knownhost != NULL) {
+        rc = cb->verify_knownhost(jump_session, cb->userdata);
+    } else {
+        rc = verify_knownhost(jump_session);
+    }
+    if (rc != SSH_OK) {
+        goto exit;
+    }
+
+    /* Use the callback or publickey method to authenticate */
+    if (cb != NULL && cb->authenticate != NULL) {
+        rc = cb->authenticate(jump_session, cb->userdata);
+    } else {
+        rc = ssh_userauth_publickey_auto(jump_session, NULL, NULL);
+    }
+    if (rc != SSH_OK) {
+        SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(jump_session));
+        goto exit;
+    }
+
+    caa = ssh_channel_new(jump_session);
+    if (caa == NULL) {
+        goto exit;
+    }
+    /* The origin hostname and port are set to match OpenSSH implementation
+     * they are only used for logging on the server */
+    rc = ssh_channel_open_forward(caa,
+                                  next_hostname,
+                                  next_port,
+                                  "127.0.0.1",
+                                  65535);
+    if (rc != SSH_OK) {
+        SSH_LOG(SSH_LOG_WARN,
+                "Error opening port forwarding channel: %s",
+                ssh_get_error(jump_session));
+        goto exit;
+    }
+
+    event = ssh_event_new();
+    if (event == NULL) {
+        goto exit;
+    }
+
+    connector_in = ssh_connector_new(jump_session);
+    if (connector_in == NULL) {
+        goto exit;
+    }
+    ssh_connector_set_out_channel(connector_in, caa, SSH_CONNECTOR_STDINOUT);
+    ssh_connector_set_in_fd(connector_in, jump_thread_data->fd);
+    ssh_event_add_connector(event, connector_in);
+
+    connector_out = ssh_connector_new(jump_session);
+    if (connector_out == NULL) {
+        goto exit;
+    }
+    ssh_connector_set_out_fd(connector_out, jump_thread_data->fd);
+    ssh_connector_set_in_channel(connector_out, caa, SSH_CONNECTOR_STDINOUT);
+    ssh_event_add_connector(event, connector_out);
+
+    while (ssh_channel_is_open(caa)) {
+        if (proxy_disconnect == 1) {
+            break;
+        }
+        rc = ssh_event_dopoll(event, 60000);
+        if (rc == SSH_ERROR) {
+            SSH_LOG(SSH_LOG_WARN,
+                    "Error in ssh_event_dopoll() during proxy jump");
+            break;
+        }
+    }
+
+exit:
+    if (connector_in != NULL) {
+        ssh_event_remove_connector(event, connector_in);
+        ssh_connector_free(connector_in);
+    }
+    if (connector_out != NULL) {
+        ssh_event_remove_connector(event, connector_out);
+        ssh_connector_free(connector_out);
+    }
+    SAFE_FREE(next_hostname);
+    if (jis != NULL) {
+        SAFE_FREE(jis->hostname);
+        SAFE_FREE(jis->username);
+    }
+    SAFE_FREE(jis);
+
+    ssh_disconnect(jump_session);
+    ssh_event_free(event);
+    ssh_free(jump_session);
+
+    SAFE_FREE(jump_thread_data);
+
+    pthread_exit(NULL);
+}
+
+int
+ssh_socket_connect_proxyjump(ssh_socket s)
+{
+    ssh_poll_handle h = NULL;
+    int rc;
+    pthread_t jump_thread;
+    struct jump_thread_data_struct *jump_thread_data = NULL;
+    socket_t pair[2];
+
+    if (s->state != SSH_SOCKET_NONE) {
+        ssh_set_error(
+            s->session,
+            SSH_FATAL,
+            "ssh_socket_connect_proxyjump called on socket not unconnected");
+        return SSH_ERROR;
+    }
+
+    jump_thread_data = calloc(1, sizeof(struct jump_thread_data_struct));
+    if (jump_thread_data == NULL) {
+        ssh_set_error_oom(s->session);
+        return SSH_ERROR;
+    }
+
+    rc = socketpair(PF_UNIX, SOCK_STREAM, 0, pair);
+    if (rc == -1) {
+        char err_msg[SSH_ERRNO_MSG_MAX] = {0};
+
+        ssh_set_error(s->session,
+                      SSH_FATAL,
+                      "Creating socket pair failed: %s",
+                      ssh_strerror(errno, err_msg, SSH_ERRNO_MSG_MAX));
+        SAFE_FREE(jump_thread_data);
+        return SSH_ERROR;
+    }
+
+    jump_thread_data->session = s->session;
+    jump_thread_data->fd = pair[0];
+
+    rc = pthread_create(&jump_thread, NULL, jump_thread_func, jump_thread_data);
+    if (rc != 0) {
+        char err_msg[SSH_ERRNO_MSG_MAX] = {0};
+
+        ssh_set_error(s->session,
+                      SSH_FATAL,
+                      "Creating new thread failed: %s",
+                      ssh_strerror(rc, err_msg, SSH_ERRNO_MSG_MAX));
+        SAFE_FREE(jump_thread_data);
+        return SSH_ERROR;
+    }
+    rc = pthread_detach(jump_thread);
+    if (rc != 0) {
+        char err_msg[SSH_ERRNO_MSG_MAX] = {0};
+
+        ssh_set_error(s->session,
+                      SSH_FATAL,
+                      "Failed to detach thread: %s",
+                      ssh_strerror(rc, err_msg, SSH_ERRNO_MSG_MAX));
+        SAFE_FREE(jump_thread_data);
+        return SSH_ERROR;
+    }
+
+    SSH_LOG(SSH_LOG_DEBUG,
+            "ProxyJump connection pipe: [%d,%d]",
+            pair[0],
+            pair[1]);
+    ssh_socket_set_fd(s, pair[1]);
+    s->fd_is_socket = 1;
+    h = ssh_socket_get_poll_handle(s);
+    if (h == NULL) {
+        return SSH_ERROR;
+    }
+    ssh_socket_set_connected(s, h);
+    if (s->callbacks && s->callbacks->connected) {
+        s->callbacks->connected(SSH_SOCKET_CONNECTED_OK,
+                                0,
+                                s->callbacks->userdata);
+    }
+
+    return SSH_OK;
+}
+
+#endif /* HAVE_PTHREAD */
 
 #endif /* _WIN32 */
 /** @} */
diff --git a/libssh/src/string.c b/libssh/src/string.c
index 44403487..0ab9310c 100644
--- a/libssh/src/string.c
+++ b/libssh/src/string.c
@@ -106,7 +106,7 @@ int ssh_string_fill(struct ssh_string_struct *s, const void *data, size_t len) {
  * @note The null byte is not copied nor counted in the output string.
  */
 struct ssh_string_struct *ssh_string_from_char(const char *what) {
-  struct ssh_string_struct *ptr;
+  struct ssh_string_struct *ptr = NULL;
   size_t len;
 
   if(what == NULL) {
@@ -180,7 +180,7 @@ const char *ssh_string_get_char(struct ssh_string_struct *s)
  */
 char *ssh_string_to_char(struct ssh_string_struct *s) {
   size_t len;
-  char *new;
+  char *new = NULL;
 
   if (s == NULL) {
       return NULL;
@@ -219,7 +219,7 @@ void ssh_string_free_char(char *s) {
  * @return              Newly allocated copy of the string, NULL on error.
  */
 struct ssh_string_struct *ssh_string_copy(struct ssh_string_struct *s) {
-  struct ssh_string_struct *new;
+  struct ssh_string_struct *new = NULL;
   size_t len;
 
   if (s == NULL) {
diff --git a/libssh/src/threads.c b/libssh/src/threads.c
index 792b976d..7660b972 100644
--- a/libssh/src/threads.c
+++ b/libssh/src/threads.c
@@ -20,7 +20,7 @@
  */
 
 /**
- * @defgroup libssh_threads The SSH threading functions.
+ * @defgroup libssh_threads The SSH threading functions
  * @ingroup libssh
  *
  * Threading with libssh
diff --git a/libssh/src/threads/libcrypto.c b/libssh/src/threads/libcrypto.c
index dac840d3..18951b6a 100644
--- a/libssh/src/threads/libcrypto.c
+++ b/libssh/src/threads/libcrypto.c
@@ -24,8 +24,6 @@
 #include "libssh/threads.h"
 #include <libssh/callbacks.h>
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000)
-
 int crypto_thread_init(struct ssh_threads_callbacks_struct *cb)
 {
     (void) cb;
@@ -36,86 +34,3 @@ void crypto_thread_finalize(void)
 {
     return;
 }
-
-#else
-
-static struct ssh_threads_callbacks_struct *user_callbacks = NULL;
-
-static void **libcrypto_mutexes;
-
-void libcrypto_lock_callback(int mode, int i, const char *file, int line);
-
-void libcrypto_lock_callback(int mode, int i, const char *file, int line)
-{
-    (void)file;
-    (void)line;
-
-    if (mode & CRYPTO_LOCK) {
-        user_callbacks->mutex_lock(&libcrypto_mutexes[i]);
-    } else {
-        user_callbacks->mutex_unlock(&libcrypto_mutexes[i]);
-    }
-}
-
-static void libcrypto_THREADID_callback(CRYPTO_THREADID *id)
-{
-    unsigned long thread_id = (*user_callbacks->thread_id)();
-
-    CRYPTO_THREADID_set_numeric(id, thread_id);
-}
-
-int crypto_thread_init(struct ssh_threads_callbacks_struct *cb)
-{
-    int n = CRYPTO_num_locks();
-    int cmp;
-    int i;
-
-    if (cb == NULL) {
-        return SSH_OK;
-    }
-
-    if (user_callbacks != NULL) {
-        crypto_thread_finalize();
-    }
-
-    user_callbacks = cb;
-
-    cmp = strcmp(user_callbacks->type, "threads_noop");
-    if (cmp == 0) {
-        return SSH_OK;
-    }
-
-    libcrypto_mutexes = calloc(n, sizeof(void *));
-    if (libcrypto_mutexes == NULL) {
-        return SSH_ERROR;
-    }
-
-    for (i = 0; i < n; ++i){
-        user_callbacks->mutex_init(&libcrypto_mutexes[i]);
-    }
-
-    CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback);
-    CRYPTO_set_locking_callback(libcrypto_lock_callback);
-
-    return SSH_OK;
-}
-
-void crypto_thread_finalize(void)
-{
-    int n = CRYPTO_num_locks();
-    int i;
-
-    if (libcrypto_mutexes == NULL) {
-        return;
-    }
-
-    CRYPTO_THREADID_set_callback(NULL);
-    CRYPTO_set_locking_callback(NULL);
-
-    for (i = 0; i < n; ++i) {
-            user_callbacks->mutex_destroy(&libcrypto_mutexes[i]);
-    }
-    SAFE_FREE(libcrypto_mutexes);
-}
-
-#endif
diff --git a/libssh/src/threads/winlocks.c b/libssh/src/threads/winlocks.c
index da600418..e63635e7 100644
--- a/libssh/src/threads/winlocks.c
+++ b/libssh/src/threads/winlocks.c
@@ -82,7 +82,7 @@ static struct ssh_threads_callbacks_struct ssh_threads_winlock =
 
 void ssh_mutex_lock(SSH_MUTEX *mutex)
 {
-    void *rc;
+    void *rc = NULL;
 
     CRITICAL_SECTION *mutex_tmp = NULL;
 
diff --git a/libssh/src/token.c b/libssh/src/token.c
index 0924d3bd..6ce2b64c 100644
--- a/libssh/src/token.c
+++ b/libssh/src/token.c
@@ -87,7 +87,7 @@ struct ssh_tokens_st *ssh_tokenize(const char *chain, char separator)
         return NULL;
     }
 
-    tokens->buffer= strdup(chain);
+    tokens->buffer = strdup(chain);
     if (tokens->buffer == NULL) {
         goto error;
     }
@@ -376,6 +376,7 @@ char *ssh_append_without_duplicates(const char *list,
 {
     size_t concat_len = 0;
     char *ret = NULL, *concat = NULL;
+    int rc = 0;
 
     if (list != NULL) {
         concat_len = strlen(list);
@@ -396,12 +397,144 @@ char *ssh_append_without_duplicates(const char *list,
         return NULL;
     }
 
+    rc = snprintf(concat, concat_len, "%s%s%s",
+                  list == NULL ? "" : list,
+                  list == NULL ? "" : ",",
+                  appended_list == NULL ? "" : appended_list);
+    if (rc < 0) {
+        SAFE_FREE(concat);
+        return NULL;
+    }
+
+    ret = ssh_remove_duplicates(concat);
+
+    SAFE_FREE(concat);
+
+    return ret;
+}
+
+/**
+ * @internal
+ *
+ * @brief Given two strings containing lists of tokens, return a newly
+ * allocated string containing the elements of the first list without the
+ * elements of the second list. The order of the elements will be preserved.
+ *
+ * @param[in] list             The first list
+ * @param[in] remove_list      The list to be removed
+ *
+ * @return  A newly allocated copy list containing elements of the
+ * list without the elements of remove_list; NULL in case of error.
+ */
+char *ssh_remove_all_matching(const char *list,
+                              const char *remove_list)
+{
+    struct ssh_tokens_st *l_tok = NULL, *r_tok = NULL;
+    int i, j, cmp;
+    char *ret = NULL;
+    size_t len, pos = 0;
+    bool exclude;
+
+    if (list == NULL) {
+        return NULL;
+    }
+    if (remove_list == NULL) {
+        return strdup (list);
+    }
+
+    l_tok = ssh_tokenize(list, ',');
+    if (l_tok == NULL) {
+        goto out;
+    }
+
+    r_tok = ssh_tokenize(remove_list, ',');
+    if (r_tok == NULL) {
+        goto out;
+    }
+
+    ret = calloc(1, strlen(list) + 1);
+    if (ret == NULL) {
+        goto out;
+    }
+
+    for (i = 0; l_tok->tokens[i]; i++) {
+        exclude = false;
+        for (j = 0; r_tok->tokens[j]; j++) {
+            cmp = strcmp(l_tok->tokens[i], r_tok->tokens[j]);
+            if (cmp == 0) {
+                exclude = true;
+                break;
+            }
+        }
+        if (exclude == false) {
+            if (pos != 0) {
+                ret[pos] = ',';
+                pos++;
+            }
+
+            len = strlen(l_tok->tokens[i]);
+            memcpy(&ret[pos], l_tok->tokens[i], len);
+            pos += len;
+        }
+    }
+
+    if (ret[0] == '\0') {
+        SAFE_FREE(ret);
+    }
+
+out:
+    ssh_tokens_free(l_tok);
+    ssh_tokens_free(r_tok);
+    return ret;
+}
+
+/**
+ * @internal
+ *
+ * @brief Given two strings containing lists of tokens, return a newly
+ * allocated string containing all the elements of the first list prefixed at
+ * the beginning of the second list, without duplicates.
+ *
+ * @param[in] list             The first list
+ * @param[in] prefixed_list    The list to use as a prefix
+ *
+ * @return  A newly allocated list containing all the elements
+ * of the list prefixed with the elements of the prefixed_list without
+ * duplicates; NULL in case of error.
+ */
+char *ssh_prefix_without_duplicates(const char *list,
+                                    const char *prefixed_list)
+{
+    size_t concat_len = 0;
+    char *ret = NULL, *concat = NULL;
+    int rc = 0;
+
     if (list != NULL) {
-        strcpy(concat, list);
-        strncat(concat, ",", concat_len - strlen(concat) - 1);
+        concat_len = strlen(list);
     }
-    if (appended_list != NULL) {
-        strncat(concat, appended_list, concat_len - strlen(concat) - 1);
+
+    if (prefixed_list != NULL) {
+        concat_len += strlen(prefixed_list);
+    }
+
+    if (concat_len == 0) {
+        return NULL;
+    }
+
+    /* Add room for ending '\0' and for middle ',' */
+    concat_len += 2;
+    concat = calloc(concat_len, 1);
+    if (concat == NULL) {
+        return NULL;
+    }
+
+    rc = snprintf(concat, concat_len, "%s%s%s",
+                  prefixed_list == NULL ? "" : prefixed_list,
+                  prefixed_list == NULL ? "" : ",",
+                  list == NULL ? "" : list);
+    if (rc < 0) {
+        SAFE_FREE(concat);
+        return NULL;
     }
 
     ret = ssh_remove_duplicates(concat);
diff --git a/libssh/src/ttyopts.c b/libssh/src/ttyopts.c
new file mode 100644
index 00000000..a1ab31f0
--- /dev/null
+++ b/libssh/src/ttyopts.c
@@ -0,0 +1,454 @@
+/*
+ * ttyopts.c - encoding of TTY modes.
+ *
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2023    by Utimaco TS GmbH <oss_committee@utimaco.com>
+ * Author: Daniel Evers <daniel.evers@utimaco.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include <libssh/priv.h>
+#include <string.h>
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#endif
+
+/** Terminal mode opcodes */
+enum {
+    TTY_OP_END = 0,
+    TTY_OP_VINTR = 1,
+    TTY_OP_VQUIT = 2,
+    TTY_OP_VERASE = 3,
+    TTY_OP_VKILL = 4,
+    TTY_OP_VEOF = 5,
+    TTY_OP_VEOL = 6,
+    TTY_OP_VEOL2 = 7,
+    TTY_OP_VSTART = 8,
+    TTY_OP_VSTOP = 9,
+    TTY_OP_VSUSP = 10,
+    TTY_OP_VDSUSP = 11,
+    TTY_OP_VREPRINT = 12,
+    TTY_OP_VWERASE = 13,
+    TTY_OP_VLNEXT = 14,
+    TTY_OP_VFLUSH = 15,
+    TTY_OP_VSWTC = 16,
+    TTY_OP_VSTATUS = 17,
+    TTY_OP_VDISCARD = 18,
+    TTY_OP_IGNPAR = 30,
+    TTY_OP_PARMRK = 31,
+    TTY_OP_INPCK = 32,
+    TTY_OP_ISTRIP = 33,
+    TTY_OP_INLCR = 34,
+    TTY_OP_IGNCR = 35,
+    TTY_OP_ICRNL = 36,
+    TTY_OP_IUCLC = 37,
+    TTY_OP_IXON = 38,
+    TTY_OP_IXANY = 39,
+    TTY_OP_IXOFF = 40,
+    TTY_OP_IMAXBEL = 41,
+    TTY_OP_IUTF8 = 42,
+    TTY_OP_ISIG = 50,
+    TTY_OP_ICANON = 51,
+    TTY_OP_XCASE = 52,
+    TTY_OP_ECHO = 53,
+    TTY_OP_ECHOE = 54,
+    TTY_OP_ECHOK = 55,
+    TTY_OP_ECHONL = 56,
+    TTY_OP_NOFLSH = 57,
+    TTY_OP_TOSTOP = 58,
+    TTY_OP_IEXTEN = 59,
+    TTY_OP_ECHOCTL = 60,
+    TTY_OP_ECHOKE = 61,
+    TTY_OP_PENDIN = 62,
+    TTY_OP_OPOST = 70,
+    TTY_OP_OLCUC = 71,
+    TTY_OP_ONLCR = 72,
+    TTY_OP_OCRNL = 73,
+    TTY_OP_ONOCR = 74,
+    TTY_OP_ONLRET = 75,
+    TTY_OP_CS7 = 90,
+    TTY_OP_CS8 = 91,
+    TTY_OP_PARENB = 92,
+    TTY_OP_PARODD = 93,
+    TTY_OP_ISPEED = 128,
+    TTY_OP_OSPEED = 129,
+};
+
+/**
+ * Encodes a single SSH terminal mode option into the buffer.
+ *
+ * @param[in]  attr     The mode's opcode value.
+ *
+ * @param[in]  value    The mode's value.
+ *
+ * @param[out] buf      Destination buffer to encode into.
+ *
+ * @param[in]  buflen   The length of the buffer.
+ *
+ * @return              number of bytes written to the buffer on success, -1 on
+ * error.
+ */
+static int
+encode_termios_opt(unsigned char opcode,
+                   uint32_t value,
+                   unsigned char *buf,
+                   size_t buflen)
+{
+    int offset = 0;
+
+    /* always need 5 bytes */
+    if (buflen < 5) {
+        return -1;
+    }
+
+    /* 1 byte opcode */
+    buf[offset++] = opcode;
+
+    /* 4 bytes value (big endian) */
+    value = htonl(value);
+    memcpy(buf + offset, &value, sizeof(value));
+    offset += sizeof(value);
+
+    return offset;
+}
+
+#ifdef HAVE_TERMIOS_H
+/** Converts a baudrate constant (Bxxxx) to a numeric value. */
+static int
+baud2speed(int baudrate)
+{
+    switch (baudrate) {
+    default:
+    case B0:
+        return 0;
+    case B50:
+        return 50;
+    case B75:
+        return 75;
+    case B110:
+        return 110;
+    case B134:
+        return 134;
+    case B150:
+        return 150;
+    case B200:
+        return 200;
+    case B300:
+        return 300;
+    case B600:
+        return 600;
+    case B1200:
+        return 1200;
+    case B1800:
+        return 1800;
+    case B2400:
+        return 2400;
+    case B4800:
+        return 4800;
+    case B9600:
+        return 9600;
+    case B19200:
+        return 19200;
+    case B38400:
+        return 38400;
+    case B57600:
+        return 57600;
+    case B115200:
+        return 115200;
+    case B230400:
+        return 230400;
+    }
+}
+
+/**
+ * Encodes all terminal options from the given \c termios structure
+ * into the buffer.
+ *
+ * @param[in]  attr     The terminal options to encode.
+ *
+ * @param[out] buf      Modes will be encoded into this buffer.
+ *
+ * @param[in]  buflen   The length of the buffer.
+ *
+ * @return              number of bytes in the buffer on success, -1 on error.
+ */
+static int
+encode_termios_opts(struct termios *attr, unsigned char *buf, size_t buflen)
+{
+    unsigned int offset = 0;
+    int rc;
+
+#define SSH_ENCODE_OPT(code, value)                                      \
+    rc = encode_termios_opt(code, value, buf + offset, buflen - offset); \
+    if (rc < 0) {                                                        \
+        return rc;                                                       \
+    } else {                                                             \
+        offset += rc;                                                    \
+    }
+
+#define SSH_ENCODE_INPUT_OPT(opt) \
+    SSH_ENCODE_OPT(TTY_OP_##opt, (attr->c_iflag & opt) ? 1 : 0)
+    SSH_ENCODE_INPUT_OPT(IGNPAR)
+    SSH_ENCODE_INPUT_OPT(PARMRK)
+    SSH_ENCODE_INPUT_OPT(INPCK)
+    SSH_ENCODE_INPUT_OPT(ISTRIP)
+    SSH_ENCODE_INPUT_OPT(INLCR)
+    SSH_ENCODE_INPUT_OPT(IGNCR)
+    SSH_ENCODE_INPUT_OPT(ICRNL)
+#ifdef IUCLC
+    SSH_ENCODE_INPUT_OPT(IUCLC)
+#endif
+    SSH_ENCODE_INPUT_OPT(IXON)
+    SSH_ENCODE_INPUT_OPT(IXANY)
+    SSH_ENCODE_INPUT_OPT(IXOFF)
+    SSH_ENCODE_INPUT_OPT(IMAXBEL)
+#ifdef IUTF8
+    SSH_ENCODE_INPUT_OPT(IUTF8)
+#endif
+#undef SSH_ENCODE_INPUT_OPT
+
+#define SSH_ENCODE_OUTPUT_OPT(opt) \
+    SSH_ENCODE_OPT(TTY_OP_##opt, (attr->c_oflag & opt) ? 1 : 0)
+    SSH_ENCODE_OUTPUT_OPT(OPOST)
+#ifdef OLCUC
+    SSH_ENCODE_OUTPUT_OPT(OLCUC)
+#endif
+    SSH_ENCODE_OUTPUT_OPT(ONLCR)
+    SSH_ENCODE_OUTPUT_OPT(OCRNL)
+    SSH_ENCODE_OUTPUT_OPT(ONOCR)
+    SSH_ENCODE_OUTPUT_OPT(ONLRET)
+#undef SSH_ENCODE_OUTPUT_OPT
+
+#define SSH_ENCODE_CONTROL_OPT(opt) \
+    SSH_ENCODE_OPT(TTY_OP_##opt, (attr->c_cflag & opt) ? 1 : 0)
+    SSH_ENCODE_CONTROL_OPT(CS7)
+    SSH_ENCODE_CONTROL_OPT(CS8)
+    SSH_ENCODE_CONTROL_OPT(PARENB)
+    SSH_ENCODE_CONTROL_OPT(PARODD)
+#undef SSH_ENCODE_CONTROL_OPT
+
+#define SSH_ENCODE_LOCAL_OPT(opt) \
+    SSH_ENCODE_OPT(TTY_OP_##opt, (attr->c_lflag & opt) ? 1 : 0)
+    SSH_ENCODE_LOCAL_OPT(ISIG)
+    SSH_ENCODE_LOCAL_OPT(ICANON)
+#ifdef XCASE
+    SSH_ENCODE_LOCAL_OPT(XCASE)
+#endif
+    SSH_ENCODE_LOCAL_OPT(ECHO)
+    SSH_ENCODE_LOCAL_OPT(ECHOE)
+    SSH_ENCODE_LOCAL_OPT(ECHOK)
+    SSH_ENCODE_LOCAL_OPT(ECHONL)
+    SSH_ENCODE_LOCAL_OPT(NOFLSH)
+    SSH_ENCODE_LOCAL_OPT(TOSTOP)
+    SSH_ENCODE_LOCAL_OPT(IEXTEN)
+    SSH_ENCODE_LOCAL_OPT(ECHOCTL)
+    SSH_ENCODE_LOCAL_OPT(ECHOKE)
+#ifdef PENDIN
+    SSH_ENCODE_LOCAL_OPT(PENDIN)
+#endif
+#undef SSH_ENCODE_LOCAL_OPT
+
+#define SSH_ENCODE_CC_OPT(opt) SSH_ENCODE_OPT(TTY_OP_##opt, attr->c_cc[opt])
+    SSH_ENCODE_CC_OPT(VINTR)
+    SSH_ENCODE_CC_OPT(VQUIT)
+    SSH_ENCODE_CC_OPT(VERASE)
+    SSH_ENCODE_CC_OPT(VKILL)
+    SSH_ENCODE_CC_OPT(VEOF)
+    SSH_ENCODE_CC_OPT(VEOL)
+    SSH_ENCODE_CC_OPT(VEOL2)
+    SSH_ENCODE_CC_OPT(VSTART)
+    SSH_ENCODE_CC_OPT(VSTOP)
+    SSH_ENCODE_CC_OPT(VSUSP)
+#ifdef VDSUSP
+    SSH_ENCODE_CC_OPT(VDSUSP)
+#endif
+    SSH_ENCODE_CC_OPT(VREPRINT)
+    SSH_ENCODE_CC_OPT(VWERASE)
+    SSH_ENCODE_CC_OPT(VLNEXT)
+#ifdef VFLUSH
+    SSH_ENCODE_CC_OPT(VFLUSH)
+#endif
+#ifdef VSWTC
+    SSH_ENCODE_CC_OPT(VSWTC)
+#endif
+#ifdef VSTATUS
+    SSH_ENCODE_CC_OPT(VSTATUS)
+#endif
+    SSH_ENCODE_CC_OPT(VDISCARD)
+#undef SSH_ENCODE_CC_OPT
+
+    SSH_ENCODE_OPT(TTY_OP_ISPEED, baud2speed(cfgetispeed(attr)))
+    SSH_ENCODE_OPT(TTY_OP_OSPEED, baud2speed(cfgetospeed(attr)))
+#undef SSH_ENCODE_OPT
+
+    /* end of options */
+    if (buflen > offset) {
+        buf[offset++] = TTY_OP_END;
+    } else {
+        return -1;
+    }
+
+    return (int)offset;
+}
+#endif
+
+/**
+ * Encodes a set of default options to ensure "sane" PTY behavior.
+ * This function intentionally doesn't use the \c termios structure
+ * to allow it to work on Windows as well.
+ *
+ * The "sane" default set is derived from the `stty sane`, but iutf8 support is
+ * added on top of that.
+ *
+ * @param[out] buf      Modes will be encoded into this buffer.
+ *
+ * @param[in]  buflen   The length of the buffer.
+ *
+ * @return              number of bytes in the buffer on success, -1 on error.
+ */
+static int
+encode_default_opts(unsigned char *buf, size_t buflen)
+{
+    unsigned int offset = 0;
+    int rc;
+
+#define SSH_ENCODE_OPT(code, value)                                      \
+    rc = encode_termios_opt(code, value, buf + offset, buflen - offset); \
+    if (rc < 0) {                                                        \
+        return rc;                                                       \
+    } else {                                                             \
+        offset += rc;                                                    \
+    }
+
+    SSH_ENCODE_OPT(TTY_OP_VINTR, 003)
+    SSH_ENCODE_OPT(TTY_OP_VQUIT, 034)
+    SSH_ENCODE_OPT(TTY_OP_VERASE, 0177)
+    SSH_ENCODE_OPT(TTY_OP_VKILL, 025)
+    SSH_ENCODE_OPT(TTY_OP_VEOF, 004)
+    SSH_ENCODE_OPT(TTY_OP_VEOL, 0)
+    SSH_ENCODE_OPT(TTY_OP_VEOL2, 0)
+    SSH_ENCODE_OPT(TTY_OP_VSTART, 021)
+    SSH_ENCODE_OPT(TTY_OP_VSTOP, 023)
+    SSH_ENCODE_OPT(TTY_OP_VSUSP, 032)
+    SSH_ENCODE_OPT(TTY_OP_VDSUSP, 031)
+    SSH_ENCODE_OPT(TTY_OP_VREPRINT, 022)
+    SSH_ENCODE_OPT(TTY_OP_VWERASE, 027)
+    SSH_ENCODE_OPT(TTY_OP_VLNEXT, 026)
+    SSH_ENCODE_OPT(TTY_OP_VDISCARD, 017)
+    SSH_ENCODE_OPT(TTY_OP_IGNPAR, 0)
+    SSH_ENCODE_OPT(TTY_OP_PARMRK, 0)
+    SSH_ENCODE_OPT(TTY_OP_INPCK, 0)
+    SSH_ENCODE_OPT(TTY_OP_ISTRIP, 0)
+    SSH_ENCODE_OPT(TTY_OP_INLCR, 0)
+    SSH_ENCODE_OPT(TTY_OP_IGNCR, 0)
+    SSH_ENCODE_OPT(TTY_OP_ICRNL, 1)
+    SSH_ENCODE_OPT(TTY_OP_IUCLC, 0)
+    SSH_ENCODE_OPT(TTY_OP_IXON, 1)
+    SSH_ENCODE_OPT(TTY_OP_IXANY, 0)
+    SSH_ENCODE_OPT(TTY_OP_IXOFF, 0)
+    SSH_ENCODE_OPT(TTY_OP_IMAXBEL, 0)
+    SSH_ENCODE_OPT(TTY_OP_IUTF8, 1)
+    SSH_ENCODE_OPT(TTY_OP_ISIG, 1)
+    SSH_ENCODE_OPT(TTY_OP_ICANON, 1)
+    SSH_ENCODE_OPT(TTY_OP_XCASE, 0)
+    SSH_ENCODE_OPT(TTY_OP_ECHO, 1)
+    SSH_ENCODE_OPT(TTY_OP_ECHOE, 1)
+    SSH_ENCODE_OPT(TTY_OP_ECHOK, 1)
+    SSH_ENCODE_OPT(TTY_OP_ECHONL, 0)
+    SSH_ENCODE_OPT(TTY_OP_NOFLSH, 0)
+    SSH_ENCODE_OPT(TTY_OP_TOSTOP, 0)
+    SSH_ENCODE_OPT(TTY_OP_IEXTEN, 1)
+    SSH_ENCODE_OPT(TTY_OP_ECHOCTL, 1)
+    SSH_ENCODE_OPT(TTY_OP_ECHOKE, 1)
+    SSH_ENCODE_OPT(TTY_OP_PENDIN, 0)
+    SSH_ENCODE_OPT(TTY_OP_OPOST, 1)
+    SSH_ENCODE_OPT(TTY_OP_OLCUC, 0)
+    SSH_ENCODE_OPT(TTY_OP_ONLCR, 1)
+    SSH_ENCODE_OPT(TTY_OP_OCRNL, 0)
+    SSH_ENCODE_OPT(TTY_OP_ONOCR, 0)
+    SSH_ENCODE_OPT(TTY_OP_ONLRET, 0)
+    SSH_ENCODE_OPT(TTY_OP_CS7, 1)
+    SSH_ENCODE_OPT(TTY_OP_CS8, 1)
+    SSH_ENCODE_OPT(TTY_OP_PARENB, 0)
+    SSH_ENCODE_OPT(TTY_OP_PARODD, 0)
+    SSH_ENCODE_OPT(TTY_OP_ISPEED, 38400);
+    SSH_ENCODE_OPT(TTY_OP_OSPEED, 38400);
+
+#undef SSH_ENCODE_OPT
+
+    /* end of options */
+    if (buflen > offset) {
+        buf[offset++] = TTY_OP_END;
+    } else {
+        return -1;
+    }
+
+    return (int)offset;
+}
+
+/**
+ * @ingroup libssh_misc
+ *
+ * @brief Encode the current TTY options as SSH modes.
+ *
+ * Call this function to determine the settings of the process' TTY and
+ * encode them as SSH Terminal Modes according to RFC 4254 section 8.
+ *
+ * If STDIN isn't connected to a TTY, this function fills the buffer with
+ * "sane" default modes.
+ *
+ * The encoded modes can be passed to \c ssh_channel_request_pty_size_modes .
+ *
+ * @code
+ *   unsigned char modes_buf[SSH_TTY_MODES_MAX_BUFSIZE];
+ *   encode_current_tty_opts(modes_buf, sizeof(modes_buf));
+ * @endcode
+ *
+ *
+ * @param[out] buf      Modes will be encoded into this buffer.
+ *
+ * @param[in]  buflen   The length of the buffer.
+ *
+ * @return              number of bytes in the buffer on success, -1 on error.
+ */
+int
+encode_current_tty_opts(unsigned char *buf, size_t buflen)
+{
+#ifdef HAVE_TERMIOS_H
+    struct termios attr;
+    ZERO_STRUCT(attr);
+
+    if (isatty(STDIN_FILENO)) {
+        /* get local terminal attributes */
+        if (tcgetattr(STDIN_FILENO, &attr) < 0) {
+            perror("tcgetattr");
+            return -1;
+        }
+        return encode_termios_opts(&attr, buf, buflen);
+    }
+#endif
+
+    /* use "sane" default attributes */
+    return encode_default_opts(buf, buflen);
+}
diff --git a/libssh/src/wrapper.c b/libssh/src/wrapper.c
index bff7bab3..62513016 100644
--- a/libssh/src/wrapper.c
+++ b/libssh/src/wrapper.c
@@ -1,5 +1,5 @@
 /*
- * wrapper.c - wrapper for crytpo functions
+ * wrapper.c - wrapper for crypto functions
  *
  * This file is part of the SSH Library
  *
@@ -38,10 +38,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#ifdef WITH_ZLIB
-#include <zlib.h>
-#endif
-
 #include "libssh/priv.h"
 #include "libssh/session.h"
 #include "libssh/crypto.h"
@@ -150,15 +146,15 @@ static void cipher_free(struct ssh_cipher_struct *cipher) {
   SAFE_FREE(cipher);
 }
 
-struct ssh_crypto_struct *crypto_new(void) {
-   struct ssh_crypto_struct *crypto;
+struct ssh_crypto_struct *crypto_new(void)
+{
+    struct ssh_crypto_struct *crypto = NULL;
 
-  crypto = malloc(sizeof(struct ssh_crypto_struct));
-  if (crypto == NULL) {
-    return NULL;
-  }
-  ZERO_STRUCTP(crypto);
-  return crypto;
+    crypto = calloc(1, sizeof(struct ssh_crypto_struct));
+    if (crypto == NULL) {
+        return NULL;
+    }
+    return crypto;
 }
 
 void crypto_free(struct ssh_crypto_struct *crypto)
@@ -176,20 +172,19 @@ void crypto_free(struct ssh_crypto_struct *crypto)
 #ifdef HAVE_ECDH
     SAFE_FREE(crypto->ecdh_client_pubkey);
     SAFE_FREE(crypto->ecdh_server_pubkey);
-    if(crypto->ecdh_privkey != NULL){
+    if (crypto->ecdh_privkey != NULL) {
 #ifdef HAVE_OPENSSL_ECC
-/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
- * https://github.com/openssl/openssl/pull/16624
- * #if OPENSSL_VERSION_NUMBER < 0x30000000L
- */
-#if 1
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
         EC_KEY_free(crypto->ecdh_privkey);
 #else
         EVP_PKEY_free(crypto->ecdh_privkey);
 #endif /* OPENSSL_VERSION_NUMBER */
 #elif defined HAVE_GCRYPT_ECC
         gcry_sexp_release(crypto->ecdh_privkey);
-#endif
+#elif defined HAVE_LIBMBEDCRYPTO
+        mbedtls_ecp_keypair_free(crypto->ecdh_privkey);
+        SAFE_FREE(crypto->ecdh_privkey);
+#endif /* HAVE_LIBGCRYPT */
         crypto->ecdh_privkey = NULL;
     }
 #endif
@@ -202,19 +197,7 @@ void crypto_free(struct ssh_crypto_struct *crypto)
         explicit_bzero(crypto->secret_hash, crypto->digest_len);
         SAFE_FREE(crypto->secret_hash);
     }
-#ifdef WITH_ZLIB
-    if (crypto->compress_out_ctx &&
-        (deflateEnd(crypto->compress_out_ctx) != 0)) {
-        inflateEnd(crypto->compress_out_ctx);
-    }
-    SAFE_FREE(crypto->compress_out_ctx);
-
-    if (crypto->compress_in_ctx &&
-        (deflateEnd(crypto->compress_in_ctx) != 0)) {
-        inflateEnd(crypto->compress_in_ctx);
-    }
-    SAFE_FREE(crypto->compress_in_ctx);
-#endif /* WITH_ZLIB */
+    compress_cleanup(crypto);
     SAFE_FREE(crypto->encryptIV);
     SAFE_FREE(crypto->decryptIV);
     SAFE_FREE(crypto->encryptMAC);
@@ -242,9 +225,32 @@ void crypto_free(struct ssh_crypto_struct *crypto)
     SAFE_FREE(crypto);
 }
 
+static void
+compression_enable(ssh_session session,
+                   enum ssh_crypto_direction_e direction,
+                   bool delayed)
+{
+    /* The delayed compression is turned on AFTER authentication. This means
+     * that we need to turn it on immediately in case of rekeying */
+    if (delayed && !(session->flags & SSH_SESSION_FLAG_AUTHENTICATED)) {
+        if (direction == SSH_DIRECTION_IN) {
+            session->next_crypto->delayed_compress_in = 1;
+        } else { /* SSH_DIRECTION_OUT */
+            session->next_crypto->delayed_compress_out = 1;
+        }
+    } else {
+        if (direction == SSH_DIRECTION_IN) {
+            session->next_crypto->do_compress_in = 1;
+        } else { /* SSH_DIRECTION_OUT */
+            session->next_crypto->do_compress_out = 1;
+        }
+    }
+}
+
 static int crypt_set_algorithms2(ssh_session session)
 {
     const char *wanted = NULL;
+    const char *method = NULL;
     struct ssh_cipher_struct *ssh_ciphertab=ssh_get_ciphertab();
     struct ssh_hmac_struct *ssh_hmactab=ssh_get_hmactab();
     uint8_t i = 0;
@@ -367,22 +373,29 @@ static int crypt_set_algorithms2(ssh_session session)
     session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
     session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;
 
-    /* compression */
-    cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib");
+    /* compression: client */
+    method = session->next_crypto->kex_methods[SSH_COMP_C_S];
+    cmp = strcmp(method, "zlib");
     if (cmp == 0) {
-        session->next_crypto->do_compress_out = 1;
+        SSH_LOG(SSH_LOG_PACKET, "enabling C->S compression");
+        compression_enable(session, SSH_DIRECTION_OUT, false);
     }
-    cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib");
+    cmp = strcmp(method, "zlib@openssh.com");
     if (cmp == 0) {
-        session->next_crypto->do_compress_in = 1;
+        SSH_LOG(SSH_LOG_PACKET, "enabling C->S delayed compression");
+        compression_enable(session, SSH_DIRECTION_OUT, true);
     }
-    cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib@openssh.com");
+
+    method = session->next_crypto->kex_methods[SSH_COMP_S_C];
+    cmp = strcmp(method, "zlib");
     if (cmp == 0) {
-        session->next_crypto->delayed_compress_out = 1;
+        SSH_LOG(SSH_LOG_PACKET, "enabling S->C compression");
+        compression_enable(session, SSH_DIRECTION_IN, false);
     }
-    cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_S_C], "zlib@openssh.com");
+    cmp = strcmp(method, "zlib@openssh.com");
     if (cmp == 0) {
-        session->next_crypto->delayed_compress_in = 1;
+        SSH_LOG(SSH_LOG_PACKET, "enabling S->C delayed compression");
+        compression_enable(session, SSH_DIRECTION_IN, true);
     }
 
     return SSH_OK;
@@ -401,7 +414,6 @@ int crypt_set_algorithms_server(ssh_session session){
     struct ssh_hmac_struct   *ssh_hmactab=ssh_get_hmactab();
     int cmp;
 
-
     if (session == NULL) {
         return SSH_ERROR;
     }
@@ -520,33 +532,27 @@ int crypt_set_algorithms_server(ssh_session session){
 
     /* compression */
     method = session->next_crypto->kex_methods[SSH_COMP_C_S];
-    if(strcmp(method,"zlib") == 0){
-        SSH_LOG(SSH_LOG_PACKET,"enabling C->S compression");
-        session->next_crypto->do_compress_in=1;
+    cmp = strcmp(method, "zlib");
+    if (cmp == 0) {
+        SSH_LOG(SSH_LOG_PACKET, "enabling C->S compression");
+        compression_enable(session, SSH_DIRECTION_IN, false);
     }
-    if(strcmp(method,"zlib@openssh.com") == 0){
-        SSH_LOG(SSH_LOG_PACKET,"enabling C->S delayed compression");
-
-        if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
-            session->next_crypto->do_compress_in = 1;
-        } else {
-            session->next_crypto->delayed_compress_in = 1;
-        }
+    cmp = strcmp(method, "zlib@openssh.com");
+    if (cmp == 0) {
+        SSH_LOG(SSH_LOG_PACKET, "enabling C->S delayed compression");
+        compression_enable(session, SSH_DIRECTION_IN, true);
     }
 
     method = session->next_crypto->kex_methods[SSH_COMP_S_C];
-    if(strcmp(method,"zlib") == 0){
+    cmp = strcmp(method, "zlib");
+    if (cmp == 0) {
         SSH_LOG(SSH_LOG_PACKET, "enabling S->C compression");
-        session->next_crypto->do_compress_out=1;
+        compression_enable(session, SSH_DIRECTION_OUT, false);
     }
-    if(strcmp(method,"zlib@openssh.com") == 0){
-        SSH_LOG(SSH_LOG_PACKET,"enabling S->C delayed compression");
-
-        if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
-            session->next_crypto->do_compress_out = 1;
-        } else {
-            session->next_crypto->delayed_compress_out = 1;
-        }
+    cmp = strcmp(method, "zlib@openssh.com");
+    if (cmp == 0) {
+        SSH_LOG(SSH_LOG_PACKET, "enabling S->C delayed compression");
+        compression_enable(session, SSH_DIRECTION_OUT, true);
     }
 
     method = session->next_crypto->kex_methods[SSH_HOSTKEYS];
diff --git a/libssh/tests/CMakeLists.txt b/libssh/tests/CMakeLists.txt
index 22a36f37..e537d53c 100644
--- a/libssh/tests/CMakeLists.txt
+++ b/libssh/tests/CMakeLists.txt
@@ -6,9 +6,7 @@ endif (BSD OR SOLARIS OR OSX)
 
 set(TORTURE_LIBRARY torture)
 
-include_directories(${OPENSSL_INCLUDE_DIR}
-                    ${CMOCKA_INCLUDE_DIR}
-                    ${ZLIB_INCLUDE_DIR}
+include_directories(${CMOCKA_INCLUDE_DIR}
                     ${libssh_BINARY_DIR}/include
                     ${libssh_BINARY_DIR}
                     ${libssh_SOURCE_DIR}/src
@@ -20,6 +18,18 @@ set(TORTURE_LINK_LIBRARIES
     ${CMOCKA_LIBRARY}
     ssh::static)
 
+if (NOT WIN32)
+    set(TORTURE_LINK_LIBRARIES
+        ${TORTURE_LINK_LIBRARIES}
+        pthread)
+endif(NOT WIN32)
+if (WITH_GSSAPI AND GSSAPI_FOUND)
+    find_package(OpenSSL 1.1.1 REQUIRED)
+    set(TORTURE_LINK_LIBRARIES
+        ${TORTURE_LINK_LIBRARIES}
+        OpenSSL::Crypto)
+endif (WITH_GSSAPI AND GSSAPI_FOUND)
+
 # create test library
 add_library(${TORTURE_LIBRARY}
             STATIC
@@ -28,10 +38,13 @@ add_library(${TORTURE_LIBRARY}
                 torture_key.c
                 torture_pki.c
                 torture_cmocka.c)
-target_link_libraries(${TORTURE_LIBRARY} ${TORTURE_LINK_LIBRARIES})
+target_link_libraries(${TORTURE_LIBRARY} PRIVATE ${TORTURE_LINK_LIBRARIES})
 target_compile_options(${TORTURE_LIBRARY} PRIVATE
                        -DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
 )
+if (WITH_COVERAGE)
+    append_coverage_compiler_flags_to_target(${TORTURE_LIBRARY})
+endif (WITH_COVERAGE)
 
 # The shared version of the library is only useful when client testing is
 # enabled
@@ -62,7 +75,7 @@ if (CLIENT_TESTING)
                     torture_pki.c
                     torture_cmocka.c
                )
-    target_link_libraries(${TORTURE_SHARED_LIBRARY}
+    target_link_libraries(${TORTURE_SHARED_LIBRARY} PUBLIC
                           ${CMOCKA_LIBRARY}
                           ssh::static
                           ${WRAP_SYMBOLS}
@@ -71,11 +84,14 @@ if (CLIENT_TESTING)
                            -DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
                            -DTORTURE_SHARED
     )
+    if (WITH_COVERAGE)
+        append_coverage_compiler_flags_to_target(${TORTURE_SHARED_LIBRARY})
+    endif (WITH_COVERAGE)
 endif ()
 
-if (ARGP_LIBRARY)
+if (ARGP_LIBRARIES)
     target_link_libraries(${TORTURE_LIBRARY}
-        ${ARGP_LIBRARY}
+        PUBLIC ${ARGP_LIBRARIES}
     )
 endif()
 
@@ -89,17 +105,19 @@ add_subdirectory(unittests)
 # OpenSSH Capabilities are required for all unit tests
 find_program(SSH_EXECUTABLE NAMES ssh)
 if (SSH_EXECUTABLE)
+    file(SIZE ${SSH_EXECUTABLE} SSH_EXECUTABLE_SIZE)
     execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR)
-    string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
-    string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
+    string(REGEX REPLACE "^.*OpenSSH_([0-9]+).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
+    string(REGEX REPLACE "^.*OpenSSH_[0-9]+.([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
     set(OPENSSH_VERSION "${OPENSSH_VERSION_MAJOR}.${OPENSSH_VERSION_MINOR}")
+    add_definitions(-DOPENSSH_VERSION_MAJOR=${OPENSSH_VERSION_MAJOR} -DOPENSSH_VERSION_MINOR=${OPENSSH_VERSION_MINOR})
     if("${OPENSSH_VERSION}" VERSION_LESS "6.3")
         # ssh - Q was introduced in 6.3
         message("Version less than 6.3, hardcoding cipher list")
         set(OPENSSH_CIPHERS "aes128-ctr\naes192-ctr\naes256-ctr\narcfour256\narcfour128\naes128-gcm@openssh.com\naes256-gcm@openssh.com\naes128-cbc\n3des-cbc\nblowfish-cbc\ncast128-cbc\naes192-cbc\naes256-cbc\narcfour\nrijndael-cbc@lysator.liu.se\n")
         set(OPENSSH_MACS "hmac-md5-etm@openssh.com\nhmac-sha1-etm@openssh.com\numac-64-etm@openssh.com\numac-128-etm@openssh.com\nhmac-sha2-256-etm@openssh.com\nhmac-sha2-512-etm@openssh.com\nhmac-ripemd160-etm@openssh.com\nhmac-sha1-96-etm@openssh.com\nhmac-md5-96-etm@openssh.com\nhmac-md5\nhmac-sha1\numac-64@openssh.com\numac-128@openssh.com\nhmac-sha2-256\nhmac-sha2-512\nhmac-ripemd160\nhmac-ripemd160@openssh.com\nhmac-sha1-96\nhmac-md5-96\n")
         set(OPENSSH_KEX "ecdh-sha2-nistp256\necdh-sha2-nistp384\necdh-sha2-nistp521\ndiffie-hellman-group-exchange-sha256\ndiffie-hellman-group-exchange-sha1\ndiffie-hellman-group14-sha1\ndiffie-hellman-group1-sha1\n")
-        set(OPENSSH_KEYS "ssh-rsa\nssh-dss\necdsa-sha2-nistp256\n")
+        set(OPENSSH_KEYS "ssh-rsa\necdsa-sha2-nistp256\n")
     else()
         execute_process(COMMAND ${SSH_EXECUTABLE} -Q cipher OUTPUT_VARIABLE OPENSSH_CIPHERS)
         execute_process(COMMAND ${SSH_EXECUTABLE} -Q mac OUTPUT_VARIABLE OPENSSH_MACS)
@@ -126,9 +144,9 @@ if (SSH_EXECUTABLE)
         diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1
         diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
         curve25519-sha256 curve25519-sha256@libssh.org
-        ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa ssh-dss
+        ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa
         ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521
-        ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com
+        ssh-rsa-cert-v01@openssh.com
         ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com
         ecdsa-sha2-nistp521-cert-v01@openssh.com
         )
@@ -152,6 +170,22 @@ if (SSH_EXECUTABLE)
 
 endif()
 
+find_program(DROPBEAR_EXECUTABLE NAMES dbclient)
+if (DROPBEAR_EXECUTABLE)
+    execute_process(COMMAND ${DROPBEAR_EXECUTABLE} -V ERROR_VARIABLE DROPBEAR_VERSION_STR)
+    string(REGEX REPLACE "^.*Dropbear v([0-9]+)\\.([0-9]+).*$" "\\1.\\2" DROPBEAR_VERSION "${DROPBEAR_VERSION_STR}")
+    set(DROPBEAR_VERSION "${DROPBEAR_VERSION}")
+
+    # HMAC-SHA1 support was removed in version 2025.87
+    if("${DROPBEAR_VERSION}" VERSION_LESS "2025.87")
+        message("Dropbear Version less than 2025.87, enabling dropbear HMAC-SHA1 tests")
+        add_definitions(-DDROPBEAR_SUPPORTS_HMAC_SHA1)
+    endif()
+else()
+    message(STATUS "Could NOT find Dropbear (missing: dbclient executable)")
+    set(DROPBEAR_EXECUTABLE "/bin/false")
+endif()
+
 find_program(SSHD_EXECUTABLE
              NAME
                 sshd
@@ -160,11 +194,26 @@ find_program(SSHD_EXECUTABLE
                 /usr/sbin
                 /usr/local/sbin)
 
+if (WITH_PKCS11_URI)
+    find_package(softhsm)
+    if (NOT SOFTHSM_FOUND)
+        message(SEND_ERROR "Could not find softhsm module!")
+    endif (NOT SOFTHSM_FOUND)
+    find_library(PKCS11SPY
+        NAMES
+            pkcs11-spy.so
+    )
+
+    #Copy the script to setup PKCS11 tokens
+    file(COPY pkcs11/setup-softhsm-tokens.sh DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/pkcs11 FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE)
+endif (WITH_PKCS11_URI)
+
 if (CLIENT_TESTING OR SERVER_TESTING)
     find_package(socket_wrapper 1.1.5 REQUIRED)
     find_package(nss_wrapper 1.1.2 REQUIRED)
     find_package(uid_wrapper 1.2.0 REQUIRED)
     find_package(pam_wrapper 1.0.1 REQUIRED)
+    find_package(priv_wrapper 1.0.0)
 
     if (NOT SSHD_EXECUTABLE)
         message(SEND_ERROR "Could not find sshd which is required for client testing")
@@ -177,21 +226,6 @@ if (CLIENT_TESTING OR SERVER_TESTING)
                     /usr/bin
                     /usr/local/bin)
 
-    if (WITH_PKCS11_URI)
-        find_package(softhsm)
-        if (NOT SOFTHSM_FOUND)
-            message(SEND_ERROR "Could not find softhsm module!")
-        endif (NOT SOFTHSM_FOUND)
-    endif (WITH_PKCS11_URI)
-
-    find_program(SSH_EXECUTABLE NAMES ssh)
-    if (SSH_EXECUTABLE)
-        execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR)
-        string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
-        string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
-        add_definitions(-DOPENSSH_VERSION_MAJOR=${OPENSSH_VERSION_MAJOR} -DOPENSSH_VERSION_MINOR=${OPENSSH_VERSION_MINOR})
-    endif()
-
     set(LOCAL_USER "nobody")
     set(LOCAL_UID "65533")
     find_program(ID_EXECUTABLE NAMES id)
@@ -212,18 +246,33 @@ if (CLIENT_TESTING OR SERVER_TESTING)
         set(WITH_TIMEOUT "1")
     endif()
 
-    # chroot_wrapper
-    add_library(chroot_wrapper SHARED chroot_wrapper.c)
-    set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
+    # For chroot() use priv_wrapper package if found, or internal chroot_wrapper
+    if (priv_wrapper_FOUND)
+        set(CHROOT_WRAPPER "${PRIV_WRAPPER_LIBRARY}")
+    else()
+        add_library(chroot_wrapper SHARED chroot_wrapper.c)
+        set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
+        set(TEST_TARGET_LIBRARIES
+            ${TEST_TARGET_LIBRARIES}
+            chroot_wrapper
+        )
+        set(CHROOT_WRAPPER "${CHROOT_WRAPPER_LIBRARY}")
+    endif()
+
+    # fs wrapper
+    add_library(fs_wrapper SHARED fs_wrapper.c)
+    set(FS_WRAPPER_LIBRARY
+        ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}fs_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
     set(TEST_TARGET_LIBRARIES
         ${TEST_TARGET_LIBRARIES}
-        chroot_wrapper
+        fs_wrapper
     )
+    set(FS_WRAPPER "${FS_WRAPPER_LIBRARY}")
 
     # ssh_ping
     add_executable(ssh_ping ssh_ping.c)
     target_compile_options(ssh_ping PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(ssh_ping ssh::static)
+    target_link_libraries(ssh_ping ssh::static pthread)
 
     # homedir will be used in passwd
     set(HOMEDIR ${CMAKE_CURRENT_BINARY_DIR}/home)
@@ -239,7 +288,12 @@ if (CLIENT_TESTING OR SERVER_TESTING)
     configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY)
 
 
-    set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER_LIBRARY}")
+    set(TORTURE_ENVIRONMENT
+        "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${FS_WRAPPER}")
+    if (priv_wrapper_FOUND)
+        list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1)
+        list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL")
+    endif()
     list(APPEND TORTURE_ENVIRONMENT UID_WRAPPER=1 UID_WRAPPER_ROOT=1)
     list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_PASSWD=${CMAKE_CURRENT_BINARY_DIR}/etc/passwd)
     list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow)
@@ -283,16 +337,18 @@ if (CLIENT_TESTING OR SERVER_TESTING)
     file(READ keys/pkcs11/id_pkcs11_ecdsa_521_openssh.pub CONTENTS)
     file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}")
 
-    # Copy the signed key to an alternative directory in bob's homedir.
-    file(COPY keys/certauth/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
-    file(COPY keys/certauth/id_rsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
-    file(COPY keys/certauth/id_rsa-cert.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    # Copy the signed key to an doe's homedir.
+    file(COPY keys/certauth/id_rsa DESTINATION
+        ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    file(COPY keys/certauth/id_rsa.pub DESTINATION
+        ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    file(COPY keys/certauth/id_rsa-cert.pub DESTINATION
+        ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+endif ()
 
-    #Copy the script to setup PKCS11 tokens
-    file(COPY pkcs11/setup-softhsm-tokens.sh DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/pkcs11 FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE)
+file(COPY gss/kdcsetup.sh DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/gss FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE)
 
-    message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}")
-endif ()
+message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}")
 
 configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h)
 
@@ -315,3 +371,12 @@ endif ()
 if (FUZZ_TESTING)
     add_subdirectory(fuzz)
 endif()
+
+add_custom_target(test_memcheck
+    # FIXME: The threads_pki_rsa test is skipped under valgrind as it times out
+    # Passing suppression file is also stupid so lets go with override here:
+    # https://stackoverflow.com/a/56116311
+    COMMAND ${CMAKE_CTEST_COMMAND} -E torture_threads_pki_rsa -E pkd_hello_i1
+        --output-on-failure --force-new-ctest-process --test-action memcheck
+        --overwrite MemoryCheckSuppressionFile=${CMAKE_SOURCE_DIR}/tests/valgrind.supp
+    WORKING_DIRECTORY "${CMAKE_BINARY_DIR}")
diff --git a/libssh/tests/benchmarks/CMakeLists.txt b/libssh/tests/benchmarks/CMakeLists.txt
index 183d710d..c7b245a5 100644
--- a/libssh/tests/benchmarks/CMakeLists.txt
+++ b/libssh/tests/benchmarks/CMakeLists.txt
@@ -1,11 +1,17 @@
 project(libssh-benchmarks C)
 
 set(benchmarks_SRCS
-  bench_scp.c bench_sftp.c bench_raw.c benchmarks.c latency.c
+  bench_scp.c bench_raw.c benchmarks.c latency.c
 )
+if (WITH_SFTP)
+  set(benchmarks_SRCS
+    ${benchmarks_SRCS}
+    bench_sftp.c
+  )
+endif (WITH_SFTP)
 
 include_directories(${libssh_BINARY_DIR})
 
 add_executable(benchmarks ${benchmarks_SRCS})
 
-target_link_libraries(benchmarks ssh::ssh)
+target_link_libraries(benchmarks ssh::static pthread)
diff --git a/libssh/tests/benchmarks/bench1.sh b/libssh/tests/benchmarks/bench1.sh
index 4458e9a7..6b3b20f3 100755
--- a/libssh/tests/benchmarks/bench1.sh
+++ b/libssh/tests/benchmarks/bench1.sh
@@ -1,13 +1,14 @@
+#!/bin/bash
 export CIPHER=aes128-cbc
 export DEST=localhost
 
 echo "Upload raw SSH statistics"
-echo "local machine: `uname -a`"
-echo "Cipher : $CIPHER ; Destination : $DEST (`ssh $DEST uname -a`)"
-echo "Local ssh version: `ssh -V 2>&1`"
+echo "local machine: $(uname -a)"
+echo "Cipher : $CIPHER ; Destination : $DEST ($(ssh $DEST uname -a))"
+echo "Local ssh version: $(ssh -V 2>&1)"
 echo "Ping latency to $DEST":
 ping -q -c 1 -n $DEST
-echo "Destination $DEST SSHD vesion : `echo | nc $DEST 22 | head -n1`"
-echo "ssh login latency :`(time -f user:%U ssh $DEST 'id > /dev/null') 2>&1`"
+echo "Destination $DEST SSHD version : $(echo | nc $DEST 22 | head -n1)"
+echo "ssh login latency :$( (command time -f user:%U ssh $DEST 'id > /dev/null') 2>&1)"
 ./generate.py | dd bs=4096 count=100000 | time ssh -c $CIPHER $DEST "dd bs=4096 of=/dev/null" 2>&1
 
diff --git a/libssh/tests/benchmarks/bench2.sh b/libssh/tests/benchmarks/bench2.sh
index 01d67777..cf240fda 100755
--- a/libssh/tests/benchmarks/bench2.sh
+++ b/libssh/tests/benchmarks/bench2.sh
@@ -1,13 +1,14 @@
+#!/bin/bash
 export CIPHER=aes128-cbc
 export DEST=localhost
 
 echo "Upload raw SSH statistics"
-echo "local machine: `uname -a`"
-echo "Cipher : $CIPHER ; Destination : $DEST (`ssh $DEST uname -a`)"
-echo "Local ssh version: `samplessh -V 2>&1`"
+echo "local machine: $(uname -a)"
+echo "Cipher : $CIPHER ; Destination : $DEST ($(ssh $DEST uname -a))"
+echo "Local ssh version: $(samplessh -V 2>&1)"
 echo "Ping latency to $DEST":
 ping -q -c 1 -n $DEST
-echo "Destination $DEST SSHD vesion : `echo | nc $DEST 22 | head -n1`"
-echo "ssh login latency :`(time -f user:%U samplessh $DEST 'id > /dev/null') 2>&1`"
+echo "Destination $DEST SSHD version : $(echo | nc $DEST 22 | head -n1)"
+echo "ssh login latency :$( (command time -f user:%U samplessh $DEST 'id > /dev/null') 2>&1)"
 ./generate.py | dd bs=4096 count=100000 | strace  samplessh -c $CIPHER $DEST "dd bs=4096 of=/dev/null" 2>&1
 
diff --git a/libssh/tests/benchmarks/bench_raw.c b/libssh/tests/benchmarks/bench_raw.c
index db1a057c..05a6ceb0 100644
--- a/libssh/tests/benchmarks/bench_raw.c
+++ b/libssh/tests/benchmarks/bench_raw.c
@@ -49,6 +49,9 @@ static char *get_python_eater(unsigned long bytes){
   char *ptr;
   char buf[12];
 
+  if (eater == NULL) {
+    return NULL;
+  }
   memcpy(eater,python_eater,sizeof(python_eater));
   ptr=strstr(eater,"XXXXXXXXXX");
   if(!ptr){
@@ -116,7 +119,10 @@ int benchmarks_raw_up (ssh_session session, struct argument_s *args,
   unsigned long total=0;
 
   bytes = args->datasize * 1024 * 1024;
-  script =get_python_eater(bytes);
+  script = get_python_eater(bytes);
+  if (script == NULL) {
+    return -1;
+  }
   err=upload_script(session,"/tmp/eater.py",script);
   free(script);
   if(err<0)
@@ -129,8 +135,13 @@ int benchmarks_raw_up (ssh_session session, struct argument_s *args,
   snprintf(cmd,sizeof(cmd),"%s /tmp/eater.py", PYTHON_PATH);
   if(ssh_channel_request_exec(channel,cmd)==SSH_ERROR)
     goto error;
-  if((err=ssh_channel_read(channel,buffer,sizeof(buffer)-1,0))==SSH_ERROR)
-    goto error;
+  err = ssh_channel_read(channel, buffer, sizeof(buffer) - 1, 0);
+  if (err == SSH_ERROR)
+      goto error;
+  if (err == SSH_AGAIN) {
+      fprintf(stderr, "ssh_channel_read timeout");
+      goto error;
+  }
   buffer[err]=0;
   if(!strstr(buffer,"go")){
     fprintf(stderr,"parse error : %s\n",buffer);
@@ -154,9 +165,13 @@ int benchmarks_raw_up (ssh_session session, struct argument_s *args,
 
   if(args->verbose>0)
     fprintf(stdout,"Finished upload, now waiting the ack\n");
-
-  if((err=ssh_channel_read(channel,buffer,5,0))==SSH_ERROR)
+  err = ssh_channel_read(channel, buffer, 5, 0);
+  if (err == SSH_ERROR)
+      goto error;
+  if (err == SSH_AGAIN) {
+      fprintf(stderr, "ssh_channel_read timeout");
       goto error;
+  }
   buffer[err]=0;
   if(!strstr(buffer,"done")){
     fprintf(stderr,"parse error : %s\n",buffer);
@@ -205,6 +220,9 @@ static char *get_python_giver(unsigned long bytes){
   char *ptr;
   char buf[12];
 
+  if (giver == NULL) {
+    return NULL;
+  }
   memcpy(giver,python_giver,sizeof(python_giver));
   ptr=strstr(giver,"XXXXXXXXXX");
   if(!ptr){
@@ -236,7 +254,10 @@ int benchmarks_raw_down (ssh_session session, struct argument_s *args,
   unsigned long total=0;
 
   bytes = args->datasize * 1024 * 1024;
-  script =get_python_giver(bytes);
+  script = get_python_giver(bytes);
+  if (script == NULL) {
+    return -1;
+  }
   err=upload_script(session,"/tmp/giver.py",script);
   free(script);
   if(err<0)
@@ -260,8 +281,12 @@ int benchmarks_raw_down (ssh_session session, struct argument_s *args,
     if(toread > args->chunksize)
       toread = args->chunksize;
     r=ssh_channel_read(channel,buffer,toread,0);
-    if(r == SSH_ERROR)
-      goto error;
+    if (r == SSH_ERROR)
+        goto error;
+    if (r == SSH_AGAIN) {
+        fprintf(stderr, "ssh_channel_read timeout");
+        goto error;
+    }
     total += r;
   }
 
diff --git a/libssh/tests/benchmarks/bench_sftp.c b/libssh/tests/benchmarks/bench_sftp.c
index 601ecec0..e6c68248 100644
--- a/libssh/tests/benchmarks/bench_sftp.c
+++ b/libssh/tests/benchmarks/bench_sftp.c
@@ -23,6 +23,7 @@
 #include "benchmarks.h"
 #include <libssh/libssh.h>
 #include <libssh/sftp.h>
+#include <libssh/misc.h>
 #include <stdio.h>
 #include <fcntl.h>
 #include <stdlib.h>
@@ -180,6 +181,9 @@ int benchmarks_async_sftp_down (ssh_session session, struct argument_s *args,
   if(!file)
     goto error;
   ids = malloc(concurrent_downloads * sizeof(int));
+  if (ids == NULL) {
+    return -1;
+  }
   if(args->verbose>0)
     fprintf(stdout,"Starting download of %lu bytes now, using %d concurrent downloads\n",bytes,
         concurrent_downloads);
@@ -237,3 +241,396 @@ int benchmarks_async_sftp_down (ssh_session session, struct argument_s *args,
   free(ids);
   return -1;
 }
+
+int benchmarks_async_sftp_aio_down(ssh_session session,
+                                   struct argument_s *args,
+                                   float *bps)
+{
+    sftp_session sftp = NULL;
+    sftp_limits_t li = NULL;
+    sftp_file file = NULL;
+    sftp_aio aio = NULL;
+
+    struct ssh_list *aio_queue = NULL;
+
+    int concurrent_downloads = args->concurrent_requests;
+    size_t chunksize;
+    struct timestamp_struct ts = {0};
+    float ms = 0.0f;
+
+    size_t total_bytes = args->datasize * 1024 * 1024;
+    size_t total_bytes_requested = 0, total_bytes_read = 0;
+    size_t bufsize = args->chunksize;
+    size_t to_read;
+    ssize_t bytes_read, bytes_requested;
+    int warned = 0, i, rc;
+
+    sftp = sftp_new(session);
+    if (sftp == NULL) {
+        fprintf(stderr, "Error during sftp aio download: %s\n",
+                ssh_get_error(session));
+        return -1;
+    }
+
+    /*
+     * Errors which are logged in the ssh session are reported after
+     * jumping to the goto label, errors which aren't logged inside the
+     * ssh session are reported before jumping to that label
+     */
+
+    rc = sftp_init(sftp);
+    if (rc == SSH_ERROR) {
+        goto error;
+    }
+
+    li = sftp_limits(sftp);
+    if (li == NULL) {
+        goto error;
+    }
+
+    if (args->chunksize > li->max_read_length) {
+       chunksize = li->max_read_length;
+       if (args->verbose > 0) {
+           fprintf(stdout,
+                   "Using the chunk size %zu (not the set size %u), "
+                   "to respect the max data limit for read packet\n",
+                   chunksize, args->chunksize);
+       }
+    } else {
+        chunksize = args->chunksize;
+    }
+
+    file = sftp_open(sftp, SFTPDIR SFTPFILE, O_RDONLY, 0);
+    if (file == NULL) {
+        goto error;
+    }
+
+    aio_queue = ssh_list_new();
+    if (aio_queue == NULL) {
+        fprintf(stderr,
+                "Error during sftp aio download: Insufficient memory\n");
+        goto error;
+    }
+
+    if (args->verbose > 0) {
+        fprintf(stdout,
+                "Starting download of %zu bytes now, "
+                "using %d concurrent downloads.\n",
+                total_bytes, concurrent_downloads);
+    }
+
+    timestamp_init(&ts);
+
+    for (i = 0;
+         i < concurrent_downloads && total_bytes_requested < total_bytes;
+         ++i) {
+        to_read = total_bytes - total_bytes_requested;
+        if (to_read > chunksize) {
+            to_read = chunksize;
+        }
+
+        bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+        if (bytes_requested == SSH_ERROR) {
+            goto error;
+        }
+
+        if ((size_t)bytes_requested != to_read) {
+            fprintf(stderr,
+                    "Error during sftp aio download: sftp_aio_begin_read() "
+                    "requesting less bytes even when the number of bytes "
+                    "asked to read are within the max limit");
+            sftp_aio_free(aio);
+            goto error;
+        }
+
+        total_bytes_requested += (size_t)bytes_requested;
+
+        /* enqueue */
+        rc = ssh_list_append(aio_queue, aio);
+        if (rc == SSH_ERROR) {
+            fprintf(stderr,
+                    "Error during sftp aio download: Insufficient memory");
+            sftp_aio_free(aio);
+            goto error;
+        }
+    }
+
+    while ((aio = ssh_list_pop_head(sftp_aio, aio_queue)) != NULL) {
+        bytes_read = sftp_aio_wait_read(&aio, buffer, bufsize);
+        if (bytes_read == -1) {
+            goto error;
+        }
+
+        total_bytes_read += (size_t)bytes_read;
+        if (bytes_read == 0) {
+            fprintf(stdout ,
+                    "File smaller than expected: %zu bytes (expected %zu).\n",
+                    total_bytes_read, total_bytes);
+            break;
+        }
+
+        if (total_bytes_read != total_bytes &&
+            (size_t)bytes_read != chunksize &&
+            warned != 1) {
+            fprintf(stderr,
+                    "async_sftp_aio_download: Receiving short reads "
+                    "(%zu, expected %zu) before encountering eof, "
+                    "the received file will be corrupted and shorted. "
+                    "Adapt chunksize to %zu.\n",
+                    bytes_read, chunksize, bytes_read);
+            warned = 1;
+        }
+
+        if (total_bytes_requested == total_bytes) {
+            /* No need to issue more requests */
+            continue;
+        }
+
+        /* else issue a request */
+        to_read = total_bytes - total_bytes_requested;
+        if (to_read > chunksize) {
+            to_read = chunksize;
+        }
+
+        bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+        if (bytes_requested == SSH_ERROR) {
+            goto error;
+        }
+
+        if ((size_t)bytes_requested != to_read) {
+            fprintf(stderr,
+                    "Error during sftp aio download: sftp_aio_begin_read() "
+                    "requesting less bytes even when the number of bytes "
+                    "asked to read are within the max limit");
+            sftp_aio_free(aio);
+            goto error;
+        }
+
+        total_bytes_requested += (size_t)bytes_requested;
+
+        /* enqueue */
+        rc = ssh_list_append(aio_queue, aio);
+        if (rc == SSH_ERROR) {
+            fprintf(stderr,
+                    "Error during sftp aio download: Insufficient memory\n");
+            sftp_aio_free(aio);
+            goto error;
+        }
+    }
+
+    sftp_close(file);
+    ms = elapsed_time(&ts);
+    *bps = (float)(8000 * total_bytes_read) / ms;
+    if (args->verbose > 0) {
+        fprintf(stdout, "Download took %f ms for %zu bytes at %f bps.\n",
+                ms, total_bytes_read, *bps);
+    }
+
+    ssh_list_free(aio_queue);
+    sftp_limits_free(li);
+    sftp_free(sftp);
+    return 0;
+
+error:
+    rc = ssh_get_error_code(session);
+    if (rc != SSH_NO_ERROR) {
+        fprintf(stderr, "Error during sftp aio download: %s\n",
+                ssh_get_error(session));
+    }
+
+    /* Release aio structures corresponding to outstanding requests */
+    while ((aio = ssh_list_pop_head(sftp_aio, aio_queue)) != NULL) {
+        sftp_aio_free(aio);
+    }
+
+    ssh_list_free(aio_queue);
+    sftp_close(file);
+    sftp_limits_free(li);
+    sftp_free(sftp);
+    return -1;
+}
+
+int benchmarks_async_sftp_aio_up(ssh_session session,
+                                 struct argument_s *args,
+                                 float *bps)
+{
+    sftp_session sftp = NULL;
+    sftp_limits_t li = NULL;
+    sftp_file file = NULL;
+    sftp_aio aio = NULL;
+    struct ssh_list *aio_queue = NULL;
+
+    int concurrent_uploads = args->concurrent_requests;
+    size_t chunksize;
+    struct timestamp_struct ts = {0};
+    float ms = 0.0f;
+
+    size_t total_bytes = args->datasize * 1024 * 1024;
+    size_t to_write, total_bytes_requested = 0;
+    ssize_t bytes_written, bytes_requested;
+    int i, rc;
+
+    sftp = sftp_new(session);
+    if (sftp == NULL) {
+        fprintf(stderr, "Error during sftp aio upload: %s\n",
+                ssh_get_error(session));
+        return -1;
+    }
+
+    /*
+     * Errors which are logged in the ssh session are reported after
+     * jumping to the goto label, errors which aren't logged inside the
+     * ssh session are reported before jumping to that label
+     */
+
+    rc = sftp_init(sftp);
+    if (rc == SSH_ERROR) {
+        goto error;
+    }
+
+    li = sftp_limits(sftp);
+    if (li == NULL) {
+        goto error;
+    }
+
+    if (args->chunksize > li->max_write_length) {
+       chunksize = li->max_write_length;
+       if (args->verbose > 0) {
+           fprintf(stdout,
+                   "Using the chunk size %zu (not the set size %u), "
+                   "to respect the max data limit for write packet\n",
+                   chunksize, args->chunksize);
+       }
+    } else {
+        chunksize = args->chunksize;
+    }
+
+    file = sftp_open(sftp, SFTPDIR SFTPFILE,
+                     O_WRONLY | O_CREAT | O_TRUNC, 0777);
+    if (file == NULL) {
+        goto error;
+    }
+
+    aio_queue = ssh_list_new();
+    if (aio_queue == NULL) {
+        fprintf(stderr, "Error during sftp aio upload: Insufficient memory\n");
+        goto error;
+    }
+
+    if (args->verbose > 0) {
+        fprintf(stdout,
+                "Starting upload of %zu bytes now, "
+                "using %d concurrent uploads.\n",
+                total_bytes, concurrent_uploads);
+    }
+
+    timestamp_init(&ts);
+
+    for (i = 0;
+         i < concurrent_uploads && total_bytes_requested < total_bytes;
+         ++i) {
+        to_write = total_bytes - total_bytes_requested;
+        if (to_write > chunksize) {
+            to_write = chunksize;
+        }
+
+        bytes_requested = sftp_aio_begin_write(file, buffer, to_write, &aio);
+        if (bytes_requested == SSH_ERROR) {
+            goto error;
+        }
+
+        if ((size_t)bytes_requested != to_write) {
+            fprintf(stderr,
+                    "Error during sftp aio upload: sftp_aio_begin_write() "
+                    "requesting less bytes even when the number of bytes "
+                    "asked to write are within the max write limit");
+            sftp_aio_free(aio);
+            goto error;
+        }
+
+        total_bytes_requested += (size_t)bytes_requested;
+
+        /* enqueue */
+        rc = ssh_list_append(aio_queue, aio);
+        if (rc == SSH_ERROR) {
+            fprintf(stderr,
+                    "Error during sftp aio upload: Insufficient memory\n");
+            sftp_aio_free(aio);
+            goto error;
+        }
+    }
+
+    while ((aio = ssh_list_pop_head(sftp_aio, aio_queue)) != NULL) {
+        bytes_written = sftp_aio_wait_write(&aio);
+        if (bytes_written == SSH_ERROR) {
+            goto error;
+        }
+
+        if (total_bytes_requested == total_bytes) {
+            /* No need to issue more requests */
+            continue;
+        }
+
+        /* else issue a request */
+        to_write = total_bytes - total_bytes_requested;
+        if (to_write > chunksize) {
+            to_write = chunksize;
+        }
+
+        bytes_requested = sftp_aio_begin_write(file, buffer, to_write, &aio);
+        if (bytes_requested == SSH_ERROR) {
+            goto error;
+        }
+
+        if ((size_t)bytes_requested != to_write) {
+            fprintf(stderr,
+                    "Error during sftp aio upload: sftp_aio_begin_write() "
+                    "requesting less bytes even when the number of bytes "
+                    "asked to write are within the max write limit");
+            sftp_aio_free(aio);
+            goto error;
+        }
+
+        total_bytes_requested += bytes_requested;
+
+        /* enqueue */
+        rc = ssh_list_append(aio_queue, aio);
+        if (rc == SSH_ERROR) {
+            fprintf(stderr,
+                    "Error during sftp aio upload: Insufficient memory\n");
+            sftp_aio_free(aio);
+            goto error;
+        }
+    }
+
+    sftp_close(file);
+    ms = elapsed_time(&ts);
+    *bps = (float)(8000 * total_bytes) / ms;
+    if (args->verbose > 0) {
+        fprintf(stdout, "Upload took %f ms for %zu bytes at %f bps.\n",
+                ms, total_bytes, *bps);
+    }
+
+    ssh_list_free(aio_queue);
+    sftp_limits_free(li);
+    sftp_free(sftp);
+    return 0;
+
+error:
+    rc = ssh_get_error_code(session);
+    if (rc != SSH_NO_ERROR) {
+        fprintf(stderr, "Error during sftp aio upload: %s\n",
+                ssh_get_error(session));
+    }
+
+    /* Release aio structures corresponding to outstanding requests */
+    while ((aio = ssh_list_pop_head(sftp_aio, aio_queue)) != NULL) {
+        sftp_aio_free(aio);
+    }
+
+    ssh_list_free(aio_queue);
+    sftp_close(file);
+    sftp_limits_free(li);
+    sftp_free(sftp);
+    return -1;
+}
diff --git a/libssh/tests/benchmarks/benchmarks.c b/libssh/tests/benchmarks/benchmarks.c
index 5e33dd4b..4229d5a5 100644
--- a/libssh/tests/benchmarks/benchmarks.c
+++ b/libssh/tests/benchmarks/benchmarks.c
@@ -19,6 +19,8 @@
  * MA 02111-1307, USA.
  */
 
+#define LIBSSH_STATIC
+
 #include "config.h"
 #include "benchmarks.h"
 #include <libssh/libssh.h>
@@ -27,42 +29,54 @@
 #include <stdlib.h>
 #include <stdio.h>
 
-struct benchmark benchmarks[]= {
+struct benchmark benchmarks[] = {
     {
-        .name="benchmark_raw_upload",
-        .fct=benchmarks_raw_up,
-        .enabled=0
+        .name = "benchmark_raw_upload",
+        .fct = benchmarks_raw_up,
+        .enabled = 0
     },
     {
-        .name="benchmark_raw_download",
-        .fct=benchmarks_raw_down,
-        .enabled=0
+        .name = "benchmark_raw_download",
+        .fct = benchmarks_raw_down,
+        .enabled = 0
     },
     {
-        .name="benchmark_scp_upload",
-        .fct=benchmarks_scp_up,
-        .enabled=0
+        .name = "benchmark_scp_upload",
+        .fct = benchmarks_scp_up,
+        .enabled = 0
     },
     {
-        .name="benchmark_scp_download",
-        .fct=benchmarks_scp_down,
-        .enabled=0
+        .name = "benchmark_scp_download",
+        .fct = benchmarks_scp_down,
+        .enabled = 0
     },
+#ifdef WITH_SFTP
     {
-        .name="benchmark_sync_sftp_upload",
-        .fct=benchmarks_sync_sftp_up,
-        .enabled=0
+        .name = "benchmark_sync_sftp_upload",
+        .fct = benchmarks_sync_sftp_up,
+        .enabled = 0
     },
     {
-        .name="benchmark_sync_sftp_download",
-        .fct=benchmarks_sync_sftp_down,
-        .enabled=0
+        .name = "benchmark_sync_sftp_download",
+        .fct = benchmarks_sync_sftp_down,
+        .enabled = 0
     },
     {
         .name="benchmark_async_sftp_download",
         .fct=benchmarks_async_sftp_down,
         .enabled=0
+    },
+    {
+        .name = "benchmark_async_sftp_aio_download",
+        .fct = benchmarks_async_sftp_aio_down,
+        .enabled = 0
+    },
+    {
+        .name = "benchmark_async_sftp_aio_upload",
+        .fct = benchmarks_async_sftp_aio_up,
+        .enabled = 0
     }
+#endif /* WITH_SFTP */
 };
 
 #ifdef HAVE_ARGP_H
@@ -71,7 +85,7 @@ struct benchmark benchmarks[]= {
 const char *argp_program_version = "libssh benchmarks 2011-08-28";
 const char *argp_program_bug_address = "Aris Adamantiadis <aris@0xbadc0de.be>";
 
-static char **cmdline;
+static char **cmdline = NULL;
 
 /* Program documentation. */
 static char doc[] = "libssh benchmarks";
@@ -79,128 +93,142 @@ static char doc[] = "libssh benchmarks";
 
 /* The options we understand. */
 static struct argp_option options[] = {
-  {
-    .name  = "verbose",
-    .key   = 'v',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Make libssh benchmark more verbose",
-    .group = 0
-  },
-  {
-    .name  = "raw-upload",
-    .key   = '1',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Upload raw data using channel",
-    .group = 0
-  },
-  {
-    .name  = "raw-download",
-    .key   = '2',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Download raw data using channel",
-    .group = 0
-  },
-  {
-    .name  = "scp-upload",
-    .key   = '3',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Upload data using SCP",
-    .group = 0
-  },
-  {
-    .name  = "scp-download",
-    .key   = '4',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Download data using SCP",
-    .group = 0
-  },
-  {
-    .name  = "sync-sftp-upload",
-    .key   = '5',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Upload data using synchronous SFTP",
-    .group = 0
-
-  },
-  {
-    .name  = "sync-sftp-download",
-    .key   = '6',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Download data using synchronous SFTP (slow)",
-    .group = 0
-
-  },
-  {
-    .name  = "async-sftp-download",
-    .key   = '7',
-    .arg   = NULL,
-    .flags = 0,
-    .doc   = "Download data using asynchronous SFTP (fast)",
-    .group = 0
-
-  },
-  {
-    .name  = "host",
-    .key   = 'h',
-    .arg   = "HOST",
-    .flags = 0,
-    .doc   = "Add a host to connect for benchmark (format user@hostname)",
-    .group = 0
-  },
-  {
-    .name  = "size",
-    .key   = 's',
-    .arg   = "MBYTES",
-    .flags = 0,
-    .doc   = "MBytes of data to send/receive per test",
-    .group = 0
-  },
-  {
-    .name  = "chunk",
-    .key   = 'c',
-    .arg   = "bytes",
-    .flags = 0,
-    .doc   = "size of data chunks to send/receive",
-    .group = 0
-  },
-  {
-    .name  = "prequests",
-    .key   = 'p',
-    .arg   = "number [20]",
-    .flags = 0,
-    .doc   = "[async SFTP] number of concurrent requests",
-    .group = 0
-  },
-  {
-    .name  = "cipher",
-    .key   = 'C',
-    .arg   = "cipher",
-    .flags = 0,
-    .doc   = "Cryptographic cipher to be used",
-    .group = 0
-  },
-
-  {NULL, 0, NULL, 0, NULL, 0}
+    {
+        .name  = "verbose",
+        .key   = 'v',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Make libssh benchmark more verbose",
+        .group = 0
+    },
+    {
+        .name  = "raw-upload",
+        .key   = '1',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Upload raw data using channel",
+        .group = 0
+    },
+    {
+        .name  = "raw-download",
+        .key   = '2',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Download raw data using channel",
+        .group = 0
+    },
+    {
+        .name  = "scp-upload",
+        .key   = '3',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Upload data using SCP",
+        .group = 0
+    },
+    {
+        .name  = "scp-download",
+        .key   = '4',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Download data using SCP",
+        .group = 0
+    },
+    {
+        .name  = "sync-sftp-upload",
+        .key   = '5',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Upload data using synchronous SFTP",
+        .group = 0
+    },
+    {
+        .name  = "sync-sftp-download",
+        .key   = '6',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Download data using synchronous SFTP (slow)",
+        .group = 0
+    },
+    {
+        .name  = "async-sftp-download",
+        .key   = '7',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Download data using asynchronous SFTP (fast)",
+        .group = 0
+    },
+    {
+        .name  = "async-sftp-aio-download",
+        .key   = '8',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Download data using asynchronous SFTP AIO api (fast)",
+        .group = 0
+    },
+    {
+        .name  = "async-sftp-aio-upload",
+        .key   = '9',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Upload data using asynchronous SFTP AIO api (fast)",
+        .group = 0
+    },
+    {
+        .name  = "host",
+        .key   = 'h',
+        .arg   = "HOST",
+        .flags = 0,
+        .doc   = "Add a host to connect for benchmark (format user@hostname)",
+        .group = 0
+    },
+    {
+        .name  = "size",
+        .key   = 's',
+        .arg   = "MBYTES",
+        .flags = 0,
+        .doc   = "MBytes of data to send/receive per test",
+        .group = 0
+    },
+    {
+        .name  = "chunk",
+        .key   = 'c',
+        .arg   = "bytes",
+        .flags = 0,
+        .doc   = "size of data chunks to send/receive",
+        .group = 0
+    },
+    {
+        .name  = "prequests",
+        .key   = 'p',
+        .arg   = "number [20]",
+        .flags = 0,
+        .doc   = "[async SFTP] number of concurrent requests",
+        .group = 0
+    },
+    {
+        .name  = "cipher",
+        .key   = 'C',
+        .arg   = "cipher",
+        .flags = 0,
+        .doc   = "Cryptographic cipher to be used",
+        .group = 0
+    },
+
+    {NULL, 0, NULL, 0, NULL, 0}
 };
 
 /* Parse a single option. */
-static error_t parse_opt (int key, char *arg, struct argp_state *state) {
-  /* Get the input argument from argp_parse, which we
-   * know is a pointer to our arguments structure.
-   */
-  struct argument_s *arguments = state->input;
+static error_t parse_opt (int key, char *arg, struct argp_state *state)
+{
+    /* Get the input argument from argp_parse, which we
+     * know is a pointer to our arguments structure.
+     */
+    struct argument_s *arguments = state->input;
 
-  /* arg is currently not used */
-  (void) arg;
+    /* arg is currently not used */
+    (void) arg;
 
-  switch (key) {
+    switch (key) {
     case '1':
     case '2':
     case '3':
@@ -208,42 +236,45 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
     case '5':
     case '6':
     case '7':
-      benchmarks[key - '1'].enabled = 1;
-      arguments->ntests ++;
-      break;
+    case '8':
+    case '9':
+        benchmarks[key - '1'].enabled = 1;
+        arguments->ntests++;
+        break;
     case 'v':
-      arguments->verbose++;
-      break;
+        arguments->verbose++;
+        break;
     case 's':
-      arguments->datasize = atoi(arg);
-      break;
+        arguments->datasize = atoi(arg);
+        break;
     case 'p':
-      arguments->concurrent_requests = atoi(arg);
-      break;
+        arguments->concurrent_requests = atoi(arg);
+        break;
     case 'c':
-      arguments->chunksize = atoi(arg);
-      break;
+        arguments->chunksize = atoi(arg);
+        break;
     case 'C':
-      arguments->cipher = arg;
-      break;
+        arguments->cipher = arg;
+        break;
     case 'h':
-      if(arguments->nhosts >= MAX_HOSTS_CONNECT){
-        fprintf(stderr, "Too much hosts\n");
-        return ARGP_ERR_UNKNOWN;
-      }
-      arguments->hosts[arguments->nhosts]=arg;
-      arguments->nhosts++;
-      break;
+        if (arguments->nhosts >= MAX_HOSTS_CONNECT) {
+            fprintf(stderr, "Too much hosts\n");
+            return ARGP_ERR_UNKNOWN;
+        }
+
+        arguments->hosts[arguments->nhosts] = arg;
+        arguments->nhosts++;
+        break;
     case ARGP_KEY_ARG:
-      /* End processing here. */
-      cmdline = &state->argv [state->next - 1];
-      state->next = state->argc;
-      break;
+        /* End processing here. */
+        cmdline = &state->argv [state->next - 1];
+        state->next = state->argc;
+        break;
     default:
-      return ARGP_ERR_UNKNOWN;
-  }
+        return ARGP_ERR_UNKNOWN;
+    }
 
-  return 0;
+    return 0;
 }
 
 /* Our argp parser. */
@@ -251,150 +282,213 @@ static struct argp argp = {options, parse_opt, NULL, doc, NULL, NULL, NULL};
 
 #endif /* HAVE_ARGP_H */
 
-static void cmdline_parse(int argc, char **argv, struct argument_s *arguments) {
-  /*
-   * Parse our arguments; every option seen by parse_opt will
-   * be reflected in arguments.
-   */
+static void cmdline_parse(int argc, char **argv, struct argument_s *arguments)
+{
+    /*
+     * Parse our arguments; every option seen by parse_opt will
+     * be reflected in arguments.
+     */
 #ifdef HAVE_ARGP_H
-  argp_parse(&argp, argc, argv, 0, 0, arguments);
+    argp_parse(&argp, argc, argv, 0, 0, arguments);
 #else /* HAVE_ARGP_H */
-  (void) argc;
-  (void) argv;
-  arguments->hosts[0]="localhost";
-  arguments->nhosts=1;
+    (void) argc;
+    (void) argv;
+    arguments->hosts[0] = "localhost";
+    arguments->nhosts = 1;
 #endif /* HAVE_ARGP_H */
 }
 
-static void arguments_init(struct argument_s *arguments){
-  memset(arguments,0,sizeof(*arguments));
-  arguments->chunksize=32758;
-  arguments->concurrent_requests=20;
-  arguments->datasize = 10;
+static void arguments_init(struct argument_s *arguments)
+{
+    memset(arguments, 0, sizeof(*arguments));
+    arguments->chunksize = 32758;
+    arguments->concurrent_requests = 20;
+    arguments->datasize = 10;
 }
 
-static ssh_session connect_host(const char *host, int verbose, char *cipher){
-  ssh_session session=ssh_new();
-  if(session==NULL)
-    goto error;
-  if(ssh_options_set(session,SSH_OPTIONS_HOST, host)<0)
-    goto error;
-  ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose);
-  if(cipher != NULL){
-    if (ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, cipher) ||
-        ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, cipher)){
-      goto error;
+static ssh_session connect_host(const char *host, int verbose, char *cipher)
+{
+    ssh_session session = NULL;
+    int rc;
+
+    session = ssh_new();
+    if (session == NULL) {
+        fprintf(stderr, "Error connecting to \"%s\": %s\n",
+                host, "Unable to create a new ssh session");
+        return NULL;
     }
-  }
-  ssh_options_parse_config(session, NULL);
-  if(ssh_connect(session)==SSH_ERROR)
-    goto error;
-  if(ssh_userauth_autopubkey(session,NULL) != SSH_AUTH_SUCCESS)
-    goto error;
-  return session;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, host);
+    if (rc < 0)
+        goto error;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbose);
+    if (rc < 0)
+        goto error;
+
+    if (cipher != NULL) {
+        rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, cipher);
+        if (rc < 0)
+            goto error;
+
+        rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, cipher);
+        if (rc < 0)
+            goto error;
+    }
+
+    rc = ssh_options_parse_config(session, NULL);
+    if (rc < 0)
+        goto error;
+
+    rc = ssh_connect(session);
+    if (rc == SSH_ERROR)
+        goto error;
+
+    rc = ssh_userauth_autopubkey(session, NULL);
+    if (rc != SSH_AUTH_SUCCESS)
+        goto error;
+
+    return session;
+
 error:
-  fprintf(stderr,"Error connecting to \"%s\": %s\n",host,ssh_get_error(session));
-  ssh_free(session);
-  return NULL;
+    fprintf(stderr, "Error connecting to \"%s\": %s\n",
+            host, ssh_get_error(session));
+    ssh_free(session);
+    return NULL;
 }
 
-static char *network_speed(float bps){
-  static char buf[128];
-  if(bps > 1000*1000*1000){
-    /* Gbps */
-    snprintf(buf,sizeof(buf),"%f Gbps",bps/(1000*1000*1000));
-  } else if(bps > 1000*1000){
-    /* Mbps */
-    snprintf(buf,sizeof(buf),"%f Mbps",bps/(1000*1000));
-  } else if(bps > 1000){
-    snprintf(buf,sizeof(buf),"%f Kbps",bps/1000);
-  } else {
-    snprintf(buf,sizeof(buf),"%f bps",bps);
-  }
-  return buf;
+static char *network_speed(float bps)
+{
+    static char buf[128];
+    if (bps > 1000 * 1000 * 1000) {
+        /* Gbps */
+        snprintf(buf, sizeof(buf), "%f Gbps", bps / (1000 * 1000 * 1000));
+    } else if (bps > 1000 * 1000) {
+        /* Mbps */
+        snprintf(buf, sizeof(buf), "%f Mbps", bps / (1000 * 1000));
+    } else if (bps > 1000) {
+        snprintf(buf, sizeof(buf), "%f Kbps", bps / 1000);
+    } else {
+        snprintf(buf, sizeof(buf), "%f bps", bps);
+    }
+
+    return buf;
 }
 
 static void do_benchmarks(ssh_session session, struct argument_s *arguments,
-    const char *hostname){
-  float ping_rtt=0.0;
-  float ssh_rtt=0.0;
-  float bps=0.0;
-  int i;
-  int err;
-  struct benchmark *b;
-
-  if(arguments->verbose>0)
-    fprintf(stdout,"Testing ICMP RTT\n");
-  err=benchmarks_ping_latency(hostname, &ping_rtt);
-  if(err == 0){
-    fprintf(stdout,"ping RTT : %f ms\n",ping_rtt);
-  }
-  err=benchmarks_ssh_latency(session, &ssh_rtt);
-  if(err==0){
-    fprintf(stdout, "SSH RTT : %f ms. Theoretical max BW (win=128K) : %s\n",ssh_rtt,network_speed(128000.0/(ssh_rtt / 1000.0)));
-  }
-  for (i=0 ; i<BENCHMARK_NUMBER ; ++i){
-    b = &benchmarks[i];
-    if(b->enabled){
-      err=b->fct(session,arguments,&bps);
-      if(err==0){
-        fprintf(stdout, "%s : %s : %s\n",hostname, b->name, network_speed(bps));
-      }
+                          const char *hostname)
+{
+    float ping_rtt = 0.0;
+    float ssh_rtt = 0.0;
+    float bps = 0.0;
+    int i;
+    int err;
+    struct benchmark *b = NULL;
+
+    if (arguments->verbose > 0)
+        fprintf(stdout, "Testing ICMP RTT\n");
+
+    err = benchmarks_ping_latency(hostname, &ping_rtt);
+    if (err == 0) {
+        fprintf(stdout, "ping RTT : %f ms\n", ping_rtt);
+    }
+
+    err = benchmarks_ssh_latency(session, &ssh_rtt);
+    if (err == 0) {
+        fprintf(stdout,
+                "SSH RTT : %f ms. Theoretical max BW (win=128K) : %s\n",
+                ssh_rtt, network_speed(128000.0 / (ssh_rtt / 1000.0)));
+    }
+
+    for (i=0; i < BENCHMARK_NUMBER; ++i){
+        b = &benchmarks[i];
+        if (b->enabled) {
+            err=b->fct(session, arguments, &bps);
+
+            if (err == 0) {
+                fprintf(stdout,
+                        "%s : %s : %s\n",
+                        hostname, b->name, network_speed(bps));
+            }
+        }
     }
-  }
 }
 
-char *buffer;
-
-int main(int argc, char **argv){
-  struct argument_s arguments;
-  ssh_session session;
-  int i;
-
-  arguments_init(&arguments);
-  cmdline_parse(argc, argv, &arguments);
-  if (arguments.nhosts==0){
-    fprintf(stderr,"At least one host (-h) must be specified\n");
-    return EXIT_FAILURE;
-  }
-  if (arguments.ntests==0){
-    for(i=0; i < BENCHMARK_NUMBER ; ++i){
-      benchmarks[i].enabled=1;
+char *buffer = NULL;
+
+int main(int argc, char **argv)
+{
+    struct argument_s arguments;
+    ssh_session session = NULL;
+    int i, r;
+
+    arguments_init(&arguments);
+    cmdline_parse(argc, argv, &arguments);
+    if (arguments.nhosts == 0) {
+        fprintf(stderr, "At least one host (-h) must be specified\n");
+        return EXIT_FAILURE;
     }
-    arguments.ntests=BENCHMARK_NUMBER;
-  }
-  buffer=malloc(arguments.chunksize > 1024 ? arguments.chunksize : 1024);
-  if(buffer == NULL){
-    fprintf(stderr,"Allocation of chunk buffer failed\n");
-    return EXIT_FAILURE;
-  }
-  if (arguments.verbose > 0){
-    fprintf(stdout, "Will try hosts ");
-    for(i=0;i<arguments.nhosts;++i){
-      fprintf(stdout,"\"%s\" ", arguments.hosts[i]);
+
+    if (arguments.ntests == 0) {
+        for (i=0; i < BENCHMARK_NUMBER; ++i) {
+            benchmarks[i].enabled = 1;
+        }
+        arguments.ntests = BENCHMARK_NUMBER;
     }
-    fprintf(stdout,"with benchmarks ");
-    for(i=0;i<BENCHMARK_NUMBER;++i){
-      if(benchmarks[i].enabled)
-        fprintf(stdout,"\"%s\" ",benchmarks[i].name);
+
+    buffer = malloc(arguments.chunksize > 1024 ? arguments.chunksize : 1024);
+    if (buffer == NULL) {
+        fprintf(stderr, "Allocation of chunk buffer failed\n");
+        return EXIT_FAILURE;
     }
-    fprintf(stdout,"\n");
-  }
-
-  for(i=0; i<arguments.nhosts;++i){
-    if(arguments.verbose > 0)
-      fprintf(stdout,"Connecting to \"%s\"...\n",arguments.hosts[i]);
-    session=connect_host(arguments.hosts[i], arguments.verbose, arguments.cipher);
-    if(session != NULL && arguments.verbose > 0)
-      fprintf(stdout,"Success\n");
-    if(session == NULL){
-      fprintf(stderr,"Errors occurred, stopping\n");
-      return EXIT_FAILURE;
+
+    if (arguments.verbose > 0) {
+        fprintf(stdout, "Will try hosts ");
+        for (i=0; i < arguments.nhosts; ++i) {
+            fprintf(stdout, "\"%s\" ", arguments.hosts[i]);
+        }
+
+        fprintf(stdout, "with benchmarks ");
+        for (i = 0; i < BENCHMARK_NUMBER; ++i) {
+            if (benchmarks[i].enabled)
+                fprintf(stdout, "\"%s\" ", benchmarks[i].name);
+        }
+
+        fprintf(stdout,"\n");
     }
-    do_benchmarks(session, &arguments, arguments.hosts[i]);
-    ssh_disconnect(session);
-    ssh_free(session);
-  }
-  return EXIT_SUCCESS;
+
+    r = ssh_init();
+    if (r == SSH_ERROR) {
+        fprintf(stderr, "Failed to initialize libssh\n");
+        return EXIT_FAILURE;
+    }
+
+    for (i = 0; i < arguments.nhosts; ++i) {
+        if (arguments.verbose > 0)
+            fprintf(stdout, "Connecting to \"%s\"...\n", arguments.hosts[i]);
+
+        session = connect_host(arguments.hosts[i],
+                               arguments.verbose,
+                               arguments.cipher);
+        if (session != NULL && arguments.verbose > 0)
+            fprintf(stdout, "Success\n");
+
+        if (session == NULL) {
+            fprintf(stderr, "Errors occurred, stopping\n");
+            return EXIT_FAILURE;
+        }
+
+        do_benchmarks(session, &arguments, arguments.hosts[i]);
+        ssh_disconnect(session);
+        ssh_free(session);
+    }
+
+    r = ssh_finalize();
+    if (r == SSH_ERROR) {
+        fprintf(stderr, "Failed to finalize libssh\n");
+        return EXIT_FAILURE;
+    }
+
+    return EXIT_SUCCESS;
 }
 
diff --git a/libssh/tests/benchmarks/benchmarks.h b/libssh/tests/benchmarks/benchmarks.h
index 26da09bb..5f54a950 100644
--- a/libssh/tests/benchmarks/benchmarks.h
+++ b/libssh/tests/benchmarks/benchmarks.h
@@ -37,6 +37,8 @@ enum libssh_benchmarks {
     BENCHMARK_SYNC_SFTP_UPLOAD,
     BENCHMARK_SYNC_SFTP_DOWNLOAD,
     BENCHMARK_ASYNC_SFTP_DOWNLOAD,
+    BENCHMARK_ASYNC_SFTP_AIO_DOWNLOAD,
+    BENCHMARK_ASYNC_SFTP_AIO_UPLOAD,
     BENCHMARK_NUMBER
 };
 
@@ -96,4 +98,8 @@ int benchmarks_sync_sftp_down (ssh_session session, struct argument_s *args,
     float *bps);
 int benchmarks_async_sftp_down (ssh_session session, struct argument_s *args,
     float *bps);
+int benchmarks_async_sftp_aio_down(ssh_session session, struct argument_s *args,
+    float *bps);
+int benchmarks_async_sftp_aio_up(ssh_session session, struct argument_s *args,
+    float *bps);
 #endif /* BENCHMARKS_H_ */
diff --git a/libssh/tests/client/CMakeLists.txt b/libssh/tests/client/CMakeLists.txt
old mode 100644
new mode 100755
index 71e5182e..078b4878
--- a/libssh/tests/client/CMakeLists.txt
+++ b/libssh/tests/client/CMakeLists.txt
@@ -4,10 +4,12 @@ find_package(socket_wrapper)
 
 set(LIBSSH_CLIENT_TESTS
     torture_algorithms
+    torture_client_callbacks
     torture_client_config
     torture_connect
     torture_hostkey
     torture_auth
+    torture_auth_cert
     torture_rekey
     torture_forward
     torture_knownhosts
@@ -15,6 +17,7 @@ set(LIBSSH_CLIENT_TESTS
     torture_proxycommand
     torture_session
     torture_request_env
+    torture_request_pty_modes
     torture_client_global_requests)
 
 find_program(SCP_EXECUTABLE NAMES scp)
@@ -30,6 +33,18 @@ if (WITH_PKCS11_URI)
         torture_auth_pkcs11)
 endif()
 
+if (HAVE_PTHREAD)
+    set(LIBSSH_CLIENT_TESTS
+        ${LIBSSH_CLIENT_TESTS}
+        torture_proxyjump)
+endif()
+
+if (WITH_GSSAPI AND GSSAPI_FOUND AND GSSAPI_TESTING)
+    set(LIBSSH_CLIENT_TESTS
+        ${LIBSSH_CLIENT_TESTS}
+        torture_gssapi_auth)
+endif()
+
 if (DEFAULT_C_NO_DEPRECATION_FLAGS)
     set_source_files_properties(torture_knownhosts.c
                                 PROPERTIES
@@ -49,14 +64,25 @@ if (WITH_SFTP)
         torture_sftp_dir
         torture_sftp_read
         torture_sftp_fsync
+        torture_sftp_hardlink
+        torture_sftp_limits
+        torture_sftp_rename
+        torture_sftp_expand_path
+        torture_sftp_aio
+        torture_sftp_home_directory
+        torture_sftp_setstat
+        torture_sftp_packet_read
         ${SFTP_BENCHMARK_TESTS})
 endif (WITH_SFTP)
 
+set(TORTURE_CLIENT_ENVIRONMENT ${TORTURE_ENVIRONMENT})
+list(APPEND TORTURE_CLIENT_ENVIRONMENT NSS_WRAPPER_HOSTS=${CMAKE_BINARY_DIR}/tests/etc/hosts)
+
 foreach(_CLI_TEST ${LIBSSH_CLIENT_TESTS})
     add_cmocka_test(${_CLI_TEST}
                     SOURCES ${_CLI_TEST}.c
                     COMPILE_OPTIONS ${DEFAULT_C_COMPILE_FLAGS}
-                    LINK_LIBRARIES ${TORTURE_LIBRARY}
+                    LINK_LIBRARIES ${TORTURE_LIBRARY} util
     )
 
     if (OSX)
@@ -70,6 +96,6 @@ foreach(_CLI_TEST ${LIBSSH_CLIENT_TESTS})
             TEST
                 ${_CLI_TEST}
             PROPERTY
-                ENVIRONMENT ${TORTURE_ENVIRONMENT})
+                ENVIRONMENT ${TORTURE_CLIENT_ENVIRONMENT})
     endif()
 endforeach()
diff --git a/libssh/tests/client/torture_algorithms.c b/libssh/tests/client/torture_algorithms.c
index ea3b647b..d1190605 100644
--- a/libssh/tests/client/torture_algorithms.c
+++ b/libssh/tests/client/torture_algorithms.c
@@ -496,7 +496,7 @@ static void torture_algorithms_3des_cbc_hmac_sha2_512_etm(void **state) {
     test_algorithm(s->ssh.session, NULL/*kex*/, "3des-cbc", "hmac-sha2-512-etm@openssh.com");
 }
 
-#if defined(WITH_BLOWFISH_CIPHER) && defined(OPENSSH_BLOWFISH_CBC)
+#if defined(HAVE_BLOWFISH) && defined(OPENSSH_BLOWFISH_CBC)
 static void torture_algorithms_blowfish_cbc_hmac_sha1(void **state) {
     struct torture_state *s = *state;
 
@@ -556,7 +556,7 @@ static void torture_algorithms_blowfish_cbc_hmac_sha2_512_etm(void **state) {
 
     test_algorithm(s->ssh.session, NULL/*kex*/, "blowfish-cbc", "hmac-sha2-512-etm@openssh.com");
 }
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH && defined(OPENSSH_BLOWFISH_CBC) */
 
 #ifdef OPENSSH_CHACHA20_POLY1305_OPENSSH_COM
 static void torture_algorithms_chacha20_poly1305(void **state)
@@ -594,24 +594,34 @@ static void torture_algorithms_zlib(void **state) {
 
     rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib");
 #ifdef WITH_ZLIB
-    assert_int_equal(rc, SSH_OK);
+    if (ssh_fips_mode()) {
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
+        assert_int_equal(rc, SSH_OK);
+    }
 #else
     assert_int_equal(rc, SSH_ERROR);
 #endif
 
     rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib");
 #ifdef WITH_ZLIB
-    assert_int_equal(rc, SSH_OK);
+    if (ssh_fips_mode()) {
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
+        assert_int_equal(rc, SSH_OK);
+    }
 #else
     assert_int_equal(rc, SSH_ERROR);
 #endif
 
     rc = ssh_connect(session);
 #ifdef WITH_ZLIB
-    if (ssh_get_openssh_version(session)) {
-        assert_false(rc == SSH_OK);
-        ssh_disconnect(session);
-        return;
+    if (!ssh_fips_mode()) {
+        if (ssh_get_openssh_version(session)) {
+            assert_false(rc == SSH_OK);
+            ssh_disconnect(session);
+            return;
+        }
     }
 #endif
     assert_int_equal(rc, SSH_OK);
@@ -911,7 +921,7 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_512_etm,
                                         session_setup,
                                         session_teardown),
-#if defined(WITH_BLOWFISH_CIPHER) && defined(OPENSSH_BLOWFISH_CBC)
+#if defined(HAVE_BLOWFISH) && defined(OPENSSH_BLOWFISH_CBC)
         cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha1,
                                         session_setup,
                                         session_teardown),
@@ -930,7 +940,7 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_512_etm,
                                         session_setup,
                                         session_teardown),
-#endif /* WITH_BLOWFISH_CIPHER */
+#endif /* HAVE_BLOWFISH_CIPHER && defined(OPENSSH_BLOWFISH_CBC) */
 #ifdef OPENSSH_CHACHA20_POLY1305_OPENSSH_COM
         cmocka_unit_test_setup_teardown(torture_algorithms_chacha20_poly1305,
                                         session_setup,
diff --git a/libssh/tests/client/torture_auth.c b/libssh/tests/client/torture_auth.c
index 79dbd4a7..614d80f3 100644
--- a/libssh/tests/client/torture_auth.c
+++ b/libssh/tests/client/torture_auth.c
@@ -32,8 +32,7 @@
 #include <sys/types.h>
 #include <pwd.h>
 
-/* agent_is_running */
-#include "agent.c"
+#include "torture_auth_common.c"
 
 static int sshd_setup(void **state)
 {
@@ -112,7 +111,7 @@ static int agent_setup(void **state)
     char ssh_agent_cmd[4096];
     char ssh_agent_sock[1024];
     char ssh_agent_pidfile[1024];
-    char bob_ssh_key[1024];
+    char ssh_key_add[1024];
     struct passwd *pwd;
     int rc;
 
@@ -149,38 +148,12 @@ static int agent_setup(void **state)
     setenv("SSH_AUTH_SOCK", ssh_agent_sock, 1);
     setenv("TORTURE_SSH_AGENT_PIDFILE", ssh_agent_pidfile, 1);
 
-    snprintf(bob_ssh_key,
-             sizeof(bob_ssh_key),
+    snprintf(ssh_key_add,
+             sizeof(ssh_key_add),
              "ssh-add %s/.ssh/id_rsa",
              pwd->pw_dir);
 
-    rc = system(bob_ssh_key);
-    assert_return_code(rc, errno);
-
-    return 0;
-}
-
-static int agent_cert_setup(void **state)
-{
-    char bob_alt_ssh_key[1024];
-    struct passwd *pwd;
-    int rc;
-
-    rc = agent_setup(state);
-    if (rc != 0) {
-        return rc;
-    }
-
-    pwd = getpwnam("bob");
-    assert_non_null(pwd);
-
-    /* remove all keys, load alternative key + cert */
-    snprintf(bob_alt_ssh_key,
-             sizeof(bob_alt_ssh_key),
-             "ssh-add -D && ssh-add %s/.ssh_cert/id_rsa",
-             pwd->pw_dir);
-
-    rc = system(bob_alt_ssh_key);
+    rc = system(ssh_key_add);
     assert_return_code(rc, errno);
 
     return 0;
@@ -257,6 +230,37 @@ static void torture_auth_none_nonblocking(void **state) {
 
 }
 
+/* Setting MaxAuthTries 0 makes libssh hang. The option is not practical,
+ * but simulates setting low value and requiring multiple authentication
+ * methods to succeed (T233)
+ */
+static void torture_auth_none_max_tries(void **state) {
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+    const char *sshd_config = "MaxAuthTries 0";
+
+    torture_update_sshd_config(state, sshd_config);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_BOB);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session,NULL);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+
+    /* Reset config back to defaults */
+    torture_update_sshd_config(state, "");
+}
+
+
 static void torture_auth_pubkey(void **state) {
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
@@ -292,9 +296,21 @@ static void torture_auth_pubkey(void **state) {
     rc = ssh_pki_import_privkey_file(bob_ssh_key, NULL, NULL, NULL, &privkey);
     assert_int_equal(rc, SSH_OK);
 
+    /* negative tests */
+    rc = ssh_userauth_try_publickey(NULL, NULL, privkey);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+    rc = ssh_userauth_try_publickey(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+
     rc = ssh_userauth_try_publickey(session, NULL, privkey);
     assert_int_equal(rc, SSH_AUTH_SUCCESS);
 
+    /* negative tests */
+    rc = ssh_userauth_publickey(NULL, NULL, privkey);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+    rc = ssh_userauth_publickey(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+
     rc = ssh_userauth_publickey(session, NULL, privkey);
     assert_int_equal(rc, SSH_AUTH_SUCCESS);
 
@@ -495,7 +511,11 @@ static void torture_auth_autopubkey_nonblocking(void **state) {
     assert_int_equal(rc, SSH_AUTH_SUCCESS);
 }
 
-static void torture_auth_kbdint(void **state) {
+static void
+torture_auth_kbdint(void **state,
+                    const char *password,
+                    enum ssh_auth_e res)
+{
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     int rc;
@@ -518,19 +538,35 @@ static void torture_auth_kbdint(void **state) {
     assert_int_equal(rc, SSH_AUTH_INFO);
     assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
 
-    rc = ssh_userauth_kbdint_setanswer(session, 0, TORTURE_SSH_USER_BOB_PASSWORD);
+    rc = ssh_userauth_kbdint_setanswer(session, 0, password);
     assert_false(rc < 0);
 
     rc = ssh_userauth_kbdint(session, NULL, NULL);
     /* Sometimes, SSH server send an empty query at the end of exchange */
-    if(rc == SSH_AUTH_INFO) {
+    if (rc == SSH_AUTH_INFO) {
         assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
         rc = ssh_userauth_kbdint(session, NULL, NULL);
     }
-    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    assert_int_equal(rc, res);
 }
 
-static void torture_auth_kbdint_nonblocking(void **state) {
+static void
+torture_auth_kbdint_good(void **state)
+{
+    torture_auth_kbdint(state, TORTURE_SSH_USER_BOB_PASSWORD, SSH_AUTH_SUCCESS);
+}
+
+static void
+torture_auth_kbdint_bad(void **state)
+{
+    torture_auth_kbdint(state, "bad password stample", SSH_AUTH_DENIED);
+}
+
+static void
+torture_auth_kbdint_nonblocking(void **state,
+                                const char *password,
+                                enum ssh_auth_e res)
+{
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     int rc;
@@ -541,9 +577,9 @@ static void torture_auth_kbdint_nonblocking(void **state) {
     rc = ssh_connect(session);
     assert_int_equal(rc, SSH_OK);
 
-    ssh_set_blocking(session,0);
+    ssh_set_blocking(session, 0);
     do {
-      rc = ssh_userauth_none(session, NULL);
+        rc = ssh_userauth_none(session, NULL);
     } while (rc == SSH_AUTH_AGAIN);
 
     /* This request should return a SSH_REQUEST_DENIED error */
@@ -558,23 +594,41 @@ static void torture_auth_kbdint_nonblocking(void **state) {
     } while (rc == SSH_AUTH_AGAIN);
     assert_int_equal(rc, SSH_AUTH_INFO);
     assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 1);
-    rc = ssh_userauth_kbdint_setanswer(session, 0, TORTURE_SSH_USER_BOB_PASSWORD);
+    rc = ssh_userauth_kbdint_setanswer(session, 0, password);
     assert_false(rc < 0);
 
     do {
         rc = ssh_userauth_kbdint(session, NULL, NULL);
     } while (rc == SSH_AUTH_AGAIN);
     /* Sometimes, SSH server send an empty query at the end of exchange */
-    if(rc == SSH_AUTH_INFO) {
+    if (rc == SSH_AUTH_INFO) {
         assert_int_equal(ssh_userauth_kbdint_getnprompts(session), 0);
         do {
             rc = ssh_userauth_kbdint(session, NULL, NULL);
         } while (rc == SSH_AUTH_AGAIN);
     }
-    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    assert_int_equal(rc, res);
+}
+
+static void
+torture_auth_kbdint_nonblocking_good(void **state)
+{
+    torture_auth_kbdint_nonblocking(state,
+                                    TORTURE_SSH_USER_BOB_PASSWORD,
+                                    SSH_AUTH_SUCCESS);
 }
 
-static void torture_auth_password(void **state) {
+static void
+torture_auth_kbdint_nonblocking_bad(void **state)
+{
+    torture_auth_kbdint_nonblocking(state,
+                                    "bad password stample",
+                                    SSH_AUTH_DENIED);
+}
+
+static void
+torture_auth_password(void **state, const char *password, enum ssh_auth_e res)
+{
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     int rc;
@@ -593,11 +647,29 @@ static void torture_auth_password(void **state) {
     rc = ssh_userauth_list(session, NULL);
     assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
 
-    rc = ssh_userauth_password(session, NULL, TORTURE_SSH_USER_BOB_PASSWORD);
-    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    rc = ssh_userauth_password(session, NULL, password);
+    assert_int_equal(rc, res);
+}
+
+static void
+torture_auth_password_good(void **state)
+{
+    torture_auth_password(state,
+                          TORTURE_SSH_USER_BOB_PASSWORD,
+                          SSH_AUTH_SUCCESS);
+}
+
+static void
+torture_auth_password_bad(void **state)
+{
+    torture_auth_password(state, "bad password stample", SSH_AUTH_DENIED);
 }
 
-static void torture_auth_password_nonblocking(void **state) {
+static void
+torture_auth_password_nonblocking(void **state,
+                                  const char *password,
+                                  enum ssh_auth_e res)
+{
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     int rc;
@@ -610,7 +682,7 @@ static void torture_auth_password_nonblocking(void **state) {
 
     ssh_set_blocking(session,0);
     do {
-      rc = ssh_userauth_none(session, NULL);
+        rc = ssh_userauth_none(session, NULL);
     } while (rc == SSH_AUTH_AGAIN);
 
     /* This request should return a SSH_REQUEST_DENIED error */
@@ -622,16 +694,51 @@ static void torture_auth_password_nonblocking(void **state) {
     assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
 
     do {
-      rc = ssh_userauth_password(session, NULL, TORTURE_SSH_USER_BOB_PASSWORD);
-    } while(rc==SSH_AUTH_AGAIN);
+        rc = ssh_userauth_password(session, NULL, password);
+    } while (rc == SSH_AUTH_AGAIN);
 
-    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    assert_int_equal(rc, res);
+}
+
+static void
+torture_auth_password_nonblocking_good(void **state)
+{
+    torture_auth_password_nonblocking(state,
+                                      TORTURE_SSH_USER_BOB_PASSWORD,
+                                      SSH_AUTH_SUCCESS);
+}
+
+static void
+torture_auth_password_nonblocking_bad(void **state)
+{
+    torture_auth_password_nonblocking(state,
+                                      "bad password stample",
+                                      SSH_AUTH_DENIED);
 }
 
-static void torture_auth_agent(void **state) {
+/* TODO cover the case:
+ *  * when there is accompanying certificate (identities only + agent)
+ *  * export private key to public key during _auto() authentication.
+ *    this needs to be a encrypted private key in PEM format without
+ *    accompanying public key.
+ */
+static void torture_auth_agent_identities_only(void **state)
+{
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
+    char bob_ssh_key[1024];
+    struct passwd *pwd = NULL;
     int rc;
+    bool identities_only = true;
+    char *id = NULL;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    snprintf(bob_ssh_key,
+             sizeof(bob_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
 
     if (!ssh_agent_is_running(session)){
         print_message("*** Agent not running. Test ignored\n");
@@ -640,37 +747,18 @@ static void torture_auth_agent(void **state) {
     rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_connect(session);
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_userauth_none(session,NULL);
-    /* This request should return a SSH_REQUEST_DENIED error */
-    if (rc == SSH_ERROR) {
-        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
     }
-    rc = ssh_userauth_list(session, NULL);
-    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
-
-    rc = ssh_userauth_agent(session, NULL);
-    assert_ssh_return_code(session, rc);
-}
-
-static void torture_auth_agent_nonblocking(void **state) {
-    struct torture_state *s = *state;
-    ssh_session session = s->ssh.session;
-    int rc;
-
-    if (!ssh_agent_is_running(session)){
-        print_message("*** Agent not running. Test ignored\n");
-        return;
-    }
-    rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
-    assert_int_equal(rc, SSH_OK);
 
     rc = ssh_connect(session);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_userauth_none(session,NULL);
+    rc = ssh_userauth_none(session, NULL);
     /* This request should return a SSH_REQUEST_DENIED error */
     if (rc == SSH_ERROR) {
         assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
@@ -678,115 +766,74 @@ static void torture_auth_agent_nonblocking(void **state) {
     rc = ssh_userauth_list(session, NULL);
     assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
 
-    ssh_set_blocking(session,0);
+    /* Should fail as key is not in config */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
 
-    do {
-      rc = ssh_userauth_agent(session, NULL);
-    } while (rc == SSH_AUTH_AGAIN);
+    /* Re-add a key */
+    rc = ssh_list_append(session->opts.identity, strdup(bob_ssh_key));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    rc = ssh_userauth_agent(session, NULL);
     assert_ssh_return_code(session, rc);
 }
 
-static void torture_auth_cert(void **state) {
+static void torture_auth_agent_identities_only_protected(void **state)
+{
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
-    ssh_key privkey = NULL;
-    ssh_key cert = NULL;
     char bob_ssh_key[1024];
-    char bob_ssh_cert[2048];
     struct passwd *pwd;
     int rc;
+    bool identities_only = true;
+    char *id = NULL;
 
     pwd = getpwnam("bob");
     assert_non_null(pwd);
 
     snprintf(bob_ssh_key,
              sizeof(bob_ssh_key),
-             "%s/.ssh_cert/id_rsa",
+             "%s/.ssh/id_rsa_protected",
              pwd->pw_dir);
-    snprintf(bob_ssh_cert,
-             sizeof(bob_ssh_cert),
-             "%s-cert.pub",
-             bob_ssh_key);
 
-    /* cert has been signed for login as alice */
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        return;
+    }
     rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_connect(session);
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_pki_import_privkey_file(bob_ssh_key, NULL, NULL, NULL, &privkey);
-    assert_int_equal(rc, SSH_OK);
-
-    rc = ssh_pki_import_cert_file(bob_ssh_cert, &cert);
-    assert_int_equal(rc, SSH_OK);
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
 
-    rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+    rc = ssh_connect(session);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_userauth_try_publickey(session, NULL, cert);
-    assert_ssh_return_code(session, rc);
-
-    rc = ssh_userauth_publickey(session, NULL, privkey);
-    assert_int_equal(rc, SSH_AUTH_SUCCESS);
-
-    SSH_KEY_FREE(privkey);
-    SSH_KEY_FREE(cert);
-}
-
-static void torture_auth_agent_cert(void **state)
-{
-#if OPENSSH_VERSION_MAJOR < 8
-    struct torture_state *s = *state;
-    ssh_session session = s->ssh.session;
-    int rc;
-
-    /* Skip this test if in FIPS mode.
-     *
-     * OpenSSH agent has a bug which makes it to not use SHA2 in signatures when
-     * using certificates. It always uses SHA1.
-     *
-     * This should be removed as soon as OpenSSH agent bug is fixed.
-     * (see https://gitlab.com/libssh/libssh-mirror/merge_requests/34) */
-    if (ssh_fips_mode()) {
-        skip();
-    } else {
-        /* After the bug is solved, this also should be removed */
-        rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
-                             "ssh-rsa-cert-v01@openssh.com");
-        assert_int_equal(rc, SSH_OK);
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
     }
-#endif /* OPENSSH_VERSION_MAJOR < 8 */
-
-    /* Setup loads a different key, tests are exactly the same. */
-    torture_auth_agent(state);
-}
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
 
-static void torture_auth_agent_cert_nonblocking(void **state)
-{
-#if OPENSSH_VERSION_MAJOR < 8
-    struct torture_state *s = *state;
-    ssh_session session = s->ssh.session;
-    int rc;
+    /* Should fail as key is not in config */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
 
-    /* Skip this test if in FIPS mode.
-     *
-     * OpenSSH agent has a bug which makes it to not use SHA2 in signatures when
-     * using certificates. It always uses SHA1.
-     *
-     * This should be removed as soon as OpenSSH agent bug is fixed.
-     * (see https://gitlab.com/libssh/libssh-mirror/merge_requests/34) */
-    if (ssh_fips_mode()) {
-        skip();
-    } else {
-        /* After the bug is solved, this also should be removed */
-        rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
-                             "ssh-rsa-cert-v01@openssh.com");
-        assert_int_equal(rc, SSH_OK);
-    }
-#endif /* OPENSSH_VERSION_MAJOR < 8 */
+    /* Re-add a key */
+    rc = ssh_list_append(session->opts.identity, strdup(bob_ssh_key));
+    assert_int_equal(rc, SSH_OK);
 
-    torture_auth_agent_nonblocking(state);
+    /* Should succeed as key now in config */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code(session, rc);
 }
 
 static void torture_auth_pubkey_types(void **state)
@@ -846,7 +893,7 @@ static void torture_auth_pubkey_types_ecdsa(void **state)
     rc = ssh_userauth_list(session, NULL);
     assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
 
-    /* We have only the 256b key -- whitelisting only larger should fail */
+    /* We have only the 256b key -- allowlisting only larger should fail */
     rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                          "ecdsa-sha2-nistp384");
     assert_ssh_return_code(session, rc);
@@ -983,7 +1030,7 @@ static void torture_auth_pubkey_types_ecdsa_nonblocking(void **state)
 
     ssh_set_blocking(session, 0);
     do {
-      rc = ssh_userauth_none(session, NULL);
+        rc = ssh_userauth_none(session, NULL);
     } while (rc == SSH_AUTH_AGAIN);
 
     /* This request should return a SSH_REQUEST_DENIED error */
@@ -994,7 +1041,7 @@ static void torture_auth_pubkey_types_ecdsa_nonblocking(void **state)
     rc = ssh_userauth_list(session, NULL);
     assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
 
-    /* We have only the 256b key -- whitelisting only larger should fail */
+    /* We have only the 256b key -- allowlisting only larger should fail */
     rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                          "ecdsa-sha2-nistp384");
     assert_ssh_return_code(session, rc);
@@ -1200,6 +1247,38 @@ static void torture_auth_pubkey_rsa_key_size_nonblocking(void **state)
     SSH_KEY_FREE(privkey);
 }
 
+static void torture_auth_pubkey_skip_none(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char bob_ssh_key[1024];
+    ssh_key privkey = NULL;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    snprintf(bob_ssh_key, sizeof(bob_ssh_key), "%s/.ssh/id_rsa", pwd->pw_dir);
+
+    /* Authenticate as alice with bob his pubkey */
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Skip the ssh_userauth_none() here */
+
+    rc = ssh_pki_import_privkey_file(bob_ssh_key, NULL, NULL, NULL, &privkey);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_publickey(session, NULL, privkey);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    SSH_KEY_FREE(privkey);
+}
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
@@ -1209,16 +1288,31 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_auth_none_nonblocking,
                                         session_setup,
                                         session_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_password,
+        cmocka_unit_test_setup_teardown(torture_auth_none_max_tries,
                                         session_setup,
                                         session_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_password_nonblocking,
+        cmocka_unit_test_setup_teardown(torture_auth_password_good,
                                         session_setup,
                                         session_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_kbdint,
+        cmocka_unit_test_setup_teardown(torture_auth_password_nonblocking_good,
                                         session_setup,
                                         session_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_kbdint_nonblocking,
+        cmocka_unit_test_setup_teardown(torture_auth_password_bad,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_password_nonblocking_bad,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_kbdint_good,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_kbdint_nonblocking_good,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_kbdint_bad,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_kbdint_nonblocking_bad,
                                         session_setup,
                                         session_teardown),
         cmocka_unit_test_setup_teardown(torture_auth_pubkey,
@@ -1242,14 +1336,11 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_auth_agent_nonblocking,
                                         agent_setup,
                                         agent_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_cert,
-                                        pubkey_setup,
-                                        session_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_agent_cert,
-                                        agent_cert_setup,
+        cmocka_unit_test_setup_teardown(torture_auth_agent_identities_only,
+                                        agent_setup,
                                         agent_teardown),
-        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_nonblocking,
-                                        agent_cert_setup,
+        cmocka_unit_test_setup_teardown(torture_auth_agent_identities_only_protected,
+                                        agent_setup,
                                         agent_teardown),
         cmocka_unit_test_setup_teardown(torture_auth_pubkey_types,
                                         pubkey_setup,
@@ -1275,6 +1366,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_auth_pubkey_rsa_key_size_nonblocking,
                                         pubkey_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_pubkey_skip_none,
+                                        pubkey_setup,
+                                        session_teardown),
     };
 
     ssh_init();
diff --git a/libssh/tests/client/torture_auth_cert.c b/libssh/tests/client/torture_auth_cert.c
new file mode 100644
index 00000000..f0ad7c95
--- /dev/null
+++ b/libssh/tests/client/torture_auth_cert.c
@@ -0,0 +1,1072 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2010 by Aris Adamantiadis
+ * Copyright (c) 2023 by Jakub Jelen
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "libssh/libssh.h"
+#include "libssh/priv.h"
+#include "libssh/session.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <pwd.h>
+
+#include "torture_auth_common.c"
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, true);
+
+    return 0;
+}
+
+static int sshd_teardown(void **state) {
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    int verbosity = torture_libssh_verbosity();
+    const char *all_keytypes = NULL;
+    struct passwd *pwd = NULL;
+    bool b = false;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    /* Make sure no other configuration options from system will get used */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    /* Enable all hostkeys */
+    all_keytypes = ssh_kex_get_supported_method(SSH_HOSTKEYS);
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, all_keytypes);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    /* certs have been signed for login as alice */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Make sure we do not interfere with another ssh-agent */
+    unsetenv("SSH_AUTH_SOCK");
+    unsetenv("SSH_AGENT_PID");
+
+    return 0;
+}
+
+/* This sets up the ssh session in the directory without the default
+ * certificates that are used for authentication, requiring them to be provided
+ * as configuration options or from agent explicitly. */
+static int session_setup_ssh_dir(void **state)
+{
+    struct torture_state *s = *state;
+    const char *no_home = "~/.no_ssh";
+    int rc;
+
+    session_setup(state);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_SSH_DIR, no_home);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static int agent_setup(void **state)
+{
+    struct torture_state *s = *state;
+    char ssh_agent_cmd[4096];
+    char ssh_agent_sock[1024];
+    char ssh_agent_pidfile[1024];
+    char ssh_key_add[1024];
+    struct passwd *pwd;
+    int rc;
+
+    rc = session_setup(state);
+    if (rc != 0) {
+        return rc;
+    }
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(ssh_agent_sock,
+             sizeof(ssh_agent_sock),
+             "%s/agent.sock",
+             s->socket_dir);
+
+    snprintf(ssh_agent_pidfile,
+             sizeof(ssh_agent_pidfile),
+             "%s/agent.pid",
+             s->socket_dir);
+
+    /* Production ready code!!! */
+    snprintf(ssh_agent_cmd,
+             sizeof(ssh_agent_cmd),
+             "eval `ssh-agent -a %s`; echo $SSH_AGENT_PID > %s",
+             ssh_agent_sock, ssh_agent_pidfile);
+
+    /* run ssh-agent and ssh-add as the normal user */
+    unsetenv("UID_WRAPPER_ROOT");
+
+    rc = system(ssh_agent_cmd);
+    assert_return_code(rc, errno);
+
+    setenv("SSH_AUTH_SOCK", ssh_agent_sock, 1);
+    setenv("TORTURE_SSH_AGENT_PIDFILE", ssh_agent_pidfile, 1);
+
+    snprintf(ssh_key_add,
+             sizeof(ssh_key_add),
+             "ssh-add %s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    rc = system(ssh_key_add);
+    assert_return_code(rc, errno);
+
+    return 0;
+}
+
+static int agent_cert_setup(void **state)
+{
+    char doe_alt_ssh_key[1024];
+    struct passwd *pwd;
+    int rc;
+
+    rc = agent_setup(state);
+    if (rc != 0) {
+        return rc;
+    }
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    /* remove all keys, load alternative key + cert */
+    snprintf(doe_alt_ssh_key,
+             sizeof(doe_alt_ssh_key),
+             "ssh-add -D && ssh-add %s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    rc = system(doe_alt_ssh_key);
+    assert_return_code(rc, errno);
+
+    return 0;
+}
+
+static int agent_teardown(void **state)
+{
+    const char *ssh_agent_pidfile;
+    int rc;
+
+    rc = session_teardown(state);
+    if (rc != 0) {
+        return rc;
+    }
+
+    ssh_agent_pidfile = getenv("TORTURE_SSH_AGENT_PIDFILE");
+    assert_non_null(ssh_agent_pidfile);
+
+    /* kill agent pid */
+    rc = torture_terminate_process(ssh_agent_pidfile);
+    assert_return_code(rc, errno);
+
+    unlink(ssh_agent_pidfile);
+
+    unsetenv("TORTURE_SSH_AGENT_PIDFILE");
+    unsetenv("SSH_AUTH_SOCK");
+
+    return 0;
+}
+
+static void torture_auth_cert(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_key privkey = NULL;
+    ssh_key cert = NULL;
+    char doe_ssh_key[1024];
+    char doe_ssh_cert[2048];
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s-cert.pub",
+             doe_ssh_key);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_pki_import_privkey_file(doe_ssh_key, NULL, NULL, NULL, &privkey);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_pki_import_cert_file(doe_ssh_cert, &cert);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_try_publickey(session, NULL, cert);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_userauth_publickey(session, NULL, privkey);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    SSH_KEY_FREE(privkey);
+    SSH_KEY_FREE(cert);
+}
+
+static void torture_auth_cert_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_key privkey = NULL;
+    ssh_key cert = NULL;
+    char doe_ssh_key[1024];
+    char doe_ssh_cert[2048];
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s-cert.pub",
+             doe_ssh_key);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    rc = ssh_pki_import_privkey_file(doe_ssh_key, NULL, NULL, NULL, &privkey);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_pki_import_cert_file(doe_ssh_cert, &cert);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+    assert_int_equal(rc, SSH_OK);
+
+    do {
+        rc = ssh_userauth_try_publickey(session, NULL, cert);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code(session, rc);
+
+    do {
+        rc = ssh_userauth_publickey(session, NULL, privkey);
+    } while (rc == SSH_AUTH_AGAIN);
+
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    SSH_KEY_FREE(privkey);
+    SSH_KEY_FREE(cert);
+}
+
+/* Same as torture_auth_cert, but without explicitly loading certificate to the
+ * private key file, keeping libssh to use default cert path when done with
+ * _auto(). */
+static void torture_auth_cert_default_non_explicit(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    /* the cert is in the default location (~/.ssh/id_rsa-cert.pub) */
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+/* Same as torture_auth_cert_nonblocking, but without explicitly loading
+ * certificate to the private key file, keeping libssh to use default cert path
+ * when done with  _auto().
+ * Non-blocking version */
+static void torture_auth_cert_default_non_explicit_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    /* the cert is in the default location (~/.ssh/id_rsa-cert.pub) */
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+/* Sanity test that there are no default identities available and the automatic
+ * pubkey authentication fails without any explicit identities */
+static void torture_auth_auto_fail(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+}
+
+/* Sanity test that there are no default identities available and the automatic
+ * pubkey authentication fails without any explicit identities
+ * Non-blocking version */
+static void torture_auth_auto_fail_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+}
+
+/* Same as torture_auth_cert, but the home SSH dir does not have any default
+ * identities and they are loaded through the options, only through the private
+ * key path. */
+static void torture_auth_cert_options_private(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    /* the cert has default naming relative to the private key (*-cert.pub) */
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, doe_ssh_key);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+/* Same as torture_auth_cert, but the home SSH dir does not have any default
+ * identities and they are loaded through the options, only through the private
+ * key path.
+ * Non-blocking version */
+static void torture_auth_cert_options_private_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    /* the cert has default naming relative to the private key (*-cert.pub) */
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, doe_ssh_key);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+/* Same as torture_auth_cert, but the home SSH dir does not have any default
+ * identities and they are loaded through the options, also the certificate file
+ */
+static void torture_auth_cert_options_cert(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    char doe_ssh_cert[2048];
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s-cert.pub",
+             doe_ssh_key);
+
+    /* Explicit private key and cert */
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, doe_ssh_key);
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_options_set(session, SSH_OPTIONS_CERTIFICATE, doe_ssh_cert);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+/* Same as torture_auth_cert, but the home SSH dir does not have any default
+ * identities and they are loaded through the options, only through the private
+ * key path.
+ * Non-blocking version */
+static void torture_auth_cert_options_cert_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    char doe_ssh_cert[2048];
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s-cert.pub",
+             doe_ssh_key);
+
+    /* Explicit private key and cert */
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, doe_ssh_key);
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_options_set(session, SSH_OPTIONS_CERTIFICATE, doe_ssh_cert);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+static void workaround_old_openssh_bug(void **state)
+{
+#if OPENSSH_VERSION_MAJOR < 8 || (OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR == 0)
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    /* Skip this test if in FIPS mode.
+     *
+     * OpenSSH agent has a bug which makes it to not use SHA2 in signatures when
+     * using certificates. It always uses SHA1.
+     *
+     * This should be removed as soon as OpenSSH agent bug is fixed.
+     * (see https://gitlab.com/libssh/libssh-mirror/merge_requests/34) */
+    if (ssh_fips_mode()) {
+        skip();
+    } else {
+        /* After the bug is solved, this also should be removed */
+        rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+                             "ssh-rsa-cert-v01@openssh.com");
+        assert_int_equal(rc, SSH_OK);
+    }
+#else
+    (void)state;
+#endif /* OPENSSH_VERSION_MAJOR < 8.1 */
+}
+
+static void torture_auth_agent_cert(void **state)
+{
+    workaround_old_openssh_bug(state);
+
+    /* Setup loads a different key, tests are exactly the same. */
+    torture_auth_agent(state);
+}
+
+static void torture_auth_agent_cert_nonblocking(void **state)
+{
+    workaround_old_openssh_bug(state);
+
+    torture_auth_agent_nonblocking(state);
+}
+
+static void
+torture_auth_agent_cert_identities_only(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    struct passwd *pwd = NULL;
+    bool identities_only = true;
+    char *id = NULL;
+    int rc;
+
+    workaround_old_openssh_bug(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        return;
+    }
+
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* Should fail as key is not in config */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+    /* Re-add a key -- the cert in default location should be loaded
+     * automatically */
+    rc = ssh_list_append(session->opts.identity, strdup(doe_ssh_key));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code(session, rc);
+}
+
+static void
+torture_auth_agent_cert_identities_only_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    struct passwd *pwd = NULL;
+    bool identities_only = true;
+    char *id = NULL;
+    int rc;
+
+    workaround_old_openssh_bug(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        return;
+    }
+
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+    do {
+        rc = ssh_userauth_none(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* Should fail as key is not in config */
+    do {
+        rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+    /* Re-add a key -- the cert in default location should be loaded
+     * automatically */
+    rc = ssh_list_append(session->opts.identity, strdup(doe_ssh_key));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    do {
+        rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code(session, rc);
+}
+
+static int agent_cert_setup_explicit(void **state)
+{
+    char orig_doe_ssh_key[1024];
+    char doe_ssh_key[1024];
+    char keydata[2048];
+    struct passwd *pwd = NULL;
+    int fd ;
+    int rc;
+
+    agent_cert_setup(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(orig_doe_ssh_key,
+             sizeof(orig_doe_ssh_key),
+             "%s/.ssh/id_rsa",
+             pwd->pw_dir);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/my_rsa",
+             pwd->pw_dir);
+
+    /* move the private key away from the default location the certificate can
+     * not be loaded automatically */
+    fd = open(orig_doe_ssh_key, O_RDONLY);
+    assert_true(fd > 0);
+    rc = read(fd, keydata, sizeof(keydata));
+    assert_true(rc > 0);
+    keydata[rc] = '\0';
+    close(fd);
+    torture_write_file(doe_ssh_key, keydata);
+
+    return 0;
+}
+
+static void
+torture_auth_agent_cert_identities_only_explicit(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    char doe_ssh_cert[1024];
+    struct passwd *pwd = NULL;
+    bool identities_only = true;
+    char *id = NULL;
+    int rc;
+
+    workaround_old_openssh_bug(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/my_rsa",
+             pwd->pw_dir);
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s/.ssh/id_rsa-cert.pub",
+             pwd->pw_dir);
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        skip();
+    }
+
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* Should fail as key is not in config */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+    /* Re-add a key and cert  */
+    rc = ssh_list_append(session->opts.identity, strdup(doe_ssh_key));
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_list_append(session->opts.certificate, strdup(doe_ssh_cert));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code(session, rc);
+}
+
+static void
+torture_auth_agent_cert_identities_only_nonblocking_explicit(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_key[1024];
+    char doe_ssh_cert[1024];
+    struct passwd *pwd = NULL;
+    bool identities_only = true;
+    char *id = NULL;
+    int rc;
+
+    workaround_old_openssh_bug(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_key,
+             sizeof(doe_ssh_key),
+             "%s/.ssh/my_rsa",
+             pwd->pw_dir);
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s/.ssh/id_rsa-cert.pub",
+             pwd->pw_dir);
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        skip();
+    }
+
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_userauth_none(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* Should fail as key is not in config */
+    do {
+        rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+    /* Re-add a key and cert  */
+    rc = ssh_list_append(session->opts.identity, strdup(doe_ssh_key));
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_list_append(session->opts.certificate, strdup(doe_ssh_cert));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    do {
+        rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code(session, rc);
+}
+
+static void
+torture_auth_agent_cert_only_identities_only(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_cert[1024];
+    struct passwd *pwd = NULL;
+    bool identities_only = true;
+    char *id = NULL;
+    int rc;
+
+    workaround_old_openssh_bug(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s/.ssh/id_rsa-cert.pub",
+             pwd->pw_dir);
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        skip();
+    }
+
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* Should fail as key is not in config */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+    /* Re-add a cert: key is in the agent  */
+    rc = ssh_list_append(session->opts.certificate, strdup(doe_ssh_cert));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code(session, rc);
+}
+
+static void
+torture_auth_agent_cert_only_identities_only_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char doe_ssh_cert[1024];
+    struct passwd *pwd = NULL;
+    bool identities_only = true;
+    char *id = NULL;
+    int rc;
+
+    workaround_old_openssh_bug(state);
+
+    pwd = getpwnam("doe");
+    assert_non_null(pwd);
+
+    snprintf(doe_ssh_cert,
+             sizeof(doe_ssh_cert),
+             "%s/.ssh/id_rsa-cert.pub",
+             pwd->pw_dir);
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        skip();
+    }
+
+    rc = ssh_options_set(session, SSH_OPTIONS_IDENTITIES_ONLY, &identities_only);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Remove the default identities */
+    while ((id = ssh_list_pop_head(char *, session->opts.identity_non_exp)) != NULL) {
+        SAFE_FREE(id);
+    }
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_userauth_none(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* Should fail as key is not in config */
+    do {
+        rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code_equal(session, rc, SSH_AUTH_DENIED);
+
+    /* Re-add a cert: key is in the agent  */
+    rc = ssh_list_append(session->opts.certificate, strdup(doe_ssh_cert));
+    assert_int_equal(rc, SSH_OK);
+
+    /* Should succeed as key now in config/options */
+    do {
+        rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code(session, rc);
+}
+
+int torture_run_tests(void) {
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_auth_cert,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_nonblocking,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_default_non_explicit,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_default_non_explicit_nonblocking,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_auto_fail,
+                                        session_setup_ssh_dir,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_auto_fail_nonblocking,
+                                        session_setup_ssh_dir,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_options_private,
+                                        session_setup_ssh_dir,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_options_private_nonblocking,
+                                        session_setup_ssh_dir,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_options_cert,
+                                        session_setup_ssh_dir,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_cert_options_cert_nonblocking,
+                                        session_setup_ssh_dir,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert,
+                                        agent_cert_setup,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_nonblocking,
+                                        agent_cert_setup,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_identities_only,
+                                        agent_cert_setup,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_identities_only_nonblocking,
+                                        agent_cert_setup,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_identities_only_explicit,
+                                        agent_cert_setup_explicit,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_identities_only_nonblocking_explicit,
+                                        agent_cert_setup_explicit,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_only_identities_only,
+                                        agent_cert_setup,
+                                        agent_teardown),
+        cmocka_unit_test_setup_teardown(torture_auth_agent_cert_only_identities_only_nonblocking,
+                                        agent_cert_setup,
+                                        agent_teardown),
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_auth_common.c b/libssh/tests/client/torture_auth_common.c
new file mode 100644
index 00000000..8a4f2854
--- /dev/null
+++ b/libssh/tests/client/torture_auth_common.c
@@ -0,0 +1,94 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2010 by Aris Adamantiadis
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#include "torture.h"
+#include "libssh/libssh.h"
+
+/* agent_is_running */
+#include "agent.c"
+
+void torture_auth_agent(void **state);
+void torture_auth_agent(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        return;
+    }
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session,NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    /* negative test case */
+    rc = ssh_userauth_agent(NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+
+    rc = ssh_userauth_agent(session, NULL);
+    assert_ssh_return_code(session, rc);
+}
+
+void torture_auth_agent_nonblocking(void **state);
+void torture_auth_agent_nonblocking(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    if (!ssh_agent_is_running(session)){
+        print_message("*** Agent not running. Test ignored\n");
+        return;
+    }
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session,NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+    ssh_set_blocking(session,0);
+
+    do {
+      rc = ssh_userauth_agent(session, NULL);
+    } while (rc == SSH_AUTH_AGAIN);
+    assert_ssh_return_code(session, rc);
+}
diff --git a/libssh/tests/client/torture_auth_pkcs11.c b/libssh/tests/client/torture_auth_pkcs11.c
index ee97bff4..15c0259c 100644
--- a/libssh/tests/client/torture_auth_pkcs11.c
+++ b/libssh/tests/client/torture_auth_pkcs11.c
@@ -39,9 +39,8 @@
 #define LIBSSH_ECDSA_256_TESTKEY  "id_pkcs11_ecdsa_256"
 #define LIBSSH_ECDSA_384_TESTKEY  "id_pkcs11_ecdsa_384"
 #define LIBSSH_ECDSA_521_TESTKEY  "id_pkcs11_ecdsa_521"
-#define SOFTHSM_CONF "softhsm.conf"
 
-const char template[] = "temp_dir_XXXXXX";
+const char template[] = "/tmp/temp_dir_XXXXXX";
 
 struct pki_st {
     char *temp_dir;
@@ -104,12 +103,12 @@ static int session_teardown(void **state)
 
     return 0;
 }
-static int setup_session(void **state)
+
+static int setup_pkcs11(void **state)
 {
     struct torture_state *s = *state;
     struct pki_st *test_state = NULL;
     int rc;
-    char conf_path[1024] = {0};
     char keys_dir[1024] = {0};
     char *temp_dir;
 
@@ -118,7 +117,7 @@ static int setup_session(void **state)
 
     s->private_data = test_state;
 
-    test_state->orig_dir = strdup(torture_get_current_working_dir());
+    test_state->orig_dir = torture_get_current_working_dir();
     assert_non_null(test_state->orig_dir);
 
     temp_dir = torture_make_temp_dir(template);
@@ -127,16 +126,13 @@ static int setup_session(void **state)
     rc = torture_change_dir(temp_dir);
     assert_int_equal(rc, 0);
 
-    test_state->temp_dir = strdup(torture_get_current_working_dir());
+    test_state->temp_dir = torture_get_current_working_dir();
     assert_non_null(test_state->temp_dir);
 
     snprintf(keys_dir, sizeof(keys_dir), "%s/tests/keys/pkcs11/", SOURCEDIR);
 
     test_state->keys_dir = strdup(keys_dir);
 
-    snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", test_state->temp_dir);
-    setenv("SOFTHSM2_CONF", conf_path, 1);
-
     setup_tokens(state, LIBSSH_RSA_TESTKEY, "rsa");
     setup_tokens(state, LIBSSH_ECDSA_256_TESTKEY, "ecdsa256");
     setup_tokens(state, LIBSSH_ECDSA_384_TESTKEY, "ecdsa384");
@@ -149,7 +145,7 @@ static int sshd_setup(void **state)
 {
 
     torture_setup_sshd_server(state, true);
-    setup_session(state);
+    setup_pkcs11(state);
 
     return 0;
 }
@@ -160,18 +156,20 @@ static int sshd_teardown(void **state) {
     struct pki_st *test_state = s->private_data;
     int rc;
 
-    unsetenv("SOFTHSM2_CONF");
+    if (test_state != NULL) {
+        torture_cleanup_tokens(test_state->temp_dir);
 
-    rc = torture_change_dir(test_state->orig_dir);
-    assert_int_equal(rc, 0);
+        rc = torture_change_dir(test_state->orig_dir);
+        assert_int_equal(rc, 0);
 
-    rc = torture_rmdirs(test_state->temp_dir);
-    assert_int_equal(rc, 0);
+        rc = torture_rmdirs(test_state->temp_dir);
+        assert_int_equal(rc, 0);
 
-    SAFE_FREE(test_state->temp_dir);
-    SAFE_FREE(test_state->orig_dir);
-    SAFE_FREE(test_state->keys_dir);
-    SAFE_FREE(test_state);
+        SAFE_FREE(test_state->temp_dir);
+        SAFE_FREE(test_state->orig_dir);
+        SAFE_FREE(test_state->keys_dir);
+        SAFE_FREE(test_state);
+    }
 
     torture_teardown_sshd_server(state);
 
@@ -182,21 +180,18 @@ static void torture_auth_autopubkey(void **state, const char *obj_name, const ch
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     int rc;
-    int verbosity = 4;
     char priv_uri[1042];
+
     /* Authenticate as charlie with bob his pubkey */
     rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_CHARLIE);
     assert_int_equal(rc, SSH_OK);
 
-    rc = ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
-    assert_int_equal(rc, SSH_OK);
-
     snprintf(priv_uri, sizeof(priv_uri), "pkcs11:token=%s;object=%s;type=private?pin-value=%s",
             obj_name, obj_name, pin);
 
     rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, priv_uri);
     assert_int_equal(rc, SSH_OK);
-    assert_string_equal(session->opts.identity->root->data, priv_uri);
+    assert_string_equal(session->opts.identity_non_exp->root->data, priv_uri);
 
     rc = ssh_connect(session);
     assert_int_equal(rc, SSH_OK);
@@ -245,9 +240,14 @@ int torture_run_tests(void) {
                                         session_teardown),
     };
 
-    ssh_session session = ssh_new();
-    int verbosity = SSH_LOG_FUNCTIONS;
-    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    /* Do not use system openssl.cnf for the pkcs11 uri tests.
+     * It can load a pkcs11 provider too early before we will set up environment
+     * variables that are needed for the pkcs11 provider to access correct
+     * tokens, causing unexpected failures.
+     * Make sure this comes before ssh_init(), which initializes OpenSSL!
+     */
+    setenv("OPENSSL_CONF", "/dev/null", 1);
+
     ssh_init();
     torture_filter_tests(tests);
     rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
diff --git a/libssh/tests/client/torture_client_callbacks.c b/libssh/tests/client/torture_client_callbacks.c
new file mode 100644
index 00000000..498783e3
--- /dev/null
+++ b/libssh/tests/client/torture_client_callbacks.c
@@ -0,0 +1,261 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2012 by Aris Adamantiadis
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "libssh/libssh.h"
+#include "libssh/priv.h"
+#include "libssh/session.h"
+#include "libssh/callbacks.h"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+
+#define STATE_SUCCESS (1)
+#define STATE_FAILURE (2)
+
+struct callback_state
+{
+    int open_response;
+    int request_response;
+    ssh_session expected_session;
+    ssh_channel expected_channel;
+    struct ssh_channel_callbacks_struct *callback;
+};
+
+static void on_open_response(ssh_session session, ssh_channel channel, bool is_success, void *userdata)
+{
+    struct callback_state *state = (struct callback_state*)userdata;
+    assert_ptr_equal(state->expected_session, session);
+    assert_ptr_equal(state->expected_channel, channel);
+    state->open_response = is_success ? STATE_SUCCESS : STATE_FAILURE;
+}
+
+static void on_request_response(ssh_session session, ssh_channel channel, void *userdata)
+{
+    struct callback_state *state = (struct callback_state*)userdata;
+    assert_ptr_equal(state->expected_session, session);
+    assert_ptr_equal(state->expected_channel, channel);
+    state->request_response = STATE_SUCCESS;
+}
+
+static struct callback_state *set_callbacks(ssh_session session, ssh_channel channel)
+{
+    int rc;
+    struct ssh_channel_callbacks_struct *cb;
+    struct callback_state *cb_state = NULL;
+
+    cb_state = (struct callback_state *)calloc(1,
+            sizeof(struct callback_state));
+    assert_non_null(cb_state);
+    cb_state->expected_session = session;
+    cb_state->expected_channel = channel;
+
+    cb = (struct ssh_channel_callbacks_struct *)calloc(1,
+            sizeof(struct ssh_channel_callbacks_struct));
+    assert_non_null(cb);
+    ssh_callbacks_init(cb);
+    cb->userdata = cb_state;
+    cb->channel_open_response_function = on_open_response;
+    cb->channel_request_response_function = on_request_response;
+    rc = ssh_set_channel_callbacks(channel, cb);
+    assert_ssh_return_code(session, rc);
+
+    /* Keep the reference so it can be cleaned up later */
+    cb_state->callback = cb;
+    return cb_state;
+}
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+
+    return 0;
+}
+
+static int sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void torture_open_success(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel;
+    int rc;
+    struct callback_state *cb_state = NULL;
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    cb_state = set_callbacks(session, channel);
+
+    rc = ssh_channel_open_session(channel);
+    assert_ssh_return_code(session, rc);
+
+    assert_int_equal(STATE_SUCCESS, cb_state->open_response);
+
+    ssh_channel_free(channel);
+    free(cb_state->callback);
+    free(cb_state);
+}
+
+static void torture_open_failure(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel;
+    int rc;
+    struct callback_state *cb_state = NULL;
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    cb_state = set_callbacks(session, channel);
+
+    rc = ssh_channel_open_forward(channel, "0.0.0.0", 0, "0.0.0.0", 0);
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+
+    assert_int_equal(STATE_FAILURE, cb_state->open_response);
+
+    ssh_channel_free(channel);
+    free(cb_state->callback);
+    free(cb_state);
+}
+
+static void torture_request_success(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel;
+    int rc;
+    struct callback_state *cb_state = NULL;
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    cb_state = set_callbacks(session, channel);
+
+    rc = ssh_channel_open_session(channel);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_request_exec(channel, "echo -n ABCD");
+    assert_ssh_return_code(session, rc);
+
+    assert_int_equal(STATE_SUCCESS, cb_state->request_response);
+
+    ssh_channel_free(channel);
+    free(cb_state->callback);
+    free(cb_state);
+}
+
+static void torture_request_failure(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel;
+    int rc;
+    struct callback_state *cb_state = NULL;
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    cb_state = set_callbacks(session, channel);
+
+    rc = ssh_channel_open_session(channel);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_request_env(channel, "NOT_ACCEPTED", "VALUE");
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+
+    assert_int_equal(STATE_SUCCESS, cb_state->request_response);
+
+    ssh_channel_free(channel);
+    free(cb_state->callback);
+    free(cb_state);
+}
+
+int torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_open_success,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_open_failure,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_request_success,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_request_failure,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_client_config.c b/libssh/tests/client/torture_client_config.c
index c413619a..5ac22a4c 100644
--- a/libssh/tests/client/torture_client_config.c
+++ b/libssh/tests/client/torture_client_config.c
@@ -130,7 +130,7 @@ static void torture_client_config_system(void **state)
  * configuration files retains OpenSSH semantics (the per-user overrides
  * the system-wide values).
  * The function ssh_options_parse_config() has hardcoded path to the
- * system-wide configuraion file so we try to emmulate the behavior by parsing
+ * system-wide configuration file so we try to emulate the behavior by parsing
  * the files separately in the same order.
  */
 static void torture_client_config_emulate(void **state)
diff --git a/libssh/tests/client/torture_connect.c b/libssh/tests/client/torture_connect.c
index f31f521f..fd3e3d32 100644
--- a/libssh/tests/client/torture_connect.c
+++ b/libssh/tests/client/torture_connect.c
@@ -83,6 +83,26 @@ static int session_teardown(void **state)
     return 0;
 }
 
+static void torture_connect_peer_discon_msg(void **state) {
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+
+    int rc;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_service_request(session, "wrong-service");
+    assert_int_not_equal(rc, SSH_OK);
+
+    ssh_disconnect(session);
+    assert_non_null(session->peer_discon_msg);
+    assert_non_null(ssh_get_disconnect_message(session));
+}
+
 static void torture_connect_nonblocking(void **state) {
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
@@ -100,6 +120,29 @@ static void torture_connect_nonblocking(void **state) {
     assert_ssh_return_code(session, rc);
 }
 
+static void torture_connect_ipv6(void **state) {
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, "testing");
+    assert_ssh_return_code(session, rc);
+    /* set non-blocking mode */
+    ssh_set_blocking(session, 0);
+
+    do {
+        rc = ssh_connect(session);
+    } while (rc == SSH_AGAIN);
+
+    assert_ssh_return_code(session, rc);
+
+    /* should work for blocking mode too */
+    ssh_disconnect(session);
+    ssh_set_blocking(session, 1);
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+}
+
 #if 0 /* This does not work with socket_wrapper */
 static void torture_connect_timeout(void **state) {
     struct torture_state *s = *state;
@@ -189,7 +232,7 @@ static void torture_connect_uninitialized(UNUSED_PARAM(void **state))
     ssh_session session;
     struct passwd *pwd;
 
-    /* Make sure the library is unitialized */
+    /* Make sure the library is uninitialized */
     while (is_ssh_initialized()) {
         rc = ssh_finalize();
         assert_return_code(rc, errno);
@@ -215,16 +258,90 @@ static void torture_connect_uninitialized(UNUSED_PARAM(void **state))
     ssh_free(session);
 }
 
+static void
+internal_log(ssh_session session,
+             int priority,
+             const char *message,
+             void *userdata)
+{
+    (void)session;
+    (void)priority;
+    (void)message;
+    (void)userdata;
+
+    return;
+}
+
+static void
+torture_legacy_callback(void **state)
+{
+    struct ssh_callbacks_struct cb[2] = {0};
+    int rc, verbosity = SSH_LOG_WARNING;
+    ssh_session session = NULL;
+
+    /* unused. */
+    (void)state;
+
+    /*
+     *  Legacy code in 'ssh_set_callbacks' used to
+     *  create the conditions for a use-after-free
+     *  issue, in multi-session programs, by failing
+     *  to update a pointer with the new session.
+     *
+     *  To verify it won't happen again, this test
+     *  creates two consecutive sessions and frees
+     *  them; if any fault occurs then the pointer
+     *  remained at the previous session, failing
+     *  to be updated.
+     */
+    for (int i = 0; i < 2; i++) {
+        session = ssh_new();
+        assert_non_null(session);
+
+        rc = ssh_options_set(session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+        assert_ssh_return_code(session, rc);
+
+        rc = ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+        assert_ssh_return_code(session, rc);
+
+        cb[i].log_function = internal_log;
+
+        ssh_callbacks_init(&cb[i]);
+        ssh_set_callbacks(session, &cb[i]);
+
+        rc = ssh_connect(session);
+        assert_ssh_return_code(session, rc);
+        ssh_disconnect(session);
+
+        ssh_free(session);
+    }
+}
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
-        cmocka_unit_test_setup_teardown(torture_connect_nonblocking, session_setup, session_teardown),
-        cmocka_unit_test_setup_teardown(torture_connect_double, session_setup, session_teardown),
-        cmocka_unit_test_setup_teardown(torture_connect_failure, session_setup, session_teardown),
+        cmocka_unit_test_setup_teardown(torture_connect_peer_discon_msg,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_connect_nonblocking,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_connect_ipv6,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_connect_double,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_connect_failure,
+                                        session_setup,
+                                        session_teardown),
 #if 0
         cmocka_unit_test_setup_teardown(torture_connect_timeout, session_setup, session_teardown),
 #endif
-        cmocka_unit_test_setup_teardown(torture_connect_socket, session_setup, session_teardown),
+        cmocka_unit_test_setup_teardown(torture_connect_socket,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test(torture_legacy_callback),
         cmocka_unit_test(torture_connect_uninitialized),
     };
 
diff --git a/libssh/tests/client/torture_gssapi_auth.c b/libssh/tests/client/torture_gssapi_auth.c
new file mode 100644
index 00000000..20f35419
--- /dev/null
+++ b/libssh/tests/client/torture_gssapi_auth.c
@@ -0,0 +1,276 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include <libssh/libssh.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <gssapi.h>
+#include <pwd.h>
+
+static int
+sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+    torture_update_sshd_config(state,
+                               "GSSAPIAuthentication yes\n"
+                               "GSSAPICleanupCredentials yes\n"
+                               "GSSAPIStrictAcceptorCheck yes\n");
+
+    return 0;
+}
+
+static int
+sshd_teardown(void **state)
+{
+    assert_non_null(state);
+
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    int verbosity = torture_libssh_verbosity();
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    assert_non_null(s);
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void
+torture_gssapi_auth(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    /* No client credential */
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        /* No TGT */
+        "");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+    torture_teardown_kdc_server(state);
+    /* Invalid host principal */
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/invalid.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/invalid.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+    torture_teardown_kdc_server(state);
+    /* Valid */
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    torture_teardown_kdc_server(state);
+}
+
+static void
+torture_gssapi_auth_client_identity(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    /* Invalid client identity option */
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, "bob");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+    torture_teardown_kdc_server(state);
+
+    /* Valid client identity option*/
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    ssh_options_set(session, SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY, "alice");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    torture_teardown_kdc_server(state);
+}
+
+static void
+torture_gssapi_auth_server_identity(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    /* Invalid server identity option */
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    ssh_options_set(session,
+                    SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
+                    "invalid.libssh.site");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+    torture_teardown_kdc_server(state);
+
+    /* Valid server identity option*/
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    ssh_options_set(session,
+                    SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
+                    "server.libssh.site");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    torture_teardown_kdc_server(state);
+}
+
+static void
+torture_gssapi_auth_delegate_creds(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+    OM_uint32 maj_stat, min_stat;
+    gss_cred_id_t client_creds = GSS_C_NO_CREDENTIAL;
+    gss_OID_set no_mechs = GSS_C_NO_OID_SET;
+    int t = 1;
+
+    ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &t);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    torture_setup_kdc_server(
+        state,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+
+    maj_stat = gss_acquire_cred(&min_stat,
+                                GSS_C_NO_NAME,
+                                GSS_C_INDEFINITE,
+                                GSS_C_NO_OID_SET,
+                                GSS_C_INITIATE,
+                                &client_creds,
+                                &no_mechs,
+                                NULL);
+    assert_int_equal(GSS_ERROR(maj_stat), 0);
+
+    ssh_gssapi_set_creds(session, client_creds);
+
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    gss_release_cred(&min_stat, &client_creds);
+    gss_release_oid_set(&min_stat, &no_mechs);
+
+    torture_teardown_kdc_server(state);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_gssapi_auth,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_auth_client_identity,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_auth_server_identity,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_auth_delegate_creds,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_hostkey.c b/libssh/tests/client/torture_hostkey.c
index 574a8400..88b657b6 100644
--- a/libssh/tests/client/torture_hostkey.c
+++ b/libssh/tests/client/torture_hostkey.c
@@ -127,30 +127,6 @@ static void torture_hostkey_ed25519(void **state) {
     assert_ssh_return_code(session, rc);
 }
 
-#ifdef HAVE_DSA
-static void torture_hostkey_dss(void **state) {
-    struct torture_state *s = *state;
-    ssh_session session = s->ssh.session;
-    char rsa[] = "ssh-dss";
-
-    int rc;
-
-    if (ssh_fips_mode()) {
-        skip();
-    }
-
-    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, &rsa);
-    assert_ssh_return_code(session, rc);
-
-    rc = ssh_connect(session);
-    assert_ssh_return_code(session, rc);
-    ssh_disconnect(session);
-
-    rc = ssh_connect(session);
-    assert_ssh_return_code(session, rc);
-}
-#endif /* HAVE_DSA */
-
 #ifdef HAVE_ECC
 static void torture_hostkey_ecdsa(void **state) {
     struct torture_state *s = *state;
@@ -220,10 +196,6 @@ int torture_run_tests(void) {
 #ifdef HAVE_ECC
         cmocka_unit_test_setup_teardown(torture_hostkey_ecdsa, session_setup,
                                         session_teardown),
-#endif
-#ifdef HAVE_DSA
-        cmocka_unit_test_setup_teardown(torture_hostkey_dss, session_setup,
-                                        session_teardown),
 #endif
         /* the client is able to handle SHA2 extension (if negotiated) */
         cmocka_unit_test_setup_teardown(torture_hostkey_rsa_sha256,
diff --git a/libssh/tests/client/torture_proxycommand.c b/libssh/tests/client/torture_proxycommand.c
index 7812a959..232080eb 100644
--- a/libssh/tests/client/torture_proxycommand.c
+++ b/libssh/tests/client/torture_proxycommand.c
@@ -69,7 +69,9 @@ static void torture_options_set_proxycommand(void **state)
     char command[255] = {0};
     struct stat sb;
     int rc;
+#ifdef WITH_EXEC
     socket_t fd;
+#endif
 
     rc = stat(NCAT_EXECUTABLE, &sb);
     if (rc != 0 || (sb.st_mode & S_IXOTH) == 0) {
@@ -88,11 +90,15 @@ static void torture_options_set_proxycommand(void **state)
     rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
     assert_int_equal(rc, 0);
     rc = ssh_connect(session);
+#ifdef WITH_EXEC
     assert_ssh_return_code(session, rc);
     fd = ssh_get_fd(session);
-    assert_true(fd != SSH_INVALID_SOCKET);
+    assert_int_not_equal(fd, SSH_INVALID_SOCKET);
     rc = fcntl(fd, F_GETFL);
     assert_int_equal(rc & O_RDWR, O_RDWR);
+#else
+    assert_int_equal(rc, SSH_ERROR);
+#endif /* WITH_EXEC */
 }
 
 #else /* NCAT_EXECUTABLE */
@@ -124,21 +130,27 @@ static void torture_options_set_proxycommand_ssh(void **state)
     const char *address = torture_server_address(AF_INET);
     char command[255] = {0};
     int rc;
+#ifdef WITH_EXEC
     socket_t fd;
+#endif
 
     rc = snprintf(command, sizeof(command),
-                  "ssh -oStrictHostKeyChecking=no -W [%%h]:%%p alice@%s",
+                  "ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -W [%%h]:%%p alice@%s",
                   address);
     assert_true((size_t)rc < sizeof(command));
 
     rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
     assert_int_equal(rc, 0);
     rc = ssh_connect(session);
+#ifdef WITH_EXEC
     assert_ssh_return_code(session, rc);
     fd = ssh_get_fd(session);
-    assert_true(fd != SSH_INVALID_SOCKET);
+    assert_int_not_equal(fd, SSH_INVALID_SOCKET);
     rc = fcntl(fd, F_GETFL);
     assert_int_equal(rc & O_RDWR, O_RDWR);
+#else
+    assert_int_equal(rc, SSH_ERROR);
+#endif /* WITH_EXEC */
 }
 
 static void torture_options_set_proxycommand_ssh_stderr(void **state)
@@ -148,22 +160,78 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
     const char *address = torture_server_address(AF_INET);
     char command[255] = {0};
     int rc;
+#ifdef WITH_EXEC
     socket_t fd;
+#endif
 
     /* The -vvv switches produce the desired output on the standard error */
     rc = snprintf(command, sizeof(command),
-                  "ssh -vvv -oStrictHostKeyChecking=no -W [%%h]:%%p alice@%s",
+                  "ssh -vvv -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -W [%%h]:%%p alice@%s",
                   address);
     assert_true((size_t)rc < sizeof(command));
 
     rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
     assert_int_equal(rc, 0);
     rc = ssh_connect(session);
+#ifdef WITH_EXEC
     assert_ssh_return_code(session, rc);
     fd = ssh_get_fd(session);
-    assert_true(fd != SSH_INVALID_SOCKET);
+    assert_int_not_equal(fd, SSH_INVALID_SOCKET);
     rc = fcntl(fd, F_GETFL);
     assert_int_equal(rc & O_RDWR, O_RDWR);
+#else
+    assert_int_equal(rc, SSH_ERROR);
+#endif /* WITH_EXEC */
+}
+
+static void torture_options_proxycommand_injection(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    const char *malicious_host = "`echo foo > mfile`";
+    const char *command = "nc %h %p";
+    char *current_dir = NULL;
+    char *malicious_file_path = NULL;
+    int mfp_len;
+    int verbosity = torture_libssh_verbosity();
+    struct stat sb;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    // if we would be checking the rc, this should fail
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, malicious_host);
+
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROXYCOMMAND, command);
+    assert_int_equal(rc, 0);
+    rc = ssh_connect(s->ssh.session);
+    assert_ssh_return_code_equal(s->ssh.session, rc, SSH_ERROR);
+
+    current_dir = torture_get_current_working_dir();
+    assert_non_null(current_dir);
+    mfp_len = strlen(current_dir) + 6;
+    malicious_file_path = malloc(mfp_len);
+    assert_non_null(malicious_file_path);
+    rc = snprintf(malicious_file_path, mfp_len,
+                  "%s/mfile", current_dir);
+    assert_int_equal(rc, mfp_len);
+    free(current_dir);
+    rc = stat(malicious_file_path, &sb);
+    assert_int_not_equal(rc, 0);
+
+    // cleanup
+    remove(malicious_file_path);
+    free(malicious_file_path);
 }
 
 int torture_run_tests(void) {
@@ -181,6 +249,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_options_set_proxycommand_ssh_stderr,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_options_proxycommand_injection,
+                                        NULL,
+                                        session_teardown),
     };
 
 
diff --git a/libssh/tests/client/torture_proxyjump.c b/libssh/tests/client/torture_proxyjump.c
new file mode 100644
index 00000000..6e4f88c0
--- /dev/null
+++ b/libssh/tests/client/torture_proxyjump.c
@@ -0,0 +1,222 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include <libssh/libssh.h>
+
+#include <pwd.h>
+#include <errno.h>
+#include <fcntl.h>
+
+static int
+sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+
+    return 0;
+}
+
+static int
+sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    int verbosity = torture_libssh_verbosity();
+    struct passwd *pwd = NULL;
+    int rc;
+    bool b = false;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session,
+                         SSH_OPTIONS_USER,
+                         TORTURE_SSH_USER_ALICE);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    /* Make sure no other configuration options from system will get used */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    unsetenv("SSH_AUTH_SOCK");
+    unsetenv("SSH_AGENT_PID");
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void
+torture_proxyjump_single_jump(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char proxyjump_buf[500] = {0};
+    const char *address = torture_server_address(AF_INET);
+    int rc;
+    socket_t fd;
+
+    rc = snprintf(proxyjump_buf, sizeof(proxyjump_buf), "alice@%s:22", address);
+    if (rc < 0 || rc >= (int)sizeof(proxyjump_buf)) {
+        fail_msg("snprintf failed");
+    }
+    rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP, proxyjump_buf);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    fd = ssh_get_fd(session);
+    assert_int_not_equal(fd, SSH_INVALID_SOCKET);
+
+    rc = fcntl(fd, F_GETFL);
+    assert_int_equal(rc & O_RDWR, O_RDWR);
+
+    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+static int
+before_connection(ssh_session jump_session, void *user)
+{
+    (void)jump_session;
+    (void)user;
+
+    return 0;
+}
+
+static int
+verify_knownhost(ssh_session jump_session, void *user)
+{
+    (void)jump_session;
+    (void)user;
+
+    return 0;
+}
+
+static int
+authenticate(ssh_session jump_session, void *user)
+{
+    (void)user;
+
+    return ssh_userauth_publickey_auto(jump_session, NULL, NULL);
+}
+
+static void
+torture_proxyjump_multiple_jump(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char proxyjump_buf[500] = {0};
+    const char *address = torture_server_address(AF_INET);
+    int rc;
+    socket_t fd;
+
+    struct ssh_jump_callbacks_struct c = {
+        .before_connection = before_connection,
+        .verify_knownhost = verify_knownhost,
+        .authenticate = authenticate
+    };
+
+    rc = snprintf(proxyjump_buf,
+                  sizeof(proxyjump_buf),
+                  "alice@%s:22,alice@%s:22",
+                  address,
+                  address);
+    if (rc < 0 || rc >= (int)sizeof(proxyjump_buf)) {
+        fail_msg("snprintf failed");
+    }
+    rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP, proxyjump_buf);
+    assert_ssh_return_code(session, rc);
+    rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND, &c);
+    assert_ssh_return_code(session, rc);
+    rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP_CB_LIST_APPEND, &c);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    fd = ssh_get_fd(session);
+    assert_int_not_equal(fd, SSH_INVALID_SOCKET);
+
+    rc = fcntl(fd, F_GETFL);
+    assert_int_equal(rc & O_RDWR, O_RDWR);
+
+    rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+}
+
+static void
+torture_proxyjump_invalid_jump(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char proxyjump_buf[500] = {0};
+    const char *address = torture_server_address(AF_INET);
+    int rc;
+
+    rc = snprintf(proxyjump_buf,
+                  sizeof(proxyjump_buf),
+                  "doesnotexist@%s:54",
+                  address);
+    if (rc < 0 || rc >= (int)sizeof(proxyjump_buf)) {
+        fail_msg("snprintf failed");
+    }
+    rc = ssh_options_set(session, SSH_OPTIONS_PROXYJUMP, proxyjump_buf);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_proxyjump_single_jump,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_proxyjump_multiple_jump,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_proxyjump_invalid_jump,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_rekey.c b/libssh/tests/client/torture_rekey.c
index ce31325e..d76a3e11 100644
--- a/libssh/tests/client/torture_rekey.c
+++ b/libssh/tests/client/torture_rekey.c
@@ -31,6 +31,7 @@
 #include "libssh/priv.h"
 #include "libssh/session.h"
 #include "libssh/crypto.h"
+#include "libssh/token.h"
 
 #include <errno.h>
 #include <sys/types.h>
@@ -96,6 +97,7 @@ static int session_teardown(void **state)
     struct torture_state *s = *state;
 
     ssh_free(s->ssh.session);
+    s->ssh.session = NULL;
 
     return 0;
 }
@@ -148,6 +150,33 @@ static void torture_rekey_default(void **state)
     ssh_disconnect(s->ssh.session);
 }
 
+static void sanity_check_session_size(void **state, uint64_t rekey_limit)
+{
+    struct torture_state *s = *state;
+    struct ssh_crypto_struct *c = NULL;
+
+    c = s->ssh.session->current_crypto;
+    assert_non_null(c);
+    assert_int_equal(c->in_cipher->max_blocks,
+                     rekey_limit / c->in_cipher->blocksize);
+    assert_int_equal(c->out_cipher->max_blocks,
+                     rekey_limit / c->out_cipher->blocksize);
+    /* when strict kex is used, the newkeys reset the sequence number */
+    if ((s->ssh.session->flags & SSH_SESSION_FLAG_KEX_STRICT) != 0) {
+        assert_int_equal(c->out_cipher->packets, s->ssh.session->send_seq);
+        assert_int_equal(c->in_cipher->packets, s->ssh.session->recv_seq);
+    } else {
+        /* Otherwise we have less encrypted packets than transferred
+         * (first are not encrypted) */
+        assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
+        assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+    }
+}
+static void sanity_check_session(void **state)
+{
+    sanity_check_session_size(state, bytes);
+}
+
 /* We lower the rekey limits manually and check that the rekey
  * really happens when sending data
  */
@@ -166,16 +195,10 @@ static void torture_rekey_send(void **state)
     rc = ssh_connect(s->ssh.session);
     assert_ssh_return_code(s->ssh.session, rc);
 
-    /* The blocks limit is set correctly */
-    c = s->ssh.session->current_crypto;
-    assert_int_equal(c->in_cipher->max_blocks,
-                     bytes / c->in_cipher->blocksize);
-    assert_int_equal(c->out_cipher->max_blocks,
-                     bytes / c->out_cipher->blocksize);
-    /* We should have less encrypted packets than transfered (first are not encrypted) */
-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+    sanity_check_session(state);
     /* Copy the initial secret hash = session_id so we know we changed keys later */
+    c = s->ssh.session->current_crypto;
+    assert_non_null(c);
     secret_hash = malloc(c->digest_len);
     assert_non_null(secret_hash);
     memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -192,10 +215,11 @@ static void torture_rekey_send(void **state)
     rc = ssh_userauth_publickey_auto(s->ssh.session, NULL, NULL);
     assert_int_equal(rc, SSH_AUTH_SUCCESS);
 
-    /* send ignore packets of up to 1KB to trigger rekey */
+    /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
+     * to make sure it completes with all different ciphers */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);
-    for (i = 0; i < 16; i++) {
+    for (i = 0; i < KEX_RETRY; i++) {
         ssh_send_ignore(s->ssh.session, data);
         ssh_handle_packets(s->ssh.session, 50);
     }
@@ -257,7 +281,7 @@ static int session_setup_sftp_client(void **state)
 /* To trigger rekey by receiving data, the easiest thing is probably to
  * use sftp
  */
-static void torture_rekey_recv(void **state)
+static void torture_rekey_recv_size(void **state, uint64_t rekey_limit)
 {
     struct torture_state *s = *state;
     struct ssh_crypto_struct *c = NULL;
@@ -272,14 +296,10 @@ static void torture_rekey_recv(void **state)
     mode_t mask;
     int rc;
 
-    /* The blocks limit is set correctly */
-    c = s->ssh.session->current_crypto;
-    assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
-    assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
-    /* We should have less encrypted packets than transfered (first are not encrypted) */
-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+    sanity_check_session_size(state, rekey_limit);
     /* Copy the initial secret hash = session_id so we know we changed keys later */
+    c = s->ssh.session->current_crypto;
+    assert_non_null(c);
     secret_hash = malloc(c->digest_len);
     assert_non_null(secret_hash);
     memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -310,8 +330,10 @@ static void torture_rekey_recv(void **state)
 
     /* The rekey limit was restored in the new crypto to the same value */
     c = s->ssh.session->current_crypto;
-    assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
-    assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
+    assert_int_equal(c->in_cipher->max_blocks,
+                     rekey_limit / c->in_cipher->blocksize);
+    assert_int_equal(c->out_cipher->max_blocks,
+                     rekey_limit / c->out_cipher->blocksize);
     /* Check that the secret hash is different than initially */
     assert_memory_not_equal(secret_hash, c->secret_hash, c->digest_len);
     free(secret_hash);
@@ -319,6 +341,11 @@ static void torture_rekey_recv(void **state)
     torture_sftp_close(s->ssh.tsftp);
     ssh_disconnect(s->ssh.session);
 }
+
+static void torture_rekey_recv(void **state)
+{
+    torture_rekey_recv_size(state, bytes);
+}
 #endif /* WITH_SFTP */
 
 /* Rekey time requires rekey after specified time and is off by default.
@@ -466,15 +493,10 @@ static void torture_rekey_different_kex(void **state)
     assert_ssh_return_code(s->ssh.session, rc);
 
     /* The blocks limit is set correctly */
-    c = s->ssh.session->current_crypto;
-    assert_int_equal(c->in_cipher->max_blocks,
-                     bytes / c->in_cipher->blocksize);
-    assert_int_equal(c->out_cipher->max_blocks,
-                     bytes / c->out_cipher->blocksize);
-    /* We should have less encrypted packets than transfered (first are not encrypted) */
-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
+    sanity_check_session(state);
     /* Copy the initial secret hash = session_id so we know we changed keys later */
+    c = s->ssh.session->current_crypto;
+    assert_non_null(c);
     secret_hash = malloc(c->digest_len);
     assert_non_null(secret_hash);
     memcpy(secret_hash, c->secret_hash, c->digest_len);
@@ -497,13 +519,13 @@ static void torture_rekey_different_kex(void **state)
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, kex2);
     assert_ssh_return_code(s->ssh.session, rc);
 
-    /* send ignore packets of up to 1KB to trigger rekey. Send litle bit more
+    /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
      * to make sure the rekey it completes with all different ciphers (paddings */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);
     for (i = 0; i < KEX_RETRY; i++) {
         ssh_send_ignore(s->ssh.session, data);
-        ssh_handle_packets(s->ssh.session, 100);
+        ssh_handle_packets(s->ssh.session, 1000);
 
         c = s->ssh.session->current_crypto;
         /* SHA256 len */
@@ -575,13 +597,13 @@ static void torture_rekey_server_different_kex(void **state)
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, kex2);
     assert_ssh_return_code(s->ssh.session, rc);
 
-    /* send ignore packets of up to 1KB to trigger rekey. Send litle bit more
+    /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
      * to make sure the rekey it completes with all different ciphers (paddings */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);
     for (i = 0; i < KEX_RETRY; i++) {
         ssh_send_ignore(s->ssh.session, data);
-        ssh_handle_packets(s->ssh.session, 100);
+        ssh_handle_packets(s->ssh.session, 1000);
 
         c = s->ssh.session->current_crypto;
         /* SHA256 len */
@@ -670,6 +692,239 @@ static void torture_rekey_server_recv(void **state)
 }
 #endif /* WITH_SFTP */
 
+#ifdef WITH_ZLIB
+/* This is disabled by OpenSSH since OpenSSH 7.4p1 */
+#if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 4) || OPENSSH_VERSION_MAJOR < 7
+/* Compression can be funky to get right after rekey
+ */
+static void torture_rekey_send_compression(void **state)
+{
+    struct torture_state *s = *state;
+    const char *comp = "zlib";
+    int rc;
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_C_S, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_S_C, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    torture_rekey_send(state);
+}
+
+#ifdef WITH_SFTP
+static void torture_rekey_recv_compression(void **state)
+{
+    struct torture_state *s = *state;
+    const char *comp = "zlib";
+    int rc;
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_C_S, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_S_C, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    torture_rekey_recv(state);
+}
+#endif /* WITH_SFTP */
+#endif
+
+/* Especially the delayed compression by openssh.
+ */
+static void torture_rekey_send_compression_delayed(void **state)
+{
+    struct torture_state *s = *state;
+    const char *comp = "zlib@openssh.com";
+    int rc;
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_C_S, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_S_C, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    torture_rekey_send(state);
+}
+
+#ifdef WITH_SFTP
+static void torture_rekey_recv_compression_delayed(void **state)
+{
+    struct torture_state *s = *state;
+    const char *comp = "zlib@openssh.com";
+    int rc;
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_C_S, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_COMPRESSION_S_C, comp);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    torture_rekey_recv(state);
+}
+#endif /* WITH_SFTP */
+#endif /* WITH_ZLIB */
+
+static void setup_server_for_good_guess(void *state)
+{
+    const char *default_sshd_config = "KexAlgorithms curve25519-sha256";
+    const char *fips_sshd_config = "KexAlgorithms ecdh-sha2-nistp256";
+    const char *sshd_config = default_sshd_config;
+
+    if (ssh_fips_mode()) {
+        sshd_config = fips_sshd_config;
+    }
+    /* This sets an only supported kex algorithm that we do not have as a first
+    * option */
+    torture_update_sshd_config(state, sshd_config);
+}
+
+static void torture_rekey_guess_send(void **state)
+{
+    struct torture_state *s = *state;
+
+    setup_server_for_good_guess(state);
+
+    /* Make the client send the first_kex_packet_follows flag during key
+     * exchange as well as during the rekey */
+    s->ssh.session->send_first_kex_follows = true;
+
+    torture_rekey_send(state);
+}
+
+static void torture_rekey_guess_wrong_send(void **state)
+{
+    struct torture_state *s = *state;
+    const char *sshd_config = "KexAlgorithms diffie-hellman-group14-sha256";
+
+    /* This sets an only supported kex algorithm that we do not have as a first
+     * option */
+    torture_update_sshd_config(state, sshd_config);
+
+    /* Make the client send the first_kex_packet_follows flag during key
+     * exchange as well as during the rekey */
+    s->ssh.session->send_first_kex_follows = true;
+
+    torture_rekey_send(state);
+}
+
+#ifdef WITH_SFTP
+static void torture_rekey_guess_recv(void **state)
+{
+    struct torture_state *s = *state;
+    int rc;
+
+    setup_server_for_good_guess(state);
+
+    /* Make the client send the first_kex_packet_follows flag during key
+     * exchange as well as during the rekey */
+    s->ssh.session->send_first_kex_follows = true;
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_REKEY_DATA, &bytes);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    session_setup_sftp(state);
+
+    torture_rekey_recv(state);
+}
+
+static void torture_rekey_guess_wrong_recv(void **state)
+{
+    struct torture_state *s = *state;
+    const char *sshd_config = "KexAlgorithms diffie-hellman-group14-sha256";
+    int rc;
+
+    /* This sets an only supported kex algorithm that we do not have as a first
+     * option */
+    torture_update_sshd_config(state, sshd_config);
+
+    /* Make the client send the first_kex_packet_follows flag during key
+     * exchange as well as during the rekey */
+    s->ssh.session->send_first_kex_follows = true;
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_REKEY_DATA, &bytes);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    session_setup_sftp(state);
+
+    torture_rekey_recv(state);
+}
+
+static void torture_rekey_guess_all_combinations(void **state)
+{
+    struct torture_state *s = *state;
+    char sshd_config[256] = "";
+    char client_kex[256] = "";
+    const char *supported = NULL;
+    struct ssh_tokens_st *s_tok = NULL;
+    uint64_t rekey_limit = 0;
+    int rc, i, j;
+
+    /* The rekey limit is 1/2 of the transferred file size so we will likely get
+     * 2 rekeys per test, which still runs for acceptable time */
+    rekey_limit = atoll(SSH_EXECUTABLE_SIZE);
+    rekey_limit /= 2;
+
+    if (ssh_fips_mode()) {
+        supported = ssh_kex_get_fips_methods(SSH_KEX);
+    } else {
+        supported = ssh_kex_get_supported_method(SSH_KEX);
+    }
+    assert_non_null(supported);
+
+    s_tok = ssh_tokenize(supported, ',');
+    assert_non_null(s_tok);
+    for (i = 0; s_tok->tokens[i]; i++) {
+        /* Skip algorithms not supported by the OpenSSH server */
+        if (strstr(OPENSSH_KEX, s_tok->tokens[i]) == NULL) {
+            SSH_LOG(SSH_LOG_INFO, "Server: %s [skipping]", s_tok->tokens[i]);
+            continue;
+        }
+        SSH_LOG(SSH_LOG_INFO, "Server: %s", s_tok->tokens[i]);
+        snprintf(sshd_config,
+                 sizeof(sshd_config),
+                 "KexAlgorithms %s",
+                 s_tok->tokens[i]);
+        /* This sets an only supported kex algorithm that we do not have as
+         * a first option in the client */
+        torture_update_sshd_config(state, sshd_config);
+
+        for (j = 0; s_tok->tokens[j]; j++) {
+            if (i == j) {
+                continue;
+            }
+
+            session_setup(state);
+            /* Make the client send the first_kex_packet_follows flag during key
+             * exchange as well as during the rekey */
+            s->ssh.session->send_first_kex_follows = true;
+
+            rc = ssh_options_set(s->ssh.session,
+                                 SSH_OPTIONS_REKEY_DATA,
+                                 &rekey_limit);
+            assert_ssh_return_code(s->ssh.session, rc);
+
+            /* Client kex preference will have the second of the pair and the
+             * server one as a second to negotiate on the second attempt */
+            snprintf(client_kex,
+                     sizeof(client_kex),
+                     "%s,%s",
+                     s_tok->tokens[j],
+                     s_tok->tokens[i]);
+            SSH_LOG(SSH_LOG_INFO, "Client: %s", client_kex);
+            rc = ssh_options_set(s->ssh.session,
+                                 SSH_OPTIONS_KEY_EXCHANGE,
+                                 client_kex);
+            assert_ssh_return_code(s->ssh.session, rc);
+            session_setup_sftp(state);
+            torture_rekey_recv_size(state, rekey_limit);
+            session_teardown(state);
+        }
+    }
+
+    ssh_tokens_free(s_tok);
+}
+#endif /* WITH_SFTP */
 
 int torture_run_tests(void) {
     int rc;
@@ -691,19 +946,55 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_rekey_different_kex,
                                         session_setup,
                                         session_teardown),
-        /* Note, that this modifies the sshd_config */
+#ifdef WITH_ZLIB
+#if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 4) || OPENSSH_VERSION_MAJOR < 7
+        cmocka_unit_test_setup_teardown(torture_rekey_send_compression,
+                                        session_setup,
+                                        session_teardown),
+#ifdef WITH_SFTP
+        cmocka_unit_test_setup_teardown(torture_rekey_recv_compression,
+                                        session_setup_sftp_client,
+                                        session_teardown),
+#endif /* WITH_SFTP */
+#endif
+        cmocka_unit_test_setup_teardown(torture_rekey_send_compression_delayed,
+                                        session_setup,
+                                        session_teardown),
+#ifdef WITH_SFTP
+        cmocka_unit_test_setup_teardown(torture_rekey_recv_compression_delayed,
+                                        session_setup_sftp_client,
+                                        session_teardown),
+#endif /* WITH_SFTP */
+#endif /* WITH_ZLIB */
+        /* TODO verify the two rekey are possible and the states are not broken after rekey */
+
+        cmocka_unit_test_setup_teardown(torture_rekey_server_different_kex,
+                                        session_setup,
+                                        session_teardown),
+        /* Note, that these tests modify the sshd_config so follow-up tests
+         * might get unexpected behavior if they do not update the server with
+         * torture_update_sshd_config() too */
         cmocka_unit_test_setup_teardown(torture_rekey_server_send,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_rekey_guess_send,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_rekey_guess_wrong_send,
+                                        session_setup,
+                                        session_teardown),
 #ifdef WITH_SFTP
         cmocka_unit_test_setup_teardown(torture_rekey_server_recv,
                                         session_setup_sftp_server,
                                         session_teardown),
-#endif /* WITH_SFTP */
-        cmocka_unit_test_setup_teardown(torture_rekey_server_different_kex,
+        cmocka_unit_test_setup_teardown(torture_rekey_guess_recv,
                                         session_setup,
                                         session_teardown),
-        /* TODO verify the two rekey are possible and the states are not broken after rekey */
+        cmocka_unit_test_setup_teardown(torture_rekey_guess_wrong_recv,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test(torture_rekey_guess_all_combinations),
+#endif /* WITH_SFTP */
     };
 
     ssh_init();
diff --git a/libssh/tests/client/torture_request_pty_modes.c b/libssh/tests/client/torture_request_pty_modes.c
new file mode 100755
index 00000000..16d9b19c
--- /dev/null
+++ b/libssh/tests/client/torture_request_pty_modes.c
@@ -0,0 +1,264 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2013 by Andreas Schneider <asn@cryptomilk.org>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include <libssh/libssh.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <errno.h>
+#include <termios.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <pty.h>
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+
+    return 0;
+}
+
+static int sshd_teardown(void **state) {
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+/* reads from the channel, expecting the given output */
+static int check_channel_output(ssh_channel c, const char *expected)
+{
+    char buffer[4096] = {0};
+    int nbytes, offset = 0;
+
+    nbytes = ssh_channel_read(c, buffer, sizeof(buffer) - 1, 0);
+    while (nbytes > 0) {
+        buffer[offset + nbytes] = '\0';
+        ssh_log_hexdump("Read bytes:",
+                        (unsigned char *)buffer,
+                        offset + nbytes);
+        if (strstr(buffer, expected) != NULL)
+        {
+            return 1;
+        }
+        /* read on */
+        offset = nbytes;
+        nbytes = ssh_channel_read(c,
+                                  buffer + offset,
+                                  sizeof(buffer) - offset - 1,
+                                  0);
+    }
+    return 0;
+}
+
+/* set explicit TTY modes and validate that the server uses them */
+static void torture_request_pty_modes_translate_ocrnl(void **state)
+{
+    const unsigned char modes[] = {
+        /* enable OCRNL */
+        73, 0, 0, 0, 1,
+        /* disable all other CR/NL handling */
+        34, 0, 0, 0, 0,
+        35, 0, 0, 0, 0,
+        36, 0, 0, 0, 0,
+        72, 0, 0, 0, 0,
+        74, 0, 0, 0, 0,
+        75, 0, 0, 0, 0,
+        0, /* TTY_OP_END */
+    };
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel c;
+    int rc;
+    int string_found = 0;
+
+    c = ssh_channel_new(session);
+    assert_non_null(c);
+
+    rc = ssh_channel_open_session(c);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_request_pty_size_modes(c, "xterm", 80, 25, modes, sizeof(modes));
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_request_exec(c, "/bin/echo -e '>TEST\\r\\n<'");
+    assert_ssh_return_code(session, rc);
+
+    /* expect 2 newline characters */
+    string_found = check_channel_output(c, ">TEST\n\n<");
+    assert_int_equal(string_found, 1);
+
+    ssh_channel_close(c);
+}
+
+/* if stdin is a TTY, its modes are passed to the server */
+static void torture_request_pty_modes_use_stdin_modes(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel c;
+    int rc;
+    int string_found = 0;
+    struct termios modes;
+    int stdin_backup_fd = -1;
+    int master_fd, slave_fd;
+
+    c = ssh_channel_new(session);
+    assert_non_null(c);
+
+    rc = ssh_channel_open_session(c);
+    assert_ssh_return_code(session, rc);
+
+    /* stdin must be a TTY, so open one and replace the FD */
+    stdin_backup_fd = dup(STDIN_FILENO);
+    rc = openpty(&master_fd, &slave_fd, NULL, NULL, NULL);
+    assert_int_equal(rc, 0);
+    dup2(master_fd, STDIN_FILENO);
+    assert_true(isatty(STDIN_FILENO));
+    /* translate NL to CRNL on output to see a noticeable effect */
+    memset(&modes, 0, sizeof(modes));
+    tcgetattr(STDIN_FILENO, &modes);
+    modes.c_oflag |= ONLCR;
+    modes.c_iflag &= ~(ICRNL | INLCR | IGNCR);
+    tcsetattr(STDIN_FILENO, TCSANOW, &modes);
+
+    rc = ssh_channel_request_pty_size(c, "xterm", 80, 25);
+
+    /* revert the changes to STDIN first! */
+    dup2(stdin_backup_fd, STDIN_FILENO);
+    close(stdin_backup_fd);
+    close(master_fd);
+    close(slave_fd);
+
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_request_exec(c, "/bin/echo -e '>TEST\\r\\n<'");
+    assert_ssh_return_code(session, rc);
+
+    /* expect 2 carriage return characters + newline */
+    string_found = check_channel_output(c, ">TEST\r\r\n<");
+    assert_int_equal(string_found, 1);
+
+    ssh_channel_close(c);
+}
+
+/* if stdin is NOT a TTY, default modes are passed to the server */
+static void torture_request_pty_modes_use_default_modes(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel c;
+    int rc;
+    int string_found = 0;
+    int stdin_backup_fd = -1;
+
+    c = ssh_channel_new(session);
+    assert_non_null(c);
+
+    rc = ssh_channel_open_session(c);
+    assert_ssh_return_code(session, rc);
+
+    /* stdin must not a TTY - change the FD to something else */
+    stdin_backup_fd = dup(STDIN_FILENO);
+    close(STDIN_FILENO);
+    rc = open("/dev/null", O_RDONLY); // reuses FD 0 now
+    assert_int_equal(rc, STDIN_FILENO);
+    assert_false(isatty(STDIN_FILENO));
+
+    rc = ssh_channel_request_pty_size(c, "xterm", 80, 25);
+
+    /* revert the changes to STDIN first! */
+    dup2(stdin_backup_fd, STDIN_FILENO);
+    close(stdin_backup_fd);
+
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_request_exec(c, "/bin/echo -e '>TEST\\r\\n<'");
+    assert_ssh_return_code(session, rc);
+
+    /* expect the CRLF translated to newline */
+    string_found = check_channel_output(c, ">TEST\r\r\n<");
+    assert_int_equal(string_found, 1);
+
+    ssh_channel_close(c);
+}
+
+int torture_run_tests(void) {
+    int rc;
+
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_request_pty_modes_translate_ocrnl,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_request_pty_modes_use_stdin_modes,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_request_pty_modes_use_default_modes,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+
+    ssh_finalize();
+    return rc;
+}
+
diff --git a/libssh/tests/client/torture_session.c b/libssh/tests/client/torture_session.c
index 27e8fc86..cc83578f 100644
--- a/libssh/tests/client/torture_session.c
+++ b/libssh/tests/client/torture_session.c
@@ -218,6 +218,39 @@ static void torture_max_sessions(void **state)
 #undef MAX_CHANNELS
 }
 
+static void torture_no_more_sessions(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channels[2];
+    int rc;
+
+    /* Open a channel session */
+    channels[0] = ssh_channel_new(session);
+    assert_non_null(channels[0]);
+
+    rc = ssh_channel_open_session(channels[0]);
+    assert_ssh_return_code(session, rc);
+
+    /* Send no-more-sessions@openssh.com global request */
+    rc = ssh_request_no_more_sessions(session);
+    assert_ssh_return_code(session, rc);
+
+    /* Try to open an extra session and expect failure */
+    channels[1] = ssh_channel_new(session);
+    assert_non_null(channels[1]);
+
+    rc = ssh_channel_open_session(channels[1]);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* Free the unused channel */
+    ssh_channel_free(channels[1]);
+
+    /* Close and free open channel */
+    ssh_channel_close(channels[0]);
+    ssh_channel_free(channels[0]);
+}
+
 static void torture_channel_delayed_close(void **state)
 {
     struct torture_state *s = *state;
@@ -295,7 +328,7 @@ static void torture_freed_channel_poll_timeout(void **state)
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     ssh_channel channel;
-
+    bool channel_freed = false;
     char request[256];
     char buff[256] = {0};
     int rc;
@@ -318,10 +351,19 @@ static void torture_freed_channel_poll_timeout(void **state)
     } while(rc > 0);
     assert_ssh_return_code(session, rc);
 
+    /* when either of these conditions is met the call to ssh_channel_free will
+     * actually free the channel so calling poll on that channel will be
+     * use-after-free */
+    if ((channel->flags & SSH_CHANNEL_FLAG_CLOSED_REMOTE) ||
+        (channel->flags & SSH_CHANNEL_FLAG_NOT_BOUND)) {
+        channel_freed = true;
+    }
     ssh_channel_free(channel);
 
-    rc = ssh_channel_poll_timeout(channel, 500, 0);
-    assert_int_equal(rc, SSH_ERROR);
+    if (!channel_freed) {
+        rc = ssh_channel_poll_timeout(channel, 500, 0);
+        assert_int_equal(rc, SSH_ERROR);
+    }
 }
 
 /* Ensure that calling 'ssh_channel_read_nonblocking' on a freed channel does
@@ -355,6 +397,71 @@ static void torture_freed_channel_read_nonblocking(void **state)
     assert_ssh_return_code_equal(session, rc, SSH_ERROR);
 }
 
+static void torture_channel_exit_status(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel = NULL;
+    char request[256];
+    uint32_t exit_status = (uint32_t)-1;
+    int rc;
+
+    rc = snprintf(request, sizeof(request), "true");
+    assert_return_code(rc, errno);
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    rc = ssh_channel_open_session(channel);
+    assert_ssh_return_code(session, rc);
+
+    /* Make the request, read parts with close */
+    rc = ssh_channel_request_exec(channel, request);
+    assert_ssh_return_code(session, rc);
+
+    exit_status = ssh_channel_get_exit_state(channel, &exit_status, NULL, NULL);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(exit_status, 0);
+}
+
+static void torture_channel_exit_signal(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel = NULL;
+    char request[256];
+    uint32_t exit_status = (uint32_t)-1;
+    char *exit_signal = NULL;
+    int core_dumped = false;
+    int rc;
+
+    rc = snprintf(request, sizeof(request), "cat");
+    assert_return_code(rc, errno);
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    rc = ssh_channel_open_session(channel);
+    assert_ssh_return_code(session, rc);
+
+    /* Make the request, read parts with close */
+    rc = ssh_channel_request_exec(channel, request);
+    assert_ssh_return_code(session, rc);
+    rc = ssh_channel_request_send_signal(channel, "TERM");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_channel_get_exit_state(channel,
+                                    &exit_status,
+                                    &exit_signal,
+                                    &core_dumped);
+
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(exit_status, (uint32_t)-1);
+    assert_string_equal(exit_signal, "TERM");
+    SAFE_FREE(exit_signal);
+}
+
+
 /* Ensure that calling 'ssh_channel_get_exit_status' on a freed channel does not
  * lead to segmentation faults. */
 static void torture_freed_channel_get_exit_status(void **state)
@@ -362,7 +469,7 @@ static void torture_freed_channel_get_exit_status(void **state)
     struct torture_state *s = *state;
     ssh_session session = s->ssh.session;
     ssh_channel channel;
-
+    bool channel_freed = false;
     char request[256];
     char buff[256] = {0};
     int rc;
@@ -385,12 +492,101 @@ static void torture_freed_channel_get_exit_status(void **state)
     } while(rc > 0);
     assert_ssh_return_code(session, rc);
 
+    /* when either of these conditions is met the call to ssh_channel_free will
+     * actually free the channel so calling poll on that channel will be
+     * use-after-free */
+    if ((channel->flags & SSH_CHANNEL_FLAG_CLOSED_REMOTE) ||
+        (channel->flags & SSH_CHANNEL_FLAG_NOT_BOUND)) {
+        channel_freed = true;
+    }
+    SSH_CHANNEL_FREE(channel);
+
+    if (!channel_freed) {
+        rc = ssh_channel_get_exit_status(channel);
+        assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+    }
+}
+
+static void
+torture_channel_read_stderr(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    ssh_channel channel;
+    int rc;
+
+    channel = ssh_channel_new(session);
+    assert_non_null(channel);
+
+    rc = ssh_channel_open_session(channel);
+    assert_ssh_return_code(session, rc);
+
+    /* This writes to standard error "pipe" */
+    rc = ssh_channel_request_exec(channel, "echo -n ABCD >&2");
+    assert_ssh_return_code(session, rc);
+
+    /* No data in stdout */
+    rc = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
+    assert_int_equal(rc, 0);
+
+    /* poll should say how much we can read */
+    rc = ssh_channel_poll(channel, 1);
+    assert_int_equal(rc, strlen("ABCD"));
+
+    /* Everything in stderr */
+    rc = ssh_channel_read(channel, buffer, sizeof(buffer), 1);
+    assert_int_equal(rc, strlen("ABCD"));
+
+    buffer[rc] = '\0';
+    assert_string_equal("ABCD", buffer);
+
     ssh_channel_free(channel);
+}
 
-    rc = ssh_channel_get_exit_status(channel);
-    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+static void torture_pubkey_hash(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char *hash = NULL;
+    char *hexa = NULL;
+    int rc = 0;
+
+    /* bad arguments */
+    rc = ssh_get_pubkey_hash(session, NULL);
+    assert_int_equal(rc, SSH_ERROR);
+
+    rc = ssh_get_pubkey_hash(NULL, (unsigned char **)&hash);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* deprecated, but should be covered by tests! */
+    rc = ssh_get_pubkey_hash(session, (unsigned char **)&hash);
+    if (ssh_fips_mode()) {
+        /* When in FIPS mode, expect the call to fail */
+        assert_int_equal(rc, SSH_ERROR);
+    } else {
+        assert_int_equal(rc, MD5_DIGEST_LEN);
+
+        hexa = ssh_get_hexa((unsigned char *)hash, rc);
+        SSH_STRING_FREE_CHAR(hash);
+        assert_string_equal(hexa,
+                            "ee:80:7f:61:f9:d5:be:f1:96:86:cc:96:7a:db:7a:7b");
+
+        SSH_STRING_FREE_CHAR(hexa);
+    }
 }
 
+static void torture_openssh_banner_version(void **state)
+{
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+
+    int openssh_version = ssh_get_openssh_version(session);
+    int cmake_openssh_version = SSH_VERSION_INT(OPENSSH_VERSION_MAJOR, OPENSSH_VERSION_MINOR, 0);
+
+    assert_int_equal(openssh_version, cmake_openssh_version);
+}
+
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
@@ -406,6 +602,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_max_sessions,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_no_more_sessions,
+                                        session_setup,
+                                        session_teardown),
         cmocka_unit_test_setup_teardown(torture_channel_delayed_close,
                                         session_setup,
                                         session_teardown),
@@ -418,9 +617,24 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_freed_channel_read_nonblocking,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_channel_exit_status,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_channel_exit_signal,
+                                        session_setup,
+                                        session_teardown),
         cmocka_unit_test_setup_teardown(torture_freed_channel_get_exit_status,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_channel_read_stderr,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_pubkey_hash,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_openssh_banner_version,
+                                        session_setup,
+                                        session_teardown),
     };
 
     ssh_init();
diff --git a/libssh/tests/client/torture_sftp_aio.c b/libssh/tests/client/torture_sftp_aio.c
new file mode 100644
index 00000000..4cbb5793
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_aio.c
@@ -0,0 +1,534 @@
+#define LIBSSH_STATIC
+
+#include "config.h"
+
+#include "torture.h"
+#include "sftp.c"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+
+#define MAX_XFER_BUF_SIZE 16384
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+    return 0;
+}
+
+static int sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void torture_sftp_aio_read_file(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    struct {
+        char *buf;
+        ssize_t bytes_read;
+    } a = {0}, b = {0};
+
+    sftp_file file = NULL;
+    sftp_attributes file_attr = NULL;
+    int fd;
+
+    size_t chunk_size;
+    int in_flight_requests = 20;
+
+    sftp_aio aio = NULL;
+    struct ssh_list *aio_queue = NULL;
+    sftp_limits_t li = NULL;
+
+    size_t file_size;
+    size_t total_bytes_requested;
+    size_t to_read, total_bytes_read;
+    ssize_t bytes_requested;
+
+    int i, rc;
+
+    /* Get the max limit for reading, use it as the chunk size */
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+    chunk_size = li->max_read_length;
+
+    a.buf = calloc(chunk_size, 1);
+    assert_non_null(a.buf);
+
+    b.buf = calloc(chunk_size, 1);
+    assert_non_null(b.buf);
+
+    aio_queue = ssh_list_new();
+    assert_non_null(aio_queue);
+
+    file = sftp_open(t->sftp, SSH_EXECUTABLE, O_RDONLY, 0);
+    assert_non_null(file);
+
+    fd = open(SSH_EXECUTABLE, O_RDONLY, 0);
+    assert_int_not_equal(fd, -1);
+
+    /* Get the file size */
+    file_attr = sftp_stat(t->sftp, SSH_EXECUTABLE);
+    assert_non_null(file_attr);
+    file_size = file_attr->size;
+
+    total_bytes_requested = 0;
+    for (i = 0;
+         i < in_flight_requests && total_bytes_requested < file_size;
+         ++i) {
+        to_read = file_size - total_bytes_requested;
+        if (to_read > chunk_size) {
+            to_read = chunk_size;
+        }
+
+        bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+        assert_int_equal(bytes_requested, to_read);
+        total_bytes_requested += bytes_requested;
+
+        /* enqueue */
+        rc = ssh_list_append(aio_queue, aio);
+        assert_int_equal(rc, SSH_OK);
+    }
+
+    total_bytes_read = 0;
+    while ((aio = ssh_list_pop_head(sftp_aio, aio_queue)) != NULL) {
+        a.bytes_read = sftp_aio_wait_read(&aio, a.buf, chunk_size);
+        assert_int_not_equal(a.bytes_read, SSH_ERROR);
+
+        total_bytes_read += (size_t)a.bytes_read;
+        if (total_bytes_read != file_size) {
+            assert_int_equal((size_t)a.bytes_read, chunk_size);
+            /*
+             * Failure of this assertion means that a short
+             * read is encountered but we have not reached
+             * the end of file yet. A short read before reaching
+             * the end of file should not occur for our test where
+             * the chunk size respects the max limit for reading.
+             */
+        }
+
+        /*
+         * Check whether the bytes read above are bytes
+         * present in the file or some garbage was stored
+         * in the buffer supplied to sftp_aio_wait_read().
+         */
+        b.bytes_read = read(fd, b.buf, a.bytes_read);
+        assert_int_equal(a.bytes_read, b.bytes_read);
+
+        rc = memcmp(a.buf, b.buf, (size_t)a.bytes_read);
+        assert_int_equal(rc, 0);
+
+        /* Issue more read requests if needed */
+        if (total_bytes_requested == file_size) {
+            continue;
+        }
+
+        /* else issue more requests */
+        to_read = file_size - total_bytes_requested;
+        if (to_read > chunk_size) {
+            to_read = chunk_size;
+        }
+
+        bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
+        assert_int_equal(bytes_requested, to_read);
+        total_bytes_requested += bytes_requested;
+
+        /* enqueue */
+        rc = ssh_list_append(aio_queue, aio);
+        assert_int_equal(rc, SSH_OK);
+    }
+
+    /*
+     * Check whether sftp server responds with an
+     * eof for more requests.
+     */
+    bytes_requested = sftp_aio_begin_read(file, chunk_size, &aio);
+    assert_int_equal(bytes_requested, chunk_size);
+
+    a.bytes_read = sftp_aio_wait_read(&aio, a.buf, chunk_size);
+    assert_int_equal(a.bytes_read, 0);
+
+    /* Clean up */
+    sftp_attributes_free(file_attr);
+    close(fd);
+    sftp_close(file);
+    ssh_list_free(aio_queue);
+    free(b.buf);
+    free(a.buf);
+    sftp_limits_free(li);
+}
+
+static void torture_sftp_aio_read_more_than_cap(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    sftp_limits_t li = NULL;
+    sftp_file file = NULL;
+    sftp_aio aio = NULL;
+
+    char *buf = NULL;
+    ssize_t bytes;
+
+    /* Get the max limit for reading */
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+
+    file = sftp_open(t->sftp, SSH_EXECUTABLE, O_RDONLY, 0);
+    assert_non_null(file);
+
+    /* Try reading more than the max limit */
+    bytes = sftp_aio_begin_read(file,
+                                li->max_read_length * 2,
+                                &aio);
+    assert_int_equal(bytes, li->max_read_length);
+
+    buf = calloc(li->max_read_length, 1);
+    assert_non_null(buf);
+
+    bytes = sftp_aio_wait_read(&aio, buf, li->max_read_length);
+    assert_int_not_equal(bytes, SSH_ERROR);
+
+    free(buf);
+    sftp_close(file);
+    sftp_limits_free(li);
+}
+
+static void torture_sftp_aio_write_file(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    char file_path[128] = {0};
+    sftp_file file = NULL;
+    int fd;
+
+    struct {
+        char *buf;
+        ssize_t bytes;
+    } wr = {0}, rd = {0};
+
+    size_t chunk_size;
+    ssize_t bytes_requested;
+    int in_flight_requests = 2;
+
+    sftp_limits_t li = NULL;
+    sftp_aio *aio_queue = NULL;
+    int rc, i;
+
+    /* Get the max limit for writing, use it as the chunk size */
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+    chunk_size = li->max_write_length;
+
+    rd.buf = calloc(chunk_size, 1);
+    assert_non_null(rd.buf);
+
+    wr.buf = calloc(chunk_size, 1);
+    assert_non_null(wr.buf);
+
+    aio_queue = malloc(sizeof(sftp_aio) * in_flight_requests);
+    assert_non_null(aio_queue);
+
+    snprintf(file_path, sizeof(file_path),
+             "%s/libssh_sftp_aio_write_test", t->testdir);
+    file = sftp_open(t->sftp, file_path, O_CREAT | O_WRONLY, 0777);
+    assert_non_null(file);
+
+    fd = open(file_path, O_RDONLY, 0);
+    assert_int_not_equal(fd, -1);
+
+    for (i = 0; i < in_flight_requests; ++i) {
+        bytes_requested = sftp_aio_begin_write(file,
+                                               wr.buf,
+                                               chunk_size,
+                                               &aio_queue[i]);
+        assert_int_equal(bytes_requested, chunk_size);
+    }
+
+    for (i = 0; i < in_flight_requests; ++i) {
+        wr.bytes = sftp_aio_wait_write(&aio_queue[i]);
+        assert_int_equal(wr.bytes, chunk_size);
+
+        /*
+         * Check whether the bytes written to the file
+         * by SFTP AIO write api were the bytes present
+         * in the buffer to write or some garbage was
+         * written to the file.
+         */
+        rd.bytes = read(fd, rd.buf, wr.bytes);
+        assert_int_equal(rd.bytes, wr.bytes);
+
+        rc = memcmp(rd.buf, wr.buf, wr.bytes);
+        assert_int_equal(rc, 0);
+    }
+
+    /* Clean up */
+    close(fd);
+    sftp_close(file);
+    free(aio_queue);
+
+    rc = unlink(file_path);
+    assert_int_equal(rc, 0);
+
+    free(wr.buf);
+    free(rd.buf);
+    sftp_limits_free(li);
+}
+
+static void torture_sftp_aio_write_more_than_cap(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    sftp_limits_t li = NULL;
+    char *buf = NULL;
+    size_t buf_size;
+
+    char file_path[128] = {0};
+    sftp_file file = NULL;
+
+    sftp_aio aio = NULL;
+    ssize_t bytes;
+    int rc;
+
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+
+    buf_size = li->max_write_length * 2;
+    buf = calloc(buf_size, 1);
+    assert_non_null(buf);
+
+    snprintf(file_path, sizeof(file_path),
+             "%s/libssh_sftp_aio_write_test_cap", t->testdir);
+    file = sftp_open(t->sftp, file_path, O_CREAT | O_WRONLY, 0777);
+    assert_non_null(file);
+
+    /* Try writing more than the max limit for writing */
+    bytes = sftp_aio_begin_write(file, buf, buf_size, &aio);
+    assert_int_equal(bytes, li->max_write_length);
+
+    bytes = sftp_aio_wait_write(&aio);
+    assert_int_equal(bytes, li->max_write_length);
+
+    /* Clean up */
+    sftp_close(file);
+
+    rc = unlink(file_path);
+    assert_int_equal(rc, 0);
+
+    free(buf);
+    sftp_limits_free(li);
+}
+
+static void torture_sftp_aio_read_negative(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    char *buf = NULL;
+    sftp_file file = NULL;
+    sftp_aio aio = NULL;
+    sftp_limits_t li = NULL;
+
+    size_t chunk_size;
+    ssize_t bytes;
+    int rc;
+
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+    chunk_size = li->max_read_length;
+
+    buf = calloc(chunk_size, 1);
+    assert_non_null(buf);
+
+    /* Open a file for reading */
+    file = sftp_open(t->sftp, SSH_EXECUTABLE, O_RDONLY, 0);
+    assert_non_null(file);
+
+    /* Passing NULL as the sftp file handle */
+    bytes = sftp_aio_begin_read(NULL, chunk_size, &aio);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing 0 as the number of bytes to read */
+    bytes = sftp_aio_begin_read(file, 0, &aio);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /*
+     * Passing NULL instead of a pointer to a location to
+     * store an aio handle.
+     */
+    bytes = sftp_aio_begin_read(file, chunk_size, NULL);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing NULL instead of a pointer to an aio handle */
+    bytes = sftp_aio_wait_read(NULL, buf, sizeof(buf));
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing NULL as the buffer's address */
+    bytes = sftp_aio_begin_read(file, chunk_size, &aio);
+    assert_int_equal(bytes, chunk_size);
+
+    bytes = sftp_aio_wait_read(&aio, NULL, sizeof(buf));
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing 0 as the buffer size */
+    bytes = sftp_aio_begin_read(file, chunk_size, &aio);
+    assert_int_equal(bytes, chunk_size);
+
+    bytes = sftp_aio_wait_read(&aio, buf, 0);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /*
+     * Test for the scenario when the number
+     * of bytes read exceed the buffer size.
+     */
+    rc = sftp_seek(file, 0); /* Seek to the start of file */
+    assert_int_equal(rc, 0);
+
+    bytes = sftp_aio_begin_read(file, 2, &aio);
+    assert_int_equal(bytes, 2);
+
+    bytes = sftp_aio_wait_read(&aio, buf, 1);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    sftp_close(file);
+    free(buf);
+    sftp_limits_free(li);
+}
+
+static void torture_sftp_aio_write_negative(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    char *buf = NULL;
+
+    char file_path[128] = {0};
+    sftp_file file = NULL;
+    sftp_aio aio = NULL;
+    sftp_limits_t li = NULL;
+
+    size_t chunk_size;
+    ssize_t bytes;
+    int rc;
+
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+    chunk_size = li->max_write_length;
+
+    buf = calloc(chunk_size, 1);
+    assert_non_null(buf);
+
+    /* Open a file for writing */
+    snprintf(file_path, sizeof(file_path),
+             "%s/libssh_sftp_aio_write_test_negative", t->testdir);
+    file = sftp_open(t->sftp, file_path, O_CREAT | O_WRONLY, 0777);
+    assert_non_null(file);
+
+    /* Passing NULL as the sftp file handle */
+    bytes = sftp_aio_begin_write(NULL, buf, chunk_size, &aio);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing NULL as the buffer's address */
+    bytes = sftp_aio_begin_write(file, NULL, chunk_size, &aio);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing 0 as the size of buffer */
+    bytes = sftp_aio_begin_write(file, buf, 0, &aio);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing NULL instead of a pointer to a location to store an aio handle */
+    bytes = sftp_aio_begin_write(file, buf, chunk_size, NULL);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    /* Passing NULL instead of a pointer to an aio handle */
+    bytes = sftp_aio_wait_write(NULL);
+    assert_int_equal(bytes, SSH_ERROR);
+
+    sftp_close(file);
+    rc = unlink(file_path);
+    assert_int_equal(rc, 0);
+
+    free(buf);
+    sftp_limits_free(li);
+}
+
+int torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_aio_read_file,
+                                        session_setup,
+                                        session_teardown),
+
+        cmocka_unit_test_setup_teardown(torture_sftp_aio_read_more_than_cap,
+                                        session_setup,
+                                        session_teardown),
+
+        cmocka_unit_test_setup_teardown(torture_sftp_aio_write_file,
+                                        session_setup,
+                                        session_teardown),
+
+        cmocka_unit_test_setup_teardown(torture_sftp_aio_write_more_than_cap,
+                                        session_setup,
+                                        session_teardown),
+
+        cmocka_unit_test_setup_teardown(torture_sftp_aio_read_negative,
+                                        session_setup,
+                                        session_teardown),
+
+        cmocka_unit_test_setup_teardown(torture_sftp_aio_write_negative,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_expand_path.c b/libssh/tests/client/torture_sftp_expand_path.c
new file mode 100644
index 00000000..85ef0108
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_expand_path.c
@@ -0,0 +1,125 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "sftp.c"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+
+    return 0;
+}
+
+static int sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void torture_sftp_expand_path(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    struct passwd *pwd = NULL;
+    char *expanded_path = NULL;
+    int rc;
+
+    rc = sftp_extension_supported(t->sftp, "expand-path@openssh.com", "1");
+    if (rc == 0) {
+        skip();
+    }
+
+    pwd = getpwnam(TORTURE_SSH_USER_ALICE);
+    assert_non_null(pwd);
+
+    /* testing for a absolute path */
+    expanded_path = sftp_expand_path(t->sftp, "~/.");
+    assert_non_null(expanded_path);
+
+    assert_string_equal(expanded_path, pwd->pw_dir);
+
+    SSH_STRING_FREE_CHAR(expanded_path);
+
+    /* testing for a relative path */
+    expanded_path = sftp_expand_path(t->sftp, ".");
+    assert_non_null(expanded_path);
+
+    assert_string_equal(expanded_path, pwd->pw_dir);
+
+    SSH_STRING_FREE_CHAR(expanded_path);
+
+    /* passing a NULL sftp session */
+    expanded_path = sftp_expand_path(NULL, "~/.");
+    assert_null(expanded_path);
+
+    /* passing an invalid path */
+    expanded_path = sftp_expand_path(t->sftp, "/...//");
+    assert_null(expanded_path);
+
+    /* passing null path */
+    expanded_path = sftp_expand_path(t->sftp, NULL);
+    assert_null(expanded_path);
+}
+
+int torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_expand_path,
+                                        session_setup,
+                                        session_teardown)
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_hardlink.c b/libssh/tests/client/torture_sftp_hardlink.c
new file mode 100644
index 00000000..37963636
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_hardlink.c
@@ -0,0 +1,114 @@
+#define LIBSSH_STATIC
+
+#include "config.h"
+
+#include "torture.h"
+#include "sftp.c"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+    return 0;
+}
+
+static int sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void torture_sftp_hardlink(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    char link_1[128] = {0};
+    char link_2[128] = {0};
+    int fd;
+    int rc;
+
+    snprintf(link_1, sizeof(link_1),
+             "%s/libssh_sftp_hardlink_test_1", t->testdir);
+    snprintf(link_2, sizeof(link_2),
+             "%s/libssh_sftp_hardlink_test_2", t->testdir);
+
+    fd = open(link_1, O_CREAT, S_IRWXU);
+    assert_return_code(fd, errno);
+    close(fd);
+
+    rc = sftp_hardlink(t->sftp, link_1, link_2);
+    assert_int_equal(rc, SSH_OK);
+
+    /* check whether the file got associated with link_2 */ 
+    rc = access(link_2, F_OK);
+    assert_int_equal(rc, 0);
+
+    unlink(link_1);
+    unlink(link_2);
+
+    /*
+     * try to create a hardlink for a file that does not
+     * exist, this should fail
+     */
+    rc = sftp_hardlink(t->sftp, link_1, link_2);
+    assert_int_not_equal(rc, 0);
+}
+
+int torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_hardlink,
+                                        session_setup,
+                                        session_teardown)
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_home_directory.c b/libssh/tests/client/torture_sftp_home_directory.c
new file mode 100644
index 00000000..a2399f02
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_home_directory.c
@@ -0,0 +1,142 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "sftp.c"
+#include "torture.h"
+
+#include <errno.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+static int
+sshd_setup(void **state)
+{
+    /*
+      The SFTP server used for testing is executed as a separate binary, which
+      is making the uid_wrapper lose information about what user is used, and
+      therefore, pwd is initialized to some bad value.
+      If the embedded version using internal-sftp is used in sshd, it works ok.
+     */
+    setenv("TORTURE_SFTP_SERVER", "internal-sftp", 1);
+    torture_setup_sshd_server(state, false);
+    return 0;
+}
+
+static int
+sshd_teardown(void **state)
+{
+    unsetenv("TORTURE_SFTP_SERVER");
+    torture_teardown_sshd_server(state);
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void
+torture_sftp_home_directory(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    struct passwd *pwd = NULL;
+    char *home_path = NULL;
+    int rc;
+
+    rc = sftp_extension_supported(t->sftp, "home-directory", "1");
+    if (!rc) {
+        skip();
+    }
+
+    pwd = getpwnam(TORTURE_SSH_USER_ALICE);
+    assert_non_null(pwd);
+
+    /* testing for NULL sftp session */
+    home_path = sftp_home_directory(NULL, NULL);
+    assert_null(home_path);
+
+    /* testing for ~ */
+    /*
+    home_path = sftp_home_directory(t->sftp, NULL);
+    assert_non_null(home_path);
+    assert_string_equal(home_path, pwd->pw_dir);
+    SSH_STRING_FREE_CHAR(home_path);
+
+    home_path = sftp_home_directory(t->sftp, "");
+    assert_non_null(home_path);
+    assert_string_equal(home_path, pwd->pw_dir);
+    SSH_STRING_FREE_CHAR(home_path);
+    */
+
+    /*
+      OpenSSH code handling this extension does not handle empty string for
+      username. getpwnam() also does not handle empty string.
+      PR in OpenSSH for fix:
+      https://github.com/openssh/openssh-portable/pull/477/
+    */
+
+    /* testing for ~user */
+    home_path = sftp_home_directory(t->sftp, pwd->pw_name);
+    fprintf(stderr,
+            "sftp error: %d, ssh error: %s\n",
+            sftp_get_error(t->sftp),
+            ssh_get_error(t->sftp->session));
+    assert_non_null(home_path);
+    assert_string_equal(home_path, pwd->pw_dir);
+    SSH_STRING_FREE_CHAR(home_path);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_home_directory,
+                                        session_setup,
+                                        session_teardown)};
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_limits.c b/libssh/tests/client/torture_sftp_limits.c
new file mode 100644
index 00000000..07ef9928
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_limits.c
@@ -0,0 +1,177 @@
+#define LIBSSH_STATIC
+
+#include "config.h"
+
+#include "torture.h"
+#include "sftp.c"
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <pwd.h>
+#include <errno.h>
+
+#if HAVE_VALGRIND_VALGRIND_H
+ #include <valgrind/valgrind.h>
+#endif
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+    return 0;
+}
+
+static int sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void torture_sftp_limits(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    sftp_limits_t li = NULL;
+    int rc;
+
+    li = sftp_limits(t->sftp);
+    assert_non_null(li);
+
+    rc = sftp_extension_supported(t->sftp, "limits@openssh.com", "1");
+    if (rc == 1) {
+        /*
+         * Tests are run against the OpenSSH server, hence we check for the
+         * specific limits used by OpenSSH.
+         */
+        uint64_t openssh_max_packet_length = 256 * 1024;
+        uint64_t openssh_max_read_length = openssh_max_packet_length - 1024;
+        uint64_t openssh_max_write_length = openssh_max_packet_length - 1024;
+        size_t vg = 0;
+
+        assert_int_equal(li->max_packet_length, openssh_max_packet_length);
+        assert_int_equal(li->max_read_length, openssh_max_read_length);
+        assert_int_equal(li->max_write_length, openssh_max_write_length);
+
+        /*
+         * fds - File descriptors, w.r.to - With respect to
+         *
+         * Valgrind reserves some fds for itself and changes the rlimits
+         * w.r.to fds for the process its inspecting. Due to this reservation
+         * the rlimits w.r.to fds for our test may not be the same as the
+         * rlimits w.r.to fds seen by OpenSSH server (which Valgrind isn't
+         * inspecting).
+         *
+         * Valgrind changes the limits in such a way that after seeing the
+         * changed limits, the test cannot predict the original unchanged
+         * limits (which OpenSSH would be using). Hence, the test cannot
+         * determine the correct value of "max_open_handles" that the OpenSSH
+         * server should've sent.
+         *
+         * So if Valgrind is running our test, we don't provide any kind of
+         * check for max_open_handles. Check for >= 0 is also not provided in
+         * this case since that's always true for an uint64_t (an unsigned type)
+         */
+#if HAVE_VALGRIND_VALGRIND_H
+        vg = RUNNING_ON_VALGRIND;
+#endif
+
+        if (vg == 0) {
+            struct rlimit rlim = {0};
+            uint64_t openssh_max_open_handles = 0;
+
+            /*
+             * Get the resource limit for max file descriptors that a process
+             * can open. Since the client and the server run on the same machine
+             * in case of tests, this limit should be same for both (except the
+             * case when Valgrind runs the test)
+             */
+            rc = getrlimit(RLIMIT_NOFILE, &rlim);
+            assert_int_equal(rc, 0);
+            if (rlim.rlim_cur > 5) {
+                /*
+                 * Leaving file handles for stdout, stdin, stderr, syslog and
+                 * a spare file handle, OpenSSH server allows the client to open
+                 * at max (rlim.rlim_cur - 5) handles.
+                 */
+                openssh_max_open_handles = rlim.rlim_cur - 5;
+            }
+
+            assert_int_equal(li->max_open_handles, openssh_max_open_handles);
+        }
+    } else {
+        /* Check for the default limits */
+        assert_int_equal(li->max_packet_length, 34000);
+        assert_int_equal(li->max_read_length, 32768);
+        assert_int_equal(li->max_write_length, 32768);
+        assert_int_equal(li->max_open_handles, 0);
+    }
+
+    sftp_limits_free(li);
+}
+
+static void torture_sftp_limits_negative(void **state)
+{
+    sftp_limits_t li = NULL;
+
+    (void)state;
+    li = sftp_limits(NULL);
+    assert_null(li);
+}
+
+int torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_limits,
+                                        session_setup,
+                                        session_teardown),
+
+        cmocka_unit_test_setup_teardown(torture_sftp_limits_negative,
+                                        session_setup,
+                                        session_teardown)
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_packet_read.c b/libssh/tests/client/torture_sftp_packet_read.c
new file mode 100644
index 00000000..4eaba301
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_packet_read.c
@@ -0,0 +1,118 @@
+/*
+ * This is a regression test to make sure that sftp_read_packet times out
+ * properly in blocking mode
+ */
+
+#define LIBSSH_STATIC
+
+#include "config.h"
+
+#include "sftp.c"
+#include "torture.h"
+
+#include <errno.h>
+#include <libssh/socket.h>
+#include <pwd.h>
+#include <sys/types.h>
+
+static int
+sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+
+    return 0;
+}
+
+static int
+sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void
+torture_sftp_packet_read(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    sftp_packet packet = NULL;
+
+    int fds[2];
+    int rc;
+
+    /* creating blocking fd is the default pipe behaviour */
+    rc = pipe(fds);
+    assert_return_code(rc, errno);
+
+    t->ssh->opts.timeout = 1;
+    ssh_socket_set_fd(t->ssh->socket, fds[0]);
+
+    /*
+     * Making sure that the sftp_packet_read function times out and returns
+     * NULL.
+     */
+    packet = sftp_packet_read(t->sftp);
+    assert_null(packet);
+
+    close(fds[0]);
+    close(fds[1]);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_packet_read,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_rename.c b/libssh/tests/client/torture_sftp_rename.c
new file mode 100644
index 00000000..c2d11a31
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_rename.c
@@ -0,0 +1,120 @@
+#define LIBSSH_STATIC
+
+#include "config.h"
+
+#include "torture.h"
+#include "sftp.c"
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <errno.h>
+
+static int sshd_setup(void **state)
+{
+    torture_setup_sshd_server(state, false);
+    return 0;
+}
+
+static int sshd_teardown(void **state)
+{
+    torture_teardown_sshd_server(state);
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct torture_state *s = *state;
+    struct passwd *pwd = NULL;
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+static void torture_sftp_rename(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+
+    char name_1[128] = {0};
+    char name_2[128] = {0};
+
+    int fd;
+    int rc;
+
+    snprintf(name_1, sizeof(name_1),
+             "%s/libssh_sftp_rename_test_1", t->testdir);
+    snprintf(name_2, sizeof(name_2),
+             "%s/libssh_sftp_rename_test_2", t->testdir);
+
+    fd = open(name_1, O_CREAT, S_IRWXU);
+    assert_return_code(fd, errno);
+    close(fd);
+
+    /* try to rename an existing file */
+    rc = sftp_rename(t->sftp, name_1, name_2);
+    assert_int_equal(rc, SSH_OK);
+
+    /* check whether any file with name_1 exists, it shouldn't */
+    rc = access(name_1, F_OK);
+    assert_int_not_equal(rc, 0);
+
+    /* check whether file with name_2 exists, it should */
+    rc = access(name_2, F_OK);
+    assert_int_equal(rc, 0);
+
+    unlink(name_2);
+
+    /*
+     * try to rename a file that does not exist,
+     * this should fail (-ve test case)
+     */
+    rc = sftp_rename(t->sftp, name_1, name_2);
+    assert_int_not_equal(rc, 0);
+}
+
+
+int torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_rename,
+                                        session_setup,
+                                        session_teardown)
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/client/torture_sftp_setstat.c b/libssh/tests/client/torture_sftp_setstat.c
new file mode 100644
index 00000000..736e47c1
--- /dev/null
+++ b/libssh/tests/client/torture_sftp_setstat.c
@@ -0,0 +1,382 @@
+#define LIBSSH_STATIC
+
+#include "config.h"
+
+#include "libssh/sftp.h"
+#include "sftp.c"
+#include "torture.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+static int
+sshd_setup(void **state)
+{
+    /*
+     * The OpenSSH invokes the sftp server command with execve(), which does
+     * not inherit the environment variables (including LD_PRELOAD, which
+     * is needed for the fs_wrapper). Using `internal-sftp` works around this,
+     * keeping the old environment around.
+     */
+    setenv("TORTURE_SFTP_SERVER", "internal-sftp", 1);
+
+    torture_setup_sshd_server(state, false);
+    return 0;
+}
+
+static int
+sshd_teardown(void **state)
+{
+    unsetenv("TORTURE_SFTP_SERVER");
+    torture_teardown_sshd_server(state);
+    return 0;
+}
+
+static int
+session_setup_setstat(void **state)
+{
+
+    struct torture_state *s = *state;
+    struct torture_sftp *t = NULL;
+    struct passwd *pwd = NULL;
+    static char name[128] = {0};
+    const char *test_1 = "l&setstat_test\n";
+    int rc;
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    t = s->ssh.tsftp;
+
+    snprintf(name, sizeof(name), "%s/libssh_sftp_setstat_test", t->testdir);
+    torture_write_file(name, test_1);
+    s->private_data = name;
+
+    return 0;
+}
+
+static int
+session_setup_lsetstat(void **state)
+{
+
+    struct torture_state *s = *state;
+    struct torture_sftp *t = NULL;
+    struct passwd *pwd = NULL;
+    static char path[128] = {0};
+    const char *test_1 = "lsetstat_test_1\n";
+    int rc;
+
+    char tmp_file[128] = {0};
+
+    pwd = getpwnam("bob");
+    assert_non_null(pwd);
+
+    rc = setuid(pwd->pw_uid);
+    assert_return_code(rc, errno);
+
+    s->ssh.session = torture_ssh_session(s,
+                                         TORTURE_SSH_SERVER,
+                                         NULL,
+                                         TORTURE_SSH_USER_ALICE,
+                                         NULL);
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = torture_sftp_session(s->ssh.session);
+    assert_non_null(s->ssh.tsftp);
+
+    t = s->ssh.tsftp;
+
+    rc = sftp_extension_supported(t->sftp, "lsetstat@openssh.com", "1");
+    if (rc == 0) {
+        skip();
+    }
+
+    snprintf(tmp_file, sizeof(tmp_file), "%s/newfile", t->testdir);
+    torture_write_file(tmp_file, test_1);
+
+    snprintf(path, sizeof(path), "%s/linkname", t->testdir);
+    rc = symlink(tmp_file, path);
+    assert_int_equal(rc, SSH_OK);
+    s->private_data = path;
+
+    return 0;
+}
+static int
+session_teardown(void **state)
+{
+    struct torture_state *s = *state;
+
+    torture_rmdirs(s->ssh.tsftp->testdir);
+    torture_sftp_close(s->ssh.tsftp);
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    return 0;
+}
+
+/*setstat tests*/
+static void
+torture_sftp_setstat_chown(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    struct sftp_attributes_struct attr;
+    struct passwd *pwd = NULL;
+    sftp_attributes tmp_attr = NULL;
+    const char *name = (char *)s->private_data;
+    int rc;
+
+    ZERO_STRUCT(attr);
+
+    pwd = getpwnam("alice");
+    assert_non_null(pwd);
+
+    attr.uid = pwd->pw_uid;
+    attr.gid = pwd->pw_gid;
+    attr.flags = SSH_FILEXFER_ATTR_UIDGID;
+
+    rc = sftp_setstat(t->sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+    tmp_attr = sftp_stat(t->sftp, name);
+    assert_non_null(tmp_attr);
+    assert_int_equal(tmp_attr->uid, pwd->pw_uid);
+    assert_int_equal(tmp_attr->gid, pwd->pw_gid);
+    sftp_attributes_free(tmp_attr);
+}
+
+static void
+torture_sftp_setstat_size(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    int rc;
+    size_t len = 30;
+    struct sftp_attributes_struct attr;
+    struct stat sb;
+    const char *name = (char *)s->private_data;
+
+    ZERO_STRUCT(attr);
+    attr.flags = SSH_FILEXFER_ATTR_SIZE;
+    attr.size = len;
+    rc = sftp_setstat(t->sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = stat(name, &sb);
+    assert_int_equal(rc, SSH_OK);
+
+    assert_int_equal(len, sb.st_size);
+}
+
+static void
+torture_sftp_setstat_chmod(void **state)
+{
+    mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP;
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    int rc;
+    struct sftp_attributes_struct attr;
+    struct stat sb;
+    const char *name = (char *)s->private_data;
+
+    ZERO_STRUCT(attr);
+
+    attr.flags = SSH_FILEXFER_ATTR_PERMISSIONS;
+    attr.permissions = mode;
+
+    rc = sftp_setstat(t->sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = stat(name, &sb);
+    assert_int_equal(rc, SSH_OK);
+
+    assert_int_equal(sb.st_mode & ACCESSPERMS, mode);
+}
+
+static void
+torture_sftp_setstat_utimes(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    int rc;
+    struct sftp_attributes_struct attr;
+    struct stat sb;
+    int atime = 10676, mtime = 13467;
+    const char *name = (char *)s->private_data;
+
+    ZERO_STRUCT(attr);
+
+    attr.flags = SSH_FILEXFER_ATTR_ACMODTIME;
+    attr.mtime = mtime;
+    attr.atime = atime;
+
+    rc = sftp_setstat(t->sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = stat(name, &sb);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(sb.st_mtime, mtime);
+    assert_int_equal(sb.st_atime, atime);
+}
+
+static void
+torture_sftp_setstat_negative(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    const char *name = (char *)s->private_data;
+    int rc;
+    struct sftp_attributes_struct attr;
+
+    ZERO_STRUCT(attr);
+
+    attr.flags = SSH_FILEXFER_ATTR_ACMODTIME | SSH_FILEXFER_ATTR_UIDGID |
+                 SSH_FILEXFER_ATTR_PERMISSIONS | SSH_FILEXFER_ATTR_SIZE;
+
+    /* testing null sftp */
+    rc = sftp_setstat(NULL, name, &attr);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* testing non-existing file */
+    rc = sftp_setstat(t->sftp, "not existing", &attr);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* testing null attributes */
+    rc = sftp_setstat(t->sftp, name, NULL);
+    assert_int_equal(rc, SSH_ERROR);
+}
+
+/*lsetstat tests*/
+static void
+torture_sftp_lsetstat_chown(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    struct passwd *pwd = NULL;
+    const char *name = (char *)s->private_data;
+    int rc;
+    struct sftp_attributes_struct attr;
+    sftp_attributes tmp_attr = NULL;
+
+    ZERO_STRUCT(attr);
+
+    pwd = getpwnam("alice");
+    assert_non_null(pwd);
+
+    attr.flags = SSH_FILEXFER_ATTR_UIDGID;
+    attr.uid = pwd->pw_uid;
+    attr.gid = pwd->pw_gid;
+    rc = sftp_lsetstat(t->sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+
+    tmp_attr = sftp_lstat(t->sftp, name);
+    assert_non_null(tmp_attr);
+    assert_int_equal(tmp_attr->uid, pwd->pw_uid);
+    assert_int_equal(tmp_attr->gid, pwd->pw_gid);
+    sftp_attributes_free(tmp_attr);
+}
+
+static void
+torture_sftp_lsetstat_utimes(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    const char *name = (char *)s->private_data;
+    int rc;
+    struct sftp_attributes_struct attr;
+    struct stat sb;
+    int atime = 10676, mtime = 13467;
+
+    ZERO_STRUCT(attr);
+
+    attr.flags = SSH_FILEXFER_ATTR_ACMODTIME;
+    attr.mtime = mtime;
+    attr.atime = atime;
+
+    rc = sftp_lsetstat(t->sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = lstat(name, &sb);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(sb.st_mtime, mtime);
+    assert_int_equal(sb.st_atime, atime);
+}
+
+static void
+torture_sftp_lsetstat_negative(void **state)
+{
+    struct torture_state *s = *state;
+    struct torture_sftp *t = s->ssh.tsftp;
+    const char *name = (char *)s->private_data;
+    int rc;
+    struct sftp_attributes_struct attr;
+
+    ZERO_STRUCT(attr);
+
+    attr.flags = SSH_FILEXFER_ATTR_ACMODTIME | SSH_FILEXFER_ATTR_UIDGID;
+
+    /* testing non-existing file */
+    rc = sftp_lsetstat(t->sftp, "not existing", &attr);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* testing null attributes */
+    rc = sftp_lsetstat(t->sftp, name, NULL);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* testing null sftp */
+    rc = sftp_lsetstat(NULL, name, &attr);
+    assert_int_equal(rc, SSH_ERROR);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_sftp_setstat_chown,
+                                        session_setup_setstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_setstat_chmod,
+                                        session_setup_setstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_setstat_utimes,
+                                        session_setup_setstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_setstat_size,
+                                        session_setup_setstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_setstat_negative,
+                                        session_setup_setstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_lsetstat_utimes,
+                                        session_setup_lsetstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_lsetstat_chown,
+                                        session_setup_lsetstat,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_sftp_lsetstat_negative,
+                                        session_setup_lsetstat,
+                                        session_teardown)};
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
+    ssh_finalize();
+    return rc;
+}
diff --git a/libssh/tests/ctest-default.cmake b/libssh/tests/ctest-default.cmake
index dbf53e30..51bbebab 100644
--- a/libssh/tests/ctest-default.cmake
+++ b/libssh/tests/ctest-default.cmake
@@ -17,16 +17,16 @@ set(CTEST_BUILD_OPTIONS "-DUNIT_TESTING=ON -WITH_SFTP=ON -DWITH_SERVER=ON -DWITH
 
 #set(CTEST_CUSTOM_MEMCHECK_IGNORE torture_rand)
 
-## The Model to set: Nightly, Continous, Experimental
+## The Model to set: Nightly, Continuous, Experimental
 set(CTEST_MODEL "Experimental")
 
 ## The branch
 #set(CTEST_GIT_BRANCH "--branch v0-5")
 
-## Wether to enable memory checking.
+## Whether to enable memory checking.
 set(WITH_MEMCHECK FALSE)
 
-## Wether to enable code coverage.
+## Whether to enable code coverage.
 set(WITH_COVERAGE FALSE)
 
 #######################################################################
diff --git a/libssh/tests/etc/hosts.in b/libssh/tests/etc/hosts.in
index 2ab69799..3c0b0142 100644
--- a/libssh/tests/etc/hosts.in
+++ b/libssh/tests/etc/hosts.in
@@ -1,2 +1,7 @@
 127.0.0.10  server.libssh.site
 127.0.0.21  client.libssh.site
+
+127.0.0.11  kdc.libssh.site
+
+123.0.0.11 testing
+fd00::5357:5f0a testing
diff --git a/libssh/tests/etc/pam_matrix_passdb.in b/libssh/tests/etc/pam_matrix_passdb.in
index c0aa54e5..9404bc0e 100644
--- a/libssh/tests/etc/pam_matrix_passdb.in
+++ b/libssh/tests/etc/pam_matrix_passdb.in
@@ -1,3 +1,4 @@
 bob:secret:sshd
 alice:secret:sshd
 charlie:secret:sshd
+doe:secret:sshd
diff --git a/libssh/tests/etc/passwd.in b/libssh/tests/etc/passwd.in
index 85e20c6d..cae364b7 100644
--- a/libssh/tests/etc/passwd.in
+++ b/libssh/tests/etc/passwd.in
@@ -1,6 +1,7 @@
 bob:x:5000:9000:bob gecos:@HOMEDIR@/bob:/bin/sh
 alice:x:5001:9000:alice gecos:@HOMEDIR@/alice:/bin/sh
 charlie:x:5002:9000:charlie gecos:@HOMEDIR@/charlie:/bin/sh
+doe:x:5003:9000:doe gecos:@HOMEDIR@/doe:/bin/sh
 sshd:x:65530:65531:sshd:@HOMEDIR@:/sbin/nologin
 nobody:x:65533:65534:nobody gecos:@HOMEDIR@:/bin/false
 root:x:65534:65532:root gecos:@HOMEDIR@:/bin/false
diff --git a/libssh/tests/etc/shadow.in b/libssh/tests/etc/shadow.in
index a0b2b9d6..0f03b149 100644
--- a/libssh/tests/etc/shadow.in
+++ b/libssh/tests/etc/shadow.in
@@ -1,3 +1,4 @@
 alice:$6$0jWkA8VP$MvBUvtGy38jWCZ5KtqnZEKQWXvvImDkDhDQII1kTqtAp3/xH31b71c.AjGkBFle.2QwCJQH7OzB/NXiMprusr/::0:::::
 bob:$6$0jWkA8VP$MvBUvtGy38jWCZ5KtqnZEKQWXvvImDkDhDQII1kTqtAp3/xH31b71c.AjGkBFle.2QwCJQH7OzB/NXiMprusr/::0:::::
 charlie:$6$0jWkA8VP$MvBUvtGy38jWCZ5KtqnZEKQWXvvImDkDhDQII1kTqtAp3/xH31b71c.AjGkBFle.2QwCJQH7OzB/NXiMprusr/::0:::::
+doe:$6$0jWkA8VP$MvBUvtGy38jWCZ5KtqnZEKQWXvvImDkDhDQII1kTqtAp3/xH31b71c.AjGkBFle.2QwCJQH7OzB/NXiMprusr/::0:::::
diff --git a/libssh/tests/external_override/CMakeLists.txt b/libssh/tests/external_override/CMakeLists.txt
index 81d10c53..365a1083 100644
--- a/libssh/tests/external_override/CMakeLists.txt
+++ b/libssh/tests/external_override/CMakeLists.txt
@@ -44,7 +44,7 @@ else ()
         ${libssh_SOURCE_DIR}/src/md_crypto.c
     )
     set(override_libs
-        ${OPENSSL_CRYPTO_LIBRARIES}
+        OpenSSL::Crypto
     )
 endif (WITH_GCRYPT)
 
@@ -98,23 +98,13 @@ elseif (WITH_GCRYPT)
     list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=1")
     list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=1")
 else ()
-    if (HAVE_OPENSSL_EVP_CHACHA20 AND HAVE_OPENSSL_EVP_POLY1305)
+    if (HAVE_OPENSSL_EVP_CHACHA20)
         list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CHACHAPOLY=0")
     else ()
         list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CHACHAPOLY=1")
     endif ()
-
-    if (HAVE_OPENSSL_ED25519)
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=0")
-    else ()
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=1")
-    endif ()
-
-    if (HAVE_OPENSSL_X25519)
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=0")
-    else ()
-        list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=1")
-    endif ()
+    list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_CURVE25519=0")
+    list(APPEND OVERRIDE_RESULTS "-DSHOULD_CALL_INTERNAL_ED25519=0")
 endif ()
 
 if (NOT OSX)
diff --git a/libssh/tests/external_override/torture_override.c b/libssh/tests/external_override/torture_override.c
index f351d52e..8024574b 100644
--- a/libssh/tests/external_override/torture_override.c
+++ b/libssh/tests/external_override/torture_override.c
@@ -56,7 +56,7 @@ static int sshd_setup(void **state)
     s = *((struct torture_state **)state);
     s->private_data = test_state;
 
-    test_state->orig_dir = strdup(torture_get_current_working_dir());
+    test_state->orig_dir = torture_get_current_working_dir();
     assert_non_null(test_state->orig_dir);
 
     temp_dir = torture_make_temp_dir(template);
@@ -137,7 +137,7 @@ static void test_algorithm(ssh_session session,
                            const char *cipher,
                            const char *hostkey)
 {
-    char data[256];
+    char data[256] = {0};
     int rc;
 
     if (kex != NULL) {
@@ -161,7 +161,7 @@ static void test_algorithm(ssh_session session,
     assert_ssh_return_code(session, rc);
 
     /* send ignore packets of all sizes */
-    memset(data, 'A', sizeof(data));
+    memset(data, 'A', sizeof(data) - 1);
     ssh_send_ignore(session, data);
     ssh_handle_packets(session, 50);
 
@@ -195,8 +195,8 @@ static void torture_override_chacha20_poly1305(void **state)
     internal_poly1305_called = internal_poly1305_function_called();
 
 #if SHOULD_CALL_INTERNAL_CHACHAPOLY
-    assert_true(internal_chacha20_called ||
-                internal_poly1305_called);
+    assert_true(internal_chacha20_called);
+    assert_true(internal_poly1305_called);
 #else
     assert_false(internal_chacha20_called ||
                  internal_poly1305_called);
diff --git a/libssh/tests/fs_wrapper.c b/libssh/tests/fs_wrapper.c
new file mode 100644
index 00000000..2df7406c
--- /dev/null
+++ b/libssh/tests/fs_wrapper.c
@@ -0,0 +1,213 @@
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+/*******************************************************************************
+ *                            Structs
+ ******************************************************************************/
+struct file {
+    char *name;
+    uid_t uid;
+    gid_t gid;
+} file = {0};
+
+/*******************************************************************************
+ *                            Destructor
+ ******************************************************************************/
+
+void destructor(void) __attribute__((destructor));
+
+void
+destructor(void)
+{
+    free(file.name);
+}
+
+/*******************************************************************************
+ *                              Chown wrapping
+ ******************************************************************************/
+
+/** Records the UID and GID and pretend syscall worked */
+static int
+chown_helper(const char *pathname, uid_t owner, gid_t group)
+{
+    if (strlen(pathname) > 7 && strncmp(pathname, "/dev/pt", 7) == 0) {
+        /*
+         * The OpenSSH server modified the PTY which requires root permissions
+         * see torture_request_pty_modes
+         * */
+        return 0;
+    }
+    if (strlen(pathname) > 4 && strncmp(pathname, "/tmp", 4) == 0) {
+        /*
+         * faking chown because It requires root permissions to modify the owner
+         * under /tmp
+         * It's also a helper for torture_sftp_setstat
+         * */
+        if (file.name != NULL) {
+            free((char *)file.name);
+        }
+        file.name = strdup(pathname);
+        file.uid = owner;
+        file.gid = group;
+        return 0;
+    }
+    return -1;
+}
+
+#define WRAP_CHOWN(syscall_name)                                      \
+    typedef int (*__libc_##syscall_name)(const char *pathname,        \
+                                         uid_t owner,                 \
+                                         gid_t group);                \
+    int syscall_name(const char *pathname, uid_t owner, gid_t group); \
+    int syscall_name(const char *pathname, uid_t owner, gid_t group)  \
+    {                                                                 \
+        __libc_##syscall_name original_##syscall_name = NULL;         \
+        int rc;                                                       \
+                                                                      \
+        rc = chown_helper(pathname, owner, group);                    \
+        if (rc == 0) {                                                \
+            return 0;                                                 \
+        }                                                             \
+        original_##syscall_name =                                     \
+            (__libc_##syscall_name)dlsym(RTLD_NEXT, #syscall_name);   \
+        return (*original_##syscall_name)(pathname, owner, group);    \
+    }
+
+WRAP_CHOWN(chown)
+WRAP_CHOWN(chown32)
+WRAP_CHOWN(lchown)
+
+/* fchownat */
+typedef int (*__libc_fchownat)(int dirfd,
+                               const char *pathname,
+                               uid_t owner,
+                               gid_t group,
+                               int flags);
+
+int
+fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group, int flags);
+
+int
+fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group, int flags)
+{
+    __libc_fchownat original_fchownat = NULL;
+    int rc;
+
+    rc = chown_helper(pathname, owner, group);
+    if (rc == 0) {
+        return 0;
+    }
+
+    original_fchownat = (__libc_fchownat)dlsym(RTLD_NEXT, "fchownat");
+    return (*original_fchownat)(dirfd, pathname, owner, group, flags);
+}
+
+/*******************************************************************************
+ *                              Stat wrapping
+ ******************************************************************************/
+
+/** Returns previously set UID/GID for the filename */
+static void
+stat_helper(const char *pathname, struct stat *statbuf)
+{
+    if (file.name != NULL && strcmp(pathname, file.name) == 0) {
+        statbuf->st_uid = file.uid;
+        statbuf->st_gid = file.gid;
+    }
+}
+
+static void
+stat64_helper(const char *pathname, struct stat64 *statbuf)
+{
+    if (file.name != NULL && strcmp(pathname, file.name) == 0) {
+        statbuf->st_uid = file.uid;
+        statbuf->st_gid = file.gid;
+    }
+}
+
+#define WRAP_STAT(syscall_name, struct_name)                             \
+    typedef int (*__libc_##syscall_name)(const char *pathname,           \
+                                         struct struct_name *statbuf);   \
+    int syscall_name(const char *pathname, struct struct_name *statbuf); \
+    int syscall_name(const char *pathname, struct struct_name *statbuf)  \
+    {                                                                    \
+        int rc;                                                          \
+        __libc_##syscall_name original_##syscall_name = NULL;            \
+                                                                         \
+        original_##syscall_name =                                        \
+            (__libc_##syscall_name)dlsym(RTLD_NEXT, #syscall_name);      \
+        rc = (*original_##syscall_name)(pathname, statbuf);              \
+        struct_name##_helper(pathname, statbuf);                         \
+                                                                         \
+        return rc;                                                       \
+    }
+
+WRAP_STAT(stat, stat)
+WRAP_STAT(lstat, stat)
+/* i686 arch */
+WRAP_STAT(stat64, stat64)
+WRAP_STAT(lstat64, stat64)
+
+#define WRAP_XSTAT(syscall_name)                                           \
+    typedef int (*__libc_##syscall_name)(int ver,                          \
+                                         const char *pathname,             \
+                                         struct stat *statbuf);            \
+    int syscall_name(int ver, const char *pathname, struct stat *statbuf); \
+    int syscall_name(int ver, const char *pathname, struct stat *statbuf)  \
+    {                                                                      \
+        int rc;                                                            \
+        __libc_##syscall_name original_##syscall_name = NULL;              \
+                                                                           \
+        original_##syscall_name =                                          \
+            (__libc_##syscall_name)dlsym(RTLD_NEXT, #syscall_name);        \
+        rc = (*original_##syscall_name)(ver, pathname, statbuf);           \
+        stat_helper(pathname, statbuf);                                    \
+                                                                           \
+        return rc;                                                         \
+    }
+
+WRAP_XSTAT(__xstat) /* CentOS8 */
+WRAP_XSTAT(__lxstat)
+
+/* i686 arch (likely not wrappable) */
+static void
+statx_helper(const char *pathname, struct statx *statbuf)
+{
+    if (file.name != NULL && strcmp(pathname, file.name) == 0) {
+        statbuf->stx_uid = file.uid;
+        statbuf->stx_gid = file.gid;
+    }
+}
+
+typedef int (*__libc_statx)(int dirfd,
+                            const char *pathname,
+                            int flags,
+                            unsigned int mask,
+                            struct statx *statbuf);
+int statx(int dirfd,
+          const char *pathname,
+          int flags,
+          unsigned int mask,
+          struct statx *statbuf);
+int
+statx(int dirfd,
+      const char *pathname,
+      int flags,
+      unsigned int mask,
+      struct statx *statbuf)
+{
+    int rc;
+    __libc_statx original_statx = NULL;
+
+    original_statx = (__libc_statx)dlsym(RTLD_NEXT, "statx");
+    rc = (*original_statx)(dirfd, pathname, flags, mask, statbuf);
+    statx_helper(pathname, statbuf);
+
+    return rc;
+}
diff --git a/libssh/tests/fuzz/CMakeLists.txt b/libssh/tests/fuzz/CMakeLists.txt
index 8d9b2bea..dee39af6 100644
--- a/libssh/tests/fuzz/CMakeLists.txt
+++ b/libssh/tests/fuzz/CMakeLists.txt
@@ -2,9 +2,7 @@ project(fuzzing CXX)
 
 macro(fuzzer name)
     add_executable(${name} ${name}.c)
-    target_link_libraries(${name}
-                          PRIVATE
-                              ssh::static)
+    target_link_libraries(${name} PRIVATE ${TORTURE_LINK_LIBRARIES})
     if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
         set_target_properties(${name}
                               PROPERTIES
@@ -28,7 +26,11 @@ macro(fuzzer name)
 endmacro()
 
 fuzzer(ssh_client_fuzzer)
-fuzzer(ssh_server_fuzzer)
 fuzzer(ssh_client_config_fuzzer)
-fuzzer(ssh_bind_config_fuzzer)
 fuzzer(ssh_known_hosts_fuzzer)
+fuzzer(ssh_privkey_fuzzer)
+fuzzer(ssh_pubkey_fuzzer)
+if (WITH_SERVER)
+    fuzzer(ssh_server_fuzzer)
+    fuzzer(ssh_bind_config_fuzzer)
+endif (WITH_SERVER)
diff --git a/libssh/tests/fuzz/README.md b/libssh/tests/fuzz/README.md
index c68ef3d1..a8f9a1be 100644
--- a/libssh/tests/fuzz/README.md
+++ b/libssh/tests/fuzz/README.md
@@ -10,6 +10,8 @@ but they are suitable for debugging.
 
 ## Background
 
+### Turn off encryption
+
 Fuzzing ssh protocol is complicated by the way that all the communication
 between client and server is encrypted and authenticated using keys based
 on random data, making it impossible to fuzz the actual underlying protocol
@@ -17,6 +19,17 @@ as every change in the encrypted data causes integrity errors. For that reason,
 libssh needs to implement "none" cipher and MAC as described in RFC 4253
 and these need to be used during fuzzing to be able to accomplish
 reproducibility and for fuzzers to be able to progress behind key exchange.
+This is enabled with the `WITH_INSECURE_NONE` CMake option.
+
+### Do not allow filesystem modification
+
+The OpenSSH configuration files are quite rich and expects users to know what
+they do when they write their configuration files. The fuzzer driver is not an
+average user so it is very happy to try whatever commands come to its "mind",
+including `rm -rf /` and libssh would be very happy to run it by default. This
+might remove some parts of the system that are mandatory for fuzzing.
+To avoid executing dangerous commands like this, the `WITH_EXEC=OFF` CMake
+option prevents invoking any external command through `exec()` syscall.
 
 ## Corpus creation
 
@@ -31,7 +44,7 @@ to use none cipher for the key exchange to be plausible.
 
  * Compile libssh with support for none cipher and pcap:
 
-    cmake -DWITH_INSECURE_NONE=ON -DWITH_PCAP=ON ../
+    cmake -DWITH_INSECURE_NONE=ON -DWITH_EXEC=OFF -DWITH_PCAP=ON ../
 
  * Create a configuration file enabling none cipher and mac:
 
@@ -95,7 +108,7 @@ You can either pick up my branch or workaround them locally:
 ### Reproduce locally
 
 Clone the above repository from https://github.com/google/oss-fuzz/, apply
-changes from previous secion if needed, setup local clone of libssh repository
+changes from previous section if needed, setup local clone of libssh repository
 and build the fuzzers locally (where `~/devel/libssh` is path to local libssh
 checkout):
 
@@ -111,7 +124,7 @@ This should give you the same error/leak/crash as you see on the testcase
 detail in oss-fuzz.com.
 
 I find it very useful to run libssh in debug mode, to see what happened and
-what exit path was taken to get to the error. Fortunatelly, we can simply
+what exit path was taken to get to the error. Fortunately, we can simply
 pass environment variables to the container:
 
     python infra/helper.py reproduce -eLIBSSH_VERBOSITY=9 libssh ssh_client_fuzzer ~/Downloads/clusterfuzz-testcase-ssh_client_fuzzer-4637376441483264
diff --git a/libssh/tests/fuzz/fuzzer.c b/libssh/tests/fuzz/fuzzer.c
index 4db6a2bc..bd7a9edb 100644
--- a/libssh/tests/fuzz/fuzzer.c
+++ b/libssh/tests/fuzz/fuzzer.c
@@ -1,8 +1,14 @@
 /* Simpler gnu89 version of StandaloneFuzzTargetMain.c from LLVM */
 
+#include "config.h"
+
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+/* for OPENSSL_cleanup() of GSSAPI's OpenSSL context */
+#include <openssl/crypto.h>
+#endif
 
 int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size);
 __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
@@ -35,5 +41,9 @@ main (int argc, char **argv)
 
     free (buf);
     printf ("Done!\n");
+
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+    OPENSSL_cleanup();
+#endif
     return 0;
 }
diff --git a/libssh/tests/fuzz/ssh_client_fuzzer.c b/libssh/tests/fuzz/ssh_client_fuzzer.c
index 2e3a0da6..e69bf385 100644
--- a/libssh/tests/fuzz/ssh_client_fuzzer.c
+++ b/libssh/tests/fuzz/ssh_client_fuzzer.c
@@ -93,6 +93,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     ssize_t nwritten;
     bool no = false;
     int rc;
+    long timeout = 1; /* use short timeout to avoid timeouts during fuzzing */
+
+    /* This is the maximum that can be handled by the socket buffer before the
+     * other side will read some data. Other option would be feeding the socket
+     * from different thread which would not mind if it would be blocked, but I
+     * believe all the important inputs should fit into this size */
+    if (size > 219264) {
+        return -1;
+    }
 
     /* Set up the socket to send data */
     rc = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds);
@@ -129,6 +138,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     assert(rc == 0);
     rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &no);
     assert(rc == 0);
+    rc = ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &timeout);
+    assert(rc == 0);
 
     ssh_callbacks_init(&cb);
     ssh_set_callbacks(session, &cb);
@@ -144,7 +155,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     }
 
     channel = ssh_channel_new(session);
-    assert(channel != NULL);
+    if (channel == NULL) {
+        goto out;
+    }
 
     rc = ssh_channel_open_session(channel);
     if (rc != SSH_OK) {
@@ -152,7 +165,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     }
 
     rc = ssh_channel_request_exec(channel, "ls");
-    assert(rc == SSH_OK);
+    if (rc != SSH_OK) {
+        goto out;
+    }
 
     select_loop(session, channel);
 
diff --git a/libssh/tests/fuzz/ssh_privkey_fuzzer.c b/libssh/tests/fuzz/ssh_privkey_fuzzer.c
new file mode 100644
index 00000000..b65d680d
--- /dev/null
+++ b/libssh/tests/fuzz/ssh_privkey_fuzzer.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2023 Jakub Jelen <jjelen@redhat.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "config.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LIBSSH_STATIC 1
+#include "libssh/libssh.h"
+#include "libssh/priv.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    ssh_key pkey = NULL;
+    uint8_t *input = NULL;
+    int rc;
+
+    input = bin_to_base64(data, size);
+    if (input == NULL) {
+        return 1;
+    }
+
+    ssh_init();
+
+    rc = ssh_pki_import_privkey_base64((char *)input, NULL, NULL, NULL, &pkey);
+    free(input);
+    if (rc != SSH_OK) {
+        return 1;
+    }
+    ssh_key_free(pkey);
+
+    ssh_finalize();
+
+    return 0;
+}
+
diff --git a/libssh/tests/fuzz/ssh_privkey_fuzzer_corpus/855ce609b52aec530bf631a78da7038bed99040a b/libssh/tests/fuzz/ssh_privkey_fuzzer_corpus/855ce609b52aec530bf631a78da7038bed99040a
new file mode 100644
index 00000000..2759f43e
--- /dev/null
+++ b/libssh/tests/fuzz/ssh_privkey_fuzzer_corpus/855ce609b52aec530bf631a78da7038bed99040a
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCLo6vx1lX6ZZoe05lWTkuwrJUZN0T8hEer5UF9KPhOVgAAAKg+IRNSPiET
+UgAAAAtzc2gtZWQyNTUxOQAAACCLo6vx1lX6ZZoe05lWTkuwrJUZN0T8hEer5UF9KPhOVg
+AAAED2zFg52qYItoZaSUnir4VKubTxJveL9D2oWK7Prg/O24ujq/HWVfplmh7TmVZOS7Cs
+lRk3RPyER6vlQX0o+E5WAAAAHmpqZWxlbkB0NDcwcy5qamVsZW4ucmVkaGF0LmNvbQECAw
+QFBgc=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/libssh/tests/fuzz/ssh_pubkey_fuzzer.c b/libssh/tests/fuzz/ssh_pubkey_fuzzer.c
new file mode 100644
index 00000000..70c94948
--- /dev/null
+++ b/libssh/tests/fuzz/ssh_pubkey_fuzzer.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2023 Jakub Jelen <jjelen@redhat.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LIBSSH_STATIC 1
+#include "libssh/libssh.h"
+#include "libssh/misc.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    ssh_key pkey = NULL;
+    char *filename = NULL;
+    int fd;
+    int rc;
+    ssize_t sz;
+
+    ssh_init();
+
+    filename = strdup("/tmp/libssh_pubkey_XXXXXX");
+    if (filename == NULL) {
+        return -1;
+    }
+    fd = mkstemp(filename);
+    if (fd  == -1) {
+        free(filename);
+        close(fd);
+        return -1;
+    }
+    sz = ssh_writen(fd, data, size);
+    close(fd);
+    if (sz == SSH_ERROR) {
+        unlink(filename);
+        free(filename);
+        return -1;
+    }
+
+    rc = ssh_pki_import_pubkey_file(filename, &pkey);
+    if (rc != SSH_OK) {
+        unlink(filename);
+        free(filename);
+        return 1;
+    }
+    ssh_key_free(pkey);
+    unlink(filename);
+    free(filename);
+
+    ssh_finalize();
+
+    return 0;
+}
+
diff --git a/libssh/tests/fuzz/ssh_pubkey_fuzzer_corpus/b2c9f01394a2835b2cd7c520395a4977143e8d23 b/libssh/tests/fuzz/ssh_pubkey_fuzzer_corpus/b2c9f01394a2835b2cd7c520395a4977143e8d23
new file mode 100644
index 00000000..accd5b65
--- /dev/null
+++ b/libssh/tests/fuzz/ssh_pubkey_fuzzer_corpus/b2c9f01394a2835b2cd7c520395a4977143e8d23
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujq/HWVfplmh7TmVZOS7CslRk3RPyER6vlQX0o+E5W jjelen@t470s.jjelen.redhat.com
diff --git a/libssh/tests/fuzz/ssh_server_fuzzer.c b/libssh/tests/fuzz/ssh_server_fuzzer.c
index 8c7913a3..aa84b8d2 100644
--- a/libssh/tests/fuzz/ssh_server_fuzzer.c
+++ b/libssh/tests/fuzz/ssh_server_fuzzer.c
@@ -139,6 +139,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         .channel_open_request_session_function = channel_open,
     };
 
+    /* This is the maximum that can be handled by the socket buffer before the
+     * other side will read some data. Other option would be feeding the socket
+     * from different thread which would not mind if it would be blocked, but I
+     * believe all the important inputs should fit into this size */
+    if (size > 219264) {
+        return -1;
+    }
+
     /* Write SSH RSA host key to disk */
     rc = write_rsa_hostkey("/tmp/libssh_fuzzer_private_key");
     assert(rc == 0);
@@ -169,8 +177,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         assert(rc == 0);
     }
     rc = ssh_bind_options_set(sshbind,
-                         SSH_BIND_OPTIONS_RSAKEY,
-                         "/tmp/libssh_fuzzer_private_key");
+                              SSH_BIND_OPTIONS_HOSTKEY,
+                              "/tmp/libssh_fuzzer_private_key");
     assert(rc == 0);
     rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "none");
     assert(rc == 0);
@@ -186,6 +194,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     ssh_set_auth_methods(session, SSH_AUTH_METHOD_NONE);
 
     ssh_callbacks_init(&server_cb);
+    ssh_set_server_callbacks(session, &server_cb);
 
     rc = ssh_bind_accept_fd(sshbind, session, socket_fds[0]);
     assert(rc == SSH_OK);
@@ -197,7 +206,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         ssh_event_add_session(event, session);
 
         size_t n = 0;
-        while(sdata.authenticated == false || sdata.channel == NULL) {
+        while (sdata.authenticated == false || sdata.channel == NULL) {
             if (sdata.auth_attempts >= 3 || n >= 100) {
                 break;
             }
diff --git a/libssh/tests/gss/kdcsetup.sh b/libssh/tests/gss/kdcsetup.sh
new file mode 100755
index 00000000..c5e38bc8
--- /dev/null
+++ b/libssh/tests/gss/kdcsetup.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+SOCKDIR=$1
+WORKDIR=$SOCKDIR/gss
+
+mkdir "$WORKDIR"/k  "$WORKDIR"/d
+
+cat<<EOF > "$WORKDIR"/k/kdc.conf
+[realms]
+    LIBSSH.SITE = {
+        database_name = $WORKDIR/principal
+        key_stash_file = $WORKDIR/stash
+        kdc_listen = $(hostname -f)
+        kdc_tcp_listen = $(hostname -f)
+        default_principal_flags = +preauth,+forwardable
+    }
+[logging]
+   kdc = FILE:$WORKDIR/kdc.log
+   debug = true
+EOF
+
+cat<<EOF > "$WORKDIR"/k/krb5.conf
+[libdefaults]
+        default_realm = LIBSSH.SITE
+        forwardable = true
+
+[realms]
+        LIBSSH.SITE = {
+                kdc = $(hostname -f)
+        }
+[domain_realm]
+        .$(hostname -d) = LIBSSH.SITE
+
+EOF
+
+kdb5_util -P foo create -s
+
+bash "$WORKDIR"/kadmin.sh
+
+krb5kdc -w 1 -P "$WORKDIR"/pid
+
+# Wait till KDC binds to the ports, 0x58 is port 88
+i=0
+while [ ! -S "$SOCKDIR"/T0B0058 ] && [ ! -S "$SOCKDIR"/U0B0058 ]; do
+    i=$((i + 1))
+    [ "$i" -eq 5 ] && exit 1
+    sleep 1
+done
+
+bash "$WORKDIR"/kinit.sh
+
+klist
+exit 0
diff --git a/libssh/tests/keys/id_rsa_protected b/libssh/tests/keys/id_rsa_protected
index cdf5c2b8..034cb287 100644
--- a/libssh/tests/keys/id_rsa_protected
+++ b/libssh/tests/keys/id_rsa_protected
@@ -1,28 +1,30 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBjmItEMS
-YKDxy/7xvsZY+uAAAAEAAAAAEAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQCz98jP4bLz
-1eNSFd5s2rauzUrREkRlcNt9yh9vXcRIMn19Jt35GUJQzqL5+gRVXbfFZ1qd2zYGSfva0a
-Kclp0iA5ZT6SjGn6BGa0ksT842IAolCpErd44k0EfoC33o0yongbC/nobhbry4+APBRVDB
-UhzoRzpHKmLPsMT5L76BK8FAhVRC3teQ9xc7I3nO6PmoOFkziXpXs6D0taPj/YgXlpy8qN
-8gyl6qaen3PoFNhlC25BTpvVW4RiFfK8zouQzCd2xUaHjqQMoyZFCHIDwDqq8sCWIwyrzy
-TmBHgB4l5OeoNH9DXbQjo8ypg2XpMtOTz8qic448NH9dcZveIXrvAAADwCLre52Jer2DTQ
-TJi91b/xNm5NRuW9366ZdoOC5NdWtbQFk4YJmdImEDo8k1t3Re24rVNxLMQwHwZX4ZLISl
-/e49RtSd6TDP44FkQF4NgtCjLUdmEWRTQj0mtENGto+wdLpL25HkmmI5WGrQU9SufVhhvj
-TxKi6ediSXIXEA5bSrWNvUaw084TT3ZfP9g98/6wr9tAYL1jVfTFUabvZzCR6+wRVoJIVc
-/+uN1bubj+IdOzYSm9Dhj4kUlK+KvI4GtouCzjuEZosjvn0ino3du1vgyT7SPdjmDxtIds
-YI7YiB1Xy3QcWdWFk+SoXhDizf9pupo2r1+G50GoBuXg2ELdsKBLXtxQ9bh37JyAcLzagq
-iVMCJjk3XMZvNXhdELRqLeWyhQ7U1BCtUBatbem0VsH6hQZ/pHReX2We8/GAUQkh4ZN8U2
-lkta9v5cb7XaBm49JjzIa3WeOS+tFHIUAWqd7MQ4f2FCTMhBssLAM7EJDOUXyo6938pa75
-+LvdLZRUycE8d/PWG9SuFWSe4CJJrRlBQqPEwx9OPtKNNKgsXIGVKAFLXe+nJ4z6RXTR3R
-IGe0uaf8v9Jra5j22rq/dbQG1fP1fZNcCnIZQQo6olLaoyQmGCboC8CiCz1PNTsC1+r4pB
-oaRiCx5/qLF6EXQ03mdEqL1L/R+KMDa2+Ncw2hCSRU3GBby4wXmSqFsboRy5uxJB5sK0Ut
-sI3FW48k9zijiqVpdysRkalVVSQj8ymTG9LbjjEEmE7qxRf2dZCEnS/iPFUIu7iO9ISiOm
-4ThpROBspNyHMXKFR6mKArJX1vIwjehlaLAXA3UMY9PEFRDrWQcbatGWj4f/L6e3Tq+n7a
-t0djAgKlh40IvVL+Xf+Bsv8vUr7HAbKnOxpX69nEShiJqR5YWlEPXba+JCOjryE2ycoRB6
-d2d0SgDlB1M04uUmv2sy2Kw/CcSNHPLKGiYqqv8DAZ4GiKH2rI4oWvH9z2uRuQni98/Gw1
-1D5/QwJOHpqrUnVat4JXPBeTqiHYYtbTtqJLeIPX+Dsa6tbdjEOVgx2FkH3104xMwJyUKb
-Ccip4AbWsTwfM4GVPnJE6WCBcXC5WR6AOzuEEDQjhyzLs5K7RVb7irfhHa4Vs1/2LvxnRT
-dmTzdv/mhUNqS9RIPmFttfsSveDqY0P6WOn+K6FcCHQjpFJ3pK08glD+Sx4cbFv3lUQLfw
-hsjL0P+p+M+gTqeJ1kb2z87fiS03mHMV15lmb7nzoqyeJLIukV1jidWdGxf0efnQfmUVfX
-Wa+ehGaw==
------END OPENSSH PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,0B181CC88F75C33B7DEBE5C18B481F18
+
+rYtUw8FhEv48JmNTm3i1TEqEgElC629iaMQu/YzRV5zL/n83HwMKbRpAZ31Cch2a
+8thZRQ6YsL/56vr+fKKVgDF7y3wmStp5sVkOQXMeZ9D746ZEGcYGnYH8JQhibDDB
+sTK2kQrmBERg7H8rOoNCzxxoK+VZl2Z+S+yLVq0//qxBfuluZwCdk9Tie69Cd/Dk
+PeBjOVPnFCavCKCWpUs/So8VQq9jXG84hRltwC0htSTEq+xfgNtS64f63WL6gEnB
+WZ5KSO1gyzKC5/YAB6LXPxIIVzfZYXiuOWV/t8DXZK/lvhqQ3gSyPZezSrX8wEMC
+xQeX41etQGjCcgxWH41iPCNTuoIKo2t/BPlfLJilJotmUSnYOxDmkZbLabuyS+0p
+WGtnEwFSrxQosx6u9GBHX94Ikex0bf00KzNpKExzAIRqTdesaviJ1QX/pRsvT/Xp
+TtH2aWV5kYNc+B+BrCQU7mlx/eEtXR2H5zJQxLSrTVKb1vUIHytufnPePk2BkcQ2
+CTE1xT+ZkUaY1WiCBxWgVTflL5FY9E6BerKEGVSfloso8tGCgsoO/Fch0Ho5/bXp
+T+3nQEY780KduKJ8xCJJDQgD8GbjNR6sCtcPrewqEsgrpAbJUKyXhU7klGC09zzI
+/JnNmdd10w2l/5A92GGrCgXnTYb8/w9J/qa6qyAAYU9/8rPo7ErGb7mKclmzz63j
+cksImoExfrr9CIr7wjrXFO0OoupmMegNOZtgwsN7i0FI8vWYc6a3IaFWSWfE29Ux
+rw9TK9L9pDvhCqS/WjW86S25muqnTSMQ/bhmiPw8z8tOjdi2YRqNcU2TyWoB2Mct
+W+w9G5dSukMwkXQ2RNjDo2GfuXLXpUe5zCVixI2wxYGvIqTGkDZn/u1Jdxy1IxNc
+qEsEZAOCVnJU1cQpB9ENsyrRUIsdQVWNQSvsUZz2XSELULwIFTcCTHr2PAJ5xzZ6
+VQy3DGEpZf7+yGACoi8LY8f5Ve5C9NciyA4/C/uvOUd7PhAf4g41mKw8+bAr8NFt
+ubeXTo0iI29FkmmebfM1sRBHvomGT7qYsHBW2pgqBrm3X9kFcQ9EFhr6S2ULMcIn
+4iX1mbqvC0c1CUmZakkNg94FQp2zbUclAuDkg3BTA0gwbyudvx0ccBmzQ43/6AJ5
+xz1hrfusX5Vcjz6+i5WHJDK/mlUDwTV5GAhcmar9eEcFXJEosD+mrAalflz3Vc2X
+5A9plGfKkaFdth8YUGjLr+O2O5ggkDpCMbjYo4HQ6/dslYvqvnavJYrRKrEZbtvj
+8fR5E11tPrK1aKzPHO0VLKf4UHs57JNqicSlYGy78FSCPG4d17KQlFyzbXsfbsvp
+9EQK4N2jwRNZAOHuTuoqQ8TNzDahdlmbBS2Akd3rVV9H1/eNeN3r6Demww+yixoy
+uPhjofn0P28eH7Gqiyhh20QYYqG7aky9IYMPnIBtA1hJp9MtMa1m8aHGxxZrUigj
+S62Q34JzA8A6Rwc2kTHRzXG2o6oQ3vCQfy0JGlmDlG2yofcn7YgrMCv+srTniuiA
+YBnOeic5cllYnDB9bpF2kufJT6CigoxP18HIw+jhYabuOTHO67MYf2En+is8vlQS
+-----END RSA PRIVATE KEY-----
diff --git a/libssh/tests/keys/ssh_host_dsa_key b/libssh/tests/keys/ssh_host_dsa_key
deleted file mode 100644
index 9ee8bd86..00000000
--- a/libssh/tests/keys/ssh_host_dsa_key
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQD7vBS+d/eJP6wK2VQw+8AIfgCw9IR50utLRkkrWbfDdiM7V+fp
-tJYKCyqZT9j9ANhqicB2tuqAI6WJBZMaGekxWfI30JxPkHZrrwbdFzlRbjav07lg
-IKqWgcz81iVPmfn5savEoobiSFjJNMmYcizjKZgGmyNUzlJjzF7u5qD08wIVAPFp
-6VKuv8VxNjENciUZCdEDRW/lAoGBAN/BFSBRSP9frsHID6e2NeKHqs8JDUWhCTE9
-/WQKqUUbxO2UU98CfHuf1mNlaSsrOxaBdvTeURcZZc1svhyGr1VG+NbNTDDlzTgA
-UlrzNML61TYcFXQVxgifUy+Tmh8FRGCa6Ko/EsX4ZWLTto5w1u5cPpgzSbLMco9T
-AeeNLgYNAoGAJRuawWN3+NezI7+bBe42Kjg4gVUlpS+8TTlYFbwrM1Esab7gvxHB
-/b2apbk9xIAkkqsnb+EPrXTLUdE2Y7XkEuGLLSTus2UlZKobBGBX/Ioysg5W9Fk/
-2MhI4YssRb2alar8d+gmAHPaT+D+NDd90PBfY3HqcXFEK+eDTWo1JNICFBLdsuoO
-6pObeFSOYbr38kJzZ0xG
------END DSA PRIVATE KEY-----
diff --git a/libssh/tests/keys/ssh_host_dsa_key.pub b/libssh/tests/keys/ssh_host_dsa_key.pub
deleted file mode 100644
index 5fcb413d..00000000
--- a/libssh/tests/keys/ssh_host_dsa_key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAPu8FL5394k/rArZVDD7wAh+ALD0hHnS60tGSStZt8N2IztX5+m0lgoLKplP2P0A2GqJwHa26oAjpYkFkxoZ6TFZ8jfQnE+QdmuvBt0XOVFuNq/TuWAgqpaBzPzWJU+Z+fmxq8SihuJIWMk0yZhyLOMpmAabI1TOUmPMXu7moPTzAAAAFQDxaelSrr/FcTYxDXIlGQnRA0Vv5QAAAIEA38EVIFFI/1+uwcgPp7Y14oeqzwkNRaEJMT39ZAqpRRvE7ZRT3wJ8e5/WY2VpKys7FoF29N5RFxllzWy+HIavVUb41s1MMOXNOABSWvM0wvrVNhwVdBXGCJ9TL5OaHwVEYJroqj8SxfhlYtO2jnDW7lw+mDNJssxyj1MB540uBg0AAACAJRuawWN3+NezI7+bBe42Kjg4gVUlpS+8TTlYFbwrM1Esab7gvxHB/b2apbk9xIAkkqsnb+EPrXTLUdE2Y7XkEuGLLSTus2UlZKobBGBX/Ioysg5W9Fk/2MhI4YssRb2alar8d+gmAHPaT+D+NDd90PBfY3HqcXFEK+eDTWo1JNI= asn@magrathea
diff --git a/libssh/tests/pkcs11/setup-softhsm-tokens.sh b/libssh/tests/pkcs11/setup-softhsm-tokens.sh
index 532c86a7..863c0c55 100755
--- a/libssh/tests/pkcs11/setup-softhsm-tokens.sh
+++ b/libssh/tests/pkcs11/setup-softhsm-tokens.sh
@@ -5,8 +5,10 @@
 TESTDIR=$1
 PRIVKEY=$2
 OBJNAME=$3
+TOKENLABEL=$3 # yeah. The same as object label
 LOADPUBLIC=$4
-shift 4
+LIBSOFTHSM_PATH=$5
+shift 5
 
 PUBKEY="$PRIVKEY.pub"
 
@@ -14,26 +16,29 @@ echo "TESTDIR: $TESTDIR"
 echo "PRIVKEY: $PRIVKEY"
 echo "PUBKEY: $PUBKEY"
 echo "OBJNAME: $OBJNAME"
+echo "TOKENLABEL: $TOKENLABEL"
 echo "LOADPUBLIC: $LOADPUBLIC"
 
-# Create temporary directory for tokens
-install -d -m 0755 $TESTDIR/db
+if [ ! -d "$TESTDIR/db" ]; then
+    # Create temporary directory for tokens
+    install -d -m 0755 "$TESTDIR/db"
 
-# Create SoftHSM configuration file
-cat >$TESTDIR/softhsm.conf <<EOF
+    # Create SoftHSM configuration file
+    cat >"$TESTDIR/softhsm.conf" <<EOF
 directories.tokendir = $TESTDIR/db
 objectstore.backend = file
 log.level = DEBUG
 EOF
 
-export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
+    cat "$TESTDIR/softhsm.conf"
+fi
 
-cat $TESTDIR/softhsm.conf
+export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
 
-#init
-cmd='softhsm2-util --init-token --label "$OBJNAME" --free --pin 1234 --so-pin 1234'
+#init -- each object will have its own token
+cmd="softhsm2-util --init-token --label $TOKENLABEL --free --pin 1234 --so-pin 1234"
 eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
 ret=$?
 if [ $ret -ne 0 ]; then
     echo "Init token failed"
@@ -42,9 +47,9 @@ if [ $ret -ne 0 ]; then
 fi
 
 #load private key
-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey $PRIVKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$TOKENLABEL\""
 eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
 ret=$?
 if [ $ret -ne 0 ]; then
    echo "Loading privkey failed"
@@ -52,15 +57,15 @@ if [ $ret -ne 0 ]; then
    exit 1
 fi
 
-cat $PUBKEY
+cat "$PUBKEY"
 
-ls -l $TESTDIR
+ls -l "$TESTDIR"
 
-if [ $LOADPUBLIC -ne 0 ]; then
+if [ "$LOADPUBLIC" -ne 0 ]; then
 #load public key
-    cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
+    cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey $PUBKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$TOKENLABEL\""
     eval echo "$cmd"
-    out=$(eval $cmd)
+    out=$(eval "$cmd")
     ret=$?
     if [ $ret -ne 0 ]; then
         echo "Loading pubkey failed"
@@ -69,15 +74,17 @@ if [ $LOADPUBLIC -ne 0 ]; then
     fi
 fi
 
-cmd='p11tool --list-all --login "pkcs11:token="$OBJNAME"" --set-pin=1234'
+cmd="p11tool --list-all --login \"pkcs11:token=$TOKENLABEL\" --set-pin=1234"
 eval echo "$cmd"
-out=$(eval $cmd)
+out=$(eval "$cmd")
 ret=$?
 if [ $ret -ne 0 ]; then
-    echo "Loging failed"
+    echo "Logging in failed"
     echo "$out"
     exit 1
 fi
 echo "$out"
 
+pkcs11-tool -M --login --pin=1234 --module="$LIBSOFTHSM_PATH" --token-label="$TOKENLABEL"
+
 exit 0
diff --git a/libssh/tests/pkd/CMakeLists.txt b/libssh/tests/pkd/CMakeLists.txt
index 0a13da85..d921cd68 100644
--- a/libssh/tests/pkd/CMakeLists.txt
+++ b/libssh/tests/pkd/CMakeLists.txt
@@ -5,7 +5,6 @@ if (WITH_SERVER AND UNIX AND NOT WIN32)
     include_directories(${libssh_SOURCE_DIR}/include
                         ${libssh_BINARY_DIR}/include
                         ${CMOCKA_INCLUDE_DIR}
-                        ${ZLIB_INCLUDE_DIR}
                         ${CMAKE_BINARY_DIR}
                         ${libssh_SOURCE_DIR}/src
                         ${CMAKE_CURRENT_SOURCE_DIR})
@@ -18,15 +17,16 @@ set(pkd_hello_src
 )
 
 set(pkd_libs
-    ${CMOCKA_LIBRARY}
-    ssh::static
+    ${TORTURE_LINK_LIBRARIES}
     ${ARGP_LIBRARIES}
-    pthread
 )
 
 add_executable(pkd_hello ${pkd_hello_src})
 target_compile_options(pkd_hello PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-target_link_libraries(pkd_hello ${pkd_libs})
+target_link_libraries(pkd_hello PRIVATE ${pkd_libs})
+if (WITH_COVERAGE)
+    append_coverage_compiler_flags_to_target(pkd_hello)
+endif (WITH_COVERAGE)
 
 #
 # pkd_hello_i1 runs only one iteration per algorithm combination for
@@ -34,7 +34,7 @@ target_link_libraries(pkd_hello ${pkd_libs})
 # specified with `-i` and may be helpful for chasing down bugs that
 # are not 100% reproducible.
 #
-add_test(pkd_hello_i1 ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -e -o -i1 -w /tmp/pkd_socket_wrapper_XXXXXX)
+add_test(pkd_hello_i1 ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -e -o -i1 -w /tmp/pkd_socket_wrapper_XXXXXX -L pkd_scratch_XXXXXX)
 #
 # Configure environment for cwrap socket wrapper.
 #
@@ -49,7 +49,7 @@ set_property(TEST pkd_hello_i1 PROPERTY ENVIRONMENT ${PKD_ENVIRONMENT})
 #
 # pkd_hello_rekey is used to test server-side implementation of rekeying.
 #
-add_test(pkd_hello_rekey ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v -w /tmp/pkd_socket_wrapper_XXXXXX)
+add_test(pkd_hello_rekey ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v -w /tmp/pkd_socket_wrapper_XXXXXX -L pkd_scratch_XXXXXX)
 set_property(TEST pkd_hello_rekey PROPERTY ENVIRONMENT OPENSSL_ENABLE_SHA1_SIGNATURES=1)
 
 endif (WITH_SERVER AND UNIX AND NOT WIN32)
diff --git a/libssh/tests/pkd/pkd_client.h b/libssh/tests/pkd/pkd_client.h
index de42098b..aa65593f 100644
--- a/libssh/tests/pkd/pkd_client.h
+++ b/libssh/tests/pkd/pkd_client.h
@@ -61,7 +61,7 @@
 
 /* Dropbear */
 
-#define DROPBEAR_BINARY "dbclient"
+#define DROPBEAR_BINARY DROPBEAR_EXECUTABLE
 #define DROPBEAR_KEYGEN "dropbearkey"
 
 #define DROPBEAR_CMD_START \
diff --git a/libssh/tests/pkd/pkd_daemon.c b/libssh/tests/pkd/pkd_daemon.c
index 5325a5de..ac4b53b7 100644
--- a/libssh/tests/pkd/pkd_daemon.c
+++ b/libssh/tests/pkd/pkd_daemon.c
@@ -263,16 +263,10 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
         goto outclose;
     }
 
-    if (type == PKD_RSA) {
-        opts = SSH_BIND_OPTIONS_RSAKEY;
-    } else if (type == PKD_ED25519) {
+    if (type == PKD_RSA ||
+        type == PKD_ED25519 ||
+        type == PKD_ECDSA) {
         opts = SSH_BIND_OPTIONS_HOSTKEY;
-#ifdef HAVE_DSA
-    } else if (type == PKD_DSA) {
-        opts = SSH_BIND_OPTIONS_DSAKEY;
-#endif
-    } else if (type == PKD_ECDSA) {
-        opts = SSH_BIND_OPTIONS_ECDSAKEY;
     } else {
         pkderr("unknown hostkey type: %d\n", type);
         rc = -1;
@@ -589,7 +583,8 @@ void pkd_stop(struct pkd_result *out) {
     close(pkd_state.server_fd);
 
     rc = pthread_kill(ctx.tid, SIGUSR1);
-    assert_int_equal(rc, 0);
+    assert_int_not_equal(rc, EINVAL);
+    assert_int_not_equal(rc, ENOTSUP);
 
     rc = pthread_join(ctx.tid, NULL);
     assert_int_equal(rc, 0);
diff --git a/libssh/tests/pkd/pkd_daemon.h b/libssh/tests/pkd/pkd_daemon.h
index 493326c1..2745f11a 100644
--- a/libssh/tests/pkd/pkd_daemon.h
+++ b/libssh/tests/pkd/pkd_daemon.h
@@ -12,9 +12,6 @@
 
 enum pkd_hostkey_type_e {
     PKD_RSA,
-#ifdef HAVE_DSA
-    PKD_DSA,
-#endif
     PKD_ED25519,
     PKD_ECDSA
 };
@@ -30,6 +27,8 @@ struct pkd_daemon_args {
 
     uint64_t rekey_data_limit;
 
+    int original_dir_fd;
+
     struct {
         int list;
 
@@ -42,8 +41,14 @@ struct pkd_daemon_args {
         unsigned int iterations;
 
         struct {
+            const char *argv_mkdtemp_str;
             char *mkdtemp_str;
         } socket_wrapper;
+
+        struct {
+            const char *argv_mkdtemp_str;
+            char *mkdtemp_str;
+        } temp_dir;
     } opts;
 };
 
diff --git a/libssh/tests/pkd/pkd_hello.c b/libssh/tests/pkd/pkd_hello.c
index 01b1b10d..ba57f3d3 100644
--- a/libssh/tests/pkd/pkd_hello.c
+++ b/libssh/tests/pkd/pkd_hello.c
@@ -1,15 +1,17 @@
 /*
  * pkd_hello.c --
  *
- * (c) 2014, 2017-2018 Jon Simons <jon@jonsimons.org>
+ * (c) 2014, 2017-2018, 2022 Jon Simons <jon@jonsimons.org>
  */
 #include "config.h"
 
+#include <fcntl.h>
 #include <setjmp.h> // for cmocka
 #include <stdarg.h> // for cmocka
+#include <stdint.h> // for cmocka
 #include <stdio.h>
 #include <stdlib.h>
-#include <unistd.h> // for cmocka
+#include <unistd.h>
 #include <cmocka.h>
 
 #include "libssh/priv.h"
@@ -20,6 +22,11 @@
 #include "pkd_keyutil.h"
 #include "pkd_util.h"
 
+#if defined(HAVE_LIBCRYPTO)
+/* for OPENSSL_cleanup() of OpenSSL context */
+#include <openssl/crypto.h>
+#endif
+
 #define DEFAULT_ITERATIONS 10
 static struct pkd_daemon_args pkd_dargs;
 
@@ -33,7 +40,7 @@ static size_t default_payload_len = sizeof(default_payload_buf);
 #include <argp.h>
 #define PROGNAME "pkd_hello"
 #define ARGP_PROGNAME "libssh " PROGNAME
-const char *argp_program_version = ARGP_PROGNAME " 2017-07-12";
+const char *argp_program_version = ARGP_PROGNAME " 2022-11-12";
 const char *argp_program_bug_address = "Jon Simons <jon@jonsimons.org>";
 
 static char doc[] = \
@@ -61,6 +68,8 @@ static struct argp_option options[] = {
       "Run each test for the given number of iterations (default is 10)", 0 },
     { "match", 'm', "testmatch", 0,
       "Run all tests with the given string", 0 },
+    { "temp-dir", 'L', "<mkdtemp-template>", 0,
+      "Run in a temporary directory using the given mkdtemp template", 0 },
     { "socket-wrapper-dir", 'w', "<mkdtemp-template>", 0,
       "Run in socket-wrapper mode using the given mkdtemp directory template", 0 },
     { "stdout", 'o', NULL, 0,
@@ -90,6 +99,9 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) {
     case 'l':
         pkd_dargs.opts.list = 1;
         break;
+    case 'L':
+        pkd_dargs.opts.temp_dir.argv_mkdtemp_str = arg;
+        break;
     case 'i':
         pkd_dargs.opts.iterations = atoi(arg);
         break;
@@ -109,7 +121,7 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state) {
         pkd_dargs.opts.libssh_log_level += 1;
         break;
     case 'w':
-        pkd_dargs.opts.socket_wrapper.mkdtemp_str = arg;
+        pkd_dargs.opts.socket_wrapper.argv_mkdtemp_str = arg;
         break;
     default:
         return ARGP_ERR_UNKNOWN;
@@ -177,15 +189,6 @@ static int torture_pkd_setup_ed25519(void **state) {
     return 0;
 }
 
-#ifdef HAVE_DSA
-static int torture_pkd_setup_dsa(void **state) {
-    setup_dsa_key();
-    *state = (void *) torture_pkd_setup(PKD_DSA, LIBSSH_DSA_TESTKEY);
-
-    return 0;
-}
-#endif
-
 static int torture_pkd_setup_ecdsa_256(void **state) {
     setup_ecdsa_keys();
     *state = (void *) torture_pkd_setup(PKD_ECDSA, LIBSSH_ECDSA_256_TESTKEY);
@@ -217,16 +220,9 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_384_default,  cmd,  setup_ecdsa_384,  teardown) \
     f(client, ecdsa_521_default,  cmd,  setup_ecdsa_521,  teardown)
 
-#ifdef HAVE_DSA
-#define PKDTESTS_DEFAULT(f, client, cmd) \
-    /* Default passes by server key type. */ \
-    PKDTESTS_DEFAULT_FIPS(f, client, cmd) \
-    f(client, dsa_default,        cmd,  setup_dsa,        teardown)
-#else
 #define PKDTESTS_DEFAULT(f, client, cmd) \
     /* Default passes by server key type. */ \
     PKDTESTS_DEFAULT_FIPS(f, client, cmd)
-#endif
 
 #define PKDTESTS_DEFAULT_OPENSSHONLY(f, client, cmd) \
     /* Default passes by server key type. */ \
@@ -308,44 +304,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_521_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_521,  teardown)
 
-#if defined(HAVE_DSA) && defined(WITH_GEX)
-    /* GEX_SHA256 with RSA and ECDSA is included in PKDTESTS_KEX_FIPS if available */
-#define PKDTESTS_KEX(f, client, kexcmd) \
-    /* Kex algorithms. */ \
-    PKDTESTS_KEX_COMMON(f, client, kexcmd) \
-    f(client, rsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                        setup_rsa,        teardown) \
-    f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256"),             setup_dsa,        teardown) \
-    f(client, dsa_curve25519_sha256_libssh_org,       kexcmd("curve25519-sha256@libssh.org"),  setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp384,                 kexcmd("ecdh-sha2-nistp384 "),           setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp521,                 kexcmd("ecdh-sha2-nistp521 "),           setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group16_sha512,      kexcmd("diffie-hellman-group16-sha512"), setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group18_sha512,      kexcmd("diffie-hellman-group18-sha512"), setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group14_sha256,      kexcmd("diffie-hellman-group14-sha256"), setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256),                    setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                        setup_dsa,        teardown) \
-    f(client, ecdsa_256_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                  setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_384_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                  setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_521_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                  setup_ecdsa_521,  teardown)
-
-#elif defined(HAVE_DSA) /* && !defined(WITH_GEX) */
-#define PKDTESTS_KEX(f, client, kexcmd) \
-    /* Kex algorithms. */ \
-    PKDTESTS_KEX_COMMON(f, client, kexcmd) \
-    f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256"),             setup_dsa,        teardown) \
-    f(client, dsa_curve25519_sha256_libssh_org,       kexcmd("curve25519-sha256@libssh.org"),  setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp384,                 kexcmd("ecdh-sha2-nistp384 "),           setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp521,                 kexcmd("ecdh-sha2-nistp521 "),           setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group16_sha512,      kexcmd("diffie-hellman-group16-sha512"), setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group18_sha512,      kexcmd("diffie-hellman-group18-sha512"), setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group14_sha256,      kexcmd("diffie-hellman-group14-sha256"), setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown)
-
-#elif defined(WITH_GEX) /* && !defined(HAVE_DSA) */
+#if defined(WITH_GEX)
     /* GEX_SHA256 is included in PKDTESTS_KEX_FIPS if available */
 #define PKDTESTS_KEX(f, client, kexcmd) \
     /* Kex algorithms. */ \
@@ -360,22 +319,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     PKDTESTS_KEX_COMMON(f, client, kexcmd)
 #endif
 
-#ifdef HAVE_DSA
-#define PKDTESTS_KEX_OPENSSHONLY(f, client, kexcmd) \
-    /* Kex algorithms. */ \
-    f(client, ed25519_curve25519_sha256,              kexcmd("curve25519-sha256"),             setup_ed25519,    teardown) \
-    f(client, ed25519_curve25519_sha256_libssh_org,   kexcmd("curve25519-sha256@libssh.org"),  setup_ed25519,    teardown) \
-    f(client, ed25519_ecdh_sha2_nistp256,             kexcmd("ecdh-sha2-nistp256"),            setup_ed25519,    teardown) \
-    f(client, ed25519_ecdh_sha2_nistp384,             kexcmd("ecdh-sha2-nistp384"),            setup_ed25519,    teardown) \
-    f(client, ed25519_ecdh_sha2_nistp521,             kexcmd("ecdh-sha2-nistp521"),            setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group14_sha256,  kexcmd("diffie-hellman-group14-sha256"), setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group16_sha512,  kexcmd("diffie-hellman-group16-sha512"), setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group18_sha512,  kexcmd("diffie-hellman-group18-sha512"), setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group14_sha1,    kexcmd("diffie-hellman-group14-sha1"),   setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group1_sha1,     kexcmd("diffie-hellman-group1-sha1"),    setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256),                setup_ed25519,    teardown) \
-    f(client, ed25519_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                    setup_ed25519,    teardown)
-#else
 #define PKDTESTS_KEX_OPENSSHONLY(f, client, kexcmd) \
     /* Kex algorithms. */ \
     f(client, ed25519_curve25519_sha256,              kexcmd("curve25519-sha256"),             setup_ed25519,    teardown) \
@@ -389,8 +332,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ed25519_diffie_hellman_group1_sha1,     kexcmd("diffie-hellman-group1-sha1"),    setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256),                setup_ed25519,    teardown) \
     f(client, ed25519_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                    setup_ed25519,    teardown)
-#endif
 
+#define CHACHA20 "chacha20-poly1305@openssh.com"
 
 #define PKDTESTS_CIPHER_COMMON(f, client, ciphercmd) \
     f(client, rsa_aes128_ctr,          ciphercmd("aes128-ctr"),    setup_rsa,        teardown) \
@@ -413,19 +356,18 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_521_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_521,  teardown)
 
-#ifdef HAVE_DSA
+#define PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd) \
+    f(client, rsa_chacha20,            ciphercmd(CHACHA20),        setup_rsa,        teardown) \
+    f(client, ed25519_chacha20,        ciphercmd(CHACHA20),        setup_ed25519,    teardown) \
+    f(client, ecdsa_256_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_384_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_521_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_521,  teardown)
+
 #define PKDTESTS_CIPHER(f, client, ciphercmd) \
     /* Ciphers. */ \
     PKDTESTS_CIPHER_COMMON(f, client, ciphercmd) \
-    f(client, dsa_aes128_ctr,          ciphercmd("aes128-ctr"),    setup_dsa,        teardown) \
-    f(client, dsa_aes256_ctr,          ciphercmd("aes256-ctr"),    setup_dsa,        teardown)
-#else
-#define PKDTESTS_CIPHER(f, client, ciphercmd) \
-    /* Ciphers. */ \
-    PKDTESTS_CIPHER_COMMON(f, client, ciphercmd)
-#endif
+    PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd)
 
-#define CHACHA20 "chacha20-poly1305@openssh.com"
 #define AES128_GCM "aes128-gcm@openssh.com"
 #define AES256_GCM "aes256-gcm@openssh.com"
 
@@ -439,7 +381,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_521_aes128_gcm,    ciphercmd(AES128_GCM),      setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_aes256_gcm,    ciphercmd(AES256_GCM),      setup_ecdsa_521,  teardown)
 
-#ifdef HAVE_DSA
 #define PKDTESTS_CIPHER_OPENSSHONLY(f, client, ciphercmd) \
     /* Ciphers. */ \
     PKDTESTS_CIPHER_OPENSSHONLY_FIPS(f, client, ciphercmd) \
@@ -448,15 +389,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, rsa_aes192_cbc,          ciphercmd("aes192-cbc"),    setup_rsa,        teardown) \
     f(client, rsa_aes256_cbc,          ciphercmd("aes256-cbc"),    setup_rsa,        teardown) \
     f(client, rsa_aes192_ctr,          ciphercmd("aes192-ctr"),    setup_rsa,        teardown) \
-    f(client, rsa_chacha20,            ciphercmd(CHACHA20),        setup_rsa,        teardown) \
-    f(client, dsa_3des_cbc,            ciphercmd("3des-cbc"),      setup_dsa,        teardown) \
-    f(client, dsa_aes128_cbc,          ciphercmd("aes128-cbc"),    setup_dsa,        teardown) \
-    f(client, dsa_aes192_cbc,          ciphercmd("aes192-cbc"),    setup_dsa,        teardown) \
-    f(client, dsa_aes256_cbc,          ciphercmd("aes256-cbc"),    setup_dsa,        teardown) \
-    f(client, dsa_aes192_ctr,          ciphercmd("aes192-ctr"),    setup_dsa,        teardown) \
-    f(client, dsa_chacha20,            ciphercmd(CHACHA20),        setup_dsa,        teardown) \
-    f(client, dsa_aes128_gcm,          ciphercmd(AES128_GCM),      setup_dsa,        teardown) \
-    f(client, dsa_aes256_gcm,          ciphercmd(AES256_GCM),      setup_dsa,        teardown) \
     f(client, ed25519_3des_cbc,        ciphercmd("3des-cbc"),      setup_ed25519,    teardown) \
     f(client, ed25519_aes128_cbc,      ciphercmd("aes128-cbc"),    setup_ed25519,    teardown) \
     f(client, ed25519_aes128_ctr,      ciphercmd("aes128-ctr"),    setup_ed25519,    teardown) \
@@ -464,7 +396,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ed25519_aes256_ctr,      ciphercmd("aes256-ctr"),    setup_ed25519,    teardown) \
     f(client, ed25519_aes192_cbc,      ciphercmd("aes192-cbc"),    setup_ed25519,    teardown) \
     f(client, ed25519_aes192_ctr,      ciphercmd("aes192-ctr"),    setup_ed25519,    teardown) \
-    f(client, ed25519_chacha20,        ciphercmd(CHACHA20),        setup_ed25519,    teardown) \
     f(client, ed25519_aes128_gcm,      ciphercmd(AES128_GCM),      setup_ed25519,    teardown) \
     f(client, ed25519_aes256_gcm,      ciphercmd(AES256_GCM),      setup_ed25519,    teardown) \
     f(client, ecdsa_256_3des_cbc,      ciphercmd("3des-cbc"),      setup_ecdsa_256,  teardown) \
@@ -472,69 +403,44 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_256_aes192_cbc,    ciphercmd("aes192-cbc"),    setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_256,  teardown) \
     f(client, ecdsa_384_3des_cbc,      ciphercmd("3des-cbc"),      setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_aes192_cbc,    ciphercmd("aes192-cbc"),    setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_384,  teardown) \
     f(client, ecdsa_521_3des_cbc,      ciphercmd("3des-cbc"),      setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_aes192_cbc,    ciphercmd("aes192-cbc"),    setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_521,  teardown)
-#else
-#define PKDTESTS_CIPHER_OPENSSHONLY(f, client, ciphercmd) \
-    /* Ciphers. */ \
-    PKDTESTS_CIPHER_OPENSSHONLY_FIPS(f, client, ciphercmd) \
-    f(client, rsa_3des_cbc,            ciphercmd("3des-cbc"),      setup_rsa,        teardown) \
-    f(client, rsa_aes128_cbc,          ciphercmd("aes128-cbc"),    setup_rsa,        teardown) \
-    f(client, rsa_aes192_cbc,          ciphercmd("aes192-cbc"),    setup_rsa,        teardown) \
-    f(client, rsa_aes256_cbc,          ciphercmd("aes256-cbc"),    setup_rsa,        teardown) \
-    f(client, rsa_aes192_ctr,          ciphercmd("aes192-ctr"),    setup_rsa,        teardown) \
-    f(client, rsa_chacha20,            ciphercmd(CHACHA20),        setup_rsa,        teardown) \
-    f(client, ed25519_3des_cbc,        ciphercmd("3des-cbc"),      setup_ed25519,    teardown) \
-    f(client, ed25519_aes128_cbc,      ciphercmd("aes128-cbc"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes128_ctr,      ciphercmd("aes128-ctr"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes256_cbc,      ciphercmd("aes256-cbc"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes256_ctr,      ciphercmd("aes256-ctr"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes192_cbc,      ciphercmd("aes192-cbc"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes192_ctr,      ciphercmd("aes192-ctr"),    setup_ed25519,    teardown) \
-    f(client, ed25519_chacha20,        ciphercmd(CHACHA20),        setup_ed25519,    teardown) \
-    f(client, ecdsa_256_3des_cbc,      ciphercmd("3des-cbc"),      setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_aes192_cbc,    ciphercmd("aes192-cbc"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_384_3des_cbc,      ciphercmd("3des-cbc"),      setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_aes192_cbc,    ciphercmd("aes192-cbc"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_521_3des_cbc,      ciphercmd("3des-cbc"),      setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_aes192_cbc,    ciphercmd("aes192-cbc"),    setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_chacha20,      ciphercmd(CHACHA20),        setup_ecdsa_521,  teardown)
-#endif
+    f(client, ecdsa_521_aes192_ctr,    ciphercmd("aes192-ctr"),    setup_ecdsa_521,  teardown)
 
 
-#define PKDTESTS_MAC_FIPS(f, client, maccmd) \
-    f(client, ecdsa_256_hmac_sha1,          maccmd("hmac-sha1"),                      setup_ecdsa_256,  teardown) \
+#define PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) \
     f(client, ecdsa_256_hmac_sha2_256,      maccmd("hmac-sha2-256"),                  setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_384_hmac_sha1,          maccmd("hmac-sha1"),                      setup_ecdsa_384,  teardown) \
     f(client, ecdsa_384_hmac_sha2_256,      maccmd("hmac-sha2-256"),                  setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_521_hmac_sha1,          maccmd("hmac-sha1"),                      setup_ecdsa_521,  teardown) \
     f(client, ecdsa_521_hmac_sha2_256,      maccmd("hmac-sha2-256"),                  setup_ecdsa_521,  teardown) \
-    f(client, rsa_hmac_sha1,                maccmd("hmac-sha1"),                      setup_rsa,        teardown) \
     f(client, rsa_hmac_sha2_256,            maccmd("hmac-sha2-256"),                  setup_rsa,        teardown)
 
+#define PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd) \
+    f(client, ecdsa_256_hmac_sha1,          maccmd("hmac-sha1"),                      setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_384_hmac_sha1,          maccmd("hmac-sha1"),                      setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_521_hmac_sha1,          maccmd("hmac-sha1"),                      setup_ecdsa_521,  teardown) \
+    f(client, rsa_hmac_sha1,                maccmd("hmac-sha1"),                      setup_rsa,        teardown)
+
+#ifdef DROPBEAR_SUPPORTS_HMAC_SHA1
+#define PKDTESTS_MAC_FIPS(f, client, maccmd)  \
+    PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) \
+    PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd)
+#define PKDTESTS_MAC_OPENSSHONLY_FIPS_SHA1(f, client, maccmd)
+#else
+#define PKDTESTS_MAC_FIPS(f, client, maccmd) \
+    PKDTESTS_MAC_FIPS_BASE(f, client, maccmd)
+#define PKDTESTS_MAC_OPENSSHONLY_FIPS_SHA1(f, client, maccmd) \
+    PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd)
+#endif
+
 #define PKDTESTS_MAC_OPENSSHONLY_FIPS(f, client, maccmd) \
+    PKDTESTS_MAC_OPENSSHONLY_FIPS_SHA1(f, client, maccmd) \
     f(client, ecdsa_256_hmac_sha1_etm,      maccmd("hmac-sha1-etm@openssh.com"),      setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_hmac_sha2_256_etm,  maccmd("hmac-sha2-256-etm@openssh.com"),  setup_ecdsa_256,  teardown) \
     f(client, ecdsa_256_hmac_sha2_512,      maccmd("hmac-sha2-512"),                  setup_ecdsa_256,  teardown) \
@@ -552,25 +458,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, rsa_hmac_sha2_512,            maccmd("hmac-sha2-512"),                  setup_rsa,        teardown) \
     f(client, rsa_hmac_sha2_512_etm,        maccmd("hmac-sha2-512-etm@openssh.com"),  setup_rsa,        teardown)
 
-#ifdef HAVE_DSA
-#define PKDTESTS_MAC(f, client, maccmd) \
-    /* MACs. */ \
-    PKDTESTS_MAC_FIPS(f, client, maccmd) \
-    f(client, dsa_hmac_sha1,                maccmd("hmac-sha1"),                      setup_dsa,        teardown) \
-    f(client, dsa_hmac_sha2_256,            maccmd("hmac-sha2-256"),                  setup_dsa,        teardown)
-#define PKDTESTS_MAC_OPENSSHONLY(f, client, maccmd) \
-    PKDTESTS_MAC_OPENSSHONLY_FIPS(f, client, maccmd) \
-    f(client, dsa_hmac_sha1_etm,            maccmd("hmac-sha1-etm@openssh.com"),      setup_dsa,        teardown) \
-    f(client, dsa_hmac_sha2_256_etm,        maccmd("hmac-sha2-256-etm@openssh.com"),  setup_dsa,        teardown) \
-    f(client, dsa_hmac_sha2_512,            maccmd("hmac-sha2-512"),                  setup_dsa,        teardown) \
-    f(client, dsa_hmac_sha2_512_etm,        maccmd("hmac-sha2-512-etm@openssh.com"),  setup_dsa,        teardown) \
-    f(client, ed25519_hmac_sha1,            maccmd("hmac-sha1"),                      setup_ed25519,    teardown) \
-    f(client, ed25519_hmac_sha1_etm,        maccmd("hmac-sha1-etm@openssh.com"),      setup_ed25519,    teardown) \
-    f(client, ed25519_hmac_sha2_256,        maccmd("hmac-sha2-256"),                  setup_ed25519,    teardown) \
-    f(client, ed25519_hmac_sha2_256_etm,    maccmd("hmac-sha2-256-etm@openssh.com"),  setup_ed25519,    teardown) \
-    f(client, ed25519_hmac_sha2_512,        maccmd("hmac-sha2-512"),                  setup_ed25519,    teardown) \
-    f(client, ed25519_hmac_sha2_512_etm,    maccmd("hmac-sha2-512-etm@openssh.com"),  setup_ed25519,    teardown)
-#else
 #define PKDTESTS_MAC(f, client, maccmd) \
     /* MACs. */ \
     PKDTESTS_MAC_FIPS(f, client, maccmd)
@@ -582,7 +469,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ed25519_hmac_sha2_256_etm,    maccmd("hmac-sha2-256-etm@openssh.com"),  setup_ed25519,    teardown) \
     f(client, ed25519_hmac_sha2_512,        maccmd("hmac-sha2-512"),                  setup_ed25519,    teardown) \
     f(client, ed25519_hmac_sha2_512_etm,    maccmd("hmac-sha2-512-etm@openssh.com"),  setup_ed25519,    teardown)
-#endif
 
 
 #define PKDTESTS_HOSTKEY_OPENSSHONLY_FIPS(f, client, hkcmd) \
@@ -638,21 +524,6 @@ static void torture_pkd_runtest(const char *testname,
 /*
  * Actual test functions are emitted here.
  */
-
-#ifdef HAVE_DSA
-#define CLIENT_ID_FILE OPENSSH_DSA_TESTKEY
-PKDTESTS_DEFAULT(emit_keytest, openssh_dsa, OPENSSH_CMD)
-PKDTESTS_DEFAULT(emit_keytest, openssh_cert_dsa, OPENSSH_CERT_CMD)
-PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_CMD)
-PKDTESTS_KEX(emit_keytest, openssh_dsa, OPENSSH_KEX_CMD)
-PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_KEX_CMD)
-PKDTESTS_CIPHER(emit_keytest, openssh_dsa, OPENSSH_CIPHER_CMD)
-PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_CIPHER_CMD)
-PKDTESTS_MAC(emit_keytest, openssh_dsa, OPENSSH_MAC_CMD)
-PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_MAC_CMD)
-#undef CLIENT_ID_FILE
-#endif
-
 #define CLIENT_ID_FILE OPENSSH_RSA_TESTKEY
 PKDTESTS_DEFAULT(emit_keytest, openssh_rsa, OPENSSH_CMD)
 PKDTESTS_DEFAULT(emit_keytest, openssh_cert_rsa, OPENSSH_CERT_CMD)
@@ -724,17 +595,6 @@ struct {
     const struct CMUnitTest test;
 } testmap[] = {
     /* OpenSSH */
-#ifdef HAVE_DSA
-    PKDTESTS_DEFAULT(emit_testmap, openssh_dsa, OPENSSH_CMD)
-    PKDTESTS_DEFAULT(emit_testmap, openssh_cert_dsa, OPENSSH_CERT_CMD)
-    PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_CMD)
-    PKDTESTS_KEX(emit_testmap, openssh_dsa, OPENSSH_KEX_CMD)
-    PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_KEX_CMD)
-    PKDTESTS_CIPHER(emit_testmap, openssh_dsa, OPENSSH_CIPHER_CMD)
-    PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_CIPHER_CMD)
-    PKDTESTS_MAC(emit_testmap, openssh_dsa, OPENSSH_MAC_CMD)
-    PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_MAC_CMD)
-#endif
 
     PKDTESTS_DEFAULT(emit_testmap, openssh_rsa, OPENSSH_CMD)
     PKDTESTS_DEFAULT(emit_testmap, openssh_cert_rsa, OPENSSH_CERT_CMD)
@@ -789,16 +649,6 @@ static int pkd_run_tests(void) {
     int tindex = 0;
 
     const struct CMUnitTest openssh_tests[] = {
-#ifdef HAVE_DSA
-        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_dsa, OPENSSH_CMD)
-        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_dsa, OPENSSH_CERT_CMD)
-        PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_dsa, OPENSSH_CMD)
-        PKDTESTS_KEX(emit_unit_test_comma, openssh_dsa, OPENSSH_KEX_CMD)
-        PKDTESTS_CIPHER(emit_unit_test_comma, openssh_dsa, OPENSSH_CIPHER_CMD)
-        PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_dsa, OPENSSH_CIPHER_CMD)
-        PKDTESTS_MAC(emit_unit_test_comma, openssh_dsa, OPENSSH_MAC_CMD)
-        PKDTESTS_MAC_OPENSSHONLY(emit_unit_test_comma, openssh_dsa, OPENSSH_MAC_CMD)
-#endif
 
         PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_rsa, OPENSSH_CMD)
         PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_rsa, OPENSSH_CERT_CMD)
@@ -830,6 +680,10 @@ static int pkd_run_tests(void) {
         PKDTESTS_MAC_OPENSSHONLY(emit_unit_test_comma, openssh_ed, OPENSSH_MAC_CMD)
     };
 
+    /* It is not possible to test hostkey and kex algorithms, because
+     * dbclient does not support setting hostkey and kex algorithms
+     * through cli (see 'man dbclient')
+     */
     const struct CMUnitTest dropbear_tests[] = {
         PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear, DROPBEAR_CMD)
         PKDTESTS_CIPHER(emit_unit_test_comma, dropbear, DROPBEAR_CIPHER_CMD)
@@ -942,23 +796,66 @@ static int pkd_run_tests(void) {
     cleanup_ecdsa_keys();
     if (!ssh_fips_mode()) {
         cleanup_ed25519_key();
-#ifdef HAVE_DSA
-        cleanup_dsa_key();
-#endif
     }
 
     return rc;
 }
 
+static int pkd_init_temp_dir(void) {
+    int rc = 0;
+    char *mkdtemp_str = NULL;
+    pkd_dargs.original_dir_fd = -1;
+
+    if (pkd_dargs.opts.temp_dir.argv_mkdtemp_str == NULL) {
+        return 0;
+    }
+
+    pkd_dargs.original_dir_fd = open(".", O_RDONLY);
+    if (pkd_dargs.original_dir_fd < 0) {
+        fprintf(stderr, "pkd_init_temp_dir open failed\n");
+        return -1;
+    }
+
+    mkdtemp_str = strdup(pkd_dargs.opts.temp_dir.argv_mkdtemp_str);
+    if (mkdtemp_str == NULL) {
+        fprintf(stderr, "pkd_init_temp_dir strdup failed\n");
+        goto errstrdup;
+    }
+    pkd_dargs.opts.temp_dir.mkdtemp_str = mkdtemp_str;
+
+    if (mkdtemp(mkdtemp_str) == NULL) {
+        fprintf(stderr, "pkd_init_temp_dir mkdtemp '%s' failed\n", mkdtemp_str);
+        goto errmkdtemp;
+    }
+
+    rc = chdir(mkdtemp_str);
+    if (rc != 0) {
+        fprintf(stderr, "pkd_init_temp_dir chdir '%s' failed\n", mkdtemp_str);
+        goto errchdir;
+    }
+
+    return 0;
+
+errchdir:
+    rmdir(mkdtemp_str);
+errmkdtemp:
+    free(mkdtemp_str);
+errstrdup:
+    close(pkd_dargs.original_dir_fd);
+    pkd_dargs.original_dir_fd = -1;
+    rc = -1;
+    return rc;
+}
+
 static int pkd_init_socket_wrapper(void) {
     int rc = 0;
     char *mkdtemp_str = NULL;
 
-    if (pkd_dargs.opts.socket_wrapper.mkdtemp_str == NULL) {
+    if (pkd_dargs.opts.socket_wrapper.argv_mkdtemp_str == NULL) {
         goto out;
     }
 
-    mkdtemp_str = strdup(pkd_dargs.opts.socket_wrapper.mkdtemp_str);
+    mkdtemp_str = strdup(pkd_dargs.opts.socket_wrapper.argv_mkdtemp_str);
     if (mkdtemp_str == NULL) {
         fprintf(stderr, "pkd_init_socket_wrapper strdup failed\n");
         goto errstrdup;
@@ -991,6 +888,33 @@ static int pkd_rmfiles(const char *path) {
     return system_checked(bin);
 }
 
+static int pkd_cleanup_temp_dir(void) {
+    int rc = 0;
+
+    if (pkd_dargs.opts.temp_dir.mkdtemp_str == NULL) {
+        return 0;
+    }
+
+    if (fchdir(pkd_dargs.original_dir_fd) != 0) {
+        fprintf(stderr, "pkd_cleanup_temp_dir failed fchdir\n");
+        rc = -1;
+        goto out;
+    }
+
+    if (rmdir(pkd_dargs.opts.temp_dir.mkdtemp_str) != 0) {
+        fprintf(stderr, "pkd_cleanup_temp_dir rmdir '%s' failed\n",
+                pkd_dargs.opts.temp_dir.mkdtemp_str);
+        rc = -1;
+        goto out;
+    }
+
+out:
+    close(pkd_dargs.original_dir_fd);
+    pkd_dargs.original_dir_fd = -1;
+    free(pkd_dargs.opts.temp_dir.mkdtemp_str);
+    return rc;
+}
+
 static int pkd_cleanup_socket_wrapper(void) {
     int rc = 0;
 
@@ -1001,22 +925,22 @@ static int pkd_cleanup_socket_wrapper(void) {
     /* clean up socket-wrapper unix domain sockets */
     if (pkd_rmfiles(pkd_dargs.opts.socket_wrapper.mkdtemp_str) != 0) {
         fprintf(stderr, "pkd_cleanup_socket_wrapper pkd_rmfiles '%s' failed\n",
-                        pkd_dargs.opts.socket_wrapper.mkdtemp_str);
+                pkd_dargs.opts.socket_wrapper.mkdtemp_str);
         goto errrmfiles;
     }
 
     if (rmdir(pkd_dargs.opts.socket_wrapper.mkdtemp_str) != 0) {
         fprintf(stderr, "pkd_cleanup_socket_wrapper rmdir '%s' failed\n",
-                        pkd_dargs.opts.socket_wrapper.mkdtemp_str);
+                pkd_dargs.opts.socket_wrapper.mkdtemp_str);
         goto errrmdir;
     }
 
-    free(pkd_dargs.opts.socket_wrapper.mkdtemp_str);
-
-    goto out;
+    goto outfree;
 errrmdir:
 errrmfiles:
     rc = -1;
+outfree:
+    free(pkd_dargs.opts.socket_wrapper.mkdtemp_str);
 out:
     return rc;
 }
@@ -1042,10 +966,16 @@ int main(int argc, char **argv) {
     (void) argc;  (void) argv;
 #endif /* HAVE_ARGP_H */
 
+    rc = pkd_init_temp_dir();
+    if (rc != 0) {
+        fprintf(stderr, "pkd_init_temp_dir failed: %d\n", rc);
+        goto out_finalize;
+    }
+
     rc = pkd_init_socket_wrapper();
     if (rc != 0) {
         fprintf(stderr, "pkd_init_socket_wrapper failed: %d\n", rc);
-        goto out_finalize;
+        goto out_tempdir;
     }
 
     if (pkd_dargs.opts.list != 0) {
@@ -1064,11 +994,20 @@ int main(int argc, char **argv) {
         fprintf(stderr, "pkd_cleanup_socket_wrapper failed: %d\n", rc);
     }
 
+out_tempdir:
+    rc = pkd_cleanup_temp_dir();
+    if (rc != 0) {
+        fprintf(stderr, "pkd_cleanup_temp_dir failed: %d\n", rc);
+    }
+
 out_finalize:
     rc = ssh_finalize();
     if (rc != 0) {
         fprintf(stderr, "ssh_finalize: %d\n", rc);
     }
+#if defined(HAVE_LIBCRYPTO)
+    OPENSSL_cleanup();
+#endif
 out:
     return exit_code;
 }
diff --git a/libssh/tests/pkd/pkd_keyutil.c b/libssh/tests/pkd/pkd_keyutil.c
index 3991bcbb..daaab134 100644
--- a/libssh/tests/pkd/pkd_keyutil.c
+++ b/libssh/tests/pkd/pkd_keyutil.c
@@ -8,6 +8,7 @@
 
 #include <setjmp.h> // for cmocka
 #include <stdarg.h> // for cmocka
+#include <stdint.h> // for cmocka
 #include <unistd.h> // for cmocka
 #include <cmocka.h>
 
@@ -22,7 +23,7 @@
 #include "pkd_keyutil.h"
 #include "pkd_util.h"
 
-void setup_rsa_key() {
+void setup_rsa_key(void) {
     int rc = 0;
     if (access(LIBSSH_RSA_TESTKEY, F_OK) != 0) {
         rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f "
@@ -31,7 +32,7 @@ void setup_rsa_key() {
     assert_int_equal(rc, 0);
 }
 
-void setup_ed25519_key() {
+void setup_ed25519_key(void) {
     int rc = 0;
     if (access(LIBSSH_ED25519_TESTKEY, F_OK) != 0) {
         rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
@@ -40,18 +41,7 @@ void setup_ed25519_key() {
     assert_int_equal(rc, 0);
 }
 
-#ifdef HAVE_DSA
-void setup_dsa_key() {
-    int rc = 0;
-    if (access(LIBSSH_DSA_TESTKEY, F_OK) != 0) {
-        rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
-                            LIBSSH_DSA_TESTKEY);
-    }
-    assert_int_equal(rc, 0);
-}
-#endif
-
-void setup_ecdsa_keys() {
+void setup_ecdsa_keys(void) {
     int rc = 0;
 
     if (access(LIBSSH_ECDSA_256_TESTKEY, F_OK) != 0) {
@@ -71,27 +61,21 @@ void setup_ecdsa_keys() {
     }
 }
 
-void cleanup_rsa_key() {
+void cleanup_rsa_key(void) {
     cleanup_key(LIBSSH_RSA_TESTKEY);
 }
 
-void cleanup_ed25519_key() {
+void cleanup_ed25519_key(void) {
     cleanup_key(LIBSSH_ED25519_TESTKEY);
 }
 
-#ifdef HAVE_DSA
-void cleanup_dsa_key() {
-    cleanup_key(LIBSSH_DSA_TESTKEY);
-}
-#endif
-
-void cleanup_ecdsa_keys() {
+void cleanup_ecdsa_keys(void) {
     cleanup_key(LIBSSH_ECDSA_256_TESTKEY);
     cleanup_key(LIBSSH_ECDSA_384_TESTKEY);
     cleanup_key(LIBSSH_ECDSA_521_TESTKEY);
 }
 
-void setup_openssh_client_keys() {
+void setup_openssh_client_keys(void) {
     int rc = 0;
 
     if (access(OPENSSH_CA_TESTKEY, F_OK) != 0) {
@@ -156,19 +140,6 @@ void setup_openssh_client_keys() {
     assert_int_equal(rc, 0);
 
     if (!ssh_fips_mode()) {
-#ifdef HAVE_DSA
-        if (access(OPENSSH_DSA_TESTKEY, F_OK) != 0) {
-            rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
-                    OPENSSH_DSA_TESTKEY);
-        }
-        assert_int_equal(rc, 0);
-
-        if (access(OPENSSH_DSA_TESTKEY "-cert.pub", F_OK) != 0) {
-            rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY
-                    " " OPENSSH_DSA_TESTKEY ".pub 2>/dev/null");
-        }
-        assert_int_equal(rc, 0);
-#endif
 
         if (access(OPENSSH_ED25519_TESTKEY, F_OK) != 0) {
             rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
@@ -184,7 +155,7 @@ void setup_openssh_client_keys() {
     }
 }
 
-void cleanup_openssh_client_keys() {
+void cleanup_openssh_client_keys(void) {
     cleanup_key(OPENSSH_CA_TESTKEY);
     cleanup_key(OPENSSH_RSA_TESTKEY);
     cleanup_file(OPENSSH_RSA_TESTKEY "-sha256-cert.pub");
@@ -193,13 +164,10 @@ void cleanup_openssh_client_keys() {
     cleanup_key(OPENSSH_ECDSA521_TESTKEY);
     if (!ssh_fips_mode()) {
         cleanup_key(OPENSSH_ED25519_TESTKEY);
-#ifdef HAVE_DSA
-        cleanup_key(OPENSSH_DSA_TESTKEY);
-#endif
     }
 }
 
-void setup_dropbear_client_rsa_key() {
+void setup_dropbear_client_rsa_key(void) {
     int rc = 0;
     if (access(DROPBEAR_RSA_TESTKEY, F_OK) != 0) {
         rc = system_checked(DROPBEAR_KEYGEN " -t rsa -f "
@@ -208,6 +176,6 @@ void setup_dropbear_client_rsa_key() {
     assert_int_equal(rc, 0);
 }
 
-void cleanup_dropbear_client_rsa_key() {
+void cleanup_dropbear_client_rsa_key(void) {
     unlink(DROPBEAR_RSA_TESTKEY);
 }
diff --git a/libssh/tests/pkd/pkd_keyutil.h b/libssh/tests/pkd/pkd_keyutil.h
index 7b189040..8e8f50ae 100644
--- a/libssh/tests/pkd/pkd_keyutil.h
+++ b/libssh/tests/pkd/pkd_keyutil.h
@@ -10,32 +10,20 @@
 #include "config.h"
 
 /* Server keys. */
-#ifdef HAVE_DSA
-#define LIBSSH_DSA_TESTKEY        "libssh_testkey.id_dsa"
-#endif
 #define LIBSSH_RSA_TESTKEY        "libssh_testkey.id_rsa"
 #define LIBSSH_ED25519_TESTKEY    "libssh_testkey.id_ed25519"
 #define LIBSSH_ECDSA_256_TESTKEY  "libssh_testkey.id_ecdsa256"
 #define LIBSSH_ECDSA_384_TESTKEY  "libssh_testkey.id_ecdsa384"
 #define LIBSSH_ECDSA_521_TESTKEY  "libssh_testkey.id_ecdsa521"
 
-#ifdef HAVE_DSA
-void setup_dsa_key(void);
-#endif
 void setup_rsa_key(void);
 void setup_ed25519_key(void);
 void setup_ecdsa_keys(void);
-#ifdef HAVE_DSA
-void cleanup_dsa_key(void);
-#endif
 void cleanup_rsa_key(void);
 void cleanup_ed25519_key(void);
 void cleanup_ecdsa_keys(void);
 
 /* Client keys. */
-#ifdef HAVE_DSA
-#define OPENSSH_DSA_TESTKEY       "openssh_testkey.id_dsa"
-#endif
 #define OPENSSH_RSA_TESTKEY       "openssh_testkey.id_rsa"
 #define OPENSSH_ECDSA256_TESTKEY  "openssh_testkey.id_ecdsa256"
 #define OPENSSH_ECDSA384_TESTKEY  "openssh_testkey.id_ecdsa384"
diff --git a/libssh/tests/server/CMakeLists.txt b/libssh/tests/server/CMakeLists.txt
index 96457cd2..a368c512 100644
--- a/libssh/tests/server/CMakeLists.txt
+++ b/libssh/tests/server/CMakeLists.txt
@@ -7,17 +7,29 @@ find_package(socket_wrapper)
 add_subdirectory(test_server)
 
 set(LIBSSH_SERVER_TESTS
-    torture_server
+    torture_server_default
     torture_server_auth_kbdint
     torture_server_config
     torture_server_algorithms
+    torture_sftpserver
 )
 
+if (WITH_GSSAPI AND GSSAPI_FOUND AND GSSAPI_TESTING)
+    set(LIBSSH_SERVER_TESTS
+        ${LIBSSH_SERVER_TESTS}
+        torture_gssapi_server_auth
+        torture_gssapi_server_auth_cb
+        torture_gssapi_server_delegation)
+endif()
+
 include_directories(${libssh_SOURCE_DIR}/include
                     ${libssh_BINARY_DIR}/include
                     ${libssh_BINARY_DIR}
                     test_server)
 
+set(TORTURE_SERVER_ENVIRONMENT ${TORTURE_ENVIRONMENT})
+list(APPEND TORTURE_SERVER_ENVIRONMENT NSS_WRAPPER_HOSTS=${CMAKE_BINARY_DIR}/tests/etc/hosts)
+
 if (ARGP_INCLUDE_DIR)
     include_directories(${ARGP_INCLUDE_DIR})
 endif ()
@@ -40,7 +52,7 @@ foreach(_SRV_TEST ${LIBSSH_SERVER_TESTS})
             TEST
                 ${_SRV_TEST}
             PROPERTY
-                ENVIRONMENT ${TORTURE_ENVIRONMENT})
+                ENVIRONMENT ${TORTURE_SERVER_ENVIRONMENT})
     endif()
 endforeach()
 
diff --git a/libssh/tests/server/test_server/CMakeLists.txt b/libssh/tests/server/test_server/CMakeLists.txt
index fe5e7d09..9b46641b 100644
--- a/libssh/tests/server/test_server/CMakeLists.txt
+++ b/libssh/tests/server/test_server/CMakeLists.txt
@@ -10,7 +10,12 @@ set(server_SRCS
 
 add_library(testserver STATIC
             test_server.c
-            default_cb.c)
+            default_cb.c
+            sftpserver_cb.c
+            testserver_common.c)
+if (WITH_COVERAGE)
+    append_coverage_compiler_flags_to_target(testserver)
+endif (WITH_COVERAGE)
 
 set(LIBSSH_SERVER_TESTS
 #    torture_server_kbdint
@@ -28,10 +33,10 @@ if (UNIX AND NOT WIN32)
     add_executable(test_server ${server_SRCS})
     target_compile_options(test_server PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
     target_link_libraries(test_server
-                          testserver
-                          ssh::ssh
-                          ${ARGP_LIBRARY}
-                          util)
+        PRIVATE testserver ${TORTURE_LINK_LIBRARIES} ${ARGP_LIBRARIES} util)
+    if (WITH_COVERAGE)
+        append_coverage_compiler_flags_to_target(test_server)
+    endif (WITH_COVERAGE)
 endif ()
 
 endif (WITH_SERVER AND UNIX AND NOT WIN32)
diff --git a/libssh/tests/server/test_server/default_cb.c b/libssh/tests/server/test_server/default_cb.c
index a0a874f4..a6df448c 100644
--- a/libssh/tests/server/test_server/default_cb.c
+++ b/libssh/tests/server/test_server/default_cb.c
@@ -21,9 +21,11 @@
  * MA 02111-1307, USA.
  */
 
+
 #include "config.h"
 #include "test_server.h"
 #include "default_cb.h"
+#include "testserver_common.h"
 
 #include <libssh/callbacks.h>
 #include <libssh/server.h>
@@ -110,7 +112,7 @@ int auth_pubkey_cb(UNUSED_PARAM(ssh_session session),
     }
 
     /* TODO */
-    /* Check wheter the user and public key are in authorized keys list */
+    /* Check whether the user and public key are in authorized keys list */
 
     /* Authenticated */
     printf("Authenticated\n");
@@ -193,7 +195,6 @@ int auth_gssapi_mic_cb(ssh_session session,
         printf("Received some gssapi credentials\n");
     } else {
         printf("Not received any forwardable creds\n");
-        goto denied;
     }
 
     printf("Authenticated\n");
@@ -203,8 +204,6 @@ int auth_gssapi_mic_cb(ssh_session session,
 
     return SSH_AUTH_SUCCESS;
 
-denied:
-    sdata->auth_attempts++;
 null_userdata:
     return SSH_AUTH_DENIED;
 }
@@ -451,9 +450,11 @@ static int exec_pty(const char *mode,
     case 0:
         close(cdata->pty_master);
         if (login_tty(cdata->pty_slave) != 0) {
+            finalize_openssl();
             exit(1);
         }
         execl("/bin/sh", "sh", mode, command, NULL);
+        finalize_openssl();
         exit(0);
     default:
         close(cdata->pty_slave);
@@ -503,6 +504,7 @@ static int exec_nopty(const char *command, struct channel_data_st *cdata)
             close(err[1]);
             /* exec the requested command. */
             execl("/bin/sh", "sh", "-c", command, NULL);
+            finalize_openssl();
             exit(0);
     }
 
@@ -886,7 +888,6 @@ void default_handle_session_cb(ssh_event event,
     }
 
     sdata.server_state = (void *)state;
-    cdata.server_state = (void *)state;
 
 #ifdef WITH_PCAP
     set_pcap(&sdata, session, state->pcap_file);
@@ -902,7 +903,7 @@ void default_handle_session_cb(ssh_event event,
 
     if (ssh_handle_key_exchange(session) != SSH_OK) {
         fprintf(stderr, "%s\n", ssh_get_error(session));
-        return;
+        goto end;
     }
 
     /* Set the supported authentication methods */
@@ -911,7 +912,8 @@ void default_handle_session_cb(ssh_event event,
     } else {
         ssh_set_auth_methods(session,
                 SSH_AUTH_METHOD_PASSWORD |
-                SSH_AUTH_METHOD_PUBLICKEY);
+                SSH_AUTH_METHOD_PUBLICKEY|
+                SSH_AUTH_METHOD_GSSAPI_MIC);
     }
 
     ssh_event_add_session(event, session);
@@ -921,12 +923,12 @@ void default_handle_session_cb(ssh_event event,
         /* If the user has used up all attempts, or if he hasn't been able to
          * authenticate in 10 seconds (n * 100ms), disconnect. */
         if (sdata.auth_attempts >= state->max_tries || n >= 100) {
-            return;
+            goto end;
         }
 
         if (ssh_event_dopoll(event, 100) == SSH_ERROR) {
             fprintf(stderr, "do_poll error: %s\n", ssh_get_error(session));
-            return;
+            goto end;
         }
         n++;
     }
diff --git a/libssh/tests/server/test_server/default_cb.h b/libssh/tests/server/test_server/default_cb.h
index ecfd6515..529c71e1 100644
--- a/libssh/tests/server/test_server/default_cb.h
+++ b/libssh/tests/server/test_server/default_cb.h
@@ -24,6 +24,7 @@
 #include "config.h"
 
 #include <libssh/libssh.h>
+#include <libssh/sftp.h>
 #include <libssh/callbacks.h>
 
 #define SSHD_DEFAULT_USER "libssh"
@@ -70,6 +71,7 @@ struct channel_data_st {
     void *server_state;
     /* This pointer is useful to set data for custom callbacks */
     void *extra_data;
+    sftp_session sftp;
 };
 
 /* A userdata struct for session. */
diff --git a/libssh/tests/server/test_server/main.c b/libssh/tests/server/test_server/main.c
index b4676b4b..cf153c26 100644
--- a/libssh/tests/server/test_server/main.c
+++ b/libssh/tests/server/test_server/main.c
@@ -45,7 +45,6 @@ struct arguments_st {
     char *port;
 
     char *ecdsa_key;
-    char *dsa_key;
     char *ed25519_key;
     char *rsa_key;
     char *host_key;
@@ -60,6 +59,7 @@ struct arguments_st {
     char *password;
 
     char *config_file;
+    char *log_file;
     bool with_global_config;
     char *pid_file;
 };
@@ -74,7 +74,6 @@ static void free_arguments(struct arguments_st *arguments)
     SAFE_FREE(arguments->port);
 
     SAFE_FREE(arguments->ecdsa_key);
-    SAFE_FREE(arguments->dsa_key);
     SAFE_FREE(arguments->ed25519_key);
     SAFE_FREE(arguments->rsa_key);
     SAFE_FREE(arguments->host_key);
@@ -86,6 +85,7 @@ static void free_arguments(struct arguments_st *arguments)
     SAFE_FREE(arguments->username);
     SAFE_FREE(arguments->password);
     SAFE_FREE(arguments->config_file);
+    SAFE_FREE(arguments->log_file);
     SAFE_FREE(arguments->pid_file);
 
 end:
@@ -153,8 +153,6 @@ static void print_server_state(struct server_state_st *state)
         printf("=================================================\n");
         printf("ecdsa_key = %s\n",
                 state->ecdsa_key? state->ecdsa_key: "NULL");
-        printf("dsa_key = %s\n",
-                state->dsa_key? state->dsa_key: "NULL");
         printf("ed25519_key = %s\n",
                 state->ed25519_key? state->ed25519_key: "NULL");
         printf("rsa_key = %s\n",
@@ -178,6 +176,7 @@ static void print_server_state(struct server_state_st *state)
                 state->parse_global_config? "TRUE": "FALSE");
         printf("config_file = %s\n",
                 state->config_file? state->config_file: "NULL");
+        printf("log_file = %s\n", state->log_file ? state->log_file : "NULL");
         printf("=================================================\n");
     }
 }
@@ -218,13 +217,6 @@ static int init_server_state(struct server_state_st *state,
         state->ecdsa_key = NULL;
     }
 
-    if (arguments->dsa_key) {
-        state->dsa_key = arguments->dsa_key;
-        arguments->dsa_key = NULL;
-    } else {
-        state->dsa_key = NULL;
-    }
-
     if (arguments->ed25519_key) {
         state->ed25519_key = arguments->ed25519_key;
         arguments->ed25519_key = NULL;
@@ -280,7 +272,8 @@ static int init_server_state(struct server_state_st *state,
         state->auth_methods = atoi(arguments->auth_methods);
     } else {
         state->auth_methods = SSH_AUTH_METHOD_PASSWORD |
-                              SSH_AUTH_METHOD_PUBLICKEY;
+                              SSH_AUTH_METHOD_PUBLICKEY |
+                              SSH_AUTH_METHOD_GSSAPI_MIC;
     }
 
     state->with_pcap = arguments->with_pcap;
@@ -308,6 +301,11 @@ static int init_server_state(struct server_state_st *state,
         arguments->config_file = NULL;
     }
 
+    if (arguments->log_file) {
+        state->log_file = arguments->log_file;
+        arguments->log_file = NULL;
+    }
+
     /* TODO make configurable */
     state->max_tries = 3;
     state->error = 0;
@@ -363,14 +361,6 @@ static struct argp_option options[] = {
         .doc   = "Set the ECDSA key.",
         .group = 0
     },
-    {
-        .name  = "dsakey",
-        .key   = 'd',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Set the DSA key.",
-        .group = 0
-    },
     {
         .name  = "ed25519key",
         .key   = 'e',
@@ -459,6 +449,14 @@ static struct argp_option options[] = {
         .doc   = "Use this server configuration file.",
         .group = 0
     },
+    {
+        .name  = "log_file",
+        .key   = 'l',
+        .arg   = "LOG_FILE",
+        .flags = 0,
+        .doc   = "Output log to this file.",
+        .group = 0
+    },
     { .name = NULL }
 };
 
@@ -486,14 +484,6 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
             goto end;
         }
         break;
-    case 'd':
-        arguments->dsa_key = strdup(arg);
-        if (arguments->dsa_key == NULL) {
-            fprintf(stderr, "Out of memory\n");
-            rc = ENOMEM;
-            goto end;
-        }
-        break;
     case 'e':
         arguments->ed25519_key = strdup(arg);
         if (arguments->ed25519_key == NULL) {
@@ -580,6 +570,14 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state)
             goto end;
         }
         break;
+    case 'l':
+        arguments->log_file = strdup(arg);
+        if (arguments->log_file == NULL) {
+            fprintf(stderr, "Out of memory\n");
+            rc = ENOMEM;
+            goto end;
+        }
+        break;
     case ARGP_KEY_ARG:
         if (state->arg_num >= 1) {
             /* Too many arguments. */
@@ -623,9 +621,12 @@ int main(UNUSED_PARAM(int argc), UNUSED_PARAM(char **argv))
         .address = NULL,
         .with_global_config = true,
     };
-    struct server_state_st state = {
-        .address = NULL,
-    };
+    struct server_state_st *state = calloc(1, sizeof(struct server_state_st));
+
+    if (state == NULL) {
+        printf("Failed to allocate memory\n");
+        return -1;
+    }
 
 #ifdef HAVE_ARGP_H
     argp_parse (&argp, argc, argv, 0, 0, &arguments);
@@ -635,6 +636,8 @@ int main(UNUSED_PARAM(int argc), UNUSED_PARAM(char **argv))
         pid_file = fopen(arguments.pid_file, "w");
         if (pid_file == NULL) {
             rc = -1;
+            free_server_state(state);
+            SAFE_FREE(state);
             goto free_arguments;
         }
         pid = getpid();
@@ -643,22 +646,19 @@ int main(UNUSED_PARAM(int argc), UNUSED_PARAM(char **argv))
     }
 
     /* Initialize the state using default or given parameters */
-    rc = init_server_state(&state, &arguments);
+    rc = init_server_state(state, &arguments);
     if (rc != 0) {
+        free_server_state(state);
+        SAFE_FREE(state);
         goto free_arguments;
     }
 
     /* Free the arguments used to initialize the state before fork */
     free_arguments(&arguments);
 
-    /* Run the server */
-    rc = run_server(&state);
-    if (rc != 0) {
-        goto free_state;
-    }
+    /* Run the server: Frees the state in all processes */
+    rc = run_server(state);
 
-free_state:
-    free_server_state(&state);
 free_arguments:
     free_arguments(&arguments);
     return rc;
diff --git a/libssh/tests/server/test_server/sftpserver_cb.c b/libssh/tests/server/test_server/sftpserver_cb.c
new file mode 100644
index 00000000..6c58b262
--- /dev/null
+++ b/libssh/tests/server/test_server/sftpserver_cb.c
@@ -0,0 +1,403 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2018 by Red Hat, Inc.
+ *
+ * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+#include "test_server.h"
+#include "default_cb.h"
+
+#include <libssh/callbacks.h>
+#include <libssh/server.h>
+#include <libssh/priv.h>
+#include <libssh/sftp.h>
+#include <libssh/sftpserver.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <poll.h>
+#include <signal.h>
+#include <sys/wait.h>
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+
+/* below are for sftp */
+#include <sys/types.h>
+#include <sys/statvfs.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <fcntl.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <time.h>
+
+
+#define BUF_SIZE 1048576
+#define SESSION_END (SSH_CLOSED | SSH_CLOSED_ERROR)
+
+
+/* TODO implement proper pam authentication cb */
+static int sftp_auth_password_cb(UNUSED_PARAM(ssh_session session),
+                     const char *user,
+                     const char *password,
+                     void *userdata)
+{
+    bool known_user = false;
+    bool valid_password = false;
+
+    struct session_data_st *sdata;
+
+    sdata = (struct session_data_st *)userdata;
+
+    if (sdata == NULL) {
+        fprintf(stderr, "Error: NULL userdata\n");
+        goto null_userdata;
+    }
+
+    if (sdata->username == NULL) {
+        fprintf(stderr, "Error: expected username not set\n");
+        goto denied;
+    }
+
+    if (sdata->password == NULL) {
+        fprintf(stderr, "Error: expected password not set\n");
+        goto denied;
+    }
+
+    printf("Password authentication of user %s\n", user);
+
+    known_user = !(strcmp(user, sdata->username));
+    valid_password = !(strcmp(password, sdata->password));
+
+    if (known_user && valid_password) {
+        sdata->authenticated = 1;
+        sdata->auth_attempts = 0;
+        printf("Authenticated\n");
+        return SSH_AUTH_SUCCESS;
+    }
+
+denied:
+    sdata->auth_attempts++;
+null_userdata:
+    return SSH_AUTH_DENIED;
+}
+
+static ssh_channel sftp_channel_new_session_cb(ssh_session session, void *userdata)
+{
+    struct session_data_st *sdata = NULL;
+    ssh_channel chan = NULL;
+
+    sdata = (struct session_data_st *)userdata;
+
+    if (sdata == NULL) {
+        fprintf(stderr, "NULL userdata");
+        goto end;
+    }
+
+    chan = ssh_channel_new(session);
+    if (chan == NULL) {
+        fprintf(stderr, "Error creating channel: %s\n",
+                ssh_get_error(session));
+        goto end;
+    }
+
+    sdata->channel = chan;
+
+end:
+    return chan;
+}
+
+#ifdef WITH_PCAP
+static void set_pcap(struct session_data_st *sdata,
+                     ssh_session session,
+                     char *pcap_file)
+{
+    int rc = 0;
+
+    if (sdata == NULL) {
+        return;
+    }
+
+    if (pcap_file == NULL) {
+        return;
+    }
+
+    sdata->pcap = ssh_pcap_file_new();
+    if (sdata->pcap == NULL) {
+        return;
+    }
+
+    rc = ssh_pcap_file_open(sdata->pcap, pcap_file);
+    if (rc == SSH_ERROR) {
+        fprintf(stderr, "Error opening pcap file\n");
+        ssh_pcap_file_free(sdata->pcap);
+        sdata->pcap = NULL;
+        return;
+    }
+    ssh_set_pcap_file(session, sdata->pcap);
+}
+
+static void cleanup_pcap(struct session_data_st *sdata)
+{
+    if (sdata == NULL) {
+        return;
+    }
+
+    if (sdata->pcap == NULL) {
+        return;
+    }
+
+    ssh_pcap_file_free(sdata->pcap);
+    sdata->pcap = NULL;
+}
+#endif
+
+
+/* The caller is responsible to set the userdata to be provided to the callback
+ * The caller is responsible to free the allocated structure
+ */
+struct ssh_server_callbacks_struct *get_sftp_server_cb(void)
+{
+
+    struct ssh_server_callbacks_struct *cb;
+
+    cb = (struct ssh_server_callbacks_struct *)calloc(1,
+            sizeof(struct ssh_server_callbacks_struct));
+
+    if (cb == NULL) {
+        fprintf(stderr, "Out of memory\n");
+        goto end;
+    }
+
+    cb->auth_password_function = sftp_auth_password_cb;
+    cb->channel_open_request_session_function = sftp_channel_new_session_cb;
+
+end:
+    return cb;
+}
+
+/* The caller is responsible to set the userdata to be provided to the callback
+ * The caller is responsible to free the allocated structure
+ * */
+struct ssh_channel_callbacks_struct *get_sftp_channel_cb(void)
+{
+    struct ssh_channel_callbacks_struct *cb;
+
+    cb = (struct ssh_channel_callbacks_struct *)calloc(1,
+            sizeof(struct ssh_channel_callbacks_struct));
+    if (cb == NULL) {
+        fprintf(stderr, "Out of memory\n");
+        goto end;
+    }
+
+    cb->channel_data_function = sftp_channel_default_data_callback;
+    cb->channel_subsystem_request_function = sftp_channel_default_subsystem_request;
+
+end:
+    return cb;
+};
+
+void sftp_handle_session_cb(ssh_event event,
+                            ssh_session session,
+                            struct server_state_st *state)
+{
+    int n;
+    int rc = 0;
+
+    /* Structure for storing the pty size. */
+    struct winsize wsize = {
+        .ws_row = 0,
+        .ws_col = 0,
+        .ws_xpixel = 0,
+        .ws_ypixel = 0
+    };
+
+    /* Our struct holding information about the channel. */
+    struct channel_data_st cdata = {
+        .event = NULL,
+        .winsize = &wsize,
+        .sftp = NULL
+    };
+
+    /* Our struct holding information about the session. */
+    struct session_data_st sdata = {
+        .channel = NULL,
+        .auth_attempts = 0,
+        .authenticated = 0,
+        .username = SSHD_DEFAULT_USER,
+        .password = SSHD_DEFAULT_PASSWORD
+    };
+
+    struct ssh_channel_callbacks_struct *channel_cb = NULL;
+    struct ssh_server_callbacks_struct *server_cb = NULL;
+
+    if (state == NULL) {
+        fprintf(stderr, "NULL server state provided\n");
+        goto end;
+    }
+
+    /* If callbacks were provided use them. Otherwise, use default callbacks */
+    if (state->server_cb != NULL) {
+        /* This is a macro, it does not return a value */
+        ssh_callbacks_init(state->server_cb);
+
+        rc = ssh_set_server_callbacks(session, state->server_cb);
+        if (rc) {
+            goto end;
+        }
+    } else {
+        server_cb = get_sftp_server_cb();
+        if (server_cb == NULL) {
+            goto end;
+        }
+
+        server_cb->userdata = &sdata;
+
+        /* This is a macro, it does not return a value */
+        ssh_callbacks_init(server_cb);
+
+        rc = ssh_set_server_callbacks(session, server_cb);
+        if (rc) {
+            goto end;
+        }
+    }
+
+    sdata.server_state = (void *)state;
+
+#ifdef WITH_PCAP
+    set_pcap(&sdata, session, state->pcap_file);
+#endif
+
+    if (state->expected_username != NULL) {
+        sdata.username = state->expected_username;
+    }
+
+    if (state->expected_password != NULL) {
+        sdata.password = state->expected_password;
+    }
+
+    if (ssh_handle_key_exchange(session) != SSH_OK) {
+        fprintf(stderr, "%s\n", ssh_get_error(session));
+        goto end;
+    }
+
+    /* Set the supported authentication methods */
+    if (state->auth_methods) {
+        ssh_set_auth_methods(session, state->auth_methods);
+    } else {
+        ssh_set_auth_methods(session,
+                SSH_AUTH_METHOD_PASSWORD |
+                SSH_AUTH_METHOD_PUBLICKEY);
+    }
+
+    ssh_event_add_session(event, session);
+
+    n = 0;
+    while (sdata.authenticated == 0 || sdata.channel == NULL) {
+        /* If the user has used up all attempts, or if he hasn't been able to
+         * authenticate in 10 seconds (n * 100ms), disconnect. */
+        if (sdata.auth_attempts >= state->max_tries || n >= 100) {
+            goto end;
+        }
+
+        if (ssh_event_dopoll(event, 100) == SSH_ERROR) {
+            fprintf(stderr, "do_poll error: %s\n", ssh_get_error(session));
+            goto end;
+        }
+        n++;
+    }
+
+    /* TODO check return values */
+    if (state->channel_cb != NULL) {
+        ssh_callbacks_init(state->channel_cb);
+
+        rc = ssh_set_channel_callbacks(sdata.channel, state->channel_cb);
+        if (rc) {
+            goto end;
+        }
+    } else {
+        channel_cb = get_sftp_channel_cb();
+        if (channel_cb == NULL) {
+            goto end;
+        }
+
+        channel_cb->userdata = &(cdata.sftp);
+
+        ssh_callbacks_init(channel_cb);
+        rc = ssh_set_channel_callbacks(sdata.channel, channel_cb);
+        if (rc) {
+            goto end;
+        }
+    }
+
+    do {
+        /* Poll the main event which takes care of the session, the channel and
+         * even our child process's stdout/stderr (once it's started). */
+        if (ssh_event_dopoll(event, -1) == SSH_ERROR) {
+            ssh_channel_close(sdata.channel);
+        }
+
+        /* If child process's stdout/stderr has been registered with the event,
+         * or the child process hasn't started yet, continue. */
+        if (cdata.event != NULL) {
+            continue;
+        }
+
+    } while (ssh_channel_is_open(sdata.channel));
+
+    ssh_channel_send_eof(sdata.channel);
+    ssh_channel_close(sdata.channel);
+    sftp_server_free(cdata.sftp);
+
+    /* Wait up to 5 seconds for the client to terminate the session. */
+    for (n = 0; n < 50 && (ssh_get_status(session) & SESSION_END) == 0; n++) {
+        ssh_event_dopoll(event, 100);
+    }
+
+end:
+#ifdef WITH_PCAP
+    cleanup_pcap(&sdata);
+#endif
+    if (channel_cb != NULL) {
+        free(channel_cb);
+    }
+    if (server_cb != NULL) {
+        free(server_cb);
+    }
+    return;
+}
diff --git a/libssh/tests/server/test_server/test_server.c b/libssh/tests/server/test_server/test_server.c
index 42d21495..295af3ed 100644
--- a/libssh/tests/server/test_server/test_server.c
+++ b/libssh/tests/server/test_server/test_server.c
@@ -22,6 +22,7 @@
  */
 
 #include "test_server.h"
+#include "testserver_common.h"
 
 #include <libssh/priv.h>
 #include <libssh/libssh.h>
@@ -40,13 +41,12 @@
 void free_server_state(struct server_state_st *state)
 {
     if (state == NULL) {
-        goto end;
+        return;
     }
 
     SAFE_FREE(state->address);
 
     SAFE_FREE(state->ecdsa_key);
-    SAFE_FREE(state->dsa_key);
     SAFE_FREE(state->ed25519_key);
     SAFE_FREE(state->rsa_key);
     SAFE_FREE(state->host_key);
@@ -56,9 +56,9 @@ void free_server_state(struct server_state_st *state)
     SAFE_FREE(state->expected_username);
     SAFE_FREE(state->expected_password);
     SAFE_FREE(state->config_file);
-
-end:
-    return;
+    SAFE_FREE(state->log_file);
+    SAFE_FREE(state->server_cb);
+    SAFE_FREE(state->channel_cb);
 }
 
 /* SIGCHLD handler for cleaning up dead children. */
@@ -67,6 +67,15 @@ static void sigchld_handler(int signo) {
     while (waitpid(-1, NULL, WNOHANG) > 0);
 }
 
+bool done = false;
+
+static void sigterm_handler(int signo)
+{
+    (void) signo;
+    fprintf(stderr, "Received SIGTERM. Gracefully exiting ...\n");
+    done = true;
+}
+
 int run_server(struct server_state_st *state)
 {
     ssh_session session = NULL;
@@ -77,12 +86,12 @@ int run_server(struct server_state_st *state)
         .sa_flags = 0
     };
 
-    int rc;
+    int rc = SSH_ERROR;
 
     /* Check provided state */
     if (state == NULL) {
         fprintf(stderr, "Invalid state\n");
-        return SSH_ERROR;
+        goto out;
     }
 
     /* Set up SIGCHLD handler. */
@@ -92,23 +101,59 @@ int run_server(struct server_state_st *state)
 
     if (sigaction(SIGCHLD, &sa, NULL) != 0) {
         fprintf(stderr, "Failed to register SIGCHLD handler\n");
-        return SSH_ERROR;
+        goto out;
     }
 
-    if (state->address == NULL) {
-        fprintf(stderr, "Missing bind address\n");
-        return SSH_ERROR;
+    /* Set up SIGTERM handler. */
+    sa.sa_handler = sigterm_handler;
+    sa.sa_flags = 0;
+
+    if (sigaction(SIGTERM, &sa, NULL) != 0) {
+        fprintf(stderr, "Failed to register SIGTERM handler\n");
+        goto out;
+    }
+
+    /* Redirect all the output and errors to the file to avoid mixing up with
+     * the output from the client */
+    if (state->log_file != NULL) {
+        int fd;
+        FILE *f = fopen(state->log_file, "a");
+        if (f == NULL) {
+            fprintf(stderr, "Failed to open the log file: %s\n", strerror(errno));
+            goto out;
+        }
+        fd = dup2(fileno(f), STDERR_FILENO);
+        if (fd == -1) {
+            fprintf(stderr, "dup2 of log file to stderr failed: %s\n",
+                    strerror(errno));
+            fclose(f);
+            goto out;
+        }
+        fd = dup2(fileno(f), STDOUT_FILENO);
+        if (fd == -1) {
+            fprintf(stderr, "dup2 of log file to stdout failed: %s\n",
+                    strerror(errno));
+            fclose(f);
+            goto out;
+        }
+        fclose(f);
     }
 
     if (state->address == NULL) {
         fprintf(stderr, "Missing bind address\n");
-        return SSH_ERROR;
+        goto out;
+    }
+
+    if (state->host_key == NULL && state->rsa_key == NULL &&
+        state->ecdsa_key == NULL && state->ed25519_key) {
+        fprintf(stderr, "Missing host key\n");
+        goto out;
     }
 
     sshbind = ssh_bind_new();
     if (sshbind == NULL) {
         fprintf(stderr, "Out of memory\n");
-        return SSH_ERROR;
+        goto out;
     }
 
     if (state->verbosity) {
@@ -119,7 +164,7 @@ int run_server(struct server_state_st *state)
             fprintf(stderr,
                     "Error setting verbosity level: %s\n",
                     ssh_get_error(sshbind));
-            goto free_sshbind;
+            goto out;
         }
     }
 
@@ -128,14 +173,14 @@ int run_server(struct server_state_st *state)
                                   SSH_BIND_OPTIONS_PROCESS_CONFIG,
                                   &(state->parse_global_config));
         if (rc != 0) {
-            goto free_sshbind;
+            goto out;
         }
     }
 
     if (state->config_file) {
         rc = ssh_bind_options_parse_config(sshbind, state->config_file);
         if (rc != 0) {
-            goto free_sshbind;
+            goto out;
         }
     }
 
@@ -146,7 +191,7 @@ int run_server(struct server_state_st *state)
         fprintf(stderr,
                 "Error setting bind address: %s\n",
                 ssh_get_error(sshbind));
-        goto free_sshbind;
+        goto out;
     }
 
     rc = ssh_bind_options_set(sshbind,
@@ -156,42 +201,30 @@ int run_server(struct server_state_st *state)
         fprintf(stderr,
                 "Error setting bind port: %s\n",
                 ssh_get_error(sshbind));
-        goto free_sshbind;
-    }
-
-    if (state->dsa_key != NULL) {
-        rc = ssh_bind_options_set(sshbind,
-                                  SSH_BIND_OPTIONS_DSAKEY,
-                                  state->dsa_key);
-        if (rc != 0) {
-            fprintf(stderr,
-                    "Error setting DSA key: %s\n",
-                    ssh_get_error(sshbind));
-            goto free_sshbind;
-        }
+        goto out;
     }
 
     if (state->rsa_key != NULL) {
         rc = ssh_bind_options_set(sshbind,
-                                  SSH_BIND_OPTIONS_RSAKEY,
+                                  SSH_BIND_OPTIONS_HOSTKEY,
                                   state->rsa_key);
         if (rc != 0) {
             fprintf(stderr,
                     "Error setting RSA key: %s\n",
                     ssh_get_error(sshbind));
-            goto free_sshbind;
+            goto out;
         }
     }
 
     if (state->ecdsa_key != NULL) {
         rc = ssh_bind_options_set(sshbind,
-                                  SSH_BIND_OPTIONS_ECDSAKEY,
+                                  SSH_BIND_OPTIONS_HOSTKEY,
                                   state->ecdsa_key);
         if (rc != 0) {
             fprintf(stderr,
                     "Error setting ECDSA key: %s\n",
                     ssh_get_error(sshbind));
-            goto free_sshbind;
+            goto out;
         }
     }
 
@@ -203,7 +236,7 @@ int run_server(struct server_state_st *state)
             fprintf(stderr,
                     "Error setting hostkey: %s\n",
                     ssh_get_error(sshbind));
-            goto free_sshbind;
+            goto out;
         }
     }
 
@@ -212,17 +245,17 @@ int run_server(struct server_state_st *state)
         fprintf(stderr,
                 "Error listening to socket: %s\n",
                 ssh_get_error(sshbind));
-        goto free_sshbind;
+        goto out;
     }
 
-    printf("Started libssh test server on port %d\n", state->port);
+    printf("%d: Started libssh test server on port %d\n", getpid(), state->port);
 
-    for (;;) {
+    while (done == false) {
         session = ssh_new();
         if (session == NULL) {
             fprintf(stderr, "Out of memory\n");
             rc = SSH_ERROR;
-            goto free_sshbind;
+            goto out;
         }
 
         /* Blocks until there is a new incoming connection. */
@@ -235,6 +268,9 @@ int run_server(struct server_state_st *state)
                 /* Remove the SIGCHLD handler inherited from parent. */
                 sa.sa_handler = SIG_DFL;
                 sigaction(SIGCHLD, &sa, NULL);
+                /* Remove the SIGTERM handler inherited from parent. */
+                sa.sa_handler = SIG_DFL;
+                sigaction(SIGTERM, &sa, NULL);
                 /* Remove socket binding, which allows us to restart the
                  * parent process, without terminating existing sessions. */
                 ssh_bind_free(sshbind);
@@ -252,11 +288,13 @@ int run_server(struct server_state_st *state)
                 ssh_free(session);
 
                 free_server_state(state);
-
+                SAFE_FREE(state);
+                finalize_openssl();
                 exit(0);
             case -1:
                 fprintf(stderr, "Failed to fork\n");
             }
+            fprintf(stderr, "Forked process PID %d\n", pid);
         } else {
             fprintf(stderr,
                     "Error accepting a connection: %s\n",
@@ -271,12 +309,17 @@ int run_server(struct server_state_st *state)
 
     rc = 0;
 
-free_sshbind:
+out:
+    free_server_state(state);
+    SAFE_FREE(state);
     ssh_bind_free(sshbind);
     return rc;
 }
 
-pid_t fork_run_server(struct server_state_st *state)
+pid_t
+fork_run_server(struct server_state_st *state,
+                void (*free_test_state) (void **userdata),
+                void *userdata)
 {
     pid_t pid;
     int rc;
@@ -306,17 +349,16 @@ pid_t fork_run_server(struct server_state_st *state)
     pid = fork();
     switch(pid) {
     case 0:
+        /* no longer needed */
+        free_test_state(userdata);
         /* Remove the SIGCHLD handler inherited from parent. */
         sa.sa_handler = SIG_DFL;
         sigaction(SIGCHLD, &sa, NULL);
 
         /* The child process starts a server which will listen for connections */
         rc = run_server(state);
-        if (rc != 0) {
-            exit(rc);
-        }
-
-        exit(0);
+        finalize_openssl();
+        exit(rc);
     case -1:
         strerror_r(errno, err_str, 1024);
         fprintf(stderr, "Failed to fork: %s\n",
@@ -324,6 +366,7 @@ pid_t fork_run_server(struct server_state_st *state)
         return -1;
     default:
         /* Return the child pid  */
+        fprintf(stderr, "Forked process PID %d\n", pid);
         return pid;
     }
 }
diff --git a/libssh/tests/server/test_server/test_server.h b/libssh/tests/server/test_server/test_server.h
index b53894bb..7c6bcb76 100644
--- a/libssh/tests/server/test_server/test_server.h
+++ b/libssh/tests/server/test_server/test_server.h
@@ -36,7 +36,6 @@ struct server_state_st {
     int  port;
 
     char *ecdsa_key;
-    char *dsa_key;
     char *ed25519_key;
     char *rsa_key;
     char *host_key;
@@ -53,6 +52,8 @@ struct server_state_st {
     char *config_file;
     bool parse_global_config;
 
+    char *log_file;
+
     /* State */
     int  max_tries;
     int  error;
@@ -73,4 +74,7 @@ void free_server_state(struct server_state_st *state);
 int run_server(struct server_state_st *state);
 
 /*TODO: Add documentation */
-pid_t fork_run_server(struct server_state_st *state);
+pid_t
+fork_run_server(struct server_state_st *state,
+                void (*free_state) (void **userdata),
+                void *userdata);
diff --git a/libssh/tests/server/test_server/testserver_common.c b/libssh/tests/server/test_server/testserver_common.c
new file mode 100644
index 00000000..c0970738
--- /dev/null
+++ b/libssh/tests/server/test_server/testserver_common.c
@@ -0,0 +1,36 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2025 by Red Hat, Inc.
+ *
+ * Author: Jakub Jelen <jjelen@redhat.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "testserver_common.h"
+
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+/* for OPENSSL_cleanup() of GSSAPI's OpenSSL context */
+#include <openssl/crypto.h>
+#endif
+
+void finalize_openssl(void)
+{
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+    OPENSSL_cleanup();
+#endif
+}
diff --git a/libssh/tests/server/test_server/testserver_common.h b/libssh/tests/server/test_server/testserver_common.h
new file mode 100644
index 00000000..01a9c57f
--- /dev/null
+++ b/libssh/tests/server/test_server/testserver_common.h
@@ -0,0 +1,26 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2025 by Red Hat, Inc.
+ *
+ * Author: Jakub Jelen <jjelen@redhat.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+
+void finalize_openssl(void);
diff --git a/libssh/tests/server/torture_gssapi_server_auth.c b/libssh/tests/server/torture_gssapi_server_auth.c
new file mode 100644
index 00000000..82d45892
--- /dev/null
+++ b/libssh/tests/server/torture_gssapi_server_auth.c
@@ -0,0 +1,455 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include <errno.h>
+#include <pwd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include "libssh/libssh.h"
+#include "torture.h"
+#include "torture_key.h"
+
+#include "test_server.h"
+#include "default_cb.h"
+
+#define TORTURE_KNOWN_HOSTS_FILE "libssh_torture_knownhosts"
+
+struct test_server_st {
+    struct torture_state *state;
+    struct server_state_st *ss;
+    char *cwd;
+};
+
+static void
+free_test_server_state(void **state)
+{
+    struct test_server_st *tss = *state;
+
+    torture_free_state(tss->state);
+    SAFE_FREE(tss);
+}
+
+static void
+setup_config(void **state)
+{
+    struct torture_state *s = NULL;
+    struct server_state_st *ss = NULL;
+    struct test_server_st *tss = NULL;
+
+    char ed25519_hostkey[1024] = {0};
+    char rsa_hostkey[1024];
+    char ecdsa_hostkey[1024];
+    // char trusted_ca_pubkey[1024];
+
+    char sshd_path[1024];
+    char log_file[1024];
+    char kdc_env[255] = {0};
+    int rc;
+
+    assert_non_null(state);
+
+    tss = (struct test_server_st *)calloc(1, sizeof(struct test_server_st));
+    assert_non_null(tss);
+
+    torture_setup_socket_dir((void **)&s);
+    assert_non_null(s->socket_dir);
+    assert_non_null(s->gss_dir);
+
+    torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
+    torture_set_env_from_str(kdc_env);
+
+    /* Set the default interface for the server */
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
+    setenv("PAM_WRAPPER", "1", 1);
+
+    snprintf(sshd_path, sizeof(sshd_path), "%s/sshd", s->socket_dir);
+
+    rc = mkdir(sshd_path, 0755);
+    assert_return_code(rc, errno);
+
+    snprintf(log_file, sizeof(log_file), "%s/sshd/log", s->socket_dir);
+
+    snprintf(ed25519_hostkey,
+             sizeof(ed25519_hostkey),
+             "%s/sshd/ssh_host_ed25519_key",
+             s->socket_dir);
+    torture_write_file(ed25519_hostkey,
+                       torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
+
+    snprintf(rsa_hostkey,
+             sizeof(rsa_hostkey),
+             "%s/sshd/ssh_host_rsa_key",
+             s->socket_dir);
+    torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
+
+    snprintf(ecdsa_hostkey,
+             sizeof(ecdsa_hostkey),
+             "%s/sshd/ssh_host_ecdsa_key",
+             s->socket_dir);
+    torture_write_file(ecdsa_hostkey,
+                       torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
+
+    /* Create default server state */
+    ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));
+    assert_non_null(ss);
+
+    ss->address = strdup("127.0.0.10");
+    assert_non_null(ss->address);
+
+    ss->port = 22;
+
+    ss->ecdsa_key = strdup(ecdsa_hostkey);
+    assert_non_null(ss->ecdsa_key);
+
+    ss->ed25519_key = strdup(ed25519_hostkey);
+    assert_non_null(ss->ed25519_key);
+
+    ss->rsa_key = strdup(rsa_hostkey);
+    assert_non_null(ss->rsa_key);
+
+    ss->host_key = NULL;
+
+    /* Use default username and password (set in default_handle_session_cb) */
+    ss->expected_username = NULL;
+    ss->expected_password = NULL;
+
+    /* not to mix up the client and server messages */
+    ss->verbosity = torture_libssh_verbosity();
+    ss->log_file = strdup(log_file);
+
+    ss->auth_methods = SSH_AUTH_METHOD_GSSAPI_MIC;
+
+#ifdef WITH_PCAP
+    ss->with_pcap = 1;
+    ss->pcap_file = strdup(s->pcap_file);
+    assert_non_null(ss->pcap_file);
+#endif
+
+    /* TODO make configurable */
+    ss->max_tries = 3;
+    ss->error = 0;
+
+    /* Use the default session handling function */
+    ss->handle_session = default_handle_session_cb;
+    assert_non_null(ss->handle_session);
+
+    /* Do not use global configuration */
+    ss->parse_global_config = false;
+
+    tss->state = s;
+    tss->ss = ss;
+
+    *state = tss;
+}
+
+static int
+setup_default_server(void **state)
+{
+    struct torture_state *s = NULL;
+    struct server_state_st *ss = NULL;
+    struct test_server_st *tss = NULL;
+    char pid_str[1024];
+    pid_t pid;
+    int rc;
+
+    setup_config(state);
+
+    tss = *state;
+    ss = tss->ss;
+    s = tss->state;
+
+    /* Start the server using the default values */
+    pid = fork_run_server(ss, free_test_server_state, &tss);
+    if (pid < 0) {
+        fail();
+    }
+
+    snprintf(pid_str, sizeof(pid_str), "%d", pid);
+
+    torture_write_file(s->srv_pidfile, (const char *)pid_str);
+
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+    unsetenv("PAM_WRAPPER");
+
+    /* Wait until the sshd is ready to accept connections */
+    rc = torture_wait_for_daemon(5);
+    assert_int_equal(rc, 0);
+
+    *state = tss;
+
+    return 0;
+}
+
+static int
+teardown_default_server(void **state)
+{
+    struct torture_state *s;
+    struct server_state_st *ss;
+    struct test_server_st *tss;
+
+    tss = *state;
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ss = tss->ss;
+    assert_non_null(ss);
+
+    /* This function can be reused */
+    torture_teardown_sshd_server((void **)&s);
+
+    free_server_state(tss->ss);
+    SAFE_FREE(tss->ss);
+    SAFE_FREE(tss);
+
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    int verbosity = torture_libssh_verbosity();
+    char *cwd = NULL;
+    bool b = false;
+    int rc;
+
+    assert_non_null(tss);
+
+    /* Make sure we do not test the agent */
+    unsetenv("SSH_AUTH_SOCK");
+
+    cwd = torture_get_current_working_dir();
+    assert_non_null(cwd);
+
+    tss->cwd = cwd;
+
+    s = tss->state;
+    assert_non_null(s);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session,
+                         SSH_OPTIONS_USER,
+                         TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+    /* Make sure no other configuration options from system will get used */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    int rc = 0;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    rc = torture_change_dir(tss->cwd);
+    assert_int_equal(rc, 0);
+
+    SAFE_FREE(tss->cwd);
+
+    return 0;
+}
+
+static void
+torture_gssapi_server_auth_no_client_cred(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* No client credential */
+    torture_setup_kdc_server(
+        (void**)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        /* No TGT */
+        "");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+static void
+torture_gssapi_server_auth_invalid_host(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Invalid host principal */
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/invalid.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/invalid.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+static void
+torture_gssapi_server_auth(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Valid */
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site\n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site\n"
+        "kadmin.local addprinc -pw bar alice\n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_OK);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+static void
+torture_gssapi_auth_server_identity(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    /* Invalid server identity option */
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    ssh_options_set(session,
+                    SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
+                    "invalid.libssh.site");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+    torture_teardown_kdc_server((void **)&s);
+
+    /* Valid server identity option*/
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    ssh_options_set(session,
+                    SSH_OPTIONS_GSSAPI_SERVER_IDENTITY,
+                    "server.libssh.site");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_auth_no_client_cred,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_auth_invalid_host,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_auth_server_identity,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_auth,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests,
+                                setup_default_server,
+                                teardown_default_server);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/server/torture_gssapi_server_auth_cb.c b/libssh/tests/server/torture_gssapi_server_auth_cb.c
new file mode 100644
index 00000000..290ae359
--- /dev/null
+++ b/libssh/tests/server/torture_gssapi_server_auth_cb.c
@@ -0,0 +1,479 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include <errno.h>
+#include <pwd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <gssapi/gssapi.h>
+
+#include "libssh/libssh.h"
+#include "libssh/gssapi.h"
+#include "torture.h"
+#include "torture_key.h"
+
+#include "test_server.h"
+#include "default_cb.h"
+
+#define TORTURE_KNOWN_HOSTS_FILE "libssh_torture_knownhosts"
+
+struct test_server_st {
+    struct torture_state *state;
+    struct server_state_st *ss;
+    char *cwd;
+};
+
+static void
+free_test_server_state(void **state)
+{
+    struct test_server_st *tss = *state;
+
+    torture_free_state(tss->state);
+    SAFE_FREE(tss);
+}
+
+static void
+setup_config(void **state)
+{
+    struct torture_state *s = NULL;
+    struct server_state_st *ss = NULL;
+    struct test_server_st *tss = NULL;
+
+    char ed25519_hostkey[1024] = {0};
+    char rsa_hostkey[1024];
+    char ecdsa_hostkey[1024];
+    // char trusted_ca_pubkey[1024];
+
+    char sshd_path[1024];
+    char log_file[1024];
+    char kdc_env[255] = {0};
+    int rc;
+
+    assert_non_null(state);
+
+    tss = (struct test_server_st *)calloc(1, sizeof(struct test_server_st));
+    assert_non_null(tss);
+
+    torture_setup_socket_dir((void **)&s);
+    assert_non_null(s->socket_dir);
+    assert_non_null(s->gss_dir);
+
+    torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
+    torture_set_env_from_str(kdc_env);
+
+    /* Set the default interface for the server */
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
+    setenv("PAM_WRAPPER", "1", 1);
+
+    snprintf(sshd_path, sizeof(sshd_path), "%s/sshd", s->socket_dir);
+
+    rc = mkdir(sshd_path, 0755);
+    assert_return_code(rc, errno);
+
+    snprintf(log_file, sizeof(log_file), "%s/sshd/log", s->socket_dir);
+
+    snprintf(ed25519_hostkey,
+             sizeof(ed25519_hostkey),
+             "%s/sshd/ssh_host_ed25519_key",
+             s->socket_dir);
+    torture_write_file(ed25519_hostkey,
+                       torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
+
+    snprintf(rsa_hostkey,
+             sizeof(rsa_hostkey),
+             "%s/sshd/ssh_host_rsa_key",
+             s->socket_dir);
+    torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
+
+    snprintf(ecdsa_hostkey,
+             sizeof(ecdsa_hostkey),
+             "%s/sshd/ssh_host_ecdsa_key",
+             s->socket_dir);
+    torture_write_file(ecdsa_hostkey,
+                       torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
+
+    /* Create default server state */
+    ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));
+    assert_non_null(ss);
+
+    ss->address = strdup("127.0.0.10");
+    assert_non_null(ss->address);
+
+    ss->port = 22;
+
+    ss->ecdsa_key = strdup(ecdsa_hostkey);
+    assert_non_null(ss->ecdsa_key);
+
+    ss->ed25519_key = strdup(ed25519_hostkey);
+    assert_non_null(ss->ed25519_key);
+
+    ss->rsa_key = strdup(rsa_hostkey);
+    assert_non_null(ss->rsa_key);
+
+    ss->host_key = NULL;
+
+    /* Use default username and password (set in default_handle_session_cb) */
+    ss->expected_username = NULL;
+    ss->expected_password = NULL;
+
+    /* not to mix up the client and server messages */
+    ss->verbosity = torture_libssh_verbosity();
+    ss->log_file = strdup(log_file);
+
+    ss->auth_methods = SSH_AUTH_METHOD_GSSAPI_MIC;
+
+#ifdef WITH_PCAP
+    ss->with_pcap = 1;
+    ss->pcap_file = strdup(s->pcap_file);
+    assert_non_null(ss->pcap_file);
+#endif
+
+    /* TODO make configurable */
+    ss->max_tries = 3;
+    ss->error = 0;
+
+    /* Use the default session handling function */
+    ss->handle_session = default_handle_session_cb;
+    assert_non_null(ss->handle_session);
+
+    /* Do not use global configuration */
+    ss->parse_global_config = false;
+
+    tss->state = s;
+    tss->ss = ss;
+
+    *state = tss;
+}
+
+static ssh_string
+select_oid(ssh_session session,
+           const char *user,
+           int n_oid,
+           ssh_string *oids,
+           void *userdata)
+{
+    /* Choose the first oid */
+    return oids[0];
+}
+
+static int
+accept_sec_ctx(ssh_session session,
+               ssh_string input_token,
+               ssh_string *output_token,
+               void *userdata)
+{
+    ssh_string token;
+    OM_uint32 min_stat;
+    gss_buffer_desc itoken, otoken = GSS_C_EMPTY_BUFFER;
+    gss_name_t client_name = GSS_C_NO_NAME;
+    OM_uint32 ret_flags = 0;
+    gss_channel_bindings_t input_bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+    itoken.length = ssh_string_len(input_token);
+    itoken.value = ssh_string_data(input_token);
+
+    gss_accept_sec_context(&min_stat,
+                           &session->gssapi->ctx,
+                           session->gssapi->server_creds,
+                           &itoken,
+                           input_bindings,
+                           &client_name,
+                           NULL /*mech_oid*/,
+                           &otoken,
+                           &ret_flags,
+                           NULL /*time*/,
+                           &session->gssapi->client_creds);
+
+    if (client_name != GSS_C_NO_NAME) {
+        session->gssapi->client_name = client_name;
+        session->gssapi->canonic_user = ssh_gssapi_name_to_char(client_name);
+    }
+    token = ssh_string_new(otoken.length);
+    ssh_string_fill(token, otoken.value, otoken.length);
+    *output_token = token;
+
+    gss_release_buffer(&min_stat, &otoken);
+    gss_release_name(&min_stat, &client_name);
+    SSH_STRING_FREE(input_token);
+
+    return 0;
+}
+
+static int
+verify_mic(ssh_session session,
+    	   ssh_string mic,
+           void *mic_buffer,
+           size_t mic_buffer_size,
+           void *userdata)
+{
+    /* Verify without checking */
+    return 0;
+}
+
+static int
+setup_callback_server(void **state)
+{
+    struct torture_state *s = NULL;
+    struct server_state_st *ss = NULL;
+    struct test_server_st *tss = NULL;
+    char pid_str[1024];
+    pid_t pid;
+    struct session_data_st sdata = {.channel = NULL,
+                                    .auth_attempts = 0,
+                                    .authenticated = 0,
+                                    .username = SSHD_DEFAULT_USER,
+                                    .password = SSHD_DEFAULT_PASSWORD};
+    int rc;
+
+    setup_config(state);
+
+    tss = *state;
+    ss = tss->ss;
+    s = tss->state;
+
+    ss->server_cb = get_default_server_cb();
+    ss->server_cb->gssapi_select_oid_function = select_oid;
+    ss->server_cb->gssapi_accept_sec_ctx_function = accept_sec_ctx;
+    ss->server_cb->gssapi_verify_mic_function = verify_mic;
+    ss->server_cb->userdata = &sdata;
+
+    /* Start the server using the default values */
+    pid = fork_run_server(ss, free_test_server_state, &tss);
+    if (pid < 0) {
+        fail();
+    }
+
+    snprintf(pid_str, sizeof(pid_str), "%d", pid);
+
+    torture_write_file(s->srv_pidfile, (const char *)pid_str);
+
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+    unsetenv("PAM_WRAPPER");
+
+    /* Wait until the sshd is ready to accept connections */
+    rc = torture_wait_for_daemon(5);
+    assert_int_equal(rc, 0);
+
+    *state = tss;
+
+    return 0;
+}
+
+static int
+teardown_default_server(void **state)
+{
+    struct torture_state *s;
+    struct server_state_st *ss;
+    struct test_server_st *tss;
+
+    tss = *state;
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ss = tss->ss;
+    assert_non_null(ss);
+
+    /* This function can be reused */
+    torture_teardown_sshd_server((void **)&s);
+
+    SAFE_FREE(tss->ss->server_cb);
+    free_server_state(tss->ss);
+    SAFE_FREE(tss->ss);
+    SAFE_FREE(tss);
+
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    int verbosity = torture_libssh_verbosity();
+    char *cwd = NULL;
+    bool b = false;
+    int rc;
+
+    assert_non_null(tss);
+
+    /* Make sure we do not test the agent */
+    unsetenv("SSH_AUTH_SOCK");
+
+    cwd = torture_get_current_working_dir();
+    assert_non_null(cwd);
+
+    tss->cwd = cwd;
+
+    s = tss->state;
+    assert_non_null(s);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session,
+                         SSH_OPTIONS_USER,
+                         TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+    /* Make sure no other configuration options from system will get used */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    int rc = 0;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    rc = torture_change_dir(tss->cwd);
+    assert_int_equal(rc, 0);
+
+    SAFE_FREE(tss->cwd);
+
+    return 0;
+}
+
+static void
+torture_gssapi_server_auth_cb_no_client_cred(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* No client credential */
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        /* No TGT */
+        "");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_DENIED);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+static void
+torture_gssapi_server_auth_cb_invalid_host(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Invalid host principal */
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/invalid.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/invalid.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_ERROR);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+static void
+torture_gssapi_server_auth_cb(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    ssh_session session;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Valid */
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site\n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site\n"
+        "kadmin.local addprinc -pw bar alice\n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_OK);
+    torture_teardown_kdc_server((void **)&s);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_auth_cb_no_client_cred,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_auth_cb_invalid_host,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_auth_cb,
+                                        session_setup,
+                                        session_teardown),
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests,
+                                setup_callback_server,
+                                teardown_default_server);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/server/torture_gssapi_server_delegation.c b/libssh/tests/server/torture_gssapi_server_delegation.c
new file mode 100644
index 00000000..65e52d6f
--- /dev/null
+++ b/libssh/tests/server/torture_gssapi_server_delegation.c
@@ -0,0 +1,375 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include <errno.h>
+#include <pwd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <gssapi/gssapi.h>
+
+#include "libssh/libssh.h"
+#include "torture.h"
+#include "torture_key.h"
+
+#include "test_server.h"
+#include "default_cb.h"
+
+#define TORTURE_KNOWN_HOSTS_FILE "libssh_torture_knownhosts"
+
+struct test_server_st {
+    struct torture_state *state;
+    struct server_state_st *ss;
+    char *cwd;
+};
+
+static void
+free_test_server_state(void **state)
+{
+    struct test_server_st *tss = *state;
+
+    torture_free_state(tss->state);
+    SAFE_FREE(tss);
+}
+
+static void
+setup_config(void **state)
+{
+    struct torture_state *s = NULL;
+    struct server_state_st *ss = NULL;
+    struct test_server_st *tss = NULL;
+
+    char ed25519_hostkey[1024] = {0};
+    char rsa_hostkey[1024];
+    char ecdsa_hostkey[1024];
+    // char trusted_ca_pubkey[1024];
+
+    char sshd_path[1024];
+    char log_file[1024];
+    char kdc_env[255] = {0};
+    int rc;
+
+    assert_non_null(state);
+
+    tss = (struct test_server_st *)calloc(1, sizeof(struct test_server_st));
+    assert_non_null(tss);
+
+    torture_setup_socket_dir((void **)&s);
+    assert_non_null(s->socket_dir);
+    assert_non_null(s->gss_dir);
+
+    torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
+    torture_set_env_from_str(kdc_env);
+
+    /* Set the default interface for the server */
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
+    setenv("PAM_WRAPPER", "1", 1);
+
+    snprintf(sshd_path, sizeof(sshd_path), "%s/sshd", s->socket_dir);
+
+    rc = mkdir(sshd_path, 0755);
+    assert_return_code(rc, errno);
+
+    snprintf(log_file, sizeof(log_file), "%s/sshd/log", s->socket_dir);
+
+    snprintf(ed25519_hostkey,
+             sizeof(ed25519_hostkey),
+             "%s/sshd/ssh_host_ed25519_key",
+             s->socket_dir);
+    torture_write_file(ed25519_hostkey,
+                       torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
+
+    snprintf(rsa_hostkey,
+             sizeof(rsa_hostkey),
+             "%s/sshd/ssh_host_rsa_key",
+             s->socket_dir);
+    torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
+
+    snprintf(ecdsa_hostkey,
+             sizeof(ecdsa_hostkey),
+             "%s/sshd/ssh_host_ecdsa_key",
+             s->socket_dir);
+    torture_write_file(ecdsa_hostkey,
+                       torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
+
+    /* Create default server state */
+    ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));
+    assert_non_null(ss);
+
+    ss->address = strdup("127.0.0.10");
+    assert_non_null(ss->address);
+
+    ss->port = 22;
+
+    ss->ecdsa_key = strdup(ecdsa_hostkey);
+    assert_non_null(ss->ecdsa_key);
+
+    ss->ed25519_key = strdup(ed25519_hostkey);
+    assert_non_null(ss->ed25519_key);
+
+    ss->rsa_key = strdup(rsa_hostkey);
+    assert_non_null(ss->rsa_key);
+
+    ss->host_key = NULL;
+
+    /* Use default username and password (set in default_handle_session_cb) */
+    ss->expected_username = NULL;
+    ss->expected_password = NULL;
+
+    /* not to mix up the client and server messages */
+    ss->verbosity = torture_libssh_verbosity();
+    ss->log_file = strdup(log_file);
+
+    ss->auth_methods = SSH_AUTH_METHOD_GSSAPI_MIC;
+
+#ifdef WITH_PCAP
+    ss->with_pcap = 1;
+    ss->pcap_file = strdup(s->pcap_file);
+    assert_non_null(ss->pcap_file);
+#endif
+
+    /* TODO make configurable */
+    ss->max_tries = 3;
+    ss->error = 0;
+
+    /* Use the default session handling function */
+    ss->handle_session = default_handle_session_cb;
+    assert_non_null(ss->handle_session);
+
+    /* Do not use global configuration */
+    ss->parse_global_config = false;
+
+    tss->state = s;
+    tss->ss = ss;
+
+    *state = tss;
+}
+
+static int
+auth_gssapi_mic(ssh_session session,
+                UNUSED_PARAM(const char *user),
+                UNUSED_PARAM(const char *principal),
+                void *userdata)
+{
+    OM_uint32 min_stat;
+    ssh_gssapi_creds creds = ssh_gssapi_get_creds(session);
+    assert_non_null(creds);
+
+    gss_release_cred(&min_stat, creds);
+
+    return SSH_AUTH_SUCCESS;
+}
+
+static int
+setup_callback_server(void **state)
+{
+    struct torture_state *s = NULL;
+    struct server_state_st *ss = NULL;
+    struct test_server_st *tss = NULL;
+    char pid_str[1024];
+    pid_t pid;
+    struct session_data_st sdata = {.channel = NULL,
+                                    .auth_attempts = 0,
+                                    .authenticated = 0,
+                                    .username = SSHD_DEFAULT_USER,
+                                    .password = SSHD_DEFAULT_PASSWORD};
+    int rc;
+
+    setup_config(state);
+
+    tss = *state;
+    ss = tss->ss;
+    s = tss->state;
+
+    ss->server_cb = get_default_server_cb();
+    ss->server_cb->auth_gssapi_mic_function = auth_gssapi_mic;
+    ss->server_cb->userdata = &sdata;
+
+    /* Start the server using the default values */
+    pid = fork_run_server(ss, free_test_server_state, &tss);
+    if (pid < 0) {
+        fail();
+    }
+
+    snprintf(pid_str, sizeof(pid_str), "%d", pid);
+
+    torture_write_file(s->srv_pidfile, (const char *)pid_str);
+
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+    unsetenv("PAM_WRAPPER");
+
+    /* Wait until the sshd is ready to accept connections */
+    rc = torture_wait_for_daemon(5);
+    assert_int_equal(rc, 0);
+
+    *state = tss;
+
+    return 0;
+}
+
+static int
+teardown_default_server(void **state)
+{
+    struct torture_state *s;
+    struct server_state_st *ss;
+    struct test_server_st *tss;
+
+    tss = *state;
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ss = tss->ss;
+    assert_non_null(ss);
+
+    /* This function can be reused */
+    torture_teardown_sshd_server((void **)&s);
+
+    SAFE_FREE(tss->ss->server_cb);
+    free_server_state(tss->ss);
+    SAFE_FREE(tss->ss);
+    SAFE_FREE(tss);
+
+    return 0;
+}
+
+static int
+session_setup(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    int verbosity = torture_libssh_verbosity();
+    char *cwd = NULL;
+    bool b = false;
+    int rc;
+
+    assert_non_null(tss);
+
+    /* Make sure we do not test the agent */
+    unsetenv("SSH_AUTH_SOCK");
+
+    cwd = torture_get_current_working_dir();
+    assert_non_null(cwd);
+
+    tss->cwd = cwd;
+
+    s = tss->state;
+    assert_non_null(s);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session,
+                         SSH_OPTIONS_USER,
+                         TORTURE_SSH_USER_ALICE);
+    assert_int_equal(rc, SSH_OK);
+    /* Make sure no other configuration options from system will get used */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    return 0;
+}
+
+static int
+session_teardown(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    int rc = 0;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    rc = torture_change_dir(tss->cwd);
+    assert_int_equal(rc, 0);
+
+    SAFE_FREE(tss->cwd);
+
+    return 0;
+}
+
+static void
+torture_gssapi_server_delegate_creds(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    ssh_session session;
+    int rc;
+    OM_uint32 maj_stat, min_stat;
+    gss_cred_id_t client_creds = GSS_C_NO_CREDENTIAL;
+    gss_OID_set no_mechs = GSS_C_NO_OID_SET;
+    int t = 1;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    ssh_options_set(session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, &t);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    torture_setup_kdc_server(
+        (void **)&s,
+        "kadmin.local addprinc -randkey host/server.libssh.site \n"
+        "kadmin.local ktadd -k $(dirname $0)/d/ssh.keytab host/server.libssh.site \n"
+        "kadmin.local addprinc -pw bar alice \n"
+        "kadmin.local list_principals",
+
+        "echo bar | kinit alice");
+
+    maj_stat = gss_acquire_cred(&min_stat,
+                                GSS_C_NO_NAME,
+                                GSS_C_INDEFINITE,
+                                GSS_C_NO_OID_SET,
+                                GSS_C_INITIATE,
+                                &client_creds,
+                                &no_mechs,
+                                NULL);
+    assert_int_equal(GSS_ERROR(maj_stat), 0);
+
+    ssh_gssapi_set_creds(session, client_creds);
+
+    rc = ssh_userauth_gssapi(session);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    gss_release_cred(&min_stat, &client_creds);
+    gss_release_oid_set(&min_stat, &no_mechs);
+
+    torture_teardown_kdc_server((void **)&s);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_gssapi_server_delegate_creds,
+                                        session_setup,
+                                        session_teardown),
+
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests,
+                                setup_callback_server,
+                                teardown_default_server);
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/server/torture_server_auth_kbdint.c b/libssh/tests/server/torture_server_auth_kbdint.c
index 5bf81598..1d5eb733 100644
--- a/libssh/tests/server/torture_server_auth_kbdint.c
+++ b/libssh/tests/server/torture_server_auth_kbdint.c
@@ -96,11 +96,7 @@ static void cleanup_pcap(struct session_data_st *sdata)
         return;
     }
 
-    /* Do not free the pcap data context here since its ownership was
-     * transfered to the session object, which will take care of its cleanup.
-     * Morover it is still in use so we can very simply crash by freeing
-     * it here.
-     */
+    ssh_pcap_file_free(sdata->pcap);
     sdata->pcap = NULL;
 }
 #endif
@@ -161,7 +157,7 @@ static int authenticate_kbdint(ssh_session session,
     initial_prompt[0] = "username: ";
     initial_prompt[1] = "password: ";
 
-    /* Prompt for aditional prompts */
+    /* Prompt for additional prompts */
     retype_prompt[0] = "retype password: ";
 
     if ((session == NULL) || (message == NULL) || (sdata == NULL)) {
@@ -514,6 +510,14 @@ static void handle_kbdint_session_cb(ssh_event event,
     return;
 }
 
+static void free_test_server_state(void **state)
+{
+    struct test_server_st *tss = *state;
+
+    torture_free_state(tss->state);
+    SAFE_FREE(tss);
+}
+
 static int setup_kbdint_server(void **state)
 {
     struct torture_state *s;
@@ -523,6 +527,7 @@ static int setup_kbdint_server(void **state)
     char rsa_hostkey[1024] = {0};
 
     char sshd_path[1024];
+    char log_file[1024];
 
     int rc;
 
@@ -550,6 +555,11 @@ static int setup_kbdint_server(void **state)
     rc = mkdir(sshd_path, 0755);
     assert_return_code(rc, errno);
 
+    snprintf(log_file,
+             sizeof(log_file),
+             "%s/sshd/log",
+             s->socket_dir);
+
     snprintf(rsa_hostkey,
              sizeof(rsa_hostkey),
              "%s/sshd/ssh_host_rsa_key",
@@ -569,7 +579,9 @@ static int setup_kbdint_server(void **state)
     ss->host_key = strdup(rsa_hostkey);
     assert_non_null(rsa_hostkey);
 
+    /* not to mix up the client and server messages */
     ss->verbosity = torture_libssh_verbosity();
+    ss->log_file = strdup(log_file);
 
 #ifdef WITH_PCAP
     ss->with_pcap = 1;
@@ -580,12 +592,15 @@ static int setup_kbdint_server(void **state)
     ss->max_tries = 3;
     ss->error = 0;
 
+    tss->state = s;
+    tss->ss = ss;
+
     /* Set the session handling function */
     ss->handle_session = handle_kbdint_session_cb;
     assert_non_null(ss->handle_session);
 
     /* Start the server */
-    pid = fork_run_server(ss);
+    pid = fork_run_server(ss, free_test_server_state, &tss);
     if (pid < 0) {
         fail();
     }
@@ -597,11 +612,8 @@ static int setup_kbdint_server(void **state)
     setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
     unsetenv("PAM_WRAPPER");
 
-    /* Wait 200ms */
-    usleep(200 * 1000);
-
-    tss->state = s;
-    tss->ss = ss;
+    rc = torture_wait_for_daemon(15);
+    assert_int_equal(rc, 0);
 
     *state = tss;
 
diff --git a/libssh/tests/server/torture_server_config.c b/libssh/tests/server/torture_server_config.c
index 5f66f015..0bb11ec0 100644
--- a/libssh/tests/server/torture_server_config.c
+++ b/libssh/tests/server/torture_server_config.c
@@ -51,9 +51,6 @@ struct test_server_st {
     char ecdsa_521_hostkey[1024];
     char ecdsa_384_hostkey[1024];
     char ecdsa_256_hostkey[1024];
-#ifdef HAVE_DSA
-    char dsa_hostkey[1024];
-#endif /* HAVE_DSA */
 };
 
 static int setup_files(void **state)
@@ -117,14 +114,6 @@ static int setup_files(void **state)
         torture_write_file(tss->ed25519_hostkey,
                            torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
 
-#ifdef HAVE_DSA
-        snprintf(tss->dsa_hostkey,
-                 sizeof(tss->dsa_hostkey),
-                 "%s/sshd/ssh_host_dsa_key",
-                 s->socket_dir);
-        torture_write_file(tss->dsa_hostkey,
-                           torture_get_testkey(SSH_KEYTYPE_DSS, 0));
-#endif /* HAVE_DSA */
     }
 
     tss->state = s;
@@ -372,10 +361,6 @@ static size_t setup_hostkey_files(struct test_server_st *tss)
     if (!ssh_fips_mode()) {
         hostkey_files[4] = tss->ed25519_hostkey;
         num_hostkey_files++;
-#ifdef HAVE_DSA
-        hostkey_files[5] = tss->dsa_hostkey;
-        num_hostkey_files++;
-#endif
     }
 #endif /* TEST_ALL_CRYPTO_COMBINATIONS */
 
@@ -670,18 +655,6 @@ static void torture_server_config_hostkey_algorithms(void **state)
     rc = try_config_content(state, config_content, false);
     assert_int_equal(rc, 0);
 
-#ifdef HAVE_DSA
-    if (!ssh_fips_mode()) {
-        /* ssh-dss */
-        snprintf(config_content,
-                sizeof(config_content),
-                "HostKey %s\nHostkeyAlgorithms %s\n",
-                tss->dsa_hostkey, "ssh-dss");
-
-        rc = try_config_content(state, config_content, false);
-        assert_int_equal(rc, 0);
-    }
-#endif
 }
 
 static void torture_server_config_unknown(void **state)
diff --git a/libssh/tests/server/torture_server.c b/libssh/tests/server/torture_server_default.c
similarity index 87%
rename from libssh/tests/server/torture_server.c
rename to libssh/tests/server/torture_server_default.c
index c21f3612..188109e7 100644
--- a/libssh/tests/server/torture_server.c
+++ b/libssh/tests/server/torture_server_default.c
@@ -54,6 +54,8 @@ static int libssh_server_setup(void **state)
     struct test_server_st *tss = NULL;
     struct torture_state *s = NULL;
 
+    char log_file[1024];
+
     assert_non_null(state);
 
     tss = (struct test_server_st*)calloc(1, sizeof(struct test_server_st));
@@ -62,6 +64,13 @@ static int libssh_server_setup(void **state)
     torture_setup_socket_dir((void **)&s);
     torture_setup_create_libssh_config((void **)&s);
 
+    snprintf(log_file,
+             sizeof(log_file),
+             "%s/sshd/log",
+             s->socket_dir);
+
+    s->log_file = strdup(log_file);
+
     /* The second argument is the relative path to the "server" directory binary
      */
     torture_setup_libssh_server((void **)&s, "./test_server/test_server");
@@ -370,6 +379,59 @@ static void torture_server_unknown_global_request(void **state)
     ssh_channel_close(channel);
 }
 
+static void torture_server_no_more_sessions(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    ssh_session session = NULL;
+    ssh_channel channels[2];
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, SSHD_DEFAULT_USER);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Using the default password for the server */
+    rc = ssh_userauth_password(session, NULL, SSHD_DEFAULT_PASSWORD);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    /* Open a channel session */
+    channels[0] = ssh_channel_new(session);
+    assert_non_null(channels[0]);
+
+    rc = ssh_channel_open_session(channels[0]);
+    assert_ssh_return_code(session, rc);
+
+    /* Send no-more-sessions@openssh.com global request */
+    rc = ssh_request_no_more_sessions(session);
+    assert_ssh_return_code(session, rc);
+
+    /* Try to open an extra session and expect failure */
+    channels[1] = ssh_channel_new(session);
+    assert_non_null(channels[1]);
+
+    rc = ssh_channel_open_session(channels[1]);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* Free the unused channel */
+    ssh_channel_close(channels[1]);
+    ssh_channel_free(channels[1]);
+
+    /* Close and free open channel */
+    ssh_channel_close(channels[0]);
+    ssh_channel_free(channels[0]);
+}
+
 static void torture_server_set_disconnect_message(void **state)
 {
     struct test_server_st *tss = *state;
@@ -448,6 +510,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_server_unknown_global_request,
                                         session_setup,
                                         session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_no_more_sessions,
+                                        session_setup,
+                                        session_teardown),
         cmocka_unit_test_setup_teardown(torture_server_set_disconnect_message,
                                         session_setup,
                                         session_teardown),
diff --git a/libssh/tests/server/torture_sftpserver.c b/libssh/tests/server/torture_sftpserver.c
new file mode 100644
index 00000000..deba1565
--- /dev/null
+++ b/libssh/tests/server/torture_sftpserver.c
@@ -0,0 +1,1146 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2018 by Red Hat, Inc.
+ *
+ * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "config.h"
+#include "libssh/sftp.h"
+
+#define LIBSSH_STATIC
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <pwd.h>
+
+#include "torture.h"
+#include "torture_key.h"
+#include "libssh/libssh.h"
+#include "libssh/priv.h"
+#include "libssh/session.h"
+
+#include "test_server.h"
+#include "default_cb.h"
+
+#define TORTURE_KNOWN_HOSTS_FILE "libssh_torture_knownhosts"
+
+const char template[] = "temp_dir_XXXXXX";
+
+struct test_server_st {
+    struct torture_state *state;
+    struct server_state_st *ss;
+    char *cwd;
+    char *temp_dir;
+};
+
+void sftp_handle_session_cb(ssh_event event,
+                            ssh_session session,
+                            struct server_state_st *state);
+
+static void free_test_server_state(void **state)
+{
+    struct test_server_st *tss = *state;
+
+    torture_free_state(tss->state);
+    SAFE_FREE(tss);
+}
+
+static int setup_default_server(void **state)
+{
+    struct torture_state *s;
+    struct server_state_st *ss;
+    struct test_server_st *tss;
+
+    char ed25519_hostkey[1024] = {0};
+    char rsa_hostkey[1024];
+    char ecdsa_hostkey[1024];
+    //char trusted_ca_pubkey[1024];
+
+    char sshd_path[1024];
+    char log_file[1024];
+    int rc;
+
+    char pid_str[1024];
+
+    pid_t pid;
+
+    assert_non_null(state);
+
+    tss = (struct test_server_st*)calloc(1, sizeof(struct test_server_st));
+    assert_non_null(tss);
+
+    torture_setup_socket_dir((void **)&s);
+    assert_non_null(s->socket_dir);
+
+    /* Set the default interface for the server */
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
+    setenv("PAM_WRAPPER", "1", 1);
+
+    snprintf(sshd_path,
+             sizeof(sshd_path),
+             "%s/sshd",
+             s->socket_dir);
+
+    rc = mkdir(sshd_path, 0755);
+    assert_return_code(rc, errno);
+
+    snprintf(log_file,
+             sizeof(log_file),
+             "%s/sshd/log",
+             s->socket_dir);
+
+    snprintf(ed25519_hostkey,
+             sizeof(ed25519_hostkey),
+             "%s/sshd/ssh_host_ed25519_key",
+             s->socket_dir);
+    torture_write_file(ed25519_hostkey,
+                       torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
+
+    snprintf(rsa_hostkey,
+             sizeof(rsa_hostkey),
+             "%s/sshd/ssh_host_rsa_key",
+             s->socket_dir);
+    torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
+
+    snprintf(ecdsa_hostkey,
+             sizeof(ecdsa_hostkey),
+             "%s/sshd/ssh_host_ecdsa_key",
+             s->socket_dir);
+    torture_write_file(ecdsa_hostkey,
+                       torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
+
+    /* Create default server state */
+    ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));
+    assert_non_null(ss);
+
+    ss->address = strdup("127.0.0.10");
+    assert_non_null(ss->address);
+
+    ss->port = 22;
+
+    ss->ecdsa_key = strdup(ecdsa_hostkey);
+    assert_non_null(ss->ecdsa_key);
+
+    ss->ed25519_key = strdup(ed25519_hostkey);
+    assert_non_null(ss->ed25519_key);
+
+    ss->rsa_key = strdup(rsa_hostkey);
+    assert_non_null(ss->rsa_key);
+
+    ss->host_key = NULL;
+
+    /* Use default username and password (set in default_handle_session_cb) */
+    ss->expected_username = NULL;
+    ss->expected_password = NULL;
+
+    /* not to mix up the client and server messages */
+    ss->verbosity = torture_libssh_verbosity();
+    ss->log_file = strdup(log_file);
+
+    ss->auth_methods = SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_PUBLICKEY;
+
+#ifdef WITH_PCAP
+    ss->with_pcap = 1;
+    ss->pcap_file = strdup(s->pcap_file);
+    assert_non_null(ss->pcap_file);
+#endif
+
+    /* TODO make configurable */
+    ss->max_tries = 3;
+    ss->error = 0;
+
+    tss->state = s;
+    tss->ss = ss;
+
+    /* Use the default session handling function */
+    ss->handle_session = sftp_handle_session_cb;
+    assert_non_null(ss->handle_session);
+
+    /* Do not use global configuration */
+    ss->parse_global_config = false;
+
+    /* Start the server using the default values */
+    pid = fork_run_server(ss, free_test_server_state, &tss);
+    if (pid < 0) {
+        fail();
+    }
+
+    snprintf(pid_str, sizeof(pid_str), "%d", pid);
+
+    torture_write_file(s->srv_pidfile, (const char *)pid_str);
+
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+    unsetenv("PAM_WRAPPER");
+
+    /* Wait until the sshd is ready to accept connections */
+    rc = torture_wait_for_daemon(5);
+    assert_int_equal(rc, 0);
+
+    *state = tss;
+
+    return 0;
+}
+
+static int teardown_default_server(void **state)
+{
+    struct torture_state *s;
+    struct server_state_st *ss;
+    struct test_server_st *tss;
+
+    tss = *state;
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    ss = tss->ss;
+    assert_non_null(ss);
+
+    /* This function can be reused */
+    torture_teardown_sshd_server((void **)&s);
+
+    free_server_state(tss->ss);
+    SAFE_FREE(tss->ss);
+    SAFE_FREE(tss);
+
+    return 0;
+}
+
+static int session_setup(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    int verbosity = torture_libssh_verbosity();
+    char template2[] = "/tmp/ssh_torture_XXXXXX";
+    char *cwd = NULL;
+    char *tmp_dir = NULL;
+    char *p = NULL;
+    bool b = false;
+    int rc;
+
+    assert_non_null(tss);
+
+    /* Make sure we do not test the agent */
+    unsetenv("SSH_AUTH_SOCK");
+
+    cwd = torture_get_current_working_dir();
+    assert_non_null(cwd);
+
+    tmp_dir = torture_make_temp_dir(template);
+    p = mkdtemp(template2);
+    assert_non_null(p);
+    assert_non_null(tmp_dir);
+
+    tss->cwd = cwd;
+    tss->temp_dir = tmp_dir;
+
+    s = tss->state;
+    assert_non_null(s);
+
+    s->ssh.session = ssh_new();
+    assert_non_null(s->ssh.session);
+
+    s->ssh.tsftp = (struct torture_sftp*)calloc(1, sizeof(struct torture_sftp));
+    assert_non_null(s->ssh.tsftp);
+    s->ssh.tsftp->testdir = strdup(p);
+    assert_non_null(s->ssh.tsftp->testdir);
+
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    assert_ssh_return_code(s->ssh.session, rc);
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
+    assert_ssh_return_code(s->ssh.session, rc);
+    /* Make sure no other configuration options from system will get used */
+    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROCESS_CONFIG, &b);
+    assert_ssh_return_code(s->ssh.session, rc);
+
+    return 0;
+}
+
+static int session_setup_sftp(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    struct torture_sftp *tsftp = NULL;
+    ssh_session session = NULL;
+    sftp_session sftp = NULL;
+    int rc;
+
+    assert_non_null(tss);
+
+    rc = session_setup(state);
+    assert_int_equal(rc, 0);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, SSHD_DEFAULT_USER);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_AUTH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
+
+    rc = ssh_userauth_password(session, NULL, SSHD_DEFAULT_PASSWORD);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    ssh_get_issue_banner(session);
+
+    /* init sftp session */
+    tsftp = s->ssh.tsftp;
+
+    sftp = sftp_new(session);
+    assert_non_null(sftp);
+    tsftp->sftp = sftp;
+
+    rc = sftp_init(sftp);
+    assert_int_equal(rc, SSH_OK);
+
+    return 0;
+}
+
+static int session_teardown(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    int rc = 0;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    SAFE_FREE(s->ssh.tsftp->testdir);
+    sftp_free(s->ssh.tsftp->sftp);
+    SAFE_FREE(s->ssh.tsftp);
+
+    ssh_disconnect(s->ssh.session);
+    ssh_free(s->ssh.session);
+
+    rc = torture_change_dir(tss->cwd);
+    assert_int_equal(rc, 0);
+
+    rc = torture_rmdirs(tss->temp_dir);
+    assert_int_equal(rc, 0);
+
+    SAFE_FREE(tss->temp_dir);
+    SAFE_FREE(tss->cwd);
+
+    return 0;
+}
+
+static void torture_server_establish_sftp(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    ssh_session session;
+    sftp_session sftp;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    /* TODO: implement proper pam authentication in callback */
+    /* Using the default user for the server */
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, SSHD_DEFAULT_USER);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_AUTH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
+
+    /* TODO: implement proper pam authentication in callback */
+    /* Using the default password for the server */
+    rc = ssh_userauth_password(session, NULL, SSHD_DEFAULT_PASSWORD);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    ssh_get_issue_banner(session);
+
+    /* init sftp session */
+    tsftp = s->ssh.tsftp;
+
+    printf("in establish before sftp_new\n");
+    sftp = sftp_new(session);
+    assert_non_null(sftp);
+
+    rc = sftp_init(sftp);
+    assert_int_equal(rc, SSH_OK);
+
+    tsftp->sftp = sftp;
+}
+
+static void torture_server_test_sftp_function(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    ssh_session session;
+    sftp_session sftp;
+    int rc;
+    char *rv_str;
+    sftp_dir dir;
+
+    char data[65535] = {0};
+    sftp_file source;
+    sftp_file to;
+    int read_len;
+    int write_len;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, SSHD_DEFAULT_USER);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_userauth_none(session, NULL);
+    /* This request should return a SSH_REQUEST_DENIED error */
+    if (rc == SSH_AUTH_ERROR) {
+        assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+    }
+    rc = ssh_userauth_list(session, NULL);
+    assert_true(rc & SSH_AUTH_METHOD_PASSWORD);
+
+    /* TODO: implement proper pam authentication in callback */
+    /* Using the default password for the server */
+    rc = ssh_userauth_password(session, NULL, SSHD_DEFAULT_PASSWORD);
+    assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+    /* init sftp session */
+    tsftp = s->ssh.tsftp;
+    sftp = sftp_new(session);
+    assert_non_null(sftp);
+    tsftp->sftp = sftp;
+
+    rc = sftp_init(sftp);
+    assert_int_equal(rc, SSH_OK);
+
+    /* symbol link */
+    rc = sftp_symlink(sftp, "/tmp/this_is_the_link", "/tmp/sftp_symlink_test");
+    assert_int_equal(rc, SSH_OK);
+
+    rv_str = sftp_readlink(sftp, "/tmp/sftp_symlink_test");
+    assert_non_null(rv_str);
+    ssh_string_free_char(rv_str);
+
+    rc = sftp_unlink(sftp, "/tmp/sftp_symlink_test");
+    assert_int_equal(rc, SSH_OK);
+
+    /* open and close dir */
+    dir = sftp_opendir(sftp, "./");
+    assert_non_null(dir);
+
+    rc = sftp_closedir(dir);
+    assert_int_equal(rc, SSH_OK);
+
+    /* file read and write */
+    source = sftp_open(sftp, "/usr/bin/ssh", O_RDONLY, 0);
+    assert_non_null(source);
+
+    to = sftp_open(sftp, "ssh-copy", O_WRONLY | O_CREAT, 0700);
+    assert_non_null(to);
+
+    read_len = sftp_read(source, data, 4096);
+    write_len = sftp_write(to, data, read_len);
+    assert_int_equal(write_len, read_len);
+
+    rc = sftp_close(source);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = sftp_close(to);
+    assert_int_equal(rc, SSH_OK);
+
+    rc = sftp_unlink(sftp, "ssh-copy");
+    assert_int_equal(rc, SSH_OK);
+}
+
+static void torture_server_sftp_open_read_write(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    sftp_session sftp;
+    ssh_session session;
+    sftp_attributes a = NULL;
+    sftp_file new_file = NULL;
+    char tmp_file[PATH_MAX] = {0};
+    char data[10] = "0123456789";
+    char read_data[10] = {0};
+    struct stat sb;
+    int rc, write_len, read_len;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+
+    snprintf(tmp_file, sizeof(tmp_file), "%s/newfile", tss->temp_dir);
+
+    /*
+     * Create a new file
+     */
+    new_file = sftp_open(sftp, tmp_file, O_WRONLY | O_CREAT, 0751);
+    assert_non_null(new_file);
+
+    /* Write should work ok */
+    write_len = sftp_write(new_file, data, sizeof(data));
+    assert_int_equal(write_len, sizeof(data));
+
+    /* Reading should fail */
+    read_len = sftp_read(new_file, read_data, sizeof(read_data));
+    assert_int_equal(read_len, SSH_ERROR);
+
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /* Verify locally the mode is correct */
+    rc = stat(tmp_file, &sb);
+    assert_int_equal(rc, 0);
+    assert_int_equal(sb.st_mode, S_IFREG | 0751);
+    assert_int_equal(sb.st_size, sizeof(data)); /* 10b written */
+
+    /* Remote stat */
+    a = sftp_stat(sftp, tmp_file);
+    assert_non_null(a);
+    assert_int_equal(a->permissions, S_IFREG | 0751);
+    assert_int_equal(a->size, sizeof(data)); /* 10b written */
+    assert_int_equal(a->type, SSH_FILEXFER_TYPE_REGULAR);
+    sftp_attributes_free(a);
+
+    /*
+     * Now, lets try O_APPEND, mode is ignored
+     */
+    new_file = sftp_open(sftp, tmp_file, O_WRONLY | O_APPEND, 0);
+    assert_non_null(new_file);
+
+    /* fstat is not implemented */
+    a = sftp_fstat(new_file);
+    assert_null(a);
+
+    /* Write should work ok */
+    write_len = sftp_write(new_file, data, sizeof(data));
+    assert_int_equal(write_len, sizeof(data));
+
+    /* Reading should fail */
+    read_len = sftp_read(new_file, read_data, sizeof(read_data));
+    assert_int_equal(read_len, SSH_ERROR);
+
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /*
+     * Now, lets try read+write, mode is ignored
+     */
+    new_file = sftp_open(sftp, tmp_file, O_RDWR, 0);
+    assert_non_null(new_file);
+
+    /* Reading should work */
+    read_len = sftp_read(new_file, read_data, sizeof(read_data));
+    assert_int_equal(read_len, sizeof(read_data));
+    assert_int_equal(sizeof(read_data), sizeof(data)); /* sanity */
+    assert_memory_equal(read_data, data, sizeof(data));
+
+    rc = sftp_seek(new_file, 20);
+    assert_ssh_return_code(session, rc);
+
+    /* Write should work also ok */
+    write_len = sftp_write(new_file, data, sizeof(data));
+    assert_int_equal(write_len, sizeof(data));
+
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /* Remove the file */
+    rc = sftp_unlink(sftp, tmp_file);
+    assert_ssh_return_code(session, rc);
+
+    /* again: the file does not exist anymore so we should fail now */
+    rc = sftp_unlink(sftp, tmp_file);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /*
+     * Now, lets try read+write+create
+     */
+    new_file = sftp_open(sftp, tmp_file, O_RDWR | O_CREAT, 0700);
+    assert_non_null(new_file);
+
+    /* Reading should not fail but return no data */
+    read_len = sftp_read(new_file, read_data, sizeof(read_data));
+    assert_int_equal(read_len, 0);
+
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /* be nice */
+    rc = sftp_unlink(sftp, tmp_file);
+    assert_ssh_return_code(session, rc);
+
+    /* null flags should be invalid */
+    /* but there is no way in libssh client to force null flags so skip this
+    new_file = sftp_open(sftp, tmp_file, 0, 0700);
+    assert_null(new_file);
+    */
+
+    /* Only O_CREAT is invalid on file which does not exist. Read is implicit */
+    new_file = sftp_open(sftp, tmp_file, O_CREAT, 0700);
+    assert_null(new_file);
+}
+
+static void torture_server_sftp_mkdir(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    sftp_session sftp;
+    ssh_session session;
+    sftp_file new_file = NULL;
+    char tmp_dir[PATH_MAX] = {0};
+    char tmp_file[PATH_MAX] = {0};
+    sftp_attributes a = NULL;
+    struct stat sb;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+
+    snprintf(tmp_dir, sizeof(tmp_dir), "%s/newdir", tss->temp_dir);
+
+    /* create a test dir */
+    rc = sftp_mkdir(sftp, tmp_dir, 0751);
+    assert_ssh_return_code(session, rc);
+
+    /* try the same path again -- we should get an error */
+    rc = sftp_mkdir(sftp, tmp_dir, 0751);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* Verify locally the mode is correct */
+    rc = stat(tmp_dir, &sb);
+    assert_int_equal(rc, 0);
+    assert_int_equal(sb.st_mode, S_IFDIR | 0751);
+
+    /* Remote stat */
+    a = sftp_stat(sftp, tmp_dir);
+    assert_non_null(a);
+    assert_int_equal(a->permissions, S_IFDIR | 0751);
+    assert_int_equal(a->type, SSH_FILEXFER_TYPE_DIRECTORY);
+    sftp_attributes_free(a);
+
+    snprintf(tmp_file, sizeof(tmp_file), "%s/newdir/newfile", tss->temp_dir);
+
+    /* create a file in there */
+    new_file = sftp_open(sftp, tmp_file, O_WRONLY | O_CREAT, 0700);
+    assert_non_null(new_file);
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /* remove of non-empty directory fails */
+    rc = sftp_rmdir(sftp, tmp_dir);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* Unlink can not remove directory either */
+    rc = sftp_unlink(sftp, tmp_dir);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* Remove the file */
+    rc = sftp_unlink(sftp, tmp_file);
+    assert_int_equal(rc, SSH_OK);
+
+    /* Now it should work */
+    rc = sftp_rmdir(sftp, tmp_dir);
+    assert_ssh_return_code(session, rc);
+}
+
+static void torture_server_sftp_realpath(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    sftp_session sftp;
+    ssh_session session;
+    char path[PATH_MAX] = {0};
+    char exp_path[PATH_MAX] = {0};
+    char *new_path = NULL;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+
+    /* first try with the empty string, which should be equivalent to CWD */
+    new_path = sftp_canonicalize_path(sftp, path);
+    assert_non_null(new_path);
+    assert_string_equal(new_path, tss->cwd);
+    ssh_string_free_char(new_path);
+
+    /* now, lets try some more complicated paths relative to the CWD */
+    snprintf(path, sizeof(path), "%s/.././%s",
+             tss->temp_dir, tss->temp_dir);
+    new_path = sftp_canonicalize_path(sftp, path);
+    assert_non_null(new_path);
+    snprintf(exp_path, sizeof(exp_path), "%s/%s",
+             tss->cwd, tss->temp_dir);
+    assert_string_equal(new_path, exp_path);
+    ssh_string_free_char(new_path);
+
+    /* and this one does not exists, which is an error */
+    snprintf(path, sizeof(path), "%s/.././%s/nodir",
+             tss->temp_dir, tss->temp_dir);
+    new_path = sftp_canonicalize_path(sftp, path);
+    assert_null(new_path);
+    ssh_string_free_char(new_path);
+}
+
+static void torture_server_sftp_symlink(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    sftp_session sftp;
+    ssh_session session;
+    sftp_file new_file = NULL;
+    char tmp_dir[PATH_MAX] = {0};
+    char tmp_file[PATH_MAX] = {0};
+    char path[PATH_MAX] = {0};
+    char abs_path[PATH_MAX] = {0};
+    char data[42] = "012345678901234567890123456789012345678901";
+    char *new_path = NULL;
+    sftp_attributes a = NULL;
+    sftp_dir dir;
+    int write_len, num_files = 0;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+
+    /* create a test dir */
+    snprintf(tmp_dir, sizeof(tmp_dir), "%s/newdir", tss->temp_dir);
+    rc = sftp_mkdir(sftp, tmp_dir, 0751);
+    assert_ssh_return_code(session, rc);
+
+    /* create a file in there */
+    snprintf(tmp_file, sizeof(tmp_file), "%s/%s/newdir/newfile",
+             tss->cwd, tss->temp_dir);
+    new_file = sftp_open(sftp, tmp_file, O_WRONLY | O_CREAT, 0700);
+    assert_non_null(new_file);
+    write_len = sftp_write(new_file, data, sizeof(data));
+    assert_int_equal(write_len, sizeof(data));
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /* now, lets create a (relative) symlink to the new file */
+    snprintf(path, sizeof(path), "%s/newdir/linkname", tss->temp_dir);
+    rc = sftp_symlink(sftp, tmp_file, path);
+    assert_ssh_return_code(session, rc);
+
+    /* when the destination exists, it should fail */
+    rc = sftp_symlink(sftp, tmp_dir, tmp_file);
+    assert_int_equal(rc, SSH_ERROR);
+
+    /* now, there are different versions of stat that follow symlinks or not */
+    /* lstat should not follow the symlink and show information about the link
+     * itself */
+    a = sftp_lstat(sftp, path);
+    assert_non_null(a);
+    assert_int_not_equal(a->size, sizeof(data));
+    assert_int_equal(a->type, SSH_FILEXFER_TYPE_SYMLINK);
+    sftp_attributes_free(a);
+
+    /* readlink should give us more information about the target of the symlink
+     */
+    new_path = sftp_readlink(sftp, path);
+    assert_non_null(new_path);
+    snprintf(abs_path, sizeof(abs_path), "%s/%s/newdir/newfile",
+             tss->cwd, tss->temp_dir);
+    assert_string_equal(new_path, abs_path);
+    ssh_string_free_char(new_path);
+
+    /* stat should follow the symlink and show information about the link
+     * target */
+    a = sftp_stat(sftp, path);
+    assert_non_null(a);
+    assert_int_equal(a->size, sizeof(data));
+    assert_int_equal(a->permissions, S_IFREG | 0700);
+    assert_int_equal(a->type, SSH_FILEXFER_TYPE_REGULAR);
+    sftp_attributes_free(a);
+
+    /* on non-existing path, they fail */
+    a = sftp_lstat(sftp, "non-existing");
+    assert_null(a);
+    a = sftp_stat(sftp, "non-existing");
+    assert_null(a);
+
+    /**** readdir ****/
+    dir = sftp_opendir(sftp, tmp_dir);
+    assert_non_null(dir);
+    while ((a = sftp_readdir(sftp, dir))) {
+        if (strcmp(a->name, ".") != 0 &&
+            strcmp(a->name, "..") != 0 &&
+            strcmp(a->name, "newfile") != 0 &&
+            strcmp(a->name, "linkname") != 0) {
+            /* There is a file we did not create */
+            assert_true(false);
+        }
+
+        num_files++;
+        sftp_attributes_free(a);
+    }
+    assert_int_equal(num_files, 4);
+    rc = sftp_dir_eof(dir);
+    assert_int_equal(rc, 1);
+    rc = sftp_closedir(dir);
+    assert_ssh_return_code(session, rc);
+
+    /* now, remove the target of the link, the stat should not handle that,
+     * while lstat should keep working */
+    rc = sftp_unlink(sftp, tmp_file);
+    assert_int_equal(rc, SSH_OK);
+
+    a = sftp_lstat(sftp, path);
+    assert_non_null(a);
+    assert_int_not_equal(a->size, sizeof(data));
+    sftp_attributes_free(a);
+
+    a = sftp_stat(sftp, path);
+    assert_null(a);
+
+    /* readlink works ok on broken symlinks */
+    new_path = sftp_readlink(sftp, path);
+    assert_non_null(new_path);
+    snprintf(abs_path, sizeof(abs_path), "%s/%s/newdir/newfile",
+             tss->cwd, tss->temp_dir);
+    assert_string_equal(new_path, abs_path);
+    ssh_string_free_char(new_path);
+
+    /* readlink should fail on directories */
+    new_path = sftp_readlink(sftp, tmp_dir);
+    assert_null(new_path);
+    /* readlink should fail on or on non-existing files */
+    new_path = sftp_readlink(sftp, tmp_file);
+    assert_null(new_path);
+
+    /* Clean up symlink */
+    rc = sftp_unlink(sftp, path);
+    assert_int_equal(rc, SSH_OK);
+    /* Clean up temporary directory */
+    rc = sftp_rmdir(sftp, tmp_dir);
+    assert_int_equal(rc, SSH_OK);
+}
+
+static void torture_server_sftp_extended(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s;
+    struct torture_sftp *tsftp;
+    sftp_session sftp;
+    ssh_session session;
+    sftp_file new_file = NULL;
+    char tmp_dir[PATH_MAX] = {0};
+    char tmp_file[PATH_MAX] = {0};
+    sftp_statvfs_t st = NULL;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+
+    /* create a test dir */
+    snprintf(tmp_dir, sizeof(tmp_dir), "%s/newdir", tss->temp_dir);
+    rc = sftp_mkdir(sftp, tmp_dir, 0751);
+    assert_ssh_return_code(session, rc);
+
+    /* create a file in there */
+    snprintf(tmp_file, sizeof(tmp_file), "%s/%s/newdir/newfile",
+             tss->cwd, tss->temp_dir);
+    new_file = sftp_open(sftp, tmp_file, O_WRONLY | O_CREAT, 0700);
+    assert_non_null(new_file);
+
+    /* extended fstatvsf is not advertised nor supported now but calling this
+     * message will keep hanging the server. The extension protocol says that
+     * the clients can not request extension that are not supported by the
+     * server so before doing this, we should use sftp_extension_supported()
+     * anyway */
+    /* st = sftp_fstatvfs(new_file);
+    assert_null(st); */
+
+    /* close */
+    rc = sftp_close(new_file);
+    assert_ssh_return_code(session, rc);
+
+    /* extended statvsf */
+    st = sftp_statvfs(sftp, tmp_file);
+    assert_non_null(st);
+    /* probably hard to check more */
+    sftp_statvfs_free(st);
+
+    /* Clean up temporary directory */
+    rc = sftp_unlink(sftp, tmp_file);
+    assert_int_equal(rc, SSH_OK);
+    rc = sftp_rmdir(sftp, tmp_dir);
+    assert_int_equal(rc, SSH_OK);
+}
+
+static void
+torture_server_sftp_setstat(void **state)
+{
+
+    char name[128] = {0};
+    char data[10] = "0123456789";
+    int rc;
+    size_t len;
+    int atime = 10676, mtime = 13467;
+    mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP;
+
+    struct passwd *pwd = NULL;
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    struct torture_sftp *tsftp = NULL;
+    struct sftp_attributes_struct attr;
+    sftp_attributes tmp_attr = NULL;
+
+    sftp_session sftp = NULL;
+    ssh_session session = NULL;
+    sftp_file new_file = NULL;
+
+    pwd = getpwnam("alice");
+    assert_non_null(pwd);
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    session = s->ssh.session;
+    assert_non_null(session);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+    assert_non_null(tsftp->testdir);
+    snprintf(name, sizeof(name), "%s/server_setstat_test", tsftp->testdir);
+    new_file = sftp_open(sftp, name, O_WRONLY | O_CREAT, 0700);
+    assert_non_null(new_file);
+    len = sftp_write(new_file, data, sizeof(data));
+    assert_int_equal(len, sizeof(data));
+    rc = sftp_close(new_file);
+    assert_int_equal(rc, SSH_OK);
+
+    ZERO_STRUCT(attr);
+    attr.flags = SSH_FILEXFER_ATTR_SIZE | SSH_FILEXFER_ATTR_PERMISSIONS |
+                 SSH_FILEXFER_ATTR_UIDGID | SSH_FILEXFER_ATTR_ACMODTIME;
+
+    attr.size = len;
+    attr.uid = pwd->pw_uid;
+    attr.gid = pwd->pw_gid;
+    attr.permissions = mode;
+    attr.atime = atime;
+    attr.mtime = mtime;
+
+    rc = sftp_setstat(sftp, name, &attr);
+    assert_int_equal(rc, SSH_OK);
+
+    assert_int_equal(rc, SSH_OK);
+
+    tmp_attr = sftp_stat(sftp, name);
+    assert_non_null(tmp_attr);
+
+    assert_int_equal(tmp_attr->uid, pwd->pw_uid);
+    assert_int_equal(tmp_attr->gid, pwd->pw_gid);
+
+    assert_int_equal(len, tmp_attr->size);
+    assert_int_equal(tmp_attr->permissions & ACCESSPERMS, mode);
+    assert_int_equal(tmp_attr->mtime, mtime);
+    assert_int_equal(tmp_attr->atime, atime);
+
+    /*negative tests*/
+    rc = sftp_setstat(sftp, "not existing", &attr);
+    assert_int_equal(rc, SSH_ERROR);
+    sftp_unlink(sftp, name);
+    sftp_attributes_free(tmp_attr);
+}
+
+/* The max number of handles is 256 in sftpserver.h -- keep in sync! */
+#define SFTP_HANDLES 256
+static void torture_server_sftp_handles_exhaustion(void **state)
+{
+    struct test_server_st *tss = *state;
+    struct torture_state *s = NULL;
+    struct torture_sftp *tsftp = NULL;
+    char name[128] = {0};
+    sftp_file handle, handles[SFTP_HANDLES] = {0};
+    sftp_session sftp = NULL;
+    int rc;
+
+    assert_non_null(tss);
+
+    s = tss->state;
+    assert_non_null(s);
+
+    tsftp = s->ssh.tsftp;
+    assert_non_null(tsftp);
+
+    sftp = tsftp->sftp;
+    assert_non_null(sftp);
+
+    /* Occupy all handles */
+    for (int i = 0; i < SFTP_HANDLES; i++) {
+        snprintf(name, sizeof(name), "%s/fn%d", tsftp->testdir, i);
+        handles[i] = sftp_open(sftp, name, O_WRONLY | O_CREAT, 0700);
+        assert_non_null(handles[i]);
+    }
+
+    /* Next handle should fail, but not crash or OOB */
+    snprintf(name, sizeof(name), "%s/failfn", tsftp->testdir);
+    handle = sftp_open(sftp, name, O_WRONLY | O_CREAT, 0700);
+    assert_null(handle);
+
+    /* cleanup */
+    for (int i = 0; i < SFTP_HANDLES; i++) {
+        snprintf(name, sizeof(name), "%s/fn%d", tsftp->testdir, i);
+        rc = sftp_close(handles[i]);
+        assert_int_equal(rc, SSH_OK);
+    }
+}
+
+
+int torture_run_tests(void) {
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(torture_server_establish_sftp,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_test_sftp_function,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_open_read_write,
+                                        session_setup_sftp,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_mkdir,
+                                        session_setup_sftp,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_realpath,
+                                        session_setup_sftp,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_symlink,
+                                        session_setup_sftp,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_extended,
+                                        session_setup_sftp,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_setstat,
+                                        session_setup_sftp,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_server_sftp_handles_exhaustion,
+                                        session_setup_sftp,
+                                        session_teardown),
+    };
+
+    ssh_init();
+
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests,
+            setup_default_server,
+            teardown_default_server);
+
+    ssh_finalize();
+
+    return rc;
+}
diff --git a/libssh/tests/ssh_ping.c b/libssh/tests/ssh_ping.c
index bdb3cea0..ae2dfe39 100644
--- a/libssh/tests/ssh_ping.c
+++ b/libssh/tests/ssh_ping.c
@@ -27,6 +27,7 @@ int main(int argc, char **argv)
     const char *banner = NULL;
     ssh_session session = NULL;
     const char *hostkeys = NULL;
+    const char *kex = NULL;
     int rc = 1;
 
     bool process_config = false;
@@ -60,13 +61,20 @@ int main(int argc, char **argv)
         goto out;
     }
 
-    /* Enable all supported algorithms (including DSA) */
+    /* Enable all supported algorithms */
     hostkeys = ssh_kex_get_supported_method(SSH_HOSTKEYS);
     rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, hostkeys);
     if (rc < 0) {
         goto out;
     }
 
+    /* Enable all supported kex algorithms */
+    kex = ssh_kex_get_supported_method(SSH_KEX);
+    rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, kex);
+    if (rc < 0) {
+        goto out;
+    }
+
     rc = ssh_connect(session);
     if (rc != SSH_OK) {
         fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
diff --git a/libssh/tests/tests_config.h.cmake b/libssh/tests/tests_config.h.cmake
index b162db75..2e87f9ee 100644
--- a/libssh/tests/tests_config.h.cmake
+++ b/libssh/tests/tests_config.h.cmake
@@ -52,12 +52,10 @@
 #cmakedefine OPENSSH_SSH_ED25519 1
 #cmakedefine OPENSSH_SSH_ED25519_CERT_V01_OPENSSH_COM 1
 #cmakedefine OPENSSH_SSH_RSA 1
-#cmakedefine OPENSSH_SSH_DSS 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP256 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP384 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP521 1
 #cmakedefine OPENSSH_SSH_RSA_CERT_V01_OPENSSH_COM 1
-#cmakedefine OPENSSH_SSH_DSS_CERT_V01_OPENSSH_COM 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH_COM 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP384_CERT_V01_OPENSSH_COM 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP521_CERT_V01_OPENSSH_COM 1
@@ -67,5 +65,9 @@
 #cmakedefine NCAT_EXECUTABLE "${NCAT_EXECUTABLE}"
 #cmakedefine SSHD_EXECUTABLE "${SSHD_EXECUTABLE}"
 #cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}"
+#cmakedefine SSH_EXECUTABLE_SIZE "${SSH_EXECUTABLE_SIZE}"
+#cmakedefine DROPBEAR_EXECUTABLE "${DROPBEAR_EXECUTABLE}"
 #cmakedefine WITH_TIMEOUT ${WITH_TIMEOUT}
 #cmakedefine TIMEOUT_EXECUTABLE "${TIMEOUT_EXECUTABLE}"
+#cmakedefine SOFTHSM2_LIBRARY "${SOFTHSM2_LIBRARY}"
+#cmakedefine PKCS11SPY "${PKCS11SPY}"
diff --git a/libssh/tests/torture.c b/libssh/tests/torture.c
index f5a6bcc7..6bdd6463 100644
--- a/libssh/tests/torture.c
+++ b/libssh/tests/torture.c
@@ -40,11 +40,6 @@
 #include <unistd.h>
 #elif (defined _WIN32) || (defined _WIN64)
 #include <direct.h>
-#include <io.h>
-#define read _read
-#define open _open
-#define write _write
-#define close _close
 #define chdir _chdir
 #endif
 
@@ -53,6 +48,15 @@
 #include "libssh/misc.h"
 #include "libssh/token.h"
 
+#ifdef HAVE_VALGRIND_VALGRIND_H
+#include <valgrind/valgrind.h>
+#endif
+
+#ifdef WITH_GSSAPI
+/* for OPENSSL_cleanup() of GSSAPI's OpenSSL context */
+#include <openssl/crypto.h>
+#endif
+
 #define TORTURE_SSHD_SRV_IPV4 "127.0.0.10"
 /* socket wrapper IPv6 prefix  fd00::5357:5fxx */
 #define TORTURE_SSHD_SRV_IPV6 "fd00::5357:5f0a"
@@ -77,6 +81,7 @@ static const char *pattern = NULL;
 
 #ifndef _WIN32
 
+/* TODO missing code coverage */
 static int _torture_auth_kbdint(ssh_session session,
                                const char *password) {
     const char *prompt;
@@ -236,6 +241,10 @@ int torture_terminate_process(const char *pidfile)
 
     /* read the pidfile */
     pid = torture_read_pidfile(pidfile);
+    if (pid == -1) {
+        fprintf(stderr, "Failed to read PID file %s\n", pidfile);
+        return -1;
+    }
     assert_int_not_equal(pid, -1);
 
     for (count = 0; count < 10; count++) {
@@ -244,6 +253,13 @@ int torture_terminate_process(const char *pidfile)
 
         /* 10 ms */
         usleep(10 * 1000);
+#ifdef HAVE_VALGRIND_VALGRIND_H
+        if (RUNNING_ON_VALGRIND) {
+            SSH_LOG(SSH_LOG_INFO, "Running within Valgrind, wait one more "
+                    "second for the server to clean up.");
+            usleep(1000 * 1000);
+         }
+#endif /* HAVE_VALGRIND_VALGRIND_H */
 
         rc = kill(pid, 0);
         if (rc != 0) {
@@ -383,18 +399,12 @@ ssh_bind torture_ssh_bind(const char *addr,
     }
 
     switch (key_type) {
-#ifdef HAVE_DSA
-        case SSH_KEYTYPE_DSS:
-            opts = SSH_BIND_OPTIONS_DSAKEY;
-            break;
-#endif /* HAVE_DSA */
         case SSH_KEYTYPE_RSA:
-            opts = SSH_BIND_OPTIONS_RSAKEY;
-            break;
         case SSH_KEYTYPE_ECDSA_P256:
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521:
-            opts = SSH_BIND_OPTIONS_ECDSAKEY;
+        case SSH_KEYTYPE_ED25519:
+            opts = SSH_BIND_OPTIONS_HOSTKEY;
             break;
         default:
             goto out_free;
@@ -561,6 +571,7 @@ void torture_setup_socket_dir(void **state)
     const char *p;
     size_t len;
     char *env = NULL;
+    char gss_dir[1024] = {0};
     int rc;
 
     s = calloc(1, sizeof(struct torture_state));
@@ -580,6 +591,13 @@ void torture_setup_socket_dir(void **state)
     s->socket_dir = torture_make_temp_dir(TORTURE_SOCKET_DIR);
     assert_non_null(s->socket_dir);
 
+#ifdef WITH_GSSAPI
+    snprintf(gss_dir, sizeof(gss_dir), "%s/gss", s->socket_dir);
+    rc = mkdir(gss_dir, 0755);
+    assert_return_code(rc, errno);
+    s->gss_dir = strdup(gss_dir);
+#endif
+
     p = s->socket_dir;
 
     /* pcap file */
@@ -631,9 +649,6 @@ void torture_setup_create_libssh_config(void **state)
 {
     struct torture_state *s = *state;
     char ed25519_hostkey[1024] = {0};
-#ifdef HAVE_DSA
-    char dsa_hostkey[1024];
-#endif /* HAVE_DSA */
     char rsa_hostkey[1024];
     char ecdsa_hostkey[1024];
     char sshd_config[2048];
@@ -647,9 +662,6 @@ void torture_setup_create_libssh_config(void **state)
              "%s %s\n"
              "%s %s\n"
              "%s %s\n"
-#ifdef HAVE_DSA
-             "%s %s\n"
-#endif /* HAVE_DSA */
              "%s\n"; /* The space for test-specific options */
     bool written = false;
     int rc;
@@ -686,13 +698,6 @@ void torture_setup_create_libssh_config(void **state)
              "%s/sshd/ssh_host_ecdsa_key",
              s->socket_dir);
 
-#ifdef HAVE_DSA
-    snprintf(dsa_hostkey,
-             sizeof(dsa_hostkey),
-             "%s/sshd/ssh_host_dsa_key",
-             s->socket_dir);
-#endif /* HAVE_DSA */
-
     if (!written) {
         torture_write_file(ed25519_hostkey,
                            torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
@@ -700,10 +705,6 @@ void torture_setup_create_libssh_config(void **state)
                            torture_get_testkey(SSH_KEYTYPE_RSA, 0));
         torture_write_file(ecdsa_hostkey,
                            torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
-#ifdef HAVE_DSA
-        torture_write_file(dsa_hostkey,
-                           torture_get_testkey(SSH_KEYTYPE_DSS, 0));
-#endif /* HAVE_DSA */
     }
 
     additional_config = (s->srv_additional_config != NULL ?
@@ -714,9 +715,6 @@ void torture_setup_create_libssh_config(void **state)
             "HostKey", ed25519_hostkey,
             "HostKey", rsa_hostkey,
             "HostKey", ecdsa_hostkey,
-#ifdef HAVE_DSA
-            "HostKey", dsa_hostkey,
-#endif /* HAVE_DSA */
             additional_config);
 
     torture_write_file(s->srv_config, sshd_config);
@@ -727,9 +725,6 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
 {
     struct torture_state *s = *state;
     char ed25519_hostkey[1024] = {0};
-#ifdef HAVE_DSA
-    char dsa_hostkey[1024];
-#endif /* HAVE_DSA */
     char rsa_hostkey[1024];
     char ecdsa_hostkey[1024];
     char trusted_ca_pubkey[1024];
@@ -747,10 +742,8 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
     const char config_string[]=
              "Port 22\n"
              "ListenAddress 127.0.0.10\n"
+             "ListenAddress fd00::5357:5f0a\n"
              "%s %s\n" /* ed25519 HostKey */
-#ifdef HAVE_DSA
-             "%s %s\n" /* DSA HostKey */
-#endif /* HAVE_DSA */
              "%s %s\n" /* RSA HostKey */
              "%s %s\n" /* ECDSA HostKey */
              "\n"
@@ -771,6 +764,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
              "HostKeyAlgorithms " OPENSSH_KEYS "\n"
 #if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2
              "CASignatureAlgorithms " OPENSSH_KEYS "\n"
+#endif
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+             "PerSourcePenaltyExemptList 127.0.0.21\n"
 #endif
              "Ciphers " OPENSSH_CIPHERS "\n"
              "KexAlgorithms " OPENSSH_KEX "\n"
@@ -785,6 +781,7 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
     const char fips_config_string[]=
              "Port 22\n"
              "ListenAddress 127.0.0.10\n"
+             "ListenAddress fd00::5357:5f0a\n"
              "%s %s\n" /* RSA HostKey */
              "%s %s\n" /* ECDSA HostKey */
              "\n"
@@ -801,6 +798,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
              "%s\n" /* Here comes UsePam */
              "%s" /* The space for test-specific options */
              "\n"
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+             "PerSourcePenaltyExemptList 127.0.0.21\n"
+#endif
              "Ciphers "
                 "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,"
                 "aes128-gcm@openssh.com,aes128-ctr,aes128-cbc"
@@ -870,13 +870,6 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
              "%s/sshd/ssh_host_ed25519_key",
              s->socket_dir);
 
-#ifdef HAVE_DSA
-    snprintf(dsa_hostkey,
-             sizeof(dsa_hostkey),
-             "%s/sshd/ssh_host_dsa_key",
-             s->socket_dir);
-#endif /* HAVE_DSA */
-
     snprintf(rsa_hostkey,
              sizeof(rsa_hostkey),
              "%s/sshd/ssh_host_rsa_key",
@@ -895,10 +888,6 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
     if (!written) {
         torture_write_file(ed25519_hostkey,
                            torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
-#ifdef HAVE_DSA
-        torture_write_file(dsa_hostkey,
-                           torture_get_testkey(SSH_KEYTYPE_DSS, 0));
-#endif /* HAVE_DSA */
         torture_write_file(rsa_hostkey,
                            torture_get_testkey(SSH_KEYTYPE_RSA, 0));
         torture_write_file(ecdsa_hostkey,
@@ -935,9 +924,6 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
         snprintf(sshd_config, sizeof(sshd_config),
                 config_string,
                 "HostKey", ed25519_hostkey,
-#ifdef HAVE_DSA
-                "HostKey", dsa_hostkey,
-#endif /* HAVE_DSA */
                 "HostKey", rsa_hostkey,
                 "HostKey", ecdsa_hostkey,
                 trusted_ca_pubkey,
@@ -950,7 +936,7 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
     torture_write_file(s->srv_config, sshd_config);
 }
 
-static int torture_wait_for_daemon(unsigned int seconds)
+int torture_wait_for_daemon(unsigned int seconds)
 {
     struct ssh_timestamp start;
     int rc;
@@ -968,6 +954,54 @@ static int torture_wait_for_daemon(unsigned int seconds)
     return 1;
 }
 
+void
+torture_set_kdc_env_str(const char *gss_dir, char *env, size_t size)
+{
+    int rc;
+    rc = snprintf(env,
+                  size,
+                  "KRB5CCNAME=%s/cc "
+                  "KRB5_CONFIG=%s/k/krb5.conf "
+                  "KRB5_KDC_PROFILE=%s/k "
+                  "KRB5_KTNAME=%s/d/ssh.keytab "
+                  "KRB5RCACHETYPE=none ",
+                  gss_dir,
+                  gss_dir,
+                  gss_dir,
+                  gss_dir);
+    if (rc < 0 || rc >= (int)size) {
+        fail_msg("snprintf failed");
+    }
+}
+
+void
+torture_set_env_from_str(const char *env)
+{
+    struct ssh_tokens_st *vars = NULL, *var = NULL;
+
+    vars = ssh_tokenize(env, ' ');
+    if (vars == NULL) {
+        fail_msg("failed to tokenize environment string");
+    }
+
+    for (int i = 0; vars->tokens[i]; i++) {
+        var = ssh_tokenize(vars->tokens[i], '=');
+        if (var == NULL) {
+            ssh_tokens_free(vars);
+            fail_msg("invalid environment string format");
+        }
+        if (var->tokens[0] != NULL && var->tokens[1] != NULL) {
+            setenv(var->tokens[0], var->tokens[1], 1);
+        } else {
+            ssh_tokens_free(var);
+            ssh_tokens_free(vars);
+            fail_msg("invalid environment string format");
+        }
+        ssh_tokens_free(var);
+    }
+    ssh_tokens_free(vars);
+}
+
 /**
  * @brief Run a libssh based server under timeout.
  *
@@ -993,6 +1027,7 @@ void torture_setup_libssh_server(void **state, const char *server_path)
     char start_cmd[1024];
     char timeout_cmd[512];
     char env[1024];
+    char kdc_env[255];
     char extra_options[1024];
     int rc;
     char *ld_preload = NULL;
@@ -1012,14 +1047,14 @@ void torture_setup_libssh_server(void **state, const char *server_path)
     if (s->srv_additional_config != NULL) {
         printed = snprintf(extra_options, sizeof(extra_options), " %s ",
                            s->srv_additional_config);
-        if (printed < 0) {
+        if (printed < 0 || printed >= (ssize_t)sizeof(extra_options)) {
             fail_msg("Failed to print additional config!");
             /* Unreachable */
             __builtin_unreachable();
         }
     } else {
         printed = snprintf(extra_options, sizeof(extra_options), " ");
-        if (printed < 0) {
+        if (printed < 0 || printed >= (ssize_t)sizeof(extra_options)) {
             fail_msg("Failed to print empty additional config!");
             /* Unreachable */
             __builtin_unreachable();
@@ -1032,16 +1067,24 @@ void torture_setup_libssh_server(void **state, const char *server_path)
         force_fips = "";
     }
 
+    torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
+
     /* Write the environment setting */
     /* OPENSSL variable is needed to enable SHA1 */
-    printed = snprintf(env, sizeof(env),
+    printed = snprintf(env,
+                       sizeof(env),
                        "SOCKET_WRAPPER_DIR=%s "
                        "SOCKET_WRAPPER_DEFAULT_IFACE=10 "
                        "LD_PRELOAD=%s "
                        "%s "
-                       "OPENSSL_ENABLE_SHA1_SIGNATURES=1",
-                       s->socket_dir, ld_preload, force_fips);
-    if (printed < 0) {
+                       "OPENSSL_ENABLE_SHA1_SIGNATURES=1 "
+                       "NSS_WRAPPER_HOSTNAME=server.libssh.site "
+                       "%s ",
+                       s->socket_dir,
+                       ld_preload,
+                       force_fips,
+                       kdc_env);
+    if (printed < 0 || printed >= (ssize_t)sizeof(env)) {
         fail_msg("Failed to print env!");
         /* Unreachable */
         __builtin_unreachable();
@@ -1057,11 +1100,13 @@ void torture_setup_libssh_server(void **state, const char *server_path)
     /* Write the start command */
     printed = snprintf(start_cmd, sizeof(start_cmd),
                        "%s"
-                       "%s -f%s -v4 -p22 -i%s -C%s%s%s",
+                       "%s -f%s -v4 -p22 -i%s -C%s%s%s%s%s",
                        timeout_cmd,
                        server_path, s->pcap_file, s->srv_pidfile,
-                       s->srv_config, extra_options, TORTURE_SSH_SERVER);
-    if (printed < 0) {
+                       s->srv_config,
+                       s->log_file ? " -l " : "", s->log_file ? s->log_file : "",
+                       extra_options, TORTURE_SSH_SERVER);
+    if (printed < 0 || printed >= (ssize_t)sizeof(start_cmd)) {
         fail_msg("Failed to print start command!");
         /* Unreachable */
         __builtin_unreachable();
@@ -1115,18 +1160,32 @@ static int torture_start_sshd_server(void **state)
     struct torture_state *s = *state;
     char sshd_start_cmd[1024];
     int rc;
+    char kdc_env[255] = {0};
 
     /* Set the default interface for the server */
     setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
     setenv("PAM_WRAPPER", "1", 1);
 
-    snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
-             SSHD_EXECUTABLE " -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
-             s->srv_config, s->socket_dir, s->socket_dir);
+#ifdef WITH_GSSAPI
+    setenv("NSS_WRAPPER_HOSTNAME", "server.libssh.site", 1);
+    torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
+#endif
+    rc = snprintf(sshd_start_cmd,
+                  sizeof(sshd_start_cmd),
+                  "%s " SSHD_EXECUTABLE
+                  " -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
+                  kdc_env,
+                  s->srv_config,
+                  s->socket_dir,
+                  s->socket_dir);
+    if (rc < 0 || rc >= (int)sizeof(sshd_start_cmd)) {
+        fail_msg("snprintf failed");
+    }
 
     rc = system(sshd_start_cmd);
     assert_return_code(rc, errno);
 
+    unsetenv("NSS_WRAPPER_HOSTNAME");
     setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
     unsetenv("PAM_WRAPPER");
 
@@ -1148,6 +1207,107 @@ void torture_setup_sshd_server(void **state, bool pam)
     assert_int_equal(rc, 0);
 }
 
+#ifdef WITH_GSSAPI
+/**
+ * @brief Setup KDC for GSSAPI testing
+ *
+ * This should be called after sshd or libssh server's setup functions.
+ *
+ * @param[in] state A pointer to a pointer to an initialized torture_state
+ *                  structure
+ * @param[in] kadmin_script kadmin commands to be executed on the KDC
+ * @param[in] kinit_script kinit commands to get the TGT
+ *
+ */
+void
+torture_setup_kdc_server(void **state,
+                         const char *kadmin_script,
+                         const char *kinit_script)
+{
+    struct torture_state *s = *state;
+    int rc;
+    char command[1024] = {0};
+    char kdc_env[255] = {0};
+    char kadmin_file[255] = {0};
+    char kinit_file[255] = {0};
+
+    /* Remove the previous files and folders, but keep the same directory
+     * because we pass only one temporary directory to the server */
+    rc = snprintf(command, sizeof(command), "rm -rf %s/*", s->gss_dir);
+    if (rc < 0 || rc >= (int)sizeof(command)) {
+        fail_msg("snprintf failed");
+    }
+    rc = system(command);
+    assert_return_code(rc, errno);
+
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "11", 1);
+    setenv("NSS_WRAPPER_HOSTNAME", "kdc.libssh.site", 1);
+
+    torture_set_kdc_env_str(s->gss_dir, kdc_env, sizeof(kdc_env));
+    torture_set_env_from_str(kdc_env);
+
+    snprintf(kadmin_file, sizeof(kadmin_file), "%s/kadmin.sh", s->gss_dir);
+    snprintf(kinit_file, sizeof(kinit_file), "%s/kinit.sh", s->gss_dir);
+
+    torture_write_file(kadmin_file, kadmin_script);
+    torture_write_file(kinit_file, kinit_script);
+
+    rc = snprintf(command,
+                  sizeof(command),
+                  "%s/tests/gss/kdcsetup.sh %s",
+                  BINARYDIR,
+                  s->socket_dir);
+    if (rc < 0 || rc >= (int)sizeof(command)) {
+        fail_msg("snprintf failed");
+    }
+    rc = system(command);
+    assert_return_code(rc, errno);
+    assert_int_equal(rc, 0);
+
+    unsetenv("NSS_WRAPPER_HOSTNAME");
+    /* Back to client */
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+}
+
+/**
+ * @brief Teardown KDC
+ *
+ * This should be called before sshd or libssh server's teardown functions.
+ *
+ * @param[in] state A pointer to a pointer to an initialized torture_state
+ *                  structure
+ */
+void
+torture_teardown_kdc_server(void **state)
+{
+    struct torture_state *s = *state;
+    int rc;
+    char pid_path[1024] = {0};
+
+    rc = snprintf(pid_path, sizeof(pid_path), "%s/pid", s->gss_dir);
+    if (rc < 0 || rc >= (int)sizeof(pid_path)) {
+        fail_msg("snprintf failed");
+    }
+    rc = torture_terminate_process(pid_path);
+    assert_return_code(rc, errno);
+}
+
+#endif /* WITH_GSSAPI */
+
+void torture_free_state(struct torture_state *s)
+{
+    free(s->srv_config);
+    free(s->socket_dir);
+#ifdef WITH_GSSAPI
+    free(s->gss_dir);
+#endif
+    free(s->pcap_file);
+    free(s->log_file);
+    free(s->srv_pidfile);
+    free(s->srv_additional_config);
+    free(s);
+}
+
 void torture_teardown_socket_dir(void **state)
 {
     struct torture_state *s = *state;
@@ -1171,13 +1331,7 @@ void torture_teardown_socket_dir(void **state)
     }
     s->plain_pcap = NULL;
 #endif /* WITH_PCAP */
-
-    free(s->srv_config);
-    free(s->socket_dir);
-    free(s->pcap_file);
-    free(s->srv_pidfile);
-    free(s->srv_additional_config);
-    free(s);
+    torture_free_state(s);
 }
 
 static int
@@ -1222,33 +1376,64 @@ torture_update_sshd_config(void **state, const char *config)
 void torture_teardown_sshd_server(void **state)
 {
     struct torture_state *s = *state;
-    int rc;
-
-    rc = torture_terminate_process(s->srv_pidfile);
-    assert_return_code(rc, errno);
 
+    torture_terminate_process(s->srv_pidfile);
     torture_teardown_socket_dir(state);
 }
 #endif /* SSHD_EXECUTABLE */
 
+#ifdef WITH_PKCS11_URI
 void torture_setup_tokens(const char *temp_dir,
                           const char *filename,
                           const char object_name[],
                           const char *load_public)
 {
     char token_setup_start_cmd[1024] = {0};
+    char socket_path[1204] = {0};
+    char conf_path[1024] = {0};
+#ifdef WITH_PKCS11_PROVIDER
+    char *env = NULL;
+#endif /* WITH_PKCS11_PROVIDER */
     int rc;
 
-    snprintf(token_setup_start_cmd, sizeof(token_setup_start_cmd),
-             "%s/tests/pkcs11/setup-softhsm-tokens.sh %s %s %s %s",
-             BINARYDIR,
-             temp_dir,
-             filename,
-             object_name, load_public);
+    rc = snprintf(token_setup_start_cmd,
+                  sizeof(token_setup_start_cmd),
+                  "%s/tests/pkcs11/setup-softhsm-tokens.sh %s %s %s %s %s",
+                  BINARYDIR,
+                  temp_dir,
+                  filename,
+                  object_name,
+                  load_public,
+                  SOFTHSM2_LIBRARY);
+    assert_int_not_equal(rc, sizeof(token_setup_start_cmd));
 
     rc = system(token_setup_start_cmd);
     assert_return_code(rc, errno);
+
+#ifdef WITH_PKCS11_PROVIDER
+    setenv("PKCS11_PROVIDER_MODULE", SOFTHSM2_LIBRARY, 1);
+
+    /* This is useful for debugging PKCS#11 calls */
+    env = getenv("TORTURE_PKCS11");
+    if (env != NULL && env[0] != '\0') {
+#ifdef PKCS11SPY
+        setenv("PKCS11SPY", SOFTHSM2_LIBRARY, 1);
+        setenv("PKCS11_PROVIDER_MODULE", PKCS11SPY, 1);
+#else
+        fprintf(stderr, "[ TORTURE  ] >>> pkcs11-spy not found\n");
+#endif /* PKCS11SPY */
+    }
+#endif /* WITH_PKCS11_PROVIDER */
+
+    snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", temp_dir);
+    setenv("SOFTHSM2_CONF", conf_path, 1);
+}
+
+void torture_cleanup_tokens(const char *temp_dir)
+{
+    unsetenv("SOFTHSM2_CONF");
 }
+#endif /* WITH_PKCS11_URI */
 
 char *torture_make_temp_dir(const char *template)
 {
@@ -1627,6 +1812,36 @@ void torture_write_file(const char *filename, const char *data){
 void torture_reset_config(ssh_session session)
 {
     memset(session->opts.options_seen, 0, sizeof(session->opts.options_seen));
+    if (ssh_libssh_proxy_jumps()) {
+        ssh_proxyjumps_free(session->opts.proxy_jumps);
+    }
+}
+
+void torture_unsetenv(const char *variable)
+{
+    int rc;
+#ifdef WIN32
+    rc = _putenv_s(variable, "");
+#else
+    rc = unsetenv(variable);
+#endif  // WIN32
+    assert_return_code(rc, errno);
+}
+
+void torture_setenv(const char *variable, const char *value)
+{
+    int rc;
+#ifdef WIN32
+    if (value != NULL) {
+        rc = _putenv_s(variable, value);
+        assert_return_code(rc, errno);
+    } else {
+        torture_unsetenv(variable);
+    }
+#else
+    rc = setenv(variable, value, 1);
+    assert_return_code(rc, errno);
+#endif  // WIN32
 }
 
 #if defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED)
@@ -1638,9 +1853,31 @@ __attribute__((weak)) int torture_run_tests(void)
 }
 #endif /* defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED) */
 
-int main(int argc, char **argv) {
+/**
+ * Finalize the torture context. No-op except for OpenSSL or GSSAPI
+ *
+ * When OpenSSL is built without the at-exit handlers, it won't call the
+ * OPENSSL_cleanup() from destructor or at-exit handler, which means we need to
+ * do it manually in the tests.
+ *
+ * It is never a good idea to call this function from the library context as we
+ * can not be sure the libssh is really the last one using the OpenSSL.
+ *
+ * This needs to be called at the end of the main function or any time before
+ * any forked process (servers) exits.
+ */
+void torture_finalize(void)
+{
+#if defined(HAVE_LIBCRYPTO) || defined(WITH_GSSAPI)
+    OPENSSL_cleanup();
+#endif
+}
+
+int main(int argc, char **argv)
+{
     struct argument_s arguments;
     char *env = getenv("LIBSSH_VERBOSITY");
+    int rv;
 
     arguments.verbose=0;
     arguments.pattern=NULL;
@@ -1658,5 +1895,9 @@ int main(int argc, char **argv) {
     cmocka_set_test_filter(pattern);
 #endif
 
-    return torture_run_tests();
+    rv = torture_run_tests();
+
+    torture_finalize();
+
+    return rv;
 }
diff --git a/libssh/tests/torture.h b/libssh/tests/torture.h
index 67c249a3..aebdb748 100644
--- a/libssh/tests/torture.h
+++ b/libssh/tests/torture.h
@@ -46,6 +46,7 @@
 #endif /* assert_return_code */
 
 #define TORTURE_SSH_SERVER "127.0.0.10"
+#define TORTURE_SSH_SERVER_IP6 "fd00::5357:5f0a"
 #define TORTURE_SSH_USER_BOB "bob"
 #define TORTURE_SSH_USER_BOB_PASSWORD "secret"
 
@@ -66,7 +67,9 @@ struct torture_sftp {
 
 struct torture_state {
     char *socket_dir;
+    char *gss_dir;
     char *pcap_file;
+    char *log_file;
     char *srv_pidfile;
     char *srv_config;
     bool srv_pam;
@@ -120,6 +123,8 @@ void _torture_filter_tests(struct CMUnitTest *tests, size_t ntests);
 const char *torture_server_address(int domain);
 int torture_server_port(void);
 
+int torture_wait_for_daemon(unsigned int seconds);
+
 #ifdef SSHD_EXECUTABLE
 void torture_setup_socket_dir(void **state);
 void torture_setup_sshd_server(void **state, bool pam);
@@ -130,10 +135,13 @@ void torture_teardown_sshd_server(void **state);
 int torture_update_sshd_config(void **state, const char *config);
 #endif /* SSHD_EXECUTABLE */
 
+#ifdef WITH_PKCS11_URI
 void torture_setup_tokens(const char *temp_dir,
                           const char *filename,
                           const char object_name[],
                           const char *load_public);
+void torture_cleanup_tokens(const char *temp_dir);
+#endif /* WITH_PKCS11_URI */
 
 void torture_reset_config(ssh_session session);
 
@@ -141,6 +149,15 @@ void torture_setup_create_libssh_config(void **state);
 
 void torture_setup_libssh_server(void **state, const char *server_path);
 
+#ifdef WITH_GSSAPI
+void torture_setup_kdc_server(void **state,
+                              const char *kadmin_script,
+                              const char *kinit_script);
+void torture_teardown_kdc_server(void **state);
+void torture_set_kdc_env_str(const char *gss_dir, char *env, size_t size);
+void torture_set_env_from_str(const char *env);
+#endif /* WITH_GSSAPI */
+
 #if defined(HAVE_WEAK_ATTRIBUTE) && defined(TORTURE_SHARED)
 __attribute__((weak)) int torture_run_tests(void);
 #else
@@ -150,10 +167,17 @@ __attribute__((weak)) int torture_run_tests(void);
 int torture_run_tests(void);
 #endif
 
+void torture_free_state(struct torture_state *s);
+
 char *torture_make_temp_dir(const char *template);
 char *torture_create_temp_file(const char *template);
 
 char *torture_get_current_working_dir(void);
 int torture_change_dir(char *path);
 
+void torture_setenv(char const* variable, char const* value);
+void torture_unsetenv(char const* variable);
+
+void torture_finalize(void);
+
 #endif /* _TORTURE_H */
diff --git a/libssh/tests/torture_pki.c b/libssh/tests/torture_pki.c
index cbf64951..f5420946 100644
--- a/libssh/tests/torture_pki.c
+++ b/libssh/tests/torture_pki.c
@@ -9,15 +9,10 @@
 
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
-#elif (defined _WIN32) || (defined _WIN64)
-#include <io.h>
-#define read _read
-#define open _open
-#define write _write
-#define close _close
 #endif
 
 #include "torture_pki.h"
+#include <libssh/priv.h>
 
 char *torture_pki_read_file(const char *filename)
 {
diff --git a/libssh/tests/unittests/CMakeLists.txt b/libssh/tests/unittests/CMakeLists.txt
index 28458d49..79f3856c 100644
--- a/libssh/tests/unittests/CMakeLists.txt
+++ b/libssh/tests/unittests/CMakeLists.txt
@@ -1,8 +1,7 @@
 project(unittests C)
 
-include_directories(${OPENSSL_INCLUDE_DIR})
-
 set(LIBSSH_UNIT_TESTS
+    torture_bignum
     torture_buffer
     torture_bytearray
     torture_callbacks
@@ -30,6 +29,12 @@ set(LIBSSH_THREAD_UNIT_TESTS
     torture_threads_crypto
 )
 
+set(TORTURE_UNIT_ENVIRONMENT
+    "LSAN_OPTIONS=suppressions=${libssh-tests_SOURCE_DIR}/suppressions/lsan.supp;")
+if (OPENSSL_FOUND)
+    list(APPEND TORTURE_UNIT_ENVIRONMENT OPENSSL_ENABLE_SHA1_SIGNATURES=1)
+endif (OPENSSL_FOUND)
+
 if (UNIX AND NOT WIN32)
     set(LIBSSH_UNIT_TESTS
         ${LIBSSH_UNIT_TESTS}
@@ -39,11 +44,19 @@ if (UNIX AND NOT WIN32)
         torture_keyfiles
         torture_pki
         torture_pki_rsa
+        torture_pki_dsa
         torture_pki_ed25519
         # requires /dev/null
         torture_channel
     )
-
+    if (HAVE_IFADDRS_H)
+        set(LIBSSH_UNIT_TESTS
+            ${LIBSSH_UNIT_TESTS}
+            # requires some non-standard API from netdb.h, in.h
+            # and arpa/inet.h for handling IP addresses
+            torture_config_match_localnetwork
+        )
+    endif (HAVE_IFADDRS_H)
     if (WITH_SERVER)
         set(LIBSSH_UNIT_TESTS
             ${LIBSSH_UNIT_TESTS}
@@ -56,20 +69,13 @@ if (UNIX AND NOT WIN32)
         endif()
     endif()
 
-
-    if (HAVE_DSA)
-        set(LIBSSH_UNIT_TESTS
-            ${LIBSSH_UNIT_TESTS}
-            torture_pki_dsa
-        )
-    endif()
-
     if (WITH_PKCS11_URI)
         set(LIBSSH_UNIT_TESTS
             ${LIBSSH_UNIT_TESTS}
             torture_pki_rsa_uri
             torture_pki_ecdsa_uri
         )
+        list(APPEND TORTURE_UNIT_ENVIRONMENT PKCS11_PROVIDER_DEBUG=file:/tmp/p11prov-debug.log)
     endif()
 
     if (HAVE_ECC)
@@ -85,13 +91,10 @@ if (UNIX AND NOT WIN32)
         torture_threads_pki_rsa
     )
     if (WITH_SERVER)
-        # Not working correctly
-        # add_cmocka_test(torture_server_x11 torture_server_x11.c ${TEST_TARGET_LIBRARIES})
-        # the signals are not testable under cmocka
-        # set(LIBSSH_THREAD_UNIT_TESTS
-        #     ${LIBSSH_THREAD_UNIT_TESTS}
-        #     torture_unit_server
-        # )
+        set(LIBSSH_THREAD_UNIT_TESTS
+            ${LIBSSH_THREAD_UNIT_TESTS}
+            torture_unit_server
+        )
     endif (WITH_SERVER)
 endif (UNIX AND NOT WIN32)
 
@@ -104,8 +107,7 @@ foreach(_UNIT_TEST ${LIBSSH_UNIT_TESTS})
 
     set_property(TEST ${_UNIT_TEST}
                  PROPERTY
-                     ENVIRONMENT
-                        LSAN_OPTIONS=suppressions=${libssh-tests_SOURCE_DIR}/suppressions/lsan.supp;OPENSSL_ENABLE_SHA1_SIGNATURES=1)
+                     ENVIRONMENT ${TORTURE_UNIT_ENVIRONMENT})
 endforeach()
 
 if (CMAKE_USE_PTHREADS_INIT)
@@ -118,8 +120,7 @@ if (CMAKE_USE_PTHREADS_INIT)
 
     set_property(TEST ${_UNIT_TEST}
                  PROPERTY
-                    ENVIRONMENT
-                        LSAN_OPTIONS=suppressions=${libssh-tests_SOURCE_DIR}/suppressions/lsan.supp;OPENSSL_ENABLE_SHA1_SIGNATURES=1)
+                    ENVIRONMENT ${TORTURE_UNIT_ENVIRONMENT})
     endforeach()
 endif ()
 
diff --git a/libssh/tests/unittests/hello world.sh b/libssh/tests/unittests/hello world.sh
new file mode 100755
index 00000000..8f687028
--- /dev/null
+++ b/libssh/tests/unittests/hello world.sh	
@@ -0,0 +1,2 @@
+#!/bin/sh
+printf '%s' "$1" 2>&1
diff --git a/libssh/tests/unittests/torture_bignum.c b/libssh/tests/unittests/torture_bignum.c
new file mode 100644
index 00000000..1884328d
--- /dev/null
+++ b/libssh/tests/unittests/torture_bignum.c
@@ -0,0 +1,113 @@
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include "torture.h"
+#include "libssh/bignum.h"
+#include "libssh/string.h"
+
+static void check_str (int n, ssh_string str)
+{
+    if (n > 0 && n <= 127) {
+        assert_int_equal(1, ntohl (str->size));
+        assert_int_equal(n, str->data[0]);
+    } else if (n > 127 && n <= 255) {
+        assert_int_equal(2, ntohl (str->size));
+        assert_int_equal(0, str->data[0]);
+        assert_int_equal(n, str->data[1]);
+    } else if (n > 255 && n <= 32767) {
+        assert_int_equal(2, ntohl (str->size));
+        assert_int_equal(n >> 8, str->data[0]);
+        assert_int_equal(n & 0xFF, str->data[1]);
+    } else {
+        assert_int_equal(3, ntohl (str->size));
+        assert_int_equal(n >> 16, str->data[0]);
+        assert_int_equal((n >> 8) & 0xFF, str->data[1]);
+        assert_int_equal(n & 0xFF, str->data[2]);
+    }
+}
+
+static void check_bignum(int n, const char *nstr)
+{
+    bignum num = NULL, num2 = NULL;
+    bignum num3 = NULL;
+    ssh_string str = NULL;
+    char *dec = NULL;
+
+    num = bignum_new();
+    assert_non_null(num);
+
+    assert_int_equal (1, bignum_set_word (num, n));
+
+    ssh_print_bignum("num", num);
+
+    dec = bignum_bn2dec (num);
+    assert_non_null (dec);
+    assert_string_equal (nstr, dec);
+    ssh_crypto_free(dec);
+
+    /* ssh_make_bignum_string */
+
+    str = ssh_make_bignum_string(num);
+    assert_non_null(str);
+
+    check_str (n, str);
+
+    /* ssh_make_string_bn */
+
+    num2 = ssh_make_string_bn(str);
+    ssh_string_free (str);
+    assert_non_null(num2);
+
+    ssh_print_bignum("num2", num2);
+
+    assert_int_equal (0, bignum_cmp (num, num2));
+
+    dec = bignum_bn2dec (num2);
+    assert_non_null (dec);
+    assert_string_equal (nstr, dec);
+    ssh_crypto_free(dec);
+
+    bignum_dup(num, &num3);
+    assert_non_null(num3);
+    assert_int_equal(0, bignum_cmp(num, num3));
+
+    bignum_safe_free(num);
+    bignum_safe_free(num2);
+    bignum_safe_free(num3);
+}
+
+
+static void torture_bignum(void **state) {
+    (void) state; /* unused */
+
+    ssh_set_log_level(SSH_LOG_TRACE);
+
+    check_bignum (1, "1");
+    check_bignum (17, "17");
+    check_bignum (42, "42");
+    check_bignum (127, "127");
+    check_bignum (128, "128");
+    check_bignum (254, "254");
+    check_bignum (255, "255");
+    check_bignum (256, "256");
+    check_bignum (257, "257");
+    check_bignum (300, "300");
+    check_bignum (32767, "32767");
+    check_bignum (32768, "32768");
+    check_bignum (65535, "65535");
+    check_bignum (65536, "65536");
+}
+
+int torture_run_tests(void) {
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test(torture_bignum),
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, NULL, NULL);
+    ssh_finalize();
+    return rc;
+}
diff --git a/libssh/tests/unittests/torture_bind_config.c b/libssh/tests/unittests/torture_bind_config.c
index f8e3d6ba..a2f9be06 100644
--- a/libssh/tests/unittests/torture_bind_config.c
+++ b/libssh/tests/unittests/torture_bind_config.c
@@ -54,9 +54,6 @@ extern LIBSSH_THREAD int ssh_log_level;
 #define MACS "hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com"
 #define MACS2 "hmac-sha1"
 
-#ifdef HAVE_DSA
-#define LIBSSH_DSA_TESTKEY        "libssh_testkey.id_dsa"
-#endif
 #define LIBSSH_RSA_TESTKEY        "libssh_testkey.id_rsa"
 #define LIBSSH_ED25519_TESTKEY    "libssh_testkey.id_ed25519"
 #ifdef HAVE_ECC
@@ -237,10 +234,6 @@ static int setup_config_files(void **state)
     torture_write_file(LIBSSH_ECDSA_521_TESTKEY,
                        torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
 #endif
-#ifdef HAVE_DSA
-    torture_write_file(LIBSSH_DSA_TESTKEY,
-                       torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
-#endif
 
     torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS,
                        LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_STRING);
diff --git a/libssh/tests/unittests/torture_callbacks.c b/libssh/tests/unittests/torture_callbacks.c
index 25111b2f..ac5b4b1b 100644
--- a/libssh/tests/unittests/torture_callbacks.c
+++ b/libssh/tests/unittests/torture_callbacks.c
@@ -3,9 +3,10 @@
 #define LIBSSH_STATIC
 
 #include "torture.h"
-#include <libssh/priv.h>
+#include <errno.h>
 #include <libssh/callbacks.h>
 #include <libssh/misc.h>
+#include <libssh/priv.h>
 
 static int myauthcallback (const char *prompt, char *buf, size_t len,
     int echo, int verify, void *userdata) {
@@ -249,11 +250,15 @@ static void torture_callbacks_iterate(void **state){
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
-        cmocka_unit_test_setup_teardown(torture_callbacks_size, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_callbacks_exists, setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_callbacks_size,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_callbacks_exists,
+                                        setup,
+                                        teardown),
         cmocka_unit_test(torture_log_callback),
         cmocka_unit_test(torture_callbacks_execute_list),
-        cmocka_unit_test(torture_callbacks_iterate)
+        cmocka_unit_test(torture_callbacks_iterate),
     };
 
     ssh_init();
diff --git a/libssh/tests/unittests/torture_config.c b/libssh/tests/unittests/torture_config.c
index 31dadae3..ada0ce8c 100644
--- a/libssh/tests/unittests/torture_config.c
+++ b/libssh/tests/unittests/torture_config.c
@@ -13,6 +13,8 @@
 #include "libssh/config_parser.h"
 #include "match.c"
 #include "config.c"
+#include "libssh/socket.h"
+#include "libssh/misc.h"
 
 extern LIBSSH_THREAD int ssh_log_level;
 
@@ -40,12 +42,17 @@ extern LIBSSH_THREAD int ssh_log_level;
 #define LIBSSH_TESTCONFIG10 "libssh_testconfig10.tmp"
 #define LIBSSH_TESTCONFIG11 "libssh_testconfig11.tmp"
 #define LIBSSH_TESTCONFIG12 "libssh_testconfig12.tmp"
+#define LIBSSH_TESTCONFIG14 "libssh_testconfig14.tmp"
+#define LIBSSH_TESTCONFIG15 "libssh_testconfig15.tmp"
+#define LIBSSH_TESTCONFIG16 "libssh_testconfig16.tmp"
+#define LIBSSH_TESTCONFIG17 "libssh_testconfig17.tmp"
 #define LIBSSH_TESTCONFIGGLOB "libssh_testc*[36].tmp"
 #define LIBSSH_TEST_PUBKEYTYPES "libssh_test_PubkeyAcceptedKeyTypes.tmp"
 #define LIBSSH_TEST_PUBKEYALGORITHMS "libssh_test_PubkeyAcceptedAlgorithms.tmp"
 #define LIBSSH_TEST_NONEWLINEEND "libssh_test_NoNewLineEnd.tmp"
 #define LIBSSH_TEST_NONEWLINEONELINE "libssh_test_NoNewLineOneline.tmp"
 #define LIBSSH_TEST_RECURSIVE_INCLUDE "libssh_test_recursive_include.tmp"
+#define LIBSSH_TESTCONFIG_MATCH_COMPLEX "libssh_test_match_complex.tmp"
 
 #define LIBSSH_TESTCONFIG_STRING1 \
     "User "USERNAME"\nInclude "LIBSSH_TESTCONFIG2"\n\n"
@@ -176,10 +183,42 @@ extern LIBSSH_THREAD int ssh_log_level;
     "Host time4\n" \
     "\tRekeyLimit default 9600\n"
 
-/* Multiple IdentityFile settings all are aplied */
+/* Multiple IdentityFile settings all are applied */
 #define LIBSSH_TESTCONFIG_STRING13 \
    "IdentityFile id_rsa_one\n" \
-   "IdentityFile id_ecdsa_two\n"
+   "CertificateFile id_rsa_one-cert.pub\n" \
+   "IdentityFile id_ecdsa_two\n" \
+   "CertificateFile id_ecdsa_two-cert.pub\n" \
+
+/* +,-,^ features for all supported list */
+/* kex won't work in fips */
+#define LIBSSH_TESTCONFIG_STRING14 \
+    "HostKeyAlgorithms +ssh-rsa\n" \
+    "Ciphers +aes128-cbc,aes256-cbc\n" \
+    "KexAlgorithms +diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\n" \
+    "MACs +hmac-sha1,hmac-sha1-etm@openssh.com\n"
+
+/* have to be algorithms which are in the default list */
+#define LIBSSH_TESTCONFIG_STRING15 \
+    "HostKeyAlgorithms -rsa-sha2-512,rsa-sha2-256\n" \
+    "Ciphers -aes256-ctr\n" \
+    "KexAlgorithms -diffie-hellman-group18-sha512,diffie-hellman-group16-sha512\n" \
+    "MACs -hmac-sha2-256-etm@openssh.com\n"
+
+#define LIBSSH_TESTCONFIG_STRING16 \
+    "HostKeyAlgorithms ^rsa-sha2-512,rsa-sha2-256\n" \
+    "Ciphers ^aes256-cbc\n" \
+    "KexAlgorithms ^diffie-hellman-group18-sha512,diffie-hellman-group16-sha512\n" \
+    "MACs ^hmac-sha1\n"
+
+/* Connection Multiplexing */
+#define LIBSSH_TESTCONFIG_STRING17 \
+    "Host simple\n" \
+    "\tControlMaster auto\n" \
+    "\tControlPath /tmp/ssh-%r@%h:%p\n" \
+    "Host none\n" \
+    "\tControlMaster yes\n" \
+    "\tControlPath none\n"
 
 #define LIBSSH_TEST_PUBKEYTYPES_STRING \
     "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n"
@@ -197,6 +236,13 @@ extern LIBSSH_THREAD int ssh_log_level;
 #define LIBSSH_TEST_RECURSIVE_INCLUDE_STRING \
     "Include " LIBSSH_TEST_RECURSIVE_INCLUDE
 
+/* Complex match cases */
+#define LIBSSH_TESTCONFIG_MATCH_COMPLEX_STRING \
+    "Match originalhost \"Foo,Bar\" exec \"[ \\\"$(ps h o comm p $(ps h o ppid p $PPID))\\\" != \\\"rsync\\\" ]\"\n" \
+    "Match exec \"[ \\\"$(ps h o comm p $(ps h o ppid p $PPID))\\\" != \\\"rsync\\\" ]\"\n" \
+    "\tForwardAgent yes\n" \
+    "\tHostName complex-match\n"
+
 /**
  * @brief helper function loading configuration from either file or string
  */
@@ -238,10 +284,15 @@ static int setup_config_files(void **state)
     unlink(LIBSSH_TESTCONFIG10);
     unlink(LIBSSH_TESTCONFIG11);
     unlink(LIBSSH_TESTCONFIG12);
+    unlink(LIBSSH_TESTCONFIG14);
+    unlink(LIBSSH_TESTCONFIG15);
+    unlink(LIBSSH_TESTCONFIG16);
+    unlink(LIBSSH_TESTCONFIG17);
     unlink(LIBSSH_TEST_PUBKEYTYPES);
     unlink(LIBSSH_TEST_PUBKEYALGORITHMS);
     unlink(LIBSSH_TEST_NONEWLINEEND);
     unlink(LIBSSH_TEST_NONEWLINEONELINE);
+    unlink(LIBSSH_TESTCONFIG_MATCH_COMPLEX);
 
     torture_write_file(LIBSSH_TESTCONFIG1,
                        LIBSSH_TESTCONFIG_STRING1);
@@ -285,6 +336,16 @@ static int setup_config_files(void **state)
     torture_write_file(LIBSSH_TESTCONFIG12,
                        LIBSSH_TESTCONFIG_STRING12);
 
+    /* +,-,^ feature */
+    torture_write_file(LIBSSH_TESTCONFIG14,
+                       LIBSSH_TESTCONFIG_STRING14);
+    torture_write_file(LIBSSH_TESTCONFIG15,
+                       LIBSSH_TESTCONFIG_STRING15);
+    torture_write_file(LIBSSH_TESTCONFIG16,
+                       LIBSSH_TESTCONFIG_STRING16);
+    torture_write_file(LIBSSH_TESTCONFIG17,
+                       LIBSSH_TESTCONFIG_STRING17);
+
     torture_write_file(LIBSSH_TEST_PUBKEYTYPES,
                        LIBSSH_TEST_PUBKEYTYPES_STRING);
 
@@ -297,6 +358,10 @@ static int setup_config_files(void **state)
     torture_write_file(LIBSSH_TEST_NONEWLINEONELINE,
                        LIBSSH_TEST_NONEWLINEONELINE_STRING);
 
+    /* Match complex combinations */
+    torture_write_file(LIBSSH_TESTCONFIG_MATCH_COMPLEX,
+                       LIBSSH_TESTCONFIG_MATCH_COMPLEX_STRING);
+
     return 0;
 }
 
@@ -316,8 +381,15 @@ static int teardown_config_files(void **state)
     unlink(LIBSSH_TESTCONFIG10);
     unlink(LIBSSH_TESTCONFIG11);
     unlink(LIBSSH_TESTCONFIG12);
+    unlink(LIBSSH_TESTCONFIG14);
+    unlink(LIBSSH_TESTCONFIG15);
+    unlink(LIBSSH_TESTCONFIG16);
+    unlink(LIBSSH_TESTCONFIG17);
     unlink(LIBSSH_TEST_PUBKEYTYPES);
     unlink(LIBSSH_TEST_PUBKEYALGORITHMS);
+    unlink(LIBSSH_TEST_NONEWLINEEND);
+    unlink(LIBSSH_TEST_NONEWLINEONELINE);
+    unlink(LIBSSH_TESTCONFIG_MATCH_COMPLEX);
 
     return 0;
 }
@@ -541,9 +613,9 @@ static void torture_config_new(void ** state,
     assert_string_equal(session->opts.bindaddr, BIND_ADDRESS);
 #ifdef WITH_ZLIB
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
+                        "zlib@openssh.com,none");
 #else
     assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
                         "none");
@@ -636,6 +708,34 @@ static void torture_config_auth_methods_string(void **state)
     torture_config_auth_methods(state, NULL, LIBSSH_TESTCONFIG_STRING8);
 }
 
+/**
+ * @brief Helper for checking hostname, username and port of ssh_jump_info_struct
+ */
+static void
+helper_proxy_jump_check(struct ssh_iterator *jump,
+                        const char *hostname,
+                        const char *username,
+                        const char *port)
+{
+    struct ssh_jump_info_struct *jis =
+        ssh_iterator_value(struct ssh_jump_info_struct *, jump);
+
+    assert_string_equal(jis->hostname, hostname);
+
+    if (username != NULL) {
+        assert_string_equal(jis->username, username);
+    } else {
+        assert_null(jis->username);
+    }
+
+    if (port != NULL) {
+        int iport = strtol(port, NULL, 10);
+        assert_int_equal(jis->port, iport);
+    } else {
+        assert_int_equal(jis->port, 22);
+    }
+}
+
 /**
  * @brief Verify the configuration parser does not choke on unknown
  * or unsupported configuration options
@@ -647,15 +747,18 @@ static void torture_config_unknown(void **state,
     int ret = 0;
 
     /* test corner cases */
+    /* Without libssh proxy jump */
+    torture_setenv("OPENSSH_PROXYJUMP", "1");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand,
-            "ssh -W [%h]:%p many-spaces.com");
+                        "ssh -W '[%h]:%p' many-spaces.com");
     assert_string_equal(session->opts.host, "equal.sign");
 
     ret = ssh_config_parse_file(session, "/etc/ssh/ssh_config");
     assert_true(ret == 0);
     ret = ssh_config_parse_file(session, GLOBAL_CLIENT_CONFIG);
     assert_true(ret == 0);
+    torture_unsetenv("OPENSSH_PROXYJUMP");
 }
 
 /**
@@ -807,7 +910,7 @@ static void torture_config_match(void **state,
     }
     torture_reset_config(session);
     _parse_config(session, file, string, SSH_OK);
-#ifdef _WIN32
+#ifndef WITH_EXEC
     /* The match exec is not supported on windows at this moment */
     assert_string_equal(session->opts.host, "otherhost");
 #else
@@ -823,7 +926,7 @@ static void torture_config_match(void **state,
     }
     torture_reset_config(session);
     _parse_config(session, file, string, SSH_OK);
-#ifdef _WIN32
+#ifndef WITH_EXEC
     /* The match exec is not supported on windows at this moment */
     assert_string_equal(session->opts.host, "otherhost");
 #else
@@ -839,7 +942,7 @@ static void torture_config_match(void **state,
     }
     torture_reset_config(session);
     _parse_config(session, file, string, SSH_OK);
-#ifdef _WIN32
+#ifndef WITH_EXEC
     /* The match exec is not supported on windows at this moment */
     assert_string_equal(session->opts.host, "otherhost");
 #else
@@ -856,7 +959,9 @@ static void torture_config_match(void **state,
         string = config;
     }
     torture_reset_config(session);
-    _parse_config(session, file, string, SSH_ERROR);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "unmatched");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.host, "unmatched");
 
     /* Missing argument to unsupported option originalhost */
     config = "Match originalhost\n"
@@ -912,6 +1017,36 @@ static void torture_config_match(void **state,
     }
     torture_reset_config(session);
     _parse_config(session, file, string, SSH_ERROR);
+
+    /* Unknown argument to Match keyword */
+    config = "Match tagged tag_name\n"
+             "\tHostName never-matched.com\n"
+             "Match all\n"
+             "\tHostName config-host.com\n";
+    if (file != NULL) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "example.com");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.host, "config-host.com");
+
+    /* Missing argument to Match keyword */
+    config = "Match\n"
+             "\tHostName never-matched.com\n"
+             "Match all\n"
+             "\tHostName config-host.com\n";
+    if (file != NULL) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "example.com");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.host, "config-host.com");
 }
 
 /**
@@ -939,34 +1074,115 @@ static void torture_config_proxyjump(void **state,
                                      const char *file, const char *string)
 {
     ssh_session session = *state;
+
     const char *config;
 
+
+    /* Tests for libssh based proxyjump */
     /* Simplest version with just a hostname */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
     _parse_config(session, file, string, SSH_OK);
-    assert_string_equal(session->opts.ProxyCommand, "ssh -W [%h]:%p jumpbox");
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "jumpbox",
+                            NULL,
+                            NULL);
+
+    /* With username */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "user");
+    _parse_config(session, file, string, SSH_OK);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "jumpbox",
+                            "user",
+                            NULL);
+
+    /* With port */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "port");
+    _parse_config(session, file, string, SSH_OK);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "jumpbox",
+                            NULL,
+                            "2222");
+
+    /* Two step jump */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "two-step");
+    _parse_config(session, file, string, SSH_OK);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "second",
+                            "u2",
+                            "33");
+    helper_proxy_jump_check(session->opts.proxy_jumps->root->next,
+                            "first",
+                            "u1",
+                            "222");
+
+    /* none */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "none");
+    _parse_config(session, file, string, SSH_OK);
+    assert_int_equal(ssh_list_count(session->opts.proxy_jumps), 0);
+
+    /* If also ProxyCommand is specified, the first is applied */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "only-command");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.ProxyCommand, PROXYCMD);
+    assert_int_equal(ssh_list_count(session->opts.proxy_jumps), 0);
+
+    /* If also ProxyCommand is specified, the first is applied */
+    torture_reset_config(session);
+    SAFE_FREE(session->opts.ProxyCommand);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "only-jump");
+    _parse_config(session, file, string, SSH_OK);
+    assert_null(session->opts.ProxyCommand);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "jumpbox",
+                            NULL,
+                            NULL);
+
+    /* IPv6 address */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "ipv6");
+    _parse_config(session, file, string, SSH_OK);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "2620:52:0::fed",
+                            NULL,
+                            NULL);
+
+    torture_reset_config(session);
+
+    /* Tests for proxycommand based proxyjump */
+    torture_setenv("OPENSSH_PROXYJUMP", "1");
+
+    /* Simplest version with just a hostname */
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.ProxyCommand, "ssh -W '[%h]:%p' jumpbox");
 
     /* With username */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "user");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand,
-                        "ssh -l user -W [%h]:%p jumpbox");
+                        "ssh -l user -W '[%h]:%p' jumpbox");
 
     /* With port */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "port");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand,
-                        "ssh -p 2222 -W [%h]:%p jumpbox");
+                        "ssh -p 2222 -W '[%h]:%p' jumpbox");
 
     /* Two step jump */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "two-step");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand,
-                        "ssh -l u1 -p 222 -J u2@second:33 -W [%h]:%p first");
+                        "ssh -l u1 -p 222 -J u2@second:33 -W '[%h]:%p' first");
 
     /* none */
     torture_reset_config(session);
@@ -974,43 +1190,43 @@ static void torture_config_proxyjump(void **state,
     _parse_config(session, file, string, SSH_OK);
     assert_true(session->opts.ProxyCommand == NULL);
 
-    /* If also ProxyCommand is specifed, the first is applied */
+    /* If also ProxyCommand is specified, the first is applied */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "only-command");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand, PROXYCMD);
 
-    /* If also ProxyCommand is specifed, the first is applied */
+    /* If also ProxyCommand is specified, the first is applied */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "only-jump");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand,
-                        "ssh -W [%h]:%p jumpbox");
+                        "ssh -W '[%h]:%p' jumpbox");
 
     /* IPv6 address */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "ipv6");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand,
-                        "ssh -W [%h]:%p 2620:52:0::fed");
+                        "ssh -W '[%h]:%p' 2620:52:0::fed");
 
-    /* In this part, we try various other config files and strings. */
 
-    /* Try to create some invalid configurations */
-    /* Non-numeric port */
-    config = "Host bad-port\n"
-             "\tProxyJump jumpbox:22bad22\n";
+    /* Multiple @ is allowed in second jump */
+    config = "Host allowed-hostname\n"
+             "\tProxyJump localhost,user@principal.com@jumpbox:22\n";
     if (file != NULL) {
         torture_write_file(file, config);
     } else {
         string = config;
     }
     torture_reset_config(session);
-    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
-    _parse_config(session, file, string, SSH_ERROR);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.ProxyCommand,
+                        "ssh -J user@principal.com@jumpbox:22 -W '[%h]:%p' localhost");
 
-    /* Too many @ */
-    config = "Host bad-hostname\n"
+    /* Multiple @ is allowed */
+    config = "Host allowed-hostname\n"
              "\tProxyJump user@principal.com@jumpbox:22\n";
     if (file != NULL) {
         torture_write_file(file, config);
@@ -1018,7 +1234,60 @@ static void torture_config_proxyjump(void **state,
         string = config;
     }
     torture_reset_config(session);
-    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
+    ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.ProxyCommand,
+                        "ssh -l user@principal.com -p 22 -W '[%h]:%p' jumpbox");
+    torture_unsetenv("OPENSSH_PROXYJUMP");
+
+    /* Tests for libssh based proxyjump */
+    /* Multiple @ is allowed in second jump */
+    config = "Host allowed-hostname\n"
+             "\tProxyJump localhost,user@principal.com@jumpbox:22\n";
+    if (file != NULL) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+    _parse_config(session, file, string, SSH_OK);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "jumpbox",
+                            "user@principal.com",
+                            "22");
+
+    /* Multiple @ is allowed */
+    config = "Host allowed-hostname\n"
+             "\tProxyJump user@principal.com@jumpbox:22\n";
+    if (file != NULL) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+    _parse_config(session, file, string, SSH_OK);
+    helper_proxy_jump_check(session->opts.proxy_jumps->root,
+                            "jumpbox",
+                            "user@principal.com",
+                            "22");
+    torture_reset_config(session);
+
+    /* In this part, we try various other config files and strings. */
+    torture_setenv("OPENSSH_PROXYJUMP", "1");
+
+    /* Try to create some invalid configurations */
+    /* Non-numeric port */
+    config = "Host bad-port\n"
+             "\tProxyJump jumpbox:22bad22\n";
+    if (file != NULL) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
     _parse_config(session, file, string, SSH_ERROR);
 
     /* Braces mismatch in hostname */
@@ -1093,18 +1362,6 @@ static void torture_config_proxyjump(void **state,
     ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port-2");
     _parse_config(session, file, string, SSH_ERROR);
 
-    /* Too many @ in second jump */
-    config = "Host bad-hostname\n"
-             "\tProxyJump localhost,user@principal.com@jumpbox:22\n";
-    if (file != NULL) {
-        torture_write_file(file, config);
-    } else {
-        string = config;
-    }
-    torture_reset_config(session);
-    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
-    _parse_config(session, file, string, SSH_ERROR);
-
     /* Braces mismatch in second jump */
     config = "Host mismatch\n"
              "\tProxyJump localhost,[::1:20\n";
@@ -1164,6 +1421,8 @@ static void torture_config_proxyjump(void **state,
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "no-port");
     _parse_config(session, file, string, SSH_ERROR);
+
+    torture_unsetenv("OPENSSH_PROXYJUMP");
 }
 
 /**
@@ -1182,6 +1441,76 @@ static void torture_config_proxyjump_string(void **state)
     torture_config_proxyjump(state, NULL, LIBSSH_TESTCONFIG_STRING11);
 }
 
+/**
+ * @brief Verify we can parse ControlPath configuration option
+ */
+static void torture_config_control_path(void **state,
+                                        const char *file, const char *string)
+{
+    ssh_session session = *state;
+
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
+    _parse_config(session, file, string, SSH_OK);
+    assert_null(session->opts.control_path);
+
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "none");
+    _parse_config(session, file, string, SSH_OK);
+    assert_null(session->opts.control_path);
+}
+
+/**
+ * @brief Verify we can parse ControlPath configuration option from string
+ */
+static void torture_config_control_path_string(void **state)
+{
+    torture_config_control_path(state, NULL, LIBSSH_TESTCONFIG_STRING17);
+}
+
+/**
+ * @brief Verify we can parse ControlPath configuration option from file
+ */
+static void torture_config_control_path_file(void **state)
+{
+    torture_config_control_path(state, LIBSSH_TESTCONFIG17, NULL);
+}
+
+/**
+ * @brief Verify we can parse ControlMaster configuration option
+ */
+static void torture_config_control_master(void **state,
+                                          const char *file, const char *string)
+{
+    ssh_session session = *state;
+
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
+    _parse_config(session, file, string, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_NO);
+
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "none");
+    _parse_config(session, file, string, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_NO);
+}
+
+/**
+ * @brief Verify we can parse ControlMaster configuration option from string
+ */
+static void torture_config_control_master_string(void **state)
+{
+    torture_config_control_master(state, NULL, LIBSSH_TESTCONFIG_STRING17);
+}
+
+/**
+ * @brief Verify we can parse ControlMaster configuration option from file
+ */
+static void torture_config_control_master_file(void **state)
+{
+    torture_config_control_master(state, LIBSSH_TESTCONFIG17, NULL);
+}
+
 /**
  * @brief Verify the configuration parser handles all the possible
  * versions of RekeyLimit configuration option.
@@ -1267,6 +1596,345 @@ static void torture_config_rekey_string(void **state)
     torture_config_rekey(state, NULL, LIBSSH_TESTCONFIG_STRING12);
 }
 
+/**
+ * @brief Remove substring from a string
+ *
+ * @param occurrence 0 means "remove the first occurrence"
+ *                   1 means "remove the second occurrence" and so on
+ */
+static void helper_remove_substring(char *s, const char *subs, int occurrence) {
+    char *p;
+    /* remove the substring from the defaults */
+    p = strstr(s, subs);
+    assert_non_null(p);
+    /* look for second occurrence */
+    for (int i = 0; i < occurrence; i++) {
+        p = strstr(p + 1, subs);
+        assert_non_null(p);
+    }
+    memmove(p, p + strlen(subs), strlen(p + strlen(subs)) + 1);
+}
+
+/**
+ * @brief test that openssh style '+' feature works
+ */
+static void torture_config_plus(void **state,
+                                const char *file, const char *string)
+{
+    ssh_session session = *state;
+    const char *def_hostkeys = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    const char *fips_hostkeys = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+    const char *def_ciphers = ssh_kex_get_default_methods(SSH_CRYPT_C_S);
+    const char *fips_ciphers = ssh_kex_get_fips_methods(SSH_CRYPT_C_S);
+    const char *def_kex = ssh_kex_get_default_methods(SSH_KEX);
+    const char *fips_kex = ssh_kex_get_fips_methods(SSH_KEX);
+    const char *def_mac = ssh_kex_get_default_methods(SSH_MAC_C_S);
+    const char *fips_mac = ssh_kex_get_fips_methods(SSH_MAC_C_S);
+    const char *hostkeys_added = ",ssh-rsa";
+    const char *ciphers_added = ",aes128-cbc,aes256-cbc";
+    const char *kex_added = ",diffie-hellman-group14-sha1,diffie-hellman-group1-sha1";
+    const char *mac_added = ",hmac-sha1,hmac-sha1-etm@openssh.com";
+    char *awaited = NULL;
+    int rc;
+
+    _parse_config(session, file, string, SSH_OK);
+
+    /* check hostkeys */
+    if (ssh_fips_mode()) {
+        /* ssh-rsa is disabled in fips */
+        assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
+    } else {
+        awaited = calloc(strlen(def_hostkeys) + strlen(hostkeys_added) + 1, 1);
+        rc = snprintf(awaited, strlen(def_hostkeys) + strlen(hostkeys_added) + 1,
+                      "%s%s", def_hostkeys, hostkeys_added);
+        assert_int_equal(rc, strlen(def_hostkeys) + strlen(hostkeys_added));
+
+        assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], awaited);
+        free(awaited);
+    }
+
+    /* check ciphers */
+    if (ssh_fips_mode()) {
+        /* already all supported is in the list */
+        assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
+    } else {
+        awaited = calloc(strlen(def_ciphers) + strlen(ciphers_added) + 1, 1);
+        rc = snprintf(awaited, strlen(def_ciphers) + strlen(ciphers_added) + 1,
+                      "%s%s", def_ciphers, ciphers_added);
+        assert_int_equal(rc, strlen(def_ciphers) + strlen(ciphers_added));
+        assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], awaited);
+        free(awaited);
+    }
+
+    /* check kex */
+    if (ssh_fips_mode()) {
+        /* sha1 is disabled in fips */
+        assert_string_equal(session->opts.wanted_methods[SSH_KEX], fips_kex);
+    } else {
+        awaited = calloc(strlen(def_kex) + strlen(kex_added) + 1, 1);
+        rc = snprintf(awaited, strlen(def_kex) + strlen(kex_added) + 1,
+                      "%s%s", def_kex, kex_added);
+        assert_int_equal(rc, strlen(def_kex) + strlen(kex_added));
+        assert_string_equal(session->opts.wanted_methods[SSH_KEX], awaited);
+        free(awaited);
+    }
+
+    /* check mac */
+    if (ssh_fips_mode()) {
+        /* the added algos are already in the fips_methods */
+        assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], fips_mac);
+    } else {
+        awaited = calloc(strlen(def_mac) + strlen(mac_added) + 1, 1);
+        rc = snprintf(awaited, strlen(def_mac) + strlen(mac_added) + 1,
+                      "%s%s", def_mac, mac_added);
+        assert_int_equal(rc, strlen(def_mac) + strlen(mac_added));
+        assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], awaited);
+        free(awaited);
+    }
+}
+
+/**
+ * @brief test that openssh style '+' feature works from file
+ */
+static void torture_config_plus_file(void **state)
+{
+    torture_config_plus(state, LIBSSH_TESTCONFIG14, NULL);
+}
+
+/**
+ * @brief test that openssh style '+' feature works from string
+ */
+static void torture_config_plus_string(void **state)
+{
+    torture_config_plus(state, NULL, LIBSSH_TESTCONFIG_STRING14);
+}
+
+/**
+ * @brief test that openssh style '-' feature works from string
+ */
+static void torture_config_minus(void **state,
+                                 const char *file, const char *string)
+{
+    ssh_session session = *state;
+    const char *def_hostkeys = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    const char *fips_hostkeys = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+    const char *def_ciphers = ssh_kex_get_default_methods(SSH_CRYPT_C_S);
+    const char *fips_ciphers = ssh_kex_get_fips_methods(SSH_CRYPT_C_S);
+    const char *def_kex = ssh_kex_get_default_methods(SSH_KEX);
+    const char *fips_kex = ssh_kex_get_fips_methods(SSH_KEX);
+    const char *def_mac = ssh_kex_get_default_methods(SSH_MAC_C_S);
+    const char *fips_mac = ssh_kex_get_fips_methods(SSH_MAC_C_S);
+    const char *hostkeys_removed = ",rsa-sha2-512,rsa-sha2-256";
+    const char *ciphers_removed = ",aes256-ctr";
+    const char *kex_removed = ",diffie-hellman-group18-sha512,diffie-hellman-group16-sha512";
+    const char *fips_kex_removed = ",diffie-hellman-group16-sha512,diffie-hellman-group18-sha512";
+    const char *mac_removed = "hmac-sha2-256-etm@openssh.com,";
+    char *awaited = NULL;
+    int rc;
+
+    _parse_config(session, file, string, SSH_OK);
+
+    /* check hostkeys */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(fips_hostkeys) + 1, 1);
+        rc = snprintf(awaited, strlen(fips_hostkeys) + 1, "%s", fips_hostkeys);
+        assert_int_equal(rc, strlen(fips_hostkeys));
+    } else {
+        awaited = calloc(strlen(def_hostkeys) + 1, 1);
+        rc = snprintf(awaited, strlen(def_hostkeys) + 1, "%s", def_hostkeys);
+        assert_int_equal(rc, strlen(def_hostkeys));
+    }
+    /* remove the substring from the defaults */
+    helper_remove_substring(awaited, hostkeys_removed, 0);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], awaited);
+    free(awaited);
+
+    /* check ciphers */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(fips_ciphers) + 1, 1);
+        rc = snprintf(awaited, strlen(fips_ciphers) + 1, "%s", fips_ciphers);
+        assert_int_equal(rc, strlen(fips_ciphers));
+    } else {
+        awaited = calloc(strlen(def_ciphers) + 1, 1);
+        rc = snprintf(awaited, strlen(def_ciphers) + 1, "%s", def_ciphers);
+        assert_int_equal(rc, strlen(def_ciphers));
+    }
+    /* remove the substring from the defaults */
+    helper_remove_substring(awaited, ciphers_removed, 0);
+    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], awaited);
+    free(awaited);
+
+    /* check kex */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(fips_kex) + 1, 1);
+        rc = snprintf(awaited, strlen(fips_kex) + 1, "%s", fips_kex);
+        assert_int_equal(rc, strlen(fips_kex));
+        /* remove the substring from the defaults */
+        helper_remove_substring(awaited, fips_kex_removed, 0);
+    } else {
+        awaited = calloc(strlen(def_kex) + 1, 1);
+        rc = snprintf(awaited, strlen(def_kex) + 1, "%s", def_kex);
+        assert_int_equal(rc, strlen(def_kex));
+        /* remove the substring from the defaults */
+        helper_remove_substring(awaited, kex_removed, 0);
+    }
+    assert_string_equal(session->opts.wanted_methods[SSH_KEX], awaited);
+    free(awaited);
+
+    /* check mac */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(fips_mac) + 1, 1);
+        rc = snprintf(awaited, strlen(fips_mac) + 1, "%s", fips_mac);
+        assert_int_equal(rc, strlen(fips_mac));
+    } else {
+        awaited = calloc(strlen(def_mac) + 1, 1);
+        rc = snprintf(awaited, strlen(def_mac) + 1, "%s", def_mac);
+        assert_int_equal(rc, strlen(def_mac));
+    }
+    /* remove the substring from the defaults */
+    helper_remove_substring(awaited, mac_removed, 0);
+    assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], awaited);
+    free(awaited);
+}
+
+/**
+ * @brief test that openssh style '-' feature works from file
+ */
+static void torture_config_minus_file(void **state)
+{
+    torture_config_minus(state, LIBSSH_TESTCONFIG15, NULL);
+}
+
+/**
+ * @brief test that openssh style '-' feature works from string
+ */
+static void torture_config_minus_string(void **state)
+{
+    torture_config_minus(state, NULL, LIBSSH_TESTCONFIG_STRING15);
+}
+
+/**
+ * @brief test that openssh style '^' feature works from string
+ */
+static void torture_config_caret(void **state,
+                                 const char *file, const char *string)
+{
+    ssh_session session = *state;
+    const char *def_hostkeys = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    const char *fips_hostkeys = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+    const char *def_ciphers = ssh_kex_get_default_methods(SSH_CRYPT_C_S);
+    const char *fips_ciphers = ssh_kex_get_fips_methods(SSH_CRYPT_C_S);
+    const char *def_kex = ssh_kex_get_default_methods(SSH_KEX);
+    const char *fips_kex = ssh_kex_get_fips_methods(SSH_KEX);
+    const char *def_mac = ssh_kex_get_default_methods(SSH_MAC_C_S);
+    const char *fips_mac = ssh_kex_get_fips_methods(SSH_MAC_C_S);
+    const char *hostkeys_prio = "rsa-sha2-512,rsa-sha2-256";
+    const char *ciphers_prio = "aes256-cbc,";
+    const char *kex_prio = "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,";
+    const char *fips_kex_prio = ",diffie-hellman-group16-sha512,diffie-hellman-group18-sha512";
+    const char *mac_prio = "hmac-sha1,";
+    char *awaited = NULL;
+    int rc;
+
+    _parse_config(session, file, string, SSH_OK);
+
+    /* check hostkeys */
+    /* +2 for the added comma and the \0 */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(hostkeys_prio) + strlen(fips_hostkeys) + 2, 1);
+        rc = snprintf(awaited, strlen(hostkeys_prio) + strlen(fips_hostkeys) + 2,
+                      "%s,%s", hostkeys_prio, fips_hostkeys);
+        assert_int_equal(rc, strlen(hostkeys_prio) + strlen(fips_hostkeys) + 1);
+    } else {
+        awaited = calloc(strlen(def_hostkeys) + strlen(hostkeys_prio) + 2, 1);
+        rc = snprintf(awaited, strlen(hostkeys_prio) + strlen(def_hostkeys) + 2,
+                      "%s,%s", hostkeys_prio, def_hostkeys);
+        assert_int_equal(rc, strlen(hostkeys_prio) + strlen(def_hostkeys) + 1);
+    }
+
+    /* remove the substring from the defaults */
+    helper_remove_substring(awaited, hostkeys_prio, 1);
+    /* remove the comma at the end of the list */
+    awaited[strlen(awaited) - 1] = '\0';
+
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS], awaited);
+    free(awaited);
+
+    /* check ciphers */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(ciphers_prio) + strlen(fips_ciphers) + 1, 1);
+        rc = snprintf(awaited, strlen(ciphers_prio) + strlen(fips_ciphers) + 1,
+                      "%s%s", ciphers_prio, fips_ciphers);
+        assert_int_equal(rc, strlen(ciphers_prio) + strlen(fips_ciphers));
+        /* remove the substring from the defaults */
+        helper_remove_substring(awaited, ciphers_prio, 1);
+    } else {
+        /* + 2 because the '\0' and the comma */
+        awaited = calloc(strlen(ciphers_prio) + strlen(def_ciphers) + 1, 1);
+        rc = snprintf(awaited, strlen(ciphers_prio) + strlen(def_ciphers) + 1,
+                      "%s%s", ciphers_prio, def_ciphers);
+        assert_int_equal(rc, strlen(ciphers_prio) + strlen(def_ciphers));
+    }
+
+    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S], awaited);
+    free(awaited);
+
+    /* check kex */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(kex_prio) + strlen(fips_kex) + 1, 1);
+        rc = snprintf(awaited, strlen(kex_prio) + strlen(fips_kex) + 1,
+                      "%s%s", kex_prio, fips_kex);
+        assert_int_equal(rc, strlen(kex_prio) + strlen(fips_kex));
+        /* remove the substring from the defaults */
+        /* the default list has different order of these two algos than the fips
+         * and because here is a braindead string substitution being done,
+         * change the order and remove the first occurrence of it */
+        helper_remove_substring(awaited, fips_kex_prio, 0);
+    } else {
+        awaited = calloc(strlen(kex_prio) + strlen(def_kex) + 1, 1);
+        rc = snprintf(awaited, strlen(kex_prio) + strlen(def_kex) + 1,
+                      "%s%s", kex_prio, def_kex);
+        assert_int_equal(rc, strlen(def_kex) + strlen(kex_prio));
+        /* remove the substring from the defaults */
+        helper_remove_substring(awaited, kex_prio, 1);
+    }
+
+    assert_string_equal(session->opts.wanted_methods[SSH_KEX], awaited);
+    free(awaited);
+
+    /* check mac */
+    if (ssh_fips_mode()) {
+        awaited = calloc(strlen(mac_prio) + strlen(fips_mac) + 1, 1);
+        rc = snprintf(awaited, strlen(mac_prio) + strlen(fips_mac) + 1, "%s%s", mac_prio, fips_mac);
+        assert_int_equal(rc, strlen(mac_prio) + strlen(fips_mac));
+        /* the fips list contains hmac-sha1 algo */
+        helper_remove_substring(awaited, mac_prio, 1);
+    } else {
+        awaited = calloc(strlen(mac_prio) + strlen(def_mac) + 1, 1);
+        /* the mac is not in default; it is added to the list */
+        rc = snprintf(awaited, strlen(mac_prio) + strlen(def_mac) + 1, "%s%s", mac_prio, def_mac);
+        assert_int_equal(rc, strlen(mac_prio) + strlen(def_mac));
+    }
+    assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], awaited);
+    free(awaited);
+}
+
+/**
+ * @brief test that openssh style '^' feature works from file
+ */
+static void torture_config_caret_file(void **state)
+{
+    torture_config_caret(state, LIBSSH_TESTCONFIG16, NULL);
+}
+
+/**
+ * @brief test that openssh style '^' feature works from string
+ */
+static void torture_config_caret_string(void **state)
+{
+    torture_config_caret(state, NULL, LIBSSH_TESTCONFIG_STRING16);
+}
+
 /**
  * @brief test PubkeyAcceptedKeyTypes helper function
  */
@@ -1379,17 +2047,20 @@ static void torture_config_nonewlineoneline_string(void **state)
             NULL, LIBSSH_TEST_NONEWLINEONELINE_STRING);
 }
 
-/* ssh_config_get_cmd() does three things:
+/* ssh_config_get_cmd() does these two things:
  *  * Strips leading whitespace
- *  * Terminate the characted on the end of next quotes-enclosed string
  *  * Terminate on the end of line
  */
 static void torture_config_parser_get_cmd(void **state)
 {
     char *p = NULL, *tok = NULL;
     char data[256];
-
-    (void) state;
+#ifdef WITH_EXEC
+    FILE *outfile = NULL, *infile = NULL;
+    int pid;
+    char buffer[256] = {0};
+#endif
+    (void)state;
 
     /* Ignore leading whitespace */
     strncpy(data, "  \t\t  string\n", sizeof(data));
@@ -1405,14 +2076,11 @@ static void torture_config_parser_get_cmd(void **state)
     assert_string_equal(tok, "string  \t\t  ");
     assert_int_equal(*p, '\0');
 
-    /* should drop the quotes and split them into separate arguments */
+    /* should not drop the quotes and not split them into separate arguments */
     strncpy(data, "\"multi string\" something\n", sizeof(data));
     p = data;
     tok = ssh_config_get_cmd(&p);
-    assert_string_equal(tok, "multi string");
-    assert_int_equal(*p, ' ');
-    tok = ssh_config_get_cmd(&p);
-    assert_string_equal(tok, "something");
+    assert_string_equal(tok, "\"multi string\" something");
     assert_int_equal(*p, '\0');
 
     /* But it does not split tokens by whitespace
@@ -1422,12 +2090,53 @@ static void torture_config_parser_get_cmd(void **state)
     tok = ssh_config_get_cmd(&p);
     assert_string_equal(tok, "multi string something");
     assert_int_equal(*p, '\0');
+
+    /* Commands in quotes are not treated special */
+    sprintf(data, "%s%s%s%s", "\"", SOURCEDIR "/tests/unittests/hello world.sh", "\" ", "\"hello libssh\"\n");
+    printf("%s\n", data);
+    p = data;
+    tok = ssh_config_get_cmd(&p);
+    assert_string_equal(tok, data);
+    assert_int_equal(*p, '\0');
+
+#ifdef WITH_EXEC
+    /* Check if the command would get correctly executed
+     * Use the script file "hello world.sh" to echo the first argument
+     * Run as <= "/workdir/hello world.sh" "hello libssh" => */
+
+    /* output to file and check wrong */
+    outfile = fopen("output.log", "a+");
+    assert_non_null(outfile);
+    printf("the tok is %s\n", tok);
+
+    pid = fork();
+    if (pid == -1) {
+        perror("fork");
+    } else if (pid == 0) {
+        ssh_execute_command(tok, fileno(outfile), fileno(outfile));
+        /* Does not return */
+    } else {
+        /* parent
+         * wait child process */
+        wait(NULL);
+        infile = fopen("output.log", "r");
+        assert_non_null(infile);
+        p = fgets(buffer, sizeof(buffer), infile);
+        fclose(infile);
+        remove("output.log");
+        assert_non_null(p);
+    }
+
+    fclose(outfile);
+    assert_string_equal(buffer, "hello libssh");
+#endif /* WITH_EXEC */
 }
 
 /* ssh_config_get_token() should behave as expected
  *  * Strip leading whitespace
  *  * Return first token separated by whitespace or equal sign,
  *    respecting quotes!
+ *  * Correctly treat escaped quotes inside of quotes.
  */
 static void torture_config_parser_get_token(void **state)
 {
@@ -1600,6 +2309,28 @@ static void torture_config_parser_get_token(void **state)
     tok = ssh_config_get_token(&p);
     assert_string_equal(tok, "value");
     assert_int_equal(*p, '\0');
+
+    /* Escaped quotes */
+    strncpy(data, " \"value with \\\"escaped\\\" quotes\"   \n", sizeof(data));
+    p = data;
+    tok = ssh_config_get_token(&p);
+    assert_string_equal(tok, "value with \"escaped\" quotes");
+    assert_int_equal(*p, '\0');
+
+    strncpy(data, "\\\"value with \\\"escaped\\\" quotes\\\"\n", sizeof(data));
+    p = data;
+    tok = ssh_config_get_token(&p);
+    assert_string_equal(tok, "\\\"value");
+    assert_int_equal(*p, 'w');
+    tok = ssh_config_get_token(&p);
+    assert_string_equal(tok, "with");
+    assert_int_equal(*p, '\\');
+    tok = ssh_config_get_token(&p);
+    assert_string_equal(tok, "\\\"escaped\\\"");
+    assert_int_equal(*p, 'q');
+    tok = ssh_config_get_token(&p);
+    assert_string_equal(tok, "quotes\\\"");
+    assert_int_equal(*p, '\0');
 }
 
 /* match_pattern() sanity tests
@@ -1692,12 +2423,14 @@ static void torture_config_match_pattern(void **state)
 static void torture_config_identity(void **state)
 {
     const char *id = NULL;
+    const char *cert = NULL;
     struct ssh_iterator *it = NULL;
     ssh_session session = *state;
 
     _parse_config(session, NULL, LIBSSH_TESTCONFIG_STRING13, SSH_OK);
 
-    it = ssh_list_get_iterator(session->opts.identity);
+    /* The identities are first added to this temporary list before expanding */
+    it = ssh_list_get_iterator(session->opts.identity_non_exp);
     assert_non_null(it);
     id = it->data;
     /* The identities are prepended to the list so we start with second one */
@@ -1707,6 +2440,20 @@ static void torture_config_identity(void **state)
     assert_non_null(it);
     id = it->data;
     assert_string_equal(id, "id_rsa_one");
+
+    /* The certs are first added to this temporary list before expanding */
+    it = ssh_list_get_iterator(session->opts.certificate_non_exp);
+    assert_non_null(it);
+    cert = it->data;
+    /* The certs are coming as listed in the configuration file */
+    assert_string_equal(cert, "id_rsa_one-cert.pub");
+
+    it = it->next;
+    assert_non_null(it);
+    cert = it->data;
+    assert_string_equal(cert, "id_ecdsa_two-cert.pub");
+    /* and that is all */
+    assert_null(it->next);
 }
 
 /* Make absolute path for config include
@@ -1716,24 +2463,14 @@ static void torture_config_make_absolute_int(void **state, bool no_sshdir_fails)
     ssh_session session = *state;
     char *result = NULL;
 #ifndef _WIN32
-    char h[256];
-    char *user;
-    char *home;
-
-    user = getenv("USER");
-    if (user == NULL) {
-        user = getenv("LOGNAME");
-    }
-
-    /* in certain CIs there no such variables */
-    if (!user) {
-        struct passwd *pw = getpwuid(getuid());
-        if (pw){
-            user = pw->pw_name;
-        }
-    }
-
-    home = getenv("HOME");
+    char h[256] = {0};
+    char *user = NULL;
+    char *home = NULL;
+    struct passwd *pw = getpwuid(getuid());
+    assert_non_null(pw);
+    user = strdup(pw->pw_name);
+    assert_non_null(user);
+    home = strdup(pw->pw_dir);
     assert_non_null(home);
 #endif
 
@@ -1791,6 +2528,8 @@ static void torture_config_make_absolute_int(void **state, bool no_sshdir_fails)
     snprintf(h, 256 - 1, "/etc/ssh/~%s/.ssh/config.d/*.conf", user);
     assert_string_equal(result, h);
     free(result);
+    free(home);
+    free(user);
 #endif
 }
 
@@ -1804,6 +2543,80 @@ static void torture_config_make_absolute_no_sshdir(void **state)
     torture_config_make_absolute_int(state, 1);
 }
 
+static void torture_config_parse_uri(void **state)
+{
+    char *username = NULL;
+    char *hostname = NULL;
+    char *port = NULL;
+    int rc;
+
+    (void)state; /* unused */
+
+    rc = ssh_config_parse_uri("localhost", &username, &hostname, &port, false);
+    assert_return_code(rc, errno);
+    assert_null(username);
+    assert_string_equal(hostname, "localhost");
+    SAFE_FREE(hostname);
+    assert_null(port);
+
+    rc = ssh_config_parse_uri("1.2.3.4", &username, &hostname, &port, false);
+    assert_return_code(rc, errno);
+    assert_null(username);
+    assert_string_equal(hostname, "1.2.3.4");
+    SAFE_FREE(hostname);
+    assert_null(port);
+
+    rc = ssh_config_parse_uri("1.2.3.4:2222", &username, &hostname, &port, false);
+    assert_return_code(rc, errno);
+    assert_null(username);
+    assert_string_equal(hostname, "1.2.3.4");
+    SAFE_FREE(hostname);
+    assert_string_equal(port, "2222");
+    SAFE_FREE(port);
+
+    rc = ssh_config_parse_uri("[1:2:3::4]:2222", &username, &hostname, &port, false);
+    assert_return_code(rc, errno);
+    assert_null(username);
+    assert_string_equal(hostname, "1:2:3::4");
+    SAFE_FREE(hostname);
+    assert_string_equal(port, "2222");
+    SAFE_FREE(port);
+
+    /* do not want port */
+    rc = ssh_config_parse_uri("1:2:3::4", &username, &hostname, NULL, true);
+    assert_return_code(rc, errno);
+    assert_null(username);
+    assert_string_equal(hostname, "1:2:3::4");
+    SAFE_FREE(hostname);
+
+    rc = ssh_config_parse_uri("user -name@", &username, NULL, NULL, true);
+    assert_int_equal(rc, SSH_ERROR);
+}
+
+/* Complex ssh match configurations
+ */
+static void torture_config_match_complex(void **state)
+{
+    ssh_session session = *state;
+    char *v = NULL;
+    int ret;
+
+    ssh_options_set(session, SSH_OPTIONS_HOST, "Bar");
+
+    _parse_config(session, LIBSSH_TESTCONFIG_MATCH_COMPLEX, NULL, SSH_OK);
+
+    /* Test the variable presence */
+    ret = ssh_options_get(session, SSH_OPTIONS_HOST, &v);
+    assert_return_code(ret, errno);
+    assert_non_null(v);
+#ifndef WITH_EXEC
+    assert_string_equal(session->opts.host, "Bar");
+#else
+    assert_string_equal(v, "complex-match");
+#endif
+    ssh_string_free_char(v);
+}
+
 int torture_run_tests(void)
 {
     int rc;
@@ -1844,10 +2657,30 @@ int torture_run_tests(void)
                                         setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_proxyjump_string,
                                         setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_control_path_file,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_control_path_string,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_control_master_file,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_control_master_string,
+                                        setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_rekey_file,
                                         setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_rekey_string,
                                         setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_plus_file,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_plus_string,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_minus_file,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_minus_string,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_caret_file,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_caret_string,
+                                        setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_pubkeytypes_file,
                                         setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_pubkeytypes_string,
@@ -1876,6 +2709,10 @@ int torture_run_tests(void)
                                         setup, teardown),
         cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir,
                                         setup_no_sshdir, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_parse_uri,
+                                        setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_config_match_complex,
+                                        setup, teardown),
     };
 
 
diff --git a/libssh/tests/unittests/torture_config_match_localnetwork.c b/libssh/tests/unittests/torture_config_match_localnetwork.c
new file mode 100644
index 00000000..4c20db08
--- /dev/null
+++ b/libssh/tests/unittests/torture_config_match_localnetwork.c
@@ -0,0 +1,752 @@
+#include "config.h"
+#include "torture.h"
+#include "libssh/options.h"
+#include "libssh/session.h"
+#include "match.c"
+#ifdef HAVE_IFADDRS_H
+#include <ifaddrs.h>
+#endif
+#include <net/if.h>
+#include <stdbool.h>
+
+/* This list contains common local subnet addresses and more generic ones */
+#define IPV4_LIST                                                       \
+    "158.46.192.0/18,213.86.215.224/27,61.67.54.0/23,164.155.128.0/21," \
+    "171.10.0.0/16,205.59.221.0/24,122.105.209.48/28,10.0.1.0/24,"      \
+    "130.192.28.0/22,172.16.16.0/16,192.168.0.0/24,169.254.0.0/16"
+
+#define IPV6_LIST "fe80::/64"
+
+static int
+setup(void **state)
+{
+    ssh_session session = NULL;
+    char *wd = NULL;
+    int verbosity;
+
+    session = ssh_new();
+
+    verbosity = torture_libssh_verbosity();
+    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    wd = torture_get_current_working_dir();
+    ssh_options_set(session, SSH_OPTIONS_SSH_DIR, wd);
+    free(wd);
+
+    *state = session;
+
+    return 0;
+}
+
+static int
+teardown(void **state)
+{
+    ssh_free(*state);
+
+    return 0;
+}
+
+/**
+ * @brief helper function loading configuration from either file or string
+ */
+static void
+_parse_config(ssh_session session,
+              const char *file,
+              const char *string,
+              int expected)
+{
+    /*
+     * Initialisation of ret is not needed, but the compiler is not able to
+     * understand fail() so it will complain about uninitialised use of ret
+     * below in assert_ssh_return_code_equal()
+     */
+    int ret = -1;
+
+    /*
+     * make sure either config file or config string is given,
+     * not both
+     */
+    assert_int_not_equal(file == NULL, string == NULL);
+
+    if (file != NULL) {
+        ret = ssh_config_parse_file(session, file);
+    } else if (string != NULL) {
+        ret = ssh_config_parse_string(session, string);
+    } else {
+        /* should not happen */
+        fail();
+    }
+
+    /* make sure parsing went as expected */
+    assert_ssh_return_code_equal(session, ret, expected);
+}
+
+/**
+ * @brief converts subnet mask to prefix length (IPv4)
+ */
+static int
+subnet_mask_to_prefix_length_4(struct in_addr subnet_mask)
+{
+    uint32_t mask;
+    int prefix_length = 0;
+
+    mask = ntohl(subnet_mask.s_addr);
+
+    /* Count the number of consecutive 1 bits */
+    while (mask & 0x80000000) {
+        prefix_length++;
+        mask <<= 1;
+    }
+    return prefix_length;
+}
+
+/**
+ * @brief converts subnet mask to prefix length (IPv6)
+ */
+static int
+subnet_mask_to_prefix_length_6(struct in6_addr subnet_mask)
+{
+    uint8_t *mask = NULL, chunk;
+    int i, j, prefix_length = 0;
+
+    mask = subnet_mask.s6_addr;
+
+    /* Count the number of consecutive 1 bits in each byte chunk */
+    for (i = 0; i < 16; i++) {
+        chunk = mask[i];
+        while (chunk) {
+            for (j = 0; j < 8; j++) {
+                if (chunk & 0x80) {
+                    prefix_length++;
+                    chunk <<= 1;
+                } else {
+                    break;
+                }
+            }
+        }
+    }
+    return prefix_length;
+}
+
+/**
+ * @brief helper function returning the IPv4 and IPv6 network ID
+ * (in CIDR format) corresponding to any of the running local interfaces.
+ * The network interface corresponding to IPv4 and IPv6 network ID may be
+ * different.
+ *
+ * @note If no non-loopback network interfaces are found for IPv4 or
+ * IPv6, the function will fall back to using the loopback addresses.
+ */
+static int
+get_network_id(char *net_id_4, char *net_id_6)
+{
+    struct ifaddrs *ifa = NULL, *ifaddrs = NULL;
+    struct in_addr addr, network_id_4, subnet_mask_4;
+    struct in6_addr addr6, network_id_6, subnet_mask_6;
+    struct sockaddr_in netmask;
+    struct sockaddr_in6 netmask6;
+    char address[NI_MAXHOST], *a = NULL;
+    char *network_id_str = NULL, network_id_str6[INET6_ADDRSTRLEN],
+         lo_net_id_4[NI_MAXHOST], lo_net_id_6[NI_MAXHOST];
+    int i, prefix_length, rc;
+    int found_4 = 0, found_lo_4 = 0, found_6 = 0, found_lo_6 = 0;
+    socklen_t sa_len;
+
+    ZERO_STRUCT(addr);
+    ZERO_STRUCT(network_id_4);
+    ZERO_STRUCT(subnet_mask_4);
+
+    ZERO_STRUCT(addr6);
+    ZERO_STRUCT(network_id_6);
+    ZERO_STRUCT(subnet_mask_6);
+
+    if (getifaddrs(&ifaddrs) != 0) {
+        goto out;
+    }
+
+    for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
+        if (found_4 && found_6) {
+            break;
+        }
+
+        if (ifa->ifa_addr == NULL || (ifa->ifa_flags & IFF_UP) == 0) {
+            continue;
+        }
+
+        switch (ifa->ifa_addr->sa_family) {
+        case AF_INET:
+            if (found_4) {
+                continue;
+            }
+            sa_len = sizeof(struct sockaddr_in);
+            break;
+        case AF_INET6:
+            if (found_6) {
+                continue;
+            }
+            sa_len = sizeof(struct sockaddr_in6);
+            break;
+        default:
+            continue;
+        }
+
+        rc = getnameinfo(ifa->ifa_addr,
+                         sa_len,
+                         address,
+                         sizeof(address),
+                         NULL,
+                         0,
+                         NI_NUMERICHOST);
+        if (rc != 0) {
+            continue;
+        }
+
+        if (ifa->ifa_addr->sa_family == AF_INET) {
+
+            /* Extract subnet mask */
+            memcpy(&netmask, ifa->ifa_netmask, sizeof(struct sockaddr_in));
+            subnet_mask_4 = netmask.sin_addr;
+
+            rc = inet_pton(AF_INET, address, &addr);
+            if (rc == 0) {
+                continue;
+            }
+
+            /* Calculate the network ID */
+            network_id_4.s_addr = addr.s_addr & subnet_mask_4.s_addr;
+
+            /* Convert network ID to string and compute prefix length */
+            network_id_str = inet_ntoa(network_id_4);
+            if (network_id_str == NULL) {
+                continue;
+            }
+            prefix_length = subnet_mask_to_prefix_length_4(subnet_mask_4);
+            if (prefix_length > 32) {
+                continue;
+            }
+
+            if (strcmp(ifa->ifa_name, "lo") == 0) {
+                /* Store it temporarily in case needed for fallback */
+                snprintf(lo_net_id_4,
+                         NI_MAXHOST,
+                         "%s/%u",
+                         network_id_str,
+                         prefix_length);
+                found_lo_4 = 1;
+            } else {
+                snprintf(net_id_4,
+                         NI_MAXHOST,
+                         "%s/%u",
+                         network_id_str,
+                         prefix_length);
+                found_4 = 1;
+            }
+        } else if (ifa->ifa_addr->sa_family == AF_INET6) {
+
+            /* Remove interface in case of IPv6 address: addr%interface */
+            a = strchr(address, '%');
+            if (a != NULL) {
+                *a = '\0';
+            }
+
+            /* Extract subnet mask */
+            memcpy(&netmask6, ifa->ifa_netmask, sizeof(struct sockaddr_in6));
+            subnet_mask_6 = netmask6.sin6_addr;
+
+            rc = inet_pton(AF_INET6, address, &addr6);
+            if (rc == 0) {
+                continue;
+            }
+
+            /* Calculate the network ID */
+            for (i = 0; i < 16; i++) {
+                network_id_6.s6_addr[i] =
+                    addr6.s6_addr[i] & subnet_mask_6.s6_addr[i];
+            }
+
+            /* Convert network ID to string and compute prefix length */
+            if (inet_ntop(AF_INET6,
+                          &network_id_6,
+                          network_id_str6,
+                          INET6_ADDRSTRLEN) == NULL) {
+                continue;
+            }
+            prefix_length = subnet_mask_to_prefix_length_6(subnet_mask_6);
+            if (prefix_length > 128) {
+                continue;
+            }
+
+            if (strcmp(ifa->ifa_name, "lo") == 0) {
+                /* Store it temporarily in case needed for fallback */
+                snprintf(lo_net_id_6,
+                         NI_MAXHOST,
+                         "%s/%u",
+                         network_id_str6,
+                         prefix_length);
+                found_lo_6 = 1;
+            } else {
+                snprintf(net_id_6,
+                         NI_MAXHOST,
+                         "%s/%u",
+                         network_id_str6,
+                         prefix_length);
+                found_6 = 1;
+            }
+        }
+    }
+
+    /*
+     * Fallback to the loopback network ID (127.0.0.0/8) if no other
+     * IPv4 network ID has been found.
+     */
+    if (!found_4 && found_lo_4) {
+        snprintf(net_id_4, NI_MAXHOST, "%s", lo_net_id_4);
+        found_4 = 1;
+    }
+
+    /*
+     * Fallback to the loopback network ID (::1/128) if no other
+     * IPv6 network ID has been found.
+     */
+    if (!found_6 && found_lo_6) {
+        snprintf(net_id_6, NI_MAXHOST, "%s", lo_net_id_6);
+        found_6 = 1;
+    }
+
+    freeifaddrs(ifaddrs);
+
+out:
+    /* if both net_id_4 and net_id_6 are not set then we should fail */
+    return (found_4 && found_6) ? 0 : -1;
+}
+
+/**
+ * @brief Verify the match between a IPv4/IPv6 address and a IPv4/IPv6 subnet
+ */
+static void
+assert_true_match_cidr(const char *try,
+                       const char *match,
+                       unsigned int mask_len,
+                       int af,
+                       int rv)
+{
+    struct in_addr try_addr, match_addr;
+    struct in6_addr try_addr6, match_addr6;
+    int r1, r2;
+
+    switch (af) {
+    case AF_INET:
+        ZERO_STRUCT(try_addr);
+        ZERO_STRUCT(match_addr);
+
+        r1 = inet_pton(AF_INET, try, &try_addr);
+        r2 = inet_pton(AF_INET, match, &match_addr);
+        if (r1 == 0 || r2 == 0) {
+            fail();
+        }
+        assert_int_equal(cidr_match_4(&try_addr, &match_addr, mask_len), rv);
+        break;
+    case AF_INET6:
+        ZERO_STRUCT(try_addr6);
+        ZERO_STRUCT(match_addr6);
+
+        r1 = inet_pton(AF_INET6, try, &try_addr6);
+        r2 = inet_pton(AF_INET6, match, &match_addr6);
+        if (r1 == 0 || r2 == 0) {
+            fail();
+        }
+        assert_int_equal(cidr_match_6(&try_addr6, &match_addr6, mask_len), rv);
+        break;
+    default:
+        fail();
+    }
+}
+
+/**
+ * @brief Verify the configuration parser accepts Match localnetwork keyword
+ */
+static void
+torture_config_match_localnetwork(void **state, bool use_file)
+{
+    ssh_session session = *state;
+    const char *config = NULL;
+    char config_string[2048];
+    char network_id_4[NI_MAXHOST], network_id_6[NI_MAXHOST];
+    const char *file = NULL, *string = NULL;
+
+    if (use_file == true) {
+        file = "libssh_testconfig_localnetwork.tmp";
+    }
+
+    if (get_network_id(network_id_4, network_id_6) == -1) {
+        fail();
+    }
+
+    /* IPv4 test */
+    snprintf(config_string,
+             sizeof(config_string),
+             "Match localnetwork %s\n"
+             "\tHostName expected.com\n",
+             network_id_4);
+    config = config_string;
+
+    if (use_file == true) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.host, "expected.com");
+
+    /* IPv6 test */
+    snprintf(config_string,
+             sizeof(config_string),
+             "Match localnetwork %s\n"
+             "\tHostName expected.com\n",
+             network_id_6);
+    config = config_string;
+
+    if (use_file == true) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.host, "expected.com");
+
+    /* Test negate condition */
+    snprintf(config_string,
+             sizeof(config_string),
+             "Match Host station !localnetwork %s\n"
+             "\tHostName expected.com\n"
+             "Host station\n"
+             "\tHostName negate.com\n",
+             network_id_4);
+    config = config_string;
+
+    if (use_file == true) {
+        torture_write_file(file, config);
+    } else {
+        string = config;
+    }
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "station");
+    _parse_config(session, file, string, SSH_OK);
+    assert_string_equal(session->opts.host, "negate.com");
+}
+
+/**
+ * @brief Verify the configuration parser accepts Match localnetwork keyword
+ * through configuration file.
+ */
+static void
+torture_config_match_localnetwork_file(void **state)
+{
+    torture_config_match_localnetwork(state, true);
+}
+
+/**
+ * @brief Verify the configuration parser accepts Match localnetwork keyword
+ * through configuration string.
+ */
+static void
+torture_config_match_localnetwork_string(void **state)
+{
+    torture_config_match_localnetwork(state, false);
+}
+
+/**
+ * @brief Verify the cidr matching function works correctly
+ * with IPv4 addresses
+ */
+static void
+torture_match_cidr_address_list_ipv4(void **state)
+{
+    int rc;
+    (void)state;
+
+    /* Test some valid IPv4 addresses */
+    rc = match_cidr_address_list("192.158.50.5", "192.158.50.0/28", AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("10.2.200.200", "10.2.128.0/17", AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("192.168.175.40", "192.168.175.0/26", AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("172.31.140.100", "172.31.128.0/19", AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("10.3.9.50", "10.3.8.0/23", AF_INET);
+    assert_int_equal(rc, 1);
+
+    /* Test positive match with unknown host address family */
+    rc = match_cidr_address_list("158.15.96.13", "158.12.30.0/12", -1);
+    assert_int_equal(rc, 1);
+
+    /* Test some valid IPv4 addresses against IPV4_LIST */
+    rc = match_cidr_address_list("164.155.128.15", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("158.46.223.71", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("205.59.221.160", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("10.0.1.254", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("172.16.58.1", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 1);
+    rc = match_cidr_address_list("169.254.20.28", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 1);
+
+    rc = match_cidr_address_list("255.255.255.255", "0.0.0.0/0", AF_INET);
+    assert_int_equal(rc, 1);
+
+    /* Test some not matching IPv4 addresses */
+    rc = match_cidr_address_list("172.21.0.200", "172.20.240.0/20", AF_INET);
+    assert_int_equal(rc, 0);
+    rc = match_cidr_address_list("10.10.14.100", "10.10.10.0/22", AF_INET);
+    assert_int_equal(rc, 0);
+    rc = match_cidr_address_list("192.168.150.8", "192.168.150.0/29", AF_INET);
+    assert_int_equal(rc, 0);
+    rc = match_cidr_address_list("10.238.16.50", "10.255.0.0/12", AF_INET);
+    assert_int_equal(rc, 0);
+    rc = match_cidr_address_list("172.31.160.100", "172.31.128.0/19", AF_INET);
+    assert_int_equal(rc, 0);
+    rc = match_cidr_address_list("192.168.4.98", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 0);
+    rc = match_cidr_address_list("0.0.0.0", IPV4_LIST, AF_INET);
+    assert_int_equal(rc, 0);
+
+    /* Test negative match with unknown host address family */
+    rc = match_cidr_address_list("122.105.210.57", IPV4_LIST, -1);
+    assert_int_equal(rc, 0);
+
+    /* Test some invalid input */
+    rc = match_cidr_address_list("192.168.1.x", "192.168.1.0/24", AF_INET);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("0.168.f2.b8", "172.0.0.0/24", AF_INET);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("10.0.1.2/22", "10.0.1.0/22", AF_INET);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("10.0.1.2/", "10.0.1.0/22", AF_INET);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("172.16.16.5/abc1", "172.16.16.0/24", AF_INET);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("172.16.18.251", "172.16.16.0", AF_INET);
+    assert_int_equal(rc, -1);
+
+    /* Test invalid input with unknown host address family */
+    rc = match_cidr_address_list("172.67.3.x", IPV4_LIST, -1);
+    assert_int_equal(rc, -1);
+
+    /* Test invalid CIDR list */
+    rc = match_cidr_address_list(NULL, "192.168.1.0/33", AF_INET);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list(NULL, "", -1);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list(NULL, ",", -1);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list(NULL, ",192.168.1.0/24", -1);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list(NULL, "10.0.0.0/24 , 192.168.1.0/24", -1);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list(
+        NULL,
+        "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255/128junkdata",
+        -1);
+    assert_int_equal(rc, -1);
+}
+
+/**
+ * @brief Verify the cidr matching function works correctly
+ * with IPv6 addresses
+ */
+static void
+torture_match_cidr_address_list_ipv6(void **state)
+{
+    /* Test link-local addresses against fe80::/64 */
+    int i, rc, valid_addr_len, invalid_addr_len;
+    const char *valid_addr[] = {"fe80::aadf:b119:507a:986a%abcdef",
+                                "fe80::0000:b418:efd4:5160:0a25%abcdef",
+                                "fe80::c7f5:7f94:4bd9:c35c%abcdef",
+                                "fe80::321f:46c2:0cea:ec54%abcdef",
+                                "fe80::906d:b670:86a2:fd68%abc",
+                                "fe80::b1c2:0000:0039:b598%",
+                                "fe80::07e8:39e6:cb49:9cd4",
+                                "fe80::1%abcdef",
+                                "fe80:0:0:0:202:b3ff:fe1e:8329%abcdef",
+                                "fe80:0000:0000:0000:0202:b3ff:fe1e:8329"};
+
+    const char *invalid_addr[] = {"fe80::8d1d:4d88:68a8:44f8:f3e7%abcdef",
+                                  "2001:0db8:85a3::8a2e:0370:7334%abcdef",
+                                  "fd00::adf8:7c21:147c:6c97",
+                                  "::1%lo",
+                                  "fe80::1:4d88:68a8:1200:f3e7%abcdef"};
+
+    (void)state;
+
+    /* Test valid link-local addresses */
+    valid_addr_len = sizeof(valid_addr) / sizeof(valid_addr[0]);
+    for (i = 0; i < valid_addr_len; i++) {
+        rc = match_cidr_address_list(valid_addr[i], IPV6_LIST, AF_INET6);
+        assert_int_equal(rc, 1);
+    }
+    rc = match_cidr_address_list("fe80:0000:0000:0000:0202:b3ff:fe1e:8329",
+                                 "fe80:0000:0000:0000:0202:b3ff:fe1e:8328/127",
+                                 AF_INET6);
+    assert_int_equal(rc, 1);
+
+    /* Test positive match with unknown host address family */
+    rc = match_cidr_address_list("fe80::aadf:b119:507a:986a%abcdef",
+                                 IPV6_LIST,
+                                 -1);
+    assert_int_equal(rc, 1);
+
+    /* Test some invalid input */
+    invalid_addr_len = sizeof(invalid_addr) / sizeof(invalid_addr[0]);
+    for (i = 0; i < invalid_addr_len; i++) {
+        rc = match_cidr_address_list(invalid_addr[i], IPV6_LIST, AF_INET6);
+        assert_int_equal(rc, 0);
+    }
+
+    /* Test negative match with unknown host address family */
+    rc = match_cidr_address_list("fe80::8d1d:4d88:68a8:44f8:f3e7%abcdef",
+                                 IPV6_LIST,
+                                 -1);
+    assert_int_equal(rc, 0);
+
+    /* Test errors */
+    rc = match_cidr_address_list("fe80::be50:09ca::2be3", IPV6_LIST, AF_INET6);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("fe80:x:202:b3ff:fe1e:8329",
+                                 IPV6_LIST,
+                                 AF_INET6);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("fe80::202:ghfc:zzzz:1a49",
+                                 IPV6_LIST,
+                                 AF_INET6);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("fe80:0000:0000:0000:0202:b3ff:fe1e:8329",
+                                 "fe80:0000:0000:0000:0202:b3ff:fe1e:8329/131",
+                                 AF_INET6);
+    assert_int_equal(rc, -1);
+    rc = match_cidr_address_list("fe80:0000:0000:0000:0202:b3ff:fe1e:8329",
+                                 "fe80:0000:0000:0000:0202:b3ff:fe1e:8329//127",
+                                 AF_INET6);
+    assert_int_equal(rc, -1);
+
+    /* Test invalid input with unknown host address family */
+    rc = match_cidr_address_list("fe80::ba67:1002:gffx:zz32", IPV6_LIST, -1);
+    assert_int_equal(rc, -1);
+}
+
+/**
+ * @brief Verify the cidr_match_4 function works correctly
+ */
+static void
+torture_match_cidr_v4(void **state)
+{
+    int af = AF_INET;
+    (void)state;
+
+    /* Test some matching input */
+    assert_true_match_cidr("192.168.1.20", "192.168.1.0", 24, af, 1);
+    assert_true_match_cidr("172.31.5.128", "172.31.0.0", 16, af, 1);
+    assert_true_match_cidr("10.0.0.158", "10.0.0.128", 25, af, 1);
+    assert_true_match_cidr("192.168.255.250", "192.168.255.248", 29, af, 1);
+    assert_true_match_cidr("122.105.209.57", "122.105.209.48", 28, af, 1);
+    assert_true_match_cidr("192.168.100.150", "192.168.64.0", 18, af, 1);
+
+    /* Test some not matching input */
+    assert_true_match_cidr("172.16.56.30", "172.16.48.0", 21, af, 0);
+    assert_true_match_cidr("10.18.5.5", "10.10.4.0", 23, af, 0);
+    assert_true_match_cidr("172.16.32.50", "172.16.0.0", 19, af, 0);
+    assert_true_match_cidr("203.0.120.10", "203.0.112.0", 21, af, 0);
+    assert_true_match_cidr("172.31.112.150", "172.31.96.0", 20, af, 0);
+    assert_true_match_cidr("198.52.20.200", "198.48.0.0", 14, af, 0);
+}
+
+/**
+ * @brief Verify the cidr_match_6 function works correctly
+ */
+static void
+torture_match_cidr_v6(void **state)
+{
+    int af = AF_INET6;
+    (void)state;
+
+    /* Test some matching input */
+    assert_true_match_cidr("2001:0db8:85a3:0000:0000:8a2e:0370:7334",
+                           "2001:0db8:85a3:0000::",
+                           64,
+                           af,
+                           1);
+    assert_true_match_cidr("2001:0db8:0000:0042:0000:8a2e:0370:7334",
+                           "2001:0db8:0000::",
+                           48,
+                           af,
+                           1);
+    assert_true_match_cidr("fe80::8a2e:0370:7334", "fe80::", 64, af, 1);
+    assert_true_match_cidr("fd00::8a2e:0370:7334", "fd00::", 56, af, 1);
+    assert_true_match_cidr("fe80:0000:0000:0000:0000:0000:fe1e:32ff",
+                           "fe80::",
+                           96,
+                           af,
+                           1);
+    assert_true_match_cidr("2001:0db8:1a2b:3c4d:5e6f:7a8b::18",
+                           "2001:0db8:1a2b:3c4d:5e6f:7a8b::",
+                           120,
+                           af,
+                           1);
+
+    /* Test some not matching input */
+    assert_true_match_cidr("2001:0db8:1234:5678:9abc:def0:1234:5678",
+                           "2001:0db8:1234:5678::",
+                           96,
+                           af,
+                           0);
+    assert_true_match_cidr("2001:3858:accd::",
+                           "2001:3858:abcd:eaa1::",
+                           48,
+                           af,
+                           0);
+    assert_true_match_cidr("2001:0db8:1234:5678::ff4c",
+                           "2001:0db8:1234:5600::",
+                           110,
+                           af,
+                           0);
+    assert_true_match_cidr("fe80::0001:af12:a1b2:c3d4:e5f7",
+                           "fe80::",
+                           64,
+                           af,
+                           0);
+    assert_true_match_cidr("2001:0db8:84ff:ffff:ffff:ffff:ffff:fffa",
+                           "2001:0db8:8500::",
+                           80,
+                           af,
+                           0);
+    assert_true_match_cidr("::3", "::", 127, af, 0);
+}
+
+int
+torture_run_tests(void)
+{
+    int rc;
+    struct CMUnitTest tests[] = {
+        cmocka_unit_test_setup_teardown(
+            torture_config_match_localnetwork_string,
+            setup,
+            teardown),
+        cmocka_unit_test_setup_teardown(torture_config_match_localnetwork_file,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test(torture_match_cidr_address_list_ipv4),
+        cmocka_unit_test(torture_match_cidr_address_list_ipv6),
+        cmocka_unit_test(torture_match_cidr_v4),
+        cmocka_unit_test(torture_match_cidr_v6),
+    };
+
+    ssh_init();
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, setup, teardown);
+    ssh_finalize();
+    return rc;
+}
diff --git a/libssh/tests/unittests/torture_keyfiles.c b/libssh/tests/unittests/torture_keyfiles.c
index 2f06e88b..2ce47b72 100644
--- a/libssh/tests/unittests/torture_keyfiles.c
+++ b/libssh/tests/unittests/torture_keyfiles.c
@@ -7,9 +7,6 @@
 #include "legacy.c"
 
 #define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa"
-#ifdef HAVE_DSA
-#define LIBSSH_DSA_TESTKEY "libssh_testkey.id_dsa"
-#endif
 
 static int setup_rsa_key(void **state)
 {
@@ -29,26 +26,6 @@ static int setup_rsa_key(void **state)
     return 0;
 }
 
-#ifdef HAVE_DSA
-static int setup_dsa_key(void **state)
-{
-    ssh_session session;
-
-    unlink(LIBSSH_DSA_TESTKEY);
-    unlink(LIBSSH_DSA_TESTKEY ".pub");
-
-    torture_write_file(LIBSSH_DSA_TESTKEY,
-                       torture_get_testkey(SSH_KEYTYPE_DSS, 0));
-    torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
-                       torture_get_testkey_pub(SSH_KEYTYPE_DSS));
-
-    session = ssh_new();
-    *state = session;
-
-    return 0;
-}
-#endif
-
 static int setup_both_keys(void **state) {
     int rc;
 
@@ -56,11 +33,6 @@ static int setup_both_keys(void **state) {
     if (rc != 0) {
         return rc;
     }
-#ifdef HAVE_DSA
-    ssh_free(*state);
-
-    rc = setup_dsa_key(state);
-#endif
 
     return rc;
 }
@@ -74,13 +46,6 @@ static int setup_both_keys_passphrase(void **state)
     torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
                        torture_get_testkey_pub(SSH_KEYTYPE_RSA));
 
-#ifdef HAVE_DSA
-    torture_write_file(LIBSSH_DSA_TESTKEY,
-                       torture_get_testkey(SSH_KEYTYPE_DSS, 1));
-    torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
-                       torture_get_testkey_pub(SSH_KEYTYPE_DSS));
-#endif
-
     session = ssh_new();
     *state = session;
 
@@ -89,10 +54,6 @@ static int setup_both_keys_passphrase(void **state)
 
 static int teardown(void **state)
 {
-#ifdef HAVE_DSA
-    unlink(LIBSSH_DSA_TESTKEY);
-    unlink(LIBSSH_DSA_TESTKEY ".pub");
-#endif
 
     unlink(LIBSSH_RSA_TESTKEY);
     unlink(LIBSSH_RSA_TESTKEY ".pub");
@@ -235,15 +196,6 @@ static void torture_privatekey_from_file(void **state) {
         key = NULL;
     }
 
-#ifdef HAVE_DSA
-    key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, SSH_KEYTYPE_DSS, NULL);
-    assert_non_null(key);
-    if (key != NULL) {
-        privatekey_free(key);
-        key = NULL;
-    }
-#endif
-
     /* Test the automatic type discovery */
     key = privatekey_from_file(session, LIBSSH_RSA_TESTKEY, 0, NULL);
     assert_non_null(key);
@@ -252,14 +204,6 @@ static void torture_privatekey_from_file(void **state) {
         key = NULL;
     }
 
-#ifdef HAVE_DSA
-    key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, 0, NULL);
-    assert_non_null(key);
-    if (key != NULL) {
-        privatekey_free(key);
-        key = NULL;
-    }
-#endif
 }
 
 /**
@@ -276,15 +220,6 @@ static void torture_privatekey_from_file_passphrase(void **state) {
         key = NULL;
     }
 
-#ifdef HAVE_DSA
-    key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, SSH_KEYTYPE_DSS, TORTURE_TESTKEY_PASSWORD);
-    assert_non_null(key);
-    if (key != NULL) {
-        privatekey_free(key);
-        key = NULL;
-    }
-#endif
-
     /* Test the automatic type discovery */
     key = privatekey_from_file(session, LIBSSH_RSA_TESTKEY, 0, TORTURE_TESTKEY_PASSWORD);
     assert_non_null(key);
@@ -293,14 +228,6 @@ static void torture_privatekey_from_file_passphrase(void **state) {
         key = NULL;
     }
 
-#ifdef HAVE_DSA
-    key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, 0, TORTURE_TESTKEY_PASSWORD);
-    assert_non_null(key);
-    if (key != NULL) {
-        privatekey_free(key);
-        key = NULL;
-    }
-#endif
 }
 
 int torture_run_tests(void) {
diff --git a/libssh/tests/unittests/torture_knownhosts_parsing.c b/libssh/tests/unittests/torture_knownhosts_parsing.c
index fffa8296..bc79fd0f 100644
--- a/libssh/tests/unittests/torture_knownhosts_parsing.c
+++ b/libssh/tests/unittests/torture_knownhosts_parsing.c
@@ -145,7 +145,6 @@ static int setup_knownhosts_file_duplicate(void **state)
     return rc;
 }
 
-#ifndef HAVE_DSA
 static int setup_knownhosts_file_unsupported_type(void **state)
 {
     char *tmp_file = NULL;
@@ -175,7 +174,6 @@ static int setup_knownhosts_file_unsupported_type(void **state)
 
     return rc;
 }
-#endif
 
 static int teardown_knownhosts_file(void **state)
 {
@@ -429,8 +427,7 @@ static void torture_knownhosts_get_algorithms_names(void **state)
     ssh_free(session);
 }
 
-#ifndef HAVE_DSA
-/* Do not remove this test if we completly remove DSA support! */
+/* Do not remove this test if we completely remove DSA support! */
 static void torture_knownhosts_get_algorithms_names_unsupported(void **state)
 {
     const char *knownhosts_file = *state;
@@ -452,7 +449,6 @@ static void torture_knownhosts_get_algorithms_names_unsupported(void **state)
 
     ssh_free(session);
 }
-#endif
 
 static void torture_knownhosts_algorithms_wanted(void **state)
 {
@@ -634,7 +630,9 @@ static void torture_knownhosts_algorithms(void **state)
     bool process_config = false;
     const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,"
                          "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
-                         "ecdsa-sha2-nistp256";
+                         "ecdsa-sha2-nistp256,"
+                         "sk-ssh-ed25519@openssh.com,"
+                         "sk-ecdsa-sha2-nistp256@openssh.com";
     const char *expect_fips = "rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,"
                               "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
 
@@ -669,7 +667,9 @@ static void torture_knownhosts_algorithms_global(void **state)
     bool process_config = false;
     const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,"
                          "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
-                         "ecdsa-sha2-nistp256";
+                         "ecdsa-sha2-nistp256,"
+                         "sk-ssh-ed25519@openssh.com,"
+                         "sk-ecdsa-sha2-nistp256@openssh.com";
     const char *expect_fips = "rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,"
                               "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
 
@@ -718,11 +718,9 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_knownhosts_get_algorithms_names,
                                         setup_knownhosts_file,
                                         teardown_knownhosts_file),
-#ifndef HAVE_DSA
         cmocka_unit_test_setup_teardown(torture_knownhosts_get_algorithms_names_unsupported,
                                         setup_knownhosts_file_unsupported_type,
                                         teardown_knownhosts_file),
-#endif
         cmocka_unit_test_setup_teardown(torture_knownhosts_algorithms_wanted,
                                         setup_knownhosts_file,
                                         teardown_knownhosts_file),
diff --git a/libssh/tests/unittests/torture_misc.c b/libssh/tests/unittests/torture_misc.c
index 9e346ff8..2a50ab3b 100644
--- a/libssh/tests/unittests/torture_misc.c
+++ b/libssh/tests/unittests/torture_misc.c
@@ -4,6 +4,7 @@
 #include <unistd.h>
 #endif
 #include <sys/types.h>
+#include <fcntl.h>
 
 #ifndef _WIN32
 #define _POSIX_PTHREAD_SEMANTICS
@@ -17,7 +18,14 @@
 #include "torture.h"
 #include "error.c"
 
+#ifdef _WIN32
+#include <netioapi.h>
+#else
+#include <net/if.h>
+#endif
+
 #define TORTURE_TEST_DIR "/usr/local/bin/truc/much/.."
+#define TORTURE_IPV6_LOCAL_LINK "fe80::98e1:82ff:fe8d:28b3%%%s"
 
 const char template[] = "temp_dir_XXXXXX";
 
@@ -122,27 +130,22 @@ static void torture_path_expand_tilde_win(void **state) {
 #else /* _WIN32 */
 
 static void torture_path_expand_tilde_unix(void **state) {
-    char h[256];
-    char *d;
-    char *user;
-    char *home;
+    char h[256] = {0};
+    char *d = NULL;
+    char *user = NULL;
+    char *home = NULL;
+    struct passwd *pw = NULL;
 
     (void) state;
 
-    user = getenv("USER");
-    if (user == NULL){
-        user = getenv("LOGNAME");
-    }
-    /* in certain CIs there no such variables */
-    if (!user){
-        struct passwd *pw = getpwuid(getuid());
-        if (pw){
-            user = pw->pw_name;
-        }
-    }
+    pw = getpwuid(getuid());
+    assert_non_null(pw);
 
-    home = getenv("HOME");
+    user = pw->pw_name;
+    assert_non_null(user);
+    home = pw->pw_dir;
     assert_non_null(home);
+
     snprintf(h, 256 - 1, "%s/.ssh", home);
 
     d = ssh_path_expand_tilde("~/.ssh");
@@ -221,7 +224,7 @@ static void torture_timeout_elapsed(void **state){
 
     assert_true(ssh_timeout_elapsed(&ts,25));
     assert_false(ssh_timeout_elapsed(&ts,30000));
-    assert_false(ssh_timeout_elapsed(&ts,75));
+    assert_false(ssh_timeout_elapsed(&ts,300));
     assert_true(ssh_timeout_elapsed(&ts,0));
     assert_false(ssh_timeout_elapsed(&ts,-1));
 }
@@ -233,7 +236,7 @@ static void torture_timeout_update(void **state){
     usleep(50000);
     assert_int_equal(ssh_timeout_update(&ts,25), 0);
     assert_in_range(ssh_timeout_update(&ts,30000),29000,29960);
-    assert_in_range(ssh_timeout_update(&ts,75),1,40);
+    assert_in_range(ssh_timeout_update(&ts,500),1,460);
     assert_int_equal(ssh_timeout_update(&ts,0),0);
     assert_int_equal(ssh_timeout_update(&ts,-1),-1);
 }
@@ -331,6 +334,7 @@ static void torture_ssh_analyze_banner(void **state) {
     assert_server_banner_accepted("SSH-2.0-OpenSSH");
     assert_int_equal(0, session->openssh);
 
+
     /* OpenSSH banners: big enough to extract major and minor versions */
     assert_client_banner_accepted("SSH-2.0-OpenSSH_5.9p1");
     assert_int_equal(SSH_VERSION_INT(5, 9, 0), session->openssh);
@@ -370,6 +374,10 @@ static void torture_ssh_analyze_banner(void **state) {
     assert_server_banner_accepted("SSH-2.0-OpenSSH-keyscan");
     assert_int_equal(0, session->openssh);
 
+    /* OpenSSH banners: Double digit in major version */
+    assert_server_banner_accepted("SSH-2.0-OpenSSH_10.0p1");
+    assert_int_equal(SSH_VERSION_INT(10, 0, 0), session->openssh);
+
     ssh_free(session);
 }
 
@@ -760,6 +768,367 @@ static void torture_ssh_strerror(void **state)
     assert_non_null(out);
 }
 
+static void torture_ssh_readn(void **state)
+{
+    char *write_buf = NULL, *read_buf = NULL, *file_path = NULL;
+    size_t data_len = 10 * 1024 * 1024;
+    size_t read_buf_size = data_len + 1024;
+    size_t i, total_bytes_written = 0;
+
+    const char *file_template = "libssh_torture_ssh_readn_test_XXXXXX";
+
+    off_t off;
+    ssize_t bytes_read, bytes_written;
+    int fd, rc, flags;
+
+    (void)state;
+
+    write_buf = malloc(data_len);
+    assert_non_null(write_buf);
+
+    /* Fill the write buffer with random data */
+    for (i = 0; i < data_len; ++i) {
+        rc = rand();
+        write_buf[i] = (char)(rc & 0xff);
+    }
+
+    /*
+     * The read buffer's size is intentionally kept larger than data_len.
+     *
+     * This is done so that we are able to test the scenario when the user
+     * requests ssh_readn() to read more bytes than the number of bytes present
+     * in the file.
+     *
+     * If the read buffer's size is kept same as data_len and if the test
+     * requests ssh_readn() to read more than data_len bytes starting from file
+     * offset 0, it will lead to a valgrind failure as in this case, ssh_readn()
+     * will pass an unallocated memory address in the last call it makes to
+     * read().
+     */
+    read_buf = malloc(read_buf_size);
+    assert_non_null(read_buf);
+
+    file_path = torture_create_temp_file(file_template);
+    assert_non_null(file_path);
+
+    /* Open a file for reading and writing */
+    flags = O_RDWR;
+#ifdef _WIN32
+    flags |= O_BINARY;
+#endif
+
+    fd = open(file_path, flags, 0);
+    assert_int_not_equal(fd, -1);
+
+    /* Write the data present in the write buffer to the file */
+    do {
+        bytes_written = write(fd,
+                              write_buf + total_bytes_written,
+                              data_len - total_bytes_written);
+
+        if (bytes_written == -1 && errno == EINTR) {
+            continue;
+        }
+
+        assert_int_not_equal(bytes_written, -1);
+        total_bytes_written += bytes_written;
+    } while (total_bytes_written < data_len);
+
+    /* Seek to the start of the file */
+    off = lseek(fd, 0, SEEK_SET);
+    assert_int_not_equal(off, -1);
+
+    bytes_read = ssh_readn(fd, read_buf, data_len);
+    assert_int_equal(bytes_read, data_len);
+
+    /*
+     * Ensure that the data stored in the read buffer is same as the data
+     * present in the file and not some garbage.
+     */
+    assert_memory_equal(read_buf, write_buf, data_len);
+
+    /*
+     * Ensure that the file offset is on EOF and requesting to read more leads
+     * to 0 bytes getting read.
+     */
+    off = lseek(fd, 0, SEEK_CUR);
+    assert_int_equal(off, data_len);
+
+    bytes_read = ssh_readn(fd, read_buf, data_len);
+    assert_int_equal(bytes_read, 0);
+
+    /* Try to read more bytes than what are present in the file */
+    off = lseek(fd, 0, SEEK_SET);
+    assert_int_not_equal(off, -1);
+
+    bytes_read = ssh_readn(fd, read_buf, read_buf_size);
+    assert_int_equal(bytes_read, data_len);
+
+    /*
+     * Ensure that the data stored in the read buffer is same as the data
+     * present in the file and not some garbage.
+     */
+    assert_memory_equal(read_buf, write_buf, data_len);
+
+    /* Negative tests start */
+    bytes_read = ssh_readn(-2, read_buf, data_len);
+    assert_int_equal(bytes_read, -1);
+
+    bytes_read = ssh_readn(fd, NULL, data_len);
+    assert_int_equal(bytes_read, -1);
+
+    bytes_read = ssh_readn(fd, read_buf, 0);
+    assert_int_equal(bytes_read, -1);
+
+    /* Clean up */
+    rc = close(fd);
+    assert_int_equal(rc, 0);
+
+    rc = unlink(file_path);
+    assert_int_equal(rc, 0);
+
+    free(file_path);
+    free(read_buf);
+    free(write_buf);
+}
+
+static void torture_ssh_writen(void **state)
+{
+    char *write_buf = NULL, *read_buf = NULL, *file_path = NULL;
+    const char *file_template = "libssh_torture_ssh_writen_test_XXXXXX";
+
+    size_t data_len = 10 * 1024 * 1024;
+    size_t i, total_bytes_read = 0;
+    ssize_t bytes_written, bytes_read;
+    off_t off;
+    int rc, fd, flags;
+
+    (void)state;
+
+    write_buf = malloc(data_len);
+    assert_non_null(write_buf);
+
+    /* Fill the write buffer with random data */
+    for (i = 0; i < data_len; ++i) {
+        rc = rand();
+        write_buf[i] = (char)(rc & 0xff);
+    }
+
+    read_buf = malloc(data_len);
+    assert_non_null(read_buf);
+
+    file_path = torture_create_temp_file(file_template);
+    assert_non_null(file_path);
+
+    /* Open a file for reading and writing */
+    flags = O_RDWR;
+#ifdef _WIN32
+    flags |= O_BINARY;
+#endif
+
+    fd = open(file_path, flags, 0);
+    assert_int_not_equal(fd, -1);
+
+    /* Write the data present in the write buffer to the file */
+    bytes_written = ssh_writen(fd, write_buf, data_len);
+    assert_int_equal(bytes_written, data_len);
+
+    /*
+     * Ensure that the file offset is incremented by the number of bytes
+     * written.
+     */
+    off = lseek(fd, 0, SEEK_CUR);
+    assert_int_equal(off, data_len);
+
+    /*
+     * Ensure that the data present in the write buffer has been written to the
+     * file and not some garbage.
+     */
+    off = lseek(fd, 0, SEEK_SET);
+    assert_int_not_equal(off, -1);
+
+    do {
+        bytes_read = read(fd,
+                          read_buf + total_bytes_read,
+                          data_len - total_bytes_read);
+
+        if (bytes_read == -1 && errno == EINTR) {
+            continue;
+        }
+
+        assert_int_not_equal(bytes_read, -1);
+        assert_int_not_equal(bytes_read, 0);
+
+        total_bytes_read += bytes_read;
+    } while (total_bytes_read < data_len);
+
+    assert_memory_equal(write_buf, read_buf, data_len);
+
+    /* Negative tests start */
+    bytes_written = ssh_writen(-3, write_buf, data_len);
+    assert_int_equal(bytes_written, -1);
+
+    bytes_written = ssh_writen(fd, NULL, data_len);
+    assert_int_equal(bytes_written, -1);
+
+    bytes_written = ssh_writen(fd, write_buf, 0);
+    assert_int_equal(bytes_written, -1);
+
+    /* Clean up */
+    rc = close(fd);
+    assert_int_equal(rc, 0);
+
+    rc = unlink(file_path);
+    assert_int_equal(rc, 0);
+
+    free(file_path);
+    free(read_buf);
+    free(write_buf);
+}
+
+static void torture_ssh_check_hostname_syntax(void **state)
+{
+    int rc;
+    (void)state;
+
+    rc = ssh_check_hostname_syntax("duckduckgo.com");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("www.libssh.org");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("Some-Thing.com");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.ok");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("lavabo-inter.innocentes-manus-meas");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("localhost");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("a");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("a-0.b-b");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("libssh.");
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_check_hostname_syntax(NULL);
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("/");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("@");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("[");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("`");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("{");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("&");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("|");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("\"");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("`");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax(" ");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("*the+giant&\"rooks\".c0m");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("!www.libssh.org");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("--.--");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234.a234567890123456789012345678901234567890123456789012345678901234");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("libssh-");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("fe80::9656:d028:8652:66b6");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax(".");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("..");
+    assert_int_equal(rc, SSH_ERROR);
+}
+
+static void torture_ssh_check_username_syntax(void **state) {
+    int rc;
+    (void)state;
+
+    rc = ssh_check_username_syntax("username");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_username_syntax("Alice");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_username_syntax("Alice and Bob");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_username_syntax("n4me?");
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_check_username_syntax("alice&bob");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax("backslash\\");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax("&var|()us\"<ha`r{}'");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax(" -");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax("me and -");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax("los -santos");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax("- who?");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax(NULL);
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_username_syntax("");
+    assert_int_equal(rc, SSH_ERROR);
+}
+
+static void torture_ssh_is_ipaddr(void **state) {
+    int rc;
+    char *interf = malloc(64);
+    char *test_interf = malloc(128);
+    (void)state;
+
+    assert_non_null(interf);
+    assert_non_null(test_interf);
+    rc = ssh_is_ipaddr("201.255.3.69");
+    assert_int_equal(rc, 1);
+    rc = ssh_is_ipaddr("::1");
+    assert_int_equal(rc, 1);
+    rc = ssh_is_ipaddr("2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+    assert_int_equal(rc, 1);
+    if_indextoname(1, interf);
+    assert_non_null(interf);
+    rc = sprintf(test_interf, TORTURE_IPV6_LOCAL_LINK, interf);
+    /* the "%%s" is not written */
+    assert_int_equal(rc, strlen(interf) + strlen(TORTURE_IPV6_LOCAL_LINK) - 3);
+    rc = ssh_is_ipaddr(test_interf);
+    assert_int_equal(rc, 1);
+    free(interf);
+    free(test_interf);
+
+    rc = ssh_is_ipaddr("..");
+    assert_int_equal(rc, 0);
+    rc = ssh_is_ipaddr(":::");
+    assert_int_equal(rc, 0);
+    rc = ssh_is_ipaddr("1.1.1.1.1");
+    assert_int_equal(rc, 0);
+    rc = ssh_is_ipaddr("1.1");
+    assert_int_equal(rc, 0);
+    rc = ssh_is_ipaddr("caesar");
+    assert_int_equal(rc, 0);
+    rc = ssh_is_ipaddr("::xa:1");
+    assert_int_equal(rc, 0);
+}
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
@@ -784,6 +1153,11 @@ int torture_run_tests(void) {
         cmocka_unit_test(torture_ssh_quote_file_name),
         cmocka_unit_test(torture_ssh_strreplace),
         cmocka_unit_test(torture_ssh_strerror),
+        cmocka_unit_test(torture_ssh_readn),
+        cmocka_unit_test(torture_ssh_writen),
+        cmocka_unit_test(torture_ssh_check_hostname_syntax),
+        cmocka_unit_test(torture_ssh_check_username_syntax),
+        cmocka_unit_test(torture_ssh_is_ipaddr),
     };
 
     ssh_init();
diff --git a/libssh/tests/unittests/torture_options.c b/libssh/tests/unittests/torture_options.c
index e1d16f02..a95ab8e8 100644
--- a/libssh/tests/unittests/torture_options.c
+++ b/libssh/tests/unittests/torture_options.c
@@ -18,9 +18,6 @@
 #include <libssh/bind.h>
 #define LIBSSH_CUSTOM_BIND_CONFIG_FILE "my_bind_config"
 #endif
-#ifdef HAVE_DSA
-#define LIBSSH_DSA_TESTKEY        "libssh_testkey.id_dsa"
-#endif
 #define LIBSSH_RSA_TESTKEY        "libssh_testkey.id_rsa"
 #define LIBSSH_ED25519_TESTKEY    "libssh_testkey.id_ed25519"
 #ifdef HAVE_ECC
@@ -60,6 +57,20 @@ static void torture_options_set_host(void **state) {
     assert_non_null(session->opts.host);
     assert_string_equal(session->opts.host, "localhost");
 
+    /* IPv4 address */
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, "127.1.1.1");
+    assert_true(rc == 0);
+    assert_non_null(session->opts.host);
+    assert_string_equal(session->opts.host, "127.1.1.1");
+    assert_null(session->opts.username);
+
+    /* IPv6 address */
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, "::1");
+    assert_true(rc == 0);
+    assert_non_null(session->opts.host);
+    assert_string_equal(session->opts.host, "::1");
+    assert_null(session->opts.username);
+
     rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation");
     assert_true(rc == 0);
     assert_non_null(session->opts.host);
@@ -67,22 +78,31 @@ static void torture_options_set_host(void **state) {
     assert_non_null(session->opts.username);
     assert_string_equal(session->opts.username, "guru");
 
+    /* more @ in uri is OK -- it should go to the username */
     rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
     assert_true(rc == 0);
     assert_non_null(session->opts.host);
     assert_string_equal(session->opts.host, "hostname");
     assert_non_null(session->opts.username);
     assert_string_equal(session->opts.username, "at@login");
+
+    /* disallow metacharacters in the username */
+    rc = ssh_options_set(session, SSH_OPTIONS_HOST, "shallN()tP4ss -@hostname");
+    assert_string_equal(ssh_get_error(session),
+                        "Invalid argument in ssh_options_set");
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
 }
 
-static void torture_options_set_ciphers(void **state) {
+static void torture_options_set_ciphers(void **state)
+{
     ssh_session session = *state;
     int rc;
 
     /* Test known ciphers */
-    rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S,
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CIPHERS_C_S,
                          "aes128-ctr,aes192-ctr,aes256-ctr");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]);
     if (ssh_fips_mode()) {
         assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
@@ -95,7 +115,7 @@ static void torture_options_set_ciphers(void **state) {
     /* Test one unknown cipher */
     rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S,
                          "aes128-ctr,unknown-crap@example.com,aes256-ctr");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_CRYPT_C_S]);
     assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
                         "aes128-ctr,aes256-ctr");
@@ -106,6 +126,53 @@ static void torture_options_set_ciphers(void **state) {
     assert_false(rc == 0);
 }
 
+static void torture_options_get_ciphers(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    char *value = NULL;
+
+    /* Test defaults returned */
+    rc = ssh_options_get(session, SSH_OPTIONS_CIPHERS_C_S, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value,
+                            "aes256-gcm@openssh.com,"
+                            "aes256-ctr,"
+                            "aes256-cbc,"
+                            "aes128-gcm@openssh.com,"
+                            "aes128-ctr,"
+                            "aes128-cbc");
+    } else {
+        assert_string_equal(value,
+                            "chacha20-poly1305@openssh.com,"
+                            "aes256-gcm@openssh.com,"
+                            "aes128-gcm@openssh.com,"
+                            "aes256-ctr,"
+                            "aes192-ctr,"
+                            "aes128-ctr");
+    }
+    ssh_string_free_char(value);
+
+    /* Test explicit ciphers */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CIPHERS_C_S,
+                         "aes128-ctr,aes192-ctr,aes256-ctr");
+    assert_ssh_return_code(session, rc);
+
+    value = NULL;
+    rc = ssh_options_get(session, SSH_OPTIONS_CIPHERS_C_S, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value, "aes128-ctr,aes256-ctr");
+    } else {
+        assert_string_equal(value, "aes128-ctr,aes192-ctr,aes256-ctr");
+    }
+    ssh_string_free_char(value);
+}
+
 static void torture_options_set_key_exchange(void **state)
 {
     ssh_session session = *state;
@@ -119,7 +186,7 @@ static void torture_options_set_key_exchange(void **state)
                          "diffie-hellman-group18-sha512,"
                          "diffie-hellman-group14-sha256,"
                          "diffie-hellman-group14-sha1");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_KEX]);
     if (ssh_fips_mode()) {
         assert_string_equal(session->opts.wanted_methods[SSH_KEX],
@@ -141,7 +208,7 @@ static void torture_options_set_key_exchange(void **state)
                          "diffie-hellman-group16-sha512,"
                          "unknown-crap@example.com,"
                          "diffie-hellman-group18-sha512");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_KEX]);
     assert_string_equal(session->opts.wanted_methods[SSH_KEX],
                         "diffie-hellman-group16-sha512,"
@@ -154,7 +221,68 @@ static void torture_options_set_key_exchange(void **state)
     assert_false(rc == 0);
 }
 
-static void torture_options_set_hostkey(void **state) {
+static void torture_options_get_key_exchange(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    char *value = NULL;
+
+    /* Test defaults returned */
+    rc = ssh_options_get(session, SSH_OPTIONS_KEY_EXCHANGE, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value,
+                            "ecdh-sha2-nistp256,"
+                            "ecdh-sha2-nistp384,"
+                            "ecdh-sha2-nistp521,"
+                            "diffie-hellman-group-exchange-sha256,"
+                            "diffie-hellman-group14-sha256,"
+                            "diffie-hellman-group16-sha512,"
+                            "diffie-hellman-group18-sha512");
+    } else {
+        assert_string_equal(value,
+                            "curve25519-sha256,curve25519-sha256@libssh.org,"
+                            "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
+                            "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group16-sha512,"
+                            "diffie-hellman-group-exchange-sha256,"
+                            "diffie-hellman-group14-sha256");
+    }
+    ssh_string_free_char(value);
+
+    /* Test explicit kexes */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_KEY_EXCHANGE,
+                         "curve25519-sha256,curve25519-sha256@libssh.org,"
+                         "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
+                         "diffie-hellman-group18-sha512,"
+                         "diffie-hellman-group14-sha256,"
+                         "diffie-hellman-group14-sha1");
+    assert_ssh_return_code(session, rc);
+
+    value = NULL;
+    rc = ssh_options_get(session, SSH_OPTIONS_KEY_EXCHANGE, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value,
+                            "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
+                            "diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group14-sha256");
+    } else {
+        assert_string_equal(value,
+                            "curve25519-sha256,curve25519-sha256@libssh.org,"
+                            "ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
+                            "diffie-hellman-group18-sha512,"
+                            "diffie-hellman-group14-sha256,"
+                            "diffie-hellman-group14-sha1");
+    }
+    ssh_string_free_char(value);
+}
+
+static void torture_options_set_hostkey(void **state)
+{
     ssh_session session = *state;
     int rc;
 
@@ -162,14 +290,14 @@ static void torture_options_set_hostkey(void **state) {
     rc = ssh_options_set(session,
                          SSH_OPTIONS_HOSTKEYS,
                          "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
     if (ssh_fips_mode()) {
         assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
-                "ecdsa-sha2-nistp384");
+                            "ecdsa-sha2-nistp384");
     } else {
         assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
-                "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+                            "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
     }
 
     /* Test one unknown host key */
@@ -178,7 +306,7 @@ static void torture_options_set_hostkey(void **state) {
                          "ecdsa-sha2-nistp521,"
                          "unknown-crap@example.com,"
                          "rsa-sha2-256");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_HOSTKEYS]);
     assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
                         "ecdsa-sha2-nistp521,"
@@ -191,7 +319,63 @@ static void torture_options_set_hostkey(void **state) {
     assert_false(rc == 0);
 }
 
-static void torture_options_set_pubkey_accepted_types(void **state) {
+static void torture_options_get_hostkey(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    char *value = NULL;
+
+    rc = ssh_options_get(session, SSH_OPTIONS_HOSTKEYS, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value,
+                            "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
+                            "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
+                            "ecdsa-sha2-nistp256-cert-v01@openssh.com,"
+                            "rsa-sha2-512-cert-v01@openssh.com,"
+                            "rsa-sha2-256-cert-v01@openssh.com,"
+                            "ecdsa-sha2-nistp521,"
+                            "ecdsa-sha2-nistp384,"
+                            "ecdsa-sha2-nistp256,"
+                            "rsa-sha2-512,"
+                            "rsa-sha2-256");
+    } else {
+        assert_string_equal(value,
+                            "ssh-ed25519-cert-v01@openssh.com,"
+                            "ecdsa-sha2-nistp521-cert-v01@openssh.com,"
+                            "ecdsa-sha2-nistp384-cert-v01@openssh.com,"
+                            "ecdsa-sha2-nistp256-cert-v01@openssh.com,"
+                            "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,"
+                            "rsa-sha2-512-cert-v01@openssh.com,"
+                            "rsa-sha2-256-cert-v01@openssh.com,"
+                            "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,"
+                            "ecdsa-sha2-nistp256,sk-ssh-ed25519@openssh.com,"
+                            "sk-ecdsa-sha2-nistp256@openssh.com,"
+                            "rsa-sha2-512,rsa-sha2-256");
+    }
+    ssh_string_free_char(value);
+
+    /* Test explicit host keys */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_HOSTKEYS,
+                         "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+    assert_ssh_return_code(session, rc);
+
+    value = NULL;
+    rc = ssh_options_get(session, SSH_OPTIONS_HOSTKEYS, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value, "ecdsa-sha2-nistp384");
+    } else {
+        assert_string_equal(value, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+    }
+    ssh_string_free_char(value);
+}
+
+static void torture_options_set_pubkey_accepted_types(void **state)
+{
     ssh_session session = *state;
     int rc;
     enum ssh_digest_e type;
@@ -200,7 +384,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
     rc = ssh_options_set(session,
                          SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                          "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.pubkey_accepted_types);
     if (ssh_fips_mode()) {
         assert_string_equal(session->opts.pubkey_accepted_types,
@@ -215,7 +399,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
         rc = ssh_options_set(session,
                              SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                              "ssh-ed25519,unknown-crap@example.com,ssh-rsa");
-        assert_true(rc == 0);
+        assert_ssh_return_code(session, rc);
         assert_non_null(session->opts.pubkey_accepted_types);
         assert_string_equal(session->opts.pubkey_accepted_types,
                             "ssh-ed25519,ssh-rsa");
@@ -230,7 +414,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
         /* simulate the SHA2 extension was negotiated */
         session->extensions = SSH_EXT_SIG_RSA_SHA256;
 
-        /* previous configuration did not list the SHA2 extension algoritms, so
+        /* previous configuration did not list the SHA2 extension algorithms, so
          * it should not be used */
         type = ssh_key_type_to_hash(session, SSH_KEYTYPE_RSA);
         assert_int_equal(type, SSH_DIGEST_SHA1);
@@ -241,7 +425,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
     rc = ssh_options_set(session,
                          SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
                          "rsa-sha2-256,ssh-rsa");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.pubkey_accepted_types);
     if (ssh_fips_mode()) {
         assert_string_equal(session->opts.pubkey_accepted_types,
@@ -259,37 +443,206 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
     assert_int_equal(type, SSH_DIGEST_SHA256);
 }
 
-static void torture_options_set_macs(void **state) {
+static void torture_options_get_pubkey_accepted_types(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    char *value = NULL;
+
+    /* Test known public key algorithms */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+                         "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_get(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value, "ecdsa-sha2-nistp384");
+    } else {
+        assert_string_equal(value, "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+    }
+    ssh_string_free_char(value);
+}
+
+
+static void torture_options_set_macs(void **state)
+{
     ssh_session session = *state;
     int rc;
 
     /* Test known MACs */
     rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1");
-    assert_true(rc == 0);
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
     assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1");
 
     /* Test multiple known MACs */
     rc = ssh_options_set(session,
                          SSH_OPTIONS_HMAC_S_C,
-                         "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
-    assert_true(rc == 0);
+                         "hmac-sha1-etm@openssh.com,"
+                         "hmac-sha2-256-etm@openssh.com,"
+                         "hmac-sha1,hmac-sha2-256");
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
     assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
-                        "hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha2-256");
+                        "hmac-sha1-etm@openssh.com,"
+                        "hmac-sha2-256-etm@openssh.com,"
+                        "hmac-sha1,hmac-sha2-256");
 
     /* Test unknown MACs */
-    rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1-etm@openssh.com,unknown@example.com");
-    assert_true(rc == 0);
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_HMAC_S_C,
+                         "unknown-crap@example.com,hmac-sha1-etm@openssh.com,"
+                         "unknown@example.com");
+    assert_ssh_return_code(session, rc);
     assert_non_null(session->opts.wanted_methods[SSH_MAC_S_C]);
-    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1-etm@openssh.com");
+    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
+                        "hmac-sha1-etm@openssh.com");
 
     /* Test all unknown MACs */
-    rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com");
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_HMAC_S_C,
+                         "unknown-crap@example.com");
+    assert_false(rc == 0);
+}
+
+static void torture_options_get_macs(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    char *value = NULL;
+
+    /* test defaults returned */
+    rc = ssh_options_get(session, SSH_OPTIONS_HMAC_S_C, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    if (ssh_fips_mode()) {
+        assert_string_equal(value,
+                            "hmac-sha2-256-etm@openssh.com,"
+                            "hmac-sha1-etm@openssh.com,"
+                            "hmac-sha2-512-etm@openssh.com,"
+                            "hmac-sha2-256,"
+                            "hmac-sha1,"
+                            "hmac-sha2-512");
+    } else {
+        assert_string_equal(value,
+                            "hmac-sha2-256-etm@openssh.com,"
+                            "hmac-sha2-512-etm@openssh.com,"
+                            "hmac-sha2-256,"
+                            "hmac-sha2-512");
+    }
+    ssh_string_free_char(value);
+
+    /* Test known MACs */
+    rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "hmac-sha1");
+    assert_ssh_return_code(session, rc);
+
+    value = NULL;
+    rc = ssh_options_get(session, SSH_OPTIONS_HMAC_S_C, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    assert_string_equal(value, "hmac-sha1");
+    ssh_string_free_char(value);
+}
+
+static void torture_options_set_compression(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    const char *known_value;
+    const char *multiple;
+
+#ifdef WITH_ZLIB
+    if (ssh_fips_mode()) {
+        known_value = "none";
+        multiple = "none,squeeze";
+    } else {
+        known_value = "zlib";
+        multiple = "zlib,squeeze";
+    }
+#else
+    known_value = "none";
+    multiple = "none,squeeze";
+#endif
+
+    /* Test known compression */
+    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, known_value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        known_value);
+
+    /* Test multiple known compression */
+    if (!ssh_fips_mode()) {
+        rc = ssh_options_set(session,
+                             SSH_OPTIONS_COMPRESSION_S_C,
+                             "none,zlib@openssh.com");
+        assert_ssh_return_code(session, rc);
+        assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
+#ifdef WITH_ZLIB
+        assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                            "none,zlib@openssh.com");
+#else
+        assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], "none");
+#endif
+    }
+
+    /* Test unknown compression */
+    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, multiple);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(session->opts.wanted_methods[SSH_COMP_S_C]);
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        known_value);
+
+    /* Test all unknown compression */
+    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "squeeze");
     assert_false(rc == 0);
 }
 
-static void torture_options_get_host(void **state) {
+static void torture_options_get_compression(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    char *value = NULL;
+    const char *test_value = NULL;
+
+#ifdef WITH_ZLIB
+    if (ssh_fips_mode()) {
+        test_value = "none";
+    } else {
+        test_value = "zlib@openssh.com";
+    }
+#else
+    test_value = "none";
+#endif
+
+    /* test defaults returned */
+    rc = ssh_options_get(session, SSH_OPTIONS_COMPRESSION_S_C, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+#ifdef WITH_ZLIB
+    assert_string_equal(value, "none,zlib@openssh.com");
+#else
+    assert_string_equal(value, "none");
+#endif
+    ssh_string_free_char(value);
+
+    /* Test known compression */
+    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, test_value);
+    assert_ssh_return_code(session, rc);
+
+    value = NULL;
+    rc = ssh_options_get(session, SSH_OPTIONS_COMPRESSION_S_C, &value);
+    assert_ssh_return_code(session, rc);
+    assert_non_null(value);
+    assert_string_equal(value, test_value);
+    ssh_string_free_char(value);
+}
+
+static void torture_options_get_host(void **state)
+{
     ssh_session session = *state;
     int rc;
     char* host = NULL;
@@ -301,10 +654,11 @@ static void torture_options_get_host(void **state) {
     assert_false(ssh_options_get(session, SSH_OPTIONS_HOST, &host));
 
     assert_string_equal(host, "localhost");
-    free(host);
+    ssh_string_free_char(host);
 }
 
-static void torture_options_set_port(void **state) {
+static void torture_options_set_port(void **state)
+{
     ssh_session session = *state;
     int rc;
     unsigned int port = 42;
@@ -319,37 +673,43 @@ static void torture_options_set_port(void **state) {
 
     rc = ssh_options_set(session, SSH_OPTIONS_PORT_STR, "five");
     assert_true(rc == -1);
+    assert_int_not_equal(session->opts.port, 0);
 
     rc = ssh_options_set(session, SSH_OPTIONS_PORT, NULL);
     assert_true(rc == -1);
 }
 
-static void torture_options_get_port(void **state) {
-  ssh_session session = *state;
-  unsigned int given_port = 1234;
-  unsigned int port_container;
-  int rc;
-  rc = ssh_options_set(session, SSH_OPTIONS_PORT, &given_port);
-  assert_true(rc == 0);
-  rc = ssh_options_get_port(session, &port_container);
-  assert_true(rc == 0);
-  assert_int_equal(port_container, 1234);
-}
-
-static void torture_options_get_user(void **state) {
-  ssh_session session = *state;
-  char* user = NULL;
-  int rc;
-  rc = ssh_options_set(session, SSH_OPTIONS_USER, "magicaltrevor");
-  assert_int_equal(rc, SSH_OK);
-  rc = ssh_options_get(session, SSH_OPTIONS_USER, &user);
-  assert_int_equal(rc, SSH_OK);
-  assert_non_null(user);
-  assert_string_equal(user, "magicaltrevor");
-  free(user);
-}
-
-static void torture_options_set_fd(void **state) {
+static void torture_options_get_port(void **state)
+{
+    ssh_session session = *state;
+    unsigned int given_port = 1234;
+    unsigned int port_container;
+    int rc;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_PORT, &given_port);
+    assert_true(rc == 0);
+    rc = ssh_options_get_port(session, &port_container);
+    assert_true(rc == 0);
+    assert_int_equal(port_container, 1234);
+}
+
+static void torture_options_get_user(void **state)
+{
+    ssh_session session = *state;
+    char *user = NULL;
+    int rc;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, "magicaltrevor");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_options_get(session, SSH_OPTIONS_USER, &user);
+    assert_int_equal(rc, SSH_OK);
+    assert_non_null(user);
+    assert_string_equal(user, "magicaltrevor");
+    ssh_string_free_char(user);
+}
+
+static void torture_options_set_fd(void **state)
+{
     ssh_session session = *state;
     socket_t fd = 42;
     int rc;
@@ -363,7 +723,8 @@ static void torture_options_set_fd(void **state) {
     assert_true(session->opts.fd == SSH_INVALID_SOCKET);
 }
 
-static void torture_options_set_user(void **state) {
+static void torture_options_set_user(void **state)
+{
     ssh_session session = *state;
     int rc;
 #ifndef _WIN32
@@ -379,6 +740,9 @@ static void torture_options_set_user(void **state) {
     assert_true(rc == 0);
 #endif /* _WIN32 */
 
+    rc = ssh_options_set(session, SSH_OPTIONS_USER, "&shallN()tP4ss");
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+
     rc = ssh_options_set(session, SSH_OPTIONS_USER, "guru");
     assert_true(rc == 0);
     assert_string_equal(session->opts.username, "guru");
@@ -392,29 +756,26 @@ static void torture_options_set_user(void **state) {
 #endif
 }
 
-/* TODO */
-#if 0
-static voidtorture_options_set_sshdir)
+static void torture_options_set_identity(void **state)
 {
-}
-END_TEST
-#endif
-
-static void torture_options_set_identity(void **state) {
     ssh_session session = *state;
     int rc;
 
     rc = ssh_options_set(session, SSH_OPTIONS_ADD_IDENTITY, "identity1");
     assert_true(rc == 0);
-    assert_string_equal(session->opts.identity->root->data, "identity1");
+    assert_string_equal(session->opts.identity_non_exp->root->data,
+                        "identity1");
 
     rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, "identity2");
     assert_true(rc == 0);
-    assert_string_equal(session->opts.identity->root->data, "identity2");
-    assert_string_equal(session->opts.identity->root->next->data, "identity1");
+    assert_string_equal(session->opts.identity_non_exp->root->data,
+                        "identity2");
+    assert_string_equal(session->opts.identity_non_exp->root->next->data,
+                        "identity1");
 }
 
-static void torture_options_get_identity(void **state) {
+static void torture_options_get_identity(void **state)
+{
     ssh_session session = *state;
     char *identity = NULL;
     int rc;
@@ -429,12 +790,13 @@ static void torture_options_get_identity(void **state) {
 
     rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, "identity2");
     assert_int_equal(rc, SSH_OK);
-    assert_string_equal(session->opts.identity->root->data, "identity2");
+    assert_string_equal(session->opts.identity_non_exp->root->data,
+                        "identity2");
     rc = ssh_options_get(session, SSH_OPTIONS_IDENTITY, &identity);
     assert_int_equal(rc, SSH_OK);
     assert_non_null(identity);
     assert_string_equal(identity, "identity2");
-    free(identity);
+    ssh_string_free_char(identity);
 }
 
 static void torture_options_set_global_knownhosts(void **state)
@@ -534,32 +896,105 @@ static void torture_options_proxycommand(void **state) {
     assert_null(session->opts.ProxyCommand);
 }
 
-static void torture_options_config_host(void **state) {
+static void torture_options_control_master (void **state)
+{
     ssh_session session = *state;
-    FILE *config = NULL;
+    int rc, val = SSH_CONTROL_MASTER_NO;
 
-    /* create a new config file */
-    config = fopen("test_config", "w");
-    assert_non_null(config);
-    fputs("Host testhost1\nPort 42\n"
-          "Host testhost2,testhost3\nPort 43\n"
-          "Host testhost4 testhost5\nPort 44\n",
-          config);
-    fclose(config);
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_MASTER,
+                         &val);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_NO);
 
-    ssh_options_set(session, SSH_OPTIONS_HOST, "testhost1");
-    ssh_options_parse_config(session, "test_config");
+    val = SSH_CONTROL_MASTER_AUTO;
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_MASTER,
+                         &val);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_AUTO);
 
-    assert_int_equal(session->opts.port, 42);
+    val = SSH_CONTROL_MASTER_YES;
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_MASTER,
+                         &val);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_YES);
 
-    torture_reset_config(session);
-    ssh_options_set(session, SSH_OPTIONS_HOST, "testhost2");
-    ssh_options_parse_config(session, "test_config");
-    assert_int_equal(session->opts.port, 43);
+    val = SSH_CONTROL_MASTER_ASK;
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_MASTER,
+                         &val);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_ASK);
 
-    session->opts.port = 0;
+    val = SSH_CONTROL_MASTER_AUTOASK;
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_MASTER,
+                         &val);
+    assert_int_equal(rc, SSH_OK);
+    assert_int_equal(session->opts.control_master, SSH_CONTROL_MASTER_AUTOASK);
 
-    torture_reset_config(session);
+    val = 255;
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_MASTER,
+                         &val);
+    assert_int_equal(rc, SSH_ERROR);
+}
+
+static void torture_options_control_path(void **state)
+{
+    ssh_session session = *state;
+    char *str = NULL;
+    int rc;
+
+    /* Set Control Path */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_CONTROL_PATH,
+                         "/tmp/ssh-%r@%h:%p");
+    assert_int_equal(rc, 0);
+
+    assert_string_equal(session->opts.control_path, "/tmp/ssh-%r@%h:%p");
+
+    rc = ssh_options_get(session, SSH_OPTIONS_CONTROL_PATH, &str);
+    assert_int_equal(rc, 0);
+    assert_string_equal(str, "/tmp/ssh-%r@%h:%p");
+
+    /* Disable Multiplexing */
+    rc = ssh_options_set(session, SSH_OPTIONS_CONTROL_PATH, "none");
+    assert_int_equal(rc, 0);
+
+    assert_null(session->opts.control_path);
+    SSH_STRING_FREE_CHAR(str);
+}
+
+static void torture_options_config_host(void **state)
+{
+    ssh_session session = *state;
+    FILE *config = NULL;
+
+    /* create a new config file */
+    config = fopen("test_config", "w");
+    assert_non_null(config);
+    fputs("Host testhost1\nPort 42\n"
+          "Host testhost2,testhost3\nPort 43\n"
+          "Host testhost4 testhost5\nPort 44\n",
+          config);
+    fclose(config);
+
+    ssh_options_set(session, SSH_OPTIONS_HOST, "testhost1");
+    ssh_options_parse_config(session, "test_config");
+
+    assert_int_equal(session->opts.port, 42);
+
+    torture_reset_config(session);
+    ssh_options_set(session, SSH_OPTIONS_HOST, "testhost2");
+    ssh_options_parse_config(session, "test_config");
+    assert_int_equal(session->opts.port, 43);
+
+    session->opts.port = 0;
+
+    torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "testhost3");
     ssh_options_parse_config(session, "test_config");
     assert_int_equal(session->opts.port, 43);
@@ -597,7 +1032,7 @@ static void torture_options_config_match(void **state)
     fclose(config);
 
     rv = ssh_options_parse_config(session, "test_config");
-    assert_ssh_return_code_equal(session, rv, SSH_ERROR);
+    assert_ssh_return_code_equal(session, rv, SSH_OK);
 
     /* The Match all keyword needs to be the only one (start) */
     torture_reset_config(session);
@@ -685,7 +1120,7 @@ static void torture_options_config_match(void **state)
     localuser = ssh_get_local_username();
     assert_non_null(localuser);
     fputs(localuser, config);
-    free(localuser);
+    ssh_string_free_char(localuser);
     fputs("\n"
           "\tPort 33\n"
           "Match all\n"
@@ -712,7 +1147,7 @@ static void torture_options_config_match(void **state)
 
     rv = ssh_options_parse_config(session, "test_config");
     assert_ssh_return_code(session, rv);
-#ifdef _WIN32
+#ifndef WITH_EXEC
     /* The match exec is not supported on windows at this moment */
     assert_int_equal(session->opts.port, 34);
 #else
@@ -734,7 +1169,7 @@ static void torture_options_config_match(void **state)
 
     rv = ssh_options_parse_config(session, "test_config");
     assert_ssh_return_code(session, rv);
-#ifdef _WIN32
+#ifndef WITH_EXEC
     /* The match exec is not supported on windows at this moment */
     assert_int_equal(session->opts.port, 34);
 #else
@@ -787,7 +1222,7 @@ static void torture_options_config_match_multi(void **state)
 
     rv = ssh_options_parse_config(session, "test_config");
     assert_ssh_return_code(session, rv);
-#ifdef _WIN32
+#ifndef WITH_EXEC
     /* The match exec is not supported on windows at this moment */
     assert_int_equal(session->opts.port, 34);
 #else
@@ -834,6 +1269,9 @@ static void torture_options_copy(void **state)
     config = fopen("test_config", "w");
     assert_non_null(config);
     fputs("IdentityFile ~/.ssh/id_ecdsa\n"
+          "IdentityFile ~/.ssh/my_rsa\n"
+          "CertificateFile ~/.ssh/my_rsa-cert.pub\n"
+          "CertificateFile ~/.ssh/id_ecdsa-cert.pub\n"
           "User tester\n"
           "Hostname example.com\n"
           "BindAddress 127.0.0.2\n"
@@ -846,6 +1284,8 @@ static void torture_options_copy(void **state)
           "Compression yes\n"
           "PubkeyAcceptedAlgorithms ssh-ed25519,ecdsa-sha2-nistp521\n"
           "ProxyCommand nc 127.0.0.10 22\n"
+          "ControlMaster ask\n"
+          "ControlPath /tmp/ssh-%r@%h:%p\n"
           /* ops.custombanner */
           "ConnectTimeout 42\n"
           "Port 222\n"
@@ -867,9 +1307,22 @@ static void torture_options_copy(void **state)
     assert_non_null(new);
 
     /* Check the identities match */
-    it = ssh_list_get_iterator(session->opts.identity);
+    it = ssh_list_get_iterator(session->opts.identity_non_exp);
     assert_non_null(it);
-    it2 = ssh_list_get_iterator(new->opts.identity);
+    it2 = ssh_list_get_iterator(new->opts.identity_non_exp);
+    assert_non_null(it2);
+    while (it != NULL && it2 != NULL) {
+        assert_string_equal(it->data, it2->data);
+        it = it->next;
+        it2 = it2->next;
+    }
+    assert_null(it);
+    assert_null(it2);
+
+    /* Check the certificates match */
+    it = ssh_list_get_iterator(session->opts.certificate_non_exp);
+    assert_non_null(it);
+    it2 = ssh_list_get_iterator(new->opts.certificate_non_exp);
     assert_non_null(it2);
     while (it != NULL && it2 != NULL) {
         assert_string_equal(it->data, it2->data);
@@ -897,10 +1350,12 @@ static void torture_options_copy(void **state)
     assert_string_equal(session->opts.pubkey_accepted_types,
                         new->opts.pubkey_accepted_types);
     assert_string_equal(session->opts.ProxyCommand, new->opts.ProxyCommand);
+    assert_null(new->opts.control_path);
     /* TODO custombanner */
     assert_int_equal(session->opts.timeout, new->opts.timeout);
     assert_int_equal(session->opts.timeout_usec, new->opts.timeout_usec);
     assert_int_equal(session->opts.port, new->opts.port);
+    assert_int_equal(session->opts.control_master, new->opts.control_master);
     assert_int_equal(session->opts.StrictHostKeyChecking,
                      new->opts.StrictHostKeyChecking);
     assert_int_equal(session->opts.compressionlevel,
@@ -918,6 +1373,34 @@ static void torture_options_copy(void **state)
                         sizeof(session->opts.options_seen));
 
     ssh_free(new);
+
+    /* test if ssh_options_apply was called before ssh_options_copy
+     * the opts.identity list gets copied (percent expanded list) */
+    rv = ssh_options_apply(session);
+    assert_ssh_return_code(session, rv);
+
+    rv = ssh_options_copy(session, &new);
+    assert_ssh_return_code(session, rv);
+    assert_non_null(new);
+
+    it = ssh_list_get_iterator(session->opts.identity_non_exp);
+    assert_null(it);
+    it2 = ssh_list_get_iterator(new->opts.identity_non_exp);
+    assert_null(it2);
+
+    it = ssh_list_get_iterator(session->opts.identity);
+    assert_non_null(it);
+    it2 = ssh_list_get_iterator(new->opts.identity);
+    assert_non_null(it2);
+    while (it != NULL && it2 != NULL) {
+        assert_string_equal(it->data, it2->data);
+        it = it->next;
+        it2 = it2->next;
+    }
+    assert_null(it);
+    assert_null(it2);
+
+    ssh_free(new);
 }
 
 #define EXECUTABLE_NAME "test-exec"
@@ -930,8 +1413,6 @@ static void torture_options_getopt(void **state)
                     "-vv", "-v", "-r", "-c", "aes128-ctr",
                     "-i", "id_rsa", "-C", "-2", "-1", NULL};
     int argc = sizeof(argv)/sizeof(char *) - 1;
-    const char *argv_invalid[] = {EXECUTABLE_NAME, "-r", "-d", NULL};
-
     previous_level = ssh_get_log_level();
 
     /* Test with all the supported options */
@@ -942,149 +1423,573 @@ static void torture_options_getopt(void **state)
 #else
     assert_ssh_return_code(session, rc);
 
-    /* Restore the log level to previous value first */
-    new_level = ssh_get_log_level();
-    assert_int_equal(new_level, 3); /* 2 + 1 -v's */
-    rc = ssh_set_log_level(previous_level);
-    assert_int_equal(rc, SSH_OK);
+    /* Restore the log level to previous value first */
+    new_level = ssh_get_log_level();
+    assert_int_equal(new_level, 3); /* 2 + 1 -v's */
+    rc = ssh_set_log_level(previous_level);
+    assert_int_equal(rc, SSH_OK);
+
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.username, "username");
+    assert_int_equal(session->opts.port, 222);
+    /* The -r (usersa) is noop */
+    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
+                        "aes128-ctr");
+    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_S_C],
+                        "aes128-ctr");
+    assert_string_equal(session->opts.identity_non_exp->root->data, "id_rsa");
+#ifdef WITH_ZLIB
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+                        "zlib@openssh.com,none");
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        "zlib@openssh.com,none");
+#else
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+                        "none");
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        "none");
+#endif
+    /* -1 and -2 are noop */
+
+
+    /* It should ignore unknown arguments */
+    argv[1] = "-F";
+    argv[2] = "config_file";
+    argv[3] = NULL;
+    argc = 3;
+    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(argc, 3);
+    assert_string_equal(argv[0], EXECUTABLE_NAME);
+    assert_string_equal(argv[1], "-F");
+    assert_string_equal(argv[2], "config_file");
+
+
+    /* It should not mess with unknown arguments order */
+    argv[1] = "-F";
+    argv[2] = "config_file";
+    argv[3] = "-M";
+    argv[4] = "hmac-sha1";
+    argv[5] = "-X";
+    argv[6] = NULL;
+    argc = 6;
+    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(argc, 6);
+    assert_string_equal(argv[0], EXECUTABLE_NAME);
+    assert_string_equal(argv[1], "-F");
+    assert_string_equal(argv[2], "config_file");
+    assert_string_equal(argv[3], "-M");
+    assert_string_equal(argv[4], "hmac-sha1");
+    assert_string_equal(argv[5], "-X");
+
+
+    /* Trailing arguments should be passed as they are */
+    argv[1] = "-F";
+    argv[2] = "config_file";
+    argv[3] = "-M";
+    argv[4] = "hmac-sha1";
+    argv[5] = "example.com";
+    argv[6] = NULL;
+    argc = 6;
+    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(argc, 6);
+    assert_string_equal(argv[0], EXECUTABLE_NAME);
+    assert_string_equal(argv[1], "-F");
+    assert_string_equal(argv[2], "config_file");
+    assert_string_equal(argv[3], "-M");
+    assert_string_equal(argv[4], "hmac-sha1");
+    assert_string_equal(argv[5], "example.com");
+
+    /* Corner case: only one argument */
+    argv[1] = "-C";
+    argv[2] = NULL;
+    argc = 2;
+    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "no");
+    assert_ssh_return_code(session, rc);
+#ifdef WITH_ZLIB
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+                        "none,zlib@openssh.com");
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        "none,zlib@openssh.com");
+#else
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+                        "none");
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        "none");
+#endif
+
+    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(argc, 1);
+    assert_string_equal(argv[0], EXECUTABLE_NAME);
+#ifdef WITH_ZLIB
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+                        "zlib@openssh.com,none");
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        "zlib@openssh.com,none");
+#else
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+                        "none");
+    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+                        "none");
+#endif
+
+    /* Corner case: only hostname is not parsed */
+    argv[1] = "example.com";
+    argv[2] = NULL;
+    argc = 2;
+    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(argc, 2);
+    assert_string_equal(argv[0], EXECUTABLE_NAME);
+    assert_string_equal(argv[1], "example.com");
+
+    /* Corner case: no arguments */
+    argv[1] = NULL;
+    argc = 1;
+    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    assert_ssh_return_code(session, rc);
+    assert_int_equal(argc, 1);
+    assert_string_equal(argv[0], EXECUTABLE_NAME);
+
+#endif /* _NSC_VER */
+}
+
+static void torture_options_plus_sign(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    const char *def_host_alg, *alg, *algs;
+    char *awaited;
+    size_t alg_len, algs_len;
+
+    if (ssh_fips_mode()) {
+        alg = ",rsa-sha2-512-cert-v01@openssh.com";
+        algs = ",rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp521";
+        def_host_alg = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+    } else {
+        alg = ",ssh-rsa";
+        algs = ",ssh-rsa,ssh-rsa-cert-v01@openssh.com";
+        def_host_alg = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    }
+    alg_len = strlen(alg);
+    algs_len = strlen(algs);
+
+    /* in fips mode, the default list is the available list, which means
+     * we can't append anything because everything enabled is already
+     * included */
+    if (ssh_fips_mode()) {
+        awaited = strdup(def_host_alg);
+        assert_non_null(awaited);
+    } else {
+        awaited = calloc(strlen(def_host_alg) + alg_len + 1, 1);
+        assert_non_null(awaited);
+
+        memcpy(awaited, def_host_alg, strlen(def_host_alg));
+        memcpy(awaited+strlen(def_host_alg), alg, alg_len);
+    }
+
+    if (ssh_fips_mode()) {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "+rsa-sha2-512-cert-v01@openssh.com");
+    } else {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "+ssh-rsa");
+    }
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        awaited);
+
+    if (!ssh_fips_mode()) {
+        /* different algorithm list is used here */
+        free(awaited);
+
+        awaited = calloc(strlen(def_host_alg) + algs_len + 1, 1);
+        assert_non_null(awaited);
+        memcpy(awaited, def_host_alg, strlen(def_host_alg));
+        memcpy(awaited+strlen(def_host_alg), algs, algs_len);
+    }
+
+    if (ssh_fips_mode()) {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS,
+                             "+rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp521");
+    } else {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS,
+                             "+ssh-rsa,ssh-rsa-cert-v01@openssh.com");
+    }
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        awaited);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "+");
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "+blablabla");
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        def_host_alg);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, NULL);
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+
+    free(awaited);
+}
+
+static void torture_options_minus_sign(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    const char *def_host_alg, *alg, *algs;
+    char *awaited, *p;
+    size_t alg_len, algs_len;
+
+    if (ssh_fips_mode()) {
+        alg = "rsa-sha2-512-cert-v01@openssh.com,";
+        algs = "rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp521,";
+        def_host_alg = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+    } else {
+        alg = "ssh-ed25519,";
+        algs = "ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,";
+        def_host_alg = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    }
+    alg_len = strlen(alg);
+    algs_len = strlen(algs);
+
+    awaited = calloc(strlen(def_host_alg) + 1, 1);
+    assert_non_null(awaited);
+
+    memcpy(awaited, def_host_alg, strlen(def_host_alg));
+    p = strstr(awaited, alg);
+    assert_non_null(p);
+    memmove(p, p+alg_len, strlen(p + alg_len) + 1);
+
+    if (ssh_fips_mode()) {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "-rsa-sha2-512-cert-v01@openssh.com");
+    } else {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "-ssh-ed25519");
+    }
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        awaited);
+
+    p = strstr(awaited, algs);
+    assert_non_null(p);
+    memmove(p, p+algs_len, strlen(p + algs_len) + 1);
+
+    if (ssh_fips_mode()) {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp521");
+    } else {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "-ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384");
+    }
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        awaited);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "-");
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        def_host_alg);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "-blablabla");
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        def_host_alg);
+
+    free(awaited);
+}
+
+static void torture_options_caret_sign(void **state)
+{
+    ssh_session session = *state;
+    int rc;
+    const char *def_host_alg, *alg, *algs;
+    size_t alg_len, algs_len;
+    char *awaited, *p;
+
+    if (ssh_fips_mode()) {
+        alg = "rsa-sha2-512-cert-v01@openssh.com,";
+        algs = "rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp521,";
+        def_host_alg = ssh_kex_get_fips_methods(SSH_HOSTKEYS);
+    } else {
+        alg = "ssh-rsa,";
+        algs = "ssh-rsa,ssh-rsa-cert-v01@openssh.com,";
+        def_host_alg = ssh_kex_get_default_methods(SSH_HOSTKEYS);
+    }
+    alg_len = strlen(alg);
+    algs_len = strlen(algs);
+
+    awaited = calloc(strlen(def_host_alg) + alg_len + 1, 1);
+    assert_non_null(awaited);
+
+    memcpy(awaited, alg, alg_len);
+    memcpy(awaited+alg_len, def_host_alg, strlen(def_host_alg));
+    if (ssh_fips_mode()) {
+        p = strstr(awaited, alg);
+        /* look for second occurrence */
+        p = strstr(p+1, algs);
+        memmove(p, p+alg_len, strlen(p + alg_len) + 1);
+    }
+
+    if (ssh_fips_mode()) {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "^rsa-sha2-512-cert-v01@openssh.com");
+    } else {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "^ssh-rsa");
+    }
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        awaited);
+    /* different algorithm list is used here */
+    free(awaited);
+
+    awaited = calloc(strlen(def_host_alg) + algs_len + 1, 1);
+    assert_non_null(awaited);
+    memcpy(awaited, algs, algs_len);
+    memcpy(awaited+algs_len, def_host_alg, strlen(def_host_alg));
+    if (ssh_fips_mode()) {
+        p = strstr(awaited, algs);
+        /* look for second occurrence */
+        p = strstr(p+1, algs);
+        memmove(p, p+algs_len, strlen(p + algs_len) + 1);
+    }
+
+    if (ssh_fips_mode()) {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS,
+                             "^rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp521");
+    } else {
+        rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS,
+                             "^ssh-rsa,ssh-rsa-cert-v01@openssh.com");
+    }
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        awaited);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "^");
+    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "^blablabla");
+    assert_ssh_return_code(session, rc);
+    assert_string_equal(session->opts.wanted_methods[SSH_HOSTKEYS],
+                        def_host_alg);
+
+    free(awaited);
+}
+
+static void torture_options_apply (void **state)
+{
+    ssh_session session = *state;
+    struct ssh_list *awaited_list = NULL;
+    struct ssh_iterator *it1 = NULL, *it2 = NULL;
+    char *id = NULL;
+    int rc;
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_KNOWNHOSTS,
+                         "%%d/.ssh/known_hosts");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
+                         "/etc/%%u/libssh/known_hosts");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_PROXYCOMMAND,
+                         "exec echo \"Hello libssh %%d!\"");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_ADD_IDENTITY,
+                         "%%d/do_not_expand");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_apply(session);
+    assert_ssh_return_code(session, rc);
+
+    /* check that the values got expanded */
+    assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS);
+    assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS);
+    assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND);
+    assert_true(ssh_list_count(session->opts.identity_non_exp) == 0);
+    assert_true(ssh_list_count(session->opts.identity) > 0);
+
+    /* should not change anything calling it again */
+    rc = ssh_options_apply(session);
+    assert_ssh_return_code(session, rc);
+
+    /* check that the expansion was done only once */
+    assert_string_equal(session->opts.knownhosts, "%d/.ssh/known_hosts");
+    assert_string_equal(session->opts.global_knownhosts,
+                        "/etc/%u/libssh/known_hosts");
+    /* no exec should be added if there already is one */
+    assert_string_equal(session->opts.ProxyCommand,
+                        "exec echo \"Hello libssh %d!\"");
+    assert_string_equal(session->opts.identity->root->data,
+                        "%d/do_not_expand");
+
+    /* apply should keep the freshest setting */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_KNOWNHOSTS,
+                         "hello there");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_GLOBAL_KNOWNHOSTS,
+                         "lorem ipsum");
+    assert_ssh_return_code(session, rc);
 
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_PROXYCOMMAND,
+                         "mission_impossible");
     assert_ssh_return_code(session, rc);
-    assert_string_equal(session->opts.username, "username");
-    assert_int_equal(session->opts.port, 222);
-    /* The -r (usersa) is noop */
-    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_C_S],
-                        "aes128-ctr");
-    assert_string_equal(session->opts.wanted_methods[SSH_CRYPT_S_C],
-                        "aes128-ctr");
-    assert_string_equal(session->opts.identity->root->data, "id_rsa");
-#ifdef WITH_ZLIB
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
-#else
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "none");
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "none");
-#endif
-    /* -1 and -2 are noop */
 
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_ADD_IDENTITY,
+                         "007");
+    assert_ssh_return_code(session, rc);
 
-    /* It should ignore unknown arguments */
-    argv[1] = "-F";
-    argv[2] = "config_file";
-    argv[3] = NULL;
-    argc = 3;
-    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_ADD_IDENTITY,
+                         "3");
     assert_ssh_return_code(session, rc);
-    assert_int_equal(argc, 3);
-    assert_string_equal(argv[0], EXECUTABLE_NAME);
-    assert_string_equal(argv[1], "-F");
-    assert_string_equal(argv[2], "config_file");
 
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_ADD_IDENTITY,
+                         "2");
+    assert_ssh_return_code(session, rc);
 
-    /* It should not mess with unknown arguments order */
-    argv[1] = "-F";
-    argv[2] = "config_file";
-    argv[3] = "-M";
-    argv[4] = "hmac-sha1";
-    argv[5] = "-X";
-    argv[6] = NULL;
-    argc = 6;
-    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_ADD_IDENTITY,
+                         "1");
     assert_ssh_return_code(session, rc);
-    assert_int_equal(argc, 6);
-    assert_string_equal(argv[0], EXECUTABLE_NAME);
-    assert_string_equal(argv[1], "-F");
-    assert_string_equal(argv[2], "config_file");
-    assert_string_equal(argv[3], "-M");
-    assert_string_equal(argv[4], "hmac-sha1");
-    assert_string_equal(argv[5], "-X");
 
+    /* check that flags show need of escape expansion */
+    assert_false(session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS);
+    assert_false(session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS);
+    assert_false(session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND);
+    assert_false(ssh_list_count(session->opts.identity_non_exp) == 0);
 
-    /* Trailing arguments should be passed as they are */
-    argv[1] = "-F";
-    argv[2] = "config_file";
-    argv[3] = "-M";
-    argv[4] = "hmac-sha1";
-    argv[5] = "example.com";
-    argv[6] = NULL;
-    argc = 6;
-    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    rc = ssh_options_apply(session);
     assert_ssh_return_code(session, rc);
-    assert_int_equal(argc, 6);
-    assert_string_equal(argv[0], EXECUTABLE_NAME);
-    assert_string_equal(argv[1], "-F");
-    assert_string_equal(argv[2], "config_file");
-    assert_string_equal(argv[3], "-M");
-    assert_string_equal(argv[4], "hmac-sha1");
-    assert_string_equal(argv[5], "example.com");
 
+    /* check that the values got expanded */
+    assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_KNOWNHOSTS);
+    assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS);
+    assert_true(session->opts.exp_flags & SSH_OPT_EXP_FLAG_PROXYCOMMAND);
+    assert_true(ssh_list_count(session->opts.identity_non_exp) == 0);
+
+    assert_string_equal(session->opts.knownhosts, "hello there");
+    assert_string_equal(session->opts.global_knownhosts, "lorem ipsum");
+    /* check that the "exec " was added at the beginning */
+    assert_string_equal(session->opts.ProxyCommand, "exec mission_impossible");
+    assert_string_equal(session->opts.identity->root->data, "1");
+
+    /* check the order of the identity files after double expansion */
+    awaited_list = ssh_list_new();
+    /* append the new data in order */
+    id = strdup("1");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+    id = strdup("2");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+    id = strdup("3");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+    id = strdup("007");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+    id = strdup("%d/do_not_expand");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+    /* append the defaults; this list is copied from ssh_new@src/session.c */
+    id = ssh_path_expand_escape(session, "%d/id_ed25519");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+#ifdef HAVE_ECC
+    id = ssh_path_expand_escape(session, "%d/id_ecdsa");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
+#endif
+    id = ssh_path_expand_escape(session, "%d/id_rsa");
+    rc = ssh_list_append(awaited_list, id);
+    assert_int_equal(rc, SSH_OK);
 
-    /* Invalid configuration combination -d and -r (for some reason?) */
-    argc = 3;
-    rc = ssh_options_getopt(session, &argc, (char **)argv_invalid);
-    assert_ssh_return_code_equal(session, rc, SSH_ERROR);
-    assert_int_equal(argc, 3);
-    assert_string_equal(argv_invalid[0], EXECUTABLE_NAME);
-    assert_string_equal(argv_invalid[1], "-r");
-    assert_string_equal(argv_invalid[2], "-d");
+    assert_int_equal(ssh_list_count(awaited_list),
+                     ssh_list_count(session->opts.identity));
 
+    it1 = ssh_list_get_iterator(awaited_list);
+    assert_non_null(it1);
+    it2 = ssh_list_get_iterator(session->opts.identity);
+    assert_non_null(it2);
+    while (it1 != NULL && it2 != NULL) {
+        assert_string_equal(it1->data, it2->data);
 
-    /* Corner case: only one argument */
-    argv[1] = "-C";
-    argv[2] = NULL;
-    argc = 2;
-    rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION, "no");
-    assert_ssh_return_code(session, rc);
-#ifdef WITH_ZLIB
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "none,zlib@openssh.com,zlib");
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "none,zlib@openssh.com,zlib");
-#else
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "none");
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "none");
-#endif
+        free((void*)it1->data);
+        it1 = it1->next;
+        it2 = it2->next;
+    }
+    assert_null(it1);
+    assert_null(it2);
 
-    rc = ssh_options_getopt(session, &argc, (char **)argv);
-    assert_ssh_return_code(session, rc);
-    assert_int_equal(argc, 1);
-    assert_string_equal(argv[0], EXECUTABLE_NAME);
-#ifdef WITH_ZLIB
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "zlib@openssh.com,zlib,none");
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "zlib@openssh.com,zlib,none");
-#else
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
-                        "none");
-    assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
-                        "none");
-#endif
+    ssh_list_free(awaited_list);
+}
 
-    /* Corner case: only hostname is not parsed */
-    argv[1] = "example.com";
-    argv[2] = NULL;
-    argc = 2;
-    rc = ssh_options_getopt(session, &argc, (char **)argv);
+static void torture_options_set_verbosity (void **state)
+{
+    ssh_session session = *state;
+    int rc, new_level;
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_LOG_VERBOSITY_STR,
+                         "3");
+    assert_int_equal(rc, SSH_OK);
+    new_level = ssh_get_log_level();
+    assert_int_equal(new_level, SSH_LOG_PACKET);
+
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_LOG_VERBOSITY_STR,
+                         "datsun");
+    assert_int_equal(rc, -1);
+    new_level = ssh_get_log_level();
+    assert_int_not_equal(new_level, 0);
+}
+
+static void torture_options_set_rsa_min_size(void **state)
+{
+    ssh_session session = *state;
+    int min_allowed = 768, key_size, rc;
+
+    /* Check that passing NULL leads to failure */
+    rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, NULL);
+    assert_int_equal(rc, -1);
+
+    /*
+     * Check that supplying a value less than the allowed minimum leads
+     * to failure
+     */
+    key_size = min_allowed - 2;
+    rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_int_equal(rc, -1);
+
+    /* Check that supplying a negative value leads to failure */
+    key_size = -10;
+    rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_int_equal(rc, -1);
+
+    /* Check that supplying 0 succeeds (used to revert to default) */
+    key_size = 0;
+    rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &key_size);
     assert_ssh_return_code(session, rc);
-    assert_int_equal(argc, 2);
-    assert_string_equal(argv[0], EXECUTABLE_NAME);
-    assert_string_equal(argv[1], "example.com");
 
-    /* Corner case: no arguments */
-    argv[1] = NULL;
-    argc = 1;
-    rc = ssh_options_getopt(session, &argc, (char **)argv);
+    /* Check that supplying allowed minimum succeeds */
+    key_size = min_allowed;
+    rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &key_size);
     assert_ssh_return_code(session, rc);
-    assert_int_equal(argc, 1);
-    assert_string_equal(argv[0], EXECUTABLE_NAME);
 
-#endif /* _NSC_VER */
+    /* Check that supplying a value greater than allowed minimum succeeds */
+    key_size = min_allowed + 10;
+    rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_ssh_return_code(session, rc);
 }
 
 #ifdef WITH_SERVER
@@ -1132,10 +2037,6 @@ static int ssh_bind_setup_files(void **state)
 #ifdef HAVE_ECC
     torture_write_file(LIBSSH_ECDSA_521_TESTKEY,
                        torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
-#endif
-#ifdef HAVE_DSA
-    torture_write_file(LIBSSH_DSA_TESTKEY,
-                       torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
 #endif
     torture_write_file(LIBSSH_CUSTOM_BIND_CONFIG_FILE,
                        "Port 42\n");
@@ -1188,7 +2089,8 @@ static int sshbind_teardown(void **state)
     return 0;
 }
 
-static void torture_bind_options_import_key(void **state)
+static void
+torture_bind_options_import_key(void **state)
 {
     struct bind_st *test_state;
     ssh_bind bind;
@@ -1210,24 +2112,23 @@ static void torture_bind_options_import_key(void **state)
     assert_int_equal(rc, -1);
     SSH_KEY_FREE(key);
 
-    /* set rsa key */
-    base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
+    /* set ed25519 key */
+    base64_key = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
     rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
     assert_int_equal(rc, SSH_OK);
     assert_non_null(key);
 
     rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY, key);
     assert_int_equal(rc, 0);
-#ifdef HAVE_DSA
-    /* set dsa key */
-    base64_key = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
+
+    /* set rsa key */
+    base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
     rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
     assert_int_equal(rc, SSH_OK);
     assert_non_null(key);
 
     rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY, key);
     assert_int_equal(rc, 0);
-#endif
 #ifdef HAVE_ECC
     /* set ecdsa key */
     base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0);
@@ -1240,6 +2141,51 @@ static void torture_bind_options_import_key(void **state)
 #endif
 }
 
+static void
+torture_bind_options_import_key_str(void **state)
+{
+    struct bind_st *test_state = NULL;
+    ssh_bind bind = NULL;
+    int rc;
+    const char *base64_key = "";
+
+    assert_non_null(state);
+    test_state = *((struct bind_st **)state);
+    assert_non_null(test_state);
+    assert_non_null(test_state->bind);
+    bind = test_state->bind;
+
+    /* set null */
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY_STR, NULL);
+    assert_int_equal(rc, -1);
+    /* set invalid key */
+    rc =
+        ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY_STR, base64_key);
+    assert_int_equal(rc, -1);
+
+    /* set ed25519 key */
+    base64_key = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
+
+    rc =
+        ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY_STR, base64_key);
+    assert_int_equal(rc, 0);
+
+    /* set rsa key */
+    base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
+
+    rc =
+        ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY_STR, base64_key);
+    assert_int_equal(rc, 0);
+#ifdef HAVE_ECC
+    /* set ecdsa key */
+    base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0);
+
+    rc =
+        ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY_STR, base64_key);
+    assert_int_equal(rc, 0);
+#endif
+}
+
 static void torture_bind_options_hostkey(void **state)
 {
     struct bind_st *test_state;
@@ -1277,15 +2223,6 @@ static void torture_bind_options_hostkey(void **state)
     assert_non_null(bind->ecdsakey);
     assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
 #endif
-#ifdef HAVE_DSA
-    /* Test DSA key */
-    rc = ssh_bind_options_set(bind,
-                              SSH_BIND_OPTIONS_HOSTKEY,
-                              LIBSSH_DSA_TESTKEY);
-    assert_int_equal(rc, 0);
-    assert_non_null(bind->dsakey);
-    assert_string_equal(bind->dsakey, LIBSSH_DSA_TESTKEY);
-#endif
 }
 
 static void torture_bind_options_bindaddr(void **state)
@@ -1341,6 +2278,10 @@ static void torture_bind_options_bindport_str(void **state)
     rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, "23");
     assert_int_equal(rc, 0);
     assert_int_equal(bind->bindport, 23);
+
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_BINDPORT_STR, "twentythree");
+    assert_int_equal(rc, -1);
+    assert_int_not_equal(bind->bindport, 0);
 }
 
 static void torture_bind_options_log_verbosity(void **state)
@@ -1390,12 +2331,16 @@ static void torture_bind_options_log_verbosity_str(void **state)
     new_level = ssh_get_log_level();
     assert_int_equal(new_level, SSH_LOG_PACKET);
 
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "verbosity");
+    assert_int_equal(rc, -1);
+    new_level = ssh_get_log_level();
+    assert_int_not_equal(new_level, 0);
+
     rc = ssh_set_log_level(previous_level);
     assert_int_equal(rc, SSH_OK);
 }
 
-#ifdef HAVE_DSA
-static void torture_bind_options_dsakey(void **state)
+static void torture_bind_options_rsakey(void **state)
 {
     struct bind_st *test_state;
     ssh_bind bind;
@@ -1408,19 +2353,18 @@ static void torture_bind_options_dsakey(void **state)
     bind = test_state->bind;
 
     rc = ssh_bind_options_set(bind,
-                              SSH_BIND_OPTIONS_DSAKEY,
-                              LIBSSH_DSA_TESTKEY);
+                              SSH_BIND_OPTIONS_HOSTKEY,
+                              LIBSSH_RSA_TESTKEY);
     assert_int_equal(rc, 0);
-    assert_non_null(bind->dsakey);
-    assert_string_equal(bind->dsakey, LIBSSH_DSA_TESTKEY);
+    assert_non_null(bind->rsakey);
+    assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
 }
-#endif
 
-static void torture_bind_options_rsakey(void **state)
+static void torture_bind_options_set_rsa_min_size(void **state)
 {
-    struct bind_st *test_state;
-    ssh_bind bind;
-    int rc;
+    struct bind_st *test_state = NULL;
+    ssh_bind bind = NULL;
+    int rc, min_allowed = 768, key_size;
 
     assert_non_null(state);
     test_state = *((struct bind_st **)state);
@@ -1428,12 +2372,37 @@ static void torture_bind_options_rsakey(void **state)
     assert_non_null(test_state->bind);
     bind = test_state->bind;
 
-    rc = ssh_bind_options_set(bind,
-                              SSH_BIND_OPTIONS_RSAKEY,
-                              LIBSSH_RSA_TESTKEY);
+    /* Check that passing NULL leads to failure */
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSA_MIN_SIZE, NULL);
+    assert_int_equal(rc, -1);
+
+    /*
+     * Check that supplying a value less than the allowed minimum leads
+     * to failure
+     */
+    key_size = min_allowed - 2;
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_int_equal(rc, -1);
+
+    /* Check that supplying a negative value leads to failure */
+    key_size = -10;
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_int_equal(rc, -1);
+
+    /* Check that supplying 0 succeeds (used to revert to default) */
+    key_size = 0;
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_int_equal(rc, 0);
+
+    /* Check that supplying allowed minimum succeeds */
+    key_size = min_allowed;
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSA_MIN_SIZE, &key_size);
+    assert_int_equal(rc, 0);
+
+    /* Check that supplying a value greater than allowed minimum succeeds */
+    key_size = min_allowed + 10;
+    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSA_MIN_SIZE, &key_size);
     assert_int_equal(rc, 0);
-    assert_non_null(bind->rsakey);
-    assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
 }
 
 #ifdef HAVE_ECC
@@ -1450,7 +2419,7 @@ static void torture_bind_options_ecdsakey(void **state)
     bind = test_state->bind;
 
     rc = ssh_bind_options_set(bind,
-                              SSH_BIND_OPTIONS_ECDSAKEY,
+                              SSH_BIND_OPTIONS_HOSTKEY,
                               LIBSSH_ECDSA_521_TESTKEY);
     assert_int_equal(rc, 0);
     assert_non_null(bind->ecdsakey);
@@ -1632,13 +2601,16 @@ static void torture_bind_options_set_macs(void **state)
     /* Test unknown MACs */
     rc = ssh_bind_options_set(bind,
                               SSH_BIND_OPTIONS_HMAC_S_C,
-                              "unknown-crap@example.com,hmac-sha1,unknown@example.com");
+                              "unknown-crap@example.com,"
+                              "hmac-sha1,unknown@example.com");
     assert_int_equal(rc, 0);
     assert_non_null(bind->wanted_methods[SSH_MAC_S_C]);
     assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], "hmac-sha1");
 
     /* Test all unknown MACs */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_S_C, "unknown-crap@example.com");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HMAC_S_C,
+                              "unknown-crap@example.com");
     assert_int_not_equal(rc, 0);
 
     /* Test known MACs */
@@ -1659,13 +2631,16 @@ static void torture_bind_options_set_macs(void **state)
     /* Test unknown MACs */
     rc = ssh_bind_options_set(bind,
                               SSH_BIND_OPTIONS_HMAC_C_S,
-                              "unknown-crap@example.com,hmac-sha1,unknown@example.com");
+                              "unknown-crap@example.com,"
+                              "hmac-sha1,unknown@example.com");
     assert_int_equal(rc, 0);
     assert_non_null(bind->wanted_methods[SSH_MAC_C_S]);
     assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], "hmac-sha1");
 
     /* Test all unknown MACs */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HMAC_C_S, "unknown-crap@example.com");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HMAC_C_S,
+                              "unknown-crap@example.com");
     assert_int_not_equal(rc, 0);
 }
 
@@ -1692,7 +2667,8 @@ static void torture_bind_options_parse_config(void **state)
     assert_non_null(bind->config_dir);
     assert_string_equal(bind->config_dir, cwd);
 
-    rc = ssh_bind_options_parse_config(bind, "%d/"LIBSSH_CUSTOM_BIND_CONFIG_FILE);
+    rc = ssh_bind_options_parse_config(bind,
+                                       "%d/" LIBSSH_CUSTOM_BIND_CONFIG_FILE);
     assert_int_equal(rc, 0);
     assert_int_equal(bind->bindport, 42);
 
@@ -1741,8 +2717,9 @@ static void torture_bind_options_set_pubkey_accepted_key_types(void **state)
     bind = test_state->bind;
 
     /* Test known Pubkey Types */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-        "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
+                              "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
     assert_int_equal(rc, 0);
     assert_non_null(bind->pubkey_accepted_key_types);
     if (ssh_fips_mode()) {
@@ -1756,8 +2733,9 @@ static void torture_bind_options_set_pubkey_accepted_key_types(void **state)
     SAFE_FREE(bind->pubkey_accepted_key_types);
 
     /* Test with some unknown type */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-        "ecdsa-sha2-nistp384,unknown-type,rsa-sha2-256");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
+                              "ecdsa-sha2-nistp384,unknown-type,rsa-sha2-256");
     assert_int_equal(rc, 0);
     assert_non_null(bind->pubkey_accepted_key_types);
     assert_string_equal(bind->pubkey_accepted_key_types,
@@ -1766,26 +2744,27 @@ static void torture_bind_options_set_pubkey_accepted_key_types(void **state)
     SAFE_FREE(bind->pubkey_accepted_key_types);
 
     /* Test with only unknown type */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-        "unknown-type");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
+                              "unknown-type");
     assert_int_equal(rc, -1);
     assert_null(bind->pubkey_accepted_key_types);
 
     /* Test with something set and then try unknown type */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-        "ecdsa-sha2-nistp384");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
+                              "ecdsa-sha2-nistp384");
     assert_int_equal(rc, 0);
     assert_non_null(bind->pubkey_accepted_key_types);
-    assert_string_equal(bind->pubkey_accepted_key_types,
-        "ecdsa-sha2-nistp384");
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
-        "unknown-type");
+    assert_string_equal(bind->pubkey_accepted_key_types, "ecdsa-sha2-nistp384");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
+                              "unknown-type");
     assert_int_equal(rc, -1);
 
     /* Check that nothing changed */
     assert_non_null(bind->pubkey_accepted_key_types);
-    assert_string_equal(bind->pubkey_accepted_key_types,
-        "ecdsa-sha2-nistp384");
+    assert_string_equal(bind->pubkey_accepted_key_types, "ecdsa-sha2-nistp384");
 }
 
 static void torture_bind_options_set_hostkey_algorithms(void **state)
@@ -1801,130 +2780,245 @@ static void torture_bind_options_set_hostkey_algorithms(void **state)
     bind = test_state->bind;
 
     /* Test known Pubkey Types */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
                               "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
     assert_int_equal(rc, 0);
     assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
     if (ssh_fips_mode()) {
         assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS],
-                "ecdsa-sha2-nistp384");
+                            "ecdsa-sha2-nistp384");
     } else {
         assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS],
-                "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
+                            "ssh-ed25519,ecdsa-sha2-nistp384,ssh-rsa");
     }
 
     SAFE_FREE(bind->wanted_methods[SSH_HOSTKEYS]);
 
     /* Test with some unknown type */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
-        "ecdsa-sha2-nistp384,unknown-type");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+                              "ecdsa-sha2-nistp384,unknown-type");
     assert_int_equal(rc, 0);
     assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
     assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS],
-        "ecdsa-sha2-nistp384");
+                        "ecdsa-sha2-nistp384");
 
     SAFE_FREE(bind->wanted_methods[SSH_HOSTKEYS]);
 
     /* Test with only unknown type */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
-        "unknown-type");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+                              "unknown-type");
     assert_int_equal(rc, -1);
     assert_null(bind->wanted_methods[SSH_HOSTKEYS]);
 
     /* Test with something set and then try unknown type */
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
-        "ecdsa-sha2-nistp384");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+                              "ecdsa-sha2-nistp384");
     assert_int_equal(rc, 0);
     assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
     assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS],
-        "ecdsa-sha2-nistp384");
-    rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
-        "unknown-type");
+                        "ecdsa-sha2-nistp384");
+    rc = ssh_bind_options_set(bind,
+                              SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+                              "unknown-type");
     assert_int_equal(rc, -1);
 
     /* Check that nothing changed */
     assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
     assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS],
-        "ecdsa-sha2-nistp384");
+                        "ecdsa-sha2-nistp384");
 }
 
 #endif /* WITH_SERVER */
 
-
-int torture_run_tests(void) {
+int
+torture_run_tests(void)
+{
     int rc;
     struct CMUnitTest tests[] = {
-        cmocka_unit_test_setup_teardown(torture_options_set_host, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_get_host, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_port, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_get_port, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_fd, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_user, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_get_user, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_identity, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_get_identity, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_global_knownhosts, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_get_global_knownhosts, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_knownhosts, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_get_knownhosts, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_proxycommand, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_ciphers, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_key_exchange, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_hostkey, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_pubkey_accepted_types, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_set_macs, setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_host,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_host,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_port,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_port,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_fd,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_user,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_user,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_identity,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_identity,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_global_knownhosts,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_global_knownhosts,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_knownhosts,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_knownhosts,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_proxycommand,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_control_master,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_control_path,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_ciphers,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_ciphers,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_key_exchange,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_key_exchange,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_hostkey,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_hostkey,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_options_set_pubkey_accepted_types,
+            setup,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_options_get_pubkey_accepted_types,
+            setup,
+            teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_macs,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_macs,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_compression,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_get_compression,
+                                        setup,
+                                        teardown),
         cmocka_unit_test_setup_teardown(torture_options_copy, setup, teardown),
-        cmocka_unit_test_setup_teardown(torture_options_config_host, setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_options_config_host,
+                                        setup,
+                                        teardown),
         cmocka_unit_test_setup_teardown(torture_options_config_match,
-                                        setup, teardown),
+                                        setup,
+                                        teardown),
         cmocka_unit_test_setup_teardown(torture_options_config_match_multi,
-                                        setup, teardown),
+                                        setup,
+                                        teardown),
         cmocka_unit_test_setup_teardown(torture_options_getopt,
-                                        setup, teardown),
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_plus_sign,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_minus_sign,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_caret_sign,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_apply, setup, teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_verbosity,
+                                        setup,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_options_set_rsa_min_size,
+                                        setup,
+                                        teardown),
     };
 
 #ifdef WITH_SERVER
     struct CMUnitTest sshbind_tests[] = {
         cmocka_unit_test_setup_teardown(torture_bind_options_import_key,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
+        cmocka_unit_test_setup_teardown(torture_bind_options_import_key_str,
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_hostkey,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_bindaddr,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_bindport,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_bindport_str,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_log_verbosity,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_log_verbosity_str,
-                sshbind_setup, sshbind_teardown),
-#ifdef HAVE_DSA
-        cmocka_unit_test_setup_teardown(torture_bind_options_dsakey,
-                sshbind_setup, sshbind_teardown),
-#endif
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_rsakey,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
+        cmocka_unit_test_setup_teardown(torture_bind_options_set_rsa_min_size,
+                                        sshbind_setup,
+                                        sshbind_teardown),
 #ifdef HAVE_ECC
         cmocka_unit_test_setup_teardown(torture_bind_options_ecdsakey,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
 #endif
         cmocka_unit_test_setup_teardown(torture_bind_options_banner,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_set_ciphers,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_set_key_exchange,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_set_macs,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_parse_config,
-                sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
         cmocka_unit_test_setup_teardown(torture_bind_options_config_dir,
-                sshbind_setup, sshbind_teardown),
-        cmocka_unit_test_setup_teardown(torture_bind_options_set_pubkey_accepted_key_types,
-                                        sshbind_setup, sshbind_teardown),
-        cmocka_unit_test_setup_teardown(torture_bind_options_set_hostkey_algorithms,
-                                        sshbind_setup, sshbind_teardown),
+                                        sshbind_setup,
+                                        sshbind_teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_bind_options_set_pubkey_accepted_key_types,
+            sshbind_setup,
+            sshbind_teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_bind_options_set_hostkey_algorithms,
+            sshbind_setup,
+            sshbind_teardown),
     };
 #endif /* WITH_SERVER */
 
diff --git a/libssh/tests/unittests/torture_packet.c b/libssh/tests/unittests/torture_packet.c
index 9f07f394..16a370ff 100644
--- a/libssh/tests/unittests/torture_packet.c
+++ b/libssh/tests/unittests/torture_packet.c
@@ -272,10 +272,15 @@ static void torture_packet_aes256_cbc_etm(UNUSED_PARAM(void **state))
     }
 }
 
-static void torture_packet_3des_cbc(void **state)
+static void torture_packet_3des_cbc(UNUSED_PARAM(void **state))
 {
     int i;
-    (void)state; /* unused */
+
+    /* 3des is not completely FIPS-allowed cipher since 140-3 */
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
     for (i=1;i<256;++i){
         torture_packet("3des-cbc", "hmac-sha1", "none", i);
     }
@@ -284,6 +289,12 @@ static void torture_packet_3des_cbc(void **state)
 static void torture_packet_3des_cbc_etm(UNUSED_PARAM(void **state))
 {
     int i;
+
+    /* 3des is not completely FIPS-allowed cipher since 140-3 */
+    if (ssh_fips_mode()) {
+        skip();
+    }
+
     for (i = 1; i < 256; ++i) {
         torture_packet("3des-cbc", "hmac-sha1-etm@openssh.com", "none", i);
     }
@@ -322,6 +333,7 @@ static void torture_packet_aes256_gcm(void **state)
     }
 }
 
+#ifdef WITH_ZLIB
 static void torture_packet_compress_zlib(void **state)
 {
     int i;
@@ -339,6 +351,7 @@ static void torture_packet_compress_zlib_openssh(void **state)
         torture_packet("aes256-ctr", "hmac-sha1", "zlib@openssh.com", i);
     }
 }
+#endif /* WITH_ZLIB */
 
 int torture_run_tests(void) {
     int rc;
@@ -360,8 +373,10 @@ int torture_run_tests(void) {
         cmocka_unit_test(torture_packet_chacha20),
         cmocka_unit_test(torture_packet_aes128_gcm),
         cmocka_unit_test(torture_packet_aes256_gcm),
+#ifdef WITH_ZLIB
         cmocka_unit_test(torture_packet_compress_zlib),
         cmocka_unit_test(torture_packet_compress_zlib_openssh),
+#endif /* WITH_ZLIB */
 #ifdef WITH_INSECURE_NONE
         cmocka_unit_test(torture_packet_none_sha1),
         cmocka_unit_test(torture_packet_aes128_ctr_none),
diff --git a/libssh/tests/unittests/torture_packet_filter.c b/libssh/tests/unittests/torture_packet_filter.c
index ffa49602..06cd74a7 100644
--- a/libssh/tests/unittests/torture_packet_filter.c
+++ b/libssh/tests/unittests/torture_packet_filter.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * This test checks if the messages accepted by the packet filter were intented
+ * This test checks if the messages accepted by the packet filter were intended
  * to be accepted.
  *
  * The process consists in 2 steps:
diff --git a/libssh/tests/unittests/torture_pki.c b/libssh/tests/unittests/torture_pki.c
index 008f29ad..c610e8a2 100644
--- a/libssh/tests/unittests/torture_pki.c
+++ b/libssh/tests/unittests/torture_pki.c
@@ -125,15 +125,7 @@ struct key_attrs key_attrs_list[][5] = {
         {0, 0, "", 0, 0, "", 0}, /* UNKNOWN, SHA384 */
         {0, 0, "", 0, 0, "", 0}, /* UNKNOWN, SHA512 */
     },
-#ifdef HAVE_DSA
-    {
-        {1, 1, "ssh-dss", 1024, 0, "", 0},         /* DSS, AUTO */
-        {1, 1, "ssh-dss", 1024, 20, "ssh-dss", 1}, /* DSS, SHA1 */
-        {1, 1, "ssh-dss", 1024, 0, "", 0},         /* DSS, SHA256 */
-        {1, 1, "ssh-dss", 1024, 0, "", 0},         /* DSS, SHA384 */
-        {1, 1, "ssh-dss", 1024, 0, "", 0},         /* DSS, SHA512 */
-    },
-#else
+    /* Cannot remove this as it will break the array indexing used */
     {
         {0, 0, "", 0, 0, "", 0}, /* DSS, AUTO */
         {0, 0, "", 0, 0, "", 0}, /* DSS, SHA1 */
@@ -141,7 +133,6 @@ struct key_attrs key_attrs_list[][5] = {
         {0, 0, "", 0, 0, "", 0}, /* DSS, SHA384 */
         {0, 0, "", 0, 0, "", 0}, /* DSS, SHA512 */
     },
-#endif /* HAVE_DSA */
     {
         {1, 1, "ssh-rsa", 2048, 0, "", 0},              /* RSA, AUTO */
         {1, 1, "ssh-rsa", 2048, 20, "ssh-rsa", 1},      /* RSA, SHA1 */
@@ -170,15 +161,6 @@ struct key_attrs key_attrs_list[][5] = {
         {1, 1, "ssh-ed25519", 255, 0, "", 0},             /* ED25519, SHA384 */
         {1, 1, "ssh-ed25519", 255, 0, "", 0},             /* ED25519, SHA512 */
     },
-#ifdef HAVE_DSA
-    {
-        {0, 1, "", 0, 0, "", 0}, /* DSS CERT, AUTO */
-        {0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA1 */
-        {0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA256 */
-        {0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA384 */
-        {0, 1, "", 0, 0, "", 0}, /* DSS CERT, SHA512 */
-    },
-#else
     {
         {0, 0, "", 0, 0, "", 0}, /* DSS CERT, AUTO */
         {0, 0, "", 0, 0, "", 0}, /* DSS CERT, SHA1 */
@@ -186,7 +168,6 @@ struct key_attrs key_attrs_list[][5] = {
         {0, 0, "", 0, 0, "", 0}, /* DSS CERT, SHA384 */
         {0, 0, "", 0, 0, "", 0}, /* DSS CERT, SHA512 */
     },
-#endif /* HAVE_DSA */
     {
         {0, 1, "", 0, 0, "", 0}, /* RSA CERT, AUTO */
         {0, 1, "", 0, 0, "", 0}, /* RSA CERT, SHA1 */
@@ -266,7 +247,7 @@ static void torture_pki_verify_mismatch(void **state)
 
     ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
 
-    for (sig_type = SSH_KEYTYPE_DSS;
+    for (sig_type = SSH_KEYTYPE_RSA;
          sig_type <= SSH_KEYTYPE_ED25519_CERT01;
          sig_type++)
     {
@@ -275,8 +256,7 @@ static void torture_pki_verify_mismatch(void **state)
              hash++)
         {
             if (ssh_fips_mode()) {
-                if (sig_type == SSH_KEYTYPE_DSS ||
-                    sig_type == SSH_KEYTYPE_ED25519 ||
+                if (sig_type == SSH_KEYTYPE_ED25519 ||
                     hash == SSH_DIGEST_SHA1)
                 {
                     /* In FIPS mode, skip unsupported algorithms */
@@ -341,13 +321,12 @@ static void torture_pki_verify_mismatch(void **state)
                                       input_length);
             assert_true(rc == SSH_OK);
 
-            for (key_type = SSH_KEYTYPE_DSS;
+            for (key_type = SSH_KEYTYPE_RSA;
                  key_type <= SSH_KEYTYPE_ED25519_CERT01;
                  key_type++)
             {
                 if (ssh_fips_mode()) {
-                    if (key_type == SSH_KEYTYPE_DSS ||
-                        key_type == SSH_KEYTYPE_ED25519)
+                    if (key_type == SSH_KEYTYPE_ED25519)
                     {
                         /* In FIPS mode, skip unsupported algorithms */
                         continue;
@@ -428,7 +407,6 @@ static void torture_pki_verify_mismatch(void **state)
             key = NULL;
         }
     }
-
     ssh_free(session);
 }
 
diff --git a/libssh/tests/unittests/torture_pki_dsa.c b/libssh/tests/unittests/torture_pki_dsa.c
index a98f1bb0..dfd59a64 100644
--- a/libssh/tests/unittests/torture_pki_dsa.c
+++ b/libssh/tests/unittests/torture_pki_dsa.c
@@ -129,10 +129,8 @@ static void torture_pki_dsa_import_pubkey_file(void **state)
 
     /* The key doesn't have the hostname as comment after the key */
     rc = ssh_pki_import_pubkey_file(LIBSSH_DSA_TESTKEY ".pub", &pubkey);
-    assert_return_code(rc, errno);
-    assert_non_null(pubkey);
-
-    SSH_KEY_FREE(pubkey);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(pubkey);
 }
 
 static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state)
@@ -144,10 +142,8 @@ static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state)
 
     /* The key doesn't have the hostname as comment after the key */
     rc = ssh_pki_import_pubkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, &pubkey);
-    assert_return_code(rc, errno);
-    assert_non_null(pubkey);
-
-    SSH_KEY_FREE(pubkey);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(pubkey);
 }
 
 static void torture_pki_dsa_import_privkey_base64(void **state)
@@ -163,723 +159,33 @@ static void torture_pki_dsa_import_privkey_base64(void **state)
                                        NULL,
                                        NULL,
                                        &key);
-    assert_true(rc == 0);
-
-    SSH_KEY_FREE(key);
-}
-
-static void torture_pki_dsa_import_privkey_base64_comment(void **state)
-{
-    int rc, file_str_len;
-    ssh_key key = NULL;
-    const char *passphrase = torture_get_testkey_passphrase();
-    const char *comment_str = "#this is line-comment\n#this is another\n";
-    const char *key_str = NULL;
-    char *file_str = NULL;
-
-    (void) state; /* unused */
-
-    key_str = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
-    assert_non_null(key_str);
-
-    file_str_len = strlen(comment_str) + strlen(key_str) + 1;
-    file_str = malloc(file_str_len);
-    assert_non_null(file_str);
-    rc = snprintf(file_str, file_str_len, "%s%s", comment_str, key_str);
-    assert_int_equal(rc, file_str_len - 1);
-
-    rc = ssh_pki_import_privkey_base64(file_str,
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == 0);
-
-    free(file_str);
-    SSH_KEY_FREE(key);
-}
-
-static void torture_pki_dsa_import_privkey_base64_whitespace(void **state)
-{
-    int rc, file_str_len;
-    ssh_key key = NULL;
-    const char *passphrase = torture_get_testkey_passphrase();
-    const char *whitespace_str = "      \n\t\t\t\t\t\n\n\n\n\n";
-    const char *key_str = NULL;
-    char *file_str = NULL;
-
-    (void) state; /* unused */
-
-    key_str = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
-    assert_non_null(key_str);
-
-    file_str_len = strlen(whitespace_str) + strlen(key_str) + 1;
-    file_str = malloc(file_str_len);
-    assert_non_null(file_str);
-    rc = snprintf(file_str, file_str_len, "%s%s", whitespace_str, key_str);
-    assert_int_equal(rc, file_str_len - 1);
-
-    rc = ssh_pki_import_privkey_base64(file_str,
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == 0);
-
-    free(file_str);
-    SSH_KEY_FREE(key);
-}
-
-static int test_sign_verify_data(ssh_key key,
-                                 enum ssh_digest_e hash_type,
-                                 const unsigned char *input,
-                                 size_t input_len)
-{
-    ssh_signature sig;
-    ssh_key pubkey = NULL;
-    int rc;
-
-    /* Get the public key to verify signature */
-    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(pubkey);
-
-    /* Sign the buffer */
-    sig = pki_sign_data(key, hash_type, input, input_len);
-    assert_non_null(sig);
-
-    /* Verify signature */
-    rc = pki_verify_data_signature(sig, pubkey, input, input_len);
-    assert_int_equal(rc, SSH_OK);
-
-    ssh_signature_free(sig);
-    SSH_KEY_FREE(pubkey);
-
-    return rc;
-}
-
-static void torture_pki_sign_data_dsa(void **state)
-{
-    int rc;
-    ssh_key key = NULL;
-
-    (void) state;
-
-    /* Setup */
-    rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(key);
-
-    /* Test using SHA1 */
-    rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT));
-    assert_int_equal(rc, SSH_OK);
-
-    /* Cleanup */
-    SSH_KEY_FREE(key);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(key);
 }
 
-static void torture_pki_fail_sign_with_incompatible_hash(void **state)
+static void torture_pki_generate_dsa(void **state)
 {
     int rc;
     ssh_key key = NULL;
-    ssh_key pubkey = NULL;
-    ssh_signature sig, bad_sig;
 
     (void) state;
 
     /* Setup */
     rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(key);
-
-    /* Get the public key to verify signature */
-    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(pubkey);
-
-    /* Sign the buffer */
-    sig = pki_sign_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT));
-    assert_non_null(sig);
-
-    /* Verify signature */
-    rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
-    assert_int_equal(rc, SSH_OK);
-
-    /* Test if signature fails with SSH_DIGEST_AUTO */
-    bad_sig = pki_sign_data(key, SSH_DIGEST_AUTO, INPUT, sizeof(INPUT));
-    assert_null(bad_sig);
-
-    /* Test if verification fails with SSH_DIGEST_AUTO */
-    sig->hash_type = SSH_DIGEST_AUTO;
-    rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
-    assert_int_not_equal(rc, SSH_OK);
-
-    /* Test if signature fails with SSH_DIGEST_SHA256 */
-    bad_sig = pki_sign_data(key, SSH_DIGEST_SHA256, INPUT, sizeof(INPUT));
-    assert_null(bad_sig);
-
-    /* Test if verification fails with SSH_DIGEST_SHA256 */
-    sig->hash_type = SSH_DIGEST_SHA256;
-    rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
-    assert_int_not_equal(rc, SSH_OK);
-
-    /* Test if signature fails with SSH_DIGEST_SHA384 */
-    bad_sig = pki_sign_data(key, SSH_DIGEST_SHA384, INPUT, sizeof(INPUT));
-    assert_null(bad_sig);
-
-    /* Test if verification fails with SSH_DIGEST_SHA384 */
-    sig->hash_type = SSH_DIGEST_SHA384;
-    rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
-    assert_int_not_equal(rc, SSH_OK);
-
-    /* Test if signature fails with SSH_DIGEST_SHA512 */
-    bad_sig = pki_sign_data(key, SSH_DIGEST_SHA512, INPUT, sizeof(INPUT));
-    assert_null(bad_sig);
-
-    /* Test if verification fails with SSH_DIGEST_SHA512 */
-    sig->hash_type = SSH_DIGEST_SHA512;
-    rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
-    assert_int_not_equal(rc, SSH_OK);
-
-    /* Cleanup */
-    ssh_signature_free(sig);
-    SSH_KEY_FREE(pubkey);
-    SSH_KEY_FREE(key);
-}
-
-#ifdef HAVE_LIBCRYPTO
-static void torture_pki_dsa_write_privkey(void **state)
-{
-    ssh_key origkey = NULL;
-    ssh_key privkey = NULL;
-    int rc;
-
-    (void) state; /* unused */
-
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     &origkey);
-    assert_true(rc == 0);
-    assert_non_null(origkey);
-
-    unlink(LIBSSH_DSA_TESTKEY);
-
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_DSA_TESTKEY);
-    assert_true(rc == 0);
-
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     &privkey);
-    assert_true(rc == 0);
-    assert_non_null(privkey);
-
-    rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
-
-    SSH_KEY_FREE(origkey);
-    SSH_KEY_FREE(privkey);
-
-    /* Test with passphrase */
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
-                                     torture_get_testkey_passphrase(),
-                                     NULL,
-                                     NULL,
-                                     &origkey);
-    assert_true(rc == 0);
-    assert_non_null(origkey);
-
-    unlink(LIBSSH_DSA_TESTKEY_PASSPHRASE);
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     torture_get_testkey_passphrase(),
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_DSA_TESTKEY_PASSPHRASE);
-    assert_true(rc == 0);
-
-    /* Test with invalid passphrase */
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
-                                     "invalid secret",
-                                     NULL,
-                                     NULL,
-                                     &privkey);
-    assert_true(rc == SSH_ERROR);
-    assert_null(privkey);
-
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
-                                     torture_get_testkey_passphrase(),
-                                     NULL,
-                                     NULL,
-                                     &privkey);
-    assert_true(rc == 0);
-    assert_non_null(privkey);
-
-    rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
-
-    SSH_KEY_FREE(origkey);
-    SSH_KEY_FREE(privkey);
-}
-#endif
-
-static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
-{
-    int rc;
-    ssh_key key = NULL;
-    const char *passphrase = torture_get_testkey_passphrase();
-
-    (void) state; /* unused */
-
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_return_code(rc, errno);
-    assert_non_null(key);
-
-    rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
-
-    SSH_KEY_FREE(key);
-
-    /* test if it returns -1 if passphrase is wrong */
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
-                                       "wrong passphrase !!",
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-    assert_null(key);
-
-    /* test if it returns -1 if passphrase is NULL */
-    /* libcrypto asks for a passphrase, so skip this test */
-#ifndef HAVE_LIBCRYPTO
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
-                                       NULL,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-    assert_null(key);
-#endif
-
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_return_code(rc, errno);
-    assert_non_null(key);
-
-    rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
-
-    SSH_KEY_FREE(key);
-
-    /* test if it returns -1 if passphrase is wrong */
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
-                                       "wrong passphrase !!",
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-    assert_null(key);
-
-    /* This free in unnecessary, but the static analyser does not know */
-    SSH_KEY_FREE(key);
-
-#ifndef HAVE_LIBCRYPTO
-    /* test if it returns -1 if passphrase is NULL */
-    /* libcrypto asks for a passphrase, so skip this test */
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
-                                       NULL,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-    assert_null(key);
-
-    /* This free in unnecessary, but the static analyser does not know */
-    SSH_KEY_FREE(key);
-#endif /* HAVE_LIBCRYPTO */
-}
-
-static void
-torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
-{
-    int rc;
-    ssh_key key = NULL;
-    const char *passphrase = torture_get_testkey_passphrase();
-    const char *keystring = NULL;
-
-    (void) state; /* unused */
-
-    keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 1);
-    assert_non_null(keystring);
-
-    rc = ssh_pki_import_privkey_base64(keystring,
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_return_code(rc, errno);
-    assert_non_null(key);
-
-    rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
-
-    SSH_KEY_FREE(key);
-
-    /* test if it returns -1 if passphrase is wrong */
-    rc = ssh_pki_import_privkey_base64(keystring,
-                                       "wrong passphrase !!",
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
+    assert_int_equal(rc, SSH_ERROR);
     assert_null(key);
-
-    /* test if it returns -1 if passphrase is NULL */
-    rc = ssh_pki_import_privkey_base64(keystring,
-                                       NULL,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-
-    rc = ssh_pki_import_privkey_base64(keystring,
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_return_code(rc, errno);
-    assert_non_null(key);
-
-    rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
-
-    SSH_KEY_FREE(key);
-
-    /* test if it returns -1 if passphrase is wrong */
-    rc = ssh_pki_import_privkey_base64(keystring,
-                                       "wrong passphrase !!",
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-    assert_null(key);
-
-    /* This free is unnecessary, but the static analyser does not know */
-    SSH_KEY_FREE(key);
-
-    /* test if it returns -1 if passphrase is NULL */
-    rc = ssh_pki_import_privkey_base64(keystring,
-                                       NULL,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == -1);
-    assert_null(key);
-
-    /* This free is unnecessary, but the static analyser does not know */
-    SSH_KEY_FREE(key);
-}
-
-
-static void torture_pki_dsa_publickey_from_privatekey(void **state)
-{
-    int rc;
-    ssh_key key = NULL;
-    ssh_key pubkey = NULL;
-    const char *passphrase = NULL;
-
-    (void) state; /* unused */
-
-    rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0),
-                                       passphrase,
-                                       NULL,
-                                       NULL,
-                                       &key);
-    assert_true(rc == 0);
-    assert_non_null(key);
-
-    rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
-
-    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_true(rc == SSH_OK);
-    assert_non_null(pubkey);
-
-    SSH_KEY_FREE(key);
-    SSH_KEY_FREE(pubkey);
 }
 
 static void torture_pki_dsa_import_cert_file(void **state)
 {
     int rc;
     ssh_key cert = NULL;
-    enum ssh_keytypes_e type;
 
     (void) state; /* unused */
 
     rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == 0);
-    assert_non_null(cert);
-
-    type = ssh_key_type(cert);
-    assert_true(type == SSH_KEYTYPE_DSS_CERT01);
-
-    rc = ssh_key_is_public(cert);
-    assert_true(rc == 1);
-
-    SSH_KEY_FREE(cert);
-}
-
-static void torture_pki_dsa_publickey_base64(void **state)
-{
-    enum ssh_keytypes_e type;
-    char *b64_key = NULL, *key_buf = NULL, *p = NULL;
-    const char *str = NULL;
-    ssh_key key = NULL;
-    size_t keylen;
-    size_t i;
-    int rc;
-
-    (void) state; /* unused */
-
-    key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
-    assert_non_null(key_buf);
-
-    keylen = strlen(key_buf);
-
-    str = p = key_buf;
-    for (i = 0; i < keylen; i++) {
-        if (isspace((int)p[i])) {
-            p[i] = '\0';
-            break;
-        }
-
-    }
-
-    type = ssh_key_type_from_name(str);
-    assert_true(type == SSH_KEYTYPE_DSS);
-
-    str = &p[i + 1];
-
-    for (; i < keylen; i++) {
-        if (isspace((int)p[i])) {
-            p[i] = '\0';
-            break;
-        }
-    }
-
-    rc = ssh_pki_import_pubkey_base64(str, type, &key);
-    assert_true(rc == 0);
-    assert_non_null(key);
-
-    rc = ssh_pki_export_pubkey_base64(key, &b64_key);
-    assert_true(rc == 0);
-    assert_non_null(b64_key);
-
-    assert_string_equal(str, b64_key);
-
-    free(b64_key);
-    free(key_buf);
-    SSH_KEY_FREE(key);
-}
-
-static void torture_pki_dsa_generate_pubkey_from_privkey(void **state)
-{
-    char pubkey_generated[4096] = {0};
-    ssh_key privkey = NULL;
-    ssh_key pubkey = NULL;
-    int len;
-    int rc;
-
-    (void) state; /* unused */
-
-    /* remove the public key, generate it from the private key and write it. */
-    unlink(LIBSSH_DSA_TESTKEY ".pub");
-
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     &privkey);
-    assert_true(rc == 0);
-    assert_non_null(privkey);
-
-    rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
-    assert_true(rc == SSH_OK);
-    assert_non_null(pubkey);
-
-    rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_DSA_TESTKEY ".pub");
-    assert_true(rc == 0);
-
-    rc = torture_read_one_line(LIBSSH_DSA_TESTKEY ".pub",
-                               pubkey_generated,
-                               sizeof(pubkey_generated));
-    assert_true(rc == 0);
-
-    len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
-    assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_DSS),
-                        pubkey_generated,
-                        len);
-
-    SSH_KEY_FREE(privkey);
-    SSH_KEY_FREE(pubkey);
-}
-
-static void torture_pki_dsa_duplicate_key(void **state)
-{
-    int rc;
-    char *b64_key = NULL;
-    char *b64_key_gen = NULL;
-    ssh_key pubkey = NULL;
-    ssh_key pubkey_dup = NULL;
-    ssh_key privkey = NULL;
-    ssh_key privkey_dup = NULL;
-
-    (void) state;
-
-    rc = ssh_pki_import_pubkey_file(LIBSSH_DSA_TESTKEY ".pub", &pubkey);
-    assert_true(rc == 0);
-    assert_non_null(pubkey);
-
-    rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
-    assert_true(rc == 0);
-    assert_non_null(b64_key);
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     &privkey);
-    assert_true(rc == 0);
-    assert_non_null(privkey);
-
-    privkey_dup = ssh_key_dup(privkey);
-    assert_non_null(privkey_dup);
-
-    rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey_dup);
-    assert_true(rc == SSH_OK);
-    assert_non_null(pubkey_dup);
-
-    rc = ssh_pki_export_pubkey_base64(pubkey_dup, &b64_key_gen);
-    assert_true(rc == 0);
-    assert_non_null(b64_key_gen);
-
-    assert_string_equal(b64_key, b64_key_gen);
-
-    rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
-
-    rc = ssh_key_cmp(pubkey, pubkey_dup, SSH_KEY_CMP_PUBLIC);
-    assert_true(rc == 0);
-
-    SSH_KEY_FREE(pubkey);
-    SSH_KEY_FREE(pubkey_dup);
-
-    SSH_KEY_FREE(privkey);
-    SSH_KEY_FREE(privkey_dup);
-    SSH_STRING_FREE_CHAR(b64_key);
-    SSH_STRING_FREE_CHAR(b64_key_gen);
-}
-
-static void torture_pki_dsa_generate_key(void **state)
-{
-    int rc;
-    ssh_key key = NULL, pubkey = NULL;
-    ssh_signature sign = NULL;
-    ssh_session session=ssh_new();
-    (void) state;
-
-    rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key);
-    assert_true(rc == SSH_OK);
-    assert_non_null(key);
-    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(pubkey);
-    sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
-    assert_non_null(sign);
-    rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
-    ssh_signature_free(sign);
-    SSH_KEY_FREE(key);
-    SSH_KEY_FREE(pubkey);
-
-    rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
-    assert_true(rc == SSH_OK);
-    assert_non_null(key);
-    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(pubkey);
-    sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
-    assert_non_null(sign);
-    rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
-    ssh_signature_free(sign);
-    SSH_KEY_FREE(key);
-    SSH_KEY_FREE(pubkey);
-
-    rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key);
-    assert_true(rc == SSH_OK);
-    assert_non_null(key);
-    rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_int_equal(rc, SSH_OK);
-    assert_non_null(pubkey);
-    sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
-    assert_non_null(sign);
-    rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
-    ssh_signature_free(sign);
-    SSH_KEY_FREE(key);
-    SSH_KEY_FREE(pubkey);
-
-    ssh_free(session);
-}
-
-static void torture_pki_dsa_cert_verify(void **state)
-{
-    int rc;
-    ssh_key privkey = NULL, cert = NULL;
-    ssh_signature sign = NULL;
-    ssh_session session=ssh_new();
-    (void) state;
-
-    rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     &privkey);
-    assert_true(rc == 0);
-    assert_non_null(privkey);
-
-    rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == 0);
-    assert_non_null(cert);
-
-    sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
-    assert_non_null(sign);
-    rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
-    ssh_signature_free(sign);
-    SSH_KEY_FREE(privkey);
-    SSH_KEY_FREE(cert);
-
-    ssh_free(session);
-}
-
-static void torture_pki_dsa_skip(UNUSED_PARAM(void **state))
-{
-    skip();
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
 }
 
 int torture_run_tests(void)
@@ -895,60 +201,20 @@ int torture_run_tests(void)
         cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64,
                                  setup_dsa_key,
                                  teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64_comment,
-                                 setup_dsa_key,
-                                 teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64_whitespace,
-                                 setup_dsa_key,
-                                 teardown),
         cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64,
                                  setup_openssh_dsa_key,
                                  teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_from_privatekey,
-                                 setup_dsa_key,
-                                 teardown),
         cmocka_unit_test_setup_teardown(torture_pki_dsa_import_cert_file,
                                         setup_dsa_key,
                                         teardown),
-#ifdef HAVE_LIBCRYPTO
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_write_privkey,
-                                 setup_dsa_key,
-                                 teardown),
-#endif
-        cmocka_unit_test(torture_pki_sign_data_dsa),
-        cmocka_unit_test(torture_pki_fail_sign_with_incompatible_hash),
-        cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase),
-        cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase),
-
-        /* public key */
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_base64,
-                                 setup_dsa_key,
-                                 teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_generate_pubkey_from_privkey,
-                                 setup_dsa_key,
-                                 teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_duplicate_key,
-                                 setup_dsa_key,
-                                 teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_duplicate_key,
-                                 setup_dsa_key,
-                                 teardown),
-        cmocka_unit_test(torture_pki_dsa_generate_key),
-        cmocka_unit_test_setup_teardown(torture_pki_dsa_cert_verify,
-                                 setup_dsa_key,
-                                 teardown),
-    };
-    struct CMUnitTest skip_tests[] = {
-        cmocka_unit_test(torture_pki_dsa_skip)
+        cmocka_unit_test_setup_teardown(torture_pki_generate_dsa,
+                                        setup_dsa_key,
+                                        teardown),
     };
 
     ssh_init();
-    if (ssh_fips_mode()) {
-        rc = cmocka_run_group_tests(skip_tests, NULL, NULL);
-    } else {
-        torture_filter_tests(tests);
-        rc = cmocka_run_group_tests(tests, NULL, NULL);
-    }
+    torture_filter_tests(tests);
+    rc = cmocka_run_group_tests(tests, NULL, NULL);
     ssh_finalize();
     return rc;
 }
diff --git a/libssh/tests/unittests/torture_pki_ecdsa.c b/libssh/tests/unittests/torture_pki_ecdsa.c
index 7d09d984..f6b17e8a 100644
--- a/libssh/tests/unittests/torture_pki_ecdsa.c
+++ b/libssh/tests/unittests/torture_pki_ecdsa.c
@@ -1,4 +1,5 @@
 #include "config.h"
+#include "libssh/libssh.h"
 
 #define LIBSSH_STATIC
 
@@ -218,27 +219,60 @@ static void torture_pki_ecdsa_import_pubkey_from_openssh_privkey(void **state)
     SSH_KEY_FREE(pubkey);
 }
 
-static void torture_pki_ecdsa_import_privkey_base64(void **state)
+static void
+torture_pki_ecdsa_import_export_privkey_base64_format(void **state,
+                                                      enum ssh_file_format_e format)
 {
     int rc;
-    char *key_str = NULL;
-    ssh_key key = NULL;
+    char *key_str = NULL, *new_key_str = NULL;
+    ssh_key key = NULL, new_key = NULL;
     const char *passphrase = torture_get_testkey_passphrase();
 
-    (void) state; /* unused */
+    (void)state; /* unused */
 
     key_str = torture_pki_read_file(LIBSSH_ECDSA_TESTKEY);
     assert_non_null(key_str);
 
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(key);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
+
+    /* Export */
+    rc = ssh_pki_export_privkey_base64_format(key,
+                                              passphrase,
+                                              NULL,
+                                              NULL,
+                                              &new_key_str,
+                                              format);
+    assert_int_equal(rc, SSH_OK);
+    assert_non_null(new_key_str);
+
+    /* and import again */
+    rc = ssh_pki_import_privkey_base64(new_key_str, passphrase, NULL, NULL,
+                                       &new_key);
+    assert_int_equal(rc, 0);
+    assert_non_null(new_key);
+
+    rc = ssh_key_is_private(new_key);
+    assert_int_equal(rc, 1);
+
+    rc = ssh_key_cmp(key, new_key, SSH_KEY_CMP_PRIVATE | SSH_KEY_CMP_PUBLIC);
+    assert_int_equal(rc, 0);
 
     free(key_str);
+    free(new_key_str);
     SSH_KEY_FREE(key);
+    SSH_KEY_FREE(new_key);
+}
+
+static void
+torture_pki_ecdsa_import_export_privkey_base64_default(void **state)
+{
+    torture_pki_ecdsa_import_export_privkey_base64_format(state,
+                                                          SSH_FILE_FORMAT_DEFAULT);
 }
 
 static void torture_pki_ecdsa_import_privkey_base64_comment(void **state)
@@ -261,11 +295,11 @@ static void torture_pki_ecdsa_import_privkey_base64_comment(void **state)
     assert_int_equal(rc, file_str_len - 1);
 
     rc = ssh_pki_import_privkey_base64(file_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(key);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     free(key_str);
     free(file_str);
@@ -292,11 +326,11 @@ static void torture_pki_ecdsa_import_privkey_base64_whitespace(void **state)
     assert_int_equal(rc, file_str_len - 1);
 
     rc = ssh_pki_import_privkey_base64(file_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(key);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     free(key_str);
     free(file_str);
@@ -318,11 +352,11 @@ static void torture_pki_ecdsa_publickey_from_privatekey(void **state)
     assert_non_null(key_str);
 
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(key);
 
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     free(key_str);
@@ -337,15 +371,20 @@ static void torture_pki_ecdsa_import_cert_file(void **state)
     enum ssh_keytypes_e type;
     struct pki_st *test_state = *((struct pki_st **)state);
 
+    /* Importing public key as cert should fail */
+    rc = ssh_pki_import_cert_file(LIBSSH_ECDSA_TESTKEY ".pub", &cert);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
+
     rc = ssh_pki_import_cert_file(LIBSSH_ECDSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(cert);
 
     type = ssh_key_type(cert);
-    assert_true(type == test_state->type+3);
+    assert_int_equal(type, test_state->type+3);
 
     rc = ssh_key_is_public(cert);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(cert);
 }
@@ -369,7 +408,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
     }
 
     type = ssh_key_type_from_name(q);
-    assert_true(type == test_state->type);
+    assert_int_equal(type, test_state->type);
 
     q = ++p;
     while (p != NULL && *p != '\0' && *p != ' ') p++;
@@ -378,11 +417,11 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
     }
 
     rc = ssh_pki_import_pubkey_base64(q, type, &key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(b64_key);
 
     assert_string_equal(q, b64_key);
@@ -406,7 +445,7 @@ static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state)
     rc = torture_read_one_line(LIBSSH_ECDSA_TESTKEY ".pub",
                                pubkey_original,
                                sizeof(pubkey_original));
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     /* remove the public key, generate it from the private key and write it. */
     unlink(LIBSSH_ECDSA_TESTKEY ".pub");
@@ -416,22 +455,23 @@ static void torture_pki_ecdsa_generate_pubkey_from_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_ECDSA_TESTKEY ".pub");
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     rc = torture_read_one_line(LIBSSH_ECDSA_TESTKEY ".pub",
                                pubkey_generated,
                                sizeof(pubkey_generated));
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     len = torture_pubkey_len(pubkey_original);
-    assert_int_equal(strncmp(pubkey_original, pubkey_generated, len), 0);
+    assert_int_equal(len, torture_pubkey_len(pubkey_generated));
+    assert_memory_equal(pubkey_original, pubkey_generated, len);
 
     SSH_KEY_FREE(privkey);
     SSH_KEY_FREE(pubkey);
@@ -450,11 +490,11 @@ static void torture_pki_ecdsa_duplicate_key(void **state)
     (void) state;
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_ECDSA_TESTKEY ".pub", &pubkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(b64_key);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
@@ -462,27 +502,27 @@ static void torture_pki_ecdsa_duplicate_key(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     privkey_dup = ssh_key_dup(privkey);
     assert_non_null(privkey_dup);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey_dup);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey_dup);
 
     rc = ssh_pki_export_pubkey_base64(pubkey_dup, &b64_key_gen);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(b64_key_gen);
 
     assert_string_equal(b64_key, b64_key_gen);
 
     rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     rc = ssh_key_cmp(pubkey, pubkey_dup, SSH_KEY_CMP_PUBLIC);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     SSH_KEY_FREE(pubkey);
     SSH_KEY_FREE(pubkey_dup);
@@ -539,7 +579,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
     (void) state;
 
     rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -547,13 +587,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ECDSA_P256);
+    assert_int_equal(type, SSH_KEYTYPE_ECDSA_P256);
     type_char = ssh_key_type_to_char(type);
-    assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
+    assert_string_equal(type_char, "ecdsa-sha2-nistp256");
     etype_char = ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
+    assert_string_equal(etype_char, "ecdsa-sha2-nistp256");
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
@@ -561,7 +601,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
 
     /* deprecated */
     rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -569,20 +609,20 @@ static void torture_pki_generate_key_ecdsa(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ECDSA_P256);
+    assert_int_equal(type, SSH_KEYTYPE_ECDSA_P256);
     type_char = ssh_key_type_to_char(type);
-    assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
+    assert_string_equal(type_char, "ecdsa-sha2-nistp256");
     etype_char = ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
+    assert_string_equal(etype_char, "ecdsa-sha2-nistp256");
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
 
     rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -590,13 +630,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ECDSA_P384);
+    assert_int_equal(type, SSH_KEYTYPE_ECDSA_P384);
     type_char = ssh_key_type_to_char(type);
-    assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
-    etype_char =ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
+    assert_string_equal(type_char, "ecdsa-sha2-nistp384");
+    etype_char = ssh_pki_key_ecdsa_name(key);
+    assert_string_equal(etype_char, "ecdsa-sha2-nistp384");
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
@@ -604,7 +644,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
 
     /* deprecated */
     rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -612,20 +652,20 @@ static void torture_pki_generate_key_ecdsa(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ECDSA_P384);
+    assert_int_equal(type, SSH_KEYTYPE_ECDSA_P384);
     type_char = ssh_key_type_to_char(type);
-    assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
-    etype_char =ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
+    assert_string_equal(type_char, "ecdsa-sha2-nistp384");
+    etype_char = ssh_pki_key_ecdsa_name(key);
+    assert_string_equal(etype_char, "ecdsa-sha2-nistp384");
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
 
     rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -633,13 +673,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ECDSA_P521);
+    assert_int_equal(type, SSH_KEYTYPE_ECDSA_P521);
     type_char = ssh_key_type_to_char(type);
-    assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
+    assert_string_equal(type_char, "ecdsa-sha2-nistp521");
     etype_char =ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);
+    assert_string_equal(etype_char, "ecdsa-sha2-nistp521");
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
@@ -647,7 +687,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
 
     /* deprecated */
     rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -655,13 +695,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ECDSA_P521);
+    assert_int_equal(type, SSH_KEYTYPE_ECDSA_P521);
     type_char = ssh_key_type_to_char(type);
-    assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
-    etype_char =ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);
+    assert_string_equal(type_char, "ecdsa-sha2-nistp521");
+    etype_char = ssh_pki_key_ecdsa_name(key);
+    assert_string_equal(etype_char, "ecdsa-sha2-nistp521");
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
@@ -684,11 +724,11 @@ static void torture_pki_ecdsa_cert_verify(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_pki_import_cert_file(LIBSSH_ECDSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(cert);
 
     /* Get the hash type to be used in the signature based on the key type */
@@ -697,7 +737,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
     sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), hash_type);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     ssh_signature_free(sign);
     SSH_KEY_FREE(privkey);
     SSH_KEY_FREE(cert);
@@ -822,8 +862,9 @@ static void torture_pki_fail_sign_with_incompatible_hash(void **state)
     SSH_KEY_FREE(key);
 }
 
-#ifdef HAVE_LIBCRYPTO
-static void torture_pki_ecdsa_write_privkey(void **state)
+static void
+torture_pki_ecdsa_write_privkey_format(void **state,
+                                       enum ssh_file_format_e format)
 {
     ssh_key origkey = NULL;
     ssh_key privkey = NULL;
@@ -836,28 +877,29 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &origkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(origkey);
 
     unlink(LIBSSH_ECDSA_TESTKEY);
 
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_ECDSA_TESTKEY);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            NULL,
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_ECDSA_TESTKEY,
+                                            format);
+    assert_int_equal(rc, 0);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY,
                                      NULL,
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     SSH_KEY_FREE(origkey);
     SSH_KEY_FREE(privkey);
@@ -868,16 +910,17 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &origkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(origkey);
 
     unlink(LIBSSH_ECDSA_TESTKEY_PASSPHRASE);
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     torture_get_testkey_passphrase(),
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_ECDSA_TESTKEY_PASSPHRASE);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            torture_get_testkey_passphrase(),
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
+                                            format);
+    assert_int_equal(rc, 0);
 
     /* Test with invalid passphrase */
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
@@ -885,7 +928,7 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
     assert_null(privkey);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
@@ -893,15 +936,48 @@ static void torture_pki_ecdsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     SSH_KEY_FREE(origkey);
     SSH_KEY_FREE(privkey);
 }
+
+static void
+torture_pki_ecdsa_write_privkey(void **state)
+{
+    torture_pki_ecdsa_write_privkey_format(state, SSH_FILE_FORMAT_DEFAULT);
+}
+
+#ifdef HAVE_LIBCRYPTO
+static void
+torture_pki_ecdsa_write_privkey_pem(void **state)
+{
+    torture_pki_ecdsa_write_privkey_format(state, SSH_FILE_FORMAT_PEM);
+}
+
+static void
+torture_pki_ecdsa_write_privkey_openssh(void **state)
+{
+    torture_pki_ecdsa_write_privkey_format(state, SSH_FILE_FORMAT_OPENSSH);
+}
+
+static void
+torture_pki_ecdsa_import_export_privkey_base64_pem(void **state)
+{
+    torture_pki_ecdsa_import_export_privkey_base64_format(state,
+                                                          SSH_FILE_FORMAT_PEM);
+}
+
+static void
+torture_pki_ecdsa_import_export_privkey_base64_openssh(void **state)
+{
+    torture_pki_ecdsa_import_export_privkey_base64_format(state,
+                                                          SSH_FILE_FORMAT_OPENSSH);
+}
 #endif /* HAVE_LIBCRYPTO */
 
 static void torture_pki_ecdsa_name(void **state, const char *expected_name)
@@ -913,11 +989,11 @@ static void torture_pki_ecdsa_name(void **state, const char *expected_name)
     (void) state; /* unused */
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, NULL, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(key);
 
-    etype_char =ssh_pki_key_ecdsa_name(key);
-    assert_true(strcmp(etype_char, expected_name) == 0);
+    etype_char = ssh_pki_key_ecdsa_name(key);
+    assert_string_equal(etype_char, expected_name);
 
     SSH_KEY_FREE(key);
 }
@@ -958,15 +1034,18 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_pubkey_file,
                                         setup_openssh_ecdsa_key_521,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
-                                        setup_ecdsa_key_256,
-                                        teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
-                                        setup_ecdsa_key_384,
-                                        teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
-                                        setup_ecdsa_key_521,
-                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_default,
+            setup_ecdsa_key_256,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_default,
+            setup_ecdsa_key_384,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_default,
+            setup_ecdsa_key_521,
+            teardown),
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64_comment,
                                         setup_ecdsa_key_256,
                                         teardown),
@@ -985,15 +1064,18 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64_whitespace,
                                         setup_ecdsa_key_521,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
-                                        setup_openssh_ecdsa_key_256,
-                                        teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
-                                        setup_openssh_ecdsa_key_384,
-                                        teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_import_privkey_base64,
-                                        setup_openssh_ecdsa_key_521,
-                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_default,
+            setup_openssh_ecdsa_key_256,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_default,
+            setup_openssh_ecdsa_key_384,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_default,
+            setup_openssh_ecdsa_key_521,
+            teardown),
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_publickey_from_privatekey,
                                         setup_ecdsa_key_256,
                                         teardown),
@@ -1058,7 +1140,6 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_cert_verify,
                                         setup_ecdsa_key_521,
                                         teardown),
-#ifdef HAVE_LIBCRYPTO
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey,
                                         setup_ecdsa_key_256,
                                         teardown),
@@ -1068,6 +1149,49 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey,
                                         setup_ecdsa_key_521,
                                         teardown),
+#ifdef HAVE_LIBCRYPTO
+        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey_pem,
+                                        setup_ecdsa_key_256,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey_pem,
+                                        setup_ecdsa_key_384,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey_pem,
+                                        setup_ecdsa_key_521,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey_openssh,
+                                        setup_ecdsa_key_256,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey_openssh,
+                                        setup_ecdsa_key_384,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ecdsa_write_privkey_openssh,
+                                        setup_ecdsa_key_521,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_pem,
+            setup_ecdsa_key_256,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_pem,
+            setup_ecdsa_key_384,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_pem,
+            setup_ecdsa_key_521,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_openssh,
+            setup_ecdsa_key_256,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_openssh,
+            setup_ecdsa_key_384,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ecdsa_import_export_privkey_base64_openssh,
+            setup_ecdsa_key_521,
+            teardown),
 #endif /* HAVE_LIBCRYPTO */
         cmocka_unit_test(torture_pki_sign_data_ecdsa),
         cmocka_unit_test(torture_pki_fail_sign_with_incompatible_hash),
diff --git a/libssh/tests/unittests/torture_pki_ecdsa_uri.c b/libssh/tests/unittests/torture_pki_ecdsa_uri.c
index 038780db..48494278 100644
--- a/libssh/tests/unittests/torture_pki_ecdsa_uri.c
+++ b/libssh/tests/unittests/torture_pki_ecdsa_uri.c
@@ -13,16 +13,12 @@
 
 #define LIBSSH_ECDSA_TESTKEY "libssh_testkey.id_"
 #define LIBSSH_ECDSA_TESTKEY_PEM "libssh_testkey_pem.id_"
-#define SOFTHSM_CONF "softhsm.conf"
-#define PUB_URI_FMT_256 "pkcs11:token=ecdsa256;object=ecdsa256;type=public"
-#define PRIV_URI_FMT_256 "pkcs11:token=ecdsa256;object=ecdsa256;type=private?pin-value=1234"
-#define PUB_URI_FMT_384 "pkcs11:token=ecdsa384;object=ecdsa384;type=public"
-#define PRIV_URI_FMT_384 "pkcs11:token=ecdsa384;object=ecdsa384;type=private?pin-value=1234"
-#define PUB_URI_FMT_521 "pkcs11:token=ecdsa521;object=ecdsa521;type=public"
-#define PRIV_URI_FMT_521 "pkcs11:token=ecdsa521;object=ecdsa521;type=private?pin-value=1234"
-#define PRIV_URI_FMT_256_NO_PUB "pkcs11:token=ecdsa256_no_pub_uri;object=ecdsa256_no_pub_uri;type=private?pin-value=1234"
-#define PRIV_URI_FMT_384_NO_PUB "pkcs11:token=ecdsa384_no_pub_uri;object=ecdsa384_no_pub_uri;type=private?pin-value=1234"
-#define PRIV_URI_FMT_521_NO_PUB "pkcs11:token=ecdsa521_no_pub_uri;object=ecdsa521_no_pub_uri;type=private?pin-value=1234"
+#define LABEL_256 "ecdsa256"
+#define LABEL_384 "ecdsa384"
+#define LABEL_521 "ecdsa521"
+#define PUB_URI_FMT "pkcs11:token=%s;object=%s;type=public"
+#define PRIV_URI_FMT "pkcs11:token=%s;object=%s;type=private?pin-value=1234"
+#define PRIV_URI_NO_PUB_FMT "pkcs11:token=%s_no_pub_uri;object=%s_no_pub_uri;type=private?pin-value=1234"
 
 /** PKCS#11 URIs with invalid fields**/
 
@@ -31,7 +27,7 @@
 #define PUB_URI_FMT_384_INVALID_TOKEN "pkcs11:token=ecdsa521;object=ecdsa384;type=public"
 #define PUB_URI_FMT_521_INVALID_OBJECT "pkcs11:token=ecdsa521;object=ecdsa384;type=public"
 
-const char template[] = "temp_dir_XXXXXX";
+const char template[] = "/tmp/temp_dir_XXXXXX";
 const unsigned char INPUT[] = "1234567890123456789012345678901234567890"
                               "123456789012345678901234";
 struct pki_st {
@@ -80,7 +76,6 @@ static int setup_directory_structure(void **state)
     struct pki_st *test_state = NULL;
     char *temp_dir;
     int rc;
-    char conf_path[1024] = {0};
 
     test_state = (struct pki_st *)malloc(sizeof(struct pki_st));
     assert_non_null(test_state);
@@ -100,9 +95,6 @@ static int setup_directory_structure(void **state)
 
     *state = test_state;
 
-    snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", test_state->temp_dir);
-    setenv("SOFTHSM2_CONF", conf_path, 1);
-
     setup_tokens_ecdsa(state, 256, "ecdsa256", "1");
     setup_tokens_ecdsa(state, 384, "ecdsa384", "1");
     setup_tokens_ecdsa(state, 521, "ecdsa521", "1");
@@ -118,7 +110,7 @@ static int teardown_directory_structure(void **state)
     struct pki_st *test_state = *state;
     int rc;
 
-    unsetenv("SOFTHSM2_CONF");
+    torture_cleanup_tokens(test_state->temp_dir);
 
     rc = torture_change_dir(test_state->orig_dir);
     assert_int_equal(rc, 0);
@@ -133,39 +125,47 @@ static int teardown_directory_structure(void **state)
     return 0;
 }
 
-static void torture_pki_ecdsa_import_pubkey_uri(void **state, const char *uri)
+static void torture_pki_ecdsa_import_pubkey_uri(void **state, const char *label)
 {
+    char uri[128] = {0};
     ssh_key pubkey = NULL;
     int rc;
 
+    rc = snprintf(uri, sizeof(uri), PUB_URI_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(uri) - 1);
+
     rc = ssh_pki_import_pubkey_file(uri, &pubkey);
     assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     rc = ssh_key_is_public(pubkey);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(pubkey);
 }
 
 static void torture_pki_ecdsa_import_pubkey_uri_256(void **state)
 {
-    torture_pki_ecdsa_import_pubkey_uri(state, PUB_URI_FMT_256);
+    torture_pki_ecdsa_import_pubkey_uri(state, LABEL_256);
 }
 
 static void torture_pki_ecdsa_import_pubkey_uri_384(void **state)
 {
-    torture_pki_ecdsa_import_pubkey_uri(state, PUB_URI_FMT_384);
+    torture_pki_ecdsa_import_pubkey_uri(state, LABEL_384);
 }
 
 static void torture_pki_ecdsa_import_pubkey_uri_521(void **state)
 {
-    torture_pki_ecdsa_import_pubkey_uri(state, PUB_URI_FMT_521);
+    torture_pki_ecdsa_import_pubkey_uri(state, LABEL_521);
 }
 
-static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const char *uri, const char *type)
+static void
+torture_pki_ecdsa_publickey_from_privatekey_uri(void **state,
+                                                const char *label,
+                                                const char *type)
 {
     int rc;
+    char uri[128] = {0};
     ssh_key privkey = NULL;
     ssh_key pubkey = NULL;
     ssh_string pblob = NULL;
@@ -176,39 +176,38 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const
     char pub_filename_generated[1024];
     char pub_filename_pem[1024];
 
+    rc = snprintf(uri, sizeof(uri), PRIV_URI_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(uri) - 1);
+
     rc = ssh_pki_import_privkey_file(uri,
                                      NULL,
                                      NULL,
                                      NULL,
                                      &privkey);
     assert_return_code(rc, errno);
-    assert_true(rc == 0);
     assert_non_null(privkey);
 
     rc = ssh_pki_export_pubkey_blob(privkey, &pblob);
     assert_return_code(rc, errno);
-    assert_true(rc == SSH_OK);
     assert_non_null(pblob);
     ssh_string_free(pblob);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_return_code(rc, errno);
-    assert_true(rc == SSH_OK);
     assert_non_null(pubkey);
 
     snprintf(pub_filename, sizeof(pub_filename), "%s%s%s", LIBSSH_ECDSA_TESTKEY, type, ".pub");
     snprintf(pub_filename_generated, sizeof(pub_filename_generated), "%s%s%s",
-            LIBSSH_ECDSA_TESTKEY_PEM, type, "generated.pub");
+             LIBSSH_ECDSA_TESTKEY_PEM, type, "generated.pub");
     snprintf(pub_filename_pem, sizeof(pub_filename_pem), "%s%s%s", LIBSSH_ECDSA_TESTKEY_PEM, type, ".pub");
 
     rc = torture_read_one_line(pub_filename,
                                pubkey_original,
                                sizeof(pubkey_original));
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     rc = ssh_pki_export_pubkey_file(pubkey, pub_filename_generated);
     assert_return_code(rc, errno);
-    assert_true(rc == 0);
 
     /* remove the public key, generate it from the private key and write it. */
     unlink(pub_filename);
@@ -221,9 +220,9 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const
     rc = torture_read_one_line(pub_filename_pem,
                                pubkey_generated,
                                sizeof(pubkey_generated));
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
-    assert_int_equal(strncmp(pubkey_original, pubkey_generated, strlen(pubkey_original)), 0);
+    assert_memory_equal(pubkey_original, pubkey_generated, strlen(pubkey_original));
 
     SSH_KEY_FREE(privkey);
     SSH_KEY_FREE(pubkey);
@@ -231,72 +230,83 @@ static void torture_pki_ecdsa_publickey_from_privatekey_uri(void **state, const
 
 static void torture_pki_ecdsa_publickey_from_privatekey_uri_256(void **state)
 {
-    torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_256, "ecdsa256");
+    torture_pki_ecdsa_publickey_from_privatekey_uri(state, LABEL_256, "ecdsa256");
 }
 
 static void torture_pki_ecdsa_publickey_from_privatekey_uri_384(void **state)
 {
-    torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_384, "ecdsa384");
+    torture_pki_ecdsa_publickey_from_privatekey_uri(state, LABEL_384, "ecdsa384");
 }
 
 static void torture_pki_ecdsa_publickey_from_privatekey_uri_521(void **state)
 {
-    torture_pki_ecdsa_publickey_from_privatekey_uri(state, PRIV_URI_FMT_521, "ecdsa521");
+    torture_pki_ecdsa_publickey_from_privatekey_uri(state, LABEL_521, "ecdsa521");
 }
 
-static void import_pubkey_without_loading_public_uri(void **state, const char *uri, const char *type)
+static void
+import_pubkey_without_loading_public_uri(void **state, const char *label)
 {
     int rc;
+    char uri[128] = {0};
     ssh_key privkey = NULL;
     ssh_key pubkey = NULL;
     ssh_string pblob = NULL;
 
+    rc = snprintf(uri, sizeof(uri), PRIV_URI_NO_PUB_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(uri) - 1);
+
     rc = ssh_pki_import_privkey_file(uri,
                                      NULL,
                                      NULL,
                                      NULL,
                                      &privkey);
     assert_return_code(rc, errno);
-    assert_true(rc == 0);
     assert_non_null(privkey);
 
     rc = ssh_pki_export_pubkey_blob(privkey, &pblob);
     assert_int_not_equal(rc, 0);
     assert_null(pblob);
-    ssh_string_free(pblob);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_int_not_equal(rc, 0);
     assert_null(pubkey);
 
     SSH_KEY_FREE(privkey);
-    SSH_KEY_FREE(pubkey);
 }
 
 static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_256(void **state)
 {
-    import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_256_NO_PUB, "ecdsa256_no_pub_uri");
+    import_pubkey_without_loading_public_uri(state, LABEL_256);
 }
 
 static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_384(void **state)
 {
-    import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_384_NO_PUB, "ecdsa384_no_pub_uri");
+    import_pubkey_without_loading_public_uri(state, LABEL_384);
 }
 
 static void torture_pki_ecdsa_import_pubkey_without_loading_public_uri_521(void **state)
 {
-    import_pubkey_without_loading_public_uri(state, PRIV_URI_FMT_521_NO_PUB, "ecdsa521_no_pub_uri");
+    import_pubkey_without_loading_public_uri(state, LABEL_521);
 }
 
-static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ssh_digest_e dig_type)
+static void
+torture_ecdsa_sign_verify_uri(void **state,
+                              const char *label,
+                              enum ssh_digest_e dig_type)
 {
     int rc;
+    char uri[128] = {0};
     ssh_key privkey = NULL, pubkey = NULL;
     ssh_signature sign = NULL;
     enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
     const char *type_char = NULL;
     const char *etype_char = NULL;
-    ssh_session session=ssh_new();
+    ssh_session session = ssh_new();
+
+    assert_non_null(session);
+
+    rc = snprintf(uri, sizeof(uri), PRIV_URI_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(uri) - 1);
 
     rc = ssh_pki_import_privkey_file(uri,
                                      NULL,
@@ -304,12 +314,10 @@ static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ss
                                      NULL,
                                      &privkey);
     assert_return_code(rc, errno);
-    assert_true(rc == 0);
     assert_non_null(privkey);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
     assert_return_code(rc, errno);
-    assert_int_equal(rc, SSH_OK);
     assert_non_null(pubkey);
 
     sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), dig_type);
@@ -317,7 +325,6 @@ static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ss
 
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
     assert_return_code(rc, errno);
-    assert_true(rc == SSH_OK);
 
     type = ssh_key_type(privkey);
     type_char = ssh_key_type_to_char(type);
@@ -351,22 +358,24 @@ static void torture_ecdsa_sign_verify_uri(void **state, const char *uri, enum ss
 
 static void torture_ecdsa_sign_verify_uri_256(void **state)
 {
-    torture_ecdsa_sign_verify_uri(state, PRIV_URI_FMT_256, SSH_DIGEST_SHA256);
+    torture_ecdsa_sign_verify_uri(state, LABEL_256, SSH_DIGEST_SHA256);
 }
 
 static void torture_ecdsa_sign_verify_uri_384(void **state)
 {
-    torture_ecdsa_sign_verify_uri(state, PRIV_URI_FMT_384, SSH_DIGEST_SHA384);
+    torture_ecdsa_sign_verify_uri(state, LABEL_384, SSH_DIGEST_SHA384);
 }
 
 static void torture_ecdsa_sign_verify_uri_521(void **state)
 {
-    torture_ecdsa_sign_verify_uri(state, PRIV_URI_FMT_521, SSH_DIGEST_SHA512);
+    torture_ecdsa_sign_verify_uri(state, LABEL_521, SSH_DIGEST_SHA512);
 }
 
-static void torture_pki_ecdsa_duplicate_key_uri(void **state, const char *priv_uri, const char *pub_uri)
+static void torture_pki_ecdsa_duplicate_key_uri(void **state, const char *label)
 {
     int rc;
+    char pub_uri[128] = {0};
+    char priv_uri[128] = {0};
     char *b64_key = NULL;
     char *b64_key_gen = NULL;
     ssh_key pubkey = NULL;
@@ -376,12 +385,17 @@ static void torture_pki_ecdsa_duplicate_key_uri(void **state, const char *priv_u
 
     (void) state;
 
+    rc = snprintf(pub_uri, sizeof(pub_uri), PUB_URI_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(pub_uri) - 1);
+    rc = snprintf(priv_uri, sizeof(priv_uri), PRIV_URI_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(priv_uri) - 1);
+
     rc = ssh_pki_import_pubkey_file(pub_uri, &pubkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(b64_key);
 
     rc = ssh_pki_import_privkey_file(priv_uri,
@@ -389,27 +403,27 @@ static void torture_pki_ecdsa_duplicate_key_uri(void **state, const char *priv_u
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     privkey_dup = ssh_key_dup(privkey);
     assert_non_null(privkey_dup);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey_dup);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey_dup);
 
     rc = ssh_pki_export_pubkey_base64(pubkey_dup, &b64_key_gen);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(b64_key_gen);
 
     assert_string_equal(b64_key, b64_key_gen);
 
     rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     rc = ssh_key_cmp(pubkey, pubkey_dup, SSH_KEY_CMP_PUBLIC);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     SSH_KEY_FREE(pubkey);
     SSH_KEY_FREE(pubkey_dup);
@@ -421,21 +435,23 @@ static void torture_pki_ecdsa_duplicate_key_uri(void **state, const char *priv_u
 
 static void torture_pki_ecdsa_duplicate_key_uri_256(void **state)
 {
-    torture_pki_ecdsa_duplicate_key_uri(state, PRIV_URI_FMT_256, PUB_URI_FMT_256);
+    torture_pki_ecdsa_duplicate_key_uri(state, LABEL_256);
 }
 
 static void torture_pki_ecdsa_duplicate_key_uri_384(void **state)
 {
-    torture_pki_ecdsa_duplicate_key_uri(state, PRIV_URI_FMT_384, PUB_URI_FMT_384);
+    torture_pki_ecdsa_duplicate_key_uri(state, LABEL_384);
 }
 
 static void torture_pki_ecdsa_duplicate_key_uri_521(void **state)
 {
-    torture_pki_ecdsa_duplicate_key_uri(state, PRIV_URI_FMT_521, PUB_URI_FMT_521);
+    torture_pki_ecdsa_duplicate_key_uri(state, LABEL_521);
 }
 
-static void torture_pki_ecdsa_duplicate_then_demote_uri(void **state, const char *priv_uri)
+static void
+torture_pki_ecdsa_duplicate_then_demote_uri(void **state, const char *label)
 {
+    char priv_uri[128] = {0};
     ssh_key pubkey = NULL;
     ssh_key privkey = NULL;
     ssh_key privkey_dup = NULL;
@@ -443,12 +459,15 @@ static void torture_pki_ecdsa_duplicate_then_demote_uri(void **state, const char
 
     (void) state;
 
+    rc = snprintf(priv_uri, sizeof(priv_uri), PRIV_URI_FMT, label, label);
+    assert_in_range(rc, 0, sizeof(priv_uri) - 1);
+
     rc = ssh_pki_import_privkey_file(priv_uri,
                                      NULL,
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_int_equal(rc, 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     privkey_dup = ssh_key_dup(privkey);
@@ -456,7 +475,7 @@ static void torture_pki_ecdsa_duplicate_then_demote_uri(void **state, const char
     assert_int_equal(privkey->ecdsa_nid, privkey_dup->ecdsa_nid);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey_dup, &pubkey);
-    assert_int_equal(rc, 0);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
     assert_int_equal(pubkey->ecdsa_nid, privkey->ecdsa_nid);
 
@@ -467,17 +486,17 @@ static void torture_pki_ecdsa_duplicate_then_demote_uri(void **state, const char
 
 static void torture_pki_ecdsa_duplicate_then_demote_uri_256(void **state)
 {
-    torture_pki_ecdsa_duplicate_then_demote_uri(state, PRIV_URI_FMT_256);
+    torture_pki_ecdsa_duplicate_then_demote_uri(state, LABEL_256);
 }
 
 static void torture_pki_ecdsa_duplicate_then_demote_uri_384(void **state)
 {
-    torture_pki_ecdsa_duplicate_then_demote_uri(state, PRIV_URI_FMT_384);
+    torture_pki_ecdsa_duplicate_then_demote_uri(state, LABEL_384);
 }
 
 static void torture_pki_ecdsa_duplicate_then_demote_uri_521(void **state)
 {
-    torture_pki_ecdsa_duplicate_then_demote_uri(state, PRIV_URI_FMT_521);
+    torture_pki_ecdsa_duplicate_then_demote_uri(state, LABEL_521);
 }
 
 static void torture_pki_ecdsa_import_pubkey_uri_invalid_configurations(void **state)
@@ -514,9 +533,6 @@ static void torture_pki_ecdsa_import_pubkey_uri_invalid_configurations(void **st
                                      &pubkey);
     assert_int_not_equal(rc, 0);
     assert_null(pubkey);
-
-    SSH_KEY_FREE(privkey);
-    SSH_KEY_FREE(pubkey);
 }
 
 int torture_run_tests(void) {
@@ -547,6 +563,14 @@ int torture_run_tests(void) {
     ssh_session session = ssh_new();
     int verbosity = SSH_LOG_FUNCTIONS;
 
+    /* Do not use system openssl.cnf for the pkcs11 uri tests.
+     * It can load a pkcs11 provider too early before we will set up environment
+     * variables that are needed for the pkcs11 provider to access correct
+     * tokens, causing unexpected failures.
+     * Make sure this comes before ssh_init(), which initializes OpenSSL!
+     */
+    setenv("OPENSSL_CONF", "/dev/null", 1);
+
     ssh_init();
     ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
 
diff --git a/libssh/tests/unittests/torture_pki_ed25519.c b/libssh/tests/unittests/torture_pki_ed25519.c
index 2fe53bc3..0142fbe3 100644
--- a/libssh/tests/unittests/torture_pki_ed25519.c
+++ b/libssh/tests/unittests/torture_pki_ed25519.c
@@ -247,10 +247,10 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
     assert_non_null(key);
 
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ED25519);
+    assert_int_equal(type, SSH_KEYTYPE_ED25519);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     rc = ssh_pki_export_privkey_base64(key,
                                        passphrase,
@@ -270,10 +270,10 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
     assert_non_null(key);
 
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_ED25519);
+    assert_int_equal(type, SSH_KEYTYPE_ED25519);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_STRING_FREE_CHAR(b64_key);
     SSH_KEY_FREE(key);
@@ -317,6 +317,11 @@ static void torture_pki_ed25519_import_cert_file(void **state)
 
     (void) state; /* unused */
 
+    /* Importing public key as cert should fail */
+    rc = ssh_pki_import_cert_file(LIBSSH_ED25519_TESTKEY ".pub", &cert);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
+
     rc = ssh_pki_import_cert_file(LIBSSH_ED25519_TESTKEY "-cert.pub", &cert);
     assert_true(rc == 0);
     assert_non_null(cert);
@@ -448,7 +453,7 @@ static void torture_pki_ed25519_generate_key(void **state)
     assert_true(strcmp(type_char, "ssh-ed25519") == 0);
 
     /* try an invalid signature */
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
     raw_sig_data = ssh_string_data(sign->raw_sig);
 #else
     raw_sig_data = (uint8_t *)sign->ed25519_sig;
@@ -503,70 +508,83 @@ static void torture_pki_ed25519_cert_verify(void **state)
     ssh_free(session);
 }
 
-static void torture_pki_ed25519_write_privkey(void **state)
+static void
+torture_pki_ed25519_write_privkey_format(void **state,
+                                         enum ssh_file_format_e format)
 {
     ssh_key origkey = NULL;
     ssh_key privkey = NULL;
     int rc;
 
-    (void) state; /* unused */
+    (void)state; /* unused */
+
+    /* Skip test if in FIPS mode */
+    if (ssh_fips_mode()) {
+        skip();
+    }
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
-            NULL,
-            NULL,
-            NULL,
-            &origkey);
-    assert_true(rc == 0);
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     &origkey);
+    assert_int_equal(rc, 0);
     assert_non_null(origkey);
 
     unlink(LIBSSH_ED25519_TESTKEY);
 
-    rc = ssh_pki_export_privkey_file(origkey,
-            NULL,
-            NULL,
-            NULL,
-            LIBSSH_ED25519_TESTKEY);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            NULL,
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_ED25519_TESTKEY,
+                                            format);
+    assert_int_equal(rc, 0);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
-            NULL,
-            NULL,
-            NULL,
-            &privkey);
-    assert_true(rc == 0);
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     &privkey);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     unlink(LIBSSH_ED25519_TESTKEY);
     SSH_KEY_FREE(privkey);
     /* do the same with passphrase */
-    rc = ssh_pki_export_privkey_file(origkey,
-            torture_get_testkey_passphrase(),
-            NULL,
-            NULL,
-            LIBSSH_ED25519_TESTKEY);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            torture_get_testkey_passphrase(),
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_ED25519_TESTKEY,
+                                            format);
+    assert_int_equal(rc, 0);
 
-    rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
-            NULL,
-            NULL,
-            NULL,
-            &privkey);
-    /* opening without passphrase should fail */
-    assert_true(rc == SSH_ERROR);
+    /* Opening passphrase protected key will prompt for the pin interactively,
+     * which would hang in the test */
+    if (format != SSH_FILE_FORMAT_PEM) {
+        rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
+                                        NULL,
+                                        NULL,
+                                        NULL,
+                                        &privkey);
+        /* opening without passphrase should fail */
+        assert_int_equal(rc, SSH_ERROR);
+    }
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY,
-            torture_get_testkey_passphrase(),
-            NULL,
-            NULL,
-            &privkey);
-    assert_true(rc == 0);
+                                     torture_get_testkey_passphrase(),
+                                     NULL,
+                                     NULL,
+                                     &privkey);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     unlink(LIBSSH_ED25519_TESTKEY);
 
     SSH_KEY_FREE(origkey);
@@ -578,16 +596,17 @@ static void torture_pki_ed25519_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &origkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(origkey);
 
     unlink(LIBSSH_ED25519_TESTKEY_PASSPHRASE);
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     torture_get_testkey_passphrase(),
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_ED25519_TESTKEY_PASSPHRASE);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            torture_get_testkey_passphrase(),
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_ED25519_TESTKEY_PASSPHRASE,
+                                            format);
+    assert_int_equal(rc, 0);
 
     /* Test with invalid passphrase */
     rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE,
@@ -595,23 +614,43 @@ static void torture_pki_ed25519_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE,
                                      torture_get_testkey_passphrase(),
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_int_equal(rc, 0);
 
     SSH_KEY_FREE(origkey);
     SSH_KEY_FREE(privkey);
 }
 
+static void
+torture_pki_ed25519_write_privkey(void **state)
+{
+    torture_pki_ed25519_write_privkey_format(state, SSH_FILE_FORMAT_DEFAULT);
+}
+
+#ifdef HAVE_LIBCRYPTO
+static void
+torture_pki_ed25519_write_privkey_pem(void **state)
+{
+    torture_pki_ed25519_write_privkey_format(state, SSH_FILE_FORMAT_PEM);
+}
+
+static void
+torture_pki_ed25519_write_privkey_openssh(void **state)
+{
+    torture_pki_ed25519_write_privkey_format(state, SSH_FILE_FORMAT_OPENSSH);
+}
+#endif
+
 static void torture_pki_ed25519_sign(void **state)
 {
     ssh_key privkey = NULL;
@@ -690,7 +729,7 @@ static void torture_pki_ed25519_sign_openssh_privkey_passphrase(void **state)
     SSH_STRING_FREE(blob);
 }
 
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
 static void torture_pki_ed25519_sign_pkcs8_privkey(void **state)
 {
     ssh_key privkey = NULL;
@@ -766,7 +805,7 @@ static void torture_pki_ed25519_sign_pkcs8_privkey_passphrase(void **state)
     SSH_KEY_FREE(privkey);
     SSH_STRING_FREE(blob);
 }
-#endif /* HAVE_OPENSSL_ED25519 */
+#endif /* HAVE_LIBCRYPTO */
 
 static void torture_pki_ed25519_verify(void **state){
     ssh_key pubkey = NULL;
@@ -805,7 +844,7 @@ static void torture_pki_ed25519_verify(void **state){
     assert_true(rc == SSH_OK);
 
     /* Alter signature and expect verification error */
-#if defined(HAVE_OPENSSL_ED25519)
+#ifdef HAVE_LIBCRYPTO
     raw_sig_data = ssh_string_data(sig->raw_sig);
 #else
     raw_sig_data = (uint8_t *)sig->ed25519_sig;
@@ -1015,9 +1054,16 @@ int torture_run_tests(void) {
         cmocka_unit_test(torture_pki_ed25519_import_privkey_base64_passphrase),
         cmocka_unit_test(torture_pki_ed25519_sign),
         cmocka_unit_test(torture_pki_ed25519_sign_openssh_privkey_passphrase),
-#ifdef HAVE_OPENSSL_ED25519
+#ifdef HAVE_LIBCRYPTO
         cmocka_unit_test(torture_pki_ed25519_sign_pkcs8_privkey),
         cmocka_unit_test(torture_pki_ed25519_sign_pkcs8_privkey_passphrase),
+        cmocka_unit_test_setup_teardown(torture_pki_ed25519_write_privkey_pem,
+                                        setup_ed25519_key,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_ed25519_write_privkey_openssh,
+            setup_ed25519_key,
+            teardown),
 #endif
         cmocka_unit_test(torture_pki_ed25519_verify),
         cmocka_unit_test(torture_pki_ed25519_verify_bad),
diff --git a/libssh/tests/unittests/torture_pki_rsa.c b/libssh/tests/unittests/torture_pki_rsa.c
index 7b9d83fc..4da6b148 100644
--- a/libssh/tests/unittests/torture_pki_rsa.c
+++ b/libssh/tests/unittests/torture_pki_rsa.c
@@ -1,5 +1,6 @@
 
 #include "config.h"
+#include "libssh/libssh.h"
 
 #define LIBSSH_STATIC
 
@@ -164,7 +165,7 @@ static void torture_pki_rsa_import_privkey_base64_NULL_key(void **state)
                                        NULL,
                                        NULL,
                                        NULL);
-    assert_true(rc == -1);
+    assert_int_equal(rc, -1);
 
 }
 
@@ -178,16 +179,18 @@ static void torture_pki_rsa_import_privkey_base64_NULL_str(void **state)
 
     /* test if it returns -1 if key_str is NULL */
     rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key);
-    assert_true(rc == -1);
+    assert_int_equal(rc, -1);
 
     SSH_KEY_FREE(key);
 }
 
-static void torture_pki_rsa_import_privkey_base64(void **state)
+static void
+torture_pki_rsa_import_export_privkey_base64_format(void **state,
+                                                    enum ssh_file_format_e format)
 {
     int rc;
-    char *key_str = NULL;
-    ssh_key key = NULL;
+    char *key_str = NULL, *new_key_str = NULL;
+    ssh_key key = NULL, new_key = NULL;
     const char *passphrase = torture_get_testkey_passphrase();
     enum ssh_keytypes_e type;
 
@@ -196,21 +199,62 @@ static void torture_pki_rsa_import_privkey_base64(void **state)
     key_str = torture_pki_read_file(LIBSSH_RSA_TESTKEY);
     assert_non_null(key_str);
 
+    /* Import test key */
     rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(key);
 
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_RSA);
+    assert_int_equal(type, SSH_KEYTYPE_RSA);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     rc = ssh_key_is_public(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
+
+    /* Export */
+    rc = ssh_pki_export_privkey_base64_format(key,
+                                              passphrase,
+                                              NULL,
+                                              NULL,
+                                              &new_key_str,
+                                              format);
+    assert_int_equal(rc, SSH_OK);
+    assert_non_null(new_key_str);
+
+    /* and import again */
+    rc = ssh_pki_import_privkey_base64(new_key_str,
+                                       passphrase,
+                                       NULL,
+                                       NULL,
+                                       &new_key);
+    assert_int_equal(rc, 0);
+    assert_non_null(new_key);
+
+    type = ssh_key_type(new_key);
+    assert_int_equal(type, SSH_KEYTYPE_RSA);
+
+    rc = ssh_key_is_private(new_key);
+    assert_int_equal(rc, 1);
+
+    rc = ssh_key_is_public(new_key);
+    assert_int_equal(rc, 1);
+
+    rc = ssh_key_cmp(key, new_key, SSH_KEY_CMP_PRIVATE|SSH_KEY_CMP_PUBLIC);
+    assert_int_equal(rc, 0);
 
     free(key_str);
+    free(new_key_str);
     SSH_KEY_FREE(key);
+    SSH_KEY_FREE(new_key);
+}
+
+static void
+torture_pki_rsa_import_export_privkey_base64(void **state)
+{
+    torture_pki_rsa_import_export_privkey_base64_format(state,
+                                                        SSH_FILE_FORMAT_DEFAULT);
 }
 
 static void torture_pki_rsa_import_privkey_base64_comment(void **state)
@@ -234,17 +278,17 @@ static void torture_pki_rsa_import_privkey_base64_comment(void **state)
     assert_int_equal(rc, file_str_len - 1);
 
     rc = ssh_pki_import_privkey_base64(file_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(key);
 
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_RSA);
+    assert_int_equal(type, SSH_KEYTYPE_RSA);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     rc = ssh_key_is_public(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     free(key_str);
     free(file_str);
@@ -272,17 +316,17 @@ static void torture_pki_rsa_import_privkey_base64_whitespace(void **state)
     assert_int_equal(rc, file_str_len - 1);
 
     rc = ssh_pki_import_privkey_base64(file_str, passphrase, NULL, NULL, &key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(key);
 
     type = ssh_key_type(key);
-    assert_true(type == SSH_KEYTYPE_RSA);
+    assert_int_equal(type, SSH_KEYTYPE_RSA);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     rc = ssh_key_is_public(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     free(key_str);
     free(file_str);
@@ -303,14 +347,14 @@ static void torture_pki_rsa_publickey_from_privatekey(void **state)
                                        NULL,
                                        NULL,
                                        &key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(key);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     SSH_KEY_FREE(key);
@@ -330,14 +374,19 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
     ssh_key privkey = NULL;
     ssh_key cert = NULL;
 
-    (void) state; /* unused */
+    (void)state; /* unused */
+
+    /* Importing public key as cert should fail */
+    rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY ".pub", &cert);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(cert);
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
@@ -345,32 +394,48 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
                                        NULL,
                                        NULL,
                                        &privkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     /* Basic sanity. */
     rc = ssh_pki_copy_cert_to_privkey(NULL, privkey);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
 
     rc = ssh_pki_copy_cert_to_privkey(pubkey, NULL);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
 
     /* A public key doesn't have a cert, copy should fail. */
     assert_null(pubkey->cert);
     rc = ssh_pki_copy_cert_to_privkey(pubkey, privkey);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
 
     /* Copying the cert to non-cert keys should work fine. */
     rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey->cert);
     rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(privkey->cert);
 
     /* The private key's cert is already set, another copy should fail. */
     rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
+
+    SSH_KEY_FREE(privkey);
+    SSH_KEY_FREE(pubkey);
+
+    /* Generate different key and try to assign it this certificate */
+    rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &privkey);
+    assert_return_code(rc, errno);
+    assert_non_null(privkey);
+    rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
+    assert_return_code(rc, errno);
+    assert_non_null(pubkey);
+
+    rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
+    assert_int_equal(rc, SSH_ERROR);
 
     SSH_KEY_FREE(cert);
     SSH_KEY_FREE(privkey);
@@ -385,14 +450,14 @@ static void torture_pki_rsa_import_cert_file(void **state) {
     (void) state; /* unused */
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(cert);
 
     type = ssh_key_type(cert);
-    assert_true(type == SSH_KEYTYPE_RSA_CERT01);
+    assert_int_equal(type, SSH_KEYTYPE_RSA_CERT01);
 
     rc = ssh_key_is_public(cert);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(cert);
 }
@@ -417,7 +482,7 @@ static void torture_pki_rsa_publickey_base64(void **state)
     }
 
     type = ssh_key_type_from_name(q);
-    assert_true(type == SSH_KEYTYPE_RSA);
+    assert_int_equal(type, SSH_KEYTYPE_RSA);
 
     q = ++p;
     while (p != NULL && *p != '\0' && *p != ' ') p++;
@@ -426,11 +491,11 @@ static void torture_pki_rsa_publickey_base64(void **state)
     }
 
     rc = ssh_pki_import_pubkey_base64(q, type, &key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(key);
 
     rc = ssh_pki_export_pubkey_base64(key, &b64_key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(b64_key);
 
     assert_string_equal(q, b64_key);
@@ -457,20 +522,20 @@ static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) {
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_RSA_TESTKEY ".pub");
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     rc = torture_read_one_line(LIBSSH_RSA_TESTKEY ".pub",
                                pubkey_generated,
                                sizeof(pubkey_generated));
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
     assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA),
@@ -494,11 +559,11 @@ static void torture_pki_rsa_duplicate_key(void **state)
     (void) state;
 
     rc = ssh_pki_import_pubkey_file(LIBSSH_RSA_TESTKEY ".pub", &pubkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(b64_key);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
@@ -506,27 +571,27 @@ static void torture_pki_rsa_duplicate_key(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     privkey_dup = ssh_key_dup(privkey);
     assert_non_null(privkey_dup);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey_dup);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey_dup);
 
     rc = ssh_pki_export_pubkey_base64(pubkey_dup, &b64_key_gen);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(b64_key_gen);
 
     assert_string_equal(b64_key, b64_key_gen);
 
     rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     rc = ssh_key_cmp(pubkey, pubkey_dup, SSH_KEY_CMP_PUBLIC);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     SSH_KEY_FREE(pubkey);
     SSH_KEY_FREE(pubkey_dup);
@@ -550,7 +615,7 @@ static void torture_pki_rsa_generate_key(void **state)
 
     if (!ssh_fips_mode()) {
         rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
-        assert_true(rc == SSH_OK);
+        assert_return_code(rc, errno);
         assert_non_null(key);
         rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
         assert_int_equal(rc, SSH_OK);
@@ -558,7 +623,7 @@ static void torture_pki_rsa_generate_key(void **state)
         sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
         assert_non_null(sign);
         rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-        assert_true(rc == SSH_OK);
+        assert_return_code(rc, errno);
         ssh_signature_free(sign);
         SSH_KEY_FREE(key);
         SSH_KEY_FREE(pubkey);
@@ -567,7 +632,7 @@ static void torture_pki_rsa_generate_key(void **state)
     }
 
     rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -575,7 +640,7 @@ static void torture_pki_rsa_generate_key(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
@@ -583,7 +648,7 @@ static void torture_pki_rsa_generate_key(void **state)
     pubkey = NULL;
 
     rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -591,7 +656,7 @@ static void torture_pki_rsa_generate_key(void **state)
     sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
     assert_non_null(sign);
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
     SSH_KEY_FREE(pubkey);
@@ -613,11 +678,11 @@ static void torture_pki_rsa_sha2(void **state)
 
     /* Setup */
     rc  = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY, NULL, NULL, NULL, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
 
     rc  = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(cert);
 
     /* Get the public key to verify signature */
@@ -680,7 +745,7 @@ static void torture_pki_rsa_key_size(void **state)
     (void) state;
 
     rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(key);
     rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
     assert_int_equal(rc, SSH_OK);
@@ -690,13 +755,13 @@ static void torture_pki_rsa_key_size(void **state)
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
     assert_ssh_return_code(session, rc);
 
-    /* Set the minumum RSA key size to 4k */
+    /* Set the minimum RSA key size to 4k */
     rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &length);
     assert_ssh_return_code(session, rc);
 
     /* the verification should fail now */
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(key);
@@ -807,8 +872,9 @@ static void torture_pki_fail_sign_with_incompatible_hash(void **state)
     SSH_KEY_FREE(key);
 }
 
-#ifdef HAVE_LIBCRYPTO
-static void torture_pki_rsa_write_privkey(void **state)
+static void
+torture_pki_rsa_write_privkey_format(void **state,
+                                     enum ssh_file_format_e format)
 {
     ssh_key origkey = NULL;
     ssh_key privkey = NULL;
@@ -821,28 +887,29 @@ static void torture_pki_rsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &origkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(origkey);
 
     unlink(LIBSSH_RSA_TESTKEY);
 
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     NULL,
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_RSA_TESTKEY);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            NULL,
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_RSA_TESTKEY,
+                                            format);
+    assert_return_code(rc, errno);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY,
                                      NULL,
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     SSH_KEY_FREE(origkey);
     SSH_KEY_FREE(privkey);
@@ -853,16 +920,17 @@ static void torture_pki_rsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &origkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(origkey);
 
     unlink(LIBSSH_RSA_TESTKEY_PASSPHRASE);
-    rc = ssh_pki_export_privkey_file(origkey,
-                                     torture_get_testkey_passphrase(),
-                                     NULL,
-                                     NULL,
-                                     LIBSSH_RSA_TESTKEY_PASSPHRASE);
-    assert_true(rc == 0);
+    rc = ssh_pki_export_privkey_file_format(origkey,
+                                            torture_get_testkey_passphrase(),
+                                            NULL,
+                                            NULL,
+                                            LIBSSH_RSA_TESTKEY_PASSPHRASE,
+                                            format);
+    assert_return_code(rc, errno);
 
     /* Test with invalid passphrase */
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
@@ -870,7 +938,7 @@ static void torture_pki_rsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == SSH_ERROR);
+    assert_int_equal(rc, SSH_ERROR);
     assert_null(privkey);
 
     rc = ssh_pki_import_privkey_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
@@ -878,15 +946,47 @@ static void torture_pki_rsa_write_privkey(void **state)
                                      NULL,
                                      NULL,
                                      &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
 
     SSH_KEY_FREE(origkey);
     SSH_KEY_FREE(privkey);
 }
+
+static void
+torture_pki_rsa_write_privkey(void **state)
+{
+    torture_pki_rsa_write_privkey_format(state, SSH_FILE_FORMAT_DEFAULT);
+}
+
+#if defined(HAVE_LIBCRYPTO)
+static void
+torture_pki_rsa_write_privkey_pem(void **state)
+{
+    torture_pki_rsa_write_privkey_format(state, SSH_FILE_FORMAT_PEM);
+}
+
+static void
+torture_pki_rsa_write_privkey_openssh(void **state)
+{
+    torture_pki_rsa_write_privkey_format(state, SSH_FILE_FORMAT_OPENSSH);
+}
+
+static void
+torture_pki_rsa_import_export_privkey_base64_pem(void **state)
+{
+    torture_pki_rsa_import_export_privkey_base64_format(state,
+                                                        SSH_FILE_FORMAT_PEM);
+}
+static void
+torture_pki_rsa_import_export_privkey_base64_openssh(void **state)
+{
+    torture_pki_rsa_import_export_privkey_base64_format(state,
+                                                        SSH_FILE_FORMAT_OPENSSH);
+}
 #endif /* HAVE_LIBCRYPTO */
 
 static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
@@ -907,7 +1007,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
     assert_non_null(key);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(key);
 
@@ -917,7 +1017,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        NULL,
                                        &key);
-    assert_true(rc == -1);
+    assert_int_equal(rc, -1);
     SSH_KEY_FREE(key);
 
 #ifndef HAVE_LIBCRYPTO
@@ -928,7 +1028,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
                                        NULL,
                                        NULL,
                                        &key);
-    assert_true(rc == -1);
+    assert_int_equal(rc, -1);
     SSH_KEY_FREE(key);
 #endif
 }
@@ -955,7 +1055,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
     assert_non_null(key);
 
     rc = ssh_key_is_private(key);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(key);
 
@@ -965,7 +1065,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        NULL,
                                        &key);
-    assert_true(rc == -1);
+    assert_int_equal(rc, -1);
     SSH_KEY_FREE(key);
 
     /* test if it returns -1 if passphrase is NULL */
@@ -975,7 +1075,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
                                        NULL,
                                        NULL,
                                        &key);
-    assert_true(rc == -1);
+    assert_int_equal(rc, -1);
     SSH_KEY_FREE(key);
 }
 
@@ -994,7 +1094,7 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_NULL_str,
                                         setup_rsa_key,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64,
+        cmocka_unit_test_setup_teardown(torture_pki_rsa_import_export_privkey_base64,
                                         setup_rsa_key,
                                         teardown),
         cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_comment,
@@ -1003,9 +1103,10 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_whitespace,
                                         setup_rsa_key,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64,
-                                        setup_openssh_rsa_key,
-                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_rsa_import_export_privkey_base64,
+            setup_openssh_rsa_key,
+            teardown),
         cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_from_privatekey,
                                         setup_rsa_key,
                                         teardown),
@@ -1028,10 +1129,24 @@ int torture_run_tests(void) {
                                         teardown),
         cmocka_unit_test(torture_pki_rsa_generate_key),
         cmocka_unit_test(torture_pki_rsa_key_size),
-#if defined(HAVE_LIBCRYPTO)
         cmocka_unit_test_setup_teardown(torture_pki_rsa_write_privkey,
                                         setup_rsa_key,
                                         teardown),
+#if defined(HAVE_LIBCRYPTO)
+        cmocka_unit_test_setup_teardown(torture_pki_rsa_write_privkey_pem,
+                                        setup_rsa_key,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_rsa_write_privkey_openssh,
+                                        setup_rsa_key,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_rsa_import_export_privkey_base64_pem,
+            setup_openssh_rsa_key,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_rsa_import_export_privkey_base64_openssh,
+            setup_openssh_rsa_key,
+            teardown),
 #endif /* HAVE_LIBCRYPTO */
         cmocka_unit_test(torture_pki_sign_data_rsa),
         cmocka_unit_test(torture_pki_fail_sign_with_incompatible_hash),
diff --git a/libssh/tests/unittests/torture_pki_rsa_uri.c b/libssh/tests/unittests/torture_pki_rsa_uri.c
index 1d15db6d..5c2429f7 100644
--- a/libssh/tests/unittests/torture_pki_rsa_uri.c
+++ b/libssh/tests/unittests/torture_pki_rsa_uri.c
@@ -13,11 +13,10 @@
 
 #define LIBSSH_RSA_TESTKEY            "libssh_testkey.id_rsa"
 #define LIBSSH_RSA_TESTKEY_PASSPHRASE "libssh_testkey_passphrase.id_rsa"
-#define SOFTHSM_CONF "softhsm.conf"
 #define PUB_URI_FMT  "pkcs11:token=%s;object=%s;type=public"
 #define PRIV_URI_FMT "pkcs11:token=%s;object=%s;type=private?pin-value=%s"
 
-const char template[] = "temp_dir_XXXXXX";
+const char template[] = "/tmp/temp_dir_XXXXXX";
 const unsigned char INPUT[] = "1234567890123456789012345678901234567890"
                               "123456789012345678901234";
 struct pki_st {
@@ -33,7 +32,6 @@ struct pki_st {
 
 static int setup_tokens(void **state)
 {
-    char conf_path[1024] = {0};
     char keys_path[1024] = {0};
     char keys_path_pub[1024] = {0};
     char *cwd = NULL;
@@ -85,17 +83,13 @@ static int setup_tokens(void **state)
 
     torture_setup_tokens(cwd, keys_path, obj_tempname, "1");
 
-    snprintf(conf_path, sizeof(conf_path), "%s/softhsm.conf", cwd);
-
-    setenv("SOFTHSM2_CONF", conf_path, 1);
-
     return 0;
 }
 
 static int setup_directory_structure(void **state)
 {
     struct pki_st *test_state = NULL;
-    char *temp_dir;
+    char *temp_dir = NULL;
     int rc;
 
     test_state = (struct pki_st *)malloc(sizeof(struct pki_st));
@@ -109,6 +103,7 @@ static int setup_directory_structure(void **state)
 
     rc = torture_change_dir(temp_dir);
     assert_int_equal(rc, 0);
+    free(temp_dir);
 
     test_state->temp_dir = torture_get_current_working_dir();
     assert_non_null(test_state->temp_dir);
@@ -126,6 +121,8 @@ static int teardown_directory_structure(void **state)
     struct pki_st *test_state = *state;
     int rc;
 
+    torture_cleanup_tokens(test_state->temp_dir);
+
     rc = torture_change_dir(test_state->orig_dir);
     assert_int_equal(rc, 0);
 
@@ -142,8 +139,6 @@ static int teardown_directory_structure(void **state)
     SAFE_FREE(test_state->pub_uri_invalid_token);
     SAFE_FREE(test_state);
 
-    unsetenv("SOFTHSM2_CONF");
-
     return 0;
 }
 
@@ -157,7 +152,7 @@ static void torture_pki_rsa_import_pubkey_uri(void **state)
     assert_non_null(pubkey);
 
     rc = ssh_key_is_public(pubkey);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(pubkey);
 }
@@ -173,11 +168,11 @@ static void torture_pki_rsa_import_privkey_uri(void **state)
                                         NULL,
                                         NULL,
                                         &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     rc = ssh_key_is_private(privkey);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     SSH_KEY_FREE(privkey);
 }
@@ -196,18 +191,18 @@ static void torture_pki_sign_verify_uri(void **state)
                                         NULL,
                                         NULL,
                                         &privkey);
-    assert_int_equal(rc, SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     rc = ssh_pki_import_pubkey_file(test_state->pub_uri, &pubkey);
-    assert_int_equal(rc, SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
     assert_non_null(sign);
 
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
 
     ssh_signature_free(sign);
     SSH_KEY_FREE(privkey);
@@ -228,14 +223,14 @@ static void torture_pki_rsa_publickey_from_privatekey_uri(void **state)
                                         NULL,
                                         NULL,
                                         &privkey);
-    assert_true(rc == 0);
+    assert_return_code(rc, errno);
     assert_non_null(privkey);
 
     rc = ssh_key_is_private(privkey);
-    assert_true(rc == 1);
+    assert_int_equal(rc, 1);
 
     rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
-    assert_true(rc == SSH_OK);
+    assert_return_code(rc, errno);
     assert_non_null(pubkey);
 
     SSH_KEY_FREE(privkey);
@@ -259,26 +254,25 @@ static void torture_pki_rsa_uri_invalid_configurations(void **state)
     assert_null(pubkey);
 
     rc = ssh_pki_import_privkey_file(test_state->priv_uri_invalid_object,
-                                        NULL,
-                                        NULL,
-                                        NULL,
-                                        &privkey);
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     &privkey);
     assert_int_not_equal(rc, 0);
     assert_null(privkey);
 
     rc = ssh_pki_import_privkey_file(test_state->priv_uri_invalid_token,
-                                        NULL,
-                                        NULL,
-                                        NULL,
-                                        &privkey);
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     &privkey);
     assert_int_not_equal(rc, 0);
     assert_null(privkey);
-
-    SSH_KEY_FREE(pubkey);
-    SSH_KEY_FREE(privkey);
 }
 
-int torture_run_tests(void) {
+int
+torture_run_tests(void)
+{
     int rc;
     struct CMUnitTest tests[] = {
         cmocka_unit_test(torture_pki_rsa_import_pubkey_uri),
@@ -290,11 +284,25 @@ int torture_run_tests(void) {
 
     ssh_session session = ssh_new();
     int verbosity = SSH_LOG_FUNCTIONS;
-    ssh_options_set(session,SSH_OPTIONS_LOG_VERBOSITY,&verbosity);
+
+    /* Do not use system openssl.cnf for the pkcs11 uri tests.
+     * It can load a pkcs11 provider too early before we will set up environment
+     * variables that are needed for the pkcs11 provider to access correct
+     * tokens, causing unexpected failures.
+     * Make sure this comes before ssh_init(), which initializes OpenSSL!
+     */
+    setenv("OPENSSL_CONF", "/dev/null", 1);
+
+    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+
     ssh_init();
 
     torture_filter_tests(tests);
-    rc = cmocka_run_group_tests(tests, setup_directory_structure, teardown_directory_structure);
+    rc = cmocka_run_group_tests(tests,
+                                setup_directory_structure,
+                                teardown_directory_structure);
+
+    ssh_free(session);
 
     ssh_finalize();
 
diff --git a/libssh/tests/unittests/torture_session_keys.c b/libssh/tests/unittests/torture_session_keys.c
index a5ec3d89..1ae38312 100644
--- a/libssh/tests/unittests/torture_session_keys.c
+++ b/libssh/tests/unittests/torture_session_keys.c
@@ -30,11 +30,11 @@ uint8_t eK[24] =
 uint8_t dK[24] =
     "\xf8\xdd\xc3\xea\x5a\x59\x98\xb9\x86\xaa\x77\x29\x67\x51\x46"
     "\x21\x73\xc2\x6a\x6b\xed\xf2\x49\x98";
-uint8_t eMAC[32] =
+uint8_t encrypt_MAC[32] =
     "\x0f\xbd\x1f\xe9\x2a\xaa\x84\xdc\xb5\xfc\xfb\x68\x2c\xa5\xe0"
     "\xba\xf2\x6f\xe5\x80\xee\x8f\x5c\x5b\x30\x55\x25\xb3\x7b\x21"
     "\xdc\xe5";
-uint8_t dMAC[32] =
+uint8_t decrypt_MAC[32] =
     "\xa3\x52\x6e\x72\xa8\x8b\xde\xc5\x68\x66\x89\xae\x0a\xd2\x83"
     "\x23\x21\x4b\x3f\x04\x2e\x7f\x86\x04\x0f\xa8\x04\x3c\x62\xad"
     "\x74\x91";
@@ -73,6 +73,7 @@ static void torture_session_keys(UNUSED_PARAM(void **state))
     assert_int_equal(rc, 0);
 
     test_crypto.shared_secret = ssh_make_string_bn(k_string);
+    SSH_STRING_FREE(k_string);
 
     rc = ssh_generate_session_keys(&session);
     assert_int_equal(rc, 0);
@@ -81,10 +82,16 @@ static void torture_session_keys(UNUSED_PARAM(void **state))
     assert_memory_equal(test_crypto.decryptIV, dIV, 32);
     assert_memory_equal(test_crypto.encryptkey, eK, 24);
     assert_memory_equal(test_crypto.decryptkey, dK, 24);
-    assert_memory_equal(test_crypto.encryptMAC, eMAC, 32);
-    assert_memory_equal(test_crypto.decryptMAC, dMAC, 32);
-
-    SSH_STRING_FREE(k_string);
+    assert_memory_equal(test_crypto.encryptMAC, encrypt_MAC, 32);
+    assert_memory_equal(test_crypto.decryptMAC, decrypt_MAC, 32);
+
+    bignum_safe_free(test_crypto.shared_secret);
+    SAFE_FREE(test_crypto.encryptIV);
+    SAFE_FREE(test_crypto.decryptIV);
+    SAFE_FREE(test_crypto.encryptkey);
+    SAFE_FREE(test_crypto.decryptkey);
+    SAFE_FREE(test_crypto.encryptMAC);
+    SAFE_FREE(test_crypto.decryptMAC);
 }
 
 int torture_run_tests(void) {
diff --git a/libssh/tests/unittests/torture_threads_pki_rsa.c b/libssh/tests/unittests/torture_threads_pki_rsa.c
index 5ec8055f..64d9d504 100644
--- a/libssh/tests/unittests/torture_threads_pki_rsa.c
+++ b/libssh/tests/unittests/torture_threads_pki_rsa.c
@@ -133,10 +133,9 @@ static int teardown(void **state) {
     return 0;
 }
 
-static int disable_secmem(void **state)
+static void
+disable_secmem(void)
 {
-    (void) state; /*unused*/
-
 #if defined(HAVE_LIBGCRYPT)
     /* gcrypt currently is configured to use only 4kB of locked secmem
      * (see ssh_crypto_init() in src/libcrypt.c)
@@ -145,23 +144,10 @@ static int disable_secmem(void **state)
      * To avoid the expected warning, disable the secure memory.
      * */
 
-    gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
+    gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
     gcry_control(GCRYCTL_DISABLE_SECMEM);
+    gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 #endif
-
-    return 0;
-}
-
-static int enable_secmem(void **state)
-{
-    (void) state; /*unused*/
-
-#if defined(HAVE_LIBGCRYPT)
-    /* Re-enable secmem */
-    gcry_control(GCRYCTL_INIT_SECMEM, 4096);
-    gcry_control(GCRYCTL_RESUME_SECMEM_WARN);
-#endif
-    return 0;
 }
 
 static void *thread_pki_rsa_import_pubkey_file(void *threadid)
@@ -756,18 +742,21 @@ int torture_run_tests(void)
         cmocka_unit_test_setup_teardown(torture_pki_rsa_import_pubkey_file,
                                         setup_rsa_key,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_NULL_key,
-                                        setup_rsa_key,
-                                        teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64_NULL_str,
-                                        setup_rsa_key,
-                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_rsa_import_privkey_base64_NULL_key,
+            setup_rsa_key,
+            teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_rsa_import_privkey_base64_NULL_str,
+            setup_rsa_key,
+            teardown),
         cmocka_unit_test_setup_teardown(torture_pki_rsa_import_privkey_base64,
                                         setup_rsa_key,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_rsa_publickey_from_privatekey,
-                                        setup_rsa_key,
-                                        teardown),
+        cmocka_unit_test_setup_teardown(
+            torture_pki_rsa_publickey_from_privatekey,
+            setup_rsa_key,
+            teardown),
         cmocka_unit_test(torture_pki_rsa_import_privkey_base64_passphrase),
         cmocka_unit_test_setup_teardown(torture_pki_rsa_copy_cert_to_privkey,
                                         setup_rsa_key,
@@ -781,12 +770,8 @@ int torture_run_tests(void)
         cmocka_unit_test_setup_teardown(torture_pki_rsa_duplicate_key,
                                         setup_rsa_key,
                                         teardown),
-        cmocka_unit_test_setup_teardown(torture_pki_rsa_generate_key,
-                                        disable_secmem,
-                                        enable_secmem),
-        cmocka_unit_test_setup_teardown(torture_mixed,
-                                        setup_rsa_key,
-                                        teardown),
+        cmocka_unit_test(torture_pki_rsa_generate_key),
+        cmocka_unit_test_setup_teardown(torture_mixed, setup_rsa_key, teardown),
     };
 
     /*
@@ -801,6 +786,7 @@ int torture_run_tests(void)
      * If the library is statically linked, ssh_init() is not called
      * automatically
      */
+    disable_secmem();
     ssh_init();
     torture_filter_tests(tests);
     rc = cmocka_run_group_tests(tests, NULL, NULL);
diff --git a/libssh/tests/unittests/torture_tokens.c b/libssh/tests/unittests/torture_tokens.c
index 6b52b847..438538de 100644
--- a/libssh/tests/unittests/torture_tokens.c
+++ b/libssh/tests/unittests/torture_tokens.c
@@ -265,6 +265,68 @@ static void torture_append_without_duplicate(UNUSED_PARAM(void **state))
     }
 }
 
+static void torture_remove_all_matching (UNUSED_PARAM(void** state)) {
+    char *p;
+
+    p = ssh_remove_all_matching(NULL, NULL);
+    assert_null(p);
+
+    p = ssh_remove_all_matching("don't remove", NULL);
+    assert_non_null(p);
+    assert_string_equal(p, "don't remove");
+    free(p);
+
+    p = ssh_remove_all_matching("a,b,c", "b");
+    assert_non_null(p);
+    assert_string_equal(p, "a,c");
+    free(p);
+
+    p = ssh_remove_all_matching("a,b,c", "a,b");
+    assert_non_null(p);
+    assert_string_equal(p, "c");
+    free(p);
+
+    p = ssh_remove_all_matching("a,b,c", "d");
+    assert_non_null(p);
+    assert_string_equal(p, "a,b,c");
+    free(p);
+
+    p = ssh_remove_all_matching("a,b,c", "a,b,c");
+    assert_null(p);
+}
+
+static void torture_prefix_without_duplicates (UNUSED_PARAM(void** state)) {
+    char *p;
+
+    p = ssh_prefix_without_duplicates(NULL, NULL);
+    assert_null(p);
+
+    p = ssh_prefix_without_duplicates("a,b,c", NULL);
+    assert_non_null(p);
+    assert_string_equal(p, "a,b,c");
+    free(p);
+
+    p = ssh_prefix_without_duplicates("a,b,c", "a");
+    assert_non_null(p);
+    assert_string_equal(p, "a,b,c");
+    free(p);
+
+    p = ssh_prefix_without_duplicates("a,b,c", "b");
+    assert_non_null(p);
+    assert_string_equal(p, "b,a,c");
+    free(p);
+
+    p = ssh_prefix_without_duplicates("a,b,c", "x");
+    assert_non_null(p);
+    assert_string_equal(p, "x,a,b,c");
+    free(p);
+
+    p = ssh_prefix_without_duplicates("a,b,c", "c,x");
+    assert_non_null(p);
+    assert_string_equal(p, "c,x,a,b");
+    free(p);
+}
+
 
 int torture_run_tests(void)
 {
@@ -275,6 +337,8 @@ int torture_run_tests(void)
         cmocka_unit_test(torture_find_all_matching),
         cmocka_unit_test(torture_remove_duplicate),
         cmocka_unit_test(torture_append_without_duplicate),
+        cmocka_unit_test(torture_remove_all_matching),
+        cmocka_unit_test(torture_prefix_without_duplicates),
     };
 
     ssh_init();
diff --git a/libssh/tests/unittests/torture_unit_server.c b/libssh/tests/unittests/torture_unit_server.c
index ca7515ea..2fd4be72 100644
--- a/libssh/tests/unittests/torture_unit_server.c
+++ b/libssh/tests/unittests/torture_unit_server.c
@@ -10,11 +10,13 @@
 #include <signal.h>
 
 #include <libssh/libssh.h>
+#include <libssh/bind.h>
 #include "torture.h"
 #include "torture_key.h"
 
 #define TEST_SERVER_PORT 2222
 
+#if 0
 struct test_state {
     const char *hostkey;
     char *hostkey_path;
@@ -107,7 +109,7 @@ static void test_ssh_accept_interrupt(void **state)
     struct test_state *ts = (struct test_state *)*state;
     int rc;
     pthread_t client_pthread, interrupt_pthread;
-    ssh_bind sshbind;
+    ssh_bind sshbind = NULL;
     ssh_session server;
 
     /* Create server */
@@ -120,7 +122,7 @@ static void test_ssh_accept_interrupt(void **state)
     server = ssh_new();
     assert_non_null(server);
 
-    /* Send interupt in 1 second */
+    /* Send interrupt in 1 second */
     rc = pthread_create(&interrupt_pthread, NULL, int_thread, NULL);
     assert_return_code(rc, errno);
 
@@ -145,14 +147,47 @@ static void test_ssh_accept_interrupt(void **state)
     rc = pthread_join(client_pthread, NULL);
     assert_int_equal(rc, 0);
 }
+#endif
+
+
+static void test_default_hostkey_paths(void **state)
+{
+    int rc;
+    ssh_bind sshbind = NULL;
+
+    /* state not used */
+    (void)state;
+
+    /* Create server */
+    rc = ssh_init();
+    assert_int_equal(rc, 0);
+
+    sshbind = ssh_bind_new();
+    assert_non_null(sshbind);
+
+    /* This will fail because we don't have permission to import keys unless we run as root
+     * TODO: Implement some filesystem wrapper, that would allow this check to pass by
+     * reading the keys from some accessible test location */
+    ssh_bind_listen(sshbind);
+
+    assert_string_equal(sshbind->rsakey, "/etc/ssh/ssh_host_rsa_key");
+    assert_string_equal(sshbind->ecdsakey, "/etc/ssh/ssh_host_ecdsa_key");
+    assert_string_equal(sshbind->ed25519key, "/etc/ssh/ssh_host_ed25519_key");
+
+    /* Cleanup */
+    ssh_bind_free(sshbind);
+    ssh_finalize();
+}
 
 int torture_run_tests(void)
 {
     int rc;
     const struct CMUnitTest tests[] = {
+        cmocka_unit_test(test_default_hostkey_paths),
+        /* Not working correctly the signals are not testable under cmocka
         cmocka_unit_test_setup_teardown(test_ssh_accept_interrupt,
                                         setup,
-                                        teardown)
+                                        teardown) */
     };
 
     rc = cmocka_run_group_tests(tests, NULL, NULL);
diff --git a/libssh/tests/valgrind.supp b/libssh/tests/valgrind.supp
index e74d2c25..002e1e54 100644
--- a/libssh/tests/valgrind.supp
+++ b/libssh/tests/valgrind.supp
@@ -123,13 +123,6 @@
    Memcheck:Cond
    fun:SHA1_*
 }
-
-{
-   openssl_CRYPTO_leak
-   Memcheck:Leak
-   fun:*alloc
-   fun:CRYPTO_*
-}
 {
    openssl_CRYPTO_leak
    Memcheck:Cond
@@ -147,3 +140,173 @@
    fun:FIPS_mode_set
    fun:OPENSSL_init_library
 }
+# Cmocka
+{
+   This looks like leak from cmocka when the forked server is not properly terminated
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:calloc
+   ...
+   fun:_cmocka_run_group_tests
+   fun:torture_run_tests
+   fun:main
+}
+
+## libgcrypt
+{
+   Reachable allocations from libgcrypt
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_check_version
+   fun:ssh_crypto_init
+   fun:_ssh_init
+   fun:libssh_constructor
+   ...
+}
+{
+   randomize in libgcrypt keeps some memory around
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:ssh_get_random
+   ...
+}
+{
+   EC key operation allocs some reachable memory
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_pk_sign
+   ...
+}
+{
+   EC key operation allocs some reachable memory
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_pk_verify
+   ...
+}
+{
+   EC key generation allocs some reachable memory
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_pk_genkey
+   ...
+}
+# NSS
+{
+   Reachable memory from getaddrinfo
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   fun:malloc
+   fun:strdup
+   fun:_dl_load_cache_lookup
+   fun:_dl_map_object
+   fun:dl_open_worker_begin
+   fun:_dl_catch_exception
+   fun:dl_open_worker
+   fun:_dl_catch_exception
+   fun:_dl_open
+   fun:do_dlopen
+   fun:_dl_catch_exception
+   fun:_dl_catch_error
+   fun:dlerror_run
+   fun:__libc_dlopen_mode
+   fun:module_load
+   fun:__nss_module_get_function
+   fun:getaddrinfo
+   ...
+   fun:krb5_sname_to_principal
+   ...
+   fun:gss_init_sec_context
+   fun:ssh_packet_userauth_gssapi_response
+   fun:ssh_packet_process
+   fun:ssh_packet_socket_callback
+   fun:ssh_socket_pollcallback
+   fun:ssh_poll_ctx_dopoll
+   fun:ssh_handle_packets
+   fun:ssh_handle_packets_termination
+   fun:ssh_userauth_get_response
+   fun:ssh_userauth_gssapi
+   fun:torture_gssapi_auth_server_identity
+   ...
+   fun:_cmocka_run_group_tests
+   fun:torture_run_tests
+   fun:main
+}
+
+{
+   Reachable memory from getaddrinfo
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   ...
+   fun:__nss_module_get_function
+   ...
+   fun:getaddrinfo
+   ...
+   fun:krb5_sname_to_principal
+   ...
+   fun:gss_init_sec_context
+   fun:ssh_packet_userauth_gssapi_response
+   fun:ssh_packet_process
+   fun:ssh_packet_socket_callback
+   fun:ssh_socket_pollcallback
+   fun:ssh_poll_ctx_dopoll
+   fun:ssh_handle_packets
+   fun:ssh_handle_packets_termination
+   fun:ssh_userauth_get_response
+   fun:ssh_userauth_gssapi
+   fun:torture_gssapi_auth_server_identity
+   ...
+   fun:_cmocka_run_group_tests
+   fun:torture_run_tests
+   fun:main
+}
+## libkrb5
+# krb5_mcc_generate_new allocates a hashtab on a static global variable
+# It doesn't get freed.
+{
+   Reachable memory from libkrb5
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   fun:k5_hashtab_create
+   ...
+   fun:krb5_mcc_generate_new*
+}
+{
+   Error string from acquire creds in krb5
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:krb5_gss_save_error_string
+   fun:UnknownInlinedFun
+   fun:acquire_cred_context.isra.0
+   fun:acquire_cred_from.isra.0
+   fun:gss_add_cred_from
+   fun:gss_acquire_cred_from
+   ...
+   fun:gss_acquire_cred
+}
+{
+   error string from gss init sec context
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:krb5_gss_save_error_string
+   fun:UnknownInlinedFun
+   fun:krb5_gss_init_sec_context_ext
+   fun:krb5_gss_init_sec_context
+   fun:gss_init_sec_context
+}
diff --git a/requirements_dev.txt b/requirements_dev.txt
index 8bf2de5c..90c5d967 100644
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@@ -1,7 +1,6 @@
 cython
 flake8
 jinja2
-sphinx
-sphinx_rtd_theme
 pytest
 pytest-rerunfailures
+-r doc/requirements.txt
diff --git a/setup.cfg b/setup.cfg
index 9f4f8a67..9234d3a3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -12,3 +12,8 @@ max-line-length = 80
 filename = *.pyx,*.px*
 exclude = .eggs,*.egg,build
 ignore = E901,E225,E226,E227,E999
+
+[tool:pytest]
+addopts=-v --durations=10 --reruns=5
+testpaths =
+    tests
diff --git a/setup.py b/setup.py
index 99491d5e..1f993d7a 100644
--- a/setup.py
+++ b/setup.py
@@ -1,12 +1,30 @@
-import platform
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 import os
+import platform
 import sys
 from glob import glob
-from _setup_libssh import build_ssh
 
-import versioneer
 from setuptools import setup, find_packages
 
+import versioneer
+from _setup_libssh import build_ssh
+
 cpython = platform.python_implementation() == 'CPython'
 
 try:
@@ -53,7 +71,7 @@
     'boundscheck': False,
     'optimize.use_switch': True,
     'wraparound': False,
-    'language_level': 2,
+    'language_level': 3,
 }
 cython_args = {
     'cython_directives': cython_directives,
@@ -105,9 +123,9 @@
     version=versioneer.get_version(),
     cmdclass=cmdclass,
     url='https://github.com/ParallelSSH/ssh-python',
-    license='LGPLv2.1',
+    license='LGPL-2.1-only',
     author='Panos Kittenis',
-    author_email='22e889d8@opayq.com',
+    author_email='danst@tutanota.com',
     description="libssh C library bindings for Python.",
     long_description=open('README.rst').read(),
     packages=find_packages(
@@ -118,18 +136,21 @@
     include_package_data=False,
     platforms='any',
     classifiers=[
-        'Development Status :: 4 - Beta',
-        'License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)',
+        'Development Status :: 5 - Production/Stable',
         'Intended Audience :: Developers',
         'Operating System :: OS Independent',
         'Programming Language :: C',
         'Programming Language :: Python',
         'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.6',
-        'Programming Language :: Python :: 3.7',
         'Programming Language :: Python :: 3.8',
         'Programming Language :: Python :: 3.9',
         'Programming Language :: Python :: 3.10',
+        'Programming Language :: Python :: 3.11',
+        'Programming Language :: Python :: 3.12',
+        'Programming Language :: Python :: 3.13',
+        'Programming Language :: Python :: 3.14',
+        'Programming Language :: Python :: Implementation :: CPython',
+        'Programming Language :: Python :: Implementation :: PyPy',
         'Topic :: System :: Shells',
         'Topic :: System :: Networking',
         'Topic :: Software Development :: Libraries',
@@ -137,8 +158,8 @@
         'Operating System :: POSIX',
         'Operating System :: POSIX :: Linux',
         'Operating System :: POSIX :: BSD',
-        'Operating System :: MacOS :: MacOS X',
         'Operating System :: Microsoft :: Windows',
+        'Operating System :: MacOS :: MacOS X',
     ],
     ext_modules=extensions,
     package_data=package_data,
diff --git a/ssh/__init__.pxd b/ssh/__init__.pxd
index e69de29b..c1b9dac2 100644
--- a/ssh/__init__.pxd
+++ b/ssh/__init__.pxd
@@ -0,0 +1,16 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
diff --git a/ssh/__init__.py b/ssh/__init__.py
index e44e9d15..091ec25e 100644
--- a/ssh/__init__.py
+++ b/ssh/__init__.py
@@ -1,3 +1,19 @@
-from ._version import get_versions
-__version__ = get_versions()['version']
-del get_versions
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+from . import _version
+__version__ = _version.get_versions()['version']
diff --git a/ssh/_version.py b/ssh/_version.py
index 1c3945e4..4c61559c 100644
--- a/ssh/_version.py
+++ b/ssh/_version.py
@@ -5,8 +5,9 @@
 # directories (produced by setup.py build) will contain a much shorter file
 # that just contains the computed version number.
 
-# This file is released into the public domain. Generated by
-# versioneer-0.18 (https://github.com/warner/python-versioneer)
+# This file is released into the public domain.
+# Generated by versioneer-0.29
+# https://github.com/python-versioneer/python-versioneer
 
 """Git implementation of _version.py."""
 
@@ -15,9 +16,11 @@
 import re
 import subprocess
 import sys
+from typing import Any, Callable, Dict, List, Optional, Tuple
+import functools
 
 
-def get_keywords():
+def get_keywords() -> Dict[str, str]:
     """Get the keywords needed to look up the version information."""
     # these strings will be replaced by git during git-archive.
     # setup.py/versioneer.py will grep for the variable names, so they must
@@ -33,8 +36,15 @@ def get_keywords():
 class VersioneerConfig:
     """Container for Versioneer configuration parameters."""
 
+    VCS: str
+    style: str
+    tag_prefix: str
+    parentdir_prefix: str
+    versionfile_source: str
+    verbose: bool
 
-def get_config():
+
+def get_config() -> VersioneerConfig:
     """Create, populate and return the VersioneerConfig() object."""
     # these strings are filled in when 'setup.py versioneer' creates
     # _version.py
@@ -43,7 +53,7 @@ def get_config():
     cfg.style = "pep440"
     cfg.tag_prefix = ""
     cfg.parentdir_prefix = "None"
-    cfg.versionfile_source = "ssh2/_version.py"
+    cfg.versionfile_source = "ssh/_version.py"
     cfg.verbose = False
     return cfg
 
@@ -52,13 +62,13 @@ class NotThisMethod(Exception):
     """Exception raised if a method is not valid for the current scenario."""
 
 
-LONG_VERSION_PY = {}
-HANDLERS = {}
+LONG_VERSION_PY: Dict[str, str] = {}
+HANDLERS: Dict[str, Dict[str, Callable]] = {}
 
 
-def register_vcs_handler(vcs, method):  # decorator
-    """Decorator to mark a method as the handler for a particular VCS."""
-    def decorate(f):
+def register_vcs_handler(vcs: str, method: str) -> Callable:  # decorator
+    """Create decorator to mark a method as the handler of a VCS."""
+    def decorate(f: Callable) -> Callable:
         """Store f in HANDLERS[vcs][method]."""
         if vcs not in HANDLERS:
             HANDLERS[vcs] = {}
@@ -67,22 +77,35 @@ def decorate(f):
     return decorate
 
 
-def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
-                env=None):
+def run_command(
+    commands: List[str],
+    args: List[str],
+    cwd: Optional[str] = None,
+    verbose: bool = False,
+    hide_stderr: bool = False,
+    env: Optional[Dict[str, str]] = None,
+) -> Tuple[Optional[str], Optional[int]]:
     """Call the given command(s)."""
     assert isinstance(commands, list)
-    p = None
-    for c in commands:
+    process = None
+
+    popen_kwargs: Dict[str, Any] = {}
+    if sys.platform == "win32":
+        # This hides the console window if pythonw.exe is used
+        startupinfo = subprocess.STARTUPINFO()
+        startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
+        popen_kwargs["startupinfo"] = startupinfo
+
+    for command in commands:
         try:
-            dispcmd = str([c] + args)
+            dispcmd = str([command] + args)
             # remember shell=False, so use git.cmd on windows, not just git
-            p = subprocess.Popen([c] + args, cwd=cwd, env=env,
-                                 stdout=subprocess.PIPE,
-                                 stderr=(subprocess.PIPE if hide_stderr
-                                         else None))
+            process = subprocess.Popen([command] + args, cwd=cwd, env=env,
+                                       stdout=subprocess.PIPE,
+                                       stderr=(subprocess.PIPE if hide_stderr
+                                               else None), **popen_kwargs)
             break
-        except EnvironmentError:
-            e = sys.exc_info()[1]
+        except OSError as e:
             if e.errno == errno.ENOENT:
                 continue
             if verbose:
@@ -93,18 +116,20 @@ def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
         if verbose:
             print("unable to find command, tried %s" % (commands,))
         return None, None
-    stdout = p.communicate()[0].strip()
-    if sys.version_info[0] >= 3:
-        stdout = stdout.decode()
-    if p.returncode != 0:
+    stdout = process.communicate()[0].strip().decode()
+    if process.returncode != 0:
         if verbose:
             print("unable to run %s (error)" % dispcmd)
             print("stdout was %s" % stdout)
-        return None, p.returncode
-    return stdout, p.returncode
+        return None, process.returncode
+    return stdout, process.returncode
 
 
-def versions_from_parentdir(parentdir_prefix, root, verbose):
+def versions_from_parentdir(
+    parentdir_prefix: str,
+    root: str,
+    verbose: bool,
+) -> Dict[str, Any]:
     """Try to determine the version from the parent directory name.
 
     Source tarballs conventionally unpack into a directory that includes both
@@ -113,15 +138,14 @@ def versions_from_parentdir(parentdir_prefix, root, verbose):
     """
     rootdirs = []
 
-    for i in range(3):
+    for _ in range(3):
         dirname = os.path.basename(root)
         if dirname.startswith(parentdir_prefix):
             return {"version": dirname[len(parentdir_prefix):],
                     "full-revisionid": None,
                     "dirty": False, "error": None, "date": None}
-        else:
-            rootdirs.append(root)
-            root = os.path.dirname(root)  # up a level
+        rootdirs.append(root)
+        root = os.path.dirname(root)  # up a level
 
     if verbose:
         print("Tried directories %s but none started with prefix %s" %
@@ -130,41 +154,48 @@ def versions_from_parentdir(parentdir_prefix, root, verbose):
 
 
 @register_vcs_handler("git", "get_keywords")
-def git_get_keywords(versionfile_abs):
+def git_get_keywords(versionfile_abs: str) -> Dict[str, str]:
     """Extract version information from the given file."""
     # the code embedded in _version.py can just fetch the value of these
     # keywords. When used from setup.py, we don't want to import _version.py,
     # so we do it with a regexp instead. This function is not used from
     # _version.py.
-    keywords = {}
+    keywords: Dict[str, str] = {}
     try:
-        f = open(versionfile_abs, "r")
-        for line in f.readlines():
-            if line.strip().startswith("git_refnames ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["refnames"] = mo.group(1)
-            if line.strip().startswith("git_full ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["full"] = mo.group(1)
-            if line.strip().startswith("git_date ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["date"] = mo.group(1)
-        f.close()
-    except EnvironmentError:
+        with open(versionfile_abs, "r") as fobj:
+            for line in fobj:
+                if line.strip().startswith("git_refnames ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["refnames"] = mo.group(1)
+                if line.strip().startswith("git_full ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["full"] = mo.group(1)
+                if line.strip().startswith("git_date ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["date"] = mo.group(1)
+    except OSError:
         pass
     return keywords
 
 
 @register_vcs_handler("git", "keywords")
-def git_versions_from_keywords(keywords, tag_prefix, verbose):
+def git_versions_from_keywords(
+    keywords: Dict[str, str],
+    tag_prefix: str,
+    verbose: bool,
+) -> Dict[str, Any]:
     """Get version information from git keywords."""
-    if not keywords:
-        raise NotThisMethod("no keywords at all, weird")
+    if "refnames" not in keywords:
+        raise NotThisMethod("Short version file found")
     date = keywords.get("date")
     if date is not None:
+        # Use only the last line.  Previous lines may contain GPG signature
+        # information.
+        date = date.splitlines()[-1]
+
         # git-2.2.0 added "%cI", which expands to an ISO-8601 -compliant
         # datestamp. However we prefer "%ci" (which expands to an "ISO-8601
         # -like" string, which we must then edit to make compliant), because
@@ -177,11 +208,11 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         if verbose:
             print("keywords are unexpanded, not using")
         raise NotThisMethod("unexpanded keywords, not a git-archive tarball")
-    refs = set([r.strip() for r in refnames.strip("()").split(",")])
+    refs = {r.strip() for r in refnames.strip("()").split(",")}
     # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of
     # just "foo-1.0". If we see a "tag: " prefix, prefer those.
     TAG = "tag: "
-    tags = set([r[len(TAG):] for r in refs if r.startswith(TAG)])
+    tags = {r[len(TAG):] for r in refs if r.startswith(TAG)}
     if not tags:
         # Either we're using git < 1.8.3, or there really are no tags. We use
         # a heuristic: assume all version tags have a digit. The old git %d
@@ -190,7 +221,7 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         # between branches and tags. By ignoring refnames without digits, we
         # filter out many common branch names like "release" and
         # "stabilization", as well as "HEAD" and "master".
-        tags = set([r for r in refs if re.search(r'\d', r)])
+        tags = {r for r in refs if re.search(r'\d', r)}
         if verbose:
             print("discarding '%s', no digits" % ",".join(refs - tags))
     if verbose:
@@ -199,6 +230,11 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         # sorting will prefer e.g. "2.0" over "2.0rc1"
         if ref.startswith(tag_prefix):
             r = ref[len(tag_prefix):]
+            # Filter out refs that exactly match prefix or that don't start
+            # with a number once the prefix is stripped (mostly a concern
+            # when prefix is '')
+            if not re.match(r'\d', r):
+                continue
             if verbose:
                 print("picking %s" % r)
             return {"version": r,
@@ -214,7 +250,12 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
 
 
 @register_vcs_handler("git", "pieces_from_vcs")
-def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
+def git_pieces_from_vcs(
+    tag_prefix: str,
+    root: str,
+    verbose: bool,
+    runner: Callable = run_command
+) -> Dict[str, Any]:
     """Get version from 'git describe' in the root of the source tree.
 
     This only gets called if the git-archive 'subst' keywords were *not*
@@ -225,8 +266,15 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
     if sys.platform == "win32":
         GITS = ["git.cmd", "git.exe"]
 
-    out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root,
-                          hide_stderr=True)
+    # GIT_DIR can interfere with correct operation of Versioneer.
+    # It may be intended to be passed to the Versioneer-versioned project,
+    # but that should not change where we get our version from.
+    env = os.environ.copy()
+    env.pop("GIT_DIR", None)
+    runner = functools.partial(runner, env=env)
+
+    _, rc = runner(GITS, ["rev-parse", "--git-dir"], cwd=root,
+                   hide_stderr=not verbose)
     if rc != 0:
         if verbose:
             print("Directory %s not under git control" % root)
@@ -234,24 +282,57 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
 
     # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty]
     # if there isn't one, this yields HEX[-dirty] (no NUM)
-    describe_out, rc = run_command(GITS, ["describe", "--tags", "--dirty",
-                                          "--always", "--long",
-                                          "--match", "%s*" % tag_prefix],
-                                   cwd=root)
+    describe_out, rc = runner(GITS, [
+        "describe", "--tags", "--dirty", "--always", "--long",
+        "--match", f"{tag_prefix}[[:digit:]]*"
+    ], cwd=root)
     # --long was added in git-1.5.5
     if describe_out is None:
         raise NotThisMethod("'git describe' failed")
     describe_out = describe_out.strip()
-    full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root)
+    full_out, rc = runner(GITS, ["rev-parse", "HEAD"], cwd=root)
     if full_out is None:
         raise NotThisMethod("'git rev-parse' failed")
     full_out = full_out.strip()
 
-    pieces = {}
+    pieces: Dict[str, Any] = {}
     pieces["long"] = full_out
     pieces["short"] = full_out[:7]  # maybe improved later
     pieces["error"] = None
 
+    branch_name, rc = runner(GITS, ["rev-parse", "--abbrev-ref", "HEAD"],
+                             cwd=root)
+    # --abbrev-ref was added in git-1.6.3
+    if rc != 0 or branch_name is None:
+        raise NotThisMethod("'git rev-parse --abbrev-ref' returned error")
+    branch_name = branch_name.strip()
+
+    if branch_name == "HEAD":
+        # If we aren't exactly on a branch, pick a branch which represents
+        # the current commit. If all else fails, we are on a branchless
+        # commit.
+        branches, rc = runner(GITS, ["branch", "--contains"], cwd=root)
+        # --contains was added in git-1.5.4
+        if rc != 0 or branches is None:
+            raise NotThisMethod("'git branch --contains' returned error")
+        branches = branches.split("\n")
+
+        # Remove the first line if we're running detached
+        if "(" in branches[0]:
+            branches.pop(0)
+
+        # Strip off the leading "* " from the list of branches.
+        branches = [branch[2:] for branch in branches]
+        if "master" in branches:
+            branch_name = "master"
+        elif not branches:
+            branch_name = None
+        else:
+            # Pick the first branch that is returned. Good or bad.
+            branch_name = branches[0]
+
+    pieces["branch"] = branch_name
+
     # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty]
     # TAG might have hyphens.
     git_describe = describe_out
@@ -268,7 +349,7 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
         # TAG-NUM-gHEX
         mo = re.search(r'^(.+)-(\d+)-g([0-9a-f]+)$', git_describe)
         if not mo:
-            # unparseable. Maybe git-describe is misbehaving?
+            # unparsable. Maybe git-describe is misbehaving?
             pieces["error"] = ("unable to parse git-describe output: '%s'"
                                % describe_out)
             return pieces
@@ -293,26 +374,27 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
     else:
         # HEX: no tags
         pieces["closest-tag"] = None
-        count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"],
-                                    cwd=root)
-        pieces["distance"] = int(count_out)  # total number of commits
+        out, rc = runner(GITS, ["rev-list", "HEAD", "--left-right"], cwd=root)
+        pieces["distance"] = len(out.split())  # total number of commits
 
     # commit date: see ISO-8601 comment in git_versions_from_keywords()
-    date = run_command(GITS, ["show", "-s", "--format=%ci", "HEAD"],
-                       cwd=root)[0].strip()
+    date = runner(GITS, ["show", "-s", "--format=%ci", "HEAD"], cwd=root)[0].strip()
+    # Use only the last line.  Previous lines may contain GPG signature
+    # information.
+    date = date.splitlines()[-1]
     pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
 
     return pieces
 
 
-def plus_or_dot(pieces):
+def plus_or_dot(pieces: Dict[str, Any]) -> str:
     """Return a + if we don't already have one, else return a ."""
     if "+" in pieces.get("closest-tag", ""):
         return "."
     return "+"
 
 
-def render_pep440(pieces):
+def render_pep440(pieces: Dict[str, Any]) -> str:
     """Build up version string, with post-release "local version identifier".
 
     Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you
@@ -337,23 +419,71 @@ def render_pep440(pieces):
     return rendered
 
 
-def render_pep440_pre(pieces):
-    """TAG[.post.devDISTANCE] -- No -dirty.
+def render_pep440_branch(pieces: Dict[str, Any]) -> str:
+    """TAG[[.dev0]+DISTANCE.gHEX[.dirty]] .
+
+    The ".dev0" means not master branch. Note that .dev0 sorts backwards
+    (a feature branch will appear "older" than the master branch).
 
     Exceptions:
-    1: no tags. 0.post.devDISTANCE
+    1: no tags. 0[.dev0]+untagged.DISTANCE.gHEX[.dirty]
     """
     if pieces["closest-tag"]:
         rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            if pieces["branch"] != "master":
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "%d.g%s" % (pieces["distance"], pieces["short"])
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0"
+        if pieces["branch"] != "master":
+            rendered += ".dev0"
+        rendered += "+untagged.%d.g%s" % (pieces["distance"],
+                                          pieces["short"])
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def pep440_split_post(ver: str) -> Tuple[str, Optional[int]]:
+    """Split pep440 version string at the post-release segment.
+
+    Returns the release segments before the post-release and the
+    post-release version number (or -1 if no post-release segment is present).
+    """
+    vc = str.split(ver, ".post")
+    return vc[0], int(vc[1] or 0) if len(vc) == 2 else None
+
+
+def render_pep440_pre(pieces: Dict[str, Any]) -> str:
+    """TAG[.postN.devDISTANCE] -- No -dirty.
+
+    Exceptions:
+    1: no tags. 0.post0.devDISTANCE
+    """
+    if pieces["closest-tag"]:
         if pieces["distance"]:
-            rendered += ".post.dev%d" % pieces["distance"]
+            # update the post release segment
+            tag_version, post_version = pep440_split_post(pieces["closest-tag"])
+            rendered = tag_version
+            if post_version is not None:
+                rendered += ".post%d.dev%d" % (post_version + 1, pieces["distance"])
+            else:
+                rendered += ".post0.dev%d" % (pieces["distance"])
+        else:
+            # no commits, use the tag as the version
+            rendered = pieces["closest-tag"]
     else:
         # exception #1
-        rendered = "0.post.dev%d" % pieces["distance"]
+        rendered = "0.post0.dev%d" % pieces["distance"]
     return rendered
 
 
-def render_pep440_post(pieces):
+def render_pep440_post(pieces: Dict[str, Any]) -> str:
     """TAG[.postDISTANCE[.dev0]+gHEX] .
 
     The ".dev0" means dirty. Note that .dev0 sorts backwards
@@ -380,12 +510,41 @@ def render_pep440_post(pieces):
     return rendered
 
 
-def render_pep440_old(pieces):
+def render_pep440_post_branch(pieces: Dict[str, Any]) -> str:
+    """TAG[.postDISTANCE[.dev0]+gHEX[.dirty]] .
+
+    The ".dev0" means not master branch.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]+gHEX[.dirty]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%d" % pieces["distance"]
+            if pieces["branch"] != "master":
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "g%s" % pieces["short"]
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0.post%d" % pieces["distance"]
+        if pieces["branch"] != "master":
+            rendered += ".dev0"
+        rendered += "+g%s" % pieces["short"]
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def render_pep440_old(pieces: Dict[str, Any]) -> str:
     """TAG[.postDISTANCE[.dev0]] .
 
     The ".dev0" means dirty.
 
-    Eexceptions:
+    Exceptions:
     1: no tags. 0.postDISTANCE[.dev0]
     """
     if pieces["closest-tag"]:
@@ -402,7 +561,7 @@ def render_pep440_old(pieces):
     return rendered
 
 
-def render_git_describe(pieces):
+def render_git_describe(pieces: Dict[str, Any]) -> str:
     """TAG[-DISTANCE-gHEX][-dirty].
 
     Like 'git describe --tags --dirty --always'.
@@ -422,7 +581,7 @@ def render_git_describe(pieces):
     return rendered
 
 
-def render_git_describe_long(pieces):
+def render_git_describe_long(pieces: Dict[str, Any]) -> str:
     """TAG-DISTANCE-gHEX[-dirty].
 
     Like 'git describe --tags --dirty --always -long'.
@@ -442,7 +601,7 @@ def render_git_describe_long(pieces):
     return rendered
 
 
-def render(pieces, style):
+def render(pieces: Dict[str, Any], style: str) -> Dict[str, Any]:
     """Render the given version pieces into the requested style."""
     if pieces["error"]:
         return {"version": "unknown",
@@ -456,10 +615,14 @@ def render(pieces, style):
 
     if style == "pep440":
         rendered = render_pep440(pieces)
+    elif style == "pep440-branch":
+        rendered = render_pep440_branch(pieces)
     elif style == "pep440-pre":
         rendered = render_pep440_pre(pieces)
     elif style == "pep440-post":
         rendered = render_pep440_post(pieces)
+    elif style == "pep440-post-branch":
+        rendered = render_pep440_post_branch(pieces)
     elif style == "pep440-old":
         rendered = render_pep440_old(pieces)
     elif style == "git-describe":
@@ -474,7 +637,7 @@ def render(pieces, style):
             "date": pieces.get("date")}
 
 
-def get_versions():
+def get_versions() -> Dict[str, Any]:
     """Get version information or return default if unable to do so."""
     # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have
     # __file__, we can work backwards from there to the root. Some
@@ -495,7 +658,7 @@ def get_versions():
         # versionfile_source is the relative path from the top of the source
         # tree (where the .git directory might live) to this file. Invert
         # this to find the root from __file__.
-        for i in cfg.versionfile_source.split('/'):
+        for _ in cfg.versionfile_source.split('/'):
             root = os.path.dirname(root)
     except NameError:
         return {"version": "0+unknown", "full-revisionid": None,
diff --git a/ssh/c_callbacks.pxd b/ssh/c_callbacks.pxd
index 72c740da..0c02aa0d 100644
--- a/ssh/c_callbacks.pxd
+++ b/ssh/c_callbacks.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport ssh_session, ssh_channel, ssh_buffer, ssh_string, \
+from .c_ssh cimport ssh_session, ssh_channel, ssh_buffer, ssh_string, \
     uint32_t, uint8_t, ssh_key_struct, ssh_auth_callback, ssh_message
 
 cdef extern from "libssh/callbacks.h" nogil:
diff --git a/ssh/c_legacy.pxd b/ssh/c_legacy.pxd
index fa7a23ed..669ad3cb 100644
--- a/ssh/c_legacy.pxd
+++ b/ssh/c_legacy.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport ssh_session, ssh_string, ssh_message, uint32_t, \
+from .c_ssh cimport ssh_session, ssh_string, ssh_message, uint32_t, \
     ssh_keytypes_e
-from c_keys cimport ssh_private_key_struct, ssh_public_key_struct
+from .c_keys cimport ssh_private_key_struct, ssh_public_key_struct
 
 cdef extern from "libssh/legacy.h" nogil:
     ctypedef ssh_private_key_struct* ssh_private_key
diff --git a/ssh/c_sftp.pxd b/ssh/c_sftp.pxd
index 137db12f..417a2a6a 100644
--- a/ssh/c_sftp.pxd
+++ b/ssh/c_sftp.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport uint64_t, uint32_t, uint8_t, ssh_string, ssh_buffer, \
+from .c_ssh cimport uint64_t, uint32_t, uint8_t, ssh_string, ssh_buffer, \
     ssh_channel, ssh_session, timeval
 
 
diff --git a/ssh/c_ssh.pxd b/ssh/c_ssh.pxd
index a47ec687..69fa6d7d 100644
--- a/ssh/c_ssh.pxd
+++ b/ssh/c_ssh.pxd
@@ -1,18 +1,19 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.time cimport time_t
 from posix.types cimport mode_t, suseconds_t
@@ -183,6 +184,10 @@ cdef extern from "libssh/libssh.h" nogil:
         SSH_KEYTYPE_ECDSA_P384_CERT01,
         SSH_KEYTYPE_ECDSA_P521_CERT01,
         SSH_KEYTYPE_ED25519_CERT01
+    enum ssh_file_format_e:
+        SSH_FILE_FORMAT_DEFAULT
+        SSH_FILE_FORMAT_OPENSSH
+        SSH_FILE_FORMAT_PEM
     enum ssh_keycmp_e:
         SSH_KEY_CMP_PUBLIC,
         SSH_KEY_CMP_PRIVATE
@@ -264,6 +269,10 @@ cdef extern from "libssh/libssh.h" nogil:
     int ssh_channel_change_pty_size(ssh_channel channel, int cols, int rows)
     int ssh_channel_close(ssh_channel channel)
     void ssh_channel_free(ssh_channel channel)
+    int ssh_channel_get_exit_state(ssh_channel channel,
+                                   uint32_t *pexit_code,
+                                   char **pexit_signal,
+                                   int *pcore_dumped)
     int ssh_channel_get_exit_status(ssh_channel channel)
     ssh_session ssh_channel_get_session(ssh_channel channel)
     int ssh_channel_is_closed(ssh_channel channel)
@@ -438,6 +447,13 @@ cdef extern from "libssh/libssh.h" nogil:
     int ssh_pki_export_privkey_file(
         const ssh_key privkey, const char *passphrase,
         ssh_auth_callback auth_fn, void *auth_data, const char *filename)
+    int ssh_pki_export_privkey_file_format(
+        const ssh_key privkey,
+        const char *passphrase,
+        ssh_auth_callback auth_fn,
+        void *auth_data,
+        const char *filename,
+        ssh_file_format_e format)
 
     int ssh_pki_copy_cert_to_privkey(const ssh_key cert_key,
                                      ssh_key privkey)
diff --git a/ssh/c_ssh2.pxd b/ssh/c_ssh2.pxd
index 853f5aab..ba2aa234 100644
--- a/ssh/c_ssh2.pxd
+++ b/ssh/c_ssh2.pxd
@@ -1,18 +1,19 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 cdef extern from "libssh/ssh2.h" nogil:
     enum:
diff --git a/ssh/callbacks.c b/ssh/callbacks.c
index 29a070aa..5033ee20 100644
--- a/ssh/callbacks.c
+++ b/ssh/callbacks.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.callbacks",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/callbacks.pyx"
+        ]
+    },
+    "module_name": "ssh.callbacks"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
+#else
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
+#endif
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,77 +911,201 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
   float value;
   memset(&value, 0xFF, sizeof(value));
   return value;
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -756,12 +1166,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -796,140 +1202,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -941,26 +1336,172 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/callbacks.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/session.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -968,23 +1509,53 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
 struct __pyx_obj_3ssh_9callbacks_Callbacks;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -998,12 +1569,13 @@ struct __pyx_obj_3ssh_7session_Session {
  * 
  * cdef class Callbacks:             # <<<<<<<<<<<<<<
  *     cdef c_callbacks.ssh_callbacks _cb
- */
+*/
 struct __pyx_obj_3ssh_9callbacks_Callbacks {
   PyObject_HEAD
   ssh_callbacks _cb;
 };
 
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1012,42 +1584,48 @@ struct __pyx_obj_3ssh_9callbacks_Callbacks {
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1058,6 +1636,10 @@ struct __pyx_obj_3ssh_9callbacks_Callbacks {
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1069,6 +1651,57 @@ struct __pyx_obj_3ssh_9callbacks_Callbacks {
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1076,38 +1709,39 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
 #endif
 
 /* PyObjectCall.proto */
@@ -1122,39 +1756,15 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
-
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
-
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
 
 /* GetTopmostException.proto */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
 #endif
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
-#else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
-#endif
-
 /* SaveResetException.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_ExceptionSave(type, value, tb)  __Pyx__ExceptionSave(__pyx_tstate, type, value, tb)
@@ -1166,99 +1776,321 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
 #define __Pyx_ExceptionReset(type, value, tb)  PyErr_SetExcInfo(type, value, tb)
 #endif
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
 #endif
-
-/* GetException.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_GetException(type, value, tb)  __Pyx__GetException(__pyx_tstate, type, value, tb)
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
 #endif
 
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
 #else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#endif
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
 #else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
 #endif
 
-/* WriteUnraisableException.proto */
-static void __Pyx_WriteUnraisable(const char *name, int clineno,
-                                  int lineno, const char *filename,
-                                  int full_traceback, int nogil);
-
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
 
 /* ArgTypeTest.proto */
 #define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
         __Pyx__ArgTypeTest(obj, type, name, exact))
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
 
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
 #endif
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
-};
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
 #endif
-
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
+};
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
+#endif
+
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
 #define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
@@ -1286,129 +2118,251 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
 
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.c_callbacks' */
+/* Module declarations from "ssh.c_callbacks" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.stdlib" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.callbacks' */
-static PyTypeObject *__pyx_ptype_3ssh_9callbacks_Callbacks = 0;
+/* Module declarations from "ssh.callbacks" */
 static int __pyx_f_3ssh_9callbacks_auth_callback(char const *, char *, size_t, int, int, void *); /*proto*/
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.callbacks"
 extern int __pyx_module_is_main_ssh__callbacks;
 int __pyx_module_is_main_ssh__callbacks = 0;
 
-/* Implementation of 'ssh.callbacks' */
+/* Implementation of "ssh.callbacks" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_func[] = "func";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_A_D_HA[] = "\200A\330\010\014\210D\220\014\230H\240A";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_func_2[] = "__func__";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_disable[] = "disable";
+static const char __pyx_k_session[] = "session";
+static const char __pyx_k_A_a_a_gQ[] = "\200A\340\r\016\330\014\034\320\034.\250a\330\020\027\220{\240$\240a\330\010\017\320\017!\240\021\240$\240g\250Q";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_Callbacks[] = "Callbacks";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_set_userdata[] = "set_userdata";
+static const char __pyx_k_stringsource[] = "<stringsource>";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_set_callbacks[] = "set_callbacks";
+static const char __pyx_k_ssh_callbacks[] = "ssh.callbacks";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_ssh_callbacks_pyx[] = "ssh/callbacks.pyx";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_Callbacks_set_userdata[] = "Callbacks.set_userdata";
+static const char __pyx_k_Callbacks_set_callbacks[] = "Callbacks.set_callbacks";
+static const char __pyx_k_Callbacks___reduce_cython[] = "Callbacks.__reduce_cython__";
+static const char __pyx_k_Callbacks___setstate_cython[] = "Callbacks.__setstate_cython__";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_Callbacks;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self); /* proto */
 static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_4set_userdata(struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self, PyObject *__pyx_v_func); /* proto */
@@ -1416,9 +2370,183 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
 static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_8__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_10__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_9callbacks_Callbacks(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyObject *__pyx_type_3ssh_9callbacks_Callbacks;
+  PyTypeObject *__pyx_ptype_3ssh_9callbacks_Callbacks;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_codeobj_tab[4];
+  PyObject *__pyx_string_tab[42];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_Callbacks __pyx_string_tab[1]
+#define __pyx_n_u_Callbacks___reduce_cython __pyx_string_tab[2]
+#define __pyx_n_u_Callbacks___setstate_cython __pyx_string_tab[3]
+#define __pyx_n_u_Callbacks_set_callbacks __pyx_string_tab[4]
+#define __pyx_n_u_Callbacks_set_userdata __pyx_string_tab[5]
+#define __pyx_n_u_MemoryError __pyx_string_tab[6]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[7]
+#define __pyx_n_u_TypeError __pyx_string_tab[8]
+#define __pyx_kp_u_add_note __pyx_string_tab[9]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[10]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[11]
+#define __pyx_kp_u_disable __pyx_string_tab[12]
+#define __pyx_kp_u_enable __pyx_string_tab[13]
+#define __pyx_n_u_func __pyx_string_tab[14]
+#define __pyx_n_u_func_2 __pyx_string_tab[15]
+#define __pyx_kp_u_gc __pyx_string_tab[16]
+#define __pyx_n_u_getstate __pyx_string_tab[17]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[18]
+#define __pyx_kp_u_isenabled __pyx_string_tab[19]
+#define __pyx_n_u_main __pyx_string_tab[20]
+#define __pyx_n_u_module __pyx_string_tab[21]
+#define __pyx_n_u_name __pyx_string_tab[22]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[23]
+#define __pyx_n_u_pop __pyx_string_tab[24]
+#define __pyx_n_u_pyx_state __pyx_string_tab[25]
+#define __pyx_n_u_qualname __pyx_string_tab[26]
+#define __pyx_n_u_rc __pyx_string_tab[27]
+#define __pyx_n_u_reduce __pyx_string_tab[28]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[29]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[30]
+#define __pyx_n_u_self __pyx_string_tab[31]
+#define __pyx_n_u_session __pyx_string_tab[32]
+#define __pyx_n_u_set_callbacks __pyx_string_tab[33]
+#define __pyx_n_u_set_name __pyx_string_tab[34]
+#define __pyx_n_u_set_userdata __pyx_string_tab[35]
+#define __pyx_n_u_setstate __pyx_string_tab[36]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[37]
+#define __pyx_n_u_ssh_callbacks __pyx_string_tab[38]
+#define __pyx_kp_u_ssh_callbacks_pyx __pyx_string_tab[39]
+#define __pyx_kp_u_stringsource __pyx_string_tab[40]
+#define __pyx_n_u_test __pyx_string_tab[41]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9callbacks_Callbacks);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_9callbacks_Callbacks);
+  for (int i=0; i<4; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<42; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9callbacks_Callbacks);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_9callbacks_Callbacks);
+  for (int i=0; i<4; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<42; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/callbacks.pyx":27
  * 
@@ -1426,7 +2554,7 @@ static PyObject *__pyx_tuple__2;
  * cdef int auth_callback(const char *prompt, char *buf, size_t len,             # <<<<<<<<<<<<<<
  *                        int echo, int verify, void *userdata):
  *     try:
- */
+*/
 
 static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx_v_prompt, CYTHON_UNUSED char *__pyx_v_buf, CYTHON_UNUSED size_t __pyx_v_len, CYTHON_UNUSED int __pyx_v_echo, CYTHON_UNUSED int __pyx_v_verify, void *__pyx_v_userdata) {
   PyObject *__pyx_v_func = NULL;
@@ -1438,7 +2566,8 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
-  int __pyx_t_7;
+  size_t __pyx_t_7;
+  int __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1450,7 +2579,7 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *     try:             # <<<<<<<<<<<<<<
  *         func = <object>userdata
  *         return func()
- */
+*/
   {
     __Pyx_PyThreadState_declare
     __Pyx_PyThreadState_assign
@@ -1466,7 +2595,7 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *         func = <object>userdata             # <<<<<<<<<<<<<<
  *         return func()
  *     except Exception:
- */
+*/
       __pyx_t_4 = ((PyObject *)__pyx_v_userdata);
       __Pyx_INCREF(__pyx_t_4);
       __pyx_v_func = __pyx_t_4;
@@ -1478,26 +2607,33 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *         return func()             # <<<<<<<<<<<<<<
  *     except Exception:
  *         # TODO - pass back exception
- */
+*/
+      __pyx_t_5 = NULL;
       __Pyx_INCREF(__pyx_v_func);
-      __pyx_t_5 = __pyx_v_func; __pyx_t_6 = NULL;
-      if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_5))) {
-        __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_5);
-        if (likely(__pyx_t_6)) {
-          PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_5);
-          __Pyx_INCREF(__pyx_t_6);
-          __Pyx_INCREF(function);
-          __Pyx_DECREF_SET(__pyx_t_5, function);
-        }
+      __pyx_t_6 = __pyx_v_func; 
+      __pyx_t_7 = 1;
+      #if CYTHON_UNPACK_METHODS
+      if (unlikely(PyMethod_Check(__pyx_t_6))) {
+        __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_6);
+        assert(__pyx_t_5);
+        PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_6);
+        __Pyx_INCREF(__pyx_t_5);
+        __Pyx_INCREF(__pyx__function);
+        __Pyx_DECREF_SET(__pyx_t_6, __pyx__function);
+        __pyx_t_7 = 0;
+      }
+      #endif
+      {
+        PyObject *__pyx_callargs[2] = {__pyx_t_5, NULL};
+        __pyx_t_4 = __Pyx_PyObject_FastCall(__pyx_t_6, __pyx_callargs+__pyx_t_7, (1-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+        __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+        __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+        if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 31, __pyx_L3_error)
+        __Pyx_GOTREF(__pyx_t_4);
       }
-      __pyx_t_4 = (__pyx_t_6) ? __Pyx_PyObject_CallOneArg(__pyx_t_5, __pyx_t_6) : __Pyx_PyObject_CallNoArg(__pyx_t_5);
-      __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-      if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 31, __pyx_L3_error)
-      __Pyx_GOTREF(__pyx_t_4);
-      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-      __pyx_t_7 = __Pyx_PyInt_As_int(__pyx_t_4); if (unlikely((__pyx_t_7 == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 31, __pyx_L3_error)
+      __pyx_t_8 = __Pyx_PyLong_As_int(__pyx_t_4); if (unlikely((__pyx_t_8 == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 31, __pyx_L3_error)
       __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-      __pyx_r = __pyx_t_7;
+      __pyx_r = __pyx_t_8;
       goto __pyx_L7_try_return;
 
       /* "ssh/callbacks.pyx":29
@@ -1506,7 +2642,7 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *     try:             # <<<<<<<<<<<<<<
  *         func = <object>userdata
  *         return func()
- */
+*/
     }
     __pyx_L3_error:;
     __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
@@ -1519,14 +2655,10 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *     except Exception:             # <<<<<<<<<<<<<<
  *         # TODO - pass back exception
  *         return -1
- */
-    __pyx_t_7 = __Pyx_PyErr_ExceptionMatches(((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-    if (__pyx_t_7) {
-      __Pyx_AddTraceback("ssh.callbacks.auth_callback", __pyx_clineno, __pyx_lineno, __pyx_filename);
-      if (__Pyx_GetException(&__pyx_t_4, &__pyx_t_5, &__pyx_t_6) < 0) __PYX_ERR(0, 32, __pyx_L5_except_error)
-      __Pyx_GOTREF(__pyx_t_4);
-      __Pyx_GOTREF(__pyx_t_5);
-      __Pyx_GOTREF(__pyx_t_6);
+*/
+    __pyx_t_8 = __Pyx_PyErr_ExceptionMatches(((PyObject *)(((PyTypeObject*)PyExc_Exception))));
+    if (__pyx_t_8) {
+      __Pyx_ErrRestore(0,0,0);
 
       /* "ssh/callbacks.pyx":34
  *     except Exception:
@@ -1534,15 +2666,11 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *         return -1             # <<<<<<<<<<<<<<
  *     # ssh_getpass(prompt, buf, len, echo, verify);
  * 
- */
+*/
       __pyx_r = -1;
-      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
       goto __pyx_L6_except_return;
     }
     goto __pyx_L5_except_error;
-    __pyx_L5_except_error:;
 
     /* "ssh/callbacks.pyx":29
  * cdef int auth_callback(const char *prompt, char *buf, size_t len,
@@ -1550,7 +2678,8 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *     try:             # <<<<<<<<<<<<<<
  *         func = <object>userdata
  *         return func()
- */
+*/
+    __pyx_L5_except_error:;
     __Pyx_XGIVEREF(__pyx_t_1);
     __Pyx_XGIVEREF(__pyx_t_2);
     __Pyx_XGIVEREF(__pyx_t_3);
@@ -1576,15 +2705,15 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  * cdef int auth_callback(const char *prompt, char *buf, size_t len,             # <<<<<<<<<<<<<<
  *                        int echo, int verify, void *userdata):
  *     try:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_4);
   __Pyx_XDECREF(__pyx_t_5);
   __Pyx_XDECREF(__pyx_t_6);
-  __Pyx_WriteUnraisable("ssh.callbacks.auth_callback", __pyx_clineno, __pyx_lineno, __pyx_filename, 1, 0);
-  __pyx_r = 0;
+  __Pyx_AddTraceback("ssh.callbacks.auth_callback", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = -1;
   __pyx_L0:;
   __Pyx_XDECREF(__pyx_v_func);
   __Pyx_RefNannyFinishContext();
@@ -1597,17 +2726,26 @@ static int __pyx_f_3ssh_9callbacks_auth_callback(CYTHON_UNUSED char const *__pyx
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._cb = <c_callbacks.ssh_callbacks>malloc(
  *             sizeof(c_callbacks.ssh_callbacks_struct))
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_9callbacks_9Callbacks_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_9callbacks_9Callbacks_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self));
 
   /* function exit code */
@@ -1617,12 +2755,10 @@ static int __pyx_pw_3ssh_9callbacks_9Callbacks_1__cinit__(PyObject *__pyx_v_self
 
 static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/callbacks.pyx":41
  * 
@@ -1630,7 +2766,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *         self._cb = <c_callbacks.ssh_callbacks>malloc(             # <<<<<<<<<<<<<<
  *             sizeof(c_callbacks.ssh_callbacks_struct))
  *         if self._cb is NULL:
- */
+*/
   __pyx_v_self->_cb = ((ssh_callbacks)malloc((sizeof(struct ssh_callbacks_struct))));
 
   /* "ssh/callbacks.pyx":43
@@ -1639,8 +2775,8 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *         if self._cb is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  *         memset(self._cb, 0, sizeof(c_callbacks.ssh_callbacks_struct))
- */
-  __pyx_t_1 = ((__pyx_v_self->_cb == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_cb == NULL);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/callbacks.pyx":44
@@ -1649,7 +2785,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *             raise MemoryError             # <<<<<<<<<<<<<<
  *         memset(self._cb, 0, sizeof(c_callbacks.ssh_callbacks_struct))
  *         c_callbacks.ssh_callbacks_init(self._cb)
- */
+*/
     PyErr_NoMemory(); __PYX_ERR(0, 44, __pyx_L1_error)
 
     /* "ssh/callbacks.pyx":43
@@ -1658,7 +2794,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *         if self._cb is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  *         memset(self._cb, 0, sizeof(c_callbacks.ssh_callbacks_struct))
- */
+*/
   }
 
   /* "ssh/callbacks.pyx":45
@@ -1667,7 +2803,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *         memset(self._cb, 0, sizeof(c_callbacks.ssh_callbacks_struct))             # <<<<<<<<<<<<<<
  *         c_callbacks.ssh_callbacks_init(self._cb)
  *         # self._cb.userdata = NULL
- */
+*/
   (void)(memset(__pyx_v_self->_cb, 0, (sizeof(struct ssh_callbacks_struct))));
 
   /* "ssh/callbacks.pyx":46
@@ -1676,7 +2812,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *         c_callbacks.ssh_callbacks_init(self._cb)             # <<<<<<<<<<<<<<
  *         # self._cb.userdata = NULL
  *         self._cb.auth_function = <c_callbacks.ssh_auth_callback>&auth_callback
- */
+*/
   ssh_callbacks_init(__pyx_v_self->_cb);
 
   /* "ssh/callbacks.pyx":48
@@ -1685,7 +2821,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *         self._cb.auth_function = <c_callbacks.ssh_auth_callback>&auth_callback             # <<<<<<<<<<<<<<
  *         # self._cb.log_function = NULL
  *         # self._cb.connect_status_function = NULL
- */
+*/
   __pyx_v_self->_cb->auth_function = ((ssh_auth_callback)(&__pyx_f_3ssh_9callbacks_auth_callback));
 
   /* "ssh/callbacks.pyx":40
@@ -1694,7 +2830,7 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._cb = <c_callbacks.ssh_callbacks>malloc(
  *             sizeof(c_callbacks.ssh_callbacks_struct))
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
@@ -1703,7 +2839,6 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
   __Pyx_AddTraceback("ssh.callbacks.Callbacks.__cinit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = -1;
   __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
@@ -1713,13 +2848,15 @@ static int __pyx_pf_3ssh_9callbacks_9Callbacks___cinit__(struct __pyx_obj_3ssh_9
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._cb is not NULL:
  *             free(self._cb)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_9callbacks_9Callbacks_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_9callbacks_9Callbacks_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self));
 
   /* function exit code */
@@ -1727,9 +2864,7 @@ static void __pyx_pw_3ssh_9callbacks_9Callbacks_3__dealloc__(PyObject *__pyx_v_s
 }
 
 static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/callbacks.pyx":56
  * 
@@ -1737,8 +2872,8 @@ static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3s
  *         if self._cb is not NULL:             # <<<<<<<<<<<<<<
  *             free(self._cb)
  *             self._cb = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_cb != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_cb != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/callbacks.pyx":57
@@ -1747,7 +2882,7 @@ static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3s
  *             free(self._cb)             # <<<<<<<<<<<<<<
  *             self._cb = NULL
  * 
- */
+*/
     free(__pyx_v_self->_cb);
 
     /* "ssh/callbacks.pyx":58
@@ -1756,7 +2891,7 @@ static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3s
  *             self._cb = NULL             # <<<<<<<<<<<<<<
  * 
  *     def set_userdata(self, func not None):
- */
+*/
     __pyx_v_self->_cb = NULL;
 
     /* "ssh/callbacks.pyx":56
@@ -1765,7 +2900,7 @@ static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3s
  *         if self._cb is not NULL:             # <<<<<<<<<<<<<<
  *             free(self._cb)
  *             self._cb = NULL
- */
+*/
   }
 
   /* "ssh/callbacks.pyx":55
@@ -1774,10 +2909,9 @@ static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3s
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._cb is not NULL:
  *             free(self._cb)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
 /* "ssh/callbacks.pyx":60
@@ -1786,28 +2920,102 @@ static void __pyx_pf_3ssh_9callbacks_9Callbacks_2__dealloc__(struct __pyx_obj_3s
  *     def set_userdata(self, func not None):             # <<<<<<<<<<<<<<
  *         self._cb.userdata = <void *>func
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata(PyObject *__pyx_v_self, PyObject *__pyx_v_func); /*proto*/
-static char __pyx_doc_3ssh_9callbacks_9Callbacks_4set_userdata[] = "Callbacks.set_userdata(self, func)";
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata(PyObject *__pyx_v_self, PyObject *__pyx_v_func) {
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9callbacks_9Callbacks_4set_userdata, "Callbacks.set_userdata(self, func)");
+static PyMethodDef __pyx_mdef_3ssh_9callbacks_9Callbacks_5set_userdata = {"set_userdata", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_4set_userdata};
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_func = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_userdata (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_func,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 60, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 60, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_userdata", 0) < 0) __PYX_ERR(0, 60, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_userdata", 1, 1, 1, i); __PYX_ERR(0, 60, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 60, __pyx_L3_error)
+    }
+    __pyx_v_func = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_userdata", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 60, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.callbacks.Callbacks.set_userdata", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_func) == Py_None)) {
     PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "func"); __PYX_ERR(0, 60, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_4set_userdata(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self), ((PyObject *)__pyx_v_func));
+  __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_4set_userdata(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self), __pyx_v_func);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1823,7 +3031,7 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_4set_userdata(struct __pyx_
  *         self._cb.userdata = <void *>func             # <<<<<<<<<<<<<<
  * 
  *     def set_callbacks(self, Session session not None):
- */
+*/
   __pyx_v_self->_cb->userdata = ((void *)__pyx_v_func);
 
   /* "ssh/callbacks.pyx":60
@@ -1832,7 +3040,7 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_4set_userdata(struct __pyx_
  *     def set_userdata(self, func not None):             # <<<<<<<<<<<<<<
  *         self._cb.userdata = <void *>func
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -1847,26 +3055,100 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_4set_userdata(struct __pyx_
  *     def set_callbacks(self, Session session not None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks(PyObject *__pyx_v_self, PyObject *__pyx_v_session); /*proto*/
-static char __pyx_doc_3ssh_9callbacks_9Callbacks_6set_callbacks[] = "Callbacks.set_callbacks(self, Session session)";
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks(PyObject *__pyx_v_self, PyObject *__pyx_v_session) {
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9callbacks_9Callbacks_6set_callbacks, "Callbacks.set_callbacks(self, Session session)");
+static PyMethodDef __pyx_mdef_3ssh_9callbacks_9Callbacks_7set_callbacks = {"set_callbacks", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_6set_callbacks};
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7session_Session *__pyx_v_session = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_callbacks (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_ptype_3ssh_7session_Session, 0, "session", 0))) __PYX_ERR(0, 63, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self), ((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_session));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_session,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 63, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 63, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_callbacks", 0) < 0) __PYX_ERR(0, 63, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_callbacks", 1, 1, 1, i); __PYX_ERR(0, 63, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 63, __pyx_L3_error)
+    }
+    __pyx_v_session = ((struct __pyx_obj_3ssh_7session_Session *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_callbacks", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 63, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.callbacks.Callbacks.set_callbacks", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, 0, "session", 0))) __PYX_ERR(0, 63, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self), __pyx_v_session);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1888,13 +3170,12 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_callbacks.ssh_set_callbacks(
  *                 session._session, self._cb)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/callbacks.pyx":66
@@ -1903,7 +3184,7 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
  *             rc = c_callbacks.ssh_set_callbacks(             # <<<<<<<<<<<<<<
  *                 session._session, self._cb)
  *         return handle_error_codes(rc, session._session)
- */
+*/
         __pyx_v_rc = ssh_set_callbacks(__pyx_v_session->_session, __pyx_v_self->_cb);
       }
 
@@ -1913,13 +3194,11 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_callbacks.ssh_set_callbacks(
  *                 session._session, self._cb)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -1930,10 +3209,10 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
  *             rc = c_callbacks.ssh_set_callbacks(
  *                 session._session, self._cb)
  *         return handle_error_codes(rc, session._session)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 68, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 68, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 68, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -1945,7 +3224,7 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
  *     def set_callbacks(self, Session session not None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1960,17 +3239,46 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_6set_callbacks(struct __pyx
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_9callbacks_9Callbacks_8__reduce_cython__[] = "Callbacks.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9callbacks_9Callbacks_8__reduce_cython__, "Callbacks.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_9callbacks_9Callbacks_9__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_8__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_8__reduce_cython__(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self));
 
   /* function exit code */
@@ -1981,7 +3289,6 @@ static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__(PyObject
 static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_8__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1989,25 +3296,21 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_8__reduce_cython__(CYTHON_U
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.callbacks.Callbacks.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2017,21 +3320,93 @@ static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_8__reduce_cython__(CYTHON_U
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_9callbacks_9Callbacks_10__setstate_cython__[] = "Callbacks.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9callbacks_9Callbacks_10__setstate_cython__, "Callbacks.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_9callbacks_9Callbacks_11__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_10__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_10__setstate_cython__(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.callbacks.Callbacks.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_9callbacks_9Callbacks_10__setstate_cython__(((struct __pyx_obj_3ssh_9callbacks_Callbacks *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2039,49 +3414,50 @@ static PyObject *__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_9callbacks_9Callbacks_10__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_9callbacks_Callbacks *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.callbacks.Callbacks.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 
 static PyObject *__pyx_tp_new_3ssh_9callbacks_Callbacks(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_9callbacks_9Callbacks_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  #endif
+  if (unlikely(__pyx_pw_3ssh_9callbacks_9Callbacks_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -2090,8 +3466,10 @@ static PyObject *__pyx_tp_new_3ssh_9callbacks_Callbacks(PyTypeObject *t, CYTHON_
 
 static void __pyx_tp_dealloc_3ssh_9callbacks_Callbacks(PyObject *o) {
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && (!PyType_IS_GC(Py_TYPE(o)) || !_PyGC_FINALIZED(o))) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && (!PyType_IS_GC(Py_TYPE(o)) || !__Pyx_PyObject_GC_IsFinalized(o))) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_9callbacks_Callbacks) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   {
@@ -2102,20 +3480,42 @@ static void __pyx_tp_dealloc_3ssh_9callbacks_Callbacks(PyObject *o) {
     __Pyx_SET_REFCNT(o, Py_REFCNT(o) - 1);
     PyErr_Restore(etype, eval, etb);
   }
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static PyMethodDef __pyx_methods_3ssh_9callbacks_Callbacks[] = {
-  {"set_userdata", (PyCFunction)__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata, METH_O, __pyx_doc_3ssh_9callbacks_9Callbacks_4set_userdata},
-  {"set_callbacks", (PyCFunction)__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks, METH_O, __pyx_doc_3ssh_9callbacks_9Callbacks_6set_callbacks},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_9callbacks_9Callbacks_8__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__, METH_O, __pyx_doc_3ssh_9callbacks_9Callbacks_10__setstate_cython__},
+  {"set_userdata", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_5set_userdata, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_4set_userdata},
+  {"set_callbacks", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_7set_callbacks, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_6set_callbacks},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_9__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_8__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9callbacks_9Callbacks_11__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9callbacks_9Callbacks_10__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_9callbacks_Callbacks_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_9callbacks_Callbacks},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_9callbacks_Callbacks},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_9callbacks_Callbacks},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_9callbacks_Callbacks_spec = {
+  "ssh.callbacks.Callbacks",
+  sizeof(struct __pyx_obj_3ssh_9callbacks_Callbacks),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_9callbacks_Callbacks_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_9callbacks_Callbacks = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.callbacks.Callbacks", /*tp_name*/
+  "ssh.callbacks.""Callbacks", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_9callbacks_Callbacks), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_9callbacks_Callbacks, /*tp_dealloc*/
@@ -2127,12 +3527,7 @@ static PyTypeObject __pyx_type_3ssh_9callbacks_Callbacks = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -2158,7 +3553,9 @@ static PyTypeObject __pyx_type_3ssh_9callbacks_Callbacks = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_9callbacks_Callbacks, /*tp_new*/
@@ -2171,175 +3568,100 @@ static PyTypeObject __pyx_type_3ssh_9callbacks_Callbacks = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyMethodDef __pyx_methods[] = {
   {0, 0, 0, 0}
 };
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
+  /*--- Global init code ---*/
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
 
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_callbacks(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_callbacks},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "callbacks",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
-  #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
-  #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
-
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_Callbacks, __pyx_k_Callbacks, sizeof(__pyx_k_Callbacks), 0, 0, 1, 1},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 44, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
-  /*--- Global init code ---*/
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
-
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
   /*--- Type init code ---*/
-  if (PyType_Ready(&__pyx_type_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_9callbacks_Callbacks.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_9callbacks_Callbacks_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks)) __PYX_ERR(0, 38, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_9callbacks_Callbacks_spec, __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks = &__pyx_type_3ssh_9callbacks_Callbacks;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_9callbacks_Callbacks.tp_dictoffset && __pyx_type_3ssh_9callbacks_Callbacks.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_9callbacks_Callbacks.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Callbacks, (PyObject *)&__pyx_type_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
-  __pyx_ptype_3ssh_9callbacks_Callbacks = &__pyx_type_3ssh_9callbacks_Callbacks;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Callbacks, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_9callbacks_Callbacks) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -2347,8 +3669,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -2357,8 +3680,15 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -2368,16 +3698,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -2386,7 +3718,7 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -2396,50 +3728,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_callbacks(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_callbacks},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "callbacks",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initcallbacks(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initcallbacks(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_callbacks(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_callbacks(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -2447,7 +3850,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -2462,10 +3867,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -2488,9 +3896,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_callbacks(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2501,9 +3914,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_callbacks(PyObject *__pyx_pyinit_m
     PyErr_SetString(PyExc_RuntimeError, "Module 'callbacks' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "callbacks" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -2513,109 +3954,137 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_callbacks(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_callbacks", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("callbacks", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__callbacks) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.callbacks")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.callbacks", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.callbacks", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
+
+  /* "ssh/callbacks.pyx":60
+ *             self._cb = NULL
+ * 
+ *     def set_userdata(self, func not None):             # <<<<<<<<<<<<<<
+ *         self._cb.userdata = <void *>func
+ * 
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9callbacks_9Callbacks_5set_userdata, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Callbacks_set_userdata, NULL, __pyx_mstate_global->__pyx_n_u_ssh_callbacks, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 60, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9callbacks_Callbacks, __pyx_mstate_global->__pyx_n_u_set_userdata, __pyx_t_2) < 0) __PYX_ERR(0, 60, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/callbacks.pyx":63
+ *         self._cb.userdata = <void *>func
+ * 
+ *     def set_callbacks(self, Session session not None):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9callbacks_9Callbacks_7set_callbacks, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Callbacks_set_callbacks, NULL, __pyx_mstate_global->__pyx_n_u_ssh_callbacks, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9callbacks_Callbacks, __pyx_mstate_global->__pyx_n_u_set_callbacks, __pyx_t_2) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9callbacks_9Callbacks_9__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Callbacks___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_callbacks, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9callbacks_9Callbacks_11__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Callbacks___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_callbacks, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/callbacks.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.callbacks", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.callbacks");
   }
@@ -2623,12 +4092,207 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_Callbacks, sizeof(__pyx_k_Callbacks), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Callbacks */
+  {__pyx_k_Callbacks___reduce_cython, sizeof(__pyx_k_Callbacks___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Callbacks___reduce_cython */
+  {__pyx_k_Callbacks___setstate_cython, sizeof(__pyx_k_Callbacks___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Callbacks___setstate_cython */
+  {__pyx_k_Callbacks_set_callbacks, sizeof(__pyx_k_Callbacks_set_callbacks), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Callbacks_set_callbacks */
+  {__pyx_k_Callbacks_set_userdata, sizeof(__pyx_k_Callbacks_set_userdata), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Callbacks_set_userdata */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_func_2, sizeof(__pyx_k_func_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func_2 */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_session, sizeof(__pyx_k_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_session */
+  {__pyx_k_set_callbacks, sizeof(__pyx_k_set_callbacks), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_callbacks */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_set_userdata, sizeof(__pyx_k_set_userdata), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_userdata */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_ssh_callbacks, sizeof(__pyx_k_ssh_callbacks), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_callbacks */
+  {__pyx_k_ssh_callbacks_pyx, sizeof(__pyx_k_ssh_callbacks_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_callbacks_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 44, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 2;
+            unsigned int flags : 10;
+            unsigned int first_line : 6;
+            unsigned int line_table_length : 10;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 60, 13};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_func};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_callbacks_pyx, __pyx_mstate->__pyx_n_u_set_userdata, __pyx_k_A_D_HA, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 63, 36};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_session, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_callbacks_pyx, __pyx_mstate->__pyx_n_u_set_callbacks, __pyx_k_A_a_a_gQ, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -2648,37 +4312,158 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
-}
-#endif
-
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
     if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
     }
     return result;
 }
 
 /* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
                                                PyObject *globals) {
     PyFrameObject *f;
     PyThreadState *tstate = __Pyx_PyThreadState_Current;
@@ -2706,15 +4491,12 @@ static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args
     --tstate->recursion_depth;
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
     PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
     PyObject *globals = PyFunction_GET_GLOBALS(func);
     PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
     PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
     PyObject *kwdefs;
-#endif
     PyObject *kwtuple, **k;
     PyObject **d;
     Py_ssize_t nd;
@@ -2722,13 +4504,11 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
     PyObject *result;
     assert(kwargs == NULL || PyDict_Check(kwargs));
     nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
         return NULL;
     }
     if (
-#if PY_MAJOR_VERSION >= 3
             co->co_kwonlyargcount == 0 &&
-#endif
             likely(kwargs == NULL || nk == 0) &&
             co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
         if (argdefs == NULL && co->co_argcount == nargs) {
@@ -2765,9 +4545,7 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         k = NULL;
     }
     closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
     kwdefs = PyFunction_GET_KW_DEFAULTS(func);
-#endif
     if (argdefs != NULL) {
         d = &PyTuple_GET_ITEM(argdefs, 0);
         nd = Py_SIZE(argdefs);
@@ -2776,24 +4554,16 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         d = NULL;
         nd = 0;
     }
-#if PY_MAJOR_VERSION >= 3
     result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
                                args, (int)nargs,
                                k, (int)nk,
                                d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
     Py_XDECREF(kwtuple);
 done:
     Py_LeaveRecursiveCall();
     return result;
 }
 #endif
-#endif
 
 /* PyObjectCall */
 #if CYTHON_COMPILING_IN_CPYTHON
@@ -2802,7 +4572,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
     ternaryfunc call = Py_TYPE(func)->tp_call;
     if (unlikely(!call))
         return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = (*call)(func, arg, kw);
     Py_LeaveRecursiveCall();
@@ -2820,9 +4590,9 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
     PyObject *self, *result;
     PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = cfunc(self, arg);
     Py_LeaveRecursiveCall();
@@ -2835,98 +4605,112 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject
 }
 #endif
 
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
-    }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
-#else
-    if (likely(PyCFunction_Check(func)))
-#endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
-        }
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
 }
 #endif
-
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
     }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
 }
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
 #endif
-
-/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
 #if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
     }
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
-#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
         }
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
-}
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
 }
-#endif
 
 /* GetTopmostException */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem *
 __Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
 {
     _PyErr_StackItem *exc_info = tstate->exc_info;
-    while ((exc_info->exc_type == NULL || exc_info->exc_type == Py_None) &&
+    while ((exc_info->exc_value == NULL || exc_info->exc_value == Py_None) &&
            exc_info->previous_item != NULL)
     {
         exc_info = exc_info->previous_item;
@@ -2938,21 +4722,46 @@ __Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
 /* SaveResetException */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    #if CYTHON_USE_EXC_INFO_STACK
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    PyObject *exc_value = exc_info->exc_value;
+    if (exc_value == NULL || exc_value == Py_None) {
+        *value = NULL;
+        *type = NULL;
+        *tb = NULL;
+    } else {
+        *value = exc_value;
+        Py_INCREF(*value);
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        *tb = PyException_GetTraceback(exc_value);
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
     *type = exc_info->exc_type;
     *value = exc_info->exc_value;
     *tb = exc_info->exc_traceback;
-    #else
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #else
     *type = tstate->exc_type;
     *value = tstate->exc_value;
     *tb = tstate->exc_traceback;
-    #endif
     Py_XINCREF(*type);
     Py_XINCREF(*value);
     Py_XINCREF(*tb);
+  #endif
 }
 static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    PyObject *tmp_value = exc_info->exc_value;
+    exc_info->exc_value = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+  #else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     #if CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = tstate->exc_info;
@@ -2973,173 +4782,248 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+  #endif
 }
 #endif
 
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
     }
-#endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
     }
-    return 0;
+    return res;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
 }
 #endif
 
-/* GetException */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
 #endif
-{
-    PyObject *local_type, *local_value, *local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    local_type = tstate->curexc_type;
-    local_value = tstate->curexc_value;
-    local_tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-#else
-    PyErr_Fetch(&local_type, &local_value, &local_tb);
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
 #endif
-    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
-#if CYTHON_FAST_THREAD_STATE
-    if (unlikely(tstate->curexc_type))
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
 #else
-    if (unlikely(PyErr_Occurred()))
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
 #endif
-        goto bad;
-    #if PY_MAJOR_VERSION >= 3
-    if (local_tb) {
-        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
-            goto bad;
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
     #endif
-    Py_XINCREF(local_tb);
-    Py_XINCREF(local_type);
-    Py_XINCREF(local_value);
-    *type = local_type;
-    *value = local_value;
-    *tb = local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    #if CYTHON_USE_EXC_INFO_STACK
+    for (i = 0; i < n; i++)
     {
-        _PyErr_StackItem *exc_info = tstate->exc_info;
-        tmp_type = exc_info->exc_type;
-        tmp_value = exc_info->exc_value;
-        tmp_tb = exc_info->exc_traceback;
-        exc_info->exc_type = local_type;
-        exc_info->exc_value = local_value;
-        exc_info->exc_traceback = local_tb;
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
     }
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = local_type;
-    tstate->exc_value = local_value;
-    tstate->exc_traceback = local_tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
 #else
-    PyErr_SetExcInfo(local_type, local_value, local_tb);
+    nkwargs = PyTuple_GET_SIZE(kwnames);
 #endif
-    return 0;
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
 bad:
-    *type = 0;
-    *value = 0;
-    *tb = 0;
-    Py_XDECREF(local_type);
-    Py_XDECREF(local_value);
-    Py_XDECREF(local_tb);
-    return -1;
-}
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+    Py_DECREF(dict);
+    return NULL;
 }
 #endif
-
-/* WriteUnraisableException */
-static void __Pyx_WriteUnraisable(const char *name, CYTHON_UNUSED int clineno,
-                                  CYTHON_UNUSED int lineno, CYTHON_UNUSED const char *filename,
-                                  int full_traceback, CYTHON_UNUSED int nogil) {
-    PyObject *old_exc, *old_val, *old_tb;
-    PyObject *ctx;
-    __Pyx_PyThreadState_declare
-#ifdef WITH_THREAD
-    PyGILState_STATE state;
-    if (nogil)
-        state = PyGILState_Ensure();
-#ifdef _MSC_VER
-    else state = (PyGILState_STATE)-1;
-#endif
-#endif
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&old_exc, &old_val, &old_tb);
-    if (full_traceback) {
-        Py_XINCREF(old_exc);
-        Py_XINCREF(old_val);
-        Py_XINCREF(old_tb);
-        __Pyx_ErrRestore(old_exc, old_val, old_tb);
-        PyErr_PrintEx(1);
-    }
-    #if PY_MAJOR_VERSION < 3
-    ctx = PyString_FromString(name);
-    #else
-    ctx = PyUnicode_FromString(name);
-    #endif
-    __Pyx_ErrRestore(old_exc, old_val, old_tb);
-    if (!ctx) {
-        PyErr_WriteUnraisable(Py_None);
-    } else {
-        PyErr_WriteUnraisable(ctx);
-        Py_DECREF(ctx);
-    }
-#ifdef WITH_THREAD
-    if (nogil)
-        PyGILState_Release(state);
 #endif
-}
 
 /* RaiseArgTupleInvalid */
 static void __Pyx_RaiseArgtupleInvalid(
@@ -3167,120 +5051,599 @@ static void __Pyx_RaiseArgtupleInvalid(
                  (num_expected == 1) ? "" : "s", num_found);
 }
 
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
 {
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
 #if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
 #else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
         #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
+        name++;
     }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
 invalid_keyword_type:
     PyErr_Format(PyExc_TypeError,
         "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
     return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
 #endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
 invalid_keyword:
     PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
         "%s() got an unexpected keyword argument '%U'",
         function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
     #endif
-    return 0;
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
 }
 
 /* ArgTypeTest */
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
 {
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
     if (unlikely(!type)) {
         PyErr_SetString(PyExc_SystemError, "Missing type object");
         return 0;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
-    }
-    else {
+    else if (!exact) {
         if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
     }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
     PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
     return 0;
 }
 
 /* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
-    }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
-        }
-    }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
-}
-#else
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
     PyObject* owned_instance = NULL;
     if (tb == Py_None) {
@@ -3365,13 +5728,9 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
     }
     PyErr_SetObject(type, value);
     if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
         PyThreadState *tstate = __Pyx_PyThreadState_Current;
         PyObject* tmp_tb = tstate->curexc_traceback;
         if (tb != tmp_tb) {
@@ -3379,83 +5738,488 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
             tstate->curexc_traceback = tb;
             Py_XDECREF(tmp_tb);
         }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
 #endif
     }
 bad:
     Py_XDECREF(owned_instance);
     return;
 }
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
 #endif
 
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+                    type->tp_print = (printfunc) memb->offset;
 #endif
-    return NULL;
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
     PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
         }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
     }
-    return descr;
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
 }
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
 #endif
+}
 
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    return 0;
 }
 #endif
 
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
-    PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
     }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
     }
+#endif
+    return r;
+#endif
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
     return result;
 }
 
@@ -3463,7 +6227,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, P
 static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
   int ret;
   PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
   if (likely(name_attr)) {
       ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
   } else {
@@ -3488,141 +6252,1489 @@ static int __Pyx_setup_reduce(PyObject* type_obj) {
     PyObject *setstate_cython = NULL;
     PyObject *getstate = NULL;
 #if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
     if (!getstate && PyErr_Occurred()) {
         goto __PYX_BAD;
     }
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func_2);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
+    }
+#endif
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
+    }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
+#endif
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
+    }
+#endif
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
+        break;
+    default:
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
-#endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return op;
 }
-#endif
 
 /* PyDictVersioning */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -3651,29 +7763,34 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -3682,11 +7799,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -3714,130 +7832,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
     }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
-    }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -3868,7 +8052,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -3878,6 +8062,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -3902,7 +8087,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -3912,179 +8097,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -4097,8 +8340,40 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
     return (int) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4110,17 +8385,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -4128,15 +8403,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4148,17 +8495,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -4166,15 +8513,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4184,179 +8564,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -4373,7 +8811,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -4394,51 +8832,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -4469,65 +8894,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -4535,97 +8979,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -4637,25 +9217,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -4678,95 +9258,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -4805,33 +9356,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/callbacks.pxd b/ssh/callbacks.pxd
index eb097c24..8761f35a 100644
--- a/ssh/callbacks.pxd
+++ b/ssh/callbacks.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-cimport c_callbacks
+from . cimport c_callbacks
 
 
 cdef class Callbacks:
diff --git a/ssh/callbacks.pyx b/ssh/callbacks.pyx
index 83637d7f..123598d5 100644
--- a/ssh/callbacks.pyx
+++ b/ssh/callbacks.pyx
@@ -1,27 +1,28 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.stdlib cimport malloc, free
 from libc.string cimport memset
 
-from session cimport Session
-from utils cimport handle_error_codes
+from .session cimport Session
+from .utils cimport handle_error_codes
 
-from c_ssh cimport ssh_auth_callback
-cimport c_callbacks
+from .c_ssh cimport ssh_auth_callback
+from . cimport c_callbacks
 
 
 cdef int auth_callback(const char *prompt, char *buf, size_t len,
diff --git a/ssh/channel.c b/ssh/channel.c
index 224eeb19..93dc8fca 100644
--- a/ssh/channel.c
+++ b/ssh/channel.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.channel",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/channel.pyx"
+        ]
+    },
+    "module_name": "ssh.channel"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,70 +911,194 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
+#endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
   #endif
 #endif
 #include <math.h>
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -755,12 +1165,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -795,140 +1201,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -940,27 +1335,173 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/channel.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/channel.pxd",
   "ssh/session.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -973,18 +1514,48 @@ static const char *__pyx_f[] = {
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
 struct __pyx_obj_3ssh_7channel_Channel;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -999,7 +1570,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class Channel:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_channel _channel
  *     cdef Session _session
- */
+*/
 struct __pyx_obj_3ssh_7channel_Channel {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtab;
@@ -1016,12 +1587,13 @@ struct __pyx_obj_3ssh_7channel_Channel {
  * cdef class Channel:             # <<<<<<<<<<<<<<
  * 
  *     def __cinit__(self, Session session):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_7channel_Channel {
   struct __pyx_obj_3ssh_7channel_Channel *(*from_ptr)(ssh_channel, struct __pyx_obj_3ssh_7session_Session *);
 };
 static struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtabptr_3ssh_7channel_Channel;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1030,42 +1602,48 @@ static struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtabptr_3ssh_7channe
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1076,6 +1654,10 @@ static struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtabptr_3ssh_7channe
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1087,43 +1669,30 @@ static struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtabptr_3ssh_7channe
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
 #else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
 #endif
 
-/* GetBuiltinName.proto */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name);
-
-/* RaiseDoubleKeywords.proto */
-static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
-
-/* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* RaiseArgTupleInvalid.proto */
-static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
-    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
-
-/* ArgTypeTest.proto */
-#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
-        __Pyx__ArgTypeTest(obj, type, name, exact))
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
-
 /* PyThreadStateGet.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1135,7 +1704,7 @@ static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *nam
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1151,6 +1720,194 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+#else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
+
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* GetBuiltinName.proto */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name);
+
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
+
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+
+/* ArgTypeTest.proto */
+#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+        __Pyx__ArgTypeTest(obj, type, name, exact))
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
+
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
 /* GetException.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_GetException(type, value, tb)  __Pyx__GetException(__pyx_tstate, type, value, tb)
@@ -1168,7 +1925,7 @@ static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value,
 #endif
 
 /* GetTopmostException.proto */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
 #endif
 
@@ -1186,70 +1943,212 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
 #else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
 #endif
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
 #endif
 
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
 /* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
-#endif
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* PyDictVersioning.proto */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-#define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
-#define __PYX_GET_DICT_VERSION(dict)  (((PyDictObject*)(dict))->ma_version_tag)
-#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)\
-    (version_var) = __PYX_GET_DICT_VERSION(dict);\
-    (cache_var) = (value);
-#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP) {\
-    static PY_UINT64_T __pyx_dict_version = 0;\
-    static PyObject *__pyx_dict_cached_value = NULL;\
-    if (likely(__PYX_GET_DICT_VERSION(DICT) == __pyx_dict_version)) {\
-        (VAR) = __pyx_dict_cached_value;\
-    } else {\
-        (VAR) = __pyx_dict_cached_value = (LOOKUP);\
-        __pyx_dict_version = __PYX_GET_DICT_VERSION(DICT);\
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* PyDictVersioning.proto */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+#define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
+#define __PYX_GET_DICT_VERSION(dict)  (((PyDictObject*)(dict))->ma_version_tag)
+#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)\
+    (version_var) = __PYX_GET_DICT_VERSION(dict);\
+    (cache_var) = (value);
+#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP) {\
+    static PY_UINT64_T __pyx_dict_version = 0;\
+    static PyObject *__pyx_dict_cached_value = NULL;\
+    if (likely(__PYX_GET_DICT_VERSION(DICT) == __pyx_dict_version)) {\
+        (VAR) = __pyx_dict_cached_value;\
+    } else {\
+        (VAR) = __pyx_dict_cached_value = (LOOKUP);\
+        __pyx_dict_version = __PYX_GET_DICT_VERSION(DICT);\
     }\
 }
 static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj);
@@ -1262,230 +2161,778 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *);
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint32_t(uint32_t value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_7channel_Channel *__pyx_f_3ssh_7channel_7Channel_from_ptr(ssh_channel __pyx_v__chan, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
+
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.stdlib" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_to_bytes)(PyObject *); /*proto*/
 static PyObject *(*__pyx_f_3ssh_5utils_to_str)(char const *); /*proto*/
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.channel' */
-static PyTypeObject *__pyx_ptype_3ssh_7channel_Channel = 0;
+/* Module declarations from "ssh.channel" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.channel"
 extern int __pyx_module_is_main_ssh__channel;
 int __pyx_module_is_main_ssh__channel = 0;
 
-/* Implementation of 'ssh.channel' */
+/* Implementation of "ssh.channel" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_NotImplementedError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
 static const char __pyx_k_[] = "";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k__2[] = "?";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
+static const char __pyx_k_A_4[] = "\200A\330\r\016\330\021*\250!\2504\250{\270!";
+static const char __pyx_k_A_a[] = "\200A\330\010\016\210a";
+static const char __pyx_k_buf[] = "buf";
+static const char __pyx_k_cmd[] = "cmd";
 static const char __pyx_k_col[] = "col";
+static const char __pyx_k_pop[] = "pop";
 static const char __pyx_k_row[] = "row";
+static const char __pyx_k_sig[] = "sig";
+static const char __pyx_k_A_t1[] = "\200A\330\010\017\210t\2201";
+static const char __pyx_k_cbuf[] = "cbuf";
+static const char __pyx_k_chan[] = "chan";
 static const char __pyx_k_cols[] = "cols";
+static const char __pyx_k_data[] = "data";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "name";
+static const char __pyx_k_poll[] = "poll";
+static const char __pyx_k_read[] = "read";
 static const char __pyx_k_rows[] = "rows";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_size[] = "size";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_A_a_2[] = "\200A\330 !\330\010\016\210a";
+static const char __pyx_k_b_buf[] = "b_buf";
+static const char __pyx_k_b_cmd[] = "b_cmd";
+static const char __pyx_k_b_sig[] = "b_sig";
+static const char __pyx_k_b_sys[] = "b_sys";
+static const char __pyx_k_buf_2[] = "_buf";
+static const char __pyx_k_c_cmd[] = "c_cmd";
+static const char __pyx_k_c_sig[] = "c_sig";
+static const char __pyx_k_c_sys[] = "c_sys";
+static const char __pyx_k_close[] = "close";
 static const char __pyx_k_maxfd[] = "maxfd";
 static const char __pyx_k_value[] = "value";
+static const char __pyx_k_write[] = "write";
+static const char __pyx_k_b_name[] = "b_name";
+static const char __pyx_k_c_name[] = "c_name";
+static const char __pyx_k_chan_2[] = "_chan";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_is_eof[] = "is_eof";
+static const char __pyx_k_length[] = "length";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_name_2[] = "__name__";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_select[] = "select";
+static const char __pyx_k_A_0_Q_q[] = "\200A\340\r\016\330\014\030\320\0300\260\001\260\024\260Q\330\010\017\210q";
+static const char __pyx_k_A_a_t1A[] = "\200A\340\r\016\330\014\026\320\026)\250\021\250$\250a\330\010\017\210t\2201\220A";
 static const char __pyx_k_Channel[] = "Channel";
+static const char __pyx_k_b_value[] = "b_value";
+static const char __pyx_k_c_value[] = "c_value";
+static const char __pyx_k_counter[] = "counter";
+static const char __pyx_k_disable[] = "disable";
+static const char __pyx_k_is_open[] = "is_open";
 static const char __pyx_k_readfds[] = "readfds";
 static const char __pyx_k_session[] = "session";
 static const char __pyx_k_timeout[] = "timeout";
+static const char __pyx_k_A_1D_d_1[] = "\200A\340\r\016\330\014\026\320\026+\2501\250D\260\001\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_2_4q_q[] = "\200A\340\r\016\330\014\026\320\0262\260!\2604\260q\330\010\017\210q";
+static const char __pyx_k_A_4q_t1A[] = "\200A\340\r\016\330\014\026\320\026*\250!\2504\250q\330\010\017\210t\2201\220A";
+static const char __pyx_k_A_AT_s_Q[] = "\200A\340\r\016\330\014\026\320\026,\250A\250T\260\021\330\010\017\210s\220#\220Q";
+static const char __pyx_k_add_note[] = "add_note";
+static const char __pyx_k_blocking[] = "blocking";
 static const char __pyx_k_channels[] = "channels";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_open_x11[] = "open_x11";
+static const char __pyx_k_q_Kq_d_1[] = "\320\004\"\240!\340\r\016\330\014\026\320\026'\240q\250\004\250K\260q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_send_eof[] = "send_eof";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_terminal[] = "terminal";
+static const char __pyx_k_A_0_Q_d_1[] = "\200A\340\r\016\330\014\026\320\0260\260\001\260\024\260Q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_2_4_d_1[] = "\200A\340\r\016\330\014\026\320\0262\260!\2604\260{\300&\310\001\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_5Qd_d_1[] = "\200A\340\r\016\330\014\026\320\0265\260Q\260d\270!\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_at1_d_1[] = "\200A\340\r\016\330\014\026\320\026.\250a\250t\2601\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_q_A_d_1[] = "\200A\340\r\016\330\014\026\320\026/\250q\260\004\260A\330\010\017\320\017!\240\021\240$\240d\250)\2601";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_exit_code[] = "exit_code";
+static const char __pyx_k_is_closed[] = "is_closed";
 static const char __pyx_k_is_stderr[] = "is_stderr";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_subsystem[] = "subsystem";
+static const char __pyx_k_A_2_4q_d_1[] = "\200A\340\r\016\330\014\026\320\0262\260!\2604\260q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_accept_x11[] = "accept_x11";
+static const char __pyx_k_b_terminal[] = "b_terminal";
+static const char __pyx_k_c_terminal[] = "c_terminal";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
 static const char __pyx_k_remotehost[] = "remotehost";
 static const char __pyx_k_remoteport[] = "remoteport";
 static const char __pyx_k_sourcehost[] = "sourcehost";
 static const char __pyx_k_sourceport[] = "sourceport";
+static const char __pyx_k_timeout_ms[] = "timeout_ms";
+static const char __pyx_k_7q_q_Ky_d_1[] = "\320\0047\260q\340\r\016\330\014\026\320\026/\250q\330\020\024\220K\230y\250\001\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_5Q_Kq_d_1[] = "\200A\340\r\016\330\014\026\320\0265\260Q\330\020\024\220K\230q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_c_exit_code[] = "c_exit_code";
+static const char __pyx_k_exit_signal[] = "exit_signal";
+static const char __pyx_k_get_session[] = "get_session";
 static const char __pyx_k_outchannels[] = "outchannels";
+static const char __pyx_k_request_env[] = "request_env";
+static const char __pyx_k_request_pty[] = "request_pty";
+static const char __pyx_k_request_x11[] = "request_x11";
+static const char __pyx_k_set_counter[] = "set_counter";
+static const char __pyx_k_ssh_channel[] = "ssh.channel";
+static const char __pyx_k_window_size[] = "window_size";
+static const char __pyx_k_Channel_poll[] = "Channel.poll";
+static const char __pyx_k_Channel_read[] = "Channel.read";
+static const char __pyx_k_b_remotehost[] = "b_remotehost";
+static const char __pyx_k_b_sourcehost[] = "b_sourcehost";
+static const char __pyx_k_buf_tot_size[] = "buf_tot_size";
+static const char __pyx_k_c_remotehost[] = "c_remotehost";
+static const char __pyx_k_c_sourcehost[] = "c_sourcehost";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_open_forward[] = "open_forward";
+static const char __pyx_k_open_session[] = "open_session";
+static const char __pyx_k_pcore_dumped[] = "pcore_dumped";
+static const char __pyx_k_poll_timeout[] = "poll_timeout";
+static const char __pyx_k_read_timeout[] = "read_timeout";
+static const char __pyx_k_request_exec[] = "request_exec";
+static const char __pyx_k_request_sftp[] = "request_sftp";
+static const char __pyx_k_set_blocking[] = "set_blocking";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_write_stderr[] = "write_stderr";
+static const char __pyx_k_A_1_1_K_Q_d_1[] = "\200A\330\010\"\240(\250!\2501\330\010(\250\001\340\r\016\330\014\026\320\026+\2501\330\020\024\220K\230~\250Q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_Channel_close[] = "Channel.close";
+static const char __pyx_k_Channel_write[] = "Channel.write";
+static const char __pyx_k_buf_remainder[] = "buf_remainder";
+static const char __pyx_k_bytes_written[] = "bytes_written";
+static const char __pyx_k_c_exit_signal[] = "c_exit_signal";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_request_shell[] = "request_shell";
 static const char __pyx_k_screen_number[] = "screen_number";
+static const char __pyx_k_A_81A_q_Kq_d_1[] = "\200A\330\010\033\2308\2401\240A\330\010!\240\021\340\r\016\330\014\026\320\026/\250q\260\004\260K\270q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_a_31_K_5_d_1[] = "\200A\330\010 \240\010\250\001\250\021\330\010&\240a\340\r\016\330\014\026\320\0263\2601\330\020\024\220K\230|\2505\260\001\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_Channel_is_eof[] = "Channel.is_eof";
+static const char __pyx_k_Channel_select[] = "Channel.select";
+static const char __pyx_k_DA_a_K_2_a_d_1[] = "\320\004D\300A\340\r\016\330\014\026\320\026.\250a\330\020\024\220K\320\0372\260&\270\006\270a\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_c_pcore_dumped[] = "c_pcore_dumped";
+static const char __pyx_k_get_exit_state[] = "get_exit_state";
+static const char __pyx_k_A_4q_1_Q_3c_d_1[] = "\200A\340\010\013\2104\210q\330\014\023\2201\330\r\016\330\014\026\320\026(\250\001\250\024\250Q\330\010\013\2103\210c\220\021\330\014\020\220\n\230!\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_81A_4A_Kq_d_1[] = "\200A\330\010\033\2308\2401\240A\330\010!\240\021\340\r\016\330\014\026\320\0264\260A\330\020\024\220K\230q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_81A_6a_Kq_d_1[] = "\200A\330\010\033\2308\2401\240A\330\010!\240\021\340\r\016\330\014\026\320\0266\260a\330\020\024\220K\230q\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_Channel_is_open[] = "Channel.is_open";
+static const char __pyx_k_change_pty_size[] = "change_pty_size";
+static const char __pyx_k_get_exit_status[] = "get_exit_status";
+static const char __pyx_k_open_auth_agent[] = "open_auth_agent";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_ssh_channel_pyx[] = "ssh/channel.pyx";
+static const char __pyx_k_Channel_open_x11[] = "Channel.open_x11";
+static const char __pyx_k_Channel_send_eof[] = "Channel.send_eof";
+static const char __pyx_k_read_nonblocking[] = "read_nonblocking";
+static const char __pyx_k_request_pty_size[] = "request_pty_size";
+static const char __pyx_k_A_1_1_q_K_Q_a_d_1[] = "\200A\340\010\"\240(\250!\2501\330\010(\250\001\330\010\"\240(\250!\2501\330\010(\250\001\340\r\016\330\014\026\320\026/\250q\330\020\024\220K\230~\250Q\330\020\036\230a\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_A_q_0_6_A_iq_t1_q[] = "\200A\340\010'\240q\330\r\016\330\014\031\320\0310\260\001\260\024\260[\300\001\330\010\013\2106\220\023\220A\330\014\r\330\010\026\220i\230q\240\007\240t\2501\330\010\017\210q";
+static const char __pyx_k_Channel_is_closed[] = "Channel.is_closed";
+static const char __pyx_k_request_subsystem[] = "request_subsystem";
 static const char __pyx_k_single_connection[] = "single_connection";
+static const char __pyx_k_Channel_accept_x11[] = "Channel.accept_x11";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_request_auth_agent[] = "request_auth_agent";
+static const char __pyx_k_request_send_break[] = "request_send_break";
+static const char __pyx_k_Channel_get_session[] = "Channel.get_session";
+static const char __pyx_k_Channel_request_env[] = "Channel.request_env";
+static const char __pyx_k_Channel_request_pty[] = "Channel.request_pty";
+static const char __pyx_k_Channel_request_x11[] = "Channel.request_x11";
+static const char __pyx_k_Channel_set_counter[] = "Channel.set_counter";
+static const char __pyx_k_Channel_window_size[] = "Channel.window_size";
 static const char __pyx_k_NotImplementedError[] = "NotImplementedError";
+static const char __pyx_k_request_send_signal[] = "request_send_signal";
+static const char __pyx_k_Channel_open_forward[] = "Channel.open_forward";
+static const char __pyx_k_Channel_open_session[] = "Channel.open_session";
+static const char __pyx_k_Channel_poll_timeout[] = "Channel.poll_timeout";
+static const char __pyx_k_Channel_read_timeout[] = "Channel.read_timeout";
+static const char __pyx_k_Channel_request_exec[] = "Channel.request_exec";
+static const char __pyx_k_Channel_request_sftp[] = "Channel.request_sftp";
+static const char __pyx_k_Channel_set_blocking[] = "Channel.set_blocking";
+static const char __pyx_k_Channel_write_stderr[] = "Channel.write_stderr";
+static const char __pyx_k_A_HAQ_XQa_1_at_ha_d_1[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\330\010\035\230X\240Q\240a\330\010#\2401\340\r\016\330\014\026\320\026.\250a\250t\260;\270h\300a\330\010\017\320\017!\240\021\240$\240d\250)\2601";
+static const char __pyx_k_Channel_request_shell[] = "Channel.request_shell";
+static const char __pyx_k_Channel_get_exit_state[] = "Channel.get_exit_state";
+static const char __pyx_k_Channel___reduce_cython[] = "Channel.__reduce_cython__";
+static const char __pyx_k_Channel_change_pty_size[] = "Channel.change_pty_size";
+static const char __pyx_k_Channel_get_exit_status[] = "Channel.get_exit_status";
+static const char __pyx_k_Channel_open_auth_agent[] = "Channel.open_auth_agent";
+static const char __pyx_k_Channel_read_nonblocking[] = "Channel.read_nonblocking";
+static const char __pyx_k_Channel_request_pty_size[] = "Channel.request_pty_size";
+static const char __pyx_k_Channel___setstate_cython[] = "Channel.__setstate_cython__";
+static const char __pyx_k_Channel_request_subsystem[] = "Channel.request_subsystem";
+static const char __pyx_k_Channel_request_auth_agent[] = "Channel.request_auth_agent";
+static const char __pyx_k_Channel_request_send_break[] = "Channel.request_send_break";
+static const char __pyx_k_Channel_request_send_signal[] = "Channel.request_send_signal";
+static const char __pyx_k_A_86_r_5Q_1M_4t9A_A_c_3ha_D_Q[] = "\200A\360\014\000\t\"\240\021\340\010\"\240!\330\010(\250\001\360\n\000\t$\2408\2506\260\021\260-\270r\300\021\330\010\t\330\021\022\330\020\032\320\0325\260Q\330\024\030\230\013\2401\240M\260\021\260/\300\021\300!\360\006\000\r\033\320\032+\250>\270\027\300\n\310!\340\014\020\220\001\220\021\330\010\032\230!\2304\230t\2409\250A\330\010\024\220A\330\010\027\220\177\240c\250\021\330\010\013\2103\210h\220a\360\010\000\r\025\220D\230\005\230Q\330\010\020\220\013\230=\250\001";
+static const char __pyx_k_7q_86_aq_uCq_31_KvV1_s_A_d_A_d[] = "\320\0047\260q\330()\340\010\031\230\021\340\r\016\330\014\023\2208\2306\240\021\240,\250a\250q\330\014\017\210u\220C\220q\330\025\026\330\024\025\330\014\026\320\0263\2601\330\020\024\220K\230v\240V\2501\330\010\t\330\014\017\210s\220\"\220A\330\020\026\220d\230\"\230A\340\014\020\220\001\220\021\330\010\017\320\017!\240\021\240$\240d\250)\260<\270q";
+static const char __pyx_k_A_86_aq_uCq_q_KvV1_s_A_d_A_d_q[] = "\320\004+\320+A\300\021\340\010\031\230\021\340\r\016\330\014\023\2208\2306\240\021\240,\250a\250q\330\014\017\210u\220C\220q\330\025\026\330\024\025\330\014\026\320\026'\240q\250\004\250K\260v\270V\3001\330\010\t\330\014\017\210s\220\"\220A\330\020\026\220d\230\"\230A\340\014\020\220\001\220\021\330\010\017\320\017!\240\021\240$\240d\250)\260<\270q";
+static const char __pyx_k_A_81A_Cq_1_A_31_6_3b_c_1_IQ_M_1[] = "\200A\360\020\000\t\034\2308\2401\240A\330\010 \240\001\330\010,\250C\250q\260\001\330\010+\2501\330\010,\250A\340\r\016\330\014\022\220.\240\002\240!\330\020\032\320\0323\2601\330\024\030\230\013\2406\250\021\330\020\023\2203\220b\230\002\230$\230c\240\030\250\021\330\031\032\330\030\037\320\0371\260\021\330\034 \240\004\240I\250Q\330\025\030\230\010\240\001\330\024\025\330\020\030\230\001\330\020!\240\021\330\014\034\230M\250\022\2501\330\010\017\210t\2201";
+static const char __pyx_k_A_81A_Cq_1_A_A_6_3b_c_1_IQ_M_1_t[] = "\200A\360\020\000\t\034\2308\2401\240A\330\010 \240\001\330\010,\250C\250q\260\001\330\010+\2501\330\010,\250A\340\r\016\330\014\022\220.\240\002\240!\330\020\032\320\032,\250A\330\024\030\230\013\2406\250\021\330\020\023\2203\220b\230\002\230$\230c\240\030\250\021\330\031\032\330\030\037\320\0371\260\021\330\034 \240\004\240I\250Q\330\025\030\230\010\240\001\330\024\025\330\020\030\230\001\330\020!\240\021\330\014\034\230M\250\022\2501\330\010\017\210t\2201";
+static const char __pyx_k_A_C1_86_aq_uCq_q_KvV_a_s_A_d_A_d[] = "\200A\330-C\3001\340\010\031\230\021\340\r\016\330\014\023\2208\2306\240\021\240,\250a\250q\330\014\017\210u\220C\220q\330\025\026\330\024\025\330\014\026\320\026/\250q\330\020\024\220K\230v\240V\250;\260a\330\010\t\330\014\017\210s\220\"\220A\330\020\026\220d\230\"\230A\340\014\020\220\001\220\021\330\010\017\320\017!\240\021\240$\240d\250)\260<\270q";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_kp_b_;
-static PyObject *__pyx_n_s_Channel;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_NotImplementedError;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_channels;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_col;
-static PyObject *__pyx_n_s_cols;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_is_stderr;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_maxfd;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_name_2;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_outchannels;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_readfds;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_remotehost;
-static PyObject *__pyx_n_s_remoteport;
-static PyObject *__pyx_n_s_row;
-static PyObject *__pyx_n_s_rows;
-static PyObject *__pyx_n_s_screen_number;
-static PyObject *__pyx_n_s_session;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_single_connection;
-static PyObject *__pyx_n_s_size;
-static PyObject *__pyx_n_s_sourcehost;
-static PyObject *__pyx_n_s_sourceport;
-static PyObject *__pyx_n_s_terminal;
-static PyObject *__pyx_n_s_test;
-static PyObject *__pyx_n_s_timeout;
-static PyObject *__pyx_n_s_value;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_7channel_7Channel___cinit__(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session); /* proto */
 static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_7channel_7Channel_7session___get__(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_8get_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_10is_closed(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_12is_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_14is_open(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_16send_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_18request_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_20open_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_22open_forward(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_remotehost, int __pyx_v_remoteport, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_24open_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_26open_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_28accept_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout_ms); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_30poll(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_is_stderr); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_32poll_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, int __pyx_v_is_stderr); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, uint32_t __pyx_v_size, int __pyx_v_is_stderr); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_40request_env(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_name, PyObject *__pyx_v_value); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_42request_exec(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_cmd); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_44request_pty(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_46change_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_cols, int __pyx_v_rows); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_48request_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_terminal, int __pyx_v_col, int __pyx_v_row); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_50request_send_signal(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sig); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_52request_send_break(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_length); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_54request_shell(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_56request_sftp(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_58request_subsystem(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_subsystem); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_60request_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_screen_number, int __pyx_v_single_connection); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_62set_blocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_blocking); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_64set_counter(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_counter); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_66write(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_68write_stderr(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_70window_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_72select(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_channels, CYTHON_UNUSED PyObject *__pyx_v_outchannels, CYTHON_UNUSED PyObject *__pyx_v_maxfd, CYTHON_UNUSED PyObject *__pyx_v_readfds, CYTHON_UNUSED PyObject *__pyx_v_timeout); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_8get_exit_state(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_10get_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_12is_closed(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_14is_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_16is_open(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_18send_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_20request_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_22open_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_24open_forward(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_remotehost, int __pyx_v_remoteport, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_26open_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_28open_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_30accept_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout_ms); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_32poll(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_is_stderr); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_34poll_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, int __pyx_v_is_stderr); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_nonblocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_40read_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, uint32_t __pyx_v_size, int __pyx_v_is_stderr); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_42request_env(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_name, PyObject *__pyx_v_value); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_44request_exec(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_cmd); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_46request_pty(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_48change_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_cols, int __pyx_v_rows); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_50request_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_terminal, int __pyx_v_col, int __pyx_v_row); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_52request_send_signal(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sig); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_54request_send_break(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_length); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_56request_shell(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_58request_sftp(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_60request_subsystem(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_subsystem); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_62request_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_screen_number, int __pyx_v_single_connection); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_64set_blocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_blocking); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_66set_counter(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_counter); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_68write(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_70write_stderr(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_72window_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_74select(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_channels, CYTHON_UNUSED PyObject *__pyx_v_outchannels, CYTHON_UNUSED PyObject *__pyx_v_maxfd, CYTHON_UNUSED PyObject *__pyx_v_readfds, CYTHON_UNUSED PyObject *__pyx_v_timeout); /* proto */
 static PyObject *__pyx_pf_3ssh_7channel_7Channel_6closed___get__(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_74__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_76__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_76__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_78__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_7channel_Channel(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_int_0;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__3;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyObject *__pyx_type_3ssh_7channel_Channel;
+  PyTypeObject *__pyx_ptype_3ssh_7channel_Channel;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[4];
+  PyObject *__pyx_codeobj_tab[38];
+  PyObject *__pyx_string_tab[171];
+  PyObject *__pyx_int_0;
+  PyObject *__pyx_int_1048576;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_b_ __pyx_string_tab[0]
+#define __pyx_n_u_Channel __pyx_string_tab[1]
+#define __pyx_n_u_Channel___reduce_cython __pyx_string_tab[2]
+#define __pyx_n_u_Channel___setstate_cython __pyx_string_tab[3]
+#define __pyx_n_u_Channel_accept_x11 __pyx_string_tab[4]
+#define __pyx_n_u_Channel_change_pty_size __pyx_string_tab[5]
+#define __pyx_n_u_Channel_close __pyx_string_tab[6]
+#define __pyx_n_u_Channel_get_exit_state __pyx_string_tab[7]
+#define __pyx_n_u_Channel_get_exit_status __pyx_string_tab[8]
+#define __pyx_n_u_Channel_get_session __pyx_string_tab[9]
+#define __pyx_n_u_Channel_is_closed __pyx_string_tab[10]
+#define __pyx_n_u_Channel_is_eof __pyx_string_tab[11]
+#define __pyx_n_u_Channel_is_open __pyx_string_tab[12]
+#define __pyx_n_u_Channel_open_auth_agent __pyx_string_tab[13]
+#define __pyx_n_u_Channel_open_forward __pyx_string_tab[14]
+#define __pyx_n_u_Channel_open_session __pyx_string_tab[15]
+#define __pyx_n_u_Channel_open_x11 __pyx_string_tab[16]
+#define __pyx_n_u_Channel_poll __pyx_string_tab[17]
+#define __pyx_n_u_Channel_poll_timeout __pyx_string_tab[18]
+#define __pyx_n_u_Channel_read __pyx_string_tab[19]
+#define __pyx_n_u_Channel_read_nonblocking __pyx_string_tab[20]
+#define __pyx_n_u_Channel_read_timeout __pyx_string_tab[21]
+#define __pyx_n_u_Channel_request_auth_agent __pyx_string_tab[22]
+#define __pyx_n_u_Channel_request_env __pyx_string_tab[23]
+#define __pyx_n_u_Channel_request_exec __pyx_string_tab[24]
+#define __pyx_n_u_Channel_request_pty __pyx_string_tab[25]
+#define __pyx_n_u_Channel_request_pty_size __pyx_string_tab[26]
+#define __pyx_n_u_Channel_request_send_break __pyx_string_tab[27]
+#define __pyx_n_u_Channel_request_send_signal __pyx_string_tab[28]
+#define __pyx_n_u_Channel_request_sftp __pyx_string_tab[29]
+#define __pyx_n_u_Channel_request_shell __pyx_string_tab[30]
+#define __pyx_n_u_Channel_request_subsystem __pyx_string_tab[31]
+#define __pyx_n_u_Channel_request_x11 __pyx_string_tab[32]
+#define __pyx_n_u_Channel_select __pyx_string_tab[33]
+#define __pyx_n_u_Channel_send_eof __pyx_string_tab[34]
+#define __pyx_n_u_Channel_set_blocking __pyx_string_tab[35]
+#define __pyx_n_u_Channel_set_counter __pyx_string_tab[36]
+#define __pyx_n_u_Channel_window_size __pyx_string_tab[37]
+#define __pyx_n_u_Channel_write __pyx_string_tab[38]
+#define __pyx_n_u_Channel_write_stderr __pyx_string_tab[39]
+#define __pyx_n_u_MemoryError __pyx_string_tab[40]
+#define __pyx_n_u_NotImplementedError __pyx_string_tab[41]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[42]
+#define __pyx_n_u_TypeError __pyx_string_tab[43]
+#define __pyx_kp_u__2 __pyx_string_tab[44]
+#define __pyx_n_u_accept_x11 __pyx_string_tab[45]
+#define __pyx_kp_u_add_note __pyx_string_tab[46]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[47]
+#define __pyx_n_u_b_buf __pyx_string_tab[48]
+#define __pyx_n_u_b_cmd __pyx_string_tab[49]
+#define __pyx_n_u_b_name __pyx_string_tab[50]
+#define __pyx_n_u_b_remotehost __pyx_string_tab[51]
+#define __pyx_n_u_b_sig __pyx_string_tab[52]
+#define __pyx_n_u_b_sourcehost __pyx_string_tab[53]
+#define __pyx_n_u_b_sys __pyx_string_tab[54]
+#define __pyx_n_u_b_terminal __pyx_string_tab[55]
+#define __pyx_n_u_b_value __pyx_string_tab[56]
+#define __pyx_n_u_blocking __pyx_string_tab[57]
+#define __pyx_n_u_buf __pyx_string_tab[58]
+#define __pyx_n_u_buf_2 __pyx_string_tab[59]
+#define __pyx_n_u_buf_remainder __pyx_string_tab[60]
+#define __pyx_n_u_buf_tot_size __pyx_string_tab[61]
+#define __pyx_n_u_bytes_written __pyx_string_tab[62]
+#define __pyx_n_u_c_cmd __pyx_string_tab[63]
+#define __pyx_n_u_c_exit_code __pyx_string_tab[64]
+#define __pyx_n_u_c_exit_signal __pyx_string_tab[65]
+#define __pyx_n_u_c_name __pyx_string_tab[66]
+#define __pyx_n_u_c_pcore_dumped __pyx_string_tab[67]
+#define __pyx_n_u_c_remotehost __pyx_string_tab[68]
+#define __pyx_n_u_c_sig __pyx_string_tab[69]
+#define __pyx_n_u_c_sourcehost __pyx_string_tab[70]
+#define __pyx_n_u_c_sys __pyx_string_tab[71]
+#define __pyx_n_u_c_terminal __pyx_string_tab[72]
+#define __pyx_n_u_c_value __pyx_string_tab[73]
+#define __pyx_n_u_cbuf __pyx_string_tab[74]
+#define __pyx_n_u_chan __pyx_string_tab[75]
+#define __pyx_n_u_chan_2 __pyx_string_tab[76]
+#define __pyx_n_u_change_pty_size __pyx_string_tab[77]
+#define __pyx_n_u_channels __pyx_string_tab[78]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[79]
+#define __pyx_n_u_close __pyx_string_tab[80]
+#define __pyx_n_u_cmd __pyx_string_tab[81]
+#define __pyx_n_u_col __pyx_string_tab[82]
+#define __pyx_n_u_cols __pyx_string_tab[83]
+#define __pyx_n_u_counter __pyx_string_tab[84]
+#define __pyx_n_u_data __pyx_string_tab[85]
+#define __pyx_kp_u_disable __pyx_string_tab[86]
+#define __pyx_kp_u_enable __pyx_string_tab[87]
+#define __pyx_n_u_exit_code __pyx_string_tab[88]
+#define __pyx_n_u_exit_signal __pyx_string_tab[89]
+#define __pyx_n_u_func __pyx_string_tab[90]
+#define __pyx_kp_u_gc __pyx_string_tab[91]
+#define __pyx_n_u_get_exit_state __pyx_string_tab[92]
+#define __pyx_n_u_get_exit_status __pyx_string_tab[93]
+#define __pyx_n_u_get_session __pyx_string_tab[94]
+#define __pyx_n_u_getstate __pyx_string_tab[95]
+#define __pyx_n_u_is_closed __pyx_string_tab[96]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[97]
+#define __pyx_n_u_is_eof __pyx_string_tab[98]
+#define __pyx_n_u_is_open __pyx_string_tab[99]
+#define __pyx_n_u_is_stderr __pyx_string_tab[100]
+#define __pyx_kp_u_isenabled __pyx_string_tab[101]
+#define __pyx_n_u_length __pyx_string_tab[102]
+#define __pyx_n_u_main __pyx_string_tab[103]
+#define __pyx_n_u_maxfd __pyx_string_tab[104]
+#define __pyx_n_u_module __pyx_string_tab[105]
+#define __pyx_n_u_name __pyx_string_tab[106]
+#define __pyx_n_u_name_2 __pyx_string_tab[107]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[108]
+#define __pyx_n_u_open_auth_agent __pyx_string_tab[109]
+#define __pyx_n_u_open_forward __pyx_string_tab[110]
+#define __pyx_n_u_open_session __pyx_string_tab[111]
+#define __pyx_n_u_open_x11 __pyx_string_tab[112]
+#define __pyx_n_u_outchannels __pyx_string_tab[113]
+#define __pyx_n_u_pcore_dumped __pyx_string_tab[114]
+#define __pyx_n_u_poll __pyx_string_tab[115]
+#define __pyx_n_u_poll_timeout __pyx_string_tab[116]
+#define __pyx_n_u_pop __pyx_string_tab[117]
+#define __pyx_n_u_pyx_state __pyx_string_tab[118]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[119]
+#define __pyx_n_u_qualname __pyx_string_tab[120]
+#define __pyx_n_u_rc __pyx_string_tab[121]
+#define __pyx_n_u_read __pyx_string_tab[122]
+#define __pyx_n_u_read_nonblocking __pyx_string_tab[123]
+#define __pyx_n_u_read_timeout __pyx_string_tab[124]
+#define __pyx_n_u_readfds __pyx_string_tab[125]
+#define __pyx_n_u_reduce __pyx_string_tab[126]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[127]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[128]
+#define __pyx_n_u_remotehost __pyx_string_tab[129]
+#define __pyx_n_u_remoteport __pyx_string_tab[130]
+#define __pyx_n_u_request_auth_agent __pyx_string_tab[131]
+#define __pyx_n_u_request_env __pyx_string_tab[132]
+#define __pyx_n_u_request_exec __pyx_string_tab[133]
+#define __pyx_n_u_request_pty __pyx_string_tab[134]
+#define __pyx_n_u_request_pty_size __pyx_string_tab[135]
+#define __pyx_n_u_request_send_break __pyx_string_tab[136]
+#define __pyx_n_u_request_send_signal __pyx_string_tab[137]
+#define __pyx_n_u_request_sftp __pyx_string_tab[138]
+#define __pyx_n_u_request_shell __pyx_string_tab[139]
+#define __pyx_n_u_request_subsystem __pyx_string_tab[140]
+#define __pyx_n_u_request_x11 __pyx_string_tab[141]
+#define __pyx_n_u_row __pyx_string_tab[142]
+#define __pyx_n_u_rows __pyx_string_tab[143]
+#define __pyx_n_u_screen_number __pyx_string_tab[144]
+#define __pyx_n_u_select __pyx_string_tab[145]
+#define __pyx_n_u_self __pyx_string_tab[146]
+#define __pyx_n_u_send_eof __pyx_string_tab[147]
+#define __pyx_n_u_session __pyx_string_tab[148]
+#define __pyx_n_u_set_blocking __pyx_string_tab[149]
+#define __pyx_n_u_set_counter __pyx_string_tab[150]
+#define __pyx_n_u_set_name __pyx_string_tab[151]
+#define __pyx_n_u_setstate __pyx_string_tab[152]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[153]
+#define __pyx_n_u_sig __pyx_string_tab[154]
+#define __pyx_n_u_single_connection __pyx_string_tab[155]
+#define __pyx_n_u_size __pyx_string_tab[156]
+#define __pyx_n_u_sourcehost __pyx_string_tab[157]
+#define __pyx_n_u_sourceport __pyx_string_tab[158]
+#define __pyx_n_u_ssh_channel __pyx_string_tab[159]
+#define __pyx_kp_u_ssh_channel_pyx __pyx_string_tab[160]
+#define __pyx_kp_u_stringsource __pyx_string_tab[161]
+#define __pyx_n_u_subsystem __pyx_string_tab[162]
+#define __pyx_n_u_terminal __pyx_string_tab[163]
+#define __pyx_n_u_test __pyx_string_tab[164]
+#define __pyx_n_u_timeout __pyx_string_tab[165]
+#define __pyx_n_u_timeout_ms __pyx_string_tab[166]
+#define __pyx_n_u_value __pyx_string_tab[167]
+#define __pyx_n_u_window_size __pyx_string_tab[168]
+#define __pyx_n_u_write __pyx_string_tab[169]
+#define __pyx_n_u_write_stderr __pyx_string_tab[170]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7channel_Channel);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_7channel_Channel);
+  for (int i=0; i<4; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<38; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<171; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_0);
+  Py_CLEAR(clear_module_state->__pyx_int_1048576);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7channel_Channel);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_7channel_Channel);
+  for (int i=0; i<4; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<38; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<171; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_0);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_1048576);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/channel.pyx":29
  * cdef class Channel:
@@ -1493,62 +2940,82 @@ static PyObject *__pyx_tuple__3;
  *     def __cinit__(self, Session session):             # <<<<<<<<<<<<<<
  *         self.closed = False
  *         self._session = session
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_7channel_7Channel_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_7channel_7Channel_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
   struct __pyx_obj_3ssh_7session_Session *__pyx_v_session = 0;
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_session,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_session,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 29, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_VARARGS(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 29, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_session)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__cinit__", 0) < 0) __PYX_ERR(0, 29, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 1, 1, i); __PYX_ERR(0, 29, __pyx_L3_error) }
       }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "__cinit__") < 0)) __PYX_ERR(0, 29, __pyx_L3_error)
-      }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 1) {
+    } else if (unlikely(__pyx_nargs != 1)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      values[0] = __Pyx_ArgRef_VARARGS(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 29, __pyx_L3_error)
     }
     __pyx_v_session = ((struct __pyx_obj_3ssh_7session_Session *)values[0]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 1, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 29, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 29, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.__cinit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return -1;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 29, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 29, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_7channel_7Channel___cinit__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_session);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = -1;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1564,7 +3031,7 @@ static int __pyx_pf_3ssh_7channel_7Channel___cinit__(struct __pyx_obj_3ssh_7chan
  *         self.closed = False             # <<<<<<<<<<<<<<
  *         self._session = session
  * 
- */
+*/
   __pyx_v_self->closed = 0;
 
   /* "ssh/channel.pyx":31
@@ -1573,11 +3040,11 @@ static int __pyx_pf_3ssh_7channel_7Channel___cinit__(struct __pyx_obj_3ssh_7chan
  *         self._session = session             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  __Pyx_GOTREF(__pyx_v_self->_session);
-  __Pyx_DECREF(((PyObject *)__pyx_v_self->_session));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  __Pyx_GOTREF((PyObject *)__pyx_v_self->_session);
+  __Pyx_DECREF((PyObject *)__pyx_v_self->_session);
   __pyx_v_self->_session = __pyx_v_session;
 
   /* "ssh/channel.pyx":29
@@ -1586,7 +3053,7 @@ static int __pyx_pf_3ssh_7channel_7Channel___cinit__(struct __pyx_obj_3ssh_7chan
  *     def __cinit__(self, Session session):             # <<<<<<<<<<<<<<
  *         self.closed = False
  *         self._session = session
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
@@ -1600,13 +3067,15 @@ static int __pyx_pf_3ssh_7channel_7Channel___cinit__(struct __pyx_obj_3ssh_7chan
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._channel is not NULL and self._session is not None:
  *             c_ssh.ssh_channel_free(self._channel)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_7channel_7Channel_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_7channel_7Channel_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
@@ -1614,11 +3083,8 @@ static void __pyx_pw_3ssh_7channel_7Channel_3__dealloc__(PyObject *__pyx_v_self)
 }
 
 static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
   int __pyx_t_2;
-  int __pyx_t_3;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/channel.pyx":34
  * 
@@ -1626,16 +3092,15 @@ static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7
  *         if self._channel is not NULL and self._session is not None:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_channel_free(self._channel)
  *             self._channel = NULL
- */
-  __pyx_t_2 = ((__pyx_v_self->_channel != NULL) != 0);
+*/
+  __pyx_t_2 = (__pyx_v_self->_channel != NULL);
   if (__pyx_t_2) {
   } else {
     __pyx_t_1 = __pyx_t_2;
     goto __pyx_L4_bool_binop_done;
   }
   __pyx_t_2 = (((PyObject *)__pyx_v_self->_session) != Py_None);
-  __pyx_t_3 = (__pyx_t_2 != 0);
-  __pyx_t_1 = __pyx_t_3;
+  __pyx_t_1 = __pyx_t_2;
   __pyx_L4_bool_binop_done:;
   if (__pyx_t_1) {
 
@@ -1645,7 +3110,7 @@ static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7
  *             c_ssh.ssh_channel_free(self._channel)             # <<<<<<<<<<<<<<
  *             self._channel = NULL
  * 
- */
+*/
     ssh_channel_free(__pyx_v_self->_channel);
 
     /* "ssh/channel.pyx":36
@@ -1654,7 +3119,7 @@ static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7
  *             self._channel = NULL             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
     __pyx_v_self->_channel = NULL;
 
     /* "ssh/channel.pyx":34
@@ -1663,7 +3128,7 @@ static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7
  *         if self._channel is not NULL and self._session is not None:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_channel_free(self._channel)
  *             self._channel = NULL
- */
+*/
   }
 
   /* "ssh/channel.pyx":33
@@ -1672,26 +3137,27 @@ static void __pyx_pf_3ssh_7channel_7Channel_2__dealloc__(struct __pyx_obj_3ssh_7
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._channel is not NULL and self._session is not None:
  *             c_ssh.ssh_channel_free(self._channel)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/channel.pyx":39
+/* "ssh/channel.pyx":38
+ *             self._channel = NULL
  * 
- *     @property
- *     def session(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def session(self):
  *         """Originating session."""
- *         return self._session
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7channel_7Channel_7session_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_7channel_7Channel_7session_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_7channel_7Channel_7session___get__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
@@ -1710,19 +3176,19 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_7session___get__(struct __pyx_o
  *         return self._session             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->_session));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->_session);
   __pyx_r = ((PyObject *)__pyx_v_self->_session);
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":39
+  /* "ssh/channel.pyx":38
+ *             self._channel = NULL
  * 
- *     @property
- *     def session(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def session(self):
  *         """Originating session."""
- *         return self._session
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -1731,13 +3197,13 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_7session___get__(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":44
+/* "ssh/channel.pyx":43
+ *         return self._session
  * 
- *     @staticmethod
- *     cdef Channel from_ptr(c_ssh.ssh_channel _chan, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Channel from_ptr(c_ssh.ssh_channel _chan, Session session):
  *         cdef Channel chan = Channel.__new__(Channel, session)
- *         chan._channel = _chan
- */
+*/
 
 static struct __pyx_obj_3ssh_7channel_Channel *__pyx_f_3ssh_7channel_7Channel_from_ptr(ssh_channel __pyx_v__chan, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session) {
   struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_chan = 0;
@@ -1756,14 +3222,14 @@ static struct __pyx_obj_3ssh_7channel_Channel *__pyx_f_3ssh_7channel_7Channel_fr
  *         cdef Channel chan = Channel.__new__(Channel, session)             # <<<<<<<<<<<<<<
  *         chan._channel = _chan
  *         return chan
- */
+*/
   __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 45, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_session));
-  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_7channel_Channel(((PyTypeObject *)__pyx_ptype_3ssh_7channel_Channel), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_2));
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_session)) != (0)) __PYX_ERR(0, 45, __pyx_L1_error);
+  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_7channel_Channel(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_2);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_v_chan = ((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_t_2);
   __pyx_t_2 = 0;
@@ -1774,7 +3240,7 @@ static struct __pyx_obj_3ssh_7channel_Channel *__pyx_f_3ssh_7channel_7Channel_fr
  *         chan._channel = _chan             # <<<<<<<<<<<<<<
  *         return chan
  * 
- */
+*/
   __pyx_v_chan->_channel = __pyx_v__chan;
 
   /* "ssh/channel.pyx":47
@@ -1783,19 +3249,19 @@ static struct __pyx_obj_3ssh_7channel_Channel *__pyx_f_3ssh_7channel_7Channel_fr
  *         return chan             # <<<<<<<<<<<<<<
  * 
  *     def close(self):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v_chan));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v_chan);
   __pyx_r = __pyx_v_chan;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":44
+  /* "ssh/channel.pyx":43
+ *         return self._session
  * 
- *     @staticmethod
- *     cdef Channel from_ptr(c_ssh.ssh_channel _chan, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Channel from_ptr(c_ssh.ssh_channel _chan, Session session):
  *         cdef Channel chan = Channel.__new__(Channel, session)
- *         chan._channel = _chan
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1816,15 +3282,44 @@ static struct __pyx_obj_3ssh_7channel_Channel *__pyx_f_3ssh_7channel_7Channel_fr
  *     def close(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_5close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_4close[] = "Channel.close(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_5close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_5close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_4close, "Channel.close(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_5close = {"close", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_5close, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_4close};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_5close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("close (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("close", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("close", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7channel_7Channel_4close(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
@@ -1850,9 +3345,8 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
-  __pyx_t_1 = (__pyx_v_self->closed != 0);
-  if (__pyx_t_1) {
+*/
+  if (__pyx_v_self->closed) {
 
     /* "ssh/channel.pyx":52
  *         cdef int rc
@@ -1860,10 +3354,10 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *             return 0             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_channel_close(self._channel)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_INCREF(__pyx_int_0);
-    __pyx_r = __pyx_int_0;
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __pyx_r = __pyx_mstate_global->__pyx_int_0;
     goto __pyx_L0;
 
     /* "ssh/channel.pyx":51
@@ -1872,7 +3366,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
+*/
   }
 
   /* "ssh/channel.pyx":53
@@ -1881,13 +3375,12 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_close(self._channel)
  *         if rc == 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/channel.pyx":54
@@ -1896,7 +3389,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *             rc = c_ssh.ssh_channel_close(self._channel)             # <<<<<<<<<<<<<<
  *         if rc == 0:
  *             self.closed = True
- */
+*/
         __pyx_v_rc = ssh_channel_close(__pyx_v_self->_channel);
       }
 
@@ -1906,13 +3399,11 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_close(self._channel)
  *         if rc == 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
@@ -1925,8 +3416,8 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self.closed = True
  *         return handle_error_codes(rc, self._session._session)
- */
-  __pyx_t_1 = ((__pyx_v_rc == 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc == 0);
   if (__pyx_t_1) {
 
     /* "ssh/channel.pyx":56
@@ -1935,7 +3426,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *             self.closed = True             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
     __pyx_v_self->closed = 1;
 
     /* "ssh/channel.pyx":55
@@ -1944,7 +3435,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self.closed = True
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   }
 
   /* "ssh/channel.pyx":57
@@ -1953,10 +3444,10 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def get_exit_status(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 57, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 57, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
@@ -1968,7 +3459,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *     def close(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1987,15 +3478,44 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_4close(struct __pyx_obj_3ssh_7c
  *     def get_exit_status(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_7get_exit_status(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_6get_exit_status[] = "Channel.get_exit_status(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_7get_exit_status(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_7get_exit_status(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_6get_exit_status, "Channel.get_exit_status(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_7get_exit_status = {"get_exit_status", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_7get_exit_status, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_6get_exit_status};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_7get_exit_status(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_exit_status (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_exit_status", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_exit_status", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7channel_7Channel_6get_exit_status(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
@@ -2019,13 +3539,12 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_o
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_get_exit_status(self._channel)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/channel.pyx":62
@@ -2034,7 +3553,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_o
  *             rc = c_ssh.ssh_channel_get_exit_status(self._channel)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_get_exit_status(__pyx_v_self->_channel);
       }
 
@@ -2044,13 +3563,11 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_o
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_get_exit_status(self._channel)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2062,10 +3579,10 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_o
  *             rc = c_ssh.ssh_channel_get_exit_status(self._channel)
  *         return rc             # <<<<<<<<<<<<<<
  * 
- *     def get_session(self):
- */
+ *     def get_exit_state(self):
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 63, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 63, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -2077,7 +3594,7 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_o
  *     def get_exit_status(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2093,90 +3610,501 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6get_exit_status(struct __pyx_o
 /* "ssh/channel.pyx":65
  *         return rc
  * 
- *     def get_session(self):             # <<<<<<<<<<<<<<
- *         return self.session
- * 
- */
+ *     def get_exit_state(self):             # <<<<<<<<<<<<<<
+ *         """
+ *         :rtype: (int, bytes, bool)
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_9get_session(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_8get_session[] = "Channel.get_session(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_9get_session(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_9get_exit_state(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_8get_exit_state, "Channel.get_exit_state(self)\n\n:rtype: (int, bytes, bool)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_9get_exit_state = {"get_exit_state", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_9get_exit_state, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_8get_exit_state};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_9get_exit_state(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("get_session (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_8get_session(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  __Pyx_RefNannySetupContext("get_exit_state (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_exit_state", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_exit_state", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_8get_exit_state(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_8get_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_8get_exit_state(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+  int __pyx_v_rc;
+  int __pyx_v_exit_code;
+  PyObject *__pyx_v_exit_signal = 0;
+  int __pyx_v_pcore_dumped;
+  int __pyx_v_c_pcore_dumped;
+  unsigned int __pyx_v_c_exit_code;
+  char *__pyx_v_c_exit_signal;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
+  int __pyx_t_4;
+  int __pyx_t_5;
+  char const *__pyx_t_6;
+  PyObject *__pyx_t_7 = NULL;
+  PyObject *__pyx_t_8 = NULL;
+  PyObject *__pyx_t_9 = NULL;
+  PyObject *__pyx_t_10 = NULL;
+  PyObject *__pyx_t_11 = NULL;
+  PyObject *__pyx_t_12 = NULL;
+  PyObject *__pyx_t_13 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("get_session", 0);
+  __Pyx_RefNannySetupContext("get_exit_state", 0);
 
-  /* "ssh/channel.pyx":66
- * 
- *     def get_session(self):
- *         return self.session             # <<<<<<<<<<<<<<
- * 
- *     def is_closed(self):
- */
-  __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_session); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 66, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_r = __pyx_t_1;
-  __pyx_t_1 = 0;
-  goto __pyx_L0;
+  /* "ssh/channel.pyx":71
+ *         cdef int rc
+ *         cdef int exit_code
+ *         cdef bytes exit_signal = b""             # <<<<<<<<<<<<<<
+ *         cdef bint pcore_dumped
+ *         cdef int c_pcore_dumped = 0
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_exit_signal = __pyx_mstate_global->__pyx_kp_b_;
+
+  /* "ssh/channel.pyx":73
+ *         cdef bytes exit_signal = b""
+ *         cdef bint pcore_dumped
+ *         cdef int c_pcore_dumped = 0             # <<<<<<<<<<<<<<
+ *         cdef unsigned int c_exit_code = 0
+ *         # Libssh does not initialise exit signal, and there is no defined max.
+*/
+  __pyx_v_c_pcore_dumped = 0;
 
-  /* "ssh/channel.pyx":65
- *         return rc
- * 
- *     def get_session(self):             # <<<<<<<<<<<<<<
- *         return self.session
- * 
- */
+  /* "ssh/channel.pyx":74
+ *         cdef bint pcore_dumped
+ *         cdef int c_pcore_dumped = 0
+ *         cdef unsigned int c_exit_code = 0             # <<<<<<<<<<<<<<
+ *         # Libssh does not initialise exit signal, and there is no defined max.
+ *         # Assign a default size and clean up after libssh.
+*/
+  __pyx_v_c_exit_code = 0;
+
+  /* "ssh/channel.pyx":79
+ *         # Unless libssh re-allocates in case of larger strings, this will likely cause a segfault.
+ *         # Not much can be done our side.
+ *         cdef char *c_exit_signal = <char *>malloc(sizeof(char) * 32)             # <<<<<<<<<<<<<<
+ *         try:
+ *             with nogil:
+*/
+  __pyx_v_c_exit_signal = ((char *)malloc(((sizeof(char)) * 32)));
 
-  /* function exit code */
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_AddTraceback("ssh.channel.Channel.get_session", __pyx_clineno, __pyx_lineno, __pyx_filename);
-  __pyx_r = NULL;
+  /* "ssh/channel.pyx":80
+ *         # Not much can be done our side.
+ *         cdef char *c_exit_signal = <char *>malloc(sizeof(char) * 32)
+ *         try:             # <<<<<<<<<<<<<<
+ *             with nogil:
+ *                 rc = c_ssh.ssh_channel_get_exit_state(
+*/
+  /*try:*/ {
+
+    /* "ssh/channel.pyx":81
+ *         cdef char *c_exit_signal = <char *>malloc(sizeof(char) * 32)
+ *         try:
+ *             with nogil:             # <<<<<<<<<<<<<<
+ *                 rc = c_ssh.ssh_channel_get_exit_state(
+ *                     self._channel, &c_exit_code, &c_exit_signal, &c_pcore_dumped)
+*/
+    {
+        PyThreadState *_save;
+        _save = NULL;
+        Py_UNBLOCK_THREADS
+        __Pyx_FastGIL_Remember();
+        /*try:*/ {
+
+          /* "ssh/channel.pyx":82
+ *         try:
+ *             with nogil:
+ *                 rc = c_ssh.ssh_channel_get_exit_state(             # <<<<<<<<<<<<<<
+ *                     self._channel, &c_exit_code, &c_exit_signal, &c_pcore_dumped)
+ *             # This is essentially undefined libssh behaviour when get_exit_state returns an error code.
+*/
+          __pyx_v_rc = ssh_channel_get_exit_state(__pyx_v_self->_channel, (&__pyx_v_c_exit_code), (&__pyx_v_c_exit_signal), (&__pyx_v_c_pcore_dumped));
+        }
+
+        /* "ssh/channel.pyx":81
+ *         cdef char *c_exit_signal = <char *>malloc(sizeof(char) * 32)
+ *         try:
+ *             with nogil:             # <<<<<<<<<<<<<<
+ *                 rc = c_ssh.ssh_channel_get_exit_state(
+ *                     self._channel, &c_exit_code, &c_exit_signal, &c_pcore_dumped)
+*/
+        /*finally:*/ {
+          /*normal exit:*/{
+            __Pyx_FastGIL_Forget();
+            Py_BLOCK_THREADS
+            goto __pyx_L8;
+          }
+          __pyx_L8:;
+        }
+    }
+
+    /* "ssh/channel.pyx":86
+ *             # This is essentially undefined libssh behaviour when get_exit_state returns an error code.
+ *             # Safeguard our side to protect against segfaults.
+ *             exit_signal = c_exit_signal if c_exit_signal is not NULL else b""             # <<<<<<<<<<<<<<
+ *         finally:
+ *             free(c_exit_signal)
+*/
+    __pyx_t_2 = (__pyx_v_c_exit_signal != NULL);
+    if (__pyx_t_2) {
+      __pyx_t_3 = __Pyx_PyBytes_FromString(__pyx_v_c_exit_signal); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 86, __pyx_L4_error)
+      __Pyx_GOTREF(__pyx_t_3);
+      __pyx_t_1 = __pyx_t_3;
+      __pyx_t_3 = 0;
+    } else {
+      __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+      __pyx_t_1 = __pyx_mstate_global->__pyx_kp_b_;
+    }
+    __Pyx_DECREF_SET(__pyx_v_exit_signal, ((PyObject*)__pyx_t_1));
+    __pyx_t_1 = 0;
+  }
+
+  /* "ssh/channel.pyx":88
+ *             exit_signal = c_exit_signal if c_exit_signal is not NULL else b""
+ *         finally:
+ *             free(c_exit_signal)             # <<<<<<<<<<<<<<
+ *         handle_error_codes(rc, self._session._session)
+ *         exit_code = c_exit_code
+*/
+  /*finally:*/ {
+    /*normal exit:*/{
+      free(__pyx_v_c_exit_signal);
+      goto __pyx_L5;
+    }
+    __pyx_L4_error:;
+    /*exception exit:*/{
+      __Pyx_PyThreadState_declare
+      __Pyx_PyThreadState_assign
+      __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0; __pyx_t_12 = 0;
+      __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+       __Pyx_ExceptionSwap(&__pyx_t_10, &__pyx_t_11, &__pyx_t_12);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_7, &__pyx_t_8, &__pyx_t_9) < 0)) __Pyx_ErrFetch(&__pyx_t_7, &__pyx_t_8, &__pyx_t_9);
+      __Pyx_XGOTREF(__pyx_t_7);
+      __Pyx_XGOTREF(__pyx_t_8);
+      __Pyx_XGOTREF(__pyx_t_9);
+      __Pyx_XGOTREF(__pyx_t_10);
+      __Pyx_XGOTREF(__pyx_t_11);
+      __Pyx_XGOTREF(__pyx_t_12);
+      __pyx_t_4 = __pyx_lineno; __pyx_t_5 = __pyx_clineno; __pyx_t_6 = __pyx_filename;
+      {
+        free(__pyx_v_c_exit_signal);
+      }
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_XGIVEREF(__pyx_t_12);
+      __Pyx_ExceptionReset(__pyx_t_10, __pyx_t_11, __pyx_t_12);
+      __Pyx_XGIVEREF(__pyx_t_7);
+      __Pyx_XGIVEREF(__pyx_t_8);
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_ErrRestore(__pyx_t_7, __pyx_t_8, __pyx_t_9);
+      __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0; __pyx_t_12 = 0;
+      __pyx_lineno = __pyx_t_4; __pyx_clineno = __pyx_t_5; __pyx_filename = __pyx_t_6;
+      goto __pyx_L1_error;
+    }
+    __pyx_L5:;
+  }
+
+  /* "ssh/channel.pyx":89
+ *         finally:
+ *             free(c_exit_signal)
+ *         handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
+ *         exit_code = c_exit_code
+ *         pcore_dumped = c_pcore_dumped == 1
+*/
+  __pyx_t_5 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_5 == ((int)-1))) __PYX_ERR(0, 89, __pyx_L1_error)
+
+  /* "ssh/channel.pyx":90
+ *             free(c_exit_signal)
+ *         handle_error_codes(rc, self._session._session)
+ *         exit_code = c_exit_code             # <<<<<<<<<<<<<<
+ *         pcore_dumped = c_pcore_dumped == 1
+ *         if rc == c_ssh.SSH_AGAIN:
+*/
+  __pyx_v_exit_code = __pyx_v_c_exit_code;
+
+  /* "ssh/channel.pyx":91
+ *         handle_error_codes(rc, self._session._session)
+ *         exit_code = c_exit_code
+ *         pcore_dumped = c_pcore_dumped == 1             # <<<<<<<<<<<<<<
+ *         if rc == c_ssh.SSH_AGAIN:
+ *             # Return code for SSH_AGAIN needs to be handled separately to allow client to handle EAGAIN on their own
+*/
+  __pyx_v_pcore_dumped = (__pyx_v_c_pcore_dumped == 1);
+
+  /* "ssh/channel.pyx":92
+ *         exit_code = c_exit_code
+ *         pcore_dumped = c_pcore_dumped == 1
+ *         if rc == c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
+ *             # Return code for SSH_AGAIN needs to be handled separately to allow client to handle EAGAIN on their own
+ *             # when non-blocking mode is enabled.
+*/
+  __pyx_t_2 = (__pyx_v_rc == SSH_AGAIN);
+  if (__pyx_t_2) {
+
+    /* "ssh/channel.pyx":96
+ *             # when non-blocking mode is enabled.
+ *             # No, callbacks are not client side async handling, they're callbacks.
+ *             return (rc, b"", 0)             # <<<<<<<<<<<<<<
+ *         return (exit_code, exit_signal, pcore_dumped)
+ * 
+*/
+    __Pyx_XDECREF(__pyx_r);
+    __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 96, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+    __pyx_t_3 = PyTuple_New(3); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 96, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __Pyx_GIVEREF(__pyx_t_1);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_t_1) != (0)) __PYX_ERR(0, 96, __pyx_L1_error);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_kp_b_);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_mstate_global->__pyx_kp_b_) != (0)) __PYX_ERR(0, 96, __pyx_L1_error);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_int_0);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_3, 2, __pyx_mstate_global->__pyx_int_0) != (0)) __PYX_ERR(0, 96, __pyx_L1_error);
+    __pyx_t_1 = 0;
+    __pyx_r = __pyx_t_3;
+    __pyx_t_3 = 0;
+    goto __pyx_L0;
+
+    /* "ssh/channel.pyx":92
+ *         exit_code = c_exit_code
+ *         pcore_dumped = c_pcore_dumped == 1
+ *         if rc == c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
+ *             # Return code for SSH_AGAIN needs to be handled separately to allow client to handle EAGAIN on their own
+ *             # when non-blocking mode is enabled.
+*/
+  }
+
+  /* "ssh/channel.pyx":97
+ *             # No, callbacks are not client side async handling, they're callbacks.
+ *             return (rc, b"", 0)
+ *         return (exit_code, exit_signal, pcore_dumped)             # <<<<<<<<<<<<<<
+ * 
+ *     def get_session(self):
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_v_exit_code); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_1 = __Pyx_PyBool_FromLong(__pyx_v_pcore_dumped); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_t_13 = PyTuple_New(3); if (unlikely(!__pyx_t_13)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_13);
+  __Pyx_GIVEREF(__pyx_t_3);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_13, 0, __pyx_t_3) != (0)) __PYX_ERR(0, 97, __pyx_L1_error);
+  __Pyx_INCREF(__pyx_v_exit_signal);
+  __Pyx_GIVEREF(__pyx_v_exit_signal);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_13, 1, __pyx_v_exit_signal) != (0)) __PYX_ERR(0, 97, __pyx_L1_error);
+  __Pyx_GIVEREF(__pyx_t_1);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_13, 2, __pyx_t_1) != (0)) __PYX_ERR(0, 97, __pyx_L1_error);
+  __pyx_t_3 = 0;
+  __pyx_t_1 = 0;
+  __pyx_r = __pyx_t_13;
+  __pyx_t_13 = 0;
+  goto __pyx_L0;
+
+  /* "ssh/channel.pyx":65
+ *         return rc
+ * 
+ *     def get_exit_state(self):             # <<<<<<<<<<<<<<
+ *         """
+ *         :rtype: (int, bytes, bool)
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_XDECREF(__pyx_t_13);
+  __Pyx_AddTraceback("ssh.channel.Channel.get_exit_state", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = NULL;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_exit_signal);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+/* "ssh/channel.pyx":99
+ *         return (exit_code, exit_signal, pcore_dumped)
+ * 
+ *     def get_session(self):             # <<<<<<<<<<<<<<
+ *         return self.session
+ * 
+*/
+
+/* Python wrapper */
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_11get_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_10get_session, "Channel.get_session(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_11get_session = {"get_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_11get_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_10get_session};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_11get_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("get_session (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_session", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_session", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_10get_session(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+
+  /* function exit code */
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_10get_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  PyObject *__pyx_t_1 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("get_session", 0);
+
+  /* "ssh/channel.pyx":100
+ * 
+ *     def get_session(self):
+ *         return self.session             # <<<<<<<<<<<<<<
+ * 
+ *     def is_closed(self):
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_mstate_global->__pyx_n_u_session); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 100, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_r = __pyx_t_1;
+  __pyx_t_1 = 0;
+  goto __pyx_L0;
+
+  /* "ssh/channel.pyx":99
+ *         return (exit_code, exit_signal, pcore_dumped)
+ * 
+ *     def get_session(self):             # <<<<<<<<<<<<<<
+ *         return self.session
+ * 
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_AddTraceback("ssh.channel.Channel.get_session", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = NULL;
   __pyx_L0:;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":68
+/* "ssh/channel.pyx":102
  *         return self.session
  * 
  *     def is_closed(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_11is_closed(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_10is_closed[] = "Channel.is_closed(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_11is_closed(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_13is_closed(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_12is_closed, "Channel.is_closed(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_13is_closed = {"is_closed", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_13is_closed, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_12is_closed};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_13is_closed(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_closed (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_10is_closed(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_closed", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_closed", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_12is_closed(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_10is_closed(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_12is_closed(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -2186,71 +4114,68 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_10is_closed(struct __pyx_obj_3s
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_closed", 0);
 
-  /* "ssh/channel.pyx":70
+  /* "ssh/channel.pyx":104
  *     def is_closed(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_is_closed(self._channel)
  *         return rc != 0
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":71
+        /* "ssh/channel.pyx":105
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_is_closed(self._channel)             # <<<<<<<<<<<<<<
  *         return rc != 0
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_is_closed(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":70
+      /* "ssh/channel.pyx":104
  *     def is_closed(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_is_closed(self._channel)
  *         return rc != 0
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":72
+  /* "ssh/channel.pyx":106
  *         with nogil:
  *             rc = c_ssh.ssh_channel_is_closed(self._channel)
  *         return rc != 0             # <<<<<<<<<<<<<<
  * 
  *     def is_eof(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyBool_FromLong((__pyx_v_rc != 0)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 72, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBool_FromLong((__pyx_v_rc != 0)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 106, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":68
+  /* "ssh/channel.pyx":102
  *         return self.session
  * 
  *     def is_closed(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2263,29 +4188,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_10is_closed(struct __pyx_obj_3s
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":74
+/* "ssh/channel.pyx":108
  *         return rc != 0
  * 
  *     def is_eof(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_13is_eof(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_12is_eof[] = "Channel.is_eof(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_13is_eof(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_15is_eof(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_14is_eof, "Channel.is_eof(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_15is_eof = {"is_eof", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_15is_eof, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_14is_eof};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_15is_eof(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_eof (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_12is_eof(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_eof", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_eof", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_14is_eof(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_12is_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_14is_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -2296,72 +4250,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_12is_eof(struct __pyx_obj_3ssh_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_eof", 0);
 
-  /* "ssh/channel.pyx":76
+  /* "ssh/channel.pyx":110
  *     def is_eof(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_is_eof(self._channel)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":77
+        /* "ssh/channel.pyx":111
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_is_eof(self._channel)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_is_eof(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":76
+      /* "ssh/channel.pyx":110
  *     def is_eof(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_is_eof(self._channel)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":78
+  /* "ssh/channel.pyx":112
  *         with nogil:
  *             rc = c_ssh.ssh_channel_is_eof(self._channel)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def is_open(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 78, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 112, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":74
+  /* "ssh/channel.pyx":108
  *         return rc != 0
  * 
  *     def is_eof(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2374,29 +4325,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_12is_eof(struct __pyx_obj_3ssh_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":80
+/* "ssh/channel.pyx":114
  *         return bool(rc)
  * 
  *     def is_open(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_15is_open(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_14is_open[] = "Channel.is_open(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_15is_open(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_17is_open(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_16is_open, "Channel.is_open(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_17is_open = {"is_open", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_17is_open, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_16is_open};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_17is_open(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_open (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_14is_open(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_open", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_open", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_16is_open(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_14is_open(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_16is_open(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -2407,72 +4387,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_14is_open(struct __pyx_obj_3ssh
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_open", 0);
 
-  /* "ssh/channel.pyx":82
+  /* "ssh/channel.pyx":116
  *     def is_open(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_is_open(self._channel)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":83
+        /* "ssh/channel.pyx":117
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_is_open(self._channel)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_is_open(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":82
+      /* "ssh/channel.pyx":116
  *     def is_open(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_is_open(self._channel)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":84
+  /* "ssh/channel.pyx":118
  *         with nogil:
  *             rc = c_ssh.ssh_channel_is_open(self._channel)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def send_eof(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 84, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 118, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":80
+  /* "ssh/channel.pyx":114
  *         return bool(rc)
  * 
  *     def is_open(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2485,29 +4462,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_14is_open(struct __pyx_obj_3ssh
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":86
+/* "ssh/channel.pyx":120
  *         return bool(rc)
  * 
  *     def send_eof(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_17send_eof(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_16send_eof[] = "Channel.send_eof(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_17send_eof(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_19send_eof(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_18send_eof, "Channel.send_eof(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_19send_eof = {"send_eof", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_19send_eof, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_18send_eof};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_19send_eof(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("send_eof (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_16send_eof(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("send_eof", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("send_eof", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_18send_eof(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_16send_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_18send_eof(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -2518,72 +4524,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_16send_eof(struct __pyx_obj_3ss
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("send_eof", 0);
 
-  /* "ssh/channel.pyx":88
+  /* "ssh/channel.pyx":122
  *     def send_eof(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_send_eof(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":89
+        /* "ssh/channel.pyx":123
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_send_eof(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_send_eof(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":88
+      /* "ssh/channel.pyx":122
  *     def send_eof(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_send_eof(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":90
+  /* "ssh/channel.pyx":124
  *         with nogil:
  *             rc = c_ssh.ssh_channel_send_eof(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_auth_agent(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 90, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 90, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 124, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 124, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":86
+  /* "ssh/channel.pyx":120
  *         return bool(rc)
  * 
  *     def send_eof(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2596,29 +4599,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_16send_eof(struct __pyx_obj_3ss
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":92
+/* "ssh/channel.pyx":126
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_auth_agent(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_19request_auth_agent(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_18request_auth_agent[] = "Channel.request_auth_agent(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_19request_auth_agent(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_21request_auth_agent(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_20request_auth_agent, "Channel.request_auth_agent(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_21request_auth_agent = {"request_auth_agent", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_21request_auth_agent, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_20request_auth_agent};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_21request_auth_agent(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_auth_agent (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_18request_auth_agent(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_auth_agent", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_auth_agent", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_20request_auth_agent(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_18request_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_20request_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -2629,72 +4661,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_18request_auth_agent(struct __p
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_auth_agent", 0);
 
-  /* "ssh/channel.pyx":94
+  /* "ssh/channel.pyx":128
  *     def request_auth_agent(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_auth_agent(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":95
+        /* "ssh/channel.pyx":129
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_auth_agent(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_request_auth_agent(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":94
+      /* "ssh/channel.pyx":128
  *     def request_auth_agent(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_auth_agent(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":96
+  /* "ssh/channel.pyx":130
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_auth_agent(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def open_auth_agent(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 96, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 96, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 130, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 130, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":92
+  /* "ssh/channel.pyx":126
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_auth_agent(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2707,29 +4736,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_18request_auth_agent(struct __p
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":98
+/* "ssh/channel.pyx":132
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_auth_agent(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_21open_auth_agent(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_20open_auth_agent[] = "Channel.open_auth_agent(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_21open_auth_agent(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_23open_auth_agent(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_22open_auth_agent, "Channel.open_auth_agent(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_23open_auth_agent = {"open_auth_agent", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_23open_auth_agent, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_22open_auth_agent};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_23open_auth_agent(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("open_auth_agent (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_20open_auth_agent(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("open_auth_agent", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("open_auth_agent", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_22open_auth_agent(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_20open_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_22open_auth_agent(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -2740,72 +4798,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_20open_auth_agent(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("open_auth_agent", 0);
 
-  /* "ssh/channel.pyx":100
+  /* "ssh/channel.pyx":134
  *     def open_auth_agent(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_auth_agent(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":101
+        /* "ssh/channel.pyx":135
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_open_auth_agent(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_open_auth_agent(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":100
+      /* "ssh/channel.pyx":134
  *     def open_auth_agent(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_auth_agent(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":102
+  /* "ssh/channel.pyx":136
  *         with nogil:
  *             rc = c_ssh.ssh_channel_open_auth_agent(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def open_forward(self, remotehost, int remoteport,
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 102, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 102, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 136, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 136, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":98
+  /* "ssh/channel.pyx":132
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_auth_agent(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2818,102 +4873,125 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_20open_auth_agent(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":104
+/* "ssh/channel.pyx":138
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_forward(self, remotehost, int remoteport,             # <<<<<<<<<<<<<<
  *                      sourcehost, int sourceport):
  *         cdef bytes b_remotehost = to_bytes(remotehost)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_23open_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_22open_forward[] = "Channel.open_forward(self, remotehost, int remoteport, sourcehost, int sourceport)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_23open_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_25open_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_24open_forward, "Channel.open_forward(self, remotehost, int remoteport, sourcehost, int sourceport)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_25open_forward = {"open_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_25open_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_24open_forward};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_25open_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_remotehost = 0;
   int __pyx_v_remoteport;
   PyObject *__pyx_v_sourcehost = 0;
   int __pyx_v_sourceport;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[4] = {0,0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("open_forward (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_remotehost,&__pyx_n_s_remoteport,&__pyx_n_s_sourcehost,&__pyx_n_s_sourceport,0};
-    PyObject* values[4] = {0,0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  4: values[3] = PyTuple_GET_ITEM(__pyx_args, 3);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_remotehost,&__pyx_mstate_global->__pyx_n_u_remoteport,&__pyx_mstate_global->__pyx_n_u_sourcehost,&__pyx_mstate_global->__pyx_n_u_sourceport,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 138, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  4:
+        values[3] = __Pyx_ArgRef_FASTCALL(__pyx_args, 3);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[3])) __PYX_ERR(0, 138, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 138, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 138, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 138, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_remotehost)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_remoteport)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("open_forward", 1, 4, 4, 1); __PYX_ERR(0, 104, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sourcehost)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("open_forward", 1, 4, 4, 2); __PYX_ERR(0, 104, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  3:
-        if (likely((values[3] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sourceport)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("open_forward", 1, 4, 4, 3); __PYX_ERR(0, 104, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "open_forward") < 0)) __PYX_ERR(0, 104, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "open_forward", 0) < 0) __PYX_ERR(0, 138, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 4; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("open_forward", 1, 4, 4, i); __PYX_ERR(0, 138, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 4) {
+    } else if (unlikely(__pyx_nargs != 4)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
-      values[3] = PyTuple_GET_ITEM(__pyx_args, 3);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 138, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 138, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 138, __pyx_L3_error)
+      values[3] = __Pyx_ArgRef_FASTCALL(__pyx_args, 3);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[3])) __PYX_ERR(0, 138, __pyx_L3_error)
     }
     __pyx_v_remotehost = values[0];
-    __pyx_v_remoteport = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_remoteport == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 104, __pyx_L3_error)
+    __pyx_v_remoteport = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_remoteport == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 138, __pyx_L3_error)
     __pyx_v_sourcehost = values[2];
-    __pyx_v_sourceport = __Pyx_PyInt_As_int(values[3]); if (unlikely((__pyx_v_sourceport == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 105, __pyx_L3_error)
+    __pyx_v_sourceport = __Pyx_PyLong_As_int(values[3]); if (unlikely((__pyx_v_sourceport == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 139, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("open_forward", 1, 4, 4, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 104, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("open_forward", 1, 4, 4, __pyx_nargs); __PYX_ERR(0, 138, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.open_forward", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_22open_forward(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_remotehost, __pyx_v_remoteport, __pyx_v_sourcehost, __pyx_v_sourceport);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_24open_forward(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_remotehost, __pyx_v_remoteport, __pyx_v_sourcehost, __pyx_v_sourceport);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_22open_forward(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_remotehost, int __pyx_v_remoteport, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_24open_forward(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_remotehost, int __pyx_v_remoteport, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport) {
   PyObject *__pyx_v_b_remotehost = 0;
   const char *__pyx_v_c_remotehost;
   PyObject *__pyx_v_b_sourcehost = 0;
@@ -2929,124 +5007,121 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_22open_forward(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("open_forward", 0);
 
-  /* "ssh/channel.pyx":106
+  /* "ssh/channel.pyx":140
  *     def open_forward(self, remotehost, int remoteport,
  *                      sourcehost, int sourceport):
  *         cdef bytes b_remotehost = to_bytes(remotehost)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_remotehost = b_remotehost
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_remotehost); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 106, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_remotehost); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 140, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_remotehost = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":107
+  /* "ssh/channel.pyx":141
  *                      sourcehost, int sourceport):
  *         cdef bytes b_remotehost = to_bytes(remotehost)
  *         cdef const_char *c_remotehost = b_remotehost             # <<<<<<<<<<<<<<
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)
  *         cdef const_char *c_sourcehost = b_sourcehost
- */
+*/
   if (unlikely(__pyx_v_b_remotehost == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 107, __pyx_L1_error)
+    __PYX_ERR(0, 141, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_remotehost); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 107, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_remotehost); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 141, __pyx_L1_error)
   __pyx_v_c_remotehost = __pyx_t_2;
 
-  /* "ssh/channel.pyx":108
+  /* "ssh/channel.pyx":142
  *         cdef bytes b_remotehost = to_bytes(remotehost)
  *         cdef const_char *c_remotehost = b_remotehost
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_sourcehost = b_sourcehost
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_sourcehost); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 108, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_sourcehost); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 142, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_sourcehost = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":109
+  /* "ssh/channel.pyx":143
  *         cdef const_char *c_remotehost = b_remotehost
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)
  *         cdef const_char *c_sourcehost = b_sourcehost             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_sourcehost == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 109, __pyx_L1_error)
+    __PYX_ERR(0, 143, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sourcehost); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 109, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sourcehost); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 143, __pyx_L1_error)
   __pyx_v_c_sourcehost = __pyx_t_2;
 
-  /* "ssh/channel.pyx":111
+  /* "ssh/channel.pyx":145
  *         cdef const_char *c_sourcehost = b_sourcehost
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_forward(
  *                 self._channel, c_remotehost, remoteport,
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":112
+        /* "ssh/channel.pyx":146
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_open_forward(             # <<<<<<<<<<<<<<
  *                 self._channel, c_remotehost, remoteport,
  *                 c_sourcehost, sourceport)
- */
+*/
         __pyx_v_rc = ssh_channel_open_forward(__pyx_v_self->_channel, __pyx_v_c_remotehost, __pyx_v_remoteport, __pyx_v_c_sourcehost, __pyx_v_sourceport);
       }
 
-      /* "ssh/channel.pyx":111
+      /* "ssh/channel.pyx":145
  *         cdef const_char *c_sourcehost = b_sourcehost
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_forward(
  *                 self._channel, c_remotehost, remoteport,
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":115
+  /* "ssh/channel.pyx":149
  *                 self._channel, c_remotehost, remoteport,
  *                 c_sourcehost, sourceport)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def open_session(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 115, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 115, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 149, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 149, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":104
+  /* "ssh/channel.pyx":138
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_forward(self, remotehost, int remoteport,             # <<<<<<<<<<<<<<
  *                      sourcehost, int sourceport):
  *         cdef bytes b_remotehost = to_bytes(remotehost)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3061,29 +5136,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_22open_forward(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":117
+/* "ssh/channel.pyx":151
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_session(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_25open_session(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_24open_session[] = "Channel.open_session(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_25open_session(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_27open_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_26open_session, "Channel.open_session(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_27open_session = {"open_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_27open_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_26open_session};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_27open_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("open_session (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_24open_session(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("open_session", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("open_session", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_26open_session(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_24open_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_26open_session(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -3094,72 +5198,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_24open_session(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("open_session", 0);
 
-  /* "ssh/channel.pyx":119
+  /* "ssh/channel.pyx":153
  *     def open_session(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_session(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":120
+        /* "ssh/channel.pyx":154
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_open_session(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_open_session(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":119
+      /* "ssh/channel.pyx":153
  *     def open_session(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_session(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":121
+  /* "ssh/channel.pyx":155
  *         with nogil:
  *             rc = c_ssh.ssh_channel_open_session(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def open_x11(self, sourcehost, int sourceport):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 121, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 155, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 155, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":117
+  /* "ssh/channel.pyx":151
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_session(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3172,80 +5273,109 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_24open_session(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":123
+/* "ssh/channel.pyx":157
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_x11(self, sourcehost, int sourceport):             # <<<<<<<<<<<<<<
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)
  *         cdef const_char *c_sourcehost = b_sourcehost
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_27open_x11(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_26open_x11[] = "Channel.open_x11(self, sourcehost, int sourceport)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_27open_x11(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_29open_x11(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_28open_x11, "Channel.open_x11(self, sourcehost, int sourceport)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_29open_x11 = {"open_x11", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_29open_x11, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_28open_x11};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_29open_x11(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_sourcehost = 0;
   int __pyx_v_sourceport;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("open_x11 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_sourcehost,&__pyx_n_s_sourceport,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_sourcehost,&__pyx_mstate_global->__pyx_n_u_sourceport,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 157, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 157, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 157, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sourcehost)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sourceport)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("open_x11", 1, 2, 2, 1); __PYX_ERR(0, 123, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "open_x11") < 0)) __PYX_ERR(0, 123, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "open_x11", 0) < 0) __PYX_ERR(0, 157, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("open_x11", 1, 2, 2, i); __PYX_ERR(0, 157, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 157, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 157, __pyx_L3_error)
     }
     __pyx_v_sourcehost = values[0];
-    __pyx_v_sourceport = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_sourceport == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 123, __pyx_L3_error)
+    __pyx_v_sourceport = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_sourceport == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 157, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("open_x11", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 123, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("open_x11", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 157, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.open_x11", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_26open_x11(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_sourcehost, __pyx_v_sourceport);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_28open_x11(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_sourcehost, __pyx_v_sourceport);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_26open_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_28open_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sourcehost, int __pyx_v_sourceport) {
   PyObject *__pyx_v_b_sourcehost = 0;
   const char *__pyx_v_c_sourcehost;
   int __pyx_v_rc;
@@ -3259,98 +5389,95 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_26open_x11(struct __pyx_obj_3ss
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("open_x11", 0);
 
-  /* "ssh/channel.pyx":124
+  /* "ssh/channel.pyx":158
  * 
  *     def open_x11(self, sourcehost, int sourceport):
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_sourcehost = b_sourcehost
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_sourcehost); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 124, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_sourcehost); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 158, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_sourcehost = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":125
+  /* "ssh/channel.pyx":159
  *     def open_x11(self, sourcehost, int sourceport):
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)
  *         cdef const_char *c_sourcehost = b_sourcehost             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_sourcehost == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 125, __pyx_L1_error)
+    __PYX_ERR(0, 159, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sourcehost); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 125, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sourcehost); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 159, __pyx_L1_error)
   __pyx_v_c_sourcehost = __pyx_t_2;
 
-  /* "ssh/channel.pyx":127
+  /* "ssh/channel.pyx":161
  *         cdef const_char *c_sourcehost = b_sourcehost
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_x11(
  *                 self._channel, c_sourcehost, sourceport)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":128
+        /* "ssh/channel.pyx":162
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_open_x11(             # <<<<<<<<<<<<<<
  *                 self._channel, c_sourcehost, sourceport)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_open_x11(__pyx_v_self->_channel, __pyx_v_c_sourcehost, __pyx_v_sourceport);
       }
 
-      /* "ssh/channel.pyx":127
+      /* "ssh/channel.pyx":161
  *         cdef const_char *c_sourcehost = b_sourcehost
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_open_x11(
  *                 self._channel, c_sourcehost, sourceport)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":130
+  /* "ssh/channel.pyx":164
  *             rc = c_ssh.ssh_channel_open_x11(
  *                 self._channel, c_sourcehost, sourceport)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def accept_x11(self, int timeout_ms):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 130, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 130, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 164, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 164, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":123
+  /* "ssh/channel.pyx":157
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def open_x11(self, sourcehost, int sourceport):             # <<<<<<<<<<<<<<
  *         cdef bytes b_sourcehost = to_bytes(sourcehost)
  *         cdef const_char *c_sourcehost = b_sourcehost
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3364,42 +5491,101 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_26open_x11(struct __pyx_obj_3ss
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":132
+/* "ssh/channel.pyx":166
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def accept_x11(self, int timeout_ms):             # <<<<<<<<<<<<<<
  *         cdef Channel chan
  *         cdef c_ssh.ssh_channel _chan = NULL
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_29accept_x11(PyObject *__pyx_v_self, PyObject *__pyx_arg_timeout_ms); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_28accept_x11[] = "Channel.accept_x11(self, int timeout_ms)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_29accept_x11(PyObject *__pyx_v_self, PyObject *__pyx_arg_timeout_ms) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_31accept_x11(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_30accept_x11, "Channel.accept_x11(self, int timeout_ms)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_31accept_x11 = {"accept_x11", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_31accept_x11, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_30accept_x11};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_31accept_x11(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_timeout_ms;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("accept_x11 (wrapper)", 0);
-  assert(__pyx_arg_timeout_ms); {
-    __pyx_v_timeout_ms = __Pyx_PyInt_As_int(__pyx_arg_timeout_ms); if (unlikely((__pyx_v_timeout_ms == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 132, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_timeout_ms,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 166, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 166, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "accept_x11", 0) < 0) __PYX_ERR(0, 166, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("accept_x11", 1, 1, 1, i); __PYX_ERR(0, 166, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 166, __pyx_L3_error)
+    }
+    __pyx_v_timeout_ms = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_timeout_ms == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 166, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("accept_x11", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 166, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.accept_x11", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_28accept_x11(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((int)__pyx_v_timeout_ms));
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_30accept_x11(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_timeout_ms);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_28accept_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout_ms) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_30accept_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout_ms) {
   struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_chan = 0;
   ssh_channel __pyx_v__chan;
   PyObject *__pyx_r = NULL;
@@ -3412,121 +5598,118 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_28accept_x11(struct __pyx_obj_3
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("accept_x11", 0);
 
-  /* "ssh/channel.pyx":134
+  /* "ssh/channel.pyx":168
  *     def accept_x11(self, int timeout_ms):
  *         cdef Channel chan
  *         cdef c_ssh.ssh_channel _chan = NULL             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)
- */
+*/
   __pyx_v__chan = NULL;
 
-  /* "ssh/channel.pyx":135
+  /* "ssh/channel.pyx":169
  *         cdef Channel chan
  *         cdef c_ssh.ssh_channel _chan = NULL
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)
  *         if _chan is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":136
+        /* "ssh/channel.pyx":170
  *         cdef c_ssh.ssh_channel _chan = NULL
  *         with nogil:
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)             # <<<<<<<<<<<<<<
  *         if _chan is NULL:
  *             raise MemoryError
- */
+*/
         __pyx_v__chan = ssh_channel_accept_x11(__pyx_v_self->_channel, __pyx_v_timeout_ms);
       }
 
-      /* "ssh/channel.pyx":135
+      /* "ssh/channel.pyx":169
  *         cdef Channel chan
  *         cdef c_ssh.ssh_channel _chan = NULL
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)
  *         if _chan is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":137
+  /* "ssh/channel.pyx":171
  *         with nogil:
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)
  *         if _chan is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  *         chan = Channel.from_ptr(_chan, self._session)
- */
-  __pyx_t_1 = ((__pyx_v__chan == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__chan == NULL);
   if (unlikely(__pyx_t_1)) {
 
-    /* "ssh/channel.pyx":138
+    /* "ssh/channel.pyx":172
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)
  *         if _chan is NULL:
  *             raise MemoryError             # <<<<<<<<<<<<<<
  *         chan = Channel.from_ptr(_chan, self._session)
  *         return chan
- */
-    PyErr_NoMemory(); __PYX_ERR(0, 138, __pyx_L1_error)
+*/
+    PyErr_NoMemory(); __PYX_ERR(0, 172, __pyx_L1_error)
 
-    /* "ssh/channel.pyx":137
+    /* "ssh/channel.pyx":171
  *         with nogil:
  *             _chan = c_ssh.ssh_channel_accept_x11(self._channel, timeout_ms)
  *         if _chan is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  *         chan = Channel.from_ptr(_chan, self._session)
- */
+*/
   }
 
-  /* "ssh/channel.pyx":139
+  /* "ssh/channel.pyx":173
  *         if _chan is NULL:
  *             raise MemoryError
  *         chan = Channel.from_ptr(_chan, self._session)             # <<<<<<<<<<<<<<
  *         return chan
  * 
- */
+*/
   __pyx_t_2 = ((PyObject *)__pyx_v_self->_session);
   __Pyx_INCREF(__pyx_t_2);
-  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_7channel_7Channel_from_ptr(__pyx_v__chan, ((struct __pyx_obj_3ssh_7session_Session *)__pyx_t_2))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 139, __pyx_L1_error)
+  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_7channel_7Channel_from_ptr(__pyx_v__chan, ((struct __pyx_obj_3ssh_7session_Session *)__pyx_t_2))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 173, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __pyx_v_chan = ((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_t_3);
   __pyx_t_3 = 0;
 
-  /* "ssh/channel.pyx":140
+  /* "ssh/channel.pyx":174
  *             raise MemoryError
  *         chan = Channel.from_ptr(_chan, self._session)
  *         return chan             # <<<<<<<<<<<<<<
  * 
  *     def poll(self, bint is_stderr=False):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_chan));
+  __Pyx_INCREF((PyObject *)__pyx_v_chan);
   __pyx_r = ((PyObject *)__pyx_v_chan);
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":132
+  /* "ssh/channel.pyx":166
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def accept_x11(self, int timeout_ms):             # <<<<<<<<<<<<<<
  *         cdef Channel chan
  *         cdef c_ssh.ssh_channel _chan = NULL
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3541,78 +5724,106 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_28accept_x11(struct __pyx_obj_3
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":142
+/* "ssh/channel.pyx":176
  *         return chan
  * 
  *     def poll(self, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_31poll(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_30poll[] = "Channel.poll(self, bool is_stderr=False)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_31poll(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_33poll(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_32poll, "Channel.poll(self, bool is_stderr=False)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_33poll = {"poll", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_33poll, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_32poll};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_33poll(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_is_stderr;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("poll (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_is_stderr,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_is_stderr,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 176, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 176, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_is_stderr);
-          if (value) { values[0] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "poll") < 0)) __PYX_ERR(0, 142, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "poll", 0) < 0) __PYX_ERR(0, 176, __pyx_L3_error)
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 176, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
     if (values[0]) {
-      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[0]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 142, __pyx_L3_error)
+      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[0]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 176, __pyx_L3_error)
     } else {
       __pyx_v_is_stderr = ((int)0);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("poll", 0, 0, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 142, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("poll", 0, 0, 1, __pyx_nargs); __PYX_ERR(0, 176, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.poll", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_30poll(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_is_stderr);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_32poll(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_is_stderr);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_30poll(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_is_stderr) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_32poll(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_is_stderr) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -3623,72 +5834,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_30poll(struct __pyx_obj_3ssh_7c
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("poll", 0);
 
-  /* "ssh/channel.pyx":144
+  /* "ssh/channel.pyx":178
  *     def poll(self, bint is_stderr=False):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_poll(self._channel, is_stderr)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":145
+        /* "ssh/channel.pyx":179
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_poll(self._channel, is_stderr)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_poll(__pyx_v_self->_channel, __pyx_v_is_stderr);
       }
 
-      /* "ssh/channel.pyx":144
+      /* "ssh/channel.pyx":178
  *     def poll(self, bint is_stderr=False):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_poll(self._channel, is_stderr)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":146
+  /* "ssh/channel.pyx":180
  *         with nogil:
  *             rc = c_ssh.ssh_channel_poll(self._channel, is_stderr)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def poll_timeout(self, int timeout, bint is_stderr=False):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 146, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 146, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 180, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 180, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":142
+  /* "ssh/channel.pyx":176
  *         return chan
  * 
  *     def poll(self, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3701,87 +5909,118 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_30poll(struct __pyx_obj_3ssh_7c
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":148
+/* "ssh/channel.pyx":182
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def poll_timeout(self, int timeout, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_33poll_timeout(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_32poll_timeout[] = "Channel.poll_timeout(self, int timeout, bool is_stderr=False)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_33poll_timeout(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_35poll_timeout(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_34poll_timeout, "Channel.poll_timeout(self, int timeout, bool is_stderr=False)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_35poll_timeout = {"poll_timeout", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_35poll_timeout, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_34poll_timeout};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_35poll_timeout(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_timeout;
   int __pyx_v_is_stderr;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("poll_timeout (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_timeout,&__pyx_n_s_is_stderr,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_timeout,&__pyx_mstate_global->__pyx_n_u_is_stderr,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 182, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 182, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 182, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_timeout)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_is_stderr);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "poll_timeout") < 0)) __PYX_ERR(0, 148, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "poll_timeout", 0) < 0) __PYX_ERR(0, 182, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("poll_timeout", 0, 1, 2, i); __PYX_ERR(0, 182, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 182, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 182, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
-    __pyx_v_timeout = __Pyx_PyInt_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 148, __pyx_L3_error)
+    __pyx_v_timeout = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 182, __pyx_L3_error)
     if (values[1]) {
-      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 148, __pyx_L3_error)
+      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 182, __pyx_L3_error)
     } else {
       __pyx_v_is_stderr = ((int)0);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("poll_timeout", 0, 1, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 148, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("poll_timeout", 0, 1, 2, __pyx_nargs); __PYX_ERR(0, 182, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.poll_timeout", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_32poll_timeout(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_timeout, __pyx_v_is_stderr);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_34poll_timeout(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_timeout, __pyx_v_is_stderr);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_32poll_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, int __pyx_v_is_stderr) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_34poll_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, int __pyx_v_is_stderr) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -3792,72 +6031,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_32poll_timeout(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("poll_timeout", 0);
 
-  /* "ssh/channel.pyx":150
+  /* "ssh/channel.pyx":184
  *     def poll_timeout(self, int timeout, bint is_stderr=False):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_poll_timeout(
  *                 self._channel, timeout, is_stderr)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":151
+        /* "ssh/channel.pyx":185
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_poll_timeout(             # <<<<<<<<<<<<<<
  *                 self._channel, timeout, is_stderr)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_poll_timeout(__pyx_v_self->_channel, __pyx_v_timeout, __pyx_v_is_stderr);
       }
 
-      /* "ssh/channel.pyx":150
+      /* "ssh/channel.pyx":184
  *     def poll_timeout(self, int timeout, bint is_stderr=False):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_poll_timeout(
  *                 self._channel, timeout, is_stderr)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":153
+  /* "ssh/channel.pyx":187
  *             rc = c_ssh.ssh_channel_poll_timeout(
  *                 self._channel, timeout, is_stderr)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def read(self, c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 153, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 187, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 187, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":148
+  /* "ssh/channel.pyx":182
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def poll_timeout(self, int timeout, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3870,94 +6106,120 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_32poll_timeout(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":155
+/* "ssh/channel.pyx":189
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def read(self, c_ssh.uint32_t size=1024*1024, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes buf = b''
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_35read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_34read[] = "Channel.read(self, uint32_t size=1048576, bool is_stderr=False)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_35read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_37read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_36read, "Channel.read(self, uint32_t size=0x100000, bool is_stderr=False)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_37read = {"read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_37read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_36read};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_37read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v_size;
   int __pyx_v_is_stderr;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("read (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_size,&__pyx_n_s_is_stderr,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_size,&__pyx_mstate_global->__pyx_n_u_is_stderr,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 189, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size);
-          if (value) { values[0] = value; kw_args--; }
-        }
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_is_stderr);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "read") < 0)) __PYX_ERR(0, 155, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "read", 0) < 0) __PYX_ERR(0, 189, __pyx_L3_error)
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
     if (values[0]) {
-      __pyx_v_size = __Pyx_PyInt_As_uint32_t(values[0]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 155, __pyx_L3_error)
+      __pyx_v_size = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 189, __pyx_L3_error)
     } else {
       __pyx_v_size = ((uint32_t)0x100000);
     }
     if (values[1]) {
-      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 155, __pyx_L3_error)
+      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 189, __pyx_L3_error)
     } else {
       __pyx_v_is_stderr = ((int)0);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("read", 0, 0, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 155, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("read", 0, 0, 2, __pyx_nargs); __PYX_ERR(0, 189, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.read", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_34read(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_size, __pyx_v_is_stderr);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_36read(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_size, __pyx_v_is_stderr);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr) {
   int __pyx_v_rc;
   PyObject *__pyx_v_buf = 0;
   char *__pyx_v_cbuf;
@@ -3980,183 +6242,174 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7c
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("read", 0);
 
-  /* "ssh/channel.pyx":157
+  /* "ssh/channel.pyx":191
  *     def read(self, c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
  *         cdef int rc
  *         cdef bytes buf = b''             # <<<<<<<<<<<<<<
  *         cdef char* cbuf
  *         with nogil:
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_buf = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_buf = __pyx_mstate_global->__pyx_kp_b_;
 
-  /* "ssh/channel.pyx":159
+  /* "ssh/channel.pyx":193
  *         cdef bytes buf = b''
  *         cdef char* cbuf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":160
+        /* "ssh/channel.pyx":194
  *         cdef char* cbuf
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)             # <<<<<<<<<<<<<<
  *             if cbuf is NULL:
  *                 with gil:
- */
+*/
         __pyx_v_cbuf = ((char *)malloc(((sizeof(char)) * __pyx_v_size)));
 
-        /* "ssh/channel.pyx":161
+        /* "ssh/channel.pyx":195
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v_cbuf == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_cbuf == NULL);
+        if (unlikely(__pyx_t_1)) {
 
-          /* "ssh/channel.pyx":162
+          /* "ssh/channel.pyx":196
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/channel.pyx":163
+                /* "ssh/channel.pyx":197
  *             if cbuf is NULL:
  *                 with gil:
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)
  *         try:
- */
-                PyErr_NoMemory(); __PYX_ERR(0, 163, __pyx_L8_error)
+*/
+                PyErr_NoMemory(); __PYX_ERR(0, 197, __pyx_L8_error)
               }
 
-              /* "ssh/channel.pyx":162
+              /* "ssh/channel.pyx":196
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/channel.pyx":161
+          /* "ssh/channel.pyx":195
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
-        /* "ssh/channel.pyx":164
+        /* "ssh/channel.pyx":198
  *                 with gil:
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)             # <<<<<<<<<<<<<<
  *         try:
  *             if rc > 0:
- */
+*/
         __pyx_v_rc = ssh_channel_read(__pyx_v_self->_channel, __pyx_v_cbuf, __pyx_v_size, __pyx_v_is_stderr);
       }
 
-      /* "ssh/channel.pyx":159
+      /* "ssh/channel.pyx":193
  *         cdef bytes buf = b''
  *         cdef char* cbuf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":165
+  /* "ssh/channel.pyx":199
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)
  *         try:             # <<<<<<<<<<<<<<
  *             if rc > 0:
  *                 buf = cbuf[:rc]
- */
+*/
   /*try:*/ {
 
-    /* "ssh/channel.pyx":166
+    /* "ssh/channel.pyx":200
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)
  *         try:
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
-    __pyx_t_1 = ((__pyx_v_rc > 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v_rc > 0);
     if (__pyx_t_1) {
 
-      /* "ssh/channel.pyx":167
+      /* "ssh/channel.pyx":201
  *         try:
  *             if rc > 0:
  *                 buf = cbuf[:rc]             # <<<<<<<<<<<<<<
  *         finally:
  *             free(cbuf)
- */
-      __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 167, __pyx_L11_error)
+*/
+      __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 201, __pyx_L11_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF_SET(__pyx_v_buf, ((PyObject*)__pyx_t_2));
       __pyx_t_2 = 0;
 
-      /* "ssh/channel.pyx":166
+      /* "ssh/channel.pyx":200
  *             rc = c_ssh.ssh_channel_read(self._channel, cbuf, size, is_stderr)
  *         try:
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
+*/
     }
   }
 
-  /* "ssh/channel.pyx":169
+  /* "ssh/channel.pyx":203
  *                 buf = cbuf[:rc]
  *         finally:
  *             free(cbuf)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session), buf
  * 
- */
+*/
   /*finally:*/ {
     /*normal exit:*/{
       free(__pyx_v_cbuf);
@@ -4168,8 +6421,8 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7c
       __Pyx_PyThreadState_assign
       __pyx_t_6 = 0; __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
+       __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
       __Pyx_XGOTREF(__pyx_t_6);
       __Pyx_XGOTREF(__pyx_t_7);
       __Pyx_XGOTREF(__pyx_t_8);
@@ -4180,12 +6433,10 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7c
       {
         free(__pyx_v_cbuf);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_9);
-        __Pyx_XGIVEREF(__pyx_t_10);
-        __Pyx_XGIVEREF(__pyx_t_11);
-        __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      }
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
       __Pyx_XGIVEREF(__pyx_t_6);
       __Pyx_XGIVEREF(__pyx_t_7);
       __Pyx_XGIVEREF(__pyx_t_8);
@@ -4197,36 +6448,36 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7c
     __pyx_L12:;
   }
 
-  /* "ssh/channel.pyx":170
+  /* "ssh/channel.pyx":204
  *         finally:
  *             free(cbuf)
  *         return handle_error_codes(rc, self._session._session), buf             # <<<<<<<<<<<<<<
  * 
  *     def read_nonblocking(self, c_ssh.uint32_t size=1024*1024,
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 170, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 170, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 204, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 204, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 170, __pyx_L1_error)
+  __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 204, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_12);
   __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2) != (0)) __PYX_ERR(0, 204, __pyx_L1_error);
   __Pyx_INCREF(__pyx_v_buf);
   __Pyx_GIVEREF(__pyx_v_buf);
-  PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 204, __pyx_L1_error);
   __pyx_t_2 = 0;
   __pyx_r = __pyx_t_12;
   __pyx_t_12 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":155
+  /* "ssh/channel.pyx":189
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def read(self, c_ssh.uint32_t size=1024*1024, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes buf = b''
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4241,110 +6492,136 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_34read(struct __pyx_obj_3ssh_7c
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":172
+/* "ssh/channel.pyx":206
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def read_nonblocking(self, c_ssh.uint32_t size=1024*1024,             # <<<<<<<<<<<<<<
  *                          bint is_stderr=False):
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_37read_nonblocking(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_36read_nonblocking[] = "Channel.read_nonblocking(self, uint32_t size=1048576, bool is_stderr=False)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_37read_nonblocking(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_39read_nonblocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_38read_nonblocking, "Channel.read_nonblocking(self, uint32_t size=0x100000, bool is_stderr=False)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_39read_nonblocking = {"read_nonblocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_39read_nonblocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_38read_nonblocking};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_39read_nonblocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v_size;
   int __pyx_v_is_stderr;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("read_nonblocking (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_size,&__pyx_n_s_is_stderr,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_size,&__pyx_mstate_global->__pyx_n_u_is_stderr,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 206, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 206, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 206, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size);
-          if (value) { values[0] = value; kw_args--; }
-        }
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_is_stderr);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "read_nonblocking") < 0)) __PYX_ERR(0, 172, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "read_nonblocking", 0) < 0) __PYX_ERR(0, 206, __pyx_L3_error)
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 206, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 206, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
     if (values[0]) {
-      __pyx_v_size = __Pyx_PyInt_As_uint32_t(values[0]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 172, __pyx_L3_error)
+      __pyx_v_size = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 206, __pyx_L3_error)
     } else {
       __pyx_v_size = ((uint32_t)0x100000);
     }
     if (values[1]) {
-      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 173, __pyx_L3_error)
+      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 207, __pyx_L3_error)
     } else {
 
-      /* "ssh/channel.pyx":173
+      /* "ssh/channel.pyx":207
  * 
  *     def read_nonblocking(self, c_ssh.uint32_t size=1024*1024,
  *                          bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes buf = b''
- */
+*/
       __pyx_v_is_stderr = ((int)0);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("read_nonblocking", 0, 0, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 172, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("read_nonblocking", 0, 0, 2, __pyx_nargs); __PYX_ERR(0, 206, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.read_nonblocking", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_size, __pyx_v_is_stderr);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_38read_nonblocking(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_size, __pyx_v_is_stderr);
 
-  /* "ssh/channel.pyx":172
+  /* "ssh/channel.pyx":206
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def read_nonblocking(self, c_ssh.uint32_t size=1024*1024,             # <<<<<<<<<<<<<<
  *                          bint is_stderr=False):
  *         cdef int rc
- */
+*/
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_nonblocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_size, int __pyx_v_is_stderr) {
   int __pyx_v_rc;
   PyObject *__pyx_v_buf = 0;
   char *__pyx_v_cbuf;
@@ -4367,183 +6644,174 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("read_nonblocking", 0);
 
-  /* "ssh/channel.pyx":175
+  /* "ssh/channel.pyx":209
  *                          bint is_stderr=False):
  *         cdef int rc
  *         cdef bytes buf = b''             # <<<<<<<<<<<<<<
  *         cdef char* cbuf
  *         with nogil:
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_buf = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_buf = __pyx_mstate_global->__pyx_kp_b_;
 
-  /* "ssh/channel.pyx":177
+  /* "ssh/channel.pyx":211
  *         cdef bytes buf = b''
  *         cdef char* cbuf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":178
+        /* "ssh/channel.pyx":212
  *         cdef char* cbuf
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)             # <<<<<<<<<<<<<<
  *             if cbuf is NULL:
  *                 with gil:
- */
+*/
         __pyx_v_cbuf = ((char *)malloc(((sizeof(char)) * __pyx_v_size)));
 
-        /* "ssh/channel.pyx":179
+        /* "ssh/channel.pyx":213
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v_cbuf == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_cbuf == NULL);
+        if (unlikely(__pyx_t_1)) {
 
-          /* "ssh/channel.pyx":180
+          /* "ssh/channel.pyx":214
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read_nonblocking(
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/channel.pyx":181
+                /* "ssh/channel.pyx":215
  *             if cbuf is NULL:
  *                 with gil:
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_read_nonblocking(
  *                 self._channel, cbuf, size, is_stderr)
- */
-                PyErr_NoMemory(); __PYX_ERR(0, 181, __pyx_L8_error)
+*/
+                PyErr_NoMemory(); __PYX_ERR(0, 215, __pyx_L8_error)
               }
 
-              /* "ssh/channel.pyx":180
+              /* "ssh/channel.pyx":214
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read_nonblocking(
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/channel.pyx":179
+          /* "ssh/channel.pyx":213
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
-        /* "ssh/channel.pyx":182
+        /* "ssh/channel.pyx":216
  *                 with gil:
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read_nonblocking(             # <<<<<<<<<<<<<<
  *                 self._channel, cbuf, size, is_stderr)
  *         try:
- */
+*/
         __pyx_v_rc = ssh_channel_read_nonblocking(__pyx_v_self->_channel, __pyx_v_cbuf, __pyx_v_size, __pyx_v_is_stderr);
       }
 
-      /* "ssh/channel.pyx":177
+      /* "ssh/channel.pyx":211
  *         cdef bytes buf = b''
  *         cdef char* cbuf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":184
+  /* "ssh/channel.pyx":218
  *             rc = c_ssh.ssh_channel_read_nonblocking(
  *                 self._channel, cbuf, size, is_stderr)
  *         try:             # <<<<<<<<<<<<<<
  *             if rc > 0:
  *                 buf = cbuf[:rc]
- */
+*/
   /*try:*/ {
 
-    /* "ssh/channel.pyx":185
+    /* "ssh/channel.pyx":219
  *                 self._channel, cbuf, size, is_stderr)
  *         try:
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
-    __pyx_t_1 = ((__pyx_v_rc > 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v_rc > 0);
     if (__pyx_t_1) {
 
-      /* "ssh/channel.pyx":186
+      /* "ssh/channel.pyx":220
  *         try:
  *             if rc > 0:
  *                 buf = cbuf[:rc]             # <<<<<<<<<<<<<<
  *         finally:
  *             free(cbuf)
- */
-      __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 186, __pyx_L11_error)
+*/
+      __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 220, __pyx_L11_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF_SET(__pyx_v_buf, ((PyObject*)__pyx_t_2));
       __pyx_t_2 = 0;
 
-      /* "ssh/channel.pyx":185
+      /* "ssh/channel.pyx":219
  *                 self._channel, cbuf, size, is_stderr)
  *         try:
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
+*/
     }
   }
 
-  /* "ssh/channel.pyx":188
+  /* "ssh/channel.pyx":222
  *                 buf = cbuf[:rc]
  *         finally:
  *             free(cbuf)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session), buf
  * 
- */
+*/
   /*finally:*/ {
     /*normal exit:*/{
       free(__pyx_v_cbuf);
@@ -4555,8 +6823,8 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx
       __Pyx_PyThreadState_assign
       __pyx_t_6 = 0; __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
+       __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
       __Pyx_XGOTREF(__pyx_t_6);
       __Pyx_XGOTREF(__pyx_t_7);
       __Pyx_XGOTREF(__pyx_t_8);
@@ -4567,12 +6835,10 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx
       {
         free(__pyx_v_cbuf);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_9);
-        __Pyx_XGIVEREF(__pyx_t_10);
-        __Pyx_XGIVEREF(__pyx_t_11);
-        __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      }
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
       __Pyx_XGIVEREF(__pyx_t_6);
       __Pyx_XGIVEREF(__pyx_t_7);
       __Pyx_XGIVEREF(__pyx_t_8);
@@ -4584,36 +6850,36 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx
     __pyx_L12:;
   }
 
-  /* "ssh/channel.pyx":189
+  /* "ssh/channel.pyx":223
  *         finally:
  *             free(cbuf)
  *         return handle_error_codes(rc, self._session._session), buf             # <<<<<<<<<<<<<<
  * 
  *     def read_timeout(self, int timeout,
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 189, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 189, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 223, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 223, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 189, __pyx_L1_error)
+  __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 223, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_12);
   __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2) != (0)) __PYX_ERR(0, 223, __pyx_L1_error);
   __Pyx_INCREF(__pyx_v_buf);
   __Pyx_GIVEREF(__pyx_v_buf);
-  PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 223, __pyx_L1_error);
   __pyx_t_2 = 0;
   __pyx_r = __pyx_t_12;
   __pyx_t_12 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":172
+  /* "ssh/channel.pyx":206
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def read_nonblocking(self, c_ssh.uint32_t size=1024*1024,             # <<<<<<<<<<<<<<
  *                          bint is_stderr=False):
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4628,119 +6894,148 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_36read_nonblocking(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":191
+/* "ssh/channel.pyx":225
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def read_timeout(self, int timeout,             # <<<<<<<<<<<<<<
  *                      c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_39read_timeout(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_38read_timeout[] = "Channel.read_timeout(self, int timeout, uint32_t size=1048576, bool is_stderr=False)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_39read_timeout(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_41read_timeout(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_40read_timeout, "Channel.read_timeout(self, int timeout, uint32_t size=0x100000, bool is_stderr=False)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_41read_timeout = {"read_timeout", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_41read_timeout, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_40read_timeout};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_41read_timeout(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_timeout;
   uint32_t __pyx_v_size;
   int __pyx_v_is_stderr;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("read_timeout (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_timeout,&__pyx_n_s_size,&__pyx_n_s_is_stderr,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_timeout,&__pyx_mstate_global->__pyx_n_u_size,&__pyx_mstate_global->__pyx_n_u_is_stderr,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 225, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 225, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 225, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 225, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_timeout)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size);
-          if (value) { values[1] = value; kw_args--; }
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_is_stderr);
-          if (value) { values[2] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "read_timeout") < 0)) __PYX_ERR(0, 191, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "read_timeout", 0) < 0) __PYX_ERR(0, 225, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("read_timeout", 0, 1, 3, i); __PYX_ERR(0, 225, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 225, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 225, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 225, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
-    __pyx_v_timeout = __Pyx_PyInt_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 191, __pyx_L3_error)
+    __pyx_v_timeout = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 225, __pyx_L3_error)
     if (values[1]) {
-      __pyx_v_size = __Pyx_PyInt_As_uint32_t(values[1]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 192, __pyx_L3_error)
+      __pyx_v_size = __Pyx_PyLong_As_uint32_t(values[1]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 226, __pyx_L3_error)
     } else {
       __pyx_v_size = ((uint32_t)0x100000);
     }
     if (values[2]) {
-      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[2]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 192, __pyx_L3_error)
+      __pyx_v_is_stderr = __Pyx_PyObject_IsTrue(values[2]); if (unlikely((__pyx_v_is_stderr == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 226, __pyx_L3_error)
     } else {
 
-      /* "ssh/channel.pyx":192
+      /* "ssh/channel.pyx":226
  * 
  *     def read_timeout(self, int timeout,
  *                      c_ssh.uint32_t size=1024*1024, bint is_stderr=False):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes buf = b''
- */
+*/
       __pyx_v_is_stderr = ((int)0);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("read_timeout", 0, 1, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 191, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("read_timeout", 0, 1, 3, __pyx_nargs); __PYX_ERR(0, 225, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.read_timeout", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_38read_timeout(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_timeout, __pyx_v_size, __pyx_v_is_stderr);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_40read_timeout(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_timeout, __pyx_v_size, __pyx_v_is_stderr);
 
-  /* "ssh/channel.pyx":191
+  /* "ssh/channel.pyx":225
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def read_timeout(self, int timeout,             # <<<<<<<<<<<<<<
  *                      c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
  *         cdef int rc
- */
+*/
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, uint32_t __pyx_v_size, int __pyx_v_is_stderr) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_40read_timeout(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_timeout, uint32_t __pyx_v_size, int __pyx_v_is_stderr) {
   int __pyx_v_rc;
   PyObject *__pyx_v_buf = 0;
   char *__pyx_v_cbuf;
@@ -4763,183 +7058,174 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("read_timeout", 0);
 
-  /* "ssh/channel.pyx":194
+  /* "ssh/channel.pyx":228
  *                      c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
  *         cdef int rc
  *         cdef bytes buf = b''             # <<<<<<<<<<<<<<
  *         cdef char* cbuf
  *         with nogil:
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_buf = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_buf = __pyx_mstate_global->__pyx_kp_b_;
 
-  /* "ssh/channel.pyx":196
+  /* "ssh/channel.pyx":230
  *         cdef bytes buf = b''
  *         cdef char* cbuf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":197
+        /* "ssh/channel.pyx":231
  *         cdef char* cbuf
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)             # <<<<<<<<<<<<<<
  *             if cbuf is NULL:
  *                 with gil:
- */
+*/
         __pyx_v_cbuf = ((char *)malloc(((sizeof(char)) * __pyx_v_size)));
 
-        /* "ssh/channel.pyx":198
+        /* "ssh/channel.pyx":232
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v_cbuf == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_cbuf == NULL);
+        if (unlikely(__pyx_t_1)) {
 
-          /* "ssh/channel.pyx":199
+          /* "ssh/channel.pyx":233
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read_timeout(
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/channel.pyx":200
+                /* "ssh/channel.pyx":234
  *             if cbuf is NULL:
  *                 with gil:
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_read_timeout(
  *                 self._channel, cbuf, size, is_stderr, timeout)
- */
-                PyErr_NoMemory(); __PYX_ERR(0, 200, __pyx_L8_error)
+*/
+                PyErr_NoMemory(); __PYX_ERR(0, 234, __pyx_L8_error)
               }
 
-              /* "ssh/channel.pyx":199
+              /* "ssh/channel.pyx":233
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read_timeout(
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/channel.pyx":198
+          /* "ssh/channel.pyx":232
  *         with nogil:
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
-        /* "ssh/channel.pyx":201
+        /* "ssh/channel.pyx":235
  *                 with gil:
  *                     raise MemoryError
  *             rc = c_ssh.ssh_channel_read_timeout(             # <<<<<<<<<<<<<<
  *                 self._channel, cbuf, size, is_stderr, timeout)
  *         try:
- */
+*/
         __pyx_v_rc = ssh_channel_read_timeout(__pyx_v_self->_channel, __pyx_v_cbuf, __pyx_v_size, __pyx_v_is_stderr, __pyx_v_timeout);
       }
 
-      /* "ssh/channel.pyx":196
+      /* "ssh/channel.pyx":230
  *         cdef bytes buf = b''
  *         cdef char* cbuf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":203
+  /* "ssh/channel.pyx":237
  *             rc = c_ssh.ssh_channel_read_timeout(
  *                 self._channel, cbuf, size, is_stderr, timeout)
  *         try:             # <<<<<<<<<<<<<<
  *             if rc > 0:
  *                 buf = cbuf[:rc]
- */
+*/
   /*try:*/ {
 
-    /* "ssh/channel.pyx":204
+    /* "ssh/channel.pyx":238
  *                 self._channel, cbuf, size, is_stderr, timeout)
  *         try:
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
-    __pyx_t_1 = ((__pyx_v_rc > 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v_rc > 0);
     if (__pyx_t_1) {
 
-      /* "ssh/channel.pyx":205
+      /* "ssh/channel.pyx":239
  *         try:
  *             if rc > 0:
  *                 buf = cbuf[:rc]             # <<<<<<<<<<<<<<
  *         finally:
  *             free(cbuf)
- */
-      __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 205, __pyx_L11_error)
+*/
+      __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 239, __pyx_L11_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF_SET(__pyx_v_buf, ((PyObject*)__pyx_t_2));
       __pyx_t_2 = 0;
 
-      /* "ssh/channel.pyx":204
+      /* "ssh/channel.pyx":238
  *                 self._channel, cbuf, size, is_stderr, timeout)
  *         try:
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
+*/
     }
   }
 
-  /* "ssh/channel.pyx":207
+  /* "ssh/channel.pyx":241
  *                 buf = cbuf[:rc]
  *         finally:
  *             free(cbuf)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session), buf
  * 
- */
+*/
   /*finally:*/ {
     /*normal exit:*/{
       free(__pyx_v_cbuf);
@@ -4951,8 +7237,8 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj
       __Pyx_PyThreadState_assign
       __pyx_t_6 = 0; __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
+       __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
       __Pyx_XGOTREF(__pyx_t_6);
       __Pyx_XGOTREF(__pyx_t_7);
       __Pyx_XGOTREF(__pyx_t_8);
@@ -4963,12 +7249,10 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj
       {
         free(__pyx_v_cbuf);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_9);
-        __Pyx_XGIVEREF(__pyx_t_10);
-        __Pyx_XGIVEREF(__pyx_t_11);
-        __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      }
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
       __Pyx_XGIVEREF(__pyx_t_6);
       __Pyx_XGIVEREF(__pyx_t_7);
       __Pyx_XGIVEREF(__pyx_t_8);
@@ -4980,36 +7264,36 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj
     __pyx_L12:;
   }
 
-  /* "ssh/channel.pyx":208
+  /* "ssh/channel.pyx":242
  *         finally:
  *             free(cbuf)
  *         return handle_error_codes(rc, self._session._session), buf             # <<<<<<<<<<<<<<
  * 
  *     def request_env(self, name, value):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 208, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 208, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 242, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 242, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 208, __pyx_L1_error)
+  __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 242, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_12);
   __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2) != (0)) __PYX_ERR(0, 242, __pyx_L1_error);
   __Pyx_INCREF(__pyx_v_buf);
   __Pyx_GIVEREF(__pyx_v_buf);
-  PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 242, __pyx_L1_error);
   __pyx_t_2 = 0;
   __pyx_r = __pyx_t_12;
   __pyx_t_12 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":191
+  /* "ssh/channel.pyx":225
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def read_timeout(self, int timeout,             # <<<<<<<<<<<<<<
  *                      c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5024,80 +7308,109 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_38read_timeout(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":210
+/* "ssh/channel.pyx":244
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def request_env(self, name, value):             # <<<<<<<<<<<<<<
  *         cdef bytes b_name = to_bytes(name)
  *         cdef const_char *c_name = b_name
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_41request_env(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_40request_env[] = "Channel.request_env(self, name, value)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_41request_env(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_43request_env(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_42request_env, "Channel.request_env(self, name, value)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_43request_env = {"request_env", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_43request_env, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_42request_env};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_43request_env(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_name = 0;
   PyObject *__pyx_v_value = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_env (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_name,&__pyx_n_s_value,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_name,&__pyx_mstate_global->__pyx_n_u_value,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 244, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 244, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 244, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_name)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_value)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("request_env", 1, 2, 2, 1); __PYX_ERR(0, 210, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "request_env") < 0)) __PYX_ERR(0, 210, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_env", 0) < 0) __PYX_ERR(0, 244, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_env", 1, 2, 2, i); __PYX_ERR(0, 244, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 244, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 244, __pyx_L3_error)
     }
     __pyx_v_name = values[0];
     __pyx_v_value = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("request_env", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 210, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("request_env", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 244, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.request_env", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_40request_env(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_name, __pyx_v_value);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_42request_env(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_name, __pyx_v_value);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_40request_env(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_name, PyObject *__pyx_v_value) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_42request_env(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_name, PyObject *__pyx_v_value) {
   PyObject *__pyx_v_b_name = 0;
   const char *__pyx_v_c_name;
   PyObject *__pyx_v_b_value = 0;
@@ -5113,124 +7426,121 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_40request_env(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_env", 0);
 
-  /* "ssh/channel.pyx":211
+  /* "ssh/channel.pyx":245
  * 
  *     def request_env(self, name, value):
  *         cdef bytes b_name = to_bytes(name)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_name = b_name
  *         cdef bytes b_value = to_bytes(value)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 211, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 245, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_name = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":212
+  /* "ssh/channel.pyx":246
  *     def request_env(self, name, value):
  *         cdef bytes b_name = to_bytes(name)
  *         cdef const_char *c_name = b_name             # <<<<<<<<<<<<<<
  *         cdef bytes b_value = to_bytes(value)
  *         cdef const_char *c_value = b_value
- */
+*/
   if (unlikely(__pyx_v_b_name == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 212, __pyx_L1_error)
+    __PYX_ERR(0, 246, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 212, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 246, __pyx_L1_error)
   __pyx_v_c_name = __pyx_t_2;
 
-  /* "ssh/channel.pyx":213
+  /* "ssh/channel.pyx":247
  *         cdef bytes b_name = to_bytes(name)
  *         cdef const_char *c_name = b_name
  *         cdef bytes b_value = to_bytes(value)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_value = b_value
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_value); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 213, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_value); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 247, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_value = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":214
+  /* "ssh/channel.pyx":248
  *         cdef const_char *c_name = b_name
  *         cdef bytes b_value = to_bytes(value)
  *         cdef const_char *c_value = b_value             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_value == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 214, __pyx_L1_error)
+    __PYX_ERR(0, 248, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_value); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 214, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_value); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 248, __pyx_L1_error)
   __pyx_v_c_value = __pyx_t_2;
 
-  /* "ssh/channel.pyx":216
+  /* "ssh/channel.pyx":250
  *         cdef const_char *c_value = b_value
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_env(self._channel, c_name, c_value)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":217
+        /* "ssh/channel.pyx":251
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_env(self._channel, c_name, c_value)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_request_env(__pyx_v_self->_channel, __pyx_v_c_name, __pyx_v_c_value);
       }
 
-      /* "ssh/channel.pyx":216
+      /* "ssh/channel.pyx":250
  *         cdef const_char *c_value = b_value
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_env(self._channel, c_name, c_value)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":218
+  /* "ssh/channel.pyx":252
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_env(self._channel, c_name, c_value)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_exec(self, cmd):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 218, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 218, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 252, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 252, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":210
+  /* "ssh/channel.pyx":244
  *         return handle_error_codes(rc, self._session._session), buf
  * 
  *     def request_env(self, name, value):             # <<<<<<<<<<<<<<
  *         cdef bytes b_name = to_bytes(name)
  *         cdef const_char *c_name = b_name
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5245,29 +7555,101 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_40request_env(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":220
+/* "ssh/channel.pyx":254
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_exec(self, cmd):             # <<<<<<<<<<<<<<
  *         cdef bytes b_cmd = to_bytes(cmd)
  *         cdef const_char *c_cmd = b_cmd
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_43request_exec(PyObject *__pyx_v_self, PyObject *__pyx_v_cmd); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_42request_exec[] = "Channel.request_exec(self, cmd)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_43request_exec(PyObject *__pyx_v_self, PyObject *__pyx_v_cmd) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_45request_exec(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_44request_exec, "Channel.request_exec(self, cmd)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_45request_exec = {"request_exec", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_45request_exec, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_44request_exec};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_45request_exec(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_cmd = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_exec (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_42request_exec(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v_cmd));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_cmd,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 254, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 254, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_exec", 0) < 0) __PYX_ERR(0, 254, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_exec", 1, 1, 1, i); __PYX_ERR(0, 254, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 254, __pyx_L3_error)
+    }
+    __pyx_v_cmd = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("request_exec", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 254, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.request_exec", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_44request_exec(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_cmd);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_42request_exec(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_cmd) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_44request_exec(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_cmd) {
   PyObject *__pyx_v_b_cmd = 0;
   const char *__pyx_v_c_cmd;
   int __pyx_v_rc;
@@ -5281,98 +7663,95 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_42request_exec(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_exec", 0);
 
-  /* "ssh/channel.pyx":221
+  /* "ssh/channel.pyx":255
  * 
  *     def request_exec(self, cmd):
  *         cdef bytes b_cmd = to_bytes(cmd)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_cmd = b_cmd
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_cmd); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 221, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_cmd); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 255, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_cmd = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":222
+  /* "ssh/channel.pyx":256
  *     def request_exec(self, cmd):
  *         cdef bytes b_cmd = to_bytes(cmd)
  *         cdef const_char *c_cmd = b_cmd             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_cmd == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 222, __pyx_L1_error)
+    __PYX_ERR(0, 256, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_cmd); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 222, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_cmd); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 256, __pyx_L1_error)
   __pyx_v_c_cmd = __pyx_t_2;
 
-  /* "ssh/channel.pyx":224
+  /* "ssh/channel.pyx":258
  *         cdef const_char *c_cmd = b_cmd
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_exec(self._channel, c_cmd)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":225
+        /* "ssh/channel.pyx":259
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_exec(self._channel, c_cmd)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_request_exec(__pyx_v_self->_channel, __pyx_v_c_cmd);
       }
 
-      /* "ssh/channel.pyx":224
+      /* "ssh/channel.pyx":258
  *         cdef const_char *c_cmd = b_cmd
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_exec(self._channel, c_cmd)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":226
+  /* "ssh/channel.pyx":260
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_exec(self._channel, c_cmd)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_pty(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 226, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 226, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 260, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 260, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":220
+  /* "ssh/channel.pyx":254
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_exec(self, cmd):             # <<<<<<<<<<<<<<
  *         cdef bytes b_cmd = to_bytes(cmd)
  *         cdef const_char *c_cmd = b_cmd
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5386,29 +7765,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_42request_exec(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":228
+/* "ssh/channel.pyx":262
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_pty(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_45request_pty(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_44request_pty[] = "Channel.request_pty(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_45request_pty(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_47request_pty(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_46request_pty, "Channel.request_pty(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_47request_pty = {"request_pty", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_47request_pty, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_46request_pty};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_47request_pty(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_pty (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_44request_pty(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_pty", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_pty", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_46request_pty(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_44request_pty(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_46request_pty(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -5419,72 +7827,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_44request_pty(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_pty", 0);
 
-  /* "ssh/channel.pyx":230
+  /* "ssh/channel.pyx":264
  *     def request_pty(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_pty(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":231
+        /* "ssh/channel.pyx":265
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_pty(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_request_pty(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":230
+      /* "ssh/channel.pyx":264
  *     def request_pty(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_pty(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":232
+  /* "ssh/channel.pyx":266
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_pty(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def change_pty_size(self, int cols, int rows):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 232, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 232, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 266, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 266, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":228
+  /* "ssh/channel.pyx":262
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_pty(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5497,80 +7902,109 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_44request_pty(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":234
+/* "ssh/channel.pyx":268
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def change_pty_size(self, int cols, int rows):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_47change_pty_size(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_46change_pty_size[] = "Channel.change_pty_size(self, int cols, int rows)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_47change_pty_size(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_49change_pty_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_48change_pty_size, "Channel.change_pty_size(self, int cols, int rows)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_49change_pty_size = {"change_pty_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_49change_pty_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_48change_pty_size};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_49change_pty_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_cols;
   int __pyx_v_rows;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("change_pty_size (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_cols,&__pyx_n_s_rows,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_cols,&__pyx_mstate_global->__pyx_n_u_rows,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 268, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 268, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 268, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_cols)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_rows)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("change_pty_size", 1, 2, 2, 1); __PYX_ERR(0, 234, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "change_pty_size") < 0)) __PYX_ERR(0, 234, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "change_pty_size", 0) < 0) __PYX_ERR(0, 268, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("change_pty_size", 1, 2, 2, i); __PYX_ERR(0, 268, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 268, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 268, __pyx_L3_error)
     }
-    __pyx_v_cols = __Pyx_PyInt_As_int(values[0]); if (unlikely((__pyx_v_cols == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 234, __pyx_L3_error)
-    __pyx_v_rows = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_rows == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 234, __pyx_L3_error)
+    __pyx_v_cols = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_cols == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 268, __pyx_L3_error)
+    __pyx_v_rows = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_rows == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 268, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("change_pty_size", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 234, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("change_pty_size", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 268, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.change_pty_size", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_46change_pty_size(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_cols, __pyx_v_rows);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_48change_pty_size(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_cols, __pyx_v_rows);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_46change_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_cols, int __pyx_v_rows) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_48change_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_cols, int __pyx_v_rows) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -5581,72 +8015,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_46change_pty_size(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("change_pty_size", 0);
 
-  /* "ssh/channel.pyx":236
+  /* "ssh/channel.pyx":270
  *     def change_pty_size(self, int cols, int rows):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_change_pty_size(self._channel, cols, rows)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":237
+        /* "ssh/channel.pyx":271
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_change_pty_size(self._channel, cols, rows)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_change_pty_size(__pyx_v_self->_channel, __pyx_v_cols, __pyx_v_rows);
       }
 
-      /* "ssh/channel.pyx":236
+      /* "ssh/channel.pyx":270
  *     def change_pty_size(self, int cols, int rows):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_change_pty_size(self._channel, cols, rows)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":238
+  /* "ssh/channel.pyx":272
  *         with nogil:
  *             rc = c_ssh.ssh_channel_change_pty_size(self._channel, cols, rows)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_pty_size(self, terminal, int col, int row):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 238, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 238, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 272, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 272, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":234
+  /* "ssh/channel.pyx":268
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def change_pty_size(self, int cols, int rows):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5659,91 +8090,117 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_46change_pty_size(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":240
+/* "ssh/channel.pyx":274
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_pty_size(self, terminal, int col, int row):             # <<<<<<<<<<<<<<
  *         cdef bytes b_terminal = to_bytes(terminal)
  *         cdef const_char *c_terminal = b_terminal
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_49request_pty_size(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_48request_pty_size[] = "Channel.request_pty_size(self, terminal, int col, int row)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_49request_pty_size(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_51request_pty_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_50request_pty_size, "Channel.request_pty_size(self, terminal, int col, int row)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_51request_pty_size = {"request_pty_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_51request_pty_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_50request_pty_size};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_51request_pty_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_terminal = 0;
   int __pyx_v_col;
   int __pyx_v_row;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_pty_size (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_terminal,&__pyx_n_s_col,&__pyx_n_s_row,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_terminal,&__pyx_mstate_global->__pyx_n_u_col,&__pyx_mstate_global->__pyx_n_u_row,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 274, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 274, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 274, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 274, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_terminal)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_col)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("request_pty_size", 1, 3, 3, 1); __PYX_ERR(0, 240, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_row)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("request_pty_size", 1, 3, 3, 2); __PYX_ERR(0, 240, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "request_pty_size") < 0)) __PYX_ERR(0, 240, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_pty_size", 0) < 0) __PYX_ERR(0, 274, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_pty_size", 1, 3, 3, i); __PYX_ERR(0, 274, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 274, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 274, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 274, __pyx_L3_error)
     }
     __pyx_v_terminal = values[0];
-    __pyx_v_col = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_col == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 240, __pyx_L3_error)
-    __pyx_v_row = __Pyx_PyInt_As_int(values[2]); if (unlikely((__pyx_v_row == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 240, __pyx_L3_error)
+    __pyx_v_col = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_col == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 274, __pyx_L3_error)
+    __pyx_v_row = __Pyx_PyLong_As_int(values[2]); if (unlikely((__pyx_v_row == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 274, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("request_pty_size", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 240, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("request_pty_size", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 274, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.request_pty_size", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_48request_pty_size(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_terminal, __pyx_v_col, __pyx_v_row);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_50request_pty_size(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_terminal, __pyx_v_col, __pyx_v_row);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_48request_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_terminal, int __pyx_v_col, int __pyx_v_row) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_50request_pty_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_terminal, int __pyx_v_col, int __pyx_v_row) {
   PyObject *__pyx_v_b_terminal = 0;
   const char *__pyx_v_c_terminal;
   int __pyx_v_rc;
@@ -5757,98 +8214,95 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_48request_pty_size(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_pty_size", 0);
 
-  /* "ssh/channel.pyx":241
+  /* "ssh/channel.pyx":275
  * 
  *     def request_pty_size(self, terminal, int col, int row):
  *         cdef bytes b_terminal = to_bytes(terminal)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_terminal = b_terminal
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_terminal); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 241, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_terminal); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 275, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_terminal = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":242
+  /* "ssh/channel.pyx":276
  *     def request_pty_size(self, terminal, int col, int row):
  *         cdef bytes b_terminal = to_bytes(terminal)
  *         cdef const_char *c_terminal = b_terminal             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_terminal == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 242, __pyx_L1_error)
+    __PYX_ERR(0, 276, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_terminal); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 242, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_terminal); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 276, __pyx_L1_error)
   __pyx_v_c_terminal = __pyx_t_2;
 
-  /* "ssh/channel.pyx":244
+  /* "ssh/channel.pyx":278
  *         cdef const_char *c_terminal = b_terminal
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_pty_size(
  *                 self._channel, c_terminal, col, row)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":245
+        /* "ssh/channel.pyx":279
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_pty_size(             # <<<<<<<<<<<<<<
  *                 self._channel, c_terminal, col, row)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_request_pty_size(__pyx_v_self->_channel, __pyx_v_c_terminal, __pyx_v_col, __pyx_v_row);
       }
 
-      /* "ssh/channel.pyx":244
+      /* "ssh/channel.pyx":278
  *         cdef const_char *c_terminal = b_terminal
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_pty_size(
  *                 self._channel, c_terminal, col, row)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":247
+  /* "ssh/channel.pyx":281
  *             rc = c_ssh.ssh_channel_request_pty_size(
  *                 self._channel, c_terminal, col, row)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_send_signal(self, sig):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 247, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 247, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 281, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 281, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":240
+  /* "ssh/channel.pyx":274
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_pty_size(self, terminal, int col, int row):             # <<<<<<<<<<<<<<
  *         cdef bytes b_terminal = to_bytes(terminal)
  *         cdef const_char *c_terminal = b_terminal
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5862,134 +8316,203 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_48request_pty_size(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":249
+/* "ssh/channel.pyx":283
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_send_signal(self, sig):             # <<<<<<<<<<<<<<
  *         cdef bytes b_sig = to_bytes(sig)
  *         cdef const_char *c_sig = b_sig
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_51request_send_signal(PyObject *__pyx_v_self, PyObject *__pyx_v_sig); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_50request_send_signal[] = "Channel.request_send_signal(self, sig)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_51request_send_signal(PyObject *__pyx_v_self, PyObject *__pyx_v_sig) {
-  PyObject *__pyx_r = 0;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("request_send_signal (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_50request_send_signal(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v_sig));
-
-  /* function exit code */
-  __Pyx_RefNannyFinishContext();
-  return __pyx_r;
-}
-
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_50request_send_signal(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sig) {
-  PyObject *__pyx_v_b_sig = 0;
-  const char *__pyx_v_c_sig;
-  int __pyx_v_rc;
-  PyObject *__pyx_r = NULL;
-  __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
-  const char *__pyx_t_2;
-  int __pyx_t_3;
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_53request_send_signal(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_52request_send_signal, "Channel.request_send_signal(self, sig)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_53request_send_signal = {"request_send_signal", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_53request_send_signal, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_52request_send_signal};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_53request_send_signal(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_sig = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("request_send_signal", 0);
-
-  /* "ssh/channel.pyx":250
- * 
- *     def request_send_signal(self, sig):
- *         cdef bytes b_sig = to_bytes(sig)             # <<<<<<<<<<<<<<
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("request_send_signal (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_sig,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 283, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 283, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_send_signal", 0) < 0) __PYX_ERR(0, 283, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_send_signal", 1, 1, 1, i); __PYX_ERR(0, 283, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 283, __pyx_L3_error)
+    }
+    __pyx_v_sig = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("request_send_signal", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 283, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.request_send_signal", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_52request_send_signal(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_sig);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_52request_send_signal(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_sig) {
+  PyObject *__pyx_v_b_sig = 0;
+  const char *__pyx_v_c_sig;
+  int __pyx_v_rc;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  PyObject *__pyx_t_1 = NULL;
+  const char *__pyx_t_2;
+  int __pyx_t_3;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("request_send_signal", 0);
+
+  /* "ssh/channel.pyx":284
+ * 
+ *     def request_send_signal(self, sig):
+ *         cdef bytes b_sig = to_bytes(sig)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_sig = b_sig
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_sig); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 250, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_sig); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 284, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_sig = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":251
+  /* "ssh/channel.pyx":285
  *     def request_send_signal(self, sig):
  *         cdef bytes b_sig = to_bytes(sig)
  *         cdef const_char *c_sig = b_sig             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_sig == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 251, __pyx_L1_error)
+    __PYX_ERR(0, 285, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sig); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 251, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sig); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 285, __pyx_L1_error)
   __pyx_v_c_sig = __pyx_t_2;
 
-  /* "ssh/channel.pyx":253
+  /* "ssh/channel.pyx":287
  *         cdef const_char *c_sig = b_sig
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_send_signal(
  *                 self._channel, c_sig)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":254
+        /* "ssh/channel.pyx":288
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_send_signal(             # <<<<<<<<<<<<<<
  *                 self._channel, c_sig)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_request_send_signal(__pyx_v_self->_channel, __pyx_v_c_sig);
       }
 
-      /* "ssh/channel.pyx":253
+      /* "ssh/channel.pyx":287
  *         cdef const_char *c_sig = b_sig
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_send_signal(
  *                 self._channel, c_sig)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":256
+  /* "ssh/channel.pyx":290
  *             rc = c_ssh.ssh_channel_request_send_signal(
  *                 self._channel, c_sig)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_send_break(self, c_ssh.uint32_t length):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 256, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 256, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 290, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 290, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":249
+  /* "ssh/channel.pyx":283
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_send_signal(self, sig):             # <<<<<<<<<<<<<<
  *         cdef bytes b_sig = to_bytes(sig)
  *         cdef const_char *c_sig = b_sig
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6003,42 +8526,101 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_50request_send_signal(struct __
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":258
+/* "ssh/channel.pyx":292
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_send_break(self, c_ssh.uint32_t length):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_53request_send_break(PyObject *__pyx_v_self, PyObject *__pyx_arg_length); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_52request_send_break[] = "Channel.request_send_break(self, uint32_t length)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_53request_send_break(PyObject *__pyx_v_self, PyObject *__pyx_arg_length) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_55request_send_break(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_54request_send_break, "Channel.request_send_break(self, uint32_t length)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_55request_send_break = {"request_send_break", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_55request_send_break, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_54request_send_break};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_55request_send_break(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v_length;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_send_break (wrapper)", 0);
-  assert(__pyx_arg_length); {
-    __pyx_v_length = __Pyx_PyInt_As_uint32_t(__pyx_arg_length); if (unlikely((__pyx_v_length == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 258, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_length,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 292, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 292, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_send_break", 0) < 0) __PYX_ERR(0, 292, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_send_break", 1, 1, 1, i); __PYX_ERR(0, 292, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 292, __pyx_L3_error)
+    }
+    __pyx_v_length = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v_length == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 292, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("request_send_break", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 292, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.request_send_break", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_52request_send_break(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((uint32_t)__pyx_v_length));
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_54request_send_break(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_length);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_52request_send_break(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_length) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_54request_send_break(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, uint32_t __pyx_v_length) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -6049,72 +8631,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_52request_send_break(struct __p
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_send_break", 0);
 
-  /* "ssh/channel.pyx":260
+  /* "ssh/channel.pyx":294
  *     def request_send_break(self, c_ssh.uint32_t length):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_send_break(
  *                 self._channel, length)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":261
+        /* "ssh/channel.pyx":295
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_send_break(             # <<<<<<<<<<<<<<
  *                 self._channel, length)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_request_send_break(__pyx_v_self->_channel, __pyx_v_length);
       }
 
-      /* "ssh/channel.pyx":260
+      /* "ssh/channel.pyx":294
  *     def request_send_break(self, c_ssh.uint32_t length):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_send_break(
  *                 self._channel, length)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":263
+  /* "ssh/channel.pyx":297
  *             rc = c_ssh.ssh_channel_request_send_break(
  *                 self._channel, length)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_shell(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 263, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 263, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 297, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 297, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":258
+  /* "ssh/channel.pyx":292
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_send_break(self, c_ssh.uint32_t length):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6127,29 +8706,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_52request_send_break(struct __p
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":265
+/* "ssh/channel.pyx":299
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_shell(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_55request_shell(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_54request_shell[] = "Channel.request_shell(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_55request_shell(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_57request_shell(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_56request_shell, "Channel.request_shell(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_57request_shell = {"request_shell", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_57request_shell, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_56request_shell};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_57request_shell(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_shell (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_54request_shell(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_shell", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_shell", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_56request_shell(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_54request_shell(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_56request_shell(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -6160,72 +8768,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_54request_shell(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_shell", 0);
 
-  /* "ssh/channel.pyx":267
+  /* "ssh/channel.pyx":301
  *     def request_shell(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_shell(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":268
+        /* "ssh/channel.pyx":302
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_shell(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_request_shell(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":267
+      /* "ssh/channel.pyx":301
  *     def request_shell(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_shell(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":269
+  /* "ssh/channel.pyx":303
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_shell(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_sftp(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 269, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 269, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 303, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 303, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":265
+  /* "ssh/channel.pyx":299
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_shell(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6238,29 +8843,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_54request_shell(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":271
+/* "ssh/channel.pyx":305
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_sftp(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_57request_sftp(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_56request_sftp[] = "Channel.request_sftp(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_57request_sftp(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_59request_sftp(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_58request_sftp, "Channel.request_sftp(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_59request_sftp = {"request_sftp", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_59request_sftp, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_58request_sftp};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_59request_sftp(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_sftp (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_56request_sftp(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_sftp", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_sftp", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_58request_sftp(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_56request_sftp(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_58request_sftp(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -6271,72 +8905,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_56request_sftp(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_sftp", 0);
 
-  /* "ssh/channel.pyx":273
+  /* "ssh/channel.pyx":307
  *     def request_sftp(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_sftp(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":274
+        /* "ssh/channel.pyx":308
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_sftp(self._channel)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_channel_request_sftp(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":273
+      /* "ssh/channel.pyx":307
  *     def request_sftp(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_sftp(self._channel)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":275
+  /* "ssh/channel.pyx":309
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_sftp(self._channel)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_subsystem(self, subsystem):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 275, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 275, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 309, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 309, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":271
+  /* "ssh/channel.pyx":305
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_sftp(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6349,29 +8980,101 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_56request_sftp(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":277
+/* "ssh/channel.pyx":311
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_subsystem(self, subsystem):             # <<<<<<<<<<<<<<
  *         cdef bytes b_sys = to_bytes(subsystem)
  *         cdef const_char *c_sys = b_sys
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_59request_subsystem(PyObject *__pyx_v_self, PyObject *__pyx_v_subsystem); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_58request_subsystem[] = "Channel.request_subsystem(self, subsystem)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_59request_subsystem(PyObject *__pyx_v_self, PyObject *__pyx_v_subsystem) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_61request_subsystem(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_60request_subsystem, "Channel.request_subsystem(self, subsystem)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_61request_subsystem = {"request_subsystem", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_61request_subsystem, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_60request_subsystem};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_61request_subsystem(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_subsystem = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_subsystem (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_58request_subsystem(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v_subsystem));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_subsystem,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 311, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 311, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_subsystem", 0) < 0) __PYX_ERR(0, 311, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_subsystem", 1, 1, 1, i); __PYX_ERR(0, 311, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 311, __pyx_L3_error)
+    }
+    __pyx_v_subsystem = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("request_subsystem", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 311, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.request_subsystem", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_60request_subsystem(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_subsystem);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_58request_subsystem(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_subsystem) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_60request_subsystem(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_subsystem) {
   PyObject *__pyx_v_b_sys = 0;
   const char *__pyx_v_c_sys;
   int __pyx_v_rc;
@@ -6385,98 +9088,95 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_58request_subsystem(struct __py
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_subsystem", 0);
 
-  /* "ssh/channel.pyx":278
+  /* "ssh/channel.pyx":312
  * 
  *     def request_subsystem(self, subsystem):
  *         cdef bytes b_sys = to_bytes(subsystem)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_sys = b_sys
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_subsystem); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 278, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_subsystem); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 312, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_sys = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":279
+  /* "ssh/channel.pyx":313
  *     def request_subsystem(self, subsystem):
  *         cdef bytes b_sys = to_bytes(subsystem)
  *         cdef const_char *c_sys = b_sys             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_sys == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 279, __pyx_L1_error)
+    __PYX_ERR(0, 313, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sys); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 279, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_sys); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 313, __pyx_L1_error)
   __pyx_v_c_sys = __pyx_t_2;
 
-  /* "ssh/channel.pyx":281
+  /* "ssh/channel.pyx":315
  *         cdef const_char *c_sys = b_sys
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_subsystem(
  *                 self._channel, c_sys)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":282
+        /* "ssh/channel.pyx":316
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_subsystem(             # <<<<<<<<<<<<<<
  *                 self._channel, c_sys)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_request_subsystem(__pyx_v_self->_channel, __pyx_v_c_sys);
       }
 
-      /* "ssh/channel.pyx":281
+      /* "ssh/channel.pyx":315
  *         cdef const_char *c_sys = b_sys
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_subsystem(
  *                 self._channel, c_sys)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":284
+  /* "ssh/channel.pyx":318
  *             rc = c_ssh.ssh_channel_request_subsystem(
  *                 self._channel, c_sys)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def request_x11(self, int screen_number, bint single_connection=True):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 284, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 284, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 318, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 318, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":277
+  /* "ssh/channel.pyx":311
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_subsystem(self, subsystem):             # <<<<<<<<<<<<<<
  *         cdef bytes b_sys = to_bytes(subsystem)
  *         cdef const_char *c_sys = b_sys
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6490,87 +9190,118 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_58request_subsystem(struct __py
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":286
+/* "ssh/channel.pyx":320
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_x11(self, int screen_number, bint single_connection=True):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_61request_x11(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_60request_x11[] = "Channel.request_x11(self, int screen_number, bool single_connection=True)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_61request_x11(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_63request_x11(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_62request_x11, "Channel.request_x11(self, int screen_number, bool single_connection=True)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_63request_x11 = {"request_x11", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_63request_x11, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_62request_x11};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_63request_x11(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_screen_number;
   int __pyx_v_single_connection;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_x11 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_screen_number,&__pyx_n_s_single_connection,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_screen_number,&__pyx_mstate_global->__pyx_n_u_single_connection,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 320, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 320, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 320, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_screen_number)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_single_connection);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "request_x11") < 0)) __PYX_ERR(0, 286, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "request_x11", 0) < 0) __PYX_ERR(0, 320, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("request_x11", 0, 1, 2, i); __PYX_ERR(0, 320, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 320, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 320, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
-    __pyx_v_screen_number = __Pyx_PyInt_As_int(values[0]); if (unlikely((__pyx_v_screen_number == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 286, __pyx_L3_error)
+    __pyx_v_screen_number = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_screen_number == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 320, __pyx_L3_error)
     if (values[1]) {
-      __pyx_v_single_connection = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_single_connection == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 286, __pyx_L3_error)
+      __pyx_v_single_connection = __Pyx_PyObject_IsTrue(values[1]); if (unlikely((__pyx_v_single_connection == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 320, __pyx_L3_error)
     } else {
       __pyx_v_single_connection = ((int)1);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("request_x11", 0, 1, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 286, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("request_x11", 0, 1, 2, __pyx_nargs); __PYX_ERR(0, 320, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.request_x11", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_60request_x11(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_screen_number, __pyx_v_single_connection);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_62request_x11(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_screen_number, __pyx_v_single_connection);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_60request_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_screen_number, int __pyx_v_single_connection) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_62request_x11(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_screen_number, int __pyx_v_single_connection) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -6581,72 +9312,69 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_60request_x11(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("request_x11", 0);
 
-  /* "ssh/channel.pyx":288
+  /* "ssh/channel.pyx":322
  *     def request_x11(self, int screen_number, bint single_connection=True):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_x11(
  *                 self._channel, single_connection, NULL, NULL, screen_number)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":289
+        /* "ssh/channel.pyx":323
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_request_x11(             # <<<<<<<<<<<<<<
  *                 self._channel, single_connection, NULL, NULL, screen_number)
  *         return handle_error_codes(rc, self._session._session)
- */
+*/
         __pyx_v_rc = ssh_channel_request_x11(__pyx_v_self->_channel, __pyx_v_single_connection, NULL, NULL, __pyx_v_screen_number);
       }
 
-      /* "ssh/channel.pyx":288
+      /* "ssh/channel.pyx":322
  *     def request_x11(self, int screen_number, bint single_connection=True):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_request_x11(
  *                 self._channel, single_connection, NULL, NULL, screen_number)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":291
+  /* "ssh/channel.pyx":325
  *             rc = c_ssh.ssh_channel_request_x11(
  *                 self._channel, single_connection, NULL, NULL, screen_number)
  *         return handle_error_codes(rc, self._session._session)             # <<<<<<<<<<<<<<
  * 
  *     def set_blocking(self, bint blocking):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 291, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 291, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 325, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 325, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":286
+  /* "ssh/channel.pyx":320
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def request_x11(self, int screen_number, bint single_connection=True):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6659,97 +9387,153 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_60request_x11(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":293
+/* "ssh/channel.pyx":327
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def set_blocking(self, bint blocking):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_63set_blocking(PyObject *__pyx_v_self, PyObject *__pyx_arg_blocking); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_62set_blocking[] = "Channel.set_blocking(self, bool blocking)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_63set_blocking(PyObject *__pyx_v_self, PyObject *__pyx_arg_blocking) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_65set_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_64set_blocking, "Channel.set_blocking(self, bool blocking)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_65set_blocking = {"set_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_65set_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_64set_blocking};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_65set_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_blocking;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_blocking (wrapper)", 0);
-  assert(__pyx_arg_blocking); {
-    __pyx_v_blocking = __Pyx_PyObject_IsTrue(__pyx_arg_blocking); if (unlikely((__pyx_v_blocking == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 293, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_blocking,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 327, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 327, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_blocking", 0) < 0) __PYX_ERR(0, 327, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_blocking", 1, 1, 1, i); __PYX_ERR(0, 327, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 327, __pyx_L3_error)
+    }
+    __pyx_v_blocking = __Pyx_PyObject_IsTrue(values[0]); if (unlikely((__pyx_v_blocking == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 327, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_blocking", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 327, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.set_blocking", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_62set_blocking(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((int)__pyx_v_blocking));
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_64set_blocking(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_blocking);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_62set_blocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_blocking) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_64set_blocking(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, int __pyx_v_blocking) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_blocking", 0);
 
-  /* "ssh/channel.pyx":294
+  /* "ssh/channel.pyx":328
  * 
  *     def set_blocking(self, bint blocking):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":295
+        /* "ssh/channel.pyx":329
  *     def set_blocking(self, bint blocking):
  *         with nogil:
  *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)             # <<<<<<<<<<<<<<
  * 
  *     def set_counter(self, counter):
- */
+*/
         ssh_channel_set_blocking(__pyx_v_self->_channel, __pyx_v_blocking);
       }
 
-      /* "ssh/channel.pyx":294
+      /* "ssh/channel.pyx":328
  * 
  *     def set_blocking(self, bint blocking):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":293
+  /* "ssh/channel.pyx":327
  *         return handle_error_codes(rc, self._session._session)
  * 
  *     def set_blocking(self, bint blocking):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -6758,53 +9542,125 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_62set_blocking(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":297
+/* "ssh/channel.pyx":331
  *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
  * 
  *     def set_counter(self, counter):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_65set_counter(PyObject *__pyx_v_self, PyObject *__pyx_v_counter); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_64set_counter[] = "Channel.set_counter(self, counter)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_65set_counter(PyObject *__pyx_v_self, PyObject *__pyx_v_counter) {
-  PyObject *__pyx_r = 0;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("set_counter (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_64set_counter(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v_counter));
-
-  /* function exit code */
-  __Pyx_RefNannyFinishContext();
-  return __pyx_r;
-}
-
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_64set_counter(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_counter) {
-  PyObject *__pyx_r = NULL;
-  __Pyx_RefNannyDeclarations
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_67set_counter(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_66set_counter, "Channel.set_counter(self, counter)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_67set_counter = {"set_counter", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_67set_counter, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_66set_counter};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_67set_counter(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v_counter = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("set_counter", 0);
-
-  /* "ssh/channel.pyx":298
- * 
- *     def set_counter(self, counter):
- *         raise NotImplementedError             # <<<<<<<<<<<<<<
- * 
- *     def write(self, data not None):
- */
-  __Pyx_Raise(__pyx_builtin_NotImplementedError, 0, 0, 0);
-  __PYX_ERR(0, 298, __pyx_L1_error)
-
-  /* "ssh/channel.pyx":297
- *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("set_counter (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_counter,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 331, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 331, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_counter", 0) < 0) __PYX_ERR(0, 331, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_counter", 1, 1, 1, i); __PYX_ERR(0, 331, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 331, __pyx_L3_error)
+    }
+    __pyx_v_counter = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_counter", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 331, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.set_counter", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_66set_counter(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_counter);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_66set_counter(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_counter) {
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("set_counter", 0);
+
+  /* "ssh/channel.pyx":332
+ * 
+ *     def set_counter(self, counter):
+ *         raise NotImplementedError             # <<<<<<<<<<<<<<
+ * 
+ *     def write(self, data not None):
+*/
+  __Pyx_Raise(__pyx_builtin_NotImplementedError, 0, 0, 0);
+  __PYX_ERR(0, 332, __pyx_L1_error)
+
+  /* "ssh/channel.pyx":331
+ *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
  * 
  *     def set_counter(self, counter):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6815,39 +9671,113 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_64set_counter(CYTHON_UNUSED str
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":300
+/* "ssh/channel.pyx":334
  *         raise NotImplementedError
  * 
  *     def write(self, data not None):             # <<<<<<<<<<<<<<
  *         """Write data to stdin on channel.
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_67write(PyObject *__pyx_v_self, PyObject *__pyx_v_data); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_66write[] = "Channel.write(self, data)\nWrite data to stdin on channel.\n\n        :param data: Data to write.\n        :type data: str or bytes\n        :returns: Return code and bytes written tuples.\n        :rtype: (int, int)\n        ";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_67write(PyObject *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_69write(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_68write, "Channel.write(self, data)\n\nWrite data to stdin on channel.\n\n:param data: Data to write.\n:type data: str or bytes\n:returns: Return code and bytes written tuples.\n:rtype: (int, int)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_69write = {"write", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_69write, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_68write};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_69write(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_data = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("write (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_data,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 334, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 334, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "write", 0) < 0) __PYX_ERR(0, 334, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("write", 1, 1, 1, i); __PYX_ERR(0, 334, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 334, __pyx_L3_error)
+    }
+    __pyx_v_data = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("write", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 334, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.write", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_data) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "data"); __PYX_ERR(0, 300, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "data"); __PYX_ERR(0, 334, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_66write(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v_data));
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_68write(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_data);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_66write(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_68write(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data) {
   PyObject *__pyx_v_b_buf = 0;
   char const *__pyx_v__buf;
   uint32_t __pyx_v_buf_remainder;
@@ -6869,316 +9799,303 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_66write(struct __pyx_obj_3ssh_7
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("write", 0);
 
-  /* "ssh/channel.pyx":308
+  /* "ssh/channel.pyx":342
  *         :rtype: (int, int)
  *         """
  *         cdef bytes b_buf = to_bytes(data)             # <<<<<<<<<<<<<<
  *         cdef const char *_buf = b_buf
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_data); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 308, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_data); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 342, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_buf = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":309
+  /* "ssh/channel.pyx":343
  *         """
  *         cdef bytes b_buf = to_bytes(data)
  *         cdef const char *_buf = b_buf             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder
- */
+*/
   if (unlikely(__pyx_v_b_buf == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 309, __pyx_L1_error)
+    __PYX_ERR(0, 343, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_buf); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 309, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_buf); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 343, __pyx_L1_error)
   __pyx_v__buf = __pyx_t_2;
 
-  /* "ssh/channel.pyx":310
+  /* "ssh/channel.pyx":344
  *         cdef bytes b_buf = to_bytes(data)
  *         cdef const char *_buf = b_buf
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder
  *         cdef c_ssh.uint32_t bytes_written = 0
- */
+*/
   if (unlikely(__pyx_v_b_buf == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "object of type 'NoneType' has no len()");
-    __PYX_ERR(0, 310, __pyx_L1_error)
+    __PYX_ERR(0, 344, __pyx_L1_error)
   }
-  __pyx_t_3 = PyBytes_GET_SIZE(__pyx_v_b_buf); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(0, 310, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_GET_SIZE(__pyx_v_b_buf); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(0, 344, __pyx_L1_error)
   __pyx_v_buf_remainder = __pyx_t_3;
 
-  /* "ssh/channel.pyx":311
+  /* "ssh/channel.pyx":345
  *         cdef const char *_buf = b_buf
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t bytes_written = 0
  *         cdef int rc
- */
+*/
   __pyx_v_buf_tot_size = __pyx_v_buf_remainder;
 
-  /* "ssh/channel.pyx":312
+  /* "ssh/channel.pyx":346
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder
  *         cdef c_ssh.uint32_t bytes_written = 0             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   __pyx_v_bytes_written = 0;
 
-  /* "ssh/channel.pyx":314
+  /* "ssh/channel.pyx":348
  *         cdef c_ssh.uint32_t bytes_written = 0
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             while buf_remainder > 0:
  *                 rc = c_ssh.ssh_channel_write(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":315
+        /* "ssh/channel.pyx":349
  *         cdef int rc
  *         with nogil:
  *             while buf_remainder > 0:             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_channel_write(
  *                     self._channel, _buf, buf_remainder)
- */
+*/
         while (1) {
-          __pyx_t_4 = ((__pyx_v_buf_remainder > 0) != 0);
+          __pyx_t_4 = (__pyx_v_buf_remainder > 0);
           if (!__pyx_t_4) break;
 
-          /* "ssh/channel.pyx":316
+          /* "ssh/channel.pyx":350
  *         with nogil:
  *             while buf_remainder > 0:
  *                 rc = c_ssh.ssh_channel_write(             # <<<<<<<<<<<<<<
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
- */
+*/
           __pyx_v_rc = ssh_channel_write(__pyx_v_self->_channel, __pyx_v__buf, __pyx_v_buf_remainder);
 
-          /* "ssh/channel.pyx":318
+          /* "ssh/channel.pyx":352
  *                 rc = c_ssh.ssh_channel_write(
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     with gil:
  *                         return handle_error_codes(
- */
-          __pyx_t_5 = ((__pyx_v_rc < 0) != 0);
+*/
+          __pyx_t_5 = (__pyx_v_rc < 0);
           if (__pyx_t_5) {
           } else {
             __pyx_t_4 = __pyx_t_5;
             goto __pyx_L9_bool_binop_done;
           }
-          __pyx_t_5 = ((__pyx_v_rc != SSH_AGAIN) != 0);
+          __pyx_t_5 = (__pyx_v_rc != SSH_AGAIN);
           __pyx_t_4 = __pyx_t_5;
           __pyx_L9_bool_binop_done:;
           if (__pyx_t_4) {
 
-            /* "ssh/channel.pyx":319
+            /* "ssh/channel.pyx":353
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:             # <<<<<<<<<<<<<<
  *                         return handle_error_codes(
  *                             rc, self._session._session)
- */
+*/
             {
-                #ifdef WITH_THREAD
                 PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-                #endif
                 /*try:*/ {
 
-                  /* "ssh/channel.pyx":320
+                  /* "ssh/channel.pyx":354
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:
  *                         return handle_error_codes(             # <<<<<<<<<<<<<<
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:
- */
+*/
                   __Pyx_XDECREF(__pyx_r);
 
-                  /* "ssh/channel.pyx":321
+                  /* "ssh/channel.pyx":355
  *                     with gil:
  *                         return handle_error_codes(
  *                             rc, self._session._session)             # <<<<<<<<<<<<<<
  *                 elif rc == c_ssh.SSH_AGAIN:
  *                     break
- */
-                  __pyx_t_6 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_6 == ((int)-1))) __PYX_ERR(0, 320, __pyx_L14_error)
+*/
+                  __pyx_t_6 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_6 == ((int)-1))) __PYX_ERR(0, 354, __pyx_L14_error)
 
-                  /* "ssh/channel.pyx":320
+                  /* "ssh/channel.pyx":354
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:
  *                         return handle_error_codes(             # <<<<<<<<<<<<<<
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:
- */
-                  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 320, __pyx_L14_error)
+*/
+                  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 354, __pyx_L14_error)
                   __Pyx_GOTREF(__pyx_t_1);
                   __pyx_r = __pyx_t_1;
                   __pyx_t_1 = 0;
                   goto __pyx_L13_return;
                 }
 
-                /* "ssh/channel.pyx":319
+                /* "ssh/channel.pyx":353
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:             # <<<<<<<<<<<<<<
  *                         return handle_error_codes(
  *                             rc, self._session._session)
- */
+*/
                 /*finally:*/ {
                   __pyx_L13_return: {
-                    #ifdef WITH_THREAD
                     __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                    #endif
                     goto __pyx_L3_return;
                   }
                   __pyx_L14_error: {
-                    #ifdef WITH_THREAD
                     __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                    #endif
                     goto __pyx_L4_error;
                   }
                 }
             }
 
-            /* "ssh/channel.pyx":318
+            /* "ssh/channel.pyx":352
  *                 rc = c_ssh.ssh_channel_write(
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     with gil:
  *                         return handle_error_codes(
- */
+*/
           }
 
-          /* "ssh/channel.pyx":322
+          /* "ssh/channel.pyx":356
  *                         return handle_error_codes(
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     break
  *                 _buf += rc
- */
-          __pyx_t_4 = ((__pyx_v_rc == SSH_AGAIN) != 0);
+*/
+          __pyx_t_4 = (__pyx_v_rc == SSH_AGAIN);
           if (__pyx_t_4) {
 
-            /* "ssh/channel.pyx":323
+            /* "ssh/channel.pyx":357
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:
  *                     break             # <<<<<<<<<<<<<<
  *                 _buf += rc
  *                 buf_remainder -= rc
- */
+*/
             goto __pyx_L7_break;
 
-            /* "ssh/channel.pyx":322
+            /* "ssh/channel.pyx":356
  *                         return handle_error_codes(
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     break
  *                 _buf += rc
- */
+*/
           }
 
-          /* "ssh/channel.pyx":324
+          /* "ssh/channel.pyx":358
  *                 elif rc == c_ssh.SSH_AGAIN:
  *                     break
  *                 _buf += rc             # <<<<<<<<<<<<<<
  *                 buf_remainder -= rc
  *             bytes_written = buf_tot_size - buf_remainder
- */
+*/
           __pyx_v__buf = (__pyx_v__buf + __pyx_v_rc);
 
-          /* "ssh/channel.pyx":325
+          /* "ssh/channel.pyx":359
  *                     break
  *                 _buf += rc
  *                 buf_remainder -= rc             # <<<<<<<<<<<<<<
  *             bytes_written = buf_tot_size - buf_remainder
  *         return rc, bytes_written
- */
+*/
           __pyx_v_buf_remainder = (__pyx_v_buf_remainder - __pyx_v_rc);
         }
         __pyx_L7_break:;
 
-        /* "ssh/channel.pyx":326
+        /* "ssh/channel.pyx":360
  *                 _buf += rc
  *                 buf_remainder -= rc
  *             bytes_written = buf_tot_size - buf_remainder             # <<<<<<<<<<<<<<
  *         return rc, bytes_written
  * 
- */
+*/
         __pyx_v_bytes_written = (__pyx_v_buf_tot_size - __pyx_v_buf_remainder);
       }
 
-      /* "ssh/channel.pyx":314
+      /* "ssh/channel.pyx":348
  *         cdef c_ssh.uint32_t bytes_written = 0
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             while buf_remainder > 0:
  *                 rc = c_ssh.ssh_channel_write(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L3_return: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L0;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":327
+  /* "ssh/channel.pyx":361
  *                 buf_remainder -= rc
  *             bytes_written = buf_tot_size - buf_remainder
  *         return rc, bytes_written             # <<<<<<<<<<<<<<
  * 
  *     def write_stderr(self, data not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 327, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 361, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_7 = __Pyx_PyInt_From_uint32_t(__pyx_v_bytes_written); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 327, __pyx_L1_error)
+  __pyx_t_7 = __Pyx_PyLong_From_uint32_t(__pyx_v_bytes_written); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 361, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_7);
-  __pyx_t_8 = PyTuple_New(2); if (unlikely(!__pyx_t_8)) __PYX_ERR(0, 327, __pyx_L1_error)
+  __pyx_t_8 = PyTuple_New(2); if (unlikely(!__pyx_t_8)) __PYX_ERR(0, 361, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_8);
   __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_8, 0, __pyx_t_1);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_8, 0, __pyx_t_1) != (0)) __PYX_ERR(0, 361, __pyx_L1_error);
   __Pyx_GIVEREF(__pyx_t_7);
-  PyTuple_SET_ITEM(__pyx_t_8, 1, __pyx_t_7);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_8, 1, __pyx_t_7) != (0)) __PYX_ERR(0, 361, __pyx_L1_error);
   __pyx_t_1 = 0;
   __pyx_t_7 = 0;
   __pyx_r = __pyx_t_8;
   __pyx_t_8 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":300
+  /* "ssh/channel.pyx":334
  *         raise NotImplementedError
  * 
  *     def write(self, data not None):             # <<<<<<<<<<<<<<
  *         """Write data to stdin on channel.
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7194,39 +10111,113 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_66write(struct __pyx_obj_3ssh_7
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":329
+/* "ssh/channel.pyx":363
  *         return rc, bytes_written
  * 
  *     def write_stderr(self, data not None):             # <<<<<<<<<<<<<<
  *         """Write data to stderr.
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_69write_stderr(PyObject *__pyx_v_self, PyObject *__pyx_v_data); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_68write_stderr[] = "Channel.write_stderr(self, data)\nWrite data to stderr.\n\n        :param data: Data to write.\n        :type data: str or bytes\n        :returns: Return code and bytes written tuples.\n        :rtype: (int, int)\n        ";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_69write_stderr(PyObject *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_71write_stderr(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_70write_stderr, "Channel.write_stderr(self, data)\n\nWrite data to stderr.\n\n:param data: Data to write.\n:type data: str or bytes\n:returns: Return code and bytes written tuples.\n:rtype: (int, int)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_71write_stderr = {"write_stderr", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_71write_stderr, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_70write_stderr};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_71write_stderr(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_data = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("write_stderr (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_data,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 363, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 363, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "write_stderr", 0) < 0) __PYX_ERR(0, 363, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("write_stderr", 1, 1, 1, i); __PYX_ERR(0, 363, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 363, __pyx_L3_error)
+    }
+    __pyx_v_data = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("write_stderr", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 363, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.write_stderr", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_data) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "data"); __PYX_ERR(0, 329, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "data"); __PYX_ERR(0, 363, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_68write_stderr(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v_data));
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_70write_stderr(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_data);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_68write_stderr(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_70write_stderr(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, PyObject *__pyx_v_data) {
   PyObject *__pyx_v_b_buf = 0;
   char const *__pyx_v__buf;
   uint32_t __pyx_v_buf_remainder;
@@ -7248,316 +10239,303 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_68write_stderr(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("write_stderr", 0);
 
-  /* "ssh/channel.pyx":337
+  /* "ssh/channel.pyx":371
  *         :rtype: (int, int)
  *         """
  *         cdef bytes b_buf = to_bytes(data)             # <<<<<<<<<<<<<<
  *         cdef const char *_buf = b_buf
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_data); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 337, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_data); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 371, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_buf = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/channel.pyx":338
+  /* "ssh/channel.pyx":372
  *         """
  *         cdef bytes b_buf = to_bytes(data)
  *         cdef const char *_buf = b_buf             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder
- */
+*/
   if (unlikely(__pyx_v_b_buf == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 338, __pyx_L1_error)
+    __PYX_ERR(0, 372, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_buf); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 338, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_buf); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 372, __pyx_L1_error)
   __pyx_v__buf = __pyx_t_2;
 
-  /* "ssh/channel.pyx":339
+  /* "ssh/channel.pyx":373
  *         cdef bytes b_buf = to_bytes(data)
  *         cdef const char *_buf = b_buf
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder
  *         cdef c_ssh.uint32_t bytes_written = 0
- */
+*/
   if (unlikely(__pyx_v_b_buf == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "object of type 'NoneType' has no len()");
-    __PYX_ERR(0, 339, __pyx_L1_error)
+    __PYX_ERR(0, 373, __pyx_L1_error)
   }
-  __pyx_t_3 = PyBytes_GET_SIZE(__pyx_v_b_buf); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(0, 339, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_GET_SIZE(__pyx_v_b_buf); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(0, 373, __pyx_L1_error)
   __pyx_v_buf_remainder = __pyx_t_3;
 
-  /* "ssh/channel.pyx":340
+  /* "ssh/channel.pyx":374
  *         cdef const char *_buf = b_buf
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t bytes_written = 0
  *         cdef int rc
- */
+*/
   __pyx_v_buf_tot_size = __pyx_v_buf_remainder;
 
-  /* "ssh/channel.pyx":341
+  /* "ssh/channel.pyx":375
  *         cdef c_ssh.uint32_t buf_remainder = len(b_buf)
  *         cdef c_ssh.uint32_t buf_tot_size = buf_remainder
  *         cdef c_ssh.uint32_t bytes_written = 0             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   __pyx_v_bytes_written = 0;
 
-  /* "ssh/channel.pyx":343
+  /* "ssh/channel.pyx":377
  *         cdef c_ssh.uint32_t bytes_written = 0
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             while buf_remainder > 0:
  *                 rc = c_ssh.ssh_channel_write_stderr(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":344
+        /* "ssh/channel.pyx":378
  *         cdef int rc
  *         with nogil:
  *             while buf_remainder > 0:             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_channel_write_stderr(
  *                     self._channel, _buf, buf_remainder)
- */
+*/
         while (1) {
-          __pyx_t_4 = ((__pyx_v_buf_remainder > 0) != 0);
+          __pyx_t_4 = (__pyx_v_buf_remainder > 0);
           if (!__pyx_t_4) break;
 
-          /* "ssh/channel.pyx":345
+          /* "ssh/channel.pyx":379
  *         with nogil:
  *             while buf_remainder > 0:
  *                 rc = c_ssh.ssh_channel_write_stderr(             # <<<<<<<<<<<<<<
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
- */
+*/
           __pyx_v_rc = ssh_channel_write_stderr(__pyx_v_self->_channel, __pyx_v__buf, __pyx_v_buf_remainder);
 
-          /* "ssh/channel.pyx":347
+          /* "ssh/channel.pyx":381
  *                 rc = c_ssh.ssh_channel_write_stderr(
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     with gil:
  *                         return handle_error_codes(
- */
-          __pyx_t_5 = ((__pyx_v_rc < 0) != 0);
+*/
+          __pyx_t_5 = (__pyx_v_rc < 0);
           if (__pyx_t_5) {
           } else {
             __pyx_t_4 = __pyx_t_5;
             goto __pyx_L9_bool_binop_done;
           }
-          __pyx_t_5 = ((__pyx_v_rc != SSH_AGAIN) != 0);
+          __pyx_t_5 = (__pyx_v_rc != SSH_AGAIN);
           __pyx_t_4 = __pyx_t_5;
           __pyx_L9_bool_binop_done:;
           if (__pyx_t_4) {
 
-            /* "ssh/channel.pyx":348
+            /* "ssh/channel.pyx":382
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:             # <<<<<<<<<<<<<<
  *                         return handle_error_codes(
  *                             rc, self._session._session)
- */
+*/
             {
-                #ifdef WITH_THREAD
                 PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-                #endif
                 /*try:*/ {
 
-                  /* "ssh/channel.pyx":349
+                  /* "ssh/channel.pyx":383
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:
  *                         return handle_error_codes(             # <<<<<<<<<<<<<<
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:
- */
+*/
                   __Pyx_XDECREF(__pyx_r);
 
-                  /* "ssh/channel.pyx":350
+                  /* "ssh/channel.pyx":384
  *                     with gil:
  *                         return handle_error_codes(
  *                             rc, self._session._session)             # <<<<<<<<<<<<<<
  *                 elif rc == c_ssh.SSH_AGAIN:
  *                     break
- */
-                  __pyx_t_6 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_6 == ((int)-1))) __PYX_ERR(0, 349, __pyx_L14_error)
+*/
+                  __pyx_t_6 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session->_session); if (unlikely(__pyx_t_6 == ((int)-1))) __PYX_ERR(0, 383, __pyx_L14_error)
 
-                  /* "ssh/channel.pyx":349
+                  /* "ssh/channel.pyx":383
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:
  *                         return handle_error_codes(             # <<<<<<<<<<<<<<
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:
- */
-                  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 349, __pyx_L14_error)
+*/
+                  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 383, __pyx_L14_error)
                   __Pyx_GOTREF(__pyx_t_1);
                   __pyx_r = __pyx_t_1;
                   __pyx_t_1 = 0;
                   goto __pyx_L13_return;
                 }
 
-                /* "ssh/channel.pyx":348
+                /* "ssh/channel.pyx":382
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:
  *                     with gil:             # <<<<<<<<<<<<<<
  *                         return handle_error_codes(
  *                             rc, self._session._session)
- */
+*/
                 /*finally:*/ {
                   __pyx_L13_return: {
-                    #ifdef WITH_THREAD
                     __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                    #endif
                     goto __pyx_L3_return;
                   }
                   __pyx_L14_error: {
-                    #ifdef WITH_THREAD
                     __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                    #endif
                     goto __pyx_L4_error;
                   }
                 }
             }
 
-            /* "ssh/channel.pyx":347
+            /* "ssh/channel.pyx":381
  *                 rc = c_ssh.ssh_channel_write_stderr(
  *                     self._channel, _buf, buf_remainder)
  *                 if rc < 0 and rc != c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     with gil:
  *                         return handle_error_codes(
- */
+*/
           }
 
-          /* "ssh/channel.pyx":351
+          /* "ssh/channel.pyx":385
  *                         return handle_error_codes(
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     break
  *                 _buf += rc
- */
-          __pyx_t_4 = ((__pyx_v_rc == SSH_AGAIN) != 0);
+*/
+          __pyx_t_4 = (__pyx_v_rc == SSH_AGAIN);
           if (__pyx_t_4) {
 
-            /* "ssh/channel.pyx":352
+            /* "ssh/channel.pyx":386
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:
  *                     break             # <<<<<<<<<<<<<<
  *                 _buf += rc
  *                 buf_remainder -= rc
- */
+*/
             goto __pyx_L7_break;
 
-            /* "ssh/channel.pyx":351
+            /* "ssh/channel.pyx":385
  *                         return handle_error_codes(
  *                             rc, self._session._session)
  *                 elif rc == c_ssh.SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     break
  *                 _buf += rc
- */
+*/
           }
 
-          /* "ssh/channel.pyx":353
+          /* "ssh/channel.pyx":387
  *                 elif rc == c_ssh.SSH_AGAIN:
  *                     break
  *                 _buf += rc             # <<<<<<<<<<<<<<
  *                 buf_remainder -= rc
  *             bytes_written = buf_tot_size - buf_remainder
- */
+*/
           __pyx_v__buf = (__pyx_v__buf + __pyx_v_rc);
 
-          /* "ssh/channel.pyx":354
+          /* "ssh/channel.pyx":388
  *                     break
  *                 _buf += rc
  *                 buf_remainder -= rc             # <<<<<<<<<<<<<<
  *             bytes_written = buf_tot_size - buf_remainder
  *         return rc, bytes_written
- */
+*/
           __pyx_v_buf_remainder = (__pyx_v_buf_remainder - __pyx_v_rc);
         }
         __pyx_L7_break:;
 
-        /* "ssh/channel.pyx":355
+        /* "ssh/channel.pyx":389
  *                 _buf += rc
  *                 buf_remainder -= rc
  *             bytes_written = buf_tot_size - buf_remainder             # <<<<<<<<<<<<<<
  *         return rc, bytes_written
  * 
- */
+*/
         __pyx_v_bytes_written = (__pyx_v_buf_tot_size - __pyx_v_buf_remainder);
       }
 
-      /* "ssh/channel.pyx":343
+      /* "ssh/channel.pyx":377
  *         cdef c_ssh.uint32_t bytes_written = 0
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             while buf_remainder > 0:
  *                 rc = c_ssh.ssh_channel_write_stderr(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L3_return: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L0;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":356
+  /* "ssh/channel.pyx":390
  *                 buf_remainder -= rc
  *             bytes_written = buf_tot_size - buf_remainder
  *         return rc, bytes_written             # <<<<<<<<<<<<<<
  * 
  *     def window_size(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 356, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 390, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_7 = __Pyx_PyInt_From_uint32_t(__pyx_v_bytes_written); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 356, __pyx_L1_error)
+  __pyx_t_7 = __Pyx_PyLong_From_uint32_t(__pyx_v_bytes_written); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 390, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_7);
-  __pyx_t_8 = PyTuple_New(2); if (unlikely(!__pyx_t_8)) __PYX_ERR(0, 356, __pyx_L1_error)
+  __pyx_t_8 = PyTuple_New(2); if (unlikely(!__pyx_t_8)) __PYX_ERR(0, 390, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_8);
   __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_8, 0, __pyx_t_1);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_8, 0, __pyx_t_1) != (0)) __PYX_ERR(0, 390, __pyx_L1_error);
   __Pyx_GIVEREF(__pyx_t_7);
-  PyTuple_SET_ITEM(__pyx_t_8, 1, __pyx_t_7);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_8, 1, __pyx_t_7) != (0)) __PYX_ERR(0, 390, __pyx_L1_error);
   __pyx_t_1 = 0;
   __pyx_t_7 = 0;
   __pyx_r = __pyx_t_8;
   __pyx_t_8 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":329
+  /* "ssh/channel.pyx":363
  *         return rc, bytes_written
  * 
  *     def write_stderr(self, data not None):             # <<<<<<<<<<<<<<
  *         """Write data to stderr.
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7573,29 +10551,58 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_68write_stderr(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":358
+/* "ssh/channel.pyx":392
  *         return rc, bytes_written
  * 
  *     def window_size(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t size
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_71window_size(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_70window_size[] = "Channel.window_size(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_71window_size(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_73window_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_72window_size, "Channel.window_size(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_73window_size = {"window_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_73window_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_72window_size};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_73window_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("window_size (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_70window_size(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("window_size", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("window_size", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_72window_size(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_70window_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_72window_size(struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   uint32_t __pyx_v_size;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -7605,71 +10612,68 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_70window_size(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("window_size", 0);
 
-  /* "ssh/channel.pyx":360
+  /* "ssh/channel.pyx":394
  *     def window_size(self):
  *         cdef c_ssh.uint32_t size
  *         with nogil:             # <<<<<<<<<<<<<<
  *             size = c_ssh.ssh_channel_window_size(self._channel)
  *         return size
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/channel.pyx":361
+        /* "ssh/channel.pyx":395
  *         cdef c_ssh.uint32_t size
  *         with nogil:
  *             size = c_ssh.ssh_channel_window_size(self._channel)             # <<<<<<<<<<<<<<
  *         return size
  * 
- */
+*/
         __pyx_v_size = ssh_channel_window_size(__pyx_v_self->_channel);
       }
 
-      /* "ssh/channel.pyx":360
+      /* "ssh/channel.pyx":394
  *     def window_size(self):
  *         cdef c_ssh.uint32_t size
  *         with nogil:             # <<<<<<<<<<<<<<
  *             size = c_ssh.ssh_channel_window_size(self._channel)
  *         return size
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/channel.pyx":362
+  /* "ssh/channel.pyx":396
  *         with nogil:
  *             size = c_ssh.ssh_channel_window_size(self._channel)
  *         return size             # <<<<<<<<<<<<<<
  * 
  *     def select(self, channels not None, outchannels not None, maxfd,
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_uint32_t(__pyx_v_size); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 362, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_uint32_t(__pyx_v_size); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 396, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/channel.pyx":358
+  /* "ssh/channel.pyx":392
  *         return rc, bytes_written
  * 
  *     def window_size(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint32_t size
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7682,101 +10686,116 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_70window_size(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/channel.pyx":364
+/* "ssh/channel.pyx":398
  *         return size
  * 
  *     def select(self, channels not None, outchannels not None, maxfd,             # <<<<<<<<<<<<<<
  *                readfds, timeout=None):
  *         raise NotImplementedError
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_73select(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_72select[] = "Channel.select(self, channels, outchannels, maxfd, readfds, timeout=None)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_73select(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_75select(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_74select, "Channel.select(self, channels, outchannels, maxfd, readfds, timeout=None)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_75select = {"select", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_75select, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_74select};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_75select(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   CYTHON_UNUSED PyObject *__pyx_v_channels = 0;
   CYTHON_UNUSED PyObject *__pyx_v_outchannels = 0;
   CYTHON_UNUSED PyObject *__pyx_v_maxfd = 0;
   CYTHON_UNUSED PyObject *__pyx_v_readfds = 0;
   CYTHON_UNUSED PyObject *__pyx_v_timeout = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[5] = {0,0,0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("select (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_channels,&__pyx_n_s_outchannels,&__pyx_n_s_maxfd,&__pyx_n_s_readfds,&__pyx_n_s_timeout,0};
-    PyObject* values[5] = {0,0,0,0,0};
-
-    /* "ssh/channel.pyx":365
- * 
- *     def select(self, channels not None, outchannels not None, maxfd,
- *                readfds, timeout=None):             # <<<<<<<<<<<<<<
- *         raise NotImplementedError
- */
-    values[4] = ((PyObject *)Py_None);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  5: values[4] = PyTuple_GET_ITEM(__pyx_args, 4);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_channels,&__pyx_mstate_global->__pyx_n_u_outchannels,&__pyx_mstate_global->__pyx_n_u_maxfd,&__pyx_mstate_global->__pyx_n_u_readfds,&__pyx_mstate_global->__pyx_n_u_timeout,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 398, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  5:
+        values[4] = __Pyx_ArgRef_FASTCALL(__pyx_args, 4);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[4])) __PYX_ERR(0, 398, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  4: values[3] = PyTuple_GET_ITEM(__pyx_args, 3);
+        case  4:
+        values[3] = __Pyx_ArgRef_FASTCALL(__pyx_args, 3);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[3])) __PYX_ERR(0, 398, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 398, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 398, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 398, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_channels)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_outchannels)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("select", 0, 4, 5, 1); __PYX_ERR(0, 364, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_maxfd)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("select", 0, 4, 5, 2); __PYX_ERR(0, 364, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  3:
-        if (likely((values[3] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_readfds)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("select", 0, 4, 5, 3); __PYX_ERR(0, 364, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  4:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_timeout);
-          if (value) { values[4] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "select") < 0)) __PYX_ERR(0, 364, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "select", 0) < 0) __PYX_ERR(0, 398, __pyx_L3_error)
+
+      /* "ssh/channel.pyx":399
+ * 
+ *     def select(self, channels not None, outchannels not None, maxfd,
+ *                readfds, timeout=None):             # <<<<<<<<<<<<<<
+ *         raise NotImplementedError
+*/
+      if (!values[4]) values[4] = __Pyx_NewRef(((PyObject *)Py_None));
+      for (Py_ssize_t i = __pyx_nargs; i < 4; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("select", 0, 4, 5, i); __PYX_ERR(0, 398, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  5: values[4] = PyTuple_GET_ITEM(__pyx_args, 4);
+      switch (__pyx_nargs) {
+        case  5:
+        values[4] = __Pyx_ArgRef_FASTCALL(__pyx_args, 4);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[4])) __PYX_ERR(0, 398, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  4: values[3] = PyTuple_GET_ITEM(__pyx_args, 3);
-        values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
-        values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-        values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  4:
+        values[3] = __Pyx_ArgRef_FASTCALL(__pyx_args, 3);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[3])) __PYX_ERR(0, 398, __pyx_L3_error)
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 398, __pyx_L3_error)
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 398, __pyx_L3_error)
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 398, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[4]) values[4] = __Pyx_NewRef(((PyObject *)Py_None));
     }
     __pyx_v_channels = values[0];
     __pyx_v_outchannels = values[1];
@@ -7784,40 +10803,53 @@ static PyObject *__pyx_pw_3ssh_7channel_7Channel_73select(PyObject *__pyx_v_self
     __pyx_v_readfds = values[3];
     __pyx_v_timeout = values[4];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("select", 0, 4, 5, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 364, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("select", 0, 4, 5, __pyx_nargs); __PYX_ERR(0, 398, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.channel.Channel.select", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_channels) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "channels"); __PYX_ERR(0, 364, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "channels"); __PYX_ERR(0, 398, __pyx_L1_error)
   }
   if (unlikely(((PyObject *)__pyx_v_outchannels) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "outchannels"); __PYX_ERR(0, 364, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "outchannels"); __PYX_ERR(0, 398, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_72select(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_channels, __pyx_v_outchannels, __pyx_v_maxfd, __pyx_v_readfds, __pyx_v_timeout);
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_74select(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v_channels, __pyx_v_outchannels, __pyx_v_maxfd, __pyx_v_readfds, __pyx_v_timeout);
 
-  /* "ssh/channel.pyx":364
+  /* "ssh/channel.pyx":398
  *         return size
  * 
  *     def select(self, channels not None, outchannels not None, maxfd,             # <<<<<<<<<<<<<<
  *                readfds, timeout=None):
  *         raise NotImplementedError
- */
+*/
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_72select(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_channels, CYTHON_UNUSED PyObject *__pyx_v_outchannels, CYTHON_UNUSED PyObject *__pyx_v_maxfd, CYTHON_UNUSED PyObject *__pyx_v_readfds, CYTHON_UNUSED PyObject *__pyx_v_timeout) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_74select(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_channels, CYTHON_UNUSED PyObject *__pyx_v_outchannels, CYTHON_UNUSED PyObject *__pyx_v_maxfd, CYTHON_UNUSED PyObject *__pyx_v_readfds, CYTHON_UNUSED PyObject *__pyx_v_timeout) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   int __pyx_lineno = 0;
@@ -7825,21 +10857,21 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_72select(CYTHON_UNUSED struct _
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("select", 0);
 
-  /* "ssh/channel.pyx":366
+  /* "ssh/channel.pyx":400
  *     def select(self, channels not None, outchannels not None, maxfd,
  *                readfds, timeout=None):
  *         raise NotImplementedError             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_Raise(__pyx_builtin_NotImplementedError, 0, 0, 0);
-  __PYX_ERR(0, 366, __pyx_L1_error)
+  __PYX_ERR(0, 400, __pyx_L1_error)
 
-  /* "ssh/channel.pyx":364
+  /* "ssh/channel.pyx":398
  *         return size
  * 
  *     def select(self, channels not None, outchannels not None, maxfd,             # <<<<<<<<<<<<<<
  *                readfds, timeout=None):
  *         raise NotImplementedError
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7856,14 +10888,16 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_72select(CYTHON_UNUSED struct _
  *     cdef readonly bint closed             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7channel_7Channel_6closed_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_7channel_7Channel_6closed_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_7channel_7Channel_6closed___get__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
@@ -7899,28 +10933,56 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_6closed___get__(struct __pyx_ob
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_75__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_74__reduce_cython__[] = "Channel.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_75__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_77__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_76__reduce_cython__, "Channel.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_77__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_77__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_76__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_77__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_74__reduce_cython__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_76__reduce_cython__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_74__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_76__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -7928,25 +10990,21 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_74__reduce_cython__(CYTHON_UNUS
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.channel.Channel.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -7956,72 +11014,145 @@ static PyObject *__pyx_pf_3ssh_7channel_7Channel_74__reduce_cython__(CYTHON_UNUS
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_77__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_7channel_7Channel_76__setstate_cython__[] = "Channel.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_7channel_7Channel_77__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_79__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7channel_7Channel_78__setstate_cython__, "Channel.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_7channel_7Channel_79__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_79__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_78__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_7channel_7Channel_79__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_76__setstate_cython__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
-
-  /* function exit code */
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.channel.Channel.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7channel_7Channel_78__setstate_cython__(((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_self), __pyx_v___pyx_state);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7channel_7Channel_76__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pf_3ssh_7channel_7Channel_78__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__3, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.channel.Channel.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_7channel_Channel __pyx_vtable_3ssh_7channel_Channel;
 
 static PyObject *__pyx_tp_new_3ssh_7channel_Channel(PyTypeObject *t, PyObject *a, PyObject *k) {
   struct __pyx_obj_3ssh_7channel_Channel *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_7channel_Channel *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_7channel_Channel;
   p->_session = ((struct __pyx_obj_3ssh_7session_Session *)Py_None); Py_INCREF(Py_None);
@@ -8035,8 +11166,10 @@ static PyObject *__pyx_tp_new_3ssh_7channel_Channel(PyTypeObject *t, PyObject *a
 static void __pyx_tp_dealloc_3ssh_7channel_Channel(PyObject *o) {
   struct __pyx_obj_3ssh_7channel_Channel *p = (struct __pyx_obj_3ssh_7channel_Channel *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_7channel_Channel) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -8049,12 +11182,23 @@ static void __pyx_tp_dealloc_3ssh_7channel_Channel(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->_session);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_7channel_Channel(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_7channel_Channel *p = (struct __pyx_obj_3ssh_7channel_Channel *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->_session) {
     e = (*v)(((PyObject *)p->_session), a); if (e) return e;
   }
@@ -8079,55 +11223,74 @@ static PyObject *__pyx_getprop_3ssh_7channel_7Channel_closed(PyObject *o, CYTHON
 }
 
 static PyMethodDef __pyx_methods_3ssh_7channel_Channel[] = {
-  {"close", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_5close, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_4close},
-  {"get_exit_status", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_7get_exit_status, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_6get_exit_status},
-  {"get_session", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_9get_session, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_8get_session},
-  {"is_closed", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_11is_closed, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_10is_closed},
-  {"is_eof", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_13is_eof, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_12is_eof},
-  {"is_open", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_15is_open, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_14is_open},
-  {"send_eof", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_17send_eof, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_16send_eof},
-  {"request_auth_agent", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_19request_auth_agent, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_18request_auth_agent},
-  {"open_auth_agent", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_21open_auth_agent, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_20open_auth_agent},
-  {"open_forward", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_23open_forward, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_22open_forward},
-  {"open_session", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_25open_session, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_24open_session},
-  {"open_x11", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_27open_x11, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_26open_x11},
-  {"accept_x11", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_29accept_x11, METH_O, __pyx_doc_3ssh_7channel_7Channel_28accept_x11},
-  {"poll", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_31poll, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_30poll},
-  {"poll_timeout", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_33poll_timeout, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_32poll_timeout},
-  {"read", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_35read, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_34read},
-  {"read_nonblocking", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_37read_nonblocking, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_36read_nonblocking},
-  {"read_timeout", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_39read_timeout, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_38read_timeout},
-  {"request_env", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_41request_env, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_40request_env},
-  {"request_exec", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_43request_exec, METH_O, __pyx_doc_3ssh_7channel_7Channel_42request_exec},
-  {"request_pty", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_45request_pty, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_44request_pty},
-  {"change_pty_size", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_47change_pty_size, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_46change_pty_size},
-  {"request_pty_size", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_49request_pty_size, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_48request_pty_size},
-  {"request_send_signal", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_51request_send_signal, METH_O, __pyx_doc_3ssh_7channel_7Channel_50request_send_signal},
-  {"request_send_break", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_53request_send_break, METH_O, __pyx_doc_3ssh_7channel_7Channel_52request_send_break},
-  {"request_shell", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_55request_shell, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_54request_shell},
-  {"request_sftp", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_57request_sftp, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_56request_sftp},
-  {"request_subsystem", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_59request_subsystem, METH_O, __pyx_doc_3ssh_7channel_7Channel_58request_subsystem},
-  {"request_x11", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_61request_x11, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_60request_x11},
-  {"set_blocking", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_63set_blocking, METH_O, __pyx_doc_3ssh_7channel_7Channel_62set_blocking},
-  {"set_counter", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_65set_counter, METH_O, __pyx_doc_3ssh_7channel_7Channel_64set_counter},
-  {"write", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_67write, METH_O, __pyx_doc_3ssh_7channel_7Channel_66write},
-  {"write_stderr", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_69write_stderr, METH_O, __pyx_doc_3ssh_7channel_7Channel_68write_stderr},
-  {"window_size", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_71window_size, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_70window_size},
-  {"select", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7channel_7Channel_73select, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_72select},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_75__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_7channel_7Channel_74__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_7channel_7Channel_77__setstate_cython__, METH_O, __pyx_doc_3ssh_7channel_7Channel_76__setstate_cython__},
+  {"close", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_5close, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_4close},
+  {"get_exit_status", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_7get_exit_status, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_6get_exit_status},
+  {"get_exit_state", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_9get_exit_state, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_8get_exit_state},
+  {"get_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_11get_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_10get_session},
+  {"is_closed", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_13is_closed, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_12is_closed},
+  {"is_eof", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_15is_eof, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_14is_eof},
+  {"is_open", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_17is_open, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_16is_open},
+  {"send_eof", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_19send_eof, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_18send_eof},
+  {"request_auth_agent", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_21request_auth_agent, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_20request_auth_agent},
+  {"open_auth_agent", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_23open_auth_agent, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_22open_auth_agent},
+  {"open_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_25open_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_24open_forward},
+  {"open_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_27open_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_26open_session},
+  {"open_x11", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_29open_x11, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_28open_x11},
+  {"accept_x11", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_31accept_x11, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_30accept_x11},
+  {"poll", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_33poll, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_32poll},
+  {"poll_timeout", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_35poll_timeout, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_34poll_timeout},
+  {"read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_37read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_36read},
+  {"read_nonblocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_39read_nonblocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_38read_nonblocking},
+  {"read_timeout", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_41read_timeout, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_40read_timeout},
+  {"request_env", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_43request_env, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_42request_env},
+  {"request_exec", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_45request_exec, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_44request_exec},
+  {"request_pty", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_47request_pty, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_46request_pty},
+  {"change_pty_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_49change_pty_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_48change_pty_size},
+  {"request_pty_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_51request_pty_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_50request_pty_size},
+  {"request_send_signal", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_53request_send_signal, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_52request_send_signal},
+  {"request_send_break", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_55request_send_break, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_54request_send_break},
+  {"request_shell", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_57request_shell, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_56request_shell},
+  {"request_sftp", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_59request_sftp, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_58request_sftp},
+  {"request_subsystem", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_61request_subsystem, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_60request_subsystem},
+  {"request_x11", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_63request_x11, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_62request_x11},
+  {"set_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_65set_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_64set_blocking},
+  {"set_counter", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_67set_counter, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_66set_counter},
+  {"write", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_69write, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_68write},
+  {"write_stderr", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_71write_stderr, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_70write_stderr},
+  {"window_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_73window_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_72window_size},
+  {"select", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_75select, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_74select},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_77__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_76__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7channel_7Channel_79__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7channel_7Channel_78__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_7channel_Channel[] = {
-  {(char *)"session", __pyx_getprop_3ssh_7channel_7Channel_session, 0, (char *)"Originating session.", 0},
-  {(char *)"closed", __pyx_getprop_3ssh_7channel_7Channel_closed, 0, (char *)0, 0},
+  {"session", __pyx_getprop_3ssh_7channel_7Channel_session, 0, PyDoc_STR("Originating session."), 0},
+  {"closed", __pyx_getprop_3ssh_7channel_7Channel_closed, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_7channel_Channel_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_7channel_Channel},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_7channel_Channel},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_7channel_Channel},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_7channel_Channel},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_7channel_Channel},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_7channel_Channel},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_7channel_Channel_spec = {
+  "ssh.channel.Channel",
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_7channel_Channel_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_7channel_Channel = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.channel.Channel", /*tp_name*/
+  "ssh.channel.""Channel", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_7channel_Channel), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_7channel_Channel, /*tp_dealloc*/
@@ -8139,12 +11302,7 @@ static PyTypeObject __pyx_type_3ssh_7channel_Channel = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -8170,7 +11328,9 @@ static PyTypeObject __pyx_type_3ssh_7channel_Channel = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_7channel_Channel, /*tp_new*/
@@ -8183,186 +11343,77 @@ static PyTypeObject __pyx_type_3ssh_7channel_Channel = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_channel(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_channel},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "channel",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_kp_b_, __pyx_k_, sizeof(__pyx_k_), 0, 0, 0, 0},
-  {&__pyx_n_s_Channel, __pyx_k_Channel, sizeof(__pyx_k_Channel), 0, 0, 1, 1},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_NotImplementedError, __pyx_k_NotImplementedError, sizeof(__pyx_k_NotImplementedError), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_channels, __pyx_k_channels, sizeof(__pyx_k_channels), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_col, __pyx_k_col, sizeof(__pyx_k_col), 0, 0, 1, 1},
-  {&__pyx_n_s_cols, __pyx_k_cols, sizeof(__pyx_k_cols), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_is_stderr, __pyx_k_is_stderr, sizeof(__pyx_k_is_stderr), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_maxfd, __pyx_k_maxfd, sizeof(__pyx_k_maxfd), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_name_2, __pyx_k_name_2, sizeof(__pyx_k_name_2), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_outchannels, __pyx_k_outchannels, sizeof(__pyx_k_outchannels), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_readfds, __pyx_k_readfds, sizeof(__pyx_k_readfds), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_remotehost, __pyx_k_remotehost, sizeof(__pyx_k_remotehost), 0, 0, 1, 1},
-  {&__pyx_n_s_remoteport, __pyx_k_remoteport, sizeof(__pyx_k_remoteport), 0, 0, 1, 1},
-  {&__pyx_n_s_row, __pyx_k_row, sizeof(__pyx_k_row), 0, 0, 1, 1},
-  {&__pyx_n_s_rows, __pyx_k_rows, sizeof(__pyx_k_rows), 0, 0, 1, 1},
-  {&__pyx_n_s_screen_number, __pyx_k_screen_number, sizeof(__pyx_k_screen_number), 0, 0, 1, 1},
-  {&__pyx_n_s_session, __pyx_k_session, sizeof(__pyx_k_session), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_single_connection, __pyx_k_single_connection, sizeof(__pyx_k_single_connection), 0, 0, 1, 1},
-  {&__pyx_n_s_size, __pyx_k_size, sizeof(__pyx_k_size), 0, 0, 1, 1},
-  {&__pyx_n_s_sourcehost, __pyx_k_sourcehost, sizeof(__pyx_k_sourcehost), 0, 0, 1, 1},
-  {&__pyx_n_s_sourceport, __pyx_k_sourceport, sizeof(__pyx_k_sourceport), 0, 0, 1, 1},
-  {&__pyx_n_s_terminal, __pyx_k_terminal, sizeof(__pyx_k_terminal), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {&__pyx_n_s_timeout, __pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 0, 1, 1},
-  {&__pyx_n_s_value, __pyx_k_value, sizeof(__pyx_k_value), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 138, __pyx_L1_error)
-  __pyx_builtin_NotImplementedError = __Pyx_GetBuiltinName(__pyx_n_s_NotImplementedError); if (!__pyx_builtin_NotImplementedError) __PYX_ERR(0, 298, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__3 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__3);
-  __Pyx_GIVEREF(__pyx_tuple__3);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  __pyx_int_0 = PyInt_FromLong(0); if (unlikely(!__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -8370,17 +11421,26 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_7channel_Channel = &__pyx_vtable_3ssh_7channel_Channel;
   __pyx_vtable_3ssh_7channel_Channel.from_ptr = (struct __pyx_obj_3ssh_7channel_Channel *(*)(ssh_channel, struct __pyx_obj_3ssh_7session_Session *))__pyx_f_3ssh_7channel_7Channel_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_7channel_Channel.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_7channel_Channel_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel)) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_7channel_Channel_spec, __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel = &__pyx_type_3ssh_7channel_Channel;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_7channel_Channel.tp_dictoffset && __pyx_type_3ssh_7channel_Channel.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_7channel_Channel.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_7channel_Channel.tp_dict, __pyx_vtabptr_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Channel, (PyObject *)&__pyx_type_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __pyx_ptype_3ssh_7channel_Channel = &__pyx_type_3ssh_7channel_Channel;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel, __pyx_vtabptr_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Channel, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -8388,8 +11448,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -8398,8 +11459,15 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -8409,16 +11477,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -8427,9 +11497,9 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -8439,50 +11509,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_channel(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_channel},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "channel",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initchannel(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initchannel(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_channel(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_channel(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -8490,7 +11631,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -8505,10 +11648,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -8531,9 +11677,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_channel(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -8544,9 +11695,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_channel(PyObject *__pyx_pyinit_mod
     PyErr_SetString(PyExc_RuntimeError, "Module 'channel' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "channel" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -8556,133 +11735,1120 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_channel(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_channel", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("channel", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__channel) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name_2, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name_2, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.channel")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.channel", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.channel", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
-  /* "ssh/channel.pyx":1
- * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
- * # Copyright (C) 2018 Panos Kittenis
- * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  /* "ssh/channel.pyx":49
+ *         return chan
+ * 
+ *     def close(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         if self.closed:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_5close, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_close, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_close, __pyx_t_2) < 0) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  /*--- Wrapped vars code ---*/
+  /* "ssh/channel.pyx":59
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def get_exit_status(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_7get_exit_status, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_get_exit_status, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_get_exit_status, __pyx_t_2) < 0) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  if (__pyx_m) {
-    if (__pyx_d) {
-      __Pyx_AddTraceback("init ssh.channel", __pyx_clineno, __pyx_lineno, __pyx_filename);
-    }
-    Py_CLEAR(__pyx_m);
-  } else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_ImportError, "init ssh.channel");
-  }
-  __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
-  #else
-  return;
-  #endif
-}
+  /* "ssh/channel.pyx":65
+ *         return rc
+ * 
+ *     def get_exit_state(self):             # <<<<<<<<<<<<<<
+ *         """
+ *         :rtype: (int, bytes, bool)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_9get_exit_state, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_get_exit_state, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_get_exit_state, __pyx_t_2) < 0) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
+  /* "ssh/channel.pyx":99
+ *         return (exit_code, exit_signal, pcore_dumped)
+ * 
+ *     def get_session(self):             # <<<<<<<<<<<<<<
+ *         return self.session
+ * 
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_11get_session, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_get_session, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 99, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_get_session, __pyx_t_2) < 0) __PYX_ERR(0, 99, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":102
+ *         return self.session
+ * 
+ *     def is_closed(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_13is_closed, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_is_closed, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 102, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_is_closed, __pyx_t_2) < 0) __PYX_ERR(0, 102, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":108
+ *         return rc != 0
+ * 
+ *     def is_eof(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_15is_eof, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_is_eof, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 108, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_is_eof, __pyx_t_2) < 0) __PYX_ERR(0, 108, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":114
+ *         return bool(rc)
+ * 
+ *     def is_open(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_17is_open, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_is_open, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 114, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_is_open, __pyx_t_2) < 0) __PYX_ERR(0, 114, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":120
+ *         return bool(rc)
+ * 
+ *     def send_eof(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_19send_eof, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_send_eof, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 120, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_send_eof, __pyx_t_2) < 0) __PYX_ERR(0, 120, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":126
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_auth_agent(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_21request_auth_agent, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_auth_agent, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_auth_agent, __pyx_t_2) < 0) __PYX_ERR(0, 126, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":132
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def open_auth_agent(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_23open_auth_agent, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_open_auth_agent, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 132, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_open_auth_agent, __pyx_t_2) < 0) __PYX_ERR(0, 132, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":138
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def open_forward(self, remotehost, int remoteport,             # <<<<<<<<<<<<<<
+ *                      sourcehost, int sourceport):
+ *         cdef bytes b_remotehost = to_bytes(remotehost)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_25open_forward, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_open_forward, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 138, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_open_forward, __pyx_t_2) < 0) __PYX_ERR(0, 138, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":151
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def open_session(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_27open_session, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_open_session, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 151, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_open_session, __pyx_t_2) < 0) __PYX_ERR(0, 151, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":157
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def open_x11(self, sourcehost, int sourceport):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_sourcehost = to_bytes(sourcehost)
+ *         cdef const_char *c_sourcehost = b_sourcehost
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_29open_x11, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_open_x11, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_open_x11, __pyx_t_2) < 0) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":166
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def accept_x11(self, int timeout_ms):             # <<<<<<<<<<<<<<
+ *         cdef Channel chan
+ *         cdef c_ssh.ssh_channel _chan = NULL
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_31accept_x11, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_accept_x11, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 166, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_accept_x11, __pyx_t_2) < 0) __PYX_ERR(0, 166, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":176
+ *         return chan
+ * 
+ *     def poll(self, bint is_stderr=False):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_33poll, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_poll, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 176, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_poll, __pyx_t_2) < 0) __PYX_ERR(0, 176, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":182
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def poll_timeout(self, int timeout, bint is_stderr=False):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_35poll_timeout, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_poll_timeout, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 182, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_poll_timeout, __pyx_t_2) < 0) __PYX_ERR(0, 182, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":189
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def read(self, c_ssh.uint32_t size=1024*1024, bint is_stderr=False):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes buf = b''
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_37read, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_read, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 189, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[1]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_read, __pyx_t_2) < 0) __PYX_ERR(0, 189, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":206
+ *         return handle_error_codes(rc, self._session._session), buf
+ * 
+ *     def read_nonblocking(self, c_ssh.uint32_t size=1024*1024,             # <<<<<<<<<<<<<<
+ *                          bint is_stderr=False):
+ *         cdef int rc
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_39read_nonblocking, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_read_nonblocking, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 206, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[1]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_read_nonblocking, __pyx_t_2) < 0) __PYX_ERR(0, 206, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":225
+ *         return handle_error_codes(rc, self._session._session), buf
+ * 
+ *     def read_timeout(self, int timeout,             # <<<<<<<<<<<<<<
+ *                      c_ssh.uint32_t size=1024*1024, bint is_stderr=False):
+ *         cdef int rc
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_41read_timeout, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_read_timeout, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[18])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 225, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[1]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_read_timeout, __pyx_t_2) < 0) __PYX_ERR(0, 225, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":244
+ *         return handle_error_codes(rc, self._session._session), buf
+ * 
+ *     def request_env(self, name, value):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_name = to_bytes(name)
+ *         cdef const_char *c_name = b_name
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_43request_env, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_env, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[19])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 244, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_env, __pyx_t_2) < 0) __PYX_ERR(0, 244, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":254
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_exec(self, cmd):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_cmd = to_bytes(cmd)
+ *         cdef const_char *c_cmd = b_cmd
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_45request_exec, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_exec, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[20])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 254, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_exec, __pyx_t_2) < 0) __PYX_ERR(0, 254, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":262
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_pty(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_47request_pty, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_pty, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[21])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 262, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_pty, __pyx_t_2) < 0) __PYX_ERR(0, 262, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":268
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def change_pty_size(self, int cols, int rows):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_49change_pty_size, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_change_pty_size, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[22])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 268, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_change_pty_size, __pyx_t_2) < 0) __PYX_ERR(0, 268, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":274
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_pty_size(self, terminal, int col, int row):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_terminal = to_bytes(terminal)
+ *         cdef const_char *c_terminal = b_terminal
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_51request_pty_size, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_pty_size, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[23])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 274, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_pty_size, __pyx_t_2) < 0) __PYX_ERR(0, 274, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":283
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_send_signal(self, sig):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_sig = to_bytes(sig)
+ *         cdef const_char *c_sig = b_sig
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_53request_send_signal, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_send_signal, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[24])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 283, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_send_signal, __pyx_t_2) < 0) __PYX_ERR(0, 283, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":292
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_send_break(self, c_ssh.uint32_t length):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_55request_send_break, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_send_break, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[25])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 292, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_send_break, __pyx_t_2) < 0) __PYX_ERR(0, 292, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":299
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_shell(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_57request_shell, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_shell, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[26])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 299, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_shell, __pyx_t_2) < 0) __PYX_ERR(0, 299, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":305
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_sftp(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_59request_sftp, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_sftp, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[27])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 305, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_sftp, __pyx_t_2) < 0) __PYX_ERR(0, 305, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":311
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_subsystem(self, subsystem):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_sys = to_bytes(subsystem)
+ *         cdef const_char *c_sys = b_sys
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_61request_subsystem, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_subsystem, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[28])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 311, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_subsystem, __pyx_t_2) < 0) __PYX_ERR(0, 311, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":320
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_x11(self, int screen_number, bint single_connection=True):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_63request_x11, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_request_x11, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[29])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 320, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[2]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_request_x11, __pyx_t_2) < 0) __PYX_ERR(0, 320, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":327
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def set_blocking(self, bint blocking):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_65set_blocking, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_set_blocking, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[30])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 327, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_set_blocking, __pyx_t_2) < 0) __PYX_ERR(0, 327, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":331
+ *             c_ssh.ssh_channel_set_blocking(self._channel, blocking)
+ * 
+ *     def set_counter(self, counter):             # <<<<<<<<<<<<<<
+ *         raise NotImplementedError
+ * 
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_67set_counter, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_set_counter, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[31])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 331, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_set_counter, __pyx_t_2) < 0) __PYX_ERR(0, 331, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":334
+ *         raise NotImplementedError
+ * 
+ *     def write(self, data not None):             # <<<<<<<<<<<<<<
+ *         """Write data to stdin on channel.
+ * 
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_69write, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_write, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[32])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 334, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_write, __pyx_t_2) < 0) __PYX_ERR(0, 334, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":363
+ *         return rc, bytes_written
+ * 
+ *     def write_stderr(self, data not None):             # <<<<<<<<<<<<<<
+ *         """Write data to stderr.
+ * 
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_71write_stderr, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_write_stderr, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[33])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 363, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_write_stderr, __pyx_t_2) < 0) __PYX_ERR(0, 363, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":392
+ *         return rc, bytes_written
+ * 
+ *     def window_size(self):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.uint32_t size
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_73window_size, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_window_size, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[34])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 392, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_window_size, __pyx_t_2) < 0) __PYX_ERR(0, 392, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":398
+ *         return size
+ * 
+ *     def select(self, channels not None, outchannels not None, maxfd,             # <<<<<<<<<<<<<<
+ *                readfds, timeout=None):
+ *         raise NotImplementedError
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_75select, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel_select, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[35])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 398, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[3]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, __pyx_mstate_global->__pyx_n_u_select, __pyx_t_2) < 0) __PYX_ERR(0, 398, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_77__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[36])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7channel_7Channel_79__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Channel___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_channel, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[37])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/channel.pyx":1
+ * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
+ * # Copyright (C) 2018 Panos Kittenis
+ * #
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /*--- Wrapped vars code ---*/
+
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  if (__pyx_m) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
+      __Pyx_AddTraceback("init ssh.channel", __pyx_clineno, __pyx_lineno, __pyx_filename);
+    }
+    #if !CYTHON_USE_MODULE_STATE
+    Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
+  } else if (!PyErr_Occurred()) {
+    PyErr_SetString(PyExc_ImportError, "init ssh.channel");
+  }
+  __pyx_L0:;
+  __Pyx_RefNannyFinishContext();
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  return (__pyx_m != NULL) ? 0 : -1;
+  #else
+  return __pyx_m;
+  #endif
+}
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 0, 0}, /* PyObject cname: __pyx_kp_b_ */
+  {__pyx_k_Channel, sizeof(__pyx_k_Channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel */
+  {__pyx_k_Channel___reduce_cython, sizeof(__pyx_k_Channel___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel___reduce_cython */
+  {__pyx_k_Channel___setstate_cython, sizeof(__pyx_k_Channel___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel___setstate_cython */
+  {__pyx_k_Channel_accept_x11, sizeof(__pyx_k_Channel_accept_x11), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_accept_x11 */
+  {__pyx_k_Channel_change_pty_size, sizeof(__pyx_k_Channel_change_pty_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_change_pty_size */
+  {__pyx_k_Channel_close, sizeof(__pyx_k_Channel_close), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_close */
+  {__pyx_k_Channel_get_exit_state, sizeof(__pyx_k_Channel_get_exit_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_get_exit_state */
+  {__pyx_k_Channel_get_exit_status, sizeof(__pyx_k_Channel_get_exit_status), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_get_exit_status */
+  {__pyx_k_Channel_get_session, sizeof(__pyx_k_Channel_get_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_get_session */
+  {__pyx_k_Channel_is_closed, sizeof(__pyx_k_Channel_is_closed), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_is_closed */
+  {__pyx_k_Channel_is_eof, sizeof(__pyx_k_Channel_is_eof), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_is_eof */
+  {__pyx_k_Channel_is_open, sizeof(__pyx_k_Channel_is_open), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_is_open */
+  {__pyx_k_Channel_open_auth_agent, sizeof(__pyx_k_Channel_open_auth_agent), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_open_auth_agent */
+  {__pyx_k_Channel_open_forward, sizeof(__pyx_k_Channel_open_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_open_forward */
+  {__pyx_k_Channel_open_session, sizeof(__pyx_k_Channel_open_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_open_session */
+  {__pyx_k_Channel_open_x11, sizeof(__pyx_k_Channel_open_x11), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_open_x11 */
+  {__pyx_k_Channel_poll, sizeof(__pyx_k_Channel_poll), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_poll */
+  {__pyx_k_Channel_poll_timeout, sizeof(__pyx_k_Channel_poll_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_poll_timeout */
+  {__pyx_k_Channel_read, sizeof(__pyx_k_Channel_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_read */
+  {__pyx_k_Channel_read_nonblocking, sizeof(__pyx_k_Channel_read_nonblocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_read_nonblocking */
+  {__pyx_k_Channel_read_timeout, sizeof(__pyx_k_Channel_read_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_read_timeout */
+  {__pyx_k_Channel_request_auth_agent, sizeof(__pyx_k_Channel_request_auth_agent), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_auth_agent */
+  {__pyx_k_Channel_request_env, sizeof(__pyx_k_Channel_request_env), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_env */
+  {__pyx_k_Channel_request_exec, sizeof(__pyx_k_Channel_request_exec), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_exec */
+  {__pyx_k_Channel_request_pty, sizeof(__pyx_k_Channel_request_pty), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_pty */
+  {__pyx_k_Channel_request_pty_size, sizeof(__pyx_k_Channel_request_pty_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_pty_size */
+  {__pyx_k_Channel_request_send_break, sizeof(__pyx_k_Channel_request_send_break), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_send_break */
+  {__pyx_k_Channel_request_send_signal, sizeof(__pyx_k_Channel_request_send_signal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_send_signal */
+  {__pyx_k_Channel_request_sftp, sizeof(__pyx_k_Channel_request_sftp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_sftp */
+  {__pyx_k_Channel_request_shell, sizeof(__pyx_k_Channel_request_shell), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_shell */
+  {__pyx_k_Channel_request_subsystem, sizeof(__pyx_k_Channel_request_subsystem), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_subsystem */
+  {__pyx_k_Channel_request_x11, sizeof(__pyx_k_Channel_request_x11), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_request_x11 */
+  {__pyx_k_Channel_select, sizeof(__pyx_k_Channel_select), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_select */
+  {__pyx_k_Channel_send_eof, sizeof(__pyx_k_Channel_send_eof), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_send_eof */
+  {__pyx_k_Channel_set_blocking, sizeof(__pyx_k_Channel_set_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_set_blocking */
+  {__pyx_k_Channel_set_counter, sizeof(__pyx_k_Channel_set_counter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_set_counter */
+  {__pyx_k_Channel_window_size, sizeof(__pyx_k_Channel_window_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_window_size */
+  {__pyx_k_Channel_write, sizeof(__pyx_k_Channel_write), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_write */
+  {__pyx_k_Channel_write_stderr, sizeof(__pyx_k_Channel_write_stderr), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Channel_write_stderr */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_NotImplementedError, sizeof(__pyx_k_NotImplementedError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_NotImplementedError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_accept_x11, sizeof(__pyx_k_accept_x11), 0, 1, 1}, /* PyObject cname: __pyx_n_u_accept_x11 */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_b_buf, sizeof(__pyx_k_b_buf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_buf */
+  {__pyx_k_b_cmd, sizeof(__pyx_k_b_cmd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_cmd */
+  {__pyx_k_b_name, sizeof(__pyx_k_b_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_name */
+  {__pyx_k_b_remotehost, sizeof(__pyx_k_b_remotehost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_remotehost */
+  {__pyx_k_b_sig, sizeof(__pyx_k_b_sig), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_sig */
+  {__pyx_k_b_sourcehost, sizeof(__pyx_k_b_sourcehost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_sourcehost */
+  {__pyx_k_b_sys, sizeof(__pyx_k_b_sys), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_sys */
+  {__pyx_k_b_terminal, sizeof(__pyx_k_b_terminal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_terminal */
+  {__pyx_k_b_value, sizeof(__pyx_k_b_value), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_value */
+  {__pyx_k_blocking, sizeof(__pyx_k_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_blocking */
+  {__pyx_k_buf, sizeof(__pyx_k_buf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_buf */
+  {__pyx_k_buf_2, sizeof(__pyx_k_buf_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_buf_2 */
+  {__pyx_k_buf_remainder, sizeof(__pyx_k_buf_remainder), 0, 1, 1}, /* PyObject cname: __pyx_n_u_buf_remainder */
+  {__pyx_k_buf_tot_size, sizeof(__pyx_k_buf_tot_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_buf_tot_size */
+  {__pyx_k_bytes_written, sizeof(__pyx_k_bytes_written), 0, 1, 1}, /* PyObject cname: __pyx_n_u_bytes_written */
+  {__pyx_k_c_cmd, sizeof(__pyx_k_c_cmd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_cmd */
+  {__pyx_k_c_exit_code, sizeof(__pyx_k_c_exit_code), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_exit_code */
+  {__pyx_k_c_exit_signal, sizeof(__pyx_k_c_exit_signal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_exit_signal */
+  {__pyx_k_c_name, sizeof(__pyx_k_c_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_name */
+  {__pyx_k_c_pcore_dumped, sizeof(__pyx_k_c_pcore_dumped), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_pcore_dumped */
+  {__pyx_k_c_remotehost, sizeof(__pyx_k_c_remotehost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_remotehost */
+  {__pyx_k_c_sig, sizeof(__pyx_k_c_sig), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_sig */
+  {__pyx_k_c_sourcehost, sizeof(__pyx_k_c_sourcehost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_sourcehost */
+  {__pyx_k_c_sys, sizeof(__pyx_k_c_sys), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_sys */
+  {__pyx_k_c_terminal, sizeof(__pyx_k_c_terminal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_terminal */
+  {__pyx_k_c_value, sizeof(__pyx_k_c_value), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_value */
+  {__pyx_k_cbuf, sizeof(__pyx_k_cbuf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cbuf */
+  {__pyx_k_chan, sizeof(__pyx_k_chan), 0, 1, 1}, /* PyObject cname: __pyx_n_u_chan */
+  {__pyx_k_chan_2, sizeof(__pyx_k_chan_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_chan_2 */
+  {__pyx_k_change_pty_size, sizeof(__pyx_k_change_pty_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_change_pty_size */
+  {__pyx_k_channels, sizeof(__pyx_k_channels), 0, 1, 1}, /* PyObject cname: __pyx_n_u_channels */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_close, sizeof(__pyx_k_close), 0, 1, 1}, /* PyObject cname: __pyx_n_u_close */
+  {__pyx_k_cmd, sizeof(__pyx_k_cmd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cmd */
+  {__pyx_k_col, sizeof(__pyx_k_col), 0, 1, 1}, /* PyObject cname: __pyx_n_u_col */
+  {__pyx_k_cols, sizeof(__pyx_k_cols), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cols */
+  {__pyx_k_counter, sizeof(__pyx_k_counter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_counter */
+  {__pyx_k_data, sizeof(__pyx_k_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_data */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_exit_code, sizeof(__pyx_k_exit_code), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exit_code */
+  {__pyx_k_exit_signal, sizeof(__pyx_k_exit_signal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exit_signal */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_get_exit_state, sizeof(__pyx_k_get_exit_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_exit_state */
+  {__pyx_k_get_exit_status, sizeof(__pyx_k_get_exit_status), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_exit_status */
+  {__pyx_k_get_session, sizeof(__pyx_k_get_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_session */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_closed, sizeof(__pyx_k_is_closed), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_closed */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_is_eof, sizeof(__pyx_k_is_eof), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_eof */
+  {__pyx_k_is_open, sizeof(__pyx_k_is_open), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_open */
+  {__pyx_k_is_stderr, sizeof(__pyx_k_is_stderr), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_stderr */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_length, sizeof(__pyx_k_length), 0, 1, 1}, /* PyObject cname: __pyx_n_u_length */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_maxfd, sizeof(__pyx_k_maxfd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_maxfd */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_name_2, sizeof(__pyx_k_name_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name_2 */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_open_auth_agent, sizeof(__pyx_k_open_auth_agent), 0, 1, 1}, /* PyObject cname: __pyx_n_u_open_auth_agent */
+  {__pyx_k_open_forward, sizeof(__pyx_k_open_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_open_forward */
+  {__pyx_k_open_session, sizeof(__pyx_k_open_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_open_session */
+  {__pyx_k_open_x11, sizeof(__pyx_k_open_x11), 0, 1, 1}, /* PyObject cname: __pyx_n_u_open_x11 */
+  {__pyx_k_outchannels, sizeof(__pyx_k_outchannels), 0, 1, 1}, /* PyObject cname: __pyx_n_u_outchannels */
+  {__pyx_k_pcore_dumped, sizeof(__pyx_k_pcore_dumped), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pcore_dumped */
+  {__pyx_k_poll, sizeof(__pyx_k_poll), 0, 1, 1}, /* PyObject cname: __pyx_n_u_poll */
+  {__pyx_k_poll_timeout, sizeof(__pyx_k_poll_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_poll_timeout */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_read, sizeof(__pyx_k_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_read */
+  {__pyx_k_read_nonblocking, sizeof(__pyx_k_read_nonblocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_read_nonblocking */
+  {__pyx_k_read_timeout, sizeof(__pyx_k_read_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_read_timeout */
+  {__pyx_k_readfds, sizeof(__pyx_k_readfds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_readfds */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_remotehost, sizeof(__pyx_k_remotehost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_remotehost */
+  {__pyx_k_remoteport, sizeof(__pyx_k_remoteport), 0, 1, 1}, /* PyObject cname: __pyx_n_u_remoteport */
+  {__pyx_k_request_auth_agent, sizeof(__pyx_k_request_auth_agent), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_auth_agent */
+  {__pyx_k_request_env, sizeof(__pyx_k_request_env), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_env */
+  {__pyx_k_request_exec, sizeof(__pyx_k_request_exec), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_exec */
+  {__pyx_k_request_pty, sizeof(__pyx_k_request_pty), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_pty */
+  {__pyx_k_request_pty_size, sizeof(__pyx_k_request_pty_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_pty_size */
+  {__pyx_k_request_send_break, sizeof(__pyx_k_request_send_break), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_send_break */
+  {__pyx_k_request_send_signal, sizeof(__pyx_k_request_send_signal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_send_signal */
+  {__pyx_k_request_sftp, sizeof(__pyx_k_request_sftp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_sftp */
+  {__pyx_k_request_shell, sizeof(__pyx_k_request_shell), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_shell */
+  {__pyx_k_request_subsystem, sizeof(__pyx_k_request_subsystem), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_subsystem */
+  {__pyx_k_request_x11, sizeof(__pyx_k_request_x11), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_x11 */
+  {__pyx_k_row, sizeof(__pyx_k_row), 0, 1, 1}, /* PyObject cname: __pyx_n_u_row */
+  {__pyx_k_rows, sizeof(__pyx_k_rows), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rows */
+  {__pyx_k_screen_number, sizeof(__pyx_k_screen_number), 0, 1, 1}, /* PyObject cname: __pyx_n_u_screen_number */
+  {__pyx_k_select, sizeof(__pyx_k_select), 0, 1, 1}, /* PyObject cname: __pyx_n_u_select */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_send_eof, sizeof(__pyx_k_send_eof), 0, 1, 1}, /* PyObject cname: __pyx_n_u_send_eof */
+  {__pyx_k_session, sizeof(__pyx_k_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_session */
+  {__pyx_k_set_blocking, sizeof(__pyx_k_set_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_blocking */
+  {__pyx_k_set_counter, sizeof(__pyx_k_set_counter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_counter */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_sig, sizeof(__pyx_k_sig), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sig */
+  {__pyx_k_single_connection, sizeof(__pyx_k_single_connection), 0, 1, 1}, /* PyObject cname: __pyx_n_u_single_connection */
+  {__pyx_k_size, sizeof(__pyx_k_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_size */
+  {__pyx_k_sourcehost, sizeof(__pyx_k_sourcehost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sourcehost */
+  {__pyx_k_sourceport, sizeof(__pyx_k_sourceport), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sourceport */
+  {__pyx_k_ssh_channel, sizeof(__pyx_k_ssh_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_channel */
+  {__pyx_k_ssh_channel_pyx, sizeof(__pyx_k_ssh_channel_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_channel_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_subsystem, sizeof(__pyx_k_subsystem), 0, 1, 1}, /* PyObject cname: __pyx_n_u_subsystem */
+  {__pyx_k_terminal, sizeof(__pyx_k_terminal), 0, 1, 1}, /* PyObject cname: __pyx_n_u_terminal */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_timeout */
+  {__pyx_k_timeout_ms, sizeof(__pyx_k_timeout_ms), 0, 1, 1}, /* PyObject cname: __pyx_n_u_timeout_ms */
+  {__pyx_k_value, sizeof(__pyx_k_value), 0, 1, 1}, /* PyObject cname: __pyx_n_u_value */
+  {__pyx_k_window_size, sizeof(__pyx_k_window_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_window_size */
+  {__pyx_k_write, sizeof(__pyx_k_write), 0, 1, 1}, /* PyObject cname: __pyx_n_u_write */
+  {__pyx_k_write_stderr, sizeof(__pyx_k_write_stderr), 0, 1, 1}, /* PyObject cname: __pyx_n_u_write_stderr */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 172, __pyx_L1_error)
+  __pyx_builtin_NotImplementedError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_NotImplementedError); if (!__pyx_builtin_NotImplementedError) __PYX_ERR(0, 332, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "ssh/channel.pyx":176
+ *         return chan
+ * 
+ *     def poll(self, bint is_stderr=False):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(1, Py_False); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(0, 176, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+
+  /* "ssh/channel.pyx":189
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def read(self, c_ssh.uint32_t size=1024*1024, bint is_stderr=False):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes buf = b''
+*/
+  __pyx_mstate_global->__pyx_tuple[1] = PyTuple_Pack(2, __pyx_mstate_global->__pyx_int_1048576, Py_False); if (unlikely(!__pyx_mstate_global->__pyx_tuple[1])) __PYX_ERR(0, 189, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[1]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[1]);
+
+  /* "ssh/channel.pyx":320
+ *         return handle_error_codes(rc, self._session._session)
+ * 
+ *     def request_x11(self, int screen_number, bint single_connection=True):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_mstate_global->__pyx_tuple[2] = PyTuple_Pack(1, Py_True); if (unlikely(!__pyx_mstate_global->__pyx_tuple[2])) __PYX_ERR(0, 320, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[2]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[2]);
+
+  /* "ssh/channel.pyx":398
+ *         return size
+ * 
+ *     def select(self, channels not None, outchannels not None, maxfd,             # <<<<<<<<<<<<<<
+ *                readfds, timeout=None):
+ *         raise NotImplementedError
+*/
+  __pyx_mstate_global->__pyx_tuple[3] = PyTuple_Pack(1, Py_None); if (unlikely(!__pyx_mstate_global->__pyx_tuple[3])) __PYX_ERR(0, 398, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[3]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[3]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_0 = PyLong_FromLong(0); if (unlikely(!__pyx_mstate->__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_1048576 = PyLong_FromLong(1048576L); if (unlikely(!__pyx_mstate->__pyx_int_1048576)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 3;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 4;
+            unsigned int flags : 10;
+            unsigned int first_line : 9;
+            unsigned int line_table_length : 12;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 49, 61};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_close, __pyx_k_A_4q_1_Q_3c_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 59, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_get_exit_status, __pyx_k_A_2_4q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 65, 146};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_exit_code, __pyx_mstate->__pyx_n_u_exit_signal, __pyx_mstate->__pyx_n_u_pcore_dumped, __pyx_mstate->__pyx_n_u_c_pcore_dumped, __pyx_mstate->__pyx_n_u_c_exit_code, __pyx_mstate->__pyx_n_u_c_exit_signal};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_get_exit_state, __pyx_k_A_86_r_5Q_1M_4t9A_A_c_3ha_D_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 99, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_get_session, __pyx_k_A_t1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 102, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_is_closed, __pyx_k_A_AT_s_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 108, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_is_eof, __pyx_k_A_a_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 114, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_is_open, __pyx_k_A_4q_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 120, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_send_eof, __pyx_k_A_1D_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 126, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_auth_agent, __pyx_k_A_5Qd_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 132, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_open_auth_agent, __pyx_k_A_2_4q_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {5, 0, 0, 10, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 138, 71};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_remotehost, __pyx_mstate->__pyx_n_u_remoteport, __pyx_mstate->__pyx_n_u_sourcehost, __pyx_mstate->__pyx_n_u_sourceport, __pyx_mstate->__pyx_n_u_b_remotehost, __pyx_mstate->__pyx_n_u_c_remotehost, __pyx_mstate->__pyx_n_u_b_sourcehost, __pyx_mstate->__pyx_n_u_c_sourcehost, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_open_forward, __pyx_k_A_1_1_q_K_Q_a_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 151, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_open_session, __pyx_k_A_q_A_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 157, 52};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_sourcehost, __pyx_mstate->__pyx_n_u_sourceport, __pyx_mstate->__pyx_n_u_b_sourcehost, __pyx_mstate->__pyx_n_u_c_sourcehost, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_open_x11, __pyx_k_A_1_1_K_Q_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 166, 54};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_timeout_ms, __pyx_mstate->__pyx_n_u_chan, __pyx_mstate->__pyx_n_u_chan_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_accept_x11, __pyx_k_A_q_0_6_A_iq_t1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 176, 38};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_is_stderr, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_poll, __pyx_k_q_Kq_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 182, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_timeout, __pyx_mstate->__pyx_n_u_is_stderr, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_poll_timeout, __pyx_k_7q_q_Ky_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 189, 110};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_is_stderr, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_buf, __pyx_mstate->__pyx_n_u_cbuf};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_read, __pyx_k_A_86_aq_uCq_q_KvV1_s_A_d_A_d_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 206, 111};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_is_stderr, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_buf, __pyx_mstate->__pyx_n_u_cbuf};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_read_nonblocking, __pyx_k_7q_86_aq_uCq_31_KvV1_s_A_d_A_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 7, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 225, 112};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_timeout, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_is_stderr, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_buf, __pyx_mstate->__pyx_n_u_cbuf};
+    __pyx_mstate_global->__pyx_codeobj_tab[18] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_read_timeout, __pyx_k_A_C1_86_aq_uCq_q_KvV_a_s_A_d_A_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[18])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 244, 65};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_name, __pyx_mstate->__pyx_n_u_value, __pyx_mstate->__pyx_n_u_b_name, __pyx_mstate->__pyx_n_u_c_name, __pyx_mstate->__pyx_n_u_b_value, __pyx_mstate->__pyx_n_u_c_value, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[19] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_env, __pyx_k_A_HAQ_XQa_1_at_ha_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[19])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 254, 49};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_cmd, __pyx_mstate->__pyx_n_u_b_cmd, __pyx_mstate->__pyx_n_u_c_cmd, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[20] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_exec, __pyx_k_A_81A_q_Kq_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[20])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 262, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[21] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_pty, __pyx_k_A_at1_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[21])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 268, 37};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_cols, __pyx_mstate->__pyx_n_u_rows, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[22] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_change_pty_size, __pyx_k_A_2_4_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[22])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 7, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 274, 54};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_terminal, __pyx_mstate->__pyx_n_u_col, __pyx_mstate->__pyx_n_u_row, __pyx_mstate->__pyx_n_u_b_terminal, __pyx_mstate->__pyx_n_u_c_terminal, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[23] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_pty_size, __pyx_k_A_a_31_K_5_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[23])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 283, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_sig, __pyx_mstate->__pyx_n_u_b_sig, __pyx_mstate->__pyx_n_u_c_sig, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[24] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_send_signal, __pyx_k_A_81A_6a_Kq_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[24])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 292, 36};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_length, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[25] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_send_break, __pyx_k_A_5Q_Kq_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[25])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 299, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[26] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_shell, __pyx_k_A_0_Q_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[26])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 305, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[27] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_sftp, __pyx_k_A_q_A_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[27])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 311, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_subsystem, __pyx_mstate->__pyx_n_u_b_sys, __pyx_mstate->__pyx_n_u_c_sys, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[28] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_subsystem, __pyx_k_A_81A_4A_Kq_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[28])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 320, 46};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_screen_number, __pyx_mstate->__pyx_n_u_single_connection, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[29] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_request_x11, __pyx_k_DA_a_K_2_a_d_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[29])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 327, 16};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_blocking};
+    __pyx_mstate_global->__pyx_codeobj_tab[30] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_set_blocking, __pyx_k_A_4, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[30])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 331, 7};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_counter};
+    __pyx_mstate_global->__pyx_codeobj_tab[31] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_set_counter, __pyx_k_A_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[31])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 334, 139};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_data, __pyx_mstate->__pyx_n_u_b_buf, __pyx_mstate->__pyx_n_u_buf_2, __pyx_mstate->__pyx_n_u_buf_remainder, __pyx_mstate->__pyx_n_u_buf_tot_size, __pyx_mstate->__pyx_n_u_bytes_written, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[32] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_write, __pyx_k_A_81A_Cq_1_A_A_6_3b_c_1_IQ_M_1_t, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[32])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 363, 139};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_data, __pyx_mstate->__pyx_n_u_b_buf, __pyx_mstate->__pyx_n_u_buf_2, __pyx_mstate->__pyx_n_u_buf_remainder, __pyx_mstate->__pyx_n_u_buf_tot_size, __pyx_mstate->__pyx_n_u_bytes_written, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[33] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_write_stderr, __pyx_k_A_81A_Cq_1_A_31_6_3b_c_1_IQ_M_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[33])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 392, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_size};
+    __pyx_mstate_global->__pyx_codeobj_tab[34] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_window_size, __pyx_k_A_0_Q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[34])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {6, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 398, 10};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_channels, __pyx_mstate->__pyx_n_u_outchannels, __pyx_mstate->__pyx_n_u_maxfd, __pyx_mstate->__pyx_n_u_readfds, __pyx_mstate->__pyx_n_u_timeout};
+    __pyx_mstate_global->__pyx_codeobj_tab[35] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_channel_pyx, __pyx_mstate->__pyx_n_u_select, __pyx_k_A_a_2, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[35])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[36] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[36])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[37] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[37])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
     r = PyLong_AsVoidPtr(p);
 end:
     Py_XDECREF(p);
@@ -8690,845 +12856,3719 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
     return (__Pyx_RefNannyAPIStruct *)r;
 }
 #endif
-
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* GetException */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+#else
+static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+#endif
+{
+    PyObject *local_type = NULL, *local_value, *local_tb = NULL;
+#if CYTHON_FAST_THREAD_STATE
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if PY_VERSION_HEX >= 0x030C0000
+    local_value = tstate->current_exception;
+    tstate->current_exception = 0;
+  #else
+    local_type = tstate->curexc_type;
+    local_value = tstate->curexc_value;
+    local_tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+  #endif
+#elif __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    local_value = PyErr_GetRaisedException();
+#else
+    PyErr_Fetch(&local_type, &local_value, &local_tb);
+#endif
+#if __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    if (likely(local_value)) {
+        local_type = (PyObject*) Py_TYPE(local_value);
+        Py_INCREF(local_type);
+        local_tb = PyException_GetTraceback(local_value);
+    }
+#else
+    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
+#if CYTHON_FAST_THREAD_STATE
+    if (unlikely(tstate->curexc_type))
+#else
+    if (unlikely(PyErr_Occurred()))
+#endif
+        goto bad;
+    if (local_tb) {
+        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
+            goto bad;
+    }
+#endif // __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    Py_XINCREF(local_tb);
+    Py_XINCREF(local_type);
+    Py_XINCREF(local_value);
+    *type = local_type;
+    *value = local_value;
+    *tb = local_tb;
+#if CYTHON_FAST_THREAD_STATE
+    #if CYTHON_USE_EXC_INFO_STACK
+    {
+        _PyErr_StackItem *exc_info = tstate->exc_info;
+      #if PY_VERSION_HEX >= 0x030B00a4
+        tmp_value = exc_info->exc_value;
+        exc_info->exc_value = local_value;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+        Py_XDECREF(local_type);
+        Py_XDECREF(local_tb);
+      #else
+        tmp_type = exc_info->exc_type;
+        tmp_value = exc_info->exc_value;
+        tmp_tb = exc_info->exc_traceback;
+        exc_info->exc_type = local_type;
+        exc_info->exc_value = local_value;
+        exc_info->exc_traceback = local_tb;
+      #endif
+    }
+    #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = local_type;
+    tstate->exc_value = local_value;
+    tstate->exc_traceback = local_tb;
+    #endif
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    PyErr_SetHandledException(local_value);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_tb);
+#else
+    PyErr_SetExcInfo(local_type, local_value, local_tb);
+#endif
+    return 0;
+#if __PYX_LIMITED_VERSION_HEX <= 0x030C0000
+bad:
+    *type = 0;
+    *value = 0;
+    *tb = 0;
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_tb);
+    return -1;
+#endif
+}
+
+/* SwapException */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_value = exc_info->exc_value;
+    exc_info->exc_value = *value;
+    if (tmp_value == NULL || tmp_value == Py_None) {
+        Py_XDECREF(tmp_value);
+        tmp_value = NULL;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+    } else {
+        tmp_type = (PyObject*) Py_TYPE(tmp_value);
+        Py_INCREF(tmp_type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        tmp_tb = ((PyBaseExceptionObject*) tmp_value)->traceback;
+        Py_XINCREF(tmp_tb);
+        #else
+        tmp_tb = PyException_GetTraceback(tmp_value);
+        #endif
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_type = exc_info->exc_type;
+    tmp_value = exc_info->exc_value;
+    tmp_tb = exc_info->exc_traceback;
+    exc_info->exc_type = *type;
+    exc_info->exc_value = *value;
+    exc_info->exc_traceback = *tb;
+  #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = *type;
+    tstate->exc_value = *value;
+    tstate->exc_traceback = *tb;
+  #endif
+    *type = tmp_type;
+    *value = tmp_value;
+    *tb = tmp_tb;
+}
+#else
+static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb) {
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    PyErr_GetExcInfo(&tmp_type, &tmp_value, &tmp_tb);
+    PyErr_SetExcInfo(*type, *value, *tb);
+    *type = tmp_type;
+    *value = tmp_value;
+    *tb = tmp_tb;
+}
+#endif
+
+/* GetTopmostException */
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
+static _PyErr_StackItem *
+__Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
+{
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    while ((exc_info->exc_value == NULL || exc_info->exc_value == Py_None) &&
+           exc_info->previous_item != NULL)
+    {
+        exc_info = exc_info->previous_item;
+    }
+    return exc_info;
+}
+#endif
+
+/* SaveResetException */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    PyObject *exc_value = exc_info->exc_value;
+    if (exc_value == NULL || exc_value == Py_None) {
+        *value = NULL;
+        *type = NULL;
+        *tb = NULL;
+    } else {
+        *value = exc_value;
+        Py_INCREF(*value);
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        *tb = PyException_GetTraceback(exc_value);
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    *type = exc_info->exc_type;
+    *value = exc_info->exc_value;
+    *tb = exc_info->exc_traceback;
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #else
+    *type = tstate->exc_type;
+    *value = tstate->exc_value;
+    *tb = tstate->exc_traceback;
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #endif
+}
+static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    PyObject *tmp_value = exc_info->exc_value;
+    exc_info->exc_value = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+  #else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    #if CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_type = exc_info->exc_type;
+    tmp_value = exc_info->exc_value;
+    tmp_tb = exc_info->exc_traceback;
+    exc_info->exc_type = type;
+    exc_info->exc_value = value;
+    exc_info->exc_traceback = tb;
+    #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = type;
+    tstate->exc_value = value;
+    tstate->exc_traceback = tb;
+    #endif
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+  #endif
+}
+#endif
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
 #endif
-    return PyObject_GetAttr(obj, attr_name);
-}
+    return r;
 #endif
+}
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #endif
-    }
-    return result;
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
 }
 
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
-{
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
 }
 
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
         }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
                 }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
+                if (base_vtables[j] == base_vtable) {
                     break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
                 }
-                name++;
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name_2);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
             }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
                 }
             }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
         }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
     }
     return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
     #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
     #endif
-bad:
-    return -1;
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
 }
+#endif
 
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
 {
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
     }
-    if (exact) {
-        more_or_less = "exactly";
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
     }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
 }
-
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
 {
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
     }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
     return 0;
 }
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
 }
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 }
 #endif
-
-/* GetException */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
 {
-    PyObject *local_type, *local_value, *local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    local_type = tstate->curexc_type;
-    local_value = tstate->curexc_value;
-    local_tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-#else
-    PyErr_Fetch(&local_type, &local_value, &local_tb);
-#endif
-    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
-#if CYTHON_FAST_THREAD_STATE
-    if (unlikely(tstate->curexc_type))
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
 #else
-    if (unlikely(PyErr_Occurred()))
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
 #endif
-        goto bad;
-    #if PY_MAJOR_VERSION >= 3
-    if (local_tb) {
-        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
-            goto bad;
     }
-    #endif
-    Py_XINCREF(local_tb);
-    Py_XINCREF(local_type);
-    Py_XINCREF(local_value);
-    *type = local_type;
-    *value = local_value;
-    *tb = local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    #if CYTHON_USE_EXC_INFO_STACK
-    {
-        _PyErr_StackItem *exc_info = tstate->exc_info;
-        tmp_type = exc_info->exc_type;
-        tmp_value = exc_info->exc_value;
-        tmp_tb = exc_info->exc_traceback;
-        exc_info->exc_type = local_type;
-        exc_info->exc_value = local_value;
-        exc_info->exc_traceback = local_tb;
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
     }
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = local_type;
-    tstate->exc_value = local_value;
-    tstate->exc_traceback = local_tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
 #else
-    PyErr_SetExcInfo(local_type, local_value, local_tb);
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
-bad:
-    *type = 0;
-    *value = 0;
-    *tb = 0;
-    Py_XDECREF(local_type);
-    Py_XDECREF(local_value);
-    Py_XDECREF(local_tb);
-    return -1;
 }
-
-/* SwapException */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    tmp_type = exc_info->exc_type;
-    tmp_value = exc_info->exc_value;
-    tmp_tb = exc_info->exc_traceback;
-    exc_info->exc_type = *type;
-    exc_info->exc_value = *value;
-    exc_info->exc_traceback = *tb;
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = *type;
-    tstate->exc_value = *value;
-    tstate->exc_traceback = *tb;
-    #endif
-    *type = tmp_type;
-    *value = tmp_value;
-    *tb = tmp_tb;
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
 }
-#else
-static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    PyErr_GetExcInfo(&tmp_type, &tmp_value, &tmp_tb);
-    PyErr_SetExcInfo(*type, *value, *tb);
-    *type = tmp_type;
-    *value = tmp_value;
-    *tb = tmp_tb;
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
 }
-#endif
-
-/* GetTopmostException */
-#if CYTHON_USE_EXC_INFO_STACK
-static _PyErr_StackItem *
-__Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
 {
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    while ((exc_info->exc_type == NULL || exc_info->exc_type == Py_None) &&
-           exc_info->previous_item != NULL)
-    {
-        exc_info = exc_info->previous_item;
-    }
-    return exc_info;
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
 }
-#endif
-
-/* SaveResetException */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
-    *type = exc_info->exc_type;
-    *value = exc_info->exc_value;
-    *tb = exc_info->exc_traceback;
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
     #else
-    *type = tstate->exc_type;
-    *value = tstate->exc_value;
-    *tb = tstate->exc_traceback;
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
     #endif
-    Py_XINCREF(*type);
-    Py_XINCREF(*value);
-    Py_XINCREF(*tb);
+    Py_DECREF(res);
+    return result;
 }
-static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    tmp_type = exc_info->exc_type;
-    tmp_value = exc_info->exc_value;
-    tmp_tb = exc_info->exc_traceback;
-    exc_info->exc_type = type;
-    exc_info->exc_value = value;
-    exc_info->exc_traceback = tb;
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = type;
-    tstate->exc_value = value;
-    tstate->exc_traceback = tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
-#endif
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
         }
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
         }
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+    Py_INCREF(result);
+    return result;
 }
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
+                        "__annotations__ must be set to a dict object");
+        return -1;
     }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
         }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
         }
-    } else {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+ignore:
+        PyErr_Clear();
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
-        } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
-        }
-        PyException_SetCause(value, fixed_cause);
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
 #else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
-        }
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
 #endif
-    }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
-}
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
 #endif
-
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
         return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
     }
-    return result;
+#endif
+    return (PyObject *) op;
 }
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
 #endif
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
+    }
 #endif
-    return NULL;
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
-    }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
     {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
-    return descr;
-}
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
 }
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
-}
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
-    }
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-    return 0;
-}
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name_2);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
-}
-static int __Pyx_setup_reduce(PyObject* type_obj) {
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
     int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
-#else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
     }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
-    }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return op;
 }
-#endif
 
 /* PyDictVersioning */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -9557,29 +16597,34 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -9588,11 +16633,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -9620,130 +16666,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -9774,7 +16886,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -9784,6 +16896,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -9808,7 +16921,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9818,179 +16931,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -10004,7 +17175,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10014,179 +17185,237 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint32_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint32_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint32_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint32_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint32_t) -1;
+        val = __Pyx_PyLong_As_uint32_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint32_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint32_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint32_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint32_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint32_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint32_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint32_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint32_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint32_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint32_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint32_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint32_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint32_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint32_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint32_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint32_t) 1) << (sizeof(uint32_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint32_t) -1;
-        }
-    } else {
-        uint32_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint32_t) -1;
-        val = __Pyx_PyInt_As_uint32_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -10199,8 +17428,40 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
     return (uint32_t) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10212,17 +17473,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -10230,15 +17491,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint32_t(uint32_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10250,17 +17544,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint32_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint32_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint32_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint32_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -10268,15 +17562,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint32_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint32_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10288,17 +17654,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -10306,15 +17672,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10324,179 +17723,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -10513,7 +17970,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -10534,51 +17991,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -10609,65 +18053,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -10675,97 +18138,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -10777,25 +18376,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -10818,95 +18417,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -10945,33 +18515,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/channel.pxd b/ssh/channel.pxd
index a034cebe..c79f8dc1 100644
--- a/ssh/channel.pxd
+++ b/ssh/channel.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from session cimport Session
+from .session cimport Session
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class Channel:
diff --git a/ssh/channel.pyx b/ssh/channel.pyx
index c507a2d6..3fa59ca1 100644
--- a/ssh/channel.pyx
+++ b/ssh/channel.pyx
@@ -1,27 +1,28 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.stdlib cimport malloc, free
 from libc.string cimport const_char
 
-from session cimport Session
-from utils cimport to_bytes, to_str, handle_error_codes
+from .session cimport Session
+from .utils cimport to_bytes, to_str, handle_error_codes
 
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class Channel:
@@ -62,6 +63,40 @@ cdef class Channel:
             rc = c_ssh.ssh_channel_get_exit_status(self._channel)
         return rc
 
+    def get_exit_state(self):
+        """
+        :rtype: (int, bytes, bool)
+        """
+        cdef int rc
+        cdef int exit_code
+        cdef bytes exit_signal = b""
+        cdef bint pcore_dumped
+        cdef int c_pcore_dumped = 0
+        cdef unsigned int c_exit_code = 0
+        # Libssh does not initialise exit signal, and there is no defined max.
+        # Assign a default size and clean up after libssh.
+        # Unless libssh re-allocates in case of larger strings, this will likely cause a segfault.
+        # Not much can be done our side.
+        cdef char *c_exit_signal = <char *>malloc(sizeof(char) * 32)
+        try:
+            with nogil:
+                rc = c_ssh.ssh_channel_get_exit_state(
+                    self._channel, &c_exit_code, &c_exit_signal, &c_pcore_dumped)
+            # This is essentially undefined libssh behaviour when get_exit_state returns an error code.
+            # Safeguard our side to protect against segfaults.
+            exit_signal = c_exit_signal if c_exit_signal is not NULL else b""
+        finally:
+            free(c_exit_signal)
+        handle_error_codes(rc, self._session._session)
+        exit_code = c_exit_code
+        pcore_dumped = c_pcore_dumped == 1
+        if rc == c_ssh.SSH_AGAIN:
+            # Return code for SSH_AGAIN needs to be handled separately to allow client to handle EAGAIN on their own
+            # when non-blocking mode is enabled.
+            # No, callbacks are not client side async handling, they're callbacks.
+            return (rc, b"", 0)
+        return (exit_code, exit_signal, pcore_dumped)
+
     def get_session(self):
         return self.session
 
diff --git a/ssh/connector.c b/ssh/connector.c
index 96fe3982..324b29ed 100644
--- a/ssh/connector.c
+++ b/ssh/connector.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.connector",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/connector.pyx"
+        ]
+    },
+    "module_name": "ssh.connector"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,75 +911,199 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+  #define __Pyx_pyiter_sendfunc sendfunc
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
+#else
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
+#endif
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
 #else
 static CYTHON_INLINE float __PYX_NAN() {
   float value;
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -747,7 +1157,46 @@ static CYTHON_INLINE float __PYX_NAN() {
 #include "libssh/libssh.h"
 #include <string.h>
 #include <stdio.h>
+
+    #if PY_MAJOR_VERSION >= 3
+      #define __Pyx_PyFloat_FromString(obj)  PyFloat_FromString(obj)
+    #else
+      #define __Pyx_PyFloat_FromString(obj)  PyFloat_FromString(obj, NULL)
+    #endif
+    
+
+    #if PY_MAJOR_VERSION <= 2
+    #define PyDict_GetItemWithError _PyDict_GetItemWithError
+    #endif
+    
+
+    #if PY_VERSION_HEX < 0x030d0000
+    static CYTHON_INLINE int __Pyx_PyWeakref_GetRef(PyObject *ref, PyObject **pobj)
+    {
+        PyObject *obj = PyWeakref_GetObject(ref);
+        if (obj == NULL) {
+            // SystemError if ref is NULL
+            *pobj = NULL;
+            return -1;
+        }
+        if (obj == Py_None) {
+            *pobj = NULL;
+            return 0;
+        }
+        Py_INCREF(obj);
+        *pobj = obj;
+        return 1;
+    }
+    #else
+    #define __Pyx_PyWeakref_GetRef PyWeakref_GetRef
+    #endif
+    
 #include "pythread.h"
+
+    #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM < 0x07030600) && !defined(PyContextVar_Get)
+    #define PyContextVar_Get(var, d, v)         ((d) ?             ((void)(var), Py_INCREF(d), (v)[0] = (d), 0) :             ((v)[0] = NULL, 0)         )
+    #endif
+    
 #ifdef _OPENMP
 #include <omp.h>
 #endif /* _OPENMP */
@@ -756,12 +1205,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -796,140 +1241,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -941,30 +1375,177 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
-  "stringsource",
+static const char* const __pyx_f[] = {
   "ssh/connector.pyx",
+  "<stringsource>",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/contextvars.pxd",
   "ssh/session.pxd",
-  "env/lib/python3.9/site-packages/Cython/Includes/cpython/type.pxd",
-  "env/lib/python3.9/site-packages/Cython/Includes/cpython/bool.pxd",
-  "env/lib/python3.9/site-packages/Cython/Includes/cpython/complex.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/type.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/bool.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/complex.pxd",
   "ssh/channel.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -972,25 +1553,81 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
 struct __pyx_obj_3ssh_7channel_Channel;
 struct __pyx_obj_3ssh_9connector_Flag;
 struct __pyx_obj_3ssh_9connector_Connector;
+struct __pyx_opt_args_7cpython_11contextvars_get_value;
+struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default;
+
+/* "cpython/contextvars.pxd":116
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the default value of the context variable,
+*/
+struct __pyx_opt_args_7cpython_11contextvars_get_value {
+  int __pyx_n;
+  PyObject *default_value;
+};
+
+/* "cpython/contextvars.pxd":134
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value_no_default(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the provided default value if no such value was found.
+*/
+struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default {
+  int __pyx_n;
+  PyObject *default_value;
+};
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -1005,7 +1642,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class Channel:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_channel _channel
  *     cdef Session _session
- */
+*/
 struct __pyx_obj_3ssh_7channel_Channel {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtab;
@@ -1021,7 +1658,7 @@ struct __pyx_obj_3ssh_7channel_Channel {
  * cdef class Flag:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector_flags_e _flag
  * 
- */
+*/
 struct __pyx_obj_3ssh_9connector_Flag {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_9connector_Flag *__pyx_vtab;
@@ -1035,7 +1672,7 @@ struct __pyx_obj_3ssh_9connector_Flag {
  * cdef class Connector:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector _connector
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_9connector_Connector {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtab;
@@ -1051,7 +1688,7 @@ struct __pyx_obj_3ssh_9connector_Connector {
  * cdef class Channel:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_channel _channel
  *     cdef Session _session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_7channel_Channel {
   struct __pyx_obj_3ssh_7channel_Channel *(*from_ptr)(ssh_channel, struct __pyx_obj_3ssh_7session_Session *);
@@ -1065,7 +1702,7 @@ static struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtabptr_3ssh_7channe
  * cdef class Flag:             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_9connector_Flag {
   struct __pyx_obj_3ssh_9connector_Flag *(*from_flag)(enum ssh_connector_flags_e);
@@ -1079,12 +1716,13 @@ static struct __pyx_vtabstruct_3ssh_9connector_Flag *__pyx_vtabptr_3ssh_9connect
  * cdef class Connector:             # <<<<<<<<<<<<<<
  * 
  *     def __cinit__(self, Session session):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_9connector_Connector {
   struct __pyx_obj_3ssh_9connector_Connector *(*from_ptr)(ssh_connector, struct __pyx_obj_3ssh_7session_Session *);
 };
 static struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtabptr_3ssh_9connector_Connector;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1093,42 +1731,48 @@ static struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtabptr_3ssh_9co
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1139,6 +1783,10 @@ static struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtabptr_3ssh_9co
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1150,82 +1798,6 @@ static struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtabptr_3ssh_9co
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
-#endif
-
-/* GetBuiltinName.proto */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name);
-
-/* ArgTypeTest.proto */
-#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
-        __Pyx__ArgTypeTest(obj, type, name, exact))
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
-
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
-
-/* PyFunctionFastCall.proto */
-#if CYTHON_FAST_PYCALL
-#define __Pyx_PyFunction_FastCall(func, args, nargs)\
-    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
-#endif
-#define __Pyx_BUILD_ASSERT_EXPR(cond)\
-    (sizeof(char [1 - 2*!(cond)]) - 1)
-#ifndef Py_MEMBER_SIZE
-#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
-#endif
-#if CYTHON_FAST_PYCALL
-  static size_t __pyx_pyframe_localsplus_offset = 0;
-  #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
-  #define __Pxy_PyFrame_Initialize_Offsets()\
-    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
-     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
-  #define __Pyx_PyFrame_GetLocalsplus(frame)\
-    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
-#endif
-
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
-#else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
-#endif
-
-/* PyObjectCallMethO.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
-#endif
-
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
-
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
-
 /* PyErrExceptionMatches.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
@@ -1238,11 +1810,18 @@ static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tsta
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1254,7 +1833,7 @@ static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tsta
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1270,8 +1849,95 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
-/* GetAttr.proto */
-static CYTHON_INLINE PyObject *__Pyx_GetAttr(PyObject *, PyObject *);
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+#else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
+
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* GetBuiltinName.proto */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name);
+
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
+/* ArgTypeTest.proto */
+#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+        __Pyx__ArgTypeTest(obj, type, name, exact))
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
+
+/* PyObject_Unicode.proto */
+#define __Pyx_PyObject_Unicode(obj)\
+    (likely(PyUnicode_CheckExact(obj)) ? __Pyx_NewRef(obj) : PyObject_Str(obj))
+
+/* PyObjectFastCallMethod.proto */
+#if CYTHON_VECTORCALL && PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyObject_FastCallMethod(name, args, nargsf) PyObject_VectorcallMethod(name, args, nargsf, NULL)
+#else
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf);
+#endif
+
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
 
 /* GetAttr3.proto */
 static CYTHON_INLINE PyObject *__Pyx_GetAttr3(PyObject *, PyObject *, PyObject *);
@@ -1304,18 +1970,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1327,22 +1993,122 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
 
 /* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* RaiseArgTupleInvalid.proto */
-static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
-    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
 
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
-
-/* PySequenceContains.proto */
-static CYTHON_INLINE int __Pyx_PySequence_ContainsTF(PyObject* item, PyObject* seq, int eq) {
-    int result = PySequence_Contains(seq, item);
-    return unlikely(result < 0) ? result : (result == (eq == Py_EQ));
-}
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
+
+/* RaiseUnexpectedTypeError.proto */
+static int __Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj);
+
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+
+/* PySequenceContains.proto */
+static CYTHON_INLINE int __Pyx_PySequence_ContainsTF(PyObject* item, PyObject* seq, int eq) {
+    int result = PySequence_Contains(seq, item);
+    return unlikely(result < 0) ? result : (result == (eq == Py_EQ));
+}
 
 /* Import.proto */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
@@ -1350,307 +2116,571 @@ static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* PyObjectCall2Args.proto */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
-
 /* HasAttr.proto */
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_HasAttr(o, n)  PyObject_HasAttrWithError(o, n)
+#else
 static CYTHON_INLINE int __Pyx_HasAttr(PyObject *, PyObject *);
+#endif
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
 /* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
 #else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_connector_flags_e(enum ssh_connector_flags_e value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_connector_flags_e(enum ssh_connector_flags_e value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE enum ssh_connector_flags_e __Pyx_PyInt_As_enum__ssh_connector_flags_e(PyObject *);
+static CYTHON_INLINE enum ssh_connector_flags_e __Pyx_PyLong_As_enum__ssh_connector_flags_e(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
-
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4real_real(PyComplexObject *__pyx_v_self); /* proto*/
+#endif
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4imag_imag(PyComplexObject *__pyx_v_self); /* proto*/
+#endif
 static struct __pyx_obj_3ssh_9connector_Flag *__pyx_f_3ssh_9connector_4Flag_from_flag(enum ssh_connector_flags_e __pyx_v_flag); /* proto*/
 static struct __pyx_obj_3ssh_9connector_Connector *__pyx_f_3ssh_9connector_9Connector_from_ptr(ssh_connector __pyx_v__connector, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'cpython.version' */
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "cpython.version" */
 
-/* Module declarations from 'cpython.type' */
-static PyTypeObject *__pyx_ptype_7cpython_4type_type = 0;
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "cpython.type" */
 
-/* Module declarations from 'libc.stdio' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'cpython.object' */
+/* Module declarations from "libc.stdio" */
 
-/* Module declarations from 'cpython.ref' */
+/* Module declarations from "cpython.object" */
 
-/* Module declarations from 'cpython.exc' */
+/* Module declarations from "cpython.ref" */
 
-/* Module declarations from 'cpython.module' */
+/* Module declarations from "cpython.exc" */
 
-/* Module declarations from 'cpython.mem' */
+/* Module declarations from "cpython.module" */
 
-/* Module declarations from 'cpython.tuple' */
+/* Module declarations from "cpython.mem" */
 
-/* Module declarations from 'cpython.list' */
+/* Module declarations from "cpython.tuple" */
 
-/* Module declarations from 'cpython.sequence' */
+/* Module declarations from "cpython.list" */
 
-/* Module declarations from 'cpython.mapping' */
+/* Module declarations from "cpython.sequence" */
 
-/* Module declarations from 'cpython.iterator' */
+/* Module declarations from "cpython.mapping" */
 
-/* Module declarations from 'cpython.number' */
+/* Module declarations from "cpython.iterator" */
 
-/* Module declarations from 'cpython.int' */
+/* Module declarations from "cpython.number" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'cpython.bool' */
-static PyTypeObject *__pyx_ptype_7cpython_4bool_bool = 0;
+/* Module declarations from "cpython.bool" */
 
-/* Module declarations from 'cpython.long' */
+/* Module declarations from "cpython.long" */
 
-/* Module declarations from 'cpython.float' */
+/* Module declarations from "cpython.float" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "cython" */
 
-/* Module declarations from 'cpython.complex' */
-static PyTypeObject *__pyx_ptype_7cpython_7complex_complex = 0;
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'cpython.string' */
+/* Module declarations from "cpython.complex" */
 
-/* Module declarations from 'cpython.unicode' */
+/* Module declarations from "cpython.unicode" */
 
-/* Module declarations from 'cpython.dict' */
+/* Module declarations from "cpython.pyport" */
 
-/* Module declarations from 'cpython.instance' */
+/* Module declarations from "cpython.dict" */
 
-/* Module declarations from 'cpython.function' */
+/* Module declarations from "cpython.instance" */
 
-/* Module declarations from 'cpython.method' */
+/* Module declarations from "cpython.function" */
 
-/* Module declarations from 'cpython.weakref' */
+/* Module declarations from "cpython.method" */
 
-/* Module declarations from 'cpython.getargs' */
+/* Module declarations from "cpython.weakref" */
 
-/* Module declarations from 'cpython.pythread' */
+/* Module declarations from "cpython.getargs" */
 
-/* Module declarations from 'cpython.pystate' */
+/* Module declarations from "cpython.pythread" */
 
-/* Module declarations from 'cpython.cobject' */
+/* Module declarations from "cpython.pystate" */
 
-/* Module declarations from 'cpython.oldbuffer' */
+/* Module declarations from "cpython.set" */
 
-/* Module declarations from 'cpython.set' */
+/* Module declarations from "cpython.buffer" */
 
-/* Module declarations from 'cpython.buffer' */
+/* Module declarations from "cpython.bytes" */
 
-/* Module declarations from 'cpython.bytes' */
+/* Module declarations from "cpython.pycapsule" */
 
-/* Module declarations from 'cpython.pycapsule' */
+/* Module declarations from "cpython.contextvars" */
 
-/* Module declarations from 'cpython' */
+/* Module declarations from "cpython" */
 
-/* Module declarations from 'ssh.channel' */
-static PyTypeObject *__pyx_ptype_3ssh_7channel_Channel = 0;
+/* Module declarations from "ssh.channel" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.connector' */
-static PyTypeObject *__pyx_ptype_3ssh_9connector_Flag = 0;
-static PyTypeObject *__pyx_ptype_3ssh_9connector_Connector = 0;
+/* Module declarations from "ssh.connector" */
 static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct __pyx_obj_3ssh_9connector_Flag *, PyObject *); /*proto*/
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.connector"
 extern int __pyx_module_is_main_ssh__connector;
 int __pyx_module_is_main_ssh__connector = 0;
 
-/* Implementation of 'ssh.connector' */
+/* Implementation of "ssh.connector" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = ".";
+static const char __pyx_k_6[] = "\200\001\330\004\"\240!\2406\250\021";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k__2[] = "?";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
 static const char __pyx_k_new[] = "__new__";
+static const char __pyx_k_pop[] = "pop";
 static const char __pyx_k_str[] = "__str__";
 static const char __pyx_k_Flag[] = "Flag";
 static const char __pyx_k_dict[] = "__dict__";
 static const char __pyx_k_flag[] = "flag";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
+static const char __pyx_k_sock[] = "_sock";
 static const char __pyx_k_test[] = "__test__";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_state[] = "state";
+static const char __pyx_k_dict_2[] = "_dict";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_pickle[] = "pickle";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_socket[] = "socket";
 static const char __pyx_k_update[] = "update";
+static const char __pyx_k_A_Qa_m1[] = "\200A\330\010$\320$=\270Q\270a\330\r\016\330\021)\250\021\250$\250m\2701";
 static const char __pyx_k_channel[] = "channel";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_session[] = "session";
+static const char __pyx_k_A_Qa_4_A[] = "\200A\330\010$\320$=\270Q\270a\330\r\016\330\021*\250!\2504\250}\270A";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_getstate[] = "__getstate__";
 static const char __pyx_k_pyx_type[] = "__pyx_type";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_Connector[] = "Connector";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_isenabled[] = "isenabled";
 static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_set_in_fd[] = "set_in_fd";
 static const char __pyx_k_pyx_result[] = "__pyx_result";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
+static const char __pyx_k_set_out_fd[] = "set_out_fd";
+static const char __pyx_k_A_31_M_4q_d[] = "\200A\340\r\016\330\014\026\320\0263\2601\330\020\024\220M\240\027\250\013\2604\260q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_4A_M_4q_d[] = "\200A\340\r\016\330\014\026\320\0264\260A\330\020\024\220M\240\027\250\013\2604\260q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
 static const char __pyx_k_PickleError[] = "PickleError";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
 static const char __pyx_k_pyx_checksum[] = "__pyx_checksum";
-static const char __pyx_k_stringsource[] = "stringsource";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_use_setstate[] = "use_setstate";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
 static const char __pyx_k_ssh_connector[] = "ssh.connector";
 static const char __pyx_k_CONNECTOR_BOTH[] = "CONNECTOR_BOTH";
+static const char __pyx_k_set_in_channel[] = "set_in_channel";
 static const char __pyx_k_pyx_PickleError[] = "__pyx_PickleError";
+static const char __pyx_k_set_out_channel[] = "set_out_channel";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
 static const char __pyx_k_CONNECTOR_STDERR[] = "CONNECTOR_STDERR";
 static const char __pyx_k_CONNECTOR_STDOUT[] = "CONNECTOR_STDOUT";
 static const char __pyx_k_pyx_unpickle_Flag[] = "__pyx_unpickle_Flag";
+static const char __pyx_k_ssh_connector_pyx[] = "ssh/connector.pyx";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
-static const char __pyx_k_Incompatible_checksums_0x_x_vs_0[] = "Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))";
+static const char __pyx_k_Connector_set_in_fd[] = "Connector.set_in_fd";
+static const char __pyx_k_Connector_set_out_fd[] = "Connector.set_out_fd";
+static const char __pyx_k_Flag___reduce_cython[] = "Flag.__reduce_cython__";
+static const char __pyx_k_Flag___setstate_cython[] = "Flag.__setstate_cython__";
+static const char __pyx_k_Connector_set_in_channel[] = "Connector.set_in_channel";
+static const char __pyx_k_Connector___reduce_cython[] = "Connector.__reduce_cython__";
+static const char __pyx_k_Connector_set_out_channel[] = "Connector.set_out_channel";
+static const char __pyx_k_hk_A_1_pprrs_4xq_7_awnA_1[] = "\200\001\360\006\000\005\010\200\177\220h\230k\250\033\260A\330\010\r\210^\2301\330\010\016\320\016!\320!p\320pr\320rs\330\004\023\2204\220x\230q\240\001\330\004\007\200|\2207\230!\330\010&\240a\240w\250n\270A\330\004\013\2101";
+static const char __pyx_k_T_G1F_a_vWA_q_q_q_T_G1_T_A[] = "\200\001\360\010\000\005\016\210T\220\021\330\004\014\210G\2201\220F\230,\240a\330\004\007\200v\210W\220A\330\010\022\220!\330\010\027\220q\340\010\027\220q\330\004\007\200q\330\010\017\320\017%\240T\250\021\250'\260\033\270G\3001\340\010\017\320\017%\240T\250\021\250'\260\033\270A";
+static const char __pyx_k_Connector___setstate_cython[] = "Connector.__setstate_cython__";
+static const char __pyx_k_Incompatible_checksums_0x_x_vs_0[] = "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_CONNECTOR_BOTH;
-static PyObject *__pyx_n_s_CONNECTOR_STDERR;
-static PyObject *__pyx_n_s_CONNECTOR_STDOUT;
-static PyObject *__pyx_n_s_Connector;
-static PyObject *__pyx_n_s_Flag;
-static PyObject *__pyx_kp_s_Incompatible_checksums_0x_x_vs_0;
-static PyObject *__pyx_n_s_PickleError;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_channel;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_dict;
-static PyObject *__pyx_n_s_flag;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_new;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_pickle;
-static PyObject *__pyx_n_s_pyx_PickleError;
-static PyObject *__pyx_n_s_pyx_checksum;
-static PyObject *__pyx_n_s_pyx_result;
-static PyObject *__pyx_n_s_pyx_state;
-static PyObject *__pyx_n_s_pyx_type;
-static PyObject *__pyx_n_s_pyx_unpickle_Flag;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_session;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_ssh_connector;
-static PyObject *__pyx_n_s_str;
-static PyObject *__pyx_kp_s_stringsource;
-static PyObject *__pyx_n_s_test;
-static PyObject *__pyx_n_s_update;
+/* #### Code section: decls ### */
 static PyObject *__pyx_pf_3ssh_9connector_4Flag___eq__(struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_self, struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_other); /* proto */
 static PyObject *__pyx_pf_3ssh_9connector_4Flag_2__str__(struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_9connector_4Flag_4__repr__(struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_self); /* proto */
@@ -1668,121 +2698,669 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_14__setstate_cython__(CYTHO
 static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v___pyx_type, long __pyx_v___pyx_checksum, PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_9connector_Flag(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
 static PyObject *__pyx_tp_new_3ssh_9connector_Connector(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_int_93404209;
-static PyObject *__pyx_int_233791475;
-static PyObject *__pyx_int_242378367;
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__3;
-static PyObject *__pyx_tuple__4;
-static PyObject *__pyx_codeobj__5;
-/* Late includes */
-
-/* "ssh/connector.pyx":29
- * 
- *     @staticmethod
- *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):             # <<<<<<<<<<<<<<
- *         cdef Flag _flag = Flag.__new__(Flag)
- *         _flag._flag = flag
- */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
 
-static struct __pyx_obj_3ssh_9connector_Flag *__pyx_f_3ssh_9connector_4Flag_from_flag(enum ssh_connector_flags_e __pyx_v_flag) {
-  struct __pyx_obj_3ssh_9connector_Flag *__pyx_v__flag = 0;
-  struct __pyx_obj_3ssh_9connector_Flag *__pyx_r = NULL;
-  __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
-  int __pyx_lineno = 0;
-  const char *__pyx_filename = NULL;
-  int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("from_flag", 0);
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_7cpython_4type_type;
+  PyTypeObject *__pyx_ptype_7cpython_4bool_bool;
+  PyTypeObject *__pyx_ptype_7cpython_7complex_complex;
+  PyTypeObject *__pyx_ptype_3ssh_7channel_Channel;
+  PyObject *__pyx_type_3ssh_9connector_Flag;
+  PyObject *__pyx_type_3ssh_9connector_Connector;
+  PyTypeObject *__pyx_ptype_3ssh_9connector_Flag;
+  PyTypeObject *__pyx_ptype_3ssh_9connector_Connector;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[1];
+  PyObject *__pyx_codeobj_tab[9];
+  PyObject *__pyx_string_tab[71];
+  PyObject *__pyx_int_93404209;
+  PyObject *__pyx_int_233791475;
+  PyObject *__pyx_int_242378367;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
 
-  /* "ssh/connector.pyx":30
- *     @staticmethod
- *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):
- *         cdef Flag _flag = Flag.__new__(Flag)             # <<<<<<<<<<<<<<
- *         _flag._flag = flag
- *         return _flag
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_9connector_Flag(((PyTypeObject *)__pyx_ptype_3ssh_9connector_Flag), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 30, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
-  __pyx_v__flag = ((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_t_1);
-  __pyx_t_1 = 0;
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
 
-  /* "ssh/connector.pyx":31
- *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):
- *         cdef Flag _flag = Flag.__new__(Flag)
- *         _flag._flag = flag             # <<<<<<<<<<<<<<
- *         return _flag
- * 
- */
-  __pyx_v__flag->_flag = __pyx_v_flag;
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_CONNECTOR_BOTH __pyx_string_tab[1]
+#define __pyx_n_u_CONNECTOR_STDERR __pyx_string_tab[2]
+#define __pyx_n_u_CONNECTOR_STDOUT __pyx_string_tab[3]
+#define __pyx_n_u_Connector __pyx_string_tab[4]
+#define __pyx_n_u_Connector___reduce_cython __pyx_string_tab[5]
+#define __pyx_n_u_Connector___setstate_cython __pyx_string_tab[6]
+#define __pyx_n_u_Connector_set_in_channel __pyx_string_tab[7]
+#define __pyx_n_u_Connector_set_in_fd __pyx_string_tab[8]
+#define __pyx_n_u_Connector_set_out_channel __pyx_string_tab[9]
+#define __pyx_n_u_Connector_set_out_fd __pyx_string_tab[10]
+#define __pyx_n_u_Flag __pyx_string_tab[11]
+#define __pyx_n_u_Flag___reduce_cython __pyx_string_tab[12]
+#define __pyx_n_u_Flag___setstate_cython __pyx_string_tab[13]
+#define __pyx_kp_u_Incompatible_checksums_0x_x_vs_0 __pyx_string_tab[14]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[15]
+#define __pyx_n_u_PickleError __pyx_string_tab[16]
+#define __pyx_n_u_TypeError __pyx_string_tab[17]
+#define __pyx_kp_u__2 __pyx_string_tab[18]
+#define __pyx_kp_u_add_note __pyx_string_tab[19]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[20]
+#define __pyx_n_u_channel __pyx_string_tab[21]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[22]
+#define __pyx_n_u_dict __pyx_string_tab[23]
+#define __pyx_n_u_dict_2 __pyx_string_tab[24]
+#define __pyx_kp_u_disable __pyx_string_tab[25]
+#define __pyx_kp_u_enable __pyx_string_tab[26]
+#define __pyx_n_u_flag __pyx_string_tab[27]
+#define __pyx_n_u_func __pyx_string_tab[28]
+#define __pyx_kp_u_gc __pyx_string_tab[29]
+#define __pyx_n_u_getstate __pyx_string_tab[30]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[31]
+#define __pyx_kp_u_isenabled __pyx_string_tab[32]
+#define __pyx_n_u_main __pyx_string_tab[33]
+#define __pyx_n_u_module __pyx_string_tab[34]
+#define __pyx_n_u_name __pyx_string_tab[35]
+#define __pyx_n_u_new __pyx_string_tab[36]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[37]
+#define __pyx_n_u_pickle __pyx_string_tab[38]
+#define __pyx_n_u_pop __pyx_string_tab[39]
+#define __pyx_n_u_pyx_PickleError __pyx_string_tab[40]
+#define __pyx_n_u_pyx_checksum __pyx_string_tab[41]
+#define __pyx_n_u_pyx_result __pyx_string_tab[42]
+#define __pyx_n_u_pyx_state __pyx_string_tab[43]
+#define __pyx_n_u_pyx_type __pyx_string_tab[44]
+#define __pyx_n_u_pyx_unpickle_Flag __pyx_string_tab[45]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[46]
+#define __pyx_n_u_qualname __pyx_string_tab[47]
+#define __pyx_n_u_rc __pyx_string_tab[48]
+#define __pyx_n_u_reduce __pyx_string_tab[49]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[50]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[51]
+#define __pyx_n_u_self __pyx_string_tab[52]
+#define __pyx_n_u_session __pyx_string_tab[53]
+#define __pyx_n_u_set_in_channel __pyx_string_tab[54]
+#define __pyx_n_u_set_in_fd __pyx_string_tab[55]
+#define __pyx_n_u_set_name __pyx_string_tab[56]
+#define __pyx_n_u_set_out_channel __pyx_string_tab[57]
+#define __pyx_n_u_set_out_fd __pyx_string_tab[58]
+#define __pyx_n_u_setstate __pyx_string_tab[59]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[60]
+#define __pyx_n_u_sock __pyx_string_tab[61]
+#define __pyx_n_u_socket __pyx_string_tab[62]
+#define __pyx_n_u_ssh_connector __pyx_string_tab[63]
+#define __pyx_kp_u_ssh_connector_pyx __pyx_string_tab[64]
+#define __pyx_n_u_state __pyx_string_tab[65]
+#define __pyx_n_u_str __pyx_string_tab[66]
+#define __pyx_kp_u_stringsource __pyx_string_tab[67]
+#define __pyx_n_u_test __pyx_string_tab[68]
+#define __pyx_n_u_update __pyx_string_tab[69]
+#define __pyx_n_u_use_setstate __pyx_string_tab[70]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_4type_type);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_4bool_bool);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_7complex_complex);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7channel_Channel);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9connector_Flag);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_9connector_Flag);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9connector_Connector);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_9connector_Connector);
+  for (int i=0; i<1; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<9; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<71; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_93404209);
+  Py_CLEAR(clear_module_state->__pyx_int_233791475);
+  Py_CLEAR(clear_module_state->__pyx_int_242378367);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_4type_type);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_4bool_bool);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_7complex_complex);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7channel_Channel);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9connector_Flag);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_9connector_Flag);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9connector_Connector);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_9connector_Connector);
+  for (int i=0; i<1; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<9; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<71; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_93404209);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_233791475);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_242378367);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
-  /* "ssh/connector.pyx":32
- *         cdef Flag _flag = Flag.__new__(Flag)
- *         _flag._flag = flag
- *         return _flag             # <<<<<<<<<<<<<<
+/* "cpython/complex.pxd":20
  * 
- *     def __eq__(self, Flag other not None):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__flag));
-  __pyx_r = __pyx_v__flag;
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4real_real(PyComplexObject *__pyx_v_self) {
+  double __pyx_r;
+
+  /* "cpython/complex.pxd":23
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+ *             return self.cval.real             # <<<<<<<<<<<<<<
+ * 
+ *         # unavailable in limited API
+*/
+  __pyx_r = __pyx_v_self->cval.real;
   goto __pyx_L0;
 
-  /* "ssh/connector.pyx":29
+  /* "cpython/complex.pxd":20
  * 
- *     @staticmethod
- *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):             # <<<<<<<<<<<<<<
- *         cdef Flag _flag = Flag.__new__(Flag)
- *         _flag._flag = flag
- */
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+*/
 
   /* function exit code */
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_AddTraceback("ssh.connector.Flag.from_flag", __pyx_clineno, __pyx_lineno, __pyx_filename);
-  __pyx_r = 0;
   __pyx_L0:;
-  __Pyx_XDECREF((PyObject *)__pyx_v__flag);
-  __Pyx_XGIVEREF((PyObject *)__pyx_r);
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
 
-/* "ssh/connector.pyx":34
- *         return _flag
+/* "cpython/complex.pxd":26
  * 
- *     def __eq__(self, Flag other not None):             # <<<<<<<<<<<<<<
- *         return self._flag == other._flag
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4imag_imag(PyComplexObject *__pyx_v_self) {
+  double __pyx_r;
+
+  /* "cpython/complex.pxd":29
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+ *             return self.cval.imag             # <<<<<<<<<<<<<<
  * 
- */
+ *     # PyTypeObject PyComplex_Type
+*/
+  __pyx_r = __pyx_v_self->cval.imag;
+  goto __pyx_L0;
 
-/* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_4Flag_1__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other); /*proto*/
-static PyObject *__pyx_pw_3ssh_9connector_4Flag_1__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other) {
-  int __pyx_lineno = 0;
-  const char *__pyx_filename = NULL;
-  int __pyx_clineno = 0;
-  PyObject *__pyx_r = 0;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__eq__ (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_other), __pyx_ptype_3ssh_9connector_Flag, 0, "other", 0))) __PYX_ERR(1, 34, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_9connector_4Flag___eq__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self), ((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_other));
+  /* "cpython/complex.pxd":26
+ * 
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+*/
 
   /* function exit code */
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __pyx_r = NULL;
   __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
 
-static PyObject *__pyx_pf_3ssh_9connector_4Flag___eq__(struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_self, struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_other) {
+/* "cpython/contextvars.pxd":115
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE PyObject *__pyx_f_7cpython_11contextvars_get_value(PyObject *__pyx_v_var, struct __pyx_opt_args_7cpython_11contextvars_get_value *__pyx_optional_args) {
+
+  /* "cpython/contextvars.pxd":116
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the default value of the context variable,
+*/
+  PyObject *__pyx_v_default_value = ((PyObject *)Py_None);
+  PyObject *__pyx_v_value;
+  PyObject *__pyx_v_pyvalue = NULL;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
-  int __pyx_lineno = 0;
+  int __pyx_t_1;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("get_value", 0);
+  if (__pyx_optional_args) {
+    if (__pyx_optional_args->__pyx_n > 0) {
+      __pyx_v_default_value = __pyx_optional_args->default_value;
+    }
+  }
+
+  /* "cpython/contextvars.pxd":121
+ *     or None if no such value or default was found.
+ *     """
+ *     cdef PyObject *value = NULL             # <<<<<<<<<<<<<<
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:
+*/
+  __pyx_v_value = NULL;
+
+  /* "cpython/contextvars.pxd":122
+ *     """
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)             # <<<<<<<<<<<<<<
+ *     if value is NULL:
+ *         # context variable does not have a default
+*/
+  __pyx_t_1 = PyContextVar_Get(__pyx_v_var, NULL, (&__pyx_v_value)); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(2, 122, __pyx_L1_error)
+
+  /* "cpython/contextvars.pxd":123
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:             # <<<<<<<<<<<<<<
+ *         # context variable does not have a default
+ *         pyvalue = default_value
+*/
+  __pyx_t_2 = (__pyx_v_value == NULL);
+  if (__pyx_t_2) {
+
+    /* "cpython/contextvars.pxd":125
+ *     if value is NULL:
+ *         # context variable does not have a default
+ *         pyvalue = default_value             # <<<<<<<<<<<<<<
+ *     else:
+ *         # value or default value of context variable
+*/
+    __Pyx_INCREF(__pyx_v_default_value);
+    __pyx_v_pyvalue = __pyx_v_default_value;
+
+    /* "cpython/contextvars.pxd":123
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:             # <<<<<<<<<<<<<<
+ *         # context variable does not have a default
+ *         pyvalue = default_value
+*/
+    goto __pyx_L3;
+  }
+
+  /* "cpython/contextvars.pxd":128
+ *     else:
+ *         # value or default value of context variable
+ *         pyvalue = <object>value             # <<<<<<<<<<<<<<
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue
+*/
+  /*else*/ {
+    __pyx_t_3 = ((PyObject *)__pyx_v_value);
+    __Pyx_INCREF(__pyx_t_3);
+    __pyx_v_pyvalue = __pyx_t_3;
+    __pyx_t_3 = 0;
+
+    /* "cpython/contextvars.pxd":129
+ *         # value or default value of context variable
+ *         pyvalue = <object>value
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'             # <<<<<<<<<<<<<<
+ *     return pyvalue
+ * 
+*/
+    Py_XDECREF(__pyx_v_value);
+  }
+  __pyx_L3:;
+
+  /* "cpython/contextvars.pxd":130
+ *         pyvalue = <object>value
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue             # <<<<<<<<<<<<<<
+ * 
+ * 
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __Pyx_INCREF(__pyx_v_pyvalue);
+  __pyx_r = __pyx_v_pyvalue;
+  goto __pyx_L0;
+
+  /* "cpython/contextvars.pxd":115
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_AddTraceback("cpython.contextvars.get_value", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_pyvalue);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "cpython/contextvars.pxd":133
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value_no_default(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE PyObject *__pyx_f_7cpython_11contextvars_get_value_no_default(PyObject *__pyx_v_var, struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default *__pyx_optional_args) {
+
+  /* "cpython/contextvars.pxd":134
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value_no_default(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the provided default value if no such value was found.
+*/
+  PyObject *__pyx_v_default_value = ((PyObject *)Py_None);
+  PyObject *__pyx_v_value;
+  PyObject *__pyx_v_pyvalue = NULL;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  PyObject *__pyx_t_2 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("get_value_no_default", 0);
+  if (__pyx_optional_args) {
+    if (__pyx_optional_args->__pyx_n > 0) {
+      __pyx_v_default_value = __pyx_optional_args->default_value;
+    }
+  }
+
+  /* "cpython/contextvars.pxd":140
+ *     Ignores the default value of the context variable, if any.
+ *     """
+ *     cdef PyObject *value = NULL             # <<<<<<<<<<<<<<
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)
+ *     # value of context variable or 'default_value'
+*/
+  __pyx_v_value = NULL;
+
+  /* "cpython/contextvars.pxd":141
+ *     """
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)             # <<<<<<<<<<<<<<
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value
+*/
+  __pyx_t_1 = PyContextVar_Get(__pyx_v_var, ((PyObject *)__pyx_v_default_value), (&__pyx_v_value)); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(2, 141, __pyx_L1_error)
+
+  /* "cpython/contextvars.pxd":143
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value             # <<<<<<<<<<<<<<
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_value);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_v_pyvalue = __pyx_t_2;
+  __pyx_t_2 = 0;
+
+  /* "cpython/contextvars.pxd":144
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'             # <<<<<<<<<<<<<<
+ *     return pyvalue
+*/
+  Py_XDECREF(__pyx_v_value);
+
+  /* "cpython/contextvars.pxd":145
+ *     pyvalue = <object>value
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue             # <<<<<<<<<<<<<<
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __Pyx_INCREF(__pyx_v_pyvalue);
+  __pyx_r = __pyx_v_pyvalue;
+  goto __pyx_L0;
+
+  /* "cpython/contextvars.pxd":133
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value_no_default(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_AddTraceback("cpython.contextvars.get_value_no_default", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_pyvalue);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "ssh/connector.pyx":28
+ * cdef class Flag:
+ * 
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):
+ *         cdef Flag _flag = Flag.__new__(Flag)
+*/
+
+static struct __pyx_obj_3ssh_9connector_Flag *__pyx_f_3ssh_9connector_4Flag_from_flag(enum ssh_connector_flags_e __pyx_v_flag) {
+  struct __pyx_obj_3ssh_9connector_Flag *__pyx_v__flag = 0;
+  struct __pyx_obj_3ssh_9connector_Flag *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  PyObject *__pyx_t_1 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("from_flag", 0);
+
+  /* "ssh/connector.pyx":30
+ *     @staticmethod
+ *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):
+ *         cdef Flag _flag = Flag.__new__(Flag)             # <<<<<<<<<<<<<<
+ *         _flag._flag = flag
+ *         return _flag
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_9connector_Flag(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 30, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
+  __pyx_v__flag = ((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_t_1);
+  __pyx_t_1 = 0;
+
+  /* "ssh/connector.pyx":31
+ *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):
+ *         cdef Flag _flag = Flag.__new__(Flag)
+ *         _flag._flag = flag             # <<<<<<<<<<<<<<
+ *         return _flag
+ * 
+*/
+  __pyx_v__flag->_flag = __pyx_v_flag;
+
+  /* "ssh/connector.pyx":32
+ *         cdef Flag _flag = Flag.__new__(Flag)
+ *         _flag._flag = flag
+ *         return _flag             # <<<<<<<<<<<<<<
+ * 
+ *     def __eq__(self, Flag other not None):
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__flag);
+  __pyx_r = __pyx_v__flag;
+  goto __pyx_L0;
+
+  /* "ssh/connector.pyx":28
+ * cdef class Flag:
+ * 
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Flag from_flag(c_ssh.ssh_connector_flags_e flag):
+ *         cdef Flag _flag = Flag.__new__(Flag)
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_AddTraceback("ssh.connector.Flag.from_flag", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF((PyObject *)__pyx_v__flag);
+  __Pyx_XGIVEREF((PyObject *)__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+/* "ssh/connector.pyx":34
+ *         return _flag
+ * 
+ *     def __eq__(self, Flag other not None):             # <<<<<<<<<<<<<<
+ *         return self._flag == other._flag
+ * 
+*/
+
+/* Python wrapper */
+static PyObject *__pyx_pw_3ssh_9connector_4Flag_1__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other); /*proto*/
+static PyObject *__pyx_pw_3ssh_9connector_4Flag_1__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("__eq__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_other), __pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag, 0, "other", 0))) __PYX_ERR(0, 34, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_9connector_4Flag___eq__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self), ((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_other));
+
+  /* function exit code */
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __pyx_r = NULL;
+  goto __pyx_L5_cleaned_up;
+  __pyx_L0:;
+  __pyx_L5_cleaned_up:;
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_9connector_4Flag___eq__(struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_self, struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_other) {
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  PyObject *__pyx_t_1 = NULL;
+  int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__eq__", 0);
@@ -1793,9 +3371,9 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag___eq__(struct __pyx_obj_3ssh_9co
  *         return self._flag == other._flag             # <<<<<<<<<<<<<<
  * 
  *     def __str__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyBool_FromLong((__pyx_v_self->_flag == __pyx_v_other->_flag)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 35, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBool_FromLong((__pyx_v_self->_flag == __pyx_v_other->_flag)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 35, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -1807,7 +3385,7 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag___eq__(struct __pyx_obj_3ssh_9co
  *     def __eq__(self, Flag other not None):             # <<<<<<<<<<<<<<
  *         return self._flag == other._flag
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1826,14 +3404,16 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag___eq__(struct __pyx_obj_3ssh_9co
  *     def __str__(self):             # <<<<<<<<<<<<<<
  *         return str(self._flag)
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_9connector_4Flag_3__str__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_9connector_4Flag_3__str__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__str__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_9connector_4Flag_2__str__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self));
 
   /* function exit code */
@@ -1857,11 +3437,11 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_2__str__(struct __pyx_obj_3ssh_9
  *         return str(self._flag)             # <<<<<<<<<<<<<<
  * 
  *     def __repr__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_connector_flags_e(__pyx_v_self->_flag); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 38, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_enum__ssh_connector_flags_e(__pyx_v_self->_flag); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 38, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = __Pyx_PyObject_CallOneArg(((PyObject *)(&PyString_Type)), __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 38, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyObject_Unicode(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 38, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_r = __pyx_t_2;
@@ -1874,7 +3454,7 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_2__str__(struct __pyx_obj_3ssh_9
  *     def __str__(self):             # <<<<<<<<<<<<<<
  *         return str(self._flag)
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1894,14 +3474,16 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_2__str__(struct __pyx_obj_3ssh_9
  *     def __repr__(self):             # <<<<<<<<<<<<<<
  *         return self.__str__()
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_9connector_4Flag_5__repr__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_9connector_4Flag_5__repr__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__repr__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_9connector_4Flag_4__repr__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self));
 
   /* function exit code */
@@ -1914,7 +3496,7 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_4__repr__(struct __pyx_obj_3ssh_
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1926,25 +3508,18 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_4__repr__(struct __pyx_obj_3ssh_
  *         return self.__str__()             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_str); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+  __pyx_t_2 = ((PyObject *)__pyx_v_self);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_str, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
@@ -1955,13 +3530,12 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_4__repr__(struct __pyx_obj_3ssh_
  *     def __repr__(self):             # <<<<<<<<<<<<<<
  *         return self.__str__()
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.connector.Flag.__repr__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1974,15 +3548,44 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_4__repr__(struct __pyx_obj_3ssh_
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
  *     cdef tuple state
  *     cdef object _dict
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_9connector_4Flag_6__reduce_cython__[] = "Flag.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_4Flag_6__reduce_cython__, "Flag.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_4Flag_7__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_4Flag_6__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self));
 
   /* function exit code */
@@ -1999,8 +3602,7 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
   int __pyx_t_3;
-  int __pyx_t_4;
-  PyObject *__pyx_t_5 = NULL;
+  PyObject *__pyx_t_4 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2012,13 +3614,13 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *     state = (self._flag,)             # <<<<<<<<<<<<<<
  *     _dict = getattr(self, '__dict__', None)
  *     if _dict is not None:
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_connector_flags_e(__pyx_v_self->_flag); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 5, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyLong_From_enum__ssh_connector_flags_e(__pyx_v_self->_flag); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 5, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1) != (0)) __PYX_ERR(1, 5, __pyx_L1_error);
   __pyx_t_1 = 0;
   __pyx_v_state = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
@@ -2029,8 +3631,8 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *     _dict = getattr(self, '__dict__', None)             # <<<<<<<<<<<<<<
  *     if _dict is not None:
  *         state += (_dict,)
- */
-  __pyx_t_2 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 6, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_mstate_global->__pyx_n_u_dict, Py_None); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 6, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v__dict = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2041,10 +3643,9 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *     if _dict is not None:             # <<<<<<<<<<<<<<
  *         state += (_dict,)
  *         use_setstate = True
- */
+*/
   __pyx_t_3 = (__pyx_v__dict != Py_None);
-  __pyx_t_4 = (__pyx_t_3 != 0);
-  if (__pyx_t_4) {
+  if (__pyx_t_3) {
 
     /* "(tree fragment)":8
  *     _dict = getattr(self, '__dict__', None)
@@ -2052,13 +3653,13 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *         state += (_dict,)             # <<<<<<<<<<<<<<
  *         use_setstate = True
  *     else:
- */
-    __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 8, __pyx_L1_error)
+*/
+    __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 8, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(__pyx_v__dict);
     __Pyx_GIVEREF(__pyx_v__dict);
-    PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v__dict);
-    __pyx_t_1 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 8, __pyx_L1_error)
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v__dict) != (0)) __PYX_ERR(1, 8, __pyx_L1_error);
+    __pyx_t_1 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 8, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_DECREF_SET(__pyx_v_state, ((PyObject*)__pyx_t_1));
@@ -2070,7 +3671,7 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *         use_setstate = True             # <<<<<<<<<<<<<<
  *     else:
  *         use_setstate = False
- */
+*/
     __pyx_v_use_setstate = 1;
 
     /* "(tree fragment)":7
@@ -2079,7 +3680,7 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *     if _dict is not None:             # <<<<<<<<<<<<<<
  *         state += (_dict,)
  *         use_setstate = True
- */
+*/
     goto __pyx_L3;
   }
 
@@ -2088,8 +3689,8 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *     else:
  *         use_setstate = False             # <<<<<<<<<<<<<<
  *     if use_setstate:
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, None), state
- */
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, None), state
+*/
   /*else*/ {
     __pyx_v_use_setstate = 0;
   }
@@ -2099,86 +3700,85 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  *     else:
  *         use_setstate = False
  *     if use_setstate:             # <<<<<<<<<<<<<<
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, None), state
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, None), state
  *     else:
- */
-  __pyx_t_4 = (__pyx_v_use_setstate != 0);
-  if (__pyx_t_4) {
+*/
+  if (__pyx_v_use_setstate) {
 
     /* "(tree fragment)":13
  *         use_setstate = False
  *     if use_setstate:
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, None), state             # <<<<<<<<<<<<<<
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, None), state             # <<<<<<<<<<<<<<
  *     else:
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, state)
- */
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, state)
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_pyx_unpickle_Flag); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 13, __pyx_L1_error)
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Flag); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 13, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 13, __pyx_L1_error)
+    __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
     __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    __Pyx_INCREF(__pyx_int_233791475);
-    __Pyx_GIVEREF(__pyx_int_233791475);
-    PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_int_233791475);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_242378367);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_int_242378367);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_mstate_global->__pyx_int_242378367) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __Pyx_INCREF(Py_None);
     __Pyx_GIVEREF(Py_None);
-    PyTuple_SET_ITEM(__pyx_t_2, 2, Py_None);
-    __pyx_t_5 = PyTuple_New(3); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 13, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 2, Py_None) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
+    __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 13, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
     __Pyx_GIVEREF(__pyx_t_1);
-    PyTuple_SET_ITEM(__pyx_t_5, 0, __pyx_t_1);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_t_1) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __Pyx_GIVEREF(__pyx_t_2);
-    PyTuple_SET_ITEM(__pyx_t_5, 1, __pyx_t_2);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_t_2) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __Pyx_INCREF(__pyx_v_state);
     __Pyx_GIVEREF(__pyx_v_state);
-    PyTuple_SET_ITEM(__pyx_t_5, 2, __pyx_v_state);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_v_state) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __pyx_t_1 = 0;
     __pyx_t_2 = 0;
-    __pyx_r = __pyx_t_5;
-    __pyx_t_5 = 0;
+    __pyx_r = __pyx_t_4;
+    __pyx_t_4 = 0;
     goto __pyx_L0;
 
     /* "(tree fragment)":12
  *     else:
  *         use_setstate = False
  *     if use_setstate:             # <<<<<<<<<<<<<<
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, None), state
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, None), state
  *     else:
- */
+*/
   }
 
   /* "(tree fragment)":15
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, None), state
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, None), state
  *     else:
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, state)             # <<<<<<<<<<<<<<
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, state)             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
  *     __pyx_unpickle_Flag__set_state(self, __pyx_state)
- */
+*/
   /*else*/ {
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_pyx_unpickle_Flag); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 15, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 15, __pyx_L1_error)
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Flag); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 15, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
+    __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
     __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    __Pyx_INCREF(__pyx_int_233791475);
-    __Pyx_GIVEREF(__pyx_int_233791475);
-    PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_int_233791475);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_242378367);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_int_242378367);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_mstate_global->__pyx_int_242378367) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
     __Pyx_INCREF(__pyx_v_state);
     __Pyx_GIVEREF(__pyx_v_state);
-    PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state);
-    __pyx_t_1 = PyTuple_New(2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 15, __pyx_L1_error)
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
+    __pyx_t_1 = PyTuple_New(2); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 15, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_GIVEREF(__pyx_t_5);
-    PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_5);
+    __Pyx_GIVEREF(__pyx_t_4);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_4) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
     __Pyx_GIVEREF(__pyx_t_2);
-    PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_t_2);
-    __pyx_t_5 = 0;
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_t_2) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
+    __pyx_t_4 = 0;
     __pyx_t_2 = 0;
     __pyx_r = __pyx_t_1;
     __pyx_t_1 = 0;
@@ -2189,13 +3789,13 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
  *     cdef tuple state
  *     cdef object _dict
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_5);
+  __Pyx_XDECREF(__pyx_t_4);
   __Pyx_AddTraceback("ssh.connector.Flag.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2208,21 +3808,93 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_6__reduce_cython__(struct __pyx_
 
 /* "(tree fragment)":16
  *     else:
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, state)
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, state)
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_unpickle_Flag__set_state(self, __pyx_state)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_9connector_4Flag_8__setstate_cython__[] = "Flag.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_4Flag_8__setstate_cython__, "Flag.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_4Flag_9__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_4Flag_8__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_9connector_4Flag_8__setstate_cython__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 16, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 16, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 16, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 16, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 16, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 16, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.connector.Flag.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_9connector_4Flag_8__setstate_cython__(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2237,21 +3909,21 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_8__setstate_cython__(struct __py
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":17
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, state)
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, state)
  * def __setstate_cython__(self, __pyx_state):
  *     __pyx_unpickle_Flag__set_state(self, __pyx_state)             # <<<<<<<<<<<<<<
- */
-  if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "tuple", Py_TYPE(__pyx_v___pyx_state)->tp_name), 0))) __PYX_ERR(0, 17, __pyx_L1_error)
-  __pyx_t_1 = __pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(__pyx_v_self, ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 17, __pyx_L1_error)
+*/
+  if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None) || __Pyx_RaiseUnexpectedTypeError("tuple", __pyx_v___pyx_state))) __PYX_ERR(1, 17, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(__pyx_v_self, ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 17, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "(tree fragment)":16
  *     else:
- *         return __pyx_unpickle_Flag, (type(self), 0xdef5ff3, state)
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, state)
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_unpickle_Flag__set_state(self, __pyx_state)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2272,62 +3944,82 @@ static PyObject *__pyx_pf_3ssh_9connector_4Flag_8__setstate_cython__(struct __py
  *     def __cinit__(self, Session session):             # <<<<<<<<<<<<<<
  *         self.session = session
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_9connector_9Connector_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_9connector_9Connector_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
   struct __pyx_obj_3ssh_7session_Session *__pyx_v_session = 0;
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_session,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_session,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 54, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_VARARGS(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 54, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_session)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__cinit__", 0) < 0) __PYX_ERR(0, 54, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 1, 1, i); __PYX_ERR(0, 54, __pyx_L3_error) }
       }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "__cinit__") < 0)) __PYX_ERR(1, 54, __pyx_L3_error)
-      }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 1) {
+    } else if (unlikely(__pyx_nargs != 1)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      values[0] = __Pyx_ArgRef_VARARGS(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 54, __pyx_L3_error)
     }
     __pyx_v_session = ((struct __pyx_obj_3ssh_7session_Session *)values[0]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 1, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(1, 54, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 54, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.connector.Connector.__cinit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return -1;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(1, 54, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 54, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_9connector_9Connector___cinit__(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), __pyx_v_session);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = -1;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2343,11 +4035,11 @@ static int __pyx_pf_3ssh_9connector_9Connector___cinit__(struct __pyx_obj_3ssh_9
  *         self.session = session             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  __Pyx_GOTREF(__pyx_v_self->session);
-  __Pyx_DECREF(((PyObject *)__pyx_v_self->session));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  __Pyx_GOTREF((PyObject *)__pyx_v_self->session);
+  __Pyx_DECREF((PyObject *)__pyx_v_self->session);
   __pyx_v_self->session = __pyx_v_session;
 
   /* "ssh/connector.pyx":54
@@ -2356,7 +4048,7 @@ static int __pyx_pf_3ssh_9connector_9Connector___cinit__(struct __pyx_obj_3ssh_9
  *     def __cinit__(self, Session session):             # <<<<<<<<<<<<<<
  *         self.session = session
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
@@ -2370,13 +4062,15 @@ static int __pyx_pf_3ssh_9connector_9Connector___cinit__(struct __pyx_obj_3ssh_9
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._connector is not NULL:
  *             c_ssh.ssh_connector_free(self._connector)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_9connector_9Connector_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_9connector_9Connector_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self));
 
   /* function exit code */
@@ -2384,9 +4078,7 @@ static void __pyx_pw_3ssh_9connector_9Connector_3__dealloc__(PyObject *__pyx_v_s
 }
 
 static void __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(struct __pyx_obj_3ssh_9connector_Connector *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/connector.pyx":58
  * 
@@ -2394,8 +4086,8 @@ static void __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(struct __pyx_obj_3s
  *         if self._connector is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_connector_free(self._connector)
  *             self._connector = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_connector != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_connector != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/connector.pyx":59
@@ -2404,7 +4096,7 @@ static void __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(struct __pyx_obj_3s
  *             c_ssh.ssh_connector_free(self._connector)             # <<<<<<<<<<<<<<
  *             self._connector = NULL
  * 
- */
+*/
     ssh_connector_free(__pyx_v_self->_connector);
 
     /* "ssh/connector.pyx":60
@@ -2413,7 +4105,7 @@ static void __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(struct __pyx_obj_3s
  *             self._connector = NULL             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
     __pyx_v_self->_connector = NULL;
 
     /* "ssh/connector.pyx":58
@@ -2422,7 +4114,7 @@ static void __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(struct __pyx_obj_3s
  *         if self._connector is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_connector_free(self._connector)
  *             self._connector = NULL
- */
+*/
   }
 
   /* "ssh/connector.pyx":57
@@ -2431,19 +4123,18 @@ static void __pyx_pf_3ssh_9connector_9Connector_2__dealloc__(struct __pyx_obj_3s
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._connector is not NULL:
  *             c_ssh.ssh_connector_free(self._connector)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/connector.pyx":63
+/* "ssh/connector.pyx":62
+ *             self._connector = NULL
  * 
- *     @staticmethod
- *     cdef Connector from_ptr(c_ssh.ssh_connector _connector, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Connector from_ptr(c_ssh.ssh_connector _connector, Session session):
  *         cdef Connector connector = Connector.__new__(Connector, session)
- *         connector._connector = _connector
- */
+*/
 
 static struct __pyx_obj_3ssh_9connector_Connector *__pyx_f_3ssh_9connector_9Connector_from_ptr(ssh_connector __pyx_v__connector, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session) {
   struct __pyx_obj_3ssh_9connector_Connector *__pyx_v_connector = 0;
@@ -2462,14 +4153,14 @@ static struct __pyx_obj_3ssh_9connector_Connector *__pyx_f_3ssh_9connector_9Conn
  *         cdef Connector connector = Connector.__new__(Connector, session)             # <<<<<<<<<<<<<<
  *         connector._connector = _connector
  *         return connector
- */
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 64, __pyx_L1_error)
+*/
+  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 64, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_session));
-  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_9connector_Connector(((PyTypeObject *)__pyx_ptype_3ssh_9connector_Connector), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 64, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_2));
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_session)) != (0)) __PYX_ERR(0, 64, __pyx_L1_error);
+  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_9connector_Connector(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_2);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_v_connector = ((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_t_2);
   __pyx_t_2 = 0;
@@ -2480,7 +4171,7 @@ static struct __pyx_obj_3ssh_9connector_Connector *__pyx_f_3ssh_9connector_9Conn
  *         connector._connector = _connector             # <<<<<<<<<<<<<<
  *         return connector
  * 
- */
+*/
   __pyx_v_connector->_connector = __pyx_v__connector;
 
   /* "ssh/connector.pyx":66
@@ -2489,19 +4180,19 @@ static struct __pyx_obj_3ssh_9connector_Connector *__pyx_f_3ssh_9connector_9Conn
  *         return connector             # <<<<<<<<<<<<<<
  * 
  *     def set_in_channel(self, Channel channel, Flag flag):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v_connector));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v_connector);
   __pyx_r = __pyx_v_connector;
   goto __pyx_L0;
 
-  /* "ssh/connector.pyx":63
+  /* "ssh/connector.pyx":62
+ *             self._connector = NULL
  * 
- *     @staticmethod
- *     cdef Connector from_ptr(c_ssh.ssh_connector _connector, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Connector from_ptr(c_ssh.ssh_connector _connector, Session session):
  *         cdef Connector connector = Connector.__new__(Connector, session)
- *         connector._connector = _connector
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2522,75 +4213,109 @@ static struct __pyx_obj_3ssh_9connector_Connector *__pyx_f_3ssh_9connector_9Conn
  *     def set_in_channel(self, Channel channel, Flag flag):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_5set_in_channel(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_9connector_9Connector_4set_in_channel[] = "Connector.set_in_channel(self, Channel channel, Flag flag)";
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_5set_in_channel(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_5set_in_channel(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_9Connector_4set_in_channel, "Connector.set_in_channel(self, Channel channel, Flag flag)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_9Connector_5set_in_channel = {"set_in_channel", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_5set_in_channel, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_4set_in_channel};
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_5set_in_channel(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel = 0;
   struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_flag = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_in_channel (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_channel,&__pyx_n_s_flag,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_channel,&__pyx_mstate_global->__pyx_n_u_flag,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 68, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 68, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 68, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_channel)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_flag)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("set_in_channel", 1, 2, 2, 1); __PYX_ERR(1, 68, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "set_in_channel") < 0)) __PYX_ERR(1, 68, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_in_channel", 0) < 0) __PYX_ERR(0, 68, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_in_channel", 1, 2, 2, i); __PYX_ERR(0, 68, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 68, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 68, __pyx_L3_error)
     }
     __pyx_v_channel = ((struct __pyx_obj_3ssh_7channel_Channel *)values[0]);
     __pyx_v_flag = ((struct __pyx_obj_3ssh_9connector_Flag *)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("set_in_channel", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(1, 68, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("set_in_channel", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 68, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.connector.Connector.set_in_channel", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_channel), __pyx_ptype_3ssh_7channel_Channel, 1, "channel", 0))) __PYX_ERR(1, 68, __pyx_L1_error)
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_flag), __pyx_ptype_3ssh_9connector_Flag, 1, "flag", 0))) __PYX_ERR(1, 68, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_channel), __pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, 1, "channel", 0))) __PYX_ERR(0, 68, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_flag), __pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag, 1, "flag", 0))) __PYX_ERR(0, 68, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_9connector_9Connector_4set_in_channel(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), __pyx_v_channel, __pyx_v_flag);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2612,13 +4337,12 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_4set_in_channel(struct __py
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_connector_set_in_channel(
  *                 self._connector, channel._channel, flag._flag)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/connector.pyx":71
@@ -2627,7 +4351,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_4set_in_channel(struct __py
  *             rc = c_ssh.ssh_connector_set_in_channel(             # <<<<<<<<<<<<<<
  *                 self._connector, channel._channel, flag._flag)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
         __pyx_v_rc = ssh_connector_set_in_channel(__pyx_v_self->_connector, __pyx_v_channel->_channel, __pyx_v_flag->_flag);
       }
 
@@ -2637,13 +4361,11 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_4set_in_channel(struct __py
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_connector_set_in_channel(
  *                 self._connector, channel._channel, flag._flag)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2656,10 +4378,10 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_4set_in_channel(struct __py
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def set_out_channel(self, Channel channel, Flag flag):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(1, 73, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 73, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 73, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2671,7 +4393,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_4set_in_channel(struct __py
  *     def set_in_channel(self, Channel channel, Flag flag):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2690,75 +4412,109 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_4set_in_channel(struct __py
  *     def set_out_channel(self, Channel channel, Flag flag):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_7set_out_channel(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_9connector_9Connector_6set_out_channel[] = "Connector.set_out_channel(self, Channel channel, Flag flag)";
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_7set_out_channel(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_7set_out_channel(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_9Connector_6set_out_channel, "Connector.set_out_channel(self, Channel channel, Flag flag)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_9Connector_7set_out_channel = {"set_out_channel", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_7set_out_channel, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_6set_out_channel};
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_7set_out_channel(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel = 0;
   struct __pyx_obj_3ssh_9connector_Flag *__pyx_v_flag = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_out_channel (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_channel,&__pyx_n_s_flag,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_channel,&__pyx_mstate_global->__pyx_n_u_flag,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 75, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 75, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 75, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_channel)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_flag)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("set_out_channel", 1, 2, 2, 1); __PYX_ERR(1, 75, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "set_out_channel") < 0)) __PYX_ERR(1, 75, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_out_channel", 0) < 0) __PYX_ERR(0, 75, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_out_channel", 1, 2, 2, i); __PYX_ERR(0, 75, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 75, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 75, __pyx_L3_error)
     }
     __pyx_v_channel = ((struct __pyx_obj_3ssh_7channel_Channel *)values[0]);
     __pyx_v_flag = ((struct __pyx_obj_3ssh_9connector_Flag *)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("set_out_channel", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(1, 75, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("set_out_channel", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 75, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.connector.Connector.set_out_channel", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_channel), __pyx_ptype_3ssh_7channel_Channel, 1, "channel", 0))) __PYX_ERR(1, 75, __pyx_L1_error)
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_flag), __pyx_ptype_3ssh_9connector_Flag, 1, "flag", 0))) __PYX_ERR(1, 75, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_channel), __pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, 1, "channel", 0))) __PYX_ERR(0, 75, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_flag), __pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag, 1, "flag", 0))) __PYX_ERR(0, 75, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_9connector_9Connector_6set_out_channel(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), __pyx_v_channel, __pyx_v_flag);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2780,13 +4536,12 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_6set_out_channel(struct __p
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_connector_set_out_channel(
  *                 self._connector, channel._channel, flag._flag)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/connector.pyx":78
@@ -2795,7 +4550,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_6set_out_channel(struct __p
  *             rc = c_ssh.ssh_connector_set_out_channel(             # <<<<<<<<<<<<<<
  *                 self._connector, channel._channel, flag._flag)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
         __pyx_v_rc = ssh_connector_set_out_channel(__pyx_v_self->_connector, __pyx_v_channel->_channel, __pyx_v_flag->_flag);
       }
 
@@ -2805,13 +4560,11 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_6set_out_channel(struct __p
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_connector_set_out_channel(
  *                 self._connector, channel._channel, flag._flag)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2824,10 +4577,10 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_6set_out_channel(struct __p
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def set_in_fd(self, socket):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(1, 80, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 80, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 80, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 80, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2839,7 +4592,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_6set_out_channel(struct __p
  *     def set_out_channel(self, Channel channel, Flag flag):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2858,18 +4611,90 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_6set_out_channel(struct __p
  *     def set_in_fd(self, socket):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_9set_in_fd(PyObject *__pyx_v_self, PyObject *__pyx_v_socket); /*proto*/
-static char __pyx_doc_3ssh_9connector_9Connector_8set_in_fd[] = "Connector.set_in_fd(self, socket)";
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_9set_in_fd(PyObject *__pyx_v_self, PyObject *__pyx_v_socket) {
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_9set_in_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_9Connector_8set_in_fd, "Connector.set_in_fd(self, socket)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_9Connector_9set_in_fd = {"set_in_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_9set_in_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_8set_in_fd};
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_9set_in_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_socket = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_in_fd (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_9connector_9Connector_8set_in_fd(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), ((PyObject *)__pyx_v_socket));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_socket,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 82, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 82, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_in_fd", 0) < 0) __PYX_ERR(0, 82, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_in_fd", 1, 1, 1, i); __PYX_ERR(0, 82, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 82, __pyx_L3_error)
+    }
+    __pyx_v_socket = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_in_fd", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 82, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.connector.Connector.set_in_fd", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_9connector_9Connector_8set_in_fd(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), __pyx_v_socket);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2890,8 +4715,8 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_8set_in_fd(struct __pyx_obj
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_connector_set_in_fd(self._connector, _sock)
- */
-  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(1, 83, __pyx_L1_error)
+*/
+  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 83, __pyx_L1_error)
   __pyx_v__sock = __pyx_t_1;
 
   /* "ssh/connector.pyx":84
@@ -2900,13 +4725,12 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_8set_in_fd(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_connector_set_in_fd(self._connector, _sock)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/connector.pyx":85
@@ -2915,7 +4739,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_8set_in_fd(struct __pyx_obj
  *             c_ssh.ssh_connector_set_in_fd(self._connector, _sock)             # <<<<<<<<<<<<<<
  * 
  *     def set_out_fd(self, socket):
- */
+*/
         ssh_connector_set_in_fd(__pyx_v_self->_connector, __pyx_v__sock);
       }
 
@@ -2925,13 +4749,11 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_8set_in_fd(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_connector_set_in_fd(self._connector, _sock)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2944,7 +4766,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_8set_in_fd(struct __pyx_obj
  *     def set_in_fd(self, socket):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2964,18 +4786,90 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_8set_in_fd(struct __pyx_obj
  *     def set_out_fd(self, socket):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_11set_out_fd(PyObject *__pyx_v_self, PyObject *__pyx_v_socket); /*proto*/
-static char __pyx_doc_3ssh_9connector_9Connector_10set_out_fd[] = "Connector.set_out_fd(self, socket)";
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_11set_out_fd(PyObject *__pyx_v_self, PyObject *__pyx_v_socket) {
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_11set_out_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_9Connector_10set_out_fd, "Connector.set_out_fd(self, socket)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_9Connector_11set_out_fd = {"set_out_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_11set_out_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_10set_out_fd};
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_11set_out_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_socket = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_out_fd (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_9connector_9Connector_10set_out_fd(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), ((PyObject *)__pyx_v_socket));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_socket,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 87, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 87, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_out_fd", 0) < 0) __PYX_ERR(0, 87, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_out_fd", 1, 1, 1, i); __PYX_ERR(0, 87, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 87, __pyx_L3_error)
+    }
+    __pyx_v_socket = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_out_fd", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 87, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.connector.Connector.set_out_fd", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_9connector_9Connector_10set_out_fd(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), __pyx_v_socket);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2996,8 +4890,8 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_10set_out_fd(struct __pyx_o
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_connector_set_out_fd(self._connector, _sock)
- */
-  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(1, 88, __pyx_L1_error)
+*/
+  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 88, __pyx_L1_error)
   __pyx_v__sock = __pyx_t_1;
 
   /* "ssh/connector.pyx":89
@@ -3005,20 +4899,19 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_10set_out_fd(struct __pyx_o
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_connector_set_out_fd(self._connector, _sock)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/connector.pyx":90
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:
  *             c_ssh.ssh_connector_set_out_fd(self._connector, _sock)             # <<<<<<<<<<<<<<
- */
+*/
         ssh_connector_set_out_fd(__pyx_v_self->_connector, __pyx_v__sock);
       }
 
@@ -3027,13 +4920,11 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_10set_out_fd(struct __pyx_o
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_connector_set_out_fd(self._connector, _sock)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3046,7 +4937,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_10set_out_fd(struct __pyx_o
  *     def set_out_fd(self, socket):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -3066,14 +4957,16 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_10set_out_fd(struct __pyx_o
  *     cdef readonly Session session             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_9connector_9Connector_7session_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_9connector_9Connector_7session_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_9connector_9Connector_7session___get__(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self));
 
   /* function exit code */
@@ -3086,7 +4979,7 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_7session___get__(struct __p
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->session));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->session);
   __pyx_r = ((PyObject *)__pyx_v_self->session);
   goto __pyx_L0;
 
@@ -3099,17 +4992,46 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_7session___get__(struct __p
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_9connector_9Connector_12__reduce_cython__[] = "Connector.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_9Connector_12__reduce_cython__, "Connector.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_9Connector_13__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_12__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_9connector_9Connector_12__reduce_cython__(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self));
 
   /* function exit code */
@@ -3120,7 +5042,6 @@ static PyObject *__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__(PyObjec
 static PyObject *__pyx_pf_3ssh_9connector_9Connector_12__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_9connector_Connector *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3128,25 +5049,21 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_12__reduce_cython__(CYTHON_
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.connector.Connector.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3156,21 +5073,93 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_12__reduce_cython__(CYTHON_
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_9connector_9Connector_14__setstate_cython__[] = "Connector.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector_9Connector_14__setstate_cython__, "Connector.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_9Connector_15__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_14__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_9connector_9Connector_14__setstate_cython__(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.connector.Connector.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_9connector_9Connector_14__setstate_cython__(((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3178,33 +5167,28 @@ static PyObject *__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_9connector_9Connector_14__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_9connector_Connector *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.connector.Connector.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3216,74 +5200,96 @@ static PyObject *__pyx_pf_3ssh_9connector_9Connector_14__setstate_cython__(CYTHO
  * def __pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_9connector___pyx_unpickle_Flag[] = "__pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state)";
-static PyMethodDef __pyx_mdef_3ssh_9connector_1__pyx_unpickle_Flag = {"__pyx_unpickle_Flag", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_9connector___pyx_unpickle_Flag};
-static PyObject *__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_9connector___pyx_unpickle_Flag, "__pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_9connector_1__pyx_unpickle_Flag = {"__pyx_unpickle_Flag", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector___pyx_unpickle_Flag};
+static PyObject *__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v___pyx_type = 0;
   long __pyx_v___pyx_checksum;
   PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__pyx_unpickle_Flag (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_pyx_type,&__pyx_n_s_pyx_checksum,&__pyx_n_s_pyx_state,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_type,&__pyx_mstate_global->__pyx_n_u_pyx_checksum,&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 1, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(1, 1, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(1, 1, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 1, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_pyx_type)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_pyx_checksum)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Flag", 1, 3, 3, 1); __PYX_ERR(0, 1, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_pyx_state)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Flag", 1, 3, 3, 2); __PYX_ERR(0, 1, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "__pyx_unpickle_Flag") < 0)) __PYX_ERR(0, 1, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__pyx_unpickle_Flag", 0) < 0) __PYX_ERR(1, 1, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Flag", 1, 3, 3, i); __PYX_ERR(1, 1, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 1, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(1, 1, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(1, 1, __pyx_L3_error)
     }
     __pyx_v___pyx_type = values[0];
-    __pyx_v___pyx_checksum = __Pyx_PyInt_As_long(values[1]); if (unlikely((__pyx_v___pyx_checksum == (long)-1) && PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L3_error)
+    __pyx_v___pyx_checksum = __Pyx_PyLong_As_long(values[1]); if (unlikely((__pyx_v___pyx_checksum == (long)-1) && PyErr_Occurred())) __PYX_ERR(1, 1, __pyx_L3_error)
     __pyx_v___pyx_state = values[2];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Flag", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 1, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Flag", 1, 3, 3, __pyx_nargs); __PYX_ERR(1, 1, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.connector.__pyx_unpickle_Flag", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3291,6 +5297,9 @@ static PyObject *__pyx_pw_3ssh_9connector_1__pyx_unpickle_Flag(PyObject *__pyx_s
   __pyx_r = __pyx_pf_3ssh_9connector___pyx_unpickle_Flag(__pyx_self, __pyx_v___pyx_type, __pyx_v___pyx_checksum, __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3302,10 +5311,8 @@ static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyOb
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   int __pyx_t_2;
-  int __pyx_t_3;
-  PyObject *__pyx_t_4 = NULL;
-  PyObject *__pyx_t_5 = NULL;
-  PyObject *__pyx_t_6 = NULL;
+  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_4;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3314,117 +5321,91 @@ static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyOb
   /* "(tree fragment)":4
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- *     if __pyx_checksum not in (0xdef5ff3, 0xe72667f, 0x5913c31):             # <<<<<<<<<<<<<<
+ *     if __pyx_checksum not in (0xe72667f, 0x5913c31, 0xdef5ff3):             # <<<<<<<<<<<<<<
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)
- */
-  __pyx_t_1 = __Pyx_PyInt_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
+*/
+  __pyx_t_1 = __Pyx_PyLong_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = (__Pyx_PySequence_ContainsTF(__pyx_t_1, __pyx_tuple__3, Py_NE)); if (unlikely(__pyx_t_2 < 0)) __PYX_ERR(0, 4, __pyx_L1_error)
+  __pyx_t_2 = (__Pyx_PySequence_ContainsTF(__pyx_t_1, __pyx_mstate_global->__pyx_tuple[0], Py_NE)); if (unlikely((__pyx_t_2 < 0))) __PYX_ERR(1, 4, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_3 = (__pyx_t_2 != 0);
-  if (__pyx_t_3) {
+  if (__pyx_t_2) {
 
     /* "(tree fragment)":5
  *     cdef object __pyx_result
- *     if __pyx_checksum not in (0xdef5ff3, 0xe72667f, 0x5913c31):
+ *     if __pyx_checksum not in (0xe72667f, 0x5913c31, 0xdef5ff3):
  *         from pickle import PickleError as __pyx_PickleError             # <<<<<<<<<<<<<<
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
  *     __pyx_result = Flag.__new__(__pyx_type)
- */
-    __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 5, __pyx_L1_error)
+*/
+    __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_INCREF(__pyx_n_s_PickleError);
-    __Pyx_GIVEREF(__pyx_n_s_PickleError);
-    PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_PickleError);
-    __pyx_t_4 = __Pyx_Import(__pyx_n_s_pickle, __pyx_t_1, -1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 5, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_n_u_PickleError);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_n_u_PickleError);
+    if (__Pyx_PyList_SET_ITEM(__pyx_t_1, 0, __pyx_mstate_global->__pyx_n_u_PickleError) != (0)) __PYX_ERR(1, 5, __pyx_L1_error);
+    __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_pickle, __pyx_t_1, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_4, __pyx_n_s_PickleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 5, __pyx_L1_error)
+    __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_PickleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_INCREF(__pyx_t_1);
     __pyx_v___pyx_PickleError = __pyx_t_1;
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
     /* "(tree fragment)":6
- *     if __pyx_checksum not in (0xdef5ff3, 0xe72667f, 0x5913c31):
+ *     if __pyx_checksum not in (0xe72667f, 0x5913c31, 0xdef5ff3):
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)             # <<<<<<<<<<<<<<
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum             # <<<<<<<<<<<<<<
  *     __pyx_result = Flag.__new__(__pyx_type)
  *     if __pyx_state is not None:
- */
-    __pyx_t_1 = __Pyx_PyInt_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 6, __pyx_L1_error)
+*/
+    __pyx_t_3 = __Pyx_PyLong_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 6, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = PyUnicode_Format(__pyx_mstate_global->__pyx_kp_u_Incompatible_checksums_0x_x_vs_0, __pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 6, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __pyx_t_5 = __Pyx_PyString_Format(__pyx_kp_s_Incompatible_checksums_0x_x_vs_0, __pyx_t_1); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 6, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __Pyx_INCREF(__pyx_v___pyx_PickleError);
-    __pyx_t_1 = __pyx_v___pyx_PickleError; __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_1))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_1);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_1);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_1, function);
-      }
-    }
-    __pyx_t_4 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_1, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_1, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 6, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
+    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+    __Pyx_Raise(__pyx_v___pyx_PickleError, __pyx_t_1, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __Pyx_Raise(__pyx_t_4, 0, 0, 0);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __PYX_ERR(0, 6, __pyx_L1_error)
+    __PYX_ERR(1, 6, __pyx_L1_error)
 
     /* "(tree fragment)":4
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- *     if __pyx_checksum not in (0xdef5ff3, 0xe72667f, 0x5913c31):             # <<<<<<<<<<<<<<
+ *     if __pyx_checksum not in (0xe72667f, 0x5913c31, 0xdef5ff3):             # <<<<<<<<<<<<<<
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)
- */
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
+*/
   }
 
   /* "(tree fragment)":7
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
  *     __pyx_result = Flag.__new__(__pyx_type)             # <<<<<<<<<<<<<<
  *     if __pyx_state is not None:
  *         __pyx_unpickle_Flag__set_state(<Flag> __pyx_result, __pyx_state)
- */
-  __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_ptype_3ssh_9connector_Flag), __pyx_n_s_new); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 7, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_5 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_1))) {
-    __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_1);
-    if (likely(__pyx_t_5)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_1);
-      __Pyx_INCREF(__pyx_t_5);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_1, function);
-    }
-  }
-  __pyx_t_4 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_1, __pyx_t_5, __pyx_v___pyx_type) : __Pyx_PyObject_CallOneArg(__pyx_t_1, __pyx_v___pyx_type);
-  __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-  if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 7, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_4);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_v___pyx_result = __pyx_t_4;
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag);
+  __Pyx_INCREF(__pyx_t_3);
   __pyx_t_4 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_v___pyx_type};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_new, __pyx_callargs+__pyx_t_4, (2-__pyx_t_4) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 7, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+  }
+  __pyx_v___pyx_result = __pyx_t_1;
+  __pyx_t_1 = 0;
 
   /* "(tree fragment)":8
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
  *     __pyx_result = Flag.__new__(__pyx_type)
  *     if __pyx_state is not None:             # <<<<<<<<<<<<<<
  *         __pyx_unpickle_Flag__set_state(<Flag> __pyx_result, __pyx_state)
  *     return __pyx_result
- */
-  __pyx_t_3 = (__pyx_v___pyx_state != Py_None);
-  __pyx_t_2 = (__pyx_t_3 != 0);
+*/
+  __pyx_t_2 = (__pyx_v___pyx_state != Py_None);
   if (__pyx_t_2) {
 
     /* "(tree fragment)":9
@@ -3433,19 +5414,19 @@ static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyOb
  *         __pyx_unpickle_Flag__set_state(<Flag> __pyx_result, __pyx_state)             # <<<<<<<<<<<<<<
  *     return __pyx_result
  * cdef __pyx_unpickle_Flag__set_state(Flag __pyx_result, tuple __pyx_state):
- */
-    if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "tuple", Py_TYPE(__pyx_v___pyx_state)->tp_name), 0))) __PYX_ERR(0, 9, __pyx_L1_error)
-    __pyx_t_4 = __pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v___pyx_result), ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 9, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+*/
+    if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None) || __Pyx_RaiseUnexpectedTypeError("tuple", __pyx_v___pyx_state))) __PYX_ERR(1, 9, __pyx_L1_error)
+    __pyx_t_1 = __pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(((struct __pyx_obj_3ssh_9connector_Flag *)__pyx_v___pyx_result), ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 9, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
     /* "(tree fragment)":8
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0xdef5ff3, 0xe72667f, 0x5913c31) = (_flag))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
  *     __pyx_result = Flag.__new__(__pyx_type)
  *     if __pyx_state is not None:             # <<<<<<<<<<<<<<
  *         __pyx_unpickle_Flag__set_state(<Flag> __pyx_result, __pyx_state)
  *     return __pyx_result
- */
+*/
   }
 
   /* "(tree fragment)":10
@@ -3454,7 +5435,7 @@ static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyOb
  *     return __pyx_result             # <<<<<<<<<<<<<<
  * cdef __pyx_unpickle_Flag__set_state(Flag __pyx_result, tuple __pyx_state):
  *     __pyx_result._flag = __pyx_state[0]
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v___pyx_result);
   __pyx_r = __pyx_v___pyx_result;
@@ -3464,14 +5445,12 @@ static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyOb
  * def __pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_4);
-  __Pyx_XDECREF(__pyx_t_5);
-  __Pyx_XDECREF(__pyx_t_6);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.connector.__pyx_unpickle_Flag", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3488,7 +5467,7 @@ static PyObject *__pyx_pf_3ssh_9connector___pyx_unpickle_Flag(CYTHON_UNUSED PyOb
  * cdef __pyx_unpickle_Flag__set_state(Flag __pyx_result, tuple __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_result._flag = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
- */
+*/
 
 static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct __pyx_obj_3ssh_9connector_Flag *__pyx_v___pyx_result, PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
@@ -3497,10 +5476,10 @@ static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct _
   int __pyx_t_2;
   Py_ssize_t __pyx_t_3;
   int __pyx_t_4;
-  int __pyx_t_5;
+  PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
   PyObject *__pyx_t_7 = NULL;
-  PyObject *__pyx_t_8 = NULL;
+  size_t __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3512,12 +5491,12 @@ static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct _
  *     __pyx_result._flag = __pyx_state[0]             # <<<<<<<<<<<<<<
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
  *         __pyx_result.__dict__.update(__pyx_state[1])
- */
+*/
   if (unlikely(__pyx_v___pyx_state == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "'NoneType' object is not subscriptable");
-    __PYX_ERR(0, 12, __pyx_L1_error)
+    __PYX_ERR(1, 12, __pyx_L1_error)
   }
-  __pyx_t_1 = ((enum ssh_connector_flags_e)__Pyx_PyInt_As_enum__ssh_connector_flags_e(PyTuple_GET_ITEM(__pyx_v___pyx_state, 0))); if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 12, __pyx_L1_error)
+  __pyx_t_1 = ((enum ssh_connector_flags_e)__Pyx_PyLong_As_enum__ssh_connector_flags_e(__Pyx_PyTuple_GET_ITEM(__pyx_v___pyx_state, 0))); if (unlikely(PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error)
   __pyx_v___pyx_result->_flag = __pyx_t_1;
 
   /* "(tree fragment)":13
@@ -3525,21 +5504,20 @@ static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct _
  *     __pyx_result._flag = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):             # <<<<<<<<<<<<<<
  *         __pyx_result.__dict__.update(__pyx_state[1])
- */
+*/
   if (unlikely(__pyx_v___pyx_state == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "object of type 'NoneType' has no len()");
-    __PYX_ERR(0, 13, __pyx_L1_error)
+    __PYX_ERR(1, 13, __pyx_L1_error)
   }
-  __pyx_t_3 = PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(0, 13, __pyx_L1_error)
-  __pyx_t_4 = ((__pyx_t_3 > 1) != 0);
+  __pyx_t_3 = __Pyx_PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(1, 13, __pyx_L1_error)
+  __pyx_t_4 = (__pyx_t_3 > 1);
   if (__pyx_t_4) {
   } else {
     __pyx_t_2 = __pyx_t_4;
     goto __pyx_L4_bool_binop_done;
   }
-  __pyx_t_4 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 13, __pyx_L1_error)
-  __pyx_t_5 = (__pyx_t_4 != 0);
-  __pyx_t_2 = __pyx_t_5;
+  __pyx_t_4 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_mstate_global->__pyx_n_u_dict); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(1, 13, __pyx_L1_error)
+  __pyx_t_2 = __pyx_t_4;
   __pyx_L4_bool_binop_done:;
   if (__pyx_t_2) {
 
@@ -3547,39 +5525,32 @@ static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct _
  *     __pyx_result._flag = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
  *         __pyx_result.__dict__.update(__pyx_state[1])             # <<<<<<<<<<<<<<
- */
-    __pyx_t_7 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 14, __pyx_L1_error)
+*/
+    __pyx_t_7 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_mstate_global->__pyx_n_u_dict); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_7);
-    __pyx_t_8 = __Pyx_PyObject_GetAttrStr(__pyx_t_7, __pyx_n_s_update); if (unlikely(!__pyx_t_8)) __PYX_ERR(0, 14, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_8);
-    __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+    __pyx_t_6 = __pyx_t_7;
+    __Pyx_INCREF(__pyx_t_6);
     if (unlikely(__pyx_v___pyx_state == Py_None)) {
       PyErr_SetString(PyExc_TypeError, "'NoneType' object is not subscriptable");
-      __PYX_ERR(0, 14, __pyx_L1_error)
-    }
-    __pyx_t_7 = NULL;
-    if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_8))) {
-      __pyx_t_7 = PyMethod_GET_SELF(__pyx_t_8);
-      if (likely(__pyx_t_7)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_8);
-        __Pyx_INCREF(__pyx_t_7);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_8, function);
-      }
+      __PYX_ERR(1, 14, __pyx_L1_error)
+    }
+    __pyx_t_8 = 0;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_6, __Pyx_PyTuple_GET_ITEM(__pyx_v___pyx_state, 1)};
+      __pyx_t_5 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_update, __pyx_callargs+__pyx_t_8, (2-__pyx_t_8) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+      if (unlikely(!__pyx_t_5)) __PYX_ERR(1, 14, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_5);
     }
-    __pyx_t_6 = (__pyx_t_7) ? __Pyx_PyObject_Call2Args(__pyx_t_8, __pyx_t_7, PyTuple_GET_ITEM(__pyx_v___pyx_state, 1)) : __Pyx_PyObject_CallOneArg(__pyx_t_8, PyTuple_GET_ITEM(__pyx_v___pyx_state, 1));
-    __Pyx_XDECREF(__pyx_t_7); __pyx_t_7 = 0;
-    if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 14, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_6);
-    __Pyx_DECREF(__pyx_t_8); __pyx_t_8 = 0;
-    __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
 
     /* "(tree fragment)":13
  * cdef __pyx_unpickle_Flag__set_state(Flag __pyx_result, tuple __pyx_state):
  *     __pyx_result._flag = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):             # <<<<<<<<<<<<<<
  *         __pyx_result.__dict__.update(__pyx_state[1])
- */
+*/
   }
 
   /* "(tree fragment)":11
@@ -3588,15 +5559,15 @@ static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct _
  * cdef __pyx_unpickle_Flag__set_state(Flag __pyx_result, tuple __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_result._flag = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
   goto __pyx_L0;
   __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_5);
   __Pyx_XDECREF(__pyx_t_6);
   __Pyx_XDECREF(__pyx_t_7);
-  __Pyx_XDECREF(__pyx_t_8);
   __Pyx_AddTraceback("ssh.connector.__pyx_unpickle_Flag__set_state", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = 0;
   __pyx_L0:;
@@ -3604,17 +5575,23 @@ static PyObject *__pyx_f_3ssh_9connector___pyx_unpickle_Flag__set_state(struct _
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_9connector_Flag __pyx_vtable_3ssh_9connector_Flag;
 
 static PyObject *__pyx_tp_new_3ssh_9connector_Flag(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_9connector_Flag *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_9connector_Flag *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_9connector_Flag;
   return o;
@@ -3622,11 +5599,20 @@ static PyObject *__pyx_tp_new_3ssh_9connector_Flag(PyTypeObject *t, CYTHON_UNUSE
 
 static void __pyx_tp_dealloc_3ssh_9connector_Flag(PyObject *o) {
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && (!PyType_IS_GC(Py_TYPE(o)) || !_PyGC_FINALIZED(o))) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && (!PyType_IS_GC(Py_TYPE(o)) || !__Pyx_PyObject_GC_IsFinalized(o))) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_9connector_Flag) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static PyObject *__pyx_tp_richcompare_3ssh_9connector_Flag(PyObject *o1, PyObject *o2, int op) {
@@ -3638,7 +5624,8 @@ static PyObject *__pyx_tp_richcompare_3ssh_9connector_Flag(PyObject *o1, PyObjec
       PyObject *ret;
       ret = __pyx_pw_3ssh_9connector_4Flag_1__eq__(o1, o2);
       if (likely(ret && ret != Py_NotImplemented)) {
-        int b = __Pyx_PyObject_IsTrue(ret); Py_DECREF(ret);
+        int b = __Pyx_PyObject_IsTrue(ret);
+        Py_DECREF(ret);
         if (unlikely(b < 0)) return NULL;
         ret = (b) ? Py_False : Py_True;
         Py_INCREF(ret);
@@ -3652,14 +5639,32 @@ static PyObject *__pyx_tp_richcompare_3ssh_9connector_Flag(PyObject *o1, PyObjec
 }
 
 static PyMethodDef __pyx_methods_3ssh_9connector_Flag[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_9connector_4Flag_6__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__, METH_O, __pyx_doc_3ssh_9connector_4Flag_8__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_4Flag_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_4Flag_6__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_4Flag_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_4Flag_8__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_9connector_Flag_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_9connector_Flag},
+  {Py_tp_repr, (void *)__pyx_pw_3ssh_9connector_4Flag_5__repr__},
+  {Py_tp_str, (void *)__pyx_pw_3ssh_9connector_4Flag_3__str__},
+  {Py_tp_richcompare, (void *)__pyx_tp_richcompare_3ssh_9connector_Flag},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_9connector_Flag},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_9connector_Flag},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_9connector_Flag_spec = {
+  "ssh.connector.Flag",
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_9connector_Flag_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_9connector_Flag = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.connector.Flag", /*tp_name*/
+  "ssh.connector.""Flag", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_9connector_Flag), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_9connector_Flag, /*tp_dealloc*/
@@ -3671,12 +5676,7 @@ static PyTypeObject __pyx_type_3ssh_9connector_Flag = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   __pyx_pw_3ssh_9connector_4Flag_5__repr__, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -3702,7 +5702,9 @@ static PyTypeObject __pyx_type_3ssh_9connector_Flag = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_9connector_Flag, /*tp_new*/
@@ -3715,30 +5717,44 @@ static PyTypeObject __pyx_type_3ssh_9connector_Flag = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 static struct __pyx_vtabstruct_3ssh_9connector_Connector __pyx_vtable_3ssh_9connector_Connector;
 
 static PyObject *__pyx_tp_new_3ssh_9connector_Connector(PyTypeObject *t, PyObject *a, PyObject *k) {
   struct __pyx_obj_3ssh_9connector_Connector *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_9connector_Connector *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_9connector_Connector;
   p->session = ((struct __pyx_obj_3ssh_7session_Session *)Py_None); Py_INCREF(Py_None);
@@ -3752,8 +5768,10 @@ static PyObject *__pyx_tp_new_3ssh_9connector_Connector(PyTypeObject *t, PyObjec
 static void __pyx_tp_dealloc_3ssh_9connector_Connector(PyObject *o) {
   struct __pyx_obj_3ssh_9connector_Connector *p = (struct __pyx_obj_3ssh_9connector_Connector *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_9connector_Connector) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -3766,12 +5784,23 @@ static void __pyx_tp_dealloc_3ssh_9connector_Connector(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->session);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_9connector_Connector(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_9connector_Connector *p = (struct __pyx_obj_3ssh_9connector_Connector *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->session) {
     e = (*v)(((PyObject *)p->session), a); if (e) return e;
   }
@@ -3792,23 +5821,41 @@ static PyObject *__pyx_getprop_3ssh_9connector_9Connector_session(PyObject *o, C
 }
 
 static PyMethodDef __pyx_methods_3ssh_9connector_Connector[] = {
-  {"set_in_channel", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_9connector_9Connector_5set_in_channel, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_4set_in_channel},
-  {"set_out_channel", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_9connector_9Connector_7set_out_channel, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_6set_out_channel},
-  {"set_in_fd", (PyCFunction)__pyx_pw_3ssh_9connector_9Connector_9set_in_fd, METH_O, __pyx_doc_3ssh_9connector_9Connector_8set_in_fd},
-  {"set_out_fd", (PyCFunction)__pyx_pw_3ssh_9connector_9Connector_11set_out_fd, METH_O, __pyx_doc_3ssh_9connector_9Connector_10set_out_fd},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_9connector_9Connector_12__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__, METH_O, __pyx_doc_3ssh_9connector_9Connector_14__setstate_cython__},
+  {"set_in_channel", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_5set_in_channel, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_4set_in_channel},
+  {"set_out_channel", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_7set_out_channel, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_6set_out_channel},
+  {"set_in_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_9set_in_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_8set_in_fd},
+  {"set_out_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_11set_out_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_10set_out_fd},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_13__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_12__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_9connector_9Connector_15__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_9connector_9Connector_14__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_9connector_Connector[] = {
-  {(char *)"session", __pyx_getprop_3ssh_9connector_9Connector_session, 0, (char *)0, 0},
+  {"session", __pyx_getprop_3ssh_9connector_9Connector_session, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_9connector_Connector_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_9connector_Connector},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_9connector_Connector},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_9connector_Connector},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_9connector_Connector},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_9connector_Connector},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_9connector_Connector},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_9connector_Connector_spec = {
+  "ssh.connector.Connector",
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_9connector_Connector_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_9connector_Connector = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.connector.Connector", /*tp_name*/
+  "ssh.connector.""Connector", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_9connector_Connector), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_9connector_Connector, /*tp_dealloc*/
@@ -3820,12 +5867,7 @@ static PyTypeObject __pyx_type_3ssh_9connector_Connector = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -3851,7 +5893,9 @@ static PyTypeObject __pyx_type_3ssh_9connector_Connector = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_9connector_Connector, /*tp_new*/
@@ -3864,198 +5908,77 @@ static PyTypeObject __pyx_type_3ssh_9connector_Connector = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_connector(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_connector},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "connector",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_CONNECTOR_BOTH, __pyx_k_CONNECTOR_BOTH, sizeof(__pyx_k_CONNECTOR_BOTH), 0, 0, 1, 1},
-  {&__pyx_n_s_CONNECTOR_STDERR, __pyx_k_CONNECTOR_STDERR, sizeof(__pyx_k_CONNECTOR_STDERR), 0, 0, 1, 1},
-  {&__pyx_n_s_CONNECTOR_STDOUT, __pyx_k_CONNECTOR_STDOUT, sizeof(__pyx_k_CONNECTOR_STDOUT), 0, 0, 1, 1},
-  {&__pyx_n_s_Connector, __pyx_k_Connector, sizeof(__pyx_k_Connector), 0, 0, 1, 1},
-  {&__pyx_n_s_Flag, __pyx_k_Flag, sizeof(__pyx_k_Flag), 0, 0, 1, 1},
-  {&__pyx_kp_s_Incompatible_checksums_0x_x_vs_0, __pyx_k_Incompatible_checksums_0x_x_vs_0, sizeof(__pyx_k_Incompatible_checksums_0x_x_vs_0), 0, 0, 1, 0},
-  {&__pyx_n_s_PickleError, __pyx_k_PickleError, sizeof(__pyx_k_PickleError), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_channel, __pyx_k_channel, sizeof(__pyx_k_channel), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_dict, __pyx_k_dict, sizeof(__pyx_k_dict), 0, 0, 1, 1},
-  {&__pyx_n_s_flag, __pyx_k_flag, sizeof(__pyx_k_flag), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_new, __pyx_k_new, sizeof(__pyx_k_new), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_pickle, __pyx_k_pickle, sizeof(__pyx_k_pickle), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_PickleError, __pyx_k_pyx_PickleError, sizeof(__pyx_k_pyx_PickleError), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_checksum, __pyx_k_pyx_checksum, sizeof(__pyx_k_pyx_checksum), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_result, __pyx_k_pyx_result, sizeof(__pyx_k_pyx_result), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_state, __pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_type, __pyx_k_pyx_type, sizeof(__pyx_k_pyx_type), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_unpickle_Flag, __pyx_k_pyx_unpickle_Flag, sizeof(__pyx_k_pyx_unpickle_Flag), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_session, __pyx_k_session, sizeof(__pyx_k_session), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_connector, __pyx_k_ssh_connector, sizeof(__pyx_k_ssh_connector), 0, 0, 1, 1},
-  {&__pyx_n_s_str, __pyx_k_str, sizeof(__pyx_k_str), 0, 0, 1, 1},
-  {&__pyx_kp_s_stringsource, __pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 0, 1, 0},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {&__pyx_n_s_update, __pyx_k_update, sizeof(__pyx_k_update), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(0, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __pyx_tuple__3 = PyTuple_Pack(3, __pyx_int_233791475, __pyx_int_242378367, __pyx_int_93404209); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__3);
-  __Pyx_GIVEREF(__pyx_tuple__3);
-
-  /* "(tree fragment)":1
- * def __pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
- *     cdef object __pyx_PickleError
- *     cdef object __pyx_result
- */
-  __pyx_tuple__4 = PyTuple_Pack(5, __pyx_n_s_pyx_type, __pyx_n_s_pyx_checksum, __pyx_n_s_pyx_state, __pyx_n_s_pyx_PickleError, __pyx_n_s_pyx_result); if (unlikely(!__pyx_tuple__4)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__4);
-  __Pyx_GIVEREF(__pyx_tuple__4);
-  __pyx_codeobj__5 = (PyObject*)__Pyx_PyCode_New(3, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__4, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_stringsource, __pyx_n_s_pyx_unpickle_Flag, 1, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__5)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(1, 1, __pyx_L1_error);
-  __pyx_int_93404209 = PyInt_FromLong(93404209L); if (unlikely(!__pyx_int_93404209)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_int_233791475 = PyInt_FromLong(233791475L); if (unlikely(!__pyx_int_233791475)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_int_242378367 = PyInt_FromLong(242378367L); if (unlikely(!__pyx_int_242378367)) __PYX_ERR(1, 1, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4063,30 +5986,48 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_9connector_Flag = &__pyx_vtable_3ssh_9connector_Flag;
   __pyx_vtable_3ssh_9connector_Flag.from_flag = (struct __pyx_obj_3ssh_9connector_Flag *(*)(enum ssh_connector_flags_e))__pyx_f_3ssh_9connector_4Flag_from_flag;
-  if (PyType_Ready(&__pyx_type_3ssh_9connector_Flag) < 0) __PYX_ERR(1, 26, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_9connector_Flag.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_9connector_Flag_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag)) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_9connector_Flag_spec, __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag = &__pyx_type_3ssh_9connector_Flag;
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_9connector_Flag.tp_dictoffset && __pyx_type_3ssh_9connector_Flag.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_9connector_Flag.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_9connector_Flag.tp_dict, __pyx_vtabptr_3ssh_9connector_Flag) < 0) __PYX_ERR(1, 26, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Flag, (PyObject *)&__pyx_type_3ssh_9connector_Flag) < 0) __PYX_ERR(1, 26, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_9connector_Flag) < 0) __PYX_ERR(1, 26, __pyx_L1_error)
-  __pyx_ptype_3ssh_9connector_Flag = &__pyx_type_3ssh_9connector_Flag;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag, __pyx_vtabptr_3ssh_9connector_Flag) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Flag, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
   __pyx_vtabptr_3ssh_9connector_Connector = &__pyx_vtable_3ssh_9connector_Connector;
   __pyx_vtable_3ssh_9connector_Connector.from_ptr = (struct __pyx_obj_3ssh_9connector_Connector *(*)(ssh_connector, struct __pyx_obj_3ssh_7session_Session *))__pyx_f_3ssh_9connector_9Connector_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_9connector_Connector) < 0) __PYX_ERR(1, 52, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_9connector_Connector.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_9connector_Connector_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector)) __PYX_ERR(0, 52, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_9connector_Connector_spec, __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector = &__pyx_type_3ssh_9connector_Connector;
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_9connector_Connector.tp_dictoffset && __pyx_type_3ssh_9connector_Connector.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_9connector_Connector.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_9connector_Connector.tp_dict, __pyx_vtabptr_3ssh_9connector_Connector) < 0) __PYX_ERR(1, 52, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Connector, (PyObject *)&__pyx_type_3ssh_9connector_Connector) < 0) __PYX_ERR(1, 52, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_9connector_Connector) < 0) __PYX_ERR(1, 52, __pyx_L1_error)
-  __pyx_ptype_3ssh_9connector_Connector = &__pyx_type_3ssh_9connector_Connector;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector, __pyx_vtabptr_3ssh_9connector_Connector) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Connector, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -4094,45 +6035,75 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
-  __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 9, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 9, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_4type_type = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "type", 
+  __pyx_mstate->__pyx_ptype_7cpython_4type_type = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "type",
   #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
-  sizeof(PyTypeObject),
+  sizeof(PyTypeObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyTypeObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
   #else
-  sizeof(PyHeapTypeObject),
+  sizeof(PyHeapTypeObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyHeapTypeObject),
   #endif
-  __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_4type_type) __PYX_ERR(3, 9, __pyx_L1_error)
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_4type_type) __PYX_ERR(4, 9, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 8, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 8, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_4bool_bool = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "bool", sizeof(PyBoolObject), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_4bool_bool) __PYX_ERR(4, 8, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_7cpython_4bool_bool = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "bool",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(PyLongObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyLongObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
+  #else
+  sizeof(PyLongObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyLongObject),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_4bool_bool) __PYX_ERR(5, 8, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 15, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 16, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_7complex_complex = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "complex", sizeof(PyComplexObject), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_7complex_complex) __PYX_ERR(5, 15, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_7cpython_7complex_complex = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "complex",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(PyComplexObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyComplexObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
+  #else
+  sizeof(PyComplexObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyComplexObject),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_7complex_complex) __PYX_ERR(6, 16, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.channel"); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 22, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.channel"); if (unlikely(!__pyx_t_1)) __PYX_ERR(7, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7channel_Channel = __Pyx_ImportType(__pyx_t_1, "ssh.channel", "Channel", sizeof(struct __pyx_obj_3ssh_7channel_Channel), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7channel_Channel) __PYX_ERR(6, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_7channel_Channel = (struct __pyx_vtabstruct_3ssh_7channel_Channel*)__Pyx_GetVtable(__pyx_ptype_3ssh_7channel_Channel->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_7channel_Channel)) __PYX_ERR(6, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.channel", "Channel",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7channel_Channel),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7channel_Channel),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7channel_Channel),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) __PYX_ERR(7, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_7channel_Channel = (struct __pyx_vtabstruct_3ssh_7channel_Channel*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel); if (unlikely(!__pyx_vtabptr_3ssh_7channel_Channel)) __PYX_ERR(7, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -4142,25 +6113,27 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
-  __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(1, 1, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -4170,50 +6143,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_connector(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_connector},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "connector",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initconnector(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initconnector(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_connector(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_connector(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -4221,7 +6265,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -4236,10 +6282,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -4262,9 +6311,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_connector(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4275,9 +6329,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_connector(PyObject *__pyx_pyinit_m
     PyErr_SetString(PyExc_RuntimeError, "Module 'connector' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "connector" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -4287,88 +6369,82 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_connector(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_connector", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("connector", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(1, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__connector) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
-    PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(1, 1, __pyx_L1_error)
+    PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.connector")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.connector", __pyx_m) < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.connector", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     cdef tuple state
+ *     cdef object _dict
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_4Flag_7__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Flag___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":16
+ *     else:
+ *         return __pyx_unpickle_Flag, (type(self), 0xe72667f, state)
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     __pyx_unpickle_Flag__set_state(self, __pyx_state)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_4Flag_9__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Flag___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 16, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Flag, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 16, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/connector.pyx":44
  * 
@@ -4376,11 +6452,11 @@ if (!__Pyx_RefNanny) {
  * CONNECTOR_STDOUT = Flag.from_flag(             # <<<<<<<<<<<<<<
  *     c_ssh.ssh_connector_flags_e.SSH_CONNECTOR_STDOUT)
  * CONNECTOR_STDERR = Flag.from_flag(
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_9connector_4Flag_from_flag(SSH_CONNECTOR_STDOUT)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 44, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_CONNECTOR_STDOUT, __pyx_t_1) < 0) __PYX_ERR(1, 44, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_9connector_4Flag_from_flag(SSH_CONNECTOR_STDOUT)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 44, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_CONNECTOR_STDOUT, __pyx_t_2) < 0) __PYX_ERR(0, 44, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/connector.pyx":46
  * CONNECTOR_STDOUT = Flag.from_flag(
@@ -4388,11 +6464,11 @@ if (!__Pyx_RefNanny) {
  * CONNECTOR_STDERR = Flag.from_flag(             # <<<<<<<<<<<<<<
  *     c_ssh.ssh_connector_flags_e.SSH_CONNECTOR_STDERR)
  * CONNECTOR_BOTH = Flag.from_flag(
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_9connector_4Flag_from_flag(SSH_CONNECTOR_STDERR)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 46, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_CONNECTOR_STDERR, __pyx_t_1) < 0) __PYX_ERR(1, 46, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_9connector_4Flag_from_flag(SSH_CONNECTOR_STDERR)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_CONNECTOR_STDERR, __pyx_t_2) < 0) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/connector.pyx":48
  * CONNECTOR_STDERR = Flag.from_flag(
@@ -4400,42 +6476,121 @@ if (!__Pyx_RefNanny) {
  * CONNECTOR_BOTH = Flag.from_flag(             # <<<<<<<<<<<<<<
  *     c_ssh.ssh_connector_flags_e.SSH_CONNECTOR_BOTH)
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_9connector_4Flag_from_flag(SSH_CONNECTOR_BOTH)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 48, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_CONNECTOR_BOTH, __pyx_t_1) < 0) __PYX_ERR(1, 48, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_9connector_4Flag_from_flag(SSH_CONNECTOR_BOTH)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_CONNECTOR_BOTH, __pyx_t_2) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  /* "(tree fragment)":1
- * def __pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
- *     cdef object __pyx_PickleError
- *     cdef object __pyx_result
- */
-  __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_3ssh_9connector_1__pyx_unpickle_Flag, NULL, __pyx_n_s_ssh_connector); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_pyx_unpickle_Flag, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  /* "ssh/connector.pyx":68
+ *         return connector
+ * 
+ *     def set_in_channel(self, Channel channel, Flag flag):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_9Connector_5set_in_channel, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Connector_set_in_channel, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 68, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector, __pyx_mstate_global->__pyx_n_u_set_in_channel, __pyx_t_2) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/connector.pyx":75
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def set_out_channel(self, Channel channel, Flag flag):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_9Connector_7set_out_channel, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Connector_set_out_channel, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 75, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector, __pyx_mstate_global->__pyx_n_u_set_out_channel, __pyx_t_2) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/connector.pyx":82
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def set_in_fd(self, socket):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_9Connector_9set_in_fd, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Connector_set_in_fd, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector, __pyx_mstate_global->__pyx_n_u_set_in_fd, __pyx_t_2) < 0) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/connector.pyx":87
+ *             c_ssh.ssh_connector_set_in_fd(self._connector, _sock)
+ * 
+ *     def set_out_fd(self, socket):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_9Connector_11set_out_fd, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Connector_set_out_fd, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 87, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector, __pyx_mstate_global->__pyx_n_u_set_out_fd, __pyx_t_2) < 0) __PYX_ERR(0, 87, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_9Connector_13__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Connector___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_9Connector_15__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Connector___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __pyx_unpickle_Flag(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
+ *     cdef object __pyx_PickleError
+ *     cdef object __pyx_result
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_9connector_1__pyx_unpickle_Flag, 0, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Flag, NULL, __pyx_mstate_global->__pyx_n_u_ssh_connector, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Flag, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/connector.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.connector", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.connector");
   }
@@ -4443,12 +6598,277 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_CONNECTOR_BOTH, sizeof(__pyx_k_CONNECTOR_BOTH), 0, 1, 1}, /* PyObject cname: __pyx_n_u_CONNECTOR_BOTH */
+  {__pyx_k_CONNECTOR_STDERR, sizeof(__pyx_k_CONNECTOR_STDERR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_CONNECTOR_STDERR */
+  {__pyx_k_CONNECTOR_STDOUT, sizeof(__pyx_k_CONNECTOR_STDOUT), 0, 1, 1}, /* PyObject cname: __pyx_n_u_CONNECTOR_STDOUT */
+  {__pyx_k_Connector, sizeof(__pyx_k_Connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector */
+  {__pyx_k_Connector___reduce_cython, sizeof(__pyx_k_Connector___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector___reduce_cython */
+  {__pyx_k_Connector___setstate_cython, sizeof(__pyx_k_Connector___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector___setstate_cython */
+  {__pyx_k_Connector_set_in_channel, sizeof(__pyx_k_Connector_set_in_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector_set_in_channel */
+  {__pyx_k_Connector_set_in_fd, sizeof(__pyx_k_Connector_set_in_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector_set_in_fd */
+  {__pyx_k_Connector_set_out_channel, sizeof(__pyx_k_Connector_set_out_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector_set_out_channel */
+  {__pyx_k_Connector_set_out_fd, sizeof(__pyx_k_Connector_set_out_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Connector_set_out_fd */
+  {__pyx_k_Flag, sizeof(__pyx_k_Flag), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Flag */
+  {__pyx_k_Flag___reduce_cython, sizeof(__pyx_k_Flag___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Flag___reduce_cython */
+  {__pyx_k_Flag___setstate_cython, sizeof(__pyx_k_Flag___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Flag___setstate_cython */
+  {__pyx_k_Incompatible_checksums_0x_x_vs_0, sizeof(__pyx_k_Incompatible_checksums_0x_x_vs_0), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Incompatible_checksums_0x_x_vs_0 */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_PickleError, sizeof(__pyx_k_PickleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PickleError */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_channel, sizeof(__pyx_k_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_channel */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_dict, sizeof(__pyx_k_dict), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dict */
+  {__pyx_k_dict_2, sizeof(__pyx_k_dict_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dict_2 */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_flag, sizeof(__pyx_k_flag), 0, 1, 1}, /* PyObject cname: __pyx_n_u_flag */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_new, sizeof(__pyx_k_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_new */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_pickle, sizeof(__pyx_k_pickle), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pickle */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_PickleError, sizeof(__pyx_k_pyx_PickleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_PickleError */
+  {__pyx_k_pyx_checksum, sizeof(__pyx_k_pyx_checksum), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_checksum */
+  {__pyx_k_pyx_result, sizeof(__pyx_k_pyx_result), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_result */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_type, sizeof(__pyx_k_pyx_type), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_type */
+  {__pyx_k_pyx_unpickle_Flag, sizeof(__pyx_k_pyx_unpickle_Flag), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_unpickle_Flag */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_session, sizeof(__pyx_k_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_session */
+  {__pyx_k_set_in_channel, sizeof(__pyx_k_set_in_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_in_channel */
+  {__pyx_k_set_in_fd, sizeof(__pyx_k_set_in_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_in_fd */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_set_out_channel, sizeof(__pyx_k_set_out_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_out_channel */
+  {__pyx_k_set_out_fd, sizeof(__pyx_k_set_out_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_out_fd */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_sock, sizeof(__pyx_k_sock), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sock */
+  {__pyx_k_socket, sizeof(__pyx_k_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_socket */
+  {__pyx_k_ssh_connector, sizeof(__pyx_k_ssh_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_connector */
+  {__pyx_k_ssh_connector_pyx, sizeof(__pyx_k_ssh_connector_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_connector_pyx */
+  {__pyx_k_state, sizeof(__pyx_k_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_state */
+  {__pyx_k_str, sizeof(__pyx_k_str), 0, 1, 1}, /* PyObject cname: __pyx_n_u_str */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_update, sizeof(__pyx_k_update), 0, 1, 1}, /* PyObject cname: __pyx_n_u_update */
+  {__pyx_k_use_setstate, sizeof(__pyx_k_use_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_use_setstate */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "(tree fragment)":4
+ *     cdef object __pyx_PickleError
+ *     cdef object __pyx_result
+ *     if __pyx_checksum not in (0xe72667f, 0x5913c31, 0xdef5ff3):             # <<<<<<<<<<<<<<
+ *         from pickle import PickleError as __pyx_PickleError
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0xe72667f, 0x5913c31, 0xdef5ff3) = (_flag))" % __pyx_checksum
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(3, __pyx_mstate_global->__pyx_int_242378367, __pyx_mstate_global->__pyx_int_93404209, __pyx_mstate_global->__pyx_int_233791475); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(1, 4, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_93404209 = PyLong_FromLong(93404209L); if (unlikely(!__pyx_mstate->__pyx_int_93404209)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_233791475 = PyLong_FromLong(233791475L); if (unlikely(!__pyx_mstate->__pyx_int_233791475)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_242378367 = PyLong_FromLong(242378367L); if (unlikely(!__pyx_mstate->__pyx_int_242378367)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 3;
+            unsigned int flags : 10;
+            unsigned int first_line : 7;
+            unsigned int line_table_length : 11;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 87};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_state, __pyx_mstate->__pyx_n_u_dict_2, __pyx_mstate->__pyx_n_u_use_setstate};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_T_G1F_a_vWA_q_q_q_T_G1_T_A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 16, 11};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_6, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 68, 42};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_channel, __pyx_mstate->__pyx_n_u_flag, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_connector_pyx, __pyx_mstate->__pyx_n_u_set_in_channel, __pyx_k_A_31_M_4q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 75, 42};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_channel, __pyx_mstate->__pyx_n_u_flag, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_connector_pyx, __pyx_mstate->__pyx_n_u_set_out_channel, __pyx_k_A_4A_M_4q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 82, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_socket, __pyx_mstate->__pyx_n_u_sock};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_connector_pyx, __pyx_mstate->__pyx_n_u_set_in_fd, __pyx_k_A_Qa_m1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 87, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_socket, __pyx_mstate->__pyx_n_u_sock};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_connector_pyx, __pyx_mstate->__pyx_n_u_set_out_fd, __pyx_k_A_Qa_4_A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 75};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_pyx_type, __pyx_mstate->__pyx_n_u_pyx_checksum, __pyx_mstate->__pyx_n_u_pyx_state, __pyx_mstate->__pyx_n_u_pyx_PickleError, __pyx_mstate->__pyx_n_u_pyx_result};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_pyx_unpickle_Flag, __pyx_k_hk_A_1_pprrs_4xq_7_awnA_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -4468,81 +6888,608 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
 /* PyObjectGetAttrStr */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
     PyTypeObject* tp = Py_TYPE(obj);
     if (likely(tp->tp_getattro))
         return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
     return PyObject_GetAttr(obj, attr_name);
 }
 #endif
 
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
 /* GetBuiltinName */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
     }
     return result;
 }
 
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
 {
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
     }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
-    return 0;
 }
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
     } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-}
 #endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* PyObjectFastCallMethod */
+#if !CYTHON_VECTORCALL || PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf) {
+    PyObject *result;
+    PyObject *attr = PyObject_GetAttr(args[0], name);
+    if (unlikely(!attr))
+        return NULL;
+    result = __Pyx_PyObject_FastCall(attr, args+1, nargsf - 1);
+    Py_DECREF(attr);
+    return result;
+}
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* GetAttr3 */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static PyObject *__Pyx_GetAttr3Default(PyObject *d) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (unlikely(!__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        return NULL;
+    __Pyx_PyErr_Clear();
+    Py_INCREF(d);
+    return d;
+}
+#endif
+static CYTHON_INLINE PyObject *__Pyx_GetAttr3(PyObject *o, PyObject *n, PyObject *d) {
+    PyObject *r;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    int res = PyObject_GetOptionalAttr(o, n, &r);
+    return (res != 0) ? r : __Pyx_NewRef(d);
+#else
+  #if CYTHON_USE_TYPE_SLOTS
+    if (likely(PyUnicode_Check(n))) {
+        r = __Pyx_PyObject_GetAttrStrNoError(o, n);
+        if (unlikely(!r) && likely(!PyErr_Occurred())) {
+            r = __Pyx_NewRef(d);
+        }
+        return r;
+    }
+  #endif
+    r = PyObject_GetAttr(o, n);
+    return (likely(r)) ? r : __Pyx_GetAttr3Default(d);
+#endif
+}
+
+/* PyDictVersioning */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
+    PyObject **dictptr = NULL;
+    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
+    if (offset) {
+#if CYTHON_COMPILING_IN_CPYTHON
+        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+#else
+        dictptr = _PyObject_GetDictPtr(obj);
+#endif
+    }
+    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+}
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
+        return 0;
+    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+}
+#endif
+
+/* GetModuleGlobalName */
+#if CYTHON_USE_DICT_VERSIONS
+static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+#else
+static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+#endif
+{
+    PyObject *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
+        return NULL;
+    }
+    result = PyObject_GetAttr(__pyx_m, name);
+    if (likely(result)) {
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
+    }
+#else
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return __Pyx_NewRef(result);
+    }
+    PyErr_Clear();
+#endif
+    return __Pyx_GetBuiltinName(name);
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
 
 /* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
                                                PyObject *globals) {
     PyFrameObject *f;
     PyThreadState *tstate = __Pyx_PyThreadState_Current;
@@ -4570,15 +7517,12 @@ static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args
     --tstate->recursion_depth;
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
     PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
     PyObject *globals = PyFunction_GET_GLOBALS(func);
     PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
     PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
     PyObject *kwdefs;
-#endif
     PyObject *kwtuple, **k;
     PyObject **d;
     Py_ssize_t nd;
@@ -4586,13 +7530,11 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
     PyObject *result;
     assert(kwargs == NULL || PyDict_Check(kwargs));
     nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
         return NULL;
     }
     if (
-#if PY_MAJOR_VERSION >= 3
             co->co_kwonlyargcount == 0 &&
-#endif
             likely(kwargs == NULL || nk == 0) &&
             co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
         if (argdefs == NULL && co->co_argcount == nargs) {
@@ -4629,9 +7571,7 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         k = NULL;
     }
     closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
     kwdefs = PyFunction_GET_KW_DEFAULTS(func);
-#endif
     if (argdefs != NULL) {
         d = &PyTuple_GET_ITEM(argdefs, 0);
         nd = Py_SIZE(argdefs);
@@ -4640,24 +7580,16 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         d = NULL;
         nd = 0;
     }
-#if PY_MAJOR_VERSION >= 3
     result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
                                args, (int)nargs,
                                k, (int)nk,
                                d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
     Py_XDECREF(kwtuple);
 done:
     Py_LeaveRecursiveCall();
     return result;
 }
 #endif
-#endif
 
 /* PyObjectCall */
 #if CYTHON_COMPILING_IN_CPYTHON
@@ -4666,7 +7598,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
     ternaryfunc call = Py_TYPE(func)->tp_call;
     if (unlikely(!call))
         return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = (*call)(func, arg, kw);
     Py_LeaveRecursiveCall();
@@ -4684,9 +7616,9 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
     PyObject *self, *result;
     PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = cfunc(self, arg);
     Py_LeaveRecursiveCall();
@@ -4699,300 +7631,371 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject
 }
 #endif
 
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
     return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
     }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
 #endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
         }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
 }
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
     PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
     return result;
 }
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
 #endif
-
-/* PyObjectCallNoArg */
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
 #if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
-    }
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
 #endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
+#if CYTHON_COMPILING_IN_PYPY
 #else
-    if (likely(PyCFunction_Check(func)))
+    if (PyCFunction_Check(method))
 #endif
     {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
         }
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
-}
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
 #endif
+    target->method = result;
+    return 0;
+}
 
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
     }
-#endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
     }
-    return 0;
-}
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
-}
 #endif
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
 }
 #endif
-
-/* GetAttr */
-static CYTHON_INLINE PyObject *__Pyx_GetAttr(PyObject *o, PyObject *n) {
-#if CYTHON_USE_TYPE_SLOTS
-#if PY_MAJOR_VERSION >= 3
-    if (likely(PyUnicode_Check(n)))
-#else
-    if (likely(PyString_Check(n)))
-#endif
-        return __Pyx_PyObject_GetAttrStr(o, n);
-#endif
-    return PyObject_GetAttr(o, n);
-}
-
-/* GetAttr3 */
-static PyObject *__Pyx_GetAttr3Default(PyObject *d) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (unlikely(!__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        return NULL;
-    __Pyx_PyErr_Clear();
-    Py_INCREF(d);
-    return d;
-}
-static CYTHON_INLINE PyObject *__Pyx_GetAttr3(PyObject *o, PyObject *n, PyObject *d) {
-    PyObject *r = __Pyx_GetAttr(o, n);
-    return (likely(r)) ? r : __Pyx_GetAttr3Default(d);
-}
-
-/* PyDictVersioning */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
-}
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
-    PyObject **dictptr = NULL;
-    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
-    if (offset) {
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
 #if CYTHON_COMPILING_IN_CPYTHON
-        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
-#else
-        dictptr = _PyObject_GetDictPtr(obj);
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
 #endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
     }
-    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
-}
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
-        return 0;
-    return obj_dict_version == __Pyx_get_object_dict_version(obj);
 }
-#endif
 
-/* GetModuleGlobalName */
-#if CYTHON_USE_DICT_VERSIONS
-static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
-#else
-static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
-#endif
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
 {
-    PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
-        return NULL;
-    }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    }
-#endif
-#else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
     }
-    PyErr_Clear();
-#endif
-    return __Pyx_GetBuiltinName(name);
+    return 0;
+bad:
+    return -1;
 }
-
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
 {
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
         #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
         #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
 }
-
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
 {
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
         }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
         }
+        name++;
     }
     return 0;
 arg_passed_twice:
@@ -5002,99 +8005,258 @@ static int __Pyx_ParseOptionalKeywords(
     PyErr_Format(PyExc_TypeError,
         "%.200s() keywords must be strings", function_name);
     goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
 bad:
     return -1;
 }
-
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
 {
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
-    }
-    if (exact) {
-        more_or_less = "exactly";
-    }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
 }
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
         }
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
         if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
         }
+        name++;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
-}
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* RaiseUnexpectedTypeError */
+static int
+__Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj)
+{
+    __Pyx_TypeName obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError, "Expected %s, got " __Pyx_FMT_TYPENAME,
+                 expected, obj_type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
     PyObject* owned_instance = NULL;
     if (tb == Py_None) {
         tb = 0;
@@ -5178,13 +8340,9 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
     }
     PyErr_SetObject(type, value);
     if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
         PyThreadState *tstate = __Pyx_PyThreadState_Current;
         PyObject* tmp_tb = tstate->curexc_traceback;
         if (tb != tmp_tb) {
@@ -5192,76 +8350,47 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
             tstate->curexc_traceback = tb;
             Py_XDECREF(tmp_tb);
         }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
 #endif
     }
 bad:
     Py_XDECREF(owned_instance);
     return;
 }
-#endif
 
 /* Import */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
     PyObject *module = 0;
-    PyObject *global_dict = 0;
     PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
-    }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
+    PyObject *empty_list = 0;
     empty_dict = PyDict_New();
-    if (!empty_dict)
+    if (unlikely(!empty_dict))
         goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
-        }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
             module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
         }
+        level = 0;
+    }
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
     }
 bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
     Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
     return module;
 }
 
@@ -5269,362 +8398,2206 @@ static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
     PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
     if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u_);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
+        }
         #else
-            "cannot import name %S", name);
+        value = PyImport_GetModule(full_name);
         #endif
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
+    }
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
     }
     return value;
 }
 
-/* PyObjectCall2Args */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
-    PyObject *args, *result = NULL;
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyFunction_FastCall(function, args, 2);
+/* HasAttr */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static CYTHON_INLINE int __Pyx_HasAttr(PyObject *o, PyObject *n) {
+    PyObject *r;
+    if (unlikely(!PyUnicode_Check(n))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "hasattr(): attribute name must be string");
+        return -1;
+    }
+    r = __Pyx_PyObject_GetAttrStrNoError(o, n);
+    if (!r) {
+        return (unlikely(PyErr_Occurred())) ? -1 : 0;
+    } else {
+        Py_DECREF(r);
+        return 1;
     }
+}
+#endif
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
     #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyCFunction_FastCall(function, args, 2);
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
+#endif
+}
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
+}
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
     }
-    #endif
-    args = PyTuple_New(2);
-    if (unlikely(!args)) goto done;
-    Py_INCREF(arg1);
-    PyTuple_SET_ITEM(args, 0, arg1);
-    Py_INCREF(arg2);
-    PyTuple_SET_ITEM(args, 1, arg2);
-    Py_INCREF(function);
-    result = __Pyx_PyObject_Call(function, args, NULL);
-    Py_DECREF(args);
-    Py_DECREF(function);
-done:
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
     return result;
 }
-
-/* HasAttr */
-static CYTHON_INLINE int __Pyx_HasAttr(PyObject *o, PyObject *n) {
-    PyObject *r;
-    if (unlikely(!__Pyx_PyBaseString_Check(n))) {
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-                        "hasattr(): attribute name must be string");
+                        "__annotations__ must be set to a dict object");
         return -1;
     }
-    r = __Pyx_GetAttr(o, n);
-    if (unlikely(!r)) {
-        PyErr_Clear();
-        return 0;
-    } else {
-        Py_DECREF(r);
-        return 1;
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
     }
+    Py_INCREF(result);
+    return result;
 }
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
 #endif
-    return NULL;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
-    return descr;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
 }
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
-}
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
-    PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
-    }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
-    }
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
+    }
+#endif
+    return (PyObject *) op;
 }
-static int __Pyx_setup_reduce(PyObject* type_obj) {
-    int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
         }
-#endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
         }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
     return ret;
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return meth(self, args[0]);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
+    }
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -5633,11 +10606,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -5665,130 +10639,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -5819,7 +10859,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -5829,6 +10869,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -5852,8 +10893,40 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
         return (target_type) value;\
     }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_connector_flags_e(enum ssh_connector_flags_e value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_connector_flags_e(enum ssh_connector_flags_e value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5865,17 +10938,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_connector_flags_e(enum
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(enum ssh_connector_flags_e) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(enum ssh_connector_flags_e) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(enum ssh_connector_flags_e) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(enum ssh_connector_flags_e) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(enum ssh_connector_flags_e) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -5883,15 +10956,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_connector_flags_e(enum
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(enum ssh_connector_flags_e),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_connector_flags_e));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE enum ssh_connector_flags_e __Pyx_PyInt_As_enum__ssh_connector_flags_e(PyObject *x) {
+static CYTHON_INLINE enum ssh_connector_flags_e __Pyx_PyLong_As_enum__ssh_connector_flags_e(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5901,179 +11007,172 @@ static CYTHON_INLINE enum ssh_connector_flags_e __Pyx_PyInt_As_enum__ssh_connect
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(enum ssh_connector_flags_e) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (enum ssh_connector_flags_e) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        enum ssh_connector_flags_e val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (enum ssh_connector_flags_e) -1;
+        val = __Pyx_PyLong_As_enum__ssh_connector_flags_e(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (enum ssh_connector_flags_e) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(enum ssh_connector_flags_e) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) >= 2 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) (((((enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(enum ssh_connector_flags_e) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) >= 3 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) (((((((enum ssh_connector_flags_e)digits[2]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(enum ssh_connector_flags_e) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) >= 4 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) (((((((((enum ssh_connector_flags_e)digits[3]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[2]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (enum ssh_connector_flags_e) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (enum ssh_connector_flags_e) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(enum ssh_connector_flags_e) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(enum ssh_connector_flags_e) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(enum ssh_connector_flags_e) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(enum ssh_connector_flags_e) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (enum ssh_connector_flags_e) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 2 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) (((enum ssh_connector_flags_e)-1)*(((((enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(enum ssh_connector_flags_e) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 2 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) ((((((enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 3 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) (((enum ssh_connector_flags_e)-1)*(((((((enum ssh_connector_flags_e)digits[2]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(enum ssh_connector_flags_e) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 3 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) ((((((((enum ssh_connector_flags_e)digits[2]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 4 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) (((enum ssh_connector_flags_e)-1)*(((((((((enum ssh_connector_flags_e)digits[3]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[2]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(enum ssh_connector_flags_e) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_connector_flags_e) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_connector_flags_e, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_connector_flags_e) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_connector_flags_e) - 1 > 4 * PyLong_SHIFT)) {
                             return (enum ssh_connector_flags_e) ((((((((((enum ssh_connector_flags_e)digits[3]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[2]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[1]) << PyLong_SHIFT) | (enum ssh_connector_flags_e)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(enum ssh_connector_flags_e) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, long, PyLong_AsLong(x))
+        if ((sizeof(enum ssh_connector_flags_e) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(enum ssh_connector_flags_e) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(enum ssh_connector_flags_e) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_connector_flags_e, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
         }
-        {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            enum ssh_connector_flags_e val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
-                Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
-            }
+    }
+    {
+        enum ssh_connector_flags_e val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyErr_SetString(PyExc_RuntimeError,
+                        "_PyLong_AsByteArray() or PyLong_AsNativeBytes() not available, cannot convert large enums");
+        val = (enum ssh_connector_flags_e) -1;
 #endif
+        if (unlikely(ret))
             return (enum ssh_connector_flags_e) -1;
-        }
-    } else {
-        enum ssh_connector_flags_e val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (enum ssh_connector_flags_e) -1;
-        val = __Pyx_PyInt_As_enum__ssh_connector_flags_e(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -6087,7 +11186,7 @@ static CYTHON_INLINE enum ssh_connector_flags_e __Pyx_PyInt_As_enum__ssh_connect
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6097,179 +11196,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -6283,7 +11440,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6295,17 +11452,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -6313,15 +11470,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6333,17 +11523,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -6351,15 +11541,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
     }
+    goto done;
 }
+#endif
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6369,179 +11631,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -6558,7 +11878,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -6579,51 +11899,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -6654,65 +11961,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -6720,97 +12046,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -6822,25 +12284,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -6863,95 +12325,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -6990,33 +12423,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/connector.pxd b/ssh/connector.pxd
index 320a6ec6..3b175486 100644
--- a/ssh/connector.pxd
+++ b/ssh/connector.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from session cimport Session
+from .session cimport Session
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class Flag:
diff --git a/ssh/connector.pyx b/ssh/connector.pyx
index 03c4e561..cb095b6f 100644
--- a/ssh/connector.pyx
+++ b/ssh/connector.pyx
@@ -1,26 +1,27 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from cpython cimport PyObject_AsFileDescriptor
 
-from channel cimport Channel
-from session cimport Session
+from .channel cimport Channel
+from .session cimport Session
 
-from utils cimport handle_error_codes
-cimport c_ssh
+from .utils cimport handle_error_codes
+from . cimport c_ssh
 
 
 cdef class Flag:
diff --git a/ssh/error_codes.c b/ssh/error_codes.c
index f7ad8b6d..53b7bd26 100644
--- a/ssh/error_codes.c
+++ b/ssh/error_codes.c
@@ -1,22 +1,58 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.error_codes",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/error_codes.pyx"
+        ]
+    },
+    "module_name": "ssh.error_codes"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +71,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +79,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +104,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +325,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +408,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +428,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +452,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +531,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +570,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +649,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +666,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
+#else
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
+#endif
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +877,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,69 +908,193 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
+#else
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
+#endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
 #endif
 
+/* MathInitCode */
 #if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
+  #ifndef _USE_MATH_DEFINES
     #define _USE_MATH_DEFINES
   #endif
 #endif
@@ -725,12 +1114,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
-#define __PYX_ERR(f_index, lineno, Ln_error) \
-    { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
+#define __PYX_ERR(f_index, lineno, Ln_error) \
+    { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -753,12 +1160,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -793,140 +1196,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -938,26 +1330,200 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/error_codes.pyx",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -966,42 +1532,48 @@ static const char *__pyx_f[] = {
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1012,6 +1584,10 @@ static const char *__pyx_f[] = {
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1049,22 +1625,30 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP)  (VAR) = (LOOKUP);
 #endif
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
 #else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
 #endif
 
 /* PyThreadStateGet.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1076,7 +1660,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1092,136 +1676,259 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
 #else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
+
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.error_codes' */
+/* Module declarations from "ssh.c_ssh" */
+
+/* Module declarations from "ssh.error_codes" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.error_codes"
 extern int __pyx_module_is_main_ssh__error_codes;
 int __pyx_module_is_main_ssh__error_codes = 0;
 
-/* Implementation of 'ssh.error_codes' */
+/* Implementation of "ssh.error_codes" */
+/* #### Code section: global_var ### */
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
 static const char __pyx_k_test[] = "__test__";
 static const char __pyx_k_SSH_OK[] = "SSH_OK";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_SSH_EOF[] = "SSH_EOF";
+static const char __pyx_k_qualname[] = "__qualname__";
 static const char __pyx_k_SSH_AGAIN[] = "SSH_AGAIN";
 static const char __pyx_k_SSH_ERROR[] = "SSH_ERROR";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
-static PyObject *__pyx_n_s_SSH_AGAIN;
-static PyObject *__pyx_n_s_SSH_EOF;
-static PyObject *__pyx_n_s_SSH_ERROR;
-static PyObject *__pyx_n_s_SSH_OK;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_test;
-/* Late includes */
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_error_codes(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_error_codes},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "error_codes",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
-  #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
-  #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
+/* #### Code section: decls ### */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
 #ifndef CYTHON_SMALL_CODE
 #if defined(__clang__)
     #define CYTHON_SMALL_CODE
@@ -1232,143 +1939,316 @@ static struct PyModuleDef __pyx_moduledef = {
 #endif
 #endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_SSH_AGAIN, __pyx_k_SSH_AGAIN, sizeof(__pyx_k_SSH_AGAIN), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_EOF, __pyx_k_SSH_EOF, sizeof(__pyx_k_SSH_EOF), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_ERROR, __pyx_k_SSH_ERROR, sizeof(__pyx_k_SSH_ERROR), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_OK, __pyx_k_SSH_OK, sizeof(__pyx_k_SSH_OK), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  return 0;
-}
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyObject *__pyx_string_tab[11];
+/* #### Code section: module_state_contents ### */
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
 
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-  __Pyx_RefNannyFinishContext();
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_SSH_AGAIN __pyx_string_tab[1]
+#define __pyx_n_u_SSH_EOF __pyx_string_tab[2]
+#define __pyx_n_u_SSH_ERROR __pyx_string_tab[3]
+#define __pyx_n_u_SSH_OK __pyx_string_tab[4]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[5]
+#define __pyx_n_u_main __pyx_string_tab[6]
+#define __pyx_n_u_module __pyx_string_tab[7]
+#define __pyx_n_u_name __pyx_string_tab[8]
+#define __pyx_n_u_qualname __pyx_string_tab[9]
+#define __pyx_n_u_test __pyx_string_tab[10]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  for (int i=0; i<11; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
   return 0;
 }
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  for (int i=0; i<11; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
   return 0;
-  __pyx_L1_error:;
-  return -1;
 }
+#endif
+/* #### Code section: module_code ### */
+/* #### Code section: module_exttypes ### */
 
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
+};
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
 
-static int __Pyx_modinit_global_init_code(void) {
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
   /*--- Type init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_error_codes(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_error_codes},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "error_codes",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initerror_codes(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initerror_codes(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_error_codes(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_error_codes(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
-    if (main_interpreter_id == -1) {
-        main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
+    if (main_interpreter_id == -1) {
+        main_interpreter_id = current_id;
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -1376,7 +2256,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -1391,10 +2273,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -1417,9 +2302,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_error_codes(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1430,9 +2320,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_error_codes(PyObject *__pyx_pyinit
     PyErr_SetString(PyExc_RuntimeError, "Module 'error_codes' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "error_codes" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -1442,88 +2360,61 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_error_codes(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_error_codes", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("error_codes", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__error_codes) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.error_codes")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.error_codes", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.error_codes", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  (void)__Pyx_modinit_type_init_code();
-  (void)__Pyx_modinit_type_import_code();
-  (void)__Pyx_modinit_variable_import_code();
-  (void)__Pyx_modinit_function_import_code();
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_type_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_type_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_import_code(__pyx_mstate);
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/error_codes.pyx":20
  * 
@@ -1531,11 +2422,11 @@ if (!__Pyx_RefNanny) {
  * SSH_OK = c_ssh.SSH_OK             # <<<<<<<<<<<<<<
  * SSH_EOF = c_ssh.SSH_EOF
  * SSH_ERROR = c_ssh.SSH_ERROR
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_OK); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 20, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_OK, __pyx_t_1) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_OK); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 20, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_OK, __pyx_t_2) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/error_codes.pyx":21
  * 
@@ -1543,53 +2434,63 @@ if (!__Pyx_RefNanny) {
  * SSH_EOF = c_ssh.SSH_EOF             # <<<<<<<<<<<<<<
  * SSH_ERROR = c_ssh.SSH_ERROR
  * SSH_AGAIN = c_ssh.SSH_AGAIN
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_EOF); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 21, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_EOF, __pyx_t_1) < 0) __PYX_ERR(0, 21, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_EOF); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 21, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_EOF, __pyx_t_2) < 0) __PYX_ERR(0, 21, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/error_codes.pyx":22
  * SSH_OK = c_ssh.SSH_OK
  * SSH_EOF = c_ssh.SSH_EOF
  * SSH_ERROR = c_ssh.SSH_ERROR             # <<<<<<<<<<<<<<
  * SSH_AGAIN = c_ssh.SSH_AGAIN
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_ERROR); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_ERROR, __pyx_t_1) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_ERROR); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_ERROR, __pyx_t_2) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/error_codes.pyx":23
  * SSH_EOF = c_ssh.SSH_EOF
  * SSH_ERROR = c_ssh.SSH_ERROR
  * SSH_AGAIN = c_ssh.SSH_AGAIN             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_AGAIN); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 23, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AGAIN, __pyx_t_1) < 0) __PYX_ERR(0, 23, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_AGAIN); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 23, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AGAIN, __pyx_t_2) < 0) __PYX_ERR(0, 23, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/error_codes.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.error_codes", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.error_codes");
   }
@@ -1597,12 +2498,111 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 18 <= 65535
+    const unsigned short n;
+#elif 18 / 2 < INT_MAX
+    const unsigned int n;
+#elif 18 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_SSH_AGAIN, sizeof(__pyx_k_SSH_AGAIN), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AGAIN */
+  {__pyx_k_SSH_EOF, sizeof(__pyx_k_SSH_EOF), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_EOF */
+  {__pyx_k_SSH_ERROR, sizeof(__pyx_k_SSH_ERROR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_ERROR */
+  {__pyx_k_SSH_OK, sizeof(__pyx_k_SSH_OK), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_OK */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  return 0;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  return 0;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -1648,23 +2648,65 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
 #endif
-    return PyObject_GetAttr(obj, attr_name);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
 }
 #endif
 
 /* PyErrFetchRestore */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     tmp_type = tstate->curexc_type;
     tmp_value = tstate->curexc_value;
@@ -1675,41 +2717,105 @@ static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObjec
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+#endif
 }
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
     *type = tstate->curexc_type;
     *value = tstate->curexc_value;
     *tb = tstate->curexc_traceback;
     tstate->curexc_type = 0;
     tstate->curexc_value = 0;
     tstate->curexc_traceback = 0;
+#endif
 }
 #endif
 
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -1718,11 +2824,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -1750,130 +2857,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
     }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
-    }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -1904,7 +3077,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -1914,9 +3087,285 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -1928,17 +3377,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -1946,15 +3395,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
     }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
+    }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -1966,17 +3487,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -1984,10 +3505,43 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
@@ -2014,189 +3568,247 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
 #endif
-    const long neg_one = (long) -1, const_zero = (long) 0;
-#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
-#pragma GCC diagnostic pop
-#endif
-    const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
+    const long neg_one = (long) -1, const_zero = (long) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
 #endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    const int is_unsigned = neg_one > const_zero;
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -2210,7 +3822,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -2220,179 +3832,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -2409,7 +4079,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -2430,51 +4100,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -2505,109 +4162,132 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
         if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
-        } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
-        }
-        #else
-        if (t->is_unicode | t->is_str) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -2619,25 +4299,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -2660,95 +4340,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -2787,33 +4438,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/error_codes.pyx b/ssh/error_codes.pyx
index f39175a8..5fbbd5de 100644
--- a/ssh/error_codes.pyx
+++ b/ssh/error_codes.pyx
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 SSH_OK = c_ssh.SSH_OK
diff --git a/ssh/event.c b/ssh/event.c
index 329cc006..c400ee37 100644
--- a/ssh/event.c
+++ b/ssh/event.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.event",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/event.pyx"
+        ]
+    },
+    "module_name": "ssh.event"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,75 +911,199 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+  #define __Pyx_pyiter_sendfunc sendfunc
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
+#else
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
+#endif
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
 #else
 static CYTHON_INLINE float __PYX_NAN() {
   float value;
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -747,7 +1157,46 @@ static CYTHON_INLINE float __PYX_NAN() {
 #include "libssh/libssh.h"
 #include <string.h>
 #include <stdio.h>
+
+    #if PY_MAJOR_VERSION >= 3
+      #define __Pyx_PyFloat_FromString(obj)  PyFloat_FromString(obj)
+    #else
+      #define __Pyx_PyFloat_FromString(obj)  PyFloat_FromString(obj, NULL)
+    #endif
+    
+
+    #if PY_MAJOR_VERSION <= 2
+    #define PyDict_GetItemWithError _PyDict_GetItemWithError
+    #endif
+    
+
+    #if PY_VERSION_HEX < 0x030d0000
+    static CYTHON_INLINE int __Pyx_PyWeakref_GetRef(PyObject *ref, PyObject **pobj)
+    {
+        PyObject *obj = PyWeakref_GetObject(ref);
+        if (obj == NULL) {
+            // SystemError if ref is NULL
+            *pobj = NULL;
+            return -1;
+        }
+        if (obj == Py_None) {
+            *pobj = NULL;
+            return 0;
+        }
+        Py_INCREF(obj);
+        *pobj = obj;
+        return 1;
+    }
+    #else
+    #define __Pyx_PyWeakref_GetRef PyWeakref_GetRef
+    #endif
+    
 #include "pythread.h"
+
+    #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM < 0x07030600) && !defined(PyContextVar_Get)
+    #define PyContextVar_Get(var, d, v)         ((d) ?             ((void)(var), Py_INCREF(d), (v)[0] = (d), 0) :             ((v)[0] = NULL, 0)         )
+    #endif
+    
 #ifdef _OPENMP
 #include <omp.h>
 #endif /* _OPENMP */
@@ -756,12 +1205,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -796,140 +1241,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -941,30 +1375,177 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/event.pyx",
-  "stringsource",
+  "<stringsource>",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/contextvars.pxd",
   "ssh/session.pxd",
   "ssh/connector.pxd",
-  "env/lib/python3.9/site-packages/Cython/Includes/cpython/type.pxd",
-  "env/lib/python3.9/site-packages/Cython/Includes/cpython/bool.pxd",
-  "env/lib/python3.9/site-packages/Cython/Includes/cpython/complex.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/type.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/bool.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/complex.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -972,25 +1553,81 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
 struct __pyx_obj_3ssh_9connector_Flag;
 struct __pyx_obj_3ssh_9connector_Connector;
 struct __pyx_obj_3ssh_5event_Event;
+struct __pyx_opt_args_7cpython_11contextvars_get_value;
+struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default;
+
+/* "cpython/contextvars.pxd":116
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the default value of the context variable,
+*/
+struct __pyx_opt_args_7cpython_11contextvars_get_value {
+  int __pyx_n;
+  PyObject *default_value;
+};
+
+/* "cpython/contextvars.pxd":134
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value_no_default(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the provided default value if no such value was found.
+*/
+struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default {
+  int __pyx_n;
+  PyObject *default_value;
+};
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -1005,7 +1642,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class Flag:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector_flags_e _flag
  * 
- */
+*/
 struct __pyx_obj_3ssh_9connector_Flag {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_9connector_Flag *__pyx_vtab;
@@ -1019,7 +1656,7 @@ struct __pyx_obj_3ssh_9connector_Flag {
  * cdef class Connector:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector _connector
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_9connector_Connector {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtab;
@@ -1034,7 +1671,7 @@ struct __pyx_obj_3ssh_9connector_Connector {
  * cdef class Event:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_event _event
  *     cdef object _sock
- */
+*/
 struct __pyx_obj_3ssh_5event_Event {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_5event_Event *__pyx_vtab;
@@ -1052,7 +1689,7 @@ struct __pyx_obj_3ssh_5event_Event {
  * cdef class Flag:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector_flags_e _flag
  * 
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_9connector_Flag {
   struct __pyx_obj_3ssh_9connector_Flag *(*from_flag)(enum ssh_connector_flags_e);
@@ -1066,7 +1703,7 @@ static struct __pyx_vtabstruct_3ssh_9connector_Flag *__pyx_vtabptr_3ssh_9connect
  * cdef class Connector:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector _connector
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_9connector_Connector {
   struct __pyx_obj_3ssh_9connector_Connector *(*from_ptr)(ssh_connector, struct __pyx_obj_3ssh_7session_Session *);
@@ -1080,13 +1717,14 @@ static struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtabptr_3ssh_9co
  * cdef class Event:             # <<<<<<<<<<<<<<
  * 
  *     def __cinit__(self):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_5event_Event {
   struct __pyx_obj_3ssh_5event_Event *(*from_ptr)(ssh_event);
   int (*event_callback)(socket_t, int, void *);
 };
 static struct __pyx_vtabstruct_3ssh_5event_Event *__pyx_vtabptr_3ssh_5event_Event;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1095,42 +1733,48 @@ static struct __pyx_vtabstruct_3ssh_5event_Event *__pyx_vtabptr_3ssh_5event_Even
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1141,6 +1785,10 @@ static struct __pyx_vtabstruct_3ssh_5event_Event *__pyx_vtabptr_3ssh_5event_Even
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1152,6 +1800,57 @@ static struct __pyx_vtabstruct_3ssh_5event_Event *__pyx_vtabptr_3ssh_5event_Even
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1159,45 +1858,99 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
 
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
 #endif
 
 /* PyObjectCall.proto */
@@ -1212,39 +1965,15 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
-
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
-
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
 
 /* GetTopmostException.proto */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
 #endif
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
-#else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
-#endif
-
 /* SaveResetException.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_ExceptionSave(type, value, tb)  __Pyx__ExceptionSave(__pyx_tstate, type, value, tb)
@@ -1256,105 +1985,269 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
 #define __Pyx_ExceptionReset(type, value, tb)  PyErr_SetExcInfo(type, value, tb)
 #endif
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
 #else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
 #endif
-
-/* GetException.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_GetException(type, value, tb)  __Pyx__GetException(__pyx_tstate, type, value, tb)
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb);
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
 #endif
 
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
 #if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
 #else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
 #endif
-#else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
-#endif
-
-/* WriteUnraisableException.proto */
-static void __Pyx_WriteUnraisable(const char *name, int clineno,
-                                  int lineno, const char *filename,
-                                  int full_traceback, int nogil);
-
-/* RaiseDoubleKeywords.proto */
-static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
-
-/* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
 
 /* ArgTypeTest.proto */
 #define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
         __Pyx__ArgTypeTest(obj, type, name, exact))
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
 
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
 /* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
 
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -1383,222 +2276,359 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE short __Pyx_PyInt_As_short(PyObject *);
+static CYTHON_INLINE short __Pyx_PyLong_As_short(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
-
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4real_real(PyComplexObject *__pyx_v_self); /* proto*/
+#endif
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4imag_imag(PyComplexObject *__pyx_v_self); /* proto*/
+#endif
 static struct __pyx_obj_3ssh_5event_Event *__pyx_f_3ssh_5event_5Event_from_ptr(ssh_event __pyx_v__event); /* proto*/
 static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __pyx_v_fd, CYTHON_UNUSED int __pyx_v_revent, void *__pyx_v_userdata); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.connector' */
-static PyTypeObject *__pyx_ptype_3ssh_9connector_Flag = 0;
-static PyTypeObject *__pyx_ptype_3ssh_9connector_Connector = 0;
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'cpython.version' */
+/* Module declarations from "ssh.connector" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "cpython.version" */
 
-/* Module declarations from 'cpython.type' */
-static PyTypeObject *__pyx_ptype_7cpython_4type_type = 0;
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "cpython.type" */
 
-/* Module declarations from 'libc.stdio' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'cpython.object' */
+/* Module declarations from "libc.stdio" */
 
-/* Module declarations from 'cpython.ref' */
+/* Module declarations from "cpython.object" */
 
-/* Module declarations from 'cpython.exc' */
+/* Module declarations from "cpython.ref" */
 
-/* Module declarations from 'cpython.module' */
+/* Module declarations from "cpython.exc" */
 
-/* Module declarations from 'cpython.mem' */
+/* Module declarations from "cpython.module" */
 
-/* Module declarations from 'cpython.tuple' */
+/* Module declarations from "cpython.mem" */
 
-/* Module declarations from 'cpython.list' */
+/* Module declarations from "cpython.tuple" */
 
-/* Module declarations from 'cpython.sequence' */
+/* Module declarations from "cpython.list" */
 
-/* Module declarations from 'cpython.mapping' */
+/* Module declarations from "cpython.sequence" */
 
-/* Module declarations from 'cpython.iterator' */
+/* Module declarations from "cpython.mapping" */
 
-/* Module declarations from 'cpython.number' */
+/* Module declarations from "cpython.iterator" */
 
-/* Module declarations from 'cpython.int' */
+/* Module declarations from "cpython.number" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'cpython.bool' */
-static PyTypeObject *__pyx_ptype_7cpython_4bool_bool = 0;
+/* Module declarations from "cpython.bool" */
 
-/* Module declarations from 'cpython.long' */
+/* Module declarations from "cpython.long" */
 
-/* Module declarations from 'cpython.float' */
+/* Module declarations from "cpython.float" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "cython" */
 
-/* Module declarations from 'cpython.complex' */
-static PyTypeObject *__pyx_ptype_7cpython_7complex_complex = 0;
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'cpython.string' */
+/* Module declarations from "cpython.complex" */
 
-/* Module declarations from 'cpython.unicode' */
+/* Module declarations from "cpython.unicode" */
 
-/* Module declarations from 'cpython.dict' */
+/* Module declarations from "cpython.pyport" */
 
-/* Module declarations from 'cpython.instance' */
+/* Module declarations from "cpython.dict" */
 
-/* Module declarations from 'cpython.function' */
+/* Module declarations from "cpython.instance" */
 
-/* Module declarations from 'cpython.method' */
+/* Module declarations from "cpython.function" */
 
-/* Module declarations from 'cpython.weakref' */
+/* Module declarations from "cpython.method" */
 
-/* Module declarations from 'cpython.getargs' */
+/* Module declarations from "cpython.weakref" */
 
-/* Module declarations from 'cpython.pythread' */
+/* Module declarations from "cpython.getargs" */
 
-/* Module declarations from 'cpython.pystate' */
+/* Module declarations from "cpython.pythread" */
 
-/* Module declarations from 'cpython.cobject' */
+/* Module declarations from "cpython.pystate" */
 
-/* Module declarations from 'cpython.oldbuffer' */
+/* Module declarations from "cpython.set" */
 
-/* Module declarations from 'cpython.set' */
+/* Module declarations from "cpython.buffer" */
 
-/* Module declarations from 'cpython.buffer' */
+/* Module declarations from "cpython.bytes" */
 
-/* Module declarations from 'cpython.bytes' */
+/* Module declarations from "cpython.pycapsule" */
 
-/* Module declarations from 'cpython.pycapsule' */
+/* Module declarations from "cpython.contextvars" */
 
-/* Module declarations from 'cpython' */
+/* Module declarations from "cpython" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.event' */
-static PyTypeObject *__pyx_ptype_3ssh_5event_Event = 0;
+/* Module declarations from "ssh.event" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.event"
 extern int __pyx_module_is_main_ssh__event;
 int __pyx_module_is_main_ssh__event = 0;
 
-/* Implementation of 'ssh.event' */
+/* Implementation of "ssh.event" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k_cb[] = "cb";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_cb_2[] = "_cb";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_sock[] = "sock";
 static const char __pyx_k_test[] = "__test__";
 static const char __pyx_k_Event[] = "Event";
+static const char __pyx_k_add_fd[] = "add_fd";
+static const char __pyx_k_dopoll[] = "dopoll";
+static const char __pyx_k_enable[] = "enable";
 static const char __pyx_k_events[] = "events";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_sock_2[] = "_sock";
+static const char __pyx_k_socket[] = "socket";
+static const char __pyx_k_disable[] = "disable";
+static const char __pyx_k_session[] = "session";
+static const char __pyx_k_timeout[] = "timeout";
+static const char __pyx_k_A_q_IQ_q[] = "\200A\340\r\016\330\014\026\320\026'\240q\250\004\250I\260Q\330\010\017\210q";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_callback[] = "callback";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_connector[] = "connector";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_remove_fd[] = "remove_fd";
+static const char __pyx_k_ssh_event[] = "ssh.event";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_add_session[] = "add_session";
+static const char __pyx_k_A_Qa_4y_3c_q[] = "\200A\330\010$\320$=\270Q\270a\340\r\016\330\014\026\320\026*\250!\2504\250y\270\001\330\010\013\2103\210c\220\021\330\014\020\220\t\230\021\330\010\017\210q";
+static const char __pyx_k_Event_add_fd[] = "Event.add_fd";
+static const char __pyx_k_Event_dopoll[] = "Event.dopoll";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_A_AT_4wa_Kq_q[] = "\200A\340\r\016\330\014\026\320\026,\250A\250T\260\031\270'\300\021\330\010\032\230!\2304\230w\240a\330\010\014\210K\220q\330\010\017\210q";
+static const char __pyx_k_add_connector[] = "add_connector";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_ssh_event_pyx[] = "ssh/event.pyx";
+static const char __pyx_k_remove_session[] = "remove_session";
+static const char __pyx_k_Event_remove_fd[] = "Event.remove_fd";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_A_1_IYa_3c_Q_ixq[] = "\200A\340\r\016\330\014\026\320\0261\260\021\330\020\024\220I\230Y\240a\330\010\013\2103\210c\220\021\330\014\020\220\r\230Q\330\010\017\320\017!\240\021\240$\240i\250x\260q";
+static const char __pyx_k_A_a_IYa_3c_Q_ixq[] = "\200A\340\r\016\330\014\026\320\026.\250a\330\020\024\220I\230Y\240a\330\010\013\2103\210c\220\021\330\014\020\220\r\230Q\330\010\017\320\017!\240\021\240$\240i\250x\260q";
+static const char __pyx_k_A_q_IWA_4wa_Kq_q[] = "\200A\340\r\016\330\014\026\320\026/\250q\260\004\260I\270W\300A\330\010\032\230!\2304\230w\240a\330\010\014\210K\220q\330\010\017\210q";
+static const char __pyx_k_remove_connector[] = "remove_connector";
+static const char __pyx_k_Event_add_session[] = "Event.add_session";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_Event_add_connector[] = "Event.add_connector";
+static const char __pyx_k_2_Qa_fA_Zxq_1_A_3c_q[] = "\320\0042\260!\330\010$\320$=\270Q\270a\330\010\t\330\014&\240f\250A\340\010\031\230\030\240\031\250#\250Z\260x\270q\330\010\022\320\022#\2401\330\014\020\220\t\230\027\240\010\250\004\250A\330\010\013\2103\210c\220\021\330\014\020\220\t\230\021\330\010\017\210q";
+static const char __pyx_k_Event_remove_session[] = "Event.remove_session";
+static const char __pyx_k_Event___reduce_cython[] = "Event.__reduce_cython__";
+static const char __pyx_k_Event_remove_connector[] = "Event.remove_connector";
+static const char __pyx_k_Event___setstate_cython[] = "Event.__setstate_cython__";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_Event;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_callback;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_events;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_sock;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Event *__pyx_v_self); /* proto */
 static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5event_Event *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_5event_5Event_6socket___get__(struct __pyx_obj_3ssh_5event_Event *__pyx_v_self); /* proto */
@@ -1614,9 +2644,537 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_9connector___get__(struct __pyx_obj
 static PyObject *__pyx_pf_3ssh_5event_5Event_18__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_5event_Event *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_5event_5Event_20__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_5event_Event *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_5event_Event(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_3ssh_9connector_Flag;
+  PyTypeObject *__pyx_ptype_3ssh_9connector_Connector;
+  PyTypeObject *__pyx_ptype_7cpython_4type_type;
+  PyTypeObject *__pyx_ptype_7cpython_4bool_bool;
+  PyTypeObject *__pyx_ptype_7cpython_7complex_complex;
+  PyObject *__pyx_type_3ssh_5event_Event;
+  PyTypeObject *__pyx_ptype_3ssh_5event_Event;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[1];
+  PyObject *__pyx_codeobj_tab[9];
+  PyObject *__pyx_string_tab[61];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_Event __pyx_string_tab[1]
+#define __pyx_n_u_Event___reduce_cython __pyx_string_tab[2]
+#define __pyx_n_u_Event___setstate_cython __pyx_string_tab[3]
+#define __pyx_n_u_Event_add_connector __pyx_string_tab[4]
+#define __pyx_n_u_Event_add_fd __pyx_string_tab[5]
+#define __pyx_n_u_Event_add_session __pyx_string_tab[6]
+#define __pyx_n_u_Event_dopoll __pyx_string_tab[7]
+#define __pyx_n_u_Event_remove_connector __pyx_string_tab[8]
+#define __pyx_n_u_Event_remove_fd __pyx_string_tab[9]
+#define __pyx_n_u_Event_remove_session __pyx_string_tab[10]
+#define __pyx_n_u_MemoryError __pyx_string_tab[11]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[12]
+#define __pyx_n_u_TypeError __pyx_string_tab[13]
+#define __pyx_n_u_add_connector __pyx_string_tab[14]
+#define __pyx_n_u_add_fd __pyx_string_tab[15]
+#define __pyx_kp_u_add_note __pyx_string_tab[16]
+#define __pyx_n_u_add_session __pyx_string_tab[17]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[18]
+#define __pyx_n_u_callback __pyx_string_tab[19]
+#define __pyx_n_u_cb __pyx_string_tab[20]
+#define __pyx_n_u_cb_2 __pyx_string_tab[21]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[22]
+#define __pyx_n_u_connector __pyx_string_tab[23]
+#define __pyx_kp_u_disable __pyx_string_tab[24]
+#define __pyx_n_u_dopoll __pyx_string_tab[25]
+#define __pyx_kp_u_enable __pyx_string_tab[26]
+#define __pyx_n_u_events __pyx_string_tab[27]
+#define __pyx_n_u_func __pyx_string_tab[28]
+#define __pyx_kp_u_gc __pyx_string_tab[29]
+#define __pyx_n_u_getstate __pyx_string_tab[30]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[31]
+#define __pyx_kp_u_isenabled __pyx_string_tab[32]
+#define __pyx_n_u_main __pyx_string_tab[33]
+#define __pyx_n_u_module __pyx_string_tab[34]
+#define __pyx_n_u_name __pyx_string_tab[35]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[36]
+#define __pyx_n_u_pop __pyx_string_tab[37]
+#define __pyx_n_u_pyx_state __pyx_string_tab[38]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[39]
+#define __pyx_n_u_qualname __pyx_string_tab[40]
+#define __pyx_n_u_rc __pyx_string_tab[41]
+#define __pyx_n_u_reduce __pyx_string_tab[42]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[43]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[44]
+#define __pyx_n_u_remove_connector __pyx_string_tab[45]
+#define __pyx_n_u_remove_fd __pyx_string_tab[46]
+#define __pyx_n_u_remove_session __pyx_string_tab[47]
+#define __pyx_n_u_self __pyx_string_tab[48]
+#define __pyx_n_u_session __pyx_string_tab[49]
+#define __pyx_n_u_set_name __pyx_string_tab[50]
+#define __pyx_n_u_setstate __pyx_string_tab[51]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[52]
+#define __pyx_n_u_sock __pyx_string_tab[53]
+#define __pyx_n_u_sock_2 __pyx_string_tab[54]
+#define __pyx_n_u_socket __pyx_string_tab[55]
+#define __pyx_n_u_ssh_event __pyx_string_tab[56]
+#define __pyx_kp_u_ssh_event_pyx __pyx_string_tab[57]
+#define __pyx_kp_u_stringsource __pyx_string_tab[58]
+#define __pyx_n_u_test __pyx_string_tab[59]
+#define __pyx_n_u_timeout __pyx_string_tab[60]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9connector_Flag);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9connector_Connector);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_4type_type);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_4bool_bool);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_7complex_complex);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_5event_Event);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_5event_Event);
+  for (int i=0; i<1; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<9; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<61; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9connector_Flag);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9connector_Connector);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_4type_type);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_4bool_bool);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_7complex_complex);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_5event_Event);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_5event_Event);
+  for (int i=0; i<1; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<9; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<61; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
+
+/* "cpython/complex.pxd":20
+ * 
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4real_real(PyComplexObject *__pyx_v_self) {
+  double __pyx_r;
+
+  /* "cpython/complex.pxd":23
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+ *             return self.cval.real             # <<<<<<<<<<<<<<
+ * 
+ *         # unavailable in limited API
+*/
+  __pyx_r = __pyx_v_self->cval.real;
+  goto __pyx_L0;
+
+  /* "cpython/complex.pxd":20
+ * 
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+*/
+
+  /* function exit code */
+  __pyx_L0:;
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "cpython/complex.pxd":26
+ * 
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4imag_imag(PyComplexObject *__pyx_v_self) {
+  double __pyx_r;
+
+  /* "cpython/complex.pxd":29
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+ *             return self.cval.imag             # <<<<<<<<<<<<<<
+ * 
+ *     # PyTypeObject PyComplex_Type
+*/
+  __pyx_r = __pyx_v_self->cval.imag;
+  goto __pyx_L0;
+
+  /* "cpython/complex.pxd":26
+ * 
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+*/
+
+  /* function exit code */
+  __pyx_L0:;
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "cpython/contextvars.pxd":115
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE PyObject *__pyx_f_7cpython_11contextvars_get_value(PyObject *__pyx_v_var, struct __pyx_opt_args_7cpython_11contextvars_get_value *__pyx_optional_args) {
+
+  /* "cpython/contextvars.pxd":116
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the default value of the context variable,
+*/
+  PyObject *__pyx_v_default_value = ((PyObject *)Py_None);
+  PyObject *__pyx_v_value;
+  PyObject *__pyx_v_pyvalue = NULL;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("get_value", 0);
+  if (__pyx_optional_args) {
+    if (__pyx_optional_args->__pyx_n > 0) {
+      __pyx_v_default_value = __pyx_optional_args->default_value;
+    }
+  }
+
+  /* "cpython/contextvars.pxd":121
+ *     or None if no such value or default was found.
+ *     """
+ *     cdef PyObject *value = NULL             # <<<<<<<<<<<<<<
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:
+*/
+  __pyx_v_value = NULL;
+
+  /* "cpython/contextvars.pxd":122
+ *     """
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)             # <<<<<<<<<<<<<<
+ *     if value is NULL:
+ *         # context variable does not have a default
+*/
+  __pyx_t_1 = PyContextVar_Get(__pyx_v_var, NULL, (&__pyx_v_value)); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(2, 122, __pyx_L1_error)
+
+  /* "cpython/contextvars.pxd":123
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:             # <<<<<<<<<<<<<<
+ *         # context variable does not have a default
+ *         pyvalue = default_value
+*/
+  __pyx_t_2 = (__pyx_v_value == NULL);
+  if (__pyx_t_2) {
+
+    /* "cpython/contextvars.pxd":125
+ *     if value is NULL:
+ *         # context variable does not have a default
+ *         pyvalue = default_value             # <<<<<<<<<<<<<<
+ *     else:
+ *         # value or default value of context variable
+*/
+    __Pyx_INCREF(__pyx_v_default_value);
+    __pyx_v_pyvalue = __pyx_v_default_value;
+
+    /* "cpython/contextvars.pxd":123
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:             # <<<<<<<<<<<<<<
+ *         # context variable does not have a default
+ *         pyvalue = default_value
+*/
+    goto __pyx_L3;
+  }
+
+  /* "cpython/contextvars.pxd":128
+ *     else:
+ *         # value or default value of context variable
+ *         pyvalue = <object>value             # <<<<<<<<<<<<<<
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue
+*/
+  /*else*/ {
+    __pyx_t_3 = ((PyObject *)__pyx_v_value);
+    __Pyx_INCREF(__pyx_t_3);
+    __pyx_v_pyvalue = __pyx_t_3;
+    __pyx_t_3 = 0;
+
+    /* "cpython/contextvars.pxd":129
+ *         # value or default value of context variable
+ *         pyvalue = <object>value
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'             # <<<<<<<<<<<<<<
+ *     return pyvalue
+ * 
+*/
+    Py_XDECREF(__pyx_v_value);
+  }
+  __pyx_L3:;
+
+  /* "cpython/contextvars.pxd":130
+ *         pyvalue = <object>value
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue             # <<<<<<<<<<<<<<
+ * 
+ * 
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __Pyx_INCREF(__pyx_v_pyvalue);
+  __pyx_r = __pyx_v_pyvalue;
+  goto __pyx_L0;
+
+  /* "cpython/contextvars.pxd":115
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_AddTraceback("cpython.contextvars.get_value", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_pyvalue);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "cpython/contextvars.pxd":133
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value_no_default(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE PyObject *__pyx_f_7cpython_11contextvars_get_value_no_default(PyObject *__pyx_v_var, struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default *__pyx_optional_args) {
+
+  /* "cpython/contextvars.pxd":134
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value_no_default(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the provided default value if no such value was found.
+*/
+  PyObject *__pyx_v_default_value = ((PyObject *)Py_None);
+  PyObject *__pyx_v_value;
+  PyObject *__pyx_v_pyvalue = NULL;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  PyObject *__pyx_t_2 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("get_value_no_default", 0);
+  if (__pyx_optional_args) {
+    if (__pyx_optional_args->__pyx_n > 0) {
+      __pyx_v_default_value = __pyx_optional_args->default_value;
+    }
+  }
+
+  /* "cpython/contextvars.pxd":140
+ *     Ignores the default value of the context variable, if any.
+ *     """
+ *     cdef PyObject *value = NULL             # <<<<<<<<<<<<<<
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)
+ *     # value of context variable or 'default_value'
+*/
+  __pyx_v_value = NULL;
+
+  /* "cpython/contextvars.pxd":141
+ *     """
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)             # <<<<<<<<<<<<<<
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value
+*/
+  __pyx_t_1 = PyContextVar_Get(__pyx_v_var, ((PyObject *)__pyx_v_default_value), (&__pyx_v_value)); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(2, 141, __pyx_L1_error)
+
+  /* "cpython/contextvars.pxd":143
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value             # <<<<<<<<<<<<<<
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_value);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_v_pyvalue = __pyx_t_2;
+  __pyx_t_2 = 0;
+
+  /* "cpython/contextvars.pxd":144
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'             # <<<<<<<<<<<<<<
+ *     return pyvalue
+*/
+  Py_XDECREF(__pyx_v_value);
+
+  /* "cpython/contextvars.pxd":145
+ *     pyvalue = <object>value
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue             # <<<<<<<<<<<<<<
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __Pyx_INCREF(__pyx_v_pyvalue);
+  __pyx_r = __pyx_v_pyvalue;
+  goto __pyx_L0;
+
+  /* "cpython/contextvars.pxd":133
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value_no_default(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_AddTraceback("cpython.contextvars.get_value_no_default", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_pyvalue);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
 
 /* "ssh/event.pyx":29
  * cdef class Event:
@@ -1624,17 +3182,26 @@ static PyObject *__pyx_tuple__2;
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._event = c_ssh.ssh_event_new()
  *         if self._event is NULL:
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_5event_5Event_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_5event_5Event_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_5event_5Event___cinit__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self));
 
   /* function exit code */
@@ -1644,12 +3211,10 @@ static int __pyx_pw_3ssh_5event_5Event_1__cinit__(PyObject *__pyx_v_self, PyObje
 
 static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Event *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/event.pyx":30
  * 
@@ -1657,7 +3222,7 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
  *         self._event = c_ssh.ssh_event_new()             # <<<<<<<<<<<<<<
  *         if self._event is NULL:
  *             raise MemoryError
- */
+*/
   __pyx_v_self->_event = ssh_event_new();
 
   /* "ssh/event.pyx":31
@@ -1666,8 +3231,8 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
  *         if self._event is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  * 
- */
-  __pyx_t_1 = ((__pyx_v_self->_event == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_event == NULL);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/event.pyx":32
@@ -1676,7 +3241,7 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
  *             raise MemoryError             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
+*/
     PyErr_NoMemory(); __PYX_ERR(0, 32, __pyx_L1_error)
 
     /* "ssh/event.pyx":31
@@ -1685,7 +3250,7 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
  *         if self._event is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  * 
- */
+*/
   }
 
   /* "ssh/event.pyx":29
@@ -1694,7 +3259,7 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._event = c_ssh.ssh_event_new()
  *         if self._event is NULL:
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
@@ -1703,7 +3268,6 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
   __Pyx_AddTraceback("ssh.event.Event.__cinit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = -1;
   __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
@@ -1713,13 +3277,15 @@ static int __pyx_pf_3ssh_5event_5Event___cinit__(struct __pyx_obj_3ssh_5event_Ev
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._event is not NULL:
  *             c_ssh.ssh_event_free(self._event)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_5event_5Event_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_5event_5Event_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_5event_5Event_2__dealloc__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self));
 
   /* function exit code */
@@ -1727,9 +3293,7 @@ static void __pyx_pw_3ssh_5event_5Event_3__dealloc__(PyObject *__pyx_v_self) {
 }
 
 static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5event_Event *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/event.pyx":35
  * 
@@ -1737,8 +3301,8 @@ static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5even
  *         if self._event is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_event_free(self._event)
  *             self._event = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_event != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_event != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/event.pyx":36
@@ -1747,7 +3311,7 @@ static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5even
  *             c_ssh.ssh_event_free(self._event)             # <<<<<<<<<<<<<<
  *             self._event = NULL
  * 
- */
+*/
     ssh_event_free(__pyx_v_self->_event);
 
     /* "ssh/event.pyx":37
@@ -1756,7 +3320,7 @@ static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5even
  *             self._event = NULL             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
     __pyx_v_self->_event = NULL;
 
     /* "ssh/event.pyx":35
@@ -1765,7 +3329,7 @@ static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5even
  *         if self._event is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_event_free(self._event)
  *             self._event = NULL
- */
+*/
   }
 
   /* "ssh/event.pyx":34
@@ -1774,26 +3338,27 @@ static void __pyx_pf_3ssh_5event_5Event_2__dealloc__(struct __pyx_obj_3ssh_5even
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._event is not NULL:
  *             c_ssh.ssh_event_free(self._event)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/event.pyx":40
+/* "ssh/event.pyx":39
+ *             self._event = NULL
  * 
- *     @property
- *     def socket(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def socket(self):
  *         return self._sock
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_5event_5Event_6socket_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_5event_5Event_6socket_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_5event_5Event_6socket___get__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self));
 
   /* function exit code */
@@ -1812,19 +3377,19 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6socket___get__(struct __pyx_obj_3s
  *         return self._sock             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_self->_sock);
   __pyx_r = __pyx_v_self->_sock;
   goto __pyx_L0;
 
-  /* "ssh/event.pyx":40
+  /* "ssh/event.pyx":39
+ *             self._event = NULL
  * 
- *     @property
- *     def socket(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def socket(self):
  *         return self._sock
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -1833,13 +3398,13 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6socket___get__(struct __pyx_obj_3s
   return __pyx_r;
 }
 
-/* "ssh/event.pyx":44
+/* "ssh/event.pyx":43
+ *         return self._sock
  * 
- *     @staticmethod
- *     cdef Event from_ptr(c_ssh.ssh_event _event):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Event from_ptr(c_ssh.ssh_event _event):
  *         cdef Event event = Event.__new__(Event)
- *         event._event = _event
- */
+*/
 
 static struct __pyx_obj_3ssh_5event_Event *__pyx_f_3ssh_5event_5Event_from_ptr(ssh_event __pyx_v__event) {
   struct __pyx_obj_3ssh_5event_Event *__pyx_v_event = 0;
@@ -1857,9 +3422,9 @@ static struct __pyx_obj_3ssh_5event_Event *__pyx_f_3ssh_5event_5Event_from_ptr(s
  *         cdef Event event = Event.__new__(Event)             # <<<<<<<<<<<<<<
  *         event._event = _event
  *         return event
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_5event_Event(((PyTypeObject *)__pyx_ptype_3ssh_5event_Event), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_5event_Event(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v_event = ((struct __pyx_obj_3ssh_5event_Event *)__pyx_t_1);
   __pyx_t_1 = 0;
 
@@ -1869,7 +3434,7 @@ static struct __pyx_obj_3ssh_5event_Event *__pyx_f_3ssh_5event_5Event_from_ptr(s
  *         event._event = _event             # <<<<<<<<<<<<<<
  *         return event
  * 
- */
+*/
   __pyx_v_event->_event = __pyx_v__event;
 
   /* "ssh/event.pyx":47
@@ -1878,19 +3443,19 @@ static struct __pyx_obj_3ssh_5event_Event *__pyx_f_3ssh_5event_5Event_from_ptr(s
  *         return event             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v_event));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v_event);
   __pyx_r = __pyx_v_event;
   goto __pyx_L0;
 
-  /* "ssh/event.pyx":44
+  /* "ssh/event.pyx":43
+ *         return self._sock
  * 
- *     @staticmethod
- *     cdef Event from_ptr(c_ssh.ssh_event _event):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Event from_ptr(c_ssh.ssh_event _event):
  *         cdef Event event = Event.__new__(Event)
- *         event._event = _event
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1904,13 +3469,13 @@ static struct __pyx_obj_3ssh_5event_Event *__pyx_f_3ssh_5event_5Event_from_ptr(s
   return __pyx_r;
 }
 
-/* "ssh/event.pyx":50
+/* "ssh/event.pyx":49
+ *         return event
  * 
- *     @staticmethod
- *     cdef int event_callback(c_ssh.socket_t fd, int revent, void *userdata):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef int event_callback(c_ssh.socket_t fd, int revent, void *userdata):
  *         try:
- *             func = <object>userdata
- */
+*/
 
 static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __pyx_v_fd, CYTHON_UNUSED int __pyx_v_revent, void *__pyx_v_userdata) {
   PyObject *__pyx_v_func = NULL;
@@ -1922,7 +3487,8 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
-  int __pyx_t_7;
+  size_t __pyx_t_7;
+  int __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1934,7 +3500,7 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *         try:             # <<<<<<<<<<<<<<
  *             func = <object>userdata
  *             return func()
- */
+*/
   {
     __Pyx_PyThreadState_declare
     __Pyx_PyThreadState_assign
@@ -1950,7 +3516,7 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *             func = <object>userdata             # <<<<<<<<<<<<<<
  *             return func()
  *         except Exception:
- */
+*/
       __pyx_t_4 = ((PyObject *)__pyx_v_userdata);
       __Pyx_INCREF(__pyx_t_4);
       __pyx_v_func = __pyx_t_4;
@@ -1962,26 +3528,33 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *             return func()             # <<<<<<<<<<<<<<
  *         except Exception:
  *             # TODO - pass back exception
- */
+*/
+      __pyx_t_5 = NULL;
       __Pyx_INCREF(__pyx_v_func);
-      __pyx_t_5 = __pyx_v_func; __pyx_t_6 = NULL;
-      if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_5))) {
-        __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_5);
-        if (likely(__pyx_t_6)) {
-          PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_5);
-          __Pyx_INCREF(__pyx_t_6);
-          __Pyx_INCREF(function);
-          __Pyx_DECREF_SET(__pyx_t_5, function);
-        }
+      __pyx_t_6 = __pyx_v_func; 
+      __pyx_t_7 = 1;
+      #if CYTHON_UNPACK_METHODS
+      if (unlikely(PyMethod_Check(__pyx_t_6))) {
+        __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_6);
+        assert(__pyx_t_5);
+        PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_6);
+        __Pyx_INCREF(__pyx_t_5);
+        __Pyx_INCREF(__pyx__function);
+        __Pyx_DECREF_SET(__pyx_t_6, __pyx__function);
+        __pyx_t_7 = 0;
+      }
+      #endif
+      {
+        PyObject *__pyx_callargs[2] = {__pyx_t_5, NULL};
+        __pyx_t_4 = __Pyx_PyObject_FastCall(__pyx_t_6, __pyx_callargs+__pyx_t_7, (1-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+        __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+        __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+        if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 53, __pyx_L3_error)
+        __Pyx_GOTREF(__pyx_t_4);
       }
-      __pyx_t_4 = (__pyx_t_6) ? __Pyx_PyObject_CallOneArg(__pyx_t_5, __pyx_t_6) : __Pyx_PyObject_CallNoArg(__pyx_t_5);
-      __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-      if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 53, __pyx_L3_error)
-      __Pyx_GOTREF(__pyx_t_4);
-      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-      __pyx_t_7 = __Pyx_PyInt_As_int(__pyx_t_4); if (unlikely((__pyx_t_7 == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 53, __pyx_L3_error)
+      __pyx_t_8 = __Pyx_PyLong_As_int(__pyx_t_4); if (unlikely((__pyx_t_8 == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 53, __pyx_L3_error)
       __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-      __pyx_r = __pyx_t_7;
+      __pyx_r = __pyx_t_8;
       goto __pyx_L7_try_return;
 
       /* "ssh/event.pyx":51
@@ -1990,7 +3563,7 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *         try:             # <<<<<<<<<<<<<<
  *             func = <object>userdata
  *             return func()
- */
+*/
     }
     __pyx_L3_error:;
     __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
@@ -2003,14 +3576,10 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *         except Exception:             # <<<<<<<<<<<<<<
  *             # TODO - pass back exception
  *             return -1
- */
-    __pyx_t_7 = __Pyx_PyErr_ExceptionMatches(((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-    if (__pyx_t_7) {
-      __Pyx_AddTraceback("ssh.event.Event.event_callback", __pyx_clineno, __pyx_lineno, __pyx_filename);
-      if (__Pyx_GetException(&__pyx_t_4, &__pyx_t_5, &__pyx_t_6) < 0) __PYX_ERR(0, 54, __pyx_L5_except_error)
-      __Pyx_GOTREF(__pyx_t_4);
-      __Pyx_GOTREF(__pyx_t_5);
-      __Pyx_GOTREF(__pyx_t_6);
+*/
+    __pyx_t_8 = __Pyx_PyErr_ExceptionMatches(((PyObject *)(((PyTypeObject*)PyExc_Exception))));
+    if (__pyx_t_8) {
+      __Pyx_ErrRestore(0,0,0);
 
       /* "ssh/event.pyx":56
  *         except Exception:
@@ -2018,15 +3587,11 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *             return -1             # <<<<<<<<<<<<<<
  * 
  *     def add_fd(self, sock, short events, callback=None):
- */
+*/
       __pyx_r = -1;
-      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
       goto __pyx_L6_except_return;
     }
     goto __pyx_L5_except_error;
-    __pyx_L5_except_error:;
 
     /* "ssh/event.pyx":51
  *     @staticmethod
@@ -2034,7 +3599,8 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *         try:             # <<<<<<<<<<<<<<
  *             func = <object>userdata
  *             return func()
- */
+*/
+    __pyx_L5_except_error:;
     __Pyx_XGIVEREF(__pyx_t_1);
     __Pyx_XGIVEREF(__pyx_t_2);
     __Pyx_XGIVEREF(__pyx_t_3);
@@ -2054,20 +3620,20 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
     goto __pyx_L0;
   }
 
-  /* "ssh/event.pyx":50
+  /* "ssh/event.pyx":49
+ *         return event
  * 
- *     @staticmethod
- *     cdef int event_callback(c_ssh.socket_t fd, int revent, void *userdata):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef int event_callback(c_ssh.socket_t fd, int revent, void *userdata):
  *         try:
- *             func = <object>userdata
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_4);
   __Pyx_XDECREF(__pyx_t_5);
   __Pyx_XDECREF(__pyx_t_6);
-  __Pyx_WriteUnraisable("ssh.event.Event.event_callback", __pyx_clineno, __pyx_lineno, __pyx_filename, 1, 0);
+  __Pyx_AddTraceback("ssh.event.Event.event_callback", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = 0;
   __pyx_L0:;
   __Pyx_XDECREF(__pyx_v_func);
@@ -2081,77 +3647,103 @@ static int __pyx_f_3ssh_5event_5Event_event_callback(CYTHON_UNUSED socket_t __py
  *     def add_fd(self, sock, short events, callback=None):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(sock)
  *         cdef c_ssh.ssh_event_callback cb = \
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_5add_fd(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_4add_fd[] = "Event.add_fd(self, sock, short events, callback=None)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_5add_fd(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_5add_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_4add_fd, "Event.add_fd(self, sock, short events, callback=None)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_5add_fd = {"add_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_5add_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_4add_fd};
+static PyObject *__pyx_pw_3ssh_5event_5Event_5add_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_sock = 0;
   short __pyx_v_events;
   PyObject *__pyx_v_callback = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("add_fd (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_sock,&__pyx_n_s_events,&__pyx_n_s_callback,0};
-    PyObject* values[3] = {0,0,0};
-    values[2] = ((PyObject *)Py_None);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_sock,&__pyx_mstate_global->__pyx_n_u_events,&__pyx_mstate_global->__pyx_n_u_callback,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 58, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 58, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 58, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 58, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sock)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_events)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("add_fd", 0, 2, 3, 1); __PYX_ERR(0, 58, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_callback);
-          if (value) { values[2] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "add_fd") < 0)) __PYX_ERR(0, 58, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "add_fd", 0) < 0) __PYX_ERR(0, 58, __pyx_L3_error)
+      if (!values[2]) values[2] = __Pyx_NewRef(((PyObject *)Py_None));
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("add_fd", 0, 2, 3, i); __PYX_ERR(0, 58, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 58, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-        values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 58, __pyx_L3_error)
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 58, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[2]) values[2] = __Pyx_NewRef(((PyObject *)Py_None));
     }
     __pyx_v_sock = values[0];
-    __pyx_v_events = __Pyx_PyInt_As_short(values[1]); if (unlikely((__pyx_v_events == (short)-1) && PyErr_Occurred())) __PYX_ERR(0, 58, __pyx_L3_error)
+    __pyx_v_events = __Pyx_PyLong_As_short(values[1]); if (unlikely((__pyx_v_events == (short)-1) && PyErr_Occurred())) __PYX_ERR(0, 58, __pyx_L3_error)
     __pyx_v_callback = values[2];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("add_fd", 0, 2, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 58, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("add_fd", 0, 2, 3, __pyx_nargs); __PYX_ERR(0, 58, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.event.Event.add_fd", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -2159,6 +3751,9 @@ static PyObject *__pyx_pw_3ssh_5event_5Event_5add_fd(PyObject *__pyx_v_self, PyO
   __pyx_r = __pyx_pf_3ssh_5event_5Event_4add_fd(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_sock, __pyx_v_events, __pyx_v_callback);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2185,7 +3780,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(sock)             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_event_callback cb = \
  *             <c_ssh.ssh_event_callback>&Event.event_callback
- */
+*/
   __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_sock); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 59, __pyx_L1_error)
   __pyx_v__sock = __pyx_t_1;
 
@@ -2195,7 +3790,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *             <c_ssh.ssh_event_callback>&Event.event_callback             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef void *_cb = NULL if callback is None else <void *>callback
- */
+*/
   __pyx_v_cb = ((ssh_event_callback)(&__pyx_f_3ssh_5event_5Event_event_callback));
 
   /* "ssh/event.pyx":63
@@ -2204,9 +3799,9 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *         cdef void *_cb = NULL if callback is None else <void *>callback             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_event_add_fd(
  *             self._event, _sock, events, cb, _cb)
- */
+*/
   __pyx_t_3 = (__pyx_v_callback == Py_None);
-  if ((__pyx_t_3 != 0)) {
+  if (__pyx_t_3) {
     __pyx_t_2 = NULL;
   } else {
     __pyx_t_2 = ((void *)__pyx_v_callback);
@@ -2219,7 +3814,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *         rc = c_ssh.ssh_event_add_fd(             # <<<<<<<<<<<<<<
  *             self._event, _sock, events, cb, _cb)
  *         if rc == 0:
- */
+*/
   __pyx_v_rc = ssh_event_add_fd(__pyx_v_self->_event, __pyx_v__sock, __pyx_v_events, __pyx_v_cb, __pyx_v__cb);
 
   /* "ssh/event.pyx":66
@@ -2228,8 +3823,8 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self._sock = sock
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc == 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc == 0);
   if (__pyx_t_3) {
 
     /* "ssh/event.pyx":67
@@ -2238,7 +3833,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *             self._sock = sock             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
     __Pyx_INCREF(__pyx_v_sock);
     __Pyx_GIVEREF(__pyx_v_sock);
     __Pyx_GOTREF(__pyx_v_self->_sock);
@@ -2251,7 +3846,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self._sock = sock
  *         return rc
- */
+*/
   }
 
   /* "ssh/event.pyx":68
@@ -2260,9 +3855,9 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def remove_fd(self, socket):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 68, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 68, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
   __pyx_r = __pyx_t_4;
   __pyx_t_4 = 0;
@@ -2274,7 +3869,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *     def add_fd(self, sock, short events, callback=None):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(sock)
  *         cdef c_ssh.ssh_event_callback cb = \
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2293,18 +3888,90 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_4add_fd(struct __pyx_obj_3ssh_5even
  *     def remove_fd(self, socket):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_7remove_fd(PyObject *__pyx_v_self, PyObject *__pyx_v_socket); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_6remove_fd[] = "Event.remove_fd(self, socket)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_7remove_fd(PyObject *__pyx_v_self, PyObject *__pyx_v_socket) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_7remove_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_6remove_fd, "Event.remove_fd(self, socket)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_7remove_fd = {"remove_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_7remove_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_6remove_fd};
+static PyObject *__pyx_pw_3ssh_5event_5Event_7remove_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_socket = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("remove_fd (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_6remove_fd(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((PyObject *)__pyx_v_socket));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_socket,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 70, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 70, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "remove_fd", 0) < 0) __PYX_ERR(0, 70, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("remove_fd", 1, 1, 1, i); __PYX_ERR(0, 70, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 70, __pyx_L3_error)
+    }
+    __pyx_v_socket = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("remove_fd", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 70, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.event.Event.remove_fd", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_6remove_fd(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_socket);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2328,7 +3995,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 71, __pyx_L1_error)
   __pyx_v__sock = __pyx_t_1;
 
@@ -2338,13 +4005,12 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_remove_fd(self._event, _sock)
  *         if rc == 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/event.pyx":74
@@ -2353,7 +4019,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *             rc = c_ssh.ssh_event_remove_fd(self._event, _sock)             # <<<<<<<<<<<<<<
  *         if rc == 0:
  *             self._sock = None
- */
+*/
         __pyx_v_rc = ssh_event_remove_fd(__pyx_v_self->_event, __pyx_v__sock);
       }
 
@@ -2363,13 +4029,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_remove_fd(self._event, _sock)
  *         if rc == 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2382,8 +4046,8 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self._sock = None
  *         return rc
- */
-  __pyx_t_2 = ((__pyx_v_rc == 0) != 0);
+*/
+  __pyx_t_2 = (__pyx_v_rc == 0);
   if (__pyx_t_2) {
 
     /* "ssh/event.pyx":76
@@ -2392,7 +4056,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *             self._sock = None             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
     __Pyx_INCREF(Py_None);
     __Pyx_GIVEREF(Py_None);
     __Pyx_GOTREF(__pyx_v_self->_sock);
@@ -2405,7 +4069,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self._sock = None
  *         return rc
- */
+*/
   }
 
   /* "ssh/event.pyx":77
@@ -2414,9 +4078,9 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def add_session(self, Session session):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 77, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
@@ -2428,7 +4092,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *     def remove_fd(self, socket):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2447,26 +4111,100 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_6remove_fd(struct __pyx_obj_3ssh_5e
  *     def add_session(self, Session session):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_9add_session(PyObject *__pyx_v_self, PyObject *__pyx_v_session); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_8add_session[] = "Event.add_session(self, Session session)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_9add_session(PyObject *__pyx_v_self, PyObject *__pyx_v_session) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_9add_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_8add_session, "Event.add_session(self, Session session)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_9add_session = {"add_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_9add_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_8add_session};
+static PyObject *__pyx_pw_3ssh_5event_5Event_9add_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7session_Session *__pyx_v_session = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("add_session (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 79, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_8add_session(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_session));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_session,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 79, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 79, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "add_session", 0) < 0) __PYX_ERR(0, 79, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("add_session", 1, 1, 1, i); __PYX_ERR(0, 79, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 79, __pyx_L3_error)
+    }
+    __pyx_v_session = ((struct __pyx_obj_3ssh_7session_Session *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("add_session", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 79, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.event.Event.add_session", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 79, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_8add_session(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_session);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2488,13 +4226,12 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_add_session(self._event, session._session)
  *         handle_error_codes(rc, session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/event.pyx":82
@@ -2503,7 +4240,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *             rc = c_ssh.ssh_event_add_session(self._event, session._session)             # <<<<<<<<<<<<<<
  *         handle_error_codes(rc, session._session)
  *         self.session = session
- */
+*/
         __pyx_v_rc = ssh_event_add_session(__pyx_v_self->_event, __pyx_v_session->_session);
       }
 
@@ -2513,13 +4250,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_add_session(self._event, session._session)
  *         handle_error_codes(rc, session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2532,7 +4267,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *         handle_error_codes(rc, session._session)             # <<<<<<<<<<<<<<
  *         self.session = session
  *         return rc
- */
+*/
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 83, __pyx_L1_error)
 
   /* "ssh/event.pyx":84
@@ -2541,11 +4276,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *         self.session = session             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  __Pyx_GOTREF(__pyx_v_self->session);
-  __Pyx_DECREF(((PyObject *)__pyx_v_self->session));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  __Pyx_GOTREF((PyObject *)__pyx_v_self->session);
+  __Pyx_DECREF((PyObject *)__pyx_v_self->session);
   __pyx_v_self->session = __pyx_v_session;
 
   /* "ssh/event.pyx":85
@@ -2554,9 +4289,9 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def add_connector(self, Connector connector):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2568,7 +4303,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *     def add_session(self, Session session):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2587,26 +4322,100 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_8add_session(struct __pyx_obj_3ssh_
  *     def add_connector(self, Connector connector):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_11add_connector(PyObject *__pyx_v_self, PyObject *__pyx_v_connector); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_10add_connector[] = "Event.add_connector(self, Connector connector)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_11add_connector(PyObject *__pyx_v_self, PyObject *__pyx_v_connector) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_11add_connector(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_10add_connector, "Event.add_connector(self, Connector connector)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_11add_connector = {"add_connector", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_11add_connector, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_10add_connector};
+static PyObject *__pyx_pw_3ssh_5event_5Event_11add_connector(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_9connector_Connector *__pyx_v_connector = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("add_connector (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_connector), __pyx_ptype_3ssh_9connector_Connector, 1, "connector", 0))) __PYX_ERR(0, 87, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_10add_connector(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_connector));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_connector,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 87, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 87, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "add_connector", 0) < 0) __PYX_ERR(0, 87, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("add_connector", 1, 1, 1, i); __PYX_ERR(0, 87, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 87, __pyx_L3_error)
+    }
+    __pyx_v_connector = ((struct __pyx_obj_3ssh_9connector_Connector *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("add_connector", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 87, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.event.Event.add_connector", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_connector), __pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector, 1, "connector", 0))) __PYX_ERR(0, 87, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_10add_connector(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_connector);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2629,13 +4438,12 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_add_connector(
  *                 self._event, connector._connector)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/event.pyx":90
@@ -2644,7 +4452,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *             rc = c_ssh.ssh_event_add_connector(             # <<<<<<<<<<<<<<
  *                 self._event, connector._connector)
  *         if rc == 0:
- */
+*/
         __pyx_v_rc = ssh_event_add_connector(__pyx_v_self->_event, __pyx_v_connector->_connector);
       }
 
@@ -2654,13 +4462,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_add_connector(
  *                 self._event, connector._connector)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2673,8 +4479,8 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self.connector = connector
  *         return handle_error_codes(rc, connector.session._session)
- */
-  __pyx_t_1 = ((__pyx_v_rc == 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc == 0);
   if (__pyx_t_1) {
 
     /* "ssh/event.pyx":93
@@ -2683,11 +4489,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *             self.connector = connector             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, connector.session._session)
  * 
- */
-    __Pyx_INCREF(((PyObject *)__pyx_v_connector));
-    __Pyx_GIVEREF(((PyObject *)__pyx_v_connector));
-    __Pyx_GOTREF(__pyx_v_self->connector);
-    __Pyx_DECREF(((PyObject *)__pyx_v_self->connector));
+*/
+    __Pyx_INCREF((PyObject *)__pyx_v_connector);
+    __Pyx_GIVEREF((PyObject *)__pyx_v_connector);
+    __Pyx_GOTREF((PyObject *)__pyx_v_self->connector);
+    __Pyx_DECREF((PyObject *)__pyx_v_self->connector);
     __pyx_v_self->connector = __pyx_v_connector;
 
     /* "ssh/event.pyx":92
@@ -2696,7 +4502,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self.connector = connector
  *         return handle_error_codes(rc, connector.session._session)
- */
+*/
   }
 
   /* "ssh/event.pyx":94
@@ -2705,10 +4511,10 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *         return handle_error_codes(rc, connector.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def dopoll(self, int timeout):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_connector->session->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 94, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 94, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 94, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
@@ -2720,7 +4526,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *     def add_connector(self, Connector connector):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2739,31 +4545,90 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_10add_connector(struct __pyx_obj_3s
  *     def dopoll(self, int timeout):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_13dopoll(PyObject *__pyx_v_self, PyObject *__pyx_arg_timeout); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_12dopoll[] = "Event.dopoll(self, int timeout)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_13dopoll(PyObject *__pyx_v_self, PyObject *__pyx_arg_timeout) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_13dopoll(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_12dopoll, "Event.dopoll(self, int timeout)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_13dopoll = {"dopoll", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_13dopoll, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_12dopoll};
+static PyObject *__pyx_pw_3ssh_5event_5Event_13dopoll(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_timeout;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("dopoll (wrapper)", 0);
-  assert(__pyx_arg_timeout); {
-    __pyx_v_timeout = __Pyx_PyInt_As_int(__pyx_arg_timeout); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 96, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_timeout,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 96, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 96, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "dopoll", 0) < 0) __PYX_ERR(0, 96, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("dopoll", 1, 1, 1, i); __PYX_ERR(0, 96, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 96, __pyx_L3_error)
+    }
+    __pyx_v_timeout = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 96, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("dopoll", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 96, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.event.Event.dopoll", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_12dopoll(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((int)__pyx_v_timeout));
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_12dopoll(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_timeout);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2784,13 +4649,12 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_12dopoll(struct __pyx_obj_3ssh_5eve
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_dopoll(self._event, timeout)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/event.pyx":99
@@ -2799,7 +4663,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_12dopoll(struct __pyx_obj_3ssh_5eve
  *             rc = c_ssh.ssh_event_dopoll(self._event, timeout)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_event_dopoll(__pyx_v_self->_event, __pyx_v_timeout);
       }
 
@@ -2809,13 +4673,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_12dopoll(struct __pyx_obj_3ssh_5eve
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_dopoll(self._event, timeout)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2828,9 +4690,9 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_12dopoll(struct __pyx_obj_3ssh_5eve
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def remove_session(self, Session session):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 100, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 100, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -2842,7 +4704,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_12dopoll(struct __pyx_obj_3ssh_5eve
  *     def dopoll(self, int timeout):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2861,26 +4723,100 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_12dopoll(struct __pyx_obj_3ssh_5eve
  *     def remove_session(self, Session session):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_15remove_session(PyObject *__pyx_v_self, PyObject *__pyx_v_session); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_14remove_session[] = "Event.remove_session(self, Session session)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_15remove_session(PyObject *__pyx_v_self, PyObject *__pyx_v_session) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_15remove_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_14remove_session, "Event.remove_session(self, Session session)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_15remove_session = {"remove_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_15remove_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_14remove_session};
+static PyObject *__pyx_pw_3ssh_5event_5Event_15remove_session(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7session_Session *__pyx_v_session = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("remove_session (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 102, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_14remove_session(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_session));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_session,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 102, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 102, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "remove_session", 0) < 0) __PYX_ERR(0, 102, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("remove_session", 1, 1, 1, i); __PYX_ERR(0, 102, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 102, __pyx_L3_error)
+    }
+    __pyx_v_session = ((struct __pyx_obj_3ssh_7session_Session *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("remove_session", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 102, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.event.Event.remove_session", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_session), __pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, 1, "session", 0))) __PYX_ERR(0, 102, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_14remove_session(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_session);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2902,13 +4838,12 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_remove_session(self._event, session._session)
  *         handle_error_codes(rc, session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/event.pyx":105
@@ -2917,7 +4852,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *             rc = c_ssh.ssh_event_remove_session(self._event, session._session)             # <<<<<<<<<<<<<<
  *         handle_error_codes(rc, session._session)
  *         self.session = None
- */
+*/
         __pyx_v_rc = ssh_event_remove_session(__pyx_v_self->_event, __pyx_v_session->_session);
       }
 
@@ -2927,13 +4862,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_remove_session(self._event, session._session)
  *         handle_error_codes(rc, session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2946,7 +4879,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *         handle_error_codes(rc, session._session)             # <<<<<<<<<<<<<<
  *         self.session = None
  *         return rc
- */
+*/
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 106, __pyx_L1_error)
 
   /* "ssh/event.pyx":107
@@ -2955,11 +4888,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *         self.session = None             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
   __Pyx_INCREF(Py_None);
   __Pyx_GIVEREF(Py_None);
-  __Pyx_GOTREF(__pyx_v_self->session);
-  __Pyx_DECREF(((PyObject *)__pyx_v_self->session));
+  __Pyx_GOTREF((PyObject *)__pyx_v_self->session);
+  __Pyx_DECREF((PyObject *)__pyx_v_self->session);
   __pyx_v_self->session = ((struct __pyx_obj_3ssh_7session_Session *)Py_None);
 
   /* "ssh/event.pyx":108
@@ -2968,9 +4901,9 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def remove_connector(self, Connector connector):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 108, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 108, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2982,7 +4915,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *     def remove_session(self, Session session):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3001,27 +4934,101 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_14remove_session(struct __pyx_obj_3
  *     def remove_connector(self, Connector connector):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_17remove_connector(PyObject *__pyx_v_self, PyObject *__pyx_v_connector); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_16remove_connector[] = "Event.remove_connector(self, Connector connector)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_17remove_connector(PyObject *__pyx_v_self, PyObject *__pyx_v_connector) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_17remove_connector(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_16remove_connector, "Event.remove_connector(self, Connector connector)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_17remove_connector = {"remove_connector", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_17remove_connector, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_16remove_connector};
+static PyObject *__pyx_pw_3ssh_5event_5Event_17remove_connector(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_9connector_Connector *__pyx_v_connector = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("remove_connector (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_connector), __pyx_ptype_3ssh_9connector_Connector, 1, "connector", 0))) __PYX_ERR(0, 110, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_16remove_connector(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((struct __pyx_obj_3ssh_9connector_Connector *)__pyx_v_connector));
-
-  /* function exit code */
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __pyx_r = NULL;
-  __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_connector,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 110, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 110, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "remove_connector", 0) < 0) __PYX_ERR(0, 110, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("remove_connector", 1, 1, 1, i); __PYX_ERR(0, 110, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 110, __pyx_L3_error)
+    }
+    __pyx_v_connector = ((struct __pyx_obj_3ssh_9connector_Connector *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("remove_connector", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 110, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.event.Event.remove_connector", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_connector), __pyx_mstate_global->__pyx_ptype_3ssh_9connector_Connector, 1, "connector", 0))) __PYX_ERR(0, 110, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_16remove_connector(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v_connector);
+
+  /* function exit code */
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
+  __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
+  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
@@ -3043,13 +5050,12 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_remove_connector(
  *                 self._event, connector._connector)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/event.pyx":113
@@ -3058,7 +5064,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *             rc = c_ssh.ssh_event_remove_connector(             # <<<<<<<<<<<<<<
  *                 self._event, connector._connector)
  *         if rc == 0:
- */
+*/
         __pyx_v_rc = ssh_event_remove_connector(__pyx_v_self->_event, __pyx_v_connector->_connector);
       }
 
@@ -3068,13 +5074,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_event_remove_connector(
  *                 self._event, connector._connector)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3087,8 +5091,8 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self.connector = None
  *         return handle_error_codes(rc, connector.session._session)
- */
-  __pyx_t_1 = ((__pyx_v_rc == 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc == 0);
   if (__pyx_t_1) {
 
     /* "ssh/event.pyx":116
@@ -3096,11 +5100,11 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *         if rc == 0:
  *             self.connector = None             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, connector.session._session)
- */
+*/
     __Pyx_INCREF(Py_None);
     __Pyx_GIVEREF(Py_None);
-    __Pyx_GOTREF(__pyx_v_self->connector);
-    __Pyx_DECREF(((PyObject *)__pyx_v_self->connector));
+    __Pyx_GOTREF((PyObject *)__pyx_v_self->connector);
+    __Pyx_DECREF((PyObject *)__pyx_v_self->connector);
     __pyx_v_self->connector = ((struct __pyx_obj_3ssh_9connector_Connector *)Py_None);
 
     /* "ssh/event.pyx":115
@@ -3109,17 +5113,17 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *         if rc == 0:             # <<<<<<<<<<<<<<
  *             self.connector = None
  *         return handle_error_codes(rc, connector.session._session)
- */
+*/
   }
 
   /* "ssh/event.pyx":117
  *         if rc == 0:
  *             self.connector = None
  *         return handle_error_codes(rc, connector.session._session)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_connector->session->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 117, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 117, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
@@ -3131,7 +5135,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *     def remove_connector(self, Connector connector):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3150,14 +5154,16 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_16remove_connector(struct __pyx_obj
  *     cdef readonly Session session             # <<<<<<<<<<<<<<
  *     cdef readonly Connector connector
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_5event_5Event_7session_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_5event_5Event_7session_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_5event_5Event_7session___get__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self));
 
   /* function exit code */
@@ -3170,7 +5176,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_7session___get__(struct __pyx_obj_3
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->session));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->session);
   __pyx_r = ((PyObject *)__pyx_v_self->session);
   goto __pyx_L0;
 
@@ -3187,14 +5193,16 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_7session___get__(struct __pyx_obj_3
  *     cdef readonly Connector connector             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_5event_5Event_9connector_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_5event_5Event_9connector_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_5event_5Event_9connector___get__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self));
 
   /* function exit code */
@@ -3207,7 +5215,7 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_9connector___get__(struct __pyx_obj
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->connector));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->connector);
   __pyx_r = ((PyObject *)__pyx_v_self->connector);
   goto __pyx_L0;
 
@@ -3220,17 +5228,46 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_9connector___get__(struct __pyx_obj
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_19__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_18__reduce_cython__[] = "Event.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_19__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_19__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_18__reduce_cython__, "Event.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_19__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_19__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_18__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_5event_5Event_19__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_5event_5Event_18__reduce_cython__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self));
 
   /* function exit code */
@@ -3241,7 +5278,6 @@ static PyObject *__pyx_pw_3ssh_5event_5Event_19__reduce_cython__(PyObject *__pyx
 static PyObject *__pyx_pf_3ssh_5event_5Event_18__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_5event_Event *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3249,25 +5285,21 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_18__reduce_cython__(CYTHON_UNUSED s
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.event.Event.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3277,21 +5309,93 @@ static PyObject *__pyx_pf_3ssh_5event_5Event_18__reduce_cython__(CYTHON_UNUSED s
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5event_5Event_21__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_5event_5Event_20__setstate_cython__[] = "Event.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_5event_5Event_21__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_5event_5Event_21__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5event_5Event_20__setstate_cython__, "Event.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_5event_5Event_21__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_21__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_20__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_5event_5Event_21__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_5event_5Event_20__setstate_cython__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.event.Event.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_5event_5Event_20__setstate_cython__(((struct __pyx_obj_3ssh_5event_Event *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3299,56 +5403,57 @@ static PyObject *__pyx_pw_3ssh_5event_5Event_21__setstate_cython__(PyObject *__p
 static PyObject *__pyx_pf_3ssh_5event_5Event_20__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_5event_Event *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.event.Event.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_5event_Event __pyx_vtable_3ssh_5event_Event;
 
 static PyObject *__pyx_tp_new_3ssh_5event_Event(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_5event_Event *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_5event_Event *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_5event_Event;
   p->_sock = Py_None; Py_INCREF(Py_None);
   p->session = ((struct __pyx_obj_3ssh_7session_Session *)Py_None); Py_INCREF(Py_None);
   p->connector = ((struct __pyx_obj_3ssh_9connector_Connector *)Py_None); Py_INCREF(Py_None);
-  if (unlikely(__pyx_pw_3ssh_5event_5Event_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_5event_5Event_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -3358,8 +5463,10 @@ static PyObject *__pyx_tp_new_3ssh_5event_Event(PyTypeObject *t, CYTHON_UNUSED P
 static void __pyx_tp_dealloc_3ssh_5event_Event(PyObject *o) {
   struct __pyx_obj_3ssh_5event_Event *p = (struct __pyx_obj_3ssh_5event_Event *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_5event_Event) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -3374,12 +5481,23 @@ static void __pyx_tp_dealloc_3ssh_5event_Event(PyObject *o) {
   Py_CLEAR(p->_sock);
   Py_CLEAR(p->session);
   Py_CLEAR(p->connector);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_5event_Event(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_5event_Event *p = (struct __pyx_obj_3ssh_5event_Event *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->_sock) {
     e = (*v)(p->_sock, a); if (e) return e;
   }
@@ -3420,28 +5538,46 @@ static PyObject *__pyx_getprop_3ssh_5event_5Event_connector(PyObject *o, CYTHON_
 }
 
 static PyMethodDef __pyx_methods_3ssh_5event_Event[] = {
-  {"add_fd", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_5event_5Event_5add_fd, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_4add_fd},
-  {"remove_fd", (PyCFunction)__pyx_pw_3ssh_5event_5Event_7remove_fd, METH_O, __pyx_doc_3ssh_5event_5Event_6remove_fd},
-  {"add_session", (PyCFunction)__pyx_pw_3ssh_5event_5Event_9add_session, METH_O, __pyx_doc_3ssh_5event_5Event_8add_session},
-  {"add_connector", (PyCFunction)__pyx_pw_3ssh_5event_5Event_11add_connector, METH_O, __pyx_doc_3ssh_5event_5Event_10add_connector},
-  {"dopoll", (PyCFunction)__pyx_pw_3ssh_5event_5Event_13dopoll, METH_O, __pyx_doc_3ssh_5event_5Event_12dopoll},
-  {"remove_session", (PyCFunction)__pyx_pw_3ssh_5event_5Event_15remove_session, METH_O, __pyx_doc_3ssh_5event_5Event_14remove_session},
-  {"remove_connector", (PyCFunction)__pyx_pw_3ssh_5event_5Event_17remove_connector, METH_O, __pyx_doc_3ssh_5event_5Event_16remove_connector},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_5event_5Event_19__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_5event_5Event_18__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_5event_5Event_21__setstate_cython__, METH_O, __pyx_doc_3ssh_5event_5Event_20__setstate_cython__},
+  {"add_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_5add_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_4add_fd},
+  {"remove_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_7remove_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_6remove_fd},
+  {"add_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_9add_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_8add_session},
+  {"add_connector", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_11add_connector, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_10add_connector},
+  {"dopoll", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_13dopoll, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_12dopoll},
+  {"remove_session", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_15remove_session, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_14remove_session},
+  {"remove_connector", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_17remove_connector, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_16remove_connector},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_19__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_18__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5event_5Event_21__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5event_5Event_20__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_5event_Event[] = {
-  {(char *)"socket", __pyx_getprop_3ssh_5event_5Event_socket, 0, (char *)0, 0},
-  {(char *)"session", __pyx_getprop_3ssh_5event_5Event_session, 0, (char *)0, 0},
-  {(char *)"connector", __pyx_getprop_3ssh_5event_5Event_connector, 0, (char *)0, 0},
+  {"socket", __pyx_getprop_3ssh_5event_5Event_socket, 0, 0, 0},
+  {"session", __pyx_getprop_3ssh_5event_5Event_session, 0, 0, 0},
+  {"connector", __pyx_getprop_3ssh_5event_5Event_connector, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_5event_Event_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_5event_Event},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_5event_Event},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_5event_Event},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_5event_Event},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_5event_Event},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_5event_Event},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_5event_Event_spec = {
+  "ssh.event.Event",
+  sizeof(struct __pyx_obj_3ssh_5event_Event),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_5event_Event_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_5event_Event = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.event.Event", /*tp_name*/
+  "ssh.event.""Event", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_5event_Event), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_5event_Event, /*tp_dealloc*/
@@ -3453,12 +5589,7 @@ static PyTypeObject __pyx_type_3ssh_5event_Event = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -3484,7 +5615,9 @@ static PyTypeObject __pyx_type_3ssh_5event_Event = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_5event_Event, /*tp_new*/
@@ -3497,164 +5630,77 @@ static PyTypeObject __pyx_type_3ssh_5event_Event = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_event(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_event},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "event",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_Event, __pyx_k_Event, sizeof(__pyx_k_Event), 0, 0, 1, 1},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_callback, __pyx_k_callback, sizeof(__pyx_k_callback), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_events, __pyx_k_events, sizeof(__pyx_k_events), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_sock, __pyx_k_sock, sizeof(__pyx_k_sock), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 32, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3663,17 +5709,26 @@ static int __Pyx_modinit_type_init_code(void) {
   __pyx_vtabptr_3ssh_5event_Event = &__pyx_vtable_3ssh_5event_Event;
   __pyx_vtable_3ssh_5event_Event.from_ptr = (struct __pyx_obj_3ssh_5event_Event *(*)(ssh_event))__pyx_f_3ssh_5event_5Event_from_ptr;
   __pyx_vtable_3ssh_5event_Event.event_callback = (int (*)(socket_t, int, void *))__pyx_f_3ssh_5event_5Event_event_callback;
-  if (PyType_Ready(&__pyx_type_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_5event_Event.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_5event_Event = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_5event_Event_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_5event_Event)) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_5event_Event_spec, __pyx_mstate->__pyx_ptype_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_5event_Event = &__pyx_type_3ssh_5event_Event;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_5event_Event.tp_dictoffset && __pyx_type_3ssh_5event_Event.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_5event_Event.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_5event_Event->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_5event_Event->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_5event_Event->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_5event_Event.tp_dict, __pyx_vtabptr_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Event, (PyObject *)&__pyx_type_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __pyx_ptype_3ssh_5event_Event = &__pyx_type_3ssh_5event_Event;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_5event_Event, __pyx_vtabptr_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Event, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_5event_Event) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -3681,48 +5736,85 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
-  __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.connector"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.connector"); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_9connector_Flag = __Pyx_ImportType(__pyx_t_1, "ssh.connector", "Flag", sizeof(struct __pyx_obj_3ssh_9connector_Flag), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_9connector_Flag) __PYX_ERR(3, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_9connector_Flag = (struct __pyx_vtabstruct_3ssh_9connector_Flag*)__Pyx_GetVtable(__pyx_ptype_3ssh_9connector_Flag->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Flag)) __PYX_ERR(3, 22, __pyx_L1_error)
-  __pyx_ptype_3ssh_9connector_Connector = __Pyx_ImportType(__pyx_t_1, "ssh.connector", "Connector", sizeof(struct __pyx_obj_3ssh_9connector_Connector), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_9connector_Connector) __PYX_ERR(3, 29, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_9connector_Connector = (struct __pyx_vtabstruct_3ssh_9connector_Connector*)__Pyx_GetVtable(__pyx_ptype_3ssh_9connector_Connector->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Connector)) __PYX_ERR(3, 29, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.connector", "Flag",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Flag),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Flag),
+  #else
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Flag),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) __PYX_ERR(4, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_9connector_Flag = (struct __pyx_vtabstruct_3ssh_9connector_Flag*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Flag)) __PYX_ERR(4, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.connector", "Connector",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Connector),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Connector),
+  #else
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Connector),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) __PYX_ERR(4, 29, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_9connector_Connector = (struct __pyx_vtabstruct_3ssh_9connector_Connector*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Connector)) __PYX_ERR(4, 29, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 9, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 9, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_4type_type = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "type", 
+  __pyx_mstate->__pyx_ptype_7cpython_4type_type = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "type",
   #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
-  sizeof(PyTypeObject),
+  sizeof(PyTypeObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyTypeObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
   #else
-  sizeof(PyHeapTypeObject),
+  sizeof(PyHeapTypeObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyHeapTypeObject),
   #endif
-  __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_4type_type) __PYX_ERR(4, 9, __pyx_L1_error)
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_4type_type) __PYX_ERR(5, 9, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 8, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 8, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_4bool_bool = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "bool", sizeof(PyBoolObject), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_4bool_bool) __PYX_ERR(5, 8, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_7cpython_4bool_bool = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "bool",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(PyLongObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyLongObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
+  #else
+  sizeof(PyLongObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyLongObject),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_4bool_bool) __PYX_ERR(6, 8, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 15, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(7, 16, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_7complex_complex = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "complex", sizeof(PyComplexObject), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_7complex_complex) __PYX_ERR(6, 15, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_7cpython_7complex_complex = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "complex",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(PyComplexObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyComplexObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
+  #else
+  sizeof(PyComplexObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyComplexObject),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_7complex_complex) __PYX_ERR(7, 16, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -3732,16 +5824,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -3750,7 +5844,7 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -3760,50 +5854,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_event(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_event},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "event",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initevent(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initevent(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_event(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_event(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -3811,7 +5976,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -3826,10 +5993,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -3852,9 +6022,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_event(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3865,9 +6040,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_event(PyObject *__pyx_pyinit_modul
     PyErr_SetString(PyExc_RuntimeError, "Module 'event' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "event" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -3877,109 +6080,198 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_event(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_event", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #ifdef __Pyx_CyFunction_USED
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("event", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__event) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.event")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.event", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.event", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
+
+  /* "ssh/event.pyx":58
+ *             return -1
+ * 
+ *     def add_fd(self, sock, short events, callback=None):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(sock)
+ *         cdef c_ssh.ssh_event_callback cb = \
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_5add_fd, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_add_fd, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_add_fd, __pyx_t_2) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/event.pyx":70
+ *         return rc
+ * 
+ *     def remove_fd(self, socket):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
+ *         cdef int rc
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_7remove_fd, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_remove_fd, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 70, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_remove_fd, __pyx_t_2) < 0) __PYX_ERR(0, 70, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/event.pyx":79
+ *         return rc
+ * 
+ *     def add_session(self, Session session):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_9add_session, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_add_session, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 79, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_add_session, __pyx_t_2) < 0) __PYX_ERR(0, 79, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/event.pyx":87
+ *         return rc
+ * 
+ *     def add_connector(self, Connector connector):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_11add_connector, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_add_connector, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 87, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_add_connector, __pyx_t_2) < 0) __PYX_ERR(0, 87, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/event.pyx":96
+ *         return handle_error_codes(rc, connector.session._session)
+ * 
+ *     def dopoll(self, int timeout):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_13dopoll, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_dopoll, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 96, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_dopoll, __pyx_t_2) < 0) __PYX_ERR(0, 96, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/event.pyx":102
+ *         return rc
+ * 
+ *     def remove_session(self, Session session):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_15remove_session, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_remove_session, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 102, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_remove_session, __pyx_t_2) < 0) __PYX_ERR(0, 102, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/event.pyx":110
+ *         return rc
+ * 
+ *     def remove_connector(self, Connector connector):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_17remove_connector, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event_remove_connector, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 110, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_5event_Event, __pyx_mstate_global->__pyx_n_u_remove_connector, __pyx_t_2) < 0) __PYX_ERR(0, 110, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_19__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5event_5Event_21__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Event___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_event, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/event.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.event", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.event");
   }
@@ -3987,12 +6279,265 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_Event, sizeof(__pyx_k_Event), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event */
+  {__pyx_k_Event___reduce_cython, sizeof(__pyx_k_Event___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event___reduce_cython */
+  {__pyx_k_Event___setstate_cython, sizeof(__pyx_k_Event___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event___setstate_cython */
+  {__pyx_k_Event_add_connector, sizeof(__pyx_k_Event_add_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_add_connector */
+  {__pyx_k_Event_add_fd, sizeof(__pyx_k_Event_add_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_add_fd */
+  {__pyx_k_Event_add_session, sizeof(__pyx_k_Event_add_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_add_session */
+  {__pyx_k_Event_dopoll, sizeof(__pyx_k_Event_dopoll), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_dopoll */
+  {__pyx_k_Event_remove_connector, sizeof(__pyx_k_Event_remove_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_remove_connector */
+  {__pyx_k_Event_remove_fd, sizeof(__pyx_k_Event_remove_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_remove_fd */
+  {__pyx_k_Event_remove_session, sizeof(__pyx_k_Event_remove_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Event_remove_session */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k_add_connector, sizeof(__pyx_k_add_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_add_connector */
+  {__pyx_k_add_fd, sizeof(__pyx_k_add_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_add_fd */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_add_session, sizeof(__pyx_k_add_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_add_session */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_callback, sizeof(__pyx_k_callback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_callback */
+  {__pyx_k_cb, sizeof(__pyx_k_cb), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cb */
+  {__pyx_k_cb_2, sizeof(__pyx_k_cb_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cb_2 */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_connector, sizeof(__pyx_k_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_connector */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_dopoll, sizeof(__pyx_k_dopoll), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dopoll */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_events, sizeof(__pyx_k_events), 0, 1, 1}, /* PyObject cname: __pyx_n_u_events */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_remove_connector, sizeof(__pyx_k_remove_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_remove_connector */
+  {__pyx_k_remove_fd, sizeof(__pyx_k_remove_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_remove_fd */
+  {__pyx_k_remove_session, sizeof(__pyx_k_remove_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_remove_session */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_session, sizeof(__pyx_k_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_session */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_sock, sizeof(__pyx_k_sock), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sock */
+  {__pyx_k_sock_2, sizeof(__pyx_k_sock_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sock_2 */
+  {__pyx_k_socket, sizeof(__pyx_k_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_socket */
+  {__pyx_k_ssh_event, sizeof(__pyx_k_ssh_event), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_event */
+  {__pyx_k_ssh_event_pyx, sizeof(__pyx_k_ssh_event_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_event_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_timeout */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 32, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "ssh/event.pyx":58
+ *             return -1
+ * 
+ *     def add_fd(self, sock, short events, callback=None):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(sock)
+ *         cdef c_ssh.ssh_event_callback cb = \
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(1, Py_None); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 3;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 4;
+            unsigned int flags : 10;
+            unsigned int first_line : 7;
+            unsigned int line_table_length : 11;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 58, 82};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_sock, __pyx_mstate->__pyx_n_u_events, __pyx_mstate->__pyx_n_u_callback, __pyx_mstate->__pyx_n_u_sock_2, __pyx_mstate->__pyx_n_u_cb, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_cb_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_add_fd, __pyx_k_2_Qa_fA_Zxq_1_A_3c_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 70, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_socket, __pyx_mstate->__pyx_n_u_sock_2, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_remove_fd, __pyx_k_A_Qa_4y_3c_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 79, 44};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_session, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_add_session, __pyx_k_A_AT_4wa_Kq_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 87, 54};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_connector, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_add_connector, __pyx_k_A_a_IYa_3c_Q_ixq, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 96, 24};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_timeout, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_dopoll, __pyx_k_A_q_IQ_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 102, 44};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_session, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_remove_session, __pyx_k_A_q_IWA_4wa_Kq_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 110, 54};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_connector, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_event_pyx, __pyx_mstate->__pyx_n_u_remove_connector, __pyx_k_A_1_IYa_3c_Q_ixq, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -4012,34 +6557,394 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
 /* PyObjectGetAttrStr */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
     PyTypeObject* tp = Py_TYPE(obj);
     if (likely(tp->tp_getattro))
         return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
     return PyObject_GetAttr(obj, attr_name);
 }
 #endif
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
 #endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
     }
     return result;
+#endif
 }
 
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
 /* RaiseArgTupleInvalid */
 static void __Pyx_RaiseArgtupleInvalid(
     const char* func_name,
@@ -4066,49 +6971,30 @@ static void __Pyx_RaiseArgtupleInvalid(
                  (num_expected == 1) ? "" : "s", num_found);
 }
 
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
-{
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
-#if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
-#else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
-    }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    return 0;
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
 #endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-    return 0;
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
 }
 
 /* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
                                                PyObject *globals) {
     PyFrameObject *f;
     PyThreadState *tstate = __Pyx_PyThreadState_Current;
@@ -4136,15 +7022,12 @@ static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args
     --tstate->recursion_depth;
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
     PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
     PyObject *globals = PyFunction_GET_GLOBALS(func);
     PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
     PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
     PyObject *kwdefs;
-#endif
     PyObject *kwtuple, **k;
     PyObject **d;
     Py_ssize_t nd;
@@ -4152,13 +7035,11 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
     PyObject *result;
     assert(kwargs == NULL || PyDict_Check(kwargs));
     nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
         return NULL;
     }
     if (
-#if PY_MAJOR_VERSION >= 3
             co->co_kwonlyargcount == 0 &&
-#endif
             likely(kwargs == NULL || nk == 0) &&
             co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
         if (argdefs == NULL && co->co_argcount == nargs) {
@@ -4195,9 +7076,7 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         k = NULL;
     }
     closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
     kwdefs = PyFunction_GET_KW_DEFAULTS(func);
-#endif
     if (argdefs != NULL) {
         d = &PyTuple_GET_ITEM(argdefs, 0);
         nd = Py_SIZE(argdefs);
@@ -4206,24 +7085,16 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         d = NULL;
         nd = 0;
     }
-#if PY_MAJOR_VERSION >= 3
     result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
                                args, (int)nargs,
                                k, (int)nk,
                                d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
     Py_XDECREF(kwtuple);
 done:
     Py_LeaveRecursiveCall();
     return result;
 }
 #endif
-#endif
 
 /* PyObjectCall */
 #if CYTHON_COMPILING_IN_CPYTHON
@@ -4232,7 +7103,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
     ternaryfunc call = Py_TYPE(func)->tp_call;
     if (unlikely(!call))
         return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = (*call)(func, arg, kw);
     Py_LeaveRecursiveCall();
@@ -4250,9 +7121,9 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
     PyObject *self, *result;
     PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = cfunc(self, arg);
     Py_LeaveRecursiveCall();
@@ -4265,98 +7136,112 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject
 }
 #endif
 
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
-    }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
-#else
-    if (likely(PyCFunction_Check(func)))
-#endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
-        }
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
 }
 #endif
-
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
     }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
 }
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
 #endif
-
-/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
 #if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
     }
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
-#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
         }
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
-}
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
 }
-#endif
 
 /* GetTopmostException */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem *
 __Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
 {
     _PyErr_StackItem *exc_info = tstate->exc_info;
-    while ((exc_info->exc_type == NULL || exc_info->exc_type == Py_None) &&
+    while ((exc_info->exc_value == NULL || exc_info->exc_value == Py_None) &&
            exc_info->previous_item != NULL)
     {
         exc_info = exc_info->previous_item;
@@ -4368,21 +7253,46 @@ __Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
 /* SaveResetException */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    #if CYTHON_USE_EXC_INFO_STACK
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    PyObject *exc_value = exc_info->exc_value;
+    if (exc_value == NULL || exc_value == Py_None) {
+        *value = NULL;
+        *type = NULL;
+        *tb = NULL;
+    } else {
+        *value = exc_value;
+        Py_INCREF(*value);
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        *tb = PyException_GetTraceback(exc_value);
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
     *type = exc_info->exc_type;
     *value = exc_info->exc_value;
     *tb = exc_info->exc_traceback;
-    #else
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #else
     *type = tstate->exc_type;
     *value = tstate->exc_value;
     *tb = tstate->exc_traceback;
-    #endif
     Py_XINCREF(*type);
     Py_XINCREF(*value);
     Py_XINCREF(*tb);
+  #endif
 }
 static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    PyObject *tmp_value = exc_info->exc_value;
+    exc_info->exc_value = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+  #else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     #if CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = tstate->exc_info;
@@ -4403,364 +7313,582 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+  #endif
 }
 #endif
 
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
-    }
-#endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
-    }
-    return 0;
-}
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
 }
-#endif
 
-/* GetException */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+    PyObject_Vectorcall
 #endif
-{
-    PyObject *local_type, *local_value, *local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    local_type = tstate->curexc_type;
-    local_value = tstate->curexc_value;
-    local_tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
 #else
-    PyErr_Fetch(&local_type, &local_value, &local_tb);
+     METH_FASTCALL | METH_KEYWORDS,
 #endif
-    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
-#if CYTHON_FAST_THREAD_STATE
-    if (unlikely(tstate->curexc_type))
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
 #else
-    if (unlikely(PyErr_Occurred()))
+    if (PyCFunction_Check(method))
 #endif
-        goto bad;
-    #if PY_MAJOR_VERSION >= 3
-    if (local_tb) {
-        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
-            goto bad;
-    }
-    #endif
-    Py_XINCREF(local_tb);
-    Py_XINCREF(local_type);
-    Py_XINCREF(local_value);
-    *type = local_type;
-    *value = local_value;
-    *tb = local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    #if CYTHON_USE_EXC_INFO_STACK
     {
-        _PyErr_StackItem *exc_info = tstate->exc_info;
-        tmp_type = exc_info->exc_type;
-        tmp_value = exc_info->exc_value;
-        tmp_tb = exc_info->exc_traceback;
-        exc_info->exc_type = local_type;
-        exc_info->exc_value = local_value;
-        exc_info->exc_traceback = local_tb;
-    }
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = local_type;
-    tstate->exc_value = local_value;
-    tstate->exc_traceback = local_tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
 #else
-    PyErr_SetExcInfo(local_type, local_value, local_tb);
+        self = PyCFunction_GET_SELF(method);
 #endif
-    return 0;
-bad:
-    *type = 0;
-    *value = 0;
-    *tb = 0;
-    Py_XDECREF(local_type);
-    Py_XDECREF(local_value);
-    Py_XDECREF(local_tb);
-    return -1;
-}
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-}
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
 #endif
+    target->method = result;
+    return 0;
+}
 
-/* WriteUnraisableException */
-static void __Pyx_WriteUnraisable(const char *name, CYTHON_UNUSED int clineno,
-                                  CYTHON_UNUSED int lineno, CYTHON_UNUSED const char *filename,
-                                  int full_traceback, CYTHON_UNUSED int nogil) {
-    PyObject *old_exc, *old_val, *old_tb;
-    PyObject *ctx;
-    __Pyx_PyThreadState_declare
-#ifdef WITH_THREAD
-    PyGILState_STATE state;
-    if (nogil)
-        state = PyGILState_Ensure();
-#ifdef _MSC_VER
-    else state = (PyGILState_STATE)-1;
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
 #endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
 #endif
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&old_exc, &old_val, &old_tb);
-    if (full_traceback) {
-        Py_XINCREF(old_exc);
-        Py_XINCREF(old_val);
-        Py_XINCREF(old_tb);
-        __Pyx_ErrRestore(old_exc, old_val, old_tb);
-        PyErr_PrintEx(1);
-    }
-    #if PY_MAJOR_VERSION < 3
-    ctx = PyString_FromString(name);
-    #else
-    ctx = PyUnicode_FromString(name);
-    #endif
-    __Pyx_ErrRestore(old_exc, old_val, old_tb);
-    if (!ctx) {
-        PyErr_WriteUnraisable(Py_None);
-    } else {
-        PyErr_WriteUnraisable(ctx);
-        Py_DECREF(ctx);
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
     }
-#ifdef WITH_THREAD
-    if (nogil)
-        PyGILState_Release(state);
 #endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
 }
 
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
 {
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
     PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
         #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
         #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
 }
-
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
+static int __Pyx_ParseKeywordDictToDict(
     PyObject *kwds,
-    PyObject **argnames[],
+    PyObject ** const argnames[],
     PyObject *kwds2,
     PyObject *values[],
     Py_ssize_t num_pos_args,
     const char* function_name)
 {
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
             values[name-argnames] = value;
-            continue;
         }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
         name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
                 }
             }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
         }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
     }
     return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
 invalid_keyword:
     PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
         "%s() got an unexpected keyword argument '%U'",
         function_name, key);
-    #endif
+    goto bad;
 bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
     return -1;
 }
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
 
 /* ArgTypeTest */
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
 {
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
     if (unlikely(!type)) {
         PyErr_SetString(PyExc_SystemError, "Missing type object");
         return 0;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
-    }
-    else {
+    else if (!exact) {
         if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
     }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
     PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
     return 0;
 }
 
 /* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
-    }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
-        }
-    }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
-}
-#else
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
     PyObject* owned_instance = NULL;
     if (tb == Py_None) {
@@ -4845,13 +7973,9 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
     }
     PyErr_SetObject(type, value);
     if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
         PyThreadState *tstate = __Pyx_PyThreadState_Current;
         PyObject* tmp_tb = tstate->curexc_traceback;
         if (tb != tmp_tb) {
@@ -4859,74 +7983,505 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
             tstate->curexc_traceback = tb;
             Py_XDECREF(tmp_tb);
         }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
 #endif
     }
 bad:
     Py_XDECREF(owned_instance);
     return;
 }
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
 #endif
 
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+                    type->tp_print = (printfunc) memb->offset;
 #endif
-    return NULL;
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
     PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
     {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
         }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
     }
-    return descr;
+    return 0;
 }
 #endif
 
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    return 0;
 }
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
 #endif
+    return r;
+#endif
+}
 
 /* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
     PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
         goto bad;
     Py_DECREF(ob);
     return 0;
@@ -4935,25 +8490,132 @@ static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
     return -1;
 }
 
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
-    PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
     }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
     }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
     return result;
 }
 
@@ -4961,7 +8623,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, P
 static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
   int ret;
   PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
   if (likely(name_attr)) {
       ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
   } else {
@@ -4986,18 +8648,18 @@ static int __Pyx_setup_reduce(PyObject* type_obj) {
     PyObject *setstate_cython = NULL;
     PyObject *getstate = NULL;
 #if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
     if (!getstate && PyErr_Occurred()) {
         goto __PYX_BAD;
     }
 #endif
     if (getstate) {
 #if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
         if (!object_getstate && PyErr_Occurred()) {
             goto __PYX_BAD;
         }
@@ -5007,33 +8669,33 @@ static int __Pyx_setup_reduce(PyObject* type_obj) {
         }
     }
 #if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
     if (reduce_ex == object_reduce_ex) {
 #if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
             if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
             } else if (reduce == object_reduce || PyErr_Occurred()) {
                 goto __PYX_BAD;
             }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
             if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
                 if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
                 } else if (!setstate || PyErr_Occurred()) {
                     goto __PYX_BAD;
                 }
@@ -5043,8 +8705,13 @@ static int __Pyx_setup_reduce(PyObject* type_obj) {
     }
     goto __PYX_GOOD;
 __PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
     ret = -1;
 __PYX_GOOD:
 #if !CYTHON_USE_PYTYPE_LOOKUP
@@ -5062,16 +8729,17 @@ static int __Pyx_setup_reduce(PyObject* type_obj) {
 }
 
 /* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
 {
     PyObject *result = 0;
-    char warning[200];
     Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
 #ifdef Py_LIMITED_API
     PyObject *py_basicsize;
+    PyObject *py_itemsize;
 #endif
     result = PyObject_GetAttrString(module, class_name);
     if (!result)
@@ -5084,7 +8752,11 @@ static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name,
     }
 #ifndef Py_LIMITED_API
     basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
 #else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
     py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
     if (!py_basicsize)
         goto bad;
@@ -5093,53 +8765,1352 @@ static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name,
     py_basicsize = 0;
     if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
         goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
 #endif
-    if ((size_t)basicsize < size) {
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
         PyErr_Format(PyExc_ValueError,
             "%.200s.%.200s size changed, may indicate binary incompatibility. "
             "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
+            module_name, class_name, size, basicsize+itemsize);
         goto bad;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
         PyErr_Format(PyExc_ValueError,
             "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
         goto bad;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
+    }
+#endif
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
+    }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
+#endif
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
+    }
+#endif
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
+    }
+    return op;
 }
 
 /* PyDictVersioning */
@@ -5169,29 +10140,34 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -5200,11 +10176,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -5232,130 +10209,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -5386,7 +10429,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -5396,6 +10439,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -5420,7 +10464,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE short __Pyx_PyInt_As_short(PyObject *x) {
+static CYTHON_INLINE short __Pyx_PyLong_As_short(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5430,179 +10474,237 @@ static CYTHON_INLINE short __Pyx_PyInt_As_short(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(short) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(short, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (short) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        short val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (short) -1;
+        val = __Pyx_PyLong_As_short(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (short) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(short, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(short, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(short) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) >= 2 * PyLong_SHIFT)) {
                             return (short) (((((short)digits[1]) << PyLong_SHIFT) | (short)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(short) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) >= 3 * PyLong_SHIFT)) {
                             return (short) (((((((short)digits[2]) << PyLong_SHIFT) | (short)digits[1]) << PyLong_SHIFT) | (short)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(short) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) >= 4 * PyLong_SHIFT)) {
                             return (short) (((((((((short)digits[3]) << PyLong_SHIFT) | (short)digits[2]) << PyLong_SHIFT) | (short)digits[1]) << PyLong_SHIFT) | (short)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (short) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (short) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(short) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(short, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(short) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(short, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(short) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(short, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(short) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(short, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (short) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(short, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(short,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(short, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(short) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) - 1 > 2 * PyLong_SHIFT)) {
                             return (short) (((short)-1)*(((((short)digits[1]) << PyLong_SHIFT) | (short)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(short) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) - 1 > 2 * PyLong_SHIFT)) {
                             return (short) ((((((short)digits[1]) << PyLong_SHIFT) | (short)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(short) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) - 1 > 3 * PyLong_SHIFT)) {
                             return (short) (((short)-1)*(((((((short)digits[2]) << PyLong_SHIFT) | (short)digits[1]) << PyLong_SHIFT) | (short)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(short) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) - 1 > 3 * PyLong_SHIFT)) {
                             return (short) ((((((((short)digits[2]) << PyLong_SHIFT) | (short)digits[1]) << PyLong_SHIFT) | (short)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(short) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) - 1 > 4 * PyLong_SHIFT)) {
                             return (short) (((short)-1)*(((((((((short)digits[3]) << PyLong_SHIFT) | (short)digits[2]) << PyLong_SHIFT) | (short)digits[1]) << PyLong_SHIFT) | (short)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(short) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(short) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(short, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(short) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(short) - 1 > 4 * PyLong_SHIFT)) {
                             return (short) ((((((((((short)digits[3]) << PyLong_SHIFT) | (short)digits[2]) << PyLong_SHIFT) | (short)digits[1]) << PyLong_SHIFT) | (short)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(short) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(short, long, PyLong_AsLong(x))
+        if ((sizeof(short) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(short, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(short) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(short, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(short) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(short, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        short val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (short) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            short val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (short) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (short) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (short) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(short) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((short) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(short) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((short) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((short) 1) << (sizeof(short) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (short) -1;
-        }
-    } else {
-        short val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (short) -1;
-        val = __Pyx_PyInt_As_short(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -5616,7 +10718,7 @@ static CYTHON_INLINE short __Pyx_PyInt_As_short(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5626,179 +10728,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -5811,8 +10971,40 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
     return (int) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5824,17 +11016,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -5842,15 +11034,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5862,33 +11126,66 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
 #endif
-        }
-    }
-    {
-        int one = 1; int little = (int)*(unsigned char *)&one;
-        unsigned char *bytes = (unsigned char *)&value;
-        return _PyLong_FromByteArray(bytes, sizeof(long),
-                                     little, !is_unsigned);
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(long),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5898,179 +11195,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -6087,7 +11442,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -6108,51 +11463,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -6183,65 +11525,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -6249,97 +11610,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -6351,25 +11848,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -6392,95 +11889,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -6519,33 +11987,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/event.pxd b/ssh/event.pxd
index 241df0da..053ed041 100644
--- a/ssh/event.pxd
+++ b/ssh/event.pxd
@@ -1,23 +1,24 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from session cimport Session
-from connector cimport Connector
+from .session cimport Session
+from .connector cimport Connector
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class Event:
diff --git a/ssh/event.pyx b/ssh/event.pyx
index 35d19d79..597bb3c6 100644
--- a/ssh/event.pyx
+++ b/ssh/event.pyx
@@ -1,27 +1,28 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from cpython cimport PyObject_AsFileDescriptor
 
-from utils cimport handle_error_codes
+from .utils cimport handle_error_codes
 
-from connector cimport Connector
-from session cimport Session
+from .connector cimport Connector
+from .session cimport Session
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class Event:
diff --git a/ssh/exceptions.c b/ssh/exceptions.c
index adc1060f..b5f5a603 100644
--- a/ssh/exceptions.c
+++ b/ssh/exceptions.c
@@ -1,22 +1,58 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.exceptions",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/exceptions.pyx"
+        ]
+    },
+    "module_name": "ssh.exceptions"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +71,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +79,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +104,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +325,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +408,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +428,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +452,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +531,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +570,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +649,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +666,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
+#else
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
+#endif
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +877,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,69 +908,193 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
+#else
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
+#endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
 #endif
 
+/* MathInitCode */
 #if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
+  #ifndef _USE_MATH_DEFINES
     #define _USE_MATH_DEFINES
   #endif
 #endif
@@ -725,12 +1114,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
-#define __PYX_ERR(f_index, lineno, Ln_error) \
-    { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
+#define __PYX_ERR(f_index, lineno, Ln_error) \
+    { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -749,12 +1156,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -789,140 +1192,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -934,26 +1326,200 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/exceptions.pyx",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -962,42 +1528,48 @@ static const char *__pyx_f[] = {
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1008,6 +1580,10 @@ static const char *__pyx_f[] = {
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1019,8 +1595,104 @@ static const char *__pyx_f[] = {
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* CalculateMetaclass.proto */
-static PyObject *__Pyx_CalculateMetaclass(PyTypeObject *metaclass, PyObject *bases);
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
 
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
@@ -1029,6 +1701,28 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* Py3UpdateBases.proto */
+static PyObject* __Pyx_PEP560_update_bases(PyObject *bases);
+
+/* CalculateMetaclass.proto */
+static PyObject *__Pyx_CalculateMetaclass(PyTypeObject *metaclass, PyObject *bases);
+
+/* PyObjectCall2Args.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
+
+/* PyObjectLookupSpecial.proto */
+#if CYTHON_USE_PYTYPE_LOOKUP && CYTHON_USE_TYPE_SLOTS
+#define __Pyx_PyObject_LookupSpecialNoError(obj, attr_name)  __Pyx__PyObject_LookupSpecial(obj, attr_name, 0)
+#define __Pyx_PyObject_LookupSpecial(obj, attr_name)  __Pyx__PyObject_LookupSpecial(obj, attr_name, 1)
+static CYTHON_INLINE PyObject* __Pyx__PyObject_LookupSpecial(PyObject* obj, PyObject* attr_name, int with_error);
+#else
+#define __Pyx_PyObject_LookupSpecialNoError(o,n) __Pyx_PyObject_GetAttrStrNoError(o,n)
+#define __Pyx_PyObject_LookupSpecial(o,n) __Pyx_PyObject_GetAttrStr(o,n)
+#endif
+
 /* Py3ClassCreate.proto */
 static PyObject *__Pyx_Py3MetaclassPrepare(PyObject *metaclass, PyObject *bases, PyObject *name, PyObject *qualname,
                                            PyObject *mkw, PyObject *modname, PyObject *doc);
@@ -1066,18 +1760,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1085,108 +1779,177 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
-#else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
-#endif
-
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
-#else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#endif
-#else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
-#endif
-
 /* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
+
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 
-/* Module declarations from 'ssh.exceptions' */
+/* Module declarations from "ssh.exceptions" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.exceptions"
 extern int __pyx_module_is_main_ssh__exceptions;
 int __pyx_module_is_main_ssh__exceptions = 0;
 
-/* Implementation of 'ssh.exceptions' */
+/* Implementation of "ssh.exceptions" */
+/* #### Code section: global_var ### */
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
 static const char __pyx_k_EOF[] = "EOF";
 static const char __pyx_k_doc[] = "__doc__";
 static const char __pyx_k_main[] = "__main__";
@@ -1202,6 +1965,7 @@ static const char __pyx_k_metaclass[] = "__metaclass__";
 static const char __pyx_k_OtherError[] = "OtherError";
 static const char __pyx_k_GSSAPIError[] = "GSSAPIError";
 static const char __pyx_k_OptionError[] = "OptionError";
+static const char __pyx_k_mro_entries[] = "__mro_entries__";
 static const char __pyx_k_BaseSSHError[] = "BaseSSHError";
 static const char __pyx_k_Disconnected[] = "Disconnected";
 static const char __pyx_k_ChannelClosed[] = "ChannelClosed";
@@ -1269,125 +2033,10 @@ static const char __pyx_k_Raised_on_partial_authentication[] = "Raised on partia
 static const char __pyx_k_Raised_on_protocol_version_not_s[] = "Raised on protocol version not supported";
 static const char __pyx_k_Raised_on_resource_shortage_erro[] = "Raised on resource shortage errors";
 static const char __pyx_k_Raised_on_too_many_connection_er[] = "Raised on too many connection errors";
-static PyObject *__pyx_n_s_AdministrativelyProhibited;
-static PyObject *__pyx_n_s_AuthenticationDenied;
-static PyObject *__pyx_n_s_AuthenticationError;
-static PyObject *__pyx_n_s_AuthenticationPartial;
-static PyObject *__pyx_n_s_BaseSSHError;
-static PyObject *__pyx_kp_s_Base_class_for_all_errors_produc;
-static PyObject *__pyx_n_s_ChannelClosed;
-static PyObject *__pyx_n_s_ChannelOpenFailure;
-static PyObject *__pyx_n_s_CompressionError;
-static PyObject *__pyx_n_s_ConnectFailed;
-static PyObject *__pyx_n_s_ConnectionLost;
-static PyObject *__pyx_n_s_Disconnected;
-static PyObject *__pyx_n_s_EOF;
-static PyObject *__pyx_n_s_GSSAPIError;
-static PyObject *__pyx_n_s_GSSAPIErrorTok;
-static PyObject *__pyx_n_s_HostAuthenticationFailed;
-static PyObject *__pyx_n_s_HostKeyNotVerifiable;
-static PyObject *__pyx_n_s_HostNotAllowedToConnect;
-static PyObject *__pyx_n_s_InvalidAPIUse;
-static PyObject *__pyx_n_s_KeyExchangeFailed;
-static PyObject *__pyx_n_s_KeyExportError;
-static PyObject *__pyx_n_s_KeyGenerationError;
-static PyObject *__pyx_n_s_KeyImportError;
-static PyObject *__pyx_n_s_MACError;
-static PyObject *__pyx_n_s_OptionError;
-static PyObject *__pyx_n_s_OtherError;
-static PyObject *__pyx_n_s_ProtocolError;
-static PyObject *__pyx_n_s_ProtocolVersionNotSupport;
-static PyObject *__pyx_kp_s_Raised_on_EOF_from_remote_channe;
-static PyObject *__pyx_kp_s_Raised_on_GSS_API_errors;
-static PyObject *__pyx_kp_s_Raised_on_GSS_API_token_errors;
-static PyObject *__pyx_kp_s_Raised_on_MAC_errors;
-static PyObject *__pyx_kp_s_Raised_on_SFTP_errors;
-static PyObject *__pyx_kp_s_Raised_on_SFTP_handle_errors;
-static PyObject *__pyx_kp_s_Raised_on_SSH_channel_open_failu;
-static PyObject *__pyx_kp_s_Raised_on_SSH_request_failures;
-static PyObject *__pyx_kp_s_Raised_on_administratively_prohi;
-static PyObject *__pyx_kp_s_Raised_on_authentication_denied;
-static PyObject *__pyx_kp_s_Raised_on_compression_errors;
-static PyObject *__pyx_kp_s_Raised_on_connect_failure;
-static PyObject *__pyx_kp_s_Raised_on_connection_lost;
-static PyObject *__pyx_kp_s_Raised_on_disconnection_errors;
-static PyObject *__pyx_kp_s_Raised_on_errors_exporting_key;
-static PyObject *__pyx_kp_s_Raised_on_errors_generating_key;
-static PyObject *__pyx_kp_s_Raised_on_errors_getting_setting;
-static PyObject *__pyx_kp_s_Raised_on_errors_importing_key;
-static PyObject *__pyx_kp_s_Raised_on_errors_returned_by_lib;
-static PyObject *__pyx_kp_s_Raised_on_fatal_errors_authentic;
-static PyObject *__pyx_kp_s_Raised_on_host_authentication_fa;
-static PyObject *__pyx_kp_s_Raised_on_host_key_not_verifiabl;
-static PyObject *__pyx_kp_s_Raised_on_host_not_allowed_to_co;
-static PyObject *__pyx_kp_s_Raised_on_invalid_uses_of_the_AP;
-static PyObject *__pyx_kp_s_Raised_on_key_exchange_failures;
-static PyObject *__pyx_kp_s_Raised_on_operations_on_closed_c;
-static PyObject *__pyx_kp_s_Raised_on_other_non_specific_fat;
-static PyObject *__pyx_kp_s_Raised_on_partial_authentication;
-static PyObject *__pyx_kp_s_Raised_on_protocol_errors;
-static PyObject *__pyx_kp_s_Raised_on_protocol_version_not_s;
-static PyObject *__pyx_kp_s_Raised_on_resource_shortage_erro;
-static PyObject *__pyx_kp_s_Raised_on_service_not_available;
-static PyObject *__pyx_kp_s_Raised_on_too_many_connection_er;
-static PyObject *__pyx_kp_s_Raised_on_unimplemented_errors;
-static PyObject *__pyx_kp_s_Raised_on_unknown_channel_type;
-static PyObject *__pyx_n_s_RequestFailure;
-static PyObject *__pyx_n_s_ResourceShortage;
-static PyObject *__pyx_n_s_SFTPError;
-static PyObject *__pyx_n_s_SFTPHandleError;
-static PyObject *__pyx_n_s_SSHError;
-static PyObject *__pyx_n_s_ServiceNotAvailable;
-static PyObject *__pyx_n_s_TooManyConnections;
-static PyObject *__pyx_n_s_UnImplemented;
-static PyObject *__pyx_n_s_UnknownChannelType;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_doc;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_metaclass;
-static PyObject *__pyx_n_s_module;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_prepare;
-static PyObject *__pyx_n_s_qualname;
-static PyObject *__pyx_n_s_ssh_exceptions;
-static PyObject *__pyx_n_s_test;
-/* Late includes */
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_exceptions(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_exceptions},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "exceptions",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
-  #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
-  #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
+/* #### Code section: decls ### */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
 #ifndef CYTHON_SMALL_CODE
 #if defined(__clang__)
     #define CYTHON_SMALL_CODE
@@ -1398,217 +2047,389 @@ static struct PyModuleDef __pyx_moduledef = {
 #endif
 #endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_AdministrativelyProhibited, __pyx_k_AdministrativelyProhibited, sizeof(__pyx_k_AdministrativelyProhibited), 0, 0, 1, 1},
-  {&__pyx_n_s_AuthenticationDenied, __pyx_k_AuthenticationDenied, sizeof(__pyx_k_AuthenticationDenied), 0, 0, 1, 1},
-  {&__pyx_n_s_AuthenticationError, __pyx_k_AuthenticationError, sizeof(__pyx_k_AuthenticationError), 0, 0, 1, 1},
-  {&__pyx_n_s_AuthenticationPartial, __pyx_k_AuthenticationPartial, sizeof(__pyx_k_AuthenticationPartial), 0, 0, 1, 1},
-  {&__pyx_n_s_BaseSSHError, __pyx_k_BaseSSHError, sizeof(__pyx_k_BaseSSHError), 0, 0, 1, 1},
-  {&__pyx_kp_s_Base_class_for_all_errors_produc, __pyx_k_Base_class_for_all_errors_produc, sizeof(__pyx_k_Base_class_for_all_errors_produc), 0, 0, 1, 0},
-  {&__pyx_n_s_ChannelClosed, __pyx_k_ChannelClosed, sizeof(__pyx_k_ChannelClosed), 0, 0, 1, 1},
-  {&__pyx_n_s_ChannelOpenFailure, __pyx_k_ChannelOpenFailure, sizeof(__pyx_k_ChannelOpenFailure), 0, 0, 1, 1},
-  {&__pyx_n_s_CompressionError, __pyx_k_CompressionError, sizeof(__pyx_k_CompressionError), 0, 0, 1, 1},
-  {&__pyx_n_s_ConnectFailed, __pyx_k_ConnectFailed, sizeof(__pyx_k_ConnectFailed), 0, 0, 1, 1},
-  {&__pyx_n_s_ConnectionLost, __pyx_k_ConnectionLost, sizeof(__pyx_k_ConnectionLost), 0, 0, 1, 1},
-  {&__pyx_n_s_Disconnected, __pyx_k_Disconnected, sizeof(__pyx_k_Disconnected), 0, 0, 1, 1},
-  {&__pyx_n_s_EOF, __pyx_k_EOF, sizeof(__pyx_k_EOF), 0, 0, 1, 1},
-  {&__pyx_n_s_GSSAPIError, __pyx_k_GSSAPIError, sizeof(__pyx_k_GSSAPIError), 0, 0, 1, 1},
-  {&__pyx_n_s_GSSAPIErrorTok, __pyx_k_GSSAPIErrorTok, sizeof(__pyx_k_GSSAPIErrorTok), 0, 0, 1, 1},
-  {&__pyx_n_s_HostAuthenticationFailed, __pyx_k_HostAuthenticationFailed, sizeof(__pyx_k_HostAuthenticationFailed), 0, 0, 1, 1},
-  {&__pyx_n_s_HostKeyNotVerifiable, __pyx_k_HostKeyNotVerifiable, sizeof(__pyx_k_HostKeyNotVerifiable), 0, 0, 1, 1},
-  {&__pyx_n_s_HostNotAllowedToConnect, __pyx_k_HostNotAllowedToConnect, sizeof(__pyx_k_HostNotAllowedToConnect), 0, 0, 1, 1},
-  {&__pyx_n_s_InvalidAPIUse, __pyx_k_InvalidAPIUse, sizeof(__pyx_k_InvalidAPIUse), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyExchangeFailed, __pyx_k_KeyExchangeFailed, sizeof(__pyx_k_KeyExchangeFailed), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyExportError, __pyx_k_KeyExportError, sizeof(__pyx_k_KeyExportError), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyGenerationError, __pyx_k_KeyGenerationError, sizeof(__pyx_k_KeyGenerationError), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyImportError, __pyx_k_KeyImportError, sizeof(__pyx_k_KeyImportError), 0, 0, 1, 1},
-  {&__pyx_n_s_MACError, __pyx_k_MACError, sizeof(__pyx_k_MACError), 0, 0, 1, 1},
-  {&__pyx_n_s_OptionError, __pyx_k_OptionError, sizeof(__pyx_k_OptionError), 0, 0, 1, 1},
-  {&__pyx_n_s_OtherError, __pyx_k_OtherError, sizeof(__pyx_k_OtherError), 0, 0, 1, 1},
-  {&__pyx_n_s_ProtocolError, __pyx_k_ProtocolError, sizeof(__pyx_k_ProtocolError), 0, 0, 1, 1},
-  {&__pyx_n_s_ProtocolVersionNotSupport, __pyx_k_ProtocolVersionNotSupport, sizeof(__pyx_k_ProtocolVersionNotSupport), 0, 0, 1, 1},
-  {&__pyx_kp_s_Raised_on_EOF_from_remote_channe, __pyx_k_Raised_on_EOF_from_remote_channe, sizeof(__pyx_k_Raised_on_EOF_from_remote_channe), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_GSS_API_errors, __pyx_k_Raised_on_GSS_API_errors, sizeof(__pyx_k_Raised_on_GSS_API_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_GSS_API_token_errors, __pyx_k_Raised_on_GSS_API_token_errors, sizeof(__pyx_k_Raised_on_GSS_API_token_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_MAC_errors, __pyx_k_Raised_on_MAC_errors, sizeof(__pyx_k_Raised_on_MAC_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_SFTP_errors, __pyx_k_Raised_on_SFTP_errors, sizeof(__pyx_k_Raised_on_SFTP_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_SFTP_handle_errors, __pyx_k_Raised_on_SFTP_handle_errors, sizeof(__pyx_k_Raised_on_SFTP_handle_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_SSH_channel_open_failu, __pyx_k_Raised_on_SSH_channel_open_failu, sizeof(__pyx_k_Raised_on_SSH_channel_open_failu), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_SSH_request_failures, __pyx_k_Raised_on_SSH_request_failures, sizeof(__pyx_k_Raised_on_SSH_request_failures), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_administratively_prohi, __pyx_k_Raised_on_administratively_prohi, sizeof(__pyx_k_Raised_on_administratively_prohi), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_authentication_denied, __pyx_k_Raised_on_authentication_denied, sizeof(__pyx_k_Raised_on_authentication_denied), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_compression_errors, __pyx_k_Raised_on_compression_errors, sizeof(__pyx_k_Raised_on_compression_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_connect_failure, __pyx_k_Raised_on_connect_failure, sizeof(__pyx_k_Raised_on_connect_failure), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_connection_lost, __pyx_k_Raised_on_connection_lost, sizeof(__pyx_k_Raised_on_connection_lost), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_disconnection_errors, __pyx_k_Raised_on_disconnection_errors, sizeof(__pyx_k_Raised_on_disconnection_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_errors_exporting_key, __pyx_k_Raised_on_errors_exporting_key, sizeof(__pyx_k_Raised_on_errors_exporting_key), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_errors_generating_key, __pyx_k_Raised_on_errors_generating_key, sizeof(__pyx_k_Raised_on_errors_generating_key), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_errors_getting_setting, __pyx_k_Raised_on_errors_getting_setting, sizeof(__pyx_k_Raised_on_errors_getting_setting), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_errors_importing_key, __pyx_k_Raised_on_errors_importing_key, sizeof(__pyx_k_Raised_on_errors_importing_key), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_errors_returned_by_lib, __pyx_k_Raised_on_errors_returned_by_lib, sizeof(__pyx_k_Raised_on_errors_returned_by_lib), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_fatal_errors_authentic, __pyx_k_Raised_on_fatal_errors_authentic, sizeof(__pyx_k_Raised_on_fatal_errors_authentic), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_host_authentication_fa, __pyx_k_Raised_on_host_authentication_fa, sizeof(__pyx_k_Raised_on_host_authentication_fa), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_host_key_not_verifiabl, __pyx_k_Raised_on_host_key_not_verifiabl, sizeof(__pyx_k_Raised_on_host_key_not_verifiabl), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_host_not_allowed_to_co, __pyx_k_Raised_on_host_not_allowed_to_co, sizeof(__pyx_k_Raised_on_host_not_allowed_to_co), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_invalid_uses_of_the_AP, __pyx_k_Raised_on_invalid_uses_of_the_AP, sizeof(__pyx_k_Raised_on_invalid_uses_of_the_AP), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_key_exchange_failures, __pyx_k_Raised_on_key_exchange_failures, sizeof(__pyx_k_Raised_on_key_exchange_failures), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_operations_on_closed_c, __pyx_k_Raised_on_operations_on_closed_c, sizeof(__pyx_k_Raised_on_operations_on_closed_c), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_other_non_specific_fat, __pyx_k_Raised_on_other_non_specific_fat, sizeof(__pyx_k_Raised_on_other_non_specific_fat), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_partial_authentication, __pyx_k_Raised_on_partial_authentication, sizeof(__pyx_k_Raised_on_partial_authentication), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_protocol_errors, __pyx_k_Raised_on_protocol_errors, sizeof(__pyx_k_Raised_on_protocol_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_protocol_version_not_s, __pyx_k_Raised_on_protocol_version_not_s, sizeof(__pyx_k_Raised_on_protocol_version_not_s), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_resource_shortage_erro, __pyx_k_Raised_on_resource_shortage_erro, sizeof(__pyx_k_Raised_on_resource_shortage_erro), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_service_not_available, __pyx_k_Raised_on_service_not_available, sizeof(__pyx_k_Raised_on_service_not_available), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_too_many_connection_er, __pyx_k_Raised_on_too_many_connection_er, sizeof(__pyx_k_Raised_on_too_many_connection_er), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_unimplemented_errors, __pyx_k_Raised_on_unimplemented_errors, sizeof(__pyx_k_Raised_on_unimplemented_errors), 0, 0, 1, 0},
-  {&__pyx_kp_s_Raised_on_unknown_channel_type, __pyx_k_Raised_on_unknown_channel_type, sizeof(__pyx_k_Raised_on_unknown_channel_type), 0, 0, 1, 0},
-  {&__pyx_n_s_RequestFailure, __pyx_k_RequestFailure, sizeof(__pyx_k_RequestFailure), 0, 0, 1, 1},
-  {&__pyx_n_s_ResourceShortage, __pyx_k_ResourceShortage, sizeof(__pyx_k_ResourceShortage), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPError, __pyx_k_SFTPError, sizeof(__pyx_k_SFTPError), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPHandleError, __pyx_k_SFTPHandleError, sizeof(__pyx_k_SFTPHandleError), 0, 0, 1, 1},
-  {&__pyx_n_s_SSHError, __pyx_k_SSHError, sizeof(__pyx_k_SSHError), 0, 0, 1, 1},
-  {&__pyx_n_s_ServiceNotAvailable, __pyx_k_ServiceNotAvailable, sizeof(__pyx_k_ServiceNotAvailable), 0, 0, 1, 1},
-  {&__pyx_n_s_TooManyConnections, __pyx_k_TooManyConnections, sizeof(__pyx_k_TooManyConnections), 0, 0, 1, 1},
-  {&__pyx_n_s_UnImplemented, __pyx_k_UnImplemented, sizeof(__pyx_k_UnImplemented), 0, 0, 1, 1},
-  {&__pyx_n_s_UnknownChannelType, __pyx_k_UnknownChannelType, sizeof(__pyx_k_UnknownChannelType), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_doc, __pyx_k_doc, sizeof(__pyx_k_doc), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_metaclass, __pyx_k_metaclass, sizeof(__pyx_k_metaclass), 0, 0, 1, 1},
-  {&__pyx_n_s_module, __pyx_k_module, sizeof(__pyx_k_module), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_prepare, __pyx_k_prepare, sizeof(__pyx_k_prepare), 0, 0, 1, 1},
-  {&__pyx_n_s_qualname, __pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_exceptions, __pyx_k_ssh_exceptions, sizeof(__pyx_k_ssh_exceptions), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  return 0;
-}
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyObject *__pyx_string_tab[84];
+/* #### Code section: module_state_contents ### */
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
 
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
 
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_AdministrativelyProhibited __pyx_string_tab[1]
+#define __pyx_n_u_AuthenticationDenied __pyx_string_tab[2]
+#define __pyx_n_u_AuthenticationError __pyx_string_tab[3]
+#define __pyx_n_u_AuthenticationPartial __pyx_string_tab[4]
+#define __pyx_n_u_BaseSSHError __pyx_string_tab[5]
+#define __pyx_kp_u_Base_class_for_all_errors_produc __pyx_string_tab[6]
+#define __pyx_n_u_ChannelClosed __pyx_string_tab[7]
+#define __pyx_n_u_ChannelOpenFailure __pyx_string_tab[8]
+#define __pyx_n_u_CompressionError __pyx_string_tab[9]
+#define __pyx_n_u_ConnectFailed __pyx_string_tab[10]
+#define __pyx_n_u_ConnectionLost __pyx_string_tab[11]
+#define __pyx_n_u_Disconnected __pyx_string_tab[12]
+#define __pyx_n_u_EOF __pyx_string_tab[13]
+#define __pyx_n_u_GSSAPIError __pyx_string_tab[14]
+#define __pyx_n_u_GSSAPIErrorTok __pyx_string_tab[15]
+#define __pyx_n_u_HostAuthenticationFailed __pyx_string_tab[16]
+#define __pyx_n_u_HostKeyNotVerifiable __pyx_string_tab[17]
+#define __pyx_n_u_HostNotAllowedToConnect __pyx_string_tab[18]
+#define __pyx_n_u_InvalidAPIUse __pyx_string_tab[19]
+#define __pyx_n_u_KeyExchangeFailed __pyx_string_tab[20]
+#define __pyx_n_u_KeyExportError __pyx_string_tab[21]
+#define __pyx_n_u_KeyGenerationError __pyx_string_tab[22]
+#define __pyx_n_u_KeyImportError __pyx_string_tab[23]
+#define __pyx_n_u_MACError __pyx_string_tab[24]
+#define __pyx_n_u_OptionError __pyx_string_tab[25]
+#define __pyx_n_u_OtherError __pyx_string_tab[26]
+#define __pyx_n_u_ProtocolError __pyx_string_tab[27]
+#define __pyx_n_u_ProtocolVersionNotSupport __pyx_string_tab[28]
+#define __pyx_kp_u_Raised_on_EOF_from_remote_channe __pyx_string_tab[29]
+#define __pyx_kp_u_Raised_on_GSS_API_errors __pyx_string_tab[30]
+#define __pyx_kp_u_Raised_on_GSS_API_token_errors __pyx_string_tab[31]
+#define __pyx_kp_u_Raised_on_MAC_errors __pyx_string_tab[32]
+#define __pyx_kp_u_Raised_on_SFTP_errors __pyx_string_tab[33]
+#define __pyx_kp_u_Raised_on_SFTP_handle_errors __pyx_string_tab[34]
+#define __pyx_kp_u_Raised_on_SSH_channel_open_failu __pyx_string_tab[35]
+#define __pyx_kp_u_Raised_on_SSH_request_failures __pyx_string_tab[36]
+#define __pyx_kp_u_Raised_on_administratively_prohi __pyx_string_tab[37]
+#define __pyx_kp_u_Raised_on_authentication_denied __pyx_string_tab[38]
+#define __pyx_kp_u_Raised_on_compression_errors __pyx_string_tab[39]
+#define __pyx_kp_u_Raised_on_connect_failure __pyx_string_tab[40]
+#define __pyx_kp_u_Raised_on_connection_lost __pyx_string_tab[41]
+#define __pyx_kp_u_Raised_on_disconnection_errors __pyx_string_tab[42]
+#define __pyx_kp_u_Raised_on_errors_exporting_key __pyx_string_tab[43]
+#define __pyx_kp_u_Raised_on_errors_generating_key __pyx_string_tab[44]
+#define __pyx_kp_u_Raised_on_errors_getting_setting __pyx_string_tab[45]
+#define __pyx_kp_u_Raised_on_errors_importing_key __pyx_string_tab[46]
+#define __pyx_kp_u_Raised_on_errors_returned_by_lib __pyx_string_tab[47]
+#define __pyx_kp_u_Raised_on_fatal_errors_authentic __pyx_string_tab[48]
+#define __pyx_kp_u_Raised_on_host_authentication_fa __pyx_string_tab[49]
+#define __pyx_kp_u_Raised_on_host_key_not_verifiabl __pyx_string_tab[50]
+#define __pyx_kp_u_Raised_on_host_not_allowed_to_co __pyx_string_tab[51]
+#define __pyx_kp_u_Raised_on_invalid_uses_of_the_AP __pyx_string_tab[52]
+#define __pyx_kp_u_Raised_on_key_exchange_failures __pyx_string_tab[53]
+#define __pyx_kp_u_Raised_on_operations_on_closed_c __pyx_string_tab[54]
+#define __pyx_kp_u_Raised_on_other_non_specific_fat __pyx_string_tab[55]
+#define __pyx_kp_u_Raised_on_partial_authentication __pyx_string_tab[56]
+#define __pyx_kp_u_Raised_on_protocol_errors __pyx_string_tab[57]
+#define __pyx_kp_u_Raised_on_protocol_version_not_s __pyx_string_tab[58]
+#define __pyx_kp_u_Raised_on_resource_shortage_erro __pyx_string_tab[59]
+#define __pyx_kp_u_Raised_on_service_not_available __pyx_string_tab[60]
+#define __pyx_kp_u_Raised_on_too_many_connection_er __pyx_string_tab[61]
+#define __pyx_kp_u_Raised_on_unimplemented_errors __pyx_string_tab[62]
+#define __pyx_kp_u_Raised_on_unknown_channel_type __pyx_string_tab[63]
+#define __pyx_n_u_RequestFailure __pyx_string_tab[64]
+#define __pyx_n_u_ResourceShortage __pyx_string_tab[65]
+#define __pyx_n_u_SFTPError __pyx_string_tab[66]
+#define __pyx_n_u_SFTPHandleError __pyx_string_tab[67]
+#define __pyx_n_u_SSHError __pyx_string_tab[68]
+#define __pyx_n_u_ServiceNotAvailable __pyx_string_tab[69]
+#define __pyx_n_u_TooManyConnections __pyx_string_tab[70]
+#define __pyx_n_u_UnImplemented __pyx_string_tab[71]
+#define __pyx_n_u_UnknownChannelType __pyx_string_tab[72]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[73]
+#define __pyx_n_u_doc __pyx_string_tab[74]
+#define __pyx_n_u_main __pyx_string_tab[75]
+#define __pyx_n_u_metaclass __pyx_string_tab[76]
+#define __pyx_n_u_module __pyx_string_tab[77]
+#define __pyx_n_u_mro_entries __pyx_string_tab[78]
+#define __pyx_n_u_name __pyx_string_tab[79]
+#define __pyx_n_u_prepare __pyx_string_tab[80]
+#define __pyx_n_u_qualname __pyx_string_tab[81]
+#define __pyx_n_u_ssh_exceptions __pyx_string_tab[82]
+#define __pyx_n_u_test __pyx_string_tab[83]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  for (int i=0; i<84; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  for (int i=0; i<84; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
   return 0;
-  __pyx_L1_error:;
-  return -1;
 }
+#endif
+/* #### Code section: module_code ### */
+/* #### Code section: module_exttypes ### */
 
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
+};
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
 
-static int __Pyx_modinit_global_init_code(void) {
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
   /*--- Type init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_exceptions(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_exceptions},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "exceptions",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initexceptions(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initexceptions(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_exceptions(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_exceptions(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -1616,7 +2437,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -1631,10 +2454,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -1657,12 +2483,17 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_exceptions(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
+  PyObject *__pyx_t_5 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1673,9 +2504,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_exceptions(PyObject *__pyx_pyinit_
     PyErr_SetString(PyExc_RuntimeError, "Module 'exceptions' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "exceptions" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -1685,88 +2544,61 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_exceptions(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_exceptions", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("exceptions", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__exceptions) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.exceptions")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.exceptions", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.exceptions", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  (void)__Pyx_modinit_type_init_code();
-  (void)__Pyx_modinit_type_import_code();
-  (void)__Pyx_modinit_variable_import_code();
-  (void)__Pyx_modinit_function_import_code();
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_type_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_type_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_import_code(__pyx_mstate);
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/exceptions.pyx":18
  * 
@@ -1774,23 +2606,26 @@ if (!__Pyx_RefNanny) {
  * class OptionError(Exception):             # <<<<<<<<<<<<<<
  *     """Raised on errors getting/setting options"""
  * 
- */
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 18, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-  __Pyx_GIVEREF(((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-  PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 18, __pyx_L1_error)
+*/
+  __pyx_t_2 = PyTuple_Pack(1, ((PyObject *)(((PyTypeObject*)PyExc_Exception)))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 18, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_OptionError, __pyx_n_s_OptionError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_errors_getting_setting); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 18, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 18, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_OptionError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 18, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_CalculateMetaclass(NULL, __pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 18, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_OptionError, __pyx_t_4) < 0) __PYX_ERR(0, 18, __pyx_L1_error)
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_4, __pyx_t_3, __pyx_mstate_global->__pyx_n_u_OptionError, __pyx_mstate_global->__pyx_n_u_OptionError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_errors_getting_setting); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 18, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_3 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 18, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_OptionError, __pyx_t_3, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 18, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_OptionError, __pyx_t_2) < 0) __PYX_ERR(0, 18, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "ssh/exceptions.pyx":22
  * 
@@ -1798,23 +2633,26 @@ if (!__Pyx_RefNanny) {
  * class BaseSSHError(Exception):             # <<<<<<<<<<<<<<
  *     """Base class for all errors produced by libssh"""
  * 
- */
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-  __Pyx_GIVEREF(((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-  PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)(&((PyTypeObject*)PyExc_Exception)[0])));
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_BaseSSHError, __pyx_n_s_BaseSSHError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Base_class_for_all_errors_produc); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 22, __pyx_L1_error)
+*/
+  __pyx_t_3 = PyTuple_Pack(1, ((PyObject *)(((PyTypeObject*)PyExc_Exception)))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_BaseSSHError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_BaseSSHError, __pyx_t_4) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError, __pyx_mstate_global->__pyx_n_u_BaseSSHError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Base_class_for_all_errors_produc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 22, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_BaseSSHError, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_BaseSSHError, __pyx_t_3) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":26
  * 
@@ -1822,25 +2660,29 @@ if (!__Pyx_RefNanny) {
  * class SSHError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on errors returned by libssh.
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_SSHError, __pyx_n_s_SSHError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_errors_returned_by_lib); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_SSHError, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 26, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 26, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSHError, __pyx_t_4) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_SSHError, __pyx_mstate_global->__pyx_n_u_SSHError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_errors_returned_by_lib); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 26, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_SSHError, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSHError, __pyx_t_5) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":37
  * 
@@ -1848,25 +2690,29 @@ if (!__Pyx_RefNanny) {
  * class OtherError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on other non-specific fatal errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 37, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_OtherError, __pyx_n_s_OtherError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_other_non_specific_fat); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 37, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_OtherError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 37, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 37, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_OtherError, __pyx_t_4) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_OtherError, __pyx_mstate_global->__pyx_n_u_OtherError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_other_non_specific_fat); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 37, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_OtherError, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_OtherError, __pyx_t_2) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":41
  * 
@@ -1874,25 +2720,29 @@ if (!__Pyx_RefNanny) {
  * class AuthenticationDenied(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on authentication denied errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_AuthenticationDenied, __pyx_n_s_AuthenticationDenied, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_authentication_denied); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_AuthenticationDenied, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 41, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 41, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AuthenticationDenied, __pyx_t_4) < 0) __PYX_ERR(0, 41, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_authentication_denied); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 41, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied, __pyx_t_3) < 0) __PYX_ERR(0, 41, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":45
  * 
@@ -1900,25 +2750,29 @@ if (!__Pyx_RefNanny) {
  * class AuthenticationError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on fatal errors authenticating"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_AuthenticationError, __pyx_n_s_AuthenticationError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_fatal_errors_authentic); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_AuthenticationError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 45, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 45, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AuthenticationError, __pyx_t_4) < 0) __PYX_ERR(0, 45, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_AuthenticationError, __pyx_mstate_global->__pyx_n_u_AuthenticationError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_fatal_errors_authentic); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 45, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_AuthenticationError, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AuthenticationError, __pyx_t_5) < 0) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":49
  * 
@@ -1926,25 +2780,29 @@ if (!__Pyx_RefNanny) {
  * class AuthenticationPartial(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on partial authentication"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 49, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 49, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 49, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_AuthenticationPartial, __pyx_n_s_AuthenticationPartial, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_partial_authentication); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 49, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_AuthenticationPartial, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 49, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 49, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AuthenticationPartial, __pyx_t_4) < 0) __PYX_ERR(0, 49, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_partial_authentication); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 49, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial, __pyx_t_2) < 0) __PYX_ERR(0, 49, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":53
  * 
@@ -1952,25 +2810,29 @@ if (!__Pyx_RefNanny) {
  * class KeyExportError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on errors exporting key"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 53, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 53, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 53, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_KeyExportError, __pyx_n_s_KeyExportError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_errors_exporting_key); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 53, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_KeyExportError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 53, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 53, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyExportError, __pyx_t_4) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_KeyExportError, __pyx_mstate_global->__pyx_n_u_KeyExportError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_errors_exporting_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 53, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_KeyExportError, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyExportError, __pyx_t_3) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":57
  * 
@@ -1978,25 +2840,29 @@ if (!__Pyx_RefNanny) {
  * class KeyImportError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on errors importing key"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 57, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 57, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 57, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_KeyImportError, __pyx_n_s_KeyImportError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_errors_importing_key); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 57, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_KeyImportError, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 57, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 57, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyImportError, __pyx_t_4) < 0) __PYX_ERR(0, 57, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_KeyImportError, __pyx_mstate_global->__pyx_n_u_KeyImportError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_errors_importing_key); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 57, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_KeyImportError, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyImportError, __pyx_t_5) < 0) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":61
  * 
@@ -2004,25 +2870,29 @@ if (!__Pyx_RefNanny) {
  * class KeyGenerationError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on errors generating key"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 61, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 61, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 61, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_KeyGenerationError, __pyx_n_s_KeyGenerationError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_errors_generating_key); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 61, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_KeyGenerationError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 61, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 61, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyGenerationError, __pyx_t_4) < 0) __PYX_ERR(0, 61, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_KeyGenerationError, __pyx_mstate_global->__pyx_n_u_KeyGenerationError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_errors_generating_key); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 61, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyGenerationError, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyGenerationError, __pyx_t_2) < 0) __PYX_ERR(0, 61, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":65
  * 
@@ -2030,25 +2900,29 @@ if (!__Pyx_RefNanny) {
  * class EOF(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on EOF from remote channel"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 65, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 65, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 65, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_EOF, __pyx_n_s_EOF, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_EOF_from_remote_channe); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 65, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_EOF, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 65, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 65, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_EOF, __pyx_t_4) < 0) __PYX_ERR(0, 65, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_EOF, __pyx_mstate_global->__pyx_n_u_EOF, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_EOF_from_remote_channe); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 65, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_EOF, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_EOF, __pyx_t_3) < 0) __PYX_ERR(0, 65, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":69
  * 
@@ -2056,25 +2930,29 @@ if (!__Pyx_RefNanny) {
  * class InvalidAPIUse(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on invalid uses of the API"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 69, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 69, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 69, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_InvalidAPIUse, __pyx_n_s_InvalidAPIUse, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_invalid_uses_of_the_AP); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 69, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_InvalidAPIUse, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 69, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 69, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_InvalidAPIUse, __pyx_t_4) < 0) __PYX_ERR(0, 69, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_invalid_uses_of_the_AP); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 69, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse, __pyx_t_5) < 0) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":73
  * 
@@ -2082,25 +2960,29 @@ if (!__Pyx_RefNanny) {
  * class Disconnected(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on disconnection errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_Disconnected, __pyx_n_s_Disconnected, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_disconnection_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_Disconnected, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 73, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 73, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_Disconnected, __pyx_t_4) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_Disconnected, __pyx_mstate_global->__pyx_n_u_Disconnected, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_disconnection_errors); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 73, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_Disconnected, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_Disconnected, __pyx_t_2) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":77
  * 
@@ -2108,25 +2990,29 @@ if (!__Pyx_RefNanny) {
  * class UnImplemented(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on unimplemented errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 77, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 77, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 77, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_UnImplemented, __pyx_n_s_UnImplemented, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_unimplemented_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 77, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_UnImplemented, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 77, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 77, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_UnImplemented, __pyx_t_4) < 0) __PYX_ERR(0, 77, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_UnImplemented, __pyx_mstate_global->__pyx_n_u_UnImplemented, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_unimplemented_errors); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 77, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_UnImplemented, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_UnImplemented, __pyx_t_3) < 0) __PYX_ERR(0, 77, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":81
  * 
@@ -2134,25 +3020,29 @@ if (!__Pyx_RefNanny) {
  * class GSSAPIError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on GSS API errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 81, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 81, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 81, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_GSSAPIError, __pyx_n_s_GSSAPIError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_GSS_API_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 81, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_GSSAPIError, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 81, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 81, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GSSAPIError, __pyx_t_4) < 0) __PYX_ERR(0, 81, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_GSSAPIError, __pyx_mstate_global->__pyx_n_u_GSSAPIError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_GSS_API_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 81, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_GSSAPIError, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GSSAPIError, __pyx_t_5) < 0) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":85
  * 
@@ -2160,25 +3050,29 @@ if (!__Pyx_RefNanny) {
  * class GSSAPIErrorTok(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on GSS API token errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 85, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_GSSAPIErrorTok, __pyx_n_s_GSSAPIErrorTok, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_GSS_API_token_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 85, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_GSSAPIErrorTok, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 85, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 85, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GSSAPIErrorTok, __pyx_t_4) < 0) __PYX_ERR(0, 85, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_GSSAPIErrorTok, __pyx_mstate_global->__pyx_n_u_GSSAPIErrorTok, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_GSS_API_token_errors); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 85, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_GSSAPIErrorTok, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GSSAPIErrorTok, __pyx_t_2) < 0) __PYX_ERR(0, 85, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":89
  * 
@@ -2186,25 +3080,29 @@ if (!__Pyx_RefNanny) {
  * class RequestFailure(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on SSH request failures"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 89, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 89, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 89, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_RequestFailure, __pyx_n_s_RequestFailure, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_SSH_request_failures); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 89, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_RequestFailure, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 89, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 89, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_RequestFailure, __pyx_t_4) < 0) __PYX_ERR(0, 89, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 89, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 89, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 89, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_RequestFailure, __pyx_mstate_global->__pyx_n_u_RequestFailure, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_SSH_request_failures); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 89, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 89, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_RequestFailure, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 89, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_RequestFailure, __pyx_t_3) < 0) __PYX_ERR(0, 89, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":93
  * 
@@ -2212,25 +3110,29 @@ if (!__Pyx_RefNanny) {
  * class ChannelOpenFailure(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on SSH channel open failures"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 93, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 93, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 93, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ChannelOpenFailure, __pyx_n_s_ChannelOpenFailure, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_SSH_channel_open_failu); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 93, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ChannelOpenFailure, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 93, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 93, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ChannelOpenFailure, __pyx_t_4) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_SSH_channel_open_failu); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 93, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure, __pyx_t_5) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":97
  * 
@@ -2238,25 +3140,29 @@ if (!__Pyx_RefNanny) {
  * class HostNotAllowedToConnect(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on host not allowed to connect errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 97, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 97, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 97, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_HostNotAllowedToConnect, __pyx_n_s_HostNotAllowedToConnect, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_host_not_allowed_to_co); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 97, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_HostNotAllowedToConnect, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 97, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 97, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HostNotAllowedToConnect, __pyx_t_4) < 0) __PYX_ERR(0, 97, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_HostNotAllowedToConnect, __pyx_mstate_global->__pyx_n_u_HostNotAllowedToConnect, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_host_not_allowed_to_co); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 97, __pyx_L1_error)
+  }
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_HostNotAllowedToConnect, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HostNotAllowedToConnect, __pyx_t_2) < 0) __PYX_ERR(0, 97, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":101
  * 
@@ -2264,25 +3170,29 @@ if (!__Pyx_RefNanny) {
  * class ProtocolError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on protocol errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 101, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 101, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 101, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ProtocolError, __pyx_n_s_ProtocolError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_protocol_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 101, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ProtocolError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 101, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 101, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ProtocolError, __pyx_t_4) < 0) __PYX_ERR(0, 101, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 101, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 101, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 101, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ProtocolError, __pyx_mstate_global->__pyx_n_u_ProtocolError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_protocol_errors); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 101, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 101, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_ProtocolError, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 101, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ProtocolError, __pyx_t_3) < 0) __PYX_ERR(0, 101, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":105
  * 
@@ -2290,25 +3200,29 @@ if (!__Pyx_RefNanny) {
  * class KeyExchangeFailed(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on key exchange failures"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 105, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 105, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 105, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_KeyExchangeFailed, __pyx_n_s_KeyExchangeFailed, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_key_exchange_failures); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 105, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_KeyExchangeFailed, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 105, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 105, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyExchangeFailed, __pyx_t_4) < 0) __PYX_ERR(0, 105, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_KeyExchangeFailed, __pyx_mstate_global->__pyx_n_u_KeyExchangeFailed, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_key_exchange_failures); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 105, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_KeyExchangeFailed, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyExchangeFailed, __pyx_t_5) < 0) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":109
  * 
@@ -2316,25 +3230,29 @@ if (!__Pyx_RefNanny) {
  * class HostAuthenticationFailed(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on host authentication failures"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 109, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 109, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 109, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_HostAuthenticationFailed, __pyx_n_s_HostAuthenticationFailed, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_host_authentication_fa); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 109, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_HostAuthenticationFailed, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 109, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 109, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HostAuthenticationFailed, __pyx_t_4) < 0) __PYX_ERR(0, 109, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 109, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 109, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 109, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_HostAuthenticationFailed, __pyx_mstate_global->__pyx_n_u_HostAuthenticationFailed, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_host_authentication_fa); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 109, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 109, __pyx_L1_error)
+  }
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_HostAuthenticationFailed, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 109, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HostAuthenticationFailed, __pyx_t_2) < 0) __PYX_ERR(0, 109, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":113
  * 
@@ -2342,25 +3260,29 @@ if (!__Pyx_RefNanny) {
  * class MACError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on MAC errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 113, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_MACError, __pyx_n_s_MACError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_MAC_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 113, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_MACError, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 113, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 113, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_MACError, __pyx_t_4) < 0) __PYX_ERR(0, 113, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 113, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 113, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 113, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_MACError, __pyx_mstate_global->__pyx_n_u_MACError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_MAC_errors); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 113, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 113, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_MACError, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 113, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_MACError, __pyx_t_3) < 0) __PYX_ERR(0, 113, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":117
  * 
@@ -2368,25 +3290,29 @@ if (!__Pyx_RefNanny) {
  * class CompressionError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on compression errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 117, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 117, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 117, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_CompressionError, __pyx_n_s_CompressionError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_compression_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 117, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_CompressionError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 117, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 117, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_CompressionError, __pyx_t_4) < 0) __PYX_ERR(0, 117, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_CompressionError, __pyx_mstate_global->__pyx_n_u_CompressionError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_compression_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 117, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_CompressionError, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_CompressionError, __pyx_t_5) < 0) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":121
  * 
@@ -2394,25 +3320,29 @@ if (!__Pyx_RefNanny) {
  * class ServiceNotAvailable(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on service not available errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 121, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 121, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_ServiceNotAvailable, __pyx_n_s_ServiceNotAvailable, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_service_not_available); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 121, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_ServiceNotAvailable, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 121, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 121, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ServiceNotAvailable, __pyx_t_4) < 0) __PYX_ERR(0, 121, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ServiceNotAvailable, __pyx_mstate_global->__pyx_n_u_ServiceNotAvailable, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_service_not_available); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 121, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_ServiceNotAvailable, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ServiceNotAvailable, __pyx_t_2) < 0) __PYX_ERR(0, 121, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":125
  * 
@@ -2420,25 +3350,29 @@ if (!__Pyx_RefNanny) {
  * class ProtocolVersionNotSupport(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on protocol version not supported"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 125, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 125, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 125, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ProtocolVersionNotSupport, __pyx_n_s_ProtocolVersionNotSupport, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_protocol_version_not_s); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 125, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ProtocolVersionNotSupport, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 125, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 125, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ProtocolVersionNotSupport, __pyx_t_4) < 0) __PYX_ERR(0, 125, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 125, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 125, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 125, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ProtocolVersionNotSupport, __pyx_mstate_global->__pyx_n_u_ProtocolVersionNotSupport, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_protocol_version_not_s); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 125, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 125, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_ProtocolVersionNotSupport, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 125, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ProtocolVersionNotSupport, __pyx_t_3) < 0) __PYX_ERR(0, 125, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":129
  * 
@@ -2446,25 +3380,29 @@ if (!__Pyx_RefNanny) {
  * class HostKeyNotVerifiable(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on host key not verifiable errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 129, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 129, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 129, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_HostKeyNotVerifiable, __pyx_n_s_HostKeyNotVerifiable, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_host_key_not_verifiabl); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 129, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_HostKeyNotVerifiable, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 129, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 129, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HostKeyNotVerifiable, __pyx_t_4) < 0) __PYX_ERR(0, 129, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_HostKeyNotVerifiable, __pyx_mstate_global->__pyx_n_u_HostKeyNotVerifiable, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_host_key_not_verifiabl); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 129, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_HostKeyNotVerifiable, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HostKeyNotVerifiable, __pyx_t_5) < 0) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":133
  * 
@@ -2472,25 +3410,29 @@ if (!__Pyx_RefNanny) {
  * class ConnectionLost(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on connection lost"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 133, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 133, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 133, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ConnectionLost, __pyx_n_s_ConnectionLost, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_connection_lost); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 133, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ConnectionLost, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 133, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 133, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ConnectionLost, __pyx_t_4) < 0) __PYX_ERR(0, 133, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ConnectionLost, __pyx_mstate_global->__pyx_n_u_ConnectionLost, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_connection_lost); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 133, __pyx_L1_error)
+  }
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_ConnectionLost, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ConnectionLost, __pyx_t_2) < 0) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":137
  * 
@@ -2498,25 +3440,29 @@ if (!__Pyx_RefNanny) {
  * class TooManyConnections(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on too many connection errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 137, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 137, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 137, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_TooManyConnections, __pyx_n_s_TooManyConnections, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_too_many_connection_er); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 137, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_TooManyConnections, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 137, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 137, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_TooManyConnections, __pyx_t_4) < 0) __PYX_ERR(0, 137, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 137, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 137, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 137, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_TooManyConnections, __pyx_mstate_global->__pyx_n_u_TooManyConnections, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_too_many_connection_er); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 137, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 137, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_TooManyConnections, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 137, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_TooManyConnections, __pyx_t_3) < 0) __PYX_ERR(0, 137, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":141
  * 
@@ -2524,25 +3470,29 @@ if (!__Pyx_RefNanny) {
  * class AdministrativelyProhibited(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on administratively prohibited errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 141, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 141, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 141, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_AdministrativelyProhibited, __pyx_n_s_AdministrativelyProhibited, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_administratively_prohi); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 141, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_AdministrativelyProhibited, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 141, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 141, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AdministrativelyProhibited, __pyx_t_4) < 0) __PYX_ERR(0, 141, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_AdministrativelyProhibited, __pyx_mstate_global->__pyx_n_u_AdministrativelyProhibited, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_administratively_prohi); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 141, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_AdministrativelyProhibited, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AdministrativelyProhibited, __pyx_t_5) < 0) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":145
  * 
@@ -2550,25 +3500,29 @@ if (!__Pyx_RefNanny) {
  * class ConnectFailed(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on connect failure"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 145, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 145, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 145, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_ConnectFailed, __pyx_n_s_ConnectFailed, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_connect_failure); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 145, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_ConnectFailed, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 145, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 145, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ConnectFailed, __pyx_t_4) < 0) __PYX_ERR(0, 145, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 145, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 145, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 145, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ConnectFailed, __pyx_mstate_global->__pyx_n_u_ConnectFailed, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_connect_failure); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 145, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 145, __pyx_L1_error)
+  }
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_ConnectFailed, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 145, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ConnectFailed, __pyx_t_2) < 0) __PYX_ERR(0, 145, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":149
  * 
@@ -2576,25 +3530,29 @@ if (!__Pyx_RefNanny) {
  * class UnknownChannelType(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on unknown channel type"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 149, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 149, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 149, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_UnknownChannelType, __pyx_n_s_UnknownChannelType, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_unknown_channel_type); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 149, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_UnknownChannelType, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 149, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 149, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_UnknownChannelType, __pyx_t_4) < 0) __PYX_ERR(0, 149, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 149, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 149, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 149, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_UnknownChannelType, __pyx_mstate_global->__pyx_n_u_UnknownChannelType, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_unknown_channel_type); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 149, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 149, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_UnknownChannelType, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 149, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_UnknownChannelType, __pyx_t_3) < 0) __PYX_ERR(0, 149, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":153
  * 
@@ -2602,25 +3560,29 @@ if (!__Pyx_RefNanny) {
  * class ResourceShortage(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on resource shortage errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_ResourceShortage, __pyx_n_s_ResourceShortage, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_resource_shortage_erro); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_ResourceShortage, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 153, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 153, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ResourceShortage, __pyx_t_4) < 0) __PYX_ERR(0, 153, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ResourceShortage, __pyx_mstate_global->__pyx_n_u_ResourceShortage, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_resource_shortage_erro); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 153, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_ResourceShortage, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ResourceShortage, __pyx_t_5) < 0) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":157
  * 
@@ -2628,25 +3590,29 @@ if (!__Pyx_RefNanny) {
  * class SFTPError(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on SFTP errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 157, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_SFTPError, __pyx_n_s_SFTPError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_SFTP_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 157, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_SFTPError, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 157, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 157, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SFTPError, __pyx_t_4) < 0) __PYX_ERR(0, 157, __pyx_L1_error)
+  __pyx_t_2 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_3 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_5 = __Pyx_Py3MetaclassPrepare(__pyx_t_3, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_mstate_global->__pyx_n_u_SFTPError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_SFTP_errors); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (__pyx_t_4 != __pyx_t_2) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_5, "__orig_bases__", __pyx_t_2) < 0))) __PYX_ERR(0, 157, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_Py3ClassCreate(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_t_4, __pyx_t_5, NULL, 0, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_t_2) < 0) __PYX_ERR(0, 157, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":161
  * 
@@ -2654,117 +3620,805 @@ if (!__Pyx_RefNanny) {
  * class SFTPHandleError(SFTPError):             # <<<<<<<<<<<<<<
  *     """Raised on SFTP handle errors"""
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 161, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 161, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
-  __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_CalculateMetaclass(NULL, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 161, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_1, __pyx_t_2, __pyx_n_s_SFTPHandleError, __pyx_n_s_SFTPHandleError, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_SFTP_handle_errors); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 161, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_1, __pyx_n_s_SFTPHandleError, __pyx_t_2, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 161, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 161, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SFTPHandleError, __pyx_t_4) < 0) __PYX_ERR(0, 161, __pyx_L1_error)
+  __pyx_t_3 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_2 = __Pyx_Py3MetaclassPrepare(__pyx_t_5, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError, __pyx_mstate_global->__pyx_n_u_SFTPHandleError, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_SFTP_handle_errors); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__pyx_t_4 != __pyx_t_3) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_2, "__orig_bases__", __pyx_t_3) < 0))) __PYX_ERR(0, 161, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_Py3ClassCreate(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPHandleError, __pyx_t_4, __pyx_t_2, NULL, 0, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SFTPHandleError, __pyx_t_3) < 0) __PYX_ERR(0, 161, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":165
  * 
  * 
  * class ChannelClosed(BaseSSHError):             # <<<<<<<<<<<<<<
  *     """Raised on operations on closed channels"""
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_BaseSSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 165, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 165, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_2);
-  __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 165, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_1, __pyx_n_s_ChannelClosed, __pyx_n_s_ChannelClosed, (PyObject *) NULL, __pyx_n_s_ssh_exceptions, __pyx_kp_s_Raised_on_operations_on_closed_c); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 165, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_n_s_ChannelClosed, __pyx_t_1, __pyx_t_3, NULL, 0, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 165, __pyx_L1_error)
+*/
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_BaseSSHError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 165, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ChannelClosed, __pyx_t_4) < 0) __PYX_ERR(0, 165, __pyx_L1_error)
+  __pyx_t_5 = PyTuple_Pack(1, __pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
   __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_4 = __Pyx_PEP560_update_bases(__pyx_t_5); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_2 = __Pyx_CalculateMetaclass(NULL, __pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_t_3 = __Pyx_Py3MetaclassPrepare(__pyx_t_2, __pyx_t_4, __pyx_mstate_global->__pyx_n_u_ChannelClosed, __pyx_mstate_global->__pyx_n_u_ChannelClosed, (PyObject *) NULL, __pyx_mstate_global->__pyx_n_u_ssh_exceptions, __pyx_mstate_global->__pyx_kp_u_Raised_on_operations_on_closed_c); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__pyx_t_4 != __pyx_t_5) {
+    if (unlikely((PyDict_SetItemString(__pyx_t_3, "__orig_bases__", __pyx_t_5) < 0))) __PYX_ERR(0, 165, __pyx_L1_error)
+  }
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_5 = __Pyx_Py3ClassCreate(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_ChannelClosed, __pyx_t_4, __pyx_t_3, NULL, 0, 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ChannelClosed, __pyx_t_5) < 0) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
 
   /* "ssh/exceptions.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
+*/
+  __pyx_t_4 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_4) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+
+  /*--- Wrapped vars code ---*/
+
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_XDECREF(__pyx_t_4);
+  __Pyx_XDECREF(__pyx_t_5);
+  if (__pyx_m) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
+      __Pyx_AddTraceback("init ssh.exceptions", __pyx_clineno, __pyx_lineno, __pyx_filename);
+    }
+    #if !CYTHON_USE_MODULE_STATE
+    Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
+  } else if (!PyErr_Occurred()) {
+    PyErr_SetString(PyExc_ImportError, "init ssh.exceptions");
+  }
+  __pyx_L0:;
+  __Pyx_RefNannyFinishContext();
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  return (__pyx_m != NULL) ? 0 : -1;
+  #else
+  return __pyx_m;
+  #endif
+}
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 240 <= 65535
+    const unsigned short n;
+#elif 240 / 2 < INT_MAX
+    const unsigned int n;
+#elif 240 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_AdministrativelyProhibited, sizeof(__pyx_k_AdministrativelyProhibited), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AdministrativelyProhibited */
+  {__pyx_k_AuthenticationDenied, sizeof(__pyx_k_AuthenticationDenied), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AuthenticationDenied */
+  {__pyx_k_AuthenticationError, sizeof(__pyx_k_AuthenticationError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AuthenticationError */
+  {__pyx_k_AuthenticationPartial, sizeof(__pyx_k_AuthenticationPartial), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AuthenticationPartial */
+  {__pyx_k_BaseSSHError, sizeof(__pyx_k_BaseSSHError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_BaseSSHError */
+  {__pyx_k_Base_class_for_all_errors_produc, sizeof(__pyx_k_Base_class_for_all_errors_produc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Base_class_for_all_errors_produc */
+  {__pyx_k_ChannelClosed, sizeof(__pyx_k_ChannelClosed), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ChannelClosed */
+  {__pyx_k_ChannelOpenFailure, sizeof(__pyx_k_ChannelOpenFailure), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ChannelOpenFailure */
+  {__pyx_k_CompressionError, sizeof(__pyx_k_CompressionError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_CompressionError */
+  {__pyx_k_ConnectFailed, sizeof(__pyx_k_ConnectFailed), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ConnectFailed */
+  {__pyx_k_ConnectionLost, sizeof(__pyx_k_ConnectionLost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ConnectionLost */
+  {__pyx_k_Disconnected, sizeof(__pyx_k_Disconnected), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Disconnected */
+  {__pyx_k_EOF, sizeof(__pyx_k_EOF), 0, 1, 1}, /* PyObject cname: __pyx_n_u_EOF */
+  {__pyx_k_GSSAPIError, sizeof(__pyx_k_GSSAPIError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GSSAPIError */
+  {__pyx_k_GSSAPIErrorTok, sizeof(__pyx_k_GSSAPIErrorTok), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GSSAPIErrorTok */
+  {__pyx_k_HostAuthenticationFailed, sizeof(__pyx_k_HostAuthenticationFailed), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HostAuthenticationFailed */
+  {__pyx_k_HostKeyNotVerifiable, sizeof(__pyx_k_HostKeyNotVerifiable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HostKeyNotVerifiable */
+  {__pyx_k_HostNotAllowedToConnect, sizeof(__pyx_k_HostNotAllowedToConnect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HostNotAllowedToConnect */
+  {__pyx_k_InvalidAPIUse, sizeof(__pyx_k_InvalidAPIUse), 0, 1, 1}, /* PyObject cname: __pyx_n_u_InvalidAPIUse */
+  {__pyx_k_KeyExchangeFailed, sizeof(__pyx_k_KeyExchangeFailed), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyExchangeFailed */
+  {__pyx_k_KeyExportError, sizeof(__pyx_k_KeyExportError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyExportError */
+  {__pyx_k_KeyGenerationError, sizeof(__pyx_k_KeyGenerationError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyGenerationError */
+  {__pyx_k_KeyImportError, sizeof(__pyx_k_KeyImportError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyImportError */
+  {__pyx_k_MACError, sizeof(__pyx_k_MACError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MACError */
+  {__pyx_k_OptionError, sizeof(__pyx_k_OptionError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_OptionError */
+  {__pyx_k_OtherError, sizeof(__pyx_k_OtherError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_OtherError */
+  {__pyx_k_ProtocolError, sizeof(__pyx_k_ProtocolError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ProtocolError */
+  {__pyx_k_ProtocolVersionNotSupport, sizeof(__pyx_k_ProtocolVersionNotSupport), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ProtocolVersionNotSupport */
+  {__pyx_k_Raised_on_EOF_from_remote_channe, sizeof(__pyx_k_Raised_on_EOF_from_remote_channe), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_EOF_from_remote_channe */
+  {__pyx_k_Raised_on_GSS_API_errors, sizeof(__pyx_k_Raised_on_GSS_API_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_GSS_API_errors */
+  {__pyx_k_Raised_on_GSS_API_token_errors, sizeof(__pyx_k_Raised_on_GSS_API_token_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_GSS_API_token_errors */
+  {__pyx_k_Raised_on_MAC_errors, sizeof(__pyx_k_Raised_on_MAC_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_MAC_errors */
+  {__pyx_k_Raised_on_SFTP_errors, sizeof(__pyx_k_Raised_on_SFTP_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_SFTP_errors */
+  {__pyx_k_Raised_on_SFTP_handle_errors, sizeof(__pyx_k_Raised_on_SFTP_handle_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_SFTP_handle_errors */
+  {__pyx_k_Raised_on_SSH_channel_open_failu, sizeof(__pyx_k_Raised_on_SSH_channel_open_failu), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_SSH_channel_open_failu */
+  {__pyx_k_Raised_on_SSH_request_failures, sizeof(__pyx_k_Raised_on_SSH_request_failures), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_SSH_request_failures */
+  {__pyx_k_Raised_on_administratively_prohi, sizeof(__pyx_k_Raised_on_administratively_prohi), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_administratively_prohi */
+  {__pyx_k_Raised_on_authentication_denied, sizeof(__pyx_k_Raised_on_authentication_denied), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_authentication_denied */
+  {__pyx_k_Raised_on_compression_errors, sizeof(__pyx_k_Raised_on_compression_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_compression_errors */
+  {__pyx_k_Raised_on_connect_failure, sizeof(__pyx_k_Raised_on_connect_failure), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_connect_failure */
+  {__pyx_k_Raised_on_connection_lost, sizeof(__pyx_k_Raised_on_connection_lost), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_connection_lost */
+  {__pyx_k_Raised_on_disconnection_errors, sizeof(__pyx_k_Raised_on_disconnection_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_disconnection_errors */
+  {__pyx_k_Raised_on_errors_exporting_key, sizeof(__pyx_k_Raised_on_errors_exporting_key), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_errors_exporting_key */
+  {__pyx_k_Raised_on_errors_generating_key, sizeof(__pyx_k_Raised_on_errors_generating_key), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_errors_generating_key */
+  {__pyx_k_Raised_on_errors_getting_setting, sizeof(__pyx_k_Raised_on_errors_getting_setting), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_errors_getting_setting */
+  {__pyx_k_Raised_on_errors_importing_key, sizeof(__pyx_k_Raised_on_errors_importing_key), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_errors_importing_key */
+  {__pyx_k_Raised_on_errors_returned_by_lib, sizeof(__pyx_k_Raised_on_errors_returned_by_lib), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_errors_returned_by_lib */
+  {__pyx_k_Raised_on_fatal_errors_authentic, sizeof(__pyx_k_Raised_on_fatal_errors_authentic), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_fatal_errors_authentic */
+  {__pyx_k_Raised_on_host_authentication_fa, sizeof(__pyx_k_Raised_on_host_authentication_fa), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_host_authentication_fa */
+  {__pyx_k_Raised_on_host_key_not_verifiabl, sizeof(__pyx_k_Raised_on_host_key_not_verifiabl), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_host_key_not_verifiabl */
+  {__pyx_k_Raised_on_host_not_allowed_to_co, sizeof(__pyx_k_Raised_on_host_not_allowed_to_co), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_host_not_allowed_to_co */
+  {__pyx_k_Raised_on_invalid_uses_of_the_AP, sizeof(__pyx_k_Raised_on_invalid_uses_of_the_AP), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_invalid_uses_of_the_AP */
+  {__pyx_k_Raised_on_key_exchange_failures, sizeof(__pyx_k_Raised_on_key_exchange_failures), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_key_exchange_failures */
+  {__pyx_k_Raised_on_operations_on_closed_c, sizeof(__pyx_k_Raised_on_operations_on_closed_c), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_operations_on_closed_c */
+  {__pyx_k_Raised_on_other_non_specific_fat, sizeof(__pyx_k_Raised_on_other_non_specific_fat), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_other_non_specific_fat */
+  {__pyx_k_Raised_on_partial_authentication, sizeof(__pyx_k_Raised_on_partial_authentication), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_partial_authentication */
+  {__pyx_k_Raised_on_protocol_errors, sizeof(__pyx_k_Raised_on_protocol_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_protocol_errors */
+  {__pyx_k_Raised_on_protocol_version_not_s, sizeof(__pyx_k_Raised_on_protocol_version_not_s), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_protocol_version_not_s */
+  {__pyx_k_Raised_on_resource_shortage_erro, sizeof(__pyx_k_Raised_on_resource_shortage_erro), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_resource_shortage_erro */
+  {__pyx_k_Raised_on_service_not_available, sizeof(__pyx_k_Raised_on_service_not_available), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_service_not_available */
+  {__pyx_k_Raised_on_too_many_connection_er, sizeof(__pyx_k_Raised_on_too_many_connection_er), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_too_many_connection_er */
+  {__pyx_k_Raised_on_unimplemented_errors, sizeof(__pyx_k_Raised_on_unimplemented_errors), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_unimplemented_errors */
+  {__pyx_k_Raised_on_unknown_channel_type, sizeof(__pyx_k_Raised_on_unknown_channel_type), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Raised_on_unknown_channel_type */
+  {__pyx_k_RequestFailure, sizeof(__pyx_k_RequestFailure), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RequestFailure */
+  {__pyx_k_ResourceShortage, sizeof(__pyx_k_ResourceShortage), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ResourceShortage */
+  {__pyx_k_SFTPError, sizeof(__pyx_k_SFTPError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPError */
+  {__pyx_k_SFTPHandleError, sizeof(__pyx_k_SFTPHandleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPHandleError */
+  {__pyx_k_SSHError, sizeof(__pyx_k_SSHError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHError */
+  {__pyx_k_ServiceNotAvailable, sizeof(__pyx_k_ServiceNotAvailable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ServiceNotAvailable */
+  {__pyx_k_TooManyConnections, sizeof(__pyx_k_TooManyConnections), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TooManyConnections */
+  {__pyx_k_UnImplemented, sizeof(__pyx_k_UnImplemented), 0, 1, 1}, /* PyObject cname: __pyx_n_u_UnImplemented */
+  {__pyx_k_UnknownChannelType, sizeof(__pyx_k_UnknownChannelType), 0, 1, 1}, /* PyObject cname: __pyx_n_u_UnknownChannelType */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_doc, sizeof(__pyx_k_doc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_doc */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_metaclass, sizeof(__pyx_k_metaclass), 0, 1, 1}, /* PyObject cname: __pyx_n_u_metaclass */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_mro_entries, sizeof(__pyx_k_mro_entries), 0, 1, 1}, /* PyObject cname: __pyx_n_u_mro_entries */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_prepare, sizeof(__pyx_k_prepare), 0, 1, 1}, /* PyObject cname: __pyx_n_u_prepare */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_ssh_exceptions, sizeof(__pyx_k_ssh_exceptions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_exceptions */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  return 0;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  return 0;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
  */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
+    r = PyLong_AsVoidPtr(p);
+end:
+    Py_XDECREF(p);
+    Py_XDECREF(m);
+    return (__Pyx_RefNannyAPIStruct *)r;
+}
+#endif
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
 
-  /*--- Wrapped vars code ---*/
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
 
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
-  __Pyx_XDECREF(__pyx_t_4);
-  if (__pyx_m) {
-    if (__pyx_d) {
-      __Pyx_AddTraceback("init ssh.exceptions", __pyx_clineno, __pyx_lineno, __pyx_filename);
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
     }
-    Py_CLEAR(__pyx_m);
-  } else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_ImportError, "init ssh.exceptions");
-  }
-  __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
-  #else
-  return;
-  #endif
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
 }
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
-    r = PyLong_AsVoidPtr(p);
-end:
-    Py_XDECREF(p);
-    Py_XDECREF(m);
-    return (__Pyx_RefNannyAPIStruct *)r;
-}
+/* Py3UpdateBases */
+static PyObject*
+__Pyx_PEP560_update_bases(PyObject *bases)
+{
+    Py_ssize_t i, j, size_bases;
+    PyObject *base = NULL, *meth, *new_base, *result, *new_bases = NULL;
+#if CYTHON_ASSUME_SAFE_SIZE
+    size_bases = PyTuple_GET_SIZE(bases);
+#else
+    size_bases = PyTuple_Size(bases);
+    if (size_bases < 0) return NULL;
 #endif
+    for (i = 0; i < size_bases; i++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_CLEAR(base);
+#endif
+#if CYTHON_ASSUME_SAFE_MACROS
+        base = PyTuple_GET_ITEM(bases, i);
+#else
+        base = PyTuple_GetItem(bases, i);
+        if (!base) goto error;
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_INCREF(base);
+#endif
+        if (PyType_Check(base)) {
+            if (new_bases) {
+                if (PyList_Append(new_bases, base) < 0) {
+                    goto error;
+                }
+            }
+            continue;
+        }
+        meth = __Pyx_PyObject_GetAttrStrNoError(base, __pyx_mstate_global->__pyx_n_u_mro_entries);
+        if (!meth && PyErr_Occurred()) {
+            goto error;
+        }
+        if (!meth) {
+            if (new_bases) {
+                if (PyList_Append(new_bases, base) < 0) {
+                    goto error;
+                }
+            }
+            continue;
+        }
+        new_base = __Pyx_PyObject_CallOneArg(meth, bases);
+        Py_DECREF(meth);
+        if (!new_base) {
+            goto error;
+        }
+        if (!PyTuple_Check(new_base)) {
+            PyErr_SetString(PyExc_TypeError,
+                            "__mro_entries__ must return a tuple");
+            Py_DECREF(new_base);
+            goto error;
+        }
+        if (!new_bases) {
+            if (!(new_bases = PyList_New(i))) {
+                goto error;
+            }
+            for (j = 0; j < i; j++) {
+                PyObject *base_from_list;
+#if CYTHON_ASSUME_SAFE_MACROS
+                base_from_list = PyTuple_GET_ITEM(bases, j);
+                PyList_SET_ITEM(new_bases, j, base_from_list);
+                Py_INCREF(base_from_list);
+#else
+                base_from_list = PyTuple_GetItem(bases, j);
+                if (!base_from_list) goto error;
+                Py_INCREF(base_from_list);
+                if (PyList_SetItem(new_bases, j, base_from_list) < 0) goto error;
+#endif
+            }
+        }
+#if CYTHON_ASSUME_SAFE_SIZE
+        j = PyList_GET_SIZE(new_bases);
+#else
+        j = PyList_Size(new_bases);
+        if (j < 0) goto error;
+#endif
+        if (PyList_SetSlice(new_bases, j, j, new_base) < 0) {
+            goto error;
+        }
+        Py_DECREF(new_base);
+    }
+    if (!new_bases) {
+        Py_INCREF(bases);
+        return bases;
+    }
+    result = PyList_AsTuple(new_bases);
+    Py_DECREF(new_bases);
+#if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(base);
+#endif
+    return result;
+error:
+    Py_XDECREF(new_bases);
+#if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(base);
+#endif
+    return NULL;
+}
 
 /* CalculateMetaclass */
 static PyObject *__Pyx_CalculateMetaclass(PyTypeObject *metaclass, PyObject *bases) {
-    Py_ssize_t i, nbases = PyTuple_GET_SIZE(bases);
+    Py_ssize_t i, nbases;
+#if CYTHON_ASSUME_SAFE_SIZE
+    nbases = PyTuple_GET_SIZE(bases);
+#else
+    nbases = PyTuple_Size(bases);
+    if (nbases < 0) return NULL;
+#endif
     for (i=0; i < nbases; i++) {
         PyTypeObject *tmptype;
+#if CYTHON_ASSUME_SAFE_MACROS
         PyObject *tmp = PyTuple_GET_ITEM(bases, i);
-        tmptype = Py_TYPE(tmp);
-#if PY_MAJOR_VERSION < 3
-        if (tmptype == &PyClass_Type)
-            continue;
+#else
+        PyObject *tmp = PyTuple_GetItem(bases, i);
+        if (!tmp) return NULL;
 #endif
+        tmptype = Py_TYPE(tmp);
         if (!metaclass) {
             metaclass = tmptype;
             continue;
@@ -2783,27 +4437,35 @@ static PyObject *__Pyx_CalculateMetaclass(PyTypeObject *metaclass, PyObject *bas
         return NULL;
     }
     if (!metaclass) {
-#if PY_MAJOR_VERSION < 3
-        metaclass = &PyClass_Type;
-#else
         metaclass = &PyType_Type;
-#endif
     }
     Py_INCREF((PyObject*) metaclass);
     return (PyObject*) metaclass;
 }
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
+/* PyObjectCall2Args */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
+    PyObject *args[3] = {NULL, arg1, arg2};
+    return __Pyx_PyObject_FastCall(function, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectLookupSpecial */
+#if CYTHON_USE_PYTYPE_LOOKUP && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx__PyObject_LookupSpecial(PyObject* obj, PyObject* attr_name, int with_error) {
+    PyObject *res;
+    PyTypeObject *tp = Py_TYPE(obj);
+    res = _PyType_Lookup(tp, attr_name);
+    if (likely(res)) {
+        descrgetfunc f = Py_TYPE(res)->tp_descr_get;
+        if (!f) {
+            Py_INCREF(res);
+        } else {
+            res = f(res, obj, (PyObject *)tp);
+        }
+    } else if (with_error) {
+        PyErr_SetObject(PyExc_AttributeError, attr_name);
+    }
+    return res;
 }
 #endif
 
@@ -2812,20 +4474,14 @@ static PyObject *__Pyx_Py3MetaclassPrepare(PyObject *metaclass, PyObject *bases,
                                            PyObject *qualname, PyObject *mkw, PyObject *modname, PyObject *doc) {
     PyObject *ns;
     if (metaclass) {
-        PyObject *prep = __Pyx_PyObject_GetAttrStr(metaclass, __pyx_n_s_prepare);
+        PyObject *prep = __Pyx_PyObject_GetAttrStrNoError(metaclass, __pyx_mstate_global->__pyx_n_u_prepare);
         if (prep) {
-            PyObject *pargs = PyTuple_Pack(2, name, bases);
-            if (unlikely(!pargs)) {
-                Py_DECREF(prep);
-                return NULL;
-            }
-            ns = PyObject_Call(prep, pargs, mkw);
+            PyObject *pargs[3] = {NULL, name, bases};
+            ns = __Pyx_PyObject_FastCallDict(prep, pargs+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, mkw);
             Py_DECREF(prep);
-            Py_DECREF(pargs);
         } else {
-            if (unlikely(!PyErr_ExceptionMatches(PyExc_AttributeError)))
+            if (unlikely(PyErr_Occurred()))
                 return NULL;
-            PyErr_Clear();
             ns = PyDict_New();
         }
     } else {
@@ -2833,9 +4489,9 @@ static PyObject *__Pyx_Py3MetaclassPrepare(PyObject *metaclass, PyObject *bases,
     }
     if (unlikely(!ns))
         return NULL;
-    if (unlikely(PyObject_SetItem(ns, __pyx_n_s_module, modname) < 0)) goto bad;
-    if (unlikely(PyObject_SetItem(ns, __pyx_n_s_qualname, qualname) < 0)) goto bad;
-    if (unlikely(doc && PyObject_SetItem(ns, __pyx_n_s_doc, doc) < 0)) goto bad;
+    if (unlikely(PyObject_SetItem(ns, __pyx_mstate_global->__pyx_n_u_module, modname) < 0)) goto bad;
+    if (unlikely(PyObject_SetItem(ns, __pyx_mstate_global->__pyx_n_u_qualname, qualname) < 0)) goto bad;
+    if (unlikely(doc && PyObject_SetItem(ns, __pyx_mstate_global->__pyx_n_u_doc, doc) < 0)) goto bad;
     return ns;
 bad:
     Py_DECREF(ns);
@@ -2844,10 +4500,11 @@ static PyObject *__Pyx_Py3MetaclassPrepare(PyObject *metaclass, PyObject *bases,
 static PyObject *__Pyx_Py3ClassCreate(PyObject *metaclass, PyObject *name, PyObject *bases,
                                       PyObject *dict, PyObject *mkw,
                                       int calculate_metaclass, int allow_py2_metaclass) {
-    PyObject *result, *margs;
+    PyObject *result;
     PyObject *owned_metaclass = NULL;
+    PyObject *margs[4] = {NULL, name, bases, dict};
     if (allow_py2_metaclass) {
-        owned_metaclass = PyObject_GetItem(dict, __pyx_n_s_metaclass);
+        owned_metaclass = PyObject_GetItem(dict, __pyx_mstate_global->__pyx_n_u_metaclass);
         if (owned_metaclass) {
             metaclass = owned_metaclass;
         } else if (likely(PyErr_ExceptionMatches(PyExc_KeyError))) {
@@ -2863,27 +4520,17 @@ static PyObject *__Pyx_Py3ClassCreate(PyObject *metaclass, PyObject *name, PyObj
             return NULL;
         owned_metaclass = metaclass;
     }
-    margs = PyTuple_Pack(3, name, bases, dict);
-    if (unlikely(!margs)) {
-        result = NULL;
-    } else {
-        result = PyObject_Call(metaclass, margs, mkw);
-        Py_DECREF(margs);
-    }
+    result = __Pyx_PyObject_FastCallDict(metaclass, margs+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, mkw);
     Py_XDECREF(owned_metaclass);
     return result;
 }
 
 /* GetBuiltinName */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
     }
     return result;
 }
@@ -2922,25 +4569,26 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
 #endif
 {
     PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
         return NULL;
     }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = PyObject_GetAttr(__pyx_m, name);
     if (likely(result)) {
-        return __Pyx_NewRef(result);
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
     }
-#endif
 #else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
     if (likely(result)) {
         return __Pyx_NewRef(result);
     }
@@ -2949,54 +4597,35 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
     return __Pyx_GetBuiltinName(name);
 }
 
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-}
-#endif
-
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -3005,11 +4634,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -3037,130 +4667,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -3191,7 +4887,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -3201,9 +4897,81 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
+    }
+    goto done;
+}
+#endif
+
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -3215,17 +4983,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -3233,10 +5001,43 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
@@ -3263,189 +5064,247 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
 #endif
-    const long neg_one = (long) -1, const_zero = (long) 0;
-#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
-#pragma GCC diagnostic pop
-#endif
-    const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
+    const long neg_one = (long) -1, const_zero = (long) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
 #endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    const int is_unsigned = neg_one > const_zero;
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -3459,7 +5318,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -3469,179 +5328,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -3658,7 +5575,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -3679,51 +5596,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -3754,109 +5658,132 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
         if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
-        } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
-        }
-        #else
-        if (t->is_unicode | t->is_str) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -3868,25 +5795,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -3909,95 +5836,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -4036,33 +5934,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/exceptions.pyx b/ssh/exceptions.pyx
index 482de6bd..b0600761 100644
--- a/ssh/exceptions.pyx
+++ b/ssh/exceptions.pyx
@@ -1,18 +1,19 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 
 class OptionError(Exception):
diff --git a/ssh/key.c b/ssh/key.c
index 23fa0836..b51d1442 100644
--- a/ssh/key.c
+++ b/ssh/key.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.key",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/key.pyx"
+        ]
+    },
+    "module_name": "ssh.key"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,77 +911,201 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
   float value;
   memset(&value, 0xFF, sizeof(value));
   return value;
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -754,12 +1164,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -794,140 +1200,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -939,26 +1334,40 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/key.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/keytypes.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -966,11 +1375,173 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_8keytypes_KeyType;
@@ -995,7 +1566,7 @@ struct __pyx_obj_3ssh_3key_SSHKey;
  * cdef class KeyType:             # <<<<<<<<<<<<<<
  *     cdef ssh_keytypes_e _type
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_KeyType {
   PyObject_HEAD
   enum ssh_keytypes_e _type;
@@ -1008,7 +1579,7 @@ struct __pyx_obj_3ssh_8keytypes_KeyType {
  * cdef class DSSKey(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_DSSKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1020,7 +1591,7 @@ struct __pyx_obj_3ssh_8keytypes_DSSKey {
  * cdef class RSAKey(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_RSAKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1032,7 +1603,7 @@ struct __pyx_obj_3ssh_8keytypes_RSAKey {
  * cdef class RSA1Key(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_RSA1Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1044,7 +1615,7 @@ struct __pyx_obj_3ssh_8keytypes_RSA1Key {
  * cdef class ECDSAKey(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSAKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1056,7 +1627,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSAKey {
  * cdef class DSSCert01Key(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_DSSCert01Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1068,7 +1639,7 @@ struct __pyx_obj_3ssh_8keytypes_DSSCert01Key {
  * cdef class RSACert01Key(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_RSACert01Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1080,7 +1651,7 @@ struct __pyx_obj_3ssh_8keytypes_RSACert01Key {
  * cdef class ECDSA_P256(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1092,7 +1663,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 {
  * cdef class ECDSA_P384(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1104,7 +1675,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 {
  * cdef class ECDSA_P521(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1116,7 +1687,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 {
  * cdef class ECDSA_P256_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1128,7 +1699,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 {
  * cdef class ECDSA_P384_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1140,7 +1711,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 {
  * cdef class ECDSA_P521_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1152,7 +1723,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 {
  * cdef class ED25519_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1164,7 +1735,7 @@ struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 {
  * cdef class SSHKey:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_key _key
  * 
- */
+*/
 struct __pyx_obj_3ssh_3key_SSHKey {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtab;
@@ -1173,18 +1744,19 @@ struct __pyx_obj_3ssh_3key_SSHKey {
 
 
 
-/* "ssh/key.pyx":27
+/* "ssh/key.pyx":32
  * 
  * 
  * cdef class SSHKey:             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_3key_SSHKey {
   struct __pyx_obj_3ssh_3key_SSHKey *(*from_ptr)(ssh_key);
 };
 static struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtabptr_3ssh_3key_SSHKey;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1193,42 +1765,48 @@ static struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtabptr_3ssh_3key_SSHKey;
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1239,6 +1817,10 @@ static struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtabptr_3ssh_3key_SSHKey;
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1250,6 +1832,57 @@ static struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtabptr_3ssh_3key_SSHKey;
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1257,19 +1890,75 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
 
 /* ArgTypeTest.proto */
 #define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
         __Pyx__ArgTypeTest(obj, type, name, exact))
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
 
@@ -1277,9 +1966,110 @@ static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *nam
 static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
 
 /* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
 
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -1309,18 +2099,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1328,271 +2118,450 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+
+/* PyObjectFastCallMethod.proto */
+#if CYTHON_VECTORCALL && PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyObject_FastCallMethod(name, args, nargsf) PyObject_VectorcallMethod(name, args, nargsf, NULL)
 #else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf);
 #endif
 
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
-#else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#endif
-#else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
-#endif
-
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
-
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
-#else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* PyFunctionFastCall.proto */
-#if CYTHON_FAST_PYCALL
-#define __Pyx_PyFunction_FastCall(func, args, nargs)\
-    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
-#endif
-#define __Pyx_BUILD_ASSERT_EXPR(cond)\
-    (sizeof(char [1 - 2*!(cond)]) - 1)
-#ifndef Py_MEMBER_SIZE
-#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
-#endif
-#if CYTHON_FAST_PYCALL
-  static size_t __pyx_pyframe_localsplus_offset = 0;
-  #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
-  #define __Pxy_PyFrame_Initialize_Offsets()\
-    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
-     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
-  #define __Pyx_PyFrame_GetLocalsplus(frame)\
-    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
-#endif
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
 
-/* PyObjectCallMethO.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
-#endif
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
 
 /* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
-
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
 
 /* PyObjectCallOneArg.proto */
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
-#endif
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
 #endif
 
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
 /* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
-#endif
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
+/* ListPack.proto */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...);
+
 /* Import.proto */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
 #else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
+/* CIntToPy.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_file_format_e(enum ssh_file_format_e value);
+
+/* CIntFromPy.proto */
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
+
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE enum ssh_file_format_e __Pyx_PyLong_As_enum__ssh_file_format_e(PyObject *);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
-
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_3key_SSHKey *__pyx_f_3ssh_3key_6SSHKey_from_ptr(ssh_key __pyx_v_key); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.keytypes' */
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_KeyType = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSAKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSA1Key = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSAKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSCert01Key = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSACert01Key = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = 0;
+/* Module declarations from "libc.string" */
+
+/* Module declarations from "ssh.keytypes" */
 static struct __pyx_obj_3ssh_8keytypes_KeyType *(*__pyx_f_3ssh_8keytypes_from_keytype)(enum ssh_keytypes_e); /*proto*/
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_to_bytes)(PyObject *); /*proto*/
 static PyObject *(*__pyx_f_3ssh_5utils_to_str)(char const *); /*proto*/
 
-/* Module declarations from 'ssh.key' */
-static PyTypeObject *__pyx_ptype_3ssh_3key_SSHKey = 0;
+/* Module declarations from "ssh.key" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.key"
 extern int __pyx_module_is_main_ssh__key;
 int __pyx_module_is_main_ssh__key = 0;
 
-/* Implementation of 'ssh.key' */
+/* Implementation of "ssh.key" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
+static PyObject *__pyx_builtin_ValueError;
 static PyObject *__pyx_builtin_TypeError;
-static const char __pyx_k__3[] = "";
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k__2[] = ".";
+static const char __pyx_k__3[] = "?";
+static const char __pyx_k_gc[] = "gc";
 static const char __pyx_k_rc[] = "rc";
-static const char __pyx_k_key[] = "key";
+static const char __pyx_k_key[] = "_key";
+static const char __pyx_k_pop[] = "pop";
 static const char __pyx_k_bits[] = "bits";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_type[] = "_type";
+static const char __pyx_k_b_key[] = "b_key";
 static const char __pyx_k_c_key[] = "c_key";
-static const char __pyx_k_key_2[] = "_key";
+static const char __pyx_k_key_2[] = "key";
 static const char __pyx_k_SSHKey[] = "SSHKey";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_b_name[] = "b_name";
+static const char __pyx_k_c_name[] = "c_name";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_A_Q_t1A[] = "\200A\340\r\016\330\014\026\320\026(\250\001\250\024\250Q\330\010\017\210t\2201\220A";
+static const char __pyx_k_A_a_t1A[] = "\200A\340\r\016\330\014\026\320\026)\250\021\250$\250a\330\010\017\210t\2201\220A";
 static const char __pyx_k_b64_key[] = "b64_key";
+static const char __pyx_k_disable[] = "disable";
+static const char __pyx_k_key_len[] = "key_len";
+static const char __pyx_k_pub_key[] = "pub_key";
 static const char __pyx_k_ssh_key[] = "ssh.key";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_b64_cert[] = "b64_cert";
 static const char __pyx_k_cert_key[] = "cert_key";
 static const char __pyx_k_filepath[] = "filepath";
@@ -1600,85 +2569,82 @@ static const char __pyx_k_generate[] = "generate";
 static const char __pyx_k_getstate[] = "__getstate__";
 static const char __pyx_k_key_type[] = "key_type";
 static const char __pyx_k_priv_key[] = "priv_key";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
+static const char __pyx_k_A_1_a_vQa[] = "\200A\360\006\000\016\017\330\014\032\320\0321\260\021\260$\260a\330\010\021\220\021\330\010\017\210v\220Q\220a";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_is_public[] = "is_public";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_keyformat[] = "keyformat";
+static const char __pyx_k_pub_key_2[] = "_pub_key";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_ValueError[] = "ValueError";
 static const char __pyx_k_b_filepath[] = "b_filepath";
 static const char __pyx_k_c_filepath[] = "c_filepath";
 static const char __pyx_k_cert_key_2[] = "_cert_key";
+static const char __pyx_k_ecdsa_name[] = "ecdsa_name";
 static const char __pyx_k_exceptions[] = "exceptions";
 static const char __pyx_k_is_private[] = "is_private";
 static const char __pyx_k_passphrase[] = "passphrase";
 static const char __pyx_k_priv_key_2[] = "_priv_key";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
+static const char __pyx_k_A_4vS_4q_1A[] = "\200A\340\010\013\2104\210v\220S\230\001\330\014\r\330\010\025\220]\240!\2404\240q\330\010\017\210|\2301\230A";
+static const char __pyx_k_HAQ_1_s_a_1[] = "\200\001\330\004\034\230H\240A\240Q\330\004\"\240!\360\010\000\n\013\330\010\022\320\022+\2501\330\014\030\230\001\230\021\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
+static const char __pyx_k_HAQ_Q_s_a_1[] = "\200\001\330\004\034\230H\240A\240Q\330\004\"\240!\360\010\000\n\013\330\010\022\320\022-\250Q\330\014\030\230\001\230\021\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_c_keyformat[] = "c_keyformat";
 static const char __pyx_k_ssh_key_pyx[] = "ssh/key.pyx";
+static const char __pyx_k_1HHF_1_s_a_1[] = "\200\001\360\010\000\n\013\330\010\022\320\022#\2401\240H\250H\260F\270!\2701\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
 static const char __pyx_k_b_passphrase[] = "b_passphrase";
 static const char __pyx_k_c_passphrase[] = "c_passphrase";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_A_31D_q_s_1_q[] = "\200A\360\n\000\016\017\330\014\026\320\0263\2601\260D\270\007\270q\300\001\330\014\017\210s\220(\230!\330\025\026\330\024\032\230!\330\010\020\220\001\330\r\"\240!\2401\330\010\017\210q";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_A_7q_G1A_3ha_q[] = "\200A\360\010\000\016\017\330\014\026\320\0267\260q\270\004\270G\3001\300A\330\010\013\2103\210h\220a\330\014\022\220!\330\010\030\230\t\240\021\240!\330\010\017\210q";
 static const char __pyx_k_KeyExportError[] = "KeyExportError";
 static const char __pyx_k_KeyImportError[] = "KeyImportError";
+static const char __pyx_k_Q_Q_881A_s_a_1[] = "\200\001\330\004\035\230Q\360\010\000\n\013\330\010\022\320\022-\250Q\330\014\023\2208\2308\2401\240A\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
+static const char __pyx_k_Q_q_881A_s_a_1[] = "\200\001\330\004\035\230Q\360\010\000\n\013\330\010\022\320\022/\250q\330\014\023\2208\2308\2401\240A\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
+static const char __pyx_k_SSHKey_key_type[] = "SSHKey.key_type";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_SSHKey_is_public[] = "SSHKey.is_public";
 static const char __pyx_k_import_cert_file[] = "import_cert_file";
+static const char __pyx_k_SSHKey_ecdsa_name[] = "SSHKey.ecdsa_name";
+static const char __pyx_k_SSHKey_is_private[] = "SSHKey.is_private";
 static const char __pyx_k_KeyGenerationError[] = "KeyGenerationError";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
 static const char __pyx_k_import_cert_base64[] = "import_cert_base64";
 static const char __pyx_k_import_pubkey_file[] = "import_pubkey_file";
+static const char __pyx_k_SSH_FILE_FORMAT_PEM[] = "SSH_FILE_FORMAT_PEM";
+static const char __pyx_k_export_privkey_file[] = "export_privkey_file";
 static const char __pyx_k_import_privkey_file[] = "import_privkey_file";
+static const char __pyx_k_x_S_a_81_81_q_q_s_a[] = "\200\001\330\004\007\200x\210{\230#\230S\240\001\330\010\016\210a\330\004#\2408\2501\330\004#\2408\2501\330\t\n\330\010\022\320\022/\250q\330\014\027\220q\330\004\007\200s\210(\220!\330\010\016\210a";
+static const char __pyx_k_Q_A_xq_q_0_vQa_s_a_1[] = "\320\000)\250\021\330\004\035\230Q\340\004$\240A\360\010\000\005\010\200{\220'\230\021\330\010\027\220x\230q\240\001\330\010\027\220q\330\t\n\330\010\022\320\0220\260\001\330\014\023\220>\240\026\240v\250Q\250a\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
 static const char __pyx_k_copy_cert_to_privkey[] = "copy_cert_to_privkey";
+static const char __pyx_k_export_pubkey_base64[] = "export_pubkey_base64";
 static const char __pyx_k_import_pubkey_base64[] = "import_pubkey_base64";
+static const char __pyx_k_a_gQ_81A_1_2_G_vQ_3ha[] = "\320\004@\300\001\340\010 \240\010\250\001\250\021\330\010(\250\001\330\010&\240a\340\010\013\210;\220g\230Q\330\014\033\2308\2401\240A\330\014\033\2301\330\r\016\330\014\026\320\0262\260!\330\020\024\220G\230>\250\026\250v\260Q\330\010\013\2103\210h\220a\330\014\022\220!";
 static const char __pyx_k_import_privkey_base64[] = "import_privkey_base64";
+static const char __pyx_k_SSHKey___reduce_cython[] = "SSHKey.__reduce_cython__";
+static const char __pyx_k_HAQ_A_xq_q_a_fF_1_s_a_1[] = "\320\000\"\240!\340\004\034\230H\240A\240Q\330\004$\240A\330\004\"\240!\360\010\000\005\010\200{\220'\230\021\330\010\027\220x\230q\240\001\330\010\027\220q\330\t\n\330\010\022\320\022.\250a\330\014\030\230\016\240f\250F\260!\2601\330\004\007\200s\210(\220!\330\010\016\210a\330\004\020\220\t\230\021\230!\330\004\013\2101";
+static const char __pyx_k_SSH_FILE_FORMAT_DEFAULT[] = "SSH_FILE_FORMAT_DEFAULT";
+static const char __pyx_k_SSH_FILE_FORMAT_OPENSSH[] = "SSH_FILE_FORMAT_OPENSSH";
+static const char __pyx_k_SSHKey___setstate_cython[] = "SSHKey.__setstate_cython__";
+static const char __pyx_k_export_privkey_to_pubkey[] = "export_privkey_to_pubkey";
+static const char __pyx_k_SSHKey_export_privkey_file[] = "SSHKey.export_privkey_file";
+static const char __pyx_k_export_privkey_file_format[] = "export_privkey_file_format";
+static const char __pyx_k_SSHKey_export_pubkey_base64[] = "SSHKey.export_pubkey_base64";
+static const char __pyx_k_SSHKey_export_privkey_to_pubkey[] = "SSHKey.export_privkey_to_pubkey";
+static const char __pyx_k_ADE_a_z_66Oq_A_31_z_66Oq_A_gQ_81[] = "\200A\330DE\340\010 \240\010\250\001\250\021\330\010(\250\001\330\010&\240a\340\010\017\210z\230\024\320\0356\3206O\310q\330\014\022\220*\230A\330\020\021\330\020\021\330\0103\2601\330\010\017\210z\230\024\320\0356\3206O\310q\330\014\022\220*\230A\330\020\021\330\020\021\330\010\013\210;\220g\230Q\330\014\033\2308\2401\240A\330\014\033\2301\330\r\016\330\014\026\320\0269\270\021\330\020\024\220G\230>\250\026\250v\260\\\300\021\330\010\013\2103\210h\220a\330\014\022\220!";
+static const char __pyx_k_Keyformat_must_be_one_of_SSH_FIL[] = "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
+static const char __pyx_k_SSHKey_export_privkey_file_forma[] = "SSHKey.export_privkey_file_format";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_KeyExportError;
-static PyObject *__pyx_n_s_KeyGenerationError;
-static PyObject *__pyx_n_s_KeyImportError;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_SSHKey;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_kp_b__3;
-static PyObject *__pyx_n_s_b64_cert;
-static PyObject *__pyx_n_s_b64_key;
-static PyObject *__pyx_n_s_b_filepath;
-static PyObject *__pyx_n_s_b_passphrase;
-static PyObject *__pyx_n_s_bits;
-static PyObject *__pyx_n_s_c_filepath;
-static PyObject *__pyx_n_s_c_key;
-static PyObject *__pyx_n_s_c_passphrase;
-static PyObject *__pyx_n_s_cert_key;
-static PyObject *__pyx_n_s_cert_key_2;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_copy_cert_to_privkey;
-static PyObject *__pyx_n_s_exceptions;
-static PyObject *__pyx_n_s_filepath;
-static PyObject *__pyx_n_s_generate;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_import_cert_base64;
-static PyObject *__pyx_n_s_import_cert_file;
-static PyObject *__pyx_n_s_import_privkey_base64;
-static PyObject *__pyx_n_s_import_privkey_file;
-static PyObject *__pyx_n_s_import_pubkey_base64;
-static PyObject *__pyx_n_s_import_pubkey_file;
-static PyObject *__pyx_n_s_is_private;
-static PyObject *__pyx_n_s_key;
-static PyObject *__pyx_n_s_key_2;
-static PyObject *__pyx_n_s_key_type;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_passphrase;
-static PyObject *__pyx_n_s_priv_key;
-static PyObject *__pyx_n_s_priv_key_2;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_rc;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_ssh_key;
-static PyObject *__pyx_kp_s_ssh_key_pyx;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_3key_6SSHKey___cinit__(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
 static void __pyx_pf_3ssh_3key_6SSHKey_2__dealloc__(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_6SSHKey_4is_private(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
@@ -1687,10 +2653,11 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_8__eq__(struct __pyx_obj_3ssh_3key_S
 static PyObject *__pyx_pf_3ssh_3key_6SSHKey_10key_type(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_6SSHKey_12ecdsa_name(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_6SSHKey_14export_privkey_file(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, PyObject *__pyx_v_filepath, PyObject *__pyx_v_passphrase); /* proto */
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_16export_privkey_to_pubkey(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_18export_pubkey_base64(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_20__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_22__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_16export_privkey_file_format(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, PyObject *__pyx_v_filepath, PyObject *__pyx_v_keyformat, PyObject *__pyx_v_passphrase); /* proto */
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_18export_privkey_to_pubkey(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_20export_pubkey_base64(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_22__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_24__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_generate(CYTHON_UNUSED PyObject *__pyx_self, struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_key_type, int __pyx_v_bits); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_2import_privkey_base64(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v_b64_key, PyObject *__pyx_v_passphrase); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_4import_privkey_file(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v_filepath, PyObject *__pyx_v_passphrase); /* proto */
@@ -1700,33 +2667,288 @@ static PyObject *__pyx_pf_3ssh_3key_10import_cert_base64(CYTHON_UNUSED PyObject
 static PyObject *__pyx_pf_3ssh_3key_12import_cert_file(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v_filepath); /* proto */
 static PyObject *__pyx_pf_3ssh_3key_14copy_cert_to_privkey(CYTHON_UNUSED PyObject *__pyx_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_cert_key, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_priv_key); /* proto */
 static PyObject *__pyx_tp_new_3ssh_3key_SSHKey(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__4;
-static PyObject *__pyx_tuple__6;
-static PyObject *__pyx_tuple__8;
-static PyObject *__pyx_tuple__10;
-static PyObject *__pyx_tuple__12;
-static PyObject *__pyx_tuple__14;
-static PyObject *__pyx_tuple__16;
-static PyObject *__pyx_tuple__18;
-static PyObject *__pyx_codeobj__5;
-static PyObject *__pyx_codeobj__7;
-static PyObject *__pyx_codeobj__9;
-static PyObject *__pyx_codeobj__11;
-static PyObject *__pyx_codeobj__13;
-static PyObject *__pyx_codeobj__15;
-static PyObject *__pyx_codeobj__17;
-static PyObject *__pyx_codeobj__19;
-/* Late includes */
-
-/* "ssh/key.pyx":30
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_KeyType;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSAKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSA1Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSAKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSCert01Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSACert01Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ED25519_CERT01;
+  PyObject *__pyx_type_3ssh_3key_SSHKey;
+  PyTypeObject *__pyx_ptype_3ssh_3key_SSHKey;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[2];
+  PyObject *__pyx_codeobj_tab[18];
+  PyObject *__pyx_string_tab[97];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_b_ __pyx_string_tab[0]
+#define __pyx_n_u_KeyExportError __pyx_string_tab[1]
+#define __pyx_n_u_KeyGenerationError __pyx_string_tab[2]
+#define __pyx_n_u_KeyImportError __pyx_string_tab[3]
+#define __pyx_kp_u_Keyformat_must_be_one_of_SSH_FIL __pyx_string_tab[4]
+#define __pyx_n_u_MemoryError __pyx_string_tab[5]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[6]
+#define __pyx_n_u_SSHKey __pyx_string_tab[7]
+#define __pyx_n_u_SSHKey___reduce_cython __pyx_string_tab[8]
+#define __pyx_n_u_SSHKey___setstate_cython __pyx_string_tab[9]
+#define __pyx_n_u_SSHKey_ecdsa_name __pyx_string_tab[10]
+#define __pyx_n_u_SSHKey_export_privkey_file __pyx_string_tab[11]
+#define __pyx_n_u_SSHKey_export_privkey_file_forma __pyx_string_tab[12]
+#define __pyx_n_u_SSHKey_export_privkey_to_pubkey __pyx_string_tab[13]
+#define __pyx_n_u_SSHKey_export_pubkey_base64 __pyx_string_tab[14]
+#define __pyx_n_u_SSHKey_is_private __pyx_string_tab[15]
+#define __pyx_n_u_SSHKey_is_public __pyx_string_tab[16]
+#define __pyx_n_u_SSHKey_key_type __pyx_string_tab[17]
+#define __pyx_n_u_SSH_FILE_FORMAT_DEFAULT __pyx_string_tab[18]
+#define __pyx_n_u_SSH_FILE_FORMAT_OPENSSH __pyx_string_tab[19]
+#define __pyx_n_u_SSH_FILE_FORMAT_PEM __pyx_string_tab[20]
+#define __pyx_n_u_TypeError __pyx_string_tab[21]
+#define __pyx_n_u_ValueError __pyx_string_tab[22]
+#define __pyx_kp_u__2 __pyx_string_tab[23]
+#define __pyx_kp_u__3 __pyx_string_tab[24]
+#define __pyx_kp_u_add_note __pyx_string_tab[25]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[26]
+#define __pyx_n_u_b64_cert __pyx_string_tab[27]
+#define __pyx_n_u_b64_key __pyx_string_tab[28]
+#define __pyx_n_u_b_filepath __pyx_string_tab[29]
+#define __pyx_n_u_b_key __pyx_string_tab[30]
+#define __pyx_n_u_b_name __pyx_string_tab[31]
+#define __pyx_n_u_b_passphrase __pyx_string_tab[32]
+#define __pyx_n_u_bits __pyx_string_tab[33]
+#define __pyx_n_u_c_filepath __pyx_string_tab[34]
+#define __pyx_n_u_c_key __pyx_string_tab[35]
+#define __pyx_n_u_c_keyformat __pyx_string_tab[36]
+#define __pyx_n_u_c_name __pyx_string_tab[37]
+#define __pyx_n_u_c_passphrase __pyx_string_tab[38]
+#define __pyx_n_u_cert_key __pyx_string_tab[39]
+#define __pyx_n_u_cert_key_2 __pyx_string_tab[40]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[41]
+#define __pyx_n_u_copy_cert_to_privkey __pyx_string_tab[42]
+#define __pyx_kp_u_disable __pyx_string_tab[43]
+#define __pyx_n_u_ecdsa_name __pyx_string_tab[44]
+#define __pyx_kp_u_enable __pyx_string_tab[45]
+#define __pyx_n_u_exceptions __pyx_string_tab[46]
+#define __pyx_n_u_export_privkey_file __pyx_string_tab[47]
+#define __pyx_n_u_export_privkey_file_format __pyx_string_tab[48]
+#define __pyx_n_u_export_privkey_to_pubkey __pyx_string_tab[49]
+#define __pyx_n_u_export_pubkey_base64 __pyx_string_tab[50]
+#define __pyx_n_u_filepath __pyx_string_tab[51]
+#define __pyx_n_u_func __pyx_string_tab[52]
+#define __pyx_kp_u_gc __pyx_string_tab[53]
+#define __pyx_n_u_generate __pyx_string_tab[54]
+#define __pyx_n_u_getstate __pyx_string_tab[55]
+#define __pyx_n_u_import_cert_base64 __pyx_string_tab[56]
+#define __pyx_n_u_import_cert_file __pyx_string_tab[57]
+#define __pyx_n_u_import_privkey_base64 __pyx_string_tab[58]
+#define __pyx_n_u_import_privkey_file __pyx_string_tab[59]
+#define __pyx_n_u_import_pubkey_base64 __pyx_string_tab[60]
+#define __pyx_n_u_import_pubkey_file __pyx_string_tab[61]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[62]
+#define __pyx_n_u_is_private __pyx_string_tab[63]
+#define __pyx_n_u_is_public __pyx_string_tab[64]
+#define __pyx_kp_u_isenabled __pyx_string_tab[65]
+#define __pyx_n_u_key __pyx_string_tab[66]
+#define __pyx_n_u_key_2 __pyx_string_tab[67]
+#define __pyx_n_u_key_len __pyx_string_tab[68]
+#define __pyx_n_u_key_type __pyx_string_tab[69]
+#define __pyx_n_u_keyformat __pyx_string_tab[70]
+#define __pyx_n_u_main __pyx_string_tab[71]
+#define __pyx_n_u_module __pyx_string_tab[72]
+#define __pyx_n_u_name __pyx_string_tab[73]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[74]
+#define __pyx_n_u_passphrase __pyx_string_tab[75]
+#define __pyx_n_u_pop __pyx_string_tab[76]
+#define __pyx_n_u_priv_key __pyx_string_tab[77]
+#define __pyx_n_u_priv_key_2 __pyx_string_tab[78]
+#define __pyx_n_u_pub_key __pyx_string_tab[79]
+#define __pyx_n_u_pub_key_2 __pyx_string_tab[80]
+#define __pyx_n_u_pyx_state __pyx_string_tab[81]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[82]
+#define __pyx_n_u_qualname __pyx_string_tab[83]
+#define __pyx_n_u_rc __pyx_string_tab[84]
+#define __pyx_n_u_reduce __pyx_string_tab[85]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[86]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[87]
+#define __pyx_n_u_self __pyx_string_tab[88]
+#define __pyx_n_u_set_name __pyx_string_tab[89]
+#define __pyx_n_u_setstate __pyx_string_tab[90]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[91]
+#define __pyx_n_u_ssh_key __pyx_string_tab[92]
+#define __pyx_kp_u_ssh_key_pyx __pyx_string_tab[93]
+#define __pyx_kp_u_stringsource __pyx_string_tab[94]
+#define __pyx_n_u_test __pyx_string_tab[95]
+#define __pyx_n_u_type __pyx_string_tab[96]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_KeyType);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_DSSKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_RSAKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_RSA1Key);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSAKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_DSSCert01Key);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_RSACert01Key);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_3key_SSHKey);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_3key_SSHKey);
+  for (int i=0; i<2; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<18; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<97; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_KeyType);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_DSSKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_RSAKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_RSA1Key);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSAKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_DSSCert01Key);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_RSACert01Key);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_3key_SSHKey);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_3key_SSHKey);
+  for (int i=0; i<2; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<18; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<97; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
+
+/* "ssh/key.pyx":34
+ * cdef class SSHKey:
  * 
- *     @staticmethod
- *     cdef SSHKey from_ptr(c_ssh.ssh_key key):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SSHKey from_ptr(c_ssh.ssh_key key):
  *         cdef SSHKey _key = SSHKey.__new__(SSHKey)
- *         _key._key = key
- */
+*/
 
 static struct __pyx_obj_3ssh_3key_SSHKey *__pyx_f_3ssh_3key_6SSHKey_from_ptr(ssh_key __pyx_v_key) {
   struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v__key = 0;
@@ -1738,46 +2960,46 @@ static struct __pyx_obj_3ssh_3key_SSHKey *__pyx_f_3ssh_3key_6SSHKey_from_ptr(ssh
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("from_ptr", 0);
 
-  /* "ssh/key.pyx":31
+  /* "ssh/key.pyx":36
  *     @staticmethod
  *     cdef SSHKey from_ptr(c_ssh.ssh_key key):
  *         cdef SSHKey _key = SSHKey.__new__(SSHKey)             # <<<<<<<<<<<<<<
  *         _key._key = key
  *         return _key
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_3key_SSHKey(((PyTypeObject *)__pyx_ptype_3ssh_3key_SSHKey), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 31, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_3key_SSHKey(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 36, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v__key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":32
+  /* "ssh/key.pyx":37
  *     cdef SSHKey from_ptr(c_ssh.ssh_key key):
  *         cdef SSHKey _key = SSHKey.__new__(SSHKey)
  *         _key._key = key             # <<<<<<<<<<<<<<
  *         return _key
  * 
- */
+*/
   __pyx_v__key->_key = __pyx_v_key;
 
-  /* "ssh/key.pyx":33
+  /* "ssh/key.pyx":38
  *         cdef SSHKey _key = SSHKey.__new__(SSHKey)
  *         _key._key = key
  *         return _key             # <<<<<<<<<<<<<<
  * 
  *     def __cinit__(self):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__key));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__key);
   __pyx_r = __pyx_v__key;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":30
+  /* "ssh/key.pyx":34
+ * cdef class SSHKey:
  * 
- *     @staticmethod
- *     cdef SSHKey from_ptr(c_ssh.ssh_key key):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SSHKey from_ptr(c_ssh.ssh_key key):
  *         cdef SSHKey _key = SSHKey.__new__(SSHKey)
- *         _key._key = key
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1791,23 +3013,32 @@ static struct __pyx_obj_3ssh_3key_SSHKey *__pyx_f_3ssh_3key_6SSHKey_from_ptr(ssh
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":35
+/* "ssh/key.pyx":40
  *         return _key
  * 
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._key = c_ssh.ssh_key_new()
  *         if self._key is NULL:
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_3key_6SSHKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_3key_6SSHKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey___cinit__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
@@ -1817,57 +3048,55 @@ static int __pyx_pw_3ssh_3key_6SSHKey_1__cinit__(PyObject *__pyx_v_self, PyObjec
 
 static int __pyx_pf_3ssh_3key_6SSHKey___cinit__(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
-  /* "ssh/key.pyx":36
+  /* "ssh/key.pyx":41
  * 
  *     def __cinit__(self):
  *         self._key = c_ssh.ssh_key_new()             # <<<<<<<<<<<<<<
  *         if self._key is NULL:
  *             raise MemoryError
- */
+*/
   __pyx_v_self->_key = ssh_key_new();
 
-  /* "ssh/key.pyx":37
+  /* "ssh/key.pyx":42
  *     def __cinit__(self):
  *         self._key = c_ssh.ssh_key_new()
  *         if self._key is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  * 
- */
-  __pyx_t_1 = ((__pyx_v_self->_key == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_key == NULL);
   if (unlikely(__pyx_t_1)) {
 
-    /* "ssh/key.pyx":38
+    /* "ssh/key.pyx":43
  *         self._key = c_ssh.ssh_key_new()
  *         if self._key is NULL:
  *             raise MemoryError             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
-    PyErr_NoMemory(); __PYX_ERR(0, 38, __pyx_L1_error)
+*/
+    PyErr_NoMemory(); __PYX_ERR(0, 43, __pyx_L1_error)
 
-    /* "ssh/key.pyx":37
+    /* "ssh/key.pyx":42
  *     def __cinit__(self):
  *         self._key = c_ssh.ssh_key_new()
  *         if self._key is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  * 
- */
+*/
   }
 
-  /* "ssh/key.pyx":35
+  /* "ssh/key.pyx":40
  *         return _key
  * 
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._key = c_ssh.ssh_key_new()
  *         if self._key is NULL:
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
@@ -1876,23 +3105,24 @@ static int __pyx_pf_3ssh_3key_6SSHKey___cinit__(struct __pyx_obj_3ssh_3key_SSHKe
   __Pyx_AddTraceback("ssh.key.SSHKey.__cinit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = -1;
   __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":40
+/* "ssh/key.pyx":45
  *             raise MemoryError
  * 
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._key is not NULL:
  *             c_ssh.ssh_key_free(self._key)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_3key_6SSHKey_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_3key_6SSHKey_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_3key_6SSHKey_2__dealloc__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
@@ -1900,74 +3130,100 @@ static void __pyx_pw_3ssh_3key_6SSHKey_3__dealloc__(PyObject *__pyx_v_self) {
 }
 
 static void __pyx_pf_3ssh_3key_6SSHKey_2__dealloc__(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
-  /* "ssh/key.pyx":41
+  /* "ssh/key.pyx":46
  * 
  *     def __dealloc__(self):
  *         if self._key is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_key_free(self._key)
  *             self._key = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_key != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_key != NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/key.pyx":42
+    /* "ssh/key.pyx":47
  *     def __dealloc__(self):
  *         if self._key is not NULL:
  *             c_ssh.ssh_key_free(self._key)             # <<<<<<<<<<<<<<
  *             self._key = NULL
  * 
- */
+*/
     ssh_key_free(__pyx_v_self->_key);
 
-    /* "ssh/key.pyx":43
+    /* "ssh/key.pyx":48
  *         if self._key is not NULL:
  *             c_ssh.ssh_key_free(self._key)
  *             self._key = NULL             # <<<<<<<<<<<<<<
  * 
  *     def is_private(self):
- */
+*/
     __pyx_v_self->_key = NULL;
 
-    /* "ssh/key.pyx":41
+    /* "ssh/key.pyx":46
  * 
  *     def __dealloc__(self):
  *         if self._key is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_key_free(self._key)
  *             self._key = NULL
- */
+*/
   }
 
-  /* "ssh/key.pyx":40
+  /* "ssh/key.pyx":45
  *             raise MemoryError
  * 
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._key is not NULL:
  *             c_ssh.ssh_key_free(self._key)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/key.pyx":45
+/* "ssh/key.pyx":50
  *             self._key = NULL
  * 
  *     def is_private(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_5is_private(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_4is_private[] = "SSHKey.is_private(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_5is_private(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_5is_private(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_4is_private, "SSHKey.is_private(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_5is_private = {"is_private", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_5is_private, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_4is_private};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_5is_private(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_private (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_private", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_private", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_4is_private(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
@@ -1986,72 +3242,69 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_4is_private(struct __pyx_obj_3ssh_3k
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_private", 0);
 
-  /* "ssh/key.pyx":47
+  /* "ssh/key.pyx":52
  *     def is_private(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_key_is_private(self._key)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":48
+        /* "ssh/key.pyx":53
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_key_is_private(self._key)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_key_is_private(__pyx_v_self->_key);
       }
 
-      /* "ssh/key.pyx":47
+      /* "ssh/key.pyx":52
  *     def is_private(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_key_is_private(self._key)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":49
+  /* "ssh/key.pyx":54
  *         with nogil:
  *             rc = c_ssh.ssh_key_is_private(self._key)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def is_public(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 54, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":45
+  /* "ssh/key.pyx":50
  *             self._key = NULL
  * 
  *     def is_private(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2064,21 +3317,50 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_4is_private(struct __pyx_obj_3ssh_3k
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":51
+/* "ssh/key.pyx":56
  *         return bool(rc)
  * 
  *     def is_public(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_7is_public(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_6is_public[] = "SSHKey.is_public(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_7is_public(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_7is_public(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_6is_public, "SSHKey.is_public(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_7is_public = {"is_public", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_7is_public, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_6is_public};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_7is_public(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_public (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_public", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_public", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_6is_public(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2097,72 +3379,69 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_6is_public(struct __pyx_obj_3ssh_3ke
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_public", 0);
 
-  /* "ssh/key.pyx":53
+  /* "ssh/key.pyx":58
  *     def is_public(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_key_is_public(self._key)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":54
+        /* "ssh/key.pyx":59
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_key_is_public(self._key)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_key_is_public(__pyx_v_self->_key);
       }
 
-      /* "ssh/key.pyx":53
+      /* "ssh/key.pyx":58
  *     def is_public(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_key_is_public(self._key)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":55
+  /* "ssh/key.pyx":60
  *         with nogil:
  *             rc = c_ssh.ssh_key_is_public(self._key)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def __eq__(self, SSHKey other):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 55, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 60, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":51
+  /* "ssh/key.pyx":56
  *         return bool(rc)
  * 
  *     def is_public(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2175,31 +3454,35 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_6is_public(struct __pyx_obj_3ssh_3ke
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":57
+/* "ssh/key.pyx":62
  *         return bool(rc)
  * 
  *     def __eq__(self, SSHKey other):             # <<<<<<<<<<<<<<
  *         cdef bint is_private
  *         cdef bint equal
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_3key_6SSHKey_9__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other); /*proto*/
 static PyObject *__pyx_pw_3ssh_3key_6SSHKey_9__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__eq__ (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_other), __pyx_ptype_3ssh_3key_SSHKey, 1, "other", 0))) __PYX_ERR(0, 57, __pyx_L1_error)
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_other), __pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, 1, "other", 0))) __PYX_ERR(0, 62, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_8__eq__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self), ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_other));
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  goto __pyx_L5_cleaned_up;
   __pyx_L0:;
+  __pyx_L5_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2217,102 +3500,99 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_8__eq__(struct __pyx_obj_3ssh_3key_S
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__eq__", 0);
 
-  /* "ssh/key.pyx":60
+  /* "ssh/key.pyx":65
  *         cdef bint is_private
  *         cdef bint equal
  *         with nogil:             # <<<<<<<<<<<<<<
  *             is_private = c_ssh.ssh_key_is_private(self._key)
  *             equal = c_ssh.ssh_key_cmp(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":61
+        /* "ssh/key.pyx":66
  *         cdef bint equal
  *         with nogil:
  *             is_private = c_ssh.ssh_key_is_private(self._key)             # <<<<<<<<<<<<<<
  *             equal = c_ssh.ssh_key_cmp(
  *                 self._key, other._key, c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PRIVATE) \
- */
+*/
         __pyx_v_is_private = ssh_key_is_private(__pyx_v_self->_key);
 
-        /* "ssh/key.pyx":64
+        /* "ssh/key.pyx":69
  *             equal = c_ssh.ssh_key_cmp(
  *                 self._key, other._key, c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PRIVATE) \
  *                 if is_private else \             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_key_cmp(
  *                     self._key, other._key,
- */
-        if ((__pyx_v_is_private != 0)) {
+*/
+        if (__pyx_v_is_private) {
 
-          /* "ssh/key.pyx":62
+          /* "ssh/key.pyx":67
  *         with nogil:
  *             is_private = c_ssh.ssh_key_is_private(self._key)
  *             equal = c_ssh.ssh_key_cmp(             # <<<<<<<<<<<<<<
  *                 self._key, other._key, c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PRIVATE) \
  *                 if is_private else \
- */
+*/
           __pyx_t_1 = ssh_key_cmp(__pyx_v_self->_key, __pyx_v_other->_key, SSH_KEY_CMP_PRIVATE);
         } else {
 
-          /* "ssh/key.pyx":65
+          /* "ssh/key.pyx":70
  *                 self._key, other._key, c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PRIVATE) \
  *                 if is_private else \
  *                 c_ssh.ssh_key_cmp(             # <<<<<<<<<<<<<<
  *                     self._key, other._key,
  *                     c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PUBLIC)
- */
+*/
           __pyx_t_1 = ssh_key_cmp(__pyx_v_self->_key, __pyx_v_other->_key, SSH_KEY_CMP_PUBLIC);
         }
         __pyx_v_equal = __pyx_t_1;
       }
 
-      /* "ssh/key.pyx":60
+      /* "ssh/key.pyx":65
  *         cdef bint is_private
  *         cdef bint equal
  *         with nogil:             # <<<<<<<<<<<<<<
  *             is_private = c_ssh.ssh_key_is_private(self._key)
  *             equal = c_ssh.ssh_key_cmp(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":68
+  /* "ssh/key.pyx":73
  *                     self._key, other._key,
  *                     c_ssh.ssh_keycmp_e.SSH_KEY_CMP_PUBLIC)
  *         return bool(not equal)             # <<<<<<<<<<<<<<
  * 
  *     def key_type(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = (!(__pyx_v_equal != 0));
-  __pyx_t_3 = __Pyx_PyBool_FromLong((!(!__pyx_t_2))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 68, __pyx_L1_error)
+  __pyx_t_2 = (!__pyx_v_equal);
+  __pyx_t_3 = __Pyx_PyBool_FromLong((!(!__pyx_t_2))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 73, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":57
+  /* "ssh/key.pyx":62
  *         return bool(rc)
  * 
  *     def __eq__(self, SSHKey other):             # <<<<<<<<<<<<<<
  *         cdef bint is_private
  *         cdef bint equal
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2325,21 +3605,50 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_8__eq__(struct __pyx_obj_3ssh_3key_S
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":70
+/* "ssh/key.pyx":75
  *         return bool(not equal)
  * 
  *     def key_type(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_keytypes_e _type
  *         if self._key is NULL:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_11key_type(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_10key_type[] = "SSHKey.key_type(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_11key_type(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_11key_type(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_10key_type, "SSHKey.key_type(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_11key_type = {"key_type", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_11key_type, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_10key_type};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_11key_type(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("key_type (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("key_type", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("key_type", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_10key_type(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2358,66 +3667,66 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_10key_type(struct __pyx_obj_3ssh_3ke
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("key_type", 0);
 
-  /* "ssh/key.pyx":72
+  /* "ssh/key.pyx":77
  *     def key_type(self):
  *         cdef c_ssh.ssh_keytypes_e _type
  *         if self._key is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         _type = c_ssh.ssh_key_type(self._key)
- */
-  __pyx_t_1 = ((__pyx_v_self->_key == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_key == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/key.pyx":73
+    /* "ssh/key.pyx":78
  *         cdef c_ssh.ssh_keytypes_e _type
  *         if self._key is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         _type = c_ssh.ssh_key_type(self._key)
  *         return from_keytype(_type)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/key.pyx":72
+    /* "ssh/key.pyx":77
  *     def key_type(self):
  *         cdef c_ssh.ssh_keytypes_e _type
  *         if self._key is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         _type = c_ssh.ssh_key_type(self._key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":74
+  /* "ssh/key.pyx":79
  *         if self._key is NULL:
  *             return
  *         _type = c_ssh.ssh_key_type(self._key)             # <<<<<<<<<<<<<<
  *         return from_keytype(_type)
  * 
- */
+*/
   __pyx_v__type = ssh_key_type(__pyx_v_self->_key);
 
-  /* "ssh/key.pyx":75
+  /* "ssh/key.pyx":80
  *             return
  *         _type = c_ssh.ssh_key_type(self._key)
  *         return from_keytype(_type)             # <<<<<<<<<<<<<<
  * 
  *     def ecdsa_name(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_8keytypes_from_keytype(__pyx_v__type)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 75, __pyx_L1_error)
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_8keytypes_from_keytype(__pyx_v__type)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 80, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":70
+  /* "ssh/key.pyx":75
  *         return bool(not equal)
  * 
  *     def key_type(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_keytypes_e _type
  *         if self._key is NULL:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2430,21 +3739,50 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_10key_type(struct __pyx_obj_3ssh_3ke
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":77
+/* "ssh/key.pyx":82
  *         return from_keytype(_type)
  * 
  *     def ecdsa_name(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *c_name
  *         cdef bytes b_name
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_12ecdsa_name[] = "SSHKey.ecdsa_name(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_12ecdsa_name, "SSHKey.ecdsa_name(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_13ecdsa_name = {"ecdsa_name", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_12ecdsa_name};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("ecdsa_name (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("ecdsa_name", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("ecdsa_name", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_12ecdsa_name(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2464,84 +3802,81 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_12ecdsa_name(struct __pyx_obj_3ssh_3
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("ecdsa_name", 0);
 
-  /* "ssh/key.pyx":80
+  /* "ssh/key.pyx":85
  *         cdef const_char *c_name
  *         cdef bytes b_name
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_name = c_ssh.ssh_pki_key_ecdsa_name(self._key)
  *         b_name = c_name
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":81
+        /* "ssh/key.pyx":86
  *         cdef bytes b_name
  *         with nogil:
  *             c_name = c_ssh.ssh_pki_key_ecdsa_name(self._key)             # <<<<<<<<<<<<<<
  *         b_name = c_name
  *         return to_str(b_name)
- */
+*/
         __pyx_v_c_name = ssh_pki_key_ecdsa_name(__pyx_v_self->_key);
       }
 
-      /* "ssh/key.pyx":80
+      /* "ssh/key.pyx":85
  *         cdef const_char *c_name
  *         cdef bytes b_name
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_name = c_ssh.ssh_pki_key_ecdsa_name(self._key)
  *         b_name = c_name
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":82
+  /* "ssh/key.pyx":87
  *         with nogil:
  *             c_name = c_ssh.ssh_pki_key_ecdsa_name(self._key)
  *         b_name = c_name             # <<<<<<<<<<<<<<
  *         return to_str(b_name)
  * 
- */
-  __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v_c_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 82, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v_c_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 87, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_name = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":83
+  /* "ssh/key.pyx":88
  *             c_name = c_ssh.ssh_pki_key_ecdsa_name(self._key)
  *         b_name = c_name
  *         return to_str(b_name)             # <<<<<<<<<<<<<<
  * 
- *     def export_privkey_file(self, filepath, passphrase=None):
- */
+ *     def export_privkey_file(self, filepath not None, passphrase=None):
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 83, __pyx_L1_error)
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_str(__pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 83, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 88, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_str(__pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 88, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":77
+  /* "ssh/key.pyx":82
  *         return from_keytype(_type)
  * 
  *     def ecdsa_name(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *c_name
  *         cdef bytes b_name
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2555,79 +3890,123 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_12ecdsa_name(struct __pyx_obj_3ssh_3
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":85
+/* "ssh/key.pyx":90
  *         return to_str(b_name)
  * 
- *     def export_privkey_file(self, filepath, passphrase=None):             # <<<<<<<<<<<<<<
+ *     def export_privkey_file(self, filepath not None, passphrase=None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_passphrase
  *         cdef bytes b_filepath = to_bytes(filepath)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_14export_privkey_file[] = "SSHKey.export_privkey_file(self, filepath, passphrase=None)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_14export_privkey_file, "SSHKey.export_privkey_file(self, filepath, passphrase=None)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_15export_privkey_file = {"export_privkey_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_14export_privkey_file};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_filepath = 0;
   PyObject *__pyx_v_passphrase = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("export_privkey_file (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_filepath,&__pyx_n_s_passphrase,0};
-    PyObject* values[2] = {0,0};
-    values[1] = ((PyObject *)Py_None);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filepath,&__pyx_mstate_global->__pyx_n_u_passphrase,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 90, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 90, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 90, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_filepath)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_passphrase);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "export_privkey_file") < 0)) __PYX_ERR(0, 85, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "export_privkey_file", 0) < 0) __PYX_ERR(0, 90, __pyx_L3_error)
+      if (!values[1]) values[1] = __Pyx_NewRef(((PyObject *)Py_None));
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("export_privkey_file", 0, 1, 2, i); __PYX_ERR(0, 90, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 90, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 90, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[1]) values[1] = __Pyx_NewRef(((PyObject *)Py_None));
     }
     __pyx_v_filepath = values[0];
     __pyx_v_passphrase = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("export_privkey_file", 0, 1, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 85, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("export_privkey_file", 0, 1, 2, __pyx_nargs); __PYX_ERR(0, 90, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.SSHKey.export_privkey_file", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
+  if (unlikely(((PyObject *)__pyx_v_filepath) == Py_None)) {
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "filepath"); __PYX_ERR(0, 90, __pyx_L1_error)
+  }
   __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_14export_privkey_file(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self), __pyx_v_filepath, __pyx_v_passphrase);
 
   /* function exit code */
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
+  __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2643,176 +4022,171 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_14export_privkey_file(struct __pyx_o
   PyObject *__pyx_t_1 = NULL;
   const char *__pyx_t_2;
   int __pyx_t_3;
-  int __pyx_t_4;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("export_privkey_file", 0);
 
-  /* "ssh/key.pyx":87
- *     def export_privkey_file(self, filepath, passphrase=None):
+  /* "ssh/key.pyx":92
+ *     def export_privkey_file(self, filepath not None, passphrase=None):
  *         cdef bytes b_passphrase
  *         cdef bytes b_filepath = to_bytes(filepath)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_passphrase = NULL
  *         cdef const_char *c_filepath = b_filepath
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 87, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 92, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filepath = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":88
+  /* "ssh/key.pyx":93
  *         cdef bytes b_passphrase
  *         cdef bytes b_filepath = to_bytes(filepath)
  *         cdef const_char *c_passphrase = NULL             # <<<<<<<<<<<<<<
  *         cdef const_char *c_filepath = b_filepath
  *         cdef int rc
- */
+*/
   __pyx_v_c_passphrase = NULL;
 
-  /* "ssh/key.pyx":89
+  /* "ssh/key.pyx":94
  *         cdef bytes b_filepath = to_bytes(filepath)
  *         cdef const_char *c_passphrase = NULL
  *         cdef const_char *c_filepath = b_filepath             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if passphrase is not None:
- */
+*/
   if (unlikely(__pyx_v_b_filepath == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 89, __pyx_L1_error)
+    __PYX_ERR(0, 94, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 89, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 94, __pyx_L1_error)
   __pyx_v_c_filepath = __pyx_t_2;
 
-  /* "ssh/key.pyx":91
+  /* "ssh/key.pyx":96
  *         cdef const_char *c_filepath = b_filepath
  *         cdef int rc
  *         if passphrase is not None:             # <<<<<<<<<<<<<<
  *             b_passphrase = to_bytes(passphrase)
  *             c_passphrase = b_passphrase
- */
+*/
   __pyx_t_3 = (__pyx_v_passphrase != Py_None);
-  __pyx_t_4 = (__pyx_t_3 != 0);
-  if (__pyx_t_4) {
+  if (__pyx_t_3) {
 
-    /* "ssh/key.pyx":92
+    /* "ssh/key.pyx":97
  *         cdef int rc
  *         if passphrase is not None:
  *             b_passphrase = to_bytes(passphrase)             # <<<<<<<<<<<<<<
  *             c_passphrase = b_passphrase
  *         with nogil:
- */
-    __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 92, __pyx_L1_error)
+*/
+    __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 97, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __pyx_v_b_passphrase = ((PyObject*)__pyx_t_1);
     __pyx_t_1 = 0;
 
-    /* "ssh/key.pyx":93
+    /* "ssh/key.pyx":98
  *         if passphrase is not None:
  *             b_passphrase = to_bytes(passphrase)
  *             c_passphrase = b_passphrase             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_pki_export_privkey_file(
- */
+*/
     if (unlikely(__pyx_v_b_passphrase == Py_None)) {
       PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-      __PYX_ERR(0, 93, __pyx_L1_error)
+      __PYX_ERR(0, 98, __pyx_L1_error)
     }
-    __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 93, __pyx_L1_error)
+    __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 98, __pyx_L1_error)
     __pyx_v_c_passphrase = __pyx_t_2;
 
-    /* "ssh/key.pyx":91
+    /* "ssh/key.pyx":96
  *         cdef const_char *c_filepath = b_filepath
  *         cdef int rc
  *         if passphrase is not None:             # <<<<<<<<<<<<<<
  *             b_passphrase = to_bytes(passphrase)
  *             c_passphrase = b_passphrase
- */
+*/
   }
 
-  /* "ssh/key.pyx":94
+  /* "ssh/key.pyx":99
  *             b_passphrase = to_bytes(passphrase)
  *             c_passphrase = b_passphrase
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_pki_export_privkey_file(
  *                 self._key, c_passphrase, NULL, NULL, c_filepath)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":95
+        /* "ssh/key.pyx":100
  *             c_passphrase = b_passphrase
  *         with nogil:
  *             rc = c_ssh.ssh_pki_export_privkey_file(             # <<<<<<<<<<<<<<
  *                 self._key, c_passphrase, NULL, NULL, c_filepath)
  *         if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_export_privkey_file(__pyx_v_self->_key, __pyx_v_c_passphrase, NULL, NULL, __pyx_v_c_filepath);
       }
 
-      /* "ssh/key.pyx":94
+      /* "ssh/key.pyx":99
  *             b_passphrase = to_bytes(passphrase)
  *             c_passphrase = b_passphrase
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_pki_export_privkey_file(
  *                 self._key, c_passphrase, NULL, NULL, c_filepath)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
       }
   }
 
-  /* "ssh/key.pyx":97
+  /* "ssh/key.pyx":102
  *             rc = c_ssh.ssh_pki_export_privkey_file(
  *                 self._key, c_passphrase, NULL, NULL, c_filepath)
  *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *             raise KeyExportError
  * 
- */
-  __pyx_t_4 = ((__pyx_v_rc != SSH_OK) != 0);
-  if (unlikely(__pyx_t_4)) {
+*/
+  __pyx_t_3 = (__pyx_v_rc != SSH_OK);
+  if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/key.pyx":98
+    /* "ssh/key.pyx":103
  *                 self._key, c_passphrase, NULL, NULL, c_filepath)
  *         if rc != c_ssh.SSH_OK:
  *             raise KeyExportError             # <<<<<<<<<<<<<<
  * 
- *     def export_privkey_to_pubkey(self):
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_KeyExportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 98, __pyx_L1_error)
+ *     def export_privkey_file_format(
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyExportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 103, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 98, __pyx_L1_error)
+    __PYX_ERR(0, 103, __pyx_L1_error)
 
-    /* "ssh/key.pyx":97
+    /* "ssh/key.pyx":102
  *             rc = c_ssh.ssh_pki_export_privkey_file(
  *                 self._key, c_passphrase, NULL, NULL, c_filepath)
  *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *             raise KeyExportError
  * 
- */
+*/
   }
 
-  /* "ssh/key.pyx":85
+  /* "ssh/key.pyx":90
  *         return to_str(b_name)
  * 
- *     def export_privkey_file(self, filepath, passphrase=None):             # <<<<<<<<<<<<<<
+ *     def export_privkey_file(self, filepath not None, passphrase=None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_passphrase
  *         cdef bytes b_filepath = to_bytes(filepath)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2829,148 +4203,698 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_14export_privkey_file(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":100
+/* "ssh/key.pyx":105
  *             raise KeyExportError
  * 
- *     def export_privkey_to_pubkey(self):             # <<<<<<<<<<<<<<
- *         cdef SSHKey pub_key
- *         cdef c_ssh.ssh_key _pub_key
- */
+ *     def export_privkey_file_format(             # <<<<<<<<<<<<<<
+ *             self, filepath not None, keyformat not None, passphrase=None):
+ *         cdef bytes b_passphrase
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_to_pubkey(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_16export_privkey_to_pubkey[] = "SSHKey.export_privkey_to_pubkey(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_to_pubkey(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_file_format(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_16export_privkey_file_format, "SSHKey.export_privkey_file_format(self, filepath, keyformat, passphrase=None)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_17export_privkey_file_format = {"export_privkey_file_format", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_file_format, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_16export_privkey_file_format};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_file_format(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_filepath = 0;
+  PyObject *__pyx_v_keyformat = 0;
+  PyObject *__pyx_v_passphrase = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("export_privkey_to_pubkey (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_16export_privkey_to_pubkey(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
+  __Pyx_RefNannySetupContext("export_privkey_file_format (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filepath,&__pyx_mstate_global->__pyx_n_u_keyformat,&__pyx_mstate_global->__pyx_n_u_passphrase,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 105, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 105, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 105, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 105, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "export_privkey_file_format", 0) < 0) __PYX_ERR(0, 105, __pyx_L3_error)
+
+      /* "ssh/key.pyx":106
+ * 
+ *     def export_privkey_file_format(
+ *             self, filepath not None, keyformat not None, passphrase=None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_passphrase
+ *         cdef bytes b_filepath = to_bytes(filepath)
+*/
+      if (!values[2]) values[2] = __Pyx_NewRef(((PyObject *)Py_None));
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("export_privkey_file_format", 0, 2, 3, i); __PYX_ERR(0, 105, __pyx_L3_error) }
+      }
+    } else {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 105, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 105, __pyx_L3_error)
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 105, __pyx_L3_error)
+        break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      if (!values[2]) values[2] = __Pyx_NewRef(((PyObject *)Py_None));
+    }
+    __pyx_v_filepath = values[0];
+    __pyx_v_keyformat = values[1];
+    __pyx_v_passphrase = values[2];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("export_privkey_file_format", 0, 2, 3, __pyx_nargs); __PYX_ERR(0, 105, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.key.SSHKey.export_privkey_file_format", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(((PyObject *)__pyx_v_filepath) == Py_None)) {
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "filepath"); __PYX_ERR(0, 106, __pyx_L1_error)
+  }
+  if (unlikely(((PyObject *)__pyx_v_keyformat) == Py_None)) {
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "keyformat"); __PYX_ERR(0, 106, __pyx_L1_error)
+  }
+  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_16export_privkey_file_format(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self), __pyx_v_filepath, __pyx_v_keyformat, __pyx_v_passphrase);
+
+  /* "ssh/key.pyx":105
+ *             raise KeyExportError
+ * 
+ *     def export_privkey_file_format(             # <<<<<<<<<<<<<<
+ *             self, filepath not None, keyformat not None, passphrase=None):
+ *         cdef bytes b_passphrase
+*/
 
   /* function exit code */
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
+  __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_16export_privkey_to_pubkey(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
-  struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pub_key = 0;
-  ssh_key __pyx_v__pub_key;
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_16export_privkey_file_format(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, PyObject *__pyx_v_filepath, PyObject *__pyx_v_keyformat, PyObject *__pyx_v_passphrase) {
+  PyObject *__pyx_v_b_passphrase = 0;
+  PyObject *__pyx_v_b_filepath = 0;
+  const char *__pyx_v_c_passphrase;
+  const char *__pyx_v_c_filepath;
   int __pyx_v_rc;
+  enum ssh_file_format_e __pyx_v_c_keyformat;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  int __pyx_t_1;
-  PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_1 = NULL;
+  const char *__pyx_t_2;
+  int __pyx_t_3;
+  PyObject *__pyx_t_4 = NULL;
+  PyObject *__pyx_t_5 = NULL;
+  int __pyx_t_6;
+  size_t __pyx_t_7;
+  enum ssh_file_format_e __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("export_privkey_to_pubkey", 0);
+  __Pyx_RefNannySetupContext("export_privkey_file_format", 0);
 
-  /* "ssh/key.pyx":104
- *         cdef c_ssh.ssh_key _pub_key
+  /* "ssh/key.pyx":108
+ *             self, filepath not None, keyformat not None, passphrase=None):
+ *         cdef bytes b_passphrase
+ *         cdef bytes b_filepath = to_bytes(filepath)             # <<<<<<<<<<<<<<
+ *         cdef const_char *c_passphrase = NULL
+ *         cdef const_char *c_filepath = b_filepath
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 108, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_v_b_filepath = ((PyObject*)__pyx_t_1);
+  __pyx_t_1 = 0;
+
+  /* "ssh/key.pyx":109
+ *         cdef bytes b_passphrase
+ *         cdef bytes b_filepath = to_bytes(filepath)
+ *         cdef const_char *c_passphrase = NULL             # <<<<<<<<<<<<<<
+ *         cdef const_char *c_filepath = b_filepath
  *         cdef int rc
- *         with nogil:             # <<<<<<<<<<<<<<
- *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
- *         if rc != c_ssh.SSH_OK:
- */
-  {
-      #ifdef WITH_THREAD
-      PyThreadState *_save;
-      Py_UNBLOCK_THREADS
-      __Pyx_FastGIL_Remember();
-      #endif
-      /*try:*/ {
+*/
+  __pyx_v_c_passphrase = NULL;
 
-        /* "ssh/key.pyx":105
+  /* "ssh/key.pyx":110
+ *         cdef bytes b_filepath = to_bytes(filepath)
+ *         cdef const_char *c_passphrase = NULL
+ *         cdef const_char *c_filepath = b_filepath             # <<<<<<<<<<<<<<
  *         cdef int rc
- *         with nogil:
- *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)             # <<<<<<<<<<<<<<
- *         if rc != c_ssh.SSH_OK:
- *             raise KeyExportError
- */
-        __pyx_v_rc = ssh_pki_export_privkey_to_pubkey(__pyx_v_self->_key, (&__pyx_v__pub_key));
-      }
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+*/
+  if (unlikely(__pyx_v_b_filepath == Py_None)) {
+    PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
+    __PYX_ERR(0, 110, __pyx_L1_error)
+  }
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 110, __pyx_L1_error)
+  __pyx_v_c_filepath = __pyx_t_2;
 
-      /* "ssh/key.pyx":104
- *         cdef c_ssh.ssh_key _pub_key
+  /* "ssh/key.pyx":112
+ *         cdef const_char *c_filepath = b_filepath
  *         cdef int rc
- *         with nogil:             # <<<<<<<<<<<<<<
- *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
- *         if rc != c_ssh.SSH_OK:
- */
-      /*finally:*/ {
-        /*normal exit:*/{
-          #ifdef WITH_THREAD
-          __Pyx_FastGIL_Forget();
-          Py_BLOCK_THREADS
-          #endif
-          goto __pyx_L5;
-        }
-        __pyx_L5:;
-      }
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):             # <<<<<<<<<<<<<<
+ *             raise ValueError(
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+*/
+  __Pyx_INCREF(__pyx_v_keyformat);
+  __pyx_t_1 = __pyx_v_keyformat;
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_DEFAULT); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = PyObject_RichCompare(__pyx_t_1, __pyx_t_4, Py_NE); __Pyx_XGOTREF(__pyx_t_5); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_6 = __Pyx_PyObject_IsTrue(__pyx_t_5); if (unlikely((__pyx_t_6 < 0))) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  if (__pyx_t_6) {
+  } else {
+    __pyx_t_3 = __pyx_t_6;
+    goto __pyx_L4_bool_binop_done;
+  }
+  __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_OPENSSH); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_4 = PyObject_RichCompare(__pyx_t_1, __pyx_t_5, Py_NE); __Pyx_XGOTREF(__pyx_t_4); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_6 = __Pyx_PyObject_IsTrue(__pyx_t_4); if (unlikely((__pyx_t_6 < 0))) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  if (__pyx_t_6) {
+  } else {
+    __pyx_t_3 = __pyx_t_6;
+    goto __pyx_L4_bool_binop_done;
   }
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_PEM); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = PyObject_RichCompare(__pyx_t_1, __pyx_t_4, Py_NE); __Pyx_XGOTREF(__pyx_t_5); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_6 = __Pyx_PyObject_IsTrue(__pyx_t_5); if (unlikely((__pyx_t_6 < 0))) __PYX_ERR(0, 112, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_3 = __pyx_t_6;
+  __pyx_L4_bool_binop_done:;
+  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_6 = __pyx_t_3;
+  if (unlikely(__pyx_t_6)) {
 
-  /* "ssh/key.pyx":106
- *         with nogil:
- *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
- *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
- *             raise KeyExportError
- *         pub_key = SSHKey.from_ptr(_pub_key)
- */
-  __pyx_t_1 = ((__pyx_v_rc != SSH_OK) != 0);
-  if (unlikely(__pyx_t_1)) {
+    /* "ssh/key.pyx":113
+ *         cdef int rc
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+ *             raise ValueError(             # <<<<<<<<<<<<<<
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)
+*/
+    __pyx_t_5 = NULL;
+    __Pyx_INCREF(__pyx_builtin_ValueError);
+    __pyx_t_4 = __pyx_builtin_ValueError; 
+
+    /* "ssh/key.pyx":115
+ *             raise ValueError(
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.ssh_file_format_e c_keyformat = keyformat
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+*/
+    __pyx_t_7 = 1;
+    {
+      PyObject *__pyx_callargs[3] = {__pyx_t_5, __pyx_mstate_global->__pyx_kp_u_Keyformat_must_be_one_of_SSH_FIL, __pyx_v_keyformat};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_7, (3-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
+    }
+    __Pyx_Raise(__pyx_t_1, 0, 0, 0);
+    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+    __PYX_ERR(0, 113, __pyx_L1_error)
 
-    /* "ssh/key.pyx":107
- *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
- *         if rc != c_ssh.SSH_OK:
- *             raise KeyExportError             # <<<<<<<<<<<<<<
- *         pub_key = SSHKey.from_ptr(_pub_key)
- *         return pub_key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_KeyExportError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 107, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_Raise(__pyx_t_2, 0, 0, 0);
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-    __PYX_ERR(0, 107, __pyx_L1_error)
+    /* "ssh/key.pyx":112
+ *         cdef const_char *c_filepath = b_filepath
+ *         cdef int rc
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):             # <<<<<<<<<<<<<<
+ *             raise ValueError(
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+*/
+  }
+
+  /* "ssh/key.pyx":116
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)
+ *         cdef c_ssh.ssh_file_format_e c_keyformat = keyformat             # <<<<<<<<<<<<<<
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+ *             raise ValueError(
+*/
+  __pyx_t_8 = ((enum ssh_file_format_e)__Pyx_PyLong_As_enum__ssh_file_format_e(__pyx_v_keyformat)); if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 116, __pyx_L1_error)
+  __pyx_v_c_keyformat = __pyx_t_8;
+
+  /* "ssh/key.pyx":117
+ *                 keyformat)
+ *         cdef c_ssh.ssh_file_format_e c_keyformat = keyformat
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):             # <<<<<<<<<<<<<<
+ *             raise ValueError(
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+*/
+  __Pyx_INCREF(__pyx_v_keyformat);
+  __pyx_t_1 = __pyx_v_keyformat;
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_DEFAULT); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = PyObject_RichCompare(__pyx_t_1, __pyx_t_4, Py_NE); __Pyx_XGOTREF(__pyx_t_5); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_3 = __Pyx_PyObject_IsTrue(__pyx_t_5); if (unlikely((__pyx_t_3 < 0))) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  if (__pyx_t_3) {
+  } else {
+    __pyx_t_6 = __pyx_t_3;
+    goto __pyx_L8_bool_binop_done;
+  }
+  __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_OPENSSH); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_4 = PyObject_RichCompare(__pyx_t_1, __pyx_t_5, Py_NE); __Pyx_XGOTREF(__pyx_t_4); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_3 = __Pyx_PyObject_IsTrue(__pyx_t_4); if (unlikely((__pyx_t_3 < 0))) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  if (__pyx_t_3) {
+  } else {
+    __pyx_t_6 = __pyx_t_3;
+    goto __pyx_L8_bool_binop_done;
+  }
+  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_PEM); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
+  __pyx_t_5 = PyObject_RichCompare(__pyx_t_1, __pyx_t_4, Py_NE); __Pyx_XGOTREF(__pyx_t_5); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+  __pyx_t_3 = __Pyx_PyObject_IsTrue(__pyx_t_5); if (unlikely((__pyx_t_3 < 0))) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+  __pyx_t_6 = __pyx_t_3;
+  __pyx_L8_bool_binop_done:;
+  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_3 = __pyx_t_6;
+  if (unlikely(__pyx_t_3)) {
+
+    /* "ssh/key.pyx":118
+ *         cdef c_ssh.ssh_file_format_e c_keyformat = keyformat
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+ *             raise ValueError(             # <<<<<<<<<<<<<<
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)
+*/
+    __pyx_t_5 = NULL;
+    __Pyx_INCREF(__pyx_builtin_ValueError);
+    __pyx_t_4 = __pyx_builtin_ValueError; 
+
+    /* "ssh/key.pyx":120
+ *             raise ValueError(
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)             # <<<<<<<<<<<<<<
+ *         if passphrase is not None:
+ *             b_passphrase = to_bytes(passphrase)
+*/
+    __pyx_t_7 = 1;
+    {
+      PyObject *__pyx_callargs[3] = {__pyx_t_5, __pyx_mstate_global->__pyx_kp_u_Keyformat_must_be_one_of_SSH_FIL, __pyx_v_keyformat};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_7, (3-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 118, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
+    }
+    __Pyx_Raise(__pyx_t_1, 0, 0, 0);
+    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+    __PYX_ERR(0, 118, __pyx_L1_error)
+
+    /* "ssh/key.pyx":117
+ *                 keyformat)
+ *         cdef c_ssh.ssh_file_format_e c_keyformat = keyformat
+ *         if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):             # <<<<<<<<<<<<<<
+ *             raise ValueError(
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+*/
+  }
+
+  /* "ssh/key.pyx":121
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)
+ *         if passphrase is not None:             # <<<<<<<<<<<<<<
+ *             b_passphrase = to_bytes(passphrase)
+ *             c_passphrase = b_passphrase
+*/
+  __pyx_t_3 = (__pyx_v_passphrase != Py_None);
+  if (__pyx_t_3) {
+
+    /* "ssh/key.pyx":122
+ *                 keyformat)
+ *         if passphrase is not None:
+ *             b_passphrase = to_bytes(passphrase)             # <<<<<<<<<<<<<<
+ *             c_passphrase = b_passphrase
+ *         with nogil:
+*/
+    __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 122, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+    __pyx_v_b_passphrase = ((PyObject*)__pyx_t_1);
+    __pyx_t_1 = 0;
+
+    /* "ssh/key.pyx":123
+ *         if passphrase is not None:
+ *             b_passphrase = to_bytes(passphrase)
+ *             c_passphrase = b_passphrase             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             rc = c_ssh.ssh_pki_export_privkey_file_format(
+*/
+    if (unlikely(__pyx_v_b_passphrase == Py_None)) {
+      PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
+      __PYX_ERR(0, 123, __pyx_L1_error)
+    }
+    __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 123, __pyx_L1_error)
+    __pyx_v_c_passphrase = __pyx_t_2;
+
+    /* "ssh/key.pyx":121
+ *                 "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+ *                 keyformat)
+ *         if passphrase is not None:             # <<<<<<<<<<<<<<
+ *             b_passphrase = to_bytes(passphrase)
+ *             c_passphrase = b_passphrase
+*/
+  }
+
+  /* "ssh/key.pyx":124
+ *             b_passphrase = to_bytes(passphrase)
+ *             c_passphrase = b_passphrase
+ *         with nogil:             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_pki_export_privkey_file_format(
+ *                 self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+*/
+  {
+      PyThreadState *_save;
+      _save = NULL;
+      Py_UNBLOCK_THREADS
+      __Pyx_FastGIL_Remember();
+      /*try:*/ {
+
+        /* "ssh/key.pyx":125
+ *             c_passphrase = b_passphrase
+ *         with nogil:
+ *             rc = c_ssh.ssh_pki_export_privkey_file_format(             # <<<<<<<<<<<<<<
+ *                 self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+ *         if rc != c_ssh.SSH_OK:
+*/
+        __pyx_v_rc = ssh_pki_export_privkey_file_format(__pyx_v_self->_key, __pyx_v_c_passphrase, NULL, NULL, __pyx_v_c_filepath, __pyx_v_c_keyformat);
+      }
+
+      /* "ssh/key.pyx":124
+ *             b_passphrase = to_bytes(passphrase)
+ *             c_passphrase = b_passphrase
+ *         with nogil:             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_pki_export_privkey_file_format(
+ *                 self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+*/
+      /*finally:*/ {
+        /*normal exit:*/{
+          __Pyx_FastGIL_Forget();
+          Py_BLOCK_THREADS
+          goto __pyx_L14;
+        }
+        __pyx_L14:;
+      }
+  }
+
+  /* "ssh/key.pyx":127
+ *             rc = c_ssh.ssh_pki_export_privkey_file_format(
+ *                 self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+ *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
+ *             raise KeyExportError
+ * 
+*/
+  __pyx_t_3 = (__pyx_v_rc != SSH_OK);
+  if (unlikely(__pyx_t_3)) {
+
+    /* "ssh/key.pyx":128
+ *                 self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+ *         if rc != c_ssh.SSH_OK:
+ *             raise KeyExportError             # <<<<<<<<<<<<<<
+ * 
+ *     def export_privkey_to_pubkey(self):
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyExportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 128, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+    __Pyx_Raise(__pyx_t_1, 0, 0, 0);
+    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+    __PYX_ERR(0, 128, __pyx_L1_error)
+
+    /* "ssh/key.pyx":127
+ *             rc = c_ssh.ssh_pki_export_privkey_file_format(
+ *                 self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+ *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
+ *             raise KeyExportError
+ * 
+*/
+  }
+
+  /* "ssh/key.pyx":105
+ *             raise KeyExportError
+ * 
+ *     def export_privkey_file_format(             # <<<<<<<<<<<<<<
+ *             self, filepath not None, keyformat not None, passphrase=None):
+ *         cdef bytes b_passphrase
+*/
+
+  /* function exit code */
+  __pyx_r = Py_None; __Pyx_INCREF(Py_None);
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_4);
+  __Pyx_XDECREF(__pyx_t_5);
+  __Pyx_AddTraceback("ssh.key.SSHKey.export_privkey_file_format", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = NULL;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_b_passphrase);
+  __Pyx_XDECREF(__pyx_v_b_filepath);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+/* "ssh/key.pyx":130
+ *             raise KeyExportError
+ * 
+ *     def export_privkey_to_pubkey(self):             # <<<<<<<<<<<<<<
+ *         cdef SSHKey pub_key
+ *         cdef c_ssh.ssh_key _pub_key
+*/
+
+/* Python wrapper */
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_19export_privkey_to_pubkey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_18export_privkey_to_pubkey, "SSHKey.export_privkey_to_pubkey(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_19export_privkey_to_pubkey = {"export_privkey_to_pubkey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_19export_privkey_to_pubkey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_18export_privkey_to_pubkey};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_19export_privkey_to_pubkey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("export_privkey_to_pubkey (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("export_privkey_to_pubkey", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("export_privkey_to_pubkey", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_18export_privkey_to_pubkey(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
+
+  /* function exit code */
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_18export_privkey_to_pubkey(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
+  struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pub_key = 0;
+  ssh_key __pyx_v__pub_key;
+  int __pyx_v_rc;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  PyObject *__pyx_t_2 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("export_privkey_to_pubkey", 0);
+
+  /* "ssh/key.pyx":134
+ *         cdef c_ssh.ssh_key _pub_key
+ *         cdef int rc
+ *         with nogil:             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
+ *         if rc != c_ssh.SSH_OK:
+*/
+  {
+      PyThreadState *_save;
+      _save = NULL;
+      Py_UNBLOCK_THREADS
+      __Pyx_FastGIL_Remember();
+      /*try:*/ {
+
+        /* "ssh/key.pyx":135
+ *         cdef int rc
+ *         with nogil:
+ *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)             # <<<<<<<<<<<<<<
+ *         if rc != c_ssh.SSH_OK:
+ *             raise KeyExportError
+*/
+        __pyx_v_rc = ssh_pki_export_privkey_to_pubkey(__pyx_v_self->_key, (&__pyx_v__pub_key));
+      }
+
+      /* "ssh/key.pyx":134
+ *         cdef c_ssh.ssh_key _pub_key
+ *         cdef int rc
+ *         with nogil:             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
+ *         if rc != c_ssh.SSH_OK:
+*/
+      /*finally:*/ {
+        /*normal exit:*/{
+          __Pyx_FastGIL_Forget();
+          Py_BLOCK_THREADS
+          goto __pyx_L5;
+        }
+        __pyx_L5:;
+      }
+  }
 
-    /* "ssh/key.pyx":106
+  /* "ssh/key.pyx":136
  *         with nogil:
  *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
  *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *             raise KeyExportError
  *         pub_key = SSHKey.from_ptr(_pub_key)
- */
+*/
+  __pyx_t_1 = (__pyx_v_rc != SSH_OK);
+  if (unlikely(__pyx_t_1)) {
+
+    /* "ssh/key.pyx":137
+ *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
+ *         if rc != c_ssh.SSH_OK:
+ *             raise KeyExportError             # <<<<<<<<<<<<<<
+ *         pub_key = SSHKey.from_ptr(_pub_key)
+ *         return pub_key
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_KeyExportError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 137, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_2);
+    __Pyx_Raise(__pyx_t_2, 0, 0, 0);
+    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+    __PYX_ERR(0, 137, __pyx_L1_error)
+
+    /* "ssh/key.pyx":136
+ *         with nogil:
+ *             rc = c_ssh.ssh_pki_export_privkey_to_pubkey(self._key, &_pub_key)
+ *         if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
+ *             raise KeyExportError
+ *         pub_key = SSHKey.from_ptr(_pub_key)
+*/
   }
 
-  /* "ssh/key.pyx":108
+  /* "ssh/key.pyx":138
  *         if rc != c_ssh.SSH_OK:
  *             raise KeyExportError
  *         pub_key = SSHKey.from_ptr(_pub_key)             # <<<<<<<<<<<<<<
  *         return pub_key
  * 
- */
-  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__pub_key)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 108, __pyx_L1_error)
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__pub_key)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 138, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_pub_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/key.pyx":109
+  /* "ssh/key.pyx":139
  *             raise KeyExportError
  *         pub_key = SSHKey.from_ptr(_pub_key)
  *         return pub_key             # <<<<<<<<<<<<<<
  * 
  *     def export_pubkey_base64(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_pub_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_pub_key);
   __pyx_r = ((PyObject *)__pyx_v_pub_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":100
+  /* "ssh/key.pyx":130
  *             raise KeyExportError
  * 
  *     def export_privkey_to_pubkey(self):             # <<<<<<<<<<<<<<
  *         cdef SSHKey pub_key
  *         cdef c_ssh.ssh_key _pub_key
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2984,29 +4908,58 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_16export_privkey_to_pubkey(struct __
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":111
+/* "ssh/key.pyx":141
  *         return pub_key
  * 
  *     def export_pubkey_base64(self):             # <<<<<<<<<<<<<<
  *         cdef char *_key
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_19export_pubkey_base64(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_18export_pubkey_base64[] = "SSHKey.export_pubkey_base64(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_19export_pubkey_base64(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_21export_pubkey_base64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_20export_pubkey_base64, "SSHKey.export_pubkey_base64(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_21export_pubkey_base64 = {"export_pubkey_base64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_21export_pubkey_base64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_20export_pubkey_base64};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_21export_pubkey_base64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("export_pubkey_base64 (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_18export_pubkey_base64(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("export_pubkey_base64", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("export_pubkey_base64", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_20export_pubkey_base64(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_18export_pubkey_base64(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_20export_pubkey_base64(struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
   char *__pyx_v__key;
   int __pyx_v_rc;
   PyObject *__pyx_v_b_key = 0;
@@ -3019,160 +4972,151 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_18export_pubkey_base64(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("export_pubkey_base64", 0);
 
-  /* "ssh/key.pyx":116
+  /* "ssh/key.pyx":146
  *         cdef bytes b_key
  *         cdef size_t key_len
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
  *             if rc != c_ssh.SSH_OK:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":117
+        /* "ssh/key.pyx":147
  *         cdef size_t key_len
  *         with nogil:
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)             # <<<<<<<<<<<<<<
  *             if rc != c_ssh.SSH_OK:
  *                 with gil:
- */
+*/
         __pyx_v_rc = ssh_pki_export_pubkey_base64(__pyx_v_self->_key, (&__pyx_v__key));
 
-        /* "ssh/key.pyx":118
+        /* "ssh/key.pyx":148
  *         with nogil:
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
  *             if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise KeyExportError
- */
-        __pyx_t_1 = ((__pyx_v_rc != SSH_OK) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_rc != SSH_OK);
+        if (unlikely(__pyx_t_1)) {
 
-          /* "ssh/key.pyx":119
+          /* "ssh/key.pyx":149
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
  *             if rc != c_ssh.SSH_OK:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise KeyExportError
  *         b_key = _key
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/key.pyx":120
+                /* "ssh/key.pyx":150
  *             if rc != c_ssh.SSH_OK:
  *                 with gil:
  *                     raise KeyExportError             # <<<<<<<<<<<<<<
  *         b_key = _key
  *         c_ssh.ssh_string_free_char(_key)
- */
-                __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_KeyExportError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 120, __pyx_L8_error)
+*/
+                __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_KeyExportError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 150, __pyx_L8_error)
                 __Pyx_GOTREF(__pyx_t_2);
                 __Pyx_Raise(__pyx_t_2, 0, 0, 0);
                 __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-                __PYX_ERR(0, 120, __pyx_L8_error)
+                __PYX_ERR(0, 150, __pyx_L8_error)
               }
 
-              /* "ssh/key.pyx":119
+              /* "ssh/key.pyx":149
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
  *             if rc != c_ssh.SSH_OK:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise KeyExportError
  *         b_key = _key
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/key.pyx":118
+          /* "ssh/key.pyx":148
  *         with nogil:
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
  *             if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise KeyExportError
- */
+*/
         }
       }
 
-      /* "ssh/key.pyx":116
+      /* "ssh/key.pyx":146
  *         cdef bytes b_key
  *         cdef size_t key_len
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_pki_export_pubkey_base64(self._key, &_key)
  *             if rc != c_ssh.SSH_OK:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":121
+  /* "ssh/key.pyx":151
  *                 with gil:
  *                     raise KeyExportError
  *         b_key = _key             # <<<<<<<<<<<<<<
  *         c_ssh.ssh_string_free_char(_key)
  *         return b_key
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 151, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_key = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/key.pyx":122
+  /* "ssh/key.pyx":152
  *                     raise KeyExportError
  *         b_key = _key
  *         c_ssh.ssh_string_free_char(_key)             # <<<<<<<<<<<<<<
  *         return b_key
  * 
- */
+*/
   ssh_string_free_char(__pyx_v__key);
 
-  /* "ssh/key.pyx":123
+  /* "ssh/key.pyx":153
  *         b_key = _key
  *         c_ssh.ssh_string_free_char(_key)
  *         return b_key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_key);
   __pyx_r = __pyx_v_b_key;
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":111
+  /* "ssh/key.pyx":141
  *         return pub_key
  * 
  *     def export_pubkey_base64(self):             # <<<<<<<<<<<<<<
  *         cdef char *_key
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3188,28 +5132,56 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_18export_pubkey_base64(struct __pyx_
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_21__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_20__reduce_cython__[] = "SSHKey.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_21__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_23__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_22__reduce_cython__, "SSHKey.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_23__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_23__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_22__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_23__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_20__reduce_cython__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_22__reduce_cython__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_20__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_22__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3217,25 +5189,21 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_20__reduce_cython__(CYTHON_UNUSED st
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.key.SSHKey.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3245,55 +5213,122 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_20__reduce_cython__(CYTHON_UNUSED st
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_23__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_3key_6SSHKey_22__setstate_cython__[] = "SSHKey.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_3key_6SSHKey_23__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
-  PyObject *__pyx_r = 0;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_22__setstate_cython__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
-
-  /* function exit code */
-  __Pyx_RefNannyFinishContext();
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_25__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6SSHKey_24__setstate_cython__, "SSHKey.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_3key_6SSHKey_25__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_25__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_24__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_3key_6SSHKey_25__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.key.SSHKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_3key_6SSHKey_24__setstate_cython__(((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_self), __pyx_v___pyx_state);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_3key_6SSHKey_22__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pf_3ssh_3key_6SSHKey_24__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.key.SSHKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3301,81 +5336,114 @@ static PyObject *__pyx_pf_3ssh_3key_6SSHKey_22__setstate_cython__(CYTHON_UNUSED
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":126
+/* "ssh/key.pyx":156
  * 
  * 
  * def generate(KeyType key_type, int bits):             # <<<<<<<<<<<<<<
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_1generate(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_generate[] = "generate(KeyType key_type, int bits)";
-static PyMethodDef __pyx_mdef_3ssh_3key_1generate = {"generate", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_1generate, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_generate};
-static PyObject *__pyx_pw_3ssh_3key_1generate(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_1generate(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_generate, "generate(KeyType key_type, int bits)");
+static PyMethodDef __pyx_mdef_3ssh_3key_1generate = {"generate", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_1generate, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_generate};
+static PyObject *__pyx_pw_3ssh_3key_1generate(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_key_type = 0;
   int __pyx_v_bits;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("generate (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_key_type,&__pyx_n_s_bits,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_key_type,&__pyx_mstate_global->__pyx_n_u_bits,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 156, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 156, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 156, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_key_type)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_bits)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("generate", 1, 2, 2, 1); __PYX_ERR(0, 126, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "generate") < 0)) __PYX_ERR(0, 126, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "generate", 0) < 0) __PYX_ERR(0, 156, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("generate", 1, 2, 2, i); __PYX_ERR(0, 156, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 156, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 156, __pyx_L3_error)
     }
     __pyx_v_key_type = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)values[0]);
-    __pyx_v_bits = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_bits == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 126, __pyx_L3_error)
+    __pyx_v_bits = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_bits == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 156, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("generate", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 126, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("generate", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 156, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.generate", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_key_type), __pyx_ptype_3ssh_8keytypes_KeyType, 1, "key_type", 0))) __PYX_ERR(0, 126, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_key_type), __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType, 1, "key_type", 0))) __PYX_ERR(0, 156, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_3key_generate(__pyx_self, __pyx_v_key_type, __pyx_v_bits);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3393,113 +5461,110 @@ static PyObject *__pyx_pf_3ssh_3key_generate(CYTHON_UNUSED PyObject *__pyx_self,
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("generate", 0);
 
-  /* "ssh/key.pyx":130
+  /* "ssh/key.pyx":160
  *     cdef c_ssh.ssh_key _key
  *     cdef int rc
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":131
+        /* "ssh/key.pyx":161
  *     cdef int rc
  *     with nogil:
  *         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)             # <<<<<<<<<<<<<<
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyGenerationError
- */
+*/
         __pyx_v_rc = ssh_pki_generate(__pyx_v_key_type->_type, __pyx_v_bits, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":130
+      /* "ssh/key.pyx":160
  *     cdef c_ssh.ssh_key _key
  *     cdef int rc
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":132
+  /* "ssh/key.pyx":162
  *     with nogil:
  *         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyGenerationError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_1 = ((__pyx_v_rc != SSH_OK) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc != SSH_OK);
   if (unlikely(__pyx_t_1)) {
 
-    /* "ssh/key.pyx":133
+    /* "ssh/key.pyx":163
  *         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyGenerationError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_KeyGenerationError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 133, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_KeyGenerationError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 163, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-    __PYX_ERR(0, 133, __pyx_L1_error)
+    __PYX_ERR(0, 163, __pyx_L1_error)
 
-    /* "ssh/key.pyx":132
+    /* "ssh/key.pyx":162
  *     with nogil:
  *         rc = c_ssh.ssh_pki_generate(key_type._type, bits, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyGenerationError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":134
+  /* "ssh/key.pyx":164
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyGenerationError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 134, __pyx_L1_error)
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 164, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/key.pyx":135
+  /* "ssh/key.pyx":165
  *         raise KeyGenerationError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":126
+  /* "ssh/key.pyx":156
  * 
  * 
  * def generate(KeyType key_type, int bits):             # <<<<<<<<<<<<<<
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3513,85 +5578,121 @@ static PyObject *__pyx_pf_3ssh_3key_generate(CYTHON_UNUSED PyObject *__pyx_self,
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":138
+/* "ssh/key.pyx":168
  * 
  * 
  * def import_privkey_base64(bytes b64_key, passphrase=b''):             # <<<<<<<<<<<<<<
  *     cdef const_char *c_key = b64_key
  *     cdef bytes b_passphrase
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_3import_privkey_base64(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_2import_privkey_base64[] = "import_privkey_base64(bytes b64_key, passphrase=b'')";
-static PyMethodDef __pyx_mdef_3ssh_3key_3import_privkey_base64 = {"import_privkey_base64", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_3import_privkey_base64, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_2import_privkey_base64};
-static PyObject *__pyx_pw_3ssh_3key_3import_privkey_base64(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_3import_privkey_base64(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_2import_privkey_base64, "import_privkey_base64(bytes b64_key, passphrase=b'')");
+static PyMethodDef __pyx_mdef_3ssh_3key_3import_privkey_base64 = {"import_privkey_base64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_3import_privkey_base64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_2import_privkey_base64};
+static PyObject *__pyx_pw_3ssh_3key_3import_privkey_base64(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_b64_key = 0;
   PyObject *__pyx_v_passphrase = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("import_privkey_base64 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_b64_key,&__pyx_n_s_passphrase,0};
-    PyObject* values[2] = {0,0};
-    values[1] = ((PyObject *)__pyx_kp_b__3);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_b64_key,&__pyx_mstate_global->__pyx_n_u_passphrase,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 168, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 168, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 168, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_b64_key)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_passphrase);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "import_privkey_base64") < 0)) __PYX_ERR(0, 138, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "import_privkey_base64", 0) < 0) __PYX_ERR(0, 168, __pyx_L3_error)
+      if (!values[1]) values[1] = __Pyx_NewRef(((PyObject *)((PyObject*)__pyx_mstate_global->__pyx_kp_b_)));
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("import_privkey_base64", 0, 1, 2, i); __PYX_ERR(0, 168, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 168, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 168, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[1]) values[1] = __Pyx_NewRef(((PyObject *)((PyObject*)__pyx_mstate_global->__pyx_kp_b_)));
     }
     __pyx_v_b64_key = ((PyObject*)values[0]);
     __pyx_v_passphrase = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("import_privkey_base64", 0, 1, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 138, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("import_privkey_base64", 0, 1, 2, __pyx_nargs); __PYX_ERR(0, 168, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.import_privkey_base64", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_b64_key), (&PyBytes_Type), 1, "b64_key", 1))) __PYX_ERR(0, 138, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_b64_key), (&PyBytes_Type), 1, "b64_key", 1))) __PYX_ERR(0, 168, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_3key_2import_privkey_base64(__pyx_self, __pyx_v_b64_key, __pyx_v_passphrase);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3607,193 +5708,188 @@ static PyObject *__pyx_pf_3ssh_3key_2import_privkey_base64(CYTHON_UNUSED PyObjec
   __Pyx_RefNannyDeclarations
   const char *__pyx_t_1;
   int __pyx_t_2;
-  int __pyx_t_3;
-  PyObject *__pyx_t_4 = NULL;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("import_privkey_base64", 0);
 
-  /* "ssh/key.pyx":139
+  /* "ssh/key.pyx":169
  * 
  * def import_privkey_base64(bytes b64_key, passphrase=b''):
  *     cdef const_char *c_key = b64_key             # <<<<<<<<<<<<<<
  *     cdef bytes b_passphrase
  *     cdef const_char *c_passphrase = NULL
- */
+*/
   if (unlikely(__pyx_v_b64_key == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 139, __pyx_L1_error)
+    __PYX_ERR(0, 169, __pyx_L1_error)
   }
-  __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b64_key); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 139, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b64_key); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 169, __pyx_L1_error)
   __pyx_v_c_key = __pyx_t_1;
 
-  /* "ssh/key.pyx":141
+  /* "ssh/key.pyx":171
  *     cdef const_char *c_key = b64_key
  *     cdef bytes b_passphrase
  *     cdef const_char *c_passphrase = NULL             # <<<<<<<<<<<<<<
  *     cdef int rc
  *     cdef SSHKey key
- */
+*/
   __pyx_v_c_passphrase = NULL;
 
-  /* "ssh/key.pyx":145
+  /* "ssh/key.pyx":175
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     if passphrase is not None:             # <<<<<<<<<<<<<<
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
- */
+*/
   __pyx_t_2 = (__pyx_v_passphrase != Py_None);
-  __pyx_t_3 = (__pyx_t_2 != 0);
-  if (__pyx_t_3) {
+  if (__pyx_t_2) {
 
-    /* "ssh/key.pyx":146
+    /* "ssh/key.pyx":176
  *     cdef c_ssh.ssh_key _key
  *     if passphrase is not None:
  *         b_passphrase = to_bytes(passphrase)             # <<<<<<<<<<<<<<
  *         c_passphrase = b_passphrase
  *     with nogil:
- */
-    __pyx_t_4 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 146, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_v_b_passphrase = ((PyObject*)__pyx_t_4);
-    __pyx_t_4 = 0;
+*/
+    __pyx_t_3 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 176, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_v_b_passphrase = ((PyObject*)__pyx_t_3);
+    __pyx_t_3 = 0;
 
-    /* "ssh/key.pyx":147
+    /* "ssh/key.pyx":177
  *     if passphrase is not None:
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase             # <<<<<<<<<<<<<<
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_privkey_base64(
- */
+*/
     if (unlikely(__pyx_v_b_passphrase == Py_None)) {
       PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-      __PYX_ERR(0, 147, __pyx_L1_error)
+      __PYX_ERR(0, 177, __pyx_L1_error)
     }
-    __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 147, __pyx_L1_error)
+    __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 177, __pyx_L1_error)
     __pyx_v_c_passphrase = __pyx_t_1;
 
-    /* "ssh/key.pyx":145
+    /* "ssh/key.pyx":175
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     if passphrase is not None:             # <<<<<<<<<<<<<<
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
- */
+*/
   }
 
-  /* "ssh/key.pyx":148
+  /* "ssh/key.pyx":178
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_privkey_base64(
  *             c_key, c_passphrase, NULL, NULL, &_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":149
+        /* "ssh/key.pyx":179
  *         c_passphrase = b_passphrase
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_privkey_base64(             # <<<<<<<<<<<<<<
  *             c_key, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_import_privkey_base64(__pyx_v_c_key, __pyx_v_c_passphrase, NULL, NULL, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":148
+      /* "ssh/key.pyx":178
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_privkey_base64(
  *             c_key, c_passphrase, NULL, NULL, &_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
       }
   }
 
-  /* "ssh/key.pyx":151
+  /* "ssh/key.pyx":181
  *         rc = c_ssh.ssh_pki_import_privkey_base64(
  *             c_key, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_3 = ((__pyx_v_rc != SSH_OK) != 0);
-  if (unlikely(__pyx_t_3)) {
+*/
+  __pyx_t_2 = (__pyx_v_rc != SSH_OK);
+  if (unlikely(__pyx_t_2)) {
 
-    /* "ssh/key.pyx":152
+    /* "ssh/key.pyx":182
  *             c_key, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 152, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __Pyx_Raise(__pyx_t_4, 0, 0, 0);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __PYX_ERR(0, 152, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 182, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __Pyx_Raise(__pyx_t_3, 0, 0, 0);
+    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+    __PYX_ERR(0, 182, __pyx_L1_error)
 
-    /* "ssh/key.pyx":151
+    /* "ssh/key.pyx":181
  *         rc = c_ssh.ssh_pki_import_privkey_base64(
  *             c_key, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":153
+  /* "ssh/key.pyx":183
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_4 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_4);
-  __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_4);
-  __pyx_t_4 = 0;
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 183, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_3);
+  __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":154
+  /* "ssh/key.pyx":184
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":138
+  /* "ssh/key.pyx":168
  * 
  * 
  * def import_privkey_base64(bytes b64_key, passphrase=b''):             # <<<<<<<<<<<<<<
  *     cdef const_char *c_key = b64_key
  *     cdef bytes b_passphrase
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_4);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.key.import_privkey_base64", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3804,73 +5900,101 @@ static PyObject *__pyx_pf_3ssh_3key_2import_privkey_base64(CYTHON_UNUSED PyObjec
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":157
+/* "ssh/key.pyx":187
  * 
  * 
  * def import_privkey_file(filepath, passphrase=b''):             # <<<<<<<<<<<<<<
  *     cdef bytes b_passphrase
  *     cdef bytes b_filepath = to_bytes(filepath)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_5import_privkey_file(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_4import_privkey_file[] = "import_privkey_file(filepath, passphrase=b'')";
-static PyMethodDef __pyx_mdef_3ssh_3key_5import_privkey_file = {"import_privkey_file", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_5import_privkey_file, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_4import_privkey_file};
-static PyObject *__pyx_pw_3ssh_3key_5import_privkey_file(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_5import_privkey_file(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_4import_privkey_file, "import_privkey_file(filepath, passphrase=b'')");
+static PyMethodDef __pyx_mdef_3ssh_3key_5import_privkey_file = {"import_privkey_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_5import_privkey_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_4import_privkey_file};
+static PyObject *__pyx_pw_3ssh_3key_5import_privkey_file(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_filepath = 0;
   PyObject *__pyx_v_passphrase = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("import_privkey_file (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_filepath,&__pyx_n_s_passphrase,0};
-    PyObject* values[2] = {0,0};
-    values[1] = ((PyObject *)__pyx_kp_b__3);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filepath,&__pyx_mstate_global->__pyx_n_u_passphrase,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 187, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 187, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 187, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_filepath)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_passphrase);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "import_privkey_file") < 0)) __PYX_ERR(0, 157, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "import_privkey_file", 0) < 0) __PYX_ERR(0, 187, __pyx_L3_error)
+      if (!values[1]) values[1] = __Pyx_NewRef(((PyObject *)((PyObject*)__pyx_mstate_global->__pyx_kp_b_)));
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("import_privkey_file", 0, 1, 2, i); __PYX_ERR(0, 187, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 187, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 187, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[1]) values[1] = __Pyx_NewRef(((PyObject *)((PyObject*)__pyx_mstate_global->__pyx_kp_b_)));
     }
     __pyx_v_filepath = values[0];
     __pyx_v_passphrase = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("import_privkey_file", 0, 1, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 157, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("import_privkey_file", 0, 1, 2, __pyx_nargs); __PYX_ERR(0, 187, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.import_privkey_file", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3878,6 +6002,9 @@ static PyObject *__pyx_pw_3ssh_3key_5import_privkey_file(PyObject *__pyx_self, P
   __pyx_r = __pyx_pf_3ssh_3key_4import_privkey_file(__pyx_self, __pyx_v_filepath, __pyx_v_passphrase);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3895,200 +6022,195 @@ static PyObject *__pyx_pf_3ssh_3key_4import_privkey_file(CYTHON_UNUSED PyObject
   PyObject *__pyx_t_1 = NULL;
   const char *__pyx_t_2;
   int __pyx_t_3;
-  int __pyx_t_4;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("import_privkey_file", 0);
 
-  /* "ssh/key.pyx":159
+  /* "ssh/key.pyx":189
  * def import_privkey_file(filepath, passphrase=b''):
  *     cdef bytes b_passphrase
  *     cdef bytes b_filepath = to_bytes(filepath)             # <<<<<<<<<<<<<<
  *     cdef const_char *c_passphrase = NULL
  *     cdef const_char *c_filepath = b_filepath
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 159, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 189, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filepath = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":160
+  /* "ssh/key.pyx":190
  *     cdef bytes b_passphrase
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_passphrase = NULL             # <<<<<<<<<<<<<<
  *     cdef const_char *c_filepath = b_filepath
  *     cdef int rc
- */
+*/
   __pyx_v_c_passphrase = NULL;
 
-  /* "ssh/key.pyx":161
+  /* "ssh/key.pyx":191
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_passphrase = NULL
  *     cdef const_char *c_filepath = b_filepath             # <<<<<<<<<<<<<<
  *     cdef int rc
  *     cdef SSHKey key
- */
+*/
   if (unlikely(__pyx_v_b_filepath == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 161, __pyx_L1_error)
+    __PYX_ERR(0, 191, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 161, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 191, __pyx_L1_error)
   __pyx_v_c_filepath = __pyx_t_2;
 
-  /* "ssh/key.pyx":165
+  /* "ssh/key.pyx":195
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     if passphrase is not None:             # <<<<<<<<<<<<<<
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
- */
+*/
   __pyx_t_3 = (__pyx_v_passphrase != Py_None);
-  __pyx_t_4 = (__pyx_t_3 != 0);
-  if (__pyx_t_4) {
+  if (__pyx_t_3) {
 
-    /* "ssh/key.pyx":166
+    /* "ssh/key.pyx":196
  *     cdef c_ssh.ssh_key _key
  *     if passphrase is not None:
  *         b_passphrase = to_bytes(passphrase)             # <<<<<<<<<<<<<<
  *         c_passphrase = b_passphrase
  *     with nogil:
- */
-    __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 166, __pyx_L1_error)
+*/
+    __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 196, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __pyx_v_b_passphrase = ((PyObject*)__pyx_t_1);
     __pyx_t_1 = 0;
 
-    /* "ssh/key.pyx":167
+    /* "ssh/key.pyx":197
  *     if passphrase is not None:
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase             # <<<<<<<<<<<<<<
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_privkey_file(
- */
+*/
     if (unlikely(__pyx_v_b_passphrase == Py_None)) {
       PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-      __PYX_ERR(0, 167, __pyx_L1_error)
+      __PYX_ERR(0, 197, __pyx_L1_error)
     }
-    __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 167, __pyx_L1_error)
+    __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 197, __pyx_L1_error)
     __pyx_v_c_passphrase = __pyx_t_2;
 
-    /* "ssh/key.pyx":165
+    /* "ssh/key.pyx":195
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     if passphrase is not None:             # <<<<<<<<<<<<<<
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
- */
+*/
   }
 
-  /* "ssh/key.pyx":168
+  /* "ssh/key.pyx":198
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_privkey_file(
  *             c_filepath, c_passphrase, NULL, NULL, &_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":169
+        /* "ssh/key.pyx":199
  *         c_passphrase = b_passphrase
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_privkey_file(             # <<<<<<<<<<<<<<
  *             c_filepath, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_import_privkey_file(__pyx_v_c_filepath, __pyx_v_c_passphrase, NULL, NULL, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":168
+      /* "ssh/key.pyx":198
  *         b_passphrase = to_bytes(passphrase)
  *         c_passphrase = b_passphrase
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_privkey_file(
  *             c_filepath, c_passphrase, NULL, NULL, &_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
       }
   }
 
-  /* "ssh/key.pyx":171
+  /* "ssh/key.pyx":201
  *         rc = c_ssh.ssh_pki_import_privkey_file(
  *             c_filepath, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_4 = ((__pyx_v_rc != SSH_OK) != 0);
-  if (unlikely(__pyx_t_4)) {
+*/
+  __pyx_t_3 = (__pyx_v_rc != SSH_OK);
+  if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/key.pyx":172
+    /* "ssh/key.pyx":202
  *             c_filepath, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 172, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 202, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 172, __pyx_L1_error)
+    __PYX_ERR(0, 202, __pyx_L1_error)
 
-    /* "ssh/key.pyx":171
+    /* "ssh/key.pyx":201
  *         rc = c_ssh.ssh_pki_import_privkey_file(
  *             c_filepath, c_passphrase, NULL, NULL, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":173
+  /* "ssh/key.pyx":203
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 173, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 203, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":174
+  /* "ssh/key.pyx":204
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":157
+  /* "ssh/key.pyx":187
  * 
  * 
  * def import_privkey_file(filepath, passphrase=b''):             # <<<<<<<<<<<<<<
  *     cdef bytes b_passphrase
  *     cdef bytes b_filepath = to_bytes(filepath)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4104,82 +6226,115 @@ static PyObject *__pyx_pf_3ssh_3key_4import_privkey_file(CYTHON_UNUSED PyObject
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":177
+/* "ssh/key.pyx":207
  * 
  * 
  * def import_pubkey_base64(bytes b64_key, KeyType key_type):             # <<<<<<<<<<<<<<
  *     cdef const_char *c_key = b64_key
  *     cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_7import_pubkey_base64(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_6import_pubkey_base64[] = "import_pubkey_base64(bytes b64_key, KeyType key_type)";
-static PyMethodDef __pyx_mdef_3ssh_3key_7import_pubkey_base64 = {"import_pubkey_base64", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_7import_pubkey_base64, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_6import_pubkey_base64};
-static PyObject *__pyx_pw_3ssh_3key_7import_pubkey_base64(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_7import_pubkey_base64(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_6import_pubkey_base64, "import_pubkey_base64(bytes b64_key, KeyType key_type)");
+static PyMethodDef __pyx_mdef_3ssh_3key_7import_pubkey_base64 = {"import_pubkey_base64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_7import_pubkey_base64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6import_pubkey_base64};
+static PyObject *__pyx_pw_3ssh_3key_7import_pubkey_base64(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_b64_key = 0;
   struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_key_type = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("import_pubkey_base64 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_b64_key,&__pyx_n_s_key_type,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_b64_key,&__pyx_mstate_global->__pyx_n_u_key_type,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 207, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 207, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 207, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_b64_key)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_key_type)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("import_pubkey_base64", 1, 2, 2, 1); __PYX_ERR(0, 177, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "import_pubkey_base64") < 0)) __PYX_ERR(0, 177, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "import_pubkey_base64", 0) < 0) __PYX_ERR(0, 207, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("import_pubkey_base64", 1, 2, 2, i); __PYX_ERR(0, 207, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 207, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 207, __pyx_L3_error)
     }
     __pyx_v_b64_key = ((PyObject*)values[0]);
     __pyx_v_key_type = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("import_pubkey_base64", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 177, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("import_pubkey_base64", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 207, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.import_pubkey_base64", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_b64_key), (&PyBytes_Type), 1, "b64_key", 1))) __PYX_ERR(0, 177, __pyx_L1_error)
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_key_type), __pyx_ptype_3ssh_8keytypes_KeyType, 1, "key_type", 0))) __PYX_ERR(0, 177, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_b64_key), (&PyBytes_Type), 1, "b64_key", 1))) __PYX_ERR(0, 207, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_key_type), __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType, 1, "key_type", 0))) __PYX_ERR(0, 207, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_3key_6import_pubkey_base64(__pyx_self, __pyx_v_b64_key, __pyx_v_key_type);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4199,127 +6354,124 @@ static PyObject *__pyx_pf_3ssh_3key_6import_pubkey_base64(CYTHON_UNUSED PyObject
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("import_pubkey_base64", 0);
 
-  /* "ssh/key.pyx":178
+  /* "ssh/key.pyx":208
  * 
  * def import_pubkey_base64(bytes b64_key, KeyType key_type):
  *     cdef const_char *c_key = b64_key             # <<<<<<<<<<<<<<
  *     cdef int rc
  *     cdef SSHKey key
- */
+*/
   if (unlikely(__pyx_v_b64_key == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 178, __pyx_L1_error)
+    __PYX_ERR(0, 208, __pyx_L1_error)
   }
-  __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b64_key); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 178, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b64_key); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 208, __pyx_L1_error)
   __pyx_v_c_key = __pyx_t_1;
 
-  /* "ssh/key.pyx":182
+  /* "ssh/key.pyx":212
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_pubkey_base64(
  *             c_key, key_type._type, &_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":183
+        /* "ssh/key.pyx":213
  *     cdef c_ssh.ssh_key _key
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_pubkey_base64(             # <<<<<<<<<<<<<<
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_import_pubkey_base64(__pyx_v_c_key, __pyx_v_key_type->_type, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":182
+      /* "ssh/key.pyx":212
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_pubkey_base64(
  *             c_key, key_type._type, &_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":185
+  /* "ssh/key.pyx":215
  *         rc = c_ssh.ssh_pki_import_pubkey_base64(
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_2 = ((__pyx_v_rc != SSH_OK) != 0);
+*/
+  __pyx_t_2 = (__pyx_v_rc != SSH_OK);
   if (unlikely(__pyx_t_2)) {
 
-    /* "ssh/key.pyx":186
+    /* "ssh/key.pyx":216
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 186, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 216, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
     __Pyx_Raise(__pyx_t_3, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-    __PYX_ERR(0, 186, __pyx_L1_error)
+    __PYX_ERR(0, 216, __pyx_L1_error)
 
-    /* "ssh/key.pyx":185
+    /* "ssh/key.pyx":215
  *         rc = c_ssh.ssh_pki_import_pubkey_base64(
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":187
+  /* "ssh/key.pyx":217
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 187, __pyx_L1_error)
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 217, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_3);
   __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":188
+  /* "ssh/key.pyx":218
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":177
+  /* "ssh/key.pyx":207
  * 
  * 
  * def import_pubkey_base64(bytes b64_key, KeyType key_type):             # <<<<<<<<<<<<<<
  *     cdef const_char *c_key = b64_key
  *     cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4333,25 +6485,96 @@ static PyObject *__pyx_pf_3ssh_3key_6import_pubkey_base64(CYTHON_UNUSED PyObject
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":191
+/* "ssh/key.pyx":221
  * 
  * 
  * def import_pubkey_file(filepath):             # <<<<<<<<<<<<<<
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_filepath = b_filepath
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_9import_pubkey_file(PyObject *__pyx_self, PyObject *__pyx_v_filepath); /*proto*/
-static char __pyx_doc_3ssh_3key_8import_pubkey_file[] = "import_pubkey_file(filepath)";
-static PyMethodDef __pyx_mdef_3ssh_3key_9import_pubkey_file = {"import_pubkey_file", (PyCFunction)__pyx_pw_3ssh_3key_9import_pubkey_file, METH_O, __pyx_doc_3ssh_3key_8import_pubkey_file};
-static PyObject *__pyx_pw_3ssh_3key_9import_pubkey_file(PyObject *__pyx_self, PyObject *__pyx_v_filepath) {
+static PyObject *__pyx_pw_3ssh_3key_9import_pubkey_file(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_8import_pubkey_file, "import_pubkey_file(filepath)");
+static PyMethodDef __pyx_mdef_3ssh_3key_9import_pubkey_file = {"import_pubkey_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_9import_pubkey_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_8import_pubkey_file};
+static PyObject *__pyx_pw_3ssh_3key_9import_pubkey_file(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_filepath = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("import_pubkey_file (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3key_8import_pubkey_file(__pyx_self, ((PyObject *)__pyx_v_filepath));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filepath,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 221, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 221, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "import_pubkey_file", 0) < 0) __PYX_ERR(0, 221, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("import_pubkey_file", 1, 1, 1, i); __PYX_ERR(0, 221, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 221, __pyx_L3_error)
+    }
+    __pyx_v_filepath = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("import_pubkey_file", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 221, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.key.import_pubkey_file", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_3key_8import_pubkey_file(__pyx_self, __pyx_v_filepath);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4372,139 +6595,136 @@ static PyObject *__pyx_pf_3ssh_3key_8import_pubkey_file(CYTHON_UNUSED PyObject *
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("import_pubkey_file", 0);
 
-  /* "ssh/key.pyx":192
+  /* "ssh/key.pyx":222
  * 
  * def import_pubkey_file(filepath):
  *     cdef bytes b_filepath = to_bytes(filepath)             # <<<<<<<<<<<<<<
  *     cdef const_char *c_filepath = b_filepath
  *     cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 192, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 222, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filepath = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":193
+  /* "ssh/key.pyx":223
  * def import_pubkey_file(filepath):
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_filepath = b_filepath             # <<<<<<<<<<<<<<
  *     cdef int rc
  *     cdef SSHKey key
- */
+*/
   if (unlikely(__pyx_v_b_filepath == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 193, __pyx_L1_error)
+    __PYX_ERR(0, 223, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 193, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 223, __pyx_L1_error)
   __pyx_v_c_filepath = __pyx_t_2;
 
-  /* "ssh/key.pyx":197
+  /* "ssh/key.pyx":227
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_pubkey_file(
  *             c_filepath, &_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":198
+        /* "ssh/key.pyx":228
  *     cdef c_ssh.ssh_key _key
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_pubkey_file(             # <<<<<<<<<<<<<<
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_import_pubkey_file(__pyx_v_c_filepath, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":197
+      /* "ssh/key.pyx":227
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_pubkey_file(
  *             c_filepath, &_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":200
+  /* "ssh/key.pyx":230
  *         rc = c_ssh.ssh_pki_import_pubkey_file(
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_3 = ((__pyx_v_rc != SSH_OK) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc != SSH_OK);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/key.pyx":201
+    /* "ssh/key.pyx":231
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 201, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 231, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 201, __pyx_L1_error)
+    __PYX_ERR(0, 231, __pyx_L1_error)
 
-    /* "ssh/key.pyx":200
+    /* "ssh/key.pyx":230
  *         rc = c_ssh.ssh_pki_import_pubkey_file(
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":202
+  /* "ssh/key.pyx":232
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 202, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 232, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":203
+  /* "ssh/key.pyx":233
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":191
+  /* "ssh/key.pyx":221
  * 
  * 
  * def import_pubkey_file(filepath):             # <<<<<<<<<<<<<<
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_filepath = b_filepath
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4519,82 +6739,115 @@ static PyObject *__pyx_pf_3ssh_3key_8import_pubkey_file(CYTHON_UNUSED PyObject *
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":206
+/* "ssh/key.pyx":236
  * 
  * 
  * def import_cert_base64(bytes b64_cert, KeyType key_type):             # <<<<<<<<<<<<<<
  *     cdef const_char *c_key = b64_cert
  *     cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_11import_cert_base64(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_10import_cert_base64[] = "import_cert_base64(bytes b64_cert, KeyType key_type)";
-static PyMethodDef __pyx_mdef_3ssh_3key_11import_cert_base64 = {"import_cert_base64", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_11import_cert_base64, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_10import_cert_base64};
-static PyObject *__pyx_pw_3ssh_3key_11import_cert_base64(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_11import_cert_base64(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_10import_cert_base64, "import_cert_base64(bytes b64_cert, KeyType key_type)");
+static PyMethodDef __pyx_mdef_3ssh_3key_11import_cert_base64 = {"import_cert_base64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_11import_cert_base64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_10import_cert_base64};
+static PyObject *__pyx_pw_3ssh_3key_11import_cert_base64(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_b64_cert = 0;
   struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_key_type = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("import_cert_base64 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_b64_cert,&__pyx_n_s_key_type,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_b64_cert,&__pyx_mstate_global->__pyx_n_u_key_type,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 236, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 236, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 236, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_b64_cert)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_key_type)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("import_cert_base64", 1, 2, 2, 1); __PYX_ERR(0, 206, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "import_cert_base64") < 0)) __PYX_ERR(0, 206, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "import_cert_base64", 0) < 0) __PYX_ERR(0, 236, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("import_cert_base64", 1, 2, 2, i); __PYX_ERR(0, 236, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 236, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 236, __pyx_L3_error)
     }
     __pyx_v_b64_cert = ((PyObject*)values[0]);
     __pyx_v_key_type = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("import_cert_base64", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 206, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("import_cert_base64", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 236, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.import_cert_base64", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_b64_cert), (&PyBytes_Type), 1, "b64_cert", 1))) __PYX_ERR(0, 206, __pyx_L1_error)
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_key_type), __pyx_ptype_3ssh_8keytypes_KeyType, 1, "key_type", 0))) __PYX_ERR(0, 206, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_b64_cert), (&PyBytes_Type), 1, "b64_cert", 1))) __PYX_ERR(0, 236, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_key_type), __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType, 1, "key_type", 0))) __PYX_ERR(0, 236, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_3key_10import_cert_base64(__pyx_self, __pyx_v_b64_cert, __pyx_v_key_type);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4614,127 +6867,124 @@ static PyObject *__pyx_pf_3ssh_3key_10import_cert_base64(CYTHON_UNUSED PyObject
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("import_cert_base64", 0);
 
-  /* "ssh/key.pyx":207
+  /* "ssh/key.pyx":237
  * 
  * def import_cert_base64(bytes b64_cert, KeyType key_type):
  *     cdef const_char *c_key = b64_cert             # <<<<<<<<<<<<<<
  *     cdef int rc
  *     cdef SSHKey key
- */
+*/
   if (unlikely(__pyx_v_b64_cert == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 207, __pyx_L1_error)
+    __PYX_ERR(0, 237, __pyx_L1_error)
   }
-  __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b64_cert); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 207, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_AsString(__pyx_v_b64_cert); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 237, __pyx_L1_error)
   __pyx_v_c_key = __pyx_t_1;
 
-  /* "ssh/key.pyx":211
+  /* "ssh/key.pyx":241
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_cert_base64(
  *             c_key, key_type._type, &_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":212
+        /* "ssh/key.pyx":242
  *     cdef c_ssh.ssh_key _key
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_cert_base64(             # <<<<<<<<<<<<<<
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_import_cert_base64(__pyx_v_c_key, __pyx_v_key_type->_type, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":211
+      /* "ssh/key.pyx":241
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_cert_base64(
  *             c_key, key_type._type, &_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":214
+  /* "ssh/key.pyx":244
  *         rc = c_ssh.ssh_pki_import_cert_base64(
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_2 = ((__pyx_v_rc != SSH_OK) != 0);
+*/
+  __pyx_t_2 = (__pyx_v_rc != SSH_OK);
   if (unlikely(__pyx_t_2)) {
 
-    /* "ssh/key.pyx":215
+    /* "ssh/key.pyx":245
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 215, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 245, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
     __Pyx_Raise(__pyx_t_3, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-    __PYX_ERR(0, 215, __pyx_L1_error)
+    __PYX_ERR(0, 245, __pyx_L1_error)
 
-    /* "ssh/key.pyx":214
+    /* "ssh/key.pyx":244
  *         rc = c_ssh.ssh_pki_import_cert_base64(
  *             c_key, key_type._type, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":216
+  /* "ssh/key.pyx":246
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 216, __pyx_L1_error)
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 246, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_3);
   __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":217
+  /* "ssh/key.pyx":247
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":206
+  /* "ssh/key.pyx":236
  * 
  * 
  * def import_cert_base64(bytes b64_cert, KeyType key_type):             # <<<<<<<<<<<<<<
  *     cdef const_char *c_key = b64_cert
  *     cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4748,25 +6998,96 @@ static PyObject *__pyx_pf_3ssh_3key_10import_cert_base64(CYTHON_UNUSED PyObject
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":220
+/* "ssh/key.pyx":250
  * 
  * 
  * def import_cert_file(filepath):             # <<<<<<<<<<<<<<
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_filepath = b_filepath
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_13import_cert_file(PyObject *__pyx_self, PyObject *__pyx_v_filepath); /*proto*/
-static char __pyx_doc_3ssh_3key_12import_cert_file[] = "import_cert_file(filepath)";
-static PyMethodDef __pyx_mdef_3ssh_3key_13import_cert_file = {"import_cert_file", (PyCFunction)__pyx_pw_3ssh_3key_13import_cert_file, METH_O, __pyx_doc_3ssh_3key_12import_cert_file};
-static PyObject *__pyx_pw_3ssh_3key_13import_cert_file(PyObject *__pyx_self, PyObject *__pyx_v_filepath) {
+static PyObject *__pyx_pw_3ssh_3key_13import_cert_file(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_12import_cert_file, "import_cert_file(filepath)");
+static PyMethodDef __pyx_mdef_3ssh_3key_13import_cert_file = {"import_cert_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_13import_cert_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_12import_cert_file};
+static PyObject *__pyx_pw_3ssh_3key_13import_cert_file(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_filepath = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("import_cert_file (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3key_12import_cert_file(__pyx_self, ((PyObject *)__pyx_v_filepath));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filepath,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 250, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 250, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "import_cert_file", 0) < 0) __PYX_ERR(0, 250, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("import_cert_file", 1, 1, 1, i); __PYX_ERR(0, 250, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 250, __pyx_L3_error)
+    }
+    __pyx_v_filepath = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("import_cert_file", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 250, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.key.import_cert_file", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_3key_12import_cert_file(__pyx_self, __pyx_v_filepath);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4787,139 +7108,136 @@ static PyObject *__pyx_pf_3ssh_3key_12import_cert_file(CYTHON_UNUSED PyObject *_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("import_cert_file", 0);
 
-  /* "ssh/key.pyx":221
+  /* "ssh/key.pyx":251
  * 
  * def import_cert_file(filepath):
  *     cdef bytes b_filepath = to_bytes(filepath)             # <<<<<<<<<<<<<<
  *     cdef const_char *c_filepath = b_filepath
  *     cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 221, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 251, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filepath = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":222
+  /* "ssh/key.pyx":252
  * def import_cert_file(filepath):
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_filepath = b_filepath             # <<<<<<<<<<<<<<
  *     cdef int rc
  *     cdef SSHKey key
- */
+*/
   if (unlikely(__pyx_v_b_filepath == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 222, __pyx_L1_error)
+    __PYX_ERR(0, 252, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 222, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 252, __pyx_L1_error)
   __pyx_v_c_filepath = __pyx_t_2;
 
-  /* "ssh/key.pyx":226
+  /* "ssh/key.pyx":256
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_cert_file(
  *             c_filepath, &_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":227
+        /* "ssh/key.pyx":257
  *     cdef c_ssh.ssh_key _key
  *     with nogil:
  *         rc = c_ssh.ssh_pki_import_cert_file(             # <<<<<<<<<<<<<<
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_import_cert_file(__pyx_v_c_filepath, (&__pyx_v__key));
       }
 
-      /* "ssh/key.pyx":226
+      /* "ssh/key.pyx":256
  *     cdef SSHKey key
  *     cdef c_ssh.ssh_key _key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_import_cert_file(
  *             c_filepath, &_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/key.pyx":229
+  /* "ssh/key.pyx":259
  *         rc = c_ssh.ssh_pki_import_cert_file(
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
-  __pyx_t_3 = ((__pyx_v_rc != SSH_OK) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc != SSH_OK);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/key.pyx":230
+    /* "ssh/key.pyx":260
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     key = SSHKey.from_ptr(_key)
  *     return key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 230, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 260, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 230, __pyx_L1_error)
+    __PYX_ERR(0, 260, __pyx_L1_error)
 
-    /* "ssh/key.pyx":229
+    /* "ssh/key.pyx":259
  *         rc = c_ssh.ssh_pki_import_cert_file(
  *             c_filepath, &_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
- */
+*/
   }
 
-  /* "ssh/key.pyx":231
+  /* "ssh/key.pyx":261
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  *     return key
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 231, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_3key_6SSHKey_from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 261, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/key.pyx":232
+  /* "ssh/key.pyx":262
  *         raise KeyImportError
  *     key = SSHKey.from_ptr(_key)
  *     return key             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_key));
+  __Pyx_INCREF((PyObject *)__pyx_v_key);
   __pyx_r = ((PyObject *)__pyx_v_key);
   goto __pyx_L0;
 
-  /* "ssh/key.pyx":220
+  /* "ssh/key.pyx":250
  * 
  * 
  * def import_cert_file(filepath):             # <<<<<<<<<<<<<<
  *     cdef bytes b_filepath = to_bytes(filepath)
  *     cdef const_char *c_filepath = b_filepath
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4934,82 +7252,115 @@ static PyObject *__pyx_pf_3ssh_3key_12import_cert_file(CYTHON_UNUSED PyObject *_
   return __pyx_r;
 }
 
-/* "ssh/key.pyx":235
+/* "ssh/key.pyx":265
  * 
  * 
  * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):             # <<<<<<<<<<<<<<
  *     if priv_key.is_private() is False:
  *         raise KeyImportError
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3key_15copy_cert_to_privkey(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3key_14copy_cert_to_privkey[] = "copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key)";
-static PyMethodDef __pyx_mdef_3ssh_3key_15copy_cert_to_privkey = {"copy_cert_to_privkey", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_15copy_cert_to_privkey, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_14copy_cert_to_privkey};
-static PyObject *__pyx_pw_3ssh_3key_15copy_cert_to_privkey(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3key_15copy_cert_to_privkey(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3key_14copy_cert_to_privkey, "copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key)");
+static PyMethodDef __pyx_mdef_3ssh_3key_15copy_cert_to_privkey = {"copy_cert_to_privkey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_15copy_cert_to_privkey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_14copy_cert_to_privkey};
+static PyObject *__pyx_pw_3ssh_3key_15copy_cert_to_privkey(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_cert_key = 0;
   struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_priv_key = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("copy_cert_to_privkey (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_cert_key,&__pyx_n_s_priv_key,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_cert_key,&__pyx_mstate_global->__pyx_n_u_priv_key,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 265, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 265, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 265, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_cert_key)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_priv_key)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("copy_cert_to_privkey", 1, 2, 2, 1); __PYX_ERR(0, 235, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "copy_cert_to_privkey") < 0)) __PYX_ERR(0, 235, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "copy_cert_to_privkey", 0) < 0) __PYX_ERR(0, 265, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("copy_cert_to_privkey", 1, 2, 2, i); __PYX_ERR(0, 265, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 265, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 265, __pyx_L3_error)
     }
     __pyx_v_cert_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)values[0]);
     __pyx_v_priv_key = ((struct __pyx_obj_3ssh_3key_SSHKey *)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("copy_cert_to_privkey", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 235, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("copy_cert_to_privkey", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 265, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.key.copy_cert_to_privkey", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_cert_key), __pyx_ptype_3ssh_3key_SSHKey, 1, "cert_key", 0))) __PYX_ERR(0, 235, __pyx_L1_error)
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_priv_key), __pyx_ptype_3ssh_3key_SSHKey, 1, "priv_key", 0))) __PYX_ERR(0, 235, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_cert_key), __pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, 1, "cert_key", 0))) __PYX_ERR(0, 265, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_priv_key), __pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, 1, "priv_key", 0))) __PYX_ERR(0, 265, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_3key_14copy_cert_to_privkey(__pyx_self, __pyx_v_cert_key, __pyx_v_priv_key);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5022,165 +7373,153 @@ static PyObject *__pyx_pf_3ssh_3key_14copy_cert_to_privkey(CYTHON_UNUSED PyObjec
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_t_4;
-  int __pyx_t_5;
-  ssh_key __pyx_t_6;
+  ssh_key __pyx_t_5;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("copy_cert_to_privkey", 0);
 
-  /* "ssh/key.pyx":236
+  /* "ssh/key.pyx":266
  * 
  * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):
  *     if priv_key.is_private() is False:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key
- */
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_priv_key), __pyx_n_s_is_private); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 236, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
-  }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 236, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_priv_key);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_is_private, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 266, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+  }
   __pyx_t_4 = (__pyx_t_1 == Py_False);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_5 = (__pyx_t_4 != 0);
-  if (unlikely(__pyx_t_5)) {
+  if (unlikely(__pyx_t_4)) {
 
-    /* "ssh/key.pyx":237
+    /* "ssh/key.pyx":267
  * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):
  *     if priv_key.is_private() is False:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key
  *     cdef c_ssh.ssh_key _cert_key = cert_key._key
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 237, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 267, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 237, __pyx_L1_error)
+    __PYX_ERR(0, 267, __pyx_L1_error)
 
-    /* "ssh/key.pyx":236
+    /* "ssh/key.pyx":266
  * 
  * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):
  *     if priv_key.is_private() is False:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key
- */
+*/
   }
 
-  /* "ssh/key.pyx":238
+  /* "ssh/key.pyx":268
  *     if priv_key.is_private() is False:
  *         raise KeyImportError
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_key _cert_key = cert_key._key
  *     with nogil:
- */
-  __pyx_t_6 = __pyx_v_priv_key->_key;
-  __pyx_v__priv_key = __pyx_t_6;
+*/
+  __pyx_t_5 = __pyx_v_priv_key->_key;
+  __pyx_v__priv_key = __pyx_t_5;
 
-  /* "ssh/key.pyx":239
+  /* "ssh/key.pyx":269
  *         raise KeyImportError
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key
  *     cdef c_ssh.ssh_key _cert_key = cert_key._key             # <<<<<<<<<<<<<<
  *     with nogil:
  *         rc = c_ssh.ssh_pki_copy_cert_to_privkey(
- */
-  __pyx_t_6 = __pyx_v_cert_key->_key;
-  __pyx_v__cert_key = __pyx_t_6;
+*/
+  __pyx_t_5 = __pyx_v_cert_key->_key;
+  __pyx_v__cert_key = __pyx_t_5;
 
-  /* "ssh/key.pyx":240
+  /* "ssh/key.pyx":270
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key
  *     cdef c_ssh.ssh_key _cert_key = cert_key._key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_copy_cert_to_privkey(
  *             _cert_key, _priv_key)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/key.pyx":241
+        /* "ssh/key.pyx":271
  *     cdef c_ssh.ssh_key _cert_key = cert_key._key
  *     with nogil:
  *         rc = c_ssh.ssh_pki_copy_cert_to_privkey(             # <<<<<<<<<<<<<<
  *             _cert_key, _priv_key)
  *     if rc != c_ssh.SSH_OK:
- */
+*/
         __pyx_v_rc = ssh_pki_copy_cert_to_privkey(__pyx_v__cert_key, __pyx_v__priv_key);
       }
 
-      /* "ssh/key.pyx":240
+      /* "ssh/key.pyx":270
  *     cdef c_ssh.ssh_key _priv_key = priv_key._key
  *     cdef c_ssh.ssh_key _cert_key = cert_key._key
  *     with nogil:             # <<<<<<<<<<<<<<
  *         rc = c_ssh.ssh_pki_copy_cert_to_privkey(
  *             _cert_key, _priv_key)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
       }
   }
 
-  /* "ssh/key.pyx":243
+  /* "ssh/key.pyx":273
  *         rc = c_ssh.ssh_pki_copy_cert_to_privkey(
  *             _cert_key, _priv_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
- */
-  __pyx_t_5 = ((__pyx_v_rc != SSH_OK) != 0);
-  if (unlikely(__pyx_t_5)) {
+*/
+  __pyx_t_4 = (__pyx_v_rc != SSH_OK);
+  if (unlikely(__pyx_t_4)) {
 
-    /* "ssh/key.pyx":244
+    /* "ssh/key.pyx":274
  *             _cert_key, _priv_key)
  *     if rc != c_ssh.SSH_OK:
  *         raise KeyImportError             # <<<<<<<<<<<<<<
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 244, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 274, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 244, __pyx_L1_error)
+    __PYX_ERR(0, 274, __pyx_L1_error)
 
-    /* "ssh/key.pyx":243
+    /* "ssh/key.pyx":273
  *         rc = c_ssh.ssh_pki_copy_cert_to_privkey(
  *             _cert_key, _priv_key)
  *     if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *         raise KeyImportError
- */
+*/
   }
 
-  /* "ssh/key.pyx":235
+  /* "ssh/key.pyx":265
  * 
  * 
  * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):             # <<<<<<<<<<<<<<
  *     if priv_key.is_private() is False:
  *         raise KeyImportError
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -5188,7 +7527,6 @@ static PyObject *__pyx_pf_3ssh_3key_14copy_cert_to_privkey(CYTHON_UNUSED PyObjec
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.key.copy_cert_to_privkey", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -5196,20 +7534,26 @@ static PyObject *__pyx_pf_3ssh_3key_14copy_cert_to_privkey(CYTHON_UNUSED PyObjec
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_3key_SSHKey __pyx_vtable_3ssh_3key_SSHKey;
 
 static PyObject *__pyx_tp_new_3ssh_3key_SSHKey(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_3key_SSHKey *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_3key_SSHKey *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_3key_SSHKey;
-  if (unlikely(__pyx_pw_3ssh_3key_6SSHKey_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_3key_6SSHKey_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5218,8 +7562,10 @@ static PyObject *__pyx_tp_new_3ssh_3key_SSHKey(PyTypeObject *t, CYTHON_UNUSED Py
 
 static void __pyx_tp_dealloc_3ssh_3key_SSHKey(PyObject *o) {
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && (!PyType_IS_GC(Py_TYPE(o)) || !_PyGC_FINALIZED(o))) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && (!PyType_IS_GC(Py_TYPE(o)) || !__Pyx_PyObject_GC_IsFinalized(o))) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_3key_SSHKey) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   {
@@ -5230,7 +7576,14 @@ static void __pyx_tp_dealloc_3ssh_3key_SSHKey(PyObject *o) {
     __Pyx_SET_REFCNT(o, Py_REFCNT(o) - 1);
     PyErr_Restore(etype, eval, etb);
   }
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static PyObject *__pyx_tp_richcompare_3ssh_3key_SSHKey(PyObject *o1, PyObject *o2, int op) {
@@ -5242,7 +7595,8 @@ static PyObject *__pyx_tp_richcompare_3ssh_3key_SSHKey(PyObject *o1, PyObject *o
       PyObject *ret;
       ret = __pyx_pw_3ssh_3key_6SSHKey_9__eq__(o1, o2);
       if (likely(ret && ret != Py_NotImplemented)) {
-        int b = __Pyx_PyObject_IsTrue(ret); Py_DECREF(ret);
+        int b = __Pyx_PyObject_IsTrue(ret);
+        Py_DECREF(ret);
         if (unlikely(b < 0)) return NULL;
         ret = (b) ? Py_False : Py_True;
         Py_INCREF(ret);
@@ -5256,21 +7610,38 @@ static PyObject *__pyx_tp_richcompare_3ssh_3key_SSHKey(PyObject *o1, PyObject *o
 }
 
 static PyMethodDef __pyx_methods_3ssh_3key_SSHKey[] = {
-  {"is_private", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_5is_private, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_4is_private},
-  {"is_public", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_7is_public, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_6is_public},
-  {"key_type", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_11key_type, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_10key_type},
-  {"ecdsa_name", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_12ecdsa_name},
-  {"export_privkey_file", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_14export_privkey_file},
-  {"export_privkey_to_pubkey", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_to_pubkey, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_16export_privkey_to_pubkey},
-  {"export_pubkey_base64", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_19export_pubkey_base64, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_18export_pubkey_base64},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_21__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_3key_6SSHKey_20__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_3key_6SSHKey_23__setstate_cython__, METH_O, __pyx_doc_3ssh_3key_6SSHKey_22__setstate_cython__},
+  {"is_private", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_5is_private, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_4is_private},
+  {"is_public", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_7is_public, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_6is_public},
+  {"key_type", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_11key_type, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_10key_type},
+  {"ecdsa_name", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_13ecdsa_name, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_12ecdsa_name},
+  {"export_privkey_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_15export_privkey_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_14export_privkey_file},
+  {"export_privkey_file_format", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_17export_privkey_file_format, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_16export_privkey_file_format},
+  {"export_privkey_to_pubkey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_19export_privkey_to_pubkey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_18export_privkey_to_pubkey},
+  {"export_pubkey_base64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_21export_pubkey_base64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_20export_pubkey_base64},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_23__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_22__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3key_6SSHKey_25__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3key_6SSHKey_24__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_3key_SSHKey_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_3key_SSHKey},
+  {Py_tp_richcompare, (void *)__pyx_tp_richcompare_3ssh_3key_SSHKey},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_3key_SSHKey},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_3key_SSHKey},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_3key_SSHKey_spec = {
+  "ssh.key.SSHKey",
+  sizeof(struct __pyx_obj_3ssh_3key_SSHKey),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_3key_SSHKey_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_3key_SSHKey = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.key.SSHKey", /*tp_name*/
+  "ssh.key.""SSHKey", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_3key_SSHKey), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_3key_SSHKey, /*tp_dealloc*/
@@ -5282,12 +7653,7 @@ static PyTypeObject __pyx_type_3ssh_3key_SSHKey = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -5313,7 +7679,9 @@ static PyTypeObject __pyx_type_3ssh_3key_SSHKey = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_3key_SSHKey, /*tp_new*/
@@ -5326,319 +7694,114 @@ static PyTypeObject __pyx_type_3ssh_3key_SSHKey = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyMethodDef __pyx_methods[] = {
   {0, 0, 0, 0}
 };
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
+  /*--- Global init code ---*/
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
 
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_key(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_key},
-  {0, NULL}
-};
-#endif
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
+  /*--- Variable export code ---*/
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
 
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "key",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
+  /*--- Function export code ---*/
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
+  /*--- Type init code ---*/
+  __pyx_vtabptr_3ssh_3key_SSHKey = &__pyx_vtable_3ssh_3key_SSHKey;
+  __pyx_vtable_3ssh_3key_SSHKey.from_ptr = (struct __pyx_obj_3ssh_3key_SSHKey *(*)(ssh_key))__pyx_f_3ssh_3key_6SSHKey_from_ptr;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_3key_SSHKey_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey)) __PYX_ERR(0, 32, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_3key_SSHKey_spec, __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
   #else
-    -1, /* m_size */
+  __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey = &__pyx_type_3ssh_3key_SSHKey;
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if !CYTHON_COMPILING_IN_LIMITED_API
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
-
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_KeyExportError, __pyx_k_KeyExportError, sizeof(__pyx_k_KeyExportError), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyGenerationError, __pyx_k_KeyGenerationError, sizeof(__pyx_k_KeyGenerationError), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyImportError, __pyx_k_KeyImportError, sizeof(__pyx_k_KeyImportError), 0, 0, 1, 1},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_SSHKey, __pyx_k_SSHKey, sizeof(__pyx_k_SSHKey), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_kp_b__3, __pyx_k__3, sizeof(__pyx_k__3), 0, 0, 0, 0},
-  {&__pyx_n_s_b64_cert, __pyx_k_b64_cert, sizeof(__pyx_k_b64_cert), 0, 0, 1, 1},
-  {&__pyx_n_s_b64_key, __pyx_k_b64_key, sizeof(__pyx_k_b64_key), 0, 0, 1, 1},
-  {&__pyx_n_s_b_filepath, __pyx_k_b_filepath, sizeof(__pyx_k_b_filepath), 0, 0, 1, 1},
-  {&__pyx_n_s_b_passphrase, __pyx_k_b_passphrase, sizeof(__pyx_k_b_passphrase), 0, 0, 1, 1},
-  {&__pyx_n_s_bits, __pyx_k_bits, sizeof(__pyx_k_bits), 0, 0, 1, 1},
-  {&__pyx_n_s_c_filepath, __pyx_k_c_filepath, sizeof(__pyx_k_c_filepath), 0, 0, 1, 1},
-  {&__pyx_n_s_c_key, __pyx_k_c_key, sizeof(__pyx_k_c_key), 0, 0, 1, 1},
-  {&__pyx_n_s_c_passphrase, __pyx_k_c_passphrase, sizeof(__pyx_k_c_passphrase), 0, 0, 1, 1},
-  {&__pyx_n_s_cert_key, __pyx_k_cert_key, sizeof(__pyx_k_cert_key), 0, 0, 1, 1},
-  {&__pyx_n_s_cert_key_2, __pyx_k_cert_key_2, sizeof(__pyx_k_cert_key_2), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_copy_cert_to_privkey, __pyx_k_copy_cert_to_privkey, sizeof(__pyx_k_copy_cert_to_privkey), 0, 0, 1, 1},
-  {&__pyx_n_s_exceptions, __pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 0, 1, 1},
-  {&__pyx_n_s_filepath, __pyx_k_filepath, sizeof(__pyx_k_filepath), 0, 0, 1, 1},
-  {&__pyx_n_s_generate, __pyx_k_generate, sizeof(__pyx_k_generate), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_import_cert_base64, __pyx_k_import_cert_base64, sizeof(__pyx_k_import_cert_base64), 0, 0, 1, 1},
-  {&__pyx_n_s_import_cert_file, __pyx_k_import_cert_file, sizeof(__pyx_k_import_cert_file), 0, 0, 1, 1},
-  {&__pyx_n_s_import_privkey_base64, __pyx_k_import_privkey_base64, sizeof(__pyx_k_import_privkey_base64), 0, 0, 1, 1},
-  {&__pyx_n_s_import_privkey_file, __pyx_k_import_privkey_file, sizeof(__pyx_k_import_privkey_file), 0, 0, 1, 1},
-  {&__pyx_n_s_import_pubkey_base64, __pyx_k_import_pubkey_base64, sizeof(__pyx_k_import_pubkey_base64), 0, 0, 1, 1},
-  {&__pyx_n_s_import_pubkey_file, __pyx_k_import_pubkey_file, sizeof(__pyx_k_import_pubkey_file), 0, 0, 1, 1},
-  {&__pyx_n_s_is_private, __pyx_k_is_private, sizeof(__pyx_k_is_private), 0, 0, 1, 1},
-  {&__pyx_n_s_key, __pyx_k_key, sizeof(__pyx_k_key), 0, 0, 1, 1},
-  {&__pyx_n_s_key_2, __pyx_k_key_2, sizeof(__pyx_k_key_2), 0, 0, 1, 1},
-  {&__pyx_n_s_key_type, __pyx_k_key_type, sizeof(__pyx_k_key_type), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_passphrase, __pyx_k_passphrase, sizeof(__pyx_k_passphrase), 0, 0, 1, 1},
-  {&__pyx_n_s_priv_key, __pyx_k_priv_key, sizeof(__pyx_k_priv_key), 0, 0, 1, 1},
-  {&__pyx_n_s_priv_key_2, __pyx_k_priv_key_2, sizeof(__pyx_k_priv_key_2), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_rc, __pyx_k_rc, sizeof(__pyx_k_rc), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_key, __pyx_k_ssh_key, sizeof(__pyx_k_ssh_key), 0, 0, 1, 1},
-  {&__pyx_kp_s_ssh_key_pyx, __pyx_k_ssh_key_pyx, sizeof(__pyx_k_ssh_key_pyx), 0, 0, 1, 0},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 38, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey->tp_getattro = PyObject_GenericGetAttr;
+  }
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey, __pyx_vtabptr_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SSHKey, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
+  __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
   return -1;
 }
 
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-
-  /* "ssh/key.pyx":126
- * 
- * 
- * def generate(KeyType key_type, int bits):             # <<<<<<<<<<<<<<
- *     cdef SSHKey key
- *     cdef c_ssh.ssh_key _key
- */
-  __pyx_tuple__4 = PyTuple_Pack(5, __pyx_n_s_key_type, __pyx_n_s_bits, __pyx_n_s_key, __pyx_n_s_key_2, __pyx_n_s_rc); if (unlikely(!__pyx_tuple__4)) __PYX_ERR(0, 126, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__4);
-  __Pyx_GIVEREF(__pyx_tuple__4);
-  __pyx_codeobj__5 = (PyObject*)__Pyx_PyCode_New(2, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__4, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_generate, 126, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__5)) __PYX_ERR(0, 126, __pyx_L1_error)
-
-  /* "ssh/key.pyx":138
- * 
- * 
- * def import_privkey_base64(bytes b64_key, passphrase=b''):             # <<<<<<<<<<<<<<
- *     cdef const_char *c_key = b64_key
- *     cdef bytes b_passphrase
- */
-  __pyx_tuple__6 = PyTuple_Pack(8, __pyx_n_s_b64_key, __pyx_n_s_passphrase, __pyx_n_s_c_key, __pyx_n_s_b_passphrase, __pyx_n_s_c_passphrase, __pyx_n_s_rc, __pyx_n_s_key, __pyx_n_s_key_2); if (unlikely(!__pyx_tuple__6)) __PYX_ERR(0, 138, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__6);
-  __Pyx_GIVEREF(__pyx_tuple__6);
-  __pyx_codeobj__7 = (PyObject*)__Pyx_PyCode_New(2, 0, 8, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__6, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_import_privkey_base64, 138, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__7)) __PYX_ERR(0, 138, __pyx_L1_error)
-
-  /* "ssh/key.pyx":157
- * 
- * 
- * def import_privkey_file(filepath, passphrase=b''):             # <<<<<<<<<<<<<<
- *     cdef bytes b_passphrase
- *     cdef bytes b_filepath = to_bytes(filepath)
- */
-  __pyx_tuple__8 = PyTuple_Pack(9, __pyx_n_s_filepath, __pyx_n_s_passphrase, __pyx_n_s_b_passphrase, __pyx_n_s_b_filepath, __pyx_n_s_c_passphrase, __pyx_n_s_c_filepath, __pyx_n_s_rc, __pyx_n_s_key, __pyx_n_s_key_2); if (unlikely(!__pyx_tuple__8)) __PYX_ERR(0, 157, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__8);
-  __Pyx_GIVEREF(__pyx_tuple__8);
-  __pyx_codeobj__9 = (PyObject*)__Pyx_PyCode_New(2, 0, 9, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__8, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_import_privkey_file, 157, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__9)) __PYX_ERR(0, 157, __pyx_L1_error)
-
-  /* "ssh/key.pyx":177
- * 
- * 
- * def import_pubkey_base64(bytes b64_key, KeyType key_type):             # <<<<<<<<<<<<<<
- *     cdef const_char *c_key = b64_key
- *     cdef int rc
- */
-  __pyx_tuple__10 = PyTuple_Pack(6, __pyx_n_s_b64_key, __pyx_n_s_key_type, __pyx_n_s_c_key, __pyx_n_s_rc, __pyx_n_s_key, __pyx_n_s_key_2); if (unlikely(!__pyx_tuple__10)) __PYX_ERR(0, 177, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__10);
-  __Pyx_GIVEREF(__pyx_tuple__10);
-  __pyx_codeobj__11 = (PyObject*)__Pyx_PyCode_New(2, 0, 6, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__10, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_import_pubkey_base64, 177, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__11)) __PYX_ERR(0, 177, __pyx_L1_error)
-
-  /* "ssh/key.pyx":191
- * 
- * 
- * def import_pubkey_file(filepath):             # <<<<<<<<<<<<<<
- *     cdef bytes b_filepath = to_bytes(filepath)
- *     cdef const_char *c_filepath = b_filepath
- */
-  __pyx_tuple__12 = PyTuple_Pack(6, __pyx_n_s_filepath, __pyx_n_s_b_filepath, __pyx_n_s_c_filepath, __pyx_n_s_rc, __pyx_n_s_key, __pyx_n_s_key_2); if (unlikely(!__pyx_tuple__12)) __PYX_ERR(0, 191, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__12);
-  __Pyx_GIVEREF(__pyx_tuple__12);
-  __pyx_codeobj__13 = (PyObject*)__Pyx_PyCode_New(1, 0, 6, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__12, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_import_pubkey_file, 191, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__13)) __PYX_ERR(0, 191, __pyx_L1_error)
-
-  /* "ssh/key.pyx":206
- * 
- * 
- * def import_cert_base64(bytes b64_cert, KeyType key_type):             # <<<<<<<<<<<<<<
- *     cdef const_char *c_key = b64_cert
- *     cdef int rc
- */
-  __pyx_tuple__14 = PyTuple_Pack(6, __pyx_n_s_b64_cert, __pyx_n_s_key_type, __pyx_n_s_c_key, __pyx_n_s_rc, __pyx_n_s_key, __pyx_n_s_key_2); if (unlikely(!__pyx_tuple__14)) __PYX_ERR(0, 206, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__14);
-  __Pyx_GIVEREF(__pyx_tuple__14);
-  __pyx_codeobj__15 = (PyObject*)__Pyx_PyCode_New(2, 0, 6, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__14, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_import_cert_base64, 206, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__15)) __PYX_ERR(0, 206, __pyx_L1_error)
-
-  /* "ssh/key.pyx":220
- * 
- * 
- * def import_cert_file(filepath):             # <<<<<<<<<<<<<<
- *     cdef bytes b_filepath = to_bytes(filepath)
- *     cdef const_char *c_filepath = b_filepath
- */
-  __pyx_tuple__16 = PyTuple_Pack(6, __pyx_n_s_filepath, __pyx_n_s_b_filepath, __pyx_n_s_c_filepath, __pyx_n_s_rc, __pyx_n_s_key, __pyx_n_s_key_2); if (unlikely(!__pyx_tuple__16)) __PYX_ERR(0, 220, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__16);
-  __Pyx_GIVEREF(__pyx_tuple__16);
-  __pyx_codeobj__17 = (PyObject*)__Pyx_PyCode_New(1, 0, 6, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__16, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_import_cert_file, 220, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__17)) __PYX_ERR(0, 220, __pyx_L1_error)
-
-  /* "ssh/key.pyx":235
- * 
- * 
- * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):             # <<<<<<<<<<<<<<
- *     if priv_key.is_private() is False:
- *         raise KeyImportError
- */
-  __pyx_tuple__18 = PyTuple_Pack(5, __pyx_n_s_cert_key, __pyx_n_s_priv_key, __pyx_n_s_priv_key_2, __pyx_n_s_cert_key_2, __pyx_n_s_rc); if (unlikely(!__pyx_tuple__18)) __PYX_ERR(0, 235, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__18);
-  __Pyx_GIVEREF(__pyx_tuple__18);
-  __pyx_codeobj__19 = (PyObject*)__Pyx_PyCode_New(2, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__18, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_key_pyx, __pyx_n_s_copy_cert_to_privkey, 235, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__19)) __PYX_ERR(0, 235, __pyx_L1_error)
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
-  /*--- Global init code ---*/
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
-
-static int __Pyx_modinit_variable_export_code(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
-  /*--- Variable export code ---*/
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
-
-static int __Pyx_modinit_function_export_code(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
-  /*--- Function export code ---*/
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
-
-static int __Pyx_modinit_type_init_code(void) {
-  __Pyx_RefNannyDeclarations
-  int __pyx_lineno = 0;
-  const char *__pyx_filename = NULL;
-  int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
-  /*--- Type init code ---*/
-  __pyx_vtabptr_3ssh_3key_SSHKey = &__pyx_vtable_3ssh_3key_SSHKey;
-  __pyx_vtable_3ssh_3key_SSHKey.from_ptr = (struct __pyx_obj_3ssh_3key_SSHKey *(*)(ssh_key))__pyx_f_3ssh_3key_6SSHKey_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_3key_SSHKey.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_3key_SSHKey.tp_dictoffset && __pyx_type_3ssh_3key_SSHKey.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_3key_SSHKey.tp_getattro = __Pyx_PyObject_GenericGetAttr;
-  }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_3key_SSHKey.tp_dict, __pyx_vtabptr_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SSHKey, (PyObject *)&__pyx_type_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_3key_SSHKey) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __pyx_ptype_3ssh_3key_SSHKey = &__pyx_type_3ssh_3key_SSHKey;
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -5647,34 +7810,132 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.keytypes"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 20, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_8keytypes_KeyType = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "KeyType", sizeof(struct __pyx_obj_3ssh_8keytypes_KeyType), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_KeyType) __PYX_ERR(2, 20, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_DSSKey = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "DSSKey", sizeof(struct __pyx_obj_3ssh_8keytypes_DSSKey), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_DSSKey) __PYX_ERR(2, 24, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_RSAKey = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "RSAKey", sizeof(struct __pyx_obj_3ssh_8keytypes_RSAKey), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_RSAKey) __PYX_ERR(2, 28, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_RSA1Key = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "RSA1Key", sizeof(struct __pyx_obj_3ssh_8keytypes_RSA1Key), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_RSA1Key) __PYX_ERR(2, 32, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSAKey = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSAKey", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSAKey), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSAKey) __PYX_ERR(2, 36, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_DSSCert01Key = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "DSSCert01Key", sizeof(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_DSSCert01Key) __PYX_ERR(2, 40, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_RSACert01Key = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "RSACert01Key", sizeof(struct __pyx_obj_3ssh_8keytypes_RSACert01Key), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_RSACert01Key) __PYX_ERR(2, 44, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P256 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSA_P256", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSA_P256) __PYX_ERR(2, 48, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P384 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSA_P384", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSA_P384) __PYX_ERR(2, 52, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P521 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSA_P521", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSA_P521) __PYX_ERR(2, 56, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSA_P256_CERT01", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01) __PYX_ERR(2, 60, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSA_P384_CERT01", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01) __PYX_ERR(2, 64, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ECDSA_P521_CERT01", sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01) __PYX_ERR(2, 68, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = __Pyx_ImportType(__pyx_t_1, "ssh.keytypes", "ED25519_CERT01", sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_8keytypes_ED25519_CERT01) __PYX_ERR(2, 72, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "KeyType",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_KeyType), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_KeyType),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_KeyType), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_KeyType),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_KeyType), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_KeyType),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType) __PYX_ERR(2, 20, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "DSSKey",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_DSSKey),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_DSSKey),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_DSSKey),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey) __PYX_ERR(2, 24, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "RSAKey",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSAKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSAKey),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSAKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSAKey),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSAKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSAKey),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey) __PYX_ERR(2, 28, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "RSA1Key",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSA1Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSA1Key),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSA1Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSA1Key),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSA1Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSA1Key),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key) __PYX_ERR(2, 32, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSAKey",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSAKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSAKey),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSAKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSAKey),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSAKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSAKey),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey) __PYX_ERR(2, 36, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "DSSCert01Key",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key) __PYX_ERR(2, 40, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "RSACert01Key",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSACert01Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSACert01Key),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSACert01Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSACert01Key),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSACert01Key), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_RSACert01Key),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key) __PYX_ERR(2, 44, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSA_P256",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256) __PYX_ERR(2, 48, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSA_P384",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384) __PYX_ERR(2, 52, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSA_P521",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521) __PYX_ERR(2, 56, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSA_P256_CERT01",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01) __PYX_ERR(2, 60, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSA_P384_CERT01",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01) __PYX_ERR(2, 64, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ECDSA_P521_CERT01",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01) __PYX_ERR(2, 68, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.keytypes", "ED25519_CERT01",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01),
+  #else
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01) __PYX_ERR(2, 72, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -5684,16 +7945,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -5702,12 +7965,12 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.keytypes"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "from_keytype", (void (**)(void))&__pyx_f_3ssh_8keytypes_from_keytype, "struct __pyx_obj_3ssh_8keytypes_KeyType *(enum ssh_keytypes_e)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "from_keytype", (void (**)(void))&__pyx_f_3ssh_8keytypes_from_keytype, "struct __pyx_obj_3ssh_8keytypes_KeyType *(enum ssh_keytypes_e)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -5717,50 +7980,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_key(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_key},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "key",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initkey(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initkey(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_key(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_key(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -5768,7 +8102,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -5783,10 +8119,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -5809,10 +8148,15 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_key(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5823,9 +8167,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_key(PyObject *__pyx_pyinit_module)
     PyErr_SetString(PyExc_RuntimeError, "Module 'key' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "key" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -5835,241 +8207,372 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_key(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_key", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("key", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__key) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.key")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.key", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.key", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/key.pyx":22
- * from utils cimport to_str, to_bytes
+ * from .utils cimport to_str, to_bytes
  * 
  * from .exceptions import KeyExportError, KeyImportError, KeyGenerationError             # <<<<<<<<<<<<<<
  * 
- * cimport c_ssh
- */
-  __pyx_t_1 = PyList_New(3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(__pyx_n_s_KeyExportError);
-  __Pyx_GIVEREF(__pyx_n_s_KeyExportError);
-  PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_KeyExportError);
-  __Pyx_INCREF(__pyx_n_s_KeyImportError);
-  __Pyx_GIVEREF(__pyx_n_s_KeyImportError);
-  PyList_SET_ITEM(__pyx_t_1, 1, __pyx_n_s_KeyImportError);
-  __Pyx_INCREF(__pyx_n_s_KeyGenerationError);
-  __Pyx_GIVEREF(__pyx_n_s_KeyGenerationError);
-  PyList_SET_ITEM(__pyx_t_1, 2, __pyx_n_s_KeyGenerationError);
-  __pyx_t_2 = __Pyx_Import(__pyx_n_s_exceptions, __pyx_t_1, 1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
+ * from . cimport c_ssh
+*/
+  __pyx_t_2 = __Pyx_PyList_Pack(3, __pyx_mstate_global->__pyx_n_u_KeyExportError, __pyx_mstate_global->__pyx_n_u_KeyImportError, __pyx_mstate_global->__pyx_n_u_KeyGenerationError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_KeyExportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyExportError, __pyx_t_1) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_KeyImportError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyImportError, __pyx_t_1) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_KeyGenerationError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KeyGenerationError, __pyx_t_1) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_exceptions, __pyx_t_2, 1); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-
-  /* "ssh/key.pyx":126
- * 
- * 
- * def generate(KeyType key_type, int bits):             # <<<<<<<<<<<<<<
- *     cdef SSHKey key
- *     cdef c_ssh.ssh_key _key
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_1generate, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyExportError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_generate, __pyx_t_2) < 0) __PYX_ERR(0, 126, __pyx_L1_error)
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyExportError, __pyx_t_2) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-
-  /* "ssh/key.pyx":138
- * 
- * 
- * def import_privkey_base64(bytes b64_key, passphrase=b''):             # <<<<<<<<<<<<<<
- *     cdef const_char *c_key = b64_key
- *     cdef bytes b_passphrase
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_3import_privkey_base64, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 138, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyImportError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_import_privkey_base64, __pyx_t_2) < 0) __PYX_ERR(0, 138, __pyx_L1_error)
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyImportError, __pyx_t_2) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-
-  /* "ssh/key.pyx":157
- * 
- * 
- * def import_privkey_file(filepath, passphrase=b''):             # <<<<<<<<<<<<<<
- *     cdef bytes b_passphrase
- *     cdef bytes b_filepath = to_bytes(filepath)
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_5import_privkey_file, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_KeyGenerationError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_import_privkey_file, __pyx_t_2) < 0) __PYX_ERR(0, 157, __pyx_L1_error)
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KeyGenerationError, __pyx_t_2) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":177
+  /* "ssh/key.pyx":27
  * 
  * 
- * def import_pubkey_base64(bytes b64_key, KeyType key_type):             # <<<<<<<<<<<<<<
- *     cdef const_char *c_key = b64_key
- *     cdef int rc
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_7import_pubkey_base64, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 177, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_import_pubkey_base64, __pyx_t_2) < 0) __PYX_ERR(0, 177, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+ * SSH_FILE_FORMAT_DEFAULT = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_DEFAULT             # <<<<<<<<<<<<<<
+ * SSH_FILE_FORMAT_OPENSSH = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_OPENSSH
+ * SSH_FILE_FORMAT_PEM = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_PEM
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_file_format_e(SSH_FILE_FORMAT_DEFAULT); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_DEFAULT, __pyx_t_3) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":191
+  /* "ssh/key.pyx":28
  * 
+ * SSH_FILE_FORMAT_DEFAULT = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_DEFAULT
+ * SSH_FILE_FORMAT_OPENSSH = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_OPENSSH             # <<<<<<<<<<<<<<
+ * SSH_FILE_FORMAT_PEM = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_PEM
  * 
- * def import_pubkey_file(filepath):             # <<<<<<<<<<<<<<
- *     cdef bytes b_filepath = to_bytes(filepath)
- *     cdef const_char *c_filepath = b_filepath
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_9import_pubkey_file, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 191, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_import_pubkey_file, __pyx_t_2) < 0) __PYX_ERR(0, 191, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_file_format_e(SSH_FILE_FORMAT_OPENSSH); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_OPENSSH, __pyx_t_3) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":206
+  /* "ssh/key.pyx":29
+ * SSH_FILE_FORMAT_DEFAULT = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_DEFAULT
+ * SSH_FILE_FORMAT_OPENSSH = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_OPENSSH
+ * SSH_FILE_FORMAT_PEM = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_PEM             # <<<<<<<<<<<<<<
  * 
  * 
- * def import_cert_base64(bytes b64_cert, KeyType key_type):             # <<<<<<<<<<<<<<
- *     cdef const_char *c_key = b64_cert
- *     cdef int rc
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_11import_cert_base64, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 206, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_import_cert_base64, __pyx_t_2) < 0) __PYX_ERR(0, 206, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_file_format_e(SSH_FILE_FORMAT_PEM); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_FILE_FORMAT_PEM, __pyx_t_3) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":220
- * 
+  /* "ssh/key.pyx":50
+ *             self._key = NULL
  * 
- * def import_cert_file(filepath):             # <<<<<<<<<<<<<<
- *     cdef bytes b_filepath = to_bytes(filepath)
- *     cdef const_char *c_filepath = b_filepath
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_13import_cert_file, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 220, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_import_cert_file, __pyx_t_2) < 0) __PYX_ERR(0, 220, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+ *     def is_private(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_5is_private, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_is_private, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_is_private, __pyx_t_3) < 0) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/key.pyx":235
+  /* "ssh/key.pyx":56
+ *         return bool(rc)
+ * 
+ *     def is_public(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_7is_public, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_is_public, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_is_public, __pyx_t_3) < 0) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":75
+ *         return bool(not equal)
+ * 
+ *     def key_type(self):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.ssh_keytypes_e _type
+ *         if self._key is NULL:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_11key_type, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_key_type, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 75, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_key_type, __pyx_t_3) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":82
+ *         return from_keytype(_type)
+ * 
+ *     def ecdsa_name(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *c_name
+ *         cdef bytes b_name
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_13ecdsa_name, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_ecdsa_name, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_ecdsa_name, __pyx_t_3) < 0) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":90
+ *         return to_str(b_name)
+ * 
+ *     def export_privkey_file(self, filepath not None, passphrase=None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_passphrase
+ *         cdef bytes b_filepath = to_bytes(filepath)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_15export_privkey_file, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_export_privkey_file, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 90, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_export_privkey_file, __pyx_t_3) < 0) __PYX_ERR(0, 90, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":105
+ *             raise KeyExportError
+ * 
+ *     def export_privkey_file_format(             # <<<<<<<<<<<<<<
+ *             self, filepath not None, keyformat not None, passphrase=None):
+ *         cdef bytes b_passphrase
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_17export_privkey_file_format, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_export_privkey_file_forma, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_export_privkey_file_format, __pyx_t_3) < 0) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":130
+ *             raise KeyExportError
+ * 
+ *     def export_privkey_to_pubkey(self):             # <<<<<<<<<<<<<<
+ *         cdef SSHKey pub_key
+ *         cdef c_ssh.ssh_key _pub_key
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_19export_privkey_to_pubkey, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_export_privkey_to_pubkey, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 130, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_export_privkey_to_pubkey, __pyx_t_3) < 0) __PYX_ERR(0, 130, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":141
+ *         return pub_key
+ * 
+ *     def export_pubkey_base64(self):             # <<<<<<<<<<<<<<
+ *         cdef char *_key
+ *         cdef int rc
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_21export_pubkey_base64, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey_export_pubkey_base64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, __pyx_mstate_global->__pyx_n_u_export_pubkey_base64, __pyx_t_3) < 0) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_23__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_3) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_6SSHKey_25__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SSHKey___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_3) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":156
+ * 
+ * 
+ * def generate(KeyType key_type, int bits):             # <<<<<<<<<<<<<<
+ *     cdef SSHKey key
+ *     cdef c_ssh.ssh_key _key
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_1generate, 0, __pyx_mstate_global->__pyx_n_u_generate, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 156, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_generate, __pyx_t_3) < 0) __PYX_ERR(0, 156, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":168
+ * 
+ * 
+ * def import_privkey_base64(bytes b64_key, passphrase=b''):             # <<<<<<<<<<<<<<
+ *     cdef const_char *c_key = b64_key
+ *     cdef bytes b_passphrase
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_3import_privkey_base64, 0, __pyx_mstate_global->__pyx_n_u_import_privkey_base64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 168, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[1]);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_import_privkey_base64, __pyx_t_3) < 0) __PYX_ERR(0, 168, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":187
+ * 
+ * 
+ * def import_privkey_file(filepath, passphrase=b''):             # <<<<<<<<<<<<<<
+ *     cdef bytes b_passphrase
+ *     cdef bytes b_filepath = to_bytes(filepath)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_5import_privkey_file, 0, __pyx_mstate_global->__pyx_n_u_import_privkey_file, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 187, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[1]);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_import_privkey_file, __pyx_t_3) < 0) __PYX_ERR(0, 187, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":207
+ * 
+ * 
+ * def import_pubkey_base64(bytes b64_key, KeyType key_type):             # <<<<<<<<<<<<<<
+ *     cdef const_char *c_key = b64_key
+ *     cdef int rc
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_7import_pubkey_base64, 0, __pyx_mstate_global->__pyx_n_u_import_pubkey_base64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 207, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_import_pubkey_base64, __pyx_t_3) < 0) __PYX_ERR(0, 207, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":221
+ * 
+ * 
+ * def import_pubkey_file(filepath):             # <<<<<<<<<<<<<<
+ *     cdef bytes b_filepath = to_bytes(filepath)
+ *     cdef const_char *c_filepath = b_filepath
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_9import_pubkey_file, 0, __pyx_mstate_global->__pyx_n_u_import_pubkey_file, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 221, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_import_pubkey_file, __pyx_t_3) < 0) __PYX_ERR(0, 221, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":236
+ * 
+ * 
+ * def import_cert_base64(bytes b64_cert, KeyType key_type):             # <<<<<<<<<<<<<<
+ *     cdef const_char *c_key = b64_cert
+ *     cdef int rc
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_11import_cert_base64, 0, __pyx_mstate_global->__pyx_n_u_import_cert_base64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 236, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_import_cert_base64, __pyx_t_3) < 0) __PYX_ERR(0, 236, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":250
+ * 
+ * 
+ * def import_cert_file(filepath):             # <<<<<<<<<<<<<<
+ *     cdef bytes b_filepath = to_bytes(filepath)
+ *     cdef const_char *c_filepath = b_filepath
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_13import_cert_file, 0, __pyx_mstate_global->__pyx_n_u_import_cert_file, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 250, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_import_cert_file, __pyx_t_3) < 0) __PYX_ERR(0, 250, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/key.pyx":265
  * 
  * 
  * def copy_cert_to_privkey(SSHKey cert_key, SSHKey priv_key):             # <<<<<<<<<<<<<<
  *     if priv_key.is_private() is False:
  *         raise KeyImportError
- */
-  __pyx_t_2 = PyCFunction_NewEx(&__pyx_mdef_3ssh_3key_15copy_cert_to_privkey, NULL, __pyx_n_s_ssh_key); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 235, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_copy_cert_to_privkey, __pyx_t_2) < 0) __PYX_ERR(0, 235, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3key_15copy_cert_to_privkey, 0, __pyx_mstate_global->__pyx_n_u_copy_cert_to_privkey, NULL, __pyx_mstate_global->__pyx_n_u_ssh_key, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 265, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_copy_cert_to_privkey, __pyx_t_3) < 0) __PYX_ERR(0, 265, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/key.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_3) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.key", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.key");
   }
@@ -6077,12 +8580,358 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 0, 0}, /* PyObject cname: __pyx_kp_b_ */
+  {__pyx_k_KeyExportError, sizeof(__pyx_k_KeyExportError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyExportError */
+  {__pyx_k_KeyGenerationError, sizeof(__pyx_k_KeyGenerationError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyGenerationError */
+  {__pyx_k_KeyImportError, sizeof(__pyx_k_KeyImportError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyImportError */
+  {__pyx_k_Keyformat_must_be_one_of_SSH_FIL, sizeof(__pyx_k_Keyformat_must_be_one_of_SSH_FIL), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Keyformat_must_be_one_of_SSH_FIL */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_SSHKey, sizeof(__pyx_k_SSHKey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey */
+  {__pyx_k_SSHKey___reduce_cython, sizeof(__pyx_k_SSHKey___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey___reduce_cython */
+  {__pyx_k_SSHKey___setstate_cython, sizeof(__pyx_k_SSHKey___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey___setstate_cython */
+  {__pyx_k_SSHKey_ecdsa_name, sizeof(__pyx_k_SSHKey_ecdsa_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_ecdsa_name */
+  {__pyx_k_SSHKey_export_privkey_file, sizeof(__pyx_k_SSHKey_export_privkey_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_export_privkey_file */
+  {__pyx_k_SSHKey_export_privkey_file_forma, sizeof(__pyx_k_SSHKey_export_privkey_file_forma), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_export_privkey_file_forma */
+  {__pyx_k_SSHKey_export_privkey_to_pubkey, sizeof(__pyx_k_SSHKey_export_privkey_to_pubkey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_export_privkey_to_pubkey */
+  {__pyx_k_SSHKey_export_pubkey_base64, sizeof(__pyx_k_SSHKey_export_pubkey_base64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_export_pubkey_base64 */
+  {__pyx_k_SSHKey_is_private, sizeof(__pyx_k_SSHKey_is_private), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_is_private */
+  {__pyx_k_SSHKey_is_public, sizeof(__pyx_k_SSHKey_is_public), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_is_public */
+  {__pyx_k_SSHKey_key_type, sizeof(__pyx_k_SSHKey_key_type), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHKey_key_type */
+  {__pyx_k_SSH_FILE_FORMAT_DEFAULT, sizeof(__pyx_k_SSH_FILE_FORMAT_DEFAULT), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_FILE_FORMAT_DEFAULT */
+  {__pyx_k_SSH_FILE_FORMAT_OPENSSH, sizeof(__pyx_k_SSH_FILE_FORMAT_OPENSSH), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_FILE_FORMAT_OPENSSH */
+  {__pyx_k_SSH_FILE_FORMAT_PEM, sizeof(__pyx_k_SSH_FILE_FORMAT_PEM), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_FILE_FORMAT_PEM */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k_ValueError, sizeof(__pyx_k_ValueError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ValueError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k__3, sizeof(__pyx_k__3), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__3 */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_b64_cert, sizeof(__pyx_k_b64_cert), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b64_cert */
+  {__pyx_k_b64_key, sizeof(__pyx_k_b64_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b64_key */
+  {__pyx_k_b_filepath, sizeof(__pyx_k_b_filepath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_filepath */
+  {__pyx_k_b_key, sizeof(__pyx_k_b_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_key */
+  {__pyx_k_b_name, sizeof(__pyx_k_b_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_name */
+  {__pyx_k_b_passphrase, sizeof(__pyx_k_b_passphrase), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_passphrase */
+  {__pyx_k_bits, sizeof(__pyx_k_bits), 0, 1, 1}, /* PyObject cname: __pyx_n_u_bits */
+  {__pyx_k_c_filepath, sizeof(__pyx_k_c_filepath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_filepath */
+  {__pyx_k_c_key, sizeof(__pyx_k_c_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_key */
+  {__pyx_k_c_keyformat, sizeof(__pyx_k_c_keyformat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_keyformat */
+  {__pyx_k_c_name, sizeof(__pyx_k_c_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_name */
+  {__pyx_k_c_passphrase, sizeof(__pyx_k_c_passphrase), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_passphrase */
+  {__pyx_k_cert_key, sizeof(__pyx_k_cert_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cert_key */
+  {__pyx_k_cert_key_2, sizeof(__pyx_k_cert_key_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cert_key_2 */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_copy_cert_to_privkey, sizeof(__pyx_k_copy_cert_to_privkey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_copy_cert_to_privkey */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_ecdsa_name, sizeof(__pyx_k_ecdsa_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ecdsa_name */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exceptions */
+  {__pyx_k_export_privkey_file, sizeof(__pyx_k_export_privkey_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_export_privkey_file */
+  {__pyx_k_export_privkey_file_format, sizeof(__pyx_k_export_privkey_file_format), 0, 1, 1}, /* PyObject cname: __pyx_n_u_export_privkey_file_format */
+  {__pyx_k_export_privkey_to_pubkey, sizeof(__pyx_k_export_privkey_to_pubkey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_export_privkey_to_pubkey */
+  {__pyx_k_export_pubkey_base64, sizeof(__pyx_k_export_pubkey_base64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_export_pubkey_base64 */
+  {__pyx_k_filepath, sizeof(__pyx_k_filepath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_filepath */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_generate, sizeof(__pyx_k_generate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_generate */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_import_cert_base64, sizeof(__pyx_k_import_cert_base64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_import_cert_base64 */
+  {__pyx_k_import_cert_file, sizeof(__pyx_k_import_cert_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_import_cert_file */
+  {__pyx_k_import_privkey_base64, sizeof(__pyx_k_import_privkey_base64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_import_privkey_base64 */
+  {__pyx_k_import_privkey_file, sizeof(__pyx_k_import_privkey_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_import_privkey_file */
+  {__pyx_k_import_pubkey_base64, sizeof(__pyx_k_import_pubkey_base64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_import_pubkey_base64 */
+  {__pyx_k_import_pubkey_file, sizeof(__pyx_k_import_pubkey_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_import_pubkey_file */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_is_private, sizeof(__pyx_k_is_private), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_private */
+  {__pyx_k_is_public, sizeof(__pyx_k_is_public), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_public */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_key, sizeof(__pyx_k_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key */
+  {__pyx_k_key_2, sizeof(__pyx_k_key_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key_2 */
+  {__pyx_k_key_len, sizeof(__pyx_k_key_len), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key_len */
+  {__pyx_k_key_type, sizeof(__pyx_k_key_type), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key_type */
+  {__pyx_k_keyformat, sizeof(__pyx_k_keyformat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_keyformat */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_passphrase, sizeof(__pyx_k_passphrase), 0, 1, 1}, /* PyObject cname: __pyx_n_u_passphrase */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_priv_key, sizeof(__pyx_k_priv_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_priv_key */
+  {__pyx_k_priv_key_2, sizeof(__pyx_k_priv_key_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_priv_key_2 */
+  {__pyx_k_pub_key, sizeof(__pyx_k_pub_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pub_key */
+  {__pyx_k_pub_key_2, sizeof(__pyx_k_pub_key_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pub_key_2 */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_ssh_key, sizeof(__pyx_k_ssh_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_key */
+  {__pyx_k_ssh_key_pyx, sizeof(__pyx_k_ssh_key_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_key_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_type, sizeof(__pyx_k_type), 0, 1, 1}, /* PyObject cname: __pyx_n_u_type */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 43, __pyx_L1_error)
+  __pyx_builtin_ValueError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_ValueError); if (!__pyx_builtin_ValueError) __PYX_ERR(0, 113, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "ssh/key.pyx":90
+ *         return to_str(b_name)
+ * 
+ *     def export_privkey_file(self, filepath not None, passphrase=None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_passphrase
+ *         cdef bytes b_filepath = to_bytes(filepath)
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(1, Py_None); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(0, 90, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+
+  /* "ssh/key.pyx":168
+ * 
+ * 
+ * def import_privkey_base64(bytes b64_key, passphrase=b''):             # <<<<<<<<<<<<<<
+ *     cdef const_char *c_key = b64_key
+ *     cdef bytes b_passphrase
+*/
+  __pyx_mstate_global->__pyx_tuple[1] = PyTuple_Pack(1, ((PyObject*)__pyx_mstate_global->__pyx_kp_b_)); if (unlikely(!__pyx_mstate_global->__pyx_tuple[1])) __PYX_ERR(0, 168, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[1]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[1]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 3;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 4;
+            unsigned int flags : 10;
+            unsigned int first_line : 9;
+            unsigned int line_table_length : 12;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 50, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_is_private, __pyx_k_A_a_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 56, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_is_public, __pyx_k_A_Q_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 75, 36};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_type};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_key_type, __pyx_k_A_4vS_4q_1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 82, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_c_name, __pyx_mstate->__pyx_n_u_b_name};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_ecdsa_name, __pyx_k_A_1_a_vQa, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 90, 85};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_filepath, __pyx_mstate->__pyx_n_u_passphrase, __pyx_mstate->__pyx_n_u_b_passphrase, __pyx_mstate->__pyx_n_u_b_filepath, __pyx_mstate->__pyx_n_u_c_passphrase, __pyx_mstate->__pyx_n_u_c_filepath, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_export_privkey_file, __pyx_k_a_gQ_81A_1_2_G_vQ_3ha, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 10, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 105, 148};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_filepath, __pyx_mstate->__pyx_n_u_keyformat, __pyx_mstate->__pyx_n_u_passphrase, __pyx_mstate->__pyx_n_u_b_passphrase, __pyx_mstate->__pyx_n_u_b_filepath, __pyx_mstate->__pyx_n_u_c_passphrase, __pyx_mstate->__pyx_n_u_c_filepath, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_c_keyformat};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_export_privkey_file_format, __pyx_k_ADE_a_z_66Oq_A_31_z_66Oq_A_gQ_81, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 130, 51};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pub_key, __pyx_mstate->__pyx_n_u_pub_key_2, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_export_privkey_to_pubkey, __pyx_k_A_7q_G1A_3ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 141, 57};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_key, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_key, __pyx_mstate->__pyx_n_u_key_len};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_export_pubkey_base64, __pyx_k_A_31D_q_s_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 156, 53};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_key_type, __pyx_mstate->__pyx_n_u_bits, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_generate, __pyx_k_1HHF_1_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 168, 92};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_b64_key, __pyx_mstate->__pyx_n_u_passphrase, __pyx_mstate->__pyx_n_u_c_key, __pyx_mstate->__pyx_n_u_b_passphrase, __pyx_mstate->__pyx_n_u_c_passphrase, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_import_privkey_base64, __pyx_k_Q_A_xq_q_0_vQa_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 9, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 187, 101};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_filepath, __pyx_mstate->__pyx_n_u_passphrase, __pyx_mstate->__pyx_n_u_b_passphrase, __pyx_mstate->__pyx_n_u_b_filepath, __pyx_mstate->__pyx_n_u_c_passphrase, __pyx_mstate->__pyx_n_u_c_filepath, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_import_privkey_file, __pyx_k_HAQ_A_xq_q_a_fF_1_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 207, 59};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_b64_key, __pyx_mstate->__pyx_n_u_key_type, __pyx_mstate->__pyx_n_u_c_key, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_import_pubkey_base64, __pyx_k_Q_q_881A_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 221, 64};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_filepath, __pyx_mstate->__pyx_n_u_b_filepath, __pyx_mstate->__pyx_n_u_c_filepath, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_import_pubkey_file, __pyx_k_HAQ_Q_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 236, 59};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_b64_cert, __pyx_mstate->__pyx_n_u_key_type, __pyx_mstate->__pyx_n_u_c_key, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_import_cert_base64, __pyx_k_Q_Q_881A_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 250, 64};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_filepath, __pyx_mstate->__pyx_n_u_b_filepath, __pyx_mstate->__pyx_n_u_c_filepath, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key_2, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_import_cert_file, __pyx_k_HAQ_1_s_a_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 265, 64};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_cert_key, __pyx_mstate->__pyx_n_u_priv_key, __pyx_mstate->__pyx_n_u_priv_key_2, __pyx_mstate->__pyx_n_u_cert_key_2, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_key_pyx, __pyx_mstate->__pyx_n_u_copy_cert_to_privkey, __pyx_k_x_S_a_81_81_q_q_s_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -6102,33 +8951,393 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
 #endif
-    return PyObject_GetAttr(obj, attr_name);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
 }
 #endif
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
     if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
 #endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-    return result;
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
 }
+#endif
+#endif
 
 /* RaiseArgTupleInvalid */
 static void __Pyx_RaiseArgtupleInvalid(
@@ -6156,64 +9365,72 @@ static void __Pyx_RaiseArgtupleInvalid(
                  (num_expected == 1) ? "" : "s", num_found);
 }
 
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
-{
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
-#if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
-#else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
-    }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    return 0;
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
 #endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-    return 0;
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
 }
 
 /* ArgTypeTest */
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
 {
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
     if (unlikely(!type)) {
         PyErr_SetString(PyExc_SystemError, "Missing type object");
         return 0;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
-    }
-    else {
+    else if (!exact) {
         if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
     }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
     PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
     return 0;
 }
 
@@ -6223,357 +9440,110 @@ static void __Pyx_RaiseDoubleKeywordsError(
     PyObject* kw_name)
 {
     PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
         "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
 }
 
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
-        }
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
     }
-    return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-bad:
-    return -1;
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
 }
-
-/* PyDictVersioning */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
-}
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
-    PyObject **dictptr = NULL;
-    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
-    if (offset) {
-#if CYTHON_COMPILING_IN_CPYTHON
-        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
-#else
-        dictptr = _PyObject_GetDictPtr(obj);
-#endif
-    }
-    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
-}
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
-        return 0;
-    return obj_dict_version == __Pyx_get_object_dict_version(obj);
-}
-#endif
-
-/* GetModuleGlobalName */
-#if CYTHON_USE_DICT_VERSIONS
-static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
-#else
-static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
-#endif
-{
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
     PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
         return NULL;
     }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    }
-#endif
-#else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    }
-    PyErr_Clear();
-#endif
-    return __Pyx_GetBuiltinName(name);
-}
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-}
-#endif
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
-    }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
         }
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
-}
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
-    }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
         }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
         }
-    } else {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+        nk = i / 2;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
-        } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
-        }
-        PyException_SetCause(value, fixed_cause);
+    else {
+        kwtuple = NULL;
+        k = NULL;
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
-        }
-#endif
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
     }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
 }
 #endif
 
@@ -6584,7 +9554,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
     ternaryfunc call = Py_TYPE(func)->tp_call;
     if (unlikely(!call))
         return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = (*call)(func, arg, kw);
     Py_LeaveRecursiveCall();
@@ -6597,613 +9567,3057 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 }
 #endif
 
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
     }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
     }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
 #endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
         return NULL;
     }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
 #endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
         }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
         }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
     }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
         }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
         }
-        nk = i / 2;
     }
-    else {
-        kwtuple = NULL;
-        k = NULL;
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
     }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
 #endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
     }
-    else {
-        d = NULL;
-        nd = 0;
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
     }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* PyDictVersioning */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
+    PyObject **dictptr = NULL;
+    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
+    if (offset) {
+#if CYTHON_COMPILING_IN_CPYTHON
+        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+#else
+        dictptr = _PyObject_GetDictPtr(obj);
+#endif
+    }
+    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+}
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
+        return 0;
+    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+}
+#endif
+
+/* GetModuleGlobalName */
+#if CYTHON_USE_DICT_VERSIONS
+static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+#else
+static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+#endif
+{
+    PyObject *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
+        return NULL;
+    }
+    result = PyObject_GetAttr(__pyx_m, name);
+    if (likely(result)) {
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
+    }
+#else
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return __Pyx_NewRef(result);
+    }
+    PyErr_Clear();
+#endif
+    return __Pyx_GetBuiltinName(name);
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* PyObjectFastCallMethod */
+#if !CYTHON_VECTORCALL || PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf) {
+    PyObject *result;
+    PyObject *attr = PyObject_GetAttr(args[0], name);
+    if (unlikely(!attr))
+        return NULL;
+    result = __Pyx_PyObject_FastCall(attr, args+1, nargsf - 1);
+    Py_DECREF(attr);
+    return result;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
+#endif
+}
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
+}
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* ListPack */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...) {
+    va_list va;
+    PyObject *l = PyList_New(n);
+    va_start(va, n);
+    if (unlikely(!l)) goto end;
+    for (Py_ssize_t i=0; i<n; ++i) {
+        PyObject *arg = va_arg(va, PyObject*);
+        Py_INCREF(arg);
+        if (__Pyx_PyList_SET_ITEM(l, i, arg) != (0)) {
+            Py_CLEAR(l);
+            goto end;
+        }
+    }
+    end:
+    va_end(va);
+    return l;
+}
+
+/* Import */
+static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
+    PyObject *module = 0;
+    PyObject *empty_dict = 0;
+    PyObject *empty_list = 0;
+    empty_dict = PyDict_New();
+    if (unlikely(!empty_dict))
+        goto bad;
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
+            module = PyImport_ImportModuleLevelObject(
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
+        }
+        level = 0;
+    }
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
+    }
+bad:
+    Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
+    return module;
+}
+
+/* ImportFrom */
+static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
+    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
+    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u__2);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
+        }
+        #else
+        value = PyImport_GetModule(full_name);
+        #endif
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
+    }
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
+    }
+    return value;
+}
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
 #else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
 }
 #endif
-#endif
 
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
     }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
     return result;
 }
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
 #endif
 
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
     }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
 #else
-    if (likely(PyCFunction_Check(func)))
+        PyDict_GET_SIZE(kw);
 #endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
-        }
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
 }
 #endif
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
     }
+    return 0;
 }
-#endif
-
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
     }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
         }
+#endif
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
 }
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
     PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
     return result;
 }
-#endif
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
-    return NULL;
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
     #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
         }
     }
-    return descr;
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
+    }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
-}
-static int __Pyx_setup_reduce(PyObject* type_obj) {
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
     int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
-#else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
     }
-#endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
-    }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
-#endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return meth(self, args[0]);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* Import */
-static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
-    PyObject *module = 0;
-    PyObject *global_dict = 0;
-    PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
-    empty_dict = PyDict_New();
-    if (!empty_dict)
-        goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
-        }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
-            module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
-        }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
-    Py_XDECREF(empty_dict);
-    return module;
+    return 0;
 }
-
-/* ImportFrom */
-static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
-    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
-    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
-        #else
-            "cannot import name %S", name);
-        #endif
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return value;
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -7212,11 +12626,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -7244,130 +12659,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -7398,7 +12879,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -7408,6 +12889,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -7431,190 +12913,351 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
         return (target_type) value;\
     }
 
-/* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
+/* CIntToPy */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_file_format_e(enum ssh_file_format_e value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
 #endif
-    const int neg_one = (int) -1, const_zero = (int) 0;
+    const enum ssh_file_format_e neg_one = (enum ssh_file_format_e) -1, const_zero = (enum ssh_file_format_e) 0;
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
+    if (is_unsigned) {
+        if (sizeof(enum ssh_file_format_e) < sizeof(long)) {
+            return PyLong_FromLong((long) value);
+        } else if (sizeof(enum ssh_file_format_e) <= sizeof(unsigned long)) {
+            return PyLong_FromUnsignedLong((unsigned long) value);
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
+        } else if (sizeof(enum ssh_file_format_e) <= sizeof(unsigned PY_LONG_LONG)) {
+            return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
+#endif
+        }
+    } else {
+        if (sizeof(enum ssh_file_format_e) <= sizeof(long)) {
+            return PyLong_FromLong((long) value);
+#ifdef HAVE_LONG_LONG
+        } else if (sizeof(enum ssh_file_format_e) <= sizeof(PY_LONG_LONG)) {
+            return PyLong_FromLongLong((PY_LONG_LONG) value);
+#endif
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
         } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(enum ssh_file_format_e),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_file_format_e));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
             }
-            return (int) val;
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
         }
-    } else
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
 #endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    }
+}
+
+/* CIntFromPy */
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+    const int neg_one = (int) -1, const_zero = (int) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
+#endif
+    const int is_unsigned = neg_one > const_zero;
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7627,8 +13270,236 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
     return (int) -1;
 }
 
+/* CIntFromPy */
+static CYTHON_INLINE enum ssh_file_format_e __Pyx_PyLong_As_enum__ssh_file_format_e(PyObject *x) {
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+    const enum ssh_file_format_e neg_one = (enum ssh_file_format_e) -1, const_zero = (enum ssh_file_format_e) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
+#endif
+    const int is_unsigned = neg_one > const_zero;
+    if (unlikely(!PyLong_Check(x))) {
+        enum ssh_file_format_e val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (enum ssh_file_format_e) -1;
+        val = __Pyx_PyLong_As_enum__ssh_file_format_e(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
+#if CYTHON_USE_PYLONG_INTERNALS
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
+                case 2:
+                    if ((8 * sizeof(enum ssh_file_format_e) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) >= 2 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) (((((enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0]));
+                        }
+                    }
+                    break;
+                case 3:
+                    if ((8 * sizeof(enum ssh_file_format_e) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) >= 3 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) (((((((enum ssh_file_format_e)digits[2]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0]));
+                        }
+                    }
+                    break;
+                case 4:
+                    if ((8 * sizeof(enum ssh_file_format_e) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) >= 4 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) (((((((((enum ssh_file_format_e)digits[3]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[2]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0]));
+                        }
+                    }
+                    break;
+            }
+        }
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
+#else
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (enum ssh_file_format_e) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
+#endif
+        if ((sizeof(enum ssh_file_format_e) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_file_format_e, unsigned long, PyLong_AsUnsignedLong(x))
+#ifdef HAVE_LONG_LONG
+        } else if ((sizeof(enum ssh_file_format_e) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_file_format_e, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+#endif
+        }
+    } else {
+#if CYTHON_USE_PYLONG_INTERNALS
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
+                case -2:
+                    if ((8 * sizeof(enum ssh_file_format_e) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) - 1 > 2 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) (((enum ssh_file_format_e)-1)*(((((enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0])));
+                        }
+                    }
+                    break;
+                case 2:
+                    if ((8 * sizeof(enum ssh_file_format_e) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) - 1 > 2 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) ((((((enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0])));
+                        }
+                    }
+                    break;
+                case -3:
+                    if ((8 * sizeof(enum ssh_file_format_e) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) - 1 > 3 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) (((enum ssh_file_format_e)-1)*(((((((enum ssh_file_format_e)digits[2]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0])));
+                        }
+                    }
+                    break;
+                case 3:
+                    if ((8 * sizeof(enum ssh_file_format_e) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) - 1 > 3 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) ((((((((enum ssh_file_format_e)digits[2]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0])));
+                        }
+                    }
+                    break;
+                case -4:
+                    if ((8 * sizeof(enum ssh_file_format_e) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) - 1 > 4 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) (((enum ssh_file_format_e)-1)*(((((((((enum ssh_file_format_e)digits[3]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[2]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0])));
+                        }
+                    }
+                    break;
+                case 4:
+                    if ((8 * sizeof(enum ssh_file_format_e) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
+                            __PYX_VERIFY_RETURN_INT(enum ssh_file_format_e, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
+                        } else if ((8 * sizeof(enum ssh_file_format_e) - 1 > 4 * PyLong_SHIFT)) {
+                            return (enum ssh_file_format_e) ((((((((((enum ssh_file_format_e)digits[3]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[2]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[1]) << PyLong_SHIFT) | (enum ssh_file_format_e)digits[0])));
+                        }
+                    }
+                    break;
+            }
+        }
+#endif
+        if ((sizeof(enum ssh_file_format_e) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_file_format_e, long, PyLong_AsLong(x))
+#ifdef HAVE_LONG_LONG
+        } else if ((sizeof(enum ssh_file_format_e) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_file_format_e, PY_LONG_LONG, PyLong_AsLongLong(x))
+#endif
+        }
+    }
+    {
+        enum ssh_file_format_e val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyErr_SetString(PyExc_RuntimeError,
+                        "_PyLong_AsByteArray() or PyLong_AsNativeBytes() not available, cannot convert large enums");
+        val = (enum ssh_file_format_e) -1;
+#endif
+        if (unlikely(ret))
+            return (enum ssh_file_format_e) -1;
+        return val;
+    }
+raise_overflow:
+    PyErr_SetString(PyExc_OverflowError,
+        "value too large to convert to enum ssh_file_format_e");
+    return (enum ssh_file_format_e) -1;
+raise_neg_overflow:
+    PyErr_SetString(PyExc_OverflowError,
+        "can't convert negative value to enum ssh_file_format_e");
+    return (enum ssh_file_format_e) -1;
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__3);
+    }
+    goto done;
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7640,33 +13511,66 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
 #endif
-        }
-    }
-    {
-        int one = 1; int little = (int)*(unsigned char *)&one;
-        unsigned char *bytes = (unsigned char *)&value;
-        return _PyLong_FromByteArray(bytes, sizeof(long),
-                                     little, !is_unsigned);
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(long),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7676,179 +13580,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7865,7 +13827,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -7886,51 +13848,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -7961,65 +13910,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -8027,97 +13995,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -8129,25 +14233,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -8170,95 +14274,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -8297,33 +14372,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/key.pxd b/ssh/key.pxd
index 55f5aed8..55c53c15 100644
--- a/ssh/key.pxd
+++ b/ssh/key.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class SSHKey:
diff --git a/ssh/key.pyx b/ssh/key.pyx
index 4bc26653..760fc743 100644
--- a/ssh/key.pyx
+++ b/ssh/key.pyx
@@ -1,27 +1,33 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.string cimport const_char
 
-from keytypes cimport from_keytype, KeyType
-from utils cimport to_str, to_bytes
+from .keytypes cimport from_keytype, KeyType
+from .utils cimport to_str, to_bytes
 
 from .exceptions import KeyExportError, KeyImportError, KeyGenerationError
 
-cimport c_ssh
+from . cimport c_ssh
+
+
+SSH_FILE_FORMAT_DEFAULT = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_DEFAULT
+SSH_FILE_FORMAT_OPENSSH = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_OPENSSH
+SSH_FILE_FORMAT_PEM = c_ssh.ssh_file_format_e.SSH_FILE_FORMAT_PEM
 
 
 cdef class SSHKey:
@@ -82,7 +88,7 @@ cdef class SSHKey:
         b_name = c_name
         return to_str(b_name)
 
-    def export_privkey_file(self, filepath, passphrase=None):
+    def export_privkey_file(self, filepath not None, passphrase=None):
         cdef bytes b_passphrase
         cdef bytes b_filepath = to_bytes(filepath)
         cdef const_char *c_passphrase = NULL
@@ -97,6 +103,31 @@ cdef class SSHKey:
         if rc != c_ssh.SSH_OK:
             raise KeyExportError
 
+    def export_privkey_file_format(
+            self, filepath not None, keyformat not None, passphrase=None):
+        cdef bytes b_passphrase
+        cdef bytes b_filepath = to_bytes(filepath)
+        cdef const_char *c_passphrase = NULL
+        cdef const_char *c_filepath = b_filepath
+        cdef int rc
+        if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+            raise ValueError(
+                "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+                keyformat)
+        cdef c_ssh.ssh_file_format_e c_keyformat = keyformat
+        if not keyformat in (SSH_FILE_FORMAT_DEFAULT, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM):
+            raise ValueError(
+                "Keyformat must be one of SSH_FILE_DEFAULT, SSH_FILE_FORMAT_OPENSSH or SSH_FILE_FORMAT_PEM - got %s",
+                keyformat)
+        if passphrase is not None:
+            b_passphrase = to_bytes(passphrase)
+            c_passphrase = b_passphrase
+        with nogil:
+            rc = c_ssh.ssh_pki_export_privkey_file_format(
+                self._key, c_passphrase, NULL, NULL, c_filepath, c_keyformat)
+        if rc != c_ssh.SSH_OK:
+            raise KeyExportError
+
     def export_privkey_to_pubkey(self):
         cdef SSHKey pub_key
         cdef c_ssh.ssh_key _pub_key
diff --git a/ssh/keytypes.c b/ssh/keytypes.c
index 45374d1e..40b271f9 100644
--- a/ssh/keytypes.c
+++ b/ssh/keytypes.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.keytypes",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/keytypes.pyx"
+        ]
+    },
+    "module_name": "ssh.keytypes"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,71 +911,195 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
+#endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
+#else
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
+#endif
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
 #endif
 #include <math.h>
 #ifdef NAN
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -754,12 +1164,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -794,140 +1200,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -939,25 +1334,171 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
-  "stringsource",
+static const char* const __pyx_f[] = {
   "ssh/keytypes.pyx",
+  "<stringsource>",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -965,11 +1506,41 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_8keytypes_KeyType;
@@ -995,7 +1566,7 @@ struct __pyx_obj_3ssh_8keytypes_ED25519Key;
  * cdef class KeyType:             # <<<<<<<<<<<<<<
  *     cdef ssh_keytypes_e _type
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_KeyType {
   PyObject_HEAD
   enum ssh_keytypes_e _type;
@@ -1008,7 +1579,7 @@ struct __pyx_obj_3ssh_8keytypes_KeyType {
  * cdef class DSSKey(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_DSSKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1020,7 +1591,7 @@ struct __pyx_obj_3ssh_8keytypes_DSSKey {
  * cdef class RSAKey(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_RSAKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1032,7 +1603,7 @@ struct __pyx_obj_3ssh_8keytypes_RSAKey {
  * cdef class RSA1Key(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_RSA1Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1044,7 +1615,7 @@ struct __pyx_obj_3ssh_8keytypes_RSA1Key {
  * cdef class ECDSAKey(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSAKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1056,7 +1627,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSAKey {
  * cdef class DSSCert01Key(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_DSSCert01Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1068,7 +1639,7 @@ struct __pyx_obj_3ssh_8keytypes_DSSCert01Key {
  * cdef class RSACert01Key(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_RSACert01Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1080,7 +1651,7 @@ struct __pyx_obj_3ssh_8keytypes_RSACert01Key {
  * cdef class ECDSA_P256(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1092,7 +1663,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 {
  * cdef class ECDSA_P384(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1104,7 +1675,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 {
  * cdef class ECDSA_P521(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1116,7 +1687,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 {
  * cdef class ECDSA_P256_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1128,7 +1699,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 {
  * cdef class ECDSA_P384_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1140,7 +1711,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 {
  * cdef class ECDSA_P521_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1152,7 +1723,7 @@ struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 {
  * cdef class ED25519_CERT01(KeyType):             # <<<<<<<<<<<<<<
  *     pass
  * 
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1164,7 +1735,7 @@ struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 {
  * cdef class UnknownKey(KeyType):             # <<<<<<<<<<<<<<
  *     def __cinit__(self):
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_UnknownKey {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
@@ -1176,11 +1747,12 @@ struct __pyx_obj_3ssh_8keytypes_UnknownKey {
  * cdef class ED25519Key(KeyType):             # <<<<<<<<<<<<<<
  *     def __cinit__(self):
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519
- */
+*/
 struct __pyx_obj_3ssh_8keytypes_ED25519Key {
   struct __pyx_obj_3ssh_8keytypes_KeyType __pyx_base;
 };
 
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1189,42 +1761,48 @@ struct __pyx_obj_3ssh_8keytypes_ED25519Key {
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1235,6 +1813,10 @@ struct __pyx_obj_3ssh_8keytypes_ED25519Key {
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1246,6 +1828,57 @@ struct __pyx_obj_3ssh_8keytypes_ED25519Key {
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1253,45 +1886,131 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
+/* PyObjectFastCallMethod.proto */
+#if CYTHON_VECTORCALL && PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyObject_FastCallMethod(name, args, nargsf) PyObject_VectorcallMethod(name, args, nargsf, NULL)
+#else
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf);
+#endif
+
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
 
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
 #endif
 
 /* PyObjectCall.proto */
@@ -1306,90 +2025,215 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
 
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
 #endif
-
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
-
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
 #else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
 #endif
-
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
-#else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
 #endif
+}
 #else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
 #endif
 
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
-
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
 #endif
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
 #define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
@@ -1417,129 +2261,231 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_keytypes_e(enum ssh_keytypes_e value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_keytypes_e(enum ssh_keytypes_e value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionExport.proto */
 static int __Pyx_ExportFunction(const char *name, void (*f)(void), const char *sig);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_to_bytes)(PyObject *); /*proto*/
 static PyObject *(*__pyx_f_3ssh_5utils_to_str)(char const *); /*proto*/
 
-/* Module declarations from 'ssh.keytypes' */
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_KeyType = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSAKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSA1Key = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSAKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSCert01Key = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSACert01Key = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_UnknownKey = 0;
-static PyTypeObject *__pyx_ptype_3ssh_8keytypes_ED25519Key = 0;
+/* Module declarations from "ssh.keytypes" */
 static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keytype(enum ssh_keytypes_e); /*proto*/
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.keytypes"
 extern int __pyx_module_is_main_ssh__keytypes;
 int __pyx_module_is_main_ssh__keytypes = 0;
 
-/* Implementation of 'ssh.keytypes' */
+/* Implementation of "ssh.keytypes" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_TypeError;
 static PyObject *__pyx_builtin_ValueError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_pop[] = "pop";
 static const char __pyx_k_str[] = "__str__";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_test[] = "__test__";
 static const char __pyx_k_type[] = "_type";
 static const char __pyx_k_DSSKey[] = "DSSKey";
 static const char __pyx_k_RSAKey[] = "RSAKey";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reduce[] = "__reduce__";
 static const char __pyx_k_KeyType[] = "KeyType";
 static const char __pyx_k_RSA1Key[] = "RSA1Key";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_unknown[] = "unknown";
 static const char __pyx_k_ECDSAKey[] = "ECDSAKey";
+static const char __pyx_k_HAQ_aq_q[] = "\200\001\340\004\034\230H\240A\240Q\330\004!\240\021\330\t\n\330\010\020\320\020&\240a\240q\330\004\013\210<\220q\230\001";
 static const char __pyx_k_getstate[] = "__getstate__";
 static const char __pyx_k_key_name[] = "key_name";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
 static const char __pyx_k_ECDSA_P256[] = "ECDSA_P256";
 static const char __pyx_k_ECDSA_P384[] = "ECDSA_P384";
@@ -1551,7 +2497,9 @@ static const char __pyx_k_b_key_name[] = "b_key_name";
 static const char __pyx_k_key_name_2[] = "_key_name";
 static const char __pyx_k_DSSCert01Key[] = "DSSCert01Key";
 static const char __pyx_k_RSACert01Key[] = "RSACert01Key";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
 static const char __pyx_k_ssh_keytypes[] = "ssh.keytypes";
+static const char __pyx_k_stringsource[] = "<stringsource>";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
 static const char __pyx_k_ED25519_CERT01[] = "ED25519_CERT01";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
@@ -1560,48 +2508,43 @@ static const char __pyx_k_ECDSA_P256_CERT01[] = "ECDSA_P256_CERT01";
 static const char __pyx_k_ECDSA_P384_CERT01[] = "ECDSA_P384_CERT01";
 static const char __pyx_k_ECDSA_P521_CERT01[] = "ECDSA_P521_CERT01";
 static const char __pyx_k_Unknown_keytype_s[] = "Unknown keytype %s";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
 static const char __pyx_k_key_type_from_name[] = "key_type_from_name";
+static const char __pyx_k_DSSKey___reduce_cython[] = "DSSKey.__reduce_cython__";
+static const char __pyx_k_RSAKey___reduce_cython[] = "RSAKey.__reduce_cython__";
+static const char __pyx_k_KeyType___reduce_cython[] = "KeyType.__reduce_cython__";
+static const char __pyx_k_RSA1Key___reduce_cython[] = "RSA1Key.__reduce_cython__";
+static const char __pyx_k_DSSKey___setstate_cython[] = "DSSKey.__setstate_cython__";
+static const char __pyx_k_ECDSAKey___reduce_cython[] = "ECDSAKey.__reduce_cython__";
+static const char __pyx_k_RSAKey___setstate_cython[] = "RSAKey.__setstate_cython__";
+static const char __pyx_k_KeyType___setstate_cython[] = "KeyType.__setstate_cython__";
+static const char __pyx_k_RSA1Key___setstate_cython[] = "RSA1Key.__setstate_cython__";
+static const char __pyx_k_ECDSAKey___setstate_cython[] = "ECDSAKey.__setstate_cython__";
+static const char __pyx_k_ECDSA_P256___reduce_cython[] = "ECDSA_P256.__reduce_cython__";
+static const char __pyx_k_ECDSA_P384___reduce_cython[] = "ECDSA_P384.__reduce_cython__";
+static const char __pyx_k_ECDSA_P521___reduce_cython[] = "ECDSA_P521.__reduce_cython__";
+static const char __pyx_k_ED25519Key___reduce_cython[] = "ED25519Key.__reduce_cython__";
+static const char __pyx_k_UnknownKey___reduce_cython[] = "UnknownKey.__reduce_cython__";
+static const char __pyx_k_DSSCert01Key___reduce_cython[] = "DSSCert01Key.__reduce_cython__";
+static const char __pyx_k_ECDSA_P256___setstate_cython[] = "ECDSA_P256.__setstate_cython__";
+static const char __pyx_k_ECDSA_P384___setstate_cython[] = "ECDSA_P384.__setstate_cython__";
+static const char __pyx_k_ECDSA_P521___setstate_cython[] = "ECDSA_P521.__setstate_cython__";
+static const char __pyx_k_ED25519Key___setstate_cython[] = "ED25519Key.__setstate_cython__";
+static const char __pyx_k_RSACert01Key___reduce_cython[] = "RSACert01Key.__reduce_cython__";
+static const char __pyx_k_UnknownKey___setstate_cython[] = "UnknownKey.__setstate_cython__";
+static const char __pyx_k_DSSCert01Key___setstate_cython[] = "DSSCert01Key.__setstate_cython__";
+static const char __pyx_k_ED25519_CERT01___reduce_cython[] = "ED25519_CERT01.__reduce_cython__";
+static const char __pyx_k_RSACert01Key___setstate_cython[] = "RSACert01Key.__setstate_cython__";
+static const char __pyx_k_ECDSA_P256_CERT01___reduce_cytho[] = "ECDSA_P256_CERT01.__reduce_cython__";
+static const char __pyx_k_ECDSA_P256_CERT01___setstate_cyt[] = "ECDSA_P256_CERT01.__setstate_cython__";
+static const char __pyx_k_ECDSA_P384_CERT01___reduce_cytho[] = "ECDSA_P384_CERT01.__reduce_cython__";
+static const char __pyx_k_ECDSA_P384_CERT01___setstate_cyt[] = "ECDSA_P384_CERT01.__setstate_cython__";
+static const char __pyx_k_ECDSA_P521_CERT01___reduce_cytho[] = "ECDSA_P521_CERT01.__reduce_cython__";
+static const char __pyx_k_ECDSA_P521_CERT01___setstate_cyt[] = "ECDSA_P521_CERT01.__setstate_cython__";
+static const char __pyx_k_ED25519_CERT01___setstate_cython[] = "ED25519_CERT01.__setstate_cython__";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_DSSCert01Key;
-static PyObject *__pyx_n_s_DSSKey;
-static PyObject *__pyx_n_s_ECDSAKey;
-static PyObject *__pyx_n_s_ECDSA_P256;
-static PyObject *__pyx_n_s_ECDSA_P256_CERT01;
-static PyObject *__pyx_n_s_ECDSA_P384;
-static PyObject *__pyx_n_s_ECDSA_P384_CERT01;
-static PyObject *__pyx_n_s_ECDSA_P521;
-static PyObject *__pyx_n_s_ECDSA_P521_CERT01;
-static PyObject *__pyx_n_s_ED25519Key;
-static PyObject *__pyx_n_s_ED25519_CERT01;
-static PyObject *__pyx_n_s_KeyType;
-static PyObject *__pyx_n_s_RSA1Key;
-static PyObject *__pyx_n_s_RSACert01Key;
-static PyObject *__pyx_n_s_RSAKey;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_UnknownKey;
-static PyObject *__pyx_kp_s_Unknown_keytype_s;
-static PyObject *__pyx_n_s_ValueError;
-static PyObject *__pyx_n_s_b_key_name;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_key_name;
-static PyObject *__pyx_n_s_key_name_2;
-static PyObject *__pyx_n_s_key_type_from_name;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_ssh_keytypes;
-static PyObject *__pyx_kp_s_ssh_keytypes_pyx;
-static PyObject *__pyx_n_s_str;
-static PyObject *__pyx_n_s_test;
-static PyObject *__pyx_n_s_type;
-static PyObject *__pyx_n_s_unknown;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_8keytypes_7KeyType___cinit__(struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_5value___get__(struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_self); /* proto */
@@ -1670,41 +2613,314 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P521_CERT01(PyTypeObject *t,
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ED25519_CERT01(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
 static PyObject *__pyx_tp_new_3ssh_8keytypes_UnknownKey(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ED25519Key(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__3;
-static PyObject *__pyx_tuple__4;
-static PyObject *__pyx_tuple__5;
-static PyObject *__pyx_tuple__6;
-static PyObject *__pyx_tuple__7;
-static PyObject *__pyx_tuple__8;
-static PyObject *__pyx_tuple__9;
-static PyObject *__pyx_tuple__10;
-static PyObject *__pyx_tuple__11;
-static PyObject *__pyx_tuple__12;
-static PyObject *__pyx_tuple__13;
-static PyObject *__pyx_tuple__14;
-static PyObject *__pyx_tuple__15;
-static PyObject *__pyx_tuple__16;
-static PyObject *__pyx_tuple__17;
-static PyObject *__pyx_tuple__18;
-static PyObject *__pyx_tuple__19;
-static PyObject *__pyx_tuple__20;
-static PyObject *__pyx_tuple__21;
-static PyObject *__pyx_tuple__22;
-static PyObject *__pyx_tuple__23;
-static PyObject *__pyx_tuple__24;
-static PyObject *__pyx_tuple__25;
-static PyObject *__pyx_tuple__26;
-static PyObject *__pyx_tuple__27;
-static PyObject *__pyx_tuple__28;
-static PyObject *__pyx_tuple__29;
-static PyObject *__pyx_tuple__30;
-static PyObject *__pyx_tuple__31;
-static PyObject *__pyx_tuple__32;
-static PyObject *__pyx_tuple__33;
-static PyObject *__pyx_codeobj__34;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyObject *__pyx_type_3ssh_8keytypes_KeyType;
+  PyObject *__pyx_type_3ssh_8keytypes_DSSKey;
+  PyObject *__pyx_type_3ssh_8keytypes_RSAKey;
+  PyObject *__pyx_type_3ssh_8keytypes_RSA1Key;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSAKey;
+  PyObject *__pyx_type_3ssh_8keytypes_DSSCert01Key;
+  PyObject *__pyx_type_3ssh_8keytypes_RSACert01Key;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSA_P256;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSA_P384;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSA_P521;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01;
+  PyObject *__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01;
+  PyObject *__pyx_type_3ssh_8keytypes_ED25519_CERT01;
+  PyObject *__pyx_type_3ssh_8keytypes_UnknownKey;
+  PyObject *__pyx_type_3ssh_8keytypes_ED25519Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_KeyType;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSAKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSA1Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSAKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_DSSCert01Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_RSACert01Key;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ED25519_CERT01;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_UnknownKey;
+  PyTypeObject *__pyx_ptype_3ssh_8keytypes_ED25519Key;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_codeobj_tab[33];
+  PyObject *__pyx_string_tab[86];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_DSSCert01Key __pyx_string_tab[1]
+#define __pyx_n_u_DSSCert01Key___reduce_cython __pyx_string_tab[2]
+#define __pyx_n_u_DSSCert01Key___setstate_cython __pyx_string_tab[3]
+#define __pyx_n_u_DSSKey __pyx_string_tab[4]
+#define __pyx_n_u_DSSKey___reduce_cython __pyx_string_tab[5]
+#define __pyx_n_u_DSSKey___setstate_cython __pyx_string_tab[6]
+#define __pyx_n_u_ECDSAKey __pyx_string_tab[7]
+#define __pyx_n_u_ECDSAKey___reduce_cython __pyx_string_tab[8]
+#define __pyx_n_u_ECDSAKey___setstate_cython __pyx_string_tab[9]
+#define __pyx_n_u_ECDSA_P256 __pyx_string_tab[10]
+#define __pyx_n_u_ECDSA_P256_CERT01 __pyx_string_tab[11]
+#define __pyx_n_u_ECDSA_P256_CERT01___reduce_cytho __pyx_string_tab[12]
+#define __pyx_n_u_ECDSA_P256_CERT01___setstate_cyt __pyx_string_tab[13]
+#define __pyx_n_u_ECDSA_P256___reduce_cython __pyx_string_tab[14]
+#define __pyx_n_u_ECDSA_P256___setstate_cython __pyx_string_tab[15]
+#define __pyx_n_u_ECDSA_P384 __pyx_string_tab[16]
+#define __pyx_n_u_ECDSA_P384_CERT01 __pyx_string_tab[17]
+#define __pyx_n_u_ECDSA_P384_CERT01___reduce_cytho __pyx_string_tab[18]
+#define __pyx_n_u_ECDSA_P384_CERT01___setstate_cyt __pyx_string_tab[19]
+#define __pyx_n_u_ECDSA_P384___reduce_cython __pyx_string_tab[20]
+#define __pyx_n_u_ECDSA_P384___setstate_cython __pyx_string_tab[21]
+#define __pyx_n_u_ECDSA_P521 __pyx_string_tab[22]
+#define __pyx_n_u_ECDSA_P521_CERT01 __pyx_string_tab[23]
+#define __pyx_n_u_ECDSA_P521_CERT01___reduce_cytho __pyx_string_tab[24]
+#define __pyx_n_u_ECDSA_P521_CERT01___setstate_cyt __pyx_string_tab[25]
+#define __pyx_n_u_ECDSA_P521___reduce_cython __pyx_string_tab[26]
+#define __pyx_n_u_ECDSA_P521___setstate_cython __pyx_string_tab[27]
+#define __pyx_n_u_ED25519Key __pyx_string_tab[28]
+#define __pyx_n_u_ED25519Key___reduce_cython __pyx_string_tab[29]
+#define __pyx_n_u_ED25519Key___setstate_cython __pyx_string_tab[30]
+#define __pyx_n_u_ED25519_CERT01 __pyx_string_tab[31]
+#define __pyx_n_u_ED25519_CERT01___reduce_cython __pyx_string_tab[32]
+#define __pyx_n_u_ED25519_CERT01___setstate_cython __pyx_string_tab[33]
+#define __pyx_n_u_KeyType __pyx_string_tab[34]
+#define __pyx_n_u_KeyType___reduce_cython __pyx_string_tab[35]
+#define __pyx_n_u_KeyType___setstate_cython __pyx_string_tab[36]
+#define __pyx_n_u_RSA1Key __pyx_string_tab[37]
+#define __pyx_n_u_RSA1Key___reduce_cython __pyx_string_tab[38]
+#define __pyx_n_u_RSA1Key___setstate_cython __pyx_string_tab[39]
+#define __pyx_n_u_RSACert01Key __pyx_string_tab[40]
+#define __pyx_n_u_RSACert01Key___reduce_cython __pyx_string_tab[41]
+#define __pyx_n_u_RSACert01Key___setstate_cython __pyx_string_tab[42]
+#define __pyx_n_u_RSAKey __pyx_string_tab[43]
+#define __pyx_n_u_RSAKey___reduce_cython __pyx_string_tab[44]
+#define __pyx_n_u_RSAKey___setstate_cython __pyx_string_tab[45]
+#define __pyx_n_u_TypeError __pyx_string_tab[46]
+#define __pyx_n_u_UnknownKey __pyx_string_tab[47]
+#define __pyx_n_u_UnknownKey___reduce_cython __pyx_string_tab[48]
+#define __pyx_n_u_UnknownKey___setstate_cython __pyx_string_tab[49]
+#define __pyx_kp_u_Unknown_keytype_s __pyx_string_tab[50]
+#define __pyx_n_u_ValueError __pyx_string_tab[51]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[52]
+#define __pyx_n_u_b_key_name __pyx_string_tab[53]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[54]
+#define __pyx_kp_u_disable __pyx_string_tab[55]
+#define __pyx_kp_u_enable __pyx_string_tab[56]
+#define __pyx_n_u_func __pyx_string_tab[57]
+#define __pyx_kp_u_gc __pyx_string_tab[58]
+#define __pyx_n_u_getstate __pyx_string_tab[59]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[60]
+#define __pyx_kp_u_isenabled __pyx_string_tab[61]
+#define __pyx_n_u_key_name __pyx_string_tab[62]
+#define __pyx_n_u_key_name_2 __pyx_string_tab[63]
+#define __pyx_n_u_key_type_from_name __pyx_string_tab[64]
+#define __pyx_n_u_main __pyx_string_tab[65]
+#define __pyx_n_u_module __pyx_string_tab[66]
+#define __pyx_n_u_name __pyx_string_tab[67]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[68]
+#define __pyx_n_u_pop __pyx_string_tab[69]
+#define __pyx_n_u_pyx_state __pyx_string_tab[70]
+#define __pyx_n_u_qualname __pyx_string_tab[71]
+#define __pyx_n_u_reduce __pyx_string_tab[72]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[73]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[74]
+#define __pyx_n_u_self __pyx_string_tab[75]
+#define __pyx_n_u_set_name __pyx_string_tab[76]
+#define __pyx_n_u_setstate __pyx_string_tab[77]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[78]
+#define __pyx_n_u_ssh_keytypes __pyx_string_tab[79]
+#define __pyx_kp_u_ssh_keytypes_pyx __pyx_string_tab[80]
+#define __pyx_n_u_str __pyx_string_tab[81]
+#define __pyx_kp_u_stringsource __pyx_string_tab[82]
+#define __pyx_n_u_test __pyx_string_tab[83]
+#define __pyx_n_u_type __pyx_string_tab[84]
+#define __pyx_n_u_unknown __pyx_string_tab[85]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_KeyType);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_KeyType);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_DSSKey);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_DSSKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_RSAKey);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_RSAKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_RSA1Key);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_RSA1Key);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSAKey);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSAKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_DSSCert01Key);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_DSSCert01Key);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_RSACert01Key);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_RSACert01Key);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P256);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P384);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P521);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ED25519_CERT01);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_UnknownKey);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_UnknownKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_8keytypes_ED25519Key);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_8keytypes_ED25519Key);
+  for (int i=0; i<33; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<86; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_KeyType);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_KeyType);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_DSSKey);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_DSSKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_RSAKey);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_RSAKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_RSA1Key);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_RSA1Key);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSAKey);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSAKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_DSSCert01Key);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_DSSCert01Key);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_RSACert01Key);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_RSACert01Key);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P256);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P384);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P521);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ED25519_CERT01);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_UnknownKey);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_UnknownKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_8keytypes_ED25519Key);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_8keytypes_ED25519Key);
+  for (int i=0; i<33; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<86; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/keytypes.pyx":25
  * 
@@ -1712,17 +2928,26 @@ static PyObject *__pyx_codeobj__34;
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_7KeyType_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_7KeyType_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType___cinit__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self));
 
   /* function exit code */
@@ -1732,8 +2957,6 @@ static int __pyx_pw_3ssh_8keytypes_7KeyType_1__cinit__(PyObject *__pyx_v_self, P
 
 static int __pyx_pf_3ssh_8keytypes_7KeyType___cinit__(struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":26
  * cdef class KeyType:
@@ -1741,7 +2964,7 @@ static int __pyx_pf_3ssh_8keytypes_7KeyType___cinit__(struct __pyx_obj_3ssh_8key
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_type = SSH_KEYTYPE_UNKNOWN;
 
   /* "ssh/keytypes.pyx":25
@@ -1750,28 +2973,29 @@ static int __pyx_pf_3ssh_8keytypes_7KeyType___cinit__(struct __pyx_obj_3ssh_8key
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/keytypes.pyx":29
+/* "ssh/keytypes.pyx":28
+ *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
  * 
- *     @property
- *     def value(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def value(self):
  *         return self._type
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_5value_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_5value_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType_5value___get__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self));
 
   /* function exit code */
@@ -1794,21 +3018,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_5value___get__(struct __pyx_ob
  *         return self._type             # <<<<<<<<<<<<<<
  * 
  *     def __str__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_keytypes_e(__pyx_v_self->_type); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 30, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_enum__ssh_keytypes_e(__pyx_v_self->_type); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 30, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/keytypes.pyx":29
+  /* "ssh/keytypes.pyx":28
+ *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
  * 
- *     @property
- *     def value(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def value(self):
  *         return self._type
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1827,14 +3051,16 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_5value___get__(struct __pyx_ob
  *     def __str__(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *c_type
  *         c_type = ssh_key_type_to_char(self._type)
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_3__str__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_3__str__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__str__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType_2__str__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self));
 
   /* function exit code */
@@ -1859,7 +3085,7 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *         c_type = ssh_key_type_to_char(self._type)             # <<<<<<<<<<<<<<
  *         if c_type is not NULL:
  *             return to_str(c_type)
- */
+*/
   __pyx_v_c_type = ssh_key_type_to_char(__pyx_v_self->_type);
 
   /* "ssh/keytypes.pyx":35
@@ -1868,8 +3094,8 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *         if c_type is not NULL:             # <<<<<<<<<<<<<<
  *             return to_str(c_type)
  *         return "unknown"
- */
-  __pyx_t_1 = ((__pyx_v_c_type != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_c_type != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/keytypes.pyx":36
@@ -1878,9 +3104,9 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *             return to_str(c_type)             # <<<<<<<<<<<<<<
  *         return "unknown"
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(__pyx_v_c_type); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 36, __pyx_L1_error)
+    __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(__pyx_v_c_type); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 36, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __pyx_r = __pyx_t_2;
     __pyx_t_2 = 0;
@@ -1892,7 +3118,7 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *         if c_type is not NULL:             # <<<<<<<<<<<<<<
  *             return to_str(c_type)
  *         return "unknown"
- */
+*/
   }
 
   /* "ssh/keytypes.pyx":37
@@ -1901,10 +3127,10 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *         return "unknown"             # <<<<<<<<<<<<<<
  * 
  *     def __repr__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(__pyx_n_s_unknown);
-  __pyx_r = __pyx_n_s_unknown;
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_n_u_unknown);
+  __pyx_r = __pyx_mstate_global->__pyx_n_u_unknown;
   goto __pyx_L0;
 
   /* "ssh/keytypes.pyx":32
@@ -1913,7 +3139,7 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *     def __str__(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *c_type
  *         c_type = ssh_key_type_to_char(self._type)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1932,14 +3158,16 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_2__str__(struct __pyx_obj_3ssh
  *     def __repr__(self):             # <<<<<<<<<<<<<<
  *         return self.__str__()
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_5__repr__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_5__repr__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__repr__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType_4__repr__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self));
 
   /* function exit code */
@@ -1952,7 +3180,7 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_4__repr__(struct __pyx_obj_3ss
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1964,25 +3192,18 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_4__repr__(struct __pyx_obj_3ss
  *         return self.__str__()             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_str); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 40, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+  __pyx_t_2 = ((PyObject *)__pyx_v_self);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_str, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 40, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 40, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
@@ -1993,13 +3214,12 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_4__repr__(struct __pyx_obj_3ss
  *     def __repr__(self):             # <<<<<<<<<<<<<<
  *         return self.__str__()
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.keytypes.KeyType.__repr__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2010,17 +3230,46 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_4__repr__(struct __pyx_obj_3ss
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_7KeyType_6__reduce_cython__[] = "KeyType.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_7KeyType_6__reduce_cython__, "KeyType.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_7KeyType_7__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7KeyType_6__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType_6__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self));
 
   /* function exit code */
@@ -2031,7 +3280,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__(PyObject *_
 static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_6__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2039,25 +3287,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_6__reduce_cython__(CYTHON_UNUS
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.KeyType.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2067,21 +3311,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_6__reduce_cython__(CYTHON_UNUS
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_7KeyType_8__setstate_cython__[] = "KeyType.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_7KeyType_8__setstate_cython__, "KeyType.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_7KeyType_9__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7KeyType_8__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType_8__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.KeyType.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_7KeyType_8__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2089,33 +3405,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__(PyObject
 static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_8__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.KeyType.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2129,17 +3440,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7KeyType_8__setstate_cython__(CYTHON_UN
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_10UnknownKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_10UnknownKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10UnknownKey___cinit__(((struct __pyx_obj_3ssh_8keytypes_UnknownKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2149,8 +3469,6 @@ static int __pyx_pw_3ssh_8keytypes_10UnknownKey_1__cinit__(PyObject *__pyx_v_sel
 
 static int __pyx_pf_3ssh_8keytypes_10UnknownKey___cinit__(struct __pyx_obj_3ssh_8keytypes_UnknownKey *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":45
  * cdef class UnknownKey(KeyType):
@@ -2158,7 +3476,7 @@ static int __pyx_pf_3ssh_8keytypes_10UnknownKey___cinit__(struct __pyx_obj_3ssh_
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_UNKNOWN;
 
   /* "ssh/keytypes.pyx":44
@@ -2167,27 +3485,55 @@ static int __pyx_pf_3ssh_8keytypes_10UnknownKey___cinit__(struct __pyx_obj_3ssh_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10UnknownKey_2__reduce_cython__[] = "UnknownKey.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10UnknownKey_2__reduce_cython__, "UnknownKey.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10UnknownKey_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10UnknownKey_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10UnknownKey_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_UnknownKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2198,7 +3544,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__(PyObjec
 static PyObject *__pyx_pf_3ssh_8keytypes_10UnknownKey_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_UnknownKey *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2206,25 +3551,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10UnknownKey_2__reduce_cython__(CYTHON_
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__3, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.UnknownKey.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2234,21 +3575,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10UnknownKey_2__reduce_cython__(CYTHON_
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10UnknownKey_4__setstate_cython__[] = "UnknownKey.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10UnknownKey_4__setstate_cython__, "UnknownKey.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10UnknownKey_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10UnknownKey_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_10UnknownKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_UnknownKey *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.UnknownKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_10UnknownKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_UnknownKey *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2256,33 +3669,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_10UnknownKey_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_UnknownKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__4, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.UnknownKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2296,17 +3704,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10UnknownKey_4__setstate_cython__(CYTHO
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_DSS
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_6DSSKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_6DSSKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_6DSSKey___cinit__(((struct __pyx_obj_3ssh_8keytypes_DSSKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2316,8 +3733,6 @@ static int __pyx_pw_3ssh_8keytypes_6DSSKey_1__cinit__(PyObject *__pyx_v_self, Py
 
 static int __pyx_pf_3ssh_8keytypes_6DSSKey___cinit__(struct __pyx_obj_3ssh_8keytypes_DSSKey *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":50
  * cdef class DSSKey(KeyType):
@@ -2325,7 +3740,7 @@ static int __pyx_pf_3ssh_8keytypes_6DSSKey___cinit__(struct __pyx_obj_3ssh_8keyt
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_DSS             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_DSS;
 
   /* "ssh/keytypes.pyx":49
@@ -2334,27 +3749,55 @@ static int __pyx_pf_3ssh_8keytypes_6DSSKey___cinit__(struct __pyx_obj_3ssh_8keyt
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_DSS
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_6DSSKey_2__reduce_cython__[] = "DSSKey.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_6DSSKey_2__reduce_cython__, "DSSKey.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_6DSSKey_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6DSSKey_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_6DSSKey_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_DSSKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2365,7 +3808,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__(PyObject *__
 static PyObject *__pyx_pf_3ssh_8keytypes_6DSSKey_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_DSSKey *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2373,25 +3815,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_6DSSKey_2__reduce_cython__(CYTHON_UNUSE
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__5, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.DSSKey.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2401,21 +3839,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_6DSSKey_2__reduce_cython__(CYTHON_UNUSE
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_6DSSKey_4__setstate_cython__[] = "DSSKey.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_6DSSKey_4__setstate_cython__, "DSSKey.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_6DSSKey_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6DSSKey_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_6DSSKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_DSSKey *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.DSSKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_6DSSKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_DSSKey *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2423,33 +3933,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__(PyObject *
 static PyObject *__pyx_pf_3ssh_8keytypes_6DSSKey_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_DSSKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__6, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.DSSKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2463,17 +3968,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_6DSSKey_4__setstate_cython__(CYTHON_UNU
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_6RSAKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_6RSAKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_6RSAKey___cinit__(((struct __pyx_obj_3ssh_8keytypes_RSAKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2483,8 +3997,6 @@ static int __pyx_pw_3ssh_8keytypes_6RSAKey_1__cinit__(PyObject *__pyx_v_self, Py
 
 static int __pyx_pf_3ssh_8keytypes_6RSAKey___cinit__(struct __pyx_obj_3ssh_8keytypes_RSAKey *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":55
  * cdef class RSAKey(KeyType):
@@ -2492,7 +4004,7 @@ static int __pyx_pf_3ssh_8keytypes_6RSAKey___cinit__(struct __pyx_obj_3ssh_8keyt
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_RSA;
 
   /* "ssh/keytypes.pyx":54
@@ -2501,27 +4013,55 @@ static int __pyx_pf_3ssh_8keytypes_6RSAKey___cinit__(struct __pyx_obj_3ssh_8keyt
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_6RSAKey_2__reduce_cython__[] = "RSAKey.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_6RSAKey_2__reduce_cython__, "RSAKey.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_6RSAKey_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6RSAKey_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_6RSAKey_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_RSAKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2532,7 +4072,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__(PyObject *__
 static PyObject *__pyx_pf_3ssh_8keytypes_6RSAKey_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_RSAKey *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2540,25 +4079,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_6RSAKey_2__reduce_cython__(CYTHON_UNUSE
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__7, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.RSAKey.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2568,21 +4103,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_6RSAKey_2__reduce_cython__(CYTHON_UNUSE
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_6RSAKey_4__setstate_cython__[] = "RSAKey.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_6RSAKey_4__setstate_cython__, "RSAKey.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_6RSAKey_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6RSAKey_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_6RSAKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_RSAKey *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.RSAKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_6RSAKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_RSAKey *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2590,33 +4197,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__(PyObject *
 static PyObject *__pyx_pf_3ssh_8keytypes_6RSAKey_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_RSAKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__8, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.RSAKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2630,17 +4232,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_6RSAKey_4__setstate_cython__(CYTHON_UNU
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA1
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_7RSA1Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_7RSA1Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_7RSA1Key___cinit__(((struct __pyx_obj_3ssh_8keytypes_RSA1Key *)__pyx_v_self));
 
   /* function exit code */
@@ -2650,8 +4261,6 @@ static int __pyx_pw_3ssh_8keytypes_7RSA1Key_1__cinit__(PyObject *__pyx_v_self, P
 
 static int __pyx_pf_3ssh_8keytypes_7RSA1Key___cinit__(struct __pyx_obj_3ssh_8keytypes_RSA1Key *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":60
  * cdef class RSA1Key(KeyType):
@@ -2659,7 +4268,7 @@ static int __pyx_pf_3ssh_8keytypes_7RSA1Key___cinit__(struct __pyx_obj_3ssh_8key
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA1             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_RSA1;
 
   /* "ssh/keytypes.pyx":59
@@ -2668,27 +4277,55 @@ static int __pyx_pf_3ssh_8keytypes_7RSA1Key___cinit__(struct __pyx_obj_3ssh_8key
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA1
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_7RSA1Key_2__reduce_cython__[] = "RSA1Key.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_7RSA1Key_2__reduce_cython__, "RSA1Key.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_7RSA1Key_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7RSA1Key_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_7RSA1Key_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_RSA1Key *)__pyx_v_self));
 
   /* function exit code */
@@ -2699,7 +4336,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__(PyObject *_
 static PyObject *__pyx_pf_3ssh_8keytypes_7RSA1Key_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_RSA1Key *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2707,25 +4343,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7RSA1Key_2__reduce_cython__(CYTHON_UNUS
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__9, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.RSA1Key.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2735,21 +4367,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7RSA1Key_2__reduce_cython__(CYTHON_UNUS
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_7RSA1Key_4__setstate_cython__[] = "RSA1Key.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_7RSA1Key_4__setstate_cython__, "RSA1Key.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_7RSA1Key_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7RSA1Key_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_7RSA1Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_RSA1Key *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.RSA1Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_7RSA1Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_RSA1Key *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2757,33 +4461,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__(PyObject
 static PyObject *__pyx_pf_3ssh_8keytypes_7RSA1Key_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_RSA1Key *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__10, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.RSA1Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2797,17 +4496,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_7RSA1Key_4__setstate_cython__(CYTHON_UN
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_8ECDSAKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_8ECDSAKey_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_8ECDSAKey___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSAKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2817,8 +4525,6 @@ static int __pyx_pw_3ssh_8keytypes_8ECDSAKey_1__cinit__(PyObject *__pyx_v_self,
 
 static int __pyx_pf_3ssh_8keytypes_8ECDSAKey___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSAKey *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":65
  * cdef class ECDSAKey(KeyType):
@@ -2826,7 +4532,7 @@ static int __pyx_pf_3ssh_8keytypes_8ECDSAKey___cinit__(struct __pyx_obj_3ssh_8ke
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA;
 
   /* "ssh/keytypes.pyx":64
@@ -2835,27 +4541,55 @@ static int __pyx_pf_3ssh_8keytypes_8ECDSAKey___cinit__(struct __pyx_obj_3ssh_8ke
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__[] = "ECDSAKey.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__, "ECDSAKey.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSAKey *)__pyx_v_self));
 
   /* function exit code */
@@ -2866,7 +4600,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__(PyObject *
 static PyObject *__pyx_pf_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSAKey *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2874,25 +4607,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__(CYTHON_UNU
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__11, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSAKey.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2902,21 +4631,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__(CYTHON_UNU
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__[] = "ECDSAKey.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__, "ECDSAKey.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSAKey *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSAKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSAKey *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2924,33 +4725,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__(PyObject
 static PyObject *__pyx_pf_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSAKey *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__12, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSAKey.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2964,17 +4760,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__(CYTHON_U
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_DSS_CERT01
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_12DSSCert01Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_12DSSCert01Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_12DSSCert01Key___cinit__(((struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *)__pyx_v_self));
 
   /* function exit code */
@@ -2984,8 +4789,6 @@ static int __pyx_pw_3ssh_8keytypes_12DSSCert01Key_1__cinit__(PyObject *__pyx_v_s
 
 static int __pyx_pf_3ssh_8keytypes_12DSSCert01Key___cinit__(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":70
  * cdef class DSSCert01Key(KeyType):
@@ -2993,7 +4796,7 @@ static int __pyx_pf_3ssh_8keytypes_12DSSCert01Key___cinit__(struct __pyx_obj_3ss
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_DSS_CERT01             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_DSS_CERT01;
 
   /* "ssh/keytypes.pyx":69
@@ -3002,27 +4805,55 @@ static int __pyx_pf_3ssh_8keytypes_12DSSCert01Key___cinit__(struct __pyx_obj_3ss
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_DSS_CERT01
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__[] = "DSSCert01Key.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__, "DSSCert01Key.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *)__pyx_v_self));
 
   /* function exit code */
@@ -3033,7 +4864,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3041,25 +4871,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__(CYTHO
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__13, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.DSSCert01Key.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3069,21 +4895,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__(CYTHO
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__[] = "DSSCert01Key.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__, "DSSCert01Key.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.DSSCert01Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3091,33 +4989,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__(PyO
 static PyObject *__pyx_pf_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_DSSCert01Key *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__14, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.DSSCert01Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3131,18 +5024,27 @@ static PyObject *__pyx_pf_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__(CYT
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA_CERT01
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_12RSACert01Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_12RSACert01Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
-  __pyx_r = __pyx_pf_3ssh_8keytypes_12RSACert01Key___cinit__(((struct __pyx_obj_3ssh_8keytypes_RSACert01Key *)__pyx_v_self));
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
+  __pyx_r = __pyx_pf_3ssh_8keytypes_12RSACert01Key___cinit__(((struct __pyx_obj_3ssh_8keytypes_RSACert01Key *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
@@ -3151,8 +5053,6 @@ static int __pyx_pw_3ssh_8keytypes_12RSACert01Key_1__cinit__(PyObject *__pyx_v_s
 
 static int __pyx_pf_3ssh_8keytypes_12RSACert01Key___cinit__(struct __pyx_obj_3ssh_8keytypes_RSACert01Key *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":75
  * cdef class RSACert01Key(KeyType):
@@ -3160,7 +5060,7 @@ static int __pyx_pf_3ssh_8keytypes_12RSACert01Key___cinit__(struct __pyx_obj_3ss
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA_CERT01             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_RSA_CERT01;
 
   /* "ssh/keytypes.pyx":74
@@ -3169,27 +5069,55 @@ static int __pyx_pf_3ssh_8keytypes_12RSACert01Key___cinit__(struct __pyx_obj_3ss
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_RSA_CERT01
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__[] = "RSACert01Key.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__, "RSACert01Key.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_RSACert01Key *)__pyx_v_self));
 
   /* function exit code */
@@ -3200,7 +5128,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_RSACert01Key *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3208,25 +5135,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__(CYTHO
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__15, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.RSACert01Key.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3236,21 +5159,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__(CYTHO
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__[] = "RSACert01Key.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__, "RSACert01Key.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_RSACert01Key *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.RSACert01Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_RSACert01Key *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3258,33 +5253,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__(PyO
 static PyObject *__pyx_pf_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_RSACert01Key *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__16, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.RSACert01Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3298,17 +5288,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__(CYT
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_10ECDSA_P256_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_10ECDSA_P256_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P256___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *)__pyx_v_self));
 
   /* function exit code */
@@ -3318,8 +5317,6 @@ static int __pyx_pw_3ssh_8keytypes_10ECDSA_P256_1__cinit__(PyObject *__pyx_v_sel
 
 static int __pyx_pf_3ssh_8keytypes_10ECDSA_P256___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":80
  * cdef class ECDSA_P256(KeyType):
@@ -3327,7 +5324,7 @@ static int __pyx_pf_3ssh_8keytypes_10ECDSA_P256___cinit__(struct __pyx_obj_3ssh_
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA_P256;
 
   /* "ssh/keytypes.pyx":79
@@ -3336,27 +5333,55 @@ static int __pyx_pf_3ssh_8keytypes_10ECDSA_P256___cinit__(struct __pyx_obj_3ssh_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__[] = "ECDSA_P256.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__, "ECDSA_P256.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *)__pyx_v_self));
 
   /* function exit code */
@@ -3367,7 +5392,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__(PyObjec
 static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3375,25 +5399,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__(CYTHON_
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__17, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P256.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3403,21 +5423,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__(CYTHON_
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__[] = "ECDSA_P256.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__, "ECDSA_P256.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSA_P256.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3425,33 +5517,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P256 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__18, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P256.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3465,17 +5552,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__(CYTHO
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_10ECDSA_P384_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_10ECDSA_P384_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P384___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *)__pyx_v_self));
 
   /* function exit code */
@@ -3485,8 +5581,6 @@ static int __pyx_pw_3ssh_8keytypes_10ECDSA_P384_1__cinit__(PyObject *__pyx_v_sel
 
 static int __pyx_pf_3ssh_8keytypes_10ECDSA_P384___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":85
  * cdef class ECDSA_P384(KeyType):
@@ -3494,7 +5588,7 @@ static int __pyx_pf_3ssh_8keytypes_10ECDSA_P384___cinit__(struct __pyx_obj_3ssh_
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA_P384;
 
   /* "ssh/keytypes.pyx":84
@@ -3503,27 +5597,55 @@ static int __pyx_pf_3ssh_8keytypes_10ECDSA_P384___cinit__(struct __pyx_obj_3ssh_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__[] = "ECDSA_P384.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__, "ECDSA_P384.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *)__pyx_v_self));
 
   /* function exit code */
@@ -3534,7 +5656,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__(PyObjec
 static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3542,25 +5663,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__(CYTHON_
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__19, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P384.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3570,21 +5687,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__(CYTHON_
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__[] = "ECDSA_P384.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__, "ECDSA_P384.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSA_P384.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3592,33 +5781,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P384 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__20, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P384.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3632,17 +5816,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__(CYTHO
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_10ECDSA_P521_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_10ECDSA_P521_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P521___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *)__pyx_v_self));
 
   /* function exit code */
@@ -3652,8 +5845,6 @@ static int __pyx_pw_3ssh_8keytypes_10ECDSA_P521_1__cinit__(PyObject *__pyx_v_sel
 
 static int __pyx_pf_3ssh_8keytypes_10ECDSA_P521___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":90
  * cdef class ECDSA_P521(KeyType):
@@ -3661,7 +5852,7 @@ static int __pyx_pf_3ssh_8keytypes_10ECDSA_P521___cinit__(struct __pyx_obj_3ssh_
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA_P521;
 
   /* "ssh/keytypes.pyx":89
@@ -3670,27 +5861,55 @@ static int __pyx_pf_3ssh_8keytypes_10ECDSA_P521___cinit__(struct __pyx_obj_3ssh_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__[] = "ECDSA_P521.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__, "ECDSA_P521.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *)__pyx_v_self));
 
   /* function exit code */
@@ -3701,7 +5920,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__(PyObjec
 static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3709,25 +5927,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__(CYTHON_
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__21, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P521.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3737,21 +5951,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__(CYTHON_
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__[] = "ECDSA_P521.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__, "ECDSA_P521.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSA_P521.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3759,33 +6045,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P521 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__22, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P521.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3799,17 +6080,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__(CYTHO
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256_CERT01
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -3819,8 +6109,6 @@ static int __pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_1__cinit__(PyObject *__py
 
 static int __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":95
  * cdef class ECDSA_P256_CERT01(KeyType):
@@ -3828,7 +6116,7 @@ static int __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01___cinit__(struct __pyx_ob
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256_CERT01             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA_P256_CERT01;
 
   /* "ssh/keytypes.pyx":94
@@ -3837,27 +6125,55 @@ static int __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01___cinit__(struct __pyx_ob
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256_CERT01
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__[] = "ECDSA_P256_CERT01.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__, "ECDSA_P256_CERT01.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -3868,7 +6184,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__(
 static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3876,25 +6191,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__(
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__23, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P256_CERT01.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3904,21 +6215,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__(
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__[] = "ECDSA_P256_CERT01.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__, "ECDSA_P256_CERT01.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSA_P256_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3926,33 +6309,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython_
 static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__24, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P256_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -3966,17 +6344,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384_CERT01
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -3986,8 +6373,6 @@ static int __pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_1__cinit__(PyObject *__py
 
 static int __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":100
  * cdef class ECDSA_P384_CERT01(KeyType):
@@ -3995,7 +6380,7 @@ static int __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01___cinit__(struct __pyx_ob
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384_CERT01             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA_P384_CERT01;
 
   /* "ssh/keytypes.pyx":99
@@ -4004,27 +6389,55 @@ static int __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01___cinit__(struct __pyx_ob
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384_CERT01
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__[] = "ECDSA_P384_CERT01.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__, "ECDSA_P384_CERT01.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -4035,7 +6448,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__(
 static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4043,25 +6455,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__(
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__25, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P384_CERT01.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4071,21 +6479,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__(
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__[] = "ECDSA_P384_CERT01.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__, "ECDSA_P384_CERT01.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSA_P384_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4093,33 +6573,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython_
 static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__26, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P384_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4133,17 +6608,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521_CERT01
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01___cinit__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -4153,8 +6637,6 @@ static int __pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_1__cinit__(PyObject *__py
 
 static int __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01___cinit__(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":105
  * cdef class ECDSA_P521_CERT01(KeyType):
@@ -4162,7 +6644,7 @@ static int __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01___cinit__(struct __pyx_ob
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521_CERT01             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ECDSA_P521_CERT01;
 
   /* "ssh/keytypes.pyx":104
@@ -4171,27 +6653,55 @@ static int __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01___cinit__(struct __pyx_ob
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521_CERT01
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__[] = "ECDSA_P521_CERT01.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__, "ECDSA_P521_CERT01.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -4202,7 +6712,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__(
 static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4210,25 +6719,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__(
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__27, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P521_CERT01.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4238,21 +6743,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__(
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__[] = "ECDSA_P521_CERT01.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__, "ECDSA_P521_CERT01.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ECDSA_P521_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4260,33 +6837,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython_
 static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__28, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ECDSA_P521_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4300,17 +6872,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_10ED25519Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_10ED25519Key_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ED25519Key___cinit__(((struct __pyx_obj_3ssh_8keytypes_ED25519Key *)__pyx_v_self));
 
   /* function exit code */
@@ -4320,8 +6901,6 @@ static int __pyx_pw_3ssh_8keytypes_10ED25519Key_1__cinit__(PyObject *__pyx_v_sel
 
 static int __pyx_pf_3ssh_8keytypes_10ED25519Key___cinit__(struct __pyx_obj_3ssh_8keytypes_ED25519Key *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":110
  * cdef class ED25519Key(KeyType):
@@ -4329,7 +6908,7 @@ static int __pyx_pf_3ssh_8keytypes_10ED25519Key___cinit__(struct __pyx_obj_3ssh_
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ED25519;
 
   /* "ssh/keytypes.pyx":109
@@ -4338,27 +6917,55 @@ static int __pyx_pf_3ssh_8keytypes_10ED25519Key___cinit__(struct __pyx_obj_3ssh_
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ED25519Key_2__reduce_cython__[] = "ED25519Key.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ED25519Key_2__reduce_cython__, "ED25519Key.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ED25519Key_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ED25519Key_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_10ED25519Key_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ED25519Key *)__pyx_v_self));
 
   /* function exit code */
@@ -4369,7 +6976,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__(PyObjec
 static PyObject *__pyx_pf_3ssh_8keytypes_10ED25519Key_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ED25519Key *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4377,25 +6983,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ED25519Key_2__reduce_cython__(CYTHON_
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__29, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ED25519Key.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4405,21 +7007,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ED25519Key_2__reduce_cython__(CYTHON_
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_10ED25519Key_4__setstate_cython__[] = "ED25519Key.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_10ED25519Key_4__setstate_cython__, "ED25519Key.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_10ED25519Key_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ED25519Key_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_10ED25519Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ED25519Key *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ED25519Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_10ED25519Key_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ED25519Key *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4427,33 +7101,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_8keytypes_10ED25519Key_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ED25519Key *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__30, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ED25519Key.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4467,17 +7136,26 @@ static PyObject *__pyx_pf_3ssh_8keytypes_10ED25519Key_4__setstate_cython__(CYTHO
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519_CERT01
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_8keytypes_14ED25519_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_8keytypes_14ED25519_CERT01_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_14ED25519_CERT01___cinit__(((struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -4487,8 +7165,6 @@ static int __pyx_pw_3ssh_8keytypes_14ED25519_CERT01_1__cinit__(PyObject *__pyx_v
 
 static int __pyx_pf_3ssh_8keytypes_14ED25519_CERT01___cinit__(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/keytypes.pyx":115
  * cdef class ED25519_CERT01(KeyType):
@@ -4496,7 +7172,7 @@ static int __pyx_pf_3ssh_8keytypes_14ED25519_CERT01___cinit__(struct __pyx_obj_3
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519_CERT01             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __pyx_v_self->__pyx_base._type = SSH_KEYTYPE_ED25519_CERT01;
 
   /* "ssh/keytypes.pyx":114
@@ -4505,27 +7181,55 @@ static int __pyx_pf_3ssh_8keytypes_14ED25519_CERT01___cinit__(struct __pyx_obj_3
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._type = ssh_keytypes_e.SSH_KEYTYPE_ED25519_CERT01
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__[] = "ED25519_CERT01.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__, "ED25519_CERT01.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__(((struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *)__pyx_v_self));
 
   /* function exit code */
@@ -4536,7 +7240,6 @@ static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__(PyO
 static PyObject *__pyx_pf_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4544,25 +7247,21 @@ static PyObject *__pyx_pf_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__(CYT
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__31, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ED25519_CERT01.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4572,21 +7271,93 @@ static PyObject *__pyx_pf_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__(CYT
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__[] = "ED25519_CERT01.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__, "ED25519_CERT01.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.ED25519_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__(((struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4594,33 +7365,28 @@ static PyObject *__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__(P
 static PyObject *__pyx_pf_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01 *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__32, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.keytypes.ED25519_CERT01.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4634,13 +7400,16 @@ static PyObject *__pyx_pf_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__(C
  * cdef KeyType from_keytype(ssh_keytypes_e _type):             # <<<<<<<<<<<<<<
  *     if _type == ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN:
  *         return UnknownKey()
- */
+*/
 
 static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keytype(enum ssh_keytypes_e __pyx_v__type) {
   struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_4;
+  PyObject *__pyx_t_5 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4652,7 +7421,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     if _type == ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN:             # <<<<<<<<<<<<<<
  *         return UnknownKey()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS:
- */
+*/
   switch (__pyx_v__type) {
     case SSH_KEYTYPE_UNKNOWN:
 
@@ -4662,10 +7431,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return UnknownKey()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS:
  *         return DSSKey()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_UnknownKey)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 120, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_UnknownKey);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_UnknownKey); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 120, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4676,7 +7455,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     if _type == ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN:             # <<<<<<<<<<<<<<
  *         return UnknownKey()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS:
- */
+*/
     break;
     case SSH_KEYTYPE_DSS:
 
@@ -4686,10 +7465,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return DSSKey()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA:
  *         return RSAKey()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_DSSKey)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 122, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_DSSKey);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_DSSKey); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 122, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4700,7 +7489,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS:             # <<<<<<<<<<<<<<
  *         return DSSKey()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA:
- */
+*/
     break;
     case SSH_KEYTYPE_RSA:
 
@@ -4710,10 +7499,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return RSAKey()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA1:
  *         return RSA1Key()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_RSAKey)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 124, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSAKey);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSAKey); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 124, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4724,7 +7523,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA:             # <<<<<<<<<<<<<<
  *         return RSAKey()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA1:
- */
+*/
     break;
     case SSH_KEYTYPE_RSA1:
 
@@ -4734,10 +7533,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return RSA1Key()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA:
  *         return ECDSAKey()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_RSA1Key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 126, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSA1Key);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSA1Key); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 126, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4748,7 +7557,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA1:             # <<<<<<<<<<<<<<
  *         return RSA1Key()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA:
 
@@ -4758,10 +7567,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSAKey()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS_CERT01:
  *         return DSSCert01Key()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSAKey)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 128, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSAKey);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSAKey); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 128, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4772,7 +7591,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA:             # <<<<<<<<<<<<<<
  *         return ECDSAKey()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS_CERT01:
- */
+*/
     break;
     case SSH_KEYTYPE_DSS_CERT01:
 
@@ -4782,10 +7601,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return DSSCert01Key()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA_CERT01:
  *         return RSACert01Key()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_DSSCert01Key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 130, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_DSSCert01Key);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_DSSCert01Key); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 130, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4796,7 +7625,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_DSS_CERT01:             # <<<<<<<<<<<<<<
  *         return DSSCert01Key()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA_CERT01:
- */
+*/
     break;
     case SSH_KEYTYPE_RSA_CERT01:
 
@@ -4806,10 +7635,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return RSACert01Key()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256:
  *         return ECDSA_P256()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_RSACert01Key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 132, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSACert01Key);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSACert01Key); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 132, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4820,7 +7659,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_RSA_CERT01:             # <<<<<<<<<<<<<<
  *         return RSACert01Key()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA_P256:
 
@@ -4830,10 +7669,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSA_P256()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384:
  *         return ECDSA_P384()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSA_P256)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 134, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P256);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P256); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 134, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4844,7 +7693,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256:             # <<<<<<<<<<<<<<
  *         return ECDSA_P256()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA_P384:
 
@@ -4854,10 +7703,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSA_P384()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521:
  *         return ECDSA_P521()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSA_P384)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 136, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P384);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P384); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 136, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4868,7 +7727,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384:             # <<<<<<<<<<<<<<
  *         return ECDSA_P384()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA_P521:
 
@@ -4878,10 +7737,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSA_P521()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256_CERT01:
  *         return ECDSA_P256_CERT01()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSA_P521)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 138, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P521);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P521); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 138, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4892,7 +7761,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521:             # <<<<<<<<<<<<<<
  *         return ECDSA_P521()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256_CERT01:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA_P256_CERT01:
 
@@ -4902,10 +7771,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSA_P256_CERT01()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384_CERT01:
  *         return ECDSA_P384_CERT01()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 140, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 140, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4916,7 +7795,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P256_CERT01:             # <<<<<<<<<<<<<<
  *         return ECDSA_P256_CERT01()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384_CERT01:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA_P384_CERT01:
 
@@ -4926,10 +7805,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSA_P384_CERT01()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521_CERT01:
  *         return ECDSA_P521_CERT01()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 142, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 142, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4940,7 +7829,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P384_CERT01:             # <<<<<<<<<<<<<<
  *         return ECDSA_P384_CERT01()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521_CERT01:
- */
+*/
     break;
     case SSH_KEYTYPE_ECDSA_P521_CERT01:
 
@@ -4950,10 +7839,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ECDSA_P521_CERT01()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ED25519:
  *         return ED25519Key()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 144, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 144, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4964,7 +7863,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ECDSA_P521_CERT01:             # <<<<<<<<<<<<<<
  *         return ECDSA_P521_CERT01()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ED25519:
- */
+*/
     break;
     case SSH_KEYTYPE_ED25519:
 
@@ -4974,10 +7873,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ED25519Key()             # <<<<<<<<<<<<<<
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ED25519_CERT01:
  *         return ED25519_CERT01()
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ED25519Key)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 146, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ED25519Key);
+    __pyx_t_2 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ED25519Key); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 146, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -4988,7 +7897,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ED25519:             # <<<<<<<<<<<<<<
  *         return ED25519Key()
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ED25519_CERT01:
- */
+*/
     break;
     case SSH_KEYTYPE_ED25519_CERT01:
 
@@ -4998,10 +7907,20 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         return ED25519_CERT01()             # <<<<<<<<<<<<<<
  *     else:
  *         raise ValueError("Unknown keytype %s", _type)
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
-    __pyx_t_1 = __Pyx_PyObject_CallNoArg(((PyObject *)__pyx_ptype_3ssh_8keytypes_ED25519_CERT01)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 148, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
+    __pyx_t_2 = NULL;
+    __Pyx_INCREF((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01);
+    __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01); 
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 148, __pyx_L1_error)
+      __Pyx_GOTREF((PyObject *)__pyx_t_1);
+    }
     __pyx_r = ((struct __pyx_obj_3ssh_8keytypes_KeyType *)__pyx_t_1);
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -5012,7 +7931,7 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *     elif _type == ssh_keytypes_e.SSH_KEYTYPE_ED25519_CERT01:             # <<<<<<<<<<<<<<
  *         return ED25519_CERT01()
  *     else:
- */
+*/
     break;
     default:
 
@@ -5022,23 +7941,25 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  *         raise ValueError("Unknown keytype %s", _type)             # <<<<<<<<<<<<<<
  * 
  * 
- */
-    __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_keytypes_e(__pyx_v__type); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 150, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __pyx_t_2 = PyTuple_New(2); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 150, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_INCREF(__pyx_kp_s_Unknown_keytype_s);
-    __Pyx_GIVEREF(__pyx_kp_s_Unknown_keytype_s);
-    PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_kp_s_Unknown_keytype_s);
-    __Pyx_GIVEREF(__pyx_t_1);
-    PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_t_1);
-    __pyx_t_1 = 0;
-    __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_ValueError, __pyx_t_2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 150, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_INCREF(__pyx_builtin_ValueError);
+    __pyx_t_2 = __pyx_builtin_ValueError; 
+    __pyx_t_5 = __Pyx_PyLong_From_enum__ssh_keytypes_e(__pyx_v__type); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 150, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_4 = 1;
+    {
+      PyObject *__pyx_callargs[3] = {__pyx_t_3, __pyx_mstate_global->__pyx_kp_u_Unknown_keytype_s, __pyx_t_5};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_4, (3-__pyx_t_4) | (__pyx_t_4*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 150, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
+    }
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(1, 150, __pyx_L1_error)
+    __PYX_ERR(0, 150, __pyx_L1_error)
     break;
   }
 
@@ -5048,12 +7969,14 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  * cdef KeyType from_keytype(ssh_keytypes_e _type):             # <<<<<<<<<<<<<<
  *     if _type == ssh_keytypes_e.SSH_KEYTYPE_UNKNOWN:
  *         return UnknownKey()
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_XDECREF(__pyx_t_5);
   __Pyx_AddTraceback("ssh.keytypes.from_keytype", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = 0;
   __pyx_L0:;
@@ -5068,19 +7991,90 @@ static struct __pyx_obj_3ssh_8keytypes_KeyType *__pyx_f_3ssh_8keytypes_from_keyt
  * def key_type_from_name(key_name):             # <<<<<<<<<<<<<<
  *     cdef ssh_keytypes_e _type
  *     cdef bytes b_key_name = to_bytes(key_name)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_8keytypes_1key_type_from_name(PyObject *__pyx_self, PyObject *__pyx_v_key_name); /*proto*/
-static char __pyx_doc_3ssh_8keytypes_key_type_from_name[] = "key_type_from_name(key_name)";
-static PyMethodDef __pyx_mdef_3ssh_8keytypes_1key_type_from_name = {"key_type_from_name", (PyCFunction)__pyx_pw_3ssh_8keytypes_1key_type_from_name, METH_O, __pyx_doc_3ssh_8keytypes_key_type_from_name};
-static PyObject *__pyx_pw_3ssh_8keytypes_1key_type_from_name(PyObject *__pyx_self, PyObject *__pyx_v_key_name) {
+static PyObject *__pyx_pw_3ssh_8keytypes_1key_type_from_name(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_8keytypes_key_type_from_name, "key_type_from_name(key_name)");
+static PyMethodDef __pyx_mdef_3ssh_8keytypes_1key_type_from_name = {"key_type_from_name", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_1key_type_from_name, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_key_type_from_name};
+static PyObject *__pyx_pw_3ssh_8keytypes_1key_type_from_name(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_key_name = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("key_type_from_name (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_8keytypes_key_type_from_name(__pyx_self, ((PyObject *)__pyx_v_key_name));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_key_name,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 153, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 153, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "key_type_from_name", 0) < 0) __PYX_ERR(0, 153, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("key_type_from_name", 1, 1, 1, i); __PYX_ERR(0, 153, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 153, __pyx_L3_error)
+    }
+    __pyx_v_key_name = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("key_type_from_name", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 153, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.keytypes.key_type_from_name", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_8keytypes_key_type_from_name(__pyx_self, __pyx_v_key_name);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5104,8 +8098,8 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  *     cdef bytes b_key_name = to_bytes(key_name)             # <<<<<<<<<<<<<<
  *     cdef const char *_key_name = b_key_name
  *     with nogil:
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_key_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 155, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_key_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 155, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_key_name = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
@@ -5116,12 +8110,12 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  *     cdef const char *_key_name = b_key_name             # <<<<<<<<<<<<<<
  *     with nogil:
  *         _type = ssh_key_type_from_name(_key_name)
- */
+*/
   if (unlikely(__pyx_v_b_key_name == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(1, 156, __pyx_L1_error)
+    __PYX_ERR(0, 156, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_key_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(1, 156, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_key_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 156, __pyx_L1_error)
   __pyx_v__key_name = __pyx_t_2;
 
   /* "ssh/keytypes.pyx":157
@@ -5130,13 +8124,12 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  *     with nogil:             # <<<<<<<<<<<<<<
  *         _type = ssh_key_type_from_name(_key_name)
  *     return from_keytype(_type)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/keytypes.pyx":158
@@ -5144,7 +8137,7 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  *     with nogil:
  *         _type = ssh_key_type_from_name(_key_name)             # <<<<<<<<<<<<<<
  *     return from_keytype(_type)
- */
+*/
         __pyx_v__type = ssh_key_type_from_name(__pyx_v__key_name);
       }
 
@@ -5154,13 +8147,11 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  *     with nogil:             # <<<<<<<<<<<<<<
  *         _type = ssh_key_type_from_name(_key_name)
  *     return from_keytype(_type)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -5171,9 +8162,9 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  *     with nogil:
  *         _type = ssh_key_type_from_name(_key_name)
  *     return from_keytype(_type)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_8keytypes_from_keytype(__pyx_v__type)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 159, __pyx_L1_error)
+  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_8keytypes_from_keytype(__pyx_v__type)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 159, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -5185,7 +8176,7 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
  * def key_type_from_name(key_name):             # <<<<<<<<<<<<<<
  *     cdef ssh_keytypes_e _type
  *     cdef bytes b_key_name = to_bytes(key_name)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5198,16 +8189,22 @@ static PyObject *__pyx_pf_3ssh_8keytypes_key_type_from_name(CYTHON_UNUSED PyObje
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_KeyType(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_7KeyType_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  #endif
+  if (unlikely(__pyx_pw_3ssh_8keytypes_7KeyType_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5216,11 +8213,20 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_KeyType(PyTypeObject *t, CYTHON_UNU
 
 static void __pyx_tp_dealloc_3ssh_8keytypes_KeyType(PyObject *o) {
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && (!PyType_IS_GC(Py_TYPE(o)) || !_PyGC_FINALIZED(o))) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && (!PyType_IS_GC(Py_TYPE(o)) || !__Pyx_PyObject_GC_IsFinalized(o))) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_8keytypes_KeyType) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static PyObject *__pyx_getprop_3ssh_8keytypes_7KeyType_value(PyObject *o, CYTHON_UNUSED void *x) {
@@ -5228,19 +8234,37 @@ static PyObject *__pyx_getprop_3ssh_8keytypes_7KeyType_value(PyObject *o, CYTHON
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_KeyType[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_7KeyType_6__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_7KeyType_8__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7KeyType_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7KeyType_6__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7KeyType_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7KeyType_8__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_8keytypes_KeyType[] = {
-  {(char *)"value", __pyx_getprop_3ssh_8keytypes_7KeyType_value, 0, (char *)0, 0},
+  {"value", __pyx_getprop_3ssh_8keytypes_7KeyType_value, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_KeyType_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_repr, (void *)__pyx_pw_3ssh_8keytypes_7KeyType_5__repr__},
+  {Py_tp_str, (void *)__pyx_pw_3ssh_8keytypes_7KeyType_3__str__},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_KeyType},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_8keytypes_KeyType},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_KeyType},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_KeyType_spec = {
+  "ssh.keytypes.KeyType",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_KeyType),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_KeyType_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_KeyType = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.KeyType", /*tp_name*/
+  "ssh.keytypes.""KeyType", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_KeyType), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5252,12 +8276,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_KeyType = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -5283,7 +8302,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_KeyType = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_KeyType, /*tp_new*/
@@ -5296,24 +8317,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_KeyType = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_DSSKey(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_6DSSKey_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_6DSSKey_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5321,14 +8351,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_DSSKey(PyTypeObject *t, PyObject *a
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_DSSKey[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_6DSSKey_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_6DSSKey_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6DSSKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6DSSKey_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6DSSKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6DSSKey_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_DSSKey_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_DSSKey},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_DSSKey},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_DSSKey_spec = {
+  "ssh.keytypes.DSSKey",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSKey),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_DSSKey_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_DSSKey = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.DSSKey", /*tp_name*/
+  "ssh.keytypes.""DSSKey", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_DSSKey), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5340,13 +8385,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSKey = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5356,7 +8396,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSKey = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5379,7 +8419,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSKey = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_DSSKey, /*tp_new*/
@@ -5392,24 +8434,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSKey = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_RSAKey(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_6RSAKey_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_6RSAKey_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5417,14 +8468,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_RSAKey(PyTypeObject *t, PyObject *a
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_RSAKey[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_6RSAKey_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_6RSAKey_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6RSAKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6RSAKey_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_6RSAKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_6RSAKey_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_RSAKey_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_RSAKey},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_RSAKey},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_RSAKey_spec = {
+  "ssh.keytypes.RSAKey",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSAKey),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_RSAKey_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_RSAKey = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.RSAKey", /*tp_name*/
+  "ssh.keytypes.""RSAKey", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_RSAKey), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5436,13 +8502,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSAKey = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5452,7 +8513,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSAKey = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5475,7 +8536,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSAKey = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_RSAKey, /*tp_new*/
@@ -5488,24 +8551,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSAKey = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_RSA1Key(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_7RSA1Key_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_7RSA1Key_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5513,14 +8585,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_RSA1Key(PyTypeObject *t, PyObject *
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_RSA1Key[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_7RSA1Key_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_7RSA1Key_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7RSA1Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7RSA1Key_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_7RSA1Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_7RSA1Key_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_RSA1Key_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_RSA1Key},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_RSA1Key},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_RSA1Key_spec = {
+  "ssh.keytypes.RSA1Key",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSA1Key),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_RSA1Key_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_RSA1Key = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.RSA1Key", /*tp_name*/
+  "ssh.keytypes.""RSA1Key", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_RSA1Key), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5532,13 +8619,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSA1Key = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5548,7 +8630,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSA1Key = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5571,7 +8653,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSA1Key = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_RSA1Key, /*tp_new*/
@@ -5584,24 +8668,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSA1Key = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSAKey(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_8ECDSAKey_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_8ECDSAKey_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5609,14 +8702,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSAKey(PyTypeObject *t, PyObject
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSAKey[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_8ECDSAKey_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_8ECDSAKey_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSAKey_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSAKey},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSAKey},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSAKey_spec = {
+  "ssh.keytypes.ECDSAKey",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSAKey),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSAKey_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSAKey = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSAKey", /*tp_name*/
+  "ssh.keytypes.""ECDSAKey", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSAKey), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5628,13 +8736,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSAKey = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5644,7 +8747,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSAKey = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5667,7 +8770,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSAKey = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSAKey, /*tp_new*/
@@ -5680,24 +8785,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSAKey = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_DSSCert01Key(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_12DSSCert01Key_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_12DSSCert01Key_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5705,14 +8819,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_DSSCert01Key(PyTypeObject *t, PyObj
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_DSSCert01Key[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12DSSCert01Key_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12DSSCert01Key_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_DSSCert01Key_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_DSSCert01Key},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_DSSCert01Key},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_DSSCert01Key_spec = {
+  "ssh.keytypes.DSSCert01Key",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_DSSCert01Key_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_DSSCert01Key = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.DSSCert01Key", /*tp_name*/
+  "ssh.keytypes.""DSSCert01Key", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_DSSCert01Key), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5724,13 +8853,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSCert01Key = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5740,7 +8864,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSCert01Key = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5763,7 +8887,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSCert01Key = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_DSSCert01Key, /*tp_new*/
@@ -5776,24 +8902,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_DSSCert01Key = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_RSACert01Key(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_12RSACert01Key_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_12RSACert01Key_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5801,14 +8936,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_RSACert01Key(PyTypeObject *t, PyObj
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_RSACert01Key[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12RSACert01Key_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_12RSACert01Key_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_RSACert01Key_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_RSACert01Key},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_RSACert01Key},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_RSACert01Key_spec = {
+  "ssh.keytypes.RSACert01Key",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_RSACert01Key),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_RSACert01Key_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_RSACert01Key = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.RSACert01Key", /*tp_name*/
+  "ssh.keytypes.""RSACert01Key", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_RSACert01Key), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5820,13 +8970,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSACert01Key = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5836,7 +8981,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSACert01Key = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5859,7 +9004,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSACert01Key = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_RSACert01Key, /*tp_new*/
@@ -5872,24 +9019,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_RSACert01Key = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P256(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_10ECDSA_P256_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_10ECDSA_P256_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5897,14 +9053,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P256(PyTypeObject *t, PyObjec
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSA_P256[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P256_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P256_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSA_P256_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSA_P256},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSA_P256},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSA_P256_spec = {
+  "ssh.keytypes.ECDSA_P256",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSA_P256_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSA_P256", /*tp_name*/
+  "ssh.keytypes.""ECDSA_P256", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -5916,13 +9087,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -5932,7 +9098,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -5955,7 +9121,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSA_P256, /*tp_new*/
@@ -5968,24 +9136,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P384(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_10ECDSA_P384_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_10ECDSA_P384_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5993,14 +9170,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P384(PyTypeObject *t, PyObjec
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSA_P384[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P384_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P384_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSA_P384_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSA_P384},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSA_P384},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSA_P384_spec = {
+  "ssh.keytypes.ECDSA_P384",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSA_P384_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSA_P384", /*tp_name*/
+  "ssh.keytypes.""ECDSA_P384", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6012,13 +9204,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6028,7 +9215,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6051,7 +9238,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSA_P384, /*tp_new*/
@@ -6064,24 +9253,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P521(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_10ECDSA_P521_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_10ECDSA_P521_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6089,14 +9287,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P521(PyTypeObject *t, PyObjec
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSA_P521[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P521_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ECDSA_P521_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSA_P521_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSA_P521},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSA_P521},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSA_P521_spec = {
+  "ssh.keytypes.ECDSA_P521",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSA_P521_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSA_P521", /*tp_name*/
+  "ssh.keytypes.""ECDSA_P521", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6108,13 +9321,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6124,7 +9332,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6147,7 +9355,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSA_P521, /*tp_new*/
@@ -6160,24 +9370,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P256_CERT01(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6185,14 +9404,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P256_CERT01(PyTypeObject *t,
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSA_P256_CERT01[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P256_CERT01_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSA_P256_CERT01},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSA_P256_CERT01},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01_spec = {
+  "ssh.keytypes.ECDSA_P256_CERT01",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSA_P256_CERT01", /*tp_name*/
+  "ssh.keytypes.""ECDSA_P256_CERT01", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P256_CERT01), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6204,13 +9438,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6220,7 +9449,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6243,7 +9472,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSA_P256_CERT01, /*tp_new*/
@@ -6256,24 +9487,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P384_CERT01(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6281,14 +9521,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P384_CERT01(PyTypeObject *t,
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSA_P384_CERT01[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P384_CERT01_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSA_P384_CERT01},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSA_P384_CERT01},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01_spec = {
+  "ssh.keytypes.ECDSA_P384_CERT01",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSA_P384_CERT01", /*tp_name*/
+  "ssh.keytypes.""ECDSA_P384_CERT01", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P384_CERT01), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6300,13 +9555,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6316,7 +9566,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6339,7 +9589,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSA_P384_CERT01, /*tp_new*/
@@ -6352,24 +9604,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P521_CERT01(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6377,14 +9638,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ECDSA_P521_CERT01(PyTypeObject *t,
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ECDSA_P521_CERT01[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_17ECDSA_P521_CERT01_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ECDSA_P521_CERT01},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ECDSA_P521_CERT01},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01_spec = {
+  "ssh.keytypes.ECDSA_P521_CERT01",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ECDSA_P521_CERT01", /*tp_name*/
+  "ssh.keytypes.""ECDSA_P521_CERT01", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ECDSA_P521_CERT01), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6396,13 +9672,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6412,7 +9683,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6435,7 +9706,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ECDSA_P521_CERT01, /*tp_new*/
@@ -6448,24 +9721,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ED25519_CERT01(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6473,14 +9755,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ED25519_CERT01(PyTypeObject *t, PyO
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ED25519_CERT01[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_14ED25519_CERT01_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ED25519_CERT01_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ED25519_CERT01},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ED25519_CERT01},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ED25519_CERT01_spec = {
+  "ssh.keytypes.ED25519_CERT01",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ED25519_CERT01_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519_CERT01 = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ED25519_CERT01", /*tp_name*/
+  "ssh.keytypes.""ED25519_CERT01", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519_CERT01), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6492,13 +9789,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519_CERT01 = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6508,7 +9800,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519_CERT01 = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6531,7 +9823,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519_CERT01 = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ED25519_CERT01, /*tp_new*/
@@ -6544,24 +9838,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519_CERT01 = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_UnknownKey(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_10UnknownKey_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_10UnknownKey_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6569,14 +9872,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_UnknownKey(PyTypeObject *t, PyObjec
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_UnknownKey[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_10UnknownKey_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_10UnknownKey_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10UnknownKey_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10UnknownKey_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10UnknownKey_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10UnknownKey_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_UnknownKey_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_UnknownKey},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_UnknownKey},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_UnknownKey_spec = {
+  "ssh.keytypes.UnknownKey",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_UnknownKey),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_UnknownKey_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_UnknownKey = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.UnknownKey", /*tp_name*/
+  "ssh.keytypes.""UnknownKey", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_UnknownKey), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6588,13 +9906,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_UnknownKey = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6604,7 +9917,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_UnknownKey = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6627,7 +9940,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_UnknownKey = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_UnknownKey, /*tp_new*/
@@ -6640,24 +9955,33 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_UnknownKey = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyObject *__pyx_tp_new_3ssh_8keytypes_ED25519Key(PyTypeObject *t, PyObject *a, PyObject *k) {
   PyObject *o = __pyx_tp_new_3ssh_8keytypes_KeyType(t, a, k);
   if (unlikely(!o)) return 0;
-  if (unlikely(__pyx_pw_3ssh_8keytypes_10ED25519Key_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_8keytypes_10ED25519Key_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -6665,14 +9989,29 @@ static PyObject *__pyx_tp_new_3ssh_8keytypes_ED25519Key(PyTypeObject *t, PyObjec
 }
 
 static PyMethodDef __pyx_methods_3ssh_8keytypes_ED25519Key[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_8keytypes_10ED25519Key_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__, METH_O, __pyx_doc_3ssh_8keytypes_10ED25519Key_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ED25519Key_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ED25519Key_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_8keytypes_10ED25519Key_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_8keytypes_10ED25519Key_4__setstate_cython__},
   {0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_8keytypes_ED25519Key_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_8keytypes_KeyType},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_8keytypes_ED25519Key},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_8keytypes_ED25519Key},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_8keytypes_ED25519Key_spec = {
+  "ssh.keytypes.ED25519Key",
+  sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519Key),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_8keytypes_ED25519Key_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519Key = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.keytypes.ED25519Key", /*tp_name*/
+  "ssh.keytypes.""ED25519Key", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_8keytypes_ED25519Key), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_8keytypes_KeyType, /*tp_dealloc*/
@@ -6684,13 +10023,8 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519Key = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_5__repr__, /*tp_repr*/
   #else
   0, /*tp_repr*/
@@ -6700,7 +10034,7 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519Key = {
   0, /*tp_as_mapping*/
   0, /*tp_hash*/
   0, /*tp_call*/
-  #if CYTHON_COMPILING_IN_PYPY
+  #if CYTHON_COMPILING_IN_PYPY || 0
   __pyx_pw_3ssh_8keytypes_7KeyType_3__str__, /*tp_str*/
   #else
   0, /*tp_str*/
@@ -6723,7 +10057,9 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519Key = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_8keytypes_ED25519Key, /*tp_new*/
@@ -6736,480 +10072,74 @@ static PyTypeObject __pyx_type_3ssh_8keytypes_ED25519Key = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyMethodDef __pyx_methods[] = {
   {0, 0, 0, 0}
 };
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
+  /*--- Global init code ---*/
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
 
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_keytypes(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_keytypes},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "keytypes",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
-  #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
-  #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
-
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_DSSCert01Key, __pyx_k_DSSCert01Key, sizeof(__pyx_k_DSSCert01Key), 0, 0, 1, 1},
-  {&__pyx_n_s_DSSKey, __pyx_k_DSSKey, sizeof(__pyx_k_DSSKey), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSAKey, __pyx_k_ECDSAKey, sizeof(__pyx_k_ECDSAKey), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSA_P256, __pyx_k_ECDSA_P256, sizeof(__pyx_k_ECDSA_P256), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSA_P256_CERT01, __pyx_k_ECDSA_P256_CERT01, sizeof(__pyx_k_ECDSA_P256_CERT01), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSA_P384, __pyx_k_ECDSA_P384, sizeof(__pyx_k_ECDSA_P384), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSA_P384_CERT01, __pyx_k_ECDSA_P384_CERT01, sizeof(__pyx_k_ECDSA_P384_CERT01), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSA_P521, __pyx_k_ECDSA_P521, sizeof(__pyx_k_ECDSA_P521), 0, 0, 1, 1},
-  {&__pyx_n_s_ECDSA_P521_CERT01, __pyx_k_ECDSA_P521_CERT01, sizeof(__pyx_k_ECDSA_P521_CERT01), 0, 0, 1, 1},
-  {&__pyx_n_s_ED25519Key, __pyx_k_ED25519Key, sizeof(__pyx_k_ED25519Key), 0, 0, 1, 1},
-  {&__pyx_n_s_ED25519_CERT01, __pyx_k_ED25519_CERT01, sizeof(__pyx_k_ED25519_CERT01), 0, 0, 1, 1},
-  {&__pyx_n_s_KeyType, __pyx_k_KeyType, sizeof(__pyx_k_KeyType), 0, 0, 1, 1},
-  {&__pyx_n_s_RSA1Key, __pyx_k_RSA1Key, sizeof(__pyx_k_RSA1Key), 0, 0, 1, 1},
-  {&__pyx_n_s_RSACert01Key, __pyx_k_RSACert01Key, sizeof(__pyx_k_RSACert01Key), 0, 0, 1, 1},
-  {&__pyx_n_s_RSAKey, __pyx_k_RSAKey, sizeof(__pyx_k_RSAKey), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_UnknownKey, __pyx_k_UnknownKey, sizeof(__pyx_k_UnknownKey), 0, 0, 1, 1},
-  {&__pyx_kp_s_Unknown_keytype_s, __pyx_k_Unknown_keytype_s, sizeof(__pyx_k_Unknown_keytype_s), 0, 0, 1, 0},
-  {&__pyx_n_s_ValueError, __pyx_k_ValueError, sizeof(__pyx_k_ValueError), 0, 0, 1, 1},
-  {&__pyx_n_s_b_key_name, __pyx_k_b_key_name, sizeof(__pyx_k_b_key_name), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_key_name, __pyx_k_key_name, sizeof(__pyx_k_key_name), 0, 0, 1, 1},
-  {&__pyx_n_s_key_name_2, __pyx_k_key_name_2, sizeof(__pyx_k_key_name_2), 0, 0, 1, 1},
-  {&__pyx_n_s_key_type_from_name, __pyx_k_key_type_from_name, sizeof(__pyx_k_key_type_from_name), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_keytypes, __pyx_k_ssh_keytypes, sizeof(__pyx_k_ssh_keytypes), 0, 0, 1, 1},
-  {&__pyx_kp_s_ssh_keytypes_pyx, __pyx_k_ssh_keytypes_pyx, sizeof(__pyx_k_ssh_keytypes_pyx), 0, 0, 1, 0},
-  {&__pyx_n_s_str, __pyx_k_str, sizeof(__pyx_k_str), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {&__pyx_n_s_type, __pyx_k_type, sizeof(__pyx_k_type), 0, 0, 1, 1},
-  {&__pyx_n_s_unknown, __pyx_k_unknown, sizeof(__pyx_k_unknown), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(0, 2, __pyx_L1_error)
-  __pyx_builtin_ValueError = __Pyx_GetBuiltinName(__pyx_n_s_ValueError); if (!__pyx_builtin_ValueError) __PYX_ERR(1, 150, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__3 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__3);
-  __Pyx_GIVEREF(__pyx_tuple__3);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__4 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__4)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__4);
-  __Pyx_GIVEREF(__pyx_tuple__4);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__5 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__5)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__5);
-  __Pyx_GIVEREF(__pyx_tuple__5);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__6 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__6)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__6);
-  __Pyx_GIVEREF(__pyx_tuple__6);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__7 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__7)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__7);
-  __Pyx_GIVEREF(__pyx_tuple__7);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__8 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__8)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__8);
-  __Pyx_GIVEREF(__pyx_tuple__8);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__9 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__9)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__9);
-  __Pyx_GIVEREF(__pyx_tuple__9);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__10 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__10)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__10);
-  __Pyx_GIVEREF(__pyx_tuple__10);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__11 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__11)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__11);
-  __Pyx_GIVEREF(__pyx_tuple__11);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__12 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__12)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__12);
-  __Pyx_GIVEREF(__pyx_tuple__12);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__13 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__13)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__13);
-  __Pyx_GIVEREF(__pyx_tuple__13);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__14 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__14)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__14);
-  __Pyx_GIVEREF(__pyx_tuple__14);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__15 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__15)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__15);
-  __Pyx_GIVEREF(__pyx_tuple__15);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__16 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__16)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__16);
-  __Pyx_GIVEREF(__pyx_tuple__16);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__17 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__17)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__17);
-  __Pyx_GIVEREF(__pyx_tuple__17);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__18 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__18)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__18);
-  __Pyx_GIVEREF(__pyx_tuple__18);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__19 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__19)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__19);
-  __Pyx_GIVEREF(__pyx_tuple__19);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__20 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__20)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__20);
-  __Pyx_GIVEREF(__pyx_tuple__20);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__21 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__21)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__21);
-  __Pyx_GIVEREF(__pyx_tuple__21);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__22 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__22)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__22);
-  __Pyx_GIVEREF(__pyx_tuple__22);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__23 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__23)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__23);
-  __Pyx_GIVEREF(__pyx_tuple__23);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__24 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__24)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__24);
-  __Pyx_GIVEREF(__pyx_tuple__24);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__25 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__25)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__25);
-  __Pyx_GIVEREF(__pyx_tuple__25);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__26 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__26)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__26);
-  __Pyx_GIVEREF(__pyx_tuple__26);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__27 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__27)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__27);
-  __Pyx_GIVEREF(__pyx_tuple__27);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__28 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__28)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__28);
-  __Pyx_GIVEREF(__pyx_tuple__28);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__29 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__29)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__29);
-  __Pyx_GIVEREF(__pyx_tuple__29);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__30 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__30)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__30);
-  __Pyx_GIVEREF(__pyx_tuple__30);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__31 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__31)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__31);
-  __Pyx_GIVEREF(__pyx_tuple__31);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__32 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__32)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__32);
-  __Pyx_GIVEREF(__pyx_tuple__32);
-
-  /* "ssh/keytypes.pyx":153
- * 
- * 
- * def key_type_from_name(key_name):             # <<<<<<<<<<<<<<
- *     cdef ssh_keytypes_e _type
- *     cdef bytes b_key_name = to_bytes(key_name)
- */
-  __pyx_tuple__33 = PyTuple_Pack(4, __pyx_n_s_key_name, __pyx_n_s_type, __pyx_n_s_b_key_name, __pyx_n_s_key_name_2); if (unlikely(!__pyx_tuple__33)) __PYX_ERR(1, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__33);
-  __Pyx_GIVEREF(__pyx_tuple__33);
-  __pyx_codeobj__34 = (PyObject*)__Pyx_PyCode_New(1, 0, 4, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__33, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_keytypes_pyx, __pyx_n_s_key_type_from_name, 153, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__34)) __PYX_ERR(1, 153, __pyx_L1_error)
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(1, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
-  /*--- Global init code ---*/
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
-
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
-  if (__Pyx_ExportFunction("from_keytype", (void (*)(void))__pyx_f_3ssh_8keytypes_from_keytype, "struct __pyx_obj_3ssh_8keytypes_KeyType *(enum ssh_keytypes_e)") < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_ExportFunction("from_keytype", (void (*)(void))__pyx_f_3ssh_8keytypes_from_keytype, "struct __pyx_obj_3ssh_8keytypes_KeyType *(enum ssh_keytypes_e)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -7217,223 +10147,417 @@ static int __Pyx_modinit_function_export_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
   /*--- Type init code ---*/
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(1, 24, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_KeyType.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_KeyType_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType)) __PYX_ERR(0, 24, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_KeyType_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType = &__pyx_type_3ssh_8keytypes_KeyType;
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_KeyType.tp_dictoffset && __pyx_type_3ssh_8keytypes_KeyType.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_KeyType.tp_getattro = __Pyx_PyObject_GenericGetAttr;
-  }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_KeyType, (PyObject *)&__pyx_type_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(1, 24, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(1, 24, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_KeyType = &__pyx_type_3ssh_8keytypes_KeyType;
-  __pyx_type_3ssh_8keytypes_DSSKey.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(1, 48, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_DSSKey.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_DSSKey.tp_dictoffset && __pyx_type_3ssh_8keytypes_DSSKey.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_DSSKey.tp_getattro = __Pyx_PyObject_GenericGetAttr;
-  }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_DSSKey, (PyObject *)&__pyx_type_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(1, 48, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(1, 48, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_DSSKey = &__pyx_type_3ssh_8keytypes_DSSKey;
-  __pyx_type_3ssh_8keytypes_RSAKey.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(1, 53, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_RSAKey.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_RSAKey.tp_dictoffset && __pyx_type_3ssh_8keytypes_RSAKey.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_RSAKey.tp_getattro = __Pyx_PyObject_GenericGetAttr;
-  }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_RSAKey, (PyObject *)&__pyx_type_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(1, 53, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(1, 53, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_RSAKey = &__pyx_type_3ssh_8keytypes_RSAKey;
-  __pyx_type_3ssh_8keytypes_RSA1Key.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(1, 58, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_RSA1Key.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_RSA1Key.tp_dictoffset && __pyx_type_3ssh_8keytypes_RSA1Key.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_RSA1Key.tp_getattro = __Pyx_PyObject_GenericGetAttr;
-  }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_RSA1Key, (PyObject *)&__pyx_type_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(1, 58, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(1, 58, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_RSA1Key = &__pyx_type_3ssh_8keytypes_RSA1Key;
-  __pyx_type_3ssh_8keytypes_ECDSAKey.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(1, 63, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSAKey.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSAKey.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSAKey.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSAKey.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSAKey, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(1, 63, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(1, 63, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSAKey = &__pyx_type_3ssh_8keytypes_ECDSAKey;
-  __pyx_type_3ssh_8keytypes_DSSCert01Key.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(1, 68, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_DSSCert01Key.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_DSSCert01Key.tp_dictoffset && __pyx_type_3ssh_8keytypes_DSSCert01Key.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_DSSCert01Key.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_KeyType, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_KeyType) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_DSSKey_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey)) __PYX_ERR(0, 48, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_DSSKey_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey = &__pyx_type_3ssh_8keytypes_DSSKey;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_DSSKey->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_DSSCert01Key, (PyObject *)&__pyx_type_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(1, 68, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(1, 68, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_DSSCert01Key = &__pyx_type_3ssh_8keytypes_DSSCert01Key;
-  __pyx_type_3ssh_8keytypes_RSACert01Key.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(1, 73, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_RSACert01Key.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_RSACert01Key.tp_dictoffset && __pyx_type_3ssh_8keytypes_RSACert01Key.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_RSACert01Key.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_DSSKey, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSKey) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_RSAKey_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey)) __PYX_ERR(0, 53, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_RSAKey_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey = &__pyx_type_3ssh_8keytypes_RSAKey;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSAKey->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_RSACert01Key, (PyObject *)&__pyx_type_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(1, 73, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(1, 73, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_RSACert01Key = &__pyx_type_3ssh_8keytypes_RSACert01Key;
-  __pyx_type_3ssh_8keytypes_ECDSA_P256.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(1, 78, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSA_P256.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSA_P256.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSA_P256.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSA_P256.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_RSAKey, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSAKey) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_RSA1Key_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key)) __PYX_ERR(0, 58, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_RSA1Key_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key = &__pyx_type_3ssh_8keytypes_RSA1Key;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSA1Key->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSA_P256, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(1, 78, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(1, 78, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P256 = &__pyx_type_3ssh_8keytypes_ECDSA_P256;
-  __pyx_type_3ssh_8keytypes_ECDSA_P384.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(1, 83, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSA_P384.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSA_P384.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSA_P384.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSA_P384.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_RSA1Key, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSA1Key) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSAKey_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey)) __PYX_ERR(0, 63, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSAKey_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey = &__pyx_type_3ssh_8keytypes_ECDSAKey;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSAKey->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSA_P384, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(1, 83, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(1, 83, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P384 = &__pyx_type_3ssh_8keytypes_ECDSA_P384;
-  __pyx_type_3ssh_8keytypes_ECDSA_P521.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(1, 88, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSA_P521.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSA_P521.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSA_P521.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSA_P521.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSAKey, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSAKey) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 68, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_DSSCert01Key_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key)) __PYX_ERR(0, 68, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_DSSCert01Key_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key = &__pyx_type_3ssh_8keytypes_DSSCert01Key;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_DSSCert01Key->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSA_P521, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(1, 88, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(1, 88, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P521 = &__pyx_type_3ssh_8keytypes_ECDSA_P521;
-  __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(1, 93, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_DSSCert01Key, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_DSSCert01Key) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_RSACert01Key_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key)) __PYX_ERR(0, 73, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_RSACert01Key_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key = &__pyx_type_3ssh_8keytypes_RSACert01Key;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_RSACert01Key->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSA_P256_CERT01, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(1, 93, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(1, 93, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = &__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01;
-  __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(1, 98, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_RSACert01Key, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_RSACert01Key) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 78, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSA_P256_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256)) __PYX_ERR(0, 78, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSA_P256_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(0, 78, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256 = &__pyx_type_3ssh_8keytypes_ECDSA_P256;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P256->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(0, 78, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSA_P384_CERT01, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(1, 98, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(1, 98, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = &__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01;
-  __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(1, 103, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01.tp_dictoffset && __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSA_P256, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(0, 78, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256) < 0) __PYX_ERR(0, 78, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 83, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSA_P384_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384)) __PYX_ERR(0, 83, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSA_P384_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384 = &__pyx_type_3ssh_8keytypes_ECDSA_P384;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P384->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384->tp_getattro = PyObject_GenericGetAttr;
+  }
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSA_P384, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 88, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSA_P521_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521)) __PYX_ERR(0, 88, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSA_P521_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(0, 88, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521 = &__pyx_type_3ssh_8keytypes_ECDSA_P521;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P521->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(0, 88, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521->tp_getattro = PyObject_GenericGetAttr;
+  }
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSA_P521, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(0, 88, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521) < 0) __PYX_ERR(0, 88, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01)) __PYX_ERR(0, 93, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01 = &__pyx_type_3ssh_8keytypes_ECDSA_P256_CERT01;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01->tp_getattro = PyObject_GenericGetAttr;
+  }
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSA_P256_CERT01, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P256_CERT01) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 98, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01)) __PYX_ERR(0, 98, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(0, 98, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01 = &__pyx_type_3ssh_8keytypes_ECDSA_P384_CERT01;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(0, 98, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01->tp_getattro = PyObject_GenericGetAttr;
+  }
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSA_P384_CERT01, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(0, 98, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P384_CERT01) < 0) __PYX_ERR(0, 98, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 103, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01)) __PYX_ERR(0, 103, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(0, 103, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = &__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(0, 103, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ECDSA_P521_CERT01, (PyObject *)&__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(1, 103, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(1, 103, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01 = &__pyx_type_3ssh_8keytypes_ECDSA_P521_CERT01;
-  __pyx_type_3ssh_8keytypes_ED25519_CERT01.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(1, 113, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ED25519_CERT01.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ED25519_CERT01.tp_dictoffset && __pyx_type_3ssh_8keytypes_ED25519_CERT01.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ED25519_CERT01.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ECDSA_P521_CERT01, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(0, 103, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ECDSA_P521_CERT01) < 0) __PYX_ERR(0, 103, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ED25519_CERT01_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01)) __PYX_ERR(0, 113, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ED25519_CERT01_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(0, 113, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = &__pyx_type_3ssh_8keytypes_ED25519_CERT01;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(0, 113, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ED25519_CERT01, (PyObject *)&__pyx_type_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(1, 113, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(1, 113, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ED25519_CERT01 = &__pyx_type_3ssh_8keytypes_ED25519_CERT01;
-  __pyx_type_3ssh_8keytypes_UnknownKey.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(1, 43, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_UnknownKey.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_UnknownKey.tp_dictoffset && __pyx_type_3ssh_8keytypes_UnknownKey.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_UnknownKey.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ED25519_CERT01, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(0, 113, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519_CERT01) < 0) __PYX_ERR(0, 113, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 43, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_UnknownKey_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey)) __PYX_ERR(0, 43, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_UnknownKey_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(0, 43, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey = &__pyx_type_3ssh_8keytypes_UnknownKey;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_UnknownKey->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(0, 43, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_UnknownKey, (PyObject *)&__pyx_type_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(1, 43, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(1, 43, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_UnknownKey = &__pyx_type_3ssh_8keytypes_UnknownKey;
-  __pyx_type_3ssh_8keytypes_ED25519Key.tp_base = __pyx_ptype_3ssh_8keytypes_KeyType;
-  if (PyType_Ready(&__pyx_type_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(1, 108, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_8keytypes_ED25519Key.tp_print = 0;
-  #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_8keytypes_ED25519Key.tp_dictoffset && __pyx_type_3ssh_8keytypes_ED25519Key.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_8keytypes_ED25519Key.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_UnknownKey, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(0, 43, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_UnknownKey) < 0) __PYX_ERR(0, 43, __pyx_L1_error)
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_t_1 = PyTuple_Pack(1, (PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 108, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_1);
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_8keytypes_ED25519Key_spec, __pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_1); __pyx_t_1 = 0;
+  if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key)) __PYX_ERR(0, 108, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_8keytypes_ED25519Key_spec, __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(0, 108, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key = &__pyx_type_3ssh_8keytypes_ED25519Key;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_ED25519Key->tp_base = __pyx_mstate_global->__pyx_ptype_3ssh_8keytypes_KeyType;
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(0, 108, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_ED25519Key, (PyObject *)&__pyx_type_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(1, 108, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(1, 108, __pyx_L1_error)
-  __pyx_ptype_3ssh_8keytypes_ED25519Key = &__pyx_type_3ssh_8keytypes_ED25519Key;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_ED25519Key, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(0, 108, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_8keytypes_ED25519Key) < 0) __PYX_ERR(0, 108, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_RefNannyFinishContext();
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
-  __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(1, 1, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -7443,50 +10567,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_keytypes(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_keytypes},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "keytypes",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initkeytypes(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initkeytypes(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_keytypes(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_keytypes(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -7494,7 +10689,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -7509,10 +10706,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -7535,9 +10735,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_keytypes(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -7548,9 +10753,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_keytypes(PyObject *__pyx_pyinit_mo
     PyErr_SetString(PyExc_RuntimeError, "Module 'keytypes' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "keytypes" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -7560,873 +10793,4078 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_keytypes(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_keytypes", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("keytypes", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(1, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__keytypes) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
-    PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(1, 1, __pyx_L1_error)
+    PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.keytypes")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.keytypes", __pyx_m) < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.keytypes", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  if (unlikely(__Pyx_modinit_function_export_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_type_import_code();
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_export_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_type_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
 
-  /* "ssh/keytypes.pyx":153
- * 
- * 
- * def key_type_from_name(key_name):             # <<<<<<<<<<<<<<
- *     cdef ssh_keytypes_e _type
- *     cdef bytes b_key_name = to_bytes(key_name)
- */
-  __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_3ssh_8keytypes_1key_type_from_name, NULL, __pyx_n_s_ssh_keytypes); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 153, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_key_type_from_name, __pyx_t_1) < 0) __PYX_ERR(1, 153, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_7KeyType_7__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_KeyType___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  /* "ssh/keytypes.pyx":1
- * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
- * # Copyright (C) 2018-2020 Panos Kittenis
- * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_7KeyType_9__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_KeyType___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  /*--- Wrapped vars code ---*/
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10UnknownKey_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_UnknownKey___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  if (__pyx_m) {
-    if (__pyx_d) {
-      __Pyx_AddTraceback("init ssh.keytypes", __pyx_clineno, __pyx_lineno, __pyx_filename);
-    }
-    Py_CLEAR(__pyx_m);
-  } else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_ImportError, "init ssh.keytypes");
-  }
-  __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
-  #else
-  return;
-  #endif
-}
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10UnknownKey_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_UnknownKey___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
-    r = PyLong_AsVoidPtr(p);
-end:
-    Py_XDECREF(p);
-    Py_XDECREF(m);
-    return (__Pyx_RefNannyAPIStruct *)r;
-}
-#endif
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_6DSSKey_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_DSSKey___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
-}
-#endif
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_6DSSKey_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_DSSKey___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
-    }
-    return result;
-}
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_6RSAKey_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_RSAKey___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
-{
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_6RSAKey_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_RSAKey___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_7RSA1Key_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_RSA1Key___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_7RSA1Key_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_RSA1Key___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_8ECDSAKey_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSAKey___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_8ECDSAKey_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSAKey___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_12DSSCert01Key_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_DSSCert01Key___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_12DSSCert01Key_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_DSSCert01Key___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_12RSACert01Key_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_RSACert01Key___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_12RSACert01Key_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_RSACert01Key___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ECDSA_P256_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P256___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ECDSA_P256_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P256___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ECDSA_P384_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P384___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[18])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ECDSA_P384_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P384___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[19])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ECDSA_P521_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P521___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[20])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ECDSA_P521_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P521___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[21])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_17ECDSA_P256_CERT01_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P256_CERT01___reduce_cytho, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[22])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_17ECDSA_P256_CERT01_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P256_CERT01___setstate_cyt, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[23])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_17ECDSA_P384_CERT01_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P384_CERT01___reduce_cytho, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[24])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_17ECDSA_P384_CERT01_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P384_CERT01___setstate_cyt, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[25])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_17ECDSA_P521_CERT01_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P521_CERT01___reduce_cytho, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[26])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_17ECDSA_P521_CERT01_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ECDSA_P521_CERT01___setstate_cyt, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[27])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ED25519Key_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ED25519Key___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[28])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_10ED25519Key_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ED25519Key___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[29])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_14ED25519_CERT01_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ED25519_CERT01___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[30])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_14ED25519_CERT01_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_ED25519_CERT01___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[31])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/keytypes.pyx":153
+ * 
+ * 
+ * def key_type_from_name(key_name):             # <<<<<<<<<<<<<<
+ *     cdef ssh_keytypes_e _type
+ *     cdef bytes b_key_name = to_bytes(key_name)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_8keytypes_1key_type_from_name, 0, __pyx_mstate_global->__pyx_n_u_key_type_from_name, NULL, __pyx_mstate_global->__pyx_n_u_ssh_keytypes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[32])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_key_type_from_name, __pyx_t_2) < 0) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/keytypes.pyx":1
+ * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
+ * # Copyright (C) 2018-2020 Panos Kittenis
+ * #
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /*--- Wrapped vars code ---*/
+
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  if (__pyx_m) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
+      __Pyx_AddTraceback("init ssh.keytypes", __pyx_clineno, __pyx_lineno, __pyx_filename);
+    }
+    #if !CYTHON_USE_MODULE_STATE
+    Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
+  } else if (!PyErr_Occurred()) {
+    PyErr_SetString(PyExc_ImportError, "init ssh.keytypes");
+  }
+  __pyx_L0:;
+  __Pyx_RefNannyFinishContext();
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  return (__pyx_m != NULL) ? 0 : -1;
+  #else
+  return __pyx_m;
+  #endif
+}
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 50 <= 65535
+    const unsigned short n;
+#elif 50 / 2 < INT_MAX
+    const unsigned int n;
+#elif 50 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_DSSCert01Key, sizeof(__pyx_k_DSSCert01Key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_DSSCert01Key */
+  {__pyx_k_DSSCert01Key___reduce_cython, sizeof(__pyx_k_DSSCert01Key___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_DSSCert01Key___reduce_cython */
+  {__pyx_k_DSSCert01Key___setstate_cython, sizeof(__pyx_k_DSSCert01Key___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_DSSCert01Key___setstate_cython */
+  {__pyx_k_DSSKey, sizeof(__pyx_k_DSSKey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_DSSKey */
+  {__pyx_k_DSSKey___reduce_cython, sizeof(__pyx_k_DSSKey___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_DSSKey___reduce_cython */
+  {__pyx_k_DSSKey___setstate_cython, sizeof(__pyx_k_DSSKey___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_DSSKey___setstate_cython */
+  {__pyx_k_ECDSAKey, sizeof(__pyx_k_ECDSAKey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSAKey */
+  {__pyx_k_ECDSAKey___reduce_cython, sizeof(__pyx_k_ECDSAKey___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSAKey___reduce_cython */
+  {__pyx_k_ECDSAKey___setstate_cython, sizeof(__pyx_k_ECDSAKey___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSAKey___setstate_cython */
+  {__pyx_k_ECDSA_P256, sizeof(__pyx_k_ECDSA_P256), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P256 */
+  {__pyx_k_ECDSA_P256_CERT01, sizeof(__pyx_k_ECDSA_P256_CERT01), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P256_CERT01 */
+  {__pyx_k_ECDSA_P256_CERT01___reduce_cytho, sizeof(__pyx_k_ECDSA_P256_CERT01___reduce_cytho), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P256_CERT01___reduce_cytho */
+  {__pyx_k_ECDSA_P256_CERT01___setstate_cyt, sizeof(__pyx_k_ECDSA_P256_CERT01___setstate_cyt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P256_CERT01___setstate_cyt */
+  {__pyx_k_ECDSA_P256___reduce_cython, sizeof(__pyx_k_ECDSA_P256___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P256___reduce_cython */
+  {__pyx_k_ECDSA_P256___setstate_cython, sizeof(__pyx_k_ECDSA_P256___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P256___setstate_cython */
+  {__pyx_k_ECDSA_P384, sizeof(__pyx_k_ECDSA_P384), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P384 */
+  {__pyx_k_ECDSA_P384_CERT01, sizeof(__pyx_k_ECDSA_P384_CERT01), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P384_CERT01 */
+  {__pyx_k_ECDSA_P384_CERT01___reduce_cytho, sizeof(__pyx_k_ECDSA_P384_CERT01___reduce_cytho), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P384_CERT01___reduce_cytho */
+  {__pyx_k_ECDSA_P384_CERT01___setstate_cyt, sizeof(__pyx_k_ECDSA_P384_CERT01___setstate_cyt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P384_CERT01___setstate_cyt */
+  {__pyx_k_ECDSA_P384___reduce_cython, sizeof(__pyx_k_ECDSA_P384___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P384___reduce_cython */
+  {__pyx_k_ECDSA_P384___setstate_cython, sizeof(__pyx_k_ECDSA_P384___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P384___setstate_cython */
+  {__pyx_k_ECDSA_P521, sizeof(__pyx_k_ECDSA_P521), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P521 */
+  {__pyx_k_ECDSA_P521_CERT01, sizeof(__pyx_k_ECDSA_P521_CERT01), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P521_CERT01 */
+  {__pyx_k_ECDSA_P521_CERT01___reduce_cytho, sizeof(__pyx_k_ECDSA_P521_CERT01___reduce_cytho), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P521_CERT01___reduce_cytho */
+  {__pyx_k_ECDSA_P521_CERT01___setstate_cyt, sizeof(__pyx_k_ECDSA_P521_CERT01___setstate_cyt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P521_CERT01___setstate_cyt */
+  {__pyx_k_ECDSA_P521___reduce_cython, sizeof(__pyx_k_ECDSA_P521___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P521___reduce_cython */
+  {__pyx_k_ECDSA_P521___setstate_cython, sizeof(__pyx_k_ECDSA_P521___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ECDSA_P521___setstate_cython */
+  {__pyx_k_ED25519Key, sizeof(__pyx_k_ED25519Key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ED25519Key */
+  {__pyx_k_ED25519Key___reduce_cython, sizeof(__pyx_k_ED25519Key___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ED25519Key___reduce_cython */
+  {__pyx_k_ED25519Key___setstate_cython, sizeof(__pyx_k_ED25519Key___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ED25519Key___setstate_cython */
+  {__pyx_k_ED25519_CERT01, sizeof(__pyx_k_ED25519_CERT01), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ED25519_CERT01 */
+  {__pyx_k_ED25519_CERT01___reduce_cython, sizeof(__pyx_k_ED25519_CERT01___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ED25519_CERT01___reduce_cython */
+  {__pyx_k_ED25519_CERT01___setstate_cython, sizeof(__pyx_k_ED25519_CERT01___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ED25519_CERT01___setstate_cython */
+  {__pyx_k_KeyType, sizeof(__pyx_k_KeyType), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyType */
+  {__pyx_k_KeyType___reduce_cython, sizeof(__pyx_k_KeyType___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyType___reduce_cython */
+  {__pyx_k_KeyType___setstate_cython, sizeof(__pyx_k_KeyType___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KeyType___setstate_cython */
+  {__pyx_k_RSA1Key, sizeof(__pyx_k_RSA1Key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSA1Key */
+  {__pyx_k_RSA1Key___reduce_cython, sizeof(__pyx_k_RSA1Key___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSA1Key___reduce_cython */
+  {__pyx_k_RSA1Key___setstate_cython, sizeof(__pyx_k_RSA1Key___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSA1Key___setstate_cython */
+  {__pyx_k_RSACert01Key, sizeof(__pyx_k_RSACert01Key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSACert01Key */
+  {__pyx_k_RSACert01Key___reduce_cython, sizeof(__pyx_k_RSACert01Key___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSACert01Key___reduce_cython */
+  {__pyx_k_RSACert01Key___setstate_cython, sizeof(__pyx_k_RSACert01Key___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSACert01Key___setstate_cython */
+  {__pyx_k_RSAKey, sizeof(__pyx_k_RSAKey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSAKey */
+  {__pyx_k_RSAKey___reduce_cython, sizeof(__pyx_k_RSAKey___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSAKey___reduce_cython */
+  {__pyx_k_RSAKey___setstate_cython, sizeof(__pyx_k_RSAKey___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_RSAKey___setstate_cython */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k_UnknownKey, sizeof(__pyx_k_UnknownKey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_UnknownKey */
+  {__pyx_k_UnknownKey___reduce_cython, sizeof(__pyx_k_UnknownKey___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_UnknownKey___reduce_cython */
+  {__pyx_k_UnknownKey___setstate_cython, sizeof(__pyx_k_UnknownKey___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_UnknownKey___setstate_cython */
+  {__pyx_k_Unknown_keytype_s, sizeof(__pyx_k_Unknown_keytype_s), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Unknown_keytype_s */
+  {__pyx_k_ValueError, sizeof(__pyx_k_ValueError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ValueError */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_b_key_name, sizeof(__pyx_k_b_key_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_key_name */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_key_name, sizeof(__pyx_k_key_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key_name */
+  {__pyx_k_key_name_2, sizeof(__pyx_k_key_name_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key_name_2 */
+  {__pyx_k_key_type_from_name, sizeof(__pyx_k_key_type_from_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key_type_from_name */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_ssh_keytypes, sizeof(__pyx_k_ssh_keytypes), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_keytypes */
+  {__pyx_k_ssh_keytypes_pyx, sizeof(__pyx_k_ssh_keytypes_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_keytypes_pyx */
+  {__pyx_k_str, sizeof(__pyx_k_str), 0, 1, 1}, /* PyObject cname: __pyx_n_u_str */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_type, sizeof(__pyx_k_type), 0, 1, 1}, /* PyObject cname: __pyx_n_u_type */
+  {__pyx_k_unknown, sizeof(__pyx_k_unknown), 0, 1, 1}, /* PyObject cname: __pyx_n_u_unknown */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  __pyx_builtin_ValueError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_ValueError); if (!__pyx_builtin_ValueError) __PYX_ERR(0, 150, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 3;
+            unsigned int flags : 10;
+            unsigned int first_line : 8;
+            unsigned int line_table_length : 10;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[18] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[18])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[19] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[19])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[20] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[20])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[21] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[21])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[22] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[22])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[23] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[23])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[24] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[24])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[25] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[25])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[26] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[26])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[27] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[27])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[28] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[28])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[29] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[29])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[30] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[30])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[31] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[31])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 153, 38};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_key_name, __pyx_mstate->__pyx_n_u_type, __pyx_mstate->__pyx_n_u_b_key_name, __pyx_mstate->__pyx_n_u_key_name_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[32] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_keytypes_pyx, __pyx_mstate->__pyx_n_u_key_type_from_name, __pyx_k_HAQ_aq_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[32])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
+    r = PyLong_AsVoidPtr(p);
+end:
+    Py_XDECREF(p);
+    Py_XDECREF(m);
+    return (__Pyx_RefNannyAPIStruct *)r;
+}
+#endif
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
         more_or_less = "at most";
     }
-    if (exact) {
-        more_or_less = "exactly";
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* PyObjectFastCallMethod */
+#if !CYTHON_VECTORCALL || PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf) {
+    PyObject *result;
+    PyObject *attr = PyObject_GetAttr(args[0], name);
+    if (unlikely(!attr))
+        return NULL;
+    result = __Pyx_PyObject_FastCall(attr, args+1, nargsf - 1);
+    Py_DECREF(attr);
+    return result;
+}
+#endif
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
     }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
 }
 
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
-{
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
-#if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
 #else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
     }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
     return 0;
+}
 #endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
     return 0;
 }
-
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
-        return NULL;
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
     }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
     }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
-    return result;
+#endif
+    return r;
+#endif
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
 #endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
     }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
 #endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
         }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
         }
     }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
         }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
         }
-        nk = i / 2;
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
     }
-    else {
-        kwtuple = NULL;
-        k = NULL;
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
     }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
 #endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
     }
-    else {
-        d = NULL;
-        nd = 0;
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
     }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
 #else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
 }
 #endif
-#endif
 
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
     PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
     }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
     return result;
 }
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
 #endif
 
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
         return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
     }
-    return result;
-}
-#endif
-
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
     }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
 #else
-    if (likely(PyCFunction_Check(func)))
+        PyDict_GET_SIZE(kw);
 #endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
-        }
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
 }
 #endif
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
     }
+    return 0;
 }
-#endif
-
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
     }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
         }
+#endif
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
 }
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
     PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
     return result;
 }
-#endif
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+        if (unlikely(op->func_name == NULL))
+            return NULL;
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
-        }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
+                        "__qualname__ must be set to a string object");
+        return -1;
     }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
-        }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
         }
-    } else {
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
         } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
+            result = Py_None;
         }
-        PyException_SetCause(value, fixed_cause);
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
 #else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
         }
 #endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
     }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
 #endif
-    return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
-    }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
-    }
-    return descr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
 }
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+#endif
+    return (PyObject *) op;
 }
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
 #endif
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
 }
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
+#endif
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
-}
-static int __Pyx_setup_reduce(PyObject* type_obj) {
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
     int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
     }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
+    }
+    return op;
 }
 
 /* PyDictVersioning */
@@ -8456,29 +14894,34 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -8487,11 +14930,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -8519,130 +14963,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -8673,7 +15183,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -8683,9 +15193,42 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
+
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_keytypes_e(enum ssh_keytypes_e value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_keytypes_e(enum ssh_keytypes_e value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8697,17 +15240,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_keytypes_e(enum ssh_ke
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(enum ssh_keytypes_e) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(enum ssh_keytypes_e) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(enum ssh_keytypes_e) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(enum ssh_keytypes_e) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(enum ssh_keytypes_e) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -8715,15 +15258,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_keytypes_e(enum ssh_ke
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(enum ssh_keytypes_e),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_keytypes_e));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8735,17 +15350,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -8753,10 +15368,43 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
@@ -8783,7 +15431,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8793,179 +15441,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -8979,189 +15685,247 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
 #endif
     const int neg_one = (int) -1, const_zero = (int) 0;
-#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
-#pragma GCC diagnostic pop
-#endif
-    const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
 #endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    const int is_unsigned = neg_one > const_zero;
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9178,7 +15942,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -9199,51 +15963,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -9274,42 +16025,57 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionExport */
@@ -9320,22 +16086,18 @@ static int __Pyx_ExportFunction(const char *name, void (*f)(void), const char *s
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(__pyx_m, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(__pyx_m, "__pyx_capi__");
     if (!d) {
         PyErr_Clear();
         d = PyDict_New();
         if (!d)
             goto bad;
         Py_INCREF(d);
-        if (PyModule_AddObject(__pyx_m, (char *)"__pyx_capi__", d) < 0)
+        if (PyModule_AddObject(__pyx_m, "__pyx_capi__", d) < 0)
             goto bad;
     }
     tmp.fp = f;
-#if PY_VERSION_HEX >= 0x02070000
     cobj = PyCapsule_New(tmp.p, sig, 0);
-#else
-    cobj = PyCObject_FromVoidPtrAndDesc(tmp.p, (void *)sig, 0);
-#endif
     if (!cobj)
         goto bad;
     if (PyDict_SetItemString(d, name, cobj) < 0)
@@ -9350,26 +16112,30 @@ static int __Pyx_ExportFunction(const char *name, void (*f)(void), const char *s
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -9377,97 +16143,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -9479,25 +16381,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -9520,95 +16422,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -9647,33 +16520,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/keytypes.pxd b/ssh/keytypes.pxd
index 33e8614f..8d4c8944 100644
--- a/ssh/keytypes.pxd
+++ b/ssh/keytypes.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport ssh_keytypes_e
+from .c_ssh cimport ssh_keytypes_e
 
 
 cdef class KeyType:
diff --git a/ssh/keytypes.pyx b/ssh/keytypes.pyx
index d95989f7..dfec92c0 100644
--- a/ssh/keytypes.pyx
+++ b/ssh/keytypes.pyx
@@ -1,24 +1,25 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018-2020 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.string cimport const_char
 
-from utils cimport to_str, to_bytes
+from .utils cimport to_str, to_bytes
 
-from c_ssh cimport ssh_keytypes_e, ssh_key_type_to_char, ssh_key_type_from_name
+from .c_ssh cimport ssh_keytypes_e, ssh_key_type_to_char, ssh_key_type_from_name
 
 
 cdef class KeyType:
diff --git a/ssh/options.c b/ssh/options.c
index f0b3df4c..c0326343 100644
--- a/ssh/options.c
+++ b/ssh/options.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.options",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/options.pyx"
+        ]
+    },
+    "module_name": "ssh.options"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
+#else
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
+#endif
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,81 +911,205 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
-  float value;
-  memset(&value, 0xFF, sizeof(value));
-  return value;
-}
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
+  float value;
+  memset(&value, 0xFF, sizeof(value));
+  return value;
+}
 #endif
 #if defined(__CYGWIN__) && defined(_LDBL_EQ_DBL)
 #define __Pyx_truncl trunc
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -753,12 +1163,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -793,140 +1199,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -938,25 +1333,201 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/options.pyx",
-  "stringsource",
+  "<stringsource>",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7options_Option;
@@ -967,7 +1538,7 @@ struct __pyx_obj_3ssh_7options_Option;
  * cdef class Option:             # <<<<<<<<<<<<<<
  *     cdef ssh_options_e _option
  * 
- */
+*/
 struct __pyx_obj_3ssh_7options_Option {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtab;
@@ -982,12 +1553,13 @@ struct __pyx_obj_3ssh_7options_Option {
  * cdef class Option:             # <<<<<<<<<<<<<<
  *     """Class for representing an SSH option."""
  * 
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_7options_Option {
   struct __pyx_obj_3ssh_7options_Option *(*from_option)(enum ssh_options_e);
 };
 static struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtabptr_3ssh_7options_Option;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -996,42 +1568,48 @@ static struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtabptr_3ssh_7options
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1042,6 +1620,10 @@ static struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtabptr_3ssh_7options
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1053,78 +1635,82 @@ static struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtabptr_3ssh_7options
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* ArgTypeTest.proto */
-#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
-        __Pyx__ArgTypeTest(obj, type, name, exact))
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
-
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
 #endif
 
-/* PyFunctionFastCall.proto */
-#if CYTHON_FAST_PYCALL
-#define __Pyx_PyFunction_FastCall(func, args, nargs)\
-    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
 #else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
-#endif
-#define __Pyx_BUILD_ASSERT_EXPR(cond)\
-    (sizeof(char [1 - 2*!(cond)]) - 1)
-#ifndef Py_MEMBER_SIZE
-#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
-#endif
-#if CYTHON_FAST_PYCALL
-  static size_t __pyx_pyframe_localsplus_offset = 0;
-  #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
   #endif
-  #include "internal/pycore_frame.h"
-#endif
-  #define __Pxy_PyFrame_Initialize_Offsets()\
-    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
-     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
-  #define __Pyx_PyFrame_GetLocalsplus(frame)\
-    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
-#endif
-
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
 #else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
 #endif
 
-/* PyObjectCallMethO.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
-#endif
+/* ArgTypeTest.proto */
+#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+        __Pyx__ArgTypeTest(obj, type, name, exact))
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
 
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+/* PyObject_Unicode.proto */
+#define __Pyx_PyObject_Unicode(obj)\
+    (likely(PyUnicode_CheckExact(obj)) ? __Pyx_NewRef(obj) : PyObject_Str(obj))
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+/* PyObjectFastCallMethod.proto */
+#if CYTHON_VECTORCALL && PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyObject_FastCallMethod(name, args, nargsf) PyObject_VectorcallMethod(name, args, nargsf, NULL)
 #else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf);
 #endif
 
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
 
 /* PyErrExceptionMatches.proto */
 #if CYTHON_FAST_THREAD_STATE
@@ -1138,11 +1724,18 @@ static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tsta
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1154,7 +1747,7 @@ static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tsta
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1170,12 +1763,19 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
-/* GetAttr.proto */
-static CYTHON_INLINE PyObject *__Pyx_GetAttr(PyObject *, PyObject *);
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+#else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
 
 /* GetAttr3.proto */
 static CYTHON_INLINE PyObject *__Pyx_GetAttr3(PyObject *, PyObject *, PyObject *);
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
@@ -1207,18 +1807,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1226,17 +1826,117 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* RaiseArgTupleInvalid.proto */
-static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
-    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
-
 /* RaiseDoubleKeywords.proto */
 static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
 
 /* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
+
+/* RaiseUnexpectedTypeError.proto */
+static int __Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj);
 
 /* PySequenceContains.proto */
 static CYTHON_INLINE int __Pyx_PySequence_ContainsTF(PyObject* item, PyObject* seq, int eq) {
@@ -1250,123 +1950,381 @@ static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* PyObjectCall2Args.proto */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
-
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
 /* HasAttr.proto */
-static CYTHON_INLINE int __Pyx_HasAttr(PyObject *, PyObject *);
-
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_HasAttr(o, n)  PyObject_HasAttrWithError(o, n)
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+static CYTHON_INLINE int __Pyx_HasAttr(PyObject *, PyObject *);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
 
-/* SetupReduce.proto */
-static int __Pyx_setup_reduce(PyObject* type_obj);
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* SetVTable.proto */
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
+
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
+
+/* SetupReduce.proto */
+static int __Pyx_setup_reduce(PyObject* type_obj);
+
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_options_e(enum ssh_options_e value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_options_e(enum ssh_options_e value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE enum ssh_options_e __Pyx_PyInt_As_enum__ssh_options_e(PyObject *);
+static CYTHON_INLINE enum ssh_options_e __Pyx_PyLong_As_enum__ssh_options_e(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
 
-/* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* CheckBinaryVersion.proto */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_7options_Option *__pyx_f_3ssh_7options_6Option_from_option(enum ssh_options_e __pyx_v_option); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.options' */
-static PyTypeObject *__pyx_ptype_3ssh_7options_Option = 0;
+/* Module declarations from "ssh.options" */
 static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct __pyx_obj_3ssh_7options_Option *, PyObject *); /*proto*/
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.options"
 extern int __pyx_module_is_main_ssh__options;
 int __pyx_module_is_main_ssh__options = 0;
 
-/* Implementation of 'ssh.options' */
+/* Implementation of "ssh.options" */
+/* #### Code section: global_var ### */
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = ".";
 static const char __pyx_k_FD[] = "FD";
+static const char __pyx_k__2[] = "?";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_AV1[] = "\200\001\330\004$\240A\240V\2501";
 static const char __pyx_k_new[] = "__new__";
+static const char __pyx_k_pop[] = "pop";
 static const char __pyx_k_str[] = "__str__";
 static const char __pyx_k_HOST[] = "HOST";
 static const char __pyx_k_PORT[] = "PORT";
@@ -1374,26 +2332,36 @@ static const char __pyx_k_SSH1[] = "SSH1";
 static const char __pyx_k_SSH2[] = "SSH2";
 static const char __pyx_k_USER[] = "USER";
 static const char __pyx_k_dict[] = "__dict__";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_state[] = "state";
 static const char __pyx_k_Option[] = "Option";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_dict_2[] = "_dict";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_pickle[] = "pickle";
 static const char __pyx_k_reduce[] = "__reduce__";
 static const char __pyx_k_update[] = "update";
 static const char __pyx_k_NODELAY[] = "NODELAY";
 static const char __pyx_k_SSH_DIR[] = "SSH_DIR";
 static const char __pyx_k_TIMEOUT[] = "TIMEOUT";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_BINDADDR[] = "BINDADDR";
 static const char __pyx_k_HMAC_C_S[] = "HMAC_C_S";
 static const char __pyx_k_HMAC_S_C[] = "HMAC_S_C";
 static const char __pyx_k_HOSTKEYS[] = "HOSTKEYS";
 static const char __pyx_k_IDENTITY[] = "IDENTITY";
 static const char __pyx_k_PORT_STR[] = "PORT_STR";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_getstate[] = "__getstate__";
 static const char __pyx_k_pyx_type[] = "__pyx_type";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
+static const char __pyx_k_isenabled[] = "isenabled";
 static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
 static const char __pyx_k_KNOWNHOSTS[] = "KNOWNHOSTS";
@@ -1413,8 +2381,10 @@ static const char __pyx_k_ADD_IDENTITY[] = "ADD_IDENTITY";
 static const char __pyx_k_KEY_EXCHANGE[] = "KEY_EXCHANGE";
 static const char __pyx_k_PROXYCOMMAND[] = "PROXYCOMMAND";
 static const char __pyx_k_TIMEOUT_USEC[] = "TIMEOUT_USEC";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
 static const char __pyx_k_pyx_checksum[] = "__pyx_checksum";
-static const char __pyx_k_stringsource[] = "stringsource";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_use_setstate[] = "use_setstate";
 static const char __pyx_k_LOG_VERBOSITY[] = "LOG_VERBOSITY";
 static const char __pyx_k_PASSWORD_AUTH[] = "PASSWORD_AUTH";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
@@ -1427,82 +2397,20 @@ static const char __pyx_k_COMPRESSION_LEVEL[] = "COMPRESSION_LEVEL";
 static const char __pyx_k_GLOBAL_KNOWNHOSTS[] = "GLOBAL_KNOWNHOSTS";
 static const char __pyx_k_LOG_VERBOSITY_STR[] = "LOG_VERBOSITY_STR";
 static const char __pyx_k_STRICTHOSTKEYCHECK[] = "STRICTHOSTKEYCHECK";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_hk_A_1_rrttu_6_7_1[] = "\200\001\360\006\000\005\010\200\177\220h\230k\250\033\260A\330\010\r\210^\2301\330\010\016\320\016!\320!r\320rt\320tu\330\004\023\2206\230\030\240\021\240!\330\004\007\200|\2207\230!\330\010(\250\001\250\031\260.\300\001\330\004\013\2101";
 static const char __pyx_k_pyx_unpickle_Option[] = "__pyx_unpickle_Option";
 static const char __pyx_k_GSSAPI_CLIENT_IDENTITY[] = "GSSAPI_CLIENT_IDENTITY";
 static const char __pyx_k_GSSAPI_SERVER_IDENTITY[] = "GSSAPI_SERVER_IDENTITY";
+static const char __pyx_k_Option___reduce_cython[] = "Option.__reduce_cython__";
+static const char __pyx_k_Option___setstate_cython[] = "Option.__setstate_cython__";
 static const char __pyx_k_PUBLICKEY_ACCEPTED_TYPES[] = "PUBLICKEY_ACCEPTED_TYPES";
 static const char __pyx_k_GSSAPI_DELEGATE_CREDENTIALS[] = "GSSAPI_DELEGATE_CREDENTIALS";
-static const char __pyx_k_Incompatible_checksums_0x_x_vs_0[] = "Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))";
-static PyObject *__pyx_n_s_ADD_IDENTITY;
-static PyObject *__pyx_n_s_BINDADDR;
-static PyObject *__pyx_n_s_CIPHERS_C_S;
-static PyObject *__pyx_n_s_CIPHERS_S_C;
-static PyObject *__pyx_n_s_COMPRESSION;
-static PyObject *__pyx_n_s_COMPRESSION_C_S;
-static PyObject *__pyx_n_s_COMPRESSION_LEVEL;
-static PyObject *__pyx_n_s_COMPRESSION_S_C;
-static PyObject *__pyx_n_s_FD;
-static PyObject *__pyx_n_s_GLOBAL_KNOWNHOSTS;
-static PyObject *__pyx_n_s_GSSAPI_AUTH;
-static PyObject *__pyx_n_s_GSSAPI_CLIENT_IDENTITY;
-static PyObject *__pyx_n_s_GSSAPI_DELEGATE_CREDENTIALS;
-static PyObject *__pyx_n_s_GSSAPI_SERVER_IDENTITY;
-static PyObject *__pyx_n_s_HMAC_C_S;
-static PyObject *__pyx_n_s_HMAC_S_C;
-static PyObject *__pyx_n_s_HOST;
-static PyObject *__pyx_n_s_HOSTKEYS;
-static PyObject *__pyx_n_s_IDENTITY;
-static PyObject *__pyx_kp_s_Incompatible_checksums_0x_x_vs_0;
-static PyObject *__pyx_n_s_KBDINT_AUTH;
-static PyObject *__pyx_n_s_KEY_EXCHANGE;
-static PyObject *__pyx_n_s_KNOWNHOSTS;
-static PyObject *__pyx_n_s_LOG_VERBOSITY;
-static PyObject *__pyx_n_s_LOG_VERBOSITY_STR;
-static PyObject *__pyx_n_s_NODELAY;
-static PyObject *__pyx_n_s_Option;
-static PyObject *__pyx_n_s_PASSWORD_AUTH;
-static PyObject *__pyx_n_s_PORT;
-static PyObject *__pyx_n_s_PORT_STR;
-static PyObject *__pyx_n_s_PROCESS_CONFIG;
-static PyObject *__pyx_n_s_PROXYCOMMAND;
-static PyObject *__pyx_n_s_PUBKEY_AUTH;
-static PyObject *__pyx_n_s_PUBLICKEY_ACCEPTED_TYPES;
-static PyObject *__pyx_n_s_PickleError;
-static PyObject *__pyx_n_s_REKEY_DATA;
-static PyObject *__pyx_n_s_REKEY_TIME;
-static PyObject *__pyx_n_s_SSH1;
-static PyObject *__pyx_n_s_SSH2;
-static PyObject *__pyx_n_s_SSH_DIR;
-static PyObject *__pyx_n_s_STRICTHOSTKEYCHECK;
-static PyObject *__pyx_n_s_TIMEOUT;
-static PyObject *__pyx_n_s_TIMEOUT_USEC;
-static PyObject *__pyx_n_s_USER;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_dict;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_new;
-static PyObject *__pyx_n_s_pickle;
-static PyObject *__pyx_n_s_pyx_PickleError;
-static PyObject *__pyx_n_s_pyx_checksum;
-static PyObject *__pyx_n_s_pyx_result;
-static PyObject *__pyx_n_s_pyx_state;
-static PyObject *__pyx_n_s_pyx_type;
-static PyObject *__pyx_n_s_pyx_unpickle_Option;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_ssh_options;
-static PyObject *__pyx_n_s_str;
-static PyObject *__pyx_kp_s_stringsource;
-static PyObject *__pyx_n_s_test;
-static PyObject *__pyx_n_s_update;
+static const char __pyx_k_T_G1F_a_vWA_q_q_q_t1G_gQ_t1G_a[] = "\200\001\360\010\000\005\016\210T\220\021\330\004\014\210G\2201\220F\230,\240a\330\004\007\200v\210W\220A\330\010\022\220!\330\010\027\220q\340\010\027\220q\330\004\007\200q\330\010\017\320\017'\240t\2501\250G\260;\270g\300Q\340\010\017\320\017'\240t\2501\250G\260;\270a";
+static const char __pyx_k_Incompatible_checksums_0x_x_vs_0[] = "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
+/* #### Code section: decls ### */
 static PyObject *__pyx_pf_3ssh_7options_6Option___eq__(struct __pyx_obj_3ssh_7options_Option *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_other); /* proto */
 static PyObject *__pyx_pf_3ssh_7options_6Option_5value___get__(struct __pyx_obj_3ssh_7options_Option *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_7options_6Option_2__str__(struct __pyx_obj_3ssh_7options_Option *__pyx_v_self); /* proto */
@@ -1511,21 +2419,247 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
 static PyObject *__pyx_pf_3ssh_7options_6Option_8__setstate_cython__(struct __pyx_obj_3ssh_7options_Option *__pyx_v_self, PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v___pyx_type, long __pyx_v___pyx_checksum, PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_7options_Option(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_int_62409688;
-static PyObject *__pyx_int_93538532;
-static PyObject *__pyx_int_135122028;
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_codeobj__3;
-/* Late includes */
-
-/* "ssh/options.pyx":24
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyObject *__pyx_type_3ssh_7options_Option;
+  PyTypeObject *__pyx_ptype_3ssh_7options_Option;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[1];
+  PyObject *__pyx_codeobj_tab[3];
+  PyObject *__pyx_string_tab[89];
+  PyObject *__pyx_int_62409688;
+  PyObject *__pyx_int_93538532;
+  PyObject *__pyx_int_135122028;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_ADD_IDENTITY __pyx_string_tab[1]
+#define __pyx_n_u_BINDADDR __pyx_string_tab[2]
+#define __pyx_n_u_CIPHERS_C_S __pyx_string_tab[3]
+#define __pyx_n_u_CIPHERS_S_C __pyx_string_tab[4]
+#define __pyx_n_u_COMPRESSION __pyx_string_tab[5]
+#define __pyx_n_u_COMPRESSION_C_S __pyx_string_tab[6]
+#define __pyx_n_u_COMPRESSION_LEVEL __pyx_string_tab[7]
+#define __pyx_n_u_COMPRESSION_S_C __pyx_string_tab[8]
+#define __pyx_n_u_FD __pyx_string_tab[9]
+#define __pyx_n_u_GLOBAL_KNOWNHOSTS __pyx_string_tab[10]
+#define __pyx_n_u_GSSAPI_AUTH __pyx_string_tab[11]
+#define __pyx_n_u_GSSAPI_CLIENT_IDENTITY __pyx_string_tab[12]
+#define __pyx_n_u_GSSAPI_DELEGATE_CREDENTIALS __pyx_string_tab[13]
+#define __pyx_n_u_GSSAPI_SERVER_IDENTITY __pyx_string_tab[14]
+#define __pyx_n_u_HMAC_C_S __pyx_string_tab[15]
+#define __pyx_n_u_HMAC_S_C __pyx_string_tab[16]
+#define __pyx_n_u_HOST __pyx_string_tab[17]
+#define __pyx_n_u_HOSTKEYS __pyx_string_tab[18]
+#define __pyx_n_u_IDENTITY __pyx_string_tab[19]
+#define __pyx_kp_u_Incompatible_checksums_0x_x_vs_0 __pyx_string_tab[20]
+#define __pyx_n_u_KBDINT_AUTH __pyx_string_tab[21]
+#define __pyx_n_u_KEY_EXCHANGE __pyx_string_tab[22]
+#define __pyx_n_u_KNOWNHOSTS __pyx_string_tab[23]
+#define __pyx_n_u_LOG_VERBOSITY __pyx_string_tab[24]
+#define __pyx_n_u_LOG_VERBOSITY_STR __pyx_string_tab[25]
+#define __pyx_n_u_NODELAY __pyx_string_tab[26]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[27]
+#define __pyx_n_u_Option __pyx_string_tab[28]
+#define __pyx_n_u_Option___reduce_cython __pyx_string_tab[29]
+#define __pyx_n_u_Option___setstate_cython __pyx_string_tab[30]
+#define __pyx_n_u_PASSWORD_AUTH __pyx_string_tab[31]
+#define __pyx_n_u_PORT __pyx_string_tab[32]
+#define __pyx_n_u_PORT_STR __pyx_string_tab[33]
+#define __pyx_n_u_PROCESS_CONFIG __pyx_string_tab[34]
+#define __pyx_n_u_PROXYCOMMAND __pyx_string_tab[35]
+#define __pyx_n_u_PUBKEY_AUTH __pyx_string_tab[36]
+#define __pyx_n_u_PUBLICKEY_ACCEPTED_TYPES __pyx_string_tab[37]
+#define __pyx_n_u_PickleError __pyx_string_tab[38]
+#define __pyx_n_u_REKEY_DATA __pyx_string_tab[39]
+#define __pyx_n_u_REKEY_TIME __pyx_string_tab[40]
+#define __pyx_n_u_SSH1 __pyx_string_tab[41]
+#define __pyx_n_u_SSH2 __pyx_string_tab[42]
+#define __pyx_n_u_SSH_DIR __pyx_string_tab[43]
+#define __pyx_n_u_STRICTHOSTKEYCHECK __pyx_string_tab[44]
+#define __pyx_n_u_TIMEOUT __pyx_string_tab[45]
+#define __pyx_n_u_TIMEOUT_USEC __pyx_string_tab[46]
+#define __pyx_n_u_USER __pyx_string_tab[47]
+#define __pyx_kp_u__2 __pyx_string_tab[48]
+#define __pyx_kp_u_add_note __pyx_string_tab[49]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[50]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[51]
+#define __pyx_n_u_dict __pyx_string_tab[52]
+#define __pyx_n_u_dict_2 __pyx_string_tab[53]
+#define __pyx_kp_u_disable __pyx_string_tab[54]
+#define __pyx_kp_u_enable __pyx_string_tab[55]
+#define __pyx_n_u_func __pyx_string_tab[56]
+#define __pyx_kp_u_gc __pyx_string_tab[57]
+#define __pyx_n_u_getstate __pyx_string_tab[58]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[59]
+#define __pyx_kp_u_isenabled __pyx_string_tab[60]
+#define __pyx_n_u_main __pyx_string_tab[61]
+#define __pyx_n_u_module __pyx_string_tab[62]
+#define __pyx_n_u_name __pyx_string_tab[63]
+#define __pyx_n_u_new __pyx_string_tab[64]
+#define __pyx_n_u_pickle __pyx_string_tab[65]
+#define __pyx_n_u_pop __pyx_string_tab[66]
+#define __pyx_n_u_pyx_PickleError __pyx_string_tab[67]
+#define __pyx_n_u_pyx_checksum __pyx_string_tab[68]
+#define __pyx_n_u_pyx_result __pyx_string_tab[69]
+#define __pyx_n_u_pyx_state __pyx_string_tab[70]
+#define __pyx_n_u_pyx_type __pyx_string_tab[71]
+#define __pyx_n_u_pyx_unpickle_Option __pyx_string_tab[72]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[73]
+#define __pyx_n_u_qualname __pyx_string_tab[74]
+#define __pyx_n_u_reduce __pyx_string_tab[75]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[76]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[77]
+#define __pyx_n_u_self __pyx_string_tab[78]
+#define __pyx_n_u_set_name __pyx_string_tab[79]
+#define __pyx_n_u_setstate __pyx_string_tab[80]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[81]
+#define __pyx_n_u_ssh_options __pyx_string_tab[82]
+#define __pyx_n_u_state __pyx_string_tab[83]
+#define __pyx_n_u_str __pyx_string_tab[84]
+#define __pyx_kp_u_stringsource __pyx_string_tab[85]
+#define __pyx_n_u_test __pyx_string_tab[86]
+#define __pyx_n_u_update __pyx_string_tab[87]
+#define __pyx_n_u_use_setstate __pyx_string_tab[88]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7options_Option);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_7options_Option);
+  for (int i=0; i<1; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<3; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<89; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_62409688);
+  Py_CLEAR(clear_module_state->__pyx_int_93538532);
+  Py_CLEAR(clear_module_state->__pyx_int_135122028);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7options_Option);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_7options_Option);
+  for (int i=0; i<1; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<3; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<89; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_62409688);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_93538532);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_135122028);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
+
+/* "ssh/options.pyx":23
+ *     """Class for representing an SSH option."""
  * 
- *     @staticmethod
- *     cdef Option from_option(ssh_options_e option):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Option from_option(ssh_options_e option):
  *         cdef Option _option = Option.__new__(Option)
- *         _option._option = option
- */
+*/
 
 static struct __pyx_obj_3ssh_7options_Option *__pyx_f_3ssh_7options_6Option_from_option(enum ssh_options_e __pyx_v_option) {
   struct __pyx_obj_3ssh_7options_Option *__pyx_v__option = 0;
@@ -1543,9 +2677,9 @@ static struct __pyx_obj_3ssh_7options_Option *__pyx_f_3ssh_7options_6Option_from
  *         cdef Option _option = Option.__new__(Option)             # <<<<<<<<<<<<<<
  *         _option._option = option
  *         return _option
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_7options_Option(((PyTypeObject *)__pyx_ptype_3ssh_7options_Option), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 25, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_7options_Option(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_7options_Option), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 25, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v__option = ((struct __pyx_obj_3ssh_7options_Option *)__pyx_t_1);
   __pyx_t_1 = 0;
 
@@ -1555,7 +2689,7 @@ static struct __pyx_obj_3ssh_7options_Option *__pyx_f_3ssh_7options_6Option_from
  *         _option._option = option             # <<<<<<<<<<<<<<
  *         return _option
  * 
- */
+*/
   __pyx_v__option->_option = __pyx_v_option;
 
   /* "ssh/options.pyx":27
@@ -1564,19 +2698,19 @@ static struct __pyx_obj_3ssh_7options_Option *__pyx_f_3ssh_7options_6Option_from
  *         return _option             # <<<<<<<<<<<<<<
  * 
  *     def __eq__(self, Option other):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__option));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__option);
   __pyx_r = __pyx_v__option;
   goto __pyx_L0;
 
-  /* "ssh/options.pyx":24
+  /* "ssh/options.pyx":23
+ *     """Class for representing an SSH option."""
  * 
- *     @staticmethod
- *     cdef Option from_option(ssh_options_e option):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef Option from_option(ssh_options_e option):
  *         cdef Option _option = Option.__new__(Option)
- *         _option._option = option
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1596,25 +2730,29 @@ static struct __pyx_obj_3ssh_7options_Option *__pyx_f_3ssh_7options_6Option_from
  *     def __eq__(self, Option other):             # <<<<<<<<<<<<<<
  *         return self._option == other._option
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7options_6Option_1__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other); /*proto*/
 static PyObject *__pyx_pw_3ssh_7options_6Option_1__eq__(PyObject *__pyx_v_self, PyObject *__pyx_v_other) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__eq__ (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_other), __pyx_ptype_3ssh_7options_Option, 1, "other", 0))) __PYX_ERR(0, 29, __pyx_L1_error)
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_other), __pyx_mstate_global->__pyx_ptype_3ssh_7options_Option, 1, "other", 0))) __PYX_ERR(0, 29, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_7options_6Option___eq__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self), ((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_other));
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  goto __pyx_L5_cleaned_up;
   __pyx_L0:;
+  __pyx_L5_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1634,7 +2772,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option___eq__(struct __pyx_obj_3ssh_7op
  *         return self._option == other._option             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __Pyx_PyBool_FromLong((__pyx_v_self->_option == __pyx_v_other->_option)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 30, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
@@ -1648,7 +2786,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option___eq__(struct __pyx_obj_3ssh_7op
  *     def __eq__(self, Option other):             # <<<<<<<<<<<<<<
  *         return self._option == other._option
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1661,20 +2799,22 @@ static PyObject *__pyx_pf_3ssh_7options_6Option___eq__(struct __pyx_obj_3ssh_7op
   return __pyx_r;
 }
 
-/* "ssh/options.pyx":33
+/* "ssh/options.pyx":32
+ *         return self._option == other._option
  * 
- *     @property
- *     def value(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def value(self):
  *         return self._option
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7options_6Option_5value_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_7options_6Option_5value_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_7options_6Option_5value___get__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self));
 
   /* function exit code */
@@ -1697,21 +2837,21 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_5value___get__(struct __pyx_obj_
  *         return self._option             # <<<<<<<<<<<<<<
  * 
  *     def __str__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_options_e(__pyx_v_self->_option); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 34, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_enum__ssh_options_e(__pyx_v_self->_option); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 34, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/options.pyx":33
+  /* "ssh/options.pyx":32
+ *         return self._option == other._option
  * 
- *     @property
- *     def value(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def value(self):
  *         return self._option
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1730,14 +2870,16 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_5value___get__(struct __pyx_obj_
  *     def __str__(self):             # <<<<<<<<<<<<<<
  *         return str(self._option)
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7options_6Option_3__str__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_7options_6Option_3__str__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__str__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_7options_6Option_2__str__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self));
 
   /* function exit code */
@@ -1761,11 +2903,11 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_2__str__(struct __pyx_obj_3ssh_7
  *         return str(self._option)             # <<<<<<<<<<<<<<
  * 
  *     def __repr__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_options_e(__pyx_v_self->_option); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_enum__ssh_options_e(__pyx_v_self->_option); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 37, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = __Pyx_PyObject_CallOneArg(((PyObject *)(&PyString_Type)), __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyObject_Unicode(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_r = __pyx_t_2;
@@ -1778,7 +2920,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_2__str__(struct __pyx_obj_3ssh_7
  *     def __str__(self):             # <<<<<<<<<<<<<<
  *         return str(self._option)
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1798,14 +2940,16 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_2__str__(struct __pyx_obj_3ssh_7
  *     def __repr__(self):             # <<<<<<<<<<<<<<
  *         return self.__str__()
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7options_6Option_5__repr__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_7options_6Option_5__repr__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__repr__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_7options_6Option_4__repr__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self));
 
   /* function exit code */
@@ -1818,7 +2962,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_4__repr__(struct __pyx_obj_3ssh_
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1830,25 +2974,18 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_4__repr__(struct __pyx_obj_3ssh_
  *         return self.__str__()             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_str); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 40, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+  __pyx_t_2 = ((PyObject *)__pyx_v_self);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_str, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 40, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 40, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
@@ -1859,13 +2996,12 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_4__repr__(struct __pyx_obj_3ssh_
  *     def __repr__(self):             # <<<<<<<<<<<<<<
  *         return self.__str__()
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.options.Option.__repr__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1878,15 +3014,44 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_4__repr__(struct __pyx_obj_3ssh_
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
  *     cdef tuple state
  *     cdef object _dict
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7options_6Option_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7options_6Option_6__reduce_cython__[] = "Option.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_7options_6Option_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7options_6Option_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7options_6Option_6__reduce_cython__, "Option.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_7options_6Option_7__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7options_6Option_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7options_6Option_6__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_7options_6Option_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7options_6Option_6__reduce_cython__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self));
 
   /* function exit code */
@@ -1903,8 +3068,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
   int __pyx_t_3;
-  int __pyx_t_4;
-  PyObject *__pyx_t_5 = NULL;
+  PyObject *__pyx_t_4 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1916,13 +3080,13 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *     state = (self._option,)             # <<<<<<<<<<<<<<
  *     _dict = getattr(self, '__dict__', None)
  *     if _dict is not None:
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_options_e(__pyx_v_self->_option); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyLong_From_enum__ssh_options_e(__pyx_v_self->_option); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 5, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __Pyx_GIVEREF(__pyx_t_1);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_1) != (0)) __PYX_ERR(1, 5, __pyx_L1_error);
   __pyx_t_1 = 0;
   __pyx_v_state = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
@@ -1933,8 +3097,8 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *     _dict = getattr(self, '__dict__', None)             # <<<<<<<<<<<<<<
  *     if _dict is not None:
  *         state += (_dict,)
- */
-  __pyx_t_2 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_n_s_dict, Py_None); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 6, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_GetAttr3(((PyObject *)__pyx_v_self), __pyx_mstate_global->__pyx_n_u_dict, Py_None); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 6, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v__dict = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -1945,10 +3109,9 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *     if _dict is not None:             # <<<<<<<<<<<<<<
  *         state += (_dict,)
  *         use_setstate = True
- */
+*/
   __pyx_t_3 = (__pyx_v__dict != Py_None);
-  __pyx_t_4 = (__pyx_t_3 != 0);
-  if (__pyx_t_4) {
+  if (__pyx_t_3) {
 
     /* "(tree fragment)":8
  *     _dict = getattr(self, '__dict__', None)
@@ -1956,12 +3119,12 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *         state += (_dict,)             # <<<<<<<<<<<<<<
  *         use_setstate = True
  *     else:
- */
+*/
     __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 8, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(__pyx_v__dict);
     __Pyx_GIVEREF(__pyx_v__dict);
-    PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v__dict);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v__dict) != (0)) __PYX_ERR(1, 8, __pyx_L1_error);
     __pyx_t_1 = PyNumber_InPlaceAdd(__pyx_v_state, __pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 8, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
@@ -1974,7 +3137,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *         use_setstate = True             # <<<<<<<<<<<<<<
  *     else:
  *         use_setstate = False
- */
+*/
     __pyx_v_use_setstate = 1;
 
     /* "(tree fragment)":7
@@ -1983,7 +3146,7 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *     if _dict is not None:             # <<<<<<<<<<<<<<
  *         state += (_dict,)
  *         use_setstate = True
- */
+*/
     goto __pyx_L3;
   }
 
@@ -1992,8 +3155,8 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *     else:
  *         use_setstate = False             # <<<<<<<<<<<<<<
  *     if use_setstate:
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, None), state
- */
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, None), state
+*/
   /*else*/ {
     __pyx_v_use_setstate = 0;
   }
@@ -2003,86 +3166,85 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  *     else:
  *         use_setstate = False
  *     if use_setstate:             # <<<<<<<<<<<<<<
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, None), state
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, None), state
  *     else:
- */
-  __pyx_t_4 = (__pyx_v_use_setstate != 0);
-  if (__pyx_t_4) {
+*/
+  if (__pyx_v_use_setstate) {
 
     /* "(tree fragment)":13
  *         use_setstate = False
  *     if use_setstate:
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, None), state             # <<<<<<<<<<<<<<
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, None), state             # <<<<<<<<<<<<<<
  *     else:
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, state)
- */
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, state)
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_pyx_unpickle_Option); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 13, __pyx_L1_error)
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Option); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 13, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 13, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
     __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    __Pyx_INCREF(__pyx_int_135122028);
-    __Pyx_GIVEREF(__pyx_int_135122028);
-    PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_int_135122028);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_62409688);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_int_62409688);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_mstate_global->__pyx_int_62409688) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __Pyx_INCREF(Py_None);
     __Pyx_GIVEREF(Py_None);
-    PyTuple_SET_ITEM(__pyx_t_2, 2, Py_None);
-    __pyx_t_5 = PyTuple_New(3); if (unlikely(!__pyx_t_5)) __PYX_ERR(1, 13, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 2, Py_None) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
+    __pyx_t_4 = PyTuple_New(3); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 13, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
     __Pyx_GIVEREF(__pyx_t_1);
-    PyTuple_SET_ITEM(__pyx_t_5, 0, __pyx_t_1);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_t_1) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __Pyx_GIVEREF(__pyx_t_2);
-    PyTuple_SET_ITEM(__pyx_t_5, 1, __pyx_t_2);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_t_2) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __Pyx_INCREF(__pyx_v_state);
     __Pyx_GIVEREF(__pyx_v_state);
-    PyTuple_SET_ITEM(__pyx_t_5, 2, __pyx_v_state);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 2, __pyx_v_state) != (0)) __PYX_ERR(1, 13, __pyx_L1_error);
     __pyx_t_1 = 0;
     __pyx_t_2 = 0;
-    __pyx_r = __pyx_t_5;
-    __pyx_t_5 = 0;
+    __pyx_r = __pyx_t_4;
+    __pyx_t_4 = 0;
     goto __pyx_L0;
 
     /* "(tree fragment)":12
  *     else:
  *         use_setstate = False
  *     if use_setstate:             # <<<<<<<<<<<<<<
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, None), state
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, None), state
  *     else:
- */
+*/
   }
 
   /* "(tree fragment)":15
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, None), state
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, None), state
  *     else:
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, state)             # <<<<<<<<<<<<<<
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, state)             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
  *     __pyx_unpickle_Option__set_state(self, __pyx_state)
- */
+*/
   /*else*/ {
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_pyx_unpickle_Option); if (unlikely(!__pyx_t_5)) __PYX_ERR(1, 15, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Option); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 15, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
     __pyx_t_2 = PyTuple_New(3); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 15, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
     __Pyx_GIVEREF(((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self))));
-    __Pyx_INCREF(__pyx_int_135122028);
-    __Pyx_GIVEREF(__pyx_int_135122028);
-    PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_int_135122028);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, ((PyObject *)Py_TYPE(((PyObject *)__pyx_v_self)))) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_62409688);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_int_62409688);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_mstate_global->__pyx_int_62409688) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
     __Pyx_INCREF(__pyx_v_state);
     __Pyx_GIVEREF(__pyx_v_state);
-    PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 2, __pyx_v_state) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
     __pyx_t_1 = PyTuple_New(2); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 15, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_GIVEREF(__pyx_t_5);
-    PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_5);
+    __Pyx_GIVEREF(__pyx_t_4);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_t_4) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
     __Pyx_GIVEREF(__pyx_t_2);
-    PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_t_2);
-    __pyx_t_5 = 0;
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_t_2) != (0)) __PYX_ERR(1, 15, __pyx_L1_error);
+    __pyx_t_4 = 0;
     __pyx_t_2 = 0;
     __pyx_r = __pyx_t_1;
     __pyx_t_1 = 0;
@@ -2093,13 +3255,13 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
  *     cdef tuple state
  *     cdef object _dict
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_5);
+  __Pyx_XDECREF(__pyx_t_4);
   __Pyx_AddTraceback("ssh.options.Option.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2112,21 +3274,93 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_6__reduce_cython__(struct __pyx_
 
 /* "(tree fragment)":16
  *     else:
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, state)
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, state)
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_unpickle_Option__set_state(self, __pyx_state)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7options_6Option_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_7options_6Option_8__setstate_cython__[] = "Option.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_7options_6Option_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_7options_6Option_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7options_6Option_8__setstate_cython__, "Option.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_7options_6Option_9__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7options_6Option_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7options_6Option_8__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_7options_6Option_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7options_6Option_8__setstate_cython__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 16, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 16, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 16, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 16, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 16, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 16, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.options.Option.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7options_6Option_8__setstate_cython__(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2141,21 +3375,21 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_8__setstate_cython__(struct __py
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":17
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, state)
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, state)
  * def __setstate_cython__(self, __pyx_state):
  *     __pyx_unpickle_Option__set_state(self, __pyx_state)             # <<<<<<<<<<<<<<
- */
-  if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "tuple", Py_TYPE(__pyx_v___pyx_state)->tp_name), 0))) __PYX_ERR(1, 17, __pyx_L1_error)
+*/
+  if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None) || __Pyx_RaiseUnexpectedTypeError("tuple", __pyx_v___pyx_state))) __PYX_ERR(1, 17, __pyx_L1_error)
   __pyx_t_1 = __pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(__pyx_v_self, ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 17, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "(tree fragment)":16
  *     else:
- *         return __pyx_unpickle_Option, (type(self), 0x80dcc6c, state)
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, state)
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_unpickle_Option__set_state(self, __pyx_state)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2174,74 +3408,96 @@ static PyObject *__pyx_pf_3ssh_7options_6Option_8__setstate_cython__(struct __py
  * def __pyx_unpickle_Option(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7options_1__pyx_unpickle_Option(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7options___pyx_unpickle_Option[] = "__pyx_unpickle_Option(__pyx_type, long __pyx_checksum, __pyx_state)";
-static PyMethodDef __pyx_mdef_3ssh_7options_1__pyx_unpickle_Option = {"__pyx_unpickle_Option", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7options_1__pyx_unpickle_Option, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7options___pyx_unpickle_Option};
-static PyObject *__pyx_pw_3ssh_7options_1__pyx_unpickle_Option(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7options_1__pyx_unpickle_Option(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7options___pyx_unpickle_Option, "__pyx_unpickle_Option(__pyx_type, long __pyx_checksum, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_7options_1__pyx_unpickle_Option = {"__pyx_unpickle_Option", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7options_1__pyx_unpickle_Option, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7options___pyx_unpickle_Option};
+static PyObject *__pyx_pw_3ssh_7options_1__pyx_unpickle_Option(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v___pyx_type = 0;
   long __pyx_v___pyx_checksum;
   PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__pyx_unpickle_Option (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_pyx_type,&__pyx_n_s_pyx_checksum,&__pyx_n_s_pyx_state,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_type,&__pyx_mstate_global->__pyx_n_u_pyx_checksum,&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 1, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(1, 1, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(1, 1, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 1, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_pyx_type)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_pyx_checksum)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Option", 1, 3, 3, 1); __PYX_ERR(1, 1, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_pyx_state)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Option", 1, 3, 3, 2); __PYX_ERR(1, 1, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "__pyx_unpickle_Option") < 0)) __PYX_ERR(1, 1, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__pyx_unpickle_Option", 0) < 0) __PYX_ERR(1, 1, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Option", 1, 3, 3, i); __PYX_ERR(1, 1, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 1, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(1, 1, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(1, 1, __pyx_L3_error)
     }
     __pyx_v___pyx_type = values[0];
-    __pyx_v___pyx_checksum = __Pyx_PyInt_As_long(values[1]); if (unlikely((__pyx_v___pyx_checksum == (long)-1) && PyErr_Occurred())) __PYX_ERR(1, 1, __pyx_L3_error)
+    __pyx_v___pyx_checksum = __Pyx_PyLong_As_long(values[1]); if (unlikely((__pyx_v___pyx_checksum == (long)-1) && PyErr_Occurred())) __PYX_ERR(1, 1, __pyx_L3_error)
     __pyx_v___pyx_state = values[2];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Option", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(1, 1, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("__pyx_unpickle_Option", 1, 3, 3, __pyx_nargs); __PYX_ERR(1, 1, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.options.__pyx_unpickle_Option", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -2249,6 +3505,9 @@ static PyObject *__pyx_pw_3ssh_7options_1__pyx_unpickle_Option(PyObject *__pyx_s
   __pyx_r = __pyx_pf_3ssh_7options___pyx_unpickle_Option(__pyx_self, __pyx_v___pyx_type, __pyx_v___pyx_checksum, __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2260,10 +3519,8 @@ static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyOb
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   int __pyx_t_2;
-  int __pyx_t_3;
-  PyObject *__pyx_t_4 = NULL;
-  PyObject *__pyx_t_5 = NULL;
-  PyObject *__pyx_t_6 = NULL;
+  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_4;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2272,117 +3529,91 @@ static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyOb
   /* "(tree fragment)":4
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- *     if __pyx_checksum not in (0x80dcc6c, 0x3b84bd8, 0x59348e4):             # <<<<<<<<<<<<<<
+ *     if __pyx_checksum not in (0x3b84bd8, 0x59348e4, 0x80dcc6c):             # <<<<<<<<<<<<<<
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
- */
-  __pyx_t_1 = __Pyx_PyInt_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
+*/
+  __pyx_t_1 = __Pyx_PyLong_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = (__Pyx_PySequence_ContainsTF(__pyx_t_1, __pyx_tuple_, Py_NE)); if (unlikely(__pyx_t_2 < 0)) __PYX_ERR(1, 4, __pyx_L1_error)
+  __pyx_t_2 = (__Pyx_PySequence_ContainsTF(__pyx_t_1, __pyx_mstate_global->__pyx_tuple[0], Py_NE)); if (unlikely((__pyx_t_2 < 0))) __PYX_ERR(1, 4, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_3 = (__pyx_t_2 != 0);
-  if (__pyx_t_3) {
+  if (__pyx_t_2) {
 
     /* "(tree fragment)":5
  *     cdef object __pyx_result
- *     if __pyx_checksum not in (0x80dcc6c, 0x3b84bd8, 0x59348e4):
+ *     if __pyx_checksum not in (0x3b84bd8, 0x59348e4, 0x80dcc6c):
  *         from pickle import PickleError as __pyx_PickleError             # <<<<<<<<<<<<<<
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
  *     __pyx_result = Option.__new__(__pyx_type)
- */
+*/
     __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_INCREF(__pyx_n_s_PickleError);
-    __Pyx_GIVEREF(__pyx_n_s_PickleError);
-    PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_PickleError);
-    __pyx_t_4 = __Pyx_Import(__pyx_n_s_pickle, __pyx_t_1, -1); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 5, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_n_u_PickleError);
+    __Pyx_GIVEREF(__pyx_mstate_global->__pyx_n_u_PickleError);
+    if (__Pyx_PyList_SET_ITEM(__pyx_t_1, 0, __pyx_mstate_global->__pyx_n_u_PickleError) != (0)) __PYX_ERR(1, 5, __pyx_L1_error);
+    __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_pickle, __pyx_t_1, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 5, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_4, __pyx_n_s_PickleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
+    __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_PickleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 5, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_INCREF(__pyx_t_1);
     __pyx_v___pyx_PickleError = __pyx_t_1;
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
     /* "(tree fragment)":6
- *     if __pyx_checksum not in (0x80dcc6c, 0x3b84bd8, 0x59348e4):
+ *     if __pyx_checksum not in (0x3b84bd8, 0x59348e4, 0x80dcc6c):
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)             # <<<<<<<<<<<<<<
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum             # <<<<<<<<<<<<<<
  *     __pyx_result = Option.__new__(__pyx_type)
  *     if __pyx_state is not None:
- */
-    __pyx_t_1 = __Pyx_PyInt_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 6, __pyx_L1_error)
+*/
+    __pyx_t_3 = __Pyx_PyLong_From_long(__pyx_v___pyx_checksum); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 6, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = PyUnicode_Format(__pyx_mstate_global->__pyx_kp_u_Incompatible_checksums_0x_x_vs_0, __pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 6, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
-    __pyx_t_5 = __Pyx_PyString_Format(__pyx_kp_s_Incompatible_checksums_0x_x_vs_0, __pyx_t_1); if (unlikely(!__pyx_t_5)) __PYX_ERR(1, 6, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __Pyx_INCREF(__pyx_v___pyx_PickleError);
-    __pyx_t_1 = __pyx_v___pyx_PickleError; __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_1))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_1);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_1);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_1, function);
-      }
-    }
-    __pyx_t_4 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_1, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_1, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 6, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
+    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+    __Pyx_Raise(__pyx_v___pyx_PickleError, __pyx_t_1, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __Pyx_Raise(__pyx_t_4, 0, 0, 0);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __PYX_ERR(1, 6, __pyx_L1_error)
 
     /* "(tree fragment)":4
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- *     if __pyx_checksum not in (0x80dcc6c, 0x3b84bd8, 0x59348e4):             # <<<<<<<<<<<<<<
+ *     if __pyx_checksum not in (0x3b84bd8, 0x59348e4, 0x80dcc6c):             # <<<<<<<<<<<<<<
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
- */
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
+*/
   }
 
   /* "(tree fragment)":7
  *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
  *     __pyx_result = Option.__new__(__pyx_type)             # <<<<<<<<<<<<<<
  *     if __pyx_state is not None:
  *         __pyx_unpickle_Option__set_state(<Option> __pyx_result, __pyx_state)
- */
-  __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_ptype_3ssh_7options_Option), __pyx_n_s_new); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 7, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_5 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_1))) {
-    __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_1);
-    if (likely(__pyx_t_5)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_1);
-      __Pyx_INCREF(__pyx_t_5);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_1, function);
-    }
-  }
-  __pyx_t_4 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_1, __pyx_t_5, __pyx_v___pyx_type) : __Pyx_PyObject_CallOneArg(__pyx_t_1, __pyx_v___pyx_type);
-  __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-  if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 7, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_4);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_v___pyx_result = __pyx_t_4;
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_mstate_global->__pyx_ptype_3ssh_7options_Option);
+  __Pyx_INCREF(__pyx_t_3);
   __pyx_t_4 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_v___pyx_type};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_new, __pyx_callargs+__pyx_t_4, (2-__pyx_t_4) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 7, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+  }
+  __pyx_v___pyx_result = __pyx_t_1;
+  __pyx_t_1 = 0;
 
   /* "(tree fragment)":8
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
  *     __pyx_result = Option.__new__(__pyx_type)
  *     if __pyx_state is not None:             # <<<<<<<<<<<<<<
  *         __pyx_unpickle_Option__set_state(<Option> __pyx_result, __pyx_state)
  *     return __pyx_result
- */
-  __pyx_t_3 = (__pyx_v___pyx_state != Py_None);
-  __pyx_t_2 = (__pyx_t_3 != 0);
+*/
+  __pyx_t_2 = (__pyx_v___pyx_state != Py_None);
   if (__pyx_t_2) {
 
     /* "(tree fragment)":9
@@ -2391,19 +3622,19 @@ static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyOb
  *         __pyx_unpickle_Option__set_state(<Option> __pyx_result, __pyx_state)             # <<<<<<<<<<<<<<
  *     return __pyx_result
  * cdef __pyx_unpickle_Option__set_state(Option __pyx_result, tuple __pyx_state):
- */
-    if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "tuple", Py_TYPE(__pyx_v___pyx_state)->tp_name), 0))) __PYX_ERR(1, 9, __pyx_L1_error)
-    __pyx_t_4 = __pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v___pyx_result), ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_4)) __PYX_ERR(1, 9, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+*/
+    if (!(likely(PyTuple_CheckExact(__pyx_v___pyx_state))||((__pyx_v___pyx_state) == Py_None) || __Pyx_RaiseUnexpectedTypeError("tuple", __pyx_v___pyx_state))) __PYX_ERR(1, 9, __pyx_L1_error)
+    __pyx_t_1 = __pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(((struct __pyx_obj_3ssh_7options_Option *)__pyx_v___pyx_result), ((PyObject*)__pyx_v___pyx_state)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 9, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
+    __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
     /* "(tree fragment)":8
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
  *     __pyx_result = Option.__new__(__pyx_type)
  *     if __pyx_state is not None:             # <<<<<<<<<<<<<<
  *         __pyx_unpickle_Option__set_state(<Option> __pyx_result, __pyx_state)
  *     return __pyx_result
- */
+*/
   }
 
   /* "(tree fragment)":10
@@ -2412,7 +3643,7 @@ static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyOb
  *     return __pyx_result             # <<<<<<<<<<<<<<
  * cdef __pyx_unpickle_Option__set_state(Option __pyx_result, tuple __pyx_state):
  *     __pyx_result._option = __pyx_state[0]
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v___pyx_result);
   __pyx_r = __pyx_v___pyx_result;
@@ -2422,14 +3653,12 @@ static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyOb
  * def __pyx_unpickle_Option(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_4);
-  __Pyx_XDECREF(__pyx_t_5);
-  __Pyx_XDECREF(__pyx_t_6);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.options.__pyx_unpickle_Option", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2446,7 +3675,7 @@ static PyObject *__pyx_pf_3ssh_7options___pyx_unpickle_Option(CYTHON_UNUSED PyOb
  * cdef __pyx_unpickle_Option__set_state(Option __pyx_result, tuple __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_result._option = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
- */
+*/
 
 static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct __pyx_obj_3ssh_7options_Option *__pyx_v___pyx_result, PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
@@ -2455,10 +3684,10 @@ static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct _
   int __pyx_t_2;
   Py_ssize_t __pyx_t_3;
   int __pyx_t_4;
-  int __pyx_t_5;
+  PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
   PyObject *__pyx_t_7 = NULL;
-  PyObject *__pyx_t_8 = NULL;
+  size_t __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2470,12 +3699,12 @@ static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct _
  *     __pyx_result._option = __pyx_state[0]             # <<<<<<<<<<<<<<
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
  *         __pyx_result.__dict__.update(__pyx_state[1])
- */
+*/
   if (unlikely(__pyx_v___pyx_state == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "'NoneType' object is not subscriptable");
     __PYX_ERR(1, 12, __pyx_L1_error)
   }
-  __pyx_t_1 = ((enum ssh_options_e)__Pyx_PyInt_As_enum__ssh_options_e(PyTuple_GET_ITEM(__pyx_v___pyx_state, 0))); if (unlikely(PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error)
+  __pyx_t_1 = ((enum ssh_options_e)__Pyx_PyLong_As_enum__ssh_options_e(__Pyx_PyTuple_GET_ITEM(__pyx_v___pyx_state, 0))); if (unlikely(PyErr_Occurred())) __PYX_ERR(1, 12, __pyx_L1_error)
   __pyx_v___pyx_result->_option = __pyx_t_1;
 
   /* "(tree fragment)":13
@@ -2483,21 +3712,20 @@ static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct _
  *     __pyx_result._option = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):             # <<<<<<<<<<<<<<
  *         __pyx_result.__dict__.update(__pyx_state[1])
- */
+*/
   if (unlikely(__pyx_v___pyx_state == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "object of type 'NoneType' has no len()");
     __PYX_ERR(1, 13, __pyx_L1_error)
   }
-  __pyx_t_3 = PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(1, 13, __pyx_L1_error)
-  __pyx_t_4 = ((__pyx_t_3 > 1) != 0);
+  __pyx_t_3 = __Pyx_PyTuple_GET_SIZE(__pyx_v___pyx_state); if (unlikely(__pyx_t_3 == ((Py_ssize_t)-1))) __PYX_ERR(1, 13, __pyx_L1_error)
+  __pyx_t_4 = (__pyx_t_3 > 1);
   if (__pyx_t_4) {
   } else {
     __pyx_t_2 = __pyx_t_4;
     goto __pyx_L4_bool_binop_done;
   }
-  __pyx_t_4 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(1, 13, __pyx_L1_error)
-  __pyx_t_5 = (__pyx_t_4 != 0);
-  __pyx_t_2 = __pyx_t_5;
+  __pyx_t_4 = __Pyx_HasAttr(((PyObject *)__pyx_v___pyx_result), __pyx_mstate_global->__pyx_n_u_dict); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(1, 13, __pyx_L1_error)
+  __pyx_t_2 = __pyx_t_4;
   __pyx_L4_bool_binop_done:;
   if (__pyx_t_2) {
 
@@ -2505,39 +3733,32 @@ static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct _
  *     __pyx_result._option = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
  *         __pyx_result.__dict__.update(__pyx_state[1])             # <<<<<<<<<<<<<<
- */
-    __pyx_t_7 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_n_s_dict); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error)
+*/
+    __pyx_t_7 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v___pyx_result), __pyx_mstate_global->__pyx_n_u_dict); if (unlikely(!__pyx_t_7)) __PYX_ERR(1, 14, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_7);
-    __pyx_t_8 = __Pyx_PyObject_GetAttrStr(__pyx_t_7, __pyx_n_s_update); if (unlikely(!__pyx_t_8)) __PYX_ERR(1, 14, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_8);
-    __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+    __pyx_t_6 = __pyx_t_7;
+    __Pyx_INCREF(__pyx_t_6);
     if (unlikely(__pyx_v___pyx_state == Py_None)) {
       PyErr_SetString(PyExc_TypeError, "'NoneType' object is not subscriptable");
       __PYX_ERR(1, 14, __pyx_L1_error)
     }
-    __pyx_t_7 = NULL;
-    if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_8))) {
-      __pyx_t_7 = PyMethod_GET_SELF(__pyx_t_8);
-      if (likely(__pyx_t_7)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_8);
-        __Pyx_INCREF(__pyx_t_7);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_8, function);
-      }
+    __pyx_t_8 = 0;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_6, __Pyx_PyTuple_GET_ITEM(__pyx_v___pyx_state, 1)};
+      __pyx_t_5 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_update, __pyx_callargs+__pyx_t_8, (2-__pyx_t_8) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+      if (unlikely(!__pyx_t_5)) __PYX_ERR(1, 14, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_5);
     }
-    __pyx_t_6 = (__pyx_t_7) ? __Pyx_PyObject_Call2Args(__pyx_t_8, __pyx_t_7, PyTuple_GET_ITEM(__pyx_v___pyx_state, 1)) : __Pyx_PyObject_CallOneArg(__pyx_t_8, PyTuple_GET_ITEM(__pyx_v___pyx_state, 1));
-    __Pyx_XDECREF(__pyx_t_7); __pyx_t_7 = 0;
-    if (unlikely(!__pyx_t_6)) __PYX_ERR(1, 14, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_6);
-    __Pyx_DECREF(__pyx_t_8); __pyx_t_8 = 0;
-    __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
 
     /* "(tree fragment)":13
  * cdef __pyx_unpickle_Option__set_state(Option __pyx_result, tuple __pyx_state):
  *     __pyx_result._option = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):             # <<<<<<<<<<<<<<
  *         __pyx_result.__dict__.update(__pyx_state[1])
- */
+*/
   }
 
   /* "(tree fragment)":11
@@ -2546,15 +3767,15 @@ static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct _
  * cdef __pyx_unpickle_Option__set_state(Option __pyx_result, tuple __pyx_state):             # <<<<<<<<<<<<<<
  *     __pyx_result._option = __pyx_state[0]
  *     if len(__pyx_state) > 1 and hasattr(__pyx_result, '__dict__'):
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
   goto __pyx_L0;
   __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_5);
   __Pyx_XDECREF(__pyx_t_6);
   __Pyx_XDECREF(__pyx_t_7);
-  __Pyx_XDECREF(__pyx_t_8);
   __Pyx_AddTraceback("ssh.options.__pyx_unpickle_Option__set_state", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = 0;
   __pyx_L0:;
@@ -2562,17 +3783,23 @@ static PyObject *__pyx_f_3ssh_7options___pyx_unpickle_Option__set_state(struct _
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_7options_Option __pyx_vtable_3ssh_7options_Option;
 
 static PyObject *__pyx_tp_new_3ssh_7options_Option(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_7options_Option *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_7options_Option *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_7options_Option;
   return o;
@@ -2580,11 +3807,20 @@ static PyObject *__pyx_tp_new_3ssh_7options_Option(PyTypeObject *t, CYTHON_UNUSE
 
 static void __pyx_tp_dealloc_3ssh_7options_Option(PyObject *o) {
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && (!PyType_IS_GC(Py_TYPE(o)) || !_PyGC_FINALIZED(o))) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && (!PyType_IS_GC(Py_TYPE(o)) || !__Pyx_PyObject_GC_IsFinalized(o))) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_7options_Option) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static PyObject *__pyx_tp_richcompare_3ssh_7options_Option(PyObject *o1, PyObject *o2, int op) {
@@ -2596,7 +3832,8 @@ static PyObject *__pyx_tp_richcompare_3ssh_7options_Option(PyObject *o1, PyObjec
       PyObject *ret;
       ret = __pyx_pw_3ssh_7options_6Option_1__eq__(o1, o2);
       if (likely(ret && ret != Py_NotImplemented)) {
-        int b = __Pyx_PyObject_IsTrue(ret); Py_DECREF(ret);
+        int b = __Pyx_PyObject_IsTrue(ret);
+        Py_DECREF(ret);
         if (unlikely(b < 0)) return NULL;
         ret = (b) ? Py_False : Py_True;
         Py_INCREF(ret);
@@ -2614,19 +3851,39 @@ static PyObject *__pyx_getprop_3ssh_7options_6Option_value(PyObject *o, CYTHON_U
 }
 
 static PyMethodDef __pyx_methods_3ssh_7options_Option[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_7options_6Option_7__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_7options_6Option_6__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_7options_6Option_9__setstate_cython__, METH_O, __pyx_doc_3ssh_7options_6Option_8__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7options_6Option_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7options_6Option_6__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7options_6Option_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7options_6Option_8__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_7options_Option[] = {
-  {(char *)"value", __pyx_getprop_3ssh_7options_6Option_value, 0, (char *)0, 0},
+  {"value", __pyx_getprop_3ssh_7options_6Option_value, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_7options_Option_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_7options_Option},
+  {Py_tp_repr, (void *)__pyx_pw_3ssh_7options_6Option_5__repr__},
+  {Py_tp_str, (void *)__pyx_pw_3ssh_7options_6Option_3__str__},
+  {Py_tp_doc, (void *)PyDoc_STR("Class for representing an SSH option.")},
+  {Py_tp_richcompare, (void *)__pyx_tp_richcompare_3ssh_7options_Option},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_7options_Option},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_7options_Option},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_7options_Option},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_7options_Option_spec = {
+  "ssh.options.Option",
+  sizeof(struct __pyx_obj_3ssh_7options_Option),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE,
+  __pyx_type_3ssh_7options_Option_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_7options_Option = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.options.Option", /*tp_name*/
+  "ssh.options.""Option", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_7options_Option), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_7options_Option, /*tp_dealloc*/
@@ -2638,12 +3895,7 @@ static PyTypeObject __pyx_type_3ssh_7options_Option = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   __pyx_pw_3ssh_7options_6Option_5__repr__, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -2655,7 +3907,7 @@ static PyTypeObject __pyx_type_3ssh_7options_Option = {
   0, /*tp_setattro*/
   0, /*tp_as_buffer*/
   Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE, /*tp_flags*/
-  "Class for representing an SSH option.", /*tp_doc*/
+  PyDoc_STR("Class for representing an SSH option."), /*tp_doc*/
   0, /*tp_traverse*/
   0, /*tp_clear*/
   __pyx_tp_richcompare_3ssh_7options_Option, /*tp_richcompare*/
@@ -2669,7 +3921,9 @@ static PyTypeObject __pyx_type_3ssh_7options_Option = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_7options_Option, /*tp_new*/
@@ -2682,216 +3936,77 @@ static PyTypeObject __pyx_type_3ssh_7options_Option = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_options(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_options},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "options",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_ADD_IDENTITY, __pyx_k_ADD_IDENTITY, sizeof(__pyx_k_ADD_IDENTITY), 0, 0, 1, 1},
-  {&__pyx_n_s_BINDADDR, __pyx_k_BINDADDR, sizeof(__pyx_k_BINDADDR), 0, 0, 1, 1},
-  {&__pyx_n_s_CIPHERS_C_S, __pyx_k_CIPHERS_C_S, sizeof(__pyx_k_CIPHERS_C_S), 0, 0, 1, 1},
-  {&__pyx_n_s_CIPHERS_S_C, __pyx_k_CIPHERS_S_C, sizeof(__pyx_k_CIPHERS_S_C), 0, 0, 1, 1},
-  {&__pyx_n_s_COMPRESSION, __pyx_k_COMPRESSION, sizeof(__pyx_k_COMPRESSION), 0, 0, 1, 1},
-  {&__pyx_n_s_COMPRESSION_C_S, __pyx_k_COMPRESSION_C_S, sizeof(__pyx_k_COMPRESSION_C_S), 0, 0, 1, 1},
-  {&__pyx_n_s_COMPRESSION_LEVEL, __pyx_k_COMPRESSION_LEVEL, sizeof(__pyx_k_COMPRESSION_LEVEL), 0, 0, 1, 1},
-  {&__pyx_n_s_COMPRESSION_S_C, __pyx_k_COMPRESSION_S_C, sizeof(__pyx_k_COMPRESSION_S_C), 0, 0, 1, 1},
-  {&__pyx_n_s_FD, __pyx_k_FD, sizeof(__pyx_k_FD), 0, 0, 1, 1},
-  {&__pyx_n_s_GLOBAL_KNOWNHOSTS, __pyx_k_GLOBAL_KNOWNHOSTS, sizeof(__pyx_k_GLOBAL_KNOWNHOSTS), 0, 0, 1, 1},
-  {&__pyx_n_s_GSSAPI_AUTH, __pyx_k_GSSAPI_AUTH, sizeof(__pyx_k_GSSAPI_AUTH), 0, 0, 1, 1},
-  {&__pyx_n_s_GSSAPI_CLIENT_IDENTITY, __pyx_k_GSSAPI_CLIENT_IDENTITY, sizeof(__pyx_k_GSSAPI_CLIENT_IDENTITY), 0, 0, 1, 1},
-  {&__pyx_n_s_GSSAPI_DELEGATE_CREDENTIALS, __pyx_k_GSSAPI_DELEGATE_CREDENTIALS, sizeof(__pyx_k_GSSAPI_DELEGATE_CREDENTIALS), 0, 0, 1, 1},
-  {&__pyx_n_s_GSSAPI_SERVER_IDENTITY, __pyx_k_GSSAPI_SERVER_IDENTITY, sizeof(__pyx_k_GSSAPI_SERVER_IDENTITY), 0, 0, 1, 1},
-  {&__pyx_n_s_HMAC_C_S, __pyx_k_HMAC_C_S, sizeof(__pyx_k_HMAC_C_S), 0, 0, 1, 1},
-  {&__pyx_n_s_HMAC_S_C, __pyx_k_HMAC_S_C, sizeof(__pyx_k_HMAC_S_C), 0, 0, 1, 1},
-  {&__pyx_n_s_HOST, __pyx_k_HOST, sizeof(__pyx_k_HOST), 0, 0, 1, 1},
-  {&__pyx_n_s_HOSTKEYS, __pyx_k_HOSTKEYS, sizeof(__pyx_k_HOSTKEYS), 0, 0, 1, 1},
-  {&__pyx_n_s_IDENTITY, __pyx_k_IDENTITY, sizeof(__pyx_k_IDENTITY), 0, 0, 1, 1},
-  {&__pyx_kp_s_Incompatible_checksums_0x_x_vs_0, __pyx_k_Incompatible_checksums_0x_x_vs_0, sizeof(__pyx_k_Incompatible_checksums_0x_x_vs_0), 0, 0, 1, 0},
-  {&__pyx_n_s_KBDINT_AUTH, __pyx_k_KBDINT_AUTH, sizeof(__pyx_k_KBDINT_AUTH), 0, 0, 1, 1},
-  {&__pyx_n_s_KEY_EXCHANGE, __pyx_k_KEY_EXCHANGE, sizeof(__pyx_k_KEY_EXCHANGE), 0, 0, 1, 1},
-  {&__pyx_n_s_KNOWNHOSTS, __pyx_k_KNOWNHOSTS, sizeof(__pyx_k_KNOWNHOSTS), 0, 0, 1, 1},
-  {&__pyx_n_s_LOG_VERBOSITY, __pyx_k_LOG_VERBOSITY, sizeof(__pyx_k_LOG_VERBOSITY), 0, 0, 1, 1},
-  {&__pyx_n_s_LOG_VERBOSITY_STR, __pyx_k_LOG_VERBOSITY_STR, sizeof(__pyx_k_LOG_VERBOSITY_STR), 0, 0, 1, 1},
-  {&__pyx_n_s_NODELAY, __pyx_k_NODELAY, sizeof(__pyx_k_NODELAY), 0, 0, 1, 1},
-  {&__pyx_n_s_Option, __pyx_k_Option, sizeof(__pyx_k_Option), 0, 0, 1, 1},
-  {&__pyx_n_s_PASSWORD_AUTH, __pyx_k_PASSWORD_AUTH, sizeof(__pyx_k_PASSWORD_AUTH), 0, 0, 1, 1},
-  {&__pyx_n_s_PORT, __pyx_k_PORT, sizeof(__pyx_k_PORT), 0, 0, 1, 1},
-  {&__pyx_n_s_PORT_STR, __pyx_k_PORT_STR, sizeof(__pyx_k_PORT_STR), 0, 0, 1, 1},
-  {&__pyx_n_s_PROCESS_CONFIG, __pyx_k_PROCESS_CONFIG, sizeof(__pyx_k_PROCESS_CONFIG), 0, 0, 1, 1},
-  {&__pyx_n_s_PROXYCOMMAND, __pyx_k_PROXYCOMMAND, sizeof(__pyx_k_PROXYCOMMAND), 0, 0, 1, 1},
-  {&__pyx_n_s_PUBKEY_AUTH, __pyx_k_PUBKEY_AUTH, sizeof(__pyx_k_PUBKEY_AUTH), 0, 0, 1, 1},
-  {&__pyx_n_s_PUBLICKEY_ACCEPTED_TYPES, __pyx_k_PUBLICKEY_ACCEPTED_TYPES, sizeof(__pyx_k_PUBLICKEY_ACCEPTED_TYPES), 0, 0, 1, 1},
-  {&__pyx_n_s_PickleError, __pyx_k_PickleError, sizeof(__pyx_k_PickleError), 0, 0, 1, 1},
-  {&__pyx_n_s_REKEY_DATA, __pyx_k_REKEY_DATA, sizeof(__pyx_k_REKEY_DATA), 0, 0, 1, 1},
-  {&__pyx_n_s_REKEY_TIME, __pyx_k_REKEY_TIME, sizeof(__pyx_k_REKEY_TIME), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH1, __pyx_k_SSH1, sizeof(__pyx_k_SSH1), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH2, __pyx_k_SSH2, sizeof(__pyx_k_SSH2), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_DIR, __pyx_k_SSH_DIR, sizeof(__pyx_k_SSH_DIR), 0, 0, 1, 1},
-  {&__pyx_n_s_STRICTHOSTKEYCHECK, __pyx_k_STRICTHOSTKEYCHECK, sizeof(__pyx_k_STRICTHOSTKEYCHECK), 0, 0, 1, 1},
-  {&__pyx_n_s_TIMEOUT, __pyx_k_TIMEOUT, sizeof(__pyx_k_TIMEOUT), 0, 0, 1, 1},
-  {&__pyx_n_s_TIMEOUT_USEC, __pyx_k_TIMEOUT_USEC, sizeof(__pyx_k_TIMEOUT_USEC), 0, 0, 1, 1},
-  {&__pyx_n_s_USER, __pyx_k_USER, sizeof(__pyx_k_USER), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_dict, __pyx_k_dict, sizeof(__pyx_k_dict), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_new, __pyx_k_new, sizeof(__pyx_k_new), 0, 0, 1, 1},
-  {&__pyx_n_s_pickle, __pyx_k_pickle, sizeof(__pyx_k_pickle), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_PickleError, __pyx_k_pyx_PickleError, sizeof(__pyx_k_pyx_PickleError), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_checksum, __pyx_k_pyx_checksum, sizeof(__pyx_k_pyx_checksum), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_result, __pyx_k_pyx_result, sizeof(__pyx_k_pyx_result), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_state, __pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_type, __pyx_k_pyx_type, sizeof(__pyx_k_pyx_type), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_unpickle_Option, __pyx_k_pyx_unpickle_Option, sizeof(__pyx_k_pyx_unpickle_Option), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_options, __pyx_k_ssh_options, sizeof(__pyx_k_ssh_options), 0, 0, 1, 1},
-  {&__pyx_n_s_str, __pyx_k_str, sizeof(__pyx_k_str), 0, 0, 1, 1},
-  {&__pyx_kp_s_stringsource, __pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 0, 1, 0},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {&__pyx_n_s_update, __pyx_k_update, sizeof(__pyx_k_update), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  return 0;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":4
- *     cdef object __pyx_PickleError
- *     cdef object __pyx_result
- *     if __pyx_checksum not in (0x80dcc6c, 0x3b84bd8, 0x59348e4):             # <<<<<<<<<<<<<<
- *         from pickle import PickleError as __pyx_PickleError
- *         raise __pyx_PickleError("Incompatible checksums (0x%x vs (0x80dcc6c, 0x3b84bd8, 0x59348e4) = (_option))" % __pyx_checksum)
- */
-  __pyx_tuple_ = PyTuple_Pack(3, __pyx_int_135122028, __pyx_int_62409688, __pyx_int_93538532); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":1
- * def __pyx_unpickle_Option(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
- *     cdef object __pyx_PickleError
- *     cdef object __pyx_result
- */
-  __pyx_tuple__2 = PyTuple_Pack(5, __pyx_n_s_pyx_type, __pyx_n_s_pyx_checksum, __pyx_n_s_pyx_state, __pyx_n_s_pyx_PickleError, __pyx_n_s_pyx_result); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __pyx_codeobj__3 = (PyObject*)__Pyx_PyCode_New(3, 0, 5, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__2, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_stringsource, __pyx_n_s_pyx_unpickle_Option, 1, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__3)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  __pyx_int_62409688 = PyInt_FromLong(62409688L); if (unlikely(!__pyx_int_62409688)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_int_93538532 = PyInt_FromLong(93538532L); if (unlikely(!__pyx_int_93538532)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_int_135122028 = PyInt_FromLong(135122028L); if (unlikely(!__pyx_int_135122028)) __PYX_ERR(0, 1, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2899,17 +4014,26 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_7options_Option = &__pyx_vtable_3ssh_7options_Option;
   __pyx_vtable_3ssh_7options_Option.from_option = (struct __pyx_obj_3ssh_7options_Option *(*)(enum ssh_options_e))__pyx_f_3ssh_7options_6Option_from_option;
-  if (PyType_Ready(&__pyx_type_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_7options_Option.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_7options_Option = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_7options_Option_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_7options_Option)) __PYX_ERR(0, 20, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_7options_Option_spec, __pyx_mstate->__pyx_ptype_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_7options_Option = &__pyx_type_3ssh_7options_Option;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_7options_Option.tp_dictoffset && __pyx_type_3ssh_7options_Option.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_7options_Option.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_7options_Option->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_7options_Option->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_7options_Option->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_7options_Option.tp_dict, __pyx_vtabptr_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Option, (PyObject *)&__pyx_type_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
-  __pyx_ptype_3ssh_7options_Option = &__pyx_type_3ssh_7options_Option;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_7options_Option, __pyx_vtabptr_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Option, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_7options_Option) < 0) __PYX_ERR(0, 20, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -2917,74 +4041,148 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_options(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_options},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "options",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initoptions(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initoptions(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_options(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_options(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -2992,7 +4190,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -3007,10 +4207,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -3033,9 +4236,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_options(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3046,9 +4254,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_options(PyObject *__pyx_pyinit_mod
     PyErr_SetString(PyExc_RuntimeError, "Module 'options' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "options" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -3058,88 +4294,82 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_options(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_options", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("options", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__options) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.options")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.options", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.options", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_type_import_code();
-  (void)__Pyx_modinit_variable_import_code();
-  (void)__Pyx_modinit_function_import_code();
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_type_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_import_code(__pyx_mstate);
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     cdef tuple state
+ *     cdef object _dict
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7options_6Option_7__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Option___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_options, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7options_Option, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":16
+ *     else:
+ *         return __pyx_unpickle_Option, (type(self), 0x3b84bd8, state)
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     __pyx_unpickle_Option__set_state(self, __pyx_state)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7options_6Option_9__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Option___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_options, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 16, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7options_Option, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 16, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":44
  * 
@@ -3147,11 +4377,11 @@ if (!__Pyx_RefNanny) {
  * HOST = Option.from_option(ssh_options_e.SSH_OPTIONS_HOST)             # <<<<<<<<<<<<<<
  * PORT = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT)
  * PORT_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT_STR)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HOST)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 44, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HOST, __pyx_t_1) < 0) __PYX_ERR(0, 44, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HOST)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 44, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HOST, __pyx_t_2) < 0) __PYX_ERR(0, 44, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":45
  * # grep SSH_OPTIONS libssh/include/libssh/libssh.h | tr -d , | sed -E 's/SSH_OPTIONS_([A-Z0-9_]+)/\1 = Option.from_option(ssh_options_e.\0)/'
@@ -3159,11 +4389,11 @@ if (!__Pyx_RefNanny) {
  * PORT = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT)             # <<<<<<<<<<<<<<
  * PORT_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT_STR)
  * FD = Option.from_option(ssh_options_e.SSH_OPTIONS_FD)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PORT)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PORT, __pyx_t_1) < 0) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PORT)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PORT, __pyx_t_2) < 0) __PYX_ERR(0, 45, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":46
  * HOST = Option.from_option(ssh_options_e.SSH_OPTIONS_HOST)
@@ -3171,11 +4401,11 @@ if (!__Pyx_RefNanny) {
  * PORT_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT_STR)             # <<<<<<<<<<<<<<
  * FD = Option.from_option(ssh_options_e.SSH_OPTIONS_FD)
  * USER = Option.from_option(ssh_options_e.SSH_OPTIONS_USER)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PORT_STR)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PORT_STR, __pyx_t_1) < 0) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PORT_STR)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PORT_STR, __pyx_t_2) < 0) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":47
  * PORT = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT)
@@ -3183,11 +4413,11 @@ if (!__Pyx_RefNanny) {
  * FD = Option.from_option(ssh_options_e.SSH_OPTIONS_FD)             # <<<<<<<<<<<<<<
  * USER = Option.from_option(ssh_options_e.SSH_OPTIONS_USER)
  * SSH_DIR = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH_DIR)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_FD)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_FD, __pyx_t_1) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_FD)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 47, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_FD, __pyx_t_2) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":48
  * PORT_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_PORT_STR)
@@ -3195,11 +4425,11 @@ if (!__Pyx_RefNanny) {
  * USER = Option.from_option(ssh_options_e.SSH_OPTIONS_USER)             # <<<<<<<<<<<<<<
  * SSH_DIR = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH_DIR)
  * IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_IDENTITY)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_USER)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 48, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_USER, __pyx_t_1) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_USER)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_USER, __pyx_t_2) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":49
  * FD = Option.from_option(ssh_options_e.SSH_OPTIONS_FD)
@@ -3207,11 +4437,11 @@ if (!__Pyx_RefNanny) {
  * SSH_DIR = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH_DIR)             # <<<<<<<<<<<<<<
  * IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_IDENTITY)
  * ADD_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_ADD_IDENTITY)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_SSH_DIR)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 49, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_DIR, __pyx_t_1) < 0) __PYX_ERR(0, 49, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_SSH_DIR)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_DIR, __pyx_t_2) < 0) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":50
  * USER = Option.from_option(ssh_options_e.SSH_OPTIONS_USER)
@@ -3219,11 +4449,11 @@ if (!__Pyx_RefNanny) {
  * IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_IDENTITY)             # <<<<<<<<<<<<<<
  * ADD_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_ADD_IDENTITY)
  * KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_KNOWNHOSTS)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_IDENTITY)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 50, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_IDENTITY, __pyx_t_1) < 0) __PYX_ERR(0, 50, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_IDENTITY)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_IDENTITY, __pyx_t_2) < 0) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":51
  * SSH_DIR = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH_DIR)
@@ -3231,11 +4461,11 @@ if (!__Pyx_RefNanny) {
  * ADD_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_ADD_IDENTITY)             # <<<<<<<<<<<<<<
  * KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_KNOWNHOSTS)
  * TIMEOUT = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_ADD_IDENTITY)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 51, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ADD_IDENTITY, __pyx_t_1) < 0) __PYX_ERR(0, 51, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_ADD_IDENTITY)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 51, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ADD_IDENTITY, __pyx_t_2) < 0) __PYX_ERR(0, 51, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":52
  * IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_IDENTITY)
@@ -3243,11 +4473,11 @@ if (!__Pyx_RefNanny) {
  * KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_KNOWNHOSTS)             # <<<<<<<<<<<<<<
  * TIMEOUT = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT)
  * TIMEOUT_USEC = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT_USEC)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_KNOWNHOSTS)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 52, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KNOWNHOSTS, __pyx_t_1) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_KNOWNHOSTS)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KNOWNHOSTS, __pyx_t_2) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":53
  * ADD_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_ADD_IDENTITY)
@@ -3255,11 +4485,11 @@ if (!__Pyx_RefNanny) {
  * TIMEOUT = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT)             # <<<<<<<<<<<<<<
  * TIMEOUT_USEC = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT_USEC)
  * SSH1 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH1)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_TIMEOUT)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 53, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_TIMEOUT, __pyx_t_1) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_TIMEOUT)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_TIMEOUT, __pyx_t_2) < 0) __PYX_ERR(0, 53, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":54
  * KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_KNOWNHOSTS)
@@ -3267,11 +4497,11 @@ if (!__Pyx_RefNanny) {
  * TIMEOUT_USEC = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT_USEC)             # <<<<<<<<<<<<<<
  * SSH1 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH1)
  * SSH2 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH2)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_TIMEOUT_USEC)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 54, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_TIMEOUT_USEC, __pyx_t_1) < 0) __PYX_ERR(0, 54, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_TIMEOUT_USEC)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 54, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_TIMEOUT_USEC, __pyx_t_2) < 0) __PYX_ERR(0, 54, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":55
  * TIMEOUT = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT)
@@ -3279,11 +4509,11 @@ if (!__Pyx_RefNanny) {
  * SSH1 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH1)             # <<<<<<<<<<<<<<
  * SSH2 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH2)
  * LOG_VERBOSITY = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_SSH1)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 55, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH1, __pyx_t_1) < 0) __PYX_ERR(0, 55, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_SSH1)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 55, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH1, __pyx_t_2) < 0) __PYX_ERR(0, 55, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":56
  * TIMEOUT_USEC = Option.from_option(ssh_options_e.SSH_OPTIONS_TIMEOUT_USEC)
@@ -3291,11 +4521,11 @@ if (!__Pyx_RefNanny) {
  * SSH2 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH2)             # <<<<<<<<<<<<<<
  * LOG_VERBOSITY = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY)
  * LOG_VERBOSITY_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY_STR)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_SSH2)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 56, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH2, __pyx_t_1) < 0) __PYX_ERR(0, 56, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_SSH2)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH2, __pyx_t_2) < 0) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":57
  * SSH1 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH1)
@@ -3303,11 +4533,11 @@ if (!__Pyx_RefNanny) {
  * LOG_VERBOSITY = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY)             # <<<<<<<<<<<<<<
  * LOG_VERBOSITY_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY_STR)
  * CIPHERS_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_C_S)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_LOG_VERBOSITY)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 57, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_LOG_VERBOSITY, __pyx_t_1) < 0) __PYX_ERR(0, 57, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_LOG_VERBOSITY)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_LOG_VERBOSITY, __pyx_t_2) < 0) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":58
  * SSH2 = Option.from_option(ssh_options_e.SSH_OPTIONS_SSH2)
@@ -3315,11 +4545,11 @@ if (!__Pyx_RefNanny) {
  * LOG_VERBOSITY_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY_STR)             # <<<<<<<<<<<<<<
  * CIPHERS_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_C_S)
  * CIPHERS_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_S_C)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_LOG_VERBOSITY_STR)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 58, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_LOG_VERBOSITY_STR, __pyx_t_1) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_LOG_VERBOSITY_STR)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_LOG_VERBOSITY_STR, __pyx_t_2) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":59
  * LOG_VERBOSITY = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY)
@@ -3327,11 +4557,11 @@ if (!__Pyx_RefNanny) {
  * CIPHERS_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_C_S)             # <<<<<<<<<<<<<<
  * CIPHERS_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_S_C)
  * COMPRESSION_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_C_S)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_CIPHERS_C_S)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 59, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_CIPHERS_C_S, __pyx_t_1) < 0) __PYX_ERR(0, 59, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_CIPHERS_C_S)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_CIPHERS_C_S, __pyx_t_2) < 0) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":60
  * LOG_VERBOSITY_STR = Option.from_option(ssh_options_e.SSH_OPTIONS_LOG_VERBOSITY_STR)
@@ -3339,11 +4569,11 @@ if (!__Pyx_RefNanny) {
  * CIPHERS_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_S_C)             # <<<<<<<<<<<<<<
  * COMPRESSION_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_C_S)
  * COMPRESSION_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_S_C)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_CIPHERS_S_C)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 60, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_CIPHERS_S_C, __pyx_t_1) < 0) __PYX_ERR(0, 60, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_CIPHERS_S_C)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 60, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_CIPHERS_S_C, __pyx_t_2) < 0) __PYX_ERR(0, 60, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":61
  * CIPHERS_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_C_S)
@@ -3351,11 +4581,11 @@ if (!__Pyx_RefNanny) {
  * COMPRESSION_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_C_S)             # <<<<<<<<<<<<<<
  * COMPRESSION_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_S_C)
  * PROXYCOMMAND = Option.from_option(ssh_options_e.SSH_OPTIONS_PROXYCOMMAND)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION_C_S)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 61, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_COMPRESSION_C_S, __pyx_t_1) < 0) __PYX_ERR(0, 61, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION_C_S)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_COMPRESSION_C_S, __pyx_t_2) < 0) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":62
  * CIPHERS_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_CIPHERS_S_C)
@@ -3363,11 +4593,11 @@ if (!__Pyx_RefNanny) {
  * COMPRESSION_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_S_C)             # <<<<<<<<<<<<<<
  * PROXYCOMMAND = Option.from_option(ssh_options_e.SSH_OPTIONS_PROXYCOMMAND)
  * BINDADDR = Option.from_option(ssh_options_e.SSH_OPTIONS_BINDADDR)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION_S_C)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 62, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_COMPRESSION_S_C, __pyx_t_1) < 0) __PYX_ERR(0, 62, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION_S_C)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_COMPRESSION_S_C, __pyx_t_2) < 0) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":63
  * COMPRESSION_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_C_S)
@@ -3375,11 +4605,11 @@ if (!__Pyx_RefNanny) {
  * PROXYCOMMAND = Option.from_option(ssh_options_e.SSH_OPTIONS_PROXYCOMMAND)             # <<<<<<<<<<<<<<
  * BINDADDR = Option.from_option(ssh_options_e.SSH_OPTIONS_BINDADDR)
  * STRICTHOSTKEYCHECK = Option.from_option(ssh_options_e.SSH_OPTIONS_STRICTHOSTKEYCHECK)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PROXYCOMMAND)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 63, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PROXYCOMMAND, __pyx_t_1) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PROXYCOMMAND)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PROXYCOMMAND, __pyx_t_2) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":64
  * COMPRESSION_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_S_C)
@@ -3387,11 +4617,11 @@ if (!__Pyx_RefNanny) {
  * BINDADDR = Option.from_option(ssh_options_e.SSH_OPTIONS_BINDADDR)             # <<<<<<<<<<<<<<
  * STRICTHOSTKEYCHECK = Option.from_option(ssh_options_e.SSH_OPTIONS_STRICTHOSTKEYCHECK)
  * COMPRESSION = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_BINDADDR)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 64, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_BINDADDR, __pyx_t_1) < 0) __PYX_ERR(0, 64, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_BINDADDR)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_BINDADDR, __pyx_t_2) < 0) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":65
  * PROXYCOMMAND = Option.from_option(ssh_options_e.SSH_OPTIONS_PROXYCOMMAND)
@@ -3399,11 +4629,11 @@ if (!__Pyx_RefNanny) {
  * STRICTHOSTKEYCHECK = Option.from_option(ssh_options_e.SSH_OPTIONS_STRICTHOSTKEYCHECK)             # <<<<<<<<<<<<<<
  * COMPRESSION = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION)
  * COMPRESSION_LEVEL = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_LEVEL)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_STRICTHOSTKEYCHECK)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 65, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_STRICTHOSTKEYCHECK, __pyx_t_1) < 0) __PYX_ERR(0, 65, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_STRICTHOSTKEYCHECK)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_STRICTHOSTKEYCHECK, __pyx_t_2) < 0) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":66
  * BINDADDR = Option.from_option(ssh_options_e.SSH_OPTIONS_BINDADDR)
@@ -3411,11 +4641,11 @@ if (!__Pyx_RefNanny) {
  * COMPRESSION = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION)             # <<<<<<<<<<<<<<
  * COMPRESSION_LEVEL = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_LEVEL)
  * KEY_EXCHANGE = Option.from_option(ssh_options_e.SSH_OPTIONS_KEY_EXCHANGE)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 66, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_COMPRESSION, __pyx_t_1) < 0) __PYX_ERR(0, 66, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 66, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_COMPRESSION, __pyx_t_2) < 0) __PYX_ERR(0, 66, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":67
  * STRICTHOSTKEYCHECK = Option.from_option(ssh_options_e.SSH_OPTIONS_STRICTHOSTKEYCHECK)
@@ -3423,11 +4653,11 @@ if (!__Pyx_RefNanny) {
  * COMPRESSION_LEVEL = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_LEVEL)             # <<<<<<<<<<<<<<
  * KEY_EXCHANGE = Option.from_option(ssh_options_e.SSH_OPTIONS_KEY_EXCHANGE)
  * HOSTKEYS = Option.from_option(ssh_options_e.SSH_OPTIONS_HOSTKEYS)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION_LEVEL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 67, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_COMPRESSION_LEVEL, __pyx_t_1) < 0) __PYX_ERR(0, 67, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_COMPRESSION_LEVEL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 67, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_COMPRESSION_LEVEL, __pyx_t_2) < 0) __PYX_ERR(0, 67, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":68
  * COMPRESSION = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION)
@@ -3435,11 +4665,11 @@ if (!__Pyx_RefNanny) {
  * KEY_EXCHANGE = Option.from_option(ssh_options_e.SSH_OPTIONS_KEY_EXCHANGE)             # <<<<<<<<<<<<<<
  * HOSTKEYS = Option.from_option(ssh_options_e.SSH_OPTIONS_HOSTKEYS)
  * GSSAPI_SERVER_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_KEY_EXCHANGE)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 68, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KEY_EXCHANGE, __pyx_t_1) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_KEY_EXCHANGE)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 68, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KEY_EXCHANGE, __pyx_t_2) < 0) __PYX_ERR(0, 68, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":69
  * COMPRESSION_LEVEL = Option.from_option(ssh_options_e.SSH_OPTIONS_COMPRESSION_LEVEL)
@@ -3447,11 +4677,11 @@ if (!__Pyx_RefNanny) {
  * HOSTKEYS = Option.from_option(ssh_options_e.SSH_OPTIONS_HOSTKEYS)             # <<<<<<<<<<<<<<
  * GSSAPI_SERVER_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)
  * GSSAPI_CLIENT_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HOSTKEYS)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 69, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HOSTKEYS, __pyx_t_1) < 0) __PYX_ERR(0, 69, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HOSTKEYS)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HOSTKEYS, __pyx_t_2) < 0) __PYX_ERR(0, 69, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":70
  * KEY_EXCHANGE = Option.from_option(ssh_options_e.SSH_OPTIONS_KEY_EXCHANGE)
@@ -3459,11 +4689,11 @@ if (!__Pyx_RefNanny) {
  * GSSAPI_SERVER_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)             # <<<<<<<<<<<<<<
  * GSSAPI_CLIENT_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)
  * GSSAPI_DELEGATE_CREDENTIALS = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 70, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GSSAPI_SERVER_IDENTITY, __pyx_t_1) < 0) __PYX_ERR(0, 70, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 70, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GSSAPI_SERVER_IDENTITY, __pyx_t_2) < 0) __PYX_ERR(0, 70, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":71
  * HOSTKEYS = Option.from_option(ssh_options_e.SSH_OPTIONS_HOSTKEYS)
@@ -3471,11 +4701,11 @@ if (!__Pyx_RefNanny) {
  * GSSAPI_CLIENT_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)             # <<<<<<<<<<<<<<
  * GSSAPI_DELEGATE_CREDENTIALS = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)
  * HMAC_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_C_S)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 71, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GSSAPI_CLIENT_IDENTITY, __pyx_t_1) < 0) __PYX_ERR(0, 71, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 71, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GSSAPI_CLIENT_IDENTITY, __pyx_t_2) < 0) __PYX_ERR(0, 71, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":72
  * GSSAPI_SERVER_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_SERVER_IDENTITY)
@@ -3483,11 +4713,11 @@ if (!__Pyx_RefNanny) {
  * GSSAPI_DELEGATE_CREDENTIALS = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)             # <<<<<<<<<<<<<<
  * HMAC_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_C_S)
  * HMAC_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_S_C)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 72, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GSSAPI_DELEGATE_CREDENTIALS, __pyx_t_1) < 0) __PYX_ERR(0, 72, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 72, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GSSAPI_DELEGATE_CREDENTIALS, __pyx_t_2) < 0) __PYX_ERR(0, 72, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":73
  * GSSAPI_CLIENT_IDENTITY = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY)
@@ -3495,11 +4725,11 @@ if (!__Pyx_RefNanny) {
  * HMAC_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_C_S)             # <<<<<<<<<<<<<<
  * HMAC_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_S_C)
  * PASSWORD_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PASSWORD_AUTH)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HMAC_C_S)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HMAC_C_S, __pyx_t_1) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HMAC_C_S)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HMAC_C_S, __pyx_t_2) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":74
  * GSSAPI_DELEGATE_CREDENTIALS = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS)
@@ -3507,11 +4737,11 @@ if (!__Pyx_RefNanny) {
  * HMAC_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_S_C)             # <<<<<<<<<<<<<<
  * PASSWORD_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PASSWORD_AUTH)
  * PUBKEY_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBKEY_AUTH)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HMAC_S_C)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 74, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_HMAC_S_C, __pyx_t_1) < 0) __PYX_ERR(0, 74, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_HMAC_S_C)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 74, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_HMAC_S_C, __pyx_t_2) < 0) __PYX_ERR(0, 74, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":75
  * HMAC_C_S = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_C_S)
@@ -3519,11 +4749,11 @@ if (!__Pyx_RefNanny) {
  * PASSWORD_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PASSWORD_AUTH)             # <<<<<<<<<<<<<<
  * PUBKEY_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBKEY_AUTH)
  * KBDINT_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_KBDINT_AUTH)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PASSWORD_AUTH)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 75, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PASSWORD_AUTH, __pyx_t_1) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PASSWORD_AUTH)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 75, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PASSWORD_AUTH, __pyx_t_2) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":76
  * HMAC_S_C = Option.from_option(ssh_options_e.SSH_OPTIONS_HMAC_S_C)
@@ -3531,11 +4761,11 @@ if (!__Pyx_RefNanny) {
  * PUBKEY_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBKEY_AUTH)             # <<<<<<<<<<<<<<
  * KBDINT_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_KBDINT_AUTH)
  * GSSAPI_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_AUTH)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PUBKEY_AUTH)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 76, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PUBKEY_AUTH, __pyx_t_1) < 0) __PYX_ERR(0, 76, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PUBKEY_AUTH)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 76, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PUBKEY_AUTH, __pyx_t_2) < 0) __PYX_ERR(0, 76, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":77
  * PASSWORD_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PASSWORD_AUTH)
@@ -3543,11 +4773,11 @@ if (!__Pyx_RefNanny) {
  * KBDINT_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_KBDINT_AUTH)             # <<<<<<<<<<<<<<
  * GSSAPI_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_AUTH)
  * GLOBAL_KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_GLOBAL_KNOWNHOSTS)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_KBDINT_AUTH)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 77, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_KBDINT_AUTH, __pyx_t_1) < 0) __PYX_ERR(0, 77, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_KBDINT_AUTH)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_KBDINT_AUTH, __pyx_t_2) < 0) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":78
  * PUBKEY_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBKEY_AUTH)
@@ -3555,11 +4785,11 @@ if (!__Pyx_RefNanny) {
  * GSSAPI_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_AUTH)             # <<<<<<<<<<<<<<
  * GLOBAL_KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_GLOBAL_KNOWNHOSTS)
  * NODELAY = Option.from_option(ssh_options_e.SSH_OPTIONS_NODELAY)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_AUTH)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 78, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GSSAPI_AUTH, __pyx_t_1) < 0) __PYX_ERR(0, 78, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GSSAPI_AUTH)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 78, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GSSAPI_AUTH, __pyx_t_2) < 0) __PYX_ERR(0, 78, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":79
  * KBDINT_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_KBDINT_AUTH)
@@ -3567,11 +4797,11 @@ if (!__Pyx_RefNanny) {
  * GLOBAL_KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_GLOBAL_KNOWNHOSTS)             # <<<<<<<<<<<<<<
  * NODELAY = Option.from_option(ssh_options_e.SSH_OPTIONS_NODELAY)
  * PUBLICKEY_ACCEPTED_TYPES = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GLOBAL_KNOWNHOSTS)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 79, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_GLOBAL_KNOWNHOSTS, __pyx_t_1) < 0) __PYX_ERR(0, 79, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_GLOBAL_KNOWNHOSTS)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 79, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_GLOBAL_KNOWNHOSTS, __pyx_t_2) < 0) __PYX_ERR(0, 79, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":80
  * GSSAPI_AUTH = Option.from_option(ssh_options_e.SSH_OPTIONS_GSSAPI_AUTH)
@@ -3579,11 +4809,11 @@ if (!__Pyx_RefNanny) {
  * NODELAY = Option.from_option(ssh_options_e.SSH_OPTIONS_NODELAY)             # <<<<<<<<<<<<<<
  * PUBLICKEY_ACCEPTED_TYPES = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES)
  * PROCESS_CONFIG = Option.from_option(ssh_options_e.SSH_OPTIONS_PROCESS_CONFIG)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_NODELAY)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 80, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_NODELAY, __pyx_t_1) < 0) __PYX_ERR(0, 80, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_NODELAY)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 80, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_NODELAY, __pyx_t_2) < 0) __PYX_ERR(0, 80, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":81
  * GLOBAL_KNOWNHOSTS = Option.from_option(ssh_options_e.SSH_OPTIONS_GLOBAL_KNOWNHOSTS)
@@ -3591,11 +4821,11 @@ if (!__Pyx_RefNanny) {
  * PUBLICKEY_ACCEPTED_TYPES = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES)             # <<<<<<<<<<<<<<
  * PROCESS_CONFIG = Option.from_option(ssh_options_e.SSH_OPTIONS_PROCESS_CONFIG)
  * REKEY_DATA = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_DATA)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 81, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PUBLICKEY_ACCEPTED_TYPES, __pyx_t_1) < 0) __PYX_ERR(0, 81, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PUBLICKEY_ACCEPTED_TYPES, __pyx_t_2) < 0) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":82
  * NODELAY = Option.from_option(ssh_options_e.SSH_OPTIONS_NODELAY)
@@ -3603,63 +4833,73 @@ if (!__Pyx_RefNanny) {
  * PROCESS_CONFIG = Option.from_option(ssh_options_e.SSH_OPTIONS_PROCESS_CONFIG)             # <<<<<<<<<<<<<<
  * REKEY_DATA = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_DATA)
  * REKEY_TIME = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_TIME)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PROCESS_CONFIG)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 82, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_PROCESS_CONFIG, __pyx_t_1) < 0) __PYX_ERR(0, 82, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_PROCESS_CONFIG)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_PROCESS_CONFIG, __pyx_t_2) < 0) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":83
  * PUBLICKEY_ACCEPTED_TYPES = Option.from_option(ssh_options_e.SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES)
  * PROCESS_CONFIG = Option.from_option(ssh_options_e.SSH_OPTIONS_PROCESS_CONFIG)
  * REKEY_DATA = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_DATA)             # <<<<<<<<<<<<<<
  * REKEY_TIME = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_TIME)
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_REKEY_DATA)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 83, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_REKEY_DATA, __pyx_t_1) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_REKEY_DATA)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 83, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_REKEY_DATA, __pyx_t_2) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":84
  * PROCESS_CONFIG = Option.from_option(ssh_options_e.SSH_OPTIONS_PROCESS_CONFIG)
  * REKEY_DATA = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_DATA)
  * REKEY_TIME = Option.from_option(ssh_options_e.SSH_OPTIONS_REKEY_TIME)             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_REKEY_TIME)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 84, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_REKEY_TIME, __pyx_t_1) < 0) __PYX_ERR(0, 84, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_7options_6Option_from_option(SSH_OPTIONS_REKEY_TIME)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 84, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_REKEY_TIME, __pyx_t_2) < 0) __PYX_ERR(0, 84, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "(tree fragment)":1
  * def __pyx_unpickle_Option(__pyx_type, long __pyx_checksum, __pyx_state):             # <<<<<<<<<<<<<<
  *     cdef object __pyx_PickleError
  *     cdef object __pyx_result
- */
-  __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_3ssh_7options_1__pyx_unpickle_Option, NULL, __pyx_n_s_ssh_options); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_pyx_unpickle_Option, __pyx_t_1) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7options_1__pyx_unpickle_Option, 0, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Option, NULL, __pyx_mstate_global->__pyx_n_u_ssh_options, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_pyx_unpickle_Option, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/options.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.options", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.options");
   }
@@ -3667,12 +4907,262 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_ADD_IDENTITY, sizeof(__pyx_k_ADD_IDENTITY), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ADD_IDENTITY */
+  {__pyx_k_BINDADDR, sizeof(__pyx_k_BINDADDR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_BINDADDR */
+  {__pyx_k_CIPHERS_C_S, sizeof(__pyx_k_CIPHERS_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_CIPHERS_C_S */
+  {__pyx_k_CIPHERS_S_C, sizeof(__pyx_k_CIPHERS_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_CIPHERS_S_C */
+  {__pyx_k_COMPRESSION, sizeof(__pyx_k_COMPRESSION), 0, 1, 1}, /* PyObject cname: __pyx_n_u_COMPRESSION */
+  {__pyx_k_COMPRESSION_C_S, sizeof(__pyx_k_COMPRESSION_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_COMPRESSION_C_S */
+  {__pyx_k_COMPRESSION_LEVEL, sizeof(__pyx_k_COMPRESSION_LEVEL), 0, 1, 1}, /* PyObject cname: __pyx_n_u_COMPRESSION_LEVEL */
+  {__pyx_k_COMPRESSION_S_C, sizeof(__pyx_k_COMPRESSION_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_COMPRESSION_S_C */
+  {__pyx_k_FD, sizeof(__pyx_k_FD), 0, 1, 1}, /* PyObject cname: __pyx_n_u_FD */
+  {__pyx_k_GLOBAL_KNOWNHOSTS, sizeof(__pyx_k_GLOBAL_KNOWNHOSTS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GLOBAL_KNOWNHOSTS */
+  {__pyx_k_GSSAPI_AUTH, sizeof(__pyx_k_GSSAPI_AUTH), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GSSAPI_AUTH */
+  {__pyx_k_GSSAPI_CLIENT_IDENTITY, sizeof(__pyx_k_GSSAPI_CLIENT_IDENTITY), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GSSAPI_CLIENT_IDENTITY */
+  {__pyx_k_GSSAPI_DELEGATE_CREDENTIALS, sizeof(__pyx_k_GSSAPI_DELEGATE_CREDENTIALS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GSSAPI_DELEGATE_CREDENTIALS */
+  {__pyx_k_GSSAPI_SERVER_IDENTITY, sizeof(__pyx_k_GSSAPI_SERVER_IDENTITY), 0, 1, 1}, /* PyObject cname: __pyx_n_u_GSSAPI_SERVER_IDENTITY */
+  {__pyx_k_HMAC_C_S, sizeof(__pyx_k_HMAC_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HMAC_C_S */
+  {__pyx_k_HMAC_S_C, sizeof(__pyx_k_HMAC_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HMAC_S_C */
+  {__pyx_k_HOST, sizeof(__pyx_k_HOST), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HOST */
+  {__pyx_k_HOSTKEYS, sizeof(__pyx_k_HOSTKEYS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_HOSTKEYS */
+  {__pyx_k_IDENTITY, sizeof(__pyx_k_IDENTITY), 0, 1, 1}, /* PyObject cname: __pyx_n_u_IDENTITY */
+  {__pyx_k_Incompatible_checksums_0x_x_vs_0, sizeof(__pyx_k_Incompatible_checksums_0x_x_vs_0), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Incompatible_checksums_0x_x_vs_0 */
+  {__pyx_k_KBDINT_AUTH, sizeof(__pyx_k_KBDINT_AUTH), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KBDINT_AUTH */
+  {__pyx_k_KEY_EXCHANGE, sizeof(__pyx_k_KEY_EXCHANGE), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KEY_EXCHANGE */
+  {__pyx_k_KNOWNHOSTS, sizeof(__pyx_k_KNOWNHOSTS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_KNOWNHOSTS */
+  {__pyx_k_LOG_VERBOSITY, sizeof(__pyx_k_LOG_VERBOSITY), 0, 1, 1}, /* PyObject cname: __pyx_n_u_LOG_VERBOSITY */
+  {__pyx_k_LOG_VERBOSITY_STR, sizeof(__pyx_k_LOG_VERBOSITY_STR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_LOG_VERBOSITY_STR */
+  {__pyx_k_NODELAY, sizeof(__pyx_k_NODELAY), 0, 1, 1}, /* PyObject cname: __pyx_n_u_NODELAY */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_Option, sizeof(__pyx_k_Option), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Option */
+  {__pyx_k_Option___reduce_cython, sizeof(__pyx_k_Option___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Option___reduce_cython */
+  {__pyx_k_Option___setstate_cython, sizeof(__pyx_k_Option___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Option___setstate_cython */
+  {__pyx_k_PASSWORD_AUTH, sizeof(__pyx_k_PASSWORD_AUTH), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PASSWORD_AUTH */
+  {__pyx_k_PORT, sizeof(__pyx_k_PORT), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PORT */
+  {__pyx_k_PORT_STR, sizeof(__pyx_k_PORT_STR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PORT_STR */
+  {__pyx_k_PROCESS_CONFIG, sizeof(__pyx_k_PROCESS_CONFIG), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PROCESS_CONFIG */
+  {__pyx_k_PROXYCOMMAND, sizeof(__pyx_k_PROXYCOMMAND), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PROXYCOMMAND */
+  {__pyx_k_PUBKEY_AUTH, sizeof(__pyx_k_PUBKEY_AUTH), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PUBKEY_AUTH */
+  {__pyx_k_PUBLICKEY_ACCEPTED_TYPES, sizeof(__pyx_k_PUBLICKEY_ACCEPTED_TYPES), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PUBLICKEY_ACCEPTED_TYPES */
+  {__pyx_k_PickleError, sizeof(__pyx_k_PickleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_PickleError */
+  {__pyx_k_REKEY_DATA, sizeof(__pyx_k_REKEY_DATA), 0, 1, 1}, /* PyObject cname: __pyx_n_u_REKEY_DATA */
+  {__pyx_k_REKEY_TIME, sizeof(__pyx_k_REKEY_TIME), 0, 1, 1}, /* PyObject cname: __pyx_n_u_REKEY_TIME */
+  {__pyx_k_SSH1, sizeof(__pyx_k_SSH1), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH1 */
+  {__pyx_k_SSH2, sizeof(__pyx_k_SSH2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH2 */
+  {__pyx_k_SSH_DIR, sizeof(__pyx_k_SSH_DIR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_DIR */
+  {__pyx_k_STRICTHOSTKEYCHECK, sizeof(__pyx_k_STRICTHOSTKEYCHECK), 0, 1, 1}, /* PyObject cname: __pyx_n_u_STRICTHOSTKEYCHECK */
+  {__pyx_k_TIMEOUT, sizeof(__pyx_k_TIMEOUT), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TIMEOUT */
+  {__pyx_k_TIMEOUT_USEC, sizeof(__pyx_k_TIMEOUT_USEC), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TIMEOUT_USEC */
+  {__pyx_k_USER, sizeof(__pyx_k_USER), 0, 1, 1}, /* PyObject cname: __pyx_n_u_USER */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_dict, sizeof(__pyx_k_dict), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dict */
+  {__pyx_k_dict_2, sizeof(__pyx_k_dict_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dict_2 */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_new, sizeof(__pyx_k_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_new */
+  {__pyx_k_pickle, sizeof(__pyx_k_pickle), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pickle */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_PickleError, sizeof(__pyx_k_pyx_PickleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_PickleError */
+  {__pyx_k_pyx_checksum, sizeof(__pyx_k_pyx_checksum), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_checksum */
+  {__pyx_k_pyx_result, sizeof(__pyx_k_pyx_result), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_result */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_type, sizeof(__pyx_k_pyx_type), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_type */
+  {__pyx_k_pyx_unpickle_Option, sizeof(__pyx_k_pyx_unpickle_Option), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_unpickle_Option */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_ssh_options, sizeof(__pyx_k_ssh_options), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_options */
+  {__pyx_k_state, sizeof(__pyx_k_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_state */
+  {__pyx_k_str, sizeof(__pyx_k_str), 0, 1, 1}, /* PyObject cname: __pyx_n_u_str */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_update, sizeof(__pyx_k_update), 0, 1, 1}, /* PyObject cname: __pyx_n_u_update */
+  {__pyx_k_use_setstate, sizeof(__pyx_k_use_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_use_setstate */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  return 0;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "(tree fragment)":4
+ *     cdef object __pyx_PickleError
+ *     cdef object __pyx_result
+ *     if __pyx_checksum not in (0x3b84bd8, 0x59348e4, 0x80dcc6c):             # <<<<<<<<<<<<<<
+ *         from pickle import PickleError as __pyx_PickleError
+ *         raise __pyx_PickleError, "Incompatible checksums (0x%x vs (0x3b84bd8, 0x59348e4, 0x80dcc6c) = (_option))" % __pyx_checksum
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(3, __pyx_mstate_global->__pyx_int_62409688, __pyx_mstate_global->__pyx_int_93538532, __pyx_mstate_global->__pyx_int_135122028); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(1, 4, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_62409688 = PyLong_FromLong(62409688L); if (unlikely(!__pyx_mstate->__pyx_int_62409688)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_93538532 = PyLong_FromLong(93538532L); if (unlikely(!__pyx_mstate->__pyx_int_93538532)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_135122028 = PyLong_FromLong(135122028L); if (unlikely(!__pyx_mstate->__pyx_int_135122028)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 3;
+            unsigned int flags : 10;
+            unsigned int first_line : 5;
+            unsigned int line_table_length : 11;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 87};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_state, __pyx_mstate->__pyx_n_u_dict_2, __pyx_mstate->__pyx_n_u_use_setstate};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_T_G1F_a_vWA_q_q_q_t1G_gQ_t1G_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 16, 11};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_AV1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 75};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_pyx_type, __pyx_mstate->__pyx_n_u_pyx_checksum, __pyx_mstate->__pyx_n_u_pyx_state, __pyx_mstate->__pyx_n_u_pyx_PickleError, __pyx_mstate->__pyx_n_u_pyx_result};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_pyx_unpickle_Option, __pyx_k_hk_A_1_rrttu_6_7_1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -3692,313 +5182,412 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
 {
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
     }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
-    return 0;
 }
-
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
     }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
 }
 #endif
 
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
-        return NULL;
-    }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
-    }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
-    return result;
-}
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
 #endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
 #endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
-        }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
-        }
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
     }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
         }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
         }
-        nk = i / 2;
-    }
-    else {
-        kwtuple = NULL;
-        k = NULL;
-    }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
 #endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
-    }
-    else {
-        d = NULL;
-        nd = 0;
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
 #endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
 }
-#endif
-#endif
 
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
     }
-    return result;
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
 }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
 #endif
-
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    dict = PyDict_New();
+    if (unlikely(!dict))
         return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
     }
-    return result;
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
 }
 #endif
+#endif
 
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
     }
-#endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
-#endif
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
         }
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
 }
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+
+/* PyObjectFastCallMethod */
+#if !CYTHON_VECTORCALL || PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf) {
     PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    PyObject *attr = PyObject_GetAttr(args[0], name);
+    if (unlikely(!attr))
+        return NULL;
+    result = __Pyx_PyObject_FastCall(attr, args+1, nargsf - 1);
+    Py_DECREF(attr);
     return result;
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
 }
-#endif
 
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
-    }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
-#else
-    if (likely(PyCFunction_Check(func)))
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
 #endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
-        }
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
 }
-#endif
 
 /* PyErrExceptionMatches */
 #if CYTHON_FAST_THREAD_STATE
 static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
     }
     return 0;
 }
 static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
     if (exc_type == err) return 1;
     if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
 }
 #endif
 
 /* PyErrFetchRestore */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     tmp_type = tstate->curexc_type;
     tmp_value = tstate->curexc_value;
@@ -4009,31 +5598,49 @@ static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObjec
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+#endif
 }
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
     *type = tstate->curexc_type;
     *value = tstate->curexc_value;
     *tb = tstate->curexc_traceback;
     tstate->curexc_type = 0;
     tstate->curexc_value = 0;
     tstate->curexc_traceback = 0;
+#endif
 }
 #endif
 
-/* GetAttr */
-static CYTHON_INLINE PyObject *__Pyx_GetAttr(PyObject *o, PyObject *n) {
+/* PyObjectGetAttrStr */
 #if CYTHON_USE_TYPE_SLOTS
-#if PY_MAJOR_VERSION >= 3
-    if (likely(PyUnicode_Check(n)))
-#else
-    if (likely(PyString_Check(n)))
-#endif
-        return __Pyx_PyObject_GetAttrStr(o, n);
-#endif
-    return PyObject_GetAttr(o, n);
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
 }
+#endif
 
 /* GetAttr3 */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
 static PyObject *__Pyx_GetAttr3Default(PyObject *d) {
     __Pyx_PyThreadState_declare
     __Pyx_PyThreadState_assign
@@ -4043,21 +5650,62 @@ static PyObject *__Pyx_GetAttr3Default(PyObject *d) {
     Py_INCREF(d);
     return d;
 }
+#endif
 static CYTHON_INLINE PyObject *__Pyx_GetAttr3(PyObject *o, PyObject *n, PyObject *d) {
-    PyObject *r = __Pyx_GetAttr(o, n);
+    PyObject *r;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    int res = PyObject_GetOptionalAttr(o, n, &r);
+    return (res != 0) ? r : __Pyx_NewRef(d);
+#else
+  #if CYTHON_USE_TYPE_SLOTS
+    if (likely(PyUnicode_Check(n))) {
+        r = __Pyx_PyObject_GetAttrStrNoError(o, n);
+        if (unlikely(!r) && likely(!PyErr_Occurred())) {
+            r = __Pyx_NewRef(d);
+        }
+        return r;
+    }
+  #endif
+    r = PyObject_GetAttr(o, n);
     return (likely(r)) ? r : __Pyx_GetAttr3Default(d);
+#endif
+}
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
 }
 
 /* GetBuiltinName */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
     }
     return result;
 }
@@ -4096,25 +5744,26 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
 #endif
 {
     PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
         return NULL;
     }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = PyObject_GetAttr(__pyx_m, name);
     if (likely(result)) {
-        return __Pyx_NewRef(result);
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
     }
-#endif
 #else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
     if (likely(result)) {
         return __Pyx_NewRef(result);
     }
@@ -4123,651 +5772,3043 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
     return __Pyx_GetBuiltinName(name);
 }
 
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
-{
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
-    }
-    if (exact) {
-        more_or_less = "exactly";
-    }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
-}
-
 /* RaiseDoubleKeywords */
 static void __Pyx_RaiseDoubleKeywordsError(
     const char* func_name,
     PyObject* kw_name)
 {
     PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
         "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
 }
 
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
-        }
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
     }
-    return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-bad:
-    return -1;
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
 }
-
-/* Import */
-static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
-    PyObject *module = 0;
-    PyObject *global_dict = 0;
-    PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
     }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
-    empty_dict = PyDict_New();
-    if (!empty_dict)
-        goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
         }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
-            module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
         }
     }
-bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
-    Py_XDECREF(empty_dict);
-    return module;
-}
-
-/* ImportFrom */
-static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
-    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
-    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
-        #else
-            "cannot import name %S", name);
-        #endif
-    }
-    return value;
-}
-
-/* PyObjectCall2Args */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
-    PyObject *args, *result = NULL;
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyFunction_FastCall(function, args, 2);
-    }
-    #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyCFunction_FastCall(function, args, 2);
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
     }
-    #endif
-    args = PyTuple_New(2);
-    if (unlikely(!args)) goto done;
-    Py_INCREF(arg1);
-    PyTuple_SET_ITEM(args, 0, arg1);
-    Py_INCREF(arg2);
-    PyTuple_SET_ITEM(args, 1, arg2);
-    Py_INCREF(function);
-    result = __Pyx_PyObject_Call(function, args, NULL);
-    Py_DECREF(args);
-    Py_DECREF(function);
-done:
-    return result;
-}
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
     else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+        kwtuple = NULL;
+        k = NULL;
     }
-    if (PyType_Check(type)) {
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
 #if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
         }
+#else
+        self = PyCFunction_GET_SELF(method);
 #endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
         }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
 }
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
     }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
             goto bad;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
         }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
             }
         }
-    } else {
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* RaiseUnexpectedTypeError */
+static int
+__Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj)
+{
+    __Pyx_TypeName obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError, "Expected %s, got " __Pyx_FMT_TYPENAME,
+                 expected, obj_type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* Import */
+static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
+    PyObject *module = 0;
+    PyObject *empty_dict = 0;
+    PyObject *empty_list = 0;
+    empty_dict = PyDict_New();
+    if (unlikely(!empty_dict))
+        goto bad;
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
+            module = PyImport_ImportModuleLevelObject(
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
+        }
+        level = 0;
+    }
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
+    }
+bad:
+    Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
+    return module;
+}
+
+/* ImportFrom */
+static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
+    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
+    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u_);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
+        }
+        #else
+        value = PyImport_GetModule(full_name);
+        #endif
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
+    }
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
+    }
+    return value;
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* HasAttr */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static CYTHON_INLINE int __Pyx_HasAttr(PyObject *o, PyObject *n) {
+    PyObject *r;
+    if (unlikely(!PyUnicode_Check(n))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "hasattr(): attribute name must be string");
+        return -1;
+    }
+    r = __Pyx_PyObject_GetAttrStrNoError(o, n);
+    if (!r) {
+        return (unlikely(PyErr_Occurred())) ? -1 : 0;
+    } else {
+        Py_DECREF(r);
+        return 1;
+    }
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
+#endif
+}
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
+}
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+                        "__defaults__ must be set to a tuple object");
+        return -1;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
         } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
+            result = Py_None;
         }
-        PyException_SetCause(value, fixed_cause);
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
         }
-#endif
     }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+    Py_INCREF(result);
+    return result;
 }
-#endif
-
-/* HasAttr */
-static CYTHON_INLINE int __Pyx_HasAttr(PyObject *o, PyObject *n) {
-    PyObject *r;
-    if (unlikely(!__Pyx_PyBaseString_Check(n))) {
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-                        "hasattr(): attribute name must be string");
+                        "__annotations__ must be set to a dict object");
         return -1;
     }
-    r = __Pyx_GetAttr(o, n);
-    if (unlikely(!r)) {
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
         PyErr_Clear();
-        return 0;
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
     } else {
-        Py_DECREF(r);
-        return 1;
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-    return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+#endif
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
     {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
-    return descr;
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
 }
-#endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
-#endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
-}
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
-}
-static int __Pyx_setup_reduce(PyObject* type_obj) {
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
     int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
     }
+    return meth(self, args[0]);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
+        break;
+    default:
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
+    }
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -4776,11 +8817,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -4808,130 +8850,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -4962,7 +9070,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -4972,6 +9080,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -4995,8 +9104,40 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
         return (target_type) value;\
     }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_options_e(enum ssh_options_e value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_options_e(enum ssh_options_e value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5008,17 +9149,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_options_e(enum ssh_opt
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(enum ssh_options_e) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(enum ssh_options_e) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(enum ssh_options_e) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(enum ssh_options_e) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(enum ssh_options_e) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -5026,15 +9167,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_options_e(enum ssh_opt
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(enum ssh_options_e),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_options_e));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE enum ssh_options_e __Pyx_PyInt_As_enum__ssh_options_e(PyObject *x) {
+static CYTHON_INLINE enum ssh_options_e __Pyx_PyLong_As_enum__ssh_options_e(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5044,179 +9218,172 @@ static CYTHON_INLINE enum ssh_options_e __Pyx_PyInt_As_enum__ssh_options_e(PyObj
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(enum ssh_options_e) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(enum ssh_options_e, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (enum ssh_options_e) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        enum ssh_options_e val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (enum ssh_options_e) -1;
+        val = __Pyx_PyLong_As_enum__ssh_options_e(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (enum ssh_options_e) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(enum ssh_options_e, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(enum ssh_options_e, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(enum ssh_options_e) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) >= 2 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) (((((enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(enum ssh_options_e) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) >= 3 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) (((((((enum ssh_options_e)digits[2]) << PyLong_SHIFT) | (enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(enum ssh_options_e) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) >= 4 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) (((((((((enum ssh_options_e)digits[3]) << PyLong_SHIFT) | (enum ssh_options_e)digits[2]) << PyLong_SHIFT) | (enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (enum ssh_options_e) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (enum ssh_options_e) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(enum ssh_options_e) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(enum ssh_options_e) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(enum ssh_options_e) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(enum ssh_options_e) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (enum ssh_options_e) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(enum ssh_options_e, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(enum ssh_options_e,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(enum ssh_options_e, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(enum ssh_options_e) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) - 1 > 2 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) (((enum ssh_options_e)-1)*(((((enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(enum ssh_options_e) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) - 1 > 2 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) ((((((enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(enum ssh_options_e) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) - 1 > 3 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) (((enum ssh_options_e)-1)*(((((((enum ssh_options_e)digits[2]) << PyLong_SHIFT) | (enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(enum ssh_options_e) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) - 1 > 3 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) ((((((((enum ssh_options_e)digits[2]) << PyLong_SHIFT) | (enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(enum ssh_options_e) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) - 1 > 4 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) (((enum ssh_options_e)-1)*(((((((((enum ssh_options_e)digits[3]) << PyLong_SHIFT) | (enum ssh_options_e)digits[2]) << PyLong_SHIFT) | (enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(enum ssh_options_e) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(enum ssh_options_e) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(enum ssh_options_e, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(enum ssh_options_e) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(enum ssh_options_e) - 1 > 4 * PyLong_SHIFT)) {
                             return (enum ssh_options_e) ((((((((((enum ssh_options_e)digits[3]) << PyLong_SHIFT) | (enum ssh_options_e)digits[2]) << PyLong_SHIFT) | (enum ssh_options_e)digits[1]) << PyLong_SHIFT) | (enum ssh_options_e)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(enum ssh_options_e) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, long, PyLong_AsLong(x))
+        if ((sizeof(enum ssh_options_e) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(enum ssh_options_e) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(enum ssh_options_e) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(enum ssh_options_e, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
         }
-        {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            enum ssh_options_e val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
-                Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
-            }
+    }
+    {
+        enum ssh_options_e val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyErr_SetString(PyExc_RuntimeError,
+                        "_PyLong_AsByteArray() or PyLong_AsNativeBytes() not available, cannot convert large enums");
+        val = (enum ssh_options_e) -1;
 #endif
+        if (unlikely(ret))
             return (enum ssh_options_e) -1;
-        }
-    } else {
-        enum ssh_options_e val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (enum ssh_options_e) -1;
-        val = __Pyx_PyInt_As_enum__ssh_options_e(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -5230,7 +9397,7 @@ static CYTHON_INLINE enum ssh_options_e __Pyx_PyInt_As_enum__ssh_options_e(PyObj
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5240,179 +9407,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -5426,7 +9651,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5438,33 +9663,105 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
 #endif
-        }
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(long),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
-    {
-        int one = 1; int little = (int)*(unsigned char *)&one;
-        unsigned char *bytes = (unsigned char *)&value;
-        return _PyLong_FromByteArray(bytes, sizeof(long),
-                                     little, !is_unsigned);
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
     }
+    goto done;
 }
+#endif
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -5474,179 +9771,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -5663,7 +10018,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -5684,51 +10039,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -5759,109 +10101,273 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -5873,25 +10379,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -5914,95 +10420,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -6041,33 +10518,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/options.pxd b/ssh/options.pxd
index 23150cad..6728cdf7 100644
--- a/ssh/options.pxd
+++ b/ssh/options.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport ssh_options_e
+from .c_ssh cimport ssh_options_e
 
 
 cdef class Option:
diff --git a/ssh/options.pyx b/ssh/options.pyx
index 3d65a4b3..415cd407 100644
--- a/ssh/options.pyx
+++ b/ssh/options.pyx
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport ssh_options_e
+from .c_ssh cimport ssh_options_e
 
 
 cdef class Option:
diff --git a/ssh/scp.c b/ssh/scp.c
index da5c9da5..115606c7 100644
--- a/ssh/scp.c
+++ b/ssh/scp.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.scp",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/scp.pyx"
+        ]
+    },
+    "module_name": "ssh.scp"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,77 +911,201 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
   float value;
   memset(&value, 0xFF, sizeof(value));
   return value;
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -755,12 +1165,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -795,140 +1201,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -940,27 +1335,41 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/scp.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/scp.pxd",
   "ssh/session.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -968,23 +1377,185 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
 struct __pyx_obj_3ssh_3scp_SCP;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -999,7 +1570,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class SCP:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_scp _scp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_3scp_SCP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtab;
@@ -1016,13 +1587,14 @@ struct __pyx_obj_3ssh_3scp_SCP {
  * cdef class SCP:             # <<<<<<<<<<<<<<
  * 
  *     def __cinit__(self):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_3scp_SCP {
   struct __pyx_obj_3ssh_3scp_SCP *(*from_ptr)(ssh_scp, struct __pyx_obj_3ssh_7session_Session *);
   PyObject *(*close)(struct __pyx_obj_3ssh_3scp_SCP *, int __pyx_skip_dispatch);
 };
 static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1031,42 +1603,48 @@ static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1077,6 +1655,10 @@ static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1088,32 +1670,30 @@ static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
 #else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
 #endif
 
-/* GetBuiltinName.proto */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name);
-
-/* RaiseArgTupleInvalid.proto */
-static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
-    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
-
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
-
 /* PyThreadStateGet.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1125,7 +1705,7 @@ static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1141,6 +1721,79 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+#else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
+
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* GetBuiltinName.proto */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name);
+
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
 /* WriteUnraisableException.proto */
 static void __Pyx_WriteUnraisable(const char *name, int clineno,
                                   int lineno, const char *filename,
@@ -1150,65 +1803,51 @@ static void __Pyx_WriteUnraisable(const char *name, int clineno,
 static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
 
 /* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* PyDictVersioning.proto */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-#define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
-#define __PYX_GET_DICT_VERSION(dict)  (((PyDictObject*)(dict))->ma_version_tag)
-#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)\
-    (version_var) = __PYX_GET_DICT_VERSION(dict);\
-    (cache_var) = (value);
-#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP) {\
-    static PY_UINT64_T __pyx_dict_version = 0;\
-    static PyObject *__pyx_dict_cached_value = NULL;\
-    if (likely(__PYX_GET_DICT_VERSION(DICT) == __pyx_dict_version)) {\
-        (VAR) = __pyx_dict_cached_value;\
-    } else {\
-        (VAR) = __pyx_dict_cached_value = (LOOKUP);\
-        __pyx_dict_version = __PYX_GET_DICT_VERSION(DICT);\
-    }\
-}
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj);
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj);
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version);
-#else
-#define __PYX_GET_DICT_VERSION(dict)  (0)
-#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)
-#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP)  (VAR) = (LOOKUP);
-#endif
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
 
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
 #endif
 
 /* PyObjectCall.proto */
@@ -1223,22 +1862,77 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
 #else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
 #endif
 
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
 #else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
 #endif
 
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+/* PyDictVersioning.proto */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+#define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
+#define __PYX_GET_DICT_VERSION(dict)  (((PyDictObject*)(dict))->ma_version_tag)
+#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)\
+    (version_var) = __PYX_GET_DICT_VERSION(dict);\
+    (cache_var) = (value);
+#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP) {\
+    static PY_UINT64_T __pyx_dict_version = 0;\
+    static PyObject *__pyx_dict_cached_value = NULL;\
+    if (likely(__PYX_GET_DICT_VERSION(DICT) == __pyx_dict_version)) {\
+        (VAR) = __pyx_dict_cached_value;\
+    } else {\
+        (VAR) = __pyx_dict_cached_value = (LOOKUP);\
+        __pyx_dict_version = __PYX_GET_DICT_VERSION(DICT);\
+    }\
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj);
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj);
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version);
+#else
+#define __PYX_GET_DICT_VERSION(dict)  (0)
+#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)
+#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP)  (VAR) = (LOOKUP);
+#endif
 
 /* GetException.proto */
 #if CYTHON_FAST_THREAD_STATE
@@ -1257,7 +1951,7 @@ static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value,
 #endif
 
 /* GetTopmostException.proto */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
 #endif
 
@@ -1274,229 +1968,537 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
 
 /* ArgTypeTest.proto */
 #define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
         __Pyx__ArgTypeTest(obj, type, name, exact))
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
 
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
-#endif
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
 
-/* SetupReduce.proto */
-static int __Pyx_setup_reduce(PyObject* type_obj);
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* SetVTable.proto */
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
+
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
+
+/* SetupReduce.proto */
+static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
 #else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_scp_request_types(enum ssh_scp_request_types value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_scp_request_types(enum ssh_scp_request_types value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *);
+static CYTHON_INLINE size_t __Pyx_PyLong_As_size_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *);
+static CYTHON_INLINE uint64_t __Pyx_PyLong_As_uint64_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *);
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *);
+
+/* CIntToPy.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
-
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp __pyx_v__scp, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session); /* proto*/
 static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self, int __pyx_skip_dispatch); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
+
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.stdlib" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_to_bytes)(PyObject *); /*proto*/
 static PyObject *(*__pyx_f_3ssh_5utils_to_str)(char const *); /*proto*/
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.scp' */
-static PyTypeObject *__pyx_ptype_3ssh_3scp_SCP = 0;
+/* Module declarations from "ssh.scp" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.scp"
 extern int __pyx_module_is_main_ssh__scp;
 int __pyx_module_is_main_ssh__scp = 0;
 
-/* Implementation of 'ssh.scp' */
+/* Implementation of "ssh.scp" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
 static const char __pyx_k_[] = "";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k__2[] = "?";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
 static const char __pyx_k_SCP[] = "SCP";
+static const char __pyx_k_buf[] = "buf";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_cbuf[] = "cbuf";
+static const char __pyx_k_data[] = "data";
+static const char __pyx_k_func[] = "__func__";
+static const char __pyx_k_init[] = "init";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_mode[] = "mode";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_read[] = "read";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_size[] = "size";
 static const char __pyx_k_test[] = "__test__";
 static const char __pyx_k_close[] = "close";
 static const char __pyx_k_perms[] = "perms";
+static const char __pyx_k_write[] = "write";
+static const char __pyx_k_A_1D_d[] = "\200A\340\r\016\330\014\026\320\026+\2501\250D\260\001\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_Qd_d[] = "\200A\340\r\016\330\014\026\320\026-\250Q\250d\260!\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_c_data[] = "c_data";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reason[] = "reason";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_A_1_a_q[] = "\200A\340\r\016\330\014\026\320\0261\260\021\260$\260a\330\010\017\210q";
+static const char __pyx_k_A_at1_d[] = "\200A\340\r\016\330\014\026\320\026.\250a\250t\2601\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_m1D_d[] = "\200A\360\006\000\016\017\330\014\026\220m\2401\240D\250\001\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_q_A_q[] = "\200A\340\r\016\330\014\026\320\026/\250q\260\004\260A\330\010\017\210q";
 static const char __pyx_k_dirname[] = "dirname";
+static const char __pyx_k_disable[] = "disable";
+static const char __pyx_k_ssh_scp[] = "ssh.scp";
+static const char __pyx_k_warning[] = "_warning";
+static const char __pyx_k_A_6at1_q[] = "\200A\340\r\016\330\014\026\320\0266\260a\260t\2701\330\010\017\210q";
+static const char __pyx_k_SCP_init[] = "SCP.init";
+static const char __pyx_k_SCP_read[] = "SCP.read";
+static const char __pyx_k_add_note[] = "add_note";
+static const char __pyx_k_b_reason[] = "b_reason";
 static const char __pyx_k_filename[] = "filename";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_reason_2[] = "_reason";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
+static const char __pyx_k_SCP_close[] = "SCP.close";
+static const char __pyx_k_SCP_write[] = "SCP.write";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_b_dirname[] = "b_dirname";
+static const char __pyx_k_dirname_2[] = "_dirname";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_push_file[] = "push_file";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_warning_2[] = "warning";
+static const char __pyx_k_A_Q_WKvQ_d[] = "\200A\340\010 \240\010\250\001\250\021\330\010%\240Q\330\r\016\330\014\026\320\026(\250\001\250\024\250W\260K\270v\300Q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_b_filename[] = "b_filename";
+static const char __pyx_k_filename_2[] = "_filename";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
+static const char __pyx_k_A_3aq_nAT_d[] = "\200A\330\010\033\2303\230a\230q\330\010\"\240!\340\r\016\330\014\026\220n\240A\240T\250\027\260\010\270\001\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_Q_4wk_q_d[] = "\200A\340\010 \240\010\250\001\250\021\330\010%\240Q\330\r\016\330\014\026\320\026*\250!\2504\250w\260k\300\026\300q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_push_file64[] = "push_file64";
+static const char __pyx_k_ssh_scp_pyx[] = "ssh/scp.pyx";
 static const char __pyx_k_SSH_SCP_READ[] = "SSH_SCP_READ";
+static const char __pyx_k_deny_request[] = "deny_request";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_pull_request[] = "pull_request";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_A_xq_A_Qd_1_d[] = "\200A\340\010\037\230x\240q\250\001\330\010$\240A\330\r\016\330\014\026\320\026-\250Q\250d\260'\270\032\3001\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_SCP_push_file[] = "SCP.push_file";
 static const char __pyx_k_SSH_SCP_WRITE[] = "SSH_SCP_WRITE";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_A_a_4q_S_1_1_q[] = "\200A\340\010\036\230a\330\r\016\330\014\035\320\035:\270!\2704\270q\330\010\013\210:\220S\230\001\330\014\023\2201\330\010\023\2201\330\010\017\210q";
+static const char __pyx_k_accept_request[] = "accept_request";
+static const char __pyx_k_push_directory[] = "push_directory";
+static const char __pyx_k_1_7_xq_a_1D_q_d[] = "\320\004\"\240!\360\006\000\t$\2401\330\010\013\2107\220'\230\021\330\014\027\220x\230q\240\001\330\014\026\220a\330\r\016\330\014\026\320\026+\2501\250D\260\007\260q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_Q_8_Q_9Cq_1_q[] = "\200A\340\010\035\230Q\330\r\016\330\014\034\320\0348\270\001\270\024\270Q\330\010\013\2109\220C\220q\330\014\023\2201\330\010\022\220!\330\010\017\210q";
+static const char __pyx_k_SCP_push_file64[] = "SCP.push_file64";
+static const char __pyx_k_leave_directory[] = "leave_directory";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_SCP_deny_request[] = "SCP.deny_request";
+static const char __pyx_k_SCP_pull_request[] = "SCP.pull_request";
+static const char __pyx_k_request_get_size[] = "request_get_size";
 static const char __pyx_k_SSH_SCP_RECURSIVE[] = "SSH_SCP_RECURSIVE";
+static const char __pyx_k_SCP_accept_request[] = "SCP.accept_request";
+static const char __pyx_k_SCP_push_directory[] = "SCP.push_directory";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_request_get_size64[] = "request_get_size64";
+static const char __pyx_k_A_4q_1_nAT_s_Q_Ja_d[] = "\200A\340\010\013\2104\210q\330\014\023\2201\330\r\016\330\014\026\220n\240A\240T\250\021\330\014\017\210s\220#\220Q\330\020\024\220J\230a\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_SCP___reduce_cython[] = "SCP.__reduce_cython__";
+static const char __pyx_k_SCP_leave_directory[] = "SCP.leave_directory";
 static const char __pyx_k_SSH_SCP_REQUEST_EOF[] = "SSH_SCP_REQUEST_EOF";
+static const char __pyx_k_request_get_warning[] = "request_get_warning";
+static const char __pyx_k_SCP_request_get_size[] = "SCP.request_get_size";
+static const char __pyx_k_request_get_filename[] = "request_get_filename";
+static const char __pyx_k_SCP___setstate_cython[] = "SCP.__setstate_cython__";
+static const char __pyx_k_SCP_request_get_size64[] = "SCP.request_get_size64";
 static const char __pyx_k_SSH_SCP_REQUEST_ENDDIR[] = "SSH_SCP_REQUEST_ENDDIR";
 static const char __pyx_k_SSH_SCP_REQUEST_NEWDIR[] = "SSH_SCP_REQUEST_NEWDIR";
+static const char __pyx_k_SCP_request_get_warning[] = "SCP.request_get_warning";
 static const char __pyx_k_SSH_SCP_REQUEST_NEWFILE[] = "SSH_SCP_REQUEST_NEWFILE";
 static const char __pyx_k_SSH_SCP_REQUEST_WARNING[] = "SSH_SCP_REQUEST_WARNING";
+static const char __pyx_k_request_get_permissions[] = "request_get_permissions";
+static const char __pyx_k_SCP_request_get_filename[] = "SCP.request_get_filename";
+static const char __pyx_k_SCP_request_get_permissions[] = "SCP.request_get_permissions";
+static const char __pyx_k_1_86_aq_uCq_m1D_vQ_s_A_d_A_d_a[] = "\320\004+\2501\340\010\031\230\021\340\r\016\330\014\023\2208\2306\240\021\240,\250a\250q\330\014\017\210u\220C\220q\330\025\026\330\024\025\330\014\026\220m\2401\240D\250\007\250v\260Q\330\010\t\330\014\017\210s\220\"\220A\330\020\026\220d\230\"\230A\340\014\020\220\001\220\021\330\010\017\320\017!\240\021\240$\240d\250(\260,\270a";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_kp_b_;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_SCP;
-static PyObject *__pyx_n_s_SSH_SCP_READ;
-static PyObject *__pyx_n_s_SSH_SCP_RECURSIVE;
-static PyObject *__pyx_n_s_SSH_SCP_REQUEST_ENDDIR;
-static PyObject *__pyx_n_s_SSH_SCP_REQUEST_EOF;
-static PyObject *__pyx_n_s_SSH_SCP_REQUEST_NEWDIR;
-static PyObject *__pyx_n_s_SSH_SCP_REQUEST_NEWFILE;
-static PyObject *__pyx_n_s_SSH_SCP_REQUEST_WARNING;
-static PyObject *__pyx_n_s_SSH_SCP_WRITE;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_close;
-static PyObject *__pyx_n_s_dirname;
-static PyObject *__pyx_n_s_filename;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_mode;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_perms;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reason;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_size;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_3scp_3SCP___cinit__(struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self); /* proto */
 static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self); /* proto */
@@ -1520,10 +2522,246 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6closed___get__(struct __pyx_obj_3ssh_3
 static PyObject *__pyx_pf_3ssh_3scp_3SCP_36__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_3scp_3SCP_38__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_3scp_SCP(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_int_0;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__3;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyObject *__pyx_type_3ssh_3scp_SCP;
+  PyTypeObject *__pyx_ptype_3ssh_3scp_SCP;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[2];
+  PyObject *__pyx_codeobj_tab[18];
+  PyObject *__pyx_string_tab[96];
+  PyObject *__pyx_int_0;
+  PyObject *__pyx_int_1048576;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_b_ __pyx_string_tab[0]
+#define __pyx_n_u_MemoryError __pyx_string_tab[1]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[2]
+#define __pyx_n_u_SCP __pyx_string_tab[3]
+#define __pyx_n_u_SCP___reduce_cython __pyx_string_tab[4]
+#define __pyx_n_u_SCP___setstate_cython __pyx_string_tab[5]
+#define __pyx_n_u_SCP_accept_request __pyx_string_tab[6]
+#define __pyx_n_u_SCP_close __pyx_string_tab[7]
+#define __pyx_n_u_SCP_deny_request __pyx_string_tab[8]
+#define __pyx_n_u_SCP_init __pyx_string_tab[9]
+#define __pyx_n_u_SCP_leave_directory __pyx_string_tab[10]
+#define __pyx_n_u_SCP_pull_request __pyx_string_tab[11]
+#define __pyx_n_u_SCP_push_directory __pyx_string_tab[12]
+#define __pyx_n_u_SCP_push_file __pyx_string_tab[13]
+#define __pyx_n_u_SCP_push_file64 __pyx_string_tab[14]
+#define __pyx_n_u_SCP_read __pyx_string_tab[15]
+#define __pyx_n_u_SCP_request_get_filename __pyx_string_tab[16]
+#define __pyx_n_u_SCP_request_get_permissions __pyx_string_tab[17]
+#define __pyx_n_u_SCP_request_get_size __pyx_string_tab[18]
+#define __pyx_n_u_SCP_request_get_size64 __pyx_string_tab[19]
+#define __pyx_n_u_SCP_request_get_warning __pyx_string_tab[20]
+#define __pyx_n_u_SCP_write __pyx_string_tab[21]
+#define __pyx_n_u_SSH_SCP_READ __pyx_string_tab[22]
+#define __pyx_n_u_SSH_SCP_RECURSIVE __pyx_string_tab[23]
+#define __pyx_n_u_SSH_SCP_REQUEST_ENDDIR __pyx_string_tab[24]
+#define __pyx_n_u_SSH_SCP_REQUEST_EOF __pyx_string_tab[25]
+#define __pyx_n_u_SSH_SCP_REQUEST_NEWDIR __pyx_string_tab[26]
+#define __pyx_n_u_SSH_SCP_REQUEST_NEWFILE __pyx_string_tab[27]
+#define __pyx_n_u_SSH_SCP_REQUEST_WARNING __pyx_string_tab[28]
+#define __pyx_n_u_SSH_SCP_WRITE __pyx_string_tab[29]
+#define __pyx_n_u_TypeError __pyx_string_tab[30]
+#define __pyx_kp_u__2 __pyx_string_tab[31]
+#define __pyx_n_u_accept_request __pyx_string_tab[32]
+#define __pyx_kp_u_add_note __pyx_string_tab[33]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[34]
+#define __pyx_n_u_b_dirname __pyx_string_tab[35]
+#define __pyx_n_u_b_filename __pyx_string_tab[36]
+#define __pyx_n_u_b_reason __pyx_string_tab[37]
+#define __pyx_n_u_buf __pyx_string_tab[38]
+#define __pyx_n_u_c_data __pyx_string_tab[39]
+#define __pyx_n_u_cbuf __pyx_string_tab[40]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[41]
+#define __pyx_n_u_close __pyx_string_tab[42]
+#define __pyx_n_u_data __pyx_string_tab[43]
+#define __pyx_n_u_deny_request __pyx_string_tab[44]
+#define __pyx_n_u_dirname __pyx_string_tab[45]
+#define __pyx_n_u_dirname_2 __pyx_string_tab[46]
+#define __pyx_kp_u_disable __pyx_string_tab[47]
+#define __pyx_kp_u_enable __pyx_string_tab[48]
+#define __pyx_n_u_filename __pyx_string_tab[49]
+#define __pyx_n_u_filename_2 __pyx_string_tab[50]
+#define __pyx_n_u_func __pyx_string_tab[51]
+#define __pyx_kp_u_gc __pyx_string_tab[52]
+#define __pyx_n_u_getstate __pyx_string_tab[53]
+#define __pyx_n_u_init __pyx_string_tab[54]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[55]
+#define __pyx_kp_u_isenabled __pyx_string_tab[56]
+#define __pyx_n_u_leave_directory __pyx_string_tab[57]
+#define __pyx_n_u_main __pyx_string_tab[58]
+#define __pyx_n_u_mode __pyx_string_tab[59]
+#define __pyx_n_u_module __pyx_string_tab[60]
+#define __pyx_n_u_name __pyx_string_tab[61]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[62]
+#define __pyx_n_u_perms __pyx_string_tab[63]
+#define __pyx_n_u_pop __pyx_string_tab[64]
+#define __pyx_n_u_pull_request __pyx_string_tab[65]
+#define __pyx_n_u_push_directory __pyx_string_tab[66]
+#define __pyx_n_u_push_file __pyx_string_tab[67]
+#define __pyx_n_u_push_file64 __pyx_string_tab[68]
+#define __pyx_n_u_pyx_state __pyx_string_tab[69]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[70]
+#define __pyx_n_u_qualname __pyx_string_tab[71]
+#define __pyx_n_u_rc __pyx_string_tab[72]
+#define __pyx_n_u_read __pyx_string_tab[73]
+#define __pyx_n_u_reason __pyx_string_tab[74]
+#define __pyx_n_u_reason_2 __pyx_string_tab[75]
+#define __pyx_n_u_reduce __pyx_string_tab[76]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[77]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[78]
+#define __pyx_n_u_request_get_filename __pyx_string_tab[79]
+#define __pyx_n_u_request_get_permissions __pyx_string_tab[80]
+#define __pyx_n_u_request_get_size __pyx_string_tab[81]
+#define __pyx_n_u_request_get_size64 __pyx_string_tab[82]
+#define __pyx_n_u_request_get_warning __pyx_string_tab[83]
+#define __pyx_n_u_self __pyx_string_tab[84]
+#define __pyx_n_u_set_name __pyx_string_tab[85]
+#define __pyx_n_u_setstate __pyx_string_tab[86]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[87]
+#define __pyx_n_u_size __pyx_string_tab[88]
+#define __pyx_n_u_ssh_scp __pyx_string_tab[89]
+#define __pyx_kp_u_ssh_scp_pyx __pyx_string_tab[90]
+#define __pyx_kp_u_stringsource __pyx_string_tab[91]
+#define __pyx_n_u_test __pyx_string_tab[92]
+#define __pyx_n_u_warning __pyx_string_tab[93]
+#define __pyx_n_u_warning_2 __pyx_string_tab[94]
+#define __pyx_n_u_write __pyx_string_tab[95]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_3scp_SCP);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_3scp_SCP);
+  for (int i=0; i<2; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<18; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<96; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_0);
+  Py_CLEAR(clear_module_state->__pyx_int_1048576);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_3scp_SCP);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_3scp_SCP);
+  for (int i=0; i<2; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<18; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<96; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_0);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_1048576);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/scp.pyx":39
  * cdef class SCP:
@@ -1531,17 +2769,26 @@ static PyObject *__pyx_tuple__3;
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self.closed = False
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_3scp_3SCP_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_3scp_3SCP_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP___cinit__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -1551,8 +2798,6 @@ static int __pyx_pw_3ssh_3scp_3SCP_1__cinit__(PyObject *__pyx_v_self, PyObject *
 
 static int __pyx_pf_3ssh_3scp_3SCP___cinit__(struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/scp.pyx":40
  * 
@@ -1560,7 +2805,7 @@ static int __pyx_pf_3ssh_3scp_3SCP___cinit__(struct __pyx_obj_3ssh_3scp_SCP *__p
  *         self.closed = False             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
+*/
   __pyx_v_self->closed = 0;
 
   /* "ssh/scp.pyx":39
@@ -1569,11 +2814,10 @@ static int __pyx_pf_3ssh_3scp_3SCP___cinit__(struct __pyx_obj_3ssh_3scp_SCP *__p
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self.closed = False
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
@@ -1583,13 +2827,15 @@ static int __pyx_pf_3ssh_3scp_3SCP___cinit__(struct __pyx_obj_3ssh_3scp_SCP *__p
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._scp is not NULL:
  *             if not self.closed:
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_3scp_3SCP_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_3scp_3SCP_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -1611,8 +2857,8 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *         if self._scp is not NULL:             # <<<<<<<<<<<<<<
  *             if not self.closed:
  *                 self.close()
- */
-  __pyx_t_1 = ((__pyx_v_self->_scp != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_scp != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/scp.pyx":44
@@ -1621,8 +2867,8 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *             if not self.closed:             # <<<<<<<<<<<<<<
  *                 self.close()
  *             c_ssh.ssh_scp_free(self._scp)
- */
-    __pyx_t_1 = ((!(__pyx_v_self->closed != 0)) != 0);
+*/
+    __pyx_t_1 = (!__pyx_v_self->closed);
     if (__pyx_t_1) {
 
       /* "ssh/scp.pyx":45
@@ -1631,7 +2877,7 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *                 self.close()             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_scp_free(self._scp)
  *             self._scp = NULL
- */
+*/
       __pyx_t_2 = ((struct __pyx_vtabstruct_3ssh_3scp_SCP *)__pyx_v_self->__pyx_vtab)->close(__pyx_v_self, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
@@ -1642,7 +2888,7 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *             if not self.closed:             # <<<<<<<<<<<<<<
  *                 self.close()
  *             c_ssh.ssh_scp_free(self._scp)
- */
+*/
     }
 
     /* "ssh/scp.pyx":46
@@ -1651,7 +2897,7 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *             c_ssh.ssh_scp_free(self._scp)             # <<<<<<<<<<<<<<
  *             self._scp = NULL
  * 
- */
+*/
     ssh_scp_free(__pyx_v_self->_scp);
 
     /* "ssh/scp.pyx":47
@@ -1660,7 +2906,7 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *             self._scp = NULL             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
     __pyx_v_self->_scp = NULL;
 
     /* "ssh/scp.pyx":43
@@ -1669,7 +2915,7 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *         if self._scp is not NULL:             # <<<<<<<<<<<<<<
  *             if not self.closed:
  *                 self.close()
- */
+*/
   }
 
   /* "ssh/scp.pyx":42
@@ -1678,7 +2924,7 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._scp is not NULL:
  *             if not self.closed:
- */
+*/
 
   /* function exit code */
   goto __pyx_L0;
@@ -1689,13 +2935,13 @@ static void __pyx_pf_3ssh_3scp_3SCP_2__dealloc__(struct __pyx_obj_3ssh_3scp_SCP
   __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/scp.pyx":50
+/* "ssh/scp.pyx":49
+ *             self._scp = NULL
  * 
- *     @staticmethod
- *     cdef SCP from_ptr(c_ssh.ssh_scp _scp, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SCP from_ptr(c_ssh.ssh_scp _scp, Session session):
  *         cdef SCP scp = SCP.__new__(SCP)
- *         scp._scp = _scp
- */
+*/
 
 static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp __pyx_v__scp, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session) {
   struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_scp = 0;
@@ -1713,9 +2959,9 @@ static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp _
  *         cdef SCP scp = SCP.__new__(SCP)             # <<<<<<<<<<<<<<
  *         scp._scp = _scp
  *         scp.session = session
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_3scp_SCP(((PyTypeObject *)__pyx_ptype_3ssh_3scp_SCP), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 51, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_3scp_SCP(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 51, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v_scp = ((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_t_1);
   __pyx_t_1 = 0;
 
@@ -1725,7 +2971,7 @@ static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp _
  *         scp._scp = _scp             # <<<<<<<<<<<<<<
  *         scp.session = session
  *         return scp
- */
+*/
   __pyx_v_scp->_scp = __pyx_v__scp;
 
   /* "ssh/scp.pyx":53
@@ -1734,11 +2980,11 @@ static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp _
  *         scp.session = session             # <<<<<<<<<<<<<<
  *         return scp
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  __Pyx_GOTREF(__pyx_v_scp->session);
-  __Pyx_DECREF(((PyObject *)__pyx_v_scp->session));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  __Pyx_GOTREF((PyObject *)__pyx_v_scp->session);
+  __Pyx_DECREF((PyObject *)__pyx_v_scp->session);
   __pyx_v_scp->session = __pyx_v_session;
 
   /* "ssh/scp.pyx":54
@@ -1747,19 +2993,19 @@ static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp _
  *         return scp             # <<<<<<<<<<<<<<
  * 
  *     def accept_request(self):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v_scp));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v_scp);
   __pyx_r = __pyx_v_scp;
   goto __pyx_L0;
 
-  /* "ssh/scp.pyx":50
+  /* "ssh/scp.pyx":49
+ *             self._scp = NULL
  * 
- *     @staticmethod
- *     cdef SCP from_ptr(c_ssh.ssh_scp _scp, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SCP from_ptr(c_ssh.ssh_scp _scp, Session session):
  *         cdef SCP scp = SCP.__new__(SCP)
- *         scp._scp = _scp
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1779,15 +3025,44 @@ static struct __pyx_obj_3ssh_3scp_SCP *__pyx_f_3ssh_3scp_3SCP_from_ptr(ssh_scp _
  *     def accept_request(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_5accept_request(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_4accept_request[] = "SCP.accept_request(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_5accept_request(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_5accept_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_4accept_request, "SCP.accept_request(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_5accept_request = {"accept_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_5accept_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_4accept_request};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_5accept_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("accept_request (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("accept_request", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("accept_request", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_4accept_request(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -1812,13 +3087,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_accept_request(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":59
@@ -1827,7 +3101,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3
  *             rc = c_ssh.ssh_scp_accept_request(self._scp)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_accept_request(__pyx_v_self->_scp);
       }
 
@@ -1837,13 +3111,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_accept_request(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -1856,10 +3128,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def deny_request(self, reason=None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 60, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 60, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 60, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -1871,7 +3143,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3
  *     def accept_request(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1890,57 +3162,83 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_4accept_request(struct __pyx_obj_3ssh_3
  *     def deny_request(self, reason=None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_reason
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_7deny_request(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_6deny_request[] = "SCP.deny_request(self, reason=None)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_7deny_request(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_7deny_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_6deny_request, "SCP.deny_request(self, reason=None)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_7deny_request = {"deny_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_7deny_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_6deny_request};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_7deny_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_reason = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("deny_request (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_reason,0};
-    PyObject* values[1] = {0};
-    values[0] = ((PyObject *)Py_None);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_reason,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 62, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 62, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_reason);
-          if (value) { values[0] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "deny_request") < 0)) __PYX_ERR(0, 62, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "deny_request", 0) < 0) __PYX_ERR(0, 62, __pyx_L3_error)
+      if (!values[0]) values[0] = __Pyx_NewRef(((PyObject *)Py_None));
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 62, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[0]) values[0] = __Pyx_NewRef(((PyObject *)Py_None));
     }
     __pyx_v_reason = values[0];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("deny_request", 0, 0, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 62, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("deny_request", 0, 0, 1, __pyx_nargs); __PYX_ERR(0, 62, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.scp.SCP.deny_request", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -1948,6 +3246,9 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_7deny_request(PyObject *__pyx_v_self, P
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_6deny_request(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self), __pyx_v_reason);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1959,10 +3260,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  int __pyx_t_2;
-  PyObject *__pyx_t_3 = NULL;
-  char const *__pyx_t_4;
-  int __pyx_t_5;
+  PyObject *__pyx_t_2 = NULL;
+  char const *__pyx_t_3;
+  int __pyx_t_4;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1974,7 +3274,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *         cdef const char *_reason = NULL             # <<<<<<<<<<<<<<
  *         if reason is not None:
  *             b_reason = to_bytes(reason)
- */
+*/
   __pyx_v__reason = NULL;
 
   /* "ssh/scp.pyx":66
@@ -1983,10 +3283,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *         if reason is not None:             # <<<<<<<<<<<<<<
  *             b_reason = to_bytes(reason)
  *             _reason = b_reason
- */
+*/
   __pyx_t_1 = (__pyx_v_reason != Py_None);
-  __pyx_t_2 = (__pyx_t_1 != 0);
-  if (__pyx_t_2) {
+  if (__pyx_t_1) {
 
     /* "ssh/scp.pyx":67
  *         cdef const char *_reason = NULL
@@ -1994,11 +3293,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *             b_reason = to_bytes(reason)             # <<<<<<<<<<<<<<
  *             _reason = b_reason
  *         with nogil:
- */
-    __pyx_t_3 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_reason); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 67, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_v_b_reason = ((PyObject*)__pyx_t_3);
-    __pyx_t_3 = 0;
+*/
+    __pyx_t_2 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_reason); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 67, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_2);
+    __pyx_v_b_reason = ((PyObject*)__pyx_t_2);
+    __pyx_t_2 = 0;
 
     /* "ssh/scp.pyx":68
  *         if reason is not None:
@@ -2006,13 +3305,13 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *             _reason = b_reason             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_scp_deny_request(self._scp, _reason)
- */
+*/
     if (unlikely(__pyx_v_b_reason == Py_None)) {
       PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
       __PYX_ERR(0, 68, __pyx_L1_error)
     }
-    __pyx_t_4 = __Pyx_PyBytes_AsString(__pyx_v_b_reason); if (unlikely((!__pyx_t_4) && PyErr_Occurred())) __PYX_ERR(0, 68, __pyx_L1_error)
-    __pyx_v__reason = __pyx_t_4;
+    __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_reason); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 68, __pyx_L1_error)
+    __pyx_v__reason = __pyx_t_3;
 
     /* "ssh/scp.pyx":66
  *         cdef bytes b_reason
@@ -2020,7 +3319,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *         if reason is not None:             # <<<<<<<<<<<<<<
  *             b_reason = to_bytes(reason)
  *             _reason = b_reason
- */
+*/
   }
 
   /* "ssh/scp.pyx":69
@@ -2029,13 +3328,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_deny_request(self._scp, _reason)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":70
@@ -2044,7 +3342,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *             rc = c_ssh.ssh_scp_deny_request(self._scp, _reason)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_deny_request(__pyx_v_self->_scp, __pyx_v__reason);
       }
 
@@ -2054,13 +3352,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_deny_request(self._scp, _reason)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
@@ -2073,13 +3369,13 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     cpdef close(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_5 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_5 == ((int)-1))) __PYX_ERR(0, 71, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_5); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 71, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_r = __pyx_t_3;
-  __pyx_t_3 = 0;
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 71, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 71, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_r = __pyx_t_2;
+  __pyx_t_2 = 0;
   goto __pyx_L0;
 
   /* "ssh/scp.pyx":62
@@ -2088,11 +3384,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *     def deny_request(self, reason=None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_reason
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_XDECREF(__pyx_t_2);
   __Pyx_AddTraceback("ssh.scp.SCP.deny_request", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2108,9 +3404,15 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6deny_request(struct __pyx_obj_3ssh_3sc
  *     cpdef close(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_9close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_9close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
 static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self, int __pyx_skip_dispatch) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
@@ -2119,8 +3421,9 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
   PyObject *__pyx_t_2 = NULL;
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
-  int __pyx_t_5;
+  size_t __pyx_t_5;
   int __pyx_t_6;
+  int __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2128,32 +3431,46 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
   /* Check if called by wrapper */
   if (unlikely(__pyx_skip_dispatch)) ;
   /* Check if overridden in Python */
-  else if (unlikely((Py_TYPE(((PyObject *)__pyx_v_self))->tp_dictoffset != 0) || (Py_TYPE(((PyObject *)__pyx_v_self))->tp_flags & (Py_TPFLAGS_IS_ABSTRACT | Py_TPFLAGS_HEAPTYPE)))) {
+  else if (
+  #if !CYTHON_USE_TYPE_SLOTS
+  unlikely(Py_TYPE(((PyObject *)__pyx_v_self)) != __pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP &&
+  __Pyx_PyType_HasFeature(Py_TYPE(((PyObject *)__pyx_v_self)), Py_TPFLAGS_HAVE_GC))
+  #else
+  unlikely(Py_TYPE(((PyObject *)__pyx_v_self))->tp_dictoffset != 0 || __Pyx_PyType_HasFeature(Py_TYPE(((PyObject *)__pyx_v_self)), (Py_TPFLAGS_IS_ABSTRACT | Py_TPFLAGS_HEAPTYPE)))
+  #endif
+  ) {
     #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_PYTYPE_LOOKUP && CYTHON_USE_TYPE_SLOTS
     static PY_UINT64_T __pyx_tp_dict_version = __PYX_DICT_VERSION_INIT, __pyx_obj_dict_version = __PYX_DICT_VERSION_INIT;
     if (unlikely(!__Pyx_object_dict_version_matches(((PyObject *)__pyx_v_self), __pyx_tp_dict_version, __pyx_obj_dict_version))) {
-      PY_UINT64_T __pyx_type_dict_guard = __Pyx_get_tp_dict_version(((PyObject *)__pyx_v_self));
+      PY_UINT64_T __pyx_typedict_guard = __Pyx_get_tp_dict_version(((PyObject *)__pyx_v_self));
       #endif
-      __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_close); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
+      __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_mstate_global->__pyx_n_u_close); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
       __Pyx_GOTREF(__pyx_t_1);
-      if (!PyCFunction_Check(__pyx_t_1) || (PyCFunction_GET_FUNCTION(__pyx_t_1) != (PyCFunction)(void*)__pyx_pw_3ssh_3scp_3SCP_9close)) {
+      if (!__Pyx_IsSameCFunction(__pyx_t_1, (void(*)(void)) __pyx_pw_3ssh_3scp_3SCP_9close)) {
         __Pyx_XDECREF(__pyx_r);
+        __pyx_t_3 = NULL;
         __Pyx_INCREF(__pyx_t_1);
-        __pyx_t_3 = __pyx_t_1; __pyx_t_4 = NULL;
-        if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-          __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_3);
-          if (likely(__pyx_t_4)) {
-            PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-            __Pyx_INCREF(__pyx_t_4);
-            __Pyx_INCREF(function);
-            __Pyx_DECREF_SET(__pyx_t_3, function);
-          }
+        __pyx_t_4 = __pyx_t_1; 
+        __pyx_t_5 = 1;
+        #if CYTHON_UNPACK_METHODS
+        if (unlikely(PyMethod_Check(__pyx_t_4))) {
+          __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+          assert(__pyx_t_3);
+          PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+          __Pyx_INCREF(__pyx_t_3);
+          __Pyx_INCREF(__pyx__function);
+          __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+          __pyx_t_5 = 0;
+        }
+        #endif
+        {
+          PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+          __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_5, (1-__pyx_t_5) | (__pyx_t_5*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+          __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+          __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+          if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
+          __Pyx_GOTREF(__pyx_t_2);
         }
-        __pyx_t_2 = (__pyx_t_4) ? __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4) : __Pyx_PyObject_CallNoArg(__pyx_t_3);
-        __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-        if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
-        __Pyx_GOTREF(__pyx_t_2);
-        __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
         __pyx_r = __pyx_t_2;
         __pyx_t_2 = 0;
         __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
@@ -2162,7 +3479,7 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
       #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_PYTYPE_LOOKUP && CYTHON_USE_TYPE_SLOTS
       __pyx_tp_dict_version = __Pyx_get_tp_dict_version(((PyObject *)__pyx_v_self));
       __pyx_obj_dict_version = __Pyx_get_object_dict_version(((PyObject *)__pyx_v_self));
-      if (unlikely(__pyx_type_dict_guard != __pyx_tp_dict_version)) {
+      if (unlikely(__pyx_typedict_guard != __pyx_tp_dict_version)) {
         __pyx_tp_dict_version = __pyx_obj_dict_version = __PYX_DICT_VERSION_INIT;
       }
       #endif
@@ -2178,9 +3495,8 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
-  __pyx_t_5 = (__pyx_v_self->closed != 0);
-  if (__pyx_t_5) {
+*/
+  if (__pyx_v_self->closed) {
 
     /* "ssh/scp.pyx":76
  *         cdef int rc
@@ -2188,10 +3504,10 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *             return 0             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_scp_close(self._scp)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_INCREF(__pyx_int_0);
-    __pyx_r = __pyx_int_0;
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __pyx_r = __pyx_mstate_global->__pyx_int_0;
     goto __pyx_L0;
 
     /* "ssh/scp.pyx":75
@@ -2200,7 +3516,7 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
+*/
   }
 
   /* "ssh/scp.pyx":77
@@ -2209,13 +3525,12 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_close(self._scp)
  *             if rc == 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":78
@@ -2224,7 +3539,7 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *             rc = c_ssh.ssh_scp_close(self._scp)             # <<<<<<<<<<<<<<
  *             if rc == 0:
  *                 self.closed = True
- */
+*/
         __pyx_v_rc = ssh_scp_close(__pyx_v_self->_scp);
 
         /* "ssh/scp.pyx":79
@@ -2233,9 +3548,9 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *             if rc == 0:             # <<<<<<<<<<<<<<
  *                 self.closed = True
  *         return handle_error_codes(rc, self.session._session)
- */
-        __pyx_t_5 = ((__pyx_v_rc == 0) != 0);
-        if (__pyx_t_5) {
+*/
+        __pyx_t_6 = (__pyx_v_rc == 0);
+        if (__pyx_t_6) {
 
           /* "ssh/scp.pyx":80
  *             rc = c_ssh.ssh_scp_close(self._scp)
@@ -2243,7 +3558,7 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *                 self.closed = True             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
           __pyx_v_self->closed = 1;
 
           /* "ssh/scp.pyx":79
@@ -2252,7 +3567,7 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *             if rc == 0:             # <<<<<<<<<<<<<<
  *                 self.closed = True
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
         }
       }
 
@@ -2262,13 +3577,11 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_close(self._scp)
  *             if rc == 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
@@ -2281,10 +3594,10 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def init(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_6 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_6 == ((int)-1))) __PYX_ERR(0, 81, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __pyx_t_7 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_7 == ((int)-1))) __PYX_ERR(0, 81, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_7); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 81, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -2296,7 +3609,7 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
  *     cpdef close(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2313,12 +3626,41 @@ static PyObject *__pyx_f_3ssh_3scp_3SCP_close(struct __pyx_obj_3ssh_3scp_SCP *__
 }
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_9close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_8close[] = "SCP.close(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_9close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_9close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_8close, "SCP.close(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_9close = {"close", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_9close, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_8close};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_9close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("close (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("close", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("close", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_8close(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -2358,15 +3700,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_8close(struct __pyx_obj_3ssh_3scp_SCP *
  *     def init(self):             # <<<<<<<<<<<<<<
  *         """Handled by session.scp_new"""
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_11init(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_10init[] = "SCP.init(self)\nHandled by session.scp_new";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_11init(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_11init(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_10init, "SCP.init(self)\n\nHandled by session.scp_new");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_11init = {"init", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_11init, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_10init};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_11init(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("init (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("init", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("init", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_10init(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -2391,13 +3762,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_10init(struct __pyx_obj_3ssh_3scp_SCP *
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_init(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":87
@@ -2406,7 +3776,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_10init(struct __pyx_obj_3ssh_3scp_SCP *
  *             rc = c_ssh.ssh_scp_init(self._scp)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_init(__pyx_v_self->_scp);
       }
 
@@ -2416,13 +3786,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_10init(struct __pyx_obj_3ssh_3scp_SCP *
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_init(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2435,10 +3803,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_10init(struct __pyx_obj_3ssh_3scp_SCP *
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def leave_directory(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 88, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 88, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 88, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2450,7 +3818,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_10init(struct __pyx_obj_3ssh_3scp_SCP *
  *     def init(self):             # <<<<<<<<<<<<<<
  *         """Handled by session.scp_new"""
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2469,15 +3837,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_10init(struct __pyx_obj_3ssh_3scp_SCP *
  *     def leave_directory(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_13leave_directory(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_12leave_directory[] = "SCP.leave_directory(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_13leave_directory(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_13leave_directory(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_12leave_directory, "SCP.leave_directory(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_13leave_directory = {"leave_directory", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_13leave_directory, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_12leave_directory};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_13leave_directory(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("leave_directory (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("leave_directory", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("leave_directory", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_12leave_directory(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -2502,13 +3899,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_12leave_directory(struct __pyx_obj_3ssh
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_leave_directory(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":93
@@ -2517,7 +3913,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_12leave_directory(struct __pyx_obj_3ssh
  *             rc = c_ssh.ssh_scp_leave_directory(self._scp)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_leave_directory(__pyx_v_self->_scp);
       }
 
@@ -2527,13 +3923,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_12leave_directory(struct __pyx_obj_3ssh
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_leave_directory(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2546,10 +3940,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_12leave_directory(struct __pyx_obj_3ssh
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def pull_request(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 94, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 94, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 94, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2561,7 +3955,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_12leave_directory(struct __pyx_obj_3ssh
  *     def leave_directory(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2580,15 +3974,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_12leave_directory(struct __pyx_obj_3ssh
  *     def pull_request(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_15pull_request(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_14pull_request[] = "SCP.pull_request(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_15pull_request(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_15pull_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_14pull_request, "SCP.pull_request(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_15pull_request = {"pull_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_15pull_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_14pull_request};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_15pull_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("pull_request (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("pull_request", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("pull_request", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_14pull_request(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -2613,13 +4036,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_14pull_request(struct __pyx_obj_3ssh_3s
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_pull_request(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":99
@@ -2628,7 +4050,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_14pull_request(struct __pyx_obj_3ssh_3s
  *             rc = c_ssh.ssh_scp_pull_request(self._scp)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_pull_request(__pyx_v_self->_scp);
       }
 
@@ -2638,13 +4060,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_14pull_request(struct __pyx_obj_3ssh_3s
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_pull_request(self._scp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2657,10 +4077,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_14pull_request(struct __pyx_obj_3ssh_3s
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def push_directory(self, dirname not None, int mode):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 100, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 100, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 100, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2672,7 +4092,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_14pull_request(struct __pyx_obj_3ssh_3s
  *     def pull_request(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2691,62 +4111,88 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_14pull_request(struct __pyx_obj_3ssh_3s
  *     def push_directory(self, dirname not None, int mode):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_dirname = to_bytes(dirname)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_17push_directory(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_16push_directory[] = "SCP.push_directory(self, dirname, int mode)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_17push_directory(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_17push_directory(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_16push_directory, "SCP.push_directory(self, dirname, int mode)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_17push_directory = {"push_directory", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_17push_directory, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_16push_directory};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_17push_directory(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_dirname = 0;
   int __pyx_v_mode;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("push_directory (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_dirname,&__pyx_n_s_mode,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_dirname,&__pyx_mstate_global->__pyx_n_u_mode,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 102, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 102, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 102, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_dirname)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_mode)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("push_directory", 1, 2, 2, 1); __PYX_ERR(0, 102, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "push_directory") < 0)) __PYX_ERR(0, 102, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "push_directory", 0) < 0) __PYX_ERR(0, 102, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("push_directory", 1, 2, 2, i); __PYX_ERR(0, 102, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 102, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 102, __pyx_L3_error)
     }
     __pyx_v_dirname = values[0];
-    __pyx_v_mode = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_mode == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 102, __pyx_L3_error)
+    __pyx_v_mode = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_mode == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 102, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("push_directory", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 102, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("push_directory", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 102, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.scp.SCP.push_directory", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -2760,7 +4206,15 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_17push_directory(PyObject *__pyx_v_self
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2785,7 +4239,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *         cdef bytes b_dirname = to_bytes(dirname)             # <<<<<<<<<<<<<<
  *         cdef const char *_dirname = b_dirname
  *         with nogil:
- */
+*/
   __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_dirname); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 104, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_dirname = ((PyObject*)__pyx_t_1);
@@ -2797,7 +4251,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *         cdef const char *_dirname = b_dirname             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_scp_push_directory(self._scp, _dirname, mode)
- */
+*/
   if (unlikely(__pyx_v_b_dirname == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
     __PYX_ERR(0, 105, __pyx_L1_error)
@@ -2811,13 +4265,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_push_directory(self._scp, _dirname, mode)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":107
@@ -2826,7 +4279,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *             rc = c_ssh.ssh_scp_push_directory(self._scp, _dirname, mode)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_push_directory(__pyx_v_self->_scp, __pyx_v__dirname, __pyx_v_mode);
       }
 
@@ -2836,13 +4289,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_push_directory(self._scp, _dirname, mode)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2855,10 +4306,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def push_file(self, filename not None, size_t size, int perms):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 108, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 108, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 108, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -2870,7 +4321,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *     def push_directory(self, dirname not None, int mode):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_dirname = to_bytes(dirname)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2890,73 +4341,96 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_16push_directory(struct __pyx_obj_3ssh_
  *     def push_file(self, filename not None, size_t size, int perms):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_filename = to_bytes(filename)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_19push_file(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_18push_file[] = "SCP.push_file(self, filename, size_t size, int perms)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_19push_file(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_19push_file(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_18push_file, "SCP.push_file(self, filename, size_t size, int perms)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_19push_file = {"push_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_19push_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_18push_file};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_19push_file(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_filename = 0;
   size_t __pyx_v_size;
   int __pyx_v_perms;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("push_file (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_filename,&__pyx_n_s_size,&__pyx_n_s_perms,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filename,&__pyx_mstate_global->__pyx_n_u_size,&__pyx_mstate_global->__pyx_n_u_perms,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 110, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 110, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 110, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 110, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_filename)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("push_file", 1, 3, 3, 1); __PYX_ERR(0, 110, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_perms)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("push_file", 1, 3, 3, 2); __PYX_ERR(0, 110, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "push_file") < 0)) __PYX_ERR(0, 110, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "push_file", 0) < 0) __PYX_ERR(0, 110, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("push_file", 1, 3, 3, i); __PYX_ERR(0, 110, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 110, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 110, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 110, __pyx_L3_error)
     }
     __pyx_v_filename = values[0];
-    __pyx_v_size = __Pyx_PyInt_As_size_t(values[1]); if (unlikely((__pyx_v_size == (size_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 110, __pyx_L3_error)
-    __pyx_v_perms = __Pyx_PyInt_As_int(values[2]); if (unlikely((__pyx_v_perms == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 110, __pyx_L3_error)
+    __pyx_v_size = __Pyx_PyLong_As_size_t(values[1]); if (unlikely((__pyx_v_size == (size_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 110, __pyx_L3_error)
+    __pyx_v_perms = __Pyx_PyLong_As_int(values[2]); if (unlikely((__pyx_v_perms == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 110, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("push_file", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 110, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("push_file", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 110, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.scp.SCP.push_file", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -2970,7 +4444,15 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_19push_file(PyObject *__pyx_v_self, PyO
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2995,7 +4477,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *         cdef bytes b_filename = to_bytes(filename)             # <<<<<<<<<<<<<<
  *         cdef const char *_filename = b_filename
  *         with nogil:
- */
+*/
   __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filename); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 112, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filename = ((PyObject*)__pyx_t_1);
@@ -3007,7 +4489,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *         cdef const char *_filename = b_filename             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_scp_push_file(self._scp, _filename, size, perms)
- */
+*/
   if (unlikely(__pyx_v_b_filename == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
     __PYX_ERR(0, 113, __pyx_L1_error)
@@ -3021,13 +4503,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_push_file(self._scp, _filename, size, perms)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":115
@@ -3036,7 +4517,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *             rc = c_ssh.ssh_scp_push_file(self._scp, _filename, size, perms)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_push_file(__pyx_v_self->_scp, __pyx_v__filename, __pyx_v_size, __pyx_v_perms);
       }
 
@@ -3046,13 +4527,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_push_file(self._scp, _filename, size, perms)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3065,10 +4544,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def push_file64(self, filename not None, c_ssh.uint64_t size, int perms):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 116, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 116, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 116, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -3080,7 +4559,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *     def push_file(self, filename not None, size_t size, int perms):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_filename = to_bytes(filename)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3100,73 +4579,96 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_18push_file(struct __pyx_obj_3ssh_3scp_
  *     def push_file64(self, filename not None, c_ssh.uint64_t size, int perms):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_filename = to_bytes(filename)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_21push_file64(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_20push_file64[] = "SCP.push_file64(self, filename, uint64_t size, int perms)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_21push_file64(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_21push_file64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_20push_file64, "SCP.push_file64(self, filename, uint64_t size, int perms)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_21push_file64 = {"push_file64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_21push_file64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_20push_file64};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_21push_file64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_filename = 0;
   uint64_t __pyx_v_size;
   int __pyx_v_perms;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("push_file64 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_filename,&__pyx_n_s_size,&__pyx_n_s_perms,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filename,&__pyx_mstate_global->__pyx_n_u_size,&__pyx_mstate_global->__pyx_n_u_perms,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 118, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 118, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 118, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 118, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_filename)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("push_file64", 1, 3, 3, 1); __PYX_ERR(0, 118, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_perms)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("push_file64", 1, 3, 3, 2); __PYX_ERR(0, 118, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "push_file64") < 0)) __PYX_ERR(0, 118, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "push_file64", 0) < 0) __PYX_ERR(0, 118, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("push_file64", 1, 3, 3, i); __PYX_ERR(0, 118, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 118, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 118, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 118, __pyx_L3_error)
     }
     __pyx_v_filename = values[0];
-    __pyx_v_size = __Pyx_PyInt_As_uint64_t(values[1]); if (unlikely((__pyx_v_size == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 118, __pyx_L3_error)
-    __pyx_v_perms = __Pyx_PyInt_As_int(values[2]); if (unlikely((__pyx_v_perms == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 118, __pyx_L3_error)
+    __pyx_v_size = __Pyx_PyLong_As_uint64_t(values[1]); if (unlikely((__pyx_v_size == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 118, __pyx_L3_error)
+    __pyx_v_perms = __Pyx_PyLong_As_int(values[2]); if (unlikely((__pyx_v_perms == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 118, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("push_file64", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 118, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("push_file64", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 118, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.scp.SCP.push_file64", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3180,7 +4682,15 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_21push_file64(PyObject *__pyx_v_self, P
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3205,7 +4715,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *         cdef bytes b_filename = to_bytes(filename)             # <<<<<<<<<<<<<<
  *         cdef const char *_filename = b_filename
  *         with nogil:
- */
+*/
   __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filename); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 120, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filename = ((PyObject*)__pyx_t_1);
@@ -3217,7 +4727,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *         cdef const char *_filename = b_filename             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_scp_push_file64(self._scp, _filename, size, perms)
- */
+*/
   if (unlikely(__pyx_v_b_filename == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
     __PYX_ERR(0, 121, __pyx_L1_error)
@@ -3231,13 +4741,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_push_file64(self._scp, _filename, size, perms)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":123
@@ -3246,7 +4755,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *             rc = c_ssh.ssh_scp_push_file64(self._scp, _filename, size, perms)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_push_file64(__pyx_v_self->_scp, __pyx_v__filename, __pyx_v_size, __pyx_v_perms);
       }
 
@@ -3256,13 +4765,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_push_file64(self._scp, _filename, size, perms)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3275,10 +4782,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def read(self, c_ssh.uint32_t size=1024*1024):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 124, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 124, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 124, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -3290,7 +4797,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *     def push_file64(self, filename not None, c_ssh.uint64_t size, int perms):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_filename = to_bytes(filename)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3310,60 +4817,85 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_20push_file64(struct __pyx_obj_3ssh_3sc
  *     def read(self, c_ssh.uint32_t size=1024*1024):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes buf = b''
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_23read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_22read[] = "SCP.read(self, uint32_t size=1048576)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_23read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_23read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_22read, "SCP.read(self, uint32_t size=0x100000)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_23read = {"read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_23read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_22read};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_23read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v_size;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("read (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_size,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_size,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 126, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 126, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size);
-          if (value) { values[0] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "read") < 0)) __PYX_ERR(0, 126, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "read", 0) < 0) __PYX_ERR(0, 126, __pyx_L3_error)
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 126, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
     if (values[0]) {
-      __pyx_v_size = __Pyx_PyInt_As_uint32_t(values[0]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 126, __pyx_L3_error)
+      __pyx_v_size = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v_size == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 126, __pyx_L3_error)
     } else {
       __pyx_v_size = ((uint32_t)0x100000);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("read", 0, 0, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 126, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("read", 0, 0, 1, __pyx_nargs); __PYX_ERR(0, 126, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.scp.SCP.read", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3371,6 +4903,9 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_23read(PyObject *__pyx_v_self, PyObject
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_22read(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self), __pyx_v_size);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3404,9 +4939,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *         cdef bytes buf = b''             # <<<<<<<<<<<<<<
  *         cdef char* cbuf
  *         with nogil:
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_buf = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_buf = __pyx_mstate_global->__pyx_kp_b_;
 
   /* "ssh/scp.pyx":130
  *         cdef bytes buf = b''
@@ -3414,13 +4949,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":131
@@ -3429,7 +4963,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             cbuf = <char *>malloc(sizeof(char)*size)             # <<<<<<<<<<<<<<
  *             if cbuf is NULL:
  *                 with gil:
- */
+*/
         __pyx_v_cbuf = ((char *)malloc(((sizeof(char)) * __pyx_v_size)));
 
         /* "ssh/scp.pyx":132
@@ -3438,9 +4972,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v_cbuf == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_cbuf == NULL);
+        if (unlikely(__pyx_t_1)) {
 
           /* "ssh/scp.pyx":133
  *             cbuf = <char *>malloc(sizeof(char)*size)
@@ -3448,11 +4982,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_scp_read(self._scp, cbuf, size)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
                 /* "ssh/scp.pyx":134
@@ -3461,7 +4993,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_read(self._scp, cbuf, size)
  *         try:
- */
+*/
                 PyErr_NoMemory(); __PYX_ERR(0, 134, __pyx_L8_error)
               }
 
@@ -3471,12 +5003,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_scp_read(self._scp, cbuf, size)
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
@@ -3488,7 +5018,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             if cbuf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
         /* "ssh/scp.pyx":135
@@ -3497,7 +5027,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             rc = c_ssh.ssh_scp_read(self._scp, cbuf, size)             # <<<<<<<<<<<<<<
  *         try:
  *             if rc > 0:
- */
+*/
         __pyx_v_rc = ssh_scp_read(__pyx_v_self->_scp, __pyx_v_cbuf, __pyx_v_size);
       }
 
@@ -3507,20 +5037,16 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *         with nogil:             # <<<<<<<<<<<<<<
  *             cbuf = <char *>malloc(sizeof(char)*size)
  *             if cbuf is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
@@ -3533,7 +5059,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *         try:             # <<<<<<<<<<<<<<
  *             if rc > 0:
  *                 buf = cbuf[:rc]
- */
+*/
   /*try:*/ {
 
     /* "ssh/scp.pyx":137
@@ -3542,8 +5068,8 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
-    __pyx_t_1 = ((__pyx_v_rc > 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v_rc > 0);
     if (__pyx_t_1) {
 
       /* "ssh/scp.pyx":138
@@ -3552,7 +5078,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *                 buf = cbuf[:rc]             # <<<<<<<<<<<<<<
  *         finally:
  *             free(cbuf)
- */
+*/
       __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_cbuf + 0, __pyx_v_rc - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 138, __pyx_L11_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF_SET(__pyx_v_buf, ((PyObject*)__pyx_t_2));
@@ -3564,7 +5090,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             if rc > 0:             # <<<<<<<<<<<<<<
  *                 buf = cbuf[:rc]
  *         finally:
- */
+*/
     }
   }
 
@@ -3574,7 +5100,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *             free(cbuf)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session), buf
  * 
- */
+*/
   /*finally:*/ {
     /*normal exit:*/{
       free(__pyx_v_cbuf);
@@ -3586,8 +5112,8 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
       __Pyx_PyThreadState_assign
       __pyx_t_6 = 0; __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
+       __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
       __Pyx_XGOTREF(__pyx_t_6);
       __Pyx_XGOTREF(__pyx_t_7);
       __Pyx_XGOTREF(__pyx_t_8);
@@ -3598,12 +5124,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
       {
         free(__pyx_v_cbuf);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_9);
-        __Pyx_XGIVEREF(__pyx_t_10);
-        __Pyx_XGIVEREF(__pyx_t_11);
-        __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      }
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
       __Pyx_XGIVEREF(__pyx_t_6);
       __Pyx_XGIVEREF(__pyx_t_7);
       __Pyx_XGIVEREF(__pyx_t_8);
@@ -3621,18 +5145,18 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *         return handle_error_codes(rc, self.session._session), buf             # <<<<<<<<<<<<<<
  * 
  *     def request_get_filename(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 141, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 141, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 141, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_12);
   __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2) != (0)) __PYX_ERR(0, 141, __pyx_L1_error);
   __Pyx_INCREF(__pyx_v_buf);
   __Pyx_GIVEREF(__pyx_v_buf);
-  PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 141, __pyx_L1_error);
   __pyx_t_2 = 0;
   __pyx_r = __pyx_t_12;
   __pyx_t_12 = 0;
@@ -3644,7 +5168,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *     def read(self, c_ssh.uint32_t size=1024*1024):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes buf = b''
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3665,15 +5189,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_22read(struct __pyx_obj_3ssh_3scp_SCP *
  *     def request_get_filename(self):             # <<<<<<<<<<<<<<
  *         cdef const char *_filename
  *         cdef bytes filename = b''
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_25request_get_filename(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_24request_get_filename[] = "SCP.request_get_filename(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_25request_get_filename(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_25request_get_filename(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_24request_get_filename, "SCP.request_get_filename(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_25request_get_filename = {"request_get_filename", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_25request_get_filename, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_24request_get_filename};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_25request_get_filename(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_get_filename (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_get_filename", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_get_filename", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_24request_get_filename(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -3699,9 +5252,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         cdef bytes filename = b''             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _filename = c_ssh.ssh_scp_request_get_filename(self._scp)
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_filename = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_filename = __pyx_mstate_global->__pyx_kp_b_;
 
   /* "ssh/scp.pyx":146
  *         cdef const char *_filename
@@ -3709,13 +5262,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _filename = c_ssh.ssh_scp_request_get_filename(self._scp)
  *         if _filename is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":147
@@ -3724,7 +5276,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *             _filename = c_ssh.ssh_scp_request_get_filename(self._scp)             # <<<<<<<<<<<<<<
  *         if _filename is NULL:
  *             return filename
- */
+*/
         __pyx_v__filename = ssh_scp_request_get_filename(__pyx_v_self->_scp);
       }
 
@@ -3734,13 +5286,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _filename = c_ssh.ssh_scp_request_get_filename(self._scp)
  *         if _filename is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3753,8 +5303,8 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         if _filename is NULL:             # <<<<<<<<<<<<<<
  *             return filename
  *         filename = _filename
- */
-  __pyx_t_1 = ((__pyx_v__filename == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__filename == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/scp.pyx":149
@@ -3763,7 +5313,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *             return filename             # <<<<<<<<<<<<<<
  *         filename = _filename
  *         return filename
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __Pyx_INCREF(__pyx_v_filename);
     __pyx_r = __pyx_v_filename;
@@ -3775,7 +5325,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         if _filename is NULL:             # <<<<<<<<<<<<<<
  *             return filename
  *         filename = _filename
- */
+*/
   }
 
   /* "ssh/scp.pyx":150
@@ -3784,7 +5334,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         filename = _filename             # <<<<<<<<<<<<<<
  *         return filename
  * 
- */
+*/
   __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__filename); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 150, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF_SET(__pyx_v_filename, ((PyObject*)__pyx_t_2));
@@ -3796,7 +5346,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *         return filename             # <<<<<<<<<<<<<<
  * 
  *     def request_get_permissions(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_filename);
   __pyx_r = __pyx_v_filename;
@@ -3808,7 +5358,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *     def request_get_filename(self):             # <<<<<<<<<<<<<<
  *         cdef const char *_filename
  *         cdef bytes filename = b''
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3828,15 +5378,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_24request_get_filename(struct __pyx_obj
  *     def request_get_permissions(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_26request_get_permissions[] = "SCP.request_get_permissions(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_26request_get_permissions, "SCP.request_get_permissions(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_27request_get_permissions = {"request_get_permissions", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_26request_get_permissions};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_get_permissions (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_get_permissions", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_get_permissions", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -3860,13 +5439,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(struct __pyx_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_request_get_permissions(self._scp)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":156
@@ -3875,7 +5453,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(struct __pyx_
  *             rc = c_ssh.ssh_scp_request_get_permissions(self._scp)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_request_get_permissions(__pyx_v_self->_scp);
       }
 
@@ -3885,13 +5463,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(struct __pyx_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_request_get_permissions(self._scp)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3904,9 +5480,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(struct __pyx_
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def request_get_size(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 157, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -3918,7 +5494,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(struct __pyx_
  *     def request_get_permissions(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3937,15 +5513,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_26request_get_permissions(struct __pyx_
  *     def request_get_size(self):             # <<<<<<<<<<<<<<
  *         cdef size_t rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_29request_get_size(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_28request_get_size[] = "SCP.request_get_size(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_29request_get_size(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_29request_get_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_28request_get_size, "SCP.request_get_size(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_29request_get_size = {"request_get_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_29request_get_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_28request_get_size};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_29request_get_size(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_get_size (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_get_size", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_get_size", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_28request_get_size(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -3969,13 +5574,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_28request_get_size(struct __pyx_obj_3ss
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_request_get_size(self._scp)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":162
@@ -3984,7 +5588,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_28request_get_size(struct __pyx_obj_3ss
  *             rc = c_ssh.ssh_scp_request_get_size(self._scp)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_request_get_size(__pyx_v_self->_scp);
       }
 
@@ -3994,13 +5598,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_28request_get_size(struct __pyx_obj_3ss
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_request_get_size(self._scp)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4013,9 +5615,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_28request_get_size(struct __pyx_obj_3ss
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def request_get_size64(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_FromSize_t(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 163, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_FromSize_t(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 163, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -4027,7 +5629,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_28request_get_size(struct __pyx_obj_3ss
  *     def request_get_size(self):             # <<<<<<<<<<<<<<
  *         cdef size_t rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4046,15 +5648,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_28request_get_size(struct __pyx_obj_3ss
  *     def request_get_size64(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint64_t rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_31request_get_size64(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_30request_get_size64[] = "SCP.request_get_size64(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_31request_get_size64(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_31request_get_size64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_30request_get_size64, "SCP.request_get_size64(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_31request_get_size64 = {"request_get_size64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_31request_get_size64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_30request_get_size64};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_31request_get_size64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_get_size64 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_get_size64", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_get_size64", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_30request_get_size64(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -4078,13 +5709,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_30request_get_size64(struct __pyx_obj_3
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_request_get_size64(self._scp)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":168
@@ -4093,7 +5723,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_30request_get_size64(struct __pyx_obj_3
  *             rc = c_ssh.ssh_scp_request_get_size64(self._scp)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_scp_request_get_size64(__pyx_v_self->_scp);
       }
 
@@ -4103,13 +5733,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_30request_get_size64(struct __pyx_obj_3
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_request_get_size64(self._scp)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4122,9 +5750,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_30request_get_size64(struct __pyx_obj_3
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def request_get_warning(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_uint64_t(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 169, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_uint64_t(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 169, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
@@ -4136,7 +5764,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_30request_get_size64(struct __pyx_obj_3
  *     def request_get_size64(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.uint64_t rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4155,15 +5783,44 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_30request_get_size64(struct __pyx_obj_3
  *     def request_get_warning(self):             # <<<<<<<<<<<<<<
  *         cdef const char *_warning
  *         cdef bytes warning = b''
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_33request_get_warning(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_32request_get_warning[] = "SCP.request_get_warning(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_33request_get_warning(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_33request_get_warning(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_32request_get_warning, "SCP.request_get_warning(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_33request_get_warning = {"request_get_warning", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_33request_get_warning, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_32request_get_warning};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_33request_get_warning(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("request_get_warning (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("request_get_warning", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("request_get_warning", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_32request_get_warning(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -4189,9 +5846,9 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         cdef bytes warning = b''             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _warning = c_ssh.ssh_scp_request_get_warning(self._scp)
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_warning = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_warning = __pyx_mstate_global->__pyx_kp_b_;
 
   /* "ssh/scp.pyx":174
  *         cdef const char *_warning
@@ -4199,13 +5856,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _warning = c_ssh.ssh_scp_request_get_warning(self._scp)
  *         if _warning is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":175
@@ -4214,7 +5870,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *             _warning = c_ssh.ssh_scp_request_get_warning(self._scp)             # <<<<<<<<<<<<<<
  *         if _warning is NULL:
  *             return warning
- */
+*/
         __pyx_v__warning = ssh_scp_request_get_warning(__pyx_v_self->_scp);
       }
 
@@ -4224,13 +5880,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _warning = c_ssh.ssh_scp_request_get_warning(self._scp)
  *         if _warning is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4243,8 +5897,8 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         if _warning is NULL:             # <<<<<<<<<<<<<<
  *             return warning
  *         warning = _warning
- */
-  __pyx_t_1 = ((__pyx_v__warning == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__warning == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/scp.pyx":177
@@ -4253,7 +5907,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *             return warning             # <<<<<<<<<<<<<<
  *         warning = _warning
  *         return warning
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __Pyx_INCREF(__pyx_v_warning);
     __pyx_r = __pyx_v_warning;
@@ -4265,7 +5919,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         if _warning is NULL:             # <<<<<<<<<<<<<<
  *             return warning
  *         warning = _warning
- */
+*/
   }
 
   /* "ssh/scp.pyx":178
@@ -4274,7 +5928,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         warning = _warning             # <<<<<<<<<<<<<<
  *         return warning
  * 
- */
+*/
   __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__warning); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 178, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __Pyx_DECREF_SET(__pyx_v_warning, ((PyObject*)__pyx_t_2));
@@ -4286,7 +5940,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *         return warning             # <<<<<<<<<<<<<<
  * 
  *     def write(self, bytes data):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_warning);
   __pyx_r = __pyx_v_warning;
@@ -4298,7 +5952,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *     def request_get_warning(self):             # <<<<<<<<<<<<<<
  *         cdef const char *_warning
  *         cdef bytes warning = b''
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4318,26 +5972,100 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_32request_get_warning(struct __pyx_obj_
  *     def write(self, bytes data):             # <<<<<<<<<<<<<<
  *         cdef size_t size = len(data)
  *         cdef const_char *c_data = data
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_35write(PyObject *__pyx_v_self, PyObject *__pyx_v_data); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_34write[] = "SCP.write(self, bytes data)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_35write(PyObject *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_35write(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_34write, "SCP.write(self, bytes data)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_35write = {"write", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_35write, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_34write};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_35write(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_data = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("write (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_data,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 181, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 181, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "write", 0) < 0) __PYX_ERR(0, 181, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("write", 1, 1, 1, i); __PYX_ERR(0, 181, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 181, __pyx_L3_error)
+    }
+    __pyx_v_data = ((PyObject*)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("write", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 181, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.scp.SCP.write", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_data), (&PyBytes_Type), 1, "data", 1))) __PYX_ERR(0, 181, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_3scp_3SCP_34write(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self), ((PyObject*)__pyx_v_data));
+  __pyx_r = __pyx_pf_3ssh_3scp_3SCP_34write(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self), __pyx_v_data);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4363,12 +6091,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *         cdef size_t size = len(data)             # <<<<<<<<<<<<<<
  *         cdef const_char *c_data = data
  *         cdef int rc
- */
+*/
   if (unlikely(__pyx_v_data == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "object of type 'NoneType' has no len()");
     __PYX_ERR(0, 182, __pyx_L1_error)
   }
-  __pyx_t_1 = PyBytes_GET_SIZE(__pyx_v_data); if (unlikely(__pyx_t_1 == ((Py_ssize_t)-1))) __PYX_ERR(0, 182, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_GET_SIZE(__pyx_v_data); if (unlikely(__pyx_t_1 == ((Py_ssize_t)-1))) __PYX_ERR(0, 182, __pyx_L1_error)
   __pyx_v_size = __pyx_t_1;
 
   /* "ssh/scp.pyx":183
@@ -4377,7 +6105,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *         cdef const_char *c_data = data             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_data == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
     __PYX_ERR(0, 183, __pyx_L1_error)
@@ -4391,13 +6119,12 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_write(self._scp, c_data, size)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/scp.pyx":186
@@ -4405,7 +6132,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *         with nogil:
  *             rc = c_ssh.ssh_scp_write(self._scp, c_data, size)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
         __pyx_v_rc = ssh_scp_write(__pyx_v_self->_scp, __pyx_v_c_data, __pyx_v_size);
       }
 
@@ -4415,13 +6142,11 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_scp_write(self._scp, c_data, size)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4432,10 +6157,10 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *         with nogil:
  *             rc = c_ssh.ssh_scp_write(self._scp, c_data, size)
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 187, __pyx_L1_error)
-  __pyx_t_4 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 187, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 187, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
   __pyx_r = __pyx_t_4;
   __pyx_t_4 = 0;
@@ -4447,7 +6172,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *     def write(self, bytes data):             # <<<<<<<<<<<<<<
  *         cdef size_t size = len(data)
  *         cdef const_char *c_data = data
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4466,14 +6191,16 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_34write(struct __pyx_obj_3ssh_3scp_SCP
  *     cdef readonly Session session             # <<<<<<<<<<<<<<
  *     cdef readonly bint closed
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_3scp_3SCP_7session_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_3scp_3SCP_7session_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_7session___get__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -4486,7 +6213,7 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_7session___get__(struct __pyx_obj_3ssh_
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->session));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->session);
   __pyx_r = ((PyObject *)__pyx_v_self->session);
   goto __pyx_L0;
 
@@ -4503,14 +6230,16 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_7session___get__(struct __pyx_obj_3ssh_
  *     cdef readonly bint closed             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_3scp_3SCP_6closed_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_3scp_3SCP_6closed_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_6closed___get__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -4546,17 +6275,46 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_6closed___get__(struct __pyx_obj_3ssh_3
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_36__reduce_cython__[] = "SCP.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_36__reduce_cython__, "SCP.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_37__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_36__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_3scp_3SCP_36__reduce_cython__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self));
 
   /* function exit code */
@@ -4567,7 +6325,6 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__(PyObject *__pyx_v_s
 static PyObject *__pyx_pf_3ssh_3scp_3SCP_36__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4575,25 +6332,21 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_36__reduce_cython__(CYTHON_UNUSED struc
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.scp.SCP.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -4603,21 +6356,93 @@ static PyObject *__pyx_pf_3ssh_3scp_3SCP_36__reduce_cython__(CYTHON_UNUSED struc
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_3scp_3SCP_38__setstate_cython__[] = "SCP.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_3scp_3SCP_38__setstate_cython__, "SCP.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_3scp_3SCP_39__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_38__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_3scp_3SCP_38__setstate_cython__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.scp.SCP.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_3scp_3SCP_38__setstate_cython__(((struct __pyx_obj_3ssh_3scp_SCP *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4625,54 +6450,55 @@ static PyObject *__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__(PyObject *__pyx_v
 static PyObject *__pyx_pf_3ssh_3scp_3SCP_38__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_3scp_SCP *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__3, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.scp.SCP.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_3scp_SCP __pyx_vtable_3ssh_3scp_SCP;
 
 static PyObject *__pyx_tp_new_3ssh_3scp_SCP(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_3scp_SCP *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_3scp_SCP *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_3scp_SCP;
   p->session = ((struct __pyx_obj_3ssh_7session_Session *)Py_None); Py_INCREF(Py_None);
-  if (unlikely(__pyx_pw_3ssh_3scp_3SCP_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_3scp_3SCP_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -4682,8 +6508,10 @@ static PyObject *__pyx_tp_new_3ssh_3scp_SCP(PyTypeObject *t, CYTHON_UNUSED PyObj
 static void __pyx_tp_dealloc_3ssh_3scp_SCP(PyObject *o) {
   struct __pyx_obj_3ssh_3scp_SCP *p = (struct __pyx_obj_3ssh_3scp_SCP *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_3scp_SCP) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -4696,12 +6524,23 @@ static void __pyx_tp_dealloc_3ssh_3scp_SCP(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->session);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_3scp_SCP(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_3scp_SCP *p = (struct __pyx_obj_3ssh_3scp_SCP *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->session) {
     e = (*v)(((PyObject *)p->session), a); if (e) return e;
   }
@@ -4726,36 +6565,53 @@ static PyObject *__pyx_getprop_3ssh_3scp_3SCP_closed(PyObject *o, CYTHON_UNUSED
 }
 
 static PyMethodDef __pyx_methods_3ssh_3scp_SCP[] = {
-  {"accept_request", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_5accept_request, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_4accept_request},
-  {"deny_request", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3scp_3SCP_7deny_request, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_6deny_request},
-  {"close", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_9close, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_8close},
-  {"init", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_11init, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_10init},
-  {"leave_directory", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_13leave_directory, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_12leave_directory},
-  {"pull_request", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_15pull_request, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_14pull_request},
-  {"push_directory", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3scp_3SCP_17push_directory, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_16push_directory},
-  {"push_file", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3scp_3SCP_19push_file, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_18push_file},
-  {"push_file64", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3scp_3SCP_21push_file64, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_20push_file64},
-  {"read", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_3scp_3SCP_23read, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_22read},
-  {"request_get_filename", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_25request_get_filename, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_24request_get_filename},
-  {"request_get_permissions", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_26request_get_permissions},
-  {"request_get_size", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_29request_get_size, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_28request_get_size},
-  {"request_get_size64", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_31request_get_size64, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_30request_get_size64},
-  {"request_get_warning", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_33request_get_warning, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_32request_get_warning},
-  {"write", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_35write, METH_O, __pyx_doc_3ssh_3scp_3SCP_34write},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_3scp_3SCP_36__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__, METH_O, __pyx_doc_3ssh_3scp_3SCP_38__setstate_cython__},
+  {"accept_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_5accept_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_4accept_request},
+  {"deny_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_7deny_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_6deny_request},
+  {"init", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_11init, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_10init},
+  {"leave_directory", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_13leave_directory, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_12leave_directory},
+  {"pull_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_15pull_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_14pull_request},
+  {"push_directory", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_17push_directory, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_16push_directory},
+  {"push_file", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_19push_file, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_18push_file},
+  {"push_file64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_21push_file64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_20push_file64},
+  {"read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_23read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_22read},
+  {"request_get_filename", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_25request_get_filename, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_24request_get_filename},
+  {"request_get_permissions", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_27request_get_permissions, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_26request_get_permissions},
+  {"request_get_size", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_29request_get_size, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_28request_get_size},
+  {"request_get_size64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_31request_get_size64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_30request_get_size64},
+  {"request_get_warning", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_33request_get_warning, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_32request_get_warning},
+  {"write", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_35write, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_34write},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_37__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_36__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_3scp_3SCP_39__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_3scp_3SCP_38__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_3scp_SCP[] = {
-  {(char *)"session", __pyx_getprop_3ssh_3scp_3SCP_session, 0, (char *)0, 0},
-  {(char *)"closed", __pyx_getprop_3ssh_3scp_3SCP_closed, 0, (char *)0, 0},
+  {"session", __pyx_getprop_3ssh_3scp_3SCP_session, 0, 0, 0},
+  {"closed", __pyx_getprop_3ssh_3scp_3SCP_closed, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_3scp_SCP_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_3scp_SCP},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_3scp_SCP},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_3scp_SCP},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_3scp_SCP},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_3scp_SCP},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_3scp_SCP},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_3scp_SCP_spec = {
+  "ssh.scp.SCP",
+  sizeof(struct __pyx_obj_3ssh_3scp_SCP),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_3scp_SCP_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_3scp_SCP = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.scp.SCP", /*tp_name*/
+  "ssh.scp.""SCP", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_3scp_SCP), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_3scp_SCP, /*tp_dealloc*/
@@ -4767,12 +6623,7 @@ static PyTypeObject __pyx_type_3ssh_3scp_SCP = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -4798,7 +6649,9 @@ static PyTypeObject __pyx_type_3ssh_3scp_SCP = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_3scp_SCP, /*tp_new*/
@@ -4811,178 +6664,77 @@ static PyTypeObject __pyx_type_3ssh_3scp_SCP = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_scp(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_scp},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "scp",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_kp_b_, __pyx_k_, sizeof(__pyx_k_), 0, 0, 0, 0},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_SCP, __pyx_k_SCP, sizeof(__pyx_k_SCP), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_READ, __pyx_k_SSH_SCP_READ, sizeof(__pyx_k_SSH_SCP_READ), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_RECURSIVE, __pyx_k_SSH_SCP_RECURSIVE, sizeof(__pyx_k_SSH_SCP_RECURSIVE), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_REQUEST_ENDDIR, __pyx_k_SSH_SCP_REQUEST_ENDDIR, sizeof(__pyx_k_SSH_SCP_REQUEST_ENDDIR), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_REQUEST_EOF, __pyx_k_SSH_SCP_REQUEST_EOF, sizeof(__pyx_k_SSH_SCP_REQUEST_EOF), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_REQUEST_NEWDIR, __pyx_k_SSH_SCP_REQUEST_NEWDIR, sizeof(__pyx_k_SSH_SCP_REQUEST_NEWDIR), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_REQUEST_NEWFILE, __pyx_k_SSH_SCP_REQUEST_NEWFILE, sizeof(__pyx_k_SSH_SCP_REQUEST_NEWFILE), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_REQUEST_WARNING, __pyx_k_SSH_SCP_REQUEST_WARNING, sizeof(__pyx_k_SSH_SCP_REQUEST_WARNING), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_SCP_WRITE, __pyx_k_SSH_SCP_WRITE, sizeof(__pyx_k_SSH_SCP_WRITE), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_close, __pyx_k_close, sizeof(__pyx_k_close), 0, 0, 1, 1},
-  {&__pyx_n_s_dirname, __pyx_k_dirname, sizeof(__pyx_k_dirname), 0, 0, 1, 1},
-  {&__pyx_n_s_filename, __pyx_k_filename, sizeof(__pyx_k_filename), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_mode, __pyx_k_mode, sizeof(__pyx_k_mode), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_perms, __pyx_k_perms, sizeof(__pyx_k_perms), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reason, __pyx_k_reason, sizeof(__pyx_k_reason), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_size, __pyx_k_size, sizeof(__pyx_k_size), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 134, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__3 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__3);
-  __Pyx_GIVEREF(__pyx_tuple__3);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  __pyx_int_0 = PyInt_FromLong(0); if (unlikely(!__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4991,17 +6743,26 @@ static int __Pyx_modinit_type_init_code(void) {
   __pyx_vtabptr_3ssh_3scp_SCP = &__pyx_vtable_3ssh_3scp_SCP;
   __pyx_vtable_3ssh_3scp_SCP.from_ptr = (struct __pyx_obj_3ssh_3scp_SCP *(*)(ssh_scp, struct __pyx_obj_3ssh_7session_Session *))__pyx_f_3ssh_3scp_3SCP_from_ptr;
   __pyx_vtable_3ssh_3scp_SCP.close = (PyObject *(*)(struct __pyx_obj_3ssh_3scp_SCP *, int __pyx_skip_dispatch))__pyx_f_3ssh_3scp_3SCP_close;
-  if (PyType_Ready(&__pyx_type_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_3scp_SCP.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_3scp_SCP_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP)) __PYX_ERR(0, 37, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_3scp_SCP_spec, __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP = &__pyx_type_3ssh_3scp_SCP;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_3scp_SCP.tp_dictoffset && __pyx_type_3ssh_3scp_SCP.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_3scp_SCP.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_3scp_SCP.tp_dict, __pyx_vtabptr_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SCP, (PyObject *)&__pyx_type_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
-  __pyx_ptype_3ssh_3scp_SCP = &__pyx_type_3ssh_3scp_SCP;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP, __pyx_vtabptr_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SCP, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -5009,8 +6770,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -5019,8 +6781,15 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -5030,16 +6799,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -5048,9 +6819,9 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -5060,50 +6831,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_scp(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_scp},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "scp",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initscp(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initscp(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_scp(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_scp(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -5111,7 +6953,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -5126,10 +6970,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -5152,9 +6999,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_scp(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5165,9 +7017,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_scp(PyObject *__pyx_pyinit_module)
     PyErr_SetString(PyExc_RuntimeError, "Module 'scp' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "scp" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -5177,88 +7057,61 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_scp(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_scp", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("scp", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__scp) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.scp")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.scp", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.scp", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/scp.pyx":25
  * 
@@ -5266,11 +7119,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_REQUEST_NEWDIR = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_NEWDIR             # <<<<<<<<<<<<<<
  * SSH_SCP_REQUEST_NEWFILE = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_NEWFILE
  * SSH_SCP_REQUEST_EOF = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_EOF
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_NEWDIR); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 25, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_REQUEST_NEWDIR, __pyx_t_1) < 0) __PYX_ERR(0, 25, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_NEWDIR); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 25, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_REQUEST_NEWDIR, __pyx_t_2) < 0) __PYX_ERR(0, 25, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":26
  * 
@@ -5278,11 +7131,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_REQUEST_NEWFILE = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_NEWFILE             # <<<<<<<<<<<<<<
  * SSH_SCP_REQUEST_EOF = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_EOF
  * SSH_SCP_REQUEST_ENDDIR = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_ENDDIR
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_NEWFILE); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_REQUEST_NEWFILE, __pyx_t_1) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_NEWFILE); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_REQUEST_NEWFILE, __pyx_t_2) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":27
  * SSH_SCP_REQUEST_NEWDIR = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_NEWDIR
@@ -5290,11 +7143,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_REQUEST_EOF = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_EOF             # <<<<<<<<<<<<<<
  * SSH_SCP_REQUEST_ENDDIR = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_ENDDIR
  * SSH_SCP_REQUEST_WARNING = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_WARNING
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_EOF); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 27, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_REQUEST_EOF, __pyx_t_1) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_EOF); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_REQUEST_EOF, __pyx_t_2) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":28
  * SSH_SCP_REQUEST_NEWFILE = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_NEWFILE
@@ -5302,11 +7155,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_REQUEST_ENDDIR = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_ENDDIR             # <<<<<<<<<<<<<<
  * SSH_SCP_REQUEST_WARNING = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_WARNING
  * 
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_ENDDIR); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 28, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_REQUEST_ENDDIR, __pyx_t_1) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_ENDDIR); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_REQUEST_ENDDIR, __pyx_t_2) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":29
  * SSH_SCP_REQUEST_EOF = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_EOF
@@ -5314,11 +7167,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_REQUEST_WARNING = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_WARNING             # <<<<<<<<<<<<<<
  * 
  * 
- */
-  __pyx_t_1 = __Pyx_PyInt_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_WARNING); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_REQUEST_WARNING, __pyx_t_1) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From_enum__ssh_scp_request_types(SSH_SCP_REQUEST_WARNING); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_REQUEST_WARNING, __pyx_t_2) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":32
  * 
@@ -5326,11 +7179,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_WRITE = c_ssh.SSH_SCP_WRITE             # <<<<<<<<<<<<<<
  * SSH_SCP_READ = c_ssh.SSH_SCP_READ
  * SSH_SCP_RECURSIVE = c_ssh.SSH_SCP_RECURSIVE
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_SCP_WRITE); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 32, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_WRITE, __pyx_t_1) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_SCP_WRITE); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 32, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_WRITE, __pyx_t_2) < 0) __PYX_ERR(0, 32, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":33
  * 
@@ -5338,11 +7191,11 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_READ = c_ssh.SSH_SCP_READ             # <<<<<<<<<<<<<<
  * SSH_SCP_RECURSIVE = c_ssh.SSH_SCP_RECURSIVE
  * 
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_SCP_READ); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 33, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_READ, __pyx_t_1) < 0) __PYX_ERR(0, 33, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_SCP_READ); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 33, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_READ, __pyx_t_2) < 0) __PYX_ERR(0, 33, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/scp.pyx":34
  * SSH_SCP_WRITE = c_ssh.SSH_SCP_WRITE
@@ -5350,32 +7203,257 @@ if (!__Pyx_RefNanny) {
  * SSH_SCP_RECURSIVE = c_ssh.SSH_SCP_RECURSIVE             # <<<<<<<<<<<<<<
  * 
  * 
- */
-  __pyx_t_1 = __Pyx_PyInt_From_int(SSH_SCP_RECURSIVE); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 34, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_SCP_RECURSIVE, __pyx_t_1) < 0) __PYX_ERR(0, 34, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-
-  /* "ssh/scp.pyx":1
- * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
- * # Copyright (C) 2018 Panos Kittenis
- * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-
-  /*--- Wrapped vars code ---*/
+*/
+  __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_SCP_RECURSIVE); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 34, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_SCP_RECURSIVE, __pyx_t_2) < 0) __PYX_ERR(0, 34, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
-  goto __pyx_L0;
+  /* "ssh/scp.pyx":56
+ *         return scp
+ * 
+ *     def accept_request(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_5accept_request, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_accept_request, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_accept_request, __pyx_t_2) < 0) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":62
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def deny_request(self, reason=None):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes b_reason
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_7deny_request, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_deny_request, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_deny_request, __pyx_t_2) < 0) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":73
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     cpdef close(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         if self.closed:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_9close, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_close, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_close, __pyx_t_2) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":83
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def init(self):             # <<<<<<<<<<<<<<
+ *         """Handled by session.scp_new"""
+ *         cdef int rc
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_11init, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_init, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 83, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_init, __pyx_t_2) < 0) __PYX_ERR(0, 83, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":90
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def leave_directory(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_13leave_directory, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_leave_directory, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 90, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_leave_directory, __pyx_t_2) < 0) __PYX_ERR(0, 90, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":96
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def pull_request(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_15pull_request, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_pull_request, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 96, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_pull_request, __pyx_t_2) < 0) __PYX_ERR(0, 96, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":102
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def push_directory(self, dirname not None, int mode):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes b_dirname = to_bytes(dirname)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_17push_directory, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_push_directory, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 102, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_push_directory, __pyx_t_2) < 0) __PYX_ERR(0, 102, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":110
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def push_file(self, filename not None, size_t size, int perms):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes b_filename = to_bytes(filename)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_19push_file, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_push_file, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 110, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_push_file, __pyx_t_2) < 0) __PYX_ERR(0, 110, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":118
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def push_file64(self, filename not None, c_ssh.uint64_t size, int perms):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes b_filename = to_bytes(filename)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_21push_file64, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_push_file64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 118, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_push_file64, __pyx_t_2) < 0) __PYX_ERR(0, 118, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":126
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def read(self, c_ssh.uint32_t size=1024*1024):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes buf = b''
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_23read, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_read, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[1]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_read, __pyx_t_2) < 0) __PYX_ERR(0, 126, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":143
+ *         return handle_error_codes(rc, self.session._session), buf
+ * 
+ *     def request_get_filename(self):             # <<<<<<<<<<<<<<
+ *         cdef const char *_filename
+ *         cdef bytes filename = b''
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_25request_get_filename, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_request_get_filename, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 143, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_request_get_filename, __pyx_t_2) < 0) __PYX_ERR(0, 143, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":153
+ *         return filename
+ * 
+ *     def request_get_permissions(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_27request_get_permissions, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_request_get_permissions, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_request_get_permissions, __pyx_t_2) < 0) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":159
+ *         return rc
+ * 
+ *     def request_get_size(self):             # <<<<<<<<<<<<<<
+ *         cdef size_t rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_29request_get_size, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_request_get_size, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 159, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_request_get_size, __pyx_t_2) < 0) __PYX_ERR(0, 159, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":165
+ *         return rc
+ * 
+ *     def request_get_size64(self):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.uint64_t rc
+ *         with nogil:
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_31request_get_size64, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_request_get_size64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_request_get_size64, __pyx_t_2) < 0) __PYX_ERR(0, 165, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":171
+ *         return rc
+ * 
+ *     def request_get_warning(self):             # <<<<<<<<<<<<<<
+ *         cdef const char *_warning
+ *         cdef bytes warning = b''
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_33request_get_warning, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_request_get_warning, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 171, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_request_get_warning, __pyx_t_2) < 0) __PYX_ERR(0, 171, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":181
+ *         return warning
+ * 
+ *     def write(self, bytes data):             # <<<<<<<<<<<<<<
+ *         cdef size_t size = len(data)
+ *         cdef const_char *c_data = data
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_35write, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP_write, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 181, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_3scp_SCP, __pyx_mstate_global->__pyx_n_u_write, __pyx_t_2) < 0) __PYX_ERR(0, 181, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_37__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_3scp_3SCP_39__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SCP___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_scp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "ssh/scp.pyx":1
+ * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
+ * # Copyright (C) 2018 Panos Kittenis
+ * #
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /*--- Wrapped vars code ---*/
+
+  goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.scp", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.scp");
   }
@@ -5383,12 +7461,358 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 0, 0}, /* PyObject cname: __pyx_kp_b_ */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_SCP, sizeof(__pyx_k_SCP), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP */
+  {__pyx_k_SCP___reduce_cython, sizeof(__pyx_k_SCP___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP___reduce_cython */
+  {__pyx_k_SCP___setstate_cython, sizeof(__pyx_k_SCP___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP___setstate_cython */
+  {__pyx_k_SCP_accept_request, sizeof(__pyx_k_SCP_accept_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_accept_request */
+  {__pyx_k_SCP_close, sizeof(__pyx_k_SCP_close), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_close */
+  {__pyx_k_SCP_deny_request, sizeof(__pyx_k_SCP_deny_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_deny_request */
+  {__pyx_k_SCP_init, sizeof(__pyx_k_SCP_init), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_init */
+  {__pyx_k_SCP_leave_directory, sizeof(__pyx_k_SCP_leave_directory), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_leave_directory */
+  {__pyx_k_SCP_pull_request, sizeof(__pyx_k_SCP_pull_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_pull_request */
+  {__pyx_k_SCP_push_directory, sizeof(__pyx_k_SCP_push_directory), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_push_directory */
+  {__pyx_k_SCP_push_file, sizeof(__pyx_k_SCP_push_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_push_file */
+  {__pyx_k_SCP_push_file64, sizeof(__pyx_k_SCP_push_file64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_push_file64 */
+  {__pyx_k_SCP_read, sizeof(__pyx_k_SCP_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_read */
+  {__pyx_k_SCP_request_get_filename, sizeof(__pyx_k_SCP_request_get_filename), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_request_get_filename */
+  {__pyx_k_SCP_request_get_permissions, sizeof(__pyx_k_SCP_request_get_permissions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_request_get_permissions */
+  {__pyx_k_SCP_request_get_size, sizeof(__pyx_k_SCP_request_get_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_request_get_size */
+  {__pyx_k_SCP_request_get_size64, sizeof(__pyx_k_SCP_request_get_size64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_request_get_size64 */
+  {__pyx_k_SCP_request_get_warning, sizeof(__pyx_k_SCP_request_get_warning), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_request_get_warning */
+  {__pyx_k_SCP_write, sizeof(__pyx_k_SCP_write), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SCP_write */
+  {__pyx_k_SSH_SCP_READ, sizeof(__pyx_k_SSH_SCP_READ), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_READ */
+  {__pyx_k_SSH_SCP_RECURSIVE, sizeof(__pyx_k_SSH_SCP_RECURSIVE), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_RECURSIVE */
+  {__pyx_k_SSH_SCP_REQUEST_ENDDIR, sizeof(__pyx_k_SSH_SCP_REQUEST_ENDDIR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_REQUEST_ENDDIR */
+  {__pyx_k_SSH_SCP_REQUEST_EOF, sizeof(__pyx_k_SSH_SCP_REQUEST_EOF), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_REQUEST_EOF */
+  {__pyx_k_SSH_SCP_REQUEST_NEWDIR, sizeof(__pyx_k_SSH_SCP_REQUEST_NEWDIR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_REQUEST_NEWDIR */
+  {__pyx_k_SSH_SCP_REQUEST_NEWFILE, sizeof(__pyx_k_SSH_SCP_REQUEST_NEWFILE), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_REQUEST_NEWFILE */
+  {__pyx_k_SSH_SCP_REQUEST_WARNING, sizeof(__pyx_k_SSH_SCP_REQUEST_WARNING), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_REQUEST_WARNING */
+  {__pyx_k_SSH_SCP_WRITE, sizeof(__pyx_k_SSH_SCP_WRITE), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_SCP_WRITE */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_accept_request, sizeof(__pyx_k_accept_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_accept_request */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_b_dirname, sizeof(__pyx_k_b_dirname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_dirname */
+  {__pyx_k_b_filename, sizeof(__pyx_k_b_filename), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_filename */
+  {__pyx_k_b_reason, sizeof(__pyx_k_b_reason), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_reason */
+  {__pyx_k_buf, sizeof(__pyx_k_buf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_buf */
+  {__pyx_k_c_data, sizeof(__pyx_k_c_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_data */
+  {__pyx_k_cbuf, sizeof(__pyx_k_cbuf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cbuf */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_close, sizeof(__pyx_k_close), 0, 1, 1}, /* PyObject cname: __pyx_n_u_close */
+  {__pyx_k_data, sizeof(__pyx_k_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_data */
+  {__pyx_k_deny_request, sizeof(__pyx_k_deny_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_deny_request */
+  {__pyx_k_dirname, sizeof(__pyx_k_dirname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dirname */
+  {__pyx_k_dirname_2, sizeof(__pyx_k_dirname_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dirname_2 */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_filename, sizeof(__pyx_k_filename), 0, 1, 1}, /* PyObject cname: __pyx_n_u_filename */
+  {__pyx_k_filename_2, sizeof(__pyx_k_filename_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_filename_2 */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_init, sizeof(__pyx_k_init), 0, 1, 1}, /* PyObject cname: __pyx_n_u_init */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_leave_directory, sizeof(__pyx_k_leave_directory), 0, 1, 1}, /* PyObject cname: __pyx_n_u_leave_directory */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_mode, sizeof(__pyx_k_mode), 0, 1, 1}, /* PyObject cname: __pyx_n_u_mode */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_perms, sizeof(__pyx_k_perms), 0, 1, 1}, /* PyObject cname: __pyx_n_u_perms */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pull_request, sizeof(__pyx_k_pull_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pull_request */
+  {__pyx_k_push_directory, sizeof(__pyx_k_push_directory), 0, 1, 1}, /* PyObject cname: __pyx_n_u_push_directory */
+  {__pyx_k_push_file, sizeof(__pyx_k_push_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_push_file */
+  {__pyx_k_push_file64, sizeof(__pyx_k_push_file64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_push_file64 */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_read, sizeof(__pyx_k_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_read */
+  {__pyx_k_reason, sizeof(__pyx_k_reason), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reason */
+  {__pyx_k_reason_2, sizeof(__pyx_k_reason_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reason_2 */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_request_get_filename, sizeof(__pyx_k_request_get_filename), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_get_filename */
+  {__pyx_k_request_get_permissions, sizeof(__pyx_k_request_get_permissions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_get_permissions */
+  {__pyx_k_request_get_size, sizeof(__pyx_k_request_get_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_get_size */
+  {__pyx_k_request_get_size64, sizeof(__pyx_k_request_get_size64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_get_size64 */
+  {__pyx_k_request_get_warning, sizeof(__pyx_k_request_get_warning), 0, 1, 1}, /* PyObject cname: __pyx_n_u_request_get_warning */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_size, sizeof(__pyx_k_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_size */
+  {__pyx_k_ssh_scp, sizeof(__pyx_k_ssh_scp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_scp */
+  {__pyx_k_ssh_scp_pyx, sizeof(__pyx_k_ssh_scp_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_scp_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_warning, sizeof(__pyx_k_warning), 0, 1, 1}, /* PyObject cname: __pyx_n_u_warning */
+  {__pyx_k_warning_2, sizeof(__pyx_k_warning_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_warning_2 */
+  {__pyx_k_write, sizeof(__pyx_k_write), 0, 1, 1}, /* PyObject cname: __pyx_n_u_write */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 134, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "ssh/scp.pyx":62
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def deny_request(self, reason=None):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes b_reason
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(1, Py_None); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+
+  /* "ssh/scp.pyx":126
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def read(self, c_ssh.uint32_t size=1024*1024):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef bytes buf = b''
+*/
+  __pyx_mstate_global->__pyx_tuple[1] = PyTuple_Pack(1, __pyx_mstate_global->__pyx_int_1048576); if (unlikely(!__pyx_mstate_global->__pyx_tuple[1])) __PYX_ERR(0, 126, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[1]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[1]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_0 = PyLong_FromLong(0); if (unlikely(!__pyx_mstate->__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_1048576 = PyLong_FromLong(1048576L); if (unlikely(!__pyx_mstate->__pyx_int_1048576)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 3;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 3;
+            unsigned int flags : 10;
+            unsigned int first_line : 8;
+            unsigned int line_table_length : 12;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 56, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_accept_request, __pyx_k_A_Qd_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 62, 68};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_reason, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_reason, __pyx_mstate->__pyx_n_u_reason_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_deny_request, __pyx_k_1_7_xq_a_1D_q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 73, 60};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_close, __pyx_k_A_4q_1_nAT_s_Q_Ja_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 83, 34};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_init, __pyx_k_A_m1D_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 90, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_leave_directory, __pyx_k_A_at1_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 96, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_pull_request, __pyx_k_A_1D_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 102, 51};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_dirname, __pyx_mstate->__pyx_n_u_mode, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_dirname, __pyx_mstate->__pyx_n_u_dirname_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_push_directory, __pyx_k_A_xq_A_Qd_1_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 7, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 110, 53};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_filename, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_perms, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_filename, __pyx_mstate->__pyx_n_u_filename_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_push_file, __pyx_k_A_Q_WKvQ_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 7, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 118, 53};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_filename, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_perms, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_filename, __pyx_mstate->__pyx_n_u_filename_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_push_file64, __pyx_k_A_Q_4wk_q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 126, 104};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_buf, __pyx_mstate->__pyx_n_u_cbuf};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_read, __pyx_k_1_86_aq_uCq_m1D_vQ_s_A_d_A_d_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 143, 46};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_filename_2, __pyx_mstate->__pyx_n_u_filename};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_request_get_filename, __pyx_k_A_a_4q_S_1_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 153, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_request_get_permissions, __pyx_k_A_6at1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 159, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_request_get_size, __pyx_k_A_q_A_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 165, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_request_get_size64, __pyx_k_A_1_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 171, 46};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_warning, __pyx_mstate->__pyx_n_u_warning_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_request_get_warning, __pyx_k_A_Q_8_Q_9Cq_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 181, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_data, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_c_data, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_scp_pyx, __pyx_mstate->__pyx_n_u_write, __pyx_k_A_3aq_nAT_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -5408,33 +7832,393 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
     PyTypeObject* tp = Py_TYPE(obj);
     if (likely(tp->tp_getattro))
         return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
     return PyObject_GetAttr(obj, attr_name);
 }
 #endif
 
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
 /* GetBuiltinName */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
 #endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-    return result;
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
 }
+#endif
+#endif
 
 /* RaiseArgTupleInvalid */
 static void __Pyx_RaiseArgtupleInvalid(
@@ -5462,85 +8246,42 @@ static void __Pyx_RaiseArgtupleInvalid(
                  (num_expected == 1) ? "" : "s", num_found);
 }
 
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
-{
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
-#if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
-#else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
-    }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    return 0;
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
 #endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-    return 0;
-}
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
 }
-#endif
 
 /* WriteUnraisableException */
-static void __Pyx_WriteUnraisable(const char *name, CYTHON_UNUSED int clineno,
-                                  CYTHON_UNUSED int lineno, CYTHON_UNUSED const char *filename,
-                                  int full_traceback, CYTHON_UNUSED int nogil) {
+static void __Pyx_WriteUnraisable(const char *name, int clineno,
+                                  int lineno, const char *filename,
+                                  int full_traceback, int nogil) {
     PyObject *old_exc, *old_val, *old_tb;
     PyObject *ctx;
     __Pyx_PyThreadState_declare
-#ifdef WITH_THREAD
     PyGILState_STATE state;
     if (nogil)
         state = PyGILState_Ensure();
-#ifdef _MSC_VER
-    else state = (PyGILState_STATE)-1;
-#endif
-#endif
+    else state = (PyGILState_STATE)0;
+    CYTHON_UNUSED_VAR(clineno);
+    CYTHON_UNUSED_VAR(lineno);
+    CYTHON_UNUSED_VAR(filename);
+    CYTHON_MAYBE_UNUSED_VAR(nogil);
     __Pyx_PyThreadState_assign
     __Pyx_ErrFetch(&old_exc, &old_val, &old_tb);
     if (full_traceback) {
@@ -5548,13 +8289,9 @@ static void __Pyx_WriteUnraisable(const char *name, CYTHON_UNUSED int clineno,
         Py_XINCREF(old_val);
         Py_XINCREF(old_tb);
         __Pyx_ErrRestore(old_exc, old_val, old_tb);
-        PyErr_PrintEx(1);
+        PyErr_PrintEx(0);
     }
-    #if PY_MAJOR_VERSION < 3
-    ctx = PyString_FromString(name);
-    #else
     ctx = PyUnicode_FromString(name);
-    #endif
     __Pyx_ErrRestore(old_exc, old_val, old_tb);
     if (!ctx) {
         PyErr_WriteUnraisable(Py_None);
@@ -5562,10 +8299,8 @@ static void __Pyx_WriteUnraisable(const char *name, CYTHON_UNUSED int clineno,
         PyErr_WriteUnraisable(ctx);
         Py_DECREF(ctx);
     }
-#ifdef WITH_THREAD
     if (nogil)
         PyGILState_Release(state);
-#endif
 }
 
 /* RaiseDoubleKeywords */
@@ -5574,145 +8309,12 @@ static void __Pyx_RaiseDoubleKeywordsError(
     PyObject* kw_name)
 {
     PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
         "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
 }
 
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
-        }
-    }
-    return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-bad:
-    return -1;
-}
-
-/* PyDictVersioning */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
-}
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
-    PyObject **dictptr = NULL;
-    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
-    if (offset) {
-#if CYTHON_COMPILING_IN_CPYTHON
-        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
-#else
-        dictptr = _PyObject_GetDictPtr(obj);
-#endif
-    }
-    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
-}
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
-        return 0;
-    return obj_dict_version == __Pyx_get_object_dict_version(obj);
-}
-#endif
-
 /* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
                                                PyObject *globals) {
     PyFrameObject *f;
     PyThreadState *tstate = __Pyx_PyThreadState_Current;
@@ -5740,15 +8342,12 @@ static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args
     --tstate->recursion_depth;
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
     PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
     PyObject *globals = PyFunction_GET_GLOBALS(func);
     PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
     PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
     PyObject *kwdefs;
-#endif
     PyObject *kwtuple, **k;
     PyObject **d;
     Py_ssize_t nd;
@@ -5756,13 +8355,11 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
     PyObject *result;
     assert(kwargs == NULL || PyDict_Check(kwargs));
     nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
         return NULL;
     }
     if (
-#if PY_MAJOR_VERSION >= 3
             co->co_kwonlyargcount == 0 &&
-#endif
             likely(kwargs == NULL || nk == 0) &&
             co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
         if (argdefs == NULL && co->co_argcount == nargs) {
@@ -5799,9 +8396,7 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         k = NULL;
     }
     closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
     kwdefs = PyFunction_GET_KW_DEFAULTS(func);
-#endif
     if (argdefs != NULL) {
         d = &PyTuple_GET_ITEM(argdefs, 0);
         nd = Py_SIZE(argdefs);
@@ -5810,24 +8405,16 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
         d = NULL;
         nd = 0;
     }
-#if PY_MAJOR_VERSION >= 3
     result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
                                args, (int)nargs,
                                k, (int)nk,
                                d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
     Py_XDECREF(kwtuple);
 done:
     Py_LeaveRecursiveCall();
     return result;
 }
 #endif
-#endif
 
 /* PyObjectCall */
 #if CYTHON_COMPILING_IN_CPYTHON
@@ -5836,7 +8423,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
     ternaryfunc call = Py_TYPE(func)->tp_call;
     if (unlikely(!call))
         return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = (*call)(func, arg, kw);
     Py_LeaveRecursiveCall();
@@ -5854,9 +8441,9 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
     PyObject *self, *result;
     PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
         return NULL;
     result = cfunc(self, arg);
     Py_LeaveRecursiveCall();
@@ -5869,740 +8456,3186 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject
 }
 #endif
 
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
-    }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
-#else
-    if (likely(PyCFunction_Check(func)))
-#endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
-        }
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
 }
 #endif
-
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
     }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
 }
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
 #endif
-
-/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
 #if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
     }
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
-#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
         }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
 }
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
     PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
     return result;
 }
-#endif
-
-/* GetException */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
 #endif
-{
-    PyObject *local_type, *local_value, *local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    local_type = tstate->curexc_type;
-    local_value = tstate->curexc_value;
-    local_tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
 #else
-    PyErr_Fetch(&local_type, &local_value, &local_tb);
+     METH_FASTCALL | METH_KEYWORDS,
 #endif
-    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
-#if CYTHON_FAST_THREAD_STATE
-    if (unlikely(tstate->curexc_type))
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
 #else
-    if (unlikely(PyErr_Occurred()))
+    if (PyCFunction_Check(method))
 #endif
-        goto bad;
-    #if PY_MAJOR_VERSION >= 3
-    if (local_tb) {
-        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
-            goto bad;
-    }
-    #endif
-    Py_XINCREF(local_tb);
-    Py_XINCREF(local_type);
-    Py_XINCREF(local_value);
-    *type = local_type;
-    *value = local_value;
-    *tb = local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    #if CYTHON_USE_EXC_INFO_STACK
     {
-        _PyErr_StackItem *exc_info = tstate->exc_info;
-        tmp_type = exc_info->exc_type;
-        tmp_value = exc_info->exc_value;
-        tmp_tb = exc_info->exc_traceback;
-        exc_info->exc_type = local_type;
-        exc_info->exc_value = local_value;
-        exc_info->exc_traceback = local_tb;
-    }
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = local_type;
-    tstate->exc_value = local_value;
-    tstate->exc_traceback = local_tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
 #else
-    PyErr_SetExcInfo(local_type, local_value, local_tb);
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
 #endif
+    target->method = result;
     return 0;
-bad:
-    *type = 0;
-    *value = 0;
-    *tb = 0;
-    Py_XDECREF(local_type);
-    Py_XDECREF(local_value);
-    Py_XDECREF(local_tb);
-    return -1;
 }
 
-/* SwapException */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    tmp_type = exc_info->exc_type;
-    tmp_value = exc_info->exc_value;
-    tmp_tb = exc_info->exc_traceback;
-    exc_info->exc_type = *type;
-    exc_info->exc_value = *value;
-    exc_info->exc_traceback = *tb;
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = *type;
-    tstate->exc_value = *value;
-    tstate->exc_traceback = *tb;
-    #endif
-    *type = tmp_type;
-    *value = tmp_value;
-    *tb = tmp_tb;
-}
-#else
-static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    PyErr_GetExcInfo(&tmp_type, &tmp_value, &tmp_tb);
-    PyErr_SetExcInfo(*type, *value, *tb);
-    *type = tmp_type;
-    *value = tmp_value;
-    *tb = tmp_tb;
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
 }
 #endif
-
-/* GetTopmostException */
-#if CYTHON_USE_EXC_INFO_STACK
-static _PyErr_StackItem *
-__Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
-{
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    while ((exc_info->exc_type == NULL || exc_info->exc_type == Py_None) &&
-           exc_info->previous_item != NULL)
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
     {
-        exc_info = exc_info->previous_item;
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
     }
-    return exc_info;
 }
-#endif
 
-/* SaveResetException */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
-    *type = exc_info->exc_type;
-    *value = exc_info->exc_value;
-    *tb = exc_info->exc_traceback;
-    #else
-    *type = tstate->exc_type;
-    *value = tstate->exc_value;
-    *tb = tstate->exc_traceback;
-    #endif
-    Py_XINCREF(*type);
-    Py_XINCREF(*value);
-    Py_XINCREF(*tb);
-}
-static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    tmp_type = exc_info->exc_type;
-    tmp_value = exc_info->exc_value;
-    tmp_tb = exc_info->exc_traceback;
-    exc_info->exc_type = type;
-    exc_info->exc_value = value;
-    exc_info->exc_traceback = tb;
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = type;
-    tstate->exc_value = value;
-    tstate->exc_traceback = tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
 }
-#endif
-
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
 {
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
         #endif
+        name++;
     }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
     return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
 }
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
         }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
         }
+        name++;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
 }
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
-    }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
                 }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
             }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
         }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
         }
-    } else {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
                 goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
         } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
             goto bad;
         }
-        PyException_SetCause(value, fixed_cause);
-    }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
-        }
-#endif
     }
+    return 0;
 bad:
-    Py_XDECREF(owned_instance);
-    return;
+    return -1;
 }
-#endif
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
-#endif
-    return NULL;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
-    }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
     #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
         }
-    }
-    return descr;
-}
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        name++;
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
-}
-#endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
-#else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
-#endif
-    if (!ob)
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
         goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
+    }
     return 0;
 bad:
-    Py_XDECREF(ob);
     return -1;
 }
-
-/* PyErrExceptionMatches */
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* PyDictVersioning */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
+    PyObject **dictptr = NULL;
+    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
+    if (offset) {
+#if CYTHON_COMPILING_IN_CPYTHON
+        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+#else
+        dictptr = _PyObject_GetDictPtr(obj);
+#endif
+    }
+    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+}
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
+        return 0;
+    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+}
+#endif
+
+/* GetException */
 #if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+#else
+static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+#endif
+{
+    PyObject *local_type = NULL, *local_value, *local_tb = NULL;
+#if CYTHON_FAST_THREAD_STATE
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if PY_VERSION_HEX >= 0x030C0000
+    local_value = tstate->current_exception;
+    tstate->current_exception = 0;
+  #else
+    local_type = tstate->curexc_type;
+    local_value = tstate->curexc_value;
+    local_tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+  #endif
+#elif __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    local_value = PyErr_GetRaisedException();
+#else
+    PyErr_Fetch(&local_type, &local_value, &local_tb);
+#endif
+#if __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    if (likely(local_value)) {
+        local_type = (PyObject*) Py_TYPE(local_value);
+        Py_INCREF(local_type);
+        local_tb = PyException_GetTraceback(local_value);
+    }
+#else
+    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
+#if CYTHON_FAST_THREAD_STATE
+    if (unlikely(tstate->curexc_type))
+#else
+    if (unlikely(PyErr_Occurred()))
+#endif
+        goto bad;
+    if (local_tb) {
+        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
+            goto bad;
+    }
+#endif // __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    Py_XINCREF(local_tb);
+    Py_XINCREF(local_type);
+    Py_XINCREF(local_value);
+    *type = local_type;
+    *value = local_value;
+    *tb = local_tb;
+#if CYTHON_FAST_THREAD_STATE
+    #if CYTHON_USE_EXC_INFO_STACK
+    {
+        _PyErr_StackItem *exc_info = tstate->exc_info;
+      #if PY_VERSION_HEX >= 0x030B00a4
+        tmp_value = exc_info->exc_value;
+        exc_info->exc_value = local_value;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+        Py_XDECREF(local_type);
+        Py_XDECREF(local_tb);
+      #else
+        tmp_type = exc_info->exc_type;
+        tmp_value = exc_info->exc_value;
+        tmp_tb = exc_info->exc_traceback;
+        exc_info->exc_type = local_type;
+        exc_info->exc_value = local_value;
+        exc_info->exc_traceback = local_tb;
+      #endif
+    }
+    #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = local_type;
+    tstate->exc_value = local_value;
+    tstate->exc_traceback = local_tb;
+    #endif
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    PyErr_SetHandledException(local_value);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_tb);
+#else
+    PyErr_SetExcInfo(local_type, local_value, local_tb);
+#endif
+    return 0;
+#if __PYX_LIMITED_VERSION_HEX <= 0x030C0000
+bad:
+    *type = 0;
+    *value = 0;
+    *tb = 0;
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_tb);
+    return -1;
+#endif
+}
+
+/* SwapException */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_value = exc_info->exc_value;
+    exc_info->exc_value = *value;
+    if (tmp_value == NULL || tmp_value == Py_None) {
+        Py_XDECREF(tmp_value);
+        tmp_value = NULL;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+    } else {
+        tmp_type = (PyObject*) Py_TYPE(tmp_value);
+        Py_INCREF(tmp_type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        tmp_tb = ((PyBaseExceptionObject*) tmp_value)->traceback;
+        Py_XINCREF(tmp_tb);
+        #else
+        tmp_tb = PyException_GetTraceback(tmp_value);
+        #endif
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_type = exc_info->exc_type;
+    tmp_value = exc_info->exc_value;
+    tmp_tb = exc_info->exc_traceback;
+    exc_info->exc_type = *type;
+    exc_info->exc_value = *value;
+    exc_info->exc_traceback = *tb;
+  #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = *type;
+    tstate->exc_value = *value;
+    tstate->exc_traceback = *tb;
+  #endif
+    *type = tmp_type;
+    *value = tmp_value;
+    *tb = tmp_tb;
+}
+#else
+static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb) {
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    PyErr_GetExcInfo(&tmp_type, &tmp_value, &tmp_tb);
+    PyErr_SetExcInfo(*type, *value, *tb);
+    *type = tmp_type;
+    *value = tmp_value;
+    *tb = tmp_tb;
+}
+#endif
+
+/* GetTopmostException */
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
+static _PyErr_StackItem *
+__Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
+{
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    while ((exc_info->exc_value == NULL || exc_info->exc_value == Py_None) &&
+           exc_info->previous_item != NULL)
+    {
+        exc_info = exc_info->previous_item;
+    }
+    return exc_info;
+}
+#endif
+
+/* SaveResetException */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    PyObject *exc_value = exc_info->exc_value;
+    if (exc_value == NULL || exc_value == Py_None) {
+        *value = NULL;
+        *type = NULL;
+        *tb = NULL;
+    } else {
+        *value = exc_value;
+        Py_INCREF(*value);
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        *tb = PyException_GetTraceback(exc_value);
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    *type = exc_info->exc_type;
+    *value = exc_info->exc_value;
+    *tb = exc_info->exc_traceback;
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #else
+    *type = tstate->exc_type;
+    *value = tstate->exc_value;
+    *tb = tstate->exc_traceback;
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #endif
+}
+static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    PyObject *tmp_value = exc_info->exc_value;
+    exc_info->exc_value = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+  #else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    #if CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_type = exc_info->exc_type;
+    tmp_value = exc_info->exc_value;
+    tmp_tb = exc_info->exc_traceback;
+    exc_info->exc_type = type;
+    exc_info->exc_value = value;
+    exc_info->exc_traceback = tb;
+    #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = type;
+    tstate->exc_value = value;
+    tstate->exc_traceback = tb;
+    #endif
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+  #endif
+}
+#endif
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
+#endif
+}
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
+}
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
     }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
     }
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 }
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
     }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
     if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
     }
+    Py_INCREF(result);
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-static int __Pyx_setup_reduce(PyObject* type_obj) {
-    int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
+    }
+#endif
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
+    }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
+#endif
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
         }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return op;
 }
-#endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -6611,11 +11644,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -6643,130 +11677,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -6797,7 +11897,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -6807,6 +11907,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -6830,8 +11931,40 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
         return (target_type) value;\
     }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_scp_request_types(enum ssh_scp_request_types value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_scp_request_types(enum ssh_scp_request_types value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6843,17 +11976,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_scp_request_types(enum
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(enum ssh_scp_request_types) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(enum ssh_scp_request_types) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(enum ssh_scp_request_types) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(enum ssh_scp_request_types) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(enum ssh_scp_request_types) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -6861,15 +11994,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_scp_request_types(enum
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(enum ssh_scp_request_types),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_scp_request_types));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6881,17 +12047,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -6899,15 +12065,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -6917,179 +12116,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7103,7 +12360,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *x) {
+static CYTHON_INLINE size_t __Pyx_PyLong_As_size_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7113,179 +12370,237 @@ static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(size_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(size_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (size_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        size_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (size_t) -1;
+        val = __Pyx_PyLong_As_size_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (size_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(size_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(size_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(size_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) >= 2 * PyLong_SHIFT)) {
                             return (size_t) (((((size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(size_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) >= 3 * PyLong_SHIFT)) {
                             return (size_t) (((((((size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(size_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) >= 4 * PyLong_SHIFT)) {
                             return (size_t) (((((((((size_t)digits[3]) << PyLong_SHIFT) | (size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (size_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (size_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(size_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(size_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(size_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(size_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (size_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(size_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(size_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(size_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(size_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (size_t) (((size_t)-1)*(((((size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(size_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (size_t) ((((((size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (size_t) (((size_t)-1)*(((((((size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(size_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (size_t) ((((((((size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (size_t) (((size_t)-1)*(((((((((size_t)digits[3]) << PyLong_SHIFT) | (size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(size_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (size_t) ((((((((((size_t)digits[3]) << PyLong_SHIFT) | (size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(size_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, long, PyLong_AsLong(x))
+        if ((sizeof(size_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(size_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(size_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        size_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (size_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            size_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (size_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (size_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (size_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(size_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((size_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(size_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((size_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((size_t) 1) << (sizeof(size_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (size_t) -1;
-        }
-    } else {
-        size_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (size_t) -1;
-        val = __Pyx_PyInt_As_size_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7299,7 +12614,7 @@ static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
+static CYTHON_INLINE uint64_t __Pyx_PyLong_As_uint64_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7309,179 +12624,237 @@ static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint64_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint64_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint64_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint64_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint64_t) -1;
+        val = __Pyx_PyLong_As_uint64_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint64_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint64_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint64_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint64_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 2 * PyLong_SHIFT)) {
                             return (uint64_t) (((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint64_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 3 * PyLong_SHIFT)) {
                             return (uint64_t) (((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint64_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 4 * PyLong_SHIFT)) {
                             return (uint64_t) (((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint64_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint64_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint64_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint64_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint64_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint64_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint64_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint64_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint64_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint64_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint64_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint64_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint64_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint64_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint64_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint64_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint64_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint64_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint64_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint64_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint64_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint64_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint64_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint64_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint64_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint64_t) 1) << (sizeof(uint64_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint64_t) -1;
-        }
-    } else {
-        uint64_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint64_t) -1;
-        val = __Pyx_PyInt_As_uint64_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7495,7 +12868,7 @@ static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7505,179 +12878,237 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint32_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint32_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint32_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint32_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint32_t) -1;
+        val = __Pyx_PyLong_As_uint32_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint32_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint32_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint32_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint32_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint32_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint32_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint32_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint32_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint32_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint32_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint32_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint32_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint32_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint32_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint32_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint32_t) 1) << (sizeof(uint32_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint32_t) -1;
-        }
-    } else {
-        uint32_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint32_t) -1;
-        val = __Pyx_PyInt_As_uint32_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7691,7 +13122,78 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+    const int neg_one = (int) -1, const_zero = (int) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
+#endif
+    const int is_unsigned = neg_one > const_zero;
+    if (is_unsigned) {
+        if (sizeof(int) < sizeof(long)) {
+            return PyLong_FromLong((long) value);
+        } else if (sizeof(int) <= sizeof(unsigned long)) {
+            return PyLong_FromUnsignedLong((unsigned long) value);
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
+        } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
+            return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
+#endif
+        }
+    } else {
+        if (sizeof(int) <= sizeof(long)) {
+            return PyLong_FromLong((long) value);
+#ifdef HAVE_LONG_LONG
+        } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
+            return PyLong_FromLongLong((PY_LONG_LONG) value);
+#endif
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(int),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* CIntToPy */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7703,17 +13205,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint64_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint64_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint64_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -7721,15 +13223,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint64_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint64_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7741,33 +13315,66 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
 #endif
-        }
-    }
-    {
-        int one = 1; int little = (int)*(unsigned char *)&one;
-        unsigned char *bytes = (unsigned char *)&value;
-        return _PyLong_FromByteArray(bytes, sizeof(long),
-                                     little, !is_unsigned);
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(long),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7777,179 +13384,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7966,7 +13631,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -7987,51 +13652,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -8062,65 +13714,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -8128,97 +13799,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -8230,25 +14037,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -8271,95 +14078,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -8398,33 +14176,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/scp.pxd b/ssh/scp.pxd
index 6c3c1184..cf1d3c9b 100644
--- a/ssh/scp.pxd
+++ b/ssh/scp.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from session cimport Session
+from .session cimport Session
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 cdef class SCP:
diff --git a/ssh/scp.pyx b/ssh/scp.pyx
index bdeca8e0..181c9992 100644
--- a/ssh/scp.pyx
+++ b/ssh/scp.pyx
@@ -1,25 +1,26 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.stdlib cimport malloc, free
 from libc.string cimport const_char
 
-from utils cimport to_bytes, to_str, handle_error_codes
+from .utils cimport to_bytes, to_str, handle_error_codes
 
-cimport c_ssh
+from . cimport c_ssh
 
 
 SSH_SCP_REQUEST_NEWDIR = c_ssh.ssh_scp_request_types.SSH_SCP_REQUEST_NEWDIR
diff --git a/ssh/session.c b/ssh/session.c
index 938a11d8..ddffe87e 100644
--- a/ssh/session.c
+++ b/ssh/session.c
@@ -1,22 +1,62 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h",
+            "local/include/libssh/sftp.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.session",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/session.pyx"
+        ]
+    },
+    "module_name": "ssh.session"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +75,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +83,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +108,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +329,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +412,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +432,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +456,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +535,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +574,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +653,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +670,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +881,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,70 +912,194 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
+#endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
   #endif
 #endif
 #include <math.h>
@@ -725,12 +1118,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -747,7 +1158,46 @@ static CYTHON_INLINE float __PYX_NAN() {
 #include "libssh/libssh.h"
 #include <string.h>
 #include <stdio.h>
+
+    #if PY_MAJOR_VERSION >= 3
+      #define __Pyx_PyFloat_FromString(obj)  PyFloat_FromString(obj)
+    #else
+      #define __Pyx_PyFloat_FromString(obj)  PyFloat_FromString(obj, NULL)
+    #endif
+    
+
+    #if PY_MAJOR_VERSION <= 2
+    #define PyDict_GetItemWithError _PyDict_GetItemWithError
+    #endif
+    
+
+    #if PY_VERSION_HEX < 0x030d0000
+    static CYTHON_INLINE int __Pyx_PyWeakref_GetRef(PyObject *ref, PyObject **pobj)
+    {
+        PyObject *obj = PyWeakref_GetObject(ref);
+        if (obj == NULL) {
+            // SystemError if ref is NULL
+            *pobj = NULL;
+            return -1;
+        }
+        if (obj == Py_None) {
+            *pobj = NULL;
+            return 0;
+        }
+        Py_INCREF(obj);
+        *pobj = obj;
+        return 1;
+    }
+    #else
+    #define __Pyx_PyWeakref_GetRef PyWeakref_GetRef
+    #endif
+    
 #include "pythread.h"
+
+    #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM < 0x07030600) && !defined(PyContextVar_Get)
+    #define PyContextVar_Get(var, d, v)         ((d) ?             ((void)(var), Py_INCREF(d), (v)[0] = (d), 0) :             ((v)[0] = NULL, 0)         )
+    #endif
+    
 #include <stdlib.h>
 #include "libssh/sftp.h"
 #ifdef _OPENMP
@@ -758,12 +1208,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -798,140 +1244,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -943,27 +1378,41 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/session.pyx",
-  "stringsource",
-  "type.pxd",
-  "bool.pxd",
-  "complex.pxd",
+  "<stringsource>",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/contextvars.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/type.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/bool.pxd",
+  "env/lib/python3.12/site-packages/Cython/Includes/cpython/complex.pxd",
   "ssh/channel.pxd",
   "ssh/connector.pxd",
   "ssh/options.pxd",
@@ -971,6 +1420,7 @@ static const char *__pyx_f[] = {
   "ssh/sftp.pxd",
   "ssh/scp.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
@@ -983,6 +1433,168 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7channel_Channel;
@@ -993,6 +1605,32 @@ struct __pyx_obj_3ssh_3key_SSHKey;
 struct __pyx_obj_3ssh_4sftp_SFTP;
 struct __pyx_obj_3ssh_3scp_SCP;
 struct __pyx_obj_3ssh_7session_Session;
+struct __pyx_opt_args_7cpython_11contextvars_get_value;
+struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default;
+
+/* "cpython/contextvars.pxd":116
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the default value of the context variable,
+*/
+struct __pyx_opt_args_7cpython_11contextvars_get_value {
+  int __pyx_n;
+  PyObject *default_value;
+};
+
+/* "cpython/contextvars.pxd":134
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value_no_default(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the provided default value if no such value was found.
+*/
+struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default {
+  int __pyx_n;
+  PyObject *default_value;
+};
 
 /* "channel.pxd":22
  * 
@@ -1000,7 +1638,7 @@ struct __pyx_obj_3ssh_7session_Session;
  * cdef class Channel:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_channel _channel
  *     cdef Session _session
- */
+*/
 struct __pyx_obj_3ssh_7channel_Channel {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtab;
@@ -1016,7 +1654,7 @@ struct __pyx_obj_3ssh_7channel_Channel {
  * cdef class Flag:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector_flags_e _flag
  * 
- */
+*/
 struct __pyx_obj_3ssh_9connector_Flag {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_9connector_Flag *__pyx_vtab;
@@ -1030,7 +1668,7 @@ struct __pyx_obj_3ssh_9connector_Flag {
  * cdef class Connector:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector _connector
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_9connector_Connector {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtab;
@@ -1045,7 +1683,7 @@ struct __pyx_obj_3ssh_9connector_Connector {
  * cdef class Option:             # <<<<<<<<<<<<<<
  *     cdef ssh_options_e _option
  * 
- */
+*/
 struct __pyx_obj_3ssh_7options_Option {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtab;
@@ -1059,7 +1697,7 @@ struct __pyx_obj_3ssh_7options_Option {
  * cdef class SSHKey:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_key _key
  * 
- */
+*/
 struct __pyx_obj_3ssh_3key_SSHKey {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtab;
@@ -1073,7 +1711,7 @@ struct __pyx_obj_3ssh_3key_SSHKey {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_4sftp_SFTP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtab;
@@ -1088,7 +1726,7 @@ struct __pyx_obj_3ssh_4sftp_SFTP {
  * cdef class SCP:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_scp _scp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_3scp_SCP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtab;
@@ -1099,12 +1737,12 @@ struct __pyx_obj_3ssh_3scp_SCP {
 
 
 /* "ssh/session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -1120,7 +1758,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class Channel:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_channel _channel
  *     cdef Session _session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_7channel_Channel {
   struct __pyx_obj_3ssh_7channel_Channel *(*from_ptr)(ssh_channel, struct __pyx_obj_3ssh_7session_Session *);
@@ -1134,7 +1772,7 @@ static struct __pyx_vtabstruct_3ssh_7channel_Channel *__pyx_vtabptr_3ssh_7channe
  * cdef class Flag:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector_flags_e _flag
  * 
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_9connector_Flag {
   struct __pyx_obj_3ssh_9connector_Flag *(*from_flag)(enum ssh_connector_flags_e);
@@ -1148,7 +1786,7 @@ static struct __pyx_vtabstruct_3ssh_9connector_Flag *__pyx_vtabptr_3ssh_9connect
  * cdef class Connector:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_connector _connector
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_9connector_Connector {
   struct __pyx_obj_3ssh_9connector_Connector *(*from_ptr)(ssh_connector, struct __pyx_obj_3ssh_7session_Session *);
@@ -1162,7 +1800,7 @@ static struct __pyx_vtabstruct_3ssh_9connector_Connector *__pyx_vtabptr_3ssh_9co
  * cdef class Option:             # <<<<<<<<<<<<<<
  *     cdef ssh_options_e _option
  * 
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_7options_Option {
   struct __pyx_obj_3ssh_7options_Option *(*from_option)(enum ssh_options_e);
@@ -1176,7 +1814,7 @@ static struct __pyx_vtabstruct_3ssh_7options_Option *__pyx_vtabptr_3ssh_7options
  * cdef class SSHKey:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_key _key
  * 
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_3key_SSHKey {
   struct __pyx_obj_3ssh_3key_SSHKey *(*from_ptr)(ssh_key);
@@ -1190,7 +1828,7 @@ static struct __pyx_vtabstruct_3ssh_3key_SSHKey *__pyx_vtabptr_3ssh_3key_SSHKey;
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_4sftp_SFTP {
   struct __pyx_obj_3ssh_4sftp_SFTP *(*from_ptr)(sftp_session, struct __pyx_obj_3ssh_7session_Session *);
@@ -1204,13 +1842,14 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
  * cdef class SCP:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_scp _scp
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_3scp_SCP {
   struct __pyx_obj_3ssh_3scp_SCP *(*from_ptr)(ssh_scp, struct __pyx_obj_3ssh_7session_Session *);
   PyObject *(*close)(struct __pyx_obj_3ssh_3scp_SCP *, int __pyx_skip_dispatch);
 };
 static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1219,42 +1858,48 @@ static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1265,6 +1910,10 @@ static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1276,6 +1925,57 @@ static struct __pyx_vtabstruct_3ssh_3scp_SCP *__pyx_vtabptr_3ssh_3scp_SCP;
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1283,6 +1983,9 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
@@ -1314,18 +2017,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1333,42 +2036,33 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
-
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
 #endif
 
 /* PyObjectCall.proto */
@@ -1378,118 +2072,221 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 #define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
 #endif
 
-/* PyObjectCall2Args.proto */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
-
 /* PyObjectCallMethO.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
-#else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
-#endif
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+/* TupleAndListFromArray.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
 #else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
 #endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
 #else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
 #endif
-
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
 
 /* RaiseDoubleKeywords.proto */
 static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
 
 /* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* ArgTypeTest.proto */
-#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
-        __Pyx__ArgTypeTest(obj, type, name, exact))
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
-
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
 #endif
-
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
 #else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
 #endif
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
 #else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
 #endif
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* ArgTypeTest.proto */
+#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+        __Pyx__ArgTypeTest(obj, type, name, exact))
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
+
+/* RaiseUnexpectedTypeError.proto */
+static int __Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj);
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
+#endif
+
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
 /* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* ListPack.proto */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...);
 
 /* Import.proto */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
@@ -1497,314 +2294,793 @@ static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
 #else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
+/* CIntToPy.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value);
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_auth_e(enum ssh_auth_e value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_auth_e(enum ssh_auth_e value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_kex_types_e(enum ssh_kex_types_e value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *);
+static CYTHON_INLINE unsigned int __Pyx_PyLong_As_unsigned_int(PyObject *);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_socket_t(socket_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
+
+/* CIntToPy.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_socket_t(socket_t value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4real_real(PyComplexObject *__pyx_v_self); /* proto*/
+#endif
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4imag_imag(PyComplexObject *__pyx_v_self); /* proto*/
+#endif
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'cpython.version' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "cpython.version" */
 
-/* Module declarations from 'cpython.type' */
-static PyTypeObject *__pyx_ptype_7cpython_4type_type = 0;
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "cpython.type" */
 
-/* Module declarations from 'libc.stdio' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'cpython.object' */
+/* Module declarations from "libc.stdio" */
 
-/* Module declarations from 'cpython.ref' */
+/* Module declarations from "cpython.object" */
 
-/* Module declarations from 'cpython.exc' */
+/* Module declarations from "cpython.ref" */
 
-/* Module declarations from 'cpython.module' */
+/* Module declarations from "cpython.exc" */
 
-/* Module declarations from 'cpython.mem' */
+/* Module declarations from "cpython.module" */
 
-/* Module declarations from 'cpython.tuple' */
+/* Module declarations from "cpython.mem" */
 
-/* Module declarations from 'cpython.list' */
+/* Module declarations from "cpython.tuple" */
 
-/* Module declarations from 'cpython.sequence' */
+/* Module declarations from "cpython.list" */
 
-/* Module declarations from 'cpython.mapping' */
+/* Module declarations from "cpython.sequence" */
 
-/* Module declarations from 'cpython.iterator' */
+/* Module declarations from "cpython.mapping" */
 
-/* Module declarations from 'cpython.number' */
+/* Module declarations from "cpython.iterator" */
 
-/* Module declarations from 'cpython.int' */
+/* Module declarations from "cpython.number" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'cpython.bool' */
-static PyTypeObject *__pyx_ptype_7cpython_4bool_bool = 0;
+/* Module declarations from "cpython.bool" */
 
-/* Module declarations from 'cpython.long' */
+/* Module declarations from "cpython.long" */
 
-/* Module declarations from 'cpython.float' */
+/* Module declarations from "cpython.float" */
 
-/* Module declarations from '__builtin__' */
+/* Module declarations from "cython" */
 
-/* Module declarations from 'cpython.complex' */
-static PyTypeObject *__pyx_ptype_7cpython_7complex_complex = 0;
+/* Module declarations from "__builtin__" */
 
-/* Module declarations from 'cpython.string' */
+/* Module declarations from "cpython.complex" */
 
-/* Module declarations from 'cpython.unicode' */
+/* Module declarations from "cpython.unicode" */
 
-/* Module declarations from 'cpython.dict' */
+/* Module declarations from "cpython.pyport" */
 
-/* Module declarations from 'cpython.instance' */
+/* Module declarations from "cpython.dict" */
 
-/* Module declarations from 'cpython.function' */
+/* Module declarations from "cpython.instance" */
 
-/* Module declarations from 'cpython.method' */
+/* Module declarations from "cpython.function" */
 
-/* Module declarations from 'cpython.weakref' */
+/* Module declarations from "cpython.method" */
 
-/* Module declarations from 'cpython.getargs' */
+/* Module declarations from "cpython.weakref" */
 
-/* Module declarations from 'cpython.pythread' */
+/* Module declarations from "cpython.getargs" */
 
-/* Module declarations from 'cpython.pystate' */
+/* Module declarations from "cpython.pythread" */
 
-/* Module declarations from 'cpython.cobject' */
+/* Module declarations from "cpython.pystate" */
 
-/* Module declarations from 'cpython.oldbuffer' */
+/* Module declarations from "cpython.set" */
 
-/* Module declarations from 'cpython.set' */
+/* Module declarations from "cpython.buffer" */
 
-/* Module declarations from 'cpython.buffer' */
+/* Module declarations from "cpython.bytes" */
 
-/* Module declarations from 'cpython.bytes' */
+/* Module declarations from "cpython.pycapsule" */
 
-/* Module declarations from 'cpython.pycapsule' */
+/* Module declarations from "cpython.contextvars" */
 
-/* Module declarations from 'cpython' */
+/* Module declarations from "cpython" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.stdlib" */
 
-/* Module declarations from 'ssh.channel' */
-static PyTypeObject *__pyx_ptype_3ssh_7channel_Channel = 0;
+/* Module declarations from "ssh.channel" */
 
-/* Module declarations from 'ssh.connector' */
-static PyTypeObject *__pyx_ptype_3ssh_9connector_Flag = 0;
-static PyTypeObject *__pyx_ptype_3ssh_9connector_Connector = 0;
+/* Module declarations from "ssh.connector" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_to_bytes)(PyObject *); /*proto*/
 static PyObject *(*__pyx_f_3ssh_5utils_to_str)(char const *); /*proto*/
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 static int (*__pyx_f_3ssh_5utils_handle_auth_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.options' */
-static PyTypeObject *__pyx_ptype_3ssh_7options_Option = 0;
+/* Module declarations from "ssh.options" */
 
-/* Module declarations from 'ssh.key' */
-static PyTypeObject *__pyx_ptype_3ssh_3key_SSHKey = 0;
+/* Module declarations from "ssh.key" */
 
-/* Module declarations from 'ssh.c_sftp' */
+/* Module declarations from "ssh.c_sftp" */
 
-/* Module declarations from 'ssh.sftp' */
-static PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP = 0;
+/* Module declarations from "ssh.sftp" */
 
-/* Module declarations from 'ssh.scp' */
-static PyTypeObject *__pyx_ptype_3ssh_3scp_SCP = 0;
+/* Module declarations from "ssh.scp" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.session" */
 static int __pyx_f_3ssh_7session__check_connected(ssh_session); /*proto*/
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.session"
 extern int __pyx_module_is_main_ssh__session;
 int __pyx_module_is_main_ssh__session = 0;
 
-/* Implementation of 'ssh.session' */
+/* Implementation of "ssh.session" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_NotImplementedError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = ".";
+static const char __pyx_k_A[] = "\200A";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
 static const char __pyx_k_i[] = "i";
+static const char __pyx_k__2[] = "?";
+static const char __pyx_k_fd[] = "fd";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
+static const char __pyx_k_A_4[] = "\200A\330\r\016\330\021\"\240!\2404\240{\260!";
+static const char __pyx_k_A_a[] = "\200A\330\010\016\210a";
+static const char __pyx_k_key[] = "_key";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_scp[] = "_scp";
+static const char __pyx_k_A_1D[] = "\200A\330\r\016\330\021#\2401\240D\250\001";
+static const char __pyx_k_A_AT[] = "\200A\330\r\016\330\021$\240A\240T\250\021";
+static const char __pyx_k_algo[] = "_algo";
+static const char __pyx_k_data[] = "data";
 static const char __pyx_k_echo[] = "echo";
+static const char __pyx_k_func[] = "__func__";
+static const char __pyx_k_hmac[] = "_hmac";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_mode[] = "mode";
 static const char __pyx_k_name[] = "__name__";
 static const char __pyx_k_port[] = "port";
+static const char __pyx_k_self[] = "self";
+static const char __pyx_k_sftp[] = "_sftp";
+static const char __pyx_k_sock[] = "_sock";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_A_a_q[] = "\200A\340\r\016\330\014\026\320\026)\250\021\250$\250a\330\010\017\210q";
+static const char __pyx_k_A_k_d[] = "\200A\340\r\016\330\014\026\320\026)\250\021\250$\250k\270\021\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_q_A[] = "\200A\330\r\016\330\021'\240q\250\004\250A";
+static const char __pyx_k_creds[] = "creds";
+static const char __pyx_k_error[] = "error";
 static const char __pyx_k_value[] = "value";
+static const char __pyx_k_A_4q_d[] = "\200A\340\r\016\330\014\026\320\026*\250!\2504\250q\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_AT_d[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026(\250\001\250\024\250[\270\001\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_AT_q[] = "\200A\340\r\016\330\014\031\230\033\240A\240T\250\021\330\010\017\210q";
+static const char __pyx_k_algo_2[] = "algo";
 static const char __pyx_k_answer[] = "answer";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_b_name[] = "b_name";
+static const char __pyx_k_banner[] = "_banner";
+static const char __pyx_k_c_data[] = "c_data";
+static const char __pyx_k_c_echo[] = "c_echo";
+static const char __pyx_k_cipher[] = "_cipher";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_get_fd[] = "get_fd";
+static const char __pyx_k_hmac_2[] = "hmac";
+static const char __pyx_k_module[] = "__module__";
+static const char __pyx_k_name_2[] = "_name";
 static const char __pyx_k_option[] = "option";
+static const char __pyx_k_prompt[] = "_prompt";
+static const char __pyx_k_pubkey[] = "pubkey";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_sftp_2[] = "sftp";
+static const char __pyx_k_socket[] = "socket";
+static const char __pyx_k_A_a_A_d[] = "\200A\360\016\000\016\017\330\014\026\320\026&\240a\330\020\024\220A\330#$\330\020\021\220\021\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_at1_q[] = "\200A\340\r\016\330\014\026\320\026&\240a\240t\2501\330\010\017\210q";
+static const char __pyx_k_A_oQd_q[] = "\200A\340\r\016\330\014\026\220o\240Q\240d\250!\330\010\017\210q";
+static const char __pyx_k_A_q_4_d[] = "\200A\340\010\037\230q\330\r\016\330\014\026\320\026*\250!\2504\250{\270!\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_SSH_KEX[] = "SSH_KEX";
+static const char __pyx_k_SSH_MAC[] = "SSH_MAC";
 static const char __pyx_k_Session[] = "Session";
 static const char __pyx_k_address[] = "address";
+static const char __pyx_k_b_error[] = "b_error";
+static const char __pyx_k_b_value[] = "b_value";
+static const char __pyx_k_c_value[] = "c_value";
+static const char __pyx_k_channel[] = "channel";
+static const char __pyx_k_connect[] = "connect";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_message[] = "message";
+static const char __pyx_k_privkey[] = "privkey";
+static const char __pyx_k_scp_new[] = "scp_new";
+static const char __pyx_k_service[] = "service";
 static const char __pyx_k_timeout[] = "timeout";
+static const char __pyx_k_value_2[] = "_value";
+static const char __pyx_k_0_7_Qd_a[] = "\210\001\340\021\022\330\020\032\320\0320\260\001\330\024\030\230\013\2407\250!\330\014\023\320\023%\240Q\240d\250$\250a";
+static const char __pyx_k_A_4q_t1A[] = "\200A\340\r\016\330\014\026\320\026*\250!\2504\250q\330\010\017\210t\2201\220A";
+static const char __pyx_k_A_l_4q_d[] = "\200A\340\r\016\330\014\026\220l\240!\2404\240q\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_q_Kq_d[] = "\200A\330\010 \240\010\250\001\250\021\330\010 \240\001\340\r\016\330\014\026\320\026/\250q\260\004\260K\270q\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_SSH_COMP[] = "SSH_COMP";
+static const char __pyx_k_SSH_LANG[] = "SSH_LANG";
+static const char __pyx_k_add_note[] = "add_note";
+static const char __pyx_k_answer_2[] = "_answer";
+static const char __pyx_k_b_answer[] = "b_answer";
+static const char __pyx_k_b_prompt[] = "b_prompt";
+static const char __pyx_k_banner_2[] = "banner";
+static const char __pyx_k_blocking[] = "blocking";
+static const char __pyx_k_c_answer[] = "c_answer";
+static const char __pyx_k_cipher_2[] = "cipher";
+static const char __pyx_k_delegate[] = "delegate";
+static const char __pyx_k_filepath[] = "filepath";
 static const char __pyx_k_getstate[] = "__getstate__";
 static const char __pyx_k_location[] = "location";
 static const char __pyx_k_password[] = "password";
+static const char __pyx_k_qualname[] = "__qualname__";
 static const char __pyx_k_rcounter[] = "rcounter";
 static const char __pyx_k_scounter[] = "scounter";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
+static const char __pyx_k_sftp_new[] = "sftp_new";
 static const char __pyx_k_username[] = "username";
+static const char __pyx_k_A_0_Q_c_a[] = "\200A\340\r\016\330\014\036\320\0360\260\001\260\024\260Q\330\010\013\210;\220c\230\021\330\014\r\330\010\030\230\t\240\021\240,\250a";
+static const char __pyx_k_A_1D_1A_d[] = "\200A\340\r\016\330\014\026\320\026+\2501\250D\260\013\2701\270A\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_AT_at4q[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026(\250\001\250\024\250[\270\001\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_A_at1_t1A[] = "\200A\340\r\016\330\014\026\320\026&\240a\240t\2501\330\010\017\210t\2201\220A";
+static const char __pyx_k_A_q_A_t1A[] = "\200A\340\r\016\330\014\026\320\026'\240q\250\004\250A\330\010\017\210t\2201\220A";
+static const char __pyx_k_SSH_CRYPT[] = "SSH_CRYPT";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_b_address[] = "b_address";
+static const char __pyx_k_b_message[] = "b_message";
+static const char __pyx_k_c_address[] = "c_address";
+static const char __pyx_k_c_message[] = "c_message";
+static const char __pyx_k_c_service[] = "c_service";
+static const char __pyx_k_channel_2[] = "_channel";
+static const char __pyx_k_connector[] = "_connector";
 static const char __pyx_k_dest_port[] = "dest_port";
+static const char __pyx_k_get_error[] = "get_error";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_sftp_init[] = "sftp_init";
+static const char __pyx_k_A_AT_at1_q[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026.\250a\250t\2601\330\010\017\210q";
+static const char __pyx_k_A_A_at_a_d[] = "\200A\330\010\034\230A\340\r\016\330\014\026\320\026&\240a\240t\250;\260a\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_Qd_83a_q[] = "\200A\360\006\000\016\017\330\014\033\320\033-\250Q\250d\260!\330\010\013\2108\2203\220a\330\014\r\330\010\021\220\021\330\010\017\210q";
+static const char __pyx_k_A_q_Kq_1_d[] = "\200A\340\r\016\330\014\026\320\026'\240q\250\004\250K\260q\270\013\3001\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_q_oQ_K_d[] = "\200A\330\010\037\230q\340\r\016\330\014\026\220o\240Q\330\020\024\220K\230{\250!\330\010\017\320\017!\240\021\240$\240d\250!";
 static const char __pyx_k_SSH_CLOSED[] = "SSH_CLOSED";
+static const char __pyx_k_b_filepath[] = "b_filepath";
+static const char __pyx_k_b_location[] = "b_location";
+static const char __pyx_k_b_password[] = "b_password";
+static const char __pyx_k_b_username[] = "b_username";
 static const char __pyx_k_bound_port[] = "bound_port";
+static const char __pyx_k_c_filepath[] = "c_filepath";
+static const char __pyx_k_c_location[] = "c_location";
+static const char __pyx_k_c_password[] = "c_password";
+static const char __pyx_k_c_username[] = "c_username";
+static const char __pyx_k_disconnect[] = "disconnect";
 static const char __pyx_k_exceptions[] = "exceptions";
+static const char __pyx_k_get_status[] = "get_status";
+static const char __pyx_k_known_host[] = "_known_host";
+static const char __pyx_k_passphrase[] = "passphrase";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
+static const char __pyx_k_send_debug[] = "send_debug";
+static const char __pyx_k_set_socket[] = "set_socket";
 static const char __pyx_k_submethods[] = "submethods";
+static const char __pyx_k_A_0_Q_83a_q[] = "\200A\360\006\000\016\017\330\014\033\320\0330\260\001\260\024\260Q\330\010\013\2108\2203\220a\330\014\r\330\010\021\220\021\330\010\017\210q";
+static const char __pyx_k_A_AT_6at1_q[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\0266\260a\260t\2701\330\010\017\210q";
+static const char __pyx_k_A_a_22EQa_d[] = "\200A\340\r\016\330\014\026\320\026&\240a\330\020\024\320\0242\3202E\300Q\300a\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_a_6_A_q_q[] = "\200A\360\006\000\016\017\330\014\031\320\031)\250\021\250$\250a\330\010\013\2106\220\023\220A\330\014\r\330\010\017\210q\330\010\017\210q";
+static const char __pyx_k_A_at1_83a_q[] = "\200A\360\006\000\016\017\330\014\033\320\033.\250a\250t\2601\330\010\013\2108\2203\220a\330\014\r\330\010\021\220\021\330\010\017\210q";
+static const char __pyx_k_A_at_fJaq_d[] = "\200A\360\n\000\016\017\330\014\026\320\026&\240a\240t\250;\260f\270J\300a\300q\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_q_Kq_Qd_a[] = "\210\001\340\014(\320(A\300\021\300!\330\021\022\330\020\032\320\032/\250q\260\004\260K\270q\330\014\023\320\023%\240Q\240d\250$\250a";
 static const char __pyx_k_MemoryError[] = "MemoryError";
 static const char __pyx_k_OptionError[] = "OptionError";
+static const char __pyx_k_SSH_MAC_C_S[] = "SSH_MAC_C_S";
+static const char __pyx_k_SSH_MAC_S_C[] = "SSH_MAC_S_C";
+static const char __pyx_k_channel_new[] = "channel_new";
+static const char __pyx_k_destination[] = "destination";
+static const char __pyx_k_get_hmac_in[] = "get_hmac_in";
+static const char __pyx_k_get_version[] = "get_version";
+static const char __pyx_k_instruction[] = "_instruction";
+static const char __pyx_k_is_blocking[] = "is_blocking";
+static const char __pyx_k_options_get[] = "options_get";
+static const char __pyx_k_options_set[] = "options_set";
+static const char __pyx_k_port_target[] = "port_target";
+static const char __pyx_k_send_ignore[] = "send_ignore";
+static const char __pyx_k_ssh_session[] = "ssh.session";
+static const char __pyx_k_A_2_4q_s_q_q[] = "\200A\360\006\000\016\017\330\014\037\320\0372\260!\2604\260q\330\010\013\210<\220s\230!\330\014\r\330\010\027\220q\330\010\017\210q";
+static const char __pyx_k_A_4q_6_A_q_q[] = "\200A\360\006\000\016\017\330\014\031\320\031*\250!\2504\250q\330\010\013\2106\220\023\220A\330\014\r\330\010\017\210q\330\010\017\210q";
+static const char __pyx_k_A_AT_4q_at4q[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026*\250!\2504\250q\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_A_AT_5Qd_q_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\031\320\0315\260Q\260d\270!\330\010\021\220\026\220q\230\010\240\001\330\010\017\210q";
+static const char __pyx_k_A_xq_q_1_K_d[] = "\200A\330\010\037\230x\240q\250\001\330\010\037\230q\340\r\016\330\014\026\320\0261\260\021\330\020\024\220K\230{\250!\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_SSH_COMP_C_S[] = "SSH_COMP_C_S";
+static const char __pyx_k_SSH_COMP_S_C[] = "SSH_COMP_S_C";
+static const char __pyx_k_SSH_HOSTKEYS[] = "SSH_HOSTKEYS";
+static const char __pyx_k_SSH_LANG_C_S[] = "SSH_LANG_C_S";
+static const char __pyx_k_SSH_LANG_S_C[] = "SSH_LANG_S_C";
+static const char __pyx_k_b_known_host[] = "b_known_host";
+static const char __pyx_k_b_passphrase[] = "b_passphrase";
+static const char __pyx_k_b_submethods[] = "b_submethods";
+static const char __pyx_k_c_passphrase[] = "c_passphrase";
+static const char __pyx_k_c_submethods[] = "c_submethods";
+static const char __pyx_k_copy_options[] = "copy_options";
+static const char __pyx_k_get_hmac_out[] = "get_hmac_out";
+static const char __pyx_k_get_kex_algo[] = "get_kex_algo";
+static const char __pyx_k_is_connected[] = "is_connected";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_set_blocking[] = "set_blocking";
+static const char __pyx_k_set_counters[] = "set_counters";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_A_AT_6at1_A_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\033\320\0336\260a\260t\2701\330\010\024\220A\330\010\017\210q";
+static const char __pyx_k_A_AT_9_Kq_1_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\033\320\0339\270\021\330\020\024\220K\230q\330\010\023\2201\330\010\017\210q";
+static const char __pyx_k_A_q_A_6_A_vQa[] = "\200A\360\006\000\016\017\330\014\031\230\036\240q\250\004\250A\330\010\013\2106\220\023\220A\330\014\r\330\010\022\220!\330\010\017\210v\220Q\220a";
 static const char __pyx_k_InvalidAPIUse[] = "InvalidAPIUse";
 static const char __pyx_k_SSH_AUTH_INFO[] = "SSH_AUTH_INFO";
+static const char __pyx_k_SSH_CRYPT_C_S[] = "SSH_CRYPT_C_S";
+static const char __pyx_k_SSH_CRYPT_S_C[] = "SSH_CRYPT_S_C";
+static const char __pyx_k_b_instruction[] = "b_instruction";
+static const char __pyx_k_connector_new[] = "connector_new";
+static const char __pyx_k_get_cipher_in[] = "get_cipher_in";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_set_fd_except[] = "set_fd_except";
+static const char __pyx_k_set_fd_toread[] = "set_fd_toread";
+static const char __pyx_k_userauth_list[] = "userauth_list";
+static const char __pyx_k_userauth_none[] = "userauth_none";
+static const char __pyx_k_A_AT_0_Q_83a_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\033\320\0330\260\001\260\024\260Q\330\010\013\2108\2203\220a\330\014\r\330\010\021\220\021\330\010\017\210q";
+static const char __pyx_k_A_XQa_at_fJa_d[] = "\200A\360\022\000\t\036\230X\240Q\240a\360\006\000\t\023\220!\330\r\016\330\014\026\320\026&\240a\240t\250;\260f\270J\300a\330\010\017\320\017!\240\021\240$\240d\250!";
+static const char __pyx_k_A_xq_q_1_K_d_2[] = "\200A\330\010\037\230x\240q\250\001\330\010\037\230q\340\r\016\330\014\026\320\0261\260\021\330\020\024\220K\230{\250&\260\001\260\021\330\010\017\320\017!\240\021\240$\240d\250!";
 static const char __pyx_k_SSH_AUTH_AGAIN[] = "SSH_AUTH_AGAIN";
 static const char __pyx_k_SSH_AUTH_ERROR[] = "SSH_AUTH_ERROR";
+static const char __pyx_k_Session_get_fd[] = "Session.get_fd";
+static const char __pyx_k_accept_forward[] = "accept_forward";
 static const char __pyx_k_always_display[] = "always_display";
+static const char __pyx_k_blocking_flush[] = "blocking_flush";
+static const char __pyx_k_cancel_forward[] = "cancel_forward";
+static const char __pyx_k_dump_knownhost[] = "dump_knownhost";
+static const char __pyx_k_get_cipher_out[] = "get_cipher_out";
+static const char __pyx_k_get_error_code[] = "get_error_code";
+static const char __pyx_k_get_poll_flags[] = "get_poll_flags";
+static const char __pyx_k_listen_forward[] = "listen_forward";
+static const char __pyx_k_options_getopt[] = "options_getopt";
+static const char __pyx_k_set_fd_towrite[] = "set_fd_towrite";
+static const char __pyx_k_userauth_agent[] = "userauth_agent";
+static const char __pyx_k_A_1_AT_K_1_at4q[] = "\200A\330\010 \240\010\250\001\250\021\330\010\"\240(\250!\2501\330\010 \240\001\330\010\"\240!\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026*\250!\330\020\024\220K\230|\2501\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_A_AT_AT_9Cq_Q_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\034\320\034,\250A\250T\260\021\330\010\013\2109\220C\220q\330\014\022\220!\330\010\031\230\031\240!\240:\250Q\330\010\017\210q";
+static const char __pyx_k_A_AT_A_K_1_at4q[] = "\200A\330\010 \240\010\250\001\250\021\330\010 \240\010\250\001\250\021\330\010 \240\001\330\010 \240\001\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026,\250A\330\020\024\220K\230|\2501\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_A_AT_C1_A_axq_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014 \320 C\3001\330\020\024\220A\330\010\030\230\006\230a\230x\240q\330\010\017\210q";
+static const char __pyx_k_A_A_AT_9_Ks_1_q[] = "\200A\360\006\000\t\035\230A\330\r\016\330\014\034\230A\230T\240\021\330\014\033\320\0339\270\021\330\020\024\220K\230s\240!\330\010\023\2201\330\010\017\210q";
 static const char __pyx_k_SSH_AUTH_DENIED[] = "SSH_AUTH_DENIED";
+static const char __pyx_k_Session_connect[] = "Session.connect";
+static const char __pyx_k_Session_scp_new[] = "Session.scp_new";
+static const char __pyx_k_is_server_known[] = "is_server_known";
+static const char __pyx_k_service_request[] = "service_request";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_ssh_session_pyx[] = "ssh/session.pyx";
+static const char __pyx_k_userauth_gssapi[] = "userauth_gssapi";
+static const char __pyx_k_userauth_kbdint[] = "userauth_kbdint";
+static const char __pyx_k_write_knownhost[] = "write_knownhost";
+static const char __pyx_k_A_AT_1_KvV1_at4q[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\0261\260\021\330\020\024\220K\230v\240V\2501\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_A_AT_Q_KvWA_at4q[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\026-\250Q\330\020\024\220K\230v\240W\250A\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_HAQ_A_Q_Qd_Q_4t1[] = "\210\001\330\014$\240H\250A\250Q\330\014$\240A\340\021\022\330\020 \240\001\240\024\240Q\330\020\032\320\032-\250Q\250d\260+\270Q\330\014\023\320\023*\250!\2504\250t\2601";
 static const char __pyx_k_SSH_AUTH_PARTIAL[] = "SSH_AUTH_PARTIAL";
 static const char __pyx_k_SSH_AUTH_SUCCESS[] = "SSH_AUTH_SUCCESS";
 static const char __pyx_k_SSH_CLOSED_ERROR[] = "SSH_CLOSED_ERROR";
 static const char __pyx_k_SSH_READ_PENDING[] = "SSH_READ_PENDING";
+static const char __pyx_k_Session_sftp_new[] = "Session.sftp_new";
+static const char __pyx_k_get_clientbanner[] = "get_clientbanner";
+static const char __pyx_k_get_issue_banner[] = "get_issue_banner";
+static const char __pyx_k_get_serverbanner[] = "get_serverbanner";
+static const char __pyx_k_gssapi_set_creds[] = "gssapi_set_creds";
+static const char __pyx_k_options_get_port[] = "options_get_port";
+static const char __pyx_k_options_set_port[] = "options_set_port";
+static const char __pyx_k_set_agent_socket[] = "set_agent_socket";
+static const char __pyx_k_A_1_AT_2_KvQ_at4q[] = "\200A\330\010\"\240(\250!\2501\330\010\"\240!\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\0262\260!\330\020\024\220K\230v\240Q\330\010\017\320\017&\240a\240t\2504\250q";
+static const char __pyx_k_A_AT_7q_Ky_9Cq_iq[] = "\200A\340\r\016\330\014\034\230A\230T\240\021\330\014\034\320\0347\260q\330\020\024\220K\230y\250\001\250\021\330\010\013\2109\220C\220q\330\014\r\330\010\026\220i\230q\240\n\250!";
+static const char __pyx_k_A_a_AT_4A_Ks_at4q[] = "\200A\330\010\036\230a\340\r\016\330\014\034\230A\230T\240\021\330\014\026\320\0264\260A\330\020\024\220K\230s\240/\260\021\330\010\017\320\017&\240a\240t\2504\250q";
 static const char __pyx_k_SSH_WRITE_PENDING[] = "SSH_WRITE_PENDING";
+static const char __pyx_k_Session_get_error[] = "Session.get_error";
+static const char __pyx_k_Session_sftp_init[] = "Session.sftp_init";
+static const char __pyx_k_set_agent_channel[] = "set_agent_channel";
+static const char __pyx_k_silent_disconnect[] = "silent_disconnect";
+static const char __pyx_k_userauth_password[] = "userauth_password";
 static const char __pyx_k_ChannelOpenFailure[] = "ChannelOpenFailure";
+static const char __pyx_k_Session_disconnect[] = "Session.disconnect";
+static const char __pyx_k_Session_get_status[] = "Session.get_status";
+static const char __pyx_k_Session_send_debug[] = "Session.send_debug";
+static const char __pyx_k_Session_set_socket[] = "Session.set_socket";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_userauth_publickey[] = "userauth_publickey";
 static const char __pyx_k_NotImplementedError[] = "NotImplementedError";
+static const char __pyx_k_Session_channel_new[] = "Session.channel_new";
+static const char __pyx_k_Session_get_hmac_in[] = "Session.get_hmac_in";
+static const char __pyx_k_Session_get_version[] = "Session.get_version";
+static const char __pyx_k_Session_is_blocking[] = "Session.is_blocking";
+static const char __pyx_k_Session_options_get[] = "Session.options_get";
+static const char __pyx_k_Session_options_set[] = "Session.options_set";
+static const char __pyx_k_Session_send_ignore[] = "Session.send_ignore";
+static const char __pyx_k_get_openssh_version[] = "get_openssh_version";
+static const char __pyx_k_options_set_int_val[] = "options_set_int_val";
+static const char __pyx_k_Session_copy_options[] = "Session.copy_options";
+static const char __pyx_k_Session_get_hmac_out[] = "Session.get_hmac_out";
+static const char __pyx_k_Session_get_kex_algo[] = "Session.get_kex_algo";
+static const char __pyx_k_Session_is_connected[] = "Session.is_connected";
+static const char __pyx_k_Session_set_blocking[] = "Session.set_blocking";
+static const char __pyx_k_Session_set_counters[] = "Session.set_counters";
+static const char __pyx_k_get_server_publickey[] = "get_server_publickey";
+static const char __pyx_k_options_parse_config[] = "options_parse_config";
+static const char __pyx_k_Session_connector_new[] = "Session.connector_new";
+static const char __pyx_k_Session_get_cipher_in[] = "Session.get_cipher_in";
+static const char __pyx_k_Session_set_fd_except[] = "Session.set_fd_except";
+static const char __pyx_k_Session_set_fd_toread[] = "Session.set_fd_toread";
+static const char __pyx_k_Session_userauth_list[] = "Session.userauth_list";
+static const char __pyx_k_Session_userauth_none[] = "Session.userauth_none";
+static const char __pyx_k_A_A_a_KvZq_3b_aq_1_vQa[] = "\200A\360\n\000\t\035\230A\360\006\000\016\017\330\014\026\320\026&\240a\330\020\024\220K\230v\240Z\250q\330\010\013\2103\210b\220\001\330\014\022\220!\330\010\021\220\025\220a\220q\330\010\022\220!\330\r\"\240!\2401\330\010\017\210v\220Q\220a";
+static const char __pyx_k_Session_accept_forward[] = "Session.accept_forward";
+static const char __pyx_k_Session_blocking_flush[] = "Session.blocking_flush";
+static const char __pyx_k_Session_cancel_forward[] = "Session.cancel_forward";
+static const char __pyx_k_Session_dump_knownhost[] = "Session.dump_knownhost";
+static const char __pyx_k_Session_get_cipher_out[] = "Session.get_cipher_out";
+static const char __pyx_k_Session_get_error_code[] = "Session.get_error_code";
+static const char __pyx_k_Session_get_poll_flags[] = "Session.get_poll_flags";
+static const char __pyx_k_Session_listen_forward[] = "Session.listen_forward";
+static const char __pyx_k_Session_options_getopt[] = "Session.options_getopt";
+static const char __pyx_k_Session_set_fd_towrite[] = "Session.set_fd_towrite";
+static const char __pyx_k_Session_userauth_agent[] = "Session.userauth_agent";
+static const char __pyx_k_get_disconnect_message[] = "get_disconnect_message";
+static const char __pyx_k_userauth_try_publickey[] = "userauth_try_publickey";
+static const char __pyx_k_A_AT_HAT_6_A_Q_Q_9AWA_q[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\024\220H\230A\230T\240\021\330\010\013\2106\220\023\220A\330\014\023\320\023%\240Q\330\025(\250\001\250\024\250\\\270\024\270Q\330\010\023\2209\230A\230W\240A\330\010\017\210q";
+static const char __pyx_k_Session___reduce_cython[] = "Session.__reduce_cython__";
+static const char __pyx_k_Session_is_server_known[] = "Session.is_server_known";
+static const char __pyx_k_Session_service_request[] = "Session.service_request";
+static const char __pyx_k_Session_userauth_gssapi[] = "Session.userauth_gssapi";
+static const char __pyx_k_Session_userauth_kbdint[] = "Session.userauth_kbdint";
+static const char __pyx_k_Session_write_knownhost[] = "Session.write_knownhost";
+static const char __pyx_k_userauth_kbdint_getname[] = "userauth_kbdint_getname";
+static const char __pyx_k_userauth_publickey_auto[] = "userauth_publickey_auto";
+static const char __pyx_k_Session_get_clientbanner[] = "Session.get_clientbanner";
+static const char __pyx_k_Session_get_issue_banner[] = "Session.get_issue_banner";
+static const char __pyx_k_Session_get_serverbanner[] = "Session.get_serverbanner";
+static const char __pyx_k_Session_gssapi_set_creds[] = "Session.gssapi_set_creds";
 static const char __pyx_k_Session_is_not_connected[] = "Session is not connected";
+static const char __pyx_k_Session_options_get_port[] = "Session.options_get_port";
+static const char __pyx_k_Session_options_set_port[] = "Session.options_set_port";
+static const char __pyx_k_Session_set_agent_socket[] = "Session.set_agent_socket";
+static const char __pyx_k_A_Qa_9_HA_IQ_at_d_1_4t1_q[] = "\200A\360\014\000\t%\320$=\270Q\270a\330\0109\270\021\340\010\014\210H\220A\330\010\014\210I\220Q\330\r\016\330\014\026\320\026&\240a\240t\250;\260d\270!\2701\330\010\032\230!\2304\230t\2401\330\010\017\210q";
+static const char __pyx_k_Session___setstate_cython[] = "Session.__setstate_cython__";
+static const char __pyx_k_Session_set_agent_channel[] = "Session.set_agent_channel";
+static const char __pyx_k_Session_silent_disconnect[] = "Session.silent_disconnect";
+static const char __pyx_k_Session_userauth_password[] = "Session.userauth_password";
+static const char __pyx_k_userauth_kbdint_getanswer[] = "userauth_kbdint_getanswer";
+static const char __pyx_k_userauth_kbdint_getprompt[] = "userauth_kbdint_getprompt";
+static const char __pyx_k_userauth_kbdint_setanswer[] = "userauth_kbdint_setanswer";
+static const char __pyx_k_Session_userauth_publickey[] = "Session.userauth_publickey";
+static const char __pyx_k_Session_get_openssh_version[] = "Session.get_openssh_version";
+static const char __pyx_k_Session_options_set_int_val[] = "Session.options_set_int_val";
+static const char __pyx_k_userauth_kbdint_getnanswers[] = "userauth_kbdint_getnanswers";
+static const char __pyx_k_userauth_kbdint_getnprompts[] = "userauth_kbdint_getnprompts";
+static const char __pyx_k_A_AT_A_uCq_q_Kq_s_1_Qd_a_Yaq[] = "\200A\360\006\000\016\017\330\014\034\230A\230T\240\021\330\014\030\230\014\240A\330\014\017\210u\220C\220q\330\025\026\330\024\025\330\014\026\320\026/\250q\260\004\260K\270q\300\001\330\014\017\210s\220(\230!\330\025\"\240!\2401\330\025\026\330\024\033\320\033-\250Q\250d\260$\260a\330\010\025\220Y\230a\230q";
+static const char __pyx_k_Session_get_server_publickey[] = "Session.get_server_publickey";
+static const char __pyx_k_Session_options_parse_config[] = "Session.options_parse_config";
+static const char __pyx_k_A_AT_F_uCq_Q_0_Q_M_1_Q_0_Q_1F[] = "\200A\360\006\000\t!\240\010\250\001\250\021\330\010 \240\001\330\r\016\330\014\030\230\014\240A\240T\250\033\260F\270!\330\014\017\210u\220C\220q\330\025\026\330\024\033\320\033-\250Q\330\0350\260\001\260\024\260\\\300\024\300Q\330\014\024\220M\240\021\240&\250\010\260\001\330\025\"\240!\2401\330\025\026\330\024\033\320\033-\250Q\330\0350\260\001\260\024\260\\\300\024\300Q\330\010\022\220)\2301\230F\240!";
+static const char __pyx_k_A_AT_HAT_vS_Q_0_Q_1_9AWA_4t1_q[] = "\200A\360\020\000\016\017\330\014\034\230A\230T\240\021\330\014\024\220H\230A\230T\240\021\330\014\017\210v\220S\230\001\330\025\026\330\024\033\320\033-\250Q\330\0350\260\001\260\024\260\\\300\024\300Q\330\014\021\220\031\230!\2301\330\010\023\2209\230A\230W\240A\330\010\032\230!\2304\230t\2401\330\010\017\210q";
+static const char __pyx_k_Session_get_disconnect_message[] = "Session.get_disconnect_message";
+static const char __pyx_k_Session_userauth_try_publickey[] = "Session.userauth_try_publickey";
+static const char __pyx_k_userauth_kbdint_getinstruction[] = "userauth_kbdint_getinstruction";
+static const char __pyx_k_Session_userauth_kbdint_getname[] = "Session.userauth_kbdint_getname";
+static const char __pyx_k_Session_userauth_publickey_auto[] = "Session.userauth_publickey_auto";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
+static const char __pyx_k_Session_options_set_gssapi_deleg[] = "Session.options_set_gssapi_delegate_credentials";
+static const char __pyx_k_Session_userauth_kbdint_getanswe[] = "Session.userauth_kbdint_getanswer";
+static const char __pyx_k_Session_userauth_kbdint_getinstr[] = "Session.userauth_kbdint_getinstruction";
+static const char __pyx_k_Session_userauth_kbdint_getnansw[] = "Session.userauth_kbdint_getnanswers";
+static const char __pyx_k_Session_userauth_kbdint_getnprom[] = "Session.userauth_kbdint_getnprompts";
+static const char __pyx_k_Session_userauth_kbdint_getpromp[] = "Session.userauth_kbdint_getprompt";
+static const char __pyx_k_Session_userauth_kbdint_setanswe[] = "Session.userauth_kbdint_setanswer";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_ChannelOpenFailure;
-static PyObject *__pyx_n_s_InvalidAPIUse;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_NotImplementedError;
-static PyObject *__pyx_n_s_OptionError;
-static PyObject *__pyx_n_s_SSH_AUTH_AGAIN;
-static PyObject *__pyx_n_s_SSH_AUTH_DENIED;
-static PyObject *__pyx_n_s_SSH_AUTH_ERROR;
-static PyObject *__pyx_n_s_SSH_AUTH_INFO;
-static PyObject *__pyx_n_s_SSH_AUTH_PARTIAL;
-static PyObject *__pyx_n_s_SSH_AUTH_SUCCESS;
-static PyObject *__pyx_n_s_SSH_CLOSED;
-static PyObject *__pyx_n_s_SSH_CLOSED_ERROR;
-static PyObject *__pyx_n_s_SSH_READ_PENDING;
-static PyObject *__pyx_n_s_SSH_WRITE_PENDING;
-static PyObject *__pyx_n_s_Session;
-static PyObject *__pyx_kp_s_Session_is_not_connected;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_address;
-static PyObject *__pyx_n_s_always_display;
-static PyObject *__pyx_n_s_answer;
-static PyObject *__pyx_n_s_bound_port;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_dest_port;
-static PyObject *__pyx_n_s_echo;
-static PyObject *__pyx_n_s_exceptions;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_i;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_location;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_message;
-static PyObject *__pyx_n_s_mode;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_option;
-static PyObject *__pyx_n_s_password;
-static PyObject *__pyx_n_s_port;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_rcounter;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_scounter;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_submethods;
-static PyObject *__pyx_n_s_test;
-static PyObject *__pyx_n_s_timeout;
-static PyObject *__pyx_n_s_username;
-static PyObject *__pyx_n_s_value;
+static const char __pyx_k_options_set_gssapi_delegate_cred[] = "options_set_gssapi_delegate_credentials";
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_7session_7Session___cinit__(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
 static void __pyx_pf_3ssh_7session_7Session_2__dealloc__(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_7session_7Session_4set_socket(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_socket); /* proto */
@@ -1833,294 +3109,1046 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_48copy_options(struct __pyx_obj
 static PyObject *__pyx_pf_3ssh_7session_7Session_50options_getopt(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_7session_7Session_52options_parse_config(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_filepath); /* proto */
 static PyObject *__pyx_pf_3ssh_7session_7Session_54options_set_port(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_port); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_56options_set_gssapi_delegate_credentials(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_delegate); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_58options_set(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option, PyObject *__pyx_v_value); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_60options_get(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_62options_get_port(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_port_target); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_64send_ignore(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_data); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_66send_debug(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_message, int __pyx_v_always_display); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_68gssapi_set_creds(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_creds); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_70service_request(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_service); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_72set_agent_channel(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_74set_agent_socket(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_socket); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_76set_blocking(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_blocking); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_78set_counters(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_scounter, CYTHON_UNUSED PyObject *__pyx_v_rcounter); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_80set_fd_except(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_82set_fd_toread(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_84set_fd_towrite(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_86silent_disconnect(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_88userauth_none(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_90userauth_list(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_92userauth_try_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pubkey); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_94userauth_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_privkey); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_96userauth_agent(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_98userauth_publickey_auto(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_passphrase); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_100userauth_password(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_password); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_102userauth_kbdint(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_submethods); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_104userauth_kbdint_getinstruction(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getname(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getnprompts(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getprompt(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_echo); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getnanswers(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_116userauth_kbdint_setanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_answer); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_118userauth_gssapi(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_120write_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_122dump_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_124get_clientbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_126get_serverbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_128get_kex_algo(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_130get_cipher_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_132get_cipher_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_134get_hmac_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_136get_hmac_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_138get_error(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_140get_error_code(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_142scp_new(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_mode, PyObject *__pyx_v_location); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_56options_get_port(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_port_target); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_58options_set_gssapi_delegate_credentials(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_delegate); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_60options_set(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option, PyObject *__pyx_v_value); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_62options_get(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_64options_set_int_val(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option, int __pyx_v_value); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_66send_ignore(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_data); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_68send_debug(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_message, int __pyx_v_always_display); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_70gssapi_set_creds(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_creds); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_72service_request(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_service); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_74set_agent_channel(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_76set_agent_socket(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_socket); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_78set_blocking(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_blocking); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_80set_counters(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_scounter, CYTHON_UNUSED PyObject *__pyx_v_rcounter); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_82set_fd_except(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_84set_fd_toread(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_86set_fd_towrite(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_88silent_disconnect(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_90userauth_none(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_92userauth_list(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_94userauth_try_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pubkey); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_96userauth_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_privkey); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_98userauth_agent(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_100userauth_publickey_auto(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_passphrase); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_102userauth_password(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_password); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_104userauth_kbdint(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_submethods); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getinstruction(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getname(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getnprompts(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getprompt(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_echo); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getnanswers(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_116userauth_kbdint_getanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_118userauth_kbdint_setanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_answer); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_120userauth_gssapi(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_122write_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_124dump_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_126get_clientbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_128get_serverbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_130get_kex_algo(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_132get_cipher_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_134get_cipher_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_136get_hmac_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_138get_hmac_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_140get_error(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_142get_error_code(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_144scp_new(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_mode, PyObject *__pyx_v_location); /* proto */
 static PyObject *__pyx_pf_3ssh_7session_7Session_4sock___get__(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_144__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
-static PyObject *__pyx_pf_3ssh_7session_7Session_146__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_146__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self); /* proto */
+static PyObject *__pyx_pf_3ssh_7session_7Session_148__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_7session_Session(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-/* Late includes */
-
-/* "ssh/session.pyx":51
- * 
- * 
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:             # <<<<<<<<<<<<<<
- *     if not c_ssh.ssh_is_connected(session):
- *         with gil:
- */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
 
-static int __pyx_f_3ssh_7session__check_connected(ssh_session __pyx_v_session) {
-  int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  int __pyx_t_1;
-  PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
-  PyObject *__pyx_t_4 = NULL;
-  int __pyx_lineno = 0;
-  const char *__pyx_filename = NULL;
-  int __pyx_clineno = 0;
-  #ifdef WITH_THREAD
-  PyGILState_STATE __pyx_gilstate_save;
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
   #endif
-  __Pyx_RefNannySetupContext("_check_connected", 1);
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_7cpython_4type_type;
+  PyTypeObject *__pyx_ptype_7cpython_4bool_bool;
+  PyTypeObject *__pyx_ptype_7cpython_7complex_complex;
+  PyTypeObject *__pyx_ptype_3ssh_7channel_Channel;
+  PyTypeObject *__pyx_ptype_3ssh_9connector_Flag;
+  PyTypeObject *__pyx_ptype_3ssh_9connector_Connector;
+  PyTypeObject *__pyx_ptype_3ssh_7options_Option;
+  PyTypeObject *__pyx_ptype_3ssh_3key_SSHKey;
+  PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP;
+  PyTypeObject *__pyx_ptype_3ssh_3scp_SCP;
+  PyObject *__pyx_type_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_codeobj_tab[73];
+  PyObject *__pyx_string_tab[293];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
 
-  /* "ssh/session.pyx":52
- * 
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:
- *     if not c_ssh.ssh_is_connected(session):             # <<<<<<<<<<<<<<
- *         with gil:
- *             raise InvalidAPIUse("Session is not connected")
- */
-  /*try:*/ {
-    __pyx_t_1 = ((!(ssh_is_connected(__pyx_v_session) != 0)) != 0);
-    if (__pyx_t_1) {
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
 
-      /* "ssh/session.pyx":53
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:
- *     if not c_ssh.ssh_is_connected(session):
- *         with gil:             # <<<<<<<<<<<<<<
- *             raise InvalidAPIUse("Session is not connected")
- *     return 0
- */
-      {
-          #ifdef WITH_THREAD
-          PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-          #endif
-          /*try:*/ {
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
 
-            /* "ssh/session.pyx":54
- *     if not c_ssh.ssh_is_connected(session):
- *         with gil:
- *             raise InvalidAPIUse("Session is not connected")             # <<<<<<<<<<<<<<
- *     return 0
- * 
- */
-            __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_InvalidAPIUse); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 54, __pyx_L8_error)
-            __Pyx_GOTREF(__pyx_t_3);
-            __pyx_t_4 = NULL;
-            if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-              __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_3);
-              if (likely(__pyx_t_4)) {
-                PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-                __Pyx_INCREF(__pyx_t_4);
-                __Pyx_INCREF(function);
-                __Pyx_DECREF_SET(__pyx_t_3, function);
-              }
-            }
-            __pyx_t_2 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_4, __pyx_kp_s_Session_is_not_connected) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_kp_s_Session_is_not_connected);
-            __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-            if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 54, __pyx_L8_error)
-            __Pyx_GOTREF(__pyx_t_2);
-            __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-            __Pyx_Raise(__pyx_t_2, 0, 0, 0);
-            __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-            __PYX_ERR(0, 54, __pyx_L8_error)
-          }
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
 
-          /* "ssh/session.pyx":53
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:
- *     if not c_ssh.ssh_is_connected(session):
- *         with gil:             # <<<<<<<<<<<<<<
- *             raise InvalidAPIUse("Session is not connected")
- *     return 0
- */
-          /*finally:*/ {
-            __pyx_L8_error: {
-              #ifdef WITH_THREAD
-              __Pyx_PyGILState_Release(__pyx_gilstate_save);
-              #endif
-              goto __pyx_L4_error;
-            }
-          }
-      }
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
 
-      /* "ssh/session.pyx":52
- * 
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:
- *     if not c_ssh.ssh_is_connected(session):             # <<<<<<<<<<<<<<
- *         with gil:
- *             raise InvalidAPIUse("Session is not connected")
- */
-    }
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_ChannelOpenFailure __pyx_string_tab[1]
+#define __pyx_n_u_InvalidAPIUse __pyx_string_tab[2]
+#define __pyx_n_u_MemoryError __pyx_string_tab[3]
+#define __pyx_n_u_NotImplementedError __pyx_string_tab[4]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[5]
+#define __pyx_n_u_OptionError __pyx_string_tab[6]
+#define __pyx_n_u_SSH_AUTH_AGAIN __pyx_string_tab[7]
+#define __pyx_n_u_SSH_AUTH_DENIED __pyx_string_tab[8]
+#define __pyx_n_u_SSH_AUTH_ERROR __pyx_string_tab[9]
+#define __pyx_n_u_SSH_AUTH_INFO __pyx_string_tab[10]
+#define __pyx_n_u_SSH_AUTH_PARTIAL __pyx_string_tab[11]
+#define __pyx_n_u_SSH_AUTH_SUCCESS __pyx_string_tab[12]
+#define __pyx_n_u_SSH_CLOSED __pyx_string_tab[13]
+#define __pyx_n_u_SSH_CLOSED_ERROR __pyx_string_tab[14]
+#define __pyx_n_u_SSH_COMP __pyx_string_tab[15]
+#define __pyx_n_u_SSH_COMP_C_S __pyx_string_tab[16]
+#define __pyx_n_u_SSH_COMP_S_C __pyx_string_tab[17]
+#define __pyx_n_u_SSH_CRYPT __pyx_string_tab[18]
+#define __pyx_n_u_SSH_CRYPT_C_S __pyx_string_tab[19]
+#define __pyx_n_u_SSH_CRYPT_S_C __pyx_string_tab[20]
+#define __pyx_n_u_SSH_HOSTKEYS __pyx_string_tab[21]
+#define __pyx_n_u_SSH_KEX __pyx_string_tab[22]
+#define __pyx_n_u_SSH_LANG __pyx_string_tab[23]
+#define __pyx_n_u_SSH_LANG_C_S __pyx_string_tab[24]
+#define __pyx_n_u_SSH_LANG_S_C __pyx_string_tab[25]
+#define __pyx_n_u_SSH_MAC __pyx_string_tab[26]
+#define __pyx_n_u_SSH_MAC_C_S __pyx_string_tab[27]
+#define __pyx_n_u_SSH_MAC_S_C __pyx_string_tab[28]
+#define __pyx_n_u_SSH_READ_PENDING __pyx_string_tab[29]
+#define __pyx_n_u_SSH_WRITE_PENDING __pyx_string_tab[30]
+#define __pyx_n_u_Session __pyx_string_tab[31]
+#define __pyx_n_u_Session___reduce_cython __pyx_string_tab[32]
+#define __pyx_n_u_Session___setstate_cython __pyx_string_tab[33]
+#define __pyx_n_u_Session_accept_forward __pyx_string_tab[34]
+#define __pyx_n_u_Session_blocking_flush __pyx_string_tab[35]
+#define __pyx_n_u_Session_cancel_forward __pyx_string_tab[36]
+#define __pyx_n_u_Session_channel_new __pyx_string_tab[37]
+#define __pyx_n_u_Session_connect __pyx_string_tab[38]
+#define __pyx_n_u_Session_connector_new __pyx_string_tab[39]
+#define __pyx_n_u_Session_copy_options __pyx_string_tab[40]
+#define __pyx_n_u_Session_disconnect __pyx_string_tab[41]
+#define __pyx_n_u_Session_dump_knownhost __pyx_string_tab[42]
+#define __pyx_n_u_Session_get_cipher_in __pyx_string_tab[43]
+#define __pyx_n_u_Session_get_cipher_out __pyx_string_tab[44]
+#define __pyx_n_u_Session_get_clientbanner __pyx_string_tab[45]
+#define __pyx_n_u_Session_get_disconnect_message __pyx_string_tab[46]
+#define __pyx_n_u_Session_get_error __pyx_string_tab[47]
+#define __pyx_n_u_Session_get_error_code __pyx_string_tab[48]
+#define __pyx_n_u_Session_get_fd __pyx_string_tab[49]
+#define __pyx_n_u_Session_get_hmac_in __pyx_string_tab[50]
+#define __pyx_n_u_Session_get_hmac_out __pyx_string_tab[51]
+#define __pyx_n_u_Session_get_issue_banner __pyx_string_tab[52]
+#define __pyx_n_u_Session_get_kex_algo __pyx_string_tab[53]
+#define __pyx_n_u_Session_get_openssh_version __pyx_string_tab[54]
+#define __pyx_n_u_Session_get_poll_flags __pyx_string_tab[55]
+#define __pyx_n_u_Session_get_server_publickey __pyx_string_tab[56]
+#define __pyx_n_u_Session_get_serverbanner __pyx_string_tab[57]
+#define __pyx_n_u_Session_get_status __pyx_string_tab[58]
+#define __pyx_n_u_Session_get_version __pyx_string_tab[59]
+#define __pyx_n_u_Session_gssapi_set_creds __pyx_string_tab[60]
+#define __pyx_n_u_Session_is_blocking __pyx_string_tab[61]
+#define __pyx_n_u_Session_is_connected __pyx_string_tab[62]
+#define __pyx_kp_u_Session_is_not_connected __pyx_string_tab[63]
+#define __pyx_n_u_Session_is_server_known __pyx_string_tab[64]
+#define __pyx_n_u_Session_listen_forward __pyx_string_tab[65]
+#define __pyx_n_u_Session_options_get __pyx_string_tab[66]
+#define __pyx_n_u_Session_options_get_port __pyx_string_tab[67]
+#define __pyx_n_u_Session_options_getopt __pyx_string_tab[68]
+#define __pyx_n_u_Session_options_parse_config __pyx_string_tab[69]
+#define __pyx_n_u_Session_options_set __pyx_string_tab[70]
+#define __pyx_n_u_Session_options_set_gssapi_deleg __pyx_string_tab[71]
+#define __pyx_n_u_Session_options_set_int_val __pyx_string_tab[72]
+#define __pyx_n_u_Session_options_set_port __pyx_string_tab[73]
+#define __pyx_n_u_Session_scp_new __pyx_string_tab[74]
+#define __pyx_n_u_Session_send_debug __pyx_string_tab[75]
+#define __pyx_n_u_Session_send_ignore __pyx_string_tab[76]
+#define __pyx_n_u_Session_service_request __pyx_string_tab[77]
+#define __pyx_n_u_Session_set_agent_channel __pyx_string_tab[78]
+#define __pyx_n_u_Session_set_agent_socket __pyx_string_tab[79]
+#define __pyx_n_u_Session_set_blocking __pyx_string_tab[80]
+#define __pyx_n_u_Session_set_counters __pyx_string_tab[81]
+#define __pyx_n_u_Session_set_fd_except __pyx_string_tab[82]
+#define __pyx_n_u_Session_set_fd_toread __pyx_string_tab[83]
+#define __pyx_n_u_Session_set_fd_towrite __pyx_string_tab[84]
+#define __pyx_n_u_Session_set_socket __pyx_string_tab[85]
+#define __pyx_n_u_Session_sftp_init __pyx_string_tab[86]
+#define __pyx_n_u_Session_sftp_new __pyx_string_tab[87]
+#define __pyx_n_u_Session_silent_disconnect __pyx_string_tab[88]
+#define __pyx_n_u_Session_userauth_agent __pyx_string_tab[89]
+#define __pyx_n_u_Session_userauth_gssapi __pyx_string_tab[90]
+#define __pyx_n_u_Session_userauth_kbdint __pyx_string_tab[91]
+#define __pyx_n_u_Session_userauth_kbdint_getanswe __pyx_string_tab[92]
+#define __pyx_n_u_Session_userauth_kbdint_getinstr __pyx_string_tab[93]
+#define __pyx_n_u_Session_userauth_kbdint_getname __pyx_string_tab[94]
+#define __pyx_n_u_Session_userauth_kbdint_getnansw __pyx_string_tab[95]
+#define __pyx_n_u_Session_userauth_kbdint_getnprom __pyx_string_tab[96]
+#define __pyx_n_u_Session_userauth_kbdint_getpromp __pyx_string_tab[97]
+#define __pyx_n_u_Session_userauth_kbdint_setanswe __pyx_string_tab[98]
+#define __pyx_n_u_Session_userauth_list __pyx_string_tab[99]
+#define __pyx_n_u_Session_userauth_none __pyx_string_tab[100]
+#define __pyx_n_u_Session_userauth_password __pyx_string_tab[101]
+#define __pyx_n_u_Session_userauth_publickey __pyx_string_tab[102]
+#define __pyx_n_u_Session_userauth_publickey_auto __pyx_string_tab[103]
+#define __pyx_n_u_Session_userauth_try_publickey __pyx_string_tab[104]
+#define __pyx_n_u_Session_write_knownhost __pyx_string_tab[105]
+#define __pyx_n_u_TypeError __pyx_string_tab[106]
+#define __pyx_kp_u__2 __pyx_string_tab[107]
+#define __pyx_n_u_accept_forward __pyx_string_tab[108]
+#define __pyx_kp_u_add_note __pyx_string_tab[109]
+#define __pyx_n_u_address __pyx_string_tab[110]
+#define __pyx_n_u_algo __pyx_string_tab[111]
+#define __pyx_n_u_algo_2 __pyx_string_tab[112]
+#define __pyx_n_u_always_display __pyx_string_tab[113]
+#define __pyx_n_u_answer __pyx_string_tab[114]
+#define __pyx_n_u_answer_2 __pyx_string_tab[115]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[116]
+#define __pyx_n_u_b_address __pyx_string_tab[117]
+#define __pyx_n_u_b_answer __pyx_string_tab[118]
+#define __pyx_n_u_b_error __pyx_string_tab[119]
+#define __pyx_n_u_b_filepath __pyx_string_tab[120]
+#define __pyx_n_u_b_instruction __pyx_string_tab[121]
+#define __pyx_n_u_b_known_host __pyx_string_tab[122]
+#define __pyx_n_u_b_location __pyx_string_tab[123]
+#define __pyx_n_u_b_message __pyx_string_tab[124]
+#define __pyx_n_u_b_name __pyx_string_tab[125]
+#define __pyx_n_u_b_passphrase __pyx_string_tab[126]
+#define __pyx_n_u_b_password __pyx_string_tab[127]
+#define __pyx_n_u_b_prompt __pyx_string_tab[128]
+#define __pyx_n_u_b_submethods __pyx_string_tab[129]
+#define __pyx_n_u_b_username __pyx_string_tab[130]
+#define __pyx_n_u_b_value __pyx_string_tab[131]
+#define __pyx_n_u_banner __pyx_string_tab[132]
+#define __pyx_n_u_banner_2 __pyx_string_tab[133]
+#define __pyx_n_u_blocking __pyx_string_tab[134]
+#define __pyx_n_u_blocking_flush __pyx_string_tab[135]
+#define __pyx_n_u_bound_port __pyx_string_tab[136]
+#define __pyx_n_u_c_address __pyx_string_tab[137]
+#define __pyx_n_u_c_answer __pyx_string_tab[138]
+#define __pyx_n_u_c_data __pyx_string_tab[139]
+#define __pyx_n_u_c_echo __pyx_string_tab[140]
+#define __pyx_n_u_c_filepath __pyx_string_tab[141]
+#define __pyx_n_u_c_location __pyx_string_tab[142]
+#define __pyx_n_u_c_message __pyx_string_tab[143]
+#define __pyx_n_u_c_passphrase __pyx_string_tab[144]
+#define __pyx_n_u_c_password __pyx_string_tab[145]
+#define __pyx_n_u_c_service __pyx_string_tab[146]
+#define __pyx_n_u_c_submethods __pyx_string_tab[147]
+#define __pyx_n_u_c_username __pyx_string_tab[148]
+#define __pyx_n_u_c_value __pyx_string_tab[149]
+#define __pyx_n_u_cancel_forward __pyx_string_tab[150]
+#define __pyx_n_u_channel __pyx_string_tab[151]
+#define __pyx_n_u_channel_2 __pyx_string_tab[152]
+#define __pyx_n_u_channel_new __pyx_string_tab[153]
+#define __pyx_n_u_cipher __pyx_string_tab[154]
+#define __pyx_n_u_cipher_2 __pyx_string_tab[155]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[156]
+#define __pyx_n_u_connect __pyx_string_tab[157]
+#define __pyx_n_u_connector __pyx_string_tab[158]
+#define __pyx_n_u_connector_new __pyx_string_tab[159]
+#define __pyx_n_u_copy_options __pyx_string_tab[160]
+#define __pyx_n_u_creds __pyx_string_tab[161]
+#define __pyx_n_u_data __pyx_string_tab[162]
+#define __pyx_n_u_delegate __pyx_string_tab[163]
+#define __pyx_n_u_dest_port __pyx_string_tab[164]
+#define __pyx_n_u_destination __pyx_string_tab[165]
+#define __pyx_kp_u_disable __pyx_string_tab[166]
+#define __pyx_n_u_disconnect __pyx_string_tab[167]
+#define __pyx_n_u_dump_knownhost __pyx_string_tab[168]
+#define __pyx_n_u_echo __pyx_string_tab[169]
+#define __pyx_kp_u_enable __pyx_string_tab[170]
+#define __pyx_n_u_error __pyx_string_tab[171]
+#define __pyx_n_u_exceptions __pyx_string_tab[172]
+#define __pyx_n_u_fd __pyx_string_tab[173]
+#define __pyx_n_u_filepath __pyx_string_tab[174]
+#define __pyx_n_u_func __pyx_string_tab[175]
+#define __pyx_kp_u_gc __pyx_string_tab[176]
+#define __pyx_n_u_get_cipher_in __pyx_string_tab[177]
+#define __pyx_n_u_get_cipher_out __pyx_string_tab[178]
+#define __pyx_n_u_get_clientbanner __pyx_string_tab[179]
+#define __pyx_n_u_get_disconnect_message __pyx_string_tab[180]
+#define __pyx_n_u_get_error __pyx_string_tab[181]
+#define __pyx_n_u_get_error_code __pyx_string_tab[182]
+#define __pyx_n_u_get_fd __pyx_string_tab[183]
+#define __pyx_n_u_get_hmac_in __pyx_string_tab[184]
+#define __pyx_n_u_get_hmac_out __pyx_string_tab[185]
+#define __pyx_n_u_get_issue_banner __pyx_string_tab[186]
+#define __pyx_n_u_get_kex_algo __pyx_string_tab[187]
+#define __pyx_n_u_get_openssh_version __pyx_string_tab[188]
+#define __pyx_n_u_get_poll_flags __pyx_string_tab[189]
+#define __pyx_n_u_get_server_publickey __pyx_string_tab[190]
+#define __pyx_n_u_get_serverbanner __pyx_string_tab[191]
+#define __pyx_n_u_get_status __pyx_string_tab[192]
+#define __pyx_n_u_get_version __pyx_string_tab[193]
+#define __pyx_n_u_getstate __pyx_string_tab[194]
+#define __pyx_n_u_gssapi_set_creds __pyx_string_tab[195]
+#define __pyx_n_u_hmac __pyx_string_tab[196]
+#define __pyx_n_u_hmac_2 __pyx_string_tab[197]
+#define __pyx_n_u_i __pyx_string_tab[198]
+#define __pyx_n_u_instruction __pyx_string_tab[199]
+#define __pyx_n_u_is_blocking __pyx_string_tab[200]
+#define __pyx_n_u_is_connected __pyx_string_tab[201]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[202]
+#define __pyx_n_u_is_server_known __pyx_string_tab[203]
+#define __pyx_kp_u_isenabled __pyx_string_tab[204]
+#define __pyx_n_u_key __pyx_string_tab[205]
+#define __pyx_n_u_known_host __pyx_string_tab[206]
+#define __pyx_n_u_listen_forward __pyx_string_tab[207]
+#define __pyx_n_u_location __pyx_string_tab[208]
+#define __pyx_n_u_main __pyx_string_tab[209]
+#define __pyx_n_u_message __pyx_string_tab[210]
+#define __pyx_n_u_mode __pyx_string_tab[211]
+#define __pyx_n_u_module __pyx_string_tab[212]
+#define __pyx_n_u_name __pyx_string_tab[213]
+#define __pyx_n_u_name_2 __pyx_string_tab[214]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[215]
+#define __pyx_n_u_option __pyx_string_tab[216]
+#define __pyx_n_u_options_get __pyx_string_tab[217]
+#define __pyx_n_u_options_get_port __pyx_string_tab[218]
+#define __pyx_n_u_options_getopt __pyx_string_tab[219]
+#define __pyx_n_u_options_parse_config __pyx_string_tab[220]
+#define __pyx_n_u_options_set __pyx_string_tab[221]
+#define __pyx_n_u_options_set_gssapi_delegate_cred __pyx_string_tab[222]
+#define __pyx_n_u_options_set_int_val __pyx_string_tab[223]
+#define __pyx_n_u_options_set_port __pyx_string_tab[224]
+#define __pyx_n_u_passphrase __pyx_string_tab[225]
+#define __pyx_n_u_password __pyx_string_tab[226]
+#define __pyx_n_u_pop __pyx_string_tab[227]
+#define __pyx_n_u_port __pyx_string_tab[228]
+#define __pyx_n_u_port_target __pyx_string_tab[229]
+#define __pyx_n_u_privkey __pyx_string_tab[230]
+#define __pyx_n_u_prompt __pyx_string_tab[231]
+#define __pyx_n_u_pubkey __pyx_string_tab[232]
+#define __pyx_n_u_pyx_state __pyx_string_tab[233]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[234]
+#define __pyx_n_u_qualname __pyx_string_tab[235]
+#define __pyx_n_u_rc __pyx_string_tab[236]
+#define __pyx_n_u_rcounter __pyx_string_tab[237]
+#define __pyx_n_u_reduce __pyx_string_tab[238]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[239]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[240]
+#define __pyx_n_u_scounter __pyx_string_tab[241]
+#define __pyx_n_u_scp __pyx_string_tab[242]
+#define __pyx_n_u_scp_new __pyx_string_tab[243]
+#define __pyx_n_u_self __pyx_string_tab[244]
+#define __pyx_n_u_send_debug __pyx_string_tab[245]
+#define __pyx_n_u_send_ignore __pyx_string_tab[246]
+#define __pyx_n_u_service __pyx_string_tab[247]
+#define __pyx_n_u_service_request __pyx_string_tab[248]
+#define __pyx_n_u_set_agent_channel __pyx_string_tab[249]
+#define __pyx_n_u_set_agent_socket __pyx_string_tab[250]
+#define __pyx_n_u_set_blocking __pyx_string_tab[251]
+#define __pyx_n_u_set_counters __pyx_string_tab[252]
+#define __pyx_n_u_set_fd_except __pyx_string_tab[253]
+#define __pyx_n_u_set_fd_toread __pyx_string_tab[254]
+#define __pyx_n_u_set_fd_towrite __pyx_string_tab[255]
+#define __pyx_n_u_set_name __pyx_string_tab[256]
+#define __pyx_n_u_set_socket __pyx_string_tab[257]
+#define __pyx_n_u_setstate __pyx_string_tab[258]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[259]
+#define __pyx_n_u_sftp __pyx_string_tab[260]
+#define __pyx_n_u_sftp_2 __pyx_string_tab[261]
+#define __pyx_n_u_sftp_init __pyx_string_tab[262]
+#define __pyx_n_u_sftp_new __pyx_string_tab[263]
+#define __pyx_n_u_silent_disconnect __pyx_string_tab[264]
+#define __pyx_n_u_sock __pyx_string_tab[265]
+#define __pyx_n_u_socket __pyx_string_tab[266]
+#define __pyx_n_u_ssh_session __pyx_string_tab[267]
+#define __pyx_kp_u_ssh_session_pyx __pyx_string_tab[268]
+#define __pyx_kp_u_stringsource __pyx_string_tab[269]
+#define __pyx_n_u_submethods __pyx_string_tab[270]
+#define __pyx_n_u_test __pyx_string_tab[271]
+#define __pyx_n_u_timeout __pyx_string_tab[272]
+#define __pyx_n_u_userauth_agent __pyx_string_tab[273]
+#define __pyx_n_u_userauth_gssapi __pyx_string_tab[274]
+#define __pyx_n_u_userauth_kbdint __pyx_string_tab[275]
+#define __pyx_n_u_userauth_kbdint_getanswer __pyx_string_tab[276]
+#define __pyx_n_u_userauth_kbdint_getinstruction __pyx_string_tab[277]
+#define __pyx_n_u_userauth_kbdint_getname __pyx_string_tab[278]
+#define __pyx_n_u_userauth_kbdint_getnanswers __pyx_string_tab[279]
+#define __pyx_n_u_userauth_kbdint_getnprompts __pyx_string_tab[280]
+#define __pyx_n_u_userauth_kbdint_getprompt __pyx_string_tab[281]
+#define __pyx_n_u_userauth_kbdint_setanswer __pyx_string_tab[282]
+#define __pyx_n_u_userauth_list __pyx_string_tab[283]
+#define __pyx_n_u_userauth_none __pyx_string_tab[284]
+#define __pyx_n_u_userauth_password __pyx_string_tab[285]
+#define __pyx_n_u_userauth_publickey __pyx_string_tab[286]
+#define __pyx_n_u_userauth_publickey_auto __pyx_string_tab[287]
+#define __pyx_n_u_userauth_try_publickey __pyx_string_tab[288]
+#define __pyx_n_u_username __pyx_string_tab[289]
+#define __pyx_n_u_value __pyx_string_tab[290]
+#define __pyx_n_u_value_2 __pyx_string_tab[291]
+#define __pyx_n_u_write_knownhost __pyx_string_tab[292]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_4type_type);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_4bool_bool);
+  Py_CLEAR(clear_module_state->__pyx_ptype_7cpython_7complex_complex);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7channel_Channel);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9connector_Flag);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_9connector_Connector);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7options_Option);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_3key_SSHKey);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_3scp_SCP);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_7session_Session);
+  for (int i=0; i<73; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<293; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_4type_type);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_4bool_bool);
+  Py_VISIT(traverse_module_state->__pyx_ptype_7cpython_7complex_complex);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7channel_Channel);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9connector_Flag);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_9connector_Connector);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7options_Option);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_3key_SSHKey);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_3scp_SCP);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_7session_Session);
+  for (int i=0; i<73; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<293; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
-    /* "ssh/session.pyx":55
- *         with gil:
- *             raise InvalidAPIUse("Session is not connected")
- *     return 0             # <<<<<<<<<<<<<<
+/* "cpython/complex.pxd":20
  * 
- * 
- */
-    __pyx_r = 0;
-    goto __pyx_L3_return;
-  }
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+*/
 
-  /* "ssh/session.pyx":52
- * 
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:
- *     if not c_ssh.ssh_is_connected(session):             # <<<<<<<<<<<<<<
- *         with gil:
- *             raise InvalidAPIUse("Session is not connected")
- */
-  /*finally:*/ {
-    __pyx_L3_return: {
-      #ifdef WITH_THREAD
-      __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-      #endif
-      goto __pyx_L0;
-    }
-    __pyx_L4_error: {
-      #ifdef WITH_THREAD
-      __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-      #endif
-      goto __pyx_L1_error;
-    }
-  }
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4real_real(PyComplexObject *__pyx_v_self) {
+  double __pyx_r;
 
-  /* "ssh/session.pyx":51
+  /* "cpython/complex.pxd":23
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+ *             return self.cval.real             # <<<<<<<<<<<<<<
  * 
+ *         # unavailable in limited API
+*/
+  __pyx_r = __pyx_v_self->cval.real;
+  goto __pyx_L0;
+
+  /* "cpython/complex.pxd":20
  * 
- * cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:             # <<<<<<<<<<<<<<
- *     if not c_ssh.ssh_is_connected(session):
- *         with gil:
- */
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double real(self) noexcept:
+*/
 
   /* function exit code */
-  __pyx_r = 0;
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
-  __Pyx_XDECREF(__pyx_t_4);
-  __Pyx_AddTraceback("ssh.session._check_connected", __pyx_clineno, __pyx_lineno, __pyx_filename);
-  __pyx_r = -1;
   __pyx_L0:;
-  #ifdef WITH_THREAD
-  __Pyx_PyGILState_Release(__pyx_gilstate_save);
-  #endif
   return __pyx_r;
 }
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
 
-/* "ssh/session.pyx":61
- *     """Libssh session class providing session related functions."""
+/* "cpython/complex.pxd":26
  * 
- *     def __cinit__(self):             # <<<<<<<<<<<<<<
- *         self._session = c_ssh.ssh_new()
- *         if self._session is NULL:
- */
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+*/
 
-/* Python wrapper */
-static int __pyx_pw_3ssh_7session_7Session_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static int __pyx_pw_3ssh_7session_7Session_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
-  int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session___cinit__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE double __pyx_f_7cpython_7complex_7complex_4imag_imag(PyComplexObject *__pyx_v_self) {
+  double __pyx_r;
+
+  /* "cpython/complex.pxd":29
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+ *             return self.cval.imag             # <<<<<<<<<<<<<<
+ * 
+ *     # PyTypeObject PyComplex_Type
+*/
+  __pyx_r = __pyx_v_self->cval.imag;
+  goto __pyx_L0;
+
+  /* "cpython/complex.pxd":26
+ * 
+ *         # unavailable in limited API
+ *         @property             # <<<<<<<<<<<<<<
+ *         @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ *         cdef inline double imag(self) noexcept:
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
+  __pyx_L0:;
   return __pyx_r;
 }
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
 
-static int __pyx_pf_3ssh_7session_7Session___cinit__(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
-  int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  int __pyx_t_1;
-  int __pyx_lineno = 0;
+/* "cpython/contextvars.pxd":115
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE PyObject *__pyx_f_7cpython_11contextvars_get_value(PyObject *__pyx_v_var, struct __pyx_opt_args_7cpython_11contextvars_get_value *__pyx_optional_args) {
+
+  /* "cpython/contextvars.pxd":116
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the default value of the context variable,
+*/
+  PyObject *__pyx_v_default_value = ((PyObject *)Py_None);
+  PyObject *__pyx_v_value;
+  PyObject *__pyx_v_pyvalue = NULL;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
+  int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("__cinit__", 0);
+  __Pyx_RefNannySetupContext("get_value", 0);
+  if (__pyx_optional_args) {
+    if (__pyx_optional_args->__pyx_n > 0) {
+      __pyx_v_default_value = __pyx_optional_args->default_value;
+    }
+  }
 
-  /* "ssh/session.pyx":62
+  /* "cpython/contextvars.pxd":121
+ *     or None if no such value or default was found.
+ *     """
+ *     cdef PyObject *value = NULL             # <<<<<<<<<<<<<<
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:
+*/
+  __pyx_v_value = NULL;
+
+  /* "cpython/contextvars.pxd":122
+ *     """
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)             # <<<<<<<<<<<<<<
+ *     if value is NULL:
+ *         # context variable does not have a default
+*/
+  __pyx_t_1 = PyContextVar_Get(__pyx_v_var, NULL, (&__pyx_v_value)); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(2, 122, __pyx_L1_error)
+
+  /* "cpython/contextvars.pxd":123
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:             # <<<<<<<<<<<<<<
+ *         # context variable does not have a default
+ *         pyvalue = default_value
+*/
+  __pyx_t_2 = (__pyx_v_value == NULL);
+  if (__pyx_t_2) {
+
+    /* "cpython/contextvars.pxd":125
+ *     if value is NULL:
+ *         # context variable does not have a default
+ *         pyvalue = default_value             # <<<<<<<<<<<<<<
+ *     else:
+ *         # value or default value of context variable
+*/
+    __Pyx_INCREF(__pyx_v_default_value);
+    __pyx_v_pyvalue = __pyx_v_default_value;
+
+    /* "cpython/contextvars.pxd":123
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, NULL, &value)
+ *     if value is NULL:             # <<<<<<<<<<<<<<
+ *         # context variable does not have a default
+ *         pyvalue = default_value
+*/
+    goto __pyx_L3;
+  }
+
+  /* "cpython/contextvars.pxd":128
+ *     else:
+ *         # value or default value of context variable
+ *         pyvalue = <object>value             # <<<<<<<<<<<<<<
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue
+*/
+  /*else*/ {
+    __pyx_t_3 = ((PyObject *)__pyx_v_value);
+    __Pyx_INCREF(__pyx_t_3);
+    __pyx_v_pyvalue = __pyx_t_3;
+    __pyx_t_3 = 0;
+
+    /* "cpython/contextvars.pxd":129
+ *         # value or default value of context variable
+ *         pyvalue = <object>value
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'             # <<<<<<<<<<<<<<
+ *     return pyvalue
+ * 
+*/
+    Py_XDECREF(__pyx_v_value);
+  }
+  __pyx_L3:;
+
+  /* "cpython/contextvars.pxd":130
+ *         pyvalue = <object>value
+ *         Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue             # <<<<<<<<<<<<<<
+ * 
+ * 
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __Pyx_INCREF(__pyx_v_pyvalue);
+  __pyx_r = __pyx_v_pyvalue;
+  goto __pyx_L0;
+
+  /* "cpython/contextvars.pxd":115
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_AddTraceback("cpython.contextvars.get_value", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_pyvalue);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "cpython/contextvars.pxd":133
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value_no_default(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+#if !CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE PyObject *__pyx_f_7cpython_11contextvars_get_value_no_default(PyObject *__pyx_v_var, struct __pyx_opt_args_7cpython_11contextvars_get_value_no_default *__pyx_optional_args) {
+
+  /* "cpython/contextvars.pxd":134
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")
+ * cdef inline object get_value_no_default(var, default_value=None):             # <<<<<<<<<<<<<<
+ *     """Return a new reference to the value of the context variable,
+ *     or the provided default value if no such value was found.
+*/
+  PyObject *__pyx_v_default_value = ((PyObject *)Py_None);
+  PyObject *__pyx_v_value;
+  PyObject *__pyx_v_pyvalue = NULL;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  PyObject *__pyx_t_2 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("get_value_no_default", 0);
+  if (__pyx_optional_args) {
+    if (__pyx_optional_args->__pyx_n > 0) {
+      __pyx_v_default_value = __pyx_optional_args->default_value;
+    }
+  }
+
+  /* "cpython/contextvars.pxd":140
+ *     Ignores the default value of the context variable, if any.
+ *     """
+ *     cdef PyObject *value = NULL             # <<<<<<<<<<<<<<
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)
+ *     # value of context variable or 'default_value'
+*/
+  __pyx_v_value = NULL;
+
+  /* "cpython/contextvars.pxd":141
+ *     """
+ *     cdef PyObject *value = NULL
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)             # <<<<<<<<<<<<<<
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value
+*/
+  __pyx_t_1 = PyContextVar_Get(__pyx_v_var, ((PyObject *)__pyx_v_default_value), (&__pyx_v_value)); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(2, 141, __pyx_L1_error)
+
+  /* "cpython/contextvars.pxd":143
+ *     PyContextVar_Get(var, <PyObject*>default_value, &value)
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value             # <<<<<<<<<<<<<<
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_value);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_v_pyvalue = __pyx_t_2;
+  __pyx_t_2 = 0;
+
+  /* "cpython/contextvars.pxd":144
+ *     # value of context variable or 'default_value'
+ *     pyvalue = <object>value
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'             # <<<<<<<<<<<<<<
+ *     return pyvalue
+*/
+  Py_XDECREF(__pyx_v_value);
+
+  /* "cpython/contextvars.pxd":145
+ *     pyvalue = <object>value
+ *     Py_XDECREF(value)  # PyContextVar_Get() returned an owned reference as 'PyObject*'
+ *     return pyvalue             # <<<<<<<<<<<<<<
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __Pyx_INCREF(__pyx_v_pyvalue);
+  __pyx_r = __pyx_v_pyvalue;
+  goto __pyx_L0;
+
+  /* "cpython/contextvars.pxd":133
+ * 
+ * 
+ * @_cython.c_compile_guard("!CYTHON_COMPILING_IN_LIMITED_API")             # <<<<<<<<<<<<<<
+ * cdef inline object get_value_no_default(var, default_value=None):
+ *     """Return a new reference to the value of the context variable,
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_AddTraceback("cpython.contextvars.get_value_no_default", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = 0;
+  __pyx_L0:;
+  __Pyx_XDECREF(__pyx_v_pyvalue);
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+#endif /*!(#if !CYTHON_COMPILING_IN_LIMITED_API)*/
+
+/* "ssh/session.pyx":68
+ * 
+ * 
+ * cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:             # <<<<<<<<<<<<<<
+ *     if not c_ssh.ssh_is_connected(session):
+ *         with gil:
+*/
+
+static int __pyx_f_3ssh_7session__check_connected(ssh_session __pyx_v_session) {
+  int __pyx_r;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
+  PyObject *__pyx_t_4 = NULL;
+  size_t __pyx_t_5;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  PyGILState_STATE __pyx_gilstate_save;
+  __Pyx_RefNannySetupContext("_check_connected", 1);
+
+  /* "ssh/session.pyx":69
+ * 
+ * cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:
+ *     if not c_ssh.ssh_is_connected(session):             # <<<<<<<<<<<<<<
+ *         with gil:
+ *             raise InvalidAPIUse("Session is not connected")
+*/
+  __pyx_t_1 = (!(ssh_is_connected(__pyx_v_session) != 0));
+  if (unlikely(__pyx_t_1)) {
+
+    /* "ssh/session.pyx":70
+ * cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:
+ *     if not c_ssh.ssh_is_connected(session):
+ *         with gil:             # <<<<<<<<<<<<<<
+ *             raise InvalidAPIUse("Session is not connected")
+ *     return 0
+*/
+    {
+        PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
+        /*try:*/ {
+
+          /* "ssh/session.pyx":71
+ *     if not c_ssh.ssh_is_connected(session):
+ *         with gil:
+ *             raise InvalidAPIUse("Session is not connected")             # <<<<<<<<<<<<<<
+ *     return 0
+ * 
+*/
+          __pyx_t_3 = NULL;
+          __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 71, __pyx_L5_error)
+          __Pyx_GOTREF(__pyx_t_4);
+          __pyx_t_5 = 1;
+          #if CYTHON_UNPACK_METHODS
+          if (unlikely(PyMethod_Check(__pyx_t_4))) {
+            __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+            assert(__pyx_t_3);
+            PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+            __Pyx_INCREF(__pyx_t_3);
+            __Pyx_INCREF(__pyx__function);
+            __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+            __pyx_t_5 = 0;
+          }
+          #endif
+          {
+            PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_mstate_global->__pyx_kp_u_Session_is_not_connected};
+            __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_5, (2-__pyx_t_5) | (__pyx_t_5*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+            __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+            __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+            if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 71, __pyx_L5_error)
+            __Pyx_GOTREF(__pyx_t_2);
+          }
+          __Pyx_Raise(__pyx_t_2, 0, 0, 0);
+          __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+          __PYX_ERR(0, 71, __pyx_L5_error)
+        }
+
+        /* "ssh/session.pyx":70
+ * cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:
+ *     if not c_ssh.ssh_is_connected(session):
+ *         with gil:             # <<<<<<<<<<<<<<
+ *             raise InvalidAPIUse("Session is not connected")
+ *     return 0
+*/
+        /*finally:*/ {
+          __pyx_L5_error: {
+            __Pyx_PyGILState_Release(__pyx_gilstate_save);
+            goto __pyx_L1_error;
+          }
+        }
+    }
+
+    /* "ssh/session.pyx":69
+ * 
+ * cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:
+ *     if not c_ssh.ssh_is_connected(session):             # <<<<<<<<<<<<<<
+ *         with gil:
+ *             raise InvalidAPIUse("Session is not connected")
+*/
+  }
+
+  /* "ssh/session.pyx":72
+ *         with gil:
+ *             raise InvalidAPIUse("Session is not connected")
+ *     return 0             # <<<<<<<<<<<<<<
+ * 
+ * 
+*/
+  __pyx_r = 0;
+  goto __pyx_L0;
+
+  /* "ssh/session.pyx":68
+ * 
+ * 
+ * cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:             # <<<<<<<<<<<<<<
+ *     if not c_ssh.ssh_is_connected(session):
+ *         with gil:
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_XDECREF(__pyx_t_4);
+  __Pyx_AddTraceback("ssh.session._check_connected", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = -1;
+  __Pyx_PyGILState_Release(__pyx_gilstate_save);
+  __pyx_L0:;
+  __Pyx_RefNannyFinishContextNogil()
+  return __pyx_r;
+}
+
+/* "ssh/session.pyx":78
+ *     """Libssh session class providing session related functions."""
+ * 
+ *     def __cinit__(self):             # <<<<<<<<<<<<<<
+ *         self._session = c_ssh.ssh_new()
+ *         if self._session is NULL:
+*/
+
+/* Python wrapper */
+static int __pyx_pw_3ssh_7session_7Session_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
+static int __pyx_pw_3ssh_7session_7Session_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  int __pyx_r;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session___cinit__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+
+  /* function exit code */
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static int __pyx_pf_3ssh_7session_7Session___cinit__(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+  int __pyx_r;
+  int __pyx_t_1;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+
+  /* "ssh/session.pyx":79
  * 
  *     def __cinit__(self):
  *         self._session = c_ssh.ssh_new()             # <<<<<<<<<<<<<<
  *         if self._session is NULL:
  *             raise MemoryError
- */
+*/
   __pyx_v_self->_session = ssh_new();
 
-  /* "ssh/session.pyx":63
+  /* "ssh/session.pyx":80
  *     def __cinit__(self):
  *         self._session = c_ssh.ssh_new()
  *         if self._session is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  * 
- */
-  __pyx_t_1 = ((__pyx_v_self->_session == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_session == NULL);
   if (unlikely(__pyx_t_1)) {
 
-    /* "ssh/session.pyx":64
+    /* "ssh/session.pyx":81
  *         self._session = c_ssh.ssh_new()
  *         if self._session is NULL:
  *             raise MemoryError             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
-    PyErr_NoMemory(); __PYX_ERR(0, 64, __pyx_L1_error)
+*/
+    PyErr_NoMemory(); __PYX_ERR(0, 81, __pyx_L1_error)
 
-    /* "ssh/session.pyx":63
+    /* "ssh/session.pyx":80
  *     def __cinit__(self):
  *         self._session = c_ssh.ssh_new()
  *         if self._session is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  * 
- */
+*/
   }
 
-  /* "ssh/session.pyx":61
+  /* "ssh/session.pyx":78
  *     """Libssh session class providing session related functions."""
  * 
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self._session = c_ssh.ssh_new()
  *         if self._session is NULL:
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
@@ -2129,23 +4157,24 @@ static int __pyx_pf_3ssh_7session_7Session___cinit__(struct __pyx_obj_3ssh_7sess
   __Pyx_AddTraceback("ssh.session.Session.__cinit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = -1;
   __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":66
+/* "ssh/session.pyx":83
  *             raise MemoryError
  * 
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._session is not NULL:
  *             c_ssh.ssh_free(self._session)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_7session_7Session_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_7session_7Session_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_7session_7Session_2__dealloc__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -2153,87 +4182,158 @@ static void __pyx_pw_3ssh_7session_7Session_3__dealloc__(PyObject *__pyx_v_self)
 }
 
 static void __pyx_pf_3ssh_7session_7Session_2__dealloc__(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
-  /* "ssh/session.pyx":67
+  /* "ssh/session.pyx":84
  * 
  *     def __dealloc__(self):
  *         if self._session is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_free(self._session)
  *             self._session = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_session != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_session != NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":68
+    /* "ssh/session.pyx":85
  *     def __dealloc__(self):
  *         if self._session is not NULL:
  *             c_ssh.ssh_free(self._session)             # <<<<<<<<<<<<<<
  *             self._session = NULL
  * 
- */
+*/
     ssh_free(__pyx_v_self->_session);
 
-    /* "ssh/session.pyx":69
+    /* "ssh/session.pyx":86
  *         if self._session is not NULL:
  *             c_ssh.ssh_free(self._session)
  *             self._session = NULL             # <<<<<<<<<<<<<<
  * 
  *     def set_socket(self, socket not None):
- */
+*/
     __pyx_v_self->_session = NULL;
 
-    /* "ssh/session.pyx":67
+    /* "ssh/session.pyx":84
  * 
  *     def __dealloc__(self):
  *         if self._session is not NULL:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_free(self._session)
  *             self._session = NULL
- */
+*/
   }
 
-  /* "ssh/session.pyx":66
+  /* "ssh/session.pyx":83
  *             raise MemoryError
  * 
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._session is not NULL:
  *             c_ssh.ssh_free(self._session)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/session.pyx":71
+/* "ssh/session.pyx":88
  *             self._session = NULL
  * 
  *     def set_socket(self, socket not None):             # <<<<<<<<<<<<<<
  *         """Set socket to use for session.
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_5set_socket(PyObject *__pyx_v_self, PyObject *__pyx_v_socket); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_4set_socket[] = "Session.set_socket(self, socket)\nSet socket to use for session.\n\n        Not part of libssh API but needs to be done in C to be able to\n        translate python sockets to file descriptors to be used by libssh.\n        ";
-static PyObject *__pyx_pw_3ssh_7session_7Session_5set_socket(PyObject *__pyx_v_self, PyObject *__pyx_v_socket) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_5set_socket(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_4set_socket, "Session.set_socket(self, socket)\n\nSet socket to use for session.\n\nNot part of libssh API but needs to be done in C to be able to\ntranslate python sockets to file descriptors to be used by libssh.");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_5set_socket = {"set_socket", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_5set_socket, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_4set_socket};
+static PyObject *__pyx_pw_3ssh_7session_7Session_5set_socket(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_socket = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_socket (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_socket,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 88, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 88, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_socket", 0) < 0) __PYX_ERR(0, 88, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_socket", 1, 1, 1, i); __PYX_ERR(0, 88, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 88, __pyx_L3_error)
+    }
+    __pyx_v_socket = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_socket", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 88, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.set_socket", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_socket) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "socket"); __PYX_ERR(0, 71, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "socket"); __PYX_ERR(0, 88, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_4set_socket(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v_socket));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_4set_socket(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_socket);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2251,121 +4351,118 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_4set_socket(struct __pyx_obj_3s
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("set_socket", 0);
 
-  /* "ssh/session.pyx":77
+  /* "ssh/session.pyx":94
  *         translate python sockets to file descriptors to be used by libssh.
  *         """
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_options_e fd = c_ssh.ssh_options_e.SSH_OPTIONS_FD
  *         cdef int rc
- */
-  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 77, __pyx_L1_error)
+*/
+  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 94, __pyx_L1_error)
   __pyx_v__sock = __pyx_t_1;
 
-  /* "ssh/session.pyx":78
+  /* "ssh/session.pyx":95
  *         """
  *         cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *         cdef c_ssh.ssh_options_e fd = c_ssh.ssh_options_e.SSH_OPTIONS_FD             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         self.sock = socket
- */
+*/
   __pyx_v_fd = SSH_OPTIONS_FD;
 
-  /* "ssh/session.pyx":80
+  /* "ssh/session.pyx":97
  *         cdef c_ssh.ssh_options_e fd = c_ssh.ssh_options_e.SSH_OPTIONS_FD
  *         cdef int rc
  *         self.sock = socket             # <<<<<<<<<<<<<<
  *         self._sock = _sock
  *         with nogil:
- */
+*/
   __Pyx_INCREF(__pyx_v_socket);
   __Pyx_GIVEREF(__pyx_v_socket);
   __Pyx_GOTREF(__pyx_v_self->sock);
   __Pyx_DECREF(__pyx_v_self->sock);
   __pyx_v_self->sock = __pyx_v_socket;
 
-  /* "ssh/session.pyx":81
+  /* "ssh/session.pyx":98
  *         cdef int rc
  *         self.sock = socket
  *         self._sock = _sock             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(self._session, fd, &_sock)
- */
+*/
   __pyx_v_self->_sock = __pyx_v__sock;
 
-  /* "ssh/session.pyx":82
+  /* "ssh/session.pyx":99
  *         self.sock = socket
  *         self._sock = _sock
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_set(self._session, fd, &_sock)
  *         handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":83
+        /* "ssh/session.pyx":100
  *         self._sock = _sock
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(self._session, fd, &_sock)             # <<<<<<<<<<<<<<
  *         handle_error_codes(rc, self._session)
  *         return rc
- */
+*/
         __pyx_v_rc = ssh_options_set(__pyx_v_self->_session, __pyx_v_fd, (&__pyx_v__sock));
       }
 
-      /* "ssh/session.pyx":82
+      /* "ssh/session.pyx":99
  *         self.sock = socket
  *         self._sock = _sock
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_set(self._session, fd, &_sock)
  *         handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":84
+  /* "ssh/session.pyx":101
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(self._session, fd, &_sock)
  *         handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 84, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 101, __pyx_L1_error)
 
-  /* "ssh/session.pyx":85
+  /* "ssh/session.pyx":102
  *             rc = c_ssh.ssh_options_set(self._session, fd, &_sock)
  *         handle_error_codes(rc, self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def blocking_flush(self, int timeout):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 102, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":71
+  /* "ssh/session.pyx":88
  *             self._session = NULL
  * 
  *     def set_socket(self, socket not None):             # <<<<<<<<<<<<<<
  *         """Set socket to use for session.
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2378,37 +4475,96 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_4set_socket(struct __pyx_obj_3s
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":87
+/* "ssh/session.pyx":104
  *         return rc
  * 
  *     def blocking_flush(self, int timeout):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_7blocking_flush(PyObject *__pyx_v_self, PyObject *__pyx_arg_timeout); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_6blocking_flush[] = "Session.blocking_flush(self, int timeout)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_7blocking_flush(PyObject *__pyx_v_self, PyObject *__pyx_arg_timeout) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_7blocking_flush(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_6blocking_flush, "Session.blocking_flush(self, int timeout)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_7blocking_flush = {"blocking_flush", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_7blocking_flush, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_6blocking_flush};
+static PyObject *__pyx_pw_3ssh_7session_7Session_7blocking_flush(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_timeout;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("blocking_flush (wrapper)", 0);
-  assert(__pyx_arg_timeout); {
-    __pyx_v_timeout = __Pyx_PyInt_As_int(__pyx_arg_timeout); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 87, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_timeout,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 104, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 104, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "blocking_flush", 0) < 0) __PYX_ERR(0, 104, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("blocking_flush", 1, 1, 1, i); __PYX_ERR(0, 104, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 104, __pyx_L3_error)
+    }
+    __pyx_v_timeout = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 104, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("blocking_flush", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 104, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.blocking_flush", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_6blocking_flush(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((int)__pyx_v_timeout));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_6blocking_flush(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_timeout);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2424,72 +4580,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_6blocking_flush(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("blocking_flush", 0);
 
-  /* "ssh/session.pyx":89
+  /* "ssh/session.pyx":106
  *     def blocking_flush(self, int timeout):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_blocking_flush(self._session, timeout)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":90
+        /* "ssh/session.pyx":107
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_blocking_flush(self._session, timeout)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_blocking_flush(__pyx_v_self->_session, __pyx_v_timeout);
       }
 
-      /* "ssh/session.pyx":89
+      /* "ssh/session.pyx":106
  *     def blocking_flush(self, int timeout):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_blocking_flush(self._session, timeout)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":91
+  /* "ssh/session.pyx":108
  *         with nogil:
  *             rc = c_ssh.ssh_blocking_flush(self._session, timeout)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def channel_new(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 91, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 91, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 108, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 108, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":87
+  /* "ssh/session.pyx":104
  *         return rc
  * 
  *     def blocking_flush(self, int timeout):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2502,21 +4655,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_6blocking_flush(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":93
+/* "ssh/session.pyx":110
  *         return handle_error_codes(rc, self._session)
  * 
  *     def channel_new(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_channel _channel
  *         cdef Channel channel
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_9channel_new(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_8channel_new[] = "Session.channel_new(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_9channel_new(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_9channel_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_8channel_new, "Session.channel_new(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_9channel_new = {"channel_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_9channel_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_8channel_new};
+static PyObject *__pyx_pw_3ssh_7session_7Session_9channel_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("channel_new (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("channel_new", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("channel_new", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_8channel_new(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -2536,129 +4718,124 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_8channel_new(struct __pyx_obj_3
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("channel_new", 0);
 
-  /* "ssh/session.pyx":96
+  /* "ssh/session.pyx":113
  *         cdef c_ssh.ssh_channel _channel
  *         cdef Channel channel
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_new(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":97
+        /* "ssh/session.pyx":114
  *         cdef Channel channel
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _channel = c_ssh.ssh_channel_new(self._session)
  *         if _channel is NULL:
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 97, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 114, __pyx_L4_error)
 
-        /* "ssh/session.pyx":98
+        /* "ssh/session.pyx":115
  *         with nogil:
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_new(self._session)             # <<<<<<<<<<<<<<
  *         if _channel is NULL:
  *             raise ChannelOpenFailure
- */
+*/
         __pyx_v__channel = ssh_channel_new(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":96
+      /* "ssh/session.pyx":113
  *         cdef c_ssh.ssh_channel _channel
  *         cdef Channel channel
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_new(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":99
+  /* "ssh/session.pyx":116
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_new(self._session)
  *         if _channel is NULL:             # <<<<<<<<<<<<<<
  *             raise ChannelOpenFailure
  *         channel = Channel.from_ptr(_channel, self)
- */
-  __pyx_t_1 = ((__pyx_v__channel == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__channel == NULL);
   if (unlikely(__pyx_t_1)) {
 
-    /* "ssh/session.pyx":100
+    /* "ssh/session.pyx":117
  *             _channel = c_ssh.ssh_channel_new(self._session)
  *         if _channel is NULL:
  *             raise ChannelOpenFailure             # <<<<<<<<<<<<<<
  *         channel = Channel.from_ptr(_channel, self)
  *         return channel
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_ChannelOpenFailure); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 100, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 117, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-    __PYX_ERR(0, 100, __pyx_L1_error)
+    __PYX_ERR(0, 117, __pyx_L1_error)
 
-    /* "ssh/session.pyx":99
+    /* "ssh/session.pyx":116
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_new(self._session)
  *         if _channel is NULL:             # <<<<<<<<<<<<<<
  *             raise ChannelOpenFailure
  *         channel = Channel.from_ptr(_channel, self)
- */
+*/
   }
 
-  /* "ssh/session.pyx":101
+  /* "ssh/session.pyx":118
  *         if _channel is NULL:
  *             raise ChannelOpenFailure
  *         channel = Channel.from_ptr(_channel, self)             # <<<<<<<<<<<<<<
  *         return channel
  * 
- */
-  __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_7channel_Channel->from_ptr(__pyx_v__channel, __pyx_v_self)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 101, __pyx_L1_error)
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_7channel_Channel->from_ptr(__pyx_v__channel, __pyx_v_self)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 118, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_channel = ((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":102
+  /* "ssh/session.pyx":119
  *             raise ChannelOpenFailure
  *         channel = Channel.from_ptr(_channel, self)
  *         return channel             # <<<<<<<<<<<<<<
  * 
  *     def sftp_new(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_channel));
+  __Pyx_INCREF((PyObject *)__pyx_v_channel);
   __pyx_r = ((PyObject *)__pyx_v_channel);
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":93
+  /* "ssh/session.pyx":110
  *         return handle_error_codes(rc, self._session)
  * 
  *     def channel_new(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_channel _channel
  *         cdef Channel channel
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2672,21 +4849,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_8channel_new(struct __pyx_obj_3
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":104
+/* "ssh/session.pyx":121
  *         return channel
  * 
  *     def sftp_new(self):             # <<<<<<<<<<<<<<
  *         cdef sftp_session _sftp
  *         cdef SFTP sftp
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_11sftp_new(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_10sftp_new[] = "Session.sftp_new(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_11sftp_new(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_11sftp_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_10sftp_new, "Session.sftp_new(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_11sftp_new = {"sftp_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_11sftp_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_10sftp_new};
+static PyObject *__pyx_pw_3ssh_7session_7Session_11sftp_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("sftp_new (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("sftp_new", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("sftp_new", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_10sftp_new(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -2707,147 +4913,142 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_10sftp_new(struct __pyx_obj_3ss
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("sftp_new", 0);
 
-  /* "ssh/session.pyx":107
+  /* "ssh/session.pyx":124
  *         cdef sftp_session _sftp
  *         cdef SFTP sftp
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":108
+        /* "ssh/session.pyx":125
  *         cdef SFTP sftp
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _sftp = sftp_new(self._session)
  *         if _sftp is NULL:
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 108, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 125, __pyx_L4_error)
 
-        /* "ssh/session.pyx":109
+        /* "ssh/session.pyx":126
  *         with nogil:
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)             # <<<<<<<<<<<<<<
  *         if _sftp is NULL:
  *             return handle_error_codes(
- */
+*/
         __pyx_v__sftp = sftp_new(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":107
+      /* "ssh/session.pyx":124
  *         cdef sftp_session _sftp
  *         cdef SFTP sftp
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":110
+  /* "ssh/session.pyx":127
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
  *         if _sftp is NULL:             # <<<<<<<<<<<<<<
  *             return handle_error_codes(
  *                 c_ssh.ssh_get_error_code(self._session), self._session)
- */
-  __pyx_t_1 = ((__pyx_v__sftp == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__sftp == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":111
+    /* "ssh/session.pyx":128
  *             _sftp = sftp_new(self._session)
  *         if _sftp is NULL:
  *             return handle_error_codes(             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_get_error_code(self._session), self._session)
  *         sftp = SFTP.from_ptr(_sftp, self)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
 
-    /* "ssh/session.pyx":112
+    /* "ssh/session.pyx":129
  *         if _sftp is NULL:
  *             return handle_error_codes(
  *                 c_ssh.ssh_get_error_code(self._session), self._session)             # <<<<<<<<<<<<<<
  *         sftp = SFTP.from_ptr(_sftp, self)
  *         return sftp
- */
-    __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 111, __pyx_L1_error)
+*/
+    __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 128, __pyx_L1_error)
 
-    /* "ssh/session.pyx":111
+    /* "ssh/session.pyx":128
  *             _sftp = sftp_new(self._session)
  *         if _sftp is NULL:
  *             return handle_error_codes(             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_get_error_code(self._session), self._session)
  *         sftp = SFTP.from_ptr(_sftp, self)
- */
-    __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
+*/
+    __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 128, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
     __pyx_r = __pyx_t_3;
     __pyx_t_3 = 0;
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":110
+    /* "ssh/session.pyx":127
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
  *         if _sftp is NULL:             # <<<<<<<<<<<<<<
  *             return handle_error_codes(
  *                 c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
   }
 
-  /* "ssh/session.pyx":113
+  /* "ssh/session.pyx":130
  *             return handle_error_codes(
  *                 c_ssh.ssh_get_error_code(self._session), self._session)
  *         sftp = SFTP.from_ptr(_sftp, self)             # <<<<<<<<<<<<<<
  *         return sftp
  * 
- */
-  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_4sftp_SFTP->from_ptr(__pyx_v__sftp, __pyx_v_self)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 113, __pyx_L1_error)
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_4sftp_SFTP->from_ptr(__pyx_v__sftp, __pyx_v_self)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 130, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_v_sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_3);
   __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":114
+  /* "ssh/session.pyx":131
  *                 c_ssh.ssh_get_error_code(self._session), self._session)
  *         sftp = SFTP.from_ptr(_sftp, self)
  *         return sftp             # <<<<<<<<<<<<<<
  * 
  *     def sftp_init(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
   __pyx_r = ((PyObject *)__pyx_v_sftp);
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":104
+  /* "ssh/session.pyx":121
  *         return channel
  * 
  *     def sftp_new(self):             # <<<<<<<<<<<<<<
  *         cdef sftp_session _sftp
  *         cdef SFTP sftp
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2861,21 +5062,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_10sftp_new(struct __pyx_obj_3ss
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":116
+/* "ssh/session.pyx":133
  *         return sftp
  * 
  *     def sftp_init(self):             # <<<<<<<<<<<<<<
  *         """Convenience function for creating and initialising new SFTP
  *         session.
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_13sftp_init(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_12sftp_init[] = "Session.sftp_init(self)\nConvenience function for creating and initialising new SFTP\n        session.\n\n        Not part of libssh API.";
-static PyObject *__pyx_pw_3ssh_7session_7Session_13sftp_init(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_13sftp_init(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_12sftp_init, "Session.sftp_init(self)\n\nConvenience function for creating and initialising new SFTP\nsession.\n\nNot part of libssh API.");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_13sftp_init = {"sftp_init", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_13sftp_init, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_12sftp_init};
+static PyObject *__pyx_pw_3ssh_7session_7Session_13sftp_init(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("sftp_init (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("sftp_init", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("sftp_init", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_12sftp_init(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -2897,209 +5127,196 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_12sftp_init(struct __pyx_obj_3s
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("sftp_init", 0);
 
-  /* "ssh/session.pyx":124
+  /* "ssh/session.pyx":141
  *         cdef SFTP sftp
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":125
+        /* "ssh/session.pyx":142
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _sftp = sftp_new(self._session)
  *             if _sftp is NULL:
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 125, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 142, __pyx_L4_error)
 
-        /* "ssh/session.pyx":126
+        /* "ssh/session.pyx":143
  *         with nogil:
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)             # <<<<<<<<<<<<<<
  *             if _sftp is NULL:
  *                 with gil:
- */
+*/
         __pyx_v__sftp = sftp_new(__pyx_v_self->_session);
 
-        /* "ssh/session.pyx":127
+        /* "ssh/session.pyx":144
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
  *             if _sftp is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     return handle_error_codes(
- */
-        __pyx_t_1 = ((__pyx_v__sftp == NULL) != 0);
+*/
+        __pyx_t_1 = (__pyx_v__sftp == NULL);
         if (__pyx_t_1) {
 
-          /* "ssh/session.pyx":128
+          /* "ssh/session.pyx":145
  *             _sftp = sftp_new(self._session)
  *             if _sftp is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/session.pyx":129
+                /* "ssh/session.pyx":146
  *             if _sftp is NULL:
  *                 with gil:
  *                     return handle_error_codes(             # <<<<<<<<<<<<<<
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             rc = sftp_init(_sftp)
- */
+*/
                 __Pyx_XDECREF(__pyx_r);
 
-                /* "ssh/session.pyx":130
+                /* "ssh/session.pyx":147
  *                 with gil:
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)             # <<<<<<<<<<<<<<
  *             rc = sftp_init(_sftp)
  *         sftp = SFTP.from_ptr(_sftp, self)
- */
-                __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 129, __pyx_L8_error)
+*/
+                __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 146, __pyx_L8_error)
 
-                /* "ssh/session.pyx":129
+                /* "ssh/session.pyx":146
  *             if _sftp is NULL:
  *                 with gil:
  *                     return handle_error_codes(             # <<<<<<<<<<<<<<
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             rc = sftp_init(_sftp)
- */
-                __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 129, __pyx_L8_error)
+*/
+                __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 146, __pyx_L8_error)
                 __Pyx_GOTREF(__pyx_t_3);
                 __pyx_r = __pyx_t_3;
                 __pyx_t_3 = 0;
                 goto __pyx_L7_return;
               }
 
-              /* "ssh/session.pyx":128
+              /* "ssh/session.pyx":145
  *             _sftp = sftp_new(self._session)
  *             if _sftp is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
               /*finally:*/ {
                 __pyx_L7_return: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L3_return;
                 }
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/session.pyx":127
+          /* "ssh/session.pyx":144
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
  *             if _sftp is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     return handle_error_codes(
- */
+*/
         }
 
-        /* "ssh/session.pyx":131
+        /* "ssh/session.pyx":148
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             rc = sftp_init(_sftp)             # <<<<<<<<<<<<<<
  *         sftp = SFTP.from_ptr(_sftp, self)
  *         handle_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = sftp_init(__pyx_v__sftp);
       }
 
-      /* "ssh/session.pyx":124
+      /* "ssh/session.pyx":141
  *         cdef SFTP sftp
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _sftp = sftp_new(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L3_return: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L0;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":132
+  /* "ssh/session.pyx":149
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             rc = sftp_init(_sftp)
  *         sftp = SFTP.from_ptr(_sftp, self)             # <<<<<<<<<<<<<<
  *         handle_error_codes(rc, self._session)
  *         return sftp
- */
-  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_4sftp_SFTP->from_ptr(__pyx_v__sftp, __pyx_v_self)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 132, __pyx_L1_error)
+*/
+  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_4sftp_SFTP->from_ptr(__pyx_v__sftp, __pyx_v_self)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 149, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_v_sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_3);
   __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":133
+  /* "ssh/session.pyx":150
  *             rc = sftp_init(_sftp)
  *         sftp = SFTP.from_ptr(_sftp, self)
  *         handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  *         return sftp
  * 
- */
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 133, __pyx_L1_error)
+*/
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 150, __pyx_L1_error)
 
-  /* "ssh/session.pyx":134
+  /* "ssh/session.pyx":151
  *         sftp = SFTP.from_ptr(_sftp, self)
  *         handle_error_codes(rc, self._session)
  *         return sftp             # <<<<<<<<<<<<<<
  * 
  *     def connect(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
   __pyx_r = ((PyObject *)__pyx_v_sftp);
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":116
+  /* "ssh/session.pyx":133
  *         return sftp
  * 
  *     def sftp_init(self):             # <<<<<<<<<<<<<<
  *         """Convenience function for creating and initialising new SFTP
  *         session.
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3113,21 +5330,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_12sftp_init(struct __pyx_obj_3s
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":136
+/* "ssh/session.pyx":153
  *         return sftp
  * 
  *     def connect(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_15connect(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_14connect[] = "Session.connect(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_15connect(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_15connect(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_14connect, "Session.connect(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_15connect = {"connect", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_15connect, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_14connect};
+static PyObject *__pyx_pw_3ssh_7session_7Session_15connect(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("connect (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("connect", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("connect", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_14connect(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -3146,72 +5392,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_14connect(struct __pyx_obj_3ssh
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("connect", 0);
 
-  /* "ssh/session.pyx":138
+  /* "ssh/session.pyx":155
  *     def connect(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_connect(self._session)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":139
+        /* "ssh/session.pyx":156
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_connect(self._session)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_connect(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":138
+      /* "ssh/session.pyx":155
  *     def connect(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_connect(self._session)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":140
+  /* "ssh/session.pyx":157
  *         with nogil:
  *             rc = c_ssh.ssh_connect(self._session)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def disconnect(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 140, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 140, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 157, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 157, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":136
+  /* "ssh/session.pyx":153
  *         return sftp
  * 
  *     def connect(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3224,21 +5467,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_14connect(struct __pyx_obj_3ssh
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":142
+/* "ssh/session.pyx":159
  *         return handle_error_codes(rc, self._session)
  * 
  *     def disconnect(self):             # <<<<<<<<<<<<<<
  *         """No-op. Handled by object de-allocation."""
  *         # Due to bug in libssh that segfaults if session
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_17disconnect(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_16disconnect[] = "Session.disconnect(self)\nNo-op. Handled by object de-allocation.";
-static PyObject *__pyx_pw_3ssh_7session_7Session_17disconnect(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_17disconnect(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_16disconnect, "Session.disconnect(self)\n\nNo-op. Handled by object de-allocation.");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_17disconnect = {"disconnect", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_17disconnect, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_16disconnect};
+static PyObject *__pyx_pw_3ssh_7session_7Session_17disconnect(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("disconnect (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("disconnect", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("disconnect", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_16disconnect(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -3258,21 +5530,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_16disconnect(CYTHON_UNUSED stru
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":153
+/* "ssh/session.pyx":170
  *         #     c_ssh.ssh_disconnect(self._session)
  * 
  *     def connector_new(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_connector _connector
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_19connector_new(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_18connector_new[] = "Session.connector_new(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_19connector_new(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_19connector_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_18connector_new, "Session.connector_new(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_19connector_new = {"connector_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_19connector_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_18connector_new};
+static PyObject *__pyx_pw_3ssh_7session_7Session_19connector_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("connector_new (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("connector_new", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("connector_new", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_18connector_new(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -3291,101 +5592,98 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_18connector_new(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("connector_new", 0);
 
-  /* "ssh/session.pyx":155
+  /* "ssh/session.pyx":172
  *     def connector_new(self):
  *         cdef c_ssh.ssh_connector _connector
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _connector = c_ssh.ssh_connector_new(self._session)
  *         if _connector is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":156
+        /* "ssh/session.pyx":173
  *         cdef c_ssh.ssh_connector _connector
  *         with nogil:
  *             _connector = c_ssh.ssh_connector_new(self._session)             # <<<<<<<<<<<<<<
  *         if _connector is NULL:
  *             return
- */
+*/
         __pyx_v__connector = ssh_connector_new(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":155
+      /* "ssh/session.pyx":172
  *     def connector_new(self):
  *         cdef c_ssh.ssh_connector _connector
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _connector = c_ssh.ssh_connector_new(self._session)
  *         if _connector is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":157
+  /* "ssh/session.pyx":174
  *         with nogil:
  *             _connector = c_ssh.ssh_connector_new(self._session)
  *         if _connector is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return Connector.from_ptr(_connector, self)
- */
-  __pyx_t_1 = ((__pyx_v__connector == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__connector == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":158
+    /* "ssh/session.pyx":175
  *             _connector = c_ssh.ssh_connector_new(self._session)
  *         if _connector is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         return Connector.from_ptr(_connector, self)
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":157
+    /* "ssh/session.pyx":174
  *         with nogil:
  *             _connector = c_ssh.ssh_connector_new(self._session)
  *         if _connector is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return Connector.from_ptr(_connector, self)
- */
+*/
   }
 
-  /* "ssh/session.pyx":159
+  /* "ssh/session.pyx":176
  *         if _connector is NULL:
  *             return
  *         return Connector.from_ptr(_connector, self)             # <<<<<<<<<<<<<<
  * 
  *     def accept_forward(self, int timeout, int dest_port):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_9connector_Connector->from_ptr(__pyx_v__connector, __pyx_v_self)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 159, __pyx_L1_error)
+  __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_9connector_Connector->from_ptr(__pyx_v__connector, __pyx_v_self)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 176, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":153
+  /* "ssh/session.pyx":170
  *         #     c_ssh.ssh_disconnect(self._session)
  * 
  *     def connector_new(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_connector _connector
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3398,68 +5696,94 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_18connector_new(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":161
+/* "ssh/session.pyx":178
  *         return Connector.from_ptr(_connector, self)
  * 
  *     def accept_forward(self, int timeout, int dest_port):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_channel _channel
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_21accept_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_20accept_forward[] = "Session.accept_forward(self, int timeout, int dest_port)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_21accept_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_21accept_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_20accept_forward, "Session.accept_forward(self, int timeout, int dest_port)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_21accept_forward = {"accept_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_21accept_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_20accept_forward};
+static PyObject *__pyx_pw_3ssh_7session_7Session_21accept_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_timeout;
   int __pyx_v_dest_port;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("accept_forward (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_timeout,&__pyx_n_s_dest_port,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_timeout,&__pyx_mstate_global->__pyx_n_u_dest_port,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 178, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 178, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 178, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_timeout)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_dest_port)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("accept_forward", 1, 2, 2, 1); __PYX_ERR(0, 161, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "accept_forward") < 0)) __PYX_ERR(0, 161, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "accept_forward", 0) < 0) __PYX_ERR(0, 178, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("accept_forward", 1, 2, 2, i); __PYX_ERR(0, 178, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 178, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 178, __pyx_L3_error)
     }
-    __pyx_v_timeout = __Pyx_PyInt_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 161, __pyx_L3_error)
-    __pyx_v_dest_port = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_dest_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 161, __pyx_L3_error)
+    __pyx_v_timeout = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_timeout == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 178, __pyx_L3_error)
+    __pyx_v_dest_port = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_dest_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 178, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("accept_forward", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 161, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("accept_forward", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 178, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.accept_forward", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3467,6 +5791,9 @@ static PyObject *__pyx_pw_3ssh_7session_7Session_21accept_forward(PyObject *__py
   __pyx_r = __pyx_pf_3ssh_7session_7Session_20accept_forward(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_timeout, __pyx_v_dest_port);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3482,117 +5809,112 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_20accept_forward(struct __pyx_o
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("accept_forward", 0);
 
-  /* "ssh/session.pyx":163
+  /* "ssh/session.pyx":180
  *     def accept_forward(self, int timeout, int dest_port):
  *         cdef c_ssh.ssh_channel _channel
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_accept_forward(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":164
+        /* "ssh/session.pyx":181
  *         cdef c_ssh.ssh_channel _channel
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _channel = c_ssh.ssh_channel_accept_forward(
  *                 self._session, timeout, &dest_port)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 164, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 181, __pyx_L4_error)
 
-        /* "ssh/session.pyx":165
+        /* "ssh/session.pyx":182
  *         with nogil:
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_accept_forward(             # <<<<<<<<<<<<<<
  *                 self._session, timeout, &dest_port)
  *         if _channel is NULL:
- */
+*/
         __pyx_v__channel = ssh_channel_accept_forward(__pyx_v_self->_session, __pyx_v_timeout, (&__pyx_v_dest_port));
       }
 
-      /* "ssh/session.pyx":163
+      /* "ssh/session.pyx":180
  *     def accept_forward(self, int timeout, int dest_port):
  *         cdef c_ssh.ssh_channel _channel
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _channel = c_ssh.ssh_channel_accept_forward(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":167
+  /* "ssh/session.pyx":184
  *             _channel = c_ssh.ssh_channel_accept_forward(
  *                 self._session, timeout, &dest_port)
  *         if _channel is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return Channel.from_ptr(_channel, self)
- */
-  __pyx_t_1 = ((__pyx_v__channel == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__channel == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":168
+    /* "ssh/session.pyx":185
  *                 self._session, timeout, &dest_port)
  *         if _channel is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         return Channel.from_ptr(_channel, self)
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":167
+    /* "ssh/session.pyx":184
  *             _channel = c_ssh.ssh_channel_accept_forward(
  *                 self._session, timeout, &dest_port)
  *         if _channel is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return Channel.from_ptr(_channel, self)
- */
+*/
   }
 
-  /* "ssh/session.pyx":169
+  /* "ssh/session.pyx":186
  *         if _channel is NULL:
  *             return
  *         return Channel.from_ptr(_channel, self)             # <<<<<<<<<<<<<<
  * 
  *     def cancel_forward(self, address not None, int port):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_7channel_Channel->from_ptr(__pyx_v__channel, __pyx_v_self)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 169, __pyx_L1_error)
+  __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_7channel_Channel->from_ptr(__pyx_v__channel, __pyx_v_self)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 186, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":161
+  /* "ssh/session.pyx":178
  *         return Connector.from_ptr(_connector, self)
  * 
  *     def accept_forward(self, int timeout, int dest_port):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.ssh_channel _channel
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3605,74 +5927,100 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_20accept_forward(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":171
+/* "ssh/session.pyx":188
  *         return Channel.from_ptr(_channel, self)
  * 
  *     def cancel_forward(self, address not None, int port):             # <<<<<<<<<<<<<<
  *         cdef bytes b_address = to_bytes(address)
  *         cdef char *c_address = b_address
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_23cancel_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_22cancel_forward[] = "Session.cancel_forward(self, address, int port)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_23cancel_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_23cancel_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_22cancel_forward, "Session.cancel_forward(self, address, int port)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_23cancel_forward = {"cancel_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_23cancel_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_22cancel_forward};
+static PyObject *__pyx_pw_3ssh_7session_7Session_23cancel_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_address = 0;
   int __pyx_v_port;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("cancel_forward (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_address,&__pyx_n_s_port,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_address,&__pyx_mstate_global->__pyx_n_u_port,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 188, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 188, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 188, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_address)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_port)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("cancel_forward", 1, 2, 2, 1); __PYX_ERR(0, 171, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "cancel_forward") < 0)) __PYX_ERR(0, 171, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "cancel_forward", 0) < 0) __PYX_ERR(0, 188, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("cancel_forward", 1, 2, 2, i); __PYX_ERR(0, 188, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 188, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 188, __pyx_L3_error)
     }
     __pyx_v_address = values[0];
-    __pyx_v_port = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 171, __pyx_L3_error)
+    __pyx_v_port = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 188, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("cancel_forward", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 171, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("cancel_forward", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 188, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.cancel_forward", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_address) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "address"); __PYX_ERR(0, 171, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "address"); __PYX_ERR(0, 188, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_7session_7Session_22cancel_forward(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_address, __pyx_v_port);
 
@@ -3680,7 +6028,15 @@ static PyObject *__pyx_pw_3ssh_7session_7Session_23cancel_forward(PyObject *__py
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3699,98 +6055,95 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_22cancel_forward(struct __pyx_o
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("cancel_forward", 0);
 
-  /* "ssh/session.pyx":172
+  /* "ssh/session.pyx":189
  * 
  *     def cancel_forward(self, address not None, int port):
  *         cdef bytes b_address = to_bytes(address)             # <<<<<<<<<<<<<<
  *         cdef char *c_address = b_address
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_address); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 172, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_address); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 189, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_address = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":173
+  /* "ssh/session.pyx":190
  *     def cancel_forward(self, address not None, int port):
  *         cdef bytes b_address = to_bytes(address)
  *         cdef char *c_address = b_address             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_address == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 173, __pyx_L1_error)
+    __PYX_ERR(0, 190, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_address); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 173, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_address); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 190, __pyx_L1_error)
   __pyx_v_c_address = __pyx_t_2;
 
-  /* "ssh/session.pyx":175
+  /* "ssh/session.pyx":192
  *         cdef char *c_address = b_address
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_cancel_forward(
  *                 self._session, c_address, port)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":176
+        /* "ssh/session.pyx":193
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_cancel_forward(             # <<<<<<<<<<<<<<
  *                 self._session, c_address, port)
  *         return handle_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_channel_cancel_forward(__pyx_v_self->_session, __pyx_v_c_address, __pyx_v_port);
       }
 
-      /* "ssh/session.pyx":175
+      /* "ssh/session.pyx":192
  *         cdef char *c_address = b_address
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_cancel_forward(
  *                 self._session, c_address, port)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":178
+  /* "ssh/session.pyx":195
  *             rc = c_ssh.ssh_channel_cancel_forward(
  *                 self._session, c_address, port)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def listen_forward(self, address not None, int port, int bound_port):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 178, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 178, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 195, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 195, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":171
+  /* "ssh/session.pyx":188
  *         return Channel.from_ptr(_channel, self)
  * 
  *     def cancel_forward(self, address not None, int port):             # <<<<<<<<<<<<<<
  *         cdef bytes b_address = to_bytes(address)
  *         cdef char *c_address = b_address
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3804,85 +6157,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_22cancel_forward(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":180
+/* "ssh/session.pyx":197
  *         return handle_error_codes(rc, self._session)
  * 
  *     def listen_forward(self, address not None, int port, int bound_port):             # <<<<<<<<<<<<<<
  *         cdef bytes b_address = to_bytes(address)
  *         cdef char *c_address = b_address
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_25listen_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_24listen_forward[] = "Session.listen_forward(self, address, int port, int bound_port)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_25listen_forward(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_25listen_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_24listen_forward, "Session.listen_forward(self, address, int port, int bound_port)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_25listen_forward = {"listen_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_25listen_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_24listen_forward};
+static PyObject *__pyx_pw_3ssh_7session_7Session_25listen_forward(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_address = 0;
   int __pyx_v_port;
   int __pyx_v_bound_port;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("listen_forward (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_address,&__pyx_n_s_port,&__pyx_n_s_bound_port,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_address,&__pyx_mstate_global->__pyx_n_u_port,&__pyx_mstate_global->__pyx_n_u_bound_port,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 197, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 197, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 197, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 197, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_address)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_port)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("listen_forward", 1, 3, 3, 1); __PYX_ERR(0, 180, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_bound_port)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("listen_forward", 1, 3, 3, 2); __PYX_ERR(0, 180, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "listen_forward") < 0)) __PYX_ERR(0, 180, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "listen_forward", 0) < 0) __PYX_ERR(0, 197, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("listen_forward", 1, 3, 3, i); __PYX_ERR(0, 197, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 197, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 197, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 197, __pyx_L3_error)
     }
     __pyx_v_address = values[0];
-    __pyx_v_port = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 180, __pyx_L3_error)
-    __pyx_v_bound_port = __Pyx_PyInt_As_int(values[2]); if (unlikely((__pyx_v_bound_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 180, __pyx_L3_error)
+    __pyx_v_port = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 197, __pyx_L3_error)
+    __pyx_v_bound_port = __Pyx_PyLong_As_int(values[2]); if (unlikely((__pyx_v_bound_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 197, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("listen_forward", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 180, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("listen_forward", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 197, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.listen_forward", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_address) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "address"); __PYX_ERR(0, 180, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "address"); __PYX_ERR(0, 197, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_7session_7Session_24listen_forward(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_address, __pyx_v_port, __pyx_v_bound_port);
 
@@ -3890,7 +6266,15 @@ static PyObject *__pyx_pw_3ssh_7session_7Session_25listen_forward(PyObject *__py
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3909,98 +6293,95 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_24listen_forward(struct __pyx_o
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("listen_forward", 0);
 
-  /* "ssh/session.pyx":181
+  /* "ssh/session.pyx":198
  * 
  *     def listen_forward(self, address not None, int port, int bound_port):
  *         cdef bytes b_address = to_bytes(address)             # <<<<<<<<<<<<<<
  *         cdef char *c_address = b_address
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_address); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 181, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_address); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 198, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_address = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":182
+  /* "ssh/session.pyx":199
  *     def listen_forward(self, address not None, int port, int bound_port):
  *         cdef bytes b_address = to_bytes(address)
  *         cdef char *c_address = b_address             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_address == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 182, __pyx_L1_error)
+    __PYX_ERR(0, 199, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_address); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 182, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_address); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 199, __pyx_L1_error)
   __pyx_v_c_address = __pyx_t_2;
 
-  /* "ssh/session.pyx":184
+  /* "ssh/session.pyx":201
  *         cdef char *c_address = b_address
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_listen_forward(
  *                 self._session, c_address, port, &bound_port)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":185
+        /* "ssh/session.pyx":202
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_channel_listen_forward(             # <<<<<<<<<<<<<<
  *                 self._session, c_address, port, &bound_port)
  *         return handle_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_channel_listen_forward(__pyx_v_self->_session, __pyx_v_c_address, __pyx_v_port, (&__pyx_v_bound_port));
       }
 
-      /* "ssh/session.pyx":184
+      /* "ssh/session.pyx":201
  *         cdef char *c_address = b_address
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_channel_listen_forward(
  *                 self._session, c_address, port, &bound_port)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":187
+  /* "ssh/session.pyx":204
  *             rc = c_ssh.ssh_channel_listen_forward(
  *                 self._session, c_address, port, &bound_port)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def get_disconnect_message(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 187, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 187, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 204, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 204, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":180
+  /* "ssh/session.pyx":197
  *         return handle_error_codes(rc, self._session)
  * 
  *     def listen_forward(self, address not None, int port, int bound_port):             # <<<<<<<<<<<<<<
  *         cdef bytes b_address = to_bytes(address)
  *         cdef char *c_address = b_address
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4014,21 +6395,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_24listen_forward(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":189
+/* "ssh/session.pyx":206
  *         return handle_error_codes(rc, self._session)
  * 
  *     def get_disconnect_message(self):             # <<<<<<<<<<<<<<
  *         cdef const char *message
  *         cdef bytes b_message
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_27get_disconnect_message(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_26get_disconnect_message[] = "Session.get_disconnect_message(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_27get_disconnect_message(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_27get_disconnect_message(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_26get_disconnect_message, "Session.get_disconnect_message(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_27get_disconnect_message = {"get_disconnect_message", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_27get_disconnect_message, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_26get_disconnect_message};
+static PyObject *__pyx_pw_3ssh_7session_7Session_27get_disconnect_message(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_disconnect_message (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_disconnect_message", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_disconnect_message", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_26get_disconnect_message(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4048,97 +6458,92 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_26get_disconnect_message(struct
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_disconnect_message", 0);
 
-  /* "ssh/session.pyx":192
+  /* "ssh/session.pyx":209
  *         cdef const char *message
  *         cdef bytes b_message
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             message = c_ssh.ssh_get_disconnect_message(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":193
+        /* "ssh/session.pyx":210
  *         cdef bytes b_message
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             message = c_ssh.ssh_get_disconnect_message(self._session)
  *         b_message = message
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 193, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 210, __pyx_L4_error)
 
-        /* "ssh/session.pyx":194
+        /* "ssh/session.pyx":211
  *         with nogil:
  *             _check_connected(self._session)
  *             message = c_ssh.ssh_get_disconnect_message(self._session)             # <<<<<<<<<<<<<<
  *         b_message = message
  *         return b_message
- */
+*/
         __pyx_v_message = ssh_get_disconnect_message(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":192
+      /* "ssh/session.pyx":209
  *         cdef const char *message
  *         cdef bytes b_message
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             message = c_ssh.ssh_get_disconnect_message(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":195
+  /* "ssh/session.pyx":212
  *             _check_connected(self._session)
  *             message = c_ssh.ssh_get_disconnect_message(self._session)
  *         b_message = message             # <<<<<<<<<<<<<<
  *         return b_message
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v_message); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 195, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v_message); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 212, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_message = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":196
+  /* "ssh/session.pyx":213
  *             message = c_ssh.ssh_get_disconnect_message(self._session)
  *         b_message = message
  *         return b_message             # <<<<<<<<<<<<<<
  * 
  *     def get_fd(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_message);
   __pyx_r = __pyx_v_b_message;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":189
+  /* "ssh/session.pyx":206
  *         return handle_error_codes(rc, self._session)
  * 
  *     def get_disconnect_message(self):             # <<<<<<<<<<<<<<
  *         cdef const char *message
  *         cdef bytes b_message
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4152,21 +6557,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_26get_disconnect_message(struct
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":198
+/* "ssh/session.pyx":215
  *         return b_message
  * 
  *     def get_fd(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_29get_fd(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_28get_fd[] = "Session.get_fd(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_29get_fd(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_29get_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_28get_fd, "Session.get_fd(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_29get_fd = {"get_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_29get_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_28get_fd};
+static PyObject *__pyx_pw_3ssh_7session_7Session_29get_fd(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_fd (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_fd", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_fd", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_28get_fd(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4184,71 +6618,68 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_28get_fd(struct __pyx_obj_3ssh_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_fd", 0);
 
-  /* "ssh/session.pyx":200
+  /* "ssh/session.pyx":217
  *     def get_fd(self):
  *         cdef c_ssh.socket_t _sock
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _sock = c_ssh.ssh_get_fd(self._session)
  *         return _sock
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":201
+        /* "ssh/session.pyx":218
  *         cdef c_ssh.socket_t _sock
  *         with nogil:
  *             _sock = c_ssh.ssh_get_fd(self._session)             # <<<<<<<<<<<<<<
  *         return _sock
  * 
- */
+*/
         __pyx_v__sock = ssh_get_fd(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":200
+      /* "ssh/session.pyx":217
  *     def get_fd(self):
  *         cdef c_ssh.socket_t _sock
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _sock = c_ssh.ssh_get_fd(self._session)
  *         return _sock
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":202
+  /* "ssh/session.pyx":219
  *         with nogil:
  *             _sock = c_ssh.ssh_get_fd(self._session)
  *         return _sock             # <<<<<<<<<<<<<<
  * 
  *     def get_issue_banner(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_socket_t(__pyx_v__sock); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 202, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_socket_t(__pyx_v__sock); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 219, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":198
+  /* "ssh/session.pyx":215
  *         return b_message
  * 
  *     def get_fd(self):             # <<<<<<<<<<<<<<
  *         cdef c_ssh.socket_t _sock
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4261,21 +6692,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_28get_fd(struct __pyx_obj_3ssh_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":204
+/* "ssh/session.pyx":221
  *         return _sock
  * 
  *     def get_issue_banner(self):             # <<<<<<<<<<<<<<
  *         cdef char *_banner
  *         cdef bytes banner
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_31get_issue_banner(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_30get_issue_banner[] = "Session.get_issue_banner(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_31get_issue_banner(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_31get_issue_banner(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_30get_issue_banner, "Session.get_issue_banner(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_31get_issue_banner = {"get_issue_banner", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_31get_issue_banner, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_30get_issue_banner};
+static PyObject *__pyx_pw_3ssh_7session_7Session_31get_issue_banner(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_issue_banner (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_issue_banner", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_issue_banner", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_30get_issue_banner(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4295,127 +6755,122 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_30get_issue_banner(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_issue_banner", 0);
 
-  /* "ssh/session.pyx":207
+  /* "ssh/session.pyx":224
  *         cdef char *_banner
  *         cdef bytes banner
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":208
+        /* "ssh/session.pyx":225
  *         cdef bytes banner
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)
  *         if _banner is NULL:
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 208, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 225, __pyx_L4_error)
 
-        /* "ssh/session.pyx":209
+        /* "ssh/session.pyx":226
  *         with nogil:
  *             _check_connected(self._session)
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)             # <<<<<<<<<<<<<<
  *         if _banner is NULL:
  *             return
- */
+*/
         __pyx_v__banner = ssh_get_issue_banner(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":207
+      /* "ssh/session.pyx":224
  *         cdef char *_banner
  *         cdef bytes banner
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":210
+  /* "ssh/session.pyx":227
  *             _check_connected(self._session)
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)
  *         if _banner is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         banner = _banner
- */
-  __pyx_t_1 = ((__pyx_v__banner == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__banner == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":211
+    /* "ssh/session.pyx":228
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)
  *         if _banner is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         banner = _banner
  *         return banner
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":210
+    /* "ssh/session.pyx":227
  *             _check_connected(self._session)
  *             _banner = c_ssh.ssh_get_issue_banner(self._session)
  *         if _banner is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         banner = _banner
- */
+*/
   }
 
-  /* "ssh/session.pyx":212
+  /* "ssh/session.pyx":229
  *         if _banner is NULL:
  *             return
  *         banner = _banner             # <<<<<<<<<<<<<<
  *         return banner
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__banner); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 212, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__banner); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 229, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_banner = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":213
+  /* "ssh/session.pyx":230
  *             return
  *         banner = _banner
  *         return banner             # <<<<<<<<<<<<<<
  * 
  *     def get_openssh_version(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_banner);
   __pyx_r = __pyx_v_banner;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":204
+  /* "ssh/session.pyx":221
  *         return _sock
  * 
  *     def get_issue_banner(self):             # <<<<<<<<<<<<<<
  *         cdef char *_banner
  *         cdef bytes banner
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4429,21 +6884,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_30get_issue_banner(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":215
+/* "ssh/session.pyx":232
  *         return banner
  * 
  *     def get_openssh_version(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_33get_openssh_version(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_32get_openssh_version[] = "Session.get_openssh_version(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_33get_openssh_version(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_33get_openssh_version(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_32get_openssh_version, "Session.get_openssh_version(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_33get_openssh_version = {"get_openssh_version", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_33get_openssh_version, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_32get_openssh_version};
+static PyObject *__pyx_pw_3ssh_7session_7Session_33get_openssh_version(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_openssh_version (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_openssh_version", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_openssh_version", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_32get_openssh_version(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4462,87 +6946,82 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_32get_openssh_version(struct __
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_openssh_version", 0);
 
-  /* "ssh/session.pyx":217
+  /* "ssh/session.pyx":234
  *     def get_openssh_version(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_get_openssh_version(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":218
+        /* "ssh/session.pyx":235
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_openssh_version(self._session)
  *         return rc
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 218, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 235, __pyx_L4_error)
 
-        /* "ssh/session.pyx":219
+        /* "ssh/session.pyx":236
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_get_openssh_version(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_get_openssh_version(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":217
+      /* "ssh/session.pyx":234
  *     def get_openssh_version(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_get_openssh_version(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":220
+  /* "ssh/session.pyx":237
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_get_openssh_version(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def get_server_publickey(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 220, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 237, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":215
+  /* "ssh/session.pyx":232
  *         return banner
  * 
  *     def get_openssh_version(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4555,21 +7034,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_32get_openssh_version(struct __
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":222
+/* "ssh/session.pyx":239
  *         return rc
  * 
  *     def get_server_publickey(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef c_ssh.ssh_key _key
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_35get_server_publickey(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_34get_server_publickey[] = "Session.get_server_publickey(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_35get_server_publickey(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_35get_server_publickey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_34get_server_publickey, "Session.get_server_publickey(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_35get_server_publickey = {"get_server_publickey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_35get_server_publickey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_34get_server_publickey};
+static PyObject *__pyx_pw_3ssh_7session_7Session_35get_server_publickey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_server_publickey (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_server_publickey", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_server_publickey", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_34get_server_publickey(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4590,242 +7098,225 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_34get_server_publickey(struct _
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_server_publickey", 0);
 
-  /* "ssh/session.pyx":225
+  /* "ssh/session.pyx":242
  *         cdef int rc
  *         cdef c_ssh.ssh_key _key
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _key = c_ssh.ssh_key_new()
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":226
+        /* "ssh/session.pyx":243
  *         cdef c_ssh.ssh_key _key
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _key = c_ssh.ssh_key_new()
  *             if _key is NULL:
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 226, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 243, __pyx_L4_error)
 
-        /* "ssh/session.pyx":227
+        /* "ssh/session.pyx":244
  *         with nogil:
  *             _check_connected(self._session)
  *             _key = c_ssh.ssh_key_new()             # <<<<<<<<<<<<<<
  *             if _key is NULL:
  *                 with gil:
- */
+*/
         __pyx_v__key = ssh_key_new();
 
-        /* "ssh/session.pyx":228
+        /* "ssh/session.pyx":245
  *             _check_connected(self._session)
  *             _key = c_ssh.ssh_key_new()
  *             if _key is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v__key == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v__key == NULL);
+        if (unlikely(__pyx_t_1)) {
 
-          /* "ssh/session.pyx":229
+          /* "ssh/session.pyx":246
  *             _key = c_ssh.ssh_key_new()
  *             if _key is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/session.pyx":230
+                /* "ssh/session.pyx":247
  *             if _key is NULL:
  *                 with gil:
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)
  *             if rc != c_ssh.SSH_OK:
- */
-                PyErr_NoMemory(); __PYX_ERR(0, 230, __pyx_L8_error)
+*/
+                PyErr_NoMemory(); __PYX_ERR(0, 247, __pyx_L8_error)
               }
 
-              /* "ssh/session.pyx":229
+              /* "ssh/session.pyx":246
  *             _key = c_ssh.ssh_key_new()
  *             if _key is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/session.pyx":228
+          /* "ssh/session.pyx":245
  *             _check_connected(self._session)
  *             _key = c_ssh.ssh_key_new()
  *             if _key is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
-        /* "ssh/session.pyx":231
+        /* "ssh/session.pyx":248
  *                 with gil:
  *                     raise MemoryError
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)             # <<<<<<<<<<<<<<
  *             if rc != c_ssh.SSH_OK:
  *                 c_ssh.ssh_key_free(_key)
- */
+*/
         __pyx_v_rc = ssh_get_server_publickey(__pyx_v_self->_session, (&__pyx_v__key));
 
-        /* "ssh/session.pyx":232
+        /* "ssh/session.pyx":249
  *                     raise MemoryError
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)
  *             if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_key_free(_key)
  *                 with gil:
- */
-        __pyx_t_1 = ((__pyx_v_rc != SSH_OK) != 0);
+*/
+        __pyx_t_1 = (__pyx_v_rc != SSH_OK);
         if (__pyx_t_1) {
 
-          /* "ssh/session.pyx":233
+          /* "ssh/session.pyx":250
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)
  *             if rc != c_ssh.SSH_OK:
  *                 c_ssh.ssh_key_free(_key)             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     return handle_error_codes(rc, self._session)
- */
+*/
           ssh_key_free(__pyx_v__key);
 
-          /* "ssh/session.pyx":234
+          /* "ssh/session.pyx":251
  *             if rc != c_ssh.SSH_OK:
  *                 c_ssh.ssh_key_free(_key)
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(rc, self._session)
  *         return SSHKey.from_ptr(_key)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/session.pyx":235
+                /* "ssh/session.pyx":252
  *                 c_ssh.ssh_key_free(_key)
  *                 with gil:
  *                     return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  *         return SSHKey.from_ptr(_key)
  * 
- */
+*/
                 __Pyx_XDECREF(__pyx_r);
-                __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 235, __pyx_L12_error)
-                __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 235, __pyx_L12_error)
+                __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 252, __pyx_L12_error)
+                __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 252, __pyx_L12_error)
                 __Pyx_GOTREF(__pyx_t_3);
                 __pyx_r = __pyx_t_3;
                 __pyx_t_3 = 0;
                 goto __pyx_L11_return;
               }
 
-              /* "ssh/session.pyx":234
+              /* "ssh/session.pyx":251
  *             if rc != c_ssh.SSH_OK:
  *                 c_ssh.ssh_key_free(_key)
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(rc, self._session)
  *         return SSHKey.from_ptr(_key)
- */
+*/
               /*finally:*/ {
                 __pyx_L11_return: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L3_return;
                 }
                 __pyx_L12_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/session.pyx":232
+          /* "ssh/session.pyx":249
  *                     raise MemoryError
  *             rc = c_ssh.ssh_get_server_publickey(self._session, &_key)
  *             if rc != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_key_free(_key)
  *                 with gil:
- */
+*/
         }
       }
 
-      /* "ssh/session.pyx":225
+      /* "ssh/session.pyx":242
  *         cdef int rc
  *         cdef c_ssh.ssh_key _key
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _key = c_ssh.ssh_key_new()
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L3_return: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L0;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":236
+  /* "ssh/session.pyx":253
  *                 with gil:
  *                     return handle_error_codes(rc, self._session)
  *         return SSHKey.from_ptr(_key)             # <<<<<<<<<<<<<<
  * 
  *     def get_version(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_3key_SSHKey->from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 236, __pyx_L1_error)
+  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_3key_SSHKey->from_ptr(__pyx_v__key)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 253, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":222
+  /* "ssh/session.pyx":239
  *         return rc
  * 
  *     def get_server_publickey(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef c_ssh.ssh_key _key
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4838,21 +7329,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_34get_server_publickey(struct _
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":238
+/* "ssh/session.pyx":255
  *         return SSHKey.from_ptr(_key)
  * 
  *     def get_version(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_37get_version(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_36get_version[] = "Session.get_version(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_37get_version(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_37get_version(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_36get_version, "Session.get_version(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_37get_version = {"get_version", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_37get_version, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_36get_version};
+static PyObject *__pyx_pw_3ssh_7session_7Session_37get_version(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_version (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_version", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_version", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_36get_version(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4870,71 +7390,68 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_36get_version(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_version", 0);
 
-  /* "ssh/session.pyx":240
+  /* "ssh/session.pyx":257
  *     def get_version(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_version(self._session)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":241
+        /* "ssh/session.pyx":258
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_get_version(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_get_version(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":240
+      /* "ssh/session.pyx":257
  *     def get_version(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_version(self._session)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":242
+  /* "ssh/session.pyx":259
  *         with nogil:
  *             rc = c_ssh.ssh_get_version(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def get_status(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 242, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 259, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":238
+  /* "ssh/session.pyx":255
  *         return SSHKey.from_ptr(_key)
  * 
  *     def get_version(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4947,21 +7464,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_36get_version(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":244
+/* "ssh/session.pyx":261
  *         return rc
  * 
  *     def get_status(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_39get_status(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_38get_status[] = "Session.get_status(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_39get_status(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_39get_status(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_38get_status, "Session.get_status(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_39get_status = {"get_status", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_39get_status, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_38get_status};
+static PyObject *__pyx_pw_3ssh_7session_7Session_39get_status(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_status (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_status", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_status", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_38get_status(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -4979,71 +7525,68 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_38get_status(struct __pyx_obj_3
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_status", 0);
 
-  /* "ssh/session.pyx":246
+  /* "ssh/session.pyx":263
  *     def get_status(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_status(self._session)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":247
+        /* "ssh/session.pyx":264
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_get_status(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_get_status(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":246
+      /* "ssh/session.pyx":263
  *     def get_status(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_status(self._session)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":248
+  /* "ssh/session.pyx":265
  *         with nogil:
  *             rc = c_ssh.ssh_get_status(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def get_poll_flags(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 248, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 265, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":244
+  /* "ssh/session.pyx":261
  *         return rc
  * 
  *     def get_status(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5056,21 +7599,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_38get_status(struct __pyx_obj_3
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":250
+/* "ssh/session.pyx":267
  *         return rc
  * 
  *     def get_poll_flags(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_41get_poll_flags(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_40get_poll_flags[] = "Session.get_poll_flags(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_41get_poll_flags(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_41get_poll_flags(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_40get_poll_flags, "Session.get_poll_flags(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_41get_poll_flags = {"get_poll_flags", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_41get_poll_flags, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_40get_poll_flags};
+static PyObject *__pyx_pw_3ssh_7session_7Session_41get_poll_flags(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_poll_flags (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_poll_flags", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_poll_flags", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_40get_poll_flags(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -5088,71 +7660,68 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_40get_poll_flags(struct __pyx_o
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_poll_flags", 0);
 
-  /* "ssh/session.pyx":252
+  /* "ssh/session.pyx":269
  *     def get_poll_flags(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_poll_flags(self._session)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":253
+        /* "ssh/session.pyx":270
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_get_poll_flags(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_get_poll_flags(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":252
+      /* "ssh/session.pyx":269
  *     def get_poll_flags(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_poll_flags(self._session)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":254
+  /* "ssh/session.pyx":271
  *         with nogil:
  *             rc = c_ssh.ssh_get_poll_flags(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def is_blocking(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 254, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 271, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":250
+  /* "ssh/session.pyx":267
  *         return rc
  * 
  *     def get_poll_flags(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5165,21 +7734,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_40get_poll_flags(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":256
+/* "ssh/session.pyx":273
  *         return rc
  * 
  *     def is_blocking(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_43is_blocking(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_42is_blocking[] = "Session.is_blocking(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_43is_blocking(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_43is_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_42is_blocking, "Session.is_blocking(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_43is_blocking = {"is_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_43is_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_42is_blocking};
+static PyObject *__pyx_pw_3ssh_7session_7Session_43is_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_blocking (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_blocking", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_blocking", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_42is_blocking(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -5198,72 +7796,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_42is_blocking(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_blocking", 0);
 
-  /* "ssh/session.pyx":258
+  /* "ssh/session.pyx":275
  *     def is_blocking(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_is_blocking(self._session)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":259
+        /* "ssh/session.pyx":276
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_is_blocking(self._session)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_is_blocking(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":258
+      /* "ssh/session.pyx":275
  *     def is_blocking(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_is_blocking(self._session)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":260
+  /* "ssh/session.pyx":277
  *         with nogil:
  *             rc = c_ssh.ssh_is_blocking(self._session)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def is_connected(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 260, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 277, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":256
+  /* "ssh/session.pyx":273
  *         return rc
  * 
  *     def is_blocking(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5276,21 +7871,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_42is_blocking(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":262
+/* "ssh/session.pyx":279
  *         return bool(rc)
  * 
  *     def is_connected(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_45is_connected(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_44is_connected[] = "Session.is_connected(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_45is_connected(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_45is_connected(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_44is_connected, "Session.is_connected(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_45is_connected = {"is_connected", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_45is_connected, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_44is_connected};
+static PyObject *__pyx_pw_3ssh_7session_7Session_45is_connected(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_connected (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_connected", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_connected", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_44is_connected(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -5309,72 +7933,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_44is_connected(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_connected", 0);
 
-  /* "ssh/session.pyx":264
+  /* "ssh/session.pyx":281
  *     def is_connected(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_is_connected(self._session)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":265
+        /* "ssh/session.pyx":282
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_is_connected(self._session)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_is_connected(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":264
+      /* "ssh/session.pyx":281
  *     def is_connected(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_is_connected(self._session)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":266
+  /* "ssh/session.pyx":283
  *         with nogil:
  *             rc = c_ssh.ssh_is_connected(self._session)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def is_server_known(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 266, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 283, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":262
+  /* "ssh/session.pyx":279
  *         return bool(rc)
  * 
  *     def is_connected(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5387,22 +8008,51 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_44is_connected(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":268
+/* "ssh/session.pyx":285
  *         return bool(rc)
  * 
  *     def is_server_known(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_47is_server_known(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_46is_server_known[] = "Session.is_server_known(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_47is_server_known(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_47is_server_known(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_46is_server_known, "Session.is_server_known(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_47is_server_known = {"is_server_known", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_47is_server_known, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_46is_server_known};
+static PyObject *__pyx_pw_3ssh_7session_7Session_47is_server_known(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("is_server_known (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_46is_server_known(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("is_server_known", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("is_server_known", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_46is_server_known(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
@@ -5420,72 +8070,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_46is_server_known(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("is_server_known", 0);
 
-  /* "ssh/session.pyx":270
+  /* "ssh/session.pyx":287
  *     def is_server_known(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_is_server_known(self._session)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":271
+        /* "ssh/session.pyx":288
  *         cdef bint rc
  *         with nogil:
  *             rc = c_ssh.ssh_is_server_known(self._session)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = ssh_is_server_known(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":270
+      /* "ssh/session.pyx":287
  *     def is_server_known(self):
  *         cdef bint rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_is_server_known(self._session)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":272
+  /* "ssh/session.pyx":289
  *         with nogil:
  *             rc = c_ssh.ssh_is_server_known(self._session)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def copy_options(self, Session destination):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
-  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 272, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 289, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":268
+  /* "ssh/session.pyx":285
  *         return bool(rc)
  * 
  *     def is_server_known(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5498,32 +8145,106 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_46is_server_known(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":274
+/* "ssh/session.pyx":291
  *         return bool(rc)
  * 
  *     def copy_options(self, Session destination):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_49copy_options(PyObject *__pyx_v_self, PyObject *__pyx_v_destination); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_48copy_options[] = "Session.copy_options(self, Session destination)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_49copy_options(PyObject *__pyx_v_self, PyObject *__pyx_v_destination) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_49copy_options(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_48copy_options, "Session.copy_options(self, Session destination)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_49copy_options = {"copy_options", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_49copy_options, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_48copy_options};
+static PyObject *__pyx_pw_3ssh_7session_7Session_49copy_options(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7session_Session *__pyx_v_destination = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("copy_options (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_destination), __pyx_ptype_3ssh_7session_Session, 1, "destination", 0))) __PYX_ERR(0, 274, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_48copy_options(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_destination));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_destination,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 291, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 291, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "copy_options", 0) < 0) __PYX_ERR(0, 291, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("copy_options", 1, 1, 1, i); __PYX_ERR(0, 291, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 291, __pyx_L3_error)
+    }
+    __pyx_v_destination = ((struct __pyx_obj_3ssh_7session_Session *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("copy_options", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 291, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.copy_options", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_destination), __pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, 1, "destination", 0))) __PYX_ERR(0, 291, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_48copy_options(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_destination);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5539,72 +8260,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_48copy_options(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("copy_options", 0);
 
-  /* "ssh/session.pyx":276
+  /* "ssh/session.pyx":293
  *     def copy_options(self, Session destination):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_copy(self._session, &destination._session)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":277
+        /* "ssh/session.pyx":294
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_options_copy(self._session, &destination._session)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_options_copy(__pyx_v_self->_session, (&__pyx_v_destination->_session));
       }
 
-      /* "ssh/session.pyx":276
+      /* "ssh/session.pyx":293
  *     def copy_options(self, Session destination):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_copy(self._session, &destination._session)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":278
+  /* "ssh/session.pyx":295
  *         with nogil:
  *             rc = c_ssh.ssh_options_copy(self._session, &destination._session)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def options_getopt(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 278, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 278, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 295, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 295, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":274
+  /* "ssh/session.pyx":291
  *         return bool(rc)
  * 
  *     def copy_options(self, Session destination):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5617,21 +8335,50 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_48copy_options(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":280
+/* "ssh/session.pyx":297
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_getopt(self):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_51options_getopt(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_50options_getopt[] = "Session.options_getopt(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_51options_getopt(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_51options_getopt(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_50options_getopt, "Session.options_getopt(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_51options_getopt = {"options_getopt", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_51options_getopt, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_50options_getopt};
+static PyObject *__pyx_pw_3ssh_7session_7Session_51options_getopt(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("options_getopt (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("options_getopt", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("options_getopt", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_7session_7Session_50options_getopt(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -5647,23 +8394,23 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_50options_getopt(CYTHON_UNUSED
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("options_getopt", 0);
 
-  /* "ssh/session.pyx":281
+  /* "ssh/session.pyx":298
  * 
  *     def options_getopt(self):
  *         raise NotImplementedError             # <<<<<<<<<<<<<<
  * 
  *     def options_parse_config(self, filepath):
- */
+*/
   __Pyx_Raise(__pyx_builtin_NotImplementedError, 0, 0, 0);
-  __PYX_ERR(0, 281, __pyx_L1_error)
+  __PYX_ERR(0, 298, __pyx_L1_error)
 
-  /* "ssh/session.pyx":280
+  /* "ssh/session.pyx":297
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_getopt(self):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5674,24 +8421,96 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_50options_getopt(CYTHON_UNUSED
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":283
+/* "ssh/session.pyx":300
  *         raise NotImplementedError
  * 
  *     def options_parse_config(self, filepath):             # <<<<<<<<<<<<<<
  *         cdef bytes b_filepath = to_bytes(filepath)
  *         cdef char *c_filepath = b_filepath
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_53options_parse_config(PyObject *__pyx_v_self, PyObject *__pyx_v_filepath); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_52options_parse_config[] = "Session.options_parse_config(self, filepath)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_53options_parse_config(PyObject *__pyx_v_self, PyObject *__pyx_v_filepath) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_53options_parse_config(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_52options_parse_config, "Session.options_parse_config(self, filepath)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_53options_parse_config = {"options_parse_config", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_53options_parse_config, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_52options_parse_config};
+static PyObject *__pyx_pw_3ssh_7session_7Session_53options_parse_config(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_filepath = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("options_parse_config (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_52options_parse_config(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v_filepath));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_filepath,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 300, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 300, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_parse_config", 0) < 0) __PYX_ERR(0, 300, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_parse_config", 1, 1, 1, i); __PYX_ERR(0, 300, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 300, __pyx_L3_error)
+    }
+    __pyx_v_filepath = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("options_parse_config", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 300, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.options_parse_config", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_52options_parse_config(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_filepath);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5710,98 +8529,95 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_52options_parse_config(struct _
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("options_parse_config", 0);
 
-  /* "ssh/session.pyx":284
+  /* "ssh/session.pyx":301
  * 
  *     def options_parse_config(self, filepath):
  *         cdef bytes b_filepath = to_bytes(filepath)             # <<<<<<<<<<<<<<
  *         cdef char *c_filepath = b_filepath
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 284, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_filepath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 301, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_filepath = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":285
+  /* "ssh/session.pyx":302
  *     def options_parse_config(self, filepath):
  *         cdef bytes b_filepath = to_bytes(filepath)
  *         cdef char *c_filepath = b_filepath             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_filepath == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 285, __pyx_L1_error)
+    __PYX_ERR(0, 302, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 285, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_filepath); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 302, __pyx_L1_error)
   __pyx_v_c_filepath = __pyx_t_2;
 
-  /* "ssh/session.pyx":287
+  /* "ssh/session.pyx":304
  *         cdef char *c_filepath = b_filepath
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_parse_config(self._session, c_filepath)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":288
+        /* "ssh/session.pyx":305
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_options_parse_config(self._session, c_filepath)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_options_parse_config(__pyx_v_self->_session, __pyx_v_c_filepath);
       }
 
-      /* "ssh/session.pyx":287
+      /* "ssh/session.pyx":304
  *         cdef char *c_filepath = b_filepath
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_parse_config(self._session, c_filepath)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":289
+  /* "ssh/session.pyx":306
  *         with nogil:
  *             rc = c_ssh.ssh_options_parse_config(self._session, c_filepath)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def options_set_port(self, int port):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 289, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 289, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 306, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 306, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":283
+  /* "ssh/session.pyx":300
  *         raise NotImplementedError
  * 
  *     def options_parse_config(self, filepath):             # <<<<<<<<<<<<<<
  *         cdef bytes b_filepath = to_bytes(filepath)
  *         cdef char *c_filepath = b_filepath
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5815,37 +8631,96 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_52options_parse_config(struct _
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":291
+/* "ssh/session.pyx":308
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_set_port(self, int port):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_55options_set_port(PyObject *__pyx_v_self, PyObject *__pyx_arg_port); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_54options_set_port[] = "Session.options_set_port(self, int port)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_55options_set_port(PyObject *__pyx_v_self, PyObject *__pyx_arg_port) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_55options_set_port(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_54options_set_port, "Session.options_set_port(self, int port)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_55options_set_port = {"options_set_port", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_55options_set_port, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_54options_set_port};
+static PyObject *__pyx_pw_3ssh_7session_7Session_55options_set_port(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_port;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("options_set_port (wrapper)", 0);
-  assert(__pyx_arg_port); {
-    __pyx_v_port = __Pyx_PyInt_As_int(__pyx_arg_port); if (unlikely((__pyx_v_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 291, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_port,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 308, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 308, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_set_port", 0) < 0) __PYX_ERR(0, 308, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_set_port", 1, 1, 1, i); __PYX_ERR(0, 308, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 308, __pyx_L3_error)
+    }
+    __pyx_v_port = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_port == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 308, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("options_set_port", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 308, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.options_set_port", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_54options_set_port(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((int)__pyx_v_port));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_54options_set_port(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_port);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5861,72 +8736,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_54options_set_port(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("options_set_port", 0);
 
-  /* "ssh/session.pyx":293
+  /* "ssh/session.pyx":310
  *     def options_set_port(self, int port):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_set(
  *                 self._session, c_ssh.ssh_options_e.SSH_OPTIONS_PORT, &port)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":294
+        /* "ssh/session.pyx":311
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(             # <<<<<<<<<<<<<<
  *                 self._session, c_ssh.ssh_options_e.SSH_OPTIONS_PORT, &port)
  *         return handle_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_options_set(__pyx_v_self->_session, SSH_OPTIONS_PORT, (&__pyx_v_port));
       }
 
-      /* "ssh/session.pyx":293
+      /* "ssh/session.pyx":310
  *     def options_set_port(self, int port):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_set(
  *                 self._session, c_ssh.ssh_options_e.SSH_OPTIONS_PORT, &port)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":296
+  /* "ssh/session.pyx":313
  *             rc = c_ssh.ssh_options_set(
  *                 self._session, c_ssh.ssh_options_e.SSH_OPTIONS_PORT, &port)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
- *     def options_set_gssapi_delegate_credentials(self, bint delegate):
- */
+ *     def options_get_port(self, unsigned int port_target):
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 296, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 296, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 313, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 313, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":291
+  /* "ssh/session.pyx":308
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_set_port(self, int port):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5939,42 +8811,101 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_54options_set_port(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":298
+/* "ssh/session.pyx":315
  *         return handle_error_codes(rc, self._session)
  * 
- *     def options_set_gssapi_delegate_credentials(self, bint delegate):             # <<<<<<<<<<<<<<
- *         """
- *         Set delegating credentials to server on/off.
- */
+ *     def options_get_port(self, unsigned int port_target):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_57options_set_gssapi_delegate_credentials(PyObject *__pyx_v_self, PyObject *__pyx_arg_delegate); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_56options_set_gssapi_delegate_credentials[] = "Session.options_set_gssapi_delegate_credentials(self, bool delegate)\n\n        Set delegating credentials to server on/off.\n\n        :param delegate: Delegation on/off\n        :type delegate: bool\n        ";
-static PyObject *__pyx_pw_3ssh_7session_7Session_57options_set_gssapi_delegate_credentials(PyObject *__pyx_v_self, PyObject *__pyx_arg_delegate) {
-  int __pyx_v_delegate;
+static PyObject *__pyx_pw_3ssh_7session_7Session_57options_get_port(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_56options_get_port, "Session.options_get_port(self, unsigned int port_target)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_57options_get_port = {"options_get_port", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_57options_get_port, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_56options_get_port};
+static PyObject *__pyx_pw_3ssh_7session_7Session_57options_get_port(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  unsigned int __pyx_v_port_target;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("options_set_gssapi_delegate_credentials (wrapper)", 0);
-  assert(__pyx_arg_delegate); {
-    __pyx_v_delegate = __Pyx_PyObject_IsTrue(__pyx_arg_delegate); if (unlikely((__pyx_v_delegate == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 298, __pyx_L3_error)
+  __Pyx_RefNannySetupContext("options_get_port (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_port_target,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 315, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 315, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_get_port", 0) < 0) __PYX_ERR(0, 315, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_get_port", 1, 1, 1, i); __PYX_ERR(0, 315, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 315, __pyx_L3_error)
+    }
+    __pyx_v_port_target = __Pyx_PyLong_As_unsigned_int(values[0]); if (unlikely((__pyx_v_port_target == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 315, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("options_get_port", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 315, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
-  __Pyx_AddTraceback("ssh.session.Session.options_set_gssapi_delegate_credentials", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.options_get_port", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_56options_set_gssapi_delegate_credentials(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((int)__pyx_v_delegate));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_56options_get_port(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_port_target);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_56options_set_gssapi_delegate_credentials(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_delegate) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_56options_get_port(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_port_target) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -5983,79 +8914,76 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_56options_set_gssapi_delegate_c
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("options_set_gssapi_delegate_credentials", 0);
+  __Pyx_RefNannySetupContext("options_get_port", 0);
 
-  /* "ssh/session.pyx":305
- *         :type delegate: bool
- *         """
+  /* "ssh/session.pyx":317
+ *     def options_get_port(self, unsigned int port_target):
+ *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
- *             rc = c_ssh.ssh_options_set(
- *                 self._session,
- */
+ *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+ *         return handle_error_codes(rc, self._session)
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":306
- *         """
+        /* "ssh/session.pyx":318
+ *         cdef int rc
  *         with nogil:
- *             rc = c_ssh.ssh_options_set(             # <<<<<<<<<<<<<<
- *                 self._session,
- *                 c_ssh.ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
- */
-        __pyx_v_rc = ssh_options_set(__pyx_v_self->_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, (&__pyx_v_delegate));
+ *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)             # <<<<<<<<<<<<<<
+ *         return handle_error_codes(rc, self._session)
+ * 
+*/
+        __pyx_v_rc = ssh_options_get_port(__pyx_v_self->_session, (&__pyx_v_port_target));
       }
 
-      /* "ssh/session.pyx":305
- *         :type delegate: bool
- *         """
+      /* "ssh/session.pyx":317
+ *     def options_get_port(self, unsigned int port_target):
+ *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
- *             rc = c_ssh.ssh_options_set(
- *                 self._session,
- */
+ *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+ *         return handle_error_codes(rc, self._session)
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":310
- *                 c_ssh.ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
- *                 &delegate)
+  /* "ssh/session.pyx":319
+ *         with nogil:
+ *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
- *     def options_set(self, Option option, value):
- */
+ *     def options_set_gssapi_delegate_credentials(self, bint delegate):
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 310, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 310, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 319, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 319, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":298
+  /* "ssh/session.pyx":315
  *         return handle_error_codes(rc, self._session)
  * 
- *     def options_set_gssapi_delegate_credentials(self, bint delegate):             # <<<<<<<<<<<<<<
- *         """
- *         Set delegating credentials to server on/off.
- */
+ *     def options_get_port(self, unsigned int port_target):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_AddTraceback("ssh.session.Session.options_set_gssapi_delegate_credentials", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_AddTraceback("ssh.session.Session.options_get_port", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
   __Pyx_XGIVEREF(__pyx_r);
@@ -6063,85 +8991,299 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_56options_set_gssapi_delegate_c
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":312
+/* "ssh/session.pyx":321
  *         return handle_error_codes(rc, self._session)
  * 
- *     def options_set(self, Option option, value):             # <<<<<<<<<<<<<<
- *         """Set an option for session. This function can only be used for
- *         string options like host. For numeric options, port etc, use the
- */
+ *     def options_set_gssapi_delegate_credentials(self, bint delegate):             # <<<<<<<<<<<<<<
+ *         """
+ *         Set delegating credentials to server on/off.
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_59options_set(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_58options_set[] = "Session.options_set(self, Option option, value)\nSet an option for session. This function can only be used for\n        string options like host. For numeric options, port etc, use the\n        individual functions.\n\n        :param option: An SSH option object from one of\n          :py:mod:`ssh.options`.\n        :type option: :py:class:`ssh.options.Option`\n        ";
-static PyObject *__pyx_pw_3ssh_7session_7Session_59options_set(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
-  struct __pyx_obj_3ssh_7options_Option *__pyx_v_option = 0;
-  PyObject *__pyx_v_value = 0;
+static PyObject *__pyx_pw_3ssh_7session_7Session_59options_set_gssapi_delegate_credentials(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_58options_set_gssapi_delegate_credentials, "Session.options_set_gssapi_delegate_credentials(self, bool delegate)\n\nSet delegating credentials to server on/off.\n\n:param delegate: Delegation on/off\n:type delegate: bool");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_59options_set_gssapi_delegate_credentials = {"options_set_gssapi_delegate_credentials", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_59options_set_gssapi_delegate_credentials, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_58options_set_gssapi_delegate_credentials};
+static PyObject *__pyx_pw_3ssh_7session_7Session_59options_set_gssapi_delegate_credentials(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  int __pyx_v_delegate;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("options_set (wrapper)", 0);
+  __Pyx_RefNannySetupContext("options_set_gssapi_delegate_credentials (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_option,&__pyx_n_s_value,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-        CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_delegate,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 321, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 321, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_option)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_set_gssapi_delegate_credentials", 0) < 0) __PYX_ERR(0, 321, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_set_gssapi_delegate_credentials", 1, 1, 1, i); __PYX_ERR(0, 321, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 321, __pyx_L3_error)
+    }
+    __pyx_v_delegate = __Pyx_PyObject_IsTrue(values[0]); if (unlikely((__pyx_v_delegate == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 321, __pyx_L3_error)
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("options_set_gssapi_delegate_credentials", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 321, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.options_set_gssapi_delegate_credentials", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_58options_set_gssapi_delegate_credentials(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_delegate);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_7session_7Session_58options_set_gssapi_delegate_credentials(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_delegate) {
+  int __pyx_v_rc;
+  PyObject *__pyx_r = NULL;
+  __Pyx_RefNannyDeclarations
+  int __pyx_t_1;
+  PyObject *__pyx_t_2 = NULL;
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  __Pyx_RefNannySetupContext("options_set_gssapi_delegate_credentials", 0);
+
+  /* "ssh/session.pyx":328
+ *         :type delegate: bool
+ *         """
+ *         with nogil:             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_options_set(
+ *                 self._session,
+*/
+  {
+      PyThreadState *_save;
+      _save = NULL;
+      Py_UNBLOCK_THREADS
+      __Pyx_FastGIL_Remember();
+      /*try:*/ {
+
+        /* "ssh/session.pyx":329
+ *         """
+ *         with nogil:
+ *             rc = c_ssh.ssh_options_set(             # <<<<<<<<<<<<<<
+ *                 self._session,
+ *                 c_ssh.ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
+*/
+        __pyx_v_rc = ssh_options_set(__pyx_v_self->_session, SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS, (&__pyx_v_delegate));
+      }
+
+      /* "ssh/session.pyx":328
+ *         :type delegate: bool
+ *         """
+ *         with nogil:             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_options_set(
+ *                 self._session,
+*/
+      /*finally:*/ {
+        /*normal exit:*/{
+          __Pyx_FastGIL_Forget();
+          Py_BLOCK_THREADS
+          goto __pyx_L5;
+        }
+        __pyx_L5:;
+      }
+  }
+
+  /* "ssh/session.pyx":333
+ *                 c_ssh.ssh_options_e.SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS,
+ *                 &delegate)
+ *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
+ * 
+ *     def options_set(self, Option option, value):
+*/
+  __Pyx_XDECREF(__pyx_r);
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 333, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 333, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __pyx_r = __pyx_t_2;
+  __pyx_t_2 = 0;
+  goto __pyx_L0;
+
+  /* "ssh/session.pyx":321
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_set_gssapi_delegate_credentials(self, bint delegate):             # <<<<<<<<<<<<<<
+ *         """
+ *         Set delegating credentials to server on/off.
+*/
+
+  /* function exit code */
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_AddTraceback("ssh.session.Session.options_set_gssapi_delegate_credentials", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __pyx_r = NULL;
+  __pyx_L0:;
+  __Pyx_XGIVEREF(__pyx_r);
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+/* "ssh/session.pyx":335
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_set(self, Option option, value):             # <<<<<<<<<<<<<<
+ *         """Set an option for session. This function can only be used for
+ *         string options like host. For numeric options, port etc, use the
+*/
+
+/* Python wrapper */
+static PyObject *__pyx_pw_3ssh_7session_7Session_61options_set(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_60options_set, "Session.options_set(self, Option option, value)\n\nSet an option for session. This function can only be used for\nstring options like host. For numeric options, port etc, use the\nindividual functions.\n\n:param option: An SSH option object from one of\n  :py:mod:`ssh.options`.\n:type option: :py:class:`ssh.options.Option`");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_61options_set = {"options_set", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_61options_set, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_60options_set};
+static PyObject *__pyx_pw_3ssh_7session_7Session_61options_set(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7options_Option *__pyx_v_option = 0;
+  PyObject *__pyx_v_value = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("options_set (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_option,&__pyx_mstate_global->__pyx_n_u_value,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 335, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 335, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_value)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("options_set", 1, 2, 2, 1); __PYX_ERR(0, 312, __pyx_L3_error)
-        }
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 335, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
       }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "options_set") < 0)) __PYX_ERR(0, 312, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_set", 0) < 0) __PYX_ERR(0, 335, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_set", 1, 2, 2, i); __PYX_ERR(0, 335, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 335, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 335, __pyx_L3_error)
     }
     __pyx_v_option = ((struct __pyx_obj_3ssh_7options_Option *)values[0]);
     __pyx_v_value = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("options_set", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 312, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("options_set", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 335, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.options_set", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_option), __pyx_ptype_3ssh_7options_Option, 1, "option", 0))) __PYX_ERR(0, 312, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_58options_set(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_option, __pyx_v_value);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_option), __pyx_mstate_global->__pyx_ptype_3ssh_7options_Option, 1, "option", 0))) __PYX_ERR(0, 335, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_60options_set(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_option, __pyx_v_value);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_58options_set(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option, PyObject *__pyx_v_value) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_60options_set(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option, PyObject *__pyx_v_value) {
   PyObject *__pyx_v_b_value = 0;
   char *__pyx_v_c_value;
   int __pyx_v_rc;
@@ -6155,98 +9297,95 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_58options_set(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("options_set", 0);
 
-  /* "ssh/session.pyx":321
+  /* "ssh/session.pyx":344
  *         :type option: :py:class:`ssh.options.Option`
  *         """
  *         cdef bytes b_value = to_bytes(value)             # <<<<<<<<<<<<<<
  *         cdef char *c_value
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_value); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 321, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_value); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 344, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_value = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":324
+  /* "ssh/session.pyx":347
  *         cdef char *c_value
  *         cdef int rc
  *         c_value = b_value             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(self._session, option._option, c_value)
- */
+*/
   if (unlikely(__pyx_v_b_value == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 324, __pyx_L1_error)
+    __PYX_ERR(0, 347, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_value); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 324, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_value); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 347, __pyx_L1_error)
   __pyx_v_c_value = __pyx_t_2;
 
-  /* "ssh/session.pyx":325
+  /* "ssh/session.pyx":348
  *         cdef int rc
  *         c_value = b_value
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_set(self._session, option._option, c_value)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":326
+        /* "ssh/session.pyx":349
  *         c_value = b_value
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(self._session, option._option, c_value)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_options_set(__pyx_v_self->_session, __pyx_v_option->_option, __pyx_v_c_value);
       }
 
-      /* "ssh/session.pyx":325
+      /* "ssh/session.pyx":348
  *         cdef int rc
  *         c_value = b_value
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_set(self._session, option._option, c_value)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":327
+  /* "ssh/session.pyx":350
  *         with nogil:
  *             rc = c_ssh.ssh_options_set(self._session, option._option, c_value)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def options_get(self, Option option):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 327, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 327, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 350, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 350, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":312
+  /* "ssh/session.pyx":335
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_set(self, Option option, value):             # <<<<<<<<<<<<<<
  *         """Set an option for session. This function can only be used for
  *         string options like host. For numeric options, port etc, use the
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6260,37 +9399,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_58options_set(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":329
+/* "ssh/session.pyx":352
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_get(self, Option option):             # <<<<<<<<<<<<<<
  *         """Get option value. This function can only be used for string options.
  *         For numeric or other options use the individual functions.
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_61options_get(PyObject *__pyx_v_self, PyObject *__pyx_v_option); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_60options_get[] = "Session.options_get(self, Option option)\nGet option value. This function can only be used for string options.\n        For numeric or other options use the individual functions.\n        ";
-static PyObject *__pyx_pw_3ssh_7session_7Session_61options_get(PyObject *__pyx_v_self, PyObject *__pyx_v_option) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_63options_get(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_62options_get, "Session.options_get(self, Option option)\n\nGet option value. This function can only be used for string options.\nFor numeric or other options use the individual functions.");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_63options_get = {"options_get", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_63options_get, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_62options_get};
+static PyObject *__pyx_pw_3ssh_7session_7Session_63options_get(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7options_Option *__pyx_v_option = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("options_get (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_option), __pyx_ptype_3ssh_7options_Option, 1, "option", 0))) __PYX_ERR(0, 329, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_60options_get(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((struct __pyx_obj_3ssh_7options_Option *)__pyx_v_option));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_option,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 352, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 352, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_get", 0) < 0) __PYX_ERR(0, 352, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_get", 1, 1, 1, i); __PYX_ERR(0, 352, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 352, __pyx_L3_error)
+    }
+    __pyx_v_option = ((struct __pyx_obj_3ssh_7options_Option *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("options_get", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 352, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.options_get", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_option), __pyx_mstate_global->__pyx_ptype_3ssh_7options_Option, 1, "option", 0))) __PYX_ERR(0, 352, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_62options_get(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_option);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_60options_get(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_62options_get(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option) {
   char *__pyx_v__value;
   char **__pyx_v_value;
   int __pyx_v_rc;
@@ -6305,143 +9518,140 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_60options_get(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("options_get", 0);
 
-  /* "ssh/session.pyx":334
+  /* "ssh/session.pyx":357
  *         """
  *         cdef char *_value
  *         cdef char **value = NULL             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef bytes b_value
- */
+*/
   __pyx_v_value = NULL;
 
-  /* "ssh/session.pyx":337
+  /* "ssh/session.pyx":360
  *         cdef int rc
  *         cdef bytes b_value
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_get(
  *                 self._session, option._option, value)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":338
+        /* "ssh/session.pyx":361
  *         cdef bytes b_value
  *         with nogil:
  *             rc = c_ssh.ssh_options_get(             # <<<<<<<<<<<<<<
  *                 self._session, option._option, value)
  *         if rc < 0:
- */
+*/
         __pyx_v_rc = ssh_options_get(__pyx_v_self->_session, __pyx_v_option->_option, __pyx_v_value);
       }
 
-      /* "ssh/session.pyx":337
+      /* "ssh/session.pyx":360
  *         cdef int rc
  *         cdef bytes b_value
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_options_get(
  *                 self._session, option._option, value)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":340
+  /* "ssh/session.pyx":363
  *             rc = c_ssh.ssh_options_get(
  *                 self._session, option._option, value)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise OptionError
  *         _value = value[0]
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
-    /* "ssh/session.pyx":341
+    /* "ssh/session.pyx":364
  *                 self._session, option._option, value)
  *         if rc < 0:
  *             raise OptionError             # <<<<<<<<<<<<<<
  *         _value = value[0]
  *         b_value = _value
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_OptionError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 341, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_OptionError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 364, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-    __PYX_ERR(0, 341, __pyx_L1_error)
+    __PYX_ERR(0, 364, __pyx_L1_error)
 
-    /* "ssh/session.pyx":340
+    /* "ssh/session.pyx":363
  *             rc = c_ssh.ssh_options_get(
  *                 self._session, option._option, value)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise OptionError
  *         _value = value[0]
- */
+*/
   }
 
-  /* "ssh/session.pyx":342
+  /* "ssh/session.pyx":365
  *         if rc < 0:
  *             raise OptionError
  *         _value = value[0]             # <<<<<<<<<<<<<<
  *         b_value = _value
  *         c_ssh.ssh_string_free_char(_value)
- */
+*/
   __pyx_v__value = (__pyx_v_value[0]);
 
-  /* "ssh/session.pyx":343
+  /* "ssh/session.pyx":366
  *             raise OptionError
  *         _value = value[0]
  *         b_value = _value             # <<<<<<<<<<<<<<
  *         c_ssh.ssh_string_free_char(_value)
  *         return to_str(b_value)
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__value); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 343, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__value); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 366, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_value = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":344
+  /* "ssh/session.pyx":367
  *         _value = value[0]
  *         b_value = _value
  *         c_ssh.ssh_string_free_char(_value)             # <<<<<<<<<<<<<<
  *         return to_str(b_value)
  * 
- */
+*/
   ssh_string_free_char(__pyx_v__value);
 
-  /* "ssh/session.pyx":345
+  /* "ssh/session.pyx":368
  *         b_value = _value
  *         c_ssh.ssh_string_free_char(_value)
  *         return to_str(b_value)             # <<<<<<<<<<<<<<
  * 
- *     def options_get_port(self, unsigned int port_target):
- */
+ *     def options_set_int_val(self, Option option, int value):
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_value); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 345, __pyx_L1_error)
-  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(__pyx_t_3); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 345, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_value); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 368, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(__pyx_t_3); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 368, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":329
+  /* "ssh/session.pyx":352
  *         return handle_error_codes(rc, self._session)
  * 
  *     def options_get(self, Option option):             # <<<<<<<<<<<<<<
  *         """Get option value. This function can only be used for string options.
  *         For numeric or other options use the individual functions.
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6455,42 +9665,119 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_60options_get(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":347
+/* "ssh/session.pyx":370
  *         return to_str(b_value)
  * 
- *     def options_get_port(self, unsigned int port_target):             # <<<<<<<<<<<<<<
- *         cdef int rc
- *         with nogil:
- */
+ *     def options_set_int_val(self, Option option, int value):             # <<<<<<<<<<<<<<
+ *         """
+ *         Set numeric value options when applicable.
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_63options_get_port(PyObject *__pyx_v_self, PyObject *__pyx_arg_port_target); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_62options_get_port[] = "Session.options_get_port(self, unsigned int port_target)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_63options_get_port(PyObject *__pyx_v_self, PyObject *__pyx_arg_port_target) {
-  unsigned int __pyx_v_port_target;
+static PyObject *__pyx_pw_3ssh_7session_7Session_65options_set_int_val(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_64options_set_int_val, "Session.options_set_int_val(self, Option option, int value)\n\nSet numeric value options when applicable.");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_65options_set_int_val = {"options_set_int_val", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_65options_set_int_val, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_64options_set_int_val};
+static PyObject *__pyx_pw_3ssh_7session_7Session_65options_set_int_val(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7options_Option *__pyx_v_option = 0;
+  int __pyx_v_value;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("options_get_port (wrapper)", 0);
-  assert(__pyx_arg_port_target); {
-    __pyx_v_port_target = __Pyx_PyInt_As_unsigned_int(__pyx_arg_port_target); if (unlikely((__pyx_v_port_target == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 347, __pyx_L3_error)
+  __Pyx_RefNannySetupContext("options_set_int_val (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_option,&__pyx_mstate_global->__pyx_n_u_value,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 370, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 370, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 370, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "options_set_int_val", 0) < 0) __PYX_ERR(0, 370, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("options_set_int_val", 1, 2, 2, i); __PYX_ERR(0, 370, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 2)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 370, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 370, __pyx_L3_error)
+    }
+    __pyx_v_option = ((struct __pyx_obj_3ssh_7options_Option *)values[0]);
+    __pyx_v_value = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_value == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 370, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("options_set_int_val", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 370, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
-  __Pyx_AddTraceback("ssh.session.Session.options_get_port", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.options_set_int_val", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_62options_get_port(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((unsigned int)__pyx_v_port_target));
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_option), __pyx_mstate_global->__pyx_ptype_3ssh_7options_Option, 1, "option", 0))) __PYX_ERR(0, 370, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_64options_set_int_val(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_option, __pyx_v_value);
 
   /* function exit code */
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
+  __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_62options_get_port(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_port_target) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_64options_set_int_val(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7options_Option *__pyx_v_option, int __pyx_v_value) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -6499,79 +9786,76 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_62options_get_port(struct __pyx
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
-  __Pyx_RefNannySetupContext("options_get_port", 0);
+  __Pyx_RefNannySetupContext("options_set_int_val", 0);
 
-  /* "ssh/session.pyx":349
- *     def options_get_port(self, unsigned int port_target):
+  /* "ssh/session.pyx":375
+ *         """
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
- *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+ *             rc = c_ssh.ssh_options_set(self._session, option._option, &value)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":350
+        /* "ssh/session.pyx":376
  *         cdef int rc
  *         with nogil:
- *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)             # <<<<<<<<<<<<<<
+ *             rc = c_ssh.ssh_options_set(self._session, option._option, &value)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
-        __pyx_v_rc = ssh_options_get_port(__pyx_v_self->_session, (&__pyx_v_port_target));
+*/
+        __pyx_v_rc = ssh_options_set(__pyx_v_self->_session, __pyx_v_option->_option, (&__pyx_v_value));
       }
 
-      /* "ssh/session.pyx":349
- *     def options_get_port(self, unsigned int port_target):
+      /* "ssh/session.pyx":375
+ *         """
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
- *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+ *             rc = c_ssh.ssh_options_set(self._session, option._option, &value)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":351
+  /* "ssh/session.pyx":377
  *         with nogil:
- *             rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+ *             rc = c_ssh.ssh_options_set(self._session, option._option, &value)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def send_ignore(self, bytes data):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 351, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 351, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 377, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 377, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":347
+  /* "ssh/session.pyx":370
  *         return to_str(b_value)
  * 
- *     def options_get_port(self, unsigned int port_target):             # <<<<<<<<<<<<<<
- *         cdef int rc
- *         with nogil:
- */
+ *     def options_set_int_val(self, Option option, int value):             # <<<<<<<<<<<<<<
+ *         """
+ *         Set numeric value options when applicable.
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_AddTraceback("ssh.session.Session.options_get_port", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_AddTraceback("ssh.session.Session.options_set_int_val", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
   __Pyx_XGIVEREF(__pyx_r);
@@ -6579,37 +9863,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_62options_get_port(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":353
+/* "ssh/session.pyx":379
  *         return handle_error_codes(rc, self._session)
  * 
  *     def send_ignore(self, bytes data):             # <<<<<<<<<<<<<<
  *         cdef char *c_data = data
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_65send_ignore(PyObject *__pyx_v_self, PyObject *__pyx_v_data); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_64send_ignore[] = "Session.send_ignore(self, bytes data)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_65send_ignore(PyObject *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_67send_ignore(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_66send_ignore, "Session.send_ignore(self, bytes data)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_67send_ignore = {"send_ignore", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_67send_ignore, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_66send_ignore};
+static PyObject *__pyx_pw_3ssh_7session_7Session_67send_ignore(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_data = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("send_ignore (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_data), (&PyBytes_Type), 1, "data", 1))) __PYX_ERR(0, 353, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_64send_ignore(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject*)__pyx_v_data));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_data,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 379, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 379, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "send_ignore", 0) < 0) __PYX_ERR(0, 379, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("send_ignore", 1, 1, 1, i); __PYX_ERR(0, 379, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 379, __pyx_L3_error)
+    }
+    __pyx_v_data = ((PyObject*)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("send_ignore", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 379, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.send_ignore", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_data), (&PyBytes_Type), 1, "data", 1))) __PYX_ERR(0, 379, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_66send_ignore(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_data);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_64send_ignore(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_data) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_66send_ignore(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_data) {
   char *__pyx_v_c_data;
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
@@ -6622,86 +9980,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_64send_ignore(struct __pyx_obj_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("send_ignore", 0);
 
-  /* "ssh/session.pyx":354
+  /* "ssh/session.pyx":380
  * 
  *     def send_ignore(self, bytes data):
  *         cdef char *c_data = data             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_data == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 354, __pyx_L1_error)
+    __PYX_ERR(0, 380, __pyx_L1_error)
   }
-  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_data); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 354, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_data); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 380, __pyx_L1_error)
   __pyx_v_c_data = __pyx_t_1;
 
-  /* "ssh/session.pyx":356
+  /* "ssh/session.pyx":382
  *         cdef char *c_data = data
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_send_ignore(self._session, c_data)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":357
+        /* "ssh/session.pyx":383
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_send_ignore(self._session, c_data)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_send_ignore(__pyx_v_self->_session, __pyx_v_c_data);
       }
 
-      /* "ssh/session.pyx":356
+      /* "ssh/session.pyx":382
  *         cdef char *c_data = data
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_send_ignore(self._session, c_data)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":358
+  /* "ssh/session.pyx":384
  *         with nogil:
  *             rc = c_ssh.ssh_send_ignore(self._session, c_data)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def send_debug(self, bytes message, int always_display):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 358, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 358, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 384, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 384, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":353
+  /* "ssh/session.pyx":379
  *         return handle_error_codes(rc, self._session)
  * 
  *     def send_ignore(self, bytes data):             # <<<<<<<<<<<<<<
  *         cdef char *c_data = data
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6714,85 +10069,119 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_64send_ignore(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":360
+/* "ssh/session.pyx":386
  *         return handle_error_codes(rc, self._session)
  * 
  *     def send_debug(self, bytes message, int always_display):             # <<<<<<<<<<<<<<
  *         cdef char *c_message = message
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_67send_debug(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_66send_debug[] = "Session.send_debug(self, bytes message, int always_display)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_67send_debug(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_69send_debug(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_68send_debug, "Session.send_debug(self, bytes message, int always_display)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_69send_debug = {"send_debug", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_69send_debug, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_68send_debug};
+static PyObject *__pyx_pw_3ssh_7session_7Session_69send_debug(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_message = 0;
   int __pyx_v_always_display;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("send_debug (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_message,&__pyx_n_s_always_display,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_message,&__pyx_mstate_global->__pyx_n_u_always_display,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 386, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 386, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 386, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_message)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_always_display)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("send_debug", 1, 2, 2, 1); __PYX_ERR(0, 360, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "send_debug") < 0)) __PYX_ERR(0, 360, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "send_debug", 0) < 0) __PYX_ERR(0, 386, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("send_debug", 1, 2, 2, i); __PYX_ERR(0, 386, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 386, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 386, __pyx_L3_error)
     }
     __pyx_v_message = ((PyObject*)values[0]);
-    __pyx_v_always_display = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_always_display == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 360, __pyx_L3_error)
+    __pyx_v_always_display = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_always_display == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 386, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("send_debug", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 360, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("send_debug", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 386, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.send_debug", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_message), (&PyBytes_Type), 1, "message", 1))) __PYX_ERR(0, 360, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_66send_debug(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_message, __pyx_v_always_display);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_message), (&PyBytes_Type), 1, "message", 1))) __PYX_ERR(0, 386, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_68send_debug(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_message, __pyx_v_always_display);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_66send_debug(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_message, int __pyx_v_always_display) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_68send_debug(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_message, int __pyx_v_always_display) {
   char *__pyx_v_c_message;
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
@@ -6805,86 +10194,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_66send_debug(struct __pyx_obj_3
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("send_debug", 0);
 
-  /* "ssh/session.pyx":361
+  /* "ssh/session.pyx":387
  * 
  *     def send_debug(self, bytes message, int always_display):
  *         cdef char *c_message = message             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_message == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 361, __pyx_L1_error)
+    __PYX_ERR(0, 387, __pyx_L1_error)
   }
-  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_message); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 361, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_message); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 387, __pyx_L1_error)
   __pyx_v_c_message = __pyx_t_1;
 
-  /* "ssh/session.pyx":363
+  /* "ssh/session.pyx":389
  *         cdef char *c_message = message
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_send_debug(
  *                 self._session, c_message, always_display)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":364
+        /* "ssh/session.pyx":390
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_send_debug(             # <<<<<<<<<<<<<<
  *                 self._session, c_message, always_display)
  *         return handle_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_send_debug(__pyx_v_self->_session, __pyx_v_c_message, __pyx_v_always_display);
       }
 
-      /* "ssh/session.pyx":363
+      /* "ssh/session.pyx":389
  *         cdef char *c_message = message
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_send_debug(
  *                 self._session, c_message, always_display)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":366
+  /* "ssh/session.pyx":392
  *             rc = c_ssh.ssh_send_debug(
  *                 self._session, c_message, always_display)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def gssapi_set_creds(self, creds not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 366, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 366, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 392, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 392, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":360
+  /* "ssh/session.pyx":386
  *         return handle_error_codes(rc, self._session)
  * 
  *     def send_debug(self, bytes message, int always_display):             # <<<<<<<<<<<<<<
  *         cdef char *c_message = message
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6897,39 +10283,113 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_66send_debug(struct __pyx_obj_3
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":368
+/* "ssh/session.pyx":394
  *         return handle_error_codes(rc, self._session)
  * 
  *     def gssapi_set_creds(self, creds not None):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_69gssapi_set_creds(PyObject *__pyx_v_self, PyObject *__pyx_v_creds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_68gssapi_set_creds[] = "Session.gssapi_set_creds(self, creds)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_69gssapi_set_creds(PyObject *__pyx_v_self, PyObject *__pyx_v_creds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_71gssapi_set_creds(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_70gssapi_set_creds, "Session.gssapi_set_creds(self, creds)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_71gssapi_set_creds = {"gssapi_set_creds", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_71gssapi_set_creds, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_70gssapi_set_creds};
+static PyObject *__pyx_pw_3ssh_7session_7Session_71gssapi_set_creds(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v_creds = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("gssapi_set_creds (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_creds,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 394, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 394, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "gssapi_set_creds", 0) < 0) __PYX_ERR(0, 394, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("gssapi_set_creds", 1, 1, 1, i); __PYX_ERR(0, 394, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 394, __pyx_L3_error)
+    }
+    __pyx_v_creds = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("gssapi_set_creds", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 394, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.gssapi_set_creds", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_creds) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "creds"); __PYX_ERR(0, 368, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "creds"); __PYX_ERR(0, 394, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_68gssapi_set_creds(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v_creds));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_70gssapi_set_creds(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_creds);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_68gssapi_set_creds(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_creds) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_70gssapi_set_creds(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_creds) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   int __pyx_lineno = 0;
@@ -6937,23 +10397,23 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_68gssapi_set_creds(CYTHON_UNUSE
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("gssapi_set_creds", 0);
 
-  /* "ssh/session.pyx":369
+  /* "ssh/session.pyx":395
  * 
  *     def gssapi_set_creds(self, creds not None):
  *         raise NotImplementedError             # <<<<<<<<<<<<<<
  * 
  *     def service_request(self, bytes service):
- */
+*/
   __Pyx_Raise(__pyx_builtin_NotImplementedError, 0, 0, 0);
-  __PYX_ERR(0, 369, __pyx_L1_error)
+  __PYX_ERR(0, 395, __pyx_L1_error)
 
-  /* "ssh/session.pyx":368
+  /* "ssh/session.pyx":394
  *         return handle_error_codes(rc, self._session)
  * 
  *     def gssapi_set_creds(self, creds not None):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6964,37 +10424,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_68gssapi_set_creds(CYTHON_UNUSE
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":371
+/* "ssh/session.pyx":397
  *         raise NotImplementedError
  * 
  *     def service_request(self, bytes service):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef char *c_service = service
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_71service_request(PyObject *__pyx_v_self, PyObject *__pyx_v_service); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_70service_request[] = "Session.service_request(self, bytes service)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_71service_request(PyObject *__pyx_v_self, PyObject *__pyx_v_service) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_73service_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_72service_request, "Session.service_request(self, bytes service)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_73service_request = {"service_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_73service_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_72service_request};
+static PyObject *__pyx_pw_3ssh_7session_7Session_73service_request(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_service = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("service_request (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_service), (&PyBytes_Type), 1, "service", 1))) __PYX_ERR(0, 371, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_70service_request(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject*)__pyx_v_service));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_service,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 397, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 397, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "service_request", 0) < 0) __PYX_ERR(0, 397, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("service_request", 1, 1, 1, i); __PYX_ERR(0, 397, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 397, __pyx_L3_error)
+    }
+    __pyx_v_service = ((PyObject*)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("service_request", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 397, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.service_request", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_service), (&PyBytes_Type), 1, "service", 1))) __PYX_ERR(0, 397, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_72service_request(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_service);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_70service_request(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_service) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_72service_request(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_service) {
   int __pyx_v_rc;
   char *__pyx_v_c_service;
   PyObject *__pyx_r = NULL;
@@ -7007,86 +10541,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_70service_request(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("service_request", 0);
 
-  /* "ssh/session.pyx":373
+  /* "ssh/session.pyx":399
  *     def service_request(self, bytes service):
  *         cdef int rc
  *         cdef char *c_service = service             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_ssh.ssh_service_request(self._session, c_service)
- */
+*/
   if (unlikely(__pyx_v_service == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 373, __pyx_L1_error)
+    __PYX_ERR(0, 399, __pyx_L1_error)
   }
-  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_service); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 373, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_service); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 399, __pyx_L1_error)
   __pyx_v_c_service = __pyx_t_1;
 
-  /* "ssh/session.pyx":374
+  /* "ssh/session.pyx":400
  *         cdef int rc
  *         cdef char *c_service = service
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_service_request(self._session, c_service)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":375
+        /* "ssh/session.pyx":401
  *         cdef char *c_service = service
  *         with nogil:
  *             rc = c_ssh.ssh_service_request(self._session, c_service)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_service_request(__pyx_v_self->_session, __pyx_v_c_service);
       }
 
-      /* "ssh/session.pyx":374
+      /* "ssh/session.pyx":400
  *         cdef int rc
  *         cdef char *c_service = service
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_service_request(self._session, c_service)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":376
+  /* "ssh/session.pyx":402
  *         with nogil:
  *             rc = c_ssh.ssh_service_request(self._session, c_service)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     # These are also excluded from Windows builds.
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 376, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 376, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 402, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 402, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":371
+  /* "ssh/session.pyx":397
  *         raise NotImplementedError
  * 
  *     def service_request(self, bytes service):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef char *c_service = service
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7099,37 +10630,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_70service_request(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":380
+/* "ssh/session.pyx":406
  *     # These are also excluded from Windows builds.
  *     IF not ON_WINDOWS:
  *         def set_agent_channel(self, Channel channel):             # <<<<<<<<<<<<<<
  *             cdef int rc
  *             with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_73set_agent_channel(PyObject *__pyx_v_self, PyObject *__pyx_v_channel); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_72set_agent_channel[] = "Session.set_agent_channel(self, Channel channel)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_73set_agent_channel(PyObject *__pyx_v_self, PyObject *__pyx_v_channel) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_75set_agent_channel(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_74set_agent_channel, "Session.set_agent_channel(self, Channel channel)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_75set_agent_channel = {"set_agent_channel", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_75set_agent_channel, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_74set_agent_channel};
+static PyObject *__pyx_pw_3ssh_7session_7Session_75set_agent_channel(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_agent_channel (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_channel), __pyx_ptype_3ssh_7channel_Channel, 1, "channel", 0))) __PYX_ERR(0, 380, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_72set_agent_channel(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((struct __pyx_obj_3ssh_7channel_Channel *)__pyx_v_channel));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_channel,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 406, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 406, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_agent_channel", 0) < 0) __PYX_ERR(0, 406, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_agent_channel", 1, 1, 1, i); __PYX_ERR(0, 406, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 406, __pyx_L3_error)
+    }
+    __pyx_v_channel = ((struct __pyx_obj_3ssh_7channel_Channel *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_agent_channel", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 406, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.set_agent_channel", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_channel), __pyx_mstate_global->__pyx_ptype_3ssh_7channel_Channel, 1, "channel", 0))) __PYX_ERR(0, 406, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_74set_agent_channel(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_channel);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_72set_agent_channel(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_74set_agent_channel(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_7channel_Channel *__pyx_v_channel) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -7140,72 +10745,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_72set_agent_channel(struct __py
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("set_agent_channel", 0);
 
-  /* "ssh/session.pyx":382
+  /* "ssh/session.pyx":408
  *         def set_agent_channel(self, Channel channel):
  *             cdef int rc
  *             with nogil:             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_set_agent_channel(
  *                     self._session, channel._channel)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":383
+        /* "ssh/session.pyx":409
  *             cdef int rc
  *             with nogil:
  *                 rc = c_ssh.ssh_set_agent_channel(             # <<<<<<<<<<<<<<
  *                     self._session, channel._channel)
  *             return handle_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_set_agent_channel(__pyx_v_self->_session, __pyx_v_channel->_channel);
       }
 
-      /* "ssh/session.pyx":382
+      /* "ssh/session.pyx":408
  *         def set_agent_channel(self, Channel channel):
  *             cdef int rc
  *             with nogil:             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_set_agent_channel(
  *                     self._session, channel._channel)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":385
+  /* "ssh/session.pyx":411
  *                 rc = c_ssh.ssh_set_agent_channel(
  *                     self._session, channel._channel)
  *             return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *         def set_agent_socket(self, socket not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 385, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 385, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 411, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 411, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":380
+  /* "ssh/session.pyx":406
  *     # These are also excluded from Windows builds.
  *     IF not ON_WINDOWS:
  *         def set_agent_channel(self, Channel channel):             # <<<<<<<<<<<<<<
  *             cdef int rc
  *             with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7218,39 +10820,113 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_72set_agent_channel(struct __py
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":387
+/* "ssh/session.pyx":413
  *             return handle_error_codes(rc, self._session)
  * 
  *         def set_agent_socket(self, socket not None):             # <<<<<<<<<<<<<<
  *             cdef int rc
  *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_75set_agent_socket(PyObject *__pyx_v_self, PyObject *__pyx_v_socket); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_74set_agent_socket[] = "Session.set_agent_socket(self, socket)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_75set_agent_socket(PyObject *__pyx_v_self, PyObject *__pyx_v_socket) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_77set_agent_socket(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_76set_agent_socket, "Session.set_agent_socket(self, socket)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_77set_agent_socket = {"set_agent_socket", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_77set_agent_socket, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_76set_agent_socket};
+static PyObject *__pyx_pw_3ssh_7session_7Session_77set_agent_socket(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_socket = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_agent_socket (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_socket,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 413, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 413, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_agent_socket", 0) < 0) __PYX_ERR(0, 413, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_agent_socket", 1, 1, 1, i); __PYX_ERR(0, 413, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 413, __pyx_L3_error)
+    }
+    __pyx_v_socket = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_agent_socket", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 413, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.set_agent_socket", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_socket) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "socket"); __PYX_ERR(0, 387, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "socket"); __PYX_ERR(0, 413, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_74set_agent_socket(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v_socket));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_76set_agent_socket(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_socket);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_74set_agent_socket(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_socket) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_76set_agent_socket(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_socket) {
   int __pyx_v_rc;
   socket_t __pyx_v__sock;
   PyObject *__pyx_r = NULL;
@@ -7262,82 +10938,79 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_74set_agent_socket(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("set_agent_socket", 0);
 
-  /* "ssh/session.pyx":389
+  /* "ssh/session.pyx":415
  *         def set_agent_socket(self, socket not None):
  *             cdef int rc
  *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)             # <<<<<<<<<<<<<<
  *             with nogil:
  *                 rc = c_ssh.ssh_set_agent_socket(self._session, _sock)
- */
-  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 389, __pyx_L1_error)
+*/
+  __pyx_t_1 = PyObject_AsFileDescriptor(__pyx_v_socket); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 415, __pyx_L1_error)
   __pyx_v__sock = __pyx_t_1;
 
-  /* "ssh/session.pyx":390
+  /* "ssh/session.pyx":416
  *             cdef int rc
  *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *             with nogil:             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_set_agent_socket(self._session, _sock)
  *             return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":391
+        /* "ssh/session.pyx":417
  *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *             with nogil:
  *                 rc = c_ssh.ssh_set_agent_socket(self._session, _sock)             # <<<<<<<<<<<<<<
  *             return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_set_agent_socket(__pyx_v_self->_session, __pyx_v__sock);
       }
 
-      /* "ssh/session.pyx":390
+      /* "ssh/session.pyx":416
  *             cdef int rc
  *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
  *             with nogil:             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_set_agent_socket(self._session, _sock)
  *             return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":392
+  /* "ssh/session.pyx":418
  *             with nogil:
  *                 rc = c_ssh.ssh_set_agent_socket(self._session, _sock)
  *             return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def set_blocking(self, int blocking):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 392, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 392, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 418, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 418, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":387
+  /* "ssh/session.pyx":413
  *             return handle_error_codes(rc, self._session)
  * 
  *         def set_agent_socket(self, socket not None):             # <<<<<<<<<<<<<<
  *             cdef int rc
  *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7350,97 +11023,153 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_74set_agent_socket(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":394
+/* "ssh/session.pyx":420
  *             return handle_error_codes(rc, self._session)
  * 
  *     def set_blocking(self, int blocking):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_blocking(self._session, blocking)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_77set_blocking(PyObject *__pyx_v_self, PyObject *__pyx_arg_blocking); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_76set_blocking[] = "Session.set_blocking(self, int blocking)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_77set_blocking(PyObject *__pyx_v_self, PyObject *__pyx_arg_blocking) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_79set_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_78set_blocking, "Session.set_blocking(self, int blocking)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_79set_blocking = {"set_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_79set_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_78set_blocking};
+static PyObject *__pyx_pw_3ssh_7session_7Session_79set_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_blocking;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_blocking (wrapper)", 0);
-  assert(__pyx_arg_blocking); {
-    __pyx_v_blocking = __Pyx_PyInt_As_int(__pyx_arg_blocking); if (unlikely((__pyx_v_blocking == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 394, __pyx_L3_error)
-  }
-  goto __pyx_L4_argument_unpacking_done;
-  __pyx_L3_error:;
-  __Pyx_AddTraceback("ssh.session.Session.set_blocking", __pyx_clineno, __pyx_lineno, __pyx_filename);
-  __Pyx_RefNannyFinishContext();
-  return NULL;
-  __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_76set_blocking(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((int)__pyx_v_blocking));
-
-  /* function exit code */
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_blocking,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 420, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 420, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_blocking", 0) < 0) __PYX_ERR(0, 420, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_blocking", 1, 1, 1, i); __PYX_ERR(0, 420, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 420, __pyx_L3_error)
+    }
+    __pyx_v_blocking = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_blocking == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 420, __pyx_L3_error)
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("set_blocking", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 420, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.set_blocking", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_78set_blocking(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_blocking);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_76set_blocking(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_blocking) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_78set_blocking(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_blocking) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_blocking", 0);
 
-  /* "ssh/session.pyx":395
+  /* "ssh/session.pyx":421
  * 
  *     def set_blocking(self, int blocking):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_blocking(self._session, blocking)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":396
+        /* "ssh/session.pyx":422
  *     def set_blocking(self, int blocking):
  *         with nogil:
  *             c_ssh.ssh_set_blocking(self._session, blocking)             # <<<<<<<<<<<<<<
  * 
  *     def set_counters(self, scounter, rcounter):
- */
+*/
         ssh_set_blocking(__pyx_v_self->_session, __pyx_v_blocking);
       }
 
-      /* "ssh/session.pyx":395
+      /* "ssh/session.pyx":421
  * 
  *     def set_blocking(self, int blocking):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_blocking(self._session, blocking)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":394
+  /* "ssh/session.pyx":420
  *             return handle_error_codes(rc, self._session)
  * 
  *     def set_blocking(self, int blocking):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_blocking(self._session, blocking)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -7449,80 +11178,109 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_76set_blocking(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":398
+/* "ssh/session.pyx":424
  *             c_ssh.ssh_set_blocking(self._session, blocking)
  * 
  *     def set_counters(self, scounter, rcounter):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_79set_counters(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_78set_counters[] = "Session.set_counters(self, scounter, rcounter)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_79set_counters(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_81set_counters(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_80set_counters, "Session.set_counters(self, scounter, rcounter)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_81set_counters = {"set_counters", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_81set_counters, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_80set_counters};
+static PyObject *__pyx_pw_3ssh_7session_7Session_81set_counters(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   CYTHON_UNUSED PyObject *__pyx_v_scounter = 0;
   CYTHON_UNUSED PyObject *__pyx_v_rcounter = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_counters (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_scounter,&__pyx_n_s_rcounter,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_scounter,&__pyx_mstate_global->__pyx_n_u_rcounter,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 424, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 424, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 424, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_scounter)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_rcounter)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("set_counters", 1, 2, 2, 1); __PYX_ERR(0, 398, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "set_counters") < 0)) __PYX_ERR(0, 398, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "set_counters", 0) < 0) __PYX_ERR(0, 424, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("set_counters", 1, 2, 2, i); __PYX_ERR(0, 424, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 424, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 424, __pyx_L3_error)
     }
     __pyx_v_scounter = values[0];
     __pyx_v_rcounter = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("set_counters", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 398, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("set_counters", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 424, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.set_counters", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_78set_counters(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_scounter, __pyx_v_rcounter);
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_80set_counters(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_scounter, __pyx_v_rcounter);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_78set_counters(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_scounter, CYTHON_UNUSED PyObject *__pyx_v_rcounter) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_80set_counters(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_scounter, CYTHON_UNUSED PyObject *__pyx_v_rcounter) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   int __pyx_lineno = 0;
@@ -7530,23 +11288,23 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_78set_counters(CYTHON_UNUSED st
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("set_counters", 0);
 
-  /* "ssh/session.pyx":399
+  /* "ssh/session.pyx":425
  * 
  *     def set_counters(self, scounter, rcounter):
  *         raise NotImplementedError             # <<<<<<<<<<<<<<
  * 
  *     def set_fd_except(self):
- */
+*/
   __Pyx_Raise(__pyx_builtin_NotImplementedError, 0, 0, 0);
-  __PYX_ERR(0, 399, __pyx_L1_error)
+  __PYX_ERR(0, 425, __pyx_L1_error)
 
-  /* "ssh/session.pyx":398
+  /* "ssh/session.pyx":424
  *             c_ssh.ssh_set_blocking(self._session, blocking)
  * 
  *     def set_counters(self, scounter, rcounter):             # <<<<<<<<<<<<<<
  *         raise NotImplementedError
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -7557,84 +11315,110 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_78set_counters(CYTHON_UNUSED st
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":401
+/* "ssh/session.pyx":427
  *         raise NotImplementedError
  * 
  *     def set_fd_except(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_fd_except(self._session)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_81set_fd_except(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_80set_fd_except[] = "Session.set_fd_except(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_81set_fd_except(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_83set_fd_except(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_82set_fd_except, "Session.set_fd_except(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_83set_fd_except = {"set_fd_except", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_83set_fd_except, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_82set_fd_except};
+static PyObject *__pyx_pw_3ssh_7session_7Session_83set_fd_except(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_fd_except (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_80set_fd_except(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("set_fd_except", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("set_fd_except", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_82set_fd_except(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_80set_fd_except(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_82set_fd_except(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_fd_except", 0);
 
-  /* "ssh/session.pyx":402
+  /* "ssh/session.pyx":428
  * 
  *     def set_fd_except(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_fd_except(self._session)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":403
+        /* "ssh/session.pyx":429
  *     def set_fd_except(self):
  *         with nogil:
  *             c_ssh.ssh_set_fd_except(self._session)             # <<<<<<<<<<<<<<
  * 
  *     def set_fd_toread(self):
- */
+*/
         ssh_set_fd_except(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":402
+      /* "ssh/session.pyx":428
  * 
  *     def set_fd_except(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_fd_except(self._session)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":401
+  /* "ssh/session.pyx":427
  *         raise NotImplementedError
  * 
  *     def set_fd_except(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_fd_except(self._session)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -7643,84 +11427,110 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_80set_fd_except(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":405
+/* "ssh/session.pyx":431
  *             c_ssh.ssh_set_fd_except(self._session)
  * 
  *     def set_fd_toread(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_fd_toread(self._session)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_83set_fd_toread(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_82set_fd_toread[] = "Session.set_fd_toread(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_83set_fd_toread(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_85set_fd_toread(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_84set_fd_toread, "Session.set_fd_toread(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_85set_fd_toread = {"set_fd_toread", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_85set_fd_toread, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_84set_fd_toread};
+static PyObject *__pyx_pw_3ssh_7session_7Session_85set_fd_toread(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_fd_toread (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_82set_fd_toread(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("set_fd_toread", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("set_fd_toread", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_84set_fd_toread(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_82set_fd_toread(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_84set_fd_toread(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_fd_toread", 0);
 
-  /* "ssh/session.pyx":406
+  /* "ssh/session.pyx":432
  * 
  *     def set_fd_toread(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_fd_toread(self._session)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":407
+        /* "ssh/session.pyx":433
  *     def set_fd_toread(self):
  *         with nogil:
  *             c_ssh.ssh_set_fd_toread(self._session)             # <<<<<<<<<<<<<<
  * 
  *     def set_fd_towrite(self):
- */
+*/
         ssh_set_fd_toread(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":406
+      /* "ssh/session.pyx":432
  * 
  *     def set_fd_toread(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_fd_toread(self._session)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":405
+  /* "ssh/session.pyx":431
  *             c_ssh.ssh_set_fd_except(self._session)
  * 
  *     def set_fd_toread(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_fd_toread(self._session)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -7729,84 +11539,110 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_82set_fd_toread(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":409
+/* "ssh/session.pyx":435
  *             c_ssh.ssh_set_fd_toread(self._session)
  * 
  *     def set_fd_towrite(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_fd_towrite(self._session)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_85set_fd_towrite(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_84set_fd_towrite[] = "Session.set_fd_towrite(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_85set_fd_towrite(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_87set_fd_towrite(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_86set_fd_towrite, "Session.set_fd_towrite(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_87set_fd_towrite = {"set_fd_towrite", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_87set_fd_towrite, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_86set_fd_towrite};
+static PyObject *__pyx_pw_3ssh_7session_7Session_87set_fd_towrite(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_fd_towrite (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_84set_fd_towrite(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("set_fd_towrite", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("set_fd_towrite", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_86set_fd_towrite(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_84set_fd_towrite(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_86set_fd_towrite(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_fd_towrite", 0);
 
-  /* "ssh/session.pyx":410
+  /* "ssh/session.pyx":436
  * 
  *     def set_fd_towrite(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_fd_towrite(self._session)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":411
+        /* "ssh/session.pyx":437
  *     def set_fd_towrite(self):
  *         with nogil:
  *             c_ssh.ssh_set_fd_towrite(self._session)             # <<<<<<<<<<<<<<
  * 
  *     def silent_disconnect(self):
- */
+*/
         ssh_set_fd_towrite(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":410
+      /* "ssh/session.pyx":436
  * 
  *     def set_fd_towrite(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_set_fd_towrite(self._session)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":409
+  /* "ssh/session.pyx":435
  *             c_ssh.ssh_set_fd_toread(self._session)
  * 
  *     def set_fd_towrite(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_set_fd_towrite(self._session)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -7815,84 +11651,110 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_84set_fd_towrite(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":413
+/* "ssh/session.pyx":439
  *             c_ssh.ssh_set_fd_towrite(self._session)
  * 
  *     def silent_disconnect(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_silent_disconnect(self._session)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_87silent_disconnect(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_86silent_disconnect[] = "Session.silent_disconnect(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_87silent_disconnect(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_89silent_disconnect(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_88silent_disconnect, "Session.silent_disconnect(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_89silent_disconnect = {"silent_disconnect", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_89silent_disconnect, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_88silent_disconnect};
+static PyObject *__pyx_pw_3ssh_7session_7Session_89silent_disconnect(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("silent_disconnect (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_86silent_disconnect(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("silent_disconnect", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("silent_disconnect", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_88silent_disconnect(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_86silent_disconnect(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_88silent_disconnect(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("silent_disconnect", 0);
 
-  /* "ssh/session.pyx":414
+  /* "ssh/session.pyx":440
  * 
  *     def silent_disconnect(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_silent_disconnect(self._session)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":415
+        /* "ssh/session.pyx":441
  *     def silent_disconnect(self):
  *         with nogil:
  *             c_ssh.ssh_silent_disconnect(self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_none(self):
- */
+*/
         ssh_silent_disconnect(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":414
+      /* "ssh/session.pyx":440
  * 
  *     def silent_disconnect(self):
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_ssh.ssh_silent_disconnect(self._session)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":413
+  /* "ssh/session.pyx":439
  *             c_ssh.ssh_set_fd_towrite(self._session)
  * 
  *     def silent_disconnect(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_ssh.ssh_silent_disconnect(self._session)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -7901,29 +11763,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_86silent_disconnect(struct __py
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":417
+/* "ssh/session.pyx":443
  *             c_ssh.ssh_silent_disconnect(self._session)
  * 
  *     def userauth_none(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_89userauth_none(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_88userauth_none[] = "Session.userauth_none(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_89userauth_none(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_91userauth_none(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_90userauth_none, "Session.userauth_none(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_91userauth_none = {"userauth_none", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_91userauth_none, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_90userauth_none};
+static PyObject *__pyx_pw_3ssh_7session_7Session_91userauth_none(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_none (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_88userauth_none(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_none", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_none", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_90userauth_none(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_88userauth_none(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_90userauth_none(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -7935,88 +11826,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_88userauth_none(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_none", 0);
 
-  /* "ssh/session.pyx":419
+  /* "ssh/session.pyx":445
  *     def userauth_none(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_none(self._session, NULL)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":420
+        /* "ssh/session.pyx":446
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_none(self._session, NULL)
  *         return handle_auth_error_codes(rc, self._session)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 420, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 446, __pyx_L4_error)
 
-        /* "ssh/session.pyx":421
+        /* "ssh/session.pyx":447
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_none(self._session, NULL)             # <<<<<<<<<<<<<<
  *         return handle_auth_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_userauth_none(__pyx_v_self->_session, NULL);
       }
 
-      /* "ssh/session.pyx":419
+      /* "ssh/session.pyx":445
  *     def userauth_none(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_none(self._session, NULL)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":422
+  /* "ssh/session.pyx":448
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_none(self._session, NULL)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_list(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 422, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 422, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 448, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 448, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":417
+  /* "ssh/session.pyx":443
  *             c_ssh.ssh_silent_disconnect(self._session)
  * 
  *     def userauth_none(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -8029,29 +11915,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_88userauth_none(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":424
+/* "ssh/session.pyx":450
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_list(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_91userauth_list(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_90userauth_list[] = "Session.userauth_list(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_91userauth_list(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_93userauth_list(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_92userauth_list, "Session.userauth_list(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_93userauth_list = {"userauth_list", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_93userauth_list, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_92userauth_list};
+static PyObject *__pyx_pw_3ssh_7session_7Session_93userauth_list(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_list (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_90userauth_list(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_list", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_list", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_92userauth_list(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_90userauth_list(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_92userauth_list(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -8063,88 +11978,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_90userauth_list(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_list", 0);
 
-  /* "ssh/session.pyx":426
+  /* "ssh/session.pyx":452
  *     def userauth_list(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_list(self._session, NULL)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":427
+        /* "ssh/session.pyx":453
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_list(self._session, NULL)
  *         return handle_error_codes(rc, self._session)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 427, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 453, __pyx_L4_error)
 
-        /* "ssh/session.pyx":428
+        /* "ssh/session.pyx":454
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_list(self._session, NULL)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_userauth_list(__pyx_v_self->_session, NULL);
       }
 
-      /* "ssh/session.pyx":426
+      /* "ssh/session.pyx":452
  *     def userauth_list(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_list(self._session, NULL)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":429
+  /* "ssh/session.pyx":455
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_list(self._session, NULL)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_try_publickey(self, SSHKey pubkey not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 429, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 429, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 455, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 455, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":424
+  /* "ssh/session.pyx":450
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_list(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -8157,37 +12067,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_90userauth_list(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":431
+/* "ssh/session.pyx":457
  *         return handle_error_codes(rc, self._session)
  * 
  *     def userauth_try_publickey(self, SSHKey pubkey not None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_93userauth_try_publickey(PyObject *__pyx_v_self, PyObject *__pyx_v_pubkey); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_92userauth_try_publickey[] = "Session.userauth_try_publickey(self, SSHKey pubkey)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_93userauth_try_publickey(PyObject *__pyx_v_self, PyObject *__pyx_v_pubkey) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_95userauth_try_publickey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_94userauth_try_publickey, "Session.userauth_try_publickey(self, SSHKey pubkey)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_95userauth_try_publickey = {"userauth_try_publickey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_95userauth_try_publickey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_94userauth_try_publickey};
+static PyObject *__pyx_pw_3ssh_7session_7Session_95userauth_try_publickey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pubkey = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_try_publickey (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_pubkey), __pyx_ptype_3ssh_3key_SSHKey, 0, "pubkey", 0))) __PYX_ERR(0, 431, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_92userauth_try_publickey(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_pubkey));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pubkey,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 457, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 457, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_try_publickey", 0) < 0) __PYX_ERR(0, 457, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_try_publickey", 1, 1, 1, i); __PYX_ERR(0, 457, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 457, __pyx_L3_error)
+    }
+    __pyx_v_pubkey = ((struct __pyx_obj_3ssh_3key_SSHKey *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("userauth_try_publickey", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 457, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.userauth_try_publickey", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_pubkey), __pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, 0, "pubkey", 0))) __PYX_ERR(0, 457, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_94userauth_try_publickey(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_pubkey);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_92userauth_try_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pubkey) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_94userauth_try_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_pubkey) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -8199,88 +12183,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_92userauth_try_publickey(struct
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_try_publickey", 0);
 
-  /* "ssh/session.pyx":433
+  /* "ssh/session.pyx":459
  *     def userauth_try_publickey(self, SSHKey pubkey not None):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_try_publickey(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":434
+        /* "ssh/session.pyx":460
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_try_publickey(
  *                 self._session, NULL, pubkey._key)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 434, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 460, __pyx_L4_error)
 
-        /* "ssh/session.pyx":435
+        /* "ssh/session.pyx":461
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_try_publickey(             # <<<<<<<<<<<<<<
  *                 self._session, NULL, pubkey._key)
  *         return handle_auth_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_userauth_try_publickey(__pyx_v_self->_session, NULL, __pyx_v_pubkey->_key);
       }
 
-      /* "ssh/session.pyx":433
+      /* "ssh/session.pyx":459
  *     def userauth_try_publickey(self, SSHKey pubkey not None):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_try_publickey(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":437
+  /* "ssh/session.pyx":463
  *             rc = c_ssh.ssh_userauth_try_publickey(
  *                 self._session, NULL, pubkey._key)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_publickey(self, SSHKey privkey not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 437, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 437, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 463, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 463, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":431
+  /* "ssh/session.pyx":457
  *         return handle_error_codes(rc, self._session)
  * 
  *     def userauth_try_publickey(self, SSHKey pubkey not None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -8293,37 +12272,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_92userauth_try_publickey(struct
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":439
+/* "ssh/session.pyx":465
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_publickey(self, SSHKey privkey not None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_95userauth_publickey(PyObject *__pyx_v_self, PyObject *__pyx_v_privkey); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_94userauth_publickey[] = "Session.userauth_publickey(self, SSHKey privkey)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_95userauth_publickey(PyObject *__pyx_v_self, PyObject *__pyx_v_privkey) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_97userauth_publickey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_96userauth_publickey, "Session.userauth_publickey(self, SSHKey privkey)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_97userauth_publickey = {"userauth_publickey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_97userauth_publickey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_96userauth_publickey};
+static PyObject *__pyx_pw_3ssh_7session_7Session_97userauth_publickey(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_privkey = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_publickey (wrapper)", 0);
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_privkey), __pyx_ptype_3ssh_3key_SSHKey, 0, "privkey", 0))) __PYX_ERR(0, 439, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_94userauth_publickey(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((struct __pyx_obj_3ssh_3key_SSHKey *)__pyx_v_privkey));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_privkey,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 465, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 465, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_publickey", 0) < 0) __PYX_ERR(0, 465, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_publickey", 1, 1, 1, i); __PYX_ERR(0, 465, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 465, __pyx_L3_error)
+    }
+    __pyx_v_privkey = ((struct __pyx_obj_3ssh_3key_SSHKey *)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("userauth_publickey", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 465, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.userauth_publickey", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_privkey), __pyx_mstate_global->__pyx_ptype_3ssh_3key_SSHKey, 0, "privkey", 0))) __PYX_ERR(0, 465, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_96userauth_publickey(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_privkey);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_94userauth_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_privkey) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_96userauth_publickey(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, struct __pyx_obj_3ssh_3key_SSHKey *__pyx_v_privkey) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -8335,88 +12388,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_94userauth_publickey(struct __p
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_publickey", 0);
 
-  /* "ssh/session.pyx":441
+  /* "ssh/session.pyx":467
  *     def userauth_publickey(self, SSHKey privkey not None):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_publickey(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":442
+        /* "ssh/session.pyx":468
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_publickey(
  *                 self._session, NULL, privkey._key)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 442, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 468, __pyx_L4_error)
 
-        /* "ssh/session.pyx":443
+        /* "ssh/session.pyx":469
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_publickey(             # <<<<<<<<<<<<<<
  *                 self._session, NULL, privkey._key)
  *         return handle_auth_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_userauth_publickey(__pyx_v_self->_session, NULL, __pyx_v_privkey->_key);
       }
 
-      /* "ssh/session.pyx":441
+      /* "ssh/session.pyx":467
  *     def userauth_publickey(self, SSHKey privkey not None):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_publickey(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":445
+  /* "ssh/session.pyx":471
  *             rc = c_ssh.ssh_userauth_publickey(
  *                 self._session, NULL, privkey._key)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     # ssh_userauth_agent is excluded from libssh.h on Windows.
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 445, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 445, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 471, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 471, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":439
+  /* "ssh/session.pyx":465
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_publickey(self, SSHKey privkey not None):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -8429,39 +12477,113 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_94userauth_publickey(struct __p
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":449
+/* "ssh/session.pyx":475
  *     # ssh_userauth_agent is excluded from libssh.h on Windows.
  *     IF not ON_WINDOWS:
  *         def userauth_agent(self, username not None):             # <<<<<<<<<<<<<<
  *             cdef bytes b_username = to_bytes(username)
  *             cdef char *c_username = b_username
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_97userauth_agent(PyObject *__pyx_v_self, PyObject *__pyx_v_username); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_96userauth_agent[] = "Session.userauth_agent(self, username)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_97userauth_agent(PyObject *__pyx_v_self, PyObject *__pyx_v_username) {
-  int __pyx_lineno = 0;
-  const char *__pyx_filename = NULL;
-  int __pyx_clineno = 0;
-  PyObject *__pyx_r = 0;
+static PyObject *__pyx_pw_3ssh_7session_7Session_99userauth_agent(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_98userauth_agent, "Session.userauth_agent(self, username)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_99userauth_agent = {"userauth_agent", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_99userauth_agent, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_98userauth_agent};
+static PyObject *__pyx_pw_3ssh_7session_7Session_99userauth_agent(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_username = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_agent (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_username,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 475, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 475, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_agent", 0) < 0) __PYX_ERR(0, 475, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_agent", 1, 1, 1, i); __PYX_ERR(0, 475, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 475, __pyx_L3_error)
+    }
+    __pyx_v_username = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("userauth_agent", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 475, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.userauth_agent", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_username) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "username"); __PYX_ERR(0, 449, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "username"); __PYX_ERR(0, 475, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_96userauth_agent(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v_username));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_98userauth_agent(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_username);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_96userauth_agent(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_98userauth_agent(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username) {
   PyObject *__pyx_v_b_username = 0;
   char *__pyx_v_c_username;
   int __pyx_v_rc;
@@ -8476,114 +12598,109 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_96userauth_agent(struct __pyx_o
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_agent", 0);
 
-  /* "ssh/session.pyx":450
+  /* "ssh/session.pyx":476
  *     IF not ON_WINDOWS:
  *         def userauth_agent(self, username not None):
  *             cdef bytes b_username = to_bytes(username)             # <<<<<<<<<<<<<<
  *             cdef char *c_username = b_username
  *             cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_username); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 450, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_username); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 476, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_username = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":451
+  /* "ssh/session.pyx":477
  *         def userauth_agent(self, username not None):
  *             cdef bytes b_username = to_bytes(username)
  *             cdef char *c_username = b_username             # <<<<<<<<<<<<<<
  *             cdef int rc
  *             with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_username == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 451, __pyx_L1_error)
+    __PYX_ERR(0, 477, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_username); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 451, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_username); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 477, __pyx_L1_error)
   __pyx_v_c_username = __pyx_t_2;
 
-  /* "ssh/session.pyx":453
+  /* "ssh/session.pyx":479
  *             cdef char *c_username = b_username
  *             cdef int rc
  *             with nogil:             # <<<<<<<<<<<<<<
  *                 _check_connected(self._session)
  *                 rc = c_ssh.ssh_userauth_agent(self._session, c_username)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":454
+        /* "ssh/session.pyx":480
  *             cdef int rc
  *             with nogil:
  *                 _check_connected(self._session)             # <<<<<<<<<<<<<<
  *                 rc = c_ssh.ssh_userauth_agent(self._session, c_username)
  *             return handle_auth_error_codes(rc, self._session)
- */
-        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 454, __pyx_L4_error)
+*/
+        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 480, __pyx_L4_error)
 
-        /* "ssh/session.pyx":455
+        /* "ssh/session.pyx":481
  *             with nogil:
  *                 _check_connected(self._session)
  *                 rc = c_ssh.ssh_userauth_agent(self._session, c_username)             # <<<<<<<<<<<<<<
  *             return handle_auth_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_userauth_agent(__pyx_v_self->_session, __pyx_v_c_username);
       }
 
-      /* "ssh/session.pyx":453
+      /* "ssh/session.pyx":479
  *             cdef char *c_username = b_username
  *             cdef int rc
  *             with nogil:             # <<<<<<<<<<<<<<
  *                 _check_connected(self._session)
  *                 rc = c_ssh.ssh_userauth_agent(self._session, c_username)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":456
+  /* "ssh/session.pyx":482
  *                 _check_connected(self._session)
  *                 rc = c_ssh.ssh_userauth_agent(self._session, c_username)
  *             return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_publickey_auto(self, passphrase not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 456, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 456, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 482, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 482, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":449
+  /* "ssh/session.pyx":475
  *     # ssh_userauth_agent is excluded from libssh.h on Windows.
  *     IF not ON_WINDOWS:
  *         def userauth_agent(self, username not None):             # <<<<<<<<<<<<<<
  *             cdef bytes b_username = to_bytes(username)
  *             cdef char *c_username = b_username
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -8597,39 +12714,113 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_96userauth_agent(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":458
+/* "ssh/session.pyx":484
  *             return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_publickey_auto(self, passphrase not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_passphrase = to_bytes(passphrase)
  *         cdef char *c_passphrase = b_passphrase
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_99userauth_publickey_auto(PyObject *__pyx_v_self, PyObject *__pyx_v_passphrase); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_98userauth_publickey_auto[] = "Session.userauth_publickey_auto(self, passphrase)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_99userauth_publickey_auto(PyObject *__pyx_v_self, PyObject *__pyx_v_passphrase) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_101userauth_publickey_auto(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_100userauth_publickey_auto, "Session.userauth_publickey_auto(self, passphrase)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_101userauth_publickey_auto = {"userauth_publickey_auto", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_101userauth_publickey_auto, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_100userauth_publickey_auto};
+static PyObject *__pyx_pw_3ssh_7session_7Session_101userauth_publickey_auto(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_passphrase = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_publickey_auto (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_passphrase,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 484, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 484, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_publickey_auto", 0) < 0) __PYX_ERR(0, 484, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_publickey_auto", 1, 1, 1, i); __PYX_ERR(0, 484, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 484, __pyx_L3_error)
+    }
+    __pyx_v_passphrase = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("userauth_publickey_auto", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 484, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.userauth_publickey_auto", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_passphrase) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "passphrase"); __PYX_ERR(0, 458, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "passphrase"); __PYX_ERR(0, 484, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_98userauth_publickey_auto(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v_passphrase));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_100userauth_publickey_auto(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_passphrase);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_98userauth_publickey_auto(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_passphrase) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_100userauth_publickey_auto(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_passphrase) {
   PyObject *__pyx_v_b_passphrase = 0;
   char *__pyx_v_c_passphrase;
   int __pyx_v_rc;
@@ -8644,114 +12835,109 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_98userauth_publickey_auto(struc
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_publickey_auto", 0);
 
-  /* "ssh/session.pyx":459
+  /* "ssh/session.pyx":485
  * 
  *     def userauth_publickey_auto(self, passphrase not None):
  *         cdef bytes b_passphrase = to_bytes(passphrase)             # <<<<<<<<<<<<<<
  *         cdef char *c_passphrase = b_passphrase
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 459, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_passphrase); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 485, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_passphrase = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":460
+  /* "ssh/session.pyx":486
  *     def userauth_publickey_auto(self, passphrase not None):
  *         cdef bytes b_passphrase = to_bytes(passphrase)
  *         cdef char *c_passphrase = b_passphrase             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_passphrase == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 460, __pyx_L1_error)
+    __PYX_ERR(0, 486, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 460, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_passphrase); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 486, __pyx_L1_error)
   __pyx_v_c_passphrase = __pyx_t_2;
 
-  /* "ssh/session.pyx":462
+  /* "ssh/session.pyx":488
  *         cdef char *c_passphrase = b_passphrase
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_publickey_auto(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":463
+        /* "ssh/session.pyx":489
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_publickey_auto(
  *                 self._session, NULL, c_passphrase)
- */
-        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 463, __pyx_L4_error)
+*/
+        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 489, __pyx_L4_error)
 
-        /* "ssh/session.pyx":464
+        /* "ssh/session.pyx":490
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_publickey_auto(             # <<<<<<<<<<<<<<
  *                 self._session, NULL, c_passphrase)
  *         return handle_auth_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_userauth_publickey_auto(__pyx_v_self->_session, NULL, __pyx_v_c_passphrase);
       }
 
-      /* "ssh/session.pyx":462
+      /* "ssh/session.pyx":488
  *         cdef char *c_passphrase = b_passphrase
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_publickey_auto(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":466
+  /* "ssh/session.pyx":492
  *             rc = c_ssh.ssh_userauth_publickey_auto(
  *                 self._session, NULL, c_passphrase)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_password(self, username not None, password not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 466, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 466, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 492, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 492, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":458
+  /* "ssh/session.pyx":484
  *             return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_publickey_auto(self, passphrase not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_passphrase = to_bytes(passphrase)
  *         cdef char *c_passphrase = b_passphrase
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -8765,90 +12951,124 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_98userauth_publickey_auto(struc
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":468
+/* "ssh/session.pyx":494
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_password(self, username not None, password not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_password = to_bytes(password)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_101userauth_password(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_100userauth_password[] = "Session.userauth_password(self, username, password)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_101userauth_password(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_103userauth_password(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_102userauth_password, "Session.userauth_password(self, username, password)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_103userauth_password = {"userauth_password", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_103userauth_password, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_102userauth_password};
+static PyObject *__pyx_pw_3ssh_7session_7Session_103userauth_password(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_username = 0;
   PyObject *__pyx_v_password = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_password (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_username,&__pyx_n_s_password,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_username,&__pyx_mstate_global->__pyx_n_u_password,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 494, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 494, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 494, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_username)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_password)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("userauth_password", 1, 2, 2, 1); __PYX_ERR(0, 468, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "userauth_password") < 0)) __PYX_ERR(0, 468, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_password", 0) < 0) __PYX_ERR(0, 494, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_password", 1, 2, 2, i); __PYX_ERR(0, 494, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 494, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 494, __pyx_L3_error)
     }
     __pyx_v_username = values[0];
     __pyx_v_password = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("userauth_password", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 468, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("userauth_password", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 494, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.userauth_password", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_username) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "username"); __PYX_ERR(0, 468, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "username"); __PYX_ERR(0, 494, __pyx_L1_error)
   }
   if (unlikely(((PyObject *)__pyx_v_password) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "password"); __PYX_ERR(0, 468, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "password"); __PYX_ERR(0, 494, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_100userauth_password(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_username, __pyx_v_password);
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_102userauth_password(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_username, __pyx_v_password);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_100userauth_password(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_password) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_102userauth_password(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_password) {
   PyObject *__pyx_v_b_username = 0;
   PyObject *__pyx_v_b_password = 0;
   char *__pyx_v_c_username;
@@ -8865,140 +13085,135 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_100userauth_password(struct __p
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_password", 0);
 
-  /* "ssh/session.pyx":469
+  /* "ssh/session.pyx":495
  * 
  *     def userauth_password(self, username not None, password not None):
  *         cdef bytes b_username = to_bytes(username)             # <<<<<<<<<<<<<<
  *         cdef bytes b_password = to_bytes(password)
  *         cdef char *c_username = b_username
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_username); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 469, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_username); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 495, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_username = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":470
+  /* "ssh/session.pyx":496
  *     def userauth_password(self, username not None, password not None):
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_password = to_bytes(password)             # <<<<<<<<<<<<<<
  *         cdef char *c_username = b_username
  *         cdef char *c_password = b_password
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_password); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 470, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_password); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 496, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_password = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":471
+  /* "ssh/session.pyx":497
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_password = to_bytes(password)
  *         cdef char *c_username = b_username             # <<<<<<<<<<<<<<
  *         cdef char *c_password = b_password
  *         cdef int rc
- */
+*/
   if (unlikely(__pyx_v_b_username == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 471, __pyx_L1_error)
+    __PYX_ERR(0, 497, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_username); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 471, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_username); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 497, __pyx_L1_error)
   __pyx_v_c_username = __pyx_t_2;
 
-  /* "ssh/session.pyx":472
+  /* "ssh/session.pyx":498
  *         cdef bytes b_password = to_bytes(password)
  *         cdef char *c_username = b_username
  *         cdef char *c_password = b_password             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_password == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 472, __pyx_L1_error)
+    __PYX_ERR(0, 498, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_password); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 472, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_password); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 498, __pyx_L1_error)
   __pyx_v_c_password = __pyx_t_2;
 
-  /* "ssh/session.pyx":474
+  /* "ssh/session.pyx":500
  *         cdef char *c_password = b_password
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_password(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":475
+        /* "ssh/session.pyx":501
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_password(
  *                 self._session, c_username, c_password)
- */
-        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 475, __pyx_L4_error)
+*/
+        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 501, __pyx_L4_error)
 
-        /* "ssh/session.pyx":476
+        /* "ssh/session.pyx":502
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_password(             # <<<<<<<<<<<<<<
  *                 self._session, c_username, c_password)
  *         return handle_auth_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_userauth_password(__pyx_v_self->_session, __pyx_v_c_username, __pyx_v_c_password);
       }
 
-      /* "ssh/session.pyx":474
+      /* "ssh/session.pyx":500
  *         cdef char *c_password = b_password
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_password(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":478
+  /* "ssh/session.pyx":504
  *             rc = c_ssh.ssh_userauth_password(
  *                 self._session, c_username, c_password)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint(self, username not None, submethods not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 478, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 478, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 504, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 504, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":468
+  /* "ssh/session.pyx":494
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_password(self, username not None, password not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_password = to_bytes(password)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9013,90 +13228,124 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_100userauth_password(struct __p
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":480
+/* "ssh/session.pyx":506
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_kbdint(self, username not None, submethods not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_submethods = to_bytes(submethods)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_103userauth_kbdint(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_102userauth_kbdint[] = "Session.userauth_kbdint(self, username, submethods)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_103userauth_kbdint(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_105userauth_kbdint(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_104userauth_kbdint, "Session.userauth_kbdint(self, username, submethods)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_105userauth_kbdint = {"userauth_kbdint", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_105userauth_kbdint, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_104userauth_kbdint};
+static PyObject *__pyx_pw_3ssh_7session_7Session_105userauth_kbdint(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_username = 0;
   PyObject *__pyx_v_submethods = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_username,&__pyx_n_s_submethods,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_username,&__pyx_mstate_global->__pyx_n_u_submethods,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 506, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 506, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 506, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_username)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_submethods)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("userauth_kbdint", 1, 2, 2, 1); __PYX_ERR(0, 480, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "userauth_kbdint") < 0)) __PYX_ERR(0, 480, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_kbdint", 0) < 0) __PYX_ERR(0, 506, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint", 1, 2, 2, i); __PYX_ERR(0, 506, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 506, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 506, __pyx_L3_error)
     }
     __pyx_v_username = values[0];
     __pyx_v_submethods = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("userauth_kbdint", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 480, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("userauth_kbdint", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 506, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.userauth_kbdint", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_username) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "username"); __PYX_ERR(0, 480, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "username"); __PYX_ERR(0, 506, __pyx_L1_error)
   }
   if (unlikely(((PyObject *)__pyx_v_submethods) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "submethods"); __PYX_ERR(0, 480, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "submethods"); __PYX_ERR(0, 506, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_102userauth_kbdint(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_username, __pyx_v_submethods);
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_104userauth_kbdint(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_username, __pyx_v_submethods);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_102userauth_kbdint(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_submethods) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_104userauth_kbdint(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, PyObject *__pyx_v_username, PyObject *__pyx_v_submethods) {
   PyObject *__pyx_v_b_username = 0;
   PyObject *__pyx_v_b_submethods = 0;
   char *__pyx_v_c_username;
@@ -9113,140 +13362,135 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_102userauth_kbdint(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint", 0);
 
-  /* "ssh/session.pyx":481
+  /* "ssh/session.pyx":507
  * 
  *     def userauth_kbdint(self, username not None, submethods not None):
  *         cdef bytes b_username = to_bytes(username)             # <<<<<<<<<<<<<<
  *         cdef bytes b_submethods = to_bytes(submethods)
  *         cdef char *c_username = b_username
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_username); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 481, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_username); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 507, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_username = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":482
+  /* "ssh/session.pyx":508
  *     def userauth_kbdint(self, username not None, submethods not None):
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_submethods = to_bytes(submethods)             # <<<<<<<<<<<<<<
  *         cdef char *c_username = b_username
  *         cdef char *c_submethods = b_submethods
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_submethods); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 482, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_submethods); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 508, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_submethods = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":483
+  /* "ssh/session.pyx":509
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_submethods = to_bytes(submethods)
  *         cdef char *c_username = b_username             # <<<<<<<<<<<<<<
  *         cdef char *c_submethods = b_submethods
  *         cdef int rc
- */
+*/
   if (unlikely(__pyx_v_b_username == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 483, __pyx_L1_error)
+    __PYX_ERR(0, 509, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_username); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 483, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_username); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 509, __pyx_L1_error)
   __pyx_v_c_username = __pyx_t_2;
 
-  /* "ssh/session.pyx":484
+  /* "ssh/session.pyx":510
  *         cdef bytes b_submethods = to_bytes(submethods)
  *         cdef char *c_username = b_username
  *         cdef char *c_submethods = b_submethods             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_submethods == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 484, __pyx_L1_error)
+    __PYX_ERR(0, 510, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_submethods); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 484, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_submethods); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 510, __pyx_L1_error)
   __pyx_v_c_submethods = __pyx_t_2;
 
-  /* "ssh/session.pyx":486
+  /* "ssh/session.pyx":512
  *         cdef char *c_submethods = b_submethods
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":487
+        /* "ssh/session.pyx":513
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_kbdint(
  *                 self._session, c_username, c_submethods)
- */
-        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 487, __pyx_L4_error)
+*/
+        __pyx_t_3 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 513, __pyx_L4_error)
 
-        /* "ssh/session.pyx":488
+        /* "ssh/session.pyx":514
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint(             # <<<<<<<<<<<<<<
  *                 self._session, c_username, c_submethods)
  *         return handle_auth_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_userauth_kbdint(__pyx_v_self->_session, __pyx_v_c_username, __pyx_v_c_submethods);
       }
 
-      /* "ssh/session.pyx":486
+      /* "ssh/session.pyx":512
  *         cdef char *c_submethods = b_submethods
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":490
+  /* "ssh/session.pyx":516
  *             rc = c_ssh.ssh_userauth_kbdint(
  *                 self._session, c_username, c_submethods)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_getinstruction(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 490, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 490, __pyx_L1_error)
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 516, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 516, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":480
+  /* "ssh/session.pyx":506
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_kbdint(self, username not None, submethods not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_username = to_bytes(username)
  *         cdef bytes b_submethods = to_bytes(submethods)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9261,29 +13505,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_102userauth_kbdint(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":492
+/* "ssh/session.pyx":518
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_kbdint_getinstruction(self):             # <<<<<<<<<<<<<<
  *         cdef bytes b_instruction
  *         cdef const_char *_instruction
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_105userauth_kbdint_getinstruction(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_104userauth_kbdint_getinstruction[] = "Session.userauth_kbdint_getinstruction(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_105userauth_kbdint_getinstruction(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getinstruction(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_106userauth_kbdint_getinstruction, "Session.userauth_kbdint_getinstruction(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_107userauth_kbdint_getinstruction = {"userauth_kbdint_getinstruction", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getinstruction, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_106userauth_kbdint_getinstruction};
+static PyObject *__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getinstruction(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_getinstruction (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_104userauth_kbdint_getinstruction(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getinstruction", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_kbdint_getinstruction", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getinstruction(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_104userauth_kbdint_getinstruction(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getinstruction(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_v_b_instruction = 0;
   const char *__pyx_v__instruction;
   PyObject *__pyx_r = NULL;
@@ -9295,98 +13568,93 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_104userauth_kbdint_getinstructi
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_getinstruction", 0);
 
-  /* "ssh/session.pyx":495
+  /* "ssh/session.pyx":521
  *         cdef bytes b_instruction
  *         cdef const_char *_instruction
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":496
+        /* "ssh/session.pyx":522
  *         cdef const_char *_instruction
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(
  *                 self._session)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 496, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 522, __pyx_L4_error)
 
-        /* "ssh/session.pyx":497
+        /* "ssh/session.pyx":523
  *         with nogil:
  *             _check_connected(self._session)
  *             _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(             # <<<<<<<<<<<<<<
  *                 self._session)
  *         b_instruction = to_str(<char *>_instruction)
- */
+*/
         __pyx_v__instruction = ssh_userauth_kbdint_getinstruction(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":495
+      /* "ssh/session.pyx":521
  *         cdef bytes b_instruction
  *         cdef const_char *_instruction
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":499
+  /* "ssh/session.pyx":525
  *             _instruction = c_ssh.ssh_userauth_kbdint_getinstruction(
  *                 self._session)
  *         b_instruction = to_str(<char *>_instruction)             # <<<<<<<<<<<<<<
  *         return b_instruction
  * 
- */
-  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(((char *)__pyx_v__instruction)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 499, __pyx_L1_error)
+*/
+  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(((char *)__pyx_v__instruction)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 525, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "bytes", Py_TYPE(__pyx_t_2)->tp_name), 0))) __PYX_ERR(0, 499, __pyx_L1_error)
+  if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_t_2))) __PYX_ERR(0, 525, __pyx_L1_error)
   __pyx_v_b_instruction = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":500
+  /* "ssh/session.pyx":526
  *                 self._session)
  *         b_instruction = to_str(<char *>_instruction)
  *         return b_instruction             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_getname(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_instruction);
   __pyx_r = __pyx_v_b_instruction;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":492
+  /* "ssh/session.pyx":518
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_kbdint_getinstruction(self):             # <<<<<<<<<<<<<<
  *         cdef bytes b_instruction
  *         cdef const_char *_instruction
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9400,29 +13668,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_104userauth_kbdint_getinstructi
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":502
+/* "ssh/session.pyx":528
  *         return b_instruction
  * 
  *     def userauth_kbdint_getname(self):             # <<<<<<<<<<<<<<
  *         cdef bytes b_name
  *         cdef const_char *_name
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getname(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_106userauth_kbdint_getname[] = "Session.userauth_kbdint_getname(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getname(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getname(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_108userauth_kbdint_getname, "Session.userauth_kbdint_getname(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_109userauth_kbdint_getname = {"userauth_kbdint_getname", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getname, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_108userauth_kbdint_getname};
+static PyObject *__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getname(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_getname (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getname(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getname", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_kbdint_getname", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getname(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getname(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getname(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_v_b_name = 0;
   const char *__pyx_v__name;
   PyObject *__pyx_r = NULL;
@@ -9434,98 +13731,93 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getname(stru
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_getname", 0);
 
-  /* "ssh/session.pyx":505
+  /* "ssh/session.pyx":531
  *         cdef bytes b_name
  *         cdef const_char *_name
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _name = c_ssh.ssh_userauth_kbdint_getname(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":506
+        /* "ssh/session.pyx":532
  *         cdef const_char *_name
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _name = c_ssh.ssh_userauth_kbdint_getname(self._session)
  *         b_name = to_str(<char *>_name)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 506, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 532, __pyx_L4_error)
 
-        /* "ssh/session.pyx":507
+        /* "ssh/session.pyx":533
  *         with nogil:
  *             _check_connected(self._session)
  *             _name = c_ssh.ssh_userauth_kbdint_getname(self._session)             # <<<<<<<<<<<<<<
  *         b_name = to_str(<char *>_name)
  *         return b_name
- */
+*/
         __pyx_v__name = ssh_userauth_kbdint_getname(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":505
+      /* "ssh/session.pyx":531
  *         cdef bytes b_name
  *         cdef const_char *_name
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _name = c_ssh.ssh_userauth_kbdint_getname(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":508
+  /* "ssh/session.pyx":534
  *             _check_connected(self._session)
  *             _name = c_ssh.ssh_userauth_kbdint_getname(self._session)
  *         b_name = to_str(<char *>_name)             # <<<<<<<<<<<<<<
  *         return b_name
  * 
- */
-  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(((char *)__pyx_v__name)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 508, __pyx_L1_error)
+*/
+  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(((char *)__pyx_v__name)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 534, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "bytes", Py_TYPE(__pyx_t_2)->tp_name), 0))) __PYX_ERR(0, 508, __pyx_L1_error)
+  if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_t_2))) __PYX_ERR(0, 534, __pyx_L1_error)
   __pyx_v_b_name = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":509
+  /* "ssh/session.pyx":535
  *             _name = c_ssh.ssh_userauth_kbdint_getname(self._session)
  *         b_name = to_str(<char *>_name)
  *         return b_name             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_getnprompts(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_name);
   __pyx_r = __pyx_v_b_name;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":502
+  /* "ssh/session.pyx":528
  *         return b_instruction
  * 
  *     def userauth_kbdint_getname(self):             # <<<<<<<<<<<<<<
  *         cdef bytes b_name
  *         cdef const_char *_name
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9539,29 +13831,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_106userauth_kbdint_getname(stru
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":511
+/* "ssh/session.pyx":537
  *         return b_name
  * 
  *     def userauth_kbdint_getnprompts(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getnprompts(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_108userauth_kbdint_getnprompts[] = "Session.userauth_kbdint_getnprompts(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getnprompts(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getnprompts(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_110userauth_kbdint_getnprompts, "Session.userauth_kbdint_getnprompts(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_111userauth_kbdint_getnprompts = {"userauth_kbdint_getnprompts", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getnprompts, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_110userauth_kbdint_getnprompts};
+static PyObject *__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getnprompts(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_getnprompts (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getnprompts(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getnprompts", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_kbdint_getnprompts", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getnprompts(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getnprompts(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getnprompts(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -9572,87 +13893,82 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getnprompts(
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_getnprompts", 0);
 
-  /* "ssh/session.pyx":513
+  /* "ssh/session.pyx":539
  *     def userauth_kbdint_getnprompts(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnprompts(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":514
+        /* "ssh/session.pyx":540
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_kbdint_getnprompts(self._session)
  *         return rc
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 514, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 540, __pyx_L4_error)
 
-        /* "ssh/session.pyx":515
+        /* "ssh/session.pyx":541
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnprompts(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_userauth_kbdint_getnprompts(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":513
+      /* "ssh/session.pyx":539
  *     def userauth_kbdint_getnprompts(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnprompts(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":516
+  /* "ssh/session.pyx":542
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnprompts(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_getprompt(self, unsigned int i, bytes echo not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 516, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 542, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":511
+  /* "ssh/session.pyx":537
  *         return b_name
  * 
  *     def userauth_kbdint_getnprompts(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9665,85 +13981,119 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_108userauth_kbdint_getnprompts(
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":518
+/* "ssh/session.pyx":544
  *         return rc
  * 
  *     def userauth_kbdint_getprompt(self, unsigned int i, bytes echo not None):             # <<<<<<<<<<<<<<
  *         cdef const_char *_prompt
  *         cdef bytes b_prompt
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getprompt(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_110userauth_kbdint_getprompt[] = "Session.userauth_kbdint_getprompt(self, unsigned int i, bytes echo)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getprompt(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getprompt(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_112userauth_kbdint_getprompt, "Session.userauth_kbdint_getprompt(self, unsigned int i, bytes echo)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_113userauth_kbdint_getprompt = {"userauth_kbdint_getprompt", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getprompt, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_112userauth_kbdint_getprompt};
+static PyObject *__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getprompt(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   unsigned int __pyx_v_i;
   PyObject *__pyx_v_echo = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_getprompt (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_i,&__pyx_n_s_echo,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_i,&__pyx_mstate_global->__pyx_n_u_echo,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 544, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 544, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 544, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_i)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_echo)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getprompt", 1, 2, 2, 1); __PYX_ERR(0, 518, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "userauth_kbdint_getprompt") < 0)) __PYX_ERR(0, 518, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_kbdint_getprompt", 0) < 0) __PYX_ERR(0, 544, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getprompt", 1, 2, 2, i); __PYX_ERR(0, 544, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 544, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 544, __pyx_L3_error)
     }
-    __pyx_v_i = __Pyx_PyInt_As_unsigned_int(values[0]); if (unlikely((__pyx_v_i == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 518, __pyx_L3_error)
+    __pyx_v_i = __Pyx_PyLong_As_unsigned_int(values[0]); if (unlikely((__pyx_v_i == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 544, __pyx_L3_error)
     __pyx_v_echo = ((PyObject*)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getprompt", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 518, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getprompt", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 544, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.userauth_kbdint_getprompt", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_echo), (&PyBytes_Type), 0, "echo", 1))) __PYX_ERR(0, 518, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getprompt(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_i, __pyx_v_echo);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_echo), (&PyBytes_Type), 0, "echo", 1))) __PYX_ERR(0, 544, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getprompt(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_i, __pyx_v_echo);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getprompt(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_echo) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getprompt(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_echo) {
   const char *__pyx_v__prompt;
   PyObject *__pyx_v_b_prompt = 0;
   char *__pyx_v_c_echo;
@@ -9757,107 +14107,102 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getprompt(st
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_getprompt", 0);
 
-  /* "ssh/session.pyx":521
+  /* "ssh/session.pyx":547
  *         cdef const_char *_prompt
  *         cdef bytes b_prompt
  *         cdef char *c_echo = echo             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _check_connected(self._session)
- */
-  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_echo); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 521, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_echo); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 547, __pyx_L1_error)
   __pyx_v_c_echo = __pyx_t_1;
 
-  /* "ssh/session.pyx":522
+  /* "ssh/session.pyx":548
  *         cdef bytes b_prompt
  *         cdef char *c_echo = echo
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _prompt = c_ssh.ssh_userauth_kbdint_getprompt(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":523
+        /* "ssh/session.pyx":549
  *         cdef char *c_echo = echo
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _prompt = c_ssh.ssh_userauth_kbdint_getprompt(
  *                 self._session, i, c_echo)
- */
-        __pyx_t_2 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 523, __pyx_L4_error)
+*/
+        __pyx_t_2 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 549, __pyx_L4_error)
 
-        /* "ssh/session.pyx":524
+        /* "ssh/session.pyx":550
  *         with nogil:
  *             _check_connected(self._session)
  *             _prompt = c_ssh.ssh_userauth_kbdint_getprompt(             # <<<<<<<<<<<<<<
  *                 self._session, i, c_echo)
  *         b_prompt = _prompt
- */
+*/
         __pyx_v__prompt = ssh_userauth_kbdint_getprompt(__pyx_v_self->_session, __pyx_v_i, __pyx_v_c_echo);
       }
 
-      /* "ssh/session.pyx":522
+      /* "ssh/session.pyx":548
  *         cdef bytes b_prompt
  *         cdef char *c_echo = echo
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _prompt = c_ssh.ssh_userauth_kbdint_getprompt(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":526
+  /* "ssh/session.pyx":552
  *             _prompt = c_ssh.ssh_userauth_kbdint_getprompt(
  *                 self._session, i, c_echo)
  *         b_prompt = _prompt             # <<<<<<<<<<<<<<
  *         return b_prompt
  * 
- */
-  __pyx_t_3 = __Pyx_PyBytes_FromString(__pyx_v__prompt); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 526, __pyx_L1_error)
+*/
+  __pyx_t_3 = __Pyx_PyBytes_FromString(__pyx_v__prompt); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 552, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_v_b_prompt = ((PyObject*)__pyx_t_3);
   __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":527
+  /* "ssh/session.pyx":553
  *                 self._session, i, c_echo)
  *         b_prompt = _prompt
  *         return b_prompt             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_getnanswers(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_prompt);
   __pyx_r = __pyx_v_b_prompt;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":518
+  /* "ssh/session.pyx":544
  *         return rc
  * 
  *     def userauth_kbdint_getprompt(self, unsigned int i, bytes echo not None):             # <<<<<<<<<<<<<<
  *         cdef const_char *_prompt
  *         cdef bytes b_prompt
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9871,29 +14216,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_110userauth_kbdint_getprompt(st
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":529
+/* "ssh/session.pyx":555
  *         return b_prompt
  * 
  *     def userauth_kbdint_getnanswers(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getnanswers(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_112userauth_kbdint_getnanswers[] = "Session.userauth_kbdint_getnanswers(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getnanswers(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getnanswers(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_114userauth_kbdint_getnanswers, "Session.userauth_kbdint_getnanswers(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_115userauth_kbdint_getnanswers = {"userauth_kbdint_getnanswers", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getnanswers, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_114userauth_kbdint_getnanswers};
+static PyObject *__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getnanswers(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_getnanswers (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getnanswers(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getnanswers", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_kbdint_getnanswers", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getnanswers(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getnanswers(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getnanswers(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -9904,87 +14278,82 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getnanswers(
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_getnanswers", 0);
 
-  /* "ssh/session.pyx":531
+  /* "ssh/session.pyx":557
  *     def userauth_kbdint_getnanswers(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnanswers(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":532
+        /* "ssh/session.pyx":558
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_kbdint_getnanswers(self._session)
  *         return rc
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 532, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 558, __pyx_L4_error)
 
-        /* "ssh/session.pyx":533
+        /* "ssh/session.pyx":559
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnanswers(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_userauth_kbdint_getnanswers(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":531
+      /* "ssh/session.pyx":557
  *     def userauth_kbdint_getnanswers(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnanswers(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":534
+  /* "ssh/session.pyx":560
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_getnanswers(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_getanswer(self, unsigned int i):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 534, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 560, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":529
+  /* "ssh/session.pyx":555
  *         return b_prompt
  * 
  *     def userauth_kbdint_getnanswers(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -9997,42 +14366,101 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_112userauth_kbdint_getnanswers(
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":536
+/* "ssh/session.pyx":562
  *         return rc
  * 
  *     def userauth_kbdint_getanswer(self, unsigned int i):             # <<<<<<<<<<<<<<
  *         cdef const_char *_answer
  *         cdef bytes b_answer
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getanswer(PyObject *__pyx_v_self, PyObject *__pyx_arg_i); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_114userauth_kbdint_getanswer[] = "Session.userauth_kbdint_getanswer(self, unsigned int i)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getanswer(PyObject *__pyx_v_self, PyObject *__pyx_arg_i) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_getanswer(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_116userauth_kbdint_getanswer, "Session.userauth_kbdint_getanswer(self, unsigned int i)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_117userauth_kbdint_getanswer = {"userauth_kbdint_getanswer", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_getanswer, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_116userauth_kbdint_getanswer};
+static PyObject *__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_getanswer(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   unsigned int __pyx_v_i;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_getanswer (wrapper)", 0);
-  assert(__pyx_arg_i); {
-    __pyx_v_i = __Pyx_PyInt_As_unsigned_int(__pyx_arg_i); if (unlikely((__pyx_v_i == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 536, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_i,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 562, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 562, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_kbdint_getanswer", 0) < 0) __PYX_ERR(0, 562, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getanswer", 1, 1, 1, i); __PYX_ERR(0, 562, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 562, __pyx_L3_error)
+    }
+    __pyx_v_i = __Pyx_PyLong_As_unsigned_int(values[0]); if (unlikely((__pyx_v_i == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 562, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("userauth_kbdint_getanswer", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 562, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.userauth_kbdint_getanswer", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getanswer(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((unsigned int)__pyx_v_i));
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_116userauth_kbdint_getanswer(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_i);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_116userauth_kbdint_getanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i) {
   const char *__pyx_v__answer;
   PyObject *__pyx_v_b_answer = 0;
   PyObject *__pyx_r = NULL;
@@ -10044,97 +14472,92 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getanswer(st
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_getanswer", 0);
 
-  /* "ssh/session.pyx":539
+  /* "ssh/session.pyx":565
  *         cdef const_char *_answer
  *         cdef bytes b_answer
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _answer = c_ssh.ssh_userauth_kbdint_getanswer(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":540
+        /* "ssh/session.pyx":566
  *         cdef bytes b_answer
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             _answer = c_ssh.ssh_userauth_kbdint_getanswer(
  *                 self._session, i)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 540, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 566, __pyx_L4_error)
 
-        /* "ssh/session.pyx":541
+        /* "ssh/session.pyx":567
  *         with nogil:
  *             _check_connected(self._session)
  *             _answer = c_ssh.ssh_userauth_kbdint_getanswer(             # <<<<<<<<<<<<<<
  *                 self._session, i)
  *         b_answer = _answer
- */
+*/
         __pyx_v__answer = ssh_userauth_kbdint_getanswer(__pyx_v_self->_session, __pyx_v_i);
       }
 
-      /* "ssh/session.pyx":539
+      /* "ssh/session.pyx":565
  *         cdef const_char *_answer
  *         cdef bytes b_answer
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             _answer = c_ssh.ssh_userauth_kbdint_getanswer(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":543
+  /* "ssh/session.pyx":569
  *             _answer = c_ssh.ssh_userauth_kbdint_getanswer(
  *                 self._session, i)
  *         b_answer = _answer             # <<<<<<<<<<<<<<
  *         return b_answer
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__answer); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 543, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__answer); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 569, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_answer = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":544
+  /* "ssh/session.pyx":570
  *                 self._session, i)
  *         b_answer = _answer
  *         return b_answer             # <<<<<<<<<<<<<<
  * 
  *     def userauth_kbdint_setanswer(self, unsigned int i, bytes answer not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_answer);
   __pyx_r = __pyx_v_b_answer;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":536
+  /* "ssh/session.pyx":562
  *         return rc
  * 
  *     def userauth_kbdint_getanswer(self, unsigned int i):             # <<<<<<<<<<<<<<
  *         cdef const_char *_answer
  *         cdef bytes b_answer
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -10148,85 +14571,119 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_114userauth_kbdint_getanswer(st
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":546
+/* "ssh/session.pyx":572
  *         return b_answer
  * 
  *     def userauth_kbdint_setanswer(self, unsigned int i, bytes answer not None):             # <<<<<<<<<<<<<<
  *         cdef char *c_answer = answer
  *         cdef int rc
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_setanswer(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_116userauth_kbdint_setanswer[] = "Session.userauth_kbdint_setanswer(self, unsigned int i, bytes answer)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_setanswer(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_119userauth_kbdint_setanswer(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_118userauth_kbdint_setanswer, "Session.userauth_kbdint_setanswer(self, unsigned int i, bytes answer)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_119userauth_kbdint_setanswer = {"userauth_kbdint_setanswer", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_119userauth_kbdint_setanswer, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_118userauth_kbdint_setanswer};
+static PyObject *__pyx_pw_3ssh_7session_7Session_119userauth_kbdint_setanswer(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   unsigned int __pyx_v_i;
   PyObject *__pyx_v_answer = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_kbdint_setanswer (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_i,&__pyx_n_s_answer,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_i,&__pyx_mstate_global->__pyx_n_u_answer,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 572, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 572, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 572, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_i)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_answer)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("userauth_kbdint_setanswer", 1, 2, 2, 1); __PYX_ERR(0, 546, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "userauth_kbdint_setanswer") < 0)) __PYX_ERR(0, 546, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "userauth_kbdint_setanswer", 0) < 0) __PYX_ERR(0, 572, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("userauth_kbdint_setanswer", 1, 2, 2, i); __PYX_ERR(0, 572, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 572, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 572, __pyx_L3_error)
     }
-    __pyx_v_i = __Pyx_PyInt_As_unsigned_int(values[0]); if (unlikely((__pyx_v_i == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 546, __pyx_L3_error)
+    __pyx_v_i = __Pyx_PyLong_As_unsigned_int(values[0]); if (unlikely((__pyx_v_i == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 572, __pyx_L3_error)
     __pyx_v_answer = ((PyObject*)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("userauth_kbdint_setanswer", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 546, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("userauth_kbdint_setanswer", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 572, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.userauth_kbdint_setanswer", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_answer), (&PyBytes_Type), 0, "answer", 1))) __PYX_ERR(0, 546, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_116userauth_kbdint_setanswer(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_i, __pyx_v_answer);
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_answer), (&PyBytes_Type), 0, "answer", 1))) __PYX_ERR(0, 572, __pyx_L1_error)
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_118userauth_kbdint_setanswer(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_i, __pyx_v_answer);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_116userauth_kbdint_setanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_answer) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_118userauth_kbdint_setanswer(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, unsigned int __pyx_v_i, PyObject *__pyx_v_answer) {
   char *__pyx_v_c_answer;
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
@@ -10240,98 +14697,93 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_116userauth_kbdint_setanswer(st
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_kbdint_setanswer", 0);
 
-  /* "ssh/session.pyx":547
+  /* "ssh/session.pyx":573
  * 
  *     def userauth_kbdint_setanswer(self, unsigned int i, bytes answer not None):
  *         cdef char *c_answer = answer             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
-  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_answer); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 547, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyBytes_AsWritableString(__pyx_v_answer); if (unlikely((!__pyx_t_1) && PyErr_Occurred())) __PYX_ERR(0, 573, __pyx_L1_error)
   __pyx_v_c_answer = __pyx_t_1;
 
-  /* "ssh/session.pyx":549
+  /* "ssh/session.pyx":575
  *         cdef char *c_answer = answer
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_setanswer(
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":550
+        /* "ssh/session.pyx":576
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_kbdint_setanswer(
  *                 self._session, i, <const_char *>(c_answer))
- */
-        __pyx_t_2 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 550, __pyx_L4_error)
+*/
+        __pyx_t_2 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 576, __pyx_L4_error)
 
-        /* "ssh/session.pyx":551
+        /* "ssh/session.pyx":577
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_setanswer(             # <<<<<<<<<<<<<<
  *                 self._session, i, <const_char *>(c_answer))
  *         return handle_auth_error_codes(rc, self._session)
- */
+*/
         __pyx_v_rc = ssh_userauth_kbdint_setanswer(__pyx_v_self->_session, __pyx_v_i, ((const char *)__pyx_v_c_answer));
       }
 
-      /* "ssh/session.pyx":549
+      /* "ssh/session.pyx":575
  *         cdef char *c_answer = answer
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_kbdint_setanswer(
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":553
+  /* "ssh/session.pyx":579
  *             rc = c_ssh.ssh_userauth_kbdint_setanswer(
  *                 self._session, i, <const_char *>(c_answer))
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def userauth_gssapi(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 553, __pyx_L1_error)
-  __pyx_t_4 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 553, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 579, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 579, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
   __pyx_r = __pyx_t_4;
   __pyx_t_4 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":546
+  /* "ssh/session.pyx":572
  *         return b_answer
  * 
  *     def userauth_kbdint_setanswer(self, unsigned int i, bytes answer not None):             # <<<<<<<<<<<<<<
  *         cdef char *c_answer = answer
  *         cdef int rc
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -10344,29 +14796,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_116userauth_kbdint_setanswer(st
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":555
+/* "ssh/session.pyx":581
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_gssapi(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_119userauth_gssapi(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_118userauth_gssapi[] = "Session.userauth_gssapi(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_119userauth_gssapi(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_121userauth_gssapi(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_120userauth_gssapi, "Session.userauth_gssapi(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_121userauth_gssapi = {"userauth_gssapi", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_121userauth_gssapi, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_120userauth_gssapi};
+static PyObject *__pyx_pw_3ssh_7session_7Session_121userauth_gssapi(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("userauth_gssapi (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_118userauth_gssapi(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("userauth_gssapi", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("userauth_gssapi", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_120userauth_gssapi(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_118userauth_gssapi(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_120userauth_gssapi(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -10378,88 +14859,83 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_118userauth_gssapi(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("userauth_gssapi", 0);
 
-  /* "ssh/session.pyx":557
+  /* "ssh/session.pyx":583
  *     def userauth_gssapi(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_gssapi(self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":558
+        /* "ssh/session.pyx":584
  *         cdef int rc
  *         with nogil:
  *             _check_connected(self._session)             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_userauth_gssapi(self._session)
  *         return handle_auth_error_codes(rc, self._session)
- */
-        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 558, __pyx_L4_error)
+*/
+        __pyx_t_1 = __pyx_f_3ssh_7session__check_connected(__pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 584, __pyx_L4_error)
 
-        /* "ssh/session.pyx":559
+        /* "ssh/session.pyx":585
  *         with nogil:
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_gssapi(self._session)             # <<<<<<<<<<<<<<
  *         return handle_auth_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_userauth_gssapi(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":557
+      /* "ssh/session.pyx":583
  *     def userauth_gssapi(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_gssapi(self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":560
+  /* "ssh/session.pyx":586
  *             _check_connected(self._session)
  *             rc = c_ssh.ssh_userauth_gssapi(self._session)
  *         return handle_auth_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def write_knownhost(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 560, __pyx_L1_error)
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 560, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_handle_auth_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_2 == ((int)-1))) __PYX_ERR(0, 586, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyLong_From_int(__pyx_t_2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 586, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_3);
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":555
+  /* "ssh/session.pyx":581
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def userauth_gssapi(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -10472,29 +14948,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_118userauth_gssapi(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":562
+/* "ssh/session.pyx":588
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def write_knownhost(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_121write_knownhost(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_120write_knownhost[] = "Session.write_knownhost(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_121write_knownhost(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_123write_knownhost(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_122write_knownhost, "Session.write_knownhost(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_123write_knownhost = {"write_knownhost", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_123write_knownhost, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_122write_knownhost};
+static PyObject *__pyx_pw_3ssh_7session_7Session_123write_knownhost(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("write_knownhost (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_120write_knownhost(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("write_knownhost", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("write_knownhost", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_122write_knownhost(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_120write_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_122write_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -10505,72 +15010,69 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_120write_knownhost(struct __pyx
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("write_knownhost", 0);
 
-  /* "ssh/session.pyx":564
+  /* "ssh/session.pyx":590
  *     def write_knownhost(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_write_knownhost(self._session)
  *         return handle_error_codes(rc, self._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":565
+        /* "ssh/session.pyx":591
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_write_knownhost(self._session)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self._session)
  * 
- */
+*/
         __pyx_v_rc = ssh_write_knownhost(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":564
+      /* "ssh/session.pyx":590
  *     def write_knownhost(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_write_knownhost(self._session)
  *         return handle_error_codes(rc, self._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":566
+  /* "ssh/session.pyx":592
  *         with nogil:
  *             rc = c_ssh.ssh_write_knownhost(self._session)
  *         return handle_error_codes(rc, self._session)             # <<<<<<<<<<<<<<
  * 
  *     def dump_knownhost(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 566, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 566, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 592, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 592, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":562
+  /* "ssh/session.pyx":588
  *         return handle_auth_error_codes(rc, self._session)
  * 
  *     def write_knownhost(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -10583,29 +15085,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_120write_knownhost(struct __pyx
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":568
+/* "ssh/session.pyx":594
  *         return handle_error_codes(rc, self._session)
  * 
  *     def dump_knownhost(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_known_host
  *         cdef bytes b_known_host
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_123dump_knownhost(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_122dump_knownhost[] = "Session.dump_knownhost(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_123dump_knownhost(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_125dump_knownhost(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_124dump_knownhost, "Session.dump_knownhost(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_125dump_knownhost = {"dump_knownhost", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_125dump_knownhost, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_124dump_knownhost};
+static PyObject *__pyx_pw_3ssh_7session_7Session_125dump_knownhost(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("dump_knownhost (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_122dump_knownhost(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("dump_knownhost", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("dump_knownhost", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_124dump_knownhost(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_122dump_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_124dump_knownhost(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__known_host;
   PyObject *__pyx_v_b_known_host = 0;
   PyObject *__pyx_r = NULL;
@@ -10617,111 +15148,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_122dump_knownhost(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("dump_knownhost", 0);
 
-  /* "ssh/session.pyx":571
+  /* "ssh/session.pyx":597
  *         cdef const_char *_known_host
  *         cdef bytes b_known_host
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _known_host = c_ssh.ssh_dump_knownhost(self._session)
  *         if _known_host is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":572
+        /* "ssh/session.pyx":598
  *         cdef bytes b_known_host
  *         with nogil:
  *             _known_host = c_ssh.ssh_dump_knownhost(self._session)             # <<<<<<<<<<<<<<
  *         if _known_host is NULL:
  *             return
- */
+*/
         __pyx_v__known_host = ssh_dump_knownhost(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":571
+      /* "ssh/session.pyx":597
  *         cdef const_char *_known_host
  *         cdef bytes b_known_host
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _known_host = c_ssh.ssh_dump_knownhost(self._session)
  *         if _known_host is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":573
+  /* "ssh/session.pyx":599
  *         with nogil:
  *             _known_host = c_ssh.ssh_dump_knownhost(self._session)
  *         if _known_host is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         b_known_host = _known_host
- */
-  __pyx_t_1 = ((__pyx_v__known_host == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__known_host == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":574
+    /* "ssh/session.pyx":600
  *             _known_host = c_ssh.ssh_dump_knownhost(self._session)
  *         if _known_host is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         b_known_host = _known_host
  *         return b_known_host
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":573
+    /* "ssh/session.pyx":599
  *         with nogil:
  *             _known_host = c_ssh.ssh_dump_knownhost(self._session)
  *         if _known_host is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         b_known_host = _known_host
- */
+*/
   }
 
-  /* "ssh/session.pyx":575
+  /* "ssh/session.pyx":601
  *         if _known_host is NULL:
  *             return
  *         b_known_host = _known_host             # <<<<<<<<<<<<<<
  *         return b_known_host
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__known_host); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 575, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__known_host); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 601, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_known_host = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":576
+  /* "ssh/session.pyx":602
  *             return
  *         b_known_host = _known_host
  *         return b_known_host             # <<<<<<<<<<<<<<
  * 
  *     def get_clientbanner(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_known_host);
   __pyx_r = __pyx_v_b_known_host;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":568
+  /* "ssh/session.pyx":594
  *         return handle_error_codes(rc, self._session)
  * 
  *     def dump_knownhost(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_known_host
  *         cdef bytes b_known_host
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -10735,29 +15263,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_122dump_knownhost(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":578
+/* "ssh/session.pyx":604
  *         return b_known_host
  * 
  *     def get_clientbanner(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_banner
  *         cdef bytes banner
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_125get_clientbanner(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_124get_clientbanner[] = "Session.get_clientbanner(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_125get_clientbanner(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_127get_clientbanner(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_126get_clientbanner, "Session.get_clientbanner(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_127get_clientbanner = {"get_clientbanner", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_127get_clientbanner, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_126get_clientbanner};
+static PyObject *__pyx_pw_3ssh_7session_7Session_127get_clientbanner(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_clientbanner (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_124get_clientbanner(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_clientbanner", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_clientbanner", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_126get_clientbanner(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_124get_clientbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_126get_clientbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__banner;
   PyObject *__pyx_v_banner = 0;
   PyObject *__pyx_r = NULL;
@@ -10769,111 +15326,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_124get_clientbanner(struct __py
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_clientbanner", 0);
 
-  /* "ssh/session.pyx":581
+  /* "ssh/session.pyx":607
  *         cdef const_char *_banner
  *         cdef bytes banner
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _banner = c_ssh.ssh_get_clientbanner(self._session)
  *         if _banner is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":582
+        /* "ssh/session.pyx":608
  *         cdef bytes banner
  *         with nogil:
  *             _banner = c_ssh.ssh_get_clientbanner(self._session)             # <<<<<<<<<<<<<<
  *         if _banner is NULL:
  *             return
- */
+*/
         __pyx_v__banner = ssh_get_clientbanner(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":581
+      /* "ssh/session.pyx":607
  *         cdef const_char *_banner
  *         cdef bytes banner
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _banner = c_ssh.ssh_get_clientbanner(self._session)
  *         if _banner is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":583
+  /* "ssh/session.pyx":609
  *         with nogil:
  *             _banner = c_ssh.ssh_get_clientbanner(self._session)
  *         if _banner is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         banner = _banner
- */
-  __pyx_t_1 = ((__pyx_v__banner == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__banner == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":584
+    /* "ssh/session.pyx":610
  *             _banner = c_ssh.ssh_get_clientbanner(self._session)
  *         if _banner is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         banner = _banner
  *         return banner
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":583
+    /* "ssh/session.pyx":609
  *         with nogil:
  *             _banner = c_ssh.ssh_get_clientbanner(self._session)
  *         if _banner is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         banner = _banner
- */
+*/
   }
 
-  /* "ssh/session.pyx":585
+  /* "ssh/session.pyx":611
  *         if _banner is NULL:
  *             return
  *         banner = _banner             # <<<<<<<<<<<<<<
  *         return banner
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__banner); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 585, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__banner); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 611, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_banner = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":586
+  /* "ssh/session.pyx":612
  *             return
  *         banner = _banner
  *         return banner             # <<<<<<<<<<<<<<
  * 
  *     def get_serverbanner(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_banner);
   __pyx_r = __pyx_v_banner;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":578
+  /* "ssh/session.pyx":604
  *         return b_known_host
  * 
  *     def get_clientbanner(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_banner
  *         cdef bytes banner
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -10887,29 +15441,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_124get_clientbanner(struct __py
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":588
+/* "ssh/session.pyx":614
  *         return banner
  * 
  *     def get_serverbanner(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_banner
  *         cdef bytes banner
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_127get_serverbanner(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_126get_serverbanner[] = "Session.get_serverbanner(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_127get_serverbanner(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_129get_serverbanner(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_128get_serverbanner, "Session.get_serverbanner(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_129get_serverbanner = {"get_serverbanner", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_129get_serverbanner, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_128get_serverbanner};
+static PyObject *__pyx_pw_3ssh_7session_7Session_129get_serverbanner(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_serverbanner (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_126get_serverbanner(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_serverbanner", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_serverbanner", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_128get_serverbanner(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_126get_serverbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_128get_serverbanner(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__banner;
   PyObject *__pyx_v_banner = 0;
   PyObject *__pyx_r = NULL;
@@ -10921,111 +15504,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_126get_serverbanner(struct __py
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_serverbanner", 0);
 
-  /* "ssh/session.pyx":591
+  /* "ssh/session.pyx":617
  *         cdef const_char *_banner
  *         cdef bytes banner
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _banner = c_ssh.ssh_get_serverbanner(self._session)
  *         if _banner is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":592
+        /* "ssh/session.pyx":618
  *         cdef bytes banner
  *         with nogil:
  *             _banner = c_ssh.ssh_get_serverbanner(self._session)             # <<<<<<<<<<<<<<
  *         if _banner is NULL:
  *             return
- */
+*/
         __pyx_v__banner = ssh_get_serverbanner(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":591
+      /* "ssh/session.pyx":617
  *         cdef const_char *_banner
  *         cdef bytes banner
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _banner = c_ssh.ssh_get_serverbanner(self._session)
  *         if _banner is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":593
+  /* "ssh/session.pyx":619
  *         with nogil:
  *             _banner = c_ssh.ssh_get_serverbanner(self._session)
  *         if _banner is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         banner = _banner
- */
-  __pyx_t_1 = ((__pyx_v__banner == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__banner == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":594
+    /* "ssh/session.pyx":620
  *             _banner = c_ssh.ssh_get_serverbanner(self._session)
  *         if _banner is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         banner = _banner
  *         return banner
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":593
+    /* "ssh/session.pyx":619
  *         with nogil:
  *             _banner = c_ssh.ssh_get_serverbanner(self._session)
  *         if _banner is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         banner = _banner
- */
+*/
   }
 
-  /* "ssh/session.pyx":595
+  /* "ssh/session.pyx":621
  *         if _banner is NULL:
  *             return
  *         banner = _banner             # <<<<<<<<<<<<<<
  *         return banner
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__banner); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 595, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__banner); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 621, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_banner = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":596
+  /* "ssh/session.pyx":622
  *             return
  *         banner = _banner
  *         return banner             # <<<<<<<<<<<<<<
  * 
  *     def get_kex_algo(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_banner);
   __pyx_r = __pyx_v_banner;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":588
+  /* "ssh/session.pyx":614
  *         return banner
  * 
  *     def get_serverbanner(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_banner
  *         cdef bytes banner
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11039,29 +15619,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_126get_serverbanner(struct __py
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":598
+/* "ssh/session.pyx":624
  *         return banner
  * 
  *     def get_kex_algo(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_algo
  *         cdef bytes algo
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_129get_kex_algo(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_128get_kex_algo[] = "Session.get_kex_algo(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_129get_kex_algo(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_131get_kex_algo(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_130get_kex_algo, "Session.get_kex_algo(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_131get_kex_algo = {"get_kex_algo", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_131get_kex_algo, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_130get_kex_algo};
+static PyObject *__pyx_pw_3ssh_7session_7Session_131get_kex_algo(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_kex_algo (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_128get_kex_algo(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_kex_algo", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_kex_algo", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_130get_kex_algo(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_128get_kex_algo(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_130get_kex_algo(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__algo;
   PyObject *__pyx_v_algo = 0;
   PyObject *__pyx_r = NULL;
@@ -11073,111 +15682,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_128get_kex_algo(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_kex_algo", 0);
 
-  /* "ssh/session.pyx":601
+  /* "ssh/session.pyx":627
  *         cdef const_char *_algo
  *         cdef bytes algo
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _algo = c_ssh.ssh_get_kex_algo(self._session)
  *         if _algo is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":602
+        /* "ssh/session.pyx":628
  *         cdef bytes algo
  *         with nogil:
  *             _algo = c_ssh.ssh_get_kex_algo(self._session)             # <<<<<<<<<<<<<<
  *         if _algo is NULL:
  *             return
- */
+*/
         __pyx_v__algo = ssh_get_kex_algo(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":601
+      /* "ssh/session.pyx":627
  *         cdef const_char *_algo
  *         cdef bytes algo
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _algo = c_ssh.ssh_get_kex_algo(self._session)
  *         if _algo is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":603
+  /* "ssh/session.pyx":629
  *         with nogil:
  *             _algo = c_ssh.ssh_get_kex_algo(self._session)
  *         if _algo is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         algo = _algo
- */
-  __pyx_t_1 = ((__pyx_v__algo == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__algo == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":604
+    /* "ssh/session.pyx":630
  *             _algo = c_ssh.ssh_get_kex_algo(self._session)
  *         if _algo is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         algo = _algo
  *         return algo
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":603
+    /* "ssh/session.pyx":629
  *         with nogil:
  *             _algo = c_ssh.ssh_get_kex_algo(self._session)
  *         if _algo is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         algo = _algo
- */
+*/
   }
 
-  /* "ssh/session.pyx":605
+  /* "ssh/session.pyx":631
  *         if _algo is NULL:
  *             return
  *         algo = _algo             # <<<<<<<<<<<<<<
  *         return algo
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__algo); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 605, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__algo); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 631, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_algo = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":606
+  /* "ssh/session.pyx":632
  *             return
  *         algo = _algo
  *         return algo             # <<<<<<<<<<<<<<
  * 
  *     def get_cipher_in(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_algo);
   __pyx_r = __pyx_v_algo;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":598
+  /* "ssh/session.pyx":624
  *         return banner
  * 
  *     def get_kex_algo(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_algo
  *         cdef bytes algo
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11191,29 +15797,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_128get_kex_algo(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":608
+/* "ssh/session.pyx":634
  *         return algo
  * 
  *     def get_cipher_in(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_cipher
  *         cdef bytes cipher
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_131get_cipher_in(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_130get_cipher_in[] = "Session.get_cipher_in(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_131get_cipher_in(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_133get_cipher_in(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_132get_cipher_in, "Session.get_cipher_in(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_133get_cipher_in = {"get_cipher_in", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_133get_cipher_in, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_132get_cipher_in};
+static PyObject *__pyx_pw_3ssh_7session_7Session_133get_cipher_in(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_cipher_in (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_130get_cipher_in(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_cipher_in", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_cipher_in", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_132get_cipher_in(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_130get_cipher_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_132get_cipher_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__cipher;
   PyObject *__pyx_v_cipher = 0;
   PyObject *__pyx_r = NULL;
@@ -11225,111 +15860,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_130get_cipher_in(struct __pyx_o
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_cipher_in", 0);
 
-  /* "ssh/session.pyx":611
+  /* "ssh/session.pyx":637
  *         cdef const_char *_cipher
  *         cdef bytes cipher
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _cipher = c_ssh.ssh_get_cipher_in(self._session)
  *         if _cipher is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":612
+        /* "ssh/session.pyx":638
  *         cdef bytes cipher
  *         with nogil:
  *             _cipher = c_ssh.ssh_get_cipher_in(self._session)             # <<<<<<<<<<<<<<
  *         if _cipher is NULL:
  *             return
- */
+*/
         __pyx_v__cipher = ssh_get_cipher_in(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":611
+      /* "ssh/session.pyx":637
  *         cdef const_char *_cipher
  *         cdef bytes cipher
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _cipher = c_ssh.ssh_get_cipher_in(self._session)
  *         if _cipher is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":613
+  /* "ssh/session.pyx":639
  *         with nogil:
  *             _cipher = c_ssh.ssh_get_cipher_in(self._session)
  *         if _cipher is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cipher = _cipher
- */
-  __pyx_t_1 = ((__pyx_v__cipher == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__cipher == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":614
+    /* "ssh/session.pyx":640
  *             _cipher = c_ssh.ssh_get_cipher_in(self._session)
  *         if _cipher is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         cipher = _cipher
  *         return cipher
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":613
+    /* "ssh/session.pyx":639
  *         with nogil:
  *             _cipher = c_ssh.ssh_get_cipher_in(self._session)
  *         if _cipher is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cipher = _cipher
- */
+*/
   }
 
-  /* "ssh/session.pyx":615
+  /* "ssh/session.pyx":641
  *         if _cipher is NULL:
  *             return
  *         cipher = _cipher             # <<<<<<<<<<<<<<
  *         return cipher
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__cipher); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 615, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__cipher); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 641, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_cipher = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":616
+  /* "ssh/session.pyx":642
  *             return
  *         cipher = _cipher
  *         return cipher             # <<<<<<<<<<<<<<
  * 
  *     def get_cipher_out(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_cipher);
   __pyx_r = __pyx_v_cipher;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":608
+  /* "ssh/session.pyx":634
  *         return algo
  * 
  *     def get_cipher_in(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_cipher
  *         cdef bytes cipher
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11343,29 +15975,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_130get_cipher_in(struct __pyx_o
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":618
+/* "ssh/session.pyx":644
  *         return cipher
  * 
  *     def get_cipher_out(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_cipher
  *         cdef bytes cipher
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_133get_cipher_out(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_132get_cipher_out[] = "Session.get_cipher_out(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_133get_cipher_out(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_135get_cipher_out(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_134get_cipher_out, "Session.get_cipher_out(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_135get_cipher_out = {"get_cipher_out", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_135get_cipher_out, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_134get_cipher_out};
+static PyObject *__pyx_pw_3ssh_7session_7Session_135get_cipher_out(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_cipher_out (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_132get_cipher_out(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_cipher_out", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_cipher_out", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_134get_cipher_out(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_132get_cipher_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_134get_cipher_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__cipher;
   PyObject *__pyx_v_cipher = 0;
   PyObject *__pyx_r = NULL;
@@ -11377,111 +16038,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_132get_cipher_out(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_cipher_out", 0);
 
-  /* "ssh/session.pyx":621
+  /* "ssh/session.pyx":647
  *         cdef const_char *_cipher
  *         cdef bytes cipher
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _cipher = c_ssh.ssh_get_cipher_out(self._session)
  *         if _cipher is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":622
+        /* "ssh/session.pyx":648
  *         cdef bytes cipher
  *         with nogil:
  *             _cipher = c_ssh.ssh_get_cipher_out(self._session)             # <<<<<<<<<<<<<<
  *         if _cipher is NULL:
  *             return
- */
+*/
         __pyx_v__cipher = ssh_get_cipher_out(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":621
+      /* "ssh/session.pyx":647
  *         cdef const_char *_cipher
  *         cdef bytes cipher
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _cipher = c_ssh.ssh_get_cipher_out(self._session)
  *         if _cipher is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":623
+  /* "ssh/session.pyx":649
  *         with nogil:
  *             _cipher = c_ssh.ssh_get_cipher_out(self._session)
  *         if _cipher is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cipher = _cipher
- */
-  __pyx_t_1 = ((__pyx_v__cipher == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__cipher == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":624
+    /* "ssh/session.pyx":650
  *             _cipher = c_ssh.ssh_get_cipher_out(self._session)
  *         if _cipher is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         cipher = _cipher
  *         return cipher
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":623
+    /* "ssh/session.pyx":649
  *         with nogil:
  *             _cipher = c_ssh.ssh_get_cipher_out(self._session)
  *         if _cipher is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cipher = _cipher
- */
+*/
   }
 
-  /* "ssh/session.pyx":625
+  /* "ssh/session.pyx":651
  *         if _cipher is NULL:
  *             return
  *         cipher = _cipher             # <<<<<<<<<<<<<<
  *         return cipher
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__cipher); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 625, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__cipher); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 651, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_cipher = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":626
+  /* "ssh/session.pyx":652
  *             return
  *         cipher = _cipher
  *         return cipher             # <<<<<<<<<<<<<<
  * 
  *     def get_hmac_in(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_cipher);
   __pyx_r = __pyx_v_cipher;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":618
+  /* "ssh/session.pyx":644
  *         return cipher
  * 
  *     def get_cipher_out(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_cipher
  *         cdef bytes cipher
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11495,29 +16153,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_132get_cipher_out(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":628
+/* "ssh/session.pyx":654
  *         return cipher
  * 
  *     def get_hmac_in(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_hmac
  *         cdef bytes hmac
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_135get_hmac_in(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_134get_hmac_in[] = "Session.get_hmac_in(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_135get_hmac_in(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_137get_hmac_in(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_136get_hmac_in, "Session.get_hmac_in(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_137get_hmac_in = {"get_hmac_in", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_137get_hmac_in, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_136get_hmac_in};
+static PyObject *__pyx_pw_3ssh_7session_7Session_137get_hmac_in(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_hmac_in (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_134get_hmac_in(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_hmac_in", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_hmac_in", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_136get_hmac_in(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_134get_hmac_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_136get_hmac_in(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__hmac;
   PyObject *__pyx_v_hmac = 0;
   PyObject *__pyx_r = NULL;
@@ -11529,111 +16216,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_134get_hmac_in(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_hmac_in", 0);
 
-  /* "ssh/session.pyx":631
+  /* "ssh/session.pyx":657
  *         cdef const_char *_hmac
  *         cdef bytes hmac
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _hmac = c_ssh.ssh_get_hmac_in(self._session)
  *         if _hmac is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":632
+        /* "ssh/session.pyx":658
  *         cdef bytes hmac
  *         with nogil:
  *             _hmac = c_ssh.ssh_get_hmac_in(self._session)             # <<<<<<<<<<<<<<
  *         if _hmac is NULL:
  *             return
- */
+*/
         __pyx_v__hmac = ssh_get_hmac_in(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":631
+      /* "ssh/session.pyx":657
  *         cdef const_char *_hmac
  *         cdef bytes hmac
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _hmac = c_ssh.ssh_get_hmac_in(self._session)
  *         if _hmac is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":633
+  /* "ssh/session.pyx":659
  *         with nogil:
  *             _hmac = c_ssh.ssh_get_hmac_in(self._session)
  *         if _hmac is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         hmac = _hmac
- */
-  __pyx_t_1 = ((__pyx_v__hmac == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__hmac == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":634
+    /* "ssh/session.pyx":660
  *             _hmac = c_ssh.ssh_get_hmac_in(self._session)
  *         if _hmac is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         hmac = _hmac
  *         return hmac
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":633
+    /* "ssh/session.pyx":659
  *         with nogil:
  *             _hmac = c_ssh.ssh_get_hmac_in(self._session)
  *         if _hmac is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         hmac = _hmac
- */
+*/
   }
 
-  /* "ssh/session.pyx":635
+  /* "ssh/session.pyx":661
  *         if _hmac is NULL:
  *             return
  *         hmac = _hmac             # <<<<<<<<<<<<<<
  *         return hmac
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__hmac); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 635, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__hmac); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 661, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_hmac = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":636
+  /* "ssh/session.pyx":662
  *             return
  *         hmac = _hmac
  *         return hmac             # <<<<<<<<<<<<<<
  * 
  *     def get_hmac_out(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_hmac);
   __pyx_r = __pyx_v_hmac;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":628
+  /* "ssh/session.pyx":654
  *         return cipher
  * 
  *     def get_hmac_in(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_hmac
  *         cdef bytes hmac
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11647,29 +16331,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_134get_hmac_in(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":638
+/* "ssh/session.pyx":664
  *         return hmac
  * 
  *     def get_hmac_out(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_hmac
  *         cdef bytes hmac
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_137get_hmac_out(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_136get_hmac_out[] = "Session.get_hmac_out(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_137get_hmac_out(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_139get_hmac_out(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_138get_hmac_out, "Session.get_hmac_out(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_139get_hmac_out = {"get_hmac_out", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_139get_hmac_out, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_138get_hmac_out};
+static PyObject *__pyx_pw_3ssh_7session_7Session_139get_hmac_out(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_hmac_out (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_136get_hmac_out(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_hmac_out", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_hmac_out", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_138get_hmac_out(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_136get_hmac_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_138get_hmac_out(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v__hmac;
   PyObject *__pyx_v_hmac = 0;
   PyObject *__pyx_r = NULL;
@@ -11681,111 +16394,108 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_136get_hmac_out(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_hmac_out", 0);
 
-  /* "ssh/session.pyx":641
+  /* "ssh/session.pyx":667
  *         cdef const_char *_hmac
  *         cdef bytes hmac
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _hmac = c_ssh.ssh_get_hmac_out(self._session)
  *         if _hmac is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":642
+        /* "ssh/session.pyx":668
  *         cdef bytes hmac
  *         with nogil:
  *             _hmac = c_ssh.ssh_get_hmac_out(self._session)             # <<<<<<<<<<<<<<
  *         if _hmac is NULL:
  *             return
- */
+*/
         __pyx_v__hmac = ssh_get_hmac_out(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":641
+      /* "ssh/session.pyx":667
  *         cdef const_char *_hmac
  *         cdef bytes hmac
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _hmac = c_ssh.ssh_get_hmac_out(self._session)
  *         if _hmac is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":643
+  /* "ssh/session.pyx":669
  *         with nogil:
  *             _hmac = c_ssh.ssh_get_hmac_out(self._session)
  *         if _hmac is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         hmac = _hmac
- */
-  __pyx_t_1 = ((__pyx_v__hmac == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__hmac == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":644
+    /* "ssh/session.pyx":670
  *             _hmac = c_ssh.ssh_get_hmac_out(self._session)
  *         if _hmac is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         hmac = _hmac
  *         return hmac
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":643
+    /* "ssh/session.pyx":669
  *         with nogil:
  *             _hmac = c_ssh.ssh_get_hmac_out(self._session)
  *         if _hmac is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         hmac = _hmac
- */
+*/
   }
 
-  /* "ssh/session.pyx":645
+  /* "ssh/session.pyx":671
  *         if _hmac is NULL:
  *             return
  *         hmac = _hmac             # <<<<<<<<<<<<<<
  *         return hmac
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__hmac); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 645, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__hmac); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 671, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_hmac = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":646
+  /* "ssh/session.pyx":672
  *             return
  *         hmac = _hmac
  *         return hmac             # <<<<<<<<<<<<<<
  * 
  *     def get_error(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_hmac);
   __pyx_r = __pyx_v_hmac;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":638
+  /* "ssh/session.pyx":664
  *         return hmac
  * 
  *     def get_hmac_out(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *_hmac
  *         cdef bytes hmac
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11799,29 +16509,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_136get_hmac_out(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":648
+/* "ssh/session.pyx":674
  *         return hmac
  * 
  *     def get_error(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *error
  *         cdef bytes b_error
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_139get_error(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_138get_error[] = "Session.get_error(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_139get_error(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_141get_error(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_140get_error, "Session.get_error(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_141get_error = {"get_error", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_141get_error, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_140get_error};
+static PyObject *__pyx_pw_3ssh_7session_7Session_141get_error(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_error (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_138get_error(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_error", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_error", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_140get_error(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_138get_error(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_140get_error(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   const char *__pyx_v_error;
   PyObject *__pyx_v_b_error = 0;
   PyObject *__pyx_r = NULL;
@@ -11834,114 +16573,111 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_138get_error(struct __pyx_obj_3
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_error", 0);
 
-  /* "ssh/session.pyx":651
+  /* "ssh/session.pyx":677
  *         cdef const_char *error
  *         cdef bytes b_error
  *         with nogil:             # <<<<<<<<<<<<<<
  *             error = c_ssh.ssh_get_error(self._session)
  *         if error is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":652
+        /* "ssh/session.pyx":678
  *         cdef bytes b_error
  *         with nogil:
  *             error = c_ssh.ssh_get_error(self._session)             # <<<<<<<<<<<<<<
  *         if error is NULL:
  *             return
- */
+*/
         __pyx_v_error = ssh_get_error(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":651
+      /* "ssh/session.pyx":677
  *         cdef const_char *error
  *         cdef bytes b_error
  *         with nogil:             # <<<<<<<<<<<<<<
  *             error = c_ssh.ssh_get_error(self._session)
  *         if error is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":653
+  /* "ssh/session.pyx":679
  *         with nogil:
  *             error = c_ssh.ssh_get_error(self._session)
  *         if error is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         b_error = error
- */
-  __pyx_t_1 = ((__pyx_v_error == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_error == NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/session.pyx":654
+    /* "ssh/session.pyx":680
  *             error = c_ssh.ssh_get_error(self._session)
  *         if error is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         b_error = error
  *         return to_str(b_error)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
-    /* "ssh/session.pyx":653
+    /* "ssh/session.pyx":679
  *         with nogil:
  *             error = c_ssh.ssh_get_error(self._session)
  *         if error is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         b_error = error
- */
+*/
   }
 
-  /* "ssh/session.pyx":655
+  /* "ssh/session.pyx":681
  *         if error is NULL:
  *             return
  *         b_error = error             # <<<<<<<<<<<<<<
  *         return to_str(b_error)
  * 
- */
-  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v_error); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 655, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v_error); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 681, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_error = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
-  /* "ssh/session.pyx":656
+  /* "ssh/session.pyx":682
  *             return
  *         b_error = error
  *         return to_str(b_error)             # <<<<<<<<<<<<<<
  * 
  *     def get_error_code(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_error); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 656, __pyx_L1_error)
-  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(__pyx_t_3); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 656, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_error); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 682, __pyx_L1_error)
+  __pyx_t_2 = __pyx_f_3ssh_5utils_to_str(__pyx_t_3); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 682, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":648
+  /* "ssh/session.pyx":674
  *         return hmac
  * 
  *     def get_error(self):             # <<<<<<<<<<<<<<
  *         cdef const_char *error
  *         cdef bytes b_error
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -11955,29 +16691,58 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_138get_error(struct __pyx_obj_3
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":658
+/* "ssh/session.pyx":684
  *         return to_str(b_error)
  * 
  *     def get_error_code(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_141get_error_code(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_140get_error_code[] = "Session.get_error_code(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_141get_error_code(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_143get_error_code(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_142get_error_code, "Session.get_error_code(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_143get_error_code = {"get_error_code", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_143get_error_code, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_142get_error_code};
+static PyObject *__pyx_pw_3ssh_7session_7Session_143get_error_code(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_error_code (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_140get_error_code(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_error_code", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_error_code", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_142get_error_code(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_140get_error_code(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_142get_error_code(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   int __pyx_v_rc;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
@@ -11987,71 +16752,68 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_140get_error_code(struct __pyx_
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_error_code", 0);
 
-  /* "ssh/session.pyx":660
+  /* "ssh/session.pyx":686
  *     def get_error_code(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_error_code(self._session)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":661
+        /* "ssh/session.pyx":687
  *         cdef int rc
  *         with nogil:
  *             rc = c_ssh.ssh_get_error_code(self._session)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = ssh_get_error_code(__pyx_v_self->_session);
       }
 
-      /* "ssh/session.pyx":660
+      /* "ssh/session.pyx":686
  *     def get_error_code(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_ssh.ssh_get_error_code(self._session)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":662
+  /* "ssh/session.pyx":688
  *         with nogil:
  *             rc = c_ssh.ssh_get_error_code(self._session)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def scp_new(self, int mode, location not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 662, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 688, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":658
+  /* "ssh/session.pyx":684
  *         return to_str(b_error)
  * 
  *     def get_error_code(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -12064,87 +16826,121 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_140get_error_code(struct __pyx_
   return __pyx_r;
 }
 
-/* "ssh/session.pyx":664
+/* "ssh/session.pyx":690
  *         return rc
  * 
  *     def scp_new(self, int mode, location not None):             # <<<<<<<<<<<<<<
  *         """Create and initialise SCP channel"""
  *         cdef c_ssh.ssh_scp _scp
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_143scp_new(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_142scp_new[] = "Session.scp_new(self, int mode, location)\nCreate and initialise SCP channel";
-static PyObject *__pyx_pw_3ssh_7session_7Session_143scp_new(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_145scp_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_144scp_new, "Session.scp_new(self, int mode, location)\n\nCreate and initialise SCP channel");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_145scp_new = {"scp_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_145scp_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_144scp_new};
+static PyObject *__pyx_pw_3ssh_7session_7Session_145scp_new(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   int __pyx_v_mode;
   PyObject *__pyx_v_location = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("scp_new (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_mode,&__pyx_n_s_location,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_mode,&__pyx_mstate_global->__pyx_n_u_location,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 690, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 690, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 690, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_mode)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_location)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("scp_new", 1, 2, 2, 1); __PYX_ERR(0, 664, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "scp_new") < 0)) __PYX_ERR(0, 664, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "scp_new", 0) < 0) __PYX_ERR(0, 690, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("scp_new", 1, 2, 2, i); __PYX_ERR(0, 690, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 690, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 690, __pyx_L3_error)
     }
-    __pyx_v_mode = __Pyx_PyInt_As_int(values[0]); if (unlikely((__pyx_v_mode == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 664, __pyx_L3_error)
+    __pyx_v_mode = __Pyx_PyLong_As_int(values[0]); if (unlikely((__pyx_v_mode == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 690, __pyx_L3_error)
     __pyx_v_location = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("scp_new", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 664, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("scp_new", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 690, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.session.Session.scp_new", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_location) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "location"); __PYX_ERR(0, 664, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "location"); __PYX_ERR(0, 690, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_142scp_new(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_mode, __pyx_v_location);
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_144scp_new(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v_mode, __pyx_v_location);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_142scp_new(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_mode, PyObject *__pyx_v_location) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_144scp_new(struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, int __pyx_v_mode, PyObject *__pyx_v_location) {
   ssh_scp __pyx_v__scp;
   PyObject *__pyx_v_b_location = 0;
   char *__pyx_v_c_location;
@@ -12159,291 +16955,272 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_142scp_new(struct __pyx_obj_3ss
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("scp_new", 0);
 
-  /* "ssh/session.pyx":667
+  /* "ssh/session.pyx":693
  *         """Create and initialise SCP channel"""
  *         cdef c_ssh.ssh_scp _scp
  *         cdef bytes b_location = to_bytes(location)             # <<<<<<<<<<<<<<
  *         cdef char *c_location = b_location
  *         with nogil:
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_location); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 667, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_location); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 693, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_location = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/session.pyx":668
+  /* "ssh/session.pyx":694
  *         cdef c_ssh.ssh_scp _scp
  *         cdef bytes b_location = to_bytes(location)
  *         cdef char *c_location = b_location             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
- */
+*/
   if (unlikely(__pyx_v_b_location == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 668, __pyx_L1_error)
+    __PYX_ERR(0, 694, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_location); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 668, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsWritableString(__pyx_v_b_location); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 694, __pyx_L1_error)
   __pyx_v_c_location = __pyx_t_2;
 
-  /* "ssh/session.pyx":669
+  /* "ssh/session.pyx":695
  *         cdef bytes b_location = to_bytes(location)
  *         cdef char *c_location = b_location
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
  *             if _scp is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/session.pyx":670
+        /* "ssh/session.pyx":696
  *         cdef char *c_location = b_location
  *         with nogil:
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)             # <<<<<<<<<<<<<<
  *             if _scp is NULL:
  *                 with gil:
- */
+*/
         __pyx_v__scp = ssh_scp_new(__pyx_v_self->_session, __pyx_v_mode, __pyx_v_c_location);
 
-        /* "ssh/session.pyx":671
+        /* "ssh/session.pyx":697
  *         with nogil:
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
  *             if _scp is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     return handle_error_codes(
- */
-        __pyx_t_3 = ((__pyx_v__scp == NULL) != 0);
+*/
+        __pyx_t_3 = (__pyx_v__scp == NULL);
         if (__pyx_t_3) {
 
-          /* "ssh/session.pyx":672
+          /* "ssh/session.pyx":698
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
  *             if _scp is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/session.pyx":673
+                /* "ssh/session.pyx":699
  *             if _scp is NULL:
  *                 with gil:
  *                     return handle_error_codes(             # <<<<<<<<<<<<<<
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:
- */
+*/
                 __Pyx_XDECREF(__pyx_r);
 
-                /* "ssh/session.pyx":674
+                /* "ssh/session.pyx":700
  *                 with gil:
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)             # <<<<<<<<<<<<<<
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:
  *                 c_ssh.ssh_scp_free(_scp)
- */
-                __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 673, __pyx_L8_error)
+*/
+                __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 699, __pyx_L8_error)
 
-                /* "ssh/session.pyx":673
+                /* "ssh/session.pyx":699
  *             if _scp is NULL:
  *                 with gil:
  *                     return handle_error_codes(             # <<<<<<<<<<<<<<
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:
- */
-                __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 673, __pyx_L8_error)
+*/
+                __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 699, __pyx_L8_error)
                 __Pyx_GOTREF(__pyx_t_1);
                 __pyx_r = __pyx_t_1;
                 __pyx_t_1 = 0;
                 goto __pyx_L7_return;
               }
 
-              /* "ssh/session.pyx":672
+              /* "ssh/session.pyx":698
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
  *             if _scp is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
               /*finally:*/ {
                 __pyx_L7_return: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L3_return;
                 }
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/session.pyx":671
+          /* "ssh/session.pyx":697
  *         with nogil:
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
  *             if _scp is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     return handle_error_codes(
- */
+*/
         }
 
-        /* "ssh/session.pyx":675
+        /* "ssh/session.pyx":701
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_scp_free(_scp)
  *                 with gil:
- */
-        __pyx_t_3 = ((ssh_scp_init(__pyx_v__scp) != SSH_OK) != 0);
+*/
+        __pyx_t_3 = (ssh_scp_init(__pyx_v__scp) != SSH_OK);
         if (__pyx_t_3) {
 
-          /* "ssh/session.pyx":676
+          /* "ssh/session.pyx":702
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:
  *                 c_ssh.ssh_scp_free(_scp)             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     return handle_error_codes(
- */
+*/
           ssh_scp_free(__pyx_v__scp);
 
-          /* "ssh/session.pyx":677
+          /* "ssh/session.pyx":703
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:
  *                 c_ssh.ssh_scp_free(_scp)
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/session.pyx":678
+                /* "ssh/session.pyx":704
  *                 c_ssh.ssh_scp_free(_scp)
  *                 with gil:
  *                     return handle_error_codes(             # <<<<<<<<<<<<<<
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *         return SCP.from_ptr(_scp, self)
- */
+*/
                 __Pyx_XDECREF(__pyx_r);
 
-                /* "ssh/session.pyx":679
+                /* "ssh/session.pyx":705
  *                 with gil:
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)             # <<<<<<<<<<<<<<
  *         return SCP.from_ptr(_scp, self)
- */
-                __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 678, __pyx_L12_error)
+*/
+                __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(ssh_get_error_code(__pyx_v_self->_session), __pyx_v_self->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 704, __pyx_L12_error)
 
-                /* "ssh/session.pyx":678
+                /* "ssh/session.pyx":704
  *                 c_ssh.ssh_scp_free(_scp)
  *                 with gil:
  *                     return handle_error_codes(             # <<<<<<<<<<<<<<
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *         return SCP.from_ptr(_scp, self)
- */
-                __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 678, __pyx_L12_error)
+*/
+                __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 704, __pyx_L12_error)
                 __Pyx_GOTREF(__pyx_t_1);
                 __pyx_r = __pyx_t_1;
                 __pyx_t_1 = 0;
                 goto __pyx_L11_return;
               }
 
-              /* "ssh/session.pyx":677
+              /* "ssh/session.pyx":703
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:
  *                 c_ssh.ssh_scp_free(_scp)
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
- */
+*/
               /*finally:*/ {
                 __pyx_L11_return: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L3_return;
                 }
                 __pyx_L12_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/session.pyx":675
+          /* "ssh/session.pyx":701
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *             if c_ssh.ssh_scp_init(_scp) != c_ssh.SSH_OK:             # <<<<<<<<<<<<<<
  *                 c_ssh.ssh_scp_free(_scp)
  *                 with gil:
- */
+*/
         }
       }
 
-      /* "ssh/session.pyx":669
+      /* "ssh/session.pyx":695
  *         cdef bytes b_location = to_bytes(location)
  *         cdef char *c_location = b_location
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _scp = c_ssh.ssh_scp_new(self._session, mode, c_location)
  *             if _scp is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L3_return: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L0;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/session.pyx":680
+  /* "ssh/session.pyx":706
  *                     return handle_error_codes(
  *                         c_ssh.ssh_get_error_code(self._session), self._session)
  *         return SCP.from_ptr(_scp, self)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_3scp_SCP->from_ptr(__pyx_v__scp, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 680, __pyx_L1_error)
+  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_3scp_SCP->from_ptr(__pyx_v__scp, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 706, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/session.pyx":664
+  /* "ssh/session.pyx":690
  *         return rc
  * 
  *     def scp_new(self, int mode, location not None):             # <<<<<<<<<<<<<<
  *         """Create and initialise SCP channel"""
  *         cdef c_ssh.ssh_scp _scp
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -12461,14 +17238,16 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_142scp_new(struct __pyx_obj_3ss
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
  *     cdef readonly object sock             # <<<<<<<<<<<<<<
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_7session_7Session_4sock_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_7session_7Session_4sock_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_7session_7Session_4sock___get__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
@@ -12494,28 +17273,56 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_4sock___get__(struct __pyx_obj_
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_145__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_144__reduce_cython__[] = "Session.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_145__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_147__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_146__reduce_cython__, "Session.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_147__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_147__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_146__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_7session_7Session_147__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_144__reduce_cython__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_146__reduce_cython__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self));
 
   /* function exit code */
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_144__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_146__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -12523,25 +17330,21 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_144__reduce_cython__(CYTHON_UNU
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.session.Session.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -12551,74 +17354,147 @@ static PyObject *__pyx_pf_3ssh_7session_7Session_144__reduce_cython__(CYTHON_UNU
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_7session_7Session_147__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_7session_7Session_146__setstate_cython__[] = "Session.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_7session_7Session_147__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_7session_7Session_149__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_7session_7Session_148__setstate_cython__, "Session.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_7session_7Session_149__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_149__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_148__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_7session_7Session_149__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_7session_7Session_146__setstate_cython__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.session.Session.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_7session_7Session_148__setstate_cython__(((struct __pyx_obj_3ssh_7session_Session *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-static PyObject *__pyx_pf_3ssh_7session_7Session_146__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pf_3ssh_7session_7Session_148__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_7session_Session *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.session.Session.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 
 static PyObject *__pyx_tp_new_3ssh_7session_Session(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_7session_Session *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_7session_Session *)o);
   p->sock = Py_None; Py_INCREF(Py_None);
-  if (unlikely(__pyx_pw_3ssh_7session_7Session_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_7session_7Session_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -12628,8 +17504,10 @@ static PyObject *__pyx_tp_new_3ssh_7session_Session(PyTypeObject *t, CYTHON_UNUS
 static void __pyx_tp_dealloc_3ssh_7session_Session(PyObject *o) {
   struct __pyx_obj_3ssh_7session_Session *p = (struct __pyx_obj_3ssh_7session_Session *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_7session_Session) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -12642,12 +17520,23 @@ static void __pyx_tp_dealloc_3ssh_7session_Session(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->sock);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_7session_Session(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_7session_Session *p = (struct __pyx_obj_3ssh_7session_Session *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->sock) {
     e = (*v)(p->sock, a); if (e) return e;
   }
@@ -12668,89 +17557,109 @@ static PyObject *__pyx_getprop_3ssh_7session_7Session_sock(PyObject *o, CYTHON_U
 }
 
 static PyMethodDef __pyx_methods_3ssh_7session_Session[] = {
-  {"set_socket", (PyCFunction)__pyx_pw_3ssh_7session_7Session_5set_socket, METH_O, __pyx_doc_3ssh_7session_7Session_4set_socket},
-  {"blocking_flush", (PyCFunction)__pyx_pw_3ssh_7session_7Session_7blocking_flush, METH_O, __pyx_doc_3ssh_7session_7Session_6blocking_flush},
-  {"channel_new", (PyCFunction)__pyx_pw_3ssh_7session_7Session_9channel_new, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_8channel_new},
-  {"sftp_new", (PyCFunction)__pyx_pw_3ssh_7session_7Session_11sftp_new, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_10sftp_new},
-  {"sftp_init", (PyCFunction)__pyx_pw_3ssh_7session_7Session_13sftp_init, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_12sftp_init},
-  {"connect", (PyCFunction)__pyx_pw_3ssh_7session_7Session_15connect, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_14connect},
-  {"disconnect", (PyCFunction)__pyx_pw_3ssh_7session_7Session_17disconnect, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_16disconnect},
-  {"connector_new", (PyCFunction)__pyx_pw_3ssh_7session_7Session_19connector_new, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_18connector_new},
-  {"accept_forward", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_21accept_forward, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_20accept_forward},
-  {"cancel_forward", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_23cancel_forward, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_22cancel_forward},
-  {"listen_forward", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_25listen_forward, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_24listen_forward},
-  {"get_disconnect_message", (PyCFunction)__pyx_pw_3ssh_7session_7Session_27get_disconnect_message, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_26get_disconnect_message},
-  {"get_fd", (PyCFunction)__pyx_pw_3ssh_7session_7Session_29get_fd, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_28get_fd},
-  {"get_issue_banner", (PyCFunction)__pyx_pw_3ssh_7session_7Session_31get_issue_banner, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_30get_issue_banner},
-  {"get_openssh_version", (PyCFunction)__pyx_pw_3ssh_7session_7Session_33get_openssh_version, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_32get_openssh_version},
-  {"get_server_publickey", (PyCFunction)__pyx_pw_3ssh_7session_7Session_35get_server_publickey, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_34get_server_publickey},
-  {"get_version", (PyCFunction)__pyx_pw_3ssh_7session_7Session_37get_version, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_36get_version},
-  {"get_status", (PyCFunction)__pyx_pw_3ssh_7session_7Session_39get_status, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_38get_status},
-  {"get_poll_flags", (PyCFunction)__pyx_pw_3ssh_7session_7Session_41get_poll_flags, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_40get_poll_flags},
-  {"is_blocking", (PyCFunction)__pyx_pw_3ssh_7session_7Session_43is_blocking, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_42is_blocking},
-  {"is_connected", (PyCFunction)__pyx_pw_3ssh_7session_7Session_45is_connected, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_44is_connected},
-  {"is_server_known", (PyCFunction)__pyx_pw_3ssh_7session_7Session_47is_server_known, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_46is_server_known},
-  {"copy_options", (PyCFunction)__pyx_pw_3ssh_7session_7Session_49copy_options, METH_O, __pyx_doc_3ssh_7session_7Session_48copy_options},
-  {"options_getopt", (PyCFunction)__pyx_pw_3ssh_7session_7Session_51options_getopt, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_50options_getopt},
-  {"options_parse_config", (PyCFunction)__pyx_pw_3ssh_7session_7Session_53options_parse_config, METH_O, __pyx_doc_3ssh_7session_7Session_52options_parse_config},
-  {"options_set_port", (PyCFunction)__pyx_pw_3ssh_7session_7Session_55options_set_port, METH_O, __pyx_doc_3ssh_7session_7Session_54options_set_port},
-  {"options_set_gssapi_delegate_credentials", (PyCFunction)__pyx_pw_3ssh_7session_7Session_57options_set_gssapi_delegate_credentials, METH_O, __pyx_doc_3ssh_7session_7Session_56options_set_gssapi_delegate_credentials},
-  {"options_set", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_59options_set, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_58options_set},
-  {"options_get", (PyCFunction)__pyx_pw_3ssh_7session_7Session_61options_get, METH_O, __pyx_doc_3ssh_7session_7Session_60options_get},
-  {"options_get_port", (PyCFunction)__pyx_pw_3ssh_7session_7Session_63options_get_port, METH_O, __pyx_doc_3ssh_7session_7Session_62options_get_port},
-  {"send_ignore", (PyCFunction)__pyx_pw_3ssh_7session_7Session_65send_ignore, METH_O, __pyx_doc_3ssh_7session_7Session_64send_ignore},
-  {"send_debug", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_67send_debug, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_66send_debug},
-  {"gssapi_set_creds", (PyCFunction)__pyx_pw_3ssh_7session_7Session_69gssapi_set_creds, METH_O, __pyx_doc_3ssh_7session_7Session_68gssapi_set_creds},
-  {"service_request", (PyCFunction)__pyx_pw_3ssh_7session_7Session_71service_request, METH_O, __pyx_doc_3ssh_7session_7Session_70service_request},
-  {"set_agent_channel", (PyCFunction)__pyx_pw_3ssh_7session_7Session_73set_agent_channel, METH_O, __pyx_doc_3ssh_7session_7Session_72set_agent_channel},
-  {"set_agent_socket", (PyCFunction)__pyx_pw_3ssh_7session_7Session_75set_agent_socket, METH_O, __pyx_doc_3ssh_7session_7Session_74set_agent_socket},
-  {"set_blocking", (PyCFunction)__pyx_pw_3ssh_7session_7Session_77set_blocking, METH_O, __pyx_doc_3ssh_7session_7Session_76set_blocking},
-  {"set_counters", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_79set_counters, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_78set_counters},
-  {"set_fd_except", (PyCFunction)__pyx_pw_3ssh_7session_7Session_81set_fd_except, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_80set_fd_except},
-  {"set_fd_toread", (PyCFunction)__pyx_pw_3ssh_7session_7Session_83set_fd_toread, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_82set_fd_toread},
-  {"set_fd_towrite", (PyCFunction)__pyx_pw_3ssh_7session_7Session_85set_fd_towrite, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_84set_fd_towrite},
-  {"silent_disconnect", (PyCFunction)__pyx_pw_3ssh_7session_7Session_87silent_disconnect, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_86silent_disconnect},
-  {"userauth_none", (PyCFunction)__pyx_pw_3ssh_7session_7Session_89userauth_none, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_88userauth_none},
-  {"userauth_list", (PyCFunction)__pyx_pw_3ssh_7session_7Session_91userauth_list, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_90userauth_list},
-  {"userauth_try_publickey", (PyCFunction)__pyx_pw_3ssh_7session_7Session_93userauth_try_publickey, METH_O, __pyx_doc_3ssh_7session_7Session_92userauth_try_publickey},
-  {"userauth_publickey", (PyCFunction)__pyx_pw_3ssh_7session_7Session_95userauth_publickey, METH_O, __pyx_doc_3ssh_7session_7Session_94userauth_publickey},
-  {"userauth_agent", (PyCFunction)__pyx_pw_3ssh_7session_7Session_97userauth_agent, METH_O, __pyx_doc_3ssh_7session_7Session_96userauth_agent},
-  {"userauth_publickey_auto", (PyCFunction)__pyx_pw_3ssh_7session_7Session_99userauth_publickey_auto, METH_O, __pyx_doc_3ssh_7session_7Session_98userauth_publickey_auto},
-  {"userauth_password", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_101userauth_password, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_100userauth_password},
-  {"userauth_kbdint", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_103userauth_kbdint, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_102userauth_kbdint},
-  {"userauth_kbdint_getinstruction", (PyCFunction)__pyx_pw_3ssh_7session_7Session_105userauth_kbdint_getinstruction, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_104userauth_kbdint_getinstruction},
-  {"userauth_kbdint_getname", (PyCFunction)__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getname, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_106userauth_kbdint_getname},
-  {"userauth_kbdint_getnprompts", (PyCFunction)__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getnprompts, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_108userauth_kbdint_getnprompts},
-  {"userauth_kbdint_getprompt", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getprompt, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_110userauth_kbdint_getprompt},
-  {"userauth_kbdint_getnanswers", (PyCFunction)__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getnanswers, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_112userauth_kbdint_getnanswers},
-  {"userauth_kbdint_getanswer", (PyCFunction)__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getanswer, METH_O, __pyx_doc_3ssh_7session_7Session_114userauth_kbdint_getanswer},
-  {"userauth_kbdint_setanswer", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_setanswer, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_116userauth_kbdint_setanswer},
-  {"userauth_gssapi", (PyCFunction)__pyx_pw_3ssh_7session_7Session_119userauth_gssapi, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_118userauth_gssapi},
-  {"write_knownhost", (PyCFunction)__pyx_pw_3ssh_7session_7Session_121write_knownhost, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_120write_knownhost},
-  {"dump_knownhost", (PyCFunction)__pyx_pw_3ssh_7session_7Session_123dump_knownhost, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_122dump_knownhost},
-  {"get_clientbanner", (PyCFunction)__pyx_pw_3ssh_7session_7Session_125get_clientbanner, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_124get_clientbanner},
-  {"get_serverbanner", (PyCFunction)__pyx_pw_3ssh_7session_7Session_127get_serverbanner, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_126get_serverbanner},
-  {"get_kex_algo", (PyCFunction)__pyx_pw_3ssh_7session_7Session_129get_kex_algo, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_128get_kex_algo},
-  {"get_cipher_in", (PyCFunction)__pyx_pw_3ssh_7session_7Session_131get_cipher_in, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_130get_cipher_in},
-  {"get_cipher_out", (PyCFunction)__pyx_pw_3ssh_7session_7Session_133get_cipher_out, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_132get_cipher_out},
-  {"get_hmac_in", (PyCFunction)__pyx_pw_3ssh_7session_7Session_135get_hmac_in, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_134get_hmac_in},
-  {"get_hmac_out", (PyCFunction)__pyx_pw_3ssh_7session_7Session_137get_hmac_out, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_136get_hmac_out},
-  {"get_error", (PyCFunction)__pyx_pw_3ssh_7session_7Session_139get_error, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_138get_error},
-  {"get_error_code", (PyCFunction)__pyx_pw_3ssh_7session_7Session_141get_error_code, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_140get_error_code},
-  {"scp_new", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_7session_7Session_143scp_new, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_142scp_new},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_7session_7Session_145__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_7session_7Session_144__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_7session_7Session_147__setstate_cython__, METH_O, __pyx_doc_3ssh_7session_7Session_146__setstate_cython__},
+  {"set_socket", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_5set_socket, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_4set_socket},
+  {"blocking_flush", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_7blocking_flush, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_6blocking_flush},
+  {"channel_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_9channel_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_8channel_new},
+  {"sftp_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_11sftp_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_10sftp_new},
+  {"sftp_init", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_13sftp_init, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_12sftp_init},
+  {"connect", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_15connect, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_14connect},
+  {"disconnect", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_17disconnect, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_16disconnect},
+  {"connector_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_19connector_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_18connector_new},
+  {"accept_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_21accept_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_20accept_forward},
+  {"cancel_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_23cancel_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_22cancel_forward},
+  {"listen_forward", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_25listen_forward, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_24listen_forward},
+  {"get_disconnect_message", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_27get_disconnect_message, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_26get_disconnect_message},
+  {"get_fd", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_29get_fd, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_28get_fd},
+  {"get_issue_banner", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_31get_issue_banner, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_30get_issue_banner},
+  {"get_openssh_version", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_33get_openssh_version, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_32get_openssh_version},
+  {"get_server_publickey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_35get_server_publickey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_34get_server_publickey},
+  {"get_version", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_37get_version, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_36get_version},
+  {"get_status", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_39get_status, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_38get_status},
+  {"get_poll_flags", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_41get_poll_flags, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_40get_poll_flags},
+  {"is_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_43is_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_42is_blocking},
+  {"is_connected", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_45is_connected, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_44is_connected},
+  {"is_server_known", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_47is_server_known, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_46is_server_known},
+  {"copy_options", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_49copy_options, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_48copy_options},
+  {"options_getopt", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_51options_getopt, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_50options_getopt},
+  {"options_parse_config", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_53options_parse_config, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_52options_parse_config},
+  {"options_set_port", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_55options_set_port, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_54options_set_port},
+  {"options_get_port", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_57options_get_port, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_56options_get_port},
+  {"options_set_gssapi_delegate_credentials", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_59options_set_gssapi_delegate_credentials, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_58options_set_gssapi_delegate_credentials},
+  {"options_set", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_61options_set, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_60options_set},
+  {"options_get", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_63options_get, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_62options_get},
+  {"options_set_int_val", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_65options_set_int_val, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_64options_set_int_val},
+  {"send_ignore", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_67send_ignore, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_66send_ignore},
+  {"send_debug", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_69send_debug, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_68send_debug},
+  {"gssapi_set_creds", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_71gssapi_set_creds, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_70gssapi_set_creds},
+  {"service_request", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_73service_request, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_72service_request},
+  {"set_agent_channel", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_75set_agent_channel, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_74set_agent_channel},
+  {"set_agent_socket", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_77set_agent_socket, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_76set_agent_socket},
+  {"set_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_79set_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_78set_blocking},
+  {"set_counters", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_81set_counters, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_80set_counters},
+  {"set_fd_except", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_83set_fd_except, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_82set_fd_except},
+  {"set_fd_toread", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_85set_fd_toread, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_84set_fd_toread},
+  {"set_fd_towrite", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_87set_fd_towrite, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_86set_fd_towrite},
+  {"silent_disconnect", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_89silent_disconnect, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_88silent_disconnect},
+  {"userauth_none", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_91userauth_none, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_90userauth_none},
+  {"userauth_list", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_93userauth_list, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_92userauth_list},
+  {"userauth_try_publickey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_95userauth_try_publickey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_94userauth_try_publickey},
+  {"userauth_publickey", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_97userauth_publickey, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_96userauth_publickey},
+  {"userauth_agent", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_99userauth_agent, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_98userauth_agent},
+  {"userauth_publickey_auto", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_101userauth_publickey_auto, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_100userauth_publickey_auto},
+  {"userauth_password", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_103userauth_password, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_102userauth_password},
+  {"userauth_kbdint", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_105userauth_kbdint, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_104userauth_kbdint},
+  {"userauth_kbdint_getinstruction", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_107userauth_kbdint_getinstruction, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_106userauth_kbdint_getinstruction},
+  {"userauth_kbdint_getname", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_109userauth_kbdint_getname, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_108userauth_kbdint_getname},
+  {"userauth_kbdint_getnprompts", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_111userauth_kbdint_getnprompts, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_110userauth_kbdint_getnprompts},
+  {"userauth_kbdint_getprompt", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_113userauth_kbdint_getprompt, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_112userauth_kbdint_getprompt},
+  {"userauth_kbdint_getnanswers", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_115userauth_kbdint_getnanswers, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_114userauth_kbdint_getnanswers},
+  {"userauth_kbdint_getanswer", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_117userauth_kbdint_getanswer, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_116userauth_kbdint_getanswer},
+  {"userauth_kbdint_setanswer", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_119userauth_kbdint_setanswer, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_118userauth_kbdint_setanswer},
+  {"userauth_gssapi", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_121userauth_gssapi, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_120userauth_gssapi},
+  {"write_knownhost", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_123write_knownhost, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_122write_knownhost},
+  {"dump_knownhost", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_125dump_knownhost, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_124dump_knownhost},
+  {"get_clientbanner", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_127get_clientbanner, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_126get_clientbanner},
+  {"get_serverbanner", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_129get_serverbanner, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_128get_serverbanner},
+  {"get_kex_algo", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_131get_kex_algo, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_130get_kex_algo},
+  {"get_cipher_in", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_133get_cipher_in, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_132get_cipher_in},
+  {"get_cipher_out", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_135get_cipher_out, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_134get_cipher_out},
+  {"get_hmac_in", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_137get_hmac_in, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_136get_hmac_in},
+  {"get_hmac_out", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_139get_hmac_out, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_138get_hmac_out},
+  {"get_error", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_141get_error, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_140get_error},
+  {"get_error_code", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_143get_error_code, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_142get_error_code},
+  {"scp_new", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_145scp_new, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_144scp_new},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_147__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_146__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_7session_7Session_149__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_7session_7Session_148__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_7session_Session[] = {
-  {(char *)"sock", __pyx_getprop_3ssh_7session_7Session_sock, 0, (char *)0, 0},
+  {"sock", __pyx_getprop_3ssh_7session_7Session_sock, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_7session_Session_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_7session_Session},
+  {Py_tp_doc, (void *)PyDoc_STR("Libssh session class providing session related functions.")},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_7session_Session},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_7session_Session},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_7session_Session},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_7session_Session},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_7session_Session},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_7session_Session_spec = {
+  "ssh.session.Session",
+  sizeof(struct __pyx_obj_3ssh_7session_Session),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_7session_Session_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_7session_Session = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.session.Session", /*tp_name*/
+  "ssh.session.""Session", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_7session_Session), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_7session_Session, /*tp_dealloc*/
@@ -12762,12 +17671,7 @@ static PyTypeObject __pyx_type_3ssh_7session_Session = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -12779,7 +17683,7 @@ static PyTypeObject __pyx_type_3ssh_7session_Session = {
   0, /*tp_setattro*/
   0, /*tp_as_buffer*/
   Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC, /*tp_flags*/
-  "Libssh session class providing session related functions.", /*tp_doc*/
+  PyDoc_STR("Libssh session class providing session related functions."), /*tp_doc*/
   __pyx_tp_traverse_3ssh_7session_Session, /*tp_traverse*/
   __pyx_tp_clear_3ssh_7session_Session, /*tp_clear*/
   0, /*tp_richcompare*/
@@ -12793,7 +17697,9 @@ static PyTypeObject __pyx_type_3ssh_7session_Session = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_7session_Session, /*tp_new*/
@@ -12806,213 +17712,100 @@ static PyTypeObject __pyx_type_3ssh_7session_Session = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_session(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_session},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "session",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_ChannelOpenFailure, __pyx_k_ChannelOpenFailure, sizeof(__pyx_k_ChannelOpenFailure), 0, 0, 1, 1},
-  {&__pyx_n_s_InvalidAPIUse, __pyx_k_InvalidAPIUse, sizeof(__pyx_k_InvalidAPIUse), 0, 0, 1, 1},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_NotImplementedError, __pyx_k_NotImplementedError, sizeof(__pyx_k_NotImplementedError), 0, 0, 1, 1},
-  {&__pyx_n_s_OptionError, __pyx_k_OptionError, sizeof(__pyx_k_OptionError), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_AUTH_AGAIN, __pyx_k_SSH_AUTH_AGAIN, sizeof(__pyx_k_SSH_AUTH_AGAIN), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_AUTH_DENIED, __pyx_k_SSH_AUTH_DENIED, sizeof(__pyx_k_SSH_AUTH_DENIED), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_AUTH_ERROR, __pyx_k_SSH_AUTH_ERROR, sizeof(__pyx_k_SSH_AUTH_ERROR), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_AUTH_INFO, __pyx_k_SSH_AUTH_INFO, sizeof(__pyx_k_SSH_AUTH_INFO), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_AUTH_PARTIAL, __pyx_k_SSH_AUTH_PARTIAL, sizeof(__pyx_k_SSH_AUTH_PARTIAL), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_AUTH_SUCCESS, __pyx_k_SSH_AUTH_SUCCESS, sizeof(__pyx_k_SSH_AUTH_SUCCESS), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_CLOSED, __pyx_k_SSH_CLOSED, sizeof(__pyx_k_SSH_CLOSED), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_CLOSED_ERROR, __pyx_k_SSH_CLOSED_ERROR, sizeof(__pyx_k_SSH_CLOSED_ERROR), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_READ_PENDING, __pyx_k_SSH_READ_PENDING, sizeof(__pyx_k_SSH_READ_PENDING), 0, 0, 1, 1},
-  {&__pyx_n_s_SSH_WRITE_PENDING, __pyx_k_SSH_WRITE_PENDING, sizeof(__pyx_k_SSH_WRITE_PENDING), 0, 0, 1, 1},
-  {&__pyx_n_s_Session, __pyx_k_Session, sizeof(__pyx_k_Session), 0, 0, 1, 1},
-  {&__pyx_kp_s_Session_is_not_connected, __pyx_k_Session_is_not_connected, sizeof(__pyx_k_Session_is_not_connected), 0, 0, 1, 0},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_address, __pyx_k_address, sizeof(__pyx_k_address), 0, 0, 1, 1},
-  {&__pyx_n_s_always_display, __pyx_k_always_display, sizeof(__pyx_k_always_display), 0, 0, 1, 1},
-  {&__pyx_n_s_answer, __pyx_k_answer, sizeof(__pyx_k_answer), 0, 0, 1, 1},
-  {&__pyx_n_s_bound_port, __pyx_k_bound_port, sizeof(__pyx_k_bound_port), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_dest_port, __pyx_k_dest_port, sizeof(__pyx_k_dest_port), 0, 0, 1, 1},
-  {&__pyx_n_s_echo, __pyx_k_echo, sizeof(__pyx_k_echo), 0, 0, 1, 1},
-  {&__pyx_n_s_exceptions, __pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_i, __pyx_k_i, sizeof(__pyx_k_i), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_location, __pyx_k_location, sizeof(__pyx_k_location), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_message, __pyx_k_message, sizeof(__pyx_k_message), 0, 0, 1, 1},
-  {&__pyx_n_s_mode, __pyx_k_mode, sizeof(__pyx_k_mode), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_option, __pyx_k_option, sizeof(__pyx_k_option), 0, 0, 1, 1},
-  {&__pyx_n_s_password, __pyx_k_password, sizeof(__pyx_k_password), 0, 0, 1, 1},
-  {&__pyx_n_s_port, __pyx_k_port, sizeof(__pyx_k_port), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_rcounter, __pyx_k_rcounter, sizeof(__pyx_k_rcounter), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_scounter, __pyx_k_scounter, sizeof(__pyx_k_scounter), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_submethods, __pyx_k_submethods, sizeof(__pyx_k_submethods), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {&__pyx_n_s_timeout, __pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 0, 1, 1},
-  {&__pyx_n_s_username, __pyx_k_username, sizeof(__pyx_k_username), 0, 0, 1, 1},
-  {&__pyx_n_s_value, __pyx_k_value, sizeof(__pyx_k_value), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 64, __pyx_L1_error)
-  __pyx_builtin_NotImplementedError = __Pyx_GetBuiltinName(__pyx_n_s_NotImplementedError); if (!__pyx_builtin_NotImplementedError) __PYX_ERR(0, 281, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
   /*--- Type init code ---*/
-  if (PyType_Ready(&__pyx_type_3ssh_7session_Session) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_7session_Session.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_7session_Session_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_7session_Session)) __PYX_ERR(0, 75, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_7session_Session_spec, __pyx_mstate->__pyx_ptype_3ssh_7session_Session) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = &__pyx_type_3ssh_7session_Session;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_7session_Session) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_7session_Session.tp_dictoffset && __pyx_type_3ssh_7session_Session.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_7session_Session.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_7session_Session->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_7session_Session->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_7session_Session->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Session, (PyObject *)&__pyx_type_3ssh_7session_Session) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_7session_Session) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
-  __pyx_ptype_3ssh_7session_Session = &__pyx_type_3ssh_7session_Session;
+  #endif
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_Session, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_7session_Session) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_7session_Session) < 0) __PYX_ERR(0, 75, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -13020,73 +17813,138 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 9, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 9, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_4type_type = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "type", 
+  __pyx_mstate->__pyx_ptype_7cpython_4type_type = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "type",
   #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
-  sizeof(PyTypeObject),
+  sizeof(PyTypeObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyTypeObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
   #else
-  sizeof(PyHeapTypeObject),
+  sizeof(PyHeapTypeObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyHeapTypeObject),
   #endif
-  __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_4type_type) __PYX_ERR(2, 9, __pyx_L1_error)
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_4type_type) __PYX_ERR(3, 9, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 8, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 8, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_4bool_bool = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "bool", sizeof(PyBoolObject), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_4bool_bool) __PYX_ERR(3, 8, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_7cpython_4bool_bool = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "bool",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(PyLongObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyLongObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
+  #else
+  sizeof(PyLongObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyLongObject),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_4bool_bool) __PYX_ERR(4, 8, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 15, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 16, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_7cpython_7complex_complex = __Pyx_ImportType(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "complex", sizeof(PyComplexObject), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_7cpython_7complex_complex) __PYX_ERR(4, 15, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_7cpython_7complex_complex = __Pyx_ImportType_3_1_4(__pyx_t_1, __Pyx_BUILTIN_MODULE_NAME, "complex",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(PyComplexObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyComplexObject),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  0, 0,
+  #else
+  sizeof(PyComplexObject), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(PyComplexObject),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_7cpython_7complex_complex) __PYX_ERR(5, 16, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.channel"); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 22, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.channel"); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7channel_Channel = __Pyx_ImportType(__pyx_t_1, "ssh.channel", "Channel", sizeof(struct __pyx_obj_3ssh_7channel_Channel), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7channel_Channel) __PYX_ERR(5, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_7channel_Channel = (struct __pyx_vtabstruct_3ssh_7channel_Channel*)__Pyx_GetVtable(__pyx_ptype_3ssh_7channel_Channel->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_7channel_Channel)) __PYX_ERR(5, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7channel_Channel = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.channel", "Channel",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7channel_Channel),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7channel_Channel),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7channel_Channel), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7channel_Channel),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel) __PYX_ERR(6, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_7channel_Channel = (struct __pyx_vtabstruct_3ssh_7channel_Channel*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_7channel_Channel); if (unlikely(!__pyx_vtabptr_3ssh_7channel_Channel)) __PYX_ERR(6, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.connector"); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 22, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.connector"); if (unlikely(!__pyx_t_1)) __PYX_ERR(7, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_9connector_Flag = __Pyx_ImportType(__pyx_t_1, "ssh.connector", "Flag", sizeof(struct __pyx_obj_3ssh_9connector_Flag), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_9connector_Flag) __PYX_ERR(6, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_9connector_Flag = (struct __pyx_vtabstruct_3ssh_9connector_Flag*)__Pyx_GetVtable(__pyx_ptype_3ssh_9connector_Flag->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Flag)) __PYX_ERR(6, 22, __pyx_L1_error)
-  __pyx_ptype_3ssh_9connector_Connector = __Pyx_ImportType(__pyx_t_1, "ssh.connector", "Connector", sizeof(struct __pyx_obj_3ssh_9connector_Connector), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_9connector_Connector) __PYX_ERR(6, 29, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_9connector_Connector = (struct __pyx_vtabstruct_3ssh_9connector_Connector*)__Pyx_GetVtable(__pyx_ptype_3ssh_9connector_Connector->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Connector)) __PYX_ERR(6, 29, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Flag = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.connector", "Flag",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Flag),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Flag),
+  #else
+  sizeof(struct __pyx_obj_3ssh_9connector_Flag), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Flag),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag) __PYX_ERR(7, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_9connector_Flag = (struct __pyx_vtabstruct_3ssh_9connector_Flag*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_9connector_Flag); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Flag)) __PYX_ERR(7, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_9connector_Connector = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.connector", "Connector",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Connector),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Connector),
+  #else
+  sizeof(struct __pyx_obj_3ssh_9connector_Connector), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_9connector_Connector),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector) __PYX_ERR(7, 29, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_9connector_Connector = (struct __pyx_vtabstruct_3ssh_9connector_Connector*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_9connector_Connector); if (unlikely(!__pyx_vtabptr_3ssh_9connector_Connector)) __PYX_ERR(7, 29, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.options"); if (unlikely(!__pyx_t_1)) __PYX_ERR(7, 20, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.options"); if (unlikely(!__pyx_t_1)) __PYX_ERR(8, 20, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7options_Option = __Pyx_ImportType(__pyx_t_1, "ssh.options", "Option", sizeof(struct __pyx_obj_3ssh_7options_Option), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7options_Option) __PYX_ERR(7, 20, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_7options_Option = (struct __pyx_vtabstruct_3ssh_7options_Option*)__Pyx_GetVtable(__pyx_ptype_3ssh_7options_Option->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_7options_Option)) __PYX_ERR(7, 20, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7options_Option = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.options", "Option",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7options_Option), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7options_Option),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7options_Option), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7options_Option),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7options_Option), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7options_Option),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7options_Option) __PYX_ERR(8, 20, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_7options_Option = (struct __pyx_vtabstruct_3ssh_7options_Option*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_7options_Option); if (unlikely(!__pyx_vtabptr_3ssh_7options_Option)) __PYX_ERR(8, 20, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.key"); if (unlikely(!__pyx_t_1)) __PYX_ERR(8, 20, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.key"); if (unlikely(!__pyx_t_1)) __PYX_ERR(9, 20, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_3key_SSHKey = __Pyx_ImportType(__pyx_t_1, "ssh.key", "SSHKey", sizeof(struct __pyx_obj_3ssh_3key_SSHKey), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_3key_SSHKey) __PYX_ERR(8, 20, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_3key_SSHKey = (struct __pyx_vtabstruct_3ssh_3key_SSHKey*)__Pyx_GetVtable(__pyx_ptype_3ssh_3key_SSHKey->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_3key_SSHKey)) __PYX_ERR(8, 20, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.key", "SSHKey",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_3key_SSHKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_3key_SSHKey),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_3key_SSHKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_3key_SSHKey),
+  #else
+  sizeof(struct __pyx_obj_3ssh_3key_SSHKey), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_3key_SSHKey),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey) __PYX_ERR(9, 20, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_3key_SSHKey = (struct __pyx_vtabstruct_3ssh_3key_SSHKey*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_3key_SSHKey); if (unlikely(!__pyx_vtabptr_3ssh_3key_SSHKey)) __PYX_ERR(9, 20, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.sftp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(9, 22, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.sftp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(10, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType(__pyx_t_1, "ssh.sftp", "SFTP", sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(9, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_ptype_3ssh_4sftp_SFTP->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(9, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp", "SFTP",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #else
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(10, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(10, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = PyImport_ImportModule("ssh.scp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(10, 22, __pyx_L1_error)
+  __pyx_t_1 = PyImport_ImportModule("ssh.scp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(11, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_3scp_SCP = __Pyx_ImportType(__pyx_t_1, "ssh.scp", "SCP", sizeof(struct __pyx_obj_3ssh_3scp_SCP), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_3scp_SCP) __PYX_ERR(10, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_3scp_SCP = (struct __pyx_vtabstruct_3ssh_3scp_SCP*)__Pyx_GetVtable(__pyx_ptype_3ssh_3scp_SCP->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_3scp_SCP)) __PYX_ERR(10, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_3scp_SCP = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.scp", "SCP",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_3scp_SCP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_3scp_SCP),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_3scp_SCP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_3scp_SCP),
+  #else
+  sizeof(struct __pyx_obj_3ssh_3scp_SCP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_3scp_SCP),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP) __PYX_ERR(11, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_3scp_SCP = (struct __pyx_vtabstruct_3ssh_3scp_SCP*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_3scp_SCP); if (unlikely(!__pyx_vtabptr_3ssh_3scp_SCP)) __PYX_ERR(11, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -13096,16 +17954,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -13114,10 +17974,10 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_auth_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_auth_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_auth_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_auth_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -13127,50 +17987,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_session(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_session},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "session",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initsession(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initsession(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_session(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_session(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -13178,7 +18109,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -13193,10 +18126,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -13219,10 +18155,15 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_session(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -13233,9 +18174,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_session(PyObject *__pyx_pyinit_mod
     PyErr_SetString(PyExc_RuntimeError, "Module 'session' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "session" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -13245,123 +18214,87 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_session(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_session", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("session", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__session) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.session")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.session", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.session", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/session.pyx":29
- * from scp cimport SCP
+ * from .scp cimport SCP
  * 
- * from exceptions import OptionError, InvalidAPIUse, ChannelOpenFailure             # <<<<<<<<<<<<<<
+ * from .exceptions import OptionError, InvalidAPIUse, ChannelOpenFailure             # <<<<<<<<<<<<<<
  * 
- * from c_sftp cimport sftp_session, sftp_new, sftp_init
- */
-  __pyx_t_1 = PyList_New(3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(__pyx_n_s_OptionError);
-  __Pyx_GIVEREF(__pyx_n_s_OptionError);
-  PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_OptionError);
-  __Pyx_INCREF(__pyx_n_s_InvalidAPIUse);
-  __Pyx_GIVEREF(__pyx_n_s_InvalidAPIUse);
-  PyList_SET_ITEM(__pyx_t_1, 1, __pyx_n_s_InvalidAPIUse);
-  __Pyx_INCREF(__pyx_n_s_ChannelOpenFailure);
-  __Pyx_GIVEREF(__pyx_n_s_ChannelOpenFailure);
-  PyList_SET_ITEM(__pyx_t_1, 2, __pyx_n_s_ChannelOpenFailure);
-  __pyx_t_2 = __Pyx_Import(__pyx_n_s_exceptions, __pyx_t_1, -1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 29, __pyx_L1_error)
+ * from .c_sftp cimport sftp_session, sftp_new, sftp_init
+*/
+  __pyx_t_2 = __Pyx_PyList_Pack(3, __pyx_mstate_global->__pyx_n_u_OptionError, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 29, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_OptionError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_OptionError, __pyx_t_1) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_InvalidAPIUse); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_InvalidAPIUse, __pyx_t_1) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_ChannelOpenFailure); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ChannelOpenFailure, __pyx_t_1) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_exceptions, __pyx_t_2, 1); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_OptionError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_OptionError, __pyx_t_2) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_InvalidAPIUse, __pyx_t_2) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 29, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ChannelOpenFailure, __pyx_t_2) < 0) __PYX_ERR(0, 29, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/session.pyx":36
  * 
@@ -13369,11 +18302,11 @@ if (!__Pyx_RefNanny) {
  * SSH_CLOSED = c_ssh.SSH_CLOSED             # <<<<<<<<<<<<<<
  * SSH_READ_PENDING = c_ssh.SSH_READ_PENDING
  * SSH_CLOSED_ERROR = c_ssh.SSH_CLOSED_ERROR
- */
-  __pyx_t_2 = __Pyx_PyInt_From_int(SSH_CLOSED); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 36, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_CLOSED, __pyx_t_2) < 0) __PYX_ERR(0, 36, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_CLOSED); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 36, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_CLOSED, __pyx_t_3) < 0) __PYX_ERR(0, 36, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/session.pyx":37
  * # SSH status flags
@@ -13381,1272 +18314,5557 @@ if (!__Pyx_RefNanny) {
  * SSH_READ_PENDING = c_ssh.SSH_READ_PENDING             # <<<<<<<<<<<<<<
  * SSH_CLOSED_ERROR = c_ssh.SSH_CLOSED_ERROR
  * SSH_WRITE_PENDING = c_ssh.SSH_WRITE_PENDING
- */
-  __pyx_t_2 = __Pyx_PyInt_From_int(SSH_READ_PENDING); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 37, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_READ_PENDING, __pyx_t_2) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_READ_PENDING); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_READ_PENDING, __pyx_t_3) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/session.pyx":38
  * SSH_CLOSED = c_ssh.SSH_CLOSED
  * SSH_READ_PENDING = c_ssh.SSH_READ_PENDING
  * SSH_CLOSED_ERROR = c_ssh.SSH_CLOSED_ERROR             # <<<<<<<<<<<<<<
  * SSH_WRITE_PENDING = c_ssh.SSH_WRITE_PENDING
- * 
- */
-  __pyx_t_2 = __Pyx_PyInt_From_int(SSH_CLOSED_ERROR); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 38, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_CLOSED_ERROR, __pyx_t_2) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+ * SSH_CRYPT = c_ssh.SSH_CRYPT
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_CLOSED_ERROR); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 38, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_CLOSED_ERROR, __pyx_t_3) < 0) __PYX_ERR(0, 38, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/session.pyx":39
  * SSH_READ_PENDING = c_ssh.SSH_READ_PENDING
  * SSH_CLOSED_ERROR = c_ssh.SSH_CLOSED_ERROR
  * SSH_WRITE_PENDING = c_ssh.SSH_WRITE_PENDING             # <<<<<<<<<<<<<<
+ * SSH_CRYPT = c_ssh.SSH_CRYPT
+ * SSH_MAC = c_ssh.SSH_MAC
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_WRITE_PENDING); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 39, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_WRITE_PENDING, __pyx_t_3) < 0) __PYX_ERR(0, 39, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":40
+ * SSH_CLOSED_ERROR = c_ssh.SSH_CLOSED_ERROR
+ * SSH_WRITE_PENDING = c_ssh.SSH_WRITE_PENDING
+ * SSH_CRYPT = c_ssh.SSH_CRYPT             # <<<<<<<<<<<<<<
+ * SSH_MAC = c_ssh.SSH_MAC
+ * SSH_COMP = c_ssh.SSH_COMP
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_CRYPT); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 40, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_CRYPT, __pyx_t_3) < 0) __PYX_ERR(0, 40, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":41
+ * SSH_WRITE_PENDING = c_ssh.SSH_WRITE_PENDING
+ * SSH_CRYPT = c_ssh.SSH_CRYPT
+ * SSH_MAC = c_ssh.SSH_MAC             # <<<<<<<<<<<<<<
+ * SSH_COMP = c_ssh.SSH_COMP
+ * SSH_LANG = c_ssh.SSH_LANG
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_MAC); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_MAC, __pyx_t_3) < 0) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":42
+ * SSH_CRYPT = c_ssh.SSH_CRYPT
+ * SSH_MAC = c_ssh.SSH_MAC
+ * SSH_COMP = c_ssh.SSH_COMP             # <<<<<<<<<<<<<<
+ * SSH_LANG = c_ssh.SSH_LANG
  * 
- * 
- */
-  __pyx_t_2 = __Pyx_PyInt_From_int(SSH_WRITE_PENDING); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 39, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_WRITE_PENDING, __pyx_t_2) < 0) __PYX_ERR(0, 39, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_COMP); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 42, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_COMP, __pyx_t_3) < 0) __PYX_ERR(0, 42, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/session.pyx":43
+ * SSH_MAC = c_ssh.SSH_MAC
+ * SSH_COMP = c_ssh.SSH_COMP
+ * SSH_LANG = c_ssh.SSH_LANG             # <<<<<<<<<<<<<<
+ * 
+ * 
+*/
+  __pyx_t_3 = __Pyx_PyLong_From___pyx_anon_enum(SSH_LANG); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 43, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_LANG, __pyx_t_3) < 0) __PYX_ERR(0, 43, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":47
  * 
  * # Authentication codes
  * SSH_AUTH_SUCCESS = c_ssh.ssh_auth_e.SSH_AUTH_SUCCESS             # <<<<<<<<<<<<<<
  * SSH_AUTH_DENIED = c_ssh.ssh_auth_e.SSH_AUTH_DENIED
  * SSH_AUTH_PARTIAL = c_ssh.ssh_auth_e.SSH_AUTH_PARTIAL
- */
-  __pyx_t_2 = __Pyx_PyInt_From_enum__ssh_auth_e(SSH_AUTH_SUCCESS); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 43, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AUTH_SUCCESS, __pyx_t_2) < 0) __PYX_ERR(0, 43, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_auth_e(SSH_AUTH_SUCCESS); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 47, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AUTH_SUCCESS, __pyx_t_3) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":44
+  /* "ssh/session.pyx":48
  * # Authentication codes
  * SSH_AUTH_SUCCESS = c_ssh.ssh_auth_e.SSH_AUTH_SUCCESS
  * SSH_AUTH_DENIED = c_ssh.ssh_auth_e.SSH_AUTH_DENIED             # <<<<<<<<<<<<<<
  * SSH_AUTH_PARTIAL = c_ssh.ssh_auth_e.SSH_AUTH_PARTIAL
  * SSH_AUTH_INFO = c_ssh.ssh_auth_e.SSH_AUTH_INFO
- */
-  __pyx_t_2 = __Pyx_PyInt_From_enum__ssh_auth_e(SSH_AUTH_DENIED); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 44, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AUTH_DENIED, __pyx_t_2) < 0) __PYX_ERR(0, 44, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_auth_e(SSH_AUTH_DENIED); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AUTH_DENIED, __pyx_t_3) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":45
+  /* "ssh/session.pyx":49
  * SSH_AUTH_SUCCESS = c_ssh.ssh_auth_e.SSH_AUTH_SUCCESS
  * SSH_AUTH_DENIED = c_ssh.ssh_auth_e.SSH_AUTH_DENIED
  * SSH_AUTH_PARTIAL = c_ssh.ssh_auth_e.SSH_AUTH_PARTIAL             # <<<<<<<<<<<<<<
  * SSH_AUTH_INFO = c_ssh.ssh_auth_e.SSH_AUTH_INFO
  * SSH_AUTH_AGAIN = c_ssh.ssh_auth_e.SSH_AUTH_AGAIN
- */
-  __pyx_t_2 = __Pyx_PyInt_From_enum__ssh_auth_e(SSH_AUTH_PARTIAL); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AUTH_PARTIAL, __pyx_t_2) < 0) __PYX_ERR(0, 45, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_auth_e(SSH_AUTH_PARTIAL); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AUTH_PARTIAL, __pyx_t_3) < 0) __PYX_ERR(0, 49, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":46
+  /* "ssh/session.pyx":50
  * SSH_AUTH_DENIED = c_ssh.ssh_auth_e.SSH_AUTH_DENIED
  * SSH_AUTH_PARTIAL = c_ssh.ssh_auth_e.SSH_AUTH_PARTIAL
  * SSH_AUTH_INFO = c_ssh.ssh_auth_e.SSH_AUTH_INFO             # <<<<<<<<<<<<<<
  * SSH_AUTH_AGAIN = c_ssh.ssh_auth_e.SSH_AUTH_AGAIN
  * SSH_AUTH_ERROR = c_ssh.ssh_auth_e.SSH_AUTH_ERROR
- */
-  __pyx_t_2 = __Pyx_PyInt_From_enum__ssh_auth_e(SSH_AUTH_INFO); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AUTH_INFO, __pyx_t_2) < 0) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_auth_e(SSH_AUTH_INFO); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AUTH_INFO, __pyx_t_3) < 0) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":47
+  /* "ssh/session.pyx":51
  * SSH_AUTH_PARTIAL = c_ssh.ssh_auth_e.SSH_AUTH_PARTIAL
  * SSH_AUTH_INFO = c_ssh.ssh_auth_e.SSH_AUTH_INFO
  * SSH_AUTH_AGAIN = c_ssh.ssh_auth_e.SSH_AUTH_AGAIN             # <<<<<<<<<<<<<<
  * SSH_AUTH_ERROR = c_ssh.ssh_auth_e.SSH_AUTH_ERROR
  * 
- */
-  __pyx_t_2 = __Pyx_PyInt_From_enum__ssh_auth_e(SSH_AUTH_AGAIN); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AUTH_AGAIN, __pyx_t_2) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_auth_e(SSH_AUTH_AGAIN); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 51, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AUTH_AGAIN, __pyx_t_3) < 0) __PYX_ERR(0, 51, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /* "ssh/session.pyx":48
+  /* "ssh/session.pyx":52
  * SSH_AUTH_INFO = c_ssh.ssh_auth_e.SSH_AUTH_INFO
  * SSH_AUTH_AGAIN = c_ssh.ssh_auth_e.SSH_AUTH_AGAIN
  * SSH_AUTH_ERROR = c_ssh.ssh_auth_e.SSH_AUTH_ERROR             # <<<<<<<<<<<<<<
  * 
  * 
- */
-  __pyx_t_2 = __Pyx_PyInt_From_enum__ssh_auth_e(SSH_AUTH_ERROR); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 48, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSH_AUTH_ERROR, __pyx_t_2) < 0) __PYX_ERR(0, 48, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_auth_e(SSH_AUTH_ERROR); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_AUTH_ERROR, __pyx_t_3) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":56
+ * 
+ * # Key Exchange types
+ * SSH_KEX = c_ssh.ssh_kex_types_e.SSH_KEX             # <<<<<<<<<<<<<<
+ * SSH_HOSTKEYS = c_ssh.ssh_kex_types_e.SSH_HOSTKEYS
+ * SSH_CRYPT_C_S = c_ssh.ssh_kex_types_e.SSH_CRYPT_C_S
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_KEX); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_KEX, __pyx_t_3) < 0) __PYX_ERR(0, 56, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":57
+ * # Key Exchange types
+ * SSH_KEX = c_ssh.ssh_kex_types_e.SSH_KEX
+ * SSH_HOSTKEYS = c_ssh.ssh_kex_types_e.SSH_HOSTKEYS             # <<<<<<<<<<<<<<
+ * SSH_CRYPT_C_S = c_ssh.ssh_kex_types_e.SSH_CRYPT_C_S
+ * SSH_CRYPT_S_C = c_ssh.ssh_kex_types_e.SSH_CRYPT_S_C
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_HOSTKEYS); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_HOSTKEYS, __pyx_t_3) < 0) __PYX_ERR(0, 57, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":58
+ * SSH_KEX = c_ssh.ssh_kex_types_e.SSH_KEX
+ * SSH_HOSTKEYS = c_ssh.ssh_kex_types_e.SSH_HOSTKEYS
+ * SSH_CRYPT_C_S = c_ssh.ssh_kex_types_e.SSH_CRYPT_C_S             # <<<<<<<<<<<<<<
+ * SSH_CRYPT_S_C = c_ssh.ssh_kex_types_e.SSH_CRYPT_S_C
+ * SSH_MAC_C_S = c_ssh.ssh_kex_types_e.SSH_MAC_C_S
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_CRYPT_C_S); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_CRYPT_C_S, __pyx_t_3) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":59
+ * SSH_HOSTKEYS = c_ssh.ssh_kex_types_e.SSH_HOSTKEYS
+ * SSH_CRYPT_C_S = c_ssh.ssh_kex_types_e.SSH_CRYPT_C_S
+ * SSH_CRYPT_S_C = c_ssh.ssh_kex_types_e.SSH_CRYPT_S_C             # <<<<<<<<<<<<<<
+ * SSH_MAC_C_S = c_ssh.ssh_kex_types_e.SSH_MAC_C_S
+ * SSH_MAC_S_C = c_ssh.ssh_kex_types_e.SSH_MAC_S_C
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_CRYPT_S_C); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_CRYPT_S_C, __pyx_t_3) < 0) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":60
+ * SSH_CRYPT_C_S = c_ssh.ssh_kex_types_e.SSH_CRYPT_C_S
+ * SSH_CRYPT_S_C = c_ssh.ssh_kex_types_e.SSH_CRYPT_S_C
+ * SSH_MAC_C_S = c_ssh.ssh_kex_types_e.SSH_MAC_C_S             # <<<<<<<<<<<<<<
+ * SSH_MAC_S_C = c_ssh.ssh_kex_types_e.SSH_MAC_S_C
+ * SSH_COMP_C_S = c_ssh.ssh_kex_types_e.SSH_COMP_C_S
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_MAC_C_S); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 60, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_MAC_C_S, __pyx_t_3) < 0) __PYX_ERR(0, 60, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":61
+ * SSH_CRYPT_S_C = c_ssh.ssh_kex_types_e.SSH_CRYPT_S_C
+ * SSH_MAC_C_S = c_ssh.ssh_kex_types_e.SSH_MAC_C_S
+ * SSH_MAC_S_C = c_ssh.ssh_kex_types_e.SSH_MAC_S_C             # <<<<<<<<<<<<<<
+ * SSH_COMP_C_S = c_ssh.ssh_kex_types_e.SSH_COMP_C_S
+ * SSH_COMP_S_C = c_ssh.ssh_kex_types_e.SSH_COMP_S_C
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_MAC_S_C); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_MAC_S_C, __pyx_t_3) < 0) __PYX_ERR(0, 61, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":62
+ * SSH_MAC_C_S = c_ssh.ssh_kex_types_e.SSH_MAC_C_S
+ * SSH_MAC_S_C = c_ssh.ssh_kex_types_e.SSH_MAC_S_C
+ * SSH_COMP_C_S = c_ssh.ssh_kex_types_e.SSH_COMP_C_S             # <<<<<<<<<<<<<<
+ * SSH_COMP_S_C = c_ssh.ssh_kex_types_e.SSH_COMP_S_C
+ * SSH_LANG_C_S = c_ssh.ssh_kex_types_e.SSH_LANG_C_S
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_COMP_C_S); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_COMP_C_S, __pyx_t_3) < 0) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":63
+ * SSH_MAC_S_C = c_ssh.ssh_kex_types_e.SSH_MAC_S_C
+ * SSH_COMP_C_S = c_ssh.ssh_kex_types_e.SSH_COMP_C_S
+ * SSH_COMP_S_C = c_ssh.ssh_kex_types_e.SSH_COMP_S_C             # <<<<<<<<<<<<<<
+ * SSH_LANG_C_S = c_ssh.ssh_kex_types_e.SSH_LANG_C_S
+ * SSH_LANG_S_C = c_ssh.ssh_kex_types_e.SSH_LANG_S_C
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_COMP_S_C); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_COMP_S_C, __pyx_t_3) < 0) __PYX_ERR(0, 63, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":64
+ * SSH_COMP_C_S = c_ssh.ssh_kex_types_e.SSH_COMP_C_S
+ * SSH_COMP_S_C = c_ssh.ssh_kex_types_e.SSH_COMP_S_C
+ * SSH_LANG_C_S = c_ssh.ssh_kex_types_e.SSH_LANG_C_S             # <<<<<<<<<<<<<<
+ * SSH_LANG_S_C = c_ssh.ssh_kex_types_e.SSH_LANG_S_C
+ * 
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_LANG_C_S); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_LANG_C_S, __pyx_t_3) < 0) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":65
+ * SSH_COMP_S_C = c_ssh.ssh_kex_types_e.SSH_COMP_S_C
+ * SSH_LANG_C_S = c_ssh.ssh_kex_types_e.SSH_LANG_C_S
+ * SSH_LANG_S_C = c_ssh.ssh_kex_types_e.SSH_LANG_S_C             # <<<<<<<<<<<<<<
+ * 
+ * 
+*/
+  __pyx_t_3 = __Pyx_PyLong_From_enum__ssh_kex_types_e(SSH_LANG_S_C); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSH_LANG_S_C, __pyx_t_3) < 0) __PYX_ERR(0, 65, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":88
+ *             self._session = NULL
+ * 
+ *     def set_socket(self, socket not None):             # <<<<<<<<<<<<<<
+ *         """Set socket to use for session.
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_5set_socket, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_socket, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 88, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_socket, __pyx_t_3) < 0) __PYX_ERR(0, 88, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":104
+ *         return rc
+ * 
+ *     def blocking_flush(self, int timeout):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_7blocking_flush, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_blocking_flush, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 104, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_blocking_flush, __pyx_t_3) < 0) __PYX_ERR(0, 104, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":110
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def channel_new(self):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.ssh_channel _channel
+ *         cdef Channel channel
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_9channel_new, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_channel_new, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 110, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_channel_new, __pyx_t_3) < 0) __PYX_ERR(0, 110, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":121
+ *         return channel
+ * 
+ *     def sftp_new(self):             # <<<<<<<<<<<<<<
+ *         cdef sftp_session _sftp
+ *         cdef SFTP sftp
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_11sftp_new, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_sftp_new, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_sftp_new, __pyx_t_3) < 0) __PYX_ERR(0, 121, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":133
+ *         return sftp
+ * 
+ *     def sftp_init(self):             # <<<<<<<<<<<<<<
+ *         """Convenience function for creating and initialising new SFTP
+ *         session.
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_13sftp_init, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_sftp_init, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_sftp_init, __pyx_t_3) < 0) __PYX_ERR(0, 133, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":153
+ *         return sftp
+ * 
+ *     def connect(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_15connect, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_connect, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_connect, __pyx_t_3) < 0) __PYX_ERR(0, 153, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":159
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def disconnect(self):             # <<<<<<<<<<<<<<
+ *         """No-op. Handled by object de-allocation."""
+ *         # Due to bug in libssh that segfaults if session
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_17disconnect, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_disconnect, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 159, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_disconnect, __pyx_t_3) < 0) __PYX_ERR(0, 159, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":170
+ *         #     c_ssh.ssh_disconnect(self._session)
+ * 
+ *     def connector_new(self):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.ssh_connector _connector
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_19connector_new, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_connector_new, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 170, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_connector_new, __pyx_t_3) < 0) __PYX_ERR(0, 170, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":178
+ *         return Connector.from_ptr(_connector, self)
+ * 
+ *     def accept_forward(self, int timeout, int dest_port):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.ssh_channel _channel
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_21accept_forward, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_accept_forward, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 178, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_accept_forward, __pyx_t_3) < 0) __PYX_ERR(0, 178, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":188
+ *         return Channel.from_ptr(_channel, self)
+ * 
+ *     def cancel_forward(self, address not None, int port):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_address = to_bytes(address)
+ *         cdef char *c_address = b_address
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_23cancel_forward, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_cancel_forward, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 188, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_cancel_forward, __pyx_t_3) < 0) __PYX_ERR(0, 188, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":197
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def listen_forward(self, address not None, int port, int bound_port):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_address = to_bytes(address)
+ *         cdef char *c_address = b_address
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_25listen_forward, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_listen_forward, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 197, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_listen_forward, __pyx_t_3) < 0) __PYX_ERR(0, 197, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":206
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def get_disconnect_message(self):             # <<<<<<<<<<<<<<
+ *         cdef const char *message
+ *         cdef bytes b_message
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_27get_disconnect_message, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_disconnect_message, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 206, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_disconnect_message, __pyx_t_3) < 0) __PYX_ERR(0, 206, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":215
+ *         return b_message
+ * 
+ *     def get_fd(self):             # <<<<<<<<<<<<<<
+ *         cdef c_ssh.socket_t _sock
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_29get_fd, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_fd, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 215, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_fd, __pyx_t_3) < 0) __PYX_ERR(0, 215, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":221
+ *         return _sock
+ * 
+ *     def get_issue_banner(self):             # <<<<<<<<<<<<<<
+ *         cdef char *_banner
+ *         cdef bytes banner
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_31get_issue_banner, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_issue_banner, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 221, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_issue_banner, __pyx_t_3) < 0) __PYX_ERR(0, 221, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":232
+ *         return banner
+ * 
+ *     def get_openssh_version(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_33get_openssh_version, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_openssh_version, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 232, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_openssh_version, __pyx_t_3) < 0) __PYX_ERR(0, 232, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":239
+ *         return rc
+ * 
+ *     def get_server_publickey(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef c_ssh.ssh_key _key
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_35get_server_publickey, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_server_publickey, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 239, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_server_publickey, __pyx_t_3) < 0) __PYX_ERR(0, 239, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":255
+ *         return SSHKey.from_ptr(_key)
+ * 
+ *     def get_version(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_37get_version, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_version, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 255, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_version, __pyx_t_3) < 0) __PYX_ERR(0, 255, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":261
+ *         return rc
+ * 
+ *     def get_status(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_39get_status, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_status, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 261, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_status, __pyx_t_3) < 0) __PYX_ERR(0, 261, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":267
+ *         return rc
+ * 
+ *     def get_poll_flags(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_41get_poll_flags, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_poll_flags, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[18])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 267, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_poll_flags, __pyx_t_3) < 0) __PYX_ERR(0, 267, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":273
+ *         return rc
+ * 
+ *     def is_blocking(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_43is_blocking, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_is_blocking, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[19])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 273, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_is_blocking, __pyx_t_3) < 0) __PYX_ERR(0, 273, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":279
+ *         return bool(rc)
+ * 
+ *     def is_connected(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_45is_connected, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_is_connected, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[20])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 279, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_is_connected, __pyx_t_3) < 0) __PYX_ERR(0, 279, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":285
+ *         return bool(rc)
+ * 
+ *     def is_server_known(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_47is_server_known, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_is_server_known, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[21])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 285, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_is_server_known, __pyx_t_3) < 0) __PYX_ERR(0, 285, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":291
+ *         return bool(rc)
+ * 
+ *     def copy_options(self, Session destination):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_49copy_options, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_copy_options, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[22])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 291, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_copy_options, __pyx_t_3) < 0) __PYX_ERR(0, 291, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":297
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_getopt(self):             # <<<<<<<<<<<<<<
+ *         raise NotImplementedError
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_51options_getopt, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_getopt, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[23])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 297, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_getopt, __pyx_t_3) < 0) __PYX_ERR(0, 297, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":300
+ *         raise NotImplementedError
+ * 
+ *     def options_parse_config(self, filepath):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_filepath = to_bytes(filepath)
+ *         cdef char *c_filepath = b_filepath
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_53options_parse_config, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_parse_config, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[24])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 300, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_parse_config, __pyx_t_3) < 0) __PYX_ERR(0, 300, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":308
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_set_port(self, int port):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_55options_set_port, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_set_port, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[25])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 308, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_set_port, __pyx_t_3) < 0) __PYX_ERR(0, 308, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":315
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_get_port(self, unsigned int port_target):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_57options_get_port, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_get_port, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[26])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 315, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_get_port, __pyx_t_3) < 0) __PYX_ERR(0, 315, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":321
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_set_gssapi_delegate_credentials(self, bint delegate):             # <<<<<<<<<<<<<<
+ *         """
+ *         Set delegating credentials to server on/off.
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_59options_set_gssapi_delegate_credentials, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_set_gssapi_deleg, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[27])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 321, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_set_gssapi_delegate_cred, __pyx_t_3) < 0) __PYX_ERR(0, 321, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":335
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_set(self, Option option, value):             # <<<<<<<<<<<<<<
+ *         """Set an option for session. This function can only be used for
+ *         string options like host. For numeric options, port etc, use the
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_61options_set, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_set, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[28])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 335, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_set, __pyx_t_3) < 0) __PYX_ERR(0, 335, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":352
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def options_get(self, Option option):             # <<<<<<<<<<<<<<
+ *         """Get option value. This function can only be used for string options.
+ *         For numeric or other options use the individual functions.
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_63options_get, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_get, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[29])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 352, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_get, __pyx_t_3) < 0) __PYX_ERR(0, 352, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":370
+ *         return to_str(b_value)
+ * 
+ *     def options_set_int_val(self, Option option, int value):             # <<<<<<<<<<<<<<
+ *         """
+ *         Set numeric value options when applicable.
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_65options_set_int_val, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_options_set_int_val, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[30])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 370, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_options_set_int_val, __pyx_t_3) < 0) __PYX_ERR(0, 370, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":379
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def send_ignore(self, bytes data):             # <<<<<<<<<<<<<<
+ *         cdef char *c_data = data
+ *         cdef int rc
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_67send_ignore, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_send_ignore, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[31])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 379, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_send_ignore, __pyx_t_3) < 0) __PYX_ERR(0, 379, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":386
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def send_debug(self, bytes message, int always_display):             # <<<<<<<<<<<<<<
+ *         cdef char *c_message = message
+ *         cdef int rc
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_69send_debug, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_send_debug, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[32])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 386, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_send_debug, __pyx_t_3) < 0) __PYX_ERR(0, 386, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":394
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def gssapi_set_creds(self, creds not None):             # <<<<<<<<<<<<<<
+ *         raise NotImplementedError
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_71gssapi_set_creds, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_gssapi_set_creds, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[33])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 394, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_gssapi_set_creds, __pyx_t_3) < 0) __PYX_ERR(0, 394, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":397
+ *         raise NotImplementedError
+ * 
+ *     def service_request(self, bytes service):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         cdef char *c_service = service
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_73service_request, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_service_request, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[34])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 397, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_service_request, __pyx_t_3) < 0) __PYX_ERR(0, 397, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":406
+ *     # These are also excluded from Windows builds.
+ *     IF not ON_WINDOWS:
+ *         def set_agent_channel(self, Channel channel):             # <<<<<<<<<<<<<<
+ *             cdef int rc
+ *             with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_75set_agent_channel, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_agent_channel, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[35])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 406, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_agent_channel, __pyx_t_3) < 0) __PYX_ERR(0, 406, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":413
+ *             return handle_error_codes(rc, self._session)
+ * 
+ *         def set_agent_socket(self, socket not None):             # <<<<<<<<<<<<<<
+ *             cdef int rc
+ *             cdef c_ssh.socket_t _sock = PyObject_AsFileDescriptor(socket)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_77set_agent_socket, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_agent_socket, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[36])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 413, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_agent_socket, __pyx_t_3) < 0) __PYX_ERR(0, 413, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":420
+ *             return handle_error_codes(rc, self._session)
+ * 
+ *     def set_blocking(self, int blocking):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_ssh.ssh_set_blocking(self._session, blocking)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_79set_blocking, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_blocking, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[37])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 420, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_blocking, __pyx_t_3) < 0) __PYX_ERR(0, 420, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":424
+ *             c_ssh.ssh_set_blocking(self._session, blocking)
+ * 
+ *     def set_counters(self, scounter, rcounter):             # <<<<<<<<<<<<<<
+ *         raise NotImplementedError
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_81set_counters, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_counters, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[38])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 424, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_counters, __pyx_t_3) < 0) __PYX_ERR(0, 424, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":427
+ *         raise NotImplementedError
+ * 
+ *     def set_fd_except(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_ssh.ssh_set_fd_except(self._session)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_83set_fd_except, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_fd_except, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[39])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 427, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_fd_except, __pyx_t_3) < 0) __PYX_ERR(0, 427, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":431
+ *             c_ssh.ssh_set_fd_except(self._session)
+ * 
+ *     def set_fd_toread(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_ssh.ssh_set_fd_toread(self._session)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_85set_fd_toread, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_fd_toread, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[40])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 431, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_fd_toread, __pyx_t_3) < 0) __PYX_ERR(0, 431, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":435
+ *             c_ssh.ssh_set_fd_toread(self._session)
+ * 
+ *     def set_fd_towrite(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_ssh.ssh_set_fd_towrite(self._session)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_87set_fd_towrite, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_set_fd_towrite, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[41])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 435, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_set_fd_towrite, __pyx_t_3) < 0) __PYX_ERR(0, 435, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":439
+ *             c_ssh.ssh_set_fd_towrite(self._session)
+ * 
+ *     def silent_disconnect(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_ssh.ssh_silent_disconnect(self._session)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_89silent_disconnect, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_silent_disconnect, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[42])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 439, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_silent_disconnect, __pyx_t_3) < 0) __PYX_ERR(0, 439, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":443
+ *             c_ssh.ssh_silent_disconnect(self._session)
+ * 
+ *     def userauth_none(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_91userauth_none, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_none, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[43])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 443, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_none, __pyx_t_3) < 0) __PYX_ERR(0, 443, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":450
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_list(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_93userauth_list, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_list, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[44])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 450, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_list, __pyx_t_3) < 0) __PYX_ERR(0, 450, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":457
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def userauth_try_publickey(self, SSHKey pubkey not None):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_95userauth_try_publickey, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_try_publickey, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[45])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 457, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_try_publickey, __pyx_t_3) < 0) __PYX_ERR(0, 457, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":465
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_publickey(self, SSHKey privkey not None):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_97userauth_publickey, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_publickey, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[46])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 465, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_publickey, __pyx_t_3) < 0) __PYX_ERR(0, 465, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":475
+ *     # ssh_userauth_agent is excluded from libssh.h on Windows.
+ *     IF not ON_WINDOWS:
+ *         def userauth_agent(self, username not None):             # <<<<<<<<<<<<<<
+ *             cdef bytes b_username = to_bytes(username)
+ *             cdef char *c_username = b_username
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_99userauth_agent, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_agent, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[47])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 475, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_agent, __pyx_t_3) < 0) __PYX_ERR(0, 475, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":484
+ *             return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_publickey_auto(self, passphrase not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_passphrase = to_bytes(passphrase)
+ *         cdef char *c_passphrase = b_passphrase
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_101userauth_publickey_auto, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_publickey_auto, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[48])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 484, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_publickey_auto, __pyx_t_3) < 0) __PYX_ERR(0, 484, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":494
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_password(self, username not None, password not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_username = to_bytes(username)
+ *         cdef bytes b_password = to_bytes(password)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_103userauth_password, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_password, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[49])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 494, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_password, __pyx_t_3) < 0) __PYX_ERR(0, 494, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":506
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_kbdint(self, username not None, submethods not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_username = to_bytes(username)
+ *         cdef bytes b_submethods = to_bytes(submethods)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_105userauth_kbdint, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[50])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 506, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint, __pyx_t_3) < 0) __PYX_ERR(0, 506, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":518
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_kbdint_getinstruction(self):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_instruction
+ *         cdef const_char *_instruction
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_107userauth_kbdint_getinstruction, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_getinstr, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[51])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 518, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_getinstruction, __pyx_t_3) < 0) __PYX_ERR(0, 518, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":528
+ *         return b_instruction
+ * 
+ *     def userauth_kbdint_getname(self):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_name
+ *         cdef const_char *_name
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_109userauth_kbdint_getname, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_getname, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[52])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 528, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_getname, __pyx_t_3) < 0) __PYX_ERR(0, 528, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":537
+ *         return b_name
+ * 
+ *     def userauth_kbdint_getnprompts(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_111userauth_kbdint_getnprompts, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_getnprom, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[53])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 537, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_getnprompts, __pyx_t_3) < 0) __PYX_ERR(0, 537, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":544
+ *         return rc
+ * 
+ *     def userauth_kbdint_getprompt(self, unsigned int i, bytes echo not None):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_prompt
+ *         cdef bytes b_prompt
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_113userauth_kbdint_getprompt, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_getpromp, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[54])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 544, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_getprompt, __pyx_t_3) < 0) __PYX_ERR(0, 544, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":555
+ *         return b_prompt
+ * 
+ *     def userauth_kbdint_getnanswers(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_115userauth_kbdint_getnanswers, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_getnansw, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[55])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 555, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_getnanswers, __pyx_t_3) < 0) __PYX_ERR(0, 555, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":562
+ *         return rc
+ * 
+ *     def userauth_kbdint_getanswer(self, unsigned int i):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_answer
+ *         cdef bytes b_answer
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_117userauth_kbdint_getanswer, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_getanswe, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[56])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 562, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_getanswer, __pyx_t_3) < 0) __PYX_ERR(0, 562, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":572
+ *         return b_answer
+ * 
+ *     def userauth_kbdint_setanswer(self, unsigned int i, bytes answer not None):             # <<<<<<<<<<<<<<
+ *         cdef char *c_answer = answer
+ *         cdef int rc
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_119userauth_kbdint_setanswer, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_kbdint_setanswe, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[57])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 572, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_kbdint_setanswer, __pyx_t_3) < 0) __PYX_ERR(0, 572, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":581
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def userauth_gssapi(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_121userauth_gssapi, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_userauth_gssapi, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[58])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 581, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_userauth_gssapi, __pyx_t_3) < 0) __PYX_ERR(0, 581, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":588
+ *         return handle_auth_error_codes(rc, self._session)
+ * 
+ *     def write_knownhost(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_123write_knownhost, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_write_knownhost, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[59])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 588, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_write_knownhost, __pyx_t_3) < 0) __PYX_ERR(0, 588, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":594
+ *         return handle_error_codes(rc, self._session)
+ * 
+ *     def dump_knownhost(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_known_host
+ *         cdef bytes b_known_host
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_125dump_knownhost, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_dump_knownhost, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[60])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 594, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_dump_knownhost, __pyx_t_3) < 0) __PYX_ERR(0, 594, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":604
+ *         return b_known_host
+ * 
+ *     def get_clientbanner(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_banner
+ *         cdef bytes banner
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_127get_clientbanner, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_clientbanner, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[61])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 604, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_clientbanner, __pyx_t_3) < 0) __PYX_ERR(0, 604, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":614
+ *         return banner
+ * 
+ *     def get_serverbanner(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_banner
+ *         cdef bytes banner
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_129get_serverbanner, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_serverbanner, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[62])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 614, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_serverbanner, __pyx_t_3) < 0) __PYX_ERR(0, 614, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":624
+ *         return banner
+ * 
+ *     def get_kex_algo(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_algo
+ *         cdef bytes algo
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_131get_kex_algo, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_kex_algo, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[63])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 624, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_kex_algo, __pyx_t_3) < 0) __PYX_ERR(0, 624, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":634
+ *         return algo
+ * 
+ *     def get_cipher_in(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_cipher
+ *         cdef bytes cipher
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_133get_cipher_in, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_cipher_in, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[64])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 634, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_cipher_in, __pyx_t_3) < 0) __PYX_ERR(0, 634, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":644
+ *         return cipher
+ * 
+ *     def get_cipher_out(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_cipher
+ *         cdef bytes cipher
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_135get_cipher_out, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_cipher_out, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[65])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 644, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_cipher_out, __pyx_t_3) < 0) __PYX_ERR(0, 644, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":654
+ *         return cipher
+ * 
+ *     def get_hmac_in(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_hmac
+ *         cdef bytes hmac
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_137get_hmac_in, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_hmac_in, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[66])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 654, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_hmac_in, __pyx_t_3) < 0) __PYX_ERR(0, 654, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":664
+ *         return hmac
+ * 
+ *     def get_hmac_out(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *_hmac
+ *         cdef bytes hmac
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_139get_hmac_out, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_hmac_out, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[67])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 664, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_hmac_out, __pyx_t_3) < 0) __PYX_ERR(0, 664, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":674
+ *         return hmac
+ * 
+ *     def get_error(self):             # <<<<<<<<<<<<<<
+ *         cdef const_char *error
+ *         cdef bytes b_error
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_141get_error, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_error, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[68])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 674, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_error, __pyx_t_3) < 0) __PYX_ERR(0, 674, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":684
+ *         return to_str(b_error)
+ * 
+ *     def get_error_code(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_143get_error_code, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_get_error_code, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[69])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 684, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_get_error_code, __pyx_t_3) < 0) __PYX_ERR(0, 684, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":690
+ *         return rc
+ * 
+ *     def scp_new(self, int mode, location not None):             # <<<<<<<<<<<<<<
+ *         """Create and initialise SCP channel"""
+ *         cdef c_ssh.ssh_scp _scp
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_145scp_new, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session_scp_new, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[70])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 690, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_7session_Session, __pyx_mstate_global->__pyx_n_u_scp_new, __pyx_t_3) < 0) __PYX_ERR(0, 690, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_147__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[71])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_3) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_7session_7Session_149__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_Session___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_session, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[72])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_3) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/session.pyx":1
+ * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
+ * # Copyright (C) 2018 Panos Kittenis
+ * #
+*/
+  __pyx_t_3 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_3) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /*--- Wrapped vars code ---*/
+
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
+  if (__pyx_m) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
+      __Pyx_AddTraceback("init ssh.session", __pyx_clineno, __pyx_lineno, __pyx_filename);
+    }
+    #if !CYTHON_USE_MODULE_STATE
+    Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
+  } else if (!PyErr_Occurred()) {
+    PyErr_SetString(PyExc_ImportError, "init ssh.session");
+  }
+  __pyx_L0:;
+  __Pyx_RefNannyFinishContext();
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  return (__pyx_m != NULL) ? 0 : -1;
+  #else
+  return __pyx_m;
+  #endif
+}
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_ChannelOpenFailure, sizeof(__pyx_k_ChannelOpenFailure), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ChannelOpenFailure */
+  {__pyx_k_InvalidAPIUse, sizeof(__pyx_k_InvalidAPIUse), 0, 1, 1}, /* PyObject cname: __pyx_n_u_InvalidAPIUse */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_NotImplementedError, sizeof(__pyx_k_NotImplementedError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_NotImplementedError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_OptionError, sizeof(__pyx_k_OptionError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_OptionError */
+  {__pyx_k_SSH_AUTH_AGAIN, sizeof(__pyx_k_SSH_AUTH_AGAIN), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AUTH_AGAIN */
+  {__pyx_k_SSH_AUTH_DENIED, sizeof(__pyx_k_SSH_AUTH_DENIED), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AUTH_DENIED */
+  {__pyx_k_SSH_AUTH_ERROR, sizeof(__pyx_k_SSH_AUTH_ERROR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AUTH_ERROR */
+  {__pyx_k_SSH_AUTH_INFO, sizeof(__pyx_k_SSH_AUTH_INFO), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AUTH_INFO */
+  {__pyx_k_SSH_AUTH_PARTIAL, sizeof(__pyx_k_SSH_AUTH_PARTIAL), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AUTH_PARTIAL */
+  {__pyx_k_SSH_AUTH_SUCCESS, sizeof(__pyx_k_SSH_AUTH_SUCCESS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_AUTH_SUCCESS */
+  {__pyx_k_SSH_CLOSED, sizeof(__pyx_k_SSH_CLOSED), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_CLOSED */
+  {__pyx_k_SSH_CLOSED_ERROR, sizeof(__pyx_k_SSH_CLOSED_ERROR), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_CLOSED_ERROR */
+  {__pyx_k_SSH_COMP, sizeof(__pyx_k_SSH_COMP), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_COMP */
+  {__pyx_k_SSH_COMP_C_S, sizeof(__pyx_k_SSH_COMP_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_COMP_C_S */
+  {__pyx_k_SSH_COMP_S_C, sizeof(__pyx_k_SSH_COMP_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_COMP_S_C */
+  {__pyx_k_SSH_CRYPT, sizeof(__pyx_k_SSH_CRYPT), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_CRYPT */
+  {__pyx_k_SSH_CRYPT_C_S, sizeof(__pyx_k_SSH_CRYPT_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_CRYPT_C_S */
+  {__pyx_k_SSH_CRYPT_S_C, sizeof(__pyx_k_SSH_CRYPT_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_CRYPT_S_C */
+  {__pyx_k_SSH_HOSTKEYS, sizeof(__pyx_k_SSH_HOSTKEYS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_HOSTKEYS */
+  {__pyx_k_SSH_KEX, sizeof(__pyx_k_SSH_KEX), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_KEX */
+  {__pyx_k_SSH_LANG, sizeof(__pyx_k_SSH_LANG), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_LANG */
+  {__pyx_k_SSH_LANG_C_S, sizeof(__pyx_k_SSH_LANG_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_LANG_C_S */
+  {__pyx_k_SSH_LANG_S_C, sizeof(__pyx_k_SSH_LANG_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_LANG_S_C */
+  {__pyx_k_SSH_MAC, sizeof(__pyx_k_SSH_MAC), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_MAC */
+  {__pyx_k_SSH_MAC_C_S, sizeof(__pyx_k_SSH_MAC_C_S), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_MAC_C_S */
+  {__pyx_k_SSH_MAC_S_C, sizeof(__pyx_k_SSH_MAC_S_C), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_MAC_S_C */
+  {__pyx_k_SSH_READ_PENDING, sizeof(__pyx_k_SSH_READ_PENDING), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_READ_PENDING */
+  {__pyx_k_SSH_WRITE_PENDING, sizeof(__pyx_k_SSH_WRITE_PENDING), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSH_WRITE_PENDING */
+  {__pyx_k_Session, sizeof(__pyx_k_Session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session */
+  {__pyx_k_Session___reduce_cython, sizeof(__pyx_k_Session___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session___reduce_cython */
+  {__pyx_k_Session___setstate_cython, sizeof(__pyx_k_Session___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session___setstate_cython */
+  {__pyx_k_Session_accept_forward, sizeof(__pyx_k_Session_accept_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_accept_forward */
+  {__pyx_k_Session_blocking_flush, sizeof(__pyx_k_Session_blocking_flush), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_blocking_flush */
+  {__pyx_k_Session_cancel_forward, sizeof(__pyx_k_Session_cancel_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_cancel_forward */
+  {__pyx_k_Session_channel_new, sizeof(__pyx_k_Session_channel_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_channel_new */
+  {__pyx_k_Session_connect, sizeof(__pyx_k_Session_connect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_connect */
+  {__pyx_k_Session_connector_new, sizeof(__pyx_k_Session_connector_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_connector_new */
+  {__pyx_k_Session_copy_options, sizeof(__pyx_k_Session_copy_options), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_copy_options */
+  {__pyx_k_Session_disconnect, sizeof(__pyx_k_Session_disconnect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_disconnect */
+  {__pyx_k_Session_dump_knownhost, sizeof(__pyx_k_Session_dump_knownhost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_dump_knownhost */
+  {__pyx_k_Session_get_cipher_in, sizeof(__pyx_k_Session_get_cipher_in), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_cipher_in */
+  {__pyx_k_Session_get_cipher_out, sizeof(__pyx_k_Session_get_cipher_out), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_cipher_out */
+  {__pyx_k_Session_get_clientbanner, sizeof(__pyx_k_Session_get_clientbanner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_clientbanner */
+  {__pyx_k_Session_get_disconnect_message, sizeof(__pyx_k_Session_get_disconnect_message), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_disconnect_message */
+  {__pyx_k_Session_get_error, sizeof(__pyx_k_Session_get_error), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_error */
+  {__pyx_k_Session_get_error_code, sizeof(__pyx_k_Session_get_error_code), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_error_code */
+  {__pyx_k_Session_get_fd, sizeof(__pyx_k_Session_get_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_fd */
+  {__pyx_k_Session_get_hmac_in, sizeof(__pyx_k_Session_get_hmac_in), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_hmac_in */
+  {__pyx_k_Session_get_hmac_out, sizeof(__pyx_k_Session_get_hmac_out), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_hmac_out */
+  {__pyx_k_Session_get_issue_banner, sizeof(__pyx_k_Session_get_issue_banner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_issue_banner */
+  {__pyx_k_Session_get_kex_algo, sizeof(__pyx_k_Session_get_kex_algo), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_kex_algo */
+  {__pyx_k_Session_get_openssh_version, sizeof(__pyx_k_Session_get_openssh_version), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_openssh_version */
+  {__pyx_k_Session_get_poll_flags, sizeof(__pyx_k_Session_get_poll_flags), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_poll_flags */
+  {__pyx_k_Session_get_server_publickey, sizeof(__pyx_k_Session_get_server_publickey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_server_publickey */
+  {__pyx_k_Session_get_serverbanner, sizeof(__pyx_k_Session_get_serverbanner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_serverbanner */
+  {__pyx_k_Session_get_status, sizeof(__pyx_k_Session_get_status), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_status */
+  {__pyx_k_Session_get_version, sizeof(__pyx_k_Session_get_version), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_get_version */
+  {__pyx_k_Session_gssapi_set_creds, sizeof(__pyx_k_Session_gssapi_set_creds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_gssapi_set_creds */
+  {__pyx_k_Session_is_blocking, sizeof(__pyx_k_Session_is_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_is_blocking */
+  {__pyx_k_Session_is_connected, sizeof(__pyx_k_Session_is_connected), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_is_connected */
+  {__pyx_k_Session_is_not_connected, sizeof(__pyx_k_Session_is_not_connected), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Session_is_not_connected */
+  {__pyx_k_Session_is_server_known, sizeof(__pyx_k_Session_is_server_known), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_is_server_known */
+  {__pyx_k_Session_listen_forward, sizeof(__pyx_k_Session_listen_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_listen_forward */
+  {__pyx_k_Session_options_get, sizeof(__pyx_k_Session_options_get), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_get */
+  {__pyx_k_Session_options_get_port, sizeof(__pyx_k_Session_options_get_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_get_port */
+  {__pyx_k_Session_options_getopt, sizeof(__pyx_k_Session_options_getopt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_getopt */
+  {__pyx_k_Session_options_parse_config, sizeof(__pyx_k_Session_options_parse_config), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_parse_config */
+  {__pyx_k_Session_options_set, sizeof(__pyx_k_Session_options_set), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_set */
+  {__pyx_k_Session_options_set_gssapi_deleg, sizeof(__pyx_k_Session_options_set_gssapi_deleg), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_set_gssapi_deleg */
+  {__pyx_k_Session_options_set_int_val, sizeof(__pyx_k_Session_options_set_int_val), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_set_int_val */
+  {__pyx_k_Session_options_set_port, sizeof(__pyx_k_Session_options_set_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_options_set_port */
+  {__pyx_k_Session_scp_new, sizeof(__pyx_k_Session_scp_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_scp_new */
+  {__pyx_k_Session_send_debug, sizeof(__pyx_k_Session_send_debug), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_send_debug */
+  {__pyx_k_Session_send_ignore, sizeof(__pyx_k_Session_send_ignore), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_send_ignore */
+  {__pyx_k_Session_service_request, sizeof(__pyx_k_Session_service_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_service_request */
+  {__pyx_k_Session_set_agent_channel, sizeof(__pyx_k_Session_set_agent_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_agent_channel */
+  {__pyx_k_Session_set_agent_socket, sizeof(__pyx_k_Session_set_agent_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_agent_socket */
+  {__pyx_k_Session_set_blocking, sizeof(__pyx_k_Session_set_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_blocking */
+  {__pyx_k_Session_set_counters, sizeof(__pyx_k_Session_set_counters), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_counters */
+  {__pyx_k_Session_set_fd_except, sizeof(__pyx_k_Session_set_fd_except), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_fd_except */
+  {__pyx_k_Session_set_fd_toread, sizeof(__pyx_k_Session_set_fd_toread), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_fd_toread */
+  {__pyx_k_Session_set_fd_towrite, sizeof(__pyx_k_Session_set_fd_towrite), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_fd_towrite */
+  {__pyx_k_Session_set_socket, sizeof(__pyx_k_Session_set_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_set_socket */
+  {__pyx_k_Session_sftp_init, sizeof(__pyx_k_Session_sftp_init), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_sftp_init */
+  {__pyx_k_Session_sftp_new, sizeof(__pyx_k_Session_sftp_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_sftp_new */
+  {__pyx_k_Session_silent_disconnect, sizeof(__pyx_k_Session_silent_disconnect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_silent_disconnect */
+  {__pyx_k_Session_userauth_agent, sizeof(__pyx_k_Session_userauth_agent), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_agent */
+  {__pyx_k_Session_userauth_gssapi, sizeof(__pyx_k_Session_userauth_gssapi), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_gssapi */
+  {__pyx_k_Session_userauth_kbdint, sizeof(__pyx_k_Session_userauth_kbdint), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint */
+  {__pyx_k_Session_userauth_kbdint_getanswe, sizeof(__pyx_k_Session_userauth_kbdint_getanswe), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_getanswe */
+  {__pyx_k_Session_userauth_kbdint_getinstr, sizeof(__pyx_k_Session_userauth_kbdint_getinstr), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_getinstr */
+  {__pyx_k_Session_userauth_kbdint_getname, sizeof(__pyx_k_Session_userauth_kbdint_getname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_getname */
+  {__pyx_k_Session_userauth_kbdint_getnansw, sizeof(__pyx_k_Session_userauth_kbdint_getnansw), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_getnansw */
+  {__pyx_k_Session_userauth_kbdint_getnprom, sizeof(__pyx_k_Session_userauth_kbdint_getnprom), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_getnprom */
+  {__pyx_k_Session_userauth_kbdint_getpromp, sizeof(__pyx_k_Session_userauth_kbdint_getpromp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_getpromp */
+  {__pyx_k_Session_userauth_kbdint_setanswe, sizeof(__pyx_k_Session_userauth_kbdint_setanswe), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_kbdint_setanswe */
+  {__pyx_k_Session_userauth_list, sizeof(__pyx_k_Session_userauth_list), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_list */
+  {__pyx_k_Session_userauth_none, sizeof(__pyx_k_Session_userauth_none), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_none */
+  {__pyx_k_Session_userauth_password, sizeof(__pyx_k_Session_userauth_password), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_password */
+  {__pyx_k_Session_userauth_publickey, sizeof(__pyx_k_Session_userauth_publickey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_publickey */
+  {__pyx_k_Session_userauth_publickey_auto, sizeof(__pyx_k_Session_userauth_publickey_auto), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_publickey_auto */
+  {__pyx_k_Session_userauth_try_publickey, sizeof(__pyx_k_Session_userauth_try_publickey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_userauth_try_publickey */
+  {__pyx_k_Session_write_knownhost, sizeof(__pyx_k_Session_write_knownhost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_Session_write_knownhost */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_accept_forward, sizeof(__pyx_k_accept_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_accept_forward */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_address, sizeof(__pyx_k_address), 0, 1, 1}, /* PyObject cname: __pyx_n_u_address */
+  {__pyx_k_algo, sizeof(__pyx_k_algo), 0, 1, 1}, /* PyObject cname: __pyx_n_u_algo */
+  {__pyx_k_algo_2, sizeof(__pyx_k_algo_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_algo_2 */
+  {__pyx_k_always_display, sizeof(__pyx_k_always_display), 0, 1, 1}, /* PyObject cname: __pyx_n_u_always_display */
+  {__pyx_k_answer, sizeof(__pyx_k_answer), 0, 1, 1}, /* PyObject cname: __pyx_n_u_answer */
+  {__pyx_k_answer_2, sizeof(__pyx_k_answer_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_answer_2 */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_b_address, sizeof(__pyx_k_b_address), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_address */
+  {__pyx_k_b_answer, sizeof(__pyx_k_b_answer), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_answer */
+  {__pyx_k_b_error, sizeof(__pyx_k_b_error), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_error */
+  {__pyx_k_b_filepath, sizeof(__pyx_k_b_filepath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_filepath */
+  {__pyx_k_b_instruction, sizeof(__pyx_k_b_instruction), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_instruction */
+  {__pyx_k_b_known_host, sizeof(__pyx_k_b_known_host), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_known_host */
+  {__pyx_k_b_location, sizeof(__pyx_k_b_location), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_location */
+  {__pyx_k_b_message, sizeof(__pyx_k_b_message), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_message */
+  {__pyx_k_b_name, sizeof(__pyx_k_b_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_name */
+  {__pyx_k_b_passphrase, sizeof(__pyx_k_b_passphrase), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_passphrase */
+  {__pyx_k_b_password, sizeof(__pyx_k_b_password), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_password */
+  {__pyx_k_b_prompt, sizeof(__pyx_k_b_prompt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_prompt */
+  {__pyx_k_b_submethods, sizeof(__pyx_k_b_submethods), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_submethods */
+  {__pyx_k_b_username, sizeof(__pyx_k_b_username), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_username */
+  {__pyx_k_b_value, sizeof(__pyx_k_b_value), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_value */
+  {__pyx_k_banner, sizeof(__pyx_k_banner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_banner */
+  {__pyx_k_banner_2, sizeof(__pyx_k_banner_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_banner_2 */
+  {__pyx_k_blocking, sizeof(__pyx_k_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_blocking */
+  {__pyx_k_blocking_flush, sizeof(__pyx_k_blocking_flush), 0, 1, 1}, /* PyObject cname: __pyx_n_u_blocking_flush */
+  {__pyx_k_bound_port, sizeof(__pyx_k_bound_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_bound_port */
+  {__pyx_k_c_address, sizeof(__pyx_k_c_address), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_address */
+  {__pyx_k_c_answer, sizeof(__pyx_k_c_answer), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_answer */
+  {__pyx_k_c_data, sizeof(__pyx_k_c_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_data */
+  {__pyx_k_c_echo, sizeof(__pyx_k_c_echo), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_echo */
+  {__pyx_k_c_filepath, sizeof(__pyx_k_c_filepath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_filepath */
+  {__pyx_k_c_location, sizeof(__pyx_k_c_location), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_location */
+  {__pyx_k_c_message, sizeof(__pyx_k_c_message), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_message */
+  {__pyx_k_c_passphrase, sizeof(__pyx_k_c_passphrase), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_passphrase */
+  {__pyx_k_c_password, sizeof(__pyx_k_c_password), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_password */
+  {__pyx_k_c_service, sizeof(__pyx_k_c_service), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_service */
+  {__pyx_k_c_submethods, sizeof(__pyx_k_c_submethods), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_submethods */
+  {__pyx_k_c_username, sizeof(__pyx_k_c_username), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_username */
+  {__pyx_k_c_value, sizeof(__pyx_k_c_value), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_value */
+  {__pyx_k_cancel_forward, sizeof(__pyx_k_cancel_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cancel_forward */
+  {__pyx_k_channel, sizeof(__pyx_k_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_channel */
+  {__pyx_k_channel_2, sizeof(__pyx_k_channel_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_channel_2 */
+  {__pyx_k_channel_new, sizeof(__pyx_k_channel_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_channel_new */
+  {__pyx_k_cipher, sizeof(__pyx_k_cipher), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cipher */
+  {__pyx_k_cipher_2, sizeof(__pyx_k_cipher_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cipher_2 */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_connect, sizeof(__pyx_k_connect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_connect */
+  {__pyx_k_connector, sizeof(__pyx_k_connector), 0, 1, 1}, /* PyObject cname: __pyx_n_u_connector */
+  {__pyx_k_connector_new, sizeof(__pyx_k_connector_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_connector_new */
+  {__pyx_k_copy_options, sizeof(__pyx_k_copy_options), 0, 1, 1}, /* PyObject cname: __pyx_n_u_copy_options */
+  {__pyx_k_creds, sizeof(__pyx_k_creds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_creds */
+  {__pyx_k_data, sizeof(__pyx_k_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_data */
+  {__pyx_k_delegate, sizeof(__pyx_k_delegate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_delegate */
+  {__pyx_k_dest_port, sizeof(__pyx_k_dest_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dest_port */
+  {__pyx_k_destination, sizeof(__pyx_k_destination), 0, 1, 1}, /* PyObject cname: __pyx_n_u_destination */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_disconnect, sizeof(__pyx_k_disconnect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_disconnect */
+  {__pyx_k_dump_knownhost, sizeof(__pyx_k_dump_knownhost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dump_knownhost */
+  {__pyx_k_echo, sizeof(__pyx_k_echo), 0, 1, 1}, /* PyObject cname: __pyx_n_u_echo */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_error, sizeof(__pyx_k_error), 0, 1, 1}, /* PyObject cname: __pyx_n_u_error */
+  {__pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exceptions */
+  {__pyx_k_fd, sizeof(__pyx_k_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_fd */
+  {__pyx_k_filepath, sizeof(__pyx_k_filepath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_filepath */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_get_cipher_in, sizeof(__pyx_k_get_cipher_in), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_cipher_in */
+  {__pyx_k_get_cipher_out, sizeof(__pyx_k_get_cipher_out), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_cipher_out */
+  {__pyx_k_get_clientbanner, sizeof(__pyx_k_get_clientbanner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_clientbanner */
+  {__pyx_k_get_disconnect_message, sizeof(__pyx_k_get_disconnect_message), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_disconnect_message */
+  {__pyx_k_get_error, sizeof(__pyx_k_get_error), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_error */
+  {__pyx_k_get_error_code, sizeof(__pyx_k_get_error_code), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_error_code */
+  {__pyx_k_get_fd, sizeof(__pyx_k_get_fd), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_fd */
+  {__pyx_k_get_hmac_in, sizeof(__pyx_k_get_hmac_in), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_hmac_in */
+  {__pyx_k_get_hmac_out, sizeof(__pyx_k_get_hmac_out), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_hmac_out */
+  {__pyx_k_get_issue_banner, sizeof(__pyx_k_get_issue_banner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_issue_banner */
+  {__pyx_k_get_kex_algo, sizeof(__pyx_k_get_kex_algo), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_kex_algo */
+  {__pyx_k_get_openssh_version, sizeof(__pyx_k_get_openssh_version), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_openssh_version */
+  {__pyx_k_get_poll_flags, sizeof(__pyx_k_get_poll_flags), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_poll_flags */
+  {__pyx_k_get_server_publickey, sizeof(__pyx_k_get_server_publickey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_server_publickey */
+  {__pyx_k_get_serverbanner, sizeof(__pyx_k_get_serverbanner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_serverbanner */
+  {__pyx_k_get_status, sizeof(__pyx_k_get_status), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_status */
+  {__pyx_k_get_version, sizeof(__pyx_k_get_version), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_version */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_gssapi_set_creds, sizeof(__pyx_k_gssapi_set_creds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_gssapi_set_creds */
+  {__pyx_k_hmac, sizeof(__pyx_k_hmac), 0, 1, 1}, /* PyObject cname: __pyx_n_u_hmac */
+  {__pyx_k_hmac_2, sizeof(__pyx_k_hmac_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_hmac_2 */
+  {__pyx_k_i, sizeof(__pyx_k_i), 0, 1, 1}, /* PyObject cname: __pyx_n_u_i */
+  {__pyx_k_instruction, sizeof(__pyx_k_instruction), 0, 1, 1}, /* PyObject cname: __pyx_n_u_instruction */
+  {__pyx_k_is_blocking, sizeof(__pyx_k_is_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_blocking */
+  {__pyx_k_is_connected, sizeof(__pyx_k_is_connected), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_connected */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_is_server_known, sizeof(__pyx_k_is_server_known), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_server_known */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_key, sizeof(__pyx_k_key), 0, 1, 1}, /* PyObject cname: __pyx_n_u_key */
+  {__pyx_k_known_host, sizeof(__pyx_k_known_host), 0, 1, 1}, /* PyObject cname: __pyx_n_u_known_host */
+  {__pyx_k_listen_forward, sizeof(__pyx_k_listen_forward), 0, 1, 1}, /* PyObject cname: __pyx_n_u_listen_forward */
+  {__pyx_k_location, sizeof(__pyx_k_location), 0, 1, 1}, /* PyObject cname: __pyx_n_u_location */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_message, sizeof(__pyx_k_message), 0, 1, 1}, /* PyObject cname: __pyx_n_u_message */
+  {__pyx_k_mode, sizeof(__pyx_k_mode), 0, 1, 1}, /* PyObject cname: __pyx_n_u_mode */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_name_2, sizeof(__pyx_k_name_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name_2 */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_option, sizeof(__pyx_k_option), 0, 1, 1}, /* PyObject cname: __pyx_n_u_option */
+  {__pyx_k_options_get, sizeof(__pyx_k_options_get), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_get */
+  {__pyx_k_options_get_port, sizeof(__pyx_k_options_get_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_get_port */
+  {__pyx_k_options_getopt, sizeof(__pyx_k_options_getopt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_getopt */
+  {__pyx_k_options_parse_config, sizeof(__pyx_k_options_parse_config), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_parse_config */
+  {__pyx_k_options_set, sizeof(__pyx_k_options_set), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_set */
+  {__pyx_k_options_set_gssapi_delegate_cred, sizeof(__pyx_k_options_set_gssapi_delegate_cred), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_set_gssapi_delegate_cred */
+  {__pyx_k_options_set_int_val, sizeof(__pyx_k_options_set_int_val), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_set_int_val */
+  {__pyx_k_options_set_port, sizeof(__pyx_k_options_set_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_options_set_port */
+  {__pyx_k_passphrase, sizeof(__pyx_k_passphrase), 0, 1, 1}, /* PyObject cname: __pyx_n_u_passphrase */
+  {__pyx_k_password, sizeof(__pyx_k_password), 0, 1, 1}, /* PyObject cname: __pyx_n_u_password */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_port, sizeof(__pyx_k_port), 0, 1, 1}, /* PyObject cname: __pyx_n_u_port */
+  {__pyx_k_port_target, sizeof(__pyx_k_port_target), 0, 1, 1}, /* PyObject cname: __pyx_n_u_port_target */
+  {__pyx_k_privkey, sizeof(__pyx_k_privkey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_privkey */
+  {__pyx_k_prompt, sizeof(__pyx_k_prompt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_prompt */
+  {__pyx_k_pubkey, sizeof(__pyx_k_pubkey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pubkey */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_rcounter, sizeof(__pyx_k_rcounter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rcounter */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_scounter, sizeof(__pyx_k_scounter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_scounter */
+  {__pyx_k_scp, sizeof(__pyx_k_scp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_scp */
+  {__pyx_k_scp_new, sizeof(__pyx_k_scp_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_scp_new */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_send_debug, sizeof(__pyx_k_send_debug), 0, 1, 1}, /* PyObject cname: __pyx_n_u_send_debug */
+  {__pyx_k_send_ignore, sizeof(__pyx_k_send_ignore), 0, 1, 1}, /* PyObject cname: __pyx_n_u_send_ignore */
+  {__pyx_k_service, sizeof(__pyx_k_service), 0, 1, 1}, /* PyObject cname: __pyx_n_u_service */
+  {__pyx_k_service_request, sizeof(__pyx_k_service_request), 0, 1, 1}, /* PyObject cname: __pyx_n_u_service_request */
+  {__pyx_k_set_agent_channel, sizeof(__pyx_k_set_agent_channel), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_agent_channel */
+  {__pyx_k_set_agent_socket, sizeof(__pyx_k_set_agent_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_agent_socket */
+  {__pyx_k_set_blocking, sizeof(__pyx_k_set_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_blocking */
+  {__pyx_k_set_counters, sizeof(__pyx_k_set_counters), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_counters */
+  {__pyx_k_set_fd_except, sizeof(__pyx_k_set_fd_except), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_fd_except */
+  {__pyx_k_set_fd_toread, sizeof(__pyx_k_set_fd_toread), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_fd_toread */
+  {__pyx_k_set_fd_towrite, sizeof(__pyx_k_set_fd_towrite), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_fd_towrite */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_set_socket, sizeof(__pyx_k_set_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_socket */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_sftp, sizeof(__pyx_k_sftp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sftp */
+  {__pyx_k_sftp_2, sizeof(__pyx_k_sftp_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sftp_2 */
+  {__pyx_k_sftp_init, sizeof(__pyx_k_sftp_init), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sftp_init */
+  {__pyx_k_sftp_new, sizeof(__pyx_k_sftp_new), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sftp_new */
+  {__pyx_k_silent_disconnect, sizeof(__pyx_k_silent_disconnect), 0, 1, 1}, /* PyObject cname: __pyx_n_u_silent_disconnect */
+  {__pyx_k_sock, sizeof(__pyx_k_sock), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sock */
+  {__pyx_k_socket, sizeof(__pyx_k_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_socket */
+  {__pyx_k_ssh_session, sizeof(__pyx_k_ssh_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_session */
+  {__pyx_k_ssh_session_pyx, sizeof(__pyx_k_ssh_session_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_session_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_submethods, sizeof(__pyx_k_submethods), 0, 1, 1}, /* PyObject cname: __pyx_n_u_submethods */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_timeout */
+  {__pyx_k_userauth_agent, sizeof(__pyx_k_userauth_agent), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_agent */
+  {__pyx_k_userauth_gssapi, sizeof(__pyx_k_userauth_gssapi), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_gssapi */
+  {__pyx_k_userauth_kbdint, sizeof(__pyx_k_userauth_kbdint), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint */
+  {__pyx_k_userauth_kbdint_getanswer, sizeof(__pyx_k_userauth_kbdint_getanswer), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_getanswer */
+  {__pyx_k_userauth_kbdint_getinstruction, sizeof(__pyx_k_userauth_kbdint_getinstruction), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_getinstruction */
+  {__pyx_k_userauth_kbdint_getname, sizeof(__pyx_k_userauth_kbdint_getname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_getname */
+  {__pyx_k_userauth_kbdint_getnanswers, sizeof(__pyx_k_userauth_kbdint_getnanswers), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_getnanswers */
+  {__pyx_k_userauth_kbdint_getnprompts, sizeof(__pyx_k_userauth_kbdint_getnprompts), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_getnprompts */
+  {__pyx_k_userauth_kbdint_getprompt, sizeof(__pyx_k_userauth_kbdint_getprompt), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_getprompt */
+  {__pyx_k_userauth_kbdint_setanswer, sizeof(__pyx_k_userauth_kbdint_setanswer), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_kbdint_setanswer */
+  {__pyx_k_userauth_list, sizeof(__pyx_k_userauth_list), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_list */
+  {__pyx_k_userauth_none, sizeof(__pyx_k_userauth_none), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_none */
+  {__pyx_k_userauth_password, sizeof(__pyx_k_userauth_password), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_password */
+  {__pyx_k_userauth_publickey, sizeof(__pyx_k_userauth_publickey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_publickey */
+  {__pyx_k_userauth_publickey_auto, sizeof(__pyx_k_userauth_publickey_auto), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_publickey_auto */
+  {__pyx_k_userauth_try_publickey, sizeof(__pyx_k_userauth_try_publickey), 0, 1, 1}, /* PyObject cname: __pyx_n_u_userauth_try_publickey */
+  {__pyx_k_username, sizeof(__pyx_k_username), 0, 1, 1}, /* PyObject cname: __pyx_n_u_username */
+  {__pyx_k_value, sizeof(__pyx_k_value), 0, 1, 1}, /* PyObject cname: __pyx_n_u_value */
+  {__pyx_k_value_2, sizeof(__pyx_k_value_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_value_2 */
+  {__pyx_k_write_knownhost, sizeof(__pyx_k_write_knownhost), 0, 1, 1}, /* PyObject cname: __pyx_n_u_write_knownhost */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 81, __pyx_L1_error)
+  __pyx_builtin_NotImplementedError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_NotImplementedError); if (!__pyx_builtin_NotImplementedError) __PYX_ERR(0, 298, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 3;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 4;
+            unsigned int flags : 10;
+            unsigned int first_line : 10;
+            unsigned int line_table_length : 12;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 88, 70};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_socket, __pyx_mstate->__pyx_n_u_sock, __pyx_mstate->__pyx_n_u_fd, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_socket, __pyx_k_A_Qa_9_HA_IQ_at_d_1_4t1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 104, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_timeout, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_blocking_flush, __pyx_k_A_k_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 110, 58};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_channel_2, __pyx_mstate->__pyx_n_u_channel};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_channel_new, __pyx_k_A_AT_AT_9Cq_Q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 121, 73};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_sftp, __pyx_mstate->__pyx_n_u_sftp_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_sftp_new, __pyx_k_A_AT_HAT_6_A_Q_Q_9AWA_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 133, 96};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_sftp, __pyx_mstate->__pyx_n_u_sftp_2, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_sftp_init, __pyx_k_A_AT_HAT_vS_Q_0_Q_1_9AWA_4t1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 153, 30};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_connect, __pyx_k_A_l_4q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 159, 2};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_disconnect, __pyx_k_A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 170, 40};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_connector};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_connector_new, __pyx_k_A_0_Q_c_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 178, 56};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_timeout, __pyx_mstate->__pyx_n_u_dest_port, __pyx_mstate->__pyx_n_u_channel_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_accept_forward, __pyx_k_A_AT_7q_Ky_9Cq_iq, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 188, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_address, __pyx_mstate->__pyx_n_u_port, __pyx_mstate->__pyx_n_u_b_address, __pyx_mstate->__pyx_n_u_c_address, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_cancel_forward, __pyx_k_A_xq_q_1_K_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 7, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 197, 54};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_address, __pyx_mstate->__pyx_n_u_port, __pyx_mstate->__pyx_n_u_bound_port, __pyx_mstate->__pyx_n_u_b_address, __pyx_mstate->__pyx_n_u_c_address, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_listen_forward, __pyx_k_A_xq_q_1_K_d_2, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 206, 38};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_message, __pyx_mstate->__pyx_n_u_b_message};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_disconnect_message, __pyx_k_A_AT_6at1_A_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 215, 21};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_sock};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_fd, __pyx_k_A_AT_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 221, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_banner, __pyx_mstate->__pyx_n_u_banner_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_issue_banner, __pyx_k_A_AT_0_Q_83a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 232, 31};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_openssh_version, __pyx_k_A_AT_at1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 239, 96};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_key};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_server_publickey, __pyx_k_A_AT_A_uCq_q_Kq_s_1_Qd_a_Yaq, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 255, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_version, __pyx_k_A_at1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 261, 21};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_status, __pyx_k_A_oQd_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 267, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[18] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_poll_flags, __pyx_k_A_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[18])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 273, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[19] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_is_blocking, __pyx_k_A_at1_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[19])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 279, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[20] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_is_connected, __pyx_k_A_q_A_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[20])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 285, 26};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[21] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_is_server_known, __pyx_k_A_4q_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[21])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 291, 37};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_destination, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[22] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_copy_options, __pyx_k_A_q_Kq_1_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[22])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 297, 7};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[23] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_getopt, __pyx_k_A_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[23])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 300, 47};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_filepath, __pyx_mstate->__pyx_n_u_b_filepath, __pyx_mstate->__pyx_n_u_c_filepath, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[24] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_parse_config, __pyx_k_A_q_Kq_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[24])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 308, 40};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_port, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[25] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_set_port, __pyx_k_A_a_22EQa_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[25])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 315, 35};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_port_target, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[26] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_get_port, __pyx_k_A_1D_1A_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[26])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 321, 42};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_delegate, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[27] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_set_gssapi_delegate_cred, __pyx_k_A_a_A_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[27])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 335, 55};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_option, __pyx_mstate->__pyx_n_u_value, __pyx_mstate->__pyx_n_u_b_value, __pyx_mstate->__pyx_n_u_c_value, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[28] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_set, __pyx_k_A_XQa_at_fJa_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[28])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 352, 77};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_option, __pyx_mstate->__pyx_n_u_value_2, __pyx_mstate->__pyx_n_u_value, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_value};
+    __pyx_mstate_global->__pyx_codeobj_tab[29] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_get, __pyx_k_A_A_a_KvZq_3b_aq_1_vQa, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[29])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 370, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_option, __pyx_mstate->__pyx_n_u_value, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[30] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_options_set_int_val, __pyx_k_A_at_fJaq_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[30])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 379, 38};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_data, __pyx_mstate->__pyx_n_u_c_data, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[31] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_send_ignore, __pyx_k_A_A_at_a_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[31])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 386, 40};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_message, __pyx_mstate->__pyx_n_u_always_display, __pyx_mstate->__pyx_n_u_c_message, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[32] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_send_debug, __pyx_k_A_q_oQ_K_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[32])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 394, 7};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_creds};
+    __pyx_mstate_global->__pyx_codeobj_tab[33] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_gssapi_set_creds, __pyx_k_A_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[33])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 397, 38};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_service, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_c_service};
+    __pyx_mstate_global->__pyx_codeobj_tab[34] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_service_request, __pyx_k_A_q_4_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[34])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 406, 36};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_channel, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[35] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_agent_channel, __pyx_k_0_7_Qd_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[35])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 413, 43};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_socket, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_sock};
+    __pyx_mstate_global->__pyx_codeobj_tab[36] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_agent_socket, __pyx_k_A_q_Kq_Qd_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[36])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 420, 16};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_blocking};
+    __pyx_mstate_global->__pyx_codeobj_tab[37] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_blocking, __pyx_k_A_4, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[37])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 424, 7};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_scounter, __pyx_mstate->__pyx_n_u_rcounter};
+    __pyx_mstate_global->__pyx_codeobj_tab[38] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_counters, __pyx_k_A_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[38])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 427, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[39] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_fd_except, __pyx_k_A_1D, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[39])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 431, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[40] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_fd_toread, __pyx_k_A_1D, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[40])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 435, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[41] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_set_fd_towrite, __pyx_k_A_AT, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[41])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 439, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[42] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_silent_disconnect, __pyx_k_A_q_A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[42])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 443, 42};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[43] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_none, __pyx_k_A_AT_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[43])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 450, 42};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[44] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_list, __pyx_k_A_AT_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[44])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 457, 47};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pubkey, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[45] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_try_publickey, __pyx_k_A_AT_1_KvV1_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[45])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 465, 47};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_privkey, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[46] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_publickey, __pyx_k_A_AT_Q_KvWA_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[46])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 475, 56};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_username, __pyx_mstate->__pyx_n_u_b_username, __pyx_mstate->__pyx_n_u_c_username, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[47] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_agent, __pyx_k_HAQ_A_Q_Qd_Q_4t1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[47])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 484, 59};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_passphrase, __pyx_mstate->__pyx_n_u_b_passphrase, __pyx_mstate->__pyx_n_u_c_passphrase, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[48] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_publickey_auto, __pyx_k_A_1_AT_2_KvQ_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[48])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 494, 73};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_username, __pyx_mstate->__pyx_n_u_password, __pyx_mstate->__pyx_n_u_b_username, __pyx_mstate->__pyx_n_u_b_password, __pyx_mstate->__pyx_n_u_c_username, __pyx_mstate->__pyx_n_u_c_password, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[49] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_password, __pyx_k_A_AT_A_K_1_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[49])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 506, 73};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_username, __pyx_mstate->__pyx_n_u_submethods, __pyx_mstate->__pyx_n_u_b_username, __pyx_mstate->__pyx_n_u_b_submethods, __pyx_mstate->__pyx_n_u_c_username, __pyx_mstate->__pyx_n_u_c_submethods, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[50] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint, __pyx_k_A_1_AT_K_1_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[50])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 518, 45};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_b_instruction, __pyx_mstate->__pyx_n_u_instruction};
+    __pyx_mstate_global->__pyx_codeobj_tab[51] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_getinstruction, __pyx_k_A_AT_C1_A_axq_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[51])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 528, 44};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_b_name, __pyx_mstate->__pyx_n_u_name_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[52] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_getname, __pyx_k_A_AT_5Qd_q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[52])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 537, 31};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[53] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_getnprompts, __pyx_k_A_AT_6at1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[53])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 544, 48};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_i, __pyx_mstate->__pyx_n_u_echo, __pyx_mstate->__pyx_n_u_prompt, __pyx_mstate->__pyx_n_u_b_prompt, __pyx_mstate->__pyx_n_u_c_echo};
+    __pyx_mstate_global->__pyx_codeobj_tab[54] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_getprompt, __pyx_k_A_A_AT_9_Ks_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[54])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 555, 31};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[55] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_getnanswers, __pyx_k_A_AT_6at1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[55])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 562, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_i, __pyx_mstate->__pyx_n_u_answer_2, __pyx_mstate->__pyx_n_u_b_answer};
+    __pyx_mstate_global->__pyx_codeobj_tab[56] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_getanswer, __pyx_k_A_AT_9_Kq_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[56])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 572, 52};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_i, __pyx_mstate->__pyx_n_u_answer, __pyx_mstate->__pyx_n_u_c_answer, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[57] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_kbdint_setanswer, __pyx_k_A_a_AT_4A_Ks_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[57])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 581, 40};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[58] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_userauth_gssapi, __pyx_k_A_AT_4q_at4q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[58])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 588, 31};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[59] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_write_knownhost, __pyx_k_A_4q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[59])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 594, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_known_host, __pyx_mstate->__pyx_n_u_b_known_host};
+    __pyx_mstate_global->__pyx_codeobj_tab[60] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_dump_knownhost, __pyx_k_A_2_4q_s_q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[60])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 604, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_banner, __pyx_mstate->__pyx_n_u_banner_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[61] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_clientbanner, __pyx_k_A_0_Q_83a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[61])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 614, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_banner, __pyx_mstate->__pyx_n_u_banner_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[62] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_serverbanner, __pyx_k_A_0_Q_83a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[62])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 624, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_algo, __pyx_mstate->__pyx_n_u_algo_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[63] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_kex_algo, __pyx_k_A_4q_6_A_q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[63])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 634, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_cipher, __pyx_mstate->__pyx_n_u_cipher_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[64] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_cipher_in, __pyx_k_A_Qd_83a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[64])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 644, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_cipher, __pyx_mstate->__pyx_n_u_cipher_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[65] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_cipher_out, __pyx_k_A_at1_83a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[65])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 654, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_hmac, __pyx_mstate->__pyx_n_u_hmac_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[66] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_hmac_in, __pyx_k_A_a_6_A_q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[66])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 664, 41};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_hmac, __pyx_mstate->__pyx_n_u_hmac_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[67] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_hmac_out, __pyx_k_A_4q_6_A_q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[67])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 674, 44};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_error, __pyx_mstate->__pyx_n_u_b_error};
+    __pyx_mstate_global->__pyx_codeobj_tab[68] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_error, __pyx_k_A_q_A_6_A_vQa, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[68])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 684, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[69] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_get_error_code, __pyx_k_A_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[69])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 690, 124};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_mode, __pyx_mstate->__pyx_n_u_location, __pyx_mstate->__pyx_n_u_scp, __pyx_mstate->__pyx_n_u_b_location, __pyx_mstate->__pyx_n_u_c_location};
+    __pyx_mstate_global->__pyx_codeobj_tab[70] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_session_pyx, __pyx_mstate->__pyx_n_u_scp_new, __pyx_k_A_AT_F_uCq_Q_0_Q_M_1_Q_0_Q_1F, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[70])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[71] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[71])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[72] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[72])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
+    r = PyLong_AsVoidPtr(p);
+end:
+    Py_XDECREF(p);
+    Py_XDECREF(m);
+    return (__Pyx_RefNannyAPIStruct *)r;
+}
+#endif
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* PyDictVersioning */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
+    PyObject **dictptr = NULL;
+    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
+    if (offset) {
+#if CYTHON_COMPILING_IN_CPYTHON
+        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+#else
+        dictptr = _PyObject_GetDictPtr(obj);
+#endif
+    }
+    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+}
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
+        return 0;
+    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+}
+#endif
+
+/* GetModuleGlobalName */
+#if CYTHON_USE_DICT_VERSIONS
+static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+#else
+static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+#endif
+{
+    PyObject *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
+        return NULL;
+    }
+    result = PyObject_GetAttr(__pyx_m, name);
+    if (likely(result)) {
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
+    }
+#else
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return __Pyx_NewRef(result);
+    }
+    PyErr_Clear();
+#endif
+    return __Pyx_GetBuiltinName(name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* RaiseUnexpectedTypeError */
+static int
+__Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj)
+{
+    __Pyx_TypeName obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError, "Expected %s, got " __Pyx_FMT_TYPENAME,
+                 expected, obj_type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
 
-  /* "ssh/session.pyx":1
- * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
- * # Copyright (C) 2018 Panos Kittenis
- * #
- */
-  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
 
-  /*--- Wrapped vars code ---*/
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
 
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
-  if (__pyx_m) {
-    if (__pyx_d) {
-      __Pyx_AddTraceback("init ssh.session", __pyx_clineno, __pyx_lineno, __pyx_filename);
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
     }
-    Py_CLEAR(__pyx_m);
-  } else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_ImportError, "init ssh.session");
-  }
-  __pyx_L0:;
-  __Pyx_RefNannyFinishContext();
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
-  #else
-  return;
-  #endif
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
 }
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
-    r = PyLong_AsVoidPtr(p);
-end:
-    Py_XDECREF(p);
-    Py_XDECREF(m);
-    return (__Pyx_RefNannyAPIStruct *)r;
-}
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
 #endif
+}
 
-/* PyObjectGetAttrStr */
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
 #if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
 #endif
-    return PyObject_GetAttr(obj, attr_name);
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
 }
 #endif
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+        (void)__Pyx_PyObject_CallMethod0;
 #endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
     }
+#endif
+    return r;
+#endif
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
     return result;
 }
 
-/* PyDictVersioning */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
 }
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
-    PyObject **dictptr = NULL;
-    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
-    if (offset) {
-#if CYTHON_COMPILING_IN_CPYTHON
-        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
 #else
-        dictptr = _PyObject_GetDictPtr(obj);
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
 #endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
     }
-    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
-}
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
-        return 0;
-    return obj_dict_version == __Pyx_get_object_dict_version(obj);
-}
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
 #endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
 
-/* GetModuleGlobalName */
-#if CYTHON_USE_DICT_VERSIONS
-static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
 #else
-static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
 #endif
-{
-    PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
-        return NULL;
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
     }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
     }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
 #endif
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
 #else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    }
-    PyErr_Clear();
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
 #endif
-    return __Pyx_GetBuiltinName(name);
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
 }
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+/* ListPack */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...) {
+    va_list va;
+    PyObject *l = PyList_New(n);
+    va_start(va, n);
+    if (unlikely(!l)) goto end;
+    for (Py_ssize_t i=0; i<n; ++i) {
+        PyObject *arg = va_arg(va, PyObject*);
+        Py_INCREF(arg);
+        if (__Pyx_PyList_SET_ITEM(l, i, arg) != (0)) {
+            Py_CLEAR(l);
+            goto end;
+        }
     }
+    end:
+    va_end(va);
+    return l;
 }
-#endif
 
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
-        return NULL;
+/* Import */
+static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
+    PyObject *module = 0;
+    PyObject *empty_dict = 0;
+    PyObject *empty_list = 0;
+    empty_dict = PyDict_New();
+    if (unlikely(!empty_dict))
+        goto bad;
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
+            module = PyImport_ImportModuleLevelObject(
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
+        }
+        level = 0;
     }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
     }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
-    return result;
+bad:
+    Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
+    return module;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
-#endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
-    }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
-#endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
-        }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
-        }
-    }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
-        }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
+
+/* ImportFrom */
+static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
+    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
+    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u_);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
         }
-        nk = i / 2;
+        #else
+        value = PyImport_GetModule(full_name);
+        #endif
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
     }
-    else {
-        kwtuple = NULL;
-        k = NULL;
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
     }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    return value;
+}
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
 #endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
-    }
-    else {
-        d = NULL;
-        nd = 0;
-    }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
 #else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
+        result->ob_type = metaclass;
 #endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
+        Py_DECREF(old_tp);
+    }
     return result;
 }
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
 #endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
 #endif
-
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
     }
-    return result;
+    return 0;
 }
-#endif
-
-/* PyObjectCall2Args */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
-    PyObject *args, *result = NULL;
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyFunction_FastCall(function, args, 2);
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
     }
-    #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyCFunction_FastCall(function, args, 2);
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
     }
-    #endif
-    args = PyTuple_New(2);
-    if (unlikely(!args)) goto done;
-    Py_INCREF(arg1);
-    PyTuple_SET_ITEM(args, 0, arg1);
-    Py_INCREF(arg2);
-    PyTuple_SET_ITEM(args, 1, arg2);
-    Py_INCREF(function);
-    result = __Pyx_PyObject_Call(function, args, NULL);
-    Py_DECREF(args);
-    Py_DECREF(function);
 done:
-    return result;
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
 }
 
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
     }
-    return result;
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
 }
-#endif
 
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
     PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
-    }
-#endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
-#endif
-        }
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
 }
 #else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
 }
 #endif
 
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
 }
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
 }
 #endif
 
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
         }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
 }
 #else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
-    }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
-        }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
-        }
-    } else {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
-    }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
-        } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
-        }
-        PyException_SetCause(value, fixed_cause);
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
         }
 #endif
     }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
 }
-#endif
-
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
 {
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
-    }
-    if (exact) {
-        more_or_less = "exactly";
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
     }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
-
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
 {
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
-#if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
 #else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
     }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
-#endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
 }
-
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
 {
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
 }
-
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
 {
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
-        }
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
     }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
     #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
     #endif
-bad:
-    return -1;
+    Py_DECREF(res);
+    return result;
 }
-
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
-{
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
     }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
 }
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
-#else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
-#endif
-    return NULL;
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
         }
+ignore:
+        PyErr_Clear();
     }
-    return descr;
+    return __Pyx_PyBool_FromLong(is_coroutine);
 }
-#endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
-    }
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
-    }
-    return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
 }
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
-    PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
-    return result;
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
 }
-static int __Pyx_setup_reduce(PyObject* type_obj) {
-    int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
-    }
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
         }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
         }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
     return ret;
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
-
-/* Import */
-static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
-    PyObject *module = 0;
-    PyObject *global_dict = 0;
-    PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
-    empty_dict = PyDict_New();
-    if (!empty_dict)
-        goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
-        }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
-            module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
-        }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
-    Py_XDECREF(empty_dict);
-    return module;
+    return 0;
 }
-
-/* ImportFrom */
-static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
-    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
-    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
-        #else
-            "cannot import name %S", name);
-        #endif
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return value;
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -14655,11 +23873,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -14687,130 +23906,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -14841,7 +24126,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -14851,6 +24136,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -14874,8 +24160,40 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
         return (target_type) value;\
     }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -14887,17 +24205,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -14905,15 +24223,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_auth_e(enum ssh_auth_e value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_auth_e(enum ssh_auth_e value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -14925,17 +24276,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_auth_e(enum ssh_auth_e
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(enum ssh_auth_e) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(enum ssh_auth_e) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(enum ssh_auth_e) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(enum ssh_auth_e) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(enum ssh_auth_e) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -14943,197 +24294,359 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_enum__ssh_auth_e(enum ssh_auth_e
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(enum ssh_auth_e),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_auth_e));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
-/* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+/* CIntToPy */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_enum__ssh_kex_types_e(enum ssh_kex_types_e value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
 #endif
-    const int neg_one = (int) -1, const_zero = (int) 0;
+    const enum ssh_kex_types_e neg_one = (enum ssh_kex_types_e) -1, const_zero = (enum ssh_kex_types_e) 0;
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
+    if (is_unsigned) {
+        if (sizeof(enum ssh_kex_types_e) < sizeof(long)) {
+            return PyLong_FromLong((long) value);
+        } else if (sizeof(enum ssh_kex_types_e) <= sizeof(unsigned long)) {
+            return PyLong_FromUnsignedLong((unsigned long) value);
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
+        } else if (sizeof(enum ssh_kex_types_e) <= sizeof(unsigned PY_LONG_LONG)) {
+            return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
+#endif
+        }
+    } else {
+        if (sizeof(enum ssh_kex_types_e) <= sizeof(long)) {
+            return PyLong_FromLong((long) value);
+#ifdef HAVE_LONG_LONG
+        } else if (sizeof(enum ssh_kex_types_e) <= sizeof(PY_LONG_LONG)) {
+            return PyLong_FromLongLong((PY_LONG_LONG) value);
+#endif
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
         } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(enum ssh_kex_types_e),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(enum ssh_kex_types_e));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
             }
-            return (int) val;
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
         }
-    } else
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
 #endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    }
+}
+
+/* CIntFromPy */
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+    const int neg_one = (int) -1, const_zero = (int) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
+#endif
+    const int is_unsigned = neg_one > const_zero;
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -15147,7 +24660,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *x) {
+static CYTHON_INLINE unsigned int __Pyx_PyLong_As_unsigned_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -15157,179 +24670,237 @@ static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(unsigned int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(unsigned int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (unsigned int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        unsigned int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (unsigned int) -1;
+        val = __Pyx_PyLong_As_unsigned_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (unsigned int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(unsigned int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(unsigned int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(unsigned int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) >= 2 * PyLong_SHIFT)) {
                             return (unsigned int) (((((unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(unsigned int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) >= 3 * PyLong_SHIFT)) {
                             return (unsigned int) (((((((unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(unsigned int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) >= 4 * PyLong_SHIFT)) {
                             return (unsigned int) (((((((((unsigned int)digits[3]) << PyLong_SHIFT) | (unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (unsigned int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (unsigned int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(unsigned int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(unsigned int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(unsigned int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(unsigned int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (unsigned int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(unsigned int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(unsigned int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(unsigned int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(unsigned int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT)) {
                             return (unsigned int) (((unsigned int)-1)*(((((unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(unsigned int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT)) {
                             return (unsigned int) ((((((unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT)) {
                             return (unsigned int) (((unsigned int)-1)*(((((((unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(unsigned int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT)) {
                             return (unsigned int) ((((((((unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT)) {
                             return (unsigned int) (((unsigned int)-1)*(((((((((unsigned int)digits[3]) << PyLong_SHIFT) | (unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(unsigned int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT)) {
                             return (unsigned int) ((((((((((unsigned int)digits[3]) << PyLong_SHIFT) | (unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(unsigned int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, long, PyLong_AsLong(x))
+        if ((sizeof(unsigned int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(unsigned int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(unsigned int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        unsigned int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (unsigned int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            unsigned int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (unsigned int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (unsigned int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (unsigned int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(unsigned int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((unsigned int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(unsigned int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((unsigned int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((unsigned int) 1) << (sizeof(unsigned int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (unsigned int) -1;
-        }
-    } else {
-        unsigned int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (unsigned int) -1;
-        val = __Pyx_PyInt_As_unsigned_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -15343,7 +24914,78 @@ static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *x) {
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_socket_t(socket_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+    const int neg_one = (int) -1, const_zero = (int) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
+#endif
+    const int is_unsigned = neg_one > const_zero;
+    if (is_unsigned) {
+        if (sizeof(int) < sizeof(long)) {
+            return PyLong_FromLong((long) value);
+        } else if (sizeof(int) <= sizeof(unsigned long)) {
+            return PyLong_FromUnsignedLong((unsigned long) value);
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
+        } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
+            return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
+#endif
+        }
+    } else {
+        if (sizeof(int) <= sizeof(long)) {
+            return PyLong_FromLong((long) value);
+#ifdef HAVE_LONG_LONG
+        } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
+            return PyLong_FromLongLong((PY_LONG_LONG) value);
+#endif
+        }
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(int),
+                                     little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* CIntToPy */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_socket_t(socket_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -15355,17 +24997,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_socket_t(socket_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(socket_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(socket_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(socket_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(socket_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(socket_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -15373,15 +25015,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_socket_t(socket_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(socket_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(socket_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -15393,17 +25107,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -15411,15 +25125,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -15429,179 +25176,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -15618,7 +25423,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -15639,51 +25444,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -15714,65 +25506,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -15780,97 +25591,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -15882,25 +25829,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -15923,95 +25870,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -16050,33 +25968,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/session.pxd b/ssh/session.pxd
index a25ba9cd..453e58b9 100644
--- a/ssh/session.pxd
+++ b/ssh/session.pxd
@@ -1,20 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-cimport c_ssh
+from . cimport c_ssh
 
 cdef class Session:
     cdef c_ssh.ssh_session _session
diff --git a/ssh/session.pyx b/ssh/session.pyx
index bd3d1849..b7ff529a 100644
--- a/ssh/session.pyx
+++ b/ssh/session.pyx
@@ -1,35 +1,36 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from cpython cimport PyObject_AsFileDescriptor
 from libc.stdlib cimport malloc, free
 from libc.string cimport const_char
 
-from channel cimport Channel
-from connector cimport Connector
-from utils cimport to_bytes, to_str, handle_error_codes, handle_auth_error_codes
-from options cimport Option
-from key cimport SSHKey
-from sftp cimport SFTP
-from scp cimport SCP
+from .channel cimport Channel
+from .connector cimport Connector
+from .utils cimport to_bytes, to_str, handle_error_codes, handle_auth_error_codes
+from .options cimport Option
+from .key cimport SSHKey
+from .sftp cimport SFTP
+from .scp cimport SCP
 
-from exceptions import OptionError, InvalidAPIUse, ChannelOpenFailure
+from .exceptions import OptionError, InvalidAPIUse, ChannelOpenFailure
 
-from c_sftp cimport sftp_session, sftp_new, sftp_init
-cimport c_ssh
+from .c_sftp cimport sftp_session, sftp_new, sftp_init
+from . cimport c_ssh
 
 
 # SSH status flags
@@ -37,6 +38,10 @@ SSH_CLOSED = c_ssh.SSH_CLOSED
 SSH_READ_PENDING = c_ssh.SSH_READ_PENDING
 SSH_CLOSED_ERROR = c_ssh.SSH_CLOSED_ERROR
 SSH_WRITE_PENDING = c_ssh.SSH_WRITE_PENDING
+SSH_CRYPT = c_ssh.SSH_CRYPT
+SSH_MAC = c_ssh.SSH_MAC
+SSH_COMP = c_ssh.SSH_COMP
+SSH_LANG = c_ssh.SSH_LANG
 
 
 # Authentication codes
@@ -48,7 +53,20 @@ SSH_AUTH_AGAIN = c_ssh.ssh_auth_e.SSH_AUTH_AGAIN
 SSH_AUTH_ERROR = c_ssh.ssh_auth_e.SSH_AUTH_ERROR
 
 
-cdef bint _check_connected(c_ssh.ssh_session session) nogil except -1:
+# Key Exchange types
+SSH_KEX = c_ssh.ssh_kex_types_e.SSH_KEX
+SSH_HOSTKEYS = c_ssh.ssh_kex_types_e.SSH_HOSTKEYS
+SSH_CRYPT_C_S = c_ssh.ssh_kex_types_e.SSH_CRYPT_C_S
+SSH_CRYPT_S_C = c_ssh.ssh_kex_types_e.SSH_CRYPT_S_C
+SSH_MAC_C_S = c_ssh.ssh_kex_types_e.SSH_MAC_C_S
+SSH_MAC_S_C = c_ssh.ssh_kex_types_e.SSH_MAC_S_C
+SSH_COMP_C_S = c_ssh.ssh_kex_types_e.SSH_COMP_C_S
+SSH_COMP_S_C = c_ssh.ssh_kex_types_e.SSH_COMP_S_C
+SSH_LANG_C_S = c_ssh.ssh_kex_types_e.SSH_LANG_C_S
+SSH_LANG_S_C = c_ssh.ssh_kex_types_e.SSH_LANG_S_C
+
+
+cdef bint _check_connected(c_ssh.ssh_session session) except -1 nogil:
     if not c_ssh.ssh_is_connected(session):
         with gil:
             raise InvalidAPIUse("Session is not connected")
@@ -295,6 +313,12 @@ cdef class Session:
                 self._session, c_ssh.ssh_options_e.SSH_OPTIONS_PORT, &port)
         return handle_error_codes(rc, self._session)
 
+    def options_get_port(self, unsigned int port_target):
+        cdef int rc
+        with nogil:
+            rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+        return handle_error_codes(rc, self._session)
+
     def options_set_gssapi_delegate_credentials(self, bint delegate):
         """
         Set delegating credentials to server on/off.
@@ -344,10 +368,13 @@ cdef class Session:
         c_ssh.ssh_string_free_char(_value)
         return to_str(b_value)
 
-    def options_get_port(self, unsigned int port_target):
+    def options_set_int_val(self, Option option, int value):
+        """
+        Set numeric value options when applicable.
+        """
         cdef int rc
         with nogil:
-            rc = c_ssh.ssh_options_get_port(self._session, &port_target)
+            rc = c_ssh.ssh_options_set(self._session, option._option, &value)
         return handle_error_codes(rc, self._session)
 
     def send_ignore(self, bytes data):
diff --git a/ssh/sftp.c b/ssh/sftp.c
index 21e2c185..cb469cac 100644
--- a/ssh/sftp.c
+++ b/ssh/sftp.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.sftp",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/sftp.pyx"
+        ]
+    },
+    "module_name": "ssh.sftp"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,70 +911,194 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
+#endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
   #endif
 #endif
 #include <math.h>
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -756,12 +1166,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -796,140 +1202,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -941,29 +1336,43 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/sftp.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/session.pxd",
   "ssh/sftp_attributes.pxd",
   "ssh/sftp_handles.pxd",
   "ssh/sftp_statvfs.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -971,11 +1380,173 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
@@ -986,12 +1557,12 @@ struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS;
 struct __pyx_obj_3ssh_4sftp_SFTP;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -1006,7 +1577,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class SFTPAttributes:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_attributes _attrs
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab;
@@ -1022,7 +1593,7 @@ struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes {
  * cdef class SFTPFile:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_file _file
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_handles_SFTPFile {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile *__pyx_vtab;
@@ -1038,7 +1609,7 @@ struct __pyx_obj_3ssh_12sftp_handles_SFTPFile {
  * cdef class SFTPDir:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_dir _dir
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_handles_SFTPDir {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtab;
@@ -1054,7 +1625,7 @@ struct __pyx_obj_3ssh_12sftp_handles_SFTPDir {
  * cdef class SFTPStatVFS:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_statvfs_t _stats
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtab;
@@ -1069,7 +1640,7 @@ struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_4sftp_SFTP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtab;
@@ -1085,7 +1656,7 @@ struct __pyx_obj_3ssh_4sftp_SFTP {
  * cdef class SFTPAttributes:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_attributes _attrs
  *     cdef readonly SFTP sftp
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *(*from_ptr)(sftp_attributes, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1099,7 +1670,7 @@ static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab
  * cdef class SFTPFile:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_file _file
  *     cdef readonly SFTP sftp
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *(*from_ptr)(sftp_file, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1113,7 +1684,7 @@ static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile *__pyx_vtabptr_3ssh_
  * cdef class SFTPDir:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_dir _dir
  *     cdef readonly SFTP sftp
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *(*from_ptr)(sftp_dir, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1128,7 +1699,7 @@ static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtabptr_3ssh_1
  * cdef class SFTPStatVFS:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_statvfs_t _stats
  *     cdef readonly SFTP sftp
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS {
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *(*from_ptr)(sftp_statvfs_t, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1142,12 +1713,13 @@ static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtabptr_3s
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_4sftp_SFTP {
   struct __pyx_obj_3ssh_4sftp_SFTP *(*from_ptr)(sftp_session, struct __pyx_obj_3ssh_7session_Session *);
 };
 static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1156,42 +1728,48 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1202,6 +1780,10 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1213,6 +1795,57 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1220,20 +1853,180 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
 /* RaiseDoubleKeywords.proto */
 static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
 
 /* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
 
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -1263,18 +2056,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1282,151 +2075,91 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyFunctionFastCall.proto */
-#if CYTHON_FAST_PYCALL
-#define __Pyx_PyFunction_FastCall(func, args, nargs)\
-    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
+/* ArgTypeTest.proto */
+#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+        __Pyx__ArgTypeTest(obj, type, name, exact))
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
 #else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
 #endif
-#define __Pyx_BUILD_ASSERT_EXPR(cond)\
-    (sizeof(char [1 - 2*!(cond)]) - 1)
-#ifndef Py_MEMBER_SIZE
-#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
-#endif
-#if CYTHON_FAST_PYCALL
-  static size_t __pyx_pyframe_localsplus_offset = 0;
-  #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
-  #define __Pxy_PyFrame_Initialize_Offsets()\
-    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
-     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
-  #define __Pyx_PyFrame_GetLocalsplus(frame)\
-    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
-#else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
-#endif
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
 
-/* PyObjectCall2Args.proto */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
 
-/* PyObjectCallMethO.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
-#endif
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
 
 /* PyObjectCallOneArg.proto */
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
-#else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
-#endif
-
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
-#else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#endif
-#else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
-#endif
-
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
 
-/* ArgTypeTest.proto */
-#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
-        __Pyx__ArgTypeTest(obj, type, name, exact))
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
-#endif
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
 
 /* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
-#endif
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+/* ListPack.proto */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...);
 
 /* Import.proto */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
@@ -1434,195 +2167,500 @@ static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
 #else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *);
+static CYTHON_INLINE unsigned int __Pyx_PyLong_As_unsigned_int(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE mode_t __Pyx_PyInt_As_mode_t(PyObject *);
+static CYTHON_INLINE mode_t __Pyx_PyLong_As_mode_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uid_t __Pyx_PyInt_As_uid_t(PyObject *);
+static CYTHON_INLINE uid_t __Pyx_PyLong_As_uid_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE gid_t __Pyx_PyInt_As_gid_t(PyObject *);
+static CYTHON_INLINE gid_t __Pyx_PyLong_As_gid_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_int(unsigned int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_unsigned_int(unsigned int value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_session __pyx_v_sftp, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.c_sftp' */
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "ssh.c_sftp" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'ssh.sftp_attributes' */
-static PyTypeObject *__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = 0;
+/* Module declarations from "libc.stdlib" */
 
-/* Module declarations from 'ssh.sftp_handles' */
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPFile = 0;
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPDir = 0;
+/* Module declarations from "ssh.sftp_attributes" */
 
-/* Module declarations from 'ssh.sftp_statvfs' */
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = 0;
+/* Module declarations from "ssh.sftp_handles" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.sftp_statvfs" */
+
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_to_bytes)(PyObject *); /*proto*/
 static PyObject *(*__pyx_f_3ssh_5utils_to_str)(char const *); /*proto*/
 static int (*__pyx_f_3ssh_5utils_handle_error_codes)(int, ssh_session); /*proto*/
 
-/* Module declarations from 'ssh.sftp' */
-static PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP = 0;
+/* Module declarations from "ssh.sftp" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.sftp"
 extern int __pyx_module_is_main_ssh__sftp;
 int __pyx_module_is_main_ssh__sftp = 0;
 
-/* Implementation of 'ssh.sftp' */
+/* Implementation of "ssh.sftp" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = ".";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k__2[] = "?";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_rc[] = "rc";
+static const char __pyx_k_dir[] = "_dir";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_val[] = "_val";
+static const char __pyx_k_vfs[] = "vfs";
 static const char __pyx_k_SFTP[] = "SFTP";
 static const char __pyx_k_attr[] = "attr";
 static const char __pyx_k_data[] = "data";
 static const char __pyx_k_dest[] = "dest";
+static const char __pyx_k_file[] = "_file";
+static const char __pyx_k_func[] = "__func__";
+static const char __pyx_k_init[] = "init";
+static const char __pyx_k_link[] = "_link";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_mode[] = "mode";
 static const char __pyx_k_name[] = "name";
+static const char __pyx_k_open[] = "open";
 static const char __pyx_k_path[] = "path";
+static const char __pyx_k_self[] = "self";
+static const char __pyx_k_stat[] = "stat";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_attrs[] = "_attrs";
+static const char __pyx_k_c_dir[] = "c_dir";
+static const char __pyx_k_c_vfs[] = "c_vfs";
+static const char __pyx_k_chmod[] = "chmod";
+static const char __pyx_k_chown[] = "chown";
 static const char __pyx_k_group[] = "group";
+static const char __pyx_k_lstat[] = "lstat";
+static const char __pyx_k_mkdir[] = "mkdir";
 static const char __pyx_k_owner[] = "owner";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_rmdir[] = "rmdir";
+static const char __pyx_k_rpath[] = "_rpath";
+static const char __pyx_k_A_1D_d[] = "\200A\340\r\016\330\014\027\320\027+\2501\250D\260\001\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_b_data[] = "b_data";
+static const char __pyx_k_b_dest[] = "b_dest";
+static const char __pyx_k_b_link[] = "b_link";
+static const char __pyx_k_b_name[] = "b_name";
+static const char __pyx_k_b_orig[] = "b_orig";
+static const char __pyx_k_b_path[] = "b_path";
+static const char __pyx_k_c_data[] = "c_data";
+static const char __pyx_k_c_dest[] = "c_dest";
+static const char __pyx_k_c_file[] = "c_file";
+static const char __pyx_k_c_name[] = "c_name";
+static const char __pyx_k_c_orig[] = "c_orig";
+static const char __pyx_k_c_path[] = "c_path";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_indexn[] = "indexn";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_name_2[] = "__name__";
+static const char __pyx_k_name_3[] = "_name";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_rename[] = "rename";
 static const char __pyx_k_source[] = "source";
+static const char __pyx_k_unlink[] = "unlink";
+static const char __pyx_k_utimes[] = "utimes";
+static const char __pyx_k_A_1_a_q[] = "\200A\340\r\016\330\014\027\320\0271\260\021\260$\260a\330\010\017\210q";
+static const char __pyx_k_A_at1_q[] = "\200A\340\r\016\330\014\027\220\177\240a\240t\2501\330\010\017\210q";
+static const char __pyx_k_b_rpath[] = "b_rpath";
+static const char __pyx_k_c_attrs[] = "c_attrs";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_newname[] = "newname";
+static const char __pyx_k_opendir[] = "opendir";
 static const char __pyx_k_seconds[] = "seconds";
+static const char __pyx_k_setstat[] = "setstat";
+static const char __pyx_k_statvfs[] = "statvfs";
+static const char __pyx_k_symlink[] = "symlink";
+static const char __pyx_k_add_note[] = "add_note";
+static const char __pyx_k_b_source[] = "b_source";
+static const char __pyx_k_c_source[] = "c_source";
 static const char __pyx_k_getstate[] = "__getstate__";
 static const char __pyx_k_original[] = "original";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_readlink[] = "readlink";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
+static const char __pyx_k_ssh_sftp[] = "ssh.sftp";
 static const char __pyx_k_SFTPError[] = "SFTPError";
+static const char __pyx_k_SFTP_init[] = "SFTP.init";
+static const char __pyx_k_SFTP_open[] = "SFTP.open";
+static const char __pyx_k_SFTP_stat[] = "SFTP.stat";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_b_newname[] = "b_newname";
+static const char __pyx_k_c_newname[] = "c_newname";
+static const char __pyx_k_get_error[] = "get_error";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_SFTP_chmod[] = "SFTP.chmod";
+static const char __pyx_k_SFTP_chown[] = "SFTP.chown";
+static const char __pyx_k_SFTP_lstat[] = "SFTP.lstat";
+static const char __pyx_k_SFTP_mkdir[] = "SFTP.mkdir";
+static const char __pyx_k_SFTP_rmdir[] = "SFTP.rmdir";
 static const char __pyx_k_accesstype[] = "accesstype";
 static const char __pyx_k_exceptions[] = "exceptions";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
+static const char __pyx_k_A_31D_6_1_q[] = "\200A\340\010\032\230!\330\r\016\330\014\032\320\0323\2601\260D\270\010\300\001\330\010\013\2106\220\027\230\001\330\014\023\2201\330\010\017\210q";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_SFTP_rename[] = "SFTP.rename";
+static const char __pyx_k_SFTP_unlink[] = "SFTP.unlink";
+static const char __pyx_k_SFTP_utimes[] = "SFTP.utimes";
+static const char __pyx_k_A_HAQ_4xxq_d[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220{\240!\2404\240x\250x\260q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_A_HAQ_AT_Q_d[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220}\240A\240T\250\030\260\030\270\024\270Q\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_SFTP_opendir[] = "SFTP.opendir";
+static const char __pyx_k_SFTP_setstat[] = "SFTP.setstat";
+static const char __pyx_k_SFTP_statvfs[] = "SFTP.statvfs";
+static const char __pyx_k_SFTP_symlink[] = "SFTP.symlink";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
 static const char __pyx_k_microseconds[] = "microseconds";
+static const char __pyx_k_ssh_sftp_pyx[] = "ssh/sftp.pyx";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_SFTP_readlink[] = "SFTP.readlink";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_SFTP_get_error[] = "SFTP.get_error";
+static const char __pyx_k_server_version[] = "server_version";
 static const char __pyx_k_SFTPHandleError[] = "SFTPHandleError";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_A_4wc_c_T_1_z_a_d[] = "\200A\340\010\013\2104\210w\220c\230\025\230c\240\024\240T\250\021\330\014\023\2201\330\r\016\330\014\027\220z\240\021\240$\240a\330\010\017\320\017!\240\021\240$\240d\250(\260!";
+static const char __pyx_k_canonicalize_path[] = "canonicalize_path";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_A_HAQ_1D_3b_1M_ha_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220|\2401\240D\250\010\260\001\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_A_HAQ_HAQ_0_HHA_t1A[] = "\200A\340\010\034\230H\240A\240Q\330\010\"\240!\330\010\034\230H\240A\240Q\330\010\"\240!\330\r\016\330\014\027\320\0270\260\001\330\020\024\220H\230H\240A\330\010\017\210t\2201\220A";
+static const char __pyx_k_SFTP_server_version[] = "SFTP.server_version";
+static const char __pyx_k_extension_supported[] = "extension_supported";
+static const char __pyx_k_extensions_get_data[] = "extensions_get_data";
+static const char __pyx_k_extensions_get_name[] = "extensions_get_name";
+static const char __pyx_k_A_HAQ_4xq_3b_1M_ha_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220{\240!\2404\240x\250q\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_SFTP___reduce_cython[] = "SFTP.__reduce_cython__";
+static const char __pyx_k_extensions_get_count[] = "extensions_get_count";
+static const char __pyx_k_A_HAQ_4xxq_3b_1M_ha_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220{\240!\2404\240x\250x\260q\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_A_HAQ_Qd_a_7_Q_q_HA_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\360\006\000\016\017\330\014\033\230:\240Q\240d\250(\260(\270,\300a\330\010\013\2107\220#\220Q\330\014\022\220/\240\021\240-\250q\260\004\260H\270A\330\010\030\230\t\240\021\240(\250!\330\010\017\210q";
+static const char __pyx_k_A_HAQ_4xxwa_3b_1M_ha_q[] = "\200A\340\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220{\240!\2404\240x\250x\260w\270a\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_A_HAQ_XQ_6_A_1M_ha_vQa[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\360\006\000\016\017\330\014\032\230.\250\001\250\024\250X\260Q\330\010\013\2106\220\023\220A\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\021\220\021\330\010\017\210v\220Q\220a";
+static const char __pyx_k_SFTP___setstate_cython[] = "SFTP.__setstate_cython__";
+static const char __pyx_k_SFTP_canonicalize_path[] = "SFTP.canonicalize_path";
+static const char __pyx_k_A_HAQ_q_HA_6_A_1M_ha_7_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\360\006\000\016\017\330\014\032\230-\240q\250\004\250H\260A\330\010\013\2106\220\023\220A\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\031\230\031\240!\2407\250!\330\010\017\210q";
+static const char __pyx_k_A_HAQ_xq_Q_1D_3b_1M_ha_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\330\010\037\230x\240q\250\001\330\010%\240Q\340\r\016\330\014\027\220|\2401\240D\250\010\260\010\270\001\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_SFTP_extension_supported[] = "SFTP.extension_supported";
+static const char __pyx_k_SFTP_extensions_get_data[] = "SFTP.extensions_get_data";
+static const char __pyx_k_SFTP_extensions_get_name[] = "SFTP.extensions_get_name";
+static const char __pyx_k_A_HAQ_2_4xq_7_Q_1M_ha_vQa[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\360\006\000\016\017\330\014\033\320\0332\260!\2604\260x\270q\330\010\013\2107\220#\220Q\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\022\220!\330\010\017\210v\220Q\220a";
+static const char __pyx_k_A_HAQ_Jat81_83a_1M_ha_y_q[] = "\200A\360\006\000\t\035\230H\240A\240Q\330\010\"\240!\330\r\016\330\014\034\230J\240a\240t\2508\2601\330\010\013\2108\2203\220a\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\037\230y\250\001\250\031\260!\330\010\017\210q";
+static const char __pyx_k_A_HAQ_Kq_HA_83a_1M_ha_y_q[] = "\200A\360\006\000\t\035\230H\240A\240Q\330\010\"\240!\330\r\016\330\014\034\230K\240q\250\004\250H\260A\330\010\013\2108\2203\220a\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\037\230y\250\001\250\031\260!\330\010\017\210q";
+static const char __pyx_k_SFTP_extensions_get_count[] = "SFTP.extensions_get_count";
+static const char __pyx_k_A_HAQ_q_HA_6_A_q_HA_iq_q_q[] = "\200A\360\006\000\t\035\230H\240A\240Q\330\010\"\240!\330\r\016\330\014\032\230-\240q\250\004\250H\260A\330\010\013\2106\220\023\220A\330\014\022\220/\240\021\240-\250q\260\004\260H\270A\330\010\026\220i\230q\240\007\240q\330\010\017\210q";
+static const char __pyx_k_A_haq_A_HAQ_AT_1_3b_1M_ha_q[] = "\200A\330\010\036\230h\240a\240q\330\010$\240A\330\010\034\230H\240A\240Q\330\010\"\240!\340\r\016\330\014\027\220}\240A\240T\250\030\260\032\2701\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_A_HAQ_fAQ_uCq_1_1D_3b_1M_ha_q[] = "\200A\330\010\034\230H\240A\240Q\330\010\"\240!\360\006\000\016\017\330\014\023\220;\230f\240A\240Q\330\014\017\210u\220C\220q\330\025\026\330\024\025\330\014\020\220\n\230!\330\014\020\220\013\2301\330\014\027\220|\2401\240D\250\010\260\010\270\001\330\014\020\220\001\220\021\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250h\260a\330\010\017\210q";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_self__sftp_cannot_be_converted_t[] = "self._sftp cannot be converted to a Python object for pickling";
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_SFTP;
-static PyObject *__pyx_n_s_SFTPError;
-static PyObject *__pyx_n_s_SFTPHandleError;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_accesstype;
-static PyObject *__pyx_n_s_attr;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_data;
-static PyObject *__pyx_n_s_dest;
-static PyObject *__pyx_n_s_exceptions;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_group;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_microseconds;
-static PyObject *__pyx_n_s_mode;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_name_2;
-static PyObject *__pyx_n_s_newname;
-static PyObject *__pyx_n_s_original;
-static PyObject *__pyx_n_s_owner;
-static PyObject *__pyx_n_s_path;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_seconds;
-static PyObject *__pyx_kp_s_self__sftp_cannot_be_converted_t;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_source;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_2init(struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_4get_error(struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self); /* proto */
@@ -1651,17 +2689,294 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_7session___get__(struct __pyx_obj_3ss
 static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_48__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_50__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_4sftp_SFTP(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPFile;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPDir;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS;
+  PyObject *__pyx_type_3ssh_4sftp_SFTP;
+  PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_codeobj_tab[25];
+  PyObject *__pyx_string_tab[130];
+  PyObject *__pyx_int_0;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
 
-/* "ssh/sftp.pyx":33
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_MemoryError __pyx_string_tab[1]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[2]
+#define __pyx_n_u_SFTP __pyx_string_tab[3]
+#define __pyx_n_u_SFTPError __pyx_string_tab[4]
+#define __pyx_n_u_SFTPHandleError __pyx_string_tab[5]
+#define __pyx_n_u_SFTP___reduce_cython __pyx_string_tab[6]
+#define __pyx_n_u_SFTP___setstate_cython __pyx_string_tab[7]
+#define __pyx_n_u_SFTP_canonicalize_path __pyx_string_tab[8]
+#define __pyx_n_u_SFTP_chmod __pyx_string_tab[9]
+#define __pyx_n_u_SFTP_chown __pyx_string_tab[10]
+#define __pyx_n_u_SFTP_extension_supported __pyx_string_tab[11]
+#define __pyx_n_u_SFTP_extensions_get_count __pyx_string_tab[12]
+#define __pyx_n_u_SFTP_extensions_get_data __pyx_string_tab[13]
+#define __pyx_n_u_SFTP_extensions_get_name __pyx_string_tab[14]
+#define __pyx_n_u_SFTP_get_error __pyx_string_tab[15]
+#define __pyx_n_u_SFTP_init __pyx_string_tab[16]
+#define __pyx_n_u_SFTP_lstat __pyx_string_tab[17]
+#define __pyx_n_u_SFTP_mkdir __pyx_string_tab[18]
+#define __pyx_n_u_SFTP_open __pyx_string_tab[19]
+#define __pyx_n_u_SFTP_opendir __pyx_string_tab[20]
+#define __pyx_n_u_SFTP_readlink __pyx_string_tab[21]
+#define __pyx_n_u_SFTP_rename __pyx_string_tab[22]
+#define __pyx_n_u_SFTP_rmdir __pyx_string_tab[23]
+#define __pyx_n_u_SFTP_server_version __pyx_string_tab[24]
+#define __pyx_n_u_SFTP_setstat __pyx_string_tab[25]
+#define __pyx_n_u_SFTP_stat __pyx_string_tab[26]
+#define __pyx_n_u_SFTP_statvfs __pyx_string_tab[27]
+#define __pyx_n_u_SFTP_symlink __pyx_string_tab[28]
+#define __pyx_n_u_SFTP_unlink __pyx_string_tab[29]
+#define __pyx_n_u_SFTP_utimes __pyx_string_tab[30]
+#define __pyx_n_u_TypeError __pyx_string_tab[31]
+#define __pyx_kp_u__2 __pyx_string_tab[32]
+#define __pyx_n_u_accesstype __pyx_string_tab[33]
+#define __pyx_kp_u_add_note __pyx_string_tab[34]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[35]
+#define __pyx_n_u_attr __pyx_string_tab[36]
+#define __pyx_n_u_attrs __pyx_string_tab[37]
+#define __pyx_n_u_b_data __pyx_string_tab[38]
+#define __pyx_n_u_b_dest __pyx_string_tab[39]
+#define __pyx_n_u_b_link __pyx_string_tab[40]
+#define __pyx_n_u_b_name __pyx_string_tab[41]
+#define __pyx_n_u_b_newname __pyx_string_tab[42]
+#define __pyx_n_u_b_orig __pyx_string_tab[43]
+#define __pyx_n_u_b_path __pyx_string_tab[44]
+#define __pyx_n_u_b_rpath __pyx_string_tab[45]
+#define __pyx_n_u_b_source __pyx_string_tab[46]
+#define __pyx_n_u_c_attrs __pyx_string_tab[47]
+#define __pyx_n_u_c_data __pyx_string_tab[48]
+#define __pyx_n_u_c_dest __pyx_string_tab[49]
+#define __pyx_n_u_c_dir __pyx_string_tab[50]
+#define __pyx_n_u_c_file __pyx_string_tab[51]
+#define __pyx_n_u_c_name __pyx_string_tab[52]
+#define __pyx_n_u_c_newname __pyx_string_tab[53]
+#define __pyx_n_u_c_orig __pyx_string_tab[54]
+#define __pyx_n_u_c_path __pyx_string_tab[55]
+#define __pyx_n_u_c_source __pyx_string_tab[56]
+#define __pyx_n_u_c_vfs __pyx_string_tab[57]
+#define __pyx_n_u_canonicalize_path __pyx_string_tab[58]
+#define __pyx_n_u_chmod __pyx_string_tab[59]
+#define __pyx_n_u_chown __pyx_string_tab[60]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[61]
+#define __pyx_n_u_data __pyx_string_tab[62]
+#define __pyx_n_u_dest __pyx_string_tab[63]
+#define __pyx_n_u_dir __pyx_string_tab[64]
+#define __pyx_kp_u_disable __pyx_string_tab[65]
+#define __pyx_kp_u_enable __pyx_string_tab[66]
+#define __pyx_n_u_exceptions __pyx_string_tab[67]
+#define __pyx_n_u_extension_supported __pyx_string_tab[68]
+#define __pyx_n_u_extensions_get_count __pyx_string_tab[69]
+#define __pyx_n_u_extensions_get_data __pyx_string_tab[70]
+#define __pyx_n_u_extensions_get_name __pyx_string_tab[71]
+#define __pyx_n_u_file __pyx_string_tab[72]
+#define __pyx_n_u_func __pyx_string_tab[73]
+#define __pyx_kp_u_gc __pyx_string_tab[74]
+#define __pyx_n_u_get_error __pyx_string_tab[75]
+#define __pyx_n_u_getstate __pyx_string_tab[76]
+#define __pyx_n_u_group __pyx_string_tab[77]
+#define __pyx_n_u_indexn __pyx_string_tab[78]
+#define __pyx_n_u_init __pyx_string_tab[79]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[80]
+#define __pyx_kp_u_isenabled __pyx_string_tab[81]
+#define __pyx_n_u_link __pyx_string_tab[82]
+#define __pyx_n_u_lstat __pyx_string_tab[83]
+#define __pyx_n_u_main __pyx_string_tab[84]
+#define __pyx_n_u_microseconds __pyx_string_tab[85]
+#define __pyx_n_u_mkdir __pyx_string_tab[86]
+#define __pyx_n_u_mode __pyx_string_tab[87]
+#define __pyx_n_u_module __pyx_string_tab[88]
+#define __pyx_n_u_name __pyx_string_tab[89]
+#define __pyx_n_u_name_2 __pyx_string_tab[90]
+#define __pyx_n_u_name_3 __pyx_string_tab[91]
+#define __pyx_n_u_newname __pyx_string_tab[92]
+#define __pyx_n_u_open __pyx_string_tab[93]
+#define __pyx_n_u_opendir __pyx_string_tab[94]
+#define __pyx_n_u_original __pyx_string_tab[95]
+#define __pyx_n_u_owner __pyx_string_tab[96]
+#define __pyx_n_u_path __pyx_string_tab[97]
+#define __pyx_n_u_pop __pyx_string_tab[98]
+#define __pyx_n_u_pyx_state __pyx_string_tab[99]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[100]
+#define __pyx_n_u_qualname __pyx_string_tab[101]
+#define __pyx_n_u_rc __pyx_string_tab[102]
+#define __pyx_n_u_readlink __pyx_string_tab[103]
+#define __pyx_n_u_reduce __pyx_string_tab[104]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[105]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[106]
+#define __pyx_n_u_rename __pyx_string_tab[107]
+#define __pyx_n_u_rmdir __pyx_string_tab[108]
+#define __pyx_n_u_rpath __pyx_string_tab[109]
+#define __pyx_n_u_seconds __pyx_string_tab[110]
+#define __pyx_n_u_self __pyx_string_tab[111]
+#define __pyx_kp_u_self__sftp_cannot_be_converted_t __pyx_string_tab[112]
+#define __pyx_n_u_server_version __pyx_string_tab[113]
+#define __pyx_n_u_set_name __pyx_string_tab[114]
+#define __pyx_n_u_setstat __pyx_string_tab[115]
+#define __pyx_n_u_setstate __pyx_string_tab[116]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[117]
+#define __pyx_n_u_source __pyx_string_tab[118]
+#define __pyx_n_u_ssh_sftp __pyx_string_tab[119]
+#define __pyx_kp_u_ssh_sftp_pyx __pyx_string_tab[120]
+#define __pyx_n_u_stat __pyx_string_tab[121]
+#define __pyx_n_u_statvfs __pyx_string_tab[122]
+#define __pyx_kp_u_stringsource __pyx_string_tab[123]
+#define __pyx_n_u_symlink __pyx_string_tab[124]
+#define __pyx_n_u_test __pyx_string_tab[125]
+#define __pyx_n_u_unlink __pyx_string_tab[126]
+#define __pyx_n_u_utimes __pyx_string_tab[127]
+#define __pyx_n_u_val __pyx_string_tab[128]
+#define __pyx_n_u_vfs __pyx_string_tab[129]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPFile);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPDir);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_4sftp_SFTP);
+  for (int i=0; i<25; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<130; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_0);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPFile);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPDir);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_4sftp_SFTP);
+  for (int i=0; i<25; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<130; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_0);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
+
+/* "ssh/sftp.pyx":32
+ * cdef class SFTP:
  * 
- *     @staticmethod
- *     cdef SFTP from_ptr(c_sftp.sftp_session sftp, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTP from_ptr(c_sftp.sftp_session sftp, Session session):
  *         cdef SFTP _sftp = SFTP.__new__(SFTP)
- *         _sftp._sftp = sftp
- */
+*/
 
 static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_session __pyx_v_sftp, struct __pyx_obj_3ssh_7session_Session *__pyx_v_session) {
   struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v__sftp = 0;
@@ -1679,9 +2994,9 @@ static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_
  *         cdef SFTP _sftp = SFTP.__new__(SFTP)             # <<<<<<<<<<<<<<
  *         _sftp._sftp = sftp
  *         _sftp.session = session
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_4sftp_SFTP(((PyTypeObject *)__pyx_ptype_3ssh_4sftp_SFTP), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 34, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_4sftp_SFTP(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 34, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v__sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_1);
   __pyx_t_1 = 0;
 
@@ -1691,7 +3006,7 @@ static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_
  *         _sftp._sftp = sftp             # <<<<<<<<<<<<<<
  *         _sftp.session = session
  *         return _sftp
- */
+*/
   __pyx_v__sftp->_sftp = __pyx_v_sftp;
 
   /* "ssh/sftp.pyx":36
@@ -1700,11 +3015,11 @@ static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_
  *         _sftp.session = session             # <<<<<<<<<<<<<<
  *         return _sftp
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_session));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_session));
-  __Pyx_GOTREF(__pyx_v__sftp->session);
-  __Pyx_DECREF(((PyObject *)__pyx_v__sftp->session));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_session);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_session);
+  __Pyx_GOTREF((PyObject *)__pyx_v__sftp->session);
+  __Pyx_DECREF((PyObject *)__pyx_v__sftp->session);
   __pyx_v__sftp->session = __pyx_v_session;
 
   /* "ssh/sftp.pyx":37
@@ -1713,19 +3028,19 @@ static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_
  *         return _sftp             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__sftp));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__sftp);
   __pyx_r = __pyx_v__sftp;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":33
+  /* "ssh/sftp.pyx":32
+ * cdef class SFTP:
  * 
- *     @staticmethod
- *     cdef SFTP from_ptr(c_sftp.sftp_session sftp, Session session):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTP from_ptr(c_sftp.sftp_session sftp, Session session):
  *         cdef SFTP _sftp = SFTP.__new__(SFTP)
- *         _sftp._sftp = sftp
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1745,13 +3060,15 @@ static struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_f_3ssh_4sftp_4SFTP_from_ptr(sftp_
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._sftp is not NULL:
  *             c_sftp.sftp_free(self._sftp)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_4sftp_4SFTP_1__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_4sftp_4SFTP_1__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -1759,9 +3076,7 @@ static void __pyx_pw_3ssh_4sftp_4SFTP_1__dealloc__(PyObject *__pyx_v_self) {
 }
 
 static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/sftp.pyx":40
  * 
@@ -1769,8 +3084,8 @@ static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SF
  *         if self._sftp is not NULL:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_free(self._sftp)
  *             self._sftp = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_sftp != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_sftp != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp.pyx":41
@@ -1779,7 +3094,7 @@ static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SF
  *             c_sftp.sftp_free(self._sftp)             # <<<<<<<<<<<<<<
  *             self._sftp = NULL
  * 
- */
+*/
     sftp_free(__pyx_v_self->_sftp);
 
     /* "ssh/sftp.pyx":42
@@ -1788,7 +3103,7 @@ static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SF
  *             self._sftp = NULL             # <<<<<<<<<<<<<<
  * 
  *     def init(self):
- */
+*/
     __pyx_v_self->_sftp = NULL;
 
     /* "ssh/sftp.pyx":40
@@ -1797,7 +3112,7 @@ static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SF
  *         if self._sftp is not NULL:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_free(self._sftp)
  *             self._sftp = NULL
- */
+*/
   }
 
   /* "ssh/sftp.pyx":39
@@ -1806,10 +3121,9 @@ static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SF
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._sftp is not NULL:
  *             c_sftp.sftp_free(self._sftp)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
 /* "ssh/sftp.pyx":44
@@ -1817,16 +3131,45 @@ static void __pyx_pf_3ssh_4sftp_4SFTP___dealloc__(struct __pyx_obj_3ssh_4sftp_SF
  * 
  *     def init(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
- *         with nogil:
- */
+ *         if self._sftp is NULL or not self.session:
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_3init(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_2init[] = "SFTP.init(self)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_3init(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_3init(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_2init, "SFTP.init(self)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_3init = {"init", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_3init, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_2init};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_3init(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("init (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("init", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("init", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_2init(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -1839,7 +3182,10 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_2init(struct __pyx_obj_3ssh_4sftp_SFT
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  int __pyx_t_3;
+  int __pyx_t_4;
+  PyObject *__pyx_t_5 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1848,60 +3194,97 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_2init(struct __pyx_obj_3ssh_4sftp_SFT
   /* "ssh/sftp.pyx":46
  *     def init(self):
  *         cdef int rc
+ *         if self._sftp is NULL or not self.session:             # <<<<<<<<<<<<<<
+ *             return 0
+ *         with nogil:
+*/
+  __pyx_t_2 = (__pyx_v_self->_sftp == NULL);
+  if (!__pyx_t_2) {
+  } else {
+    __pyx_t_1 = __pyx_t_2;
+    goto __pyx_L4_bool_binop_done;
+  }
+  __pyx_t_2 = __Pyx_PyObject_IsTrue(((PyObject *)__pyx_v_self->session)); if (unlikely((__pyx_t_2 < 0))) __PYX_ERR(0, 46, __pyx_L1_error)
+  __pyx_t_3 = (!__pyx_t_2);
+  __pyx_t_1 = __pyx_t_3;
+  __pyx_L4_bool_binop_done:;
+  if (__pyx_t_1) {
+
+    /* "ssh/sftp.pyx":47
+ *         cdef int rc
+ *         if self._sftp is NULL or not self.session:
+ *             return 0             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             rc = c_sftp.sftp_init(self._sftp)
+*/
+    __Pyx_XDECREF(__pyx_r);
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __pyx_r = __pyx_mstate_global->__pyx_int_0;
+    goto __pyx_L0;
+
+    /* "ssh/sftp.pyx":46
+ *     def init(self):
+ *         cdef int rc
+ *         if self._sftp is NULL or not self.session:             # <<<<<<<<<<<<<<
+ *             return 0
+ *         with nogil:
+*/
+  }
+
+  /* "ssh/sftp.pyx":48
+ *         if self._sftp is NULL or not self.session:
+ *             return 0
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_init(self._sftp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":47
- *         cdef int rc
+        /* "ssh/sftp.pyx":49
+ *             return 0
  *         with nogil:
  *             rc = c_sftp.sftp_init(self._sftp)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = sftp_init(__pyx_v_self->_sftp);
       }
 
-      /* "ssh/sftp.pyx":46
- *     def init(self):
- *         cdef int rc
+      /* "ssh/sftp.pyx":48
+ *         if self._sftp is NULL or not self.session:
+ *             return 0
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_init(self._sftp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
-          goto __pyx_L5;
+          goto __pyx_L8;
         }
-        __pyx_L5:;
+        __pyx_L8:;
       }
   }
 
-  /* "ssh/sftp.pyx":48
+  /* "ssh/sftp.pyx":50
  *         with nogil:
  *             rc = c_sftp.sftp_init(self._sftp)
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def get_error(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 48, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 48, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_r = __pyx_t_2;
-  __pyx_t_2 = 0;
+  __pyx_t_4 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_4 == ((int)-1))) __PYX_ERR(0, 50, __pyx_L1_error)
+  __pyx_t_5 = __Pyx_PyLong_From_int(__pyx_t_4); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 50, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_r = __pyx_t_5;
+  __pyx_t_5 = 0;
   goto __pyx_L0;
 
   /* "ssh/sftp.pyx":44
@@ -1909,12 +3292,12 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_2init(struct __pyx_obj_3ssh_4sftp_SFT
  * 
  *     def init(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
- *         with nogil:
- */
+ *         if self._sftp is NULL or not self.session:
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_5);
   __Pyx_AddTraceback("ssh.sftp.SFTP.init", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1923,21 +3306,50 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_2init(struct __pyx_obj_3ssh_4sftp_SFT
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":50
+/* "ssh/sftp.pyx":52
  *         return handle_error_codes(rc, self.session._session)
  * 
  *     def get_error(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_5get_error(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_4get_error[] = "SFTP.get_error(self)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_5get_error(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
-  PyObject *__pyx_r = 0;
-  __Pyx_RefNannyDeclarations
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_5get_error(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_4get_error, "SFTP.get_error(self)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_5get_error = {"get_error", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_5get_error, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_4get_error};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_5get_error(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("get_error (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("get_error", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("get_error", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_4get_error(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -1955,71 +3367,68 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_4get_error(struct __pyx_obj_3ssh_4sft
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("get_error", 0);
 
-  /* "ssh/sftp.pyx":52
+  /* "ssh/sftp.pyx":54
  *     def get_error(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_get_error(self._sftp)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":53
+        /* "ssh/sftp.pyx":55
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_get_error(self._sftp)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = sftp_get_error(__pyx_v_self->_sftp);
       }
 
-      /* "ssh/sftp.pyx":52
+      /* "ssh/sftp.pyx":54
  *     def get_error(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_get_error(self._sftp)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":54
+  /* "ssh/sftp.pyx":56
  *         with nogil:
  *             rc = c_sftp.sftp_get_error(self._sftp)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def extensions_get_count(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 54, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 56, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":50
+  /* "ssh/sftp.pyx":52
  *         return handle_error_codes(rc, self.session._session)
  * 
  *     def get_error(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2032,21 +3441,50 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_4get_error(struct __pyx_obj_3ssh_4sft
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":56
+/* "ssh/sftp.pyx":58
  *         return rc
  * 
  *     def extensions_get_count(self):             # <<<<<<<<<<<<<<
  *         cdef unsigned int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_6extensions_get_count[] = "SFTP.extensions_get_count(self)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_6extensions_get_count, "SFTP.extensions_get_count(self)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_7extensions_get_count = {"extensions_get_count", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_6extensions_get_count};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("extensions_get_count (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("extensions_get_count", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("extensions_get_count", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_6extensions_get_count(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -2064,71 +3502,68 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_6extensions_get_count(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("extensions_get_count", 0);
 
-  /* "ssh/sftp.pyx":58
+  /* "ssh/sftp.pyx":60
  *     def extensions_get_count(self):
  *         cdef unsigned int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_extensions_get_count(self._sftp)
  *         return rc
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":59
+        /* "ssh/sftp.pyx":61
  *         cdef unsigned int rc
  *         with nogil:
  *             rc = c_sftp.sftp_extensions_get_count(self._sftp)             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
         __pyx_v_rc = sftp_extensions_get_count(__pyx_v_self->_sftp);
       }
 
-      /* "ssh/sftp.pyx":58
+      /* "ssh/sftp.pyx":60
  *     def extensions_get_count(self):
  *         cdef unsigned int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_extensions_get_count(self._sftp)
  *         return rc
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":60
+  /* "ssh/sftp.pyx":62
  *         with nogil:
  *             rc = c_sftp.sftp_extensions_get_count(self._sftp)
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def extensions_get_name(self, unsigned int indexn):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_unsigned_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 60, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_unsigned_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 62, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":56
+  /* "ssh/sftp.pyx":58
  *         return rc
  * 
  *     def extensions_get_count(self):             # <<<<<<<<<<<<<<
  *         cdef unsigned int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2141,37 +3576,96 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_6extensions_get_count(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":62
+/* "ssh/sftp.pyx":64
  *         return rc
  * 
  *     def extensions_get_name(self, unsigned int indexn):             # <<<<<<<<<<<<<<
  *         cdef const char *_name
  *         cdef bytes name = None
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name(PyObject *__pyx_v_self, PyObject *__pyx_arg_indexn); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_8extensions_get_name[] = "SFTP.extensions_get_name(self, unsigned int indexn)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name(PyObject *__pyx_v_self, PyObject *__pyx_arg_indexn) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_8extensions_get_name, "SFTP.extensions_get_name(self, unsigned int indexn)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_9extensions_get_name = {"extensions_get_name", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_8extensions_get_name};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   unsigned int __pyx_v_indexn;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("extensions_get_name (wrapper)", 0);
-  assert(__pyx_arg_indexn); {
-    __pyx_v_indexn = __Pyx_PyInt_As_unsigned_int(__pyx_arg_indexn); if (unlikely((__pyx_v_indexn == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 62, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_indexn,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 64, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 64, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "extensions_get_name", 0) < 0) __PYX_ERR(0, 64, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("extensions_get_name", 1, 1, 1, i); __PYX_ERR(0, 64, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 64, __pyx_L3_error)
+    }
+    __pyx_v_indexn = __Pyx_PyLong_As_unsigned_int(values[0]); if (unlikely((__pyx_v_indexn == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 64, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("extensions_get_name", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 64, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.extensions_get_name", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_8extensions_get_name(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((unsigned int)__pyx_v_indexn));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_8extensions_get_name(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_indexn);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2188,110 +3682,107 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_8extensions_get_name(struct __pyx_obj
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("extensions_get_name", 0);
 
-  /* "ssh/sftp.pyx":64
+  /* "ssh/sftp.pyx":66
  *     def extensions_get_name(self, unsigned int indexn):
  *         cdef const char *_name
  *         cdef bytes name = None             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)
- */
+*/
   __Pyx_INCREF(Py_None);
   __pyx_v_name = ((PyObject*)Py_None);
 
-  /* "ssh/sftp.pyx":65
+  /* "ssh/sftp.pyx":67
  *         cdef const char *_name
  *         cdef bytes name = None
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)
  *         if _name is not NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":66
+        /* "ssh/sftp.pyx":68
  *         cdef bytes name = None
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)             # <<<<<<<<<<<<<<
  *         if _name is not NULL:
  *             name = _name
- */
+*/
         __pyx_v__name = sftp_extensions_get_name(__pyx_v_self->_sftp, __pyx_v_indexn);
       }
 
-      /* "ssh/sftp.pyx":65
+      /* "ssh/sftp.pyx":67
  *         cdef const char *_name
  *         cdef bytes name = None
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)
  *         if _name is not NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":67
+  /* "ssh/sftp.pyx":69
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)
  *         if _name is not NULL:             # <<<<<<<<<<<<<<
  *             name = _name
  *         return name
- */
-  __pyx_t_1 = ((__pyx_v__name != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__name != NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/sftp.pyx":68
+    /* "ssh/sftp.pyx":70
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)
  *         if _name is not NULL:
  *             name = _name             # <<<<<<<<<<<<<<
  *         return name
  * 
- */
-    __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__name); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 68, __pyx_L1_error)
+*/
+    __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__name); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 70, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_DECREF_SET(__pyx_v_name, ((PyObject*)__pyx_t_2));
     __pyx_t_2 = 0;
 
-    /* "ssh/sftp.pyx":67
+    /* "ssh/sftp.pyx":69
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_name(self._sftp, indexn)
  *         if _name is not NULL:             # <<<<<<<<<<<<<<
  *             name = _name
  *         return name
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":69
+  /* "ssh/sftp.pyx":71
  *         if _name is not NULL:
  *             name = _name
  *         return name             # <<<<<<<<<<<<<<
  * 
  *     def extensions_get_data(self, unsigned int indexn):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_name);
   __pyx_r = __pyx_v_name;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":62
+  /* "ssh/sftp.pyx":64
  *         return rc
  * 
  *     def extensions_get_name(self, unsigned int indexn):             # <<<<<<<<<<<<<<
  *         cdef const char *_name
  *         cdef bytes name = None
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2305,37 +3796,96 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_8extensions_get_name(struct __pyx_obj
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":71
+/* "ssh/sftp.pyx":73
  *         return name
  * 
  *     def extensions_get_data(self, unsigned int indexn):             # <<<<<<<<<<<<<<
  *         cdef const char *_name
  *         cdef bytes name = None
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data(PyObject *__pyx_v_self, PyObject *__pyx_arg_indexn); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_10extensions_get_data[] = "SFTP.extensions_get_data(self, unsigned int indexn)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data(PyObject *__pyx_v_self, PyObject *__pyx_arg_indexn) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_10extensions_get_data, "SFTP.extensions_get_data(self, unsigned int indexn)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_11extensions_get_data = {"extensions_get_data", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_10extensions_get_data};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   unsigned int __pyx_v_indexn;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("extensions_get_data (wrapper)", 0);
-  assert(__pyx_arg_indexn); {
-    __pyx_v_indexn = __Pyx_PyInt_As_unsigned_int(__pyx_arg_indexn); if (unlikely((__pyx_v_indexn == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 71, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_indexn,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 73, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 73, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "extensions_get_data", 0) < 0) __PYX_ERR(0, 73, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("extensions_get_data", 1, 1, 1, i); __PYX_ERR(0, 73, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 73, __pyx_L3_error)
+    }
+    __pyx_v_indexn = __Pyx_PyLong_As_unsigned_int(values[0]); if (unlikely((__pyx_v_indexn == (unsigned int)-1) && PyErr_Occurred())) __PYX_ERR(0, 73, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("extensions_get_data", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 73, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.extensions_get_data", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_10extensions_get_data(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((unsigned int)__pyx_v_indexn));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_10extensions_get_data(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_indexn);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2352,110 +3902,107 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_10extensions_get_data(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("extensions_get_data", 0);
 
-  /* "ssh/sftp.pyx":73
+  /* "ssh/sftp.pyx":75
  *     def extensions_get_data(self, unsigned int indexn):
  *         cdef const char *_name
  *         cdef bytes name = None             # <<<<<<<<<<<<<<
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)
- */
+*/
   __Pyx_INCREF(Py_None);
   __pyx_v_name = ((PyObject*)Py_None);
 
-  /* "ssh/sftp.pyx":74
+  /* "ssh/sftp.pyx":76
  *         cdef const char *_name
  *         cdef bytes name = None
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)
  *         if _name is not NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":75
+        /* "ssh/sftp.pyx":77
  *         cdef bytes name = None
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)             # <<<<<<<<<<<<<<
  *         if _name is not NULL:
  *             name = _name
- */
+*/
         __pyx_v__name = sftp_extensions_get_data(__pyx_v_self->_sftp, __pyx_v_indexn);
       }
 
-      /* "ssh/sftp.pyx":74
+      /* "ssh/sftp.pyx":76
  *         cdef const char *_name
  *         cdef bytes name = None
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)
  *         if _name is not NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":76
+  /* "ssh/sftp.pyx":78
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)
  *         if _name is not NULL:             # <<<<<<<<<<<<<<
  *             name = _name
  *         return name
- */
-  __pyx_t_1 = ((__pyx_v__name != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__name != NULL);
   if (__pyx_t_1) {
 
-    /* "ssh/sftp.pyx":77
+    /* "ssh/sftp.pyx":79
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)
  *         if _name is not NULL:
  *             name = _name             # <<<<<<<<<<<<<<
  *         return name
  * 
- */
-    __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__name); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 77, __pyx_L1_error)
+*/
+    __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v__name); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 79, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_DECREF_SET(__pyx_v_name, ((PyObject*)__pyx_t_2));
     __pyx_t_2 = 0;
 
-    /* "ssh/sftp.pyx":76
+    /* "ssh/sftp.pyx":78
  *         with nogil:
  *             _name = c_sftp.sftp_extensions_get_data(self._sftp, indexn)
  *         if _name is not NULL:             # <<<<<<<<<<<<<<
  *             name = _name
  *         return name
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":78
+  /* "ssh/sftp.pyx":80
  *         if _name is not NULL:
  *             name = _name
  *         return name             # <<<<<<<<<<<<<<
  * 
  *     def extension_supported(self, name not None, data not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_name);
   __pyx_r = __pyx_v_name;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":71
+  /* "ssh/sftp.pyx":73
  *         return name
  * 
  *     def extensions_get_data(self, unsigned int indexn):             # <<<<<<<<<<<<<<
  *         cdef const char *_name
  *         cdef bytes name = None
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2469,77 +4016,103 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_10extensions_get_data(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":80
+/* "ssh/sftp.pyx":82
  *         return name
  * 
  *     def extension_supported(self, name not None, data not None):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         cdef bytes b_name = to_bytes(name)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_12extension_supported[] = "SFTP.extension_supported(self, name, data)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_12extension_supported, "SFTP.extension_supported(self, name, data)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_13extension_supported = {"extension_supported", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_12extension_supported};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_name = 0;
   PyObject *__pyx_v_data = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("extension_supported (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_name,&__pyx_n_s_data,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_name,&__pyx_mstate_global->__pyx_n_u_data,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 82, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 82, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 82, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_name)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_data)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("extension_supported", 1, 2, 2, 1); __PYX_ERR(0, 80, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "extension_supported") < 0)) __PYX_ERR(0, 80, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "extension_supported", 0) < 0) __PYX_ERR(0, 82, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("extension_supported", 1, 2, 2, i); __PYX_ERR(0, 82, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 82, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 82, __pyx_L3_error)
     }
     __pyx_v_name = values[0];
     __pyx_v_data = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("extension_supported", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 80, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("extension_supported", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 82, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.extension_supported", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_name) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "name"); __PYX_ERR(0, 80, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "name"); __PYX_ERR(0, 82, __pyx_L1_error)
   }
   if (unlikely(((PyObject *)__pyx_v_data) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "data"); __PYX_ERR(0, 80, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "data"); __PYX_ERR(0, 82, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_12extension_supported(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_name, __pyx_v_data);
 
@@ -2547,7 +4120,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported(PyObject *__pyx
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2569,124 +4150,121 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_12extension_supported(struct __pyx_ob
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("extension_supported", 0);
 
-  /* "ssh/sftp.pyx":82
+  /* "ssh/sftp.pyx":84
  *     def extension_supported(self, name not None, data not None):
  *         cdef bint rc
  *         cdef bytes b_name = to_bytes(name)             # <<<<<<<<<<<<<<
  *         cdef const char *c_name = b_name
  *         cdef bytes b_data = to_bytes(data)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 82, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_name); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 84, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_name = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":83
+  /* "ssh/sftp.pyx":85
  *         cdef bint rc
  *         cdef bytes b_name = to_bytes(name)
  *         cdef const char *c_name = b_name             # <<<<<<<<<<<<<<
  *         cdef bytes b_data = to_bytes(data)
  *         cdef const char *c_data = b_data
- */
+*/
   if (unlikely(__pyx_v_b_name == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 83, __pyx_L1_error)
+    __PYX_ERR(0, 85, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 83, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_name); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 85, __pyx_L1_error)
   __pyx_v_c_name = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":84
+  /* "ssh/sftp.pyx":86
  *         cdef bytes b_name = to_bytes(name)
  *         cdef const char *c_name = b_name
  *         cdef bytes b_data = to_bytes(data)             # <<<<<<<<<<<<<<
  *         cdef const char *c_data = b_data
  *         with nogil:
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_data); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 84, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_data); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 86, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_data = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":85
+  /* "ssh/sftp.pyx":87
  *         cdef const char *c_name = b_name
  *         cdef bytes b_data = to_bytes(data)
  *         cdef const char *c_data = b_data             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_sftp.sftp_extension_supported(
- */
+*/
   if (unlikely(__pyx_v_b_data == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 85, __pyx_L1_error)
+    __PYX_ERR(0, 87, __pyx_L1_error)
   }
-  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_data); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 85, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_data); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 87, __pyx_L1_error)
   __pyx_v_c_data = __pyx_t_3;
 
-  /* "ssh/sftp.pyx":86
+  /* "ssh/sftp.pyx":88
  *         cdef bytes b_data = to_bytes(data)
  *         cdef const char *c_data = b_data
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_extension_supported(
  *                 self._sftp, c_name, c_data)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":87
+        /* "ssh/sftp.pyx":89
  *         cdef const char *c_data = b_data
  *         with nogil:
  *             rc = c_sftp.sftp_extension_supported(             # <<<<<<<<<<<<<<
  *                 self._sftp, c_name, c_data)
  *         return bool(rc)
- */
+*/
         __pyx_v_rc = sftp_extension_supported(__pyx_v_self->_sftp, __pyx_v_c_name, __pyx_v_c_data);
       }
 
-      /* "ssh/sftp.pyx":86
+      /* "ssh/sftp.pyx":88
  *         cdef bytes b_data = to_bytes(data)
  *         cdef const char *c_data = b_data
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_extension_supported(
  *                 self._sftp, c_name, c_data)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":89
+  /* "ssh/sftp.pyx":91
  *             rc = c_sftp.sftp_extension_supported(
  *                 self._sftp, c_name, c_data)
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def opendir(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_4 = __pyx_v_rc;
-  __pyx_t_1 = __Pyx_PyBool_FromLong((!(!__pyx_t_4))); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 89, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyBool_FromLong((!(!__pyx_t_4))); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 91, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":80
+  /* "ssh/sftp.pyx":82
  *         return name
  * 
  *     def extension_supported(self, name not None, data not None):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         cdef bytes b_name = to_bytes(name)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2701,34 +4279,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_12extension_supported(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":91
+/* "ssh/sftp.pyx":93
  *         return bool(rc)
  * 
  *     def opendir(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef SFTPDir _dir
  *         cdef c_sftp.sftp_dir c_dir
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_15opendir(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_14opendir[] = "SFTP.opendir(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_15opendir(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_15opendir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_14opendir, "SFTP.opendir(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_15opendir = {"opendir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_15opendir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_14opendir};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_15opendir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("opendir (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 93, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 93, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "opendir", 0) < 0) __PYX_ERR(0, 93, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("opendir", 1, 1, 1, i); __PYX_ERR(0, 93, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 93, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("opendir", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 93, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.opendir", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 91, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 93, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_14opendir(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_14opendir(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2746,162 +4398,166 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_14opendir(struct __pyx_obj_3ssh_4sftp
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("opendir", 0);
 
-  /* "ssh/sftp.pyx":94
+  /* "ssh/sftp.pyx":96
  *         cdef SFTPDir _dir
  *         cdef c_sftp.sftp_dir c_dir
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         with nogil:
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 94, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 96, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":95
+  /* "ssh/sftp.pyx":97
  *         cdef c_sftp.sftp_dir c_dir
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 95, __pyx_L1_error)
+    __PYX_ERR(0, 97, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 95, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 97, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":96
+  /* "ssh/sftp.pyx":98
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)
  *         if c_dir is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":97
+        /* "ssh/sftp.pyx":99
  *         cdef const char *c_path = b_path
  *         with nogil:
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if c_dir is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_c_dir = sftp_opendir(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":96
+      /* "ssh/sftp.pyx":98
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)
  *         if c_dir is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":98
+  /* "ssh/sftp.pyx":100
  *         with nogil:
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)
  *         if c_dir is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _dir = SFTPDir.from_ptr(c_dir, self)
- */
-  __pyx_t_3 = ((__pyx_v_c_dir == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_c_dir == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":99
+    /* "ssh/sftp.pyx":101
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)
  *         if c_dir is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         _dir = SFTPDir.from_ptr(c_dir, self)
  *         return _dir
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 99, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 99, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 101, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 101, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 101, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 99, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 99, __pyx_L1_error)
+    __PYX_ERR(0, 101, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":98
+    /* "ssh/sftp.pyx":100
  *         with nogil:
  *             c_dir = c_sftp.sftp_opendir(self._sftp, c_path)
  *         if c_dir is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _dir = SFTPDir.from_ptr(c_dir, self)
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":100
+  /* "ssh/sftp.pyx":102
  *         if c_dir is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _dir = SFTPDir.from_ptr(c_dir, self)             # <<<<<<<<<<<<<<
  *         return _dir
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_handles_SFTPDir->from_ptr(__pyx_v_c_dir, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 100, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_handles_SFTPDir->from_ptr(__pyx_v_c_dir, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 102, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v__dir = ((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":101
+  /* "ssh/sftp.pyx":103
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _dir = SFTPDir.from_ptr(c_dir, self)
  *         return _dir             # <<<<<<<<<<<<<<
  * 
  *     def stat(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v__dir));
+  __Pyx_INCREF((PyObject *)__pyx_v__dir);
   __pyx_r = ((PyObject *)__pyx_v__dir);
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":91
+  /* "ssh/sftp.pyx":93
  *         return bool(rc)
  * 
  *     def opendir(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef SFTPDir _dir
  *         cdef c_sftp.sftp_dir c_dir
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2919,34 +4575,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_14opendir(struct __pyx_obj_3ssh_4sftp
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":103
+/* "ssh/sftp.pyx":105
  *         return _dir
  * 
  *     def stat(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_17stat(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_16stat[] = "SFTP.stat(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_17stat(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_17stat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_16stat, "SFTP.stat(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_17stat = {"stat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_17stat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_16stat};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_17stat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("stat (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 105, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 105, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "stat", 0) < 0) __PYX_ERR(0, 105, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("stat", 1, 1, 1, i); __PYX_ERR(0, 105, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 105, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("stat", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 105, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.stat", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 103, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 105, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_16stat(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_16stat(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2964,162 +4694,166 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_16stat(struct __pyx_obj_3ssh_4sftp_SF
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("stat", 0);
 
-  /* "ssh/sftp.pyx":106
+  /* "ssh/sftp.pyx":108
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         with nogil:
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 106, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 108, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":107
+  /* "ssh/sftp.pyx":109
  *         cdef c_sftp.sftp_attributes c_attrs
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 107, __pyx_L1_error)
+    __PYX_ERR(0, 109, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 107, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 109, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":108
+  /* "ssh/sftp.pyx":110
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)
  *         if c_attrs is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":109
+        /* "ssh/sftp.pyx":111
  *         cdef const char *c_path = b_path
  *         with nogil:
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if c_attrs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_c_attrs = sftp_stat(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":108
+      /* "ssh/sftp.pyx":110
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)
  *         if c_attrs is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":110
+  /* "ssh/sftp.pyx":112
  *         with nogil:
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)
  *         if c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
- */
-  __pyx_t_3 = ((__pyx_v_c_attrs == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_c_attrs == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":111
+    /* "ssh/sftp.pyx":113
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)
  *         if c_attrs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
  *         return _attrs
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 111, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 111, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 113, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 113, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 111, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 111, __pyx_L1_error)
+    __PYX_ERR(0, 113, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":110
+    /* "ssh/sftp.pyx":112
  *         with nogil:
  *             c_attrs = c_sftp.sftp_stat(self._sftp, c_path)
  *         if c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":112
+  /* "ssh/sftp.pyx":114
  *         if c_attrs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)             # <<<<<<<<<<<<<<
  *         return _attrs
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 112, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 114, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v__attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":113
+  /* "ssh/sftp.pyx":115
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
  *         return _attrs             # <<<<<<<<<<<<<<
  * 
  *     def lstat(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v__attrs));
+  __Pyx_INCREF((PyObject *)__pyx_v__attrs);
   __pyx_r = ((PyObject *)__pyx_v__attrs);
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":103
+  /* "ssh/sftp.pyx":105
  *         return _dir
  * 
  *     def stat(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3137,34 +4871,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_16stat(struct __pyx_obj_3ssh_4sftp_SF
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":115
+/* "ssh/sftp.pyx":117
  *         return _attrs
  * 
  *     def lstat(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_19lstat(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_18lstat[] = "SFTP.lstat(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_19lstat(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_19lstat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_18lstat, "SFTP.lstat(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_19lstat = {"lstat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_19lstat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_18lstat};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_19lstat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("lstat (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 117, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 117, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "lstat", 0) < 0) __PYX_ERR(0, 117, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("lstat", 1, 1, 1, i); __PYX_ERR(0, 117, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 117, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("lstat", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 117, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.lstat", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 115, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 117, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_18lstat(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_18lstat(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3182,162 +4990,166 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_18lstat(struct __pyx_obj_3ssh_4sftp_S
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("lstat", 0);
 
-  /* "ssh/sftp.pyx":118
+  /* "ssh/sftp.pyx":120
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         with nogil:
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 118, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 120, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":119
+  /* "ssh/sftp.pyx":121
  *         cdef c_sftp.sftp_attributes c_attrs
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 119, __pyx_L1_error)
+    __PYX_ERR(0, 121, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 119, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 121, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":120
+  /* "ssh/sftp.pyx":122
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)
  *         if c_attrs is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":121
+        /* "ssh/sftp.pyx":123
  *         cdef const char *c_path = b_path
  *         with nogil:
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if c_attrs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_c_attrs = sftp_lstat(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":120
+      /* "ssh/sftp.pyx":122
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)
  *         if c_attrs is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":122
+  /* "ssh/sftp.pyx":124
  *         with nogil:
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)
  *         if c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
- */
-  __pyx_t_3 = ((__pyx_v_c_attrs == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_c_attrs == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":123
+    /* "ssh/sftp.pyx":125
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)
  *         if c_attrs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
  *         return _attrs
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 123, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 123, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 125, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 125, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 125, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 123, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 123, __pyx_L1_error)
+    __PYX_ERR(0, 125, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":122
+    /* "ssh/sftp.pyx":124
  *         with nogil:
  *             c_attrs = c_sftp.sftp_lstat(self._sftp, c_path)
  *         if c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":124
+  /* "ssh/sftp.pyx":126
  *         if c_attrs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)             # <<<<<<<<<<<<<<
  *         return _attrs
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 124, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 126, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v__attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":125
+  /* "ssh/sftp.pyx":127
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self)
  *         return _attrs             # <<<<<<<<<<<<<<
  * 
  *     def open(self, path not None, int accesstype, c_sftp.mode_t mode):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v__attrs));
+  __Pyx_INCREF((PyObject *)__pyx_v__attrs);
   __pyx_r = ((PyObject *)__pyx_v__attrs);
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":115
+  /* "ssh/sftp.pyx":117
  *         return _attrs
  * 
  *     def lstat(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3355,85 +5167,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_18lstat(struct __pyx_obj_3ssh_4sftp_S
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":127
+/* "ssh/sftp.pyx":129
  *         return _attrs
  * 
  *     def open(self, path not None, int accesstype, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_21open(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_20open[] = "SFTP.open(self, path, int accesstype, mode_t mode)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_21open(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_21open(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_20open, "SFTP.open(self, path, int accesstype, mode_t mode)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_21open = {"open", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_21open, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_20open};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_21open(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_path = 0;
   int __pyx_v_accesstype;
   mode_t __pyx_v_mode;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("open (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_path,&__pyx_n_s_accesstype,&__pyx_n_s_mode,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,&__pyx_mstate_global->__pyx_n_u_accesstype,&__pyx_mstate_global->__pyx_n_u_mode,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 129, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 129, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 129, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 129, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_path)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_accesstype)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("open", 1, 3, 3, 1); __PYX_ERR(0, 127, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_mode)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("open", 1, 3, 3, 2); __PYX_ERR(0, 127, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "open") < 0)) __PYX_ERR(0, 127, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "open", 0) < 0) __PYX_ERR(0, 129, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("open", 1, 3, 3, i); __PYX_ERR(0, 129, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 129, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 129, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 129, __pyx_L3_error)
     }
     __pyx_v_path = values[0];
-    __pyx_v_accesstype = __Pyx_PyInt_As_int(values[1]); if (unlikely((__pyx_v_accesstype == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 127, __pyx_L3_error)
-    __pyx_v_mode = __Pyx_PyInt_As_mode_t(values[2]); if (unlikely((__pyx_v_mode == ((mode_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 127, __pyx_L3_error)
+    __pyx_v_accesstype = __Pyx_PyLong_As_int(values[1]); if (unlikely((__pyx_v_accesstype == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 129, __pyx_L3_error)
+    __pyx_v_mode = __Pyx_PyLong_As_mode_t(values[2]); if (unlikely((__pyx_v_mode == ((mode_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 129, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("open", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 127, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("open", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 129, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.open", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 127, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 129, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_20open(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path, __pyx_v_accesstype, __pyx_v_mode);
 
@@ -3441,7 +5276,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_21open(PyObject *__pyx_v_self, PyObje
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3459,162 +5302,166 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_20open(struct __pyx_obj_3ssh_4sftp_SF
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("open", 0);
 
-  /* "ssh/sftp.pyx":128
+  /* "ssh/sftp.pyx":130
  * 
  *     def open(self, path not None, int accesstype, c_sftp.mode_t mode):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef SFTPFile _file
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 128, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 130, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":129
+  /* "ssh/sftp.pyx":131
  *     def open(self, path not None, int accesstype, c_sftp.mode_t mode):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef SFTPFile _file
  *         cdef c_sftp.sftp_file c_file
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 129, __pyx_L1_error)
+    __PYX_ERR(0, 131, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 129, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 131, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":132
+  /* "ssh/sftp.pyx":134
  *         cdef SFTPFile _file
  *         cdef c_sftp.sftp_file c_file
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_file = c_sftp.sftp_open(self._sftp, c_path, accesstype, mode)
  *         if c_file is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":133
+        /* "ssh/sftp.pyx":135
  *         cdef c_sftp.sftp_file c_file
  *         with nogil:
  *             c_file = c_sftp.sftp_open(self._sftp, c_path, accesstype, mode)             # <<<<<<<<<<<<<<
  *         if c_file is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_c_file = sftp_open(__pyx_v_self->_sftp, __pyx_v_c_path, __pyx_v_accesstype, __pyx_v_mode);
       }
 
-      /* "ssh/sftp.pyx":132
+      /* "ssh/sftp.pyx":134
  *         cdef SFTPFile _file
  *         cdef c_sftp.sftp_file c_file
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_file = c_sftp.sftp_open(self._sftp, c_path, accesstype, mode)
  *         if c_file is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":134
+  /* "ssh/sftp.pyx":136
  *         with nogil:
  *             c_file = c_sftp.sftp_open(self._sftp, c_path, accesstype, mode)
  *         if c_file is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _file = SFTPFile.from_ptr(c_file, self)
- */
-  __pyx_t_3 = ((__pyx_v_c_file == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_c_file == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":135
+    /* "ssh/sftp.pyx":137
  *             c_file = c_sftp.sftp_open(self._sftp, c_path, accesstype, mode)
  *         if c_file is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         _file = SFTPFile.from_ptr(c_file, self)
  *         return _file
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 135, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 135, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 137, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 137, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 137, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 135, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 135, __pyx_L1_error)
+    __PYX_ERR(0, 137, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":134
+    /* "ssh/sftp.pyx":136
  *         with nogil:
  *             c_file = c_sftp.sftp_open(self._sftp, c_path, accesstype, mode)
  *         if c_file is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _file = SFTPFile.from_ptr(c_file, self)
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":136
+  /* "ssh/sftp.pyx":138
  *         if c_file is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _file = SFTPFile.from_ptr(c_file, self)             # <<<<<<<<<<<<<<
  *         return _file
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_handles_SFTPFile->from_ptr(__pyx_v_c_file, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 136, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_handles_SFTPFile->from_ptr(__pyx_v_c_file, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 138, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v__file = ((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":137
+  /* "ssh/sftp.pyx":139
  *             raise SFTPHandleError(ssh_get_error(self.session._session))
  *         _file = SFTPFile.from_ptr(c_file, self)
  *         return _file             # <<<<<<<<<<<<<<
  * 
  *     def unlink(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v__file));
+  __Pyx_INCREF((PyObject *)__pyx_v__file);
   __pyx_r = ((PyObject *)__pyx_v__file);
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":127
+  /* "ssh/sftp.pyx":129
  *         return _attrs
  * 
  *     def open(self, path not None, int accesstype, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3632,34 +5479,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_20open(struct __pyx_obj_3ssh_4sftp_SF
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":139
+/* "ssh/sftp.pyx":141
  *         return _file
  * 
  *     def unlink(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_23unlink(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_22unlink[] = "SFTP.unlink(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_23unlink(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_23unlink(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_22unlink, "SFTP.unlink(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_23unlink = {"unlink", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_23unlink, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_22unlink};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_23unlink(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("unlink (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 141, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 141, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "unlink", 0) < 0) __PYX_ERR(0, 141, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("unlink", 1, 1, 1, i); __PYX_ERR(0, 141, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 141, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("unlink", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 141, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.unlink", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 139, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 141, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_22unlink(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_22unlink(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3676,152 +5597,156 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_22unlink(struct __pyx_obj_3ssh_4sftp_
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("unlink", 0);
 
-  /* "ssh/sftp.pyx":140
+  /* "ssh/sftp.pyx":142
  * 
  *     def unlink(self, path not None):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 140, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 142, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":141
+  /* "ssh/sftp.pyx":143
  *     def unlink(self, path not None):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 141, __pyx_L1_error)
+    __PYX_ERR(0, 143, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 141, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 143, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":143
+  /* "ssh/sftp.pyx":145
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_unlink(self._sftp, c_path)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":144
+        /* "ssh/sftp.pyx":146
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_unlink(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_rc = sftp_unlink(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":143
+      /* "ssh/sftp.pyx":145
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_unlink(self._sftp, c_path)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":145
+  /* "ssh/sftp.pyx":147
  *         with nogil:
  *             rc = c_sftp.sftp_unlink(self._sftp, c_path)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":146
+    /* "ssh/sftp.pyx":148
  *             rc = c_sftp.sftp_unlink(self._sftp, c_path)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 146, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 146, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 148, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 148, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 148, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 146, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 146, __pyx_L1_error)
+    __PYX_ERR(0, 148, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":145
+    /* "ssh/sftp.pyx":147
  *         with nogil:
  *             rc = c_sftp.sftp_unlink(self._sftp, c_path)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":147
+  /* "ssh/sftp.pyx":149
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def rmdir(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 147, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 149, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":139
+  /* "ssh/sftp.pyx":141
  *         return _file
  * 
  *     def unlink(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3838,34 +5763,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_22unlink(struct __pyx_obj_3ssh_4sftp_
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":149
+/* "ssh/sftp.pyx":151
  *         return rc
  * 
  *     def rmdir(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_25rmdir(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_24rmdir[] = "SFTP.rmdir(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_25rmdir(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_25rmdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_24rmdir, "SFTP.rmdir(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_25rmdir = {"rmdir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_25rmdir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_24rmdir};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_25rmdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("rmdir (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 151, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 151, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "rmdir", 0) < 0) __PYX_ERR(0, 151, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("rmdir", 1, 1, 1, i); __PYX_ERR(0, 151, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 151, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("rmdir", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 151, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.rmdir", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 149, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 151, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_24rmdir(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_24rmdir(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3882,152 +5881,156 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_24rmdir(struct __pyx_obj_3ssh_4sftp_S
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("rmdir", 0);
 
-  /* "ssh/sftp.pyx":150
+  /* "ssh/sftp.pyx":152
  * 
  *     def rmdir(self, path not None):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 150, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 152, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":151
+  /* "ssh/sftp.pyx":153
  *     def rmdir(self, path not None):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 151, __pyx_L1_error)
+    __PYX_ERR(0, 153, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 151, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 153, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":153
+  /* "ssh/sftp.pyx":155
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_rmdir(self._sftp, c_path)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":154
+        /* "ssh/sftp.pyx":156
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_rmdir(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_rc = sftp_rmdir(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":153
+      /* "ssh/sftp.pyx":155
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_rmdir(self._sftp, c_path)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":155
+  /* "ssh/sftp.pyx":157
  *         with nogil:
  *             rc = c_sftp.sftp_rmdir(self._sftp, c_path)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":156
+    /* "ssh/sftp.pyx":158
  *             rc = c_sftp.sftp_rmdir(self._sftp, c_path)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 156, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 156, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 158, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 158, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 158, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 156, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 156, __pyx_L1_error)
+    __PYX_ERR(0, 158, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":155
+    /* "ssh/sftp.pyx":157
  *         with nogil:
  *             rc = c_sftp.sftp_rmdir(self._sftp, c_path)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":157
+  /* "ssh/sftp.pyx":159
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def mkdir(self, path not None, c_sftp.mode_t mode):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 157, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 159, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":149
+  /* "ssh/sftp.pyx":151
  *         return rc
  * 
  *     def rmdir(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4044,74 +6047,100 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_24rmdir(struct __pyx_obj_3ssh_4sftp_S
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":159
+/* "ssh/sftp.pyx":161
  *         return rc
  * 
  *     def mkdir(self, path not None, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_27mkdir(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_26mkdir[] = "SFTP.mkdir(self, path, mode_t mode)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_27mkdir(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_27mkdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_26mkdir, "SFTP.mkdir(self, path, mode_t mode)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_27mkdir = {"mkdir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_27mkdir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_26mkdir};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_27mkdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_path = 0;
   mode_t __pyx_v_mode;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("mkdir (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_path,&__pyx_n_s_mode,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,&__pyx_mstate_global->__pyx_n_u_mode,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 161, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 161, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 161, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_path)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_mode)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("mkdir", 1, 2, 2, 1); __PYX_ERR(0, 159, __pyx_L3_error)
-        }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "mkdir", 0) < 0) __PYX_ERR(0, 161, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("mkdir", 1, 2, 2, i); __PYX_ERR(0, 161, __pyx_L3_error) }
       }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "mkdir") < 0)) __PYX_ERR(0, 159, __pyx_L3_error)
-      }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 161, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 161, __pyx_L3_error)
     }
     __pyx_v_path = values[0];
-    __pyx_v_mode = __Pyx_PyInt_As_mode_t(values[1]); if (unlikely((__pyx_v_mode == ((mode_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 159, __pyx_L3_error)
+    __pyx_v_mode = __Pyx_PyLong_As_mode_t(values[1]); if (unlikely((__pyx_v_mode == ((mode_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 161, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("mkdir", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 159, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("mkdir", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 161, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.mkdir", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 159, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 161, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_26mkdir(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path, __pyx_v_mode);
 
@@ -4119,7 +6148,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_27mkdir(PyObject *__pyx_v_self, PyObj
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4138,98 +6175,95 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_26mkdir(struct __pyx_obj_3ssh_4sftp_S
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("mkdir", 0);
 
-  /* "ssh/sftp.pyx":160
+  /* "ssh/sftp.pyx":162
  * 
  *     def mkdir(self, path not None, c_sftp.mode_t mode):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 160, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 162, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":161
+  /* "ssh/sftp.pyx":163
  *     def mkdir(self, path not None, c_sftp.mode_t mode):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 161, __pyx_L1_error)
+    __PYX_ERR(0, 163, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 161, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 163, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":163
+  /* "ssh/sftp.pyx":165
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_mkdir(self._sftp, c_path, mode)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":164
+        /* "ssh/sftp.pyx":166
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_mkdir(self._sftp, c_path, mode)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = sftp_mkdir(__pyx_v_self->_sftp, __pyx_v_c_path, __pyx_v_mode);
       }
 
-      /* "ssh/sftp.pyx":163
+      /* "ssh/sftp.pyx":165
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_mkdir(self._sftp, c_path, mode)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":165
+  /* "ssh/sftp.pyx":167
  *         with nogil:
  *             rc = c_sftp.sftp_mkdir(self._sftp, c_path, mode)
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def rename(self, original not None, newname not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 165, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 165, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 167, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 167, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":159
+  /* "ssh/sftp.pyx":161
  *         return rc
  * 
  *     def mkdir(self, path not None, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4243,77 +6277,103 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_26mkdir(struct __pyx_obj_3ssh_4sftp_S
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":167
+/* "ssh/sftp.pyx":169
  *         return handle_error_codes(rc, self.session._session)
  * 
  *     def rename(self, original not None, newname not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_orig = to_bytes(original)
  *         cdef const char *c_orig = b_orig
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_29rename(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_28rename[] = "SFTP.rename(self, original, newname)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_29rename(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_29rename(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_28rename, "SFTP.rename(self, original, newname)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_29rename = {"rename", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_29rename, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_28rename};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_29rename(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_original = 0;
   PyObject *__pyx_v_newname = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("rename (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_original,&__pyx_n_s_newname,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_original,&__pyx_mstate_global->__pyx_n_u_newname,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 169, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 169, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 169, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_original)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_newname)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("rename", 1, 2, 2, 1); __PYX_ERR(0, 167, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "rename") < 0)) __PYX_ERR(0, 167, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "rename", 0) < 0) __PYX_ERR(0, 169, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("rename", 1, 2, 2, i); __PYX_ERR(0, 169, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 169, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 169, __pyx_L3_error)
     }
     __pyx_v_original = values[0];
     __pyx_v_newname = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("rename", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 167, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("rename", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 169, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.rename", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_original) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "original"); __PYX_ERR(0, 167, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "original"); __PYX_ERR(0, 169, __pyx_L1_error)
   }
   if (unlikely(((PyObject *)__pyx_v_newname) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "newname"); __PYX_ERR(0, 167, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "newname"); __PYX_ERR(0, 169, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_28rename(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_original, __pyx_v_newname);
 
@@ -4321,7 +6381,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_29rename(PyObject *__pyx_v_self, PyOb
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4341,178 +6409,182 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_28rename(struct __pyx_obj_3ssh_4sftp_
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
   PyObject *__pyx_t_7 = NULL;
+  size_t __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("rename", 0);
 
-  /* "ssh/sftp.pyx":168
+  /* "ssh/sftp.pyx":170
  * 
  *     def rename(self, original not None, newname not None):
  *         cdef bytes b_orig = to_bytes(original)             # <<<<<<<<<<<<<<
  *         cdef const char *c_orig = b_orig
  *         cdef bytes b_newname = to_bytes(newname)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_original); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 168, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_original); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 170, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_orig = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":169
+  /* "ssh/sftp.pyx":171
  *     def rename(self, original not None, newname not None):
  *         cdef bytes b_orig = to_bytes(original)
  *         cdef const char *c_orig = b_orig             # <<<<<<<<<<<<<<
  *         cdef bytes b_newname = to_bytes(newname)
  *         cdef const char *c_newname = b_newname
- */
+*/
   if (unlikely(__pyx_v_b_orig == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 169, __pyx_L1_error)
+    __PYX_ERR(0, 171, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_orig); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 169, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_orig); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 171, __pyx_L1_error)
   __pyx_v_c_orig = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":170
+  /* "ssh/sftp.pyx":172
  *         cdef bytes b_orig = to_bytes(original)
  *         cdef const char *c_orig = b_orig
  *         cdef bytes b_newname = to_bytes(newname)             # <<<<<<<<<<<<<<
  *         cdef const char *c_newname = b_newname
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_newname); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 170, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_newname); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 172, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_newname = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":171
+  /* "ssh/sftp.pyx":173
  *         cdef const char *c_orig = b_orig
  *         cdef bytes b_newname = to_bytes(newname)
  *         cdef const char *c_newname = b_newname             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_newname == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 171, __pyx_L1_error)
+    __PYX_ERR(0, 173, __pyx_L1_error)
   }
-  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_newname); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 171, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_newname); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 173, __pyx_L1_error)
   __pyx_v_c_newname = __pyx_t_3;
 
-  /* "ssh/sftp.pyx":173
+  /* "ssh/sftp.pyx":175
  *         cdef const char *c_newname = b_newname
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_rename(self._sftp, c_orig, c_newname)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":174
+        /* "ssh/sftp.pyx":176
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_rename(self._sftp, c_orig, c_newname)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_rc = sftp_rename(__pyx_v_self->_sftp, __pyx_v_c_orig, __pyx_v_c_newname);
       }
 
-      /* "ssh/sftp.pyx":173
+      /* "ssh/sftp.pyx":175
  *         cdef const char *c_newname = b_newname
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_rename(self._sftp, c_orig, c_newname)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":175
+  /* "ssh/sftp.pyx":177
  *         with nogil:
  *             rc = c_sftp.sftp_rename(self._sftp, c_orig, c_newname)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_4 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_4 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_4)) {
 
-    /* "ssh/sftp.pyx":176
+    /* "ssh/sftp.pyx":178
  *             rc = c_sftp.sftp_rename(self._sftp, c_orig, c_newname)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 176, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 176, __pyx_L1_error)
+*/
+    __pyx_t_5 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_6, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 178, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_6);
-    __pyx_t_7 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_5))) {
-      __pyx_t_7 = PyMethod_GET_SELF(__pyx_t_5);
-      if (likely(__pyx_t_7)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_5);
-        __Pyx_INCREF(__pyx_t_7);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_5, function);
-      }
+    __pyx_t_7 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 178, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_7);
+    __pyx_t_8 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_6))) {
+      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_6);
+      assert(__pyx_t_5);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_6);
+      __Pyx_INCREF(__pyx_t_5);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_6, __pyx__function);
+      __pyx_t_8 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_5, __pyx_t_7};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_6, __pyx_callargs+__pyx_t_8, (2-__pyx_t_8) | (__pyx_t_8*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 178, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_7) ? __Pyx_PyObject_Call2Args(__pyx_t_5, __pyx_t_7, __pyx_t_6) : __Pyx_PyObject_CallOneArg(__pyx_t_5, __pyx_t_6);
-    __Pyx_XDECREF(__pyx_t_7); __pyx_t_7 = 0;
-    __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 176, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 176, __pyx_L1_error)
+    __PYX_ERR(0, 178, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":175
+    /* "ssh/sftp.pyx":177
  *         with nogil:
  *             rc = c_sftp.sftp_rename(self._sftp, c_orig, c_newname)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":177
+  /* "ssh/sftp.pyx":179
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def setstat(self, path not None, SFTPAttributes attr):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 177, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 179, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":167
+  /* "ssh/sftp.pyx":169
  *         return handle_error_codes(rc, self.session._session)
  * 
  *     def rename(self, original not None, newname not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_orig = to_bytes(original)
  *         cdef const char *c_orig = b_orig
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4530,83 +6602,117 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_28rename(struct __pyx_obj_3ssh_4sftp_
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":179
+/* "ssh/sftp.pyx":181
  *         return rc
  * 
  *     def setstat(self, path not None, SFTPAttributes attr):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_31setstat(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_30setstat[] = "SFTP.setstat(self, path, SFTPAttributes attr)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_31setstat(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_31setstat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_30setstat, "SFTP.setstat(self, path, SFTPAttributes attr)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_31setstat = {"setstat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_31setstat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_30setstat};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_31setstat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_path = 0;
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_attr = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("setstat (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_path,&__pyx_n_s_attr,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,&__pyx_mstate_global->__pyx_n_u_attr,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 181, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 181, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 181, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_path)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_attr)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("setstat", 1, 2, 2, 1); __PYX_ERR(0, 179, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "setstat") < 0)) __PYX_ERR(0, 179, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "setstat", 0) < 0) __PYX_ERR(0, 181, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("setstat", 1, 2, 2, i); __PYX_ERR(0, 181, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 181, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 181, __pyx_L3_error)
     }
     __pyx_v_path = values[0];
     __pyx_v_attr = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)values[1]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("setstat", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 179, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("setstat", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 181, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.setstat", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 179, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 181, __pyx_L1_error)
   }
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_attr), __pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, 1, "attr", 0))) __PYX_ERR(0, 179, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_attr), __pyx_mstate_global->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, 1, "attr", 0))) __PYX_ERR(0, 181, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_30setstat(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path, __pyx_v_attr);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4625,98 +6731,95 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_30setstat(struct __pyx_obj_3ssh_4sftp
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("setstat", 0);
 
-  /* "ssh/sftp.pyx":180
+  /* "ssh/sftp.pyx":182
  * 
  *     def setstat(self, path not None, SFTPAttributes attr):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 180, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 182, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":181
+  /* "ssh/sftp.pyx":183
  *     def setstat(self, path not None, SFTPAttributes attr):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 181, __pyx_L1_error)
+    __PYX_ERR(0, 183, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 181, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 183, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":183
+  /* "ssh/sftp.pyx":185
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_setstat(self._sftp, c_path, attr._attrs)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":184
+        /* "ssh/sftp.pyx":186
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_setstat(self._sftp, c_path, attr._attrs)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
  * 
- */
+*/
         __pyx_v_rc = sftp_setstat(__pyx_v_self->_sftp, __pyx_v_c_path, __pyx_v_attr->_attrs);
       }
 
-      /* "ssh/sftp.pyx":183
+      /* "ssh/sftp.pyx":185
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_setstat(self._sftp, c_path, attr._attrs)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":185
+  /* "ssh/sftp.pyx":187
  *         with nogil:
  *             rc = c_sftp.sftp_setstat(self._sftp, c_path, attr._attrs)
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
  * 
  *     def chown(self, path not None,
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 185, __pyx_L1_error)
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 185, __pyx_L1_error)
+  __pyx_t_3 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_3 == ((int)-1))) __PYX_ERR(0, 187, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_t_3); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 187, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":179
+  /* "ssh/sftp.pyx":181
  *         return rc
  * 
  *     def setstat(self, path not None, SFTPAttributes attr):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4730,85 +6833,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_30setstat(struct __pyx_obj_3ssh_4sftp
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":187
+/* "ssh/sftp.pyx":189
  *         return handle_error_codes(rc, self.session._session)
  * 
  *     def chown(self, path not None,             # <<<<<<<<<<<<<<
  *               c_sftp.uid_t owner, c_sftp.gid_t group):
  *         cdef bytes b_path = to_bytes(path)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_33chown(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_32chown[] = "SFTP.chown(self, path, uid_t owner, gid_t group)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_33chown(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_33chown(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_32chown, "SFTP.chown(self, path, uid_t owner, gid_t group)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_33chown = {"chown", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_33chown, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_32chown};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_33chown(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_path = 0;
   uid_t __pyx_v_owner;
   gid_t __pyx_v_group;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("chown (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_path,&__pyx_n_s_owner,&__pyx_n_s_group,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,&__pyx_mstate_global->__pyx_n_u_owner,&__pyx_mstate_global->__pyx_n_u_group,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 189, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 189, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_path)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_owner)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("chown", 1, 3, 3, 1); __PYX_ERR(0, 187, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_group)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("chown", 1, 3, 3, 2); __PYX_ERR(0, 187, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "chown") < 0)) __PYX_ERR(0, 187, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "chown", 0) < 0) __PYX_ERR(0, 189, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("chown", 1, 3, 3, i); __PYX_ERR(0, 189, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 189, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 189, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 189, __pyx_L3_error)
     }
     __pyx_v_path = values[0];
-    __pyx_v_owner = __Pyx_PyInt_As_uid_t(values[1]); if (unlikely((__pyx_v_owner == ((uid_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 188, __pyx_L3_error)
-    __pyx_v_group = __Pyx_PyInt_As_gid_t(values[2]); if (unlikely((__pyx_v_group == ((gid_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 188, __pyx_L3_error)
+    __pyx_v_owner = __Pyx_PyLong_As_uid_t(values[1]); if (unlikely((__pyx_v_owner == ((uid_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 190, __pyx_L3_error)
+    __pyx_v_group = __Pyx_PyLong_As_gid_t(values[2]); if (unlikely((__pyx_v_group == ((gid_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 190, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("chown", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 187, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("chown", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 189, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.chown", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 187, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 189, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_32chown(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path, __pyx_v_owner, __pyx_v_group);
 
@@ -4816,7 +6942,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_33chown(PyObject *__pyx_v_self, PyObj
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4833,152 +6967,156 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_32chown(struct __pyx_obj_3ssh_4sftp_S
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("chown", 0);
 
-  /* "ssh/sftp.pyx":189
+  /* "ssh/sftp.pyx":191
  *     def chown(self, path not None,
  *               c_sftp.uid_t owner, c_sftp.gid_t group):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 189, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 191, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":190
+  /* "ssh/sftp.pyx":192
  *               c_sftp.uid_t owner, c_sftp.gid_t group):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 190, __pyx_L1_error)
+    __PYX_ERR(0, 192, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 190, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 192, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":192
+  /* "ssh/sftp.pyx":194
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_chown(self._sftp, c_path, owner, group)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":193
+        /* "ssh/sftp.pyx":195
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_chown(self._sftp, c_path, owner, group)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_rc = sftp_chown(__pyx_v_self->_sftp, __pyx_v_c_path, __pyx_v_owner, __pyx_v_group);
       }
 
-      /* "ssh/sftp.pyx":192
+      /* "ssh/sftp.pyx":194
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_chown(self._sftp, c_path, owner, group)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":194
+  /* "ssh/sftp.pyx":196
  *         with nogil:
  *             rc = c_sftp.sftp_chown(self._sftp, c_path, owner, group)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":195
+    /* "ssh/sftp.pyx":197
  *             rc = c_sftp.sftp_chown(self._sftp, c_path, owner, group)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 195, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 195, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 197, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 197, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 197, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 195, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 195, __pyx_L1_error)
+    __PYX_ERR(0, 197, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":194
+    /* "ssh/sftp.pyx":196
  *         with nogil:
  *             rc = c_sftp.sftp_chown(self._sftp, c_path, owner, group)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":196
+  /* "ssh/sftp.pyx":198
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def chmod(self, path not None, c_sftp.mode_t mode):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 196, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 198, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":187
+  /* "ssh/sftp.pyx":189
  *         return handle_error_codes(rc, self.session._session)
  * 
  *     def chown(self, path not None,             # <<<<<<<<<<<<<<
  *               c_sftp.uid_t owner, c_sftp.gid_t group):
  *         cdef bytes b_path = to_bytes(path)
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4995,74 +7133,100 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_32chown(struct __pyx_obj_3ssh_4sftp_S
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":198
+/* "ssh/sftp.pyx":200
  *         return rc
  * 
  *     def chmod(self, path not None, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_35chmod(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_34chmod[] = "SFTP.chmod(self, path, mode_t mode)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_35chmod(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_35chmod(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_34chmod, "SFTP.chmod(self, path, mode_t mode)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_35chmod = {"chmod", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_35chmod, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_34chmod};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_35chmod(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_path = 0;
   mode_t __pyx_v_mode;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("chmod (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_path,&__pyx_n_s_mode,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,&__pyx_mstate_global->__pyx_n_u_mode,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 200, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 200, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 200, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_path)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_mode)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("chmod", 1, 2, 2, 1); __PYX_ERR(0, 198, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "chmod") < 0)) __PYX_ERR(0, 198, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "chmod", 0) < 0) __PYX_ERR(0, 200, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("chmod", 1, 2, 2, i); __PYX_ERR(0, 200, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 200, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 200, __pyx_L3_error)
     }
     __pyx_v_path = values[0];
-    __pyx_v_mode = __Pyx_PyInt_As_mode_t(values[1]); if (unlikely((__pyx_v_mode == ((mode_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 198, __pyx_L3_error)
+    __pyx_v_mode = __Pyx_PyLong_As_mode_t(values[1]); if (unlikely((__pyx_v_mode == ((mode_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 200, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("chmod", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 198, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("chmod", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 200, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.chmod", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 198, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 200, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_34chmod(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path, __pyx_v_mode);
 
@@ -5070,7 +7234,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_35chmod(PyObject *__pyx_v_self, PyObj
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5087,152 +7259,156 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_34chmod(struct __pyx_obj_3ssh_4sftp_S
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("chmod", 0);
 
-  /* "ssh/sftp.pyx":199
+  /* "ssh/sftp.pyx":201
  * 
  *     def chmod(self, path not None, c_sftp.mode_t mode):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 199, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 201, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":200
+  /* "ssh/sftp.pyx":202
  *     def chmod(self, path not None, c_sftp.mode_t mode):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 200, __pyx_L1_error)
+    __PYX_ERR(0, 202, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 200, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 202, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":202
+  /* "ssh/sftp.pyx":204
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_chmod(self._sftp, c_path, mode)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":203
+        /* "ssh/sftp.pyx":205
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_chmod(self._sftp, c_path, mode)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_rc = sftp_chmod(__pyx_v_self->_sftp, __pyx_v_c_path, __pyx_v_mode);
       }
 
-      /* "ssh/sftp.pyx":202
+      /* "ssh/sftp.pyx":204
  *         cdef const char *c_path = b_path
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_chmod(self._sftp, c_path, mode)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":204
+  /* "ssh/sftp.pyx":206
  *         with nogil:
  *             rc = c_sftp.sftp_chmod(self._sftp, c_path, mode)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":205
+    /* "ssh/sftp.pyx":207
  *             rc = c_sftp.sftp_chmod(self._sftp, c_path, mode)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 205, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 205, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 207, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 207, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 207, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 205, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 205, __pyx_L1_error)
+    __PYX_ERR(0, 207, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":204
+    /* "ssh/sftp.pyx":206
  *         with nogil:
  *             rc = c_sftp.sftp_chmod(self._sftp, c_path, mode)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":206
+  /* "ssh/sftp.pyx":208
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def utimes(self, path not None, long seconds, long microseconds):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 206, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 208, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":198
+  /* "ssh/sftp.pyx":200
  *         return rc
  * 
  *     def chmod(self, path not None, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5249,85 +7425,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_34chmod(struct __pyx_obj_3ssh_4sftp_S
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":208
+/* "ssh/sftp.pyx":210
  *         return rc
  * 
  *     def utimes(self, path not None, long seconds, long microseconds):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_37utimes(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_36utimes[] = "SFTP.utimes(self, path, long seconds, long microseconds)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_37utimes(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_37utimes(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_36utimes, "SFTP.utimes(self, path, long seconds, long microseconds)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_37utimes = {"utimes", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_37utimes, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_36utimes};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_37utimes(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_path = 0;
   long __pyx_v_seconds;
   long __pyx_v_microseconds;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("utimes (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_path,&__pyx_n_s_seconds,&__pyx_n_s_microseconds,0};
-    PyObject* values[3] = {0,0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,&__pyx_mstate_global->__pyx_n_u_seconds,&__pyx_mstate_global->__pyx_n_u_microseconds,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 210, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 210, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 210, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 210, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_path)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_seconds)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("utimes", 1, 3, 3, 1); __PYX_ERR(0, 208, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (likely((values[2] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_microseconds)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("utimes", 1, 3, 3, 2); __PYX_ERR(0, 208, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "utimes") < 0)) __PYX_ERR(0, 208, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "utimes", 0) < 0) __PYX_ERR(0, 210, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 3; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("utimes", 1, 3, 3, i); __PYX_ERR(0, 210, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 3) {
+    } else if (unlikely(__pyx_nargs != 3)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-      values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 210, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 210, __pyx_L3_error)
+      values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 210, __pyx_L3_error)
     }
     __pyx_v_path = values[0];
-    __pyx_v_seconds = __Pyx_PyInt_As_long(values[1]); if (unlikely((__pyx_v_seconds == (long)-1) && PyErr_Occurred())) __PYX_ERR(0, 208, __pyx_L3_error)
-    __pyx_v_microseconds = __Pyx_PyInt_As_long(values[2]); if (unlikely((__pyx_v_microseconds == (long)-1) && PyErr_Occurred())) __PYX_ERR(0, 208, __pyx_L3_error)
+    __pyx_v_seconds = __Pyx_PyLong_As_long(values[1]); if (unlikely((__pyx_v_seconds == (long)-1) && PyErr_Occurred())) __PYX_ERR(0, 210, __pyx_L3_error)
+    __pyx_v_microseconds = __Pyx_PyLong_As_long(values[2]); if (unlikely((__pyx_v_microseconds == (long)-1) && PyErr_Occurred())) __PYX_ERR(0, 210, __pyx_L3_error)
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("utimes", 1, 3, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 208, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("utimes", 1, 3, 3, __pyx_nargs); __PYX_ERR(0, 210, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.utimes", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 208, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 210, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_36utimes(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path, __pyx_v_seconds, __pyx_v_microseconds);
 
@@ -5335,7 +7534,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_37utimes(PyObject *__pyx_v_self, PyOb
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5353,254 +7560,252 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_36utimes(struct __pyx_obj_3ssh_4sftp_
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("utimes", 0);
 
-  /* "ssh/sftp.pyx":209
+  /* "ssh/sftp.pyx":211
  * 
  *     def utimes(self, path not None, long seconds, long microseconds):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 209, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 211, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":210
+  /* "ssh/sftp.pyx":212
  *     def utimes(self, path not None, long seconds, long microseconds):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         cdef timeval *_val
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 210, __pyx_L1_error)
+    __PYX_ERR(0, 212, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 210, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 212, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":213
+  /* "ssh/sftp.pyx":215
  *         cdef int rc
  *         cdef timeval *_val
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _val = <timeval *>malloc(sizeof(timeval))
  *             if _val is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":214
+        /* "ssh/sftp.pyx":216
  *         cdef timeval *_val
  *         with nogil:
  *             _val = <timeval *>malloc(sizeof(timeval))             # <<<<<<<<<<<<<<
  *             if _val is NULL:
  *                 with gil:
- */
+*/
         __pyx_v__val = ((struct timeval *)malloc((sizeof(struct timeval))));
 
-        /* "ssh/sftp.pyx":215
+        /* "ssh/sftp.pyx":217
  *         with nogil:
  *             _val = <timeval *>malloc(sizeof(timeval))
  *             if _val is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_3 = ((__pyx_v__val == NULL) != 0);
-        if (__pyx_t_3) {
+*/
+        __pyx_t_3 = (__pyx_v__val == NULL);
+        if (unlikely(__pyx_t_3)) {
 
-          /* "ssh/sftp.pyx":216
+          /* "ssh/sftp.pyx":218
  *             _val = <timeval *>malloc(sizeof(timeval))
  *             if _val is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             _val.tv_sec = seconds
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
-                /* "ssh/sftp.pyx":217
+                /* "ssh/sftp.pyx":219
  *             if _val is NULL:
  *                 with gil:
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             _val.tv_sec = seconds
  *             _val.tv_usec = microseconds
- */
-                PyErr_NoMemory(); __PYX_ERR(0, 217, __pyx_L8_error)
+*/
+                PyErr_NoMemory(); __PYX_ERR(0, 219, __pyx_L8_error)
               }
 
-              /* "ssh/sftp.pyx":216
+              /* "ssh/sftp.pyx":218
  *             _val = <timeval *>malloc(sizeof(timeval))
  *             if _val is NULL:
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             _val.tv_sec = seconds
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
           }
 
-          /* "ssh/sftp.pyx":215
+          /* "ssh/sftp.pyx":217
  *         with nogil:
  *             _val = <timeval *>malloc(sizeof(timeval))
  *             if _val is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
-        /* "ssh/sftp.pyx":218
+        /* "ssh/sftp.pyx":220
  *                 with gil:
  *                     raise MemoryError
  *             _val.tv_sec = seconds             # <<<<<<<<<<<<<<
  *             _val.tv_usec = microseconds
  *             rc = c_sftp.sftp_utimes(self._sftp, c_path, _val)
- */
+*/
         __pyx_v__val->tv_sec = __pyx_v_seconds;
 
-        /* "ssh/sftp.pyx":219
+        /* "ssh/sftp.pyx":221
  *                     raise MemoryError
  *             _val.tv_sec = seconds
  *             _val.tv_usec = microseconds             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_utimes(self._sftp, c_path, _val)
  *             free(_val)
- */
+*/
         __pyx_v__val->tv_usec = __pyx_v_microseconds;
 
-        /* "ssh/sftp.pyx":220
+        /* "ssh/sftp.pyx":222
  *             _val.tv_sec = seconds
  *             _val.tv_usec = microseconds
  *             rc = c_sftp.sftp_utimes(self._sftp, c_path, _val)             # <<<<<<<<<<<<<<
  *             free(_val)
  *         if rc < 0:
- */
+*/
         __pyx_v_rc = sftp_utimes(__pyx_v_self->_sftp, __pyx_v_c_path, __pyx_v__val);
 
-        /* "ssh/sftp.pyx":221
+        /* "ssh/sftp.pyx":223
  *             _val.tv_usec = microseconds
  *             rc = c_sftp.sftp_utimes(self._sftp, c_path, _val)
  *             free(_val)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         free(__pyx_v__val);
       }
 
-      /* "ssh/sftp.pyx":213
+      /* "ssh/sftp.pyx":215
  *         cdef int rc
  *         cdef timeval *_val
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _val = <timeval *>malloc(sizeof(timeval))
  *             if _val is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":222
+  /* "ssh/sftp.pyx":224
  *             rc = c_sftp.sftp_utimes(self._sftp, c_path, _val)
  *             free(_val)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":223
+    /* "ssh/sftp.pyx":225
  *             free(_val)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 223, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 223, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 225, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 225, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 225, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 223, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 223, __pyx_L1_error)
+    __PYX_ERR(0, 225, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":222
+    /* "ssh/sftp.pyx":224
  *             rc = c_sftp.sftp_utimes(self._sftp, c_path, _val)
  *             free(_val)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":224
+  /* "ssh/sftp.pyx":226
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def symlink(self, source not None, dest not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 224, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 226, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":208
+  /* "ssh/sftp.pyx":210
  *         return rc
  * 
  *     def utimes(self, path not None, long seconds, long microseconds):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5617,77 +7822,103 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_36utimes(struct __pyx_obj_3ssh_4sftp_
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":226
+/* "ssh/sftp.pyx":228
  *         return rc
  * 
  *     def symlink(self, source not None, dest not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_source = to_bytes(source)
  *         cdef const char *c_source = b_source
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_39symlink(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_38symlink[] = "SFTP.symlink(self, source, dest)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_39symlink(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_39symlink(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_38symlink, "SFTP.symlink(self, source, dest)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_39symlink = {"symlink", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_39symlink, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_38symlink};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_39symlink(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_source = 0;
   PyObject *__pyx_v_dest = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("symlink (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_source,&__pyx_n_s_dest,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_source,&__pyx_mstate_global->__pyx_n_u_dest,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 228, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 228, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 228, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_source)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_dest)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("symlink", 1, 2, 2, 1); __PYX_ERR(0, 226, __pyx_L3_error)
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "symlink") < 0)) __PYX_ERR(0, 226, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "symlink", 0) < 0) __PYX_ERR(0, 228, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("symlink", 1, 2, 2, i); __PYX_ERR(0, 228, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 2) {
+    } else if (unlikely(__pyx_nargs != 2)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
-      values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 228, __pyx_L3_error)
+      values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 228, __pyx_L3_error)
     }
     __pyx_v_source = values[0];
     __pyx_v_dest = values[1];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("symlink", 1, 2, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 226, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("symlink", 1, 2, 2, __pyx_nargs); __PYX_ERR(0, 228, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp.SFTP.symlink", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_source) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "source"); __PYX_ERR(0, 226, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "source"); __PYX_ERR(0, 228, __pyx_L1_error)
   }
   if (unlikely(((PyObject *)__pyx_v_dest) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "dest"); __PYX_ERR(0, 226, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "dest"); __PYX_ERR(0, 228, __pyx_L1_error)
   }
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_38symlink(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_source, __pyx_v_dest);
 
@@ -5695,7 +7926,15 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_39symlink(PyObject *__pyx_v_self, PyO
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5715,178 +7954,182 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_38symlink(struct __pyx_obj_3ssh_4sftp
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
   PyObject *__pyx_t_7 = NULL;
+  size_t __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("symlink", 0);
 
-  /* "ssh/sftp.pyx":227
+  /* "ssh/sftp.pyx":229
  * 
  *     def symlink(self, source not None, dest not None):
  *         cdef bytes b_source = to_bytes(source)             # <<<<<<<<<<<<<<
  *         cdef const char *c_source = b_source
  *         cdef bytes b_dest = to_bytes(dest)
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_source); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 227, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_source); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 229, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_source = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":228
+  /* "ssh/sftp.pyx":230
  *     def symlink(self, source not None, dest not None):
  *         cdef bytes b_source = to_bytes(source)
  *         cdef const char *c_source = b_source             # <<<<<<<<<<<<<<
  *         cdef bytes b_dest = to_bytes(dest)
  *         cdef const char *c_dest = b_dest
- */
+*/
   if (unlikely(__pyx_v_b_source == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 228, __pyx_L1_error)
+    __PYX_ERR(0, 230, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_source); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 228, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_source); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 230, __pyx_L1_error)
   __pyx_v_c_source = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":229
+  /* "ssh/sftp.pyx":231
  *         cdef bytes b_source = to_bytes(source)
  *         cdef const char *c_source = b_source
  *         cdef bytes b_dest = to_bytes(dest)             # <<<<<<<<<<<<<<
  *         cdef const char *c_dest = b_dest
  *         cdef int rc
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_dest); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 229, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_dest); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 231, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_dest = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":230
+  /* "ssh/sftp.pyx":232
  *         cdef const char *c_source = b_source
  *         cdef bytes b_dest = to_bytes(dest)
  *         cdef const char *c_dest = b_dest             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_b_dest == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 230, __pyx_L1_error)
+    __PYX_ERR(0, 232, __pyx_L1_error)
   }
-  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_dest); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 230, __pyx_L1_error)
+  __pyx_t_3 = __Pyx_PyBytes_AsString(__pyx_v_b_dest); if (unlikely((!__pyx_t_3) && PyErr_Occurred())) __PYX_ERR(0, 232, __pyx_L1_error)
   __pyx_v_c_dest = __pyx_t_3;
 
-  /* "ssh/sftp.pyx":232
+  /* "ssh/sftp.pyx":234
  *         cdef const char *c_dest = b_dest
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_symlink(self._sftp, c_source, c_dest)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":233
+        /* "ssh/sftp.pyx":235
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_symlink(self._sftp, c_source, c_dest)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_rc = sftp_symlink(__pyx_v_self->_sftp, __pyx_v_c_source, __pyx_v_c_dest);
       }
 
-      /* "ssh/sftp.pyx":232
+      /* "ssh/sftp.pyx":234
  *         cdef const char *c_dest = b_dest
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_symlink(self._sftp, c_source, c_dest)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":234
+  /* "ssh/sftp.pyx":236
  *         with nogil:
  *             rc = c_sftp.sftp_symlink(self._sftp, c_source, c_dest)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
-  __pyx_t_4 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_4 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_4)) {
 
-    /* "ssh/sftp.pyx":235
+    /* "ssh/sftp.pyx":237
  *             rc = c_sftp.sftp_symlink(self._sftp, c_source, c_dest)
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 235, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 235, __pyx_L1_error)
+*/
+    __pyx_t_5 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_6, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 237, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_6);
-    __pyx_t_7 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_5))) {
-      __pyx_t_7 = PyMethod_GET_SELF(__pyx_t_5);
-      if (likely(__pyx_t_7)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_5);
-        __Pyx_INCREF(__pyx_t_7);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_5, function);
-      }
+    __pyx_t_7 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 237, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_7);
+    __pyx_t_8 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_6))) {
+      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_6);
+      assert(__pyx_t_5);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_6);
+      __Pyx_INCREF(__pyx_t_5);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_6, __pyx__function);
+      __pyx_t_8 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_5, __pyx_t_7};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_6, __pyx_callargs+__pyx_t_8, (2-__pyx_t_8) | (__pyx_t_8*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 237, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_7) ? __Pyx_PyObject_Call2Args(__pyx_t_5, __pyx_t_7, __pyx_t_6) : __Pyx_PyObject_CallOneArg(__pyx_t_5, __pyx_t_6);
-    __Pyx_XDECREF(__pyx_t_7); __pyx_t_7 = 0;
-    __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 235, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 235, __pyx_L1_error)
+    __PYX_ERR(0, 237, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":234
+    /* "ssh/sftp.pyx":236
  *         with nogil:
  *             rc = c_sftp.sftp_symlink(self._sftp, c_source, c_dest)
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":236
+  /* "ssh/sftp.pyx":238
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def readlink(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 236, __pyx_L1_error)
+  __pyx_t_1 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 238, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":226
+  /* "ssh/sftp.pyx":228
  *         return rc
  * 
  *     def symlink(self, source not None, dest not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_source = to_bytes(source)
  *         cdef const char *c_source = b_source
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5904,34 +8147,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_38symlink(struct __pyx_obj_3ssh_4sftp
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":238
+/* "ssh/sftp.pyx":240
  *         return rc
  * 
  *     def readlink(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_41readlink(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_40readlink[] = "SFTP.readlink(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_41readlink(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_41readlink(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_40readlink, "SFTP.readlink(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_41readlink = {"readlink", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_41readlink, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_40readlink};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_41readlink(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("readlink (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 240, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 240, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "readlink", 0) < 0) __PYX_ERR(0, 240, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("readlink", 1, 1, 1, i); __PYX_ERR(0, 240, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 240, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("readlink", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 240, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.readlink", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 238, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 240, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_40readlink(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_40readlink(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5949,166 +8266,170 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_40readlink(struct __pyx_obj_3ssh_4sft
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
-  char const *__pyx_t_7;
+  size_t __pyx_t_7;
+  char const *__pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("readlink", 0);
 
-  /* "ssh/sftp.pyx":239
+  /* "ssh/sftp.pyx":241
  * 
  *     def readlink(self, path not None):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef char *_link
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 239, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 241, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":240
+  /* "ssh/sftp.pyx":242
  *     def readlink(self, path not None):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef char *_link
  *         cdef bytes b_link
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 240, __pyx_L1_error)
+    __PYX_ERR(0, 242, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 240, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 242, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":243
+  /* "ssh/sftp.pyx":245
  *         cdef char *_link
  *         cdef bytes b_link
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _link = c_sftp.sftp_readlink(self._sftp, c_path)
  *         if _link is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":244
+        /* "ssh/sftp.pyx":246
  *         cdef bytes b_link
  *         with nogil:
  *             _link = c_sftp.sftp_readlink(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if _link is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v__link = sftp_readlink(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":243
+      /* "ssh/sftp.pyx":245
  *         cdef char *_link
  *         cdef bytes b_link
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _link = c_sftp.sftp_readlink(self._sftp, c_path)
  *         if _link is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":245
+  /* "ssh/sftp.pyx":247
  *         with nogil:
  *             _link = c_sftp.sftp_readlink(self._sftp, c_path)
  *         if _link is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_link = _link
- */
-  __pyx_t_3 = ((__pyx_v__link == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v__link == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":246
+    /* "ssh/sftp.pyx":248
  *             _link = c_sftp.sftp_readlink(self._sftp, c_path)
  *         if _link is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         b_link = _link
  *         return to_str(b_link)
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 246, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 246, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 248, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 248, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 248, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 246, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 246, __pyx_L1_error)
+    __PYX_ERR(0, 248, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":245
+    /* "ssh/sftp.pyx":247
  *         with nogil:
  *             _link = c_sftp.sftp_readlink(self._sftp, c_path)
  *         if _link is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_link = _link
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":247
+  /* "ssh/sftp.pyx":249
  *         if _link is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_link = _link             # <<<<<<<<<<<<<<
  *         return to_str(b_link)
  * 
- */
-  __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v__link); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 247, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v__link); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 249, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_link = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":248
+  /* "ssh/sftp.pyx":250
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_link = _link
  *         return to_str(b_link)             # <<<<<<<<<<<<<<
  * 
  *     def statvfs(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_7 = __Pyx_PyBytes_AsString(__pyx_v_b_link); if (unlikely((!__pyx_t_7) && PyErr_Occurred())) __PYX_ERR(0, 248, __pyx_L1_error)
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_str(__pyx_t_7); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 248, __pyx_L1_error)
+  __pyx_t_8 = __Pyx_PyBytes_AsString(__pyx_v_b_link); if (unlikely((!__pyx_t_8) && PyErr_Occurred())) __PYX_ERR(0, 250, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_str(__pyx_t_8); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 250, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":238
+  /* "ssh/sftp.pyx":240
  *         return rc
  * 
  *     def readlink(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6126,34 +8447,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_40readlink(struct __pyx_obj_3ssh_4sft
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":250
+/* "ssh/sftp.pyx":252
  *         return to_str(b_link)
  * 
  *     def statvfs(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_43statvfs(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_42statvfs[] = "SFTP.statvfs(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_43statvfs(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_43statvfs(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_42statvfs, "SFTP.statvfs(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_43statvfs = {"statvfs", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_43statvfs, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_42statvfs};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_43statvfs(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("statvfs (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 252, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 252, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "statvfs", 0) < 0) __PYX_ERR(0, 252, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("statvfs", 1, 1, 1, i); __PYX_ERR(0, 252, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 252, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("statvfs", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 252, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.statvfs", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 250, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 252, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_42statvfs(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_42statvfs(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -6171,162 +8566,166 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_42statvfs(struct __pyx_obj_3ssh_4sftp
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("statvfs", 0);
 
-  /* "ssh/sftp.pyx":251
+  /* "ssh/sftp.pyx":253
  * 
  *     def statvfs(self, path not None):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef SFTPStatVFS vfs
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 251, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 253, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":252
+  /* "ssh/sftp.pyx":254
  *     def statvfs(self, path not None):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef SFTPStatVFS vfs
  *         cdef c_sftp.sftp_statvfs_t c_vfs
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 252, __pyx_L1_error)
+    __PYX_ERR(0, 254, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 252, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 254, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":255
+  /* "ssh/sftp.pyx":257
  *         cdef SFTPStatVFS vfs
  *         cdef c_sftp.sftp_statvfs_t c_vfs
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_vfs = c_sftp.sftp_statvfs(self._sftp, c_path)
  *         if c_vfs is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":256
+        /* "ssh/sftp.pyx":258
  *         cdef c_sftp.sftp_statvfs_t c_vfs
  *         with nogil:
  *             c_vfs = c_sftp.sftp_statvfs(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if c_vfs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v_c_vfs = sftp_statvfs(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":255
+      /* "ssh/sftp.pyx":257
  *         cdef SFTPStatVFS vfs
  *         cdef c_sftp.sftp_statvfs_t c_vfs
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_vfs = c_sftp.sftp_statvfs(self._sftp, c_path)
  *         if c_vfs is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":257
+  /* "ssh/sftp.pyx":259
  *         with nogil:
  *             c_vfs = c_sftp.sftp_statvfs(self._sftp, c_path)
  *         if c_vfs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self)
- */
-  __pyx_t_3 = ((__pyx_v_c_vfs == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_c_vfs == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":258
+    /* "ssh/sftp.pyx":260
  *             c_vfs = c_sftp.sftp_statvfs(self._sftp, c_path)
  *         if c_vfs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self)
  *         return vfs
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 258, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 258, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 260, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 260, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 260, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 258, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 258, __pyx_L1_error)
+    __PYX_ERR(0, 260, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":257
+    /* "ssh/sftp.pyx":259
  *         with nogil:
  *             c_vfs = c_sftp.sftp_statvfs(self._sftp, c_path)
  *         if c_vfs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self)
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":259
+  /* "ssh/sftp.pyx":261
  *         if c_vfs is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self)             # <<<<<<<<<<<<<<
  *         return vfs
  * 
- */
-  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS->from_ptr(__pyx_v_c_vfs, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 259, __pyx_L1_error)
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS->from_ptr(__pyx_v_c_vfs, __pyx_v_self)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 261, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_vfs = ((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":260
+  /* "ssh/sftp.pyx":262
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self)
  *         return vfs             # <<<<<<<<<<<<<<
  * 
  *     def canonicalize_path(self, path not None):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_vfs));
+  __Pyx_INCREF((PyObject *)__pyx_v_vfs);
   __pyx_r = ((PyObject *)__pyx_v_vfs);
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":250
+  /* "ssh/sftp.pyx":252
  *         return to_str(b_link)
  * 
  *     def statvfs(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6344,34 +8743,108 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_42statvfs(struct __pyx_obj_3ssh_4sftp
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":262
+/* "ssh/sftp.pyx":264
  *         return vfs
  * 
  *     def canonicalize_path(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path(PyObject *__pyx_v_self, PyObject *__pyx_v_path); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_44canonicalize_path[] = "SFTP.canonicalize_path(self, path)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path(PyObject *__pyx_v_self, PyObject *__pyx_v_path) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_44canonicalize_path, "SFTP.canonicalize_path(self, path)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_45canonicalize_path = {"canonicalize_path", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_44canonicalize_path};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_path = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("canonicalize_path (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_path,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 264, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 264, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "canonicalize_path", 0) < 0) __PYX_ERR(0, 264, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("canonicalize_path", 1, 1, 1, i); __PYX_ERR(0, 264, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 264, __pyx_L3_error)
+    }
+    __pyx_v_path = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("canonicalize_path", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 264, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.canonicalize_path", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(((PyObject *)__pyx_v_path) == Py_None)) {
-    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 262, __pyx_L1_error)
+    PyErr_Format(PyExc_TypeError, "Argument '%.200s' must not be None", "path"); __PYX_ERR(0, 264, __pyx_L1_error)
   }
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_44canonicalize_path(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v_path));
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_44canonicalize_path(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v_path);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -6389,166 +8862,170 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_44canonicalize_path(struct __pyx_obj_
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
-  char const *__pyx_t_7;
+  size_t __pyx_t_7;
+  char const *__pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("canonicalize_path", 0);
 
-  /* "ssh/sftp.pyx":263
+  /* "ssh/sftp.pyx":265
  * 
  *     def canonicalize_path(self, path not None):
  *         cdef bytes b_path = to_bytes(path)             # <<<<<<<<<<<<<<
  *         cdef const char *c_path = b_path
  *         cdef char *_rpath
- */
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 263, __pyx_L1_error)
+*/
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_bytes(__pyx_v_path); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 265, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_path = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":264
+  /* "ssh/sftp.pyx":266
  *     def canonicalize_path(self, path not None):
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path             # <<<<<<<<<<<<<<
  *         cdef char *_rpath
  *         cdef bytes b_rpath
- */
+*/
   if (unlikely(__pyx_v_b_path == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
-    __PYX_ERR(0, 264, __pyx_L1_error)
+    __PYX_ERR(0, 266, __pyx_L1_error)
   }
-  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 264, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_AsString(__pyx_v_b_path); if (unlikely((!__pyx_t_2) && PyErr_Occurred())) __PYX_ERR(0, 266, __pyx_L1_error)
   __pyx_v_c_path = __pyx_t_2;
 
-  /* "ssh/sftp.pyx":267
+  /* "ssh/sftp.pyx":269
  *         cdef char *_rpath
  *         cdef bytes b_rpath
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _rpath = c_sftp.sftp_canonicalize_path(self._sftp, c_path)
  *         if _rpath is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":268
+        /* "ssh/sftp.pyx":270
  *         cdef bytes b_rpath
  *         with nogil:
  *             _rpath = c_sftp.sftp_canonicalize_path(self._sftp, c_path)             # <<<<<<<<<<<<<<
  *         if _rpath is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
- */
+*/
         __pyx_v__rpath = sftp_canonicalize_path(__pyx_v_self->_sftp, __pyx_v_c_path);
       }
 
-      /* "ssh/sftp.pyx":267
+      /* "ssh/sftp.pyx":269
  *         cdef char *_rpath
  *         cdef bytes b_rpath
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _rpath = c_sftp.sftp_canonicalize_path(self._sftp, c_path)
  *         if _rpath is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":269
+  /* "ssh/sftp.pyx":271
  *         with nogil:
  *             _rpath = c_sftp.sftp_canonicalize_path(self._sftp, c_path)
  *         if _rpath is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_rpath = _rpath
- */
-  __pyx_t_3 = ((__pyx_v__rpath == NULL) != 0);
+*/
+  __pyx_t_3 = (__pyx_v__rpath == NULL);
   if (unlikely(__pyx_t_3)) {
 
-    /* "ssh/sftp.pyx":270
+    /* "ssh/sftp.pyx":272
  *             _rpath = c_sftp.sftp_canonicalize_path(self._sftp, c_path)
  *         if _rpath is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))             # <<<<<<<<<<<<<<
  *         b_rpath = _rpath
  *         return to_str(b_rpath)
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 270, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 270, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 272, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 272, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_6);
+    __pyx_t_7 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_7 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (__pyx_t_7*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 272, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 270, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __PYX_ERR(0, 270, __pyx_L1_error)
+    __PYX_ERR(0, 272, __pyx_L1_error)
 
-    /* "ssh/sftp.pyx":269
+    /* "ssh/sftp.pyx":271
  *         with nogil:
  *             _rpath = c_sftp.sftp_canonicalize_path(self._sftp, c_path)
  *         if _rpath is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_rpath = _rpath
- */
+*/
   }
 
-  /* "ssh/sftp.pyx":271
+  /* "ssh/sftp.pyx":273
  *         if _rpath is NULL:
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_rpath = _rpath             # <<<<<<<<<<<<<<
  *         return to_str(b_rpath)
  * 
- */
-  __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v__rpath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 271, __pyx_L1_error)
+*/
+  __pyx_t_1 = __Pyx_PyBytes_FromString(__pyx_v__rpath); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 273, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v_b_rpath = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
 
-  /* "ssh/sftp.pyx":272
+  /* "ssh/sftp.pyx":274
  *             raise SFTPError(ssh_get_error(self.session._session))
  *         b_rpath = _rpath
  *         return to_str(b_rpath)             # <<<<<<<<<<<<<<
  * 
  *     def server_version(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_7 = __Pyx_PyBytes_AsString(__pyx_v_b_rpath); if (unlikely((!__pyx_t_7) && PyErr_Occurred())) __PYX_ERR(0, 272, __pyx_L1_error)
-  __pyx_t_1 = __pyx_f_3ssh_5utils_to_str(__pyx_t_7); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 272, __pyx_L1_error)
+  __pyx_t_8 = __Pyx_PyBytes_AsString(__pyx_v_b_rpath); if (unlikely((!__pyx_t_8) && PyErr_Occurred())) __PYX_ERR(0, 274, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_to_str(__pyx_t_8); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 274, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_r = __pyx_t_1;
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":262
+  /* "ssh/sftp.pyx":264
  *         return vfs
  * 
  *     def canonicalize_path(self, path not None):             # <<<<<<<<<<<<<<
  *         cdef bytes b_path = to_bytes(path)
  *         cdef const char *c_path = b_path
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6566,21 +9043,50 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_44canonicalize_path(struct __pyx_obj_
   return __pyx_r;
 }
 
-/* "ssh/sftp.pyx":274
+/* "ssh/sftp.pyx":276
  *         return to_str(b_rpath)
  * 
  *     def server_version(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_47server_version(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_46server_version[] = "SFTP.server_version(self)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_47server_version(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_47server_version(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_46server_version, "SFTP.server_version(self)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_47server_version = {"server_version", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_47server_version, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_46server_version};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_47server_version(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("server_version (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("server_version", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("server_version", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_46server_version(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -6599,69 +9105,66 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_46server_version(struct __pyx_obj_3ss
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("server_version", 0);
 
-  /* "ssh/sftp.pyx":276
+  /* "ssh/sftp.pyx":278
  *     def server_version(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_server_version(self._sftp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
-        /* "ssh/sftp.pyx":277
+        /* "ssh/sftp.pyx":279
  *         cdef int rc
  *         with nogil:
  *             rc = c_sftp.sftp_server_version(self._sftp)             # <<<<<<<<<<<<<<
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
         __pyx_v_rc = sftp_server_version(__pyx_v_self->_sftp);
       }
 
-      /* "ssh/sftp.pyx":276
+      /* "ssh/sftp.pyx":278
  *     def server_version(self):
  *         cdef int rc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_server_version(self._sftp)
  *         return handle_error_codes(rc, self.session._session)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
       }
   }
 
-  /* "ssh/sftp.pyx":278
+  /* "ssh/sftp.pyx":280
  *         with nogil:
  *             rc = c_sftp.sftp_server_version(self._sftp)
  *         return handle_error_codes(rc, self.session._session)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 278, __pyx_L1_error)
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 278, __pyx_L1_error)
+  __pyx_t_1 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_rc, __pyx_v_self->session->_session); if (unlikely(__pyx_t_1 == ((int)-1))) __PYX_ERR(0, 280, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 280, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp.pyx":274
+  /* "ssh/sftp.pyx":276
  *         return to_str(b_rpath)
  * 
  *     def server_version(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6680,14 +9183,16 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_46server_version(struct __pyx_obj_3ss
  *     cdef readonly Session session             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_7session_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_7session_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_7session___get__(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -6700,7 +9205,7 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_7session___get__(struct __pyx_obj_3ss
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->session));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->session);
   __pyx_r = ((PyObject *)__pyx_v_self->session);
   goto __pyx_L0;
 
@@ -6713,17 +9218,46 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_7session___get__(struct __pyx_obj_3ss
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_48__reduce_cython__[] = "SFTP.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_48__reduce_cython__, "SFTP.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_49__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_48__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_48__reduce_cython__(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self));
 
   /* function exit code */
@@ -6734,7 +9268,6 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__(PyObject *__pyx_v
 static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_48__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -6742,25 +9275,21 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_48__reduce_cython__(CYTHON_UNUSED str
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__sftp_cannot_be_converted_t, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp.SFTP.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -6770,21 +9299,93 @@ static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_48__reduce_cython__(CYTHON_UNUSED str
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_4sftp_4SFTP_50__setstate_cython__[] = "SFTP.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_4sftp_4SFTP_50__setstate_cython__, "SFTP.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_4sftp_4SFTP_51__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_50__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_50__setstate_cython__(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp.SFTP.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_4sftp_4SFTP_50__setstate_cython__(((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -6792,50 +9393,51 @@ static PyObject *__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__(PyObject *__pyx
 static PyObject *__pyx_pf_3ssh_4sftp_4SFTP_50__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__sftp_cannot_be_converted_t, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp.SFTP.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_4sftp_SFTP __pyx_vtable_3ssh_4sftp_SFTP;
 
 static PyObject *__pyx_tp_new_3ssh_4sftp_SFTP(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_4sftp_SFTP *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_4sftp_SFTP *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_4sftp_SFTP;
   p->session = ((struct __pyx_obj_3ssh_7session_Session *)Py_None); Py_INCREF(Py_None);
@@ -6845,8 +9447,10 @@ static PyObject *__pyx_tp_new_3ssh_4sftp_SFTP(PyTypeObject *t, CYTHON_UNUSED PyO
 static void __pyx_tp_dealloc_3ssh_4sftp_SFTP(PyObject *o) {
   struct __pyx_obj_3ssh_4sftp_SFTP *p = (struct __pyx_obj_3ssh_4sftp_SFTP *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_4sftp_SFTP) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -6859,12 +9463,23 @@ static void __pyx_tp_dealloc_3ssh_4sftp_SFTP(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->session);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_4sftp_SFTP(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_4sftp_SFTP *p = (struct __pyx_obj_3ssh_4sftp_SFTP *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->session) {
     e = (*v)(((PyObject *)p->session), a); if (e) return e;
   }
@@ -6885,42 +9500,60 @@ static PyObject *__pyx_getprop_3ssh_4sftp_4SFTP_session(PyObject *o, CYTHON_UNUS
 }
 
 static PyMethodDef __pyx_methods_3ssh_4sftp_SFTP[] = {
-  {"init", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_3init, METH_NOARGS, __pyx_doc_3ssh_4sftp_4SFTP_2init},
-  {"get_error", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_5get_error, METH_NOARGS, __pyx_doc_3ssh_4sftp_4SFTP_4get_error},
-  {"extensions_get_count", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count, METH_NOARGS, __pyx_doc_3ssh_4sftp_4SFTP_6extensions_get_count},
-  {"extensions_get_name", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_8extensions_get_name},
-  {"extensions_get_data", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_10extensions_get_data},
-  {"extension_supported", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_12extension_supported},
-  {"opendir", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_15opendir, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_14opendir},
-  {"stat", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_17stat, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_16stat},
-  {"lstat", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_19lstat, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_18lstat},
-  {"open", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_21open, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_20open},
-  {"unlink", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_23unlink, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_22unlink},
-  {"rmdir", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_25rmdir, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_24rmdir},
-  {"mkdir", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_27mkdir, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_26mkdir},
-  {"rename", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_29rename, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_28rename},
-  {"setstat", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_31setstat, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_30setstat},
-  {"chown", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_33chown, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_32chown},
-  {"chmod", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_35chmod, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_34chmod},
-  {"utimes", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_37utimes, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_36utimes},
-  {"symlink", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_39symlink, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_38symlink},
-  {"readlink", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_41readlink, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_40readlink},
-  {"statvfs", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_43statvfs, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_42statvfs},
-  {"canonicalize_path", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_44canonicalize_path},
-  {"server_version", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_47server_version, METH_NOARGS, __pyx_doc_3ssh_4sftp_4SFTP_46server_version},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_4sftp_4SFTP_48__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__, METH_O, __pyx_doc_3ssh_4sftp_4SFTP_50__setstate_cython__},
+  {"init", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_3init, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_2init},
+  {"get_error", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_5get_error, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_4get_error},
+  {"extensions_get_count", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_7extensions_get_count, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_6extensions_get_count},
+  {"extensions_get_name", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_9extensions_get_name, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_8extensions_get_name},
+  {"extensions_get_data", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_11extensions_get_data, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_10extensions_get_data},
+  {"extension_supported", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_13extension_supported, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_12extension_supported},
+  {"opendir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_15opendir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_14opendir},
+  {"stat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_17stat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_16stat},
+  {"lstat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_19lstat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_18lstat},
+  {"open", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_21open, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_20open},
+  {"unlink", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_23unlink, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_22unlink},
+  {"rmdir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_25rmdir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_24rmdir},
+  {"mkdir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_27mkdir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_26mkdir},
+  {"rename", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_29rename, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_28rename},
+  {"setstat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_31setstat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_30setstat},
+  {"chown", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_33chown, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_32chown},
+  {"chmod", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_35chmod, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_34chmod},
+  {"utimes", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_37utimes, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_36utimes},
+  {"symlink", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_39symlink, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_38symlink},
+  {"readlink", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_41readlink, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_40readlink},
+  {"statvfs", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_43statvfs, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_42statvfs},
+  {"canonicalize_path", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_45canonicalize_path, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_44canonicalize_path},
+  {"server_version", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_47server_version, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_46server_version},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_49__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_48__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_4sftp_4SFTP_51__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_4sftp_4SFTP_50__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_4sftp_SFTP[] = {
-  {(char *)"session", __pyx_getprop_3ssh_4sftp_4SFTP_session, 0, (char *)0, 0},
+  {"session", __pyx_getprop_3ssh_4sftp_4SFTP_session, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_4sftp_SFTP_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_4sftp_SFTP},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_4sftp_SFTP},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_4sftp_SFTP},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_4sftp_SFTP},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_4sftp_SFTP},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_4sftp_SFTP},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_4sftp_SFTP_spec = {
+  "ssh.sftp.SFTP",
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_4sftp_SFTP_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_4sftp_SFTP = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.sftp.SFTP", /*tp_name*/
+  "ssh.sftp.""SFTP", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_4sftp_SFTP, /*tp_dealloc*/
@@ -6932,12 +9565,7 @@ static PyTypeObject __pyx_type_3ssh_4sftp_SFTP = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -6963,7 +9591,9 @@ static PyTypeObject __pyx_type_3ssh_4sftp_SFTP = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_4sftp_SFTP, /*tp_new*/
@@ -6976,179 +9606,77 @@ static PyTypeObject __pyx_type_3ssh_4sftp_SFTP = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_sftp(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "sftp",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTP, __pyx_k_SFTP, sizeof(__pyx_k_SFTP), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPError, __pyx_k_SFTPError, sizeof(__pyx_k_SFTPError), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPHandleError, __pyx_k_SFTPHandleError, sizeof(__pyx_k_SFTPHandleError), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_accesstype, __pyx_k_accesstype, sizeof(__pyx_k_accesstype), 0, 0, 1, 1},
-  {&__pyx_n_s_attr, __pyx_k_attr, sizeof(__pyx_k_attr), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_data, __pyx_k_data, sizeof(__pyx_k_data), 0, 0, 1, 1},
-  {&__pyx_n_s_dest, __pyx_k_dest, sizeof(__pyx_k_dest), 0, 0, 1, 1},
-  {&__pyx_n_s_exceptions, __pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_group, __pyx_k_group, sizeof(__pyx_k_group), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_microseconds, __pyx_k_microseconds, sizeof(__pyx_k_microseconds), 0, 0, 1, 1},
-  {&__pyx_n_s_mode, __pyx_k_mode, sizeof(__pyx_k_mode), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_name_2, __pyx_k_name_2, sizeof(__pyx_k_name_2), 0, 0, 1, 1},
-  {&__pyx_n_s_newname, __pyx_k_newname, sizeof(__pyx_k_newname), 0, 0, 1, 1},
-  {&__pyx_n_s_original, __pyx_k_original, sizeof(__pyx_k_original), 0, 0, 1, 1},
-  {&__pyx_n_s_owner, __pyx_k_owner, sizeof(__pyx_k_owner), 0, 0, 1, 1},
-  {&__pyx_n_s_path, __pyx_k_path, sizeof(__pyx_k_path), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_seconds, __pyx_k_seconds, sizeof(__pyx_k_seconds), 0, 0, 1, 1},
-  {&__pyx_kp_s_self__sftp_cannot_be_converted_t, __pyx_k_self__sftp_cannot_be_converted_t, sizeof(__pyx_k_self__sftp_cannot_be_converted_t), 0, 0, 1, 0},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_source, __pyx_k_source, sizeof(__pyx_k_source), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 217, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_self__sftp_cannot_be_converted_t); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._sftp cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_self__sftp_cannot_be_converted_t); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -7156,17 +9684,26 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_4sftp_SFTP = &__pyx_vtable_3ssh_4sftp_SFTP;
   __pyx_vtable_3ssh_4sftp_SFTP.from_ptr = (struct __pyx_obj_3ssh_4sftp_SFTP *(*)(sftp_session, struct __pyx_obj_3ssh_7session_Session *))__pyx_f_3ssh_4sftp_4SFTP_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_4sftp_SFTP.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_4sftp_SFTP_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP)) __PYX_ERR(0, 30, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_4sftp_SFTP_spec, __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP = &__pyx_type_3ssh_4sftp_SFTP;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_4sftp_SFTP.tp_dictoffset && __pyx_type_3ssh_4sftp_SFTP.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_4sftp_SFTP.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_4sftp_SFTP.tp_dict, __pyx_vtabptr_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SFTP, (PyObject *)&__pyx_type_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
-  __pyx_ptype_3ssh_4sftp_SFTP = &__pyx_type_3ssh_4sftp_SFTP;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_vtabptr_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SFTP, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) < 0) __PYX_ERR(0, 30, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -7174,8 +9711,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -7184,29 +9722,64 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp_attributes"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = __Pyx_ImportType(__pyx_t_1, "ssh.sftp_attributes", "SFTPAttributes", sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) __PYX_ERR(3, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes = (struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes*)__Pyx_GetVtable(__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes)) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp_attributes", "SFTPAttributes",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  #else
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes = (struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes); if (unlikely(!__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes)) __PYX_ERR(3, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp_handles"); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 23, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_12sftp_handles_SFTPFile = __Pyx_ImportType(__pyx_t_1, "ssh.sftp_handles", "SFTPFile", sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_12sftp_handles_SFTPFile) __PYX_ERR(4, 23, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_12sftp_handles_SFTPFile = (struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile*)__Pyx_GetVtable(__pyx_ptype_3ssh_12sftp_handles_SFTPFile->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_handles_SFTPFile)) __PYX_ERR(4, 23, __pyx_L1_error)
-  __pyx_ptype_3ssh_12sftp_handles_SFTPDir = __Pyx_ImportType(__pyx_t_1, "ssh.sftp_handles", "SFTPDir", sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_12sftp_handles_SFTPDir) __PYX_ERR(4, 32, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_12sftp_handles_SFTPDir = (struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir*)__Pyx_GetVtable(__pyx_ptype_3ssh_12sftp_handles_SFTPDir->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_handles_SFTPDir)) __PYX_ERR(4, 32, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp_handles", "SFTPFile",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile),
+  #else
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile) __PYX_ERR(4, 23, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_12sftp_handles_SFTPFile = (struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_handles_SFTPFile)) __PYX_ERR(4, 23, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp_handles", "SFTPDir",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir),
+  #else
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir) __PYX_ERR(4, 32, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_12sftp_handles_SFTPDir = (struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_handles_SFTPDir)) __PYX_ERR(4, 32, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp_statvfs"); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = __Pyx_ImportType(__pyx_t_1, "ssh.sftp_statvfs", "SFTPStatVFS", sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) __PYX_ERR(5, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS = (struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS*)__Pyx_GetVtable(__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS)) __PYX_ERR(5, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp_statvfs", "SFTPStatVFS",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  #else
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) __PYX_ERR(5, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS = (struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS)) __PYX_ERR(5, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -7216,16 +9789,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -7234,9 +9809,9 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (__Pyx_ImportFunction(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_to_bytes, "PyObject *(PyObject *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "to_str", (void (**)(void))&__pyx_f_3ssh_5utils_to_str, "PyObject *(char const *)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "handle_error_codes", (void (**)(void))&__pyx_f_3ssh_5utils_handle_error_codes, "int (int, ssh_session)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -7246,50 +9821,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_sftp(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "sftp",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initsftp(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initsftp(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_sftp(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_sftp(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -7297,7 +9943,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -7312,10 +9960,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -7338,10 +9989,15 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -7352,9 +10008,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp(PyObject *__pyx_pyinit_module
     PyErr_SetString(PyExc_RuntimeError, "Module 'sftp' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "sftp" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -7364,138 +10048,412 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_sftp(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_sftp", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("sftp", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__sftp) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name_2, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name_2, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.sftp")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.sftp", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.sftp", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/sftp.pyx":24
- * from sftp_statvfs cimport SFTPStatVFS
- * from utils cimport handle_error_codes, to_bytes, to_str
+ * from .sftp_statvfs cimport SFTPStatVFS
+ * from .utils cimport handle_error_codes, to_bytes, to_str
  * from .exceptions import SFTPError, SFTPHandleError             # <<<<<<<<<<<<<<
  * 
- * from c_ssh cimport ssh_get_error, ssh_get_error_code, timeval
- */
-  __pyx_t_1 = PyList_New(2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 24, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(__pyx_n_s_SFTPError);
-  __Pyx_GIVEREF(__pyx_n_s_SFTPError);
-  PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_SFTPError);
-  __Pyx_INCREF(__pyx_n_s_SFTPHandleError);
-  __Pyx_GIVEREF(__pyx_n_s_SFTPHandleError);
-  PyList_SET_ITEM(__pyx_t_1, 1, __pyx_n_s_SFTPHandleError);
-  __pyx_t_2 = __Pyx_Import(__pyx_n_s_exceptions, __pyx_t_1, 1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 24, __pyx_L1_error)
+ * from .c_ssh cimport ssh_get_error, ssh_get_error_code, timeval
+*/
+  __pyx_t_2 = __Pyx_PyList_Pack(2, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 24, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 24, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SFTPError, __pyx_t_1) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 24, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SFTPHandleError, __pyx_t_1) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_exceptions, __pyx_t_2, 1); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 24, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-
-  /* "ssh/sftp.pyx":1
- * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
- * # Copyright (C) 2018 Panos Kittenis
- * #
- */
-  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 24, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_t_2) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 24, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SFTPHandleError, __pyx_t_2) < 0) __PYX_ERR(0, 24, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  /*--- Wrapped vars code ---*/
+  /* "ssh/sftp.pyx":44
+ *             self._sftp = NULL
+ * 
+ *     def init(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         if self._sftp is NULL or not self.session:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_3init, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_init, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 44, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_init, __pyx_t_3) < 0) __PYX_ERR(0, 44, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
-  goto __pyx_L0;
-  __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
-  if (__pyx_m) {
-    if (__pyx_d) {
-      __Pyx_AddTraceback("init ssh.sftp", __pyx_clineno, __pyx_lineno, __pyx_filename);
-    }
+  /* "ssh/sftp.pyx":52
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def get_error(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_5get_error, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_get_error, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_get_error, __pyx_t_3) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":58
+ *         return rc
+ * 
+ *     def extensions_get_count(self):             # <<<<<<<<<<<<<<
+ *         cdef unsigned int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_7extensions_get_count, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_extensions_get_count, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_extensions_get_count, __pyx_t_3) < 0) __PYX_ERR(0, 58, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":64
+ *         return rc
+ * 
+ *     def extensions_get_name(self, unsigned int indexn):             # <<<<<<<<<<<<<<
+ *         cdef const char *_name
+ *         cdef bytes name = None
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_9extensions_get_name, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_extensions_get_name, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_extensions_get_name, __pyx_t_3) < 0) __PYX_ERR(0, 64, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":73
+ *         return name
+ * 
+ *     def extensions_get_data(self, unsigned int indexn):             # <<<<<<<<<<<<<<
+ *         cdef const char *_name
+ *         cdef bytes name = None
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_11extensions_get_data, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_extensions_get_data, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_extensions_get_data, __pyx_t_3) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":82
+ *         return name
+ * 
+ *     def extension_supported(self, name not None, data not None):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         cdef bytes b_name = to_bytes(name)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_13extension_supported, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_extension_supported, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_extension_supported, __pyx_t_3) < 0) __PYX_ERR(0, 82, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":93
+ *         return bool(rc)
+ * 
+ *     def opendir(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef SFTPDir _dir
+ *         cdef c_sftp.sftp_dir c_dir
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_15opendir, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_opendir, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_opendir, __pyx_t_3) < 0) __PYX_ERR(0, 93, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":105
+ *         return _dir
+ * 
+ *     def stat(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef SFTPAttributes _attrs
+ *         cdef c_sftp.sftp_attributes c_attrs
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_17stat, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_stat, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_stat, __pyx_t_3) < 0) __PYX_ERR(0, 105, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":117
+ *         return _attrs
+ * 
+ *     def lstat(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef SFTPAttributes _attrs
+ *         cdef c_sftp.sftp_attributes c_attrs
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_19lstat, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_lstat, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_lstat, __pyx_t_3) < 0) __PYX_ERR(0, 117, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":129
+ *         return _attrs
+ * 
+ *     def open(self, path not None, int accesstype, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_21open, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_open, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_open, __pyx_t_3) < 0) __PYX_ERR(0, 129, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":141
+ *         return _file
+ * 
+ *     def unlink(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_23unlink, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_unlink, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_unlink, __pyx_t_3) < 0) __PYX_ERR(0, 141, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":151
+ *         return rc
+ * 
+ *     def rmdir(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_25rmdir, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_rmdir, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 151, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_rmdir, __pyx_t_3) < 0) __PYX_ERR(0, 151, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":161
+ *         return rc
+ * 
+ *     def mkdir(self, path not None, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_27mkdir, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_mkdir, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_mkdir, __pyx_t_3) < 0) __PYX_ERR(0, 161, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":169
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def rename(self, original not None, newname not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_orig = to_bytes(original)
+ *         cdef const char *c_orig = b_orig
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_29rename, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_rename, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 169, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_rename, __pyx_t_3) < 0) __PYX_ERR(0, 169, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":181
+ *         return rc
+ * 
+ *     def setstat(self, path not None, SFTPAttributes attr):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_31setstat, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_setstat, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 181, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_setstat, __pyx_t_3) < 0) __PYX_ERR(0, 181, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":189
+ *         return handle_error_codes(rc, self.session._session)
+ * 
+ *     def chown(self, path not None,             # <<<<<<<<<<<<<<
+ *               c_sftp.uid_t owner, c_sftp.gid_t group):
+ *         cdef bytes b_path = to_bytes(path)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_33chown, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_chown, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 189, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_chown, __pyx_t_3) < 0) __PYX_ERR(0, 189, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":200
+ *         return rc
+ * 
+ *     def chmod(self, path not None, c_sftp.mode_t mode):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_35chmod, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_chmod, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 200, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_chmod, __pyx_t_3) < 0) __PYX_ERR(0, 200, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":210
+ *         return rc
+ * 
+ *     def utimes(self, path not None, long seconds, long microseconds):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_37utimes, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_utimes, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 210, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_utimes, __pyx_t_3) < 0) __PYX_ERR(0, 210, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":228
+ *         return rc
+ * 
+ *     def symlink(self, source not None, dest not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_source = to_bytes(source)
+ *         cdef const char *c_source = b_source
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_39symlink, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_symlink, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[18])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 228, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_symlink, __pyx_t_3) < 0) __PYX_ERR(0, 228, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":240
+ *         return rc
+ * 
+ *     def readlink(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_41readlink, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_readlink, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[19])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 240, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_readlink, __pyx_t_3) < 0) __PYX_ERR(0, 240, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":252
+ *         return to_str(b_link)
+ * 
+ *     def statvfs(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_43statvfs, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_statvfs, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[20])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 252, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_statvfs, __pyx_t_3) < 0) __PYX_ERR(0, 252, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":264
+ *         return vfs
+ * 
+ *     def canonicalize_path(self, path not None):             # <<<<<<<<<<<<<<
+ *         cdef bytes b_path = to_bytes(path)
+ *         cdef const char *c_path = b_path
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_45canonicalize_path, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_canonicalize_path, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[21])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 264, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_canonicalize_path, __pyx_t_3) < 0) __PYX_ERR(0, 264, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":276
+ *         return to_str(b_rpath)
+ * 
+ *     def server_version(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_47server_version, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP_server_version, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[22])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 276, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, __pyx_mstate_global->__pyx_n_u_server_version, __pyx_t_3) < 0) __PYX_ERR(0, 276, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_49__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[23])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_3) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._sftp cannot be converted to a Python object for pickling"
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_4sftp_4SFTP_51__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTP___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[24])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_3) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp.pyx":1
+ * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
+ * # Copyright (C) 2018 Panos Kittenis
+ * #
+*/
+  __pyx_t_3 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_3) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /*--- Wrapped vars code ---*/
+
+  goto __pyx_L0;
+  __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
+  if (__pyx_m) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
+      __Pyx_AddTraceback("init ssh.sftp", __pyx_clineno, __pyx_lineno, __pyx_filename);
+    }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.sftp");
   }
@@ -7503,1120 +10461,4074 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
-    r = PyLong_AsVoidPtr(p);
-end:
-    Py_XDECREF(p);
-    Py_XDECREF(m);
-    return (__Pyx_RefNannyAPIStruct *)r;
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_SFTP, sizeof(__pyx_k_SFTP), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP */
+  {__pyx_k_SFTPError, sizeof(__pyx_k_SFTPError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPError */
+  {__pyx_k_SFTPHandleError, sizeof(__pyx_k_SFTPHandleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPHandleError */
+  {__pyx_k_SFTP___reduce_cython, sizeof(__pyx_k_SFTP___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP___reduce_cython */
+  {__pyx_k_SFTP___setstate_cython, sizeof(__pyx_k_SFTP___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP___setstate_cython */
+  {__pyx_k_SFTP_canonicalize_path, sizeof(__pyx_k_SFTP_canonicalize_path), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_canonicalize_path */
+  {__pyx_k_SFTP_chmod, sizeof(__pyx_k_SFTP_chmod), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_chmod */
+  {__pyx_k_SFTP_chown, sizeof(__pyx_k_SFTP_chown), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_chown */
+  {__pyx_k_SFTP_extension_supported, sizeof(__pyx_k_SFTP_extension_supported), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_extension_supported */
+  {__pyx_k_SFTP_extensions_get_count, sizeof(__pyx_k_SFTP_extensions_get_count), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_extensions_get_count */
+  {__pyx_k_SFTP_extensions_get_data, sizeof(__pyx_k_SFTP_extensions_get_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_extensions_get_data */
+  {__pyx_k_SFTP_extensions_get_name, sizeof(__pyx_k_SFTP_extensions_get_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_extensions_get_name */
+  {__pyx_k_SFTP_get_error, sizeof(__pyx_k_SFTP_get_error), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_get_error */
+  {__pyx_k_SFTP_init, sizeof(__pyx_k_SFTP_init), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_init */
+  {__pyx_k_SFTP_lstat, sizeof(__pyx_k_SFTP_lstat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_lstat */
+  {__pyx_k_SFTP_mkdir, sizeof(__pyx_k_SFTP_mkdir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_mkdir */
+  {__pyx_k_SFTP_open, sizeof(__pyx_k_SFTP_open), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_open */
+  {__pyx_k_SFTP_opendir, sizeof(__pyx_k_SFTP_opendir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_opendir */
+  {__pyx_k_SFTP_readlink, sizeof(__pyx_k_SFTP_readlink), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_readlink */
+  {__pyx_k_SFTP_rename, sizeof(__pyx_k_SFTP_rename), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_rename */
+  {__pyx_k_SFTP_rmdir, sizeof(__pyx_k_SFTP_rmdir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_rmdir */
+  {__pyx_k_SFTP_server_version, sizeof(__pyx_k_SFTP_server_version), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_server_version */
+  {__pyx_k_SFTP_setstat, sizeof(__pyx_k_SFTP_setstat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_setstat */
+  {__pyx_k_SFTP_stat, sizeof(__pyx_k_SFTP_stat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_stat */
+  {__pyx_k_SFTP_statvfs, sizeof(__pyx_k_SFTP_statvfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_statvfs */
+  {__pyx_k_SFTP_symlink, sizeof(__pyx_k_SFTP_symlink), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_symlink */
+  {__pyx_k_SFTP_unlink, sizeof(__pyx_k_SFTP_unlink), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_unlink */
+  {__pyx_k_SFTP_utimes, sizeof(__pyx_k_SFTP_utimes), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTP_utimes */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_accesstype, sizeof(__pyx_k_accesstype), 0, 1, 1}, /* PyObject cname: __pyx_n_u_accesstype */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_attr, sizeof(__pyx_k_attr), 0, 1, 1}, /* PyObject cname: __pyx_n_u_attr */
+  {__pyx_k_attrs, sizeof(__pyx_k_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_attrs */
+  {__pyx_k_b_data, sizeof(__pyx_k_b_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_data */
+  {__pyx_k_b_dest, sizeof(__pyx_k_b_dest), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_dest */
+  {__pyx_k_b_link, sizeof(__pyx_k_b_link), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_link */
+  {__pyx_k_b_name, sizeof(__pyx_k_b_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_name */
+  {__pyx_k_b_newname, sizeof(__pyx_k_b_newname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_newname */
+  {__pyx_k_b_orig, sizeof(__pyx_k_b_orig), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_orig */
+  {__pyx_k_b_path, sizeof(__pyx_k_b_path), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_path */
+  {__pyx_k_b_rpath, sizeof(__pyx_k_b_rpath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_rpath */
+  {__pyx_k_b_source, sizeof(__pyx_k_b_source), 0, 1, 1}, /* PyObject cname: __pyx_n_u_b_source */
+  {__pyx_k_c_attrs, sizeof(__pyx_k_c_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_attrs */
+  {__pyx_k_c_data, sizeof(__pyx_k_c_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_data */
+  {__pyx_k_c_dest, sizeof(__pyx_k_c_dest), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_dest */
+  {__pyx_k_c_dir, sizeof(__pyx_k_c_dir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_dir */
+  {__pyx_k_c_file, sizeof(__pyx_k_c_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_file */
+  {__pyx_k_c_name, sizeof(__pyx_k_c_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_name */
+  {__pyx_k_c_newname, sizeof(__pyx_k_c_newname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_newname */
+  {__pyx_k_c_orig, sizeof(__pyx_k_c_orig), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_orig */
+  {__pyx_k_c_path, sizeof(__pyx_k_c_path), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_path */
+  {__pyx_k_c_source, sizeof(__pyx_k_c_source), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_source */
+  {__pyx_k_c_vfs, sizeof(__pyx_k_c_vfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_vfs */
+  {__pyx_k_canonicalize_path, sizeof(__pyx_k_canonicalize_path), 0, 1, 1}, /* PyObject cname: __pyx_n_u_canonicalize_path */
+  {__pyx_k_chmod, sizeof(__pyx_k_chmod), 0, 1, 1}, /* PyObject cname: __pyx_n_u_chmod */
+  {__pyx_k_chown, sizeof(__pyx_k_chown), 0, 1, 1}, /* PyObject cname: __pyx_n_u_chown */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_data, sizeof(__pyx_k_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_data */
+  {__pyx_k_dest, sizeof(__pyx_k_dest), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dest */
+  {__pyx_k_dir, sizeof(__pyx_k_dir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dir */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exceptions */
+  {__pyx_k_extension_supported, sizeof(__pyx_k_extension_supported), 0, 1, 1}, /* PyObject cname: __pyx_n_u_extension_supported */
+  {__pyx_k_extensions_get_count, sizeof(__pyx_k_extensions_get_count), 0, 1, 1}, /* PyObject cname: __pyx_n_u_extensions_get_count */
+  {__pyx_k_extensions_get_data, sizeof(__pyx_k_extensions_get_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_extensions_get_data */
+  {__pyx_k_extensions_get_name, sizeof(__pyx_k_extensions_get_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_extensions_get_name */
+  {__pyx_k_file, sizeof(__pyx_k_file), 0, 1, 1}, /* PyObject cname: __pyx_n_u_file */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_get_error, sizeof(__pyx_k_get_error), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_error */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_group, sizeof(__pyx_k_group), 0, 1, 1}, /* PyObject cname: __pyx_n_u_group */
+  {__pyx_k_indexn, sizeof(__pyx_k_indexn), 0, 1, 1}, /* PyObject cname: __pyx_n_u_indexn */
+  {__pyx_k_init, sizeof(__pyx_k_init), 0, 1, 1}, /* PyObject cname: __pyx_n_u_init */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_link, sizeof(__pyx_k_link), 0, 1, 1}, /* PyObject cname: __pyx_n_u_link */
+  {__pyx_k_lstat, sizeof(__pyx_k_lstat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_lstat */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_microseconds, sizeof(__pyx_k_microseconds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_microseconds */
+  {__pyx_k_mkdir, sizeof(__pyx_k_mkdir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_mkdir */
+  {__pyx_k_mode, sizeof(__pyx_k_mode), 0, 1, 1}, /* PyObject cname: __pyx_n_u_mode */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_name_2, sizeof(__pyx_k_name_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name_2 */
+  {__pyx_k_name_3, sizeof(__pyx_k_name_3), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name_3 */
+  {__pyx_k_newname, sizeof(__pyx_k_newname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_newname */
+  {__pyx_k_open, sizeof(__pyx_k_open), 0, 1, 1}, /* PyObject cname: __pyx_n_u_open */
+  {__pyx_k_opendir, sizeof(__pyx_k_opendir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_opendir */
+  {__pyx_k_original, sizeof(__pyx_k_original), 0, 1, 1}, /* PyObject cname: __pyx_n_u_original */
+  {__pyx_k_owner, sizeof(__pyx_k_owner), 0, 1, 1}, /* PyObject cname: __pyx_n_u_owner */
+  {__pyx_k_path, sizeof(__pyx_k_path), 0, 1, 1}, /* PyObject cname: __pyx_n_u_path */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_readlink, sizeof(__pyx_k_readlink), 0, 1, 1}, /* PyObject cname: __pyx_n_u_readlink */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_rename, sizeof(__pyx_k_rename), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rename */
+  {__pyx_k_rmdir, sizeof(__pyx_k_rmdir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rmdir */
+  {__pyx_k_rpath, sizeof(__pyx_k_rpath), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rpath */
+  {__pyx_k_seconds, sizeof(__pyx_k_seconds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_seconds */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_self__sftp_cannot_be_converted_t, sizeof(__pyx_k_self__sftp_cannot_be_converted_t), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_self__sftp_cannot_be_converted_t */
+  {__pyx_k_server_version, sizeof(__pyx_k_server_version), 0, 1, 1}, /* PyObject cname: __pyx_n_u_server_version */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstat, sizeof(__pyx_k_setstat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstat */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_source, sizeof(__pyx_k_source), 0, 1, 1}, /* PyObject cname: __pyx_n_u_source */
+  {__pyx_k_ssh_sftp, sizeof(__pyx_k_ssh_sftp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_sftp */
+  {__pyx_k_ssh_sftp_pyx, sizeof(__pyx_k_ssh_sftp_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_sftp_pyx */
+  {__pyx_k_stat, sizeof(__pyx_k_stat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_stat */
+  {__pyx_k_statvfs, sizeof(__pyx_k_statvfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_statvfs */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_symlink, sizeof(__pyx_k_symlink), 0, 1, 1}, /* PyObject cname: __pyx_n_u_symlink */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_unlink, sizeof(__pyx_k_unlink), 0, 1, 1}, /* PyObject cname: __pyx_n_u_unlink */
+  {__pyx_k_utimes, sizeof(__pyx_k_utimes), 0, 1, 1}, /* PyObject cname: __pyx_n_u_utimes */
+  {__pyx_k_val, sizeof(__pyx_k_val), 0, 1, 1}, /* PyObject cname: __pyx_n_u_val */
+  {__pyx_k_vfs, sizeof(__pyx_k_vfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_vfs */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 219, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_0 = PyLong_FromLong(0); if (unlikely(!__pyx_mstate->__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 3;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 4;
+            unsigned int flags : 10;
+            unsigned int first_line : 9;
+            unsigned int line_table_length : 12;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 44, 56};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_init, __pyx_k_A_4wc_c_T_1_z_a_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 52, 21};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_get_error, __pyx_k_A_at1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 58, 22};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_extensions_get_count, __pyx_k_A_1_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 64, 43};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_indexn, __pyx_mstate->__pyx_n_u_name_3, __pyx_mstate->__pyx_n_u_name};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_extensions_get_name, __pyx_k_A_31D_6_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 4, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 73, 43};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_indexn, __pyx_mstate->__pyx_n_u_name_3, __pyx_mstate->__pyx_n_u_name};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_extensions_get_data, __pyx_k_A_31D_6_1_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 82, 59};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_name, __pyx_mstate->__pyx_n_u_data, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_b_name, __pyx_mstate->__pyx_n_u_c_name, __pyx_mstate->__pyx_n_u_b_data, __pyx_mstate->__pyx_n_u_c_data};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_extension_supported, __pyx_k_A_HAQ_HAQ_0_HHA_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 93, 76};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_dir, __pyx_mstate->__pyx_n_u_c_dir, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_opendir, __pyx_k_A_HAQ_q_HA_6_A_q_HA_iq_q_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 105, 76};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_attrs, __pyx_mstate->__pyx_n_u_c_attrs, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_stat, __pyx_k_A_HAQ_Jat81_83a_1M_ha_y_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 117, 76};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_attrs, __pyx_mstate->__pyx_n_u_c_attrs, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_lstat, __pyx_k_A_HAQ_Kq_HA_83a_1M_ha_y_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 129, 80};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_accesstype, __pyx_mstate->__pyx_n_u_mode, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_file, __pyx_mstate->__pyx_n_u_c_file};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_open, __pyx_k_A_HAQ_Qd_a_7_Q_q_HA_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 141, 63};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_unlink, __pyx_k_A_HAQ_1D_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 151, 63};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_rmdir, __pyx_k_A_HAQ_4xq_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 161, 50};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_mode, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_mkdir, __pyx_k_A_HAQ_4xxq_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 169, 79};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_original, __pyx_mstate->__pyx_n_u_newname, __pyx_mstate->__pyx_n_u_b_orig, __pyx_mstate->__pyx_n_u_c_orig, __pyx_mstate->__pyx_n_u_b_newname, __pyx_mstate->__pyx_n_u_c_newname, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_rename, __pyx_k_A_HAQ_xq_Q_1D_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 181, 52};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_attr, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_setstat, __pyx_k_A_HAQ_AT_Q_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 7, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 189, 67};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_owner, __pyx_mstate->__pyx_n_u_group, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_chown, __pyx_k_A_HAQ_4xxwa_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 200, 65};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_mode, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_chmod, __pyx_k_A_HAQ_4xxq_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {4, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 210, 114};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_seconds, __pyx_mstate->__pyx_n_u_microseconds, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_val};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_utimes, __pyx_k_A_HAQ_fAQ_uCq_1_1D_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 8, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 228, 79};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_source, __pyx_mstate->__pyx_n_u_dest, __pyx_mstate->__pyx_n_u_b_source, __pyx_mstate->__pyx_n_u_c_source, __pyx_mstate->__pyx_n_u_b_dest, __pyx_mstate->__pyx_n_u_c_dest, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[18] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_symlink, __pyx_k_A_haq_A_HAQ_AT_1_3b_1M_ha_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[18])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 240, 74};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_link, __pyx_mstate->__pyx_n_u_b_link};
+    __pyx_mstate_global->__pyx_codeobj_tab[19] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_readlink, __pyx_k_A_HAQ_XQ_6_A_1M_ha_vQa, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[19])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 252, 76};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_vfs, __pyx_mstate->__pyx_n_u_c_vfs};
+    __pyx_mstate_global->__pyx_codeobj_tab[20] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_statvfs, __pyx_k_A_HAQ_q_HA_6_A_1M_ha_7_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[20])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 264, 75};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_path, __pyx_mstate->__pyx_n_u_b_path, __pyx_mstate->__pyx_n_u_c_path, __pyx_mstate->__pyx_n_u_rpath, __pyx_mstate->__pyx_n_u_b_rpath};
+    __pyx_mstate_global->__pyx_codeobj_tab[21] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_canonicalize_path, __pyx_k_A_HAQ_2_4xq_7_Q_1M_ha_vQa, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[21])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 276, 33};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[22] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_pyx, __pyx_mstate->__pyx_n_u_server_version, __pyx_k_A_1D_d, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[22])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[23] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[23])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[24] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[24])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
+    r = PyLong_AsVoidPtr(p);
+end:
+    Py_XDECREF(p);
+    Py_XDECREF(m);
+    return (__Pyx_RefNannyAPIStruct *)r;
+}
+#endif
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* PyDictVersioning */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
+    PyObject **dictptr = NULL;
+    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
+    if (offset) {
+#if CYTHON_COMPILING_IN_CPYTHON
+        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+#else
+        dictptr = _PyObject_GetDictPtr(obj);
+#endif
+    }
+    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+}
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
+        return 0;
+    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+}
+#endif
+
+/* GetModuleGlobalName */
+#if CYTHON_USE_DICT_VERSIONS
+static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+#else
+static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+#endif
+{
+    PyObject *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
+        return NULL;
+    }
+    result = PyObject_GetAttr(__pyx_m, name);
+    if (likely(result)) {
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
+    }
+#else
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return __Pyx_NewRef(result);
+    }
+    PyErr_Clear();
+#endif
+    return __Pyx_GetBuiltinName(name);
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
 #endif
-    return PyObject_GetAttr(obj, attr_name);
 }
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
 #endif
-    }
-    return result;
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
 }
 
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
-{
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
     }
-    if (exact) {
-        more_or_less = "exactly";
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
     }
     PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
 }
 
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
-{
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
 }
 
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name_2);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
         }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
             }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
                 }
             }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
         }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
     }
-    return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
 bad:
-    return -1;
-}
-
-/* PyDictVersioning */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+    Py_XDECREF(result);
+    return NULL;
 }
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
-    PyObject **dictptr = NULL;
-    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
-    if (offset) {
-#if CYTHON_COMPILING_IN_CPYTHON
-        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
-#else
-        dictptr = _PyObject_GetDictPtr(obj);
 #endif
+
+/* ListPack */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...) {
+    va_list va;
+    PyObject *l = PyList_New(n);
+    va_start(va, n);
+    if (unlikely(!l)) goto end;
+    for (Py_ssize_t i=0; i<n; ++i) {
+        PyObject *arg = va_arg(va, PyObject*);
+        Py_INCREF(arg);
+        if (__Pyx_PyList_SET_ITEM(l, i, arg) != (0)) {
+            Py_CLEAR(l);
+            goto end;
+        }
     }
-    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
-}
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
-        return 0;
-    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+    end:
+    va_end(va);
+    return l;
 }
-#endif
 
-/* GetModuleGlobalName */
-#if CYTHON_USE_DICT_VERSIONS
-static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
-#else
-static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
-#endif
-{
-    PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
-        return NULL;
-    }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
+/* Import */
+static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
+    PyObject *module = 0;
+    PyObject *empty_dict = 0;
+    PyObject *empty_list = 0;
+    empty_dict = PyDict_New();
+    if (unlikely(!empty_dict))
+        goto bad;
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
+            module = PyImport_ImportModuleLevelObject(
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
+        }
+        level = 0;
     }
-#endif
-#else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
     }
-    PyErr_Clear();
-#endif
-    return __Pyx_GetBuiltinName(name);
+bad:
+    Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
+    return module;
 }
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+/* ImportFrom */
+static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
+    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
+    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u_);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
+        }
+        #else
+        value = PyImport_GetModule(full_name);
+        #endif
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
     }
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
+    }
+    return value;
 }
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
 #endif
+    return value;
+}
 
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
-        return NULL;
-    }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
     }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
 #endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
     }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
 #endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
-        }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
-        }
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
     }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
-        }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
         }
-        nk = i / 2;
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
     }
-    else {
-        kwtuple = NULL;
-        k = NULL;
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
     }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
 #endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
     }
-    else {
-        d = NULL;
-        nd = 0;
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
     }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
+    return 0;
 }
-#endif
-#endif
 
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
     PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
     }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
     return result;
 }
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
 #endif
 
-/* PyObjectCall2Args */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
-    PyObject *args, *result = NULL;
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyFunction_FastCall(function, args, 2);
-    }
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
     #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyCFunction_FastCall(function, args, 2);
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
     }
-    #endif
-    args = PyTuple_New(2);
-    if (unlikely(!args)) goto done;
-    Py_INCREF(arg1);
-    PyTuple_SET_ITEM(args, 0, arg1);
-    Py_INCREF(arg2);
-    PyTuple_SET_ITEM(args, 1, arg2);
-    Py_INCREF(function);
-    result = __Pyx_PyObject_Call(function, args, NULL);
-    Py_DECREF(args);
-    Py_DECREF(function);
-done:
-    return result;
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
 }
-
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
         return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
     }
-    return result;
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
 }
 #endif
 
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
     }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
         }
+#endif
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
 }
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
     PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
     return result;
 }
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
 }
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-#endif
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
-#endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
-        }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
-#else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
+               "function's dictionary may not be deleted");
+        return -1;
     }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
-        }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
-        }
-    } else {
+    if (unlikely(!PyDict_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+               "setting function's dictionary to a non-dict");
+        return -1;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
-        } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
-        }
-        PyException_SetCause(value, fixed_cause);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
         }
-#endif
     }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+    Py_INCREF(result);
+    return result;
 }
-#endif
-
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
-{
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
     }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
 }
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
 #endif
-    return NULL;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
-    return descr;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
 }
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
 }
-#endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
-    PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
-    }
-    return result;
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name_2);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
 }
-static int __Pyx_setup_reduce(PyObject* type_obj) {
-    int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
-    }
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
         }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
         }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
-
-/* Import */
-static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
-    PyObject *module = 0;
-    PyObject *global_dict = 0;
-    PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
-    empty_dict = PyDict_New();
-    if (!empty_dict)
-        goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
-        }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
-            module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
-        }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
-    Py_XDECREF(empty_dict);
-    return module;
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
 }
 
-/* ImportFrom */
-static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
-    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
-    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
-        #else
-            "cannot import name %S", name);
-        #endif
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return value;
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -8625,11 +14537,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -8657,130 +14570,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -8811,7 +14790,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -8821,6 +14800,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -8845,7 +14825,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *x) {
+static CYTHON_INLINE unsigned int __Pyx_PyLong_As_unsigned_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8855,179 +14835,237 @@ static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(unsigned int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(unsigned int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (unsigned int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        unsigned int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (unsigned int) -1;
+        val = __Pyx_PyLong_As_unsigned_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (unsigned int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(unsigned int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(unsigned int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(unsigned int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) >= 2 * PyLong_SHIFT)) {
                             return (unsigned int) (((((unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(unsigned int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) >= 3 * PyLong_SHIFT)) {
                             return (unsigned int) (((((((unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(unsigned int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) >= 4 * PyLong_SHIFT)) {
                             return (unsigned int) (((((((((unsigned int)digits[3]) << PyLong_SHIFT) | (unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (unsigned int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (unsigned int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(unsigned int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(unsigned int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(unsigned int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(unsigned int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (unsigned int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(unsigned int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(unsigned int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(unsigned int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(unsigned int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT)) {
                             return (unsigned int) (((unsigned int)-1)*(((((unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(unsigned int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT)) {
                             return (unsigned int) ((((((unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT)) {
                             return (unsigned int) (((unsigned int)-1)*(((((((unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(unsigned int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT)) {
                             return (unsigned int) ((((((((unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT)) {
                             return (unsigned int) (((unsigned int)-1)*(((((((((unsigned int)digits[3]) << PyLong_SHIFT) | (unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(unsigned int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(unsigned int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(unsigned int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(unsigned int) - 1 > 4 * PyLong_SHIFT)) {
                             return (unsigned int) ((((((((((unsigned int)digits[3]) << PyLong_SHIFT) | (unsigned int)digits[2]) << PyLong_SHIFT) | (unsigned int)digits[1]) << PyLong_SHIFT) | (unsigned int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(unsigned int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, long, PyLong_AsLong(x))
+        if ((sizeof(unsigned int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(unsigned int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(unsigned int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(unsigned int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(unsigned int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        unsigned int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (unsigned int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            unsigned int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (unsigned int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (unsigned int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (unsigned int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(unsigned int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((unsigned int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(unsigned int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((unsigned int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((unsigned int) 1) << (sizeof(unsigned int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (unsigned int) -1;
-        }
-    } else {
-        unsigned int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (unsigned int) -1;
-        val = __Pyx_PyInt_As_unsigned_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9041,7 +15079,7 @@ static CYTHON_INLINE unsigned int __Pyx_PyInt_As_unsigned_int(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9051,179 +15089,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
-#endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+        }
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9237,7 +15333,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE mode_t __Pyx_PyInt_As_mode_t(PyObject *x) {
+static CYTHON_INLINE mode_t __Pyx_PyLong_As_mode_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9247,179 +15343,237 @@ static CYTHON_INLINE mode_t __Pyx_PyInt_As_mode_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(mode_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(mode_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (mode_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        mode_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (mode_t) -1;
+        val = __Pyx_PyLong_As_mode_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (mode_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(mode_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(mode_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(mode_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) >= 2 * PyLong_SHIFT)) {
                             return (mode_t) (((((mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(mode_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) >= 3 * PyLong_SHIFT)) {
                             return (mode_t) (((((((mode_t)digits[2]) << PyLong_SHIFT) | (mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(mode_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) >= 4 * PyLong_SHIFT)) {
                             return (mode_t) (((((((((mode_t)digits[3]) << PyLong_SHIFT) | (mode_t)digits[2]) << PyLong_SHIFT) | (mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (mode_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (mode_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(mode_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(mode_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(mode_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(mode_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(mode_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(mode_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(mode_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(mode_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (mode_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(mode_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(mode_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(mode_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(mode_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (mode_t) (((mode_t)-1)*(((((mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(mode_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (mode_t) ((((((mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(mode_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (mode_t) (((mode_t)-1)*(((((((mode_t)digits[2]) << PyLong_SHIFT) | (mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(mode_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (mode_t) ((((((((mode_t)digits[2]) << PyLong_SHIFT) | (mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(mode_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (mode_t) (((mode_t)-1)*(((((((((mode_t)digits[3]) << PyLong_SHIFT) | (mode_t)digits[2]) << PyLong_SHIFT) | (mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(mode_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(mode_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(mode_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(mode_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(mode_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (mode_t) ((((((((((mode_t)digits[3]) << PyLong_SHIFT) | (mode_t)digits[2]) << PyLong_SHIFT) | (mode_t)digits[1]) << PyLong_SHIFT) | (mode_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(mode_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(mode_t, long, PyLong_AsLong(x))
+        if ((sizeof(mode_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(mode_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(mode_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(mode_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(mode_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(mode_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        mode_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (mode_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            mode_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (mode_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (mode_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (mode_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(mode_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((mode_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(mode_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((mode_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((mode_t) 1) << (sizeof(mode_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (mode_t) -1;
-        }
-    } else {
-        mode_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (mode_t) -1;
-        val = __Pyx_PyInt_As_mode_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9433,7 +15587,7 @@ static CYTHON_INLINE mode_t __Pyx_PyInt_As_mode_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uid_t __Pyx_PyInt_As_uid_t(PyObject *x) {
+static CYTHON_INLINE uid_t __Pyx_PyLong_As_uid_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9443,179 +15597,237 @@ static CYTHON_INLINE uid_t __Pyx_PyInt_As_uid_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uid_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uid_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uid_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uid_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uid_t) -1;
+        val = __Pyx_PyLong_As_uid_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uid_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uid_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uid_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uid_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) >= 2 * PyLong_SHIFT)) {
                             return (uid_t) (((((uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uid_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) >= 3 * PyLong_SHIFT)) {
                             return (uid_t) (((((((uid_t)digits[2]) << PyLong_SHIFT) | (uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uid_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) >= 4 * PyLong_SHIFT)) {
                             return (uid_t) (((((((((uid_t)digits[3]) << PyLong_SHIFT) | (uid_t)digits[2]) << PyLong_SHIFT) | (uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uid_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uid_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uid_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uid_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uid_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uid_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uid_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uid_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uid_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uid_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uid_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uid_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uid_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uid_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uid_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uid_t) (((uid_t)-1)*(((((uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uid_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uid_t) ((((((uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uid_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uid_t) (((uid_t)-1)*(((((((uid_t)digits[2]) << PyLong_SHIFT) | (uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uid_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uid_t) ((((((((uid_t)digits[2]) << PyLong_SHIFT) | (uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uid_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uid_t) (((uid_t)-1)*(((((((((uid_t)digits[3]) << PyLong_SHIFT) | (uid_t)digits[2]) << PyLong_SHIFT) | (uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uid_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uid_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uid_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uid_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uid_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uid_t) ((((((((((uid_t)digits[3]) << PyLong_SHIFT) | (uid_t)digits[2]) << PyLong_SHIFT) | (uid_t)digits[1]) << PyLong_SHIFT) | (uid_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uid_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uid_t, long, PyLong_AsLong(x))
+        if ((sizeof(uid_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uid_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uid_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uid_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uid_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uid_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uid_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uid_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uid_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uid_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uid_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uid_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uid_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uid_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uid_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uid_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uid_t) 1) << (sizeof(uid_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uid_t) -1;
-        }
-    } else {
-        uid_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uid_t) -1;
-        val = __Pyx_PyInt_As_uid_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9629,7 +15841,7 @@ static CYTHON_INLINE uid_t __Pyx_PyInt_As_uid_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE gid_t __Pyx_PyInt_As_gid_t(PyObject *x) {
+static CYTHON_INLINE gid_t __Pyx_PyLong_As_gid_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9639,179 +15851,237 @@ static CYTHON_INLINE gid_t __Pyx_PyInt_As_gid_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(gid_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(gid_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (gid_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        gid_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (gid_t) -1;
+        val = __Pyx_PyLong_As_gid_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (gid_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(gid_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(gid_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(gid_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) >= 2 * PyLong_SHIFT)) {
                             return (gid_t) (((((gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(gid_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) >= 3 * PyLong_SHIFT)) {
                             return (gid_t) (((((((gid_t)digits[2]) << PyLong_SHIFT) | (gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(gid_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) >= 4 * PyLong_SHIFT)) {
                             return (gid_t) (((((((((gid_t)digits[3]) << PyLong_SHIFT) | (gid_t)digits[2]) << PyLong_SHIFT) | (gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (gid_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (gid_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(gid_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(gid_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(gid_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(gid_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(gid_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(gid_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(gid_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(gid_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (gid_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(gid_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(gid_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(gid_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(gid_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (gid_t) (((gid_t)-1)*(((((gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(gid_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (gid_t) ((((((gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(gid_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (gid_t) (((gid_t)-1)*(((((((gid_t)digits[2]) << PyLong_SHIFT) | (gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(gid_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (gid_t) ((((((((gid_t)digits[2]) << PyLong_SHIFT) | (gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(gid_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (gid_t) (((gid_t)-1)*(((((((((gid_t)digits[3]) << PyLong_SHIFT) | (gid_t)digits[2]) << PyLong_SHIFT) | (gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(gid_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(gid_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(gid_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(gid_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(gid_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (gid_t) ((((((((((gid_t)digits[3]) << PyLong_SHIFT) | (gid_t)digits[2]) << PyLong_SHIFT) | (gid_t)digits[1]) << PyLong_SHIFT) | (gid_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(gid_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(gid_t, long, PyLong_AsLong(x))
+        if ((sizeof(gid_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(gid_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(gid_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(gid_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(gid_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(gid_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        gid_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (gid_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            gid_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (gid_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (gid_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (gid_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(gid_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((gid_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(gid_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((gid_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((gid_t) 1) << (sizeof(gid_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (gid_t) -1;
-        }
-    } else {
-        gid_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (gid_t) -1;
-        val = __Pyx_PyInt_As_gid_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9825,7 +16095,7 @@ static CYTHON_INLINE gid_t __Pyx_PyInt_As_gid_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9835,179 +16105,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -10020,8 +16348,40 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
     return (long) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10033,33 +16393,66 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
 #endif
         }
-    }
-    {
+    }
+    {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
         int one = 1; int little = (int)*(unsigned char *)&one;
-        unsigned char *bytes = (unsigned char *)&value;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_int(unsigned int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_unsigned_int(unsigned int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10071,17 +16464,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_int(unsigned int value)
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(unsigned int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(unsigned int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(unsigned int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(unsigned int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(unsigned int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -10089,15 +16482,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_int(unsigned int value)
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(unsigned int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(unsigned int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
     }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
+    }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10109,17 +16574,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -10127,10 +16592,43 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
@@ -10138,7 +16636,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -10159,51 +16657,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -10234,65 +16719,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -10300,97 +16804,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -10402,25 +17042,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -10443,95 +17083,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -10570,33 +17181,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/sftp.pxd b/ssh/sftp.pxd
index 340acf92..115554c0 100644
--- a/ssh/sftp.pxd
+++ b/ssh/sftp.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from session cimport Session
+from .session cimport Session
 
-cimport c_sftp
+from . cimport c_sftp
 
 
 cdef class SFTP:
diff --git a/ssh/sftp.pyx b/ssh/sftp.pyx
index 78400c82..cd2f682a 100644
--- a/ssh/sftp.pyx
+++ b/ssh/sftp.pyx
@@ -1,30 +1,31 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.stdlib cimport malloc, free
 
-from session cimport Session
-from sftp_handles cimport SFTPFile, SFTPDir
-from sftp_attributes cimport SFTPAttributes
-from sftp_statvfs cimport SFTPStatVFS
-from utils cimport handle_error_codes, to_bytes, to_str
+from .session cimport Session
+from .sftp_handles cimport SFTPFile, SFTPDir
+from .sftp_attributes cimport SFTPAttributes
+from .sftp_statvfs cimport SFTPStatVFS
+from .utils cimport handle_error_codes, to_bytes, to_str
 from .exceptions import SFTPError, SFTPHandleError
 
-from c_ssh cimport ssh_get_error, ssh_get_error_code, timeval
-cimport c_sftp
+from .c_ssh cimport ssh_get_error, ssh_get_error_code, timeval
+from . cimport c_sftp
 
 
 cdef class SFTP:
@@ -43,6 +44,8 @@ cdef class SFTP:
 
     def init(self):
         cdef int rc
+        if self._sftp is NULL or not self.session:
+            return 0
         with nogil:
             rc = c_sftp.sftp_init(self._sftp)
         return handle_error_codes(rc, self.session._session)
diff --git a/ssh/sftp_attributes.c b/ssh/sftp_attributes.c
index b525f3d8..909280b9 100644
--- a/ssh/sftp_attributes.c
+++ b/ssh/sftp_attributes.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.sftp_attributes",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/sftp_attributes.pyx"
+        ]
+    },
+    "module_name": "ssh.sftp_attributes"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,77 +911,201 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
   float value;
   memset(&value, 0xFF, sizeof(value));
   return value;
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -756,12 +1166,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -796,140 +1202,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -941,27 +1336,173 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/sftp_attributes.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/session.pxd",
   "ssh/sftp.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -969,11 +1510,41 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
@@ -981,12 +1552,12 @@ struct __pyx_obj_3ssh_4sftp_SFTP;
 struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -1001,7 +1572,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_4sftp_SFTP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtab;
@@ -1016,7 +1587,7 @@ struct __pyx_obj_3ssh_4sftp_SFTP {
  * cdef class SFTPAttributes:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_attributes _attrs
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab;
@@ -1033,7 +1604,7 @@ struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_4sftp_SFTP {
   struct __pyx_obj_3ssh_4sftp_SFTP *(*from_ptr)(sftp_session, struct __pyx_obj_3ssh_7session_Session *);
@@ -1047,12 +1618,13 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
  * cdef class SFTPAttributes:             # <<<<<<<<<<<<<<
  * 
  *     def __cinit__(self):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *(*from_ptr)(sftp_attributes, struct __pyx_obj_3ssh_4sftp_SFTP *);
 };
 static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1061,42 +1633,48 @@ static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1107,6 +1685,10 @@ static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1118,53 +1700,30 @@ static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
-#endif
-
-/* GetBuiltinName.proto */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name);
-
-/* RaiseArgTupleInvalid.proto */
-static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
-    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
-
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
-
-/* RaiseDoubleKeywords.proto */
-static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
-
-/* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* ArgTypeTest.proto */
-#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
-        __Pyx__ArgTypeTest(obj, type, name, exact))
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
-
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
 #else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
 #endif
 
 /* PyThreadStateGet.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1176,7 +1735,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1192,141 +1751,135 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
-
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
-#endif
-
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
-#endif
-
-/* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
-
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
 #else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
 /* PyObjectGetAttrStrNoError.proto */
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
 
-/* SetupReduce.proto */
-static int __Pyx_setup_reduce(PyObject* type_obj);
+/* GetBuiltinName.proto */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
-/* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
-};
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
 #endif
 
-/* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+/* IncludeStringH.proto */
+#include <string.h>
 
-/* PyDictVersioning.proto */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-#define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
-#define __PYX_GET_DICT_VERSION(dict)  (((PyDictObject*)(dict))->ma_version_tag)
-#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)\
-    (version_var) = __PYX_GET_DICT_VERSION(dict);\
-    (cache_var) = (value);
-#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP) {\
-    static PY_UINT64_T __pyx_dict_version = 0;\
-    static PyObject *__pyx_dict_cached_value = NULL;\
-    if (likely(__PYX_GET_DICT_VERSION(DICT) == __pyx_dict_version)) {\
-        (VAR) = __pyx_dict_cached_value;\
-    } else {\
-        (VAR) = __pyx_dict_cached_value = (LOOKUP);\
-        __pyx_dict_version = __PYX_GET_DICT_VERSION(DICT);\
-    }\
-}
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj);
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj);
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version);
-#else
-#define __PYX_GET_DICT_VERSION(dict)  (0)
-#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)
-#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP)  (VAR) = (LOOKUP);
-#endif
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
 
-/* GetModuleGlobalName.proto */
-#if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
-    static PY_UINT64_T __pyx_dict_version = 0;\
-    static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
-        (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
-        __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
-    PY_UINT64_T __pyx_dict_version;\
-    PyObject *__pyx_dict_cached_value;\
-    (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
 #else
-#define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
-static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
 #endif
 
-/* GetNameInClass.proto */
-#define __Pyx_GetNameInClass(var, nmspace, name)  (var) = __Pyx__GetNameInClass(nmspace, name)
-static PyObject *__Pyx__GetNameInClass(PyObject *nmspace, PyObject *name);
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
-#else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
-#endif
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
 
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
 #endif
 
 /* PyObjectCallMethO.proto */
@@ -1334,168 +1887,570 @@ static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args,
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
+
+/* ArgTypeTest.proto */
+#define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+        __Pyx__ArgTypeTest(obj, type, name, exact))
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
+
+/* RaiseUnexpectedTypeError.proto */
+static int __Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj);
+
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
+#endif
+
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* SetVTable.proto */
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
+
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
+
+/* SetupReduce.proto */
+static int __Pyx_setup_reduce(PyObject* type_obj);
+
+/* TypeImport.proto */
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
+};
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
+#endif
+
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* PyDictVersioning.proto */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+#define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
+#define __PYX_GET_DICT_VERSION(dict)  (((PyDictObject*)(dict))->ma_version_tag)
+#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)\
+    (version_var) = __PYX_GET_DICT_VERSION(dict);\
+    (cache_var) = (value);
+#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP) {\
+    static PY_UINT64_T __pyx_dict_version = 0;\
+    static PyObject *__pyx_dict_cached_value = NULL;\
+    if (likely(__PYX_GET_DICT_VERSION(DICT) == __pyx_dict_version)) {\
+        (VAR) = __pyx_dict_cached_value;\
+    } else {\
+        (VAR) = __pyx_dict_cached_value = (LOOKUP);\
+        __pyx_dict_version = __PYX_GET_DICT_VERSION(DICT);\
+    }\
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj);
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj);
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version);
+#else
+#define __PYX_GET_DICT_VERSION(dict)  (0)
+#define __PYX_UPDATE_DICT_CACHE(dict, value, cache_var, version_var)
+#define __PYX_PY_DICT_LOOKUP_IF_MODIFIED(VAR, DICT, LOOKUP)  (VAR) = (LOOKUP);
+#endif
+
+/* GetModuleGlobalName.proto */
+#if CYTHON_USE_DICT_VERSIONS
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
+    static PY_UINT64_T __pyx_dict_version = 0;\
+    static PyObject *__pyx_dict_cached_value = NULL;\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
+        (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
+        __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
+    PY_UINT64_T __pyx_dict_version;\
+    PyObject *__pyx_dict_cached_value;\
+    (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
+} while(0)
+static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
+#define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
+static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
+#endif
+
+/* GetNameInClass.proto */
+#define __Pyx_GetNameInClass(var, nmspace, name)  (var) = __Pyx__GetNameInClass(nmspace, name)
+static PyObject *__Pyx__GetNameInClass(PyObject *nmspace, PyObject *name);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *);
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint8_t __Pyx_PyInt_As_uint8_t(PyObject *);
+static CYTHON_INLINE uint8_t __Pyx_PyLong_As_uint8_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *);
+static CYTHON_INLINE uint64_t __Pyx_PyLong_As_uint64_t(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint32_t(uint32_t value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint8_t(uint8_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint8_t(uint8_t value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionImport.proto */
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
-
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sftp_attributes_14SFTPAttributes_from_ptr(sftp_attributes __pyx_v_attrs, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.c_sftp' */
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'ssh.sftp' */
-static PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP = 0;
+/* Module declarations from "ssh.c_sftp" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "ssh.sftp" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "libc.stdlib" */
+
+/* Module declarations from "ssh.utils" */
 static PyObject *(*__pyx_f_3ssh_5utils_ssh_string_to_bytes)(ssh_string); /*proto*/
 
-/* Module declarations from 'ssh.sftp_attributes' */
-static PyTypeObject *__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = 0;
+/* Module declarations from "ssh.sftp_attributes" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.sftp_attributes"
 extern int __pyx_module_is_main_ssh__sftp_attributes;
 int __pyx_module_is_main_ssh__sftp_attributes = 0;
 
-/* Implementation of 'ssh.sftp_attributes' */
+/* Implementation of "ssh.sftp_attributes" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_staticmethod;
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_dict[] = "__dict__";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_sftp[] = "sftp";
 static const char __pyx_k_test[] = "__test__";
 static const char __pyx_k_attrs[] = "attrs";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reduce[] = "__reduce__";
 static const char __pyx_k_attrs_2[] = "_attrs";
+static const char __pyx_k_disable[] = "disable";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_isenabled[] = "isenabled";
 static const char __pyx_k_new_attrs[] = "new_attrs";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
 static const char __pyx_k_staticmethod[] = "staticmethod";
+static const char __pyx_k_stringsource[] = "<stringsource>";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
 static const char __pyx_k_SFTPAttributes[] = "SFTPAttributes";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
 static const char __pyx_k_ssh_sftp_attributes[] = "ssh.sftp_attributes";
 static const char __pyx_k_ssh_sftp_attributes_pyx[] = "ssh/sftp_attributes.pyx";
+static const char __pyx_k_SFTPAttributes_new_attrs[] = "SFTPAttributes.new_attrs";
+static const char __pyx_k_SFTPAttributes___reduce_cython[] = "SFTPAttributes.__reduce_cython__";
+static const char __pyx_k_A_V1_7_Q_ha_l_iq_ha_ha_gQ_gQ_iq[] = "\200A\360\010\000\016\017\330\014\025\320\025-\250V\2601\330\020\021\330\010\013\2107\220#\220Q\330\014\r\330\010\016\210h\220a\330\010\016\210l\230!\330\010\016\210i\220q\330\010\016\210h\220a\330\010\016\210h\220a\330\010\016\210g\220Q\330\010\016\210g\220Q\330\010\016\210i\220q\330\010\016\210i\220q\330\010\016\210o\230Q\330\010\016\210k\230\021\330\010\016\210i\220q\330\010\016\320\016 \240\001\330\010\016\210n\230A\330\010\016\320\016%\240Q\330\010\016\210k\230\021\330\010\016\210i\220q\330\010\016\320\016 \240\001\330\010\016\210g\220Q\330\010\016\320\016 \240\001\330\010\016\320\016\037\230q\330\010\016\320\016\037\230q\330\010\036\230i\240q\250\010\260\001\330\010\r\210]\230!\330\010\017\210q";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
+static const char __pyx_k_SFTPAttributes___setstate_cython[] = "SFTPAttributes.__setstate_cython__";
 static const char __pyx_k_no_default___reduce___due_to_non[] = "no default __reduce__ due to non-trivial __cinit__";
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_SFTPAttributes;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_attrs;
-static PyObject *__pyx_n_s_attrs_2;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_new_attrs;
-static PyObject *__pyx_kp_s_no_default___reduce___due_to_non;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_sftp;
-static PyObject *__pyx_n_s_ssh_sftp_attributes;
-static PyObject *__pyx_kp_s_ssh_sftp_attributes_pyx;
-static PyObject *__pyx_n_s_staticmethod;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes___cinit__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self); /* proto */
 static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp); /* proto */
@@ -1540,11 +2495,187 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4sftp___get__(
 static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__3;
-static PyObject *__pyx_codeobj__4;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP;
+  PyObject *__pyx_type_3ssh_15sftp_attributes_SFTPAttributes;
+  PyTypeObject *__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_codeobj_tab[3];
+  PyObject *__pyx_string_tab[43];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_MemoryError __pyx_string_tab[1]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[2]
+#define __pyx_n_u_SFTPAttributes __pyx_string_tab[3]
+#define __pyx_n_u_SFTPAttributes___reduce_cython __pyx_string_tab[4]
+#define __pyx_n_u_SFTPAttributes___setstate_cython __pyx_string_tab[5]
+#define __pyx_n_u_SFTPAttributes_new_attrs __pyx_string_tab[6]
+#define __pyx_n_u_TypeError __pyx_string_tab[7]
+#define __pyx_kp_u_add_note __pyx_string_tab[8]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[9]
+#define __pyx_n_u_attrs __pyx_string_tab[10]
+#define __pyx_n_u_attrs_2 __pyx_string_tab[11]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[12]
+#define __pyx_n_u_dict __pyx_string_tab[13]
+#define __pyx_kp_u_disable __pyx_string_tab[14]
+#define __pyx_kp_u_enable __pyx_string_tab[15]
+#define __pyx_n_u_func __pyx_string_tab[16]
+#define __pyx_kp_u_gc __pyx_string_tab[17]
+#define __pyx_n_u_getstate __pyx_string_tab[18]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[19]
+#define __pyx_kp_u_isenabled __pyx_string_tab[20]
+#define __pyx_n_u_main __pyx_string_tab[21]
+#define __pyx_n_u_module __pyx_string_tab[22]
+#define __pyx_n_u_name __pyx_string_tab[23]
+#define __pyx_n_u_new_attrs __pyx_string_tab[24]
+#define __pyx_kp_u_no_default___reduce___due_to_non __pyx_string_tab[25]
+#define __pyx_n_u_pop __pyx_string_tab[26]
+#define __pyx_n_u_pyx_state __pyx_string_tab[27]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[28]
+#define __pyx_n_u_qualname __pyx_string_tab[29]
+#define __pyx_n_u_reduce __pyx_string_tab[30]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[31]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[32]
+#define __pyx_n_u_self __pyx_string_tab[33]
+#define __pyx_n_u_set_name __pyx_string_tab[34]
+#define __pyx_n_u_setstate __pyx_string_tab[35]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[36]
+#define __pyx_n_u_sftp __pyx_string_tab[37]
+#define __pyx_n_u_ssh_sftp_attributes __pyx_string_tab[38]
+#define __pyx_kp_u_ssh_sftp_attributes_pyx __pyx_string_tab[39]
+#define __pyx_n_u_staticmethod __pyx_string_tab[40]
+#define __pyx_kp_u_stringsource __pyx_string_tab[41]
+#define __pyx_n_u_test __pyx_string_tab[42]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_15sftp_attributes_SFTPAttributes);
+  for (int i=0; i<3; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<43; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_15sftp_attributes_SFTPAttributes);
+  for (int i=0; i<3; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<43; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/sftp_attributes.pyx":28
  * cdef class SFTPAttributes:
@@ -1552,17 +2683,26 @@ static PyObject *__pyx_codeobj__4;
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self.self_made = False
  * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_1__cinit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__cinit__ (wrapper)", 0);
-  if (unlikely(PyTuple_GET_SIZE(__pyx_args) > 0)) {
-    __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, PyTuple_GET_SIZE(__pyx_args)); return -1;}
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__cinit__", 0))) return -1;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return -1;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__cinit__", 1, 0, 0, __pyx_nargs); return -1; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return -1;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__cinit__", __pyx_kwds); return -1;}
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes___cinit__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -1572,8 +2712,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_1__cinit__(PyObject
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes___cinit__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__cinit__", 0);
 
   /* "ssh/sftp_attributes.pyx":29
  * 
@@ -1581,7 +2719,7 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes___cinit__(struct __p
  *         self.self_made = False             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
+*/
   __pyx_v_self->self_made = 0;
 
   /* "ssh/sftp_attributes.pyx":28
@@ -1590,11 +2728,10 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes___cinit__(struct __p
  *     def __cinit__(self):             # <<<<<<<<<<<<<<
  *         self.self_made = False
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
@@ -1604,13 +2741,15 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes___cinit__(struct __p
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._attrs is not NULL and not self.self_made:
  *             c_sftp.sftp_attributes_free(self._attrs)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -1618,10 +2757,8 @@ static void __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3__dealloc__(PyObje
 }
 
 static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
   int __pyx_t_2;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/sftp_attributes.pyx":32
  * 
@@ -1629,14 +2766,14 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *         if self._attrs is not NULL and not self.self_made:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_attributes_free(self._attrs)
  *             self._attrs = NULL
- */
-  __pyx_t_2 = ((__pyx_v_self->_attrs != NULL) != 0);
+*/
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
   if (__pyx_t_2) {
   } else {
     __pyx_t_1 = __pyx_t_2;
     goto __pyx_L4_bool_binop_done;
   }
-  __pyx_t_2 = ((!(__pyx_v_self->self_made != 0)) != 0);
+  __pyx_t_2 = (!__pyx_v_self->self_made);
   __pyx_t_1 = __pyx_t_2;
   __pyx_L4_bool_binop_done:;
   if (__pyx_t_1) {
@@ -1647,7 +2784,7 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *             c_sftp.sftp_attributes_free(self._attrs)             # <<<<<<<<<<<<<<
  *             self._attrs = NULL
  *         elif self._attrs is not NULL and self.self_made:
- */
+*/
     sftp_attributes_free(__pyx_v_self->_attrs);
 
     /* "ssh/sftp_attributes.pyx":34
@@ -1656,7 +2793,7 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *             self._attrs = NULL             # <<<<<<<<<<<<<<
  *         elif self._attrs is not NULL and self.self_made:
  *             free(self._attrs)
- */
+*/
     __pyx_v_self->_attrs = NULL;
 
     /* "ssh/sftp_attributes.pyx":32
@@ -1665,7 +2802,7 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *         if self._attrs is not NULL and not self.self_made:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_attributes_free(self._attrs)
  *             self._attrs = NULL
- */
+*/
     goto __pyx_L3;
   }
 
@@ -1675,15 +2812,14 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *         elif self._attrs is not NULL and self.self_made:             # <<<<<<<<<<<<<<
  *             free(self._attrs)
  *             self._attrs = NULL
- */
-  __pyx_t_2 = ((__pyx_v_self->_attrs != NULL) != 0);
+*/
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
   if (__pyx_t_2) {
   } else {
     __pyx_t_1 = __pyx_t_2;
     goto __pyx_L6_bool_binop_done;
   }
-  __pyx_t_2 = (__pyx_v_self->self_made != 0);
-  __pyx_t_1 = __pyx_t_2;
+  __pyx_t_1 = __pyx_v_self->self_made;
   __pyx_L6_bool_binop_done:;
   if (__pyx_t_1) {
 
@@ -1693,7 +2829,7 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *             free(self._attrs)             # <<<<<<<<<<<<<<
  *             self._attrs = NULL
  * 
- */
+*/
     free(__pyx_v_self->_attrs);
 
     /* "ssh/sftp_attributes.pyx":37
@@ -1702,7 +2838,7 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *             self._attrs = NULL             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
     __pyx_v_self->_attrs = NULL;
 
     /* "ssh/sftp_attributes.pyx":35
@@ -1711,7 +2847,7 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *         elif self._attrs is not NULL and self.self_made:             # <<<<<<<<<<<<<<
  *             free(self._attrs)
  *             self._attrs = NULL
- */
+*/
   }
   __pyx_L3:;
 
@@ -1721,19 +2857,18 @@ static void __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_2__dealloc__(struct
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._attrs is not NULL and not self.self_made:
  *             c_sftp.sftp_attributes_free(self._attrs)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/sftp_attributes.pyx":40
+/* "ssh/sftp_attributes.pyx":39
+ *             self._attrs = NULL
  * 
- *     @staticmethod
- *     cdef SFTPAttributes from_ptr(c_sftp.sftp_attributes attrs, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPAttributes from_ptr(c_sftp.sftp_attributes attrs, SFTP sftp):
  *         cdef SFTPAttributes _attrs = SFTPAttributes.__new__(SFTPAttributes)
- *         _attrs._attrs = attrs
- */
+*/
 
 static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sftp_attributes_14SFTPAttributes_from_ptr(sftp_attributes __pyx_v_attrs, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp) {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v__attrs = 0;
@@ -1751,9 +2886,9 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sf
  *         cdef SFTPAttributes _attrs = SFTPAttributes.__new__(SFTPAttributes)             # <<<<<<<<<<<<<<
  *         _attrs._attrs = attrs
  *         _attrs.sftp = sftp
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes(((PyTypeObject *)__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v__attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_1);
   __pyx_t_1 = 0;
 
@@ -1763,7 +2898,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sf
  *         _attrs._attrs = attrs             # <<<<<<<<<<<<<<
  *         _attrs.sftp = sftp
  *         return _attrs
- */
+*/
   __pyx_v__attrs->_attrs = __pyx_v_attrs;
 
   /* "ssh/sftp_attributes.pyx":43
@@ -1772,11 +2907,11 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sf
  *         _attrs.sftp = sftp             # <<<<<<<<<<<<<<
  *         return _attrs
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GOTREF(__pyx_v__attrs->sftp);
-  __Pyx_DECREF(((PyObject *)__pyx_v__attrs->sftp));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GOTREF((PyObject *)__pyx_v__attrs->sftp);
+  __Pyx_DECREF((PyObject *)__pyx_v__attrs->sftp);
   __pyx_v__attrs->sftp = __pyx_v_sftp;
 
   /* "ssh/sftp_attributes.pyx":44
@@ -1785,19 +2920,19 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sf
  *         return _attrs             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__attrs));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__attrs);
   __pyx_r = __pyx_v__attrs;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":40
+  /* "ssh/sftp_attributes.pyx":39
+ *             self._attrs = NULL
  * 
- *     @staticmethod
- *     cdef SFTPAttributes from_ptr(c_sftp.sftp_attributes attrs, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPAttributes from_ptr(c_sftp.sftp_attributes attrs, SFTP sftp):
  *         cdef SFTPAttributes _attrs = SFTPAttributes.__new__(SFTPAttributes)
- *         _attrs._attrs = attrs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1811,70 +2946,106 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_15sf
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":47
+/* "ssh/sftp_attributes.pyx":46
+ *         return _attrs
  * 
- *     @staticmethod
- *     def new_attrs(SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     def new_attrs(SFTP sftp):
  *         cdef SFTPAttributes attrs
- *         cdef c_sftp.sftp_attributes _attrs
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs[] = "SFTPAttributes.new_attrs(SFTP sftp)";
-static PyMethodDef __pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs = {"new_attrs", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs};
-static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs(CYTHON_UNUSED PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs, "SFTPAttributes.new_attrs(SFTP sftp)");
+static PyMethodDef __pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs = {"new_attrs", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs};
+static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs(CYTHON_UNUSED PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("new_attrs (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_sftp,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_sftp,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 46, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 46, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sftp)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "new_attrs") < 0)) __PYX_ERR(0, 47, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "new_attrs", 0) < 0) __PYX_ERR(0, 46, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("new_attrs", 1, 1, 1, i); __PYX_ERR(0, 46, __pyx_L3_error) }
       }
-    } else if (PyTuple_GET_SIZE(__pyx_args) != 1) {
+    } else if (unlikely(__pyx_nargs != 1)) {
       goto __pyx_L5_argtuple_error;
     } else {
-      values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 46, __pyx_L3_error)
     }
     __pyx_v_sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)values[0]);
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("new_attrs", 1, 1, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 47, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("new_attrs", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 46, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.new_attrs", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_sftp), __pyx_ptype_3ssh_4sftp_SFTP, 1, "sftp", 0))) __PYX_ERR(0, 47, __pyx_L1_error)
+  if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_sftp), __pyx_mstate_global->__pyx_ptype_3ssh_4sftp_SFTP, 1, "sftp", 0))) __PYX_ERR(0, 47, __pyx_L1_error)
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(__pyx_v_sftp);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1897,13 +3068,12 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _attrs = <c_sftp.sftp_attributes>malloc(
  *                 sizeof(c_sftp.sftp_attributes_struct))
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_attributes.pyx":51
@@ -1912,7 +3082,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *             _attrs = <c_sftp.sftp_attributes>malloc(             # <<<<<<<<<<<<<<
  *                 sizeof(c_sftp.sftp_attributes_struct))
  *         if _attrs is NULL:
- */
+*/
         __pyx_v__attrs = ((sftp_attributes)malloc((sizeof(struct sftp_attributes_struct))));
       }
 
@@ -1922,13 +3092,11 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         with nogil:             # <<<<<<<<<<<<<<
  *             _attrs = <c_sftp.sftp_attributes>malloc(
  *                 sizeof(c_sftp.sftp_attributes_struct))
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -1941,8 +3109,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         if _attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  *         _attrs.name = b''
- */
-  __pyx_t_1 = ((__pyx_v__attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__attrs == NULL);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_attributes.pyx":54
@@ -1951,7 +3119,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *             raise MemoryError             # <<<<<<<<<<<<<<
  *         _attrs.name = b''
  *         _attrs.longname = b''
- */
+*/
     PyErr_NoMemory(); __PYX_ERR(0, 54, __pyx_L1_error)
 
     /* "ssh/sftp_attributes.pyx":53
@@ -1960,7 +3128,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         if _attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise MemoryError
  *         _attrs.name = b''
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":55
@@ -1969,7 +3137,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.name = b''             # <<<<<<<<<<<<<<
  *         _attrs.longname = b''
  *         _attrs.flags = 0
- */
+*/
   __pyx_v__attrs->name = ((char *)"");
 
   /* "ssh/sftp_attributes.pyx":56
@@ -1978,7 +3146,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.longname = b''             # <<<<<<<<<<<<<<
  *         _attrs.flags = 0
  *         _attrs.type = 0
- */
+*/
   __pyx_v__attrs->longname = ((char *)"");
 
   /* "ssh/sftp_attributes.pyx":57
@@ -1987,7 +3155,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.flags = 0             # <<<<<<<<<<<<<<
  *         _attrs.type = 0
  *         _attrs.size = 0
- */
+*/
   __pyx_v__attrs->flags = 0;
 
   /* "ssh/sftp_attributes.pyx":58
@@ -1996,7 +3164,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.type = 0             # <<<<<<<<<<<<<<
  *         _attrs.size = 0
  *         _attrs.uid = 0
- */
+*/
   __pyx_v__attrs->type = 0;
 
   /* "ssh/sftp_attributes.pyx":59
@@ -2005,7 +3173,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.size = 0             # <<<<<<<<<<<<<<
  *         _attrs.uid = 0
  *         _attrs.gid = 0
- */
+*/
   __pyx_v__attrs->size = 0;
 
   /* "ssh/sftp_attributes.pyx":60
@@ -2014,7 +3182,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.uid = 0             # <<<<<<<<<<<<<<
  *         _attrs.gid = 0
  *         _attrs.owner = b''
- */
+*/
   __pyx_v__attrs->uid = 0;
 
   /* "ssh/sftp_attributes.pyx":61
@@ -2023,7 +3191,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.gid = 0             # <<<<<<<<<<<<<<
  *         _attrs.owner = b''
  *         _attrs.group = b''
- */
+*/
   __pyx_v__attrs->gid = 0;
 
   /* "ssh/sftp_attributes.pyx":62
@@ -2032,7 +3200,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.owner = b''             # <<<<<<<<<<<<<<
  *         _attrs.group = b''
  *         _attrs.permissions = 0
- */
+*/
   __pyx_v__attrs->owner = ((char *)"");
 
   /* "ssh/sftp_attributes.pyx":63
@@ -2041,7 +3209,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.group = b''             # <<<<<<<<<<<<<<
  *         _attrs.permissions = 0
  *         _attrs.atime64 = 0
- */
+*/
   __pyx_v__attrs->group = ((char *)"");
 
   /* "ssh/sftp_attributes.pyx":64
@@ -2050,7 +3218,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.permissions = 0             # <<<<<<<<<<<<<<
  *         _attrs.atime64 = 0
  *         _attrs.atime = 0
- */
+*/
   __pyx_v__attrs->permissions = 0;
 
   /* "ssh/sftp_attributes.pyx":65
@@ -2059,7 +3227,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.atime64 = 0             # <<<<<<<<<<<<<<
  *         _attrs.atime = 0
  *         _attrs.atime_nseconds = 0
- */
+*/
   __pyx_v__attrs->atime64 = 0;
 
   /* "ssh/sftp_attributes.pyx":66
@@ -2068,7 +3236,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.atime = 0             # <<<<<<<<<<<<<<
  *         _attrs.atime_nseconds = 0
  *         _attrs.createtime = 0
- */
+*/
   __pyx_v__attrs->atime = 0;
 
   /* "ssh/sftp_attributes.pyx":67
@@ -2077,7 +3245,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.atime_nseconds = 0             # <<<<<<<<<<<<<<
  *         _attrs.createtime = 0
  *         _attrs.createtime_nseconds = 0
- */
+*/
   __pyx_v__attrs->atime_nseconds = 0;
 
   /* "ssh/sftp_attributes.pyx":68
@@ -2086,7 +3254,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.createtime = 0             # <<<<<<<<<<<<<<
  *         _attrs.createtime_nseconds = 0
  *         _attrs.mtime64 = 0
- */
+*/
   __pyx_v__attrs->createtime = 0;
 
   /* "ssh/sftp_attributes.pyx":69
@@ -2095,7 +3263,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.createtime_nseconds = 0             # <<<<<<<<<<<<<<
  *         _attrs.mtime64 = 0
  *         _attrs.mtime = 0
- */
+*/
   __pyx_v__attrs->createtime_nseconds = 0;
 
   /* "ssh/sftp_attributes.pyx":70
@@ -2104,7 +3272,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.mtime64 = 0             # <<<<<<<<<<<<<<
  *         _attrs.mtime = 0
  *         _attrs.mtime_nseconds = 0
- */
+*/
   __pyx_v__attrs->mtime64 = 0;
 
   /* "ssh/sftp_attributes.pyx":71
@@ -2113,7 +3281,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.mtime = 0             # <<<<<<<<<<<<<<
  *         _attrs.mtime_nseconds = 0
  *         _attrs.acl = NULL
- */
+*/
   __pyx_v__attrs->mtime = 0;
 
   /* "ssh/sftp_attributes.pyx":72
@@ -2122,7 +3290,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.mtime_nseconds = 0             # <<<<<<<<<<<<<<
  *         _attrs.acl = NULL
  *         _attrs.extended_count = 0
- */
+*/
   __pyx_v__attrs->mtime_nseconds = 0;
 
   /* "ssh/sftp_attributes.pyx":73
@@ -2131,7 +3299,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.acl = NULL             # <<<<<<<<<<<<<<
  *         _attrs.extended_count = 0
  *         _attrs.extended_type = NULL
- */
+*/
   __pyx_v__attrs->acl = NULL;
 
   /* "ssh/sftp_attributes.pyx":74
@@ -2140,7 +3308,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.extended_count = 0             # <<<<<<<<<<<<<<
  *         _attrs.extended_type = NULL
  *         _attrs.extended_data = NULL
- */
+*/
   __pyx_v__attrs->extended_count = 0;
 
   /* "ssh/sftp_attributes.pyx":75
@@ -2149,7 +3317,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.extended_type = NULL             # <<<<<<<<<<<<<<
  *         _attrs.extended_data = NULL
  *         attrs = SFTPAttributes.from_ptr(_attrs, sftp)
- */
+*/
   __pyx_v__attrs->extended_type = NULL;
 
   /* "ssh/sftp_attributes.pyx":76
@@ -2158,7 +3326,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         _attrs.extended_data = NULL             # <<<<<<<<<<<<<<
  *         attrs = SFTPAttributes.from_ptr(_attrs, sftp)
  *         attrs.self_made = True
- */
+*/
   __pyx_v__attrs->extended_data = NULL;
 
   /* "ssh/sftp_attributes.pyx":77
@@ -2167,7 +3335,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         attrs = SFTPAttributes.from_ptr(_attrs, sftp)             # <<<<<<<<<<<<<<
  *         attrs.self_made = True
  *         return attrs
- */
+*/
   __pyx_t_2 = ((PyObject *)__pyx_f_3ssh_15sftp_attributes_14SFTPAttributes_from_ptr(__pyx_v__attrs, __pyx_v_sftp)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 77, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_2);
@@ -2179,7 +3347,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         attrs.self_made = True             # <<<<<<<<<<<<<<
  *         return attrs
  * 
- */
+*/
   __pyx_v_attrs->self_made = 1;
 
   /* "ssh/sftp_attributes.pyx":79
@@ -2188,19 +3356,19 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
  *         return attrs             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_attrs));
+  __Pyx_INCREF((PyObject *)__pyx_v_attrs);
   __pyx_r = ((PyObject *)__pyx_v_attrs);
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":47
+  /* "ssh/sftp_attributes.pyx":46
+ *         return _attrs
  * 
- *     @staticmethod
- *     def new_attrs(SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     def new_attrs(SFTP sftp):
  *         cdef SFTPAttributes attrs
- *         cdef c_sftp.sftp_attributes _attrs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2214,20 +3382,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs(str
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":82
+/* "ssh/sftp_attributes.pyx":81
+ *         return attrs
  * 
- *     @property
- *     def name(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def name(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4name_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4name_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2252,8 +3422,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_name = self._attrs.name
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":84
@@ -2262,7 +3432,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(
  *             return             # <<<<<<<<<<<<<<
  *         cdef bytes b_name = self._attrs.name
  *         return b_name
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -2273,7 +3443,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_name = self._attrs.name
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":85
@@ -2282,7 +3452,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(
  *         cdef bytes b_name = self._attrs.name             # <<<<<<<<<<<<<<
  *         return b_name
  * 
- */
+*/
   __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v_self->_attrs->name); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 85, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_name = ((PyObject*)__pyx_t_2);
@@ -2294,19 +3464,19 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(
  *         return b_name             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_name);
   __pyx_r = __pyx_v_b_name;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":82
+  /* "ssh/sftp_attributes.pyx":81
+ *         return attrs
  * 
- *     @property
- *     def name(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def name(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2320,20 +3490,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4name___get__(
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":89
+/* "ssh/sftp_attributes.pyx":88
+ *         return b_name
  * 
- *     @property
- *     def longname(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def longname(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_8longname_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_8longname_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2358,8 +3530,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___ge
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_longname = self._attrs.longname
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":91
@@ -2368,7 +3540,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___ge
  *             return             # <<<<<<<<<<<<<<
  *         cdef bytes b_longname = self._attrs.longname
  *         return b_longname
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -2379,7 +3551,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___ge
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_longname = self._attrs.longname
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":92
@@ -2388,7 +3560,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___ge
  *         cdef bytes b_longname = self._attrs.longname             # <<<<<<<<<<<<<<
  *         return b_longname
  * 
- */
+*/
   __pyx_t_2 = __Pyx_PyBytes_FromString(__pyx_v_self->_attrs->longname); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 92, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_v_b_longname = ((PyObject*)__pyx_t_2);
@@ -2400,19 +3572,19 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___ge
  *         return b_longname             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_longname);
   __pyx_r = __pyx_v_b_longname;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":89
+  /* "ssh/sftp_attributes.pyx":88
+ *         return b_name
  * 
- *     @property
- *     def longname(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def longname(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2426,20 +3598,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8longname___ge
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":96
+/* "ssh/sftp_attributes.pyx":95
+ *         return b_longname
  * 
- *     @property
- *     def flags(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def flags(self):
  *         return self._attrs.flags if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5flags_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5flags_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2451,7 +3625,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags___get__
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2463,13 +3638,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags___get__
  *         return self._attrs.flags if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @flags.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->flags); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 97, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->flags); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 97, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2478,18 +3654,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags___get__
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":96
+  /* "ssh/sftp_attributes.pyx":95
+ *         return b_longname
  * 
- *     @property
- *     def flags(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def flags(self):
  *         return self._attrs.flags if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.flags.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2498,26 +3674,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags___get__
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":100
+/* "ssh/sftp_attributes.pyx":99
+ *         return self._attrs.flags if self._attrs is not NULL else None
  * 
- *     @flags.setter
- *     def flags(self, uint32_t flags):             # <<<<<<<<<<<<<<
+ *     @flags.setter             # <<<<<<<<<<<<<<
+ *     def flags(self, uint32_t flags):
  *         self._attrs.flags = flags
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5flags_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_flags); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5flags_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_flags) {
   uint32_t __pyx_v_flags;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_flags); {
-    __pyx_v_flags = __Pyx_PyInt_As_uint32_t(__pyx_arg_flags); if (unlikely((__pyx_v_flags == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 100, __pyx_L3_error)
+    __pyx_v_flags = __Pyx_PyLong_As_uint32_t(__pyx_arg_flags); if (unlikely((__pyx_v_flags == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 100, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -2534,8 +3712,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5flags_3__set__(PyOb
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_flags) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":101
  *     @flags.setter
@@ -2543,37 +3719,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5flags_2__set__(stru
  *         self._attrs.flags = flags             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->flags = __pyx_v_flags;
 
-  /* "ssh/sftp_attributes.pyx":100
+  /* "ssh/sftp_attributes.pyx":99
+ *         return self._attrs.flags if self._attrs is not NULL else None
  * 
- *     @flags.setter
- *     def flags(self, uint32_t flags):             # <<<<<<<<<<<<<<
+ *     @flags.setter             # <<<<<<<<<<<<<<
+ *     def flags(self, uint32_t flags):
  *         self._attrs.flags = flags
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":104
+/* "ssh/sftp_attributes.pyx":103
+ *         self._attrs.flags = flags
  * 
- *     @property
- *     def type(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def type(self):
  *         return self._attrs.type if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4type_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4type_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2585,7 +3762,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type___get__(
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2597,13 +3775,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type___get__(
  *         return self._attrs.type if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @type.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint8_t(__pyx_v_self->_attrs->type); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 105, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint8_t(__pyx_v_self->_attrs->type); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 105, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2612,18 +3791,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type___get__(
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":104
+  /* "ssh/sftp_attributes.pyx":103
+ *         self._attrs.flags = flags
  * 
- *     @property
- *     def type(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def type(self):
  *         return self._attrs.type if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.type.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2632,26 +3811,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type___get__(
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":108
+/* "ssh/sftp_attributes.pyx":107
+ *         return self._attrs.type if self._attrs is not NULL else None
  * 
- *     @type.setter
- *     def type(self, uint8_t _type):             # <<<<<<<<<<<<<<
+ *     @type.setter             # <<<<<<<<<<<<<<
+ *     def type(self, uint8_t _type):
  *         self._attrs.type = _type
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4type_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg__type); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4type_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg__type) {
   uint8_t __pyx_v__type;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg__type); {
-    __pyx_v__type = __Pyx_PyInt_As_uint8_t(__pyx_arg__type); if (unlikely((__pyx_v__type == ((uint8_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 108, __pyx_L3_error)
+    __pyx_v__type = __Pyx_PyLong_As_uint8_t(__pyx_arg__type); if (unlikely((__pyx_v__type == ((uint8_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 108, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -2668,8 +3849,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4type_3__set__(PyObj
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint8_t __pyx_v__type) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":109
  *     @type.setter
@@ -2677,37 +3856,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4type_2__set__(struc
  *         self._attrs.type = _type             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->type = __pyx_v__type;
 
-  /* "ssh/sftp_attributes.pyx":108
+  /* "ssh/sftp_attributes.pyx":107
+ *         return self._attrs.type if self._attrs is not NULL else None
  * 
- *     @type.setter
- *     def type(self, uint8_t _type):             # <<<<<<<<<<<<<<
+ *     @type.setter             # <<<<<<<<<<<<<<
+ *     def type(self, uint8_t _type):
  *         self._attrs.type = _type
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":112
+/* "ssh/sftp_attributes.pyx":111
+ *         self._attrs.type = _type
  * 
- *     @property
- *     def size(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def size(self):
  *         return self._attrs.size if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4size_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4size_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2719,7 +3899,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size___get__(
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2731,13 +3912,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size___get__(
  *         return self._attrs.size if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @size.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_attrs->size); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 113, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_attrs->size); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 113, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2746,18 +3928,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size___get__(
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":112
+  /* "ssh/sftp_attributes.pyx":111
+ *         self._attrs.type = _type
  * 
- *     @property
- *     def size(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def size(self):
  *         return self._attrs.size if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.size.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2766,26 +3948,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size___get__(
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":116
+/* "ssh/sftp_attributes.pyx":115
+ *         return self._attrs.size if self._attrs is not NULL else None
  * 
- *     @size.setter
- *     def size(self, uint64_t size):             # <<<<<<<<<<<<<<
+ *     @size.setter             # <<<<<<<<<<<<<<
+ *     def size(self, uint64_t size):
  *         self._attrs.size = size
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4size_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_size); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4size_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_size) {
   uint64_t __pyx_v_size;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_size); {
-    __pyx_v_size = __Pyx_PyInt_As_uint64_t(__pyx_arg_size); if (unlikely((__pyx_v_size == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 116, __pyx_L3_error)
+    __pyx_v_size = __Pyx_PyLong_As_uint64_t(__pyx_arg_size); if (unlikely((__pyx_v_size == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 116, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -2802,8 +3986,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4size_3__set__(PyObj
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint64_t __pyx_v_size) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":117
  *     @size.setter
@@ -2811,37 +3993,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4size_2__set__(struc
  *         self._attrs.size = size             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->size = __pyx_v_size;
 
-  /* "ssh/sftp_attributes.pyx":116
+  /* "ssh/sftp_attributes.pyx":115
+ *         return self._attrs.size if self._attrs is not NULL else None
  * 
- *     @size.setter
- *     def size(self, uint64_t size):             # <<<<<<<<<<<<<<
+ *     @size.setter             # <<<<<<<<<<<<<<
+ *     def size(self, uint64_t size):
  *         self._attrs.size = size
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":120
+/* "ssh/sftp_attributes.pyx":119
+ *         self._attrs.size = size
  * 
- *     @property
- *     def uid(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def uid(self):
  *         return self._attrs.uid if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3uid_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3uid_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2853,7 +4036,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid___get__(s
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2865,13 +4049,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid___get__(s
  *         return self._attrs.uid if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @uid.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->uid); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->uid); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 121, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2880,18 +4065,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid___get__(s
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":120
+  /* "ssh/sftp_attributes.pyx":119
+ *         self._attrs.size = size
  * 
- *     @property
- *     def uid(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def uid(self):
  *         return self._attrs.uid if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.uid.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2900,26 +4085,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid___get__(s
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":124
+/* "ssh/sftp_attributes.pyx":123
+ *         return self._attrs.uid if self._attrs is not NULL else None
  * 
- *     @uid.setter
- *     def uid(self, uint32_t uid):             # <<<<<<<<<<<<<<
+ *     @uid.setter             # <<<<<<<<<<<<<<
+ *     def uid(self, uint32_t uid):
  *         self._attrs.uid = uid
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3uid_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_uid); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3uid_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_uid) {
   uint32_t __pyx_v_uid;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_uid); {
-    __pyx_v_uid = __Pyx_PyInt_As_uint32_t(__pyx_arg_uid); if (unlikely((__pyx_v_uid == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 124, __pyx_L3_error)
+    __pyx_v_uid = __Pyx_PyLong_As_uint32_t(__pyx_arg_uid); if (unlikely((__pyx_v_uid == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 124, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -2936,8 +4123,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3uid_3__set__(PyObje
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_uid) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":125
  *     @uid.setter
@@ -2945,37 +4130,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3uid_2__set__(struct
  *         self._attrs.uid = uid             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->uid = __pyx_v_uid;
 
-  /* "ssh/sftp_attributes.pyx":124
+  /* "ssh/sftp_attributes.pyx":123
+ *         return self._attrs.uid if self._attrs is not NULL else None
  * 
- *     @uid.setter
- *     def uid(self, uint32_t uid):             # <<<<<<<<<<<<<<
+ *     @uid.setter             # <<<<<<<<<<<<<<
+ *     def uid(self, uint32_t uid):
  *         self._attrs.uid = uid
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":128
+/* "ssh/sftp_attributes.pyx":127
+ *         self._attrs.uid = uid
  * 
- *     @property
- *     def gid(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def gid(self):
  *         return self._attrs.gid if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3gid_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3gid_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -2987,7 +4173,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid___get__(s
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2999,13 +4186,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid___get__(s
  *         return self._attrs.gid if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @gid.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->gid); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 129, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->gid); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 129, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -3014,18 +4202,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid___get__(s
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":128
+  /* "ssh/sftp_attributes.pyx":127
+ *         self._attrs.uid = uid
  * 
- *     @property
- *     def gid(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def gid(self):
  *         return self._attrs.gid if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.gid.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3034,26 +4222,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid___get__(s
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":132
+/* "ssh/sftp_attributes.pyx":131
+ *         return self._attrs.gid if self._attrs is not NULL else None
  * 
- *     @gid.setter
- *     def gid(self, uint32_t gid):             # <<<<<<<<<<<<<<
+ *     @gid.setter             # <<<<<<<<<<<<<<
+ *     def gid(self, uint32_t gid):
  *         self._attrs.gid = gid
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3gid_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_gid); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3gid_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_gid) {
   uint32_t __pyx_v_gid;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_gid); {
-    __pyx_v_gid = __Pyx_PyInt_As_uint32_t(__pyx_arg_gid); if (unlikely((__pyx_v_gid == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 132, __pyx_L3_error)
+    __pyx_v_gid = __Pyx_PyLong_As_uint32_t(__pyx_arg_gid); if (unlikely((__pyx_v_gid == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 132, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -3070,8 +4260,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3gid_3__set__(PyObje
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_gid) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":133
  *     @gid.setter
@@ -3079,37 +4267,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3gid_2__set__(struct
  *         self._attrs.gid = gid             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->gid = __pyx_v_gid;
 
-  /* "ssh/sftp_attributes.pyx":132
+  /* "ssh/sftp_attributes.pyx":131
+ *         return self._attrs.gid if self._attrs is not NULL else None
  * 
- *     @gid.setter
- *     def gid(self, uint32_t gid):             # <<<<<<<<<<<<<<
+ *     @gid.setter             # <<<<<<<<<<<<<<
+ *     def gid(self, uint32_t gid):
  *         self._attrs.gid = gid
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":136
+/* "ssh/sftp_attributes.pyx":135
+ *         self._attrs.gid = gid
  * 
- *     @property
- *     def owner(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def owner(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5owner_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5owner_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3135,8 +4324,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_owner = self._attrs.owner \
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":138
@@ -3145,7 +4334,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
  *             return             # <<<<<<<<<<<<<<
  *         cdef bytes b_owner = self._attrs.owner \
  *             if self._attrs.owner is not NULL else None
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -3156,7 +4345,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_owner = self._attrs.owner \
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":140
@@ -3165,8 +4354,9 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
  *             if self._attrs.owner is not NULL else None             # <<<<<<<<<<<<<<
  *         return b_owner
  * 
- */
-  if (((__pyx_v_self->_attrs->owner != NULL) != 0)) {
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs->owner != NULL);
+  if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":139
  *         if self._attrs is NULL:
@@ -3174,7 +4364,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
  *         cdef bytes b_owner = self._attrs.owner \             # <<<<<<<<<<<<<<
  *             if self._attrs.owner is not NULL else None
  *         return b_owner
- */
+*/
     __pyx_t_3 = __Pyx_PyBytes_FromString(__pyx_v_self->_attrs->owner); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 139, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
     __pyx_t_2 = __pyx_t_3;
@@ -3187,32 +4377,41 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
  *             if self._attrs.owner is not NULL else None             # <<<<<<<<<<<<<<
  *         return b_owner
  * 
- */
+*/
     __Pyx_INCREF(Py_None);
     __pyx_t_2 = Py_None;
   }
-  __pyx_v_b_owner = ((PyObject*)__pyx_t_2);
-  __pyx_t_2 = 0;
 
-  /* "ssh/sftp_attributes.pyx":141
- *         cdef bytes b_owner = self._attrs.owner \
+  /* "ssh/sftp_attributes.pyx":139
+ *         if self._attrs is NULL:
+ *             return
+ *         cdef bytes b_owner = self._attrs.owner \             # <<<<<<<<<<<<<<
+ *             if self._attrs.owner is not NULL else None
+ *         return b_owner
+*/
+  if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_t_2))) __PYX_ERR(0, 139, __pyx_L1_error)
+  __pyx_v_b_owner = ((PyObject*)__pyx_t_2);
+  __pyx_t_2 = 0;
+
+  /* "ssh/sftp_attributes.pyx":141
+ *         cdef bytes b_owner = self._attrs.owner \
  *             if self._attrs.owner is not NULL else None
  *         return b_owner             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_owner);
   __pyx_r = __pyx_v_b_owner;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":136
+  /* "ssh/sftp_attributes.pyx":135
+ *         self._attrs.gid = gid
  * 
- *     @property
- *     def owner(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def owner(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3227,20 +4426,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5owner___get__
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":144
+/* "ssh/sftp_attributes.pyx":143
+ *         return b_owner
  * 
- *     @property
- *     def group(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def group(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5group_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5group_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3266,8 +4467,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_group = self._attrs.group \
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":146
@@ -3276,7 +4477,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *             return             # <<<<<<<<<<<<<<
  *         cdef bytes b_group = self._attrs.group \
  *             if self._attrs.group is not NULL else None
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -3287,7 +4488,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         cdef bytes b_group = self._attrs.group \
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":148
@@ -3296,8 +4497,9 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *             if self._attrs.group is not NULL else None             # <<<<<<<<<<<<<<
  *         return b_group
  * 
- */
-  if (((__pyx_v_self->_attrs->group != NULL) != 0)) {
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs->group != NULL);
+  if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":147
  *         if self._attrs is NULL:
@@ -3305,7 +4507,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *         cdef bytes b_group = self._attrs.group \             # <<<<<<<<<<<<<<
  *             if self._attrs.group is not NULL else None
  *         return b_group
- */
+*/
     __pyx_t_3 = __Pyx_PyBytes_FromString(__pyx_v_self->_attrs->group); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 147, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
     __pyx_t_2 = __pyx_t_3;
@@ -3318,10 +4520,19 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *             if self._attrs.group is not NULL else None             # <<<<<<<<<<<<<<
  *         return b_group
  * 
- */
+*/
     __Pyx_INCREF(Py_None);
     __pyx_t_2 = Py_None;
   }
+
+  /* "ssh/sftp_attributes.pyx":147
+ *         if self._attrs is NULL:
+ *             return
+ *         cdef bytes b_group = self._attrs.group \             # <<<<<<<<<<<<<<
+ *             if self._attrs.group is not NULL else None
+ *         return b_group
+*/
+  if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_t_2))) __PYX_ERR(0, 147, __pyx_L1_error)
   __pyx_v_b_group = ((PyObject*)__pyx_t_2);
   __pyx_t_2 = 0;
 
@@ -3331,19 +4542,19 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
  *         return b_group             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __Pyx_INCREF(__pyx_v_b_group);
   __pyx_r = __pyx_v_b_group;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":144
+  /* "ssh/sftp_attributes.pyx":143
+ *         return b_owner
  * 
- *     @property
- *     def group(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def group(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3358,20 +4569,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5group___get__
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":152
+/* "ssh/sftp_attributes.pyx":151
+ *         return b_group
  * 
- *     @property
- *     def permissions(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def permissions(self):
  *         return self._attrs.permissions if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3383,7 +4596,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3395,13 +4609,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_
  *         return self._attrs.permissions if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @permissions.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->permissions); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 153, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->permissions); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 153, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -3410,18 +4625,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":152
+  /* "ssh/sftp_attributes.pyx":151
+ *         return b_group
  * 
- *     @property
- *     def permissions(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def permissions(self):
  *         return self._attrs.permissions if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.permissions.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3430,26 +4645,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":156
+/* "ssh/sftp_attributes.pyx":155
+ *         return self._attrs.permissions if self._attrs is not NULL else None
  * 
- *     @permissions.setter
- *     def permissions(self, uint32_t permissions):             # <<<<<<<<<<<<<<
+ *     @permissions.setter             # <<<<<<<<<<<<<<
+ *     def permissions(self, uint32_t permissions):
  *         self._attrs.permissions = permissions
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_permissions); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_permissions) {
   uint32_t __pyx_v_permissions;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_permissions); {
-    __pyx_v_permissions = __Pyx_PyInt_As_uint32_t(__pyx_arg_permissions); if (unlikely((__pyx_v_permissions == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 156, __pyx_L3_error)
+    __pyx_v_permissions = __Pyx_PyLong_As_uint32_t(__pyx_arg_permissions); if (unlikely((__pyx_v_permissions == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 156, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -3466,8 +4683,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_3__set
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_permissions) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":157
  *     @permissions.setter
@@ -3475,37 +4690,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_11permissions_2__set
  *         self._attrs.permissions = permissions             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->permissions = __pyx_v_permissions;
 
-  /* "ssh/sftp_attributes.pyx":156
+  /* "ssh/sftp_attributes.pyx":155
+ *         return self._attrs.permissions if self._attrs is not NULL else None
  * 
- *     @permissions.setter
- *     def permissions(self, uint32_t permissions):             # <<<<<<<<<<<<<<
+ *     @permissions.setter             # <<<<<<<<<<<<<<
+ *     def permissions(self, uint32_t permissions):
  *         self._attrs.permissions = permissions
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":160
+/* "ssh/sftp_attributes.pyx":159
+ *         self._attrs.permissions = permissions
  * 
- *     @property
- *     def atime64(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def atime64(self):
  *         return self._attrs.atime64 if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3517,7 +4733,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64___get
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3529,13 +4746,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64___get
  *         return self._attrs.atime64 if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @atime64.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_attrs->atime64); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 161, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_attrs->atime64); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 161, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -3544,18 +4762,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64___get
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":160
+  /* "ssh/sftp_attributes.pyx":159
+ *         self._attrs.permissions = permissions
  * 
- *     @property
- *     def atime64(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def atime64(self):
  *         return self._attrs.atime64 if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.atime64.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3564,26 +4782,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64___get
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":164
+/* "ssh/sftp_attributes.pyx":163
+ *         return self._attrs.atime64 if self._attrs is not NULL else None
  * 
- *     @atime64.setter
- *     def atime64(self, uint64_t atime):             # <<<<<<<<<<<<<<
+ *     @atime64.setter             # <<<<<<<<<<<<<<
+ *     def atime64(self, uint64_t atime):
  *         self._attrs.atime64 = atime
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_atime); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_atime) {
   uint64_t __pyx_v_atime;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_atime); {
-    __pyx_v_atime = __Pyx_PyInt_As_uint64_t(__pyx_arg_atime); if (unlikely((__pyx_v_atime == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 164, __pyx_L3_error)
+    __pyx_v_atime = __Pyx_PyLong_As_uint64_t(__pyx_arg_atime); if (unlikely((__pyx_v_atime == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 164, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -3600,8 +4820,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_3__set__(Py
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint64_t __pyx_v_atime) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":165
  *     @atime64.setter
@@ -3609,37 +4827,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7atime64_2__set__(st
  *         self._attrs.atime64 = atime             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->atime64 = __pyx_v_atime;
 
-  /* "ssh/sftp_attributes.pyx":164
+  /* "ssh/sftp_attributes.pyx":163
+ *         return self._attrs.atime64 if self._attrs is not NULL else None
  * 
- *     @atime64.setter
- *     def atime64(self, uint64_t atime):             # <<<<<<<<<<<<<<
+ *     @atime64.setter             # <<<<<<<<<<<<<<
+ *     def atime64(self, uint64_t atime):
  *         self._attrs.atime64 = atime
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":168
+/* "ssh/sftp_attributes.pyx":167
+ *         self._attrs.atime64 = atime
  * 
- *     @property
- *     def atime(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def atime(self):
  *         return self._attrs.atime if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5atime_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5atime_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3651,7 +4870,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime___get__
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3663,13 +4883,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime___get__
  *         return self._attrs.atime if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @atime.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->atime); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 169, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->atime); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 169, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -3678,18 +4899,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime___get__
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":168
+  /* "ssh/sftp_attributes.pyx":167
+ *         self._attrs.atime64 = atime
  * 
- *     @property
- *     def atime(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def atime(self):
  *         return self._attrs.atime if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.atime.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3698,26 +4919,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime___get__
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":172
+/* "ssh/sftp_attributes.pyx":171
+ *         return self._attrs.atime if self._attrs is not NULL else None
  * 
- *     @atime.setter
- *     def atime(self, uint32_t atime):             # <<<<<<<<<<<<<<
+ *     @atime.setter             # <<<<<<<<<<<<<<
+ *     def atime(self, uint32_t atime):
  *         self._attrs.atime = atime
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5atime_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_atime); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5atime_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_atime) {
   uint32_t __pyx_v_atime;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_atime); {
-    __pyx_v_atime = __Pyx_PyInt_As_uint32_t(__pyx_arg_atime); if (unlikely((__pyx_v_atime == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 172, __pyx_L3_error)
+    __pyx_v_atime = __Pyx_PyLong_As_uint32_t(__pyx_arg_atime); if (unlikely((__pyx_v_atime == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 172, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -3734,8 +4957,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5atime_3__set__(PyOb
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_atime) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":173
  *     @atime.setter
@@ -3743,37 +4964,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5atime_2__set__(stru
  *         self._attrs.atime = atime             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->atime = __pyx_v_atime;
 
-  /* "ssh/sftp_attributes.pyx":172
+  /* "ssh/sftp_attributes.pyx":171
+ *         return self._attrs.atime if self._attrs is not NULL else None
  * 
- *     @atime.setter
- *     def atime(self, uint32_t atime):             # <<<<<<<<<<<<<<
+ *     @atime.setter             # <<<<<<<<<<<<<<
+ *     def atime(self, uint32_t atime):
  *         self._attrs.atime = atime
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":176
+/* "ssh/sftp_attributes.pyx":175
+ *         self._attrs.atime = atime
  * 
- *     @property
- *     def atime_nseconds(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def atime_nseconds(self):
  *         return self._attrs.atime_nseconds if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3785,7 +5007,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nsecon
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3797,13 +5020,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nsecon
  *         return self._attrs.atime_nseconds if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @atime_nseconds.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->atime_nseconds); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 177, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->atime_nseconds); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 177, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -3812,18 +5036,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nsecon
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":176
+  /* "ssh/sftp_attributes.pyx":175
+ *         self._attrs.atime = atime
  * 
- *     @property
- *     def atime_nseconds(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def atime_nseconds(self):
  *         return self._attrs.atime_nseconds if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.atime_nseconds.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3832,26 +5056,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nsecon
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":180
+/* "ssh/sftp_attributes.pyx":179
+ *         return self._attrs.atime_nseconds if self._attrs is not NULL else None
  * 
- *     @atime_nseconds.setter
- *     def atime_nseconds(self, uint32_t nseconds):             # <<<<<<<<<<<<<<
+ *     @atime_nseconds.setter             # <<<<<<<<<<<<<<
+ *     def atime_nseconds(self, uint32_t nseconds):
  *         self._attrs.atime_nseconds = nseconds
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_nseconds); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_nseconds) {
   uint32_t __pyx_v_nseconds;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_nseconds); {
-    __pyx_v_nseconds = __Pyx_PyInt_As_uint32_t(__pyx_arg_nseconds); if (unlikely((__pyx_v_nseconds == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 180, __pyx_L3_error)
+    __pyx_v_nseconds = __Pyx_PyLong_As_uint32_t(__pyx_arg_nseconds); if (unlikely((__pyx_v_nseconds == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 180, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -3868,8 +5094,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_3__
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_nseconds) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":181
  *     @atime_nseconds.setter
@@ -3877,37 +5101,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14atime_nseconds_2__
  *         self._attrs.atime_nseconds = nseconds             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->atime_nseconds = __pyx_v_nseconds;
 
-  /* "ssh/sftp_attributes.pyx":180
+  /* "ssh/sftp_attributes.pyx":179
+ *         return self._attrs.atime_nseconds if self._attrs is not NULL else None
  * 
- *     @atime_nseconds.setter
- *     def atime_nseconds(self, uint32_t nseconds):             # <<<<<<<<<<<<<<
+ *     @atime_nseconds.setter             # <<<<<<<<<<<<<<
+ *     def atime_nseconds(self, uint32_t nseconds):
  *         self._attrs.atime_nseconds = nseconds
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":184
+/* "ssh/sftp_attributes.pyx":183
+ *         self._attrs.atime_nseconds = nseconds
  * 
- *     @property
- *     def createtime(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def createtime(self):
  *         return self._attrs.createtime if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -3919,7 +5144,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime__
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3931,13 +5157,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime__
  *         return self._attrs.createtime if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @createtime.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_attrs->createtime); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 185, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_attrs->createtime); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 185, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -3946,18 +5173,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime__
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":184
+  /* "ssh/sftp_attributes.pyx":183
+ *         self._attrs.atime_nseconds = nseconds
  * 
- *     @property
- *     def createtime(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def createtime(self):
  *         return self._attrs.createtime if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.createtime.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -3966,26 +5193,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime__
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":188
+/* "ssh/sftp_attributes.pyx":187
+ *         return self._attrs.createtime if self._attrs is not NULL else None
  * 
- *     @createtime.setter
- *     def createtime(self, uint64_t createtime):             # <<<<<<<<<<<<<<
+ *     @createtime.setter             # <<<<<<<<<<<<<<
+ *     def createtime(self, uint64_t createtime):
  *         self._attrs.createtime = createtime
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_createtime); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_createtime) {
   uint64_t __pyx_v_createtime;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_createtime); {
-    __pyx_v_createtime = __Pyx_PyInt_As_uint64_t(__pyx_arg_createtime); if (unlikely((__pyx_v_createtime == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 188, __pyx_L3_error)
+    __pyx_v_createtime = __Pyx_PyLong_As_uint64_t(__pyx_arg_createtime); if (unlikely((__pyx_v_createtime == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 188, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -4002,8 +5231,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_3__set_
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint64_t __pyx_v_createtime) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":189
  *     @createtime.setter
@@ -4011,37 +5238,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_10createtime_2__set_
  *         self._attrs.createtime = createtime             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->createtime = __pyx_v_createtime;
 
-  /* "ssh/sftp_attributes.pyx":188
+  /* "ssh/sftp_attributes.pyx":187
+ *         return self._attrs.createtime if self._attrs is not NULL else None
  * 
- *     @createtime.setter
- *     def createtime(self, uint64_t createtime):             # <<<<<<<<<<<<<<
+ *     @createtime.setter             # <<<<<<<<<<<<<<
+ *     def createtime(self, uint64_t createtime):
  *         self._attrs.createtime = createtime
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":192
+/* "ssh/sftp_attributes.pyx":191
+ *         self._attrs.createtime = createtime
  * 
- *     @property
- *     def createtime_nseconds(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def createtime_nseconds(self):
  *         return self._attrs.createtime_nseconds \
- *             if self._attrs is not NULL else None
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nseconds_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nseconds_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nseconds___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4053,7 +5281,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4065,7 +5294,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
  *         return self._attrs.createtime_nseconds \             # <<<<<<<<<<<<<<
  *             if self._attrs is not NULL else None
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
 
   /* "ssh/sftp_attributes.pyx":194
@@ -4074,8 +5303,9 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
  *             if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @createtime_nseconds.setter
- */
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
+*/
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
 
     /* "ssh/sftp_attributes.pyx":193
  *     @property
@@ -4083,11 +5313,11 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
  *         return self._attrs.createtime_nseconds \             # <<<<<<<<<<<<<<
  *             if self._attrs is not NULL else None
  * 
- */
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->createtime_nseconds); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 193, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+*/
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->createtime_nseconds); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 193, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
 
     /* "ssh/sftp_attributes.pyx":194
@@ -4096,7 +5326,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
  *             if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @createtime_nseconds.setter
- */
+*/
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
   }
@@ -4104,18 +5334,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":192
+  /* "ssh/sftp_attributes.pyx":191
+ *         self._attrs.createtime = createtime
  * 
- *     @property
- *     def createtime_nseconds(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def createtime_nseconds(self):
  *         return self._attrs.createtime_nseconds \
- *             if self._attrs is not NULL else None
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.createtime_nseconds.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -4124,26 +5354,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_n
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":197
+/* "ssh/sftp_attributes.pyx":196
+ *             if self._attrs is not NULL else None
  * 
- *     @createtime_nseconds.setter
- *     def createtime_nseconds(self, uint32_t nseconds):             # <<<<<<<<<<<<<<
+ *     @createtime_nseconds.setter             # <<<<<<<<<<<<<<
+ *     def createtime_nseconds(self, uint32_t nseconds):
  *         self._attrs.createtime_nseconds = nseconds
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nseconds_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_nseconds); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nseconds_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_nseconds) {
   uint32_t __pyx_v_nseconds;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_nseconds); {
-    __pyx_v_nseconds = __Pyx_PyInt_As_uint32_t(__pyx_arg_nseconds); if (unlikely((__pyx_v_nseconds == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 197, __pyx_L3_error)
+    __pyx_v_nseconds = __Pyx_PyLong_As_uint32_t(__pyx_arg_nseconds); if (unlikely((__pyx_v_nseconds == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 197, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -4160,8 +5392,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nsecond
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nseconds_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_nseconds) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":198
  *     @createtime_nseconds.setter
@@ -4169,37 +5399,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_19createtime_nsecond
  *         self._attrs.createtime_nseconds = nseconds             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->createtime_nseconds = __pyx_v_nseconds;
 
-  /* "ssh/sftp_attributes.pyx":197
+  /* "ssh/sftp_attributes.pyx":196
+ *             if self._attrs is not NULL else None
  * 
- *     @createtime_nseconds.setter
- *     def createtime_nseconds(self, uint32_t nseconds):             # <<<<<<<<<<<<<<
+ *     @createtime_nseconds.setter             # <<<<<<<<<<<<<<
+ *     def createtime_nseconds(self, uint32_t nseconds):
  *         self._attrs.createtime_nseconds = nseconds
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":201
+/* "ssh/sftp_attributes.pyx":200
+ *         self._attrs.createtime_nseconds = nseconds
  * 
- *     @property
- *     def mtime64(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def mtime64(self):
  *         return self._attrs.mtime64 if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4211,7 +5442,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64___get
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4223,13 +5455,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64___get
  *         return self._attrs.mtime64 if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @mtime64.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_attrs->mtime64); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 202, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_attrs->mtime64); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 202, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -4238,18 +5471,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64___get
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":201
+  /* "ssh/sftp_attributes.pyx":200
+ *         self._attrs.createtime_nseconds = nseconds
  * 
- *     @property
- *     def mtime64(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def mtime64(self):
  *         return self._attrs.mtime64 if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.mtime64.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -4258,26 +5491,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64___get
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":205
+/* "ssh/sftp_attributes.pyx":204
+ *         return self._attrs.mtime64 if self._attrs is not NULL else None
  * 
- *     @mtime64.setter
- *     def mtime64(self, uint64_t mtime):             # <<<<<<<<<<<<<<
+ *     @mtime64.setter             # <<<<<<<<<<<<<<
+ *     def mtime64(self, uint64_t mtime):
  *         self._attrs.mtime64 = mtime
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_mtime); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_mtime) {
   uint64_t __pyx_v_mtime;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_mtime); {
-    __pyx_v_mtime = __Pyx_PyInt_As_uint64_t(__pyx_arg_mtime); if (unlikely((__pyx_v_mtime == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 205, __pyx_L3_error)
+    __pyx_v_mtime = __Pyx_PyLong_As_uint64_t(__pyx_arg_mtime); if (unlikely((__pyx_v_mtime == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 205, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -4294,8 +5529,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_3__set__(Py
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint64_t __pyx_v_mtime) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":206
  *     @mtime64.setter
@@ -4303,37 +5536,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_7mtime64_2__set__(st
  *         self._attrs.mtime64 = mtime             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->mtime64 = __pyx_v_mtime;
 
-  /* "ssh/sftp_attributes.pyx":205
+  /* "ssh/sftp_attributes.pyx":204
+ *         return self._attrs.mtime64 if self._attrs is not NULL else None
  * 
- *     @mtime64.setter
- *     def mtime64(self, uint64_t mtime):             # <<<<<<<<<<<<<<
+ *     @mtime64.setter             # <<<<<<<<<<<<<<
+ *     def mtime64(self, uint64_t mtime):
  *         self._attrs.mtime64 = mtime
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":209
+/* "ssh/sftp_attributes.pyx":208
+ *         self._attrs.mtime64 = mtime
  * 
- *     @property
- *     def mtime(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def mtime(self):
  *         return self._attrs.mtime if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4345,7 +5579,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime___get__
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4357,13 +5592,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime___get__
  *         return self._attrs.mtime if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @mtime.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->mtime); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 210, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->mtime); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 210, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -4372,18 +5608,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime___get__
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":209
+  /* "ssh/sftp_attributes.pyx":208
+ *         self._attrs.mtime64 = mtime
  * 
- *     @property
- *     def mtime(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def mtime(self):
  *         return self._attrs.mtime if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.mtime.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -4392,26 +5628,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime___get__
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":213
+/* "ssh/sftp_attributes.pyx":212
+ *         return self._attrs.mtime if self._attrs is not NULL else None
  * 
- *     @mtime.setter
- *     def mtime(self, uint32_t mtime):             # <<<<<<<<<<<<<<
+ *     @mtime.setter             # <<<<<<<<<<<<<<
+ *     def mtime(self, uint32_t mtime):
  *         self._attrs.mtime = mtime
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_mtime); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_mtime) {
   uint32_t __pyx_v_mtime;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_mtime); {
-    __pyx_v_mtime = __Pyx_PyInt_As_uint32_t(__pyx_arg_mtime); if (unlikely((__pyx_v_mtime == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 213, __pyx_L3_error)
+    __pyx_v_mtime = __Pyx_PyLong_As_uint32_t(__pyx_arg_mtime); if (unlikely((__pyx_v_mtime == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 213, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -4428,8 +5666,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_3__set__(PyOb
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_mtime) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":214
  *     @mtime.setter
@@ -4437,37 +5673,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_5mtime_2__set__(stru
  *         self._attrs.mtime = mtime             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->mtime = __pyx_v_mtime;
 
-  /* "ssh/sftp_attributes.pyx":213
+  /* "ssh/sftp_attributes.pyx":212
+ *         return self._attrs.mtime if self._attrs is not NULL else None
  * 
- *     @mtime.setter
- *     def mtime(self, uint32_t mtime):             # <<<<<<<<<<<<<<
+ *     @mtime.setter             # <<<<<<<<<<<<<<
+ *     def mtime(self, uint32_t mtime):
  *         self._attrs.mtime = mtime
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":217
+/* "ssh/sftp_attributes.pyx":216
+ *         self._attrs.mtime = mtime
  * 
- *     @property
- *     def mtime_nseconds(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def mtime_nseconds(self):
  *         return self._attrs.mtime_nseconds if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4479,7 +5716,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nsecon
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4491,13 +5729,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nsecon
  *         return self._attrs.mtime_nseconds if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @mtime_nseconds.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->mtime_nseconds); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 218, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->mtime_nseconds); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 218, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -4506,18 +5745,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nsecon
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":217
+  /* "ssh/sftp_attributes.pyx":216
+ *         self._attrs.mtime = mtime
  * 
- *     @property
- *     def mtime_nseconds(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def mtime_nseconds(self):
  *         return self._attrs.mtime_nseconds if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.mtime_nseconds.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -4526,26 +5765,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nsecon
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":221
+/* "ssh/sftp_attributes.pyx":220
+ *         return self._attrs.mtime_nseconds if self._attrs is not NULL else None
  * 
- *     @mtime_nseconds.setter
- *     def mtime_nseconds(self, uint32_t nseconds):             # <<<<<<<<<<<<<<
+ *     @mtime_nseconds.setter             # <<<<<<<<<<<<<<
+ *     def mtime_nseconds(self, uint32_t nseconds):
  *         self._attrs.mtime_nseconds = nseconds
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_nseconds); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_nseconds) {
   uint32_t __pyx_v_nseconds;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_nseconds); {
-    __pyx_v_nseconds = __Pyx_PyInt_As_uint32_t(__pyx_arg_nseconds); if (unlikely((__pyx_v_nseconds == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 221, __pyx_L3_error)
+    __pyx_v_nseconds = __Pyx_PyLong_As_uint32_t(__pyx_arg_nseconds); if (unlikely((__pyx_v_nseconds == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 221, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -4562,8 +5803,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_3__
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_nseconds) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":222
  *     @mtime_nseconds.setter
@@ -4571,37 +5810,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14mtime_nseconds_2__
  *         self._attrs.mtime_nseconds = nseconds             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->mtime_nseconds = __pyx_v_nseconds;
 
-  /* "ssh/sftp_attributes.pyx":221
+  /* "ssh/sftp_attributes.pyx":220
+ *         return self._attrs.mtime_nseconds if self._attrs is not NULL else None
  * 
- *     @mtime_nseconds.setter
- *     def mtime_nseconds(self, uint32_t nseconds):             # <<<<<<<<<<<<<<
+ *     @mtime_nseconds.setter             # <<<<<<<<<<<<<<
+ *     def mtime_nseconds(self, uint32_t nseconds):
  *         self._attrs.mtime_nseconds = nseconds
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":225
+/* "ssh/sftp_attributes.pyx":224
+ *         self._attrs.mtime_nseconds = nseconds
  * 
- *     @property
- *     def acl(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def acl(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3acl_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_3acl_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4625,8 +5865,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(s
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return ssh_string_to_bytes(self._attrs.acl)
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":227
@@ -4635,7 +5875,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(s
  *             return             # <<<<<<<<<<<<<<
  *         return ssh_string_to_bytes(self._attrs.acl)
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -4646,7 +5886,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(s
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return ssh_string_to_bytes(self._attrs.acl)
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":228
@@ -4655,7 +5895,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(s
  *         return ssh_string_to_bytes(self._attrs.acl)             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_2 = __pyx_f_3ssh_5utils_ssh_string_to_bytes(__pyx_v_self->_attrs->acl); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 228, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
@@ -4663,13 +5903,13 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(s
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":225
+  /* "ssh/sftp_attributes.pyx":224
+ *         self._attrs.mtime_nseconds = nseconds
  * 
- *     @property
- *     def acl(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def acl(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4682,20 +5922,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_3acl___get__(s
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":231
+/* "ssh/sftp_attributes.pyx":230
+ *         return ssh_string_to_bytes(self._attrs.acl)
  * 
- *     @property
- *     def extended_count(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def extended_count(self):
  *         return self._attrs.extended_count if self._attrs is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4707,7 +5949,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_cou
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4719,13 +5962,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_cou
  *         return self._attrs.extended_count if self._attrs is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @extended_count.setter
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_attrs != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint32_t(__pyx_v_self->_attrs->extended_count); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 232, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_attrs != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint32_t(__pyx_v_self->_attrs->extended_count); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 232, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -4734,18 +5978,18 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_cou
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":231
+  /* "ssh/sftp_attributes.pyx":230
+ *         return ssh_string_to_bytes(self._attrs.acl)
  * 
- *     @property
- *     def extended_count(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def extended_count(self):
  *         return self._attrs.extended_count if self._attrs is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.extended_count.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -4754,26 +5998,28 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_cou
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":235
+/* "ssh/sftp_attributes.pyx":234
+ *         return self._attrs.extended_count if self._attrs is not NULL else None
  * 
- *     @extended_count.setter
- *     def extended_count(self, uint32_t count):             # <<<<<<<<<<<<<<
+ *     @extended_count.setter             # <<<<<<<<<<<<<<
+ *     def extended_count(self, uint32_t count):
  *         self._attrs.extended_count = count
- * 
- */
+*/
 
 /* Python wrapper */
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_count); /*proto*/
 static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_3__set__(PyObject *__pyx_v_self, PyObject *__pyx_arg_count) {
   uint32_t __pyx_v_count;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   int __pyx_r;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__set__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   assert(__pyx_arg_count); {
-    __pyx_v_count = __Pyx_PyInt_As_uint32_t(__pyx_arg_count); if (unlikely((__pyx_v_count == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 235, __pyx_L3_error)
+    __pyx_v_count = __Pyx_PyLong_As_uint32_t(__pyx_arg_count); if (unlikely((__pyx_v_count == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 235, __pyx_L3_error)
   }
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
@@ -4790,8 +6036,6 @@ static int __pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_3__
 
 static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_2__set__(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, uint32_t __pyx_v_count) {
   int __pyx_r;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__set__", 0);
 
   /* "ssh/sftp_attributes.pyx":236
  *     @extended_count.setter
@@ -4799,37 +6043,38 @@ static int __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_14extended_count_2__
  *         self._attrs.extended_count = count             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __pyx_v_self->_attrs->extended_count = __pyx_v_count;
 
-  /* "ssh/sftp_attributes.pyx":235
+  /* "ssh/sftp_attributes.pyx":234
+ *         return self._attrs.extended_count if self._attrs is not NULL else None
  * 
- *     @extended_count.setter
- *     def extended_count(self, uint32_t count):             # <<<<<<<<<<<<<<
+ *     @extended_count.setter             # <<<<<<<<<<<<<<
+ *     def extended_count(self, uint32_t count):
  *         self._attrs.extended_count = count
- * 
- */
+*/
 
   /* function exit code */
   __pyx_r = 0;
-  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":239
+/* "ssh/sftp_attributes.pyx":238
+ *         self._attrs.extended_count = count
  * 
- *     @property
- *     def extended_type(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def extended_type(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_13extended_type_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_13extended_type_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_type___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4853,8 +6098,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_typ
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return ssh_string_to_bytes(self._attrs.extended_type)
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":241
@@ -4863,7 +6108,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_typ
  *             return             # <<<<<<<<<<<<<<
  *         return ssh_string_to_bytes(self._attrs.extended_type)
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -4874,7 +6119,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_typ
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return ssh_string_to_bytes(self._attrs.extended_type)
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":242
@@ -4883,7 +6128,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_typ
  *         return ssh_string_to_bytes(self._attrs.extended_type)             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_2 = __pyx_f_3ssh_5utils_ssh_string_to_bytes(__pyx_v_self->_attrs->extended_type); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 242, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
@@ -4891,13 +6136,13 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_typ
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":239
+  /* "ssh/sftp_attributes.pyx":238
+ *         self._attrs.extended_count = count
  * 
- *     @property
- *     def extended_type(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def extended_type(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4910,20 +6155,22 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_typ
   return __pyx_r;
 }
 
-/* "ssh/sftp_attributes.pyx":245
+/* "ssh/sftp_attributes.pyx":244
+ *         return ssh_string_to_bytes(self._attrs.extended_type)
  * 
- *     @property
- *     def extended_data(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def extended_data(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_13extended_data_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_13extended_data_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_data___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -4947,8 +6194,8 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_dat
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return ssh_string_to_bytes(self._attrs.extended_data)
- */
-  __pyx_t_1 = ((__pyx_v_self->_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_attrs == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_attributes.pyx":247
@@ -4956,7 +6203,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_dat
  *         if self._attrs is NULL:
  *             return             # <<<<<<<<<<<<<<
  *         return ssh_string_to_bytes(self._attrs.extended_data)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = Py_None; __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -4967,14 +6214,14 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_dat
  *         if self._attrs is NULL:             # <<<<<<<<<<<<<<
  *             return
  *         return ssh_string_to_bytes(self._attrs.extended_data)
- */
+*/
   }
 
   /* "ssh/sftp_attributes.pyx":248
  *         if self._attrs is NULL:
  *             return
  *         return ssh_string_to_bytes(self._attrs.extended_data)             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_2 = __pyx_f_3ssh_5utils_ssh_string_to_bytes(__pyx_v_self->_attrs->extended_data); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 248, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
@@ -4982,13 +6229,13 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_dat
   __pyx_t_2 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_attributes.pyx":245
+  /* "ssh/sftp_attributes.pyx":244
+ *         return ssh_string_to_bytes(self._attrs.extended_type)
  * 
- *     @property
- *     def extended_data(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def extended_data(self):
  *         if self._attrs is NULL:
- *             return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5007,14 +6254,16 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_13extended_dat
  *     cdef readonly SFTP sftp             # <<<<<<<<<<<<<<
  *     cdef bint self_made
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4sftp_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_4sftp_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4sftp___get__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -5027,7 +6276,7 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4sftp___get__(
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->sftp);
   __pyx_r = ((PyObject *)__pyx_v_self->sftp);
   goto __pyx_L0;
 
@@ -5040,17 +6289,46 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_4sftp___get__(
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__[] = "SFTPAttributes.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__, "SFTPAttributes.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self));
 
   /* function exit code */
@@ -5061,7 +6339,6 @@ static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cyth
 static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5069,25 +6346,21 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cyth
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -5097,21 +6370,93 @@ static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cyth
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__[] = "SFTPAttributes.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__, "SFTPAttributes.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__(((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5119,54 +6464,55 @@ static PyObject *__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cy
 static PyObject *__pyx_pf_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_no_default___reduce___due_to_non, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_attributes.SFTPAttributes.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes __pyx_vtable_3ssh_15sftp_attributes_SFTPAttributes;
 
 static PyObject *__pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes;
   p->sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)Py_None); Py_INCREF(Py_None);
-  if (unlikely(__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_1__cinit__(o, __pyx_empty_tuple, NULL) < 0)) goto bad;
+  if (unlikely(__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_1__cinit__(o, __pyx_mstate_global->__pyx_empty_tuple, NULL) < 0)) goto bad;
   return o;
   bad:
   Py_DECREF(o); o = 0;
@@ -5176,8 +6522,10 @@ static PyObject *__pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes(PyTypeObject
 static void __pyx_tp_dealloc_3ssh_15sftp_attributes_SFTPAttributes(PyObject *o) {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *p = (struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_15sftp_attributes_SFTPAttributes) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -5190,12 +6538,23 @@ static void __pyx_tp_dealloc_3ssh_15sftp_attributes_SFTPAttributes(PyObject *o)
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->sftp);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_15sftp_attributes_SFTPAttributes(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *p = (struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->sftp) {
     e = (*v)(((PyObject *)p->sftp), a); if (e) return e;
   }
@@ -5454,42 +6813,60 @@ static PyObject *__pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_sftp(PyOb
 }
 
 static PyMethodDef __pyx_methods_3ssh_15sftp_attributes_SFTPAttributes[] = {
-  {"new_attrs", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__, METH_O, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__},
+  {"new_attrs", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_4new_attrs},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_6__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_15sftp_attributes_14SFTPAttributes_8__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_15sftp_attributes_SFTPAttributes[] = {
-  {(char *)"name", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_name, 0, (char *)0, 0},
-  {(char *)"longname", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_longname, 0, (char *)0, 0},
-  {(char *)"flags", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_flags, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_flags, (char *)0, 0},
-  {(char *)"type", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_type, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_type, (char *)0, 0},
-  {(char *)"size", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_size, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_size, (char *)0, 0},
-  {(char *)"uid", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_uid, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_uid, (char *)0, 0},
-  {(char *)"gid", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_gid, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_gid, (char *)0, 0},
-  {(char *)"owner", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_owner, 0, (char *)0, 0},
-  {(char *)"group", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_group, 0, (char *)0, 0},
-  {(char *)"permissions", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_permissions, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_permissions, (char *)0, 0},
-  {(char *)"atime64", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_atime64, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_atime64, (char *)0, 0},
-  {(char *)"atime", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_atime, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_atime, (char *)0, 0},
-  {(char *)"atime_nseconds", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_atime_nseconds, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_atime_nseconds, (char *)0, 0},
-  {(char *)"createtime", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime, (char *)0, 0},
-  {(char *)"createtime_nseconds", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime_nseconds, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime_nseconds, (char *)0, 0},
-  {(char *)"mtime64", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime64, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime64, (char *)0, 0},
-  {(char *)"mtime", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime, (char *)0, 0},
-  {(char *)"mtime_nseconds", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime_nseconds, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime_nseconds, (char *)0, 0},
-  {(char *)"acl", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_acl, 0, (char *)0, 0},
-  {(char *)"extended_count", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_count, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_count, (char *)0, 0},
-  {(char *)"extended_type", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_type, 0, (char *)0, 0},
-  {(char *)"extended_data", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_data, 0, (char *)0, 0},
-  {(char *)"sftp", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_sftp, 0, (char *)0, 0},
+  {"name", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_name, 0, 0, 0},
+  {"longname", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_longname, 0, 0, 0},
+  {"flags", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_flags, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_flags, 0, 0},
+  {"type", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_type, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_type, 0, 0},
+  {"size", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_size, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_size, 0, 0},
+  {"uid", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_uid, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_uid, 0, 0},
+  {"gid", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_gid, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_gid, 0, 0},
+  {"owner", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_owner, 0, 0, 0},
+  {"group", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_group, 0, 0, 0},
+  {"permissions", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_permissions, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_permissions, 0, 0},
+  {"atime64", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_atime64, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_atime64, 0, 0},
+  {"atime", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_atime, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_atime, 0, 0},
+  {"atime_nseconds", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_atime_nseconds, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_atime_nseconds, 0, 0},
+  {"createtime", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime, 0, 0},
+  {"createtime_nseconds", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime_nseconds, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_createtime_nseconds, 0, 0},
+  {"mtime64", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime64, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime64, 0, 0},
+  {"mtime", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime, 0, 0},
+  {"mtime_nseconds", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime_nseconds, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_mtime_nseconds, 0, 0},
+  {"acl", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_acl, 0, 0, 0},
+  {"extended_count", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_count, __pyx_setprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_count, 0, 0},
+  {"extended_type", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_type, 0, 0, 0},
+  {"extended_data", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_extended_data, 0, 0, 0},
+  {"sftp", __pyx_getprop_3ssh_15sftp_attributes_14SFTPAttributes_sftp, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_15sftp_attributes_SFTPAttributes_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_15sftp_attributes_SFTPAttributes},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_15sftp_attributes_SFTPAttributes},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_15sftp_attributes_SFTPAttributes},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_15sftp_attributes_SFTPAttributes},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_15sftp_attributes_SFTPAttributes},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_15sftp_attributes_SFTPAttributes_spec = {
+  "ssh.sftp_attributes.SFTPAttributes",
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_15sftp_attributes_SFTPAttributes_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_15sftp_attributes_SFTPAttributes = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.sftp_attributes.SFTPAttributes", /*tp_name*/
+  "ssh.sftp_attributes.""SFTPAttributes", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_15sftp_attributes_SFTPAttributes, /*tp_dealloc*/
@@ -5501,12 +6878,7 @@ static PyTypeObject __pyx_type_3ssh_15sftp_attributes_SFTPAttributes = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -5532,7 +6904,9 @@ static PyTypeObject __pyx_type_3ssh_15sftp_attributes_SFTPAttributes = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_15sftp_attributes_SFTPAttributes, /*tp_new*/
@@ -5545,181 +6919,77 @@ static PyTypeObject __pyx_type_3ssh_15sftp_attributes_SFTPAttributes = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 
 static PyMethodDef __pyx_methods[] = {
   {0, 0, 0, 0}
 };
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
+  /*--- Global init code ---*/
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
 
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_sftp_attributes(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp_attributes},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "sftp_attributes",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
-  #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
-  #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
-
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPAttributes, __pyx_k_SFTPAttributes, sizeof(__pyx_k_SFTPAttributes), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_attrs, __pyx_k_attrs, sizeof(__pyx_k_attrs), 0, 0, 1, 1},
-  {&__pyx_n_s_attrs_2, __pyx_k_attrs_2, sizeof(__pyx_k_attrs_2), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_new_attrs, __pyx_k_new_attrs, sizeof(__pyx_k_new_attrs), 0, 0, 1, 1},
-  {&__pyx_kp_s_no_default___reduce___due_to_non, __pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 0, 1, 0},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_sftp, __pyx_k_sftp, sizeof(__pyx_k_sftp), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_sftp_attributes, __pyx_k_ssh_sftp_attributes, sizeof(__pyx_k_ssh_sftp_attributes), 0, 0, 1, 1},
-  {&__pyx_kp_s_ssh_sftp_attributes_pyx, __pyx_k_ssh_sftp_attributes_pyx, sizeof(__pyx_k_ssh_sftp_attributes_pyx), 0, 0, 1, 0},
-  {&__pyx_n_s_staticmethod, __pyx_k_staticmethod, sizeof(__pyx_k_staticmethod), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_staticmethod = __Pyx_GetBuiltinName(__pyx_n_s_staticmethod); if (!__pyx_builtin_staticmethod) __PYX_ERR(0, 46, __pyx_L1_error)
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 54, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple_)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("no default __reduce__ due to non-trivial __cinit__")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_no_default___reduce___due_to_non); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-
-  /* "ssh/sftp_attributes.pyx":47
- * 
- *     @staticmethod
- *     def new_attrs(SFTP sftp):             # <<<<<<<<<<<<<<
- *         cdef SFTPAttributes attrs
- *         cdef c_sftp.sftp_attributes _attrs
- */
-  __pyx_tuple__3 = PyTuple_Pack(3, __pyx_n_s_sftp, __pyx_n_s_attrs, __pyx_n_s_attrs_2); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__3);
-  __Pyx_GIVEREF(__pyx_tuple__3);
-  __pyx_codeobj__4 = (PyObject*)__Pyx_PyCode_New(1, 0, 3, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple__3, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_sftp_attributes_pyx, __pyx_n_s_new_attrs, 47, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__4)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
-  /*--- Global init code ---*/
-  __Pyx_RefNannyFinishContext();
-  return 0;
-}
-
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5727,17 +6997,26 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes = &__pyx_vtable_3ssh_15sftp_attributes_SFTPAttributes;
   __pyx_vtable_3ssh_15sftp_attributes_SFTPAttributes.from_ptr = (struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *(*)(sftp_attributes, struct __pyx_obj_3ssh_4sftp_SFTP *))__pyx_f_3ssh_15sftp_attributes_14SFTPAttributes_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_15sftp_attributes_SFTPAttributes.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_15sftp_attributes_SFTPAttributes_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes)) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_15sftp_attributes_SFTPAttributes_spec, __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = &__pyx_type_3ssh_15sftp_attributes_SFTPAttributes;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_15sftp_attributes_SFTPAttributes.tp_dictoffset && __pyx_type_3ssh_15sftp_attributes_SFTPAttributes.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_15sftp_attributes_SFTPAttributes.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_15sftp_attributes_SFTPAttributes.tp_dict, __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SFTPAttributes, (PyObject *)&__pyx_type_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
-  __pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = &__pyx_type_3ssh_15sftp_attributes_SFTPAttributes;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SFTPAttributes, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -5745,8 +7024,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -5755,14 +7035,28 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType(__pyx_t_1, "ssh.sftp", "SFTP", sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(3, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_ptype_3ssh_4sftp_SFTP->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp", "SFTP",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #else
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(3, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -5772,16 +7066,18 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -5790,7 +7086,7 @@ static int __Pyx_modinit_function_import_code(void) {
   /*--- Function import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.utils"); if (!__pyx_t_1) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  if (__Pyx_ImportFunction(__pyx_t_1, "ssh_string_to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_ssh_string_to_bytes, "PyObject *(ssh_string)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_ImportFunction_3_1_4(__pyx_t_1, "ssh_string_to_bytes", (void (**)(void))&__pyx_f_3ssh_5utils_ssh_string_to_bytes, "PyObject *(ssh_string)") < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -5800,50 +7096,121 @@ static int __Pyx_modinit_function_import_code(void) {
   return -1;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_sftp_attributes(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp_attributes},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "sftp_attributes",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initsftp_attributes(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initsftp_attributes(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_sftp_attributes(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_sftp_attributes(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -5851,7 +7218,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -5866,10 +7235,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -5892,10 +7264,18 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp_attributes(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
+  PyObject *__pyx_t_4 = NULL;
+  PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5906,9 +7286,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp_attributes(PyObject *__pyx_py
     PyErr_SetString(PyExc_RuntimeError, "Module 'sftp_attributes' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "sftp_attributes" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -5918,101 +7326,61 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_sftp_attributes(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_sftp_attributes", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("sftp_attributes", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__sftp_attributes) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.sftp_attributes")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.sftp_attributes", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.sftp_attributes", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  if (unlikely(__Pyx_modinit_function_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-
-  /* "ssh/sftp_attributes.pyx":47
- * 
- *     @staticmethod
- *     def new_attrs(SFTP sftp):             # <<<<<<<<<<<<<<
- *         cdef SFTPAttributes attrs
- *         cdef c_sftp.sftp_attributes _attrs
- */
-  __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs, NULL, __pyx_n_s_ssh_sftp_attributes); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem((PyObject *)__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_dict, __pyx_n_s_new_attrs, __pyx_t_1) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  PyType_Modified(__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
 
   /* "ssh/sftp_attributes.pyx":46
  *         return _attrs
@@ -6020,37 +7388,83 @@ if (!__Pyx_RefNanny) {
  *     @staticmethod             # <<<<<<<<<<<<<<
  *     def new_attrs(SFTP sftp):
  *         cdef SFTPAttributes attrs
- */
-  __Pyx_GetNameInClass(__pyx_t_1, (PyObject *)__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, __pyx_n_s_new_attrs); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __pyx_t_2 = __Pyx_PyObject_CallOneArg(__pyx_builtin_staticmethod, __pyx_t_1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 46, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_5new_attrs, __Pyx_CYFUNCTION_STATICMETHOD | __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPAttributes_new_attrs, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_attributes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 46, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  if (PyDict_SetItem((PyObject *)__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_dict, __pyx_n_s_new_attrs, __pyx_t_2) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, __pyx_mstate_global->__pyx_n_u_new_attrs, __pyx_t_2) < 0) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_3 = NULL;
+  __Pyx_INCREF(__pyx_builtin_staticmethod);
+  __pyx_t_4 = __pyx_builtin_staticmethod; 
+  __Pyx_GetNameInClass(__pyx_t_5, (PyObject*)__pyx_mstate_global->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, __pyx_mstate_global->__pyx_n_u_new_attrs); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_6 = 1;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+    __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 46, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_2);
+  }
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes, __pyx_mstate_global->__pyx_n_u_new_attrs, __pyx_t_2) < 0) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_7__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPAttributes___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_attributes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "no default __reduce__ due to non-trivial __cinit__"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_15sftp_attributes_14SFTPAttributes_9__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPAttributes___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_attributes, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  PyType_Modified(__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
 
   /* "ssh/sftp_attributes.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
+*/
   __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
+  __Pyx_XDECREF(__pyx_t_4);
+  __Pyx_XDECREF(__pyx_t_5);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.sftp_attributes", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.sftp_attributes");
   }
@@ -6058,12 +7472,204 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_SFTPAttributes, sizeof(__pyx_k_SFTPAttributes), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPAttributes */
+  {__pyx_k_SFTPAttributes___reduce_cython, sizeof(__pyx_k_SFTPAttributes___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPAttributes___reduce_cython */
+  {__pyx_k_SFTPAttributes___setstate_cython, sizeof(__pyx_k_SFTPAttributes___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPAttributes___setstate_cython */
+  {__pyx_k_SFTPAttributes_new_attrs, sizeof(__pyx_k_SFTPAttributes_new_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPAttributes_new_attrs */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_attrs, sizeof(__pyx_k_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_attrs */
+  {__pyx_k_attrs_2, sizeof(__pyx_k_attrs_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_attrs_2 */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_dict, sizeof(__pyx_k_dict), 0, 1, 1}, /* PyObject cname: __pyx_n_u_dict */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_new_attrs, sizeof(__pyx_k_new_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_new_attrs */
+  {__pyx_k_no_default___reduce___due_to_non, sizeof(__pyx_k_no_default___reduce___due_to_non), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_no_default___reduce___due_to_non */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_sftp, sizeof(__pyx_k_sftp), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sftp */
+  {__pyx_k_ssh_sftp_attributes, sizeof(__pyx_k_ssh_sftp_attributes), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_sftp_attributes */
+  {__pyx_k_ssh_sftp_attributes_pyx, sizeof(__pyx_k_ssh_sftp_attributes_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_sftp_attributes_pyx */
+  {__pyx_k_staticmethod, sizeof(__pyx_k_staticmethod), 0, 1, 1}, /* PyObject cname: __pyx_n_u_staticmethod */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_staticmethod = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_staticmethod); if (!__pyx_builtin_staticmethod) __PYX_ERR(0, 46, __pyx_L1_error)
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 54, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 2;
+            unsigned int flags : 10;
+            unsigned int first_line : 6;
+            unsigned int line_table_length : 13;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 46, 215};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_sftp, __pyx_mstate->__pyx_n_u_attrs, __pyx_mstate->__pyx_n_u_attrs_2};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_attributes_pyx, __pyx_mstate->__pyx_n_u_new_attrs, __pyx_k_A_V1_7_Q_ha_l_iq_ha_ha_gQ_gQ_iq, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -6083,253 +7689,43 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
-}
-#endif
-
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
-    }
-    return result;
-}
-
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
-{
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-    if (exact) {
-        more_or_less = "exactly";
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
     }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+    return 0;
 }
-
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
-{
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
-#if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
 #else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
-    }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    return 0;
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
 #endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
     #endif
-    return 0;
-}
-
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
-{
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
-}
-
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
-        }
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
     }
-    return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
     #endif
-bad:
-    return -1;
-}
-
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
-{
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
-    }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
-    }
-    else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
-    }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
-    return 0;
-}
-
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
-    }
     return result;
 }
 #endif
@@ -6337,6 +7733,21 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 /* PyErrFetchRestore */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     tmp_type = tstate->curexc_type;
     tmp_value = tstate->curexc_value;
@@ -6347,72 +7758,1200 @@ static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObjec
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+#endif
 }
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
     *type = tstate->curexc_type;
     *value = tstate->curexc_value;
     *tb = tstate->curexc_traceback;
     tstate->curexc_type = 0;
     tstate->curexc_value = 0;
     tstate->curexc_traceback = 0;
+#endif
 }
 #endif
 
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
     __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
 #endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
         }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+#endif
 }
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
 #else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
+        }
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
+    }
+#endif
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* RaiseUnexpectedTypeError */
+static int
+__Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj)
+{
+    __Pyx_TypeName obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError, "Expected %s, got " __Pyx_FMT_TYPENAME,
+                 expected, obj_type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
     if (tb == Py_None) {
         tb = 0;
     } else if (tb && !PyTraceBack_Check(tb)) {
@@ -6420,401 +8959,2219 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
             "raise: arg 3 must be a traceback or None");
         goto bad;
     }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
+#endif
+}
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
+}
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
         }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
         }
-    } else {
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
         PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
         } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
+            result = Py_None;
         }
-        PyException_SetCause(value, fixed_cause);
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
 #else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
         }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
 #endif
-    }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
 #endif
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
+    }
 #endif
-    return NULL;
+    return (PyObject *) op;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
-    }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
     {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
-    }
-    return descr;
-}
-#endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
-}
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
-#else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
     return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
 }
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
-    }
-#endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
-}
-static int __Pyx_setup_reduce(PyObject* type_obj) {
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
     int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
-#else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
     }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
+        break;
+    default:
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
-#endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
-    }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
-    }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
+    }
+    return op;
 }
 
 /* PyDictVersioning */
@@ -6851,25 +11208,26 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
 #endif
 {
     PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
         return NULL;
     }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = PyObject_GetAttr(__pyx_m, name);
     if (likely(result)) {
-        return __Pyx_NewRef(result);
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
     }
-#endif
 #else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
     if (likely(result)) {
         return __Pyx_NewRef(result);
     }
@@ -6879,251 +11237,57 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
 }
 
 /* GetNameInClass */
-static PyObject *__Pyx_GetGlobalNameAfterAttributeLookup(PyObject *name) {
-    PyObject *result;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (unlikely(!__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        return NULL;
-    __Pyx_PyErr_Clear();
-    __Pyx_GetModuleGlobalNameUncached(result, name);
-    return result;
-}
 static PyObject *__Pyx__GetNameInClass(PyObject *nmspace, PyObject *name) {
     PyObject *result;
-    result = __Pyx_PyObject_GetAttrStr(nmspace, name);
-    if (!result) {
-        result = __Pyx_GetGlobalNameAfterAttributeLookup(name);
-    }
-    return result;
-}
-
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
-    }
-}
-#endif
-
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
-        return NULL;
-    }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
-    }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
-    return result;
-}
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
-#endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
-    }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
-#endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
-        }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
-        }
-    }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
-        }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
-        }
-        nk = i / 2;
-    }
-    else {
-        kwtuple = NULL;
-        k = NULL;
-    }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
-#endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
-    }
-    else {
-        d = NULL;
-        nd = 0;
-    }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
+    PyObject *dict;
+    assert(PyType_Check(nmspace));
+#if CYTHON_USE_TYPE_SLOTS
+    dict = ((PyTypeObject*)nmspace)->tp_dict;
+    Py_XINCREF(dict);
 #else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
-}
-#endif
-#endif
-
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
-    }
-    return result;
-}
-#endif
-
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
-    }
-#endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
+    dict = PyObject_GetAttr(nmspace, __pyx_mstate_global->__pyx_n_u_dict);
 #endif
+    if (likely(dict)) {
+        result = PyObject_GetItem(dict, name);
+        Py_DECREF(dict);
+        if (result) {
+            return result;
         }
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
-}
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
+    PyErr_Clear();
+    __Pyx_GetModuleGlobalNameUncached(result, name);
     return result;
 }
-#endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -7132,11 +11296,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -7164,130 +11329,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -7318,7 +11549,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -7328,6 +11559,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -7352,7 +11584,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7362,179 +11594,237 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint32_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint32_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint32_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint32_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint32_t) -1;
+        val = __Pyx_PyLong_As_uint32_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint32_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint32_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint32_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint32_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint32_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint32_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint32_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint32_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint32_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint32_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint32_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint32_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint32_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint32_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint32_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint32_t) 1) << (sizeof(uint32_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint32_t) -1;
-        }
-    } else {
-        uint32_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint32_t) -1;
-        val = __Pyx_PyInt_As_uint32_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7548,7 +11838,7 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint8_t __Pyx_PyInt_As_uint8_t(PyObject *x) {
+static CYTHON_INLINE uint8_t __Pyx_PyLong_As_uint8_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7558,179 +11848,237 @@ static CYTHON_INLINE uint8_t __Pyx_PyInt_As_uint8_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint8_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint8_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint8_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint8_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint8_t) -1;
+        val = __Pyx_PyLong_As_uint8_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint8_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint8_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint8_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint8_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) >= 2 * PyLong_SHIFT)) {
                             return (uint8_t) (((((uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint8_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) >= 3 * PyLong_SHIFT)) {
                             return (uint8_t) (((((((uint8_t)digits[2]) << PyLong_SHIFT) | (uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint8_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) >= 4 * PyLong_SHIFT)) {
                             return (uint8_t) (((((((((uint8_t)digits[3]) << PyLong_SHIFT) | (uint8_t)digits[2]) << PyLong_SHIFT) | (uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint8_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint8_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint8_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint8_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint8_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint8_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint8_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint8_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint8_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint8_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint8_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint8_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint8_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint8_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint8_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint8_t) (((uint8_t)-1)*(((((uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint8_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint8_t) ((((((uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint8_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint8_t) (((uint8_t)-1)*(((((((uint8_t)digits[2]) << PyLong_SHIFT) | (uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint8_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint8_t) ((((((((uint8_t)digits[2]) << PyLong_SHIFT) | (uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint8_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint8_t) (((uint8_t)-1)*(((((((((uint8_t)digits[3]) << PyLong_SHIFT) | (uint8_t)digits[2]) << PyLong_SHIFT) | (uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint8_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint8_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint8_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint8_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint8_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint8_t) ((((((((((uint8_t)digits[3]) << PyLong_SHIFT) | (uint8_t)digits[2]) << PyLong_SHIFT) | (uint8_t)digits[1]) << PyLong_SHIFT) | (uint8_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint8_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint8_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint8_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint8_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint8_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint8_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint8_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint8_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint8_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint8_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint8_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint8_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint8_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint8_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint8_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint8_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint8_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint8_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint8_t) 1) << (sizeof(uint8_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint8_t) -1;
-        }
-    } else {
-        uint8_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint8_t) -1;
-        val = __Pyx_PyInt_As_uint8_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7744,7 +12092,7 @@ static CYTHON_INLINE uint8_t __Pyx_PyInt_As_uint8_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
+static CYTHON_INLINE uint64_t __Pyx_PyLong_As_uint64_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7754,179 +12102,237 @@ static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint64_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint64_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint64_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint64_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint64_t) -1;
+        val = __Pyx_PyLong_As_uint64_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint64_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint64_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint64_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint64_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 2 * PyLong_SHIFT)) {
                             return (uint64_t) (((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint64_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 3 * PyLong_SHIFT)) {
                             return (uint64_t) (((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint64_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 4 * PyLong_SHIFT)) {
                             return (uint64_t) (((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint64_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint64_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint64_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint64_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint64_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint64_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint64_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint64_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint64_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint64_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint64_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint64_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint64_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint64_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint64_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint64_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint64_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint64_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint64_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint64_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint64_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint64_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint64_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint64_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint64_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint64_t) 1) << (sizeof(uint64_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint64_t) -1;
-        }
-    } else {
-        uint64_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint64_t) -1;
-        val = __Pyx_PyInt_As_uint64_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -7939,8 +12345,40 @@ static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
     return (uint64_t) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint32_t(uint32_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7952,17 +12390,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint32_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint32_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint32_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint32_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -7970,15 +12408,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint32_t(uint32_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint32_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint32_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint8_t(uint8_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint8_t(uint8_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -7990,17 +12461,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint8_t(uint8_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint8_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint8_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint8_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint8_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint8_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -8008,15 +12479,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint8_t(uint8_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint8_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint8_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8028,17 +12532,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint64_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint64_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint64_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -8046,15 +12550,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint64_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint64_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8066,17 +12642,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -8084,15 +12660,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8102,179 +12711,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -8288,7 +12955,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -8298,179 +12965,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -8487,7 +13212,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -8508,51 +13233,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -8583,65 +13295,84 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionImport */
-#ifndef __PYX_HAVE_RT_ImportFunction
-#define __PYX_HAVE_RT_ImportFunction
-static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
+#ifndef __PYX_HAVE_RT_ImportFunction_3_1_4
+#define __PYX_HAVE_RT_ImportFunction_3_1_4
+static int __Pyx_ImportFunction_3_1_4(PyObject *module, const char *funcname, void (**f)(void), const char *sig) {
     PyObject *d = 0;
     PyObject *cobj = 0;
     union {
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(module, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(module, "__pyx_capi__");
     if (!d)
         goto bad;
+#if (defined(Py_LIMITED_API) && Py_LIMITED_API >= 0x030d0000) || (!defined(Py_LIMITED_API) && PY_VERSION_HEX >= 0x030d0000)
+    PyDict_GetItemStringRef(d, funcname, &cobj);
+#else
     cobj = PyDict_GetItemString(d, funcname);
+    Py_XINCREF(cobj);
+#endif
     if (!cobj) {
         PyErr_Format(PyExc_ImportError,
             "%.200s does not export expected C function %.200s",
                 PyModule_GetName(module), funcname);
         goto bad;
     }
-#if PY_VERSION_HEX >= 0x02070000
     if (!PyCapsule_IsValid(cobj, sig)) {
         PyErr_Format(PyExc_TypeError,
             "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
@@ -8649,97 +13380,233 @@ static int __Pyx_ImportFunction(PyObject *module, const char *funcname, void (**
         goto bad;
     }
     tmp.p = PyCapsule_GetPointer(cobj, sig);
-#else
-    {const char *desc, *s1, *s2;
-    desc = (const char *)PyCObject_GetDesc(cobj);
-    if (!desc)
-        goto bad;
-    s1 = desc; s2 = sig;
-    while (*s1 != '\0' && *s1 == *s2) { s1++; s2++; }
-    if (*s1 != *s2) {
-        PyErr_Format(PyExc_TypeError,
-            "C function %.200s.%.200s has wrong signature (expected %.500s, got %.500s)",
-             PyModule_GetName(module), funcname, sig, desc);
-        goto bad;
-    }
-    tmp.p = PyCObject_AsVoidPtr(cobj);}
-#endif
     *f = tmp.fp;
     if (!(*f))
         goto bad;
     Py_DECREF(d);
+    Py_DECREF(cobj);
     return 0;
 bad:
     Py_XDECREF(d);
+    Py_XDECREF(cobj);
     return -1;
 }
 #endif
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -8751,25 +13618,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -8792,95 +13659,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -8919,33 +13757,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/sftp_attributes.pxd b/ssh/sftp_attributes.pxd
index 1b48f24f..a199be9e 100644
--- a/ssh/sftp_attributes.pxd
+++ b/ssh/sftp_attributes.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from sftp cimport SFTP
+from .sftp cimport SFTP
 
-cimport c_sftp
+from . cimport c_sftp
 
 
 cdef class SFTPAttributes:
diff --git a/ssh/sftp_attributes.pyx b/ssh/sftp_attributes.pyx
index 89ded592..c5824220 100644
--- a/ssh/sftp_attributes.pyx
+++ b/ssh/sftp_attributes.pyx
@@ -1,26 +1,27 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.stdlib cimport malloc, free
 
-from sftp cimport SFTP
-from utils cimport ssh_string_to_bytes
+from .sftp cimport SFTP
+from .utils cimport ssh_string_to_bytes
 
-from c_ssh cimport ssh_string, uint8_t, uint32_t, uint64_t
-cimport c_sftp
+from .c_ssh cimport ssh_string, uint8_t, uint32_t, uint64_t
+from . cimport c_sftp
 
 
 cdef class SFTPAttributes:
diff --git a/ssh/sftp_handles.c b/ssh/sftp_handles.c
index 3e038fb9..684b512a 100644
--- a/ssh/sftp_handles.c
+++ b/ssh/sftp_handles.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.sftp_handles",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/sftp_handles.pyx"
+        ]
+    },
+    "module_name": "ssh.sftp_handles"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
+#endif
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#else
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
+#endif
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,70 +911,194 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
+#endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
+#endif
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
+#endif
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
+#else
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
   #endif
 #endif
 #include <math.h>
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -756,12 +1166,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -796,140 +1202,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -941,30 +1336,44 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/sftp_handles.pyx",
-  "stringsource",
+  "<stringsource>",
   "ssh/sftp_handles.pxd",
   "ssh/session.pxd",
   "ssh/sftp.pxd",
   "ssh/sftp_attributes.pxd",
   "ssh/sftp_statvfs.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -972,11 +1381,173 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
@@ -987,12 +1558,12 @@ struct __pyx_obj_3ssh_12sftp_handles_SFTPFile;
 struct __pyx_obj_3ssh_12sftp_handles_SFTPDir;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -1007,7 +1578,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_4sftp_SFTP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtab;
@@ -1022,7 +1593,7 @@ struct __pyx_obj_3ssh_4sftp_SFTP {
  * cdef class SFTPAttributes:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_attributes _attrs
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab;
@@ -1038,7 +1609,7 @@ struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes {
  * cdef class SFTPStatVFS:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_statvfs_t _stats
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtab;
@@ -1053,7 +1624,7 @@ struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS {
  * cdef class SFTPFile:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_file _file
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_handles_SFTPFile {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile *__pyx_vtab;
@@ -1069,7 +1640,7 @@ struct __pyx_obj_3ssh_12sftp_handles_SFTPFile {
  * cdef class SFTPDir:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_dir _dir
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_handles_SFTPDir {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtab;
@@ -1086,7 +1657,7 @@ struct __pyx_obj_3ssh_12sftp_handles_SFTPDir {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_4sftp_SFTP {
   struct __pyx_obj_3ssh_4sftp_SFTP *(*from_ptr)(sftp_session, struct __pyx_obj_3ssh_7session_Session *);
@@ -1100,7 +1671,7 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
  * cdef class SFTPAttributes:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_attributes _attrs
  *     cdef readonly SFTP sftp
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *(*from_ptr)(sftp_attributes, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1114,7 +1685,7 @@ static struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes *__pyx_vtab
  * cdef class SFTPStatVFS:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_statvfs_t _stats
  *     cdef readonly SFTP sftp
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS {
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *(*from_ptr)(sftp_statvfs_t, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1128,7 +1699,7 @@ static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtabptr_3s
  * cdef class SFTPFile:             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *(*from_ptr)(sftp_file, struct __pyx_obj_3ssh_4sftp_SFTP *);
@@ -1142,13 +1713,14 @@ static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile *__pyx_vtabptr_3ssh_
  * cdef class SFTPDir:             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *(*from_ptr)(sftp_dir, struct __pyx_obj_3ssh_4sftp_SFTP *);
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *(*readdir)(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *, int __pyx_skip_dispatch);
 };
 static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtabptr_3ssh_12sftp_handles_SFTPDir;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1157,42 +1729,48 @@ static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtabptr_3ssh_1
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1203,6 +1781,10 @@ static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtabptr_3ssh_1
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1214,100 +1796,30 @@ static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *__pyx_vtabptr_3ssh_1
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
-#endif
-
-/* GetBuiltinName.proto */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name);
-
-/* KeywordStringCheck.proto */
-static int __Pyx_CheckKeywordStrings(PyObject *kwdict, const char* function_name, int kw_allowed);
-
-/* PyFunctionFastCall.proto */
-#if CYTHON_FAST_PYCALL
-#define __Pyx_PyFunction_FastCall(func, args, nargs)\
-    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
-#endif
-#define __Pyx_BUILD_ASSERT_EXPR(cond)\
-    (sizeof(char [1 - 2*!(cond)]) - 1)
-#ifndef Py_MEMBER_SIZE
-#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
-#endif
-#if CYTHON_FAST_PYCALL
-  static size_t __pyx_pyframe_localsplus_offset = 0;
-  #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
-  #define __Pxy_PyFrame_Initialize_Offsets()\
-    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
-     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
-  #define __Pyx_PyFrame_GetLocalsplus(frame)\
-    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
-#endif
-
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
-#else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
-#endif
-
-/* PyObjectCallMethO.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
-#endif
-
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
-
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
 #else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
 #endif
 
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
-
-/* RaiseTooManyValuesToUnpack.proto */
-static CYTHON_INLINE void __Pyx_RaiseTooManyValuesError(Py_ssize_t expected);
-
-/* RaiseNeedMoreValuesToUnpack.proto */
-static CYTHON_INLINE void __Pyx_RaiseNeedMoreValuesError(Py_ssize_t index);
-
-/* IterFinish.proto */
-static CYTHON_INLINE int __Pyx_IterFinish(void);
-
-/* UnpackItemEndCheck.proto */
-static int __Pyx_IternextUnpackEndCheck(PyObject *retval, Py_ssize_t expected);
-
 /* PyThreadStateGet.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1319,7 +1831,7 @@ static int __Pyx_IternextUnpackEndCheck(PyObject *retval, Py_ssize_t expected);
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1335,8 +1847,97 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
-/* RaiseException.proto */
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+#else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
+
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* GetBuiltinName.proto */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name);
+
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
+/* PyObjectFastCallMethod.proto */
+#if CYTHON_VECTORCALL && PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyObject_FastCallMethod(name, args, nargsf) PyObject_VectorcallMethod(name, args, nargsf, NULL)
+#else
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf);
+#endif
+
+/* RaiseTooManyValuesToUnpack.proto */
+static CYTHON_INLINE void __Pyx_RaiseTooManyValuesError(Py_ssize_t expected);
+
+/* RaiseNeedMoreValuesToUnpack.proto */
+static CYTHON_INLINE void __Pyx_RaiseNeedMoreValuesError(Py_ssize_t index);
+
+/* IterFinish.proto */
+static CYTHON_INLINE int __Pyx_IterFinish(void);
+
+/* UnpackItemEndCheck.proto */
+static int __Pyx_IternextUnpackEndCheck(PyObject *retval, Py_ssize_t expected);
 
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -1366,18 +1967,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1385,20 +1986,117 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* PyObjectCall2Args.proto */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
-
-/* RaiseDoubleKeywords.proto */
-static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
-
-/* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* RaiseArgTupleInvalid.proto */
-static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
-    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
+#endif
+
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+#else
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#endif
+
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
+
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* RaiseException.proto */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
+
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
+#else
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
+#endif
+
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
 
 /* GetException.proto */
 #if CYTHON_FAST_THREAD_STATE
@@ -1417,7 +2115,7 @@ static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value,
 #endif
 
 /* GetTopmostException.proto */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
 #endif
 
@@ -1434,7 +2132,7 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
 
 /* ArgTypeTest.proto */
 #define __Pyx_ArgTypeTest(obj, type, none_allowed, name, exact)\
-    ((likely((Py_TYPE(obj) == type) | (none_allowed && (obj == Py_None)))) ? 1 :\
+    ((likely(__Pyx_IS_TYPE(obj, type) | (none_allowed && (obj == Py_None)))) ? 1 :\
         __Pyx__ArgTypeTest(obj, type, name, exact))
 static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact);
 
@@ -1446,50 +2144,82 @@ static void __Pyx_WriteUnraisable(const char *name, int clineno,
 /* ExtTypeTest.proto */
 static CYTHON_INLINE int __Pyx_TypeTest(PyObject *obj, PyTypeObject *type);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
 #endif
 
-/* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
-#else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
 #endif
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* SetVTable.proto */
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
+
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+/* ListPack.proto */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...);
 
 /* Import.proto */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
@@ -1497,184 +2227,471 @@ static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
 #else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *);
+static CYTHON_INLINE size_t __Pyx_PyLong_As_size_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *);
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *);
+static CYTHON_INLINE uint64_t __Pyx_PyLong_As_uint64_t(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
+/* CIntToPy.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_long(unsigned long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_unsigned_long(unsigned long value);
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handles_8SFTPFile_from_ptr(sftp_file __pyx_v__file, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp); /* proto*/
 static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles_7SFTPDir_from_ptr(sftp_dir __pyx_v__dir, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp); /* proto*/
 static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sftp_handles_7SFTPDir_readdir(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v_self, int __pyx_skip_dispatch); /* proto*/
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "ssh" */
+
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* Module declarations from "ssh.session" */
 
-/* Module declarations from 'ssh.c_sftp' */
+/* Module declarations from "ssh.c_sftp" */
 
-/* Module declarations from 'ssh.sftp' */
-static PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP = 0;
+/* Module declarations from "ssh.sftp" */
 
-/* Module declarations from 'ssh.sftp_attributes' */
-static PyTypeObject *__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = 0;
+/* Module declarations from "ssh.sftp_attributes" */
 
-/* Module declarations from 'libc.string' */
+/* Module declarations from "libc.string" */
 
-/* Module declarations from 'libc.stdlib' */
+/* Module declarations from "libc.stdlib" */
 
-/* Module declarations from 'ssh.sftp_statvfs' */
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = 0;
+/* Module declarations from "ssh.sftp_statvfs" */
 
-/* Module declarations from 'ssh.sftp_handles' */
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPFile = 0;
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPDir = 0;
+/* Module declarations from "ssh.sftp_handles" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.sftp_handles"
 extern int __pyx_module_is_main_ssh__sftp_handles;
 int __pyx_module_is_main_ssh__sftp_handles = 0;
 
-/* Implementation of 'ssh.sftp_handles' */
+/* Implementation of "ssh.sftp_handles" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_StopIteration;
 static PyObject *__pyx_builtin_MemoryError;
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
 static const char __pyx_k_[] = "";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k__2[] = ".";
+static const char __pyx_k__3[] = "?";
+static const char __pyx_k_gc[] = "gc";
 static const char __pyx_k_id[] = "_id";
+static const char __pyx_k_rc[] = "rc";
+static const char __pyx_k_A_F[] = "\200A\330\010\014\210F\220!";
+static const char __pyx_k_A_a[] = "\200A\330\r\016\330\022)\250\021\250$\250a";
+static const char __pyx_k_A_q[] = "\200A\330\010\017\210q";
+static const char __pyx_k_buf[] = "buf";
+static const char __pyx_k_eof[] = "eof";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_vfs[] = "vfs";
+static const char __pyx_k_A_AT[] = "\200A\330\r\016\330\022,\250A\250T\260\021";
+static const char __pyx_k_A_IQ[] = "\200A\330\010\014\210I\220Q";
+static const char __pyx_k_args[] = "args";
+static const char __pyx_k_data[] = "data";
+static const char __pyx_k_exit[] = "__exit__";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
 static const char __pyx_k_read[] = "read";
+static const char __pyx_k_seek[] = "seek";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_size[] = "size";
+static const char __pyx_k_tell[] = "tell";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_A_at1[] = "\200A\330\r\016\330\022\036\230a\230t\2401";
+static const char __pyx_k_attrs[] = "_attrs";
+static const char __pyx_k_c_buf[] = "c_buf";
+static const char __pyx_k_c_vfs[] = "c_vfs";
 static const char __pyx_k_close[] = "close";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_enter[] = "__enter__";
+static const char __pyx_k_fstat[] = "fstat";
+static const char __pyx_k_fsync[] = "fsync";
+static const char __pyx_k_write[] = "write";
+static const char __pyx_k_c_data[] = "c_data";
+static const char __pyx_k_enable[] = "enable";
 static const char __pyx_k_length[] = "length";
+static const char __pyx_k_module[] = "__module__";
+static const char __pyx_k_offset[] = "offset";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_rewind[] = "rewind";
+static const char __pyx_k_seek64[] = "seek64";
+static const char __pyx_k_size_2[] = "_size";
+static const char __pyx_k_tell64[] = "tell64";
 static const char __pyx_k_SFTPDir[] = "SFTPDir";
+static const char __pyx_k_c_attrs[] = "c_attrs";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_readdir[] = "readdir";
+static const char __pyx_k_A_AT_t1A[] = "\200A\340\r\016\330\014\027\220}\240A\240T\250\021\330\010\017\210t\2201\220A";
 static const char __pyx_k_SFTPFile[] = "SFTPFile";
+static const char __pyx_k_add_note[] = "add_note";
 static const char __pyx_k_closedir[] = "closedir";
+static const char __pyx_k_data_len[] = "data_len";
+static const char __pyx_k_fstatvfs[] = "fstatvfs";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_SFTPError[] = "SFTPError";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
+static const char __pyx_k_async_read[] = "async_read";
 static const char __pyx_k_exceptions[] = "exceptions";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
 static const char __pyx_k_MemoryError[] = "MemoryError";
+static const char __pyx_k_SFTPDir_eof[] = "SFTPDir.eof";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_set_blocking[] = "set_blocking";
+static const char __pyx_k_stringsource[] = "<stringsource>";
+static const char __pyx_k_A_1D_3b_q_E_q[] = "\200A\340\r\016\330\014\027\220|\2401\240D\250\010\260\001\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\017\210q";
+static const char __pyx_k_A_4q_3b_q_E_q[] = "\200A\340\r\016\330\014\027\220{\240!\2404\240q\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\017\210q";
+static const char __pyx_k_SFTPFile_read[] = "SFTPFile.read";
+static const char __pyx_k_SFTPFile_seek[] = "SFTPFile.seek";
+static const char __pyx_k_SFTPFile_tell[] = "SFTPFile.tell";
 static const char __pyx_k_StopIteration[] = "StopIteration";
+static const char __pyx_k_q_Qd_3b_q_E_q[] = "\320\004/\250q\340\r\016\330\014\027\320\027-\250Q\250d\260(\270!\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\017\210q";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
+static const char __pyx_k_A_z_a_3b_q_E_q[] = "\200A\340\r\016\330\014\027\220z\240\021\240$\240a\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\017\210q";
+static const char __pyx_k_SFTPDir___exit[] = "SFTPDir.__exit__";
+static const char __pyx_k_SFTPFile_close[] = "SFTPFile.close";
+static const char __pyx_k_SFTPFile_fstat[] = "SFTPFile.fstat";
+static const char __pyx_k_SFTPFile_fsync[] = "SFTPFile.fsync";
+static const char __pyx_k_SFTPFile_write[] = "SFTPFile.write";
+static const char __pyx_k_A_1D_3b_q_E_q_2[] = "\200A\340\r\016\330\014\027\220|\2401\240D\250\001\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\017\210q";
+static const char __pyx_k_A_z_ha_3b_q_E_q[] = "\200A\340\r\016\330\014\027\220z\240\021\240$\240h\250a\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\017\210q";
+static const char __pyx_k_SFTPDir___enter[] = "SFTPDir.__enter__";
+static const char __pyx_k_SFTPDir_readdir[] = "SFTPDir.readdir";
+static const char __pyx_k_SFTPFile___exit[] = "SFTPFile.__exit__";
+static const char __pyx_k_SFTPFile_rewind[] = "SFTPFile.rewind";
+static const char __pyx_k_SFTPFile_seek64[] = "SFTPFile.seek64";
+static const char __pyx_k_SFTPFile_tell64[] = "SFTPFile.tell64";
 static const char __pyx_k_SFTPHandleError[] = "SFTPHandleError";
+static const char __pyx_k_set_nonblocking[] = "set_nonblocking";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_SFTPDir_closedir[] = "SFTPDir.closedir";
+static const char __pyx_k_SFTPFile___enter[] = "SFTPFile.__enter__";
+static const char __pyx_k_async_read_begin[] = "async_read_begin";
+static const char __pyx_k_ssh_sftp_handles[] = "ssh.sftp_handles";
+static const char __pyx_k_A_Q_6_A_q_E_7_a_q[] = "\200A\360\006\000\016\017\330\014\032\230.\250\001\250\024\250Q\330\010\013\2106\220\023\220A\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\031\230\031\240!\2407\250$\250a\330\010\017\210q";
+static const char __pyx_k_SFTPFile_fstatvfs[] = "SFTPFile.fstatvfs";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_SFTPFile_async_read[] = "SFTPFile.async_read";
+static const char __pyx_k_A_Kq_A_83a_q_E_y_a_q[] = "\200A\360\006\000\016\017\330\014\034\230K\240q\250\004\250A\330\010\013\2108\2203\220a\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\037\230y\250\001\250\031\260$\260a\330\010\017\210q";
+static const char __pyx_k_ssh_sftp_handles_pyx[] = "ssh/sftp_handles.pyx";
+static const char __pyx_k_A_4q_1_4q_3b_q_E_Ja_q[] = "\200A\340\010\013\2104\210q\330\014\023\2201\330\r\016\330\014\027\220{\240!\2404\240q\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\014\210J\220a\330\010\017\210q";
+static const char __pyx_k_A_4q_1_Qd_3b_q_E_Ja_q[] = "\200A\340\010\013\2104\210q\330\014\023\2201\330\r\016\330\014\027\220~\240Q\240d\250!\330\010\013\2103\210b\220\001\330\014\022\220/\240\021\240-\250q\260\004\260E\270\030\300\021\330\010\014\210J\220a\330\010\017\210q";
+static const char __pyx_k_SFTPFile_set_blocking[] = "SFTPFile.set_blocking";
+static const char __pyx_k_q_HF_vS_AT_vRq_e2Q_wa[] = "\320\004\037\230q\340\010\031\230\021\340\r\016\330\014\024\220H\230F\240!\240=\260\002\260!\330\014\017\210v\220S\230\001\330\025\026\330\024\025\330\014\032\230*\240A\240T\250\030\260\027\270\001\330\010\t\330\014\017\210v\220R\220q\330\020\026\220e\2302\230Q\340\014\020\220\001\220\021\330\010\017\210w\220a";
+static const char __pyx_k_A_M_e84q_at7_Q_S_y_a_q[] = "\200A\360\006\000\016\017\330\014\034\230M\250\021\250$\250e\2608\2704\270q\330\010\021\220\035\230a\230t\2407\250#\250Q\330\014\r\330\r\025\220S\230\001\330\014\022\220!\330\010\037\230y\250\001\250\031\260$\260a\330\010\017\210q";
+static const char __pyx_k_A_s_1_4xxq_3b_1M_e81_q[] = "\200A\340\010\"\240!\330\010\037\230s\240!\2401\330\r\016\330\014\027\220{\240!\2404\240x\250x\260q\330\010\013\2103\210b\220\001\330\014\022\220)\2301\230M\250\021\250$\250e\2608\2701\330\010\017\210q";
+static const char __pyx_k_SFTPDir___reduce_cython[] = "SFTPDir.__reduce_cython__";
+static const char __pyx_k_SFTPFile___reduce_cython[] = "SFTPFile.__reduce_cython__";
+static const char __pyx_k_SFTPFile_set_nonblocking[] = "SFTPFile.set_nonblocking";
+static const char __pyx_k_SFTPDir___setstate_cython[] = "SFTPDir.__setstate_cython__";
+static const char __pyx_k_SFTPFile_async_read_begin[] = "SFTPFile.async_read_begin";
+static const char __pyx_k_SFTPFile___setstate_cython[] = "SFTPFile.__setstate_cython__";
+static const char __pyx_k_7q_HF_vS_hgXQ_uBa_e2Q_b_5_1_1M[] = "\320\0047\260q\340\010\031\230\021\340\r\016\330\014\024\220H\230F\240!\240=\260\002\260!\330\014\017\210v\220S\230\001\330\025\026\330\024\025\330\014\031\320\031)\250\021\250$\250h\260g\270X\300Q\330\010\t\330\014\017\210u\220B\220a\330\020\026\220e\2302\230Q\330\021\026\220b\230\001\330\020\023\2205\230\003\2301\330\024\032\230)\2401\240M\260\021\260$\260e\2708\3001\330\025\032\230#\230Q\330\024\033\230;\240a\340\014\020\220\001\220\021\330\010\017\210v\220Q";
+static const char __pyx_k_Note_that_Cython_is_deliberately[] = "Note that Cython is deliberately stricter than PEP-484 and rejects subclasses of builtin types. If you need to pass subclasses then set the 'annotation_typing' directive to False.";
 static const char __pyx_k_self__dir_cannot_be_converted_to[] = "self._dir cannot be converted to a Python object for pickling";
 static const char __pyx_k_self__file_cannot_be_converted_t[] = "self._file cannot be converted to a Python object for pickling";
-static PyObject *__pyx_kp_b_;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_SFTPDir;
-static PyObject *__pyx_n_s_SFTPError;
-static PyObject *__pyx_n_s_SFTPFile;
-static PyObject *__pyx_n_s_SFTPHandleError;
-static PyObject *__pyx_n_s_StopIteration;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_close;
-static PyObject *__pyx_n_s_closedir;
-static PyObject *__pyx_n_s_exceptions;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_id;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_length;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_read;
-static PyObject *__pyx_n_s_readdir;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_kp_s_self__dir_cannot_be_converted_to;
-static PyObject *__pyx_kp_s_self__file_cannot_be_converted_t;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_size;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile___enter__(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v_args); /* proto */
 static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_4__iter__(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_v_self); /* proto */
@@ -1713,20 +2730,277 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__(CYTHO
 static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_12sftp_handles_SFTPFile(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
 static PyObject *__pyx_tp_new_3ssh_12sftp_handles_SFTPDir(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_int_0;
-static PyObject *__pyx_tuple__2;
-static PyObject *__pyx_tuple__3;
-static PyObject *__pyx_tuple__4;
-static PyObject *__pyx_tuple__5;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP;
+  PyTypeObject *__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS;
+  PyObject *__pyx_type_3ssh_12sftp_handles_SFTPFile;
+  PyObject *__pyx_type_3ssh_12sftp_handles_SFTPDir;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPFile;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_handles_SFTPDir;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[1];
+  PyObject *__pyx_codeobj_tab[26];
+  PyObject *__pyx_string_tab[104];
+  PyObject *__pyx_int_0;
+  PyObject *__pyx_int_1048576;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_b_ __pyx_string_tab[0]
+#define __pyx_n_u_MemoryError __pyx_string_tab[1]
+#define __pyx_kp_u_Note_that_Cython_is_deliberately __pyx_string_tab[2]
+#define __pyx_n_u_SFTPDir __pyx_string_tab[3]
+#define __pyx_n_u_SFTPDir___enter __pyx_string_tab[4]
+#define __pyx_n_u_SFTPDir___exit __pyx_string_tab[5]
+#define __pyx_n_u_SFTPDir___reduce_cython __pyx_string_tab[6]
+#define __pyx_n_u_SFTPDir___setstate_cython __pyx_string_tab[7]
+#define __pyx_n_u_SFTPDir_closedir __pyx_string_tab[8]
+#define __pyx_n_u_SFTPDir_eof __pyx_string_tab[9]
+#define __pyx_n_u_SFTPDir_readdir __pyx_string_tab[10]
+#define __pyx_n_u_SFTPError __pyx_string_tab[11]
+#define __pyx_n_u_SFTPFile __pyx_string_tab[12]
+#define __pyx_n_u_SFTPFile___enter __pyx_string_tab[13]
+#define __pyx_n_u_SFTPFile___exit __pyx_string_tab[14]
+#define __pyx_n_u_SFTPFile___reduce_cython __pyx_string_tab[15]
+#define __pyx_n_u_SFTPFile___setstate_cython __pyx_string_tab[16]
+#define __pyx_n_u_SFTPFile_async_read __pyx_string_tab[17]
+#define __pyx_n_u_SFTPFile_async_read_begin __pyx_string_tab[18]
+#define __pyx_n_u_SFTPFile_close __pyx_string_tab[19]
+#define __pyx_n_u_SFTPFile_fstat __pyx_string_tab[20]
+#define __pyx_n_u_SFTPFile_fstatvfs __pyx_string_tab[21]
+#define __pyx_n_u_SFTPFile_fsync __pyx_string_tab[22]
+#define __pyx_n_u_SFTPFile_read __pyx_string_tab[23]
+#define __pyx_n_u_SFTPFile_rewind __pyx_string_tab[24]
+#define __pyx_n_u_SFTPFile_seek __pyx_string_tab[25]
+#define __pyx_n_u_SFTPFile_seek64 __pyx_string_tab[26]
+#define __pyx_n_u_SFTPFile_set_blocking __pyx_string_tab[27]
+#define __pyx_n_u_SFTPFile_set_nonblocking __pyx_string_tab[28]
+#define __pyx_n_u_SFTPFile_tell __pyx_string_tab[29]
+#define __pyx_n_u_SFTPFile_tell64 __pyx_string_tab[30]
+#define __pyx_n_u_SFTPFile_write __pyx_string_tab[31]
+#define __pyx_n_u_SFTPHandleError __pyx_string_tab[32]
+#define __pyx_n_u_StopIteration __pyx_string_tab[33]
+#define __pyx_n_u_TypeError __pyx_string_tab[34]
+#define __pyx_kp_u__2 __pyx_string_tab[35]
+#define __pyx_kp_u__3 __pyx_string_tab[36]
+#define __pyx_kp_u_add_note __pyx_string_tab[37]
+#define __pyx_n_u_args __pyx_string_tab[38]
+#define __pyx_n_u_async_read __pyx_string_tab[39]
+#define __pyx_n_u_async_read_begin __pyx_string_tab[40]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[41]
+#define __pyx_n_u_attrs __pyx_string_tab[42]
+#define __pyx_n_u_buf __pyx_string_tab[43]
+#define __pyx_n_u_c_attrs __pyx_string_tab[44]
+#define __pyx_n_u_c_buf __pyx_string_tab[45]
+#define __pyx_n_u_c_data __pyx_string_tab[46]
+#define __pyx_n_u_c_vfs __pyx_string_tab[47]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[48]
+#define __pyx_n_u_close __pyx_string_tab[49]
+#define __pyx_n_u_closedir __pyx_string_tab[50]
+#define __pyx_n_u_data __pyx_string_tab[51]
+#define __pyx_n_u_data_len __pyx_string_tab[52]
+#define __pyx_kp_u_disable __pyx_string_tab[53]
+#define __pyx_kp_u_enable __pyx_string_tab[54]
+#define __pyx_n_u_enter __pyx_string_tab[55]
+#define __pyx_n_u_eof __pyx_string_tab[56]
+#define __pyx_n_u_exceptions __pyx_string_tab[57]
+#define __pyx_n_u_exit __pyx_string_tab[58]
+#define __pyx_n_u_fstat __pyx_string_tab[59]
+#define __pyx_n_u_fstatvfs __pyx_string_tab[60]
+#define __pyx_n_u_fsync __pyx_string_tab[61]
+#define __pyx_n_u_func __pyx_string_tab[62]
+#define __pyx_kp_u_gc __pyx_string_tab[63]
+#define __pyx_n_u_getstate __pyx_string_tab[64]
+#define __pyx_n_u_id __pyx_string_tab[65]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[66]
+#define __pyx_kp_u_isenabled __pyx_string_tab[67]
+#define __pyx_n_u_length __pyx_string_tab[68]
+#define __pyx_n_u_main __pyx_string_tab[69]
+#define __pyx_n_u_module __pyx_string_tab[70]
+#define __pyx_n_u_name __pyx_string_tab[71]
+#define __pyx_n_u_offset __pyx_string_tab[72]
+#define __pyx_n_u_pop __pyx_string_tab[73]
+#define __pyx_n_u_pyx_state __pyx_string_tab[74]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[75]
+#define __pyx_n_u_qualname __pyx_string_tab[76]
+#define __pyx_n_u_rc __pyx_string_tab[77]
+#define __pyx_n_u_read __pyx_string_tab[78]
+#define __pyx_n_u_readdir __pyx_string_tab[79]
+#define __pyx_n_u_reduce __pyx_string_tab[80]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[81]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[82]
+#define __pyx_n_u_rewind __pyx_string_tab[83]
+#define __pyx_n_u_seek __pyx_string_tab[84]
+#define __pyx_n_u_seek64 __pyx_string_tab[85]
+#define __pyx_n_u_self __pyx_string_tab[86]
+#define __pyx_kp_u_self__dir_cannot_be_converted_to __pyx_string_tab[87]
+#define __pyx_kp_u_self__file_cannot_be_converted_t __pyx_string_tab[88]
+#define __pyx_n_u_set_blocking __pyx_string_tab[89]
+#define __pyx_n_u_set_name __pyx_string_tab[90]
+#define __pyx_n_u_set_nonblocking __pyx_string_tab[91]
+#define __pyx_n_u_setstate __pyx_string_tab[92]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[93]
+#define __pyx_n_u_size __pyx_string_tab[94]
+#define __pyx_n_u_size_2 __pyx_string_tab[95]
+#define __pyx_n_u_ssh_sftp_handles __pyx_string_tab[96]
+#define __pyx_kp_u_ssh_sftp_handles_pyx __pyx_string_tab[97]
+#define __pyx_kp_u_stringsource __pyx_string_tab[98]
+#define __pyx_n_u_tell __pyx_string_tab[99]
+#define __pyx_n_u_tell64 __pyx_string_tab[100]
+#define __pyx_n_u_test __pyx_string_tab[101]
+#define __pyx_n_u_vfs __pyx_string_tab[102]
+#define __pyx_n_u_write __pyx_string_tab[103]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPFile);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_12sftp_handles_SFTPFile);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPDir);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_12sftp_handles_SFTPDir);
+  for (int i=0; i<1; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<26; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<104; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_0);
+  Py_CLEAR(clear_module_state->__pyx_int_1048576);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPFile);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_12sftp_handles_SFTPFile);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_handles_SFTPDir);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_12sftp_handles_SFTPDir);
+  for (int i=0; i<1; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<26; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<104; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_0);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_1048576);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
-/* "ssh/sftp_handles.pyx":31
+/* "ssh/sftp_handles.pyx":30
+ * cdef class SFTPFile:
  * 
- *     @staticmethod
- *     cdef SFTPFile from_ptr(c_sftp.sftp_file _file, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPFile from_ptr(c_sftp.sftp_file _file, SFTP sftp):
  *         cdef SFTPFile _fh = SFTPFile.__new__(SFTPFile, sftp)
- *         _fh._file = _file
- */
+*/
 
 static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handles_8SFTPFile_from_ptr(sftp_file __pyx_v__file, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp) {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_v__fh = 0;
@@ -1745,14 +3019,14 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handle
  *         cdef SFTPFile _fh = SFTPFile.__new__(SFTPFile, sftp)             # <<<<<<<<<<<<<<
  *         _fh._file = _file
  *         _fh.sftp = sftp
- */
+*/
   __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 32, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_sftp));
-  PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_sftp));
-  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_12sftp_handles_SFTPFile(((PyTypeObject *)__pyx_ptype_3ssh_12sftp_handles_SFTPFile), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 32, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_2));
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_sftp);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_sftp)) != (0)) __PYX_ERR(0, 32, __pyx_L1_error);
+  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_12sftp_handles_SFTPFile(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 32, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_2);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_v__fh = ((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_t_2);
   __pyx_t_2 = 0;
@@ -1763,7 +3037,7 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handle
  *         _fh._file = _file             # <<<<<<<<<<<<<<
  *         _fh.sftp = sftp
  *         return _fh
- */
+*/
   __pyx_v__fh->_file = __pyx_v__file;
 
   /* "ssh/sftp_handles.pyx":34
@@ -1772,11 +3046,11 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handle
  *         _fh.sftp = sftp             # <<<<<<<<<<<<<<
  *         return _fh
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GOTREF(__pyx_v__fh->sftp);
-  __Pyx_DECREF(((PyObject *)__pyx_v__fh->sftp));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GOTREF((PyObject *)__pyx_v__fh->sftp);
+  __Pyx_DECREF((PyObject *)__pyx_v__fh->sftp);
   __pyx_v__fh->sftp = __pyx_v_sftp;
 
   /* "ssh/sftp_handles.pyx":35
@@ -1785,19 +3059,19 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handle
  *         return _fh             # <<<<<<<<<<<<<<
  * 
  *     def __enter__(self):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__fh));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__fh);
   __pyx_r = __pyx_v__fh;
   goto __pyx_L0;
 
-  /* "ssh/sftp_handles.pyx":31
+  /* "ssh/sftp_handles.pyx":30
+ * cdef class SFTPFile:
  * 
- *     @staticmethod
- *     cdef SFTPFile from_ptr(c_sftp.sftp_file _file, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPFile from_ptr(c_sftp.sftp_file _file, SFTP sftp):
  *         cdef SFTPFile _fh = SFTPFile.__new__(SFTPFile, sftp)
- *         _fh._file = _file
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1818,15 +3092,44 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_f_3ssh_12sftp_handle
  *     def __enter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile___enter__[] = "SFTPFile.__enter__(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile___enter__, "SFTPFile.__enter__(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_1__enter__ = {"__enter__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile___enter__};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__enter__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__enter__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__enter__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile___enter__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -1845,9 +3148,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile___enter__(struct __pyx_o
  *         return self             # <<<<<<<<<<<<<<
  * 
  *     def __exit__(self, *args):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self));
+  __Pyx_INCREF((PyObject *)__pyx_v_self);
   __pyx_r = ((PyObject *)__pyx_v_self);
   goto __pyx_L0;
 
@@ -1857,7 +3160,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile___enter__(struct __pyx_o
  *     def __enter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -1872,23 +3175,34 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile___enter__(struct __pyx_o
  *     def __exit__(self, *args):             # <<<<<<<<<<<<<<
  *         self.close()
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_3__exit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_2__exit__[] = "SFTPFile.__exit__(self, *args)";
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_2__exit__, "SFTPFile.__exit__(self, *args)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_3__exit__ = {"__exit__", (PyCFunction)(void(*)(void))(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_3__exit__, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_2__exit__};
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_3__exit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
   CYTHON_UNUSED PyObject *__pyx_v_args = 0;
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__exit__ (wrapper)", 0);
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__exit__", 0))) return NULL;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__exit__", __pyx_kwds); return NULL;}
   __Pyx_INCREF(__pyx_args);
   __pyx_v_args = __pyx_args;
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v_args);
 
   /* function exit code */
-  __Pyx_XDECREF(__pyx_v_args);
+  __Pyx_DECREF(__pyx_v_args);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -1898,7 +3212,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(struct __pyx_o
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1910,24 +3224,17 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(struct __pyx_o
  *         self.close()             # <<<<<<<<<<<<<<
  * 
  *     def __iter__(self):
- */
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_close); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_self);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_close, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 41, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "ssh/sftp_handles.pyx":40
@@ -1936,7 +3243,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(struct __pyx_o
  *     def __exit__(self, *args):             # <<<<<<<<<<<<<<
  *         self.close()
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -1944,7 +3251,6 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(struct __pyx_o
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.__exit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1959,14 +3265,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_2__exit__(struct __pyx_o
  *     def __iter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_5__iter__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_5__iter__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__iter__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_4__iter__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -1985,9 +3293,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_4__iter__(struct __pyx_o
  *         return self             # <<<<<<<<<<<<<<
  * 
  *     def __next__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self));
+  __Pyx_INCREF((PyObject *)__pyx_v_self);
   __pyx_r = ((PyObject *)__pyx_v_self);
   goto __pyx_L0;
 
@@ -1997,7 +3305,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_4__iter__(struct __pyx_o
  *     def __iter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -2012,14 +3320,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_4__iter__(struct __pyx_o
  *     def __next__(self):             # <<<<<<<<<<<<<<
  *         size, data = self.read()
  *         if size > 0:
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__next__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -2032,12 +3342,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
   PyObject *__pyx_v_data = NULL;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
+  int __pyx_error_without_exception = 0; /* StopIteration */
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   PyObject *__pyx_t_4 = NULL;
-  PyObject *(*__pyx_t_5)(PyObject *);
-  int __pyx_t_6;
+  PyObject *__pyx_t_5 = NULL;
+  PyObject *(*__pyx_t_6)(PyObject *);
+  int __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2049,24 +3361,17 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *         size, data = self.read()             # <<<<<<<<<<<<<<
  *         if size > 0:
  *             return size, data
- */
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_read); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_self);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_read, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 47, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 47, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   if ((likely(PyTuple_CheckExact(__pyx_t_1))) || (PyList_CheckExact(__pyx_t_1))) {
     PyObject* sequence = __pyx_t_1;
     Py_ssize_t size = __Pyx_PySequence_SIZE(sequence);
@@ -2077,46 +3382,50 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
     }
     #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
     if (likely(PyTuple_CheckExact(sequence))) {
-      __pyx_t_2 = PyTuple_GET_ITEM(sequence, 0); 
-      __pyx_t_3 = PyTuple_GET_ITEM(sequence, 1); 
+      __pyx_t_2 = PyTuple_GET_ITEM(sequence, 0);
+      __Pyx_INCREF(__pyx_t_2);
+      __pyx_t_4 = PyTuple_GET_ITEM(sequence, 1);
+      __Pyx_INCREF(__pyx_t_4);
     } else {
-      __pyx_t_2 = PyList_GET_ITEM(sequence, 0); 
-      __pyx_t_3 = PyList_GET_ITEM(sequence, 1); 
+      __pyx_t_2 = __Pyx_PyList_GetItemRef(sequence, 0);
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 47, __pyx_L1_error)
+      __Pyx_XGOTREF(__pyx_t_2);
+      __pyx_t_4 = __Pyx_PyList_GetItemRef(sequence, 1);
+      if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 47, __pyx_L1_error)
+      __Pyx_XGOTREF(__pyx_t_4);
     }
-    __Pyx_INCREF(__pyx_t_2);
-    __Pyx_INCREF(__pyx_t_3);
     #else
-    __pyx_t_2 = PySequence_ITEM(sequence, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 47, __pyx_L1_error)
+    __pyx_t_2 = __Pyx_PySequence_ITEM(sequence, 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 47, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_3 = PySequence_ITEM(sequence, 1); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 47, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_4 = __Pyx_PySequence_ITEM(sequence, 1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 47, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
     #endif
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   } else {
     Py_ssize_t index = -1;
-    __pyx_t_4 = PyObject_GetIter(__pyx_t_1); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 47, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
+    __pyx_t_5 = PyObject_GetIter(__pyx_t_1); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 47, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-    __pyx_t_5 = Py_TYPE(__pyx_t_4)->tp_iternext;
-    index = 0; __pyx_t_2 = __pyx_t_5(__pyx_t_4); if (unlikely(!__pyx_t_2)) goto __pyx_L3_unpacking_failed;
+    __pyx_t_6 = (CYTHON_COMPILING_IN_LIMITED_API) ? PyIter_Next : __Pyx_PyObject_GetIterNextFunc(__pyx_t_5);
+    index = 0; __pyx_t_2 = __pyx_t_6(__pyx_t_5); if (unlikely(!__pyx_t_2)) goto __pyx_L3_unpacking_failed;
     __Pyx_GOTREF(__pyx_t_2);
-    index = 1; __pyx_t_3 = __pyx_t_5(__pyx_t_4); if (unlikely(!__pyx_t_3)) goto __pyx_L3_unpacking_failed;
-    __Pyx_GOTREF(__pyx_t_3);
-    if (__Pyx_IternextUnpackEndCheck(__pyx_t_5(__pyx_t_4), 2) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
-    __pyx_t_5 = NULL;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+    index = 1; __pyx_t_4 = __pyx_t_6(__pyx_t_5); if (unlikely(!__pyx_t_4)) goto __pyx_L3_unpacking_failed;
+    __Pyx_GOTREF(__pyx_t_4);
+    if (__Pyx_IternextUnpackEndCheck(__pyx_t_6(__pyx_t_5), 2) < 0) __PYX_ERR(0, 47, __pyx_L1_error)
+    __pyx_t_6 = NULL;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
     goto __pyx_L4_unpacking_done;
     __pyx_L3_unpacking_failed:;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __pyx_t_5 = NULL;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+    __pyx_t_6 = NULL;
     if (__Pyx_IterFinish() == 0) __Pyx_RaiseNeedMoreValuesError(index);
     __PYX_ERR(0, 47, __pyx_L1_error)
     __pyx_L4_unpacking_done:;
   }
   __pyx_v_size = __pyx_t_2;
   __pyx_t_2 = 0;
-  __pyx_v_data = __pyx_t_3;
-  __pyx_t_3 = 0;
+  __pyx_v_data = __pyx_t_4;
+  __pyx_t_4 = 0;
 
   /* "ssh/sftp_handles.pyx":48
  *     def __next__(self):
@@ -2124,11 +3433,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *         if size > 0:             # <<<<<<<<<<<<<<
  *             return size, data
  *         raise StopIteration
- */
-  __pyx_t_1 = PyObject_RichCompare(__pyx_v_size, __pyx_int_0, Py_GT); __Pyx_XGOTREF(__pyx_t_1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 48, __pyx_L1_error)
-  __pyx_t_6 = __Pyx_PyObject_IsTrue(__pyx_t_1); if (unlikely(__pyx_t_6 < 0)) __PYX_ERR(0, 48, __pyx_L1_error)
+*/
+  __pyx_t_1 = PyObject_RichCompare(__pyx_v_size, __pyx_mstate_global->__pyx_int_0, Py_GT); __Pyx_XGOTREF(__pyx_t_1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 48, __pyx_L1_error)
+  __pyx_t_7 = __Pyx_PyObject_IsTrue(__pyx_t_1); if (unlikely((__pyx_t_7 < 0))) __PYX_ERR(0, 48, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  if (__pyx_t_6) {
+  if (__pyx_t_7) {
 
     /* "ssh/sftp_handles.pyx":49
  *         size, data = self.read()
@@ -2136,16 +3445,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *             return size, data             # <<<<<<<<<<<<<<
  *         raise StopIteration
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_t_1 = PyTuple_New(2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 49, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_INCREF(__pyx_v_size);
     __Pyx_GIVEREF(__pyx_v_size);
-    PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_v_size);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, __pyx_v_size) != (0)) __PYX_ERR(0, 49, __pyx_L1_error);
     __Pyx_INCREF(__pyx_v_data);
     __Pyx_GIVEREF(__pyx_v_data);
-    PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_v_data);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 1, __pyx_v_data) != (0)) __PYX_ERR(0, 49, __pyx_L1_error);
     __pyx_r = __pyx_t_1;
     __pyx_t_1 = 0;
     goto __pyx_L0;
@@ -2156,7 +3465,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *         if size > 0:             # <<<<<<<<<<<<<<
  *             return size, data
  *         raise StopIteration
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":50
@@ -2165,9 +3474,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *         raise StopIteration             # <<<<<<<<<<<<<<
  * 
  *     def fstat(self):
- */
-  __Pyx_Raise(__pyx_builtin_StopIteration, 0, 0, 0);
-  __PYX_ERR(0, 50, __pyx_L1_error)
+*/
+  __pyx_error_without_exception = 1;
+  goto __pyx_L1_error;;
 
   /* "ssh/sftp_handles.pyx":46
  *         return self
@@ -2175,15 +3484,17 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *     def __next__(self):             # <<<<<<<<<<<<<<
  *         size, data = self.read()
  *         if size > 0:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_XDECREF(__pyx_t_4);
-  __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.__next__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_XDECREF(__pyx_t_5);
+  if (!__pyx_error_without_exception) {
+    __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.__next__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  }
   __pyx_r = NULL;
   __pyx_L0:;
   __Pyx_XDECREF(__pyx_v_size);
@@ -2199,15 +3510,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6__next__(struct __pyx_o
  *     def fstat(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_8fstat[] = "SFTPFile.fstat(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_8fstat, "SFTPFile.fstat(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_9fstat = {"fstat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_8fstat};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("fstat (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("fstat", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("fstat", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -2225,6 +3565,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2236,13 +3577,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_fstat(self._file)
  *         if c_attrs is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":56
@@ -2251,7 +3591,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *             c_attrs = c_sftp.sftp_fstat(self._file)             # <<<<<<<<<<<<<<
  *         if c_attrs is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_c_attrs = sftp_fstat(__pyx_v_self->_file);
       }
 
@@ -2261,13 +3601,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_fstat(self._file)
  *         if c_attrs is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2280,8 +3618,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *         if c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
- */
-  __pyx_t_1 = ((__pyx_v_c_attrs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_c_attrs == NULL);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":58
@@ -2290,27 +3628,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
  *         return _attrs
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 58, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 58, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 58, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 58, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 58, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 58, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 58, __pyx_L1_error)
@@ -2321,7 +3665,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *         if c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":59
@@ -2330,14 +3674,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)             # <<<<<<<<<<<<<<
  *         return _attrs
  * 
- */
+*/
   __pyx_t_2 = ((PyObject *)__pyx_v_self->sftp);
   __Pyx_INCREF(__pyx_t_2);
-  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_2))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 59, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_4 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_2))); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 59, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_v__attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_3);
-  __pyx_t_3 = 0;
+  __pyx_v__attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_4);
+  __pyx_t_4 = 0;
 
   /* "ssh/sftp_handles.pyx":60
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
@@ -2345,9 +3689,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *         return _attrs             # <<<<<<<<<<<<<<
  * 
  *     def close(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v__attrs));
+  __Pyx_INCREF((PyObject *)__pyx_v__attrs);
   __pyx_r = ((PyObject *)__pyx_v__attrs);
   goto __pyx_L0;
 
@@ -2357,7 +3701,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *     def fstat(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2380,15 +3724,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_8fstat(struct __pyx_obj_
  *     def close(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_10close[] = "SFTPFile.close(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_10close, "SFTPFile.close(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_11close = {"close", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_10close};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("close (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("close", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("close", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -2405,6 +3778,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2416,9 +3790,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
-  __pyx_t_1 = (__pyx_v_self->closed != 0);
-  if (__pyx_t_1) {
+*/
+  if (__pyx_v_self->closed) {
 
     /* "ssh/sftp_handles.pyx":65
  *         cdef int rc
@@ -2426,10 +3799,10 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *             return 0             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_sftp.sftp_close(self._file)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_INCREF(__pyx_int_0);
-    __pyx_r = __pyx_int_0;
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __pyx_r = __pyx_mstate_global->__pyx_int_0;
     goto __pyx_L0;
 
     /* "ssh/sftp_handles.pyx":64
@@ -2438,7 +3811,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":66
@@ -2447,13 +3820,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_close(self._file)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":67
@@ -2462,7 +3834,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *             rc = c_sftp.sftp_close(self._file)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_close(__pyx_v_self->_file);
       }
 
@@ -2472,13 +3844,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_close(self._file)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
@@ -2491,8 +3861,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         self.closed = True
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":69
@@ -2501,27 +3871,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         self.closed = True
  *         return rc
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 69, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 69, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 69, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 69, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 69, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 69, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 69, __pyx_L1_error)
@@ -2532,7 +3908,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         self.closed = True
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":70
@@ -2541,7 +3917,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         self.closed = True             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
   __pyx_v_self->closed = 1;
 
   /* "ssh/sftp_handles.pyx":71
@@ -2550,9 +3926,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def set_nonblocking(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 71, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 71, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -2564,7 +3940,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *     def close(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2586,15 +3962,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_10close(struct __pyx_obj
  *     def set_nonblocking(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_sftp.sftp_file_set_nonblocking(self._file)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking[] = "SFTPFile.set_nonblocking(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking, "SFTPFile.set_nonblocking(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking = {"set_nonblocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_nonblocking (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("set_nonblocking", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("set_nonblocking", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -2613,13 +4018,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking(struct
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_file_set_nonblocking(self._file)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":75
@@ -2628,7 +4032,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking(struct
  *             c_sftp.sftp_file_set_nonblocking(self._file)             # <<<<<<<<<<<<<<
  * 
  *     def set_blocking(self):
- */
+*/
         sftp_file_set_nonblocking(__pyx_v_self->_file);
       }
 
@@ -2638,13 +4042,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking(struct
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_file_set_nonblocking(self._file)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2657,7 +4059,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking(struct
  *     def set_nonblocking(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_sftp.sftp_file_set_nonblocking(self._file)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2672,15 +4074,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking(struct
  *     def set_blocking(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_sftp.sftp_file_set_blocking(self._file)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_14set_blocking[] = "SFTPFile.set_blocking(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_14set_blocking, "SFTPFile.set_blocking(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_15set_blocking = {"set_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_14set_blocking};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("set_blocking (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("set_blocking", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("set_blocking", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_14set_blocking(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -2699,13 +4130,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_14set_blocking(struct __
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_file_set_blocking(self._file)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":79
@@ -2714,7 +4144,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_14set_blocking(struct __
  *             c_sftp.sftp_file_set_blocking(self._file)             # <<<<<<<<<<<<<<
  * 
  *     def read(self, size_t size=1048576):
- */
+*/
         sftp_file_set_blocking(__pyx_v_self->_file);
       }
 
@@ -2724,13 +4154,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_14set_blocking(struct __
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_file_set_blocking(self._file)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -2743,7 +4171,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_14set_blocking(struct __
  *     def set_blocking(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_sftp.sftp_file_set_blocking(self._file)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2758,60 +4186,85 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_14set_blocking(struct __
  *     def read(self, size_t size=1048576):             # <<<<<<<<<<<<<<
  *         cdef ssize_t _size
  *         cdef bytes buf = b''
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_16read[] = "SFTPFile.read(self, size_t size=1048576)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_16read, "SFTPFile.read(self, size_t size=1048576)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_17read = {"read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_16read};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   size_t __pyx_v_size;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("read (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_size,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_size,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 81, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 81, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_size);
-          if (value) { values[0] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "read") < 0)) __PYX_ERR(0, 81, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "read", 0) < 0) __PYX_ERR(0, 81, __pyx_L3_error)
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 81, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
     if (values[0]) {
-      __pyx_v_size = __Pyx_PyInt_As_size_t(values[0]); if (unlikely((__pyx_v_size == (size_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 81, __pyx_L3_error)
+      __pyx_v_size = __Pyx_PyLong_As_size_t(values[0]); if (unlikely((__pyx_v_size == (size_t)-1) && PyErr_Occurred())) __PYX_ERR(0, 81, __pyx_L3_error)
     } else {
       __pyx_v_size = ((size_t)0x100000);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("read", 0, 0, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 81, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("read", 0, 0, 1, __pyx_nargs); __PYX_ERR(0, 81, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.read", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -2819,6 +4272,9 @@ static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read(PyObject *__pyx_v
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v_size);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2852,9 +4308,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *         cdef bytes buf = b''             # <<<<<<<<<<<<<<
  *         cdef char *c_buf
  *         with nogil:
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_buf = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_buf = __pyx_mstate_global->__pyx_kp_b_;
 
   /* "ssh/sftp_handles.pyx":85
  *         cdef bytes buf = b''
@@ -2862,13 +4318,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_buf = <char *>malloc(sizeof(char) * size)
  *             if c_buf is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":86
@@ -2877,7 +4332,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             c_buf = <char *>malloc(sizeof(char) * size)             # <<<<<<<<<<<<<<
  *             if c_buf is NULL:
  *                 with gil:
- */
+*/
         __pyx_v_c_buf = ((char *)malloc(((sizeof(char)) * __pyx_v_size)));
 
         /* "ssh/sftp_handles.pyx":87
@@ -2886,9 +4341,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             if c_buf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v_c_buf == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_c_buf == NULL);
+        if (unlikely(__pyx_t_1)) {
 
           /* "ssh/sftp_handles.pyx":88
  *             c_buf = <char *>malloc(sizeof(char) * size)
@@ -2896,11 +4351,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             _size = c_sftp.sftp_read(self._file, c_buf, size)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
                 /* "ssh/sftp_handles.pyx":89
@@ -2909,7 +4362,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             _size = c_sftp.sftp_read(self._file, c_buf, size)
  *         try:
- */
+*/
                 PyErr_NoMemory(); __PYX_ERR(0, 89, __pyx_L8_error)
               }
 
@@ -2919,12 +4372,10 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             _size = c_sftp.sftp_read(self._file, c_buf, size)
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
@@ -2936,7 +4387,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             if c_buf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
         /* "ssh/sftp_handles.pyx":90
@@ -2945,7 +4396,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             _size = c_sftp.sftp_read(self._file, c_buf, size)             # <<<<<<<<<<<<<<
  *         try:
  *             if _size > 0:
- */
+*/
         __pyx_v__size = sftp_read(__pyx_v_self->_file, __pyx_v_c_buf, __pyx_v_size);
       }
 
@@ -2955,20 +4406,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_buf = <char *>malloc(sizeof(char) * size)
  *             if c_buf is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
@@ -2981,7 +4428,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *         try:             # <<<<<<<<<<<<<<
  *             if _size > 0:
  *                 buf = c_buf[:_size]
- */
+*/
   /*try:*/ {
 
     /* "ssh/sftp_handles.pyx":92
@@ -2990,8 +4437,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             if _size > 0:             # <<<<<<<<<<<<<<
  *                 buf = c_buf[:_size]
  *         finally:
- */
-    __pyx_t_1 = ((__pyx_v__size > 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v__size > 0);
     if (__pyx_t_1) {
 
       /* "ssh/sftp_handles.pyx":93
@@ -3000,7 +4447,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *                 buf = c_buf[:_size]             # <<<<<<<<<<<<<<
  *         finally:
  *             free(c_buf)
- */
+*/
       __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_buf + 0, __pyx_v__size - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 93, __pyx_L11_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF_SET(__pyx_v_buf, ((PyObject*)__pyx_t_2));
@@ -3012,7 +4459,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             if _size > 0:             # <<<<<<<<<<<<<<
  *                 buf = c_buf[:_size]
  *         finally:
- */
+*/
     }
   }
 
@@ -3022,7 +4469,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *             free(c_buf)             # <<<<<<<<<<<<<<
  *         return _size, buf
  * 
- */
+*/
   /*finally:*/ {
     /*normal exit:*/{
       free(__pyx_v_c_buf);
@@ -3034,8 +4481,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
       __Pyx_PyThreadState_assign
       __pyx_t_6 = 0; __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
+       __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
       __Pyx_XGOTREF(__pyx_t_6);
       __Pyx_XGOTREF(__pyx_t_7);
       __Pyx_XGOTREF(__pyx_t_8);
@@ -3046,12 +4493,10 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
       {
         free(__pyx_v_c_buf);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_9);
-        __Pyx_XGIVEREF(__pyx_t_10);
-        __Pyx_XGIVEREF(__pyx_t_11);
-        __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      }
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
       __Pyx_XGIVEREF(__pyx_t_6);
       __Pyx_XGIVEREF(__pyx_t_7);
       __Pyx_XGIVEREF(__pyx_t_8);
@@ -3069,17 +4514,17 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *         return _size, buf             # <<<<<<<<<<<<<<
  * 
  *     def async_read_begin(self, uint32_t length=1048576):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = PyInt_FromSsize_t(__pyx_v__size); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 96, __pyx_L1_error)
+  __pyx_t_2 = PyLong_FromSsize_t(__pyx_v__size); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 96, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_t_12 = PyTuple_New(2); if (unlikely(!__pyx_t_12)) __PYX_ERR(0, 96, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_12);
   __Pyx_GIVEREF(__pyx_t_2);
-  PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 0, __pyx_t_2) != (0)) __PYX_ERR(0, 96, __pyx_L1_error);
   __Pyx_INCREF(__pyx_v_buf);
   __Pyx_GIVEREF(__pyx_v_buf);
-  PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_12, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 96, __pyx_L1_error);
   __pyx_t_2 = 0;
   __pyx_r = __pyx_t_12;
   __pyx_t_12 = 0;
@@ -3091,7 +4536,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *     def read(self, size_t size=1048576):             # <<<<<<<<<<<<<<
  *         cdef ssize_t _size
  *         cdef bytes buf = b''
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3112,60 +4557,85 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_16read(struct __pyx_obj_
  *     def async_read_begin(self, uint32_t length=1048576):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_18async_read_begin[] = "SFTPFile.async_read_begin(self, uint32_t length=1048576)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_18async_read_begin, "SFTPFile.async_read_begin(self, uint32_t length=1048576)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_19async_read_begin = {"async_read_begin", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_18async_read_begin};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v_length;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("async_read_begin (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_length,0};
-    PyObject* values[1] = {0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_length,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 98, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 98, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_length);
-          if (value) { values[0] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "async_read_begin") < 0)) __PYX_ERR(0, 98, __pyx_L3_error)
-      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "async_read_begin", 0) < 0) __PYX_ERR(0, 98, __pyx_L3_error)
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 98, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
     if (values[0]) {
-      __pyx_v_length = __Pyx_PyInt_As_uint32_t(values[0]); if (unlikely((__pyx_v_length == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 98, __pyx_L3_error)
+      __pyx_v_length = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v_length == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 98, __pyx_L3_error)
     } else {
       __pyx_v_length = ((uint32_t)0x100000);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("async_read_begin", 0, 0, 1, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 98, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("async_read_begin", 0, 0, 1, __pyx_nargs); __PYX_ERR(0, 98, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.async_read_begin", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3173,6 +4643,9 @@ static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin(PyObj
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v_length);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3186,6 +4659,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3197,13 +4671,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_async_read_begin(self._file, length)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":101
@@ -3212,7 +4685,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *             rc = c_sftp.sftp_async_read_begin(self._file, length)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_async_read_begin(__pyx_v_self->_file, __pyx_v_length);
       }
 
@@ -3222,13 +4695,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_async_read_begin(self._file, length)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3241,8 +4712,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":103
@@ -3251,27 +4722,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 103, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 103, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 103, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 103, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 103, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 103, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 103, __pyx_L1_error)
@@ -3282,7 +4759,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":104
@@ -3291,9 +4768,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def async_read(self, uint32_t _id, uint32_t length=1048576):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 104, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 104, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -3305,7 +4782,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *     def async_read_begin(self, uint32_t length=1048576):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3327,69 +4804,97 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_18async_read_begin(struc
  *     def async_read(self, uint32_t _id, uint32_t length=1048576):             # <<<<<<<<<<<<<<
  *         cdef int size
  *         cdef bytes buf = b''
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_20async_read[] = "SFTPFile.async_read(self, uint32_t _id, uint32_t length=1048576)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_20async_read, "SFTPFile.async_read(self, uint32_t _id, uint32_t length=1048576)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_21async_read = {"async_read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_20async_read};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v__id;
   uint32_t __pyx_v_length;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[2] = {0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("async_read (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_id,&__pyx_n_s_length,0};
-    PyObject* values[2] = {0,0};
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_id,&__pyx_mstate_global->__pyx_n_u_length,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 106, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 106, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 106, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_id)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_length);
-          if (value) { values[1] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "async_read") < 0)) __PYX_ERR(0, 106, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "async_read", 0) < 0) __PYX_ERR(0, 106, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("async_read", 0, 1, 2, i); __PYX_ERR(0, 106, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+      switch (__pyx_nargs) {
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 106, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 106, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
     }
-    __pyx_v__id = __Pyx_PyInt_As_uint32_t(values[0]); if (unlikely((__pyx_v__id == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 106, __pyx_L3_error)
+    __pyx_v__id = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v__id == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 106, __pyx_L3_error)
     if (values[1]) {
-      __pyx_v_length = __Pyx_PyInt_As_uint32_t(values[1]); if (unlikely((__pyx_v_length == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 106, __pyx_L3_error)
+      __pyx_v_length = __Pyx_PyLong_As_uint32_t(values[1]); if (unlikely((__pyx_v_length == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 106, __pyx_L3_error)
     } else {
       __pyx_v_length = ((uint32_t)0x100000);
     }
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("async_read", 0, 1, 2, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 106, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("async_read", 0, 1, 2, __pyx_nargs); __PYX_ERR(0, 106, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.async_read", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -3397,6 +4902,9 @@ static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read(PyObject *_
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v__id, __pyx_v_length);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3412,15 +4920,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
-  int __pyx_t_6;
+  size_t __pyx_t_6;
   int __pyx_t_7;
-  char const *__pyx_t_8;
-  PyObject *__pyx_t_9 = NULL;
+  int __pyx_t_8;
+  char const *__pyx_t_9;
   PyObject *__pyx_t_10 = NULL;
   PyObject *__pyx_t_11 = NULL;
   PyObject *__pyx_t_12 = NULL;
   PyObject *__pyx_t_13 = NULL;
   PyObject *__pyx_t_14 = NULL;
+  PyObject *__pyx_t_15 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3432,9 +4941,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *         cdef bytes buf = b''             # <<<<<<<<<<<<<<
  *         cdef char *c_buf
  *         with nogil:
- */
-  __Pyx_INCREF(__pyx_kp_b_);
-  __pyx_v_buf = __pyx_kp_b_;
+*/
+  __Pyx_INCREF(__pyx_mstate_global->__pyx_kp_b_);
+  __pyx_v_buf = __pyx_mstate_global->__pyx_kp_b_;
 
   /* "ssh/sftp_handles.pyx":110
  *         cdef bytes buf = b''
@@ -3442,13 +4951,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_buf = <char *>malloc(sizeof(char) * length)
  *             if c_buf is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":111
@@ -3457,7 +4965,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             c_buf = <char *>malloc(sizeof(char) * length)             # <<<<<<<<<<<<<<
  *             if c_buf is NULL:
  *                 with gil:
- */
+*/
         __pyx_v_c_buf = ((char *)malloc(((sizeof(char)) * __pyx_v_length)));
 
         /* "ssh/sftp_handles.pyx":112
@@ -3466,9 +4974,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             if c_buf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
-        __pyx_t_1 = ((__pyx_v_c_buf == NULL) != 0);
-        if (__pyx_t_1) {
+*/
+        __pyx_t_1 = (__pyx_v_c_buf == NULL);
+        if (unlikely(__pyx_t_1)) {
 
           /* "ssh/sftp_handles.pyx":113
  *             c_buf = <char *>malloc(sizeof(char) * length)
@@ -3476,11 +4984,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             size = c_sftp.sftp_async_read(self._file, c_buf, length, _id)
- */
+*/
           {
-              #ifdef WITH_THREAD
               PyGILState_STATE __pyx_gilstate_save = __Pyx_PyGILState_Ensure();
-              #endif
               /*try:*/ {
 
                 /* "ssh/sftp_handles.pyx":114
@@ -3489,7 +4995,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                     raise MemoryError             # <<<<<<<<<<<<<<
  *             size = c_sftp.sftp_async_read(self._file, c_buf, length, _id)
  *         try:
- */
+*/
                 PyErr_NoMemory(); __PYX_ERR(0, 114, __pyx_L8_error)
               }
 
@@ -3499,12 +5005,10 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                 with gil:             # <<<<<<<<<<<<<<
  *                     raise MemoryError
  *             size = c_sftp.sftp_async_read(self._file, c_buf, length, _id)
- */
+*/
               /*finally:*/ {
                 __pyx_L8_error: {
-                  #ifdef WITH_THREAD
                   __Pyx_PyGILState_Release(__pyx_gilstate_save);
-                  #endif
                   goto __pyx_L4_error;
                 }
               }
@@ -3516,7 +5020,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             if c_buf is NULL:             # <<<<<<<<<<<<<<
  *                 with gil:
  *                     raise MemoryError
- */
+*/
         }
 
         /* "ssh/sftp_handles.pyx":115
@@ -3525,7 +5029,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             size = c_sftp.sftp_async_read(self._file, c_buf, length, _id)             # <<<<<<<<<<<<<<
  *         try:
  *             if size > 0:
- */
+*/
         __pyx_v_size = sftp_async_read(__pyx_v_self->_file, __pyx_v_c_buf, __pyx_v_length, __pyx_v__id);
       }
 
@@ -3535,20 +5039,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_buf = <char *>malloc(sizeof(char) * length)
  *             if c_buf is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L4_error: {
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L1_error;
         }
         __pyx_L5:;
@@ -3561,7 +5061,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *         try:             # <<<<<<<<<<<<<<
  *             if size > 0:
  *                 buf = c_buf[:size]
- */
+*/
   /*try:*/ {
 
     /* "ssh/sftp_handles.pyx":117
@@ -3570,8 +5070,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             if size > 0:             # <<<<<<<<<<<<<<
  *                 buf = c_buf[:size]
  *             elif size < 0:
- */
-    __pyx_t_1 = ((__pyx_v_size > 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v_size > 0);
     if (__pyx_t_1) {
 
       /* "ssh/sftp_handles.pyx":118
@@ -3580,7 +5080,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                 buf = c_buf[:size]             # <<<<<<<<<<<<<<
  *             elif size < 0:
  *                 if size == SSH_ERROR:
- */
+*/
       __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_buf + 0, __pyx_v_size - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 118, __pyx_L11_error)
       __Pyx_GOTREF(__pyx_t_2);
       __Pyx_DECREF_SET(__pyx_v_buf, ((PyObject*)__pyx_t_2));
@@ -3592,7 +5092,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             if size > 0:             # <<<<<<<<<<<<<<
  *                 buf = c_buf[:size]
  *             elif size < 0:
- */
+*/
       goto __pyx_L13;
     }
 
@@ -3602,8 +5102,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             elif size < 0:             # <<<<<<<<<<<<<<
  *                 if size == SSH_ERROR:
  *                     raise SFTPError(ssh_get_error(self.sftp.session._session))
- */
-    __pyx_t_1 = ((__pyx_v_size < 0) != 0);
+*/
+    __pyx_t_1 = (__pyx_v_size < 0);
     if (__pyx_t_1) {
 
       /* "ssh/sftp_handles.pyx":120
@@ -3612,7 +5112,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                 if size == SSH_ERROR:             # <<<<<<<<<<<<<<
  *                     raise SFTPError(ssh_get_error(self.sftp.session._session))
  *                 elif size == SSH_AGAIN:
- */
+*/
       switch (__pyx_v_size) {
         case SSH_ERROR:
 
@@ -3622,27 +5122,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                     raise SFTPError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *                 elif size == SSH_AGAIN:
  *                     return SSH_AGAIN, buf
- */
-        __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 121, __pyx_L11_error)
-        __Pyx_GOTREF(__pyx_t_3);
-        __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 121, __pyx_L11_error)
+*/
+        __pyx_t_3 = NULL;
+        __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 121, __pyx_L11_error)
         __Pyx_GOTREF(__pyx_t_4);
-        __pyx_t_5 = NULL;
-        if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-          __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-          if (likely(__pyx_t_5)) {
-            PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-            __Pyx_INCREF(__pyx_t_5);
-            __Pyx_INCREF(function);
-            __Pyx_DECREF_SET(__pyx_t_3, function);
-          }
+        __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 121, __pyx_L11_error)
+        __Pyx_GOTREF(__pyx_t_5);
+        __pyx_t_6 = 1;
+        #if CYTHON_UNPACK_METHODS
+        if (unlikely(PyMethod_Check(__pyx_t_4))) {
+          __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+          assert(__pyx_t_3);
+          PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+          __Pyx_INCREF(__pyx_t_3);
+          __Pyx_INCREF(__pyx__function);
+          __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+          __pyx_t_6 = 0;
+        }
+        #endif
+        {
+          PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+          __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+          __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+          __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+          __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+          if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L11_error)
+          __Pyx_GOTREF(__pyx_t_2);
         }
-        __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-        __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-        __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-        if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 121, __pyx_L11_error)
-        __Pyx_GOTREF(__pyx_t_2);
-        __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
         __Pyx_Raise(__pyx_t_2, 0, 0, 0);
         __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
         __PYX_ERR(0, 121, __pyx_L11_error)
@@ -3653,7 +5159,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                 if size == SSH_ERROR:             # <<<<<<<<<<<<<<
  *                     raise SFTPError(ssh_get_error(self.sftp.session._session))
  *                 elif size == SSH_AGAIN:
- */
+*/
         break;
         case SSH_AGAIN:
 
@@ -3663,20 +5169,20 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                     return SSH_AGAIN, buf             # <<<<<<<<<<<<<<
  *         finally:
  *             free(c_buf)
- */
+*/
         __Pyx_XDECREF(__pyx_r);
-        __pyx_t_2 = __Pyx_PyInt_From_int(SSH_AGAIN); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 123, __pyx_L11_error)
+        __pyx_t_2 = __Pyx_PyLong_From___pyx_anon_enum(SSH_AGAIN); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 123, __pyx_L11_error)
         __Pyx_GOTREF(__pyx_t_2);
-        __pyx_t_3 = PyTuple_New(2); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 123, __pyx_L11_error)
-        __Pyx_GOTREF(__pyx_t_3);
+        __pyx_t_4 = PyTuple_New(2); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 123, __pyx_L11_error)
+        __Pyx_GOTREF(__pyx_t_4);
         __Pyx_GIVEREF(__pyx_t_2);
-        PyTuple_SET_ITEM(__pyx_t_3, 0, __pyx_t_2);
+        if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 0, __pyx_t_2) != (0)) __PYX_ERR(0, 123, __pyx_L11_error);
         __Pyx_INCREF(__pyx_v_buf);
         __Pyx_GIVEREF(__pyx_v_buf);
-        PyTuple_SET_ITEM(__pyx_t_3, 1, __pyx_v_buf);
+        if (__Pyx_PyTuple_SET_ITEM(__pyx_t_4, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 123, __pyx_L11_error);
         __pyx_t_2 = 0;
-        __pyx_r = __pyx_t_3;
-        __pyx_t_3 = 0;
+        __pyx_r = __pyx_t_4;
+        __pyx_t_4 = 0;
         goto __pyx_L10_return;
 
         /* "ssh/sftp_handles.pyx":122
@@ -3685,7 +5191,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *                 elif size == SSH_AGAIN:             # <<<<<<<<<<<<<<
  *                     return SSH_AGAIN, buf
  *         finally:
- */
+*/
         break;
         default: break;
       }
@@ -3696,7 +5202,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             elif size < 0:             # <<<<<<<<<<<<<<
  *                 if size == SSH_ERROR:
  *                     raise SFTPError(ssh_get_error(self.sftp.session._session))
- */
+*/
     }
     __pyx_L13:;
   }
@@ -3707,7 +5213,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *             free(c_buf)             # <<<<<<<<<<<<<<
  *         return size, buf
  * 
- */
+*/
   /*finally:*/ {
     /*normal exit:*/{
       free(__pyx_v_c_buf);
@@ -3717,43 +5223,41 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
     /*exception exit:*/{
       __Pyx_PyThreadState_declare
       __Pyx_PyThreadState_assign
-      __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0; __pyx_t_12 = 0; __pyx_t_13 = 0; __pyx_t_14 = 0;
+      __pyx_t_10 = 0; __pyx_t_11 = 0; __pyx_t_12 = 0; __pyx_t_13 = 0; __pyx_t_14 = 0; __pyx_t_15 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
       __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
       __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
       __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_12, &__pyx_t_13, &__pyx_t_14);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11) < 0)) __Pyx_ErrFetch(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      __Pyx_XGOTREF(__pyx_t_9);
+       __Pyx_ExceptionSwap(&__pyx_t_13, &__pyx_t_14, &__pyx_t_15);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_10, &__pyx_t_11, &__pyx_t_12) < 0)) __Pyx_ErrFetch(&__pyx_t_10, &__pyx_t_11, &__pyx_t_12);
       __Pyx_XGOTREF(__pyx_t_10);
       __Pyx_XGOTREF(__pyx_t_11);
       __Pyx_XGOTREF(__pyx_t_12);
       __Pyx_XGOTREF(__pyx_t_13);
       __Pyx_XGOTREF(__pyx_t_14);
-      __pyx_t_6 = __pyx_lineno; __pyx_t_7 = __pyx_clineno; __pyx_t_8 = __pyx_filename;
+      __Pyx_XGOTREF(__pyx_t_15);
+      __pyx_t_7 = __pyx_lineno; __pyx_t_8 = __pyx_clineno; __pyx_t_9 = __pyx_filename;
       {
         free(__pyx_v_c_buf);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_12);
-        __Pyx_XGIVEREF(__pyx_t_13);
-        __Pyx_XGIVEREF(__pyx_t_14);
-        __Pyx_ExceptionReset(__pyx_t_12, __pyx_t_13, __pyx_t_14);
-      }
-      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_13);
+      __Pyx_XGIVEREF(__pyx_t_14);
+      __Pyx_XGIVEREF(__pyx_t_15);
+      __Pyx_ExceptionReset(__pyx_t_13, __pyx_t_14, __pyx_t_15);
       __Pyx_XGIVEREF(__pyx_t_10);
       __Pyx_XGIVEREF(__pyx_t_11);
-      __Pyx_ErrRestore(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0; __pyx_t_12 = 0; __pyx_t_13 = 0; __pyx_t_14 = 0;
-      __pyx_lineno = __pyx_t_6; __pyx_clineno = __pyx_t_7; __pyx_filename = __pyx_t_8;
+      __Pyx_XGIVEREF(__pyx_t_12);
+      __Pyx_ErrRestore(__pyx_t_10, __pyx_t_11, __pyx_t_12);
+      __pyx_t_10 = 0; __pyx_t_11 = 0; __pyx_t_12 = 0; __pyx_t_13 = 0; __pyx_t_14 = 0; __pyx_t_15 = 0;
+      __pyx_lineno = __pyx_t_7; __pyx_clineno = __pyx_t_8; __pyx_filename = __pyx_t_9;
       goto __pyx_L1_error;
     }
     __pyx_L10_return: {
-      __pyx_t_14 = __pyx_r;
+      __pyx_t_15 = __pyx_r;
       __pyx_r = 0;
       free(__pyx_v_c_buf);
-      __pyx_r = __pyx_t_14;
-      __pyx_t_14 = 0;
+      __pyx_r = __pyx_t_15;
+      __pyx_t_15 = 0;
       goto __pyx_L0;
     }
     __pyx_L12:;
@@ -3765,18 +5269,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *         return size, buf             # <<<<<<<<<<<<<<
  * 
  *     def write(self, bytes data):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_v_size); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 126, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_4 = __Pyx_PyLong_From_int(__pyx_v_size); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 126, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
   __pyx_t_2 = PyTuple_New(2); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 126, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_GIVEREF(__pyx_t_3);
-  PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_3);
+  __Pyx_GIVEREF(__pyx_t_4);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_t_4) != (0)) __PYX_ERR(0, 126, __pyx_L1_error);
   __Pyx_INCREF(__pyx_v_buf);
   __Pyx_GIVEREF(__pyx_v_buf);
-  PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_v_buf);
-  __pyx_t_3 = 0;
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 1, __pyx_v_buf) != (0)) __PYX_ERR(0, 126, __pyx_L1_error);
+  __pyx_t_4 = 0;
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
@@ -3787,7 +5291,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *     def async_read(self, uint32_t _id, uint32_t length=1048576):             # <<<<<<<<<<<<<<
  *         cdef int size
  *         cdef bytes buf = b''
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -3810,26 +5314,100 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_20async_read(struct __py
  *     def write(self, bytes data):             # <<<<<<<<<<<<<<
  *         cdef ssize_t rc
  *         cdef const char *c_data = data
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write(PyObject *__pyx_v_self, PyObject *__pyx_v_data); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_22write[] = "SFTPFile.write(self, bytes data)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write(PyObject *__pyx_v_self, PyObject *__pyx_v_data) {
-  int __pyx_lineno = 0;
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_22write, "SFTPFile.write(self, bytes data)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_23write = {"write", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_22write};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  PyObject *__pyx_v_data = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("write (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_data,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 128, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 128, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "write", 0) < 0) __PYX_ERR(0, 128, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("write", 1, 1, 1, i); __PYX_ERR(0, 128, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 128, __pyx_L3_error)
+    }
+    __pyx_v_data = ((PyObject*)values[0]);
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("write", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 128, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.write", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
   if (unlikely(!__Pyx_ArgTypeTest(((PyObject *)__pyx_v_data), (&PyBytes_Type), 1, "data", 1))) __PYX_ERR(0, 128, __pyx_L1_error)
-  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), ((PyObject*)__pyx_v_data));
+  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v_data);
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -3847,6 +5425,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
   PyObject *__pyx_t_7 = NULL;
+  size_t __pyx_t_8;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3858,7 +5437,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         cdef const char *c_data = data             # <<<<<<<<<<<<<<
  *         cdef size_t data_len = len(data)
  *         with nogil:
- */
+*/
   if (unlikely(__pyx_v_data == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "expected bytes, NoneType found");
     __PYX_ERR(0, 130, __pyx_L1_error)
@@ -3872,12 +5451,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         cdef size_t data_len = len(data)             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_sftp.sftp_write(self._file, c_data, data_len)
- */
+*/
   if (unlikely(__pyx_v_data == Py_None)) {
     PyErr_SetString(PyExc_TypeError, "object of type 'NoneType' has no len()");
     __PYX_ERR(0, 131, __pyx_L1_error)
   }
-  __pyx_t_2 = PyBytes_GET_SIZE(__pyx_v_data); if (unlikely(__pyx_t_2 == ((Py_ssize_t)-1))) __PYX_ERR(0, 131, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyBytes_GET_SIZE(__pyx_v_data); if (unlikely(__pyx_t_2 == ((Py_ssize_t)-1))) __PYX_ERR(0, 131, __pyx_L1_error)
   __pyx_v_data_len = __pyx_t_2;
 
   /* "ssh/sftp_handles.pyx":132
@@ -3886,13 +5465,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_write(self._file, c_data, data_len)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":133
@@ -3901,7 +5479,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *             rc = c_sftp.sftp_write(self._file, c_data, data_len)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_write(__pyx_v_self->_file, __pyx_v_c_data, __pyx_v_data_len);
       }
 
@@ -3911,13 +5489,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_write(self._file, c_data, data_len)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -3930,8 +5506,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_3 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_3 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_3)) {
 
     /* "ssh/sftp_handles.pyx":135
@@ -3940,27 +5516,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *             raise SFTPError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 135, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 135, __pyx_L1_error)
+*/
+    __pyx_t_5 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_6, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 135, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_6);
-    __pyx_t_7 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_5))) {
-      __pyx_t_7 = PyMethod_GET_SELF(__pyx_t_5);
-      if (likely(__pyx_t_7)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_5);
-        __Pyx_INCREF(__pyx_t_7);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_5, function);
-      }
+    __pyx_t_7 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 135, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_7);
+    __pyx_t_8 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_6))) {
+      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_6);
+      assert(__pyx_t_5);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_6);
+      __Pyx_INCREF(__pyx_t_5);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_6, __pyx__function);
+      __pyx_t_8 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_5, __pyx_t_7};
+      __pyx_t_4 = __Pyx_PyObject_FastCall(__pyx_t_6, __pyx_callargs+__pyx_t_8, (2-__pyx_t_8) | (__pyx_t_8*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
+      __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+      if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 135, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_4);
     }
-    __pyx_t_4 = (__pyx_t_7) ? __Pyx_PyObject_Call2Args(__pyx_t_5, __pyx_t_7, __pyx_t_6) : __Pyx_PyObject_CallOneArg(__pyx_t_5, __pyx_t_6);
-    __Pyx_XDECREF(__pyx_t_7); __pyx_t_7 = 0;
-    __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
-    if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 135, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_4);
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
     __Pyx_Raise(__pyx_t_4, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
     __PYX_ERR(0, 135, __pyx_L1_error)
@@ -3971,7 +5553,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":136
@@ -3980,9 +5562,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def seek(self, uint32_t offset):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = PyInt_FromSsize_t(__pyx_v_rc); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 136, __pyx_L1_error)
+  __pyx_t_4 = PyLong_FromSsize_t(__pyx_v_rc); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 136, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
   __pyx_r = __pyx_t_4;
   __pyx_t_4 = 0;
@@ -3994,7 +5576,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *     def write(self, bytes data):             # <<<<<<<<<<<<<<
  *         cdef ssize_t rc
  *         cdef const char *c_data = data
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4016,31 +5598,90 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_22write(struct __pyx_obj
  *     def seek(self, uint32_t offset):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek(PyObject *__pyx_v_self, PyObject *__pyx_arg_offset); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_24seek[] = "SFTPFile.seek(self, uint32_t offset)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek(PyObject *__pyx_v_self, PyObject *__pyx_arg_offset) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_24seek, "SFTPFile.seek(self, uint32_t offset)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_25seek = {"seek", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_24seek};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint32_t __pyx_v_offset;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("seek (wrapper)", 0);
-  assert(__pyx_arg_offset); {
-    __pyx_v_offset = __Pyx_PyInt_As_uint32_t(__pyx_arg_offset); if (unlikely((__pyx_v_offset == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 138, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_offset,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 138, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 138, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "seek", 0) < 0) __PYX_ERR(0, 138, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("seek", 1, 1, 1, i); __PYX_ERR(0, 138, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 138, __pyx_L3_error)
+    }
+    __pyx_v_offset = __Pyx_PyLong_As_uint32_t(values[0]); if (unlikely((__pyx_v_offset == ((uint32_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 138, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("seek", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 138, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.seek", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), ((uint32_t)__pyx_v_offset));
+  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v_offset);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4054,6 +5695,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4065,13 +5707,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_seek(self._file, offset)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":141
@@ -4080,7 +5721,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *             rc = c_sftp.sftp_seek(self._file, offset)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_seek(__pyx_v_self->_file, __pyx_v_offset);
       }
 
@@ -4090,13 +5731,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_seek(self._file, offset)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4109,8 +5748,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":143
@@ -4119,27 +5758,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 143, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 143, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 143, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 143, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 143, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 143, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 143, __pyx_L1_error)
@@ -4150,7 +5795,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":144
@@ -4159,9 +5804,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def seek64(self, uint64_t offset):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 144, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 144, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -4173,7 +5818,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *     def seek(self, uint32_t offset):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4195,31 +5840,90 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_24seek(struct __pyx_obj_
  *     def seek64(self, uint64_t offset):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64(PyObject *__pyx_v_self, PyObject *__pyx_arg_offset); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_26seek64[] = "SFTPFile.seek64(self, uint64_t offset)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64(PyObject *__pyx_v_self, PyObject *__pyx_arg_offset) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_26seek64, "SFTPFile.seek64(self, uint64_t offset)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_27seek64 = {"seek64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_26seek64};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   uint64_t __pyx_v_offset;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("seek64 (wrapper)", 0);
-  assert(__pyx_arg_offset); {
-    __pyx_v_offset = __Pyx_PyInt_As_uint64_t(__pyx_arg_offset); if (unlikely((__pyx_v_offset == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 146, __pyx_L3_error)
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_offset,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 146, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 146, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "seek64", 0) < 0) __PYX_ERR(0, 146, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("seek64", 1, 1, 1, i); __PYX_ERR(0, 146, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 146, __pyx_L3_error)
+    }
+    __pyx_v_offset = __Pyx_PyLong_As_uint64_t(values[0]); if (unlikely((__pyx_v_offset == ((uint64_t)-1)) && PyErr_Occurred())) __PYX_ERR(0, 146, __pyx_L3_error)
   }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("seek64", 1, 1, 1, __pyx_nargs); __PYX_ERR(0, 146, __pyx_L3_error)
+  __pyx_L6_skip:;
   goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.seek64", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
   __pyx_L4_argument_unpacking_done:;
-  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), ((uint64_t)__pyx_v_offset));
+  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v_offset);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -4233,6 +5937,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4244,13 +5949,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_seek64(self._file, offset)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":149
@@ -4259,7 +5963,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *             rc = c_sftp.sftp_seek64(self._file, offset)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_seek64(__pyx_v_self->_file, __pyx_v_offset);
       }
 
@@ -4269,13 +5973,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_seek64(self._file, offset)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4288,8 +5990,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":151
@@ -4298,27 +6000,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 151, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 151, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 151, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 151, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 151, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 151, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 151, __pyx_L1_error)
@@ -4329,7 +6037,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":152
@@ -4338,9 +6046,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def tell(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 152, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 152, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -4352,7 +6060,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *     def seek64(self, uint64_t offset):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4374,15 +6082,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_26seek64(struct __pyx_ob
  *     def tell(self):             # <<<<<<<<<<<<<<
  *         cdef unsigned long rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_28tell[] = "SFTPFile.tell(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_28tell, "SFTPFile.tell(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_29tell = {"tell", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_28tell};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("tell (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("tell", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("tell", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -4399,6 +6136,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4410,13 +6148,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_tell(self._file)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":157
@@ -4425,7 +6162,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *             rc = c_sftp.sftp_tell(self._file)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_tell(__pyx_v_self->_file);
       }
 
@@ -4435,13 +6172,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_tell(self._file)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4454,8 +6189,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":159
@@ -4464,27 +6199,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 159, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 159, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 159, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 159, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 159, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 159, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 159, __pyx_L1_error)
@@ -4495,7 +6236,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":160
@@ -4504,9 +6245,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def tell64(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_unsigned_long(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 160, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_unsigned_long(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 160, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -4518,7 +6259,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *     def tell(self):             # <<<<<<<<<<<<<<
  *         cdef unsigned long rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4540,15 +6281,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_28tell(struct __pyx_obj_
  *     def tell64(self):             # <<<<<<<<<<<<<<
  *         cdef uint64_t rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_30tell64[] = "SFTPFile.tell64(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_30tell64, "SFTPFile.tell64(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_31tell64 = {"tell64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_30tell64};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("tell64 (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("tell64", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("tell64", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -4565,6 +6335,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4576,13 +6347,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_tell64(self._file)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":165
@@ -4591,7 +6361,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *             rc = c_sftp.sftp_tell64(self._file)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_tell64(__pyx_v_self->_file);
       }
 
@@ -4601,13 +6371,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_tell64(self._file)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4620,8 +6388,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":167
@@ -4630,27 +6398,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 167, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 167, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 167, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 167, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 167, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 167, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 167, __pyx_L1_error)
@@ -4661,7 +6435,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":168
@@ -4670,9 +6444,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     def rewind(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 168, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_uint64_t(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 168, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -4684,7 +6458,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *     def tell64(self):             # <<<<<<<<<<<<<<
  *         cdef uint64_t rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4706,15 +6480,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_30tell64(struct __pyx_ob
  *     def rewind(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_sftp.sftp_rewind(self._file)
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_32rewind[] = "SFTPFile.rewind(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_32rewind, "SFTPFile.rewind(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_33rewind = {"rewind", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_32rewind};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("rewind (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("rewind", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("rewind", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_32rewind(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -4733,13 +6536,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_32rewind(struct __pyx_ob
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_rewind(self._file)
  * 
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":172
@@ -4748,7 +6550,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_32rewind(struct __pyx_ob
  *             c_sftp.sftp_rewind(self._file)             # <<<<<<<<<<<<<<
  * 
  *     def fstatvfs(self):
- */
+*/
         sftp_rewind(__pyx_v_self->_file);
       }
 
@@ -4758,13 +6560,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_32rewind(struct __pyx_ob
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_rewind(self._file)
  * 
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4777,7 +6577,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_32rewind(struct __pyx_ob
  *     def rewind(self):             # <<<<<<<<<<<<<<
  *         with nogil:
  *             c_sftp.sftp_rewind(self._file)
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -4792,15 +6592,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_32rewind(struct __pyx_ob
  *     def fstatvfs(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPStatVFS vfs
  *         cdef c_sftp.sftp_statvfs_t c_vfs
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_34fstatvfs[] = "SFTPFile.fstatvfs(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_34fstatvfs, "SFTPFile.fstatvfs(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_35fstatvfs = {"fstatvfs", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_34fstatvfs};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("fstatvfs (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("fstatvfs", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("fstatvfs", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -4818,6 +6647,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -4829,13 +6659,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_vfs = c_sftp.sftp_fstatvfs(self._file)
  *         if c_vfs is NULL:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":178
@@ -4844,7 +6673,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *             c_vfs = c_sftp.sftp_fstatvfs(self._file)             # <<<<<<<<<<<<<<
  *         if c_vfs is NULL:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_c_vfs = sftp_fstatvfs(__pyx_v_self->_file);
       }
 
@@ -4854,13 +6683,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_vfs = c_sftp.sftp_fstatvfs(self._file)
  *         if c_vfs is NULL:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -4873,8 +6700,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *         if c_vfs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self.sftp)
- */
-  __pyx_t_1 = ((__pyx_v_c_vfs == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_c_vfs == NULL);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":180
@@ -4883,27 +6710,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self.sftp)
  *         return vfs
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 180, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 180, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 180, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 180, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 180, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 180, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 180, __pyx_L1_error)
@@ -4914,7 +6747,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *         if c_vfs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self.sftp)
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":181
@@ -4923,14 +6756,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *         vfs = SFTPStatVFS.from_ptr(c_vfs, self.sftp)             # <<<<<<<<<<<<<<
  *         return vfs
  * 
- */
+*/
   __pyx_t_2 = ((PyObject *)__pyx_v_self->sftp);
   __Pyx_INCREF(__pyx_t_2);
-  __pyx_t_3 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS->from_ptr(__pyx_v_c_vfs, ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_2))); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 181, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_4 = ((PyObject *)__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS->from_ptr(__pyx_v_c_vfs, ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_2))); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 181, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_4);
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_v_vfs = ((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_t_3);
-  __pyx_t_3 = 0;
+  __pyx_v_vfs = ((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_t_4);
+  __pyx_t_4 = 0;
 
   /* "ssh/sftp_handles.pyx":182
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
@@ -4938,9 +6771,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *         return vfs             # <<<<<<<<<<<<<<
  * 
  *     def fsync(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_vfs));
+  __Pyx_INCREF((PyObject *)__pyx_v_vfs);
   __pyx_r = ((PyObject *)__pyx_v_vfs);
   goto __pyx_L0;
 
@@ -4950,7 +6783,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *     def fstatvfs(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPStatVFS vfs
  *         cdef c_sftp.sftp_statvfs_t c_vfs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -4973,15 +6806,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_34fstatvfs(struct __pyx_
  *     def fsync(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_36fsync[] = "SFTPFile.fsync(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_36fsync, "SFTPFile.fsync(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_37fsync = {"fsync", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_36fsync};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("fsync (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("fsync", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("fsync", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -4998,6 +6860,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5009,13 +6872,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_fsync(self._file)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":187
@@ -5024,7 +6886,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *             rc = c_sftp.sftp_fsync(self._file)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_fsync(__pyx_v_self->_file);
       }
 
@@ -5034,13 +6896,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_fsync(self._file)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -5053,8 +6913,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":189
@@ -5063,27 +6923,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 189, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 189, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 189, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 189, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 189, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 189, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 189, __pyx_L1_error)
@@ -5094,7 +6960,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         return rc
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":190
@@ -5103,9 +6969,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *         return rc             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 190, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 190, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -5117,7 +6983,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *     def fsync(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5139,14 +7005,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_36fsync(struct __pyx_obj
  *     cdef readonly SFTP sftp             # <<<<<<<<<<<<<<
  *     cdef readonly bint closed
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_4sftp_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_4sftp_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_4sftp___get__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -5159,7 +7027,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_4sftp___get__(struct __p
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->sftp);
   __pyx_r = ((PyObject *)__pyx_v_self->sftp);
   goto __pyx_L0;
 
@@ -5176,14 +7044,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_4sftp___get__(struct __p
  *     cdef readonly bint closed             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_6closed_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_6closed_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_6closed___get__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -5219,17 +7089,46 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_6closed___get__(struct _
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__[] = "SFTPFile.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__, "SFTPFile.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self));
 
   /* function exit code */
@@ -5240,7 +7139,6 @@ static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__(PyOb
 static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5248,25 +7146,21 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__(CYTH
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__file_cannot_be_converted_t, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -5276,21 +7170,93 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__(CYTH
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__[] = "SFTPFile.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__, "SFTPFile.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)__pyx_v_self), __pyx_v___pyx_state);
 
   /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5298,33 +7264,28 @@ static PyObject *__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__(Py
 static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__3, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__file_cannot_be_converted_t, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPFile.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -5338,13 +7299,15 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__(CY
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if not self.closed:
  *             self.closedir()
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_12sftp_handles_7SFTPDir_1__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_12sftp_handles_7SFTPDir_1__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_12sftp_handles_7SFTPDir___dealloc__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -5356,7 +7319,7 @@ static void __pyx_pf_3ssh_12sftp_handles_7SFTPDir___dealloc__(struct __pyx_obj_3
   int __pyx_t_1;
   PyObject *__pyx_t_2 = NULL;
   PyObject *__pyx_t_3 = NULL;
-  PyObject *__pyx_t_4 = NULL;
+  size_t __pyx_t_4;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5368,8 +7331,8 @@ static void __pyx_pf_3ssh_12sftp_handles_7SFTPDir___dealloc__(struct __pyx_obj_3
  *         if not self.closed:             # <<<<<<<<<<<<<<
  *             self.closedir()
  * 
- */
-  __pyx_t_1 = ((!(__pyx_v_self->closed != 0)) != 0);
+*/
+  __pyx_t_1 = (!__pyx_v_self->closed);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_handles.pyx":197
@@ -5378,24 +7341,17 @@ static void __pyx_pf_3ssh_12sftp_handles_7SFTPDir___dealloc__(struct __pyx_obj_3
  *             self.closedir()             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
-    __pyx_t_3 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_closedir); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 197, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = NULL;
-    if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_4)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_4);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+*/
+    __pyx_t_3 = ((PyObject *)__pyx_v_self);
+    __Pyx_INCREF(__pyx_t_3);
+    __pyx_t_4 = 0;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+      __pyx_t_2 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_closedir, __pyx_callargs+__pyx_t_4, (1-__pyx_t_4) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 197, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_4) ? __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4) : __Pyx_PyObject_CallNoArg(__pyx_t_3);
-    __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 197, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
     /* "ssh/sftp_handles.pyx":196
@@ -5404,7 +7360,7 @@ static void __pyx_pf_3ssh_12sftp_handles_7SFTPDir___dealloc__(struct __pyx_obj_3
  *         if not self.closed:             # <<<<<<<<<<<<<<
  *             self.closedir()
  * 
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":195
@@ -5413,26 +7369,25 @@ static void __pyx_pf_3ssh_12sftp_handles_7SFTPDir___dealloc__(struct __pyx_obj_3
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if not self.closed:
  *             self.closedir()
- */
+*/
 
   /* function exit code */
   goto __pyx_L0;
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_2);
   __Pyx_XDECREF(__pyx_t_3);
-  __Pyx_XDECREF(__pyx_t_4);
   __Pyx_WriteUnraisable("ssh.sftp_handles.SFTPDir.__dealloc__", __pyx_clineno, __pyx_lineno, __pyx_filename, 1, 0);
   __pyx_L0:;
   __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/sftp_handles.pyx":200
+/* "ssh/sftp_handles.pyx":199
+ *             self.closedir()
  * 
- *     @staticmethod
- *     cdef SFTPDir from_ptr(c_sftp.sftp_dir _dir, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPDir from_ptr(c_sftp.sftp_dir _dir, SFTP sftp):
  *         cdef SFTPDir _fh = SFTPDir.__new__(SFTPDir, sftp)
- *         _fh._dir = _dir
- */
+*/
 
 static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles_7SFTPDir_from_ptr(sftp_dir __pyx_v__dir, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp) {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v__fh = 0;
@@ -5451,14 +7406,14 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles
  *         cdef SFTPDir _fh = SFTPDir.__new__(SFTPDir, sftp)             # <<<<<<<<<<<<<<
  *         _fh._dir = _dir
  *         _fh.sftp = sftp
- */
+*/
   __pyx_t_1 = PyTuple_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 201, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_sftp));
-  PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_sftp));
-  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_12sftp_handles_SFTPDir(((PyTypeObject *)__pyx_ptype_3ssh_12sftp_handles_SFTPDir), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 201, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_2));
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_sftp);
+  if (__Pyx_PyTuple_SET_ITEM(__pyx_t_1, 0, ((PyObject *)__pyx_v_sftp)) != (0)) __PYX_ERR(0, 201, __pyx_L1_error);
+  __pyx_t_2 = ((PyObject *)__pyx_tp_new_3ssh_12sftp_handles_SFTPDir(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir), __pyx_t_1, NULL)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 201, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_2);
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_v__fh = ((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_t_2);
   __pyx_t_2 = 0;
@@ -5469,7 +7424,7 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles
  *         _fh._dir = _dir             # <<<<<<<<<<<<<<
  *         _fh.sftp = sftp
  *         return _fh
- */
+*/
   __pyx_v__fh->_dir = __pyx_v__dir;
 
   /* "ssh/sftp_handles.pyx":203
@@ -5478,11 +7433,11 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles
  *         _fh.sftp = sftp             # <<<<<<<<<<<<<<
  *         return _fh
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GOTREF(__pyx_v__fh->sftp);
-  __Pyx_DECREF(((PyObject *)__pyx_v__fh->sftp));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GOTREF((PyObject *)__pyx_v__fh->sftp);
+  __Pyx_DECREF((PyObject *)__pyx_v__fh->sftp);
   __pyx_v__fh->sftp = __pyx_v_sftp;
 
   /* "ssh/sftp_handles.pyx":204
@@ -5491,19 +7446,19 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles
  *         return _fh             # <<<<<<<<<<<<<<
  * 
  *     def __enter__(self):
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__fh));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__fh);
   __pyx_r = __pyx_v__fh;
   goto __pyx_L0;
 
-  /* "ssh/sftp_handles.pyx":200
+  /* "ssh/sftp_handles.pyx":199
+ *             self.closedir()
  * 
- *     @staticmethod
- *     cdef SFTPDir from_ptr(c_sftp.sftp_dir _dir, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPDir from_ptr(c_sftp.sftp_dir _dir, SFTP sftp):
  *         cdef SFTPDir _fh = SFTPDir.__new__(SFTPDir, sftp)
- *         _fh._dir = _dir
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5524,15 +7479,44 @@ static struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_f_3ssh_12sftp_handles
  *     def __enter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_2__enter__[] = "SFTPDir.__enter__(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_2__enter__, "SFTPDir.__enter__(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_3__enter__ = {"__enter__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_2__enter__};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__enter__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__enter__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__enter__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_2__enter__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -5551,9 +7535,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_2__enter__(struct __pyx_o
  *         return self             # <<<<<<<<<<<<<<
  * 
  *     def __exit__(self, *args):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self));
+  __Pyx_INCREF((PyObject *)__pyx_v_self);
   __pyx_r = ((PyObject *)__pyx_v_self);
   goto __pyx_L0;
 
@@ -5563,7 +7547,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_2__enter__(struct __pyx_o
  *     def __enter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -5578,23 +7562,34 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_2__enter__(struct __pyx_o
  *     def __exit__(self, *args):             # <<<<<<<<<<<<<<
  *         self.closedir()
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_5__exit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_4__exit__[] = "SFTPDir.__exit__(self, *args)";
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_4__exit__, "SFTPDir.__exit__(self, *args)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_5__exit__ = {"__exit__", (PyCFunction)(void(*)(void))(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_5__exit__, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_4__exit__};
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_5__exit__(PyObject *__pyx_v_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
   CYTHON_UNUSED PyObject *__pyx_v_args = 0;
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__exit__ (wrapper)", 0);
-  if (unlikely(__pyx_kwds) && unlikely(PyDict_Size(__pyx_kwds) > 0) && unlikely(!__Pyx_CheckKeywordStrings(__pyx_kwds, "__exit__", 0))) return NULL;
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_VARARGS(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__exit__", __pyx_kwds); return NULL;}
   __Pyx_INCREF(__pyx_args);
   __pyx_v_args = __pyx_args;
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_4__exit__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self), __pyx_v_args);
 
   /* function exit code */
-  __Pyx_XDECREF(__pyx_v_args);
+  __Pyx_DECREF(__pyx_v_args);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -5604,7 +7599,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4__exit__(struct __pyx_ob
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5616,24 +7611,17 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4__exit__(struct __pyx_ob
  *         self.closedir()             # <<<<<<<<<<<<<<
  * 
  *     def __iter__(self):
- */
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_closedir); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 210, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+*/
+  __pyx_t_2 = ((PyObject *)__pyx_v_self);
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_closedir, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 210, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 210, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "ssh/sftp_handles.pyx":209
@@ -5642,7 +7630,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4__exit__(struct __pyx_ob
  *     def __exit__(self, *args):             # <<<<<<<<<<<<<<
  *         self.closedir()
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -5650,7 +7638,6 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4__exit__(struct __pyx_ob
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPDir.__exit__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -5665,14 +7652,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4__exit__(struct __pyx_ob
  *     def __iter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_7__iter__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_7__iter__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__iter__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_6__iter__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -5691,9 +7680,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_6__iter__(struct __pyx_ob
  *         return self             # <<<<<<<<<<<<<<
  * 
  *     def __next__(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self));
+  __Pyx_INCREF((PyObject *)__pyx_v_self);
   __pyx_r = ((PyObject *)__pyx_v_self);
   goto __pyx_L0;
 
@@ -5703,7 +7692,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_6__iter__(struct __pyx_ob
  *     def __iter__(self):             # <<<<<<<<<<<<<<
  *         return self
  * 
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -5718,14 +7707,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_6__iter__(struct __pyx_ob
  *     def __next__(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         _attrs = self.readdir()
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__next__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -5737,9 +7728,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v__attrs = 0;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
+  int __pyx_error_without_exception = 0; /* StopIteration */
   PyObject *__pyx_t_1 = NULL;
   int __pyx_t_2;
-  int __pyx_t_3;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -5751,7 +7742,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
  *         _attrs = self.readdir()             # <<<<<<<<<<<<<<
  *         while _attrs is not None:
  *             return _attrs
- */
+*/
   __pyx_t_1 = ((PyObject *)((struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self->__pyx_vtab)->readdir(__pyx_v_self, 0)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 217, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
   __pyx_v__attrs = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_1);
@@ -5763,11 +7754,10 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
  *         while _attrs is not None:             # <<<<<<<<<<<<<<
  *             return _attrs
  *         raise StopIteration
- */
+*/
   while (1) {
     __pyx_t_2 = (((PyObject *)__pyx_v__attrs) != Py_None);
-    __pyx_t_3 = (__pyx_t_2 != 0);
-    if (!__pyx_t_3) break;
+    if (!__pyx_t_2) break;
 
     /* "ssh/sftp_handles.pyx":219
  *         _attrs = self.readdir()
@@ -5775,9 +7765,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
  *             return _attrs             # <<<<<<<<<<<<<<
  *         raise StopIteration
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_INCREF(((PyObject *)__pyx_v__attrs));
+    __Pyx_INCREF((PyObject *)__pyx_v__attrs);
     __pyx_r = ((PyObject *)__pyx_v__attrs);
     goto __pyx_L0;
   }
@@ -5788,9 +7778,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
  *         raise StopIteration             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
-  __Pyx_Raise(__pyx_builtin_StopIteration, 0, 0, 0);
-  __PYX_ERR(0, 220, __pyx_L1_error)
+*/
+  __pyx_error_without_exception = 1;
+  goto __pyx_L1_error;;
 
   /* "ssh/sftp_handles.pyx":215
  *         return self
@@ -5798,12 +7788,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
  *     def __next__(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         _attrs = self.readdir()
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_AddTraceback("ssh.sftp_handles.SFTPDir.__next__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  if (!__pyx_error_without_exception) {
+    __Pyx_AddTraceback("ssh.sftp_handles.SFTPDir.__next__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  }
   __pyx_r = NULL;
   __pyx_L0:;
   __Pyx_XDECREF((PyObject *)__pyx_v__attrs);
@@ -5812,20 +7804,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_8__next__(struct __pyx_ob
   return __pyx_r;
 }
 
-/* "ssh/sftp_handles.pyx":223
+/* "ssh/sftp_handles.pyx":222
+ *         raise StopIteration
  * 
- *     @property
- *     def sftp_session(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def sftp_session(self):
  *         return self.sftp
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_12sftp_session_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_12sftp_session_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_12sftp_session___get__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -5844,19 +7838,19 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12sftp_session___get__(st
  *         return self.sftp             # <<<<<<<<<<<<<<
  * 
  *     def eof(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->sftp);
   __pyx_r = ((PyObject *)__pyx_v_self->sftp);
   goto __pyx_L0;
 
-  /* "ssh/sftp_handles.pyx":223
+  /* "ssh/sftp_handles.pyx":222
+ *         raise StopIteration
  * 
- *     @property
- *     def sftp_session(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def sftp_session(self):
  *         return self.sftp
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L0:;
@@ -5871,15 +7865,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12sftp_session___get__(st
  *     def eof(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_10eof[] = "SFTPDir.eof(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_10eof, "SFTPDir.eof(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_11eof = {"eof", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_10eof};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("eof (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("eof", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("eof", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -5904,13 +7927,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(struct __pyx_obj_3s
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_dir_eof(self._dir)
  *         return bool(rc)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":229
@@ -5919,7 +7941,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(struct __pyx_obj_3s
  *             rc = c_sftp.sftp_dir_eof(self._dir)             # <<<<<<<<<<<<<<
  *         return bool(rc)
  * 
- */
+*/
         __pyx_v_rc = sftp_dir_eof(__pyx_v_self->_dir);
       }
 
@@ -5929,13 +7951,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(struct __pyx_obj_3s
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_dir_eof(self._dir)
  *         return bool(rc)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -5948,7 +7968,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(struct __pyx_obj_3s
  *         return bool(rc)             # <<<<<<<<<<<<<<
  * 
  *     def closedir(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
   __pyx_t_1 = __pyx_v_rc;
   __pyx_t_2 = __Pyx_PyBool_FromLong((!(!__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 230, __pyx_L1_error)
@@ -5963,7 +7983,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(struct __pyx_obj_3s
  *     def eof(self):             # <<<<<<<<<<<<<<
  *         cdef bint rc
  *         with nogil:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -5982,15 +8002,44 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_10eof(struct __pyx_obj_3s
  *     def closedir(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_12closedir[] = "SFTPDir.closedir(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_12closedir, "SFTPDir.closedir(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_13closedir = {"closedir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_12closedir};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("closedir (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("closedir", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("closedir", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -6007,6 +8056,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -6018,9 +8068,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
-  __pyx_t_1 = (__pyx_v_self->closed != 0);
-  if (__pyx_t_1) {
+*/
+  if (__pyx_v_self->closed) {
 
     /* "ssh/sftp_handles.pyx":235
  *         cdef int rc
@@ -6028,10 +8077,10 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *             return 0             # <<<<<<<<<<<<<<
  *         with nogil:
  *             rc = c_sftp.sftp_closedir(self._dir)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_INCREF(__pyx_int_0);
-    __pyx_r = __pyx_int_0;
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __pyx_r = __pyx_mstate_global->__pyx_int_0;
     goto __pyx_L0;
 
     /* "ssh/sftp_handles.pyx":234
@@ -6040,7 +8089,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         if self.closed:             # <<<<<<<<<<<<<<
  *             return 0
  *         with nogil:
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":236
@@ -6049,13 +8098,12 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_closedir(self._dir)
  *         if rc < 0:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":237
@@ -6064,7 +8112,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *             rc = c_sftp.sftp_closedir(self._dir)             # <<<<<<<<<<<<<<
  *         if rc < 0:
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
- */
+*/
         __pyx_v_rc = sftp_closedir(__pyx_v_self->_dir);
       }
 
@@ -6074,13 +8122,11 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         with nogil:             # <<<<<<<<<<<<<<
  *             rc = c_sftp.sftp_closedir(self._dir)
  *         if rc < 0:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
@@ -6093,8 +8139,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         self.closed = True
- */
-  __pyx_t_1 = ((__pyx_v_rc < 0) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_rc < 0);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/sftp_handles.pyx":239
@@ -6103,27 +8149,33 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))             # <<<<<<<<<<<<<<
  *         self.closed = True
  *         return rc
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 239, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 239, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 239, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_3);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_3, function);
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_self->sftp->session->_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 239, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+      __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 239, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_3, __pyx_t_5, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4);
-    __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 239, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
     __Pyx_Raise(__pyx_t_2, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __PYX_ERR(0, 239, __pyx_L1_error)
@@ -6134,7 +8186,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         if rc < 0:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError(ssh_get_error(self.sftp.session._session))
  *         self.closed = True
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":240
@@ -6143,7 +8195,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         self.closed = True             # <<<<<<<<<<<<<<
  *         return rc
  * 
- */
+*/
   __pyx_v_self->closed = 1;
 
   /* "ssh/sftp_handles.pyx":241
@@ -6152,9 +8204,9 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *         return rc             # <<<<<<<<<<<<<<
  * 
  *     cpdef SFTPAttributes readdir(self):
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_2 = __Pyx_PyInt_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 241, __pyx_L1_error)
+  __pyx_t_2 = __Pyx_PyLong_From_int(__pyx_v_rc); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 241, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
@@ -6166,7 +8218,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *     def closedir(self):             # <<<<<<<<<<<<<<
  *         cdef int rc
  *         if self.closed:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6188,9 +8240,15 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_12closedir(struct __pyx_o
  *     cpdef SFTPAttributes readdir(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
 static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sftp_handles_7SFTPDir_readdir(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v_self, int __pyx_skip_dispatch) {
   struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_v__attrs = 0;
   sftp_attributes __pyx_v_c_attrs;
@@ -6200,7 +8258,8 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
   PyObject *__pyx_t_2 = NULL;
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
-  int __pyx_t_5;
+  size_t __pyx_t_5;
+  int __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -6208,33 +8267,47 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
   /* Check if called by wrapper */
   if (unlikely(__pyx_skip_dispatch)) ;
   /* Check if overridden in Python */
-  else if (unlikely((Py_TYPE(((PyObject *)__pyx_v_self))->tp_dictoffset != 0) || (Py_TYPE(((PyObject *)__pyx_v_self))->tp_flags & (Py_TPFLAGS_IS_ABSTRACT | Py_TPFLAGS_HEAPTYPE)))) {
+  else if (
+  #if !CYTHON_USE_TYPE_SLOTS
+  unlikely(Py_TYPE(((PyObject *)__pyx_v_self)) != __pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir &&
+  __Pyx_PyType_HasFeature(Py_TYPE(((PyObject *)__pyx_v_self)), Py_TPFLAGS_HAVE_GC))
+  #else
+  unlikely(Py_TYPE(((PyObject *)__pyx_v_self))->tp_dictoffset != 0 || __Pyx_PyType_HasFeature(Py_TYPE(((PyObject *)__pyx_v_self)), (Py_TPFLAGS_IS_ABSTRACT | Py_TPFLAGS_HEAPTYPE)))
+  #endif
+  ) {
     #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_PYTYPE_LOOKUP && CYTHON_USE_TYPE_SLOTS
     static PY_UINT64_T __pyx_tp_dict_version = __PYX_DICT_VERSION_INIT, __pyx_obj_dict_version = __PYX_DICT_VERSION_INIT;
     if (unlikely(!__Pyx_object_dict_version_matches(((PyObject *)__pyx_v_self), __pyx_tp_dict_version, __pyx_obj_dict_version))) {
-      PY_UINT64_T __pyx_type_dict_guard = __Pyx_get_tp_dict_version(((PyObject *)__pyx_v_self));
+      PY_UINT64_T __pyx_typedict_guard = __Pyx_get_tp_dict_version(((PyObject *)__pyx_v_self));
       #endif
-      __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_n_s_readdir); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 243, __pyx_L1_error)
+      __pyx_t_1 = __Pyx_PyObject_GetAttrStr(((PyObject *)__pyx_v_self), __pyx_mstate_global->__pyx_n_u_readdir); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 243, __pyx_L1_error)
       __Pyx_GOTREF(__pyx_t_1);
-      if (!PyCFunction_Check(__pyx_t_1) || (PyCFunction_GET_FUNCTION(__pyx_t_1) != (PyCFunction)(void*)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir)) {
-        __Pyx_XDECREF(((PyObject *)__pyx_r));
+      if (!__Pyx_IsSameCFunction(__pyx_t_1, (void(*)(void)) __pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir)) {
+        __Pyx_XDECREF((PyObject *)__pyx_r);
+        __pyx_t_3 = NULL;
         __Pyx_INCREF(__pyx_t_1);
-        __pyx_t_3 = __pyx_t_1; __pyx_t_4 = NULL;
-        if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_3))) {
-          __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_3);
-          if (likely(__pyx_t_4)) {
-            PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_3);
-            __Pyx_INCREF(__pyx_t_4);
-            __Pyx_INCREF(function);
-            __Pyx_DECREF_SET(__pyx_t_3, function);
-          }
+        __pyx_t_4 = __pyx_t_1; 
+        __pyx_t_5 = 1;
+        #if CYTHON_UNPACK_METHODS
+        if (unlikely(PyMethod_Check(__pyx_t_4))) {
+          __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+          assert(__pyx_t_3);
+          PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+          __Pyx_INCREF(__pyx_t_3);
+          __Pyx_INCREF(__pyx__function);
+          __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+          __pyx_t_5 = 0;
         }
-        __pyx_t_2 = (__pyx_t_4) ? __Pyx_PyObject_CallOneArg(__pyx_t_3, __pyx_t_4) : __Pyx_PyObject_CallNoArg(__pyx_t_3);
-        __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-        if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 243, __pyx_L1_error)
-        __Pyx_GOTREF(__pyx_t_2);
-        __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-        if (!(likely(((__pyx_t_2) == Py_None) || likely(__Pyx_TypeTest(__pyx_t_2, __pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes))))) __PYX_ERR(0, 243, __pyx_L1_error)
+        #endif
+        {
+          PyObject *__pyx_callargs[2] = {__pyx_t_3, NULL};
+          __pyx_t_2 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_5, (1-__pyx_t_5) | (__pyx_t_5*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+          __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+          __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+          if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 243, __pyx_L1_error)
+          __Pyx_GOTREF(__pyx_t_2);
+        }
+        if (!(likely(((__pyx_t_2) == Py_None) || likely(__Pyx_TypeTest(__pyx_t_2, __pyx_mstate_global->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes))))) __PYX_ERR(0, 243, __pyx_L1_error)
         __pyx_r = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)__pyx_t_2);
         __pyx_t_2 = 0;
         __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
@@ -6243,7 +8316,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
       #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_PYTYPE_LOOKUP && CYTHON_USE_TYPE_SLOTS
       __pyx_tp_dict_version = __Pyx_get_tp_dict_version(((PyObject *)__pyx_v_self));
       __pyx_obj_dict_version = __Pyx_get_object_dict_version(((PyObject *)__pyx_v_self));
-      if (unlikely(__pyx_type_dict_guard != __pyx_tp_dict_version)) {
+      if (unlikely(__pyx_typedict_guard != __pyx_tp_dict_version)) {
         __pyx_tp_dict_version = __pyx_obj_dict_version = __PYX_DICT_VERSION_INIT;
       }
       #endif
@@ -6259,13 +8332,12 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_readdir(self.sftp._sftp, self._dir)
  *         if c_sftp.sftp_dir_eof(self._dir) == 1:
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/sftp_handles.pyx":247
@@ -6274,7 +8346,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *             c_attrs = c_sftp.sftp_readdir(self.sftp._sftp, self._dir)             # <<<<<<<<<<<<<<
  *         if c_sftp.sftp_dir_eof(self._dir) == 1:
  *             return
- */
+*/
         __pyx_v_c_attrs = sftp_readdir(__pyx_v_self->sftp->_sftp, __pyx_v_self->_dir);
       }
 
@@ -6284,13 +8356,11 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *         with nogil:             # <<<<<<<<<<<<<<
  *             c_attrs = c_sftp.sftp_readdir(self.sftp._sftp, self._dir)
  *         if c_sftp.sftp_dir_eof(self._dir) == 1:
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L5;
         }
         __pyx_L5:;
@@ -6303,9 +8373,9 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *         if c_sftp.sftp_dir_eof(self._dir) == 1:             # <<<<<<<<<<<<<<
  *             return
  *         elif c_attrs is NULL:
- */
-  __pyx_t_5 = ((sftp_dir_eof(__pyx_v_self->_dir) == 1) != 0);
-  if (__pyx_t_5) {
+*/
+  __pyx_t_6 = (sftp_dir_eof(__pyx_v_self->_dir) == 1);
+  if (__pyx_t_6) {
 
     /* "ssh/sftp_handles.pyx":249
  *             c_attrs = c_sftp.sftp_readdir(self.sftp._sftp, self._dir)
@@ -6313,8 +8383,8 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *             return             # <<<<<<<<<<<<<<
  *         elif c_attrs is NULL:
  *             raise SFTPHandleError
- */
-    __Pyx_XDECREF(((PyObject *)__pyx_r));
+*/
+    __Pyx_XDECREF((PyObject *)__pyx_r);
     __pyx_r = ((struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *)Py_None); __Pyx_INCREF(Py_None);
     goto __pyx_L0;
 
@@ -6324,7 +8394,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *         if c_sftp.sftp_dir_eof(self._dir) == 1:             # <<<<<<<<<<<<<<
  *             return
  *         elif c_attrs is NULL:
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":250
@@ -6333,9 +8403,9 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *         elif c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
- */
-  __pyx_t_5 = ((__pyx_v_c_attrs == NULL) != 0);
-  if (unlikely(__pyx_t_5)) {
+*/
+  __pyx_t_6 = (__pyx_v_c_attrs == NULL);
+  if (unlikely(__pyx_t_6)) {
 
     /* "ssh/sftp_handles.pyx":251
  *             return
@@ -6343,8 +8413,8 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *             raise SFTPHandleError             # <<<<<<<<<<<<<<
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
  *         return _attrs
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 251, __pyx_L1_error)
+*/
+    __Pyx_GetModuleGlobalName(__pyx_t_1, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 251, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_1);
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
@@ -6356,7 +8426,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *         elif c_attrs is NULL:             # <<<<<<<<<<<<<<
  *             raise SFTPHandleError
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
- */
+*/
   }
 
   /* "ssh/sftp_handles.pyx":252
@@ -6364,7 +8434,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *             raise SFTPHandleError
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)             # <<<<<<<<<<<<<<
  *         return _attrs
- */
+*/
   __pyx_t_1 = ((PyObject *)__pyx_v_self->sftp);
   __Pyx_INCREF(__pyx_t_1);
   __pyx_t_2 = ((PyObject *)__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes->from_ptr(__pyx_v_c_attrs, ((struct __pyx_obj_3ssh_4sftp_SFTP *)__pyx_t_1))); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 252, __pyx_L1_error)
@@ -6377,9 +8447,9 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *             raise SFTPHandleError
  *         _attrs = SFTPAttributes.from_ptr(c_attrs, self.sftp)
  *         return _attrs             # <<<<<<<<<<<<<<
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__attrs));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__attrs);
   __pyx_r = __pyx_v__attrs;
   goto __pyx_L0;
 
@@ -6389,7 +8459,7 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
  *     cpdef SFTPAttributes readdir(self):             # <<<<<<<<<<<<<<
  *         cdef SFTPAttributes _attrs
  *         cdef c_sftp.sftp_attributes c_attrs
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -6407,12 +8477,41 @@ static struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *__pyx_f_3ssh_12sf
 }
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_14readdir[] = "SFTPDir.readdir(self) -> SFTPAttributes";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_14readdir, "SFTPDir.readdir(self) -> SFTPAttributes");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_15readdir = {"readdir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_14readdir};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("readdir (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("readdir", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("readdir", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_14readdir(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -6452,14 +8551,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_14readdir(struct __pyx_ob
  *     cdef readonly SFTP sftp             # <<<<<<<<<<<<<<
  *     cdef readonly bint closed
  * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_4sftp_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_4sftp_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_4sftp___get__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -6472,7 +8573,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4sftp___get__(struct __py
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->sftp);
   __pyx_r = ((PyObject *)__pyx_v_self->sftp);
   goto __pyx_L0;
 
@@ -6489,14 +8590,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_4sftp___get__(struct __py
  *     cdef readonly bint closed             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_6closed_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_6closed_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_6closed___get__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -6532,17 +8635,46 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_6closed___get__(struct __
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__[] = "SFTPDir.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__, "SFTPDir.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self));
 
   /* function exit code */
@@ -6553,7 +8685,6 @@ static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__(PyObj
 static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -6561,25 +8692,21 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__(CYTHO
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__4, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__dir_cannot_be_converted_to, 0, 0);
   __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPDir.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -6589,72 +8716,145 @@ static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__(CYTHO
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__[] = "SFTPDir.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__, "SFTPDir.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
-
-  /* function exit code */
-  __Pyx_RefNannyFinishContext();
-  return __pyx_r;
-}
-
-static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
-  PyObject *__pyx_r = NULL;
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp_handles.SFTPDir.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__(((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)__pyx_v_self), __pyx_v___pyx_state);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_RefNannyFinishContext();
+  return __pyx_r;
+}
+
+static PyObject *__pyx_pf_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
+  PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__5, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__dir_cannot_be_converted_to, 0, 0);
   __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_handles.SFTPDir.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPFile __pyx_vtable_3ssh_12sftp_handles_SFTPFile;
 
 static PyObject *__pyx_tp_new_3ssh_12sftp_handles_SFTPFile(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_12sftp_handles_SFTPFile;
   p->sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)Py_None); Py_INCREF(Py_None);
@@ -6664,18 +8864,31 @@ static PyObject *__pyx_tp_new_3ssh_12sftp_handles_SFTPFile(PyTypeObject *t, CYTH
 static void __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPFile(PyObject *o) {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *p = (struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPFile) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
   Py_CLEAR(p->sftp);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_12sftp_handles_SFTPFile(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *p = (struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->sftp) {
     e = (*v)(((PyObject *)p->sftp), a); if (e) return e;
   }
@@ -6699,41 +8912,65 @@ static PyObject *__pyx_getprop_3ssh_12sftp_handles_8SFTPFile_closed(PyObject *o,
   return __pyx_pw_3ssh_12sftp_handles_8SFTPFile_6closed_1__get__(o);
 }
 
-static PyObject *__pyx_specialmethod___pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__(PyObject *self, CYTHON_UNUSED PyObject *arg) {return __pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__(self);}
+static PyObject *__pyx_specialmethod___pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__(PyObject *self, CYTHON_UNUSED PyObject *arg) {
+  PyObject *res = __pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__(self);
+  if (!res && !PyErr_Occurred()) { PyErr_SetNone(PyExc_StopIteration); }
+  return res;
+}
 
 static PyMethodDef __pyx_methods_3ssh_12sftp_handles_SFTPFile[] = {
-  {"__enter__", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile___enter__},
-  {"__exit__", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_3__exit__, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_2__exit__},
+  {"__enter__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_1__enter__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile___enter__},
+  {"__exit__", (PyCFunction)(void(*)(void))(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_3__exit__, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_2__exit__},
   {"__next__", (PyCFunction)__pyx_specialmethod___pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__, METH_NOARGS|METH_COEXIST, 0},
-  {"fstat", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_8fstat},
-  {"close", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_10close},
-  {"set_nonblocking", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking},
-  {"set_blocking", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_14set_blocking},
-  {"read", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_16read},
-  {"async_read_begin", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_18async_read_begin},
-  {"async_read", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_20async_read},
-  {"write", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write, METH_O, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_22write},
-  {"seek", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek, METH_O, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_24seek},
-  {"seek64", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64, METH_O, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_26seek64},
-  {"tell", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_28tell},
-  {"tell64", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_30tell64},
-  {"rewind", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_32rewind},
-  {"fstatvfs", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_34fstatvfs},
-  {"fsync", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_36fsync},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__, METH_O, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__},
+  {"fstat", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_9fstat, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_8fstat},
+  {"close", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_11close, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_10close},
+  {"set_nonblocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_12set_nonblocking},
+  {"set_blocking", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_15set_blocking, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_14set_blocking},
+  {"read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_17read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_16read},
+  {"async_read_begin", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_19async_read_begin, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_18async_read_begin},
+  {"async_read", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_21async_read, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_20async_read},
+  {"write", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_23write, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_22write},
+  {"seek", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_25seek, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_24seek},
+  {"seek64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_27seek64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_26seek64},
+  {"tell", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_29tell, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_28tell},
+  {"tell64", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_31tell64, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_30tell64},
+  {"rewind", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_33rewind, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_32rewind},
+  {"fstatvfs", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_35fstatvfs, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_34fstatvfs},
+  {"fsync", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_37fsync, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_36fsync},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_38__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_8SFTPFile_40__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_12sftp_handles_SFTPFile[] = {
-  {(char *)"sftp", __pyx_getprop_3ssh_12sftp_handles_8SFTPFile_sftp, 0, (char *)0, 0},
-  {(char *)"closed", __pyx_getprop_3ssh_12sftp_handles_8SFTPFile_closed, 0, (char *)0, 0},
+  {"sftp", __pyx_getprop_3ssh_12sftp_handles_8SFTPFile_sftp, 0, 0, 0},
+  {"closed", __pyx_getprop_3ssh_12sftp_handles_8SFTPFile_closed, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_12sftp_handles_SFTPFile_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_12sftp_handles_SFTPFile},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_12sftp_handles_SFTPFile},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_12sftp_handles_SFTPFile},
+  {Py_tp_iter, (void *)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_5__iter__},
+  {Py_tp_iternext, (void *)__pyx_pw_3ssh_12sftp_handles_8SFTPFile_7__next__},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_12sftp_handles_SFTPFile},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_12sftp_handles_SFTPFile},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_12sftp_handles_SFTPFile},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_12sftp_handles_SFTPFile_spec = {
+  "ssh.sftp_handles.SFTPFile",
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_12sftp_handles_SFTPFile_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPFile = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.sftp_handles.SFTPFile", /*tp_name*/
+  "ssh.sftp_handles.""SFTPFile", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPFile), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPFile, /*tp_dealloc*/
@@ -6745,12 +8982,7 @@ static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPFile = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -6776,7 +9008,9 @@ static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPFile = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_12sftp_handles_SFTPFile, /*tp_new*/
@@ -6789,30 +9023,44 @@ static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPFile = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
+  #endif
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
+  #endif
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
   0, /*tp_pypy_flags*/
   #endif
 };
+#endif
 static struct __pyx_vtabstruct_3ssh_12sftp_handles_SFTPDir __pyx_vtable_3ssh_12sftp_handles_SFTPDir;
 
 static PyObject *__pyx_tp_new_3ssh_12sftp_handles_SFTPDir(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_12sftp_handles_SFTPDir;
   p->sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)Py_None); Py_INCREF(Py_None);
@@ -6822,8 +9070,10 @@ static PyObject *__pyx_tp_new_3ssh_12sftp_handles_SFTPDir(PyTypeObject *t, CYTHO
 static void __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPDir(PyObject *o) {
   struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *p = (struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPDir) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -6836,12 +9086,23 @@ static void __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPDir(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->sftp);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_12sftp_handles_SFTPDir(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *p = (struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->sftp) {
     e = (*v)(((PyObject *)p->sftp), a); if (e) return e;
   }
@@ -6869,30 +9130,53 @@ static PyObject *__pyx_getprop_3ssh_12sftp_handles_7SFTPDir_closed(PyObject *o,
   return __pyx_pw_3ssh_12sftp_handles_7SFTPDir_6closed_1__get__(o);
 }
 
-static PyObject *__pyx_specialmethod___pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__(PyObject *self, CYTHON_UNUSED PyObject *arg) {return __pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__(self);}
+static PyObject *__pyx_specialmethod___pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__(PyObject *self, CYTHON_UNUSED PyObject *arg) {
+  PyObject *res = __pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__(self);
+  if (!res && !PyErr_Occurred()) { PyErr_SetNone(PyExc_StopIteration); }
+  return res;
+}
 
 static PyMethodDef __pyx_methods_3ssh_12sftp_handles_SFTPDir[] = {
-  {"__enter__", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_2__enter__},
-  {"__exit__", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_5__exit__, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_4__exit__},
+  {"__enter__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_3__enter__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_2__enter__},
+  {"__exit__", (PyCFunction)(void(*)(void))(PyCFunctionWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_5__exit__, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_4__exit__},
   {"__next__", (PyCFunction)__pyx_specialmethod___pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__, METH_NOARGS|METH_COEXIST, 0},
-  {"eof", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_10eof},
-  {"closedir", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_12closedir},
-  {"readdir", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_15readdir, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_14readdir},
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__, METH_O, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__},
+  {"eof", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_11eof, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_10eof},
+  {"closedir", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_13closedir, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_12closedir},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_16__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_handles_7SFTPDir_18__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_12sftp_handles_SFTPDir[] = {
-  {(char *)"sftp_session", __pyx_getprop_3ssh_12sftp_handles_7SFTPDir_sftp_session, 0, (char *)0, 0},
-  {(char *)"sftp", __pyx_getprop_3ssh_12sftp_handles_7SFTPDir_sftp, 0, (char *)0, 0},
-  {(char *)"closed", __pyx_getprop_3ssh_12sftp_handles_7SFTPDir_closed, 0, (char *)0, 0},
+  {"sftp_session", __pyx_getprop_3ssh_12sftp_handles_7SFTPDir_sftp_session, 0, 0, 0},
+  {"sftp", __pyx_getprop_3ssh_12sftp_handles_7SFTPDir_sftp, 0, 0, 0},
+  {"closed", __pyx_getprop_3ssh_12sftp_handles_7SFTPDir_closed, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_12sftp_handles_SFTPDir_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_12sftp_handles_SFTPDir},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_12sftp_handles_SFTPDir},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_12sftp_handles_SFTPDir},
+  {Py_tp_iter, (void *)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_7__iter__},
+  {Py_tp_iternext, (void *)__pyx_pw_3ssh_12sftp_handles_7SFTPDir_9__next__},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_12sftp_handles_SFTPDir},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_12sftp_handles_SFTPDir},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_12sftp_handles_SFTPDir},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_12sftp_handles_SFTPDir_spec = {
+  "ssh.sftp_handles.SFTPDir",
+  sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_12sftp_handles_SFTPDir_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPDir = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.sftp_handles.SFTPDir", /*tp_name*/
+  "ssh.sftp_handles.""SFTPDir", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_12sftp_handles_SFTPDir, /*tp_dealloc*/
@@ -6904,12 +9188,7 @@ static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPDir = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -6935,7 +9214,9 @@ static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPDir = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_12sftp_handles_SFTPDir, /*tp_new*/
@@ -6948,197 +9229,77 @@ static PyTypeObject __pyx_type_3ssh_12sftp_handles_SFTPDir = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_sftp_handles(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp_handles},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "sftp_handles",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_kp_b_, __pyx_k_, sizeof(__pyx_k_), 0, 0, 0, 0},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPDir, __pyx_k_SFTPDir, sizeof(__pyx_k_SFTPDir), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPError, __pyx_k_SFTPError, sizeof(__pyx_k_SFTPError), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPFile, __pyx_k_SFTPFile, sizeof(__pyx_k_SFTPFile), 0, 0, 1, 1},
-  {&__pyx_n_s_SFTPHandleError, __pyx_k_SFTPHandleError, sizeof(__pyx_k_SFTPHandleError), 0, 0, 1, 1},
-  {&__pyx_n_s_StopIteration, __pyx_k_StopIteration, sizeof(__pyx_k_StopIteration), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_close, __pyx_k_close, sizeof(__pyx_k_close), 0, 0, 1, 1},
-  {&__pyx_n_s_closedir, __pyx_k_closedir, sizeof(__pyx_k_closedir), 0, 0, 1, 1},
-  {&__pyx_n_s_exceptions, __pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_id, __pyx_k_id, sizeof(__pyx_k_id), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_length, __pyx_k_length, sizeof(__pyx_k_length), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_read, __pyx_k_read, sizeof(__pyx_k_read), 0, 0, 1, 1},
-  {&__pyx_n_s_readdir, __pyx_k_readdir, sizeof(__pyx_k_readdir), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_kp_s_self__dir_cannot_be_converted_to, __pyx_k_self__dir_cannot_be_converted_to, sizeof(__pyx_k_self__dir_cannot_be_converted_to), 0, 0, 1, 0},
-  {&__pyx_kp_s_self__file_cannot_be_converted_t, __pyx_k_self__file_cannot_be_converted_t, sizeof(__pyx_k_self__file_cannot_be_converted_t), 0, 0, 1, 0},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_size, __pyx_k_size, sizeof(__pyx_k_size), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_StopIteration = __Pyx_GetBuiltinName(__pyx_n_s_StopIteration); if (!__pyx_builtin_StopIteration) __PYX_ERR(0, 50, __pyx_L1_error)
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 89, __pyx_L1_error)
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_self__file_cannot_be_converted_t); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-
-  /* "(tree fragment)":4
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._file cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__3 = PyTuple_Pack(1, __pyx_kp_s_self__file_cannot_be_converted_t); if (unlikely(!__pyx_tuple__3)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__3);
-  __Pyx_GIVEREF(__pyx_tuple__3);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
- */
-  __pyx_tuple__4 = PyTuple_Pack(1, __pyx_kp_s_self__dir_cannot_be_converted_to); if (unlikely(!__pyx_tuple__4)) __PYX_ERR(1, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__4);
-  __Pyx_GIVEREF(__pyx_tuple__4);
-
-  /* "(tree fragment)":4
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._dir cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__5 = PyTuple_Pack(1, __pyx_kp_s_self__dir_cannot_be_converted_to); if (unlikely(!__pyx_tuple__5)) __PYX_ERR(1, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__5);
-  __Pyx_GIVEREF(__pyx_tuple__5);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  __pyx_int_0 = PyInt_FromLong(0); if (unlikely(!__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -7146,31 +9307,49 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_12sftp_handles_SFTPFile = &__pyx_vtable_3ssh_12sftp_handles_SFTPFile;
   __pyx_vtable_3ssh_12sftp_handles_SFTPFile.from_ptr = (struct __pyx_obj_3ssh_12sftp_handles_SFTPFile *(*)(sftp_file, struct __pyx_obj_3ssh_4sftp_SFTP *))__pyx_f_3ssh_12sftp_handles_8SFTPFile_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_12sftp_handles_SFTPFile.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_12sftp_handles_SFTPFile_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile)) __PYX_ERR(0, 28, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_12sftp_handles_SFTPFile_spec, __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile = &__pyx_type_3ssh_12sftp_handles_SFTPFile;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_12sftp_handles_SFTPFile.tp_dictoffset && __pyx_type_3ssh_12sftp_handles_SFTPFile.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_12sftp_handles_SFTPFile.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_12sftp_handles_SFTPFile.tp_dict, __pyx_vtabptr_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SFTPFile, (PyObject *)&__pyx_type_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
-  __pyx_ptype_3ssh_12sftp_handles_SFTPFile = &__pyx_type_3ssh_12sftp_handles_SFTPFile;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_vtabptr_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SFTPFile, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPFile) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
   __pyx_vtabptr_3ssh_12sftp_handles_SFTPDir = &__pyx_vtable_3ssh_12sftp_handles_SFTPDir;
   __pyx_vtable_3ssh_12sftp_handles_SFTPDir.from_ptr = (struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *(*)(sftp_dir, struct __pyx_obj_3ssh_4sftp_SFTP *))__pyx_f_3ssh_12sftp_handles_7SFTPDir_from_ptr;
   __pyx_vtable_3ssh_12sftp_handles_SFTPDir.readdir = (struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes *(*)(struct __pyx_obj_3ssh_12sftp_handles_SFTPDir *, int __pyx_skip_dispatch))__pyx_f_3ssh_12sftp_handles_7SFTPDir_readdir;
-  if (PyType_Ready(&__pyx_type_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_12sftp_handles_SFTPDir.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_12sftp_handles_SFTPDir_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir)) __PYX_ERR(0, 193, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_12sftp_handles_SFTPDir_spec, __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir = &__pyx_type_3ssh_12sftp_handles_SFTPDir;
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_12sftp_handles_SFTPDir.tp_dictoffset && __pyx_type_3ssh_12sftp_handles_SFTPDir.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_12sftp_handles_SFTPDir.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_12sftp_handles_SFTPDir.tp_dict, __pyx_vtabptr_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SFTPDir, (PyObject *)&__pyx_type_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
-  __pyx_ptype_3ssh_12sftp_handles_SFTPDir = &__pyx_type_3ssh_12sftp_handles_SFTPDir;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir, __pyx_vtabptr_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SFTPDir, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_12sftp_handles_SFTPDir) < 0) __PYX_ERR(0, 193, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -7178,8 +9357,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -7188,26 +9368,54 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(3, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(4, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType(__pyx_t_1, "ssh.sftp", "SFTP", sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(4, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_ptype_3ssh_4sftp_SFTP->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(4, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp", "SFTP",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #else
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(4, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(4, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp_attributes"); if (unlikely(!__pyx_t_1)) __PYX_ERR(5, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = __Pyx_ImportType(__pyx_t_1, "ssh.sftp_attributes", "SFTPAttributes", sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) __PYX_ERR(5, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes = (struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes*)__Pyx_GetVtable(__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes)) __PYX_ERR(5, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp_attributes", "SFTPAttributes",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  #else
+  sizeof(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_15sftp_attributes_SFTPAttributes),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes) __PYX_ERR(5, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes = (struct __pyx_vtabstruct_3ssh_15sftp_attributes_SFTPAttributes*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_15sftp_attributes_SFTPAttributes); if (unlikely(!__pyx_vtabptr_3ssh_15sftp_attributes_SFTPAttributes)) __PYX_ERR(5, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp_statvfs"); if (unlikely(!__pyx_t_1)) __PYX_ERR(6, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = __Pyx_ImportType(__pyx_t_1, "ssh.sftp_statvfs", "SFTPStatVFS", sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) __PYX_ERR(6, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS = (struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS*)__Pyx_GetVtable(__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS)) __PYX_ERR(6, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp_statvfs", "SFTPStatVFS",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  #else
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) __PYX_ERR(6, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS = (struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS); if (unlikely(!__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS)) __PYX_ERR(6, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -7217,66 +9425,139 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_sftp_handles(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp_handles},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "sftp_handles",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initsftp_handles(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initsftp_handles(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_sftp_handles(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_sftp_handles(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -7284,7 +9565,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -7299,10 +9582,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -7325,10 +9611,15 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp_handles(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -7339,9 +9630,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp_handles(PyObject *__pyx_pyini
     PyErr_SetString(PyExc_RuntimeError, "Module 'sftp_handles' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "sftp_handles" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -7351,138 +9670,424 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_sftp_handles(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_sftp_handles", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("sftp_handles", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__sftp_handles) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.sftp_handles")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.sftp_handles", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.sftp_handles", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  (void)__Pyx_modinit_function_import_code();
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_import_code(__pyx_mstate);
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/sftp_handles.pyx":22
- * from sftp_statvfs cimport SFTPStatVFS
+ * from .sftp_statvfs cimport SFTPStatVFS
  * 
  * from .exceptions import SFTPError, SFTPHandleError             # <<<<<<<<<<<<<<
  * 
- * from c_ssh cimport uint32_t, uint64_t, ssh_get_error, SSH_ERROR, SSH_AGAIN
- */
-  __pyx_t_1 = PyList_New(2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(__pyx_n_s_SFTPError);
-  __Pyx_GIVEREF(__pyx_n_s_SFTPError);
-  PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_SFTPError);
-  __Pyx_INCREF(__pyx_n_s_SFTPHandleError);
-  __Pyx_GIVEREF(__pyx_n_s_SFTPHandleError);
-  PyList_SET_ITEM(__pyx_t_1, 1, __pyx_n_s_SFTPHandleError);
-  __pyx_t_2 = __Pyx_Import(__pyx_n_s_exceptions, __pyx_t_1, 1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
+ * from .c_ssh cimport uint32_t, uint64_t, ssh_get_error, SSH_ERROR, SSH_AGAIN
+*/
+  __pyx_t_2 = __Pyx_PyList_Pack(2, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_SFTPError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SFTPError, __pyx_t_1) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_SFTPHandleError); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SFTPHandleError, __pyx_t_1) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_exceptions, __pyx_t_2, 1); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-
-  /* "ssh/sftp_handles.pyx":1
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_SFTPError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SFTPError, __pyx_t_2) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_SFTPHandleError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SFTPHandleError, __pyx_t_2) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":37
+ *         return _fh
+ * 
+ *     def __enter__(self):             # <<<<<<<<<<<<<<
+ *         return self
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_1__enter__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile___enter, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_enter, __pyx_t_3) < 0) __PYX_ERR(0, 37, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":40
+ *         return self
+ * 
+ *     def __exit__(self, *args):             # <<<<<<<<<<<<<<
+ *         self.close()
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_3__exit__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile___exit, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 40, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_exit, __pyx_t_3) < 0) __PYX_ERR(0, 40, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":52
+ *         raise StopIteration
+ * 
+ *     def fstat(self):             # <<<<<<<<<<<<<<
+ *         cdef SFTPAttributes _attrs
+ *         cdef c_sftp.sftp_attributes c_attrs
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_9fstat, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_fstat, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[2])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_fstat, __pyx_t_3) < 0) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":62
+ *         return _attrs
+ * 
+ *     def close(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         if self.closed:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_11close, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_close, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[3])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_close, __pyx_t_3) < 0) __PYX_ERR(0, 62, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":73
+ *         return rc
+ * 
+ *     def set_nonblocking(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_sftp.sftp_file_set_nonblocking(self._file)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_13set_nonblocking, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_set_nonblocking, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[4])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_set_nonblocking, __pyx_t_3) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":77
+ *             c_sftp.sftp_file_set_nonblocking(self._file)
+ * 
+ *     def set_blocking(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_sftp.sftp_file_set_blocking(self._file)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_15set_blocking, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_set_blocking, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[5])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_set_blocking, __pyx_t_3) < 0) __PYX_ERR(0, 77, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":81
+ *             c_sftp.sftp_file_set_blocking(self._file)
+ * 
+ *     def read(self, size_t size=1048576):             # <<<<<<<<<<<<<<
+ *         cdef ssize_t _size
+ *         cdef bytes buf = b''
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_17read, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_read, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[6])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_read, __pyx_t_3) < 0) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":98
+ *         return _size, buf
+ * 
+ *     def async_read_begin(self, uint32_t length=1048576):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_19async_read_begin, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_async_read_begin, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[7])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 98, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_async_read_begin, __pyx_t_3) < 0) __PYX_ERR(0, 98, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":106
+ *         return rc
+ * 
+ *     def async_read(self, uint32_t _id, uint32_t length=1048576):             # <<<<<<<<<<<<<<
+ *         cdef int size
+ *         cdef bytes buf = b''
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_21async_read, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_async_read, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[8])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 106, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_3, __pyx_mstate_global->__pyx_tuple[0]);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_async_read, __pyx_t_3) < 0) __PYX_ERR(0, 106, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":128
+ *         return size, buf
+ * 
+ *     def write(self, bytes data):             # <<<<<<<<<<<<<<
+ *         cdef ssize_t rc
+ *         cdef const char *c_data = data
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_23write, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_write, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[9])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 128, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_write, __pyx_t_3) < 0) __PYX_ERR(0, 128, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":138
+ *         return rc
+ * 
+ *     def seek(self, uint32_t offset):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_25seek, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_seek, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[10])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 138, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_seek, __pyx_t_3) < 0) __PYX_ERR(0, 138, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":146
+ *         return rc
+ * 
+ *     def seek64(self, uint64_t offset):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_27seek64, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_seek64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[11])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 146, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_seek64, __pyx_t_3) < 0) __PYX_ERR(0, 146, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":154
+ *         return rc
+ * 
+ *     def tell(self):             # <<<<<<<<<<<<<<
+ *         cdef unsigned long rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_29tell, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_tell, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[12])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 154, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_tell, __pyx_t_3) < 0) __PYX_ERR(0, 154, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":162
+ *         return rc
+ * 
+ *     def tell64(self):             # <<<<<<<<<<<<<<
+ *         cdef uint64_t rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_31tell64, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_tell64, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[13])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 162, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_tell64, __pyx_t_3) < 0) __PYX_ERR(0, 162, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":170
+ *         return rc
+ * 
+ *     def rewind(self):             # <<<<<<<<<<<<<<
+ *         with nogil:
+ *             c_sftp.sftp_rewind(self._file)
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_33rewind, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_rewind, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[14])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 170, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_rewind, __pyx_t_3) < 0) __PYX_ERR(0, 170, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":174
+ *             c_sftp.sftp_rewind(self._file)
+ * 
+ *     def fstatvfs(self):             # <<<<<<<<<<<<<<
+ *         cdef SFTPStatVFS vfs
+ *         cdef c_sftp.sftp_statvfs_t c_vfs
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_35fstatvfs, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_fstatvfs, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[15])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 174, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_fstatvfs, __pyx_t_3) < 0) __PYX_ERR(0, 174, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":184
+ *         return vfs
+ * 
+ *     def fsync(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_37fsync, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile_fsync, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[16])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 184, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPFile, __pyx_mstate_global->__pyx_n_u_fsync, __pyx_t_3) < 0) __PYX_ERR(0, 184, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_39__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[17])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_3) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._file cannot be converted to a Python object for pickling"
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_8SFTPFile_41__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPFile___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[18])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_3) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":206
+ *         return _fh
+ * 
+ *     def __enter__(self):             # <<<<<<<<<<<<<<
+ *         return self
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_3__enter__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir___enter, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[19])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 206, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir, __pyx_mstate_global->__pyx_n_u_enter, __pyx_t_3) < 0) __PYX_ERR(0, 206, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":209
+ *         return self
+ * 
+ *     def __exit__(self, *args):             # <<<<<<<<<<<<<<
+ *         self.closedir()
+ * 
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_5__exit__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir___exit, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[20])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 209, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir, __pyx_mstate_global->__pyx_n_u_exit, __pyx_t_3) < 0) __PYX_ERR(0, 209, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":226
+ *         return self.sftp
+ * 
+ *     def eof(self):             # <<<<<<<<<<<<<<
+ *         cdef bint rc
+ *         with nogil:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_11eof, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir_eof, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[21])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 226, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir, __pyx_mstate_global->__pyx_n_u_eof, __pyx_t_3) < 0) __PYX_ERR(0, 226, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":232
+ *         return bool(rc)
+ * 
+ *     def closedir(self):             # <<<<<<<<<<<<<<
+ *         cdef int rc
+ *         if self.closed:
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_13closedir, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir_closedir, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[22])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 232, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir, __pyx_mstate_global->__pyx_n_u_closedir, __pyx_t_3) < 0) __PYX_ERR(0, 232, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":243
+ *         return rc
+ * 
+ *     cpdef SFTPAttributes readdir(self):             # <<<<<<<<<<<<<<
+ *         cdef SFTPAttributes _attrs
+ *         cdef c_sftp.sftp_attributes c_attrs
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_15readdir, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir_readdir, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[23])); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 243, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (__Pyx_SetItemOnTypeDict(__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_handles_SFTPDir, __pyx_mstate_global->__pyx_n_u_readdir, __pyx_t_3) < 0) __PYX_ERR(0, 243, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_17__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[24])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_3) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._dir cannot be converted to a Python object for pickling"
+*/
+  __pyx_t_3 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_handles_7SFTPDir_19__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPDir___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_handles, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[25])); if (unlikely(!__pyx_t_3)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_3) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+
+  /* "ssh/sftp_handles.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+*/
+  __pyx_t_3 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_3) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.sftp_handles", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.sftp_handles");
   }
@@ -7490,1462 +10095,4415 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
-    r = PyLong_AsVoidPtr(p);
-end:
-    Py_XDECREF(p);
-    Py_XDECREF(m);
-    return (__Pyx_RefNannyAPIStruct *)r;
-}
-#endif
-
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
-}
+typedef struct {
+    const char *s;
+#if 179 <= 65535
+    const unsigned short n;
+#elif 179 / 2 < INT_MAX
+    const unsigned int n;
+#elif 179 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
 #endif
-
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
 #else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
+    const Py_ssize_t encoding;
 #endif
-    }
-    return result;
-}
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 0, 0}, /* PyObject cname: __pyx_kp_b_ */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_Note_that_Cython_is_deliberately, sizeof(__pyx_k_Note_that_Cython_is_deliberately), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_Note_that_Cython_is_deliberately */
+  {__pyx_k_SFTPDir, sizeof(__pyx_k_SFTPDir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir */
+  {__pyx_k_SFTPDir___enter, sizeof(__pyx_k_SFTPDir___enter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir___enter */
+  {__pyx_k_SFTPDir___exit, sizeof(__pyx_k_SFTPDir___exit), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir___exit */
+  {__pyx_k_SFTPDir___reduce_cython, sizeof(__pyx_k_SFTPDir___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir___reduce_cython */
+  {__pyx_k_SFTPDir___setstate_cython, sizeof(__pyx_k_SFTPDir___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir___setstate_cython */
+  {__pyx_k_SFTPDir_closedir, sizeof(__pyx_k_SFTPDir_closedir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir_closedir */
+  {__pyx_k_SFTPDir_eof, sizeof(__pyx_k_SFTPDir_eof), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir_eof */
+  {__pyx_k_SFTPDir_readdir, sizeof(__pyx_k_SFTPDir_readdir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPDir_readdir */
+  {__pyx_k_SFTPError, sizeof(__pyx_k_SFTPError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPError */
+  {__pyx_k_SFTPFile, sizeof(__pyx_k_SFTPFile), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile */
+  {__pyx_k_SFTPFile___enter, sizeof(__pyx_k_SFTPFile___enter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile___enter */
+  {__pyx_k_SFTPFile___exit, sizeof(__pyx_k_SFTPFile___exit), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile___exit */
+  {__pyx_k_SFTPFile___reduce_cython, sizeof(__pyx_k_SFTPFile___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile___reduce_cython */
+  {__pyx_k_SFTPFile___setstate_cython, sizeof(__pyx_k_SFTPFile___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile___setstate_cython */
+  {__pyx_k_SFTPFile_async_read, sizeof(__pyx_k_SFTPFile_async_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_async_read */
+  {__pyx_k_SFTPFile_async_read_begin, sizeof(__pyx_k_SFTPFile_async_read_begin), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_async_read_begin */
+  {__pyx_k_SFTPFile_close, sizeof(__pyx_k_SFTPFile_close), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_close */
+  {__pyx_k_SFTPFile_fstat, sizeof(__pyx_k_SFTPFile_fstat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_fstat */
+  {__pyx_k_SFTPFile_fstatvfs, sizeof(__pyx_k_SFTPFile_fstatvfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_fstatvfs */
+  {__pyx_k_SFTPFile_fsync, sizeof(__pyx_k_SFTPFile_fsync), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_fsync */
+  {__pyx_k_SFTPFile_read, sizeof(__pyx_k_SFTPFile_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_read */
+  {__pyx_k_SFTPFile_rewind, sizeof(__pyx_k_SFTPFile_rewind), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_rewind */
+  {__pyx_k_SFTPFile_seek, sizeof(__pyx_k_SFTPFile_seek), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_seek */
+  {__pyx_k_SFTPFile_seek64, sizeof(__pyx_k_SFTPFile_seek64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_seek64 */
+  {__pyx_k_SFTPFile_set_blocking, sizeof(__pyx_k_SFTPFile_set_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_set_blocking */
+  {__pyx_k_SFTPFile_set_nonblocking, sizeof(__pyx_k_SFTPFile_set_nonblocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_set_nonblocking */
+  {__pyx_k_SFTPFile_tell, sizeof(__pyx_k_SFTPFile_tell), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_tell */
+  {__pyx_k_SFTPFile_tell64, sizeof(__pyx_k_SFTPFile_tell64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_tell64 */
+  {__pyx_k_SFTPFile_write, sizeof(__pyx_k_SFTPFile_write), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPFile_write */
+  {__pyx_k_SFTPHandleError, sizeof(__pyx_k_SFTPHandleError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPHandleError */
+  {__pyx_k_StopIteration, sizeof(__pyx_k_StopIteration), 0, 1, 1}, /* PyObject cname: __pyx_n_u_StopIteration */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k__3, sizeof(__pyx_k__3), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__3 */
+  {__pyx_k_add_note, sizeof(__pyx_k_add_note), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_add_note */
+  {__pyx_k_args, sizeof(__pyx_k_args), 0, 1, 1}, /* PyObject cname: __pyx_n_u_args */
+  {__pyx_k_async_read, sizeof(__pyx_k_async_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_async_read */
+  {__pyx_k_async_read_begin, sizeof(__pyx_k_async_read_begin), 0, 1, 1}, /* PyObject cname: __pyx_n_u_async_read_begin */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_attrs, sizeof(__pyx_k_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_attrs */
+  {__pyx_k_buf, sizeof(__pyx_k_buf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_buf */
+  {__pyx_k_c_attrs, sizeof(__pyx_k_c_attrs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_attrs */
+  {__pyx_k_c_buf, sizeof(__pyx_k_c_buf), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_buf */
+  {__pyx_k_c_data, sizeof(__pyx_k_c_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_data */
+  {__pyx_k_c_vfs, sizeof(__pyx_k_c_vfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_c_vfs */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_close, sizeof(__pyx_k_close), 0, 1, 1}, /* PyObject cname: __pyx_n_u_close */
+  {__pyx_k_closedir, sizeof(__pyx_k_closedir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_closedir */
+  {__pyx_k_data, sizeof(__pyx_k_data), 0, 1, 1}, /* PyObject cname: __pyx_n_u_data */
+  {__pyx_k_data_len, sizeof(__pyx_k_data_len), 0, 1, 1}, /* PyObject cname: __pyx_n_u_data_len */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_enter, sizeof(__pyx_k_enter), 0, 1, 1}, /* PyObject cname: __pyx_n_u_enter */
+  {__pyx_k_eof, sizeof(__pyx_k_eof), 0, 1, 1}, /* PyObject cname: __pyx_n_u_eof */
+  {__pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exceptions */
+  {__pyx_k_exit, sizeof(__pyx_k_exit), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exit */
+  {__pyx_k_fstat, sizeof(__pyx_k_fstat), 0, 1, 1}, /* PyObject cname: __pyx_n_u_fstat */
+  {__pyx_k_fstatvfs, sizeof(__pyx_k_fstatvfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_fstatvfs */
+  {__pyx_k_fsync, sizeof(__pyx_k_fsync), 0, 1, 1}, /* PyObject cname: __pyx_n_u_fsync */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_id, sizeof(__pyx_k_id), 0, 1, 1}, /* PyObject cname: __pyx_n_u_id */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_length, sizeof(__pyx_k_length), 0, 1, 1}, /* PyObject cname: __pyx_n_u_length */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_offset, sizeof(__pyx_k_offset), 0, 1, 1}, /* PyObject cname: __pyx_n_u_offset */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_rc, sizeof(__pyx_k_rc), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rc */
+  {__pyx_k_read, sizeof(__pyx_k_read), 0, 1, 1}, /* PyObject cname: __pyx_n_u_read */
+  {__pyx_k_readdir, sizeof(__pyx_k_readdir), 0, 1, 1}, /* PyObject cname: __pyx_n_u_readdir */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_rewind, sizeof(__pyx_k_rewind), 0, 1, 1}, /* PyObject cname: __pyx_n_u_rewind */
+  {__pyx_k_seek, sizeof(__pyx_k_seek), 0, 1, 1}, /* PyObject cname: __pyx_n_u_seek */
+  {__pyx_k_seek64, sizeof(__pyx_k_seek64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_seek64 */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_self__dir_cannot_be_converted_to, sizeof(__pyx_k_self__dir_cannot_be_converted_to), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_self__dir_cannot_be_converted_to */
+  {__pyx_k_self__file_cannot_be_converted_t, sizeof(__pyx_k_self__file_cannot_be_converted_t), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_self__file_cannot_be_converted_t */
+  {__pyx_k_set_blocking, sizeof(__pyx_k_set_blocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_blocking */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_set_nonblocking, sizeof(__pyx_k_set_nonblocking), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_nonblocking */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_size, sizeof(__pyx_k_size), 0, 1, 1}, /* PyObject cname: __pyx_n_u_size */
+  {__pyx_k_size_2, sizeof(__pyx_k_size_2), 0, 1, 1}, /* PyObject cname: __pyx_n_u_size_2 */
+  {__pyx_k_ssh_sftp_handles, sizeof(__pyx_k_ssh_sftp_handles), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_sftp_handles */
+  {__pyx_k_ssh_sftp_handles_pyx, sizeof(__pyx_k_ssh_sftp_handles_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_sftp_handles_pyx */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_tell, sizeof(__pyx_k_tell), 0, 1, 1}, /* PyObject cname: __pyx_n_u_tell */
+  {__pyx_k_tell64, sizeof(__pyx_k_tell64), 0, 1, 1}, /* PyObject cname: __pyx_n_u_tell64 */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_vfs, sizeof(__pyx_k_vfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_vfs */
+  {__pyx_k_write, sizeof(__pyx_k_write), 0, 1, 1}, /* PyObject cname: __pyx_n_u_write */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
 
-/* KeywordStringCheck */
-static int __Pyx_CheckKeywordStrings(
-    PyObject *kwdict,
-    const char* function_name,
-    int kw_allowed)
-{
-    PyObject* key = 0;
-    Py_ssize_t pos = 0;
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_StopIteration = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_StopIteration); if (!__pyx_builtin_StopIteration) __PYX_ERR(0, 50, __pyx_L1_error)
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 89, __pyx_L1_error)
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "ssh/sftp_handles.pyx":81
+ *             c_sftp.sftp_file_set_blocking(self._file)
+ * 
+ *     def read(self, size_t size=1048576):             # <<<<<<<<<<<<<<
+ *         cdef ssize_t _size
+ *         cdef bytes buf = b''
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(1, __pyx_mstate_global->__pyx_int_1048576); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(0, 81, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_0 = PyLong_FromLong(0); if (unlikely(!__pyx_mstate->__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_int_1048576 = PyLong_FromLong(1048576L); if (unlikely(!__pyx_mstate->__pyx_int_1048576)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 3;
+            unsigned int flags : 10;
+            unsigned int first_line : 8;
+            unsigned int line_table_length : 12;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 37, 7};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_enter, __pyx_k_A_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS|CO_VARARGS), 40, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_args};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_exit, __pyx_k_A_F, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 52, 64};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_attrs, __pyx_mstate->__pyx_n_u_c_attrs};
+    __pyx_mstate_global->__pyx_codeobj_tab[2] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_fstat, __pyx_k_A_Kq_A_83a_q_E_y_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[2])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 62, 68};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[3] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_close, __pyx_k_A_4q_1_4q_3b_q_E_Ja_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[3])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 73, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[4] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_set_nonblocking, __pyx_k_A_AT, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[4])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 77, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[5] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_set_blocking, __pyx_k_A_a, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[5])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 81, 93};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_size_2, __pyx_mstate->__pyx_n_u_buf, __pyx_mstate->__pyx_n_u_c_buf};
+    __pyx_mstate_global->__pyx_codeobj_tab[6] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_read, __pyx_k_q_HF_vS_AT_vRq_e2Q_wa, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[6])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 98, 55};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_length, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[7] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_async_read_begin, __pyx_k_q_Qd_3b_q_E_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[7])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 106, 145};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_id, __pyx_mstate->__pyx_n_u_length, __pyx_mstate->__pyx_n_u_size, __pyx_mstate->__pyx_n_u_buf, __pyx_mstate->__pyx_n_u_c_buf};
+    __pyx_mstate_global->__pyx_codeobj_tab[8] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_async_read, __pyx_k_7q_HF_vS_hgXQ_uBa_e2Q_b_5_1_1M, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[8])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 5, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 128, 67};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_data, __pyx_mstate->__pyx_n_u_rc, __pyx_mstate->__pyx_n_u_c_data, __pyx_mstate->__pyx_n_u_data_len};
+    __pyx_mstate_global->__pyx_codeobj_tab[9] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_write, __pyx_k_A_s_1_4xxq_3b_1M_e81_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[9])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 138, 51};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_offset, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[10] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_seek, __pyx_k_A_z_ha_3b_q_E_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[10])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 146, 51};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_offset, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[11] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_seek64, __pyx_k_A_1D_3b_q_E_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[11])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 154, 49};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[12] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_tell, __pyx_k_A_z_a_3b_q_E_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[12])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 162, 49};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[13] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_tell64, __pyx_k_A_1D_3b_q_E_q_2, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[13])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 170, 14};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[14] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_rewind, __pyx_k_A_at1, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[14])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 3, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 174, 64};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_vfs, __pyx_mstate->__pyx_n_u_c_vfs};
+    __pyx_mstate_global->__pyx_codeobj_tab[15] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_fstatvfs, __pyx_k_A_Q_6_A_q_E_7_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[15])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 184, 49};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[16] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_fsync, __pyx_k_A_4q_3b_q_E_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[16])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[17] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[17])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[18] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[18])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 206, 7};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[19] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_enter, __pyx_k_A_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[19])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS|CO_VARARGS), 209, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_args};
+    __pyx_mstate_global->__pyx_codeobj_tab[20] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_exit, __pyx_k_A_IQ, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[20])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 226, 25};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[21] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_eof, __pyx_k_A_AT_t1A, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[21])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 232, 68};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_rc};
+    __pyx_mstate_global->__pyx_codeobj_tab[22] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_closedir, __pyx_k_A_4q_1_Qd_3b_q_E_Ja_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[22])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 243, 72};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[23] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_sftp_handles_pyx, __pyx_mstate->__pyx_n_u_readdir, __pyx_k_A_M_e84q_at7_Q_S_y_a_q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[23])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[24] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[24])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[25] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[25])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
+    r = PyLong_AsVoidPtr(p);
+end:
+    Py_XDECREF(p);
+    Py_XDECREF(m);
+    return (__Pyx_RefNannyAPIStruct *)r;
+}
+#endif
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* PyObjectFastCallMethod */
+#if !CYTHON_VECTORCALL || PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf) {
+    PyObject *result;
+    PyObject *attr = PyObject_GetAttr(args[0], name);
+    if (unlikely(!attr))
+        return NULL;
+    result = __Pyx_PyObject_FastCall(attr, args+1, nargsf - 1);
+    Py_DECREF(attr);
+    return result;
+}
+#endif
+
+/* RaiseTooManyValuesToUnpack */
+static CYTHON_INLINE void __Pyx_RaiseTooManyValuesError(Py_ssize_t expected) {
+    PyErr_Format(PyExc_ValueError,
+                 "too many values to unpack (expected %" CYTHON_FORMAT_SSIZE_T "d)", expected);
+}
+
+/* RaiseNeedMoreValuesToUnpack */
+static CYTHON_INLINE void __Pyx_RaiseNeedMoreValuesError(Py_ssize_t index) {
+    PyErr_Format(PyExc_ValueError,
+                 "need more than %" CYTHON_FORMAT_SSIZE_T "d value%.1s to unpack",
+                 index, (index == 1) ? "" : "s");
+}
+
+/* IterFinish */
+static CYTHON_INLINE int __Pyx_IterFinish(void) {
+    PyObject* exc_type;
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    exc_type = __Pyx_PyErr_CurrentExceptionType();
+    if (unlikely(exc_type)) {
+        if (unlikely(!__Pyx_PyErr_GivenExceptionMatches(exc_type, PyExc_StopIteration)))
+            return -1;
+        __Pyx_PyErr_Clear();
+        return 0;
+    }
+    return 0;
+}
+
+/* UnpackItemEndCheck */
+static int __Pyx_IternextUnpackEndCheck(PyObject *retval, Py_ssize_t expected) {
+    if (unlikely(retval)) {
+        Py_DECREF(retval);
+        __Pyx_RaiseTooManyValuesError(expected);
+        return -1;
+    }
+    return __Pyx_IterFinish();
+}
+
+/* PyDictVersioning */
+#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+}
+static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
+    PyObject **dictptr = NULL;
+    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
+    if (offset) {
+#if CYTHON_COMPILING_IN_CPYTHON
+        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
+#else
+        dictptr = _PyObject_GetDictPtr(obj);
+#endif
+    }
+    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+}
+static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
+    PyObject *dict = Py_TYPE(obj)->tp_dict;
+    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
+        return 0;
+    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+}
+#endif
+
+/* GetModuleGlobalName */
+#if CYTHON_USE_DICT_VERSIONS
+static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+#else
+static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+#endif
+{
+    PyObject *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
+        return NULL;
+    }
+    result = PyObject_GetAttr(__pyx_m, name);
+    if (likely(result)) {
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
+    }
+#else
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return __Pyx_NewRef(result);
+    }
+    PyErr_Clear();
+#endif
+    return __Pyx_GetBuiltinName(name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
 #if CYTHON_COMPILING_IN_PYPY
-    if (!kw_allowed && PyDict_Next(kwdict, &pos, &key, 0))
-        goto invalid_keyword;
-    return 1;
 #else
-    while (PyDict_Next(kwdict, &pos, &key, 0)) {
-        #if PY_MAJOR_VERSION < 3
-        if (unlikely(!PyString_Check(key)))
-        #endif
-            if (unlikely(!PyUnicode_Check(key)))
-                goto invalid_keyword_type;
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* GetException */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+#else
+static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+#endif
+{
+    PyObject *local_type = NULL, *local_value, *local_tb = NULL;
+#if CYTHON_FAST_THREAD_STATE
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if PY_VERSION_HEX >= 0x030C0000
+    local_value = tstate->current_exception;
+    tstate->current_exception = 0;
+  #else
+    local_type = tstate->curexc_type;
+    local_value = tstate->curexc_value;
+    local_tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+  #endif
+#elif __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    local_value = PyErr_GetRaisedException();
+#else
+    PyErr_Fetch(&local_type, &local_value, &local_tb);
+#endif
+#if __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    if (likely(local_value)) {
+        local_type = (PyObject*) Py_TYPE(local_value);
+        Py_INCREF(local_type);
+        local_tb = PyException_GetTraceback(local_value);
     }
-    if ((!kw_allowed) && unlikely(key))
-        goto invalid_keyword;
-    return 1;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    return 0;
+#else
+    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
+#if CYTHON_FAST_THREAD_STATE
+    if (unlikely(tstate->curexc_type))
+#else
+    if (unlikely(PyErr_Occurred()))
 #endif
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
+        goto bad;
+    if (local_tb) {
+        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
+            goto bad;
+    }
+#endif // __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    Py_XINCREF(local_tb);
+    Py_XINCREF(local_type);
+    Py_XINCREF(local_value);
+    *type = local_type;
+    *value = local_value;
+    *tb = local_tb;
+#if CYTHON_FAST_THREAD_STATE
+    #if CYTHON_USE_EXC_INFO_STACK
+    {
+        _PyErr_StackItem *exc_info = tstate->exc_info;
+      #if PY_VERSION_HEX >= 0x030B00a4
+        tmp_value = exc_info->exc_value;
+        exc_info->exc_value = local_value;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+        Py_XDECREF(local_type);
+        Py_XDECREF(local_tb);
+      #else
+        tmp_type = exc_info->exc_type;
+        tmp_value = exc_info->exc_value;
+        tmp_tb = exc_info->exc_traceback;
+        exc_info->exc_type = local_type;
+        exc_info->exc_value = local_value;
+        exc_info->exc_traceback = local_tb;
+      #endif
+    }
     #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = local_type;
+    tstate->exc_value = local_value;
+    tstate->exc_traceback = local_tb;
     #endif
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    PyErr_SetHandledException(local_value);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_tb);
+#else
+    PyErr_SetExcInfo(local_type, local_value, local_tb);
+#endif
     return 0;
+#if __PYX_LIMITED_VERSION_HEX <= 0x030C0000
+bad:
+    *type = 0;
+    *value = 0;
+    *tb = 0;
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_tb);
+    return -1;
+#endif
 }
 
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
-    PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
-        return NULL;
-    }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
+/* SwapException */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_value = exc_info->exc_value;
+    exc_info->exc_value = *value;
+    if (tmp_value == NULL || tmp_value == Py_None) {
+        Py_XDECREF(tmp_value);
+        tmp_value = NULL;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+    } else {
+        tmp_type = (PyObject*) Py_TYPE(tmp_value);
+        Py_INCREF(tmp_type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        tmp_tb = ((PyBaseExceptionObject*) tmp_value)->traceback;
+        Py_XINCREF(tmp_tb);
+        #else
+        tmp_tb = PyException_GetTraceback(tmp_value);
+        #endif
     }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
-    return result;
+  #elif CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_type = exc_info->exc_type;
+    tmp_value = exc_info->exc_value;
+    tmp_tb = exc_info->exc_traceback;
+    exc_info->exc_type = *type;
+    exc_info->exc_value = *value;
+    exc_info->exc_traceback = *tb;
+  #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = *type;
+    tstate->exc_value = *value;
+    tstate->exc_traceback = *tb;
+  #endif
+    *type = tmp_type;
+    *value = tmp_value;
+    *tb = tmp_tb;
+}
+#else
+static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb) {
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    PyErr_GetExcInfo(&tmp_type, &tmp_value, &tmp_tb);
+    PyErr_SetExcInfo(*type, *value, *tb);
+    *type = tmp_type;
+    *value = tmp_value;
+    *tb = tmp_tb;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
 #endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
+
+/* GetTopmostException */
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
+static _PyErr_StackItem *
+__Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
+{
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    while ((exc_info->exc_value == NULL || exc_info->exc_value == Py_None) &&
+           exc_info->previous_item != NULL)
+    {
+        exc_info = exc_info->previous_item;
     }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
+    return exc_info;
+}
 #endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
-        }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
-        }
+
+/* SaveResetException */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    PyObject *exc_value = exc_info->exc_value;
+    if (exc_value == NULL || exc_value == Py_None) {
+        *value = NULL;
+        *type = NULL;
+        *tb = NULL;
+    } else {
+        *value = exc_value;
+        Py_INCREF(*value);
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        *tb = PyException_GetTraceback(exc_value);
     }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
-        }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
+  #elif CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    *type = exc_info->exc_type;
+    *value = exc_info->exc_value;
+    *tb = exc_info->exc_traceback;
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #else
+    *type = tstate->exc_type;
+    *value = tstate->exc_value;
+    *tb = tstate->exc_traceback;
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #endif
+}
+static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    PyObject *tmp_value = exc_info->exc_value;
+    exc_info->exc_value = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+  #else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    #if CYTHON_USE_EXC_INFO_STACK
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_type = exc_info->exc_type;
+    tmp_value = exc_info->exc_value;
+    tmp_tb = exc_info->exc_traceback;
+    exc_info->exc_type = type;
+    exc_info->exc_value = value;
+    exc_info->exc_traceback = tb;
+    #else
+    tmp_type = tstate->exc_type;
+    tmp_value = tstate->exc_value;
+    tmp_tb = tstate->exc_traceback;
+    tstate->exc_type = type;
+    tstate->exc_value = value;
+    tstate->exc_traceback = tb;
+    #endif
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+  #endif
+}
+#endif
+
+/* ArgTypeTest */
+static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+{
+    __Pyx_TypeName type_name;
+    __Pyx_TypeName obj_type_name;
+    PyObject *extra_info = __pyx_mstate_global->__pyx_empty_unicode;
+    int from_annotation_subclass = 0;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    else if (!exact) {
+        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+    } else if (exact == 2) {
+        if (__Pyx_TypeCheck(obj, type)) {
+            from_annotation_subclass = 1;
+            extra_info = __pyx_mstate_global->__pyx_kp_u_Note_that_Cython_is_deliberately;
         }
-        nk = i / 2;
     }
-    else {
-        kwtuple = NULL;
-        k = NULL;
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError,
+        "Argument '%.200s' has incorrect type (expected " __Pyx_FMT_TYPENAME
+        ", got " __Pyx_FMT_TYPENAME ")"
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        "%s%U"
+#endif
+        , name, type_name, obj_type_name
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+        , (from_annotation_subclass ? ". " : ""), extra_info
+#endif
+        );
+#if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    if (exact == 2 && from_annotation_subclass) {
+        PyObject *res;
+        PyObject *vargs[2];
+        vargs[0] = PyErr_GetRaisedException();
+        vargs[1] = extra_info;
+        res = PyObject_VectorcallMethod(__pyx_mstate_global->__pyx_kp_u_add_note, vargs, 2, NULL);
+        Py_XDECREF(res);
+        PyErr_SetRaisedException(vargs[0]);
     }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
 #endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
+    __Pyx_DECREF_TypeName(type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
+/* WriteUnraisableException */
+static void __Pyx_WriteUnraisable(const char *name, int clineno,
+                                  int lineno, const char *filename,
+                                  int full_traceback, int nogil) {
+    PyObject *old_exc, *old_val, *old_tb;
+    PyObject *ctx;
+    __Pyx_PyThreadState_declare
+    PyGILState_STATE state;
+    if (nogil)
+        state = PyGILState_Ensure();
+    else state = (PyGILState_STATE)0;
+    CYTHON_UNUSED_VAR(clineno);
+    CYTHON_UNUSED_VAR(lineno);
+    CYTHON_UNUSED_VAR(filename);
+    CYTHON_MAYBE_UNUSED_VAR(nogil);
+    __Pyx_PyThreadState_assign
+    __Pyx_ErrFetch(&old_exc, &old_val, &old_tb);
+    if (full_traceback) {
+        Py_XINCREF(old_exc);
+        Py_XINCREF(old_val);
+        Py_XINCREF(old_tb);
+        __Pyx_ErrRestore(old_exc, old_val, old_tb);
+        PyErr_PrintEx(0);
     }
-    else {
-        d = NULL;
-        nd = 0;
+    ctx = PyUnicode_FromString(name);
+    __Pyx_ErrRestore(old_exc, old_val, old_tb);
+    if (!ctx) {
+        PyErr_WriteUnraisable(Py_None);
+    } else {
+        PyErr_WriteUnraisable(ctx);
+        Py_DECREF(ctx);
     }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
+    if (nogil)
+        PyGILState_Release(state);
+}
+
+/* ExtTypeTest */
+static CYTHON_INLINE int __Pyx_TypeTest(PyObject *obj, PyTypeObject *type) {
+    __Pyx_TypeName obj_type_name;
+    __Pyx_TypeName type_name;
+    if (unlikely(!type)) {
+        PyErr_SetString(PyExc_SystemError, "Missing type object");
+        return 0;
+    }
+    if (likely(__Pyx_TypeCheck(obj, type)))
+        return 1;
+    obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    type_name = __Pyx_PyType_GetFullyQualifiedName(type);
+    PyErr_Format(PyExc_TypeError,
+                 "Cannot convert " __Pyx_FMT_TYPENAME " to " __Pyx_FMT_TYPENAME,
+                 obj_type_name, type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
 #else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
 }
 #endif
-#endif
 
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
         PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
     }
-    return result;
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
 }
 #endif
 
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
     }
     return result;
 }
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
 #endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
 
 /* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
     }
-#endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
 #else
-    if (likely(PyCFunction_Check(func)))
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
 #endif
-    {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
         }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+#endif
+    *method = attr;
+    return 0;
 }
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
 #endif
+}
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
     }
+    return 0;
 }
 #endif
 
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
     }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
 #endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
+#else
+        (void)__Pyx_PyObject_CallMethod0;
 #endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
         }
+        Py_DECREF(gc);
+    #endif
     }
-    return __Pyx__PyObject_CallOneArg(func, arg);
+#endif
+    return r;
+#endif
 }
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
 #endif
-
-/* RaiseTooManyValuesToUnpack */
-static CYTHON_INLINE void __Pyx_RaiseTooManyValuesError(Py_ssize_t expected) {
-    PyErr_Format(PyExc_ValueError,
-                 "too many values to unpack (expected %" CYTHON_FORMAT_SSIZE_T "d)", expected);
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
 }
 
-/* RaiseNeedMoreValuesToUnpack */
-static CYTHON_INLINE void __Pyx_RaiseNeedMoreValuesError(Py_ssize_t index) {
-    PyErr_Format(PyExc_ValueError,
-                 "need more than %" CYTHON_FORMAT_SSIZE_T "d value%.1s to unpack",
-                 index, (index == 1) ? "" : "s");
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
 }
 
-/* IterFinish */
-static CYTHON_INLINE int __Pyx_IterFinish(void) {
-#if CYTHON_FAST_THREAD_STATE
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject* exc_type = tstate->curexc_type;
-    if (unlikely(exc_type)) {
-        if (likely(__Pyx_PyErr_GivenExceptionMatches(exc_type, PyExc_StopIteration))) {
-            PyObject *exc_value, *exc_tb;
-            exc_value = tstate->curexc_value;
-            exc_tb = tstate->curexc_traceback;
-            tstate->curexc_type = 0;
-            tstate->curexc_value = 0;
-            tstate->curexc_traceback = 0;
-            Py_DECREF(exc_type);
-            Py_XDECREF(exc_value);
-            Py_XDECREF(exc_tb);
-            return 0;
-        } else {
-            return -1;
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
         }
     }
-    return 0;
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
 #else
-    if (unlikely(PyErr_Occurred())) {
-        if (likely(PyErr_ExceptionMatches(PyExc_StopIteration))) {
-            PyErr_Clear();
-            return 0;
-        } else {
-            return -1;
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
         }
     }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
     return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
 #endif
-}
-
-/* UnpackItemEndCheck */
-static int __Pyx_IternextUnpackEndCheck(PyObject *retval, Py_ssize_t expected) {
-    if (unlikely(retval)) {
-        Py_DECREF(retval);
-        __Pyx_RaiseTooManyValuesError(expected);
-        return -1;
-    } else {
-        return __Pyx_IterFinish();
     }
-    return 0;
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
 }
 
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-}
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
 #endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
 
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
 #endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
         }
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
-}
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
 #else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
-    }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
                 }
             }
+            PyType_Modified((PyTypeObject*)type_obj);
         }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
         }
-    } else {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
         goto bad;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
-        } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
-        }
-        PyException_SetCause(value, fixed_cause);
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
         }
-#endif
     }
+    return (PyTypeObject *)result;
 bad:
-    Py_XDECREF(owned_instance);
-    return;
+    Py_XDECREF(result);
+    return NULL;
 }
 #endif
 
-/* PyDictVersioning */
-#if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    return likely(dict) ? __PYX_GET_DICT_VERSION(dict) : 0;
+/* ListPack */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...) {
+    va_list va;
+    PyObject *l = PyList_New(n);
+    va_start(va, n);
+    if (unlikely(!l)) goto end;
+    for (Py_ssize_t i=0; i<n; ++i) {
+        PyObject *arg = va_arg(va, PyObject*);
+        Py_INCREF(arg);
+        if (__Pyx_PyList_SET_ITEM(l, i, arg) != (0)) {
+            Py_CLEAR(l);
+            goto end;
+        }
+    }
+    end:
+    va_end(va);
+    return l;
 }
-static CYTHON_INLINE PY_UINT64_T __Pyx_get_object_dict_version(PyObject *obj) {
-    PyObject **dictptr = NULL;
-    Py_ssize_t offset = Py_TYPE(obj)->tp_dictoffset;
-    if (offset) {
-#if CYTHON_COMPILING_IN_CPYTHON
-        dictptr = (likely(offset > 0)) ? (PyObject **) ((char *)obj + offset) : _PyObject_GetDictPtr(obj);
-#else
-        dictptr = _PyObject_GetDictPtr(obj);
-#endif
+
+/* Import */
+static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
+    PyObject *module = 0;
+    PyObject *empty_dict = 0;
+    PyObject *empty_list = 0;
+    empty_dict = PyDict_New();
+    if (unlikely(!empty_dict))
+        goto bad;
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
+            module = PyImport_ImportModuleLevelObject(
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
+        }
+        level = 0;
     }
-    return (dictptr && *dictptr) ? __PYX_GET_DICT_VERSION(*dictptr) : 0;
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
+    }
+bad:
+    Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
+    return module;
 }
-static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UINT64_T tp_dict_version, PY_UINT64_T obj_dict_version) {
-    PyObject *dict = Py_TYPE(obj)->tp_dict;
-    if (unlikely(!dict) || unlikely(tp_dict_version != __PYX_GET_DICT_VERSION(dict)))
-        return 0;
-    return obj_dict_version == __Pyx_get_object_dict_version(obj);
+
+/* ImportFrom */
+static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
+    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
+    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u__2);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
+        }
+        #else
+        value = PyImport_GetModule(full_name);
+        #endif
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
+    }
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
+    }
+    return value;
+}
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
 }
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
 #endif
+    return value;
+}
 
-/* GetModuleGlobalName */
-#if CYTHON_USE_DICT_VERSIONS
-static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value)
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
 #else
-static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
+        result->ob_type = metaclass;
 #endif
-{
-    PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
-        return NULL;
+        Py_DECREF(old_tp);
     }
+    return result;
+}
 #else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    }
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
 #endif
-#else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
     }
-    PyErr_Clear();
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
 #endif
-    return __Pyx_GetBuiltinName(name);
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
 }
-
-/* PyObjectCall2Args */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
-    PyObject *args, *result = NULL;
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyFunction_FastCall(function, args, 2);
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
     }
-    #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyCFunction_FastCall(function, args, 2);
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
     }
-    #endif
-    args = PyTuple_New(2);
-    if (unlikely(!args)) goto done;
-    Py_INCREF(arg1);
-    PyTuple_SET_ITEM(args, 0, arg1);
-    Py_INCREF(arg2);
-    PyTuple_SET_ITEM(args, 1, arg2);
-    Py_INCREF(function);
-    result = __Pyx_PyObject_Call(function, args, NULL);
-    Py_DECREF(args);
-    Py_DECREF(function);
 done:
-    return result;
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
 }
 
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
-{
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
 }
-
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
-{
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
-        #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
-                }
-            }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
-        } else {
-            goto invalid_keyword;
-        }
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
     }
     return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
-    PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
-    PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
     #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
     #endif
-bad:
-    return -1;
+    return result;
 }
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
 
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
 {
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
     }
-    if (exact) {
-        more_or_less = "exactly";
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
     }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
 }
+#endif
 
-/* GetException */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb)
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
 #endif
-{
-    PyObject *local_type, *local_value, *local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    local_type = tstate->curexc_type;
-    local_value = tstate->curexc_value;
-    local_tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #else
-    PyErr_Fetch(&local_type, &local_value, &local_tb);
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
 #endif
-    PyErr_NormalizeException(&local_type, &local_value, &local_tb);
-#if CYTHON_FAST_THREAD_STATE
-    if (unlikely(tstate->curexc_type))
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
 #else
-    if (unlikely(PyErr_Occurred()))
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
 #endif
-        goto bad;
-    #if PY_MAJOR_VERSION >= 3
-    if (local_tb) {
-        if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
-            goto bad;
     }
-    #endif
-    Py_XINCREF(local_tb);
-    Py_XINCREF(local_type);
-    Py_XINCREF(local_value);
-    *type = local_type;
-    *value = local_value;
-    *tb = local_tb;
-#if CYTHON_FAST_THREAD_STATE
-    #if CYTHON_USE_EXC_INFO_STACK
-    {
-        _PyErr_StackItem *exc_info = tstate->exc_info;
-        tmp_type = exc_info->exc_type;
-        tmp_value = exc_info->exc_value;
-        tmp_tb = exc_info->exc_traceback;
-        exc_info->exc_type = local_type;
-        exc_info->exc_value = local_value;
-        exc_info->exc_traceback = local_tb;
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
     }
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = local_type;
-    tstate->exc_value = local_value;
-    tstate->exc_traceback = local_tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
 #else
-    PyErr_SetExcInfo(local_type, local_value, local_tb);
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
-    return 0;
-bad:
-    *type = 0;
-    *value = 0;
-    *tb = 0;
-    Py_XDECREF(local_type);
-    Py_XDECREF(local_value);
-    Py_XDECREF(local_tb);
-    return -1;
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
 }
-
-/* SwapException */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    tmp_type = exc_info->exc_type;
-    tmp_value = exc_info->exc_value;
-    tmp_tb = exc_info->exc_traceback;
-    exc_info->exc_type = *type;
-    exc_info->exc_value = *value;
-    exc_info->exc_traceback = *tb;
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = *type;
-    tstate->exc_value = *value;
-    tstate->exc_traceback = *tb;
-    #endif
-    *type = tmp_type;
-    *value = tmp_value;
-    *tb = tmp_tb;
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-#else
-static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    PyErr_GetExcInfo(&tmp_type, &tmp_value, &tmp_tb);
-    PyErr_SetExcInfo(*type, *value, *tb);
-    *type = tmp_type;
-    *value = tmp_value;
-    *tb = tmp_tb;
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
-#endif
-
-/* GetTopmostException */
-#if CYTHON_USE_EXC_INFO_STACK
-static _PyErr_StackItem *
-__Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
 {
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    while ((exc_info->exc_type == NULL || exc_info->exc_type == Py_None) &&
-           exc_info->previous_item != NULL)
-    {
-        exc_info = exc_info->previous_item;
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
     }
-    return exc_info;
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
 }
-#endif
-
-/* SaveResetException */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
-    *type = exc_info->exc_type;
-    *value = exc_info->exc_value;
-    *tb = exc_info->exc_traceback;
-    #else
-    *type = tstate->exc_type;
-    *value = tstate->exc_value;
-    *tb = tstate->exc_traceback;
-    #endif
-    Py_XINCREF(*type);
-    Py_XINCREF(*value);
-    Py_XINCREF(*tb);
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
 }
-static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
-    _PyErr_StackItem *exc_info = tstate->exc_info;
-    tmp_type = exc_info->exc_type;
-    tmp_value = exc_info->exc_value;
-    tmp_tb = exc_info->exc_traceback;
-    exc_info->exc_type = type;
-    exc_info->exc_value = value;
-    exc_info->exc_traceback = tb;
-    #else
-    tmp_type = tstate->exc_type;
-    tmp_value = tstate->exc_value;
-    tmp_tb = tstate->exc_traceback;
-    tstate->exc_type = type;
-    tstate->exc_value = value;
-    tstate->exc_traceback = tb;
-    #endif
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-#endif
-
-/* ArgTypeTest */
-static int __Pyx__ArgTypeTest(PyObject *obj, PyTypeObject *type, const char *name, int exact)
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
 {
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
     }
-    else if (exact) {
-        #if PY_MAJOR_VERSION == 2
-        if ((type == &PyBaseString_Type) && likely(__Pyx_PyBaseString_CheckExact(obj))) return 1;
-        #endif
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
     }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
     else {
-        if (likely(__Pyx_TypeCheck(obj, type))) return 1;
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
     }
-    PyErr_Format(PyExc_TypeError,
-        "Argument '%.200s' has incorrect type (expected %.200s, got %.200s)",
-        name, type->tp_name, Py_TYPE(obj)->tp_name);
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
 }
-
-/* WriteUnraisableException */
-static void __Pyx_WriteUnraisable(const char *name, CYTHON_UNUSED int clineno,
-                                  CYTHON_UNUSED int lineno, CYTHON_UNUSED const char *filename,
-                                  int full_traceback, CYTHON_UNUSED int nogil) {
-    PyObject *old_exc, *old_val, *old_tb;
-    PyObject *ctx;
-    __Pyx_PyThreadState_declare
-#ifdef WITH_THREAD
-    PyGILState_STATE state;
-    if (nogil)
-        state = PyGILState_Ensure();
-#ifdef _MSC_VER
-    else state = (PyGILState_STATE)-1;
-#endif
-#endif
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&old_exc, &old_val, &old_tb);
-    if (full_traceback) {
-        Py_XINCREF(old_exc);
-        Py_XINCREF(old_val);
-        Py_XINCREF(old_tb);
-        __Pyx_ErrRestore(old_exc, old_val, old_tb);
-        PyErr_PrintEx(1);
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
     }
-    #if PY_MAJOR_VERSION < 3
-    ctx = PyString_FromString(name);
-    #else
-    ctx = PyUnicode_FromString(name);
-    #endif
-    __Pyx_ErrRestore(old_exc, old_val, old_tb);
-    if (!ctx) {
-        PyErr_WriteUnraisable(Py_None);
-    } else {
-        PyErr_WriteUnraisable(ctx);
-        Py_DECREF(ctx);
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
     }
-#ifdef WITH_THREAD
-    if (nogil)
-        PyGILState_Release(state);
-#endif
+    Py_INCREF(result);
+    return result;
 }
-
-/* ExtTypeTest */
-static CYTHON_INLINE int __Pyx_TypeTest(PyObject *obj, PyTypeObject *type) {
-    if (unlikely(!type)) {
-        PyErr_SetString(PyExc_SystemError, "Missing type object");
-        return 0;
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
     }
-    if (likely(__Pyx_TypeCheck(obj, type)))
-        return 1;
-    PyErr_Format(PyExc_TypeError, "Cannot convert %.200s to %.200s",
-                 Py_TYPE(obj)->tp_name, type->tp_name);
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
 }
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
 #endif
-    return NULL;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
-    #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
-        }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
-    return descr;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
 }
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
-    }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
 }
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
 }
-#endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
-    PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
     }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
-    }
-    return result;
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
 }
-static int __Pyx_setup_reduce(PyObject* type_obj) {
-    int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
-    }
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
         }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
         }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
 #endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
     return ret;
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
     }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
-
-/* Import */
-static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
-    PyObject *module = 0;
-    PyObject *global_dict = 0;
-    PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
-    empty_dict = PyDict_New();
-    if (!empty_dict)
-        goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
-        }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
-            module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
-        }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
-    Py_XDECREF(empty_dict);
-    return module;
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
 }
 
-/* ImportFrom */
-static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
-    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
-    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
-        #else
-            "cannot import name %S", name);
-        #endif
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return value;
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -8954,11 +14512,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -8986,130 +14545,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -9140,7 +14765,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -9150,6 +14775,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -9174,7 +14800,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *x) {
+static CYTHON_INLINE size_t __Pyx_PyLong_As_size_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9184,179 +14810,237 @@ static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(size_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(size_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (size_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        size_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (size_t) -1;
+        val = __Pyx_PyLong_As_size_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (size_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(size_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(size_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(size_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) >= 2 * PyLong_SHIFT)) {
                             return (size_t) (((((size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(size_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) >= 3 * PyLong_SHIFT)) {
                             return (size_t) (((((((size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(size_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) >= 4 * PyLong_SHIFT)) {
                             return (size_t) (((((((((size_t)digits[3]) << PyLong_SHIFT) | (size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (size_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (size_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(size_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(size_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(size_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(size_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (size_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(size_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(size_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(size_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(size_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (size_t) (((size_t)-1)*(((((size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(size_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (size_t) ((((((size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (size_t) (((size_t)-1)*(((((((size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(size_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (size_t) ((((((((size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (size_t) (((size_t)-1)*(((((((((size_t)digits[3]) << PyLong_SHIFT) | (size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(size_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(size_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(size_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(size_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (size_t) ((((((((((size_t)digits[3]) << PyLong_SHIFT) | (size_t)digits[2]) << PyLong_SHIFT) | (size_t)digits[1]) << PyLong_SHIFT) | (size_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(size_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, long, PyLong_AsLong(x))
+        if ((sizeof(size_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(size_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(size_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(size_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(size_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        size_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (size_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            size_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (size_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (size_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (size_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(size_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((size_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(size_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((size_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((size_t) 1) << (sizeof(size_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (size_t) -1;
-        }
-    } else {
-        size_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (size_t) -1;
-        val = __Pyx_PyInt_As_size_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9370,7 +15054,7 @@ static CYTHON_INLINE size_t __Pyx_PyInt_As_size_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
+static CYTHON_INLINE uint32_t __Pyx_PyLong_As_uint32_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9380,179 +15064,237 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint32_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint32_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint32_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint32_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint32_t) -1;
+        val = __Pyx_PyLong_As_uint32_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) >= 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint32_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint32_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint32_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint32_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint32_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint32_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint32_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint32_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint32_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) (((uint32_t)-1)*(((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint32_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint32_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint32_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint32_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint32_t) ((((((((((uint32_t)digits[3]) << PyLong_SHIFT) | (uint32_t)digits[2]) << PyLong_SHIFT) | (uint32_t)digits[1]) << PyLong_SHIFT) | (uint32_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint32_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint32_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint32_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint32_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint32_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint32_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint32_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint32_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint32_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint32_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint32_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint32_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint32_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint32_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint32_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint32_t) 1) << (sizeof(uint32_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint32_t) -1;
-        }
-    } else {
-        uint32_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint32_t) -1;
-        val = __Pyx_PyInt_As_uint32_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9566,7 +15308,7 @@ static CYTHON_INLINE uint32_t __Pyx_PyInt_As_uint32_t(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
+static CYTHON_INLINE uint64_t __Pyx_PyLong_As_uint64_t(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9576,179 +15318,237 @@ static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(uint64_t) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(uint64_t, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (uint64_t) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        uint64_t val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (uint64_t) -1;
+        val = __Pyx_PyLong_As_uint64_t(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint64_t) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(uint64_t, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint64_t, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(uint64_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 2 * PyLong_SHIFT)) {
                             return (uint64_t) (((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint64_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 3 * PyLong_SHIFT)) {
                             return (uint64_t) (((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint64_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) >= 4 * PyLong_SHIFT)) {
                             return (uint64_t) (((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (uint64_t) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (uint64_t) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(uint64_t) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(uint64_t) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (uint64_t) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(uint64_t, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(uint64_t,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(uint64_t, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(uint64_t) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(uint64_t) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(uint64_t) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((((uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint64_t) (((uint64_t)-1)*(((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(uint64_t) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(uint64_t) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(uint64_t, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(uint64_t) - 1 > 4 * PyLong_SHIFT)) {
                             return (uint64_t) ((((((((((uint64_t)digits[3]) << PyLong_SHIFT) | (uint64_t)digits[2]) << PyLong_SHIFT) | (uint64_t)digits[1]) << PyLong_SHIFT) | (uint64_t)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(uint64_t) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, long, PyLong_AsLong(x))
+        if ((sizeof(uint64_t) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(uint64_t, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(uint64_t) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(uint64_t, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        uint64_t val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (uint64_t) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            uint64_t val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (uint64_t) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (uint64_t) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (uint64_t) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(uint64_t) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((uint64_t) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(uint64_t) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((uint64_t) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((uint64_t) 1) << (sizeof(uint64_t) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (uint64_t) -1;
-        }
-    } else {
-        uint64_t val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (uint64_t) -1;
-        val = __Pyx_PyInt_As_uint64_t(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -9761,8 +15561,40 @@ static CYTHON_INLINE uint64_t __Pyx_PyInt_As_uint64_t(PyObject *x) {
     return (uint64_t) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9774,17 +15606,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -9792,15 +15624,119 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
+        unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        return _PyLong_FromByteArray(bytes, sizeof(int),
+                                     little, !is_unsigned);
+#else
         int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* CIntToPy */
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From___pyx_anon_enum(int value) {
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wconversion"
+#endif
+    const int neg_one = (int) -1, const_zero = (int) 0;
+#ifdef __Pyx_HAS_GCC_DIAGNOSTIC
+#pragma GCC diagnostic pop
+#endif
+    const int is_unsigned = neg_one > const_zero;
+    if (is_unsigned) {
+        if (sizeof(int) < sizeof(long)) {
+            return PyLong_FromLong((long) value);
+        } else if (sizeof(int) <= sizeof(unsigned long)) {
+            return PyLong_FromUnsignedLong((unsigned long) value);
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
+        } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
+            return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
+#endif
+        }
+    } else {
+        if (sizeof(int) <= sizeof(long)) {
+            return PyLong_FromLong((long) value);
+#ifdef HAVE_LONG_LONG
+        } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
+            return PyLong_FromLongLong((PY_LONG_LONG) value);
+#endif
+        }
+    }
+    {
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_long(unsigned long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_unsigned_long(unsigned long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9812,17 +15748,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_long(unsigned long valu
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(unsigned long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(unsigned long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(unsigned long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(unsigned long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(unsigned long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -9830,15 +15766,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_unsigned_long(unsigned long valu
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(unsigned long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(unsigned long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9850,17 +15819,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint64_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint64_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint64_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -9868,15 +15837,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint64_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint64_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
     }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__3);
+    }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9888,17 +15929,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -9906,15 +15947,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -9924,179 +15998,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -10110,7 +16242,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -10120,179 +16252,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -10309,7 +16499,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -10330,51 +16520,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -10405,109 +16582,273 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -10519,25 +16860,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -10560,95 +16901,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -10687,33 +16999,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/sftp_handles.pxd b/ssh/sftp_handles.pxd
index 78f55723..b902e119 100644
--- a/ssh/sftp_handles.pxd
+++ b/ssh/sftp_handles.pxd
@@ -1,23 +1,24 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from sftp cimport SFTP
-from sftp_attributes cimport SFTPAttributes
+from .sftp cimport SFTP
+from .sftp_attributes cimport SFTPAttributes
 
-cimport c_sftp
+from . cimport c_sftp
 
 
 cdef class SFTPFile:
diff --git a/ssh/sftp_handles.pyx b/ssh/sftp_handles.pyx
index 79f2f397..780bd417 100644
--- a/ssh/sftp_handles.pyx
+++ b/ssh/sftp_handles.pyx
@@ -1,28 +1,29 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from libc.stdlib cimport malloc, free
 
-from sftp_attributes cimport SFTPAttributes
-from sftp_statvfs cimport SFTPStatVFS
+from .sftp_attributes cimport SFTPAttributes
+from .sftp_statvfs cimport SFTPStatVFS
 
 from .exceptions import SFTPError, SFTPHandleError
 
-from c_ssh cimport uint32_t, uint64_t, ssh_get_error, SSH_ERROR, SSH_AGAIN
-cimport c_sftp
+from .c_ssh cimport uint32_t, uint64_t, ssh_get_error, SSH_ERROR, SSH_AGAIN
+from . cimport c_sftp
 
 
 cdef class SFTPFile:
diff --git a/ssh/sftp_statvfs.c b/ssh/sftp_statvfs.c
index 60ae15cc..75c05a5d 100644
--- a/ssh/sftp_statvfs.c
+++ b/ssh/sftp_statvfs.c
@@ -1,22 +1,58 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.sftp_statvfs",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/sftp_statvfs.pyx"
+        ]
+    },
+    "module_name": "ssh.sftp_statvfs"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +71,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +79,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +104,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +325,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
+  #endif
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
 #endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
+#endif
+#endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +408,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +428,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +452,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
+        #else
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +531,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +570,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +649,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +666,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
+#else
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +877,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,80 +908,204 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
-#endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
-#else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
-#else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
-#endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
-    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
+#endif
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
+#else
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
+  #define __Pyx_pyiter_sendfunc sendfunc
 #endif
-#ifndef __Pyx_PyAsyncMethodsStruct
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
+#else
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
+#endif
+#if __PYX_HAS_PY_AM_SEND < 2
+    #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
+#else
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
-  float value;
-  memset(&value, 0xFF, sizeof(value));
-  return value;
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
+  float value;
+  memset(&value, 0xFF, sizeof(value));
+  return value;
 }
 #endif
 #if defined(__CYGWIN__) && defined(_LDBL_EQ_DBL)
@@ -725,12 +1114,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -754,12 +1161,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -794,140 +1197,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -939,27 +1331,203 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
+
 
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
-  "stringsource",
+static const char* const __pyx_f[] = {
   "ssh/sftp_statvfs.pyx",
+  "<stringsource>",
   "ssh/session.pxd",
   "ssh/sftp.pxd",
 };
+/* #### Code section: utility_code_proto_before_types ### */
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
 struct __pyx_obj_3ssh_7session_Session;
@@ -967,12 +1535,12 @@ struct __pyx_obj_3ssh_4sftp_SFTP;
 struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS;
 
 /* "session.pxd":19
- * cimport c_ssh
+ * from . cimport c_ssh
  * 
  * cdef class Session:             # <<<<<<<<<<<<<<
  *     cdef c_ssh.ssh_session _session
  *     cdef c_ssh.socket_t _sock
- */
+*/
 struct __pyx_obj_3ssh_7session_Session {
   PyObject_HEAD
   ssh_session _session;
@@ -987,7 +1555,7 @@ struct __pyx_obj_3ssh_7session_Session {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 struct __pyx_obj_3ssh_4sftp_SFTP {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtab;
@@ -1002,7 +1570,7 @@ struct __pyx_obj_3ssh_4sftp_SFTP {
  * cdef class SFTPStatVFS:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_statvfs_t _stats
  *     cdef readonly SFTP sftp
- */
+*/
 struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS {
   PyObject_HEAD
   struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtab;
@@ -1018,7 +1586,7 @@ struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS {
  * cdef class SFTP:             # <<<<<<<<<<<<<<
  *     cdef c_sftp.sftp_session _sftp
  *     cdef readonly Session session
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_4sftp_SFTP {
   struct __pyx_obj_3ssh_4sftp_SFTP *(*from_ptr)(sftp_session, struct __pyx_obj_3ssh_7session_Session *);
@@ -1032,12 +1600,13 @@ static struct __pyx_vtabstruct_3ssh_4sftp_SFTP *__pyx_vtabptr_3ssh_4sftp_SFTP;
  * cdef class SFTPStatVFS:             # <<<<<<<<<<<<<<
  * 
  *     def __dealloc__(self):
- */
+*/
 
 struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS {
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *(*from_ptr)(sftp_statvfs_t, struct __pyx_obj_3ssh_4sftp_SFTP *);
 };
 static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS;
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -1046,42 +1615,48 @@ static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtabptr_3s
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1092,6 +1667,10 @@ static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtabptr_3s
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1103,32 +1682,30 @@ static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_vtabptr_3s
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
-/* PyObjectGetAttrStr.proto */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
-#else
-#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
-#endif
-
-/* GetBuiltinName.proto */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name);
-
-/* PyObjectCall.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
 #else
-#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
 #endif
 
 /* PyThreadStateGet.proto */
 #if CYTHON_FAST_THREAD_STATE
 #define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
 #define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
 #else
 #define __Pyx_PyThreadState_declare
 #define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
 #endif
 
 /* PyErrFetchRestore.proto */
@@ -1140,7 +1717,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 #define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
 #define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
 #else
 #define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
@@ -1156,53 +1733,381 @@ static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject
 #define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
 #endif
 
+/* PyObjectGetAttrStr.proto */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
+#else
+#define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
+#endif
+
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
+/* GetBuiltinName.proto */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name);
+
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
+#else
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#endif
+
+/* RaiseArgTupleInvalid.proto */
+static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
+    Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
+
+/* RejectKeywords.proto */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds);
+
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
-/* PyObject_GenericGetAttrNoDict.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name);
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
+/* PyFunctionFastCall.proto */
+#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#define __Pyx_PyFunction_FastCall(func, args, nargs)\
+    __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
+#endif
+#define __Pyx_BUILD_ASSERT_EXPR(cond)\
+    (sizeof(char [1 - 2*!(cond)]) - 1)
+#ifndef Py_MEMBER_SIZE
+#define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
+#endif
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
 #else
-#define __Pyx_PyObject_GenericGetAttrNoDict PyObject_GenericGetAttr
+  static size_t __pyx_pyframe_localsplus_offset = 0;
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()\
+    ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
+     (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
+  #define __Pyx_PyFrame_GetLocalsplus(frame)\
+    (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
+#endif
+#endif
 #endif
 
-/* PyObject_GenericGetAttr.proto */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name);
+/* PyObjectCall.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw);
 #else
-#define __Pyx_PyObject_GenericGetAttr PyObject_GenericGetAttr
+#define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
 #endif
 
-/* SetVTable.proto */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable);
+/* PyObjectCallMethO.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
+#endif
 
-/* PyErrExceptionMatches.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
+
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
 #else
-#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
+#endif
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
+#endif
+}
+#else
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
 #endif
 
-/* PyObjectGetAttrStrNoError.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
+#else
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
+#endif
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
+#endif
+
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* PyObjectCallNoArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
+
+/* PyObjectCallOneArg.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
+
+/* PyObjectGetMethod.proto */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method);
+
+/* PyObjectCallMethod0.proto */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name);
+
+/* ValidateBasesTuple.proto */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases);
+#endif
+
+/* PyType_Ready.proto */
+CYTHON_UNUSED static int __Pyx_PyType_Ready(PyTypeObject *t);
+
+/* SetVTable.proto */
+static int __Pyx_SetVtable(PyTypeObject* typeptr , void* vtable);
+
+/* GetVTable.proto */
+static void* __Pyx_GetVtable(PyTypeObject *type);
+
+/* MergeVTables.proto */
+static int __Pyx_MergeVtables(PyTypeObject *type);
+
+/* DelItemOnTypeDict.proto */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k);
+#define __Pyx_DelItemOnTypeDict(tp, k) __Pyx__DelItemOnTypeDict((PyTypeObject*)tp, k)
 
 /* SetupReduce.proto */
 static int __Pyx_setup_reduce(PyObject* type_obj);
 
 /* TypeImport.proto */
-#ifndef __PYX_HAVE_RT_ImportType_proto
-#define __PYX_HAVE_RT_ImportType_proto
-enum __Pyx_ImportType_CheckSize {
-   __Pyx_ImportType_CheckSize_Error = 0,
-   __Pyx_ImportType_CheckSize_Warn = 1,
-   __Pyx_ImportType_CheckSize_Ignore = 2
+#ifndef __PYX_HAVE_RT_ImportType_proto_3_1_4
+#define __PYX_HAVE_RT_ImportType_proto_3_1_4
+#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+#include <stdalign.h>
+#endif
+#if (defined (__STDC_VERSION__) && __STDC_VERSION__ >= 201112L) || __cplusplus >= 201103L
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) alignof(s)
+#else
+#define __PYX_GET_STRUCT_ALIGNMENT_3_1_4(s) sizeof(void*)
+#endif
+enum __Pyx_ImportType_CheckSize_3_1_4 {
+   __Pyx_ImportType_CheckSize_Error_3_1_4 = 0,
+   __Pyx_ImportType_CheckSize_Warn_3_1_4 = 1,
+   __Pyx_ImportType_CheckSize_Ignore_3_1_4 = 2
 };
-static PyTypeObject *__Pyx_ImportType(PyObject* module, const char *module_name, const char *class_name, size_t size, enum __Pyx_ImportType_CheckSize check_size);
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject* module, const char *module_name, const char *class_name, size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size);
 #endif
 
-/* GetVTable.proto */
-static void* __Pyx_GetVtable(PyObject *dict);
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
+#else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
 
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
@@ -1231,123 +2136,230 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
-#else
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
+
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
 
-/* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
-
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
-
-static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_statvfs_11SFTPStatVFS_from_ptr(sftp_statvfs_t __pyx_v_stats, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp); /* proto*/
-
-/* Module declarations from 'libc.stddef' */
-
-/* Module declarations from 'libc.time' */
-
-/* Module declarations from 'posix.types' */
-
-/* Module declarations from 'ssh.c_ssh' */
-
-/* Module declarations from 'ssh.session' */
-static PyTypeObject *__pyx_ptype_3ssh_7session_Session = 0;
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
-/* Module declarations from 'ssh.c_sftp' */
+/* CheckBinaryVersion.proto */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
+
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
+
+static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_statvfs_11SFTPStatVFS_from_ptr(sftp_statvfs_t __pyx_v_stats, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp); /* proto*/
+
+/* Module declarations from "ssh" */
+
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'ssh.sftp' */
-static PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP = 0;
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'ssh' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.sftp_statvfs' */
-static PyTypeObject *__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = 0;
+/* Module declarations from "ssh.c_ssh" */
+
+/* Module declarations from "ssh.session" */
+
+/* Module declarations from "ssh.c_sftp" */
+
+/* Module declarations from "ssh.sftp" */
+
+/* Module declarations from "ssh.sftp_statvfs" */
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.sftp_statvfs"
 extern int __pyx_module_is_main_ssh__sftp_statvfs;
 int __pyx_module_is_main_ssh__sftp_statvfs = 0;
 
-/* Implementation of 'ssh.sftp_statvfs' */
+/* Implementation of "ssh.sftp_statvfs" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_TypeError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = "?";
+static const char __pyx_k_Q[] = "\200\001\330\004\n\210+\220Q";
+static const char __pyx_k_gc[] = "gc";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
+static const char __pyx_k_self[] = "self";
 static const char __pyx_k_test[] = "__test__";
+static const char __pyx_k_enable[] = "enable";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_reduce[] = "__reduce__";
+static const char __pyx_k_disable[] = "disable";
 static const char __pyx_k_getstate[] = "__getstate__";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_setstate[] = "__setstate__";
 static const char __pyx_k_TypeError[] = "TypeError";
+static const char __pyx_k_isenabled[] = "isenabled";
+static const char __pyx_k_pyx_state[] = "__pyx_state";
 static const char __pyx_k_reduce_ex[] = "__reduce_ex__";
 static const char __pyx_k_pyx_vtable[] = "__pyx_vtable__";
 static const char __pyx_k_SFTPStatVFS[] = "SFTPStatVFS";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
+static const char __pyx_k_stringsource[] = "<stringsource>";
 static const char __pyx_k_reduce_cython[] = "__reduce_cython__";
 static const char __pyx_k_setstate_cython[] = "__setstate_cython__";
+static const char __pyx_k_ssh_sftp_statvfs[] = "ssh.sftp_statvfs";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
+static const char __pyx_k_SFTPStatVFS___reduce_cython[] = "SFTPStatVFS.__reduce_cython__";
+static const char __pyx_k_SFTPStatVFS___setstate_cython[] = "SFTPStatVFS.__setstate_cython__";
 static const char __pyx_k_self__stats_cannot_be_converted[] = "self._stats cannot be converted to a Python object for pickling";
-static PyObject *__pyx_n_s_SFTPStatVFS;
-static PyObject *__pyx_n_s_TypeError;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_getstate;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_pyx_vtable;
-static PyObject *__pyx_n_s_reduce;
-static PyObject *__pyx_n_s_reduce_cython;
-static PyObject *__pyx_n_s_reduce_ex;
-static PyObject *__pyx_kp_s_self__stats_cannot_be_converted;
-static PyObject *__pyx_n_s_setstate;
-static PyObject *__pyx_n_s_setstate_cython;
-static PyObject *__pyx_n_s_test;
+/* #### Code section: decls ### */
 static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize___get__(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize___get__(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self); /* proto */
@@ -1364,9 +2376,176 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4sftp___get__(struct
 static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self); /* proto */
 static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state); /* proto */
 static PyObject *__pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS(PyTypeObject *t, PyObject *a, PyObject *k); /*proto*/
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_tuple__2;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  PyTypeObject *__pyx_ptype_3ssh_7session_Session;
+  PyTypeObject *__pyx_ptype_3ssh_4sftp_SFTP;
+  PyObject *__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS;
+  PyTypeObject *__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS;
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_codeobj_tab[2];
+  PyObject *__pyx_string_tab[32];
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_SFTPStatVFS __pyx_string_tab[1]
+#define __pyx_n_u_SFTPStatVFS___reduce_cython __pyx_string_tab[2]
+#define __pyx_n_u_SFTPStatVFS___setstate_cython __pyx_string_tab[3]
+#define __pyx_n_u_TypeError __pyx_string_tab[4]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[5]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[6]
+#define __pyx_kp_u_disable __pyx_string_tab[7]
+#define __pyx_kp_u_enable __pyx_string_tab[8]
+#define __pyx_n_u_func __pyx_string_tab[9]
+#define __pyx_kp_u_gc __pyx_string_tab[10]
+#define __pyx_n_u_getstate __pyx_string_tab[11]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[12]
+#define __pyx_kp_u_isenabled __pyx_string_tab[13]
+#define __pyx_n_u_main __pyx_string_tab[14]
+#define __pyx_n_u_module __pyx_string_tab[15]
+#define __pyx_n_u_name __pyx_string_tab[16]
+#define __pyx_n_u_pop __pyx_string_tab[17]
+#define __pyx_n_u_pyx_state __pyx_string_tab[18]
+#define __pyx_n_u_pyx_vtable __pyx_string_tab[19]
+#define __pyx_n_u_qualname __pyx_string_tab[20]
+#define __pyx_n_u_reduce __pyx_string_tab[21]
+#define __pyx_n_u_reduce_cython __pyx_string_tab[22]
+#define __pyx_n_u_reduce_ex __pyx_string_tab[23]
+#define __pyx_n_u_self __pyx_string_tab[24]
+#define __pyx_kp_u_self__stats_cannot_be_converted __pyx_string_tab[25]
+#define __pyx_n_u_set_name __pyx_string_tab[26]
+#define __pyx_n_u_setstate __pyx_string_tab[27]
+#define __pyx_n_u_setstate_cython __pyx_string_tab[28]
+#define __pyx_n_u_ssh_sftp_statvfs __pyx_string_tab[29]
+#define __pyx_kp_u_stringsource __pyx_string_tab[30]
+#define __pyx_n_u_test __pyx_string_tab[31]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_CLEAR(clear_module_state->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS);
+  Py_CLEAR(clear_module_state->__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS);
+  for (int i=0; i<2; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<32; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_7session_Session);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_4sftp_SFTP);
+  Py_VISIT(traverse_module_state->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS);
+  Py_VISIT(traverse_module_state->__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS);
+  for (int i=0; i<2; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<32; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/sftp_statvfs.pyx":24
  * cdef class SFTPStatVFS:
@@ -1374,13 +2553,15 @@ static PyObject *__pyx_tuple__2;
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._stats is not NULL:
  *             c_sftp.sftp_statvfs_free(self._stats)
- */
+*/
 
 /* Python wrapper */
 static void __pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_1__dealloc__(PyObject *__pyx_v_self); /*proto*/
 static void __pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_1__dealloc__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__dealloc__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1388,9 +2569,7 @@ static void __pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_1__dealloc__(PyObject *__
 }
 
 static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self) {
-  __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  __Pyx_RefNannySetupContext("__dealloc__", 0);
 
   /* "ssh/sftp_statvfs.pyx":25
  * 
@@ -1398,8 +2577,8 @@ static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_
  *         if self._stats is not NULL:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_statvfs_free(self._stats)
  *             self._stats = NULL
- */
-  __pyx_t_1 = ((__pyx_v_self->_stats != NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_self->_stats != NULL);
   if (__pyx_t_1) {
 
     /* "ssh/sftp_statvfs.pyx":26
@@ -1408,7 +2587,7 @@ static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_
  *             c_sftp.sftp_statvfs_free(self._stats)             # <<<<<<<<<<<<<<
  *             self._stats = NULL
  * 
- */
+*/
     sftp_statvfs_free(__pyx_v_self->_stats);
 
     /* "ssh/sftp_statvfs.pyx":27
@@ -1417,7 +2596,7 @@ static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_
  *             self._stats = NULL             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
     __pyx_v_self->_stats = NULL;
 
     /* "ssh/sftp_statvfs.pyx":25
@@ -1426,7 +2605,7 @@ static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_
  *         if self._stats is not NULL:             # <<<<<<<<<<<<<<
  *             c_sftp.sftp_statvfs_free(self._stats)
  *             self._stats = NULL
- */
+*/
   }
 
   /* "ssh/sftp_statvfs.pyx":24
@@ -1435,19 +2614,18 @@ static void __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS___dealloc__(struct __pyx_
  *     def __dealloc__(self):             # <<<<<<<<<<<<<<
  *         if self._stats is not NULL:
  *             c_sftp.sftp_statvfs_free(self._stats)
- */
+*/
 
   /* function exit code */
-  __Pyx_RefNannyFinishContext();
 }
 
-/* "ssh/sftp_statvfs.pyx":30
+/* "ssh/sftp_statvfs.pyx":29
+ *             self._stats = NULL
  * 
- *     @staticmethod
- *     cdef SFTPStatVFS from_ptr(c_sftp.sftp_statvfs_t stats, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPStatVFS from_ptr(c_sftp.sftp_statvfs_t stats, SFTP sftp):
  *         cdef SFTPStatVFS _vfs = SFTPStatVFS.__new__(SFTPStatVFS)
- *         _vfs._stats = stats
- */
+*/
 
 static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_statvfs_11SFTPStatVFS_from_ptr(sftp_statvfs_t __pyx_v_stats, struct __pyx_obj_3ssh_4sftp_SFTP *__pyx_v_sftp) {
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v__vfs = 0;
@@ -1465,9 +2643,9 @@ static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_sta
  *         cdef SFTPStatVFS _vfs = SFTPStatVFS.__new__(SFTPStatVFS)             # <<<<<<<<<<<<<<
  *         _vfs._stats = stats
  *         _vfs.sftp = sftp
- */
-  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS(((PyTypeObject *)__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS), __pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 31, __pyx_L1_error)
-  __Pyx_GOTREF(((PyObject *)__pyx_t_1));
+*/
+  __pyx_t_1 = ((PyObject *)__pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS(((PyTypeObject *)__pyx_mstate_global->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS), __pyx_mstate_global->__pyx_empty_tuple, NULL)); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 31, __pyx_L1_error)
+  __Pyx_GOTREF((PyObject *)__pyx_t_1);
   __pyx_v__vfs = ((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_t_1);
   __pyx_t_1 = 0;
 
@@ -1477,7 +2655,7 @@ static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_sta
  *         _vfs._stats = stats             # <<<<<<<<<<<<<<
  *         _vfs.sftp = sftp
  *         return _vfs
- */
+*/
   __pyx_v__vfs->_stats = __pyx_v_stats;
 
   /* "ssh/sftp_statvfs.pyx":33
@@ -1486,11 +2664,11 @@ static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_sta
  *         _vfs.sftp = sftp             # <<<<<<<<<<<<<<
  *         return _vfs
  * 
- */
-  __Pyx_INCREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GIVEREF(((PyObject *)__pyx_v_sftp));
-  __Pyx_GOTREF(__pyx_v__vfs->sftp);
-  __Pyx_DECREF(((PyObject *)__pyx_v__vfs->sftp));
+*/
+  __Pyx_INCREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GIVEREF((PyObject *)__pyx_v_sftp);
+  __Pyx_GOTREF((PyObject *)__pyx_v__vfs->sftp);
+  __Pyx_DECREF((PyObject *)__pyx_v__vfs->sftp);
   __pyx_v__vfs->sftp = __pyx_v_sftp;
 
   /* "ssh/sftp_statvfs.pyx":34
@@ -1499,19 +2677,19 @@ static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_sta
  *         return _vfs             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
-  __Pyx_XDECREF(((PyObject *)__pyx_r));
-  __Pyx_INCREF(((PyObject *)__pyx_v__vfs));
+*/
+  __Pyx_XDECREF((PyObject *)__pyx_r);
+  __Pyx_INCREF((PyObject *)__pyx_v__vfs);
   __pyx_r = __pyx_v__vfs;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":30
+  /* "ssh/sftp_statvfs.pyx":29
+ *             self._stats = NULL
  * 
- *     @staticmethod
- *     cdef SFTPStatVFS from_ptr(c_sftp.sftp_statvfs_t stats, SFTP sftp):             # <<<<<<<<<<<<<<
+ *     @staticmethod             # <<<<<<<<<<<<<<
+ *     cdef SFTPStatVFS from_ptr(c_sftp.sftp_statvfs_t stats, SFTP sftp):
  *         cdef SFTPStatVFS _vfs = SFTPStatVFS.__new__(SFTPStatVFS)
- *         _vfs._stats = stats
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1525,20 +2703,22 @@ static struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_f_3ssh_12sftp_sta
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":37
+/* "ssh/sftp_statvfs.pyx":36
+ *         return _vfs
  * 
- *     @property
- *     def f_bsize(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_bsize(self):
  *         return self._stats.f_bsize if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1550,7 +2730,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize___get__(str
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1562,13 +2743,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize___get__(str
  *         return self._stats.f_bsize if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_bsize); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 38, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_bsize); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 38, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -1577,18 +2759,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize___get__(str
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":37
+  /* "ssh/sftp_statvfs.pyx":36
+ *         return _vfs
  * 
- *     @property
- *     def f_bsize(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_bsize(self):
  *         return self._stats.f_bsize if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_bsize.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1597,20 +2779,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bsize___get__(str
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":41
+/* "ssh/sftp_statvfs.pyx":40
+ *         return self._stats.f_bsize if self._stats is not NULL else None
  * 
- *     @property
- *     def f_frsize(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_frsize(self):
  *         return self._stats.f_frsize if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1622,7 +2806,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize___get__(st
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1634,13 +2819,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize___get__(st
  *         return self._stats.f_frsize if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_frsize); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 42, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_frsize); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 42, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -1649,18 +2835,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize___get__(st
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":41
+  /* "ssh/sftp_statvfs.pyx":40
+ *         return self._stats.f_bsize if self._stats is not NULL else None
  * 
- *     @property
- *     def f_frsize(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_frsize(self):
  *         return self._stats.f_frsize if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_frsize.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1669,20 +2855,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_frsize___get__(st
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":45
+/* "ssh/sftp_statvfs.pyx":44
+ *         return self._stats.f_frsize if self._stats is not NULL else None
  * 
- *     @property
- *     def f_blocks(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_blocks(self):
  *         return self._stats.f_blocks if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1694,7 +2882,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks___get__(st
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1706,13 +2895,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks___get__(st
  *         return self._stats.f_blocks if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_blocks); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 46, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_blocks); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 46, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -1721,18 +2911,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks___get__(st
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":45
+  /* "ssh/sftp_statvfs.pyx":44
+ *         return self._stats.f_frsize if self._stats is not NULL else None
  * 
- *     @property
- *     def f_blocks(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_blocks(self):
  *         return self._stats.f_blocks if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_blocks.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1741,20 +2931,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_blocks___get__(st
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":49
+/* "ssh/sftp_statvfs.pyx":48
+ *         return self._stats.f_blocks if self._stats is not NULL else None
  * 
- *     @property
- *     def f_bfree(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_bfree(self):
  *         return self._stats.f_bfree if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1766,7 +2958,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree___get__(str
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1778,13 +2971,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree___get__(str
  *         return self._stats.f_bfree if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_bfree); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 50, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_bfree); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 50, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -1793,18 +2987,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree___get__(str
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":49
+  /* "ssh/sftp_statvfs.pyx":48
+ *         return self._stats.f_blocks if self._stats is not NULL else None
  * 
- *     @property
- *     def f_bfree(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_bfree(self):
  *         return self._stats.f_bfree if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_bfree.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1813,20 +3007,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_bfree___get__(str
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":53
+/* "ssh/sftp_statvfs.pyx":52
+ *         return self._stats.f_bfree if self._stats is not NULL else None
  * 
- *     @property
- *     def f_bavail(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_bavail(self):
  *         return self._stats.f_bavail if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1838,7 +3034,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail___get__(st
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1850,13 +3047,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail___get__(st
  *         return self._stats.f_bavail if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_bavail); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 54, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_bavail); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 54, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -1865,18 +3063,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail___get__(st
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":53
+  /* "ssh/sftp_statvfs.pyx":52
+ *         return self._stats.f_bfree if self._stats is not NULL else None
  * 
- *     @property
- *     def f_bavail(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_bavail(self):
  *         return self._stats.f_bavail if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_bavail.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1885,20 +3083,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_bavail___get__(st
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":57
+/* "ssh/sftp_statvfs.pyx":56
+ *         return self._stats.f_bavail if self._stats is not NULL else None
  * 
- *     @property
- *     def f_files(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_files(self):
  *         return self._stats.f_files if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1910,7 +3110,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files___get__(str
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1922,13 +3123,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files___get__(str
  *         return self._stats.f_files if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_files); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 58, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_files); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 58, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -1937,18 +3139,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files___get__(str
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":57
+  /* "ssh/sftp_statvfs.pyx":56
+ *         return self._stats.f_bavail if self._stats is not NULL else None
  * 
- *     @property
- *     def f_files(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_files(self):
  *         return self._stats.f_files if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_files.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -1957,20 +3159,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_files___get__(str
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":61
+/* "ssh/sftp_statvfs.pyx":60
+ *         return self._stats.f_files if self._stats is not NULL else None
  * 
- *     @property
- *     def f_ffree(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_ffree(self):
  *         return self._stats.f_ffree if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -1982,7 +3186,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree___get__(str
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1994,13 +3199,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree___get__(str
  *         return self._stats.f_ffree if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_ffree); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 62, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_ffree); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 62, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2009,18 +3215,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree___get__(str
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":61
+  /* "ssh/sftp_statvfs.pyx":60
+ *         return self._stats.f_files if self._stats is not NULL else None
  * 
- *     @property
- *     def f_ffree(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_ffree(self):
  *         return self._stats.f_ffree if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_ffree.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2029,20 +3235,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_7f_ffree___get__(str
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":65
+/* "ssh/sftp_statvfs.pyx":64
+ *         return self._stats.f_ffree if self._stats is not NULL else None
  * 
- *     @property
- *     def f_favail(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_favail(self):
  *         return self._stats.f_favail if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -2054,7 +3262,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail___get__(st
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2066,13 +3275,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail___get__(st
  *         return self._stats.f_favail if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_favail); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 66, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_favail); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 66, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2081,18 +3291,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail___get__(st
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":65
+  /* "ssh/sftp_statvfs.pyx":64
+ *         return self._stats.f_ffree if self._stats is not NULL else None
  * 
- *     @property
- *     def f_favail(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_favail(self):
  *         return self._stats.f_favail if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_favail.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2101,20 +3311,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_8f_favail___get__(st
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":69
+/* "ssh/sftp_statvfs.pyx":68
+ *         return self._stats.f_favail if self._stats is not NULL else None
  * 
- *     @property
- *     def f_fsid(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_fsid(self):
  *         return self._stats.f_fsid if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -2126,7 +3338,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid___get__(stru
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2138,13 +3351,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid___get__(stru
  *         return self._stats.f_fsid if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_fsid); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 70, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_fsid); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 70, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2153,18 +3367,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid___get__(stru
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":69
+  /* "ssh/sftp_statvfs.pyx":68
+ *         return self._stats.f_favail if self._stats is not NULL else None
  * 
- *     @property
- *     def f_fsid(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_fsid(self):
  *         return self._stats.f_fsid if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_fsid.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2173,20 +3387,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_fsid___get__(stru
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":73
+/* "ssh/sftp_statvfs.pyx":72
+ *         return self._stats.f_fsid if self._stats is not NULL else None
  * 
- *     @property
- *     def f_flag(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_flag(self):
  *         return self._stats.f_flag if self._stats is not NULL else None
- * 
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -2198,7 +3414,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag___get__(stru
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2210,13 +3427,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag___get__(stru
  *         return self._stats.f_flag if self._stats is not NULL else None             # <<<<<<<<<<<<<<
  * 
  *     @property
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_flag); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 74, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_flag); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 74, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2225,18 +3443,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag___get__(stru
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":73
+  /* "ssh/sftp_statvfs.pyx":72
+ *         return self._stats.f_fsid if self._stats is not NULL else None
  * 
- *     @property
- *     def f_flag(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_flag(self):
  *         return self._stats.f_flag if self._stats is not NULL else None
- * 
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_flag.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2245,19 +3463,22 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_6f_flag___get__(stru
   return __pyx_r;
 }
 
-/* "ssh/sftp_statvfs.pyx":77
+/* "ssh/sftp_statvfs.pyx":76
+ *         return self._stats.f_flag if self._stats is not NULL else None
  * 
- *     @property
- *     def f_namemax(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_namemax(self):
  *         return self._stats.f_namemax if self._stats is not NULL else None
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -2269,7 +3490,8 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax___get__(s
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
-  PyObject *__pyx_t_2 = NULL;
+  int __pyx_t_2;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2279,13 +3501,14 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax___get__(s
  *     @property
  *     def f_namemax(self):
  *         return self._stats.f_namemax if self._stats is not NULL else None             # <<<<<<<<<<<<<<
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (((__pyx_v_self->_stats != NULL) != 0)) {
-    __pyx_t_2 = __Pyx_PyInt_From_uint64_t(__pyx_v_self->_stats->f_namemax); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 78, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_1 = __pyx_t_2;
-    __pyx_t_2 = 0;
+  __pyx_t_2 = (__pyx_v_self->_stats != NULL);
+  if (__pyx_t_2) {
+    __pyx_t_3 = __Pyx_PyLong_From_uint64_t(__pyx_v_self->_stats->f_namemax); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 78, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
+    __pyx_t_1 = __pyx_t_3;
+    __pyx_t_3 = 0;
   } else {
     __Pyx_INCREF(Py_None);
     __pyx_t_1 = Py_None;
@@ -2294,17 +3517,18 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax___get__(s
   __pyx_t_1 = 0;
   goto __pyx_L0;
 
-  /* "ssh/sftp_statvfs.pyx":77
+  /* "ssh/sftp_statvfs.pyx":76
+ *         return self._stats.f_flag if self._stats is not NULL else None
  * 
- *     @property
- *     def f_namemax(self):             # <<<<<<<<<<<<<<
+ *     @property             # <<<<<<<<<<<<<<
+ *     def f_namemax(self):
  *         return self._stats.f_namemax if self._stats is not NULL else None
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
-  __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.f_namemax.__get__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __pyx_L0:;
@@ -2319,14 +3543,16 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_9f_namemax___get__(s
  *     cdef readonly SFTP sftp             # <<<<<<<<<<<<<<
  * 
  *     @staticmethod
- */
+*/
 
 /* Python wrapper */
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_4sftp_1__get__(PyObject *__pyx_v_self); /*proto*/
 static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_4sftp_1__get__(PyObject *__pyx_v_self) {
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__ (wrapper)", 0);
+  __pyx_kwvalues = __Pyx_KwValues_VARARGS(__pyx_args, __pyx_nargs);
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4sftp___get__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -2339,7 +3565,7 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4sftp___get__(struct
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__get__", 0);
   __Pyx_XDECREF(__pyx_r);
-  __Pyx_INCREF(((PyObject *)__pyx_v_self->sftp));
+  __Pyx_INCREF((PyObject *)__pyx_v_self->sftp);
   __pyx_r = ((PyObject *)__pyx_v_self->sftp);
   goto __pyx_L0;
 
@@ -2352,17 +3578,46 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4sftp___get__(struct
 
 /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused); /*proto*/
-static char __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__[] = "SFTPStatVFS.__reduce_cython__(self)";
-static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__(PyObject *__pyx_v_self, CYTHON_UNUSED PyObject *unused) {
+static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__, "SFTPStatVFS.__reduce_cython__(self)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__ = {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__};
+static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("__reduce_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  if (unlikely(__pyx_nargs > 0)) { __Pyx_RaiseArgtupleInvalid("__reduce_cython__", 1, 0, 0, __pyx_nargs); return NULL; }
+  const Py_ssize_t __pyx_kwds_len = unlikely(__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+  if (unlikely(__pyx_kwds_len < 0)) return NULL;
+  if (unlikely(__pyx_kwds_len > 0)) {__Pyx_RejectKeywords("__reduce_cython__", __pyx_kwds); return NULL;}
   __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self));
 
   /* function exit code */
@@ -2373,7 +3628,6 @@ static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__(P
 static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2381,25 +3635,21 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__(C
 
   /* "(tree fragment)":2
  * def __reduce_cython__(self):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple_, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 2, __pyx_L1_error)
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__stats_cannot_be_converted, 0, 0);
+  __PYX_ERR(1, 2, __pyx_L1_error)
 
   /* "(tree fragment)":1
  * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.__reduce_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
@@ -2409,72 +3659,145 @@ static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__(C
 
 /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state); /*proto*/
-static char __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__[] = "SFTPStatVFS.__setstate_cython__(self, __pyx_state)";
-static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__(PyObject *__pyx_v_self, PyObject *__pyx_v___pyx_state) {
-  PyObject *__pyx_r = 0;
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
-  __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self), ((PyObject *)__pyx_v___pyx_state));
-
-  /* function exit code */
-  __Pyx_RefNannyFinishContext();
+static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__, "SFTPStatVFS.__setstate_cython__(self, __pyx_state)");
+static PyMethodDef __pyx_mdef_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__ = {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__};
+static PyObject *__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__(PyObject *__pyx_v_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
+  CYTHON_UNUSED PyObject *__pyx_v___pyx_state = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[1] = {0};
+  int __pyx_lineno = 0;
+  const char *__pyx_filename = NULL;
+  int __pyx_clineno = 0;
+  PyObject *__pyx_r = 0;
+  __Pyx_RefNannyDeclarations
+  __Pyx_RefNannySetupContext("__setstate_cython__ (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
+  {
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_pyx_state,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+        CYTHON_FALLTHROUGH;
+        case  0: break;
+        default: goto __pyx_L5_argtuple_error;
+      }
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "__setstate_cython__", 0) < 0) __PYX_ERR(1, 3, __pyx_L3_error)
+      for (Py_ssize_t i = __pyx_nargs; i < 1; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, i); __PYX_ERR(1, 3, __pyx_L3_error) }
+      }
+    } else if (unlikely(__pyx_nargs != 1)) {
+      goto __pyx_L5_argtuple_error;
+    } else {
+      values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+      if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(1, 3, __pyx_L3_error)
+    }
+    __pyx_v___pyx_state = values[0];
+  }
+  goto __pyx_L6_skip;
+  __pyx_L5_argtuple_error:;
+  __Pyx_RaiseArgtupleInvalid("__setstate_cython__", 1, 1, 1, __pyx_nargs); __PYX_ERR(1, 3, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
+  __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
+  __Pyx_RefNannyFinishContext();
+  return NULL;
+  __pyx_L4_argument_unpacking_done:;
+  __pyx_r = __pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__(((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)__pyx_v_self), __pyx_v___pyx_state);
+
+  /* function exit code */
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
 
 static PyObject *__pyx_pf_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__(CYTHON_UNUSED struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *__pyx_v_self, CYTHON_UNUSED PyObject *__pyx_v___pyx_state) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   __Pyx_RefNannySetupContext("__setstate_cython__", 0);
 
   /* "(tree fragment)":4
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_t_1 = __Pyx_PyObject_Call(__pyx_builtin_TypeError, __pyx_tuple__2, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_Raise(__pyx_t_1, 0, 0, 0);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __PYX_ERR(0, 4, __pyx_L1_error)
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"             # <<<<<<<<<<<<<<
+*/
+  __Pyx_Raise(__pyx_builtin_TypeError, __pyx_mstate_global->__pyx_kp_u_self__stats_cannot_be_converted, 0, 0);
+  __PYX_ERR(1, 4, __pyx_L1_error)
 
   /* "(tree fragment)":3
  * def __reduce_cython__(self):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
  * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
- */
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
+*/
 
   /* function exit code */
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_AddTraceback("ssh.sftp_statvfs.SFTPStatVFS.__setstate_cython__", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
   __Pyx_XGIVEREF(__pyx_r);
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 static struct __pyx_vtabstruct_3ssh_12sftp_statvfs_SFTPStatVFS __pyx_vtable_3ssh_12sftp_statvfs_SFTPStatVFS;
 
 static PyObject *__pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS(PyTypeObject *t, CYTHON_UNUSED PyObject *a, CYTHON_UNUSED PyObject *k) {
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *p;
   PyObject *o;
-  if (likely((t->tp_flags & Py_TPFLAGS_IS_ABSTRACT) == 0)) {
+  #if CYTHON_COMPILING_IN_LIMITED_API
+  allocfunc alloc_func = (allocfunc)PyType_GetSlot(t, Py_tp_alloc);
+  o = alloc_func(t, 0);
+  #else
+  if (likely(!__Pyx_PyType_HasFeature(t, Py_TPFLAGS_IS_ABSTRACT))) {
     o = (*t->tp_alloc)(t, 0);
   } else {
-    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_empty_tuple, 0);
+    o = (PyObject *) PyBaseObject_Type.tp_new(t, __pyx_mstate_global->__pyx_empty_tuple, 0);
   }
   if (unlikely(!o)) return 0;
+  #endif
   p = ((struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)o);
   p->__pyx_vtab = __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS;
   p->sftp = ((struct __pyx_obj_3ssh_4sftp_SFTP *)Py_None); Py_INCREF(Py_None);
@@ -2484,8 +3807,10 @@ static PyObject *__pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS(PyTypeObject *t, C
 static void __pyx_tp_dealloc_3ssh_12sftp_statvfs_SFTPStatVFS(PyObject *o) {
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *p = (struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)o;
   #if CYTHON_USE_TP_FINALIZE
-  if (unlikely(PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE) && Py_TYPE(o)->tp_finalize) && !_PyGC_FINALIZED(o)) {
-    if (PyObject_CallFinalizerFromDealloc(o)) return;
+  if (unlikely((PY_VERSION_HEX >= 0x03080000 || __Pyx_PyType_HasFeature(Py_TYPE(o), Py_TPFLAGS_HAVE_FINALIZE)) && __Pyx_PyObject_GetSlot(o, tp_finalize, destructor)) && !__Pyx_PyObject_GC_IsFinalized(o)) {
+    if (__Pyx_PyObject_GetSlot(o, tp_dealloc, destructor) == __pyx_tp_dealloc_3ssh_12sftp_statvfs_SFTPStatVFS) {
+      if (PyObject_CallFinalizerFromDealloc(o)) return;
+    }
   }
   #endif
   PyObject_GC_UnTrack(o);
@@ -2498,12 +3823,23 @@ static void __pyx_tp_dealloc_3ssh_12sftp_statvfs_SFTPStatVFS(PyObject *o) {
     PyErr_Restore(etype, eval, etb);
   }
   Py_CLEAR(p->sftp);
+  #if CYTHON_USE_TYPE_SLOTS
   (*Py_TYPE(o)->tp_free)(o);
+  #else
+  {
+    freefunc tp_free = (freefunc)PyType_GetSlot(Py_TYPE(o), Py_tp_free);
+    if (tp_free) tp_free(o);
+  }
+  #endif
 }
 
 static int __pyx_tp_traverse_3ssh_12sftp_statvfs_SFTPStatVFS(PyObject *o, visitproc v, void *a) {
   int e;
   struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *p = (struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *)o;
+  {
+    e = __Pyx_call_type_traverse(o, 1, v, a);
+    if (e) return e;
+  }
   if (p->sftp) {
     e = (*v)(((PyObject *)p->sftp), a); if (e) return e;
   }
@@ -2568,30 +3904,48 @@ static PyObject *__pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_sftp(PyObject *
 }
 
 static PyMethodDef __pyx_methods_3ssh_12sftp_statvfs_SFTPStatVFS[] = {
-  {"__reduce_cython__", (PyCFunction)__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__, METH_NOARGS, __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__},
-  {"__setstate_cython__", (PyCFunction)__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__, METH_O, __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__},
+  {"__reduce_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_2__reduce_cython__},
+  {"__setstate_cython__", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_12sftp_statvfs_11SFTPStatVFS_4__setstate_cython__},
   {0, 0, 0, 0}
 };
 
 static struct PyGetSetDef __pyx_getsets_3ssh_12sftp_statvfs_SFTPStatVFS[] = {
-  {(char *)"f_bsize", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_bsize, 0, (char *)0, 0},
-  {(char *)"f_frsize", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_frsize, 0, (char *)0, 0},
-  {(char *)"f_blocks", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_blocks, 0, (char *)0, 0},
-  {(char *)"f_bfree", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_bfree, 0, (char *)0, 0},
-  {(char *)"f_bavail", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_bavail, 0, (char *)0, 0},
-  {(char *)"f_files", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_files, 0, (char *)0, 0},
-  {(char *)"f_ffree", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_ffree, 0, (char *)0, 0},
-  {(char *)"f_favail", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_favail, 0, (char *)0, 0},
-  {(char *)"f_fsid", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_fsid, 0, (char *)0, 0},
-  {(char *)"f_flag", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_flag, 0, (char *)0, 0},
-  {(char *)"f_namemax", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_namemax, 0, (char *)0, 0},
-  {(char *)"sftp", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_sftp, 0, (char *)0, 0},
+  {"f_bsize", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_bsize, 0, 0, 0},
+  {"f_frsize", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_frsize, 0, 0, 0},
+  {"f_blocks", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_blocks, 0, 0, 0},
+  {"f_bfree", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_bfree, 0, 0, 0},
+  {"f_bavail", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_bavail, 0, 0, 0},
+  {"f_files", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_files, 0, 0, 0},
+  {"f_ffree", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_ffree, 0, 0, 0},
+  {"f_favail", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_favail, 0, 0, 0},
+  {"f_fsid", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_fsid, 0, 0, 0},
+  {"f_flag", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_flag, 0, 0, 0},
+  {"f_namemax", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_f_namemax, 0, 0, 0},
+  {"sftp", __pyx_getprop_3ssh_12sftp_statvfs_11SFTPStatVFS_sftp, 0, 0, 0},
   {0, 0, 0, 0, 0}
 };
+#if CYTHON_USE_TYPE_SPECS
+static PyType_Slot __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS_slots[] = {
+  {Py_tp_dealloc, (void *)__pyx_tp_dealloc_3ssh_12sftp_statvfs_SFTPStatVFS},
+  {Py_tp_traverse, (void *)__pyx_tp_traverse_3ssh_12sftp_statvfs_SFTPStatVFS},
+  {Py_tp_clear, (void *)__pyx_tp_clear_3ssh_12sftp_statvfs_SFTPStatVFS},
+  {Py_tp_methods, (void *)__pyx_methods_3ssh_12sftp_statvfs_SFTPStatVFS},
+  {Py_tp_getset, (void *)__pyx_getsets_3ssh_12sftp_statvfs_SFTPStatVFS},
+  {Py_tp_new, (void *)__pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS},
+  {0, 0},
+};
+static PyType_Spec __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS_spec = {
+  "ssh.sftp_statvfs.SFTPStatVFS",
+  sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS),
+  0,
+  Py_TPFLAGS_DEFAULT|Py_TPFLAGS_HAVE_VERSION_TAG|Py_TPFLAGS_CHECKTYPES|Py_TPFLAGS_HAVE_NEWBUFFER|Py_TPFLAGS_BASETYPE|Py_TPFLAGS_HAVE_GC,
+  __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS_slots,
+};
+#else
 
 static PyTypeObject __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS = {
   PyVarObject_HEAD_INIT(0, 0)
-  "ssh.sftp_statvfs.SFTPStatVFS", /*tp_name*/
+  "ssh.sftp_statvfs.""SFTPStatVFS", /*tp_name*/
   sizeof(struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS), /*tp_basicsize*/
   0, /*tp_itemsize*/
   __pyx_tp_dealloc_3ssh_12sftp_statvfs_SFTPStatVFS, /*tp_dealloc*/
@@ -2603,12 +3957,7 @@ static PyTypeObject __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS = {
   #endif
   0, /*tp_getattr*/
   0, /*tp_setattr*/
-  #if PY_MAJOR_VERSION < 3
-  0, /*tp_compare*/
-  #endif
-  #if PY_MAJOR_VERSION >= 3
   0, /*tp_as_async*/
-  #endif
   0, /*tp_repr*/
   0, /*tp_as_number*/
   0, /*tp_as_sequence*/
@@ -2634,7 +3983,9 @@ static PyTypeObject __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS = {
   0, /*tp_dict*/
   0, /*tp_descr_get*/
   0, /*tp_descr_set*/
+  #if !CYTHON_USE_TYPE_SPECS
   0, /*tp_dictoffset*/
+  #endif
   0, /*tp_init*/
   0, /*tp_alloc*/
   __pyx_tp_new_3ssh_12sftp_statvfs_SFTPStatVFS, /*tp_new*/
@@ -2647,159 +3998,77 @@ static PyTypeObject __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS = {
   0, /*tp_weaklist*/
   0, /*tp_del*/
   0, /*tp_version_tag*/
-  #if PY_VERSION_HEX >= 0x030400a1
+  #if CYTHON_USE_TP_FINALIZE
   0, /*tp_finalize*/
+  #else
+  NULL, /*tp_finalize*/
   #endif
   #if PY_VERSION_HEX >= 0x030800b1 && (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07030800)
   0, /*tp_vectorcall*/
   #endif
-  #if PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000
+  #if __PYX_NEED_TP_PRINT_SLOT == 1
   0, /*tp_print*/
   #endif
-  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000
-  0, /*tp_pypy_flags*/
+  #if PY_VERSION_HEX >= 0x030C0000
+  0, /*tp_watched*/
   #endif
-};
-
-static PyMethodDef __pyx_methods[] = {
-  {0, 0, 0, 0}
-};
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_sftp_statvfs(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp_statvfs},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "sftp_statvfs",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
+  #if PY_VERSION_HEX >= 0x030d00A4
+  0, /*tp_versions_used*/
   #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
+  #if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX >= 0x03090000 && PY_VERSION_HEX < 0x030a0000
+  0, /*tp_pypy_flags*/
   #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
 };
 #endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
 
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_SFTPStatVFS, __pyx_k_SFTPStatVFS, sizeof(__pyx_k_SFTPStatVFS), 0, 0, 1, 1},
-  {&__pyx_n_s_TypeError, __pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_getstate, __pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_pyx_vtable, __pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce, __pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_cython, __pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_reduce_ex, __pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 0, 1, 1},
-  {&__pyx_kp_s_self__stats_cannot_be_converted, __pyx_k_self__stats_cannot_be_converted, sizeof(__pyx_k_self__stats_cannot_be_converted), 0, 0, 1, 0},
-  {&__pyx_n_s_setstate, __pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 0, 1, 1},
-  {&__pyx_n_s_setstate_cython, __pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 0, 1, 1},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
+static PyMethodDef __pyx_methods[] = {
+  {0, 0, 0, 0}
 };
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_n_s_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(0, 2, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "(tree fragment)":2
- * def __reduce_cython__(self):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
- */
-  __pyx_tuple_ = PyTuple_Pack(1, __pyx_kp_s_self__stats_cannot_be_converted); if (unlikely(!__pyx_tuple_)) __PYX_ERR(0, 2, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-
-  /* "(tree fragment)":4
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")
- * def __setstate_cython__(self, __pyx_state):
- *     raise TypeError("self._stats cannot be converted to a Python object for pickling")             # <<<<<<<<<<<<<<
- */
-  __pyx_tuple__2 = PyTuple_Pack(1, __pyx_kp_s_self__stats_cannot_be_converted); if (unlikely(!__pyx_tuple__2)) __PYX_ERR(0, 4, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple__2);
-  __Pyx_GIVEREF(__pyx_tuple__2);
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(1, 1, __pyx_L1_error);
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_export_code", 0);
   /*--- Function export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2807,17 +4076,26 @@ static int __Pyx_modinit_type_init_code(void) {
   /*--- Type init code ---*/
   __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS = &__pyx_vtable_3ssh_12sftp_statvfs_SFTPStatVFS;
   __pyx_vtable_3ssh_12sftp_statvfs_SFTPStatVFS.from_ptr = (struct __pyx_obj_3ssh_12sftp_statvfs_SFTPStatVFS *(*)(sftp_statvfs_t, struct __pyx_obj_3ssh_4sftp_SFTP *))__pyx_f_3ssh_12sftp_statvfs_11SFTPStatVFS_from_ptr;
-  if (PyType_Ready(&__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(1, 22, __pyx_L1_error)
-  #if PY_VERSION_HEX < 0x030800B1
-  __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS.tp_print = 0;
+  #if CYTHON_USE_TYPE_SPECS
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = (PyTypeObject *) __Pyx_PyType_FromModuleAndSpec(__pyx_m, &__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS_spec, NULL); if (unlikely(!__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS)) __PYX_ERR(0, 22, __pyx_L1_error)
+  if (__Pyx_fix_up_extension_type_from_spec(&__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS_spec, __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  #else
+  __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = &__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS;
   #endif
-  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS.tp_dictoffset && __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS.tp_getattro == PyObject_GenericGetAttr)) {
-    __pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS.tp_getattro = __Pyx_PyObject_GenericGetAttr;
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  #endif
+  #if !CYTHON_USE_TYPE_SPECS
+  if (__Pyx_PyType_Ready(__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  #endif
+  #if !CYTHON_COMPILING_IN_LIMITED_API
+  if ((CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP) && likely(!__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS->tp_dictoffset && __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS->tp_getattro == PyObject_GenericGetAttr)) {
+    __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS->tp_getattro = PyObject_GenericGetAttr;
   }
-  if (__Pyx_SetVtable(__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS.tp_dict, __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(1, 22, __pyx_L1_error)
-  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_SFTPStatVFS, (PyObject *)&__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(1, 22, __pyx_L1_error)
-  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(1, 22, __pyx_L1_error)
-  __pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS = &__pyx_type_3ssh_12sftp_statvfs_SFTPStatVFS;
+  #endif
+  if (__Pyx_SetVtable(__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS, __pyx_vtabptr_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  if (__Pyx_MergeVtables(__pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_SFTPStatVFS, (PyObject *) __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
+  if (__Pyx_setup_reduce((PyObject *) __pyx_mstate->__pyx_ptype_3ssh_12sftp_statvfs_SFTPStatVFS) < 0) __PYX_ERR(0, 22, __pyx_L1_error)
   __Pyx_RefNannyFinishContext();
   return 0;
   __pyx_L1_error:;
@@ -2825,8 +4103,9 @@ static int __Pyx_modinit_type_init_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   PyObject *__pyx_t_1 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
@@ -2835,14 +4114,28 @@ static int __Pyx_modinit_type_import_code(void) {
   /*--- Type import code ---*/
   __pyx_t_1 = PyImport_ImportModule("ssh.session"); if (unlikely(!__pyx_t_1)) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_7session_Session = __Pyx_ImportType(__pyx_t_1, "ssh.session", "Session", sizeof(struct __pyx_obj_3ssh_7session_Session), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_7session_Session = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.session", "Session",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #else
+  sizeof(struct __pyx_obj_3ssh_7session_Session), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_7session_Session),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_7session_Session) __PYX_ERR(2, 19, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_t_1 = PyImport_ImportModule("ssh.sftp"); if (unlikely(!__pyx_t_1)) __PYX_ERR(3, 22, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_1);
-  __pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType(__pyx_t_1, "ssh.sftp", "SFTP", sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __Pyx_ImportType_CheckSize_Warn);
-   if (!__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(3, 22, __pyx_L1_error)
-  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_ptype_3ssh_4sftp_SFTP->tp_dict); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP = __Pyx_ImportType_3_1_4(__pyx_t_1, "ssh.sftp", "SFTP",
+  #if defined(PYPY_VERSION_NUM) && PYPY_VERSION_NUM < 0x050B0000
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #elif CYTHON_COMPILING_IN_LIMITED_API
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #else
+  sizeof(struct __pyx_obj_3ssh_4sftp_SFTP), __PYX_GET_STRUCT_ALIGNMENT_3_1_4(struct __pyx_obj_3ssh_4sftp_SFTP),
+  #endif
+  __Pyx_ImportType_CheckSize_Warn_3_1_4); if (!__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP) __PYX_ERR(3, 22, __pyx_L1_error)
+  __pyx_vtabptr_3ssh_4sftp_SFTP = (struct __pyx_vtabstruct_3ssh_4sftp_SFTP*)__Pyx_GetVtable(__pyx_mstate->__pyx_ptype_3ssh_4sftp_SFTP); if (unlikely(!__pyx_vtabptr_3ssh_4sftp_SFTP)) __PYX_ERR(3, 22, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __Pyx_RefNannyFinishContext();
   return 0;
@@ -2852,66 +4145,139 @@ static int __Pyx_modinit_type_import_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_sftp_statvfs(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_sftp_statvfs},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "sftp_statvfs",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initsftp_statvfs(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initsftp_statvfs(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_sftp_statvfs(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_sftp_statvfs(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -2919,7 +4285,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -2934,10 +4302,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -2960,9 +4331,14 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp_statvfs(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
+  PyObject *__pyx_t_2 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2973,9 +4349,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_sftp_statvfs(PyObject *__pyx_pyini
     PyErr_SetString(PyExc_RuntimeError, "Module 'sftp_statvfs' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "sftp_statvfs" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -2985,109 +4389,113 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_sftp_statvfs(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_sftp_statvfs", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
   #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("sftp_statvfs", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(1, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(1, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__sftp_statvfs) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
-    PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(1, 1, __pyx_L1_error)
+    PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.sftp_statvfs")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.sftp_statvfs", __pyx_m) < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.sftp_statvfs", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  (void)__Pyx_modinit_function_export_code();
-  if (unlikely(__Pyx_modinit_type_init_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
-  if (unlikely(__Pyx_modinit_type_import_code() < 0)) __PYX_ERR(1, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_variable_import_code();
-  (void)__Pyx_modinit_function_import_code();
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_type_init_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (unlikely((__Pyx_modinit_type_import_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_import_code(__pyx_mstate);
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  #endif
+
+  /* "(tree fragment)":1
+ * def __reduce_cython__(self):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_statvfs_11SFTPStatVFS_3__reduce_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPStatVFS___reduce_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_statvfs, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_reduce_cython, __pyx_t_2) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+
+  /* "(tree fragment)":3
+ * def __reduce_cython__(self):
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
+ * def __setstate_cython__(self, __pyx_state):             # <<<<<<<<<<<<<<
+ *     raise TypeError, "self._stats cannot be converted to a Python object for pickling"
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_12sftp_statvfs_11SFTPStatVFS_5__setstate_cython__, __Pyx_CYFUNCTION_CCLASS, __pyx_mstate_global->__pyx_n_u_SFTPStatVFS___setstate_cython, NULL, __pyx_mstate_global->__pyx_n_u_ssh_sftp_statvfs, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[1])); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_setstate_cython, __pyx_t_2) < 0) __PYX_ERR(1, 3, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/sftp_statvfs.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(1, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
+  __Pyx_XDECREF(__pyx_t_2);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.sftp_statvfs", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.sftp_statvfs");
   }
@@ -3095,75 +4503,242 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
 
-/* --- Runtime support code --- */
-/* Refnanny */
-#if CYTHON_REFNANNY
-static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
-    PyObject *m = NULL, *p = NULL;
-    void *r = NULL;
-    m = PyImport_ImportModule(modname);
-    if (!m) goto end;
-    p = PyObject_GetAttrString(m, "RefNannyAPI");
-    if (!p) goto end;
-    r = PyLong_AsVoidPtr(p);
-end:
-    Py_XDECREF(p);
-    Py_XDECREF(m);
-    return (__Pyx_RefNannyAPIStruct *)r;
+typedef struct {
+    const char *s;
+#if 63 <= 65535
+    const unsigned short n;
+#elif 63 / 2 < INT_MAX
+    const unsigned int n;
+#elif 63 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_SFTPStatVFS, sizeof(__pyx_k_SFTPStatVFS), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPStatVFS */
+  {__pyx_k_SFTPStatVFS___reduce_cython, sizeof(__pyx_k_SFTPStatVFS___reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPStatVFS___reduce_cython */
+  {__pyx_k_SFTPStatVFS___setstate_cython, sizeof(__pyx_k_SFTPStatVFS___setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SFTPStatVFS___setstate_cython */
+  {__pyx_k_TypeError, sizeof(__pyx_k_TypeError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_TypeError */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_disable, sizeof(__pyx_k_disable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_disable */
+  {__pyx_k_enable, sizeof(__pyx_k_enable), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_enable */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_gc, sizeof(__pyx_k_gc), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_gc */
+  {__pyx_k_getstate, sizeof(__pyx_k_getstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_getstate */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_isenabled, sizeof(__pyx_k_isenabled), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_isenabled */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_pyx_state, sizeof(__pyx_k_pyx_state), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_state */
+  {__pyx_k_pyx_vtable, sizeof(__pyx_k_pyx_vtable), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pyx_vtable */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_reduce, sizeof(__pyx_k_reduce), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce */
+  {__pyx_k_reduce_cython, sizeof(__pyx_k_reduce_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_cython */
+  {__pyx_k_reduce_ex, sizeof(__pyx_k_reduce_ex), 0, 1, 1}, /* PyObject cname: __pyx_n_u_reduce_ex */
+  {__pyx_k_self, sizeof(__pyx_k_self), 0, 1, 1}, /* PyObject cname: __pyx_n_u_self */
+  {__pyx_k_self__stats_cannot_be_converted, sizeof(__pyx_k_self__stats_cannot_be_converted), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_self__stats_cannot_be_converted */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_setstate, sizeof(__pyx_k_setstate), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate */
+  {__pyx_k_setstate_cython, sizeof(__pyx_k_setstate_cython), 0, 1, 1}, /* PyObject cname: __pyx_n_u_setstate_cython */
+  {__pyx_k_ssh_sftp_statvfs, sizeof(__pyx_k_ssh_sftp_statvfs), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_sftp_statvfs */
+  {__pyx_k_stringsource, sizeof(__pyx_k_stringsource), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_stringsource */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_TypeError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_TypeError); if (!__pyx_builtin_TypeError) __PYX_ERR(1, 2, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
 }
-#endif
+/* #### Code section: cached_constants ### */
 
-/* PyObjectGetAttrStr */
-#if CYTHON_USE_TYPE_SLOTS
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro))
-        return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
-    return PyObject_GetAttr(obj, attr_name);
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+  __Pyx_RefNannyFinishContext();
+  return 0;
 }
-#endif
+/* #### Code section: init_constants ### */
 
-/* GetBuiltinName */
-static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
-        PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
-            "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 2;
+            unsigned int flags : 10;
+            unsigned int first_line : 2;
+            unsigned int line_table_length : 8;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {1, 0, 0, 1, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 1, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_reduce_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  {
+    const __Pyx_PyCode_New_function_description descr = {2, 0, 0, 2, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 3, 9};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_self, __pyx_mstate->__pyx_n_u_pyx_state};
+    __pyx_mstate_global->__pyx_codeobj_tab[1] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_stringsource, __pyx_mstate->__pyx_n_u_setstate_cython, __pyx_k_Q, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[1])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
     }
-    return result;
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
 }
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
 
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
+
+
+/* #### Code section: utility_code_def ### */
+
+/* --- Runtime support code --- */
+/* Refnanny */
+#if CYTHON_REFNANNY
+static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
+    PyObject *m = NULL, *p = NULL;
+    void *r = NULL;
+    m = PyImport_ImportModule(modname);
+    if (!m) goto end;
+    p = PyObject_GetAttrString(m, "RefNannyAPI");
+    if (!p) goto end;
+    r = PyLong_AsVoidPtr(p);
+end:
+    Py_XDECREF(p);
+    Py_XDECREF(m);
+    return (__Pyx_RefNannyAPIStruct *)r;
+}
+#endif
+
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
     }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
     return result;
 }
 #endif
@@ -3171,6 +4746,21 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 /* PyErrFetchRestore */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     tmp_type = tstate->curexc_type;
     tmp_value = tstate->curexc_value;
@@ -3181,70 +4771,373 @@ static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObjec
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+#endif
 }
 static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
     *type = tstate->curexc_type;
     *value = tstate->curexc_value;
     *tb = tstate->curexc_traceback;
     tstate->curexc_type = 0;
     tstate->curexc_value = 0;
     tstate->curexc_traceback = 0;
+#endif
 }
 #endif
 
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
+/* PyObjectGetAttrStr */
+#if CYTHON_USE_TYPE_SLOTS
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro))
+        return tp->tp_getattro(obj, attr_name);
+    return PyObject_GetAttr(obj, attr_name);
+}
+#endif
+
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
     __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
+/* GetBuiltinName */
+static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
+        PyErr_Format(PyExc_NameError,
+            "name '%U' is not defined", name);
+    }
+    return result;
+}
+
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
         }
+        Py_INCREF(src[i]);
+    }
+    return res;
+}
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
+{
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
 #endif
-        PyErr_NormalizeException(&type, &value, &tb);
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
     } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
         }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
 }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
 #else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RejectKeywords */
+static void __Pyx_RejectKeywords(const char* function_name, PyObject *kwds) {
+    PyObject *key = NULL;
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds))) {
+        key = __Pyx_PySequence_ITEM(kwds, 0);
+    } else {
+        Py_ssize_t pos = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+        if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return;
+#endif
+        PyDict_Next(kwds, &pos, &key, NULL);
+        Py_INCREF(key);
+    }
+    if (likely(key)) {
+        PyErr_Format(PyExc_TypeError,
+            "%s() got an unexpected keyword argument '%U'",
+            function_name, key);
+        Py_DECREF(key);
+    }
+}
+
+/* RaiseException */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
     PyObject* owned_instance = NULL;
     if (tb == Py_None) {
@@ -3329,13 +5222,9 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
     }
     PyErr_SetObject(type, value);
     if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
-#else
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
         PyThreadState *tstate = __Pyx_PyThreadState_Current;
         PyObject* tmp_tb = tstate->curexc_traceback;
         if (tb != tmp_tb) {
@@ -3343,312 +5232,2900 @@ static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject
             tstate->curexc_traceback = tb;
             Py_XDECREF(tmp_tb);
         }
-#endif
-    }
-bad:
-    Py_XDECREF(owned_instance);
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
     return;
 }
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
+                }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+            }
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
+                }
+                changed = 1;
+            }
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* PyObjectCallNoArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
+    PyObject *arg[2] = {NULL, NULL};
+    return __Pyx_PyObject_FastCall(func, arg + 1, 0 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectCallOneArg */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
+    PyObject *args[2] = {NULL, arg};
+    return __Pyx_PyObject_FastCall(func, args+1, 1 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+}
+
+/* PyObjectGetMethod */
+static int __Pyx_PyObject_GetMethod(PyObject *obj, PyObject *name, PyObject **method) {
+    PyObject *attr;
+#if CYTHON_UNPACK_METHODS && CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_PYTYPE_LOOKUP
+    __Pyx_TypeName type_name;
+    PyTypeObject *tp = Py_TYPE(obj);
+    PyObject *descr;
+    descrgetfunc f = NULL;
+    PyObject **dictptr, *dict;
+    int meth_found = 0;
+    assert (*method == NULL);
+    if (unlikely(tp->tp_getattro != PyObject_GenericGetAttr)) {
+        attr = __Pyx_PyObject_GetAttrStr(obj, name);
+        goto try_unpack;
+    }
+    if (unlikely(tp->tp_dict == NULL) && unlikely(PyType_Ready(tp) < 0)) {
+        return 0;
+    }
+    descr = _PyType_Lookup(tp, name);
+    if (likely(descr != NULL)) {
+        Py_INCREF(descr);
+#if defined(Py_TPFLAGS_METHOD_DESCRIPTOR) && Py_TPFLAGS_METHOD_DESCRIPTOR
+        if (__Pyx_PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_METHOD_DESCRIPTOR))
+#else
+        #ifdef __Pyx_CyFunction_USED
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type) || __Pyx_CyFunction_Check(descr)))
+        #else
+        if (likely(PyFunction_Check(descr) || __Pyx_IS_TYPE(descr, &PyMethodDescr_Type)))
+        #endif
+#endif
+        {
+            meth_found = 1;
+        } else {
+            f = Py_TYPE(descr)->tp_descr_get;
+            if (f != NULL && PyDescr_IsData(descr)) {
+                attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+                Py_DECREF(descr);
+                goto try_unpack;
+            }
+        }
+    }
+    dictptr = _PyObject_GetDictPtr(obj);
+    if (dictptr != NULL && (dict = *dictptr) != NULL) {
+        Py_INCREF(dict);
+        attr = __Pyx_PyDict_GetItemStr(dict, name);
+        if (attr != NULL) {
+            Py_INCREF(attr);
+            Py_DECREF(dict);
+            Py_XDECREF(descr);
+            goto try_unpack;
+        }
+        Py_DECREF(dict);
+    }
+    if (meth_found) {
+        *method = descr;
+        return 1;
+    }
+    if (f != NULL) {
+        attr = f(descr, obj, (PyObject *)Py_TYPE(obj));
+        Py_DECREF(descr);
+        goto try_unpack;
+    }
+    if (likely(descr != NULL)) {
+        *method = descr;
+        return 0;
+    }
+    type_name = __Pyx_PyType_GetFullyQualifiedName(tp);
+    PyErr_Format(PyExc_AttributeError,
+                 "'" __Pyx_FMT_TYPENAME "' object has no attribute '%U'",
+                 type_name, name);
+    __Pyx_DECREF_TypeName(type_name);
+    return 0;
+#else
+    attr = __Pyx_PyObject_GetAttrStr(obj, name);
+    goto try_unpack;
+#endif
+try_unpack:
+#if CYTHON_UNPACK_METHODS
+    if (likely(attr) && PyMethod_Check(attr) && likely(PyMethod_GET_SELF(attr) == obj)) {
+        PyObject *function = PyMethod_GET_FUNCTION(attr);
+        Py_INCREF(function);
+        Py_DECREF(attr);
+        *method = function;
+        return 1;
+    }
+#endif
+    *method = attr;
+    return 0;
+}
+
+/* PyObjectCallMethod0 */
+static PyObject* __Pyx_PyObject_CallMethod0(PyObject* obj, PyObject* method_name) {
+#if CYTHON_VECTORCALL && (__PYX_LIMITED_VERSION_HEX >= 0x030C0000 || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x03090000))
+    PyObject *args[1] = {obj};
+    (void) __Pyx_PyObject_GetMethod;
+    (void) __Pyx_PyObject_CallOneArg;
+    (void) __Pyx_PyObject_CallNoArg;
+    return PyObject_VectorcallMethod(method_name, args, 1 | PY_VECTORCALL_ARGUMENTS_OFFSET, NULL);
+#else
+    PyObject *method = NULL, *result = NULL;
+    int is_method = __Pyx_PyObject_GetMethod(obj, method_name, &method);
+    if (likely(is_method)) {
+        result = __Pyx_PyObject_CallOneArg(method, obj);
+        Py_DECREF(method);
+        return result;
+    }
+    if (unlikely(!method)) goto bad;
+    result = __Pyx_PyObject_CallNoArg(method);
+    Py_DECREF(method);
+bad:
+    return result;
+#endif
+}
+
+/* ValidateBasesTuple */
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_USE_TYPE_SPECS
+static int __Pyx_validate_bases_tuple(const char *type_name, Py_ssize_t dictoffset, PyObject *bases) {
+    Py_ssize_t i, n;
+#if CYTHON_ASSUME_SAFE_SIZE
+    n = PyTuple_GET_SIZE(bases);
+#else
+    n = PyTuple_Size(bases);
+    if (unlikely(n < 0)) return -1;
+#endif
+    for (i = 1; i < n; i++)
+    {
+        PyTypeObject *b;
+#if CYTHON_AVOID_BORROWED_REFS
+        PyObject *b0 = PySequence_GetItem(bases, i);
+        if (!b0) return -1;
+#elif CYTHON_ASSUME_SAFE_MACROS
+        PyObject *b0 = PyTuple_GET_ITEM(bases, i);
+#else
+        PyObject *b0 = PyTuple_GetItem(bases, i);
+        if (!b0) return -1;
+#endif
+        b = (PyTypeObject*) b0;
+        if (!__Pyx_PyType_HasFeature(b, Py_TPFLAGS_HEAPTYPE))
+        {
+            __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+            PyErr_Format(PyExc_TypeError,
+                "base class '" __Pyx_FMT_TYPENAME "' is not a heap type", b_name);
+            __Pyx_DECREF_TypeName(b_name);
+#if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(b0);
+#endif
+            return -1;
+        }
+        if (dictoffset == 0)
+        {
+            Py_ssize_t b_dictoffset = 0;
+#if CYTHON_USE_TYPE_SLOTS
+            b_dictoffset = b->tp_dictoffset;
+#else
+            PyObject *py_b_dictoffset = PyObject_GetAttrString((PyObject*)b, "__dictoffset__");
+            if (!py_b_dictoffset) goto dictoffset_return;
+            b_dictoffset = PyLong_AsSsize_t(py_b_dictoffset);
+            Py_DECREF(py_b_dictoffset);
+            if (b_dictoffset == -1 && PyErr_Occurred()) goto dictoffset_return;
+#endif
+            if (b_dictoffset) {
+                {
+                    __Pyx_TypeName b_name = __Pyx_PyType_GetFullyQualifiedName(b);
+                    PyErr_Format(PyExc_TypeError,
+                        "extension type '%.200s' has no __dict__ slot, "
+                        "but base type '" __Pyx_FMT_TYPENAME "' has: "
+                        "either add 'cdef dict __dict__' to the extension type "
+                        "or add '__slots__ = [...]' to the base type",
+                        type_name, b_name);
+                    __Pyx_DECREF_TypeName(b_name);
+                }
+#if !CYTHON_USE_TYPE_SLOTS
+              dictoffset_return:
+#endif
+#if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(b0);
+#endif
+                return -1;
+            }
+        }
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(b0);
+#endif
+    }
+    return 0;
+}
+#endif
+
+/* PyType_Ready */
+CYTHON_UNUSED static int __Pyx_PyType_HasMultipleInheritance(PyTypeObject *t) {
+    while (t) {
+        PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+        if (bases) {
+            return 1;
+        }
+        t = __Pyx_PyType_GetSlot(t, tp_base, PyTypeObject*);
+    }
+    return 0;
+}
+static int __Pyx_PyType_Ready(PyTypeObject *t) {
+#if CYTHON_USE_TYPE_SPECS || !CYTHON_COMPILING_IN_CPYTHON || defined(PYSTON_MAJOR_VERSION)
+    (void)__Pyx_PyObject_CallMethod0;
+#if CYTHON_USE_TYPE_SPECS
+    (void)__Pyx_validate_bases_tuple;
+#endif
+    return PyType_Ready(t);
+#else
+    int r;
+    if (!__Pyx_PyType_HasMultipleInheritance(t)) {
+        return PyType_Ready(t);
+    }
+    PyObject *bases = __Pyx_PyType_GetSlot(t, tp_bases, PyObject*);
+    if (bases && unlikely(__Pyx_validate_bases_tuple(t->tp_name, t->tp_dictoffset, bases) == -1))
+        return -1;
+#if !defined(PYSTON_MAJOR_VERSION)
+    {
+        int gc_was_enabled;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        gc_was_enabled = PyGC_Disable();
+        (void)__Pyx_PyObject_CallMethod0;
+    #else
+        PyObject *ret, *py_status;
+        PyObject *gc = NULL;
+        #if (!CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM+0 >= 0x07030400) &&\
+                !CYTHON_COMPILING_IN_GRAAL
+        gc = PyImport_GetModule(__pyx_mstate_global->__pyx_kp_u_gc);
+        #endif
+        if (unlikely(!gc)) gc = PyImport_Import(__pyx_mstate_global->__pyx_kp_u_gc);
+        if (unlikely(!gc)) return -1;
+        py_status = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_isenabled);
+        if (unlikely(!py_status)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+        gc_was_enabled = __Pyx_PyObject_IsTrue(py_status);
+        Py_DECREF(py_status);
+        if (gc_was_enabled > 0) {
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_disable);
+            if (unlikely(!ret)) {
+                Py_DECREF(gc);
+                return -1;
+            }
+            Py_DECREF(ret);
+        } else if (unlikely(gc_was_enabled == -1)) {
+            Py_DECREF(gc);
+            return -1;
+        }
+    #endif
+        t->tp_flags |= Py_TPFLAGS_HEAPTYPE;
+#if PY_VERSION_HEX >= 0x030A0000
+        t->tp_flags |= Py_TPFLAGS_IMMUTABLETYPE;
+#endif
+#else
+        (void)__Pyx_PyObject_CallMethod0;
+#endif
+    r = PyType_Ready(t);
+#if !defined(PYSTON_MAJOR_VERSION)
+        t->tp_flags &= ~Py_TPFLAGS_HEAPTYPE;
+    #if PY_VERSION_HEX >= 0x030A00b1
+        if (gc_was_enabled)
+            PyGC_Enable();
+    #else
+        if (gc_was_enabled) {
+            PyObject *tp, *v, *tb;
+            PyErr_Fetch(&tp, &v, &tb);
+            ret = __Pyx_PyObject_CallMethod0(gc, __pyx_mstate_global->__pyx_kp_u_enable);
+            if (likely(ret || r == -1)) {
+                Py_XDECREF(ret);
+                PyErr_Restore(tp, v, tb);
+            } else {
+                Py_XDECREF(tp);
+                Py_XDECREF(v);
+                Py_XDECREF(tb);
+                r = -1;
+            }
+        }
+        Py_DECREF(gc);
+    #endif
+    }
+#endif
+    return r;
+#endif
+}
+
+/* SetVTable */
+static int __Pyx_SetVtable(PyTypeObject *type, void *vtable) {
+    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+    if (unlikely(!ob))
+        goto bad;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(PyObject_SetAttr((PyObject *) type, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#else
+    if (unlikely(PyDict_SetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable, ob) < 0))
+#endif
+        goto bad;
+    Py_DECREF(ob);
+    return 0;
+bad:
+    Py_XDECREF(ob);
+    return -1;
+}
+
+/* GetVTable */
+static void* __Pyx_GetVtable(PyTypeObject *type) {
+    void* ptr;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *ob = PyObject_GetAttr((PyObject *)type, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#else
+    PyObject *ob = PyObject_GetItem(type->tp_dict, __pyx_mstate_global->__pyx_n_u_pyx_vtable);
+#endif
+    if (!ob)
+        goto bad;
+    ptr = PyCapsule_GetPointer(ob, 0);
+    if (!ptr && !PyErr_Occurred())
+        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
+    Py_DECREF(ob);
+    return ptr;
+bad:
+    Py_XDECREF(ob);
+    return NULL;
+}
+
+/* MergeVTables */
+static int __Pyx_MergeVtables(PyTypeObject *type) {
+    int i=0;
+    Py_ssize_t size;
+    void** base_vtables;
+    __Pyx_TypeName tp_base_name = NULL;
+    __Pyx_TypeName base_name = NULL;
+    void* unknown = (void*)-1;
+    PyObject* bases = __Pyx_PyType_GetSlot(type, tp_bases, PyObject*);
+    int base_depth = 0;
+    {
+        PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        while (base) {
+            base_depth += 1;
+            base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+        }
+    }
+    base_vtables = (void**) PyMem_Malloc(sizeof(void*) * (size_t)(base_depth + 1));
+    base_vtables[0] = unknown;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    size = PyTuple_Size(bases);
+    if (size < 0) goto other_failure;
+#else
+    size = PyTuple_GET_SIZE(bases);
+#endif
+    for (i = 1; i < size; i++) {
+        PyObject *basei;
+        void* base_vtable;
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto other_failure;
+#else
+        basei = PyTuple_GET_ITEM(bases, i);
+#endif
+        base_vtable = __Pyx_GetVtable((PyTypeObject*)basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+        if (base_vtable != NULL) {
+            int j;
+            PyTypeObject* base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+            for (j = 0; j < base_depth; j++) {
+                if (base_vtables[j] == unknown) {
+                    base_vtables[j] = __Pyx_GetVtable(base);
+                    base_vtables[j + 1] = unknown;
+                }
+                if (base_vtables[j] == base_vtable) {
+                    break;
+                } else if (base_vtables[j] == NULL) {
+                    goto bad;
+                }
+                base = __Pyx_PyType_GetSlot(base, tp_base, PyTypeObject*);
+            }
+        }
+    }
+    PyErr_Clear();
+    PyMem_Free(base_vtables);
+    return 0;
+bad:
+    {
+        PyTypeObject* basei = NULL;
+        PyTypeObject* tp_base = __Pyx_PyType_GetSlot(type, tp_base, PyTypeObject*);
+        tp_base_name = __Pyx_PyType_GetFullyQualifiedName(tp_base);
+#if CYTHON_AVOID_BORROWED_REFS
+        basei = (PyTypeObject*)PySequence_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#elif !CYTHON_ASSUME_SAFE_MACROS
+        basei = (PyTypeObject*)PyTuple_GetItem(bases, i);
+        if (unlikely(!basei)) goto really_bad;
+#else
+        basei = (PyTypeObject*)PyTuple_GET_ITEM(bases, i);
+#endif
+        base_name = __Pyx_PyType_GetFullyQualifiedName(basei);
+#if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(basei);
+#endif
+    }
+    PyErr_Format(PyExc_TypeError,
+        "multiple bases have vtable conflict: '" __Pyx_FMT_TYPENAME "' and '" __Pyx_FMT_TYPENAME "'", tp_base_name, base_name);
+#if CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+really_bad: // bad has failed!
+#endif
+    __Pyx_DECREF_TypeName(tp_base_name);
+    __Pyx_DECREF_TypeName(base_name);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_AVOID_BORROWED_REFS || !CYTHON_ASSUME_SAFE_MACROS
+other_failure:
+#endif
+    PyMem_Free(base_vtables);
+    return -1;
+}
+
+/* DelItemOnTypeDict */
+static int __Pyx__DelItemOnTypeDict(PyTypeObject *tp, PyObject *k) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_DelItem(tp_dict, k);
+    if (likely(!result)) PyType_Modified(tp);
+    return result;
+}
+
+/* SetupReduce */
+static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
+  int ret;
+  PyObject *name_attr;
+  name_attr = __Pyx_PyObject_GetAttrStrNoError(meth, __pyx_mstate_global->__pyx_n_u_name);
+  if (likely(name_attr)) {
+      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
+  } else {
+      ret = -1;
+  }
+  if (unlikely(ret < 0)) {
+      PyErr_Clear();
+      ret = 0;
+  }
+  Py_XDECREF(name_attr);
+  return ret;
+}
+static int __Pyx_setup_reduce(PyObject* type_obj) {
+    int ret = 0;
+    PyObject *object_reduce = NULL;
+    PyObject *object_getstate = NULL;
+    PyObject *object_reduce_ex = NULL;
+    PyObject *reduce = NULL;
+    PyObject *reduce_ex = NULL;
+    PyObject *reduce_cython = NULL;
+    PyObject *setstate = NULL;
+    PyObject *setstate_cython = NULL;
+    PyObject *getstate = NULL;
+#if CYTHON_USE_PYTYPE_LOOKUP
+    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_getstate);
+    if (!getstate && PyErr_Occurred()) {
+        goto __PYX_BAD;
+    }
+#endif
+    if (getstate) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+#else
+        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_getstate);
+        if (!object_getstate && PyErr_Occurred()) {
+            goto __PYX_BAD;
+        }
+#endif
+        if (object_getstate != getstate) {
+            goto __PYX_GOOD;
+        }
+    }
+#if CYTHON_USE_PYTYPE_LOOKUP
+    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#else
+    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+#endif
+    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
+    if (reduce_ex == object_reduce_ex) {
+#if CYTHON_USE_PYTYPE_LOOKUP
+        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#else
+        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_mstate_global->__pyx_n_u_reduce); if (!object_reduce) goto __PYX_BAD;
+#endif
+        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_mstate_global->__pyx_n_u_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
+        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_mstate_global->__pyx_n_u_reduce_cython)) {
+            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython);
+            if (likely(reduce_cython)) {
+                ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+            } else if (reduce == object_reduce || PyErr_Occurred()) {
+                goto __PYX_BAD;
+            }
+            setstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate);
+            if (!setstate) PyErr_Clear();
+            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_mstate_global->__pyx_n_u_setstate_cython)) {
+                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython);
+                if (likely(setstate_cython)) {
+                    ret = __Pyx_SetItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                    ret = __Pyx_DelItemOnTypeDict((PyTypeObject*)type_obj, __pyx_mstate_global->__pyx_n_u_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
+                } else if (!setstate || PyErr_Occurred()) {
+                    goto __PYX_BAD;
+                }
+            }
+            PyType_Modified((PyTypeObject*)type_obj);
+        }
+    }
+    goto __PYX_GOOD;
+__PYX_BAD:
+    if (!PyErr_Occurred()) {
+        __Pyx_TypeName type_obj_name =
+            __Pyx_PyType_GetFullyQualifiedName((PyTypeObject*)type_obj);
+        PyErr_Format(PyExc_RuntimeError,
+            "Unable to initialize pickling for " __Pyx_FMT_TYPENAME, type_obj_name);
+        __Pyx_DECREF_TypeName(type_obj_name);
+    }
+    ret = -1;
+__PYX_GOOD:
+#if !CYTHON_USE_PYTYPE_LOOKUP
+    Py_XDECREF(object_reduce);
+    Py_XDECREF(object_reduce_ex);
+    Py_XDECREF(object_getstate);
+    Py_XDECREF(getstate);
+#endif
+    Py_XDECREF(reduce);
+    Py_XDECREF(reduce_ex);
+    Py_XDECREF(reduce_cython);
+    Py_XDECREF(setstate);
+    Py_XDECREF(setstate_cython);
+    return ret;
+}
+
+/* TypeImport */
+#ifndef __PYX_HAVE_RT_ImportType_3_1_4
+#define __PYX_HAVE_RT_ImportType_3_1_4
+static PyTypeObject *__Pyx_ImportType_3_1_4(PyObject *module, const char *module_name, const char *class_name,
+    size_t size, size_t alignment, enum __Pyx_ImportType_CheckSize_3_1_4 check_size)
+{
+    PyObject *result = 0;
+    Py_ssize_t basicsize;
+    Py_ssize_t itemsize;
+#ifdef Py_LIMITED_API
+    PyObject *py_basicsize;
+    PyObject *py_itemsize;
+#endif
+    result = PyObject_GetAttrString(module, class_name);
+    if (!result)
+        goto bad;
+    if (!PyType_Check(result)) {
+        PyErr_Format(PyExc_TypeError,
+            "%.200s.%.200s is not a type object",
+            module_name, class_name);
+        goto bad;
+    }
+#ifndef Py_LIMITED_API
+    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    itemsize = ((PyTypeObject *)result)->tp_itemsize;
+#else
+    if (size == 0) {
+        return (PyTypeObject *)result;
+    }
+    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
+    if (!py_basicsize)
+        goto bad;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = 0;
+    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+    py_itemsize = PyObject_GetAttrString(result, "__itemsize__");
+    if (!py_itemsize)
+        goto bad;
+    itemsize = PyLong_AsSsize_t(py_itemsize);
+    Py_DECREF(py_itemsize);
+    py_itemsize = 0;
+    if (itemsize == (Py_ssize_t)-1 && PyErr_Occurred())
+        goto bad;
+#endif
+    if (itemsize) {
+        if (size % alignment) {
+            alignment = size % alignment;
+        }
+        if (itemsize < (Py_ssize_t)alignment)
+            itemsize = (Py_ssize_t)alignment;
+    }
+    if ((size_t)(basicsize + itemsize) < size) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd from PyObject",
+            module_name, class_name, size, basicsize+itemsize);
+        goto bad;
+    }
+    if (check_size == __Pyx_ImportType_CheckSize_Error_3_1_4 &&
+            ((size_t)basicsize > size || (size_t)(basicsize + itemsize) < size)) {
+        PyErr_Format(PyExc_ValueError,
+            "%.200s.%.200s size changed, may indicate binary incompatibility. "
+            "Expected %zd from C header, got %zd-%zd from PyObject",
+            module_name, class_name, size, basicsize, basicsize+itemsize);
+        goto bad;
+    }
+    else if (check_size == __Pyx_ImportType_CheckSize_Warn_3_1_4 && (size_t)basicsize > size) {
+        if (PyErr_WarnFormat(NULL, 0,
+                "%.200s.%.200s size changed, may indicate binary incompatibility. "
+                "Expected %zd from C header, got %zd from PyObject",
+                module_name, class_name, size, basicsize) < 0) {
+            goto bad;
+        }
+    }
+    return (PyTypeObject *)result;
+bad:
+    Py_XDECREF(result);
+    return NULL;
+}
+#endif
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
 #endif
-
-/* PyObject_GenericGetAttrNoDict */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject *__Pyx_RaiseGenericGetAttributeError(PyTypeObject *tp, PyObject *attr_name) {
-    PyErr_Format(PyExc_AttributeError,
-#if PY_MAJOR_VERSION >= 3
-                 "'%.50s' object has no attribute '%U'",
-                 tp->tp_name, attr_name);
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
 #else
-                 "'%.50s' object has no attribute '%.400s'",
-                 tp->tp_name, PyString_AS_STRING(attr_name));
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
 #endif
-    return NULL;
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GenericGetAttrNoDict(PyObject* obj, PyObject* attr_name) {
-    PyObject *descr;
-    PyTypeObject *tp = Py_TYPE(obj);
-    if (unlikely(!PyString_Check(attr_name))) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
     }
-    assert(!tp->tp_dictoffset);
-    descr = _PyType_Lookup(tp, attr_name);
-    if (unlikely(!descr)) {
-        return __Pyx_RaiseGenericGetAttributeError(tp, attr_name);
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
     }
-    Py_INCREF(descr);
-    #if PY_MAJOR_VERSION < 3
-    if (likely(PyType_HasFeature(Py_TYPE(descr), Py_TPFLAGS_HAVE_CLASS)))
     #endif
-    {
-        descrgetfunc f = Py_TYPE(descr)->tp_descr_get;
-        if (unlikely(f)) {
-            PyObject *res = f(descr, obj, (PyObject *)tp);
-            Py_DECREF(descr);
-            return res;
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
         }
     }
-    return descr;
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
 }
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
 #endif
-
-/* PyObject_GenericGetAttr */
-#if CYTHON_USE_TYPE_SLOTS && CYTHON_USE_PYTYPE_LOOKUP && PY_VERSION_HEX < 0x03070000
-static PyObject* __Pyx_PyObject_GenericGetAttr(PyObject* obj, PyObject* attr_name) {
-    if (unlikely(Py_TYPE(obj)->tp_dictoffset)) {
-        return PyObject_GenericGetAttr(obj, attr_name);
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
     }
-    return __Pyx_PyObject_GenericGetAttrNoDict(obj, attr_name);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
 #endif
-
-/* SetVTable */
-static int __Pyx_SetVtable(PyObject *dict, void *vtable) {
-#if PY_VERSION_HEX >= 0x02070000
-    PyObject *ob = PyCapsule_New(vtable, 0, 0);
+}
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
 #else
-    PyObject *ob = PyCObject_FromVoidPtr(vtable, 0);
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
 #endif
-    if (!ob)
-        goto bad;
-    if (PyDict_SetItem(dict, __pyx_n_s_pyx_vtable, ob) < 0)
-        goto bad;
-    Py_DECREF(ob);
-    return 0;
-bad:
-    Py_XDECREF(ob);
-    return -1;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
 }
-
-/* PyErrExceptionMatches */
-#if CYTHON_FAST_THREAD_STATE
-static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
-    Py_ssize_t i, n;
-    n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
-    for (i=0; i<n; i++) {
-        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
 #endif
-    for (i=0; i<n; i++) {
-        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
+#else
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
     }
+#endif
+#endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
     return 0;
 }
-static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
-    PyObject *exc_type = tstate->curexc_type;
-    if (exc_type == err) return 1;
-    if (unlikely(!exc_type)) return 0;
-    if (unlikely(PyTuple_Check(err)))
-        return __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
-    return __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
+    {
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
+        }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
+    }
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
 #endif
-
-/* PyObjectGetAttrStrNoError */
-static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
-        __Pyx_PyErr_Clear();
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
     PyObject *result;
-#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS && PY_VERSION_HEX >= 0x030700B1
-    PyTypeObject* tp = Py_TYPE(obj);
-    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
-        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
+#endif
     }
 #endif
-    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
-    if (unlikely(!result)) {
-        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
+        }
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
     }
     return result;
 }
-
-/* SetupReduce */
-static int __Pyx_setup_reduce_is_named(PyObject* meth, PyObject* name) {
-  int ret;
-  PyObject *name_attr;
-  name_attr = __Pyx_PyObject_GetAttrStr(meth, __pyx_n_s_name);
-  if (likely(name_attr)) {
-      ret = PyObject_RichCompareBool(name_attr, name, Py_EQ);
-  } else {
-      ret = -1;
-  }
-  if (unlikely(ret < 0)) {
-      PyErr_Clear();
-      ret = 0;
-  }
-  Py_XDECREF(name_attr);
-  return ret;
-}
-static int __Pyx_setup_reduce(PyObject* type_obj) {
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
     int ret = 0;
-    PyObject *object_reduce = NULL;
-    PyObject *object_getstate = NULL;
-    PyObject *object_reduce_ex = NULL;
-    PyObject *reduce = NULL;
-    PyObject *reduce_ex = NULL;
-    PyObject *reduce_cython = NULL;
-    PyObject *setstate = NULL;
-    PyObject *setstate_cython = NULL;
-    PyObject *getstate = NULL;
-#if CYTHON_USE_PYTYPE_LOOKUP
-    getstate = _PyType_Lookup((PyTypeObject*)type_obj, __pyx_n_s_getstate);
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
+        }
+        ret = 1;
+    }
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    getstate = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_getstate);
-    if (!getstate && PyErr_Occurred()) {
-        goto __PYX_BAD;
-    }
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    if (getstate) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_getstate = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_getstate);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_getstate = __Pyx_PyObject_GetAttrStrNoError((PyObject*)&PyBaseObject_Type, __pyx_n_s_getstate);
-        if (!object_getstate && PyErr_Occurred()) {
-            goto __PYX_BAD;
-        }
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        if (object_getstate != getstate) {
-            goto __PYX_GOOD;
-        }
+        break;
+    default:
+        return NULL;
     }
-#if CYTHON_USE_PYTYPE_LOOKUP
-    object_reduce_ex = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-    object_reduce_ex = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce_ex); if (!object_reduce_ex) goto __PYX_BAD;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    reduce_ex = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce_ex); if (unlikely(!reduce_ex)) goto __PYX_BAD;
-    if (reduce_ex == object_reduce_ex) {
-#if CYTHON_USE_PYTYPE_LOOKUP
-        object_reduce = _PyType_Lookup(&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-        object_reduce = __Pyx_PyObject_GetAttrStr((PyObject*)&PyBaseObject_Type, __pyx_n_s_reduce); if (!object_reduce) goto __PYX_BAD;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-        reduce = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_reduce); if (unlikely(!reduce)) goto __PYX_BAD;
-        if (reduce == object_reduce || __Pyx_setup_reduce_is_named(reduce, __pyx_n_s_reduce_cython)) {
-            reduce_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_reduce_cython);
-            if (likely(reduce_cython)) {
-                ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce, reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_reduce_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-            } else if (reduce == object_reduce || PyErr_Occurred()) {
-                goto __PYX_BAD;
-            }
-            setstate = __Pyx_PyObject_GetAttrStr(type_obj, __pyx_n_s_setstate);
-            if (!setstate) PyErr_Clear();
-            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
-                setstate_cython = __Pyx_PyObject_GetAttrStrNoError(type_obj, __pyx_n_s_setstate_cython);
-                if (likely(setstate_cython)) {
-                    ret = PyDict_SetItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate, setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                    ret = PyDict_DelItem(((PyTypeObject*)type_obj)->tp_dict, __pyx_n_s_setstate_cython); if (unlikely(ret < 0)) goto __PYX_BAD;
-                } else if (!setstate || PyErr_Occurred()) {
-                    goto __PYX_BAD;
-                }
-            }
-            PyType_Modified((PyTypeObject*)type_obj);
-        }
+        break;
+    default:
+        return NULL;
     }
-    goto __PYX_GOOD;
-__PYX_BAD:
-    if (!PyErr_Occurred())
-        PyErr_Format(PyExc_RuntimeError, "Unable to initialize pickling for %s", ((PyTypeObject*)type_obj)->tp_name);
-    ret = -1;
-__PYX_GOOD:
-#if !CYTHON_USE_PYTYPE_LOOKUP
-    Py_XDECREF(object_reduce);
-    Py_XDECREF(object_reduce_ex);
-    Py_XDECREF(object_getstate);
-    Py_XDECREF(getstate);
-#endif
-    Py_XDECREF(reduce);
-    Py_XDECREF(reduce_ex);
-    Py_XDECREF(reduce_cython);
-    Py_XDECREF(setstate);
-    Py_XDECREF(setstate_cython);
-    return ret;
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
+    }
+    return meth(self, args[0]);
 }
-
-/* TypeImport */
-#ifndef __PYX_HAVE_RT_ImportType
-#define __PYX_HAVE_RT_ImportType
-static PyTypeObject *__Pyx_ImportType(PyObject *module, const char *module_name, const char *class_name,
-    size_t size, enum __Pyx_ImportType_CheckSize check_size)
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
 {
-    PyObject *result = 0;
-    char warning[200];
-    Py_ssize_t basicsize;
-#ifdef Py_LIMITED_API
-    PyObject *py_basicsize;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-    result = PyObject_GetAttrString(module, class_name);
-    if (!result)
-        goto bad;
-    if (!PyType_Check(result)) {
-        PyErr_Format(PyExc_TypeError,
-            "%.200s.%.200s is not a type object",
-            module_name, class_name);
-        goto bad;
-    }
-#ifndef Py_LIMITED_API
-    basicsize = ((PyTypeObject *)result)->tp_basicsize;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
 #else
-    py_basicsize = PyObject_GetAttrString(result, "__basicsize__");
-    if (!py_basicsize)
-        goto bad;
-    basicsize = PyLong_AsSsize_t(py_basicsize);
-    Py_DECREF(py_basicsize);
-    py_basicsize = 0;
-    if (basicsize == (Py_ssize_t)-1 && PyErr_Occurred())
-        goto bad;
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if ((size_t)basicsize < size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
-    }
-    if (check_size == __Pyx_ImportType_CheckSize_Error && (size_t)basicsize != size) {
-        PyErr_Format(PyExc_ValueError,
-            "%.200s.%.200s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        goto bad;
-    }
-    else if (check_size == __Pyx_ImportType_CheckSize_Warn && (size_t)basicsize > size) {
-        PyOS_snprintf(warning, sizeof(warning),
-            "%s.%s size changed, may indicate binary incompatibility. "
-            "Expected %zd from C header, got %zd from PyObject",
-            module_name, class_name, size, basicsize);
-        if (PyErr_WarnEx(NULL, warning, 0) < 0) goto bad;
+        break;
+    default:
+        return NULL;
     }
-    return (PyTypeObject *)result;
-bad:
-    Py_XDECREF(result);
-    return NULL;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* GetVTable */
-static void* __Pyx_GetVtable(PyObject *dict) {
-    void* ptr;
-    PyObject *ob = PyObject_GetItem(dict, __pyx_n_s_pyx_vtable);
-    if (!ob)
-        goto bad;
-#if PY_VERSION_HEX >= 0x02070000
-    ptr = PyCapsule_GetPointer(ob, 0);
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
 #else
-    ptr = PyCObject_AsVoidPtr(ob);
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
-    if (!ptr && !PyErr_Occurred())
-        PyErr_SetString(PyExc_RuntimeError, "invalid vtable found for imported type");
-    Py_DECREF(ob);
-    return ptr;
-bad:
-    Py_XDECREF(ob);
-    return NULL;
+        break;
+    default:
+        return NULL;
+    }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
+}
+
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
+    }
+    return op;
 }
 
 /* PyDictVersioning */
@@ -3678,29 +8155,34 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 #endif
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -3709,11 +8191,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -3741,130 +8224,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -3895,7 +8444,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -3905,9 +8454,42 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
+
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_uint64_t(uint64_t value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -3919,17 +8501,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(uint64_t) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(uint64_t) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(uint64_t) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(uint64_t) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(uint64_t) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -3937,15 +8519,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_uint64_t(uint64_t value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(uint64_t),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(uint64_t));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u_);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -3957,17 +8611,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -3975,10 +8629,43 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
@@ -4005,7 +8692,7 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4015,179 +8702,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -4201,7 +8946,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4211,179 +8956,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -4400,7 +9203,7 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -4421,51 +9224,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -4496,109 +9286,273 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
-        }
-    }
-    if (!same) {
-        char rtversion[5] = {'\0'};
-        char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
             }
-            rtversion[i] = rt_from_call[i];
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
+    }
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
+        char message[200];
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -4610,25 +9564,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -4651,95 +9605,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -4778,33 +9703,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/sftp_statvfs.pxd b/ssh/sftp_statvfs.pxd
index 8b746352..39062041 100644
--- a/ssh/sftp_statvfs.pxd
+++ b/ssh/sftp_statvfs.pxd
@@ -1,22 +1,23 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from sftp cimport SFTP
+from .sftp cimport SFTP
 
-cimport c_sftp
+from . cimport c_sftp
 
 
 cdef class SFTPStatVFS:
diff --git a/ssh/sftp_statvfs.pyx b/ssh/sftp_statvfs.pyx
index 4526dd4f..44a344be 100644
--- a/ssh/sftp_statvfs.pyx
+++ b/ssh/sftp_statvfs.pyx
@@ -1,18 +1,19 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from .sftp cimport SFTP
 
diff --git a/ssh/utils.c b/ssh/utils.c
index 3780fd8d..a3dcf527 100644
--- a/ssh/utils.c
+++ b/ssh/utils.c
@@ -1,22 +1,61 @@
-/* Generated by Cython 0.29.32 */
+/* Generated by Cython 3.1.4 */
+
+/* BEGIN: Cython Metadata
+{
+    "distutils": {
+        "depends": [
+            "local/include/libssh/libssh.h"
+        ],
+        "extra_compile_args": [
+            "-O2",
+            "-g0",
+            "-s"
+        ],
+        "include_dirs": [
+            "./local/include",
+            "./libssh/include"
+        ],
+        "libraries": [
+            "ssh"
+        ],
+        "library_dirs": [
+            "/home/zefrer/Projects/ssh-python/local/lib"
+        ],
+        "name": "ssh.utils",
+        "runtime_library_dirs": [
+            "$ORIGIN/."
+        ],
+        "sources": [
+            "ssh/utils.pyx"
+        ]
+    },
+    "module_name": "ssh.utils"
+}
+END: Cython Metadata */
 
 #ifndef PY_SSIZE_T_CLEAN
 #define PY_SSIZE_T_CLEAN
 #endif /* PY_SSIZE_T_CLEAN */
+/* InitLimitedAPI */
+#if defined(Py_LIMITED_API) && !defined(CYTHON_LIMITED_API)
+  #define CYTHON_LIMITED_API 1
+#endif
+
 #include "Python.h"
 #ifndef Py_PYTHON_H
     #error Python headers needed to compile C extensions, please install development version of Python.
-#elif PY_VERSION_HEX < 0x02060000 || (0x03000000 <= PY_VERSION_HEX && PY_VERSION_HEX < 0x03030000)
-    #error Cython requires Python 2.6+ or Python 3.3+.
+#elif PY_VERSION_HEX < 0x03080000
+    #error Cython requires Python 3.8+.
 #else
-#define CYTHON_ABI "0_29_32"
-#define CYTHON_HEX_VERSION 0x001D20F0
-#define CYTHON_FUTURE_DIVISION 0
+#define __PYX_ABI_VERSION "3_1_4"
+#define CYTHON_HEX_VERSION 0x030104F0
+#define CYTHON_FUTURE_DIVISION 1
+/* CModulePreamble */
 #include <stddef.h>
 #ifndef offsetof
   #define offsetof(type, member) ( (size_t) & ((type*)0) -> member )
 #endif
-#if !defined(WIN32) && !defined(MS_WINDOWS)
+#if !defined(_WIN32) && !defined(WIN32) && !defined(MS_WINDOWS)
   #ifndef __stdcall
     #define __stdcall
   #endif
@@ -35,9 +74,7 @@
 #endif
 #define __PYX_COMMA ,
 #ifndef HAVE_LONG_LONG
-  #if PY_VERSION_HEX >= 0x02070000
-    #define HAVE_LONG_LONG
-  #endif
+  #define HAVE_LONG_LONG
 #endif
 #ifndef PY_LONG_LONG
   #define PY_LONG_LONG LONG_LONG
@@ -45,21 +82,21 @@
 #ifndef Py_HUGE_VAL
   #define Py_HUGE_VAL HUGE_VAL
 #endif
-#ifdef PYPY_VERSION
-  #define CYTHON_COMPILING_IN_PYPY 1
-  #define CYTHON_COMPILING_IN_PYSTON 0
+#define __PYX_LIMITED_VERSION_HEX PY_VERSION_HEX
+#if defined(GRAALVM_PYTHON)
+  /* For very preliminary testing purposes. Most variables are set the same as PyPy.
+     The existence of this section does not imply that anything works or is even tested */
+  #define CYTHON_COMPILING_IN_PYPY 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 1
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
   #undef CYTHON_USE_TYPE_SLOTS
   #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 0
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #if PY_VERSION_HEX < 0x03050000
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
   #undef CYTHON_USE_UNICODE_INTERNALS
@@ -70,148 +107,219 @@
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #undef CYTHON_AVOID_BORROWED_REFS
   #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
   #undef CYTHON_ASSUME_SAFE_MACROS
   #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
   #undef CYTHON_UNPACK_METHODS
   #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #undef CYTHON_USE_TP_FINALIZE
   #define CYTHON_USE_TP_FINALIZE 0
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
-  #define CYTHON_USE_EXC_INFO_STACK 0
+  #define CYTHON_USE_EXC_INFO_STACK 1
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_HEX >= 0x07030900)
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
   #endif
-#elif defined(PYSTON_VERSION)
-  #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 1
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(PYPY_VERSION)
+  #define CYTHON_COMPILING_IN_PYPY 1
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #undef CYTHON_USE_ASYNC_SLOTS
-  #define CYTHON_USE_ASYNC_SLOTS 0
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
-  #endif
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
   #undef CYTHON_USE_UNICODE_WRITER
   #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
-  #ifndef CYTHON_AVOID_BORROWED_REFS
-    #define CYTHON_AVOID_BORROWED_REFS 0
-  #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #undef CYTHON_AVOID_BORROWED_REFS
+  #define CYTHON_AVOID_BORROWED_REFS 1
+  #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
   #endif
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL 0
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
-  #undef CYTHON_PEP489_MULTI_PHASE_INIT
-  #define CYTHON_PEP489_MULTI_PHASE_INIT 0
-  #undef CYTHON_USE_TP_FINALIZE
-  #define CYTHON_USE_TP_FINALIZE 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
+  #if PY_VERSION_HEX < 0x03090000
+    #undef CYTHON_PEP489_MULTI_PHASE_INIT
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 0
+  #elif !defined(CYTHON_PEP489_MULTI_PHASE_INIT)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #undef CYTHON_USE_MODULE_STATE
+  #define CYTHON_USE_MODULE_STATE 0
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
+  #ifndef CYTHON_USE_TP_FINALIZE
+    #define CYTHON_USE_TP_FINALIZE (PYPY_VERSION_NUM >= 0x07030C00)
+  #endif
+  #undef CYTHON_USE_AM_SEND
+  #define CYTHON_USE_AM_SEND 0
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
-    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC (PYPY_VERSION_NUM >= 0x07031100)
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
+#elif defined(CYTHON_LIMITED_API)
+  #ifdef Py_LIMITED_API
+    #undef __PYX_LIMITED_VERSION_HEX
+    #define __PYX_LIMITED_VERSION_HEX Py_LIMITED_API
   #endif
-#elif defined(PY_NOGIL)
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 0
-  #define CYTHON_COMPILING_IN_NOGIL 1
-  #ifndef CYTHON_USE_TYPE_SLOTS
-    #define CYTHON_USE_TYPE_SLOTS 1
-  #endif
+  #define CYTHON_COMPILING_IN_LIMITED_API 1
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #undef CYTHON_CLINE_IN_TRACEBACK
+  #define CYTHON_CLINE_IN_TRACEBACK 0
+  #undef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_USE_TYPE_SLOTS 0
+  #undef CYTHON_USE_TYPE_SPECS
+  #define CYTHON_USE_TYPE_SPECS 1
   #undef CYTHON_USE_PYTYPE_LOOKUP
   #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #ifndef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 1
-  #endif
   #undef CYTHON_USE_PYLIST_INTERNALS
   #define CYTHON_USE_PYLIST_INTERNALS 0
-  #ifndef CYTHON_USE_UNICODE_INTERNALS
-    #define CYTHON_USE_UNICODE_INTERNALS 1
+  #undef CYTHON_USE_UNICODE_INTERNALS
+  #define CYTHON_USE_UNICODE_INTERNALS 0
+  #ifndef CYTHON_USE_UNICODE_WRITER
+    #define CYTHON_USE_UNICODE_WRITER 0
   #endif
-  #undef CYTHON_USE_UNICODE_WRITER
-  #define CYTHON_USE_UNICODE_WRITER 0
   #undef CYTHON_USE_PYLONG_INTERNALS
   #define CYTHON_USE_PYLONG_INTERNALS 0
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
-  #ifndef CYTHON_ASSUME_SAFE_MACROS
-    #define CYTHON_ASSUME_SAFE_MACROS 1
-  #endif
-  #ifndef CYTHON_UNPACK_METHODS
-    #define CYTHON_UNPACK_METHODS 1
+  #ifndef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
   #endif
+  #undef CYTHON_ASSUME_SAFE_MACROS
+  #define CYTHON_ASSUME_SAFE_MACROS 0
+  #undef CYTHON_ASSUME_SAFE_SIZE
+  #define CYTHON_ASSUME_SAFE_SIZE 0
+  #undef CYTHON_UNPACK_METHODS
+  #define CYTHON_UNPACK_METHODS 0
   #undef CYTHON_FAST_THREAD_STATE
   #define CYTHON_FAST_THREAD_STATE 0
+  #undef CYTHON_FAST_GIL
+  #define CYTHON_FAST_GIL 0
+  #undef CYTHON_METH_FASTCALL
+  #define CYTHON_METH_FASTCALL (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
   #undef CYTHON_FAST_PYCALL
   #define CYTHON_FAST_PYCALL 0
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
+  #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
     #define CYTHON_PEP489_MULTI_PHASE_INIT 1
   #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #undef CYTHON_USE_SYS_MONITORING
+  #define CYTHON_USE_SYS_MONITORING 0
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE 1
+    #define CYTHON_USE_TP_FINALIZE 0
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND (__PYX_LIMITED_VERSION_HEX >= 0x030A0000)
   #endif
   #undef CYTHON_USE_DICT_VERSIONS
   #define CYTHON_USE_DICT_VERSIONS 0
   #undef CYTHON_USE_EXC_INFO_STACK
   #define CYTHON_USE_EXC_INFO_STACK 0
+  #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
+    #define CYTHON_UPDATE_DESCRIPTOR_DOC 0
+  #endif
+  #undef CYTHON_USE_FREELISTS
+  #define CYTHON_USE_FREELISTS 0
 #else
   #define CYTHON_COMPILING_IN_PYPY 0
-  #define CYTHON_COMPILING_IN_PYSTON 0
   #define CYTHON_COMPILING_IN_CPYTHON 1
-  #define CYTHON_COMPILING_IN_NOGIL 0
-  #ifndef CYTHON_USE_TYPE_SLOTS
+  #define CYTHON_COMPILING_IN_LIMITED_API 0
+  #define CYTHON_COMPILING_IN_GRAAL 0
+  #ifdef Py_GIL_DISABLED
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 1
+  #else
+    #define CYTHON_COMPILING_IN_CPYTHON_FREETHREADING 0
+  #endif
+  #if PY_VERSION_HEX < 0x030A0000
+    #undef CYTHON_USE_TYPE_SLOTS
+    #define CYTHON_USE_TYPE_SLOTS 1
+  #elif !defined(CYTHON_USE_TYPE_SLOTS)
     #define CYTHON_USE_TYPE_SLOTS 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYTYPE_LOOKUP
-    #define CYTHON_USE_PYTYPE_LOOKUP 0
-  #elif !defined(CYTHON_USE_PYTYPE_LOOKUP)
-    #define CYTHON_USE_PYTYPE_LOOKUP 1
+  #ifndef CYTHON_USE_TYPE_SPECS
+    #define CYTHON_USE_TYPE_SPECS 0
   #endif
-  #if PY_MAJOR_VERSION < 3
-    #undef CYTHON_USE_ASYNC_SLOTS
-    #define CYTHON_USE_ASYNC_SLOTS 0
-  #elif !defined(CYTHON_USE_ASYNC_SLOTS)
-    #define CYTHON_USE_ASYNC_SLOTS 1
+  #ifndef CYTHON_USE_PYTYPE_LOOKUP
+    #define CYTHON_USE_PYTYPE_LOOKUP 1
   #endif
-  #if PY_VERSION_HEX < 0x02070000
-    #undef CYTHON_USE_PYLONG_INTERNALS
-    #define CYTHON_USE_PYLONG_INTERNALS 0
-  #elif !defined(CYTHON_USE_PYLONG_INTERNALS)
+  #ifndef CYTHON_USE_PYLONG_INTERNALS
     #define CYTHON_USE_PYLONG_INTERNALS 1
   #endif
-  #ifndef CYTHON_USE_PYLIST_INTERNALS
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_PYLIST_INTERNALS
+    #define CYTHON_USE_PYLIST_INTERNALS 0
+  #elif !defined(CYTHON_USE_PYLIST_INTERNALS)
     #define CYTHON_USE_PYLIST_INTERNALS 1
   #endif
   #ifndef CYTHON_USE_UNICODE_INTERNALS
     #define CYTHON_USE_UNICODE_INTERNALS 1
   #endif
-  #if PY_VERSION_HEX < 0x030300F0 || PY_VERSION_HEX >= 0x030B00A2
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING || PY_VERSION_HEX >= 0x030B00A2
     #undef CYTHON_USE_UNICODE_WRITER
     #define CYTHON_USE_UNICODE_WRITER 0
   #elif !defined(CYTHON_USE_UNICODE_WRITER)
@@ -220,47 +328,82 @@
   #ifndef CYTHON_AVOID_BORROWED_REFS
     #define CYTHON_AVOID_BORROWED_REFS 0
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 1
+  #elif !defined(CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS)
+    #define CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS 0
+  #endif
   #ifndef CYTHON_ASSUME_SAFE_MACROS
     #define CYTHON_ASSUME_SAFE_MACROS 1
   #endif
+  #ifndef CYTHON_ASSUME_SAFE_SIZE
+    #define CYTHON_ASSUME_SAFE_SIZE 1
+  #endif
   #ifndef CYTHON_UNPACK_METHODS
     #define CYTHON_UNPACK_METHODS 1
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_FAST_THREAD_STATE
-    #define CYTHON_FAST_THREAD_STATE 0
-  #elif !defined(CYTHON_FAST_THREAD_STATE)
+  #ifndef CYTHON_FAST_THREAD_STATE
     #define CYTHON_FAST_THREAD_STATE 1
   #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_FAST_GIL
+    #define CYTHON_FAST_GIL 0
+  #elif !defined(CYTHON_FAST_GIL)
+    #define CYTHON_FAST_GIL (PY_VERSION_HEX < 0x030C00A6)
+  #endif
+  #ifndef CYTHON_METH_FASTCALL
+    #define CYTHON_METH_FASTCALL 1
+  #endif
   #ifndef CYTHON_FAST_PYCALL
-    #define CYTHON_FAST_PYCALL (PY_VERSION_HEX < 0x030A0000)
+    #define CYTHON_FAST_PYCALL 1
+  #endif
+  #ifndef CYTHON_PEP487_INIT_SUBCLASS
+    #define CYTHON_PEP487_INIT_SUBCLASS 1
   #endif
   #ifndef CYTHON_PEP489_MULTI_PHASE_INIT
-    #define CYTHON_PEP489_MULTI_PHASE_INIT (PY_VERSION_HEX >= 0x03050000)
+    #define CYTHON_PEP489_MULTI_PHASE_INIT 1
+  #endif
+  #ifndef CYTHON_USE_MODULE_STATE
+    #define CYTHON_USE_MODULE_STATE 0
+  #endif
+  #ifndef CYTHON_USE_SYS_MONITORING
+    #define CYTHON_USE_SYS_MONITORING (PY_VERSION_HEX >= 0x030d00B1)
   #endif
   #ifndef CYTHON_USE_TP_FINALIZE
-    #define CYTHON_USE_TP_FINALIZE (PY_VERSION_HEX >= 0x030400a1)
+    #define CYTHON_USE_TP_FINALIZE 1
+  #endif
+  #ifndef CYTHON_USE_AM_SEND
+    #define CYTHON_USE_AM_SEND 1
   #endif
-  #ifndef CYTHON_USE_DICT_VERSIONS
-    #define CYTHON_USE_DICT_VERSIONS (PY_VERSION_HEX >= 0x030600B1)
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    #undef CYTHON_USE_DICT_VERSIONS
+    #define CYTHON_USE_DICT_VERSIONS 0
+  #elif !defined(CYTHON_USE_DICT_VERSIONS)
+    #define CYTHON_USE_DICT_VERSIONS  (PY_VERSION_HEX < 0x030C00A5 && !CYTHON_USE_MODULE_STATE)
   #endif
-  #if PY_VERSION_HEX >= 0x030B00A4
-    #undef CYTHON_USE_EXC_INFO_STACK
-    #define CYTHON_USE_EXC_INFO_STACK 0
-  #elif !defined(CYTHON_USE_EXC_INFO_STACK)
-    #define CYTHON_USE_EXC_INFO_STACK (PY_VERSION_HEX >= 0x030700A3)
+  #ifndef CYTHON_USE_EXC_INFO_STACK
+    #define CYTHON_USE_EXC_INFO_STACK 1
   #endif
   #ifndef CYTHON_UPDATE_DESCRIPTOR_DOC
     #define CYTHON_UPDATE_DESCRIPTOR_DOC 1
   #endif
+  #ifndef CYTHON_USE_FREELISTS
+    #define CYTHON_USE_FREELISTS (!CYTHON_COMPILING_IN_CPYTHON_FREETHREADING)
+  #endif
+#endif
+#ifndef CYTHON_FAST_PYCCALL
+#define CYTHON_FAST_PYCCALL  CYTHON_FAST_PYCALL
+#endif
+#ifndef CYTHON_VECTORCALL
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define CYTHON_VECTORCALL  (__PYX_LIMITED_VERSION_HEX >= 0x030C0000)
+#else
+#define CYTHON_VECTORCALL  (CYTHON_FAST_PYCCALL && PY_VERSION_HEX >= 0x030800B1)
 #endif
-#if !defined(CYTHON_FAST_PYCCALL)
-#define CYTHON_FAST_PYCCALL  (CYTHON_FAST_PYCALL && PY_VERSION_HEX >= 0x030600B1)
 #endif
+#define CYTHON_BACKPORT_VECTORCALL (CYTHON_METH_FASTCALL && PY_VERSION_HEX < 0x030800B1)
 #if CYTHON_USE_PYLONG_INTERNALS
-  #if PY_MAJOR_VERSION < 3
-    #include "longintrepr.h"
-  #endif
   #undef SHIFT
   #undef BASE
   #undef MASK
@@ -268,6 +411,9 @@
     enum { __pyx_check_sizeof_voidp = 1 / (int)(SIZEOF_VOID_P == sizeof(void*)) };
   #endif
 #endif
+#ifndef CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME
+  #define CYTHON_LOCK_AND_GIL_DEADLOCK_AVOIDANCE_TIME 100
+#endif
 #ifndef __has_attribute
   #define __has_attribute(x) 0
 #endif
@@ -285,6 +431,17 @@
     #define CYTHON_RESTRICT
   #endif
 #endif
+#ifndef CYTHON_UNUSED
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(maybe_unused) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(maybe_unused)
+        #define CYTHON_UNUSED [[maybe_unused]]
+      #endif
+    #endif
+  #endif
+#endif
 #ifndef CYTHON_UNUSED
 # if defined(__GNUC__)
 #   if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
@@ -298,42 +455,76 @@
 #   define CYTHON_UNUSED
 # endif
 #endif
-#ifndef CYTHON_MAYBE_UNUSED_VAR
+#ifndef CYTHON_UNUSED_VAR
 #  if defined(__cplusplus)
-     template<class T> void CYTHON_MAYBE_UNUSED_VAR( const T& ) { }
+     template<class T> void CYTHON_UNUSED_VAR( const T& ) { }
 #  else
-#    define CYTHON_MAYBE_UNUSED_VAR(x) (void)(x)
+#    define CYTHON_UNUSED_VAR(x) (void)(x)
 #  endif
 #endif
+#ifndef CYTHON_MAYBE_UNUSED_VAR
+  #define CYTHON_MAYBE_UNUSED_VAR(x) CYTHON_UNUSED_VAR(x)
+#endif
 #ifndef CYTHON_NCP_UNUSED
-# if CYTHON_COMPILING_IN_CPYTHON
+# if CYTHON_COMPILING_IN_CPYTHON && !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
 #  define CYTHON_NCP_UNUSED
 # else
 #  define CYTHON_NCP_UNUSED CYTHON_UNUSED
 # endif
 #endif
+#ifndef CYTHON_USE_CPP_STD_MOVE
+  #if defined(__cplusplus) && (\
+    __cplusplus >= 201103L || (defined(_MSC_VER) && _MSC_VER >= 1600))
+    #define CYTHON_USE_CPP_STD_MOVE 1
+  #else
+    #define CYTHON_USE_CPP_STD_MOVE 0
+  #endif
+#endif
 #define __Pyx_void_to_None(void_result) ((void)(void_result), Py_INCREF(Py_None), Py_None)
 #ifdef _MSC_VER
     #ifndef _MSC_STDINT_H_
         #if _MSC_VER < 1300
-           typedef unsigned char     uint8_t;
-           typedef unsigned int      uint32_t;
+            typedef unsigned char     uint8_t;
+            typedef unsigned short    uint16_t;
+            typedef unsigned int      uint32_t;
+        #else
+            typedef unsigned __int8   uint8_t;
+            typedef unsigned __int16  uint16_t;
+            typedef unsigned __int32  uint32_t;
+        #endif
+    #endif
+    #if _MSC_VER < 1300
+        #ifdef _WIN64
+            typedef unsigned long long  __pyx_uintptr_t;
         #else
-           typedef unsigned __int8   uint8_t;
-           typedef unsigned __int32  uint32_t;
+            typedef unsigned int        __pyx_uintptr_t;
+        #endif
+    #else
+        #ifdef _WIN64
+            typedef unsigned __int64    __pyx_uintptr_t;
+        #else
+            typedef unsigned __int32    __pyx_uintptr_t;
         #endif
     #endif
 #else
-   #include <stdint.h>
+    #include <stdint.h>
+    typedef uintptr_t  __pyx_uintptr_t;
 #endif
 #ifndef CYTHON_FALLTHROUGH
-  #if defined(__cplusplus) && __cplusplus >= 201103L
-    #if __has_cpp_attribute(fallthrough)
-      #define CYTHON_FALLTHROUGH [[fallthrough]]
-    #elif __has_cpp_attribute(clang::fallthrough)
-      #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
-    #elif __has_cpp_attribute(gnu::fallthrough)
-      #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+  #if defined(__cplusplus)
+    /* for clang __has_cpp_attribute(fallthrough) is true even before C++17
+     * but leads to warnings with -pedantic, since it is a C++17 feature */
+    #if ((defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) || __cplusplus >= 201703L)
+      #if __has_cpp_attribute(fallthrough)
+        #define CYTHON_FALLTHROUGH [[fallthrough]]
+      #endif
+    #endif
+    #ifndef CYTHON_FALLTHROUGH
+      #if __has_cpp_attribute(clang::fallthrough)
+        #define CYTHON_FALLTHROUGH [[clang::fallthrough]]
+      #elif __has_cpp_attribute(gnu::fallthrough)
+        #define CYTHON_FALLTHROUGH [[gnu::fallthrough]]
+      #endif
     #endif
   #endif
   #ifndef CYTHON_FALLTHROUGH
@@ -343,14 +534,31 @@
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
-  #if defined(__clang__ ) && defined(__apple_build_version__)
+  #if defined(__clang__) && defined(__apple_build_version__)
     #if __apple_build_version__ < 7000000
       #undef  CYTHON_FALLTHROUGH
       #define CYTHON_FALLTHROUGH
     #endif
   #endif
 #endif
+#ifndef Py_UNREACHABLE
+  #define Py_UNREACHABLE()  assert(0); abort()
+#endif
+#ifdef __cplusplus
+  template <typename T>
+  struct __PYX_IS_UNSIGNED_IMPL {static const bool value = T(0) < T(-1);};
+  #define __PYX_IS_UNSIGNED(type) (__PYX_IS_UNSIGNED_IMPL<type>::value)
+#else
+  #define __PYX_IS_UNSIGNED(type) (((type)-1) > 0)
+#endif
+#if CYTHON_COMPILING_IN_PYPY == 1
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x030A0000)
+#else
+  #define __PYX_NEED_TP_PRINT_SLOT  (PY_VERSION_HEX >= 0x030800b4 && PY_VERSION_HEX < 0x03090000)
+#endif
+#define __PYX_REINTERPRET_FUNCION(func_pointer, other_pointer) ((func_pointer)(void(*)(void))(other_pointer))
 
+/* CInitCode */
 #ifndef CYTHON_INLINE
   #if defined(__clang__)
     #define CYTHON_INLINE __inline__ __attribute__ ((__unused__))
@@ -365,85 +573,72 @@
   #endif
 #endif
 
-#if CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x02070600 && !defined(Py_OptimizeFlag)
-  #define Py_OptimizeFlag 0
-#endif
+/* PythonCompatibility */
 #define __PYX_BUILD_PY_SSIZE_T "n"
 #define CYTHON_FORMAT_SSIZE_T "z"
-#if PY_MAJOR_VERSION < 3
-  #define __Pyx_BUILTIN_MODULE_NAME "__builtin__"
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a+k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
-  #define __Pyx_DefaultClassType PyClass_Type
-#else
-  #define __Pyx_BUILTIN_MODULE_NAME "builtins"
-  #define __Pyx_DefaultClassType PyType_Type
-#if PY_VERSION_HEX >= 0x030B00A1
-    static CYTHON_INLINE PyCodeObject* __Pyx_PyCode_New(int a, int k, int l, int s, int f,
-                                                    PyObject *code, PyObject *c, PyObject* n, PyObject *v,
-                                                    PyObject *fv, PyObject *cell, PyObject* fn,
-                                                    PyObject *name, int fline, PyObject *lnos) {
-        PyObject *kwds=NULL, *argcount=NULL, *posonlyargcount=NULL, *kwonlyargcount=NULL;
-        PyObject *nlocals=NULL, *stacksize=NULL, *flags=NULL, *replace=NULL, *call_result=NULL, *empty=NULL;
-        const char *fn_cstr=NULL;
-        const char *name_cstr=NULL;
-        PyCodeObject* co=NULL;
-        PyObject *type, *value, *traceback;
-        PyErr_Fetch(&type, &value, &traceback);
-        if (!(kwds=PyDict_New())) goto end;
-        if (!(argcount=PyLong_FromLong(a))) goto end;
-        if (PyDict_SetItemString(kwds, "co_argcount", argcount) != 0) goto end;
-        if (!(posonlyargcount=PyLong_FromLong(0))) goto end;
-        if (PyDict_SetItemString(kwds, "co_posonlyargcount", posonlyargcount) != 0) goto end;
-        if (!(kwonlyargcount=PyLong_FromLong(k))) goto end;
-        if (PyDict_SetItemString(kwds, "co_kwonlyargcount", kwonlyargcount) != 0) goto end;
-        if (!(nlocals=PyLong_FromLong(l))) goto end;
-        if (PyDict_SetItemString(kwds, "co_nlocals", nlocals) != 0) goto end;
-        if (!(stacksize=PyLong_FromLong(s))) goto end;
-        if (PyDict_SetItemString(kwds, "co_stacksize", stacksize) != 0) goto end;
-        if (!(flags=PyLong_FromLong(f))) goto end;
-        if (PyDict_SetItemString(kwds, "co_flags", flags) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_code", code) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_consts", c) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_names", n) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_varnames", v) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_freevars", fv) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_cellvars", cell) != 0) goto end;
-        if (PyDict_SetItemString(kwds, "co_linetable", lnos) != 0) goto end;
-        if (!(fn_cstr=PyUnicode_AsUTF8AndSize(fn, NULL))) goto end;
-        if (!(name_cstr=PyUnicode_AsUTF8AndSize(name, NULL))) goto end;
-        if (!(co = PyCode_NewEmpty(fn_cstr, name_cstr, fline))) goto end;
-        if (!(replace = PyObject_GetAttrString((PyObject*)co, "replace"))) goto cleanup_code_too;
-        if (!(empty = PyTuple_New(0))) goto cleanup_code_too; // unfortunately __pyx_empty_tuple isn't available here
-        if (!(call_result = PyObject_Call(replace, empty, kwds))) goto cleanup_code_too;
-        Py_XDECREF((PyObject*)co);
-        co = (PyCodeObject*)call_result;
-        call_result = NULL;
-        if (0) {
-            cleanup_code_too:
-            Py_XDECREF((PyObject*)co);
-            co = NULL;
-        }
-        end:
-        Py_XDECREF(kwds);
-        Py_XDECREF(argcount);
-        Py_XDECREF(posonlyargcount);
-        Py_XDECREF(kwonlyargcount);
-        Py_XDECREF(nlocals);
-        Py_XDECREF(stacksize);
-        Py_XDECREF(replace);
-        Py_XDECREF(call_result);
-        Py_XDECREF(empty);
-        if (type) {
-            PyErr_Restore(type, value, traceback);
-        }
-        return co;
-    }
+#define __Pyx_BUILTIN_MODULE_NAME "builtins"
+#define __Pyx_DefaultClassType PyType_Type
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #ifndef CO_OPTIMIZED
+    static int CO_OPTIMIZED;
+    #endif
+    #ifndef CO_NEWLOCALS
+    static int CO_NEWLOCALS;
+    #endif
+    #ifndef CO_VARARGS
+    static int CO_VARARGS;
+    #endif
+    #ifndef CO_VARKEYWORDS
+    static int CO_VARKEYWORDS;
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+    static int CO_ASYNC_GENERATOR;
+    #endif
+    #ifndef CO_GENERATOR
+    static int CO_GENERATOR;
+    #endif
+    #ifndef CO_COROUTINE
+    static int CO_COROUTINE;
+    #endif
 #else
-  #define __Pyx_PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
-          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+    #ifndef CO_COROUTINE
+      #define CO_COROUTINE 0x80
+    #endif
+    #ifndef CO_ASYNC_GENERATOR
+      #define CO_ASYNC_GENERATOR 0x200
+    #endif
+#endif
+static int __Pyx_init_co_variables(void);
+#if PY_VERSION_HEX >= 0x030900A4 || defined(Py_IS_TYPE)
+  #define __Pyx_IS_TYPE(ob, type) Py_IS_TYPE(ob, type)
+#else
+  #define __Pyx_IS_TYPE(ob, type) (((const PyObject*)ob)->ob_type == (type))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_Is)
+  #define __Pyx_Py_Is(x, y)  Py_Is(x, y)
+#else
+  #define __Pyx_Py_Is(x, y) ((x) == (y))
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsNone)
+  #define __Pyx_Py_IsNone(ob) Py_IsNone(ob)
+#else
+  #define __Pyx_Py_IsNone(ob) __Pyx_Py_Is((ob), Py_None)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsTrue)
+  #define __Pyx_Py_IsTrue(ob) Py_IsTrue(ob)
+#else
+  #define __Pyx_Py_IsTrue(ob) __Pyx_Py_Is((ob), Py_True)
+#endif
+#if PY_VERSION_HEX >= 0x030A00B1 || defined(Py_IsFalse)
+  #define __Pyx_Py_IsFalse(ob) Py_IsFalse(ob)
+#else
+  #define __Pyx_Py_IsFalse(ob) __Pyx_Py_Is((ob), Py_False)
 #endif
-  #define __Pyx_DefaultClassType PyType_Type
+#define __Pyx_NoneAsNull(obj)  (__Pyx_Py_IsNone(obj) ? NULL : (obj))
+#if PY_VERSION_HEX >= 0x030900F0 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx_PyObject_GC_IsFinalized(o) PyObject_GC_IsFinalized(o)
+#else
+  #define __Pyx_PyObject_GC_IsFinalized(o) _PyGC_FINALIZED(o)
 #endif
 #ifndef Py_TPFLAGS_CHECKTYPES
   #define Py_TPFLAGS_CHECKTYPES 0
@@ -457,10 +652,16 @@
 #ifndef Py_TPFLAGS_HAVE_FINALIZE
   #define Py_TPFLAGS_HAVE_FINALIZE 0
 #endif
+#ifndef Py_TPFLAGS_SEQUENCE
+  #define Py_TPFLAGS_SEQUENCE 0
+#endif
+#ifndef Py_TPFLAGS_MAPPING
+  #define Py_TPFLAGS_MAPPING 0
+#endif
 #ifndef METH_STACKLESS
   #define METH_STACKLESS 0
 #endif
-#if PY_VERSION_HEX <= 0x030700A3 || !defined(METH_FASTCALL)
+#ifndef METH_FASTCALL
   #ifndef METH_FASTCALL
      #define METH_FASTCALL 0x80
   #endif
@@ -468,126 +669,208 @@
   typedef PyObject *(*__Pyx_PyCFunctionFastWithKeywords) (PyObject *self, PyObject *const *args,
                                                           Py_ssize_t nargs, PyObject *kwnames);
 #else
-  #define __Pyx_PyCFunctionFast _PyCFunctionFast
-  #define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #if PY_VERSION_HEX >= 0x030d00A4
+  #  define __Pyx_PyCFunctionFast PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords PyCFunctionFastWithKeywords
+  #else
+  #  define __Pyx_PyCFunctionFast _PyCFunctionFast
+  #  define __Pyx_PyCFunctionFastWithKeywords _PyCFunctionFastWithKeywords
+  #endif
+#endif
+#if CYTHON_METH_FASTCALL
+  #define __Pyx_METH_FASTCALL METH_FASTCALL
+  #define __Pyx_PyCFunction_FastCall __Pyx_PyCFunctionFast
+  #define __Pyx_PyCFunction_FastCallWithKeywords __Pyx_PyCFunctionFastWithKeywords
+#else
+  #define __Pyx_METH_FASTCALL METH_VARARGS
+  #define __Pyx_PyCFunction_FastCall PyCFunction
+  #define __Pyx_PyCFunction_FastCallWithKeywords PyCFunctionWithKeywords
+#endif
+#if CYTHON_VECTORCALL
+  #define __pyx_vectorcallfunc vectorcallfunc
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  PY_VECTORCALL_ARGUMENTS_OFFSET
+  #define __Pyx_PyVectorcall_NARGS(n)  PyVectorcall_NARGS((size_t)(n))
+#elif CYTHON_BACKPORT_VECTORCALL
+  typedef PyObject *(*__pyx_vectorcallfunc)(PyObject *callable, PyObject *const *args,
+                                            size_t nargsf, PyObject *kwnames);
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  ((size_t)1 << (8 * sizeof(size_t) - 1))
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(((size_t)(n)) & ~__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET))
+#else
+  #define __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET  0
+  #define __Pyx_PyVectorcall_NARGS(n)  ((Py_ssize_t)(n))
+#endif
+#if PY_VERSION_HEX >= 0x030900B1
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_CheckExact(func)
+#else
+#define __Pyx_PyCFunction_CheckExact(func)  PyCFunction_Check(func)
+#endif
+#define __Pyx_CyOrPyCFunction_Check(func)  PyCFunction_Check(func)
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  (((PyCFunctionObject*)(func))->m_ml->ml_meth)
+#elif !CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyOrPyCFunction_GET_FUNCTION(func)  PyCFunction_GET_FUNCTION(func)
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON
+#define __Pyx_CyOrPyCFunction_GET_FLAGS(func)  (((PyCFunctionObject*)(func))->m_ml->ml_flags)
+static CYTHON_INLINE PyObject* __Pyx_CyOrPyCFunction_GET_SELF(PyObject *func) {
+    return (__Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_STATIC) ? NULL : ((PyCFunctionObject*)func)->m_self;
+}
+#endif
+static CYTHON_INLINE int __Pyx__IsSameCFunction(PyObject *func, void (*cfunc)(void)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    return PyCFunction_Check(func) && PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+#else
+    return PyCFunction_Check(func) && PyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
 #endif
-#if CYTHON_FAST_PYCCALL
-#define __Pyx_PyFastCFunction_Check(func)\
-    ((PyCFunction_Check(func) && (METH_FASTCALL == (PyCFunction_GET_FLAGS(func) & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)))))
+}
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCFunction(func, cfunc)
+#if __PYX_LIMITED_VERSION_HEX < 0x03090000
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  ((void)m, PyType_FromSpecWithBases(s, b))
+  typedef PyObject *(*__Pyx_PyCMethod)(PyObject *, PyTypeObject *, PyObject *const *, size_t, PyObject *);
 #else
-#define __Pyx_PyFastCFunction_Check(func) 0
+  #define __Pyx_PyType_FromModuleAndSpec(m, s, b)  PyType_FromModuleAndSpec(m, s, b)
+  #define __Pyx_PyCMethod  PyCMethod
+#endif
+#ifndef METH_METHOD
+  #define METH_METHOD 0x200
 #endif
 #if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Malloc)
   #define PyObject_Malloc(s)   PyMem_Malloc(s)
   #define PyObject_Free(p)     PyMem_Free(p)
   #define PyObject_Realloc(p)  PyMem_Realloc(p)
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030400A1
-  #define PyMem_RawMalloc(n)           PyMem_Malloc(n)
-  #define PyMem_RawRealloc(p, n)       PyMem_Realloc(p, n)
-  #define PyMem_RawFree(p)             PyMem_Free(p)
-#endif
-#if CYTHON_COMPILING_IN_PYSTON
-  #define __Pyx_PyCode_HasFreeVars(co)  PyCode_HasFreeVars(co)
-  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) PyFrame_SetLineNumber(frame, lineno)
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno)
+#elif CYTHON_COMPILING_IN_GRAAL
+  #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
+  #define __Pyx_PyFrame_SetLineNumber(frame, lineno) _PyFrame_SetLineNumber((frame), (lineno))
 #else
   #define __Pyx_PyCode_HasFreeVars(co)  (PyCode_GetNumFree(co) > 0)
   #define __Pyx_PyFrame_SetLineNumber(frame, lineno)  (frame)->f_lineno = (lineno)
 #endif
-#if !CYTHON_FAST_THREAD_STATE || PY_VERSION_HEX < 0x02070000
-  #define __Pyx_PyThreadState_Current PyThreadState_GET()
-#elif PY_VERSION_HEX >= 0x03060000
-  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
-#elif PY_VERSION_HEX >= 0x03000000
+#if CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_PyThreadState_Current PyThreadState_Get()
+#elif !CYTHON_FAST_THREAD_STATE
   #define __Pyx_PyThreadState_Current PyThreadState_GET()
+#elif PY_VERSION_HEX >= 0x030d00A1
+  #define __Pyx_PyThreadState_Current PyThreadState_GetUnchecked()
 #else
-  #define __Pyx_PyThreadState_Current _PyThreadState_Current
+  #define __Pyx_PyThreadState_Current _PyThreadState_UncheckedGet()
 #endif
-#if PY_VERSION_HEX < 0x030700A2 && !defined(PyThread_tss_create) && !defined(Py_tss_NEEDS_INIT)
-#include "pythread.h"
-#define Py_tss_NEEDS_INIT 0
-typedef int Py_tss_t;
-static CYTHON_INLINE int PyThread_tss_create(Py_tss_t *key) {
-  *key = PyThread_create_key();
-  return 0;
-}
-static CYTHON_INLINE Py_tss_t * PyThread_tss_alloc(void) {
-  Py_tss_t *key = (Py_tss_t *)PyObject_Malloc(sizeof(Py_tss_t));
-  *key = Py_tss_NEEDS_INIT;
-  return key;
-}
-static CYTHON_INLINE void PyThread_tss_free(Py_tss_t *key) {
-  PyObject_Free(key);
-}
-static CYTHON_INLINE int PyThread_tss_is_created(Py_tss_t *key) {
-  return *key != Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE void PyThread_tss_delete(Py_tss_t *key) {
-  PyThread_delete_key(*key);
-  *key = Py_tss_NEEDS_INIT;
-}
-static CYTHON_INLINE int PyThread_tss_set(Py_tss_t *key, void *value) {
-  return PyThread_set_key_value(*key, value);
-}
-static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
-  return PyThread_get_key_value(*key);
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_INLINE void *__Pyx__PyModule_GetState(PyObject *op)
+{
+    void *result;
+    result = PyModule_GetState(op);
+    if (!result)
+        Py_FatalError("Couldn't find the module state");
+    return result;
 }
+#define __Pyx_PyModule_GetState(o) (__pyx_mstatetype *)__Pyx__PyModule_GetState(o)
+#else
+#define __Pyx_PyModule_GetState(op) ((void)op,__pyx_mstate_global)
+#endif
+#define __Pyx_PyObject_GetSlot(obj, name, func_ctype)  __Pyx_PyType_GetSlot(Py_TYPE((PyObject *) obj), name, func_ctype)
+#define __Pyx_PyObject_TryGetSlot(obj, name, func_ctype) __Pyx_PyType_TryGetSlot(Py_TYPE(obj), name, func_ctype)
+#define __Pyx_PyObject_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#define __Pyx_PyObject_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSubSlot(Py_TYPE(obj), sub, name, func_ctype)
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((type)->name)
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype) __Pyx_PyType_GetSlot(type, name, func_ctype)
+  #define __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype) (((type)->sub) ? ((type)->sub->name) : NULL)
+  #define __Pyx_PyType_TryGetSubSlot(type, sub, name, func_ctype) __Pyx_PyType_GetSubSlot(type, sub, name, func_ctype)
+#else
+  #define __Pyx_PyType_GetSlot(type, name, func_ctype)  ((func_ctype) PyType_GetSlot((type), Py_##name))
+  #define __Pyx_PyType_TryGetSlot(type, name, func_ctype)\
+    ((__PYX_LIMITED_VERSION_HEX >= 0x030A0000 ||\
+     (PyType_GetFlags(type) & Py_TPFLAGS_HEAPTYPE) || __Pyx_get_runtime_version() >= 0x030A0000) ?\
+     __Pyx_PyType_GetSlot(type, name, func_ctype) : NULL)
+  #define __Pyx_PyType_GetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_GetSlot(obj, name, func_ctype)
+  #define __Pyx_PyType_TryGetSubSlot(obj, sub, name, func_ctype) __Pyx_PyType_TryGetSlot(obj, name, func_ctype)
 #endif
 #if CYTHON_COMPILING_IN_CPYTHON || defined(_PyDict_NewPresized)
 #define __Pyx_PyDict_NewPresized(n)  ((n <= 8) ? PyDict_New() : _PyDict_NewPresized(n))
 #else
 #define __Pyx_PyDict_NewPresized(n)  PyDict_New()
 #endif
-#if PY_MAJOR_VERSION >= 3 || CYTHON_FUTURE_DIVISION
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#define __Pyx_PyNumber_Divide(x,y)         PyNumber_TrueDivide(x,y)
+#define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceTrueDivide(x,y)
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_UNICODE_INTERNALS
+#define __Pyx_PyDict_GetItemStrWithError(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStr(PyObject *dict, PyObject *name) {
+    PyObject *res = __Pyx_PyDict_GetItemStrWithError(dict, name);
+    if (res == NULL) PyErr_Clear();
+    return res;
+}
+#elif !CYTHON_COMPILING_IN_PYPY || PYPY_VERSION_NUM >= 0x07020000
+#define __Pyx_PyDict_GetItemStrWithError  PyDict_GetItemWithError
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
 #else
-  #define __Pyx_PyNumber_Divide(x,y)         PyNumber_Divide(x,y)
-  #define __Pyx_PyNumber_InPlaceDivide(x,y)  PyNumber_InPlaceDivide(x,y)
+static CYTHON_INLINE PyObject * __Pyx_PyDict_GetItemStrWithError(PyObject *dict, PyObject *name) {
+#if CYTHON_COMPILING_IN_PYPY
+    return PyDict_GetItem(dict, name);
+#else
+    PyDictEntry *ep;
+    PyDictObject *mp = (PyDictObject*) dict;
+    long hash = ((PyStringObject *) name)->ob_shash;
+    assert(hash != -1);
+    ep = (mp->ma_lookup)(mp, name, hash);
+    if (ep == NULL) {
+        return NULL;
+    }
+    return ep->me_value;
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1 && CYTHON_USE_UNICODE_INTERNALS
-#define __Pyx_PyDict_GetItemStr(dict, name)  _PyDict_GetItem_KnownHash(dict, name, ((PyASCIIObject *) name)->hash)
+}
+#define __Pyx_PyDict_GetItemStr           PyDict_GetItem
+#endif
+#if CYTHON_USE_TYPE_SLOTS
+  #define __Pyx_PyType_GetFlags(tp)   (((PyTypeObject *)tp)->tp_flags)
+  #define __Pyx_PyType_HasFeature(type, feature)  ((__Pyx_PyType_GetFlags(type) & (feature)) != 0)
+#else
+  #define __Pyx_PyType_GetFlags(tp)   (PyType_GetFlags((PyTypeObject *)tp))
+  #define __Pyx_PyType_HasFeature(type, feature)  PyType_HasFeature(type, feature)
+#endif
+#define __Pyx_PyObject_GetIterNextFunc(iterator)  __Pyx_PyObject_GetSlot(iterator, tp_iternext, iternextfunc)
+#if CYTHON_USE_TYPE_SPECS && PY_VERSION_HEX >= 0x03080000
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  {\
+    PyTypeObject *type = Py_TYPE((PyObject*)obj);\
+    assert(__Pyx_PyType_HasFeature(type, Py_TPFLAGS_HEAPTYPE));\
+    PyObject_GC_Del(obj);\
+    Py_DECREF(type);\
+}
 #else
-#define __Pyx_PyDict_GetItemStr(dict, name)  PyDict_GetItem(dict, name)
+#define __Pyx_PyHeapTypeObject_GC_Del(obj)  PyObject_GC_Del(obj)
 #endif
-#if PY_VERSION_HEX > 0x03030000 && defined(PyUnicode_KIND)
-  #define CYTHON_PEP393_ENABLED 1
-  #if defined(PyUnicode_IS_READY)
-  #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
-                                              0 : _PyUnicode_Ready((PyObject *)(op)))
-  #else
+#if CYTHON_COMPILING_IN_LIMITED_API
   #define __Pyx_PyUnicode_READY(op)       (0)
+  #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_ReadChar(u, i)
+  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((void)u, 1114111U)
+  #define __Pyx_PyUnicode_KIND(u)         ((void)u, (0))
+  #define __Pyx_PyUnicode_DATA(u)         ((void*)u)
+  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)k, PyUnicode_ReadChar((PyObject*)(d), i))
+  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GetLength(u))
+#else
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_READY(op)       (0)
+  #else
+    #define __Pyx_PyUnicode_READY(op)       (likely(PyUnicode_IS_READY(op)) ?\
+                                                0 : _PyUnicode_Ready((PyObject *)(op)))
   #endif
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_LENGTH(u)
   #define __Pyx_PyUnicode_READ_CHAR(u, i) PyUnicode_READ_CHAR(u, i)
   #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   PyUnicode_MAX_CHAR_VALUE(u)
-  #define __Pyx_PyUnicode_KIND(u)         PyUnicode_KIND(u)
+  #define __Pyx_PyUnicode_KIND(u)         ((int)PyUnicode_KIND(u))
   #define __Pyx_PyUnicode_DATA(u)         PyUnicode_DATA(u)
   #define __Pyx_PyUnicode_READ(k, d, i)   PyUnicode_READ(k, d, i)
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, ch)
-  #if defined(PyUnicode_IS_READY) && defined(PyUnicode_GET_SIZE)
-  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  PyUnicode_WRITE(k, d, i, (Py_UCS4) ch)
+  #if PY_VERSION_HEX >= 0x030C0000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
   #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
-  #endif
-  #else
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_LENGTH(u))
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x03090000
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : ((PyCompactUnicodeObject *)(u))->wstr_length))
+    #else
+    #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != (likely(PyUnicode_IS_READY(u)) ? PyUnicode_GET_LENGTH(u) : PyUnicode_GET_SIZE(u)))
+    #endif
   #endif
-#else
-  #define CYTHON_PEP393_ENABLED 0
-  #define PyUnicode_1BYTE_KIND  1
-  #define PyUnicode_2BYTE_KIND  2
-  #define PyUnicode_4BYTE_KIND  4
-  #define __Pyx_PyUnicode_READY(op)       (0)
-  #define __Pyx_PyUnicode_GET_LENGTH(u)   PyUnicode_GET_SIZE(u)
-  #define __Pyx_PyUnicode_READ_CHAR(u, i) ((Py_UCS4)(PyUnicode_AS_UNICODE(u)[i]))
-  #define __Pyx_PyUnicode_MAX_CHAR_VALUE(u)   ((sizeof(Py_UNICODE) == 2) ? 65535 : 1114111)
-  #define __Pyx_PyUnicode_KIND(u)         (sizeof(Py_UNICODE))
-  #define __Pyx_PyUnicode_DATA(u)         ((void*)PyUnicode_AS_UNICODE(u))
-  #define __Pyx_PyUnicode_READ(k, d, i)   ((void)(k), (Py_UCS4)(((Py_UNICODE*)d)[i]))
-  #define __Pyx_PyUnicode_WRITE(k, d, i, ch)  (((void)(k)), ((Py_UNICODE*)d)[i] = ch)
-  #define __Pyx_PyUnicode_IS_TRUE(u)      (0 != PyUnicode_GET_SIZE(u))
 #endif
 #if CYTHON_COMPILING_IN_PYPY
   #define __Pyx_PyUnicode_Concat(a, b)      PyNumber_Add(a, b)
@@ -597,44 +880,29 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_PyUnicode_ConcatSafe(a, b)  ((unlikely((a) == Py_None) || unlikely((b) == Py_None)) ?\
       PyNumber_Add(a, b) : __Pyx_PyUnicode_Concat(a, b))
 #endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_Contains)
-  #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyByteArray_Check)
-  #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
-#endif
-#if CYTHON_COMPILING_IN_PYPY && !defined(PyObject_Format)
-  #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+#if CYTHON_COMPILING_IN_PYPY
+  #if !defined(PyUnicode_DecodeUnicodeEscape)
+    #define PyUnicode_DecodeUnicodeEscape(s, size, errors)  PyUnicode_Decode(s, size, "unicode_escape", errors)
+  #endif
+  #if !defined(PyUnicode_Contains)
+    #define PyUnicode_Contains(u, s)  PySequence_Contains(u, s)
+  #endif
+  #if !defined(PyByteArray_Check)
+    #define PyByteArray_Check(obj)  PyObject_TypeCheck(obj, &PyByteArray_Type)
+  #endif
+  #if !defined(PyObject_Format)
+    #define PyObject_Format(obj, fmt)  PyObject_CallMethod(obj, "__format__", "O", fmt)
+  #endif
 #endif
-#define __Pyx_PyString_FormatSafe(a, b)   ((unlikely((a) == Py_None || (PyString_Check(b) && !PyString_CheckExact(b)))) ? PyNumber_Remainder(a, b) : __Pyx_PyString_Format(a, b))
 #define __Pyx_PyUnicode_FormatSafe(a, b)  ((unlikely((a) == Py_None || (PyUnicode_Check(b) && !PyUnicode_CheckExact(b)))) ? PyNumber_Remainder(a, b) : PyUnicode_Format(a, b))
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyString_Format(a, b)  PyUnicode_Format(a, b)
-#else
-  #define __Pyx_PyString_Format(a, b)  PyString_Format(a, b)
-#endif
-#if PY_MAJOR_VERSION < 3 && !defined(PyObject_ASCII)
-  #define PyObject_ASCII(o)            PyObject_Repr(o)
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBaseString_Type            PyUnicode_Type
-  #define PyStringObject               PyUnicodeObject
-  #define PyString_Type                PyUnicode_Type
-  #define PyString_Check               PyUnicode_Check
-  #define PyString_CheckExact          PyUnicode_CheckExact
-#ifndef PyObject_Unicode
-  #define PyObject_Unicode             PyObject_Str
-#endif
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyBaseString_Check(obj) PyUnicode_Check(obj)
-  #define __Pyx_PyBaseString_CheckExact(obj) PyUnicode_CheckExact(obj)
+#if CYTHON_COMPILING_IN_CPYTHON
+  #define __Pyx_PySequence_ListKeepNew(obj)\
+    (likely(PyList_CheckExact(obj) && Py_REFCNT(obj) == 1) ? __Pyx_NewRef(obj) : PySequence_List(obj))
 #else
-  #define __Pyx_PyBaseString_Check(obj) (PyString_Check(obj) || PyUnicode_Check(obj))
-  #define __Pyx_PyBaseString_CheckExact(obj) (PyString_CheckExact(obj) || PyUnicode_CheckExact(obj))
+  #define __Pyx_PySequence_ListKeepNew(obj)  PySequence_List(obj)
 #endif
 #ifndef PySet_CheckExact
-  #define PySet_CheckExact(obj)        (Py_TYPE(obj) == &PySet_Type)
+  #define PySet_CheckExact(obj)        __Pyx_IS_TYPE(obj, &PySet_Type)
 #endif
 #if PY_VERSION_HEX >= 0x030900A4
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_SET_REFCNT(obj, refcnt)
@@ -643,80 +911,204 @@ static CYTHON_INLINE void * PyThread_tss_get(Py_tss_t *key) {
   #define __Pyx_SET_REFCNT(obj, refcnt) Py_REFCNT(obj) = (refcnt)
   #define __Pyx_SET_SIZE(obj, size) Py_SIZE(obj) = (size)
 #endif
+#if CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyList_GetItemRef(o, i) (likely((i) >= 0) ? PySequence_GetItem(o, i) : (PyErr_SetString(PyExc_IndexError, "list index out of range"), (PyObject*)NULL))
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) PySequence_ITEM(o, i)
+  #endif
+#elif CYTHON_COMPILING_IN_LIMITED_API || !CYTHON_ASSUME_SAFE_MACROS
+  #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    #define __Pyx_PyList_GetItemRef(o, i) PyList_GetItemRef(o, i)
+  #else
+    #define __Pyx_PyList_GetItemRef(o, i) __Pyx_XNewRef(PyList_GetItem(o, i))
+  #endif
+#else
+  #define __Pyx_PyList_GetItemRef(o, i) __Pyx_NewRef(PyList_GET_ITEM(o, i))
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyDict_GetItemRef(dict, key, result) PyDict_GetItemRef(dict, key, result)
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyObject_GetItem(dict, key);
+  if (*result == NULL) {
+    if (PyErr_ExceptionMatches(PyExc_KeyError)) {
+      PyErr_Clear();
+      return 0;
+    }
+    return -1;
+  }
+  return 1;
+}
+#else
+static CYTHON_INLINE int __Pyx_PyDict_GetItemRef(PyObject *dict, PyObject *key, PyObject **result) {
+  *result = PyDict_GetItemWithError(dict, key);
+  if (*result == NULL) {
+    return PyErr_Occurred() ? -1 : 0;
+  }
+  Py_INCREF(*result);
+  return 1;
+}
+#endif
+#if defined(CYTHON_DEBUG_VISIT_CONST) && CYTHON_DEBUG_VISIT_CONST
+  #define __Pyx_VISIT_CONST(obj)  Py_VISIT(obj)
+#else
+  #define __Pyx_VISIT_CONST(obj)
+#endif
 #if CYTHON_ASSUME_SAFE_MACROS
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_ITEM(o, i)
   #define __Pyx_PySequence_SIZE(seq)  Py_SIZE(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) (PyTuple_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GET_ITEM(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) (PyList_SET_ITEM(o, i, v), (0))
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GET_ITEM(o, i)
 #else
+  #define __Pyx_PySequence_ITEM(o, i) PySequence_GetItem(o, i)
   #define __Pyx_PySequence_SIZE(seq)  PySequence_Size(seq)
+  #define __Pyx_PyTuple_SET_ITEM(o, i, v) PyTuple_SetItem(o, i, v)
+  #define __Pyx_PyTuple_GET_ITEM(o, i) PyTuple_GetItem(o, i)
+  #define __Pyx_PyList_SET_ITEM(o, i, v) PyList_SetItem(o, i, v)
+  #define __Pyx_PyList_GET_ITEM(o, i) PyList_GetItem(o, i)
+#endif
+#if CYTHON_ASSUME_SAFE_SIZE
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_GET_SIZE(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_GET_SIZE(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_GET_SIZE(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_GET_SIZE(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_GET_SIZE(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GET_LENGTH(o)
+#else
+  #define __Pyx_PyTuple_GET_SIZE(o) PyTuple_Size(o)
+  #define __Pyx_PyList_GET_SIZE(o) PyList_Size(o)
+  #define __Pyx_PySet_GET_SIZE(o) PySet_Size(o)
+  #define __Pyx_PyBytes_GET_SIZE(o) PyBytes_Size(o)
+  #define __Pyx_PyByteArray_GET_SIZE(o) PyByteArray_Size(o)
+  #define __Pyx_PyUnicode_GET_LENGTH(o) PyUnicode_GetLength(o)
+#endif
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+  #define __Pyx_PyImport_AddModuleRef(name) PyImport_AddModuleRef(name)
+#else
+  static CYTHON_INLINE PyObject *__Pyx_PyImport_AddModuleRef(const char *name) {
+      PyObject *module = PyImport_AddModule(name);
+      Py_XINCREF(module);
+      return module;
+  }
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyIntObject                  PyLongObject
-  #define PyInt_Type                   PyLong_Type
-  #define PyInt_Check(op)              PyLong_Check(op)
-  #define PyInt_CheckExact(op)         PyLong_CheckExact(op)
-  #define PyInt_FromString             PyLong_FromString
-  #define PyInt_FromUnicode            PyLong_FromUnicode
-  #define PyInt_FromLong               PyLong_FromLong
-  #define PyInt_FromSize_t             PyLong_FromSize_t
-  #define PyInt_FromSsize_t            PyLong_FromSsize_t
-  #define PyInt_AsLong                 PyLong_AsLong
-  #define PyInt_AS_LONG                PyLong_AS_LONG
-  #define PyInt_AsSsize_t              PyLong_AsSsize_t
-  #define PyInt_AsUnsignedLongMask     PyLong_AsUnsignedLongMask
-  #define PyInt_AsUnsignedLongLongMask PyLong_AsUnsignedLongLongMask
-  #define PyNumber_Int                 PyNumber_Long
-#endif
-#if PY_MAJOR_VERSION >= 3
-  #define PyBoolObject                 PyLongObject
-#endif
-#if PY_MAJOR_VERSION >= 3 && CYTHON_COMPILING_IN_PYPY
-  #ifndef PyUnicode_InternFromString
-    #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
-  #endif
+#if CYTHON_COMPILING_IN_PYPY && !defined(PyUnicode_InternFromString)
+  #define PyUnicode_InternFromString(s) PyUnicode_FromString(s)
 #endif
-#if PY_VERSION_HEX < 0x030200A4
-  typedef long Py_hash_t;
-  #define __Pyx_PyInt_FromHash_t PyInt_FromLong
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsHash_t
+#define __Pyx_PyLong_FromHash_t PyLong_FromSsize_t
+#define __Pyx_PyLong_AsHash_t   __Pyx_PyIndex_AsSsize_t
+#if __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+    #define __Pyx_PySendResult PySendResult
 #else
-  #define __Pyx_PyInt_FromHash_t PyInt_FromSsize_t
-  #define __Pyx_PyInt_AsHash_t   __Pyx_PyIndex_AsSsize_t
+    typedef enum {
+        PYGEN_RETURN = 0,
+        PYGEN_ERROR = -1,
+        PYGEN_NEXT = 1,
+    } __Pyx_PySendResult;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX < 0x030A00A3
+  typedef __Pyx_PySendResult (*__Pyx_pyiter_sendfunc)(PyObject *iter, PyObject *value, PyObject **result);
+#else
+  #define __Pyx_pyiter_sendfunc sendfunc
 #endif
-#if PY_MAJOR_VERSION >= 3
-  #define __Pyx_PyMethod_New(func, self, klass) ((self) ? ((void)(klass), PyMethod_New(func, self)) : __Pyx_NewRef(func))
+#if !CYTHON_USE_AM_SEND
+#define __PYX_HAS_PY_AM_SEND 0
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030A0000
+#define __PYX_HAS_PY_AM_SEND 1
 #else
-  #define __Pyx_PyMethod_New(func, self, klass) PyMethod_New(func, self, klass)
+#define __PYX_HAS_PY_AM_SEND 2  // our own backported implementation
 #endif
-#if CYTHON_USE_ASYNC_SLOTS
-  #if PY_VERSION_HEX >= 0x030500B1
+#if __PYX_HAS_PY_AM_SEND < 2
     #define __Pyx_PyAsyncMethodsStruct PyAsyncMethods
-    #define __Pyx_PyType_AsAsync(obj) (Py_TYPE(obj)->tp_as_async)
-  #else
-    #define __Pyx_PyType_AsAsync(obj) ((__Pyx_PyAsyncMethodsStruct*) (Py_TYPE(obj)->tp_reserved))
-  #endif
 #else
-  #define __Pyx_PyType_AsAsync(obj) NULL
-#endif
-#ifndef __Pyx_PyAsyncMethodsStruct
     typedef struct {
         unaryfunc am_await;
         unaryfunc am_aiter;
         unaryfunc am_anext;
+        __Pyx_pyiter_sendfunc am_send;
     } __Pyx_PyAsyncMethodsStruct;
+    #define __Pyx_SlotTpAsAsync(s) ((PyAsyncMethods*)(s))
 #endif
-
-#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
-  #if !defined(_USE_MATH_DEFINES)
-    #define _USE_MATH_DEFINES
-  #endif
+#if CYTHON_USE_AM_SEND && PY_VERSION_HEX < 0x030A00F0
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (1UL << 21)
+#else
+    #define __Pyx_TPFLAGS_HAVE_AM_SEND (0)
 #endif
-#include <math.h>
-#ifdef NAN
-#define __PYX_NAN() ((float) NAN)
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyInterpreterState_Get() PyInterpreterState_Get()
 #else
-static CYTHON_INLINE float __PYX_NAN() {
-  float value;
-  memset(&value, 0xFF, sizeof(value));
-  return value;
+#define __Pyx_PyInterpreterState_Get() PyThreadState_Get()->interp
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030A0000
+#ifdef __cplusplus
+extern "C"
+#endif
+PyAPI_FUNC(void *) PyMem_Calloc(size_t nelem, size_t elsize);
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static int __Pyx_init_co_variable(PyObject *inspect, const char* name, int *write_to) {
+    int value;
+    PyObject *py_value = PyObject_GetAttrString(inspect, name);
+    if (!py_value) return 0;
+    value = (int) PyLong_AsLong(py_value);
+    Py_DECREF(py_value);
+    *write_to = value;
+    return value != -1 || !PyErr_Occurred();
+}
+static int __Pyx_init_co_variables(void) {
+    PyObject *inspect;
+    int result;
+    inspect = PyImport_ImportModule("inspect");
+    result =
+#if !defined(CO_OPTIMIZED)
+        __Pyx_init_co_variable(inspect, "CO_OPTIMIZED", &CO_OPTIMIZED) &&
+#endif
+#if !defined(CO_NEWLOCALS)
+        __Pyx_init_co_variable(inspect, "CO_NEWLOCALS", &CO_NEWLOCALS) &&
+#endif
+#if !defined(CO_VARARGS)
+        __Pyx_init_co_variable(inspect, "CO_VARARGS", &CO_VARARGS) &&
+#endif
+#if !defined(CO_VARKEYWORDS)
+        __Pyx_init_co_variable(inspect, "CO_VARKEYWORDS", &CO_VARKEYWORDS) &&
+#endif
+#if !defined(CO_ASYNC_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_ASYNC_GENERATOR", &CO_ASYNC_GENERATOR) &&
+#endif
+#if !defined(CO_GENERATOR)
+        __Pyx_init_co_variable(inspect, "CO_GENERATOR", &CO_GENERATOR) &&
+#endif
+#if !defined(CO_COROUTINE)
+        __Pyx_init_co_variable(inspect, "CO_COROUTINE", &CO_COROUTINE) &&
+#endif
+        1;
+    Py_DECREF(inspect);
+    return result ? 0 : -1;
+}
+#else
+static int __Pyx_init_co_variables(void) {
+    return 0;  // It's a limited API-only feature
+}
+#endif
+
+/* MathInitCode */
+#if defined(_WIN32) || defined(WIN32) || defined(MS_WINDOWS)
+  #ifndef _USE_MATH_DEFINES
+    #define _USE_MATH_DEFINES
+  #endif
+#endif
+#include <math.h>
+#ifdef NAN
+#define __PYX_NAN() ((float) NAN)
+#else
+static CYTHON_INLINE float __PYX_NAN() {
+  float value;
+  memset(&value, 0xFF, sizeof(value));
+  return value;
 }
 #endif
 #if defined(__CYGWIN__) && defined(_LDBL_EQ_DBL)
@@ -725,12 +1117,30 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define __Pyx_truncl truncl
 #endif
 
-#define __PYX_MARK_ERR_POS(f_index, lineno) \
-    { __pyx_filename = __pyx_f[f_index]; (void)__pyx_filename; __pyx_lineno = lineno; (void)__pyx_lineno; __pyx_clineno = __LINE__; (void)__pyx_clineno; }
+#ifndef CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#define CYTHON_CLINE_IN_TRACEBACK_RUNTIME 1
+#endif
+#ifndef CYTHON_CLINE_IN_TRACEBACK
+#define CYTHON_CLINE_IN_TRACEBACK CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+#endif
+#if CYTHON_CLINE_IN_TRACEBACK
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; __pyx_clineno = __LINE__; (void) __pyx_clineno; }
+#else
+#define __PYX_MARK_ERR_POS(f_index, lineno)  { __pyx_filename = __pyx_f[f_index]; (void) __pyx_filename; __pyx_lineno = lineno; (void) __pyx_lineno; (void) __pyx_clineno; }
+#endif
 #define __PYX_ERR(f_index, lineno, Ln_error) \
     { __PYX_MARK_ERR_POS(f_index, lineno) goto Ln_error; }
 
-#ifndef __PYX_EXTERN_C
+#ifdef CYTHON_EXTERN_C
+    #undef __PYX_EXTERN_C
+    #define __PYX_EXTERN_C CYTHON_EXTERN_C
+#elif defined(__PYX_EXTERN_C)
+    #ifdef _MSC_VER
+    #pragma message ("Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.")
+    #else
+    #warning Please do not define the '__PYX_EXTERN_C' macro externally. Use 'CYTHON_EXTERN_C' instead.
+    #endif
+#else
   #ifdef __cplusplus
     #define __PYX_EXTERN_C extern "C"
   #else
@@ -753,12 +1163,8 @@ static CYTHON_INLINE float __PYX_NAN() {
 #define CYTHON_WITHOUT_ASSERTIONS
 #endif
 
-typedef struct {PyObject **p; const char *s; const Py_ssize_t n; const char* encoding;
-                const char is_unicode; const char is_str; const char intern; } __Pyx_StringTabEntry;
-
 #define __PYX_DEFAULT_STRING_ENCODING_IS_ASCII 0
 #define __PYX_DEFAULT_STRING_ENCODING_IS_UTF8 0
-#define __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT (PY_MAJOR_VERSION >= 3 && __PYX_DEFAULT_STRING_ENCODING_IS_UTF8)
 #define __PYX_DEFAULT_STRING_ENCODING ""
 #define __Pyx_PyObject_FromString __Pyx_PyBytes_FromString
 #define __Pyx_PyObject_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
@@ -793,140 +1199,129 @@ static CYTHON_INLINE int __Pyx_is_valid_index(Py_ssize_t i, Py_ssize_t limit) {
 #else
     #define __Pyx_sst_abs(value) ((value<0) ? -value : value)
 #endif
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject*);
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject*, Py_ssize_t* length);
-#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char*);
 #define __Pyx_PyByteArray_FromStringAndSize(s, l) PyByteArray_FromStringAndSize((const char*)s, l)
 #define __Pyx_PyBytes_FromString        PyBytes_FromString
 #define __Pyx_PyBytes_FromStringAndSize PyBytes_FromStringAndSize
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char*);
-#if PY_MAJOR_VERSION < 3
-    #define __Pyx_PyStr_FromString        __Pyx_PyBytes_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyBytes_FromStringAndSize
-#else
-    #define __Pyx_PyStr_FromString        __Pyx_PyUnicode_FromString
-    #define __Pyx_PyStr_FromStringAndSize __Pyx_PyUnicode_FromStringAndSize
-#endif
-#define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
-#define __Pyx_PyObject_AsWritableString(s)    ((char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*) __Pyx_PyObject_AsString(s))
-#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*) __Pyx_PyObject_AsString(s))
+#if CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AS_STRING(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AS_STRING(s)
+#else
+    #define __Pyx_PyBytes_AsWritableString(s)     ((char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableSString(s)    ((signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsWritableUString(s)    ((unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsString(s)     ((const char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsSString(s)    ((const signed char*) PyBytes_AsString(s))
+    #define __Pyx_PyBytes_AsUString(s)    ((const unsigned char*) PyBytes_AsString(s))
+    #define __Pyx_PyByteArray_AsString(s) PyByteArray_AsString(s)
+#endif
+#define __Pyx_PyObject_AsWritableString(s)    ((char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableSString(s)    ((signed char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
+#define __Pyx_PyObject_AsWritableUString(s)    ((unsigned char*)(__pyx_uintptr_t) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsSString(s)    ((const signed char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_AsUString(s)    ((const unsigned char*) __Pyx_PyObject_AsString(s))
 #define __Pyx_PyObject_FromCString(s)  __Pyx_PyObject_FromString((const char*)s)
 #define __Pyx_PyBytes_FromCString(s)   __Pyx_PyBytes_FromString((const char*)s)
 #define __Pyx_PyByteArray_FromCString(s)   __Pyx_PyByteArray_FromString((const char*)s)
-#define __Pyx_PyStr_FromCString(s)     __Pyx_PyStr_FromString((const char*)s)
 #define __Pyx_PyUnicode_FromCString(s) __Pyx_PyUnicode_FromString((const char*)s)
-static CYTHON_INLINE size_t __Pyx_Py_UNICODE_strlen(const Py_UNICODE *u) {
-    const Py_UNICODE *u_end = u;
-    while (*u_end++) ;
-    return (size_t)(u_end - u - 1);
-}
-#define __Pyx_PyUnicode_FromUnicode(u)       PyUnicode_FromUnicode(u, __Pyx_Py_UNICODE_strlen(u))
-#define __Pyx_PyUnicode_FromUnicodeAndLength PyUnicode_FromUnicode
+#define __Pyx_PyUnicode_FromOrdinal(o)       PyUnicode_FromOrdinal((int)o)
 #define __Pyx_PyUnicode_AsUnicode            PyUnicode_AsUnicode
-#define __Pyx_NewRef(obj) (Py_INCREF(obj), obj)
-#define __Pyx_Owned_Py_None(b) __Pyx_NewRef(Py_None)
+static CYTHON_INLINE PyObject *__Pyx_NewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_NewRef)
+    return Py_NewRef(obj);
+#else
+    Py_INCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_XNewRef(PyObject *obj) {
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030a0000 || defined(Py_XNewRef)
+    return Py_XNewRef(obj);
+#else
+    Py_XINCREF(obj);
+    return obj;
+#endif
+}
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b);
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrue(PyObject*);
 static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject*);
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x);
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x);
 #define __Pyx_PySequence_Tuple(obj)\
     (likely(PyTuple_CheckExact(obj)) ? __Pyx_NewRef(obj) : PySequence_Tuple(obj))
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject*);
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t);
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject*);
 #if CYTHON_ASSUME_SAFE_MACROS
-#define __pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AsDouble(x) (PyFloat_CheckExact(x) ? PyFloat_AS_DOUBLE(x) : PyFloat_AsDouble(x))
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AS_DOUBLE(x)
 #else
-#define __pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AsDouble(x) PyFloat_AsDouble(x)
+#define __Pyx_PyFloat_AS_DOUBLE(x) PyFloat_AsDouble(x)
 #endif
-#define __pyx_PyFloat_AsFloat(x) ((float) __pyx_PyFloat_AsDouble(x))
-#if PY_MAJOR_VERSION >= 3
+#define __Pyx_PyFloat_AsFloat(x) ((float) __Pyx_PyFloat_AsDouble(x))
 #define __Pyx_PyNumber_Int(x) (PyLong_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Long(x))
-#else
-#define __Pyx_PyNumber_Int(x) (PyInt_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Int(x))
-#endif
-#define __Pyx_PyNumber_Float(x) (PyFloat_CheckExact(x) ? __Pyx_NewRef(x) : PyNumber_Float(x))
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-static int __Pyx_sys_getdefaultencoding_not_ascii;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    PyObject* ascii_chars_u = NULL;
-    PyObject* ascii_chars_b = NULL;
-    const char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    if (strcmp(default_encoding_c, "ascii") == 0) {
-        __Pyx_sys_getdefaultencoding_not_ascii = 0;
-    } else {
-        char ascii_chars[128];
-        int c;
-        for (c = 0; c < 128; c++) {
-            ascii_chars[c] = c;
-        }
-        __Pyx_sys_getdefaultencoding_not_ascii = 1;
-        ascii_chars_u = PyUnicode_DecodeASCII(ascii_chars, 128, NULL);
-        if (!ascii_chars_u) goto bad;
-        ascii_chars_b = PyUnicode_AsEncodedString(ascii_chars_u, default_encoding_c, NULL);
-        if (!ascii_chars_b || !PyBytes_Check(ascii_chars_b) || memcmp(ascii_chars, PyBytes_AS_STRING(ascii_chars_b), 128) != 0) {
-            PyErr_Format(
-                PyExc_ValueError,
-                "This module compiled with c_string_encoding=ascii, but default encoding '%.200s' is not a superset of ascii.",
-                default_encoding_c);
-            goto bad;
-        }
-        Py_DECREF(ascii_chars_u);
-        Py_DECREF(ascii_chars_b);
-    }
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    Py_XDECREF(ascii_chars_u);
-    Py_XDECREF(ascii_chars_b);
-    return -1;
-}
-#endif
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT && PY_MAJOR_VERSION >= 3
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
-#else
-#define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
-#if __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-static char* __PYX_DEFAULT_STRING_ENCODING;
-static int __Pyx_init_sys_getdefaultencoding_params(void) {
-    PyObject* sys;
-    PyObject* default_encoding = NULL;
-    char* default_encoding_c;
-    sys = PyImport_ImportModule("sys");
-    if (!sys) goto bad;
-    default_encoding = PyObject_CallMethod(sys, (char*) (const char*) "getdefaultencoding", NULL);
-    Py_DECREF(sys);
-    if (!default_encoding) goto bad;
-    default_encoding_c = PyBytes_AsString(default_encoding);
-    if (!default_encoding_c) goto bad;
-    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
-    if (!__PYX_DEFAULT_STRING_ENCODING) goto bad;
-    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
-    Py_DECREF(default_encoding);
-    return 0;
-bad:
-    Py_XDECREF(default_encoding);
-    return -1;
-}
+#if CYTHON_USE_PYLONG_INTERNALS
+  #if PY_VERSION_HEX >= 0x030C00A7
+  #ifndef _PyLong_SIGN_MASK
+    #define _PyLong_SIGN_MASK 3
+  #endif
+  #ifndef _PyLong_NON_SIZE_BITS
+    #define _PyLong_NON_SIZE_BITS 3
+  #endif
+  #define __Pyx_PyLong_Sign(x)  (((PyLongObject*)x)->long_value.lv_tag & _PyLong_SIGN_MASK)
+  #define __Pyx_PyLong_IsNeg(x)  ((__Pyx_PyLong_Sign(x) & 2) != 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (!__Pyx_PyLong_IsNeg(x))
+  #define __Pyx_PyLong_IsZero(x)  (__Pyx_PyLong_Sign(x) & 1)
+  #define __Pyx_PyLong_IsPos(x)  (__Pyx_PyLong_Sign(x) == 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  (__Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  ((Py_ssize_t) (((PyLongObject*)x)->long_value.lv_tag >> _PyLong_NON_SIZE_BITS))
+  #define __Pyx_PyLong_SignedDigitCount(x)\
+        ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * __Pyx_PyLong_DigitCount(x))
+  #if defined(PyUnstable_Long_IsCompact) && defined(PyUnstable_Long_CompactValue)
+    #define __Pyx_PyLong_IsCompact(x)     PyUnstable_Long_IsCompact((PyLongObject*) x)
+    #define __Pyx_PyLong_CompactValue(x)  PyUnstable_Long_CompactValue((PyLongObject*) x)
+  #else
+    #define __Pyx_PyLong_IsCompact(x)     (((PyLongObject*)x)->long_value.lv_tag < (2 << _PyLong_NON_SIZE_BITS))
+    #define __Pyx_PyLong_CompactValue(x)  ((1 - (Py_ssize_t) __Pyx_PyLong_Sign(x)) * (Py_ssize_t) __Pyx_PyLong_Digits(x)[0])
+  #endif
+  typedef Py_ssize_t  __Pyx_compact_pylong;
+  typedef size_t  __Pyx_compact_upylong;
+  #else
+  #define __Pyx_PyLong_IsNeg(x)  (Py_SIZE(x) < 0)
+  #define __Pyx_PyLong_IsNonNeg(x)  (Py_SIZE(x) >= 0)
+  #define __Pyx_PyLong_IsZero(x)  (Py_SIZE(x) == 0)
+  #define __Pyx_PyLong_IsPos(x)  (Py_SIZE(x) > 0)
+  #define __Pyx_PyLong_CompactValueUnsigned(x)  ((Py_SIZE(x) == 0) ? 0 : __Pyx_PyLong_Digits(x)[0])
+  #define __Pyx_PyLong_DigitCount(x)  __Pyx_sst_abs(Py_SIZE(x))
+  #define __Pyx_PyLong_SignedDigitCount(x)  Py_SIZE(x)
+  #define __Pyx_PyLong_IsCompact(x)  (Py_SIZE(x) == 0 || Py_SIZE(x) == 1 || Py_SIZE(x) == -1)
+  #define __Pyx_PyLong_CompactValue(x)\
+        ((Py_SIZE(x) == 0) ? (sdigit) 0 : ((Py_SIZE(x) < 0) ? -(sdigit)__Pyx_PyLong_Digits(x)[0] : (sdigit)__Pyx_PyLong_Digits(x)[0]))
+  typedef sdigit  __Pyx_compact_pylong;
+  typedef digit  __Pyx_compact_upylong;
+  #endif
+  #if PY_VERSION_HEX >= 0x030C00A5
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->long_value.ob_digit)
+  #else
+  #define __Pyx_PyLong_Digits(x)  (((PyLongObject*)x)->ob_digit)
+  #endif
 #endif
+#if __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeUTF8(c_str, size, NULL)
+#elif __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_DecodeASCII(c_str, size, NULL)
+#else
+  #define __Pyx_PyUnicode_FromStringAndSize(c_str, size) PyUnicode_Decode(c_str, size, __PYX_DEFAULT_STRING_ENCODING, NULL)
 #endif
 
 
@@ -938,24 +1333,38 @@ static int __Pyx_init_sys_getdefaultencoding_params(void) {
   #define likely(x)   (x)
   #define unlikely(x) (x)
 #endif /* __GNUC__ */
+/* PretendToInitialize */
+#ifdef __cplusplus
+#if __cplusplus > 201103L
+#include <type_traits>
+#endif
+template <typename T>
+static void __Pyx_pretend_to_initialize(T* ptr) {
+#if __cplusplus > 201103L
+    if ((std::is_trivially_default_constructible<T>::value))
+#endif
+        *ptr = T();
+    (void)ptr;
+}
+#else
 static CYTHON_INLINE void __Pyx_pretend_to_initialize(void* ptr) { (void)ptr; }
+#endif
 
+
+#if !CYTHON_USE_MODULE_STATE
 static PyObject *__pyx_m = NULL;
-static PyObject *__pyx_d;
-static PyObject *__pyx_b;
-static PyObject *__pyx_cython_runtime = NULL;
-static PyObject *__pyx_empty_tuple;
-static PyObject *__pyx_empty_bytes;
-static PyObject *__pyx_empty_unicode;
+#endif
 static int __pyx_lineno;
 static int __pyx_clineno = 0;
-static const char * __pyx_cfilenm= __FILE__;
+static const char * const __pyx_cfilenm = __FILE__;
 static const char *__pyx_filename;
 
+/* #### Code section: filename_table ### */
 
-static const char *__pyx_f[] = {
+static const char* const __pyx_f[] = {
   "ssh/utils.pyx",
 };
+/* #### Code section: utility_code_proto_before_types ### */
 /* NoFastGil.proto */
 #define __Pyx_PyGILState_Ensure PyGILState_Ensure
 #define __Pyx_PyGILState_Release PyGILState_Release
@@ -963,13 +1372,176 @@ static const char *__pyx_f[] = {
 #define __Pyx_FastGIL_Forget()
 #define __Pyx_FastGilFuncInit()
 
+/* Atomics.proto */
+#include <pythread.h>
+#ifndef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 1
+#endif
+#define __PYX_CYTHON_ATOMICS_ENABLED() CYTHON_ATOMICS
+#define __PYX_GET_CYTHON_COMPILING_IN_CPYTHON_FREETHREADING() CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __pyx_atomic_int_type int
+#define __pyx_nonatomic_int_type int
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__))
+    #include <stdatomic.h>
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)))
+    #include <atomic>
+#endif
+#if CYTHON_ATOMICS && (defined(__STDC_VERSION__) &&\
+                        (__STDC_VERSION__ >= 201112L) &&\
+                        !defined(__STDC_NO_ATOMICS__) &&\
+                       ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type atomic_int
+    #define __pyx_atomic_ptr_type atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) atomic_fetch_add_explicit(value, 1, memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) atomic_fetch_add_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) atomic_fetch_sub_explicit(value, 1, memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) atomic_load_explicit(value, memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) atomic_load_explicit(value, memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C atomics"
+    #endif
+#elif CYTHON_ATOMICS && (defined(__cplusplus) && (\
+                    (__cplusplus >= 201103L) ||\
+\
+                    (defined(_MSC_VER) && _MSC_VER >= 1700)) &&\
+                    ATOMIC_INT_LOCK_FREE == 2)
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type std::atomic_int
+    #define __pyx_atomic_ptr_type std::atomic_uintptr_t
+    #define __pyx_nonatomic_ptr_type uintptr_t
+    #define __pyx_atomic_incr_relaxed(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_relaxed)
+    #define __pyx_atomic_incr_acq_rel(value) std::atomic_fetch_add_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_decr_acq_rel(value) std::atomic_fetch_sub_explicit(value, 1, std::memory_order_acq_rel)
+    #define __pyx_atomic_sub(value, arg) std::atomic_fetch_sub(value, arg)
+    #define __pyx_atomic_int_cmp_exchange(value, expected, desired) std::atomic_compare_exchange_strong(value, expected, desired)
+    #define __pyx_atomic_load(value) std::atomic_load(value)
+    #define __pyx_atomic_store(value, new_value) std::atomic_store(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) std::atomic_load_explicit(value, std::memory_order_relaxed)
+    #define __pyx_atomic_pointer_load_acquire(value) std::atomic_load_explicit(value, std::memory_order_acquire)
+    #define __pyx_atomic_pointer_exchange(value, new_value) std::atomic_exchange(value, (__pyx_nonatomic_ptr_type)new_value)
+    #if defined(__PYX_DEBUG_ATOMICS) && defined(_MSC_VER)
+        #pragma message ("Using standard C++ atomics")
+    #elif defined(__PYX_DEBUG_ATOMICS)
+        #warning "Using standard C++ atomics"
+    #endif
+#elif CYTHON_ATOMICS && (__GNUC__ >= 5 || (__GNUC__ == 4 &&\
+                    (__GNUC_MINOR__ > 1 ||\
+                    (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ >= 2))))
+    #define __pyx_atomic_ptr_type void*
+    #define __pyx_atomic_incr_relaxed(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) __sync_fetch_and_add(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) __sync_fetch_and_sub(value, 1)
+    #define __pyx_atomic_sub(value, arg) __sync_fetch_and_sub(value, arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = __sync_val_compare_and_swap(value, *expected, desired);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_store(value, new_value) __sync_lock_test_and_set(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_load_acquire(value) __sync_fetch_and_add(value, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) __sync_lock_test_and_set(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Using GNU atomics"
+    #endif
+#elif CYTHON_ATOMICS && defined(_MSC_VER)
+    #include <intrin.h>
+    #undef __pyx_atomic_int_type
+    #define __pyx_atomic_int_type long
+    #define __pyx_atomic_ptr_type void*
+    #undef __pyx_nonatomic_int_type
+    #define __pyx_nonatomic_int_type long
+    #pragma intrinsic (_InterlockedExchangeAdd, _InterlockedExchange, _InterlockedCompareExchange, _InterlockedCompareExchangePointer, _InterlockedExchangePointer)
+    #define __pyx_atomic_incr_relaxed(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_incr_acq_rel(value) _InterlockedExchangeAdd(value, 1)
+    #define __pyx_atomic_decr_acq_rel(value) _InterlockedExchangeAdd(value, -1)
+    #define __pyx_atomic_sub(value, arg) _InterlockedExchangeAdd(value, -arg)
+    static CYTHON_INLINE int __pyx_atomic_int_cmp_exchange(__pyx_atomic_int_type* value, __pyx_nonatomic_int_type* expected, __pyx_nonatomic_int_type desired) {
+        __pyx_nonatomic_int_type old = _InterlockedCompareExchange(value, desired, *expected);
+        int result = old == *expected;
+        *expected = old;
+        return result;
+    }
+    #define __pyx_atomic_load(value) _InterlockedExchangeAdd(value, 0)
+    #define __pyx_atomic_store(value, new_value) _InterlockedExchange(value, new_value)
+    #define __pyx_atomic_pointer_load_relaxed(value) *(void * volatile *)value
+    #define __pyx_atomic_pointer_load_acquire(value) _InterlockedCompareExchangePointer(value, 0, 0)
+    #define __pyx_atomic_pointer_exchange(value, new_value) _InterlockedExchangePointer(value, (__pyx_atomic_ptr_type)new_value)
+    #ifdef __PYX_DEBUG_ATOMICS
+        #pragma message ("Using MSVC atomics")
+    #endif
+#else
+    #undef CYTHON_ATOMICS
+    #define CYTHON_ATOMICS 0
+    #ifdef __PYX_DEBUG_ATOMICS
+        #warning "Not using atomics"
+    #endif
+#endif
+#if CYTHON_ATOMICS
+    #define __pyx_add_acquisition_count(memview)\
+             __pyx_atomic_incr_relaxed(__pyx_get_slice_count_pointer(memview))
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_atomic_decr_acq_rel(__pyx_get_slice_count_pointer(memview))
+#else
+    #define __pyx_add_acquisition_count(memview)\
+            __pyx_add_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+    #define __pyx_sub_acquisition_count(memview)\
+            __pyx_sub_acquisition_count_locked(__pyx_get_slice_count_pointer(memview), memview->lock)
+#endif
+
+/* IncludeStructmemberH.proto */
+#include <structmember.h>
+
+/* CriticalSections.proto */
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+#define __Pyx_PyCriticalSection void*
+#define __Pyx_PyCriticalSection2 void*
+#define __Pyx_PyCriticalSection_Begin1(cs, arg) (void)cs
+#define __Pyx_PyCriticalSection_Begin2(cs, arg1, arg2) (void)cs
+#define __Pyx_PyCriticalSection_End1(cs)
+#define __Pyx_PyCriticalSection_End2(cs)
+#else
+#define __Pyx_PyCriticalSection PyCriticalSection
+#define __Pyx_PyCriticalSection2 PyCriticalSection2
+#define __Pyx_PyCriticalSection_Begin1 PyCriticalSection_Begin
+#define __Pyx_PyCriticalSection_Begin2 PyCriticalSection2_Begin
+#define __Pyx_PyCriticalSection_End1 PyCriticalSection_End
+#define __Pyx_PyCriticalSection_End2 PyCriticalSection2_End
+#endif
+#if PY_VERSION_HEX < 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_BEGIN_CRITICAL_SECTION(o) {
+#define __Pyx_END_CRITICAL_SECTION() }
+#else
+#define __Pyx_BEGIN_CRITICAL_SECTION Py_BEGIN_CRITICAL_SECTION
+#define __Pyx_END_CRITICAL_SECTION Py_END_CRITICAL_SECTION
+#endif
+
 /* ForceInitThreads.proto */
 #ifndef __PYX_FORCE_INIT_THREADS
   #define __PYX_FORCE_INIT_THREADS 0
 #endif
 
+/* #### Code section: numeric_typedefs ### */
+/* #### Code section: complex_type_declarations ### */
+/* #### Code section: type_declarations ### */
 
 /*--- Type declarations ---*/
+/* #### Code section: utility_code_proto ### */
 
 /* --- Runtime support code (head) --- */
 /* Refnanny.proto */
@@ -978,42 +1550,48 @@ static const char *__pyx_f[] = {
 #endif
 #if CYTHON_REFNANNY
   typedef struct {
-    void (*INCREF)(void*, PyObject*, int);
-    void (*DECREF)(void*, PyObject*, int);
-    void (*GOTREF)(void*, PyObject*, int);
-    void (*GIVEREF)(void*, PyObject*, int);
-    void* (*SetupContext)(const char*, int, const char*);
+    void (*INCREF)(void*, PyObject*, Py_ssize_t);
+    void (*DECREF)(void*, PyObject*, Py_ssize_t);
+    void (*GOTREF)(void*, PyObject*, Py_ssize_t);
+    void (*GIVEREF)(void*, PyObject*, Py_ssize_t);
+    void* (*SetupContext)(const char*, Py_ssize_t, const char*);
     void (*FinishContext)(void**);
   } __Pyx_RefNannyAPIStruct;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNanny = NULL;
   static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname);
   #define __Pyx_RefNannyDeclarations void *__pyx_refnanny = NULL;
-#ifdef WITH_THREAD
   #define __Pyx_RefNannySetupContext(name, acquire_gil)\
           if (acquire_gil) {\
               PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
               PyGILState_Release(__pyx_gilstate_save);\
           } else {\
-              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__);\
+              __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), (__LINE__), (__FILE__));\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
+          }
+  #define __Pyx_RefNannyFinishContextNogil() {\
+              PyGILState_STATE __pyx_gilstate_save = PyGILState_Ensure();\
+              __Pyx_RefNannyFinishContext();\
+              PyGILState_Release(__pyx_gilstate_save);\
           }
-#else
-  #define __Pyx_RefNannySetupContext(name, acquire_gil)\
-          __pyx_refnanny = __Pyx_RefNanny->SetupContext((name), __LINE__, __FILE__)
-#endif
   #define __Pyx_RefNannyFinishContext()\
           __Pyx_RefNanny->FinishContext(&__pyx_refnanny)
-  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), __LINE__)
-  #define __Pyx_XINCREF(r)  do { if((r) != NULL) {__Pyx_INCREF(r); }} while(0)
-  #define __Pyx_XDECREF(r)  do { if((r) != NULL) {__Pyx_DECREF(r); }} while(0)
-  #define __Pyx_XGOTREF(r)  do { if((r) != NULL) {__Pyx_GOTREF(r); }} while(0)
-  #define __Pyx_XGIVEREF(r) do { if((r) != NULL) {__Pyx_GIVEREF(r);}} while(0)
+  #define __Pyx_INCREF(r)  __Pyx_RefNanny->INCREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_DECREF(r)  __Pyx_RefNanny->DECREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GOTREF(r)  __Pyx_RefNanny->GOTREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_GIVEREF(r) __Pyx_RefNanny->GIVEREF(__pyx_refnanny, (PyObject *)(r), (__LINE__))
+  #define __Pyx_XINCREF(r)  do { if((r) == NULL); else {__Pyx_INCREF(r); }} while(0)
+  #define __Pyx_XDECREF(r)  do { if((r) == NULL); else {__Pyx_DECREF(r); }} while(0)
+  #define __Pyx_XGOTREF(r)  do { if((r) == NULL); else {__Pyx_GOTREF(r); }} while(0)
+  #define __Pyx_XGIVEREF(r) do { if((r) == NULL); else {__Pyx_GIVEREF(r);}} while(0)
 #else
   #define __Pyx_RefNannyDeclarations
   #define __Pyx_RefNannySetupContext(name, acquire_gil)
+  #define __Pyx_RefNannyFinishContextNogil()
   #define __Pyx_RefNannyFinishContext()
   #define __Pyx_INCREF(r) Py_INCREF(r)
   #define __Pyx_DECREF(r) Py_DECREF(r)
@@ -1024,6 +1602,10 @@ static const char *__pyx_f[] = {
   #define __Pyx_XGOTREF(r)
   #define __Pyx_XGIVEREF(r)
 #endif
+#define __Pyx_Py_XDECREF_SET(r, v) do {\
+        PyObject *tmp = (PyObject *) r;\
+        r = v; Py_XDECREF(tmp);\
+    } while (0)
 #define __Pyx_XDECREF_SET(r, v) do {\
         PyObject *tmp = (PyObject *) r;\
         r = v; __Pyx_XDECREF(tmp);\
@@ -1035,6 +1617,57 @@ static const char *__pyx_f[] = {
 #define __Pyx_CLEAR(r)    do { PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);} while(0)
 #define __Pyx_XCLEAR(r)   do { if((r) != NULL) {PyObject* tmp = ((PyObject*)(r)); r = NULL; __Pyx_DECREF(tmp);}} while(0)
 
+/* PyErrExceptionMatches.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_ExceptionMatches(err) __Pyx_PyErr_ExceptionMatchesInState(__pyx_tstate, err)
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err);
+#else
+#define __Pyx_PyErr_ExceptionMatches(err)  PyErr_ExceptionMatches(err)
+#endif
+
+/* PyThreadStateGet.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
+#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
+#if PY_VERSION_HEX >= 0x030C00A6
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->current_exception != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->current_exception ? (PyObject*) Py_TYPE(__pyx_tstate->current_exception) : (PyObject*) NULL)
+#else
+#define __Pyx_PyErr_Occurred()  (__pyx_tstate->curexc_type != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  (__pyx_tstate->curexc_type)
+#endif
+#else
+#define __Pyx_PyThreadState_declare
+#define __Pyx_PyThreadState_assign
+#define __Pyx_PyErr_Occurred()  (PyErr_Occurred() != NULL)
+#define __Pyx_PyErr_CurrentExceptionType()  PyErr_Occurred()
+#endif
+
+/* PyErrFetchRestore.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A6
+#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
+#else
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#endif
+#else
+#define __Pyx_PyErr_Clear() PyErr_Clear()
+#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
+#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#endif
+
 /* PyObjectGetAttrStr.proto */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name);
@@ -1042,9 +1675,15 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject
 #define __Pyx_PyObject_GetAttrStr(o,n) PyObject_GetAttr(o,n)
 #endif
 
+/* PyObjectGetAttrStrNoError.proto */
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name);
+
 /* GetBuiltinName.proto */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name);
 
+/* RaiseUnexpectedTypeError.proto */
+static int __Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj);
+
 /* PyDictVersioning.proto */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
 #define __PYX_DICT_VERSION_INIT  ((PY_UINT64_T) -1)
@@ -1073,18 +1712,18 @@ static CYTHON_INLINE int __Pyx_object_dict_version_matches(PyObject* obj, PY_UIN
 
 /* GetModuleGlobalName.proto */
 #if CYTHON_USE_DICT_VERSIONS
-#define __Pyx_GetModuleGlobalName(var, name)  {\
+#define __Pyx_GetModuleGlobalName(var, name)  do {\
     static PY_UINT64_T __pyx_dict_version = 0;\
     static PyObject *__pyx_dict_cached_value = NULL;\
-    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_d))) ?\
+    (var) = (likely(__pyx_dict_version == __PYX_GET_DICT_VERSION(__pyx_mstate_global->__pyx_d))) ?\
         (likely(__pyx_dict_cached_value) ? __Pyx_NewRef(__pyx_dict_cached_value) : __Pyx_GetBuiltinName(name)) :\
         __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
-#define __Pyx_GetModuleGlobalNameUncached(var, name)  {\
+} while(0)
+#define __Pyx_GetModuleGlobalNameUncached(var, name)  do {\
     PY_UINT64_T __pyx_dict_version;\
     PyObject *__pyx_dict_cached_value;\
     (var) = __Pyx__GetModuleGlobalName(name, &__pyx_dict_version, &__pyx_dict_cached_value);\
-}
+} while(0)
 static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_version, PyObject **dict_cached_value);
 #else
 #define __Pyx_GetModuleGlobalName(var, name)  (var) = __Pyx__GetModuleGlobalName(name)
@@ -1092,42 +1731,147 @@ static PyObject *__Pyx__GetModuleGlobalName(PyObject *name, PY_UINT64_T *dict_ve
 static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name);
 #endif
 
-/* PyCFunctionFastCall.proto */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject *__Pyx_PyCFunction_FastCall(PyObject *func, PyObject **args, Py_ssize_t nargs);
+/* PyObjectFastCallMethod.proto */
+#if CYTHON_VECTORCALL && PY_VERSION_HEX >= 0x03090000
+#define __Pyx_PyObject_FastCallMethod(name, args, nargsf) PyObject_VectorcallMethod(name, args, nargsf, NULL)
+#else
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf);
+#endif
+
+/* GetException.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_GetException(type, value, tb)  __Pyx__GetException(__pyx_tstate, type, value, tb)
+static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#else
+static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb);
+#endif
+
+/* SwapException.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_ExceptionSwap(type, value, tb)  __Pyx__ExceptionSwap(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#else
+static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb);
+#endif
+
+/* GetTopmostException.proto */
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
+static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
+#endif
+
+/* SaveResetException.proto */
+#if CYTHON_FAST_THREAD_STATE
+#define __Pyx_ExceptionSave(type, value, tb)  __Pyx__ExceptionSave(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+#define __Pyx_ExceptionReset(type, value, tb)  __Pyx__ExceptionReset(__pyx_tstate, type, value, tb)
+static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
+#else
+#define __Pyx_ExceptionSave(type, value, tb)   PyErr_GetExcInfo(type, value, tb)
+#define __Pyx_ExceptionReset(type, value, tb)  PyErr_SetExcInfo(type, value, tb)
+#endif
+
+/* TupleAndListFromArray.proto */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+#if CYTHON_COMPILING_IN_CPYTHON || CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject* __Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n);
+#endif
+
+/* IncludeStringH.proto */
+#include <string.h>
+
+/* BytesEquals.proto */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* UnicodeEquals.proto */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals);
+
+/* fastcall.proto */
+#if CYTHON_AVOID_BORROWED_REFS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_PySequence_ITEM(args, i)
+#elif CYTHON_ASSUME_SAFE_MACROS
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_NewRef(__Pyx_PyTuple_GET_ITEM(args, i))
+#else
+    #define __Pyx_ArgRef_VARARGS(args, i) __Pyx_XNewRef(PyTuple_GetItem(args, i))
+#endif
+#define __Pyx_NumKwargs_VARARGS(kwds) PyDict_Size(kwds)
+#define __Pyx_KwValues_VARARGS(args, nargs) NULL
+#define __Pyx_GetKwValue_VARARGS(kw, kwvalues, s) __Pyx_PyDict_GetItemStrWithError(kw, s)
+#define __Pyx_KwargsAsDict_VARARGS(kw, kwvalues) PyDict_Copy(kw)
+#if CYTHON_METH_FASTCALL
+    #define __Pyx_ArgRef_FASTCALL(args, i) __Pyx_NewRef(args[i])
+    #define __Pyx_NumKwargs_FASTCALL(kwds) __Pyx_PyTuple_GET_SIZE(kwds)
+    #define __Pyx_KwValues_FASTCALL(args, nargs) ((args) + (nargs))
+    static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s);
+  #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+    CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues);
+  #else
+    #define __Pyx_KwargsAsDict_FASTCALL(kw, kwvalues) _PyStack_AsDict(kwvalues, kw)
+  #endif
 #else
-#define __Pyx_PyCFunction_FastCall(func, args, nargs)  (assert(0), NULL)
+    #define __Pyx_ArgRef_FASTCALL __Pyx_ArgRef_VARARGS
+    #define __Pyx_NumKwargs_FASTCALL __Pyx_NumKwargs_VARARGS
+    #define __Pyx_KwValues_FASTCALL __Pyx_KwValues_VARARGS
+    #define __Pyx_GetKwValue_FASTCALL __Pyx_GetKwValue_VARARGS
+    #define __Pyx_KwargsAsDict_FASTCALL __Pyx_KwargsAsDict_VARARGS
+#endif
+#define __Pyx_ArgsSlice_VARARGS(args, start, stop) PyTuple_GetSlice(args, start, stop)
+#if CYTHON_METH_FASTCALL || (CYTHON_COMPILING_IN_CPYTHON && CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) __Pyx_PyTuple_FromArray(args + start, stop - start)
+#else
+#define __Pyx_ArgsSlice_FASTCALL(args, start, stop) PyTuple_GetSlice(args, start, stop)
 #endif
 
+/* RaiseDoubleKeywords.proto */
+static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
+
+/* ParseKeywords.proto */
+static CYTHON_INLINE int __Pyx_ParseKeywords(
+    PyObject *kwds, PyObject *const *kwvalues, PyObject ** const argnames[],
+    PyObject *kwds2, PyObject *values[],
+    Py_ssize_t num_pos_args, Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs
+);
+
+/* CallCFunction.proto */
+#define __Pyx_CallCFunction(cfunc, self, args)\
+    ((PyCFunction)(void(*)(void))(cfunc)->func)(self, args)
+#define __Pyx_CallCFunctionWithKeywords(cfunc, self, args, kwargs)\
+    ((PyCFunctionWithKeywords)(void(*)(void))(cfunc)->func)(self, args, kwargs)
+#define __Pyx_CallCFunctionFast(cfunc, self, args, nargs)\
+    ((__Pyx_PyCFunctionFast)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs)
+#define __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, nargs, kwnames)\
+    ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))(PyCFunction)(cfunc)->func)(self, args, nargs, kwnames)
+
 /* PyFunctionFastCall.proto */
 #if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
 #define __Pyx_PyFunction_FastCall(func, args, nargs)\
     __Pyx_PyFunction_FastCallDict((func), (args), (nargs), NULL)
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs);
-#else
-#define __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs) _PyFunction_FastCallDict(func, args, nargs, kwargs)
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs);
 #endif
 #define __Pyx_BUILD_ASSERT_EXPR(cond)\
     (sizeof(char [1 - 2*!(cond)]) - 1)
 #ifndef Py_MEMBER_SIZE
 #define Py_MEMBER_SIZE(type, member) sizeof(((type *)0)->member)
 #endif
-#if CYTHON_FAST_PYCALL
+#if !CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03080000
+  #include "frameobject.h"
+  #define __Pxy_PyFrame_Initialize_Offsets()
+  #define __Pyx_PyFrame_GetLocalsplus(frame)  ((frame)->f_localsplus)
+#else
   static size_t __pyx_pyframe_localsplus_offset = 0;
   #include "frameobject.h"
-#if PY_VERSION_HEX >= 0x030b00a6
-  #ifndef Py_BUILD_CORE
-    #define Py_BUILD_CORE 1
-  #endif
-  #include "internal/pycore_frame.h"
-#endif
   #define __Pxy_PyFrame_Initialize_Offsets()\
     ((void)__Pyx_BUILD_ASSERT_EXPR(sizeof(PyFrameObject) == offsetof(PyFrameObject, f_localsplus) + Py_MEMBER_SIZE(PyFrameObject, f_localsplus)),\
      (void)(__pyx_pyframe_localsplus_offset = ((size_t)PyFrame_Type.tp_basicsize) - Py_MEMBER_SIZE(PyFrameObject, f_localsplus)))
   #define __Pyx_PyFrame_GetLocalsplus(frame)\
     (assert(__pyx_pyframe_localsplus_offset), (PyObject **)(((char *)(frame)) + __pyx_pyframe_localsplus_offset))
-#endif // CYTHON_FAST_PYCALL
+#endif
+#endif
 #endif
 
 /* PyObjectCall.proto */
@@ -1137,201 +1881,402 @@ static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg
 #define __Pyx_PyObject_Call(func, arg, kw) PyObject_Call(func, arg, kw)
 #endif
 
-/* PyObjectCall2Args.proto */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2);
-
 /* PyObjectCallMethO.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg);
 #endif
 
-/* PyObjectCallOneArg.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg);
-
-/* IncludeStringH.proto */
-#include <string.h>
+/* PyObjectFastCall.proto */
+#define __Pyx_PyObject_FastCall(func, args, nargs)  __Pyx_PyObject_FastCallDict(func, args, (size_t)(nargs), NULL)
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs);
 
-/* PyThreadStateGet.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyThreadState_declare  PyThreadState *__pyx_tstate;
-#define __Pyx_PyThreadState_assign  __pyx_tstate = __Pyx_PyThreadState_Current;
-#define __Pyx_PyErr_Occurred()  __pyx_tstate->curexc_type
+/* UnpackUnboundCMethod.proto */
+typedef struct {
+    PyObject *type;
+    PyObject **method_name;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && CYTHON_ATOMICS
+    __pyx_atomic_int_type initialized;
+#endif
+    PyCFunction func;
+    PyObject *method;
+    int flag;
+} __Pyx_CachedCFunction;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+static CYTHON_INLINE int __Pyx_CachedCFunction_GetAndSetInitializing(__Pyx_CachedCFunction *cfunc) {
+#if !CYTHON_ATOMICS
+    return 1;
 #else
-#define __Pyx_PyThreadState_declare
-#define __Pyx_PyThreadState_assign
-#define __Pyx_PyErr_Occurred()  PyErr_Occurred()
+    __pyx_nonatomic_int_type expected = 0;
+    if (__pyx_atomic_int_cmp_exchange(&cfunc->initialized, &expected, 1)) {
+        return 0;
+    }
+    return expected;
 #endif
-
-/* PyErrFetchRestore.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_PyErr_Clear() __Pyx_ErrRestore(NULL, NULL, NULL)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  __Pyx_ErrRestoreInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)    __Pyx_ErrFetchInState(PyThreadState_GET(), type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  __Pyx_ErrRestoreInState(__pyx_tstate, type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)    __Pyx_ErrFetchInState(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#if CYTHON_COMPILING_IN_CPYTHON
-#define __Pyx_PyErr_SetNone(exc) (Py_INCREF(exc), __Pyx_ErrRestore((exc), NULL, NULL))
-#else
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
+}
+static CYTHON_INLINE void __Pyx_CachedCFunction_SetFinishedInitializing(__Pyx_CachedCFunction *cfunc) {
+#if CYTHON_ATOMICS
+    __pyx_atomic_store(&cfunc->initialized, 2);
 #endif
+}
 #else
-#define __Pyx_PyErr_Clear() PyErr_Clear()
-#define __Pyx_PyErr_SetNone(exc) PyErr_SetNone(exc)
-#define __Pyx_ErrRestoreWithState(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchWithState(type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestoreInState(tstate, type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetchInState(tstate, type, value, tb)  PyErr_Fetch(type, value, tb)
-#define __Pyx_ErrRestore(type, value, tb)  PyErr_Restore(type, value, tb)
-#define __Pyx_ErrFetch(type, value, tb)  PyErr_Fetch(type, value, tb)
+#define __Pyx_CachedCFunction_GetAndSetInitializing(cfunc) 2
+#define __Pyx_CachedCFunction_SetFinishedInitializing(cfunc)
 #endif
 
-/* GetException.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_GetException(type, value, tb)  __Pyx__GetException(__pyx_tstate, type, value, tb)
-static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
+/* CallUnboundCMethod2.proto */
+CYTHON_UNUSED
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2);
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2);
 #else
-static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb);
-#endif
-
-/* SwapException.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_ExceptionSwap(type, value, tb)  __Pyx__ExceptionSwap(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#else
-static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value, PyObject **tb);
-#endif
-
-/* GetTopmostException.proto */
-#if CYTHON_USE_EXC_INFO_STACK
-static _PyErr_StackItem * __Pyx_PyErr_GetTopmostException(PyThreadState *tstate);
-#endif
-
-/* SaveResetException.proto */
-#if CYTHON_FAST_THREAD_STATE
-#define __Pyx_ExceptionSave(type, value, tb)  __Pyx__ExceptionSave(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb);
-#define __Pyx_ExceptionReset(type, value, tb)  __Pyx__ExceptionReset(__pyx_tstate, type, value, tb)
-static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb);
-#else
-#define __Pyx_ExceptionSave(type, value, tb)   PyErr_GetExcInfo(type, value, tb)
-#define __Pyx_ExceptionReset(type, value, tb)  PyErr_SetExcInfo(type, value, tb)
+#define __Pyx_CallUnboundCMethod2(cfunc, self, arg1, arg2)  __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2)
 #endif
 
 /* RaiseArgTupleInvalid.proto */
 static void __Pyx_RaiseArgtupleInvalid(const char* func_name, int exact,
     Py_ssize_t num_min, Py_ssize_t num_max, Py_ssize_t num_found);
 
-/* RaiseDoubleKeywords.proto */
-static void __Pyx_RaiseDoubleKeywordsError(const char* func_name, PyObject* kw_name);
-
-/* ParseKeywords.proto */
-static int __Pyx_ParseOptionalKeywords(PyObject *kwds, PyObject **argnames[],\
-    PyObject *kwds2, PyObject *values[], Py_ssize_t num_pos_args,\
-    const char* function_name);
-
-/* PyObjectCallNoArg.proto */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func);
-#else
-#define __Pyx_PyObject_CallNoArg(func) __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL)
-#endif
-
 /* RaiseException.proto */
 static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause);
 
+/* ListPack.proto */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...);
+
 /* Import.proto */
 static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level);
 
 /* ImportFrom.proto */
 static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name);
 
-/* CLineInTraceback.proto */
-#ifdef CYTHON_CLINE_IN_TRACEBACK
-#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
+/* LimitedApiGetTypeDict.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp);
+#endif
+
+/* SetItemOnTypeDict.proto */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v);
+#define __Pyx_SetItemOnTypeDict(tp, k, v) __Pyx__SetItemOnTypeDict((PyTypeObject*)tp, k, v)
+
+/* FixUpExtensionType.proto */
+static CYTHON_INLINE int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type);
+
+/* FetchSharedCythonModule.proto */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void);
+
+/* dict_setdefault.proto */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value, int is_safe_type);
+
+/* FetchCommonType.proto */
+static PyTypeObject* __Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases);
+
+/* CommonTypesMetaclass.proto */
+static int __pyx_CommonTypesMetaclass_init(PyObject *module);
+#define __Pyx_CommonTypesMetaclass_USED
+
+/* CallTypeTraverse.proto */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#define __Pyx_call_type_traverse(o, always_call, visit, arg) 0
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg);
+#endif
+
+/* PyMethodNew.proto */
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ);
+
+/* PyVectorcallFastCallDict.proto */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw);
+#endif
+
+/* CythonFunctionShared.proto */
+#define __Pyx_CyFunction_USED
+#define __Pyx_CYFUNCTION_STATICMETHOD  0x01
+#define __Pyx_CYFUNCTION_CLASSMETHOD   0x02
+#define __Pyx_CYFUNCTION_CCLASS        0x04
+#define __Pyx_CYFUNCTION_COROUTINE     0x08
+#define __Pyx_CyFunction_GetClosure(f)\
+    (((__pyx_CyFunctionObject *) (f))->func_closure)
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      (((__pyx_CyFunctionObject *) (f))->func_classobj)
+#else
+  #define __Pyx_CyFunction_GetClassObj(f)\
+      ((PyObject*) ((PyCMethodObject *) (f))->mm_class)
+#endif
+#define __Pyx_CyFunction_SetClassObj(f, classobj)\
+    __Pyx__CyFunction_SetClassObj((__pyx_CyFunctionObject *) (f), (classobj))
+#define __Pyx_CyFunction_Defaults(type, f)\
+    ((type *)(((__pyx_CyFunctionObject *) (f))->defaults))
+#define __Pyx_CyFunction_SetDefaultsGetter(f, g)\
+    ((__pyx_CyFunctionObject *) (f))->defaults_getter = (g)
+typedef struct {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject_HEAD
+    PyObject *func;
+#elif PY_VERSION_HEX < 0x030900B1
+    PyCFunctionObject func;
+#else
+    PyCMethodObject func;
+#endif
+#if CYTHON_BACKPORT_VECTORCALL ||\
+        (CYTHON_COMPILING_IN_LIMITED_API && CYTHON_METH_FASTCALL)
+    __pyx_vectorcallfunc func_vectorcall;
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_weakreflist;
+#endif
+    PyObject *func_dict;
+    PyObject *func_name;
+    PyObject *func_qualname;
+    PyObject *func_doc;
+    PyObject *func_globals;
+    PyObject *func_code;
+    PyObject *func_closure;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *func_classobj;
+#endif
+    PyObject *defaults;
+    int flags;
+    PyObject *defaults_tuple;
+    PyObject *defaults_kwdict;
+    PyObject *(*defaults_getter)(PyObject *);
+    PyObject *func_annotations;
+    PyObject *func_is_coroutine;
+} __pyx_CyFunctionObject;
+#undef __Pyx_CyOrPyCFunction_Check
+#define __Pyx_CyFunction_Check(obj)  __Pyx_TypeCheck(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+#define __Pyx_CyOrPyCFunction_Check(obj)  __Pyx_TypeCheck2(obj, __pyx_mstate_global->__pyx_CyFunctionType, &PyCFunction_Type)
+#define __Pyx_CyFunction_CheckExact(obj)  __Pyx_IS_TYPE(obj, __pyx_mstate_global->__pyx_CyFunctionType)
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void));
+#undef __Pyx_IsSameCFunction
+#define __Pyx_IsSameCFunction(func, cfunc)   __Pyx__IsSameCyOrCFunction(func, cfunc)
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject* op, PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj);
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func,
+                                                         PyTypeObject *defaults_type);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *m,
+                                                            PyObject *tuple);
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *m,
+                                                             PyObject *dict);
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *m,
+                                                              PyObject *dict);
+static int __pyx_CyFunction_init(PyObject *module);
+#if CYTHON_METH_FASTCALL
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames);
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_func_vectorcall(f) (((__pyx_CyFunctionObject*)f)->func_vectorcall)
 #else
+#define __Pyx_CyFunction_func_vectorcall(f) (((PyCFunctionObject*)f)->vectorcall)
+#endif
+#endif
+
+/* CythonFunction.proto */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml,
+                                      int flags, PyObject* qualname,
+                                      PyObject *closure,
+                                      PyObject *module, PyObject *globals,
+                                      PyObject* code);
+
+/* CLineInTraceback.proto */
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
 static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line);
+#else
+#define __Pyx_CLineForTraceback(tstate, c_line)  (((CYTHON_CLINE_IN_TRACEBACK)) ? c_line : 0)
 #endif
 
 /* CodeObjectCache.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject __Pyx_CachedCodeObjectType;
+#else
+typedef PyCodeObject __Pyx_CachedCodeObjectType;
+#endif
 typedef struct {
-    PyCodeObject* code_object;
+    __Pyx_CachedCodeObjectType* code_object;
     int code_line;
 } __Pyx_CodeObjectCacheEntry;
 struct __Pyx_CodeObjectCache {
     int count;
     int max_count;
     __Pyx_CodeObjectCacheEntry* entries;
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_int_type accessor_count;
+  #endif
 };
-static struct __Pyx_CodeObjectCache __pyx_code_cache = {0,0,NULL};
 static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int count, int code_line);
-static PyCodeObject *__pyx_find_code_object(int code_line);
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object);
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line);
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object);
 
 /* AddTraceback.proto */
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
                                int py_line, const char *filename);
 
 /* GCCDiagnostics.proto */
-#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
+#if !defined(__INTEL_COMPILER) && defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
 #define __Pyx_HAS_GCC_DIAGNOSTIC
 #endif
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *);
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *);
+
+/* PyObjectVectorCallKwBuilder.proto */
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#if CYTHON_VECTORCALL
+#if PY_VERSION_HEX >= 0x03090000
+#define __Pyx_Object_Vectorcall_CallFromBuilder PyObject_Vectorcall
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder _PyObject_Vectorcall
+#endif
+#define __Pyx_MakeVectorcallBuilderKwds(n) PyTuple_New(n)
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n);
+#else
+#define __Pyx_Object_Vectorcall_CallFromBuilder __Pyx_PyObject_FastCallDict
+#define __Pyx_MakeVectorcallBuilderKwds(n) __Pyx_PyDict_NewPresized(n)
+#define __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n) PyDict_SetItem(builder, key, value)
+#define __Pyx_VectorcallBuilder_AddArgStr(key, value, builder, args, n) PyDict_SetItemString(builder, key, value)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value);
+
+/* FormatTypeName.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+typedef PyObject *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%U"
+#define __Pyx_DECREF_TypeName(obj) Py_XDECREF(obj)
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+#define __Pyx_PyType_GetFullyQualifiedName PyType_GetFullyQualifiedName
+#else
+static __Pyx_TypeName __Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp);
+#endif
+#else  // !LIMITED_API
+typedef const char *__Pyx_TypeName;
+#define __Pyx_FMT_TYPENAME "%.200s"
+#define __Pyx_PyType_GetFullyQualifiedName(tp) ((tp)->tp_name)
+#define __Pyx_DECREF_TypeName(obj)
+#endif
 
 /* CIntToPy.proto */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value);
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value);
 
 /* CIntFromPy.proto */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *);
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *);
 
 /* FastTypeChecks.proto */
 #if CYTHON_COMPILING_IN_CPYTHON
 #define __Pyx_TypeCheck(obj, type) __Pyx_IsSubtype(Py_TYPE(obj), (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) __Pyx_IsAnySubtype2(Py_TYPE(obj), (PyTypeObject *)type1, (PyTypeObject *)type2)
 static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b);
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches(PyObject *err, PyObject *type);
 static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2);
 #else
 #define __Pyx_TypeCheck(obj, type) PyObject_TypeCheck(obj, (PyTypeObject *)type)
+#define __Pyx_TypeCheck2(obj, type1, type2) (PyObject_TypeCheck(obj, (PyTypeObject *)type1) || PyObject_TypeCheck(obj, (PyTypeObject *)type2))
 #define __Pyx_PyErr_GivenExceptionMatches(err, type) PyErr_GivenExceptionMatches(err, type)
-#define __Pyx_PyErr_GivenExceptionMatches2(err, type1, type2) (PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2))
+static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObject *type1, PyObject *type2) {
+    return PyErr_GivenExceptionMatches(err, type1) || PyErr_GivenExceptionMatches(err, type2);
+}
 #endif
+#define __Pyx_PyErr_ExceptionMatches2(err1, err2)  __Pyx_PyErr_GivenExceptionMatches2(__Pyx_PyErr_CurrentExceptionType(), err1, err2)
 #define __Pyx_PyException_Check(obj) __Pyx_TypeCheck(obj, PyExc_Exception)
+#ifdef PyExceptionInstance_Check
+  #define __Pyx_PyBaseException_Check(obj) PyExceptionInstance_Check(obj)
+#else
+  #define __Pyx_PyBaseException_Check(obj) __Pyx_TypeCheck(obj, PyExc_BaseException)
+#endif
+
+/* GetRuntimeVersion.proto */
+static unsigned long __Pyx_get_runtime_version(void);
 
 /* CheckBinaryVersion.proto */
-static int __Pyx_check_binary_version(void);
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer);
 
 /* FunctionExport.proto */
 static int __Pyx_ExportFunction(const char *name, void (*f)(void), const char *sig);
 
-/* InitStrings.proto */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t);
+/* MultiPhaseInitModuleState.proto */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+static PyObject *__Pyx_State_FindModule(void*);
+static int __Pyx_State_AddModule(PyObject* module, void*);
+static int __Pyx_State_RemoveModule(void*);
+#elif CYTHON_USE_MODULE_STATE
+#define __Pyx_State_FindModule PyState_FindModule
+#define __Pyx_State_AddModule PyState_AddModule
+#define __Pyx_State_RemoveModule PyState_RemoveModule
+#endif
+
+/* #### Code section: module_declarations ### */
+/* CythonABIVersion.proto */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    #if CYTHON_METH_FASTCALL
+        #define __PYX_FASTCALL_ABI_SUFFIX  "_fastcall"
+    #else
+        #define __PYX_FASTCALL_ABI_SUFFIX
+    #endif
+    #define __PYX_LIMITED_ABI_SUFFIX "limited" __PYX_FASTCALL_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#else
+    #define __PYX_LIMITED_ABI_SUFFIX
+#endif
+#if __PYX_HAS_PY_AM_SEND == 1
+    #define __PYX_AM_SEND_ABI_SUFFIX
+#elif __PYX_HAS_PY_AM_SEND == 2
+    #define __PYX_AM_SEND_ABI_SUFFIX "amsendbackport"
+#else
+    #define __PYX_AM_SEND_ABI_SUFFIX "noamsend"
+#endif
+#ifndef __PYX_MONITORING_ABI_SUFFIX
+    #define __PYX_MONITORING_ABI_SUFFIX
+#endif
+#if CYTHON_USE_TP_FINALIZE
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX
+#else
+    #define __PYX_TP_FINALIZE_ABI_SUFFIX "nofinalize"
+#endif
+#if CYTHON_USE_FREELISTS || !defined(__Pyx_AsyncGen_USED)
+    #define __PYX_FREELISTS_ABI_SUFFIX
+#else
+    #define __PYX_FREELISTS_ABI_SUFFIX "nofreelists"
+#endif
+#define CYTHON_ABI  __PYX_ABI_VERSION __PYX_LIMITED_ABI_SUFFIX __PYX_MONITORING_ABI_SUFFIX __PYX_TP_FINALIZE_ABI_SUFFIX __PYX_FREELISTS_ABI_SUFFIX __PYX_AM_SEND_ABI_SUFFIX
+#define __PYX_ABI_MODULE_NAME "_cython_" CYTHON_ABI
+#define __PYX_TYPE_MODULE_PREFIX __PYX_ABI_MODULE_NAME "."
 
 
-/* Module declarations from 'libc.stddef' */
+/* Module declarations from "libc.stddef" */
 
-/* Module declarations from 'libc.time' */
+/* Module declarations from "libc.time" */
 
-/* Module declarations from 'posix.types' */
+/* Module declarations from "posix.types" */
 
-/* Module declarations from 'ssh.c_ssh' */
+/* Module declarations from "ssh.c_ssh" */
 
-/* Module declarations from 'cpython.version' */
+/* Module declarations from "cpython.version" */
 
-/* Module declarations from 'ssh.utils' */
+/* Module declarations from "ssh.utils" */
 static int __pyx_f_3ssh_5utils_handle_error_codes(int, ssh_session); /*proto*/
+/* #### Code section: typeinfo ### */
+/* #### Code section: before_global_var ### */
 #define __Pyx_MODULE_NAME "ssh.utils"
 extern int __pyx_module_is_main_ssh__utils;
 int __pyx_module_is_main_ssh__utils = 0;
 
-/* Implementation of 'ssh.utils' */
+/* Implementation of "ssh.utils" */
+/* #### Code section: global_var ### */
 static PyObject *__pyx_builtin_MemoryError;
+/* #### Code section: string_decls ### */
+static const char __pyx_k_[] = ".";
+static const char __pyx_k__2[] = "?";
 static const char __pyx_k_EOF[] = "EOF";
+static const char __pyx_k_pop[] = "pop";
+static const char __pyx_k_func[] = "__func__";
 static const char __pyx_k_main[] = "__main__";
 static const char __pyx_k_name[] = "__name__";
 static const char __pyx_k_sock[] = "sock";
@@ -1339,13 +2284,15 @@ static const char __pyx_k_test[] = "__test__";
 static const char __pyx_k_utf_8[] = "utf-8";
 static const char __pyx_k_decode[] = "decode";
 static const char __pyx_k_encode[] = "encode";
-static const char __pyx_k_import[] = "__import__";
+static const char __pyx_k_module[] = "__module__";
 static const char __pyx_k_select[] = "select";
 static const char __pyx_k_readfds[] = "readfds";
 static const char __pyx_k_session[] = "session";
 static const char __pyx_k_timeout[] = "timeout";
 static const char __pyx_k_ENCODING[] = "ENCODING";
 static const char __pyx_k_SSHError[] = "SSHError";
+static const char __pyx_k_qualname[] = "__qualname__";
+static const char __pyx_k_set_name[] = "__set_name__";
 static const char __pyx_k_writefds[] = "writefds";
 static const char __pyx_k_ssh_utils[] = "ssh.utils";
 static const char __pyx_k_OtherError[] = "OtherError";
@@ -1353,45 +2300,185 @@ static const char __pyx_k_directions[] = "directions";
 static const char __pyx_k_exceptions[] = "exceptions";
 static const char __pyx_k_MemoryError[] = "MemoryError";
 static const char __pyx_k_wait_socket[] = "wait_socket";
+static const char __pyx_k_is_coroutine[] = "_is_coroutine";
 static const char __pyx_k_ssh_utils_pyx[] = "ssh/utils.pyx";
 static const char __pyx_k_get_poll_flags[] = "get_poll_flags";
+static const char __pyx_k_asyncio_coroutines[] = "asyncio.coroutines";
 static const char __pyx_k_cline_in_traceback[] = "cline_in_traceback";
 static const char __pyx_k_AuthenticationError[] = "AuthenticationError";
 static const char __pyx_k_AuthenticationDenied[] = "AuthenticationDenied";
 static const char __pyx_k_AuthenticationPartial[] = "AuthenticationPartial";
-static PyObject *__pyx_n_s_AuthenticationDenied;
-static PyObject *__pyx_n_s_AuthenticationError;
-static PyObject *__pyx_n_s_AuthenticationPartial;
-static PyObject *__pyx_n_s_ENCODING;
-static PyObject *__pyx_n_s_EOF;
-static PyObject *__pyx_n_s_MemoryError;
-static PyObject *__pyx_n_s_OtherError;
-static PyObject *__pyx_n_s_SSHError;
-static PyObject *__pyx_n_s_cline_in_traceback;
-static PyObject *__pyx_n_s_decode;
-static PyObject *__pyx_n_s_directions;
-static PyObject *__pyx_n_s_encode;
-static PyObject *__pyx_n_s_exceptions;
-static PyObject *__pyx_n_s_get_poll_flags;
-static PyObject *__pyx_n_s_import;
-static PyObject *__pyx_n_s_main;
-static PyObject *__pyx_n_s_name;
-static PyObject *__pyx_n_s_readfds;
-static PyObject *__pyx_n_s_select;
-static PyObject *__pyx_n_s_session;
-static PyObject *__pyx_n_s_sock;
-static PyObject *__pyx_n_s_ssh_utils;
-static PyObject *__pyx_kp_s_ssh_utils_pyx;
-static PyObject *__pyx_n_s_test;
-static PyObject *__pyx_n_s_timeout;
-static PyObject *__pyx_kp_s_utf_8;
-static PyObject *__pyx_n_s_wait_socket;
-static PyObject *__pyx_n_s_writefds;
+static const char __pyx_k_1_Q_q_aq_r_0_q_r_1_9Jd[] = "\320\0001\260\021\360\014\000\005\033\230'\240\037\260\001\330\004\007\200{\220#\220Q\330\010\017\210q\330\004\016\210a\210q\330\014\027\220r\320\0310\260\001\330\004\017\210q\220\001\330\014\027\220r\320\0311\260\021\330\004\n\210!\2109\220J\230d\240!";
+/* #### Code section: decls ### */
 static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_self, PyObject *__pyx_v_session, PyObject *__pyx_v_sock, PyObject *__pyx_v_timeout); /* proto */
-static PyObject *__pyx_int_0;
-static PyObject *__pyx_tuple_;
-static PyObject *__pyx_codeobj__2;
-/* Late includes */
+/* #### Code section: late_includes ### */
+/* #### Code section: module_state ### */
+/* SmallCodeConfig */
+#ifndef CYTHON_SMALL_CODE
+#if defined(__clang__)
+    #define CYTHON_SMALL_CODE
+#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
+    #define CYTHON_SMALL_CODE __attribute__((cold))
+#else
+    #define CYTHON_SMALL_CODE
+#endif
+#endif
+
+typedef struct {
+  PyObject *__pyx_d;
+  PyObject *__pyx_b;
+  PyObject *__pyx_cython_runtime;
+  PyObject *__pyx_empty_tuple;
+  PyObject *__pyx_empty_bytes;
+  PyObject *__pyx_empty_unicode;
+  #ifdef __Pyx_CyFunction_USED
+  PyTypeObject *__pyx_CyFunctionType;
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  PyTypeObject *__pyx_FusedFunctionType;
+  #endif
+  #ifdef __Pyx_Generator_USED
+  PyTypeObject *__pyx_GeneratorType;
+  #endif
+  #ifdef __Pyx_IterableCoroutine_USED
+  PyTypeObject *__pyx_IterableCoroutineType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineAwaitType;
+  #endif
+  #ifdef __Pyx_Coroutine_USED
+  PyTypeObject *__pyx_CoroutineType;
+  #endif
+  __Pyx_CachedCFunction __pyx_umethod_PyDict_Type_pop;
+  PyObject *__pyx_tuple[1];
+  PyObject *__pyx_codeobj_tab[1];
+  PyObject *__pyx_string_tab[36];
+  PyObject *__pyx_int_0;
+/* #### Code section: module_state_contents ### */
+/* CommonTypesMetaclass.module_state_decls */
+PyTypeObject *__pyx_CommonTypesMetaclassType;
+
+/* CachedMethodType.module_state_decls */
+#if CYTHON_COMPILING_IN_LIMITED_API
+PyObject *__Pyx_CachedMethodType;
+#endif
+
+/* CodeObjectCache.module_state_decls */
+struct __Pyx_CodeObjectCache __pyx_code_cache;
+
+/* #### Code section: module_state_end ### */
+} __pyx_mstatetype;
+
+#if CYTHON_USE_MODULE_STATE
+#ifdef __cplusplus
+namespace {
+extern struct PyModuleDef __pyx_moduledef;
+} /* anonymous namespace */
+#else
+static struct PyModuleDef __pyx_moduledef;
+#endif
+
+#define __pyx_mstate_global (__Pyx_PyModule_GetState(__Pyx_State_FindModule(&__pyx_moduledef)))
+
+#define __pyx_m (__Pyx_State_FindModule(&__pyx_moduledef))
+#else
+static __pyx_mstatetype __pyx_mstate_global_static =
+#ifdef __cplusplus
+    {};
+#else
+    {0};
+#endif
+static __pyx_mstatetype * const __pyx_mstate_global = &__pyx_mstate_global_static;
+#endif
+/* #### Code section: constant_name_defines ### */
+#define __pyx_kp_u_ __pyx_string_tab[0]
+#define __pyx_n_u_AuthenticationDenied __pyx_string_tab[1]
+#define __pyx_n_u_AuthenticationError __pyx_string_tab[2]
+#define __pyx_n_u_AuthenticationPartial __pyx_string_tab[3]
+#define __pyx_n_u_ENCODING __pyx_string_tab[4]
+#define __pyx_n_u_EOF __pyx_string_tab[5]
+#define __pyx_n_u_MemoryError __pyx_string_tab[6]
+#define __pyx_n_u_OtherError __pyx_string_tab[7]
+#define __pyx_n_u_SSHError __pyx_string_tab[8]
+#define __pyx_kp_u__2 __pyx_string_tab[9]
+#define __pyx_n_u_asyncio_coroutines __pyx_string_tab[10]
+#define __pyx_n_u_cline_in_traceback __pyx_string_tab[11]
+#define __pyx_n_u_decode __pyx_string_tab[12]
+#define __pyx_n_u_directions __pyx_string_tab[13]
+#define __pyx_n_u_encode __pyx_string_tab[14]
+#define __pyx_n_u_exceptions __pyx_string_tab[15]
+#define __pyx_n_u_func __pyx_string_tab[16]
+#define __pyx_n_u_get_poll_flags __pyx_string_tab[17]
+#define __pyx_n_u_is_coroutine __pyx_string_tab[18]
+#define __pyx_n_u_main __pyx_string_tab[19]
+#define __pyx_n_u_module __pyx_string_tab[20]
+#define __pyx_n_u_name __pyx_string_tab[21]
+#define __pyx_n_u_pop __pyx_string_tab[22]
+#define __pyx_n_u_qualname __pyx_string_tab[23]
+#define __pyx_n_u_readfds __pyx_string_tab[24]
+#define __pyx_n_u_select __pyx_string_tab[25]
+#define __pyx_n_u_session __pyx_string_tab[26]
+#define __pyx_n_u_set_name __pyx_string_tab[27]
+#define __pyx_n_u_sock __pyx_string_tab[28]
+#define __pyx_n_u_ssh_utils __pyx_string_tab[29]
+#define __pyx_kp_u_ssh_utils_pyx __pyx_string_tab[30]
+#define __pyx_n_u_test __pyx_string_tab[31]
+#define __pyx_n_u_timeout __pyx_string_tab[32]
+#define __pyx_kp_u_utf_8 __pyx_string_tab[33]
+#define __pyx_n_u_wait_socket __pyx_string_tab[34]
+#define __pyx_n_u_writefds __pyx_string_tab[35]
+/* #### Code section: module_state_clear ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_clear(PyObject *m) {
+  __pyx_mstatetype *clear_module_state = __Pyx_PyModule_GetState(m);
+  if (!clear_module_state) return 0;
+  Py_CLEAR(clear_module_state->__pyx_d);
+  Py_CLEAR(clear_module_state->__pyx_b);
+  Py_CLEAR(clear_module_state->__pyx_cython_runtime);
+  Py_CLEAR(clear_module_state->__pyx_empty_tuple);
+  Py_CLEAR(clear_module_state->__pyx_empty_bytes);
+  Py_CLEAR(clear_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_CLEAR(clear_module_state->__pyx_FusedFunctionType);
+  #endif
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __Pyx_State_RemoveModule(NULL);
+  #endif
+  for (int i=0; i<1; ++i) { Py_CLEAR(clear_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<1; ++i) { Py_CLEAR(clear_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<36; ++i) { Py_CLEAR(clear_module_state->__pyx_string_tab[i]); }
+  Py_CLEAR(clear_module_state->__pyx_int_0);
+  return 0;
+}
+#endif
+/* #### Code section: module_state_traverse ### */
+#if CYTHON_USE_MODULE_STATE
+static CYTHON_SMALL_CODE int __pyx_m_traverse(PyObject *m, visitproc visit, void *arg) {
+  __pyx_mstatetype *traverse_module_state = __Pyx_PyModule_GetState(m);
+  if (!traverse_module_state) return 0;
+  Py_VISIT(traverse_module_state->__pyx_d);
+  Py_VISIT(traverse_module_state->__pyx_b);
+  Py_VISIT(traverse_module_state->__pyx_cython_runtime);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_tuple);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_bytes);
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_empty_unicode);
+  #ifdef __Pyx_CyFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_CyFunctionType);
+  #endif
+  #ifdef __Pyx_FusedFunction_USED
+  Py_VISIT(traverse_module_state->__pyx_FusedFunctionType);
+  #endif
+  for (int i=0; i<1; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_tuple[i]); }
+  for (int i=0; i<1; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_codeobj_tab[i]); }
+  for (int i=0; i<36; ++i) { __Pyx_VISIT_CONST(traverse_module_state->__pyx_string_tab[i]); }
+  __Pyx_VISIT_CONST(traverse_module_state->__pyx_int_0);
+  return 0;
+}
+#endif
+/* #### Code section: module_code ### */
 
 /* "ssh/utils.pyx":34
  * 
@@ -1399,17 +2486,16 @@ static PyObject *__pyx_codeobj__2;
  * cdef bytes to_bytes(_str):             # <<<<<<<<<<<<<<
  *     if isinstance(_str, bytes):
  *         return _str
- */
+*/
 
 static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
   int __pyx_t_1;
-  int __pyx_t_2;
+  PyObject *__pyx_t_2 = NULL;
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
-  PyObject *__pyx_t_5 = NULL;
-  PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_5;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1421,10 +2507,9 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *     if isinstance(_str, bytes):             # <<<<<<<<<<<<<<
  *         return _str
  *     elif isinstance(_str, unicode):
- */
+*/
   __pyx_t_1 = PyBytes_Check(__pyx_v__str); 
-  __pyx_t_2 = (__pyx_t_1 != 0);
-  if (__pyx_t_2) {
+  if (__pyx_t_1) {
 
     /* "ssh/utils.pyx":36
  * cdef bytes to_bytes(_str):
@@ -1432,9 +2517,9 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *         return _str             # <<<<<<<<<<<<<<
  *     elif isinstance(_str, unicode):
  *         return _str.encode(ENCODING)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    if (!(likely(PyBytes_CheckExact(__pyx_v__str))||((__pyx_v__str) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "bytes", Py_TYPE(__pyx_v__str)->tp_name), 0))) __PYX_ERR(0, 36, __pyx_L1_error)
+    if (!(likely(PyBytes_CheckExact(__pyx_v__str))||((__pyx_v__str) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_v__str))) __PYX_ERR(0, 36, __pyx_L1_error)
     __Pyx_INCREF(__pyx_v__str);
     __pyx_r = ((PyObject*)__pyx_v__str);
     goto __pyx_L0;
@@ -1445,7 +2530,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *     if isinstance(_str, bytes):             # <<<<<<<<<<<<<<
  *         return _str
  *     elif isinstance(_str, unicode):
- */
+*/
   }
 
   /* "ssh/utils.pyx":37
@@ -1454,9 +2539,8 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *     elif isinstance(_str, unicode):             # <<<<<<<<<<<<<<
  *         return _str.encode(ENCODING)
  *     return _str
- */
-  __pyx_t_2 = PyUnicode_Check(__pyx_v__str); 
-  __pyx_t_1 = (__pyx_t_2 != 0);
+*/
+  __pyx_t_1 = PyUnicode_Check(__pyx_v__str); 
   if (__pyx_t_1) {
 
     /* "ssh/utils.pyx":38
@@ -1465,31 +2549,24 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *         return _str.encode(ENCODING)             # <<<<<<<<<<<<<<
  *     return _str
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __pyx_t_4 = __Pyx_PyObject_GetAttrStr(__pyx_v__str, __pyx_n_s_encode); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 38, __pyx_L1_error)
+    __pyx_t_3 = __pyx_v__str;
+    __Pyx_INCREF(__pyx_t_3);
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_ENCODING); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 38, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_n_s_ENCODING); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 38, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_5);
-    __pyx_t_6 = NULL;
-    if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_4))) {
-      __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_4);
-      if (likely(__pyx_t_6)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-        __Pyx_INCREF(__pyx_t_6);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_4, function);
-      }
+    __pyx_t_5 = 0;
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_4};
+      __pyx_t_2 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_encode, __pyx_callargs+__pyx_t_5, (2-__pyx_t_5) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 38, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_2);
     }
-    __pyx_t_3 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_6, __pyx_t_5) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_5);
-    __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
-    if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 38, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    if (!(likely(PyBytes_CheckExact(__pyx_t_3))||((__pyx_t_3) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "bytes", Py_TYPE(__pyx_t_3)->tp_name), 0))) __PYX_ERR(0, 38, __pyx_L1_error)
-    __pyx_r = ((PyObject*)__pyx_t_3);
-    __pyx_t_3 = 0;
+    if (!(likely(PyBytes_CheckExact(__pyx_t_2))||((__pyx_t_2) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_t_2))) __PYX_ERR(0, 38, __pyx_L1_error)
+    __pyx_r = ((PyObject*)__pyx_t_2);
+    __pyx_t_2 = 0;
     goto __pyx_L0;
 
     /* "ssh/utils.pyx":37
@@ -1498,7 +2575,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *     elif isinstance(_str, unicode):             # <<<<<<<<<<<<<<
  *         return _str.encode(ENCODING)
  *     return _str
- */
+*/
   }
 
   /* "ssh/utils.pyx":39
@@ -1507,9 +2584,9 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  *     return _str             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  if (!(likely(PyBytes_CheckExact(__pyx_v__str))||((__pyx_v__str) == Py_None)||(PyErr_Format(PyExc_TypeError, "Expected %.16s, got %.200s", "bytes", Py_TYPE(__pyx_v__str)->tp_name), 0))) __PYX_ERR(0, 39, __pyx_L1_error)
+  if (!(likely(PyBytes_CheckExact(__pyx_v__str))||((__pyx_v__str) == Py_None) || __Pyx_RaiseUnexpectedTypeError("bytes", __pyx_v__str))) __PYX_ERR(0, 39, __pyx_L1_error)
   __Pyx_INCREF(__pyx_v__str);
   __pyx_r = ((PyObject*)__pyx_v__str);
   goto __pyx_L0;
@@ -1520,14 +2597,13 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  * cdef bytes to_bytes(_str):             # <<<<<<<<<<<<<<
  *     if isinstance(_str, bytes):
  *         return _str
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
+  __Pyx_XDECREF(__pyx_t_2);
   __Pyx_XDECREF(__pyx_t_3);
   __Pyx_XDECREF(__pyx_t_4);
-  __Pyx_XDECREF(__pyx_t_5);
-  __Pyx_XDECREF(__pyx_t_6);
   __Pyx_AddTraceback("ssh.utils.to_bytes", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = 0;
   __pyx_L0:;
@@ -1542,18 +2618,19 @@ static PyObject *__pyx_f_3ssh_5utils_to_bytes(PyObject *__pyx_v__str) {
  * cdef object to_str(const char *c_str):             # <<<<<<<<<<<<<<
  *     _len = len(c_str)
  *     if PY_MAJOR_VERSION < 3:
- */
+*/
 
 static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
   Py_ssize_t __pyx_v__len;
   PyObject *__pyx_r = NULL;
   __Pyx_RefNannyDeclarations
-  size_t __pyx_t_1;
+  Py_ssize_t __pyx_t_1;
   int __pyx_t_2;
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
   PyObject *__pyx_t_6 = NULL;
+  size_t __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1565,8 +2642,8 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  *     _len = len(c_str)             # <<<<<<<<<<<<<<
  *     if PY_MAJOR_VERSION < 3:
  *         return c_str[:_len]
- */
-  __pyx_t_1 = strlen(__pyx_v_c_str); 
+*/
+  __pyx_t_1 = __Pyx_ssize_strlen(__pyx_v_c_str); if (unlikely(__pyx_t_1 == ((Py_ssize_t)-1))) __PYX_ERR(0, 43, __pyx_L1_error)
   __pyx_v__len = __pyx_t_1;
 
   /* "ssh/utils.pyx":44
@@ -1575,8 +2652,8 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  *     if PY_MAJOR_VERSION < 3:             # <<<<<<<<<<<<<<
  *         return c_str[:_len]
  *     return c_str[:_len].decode(ENCODING)
- */
-  __pyx_t_2 = ((PY_MAJOR_VERSION < 3) != 0);
+*/
+  __pyx_t_2 = (PY_MAJOR_VERSION < 3);
   if (__pyx_t_2) {
 
     /* "ssh/utils.pyx":45
@@ -1585,7 +2662,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  *         return c_str[:_len]             # <<<<<<<<<<<<<<
  *     return c_str[:_len].decode(ENCODING)
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_t_3 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v__len - 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 45, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
@@ -1599,7 +2676,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  *     if PY_MAJOR_VERSION < 3:             # <<<<<<<<<<<<<<
  *         return c_str[:_len]
  *     return c_str[:_len].decode(ENCODING)
- */
+*/
   }
 
   /* "ssh/utils.pyx":46
@@ -1608,31 +2685,24 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  *     return c_str[:_len].decode(ENCODING)             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_4 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v__len - 0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_4);
-  __pyx_t_5 = __Pyx_PyObject_GetAttrStr(__pyx_t_4, __pyx_n_s_decode); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 46, __pyx_L1_error)
+  __pyx_t_5 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v__len - 0); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 46, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_5);
-  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_n_s_ENCODING); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_4);
-  __pyx_t_6 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_5))) {
-    __pyx_t_6 = PyMethod_GET_SELF(__pyx_t_5);
-    if (likely(__pyx_t_6)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_5);
-      __Pyx_INCREF(__pyx_t_6);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_5, function);
-    }
+  __pyx_t_4 = __pyx_t_5;
+  __Pyx_INCREF(__pyx_t_4);
+  __Pyx_GetModuleGlobalName(__pyx_t_6, __pyx_mstate_global->__pyx_n_u_ENCODING); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 46, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_6);
+  __pyx_t_7 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_6};
+    __pyx_t_3 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_decode, __pyx_callargs+__pyx_t_7, (2-__pyx_t_7) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+    __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+    if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 46, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_3);
   }
-  __pyx_t_3 = (__pyx_t_6) ? __Pyx_PyObject_Call2Args(__pyx_t_5, __pyx_t_6, __pyx_t_4) : __Pyx_PyObject_CallOneArg(__pyx_t_5, __pyx_t_4);
-  __Pyx_XDECREF(__pyx_t_6); __pyx_t_6 = 0;
-  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-  if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 46, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
   __pyx_r = __pyx_t_3;
   __pyx_t_3 = 0;
   goto __pyx_L0;
@@ -1643,7 +2713,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  * cdef object to_str(const char *c_str):             # <<<<<<<<<<<<<<
  *     _len = len(c_str)
  *     if PY_MAJOR_VERSION < 3:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1665,7 +2735,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str(char const *__pyx_v_c_str) {
  * cdef object to_str_len(const char *c_str, int length):             # <<<<<<<<<<<<<<
  *     if PY_MAJOR_VERSION < 3:
  *         return c_str[:length]
- */
+*/
 
 static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int __pyx_v_length) {
   PyObject *__pyx_r = NULL;
@@ -1675,6 +2745,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
+  size_t __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -1686,8 +2757,8 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
  *     if PY_MAJOR_VERSION < 3:             # <<<<<<<<<<<<<<
  *         return c_str[:length]
  *     return c_str[:length].decode(ENCODING)
- */
-  __pyx_t_1 = ((PY_MAJOR_VERSION < 3) != 0);
+*/
+  __pyx_t_1 = (PY_MAJOR_VERSION < 3);
   if (__pyx_t_1) {
 
     /* "ssh/utils.pyx":51
@@ -1696,7 +2767,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
  *         return c_str[:length]             # <<<<<<<<<<<<<<
  *     return c_str[:length].decode(ENCODING)
  * 
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v_length - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 51, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
@@ -1710,7 +2781,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
  *     if PY_MAJOR_VERSION < 3:             # <<<<<<<<<<<<<<
  *         return c_str[:length]
  *     return c_str[:length].decode(ENCODING)
- */
+*/
   }
 
   /* "ssh/utils.pyx":52
@@ -1719,31 +2790,24 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
  *     return c_str[:length].decode(ENCODING)             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   __Pyx_XDECREF(__pyx_r);
-  __pyx_t_3 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v_length - 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 52, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_4 = __Pyx_PyObject_GetAttrStr(__pyx_t_3, __pyx_n_s_decode); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 52, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v_length - 0); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 52, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_4);
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_n_s_ENCODING); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 52, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_3);
-  __pyx_t_5 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_4))) {
-    __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_4);
-    if (likely(__pyx_t_5)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_4);
-      __Pyx_INCREF(__pyx_t_5);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_4, function);
-    }
+  __pyx_t_3 = __pyx_t_4;
+  __Pyx_INCREF(__pyx_t_3);
+  __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_ENCODING); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 52, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_5);
+  __pyx_t_6 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_5};
+    __pyx_t_2 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_decode, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+    __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+    __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+    if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 52, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_2);
   }
-  __pyx_t_2 = (__pyx_t_5) ? __Pyx_PyObject_Call2Args(__pyx_t_4, __pyx_t_5, __pyx_t_3) : __Pyx_PyObject_CallOneArg(__pyx_t_4, __pyx_t_3);
-  __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 52, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
   __pyx_r = __pyx_t_2;
   __pyx_t_2 = 0;
   goto __pyx_L0;
@@ -1754,7 +2818,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
  * cdef object to_str_len(const char *c_str, int length):             # <<<<<<<<<<<<<<
  *     if PY_MAJOR_VERSION < 3:
  *         return c_str[:length]
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -1776,7 +2840,7 @@ static PyObject *__pyx_f_3ssh_5utils_to_str_len(char const *__pyx_v_c_str, int _
  * cdef bytes ssh_string_to_bytes(ssh_string _str):             # <<<<<<<<<<<<<<
  *     if _str is NULL:
  *         return
- */
+*/
 
 static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str) {
   char const *__pyx_v_c_str;
@@ -1807,8 +2871,8 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     if _str is NULL:             # <<<<<<<<<<<<<<
  *         return
  *     cdef const char *c_str
- */
-  __pyx_t_1 = ((__pyx_v__str == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v__str == NULL);
   if (__pyx_t_1) {
 
     /* "ssh/utils.pyx":57
@@ -1817,7 +2881,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         return             # <<<<<<<<<<<<<<
  *     cdef const char *c_str
  *     cdef size_t str_len
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __pyx_r = ((PyObject*)Py_None); __Pyx_INCREF(Py_None);
     goto __pyx_L0;
@@ -1828,7 +2892,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     if _str is NULL:             # <<<<<<<<<<<<<<
  *         return
  *     cdef const char *c_str
- */
+*/
   }
 
   /* "ssh/utils.pyx":60
@@ -1837,7 +2901,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     cdef bytes b_str = None             # <<<<<<<<<<<<<<
  *     with nogil:
  *         str_len = ssh_string_len(_str)
- */
+*/
   __Pyx_INCREF(Py_None);
   __pyx_v_b_str = ((PyObject*)Py_None);
 
@@ -1847,13 +2911,12 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     with nogil:             # <<<<<<<<<<<<<<
  *         str_len = ssh_string_len(_str)
  *         c_str = ssh_string_get_char(_str)
- */
+*/
   {
-      #ifdef WITH_THREAD
       PyThreadState *_save;
+      _save = NULL;
       Py_UNBLOCK_THREADS
       __Pyx_FastGIL_Remember();
-      #endif
       /*try:*/ {
 
         /* "ssh/utils.pyx":62
@@ -1862,7 +2925,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         str_len = ssh_string_len(_str)             # <<<<<<<<<<<<<<
  *         c_str = ssh_string_get_char(_str)
  *     if c_str is NULL:
- */
+*/
         __pyx_v_str_len = ssh_string_len(__pyx_v__str);
 
         /* "ssh/utils.pyx":63
@@ -1871,7 +2934,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         c_str = ssh_string_get_char(_str)             # <<<<<<<<<<<<<<
  *     if c_str is NULL:
  *         raise MemoryError
- */
+*/
         __pyx_v_c_str = ssh_string_get_char(__pyx_v__str);
       }
 
@@ -1881,13 +2944,11 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     with nogil:             # <<<<<<<<<<<<<<
  *         str_len = ssh_string_len(_str)
  *         c_str = ssh_string_get_char(_str)
- */
+*/
       /*finally:*/ {
         /*normal exit:*/{
-          #ifdef WITH_THREAD
           __Pyx_FastGIL_Forget();
           Py_BLOCK_THREADS
-          #endif
           goto __pyx_L6;
         }
         __pyx_L6:;
@@ -1900,8 +2961,8 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     if c_str is NULL:             # <<<<<<<<<<<<<<
  *         raise MemoryError
  *     try:
- */
-  __pyx_t_1 = ((__pyx_v_c_str == NULL) != 0);
+*/
+  __pyx_t_1 = (__pyx_v_c_str == NULL);
   if (unlikely(__pyx_t_1)) {
 
     /* "ssh/utils.pyx":65
@@ -1910,7 +2971,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         raise MemoryError             # <<<<<<<<<<<<<<
  *     try:
  *         b_str = c_str[:str_len]
- */
+*/
     PyErr_NoMemory(); __PYX_ERR(0, 65, __pyx_L1_error)
 
     /* "ssh/utils.pyx":64
@@ -1919,7 +2980,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     if c_str is NULL:             # <<<<<<<<<<<<<<
  *         raise MemoryError
  *     try:
- */
+*/
   }
 
   /* "ssh/utils.pyx":66
@@ -1928,7 +2989,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *     try:             # <<<<<<<<<<<<<<
  *         b_str = c_str[:str_len]
  *         return b_str
- */
+*/
   /*try:*/ {
 
     /* "ssh/utils.pyx":67
@@ -1937,7 +2998,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         b_str = c_str[:str_len]             # <<<<<<<<<<<<<<
  *         return b_str
  *     finally:
- */
+*/
     __pyx_t_2 = __Pyx_PyBytes_FromStringAndSize(__pyx_v_c_str + 0, __pyx_v_str_len - 0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 67, __pyx_L9_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_DECREF_SET(__pyx_v_b_str, ((PyObject*)__pyx_t_2));
@@ -1949,7 +3010,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         return b_str             # <<<<<<<<<<<<<<
  *     finally:
  *         ssh_string_free(_str)
- */
+*/
     __Pyx_XDECREF(__pyx_r);
     __Pyx_INCREF(__pyx_v_b_str);
     __pyx_r = __pyx_v_b_str;
@@ -1962,7 +3023,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  *         ssh_string_free(_str)             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
   /*finally:*/ {
     __pyx_L9_error:;
     /*exception exit:*/{
@@ -1970,8 +3031,8 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
       __Pyx_PyThreadState_assign
       __pyx_t_6 = 0; __pyx_t_7 = 0; __pyx_t_8 = 0; __pyx_t_9 = 0; __pyx_t_10 = 0; __pyx_t_11 = 0;
       __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
-      if (PY_MAJOR_VERSION >= 3) __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
-      if ((PY_MAJOR_VERSION < 3) || unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
+       __Pyx_ExceptionSwap(&__pyx_t_9, &__pyx_t_10, &__pyx_t_11);
+      if ( unlikely(__Pyx_GetException(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8) < 0)) __Pyx_ErrFetch(&__pyx_t_6, &__pyx_t_7, &__pyx_t_8);
       __Pyx_XGOTREF(__pyx_t_6);
       __Pyx_XGOTREF(__pyx_t_7);
       __Pyx_XGOTREF(__pyx_t_8);
@@ -1982,12 +3043,10 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
       {
         ssh_string_free(__pyx_v__str);
       }
-      if (PY_MAJOR_VERSION >= 3) {
-        __Pyx_XGIVEREF(__pyx_t_9);
-        __Pyx_XGIVEREF(__pyx_t_10);
-        __Pyx_XGIVEREF(__pyx_t_11);
-        __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
-      }
+      __Pyx_XGIVEREF(__pyx_t_9);
+      __Pyx_XGIVEREF(__pyx_t_10);
+      __Pyx_XGIVEREF(__pyx_t_11);
+      __Pyx_ExceptionReset(__pyx_t_9, __pyx_t_10, __pyx_t_11);
       __Pyx_XGIVEREF(__pyx_t_6);
       __Pyx_XGIVEREF(__pyx_t_7);
       __Pyx_XGIVEREF(__pyx_t_8);
@@ -2012,7 +3071,7 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  * cdef bytes ssh_string_to_bytes(ssh_string _str):             # <<<<<<<<<<<<<<
  *     if _str is NULL:
  *         return
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2032,78 +3091,103 @@ static PyObject *__pyx_f_3ssh_5utils_ssh_string_to_bytes(ssh_string __pyx_v__str
  * def wait_socket(session not None, sock not None, timeout=None):             # <<<<<<<<<<<<<<
  *     """Helper function for testing non-blocking mode.
  * 
- */
+*/
 
 /* Python wrapper */
-static PyObject *__pyx_pw_3ssh_5utils_1wait_socket(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds); /*proto*/
-static char __pyx_doc_3ssh_5utils_wait_socket[] = "wait_socket(session, sock, timeout=None)\nHelper function for testing non-blocking mode.\n\n    This function blocks the calling thread for <timeout> seconds -\n    to be used only for testing purposes.\n    ";
-static PyMethodDef __pyx_mdef_3ssh_5utils_1wait_socket = {"wait_socket", (PyCFunction)(void*)(PyCFunctionWithKeywords)__pyx_pw_3ssh_5utils_1wait_socket, METH_VARARGS|METH_KEYWORDS, __pyx_doc_3ssh_5utils_wait_socket};
-static PyObject *__pyx_pw_3ssh_5utils_1wait_socket(PyObject *__pyx_self, PyObject *__pyx_args, PyObject *__pyx_kwds) {
+static PyObject *__pyx_pw_3ssh_5utils_1wait_socket(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+); /*proto*/
+PyDoc_STRVAR(__pyx_doc_3ssh_5utils_wait_socket, "wait_socket(session, sock, timeout=None)\n\nHelper function for testing non-blocking mode.\n\nThis function blocks the calling thread for <timeout> seconds -\nto be used only for testing purposes.");
+static PyMethodDef __pyx_mdef_3ssh_5utils_1wait_socket = {"wait_socket", (PyCFunction)(void(*)(void))(__Pyx_PyCFunction_FastCallWithKeywords)__pyx_pw_3ssh_5utils_1wait_socket, __Pyx_METH_FASTCALL|METH_KEYWORDS, __pyx_doc_3ssh_5utils_wait_socket};
+static PyObject *__pyx_pw_3ssh_5utils_1wait_socket(PyObject *__pyx_self, 
+#if CYTHON_METH_FASTCALL
+PyObject *const *__pyx_args, Py_ssize_t __pyx_nargs, PyObject *__pyx_kwds
+#else
+PyObject *__pyx_args, PyObject *__pyx_kwds
+#endif
+) {
   PyObject *__pyx_v_session = 0;
   PyObject *__pyx_v_sock = 0;
   PyObject *__pyx_v_timeout = 0;
+  #if !CYTHON_METH_FASTCALL
+  CYTHON_UNUSED Py_ssize_t __pyx_nargs;
+  #endif
+  CYTHON_UNUSED PyObject *const *__pyx_kwvalues;
+  PyObject* values[3] = {0,0,0};
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
   PyObject *__pyx_r = 0;
   __Pyx_RefNannyDeclarations
   __Pyx_RefNannySetupContext("wait_socket (wrapper)", 0);
+  #if !CYTHON_METH_FASTCALL
+  #if CYTHON_ASSUME_SAFE_SIZE
+  __pyx_nargs = PyTuple_GET_SIZE(__pyx_args);
+  #else
+  __pyx_nargs = PyTuple_Size(__pyx_args); if (unlikely(__pyx_nargs < 0)) return NULL;
+  #endif
+  #endif
+  __pyx_kwvalues = __Pyx_KwValues_FASTCALL(__pyx_args, __pyx_nargs);
   {
-    static PyObject **__pyx_pyargnames[] = {&__pyx_n_s_session,&__pyx_n_s_sock,&__pyx_n_s_timeout,0};
-    PyObject* values[3] = {0,0,0};
-    values[2] = ((PyObject *)Py_None);
-    if (unlikely(__pyx_kwds)) {
-      Py_ssize_t kw_args;
-      const Py_ssize_t pos_args = PyTuple_GET_SIZE(__pyx_args);
-      switch (pos_args) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+    PyObject ** const __pyx_pyargnames[] = {&__pyx_mstate_global->__pyx_n_u_session,&__pyx_mstate_global->__pyx_n_u_sock,&__pyx_mstate_global->__pyx_n_u_timeout,0};
+    const Py_ssize_t __pyx_kwds_len = (__pyx_kwds) ? __Pyx_NumKwargs_FASTCALL(__pyx_kwds) : 0;
+    if (unlikely(__pyx_kwds_len) < 0) __PYX_ERR(0, 73, __pyx_L3_error)
+    if (__pyx_kwds_len > 0) {
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 73, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 73, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  1: values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  1:
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 73, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
         case  0: break;
         default: goto __pyx_L5_argtuple_error;
       }
-      kw_args = PyDict_Size(__pyx_kwds);
-      switch (pos_args) {
-        case  0:
-        if (likely((values[0] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_session)) != 0)) kw_args--;
-        else goto __pyx_L5_argtuple_error;
-        CYTHON_FALLTHROUGH;
-        case  1:
-        if (likely((values[1] = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_sock)) != 0)) kw_args--;
-        else {
-          __Pyx_RaiseArgtupleInvalid("wait_socket", 0, 2, 3, 1); __PYX_ERR(0, 73, __pyx_L3_error)
-        }
-        CYTHON_FALLTHROUGH;
-        case  2:
-        if (kw_args > 0) {
-          PyObject* value = __Pyx_PyDict_GetItemStr(__pyx_kwds, __pyx_n_s_timeout);
-          if (value) { values[2] = value; kw_args--; }
-        }
-      }
-      if (unlikely(kw_args > 0)) {
-        if (unlikely(__Pyx_ParseOptionalKeywords(__pyx_kwds, __pyx_pyargnames, 0, values, pos_args, "wait_socket") < 0)) __PYX_ERR(0, 73, __pyx_L3_error)
+      const Py_ssize_t kwd_pos_args = __pyx_nargs;
+      if (__Pyx_ParseKeywords(__pyx_kwds, __pyx_kwvalues, __pyx_pyargnames, 0, values, kwd_pos_args, __pyx_kwds_len, "wait_socket", 0) < 0) __PYX_ERR(0, 73, __pyx_L3_error)
+      if (!values[2]) values[2] = __Pyx_NewRef(((PyObject *)Py_None));
+      for (Py_ssize_t i = __pyx_nargs; i < 2; i++) {
+        if (unlikely(!values[i])) { __Pyx_RaiseArgtupleInvalid("wait_socket", 0, 2, 3, i); __PYX_ERR(0, 73, __pyx_L3_error) }
       }
     } else {
-      switch (PyTuple_GET_SIZE(__pyx_args)) {
-        case  3: values[2] = PyTuple_GET_ITEM(__pyx_args, 2);
+      switch (__pyx_nargs) {
+        case  3:
+        values[2] = __Pyx_ArgRef_FASTCALL(__pyx_args, 2);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[2])) __PYX_ERR(0, 73, __pyx_L3_error)
         CYTHON_FALLTHROUGH;
-        case  2: values[1] = PyTuple_GET_ITEM(__pyx_args, 1);
-        values[0] = PyTuple_GET_ITEM(__pyx_args, 0);
+        case  2:
+        values[1] = __Pyx_ArgRef_FASTCALL(__pyx_args, 1);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[1])) __PYX_ERR(0, 73, __pyx_L3_error)
+        values[0] = __Pyx_ArgRef_FASTCALL(__pyx_args, 0);
+        if (!CYTHON_ASSUME_SAFE_MACROS && unlikely(!values[0])) __PYX_ERR(0, 73, __pyx_L3_error)
         break;
         default: goto __pyx_L5_argtuple_error;
       }
+      if (!values[2]) values[2] = __Pyx_NewRef(((PyObject *)Py_None));
     }
     __pyx_v_session = values[0];
     __pyx_v_sock = values[1];
     __pyx_v_timeout = values[2];
   }
-  goto __pyx_L4_argument_unpacking_done;
+  goto __pyx_L6_skip;
   __pyx_L5_argtuple_error:;
-  __Pyx_RaiseArgtupleInvalid("wait_socket", 0, 2, 3, PyTuple_GET_SIZE(__pyx_args)); __PYX_ERR(0, 73, __pyx_L3_error)
+  __Pyx_RaiseArgtupleInvalid("wait_socket", 0, 2, 3, __pyx_nargs); __PYX_ERR(0, 73, __pyx_L3_error)
+  __pyx_L6_skip:;
+  goto __pyx_L4_argument_unpacking_done;
   __pyx_L3_error:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
   __Pyx_AddTraceback("ssh.utils.wait_socket", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __Pyx_RefNannyFinishContext();
   return NULL;
@@ -2120,7 +3204,15 @@ static PyObject *__pyx_pw_3ssh_5utils_1wait_socket(PyObject *__pyx_self, PyObjec
   goto __pyx_L0;
   __pyx_L1_error:;
   __pyx_r = NULL;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  goto __pyx_L7_cleaned_up;
   __pyx_L0:;
+  for (Py_ssize_t __pyx_temp=0; __pyx_temp < (Py_ssize_t)(sizeof(values)/sizeof(values[0])); ++__pyx_temp) {
+    Py_XDECREF(values[__pyx_temp]);
+  }
+  __pyx_L7_cleaned_up:;
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
@@ -2133,7 +3225,7 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
   __Pyx_RefNannyDeclarations
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
-  PyObject *__pyx_t_3 = NULL;
+  size_t __pyx_t_3;
   int __pyx_t_4;
   int __pyx_t_5;
   PyObject *__pyx_t_6 = NULL;
@@ -2148,25 +3240,18 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *     cdef int directions = session.get_poll_flags()             # <<<<<<<<<<<<<<
  *     if directions == 0:
  *         return 0
- */
-  __pyx_t_2 = __Pyx_PyObject_GetAttrStr(__pyx_v_session, __pyx_n_s_get_poll_flags); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 79, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  if (CYTHON_UNPACK_METHODS && likely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-    }
+*/
+  __pyx_t_2 = __pyx_v_session;
+  __Pyx_INCREF(__pyx_t_2);
+  __pyx_t_3 = 0;
+  {
+    PyObject *__pyx_callargs[2] = {__pyx_t_2, NULL};
+    __pyx_t_1 = __Pyx_PyObject_FastCallMethod(__pyx_mstate_global->__pyx_n_u_get_poll_flags, __pyx_callargs+__pyx_t_3, (1-__pyx_t_3) | (1*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 79, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __pyx_t_1 = (__pyx_t_3) ? __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3) : __Pyx_PyObject_CallNoArg(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-  if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 79, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_4 = __Pyx_PyInt_As_int(__pyx_t_1); if (unlikely((__pyx_t_4 == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 79, __pyx_L1_error)
+  __pyx_t_4 = __Pyx_PyLong_As_int(__pyx_t_1); if (unlikely((__pyx_t_4 == (int)-1) && PyErr_Occurred())) __PYX_ERR(0, 79, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
   __pyx_v_directions = __pyx_t_4;
 
@@ -2176,8 +3261,8 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *     if directions == 0:             # <<<<<<<<<<<<<<
  *         return 0
  *     readfds = (sock,) \
- */
-  __pyx_t_5 = ((__pyx_v_directions == 0) != 0);
+*/
+  __pyx_t_5 = (__pyx_v_directions == 0);
   if (__pyx_t_5) {
 
     /* "ssh/utils.pyx":81
@@ -2186,10 +3271,10 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *         return 0             # <<<<<<<<<<<<<<
  *     readfds = (sock,) \
  *         if (directions & SSH_READ_PENDING) else ()
- */
+*/
     __Pyx_XDECREF(__pyx_r);
-    __Pyx_INCREF(__pyx_int_0);
-    __pyx_r = __pyx_int_0;
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_int_0);
+    __pyx_r = __pyx_mstate_global->__pyx_int_0;
     goto __pyx_L0;
 
     /* "ssh/utils.pyx":80
@@ -2198,7 +3283,7 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *     if directions == 0:             # <<<<<<<<<<<<<<
  *         return 0
  *     readfds = (sock,) \
- */
+*/
   }
 
   /* "ssh/utils.pyx":83
@@ -2207,8 +3292,9 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *         if (directions & SSH_READ_PENDING) else ()             # <<<<<<<<<<<<<<
  *     writefds = (sock,) \
  *         if (directions & SSH_WRITE_PENDING) else ()
- */
-  if (((__pyx_v_directions & SSH_READ_PENDING) != 0)) {
+*/
+  __pyx_t_5 = ((__pyx_v_directions & SSH_READ_PENDING) != 0);
+  if (__pyx_t_5) {
 
     /* "ssh/utils.pyx":82
  *     if directions == 0:
@@ -2216,12 +3302,12 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *     readfds = (sock,) \             # <<<<<<<<<<<<<<
  *         if (directions & SSH_READ_PENDING) else ()
  *     writefds = (sock,) \
- */
+*/
     __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 82, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(__pyx_v_sock);
     __Pyx_GIVEREF(__pyx_v_sock);
-    PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v_sock);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v_sock) != (0)) __PYX_ERR(0, 82, __pyx_L1_error);
     __pyx_t_1 = __pyx_t_2;
     __pyx_t_2 = 0;
   } else {
@@ -2232,9 +3318,9 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *         if (directions & SSH_READ_PENDING) else ()             # <<<<<<<<<<<<<<
  *     writefds = (sock,) \
  *         if (directions & SSH_WRITE_PENDING) else ()
- */
-    __Pyx_INCREF(__pyx_empty_tuple);
-    __pyx_t_1 = __pyx_empty_tuple;
+*/
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_empty_tuple);
+    __pyx_t_1 = __pyx_mstate_global->__pyx_empty_tuple;
   }
   __pyx_v_readfds = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
@@ -2245,8 +3331,9 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *         if (directions & SSH_WRITE_PENDING) else ()             # <<<<<<<<<<<<<<
  *     select(readfds, writefds, (), timeout)
  * 
- */
-  if (((__pyx_v_directions & SSH_WRITE_PENDING) != 0)) {
+*/
+  __pyx_t_5 = ((__pyx_v_directions & SSH_WRITE_PENDING) != 0);
+  if (__pyx_t_5) {
 
     /* "ssh/utils.pyx":84
  *     readfds = (sock,) \
@@ -2254,12 +3341,12 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *     writefds = (sock,) \             # <<<<<<<<<<<<<<
  *         if (directions & SSH_WRITE_PENDING) else ()
  *     select(readfds, writefds, (), timeout)
- */
+*/
     __pyx_t_2 = PyTuple_New(1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 84, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __Pyx_INCREF(__pyx_v_sock);
     __Pyx_GIVEREF(__pyx_v_sock);
-    PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v_sock);
+    if (__Pyx_PyTuple_SET_ITEM(__pyx_t_2, 0, __pyx_v_sock) != (0)) __PYX_ERR(0, 84, __pyx_L1_error);
     __pyx_t_1 = __pyx_t_2;
     __pyx_t_2 = 0;
   } else {
@@ -2270,9 +3357,9 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *         if (directions & SSH_WRITE_PENDING) else ()             # <<<<<<<<<<<<<<
  *     select(readfds, writefds, (), timeout)
  * 
- */
-    __Pyx_INCREF(__pyx_empty_tuple);
-    __pyx_t_1 = __pyx_empty_tuple;
+*/
+    __Pyx_INCREF(__pyx_mstate_global->__pyx_empty_tuple);
+    __pyx_t_1 = __pyx_mstate_global->__pyx_empty_tuple;
   }
   __pyx_v_writefds = ((PyObject*)__pyx_t_1);
   __pyx_t_1 = 0;
@@ -2283,60 +3370,30 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  *     select(readfds, writefds, (), timeout)             # <<<<<<<<<<<<<<
  * 
  * 
- */
-  __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_select); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 86, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __pyx_t_3 = NULL;
-  __pyx_t_4 = 0;
-  if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
-    __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_2);
-    if (likely(__pyx_t_3)) {
-      PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-      __Pyx_INCREF(__pyx_t_3);
-      __Pyx_INCREF(function);
-      __Pyx_DECREF_SET(__pyx_t_2, function);
-      __pyx_t_4 = 1;
-    }
+*/
+  __pyx_t_2 = NULL;
+  __Pyx_GetModuleGlobalName(__pyx_t_6, __pyx_mstate_global->__pyx_n_u_select); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 86, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_6);
+  __pyx_t_3 = 1;
+  #if CYTHON_UNPACK_METHODS
+  if (unlikely(PyMethod_Check(__pyx_t_6))) {
+    __pyx_t_2 = PyMethod_GET_SELF(__pyx_t_6);
+    assert(__pyx_t_2);
+    PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_6);
+    __Pyx_INCREF(__pyx_t_2);
+    __Pyx_INCREF(__pyx__function);
+    __Pyx_DECREF_SET(__pyx_t_6, __pyx__function);
+    __pyx_t_3 = 0;
   }
-  #if CYTHON_FAST_PYCALL
-  if (PyFunction_Check(__pyx_t_2)) {
-    PyObject *__pyx_temp[5] = {__pyx_t_3, __pyx_v_readfds, __pyx_v_writefds, __pyx_empty_tuple, __pyx_v_timeout};
-    __pyx_t_1 = __Pyx_PyFunction_FastCall(__pyx_t_2, __pyx_temp+1-__pyx_t_4, 4+__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 86, __pyx_L1_error)
-    __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-    __Pyx_GOTREF(__pyx_t_1);
-  } else
-  #endif
-  #if CYTHON_FAST_PYCCALL
-  if (__Pyx_PyFastCFunction_Check(__pyx_t_2)) {
-    PyObject *__pyx_temp[5] = {__pyx_t_3, __pyx_v_readfds, __pyx_v_writefds, __pyx_empty_tuple, __pyx_v_timeout};
-    __pyx_t_1 = __Pyx_PyCFunction_FastCall(__pyx_t_2, __pyx_temp+1-__pyx_t_4, 4+__pyx_t_4); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 86, __pyx_L1_error)
-    __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
-    __Pyx_GOTREF(__pyx_t_1);
-  } else
   #endif
   {
-    __pyx_t_6 = PyTuple_New(4+__pyx_t_4); if (unlikely(!__pyx_t_6)) __PYX_ERR(0, 86, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_6);
-    if (__pyx_t_3) {
-      __Pyx_GIVEREF(__pyx_t_3); PyTuple_SET_ITEM(__pyx_t_6, 0, __pyx_t_3); __pyx_t_3 = NULL;
-    }
-    __Pyx_INCREF(__pyx_v_readfds);
-    __Pyx_GIVEREF(__pyx_v_readfds);
-    PyTuple_SET_ITEM(__pyx_t_6, 0+__pyx_t_4, __pyx_v_readfds);
-    __Pyx_INCREF(__pyx_v_writefds);
-    __Pyx_GIVEREF(__pyx_v_writefds);
-    PyTuple_SET_ITEM(__pyx_t_6, 1+__pyx_t_4, __pyx_v_writefds);
-    __Pyx_INCREF(__pyx_empty_tuple);
-    __Pyx_GIVEREF(__pyx_empty_tuple);
-    PyTuple_SET_ITEM(__pyx_t_6, 2+__pyx_t_4, __pyx_empty_tuple);
-    __Pyx_INCREF(__pyx_v_timeout);
-    __Pyx_GIVEREF(__pyx_v_timeout);
-    PyTuple_SET_ITEM(__pyx_t_6, 3+__pyx_t_4, __pyx_v_timeout);
-    __pyx_t_1 = __Pyx_PyObject_Call(__pyx_t_2, __pyx_t_6, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 86, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
+    PyObject *__pyx_callargs[5] = {__pyx_t_2, __pyx_v_readfds, __pyx_v_writefds, __pyx_mstate_global->__pyx_empty_tuple, __pyx_v_timeout};
+    __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_6, __pyx_callargs+__pyx_t_3, (5-__pyx_t_3) | (__pyx_t_3*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+    __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_DECREF(__pyx_t_6); __pyx_t_6 = 0;
+    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 86, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_1);
   }
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
   __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "ssh/utils.pyx":73
@@ -2345,7 +3402,7 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  * def wait_socket(session not None, sock not None, timeout=None):             # <<<<<<<<<<<<<<
  *     """Helper function for testing non-blocking mode.
  * 
- */
+*/
 
   /* function exit code */
   __pyx_r = Py_None; __Pyx_INCREF(Py_None);
@@ -2353,7 +3410,6 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
   __pyx_L1_error:;
   __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
-  __Pyx_XDECREF(__pyx_t_3);
   __Pyx_XDECREF(__pyx_t_6);
   __Pyx_AddTraceback("ssh.utils.wait_socket", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = NULL;
@@ -2371,7 +3427,7 @@ static PyObject *__pyx_pf_3ssh_5utils_wait_socket(CYTHON_UNUSED PyObject *__pyx_
  * cdef int handle_error_codes(             # <<<<<<<<<<<<<<
  *         int errcode, ssh_session session) except -1:
  *     if errcode == SSH_OK:
- */
+*/
 
 static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_session __pyx_v_session) {
   int __pyx_r;
@@ -2381,9 +3437,8 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
   PyObject *__pyx_t_5 = NULL;
-  int __pyx_t_6;
-  PyObject *__pyx_t_7 = NULL;
-  int __pyx_t_8;
+  size_t __pyx_t_6;
+  int __pyx_t_7;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2395,7 +3450,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *     if errcode == SSH_OK:             # <<<<<<<<<<<<<<
  *         return SSH_OK
  *     elif errcode == SSH_ERROR:
- */
+*/
   switch (__pyx_v_errcode) {
     case SSH_OK:
 
@@ -2405,7 +3460,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         return SSH_OK             # <<<<<<<<<<<<<<
  *     elif errcode == SSH_ERROR:
  *         raise SSHError(errcode, ssh_get_error(session))
- */
+*/
     __pyx_r = SSH_OK;
     goto __pyx_L0;
 
@@ -2415,7 +3470,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *     if errcode == SSH_OK:             # <<<<<<<<<<<<<<
  *         return SSH_OK
  *     elif errcode == SSH_ERROR:
- */
+*/
     break;
     case SSH_ERROR:
 
@@ -2425,62 +3480,36 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         raise SSHError(errcode, ssh_get_error(session))             # <<<<<<<<<<<<<<
  *     elif errcode == SSH_EOF:
  *         raise EOF(ssh_get_error(session))
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_SSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 94, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_3 = __Pyx_PyInt_From_int(__pyx_v_errcode); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 94, __pyx_L1_error)
+*/
+    __pyx_t_2 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_SSHError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 94, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 94, __pyx_L1_error)
+    __pyx_t_4 = __Pyx_PyLong_From_int(__pyx_v_errcode); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 94, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_4);
-    __pyx_t_5 = NULL;
-    __pyx_t_6 = 0;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
-      __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_2);
-      if (likely(__pyx_t_5)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-        __Pyx_INCREF(__pyx_t_5);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_2, function);
-        __pyx_t_6 = 1;
-      }
+    __pyx_t_5 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 94, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_3))) {
+      __pyx_t_2 = PyMethod_GET_SELF(__pyx_t_3);
+      assert(__pyx_t_2);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_3);
+      __Pyx_INCREF(__pyx_t_2);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_3, __pyx__function);
+      __pyx_t_6 = 0;
     }
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(__pyx_t_2)) {
-      PyObject *__pyx_temp[3] = {__pyx_t_5, __pyx_t_3, __pyx_t_4};
-      __pyx_t_1 = __Pyx_PyFunction_FastCall(__pyx_t_2, __pyx_temp+1-__pyx_t_6, 2+__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 94, __pyx_L1_error)
-      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-      __Pyx_GOTREF(__pyx_t_1);
-      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    } else
-    #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(__pyx_t_2)) {
-      PyObject *__pyx_temp[3] = {__pyx_t_5, __pyx_t_3, __pyx_t_4};
-      __pyx_t_1 = __Pyx_PyCFunction_FastCall(__pyx_t_2, __pyx_temp+1-__pyx_t_6, 2+__pyx_t_6); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 94, __pyx_L1_error)
-      __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
-      __Pyx_GOTREF(__pyx_t_1);
-      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
-    } else
     #endif
     {
-      __pyx_t_7 = PyTuple_New(2+__pyx_t_6); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 94, __pyx_L1_error)
-      __Pyx_GOTREF(__pyx_t_7);
-      if (__pyx_t_5) {
-        __Pyx_GIVEREF(__pyx_t_5); PyTuple_SET_ITEM(__pyx_t_7, 0, __pyx_t_5); __pyx_t_5 = NULL;
-      }
-      __Pyx_GIVEREF(__pyx_t_3);
-      PyTuple_SET_ITEM(__pyx_t_7, 0+__pyx_t_6, __pyx_t_3);
-      __Pyx_GIVEREF(__pyx_t_4);
-      PyTuple_SET_ITEM(__pyx_t_7, 1+__pyx_t_6, __pyx_t_4);
-      __pyx_t_3 = 0;
-      __pyx_t_4 = 0;
-      __pyx_t_1 = __Pyx_PyObject_Call(__pyx_t_2, __pyx_t_7, NULL); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 94, __pyx_L1_error)
+      PyObject *__pyx_callargs[3] = {__pyx_t_2, __pyx_t_4, __pyx_t_5};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_6, (3-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 94, __pyx_L1_error)
       __Pyx_GOTREF(__pyx_t_1);
-      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
     }
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
     __PYX_ERR(0, 94, __pyx_L1_error)
@@ -2491,7 +3520,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *     elif errcode == SSH_ERROR:             # <<<<<<<<<<<<<<
  *         raise SSHError(errcode, ssh_get_error(session))
  *     elif errcode == SSH_EOF:
- */
+*/
     break;
     case SSH_EOF:
 
@@ -2501,27 +3530,33 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         raise EOF(ssh_get_error(session))             # <<<<<<<<<<<<<<
  *     elif errcode == SSH_AGAIN:
  *         return SSH_AGAIN
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_EOF); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 96, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_7 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 96, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_7);
-    __pyx_t_4 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
-      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2);
-      if (likely(__pyx_t_4)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-        __Pyx_INCREF(__pyx_t_4);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_2, function);
-      }
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_5, __pyx_mstate_global->__pyx_n_u_EOF); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 96, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_5);
+    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 96, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
+    __pyx_t_6 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_5))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_5);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_5);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_5, __pyx__function);
+      __pyx_t_6 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_4};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_5, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_5); __pyx_t_5 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 96, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_t_7) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_7);
-    __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 96, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
     __PYX_ERR(0, 96, __pyx_L1_error)
@@ -2532,7 +3567,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *     elif errcode == SSH_EOF:             # <<<<<<<<<<<<<<
  *         raise EOF(ssh_get_error(session))
  *     elif errcode == SSH_AGAIN:
- */
+*/
     break;
     case SSH_AGAIN:
 
@@ -2542,7 +3577,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         return SSH_AGAIN             # <<<<<<<<<<<<<<
  *     else:
  *         if errcode < 0:
- */
+*/
     __pyx_r = SSH_AGAIN;
     goto __pyx_L0;
 
@@ -2552,7 +3587,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *     elif errcode == SSH_AGAIN:             # <<<<<<<<<<<<<<
  *         return SSH_AGAIN
  *     else:
- */
+*/
     break;
     default:
 
@@ -2562,9 +3597,9 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         if errcode < 0:             # <<<<<<<<<<<<<<
  *             raise OtherError(ssh_get_error(session))
  *         return errcode
- */
-    __pyx_t_8 = ((__pyx_v_errcode < 0) != 0);
-    if (unlikely(__pyx_t_8)) {
+*/
+    __pyx_t_7 = (__pyx_v_errcode < 0);
+    if (unlikely(__pyx_t_7)) {
 
       /* "ssh/utils.pyx":101
  *     else:
@@ -2572,27 +3607,33 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *             raise OtherError(ssh_get_error(session))             # <<<<<<<<<<<<<<
  *         return errcode
  * 
- */
-      __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_OtherError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 101, __pyx_L1_error)
-      __Pyx_GOTREF(__pyx_t_2);
-      __pyx_t_7 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 101, __pyx_L1_error)
-      __Pyx_GOTREF(__pyx_t_7);
-      __pyx_t_4 = NULL;
-      if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
-        __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2);
-        if (likely(__pyx_t_4)) {
-          PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-          __Pyx_INCREF(__pyx_t_4);
-          __Pyx_INCREF(function);
-          __Pyx_DECREF_SET(__pyx_t_2, function);
-        }
+*/
+      __pyx_t_5 = NULL;
+      __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_OtherError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 101, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_4);
+      __pyx_t_3 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 101, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_3);
+      __pyx_t_6 = 1;
+      #if CYTHON_UNPACK_METHODS
+      if (unlikely(PyMethod_Check(__pyx_t_4))) {
+        __pyx_t_5 = PyMethod_GET_SELF(__pyx_t_4);
+        assert(__pyx_t_5);
+        PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+        __Pyx_INCREF(__pyx_t_5);
+        __Pyx_INCREF(__pyx__function);
+        __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+        __pyx_t_6 = 0;
+      }
+      #endif
+      {
+        PyObject *__pyx_callargs[2] = {__pyx_t_5, __pyx_t_3};
+        __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_6, (2-__pyx_t_6) | (__pyx_t_6*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+        __Pyx_XDECREF(__pyx_t_5); __pyx_t_5 = 0;
+        __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+        __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+        if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 101, __pyx_L1_error)
+        __Pyx_GOTREF(__pyx_t_1);
       }
-      __pyx_t_1 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_t_7) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_7);
-      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-      __Pyx_DECREF(__pyx_t_7); __pyx_t_7 = 0;
-      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 101, __pyx_L1_error)
-      __Pyx_GOTREF(__pyx_t_1);
-      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
       __Pyx_Raise(__pyx_t_1, 0, 0, 0);
       __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
       __PYX_ERR(0, 101, __pyx_L1_error)
@@ -2603,7 +3644,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         if errcode < 0:             # <<<<<<<<<<<<<<
  *             raise OtherError(ssh_get_error(session))
  *         return errcode
- */
+*/
     }
 
     /* "ssh/utils.pyx":102
@@ -2612,7 +3653,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  *         return errcode             # <<<<<<<<<<<<<<
  * 
  * 
- */
+*/
     __pyx_r = __pyx_v_errcode;
     goto __pyx_L0;
     break;
@@ -2624,7 +3665,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  * cdef int handle_error_codes(             # <<<<<<<<<<<<<<
  *         int errcode, ssh_session session) except -1:
  *     if errcode == SSH_OK:
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2633,7 +3674,6 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
   __Pyx_XDECREF(__pyx_t_3);
   __Pyx_XDECREF(__pyx_t_4);
   __Pyx_XDECREF(__pyx_t_5);
-  __Pyx_XDECREF(__pyx_t_7);
   __Pyx_AddTraceback("ssh.utils.handle_error_codes", __pyx_clineno, __pyx_lineno, __pyx_filename);
   __pyx_r = -1;
   __pyx_L0:;
@@ -2647,7 +3687,7 @@ static int __pyx_f_3ssh_5utils_handle_error_codes(int __pyx_v_errcode, ssh_sessi
  * cdef int handle_auth_error_codes(int errcode, ssh_session session) except -1:             # <<<<<<<<<<<<<<
  *     if errcode == ssh_auth_e.SSH_AUTH_SUCCESS:
  *         return ssh_auth_e.SSH_AUTH_SUCCESS
- */
+*/
 
 static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_session __pyx_v_session) {
   int __pyx_r;
@@ -2656,7 +3696,8 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
   PyObject *__pyx_t_2 = NULL;
   PyObject *__pyx_t_3 = NULL;
   PyObject *__pyx_t_4 = NULL;
-  int __pyx_t_5;
+  size_t __pyx_t_5;
+  int __pyx_t_6;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -2668,7 +3709,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *     if errcode == ssh_auth_e.SSH_AUTH_SUCCESS:             # <<<<<<<<<<<<<<
  *         return ssh_auth_e.SSH_AUTH_SUCCESS
  *     elif errcode == ssh_auth_e.SSH_AUTH_DENIED:
- */
+*/
   switch (__pyx_v_errcode) {
     case SSH_AUTH_SUCCESS:
 
@@ -2678,7 +3719,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *         return ssh_auth_e.SSH_AUTH_SUCCESS             # <<<<<<<<<<<<<<
  *     elif errcode == ssh_auth_e.SSH_AUTH_DENIED:
  *         raise AuthenticationDenied(ssh_get_error(session))
- */
+*/
     __pyx_r = SSH_AUTH_SUCCESS;
     goto __pyx_L0;
 
@@ -2688,7 +3729,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *     if errcode == ssh_auth_e.SSH_AUTH_SUCCESS:             # <<<<<<<<<<<<<<
  *         return ssh_auth_e.SSH_AUTH_SUCCESS
  *     elif errcode == ssh_auth_e.SSH_AUTH_DENIED:
- */
+*/
     break;
     case SSH_AUTH_DENIED:
 
@@ -2698,27 +3739,33 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *         raise AuthenticationDenied(ssh_get_error(session))             # <<<<<<<<<<<<<<
  *     elif errcode == ssh_auth_e.SSH_AUTH_ERROR:
  *         raise AuthenticationError(ssh_get_error(session))
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_AuthenticationDenied); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 109, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_3 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 109, __pyx_L1_error)
+*/
+    __pyx_t_2 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 109, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
-      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2);
-      if (likely(__pyx_t_4)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-        __Pyx_INCREF(__pyx_t_4);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_2, function);
-      }
+    __pyx_t_4 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 109, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
+    __pyx_t_5 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_3))) {
+      __pyx_t_2 = PyMethod_GET_SELF(__pyx_t_3);
+      assert(__pyx_t_2);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_3);
+      __Pyx_INCREF(__pyx_t_2);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_3, __pyx__function);
+      __pyx_t_5 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_2, __pyx_t_4};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_3, __pyx_callargs+__pyx_t_5, (2-__pyx_t_5) | (__pyx_t_5*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 109, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_t_3) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3);
-    __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 109, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
     __PYX_ERR(0, 109, __pyx_L1_error)
@@ -2729,7 +3776,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *     elif errcode == ssh_auth_e.SSH_AUTH_DENIED:             # <<<<<<<<<<<<<<
  *         raise AuthenticationDenied(ssh_get_error(session))
  *     elif errcode == ssh_auth_e.SSH_AUTH_ERROR:
- */
+*/
     break;
     case SSH_AUTH_ERROR:
 
@@ -2739,27 +3786,33 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *         raise AuthenticationError(ssh_get_error(session))             # <<<<<<<<<<<<<<
  *     elif errcode == ssh_auth_e.SSH_AUTH_PARTIAL:
  *         raise AuthenticationPartial(ssh_get_error(session))
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_AuthenticationError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 111, __pyx_L1_error)
+*/
+    __pyx_t_3 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_4, __pyx_mstate_global->__pyx_n_u_AuthenticationError); if (unlikely(!__pyx_t_4)) __PYX_ERR(0, 111, __pyx_L1_error)
+    __Pyx_GOTREF(__pyx_t_4);
+    __pyx_t_2 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 111, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
-    __pyx_t_3 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 111, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
-      __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2);
-      if (likely(__pyx_t_4)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-        __Pyx_INCREF(__pyx_t_4);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_2, function);
-      }
+    __pyx_t_5 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_4))) {
+      __pyx_t_3 = PyMethod_GET_SELF(__pyx_t_4);
+      assert(__pyx_t_3);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_4);
+      __Pyx_INCREF(__pyx_t_3);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_4, __pyx__function);
+      __pyx_t_5 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_3, __pyx_t_2};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_4, __pyx_callargs+__pyx_t_5, (2-__pyx_t_5) | (__pyx_t_5*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      __Pyx_DECREF(__pyx_t_4); __pyx_t_4 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 111, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_t_3) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3);
-    __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 111, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
     __PYX_ERR(0, 111, __pyx_L1_error)
@@ -2770,7 +3823,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *     elif errcode == ssh_auth_e.SSH_AUTH_ERROR:             # <<<<<<<<<<<<<<
  *         raise AuthenticationError(ssh_get_error(session))
  *     elif errcode == ssh_auth_e.SSH_AUTH_PARTIAL:
- */
+*/
     break;
     case SSH_AUTH_PARTIAL:
 
@@ -2780,27 +3833,33 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *         raise AuthenticationPartial(ssh_get_error(session))             # <<<<<<<<<<<<<<
  *     elif errcode == ssh_auth_e.SSH_AUTH_AGAIN:
  *         return ssh_auth_e.SSH_AUTH_AGAIN
- */
-    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_n_s_AuthenticationPartial); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 113, __pyx_L1_error)
+*/
+    __pyx_t_4 = NULL;
+    __Pyx_GetModuleGlobalName(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 113, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_2);
     __pyx_t_3 = __Pyx_PyBytes_FromString(ssh_get_error(__pyx_v_session)); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 113, __pyx_L1_error)
     __Pyx_GOTREF(__pyx_t_3);
-    __pyx_t_4 = NULL;
-    if (CYTHON_UNPACK_METHODS && unlikely(PyMethod_Check(__pyx_t_2))) {
+    __pyx_t_5 = 1;
+    #if CYTHON_UNPACK_METHODS
+    if (unlikely(PyMethod_Check(__pyx_t_2))) {
       __pyx_t_4 = PyMethod_GET_SELF(__pyx_t_2);
-      if (likely(__pyx_t_4)) {
-        PyObject* function = PyMethod_GET_FUNCTION(__pyx_t_2);
-        __Pyx_INCREF(__pyx_t_4);
-        __Pyx_INCREF(function);
-        __Pyx_DECREF_SET(__pyx_t_2, function);
-      }
+      assert(__pyx_t_4);
+      PyObject* __pyx__function = PyMethod_GET_FUNCTION(__pyx_t_2);
+      __Pyx_INCREF(__pyx_t_4);
+      __Pyx_INCREF(__pyx__function);
+      __Pyx_DECREF_SET(__pyx_t_2, __pyx__function);
+      __pyx_t_5 = 0;
+    }
+    #endif
+    {
+      PyObject *__pyx_callargs[2] = {__pyx_t_4, __pyx_t_3};
+      __pyx_t_1 = __Pyx_PyObject_FastCall(__pyx_t_2, __pyx_callargs+__pyx_t_5, (2-__pyx_t_5) | (__pyx_t_5*__Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET));
+      __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
+      __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+      __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+      if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
+      __Pyx_GOTREF(__pyx_t_1);
     }
-    __pyx_t_1 = (__pyx_t_4) ? __Pyx_PyObject_Call2Args(__pyx_t_2, __pyx_t_4, __pyx_t_3) : __Pyx_PyObject_CallOneArg(__pyx_t_2, __pyx_t_3);
-    __Pyx_XDECREF(__pyx_t_4); __pyx_t_4 = 0;
-    __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
-    if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 113, __pyx_L1_error)
-    __Pyx_GOTREF(__pyx_t_1);
-    __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
     __Pyx_Raise(__pyx_t_1, 0, 0, 0);
     __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
     __PYX_ERR(0, 113, __pyx_L1_error)
@@ -2811,7 +3870,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *     elif errcode == ssh_auth_e.SSH_AUTH_PARTIAL:             # <<<<<<<<<<<<<<
  *         raise AuthenticationPartial(ssh_get_error(session))
  *     elif errcode == ssh_auth_e.SSH_AUTH_AGAIN:
- */
+*/
     break;
     case SSH_AUTH_AGAIN:
 
@@ -2821,7 +3880,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *         return ssh_auth_e.SSH_AUTH_AGAIN             # <<<<<<<<<<<<<<
  *     else:
  *         return handle_error_codes(errcode, session)
- */
+*/
     __pyx_r = SSH_AUTH_AGAIN;
     goto __pyx_L0;
 
@@ -2831,7 +3890,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *     elif errcode == ssh_auth_e.SSH_AUTH_AGAIN:             # <<<<<<<<<<<<<<
  *         return ssh_auth_e.SSH_AUTH_AGAIN
  *     else:
- */
+*/
     break;
     default:
 
@@ -2839,9 +3898,9 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  *         return ssh_auth_e.SSH_AUTH_AGAIN
  *     else:
  *         return handle_error_codes(errcode, session)             # <<<<<<<<<<<<<<
- */
-    __pyx_t_5 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_errcode, __pyx_v_session); if (unlikely(__pyx_t_5 == ((int)-1))) __PYX_ERR(0, 117, __pyx_L1_error)
-    __pyx_r = __pyx_t_5;
+*/
+    __pyx_t_6 = __pyx_f_3ssh_5utils_handle_error_codes(__pyx_v_errcode, __pyx_v_session); if (unlikely(__pyx_t_6 == ((int)-1))) __PYX_ERR(0, 117, __pyx_L1_error)
+    __pyx_r = __pyx_t_6;
     goto __pyx_L0;
     break;
   }
@@ -2852,7 +3911,7 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
  * cdef int handle_auth_error_codes(int errcode, ssh_session session) except -1:             # <<<<<<<<<<<<<<
  *     if errcode == ssh_auth_e.SSH_AUTH_SUCCESS:
  *         return ssh_auth_e.SSH_AUTH_SUCCESS
- */
+*/
 
   /* function exit code */
   __pyx_L1_error:;
@@ -2866,146 +3925,47 @@ static int __pyx_f_3ssh_5utils_handle_auth_error_codes(int __pyx_v_errcode, ssh_
   __Pyx_RefNannyFinishContext();
   return __pyx_r;
 }
+/* #### Code section: module_exttypes ### */
 
 static PyMethodDef __pyx_methods[] = {
   {0, 0, 0, 0}
 };
-
-#if PY_MAJOR_VERSION >= 3
-#if CYTHON_PEP489_MULTI_PHASE_INIT
-static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
-static int __pyx_pymod_exec_utils(PyObject* module); /*proto*/
-static PyModuleDef_Slot __pyx_moduledef_slots[] = {
-  {Py_mod_create, (void*)__pyx_pymod_create},
-  {Py_mod_exec, (void*)__pyx_pymod_exec_utils},
-  {0, NULL}
-};
-#endif
-
-static struct PyModuleDef __pyx_moduledef = {
-    PyModuleDef_HEAD_INIT,
-    "utils",
-    0, /* m_doc */
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    0, /* m_size */
-  #else
-    -1, /* m_size */
-  #endif
-    __pyx_methods /* m_methods */,
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-    __pyx_moduledef_slots, /* m_slots */
-  #else
-    NULL, /* m_reload */
-  #endif
-    NULL, /* m_traverse */
-    NULL, /* m_clear */
-    NULL /* m_free */
-};
-#endif
-#ifndef CYTHON_SMALL_CODE
-#if defined(__clang__)
-    #define CYTHON_SMALL_CODE
-#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
-    #define CYTHON_SMALL_CODE __attribute__((cold))
-#else
-    #define CYTHON_SMALL_CODE
-#endif
-#endif
-
-static __Pyx_StringTabEntry __pyx_string_tab[] = {
-  {&__pyx_n_s_AuthenticationDenied, __pyx_k_AuthenticationDenied, sizeof(__pyx_k_AuthenticationDenied), 0, 0, 1, 1},
-  {&__pyx_n_s_AuthenticationError, __pyx_k_AuthenticationError, sizeof(__pyx_k_AuthenticationError), 0, 0, 1, 1},
-  {&__pyx_n_s_AuthenticationPartial, __pyx_k_AuthenticationPartial, sizeof(__pyx_k_AuthenticationPartial), 0, 0, 1, 1},
-  {&__pyx_n_s_ENCODING, __pyx_k_ENCODING, sizeof(__pyx_k_ENCODING), 0, 0, 1, 1},
-  {&__pyx_n_s_EOF, __pyx_k_EOF, sizeof(__pyx_k_EOF), 0, 0, 1, 1},
-  {&__pyx_n_s_MemoryError, __pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 0, 1, 1},
-  {&__pyx_n_s_OtherError, __pyx_k_OtherError, sizeof(__pyx_k_OtherError), 0, 0, 1, 1},
-  {&__pyx_n_s_SSHError, __pyx_k_SSHError, sizeof(__pyx_k_SSHError), 0, 0, 1, 1},
-  {&__pyx_n_s_cline_in_traceback, __pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 0, 1, 1},
-  {&__pyx_n_s_decode, __pyx_k_decode, sizeof(__pyx_k_decode), 0, 0, 1, 1},
-  {&__pyx_n_s_directions, __pyx_k_directions, sizeof(__pyx_k_directions), 0, 0, 1, 1},
-  {&__pyx_n_s_encode, __pyx_k_encode, sizeof(__pyx_k_encode), 0, 0, 1, 1},
-  {&__pyx_n_s_exceptions, __pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 0, 1, 1},
-  {&__pyx_n_s_get_poll_flags, __pyx_k_get_poll_flags, sizeof(__pyx_k_get_poll_flags), 0, 0, 1, 1},
-  {&__pyx_n_s_import, __pyx_k_import, sizeof(__pyx_k_import), 0, 0, 1, 1},
-  {&__pyx_n_s_main, __pyx_k_main, sizeof(__pyx_k_main), 0, 0, 1, 1},
-  {&__pyx_n_s_name, __pyx_k_name, sizeof(__pyx_k_name), 0, 0, 1, 1},
-  {&__pyx_n_s_readfds, __pyx_k_readfds, sizeof(__pyx_k_readfds), 0, 0, 1, 1},
-  {&__pyx_n_s_select, __pyx_k_select, sizeof(__pyx_k_select), 0, 0, 1, 1},
-  {&__pyx_n_s_session, __pyx_k_session, sizeof(__pyx_k_session), 0, 0, 1, 1},
-  {&__pyx_n_s_sock, __pyx_k_sock, sizeof(__pyx_k_sock), 0, 0, 1, 1},
-  {&__pyx_n_s_ssh_utils, __pyx_k_ssh_utils, sizeof(__pyx_k_ssh_utils), 0, 0, 1, 1},
-  {&__pyx_kp_s_ssh_utils_pyx, __pyx_k_ssh_utils_pyx, sizeof(__pyx_k_ssh_utils_pyx), 0, 0, 1, 0},
-  {&__pyx_n_s_test, __pyx_k_test, sizeof(__pyx_k_test), 0, 0, 1, 1},
-  {&__pyx_n_s_timeout, __pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 0, 1, 1},
-  {&__pyx_kp_s_utf_8, __pyx_k_utf_8, sizeof(__pyx_k_utf_8), 0, 0, 1, 0},
-  {&__pyx_n_s_wait_socket, __pyx_k_wait_socket, sizeof(__pyx_k_wait_socket), 0, 0, 1, 1},
-  {&__pyx_n_s_writefds, __pyx_k_writefds, sizeof(__pyx_k_writefds), 0, 0, 1, 1},
-  {0, 0, 0, 0, 0, 0, 0}
-};
-static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(void) {
-  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_n_s_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 65, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(void) {
-  __Pyx_RefNannyDeclarations
-  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
-
-  /* "ssh/utils.pyx":73
- * 
- * 
- * def wait_socket(session not None, sock not None, timeout=None):             # <<<<<<<<<<<<<<
- *     """Helper function for testing non-blocking mode.
- * 
- */
-  __pyx_tuple_ = PyTuple_Pack(6, __pyx_n_s_session, __pyx_n_s_sock, __pyx_n_s_timeout, __pyx_n_s_directions, __pyx_n_s_readfds, __pyx_n_s_writefds); if (unlikely(!__pyx_tuple_)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_tuple_);
-  __Pyx_GIVEREF(__pyx_tuple_);
-  __pyx_codeobj__2 = (PyObject*)__Pyx_PyCode_New(3, 0, 6, 0, CO_OPTIMIZED|CO_NEWLOCALS, __pyx_empty_bytes, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_tuple_, __pyx_empty_tuple, __pyx_empty_tuple, __pyx_kp_s_ssh_utils_pyx, __pyx_n_s_wait_socket, 73, __pyx_empty_bytes); if (unlikely(!__pyx_codeobj__2)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_RefNannyFinishContext();
-  return 0;
-  __pyx_L1_error:;
-  __Pyx_RefNannyFinishContext();
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void) {
-  if (__Pyx_InitStrings(__pyx_string_tab) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  __pyx_int_0 = PyInt_FromLong(0); if (unlikely(!__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  return 0;
-  __pyx_L1_error:;
-  return -1;
-}
-
-static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(void); /*proto*/
-static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(void); /*proto*/
-
-static int __Pyx_modinit_global_init_code(void) {
+/* #### Code section: initfunc_declarations ### */
+static CYTHON_SMALL_CODE int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitGlobals(void); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate); /*proto*/
+static CYTHON_SMALL_CODE int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate); /*proto*/
+/* #### Code section: init_module ### */
+
+static int __Pyx_modinit_global_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_global_init_code", 0);
   /*--- Global init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_export_code(void) {
+static int __Pyx_modinit_variable_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_export_code", 0);
   /*--- Variable export code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_export_code(void) {
+static int __Pyx_modinit_function_export_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3024,82 +3984,157 @@ static int __Pyx_modinit_function_export_code(void) {
   return -1;
 }
 
-static int __Pyx_modinit_type_init_code(void) {
+static int __Pyx_modinit_type_init_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_init_code", 0);
   /*--- Type init code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_type_import_code(void) {
+static int __Pyx_modinit_type_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_type_import_code", 0);
   /*--- Type import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_variable_import_code(void) {
+static int __Pyx_modinit_variable_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_variable_import_code", 0);
   /*--- Variable import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
-static int __Pyx_modinit_function_import_code(void) {
+static int __Pyx_modinit_function_import_code(__pyx_mstatetype *__pyx_mstate) {
   __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
   __Pyx_RefNannySetupContext("__Pyx_modinit_function_import_code", 0);
   /*--- Function import code ---*/
   __Pyx_RefNannyFinishContext();
   return 0;
 }
 
+#if CYTHON_PEP489_MULTI_PHASE_INIT
+static PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def); /*proto*/
+static int __pyx_pymod_exec_utils(PyObject* module); /*proto*/
+static PyModuleDef_Slot __pyx_moduledef_slots[] = {
+  {Py_mod_create, (void*)__pyx_pymod_create},
+  {Py_mod_exec, (void*)__pyx_pymod_exec_utils},
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  {Py_mod_gil, Py_MOD_GIL_USED},
+  #endif
+  #if PY_VERSION_HEX >= 0x030C0000 && CYTHON_USE_MODULE_STATE
+  {Py_mod_multiple_interpreters, Py_MOD_MULTIPLE_INTERPRETERS_NOT_SUPPORTED},
+  #endif
+  {0, NULL}
+};
+#endif
 
-#ifndef CYTHON_NO_PYINIT_EXPORT
-#define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
-#elif PY_MAJOR_VERSION < 3
 #ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" void
-#else
-#define __Pyx_PyMODINIT_FUNC void
+namespace {
+  struct PyModuleDef __pyx_moduledef =
+  #else
+  static struct PyModuleDef __pyx_moduledef =
+  #endif
+  {
+      PyModuleDef_HEAD_INIT,
+      "utils",
+      0, /* m_doc */
+    #if CYTHON_USE_MODULE_STATE
+      sizeof(__pyx_mstatetype), /* m_size */
+    #else
+      (CYTHON_PEP489_MULTI_PHASE_INIT) ? 0 : -1, /* m_size */
+    #endif
+      __pyx_methods /* m_methods */,
+    #if CYTHON_PEP489_MULTI_PHASE_INIT
+      __pyx_moduledef_slots, /* m_slots */
+    #else
+      NULL, /* m_reload */
+    #endif
+    #if CYTHON_USE_MODULE_STATE
+      __pyx_m_traverse, /* m_traverse */
+      __pyx_m_clear, /* m_clear */
+      NULL /* m_free */
+    #else
+      NULL, /* m_traverse */
+      NULL, /* m_clear */
+      NULL /* m_free */
+    #endif
+  };
+  #ifdef __cplusplus
+} /* anonymous namespace */
 #endif
+
+/* PyModInitFuncType */
+#ifndef CYTHON_NO_PYINIT_EXPORT
+  #define __Pyx_PyMODINIT_FUNC PyMODINIT_FUNC
 #else
-#ifdef __cplusplus
-#define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
-#else
-#define __Pyx_PyMODINIT_FUNC PyObject *
-#endif
+  #ifdef __cplusplus
+  #define __Pyx_PyMODINIT_FUNC extern "C" PyObject *
+  #else
+  #define __Pyx_PyMODINIT_FUNC PyObject *
+  #endif
 #endif
 
-
-#if PY_MAJOR_VERSION < 3
-__Pyx_PyMODINIT_FUNC initutils(void) CYTHON_SMALL_CODE; /*proto*/
-__Pyx_PyMODINIT_FUNC initutils(void)
-#else
 __Pyx_PyMODINIT_FUNC PyInit_utils(void) CYTHON_SMALL_CODE; /*proto*/
 __Pyx_PyMODINIT_FUNC PyInit_utils(void)
 #if CYTHON_PEP489_MULTI_PHASE_INIT
 {
   return PyModuleDef_Init(&__pyx_moduledef);
 }
+/* ModuleCreationPEP489 */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+static PY_INT64_T __Pyx_GetCurrentInterpreterId(void) {
+    {
+        PyObject *module = PyImport_ImportModule("_interpreters"); // 3.13+ I think
+        if (!module) {
+            PyErr_Clear(); // just try the 3.8-3.12 version
+            module = PyImport_ImportModule("_xxsubinterpreters");
+            if (!module) goto bad;
+        }
+        PyObject *current = PyObject_CallMethod(module, "get_current", NULL);
+        Py_DECREF(module);
+        if (!current) goto bad;
+        if (PyTuple_Check(current)) {
+            PyObject *new_current = PySequence_GetItem(current, 0);
+            Py_DECREF(current);
+            current = new_current;
+            if (!new_current) goto bad;
+        }
+        long long as_c_int = PyLong_AsLongLong(current);
+        Py_DECREF(current);
+        return as_c_int;
+    }
+  bad:
+    PySys_WriteStderr("__Pyx_GetCurrentInterpreterId failed. Try setting the C define CYTHON_PEP489_MULTI_PHASE_INIT=0\n");
+    return -1;
+}
+#endif
+#if !CYTHON_USE_MODULE_STATE
 static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
-    #if PY_VERSION_HEX >= 0x030700A1
     static PY_INT64_T main_interpreter_id = -1;
+#if CYTHON_COMPILING_IN_GRAAL
+    PY_INT64_T current_id = PyInterpreterState_GetIDFromThreadState(PyThreadState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX >= 0x03090000
+    PY_INT64_T current_id = PyInterpreterState_GetID(PyInterpreterState_Get());
+#elif CYTHON_COMPILING_IN_LIMITED_API
+    PY_INT64_T current_id = __Pyx_GetCurrentInterpreterId();
+#else
     PY_INT64_T current_id = PyInterpreterState_GetID(PyThreadState_Get()->interp);
+#endif
+    if (unlikely(current_id == -1)) {
+        return -1;
+    }
     if (main_interpreter_id == -1) {
         main_interpreter_id = current_id;
-        return (unlikely(current_id == -1)) ? -1 : 0;
-    } else if (unlikely(main_interpreter_id != current_id))
-    #else
-    static PyInterpreterState *main_interpreter = NULL;
-    PyInterpreterState *current_interpreter = PyThreadState_Get()->interp;
-    if (!main_interpreter) {
-        main_interpreter = current_interpreter;
-    } else if (unlikely(main_interpreter != current_interpreter))
-    #endif
-    {
+        return 0;
+    } else if (unlikely(main_interpreter_id != current_id)) {
         PyErr_SetString(
             PyExc_ImportError,
             "Interpreter change detected - this module can only be loaded into one interpreter per process.");
@@ -3107,7 +4142,9 @@ static CYTHON_SMALL_CODE int __Pyx_check_single_interpreter(void) {
     }
     return 0;
 }
-static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none) {
+#endif
+static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject *moddict, const char* from_name, const char* to_name, int allow_none)
+{
     PyObject *value = PyObject_GetAttrString(spec, from_name);
     int result = 0;
     if (likely(value)) {
@@ -3122,10 +4159,13 @@ static CYTHON_SMALL_CODE int __Pyx_copy_spec_to_module(PyObject *spec, PyObject
     }
     return result;
 }
-static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNUSED PyModuleDef *def) {
+static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, PyModuleDef *def) {
     PyObject *module = NULL, *moddict, *modname;
+    CYTHON_UNUSED_VAR(def);
+    #if !CYTHON_USE_MODULE_STATE
     if (__Pyx_check_single_interpreter())
         return NULL;
+    #endif
     if (__pyx_m)
         return __Pyx_NewRef(__pyx_m);
     modname = PyObject_GetAttrString(spec, "name");
@@ -3148,10 +4188,15 @@ static CYTHON_SMALL_CODE PyObject* __pyx_pymod_create(PyObject *spec, CYTHON_UNU
 
 static CYTHON_SMALL_CODE int __pyx_pymod_exec_utils(PyObject *__pyx_pyinit_module)
 #endif
-#endif
 {
+  int stringtab_initialized = 0;
+  #if CYTHON_USE_MODULE_STATE
+  int pystate_addmodule_run = 0;
+  #endif
+  __pyx_mstatetype *__pyx_mstate = NULL;
   PyObject *__pyx_t_1 = NULL;
   PyObject *__pyx_t_2 = NULL;
+  PyObject *__pyx_t_3 = NULL;
   int __pyx_lineno = 0;
   const char *__pyx_filename = NULL;
   int __pyx_clineno = 0;
@@ -3162,9 +4207,37 @@ static CYTHON_SMALL_CODE int __pyx_pymod_exec_utils(PyObject *__pyx_pyinit_modul
     PyErr_SetString(PyExc_RuntimeError, "Module 'utils' has already been imported. Re-initialisation is not supported.");
     return -1;
   }
-  #elif PY_MAJOR_VERSION >= 3
+  #else
   if (__pyx_m) return __Pyx_NewRef(__pyx_m);
   #endif
+  /*--- Module creation code ---*/
+  #if CYTHON_PEP489_MULTI_PHASE_INIT
+  __pyx_t_1 = __pyx_pyinit_module;
+  Py_INCREF(__pyx_t_1);
+  #else
+  __pyx_t_1 = PyModule_Create(&__pyx_moduledef); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #if CYTHON_USE_MODULE_STATE
+  {
+    int add_module_result = __Pyx_State_AddModule(__pyx_t_1, &__pyx_moduledef);
+    __pyx_t_1 = 0; /* transfer ownership from __pyx_t_1 to "utils" pseudovariable */
+    if (unlikely((add_module_result < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+    pystate_addmodule_run = 1;
+  }
+  #else
+  __pyx_m = __pyx_t_1;
+  #endif
+  #if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+  PyUnstable_Module_SetGIL(__pyx_m, Py_MOD_GIL_USED);
+  #endif
+  __pyx_mstate = __pyx_mstate_global;
+  CYTHON_UNUSED_VAR(__pyx_t_1);
+  __pyx_mstate->__pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_mstate->__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
+  Py_INCREF(__pyx_mstate->__pyx_d);
+  __pyx_mstate->__pyx_b = __Pyx_PyImport_AddModuleRef(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_mstate->__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_cython_runtime = __Pyx_PyImport_AddModuleRef("cython_runtime"); if (unlikely(!__pyx_mstate->__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_mstate->__pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  /* ImportRefnannyAPI */
   #if CYTHON_REFNANNY
 __Pyx_RefNanny = __Pyx_RefNannyImportAPI("refnanny");
 if (!__Pyx_RefNanny) {
@@ -3174,88 +4247,61 @@ if (!__Pyx_RefNanny) {
       Py_FatalError("failed to import 'refnanny' module");
 }
 #endif
-  __Pyx_RefNannySetupContext("__Pyx_PyMODINIT_FUNC PyInit_utils(void)", 0);
-  if (__Pyx_check_binary_version() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+
+__Pyx_RefNannySetupContext("PyInit_utils", 0);
+  if (__Pyx_check_binary_version(__PYX_LIMITED_VERSION_HEX, __Pyx_get_runtime_version(), CYTHON_COMPILING_IN_LIMITED_API) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #ifdef __Pxy_PyFrame_Initialize_Offsets
   __Pxy_PyFrame_Initialize_Offsets();
   #endif
-  __pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #ifdef __Pyx_CyFunction_USED
-  if (__pyx_CyFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_tuple = PyTuple_New(0); if (unlikely(!__pyx_mstate->__pyx_empty_tuple)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_bytes = PyBytes_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_bytes)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __pyx_mstate->__pyx_empty_unicode = PyUnicode_FromStringAndSize("", 0); if (unlikely(!__pyx_mstate->__pyx_empty_unicode)) __PYX_ERR(0, 1, __pyx_L1_error)
+  /*--- Initialize various global constants etc. ---*/
+  if (__Pyx_InitConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  stringtab_initialized = 1;
+  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #if 0 || defined(__Pyx_CyFunction_USED) || defined(__Pyx_FusedFunction_USED) || defined(__Pyx_Coroutine_USED) || defined(__Pyx_Generator_USED) || defined(__Pyx_AsyncGen_USED)
+  if (__pyx_CommonTypesMetaclass_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  #endif
+  #ifdef __Pyx_CyFunction_USED
+  if (__pyx_CyFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_FusedFunction_USED
-  if (__pyx_FusedFunction_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_FusedFunction_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Coroutine_USED
-  if (__pyx_Coroutine_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Coroutine_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_Generator_USED
-  if (__pyx_Generator_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_Generator_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   #ifdef __Pyx_AsyncGen_USED
-  if (__pyx_AsyncGen_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  #ifdef __Pyx_StopAsyncIteration_USED
-  if (__pyx_StopAsyncIteration_init() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__pyx_AsyncGen_init(__pyx_m) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   #endif
   /*--- Library function declarations ---*/
-  /*--- Threads initialization code ---*/
-  #if defined(WITH_THREAD) && PY_VERSION_HEX < 0x030700F0 && defined(__PYX_FORCE_INIT_THREADS) && __PYX_FORCE_INIT_THREADS
-  PyEval_InitThreads();
-  #endif
-  /*--- Module creation code ---*/
-  #if CYTHON_PEP489_MULTI_PHASE_INIT
-  __pyx_m = __pyx_pyinit_module;
-  Py_INCREF(__pyx_m);
-  #else
-  #if PY_MAJOR_VERSION < 3
-  __pyx_m = Py_InitModule4("utils", __pyx_methods, 0, 0, PYTHON_API_VERSION); Py_XINCREF(__pyx_m);
-  #else
-  __pyx_m = PyModule_Create(&__pyx_moduledef);
-  #endif
-  if (unlikely(!__pyx_m)) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
-  __pyx_d = PyModule_GetDict(__pyx_m); if (unlikely(!__pyx_d)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_d);
-  __pyx_b = PyImport_AddModule(__Pyx_BUILTIN_MODULE_NAME); if (unlikely(!__pyx_b)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_b);
-  __pyx_cython_runtime = PyImport_AddModule((char *) "cython_runtime"); if (unlikely(!__pyx_cython_runtime)) __PYX_ERR(0, 1, __pyx_L1_error)
-  Py_INCREF(__pyx_cython_runtime);
-  if (PyObject_SetAttrString(__pyx_m, "__builtins__", __pyx_b) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
-  /*--- Initialize various global constants etc. ---*/
-  if (__Pyx_InitGlobals() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #if PY_MAJOR_VERSION < 3 && (__PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT)
-  if (__Pyx_init_sys_getdefaultencoding_params() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
   if (__pyx_module_is_main_ssh__utils) {
-    if (PyObject_SetAttr(__pyx_m, __pyx_n_s_name, __pyx_n_s_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+    if (PyObject_SetAttr(__pyx_m, __pyx_mstate_global->__pyx_n_u_name, __pyx_mstate_global->__pyx_n_u_main) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   }
-  #if PY_MAJOR_VERSION >= 3
   {
     PyObject *modules = PyImport_GetModuleDict(); if (unlikely(!modules)) __PYX_ERR(0, 1, __pyx_L1_error)
     if (!PyDict_GetItemString(modules, "ssh.utils")) {
-      if (unlikely(PyDict_SetItemString(modules, "ssh.utils", __pyx_m) < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
+      if (unlikely((PyDict_SetItemString(modules, "ssh.utils", __pyx_m) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
     }
   }
-  #endif
   /*--- Builtin init code ---*/
-  if (__Pyx_InitCachedBuiltins() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedBuiltins(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Constants init code ---*/
-  if (__Pyx_InitCachedConstants() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_InitCachedConstants(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  if (__Pyx_CreateCodeObjects(__pyx_mstate) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
   /*--- Global type/function init code ---*/
-  (void)__Pyx_modinit_global_init_code();
-  (void)__Pyx_modinit_variable_export_code();
-  if (unlikely(__Pyx_modinit_function_export_code() < 0)) __PYX_ERR(0, 1, __pyx_L1_error)
-  (void)__Pyx_modinit_type_init_code();
-  (void)__Pyx_modinit_type_import_code();
-  (void)__Pyx_modinit_variable_import_code();
-  (void)__Pyx_modinit_function_import_code();
+  (void)__Pyx_modinit_global_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_export_code(__pyx_mstate);
+  if (unlikely((__Pyx_modinit_function_export_code(__pyx_mstate) < 0))) __PYX_ERR(0, 1, __pyx_L1_error)
+  (void)__Pyx_modinit_type_init_code(__pyx_mstate);
+  (void)__Pyx_modinit_type_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_variable_import_code(__pyx_mstate);
+  (void)__Pyx_modinit_function_import_code(__pyx_mstate);
   /*--- Execution code ---*/
-  #if defined(__Pyx_Generator_USED) || defined(__Pyx_Coroutine_USED)
-  if (__Pyx_patch_abc() < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  #endif
 
   /* "ssh/utils.pyx":17
  * # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
@@ -3263,76 +4309,55 @@ if (!__Pyx_RefNanny) {
  * from select import select             # <<<<<<<<<<<<<<
  * 
  * from cpython.version cimport PY_MAJOR_VERSION
- */
-  __pyx_t_1 = PyList_New(1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 17, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_INCREF(__pyx_n_s_select);
-  __Pyx_GIVEREF(__pyx_n_s_select);
-  PyList_SET_ITEM(__pyx_t_1, 0, __pyx_n_s_select);
-  __pyx_t_2 = __Pyx_Import(__pyx_n_s_select, __pyx_t_1, -1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 17, __pyx_L1_error)
+*/
+  __pyx_t_2 = __Pyx_PyList_Pack(1, __pyx_mstate_global->__pyx_n_u_select); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 17, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
-  __pyx_t_1 = __Pyx_ImportFrom(__pyx_t_2, __pyx_n_s_select); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 17, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_select, __pyx_t_1) < 0) __PYX_ERR(0, 17, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+  __pyx_t_3 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_select, __pyx_t_2, 0); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 17, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_3, __pyx_mstate_global->__pyx_n_u_select); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 17, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_select, __pyx_t_2) < 0) __PYX_ERR(0, 17, __pyx_L1_error)
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
 
   /* "ssh/utils.pyx":26
  *     SSH_WRITE_PENDING
  * 
- * from exceptions import OtherError, \             # <<<<<<<<<<<<<<
+ * from .exceptions import OtherError, \             # <<<<<<<<<<<<<<
  *     AuthenticationPartial, AuthenticationDenied, AuthenticationError, \
  *     SSHError, EOF
- */
-  __pyx_t_2 = PyList_New(6); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  __Pyx_INCREF(__pyx_n_s_OtherError);
-  __Pyx_GIVEREF(__pyx_n_s_OtherError);
-  PyList_SET_ITEM(__pyx_t_2, 0, __pyx_n_s_OtherError);
-  __Pyx_INCREF(__pyx_n_s_AuthenticationPartial);
-  __Pyx_GIVEREF(__pyx_n_s_AuthenticationPartial);
-  PyList_SET_ITEM(__pyx_t_2, 1, __pyx_n_s_AuthenticationPartial);
-  __Pyx_INCREF(__pyx_n_s_AuthenticationDenied);
-  __Pyx_GIVEREF(__pyx_n_s_AuthenticationDenied);
-  PyList_SET_ITEM(__pyx_t_2, 2, __pyx_n_s_AuthenticationDenied);
-  __Pyx_INCREF(__pyx_n_s_AuthenticationError);
-  __Pyx_GIVEREF(__pyx_n_s_AuthenticationError);
-  PyList_SET_ITEM(__pyx_t_2, 3, __pyx_n_s_AuthenticationError);
-  __Pyx_INCREF(__pyx_n_s_SSHError);
-  __Pyx_GIVEREF(__pyx_n_s_SSHError);
-  PyList_SET_ITEM(__pyx_t_2, 4, __pyx_n_s_SSHError);
-  __Pyx_INCREF(__pyx_n_s_EOF);
-  __Pyx_GIVEREF(__pyx_n_s_EOF);
-  PyList_SET_ITEM(__pyx_t_2, 5, __pyx_n_s_EOF);
-  __pyx_t_1 = __Pyx_Import(__pyx_n_s_exceptions, __pyx_t_2, -1); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_OtherError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_OtherError, __pyx_t_2) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_AuthenticationPartial); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AuthenticationPartial, __pyx_t_2) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_AuthenticationDenied); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AuthenticationDenied, __pyx_t_2) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_AuthenticationError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_AuthenticationError, __pyx_t_2) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_SSHError); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_SSHError, __pyx_t_2) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __pyx_t_2 = __Pyx_ImportFrom(__pyx_t_1, __pyx_n_s_EOF); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
+*/
+  __pyx_t_3 = __Pyx_PyList_Pack(6, __pyx_mstate_global->__pyx_n_u_OtherError, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied, __pyx_mstate_global->__pyx_n_u_AuthenticationError, __pyx_mstate_global->__pyx_n_u_SSHError, __pyx_mstate_global->__pyx_n_u_EOF); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  __pyx_t_2 = __Pyx_Import(__pyx_mstate_global->__pyx_n_u_exceptions, __pyx_t_3, 1); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 26, __pyx_L1_error)
   __Pyx_GOTREF(__pyx_t_2);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_EOF, __pyx_t_2) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_ImportFrom(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_OtherError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_OtherError, __pyx_t_3) < 0) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_ImportFrom(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AuthenticationPartial, __pyx_t_3) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_ImportFrom(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AuthenticationDenied, __pyx_t_3) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_ImportFrom(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_AuthenticationError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_AuthenticationError, __pyx_t_3) < 0) __PYX_ERR(0, 27, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_ImportFrom(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_SSHError); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_SSHError, __pyx_t_3) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
+  __pyx_t_3 = __Pyx_ImportFrom(__pyx_t_2, __pyx_mstate_global->__pyx_n_u_EOF); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 26, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_3);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_EOF, __pyx_t_3) < 0) __PYX_ERR(0, 28, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_3); __pyx_t_3 = 0;
   __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
 
   /* "ssh/utils.pyx":31
  * 
@@ -3340,8 +4365,8 @@ if (!__Pyx_RefNanny) {
  * ENCODING='utf-8'             # <<<<<<<<<<<<<<
  * 
  * 
- */
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_ENCODING, __pyx_kp_s_utf_8) < 0) __PYX_ERR(0, 31, __pyx_L1_error)
+*/
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_ENCODING, __pyx_mstate_global->__pyx_kp_u_utf_8) < 0) __PYX_ERR(0, 31, __pyx_L1_error)
 
   /* "ssh/utils.pyx":73
  * 
@@ -3349,33 +4374,44 @@ if (!__Pyx_RefNanny) {
  * def wait_socket(session not None, sock not None, timeout=None):             # <<<<<<<<<<<<<<
  *     """Helper function for testing non-blocking mode.
  * 
- */
-  __pyx_t_1 = PyCFunction_NewEx(&__pyx_mdef_3ssh_5utils_1wait_socket, NULL, __pyx_n_s_ssh_utils); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_wait_socket, __pyx_t_1) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_CyFunction_New(&__pyx_mdef_3ssh_5utils_1wait_socket, 0, __pyx_mstate_global->__pyx_n_u_wait_socket, NULL, __pyx_mstate_global->__pyx_n_u_ssh_utils, __pyx_mstate_global->__pyx_d, ((PyObject *)__pyx_mstate_global->__pyx_codeobj_tab[0])); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  __Pyx_CyFunction_SetDefaultsTuple(__pyx_t_2, __pyx_mstate_global->__pyx_tuple[0]);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_wait_socket, __pyx_t_2) < 0) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /* "ssh/utils.pyx":1
  * # This file is part of ssh-python.             # <<<<<<<<<<<<<<
  * # Copyright (C) 2018 Panos Kittenis
  * #
- */
-  __pyx_t_1 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_GOTREF(__pyx_t_1);
-  if (PyDict_SetItem(__pyx_d, __pyx_n_s_test, __pyx_t_1) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
-  __Pyx_DECREF(__pyx_t_1); __pyx_t_1 = 0;
+*/
+  __pyx_t_2 = __Pyx_PyDict_NewPresized(0); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_t_2);
+  if (PyDict_SetItem(__pyx_mstate_global->__pyx_d, __pyx_mstate_global->__pyx_n_u_test, __pyx_t_2) < 0) __PYX_ERR(0, 1, __pyx_L1_error)
+  __Pyx_DECREF(__pyx_t_2); __pyx_t_2 = 0;
 
   /*--- Wrapped vars code ---*/
 
   goto __pyx_L0;
   __pyx_L1_error:;
-  __Pyx_XDECREF(__pyx_t_1);
   __Pyx_XDECREF(__pyx_t_2);
+  __Pyx_XDECREF(__pyx_t_3);
   if (__pyx_m) {
-    if (__pyx_d) {
+    if (__pyx_mstate->__pyx_d && stringtab_initialized) {
       __Pyx_AddTraceback("init ssh.utils", __pyx_clineno, __pyx_lineno, __pyx_filename);
     }
+    #if !CYTHON_USE_MODULE_STATE
     Py_CLEAR(__pyx_m);
+    #else
+    Py_DECREF(__pyx_m);
+    if (pystate_addmodule_run) {
+      PyObject *tp, *value, *tb;
+      PyErr_Fetch(&tp, &value, &tb);
+      PyState_RemoveModule(&__pyx_moduledef);
+      PyErr_Restore(tp, value, tb);
+    }
+    #endif
   } else if (!PyErr_Occurred()) {
     PyErr_SetString(PyExc_ImportError, "init ssh.utils");
   }
@@ -3383,12 +4419,200 @@ if (!__Pyx_RefNanny) {
   __Pyx_RefNannyFinishContext();
   #if CYTHON_PEP489_MULTI_PHASE_INIT
   return (__pyx_m != NULL) ? 0 : -1;
-  #elif PY_MAJOR_VERSION >= 3
-  return __pyx_m;
   #else
-  return;
+  return __pyx_m;
   #endif
 }
+/* #### Code section: pystring_table ### */
+
+typedef struct {
+    const char *s;
+#if 21 <= 65535
+    const unsigned short n;
+#elif 21 / 2 < INT_MAX
+    const unsigned int n;
+#elif 21 / 2 < LONG_MAX
+    const unsigned long n;
+#else
+    const Py_ssize_t n;
+#endif
+#if 1 <= 31
+    const unsigned int encoding : 5;
+#elif 1 <= 255
+    const unsigned char encoding;
+#elif 1 <= 65535
+    const unsigned short encoding;
+#else
+    const Py_ssize_t encoding;
+#endif
+    const unsigned int is_unicode : 1;
+    const unsigned int intern : 1;
+} __Pyx_StringTabEntry;
+static const char * const __pyx_string_tab_encodings[] = { 0 };
+static const __Pyx_StringTabEntry __pyx_string_tab[] = {
+  {__pyx_k_, sizeof(__pyx_k_), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ */
+  {__pyx_k_AuthenticationDenied, sizeof(__pyx_k_AuthenticationDenied), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AuthenticationDenied */
+  {__pyx_k_AuthenticationError, sizeof(__pyx_k_AuthenticationError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AuthenticationError */
+  {__pyx_k_AuthenticationPartial, sizeof(__pyx_k_AuthenticationPartial), 0, 1, 1}, /* PyObject cname: __pyx_n_u_AuthenticationPartial */
+  {__pyx_k_ENCODING, sizeof(__pyx_k_ENCODING), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ENCODING */
+  {__pyx_k_EOF, sizeof(__pyx_k_EOF), 0, 1, 1}, /* PyObject cname: __pyx_n_u_EOF */
+  {__pyx_k_MemoryError, sizeof(__pyx_k_MemoryError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_MemoryError */
+  {__pyx_k_OtherError, sizeof(__pyx_k_OtherError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_OtherError */
+  {__pyx_k_SSHError, sizeof(__pyx_k_SSHError), 0, 1, 1}, /* PyObject cname: __pyx_n_u_SSHError */
+  {__pyx_k__2, sizeof(__pyx_k__2), 0, 1, 0}, /* PyObject cname: __pyx_kp_u__2 */
+  {__pyx_k_asyncio_coroutines, sizeof(__pyx_k_asyncio_coroutines), 0, 1, 1}, /* PyObject cname: __pyx_n_u_asyncio_coroutines */
+  {__pyx_k_cline_in_traceback, sizeof(__pyx_k_cline_in_traceback), 0, 1, 1}, /* PyObject cname: __pyx_n_u_cline_in_traceback */
+  {__pyx_k_decode, sizeof(__pyx_k_decode), 0, 1, 1}, /* PyObject cname: __pyx_n_u_decode */
+  {__pyx_k_directions, sizeof(__pyx_k_directions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_directions */
+  {__pyx_k_encode, sizeof(__pyx_k_encode), 0, 1, 1}, /* PyObject cname: __pyx_n_u_encode */
+  {__pyx_k_exceptions, sizeof(__pyx_k_exceptions), 0, 1, 1}, /* PyObject cname: __pyx_n_u_exceptions */
+  {__pyx_k_func, sizeof(__pyx_k_func), 0, 1, 1}, /* PyObject cname: __pyx_n_u_func */
+  {__pyx_k_get_poll_flags, sizeof(__pyx_k_get_poll_flags), 0, 1, 1}, /* PyObject cname: __pyx_n_u_get_poll_flags */
+  {__pyx_k_is_coroutine, sizeof(__pyx_k_is_coroutine), 0, 1, 1}, /* PyObject cname: __pyx_n_u_is_coroutine */
+  {__pyx_k_main, sizeof(__pyx_k_main), 0, 1, 1}, /* PyObject cname: __pyx_n_u_main */
+  {__pyx_k_module, sizeof(__pyx_k_module), 0, 1, 1}, /* PyObject cname: __pyx_n_u_module */
+  {__pyx_k_name, sizeof(__pyx_k_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_name */
+  {__pyx_k_pop, sizeof(__pyx_k_pop), 0, 1, 1}, /* PyObject cname: __pyx_n_u_pop */
+  {__pyx_k_qualname, sizeof(__pyx_k_qualname), 0, 1, 1}, /* PyObject cname: __pyx_n_u_qualname */
+  {__pyx_k_readfds, sizeof(__pyx_k_readfds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_readfds */
+  {__pyx_k_select, sizeof(__pyx_k_select), 0, 1, 1}, /* PyObject cname: __pyx_n_u_select */
+  {__pyx_k_session, sizeof(__pyx_k_session), 0, 1, 1}, /* PyObject cname: __pyx_n_u_session */
+  {__pyx_k_set_name, sizeof(__pyx_k_set_name), 0, 1, 1}, /* PyObject cname: __pyx_n_u_set_name */
+  {__pyx_k_sock, sizeof(__pyx_k_sock), 0, 1, 1}, /* PyObject cname: __pyx_n_u_sock */
+  {__pyx_k_ssh_utils, sizeof(__pyx_k_ssh_utils), 0, 1, 1}, /* PyObject cname: __pyx_n_u_ssh_utils */
+  {__pyx_k_ssh_utils_pyx, sizeof(__pyx_k_ssh_utils_pyx), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_ssh_utils_pyx */
+  {__pyx_k_test, sizeof(__pyx_k_test), 0, 1, 1}, /* PyObject cname: __pyx_n_u_test */
+  {__pyx_k_timeout, sizeof(__pyx_k_timeout), 0, 1, 1}, /* PyObject cname: __pyx_n_u_timeout */
+  {__pyx_k_utf_8, sizeof(__pyx_k_utf_8), 0, 1, 0}, /* PyObject cname: __pyx_kp_u_utf_8 */
+  {__pyx_k_wait_socket, sizeof(__pyx_k_wait_socket), 0, 1, 1}, /* PyObject cname: __pyx_n_u_wait_socket */
+  {__pyx_k_writefds, sizeof(__pyx_k_writefds), 0, 1, 1}, /* PyObject cname: __pyx_n_u_writefds */
+  {0, 0, 0, 0, 0}
+};
+/* InitStrings.proto */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names);
+
+/* #### Code section: cached_builtins ### */
+
+static int __Pyx_InitCachedBuiltins(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_builtin_MemoryError = __Pyx_GetBuiltinName(__pyx_mstate->__pyx_n_u_MemoryError); if (!__pyx_builtin_MemoryError) __PYX_ERR(0, 65, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cached_constants ### */
+
+static int __Pyx_InitCachedConstants(__pyx_mstatetype *__pyx_mstate) {
+  __Pyx_RefNannyDeclarations
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __Pyx_RefNannySetupContext("__Pyx_InitCachedConstants", 0);
+
+  /* "ssh/utils.pyx":73
+ * 
+ * 
+ * def wait_socket(session not None, sock not None, timeout=None):             # <<<<<<<<<<<<<<
+ *     """Helper function for testing non-blocking mode.
+ * 
+*/
+  __pyx_mstate_global->__pyx_tuple[0] = PyTuple_Pack(1, Py_None); if (unlikely(!__pyx_mstate_global->__pyx_tuple[0])) __PYX_ERR(0, 73, __pyx_L1_error)
+  __Pyx_GOTREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_GIVEREF(__pyx_mstate_global->__pyx_tuple[0]);
+  __Pyx_RefNannyFinishContext();
+  return 0;
+  __pyx_L1_error:;
+  __Pyx_RefNannyFinishContext();
+  return -1;
+}
+/* #### Code section: init_constants ### */
+
+static int __Pyx_InitConstants(__pyx_mstatetype *__pyx_mstate) {
+  CYTHON_UNUSED_VAR(__pyx_mstate);
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.type = (PyObject*)&PyDict_Type;
+  __pyx_mstate->__pyx_umethod_PyDict_Type_pop.method_name = &__pyx_mstate->__pyx_n_u_pop;
+  if (__Pyx_InitStrings(__pyx_string_tab, __pyx_mstate->__pyx_string_tab, __pyx_string_tab_encodings) < 0) __PYX_ERR(0, 1, __pyx_L1_error);
+  __pyx_mstate->__pyx_int_0 = PyLong_FromLong(0); if (unlikely(!__pyx_mstate->__pyx_int_0)) __PYX_ERR(0, 1, __pyx_L1_error)
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: init_codeobjects ### */
+\
+        typedef struct {
+            unsigned int argcount : 2;
+            unsigned int num_posonly_args : 1;
+            unsigned int num_kwonly_args : 1;
+            unsigned int nlocals : 3;
+            unsigned int flags : 10;
+            unsigned int first_line : 7;
+            unsigned int line_table_length : 11;
+        } __Pyx_PyCode_New_function_description;
+/* NewCodeObj.proto */
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+);
+
+
+static int __Pyx_CreateCodeObjects(__pyx_mstatetype *__pyx_mstate) {
+  PyObject* tuple_dedup_map = PyDict_New();
+  if (unlikely(!tuple_dedup_map)) return -1;
+  {
+    const __Pyx_PyCode_New_function_description descr = {3, 0, 0, 6, (unsigned int)(CO_OPTIMIZED|CO_NEWLOCALS), 73, 77};
+    PyObject* const varnames[] = {__pyx_mstate->__pyx_n_u_session, __pyx_mstate->__pyx_n_u_sock, __pyx_mstate->__pyx_n_u_timeout, __pyx_mstate->__pyx_n_u_directions, __pyx_mstate->__pyx_n_u_readfds, __pyx_mstate->__pyx_n_u_writefds};
+    __pyx_mstate_global->__pyx_codeobj_tab[0] = __Pyx_PyCode_New(descr, varnames, __pyx_mstate->__pyx_kp_u_ssh_utils_pyx, __pyx_mstate->__pyx_n_u_wait_socket, __pyx_k_1_Q_q_aq_r_0_q_r_1_9Jd, tuple_dedup_map); if (unlikely(!__pyx_mstate_global->__pyx_codeobj_tab[0])) goto bad;
+  }
+  Py_DECREF(tuple_dedup_map);
+  return 0;
+  bad:
+  Py_DECREF(tuple_dedup_map);
+  return -1;
+}
+/* #### Code section: init_globals ### */
+
+static int __Pyx_InitGlobals(void) {
+  /* PythonCompatibility.init */
+  if (likely(__Pyx_init_co_variables() == 0)); else
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  /* CachedMethodType.init */
+  #if CYTHON_COMPILING_IN_LIMITED_API
+{
+    PyObject *typesModule=NULL;
+    typesModule = PyImport_ImportModule("types");
+    if (typesModule) {
+        __pyx_mstate_global->__Pyx_CachedMethodType = PyObject_GetAttrString(typesModule, "MethodType");
+        Py_DECREF(typesModule);
+    }
+} // error handling follows
+#endif
+
+if (unlikely(PyErr_Occurred())) __PYX_ERR(0, 1, __pyx_L1_error)
+
+  return 0;
+  __pyx_L1_error:;
+  return -1;
+}
+/* #### Code section: cleanup_globals ### */
+/* #### Code section: cleanup_module ### */
+/* #### Code section: main_method ### */
+/* #### Code section: utility_code_pragmas ### */
+#ifdef _MSC_VER
+#pragma warning( push )
+/* Warning 4127: conditional expression is constant
+ * Cython uses constant conditional expressions to allow in inline functions to be optimized at
+ * compile-time, so this warning is not useful
+ */
+#pragma warning( disable : 4127 )
+#endif
+
+
+
+/* #### Code section: utility_code_def ### */
 
 /* --- Runtime support code --- */
 /* Refnanny */
@@ -3408,34 +4632,166 @@ static __Pyx_RefNannyAPIStruct *__Pyx_RefNannyImportAPI(const char *modname) {
 }
 #endif
 
+/* PyErrExceptionMatches */
+#if CYTHON_FAST_THREAD_STATE
+static int __Pyx_PyErr_ExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
+    Py_ssize_t i, n;
+    n = PyTuple_GET_SIZE(tuple);
+    for (i=0; i<n; i++) {
+        if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
+    }
+    for (i=0; i<n; i++) {
+        if (__Pyx_PyErr_GivenExceptionMatches(exc_type, PyTuple_GET_ITEM(tuple, i))) return 1;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx_PyErr_ExceptionMatchesInState(PyThreadState* tstate, PyObject* err) {
+    int result;
+    PyObject *exc_type;
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *current_exception = tstate->current_exception;
+    if (unlikely(!current_exception)) return 0;
+    exc_type = (PyObject*) Py_TYPE(current_exception);
+    if (exc_type == err) return 1;
+#else
+    exc_type = tstate->curexc_type;
+    if (exc_type == err) return 1;
+    if (unlikely(!exc_type)) return 0;
+#endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(exc_type);
+    #endif
+    if (unlikely(PyTuple_Check(err))) {
+        result = __Pyx_PyErr_ExceptionMatchesTuple(exc_type, err);
+    } else {
+        result = __Pyx_PyErr_GivenExceptionMatches(exc_type, err);
+    }
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_DECREF(exc_type);
+    #endif
+    return result;
+}
+#endif
+
+/* PyErrFetchRestore */
+#if CYTHON_FAST_THREAD_STATE
+static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject *tmp_value;
+    assert(type == NULL || (value != NULL && type == (PyObject*) Py_TYPE(value)));
+    if (value) {
+        #if CYTHON_COMPILING_IN_CPYTHON
+        if (unlikely(((PyBaseExceptionObject*) value)->traceback != tb))
+        #endif
+            PyException_SetTraceback(value, tb);
+    }
+    tmp_value = tstate->current_exception;
+    tstate->current_exception = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+#else
+    PyObject *tmp_type, *tmp_value, *tmp_tb;
+    tmp_type = tstate->curexc_type;
+    tmp_value = tstate->curexc_value;
+    tmp_tb = tstate->curexc_traceback;
+    tstate->curexc_type = type;
+    tstate->curexc_value = value;
+    tstate->curexc_traceback = tb;
+    Py_XDECREF(tmp_type);
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(tmp_tb);
+#endif
+}
+static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+    PyObject* exc_value;
+    exc_value = tstate->current_exception;
+    tstate->current_exception = 0;
+    *value = exc_value;
+    *type = NULL;
+    *tb = NULL;
+    if (exc_value) {
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        *tb = ((PyBaseExceptionObject*) exc_value)->traceback;
+        Py_XINCREF(*tb);
+        #else
+        *tb = PyException_GetTraceback(exc_value);
+        #endif
+    }
+#else
+    *type = tstate->curexc_type;
+    *value = tstate->curexc_value;
+    *tb = tstate->curexc_traceback;
+    tstate->curexc_type = 0;
+    tstate->curexc_value = 0;
+    tstate->curexc_traceback = 0;
+#endif
+}
+#endif
+
 /* PyObjectGetAttrStr */
 #if CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStr(PyObject* obj, PyObject* attr_name) {
     PyTypeObject* tp = Py_TYPE(obj);
     if (likely(tp->tp_getattro))
         return tp->tp_getattro(obj, attr_name);
-#if PY_MAJOR_VERSION < 3
-    if (likely(tp->tp_getattr))
-        return tp->tp_getattr(obj, PyString_AS_STRING(attr_name));
-#endif
     return PyObject_GetAttr(obj, attr_name);
 }
 #endif
 
+/* PyObjectGetAttrStrNoError */
+#if __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static void __Pyx_PyObject_GetAttrStr_ClearAttributeError(void) {
+    __Pyx_PyThreadState_declare
+    __Pyx_PyThreadState_assign
+    if (likely(__Pyx_PyErr_ExceptionMatches(PyExc_AttributeError)))
+        __Pyx_PyErr_Clear();
+}
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_GetAttrStrNoError(PyObject* obj, PyObject* attr_name) {
+    PyObject *result;
+#if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+    (void) PyObject_GetOptionalAttr(obj, attr_name, &result);
+    return result;
+#else
+#if CYTHON_COMPILING_IN_CPYTHON && CYTHON_USE_TYPE_SLOTS
+    PyTypeObject* tp = Py_TYPE(obj);
+    if (likely(tp->tp_getattro == PyObject_GenericGetAttr)) {
+        return _PyObject_GenericGetAttrWithDict(obj, attr_name, NULL, 1);
+    }
+#endif
+    result = __Pyx_PyObject_GetAttrStr(obj, attr_name);
+    if (unlikely(!result)) {
+        __Pyx_PyObject_GetAttrStr_ClearAttributeError();
+    }
+    return result;
+#endif
+}
+
 /* GetBuiltinName */
 static PyObject *__Pyx_GetBuiltinName(PyObject *name) {
-    PyObject* result = __Pyx_PyObject_GetAttrStr(__pyx_b, name);
-    if (unlikely(!result)) {
+    PyObject* result = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_b, name);
+    if (unlikely(!result) && !PyErr_Occurred()) {
         PyErr_Format(PyExc_NameError,
-#if PY_MAJOR_VERSION >= 3
             "name '%U' is not defined", name);
-#else
-            "name '%.200s' is not defined", PyString_AS_STRING(name));
-#endif
     }
     return result;
 }
 
+/* RaiseUnexpectedTypeError */
+static int
+__Pyx_RaiseUnexpectedTypeError(const char *expected, PyObject *obj)
+{
+    __Pyx_TypeName obj_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(obj));
+    PyErr_Format(PyExc_TypeError, "Expected %s, got " __Pyx_FMT_TYPENAME,
+                 expected, obj_type_name);
+    __Pyx_DECREF_TypeName(obj_type_name);
+    return 0;
+}
+
 /* PyDictVersioning */
 #if CYTHON_USE_DICT_VERSIONS && CYTHON_USE_TYPE_SLOTS
 static CYTHON_INLINE PY_UINT64_T __Pyx_get_tp_dict_version(PyObject *obj) {
@@ -3470,25 +4826,26 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
 #endif
 {
     PyObject *result;
-#if !CYTHON_AVOID_BORROWED_REFS
-#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030500A1
-    result = _PyDict_GetItem_KnownHash(__pyx_d, name, ((PyASCIIObject *) name)->hash);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
-    if (likely(result)) {
-        return __Pyx_NewRef(result);
-    } else if (unlikely(PyErr_Occurred())) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    if (unlikely(!__pyx_m)) {
+        if (!PyErr_Occurred())
+            PyErr_SetNone(PyExc_NameError);
         return NULL;
     }
-#else
-    result = PyDict_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = PyObject_GetAttr(__pyx_m, name);
     if (likely(result)) {
-        return __Pyx_NewRef(result);
+        return result;
+    }
+    PyErr_Clear();
+#elif CYTHON_AVOID_BORROWED_REFS || CYTHON_AVOID_THREAD_UNSAFE_BORROWED_REFS
+    if (unlikely(__Pyx_PyDict_GetItemRef(__pyx_mstate_global->__pyx_d, name, &result) == -1)) PyErr_Clear();
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
+    if (likely(result)) {
+        return result;
     }
-#endif
 #else
-    result = PyObject_GetItem(__pyx_d, name);
-    __PYX_UPDATE_DICT_CACHE(__pyx_d, result, *dict_cached_value, *dict_version)
+    result = _PyDict_GetItem_KnownHash(__pyx_mstate_global->__pyx_d, name, ((PyASCIIObject *) name)->hash);
+    __PYX_UPDATE_DICT_CACHE(__pyx_mstate_global->__pyx_d, result, *dict_cached_value, *dict_version)
     if (likely(result)) {
         return __Pyx_NewRef(result);
     }
@@ -3497,279 +4854,17 @@ static CYTHON_INLINE PyObject *__Pyx__GetModuleGlobalName(PyObject *name)
     return __Pyx_GetBuiltinName(name);
 }
 
-/* PyCFunctionFastCall */
-#if CYTHON_FAST_PYCCALL
-static CYTHON_INLINE PyObject * __Pyx_PyCFunction_FastCall(PyObject *func_obj, PyObject **args, Py_ssize_t nargs) {
-    PyCFunctionObject *func = (PyCFunctionObject*)func_obj;
-    PyCFunction meth = PyCFunction_GET_FUNCTION(func);
-    PyObject *self = PyCFunction_GET_SELF(func);
-    int flags = PyCFunction_GET_FLAGS(func);
-    assert(PyCFunction_Check(func));
-    assert(METH_FASTCALL == (flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_KEYWORDS | METH_STACKLESS)));
-    assert(nargs >= 0);
-    assert(nargs == 0 || args != NULL);
-    /* _PyCFunction_FastCallDict() must not be called with an exception set,
-       because it may clear it (directly or indirectly) and so the
-       caller loses its exception */
-    assert(!PyErr_Occurred());
-    if ((PY_VERSION_HEX < 0x030700A0) || unlikely(flags & METH_KEYWORDS)) {
-        return (*((__Pyx_PyCFunctionFastWithKeywords)(void*)meth)) (self, args, nargs, NULL);
-    } else {
-        return (*((__Pyx_PyCFunctionFast)(void*)meth)) (self, args, nargs);
-    }
-}
-#endif
-
-/* PyFunctionFastCall */
-#if CYTHON_FAST_PYCALL
-static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject **args, Py_ssize_t na,
-                                               PyObject *globals) {
-    PyFrameObject *f;
-    PyThreadState *tstate = __Pyx_PyThreadState_Current;
-    PyObject **fastlocals;
-    Py_ssize_t i;
+/* PyObjectFastCallMethod */
+#if !CYTHON_VECTORCALL || PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_PyObject_FastCallMethod(PyObject *name, PyObject *const *args, size_t nargsf) {
     PyObject *result;
-    assert(globals != NULL);
-    /* XXX Perhaps we should create a specialized
-       PyFrame_New() that doesn't take locals, but does
-       take builtins without sanity checking them.
-       */
-    assert(tstate != NULL);
-    f = PyFrame_New(tstate, co, globals, NULL);
-    if (f == NULL) {
+    PyObject *attr = PyObject_GetAttr(args[0], name);
+    if (unlikely(!attr))
         return NULL;
-    }
-    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
-    for (i = 0; i < na; i++) {
-        Py_INCREF(*args);
-        fastlocals[i] = *args++;
-    }
-    result = PyEval_EvalFrameEx(f,0);
-    ++tstate->recursion_depth;
-    Py_DECREF(f);
-    --tstate->recursion_depth;
+    result = __Pyx_PyObject_FastCall(attr, args+1, nargsf - 1);
+    Py_DECREF(attr);
     return result;
 }
-#if 1 || PY_VERSION_HEX < 0x030600B1
-static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject **args, Py_ssize_t nargs, PyObject *kwargs) {
-    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
-    PyObject *globals = PyFunction_GET_GLOBALS(func);
-    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
-    PyObject *closure;
-#if PY_MAJOR_VERSION >= 3
-    PyObject *kwdefs;
-#endif
-    PyObject *kwtuple, **k;
-    PyObject **d;
-    Py_ssize_t nd;
-    Py_ssize_t nk;
-    PyObject *result;
-    assert(kwargs == NULL || PyDict_Check(kwargs));
-    nk = kwargs ? PyDict_Size(kwargs) : 0;
-    if (Py_EnterRecursiveCall((char*)" while calling a Python object")) {
-        return NULL;
-    }
-    if (
-#if PY_MAJOR_VERSION >= 3
-            co->co_kwonlyargcount == 0 &&
-#endif
-            likely(kwargs == NULL || nk == 0) &&
-            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
-        if (argdefs == NULL && co->co_argcount == nargs) {
-            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
-            goto done;
-        }
-        else if (nargs == 0 && argdefs != NULL
-                 && co->co_argcount == Py_SIZE(argdefs)) {
-            /* function called with no arguments, but all parameters have
-               a default value: use default values as arguments .*/
-            args = &PyTuple_GET_ITEM(argdefs, 0);
-            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
-            goto done;
-        }
-    }
-    if (kwargs != NULL) {
-        Py_ssize_t pos, i;
-        kwtuple = PyTuple_New(2 * nk);
-        if (kwtuple == NULL) {
-            result = NULL;
-            goto done;
-        }
-        k = &PyTuple_GET_ITEM(kwtuple, 0);
-        pos = i = 0;
-        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
-            Py_INCREF(k[i]);
-            Py_INCREF(k[i+1]);
-            i += 2;
-        }
-        nk = i / 2;
-    }
-    else {
-        kwtuple = NULL;
-        k = NULL;
-    }
-    closure = PyFunction_GET_CLOSURE(func);
-#if PY_MAJOR_VERSION >= 3
-    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
-#endif
-    if (argdefs != NULL) {
-        d = &PyTuple_GET_ITEM(argdefs, 0);
-        nd = Py_SIZE(argdefs);
-    }
-    else {
-        d = NULL;
-        nd = 0;
-    }
-#if PY_MAJOR_VERSION >= 3
-    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, kwdefs, closure);
-#else
-    result = PyEval_EvalCodeEx(co, globals, (PyObject *)NULL,
-                               args, (int)nargs,
-                               k, (int)nk,
-                               d, (int)nd, closure);
-#endif
-    Py_XDECREF(kwtuple);
-done:
-    Py_LeaveRecursiveCall();
-    return result;
-}
-#endif
-#endif
-
-/* PyObjectCall */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
-    PyObject *result;
-    ternaryfunc call = Py_TYPE(func)->tp_call;
-    if (unlikely(!call))
-        return PyObject_Call(func, arg, kw);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = (*call)(func, arg, kw);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
-    }
-    return result;
-}
-#endif
-
-/* PyObjectCall2Args */
-static CYTHON_UNUSED PyObject* __Pyx_PyObject_Call2Args(PyObject* function, PyObject* arg1, PyObject* arg2) {
-    PyObject *args, *result = NULL;
-    #if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyFunction_FastCall(function, args, 2);
-    }
-    #endif
-    #if CYTHON_FAST_PYCCALL
-    if (__Pyx_PyFastCFunction_Check(function)) {
-        PyObject *args[2] = {arg1, arg2};
-        return __Pyx_PyCFunction_FastCall(function, args, 2);
-    }
-    #endif
-    args = PyTuple_New(2);
-    if (unlikely(!args)) goto done;
-    Py_INCREF(arg1);
-    PyTuple_SET_ITEM(args, 0, arg1);
-    Py_INCREF(arg2);
-    PyTuple_SET_ITEM(args, 1, arg2);
-    Py_INCREF(function);
-    result = __Pyx_PyObject_Call(function, args, NULL);
-    Py_DECREF(args);
-    Py_DECREF(function);
-done:
-    return result;
-}
-
-/* PyObjectCallMethO */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
-    PyObject *self, *result;
-    PyCFunction cfunc;
-    cfunc = PyCFunction_GET_FUNCTION(func);
-    self = PyCFunction_GET_SELF(func);
-    if (unlikely(Py_EnterRecursiveCall((char*)" while calling a Python object")))
-        return NULL;
-    result = cfunc(self, arg);
-    Py_LeaveRecursiveCall();
-    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
-        PyErr_SetString(
-            PyExc_SystemError,
-            "NULL result without error in PyObject_Call");
-    }
-    return result;
-}
-#endif
-
-/* PyObjectCallOneArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static PyObject* __Pyx__PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_New(1);
-    if (unlikely(!args)) return NULL;
-    Py_INCREF(arg);
-    PyTuple_SET_ITEM(args, 0, arg);
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, &arg, 1);
-    }
-#endif
-    if (likely(PyCFunction_Check(func))) {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_O)) {
-            return __Pyx_PyObject_CallMethO(func, arg);
-#if CYTHON_FAST_PYCCALL
-        } else if (__Pyx_PyFastCFunction_Check(func)) {
-            return __Pyx_PyCFunction_FastCall(func, &arg, 1);
-#endif
-        }
-    }
-    return __Pyx__PyObject_CallOneArg(func, arg);
-}
-#else
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallOneArg(PyObject *func, PyObject *arg) {
-    PyObject *result;
-    PyObject *args = PyTuple_Pack(1, arg);
-    if (unlikely(!args)) return NULL;
-    result = __Pyx_PyObject_Call(func, args, NULL);
-    Py_DECREF(args);
-    return result;
-}
-#endif
-
-/* PyErrFetchRestore */
-#if CYTHON_FAST_THREAD_STATE
-static CYTHON_INLINE void __Pyx_ErrRestoreInState(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
-    PyObject *tmp_type, *tmp_value, *tmp_tb;
-    tmp_type = tstate->curexc_type;
-    tmp_value = tstate->curexc_value;
-    tmp_tb = tstate->curexc_traceback;
-    tstate->curexc_type = type;
-    tstate->curexc_value = value;
-    tstate->curexc_traceback = tb;
-    Py_XDECREF(tmp_type);
-    Py_XDECREF(tmp_value);
-    Py_XDECREF(tmp_tb);
-}
-static CYTHON_INLINE void __Pyx_ErrFetchInState(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    *type = tstate->curexc_type;
-    *value = tstate->curexc_value;
-    *tb = tstate->curexc_traceback;
-    tstate->curexc_type = 0;
-    tstate->curexc_value = 0;
-    tstate->curexc_traceback = 0;
-}
 #endif
 
 /* GetException */
@@ -3779,18 +4874,32 @@ static int __Pyx__GetException(PyThreadState *tstate, PyObject **type, PyObject
 static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
 #endif
 {
-    PyObject *local_type, *local_value, *local_tb;
+    PyObject *local_type = NULL, *local_value, *local_tb = NULL;
 #if CYTHON_FAST_THREAD_STATE
     PyObject *tmp_type, *tmp_value, *tmp_tb;
+  #if PY_VERSION_HEX >= 0x030C0000
+    local_value = tstate->current_exception;
+    tstate->current_exception = 0;
+  #else
     local_type = tstate->curexc_type;
     local_value = tstate->curexc_value;
     local_tb = tstate->curexc_traceback;
     tstate->curexc_type = 0;
     tstate->curexc_value = 0;
     tstate->curexc_traceback = 0;
+  #endif
+#elif __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    local_value = PyErr_GetRaisedException();
 #else
     PyErr_Fetch(&local_type, &local_value, &local_tb);
 #endif
+#if __PYX_LIMITED_VERSION_HEX > 0x030C0000
+    if (likely(local_value)) {
+        local_type = (PyObject*) Py_TYPE(local_value);
+        Py_INCREF(local_type);
+        local_tb = PyException_GetTraceback(local_value);
+    }
+#else
     PyErr_NormalizeException(&local_type, &local_value, &local_tb);
 #if CYTHON_FAST_THREAD_STATE
     if (unlikely(tstate->curexc_type))
@@ -3798,12 +4907,11 @@ static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
     if (unlikely(PyErr_Occurred()))
 #endif
         goto bad;
-    #if PY_MAJOR_VERSION >= 3
     if (local_tb) {
         if (unlikely(PyException_SetTraceback(local_value, local_tb) < 0))
             goto bad;
     }
-    #endif
+#endif // __PYX_LIMITED_VERSION_HEX > 0x030C0000
     Py_XINCREF(local_tb);
     Py_XINCREF(local_type);
     Py_XINCREF(local_value);
@@ -3814,12 +4922,21 @@ static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
     #if CYTHON_USE_EXC_INFO_STACK
     {
         _PyErr_StackItem *exc_info = tstate->exc_info;
+      #if PY_VERSION_HEX >= 0x030B00a4
+        tmp_value = exc_info->exc_value;
+        exc_info->exc_value = local_value;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+        Py_XDECREF(local_type);
+        Py_XDECREF(local_tb);
+      #else
         tmp_type = exc_info->exc_type;
         tmp_value = exc_info->exc_value;
         tmp_tb = exc_info->exc_traceback;
         exc_info->exc_type = local_type;
         exc_info->exc_value = local_value;
         exc_info->exc_traceback = local_tb;
+      #endif
     }
     #else
     tmp_type = tstate->exc_type;
@@ -3832,10 +4949,16 @@ static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    PyErr_SetHandledException(local_value);
+    Py_XDECREF(local_value);
+    Py_XDECREF(local_type);
+    Py_XDECREF(local_tb);
 #else
     PyErr_SetExcInfo(local_type, local_value, local_tb);
 #endif
     return 0;
+#if __PYX_LIMITED_VERSION_HEX <= 0x030C0000
 bad:
     *type = 0;
     *value = 0;
@@ -3844,13 +4967,33 @@ static int __Pyx_GetException(PyObject **type, PyObject **value, PyObject **tb)
     Py_XDECREF(local_value);
     Py_XDECREF(local_tb);
     return -1;
+#endif
 }
 
 /* SwapException */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
     PyObject *tmp_type, *tmp_value, *tmp_tb;
-    #if CYTHON_USE_EXC_INFO_STACK
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    tmp_value = exc_info->exc_value;
+    exc_info->exc_value = *value;
+    if (tmp_value == NULL || tmp_value == Py_None) {
+        Py_XDECREF(tmp_value);
+        tmp_value = NULL;
+        tmp_type = NULL;
+        tmp_tb = NULL;
+    } else {
+        tmp_type = (PyObject*) Py_TYPE(tmp_value);
+        Py_INCREF(tmp_type);
+        #if CYTHON_COMPILING_IN_CPYTHON
+        tmp_tb = ((PyBaseExceptionObject*) tmp_value)->traceback;
+        Py_XINCREF(tmp_tb);
+        #else
+        tmp_tb = PyException_GetTraceback(tmp_value);
+        #endif
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = tstate->exc_info;
     tmp_type = exc_info->exc_type;
     tmp_value = exc_info->exc_value;
@@ -3858,14 +5001,14 @@ static CYTHON_INLINE void __Pyx__ExceptionSwap(PyThreadState *tstate, PyObject *
     exc_info->exc_type = *type;
     exc_info->exc_value = *value;
     exc_info->exc_traceback = *tb;
-    #else
+  #else
     tmp_type = tstate->exc_type;
     tmp_value = tstate->exc_value;
     tmp_tb = tstate->exc_traceback;
     tstate->exc_type = *type;
     tstate->exc_value = *value;
     tstate->exc_traceback = *tb;
-    #endif
+  #endif
     *type = tmp_type;
     *value = tmp_value;
     *tb = tmp_tb;
@@ -3882,12 +5025,12 @@ static CYTHON_INLINE void __Pyx_ExceptionSwap(PyObject **type, PyObject **value,
 #endif
 
 /* GetTopmostException */
-#if CYTHON_USE_EXC_INFO_STACK
+#if CYTHON_USE_EXC_INFO_STACK && CYTHON_FAST_THREAD_STATE
 static _PyErr_StackItem *
 __Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
 {
     _PyErr_StackItem *exc_info = tstate->exc_info;
-    while ((exc_info->exc_type == NULL || exc_info->exc_type == Py_None) &&
+    while ((exc_info->exc_value == NULL || exc_info->exc_value == Py_None) &&
            exc_info->previous_item != NULL)
     {
         exc_info = exc_info->previous_item;
@@ -3899,21 +5042,46 @@ __Pyx_PyErr_GetTopmostException(PyThreadState *tstate)
 /* SaveResetException */
 #if CYTHON_FAST_THREAD_STATE
 static CYTHON_INLINE void __Pyx__ExceptionSave(PyThreadState *tstate, PyObject **type, PyObject **value, PyObject **tb) {
-    #if CYTHON_USE_EXC_INFO_STACK
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
+    PyObject *exc_value = exc_info->exc_value;
+    if (exc_value == NULL || exc_value == Py_None) {
+        *value = NULL;
+        *type = NULL;
+        *tb = NULL;
+    } else {
+        *value = exc_value;
+        Py_INCREF(*value);
+        *type = (PyObject*) Py_TYPE(exc_value);
+        Py_INCREF(*type);
+        *tb = PyException_GetTraceback(exc_value);
+    }
+  #elif CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = __Pyx_PyErr_GetTopmostException(tstate);
     *type = exc_info->exc_type;
     *value = exc_info->exc_value;
     *tb = exc_info->exc_traceback;
-    #else
+    Py_XINCREF(*type);
+    Py_XINCREF(*value);
+    Py_XINCREF(*tb);
+  #else
     *type = tstate->exc_type;
     *value = tstate->exc_value;
     *tb = tstate->exc_traceback;
-    #endif
     Py_XINCREF(*type);
     Py_XINCREF(*value);
     Py_XINCREF(*tb);
+  #endif
 }
 static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject *type, PyObject *value, PyObject *tb) {
+  #if CYTHON_USE_EXC_INFO_STACK && PY_VERSION_HEX >= 0x030B00a4
+    _PyErr_StackItem *exc_info = tstate->exc_info;
+    PyObject *tmp_value = exc_info->exc_value;
+    exc_info->exc_value = value;
+    Py_XDECREF(tmp_value);
+    Py_XDECREF(type);
+    Py_XDECREF(tb);
+  #else
     PyObject *tmp_type, *tmp_value, *tmp_tb;
     #if CYTHON_USE_EXC_INFO_STACK
     _PyErr_StackItem *exc_info = tstate->exc_info;
@@ -3934,435 +5102,2749 @@ static CYTHON_INLINE void __Pyx__ExceptionReset(PyThreadState *tstate, PyObject
     Py_XDECREF(tmp_type);
     Py_XDECREF(tmp_value);
     Py_XDECREF(tmp_tb);
+  #endif
 }
 #endif
 
-/* RaiseArgTupleInvalid */
-static void __Pyx_RaiseArgtupleInvalid(
-    const char* func_name,
-    int exact,
-    Py_ssize_t num_min,
-    Py_ssize_t num_max,
-    Py_ssize_t num_found)
+/* TupleAndListFromArray */
+#if !CYTHON_COMPILING_IN_CPYTHON && CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
 {
-    Py_ssize_t num_expected;
-    const char *more_or_less;
-    if (num_found < num_min) {
-        num_expected = num_min;
-        more_or_less = "at least";
-    } else {
-        num_expected = num_max;
-        more_or_less = "at most";
+    PyObject *res;
+    Py_ssize_t i;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
     }
-    if (exact) {
-        more_or_less = "exactly";
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    for (i = 0; i < n; i++) {
+        if (unlikely(__Pyx_PyTuple_SET_ITEM(res, i, src[i]) < 0)) {
+            Py_DECREF(res);
+            return NULL;
+        }
+        Py_INCREF(src[i]);
     }
-    PyErr_Format(PyExc_TypeError,
-                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
-                 func_name, more_or_less, num_expected,
-                 (num_expected == 1) ? "" : "s", num_found);
+    return res;
 }
-
-/* RaiseDoubleKeywords */
-static void __Pyx_RaiseDoubleKeywordsError(
-    const char* func_name,
-    PyObject* kw_name)
+#elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE void __Pyx_copy_object_array(PyObject *const *CYTHON_RESTRICT src, PyObject** CYTHON_RESTRICT dest, Py_ssize_t length) {
+    PyObject *v;
+    Py_ssize_t i;
+    for (i = 0; i < length; i++) {
+        v = dest[i] = src[i];
+        Py_INCREF(v);
+    }
+}
+static CYTHON_INLINE PyObject *
+__Pyx_PyTuple_FromArray(PyObject *const *src, Py_ssize_t n)
 {
-    PyErr_Format(PyExc_TypeError,
-        #if PY_MAJOR_VERSION >= 3
-        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
-        #else
-        "%s() got multiple values for keyword argument '%s'", func_name,
-        PyString_AsString(kw_name));
-        #endif
+    PyObject *res;
+    if (n <= 0) {
+        return __Pyx_NewRef(__pyx_mstate_global->__pyx_empty_tuple);
+    }
+    res = PyTuple_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyTupleObject*)res)->ob_item, n);
+    return res;
 }
-
-/* ParseKeywords */
-static int __Pyx_ParseOptionalKeywords(
-    PyObject *kwds,
-    PyObject **argnames[],
-    PyObject *kwds2,
-    PyObject *values[],
-    Py_ssize_t num_pos_args,
-    const char* function_name)
+static CYTHON_INLINE PyObject *
+__Pyx_PyList_FromArray(PyObject *const *src, Py_ssize_t n)
 {
-    PyObject *key = 0, *value = 0;
-    Py_ssize_t pos = 0;
-    PyObject*** name;
-    PyObject*** first_kw_arg = argnames + num_pos_args;
-    while (PyDict_Next(kwds, &pos, &key, &value)) {
-        name = first_kw_arg;
-        while (*name && (**name != key)) name++;
-        if (*name) {
-            values[name-argnames] = value;
-            continue;
-        }
-        name = first_kw_arg;
-        #if PY_MAJOR_VERSION < 3
-        if (likely(PyString_Check(key))) {
-            while (*name) {
-                if ((CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**name) == PyString_GET_SIZE(key))
-                        && _PyString_Eq(**name, key)) {
-                    values[name-argnames] = value;
-                    break;
-                }
-                name++;
-            }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    if ((**argname == key) || (
-                            (CYTHON_COMPILING_IN_PYPY || PyString_GET_SIZE(**argname) == PyString_GET_SIZE(key))
-                             && _PyString_Eq(**argname, key))) {
-                        goto arg_passed_twice;
-                    }
-                    argname++;
-                }
-            }
-        } else
+    PyObject *res;
+    if (n <= 0) {
+        return PyList_New(0);
+    }
+    res = PyList_New(n);
+    if (unlikely(res == NULL)) return NULL;
+    __Pyx_copy_object_array(src, ((PyListObject*)res)->ob_item, n);
+    return res;
+}
+#endif
+
+/* BytesEquals */
+static CYTHON_INLINE int __Pyx_PyBytes_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL ||\
+        !(CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS)
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    if (s1 == s2) {
+        return (equals == Py_EQ);
+    } else if (PyBytes_CheckExact(s1) & PyBytes_CheckExact(s2)) {
+        const char *ps1, *ps2;
+        Py_ssize_t length = PyBytes_GET_SIZE(s1);
+        if (length != PyBytes_GET_SIZE(s2))
+            return (equals == Py_NE);
+        ps1 = PyBytes_AS_STRING(s1);
+        ps2 = PyBytes_AS_STRING(s2);
+        if (ps1[0] != ps2[0]) {
+            return (equals == Py_NE);
+        } else if (length == 1) {
+            return (equals == Py_EQ);
+        } else {
+            int result;
+#if CYTHON_USE_UNICODE_INTERNALS && (PY_VERSION_HEX < 0x030B0000)
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyBytesObject*)s1)->ob_shash;
+            hash2 = ((PyBytesObject*)s2)->ob_shash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                return (equals == Py_NE);
+            }
+#endif
+            result = memcmp(ps1, ps2, (size_t)length);
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & PyBytes_CheckExact(s2)) {
+        return (equals == Py_NE);
+    } else if ((s2 == Py_None) & PyBytes_CheckExact(s1)) {
+        return (equals == Py_NE);
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+#endif
+}
+
+/* UnicodeEquals */
+static CYTHON_INLINE int __Pyx_PyUnicode_Equals(PyObject* s1, PyObject* s2, int equals) {
+#if CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_GRAAL
+    return PyObject_RichCompareBool(s1, s2, equals);
+#else
+    int s1_is_unicode, s2_is_unicode;
+    if (s1 == s2) {
+        goto return_eq;
+    }
+    s1_is_unicode = PyUnicode_CheckExact(s1);
+    s2_is_unicode = PyUnicode_CheckExact(s2);
+    if (s1_is_unicode & s2_is_unicode) {
+        Py_ssize_t length, length2;
+        int kind;
+        void *data1, *data2;
+        #if !CYTHON_COMPILING_IN_LIMITED_API
+        if (unlikely(__Pyx_PyUnicode_READY(s1) < 0) || unlikely(__Pyx_PyUnicode_READY(s2) < 0))
+            return -1;
+        #endif
+        length = __Pyx_PyUnicode_GET_LENGTH(s1);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length < 0)) return -1;
+        #endif
+        length2 = __Pyx_PyUnicode_GET_LENGTH(s2);
+        #if !CYTHON_ASSUME_SAFE_SIZE
+        if (unlikely(length2 < 0)) return -1;
+        #endif
+        if (length != length2) {
+            goto return_ne;
+        }
+#if CYTHON_USE_UNICODE_INTERNALS
+        {
+            Py_hash_t hash1, hash2;
+            hash1 = ((PyASCIIObject*)s1)->hash;
+            hash2 = ((PyASCIIObject*)s2)->hash;
+            if (hash1 != hash2 && hash1 != -1 && hash2 != -1) {
+                goto return_ne;
+            }
+        }
+#endif
+        kind = __Pyx_PyUnicode_KIND(s1);
+        if (kind != __Pyx_PyUnicode_KIND(s2)) {
+            goto return_ne;
+        }
+        data1 = __Pyx_PyUnicode_DATA(s1);
+        data2 = __Pyx_PyUnicode_DATA(s2);
+        if (__Pyx_PyUnicode_READ(kind, data1, 0) != __Pyx_PyUnicode_READ(kind, data2, 0)) {
+            goto return_ne;
+        } else if (length == 1) {
+            goto return_eq;
+        } else {
+            int result = memcmp(data1, data2, (size_t)(length * kind));
+            return (equals == Py_EQ) ? (result == 0) : (result != 0);
+        }
+    } else if ((s1 == Py_None) & s2_is_unicode) {
+        goto return_ne;
+    } else if ((s2 == Py_None) & s1_is_unicode) {
+        goto return_ne;
+    } else {
+        int result;
+        PyObject* py_result = PyObject_RichCompare(s1, s2, equals);
+        if (!py_result)
+            return -1;
+        result = __Pyx_PyObject_IsTrue(py_result);
+        Py_DECREF(py_result);
+        return result;
+    }
+return_eq:
+    return (equals == Py_EQ);
+return_ne:
+    return (equals == Py_NE);
+#endif
+}
+
+/* fastcall */
+#if CYTHON_METH_FASTCALL
+static CYTHON_INLINE PyObject * __Pyx_GetKwValue_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues, PyObject *s)
+{
+    Py_ssize_t i, n = __Pyx_PyTuple_GET_SIZE(kwnames);
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    if (unlikely(n == -1)) return NULL;
+    #endif
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        if (s == namei) return kwvalues[i];
+    }
+    for (i = 0; i < n; i++)
+    {
+        PyObject *namei = __Pyx_PyTuple_GET_ITEM(kwnames, i);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!namei)) return NULL;
+        #endif
+        int eq = __Pyx_PyUnicode_Equals(s, namei, Py_EQ);
+        if (unlikely(eq != 0)) {
+            if (unlikely(eq < 0)) return NULL;
+            return kwvalues[i];
+        }
+    }
+    return NULL;
+}
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030d0000 || CYTHON_COMPILING_IN_LIMITED_API
+CYTHON_UNUSED static PyObject *__Pyx_KwargsAsDict_FASTCALL(PyObject *kwnames, PyObject *const *kwvalues) {
+    Py_ssize_t i, nkwargs;
+    PyObject *dict;
+#if !CYTHON_ASSUME_SAFE_SIZE
+    nkwargs = PyTuple_Size(kwnames);
+    if (unlikely(nkwargs < 0)) return NULL;
+#else
+    nkwargs = PyTuple_GET_SIZE(kwnames);
+#endif
+    dict = PyDict_New();
+    if (unlikely(!dict))
+        return NULL;
+    for (i=0; i<nkwargs; i++) {
+#if !CYTHON_ASSUME_SAFE_MACROS
+        PyObject *key = PyTuple_GetItem(kwnames, i);
+        if (!key) goto bad;
+#else
+        PyObject *key = PyTuple_GET_ITEM(kwnames, i);
+#endif
+        if (unlikely(PyDict_SetItem(dict, key, kwvalues[i]) < 0))
+            goto bad;
+    }
+    return dict;
+bad:
+    Py_DECREF(dict);
+    return NULL;
+}
+#endif
+#endif
+
+/* RaiseDoubleKeywords */
+static void __Pyx_RaiseDoubleKeywordsError(
+    const char* func_name,
+    PyObject* kw_name)
+{
+    PyErr_Format(PyExc_TypeError,
+        "%s() got multiple values for keyword argument '%U'", func_name, kw_name);
+}
+
+/* PyFunctionFastCall */
+#if CYTHON_FAST_PYCALL && !CYTHON_VECTORCALL
+static PyObject* __Pyx_PyFunction_FastCallNoKw(PyCodeObject *co, PyObject *const *args, Py_ssize_t na,
+                                               PyObject *globals) {
+    PyFrameObject *f;
+    PyThreadState *tstate = __Pyx_PyThreadState_Current;
+    PyObject **fastlocals;
+    Py_ssize_t i;
+    PyObject *result;
+    assert(globals != NULL);
+    /* XXX Perhaps we should create a specialized
+       PyFrame_New() that doesn't take locals, but does
+       take builtins without sanity checking them.
+       */
+    assert(tstate != NULL);
+    f = PyFrame_New(tstate, co, globals, NULL);
+    if (f == NULL) {
+        return NULL;
+    }
+    fastlocals = __Pyx_PyFrame_GetLocalsplus(f);
+    for (i = 0; i < na; i++) {
+        Py_INCREF(*args);
+        fastlocals[i] = *args++;
+    }
+    result = PyEval_EvalFrameEx(f,0);
+    ++tstate->recursion_depth;
+    Py_DECREF(f);
+    --tstate->recursion_depth;
+    return result;
+}
+static PyObject *__Pyx_PyFunction_FastCallDict(PyObject *func, PyObject *const *args, Py_ssize_t nargs, PyObject *kwargs) {
+    PyCodeObject *co = (PyCodeObject *)PyFunction_GET_CODE(func);
+    PyObject *globals = PyFunction_GET_GLOBALS(func);
+    PyObject *argdefs = PyFunction_GET_DEFAULTS(func);
+    PyObject *closure;
+    PyObject *kwdefs;
+    PyObject *kwtuple, **k;
+    PyObject **d;
+    Py_ssize_t nd;
+    Py_ssize_t nk;
+    PyObject *result;
+    assert(kwargs == NULL || PyDict_Check(kwargs));
+    nk = kwargs ? PyDict_Size(kwargs) : 0;
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object"))) {
+        return NULL;
+    }
+    if (
+            co->co_kwonlyargcount == 0 &&
+            likely(kwargs == NULL || nk == 0) &&
+            co->co_flags == (CO_OPTIMIZED | CO_NEWLOCALS | CO_NOFREE)) {
+        if (argdefs == NULL && co->co_argcount == nargs) {
+            result = __Pyx_PyFunction_FastCallNoKw(co, args, nargs, globals);
+            goto done;
+        }
+        else if (nargs == 0 && argdefs != NULL
+                 && co->co_argcount == Py_SIZE(argdefs)) {
+            /* function called with no arguments, but all parameters have
+               a default value: use default values as arguments .*/
+            args = &PyTuple_GET_ITEM(argdefs, 0);
+            result =__Pyx_PyFunction_FastCallNoKw(co, args, Py_SIZE(argdefs), globals);
+            goto done;
+        }
+    }
+    if (kwargs != NULL) {
+        Py_ssize_t pos, i;
+        kwtuple = PyTuple_New(2 * nk);
+        if (kwtuple == NULL) {
+            result = NULL;
+            goto done;
+        }
+        k = &PyTuple_GET_ITEM(kwtuple, 0);
+        pos = i = 0;
+        while (PyDict_Next(kwargs, &pos, &k[i], &k[i+1])) {
+            Py_INCREF(k[i]);
+            Py_INCREF(k[i+1]);
+            i += 2;
+        }
+        nk = i / 2;
+    }
+    else {
+        kwtuple = NULL;
+        k = NULL;
+    }
+    closure = PyFunction_GET_CLOSURE(func);
+    kwdefs = PyFunction_GET_KW_DEFAULTS(func);
+    if (argdefs != NULL) {
+        d = &PyTuple_GET_ITEM(argdefs, 0);
+        nd = Py_SIZE(argdefs);
+    }
+    else {
+        d = NULL;
+        nd = 0;
+    }
+    result = PyEval_EvalCodeEx((PyObject*)co, globals, (PyObject *)NULL,
+                               args, (int)nargs,
+                               k, (int)nk,
+                               d, (int)nd, kwdefs, closure);
+    Py_XDECREF(kwtuple);
+done:
+    Py_LeaveRecursiveCall();
+    return result;
+}
+#endif
+
+/* PyObjectCall */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *result;
+    ternaryfunc call = Py_TYPE(func)->tp_call;
+    if (unlikely(!call))
+        return PyObject_Call(func, arg, kw);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = (*call)(func, arg, kw);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectCallMethO */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject* __Pyx_PyObject_CallMethO(PyObject *func, PyObject *arg) {
+    PyObject *self, *result;
+    PyCFunction cfunc;
+    cfunc = __Pyx_CyOrPyCFunction_GET_FUNCTION(func);
+    self = __Pyx_CyOrPyCFunction_GET_SELF(func);
+    if (unlikely(Py_EnterRecursiveCall(" while calling a Python object")))
+        return NULL;
+    result = cfunc(self, arg);
+    Py_LeaveRecursiveCall();
+    if (unlikely(!result) && unlikely(!PyErr_Occurred())) {
+        PyErr_SetString(
+            PyExc_SystemError,
+            "NULL result without error in PyObject_Call");
+    }
+    return result;
+}
+#endif
+
+/* PyObjectFastCall */
+#if PY_VERSION_HEX < 0x03090000 || CYTHON_COMPILING_IN_LIMITED_API
+static PyObject* __Pyx_PyObject_FastCall_fallback(PyObject *func, PyObject * const*args, size_t nargs, PyObject *kwargs) {
+    PyObject *argstuple;
+    PyObject *result = 0;
+    size_t i;
+    argstuple = PyTuple_New((Py_ssize_t)nargs);
+    if (unlikely(!argstuple)) return NULL;
+    for (i = 0; i < nargs; i++) {
+        Py_INCREF(args[i]);
+        if (__Pyx_PyTuple_SET_ITEM(argstuple, (Py_ssize_t)i, args[i]) != (0)) goto bad;
+    }
+    result = __Pyx_PyObject_Call(func, argstuple, kwargs);
+  bad:
+    Py_DECREF(argstuple);
+    return result;
+}
+#endif
+#if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+  #if PY_VERSION_HEX < 0x03090000
+    #define __Pyx_PyVectorcall_Function(callable) _PyVectorcall_Function(callable)
+  #elif CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE vectorcallfunc __Pyx_PyVectorcall_Function(PyObject *callable) {
+    PyTypeObject *tp = Py_TYPE(callable);
+    #if defined(__Pyx_CyFunction_USED)
+    if (__Pyx_CyFunction_CheckExact(callable)) {
+        return __Pyx_CyFunction_func_vectorcall(callable);
+    }
+    #endif
+    if (!PyType_HasFeature(tp, Py_TPFLAGS_HAVE_VECTORCALL)) {
+        return NULL;
+    }
+    assert(PyCallable_Check(callable));
+    Py_ssize_t offset = tp->tp_vectorcall_offset;
+    assert(offset > 0);
+    vectorcallfunc ptr;
+    memcpy(&ptr, (char *) callable + offset, sizeof(ptr));
+    return ptr;
+}
+  #else
+    #define __Pyx_PyVectorcall_Function(callable) PyVectorcall_Function(callable)
+  #endif
+#endif
+static CYTHON_INLINE PyObject* __Pyx_PyObject_FastCallDict(PyObject *func, PyObject *const *args, size_t _nargs, PyObject *kwargs) {
+    Py_ssize_t nargs = __Pyx_PyVectorcall_NARGS(_nargs);
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (nargs == 0 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_NOARGS))
+            return __Pyx_PyObject_CallMethO(func, NULL);
+    }
+    else if (nargs == 1 && kwargs == NULL) {
+        if (__Pyx_CyOrPyCFunction_Check(func) && likely( __Pyx_CyOrPyCFunction_GET_FLAGS(func) & METH_O))
+            return __Pyx_PyObject_CallMethO(func, args[0]);
+    }
+#endif
+    #if PY_VERSION_HEX < 0x030800B1
+    #if CYTHON_FAST_PYCCALL
+    if (PyCFunction_Check(func)) {
+        if (kwargs) {
+            return _PyCFunction_FastCallDict(func, args, nargs, kwargs);
+        } else {
+            return _PyCFunction_FastCallKeywords(func, args, nargs, NULL);
+        }
+    }
+    if (!kwargs && __Pyx_IS_TYPE(func, &PyMethodDescr_Type)) {
+        return _PyMethodDescr_FastCallKeywords(func, args, nargs, NULL);
+    }
+    #endif
+    #if CYTHON_FAST_PYCALL
+    if (PyFunction_Check(func)) {
+        return __Pyx_PyFunction_FastCallDict(func, args, nargs, kwargs);
+    }
+    #endif
+    #endif
+    if (kwargs == NULL) {
+        #if CYTHON_VECTORCALL && !CYTHON_COMPILING_IN_LIMITED_API
+        vectorcallfunc f = __Pyx_PyVectorcall_Function(func);
+        if (f) {
+            return f(func, args, _nargs, NULL);
+        }
+        #elif defined(__Pyx_CyFunction_USED) && CYTHON_BACKPORT_VECTORCALL
+        if (__Pyx_CyFunction_CheckExact(func)) {
+            __pyx_vectorcallfunc f = __Pyx_CyFunction_func_vectorcall(func);
+            if (f) return f(func, args, _nargs, NULL);
+        }
+        #elif CYTHON_COMPILING_IN_LIMITED_API && CYTHON_VECTORCALL
+        return PyObject_Vectorcall(func, args, _nargs, NULL);
+        #endif
+    }
+    if (nargs == 0) {
+        return __Pyx_PyObject_Call(func, __pyx_mstate_global->__pyx_empty_tuple, kwargs);
+    }
+    #if PY_VERSION_HEX >= 0x03090000 && !CYTHON_COMPILING_IN_LIMITED_API
+    return PyObject_VectorcallDict(func, args, (size_t)nargs, kwargs);
+    #else
+    return __Pyx_PyObject_FastCall_fallback(func, args, (size_t)nargs, kwargs);
+    #endif
+}
+
+/* UnpackUnboundCMethod */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *args, PyObject *kwargs) {
+    PyObject *result;
+    PyObject *selfless_args = PyTuple_GetSlice(args, 1, PyTuple_Size(args));
+    if (unlikely(!selfless_args)) return NULL;
+    result = PyObject_Call(method, selfless_args, kwargs);
+    Py_DECREF(selfless_args);
+    return result;
+}
+#elif CYTHON_COMPILING_IN_PYPY && PY_VERSION_HEX < 0x03090000
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject **args, Py_ssize_t nargs, PyObject *kwnames) {
+        return _PyObject_Vectorcall
+            (method, args ? args+1 : NULL, nargs ? nargs-1 : 0, kwnames);
+}
+#else
+static PyObject *__Pyx_SelflessCall(PyObject *method, PyObject *const *args, Py_ssize_t nargs, PyObject *kwnames) {
+    return
+#if PY_VERSION_HEX < 0x03090000
+    _PyObject_Vectorcall
+#else
+    PyObject_Vectorcall
+#endif
+        (method, args ? args+1 : NULL, nargs ? (size_t) nargs-1 : 0, kwnames);
+}
+#endif
+static PyMethodDef __Pyx_UnboundCMethod_Def = {
+     "CythonUnboundCMethod",
+     __PYX_REINTERPRET_FUNCION(PyCFunction, __Pyx_SelflessCall),
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030C0000
+     METH_VARARGS | METH_KEYWORDS,
+#else
+     METH_FASTCALL | METH_KEYWORDS,
+#endif
+     NULL
+};
+static int __Pyx_TryUnpackUnboundCMethod(__Pyx_CachedCFunction* target) {
+    PyObject *method, *result=NULL;
+    method = __Pyx_PyObject_GetAttrStr(target->type, *target->method_name);
+    if (unlikely(!method))
+        return -1;
+    result = method;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (likely(__Pyx_TypeCheck(method, &PyMethodDescr_Type)))
+    {
+        PyMethodDescrObject *descr = (PyMethodDescrObject*) method;
+        target->func = descr->d_method->ml_meth;
+        target->flag = descr->d_method->ml_flags & ~(METH_CLASS | METH_STATIC | METH_COEXIST | METH_STACKLESS);
+    } else
+#endif
+#if CYTHON_COMPILING_IN_PYPY
+#else
+    if (PyCFunction_Check(method))
+#endif
+    {
+        PyObject *self;
+        int self_found;
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        self = PyObject_GetAttrString(method, "__self__");
+        if (!self) {
+            PyErr_Clear();
+        }
+#else
+        self = PyCFunction_GET_SELF(method);
+#endif
+        self_found = (self && self != Py_None);
+#if CYTHON_COMPILING_IN_LIMITED_API || CYTHON_COMPILING_IN_PYPY
+        Py_XDECREF(self);
+#endif
+        if (self_found) {
+            PyObject *unbound_method = PyCFunction_New(&__Pyx_UnboundCMethod_Def, method);
+            if (unlikely(!unbound_method)) return -1;
+            Py_DECREF(method);
+            result = unbound_method;
+        }
+    }
+#if !CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    if (unlikely(target->method)) {
+        Py_DECREF(result);
+    } else
+#endif
+    target->method = result;
+    return 0;
+}
+
+/* CallUnboundCMethod2 */
+#if CYTHON_COMPILING_IN_CPYTHON
+static CYTHON_INLINE PyObject *__Pyx_CallUnboundCMethod2(__Pyx_CachedCFunction *cfunc, PyObject *self, PyObject *arg1, PyObject *arg2) {
+    int was_initialized = __Pyx_CachedCFunction_GetAndSetInitializing(cfunc);
+    if (likely(was_initialized == 2 && cfunc->func)) {
+        PyObject *args[2] = {arg1, arg2};
+        if (cfunc->flag == METH_FASTCALL) {
+            return __Pyx_CallCFunctionFast(cfunc, self, args, 2);
+        }
+        if (cfunc->flag == (METH_FASTCALL | METH_KEYWORDS))
+            return __Pyx_CallCFunctionFastWithKeywords(cfunc, self, args, 2, NULL);
+    }
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    else if (unlikely(was_initialized == 1)) {
+        __Pyx_CachedCFunction tmp_cfunc = {
+#ifndef __cplusplus
+            0
+#endif
+        };
+        tmp_cfunc.type = cfunc->type;
+        tmp_cfunc.method_name = cfunc->method_name;
+        return __Pyx__CallUnboundCMethod2(&tmp_cfunc, self, arg1, arg2);
+    }
+#endif
+    PyObject *result = __Pyx__CallUnboundCMethod2(cfunc, self, arg1, arg2);
+    __Pyx_CachedCFunction_SetFinishedInitializing(cfunc);
+    return result;
+}
+#endif
+static PyObject* __Pyx__CallUnboundCMethod2(__Pyx_CachedCFunction* cfunc, PyObject* self, PyObject* arg1, PyObject* arg2){
+    if (unlikely(!cfunc->func && !cfunc->method) && unlikely(__Pyx_TryUnpackUnboundCMethod(cfunc) < 0)) return NULL;
+#if CYTHON_COMPILING_IN_CPYTHON
+    if (cfunc->func && (cfunc->flag & METH_VARARGS)) {
+        PyObject *result = NULL;
+        PyObject *args = PyTuple_New(2);
+        if (unlikely(!args)) return NULL;
+        Py_INCREF(arg1);
+        PyTuple_SET_ITEM(args, 0, arg1);
+        Py_INCREF(arg2);
+        PyTuple_SET_ITEM(args, 1, arg2);
+        if (cfunc->flag & METH_KEYWORDS)
+            result = __Pyx_CallCFunctionWithKeywords(cfunc, self, args, NULL);
+        else
+            result = __Pyx_CallCFunction(cfunc, self, args);
+        Py_DECREF(args);
+        return result;
+    }
+#endif
+    {
+        PyObject *args[4] = {NULL, self, arg1, arg2};
+        return __Pyx_PyObject_FastCall(cfunc->method, args+1, 3 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET);
+    }
+}
+
+/* ParseKeywords */
+static int __Pyx_ValidateDuplicatePosArgs(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char* function_name)
+{
+    PyObject ** const *name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *key = **name;
+        int found = PyDict_Contains(kwds, key);
+        if (unlikely(found)) {
+            if (found == 1) __Pyx_RaiseDoubleKeywordsError(function_name, key);
+            goto bad;
+        }
+        name++;
+    }
+    return 0;
+bad:
+    return -1;
+}
+#if CYTHON_USE_UNICODE_INTERNALS
+static CYTHON_INLINE int __Pyx_UnicodeKeywordsEqual(PyObject *s1, PyObject *s2) {
+    int kind;
+    Py_ssize_t len = PyUnicode_GET_LENGTH(s1);
+    if (len != PyUnicode_GET_LENGTH(s2)) return 0;
+    kind = PyUnicode_KIND(s1);
+    if (kind != PyUnicode_KIND(s2)) return 0;
+    const void *data1 = PyUnicode_DATA(s1);
+    const void *data2 = PyUnicode_DATA(s2);
+    return (memcmp(data1, data2, (size_t) len * (size_t) kind) == 0);
+}
+#endif
+static int __Pyx_MatchKeywordArg_str(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    #if CYTHON_USE_UNICODE_INTERNALS
+    Py_hash_t key_hash = ((PyASCIIObject*)key)->hash;
+    if (unlikely(key_hash == -1)) {
+        key_hash = PyObject_Hash(key);
+        if (unlikely(key_hash == -1))
+            goto bad;
+    }
+    #endif
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (key_hash == ((PyASCIIObject*)name_str)->hash && __Pyx_UnicodeKeywordsEqual(name_str, key)) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) {
+                *index_found = (size_t) (name - argnames);
+                return 1;
+            }
+        }
+        #endif
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        PyObject *name_str = **name;
+        #if CYTHON_USE_UNICODE_INTERNALS
+        if (unlikely(key_hash == ((PyASCIIObject*)name_str)->hash)) {
+            if (__Pyx_UnicodeKeywordsEqual(name_str, key))
+                goto arg_passed_twice;
+        }
+        #else
+        #if CYTHON_ASSUME_SAFE_SIZE
+        if (PyUnicode_GET_LENGTH(name_str) == PyUnicode_GET_LENGTH(key))
+        #endif
+        {
+            if (unlikely(name_str == key)) goto arg_passed_twice;
+            int cmp = PyUnicode_Compare(name_str, key);
+            if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
+            if (cmp == 0) goto arg_passed_twice;
+        }
+        #endif
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+bad:
+    return -1;
+}
+static int __Pyx_MatchKeywordArg_nostr(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    PyObject ** const *name;
+    if (unlikely(!PyUnicode_Check(key))) goto invalid_keyword_type;
+    name = first_kw_arg;
+    while (*name) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (cmp == 1) {
+            *index_found = (size_t) (name - argnames);
+            return 1;
+        }
+        if (unlikely(cmp == -1)) goto bad;
+        name++;
+    }
+    name = argnames;
+    while (name != first_kw_arg) {
+        int cmp = PyObject_RichCompareBool(**name, key, Py_EQ);
+        if (unlikely(cmp != 0)) {
+            if (cmp == 1) goto arg_passed_twice;
+            else goto bad;
+        }
+        name++;
+    }
+    return 0;
+arg_passed_twice:
+    __Pyx_RaiseDoubleKeywordsError(function_name, key);
+    goto bad;
+invalid_keyword_type:
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() keywords must be strings", function_name);
+    goto bad;
+bad:
+    return -1;
+}
+static CYTHON_INLINE int __Pyx_MatchKeywordArg(
+    PyObject *key,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    size_t *index_found,
+    const char *function_name)
+{
+    return likely(PyUnicode_CheckExact(key)) ?
+        __Pyx_MatchKeywordArg_str(key, argnames, first_kw_arg, index_found, function_name) :
+        __Pyx_MatchKeywordArg_nostr(key, argnames, first_kw_arg, index_found, function_name);
+}
+static void __Pyx_RejectUnknownKeyword(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject ** const *first_kw_arg,
+    const char *function_name)
+{
+    Py_ssize_t pos = 0;
+    PyObject *key = NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(kwds);
+    while (PyDict_Next(kwds, &pos, &key, NULL)) {
+        PyObject** const *name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (!*name) {
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_INCREF(key);
+            #endif
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp != 1) {
+                if (cmp == 0) {
+                    PyErr_Format(PyExc_TypeError,
+                        "%s() got an unexpected keyword argument '%U'",
+                        function_name, key);
+                }
+                #if CYTHON_AVOID_BORROWED_REFS
+                Py_DECREF(key);
+                #endif
+                break;
+            }
+            #if CYTHON_AVOID_BORROWED_REFS
+            Py_DECREF(key);
+            #endif
+        }
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    assert(PyErr_Occurred());
+}
+static int __Pyx_ParseKeywordDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t extracted = 0;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    name = first_kw_arg;
+    while (*name && num_kwargs > extracted) {
+        PyObject * key = **name;
+        PyObject *value;
+        int found = 0;
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        found = PyDict_GetItemRef(kwds, key, &value);
+        #else
+        value = PyDict_GetItemWithError(kwds, key);
+        if (value) {
+            Py_INCREF(value);
+            found = 1;
+        } else {
+            if (unlikely(PyErr_Occurred())) goto bad;
+        }
+        #endif
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            extracted++;
+        }
+        name++;
+    }
+    if (num_kwargs > extracted) {
+        if (ignore_unknown_kwargs) {
+            if (unlikely(__Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name) == -1))
+                goto bad;
+        } else {
+            __Pyx_RejectUnknownKeyword(kwds, argnames, first_kw_arg, function_name);
+            goto bad;
+        }
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordDictToDict(
+    PyObject *kwds,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    const char* function_name)
+{
+    PyObject** const *name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    Py_ssize_t len;
+#if !CYTHON_COMPILING_IN_PYPY || defined(PyArg_ValidateKeywordArguments)
+    if (unlikely(!PyArg_ValidateKeywordArguments(kwds))) return -1;
+#endif
+    if (PyDict_Update(kwds2, kwds) < 0) goto bad;
+    name = first_kw_arg;
+    while (*name) {
+        PyObject *key = **name;
+        PyObject *value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && (PY_VERSION_HEX >= 0x030d00A2 || defined(PyDict_Pop))
+        int found = PyDict_Pop(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+        }
+#elif __PYX_LIMITED_VERSION_HEX >= 0x030d0000
+        int found = PyDict_GetItemRef(kwds2, key, &value);
+        if (found) {
+            if (unlikely(found < 0)) goto bad;
+            values[name-argnames] = value;
+            if (unlikely(PyDict_DelItem(kwds2, key) < 0)) goto bad;
+        }
+#else
+    #if CYTHON_COMPILING_IN_CPYTHON
+        value = _PyDict_Pop(kwds2, key, kwds2);
+    #else
+        value = __Pyx_CallUnboundCMethod2(&__pyx_mstate_global->__pyx_umethod_PyDict_Type_pop, kwds2, key, kwds2);
+    #endif
+        if (value == kwds2) {
+            Py_DECREF(value);
+        } else {
+            if (unlikely(!value)) goto bad;
+            values[name-argnames] = value;
+        }
+#endif
+        name++;
+    }
+    len = PyDict_Size(kwds2);
+    if (len > 0) {
+        return __Pyx_ValidateDuplicatePosArgs(kwds, argnames, first_kw_arg, function_name);
+    } else if (unlikely(len == -1)) {
+        goto bad;
+    }
+    return 0;
+bad:
+    return -1;
+}
+static int __Pyx_ParseKeywordsTuple(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    PyObject *key = NULL;
+    PyObject** const * name;
+    PyObject** const *first_kw_arg = argnames + num_pos_args;
+    for (Py_ssize_t pos = 0; pos < num_kwargs; pos++) {
+#if CYTHON_AVOID_BORROWED_REFS
+        key = __Pyx_PySequence_ITEM(kwds, pos);
+#else
+        key = __Pyx_PyTuple_GET_ITEM(kwds, pos);
+#endif
+#if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(!key)) goto bad;
+#endif
+        name = first_kw_arg;
+        while (*name && (**name != key)) name++;
+        if (*name) {
+            PyObject *value = kwvalues[pos];
+            values[name-argnames] = __Pyx_NewRef(value);
+        } else {
+            size_t index_found = 0;
+            int cmp = __Pyx_MatchKeywordArg(key, argnames, first_kw_arg, &index_found, function_name);
+            if (cmp == 1) {
+                PyObject *value = kwvalues[pos];
+                values[index_found] = __Pyx_NewRef(value);
+            } else {
+                if (unlikely(cmp == -1)) goto bad;
+                if (kwds2) {
+                    PyObject *value = kwvalues[pos];
+                    if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+                } else if (!ignore_unknown_kwargs) {
+                    goto invalid_keyword;
+                }
+            }
+        }
+        #if CYTHON_AVOID_BORROWED_REFS
+        Py_DECREF(key);
+        key = NULL;
+        #endif
+    }
+    return 0;
+invalid_keyword:
+    PyErr_Format(PyExc_TypeError,
+        "%s() got an unexpected keyword argument '%U'",
+        function_name, key);
+    goto bad;
+bad:
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(key);
+    #endif
+    return -1;
+}
+static int __Pyx_ParseKeywords(
+    PyObject *kwds,
+    PyObject * const *kwvalues,
+    PyObject ** const argnames[],
+    PyObject *kwds2,
+    PyObject *values[],
+    Py_ssize_t num_pos_args,
+    Py_ssize_t num_kwargs,
+    const char* function_name,
+    int ignore_unknown_kwargs)
+{
+    if (CYTHON_METH_FASTCALL && likely(PyTuple_Check(kwds)))
+        return __Pyx_ParseKeywordsTuple(kwds, kwvalues, argnames, kwds2, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+    else if (kwds2)
+        return __Pyx_ParseKeywordDictToDict(kwds, argnames, kwds2, values, num_pos_args, function_name);
+    else
+        return __Pyx_ParseKeywordDict(kwds, argnames, values, num_pos_args, num_kwargs, function_name, ignore_unknown_kwargs);
+}
+
+/* RaiseArgTupleInvalid */
+static void __Pyx_RaiseArgtupleInvalid(
+    const char* func_name,
+    int exact,
+    Py_ssize_t num_min,
+    Py_ssize_t num_max,
+    Py_ssize_t num_found)
+{
+    Py_ssize_t num_expected;
+    const char *more_or_less;
+    if (num_found < num_min) {
+        num_expected = num_min;
+        more_or_less = "at least";
+    } else {
+        num_expected = num_max;
+        more_or_less = "at most";
+    }
+    if (exact) {
+        more_or_less = "exactly";
+    }
+    PyErr_Format(PyExc_TypeError,
+                 "%.200s() takes %.8s %" CYTHON_FORMAT_SSIZE_T "d positional argument%.1s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+                 func_name, more_or_less, num_expected,
+                 (num_expected == 1) ? "" : "s", num_found);
+}
+
+/* RaiseException */
+static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
+    PyObject* owned_instance = NULL;
+    if (tb == Py_None) {
+        tb = 0;
+    } else if (tb && !PyTraceBack_Check(tb)) {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: arg 3 must be a traceback or None");
+        goto bad;
+    }
+    if (value == Py_None)
+        value = 0;
+    if (PyExceptionInstance_Check(type)) {
+        if (value) {
+            PyErr_SetString(PyExc_TypeError,
+                "instance exception may not have a separate value");
+            goto bad;
+        }
+        value = type;
+        type = (PyObject*) Py_TYPE(value);
+    } else if (PyExceptionClass_Check(type)) {
+        PyObject *instance_class = NULL;
+        if (value && PyExceptionInstance_Check(value)) {
+            instance_class = (PyObject*) Py_TYPE(value);
+            if (instance_class != type) {
+                int is_subclass = PyObject_IsSubclass(instance_class, type);
+                if (!is_subclass) {
+                    instance_class = NULL;
+                } else if (unlikely(is_subclass == -1)) {
+                    goto bad;
+                } else {
+                    type = instance_class;
+                }
+            }
+        }
+        if (!instance_class) {
+            PyObject *args;
+            if (!value)
+                args = PyTuple_New(0);
+            else if (PyTuple_Check(value)) {
+                Py_INCREF(value);
+                args = value;
+            } else
+                args = PyTuple_Pack(1, value);
+            if (!args)
+                goto bad;
+            owned_instance = PyObject_Call(type, args, NULL);
+            Py_DECREF(args);
+            if (!owned_instance)
+                goto bad;
+            value = owned_instance;
+            if (!PyExceptionInstance_Check(value)) {
+                PyErr_Format(PyExc_TypeError,
+                             "calling %R should have returned an instance of "
+                             "BaseException, not %R",
+                             type, Py_TYPE(value));
+                goto bad;
+            }
+        }
+    } else {
+        PyErr_SetString(PyExc_TypeError,
+            "raise: exception class must be a subclass of BaseException");
+        goto bad;
+    }
+    if (cause) {
+        PyObject *fixed_cause;
+        if (cause == Py_None) {
+            fixed_cause = NULL;
+        } else if (PyExceptionClass_Check(cause)) {
+            fixed_cause = PyObject_CallObject(cause, NULL);
+            if (fixed_cause == NULL)
+                goto bad;
+        } else if (PyExceptionInstance_Check(cause)) {
+            fixed_cause = cause;
+            Py_INCREF(fixed_cause);
+        } else {
+            PyErr_SetString(PyExc_TypeError,
+                            "exception causes must derive from "
+                            "BaseException");
+            goto bad;
+        }
+        PyException_SetCause(value, fixed_cause);
+    }
+    PyErr_SetObject(type, value);
+    if (tb) {
+#if PY_VERSION_HEX >= 0x030C00A6
+        PyException_SetTraceback(value, tb);
+#elif CYTHON_FAST_THREAD_STATE
+        PyThreadState *tstate = __Pyx_PyThreadState_Current;
+        PyObject* tmp_tb = tstate->curexc_traceback;
+        if (tb != tmp_tb) {
+            Py_INCREF(tb);
+            tstate->curexc_traceback = tb;
+            Py_XDECREF(tmp_tb);
+        }
+#else
+        PyObject *tmp_type, *tmp_value, *tmp_tb;
+        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
+        Py_INCREF(tb);
+        PyErr_Restore(tmp_type, tmp_value, tb);
+        Py_XDECREF(tmp_tb);
+#endif
+    }
+bad:
+    Py_XDECREF(owned_instance);
+    return;
+}
+
+/* ListPack */
+static PyObject *__Pyx_PyList_Pack(Py_ssize_t n, ...) {
+    va_list va;
+    PyObject *l = PyList_New(n);
+    va_start(va, n);
+    if (unlikely(!l)) goto end;
+    for (Py_ssize_t i=0; i<n; ++i) {
+        PyObject *arg = va_arg(va, PyObject*);
+        Py_INCREF(arg);
+        if (__Pyx_PyList_SET_ITEM(l, i, arg) != (0)) {
+            Py_CLEAR(l);
+            goto end;
+        }
+    }
+    end:
+    va_end(va);
+    return l;
+}
+
+/* Import */
+static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
+    PyObject *module = 0;
+    PyObject *empty_dict = 0;
+    PyObject *empty_list = 0;
+    empty_dict = PyDict_New();
+    if (unlikely(!empty_dict))
+        goto bad;
+    if (level == -1) {
+        const char* package_sep = strchr(__Pyx_MODULE_NAME, '.');
+        if (package_sep != (0)) {
+            module = PyImport_ImportModuleLevelObject(
+                name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, 1);
+            if (unlikely(!module)) {
+                if (unlikely(!PyErr_ExceptionMatches(PyExc_ImportError)))
+                    goto bad;
+                PyErr_Clear();
+            }
+        }
+        level = 0;
+    }
+    if (!module) {
+        module = PyImport_ImportModuleLevelObject(
+            name, __pyx_mstate_global->__pyx_d, empty_dict, from_list, level);
+    }
+bad:
+    Py_XDECREF(empty_dict);
+    Py_XDECREF(empty_list);
+    return module;
+}
+
+/* ImportFrom */
+static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
+    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
+    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
+        const char* module_name_str = 0;
+        PyObject* module_name = 0;
+        PyObject* module_dot = 0;
+        PyObject* full_name = 0;
+        PyErr_Clear();
+        module_name_str = PyModule_GetName(module);
+        if (unlikely(!module_name_str)) { goto modbad; }
+        module_name = PyUnicode_FromString(module_name_str);
+        if (unlikely(!module_name)) { goto modbad; }
+        module_dot = PyUnicode_Concat(module_name, __pyx_mstate_global->__pyx_kp_u_);
+        if (unlikely(!module_dot)) { goto modbad; }
+        full_name = PyUnicode_Concat(module_dot, name);
+        if (unlikely(!full_name)) { goto modbad; }
+        #if (CYTHON_COMPILING_IN_PYPY && PYPY_VERSION_NUM  < 0x07030400) ||\
+                CYTHON_COMPILING_IN_GRAAL
+        {
+            PyObject *modules = PyImport_GetModuleDict();
+            if (unlikely(!modules))
+                goto modbad;
+            value = PyObject_GetItem(modules, full_name);
+        }
+        #else
+        value = PyImport_GetModule(full_name);
         #endif
-        if (likely(PyUnicode_Check(key))) {
-            while (*name) {
-                int cmp = (**name == key) ? 0 :
-                #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                    (__Pyx_PyUnicode_GET_LENGTH(**name) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                #endif
-                    PyUnicode_Compare(**name, key);
-                if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                if (cmp == 0) {
-                    values[name-argnames] = value;
-                    break;
+      modbad:
+        Py_XDECREF(full_name);
+        Py_XDECREF(module_dot);
+        Py_XDECREF(module_name);
+    }
+    if (unlikely(!value)) {
+        PyErr_Format(PyExc_ImportError, "cannot import name %S", name);
+    }
+    return value;
+}
+
+/* LimitedApiGetTypeDict */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static Py_ssize_t __Pyx_GetTypeDictOffset(void) {
+    PyObject *tp_dictoffset_o;
+    Py_ssize_t tp_dictoffset;
+    tp_dictoffset_o = PyObject_GetAttrString((PyObject*)(&PyType_Type), "__dictoffset__");
+    if (unlikely(!tp_dictoffset_o)) return -1;
+    tp_dictoffset = PyLong_AsSsize_t(tp_dictoffset_o);
+    Py_DECREF(tp_dictoffset_o);
+    if (unlikely(tp_dictoffset == 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' doesn't have a dictoffset");
+        return -1;
+    } else if (unlikely(tp_dictoffset < 0)) {
+        PyErr_SetString(
+            PyExc_TypeError,
+            "'type' has an unexpected negative dictoffset. "
+            "Please report this as Cython bug");
+        return -1;
+    }
+    return tp_dictoffset;
+}
+static PyObject *__Pyx_GetTypeDict(PyTypeObject *tp) {
+    static Py_ssize_t tp_dictoffset = 0;
+    if (unlikely(tp_dictoffset == 0)) {
+        tp_dictoffset = __Pyx_GetTypeDictOffset();
+        if (unlikely(tp_dictoffset == -1 && PyErr_Occurred())) {
+            tp_dictoffset = 0; // try again next time?
+            return NULL;
+        }
+    }
+    return *(PyObject**)((char*)tp + tp_dictoffset);
+}
+#endif
+
+/* SetItemOnTypeDict */
+static int __Pyx__SetItemOnTypeDict(PyTypeObject *tp, PyObject *k, PyObject *v) {
+    int result;
+    PyObject *tp_dict;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    tp_dict = __Pyx_GetTypeDict(tp);
+    if (unlikely(!tp_dict)) return -1;
+#else
+    tp_dict = tp->tp_dict;
+#endif
+    result = PyDict_SetItem(tp_dict, k, v);
+    if (likely(!result)) {
+        PyType_Modified(tp);
+        if (unlikely(PyObject_HasAttr(v, __pyx_mstate_global->__pyx_n_u_set_name))) {
+            PyObject *setNameResult = PyObject_CallMethodObjArgs(v, __pyx_mstate_global->__pyx_n_u_set_name,  (PyObject *) tp, k, NULL);
+            if (!setNameResult) return -1;
+            Py_DECREF(setNameResult);
+        }
+    }
+    return result;
+}
+
+/* FixUpExtensionType */
+static int __Pyx_fix_up_extension_type_from_spec(PyType_Spec *spec, PyTypeObject *type) {
+#if __PYX_LIMITED_VERSION_HEX > 0x030900B1
+    CYTHON_UNUSED_VAR(spec);
+    CYTHON_UNUSED_VAR(type);
+    CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+#else
+    const PyType_Slot *slot = spec->slots;
+    int changed = 0;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    while (slot && slot->slot && slot->slot != Py_tp_members)
+        slot++;
+    if (slot && slot->slot == Py_tp_members) {
+#if !CYTHON_COMPILING_IN_CPYTHON
+        const
+#endif  // !CYTHON_COMPILING_IN_CPYTHON)
+            PyMemberDef *memb = (PyMemberDef*) slot->pfunc;
+        while (memb && memb->name) {
+            if (memb->name[0] == '_' && memb->name[1] == '_') {
+                if (strcmp(memb->name, "__weaklistoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_weaklistoffset = memb->offset;
+                    changed = 1;
+                }
+                else if (strcmp(memb->name, "__dictoffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+                    type->tp_dictoffset = memb->offset;
+                    changed = 1;
+                }
+#if CYTHON_METH_FASTCALL
+                else if (strcmp(memb->name, "__vectorcalloffset__") == 0) {
+                    assert(memb->type == T_PYSSIZET);
+                    assert(memb->flags == READONLY);
+#if PY_VERSION_HEX >= 0x030800b4
+                    type->tp_vectorcall_offset = memb->offset;
+#else
+                    type->tp_print = (printfunc) memb->offset;
+#endif
+                    changed = 1;
+                }
+#endif  // CYTHON_METH_FASTCALL
+#if !CYTHON_COMPILING_IN_PYPY
+                else if (strcmp(memb->name, "__module__") == 0) {
+                    PyObject *descr;
+                    assert(memb->type == T_OBJECT);
+                    assert(memb->flags == 0 || memb->flags == READONLY);
+                    descr = PyDescr_NewMember(type, memb);
+                    if (unlikely(!descr))
+                        return -1;
+                    int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                    Py_DECREF(descr);
+                    if (unlikely(set_item_result < 0)) {
+                        return -1;
+                    }
+                    changed = 1;
                 }
-                name++;
+#endif  // !CYTHON_COMPILING_IN_PYPY
             }
-            if (*name) continue;
-            else {
-                PyObject*** argname = argnames;
-                while (argname != first_kw_arg) {
-                    int cmp = (**argname == key) ? 0 :
-                    #if !CYTHON_COMPILING_IN_PYPY && PY_MAJOR_VERSION >= 3
-                        (__Pyx_PyUnicode_GET_LENGTH(**argname) != __Pyx_PyUnicode_GET_LENGTH(key)) ? 1 :
-                    #endif
-                        PyUnicode_Compare(**argname, key);
-                    if (cmp < 0 && unlikely(PyErr_Occurred())) goto bad;
-                    if (cmp == 0) goto arg_passed_twice;
-                    argname++;
+            memb++;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_LIMITED_API
+#if !CYTHON_COMPILING_IN_PYPY
+    slot = spec->slots;
+    while (slot && slot->slot && slot->slot != Py_tp_getset)
+        slot++;
+    if (slot && slot->slot == Py_tp_getset) {
+        PyGetSetDef *getset = (PyGetSetDef*) slot->pfunc;
+        while (getset && getset->name) {
+            if (getset->name[0] == '_' && getset->name[1] == '_' && strcmp(getset->name, "__module__") == 0) {
+                PyObject *descr = PyDescr_NewGetSet(type, getset);
+                if (unlikely(!descr))
+                    return -1;
+                #if CYTHON_COMPILING_IN_LIMITED_API
+                PyObject *pyname = PyUnicode_FromString(getset->name);
+                if (unlikely(!pyname)) {
+                    Py_DECREF(descr);
+                    return -1;
+                }
+                int set_item_result = __Pyx_SetItemOnTypeDict(type, pyname, descr);
+                Py_DECREF(pyname);
+                #else
+                CYTHON_UNUSED_VAR(__Pyx__SetItemOnTypeDict);
+                int set_item_result = PyDict_SetItem(type->tp_dict, PyDescr_NAME(descr), descr);
+                #endif
+                Py_DECREF(descr);
+                if (unlikely(set_item_result < 0)) {
+                    return -1;
                 }
+                changed = 1;
             }
-        } else
-            goto invalid_keyword_type;
-        if (kwds2) {
-            if (unlikely(PyDict_SetItem(kwds2, key, value))) goto bad;
+            ++getset;
+        }
+    }
+#endif  // !CYTHON_COMPILING_IN_PYPY
+    if (changed)
+        PyType_Modified(type);
+#endif  // PY_VERSION_HEX > 0x030900B1
+    return 0;
+}
+
+/* FetchSharedCythonModule */
+static PyObject *__Pyx_FetchSharedCythonABIModule(void) {
+    return __Pyx_PyImport_AddModuleRef(__PYX_ABI_MODULE_NAME);
+}
+
+/* dict_setdefault */
+static CYTHON_INLINE PyObject *__Pyx_PyDict_SetDefault(PyObject *d, PyObject *key, PyObject *default_value,
+                                                       int is_safe_type) {
+    PyObject* value;
+    CYTHON_MAYBE_UNUSED_VAR(is_safe_type);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    value = PyObject_CallMethod(d, "setdefault", "OO", key, default_value);
+#elif PY_VERSION_HEX >= 0x030d0000
+    PyDict_SetDefaultRef(d, key, default_value, &value);
+#else
+    value = PyDict_SetDefault(d, key, default_value);
+    if (unlikely(!value)) return NULL;
+    Py_INCREF(value);
+#endif
+    return value;
+}
+
+/* FetchCommonType */
+#if __PYX_LIMITED_VERSION_HEX < 0x030C0000
+static PyObject* __Pyx_PyType_FromMetaclass(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *result = __Pyx_PyType_FromModuleAndSpec(module, spec, bases);
+    if (result && metaclass) {
+        PyObject *old_tp = (PyObject*)Py_TYPE(result);
+    Py_INCREF((PyObject*)metaclass);
+#if __PYX_LIMITED_VERSION_HEX >= 0x03090000
+        Py_SET_TYPE(result, metaclass);
+#else
+        result->ob_type = metaclass;
+#endif
+        Py_DECREF(old_tp);
+    }
+    return result;
+}
+#else
+#define __Pyx_PyType_FromMetaclass(me, mo, s, b) PyType_FromMetaclass(me, mo, s, b)
+#endif
+static int __Pyx_VerifyCachedType(PyObject *cached_type,
+                               const char *name,
+                               Py_ssize_t expected_basicsize) {
+    Py_ssize_t basicsize;
+    if (!PyType_Check(cached_type)) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s is not a type object", name);
+        return -1;
+    }
+    if (expected_basicsize == 0) {
+        return 0; // size is inherited, nothing useful to check
+    }
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_basicsize;
+    py_basicsize = PyObject_GetAttrString(cached_type, "__basicsize__");
+    if (unlikely(!py_basicsize)) return -1;
+    basicsize = PyLong_AsSsize_t(py_basicsize);
+    Py_DECREF(py_basicsize);
+    py_basicsize = NULL;
+    if (unlikely(basicsize == (Py_ssize_t)-1) && PyErr_Occurred()) return -1;
+#else
+    basicsize = ((PyTypeObject*) cached_type)->tp_basicsize;
+#endif
+    if (basicsize != expected_basicsize) {
+        PyErr_Format(PyExc_TypeError,
+            "Shared Cython type %.200s has the wrong size, try recompiling",
+            name);
+        return -1;
+    }
+    return 0;
+}
+static PyTypeObject *__Pyx_FetchCommonTypeFromSpec(PyTypeObject *metaclass, PyObject *module, PyType_Spec *spec, PyObject *bases) {
+    PyObject *abi_module = NULL, *cached_type = NULL, *abi_module_dict, *new_cached_type, *py_object_name;
+    int get_item_ref_result;
+    const char* object_name = strrchr(spec->name, '.');
+    object_name = object_name ? object_name+1 : spec->name;
+    py_object_name = PyUnicode_FromString(object_name);
+    if (!py_object_name) return NULL;
+    abi_module = __Pyx_FetchSharedCythonABIModule();
+    if (!abi_module) goto done;
+    abi_module_dict = PyModule_GetDict(abi_module);
+    if (!abi_module_dict) goto done;
+    get_item_ref_result = __Pyx_PyDict_GetItemRef(abi_module_dict, py_object_name, &cached_type);
+    if (get_item_ref_result == 1) {
+        if (__Pyx_VerifyCachedType(
+              cached_type,
+              object_name,
+              spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else if (unlikely(get_item_ref_result == -1)) {
+        goto bad;
+    }
+    CYTHON_UNUSED_VAR(module);
+    cached_type = __Pyx_PyType_FromMetaclass(metaclass, abi_module, spec, bases);
+    if (unlikely(!cached_type)) goto bad;
+    if (unlikely(__Pyx_fix_up_extension_type_from_spec(spec, (PyTypeObject *) cached_type) < 0)) goto bad;
+    new_cached_type = __Pyx_PyDict_SetDefault(abi_module_dict, py_object_name, cached_type, 1);
+    if (unlikely(new_cached_type != cached_type)) {
+        if (unlikely(!new_cached_type)) goto bad;
+        Py_DECREF(cached_type);
+        cached_type = new_cached_type;
+        if (__Pyx_VerifyCachedType(
+                cached_type,
+                object_name,
+                spec->basicsize) < 0) {
+            goto bad;
+        }
+        goto done;
+    } else {
+        Py_DECREF(new_cached_type);
+    }
+done:
+    Py_XDECREF(abi_module);
+    Py_DECREF(py_object_name);
+    assert(cached_type == NULL || PyType_Check(cached_type));
+    return (PyTypeObject *) cached_type;
+bad:
+    Py_XDECREF(cached_type);
+    cached_type = NULL;
+    goto done;
+}
+
+/* CommonTypesMetaclass */
+static PyObject* __pyx_CommonTypesMetaclass_get_module(CYTHON_UNUSED PyObject *self, CYTHON_UNUSED void* context) {
+    return PyUnicode_FromString(__PYX_ABI_MODULE_NAME);
+}
+static PyGetSetDef __pyx_CommonTypesMetaclass_getset[] = {
+    {"__module__", __pyx_CommonTypesMetaclass_get_module, NULL, NULL, NULL},
+    {0, 0, 0, 0, 0}
+};
+static PyType_Slot __pyx_CommonTypesMetaclass_slots[] = {
+    {Py_tp_getset, (void *)__pyx_CommonTypesMetaclass_getset},
+    {0, 0}
+};
+static PyType_Spec __pyx_CommonTypesMetaclass_spec = {
+    __PYX_TYPE_MODULE_PREFIX "_common_types_metatype",
+    0,
+    0,
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+    Py_TPFLAGS_DISALLOW_INSTANTIATION |
+#endif
+    Py_TPFLAGS_DEFAULT,
+    __pyx_CommonTypesMetaclass_slots
+};
+static int __pyx_CommonTypesMetaclass_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    PyObject *bases = PyTuple_Pack(1, &PyType_Type);
+    if (unlikely(!bases)) {
+        return -1;
+    }
+    mstate->__pyx_CommonTypesMetaclassType = __Pyx_FetchCommonTypeFromSpec(NULL, module, &__pyx_CommonTypesMetaclass_spec, bases);
+    Py_DECREF(bases);
+    if (unlikely(mstate->__pyx_CommonTypesMetaclassType == NULL)) {
+        return -1;
+    }
+    return 0;
+}
+
+/* CallTypeTraverse */
+#if !CYTHON_USE_TYPE_SPECS || (!CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x03090000)
+#else
+static int __Pyx_call_type_traverse(PyObject *o, int always_call, visitproc visit, void *arg) {
+    #if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x03090000
+    if (__Pyx_get_runtime_version() < 0x03090000) return 0;
+    #endif
+    if (!always_call) {
+        PyTypeObject *base = __Pyx_PyObject_GetSlot(o, tp_base, PyTypeObject*);
+        unsigned long flags = PyType_GetFlags(base);
+        if (flags & Py_TPFLAGS_HEAPTYPE) {
+            return 0;
+        }
+    }
+    Py_VISIT((PyObject*)Py_TYPE(o));
+    return 0;
+}
+#endif
+
+/* PyMethodNew */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    #if __PYX_LIMITED_VERSION_HEX >= 0x030C0000
+    {
+        PyObject *args[] = {func, self};
+        result = PyObject_Vectorcall(__pyx_mstate_global->__Pyx_CachedMethodType, args, 2, NULL);
+    }
+    #else
+    result = PyObject_CallFunctionObjArgs(__pyx_mstate_global->__Pyx_CachedMethodType, func, self, NULL);
+    #endif
+    return result;
+}
+#else
+static PyObject *__Pyx_PyMethod_New(PyObject *func, PyObject *self, PyObject *typ) {
+    CYTHON_UNUSED_VAR(typ);
+    if (!self)
+        return __Pyx_NewRef(func);
+    return PyMethod_New(func, self);
+}
+#endif
+
+/* PyVectorcallFastCallDict */
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static PyObject *__Pyx_PyVectorcall_FastCallDict_kw(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    PyObject *res = NULL;
+    PyObject *kwnames;
+    PyObject **newargs;
+    PyObject **kwvalues;
+    Py_ssize_t i, pos;
+    size_t j;
+    PyObject *key, *value;
+    unsigned long keys_are_strings;
+    #if !CYTHON_ASSUME_SAFE_SIZE
+    Py_ssize_t nkw = PyDict_Size(kw);
+    if (unlikely(nkw == -1)) return NULL;
+    #else
+    Py_ssize_t nkw = PyDict_GET_SIZE(kw);
+    #endif
+    newargs = (PyObject **)PyMem_Malloc((nargs + (size_t)nkw) * sizeof(args[0]));
+    if (unlikely(newargs == NULL)) {
+        PyErr_NoMemory();
+        return NULL;
+    }
+    for (j = 0; j < nargs; j++) newargs[j] = args[j];
+    kwnames = PyTuple_New(nkw);
+    if (unlikely(kwnames == NULL)) {
+        PyMem_Free(newargs);
+        return NULL;
+    }
+    kwvalues = newargs + nargs;
+    pos = i = 0;
+    keys_are_strings = Py_TPFLAGS_UNICODE_SUBCLASS;
+    while (PyDict_Next(kw, &pos, &key, &value)) {
+        keys_are_strings &=
+        #if CYTHON_COMPILING_IN_LIMITED_API
+            PyType_GetFlags(Py_TYPE(key));
+        #else
+            Py_TYPE(key)->tp_flags;
+        #endif
+        Py_INCREF(key);
+        Py_INCREF(value);
+        #if !CYTHON_ASSUME_SAFE_MACROS
+        if (unlikely(PyTuple_SetItem(kwnames, i, key) < 0)) goto cleanup;
+        #else
+        PyTuple_SET_ITEM(kwnames, i, key);
+        #endif
+        kwvalues[i] = value;
+        i++;
+    }
+    if (unlikely(!keys_are_strings)) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        goto cleanup;
+    }
+    res = vc(func, newargs, nargs, kwnames);
+cleanup:
+    Py_DECREF(kwnames);
+    for (i = 0; i < nkw; i++)
+        Py_DECREF(kwvalues[i]);
+    PyMem_Free(newargs);
+    return res;
+}
+static CYTHON_INLINE PyObject *__Pyx_PyVectorcall_FastCallDict(PyObject *func, __pyx_vectorcallfunc vc, PyObject *const *args, size_t nargs, PyObject *kw)
+{
+    Py_ssize_t kw_size =
+        likely(kw == NULL) ?
+        0 :
+#if !CYTHON_ASSUME_SAFE_SIZE
+        PyDict_Size(kw);
+#else
+        PyDict_GET_SIZE(kw);
+#endif
+    if (kw_size == 0) {
+        return vc(func, args, nargs, NULL);
+    }
+#if !CYTHON_ASSUME_SAFE_SIZE
+    else if (unlikely(kw_size == -1)) {
+        return NULL;
+    }
+#endif
+    return __Pyx_PyVectorcall_FastCallDict_kw(func, vc, args, nargs, kw);
+}
+#endif
+
+/* CythonFunctionShared */
+#if CYTHON_COMPILING_IN_LIMITED_API
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunctionNoMethod(PyObject *func, void (*cfunc)(void)) {
+    if (__Pyx_CyFunction_Check(func)) {
+        return PyCFunction_GetFunction(((__pyx_CyFunctionObject*)func)->func) == (PyCFunction) cfunc;
+    } else if (PyCFunction_Check(func)) {
+        return PyCFunction_GetFunction(func) == (PyCFunction) cfunc;
+    }
+    return 0;
+}
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if ((PyObject*)Py_TYPE(func) == __pyx_mstate_global->__Pyx_CachedMethodType) {
+        int result;
+        PyObject *newFunc = PyObject_GetAttr(func, __pyx_mstate_global->__pyx_n_u_func);
+        if (unlikely(!newFunc)) {
+            PyErr_Clear(); // It's only an optimization, so don't throw an error
+            return 0;
+        }
+        result = __Pyx__IsSameCyOrCFunctionNoMethod(newFunc, cfunc);
+        Py_DECREF(newFunc);
+        return result;
+    }
+    return __Pyx__IsSameCyOrCFunctionNoMethod(func, cfunc);
+}
+#else
+static CYTHON_INLINE int __Pyx__IsSameCyOrCFunction(PyObject *func, void (*cfunc)(void)) {
+    if (PyMethod_Check(func)) {
+        func = PyMethod_GET_FUNCTION(func);
+    }
+    return __Pyx_CyOrPyCFunction_Check(func) && __Pyx_CyOrPyCFunction_GET_FUNCTION(func) == (PyCFunction) cfunc;
+}
+#endif
+static CYTHON_INLINE void __Pyx__CyFunction_SetClassObj(__pyx_CyFunctionObject* f, PyObject* classobj) {
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    __Pyx_Py_XDECREF_SET(
+        __Pyx_CyFunction_GetClassObj(f),
+            ((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#else
+    __Pyx_Py_XDECREF_SET(
+        ((PyCMethodObject *) (f))->mm_class,
+        (PyTypeObject*)((classobj) ? __Pyx_NewRef(classobj) : NULL));
+#endif
+}
+static PyObject *
+__Pyx_CyFunction_get_doc_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_doc == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_doc = PyObject_GetAttrString(op->func, "__doc__");
+        if (unlikely(!op->func_doc)) return NULL;
+#else
+        if (((PyCFunctionObject*)op)->m_ml->ml_doc) {
+            op->func_doc = PyUnicode_FromString(((PyCFunctionObject*)op)->m_ml->ml_doc);
+            if (unlikely(op->func_doc == NULL))
+                return NULL;
+        } else {
+            Py_INCREF(Py_None);
+            return Py_None;
+        }
+#endif
+    }
+    Py_INCREF(op->func_doc);
+    return op->func_doc;
+}
+static PyObject *
+__Pyx_CyFunction_get_doc(__pyx_CyFunctionObject *op, void *closure) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(closure);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_doc_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_doc(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (value == NULL) {
+        value = Py_None;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_doc, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_name_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_name == NULL)) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+        op->func_name = PyObject_GetAttrString(op->func, "__name__");
+#else
+        op->func_name = PyUnicode_InternFromString(((PyCFunctionObject*)op)->m_ml->ml_name);
+#endif
+        if (unlikely(op->func_name == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_name);
+    return op->func_name;
+}
+static PyObject *
+__Pyx_CyFunction_get_name(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_name_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_name(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__name__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_name, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_qualname(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    Py_INCREF(op->func_qualname);
+    result = op->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_qualname(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL || !PyUnicode_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__qualname__ must be set to a string object");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_qualname, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict_locked(__pyx_CyFunctionObject *op)
+{
+    if (unlikely(op->func_dict == NULL)) {
+        op->func_dict = PyDict_New();
+        if (unlikely(op->func_dict == NULL))
+            return NULL;
+    }
+    Py_INCREF(op->func_dict);
+    return op->func_dict;
+}
+static PyObject *
+__Pyx_CyFunction_get_dict(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    PyObject *result;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_dict_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_dict(__pyx_CyFunctionObject *op, PyObject *value, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    if (unlikely(value == NULL)) {
+        PyErr_SetString(PyExc_TypeError,
+               "function's dictionary may not be deleted");
+        return -1;
+    }
+    if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+               "setting function's dictionary to a non-dict");
+        return -1;
+    }
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_dict, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_globals(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(op->func_globals);
+    return op->func_globals;
+}
+static PyObject *
+__Pyx_CyFunction_get_closure(__pyx_CyFunctionObject *op, void *context)
+{
+    CYTHON_UNUSED_VAR(op);
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+static PyObject *
+__Pyx_CyFunction_get_code(__pyx_CyFunctionObject *op, void *context)
+{
+    PyObject* result = (op->func_code) ? op->func_code : Py_None;
+    CYTHON_UNUSED_VAR(context);
+    Py_INCREF(result);
+    return result;
+}
+static int
+__Pyx_CyFunction_init_defaults(__pyx_CyFunctionObject *op) {
+    int result = 0;
+    PyObject *res = op->defaults_getter((PyObject *) op);
+    if (unlikely(!res))
+        return -1;
+    #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+    op->defaults_tuple = PyTuple_GET_ITEM(res, 0);
+    Py_INCREF(op->defaults_tuple);
+    op->defaults_kwdict = PyTuple_GET_ITEM(res, 1);
+    Py_INCREF(op->defaults_kwdict);
+    #else
+    op->defaults_tuple = __Pyx_PySequence_ITEM(res, 0);
+    if (unlikely(!op->defaults_tuple)) result = -1;
+    else {
+        op->defaults_kwdict = __Pyx_PySequence_ITEM(res, 1);
+        if (unlikely(!op->defaults_kwdict)) result = -1;
+    }
+    #endif
+    Py_DECREF(res);
+    return result;
+}
+static int
+__Pyx_CyFunction_set_defaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyTuple_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__defaults__ must be set to a tuple object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__defaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_tuple, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_tuple;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_tuple;
         } else {
-            goto invalid_keyword;
+            result = Py_None;
         }
     }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_defaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result = NULL;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_defaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_kwdefaults(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value) {
+        value = Py_None;
+    } else if (unlikely(value != Py_None && !PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__kwdefaults__ must be set to a dict object");
+        return -1;
+    }
+    PyErr_WarnEx(PyExc_RuntimeWarning, "changes to cyfunction.__kwdefaults__ will not "
+                 "currently affect the values used in function calls", 1);
+    Py_INCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->defaults_kwdict, value);
+    __Pyx_END_CRITICAL_SECTION();
     return 0;
-arg_passed_twice:
-    __Pyx_RaiseDoubleKeywordsError(function_name, key);
-    goto bad;
-invalid_keyword_type:
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->defaults_kwdict;
+    if (unlikely(!result)) {
+        if (op->defaults_getter) {
+            if (unlikely(__Pyx_CyFunction_init_defaults(op) < 0)) return NULL;
+            result = op->defaults_kwdict;
+        } else {
+            result = Py_None;
+        }
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_kwdefaults(__pyx_CyFunctionObject *op, void *context) {
+    PyObject* result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_kwdefaults_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static int
+__Pyx_CyFunction_set_annotations(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    if (!value || value == Py_None) {
+        value = NULL;
+    } else if (unlikely(!PyDict_Check(value))) {
+        PyErr_SetString(PyExc_TypeError,
+                        "__annotations__ must be set to a dict object");
+        return -1;
+    }
+    Py_XINCREF(value);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    __Pyx_Py_XDECREF_SET(op->func_annotations, value);
+    __Pyx_END_CRITICAL_SECTION();
+    return 0;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations_locked(__pyx_CyFunctionObject *op) {
+    PyObject* result = op->func_annotations;
+    if (unlikely(!result)) {
+        result = PyDict_New();
+        if (unlikely(!result)) return NULL;
+        op->func_annotations = result;
+    }
+    Py_INCREF(result);
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_annotations(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    result = __Pyx_CyFunction_get_annotations_locked(op);
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine_value(__pyx_CyFunctionObject *op) {
+    int is_coroutine = op->flags & __Pyx_CYFUNCTION_COROUTINE;
+    if (is_coroutine) {
+        PyObject *is_coroutine_value, *module, *fromlist, *marker = __pyx_mstate_global->__pyx_n_u_is_coroutine;
+        fromlist = PyList_New(1);
+        if (unlikely(!fromlist)) return NULL;
+        Py_INCREF(marker);
+#if CYTHON_ASSUME_SAFE_MACROS
+        PyList_SET_ITEM(fromlist, 0, marker);
+#else
+        if (unlikely(PyList_SetItem(fromlist, 0, marker) < 0)) {
+            Py_DECREF(marker);
+            Py_DECREF(fromlist);
+            return NULL;
+        }
+#endif
+        module = PyImport_ImportModuleLevelObject(__pyx_mstate_global->__pyx_n_u_asyncio_coroutines, NULL, NULL, fromlist, 0);
+        Py_DECREF(fromlist);
+        if (unlikely(!module)) goto ignore;
+        is_coroutine_value = __Pyx_PyObject_GetAttrStr(module, marker);
+        Py_DECREF(module);
+        if (likely(is_coroutine_value)) {
+            return is_coroutine_value;
+        }
+ignore:
+        PyErr_Clear();
+    }
+    return __Pyx_PyBool_FromLong(is_coroutine);
+}
+static PyObject *
+__Pyx_CyFunction_get_is_coroutine(__pyx_CyFunctionObject *op, void *context) {
+    PyObject *result;
+    CYTHON_UNUSED_VAR(context);
+    if (op->func_is_coroutine) {
+        return __Pyx_NewRef(op->func_is_coroutine);
+    }
+    result = __Pyx_CyFunction_get_is_coroutine_value(op);
+    if (unlikely(!result))
+        return NULL;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    if (op->func_is_coroutine) {
+        Py_DECREF(result);
+        result = __Pyx_NewRef(op->func_is_coroutine);
+    } else {
+        op->func_is_coroutine = __Pyx_NewRef(result);
+    }
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static void __Pyx_CyFunction_raise_argument_count_error(__pyx_CyFunctionObject *func, const char* message, Py_ssize_t size) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
     PyErr_Format(PyExc_TypeError,
-        "%.200s() keywords must be strings", function_name);
-    goto bad;
-invalid_keyword:
+        "%.200S() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        py_name, message, size);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
     PyErr_Format(PyExc_TypeError,
-    #if PY_MAJOR_VERSION < 3
-        "%.200s() got an unexpected keyword argument '%.200s'",
-        function_name, PyString_AsString(key));
-    #else
-        "%s() got an unexpected keyword argument '%U'",
-        function_name, key);
-    #endif
-bad:
-    return -1;
+        "%.200s() %s (%" CYTHON_FORMAT_SSIZE_T "d given)",
+        name, message, size);
+#endif
 }
-
-/* PyObjectCallNoArg */
-#if CYTHON_COMPILING_IN_CPYTHON
-static CYTHON_INLINE PyObject* __Pyx_PyObject_CallNoArg(PyObject *func) {
-#if CYTHON_FAST_PYCALL
-    if (PyFunction_Check(func)) {
-        return __Pyx_PyFunction_FastCall(func, NULL, 0);
+static void __Pyx_CyFunction_raise_type_error(__pyx_CyFunctionObject *func, const char* message) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *py_name = __Pyx_CyFunction_get_name(func, NULL);
+    if (!py_name) return;
+    PyErr_Format(PyExc_TypeError,
+        "%.200S() %s",
+        py_name, message);
+    Py_DECREF(py_name);
+#else
+    const char* name = ((PyCFunctionObject*)func)->m_ml->ml_name;
+    PyErr_Format(PyExc_TypeError,
+        "%.200s() %s",
+        name, message);
+#endif
+}
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *
+__Pyx_CyFunction_get_module(__pyx_CyFunctionObject *op, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_GetAttrString(op->func, "__module__");
+}
+static int
+__Pyx_CyFunction_set_module(__pyx_CyFunctionObject *op, PyObject* value, void *context) {
+    CYTHON_UNUSED_VAR(context);
+    return PyObject_SetAttrString(op->func, "__module__", value);
+}
+#endif
+static PyGetSetDef __pyx_CyFunction_getsets[] = {
+    {"func_doc", (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"__doc__",  (getter)__Pyx_CyFunction_get_doc, (setter)__Pyx_CyFunction_set_doc, 0, 0},
+    {"func_name", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__name__", (getter)__Pyx_CyFunction_get_name, (setter)__Pyx_CyFunction_set_name, 0, 0},
+    {"__qualname__", (getter)__Pyx_CyFunction_get_qualname, (setter)__Pyx_CyFunction_set_qualname, 0, 0},
+    {"func_dict", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"__dict__", (getter)__Pyx_CyFunction_get_dict, (setter)__Pyx_CyFunction_set_dict, 0, 0},
+    {"func_globals", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"__globals__", (getter)__Pyx_CyFunction_get_globals, 0, 0, 0},
+    {"func_closure", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"__closure__", (getter)__Pyx_CyFunction_get_closure, 0, 0, 0},
+    {"func_code", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"__code__", (getter)__Pyx_CyFunction_get_code, 0, 0, 0},
+    {"func_defaults", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__defaults__", (getter)__Pyx_CyFunction_get_defaults, (setter)__Pyx_CyFunction_set_defaults, 0, 0},
+    {"__kwdefaults__", (getter)__Pyx_CyFunction_get_kwdefaults, (setter)__Pyx_CyFunction_set_kwdefaults, 0, 0},
+    {"__annotations__", (getter)__Pyx_CyFunction_get_annotations, (setter)__Pyx_CyFunction_set_annotations, 0, 0},
+    {"_is_coroutine", (getter)__Pyx_CyFunction_get_is_coroutine, 0, 0, 0},
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", (getter)__Pyx_CyFunction_get_module, (setter)__Pyx_CyFunction_set_module, 0, 0},
+#endif
+    {0, 0, 0, 0, 0}
+};
+static PyMemberDef __pyx_CyFunction_members[] = {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    {"__module__", T_OBJECT, offsetof(PyCFunctionObject, m_module), 0, 0},
+#endif
+    {"__dictoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_dict), READONLY, 0},
+#if CYTHON_METH_FASTCALL
+#if CYTHON_BACKPORT_VECTORCALL || CYTHON_COMPILING_IN_LIMITED_API
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_vectorcall), READONLY, 0},
+#else
+    {"__vectorcalloffset__", T_PYSSIZET, offsetof(PyCFunctionObject, vectorcall), READONLY, 0},
+#endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(__pyx_CyFunctionObject, func_weakreflist), READONLY, 0},
+#else
+    {"__weaklistoffset__", T_PYSSIZET, offsetof(PyCFunctionObject, m_weakreflist), READONLY, 0},
+#endif
+#endif
+    {0, 0, 0,  0, 0}
+};
+static PyObject *
+__Pyx_CyFunction_reduce(__pyx_CyFunctionObject *m, PyObject *args)
+{
+    PyObject *result = NULL;
+    CYTHON_UNUSED_VAR(args);
+    __Pyx_BEGIN_CRITICAL_SECTION(m);
+    Py_INCREF(m->func_qualname);
+    result = m->func_qualname;
+    __Pyx_END_CRITICAL_SECTION();
+    return result;
+}
+static PyMethodDef __pyx_CyFunction_methods[] = {
+    {"__reduce__", (PyCFunction)__Pyx_CyFunction_reduce, METH_VARARGS, 0},
+    {0, 0, 0, 0}
+};
+#if CYTHON_COMPILING_IN_LIMITED_API
+#define __Pyx_CyFunction_weakreflist(cyfunc) ((cyfunc)->func_weakreflist)
+#else
+#define __Pyx_CyFunction_weakreflist(cyfunc) (((PyCFunctionObject*)cyfunc)->m_weakreflist)
+#endif
+static PyObject *__Pyx_CyFunction_Init(__pyx_CyFunctionObject *op, PyMethodDef *ml, int flags, PyObject* qualname,
+                                       PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunctionObject *cf = (PyCFunctionObject*) op;
+#endif
+    if (unlikely(op == NULL))
+        return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    op->func = PyCFunction_NewEx(ml, (PyObject*)op, module);
+    if (unlikely(!op->func)) return NULL;
+#endif
+    op->flags = flags;
+    __Pyx_CyFunction_weakreflist(op) = NULL;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    cf->m_ml = ml;
+    cf->m_self = (PyObject *) op;
+#endif
+    Py_XINCREF(closure);
+    op->func_closure = closure;
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_XINCREF(module);
+    cf->m_module = module;
+#endif
+    op->func_dict = NULL;
+    op->func_name = NULL;
+    Py_INCREF(qualname);
+    op->func_qualname = qualname;
+    op->func_doc = NULL;
+#if PY_VERSION_HEX < 0x030900B1 || CYTHON_COMPILING_IN_LIMITED_API
+    op->func_classobj = NULL;
+#else
+    ((PyCMethodObject*)op)->mm_class = NULL;
+#endif
+    op->func_globals = globals;
+    Py_INCREF(op->func_globals);
+    Py_XINCREF(code);
+    op->func_code = code;
+    op->defaults = NULL;
+    op->defaults_tuple = NULL;
+    op->defaults_kwdict = NULL;
+    op->defaults_getter = NULL;
+    op->func_annotations = NULL;
+    op->func_is_coroutine = NULL;
+#if CYTHON_METH_FASTCALL
+    switch (ml->ml_flags & (METH_VARARGS | METH_FASTCALL | METH_NOARGS | METH_O | METH_KEYWORDS | METH_METHOD)) {
+    case METH_NOARGS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_NOARGS;
+        break;
+    case METH_O:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_O;
+        break;
+    case METH_METHOD | METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD;
+        break;
+    case METH_FASTCALL | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS;
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        __Pyx_CyFunction_func_vectorcall(op) = NULL;
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        Py_DECREF(op);
+        return NULL;
     }
 #endif
-#ifdef __Pyx_CyFunction_USED
-    if (likely(PyCFunction_Check(func) || __Pyx_CyFunction_Check(func)))
+    return (PyObject *) op;
+}
+static int
+__Pyx_CyFunction_clear(__pyx_CyFunctionObject *m)
+{
+    Py_CLEAR(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_CLEAR(m->func);
 #else
-    if (likely(PyCFunction_Check(func)))
+    Py_CLEAR(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_CLEAR(m->func_dict);
+    Py_CLEAR(m->func_name);
+    Py_CLEAR(m->func_qualname);
+    Py_CLEAR(m->func_doc);
+    Py_CLEAR(m->func_globals);
+    Py_CLEAR(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+#if PY_VERSION_HEX < 0x030900B1
+    Py_CLEAR(__Pyx_CyFunction_GetClassObj(m));
+#else
+    {
+        PyObject *cls = (PyObject*) ((PyCMethodObject *) (m))->mm_class;
+        ((PyCMethodObject *) (m))->mm_class = NULL;
+        Py_XDECREF(cls);
+    }
+#endif
 #endif
+    Py_CLEAR(m->defaults_tuple);
+    Py_CLEAR(m->defaults_kwdict);
+    Py_CLEAR(m->func_annotations);
+    Py_CLEAR(m->func_is_coroutine);
+    Py_CLEAR(m->defaults);
+    return 0;
+}
+static void __Pyx__CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    if (__Pyx_CyFunction_weakreflist(m) != NULL)
+        PyObject_ClearWeakRefs((PyObject *) m);
+    __Pyx_CyFunction_clear(m);
+    __Pyx_PyHeapTypeObject_GC_Del(m);
+}
+static void __Pyx_CyFunction_dealloc(__pyx_CyFunctionObject *m)
+{
+    PyObject_GC_UnTrack(m);
+    __Pyx__CyFunction_dealloc(m);
+}
+static int __Pyx_CyFunction_traverse(__pyx_CyFunctionObject *m, visitproc visit, void *arg)
+{
     {
-        if (likely(PyCFunction_GET_FLAGS(func) & METH_NOARGS)) {
-            return __Pyx_PyObject_CallMethO(func, NULL);
+        int e = __Pyx_call_type_traverse((PyObject*)m, 1, visit, arg);
+        if (e) return e;
+    }
+    Py_VISIT(m->func_closure);
+#if CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(m->func);
+#else
+    Py_VISIT(((PyCFunctionObject*)m)->m_module);
+#endif
+    Py_VISIT(m->func_dict);
+    __Pyx_VISIT_CONST(m->func_name);
+    __Pyx_VISIT_CONST(m->func_qualname);
+    Py_VISIT(m->func_doc);
+    Py_VISIT(m->func_globals);
+    __Pyx_VISIT_CONST(m->func_code);
+#if !CYTHON_COMPILING_IN_LIMITED_API
+    Py_VISIT(__Pyx_CyFunction_GetClassObj(m));
+#endif
+    Py_VISIT(m->defaults_tuple);
+    Py_VISIT(m->defaults_kwdict);
+    Py_VISIT(m->func_is_coroutine);
+    Py_VISIT(m->defaults);
+    return 0;
+}
+static PyObject*
+__Pyx_CyFunction_repr(__pyx_CyFunctionObject *op)
+{
+    PyObject *repr;
+    __Pyx_BEGIN_CRITICAL_SECTION(op);
+    repr = PyUnicode_FromFormat("<cyfunction %U at %p>",
+                                op->func_qualname, (void *)op);
+    __Pyx_END_CRITICAL_SECTION();
+    return repr;
+}
+static PyObject * __Pyx_CyFunction_CallMethod(PyObject *func, PyObject *self, PyObject *arg, PyObject *kw) {
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyObject *f = ((__pyx_CyFunctionObject*)func)->func;
+    PyCFunction meth;
+    int flags;
+    meth = PyCFunction_GetFunction(f);
+    if (unlikely(!meth)) return NULL;
+    flags = PyCFunction_GetFlags(f);
+    if (unlikely(flags < 0)) return NULL;
+#else
+    PyCFunctionObject* f = (PyCFunctionObject*)func;
+    PyCFunction meth = f->m_ml->ml_meth;
+    int flags = f->m_ml->ml_flags;
+#endif
+    Py_ssize_t size;
+    switch (flags & (METH_VARARGS | METH_KEYWORDS | METH_NOARGS | METH_O)) {
+    case METH_VARARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0))
+            return (*meth)(self, arg);
+        break;
+    case METH_VARARGS | METH_KEYWORDS:
+        return (*(PyCFunctionWithKeywords)(void(*)(void))meth)(self, arg, kw);
+    case METH_NOARGS:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 0))
+                return (*meth)(self, NULL);
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes no arguments", size);
+            return NULL;
+        }
+        break;
+    case METH_O:
+        if (likely(kw == NULL || PyDict_Size(kw) == 0)) {
+#if CYTHON_ASSUME_SAFE_SIZE
+            size = PyTuple_GET_SIZE(arg);
+#else
+            size = PyTuple_Size(arg);
+            if (unlikely(size < 0)) return NULL;
+#endif
+            if (likely(size == 1)) {
+                PyObject *result, *arg0;
+                #if CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS
+                arg0 = PyTuple_GET_ITEM(arg, 0);
+                #else
+                arg0 = __Pyx_PySequence_ITEM(arg, 0); if (unlikely(!arg0)) return NULL;
+                #endif
+                result = (*meth)(self, arg0);
+                #if !(CYTHON_ASSUME_SAFE_MACROS && !CYTHON_AVOID_BORROWED_REFS)
+                Py_DECREF(arg0);
+                #endif
+                return result;
+            }
+            __Pyx_CyFunction_raise_argument_count_error(
+                (__pyx_CyFunctionObject*)func,
+                "takes exactly one argument", size);
+            return NULL;
         }
+        break;
+    default:
+        PyErr_SetString(PyExc_SystemError, "Bad call flags for CyFunction");
+        return NULL;
     }
-    return __Pyx_PyObject_Call(func, __pyx_empty_tuple, NULL);
+    __Pyx_CyFunction_raise_type_error(
+        (__pyx_CyFunctionObject*)func, "takes no keyword arguments");
+    return NULL;
 }
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_Call(PyObject *func, PyObject *arg, PyObject *kw) {
+    PyObject *self, *result;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)func)->func);
+    if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+    self = ((PyCFunctionObject*)func)->m_self;
+#endif
+    result = __Pyx_CyFunction_CallMethod(func, self, arg, kw);
+    return result;
+}
+static PyObject *__Pyx_CyFunction_CallAsMethod(PyObject *func, PyObject *args, PyObject *kw) {
+    PyObject *result;
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *) func;
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+     __pyx_vectorcallfunc vc = __Pyx_CyFunction_func_vectorcall(cyfunc);
+    if (vc) {
+#if CYTHON_ASSUME_SAFE_MACROS && CYTHON_ASSUME_SAFE_SIZE
+        return __Pyx_PyVectorcall_FastCallDict(func, vc, &PyTuple_GET_ITEM(args, 0), (size_t)PyTuple_GET_SIZE(args), kw);
+#else
+        (void) &__Pyx_PyVectorcall_FastCallDict;
+        return PyVectorcall_Call(func, args, kw);
 #endif
-
-/* RaiseException */
-#if PY_MAJOR_VERSION < 3
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb,
-                        CYTHON_UNUSED PyObject *cause) {
-    __Pyx_PyThreadState_declare
-    Py_XINCREF(type);
-    if (!value || value == Py_None)
-        value = NULL;
-    else
-        Py_INCREF(value);
-    if (!tb || tb == Py_None)
-        tb = NULL;
-    else {
-        Py_INCREF(tb);
-        if (!PyTraceBack_Check(tb)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: arg 3 must be a traceback or None");
-            goto raise_error;
-        }
     }
-    if (PyType_Check(type)) {
-#if CYTHON_COMPILING_IN_PYPY
-        if (!value) {
-            Py_INCREF(Py_None);
-            value = Py_None;
-        }
 #endif
-        PyErr_NormalizeException(&type, &value, &tb);
-    } else {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto raise_error;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        Py_ssize_t argc;
+        PyObject *new_args;
+        PyObject *self;
+#if CYTHON_ASSUME_SAFE_SIZE
+        argc = PyTuple_GET_SIZE(args);
+#else
+        argc = PyTuple_Size(args);
+        if (unlikely(argc < 0)) return NULL;
+#endif
+        new_args = PyTuple_GetSlice(args, 1, argc);
+        if (unlikely(!new_args))
+            return NULL;
+        self = PyTuple_GetItem(args, 0);
+        if (unlikely(!self)) {
+            Py_DECREF(new_args);
+            PyErr_Format(PyExc_TypeError,
+                         "unbound method %.200S() needs an argument",
+                         cyfunc->func_qualname);
+            return NULL;
         }
-        value = type;
-        type = (PyObject*) Py_TYPE(type);
-        Py_INCREF(type);
-        if (!PyType_IsSubtype((PyTypeObject *)type, (PyTypeObject *)PyExc_BaseException)) {
-            PyErr_SetString(PyExc_TypeError,
-                "raise: exception class must be a subclass of BaseException");
-            goto raise_error;
+        result = __Pyx_CyFunction_CallMethod(func, self, new_args, kw);
+        Py_DECREF(new_args);
+    } else {
+        result = __Pyx_CyFunction_Call(func, args, kw);
+    }
+    return result;
+}
+#if CYTHON_METH_FASTCALL && (CYTHON_VECTORCALL || CYTHON_BACKPORT_VECTORCALL)
+static CYTHON_INLINE int __Pyx_CyFunction_Vectorcall_CheckArgs(__pyx_CyFunctionObject *cyfunc, Py_ssize_t nargs, PyObject *kwnames)
+{
+    int ret = 0;
+    if ((cyfunc->flags & __Pyx_CYFUNCTION_CCLASS) && !(cyfunc->flags & __Pyx_CYFUNCTION_STATICMETHOD)) {
+        if (unlikely(nargs < 1)) {
+            __Pyx_CyFunction_raise_type_error(
+                cyfunc, "needs an argument");
+            return -1;
         }
+        ret = 1;
     }
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrRestore(type, value, tb);
-    return;
-raise_error:
-    Py_XDECREF(value);
-    Py_XDECREF(type);
-    Py_XDECREF(tb);
-    return;
+    if (unlikely(kwnames) && unlikely(__Pyx_PyTuple_GET_SIZE(kwnames))) {
+        __Pyx_CyFunction_raise_type_error(
+            cyfunc, "takes no keyword arguments");
+        return -1;
+    }
+    return ret;
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_NOARGS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-static void __Pyx_Raise(PyObject *type, PyObject *value, PyObject *tb, PyObject *cause) {
-    PyObject* owned_instance = NULL;
-    if (tb == Py_None) {
-        tb = 0;
-    } else if (tb && !PyTraceBack_Check(tb)) {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: arg 3 must be a traceback or None");
-        goto bad;
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (value == Py_None)
-        value = 0;
-    if (PyExceptionInstance_Check(type)) {
-        if (value) {
-            PyErr_SetString(PyExc_TypeError,
-                "instance exception may not have a separate value");
-            goto bad;
-        }
-        value = type;
-        type = (PyObject*) Py_TYPE(value);
-    } else if (PyExceptionClass_Check(type)) {
-        PyObject *instance_class = NULL;
-        if (value && PyExceptionInstance_Check(value)) {
-            instance_class = (PyObject*) Py_TYPE(value);
-            if (instance_class != type) {
-                int is_subclass = PyObject_IsSubclass(instance_class, type);
-                if (!is_subclass) {
-                    instance_class = NULL;
-                } else if (unlikely(is_subclass == -1)) {
-                    goto bad;
-                } else {
-                    type = instance_class;
-                }
-            }
-        }
-        if (!instance_class) {
-            PyObject *args;
-            if (!value)
-                args = PyTuple_New(0);
-            else if (PyTuple_Check(value)) {
-                Py_INCREF(value);
-                args = value;
-            } else
-                args = PyTuple_Pack(1, value);
-            if (!args)
-                goto bad;
-            owned_instance = PyObject_Call(type, args, NULL);
-            Py_DECREF(args);
-            if (!owned_instance)
-                goto bad;
-            value = owned_instance;
-            if (!PyExceptionInstance_Check(value)) {
-                PyErr_Format(PyExc_TypeError,
-                             "calling %R should have returned an instance of "
-                             "BaseException, not %R",
-                             type, Py_TYPE(value));
-                goto bad;
-            }
-        }
-    } else {
-        PyErr_SetString(PyExc_TypeError,
-            "raise: exception class must be a subclass of BaseException");
-        goto bad;
+    if (unlikely(nargs != 0)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes no arguments", nargs);
+        return NULL;
+    }
+    return meth(self, NULL);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_O(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, kwnames)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    if (cause) {
-        PyObject *fixed_cause;
-        if (cause == Py_None) {
-            fixed_cause = NULL;
-        } else if (PyExceptionClass_Check(cause)) {
-            fixed_cause = PyObject_CallObject(cause, NULL);
-            if (fixed_cause == NULL)
-                goto bad;
-        } else if (PyExceptionInstance_Check(cause)) {
-            fixed_cause = cause;
-            Py_INCREF(fixed_cause);
-        } else {
-            PyErr_SetString(PyExc_TypeError,
-                            "exception causes must derive from "
-                            "BaseException");
-            goto bad;
-        }
-        PyException_SetCause(value, fixed_cause);
+    if (unlikely(nargs != 1)) {
+        __Pyx_CyFunction_raise_argument_count_error(
+            cyfunc, "takes exactly one argument", nargs);
+        return NULL;
     }
-    PyErr_SetObject(type, value);
-    if (tb) {
-#if CYTHON_COMPILING_IN_PYPY
-        PyObject *tmp_type, *tmp_value, *tmp_tb;
-        PyErr_Fetch(&tmp_type, &tmp_value, &tmp_tb);
-        Py_INCREF(tb);
-        PyErr_Restore(tmp_type, tmp_value, tb);
-        Py_XDECREF(tmp_tb);
+    return meth(self, args[0]);
+}
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
 #else
-        PyThreadState *tstate = __Pyx_PyThreadState_Current;
-        PyObject* tmp_tb = tstate->curexc_traceback;
-        if (tb != tmp_tb) {
-            Py_INCREF(tb);
-            tstate->curexc_traceback = tb;
-            Py_XDECREF(tmp_tb);
-        }
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
+#endif
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
 #endif
+        break;
+    default:
+        return NULL;
     }
-bad:
-    Py_XDECREF(owned_instance);
-    return;
+    return ((__Pyx_PyCFunctionFastWithKeywords)(void(*)(void))meth)(self, args, nargs, kwnames);
 }
+static PyObject * __Pyx_CyFunction_Vectorcall_FASTCALL_KEYWORDS_METHOD(PyObject *func, PyObject *const *args, size_t nargsf, PyObject *kwnames)
+{
+    __pyx_CyFunctionObject *cyfunc = (__pyx_CyFunctionObject *)func;
+    PyTypeObject *cls = (PyTypeObject *) __Pyx_CyFunction_GetClassObj(cyfunc);
+#if CYTHON_BACKPORT_VECTORCALL
+    Py_ssize_t nargs = (Py_ssize_t)nargsf;
+#else
+    Py_ssize_t nargs = PyVectorcall_NARGS(nargsf);
 #endif
-
-/* Import */
-static PyObject *__Pyx_Import(PyObject *name, PyObject *from_list, int level) {
-    PyObject *empty_list = 0;
-    PyObject *module = 0;
-    PyObject *global_dict = 0;
-    PyObject *empty_dict = 0;
-    PyObject *list;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_import;
-    py_import = __Pyx_PyObject_GetAttrStr(__pyx_b, __pyx_n_s_import);
-    if (!py_import)
-        goto bad;
-    #endif
-    if (from_list)
-        list = from_list;
-    else {
-        empty_list = PyList_New(0);
-        if (!empty_list)
-            goto bad;
-        list = empty_list;
+    PyObject *self;
+#if CYTHON_COMPILING_IN_LIMITED_API
+    PyCFunction meth = PyCFunction_GetFunction(cyfunc->func);
+    if (unlikely(!meth)) return NULL;
+#else
+    PyCFunction meth = ((PyCFunctionObject*)cyfunc)->m_ml->ml_meth;
+#endif
+    switch (__Pyx_CyFunction_Vectorcall_CheckArgs(cyfunc, nargs, NULL)) {
+    case 1:
+        self = args[0];
+        args += 1;
+        nargs -= 1;
+        break;
+    case 0:
+#if CYTHON_COMPILING_IN_LIMITED_API
+        self = PyCFunction_GetSelf(((__pyx_CyFunctionObject*)cyfunc)->func);
+        if (unlikely(!self) && PyErr_Occurred()) return NULL;
+#else
+        self = ((PyCFunctionObject*)cyfunc)->m_self;
+#endif
+        break;
+    default:
+        return NULL;
     }
-    global_dict = PyModule_GetDict(__pyx_m);
-    if (!global_dict)
-        goto bad;
-    empty_dict = PyDict_New();
-    if (!empty_dict)
-        goto bad;
-    {
-        #if PY_MAJOR_VERSION >= 3
-        if (level == -1) {
-            if ((1) && (strchr(__Pyx_MODULE_NAME, '.'))) {
-                module = PyImport_ImportModuleLevelObject(
-                    name, global_dict, empty_dict, list, 1);
-                if (!module) {
-                    if (!PyErr_ExceptionMatches(PyExc_ImportError))
-                        goto bad;
-                    PyErr_Clear();
-                }
-            }
-            level = 0;
-        }
-        #endif
-        if (!module) {
-            #if PY_MAJOR_VERSION < 3
-            PyObject *py_level = PyInt_FromLong(level);
-            if (!py_level)
-                goto bad;
-            module = PyObject_CallFunctionObjArgs(py_import,
-                name, global_dict, empty_dict, list, py_level, (PyObject *)NULL);
-            Py_DECREF(py_level);
-            #else
-            module = PyImport_ImportModuleLevelObject(
-                name, global_dict, empty_dict, list, level);
-            #endif
-        }
+    return ((__Pyx_PyCMethod)(void(*)(void))meth)(self, cls, args, (size_t)nargs, kwnames);
+}
+#endif
+static PyType_Slot __pyx_CyFunctionType_slots[] = {
+    {Py_tp_dealloc, (void *)__Pyx_CyFunction_dealloc},
+    {Py_tp_repr, (void *)__Pyx_CyFunction_repr},
+    {Py_tp_call, (void *)__Pyx_CyFunction_CallAsMethod},
+    {Py_tp_traverse, (void *)__Pyx_CyFunction_traverse},
+    {Py_tp_clear, (void *)__Pyx_CyFunction_clear},
+    {Py_tp_methods, (void *)__pyx_CyFunction_methods},
+    {Py_tp_members, (void *)__pyx_CyFunction_members},
+    {Py_tp_getset, (void *)__pyx_CyFunction_getsets},
+    {Py_tp_descr_get, (void *)__Pyx_PyMethod_New},
+    {0, 0},
+};
+static PyType_Spec __pyx_CyFunctionType_spec = {
+    __PYX_TYPE_MODULE_PREFIX "cython_function_or_method",
+    sizeof(__pyx_CyFunctionObject),
+    0,
+#ifdef Py_TPFLAGS_METHOD_DESCRIPTOR
+    Py_TPFLAGS_METHOD_DESCRIPTOR |
+#endif
+#if CYTHON_METH_FASTCALL
+#if defined(Py_TPFLAGS_HAVE_VECTORCALL)
+    Py_TPFLAGS_HAVE_VECTORCALL |
+#elif defined(_Py_TPFLAGS_HAVE_VECTORCALL)
+    _Py_TPFLAGS_HAVE_VECTORCALL |
+#endif
+#endif // CYTHON_METH_FASTCALL
+#if PY_VERSION_HEX >= 0x030A0000
+    Py_TPFLAGS_IMMUTABLETYPE |
+#endif
+    Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC | Py_TPFLAGS_BASETYPE,
+    __pyx_CyFunctionType_slots
+};
+static int __pyx_CyFunction_init(PyObject *module) {
+    __pyx_mstatetype *mstate = __Pyx_PyModule_GetState(module);
+    mstate->__pyx_CyFunctionType = __Pyx_FetchCommonTypeFromSpec(
+        mstate->__pyx_CommonTypesMetaclassType, module, &__pyx_CyFunctionType_spec, NULL);
+    if (unlikely(mstate->__pyx_CyFunctionType == NULL)) {
+        return -1;
     }
-bad:
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_import);
-    #endif
-    Py_XDECREF(empty_list);
-    Py_XDECREF(empty_dict);
-    return module;
+    return 0;
+}
+static CYTHON_INLINE PyObject *__Pyx_CyFunction_InitDefaults(PyObject *func, PyTypeObject *defaults_type) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults = PyObject_CallObject((PyObject*)defaults_type, NULL); // _PyObject_New(defaults_type);
+    if (unlikely(!m->defaults))
+        return NULL;
+    return m->defaults;
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsTuple(PyObject *func, PyObject *tuple) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_tuple = tuple;
+    Py_INCREF(tuple);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetDefaultsKwDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->defaults_kwdict = dict;
+    Py_INCREF(dict);
+}
+static CYTHON_INLINE void __Pyx_CyFunction_SetAnnotationsDict(PyObject *func, PyObject *dict) {
+    __pyx_CyFunctionObject *m = (__pyx_CyFunctionObject *) func;
+    m->func_annotations = dict;
+    Py_INCREF(dict);
 }
 
-/* ImportFrom */
-static PyObject* __Pyx_ImportFrom(PyObject* module, PyObject* name) {
-    PyObject* value = __Pyx_PyObject_GetAttrStr(module, name);
-    if (unlikely(!value) && PyErr_ExceptionMatches(PyExc_AttributeError)) {
-        PyErr_Format(PyExc_ImportError,
-        #if PY_MAJOR_VERSION < 3
-            "cannot import name %.230s", PyString_AS_STRING(name));
-        #else
-            "cannot import name %S", name);
-        #endif
+/* CythonFunction */
+static PyObject *__Pyx_CyFunction_New(PyMethodDef *ml, int flags, PyObject* qualname,
+                                      PyObject *closure, PyObject *module, PyObject* globals, PyObject* code) {
+    PyObject *op = __Pyx_CyFunction_Init(
+        PyObject_GC_New(__pyx_CyFunctionObject, __pyx_mstate_global->__pyx_CyFunctionType),
+        ml, flags, qualname, closure, module, globals, code
+    );
+    if (likely(op)) {
+        PyObject_GC_Track(op);
     }
-    return value;
+    return op;
 }
 
 /* CLineInTraceback */
-#ifndef CYTHON_CLINE_IN_TRACEBACK
-static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int c_line) {
+#if CYTHON_CLINE_IN_TRACEBACK && CYTHON_CLINE_IN_TRACEBACK_RUNTIME
+static int __Pyx_CLineForTraceback(PyThreadState *tstate, int c_line) {
     PyObject *use_cline;
     PyObject *ptype, *pvalue, *ptraceback;
 #if CYTHON_COMPILING_IN_CPYTHON
     PyObject **cython_runtime_dict;
 #endif
-    if (unlikely(!__pyx_cython_runtime)) {
+    CYTHON_MAYBE_UNUSED_VAR(tstate);
+    if (unlikely(!__pyx_mstate_global->__pyx_cython_runtime)) {
         return c_line;
     }
     __Pyx_ErrFetchInState(tstate, &ptype, &pvalue, &ptraceback);
 #if CYTHON_COMPILING_IN_CPYTHON
-    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_cython_runtime);
+    cython_runtime_dict = _PyObject_GetDictPtr(__pyx_mstate_global->__pyx_cython_runtime);
     if (likely(cython_runtime_dict)) {
+        __Pyx_BEGIN_CRITICAL_SECTION(*cython_runtime_dict);
         __PYX_PY_DICT_LOOKUP_IF_MODIFIED(
             use_cline, *cython_runtime_dict,
-            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_n_s_cline_in_traceback))
+            __Pyx_PyDict_GetItemStr(*cython_runtime_dict, __pyx_mstate_global->__pyx_n_u_cline_in_traceback))
+        Py_XINCREF(use_cline);
+        __Pyx_END_CRITICAL_SECTION();
     } else
 #endif
     {
-      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback);
+      PyObject *use_cline_obj = __Pyx_PyObject_GetAttrStrNoError(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback);
       if (use_cline_obj) {
         use_cline = PyObject_Not(use_cline_obj) ? Py_False : Py_True;
+        Py_INCREF(use_cline);
         Py_DECREF(use_cline_obj);
       } else {
         PyErr_Clear();
@@ -4371,11 +7853,12 @@ static int __Pyx_CLineForTraceback(CYTHON_NCP_UNUSED PyThreadState *tstate, int
     }
     if (!use_cline) {
         c_line = 0;
-        (void) PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False);
+        (void) PyObject_SetAttr(__pyx_mstate_global->__pyx_cython_runtime, __pyx_mstate_global->__pyx_n_u_cline_in_traceback, Py_False);
     }
     else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {
         c_line = 0;
     }
+    Py_XDECREF(use_cline);
     __Pyx_ErrRestoreInState(tstate, ptype, pvalue, ptraceback);
     return c_line;
 }
@@ -4403,130 +7886,196 @@ static int __pyx_bisect_code_objects(__Pyx_CodeObjectCacheEntry* entries, int co
         return mid + 1;
     }
 }
-static PyCodeObject *__pyx_find_code_object(int code_line) {
-    PyCodeObject* code_object;
+static __Pyx_CachedCodeObjectType *__pyx__find_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line) {
+    __Pyx_CachedCodeObjectType* code_object;
     int pos;
-    if (unlikely(!code_line) || unlikely(!__pyx_code_cache.entries)) {
+    if (unlikely(!code_line) || unlikely(!code_cache->entries)) {
         return NULL;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if (unlikely(pos >= __pyx_code_cache.count) || unlikely(__pyx_code_cache.entries[pos].code_line != code_line)) {
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if (unlikely(pos >= code_cache->count) || unlikely(code_cache->entries[pos].code_line != code_line)) {
         return NULL;
     }
-    code_object = __pyx_code_cache.entries[pos].code_object;
+    code_object = code_cache->entries[pos].code_object;
     Py_INCREF(code_object);
     return code_object;
 }
-static void __pyx_insert_code_object(int code_line, PyCodeObject* code_object) {
+static __Pyx_CachedCodeObjectType *__pyx_find_code_object(int code_line) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__find_code_object;
+    return NULL; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just miss.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type old_count = __pyx_atomic_incr_acq_rel(&code_cache->accessor_count);
+    if (old_count < 0) {
+        __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+        return NULL;
+    }
+#endif
+    __Pyx_CachedCodeObjectType *result = __pyx__find_code_object(code_cache, code_line);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_decr_acq_rel(&code_cache->accessor_count);
+#endif
+    return result;
+#endif
+}
+static void __pyx__insert_code_object(struct __Pyx_CodeObjectCache *code_cache, int code_line, __Pyx_CachedCodeObjectType* code_object)
+{
     int pos, i;
-    __Pyx_CodeObjectCacheEntry* entries = __pyx_code_cache.entries;
+    __Pyx_CodeObjectCacheEntry* entries = code_cache->entries;
     if (unlikely(!code_line)) {
         return;
     }
     if (unlikely(!entries)) {
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Malloc(64*sizeof(__Pyx_CodeObjectCacheEntry));
         if (likely(entries)) {
-            __pyx_code_cache.entries = entries;
-            __pyx_code_cache.max_count = 64;
-            __pyx_code_cache.count = 1;
+            code_cache->entries = entries;
+            code_cache->max_count = 64;
+            code_cache->count = 1;
             entries[0].code_line = code_line;
             entries[0].code_object = code_object;
             Py_INCREF(code_object);
         }
         return;
     }
-    pos = __pyx_bisect_code_objects(__pyx_code_cache.entries, __pyx_code_cache.count, code_line);
-    if ((pos < __pyx_code_cache.count) && unlikely(__pyx_code_cache.entries[pos].code_line == code_line)) {
-        PyCodeObject* tmp = entries[pos].code_object;
+    pos = __pyx_bisect_code_objects(code_cache->entries, code_cache->count, code_line);
+    if ((pos < code_cache->count) && unlikely(code_cache->entries[pos].code_line == code_line)) {
+        __Pyx_CachedCodeObjectType* tmp = entries[pos].code_object;
         entries[pos].code_object = code_object;
+        Py_INCREF(code_object);
         Py_DECREF(tmp);
         return;
     }
-    if (__pyx_code_cache.count == __pyx_code_cache.max_count) {
-        int new_max = __pyx_code_cache.max_count + 64;
+    if (code_cache->count == code_cache->max_count) {
+        int new_max = code_cache->max_count + 64;
         entries = (__Pyx_CodeObjectCacheEntry*)PyMem_Realloc(
-            __pyx_code_cache.entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
+            code_cache->entries, ((size_t)new_max) * sizeof(__Pyx_CodeObjectCacheEntry));
         if (unlikely(!entries)) {
             return;
         }
-        __pyx_code_cache.entries = entries;
-        __pyx_code_cache.max_count = new_max;
+        code_cache->entries = entries;
+        code_cache->max_count = new_max;
     }
-    for (i=__pyx_code_cache.count; i>pos; i--) {
+    for (i=code_cache->count; i>pos; i--) {
         entries[i] = entries[i-1];
     }
     entries[pos].code_line = code_line;
     entries[pos].code_object = code_object;
-    __pyx_code_cache.count++;
+    code_cache->count++;
     Py_INCREF(code_object);
 }
+static void __pyx_insert_code_object(int code_line, __Pyx_CachedCodeObjectType* code_object) {
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING && !CYTHON_ATOMICS
+    (void)__pyx__insert_code_object;
+    return; // Most implementation should have atomics. But otherwise, don't make it thread-safe, just fail.
+#else
+    struct __Pyx_CodeObjectCache *code_cache = &__pyx_mstate_global->__pyx_code_cache;
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_nonatomic_int_type expected = 0;
+    if (!__pyx_atomic_int_cmp_exchange(&code_cache->accessor_count, &expected, INT_MIN)) {
+        return;
+    }
+#endif
+    __pyx__insert_code_object(code_cache, code_line, code_object);
+#if CYTHON_COMPILING_IN_CPYTHON_FREETHREADING
+    __pyx_atomic_sub(&code_cache->accessor_count, INT_MIN);
+#endif
+#endif
+}
 
 /* AddTraceback */
 #include "compile.h"
 #include "frameobject.h"
 #include "traceback.h"
-#if PY_VERSION_HEX >= 0x030b00a6
+#if PY_VERSION_HEX >= 0x030b00a6 && !CYTHON_COMPILING_IN_LIMITED_API && !defined(PYPY_VERSION)
   #ifndef Py_BUILD_CORE
     #define Py_BUILD_CORE 1
   #endif
   #include "internal/pycore_frame.h"
 #endif
+#if CYTHON_COMPILING_IN_LIMITED_API
+static PyObject *__Pyx_PyCode_Replace_For_AddTraceback(PyObject *code, PyObject *scratch_dict,
+                                                       PyObject *firstlineno, PyObject *name) {
+    PyObject *replace = NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_firstlineno", firstlineno))) return NULL;
+    if (unlikely(PyDict_SetItemString(scratch_dict, "co_name", name))) return NULL;
+    replace = PyObject_GetAttrString(code, "replace");
+    if (likely(replace)) {
+        PyObject *result = PyObject_Call(replace, __pyx_mstate_global->__pyx_empty_tuple, scratch_dict);
+        Py_DECREF(replace);
+        return result;
+    }
+    PyErr_Clear();
+    return NULL;
+}
+static void __Pyx_AddTraceback(const char *funcname, int c_line,
+                               int py_line, const char *filename) {
+    PyObject *code_object = NULL, *py_py_line = NULL, *py_funcname = NULL, *dict = NULL;
+    PyObject *replace = NULL, *getframe = NULL, *frame = NULL;
+    PyObject *exc_type, *exc_value, *exc_traceback;
+    int success = 0;
+    if (c_line) {
+        (void) __pyx_cfilenm;
+        (void) __Pyx_CLineForTraceback(__Pyx_PyThreadState_Current, c_line);
+    }
+    PyErr_Fetch(&exc_type, &exc_value, &exc_traceback);
+    code_object = __pyx_find_code_object(c_line ? -c_line : py_line);
+    if (!code_object) {
+        code_object = Py_CompileString("_getframe()", filename, Py_eval_input);
+        if (unlikely(!code_object)) goto bad;
+        py_py_line = PyLong_FromLong(py_line);
+        if (unlikely(!py_py_line)) goto bad;
+        py_funcname = PyUnicode_FromString(funcname);
+        if (unlikely(!py_funcname)) goto bad;
+        dict = PyDict_New();
+        if (unlikely(!dict)) goto bad;
+        {
+            PyObject *old_code_object = code_object;
+            code_object = __Pyx_PyCode_Replace_For_AddTraceback(code_object, dict, py_py_line, py_funcname);
+            Py_DECREF(old_code_object);
+        }
+        if (unlikely(!code_object)) goto bad;
+        __pyx_insert_code_object(c_line ? -c_line : py_line, code_object);
+    } else {
+        dict = PyDict_New();
+    }
+    getframe = PySys_GetObject("_getframe");
+    if (unlikely(!getframe)) goto bad;
+    if (unlikely(PyDict_SetItemString(dict, "_getframe", getframe))) goto bad;
+    frame = PyEval_EvalCode(code_object, dict, dict);
+    if (unlikely(!frame) || frame == Py_None) goto bad;
+    success = 1;
+  bad:
+    PyErr_Restore(exc_type, exc_value, exc_traceback);
+    Py_XDECREF(code_object);
+    Py_XDECREF(py_py_line);
+    Py_XDECREF(py_funcname);
+    Py_XDECREF(dict);
+    Py_XDECREF(replace);
+    if (success) {
+        PyTraceBack_Here(
+            (struct _frame*)frame);
+    }
+    Py_XDECREF(frame);
+}
+#else
 static PyCodeObject* __Pyx_CreateCodeObjectForTraceback(
             const char *funcname, int c_line,
             int py_line, const char *filename) {
     PyCodeObject *py_code = NULL;
     PyObject *py_funcname = NULL;
-    #if PY_MAJOR_VERSION < 3
-    PyObject *py_srcfile = NULL;
-    py_srcfile = PyString_FromString(filename);
-    if (!py_srcfile) goto bad;
-    #endif
     if (c_line) {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
-        if (!py_funcname) goto bad;
-        #else
         py_funcname = PyUnicode_FromFormat( "%s (%s:%d)", funcname, __pyx_cfilenm, c_line);
         if (!py_funcname) goto bad;
         funcname = PyUnicode_AsUTF8(py_funcname);
         if (!funcname) goto bad;
-        #endif
-    }
-    else {
-        #if PY_MAJOR_VERSION < 3
-        py_funcname = PyString_FromString(funcname);
-        if (!py_funcname) goto bad;
-        #endif
     }
-    #if PY_MAJOR_VERSION < 3
-    py_code = __Pyx_PyCode_New(
-        0,
-        0,
-        0,
-        0,
-        0,
-        __pyx_empty_bytes, /*PyObject *code,*/
-        __pyx_empty_tuple, /*PyObject *consts,*/
-        __pyx_empty_tuple, /*PyObject *names,*/
-        __pyx_empty_tuple, /*PyObject *varnames,*/
-        __pyx_empty_tuple, /*PyObject *freevars,*/
-        __pyx_empty_tuple, /*PyObject *cellvars,*/
-        py_srcfile,   /*PyObject *filename,*/
-        py_funcname,  /*PyObject *name,*/
-        py_line,
-        __pyx_empty_bytes  /*PyObject *lnotab*/
-    );
-    Py_DECREF(py_srcfile);
-    #else
     py_code = PyCode_NewEmpty(filename, funcname, py_line);
-    #endif
-    Py_XDECREF(py_funcname);  // XDECREF since it's only set on Py3 if cline
+    Py_XDECREF(py_funcname);
     return py_code;
 bad:
     Py_XDECREF(py_funcname);
-    #if PY_MAJOR_VERSION < 3
-    Py_XDECREF(py_srcfile);
-    #endif
     return NULL;
 }
 static void __Pyx_AddTraceback(const char *funcname, int c_line,
@@ -4557,7 +8106,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     py_frame = PyFrame_New(
         tstate,            /*PyThreadState *tstate,*/
         py_code,           /*PyCodeObject *code,*/
-        __pyx_d,    /*PyObject *globals,*/
+        __pyx_mstate_global->__pyx_d,    /*PyObject *globals,*/
         0                  /*PyObject *locals*/
     );
     if (!py_frame) goto bad;
@@ -4567,6 +8116,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     Py_XDECREF(py_code);
     Py_XDECREF(py_frame);
 }
+#endif
 
 /* CIntFromPyVerify */
 #define __PYX_VERIFY_RETURN_INT(target_type, func_type, func_value)\
@@ -4591,7 +8141,7 @@ static void __Pyx_AddTraceback(const char *funcname, int c_line,
     }
 
 /* CIntFromPy */
-static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
+static CYTHON_INLINE int __Pyx_PyLong_As_int(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4601,179 +8151,237 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(int) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(int, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (int) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        int val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (int) -1;
+        val = __Pyx_PyLong_As_int(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(int, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 2 * PyLong_SHIFT)) {
                             return (int) (((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 3 * PyLong_SHIFT)) {
                             return (int) (((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) >= 4 * PyLong_SHIFT)) {
                             return (int) (((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (int) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (int) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(int) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(int) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(int) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (int) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(int, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(int,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(int, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(int) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(int) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
                             return (int) ((((((int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(int) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(int) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
                             return (int) ((((((((int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(int) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) (((int)-1)*(((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(int) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(int) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(int, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(int) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(int) - 1 > 4 * PyLong_SHIFT)) {
                             return (int) ((((((((((int)digits[3]) << PyLong_SHIFT) | (int)digits[2]) << PyLong_SHIFT) | (int)digits[1]) << PyLong_SHIFT) | (int)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(int) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
+        if ((sizeof(int) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(int) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(int, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        int val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (int) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            int val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (int) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (int) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (int) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(int) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((int) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(int) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((int) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((int) 1) << (sizeof(int) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (int) -1;
-        }
-    } else {
-        int val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (int) -1;
-        val = __Pyx_PyInt_As_int(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -4786,8 +8394,40 @@ static CYTHON_INLINE int __Pyx_PyInt_As_int(PyObject *x) {
     return (int) -1;
 }
 
+/* PyObjectVectorCallKwBuilder */
+#if CYTHON_VECTORCALL
+static int __Pyx_VectorcallBuilder_AddArg(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_PyObject_FastCallDict;
+    if (__Pyx_PyTuple_SET_ITEM(builder, n, key) != (0)) return -1;
+    Py_INCREF(key);
+    args[n] = value;
+    return 0;
+}
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    (void)__Pyx_VectorcallBuilder_AddArgStr;
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return __Pyx_VectorcallBuilder_AddArg(key, value, builder, args, n);
+}
+static int __Pyx_VectorcallBuilder_AddArgStr(const char *key, PyObject *value, PyObject *builder, PyObject **args, int n) {
+    PyObject *pyKey = PyUnicode_FromString(key);
+    if (!pyKey) return -1;
+    return __Pyx_VectorcallBuilder_AddArg(pyKey, value, builder, args, n);
+}
+#else // CYTHON_VECTORCALL
+CYTHON_UNUSED static int __Pyx_VectorcallBuilder_AddArg_Check(PyObject *key, PyObject *value, PyObject *builder, CYTHON_UNUSED PyObject **args, CYTHON_UNUSED int n) {
+    if (unlikely(!PyUnicode_Check(key))) {
+        PyErr_SetString(PyExc_TypeError, "keywords must be strings");
+        return -1;
+    }
+    return PyDict_SetItem(builder, key, value);
+}
+#endif
+
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_int(int value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4799,17 +8439,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(int) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(int) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(int) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(int) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(int) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -4817,15 +8457,87 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_int(int value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(int),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(int));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
+    }
+}
+
+/* FormatTypeName */
+#if CYTHON_COMPILING_IN_LIMITED_API && __PYX_LIMITED_VERSION_HEX < 0x030d0000
+static __Pyx_TypeName
+__Pyx_PyType_GetFullyQualifiedName(PyTypeObject* tp)
+{
+    PyObject *module = NULL, *name = NULL, *result = NULL;
+    #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+    name = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_qualname);
+    #else
+    name = PyType_GetQualName(tp);
+    #endif
+    if (unlikely(name == NULL) || unlikely(!PyUnicode_Check(name))) goto bad;
+    module = __Pyx_PyObject_GetAttrStr((PyObject *)tp,
+                                               __pyx_mstate_global->__pyx_n_u_module);
+    if (unlikely(module == NULL) || unlikely(!PyUnicode_Check(module))) goto bad;
+    if (PyUnicode_CompareWithASCIIString(module, "builtins") == 0) {
+        result = name;
+        name = NULL;
+        goto done;
+    }
+    result = PyUnicode_FromFormat("%U.%U", module, name);
+    if (unlikely(result == NULL)) goto bad;
+  done:
+    Py_XDECREF(name);
+    Py_XDECREF(module);
+    return result;
+  bad:
+    PyErr_Clear();
+    if (name) {
+        result = name;
+        name = NULL;
+    } else {
+        result = __Pyx_NewRef(__pyx_mstate_global->__pyx_kp_u__2);
     }
+    goto done;
 }
+#endif
 
 /* CIntToPy */
-static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
+static CYTHON_INLINE PyObject* __Pyx_PyLong_From_long(long value) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4837,17 +8549,17 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
     const int is_unsigned = neg_one > const_zero;
     if (is_unsigned) {
         if (sizeof(long) < sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
         } else if (sizeof(long) <= sizeof(unsigned long)) {
             return PyLong_FromUnsignedLong((unsigned long) value);
-#ifdef HAVE_LONG_LONG
+#if defined(HAVE_LONG_LONG) && !CYTHON_COMPILING_IN_PYPY
         } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
             return PyLong_FromUnsignedLongLong((unsigned PY_LONG_LONG) value);
 #endif
         }
     } else {
         if (sizeof(long) <= sizeof(long)) {
-            return PyInt_FromLong((long) value);
+            return PyLong_FromLong((long) value);
 #ifdef HAVE_LONG_LONG
         } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
             return PyLong_FromLongLong((PY_LONG_LONG) value);
@@ -4855,15 +8567,48 @@ static CYTHON_INLINE PyObject* __Pyx_PyInt_From_long(long value) {
         }
     }
     {
-        int one = 1; int little = (int)*(unsigned char *)&one;
         unsigned char *bytes = (unsigned char *)&value;
+#if !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d00A4
+        if (is_unsigned) {
+            return PyLong_FromUnsignedNativeBytes(bytes, sizeof(value), -1);
+        } else {
+            return PyLong_FromNativeBytes(bytes, sizeof(value), -1);
+        }
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX < 0x030d0000
+        int one = 1; int little = (int)*(unsigned char *)&one;
         return _PyLong_FromByteArray(bytes, sizeof(long),
                                      little, !is_unsigned);
+#else
+        int one = 1; int little = (int)*(unsigned char *)&one;
+        PyObject *from_bytes, *result = NULL, *kwds = NULL;
+        PyObject *py_bytes = NULL, *order_str = NULL;
+        from_bytes = PyObject_GetAttrString((PyObject*)&PyLong_Type, "from_bytes");
+        if (!from_bytes) return NULL;
+        py_bytes = PyBytes_FromStringAndSize((char*)bytes, sizeof(long));
+        if (!py_bytes) goto limited_bad;
+        order_str = PyUnicode_FromString(little ? "little" : "big");
+        if (!order_str) goto limited_bad;
+        {
+            PyObject *args[3+(CYTHON_VECTORCALL ? 1 : 0)] = { NULL, py_bytes, order_str };
+            if (!is_unsigned) {
+                kwds = __Pyx_MakeVectorcallBuilderKwds(1);
+                if (!kwds) goto limited_bad;
+                if (__Pyx_VectorcallBuilder_AddArgStr("signed", __Pyx_NewRef(Py_True), kwds, args+3, 0) < 0) goto limited_bad;
+            }
+            result = __Pyx_Object_Vectorcall_CallFromBuilder(from_bytes, args+1, 2 | __Pyx_PY_VECTORCALL_ARGUMENTS_OFFSET, kwds);
+        }
+        limited_bad:
+        Py_XDECREF(kwds);
+        Py_XDECREF(order_str);
+        Py_XDECREF(py_bytes);
+        Py_XDECREF(from_bytes);
+        return result;
+#endif
     }
 }
 
 /* CIntFromPy */
-static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
+static CYTHON_INLINE long __Pyx_PyLong_As_long(PyObject *x) {
 #ifdef __Pyx_HAS_GCC_DIAGNOSTIC
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wconversion"
@@ -4873,179 +8618,237 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #pragma GCC diagnostic pop
 #endif
     const int is_unsigned = neg_one > const_zero;
-#if PY_MAJOR_VERSION < 3
-    if (likely(PyInt_Check(x))) {
-        if (sizeof(long) < sizeof(long)) {
-            __PYX_VERIFY_RETURN_INT(long, long, PyInt_AS_LONG(x))
-        } else {
-            long val = PyInt_AS_LONG(x);
-            if (is_unsigned && unlikely(val < 0)) {
-                goto raise_neg_overflow;
-            }
-            return (long) val;
-        }
-    } else
-#endif
-    if (likely(PyLong_Check(x))) {
-        if (is_unsigned) {
+    if (unlikely(!PyLong_Check(x))) {
+        long val;
+        PyObject *tmp = __Pyx_PyNumber_Long(x);
+        if (!tmp) return (long) -1;
+        val = __Pyx_PyLong_As_long(tmp);
+        Py_DECREF(tmp);
+        return val;
+    }
+    if (is_unsigned) {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case  1: __PYX_VERIFY_RETURN_INT(long, digit, digits[0])
+        if (unlikely(__Pyx_PyLong_IsNeg(x))) {
+            goto raise_neg_overflow;
+        } else if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_upylong, __Pyx_PyLong_CompactValueUnsigned(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_DigitCount(x)) {
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 2 * PyLong_SHIFT)) {
                             return (long) (((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 3 * PyLong_SHIFT)) {
                             return (long) (((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) >= 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) >= 4 * PyLong_SHIFT)) {
                             return (long) (((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0]));
                         }
                     }
                     break;
             }
+        }
 #endif
-#if CYTHON_COMPILING_IN_CPYTHON
-            if (unlikely(Py_SIZE(x) < 0)) {
-                goto raise_neg_overflow;
-            }
+#if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX < 0x030C00A7
+        if (unlikely(Py_SIZE(x) < 0)) {
+            goto raise_neg_overflow;
+        }
 #else
-            {
-                int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
-                if (unlikely(result < 0))
-                    return (long) -1;
-                if (unlikely(result == 1))
-                    goto raise_neg_overflow;
-            }
+        {
+            int result = PyObject_RichCompareBool(x, Py_False, Py_LT);
+            if (unlikely(result < 0))
+                return (long) -1;
+            if (unlikely(result == 1))
+                goto raise_neg_overflow;
+        }
 #endif
-            if (sizeof(long) <= sizeof(unsigned long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
+        if ((sizeof(long) <= sizeof(unsigned long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned long, PyLong_AsUnsignedLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(unsigned PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
+        } else if ((sizeof(long) <= sizeof(unsigned PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, unsigned PY_LONG_LONG, PyLong_AsUnsignedLongLong(x))
 #endif
-            }
-        } else {
+        }
+    } else {
 #if CYTHON_USE_PYLONG_INTERNALS
-            const digit* digits = ((PyLongObject*)x)->ob_digit;
-            switch (Py_SIZE(x)) {
-                case  0: return (long) 0;
-                case -1: __PYX_VERIFY_RETURN_INT(long, sdigit, (sdigit) (-(sdigit)digits[0]))
-                case  1: __PYX_VERIFY_RETURN_INT(long,  digit, +digits[0])
+        if (__Pyx_PyLong_IsCompact(x)) {
+            __PYX_VERIFY_RETURN_INT(long, __Pyx_compact_pylong, __Pyx_PyLong_CompactValue(x))
+        } else {
+            const digit* digits = __Pyx_PyLong_Digits(x);
+            assert(__Pyx_PyLong_DigitCount(x) > 1);
+            switch (__Pyx_PyLong_SignedDigitCount(x)) {
                 case -2:
-                    if (8 * sizeof(long) - 1 > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 2:
-                    if (8 * sizeof(long) > 1 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 2 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 1 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 2 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
                             return (long) ((((((long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -3:
-                    if (8 * sizeof(long) - 1 > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 3:
-                    if (8 * sizeof(long) > 2 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 3 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 2 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 3 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
                             return (long) ((((((((long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case -4:
-                    if (8 * sizeof(long) - 1 > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) - 1 > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, long, -(long) (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) (((long)-1)*(((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
                 case 4:
-                    if (8 * sizeof(long) > 3 * PyLong_SHIFT) {
-                        if (8 * sizeof(unsigned long) > 4 * PyLong_SHIFT) {
+                    if ((8 * sizeof(long) > 3 * PyLong_SHIFT)) {
+                        if ((8 * sizeof(unsigned long) > 4 * PyLong_SHIFT)) {
                             __PYX_VERIFY_RETURN_INT(long, unsigned long, (((((((((unsigned long)digits[3]) << PyLong_SHIFT) | (unsigned long)digits[2]) << PyLong_SHIFT) | (unsigned long)digits[1]) << PyLong_SHIFT) | (unsigned long)digits[0])))
-                        } else if (8 * sizeof(long) - 1 > 4 * PyLong_SHIFT) {
+                        } else if ((8 * sizeof(long) - 1 > 4 * PyLong_SHIFT)) {
                             return (long) ((((((((((long)digits[3]) << PyLong_SHIFT) | (long)digits[2]) << PyLong_SHIFT) | (long)digits[1]) << PyLong_SHIFT) | (long)digits[0])));
                         }
                     }
                     break;
             }
+        }
 #endif
-            if (sizeof(long) <= sizeof(long)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
+        if ((sizeof(long) <= sizeof(long))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, long, PyLong_AsLong(x))
 #ifdef HAVE_LONG_LONG
-            } else if (sizeof(long) <= sizeof(PY_LONG_LONG)) {
-                __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
+        } else if ((sizeof(long) <= sizeof(PY_LONG_LONG))) {
+            __PYX_VERIFY_RETURN_INT_EXC(long, PY_LONG_LONG, PyLong_AsLongLong(x))
 #endif
-            }
+        }
+    }
+    {
+        long val;
+        int ret = -1;
+#if PY_VERSION_HEX >= 0x030d00A6 && !CYTHON_COMPILING_IN_LIMITED_API
+        Py_ssize_t bytes_copied = PyLong_AsNativeBytes(
+            x, &val, sizeof(val), Py_ASNATIVEBYTES_NATIVE_ENDIAN | (is_unsigned ? Py_ASNATIVEBYTES_UNSIGNED_BUFFER | Py_ASNATIVEBYTES_REJECT_NEGATIVE : 0));
+        if (unlikely(bytes_copied == -1)) {
+        } else if (unlikely(bytes_copied > (Py_ssize_t) sizeof(val))) {
+            goto raise_overflow;
+        } else {
+            ret = 0;
+        }
+#elif PY_VERSION_HEX < 0x030d0000 && !(CYTHON_COMPILING_IN_PYPY || CYTHON_COMPILING_IN_LIMITED_API) || defined(_PyLong_AsByteArray)
+        int one = 1; int is_little = (int)*(unsigned char *)&one;
+        unsigned char *bytes = (unsigned char *)&val;
+        ret = _PyLong_AsByteArray((PyLongObject *)x,
+                                    bytes, sizeof(val),
+                                    is_little, !is_unsigned);
+#else
+        PyObject *v;
+        PyObject *stepval = NULL, *mask = NULL, *shift = NULL;
+        int bits, remaining_bits, is_negative = 0;
+        int chunk_size = (sizeof(long) < 8) ? 30 : 62;
+        if (likely(PyLong_CheckExact(x))) {
+            v = __Pyx_NewRef(x);
+        } else {
+            v = PyNumber_Long(x);
+            if (unlikely(!v)) return (long) -1;
+            assert(PyLong_CheckExact(v));
         }
         {
-#if CYTHON_COMPILING_IN_PYPY && !defined(_PyLong_AsByteArray)
-            PyErr_SetString(PyExc_RuntimeError,
-                            "_PyLong_AsByteArray() not available in PyPy, cannot convert large numbers");
-#else
-            long val;
-            PyObject *v = __Pyx_PyNumber_IntOrLong(x);
- #if PY_MAJOR_VERSION < 3
-            if (likely(v) && !PyLong_Check(v)) {
-                PyObject *tmp = v;
-                v = PyNumber_Long(tmp);
-                Py_DECREF(tmp);
-            }
- #endif
-            if (likely(v)) {
-                int one = 1; int is_little = (int)*(unsigned char *)&one;
-                unsigned char *bytes = (unsigned char *)&val;
-                int ret = _PyLong_AsByteArray((PyLongObject *)v,
-                                              bytes, sizeof(val),
-                                              is_little, !is_unsigned);
+            int result = PyObject_RichCompareBool(v, Py_False, Py_LT);
+            if (unlikely(result < 0)) {
                 Py_DECREF(v);
-                if (likely(!ret))
-                    return val;
+                return (long) -1;
             }
+            is_negative = result == 1;
+        }
+        if (is_unsigned && unlikely(is_negative)) {
+            Py_DECREF(v);
+            goto raise_neg_overflow;
+        } else if (is_negative) {
+            stepval = PyNumber_Invert(v);
+            Py_DECREF(v);
+            if (unlikely(!stepval))
+                return (long) -1;
+        } else {
+            stepval = v;
+        }
+        v = NULL;
+        val = (long) 0;
+        mask = PyLong_FromLong((1L << chunk_size) - 1); if (unlikely(!mask)) goto done;
+        shift = PyLong_FromLong(chunk_size); if (unlikely(!shift)) goto done;
+        for (bits = 0; bits < (int) sizeof(long) * 8 - chunk_size; bits += chunk_size) {
+            PyObject *tmp, *digit;
+            long idigit;
+            digit = PyNumber_And(stepval, mask);
+            if (unlikely(!digit)) goto done;
+            idigit = PyLong_AsLong(digit);
+            Py_DECREF(digit);
+            if (unlikely(idigit < 0)) goto done;
+            val |= ((long) idigit) << bits;
+            tmp = PyNumber_Rshift(stepval, shift);
+            if (unlikely(!tmp)) goto done;
+            Py_DECREF(stepval); stepval = tmp;
+        }
+        Py_DECREF(shift); shift = NULL;
+        Py_DECREF(mask); mask = NULL;
+        {
+            long idigit = PyLong_AsLong(stepval);
+            if (unlikely(idigit < 0)) goto done;
+            remaining_bits = ((int) sizeof(long) * 8) - bits - (is_unsigned ? 0 : 1);
+            if (unlikely(idigit >= (1L << remaining_bits)))
+                goto raise_overflow;
+            val |= ((long) idigit) << bits;
+        }
+        if (!is_unsigned) {
+            if (unlikely(val & (((long) 1) << (sizeof(long) * 8 - 1))))
+                goto raise_overflow;
+            if (is_negative)
+                val = ~val;
+        }
+        ret = 0;
+    done:
+        Py_XDECREF(shift);
+        Py_XDECREF(mask);
+        Py_XDECREF(stepval);
 #endif
+        if (unlikely(ret))
             return (long) -1;
-        }
-    } else {
-        long val;
-        PyObject *tmp = __Pyx_PyNumber_IntOrLong(x);
-        if (!tmp) return (long) -1;
-        val = __Pyx_PyInt_As_long(tmp);
-        Py_DECREF(tmp);
         return val;
     }
 raise_overflow:
@@ -5062,7 +8865,7 @@ static CYTHON_INLINE long __Pyx_PyInt_As_long(PyObject *x) {
 #if CYTHON_COMPILING_IN_CPYTHON
 static int __Pyx_InBases(PyTypeObject *a, PyTypeObject *b) {
     while (a) {
-        a = a->tp_base;
+        a = __Pyx_PyType_GetSlot(a, tp_base, PyTypeObject*);
         if (a == b)
             return 1;
     }
@@ -5083,51 +8886,38 @@ static CYTHON_INLINE int __Pyx_IsSubtype(PyTypeObject *a, PyTypeObject *b) {
     }
     return __Pyx_InBases(a, b);
 }
-#if PY_MAJOR_VERSION == 2
-static int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject* exc_type2) {
-    PyObject *exception, *value, *tb;
-    int res;
-    __Pyx_PyThreadState_declare
-    __Pyx_PyThreadState_assign
-    __Pyx_ErrFetch(&exception, &value, &tb);
-    res = exc_type1 ? PyObject_IsSubclass(err, exc_type1) : 0;
-    if (unlikely(res == -1)) {
-        PyErr_WriteUnraisable(err);
-        res = 0;
-    }
-    if (!res) {
-        res = PyObject_IsSubclass(err, exc_type2);
-        if (unlikely(res == -1)) {
-            PyErr_WriteUnraisable(err);
-            res = 0;
+static CYTHON_INLINE int __Pyx_IsAnySubtype2(PyTypeObject *cls, PyTypeObject *a, PyTypeObject *b) {
+    PyObject *mro;
+    if (cls == a || cls == b) return 1;
+    mro = cls->tp_mro;
+    if (likely(mro)) {
+        Py_ssize_t i, n;
+        n = PyTuple_GET_SIZE(mro);
+        for (i = 0; i < n; i++) {
+            PyObject *base = PyTuple_GET_ITEM(mro, i);
+            if (base == (PyObject *)a || base == (PyObject *)b)
+                return 1;
         }
+        return 0;
     }
-    __Pyx_ErrRestore(exception, value, tb);
-    return res;
+    return __Pyx_InBases(cls, a) || __Pyx_InBases(cls, b);
 }
-#else
 static CYTHON_INLINE int __Pyx_inner_PyErr_GivenExceptionMatches2(PyObject *err, PyObject* exc_type1, PyObject *exc_type2) {
-    int res = exc_type1 ? __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type1) : 0;
-    if (!res) {
-        res = __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
+    if (exc_type1) {
+        return __Pyx_IsAnySubtype2((PyTypeObject*)err, (PyTypeObject*)exc_type1, (PyTypeObject*)exc_type2);
+    } else {
+        return __Pyx_IsSubtype((PyTypeObject*)err, (PyTypeObject*)exc_type2);
     }
-    return res;
 }
-#endif
 static int __Pyx_PyErr_GivenExceptionMatchesTuple(PyObject *exc_type, PyObject *tuple) {
     Py_ssize_t i, n;
     assert(PyExceptionClass_Check(exc_type));
     n = PyTuple_GET_SIZE(tuple);
-#if PY_MAJOR_VERSION >= 3
     for (i=0; i<n; i++) {
         if (exc_type == PyTuple_GET_ITEM(tuple, i)) return 1;
     }
-#endif
     for (i=0; i<n; i++) {
         PyObject *t = PyTuple_GET_ITEM(tuple, i);
-        #if PY_MAJOR_VERSION < 3
-        if (likely(exc_type == t)) return 1;
-        #endif
         if (likely(PyExceptionClass_Check(t))) {
             if (__Pyx_inner_PyErr_GivenExceptionMatches2(exc_type, NULL, t)) return 1;
         } else {
@@ -5158,42 +8948,57 @@ static CYTHON_INLINE int __Pyx_PyErr_GivenExceptionMatches2(PyObject *err, PyObj
 }
 #endif
 
-/* CheckBinaryVersion */
-static int __Pyx_check_binary_version(void) {
-    char ctversion[5];
-    int same=1, i, found_dot;
-    const char* rt_from_call = Py_GetVersion();
-    PyOS_snprintf(ctversion, 5, "%d.%d", PY_MAJOR_VERSION, PY_MINOR_VERSION);
-    found_dot = 0;
-    for (i = 0; i < 4; i++) {
-        if (!ctversion[i]) {
-            same = (rt_from_call[i] < '0' || rt_from_call[i] > '9');
-            break;
-        }
-        if (rt_from_call[i] != ctversion[i]) {
-            same = 0;
-            break;
+/* GetRuntimeVersion */
+static unsigned long __Pyx_get_runtime_version(void) {
+#if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+    return Py_Version & ~0xFFUL;
+#else
+    static unsigned long __Pyx_cached_runtime_version = 0;
+    if (__Pyx_cached_runtime_version == 0) {
+        const char* rt_version = Py_GetVersion();
+        unsigned long version = 0;
+        unsigned long factor = 0x01000000UL;
+        unsigned int digit = 0;
+        int i = 0;
+        while (factor) {
+            while ('0' <= rt_version[i] && rt_version[i] <= '9') {
+                digit = digit * 10 + (unsigned int) (rt_version[i] - '0');
+                ++i;
+            }
+            version += factor * digit;
+            if (rt_version[i] != '.')
+                break;
+            digit = 0;
+            factor >>= 8;
+            ++i;
         }
+        __Pyx_cached_runtime_version = version;
     }
-    if (!same) {
-        char rtversion[5] = {'\0'};
+    return __Pyx_cached_runtime_version;
+#endif
+}
+
+/* CheckBinaryVersion */
+static int __Pyx_check_binary_version(unsigned long ct_version, unsigned long rt_version, int allow_newer) {
+    const unsigned long MAJOR_MINOR = 0xFFFF0000UL;
+    if ((rt_version & MAJOR_MINOR) == (ct_version & MAJOR_MINOR))
+        return 0;
+    if (likely(allow_newer && (rt_version & MAJOR_MINOR) > (ct_version & MAJOR_MINOR)))
+        return 1;
+    {
         char message[200];
-        for (i=0; i<4; ++i) {
-            if (rt_from_call[i] == '.') {
-                if (found_dot) break;
-                found_dot = 1;
-            } else if (rt_from_call[i] < '0' || rt_from_call[i] > '9') {
-                break;
-            }
-            rtversion[i] = rt_from_call[i];
-        }
         PyOS_snprintf(message, sizeof(message),
-                      "compiletime version %s of module '%.100s' "
-                      "does not match runtime version %s",
-                      ctversion, __Pyx_MODULE_NAME, rtversion);
+                      "compile time Python version %d.%d "
+                      "of module '%.100s' "
+                      "%s "
+                      "runtime version %d.%d",
+                       (int) (ct_version >> 24), (int) ((ct_version >> 16) & 0xFF),
+                       __Pyx_MODULE_NAME,
+                       (allow_newer) ? "was newer than" : "does not match",
+                       (int) (rt_version >> 24), (int) ((rt_version >> 16) & 0xFF)
+       );
         return PyErr_WarnEx(NULL, message, 1);
     }
-    return 0;
 }
 
 /* FunctionExport */
@@ -5204,22 +9009,18 @@ static int __Pyx_ExportFunction(const char *name, void (*f)(void), const char *s
         void (*fp)(void);
         void *p;
     } tmp;
-    d = PyObject_GetAttrString(__pyx_m, (char *)"__pyx_capi__");
+    d = PyObject_GetAttrString(__pyx_m, "__pyx_capi__");
     if (!d) {
         PyErr_Clear();
         d = PyDict_New();
         if (!d)
             goto bad;
         Py_INCREF(d);
-        if (PyModule_AddObject(__pyx_m, (char *)"__pyx_capi__", d) < 0)
+        if (PyModule_AddObject(__pyx_m, "__pyx_capi__", d) < 0)
             goto bad;
     }
     tmp.fp = f;
-#if PY_VERSION_HEX >= 0x02070000
     cobj = PyCapsule_New(tmp.p, sig, 0);
-#else
-    cobj = PyCObject_FromVoidPtrAndDesc(tmp.p, (void *)sig, 0);
-#endif
     if (!cobj)
         goto bad;
     if (PyDict_SetItemString(d, name, cobj) < 0)
@@ -5233,71 +9034,220 @@ static int __Pyx_ExportFunction(const char *name, void (*f)(void), const char *s
     return -1;
 }
 
-/* InitStrings */
-static int __Pyx_InitStrings(__Pyx_StringTabEntry *t) {
-    while (t->p) {
-        #if PY_MAJOR_VERSION < 3
-        if (t->is_unicode) {
-            *t->p = PyUnicode_DecodeUTF8(t->s, t->n - 1, NULL);
-        } else if (t->intern) {
-            *t->p = PyString_InternFromString(t->s);
+/* NewCodeObj */
+#if CYTHON_COMPILING_IN_LIMITED_API
+    static PyObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                       PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                       PyObject *fv, PyObject *cell, PyObject* fn,
+                                       PyObject *name, int fline, PyObject *lnos) {
+        PyObject *exception_table = NULL;
+        PyObject *types_module=NULL, *code_type=NULL, *result=NULL;
+        #if __PYX_LIMITED_VERSION_HEX < 0x030b0000
+        PyObject *version_info;
+        PyObject *py_minor_version = NULL;
+        #endif
+        long minor_version = 0;
+        PyObject *type, *value, *traceback;
+        PyErr_Fetch(&type, &value, &traceback);
+        #if __PYX_LIMITED_VERSION_HEX >= 0x030b0000
+        minor_version = 11;
+        #else
+        if (!(version_info = PySys_GetObject("version_info"))) goto end;
+        if (!(py_minor_version = PySequence_GetItem(version_info, 1))) goto end;
+        minor_version = PyLong_AsLong(py_minor_version);
+        Py_DECREF(py_minor_version);
+        if (minor_version == -1 && PyErr_Occurred()) goto end;
+        #endif
+        if (!(types_module = PyImport_ImportModule("types"))) goto end;
+        if (!(code_type = PyObject_GetAttrString(types_module, "CodeType"))) goto end;
+        if (minor_version <= 7) {
+            (void)p;
+            result = PyObject_CallFunction(code_type, "iiiiiOOOOOOiOOO", a, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
+        } else if (minor_version <= 10) {
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOiOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, fline, lnos, fv, cell);
         } else {
-            *t->p = PyString_FromStringAndSize(t->s, t->n - 1);
+            if (!(exception_table = PyBytes_FromStringAndSize(NULL, 0))) goto end;
+            result = PyObject_CallFunction(code_type, "iiiiiiOOOOOOOiOOOO", a,p, k, l, s, f, code,
+                          c, n, v, fn, name, name, fline, lnos, exception_table, fv, cell);
         }
-        #else
-        if (t->is_unicode | t->is_str) {
+    end:
+        Py_XDECREF(code_type);
+        Py_XDECREF(exception_table);
+        Py_XDECREF(types_module);
+        if (type) {
+            PyErr_Restore(type, value, traceback);
+        }
+        return result;
+    }
+#elif PY_VERSION_HEX >= 0x030B0000
+  static PyCodeObject* __Pyx__PyCode_New(int a, int p, int k, int l, int s, int f,
+                                         PyObject *code, PyObject *c, PyObject* n, PyObject *v,
+                                         PyObject *fv, PyObject *cell, PyObject* fn,
+                                         PyObject *name, int fline, PyObject *lnos) {
+    PyCodeObject *result;
+    result =
+      #if PY_VERSION_HEX >= 0x030C0000
+        PyUnstable_Code_NewWithPosOnlyArgs
+      #else
+        PyCode_NewWithPosOnlyArgs
+      #endif
+        (a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, name, fline, lnos, __pyx_mstate_global->__pyx_empty_bytes);
+    #if CYTHON_COMPILING_IN_CPYTHON && PY_VERSION_HEX >= 0x030c00A1
+    if (likely(result))
+        result->_co_firsttraceable = 0;
+    #endif
+    return result;
+  }
+#elif PY_VERSION_HEX >= 0x030800B2 && !CYTHON_COMPILING_IN_PYPY
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_NewWithPosOnlyArgs(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#else
+  #define __Pyx__PyCode_New(a, p, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)\
+          PyCode_New(a, k, l, s, f, code, c, n, v, fv, cell, fn, name, fline, lnos)
+#endif
+static PyObject* __Pyx_PyCode_New(
+        const __Pyx_PyCode_New_function_description descr,
+        PyObject * const *varnames,
+        PyObject *filename,
+        PyObject *funcname,
+        const char *line_table,
+        PyObject *tuple_dedup_map
+) {
+    PyObject *code_obj = NULL, *varnames_tuple_dedup = NULL, *code_bytes = NULL, *line_table_bytes = NULL;
+    Py_ssize_t var_count = (Py_ssize_t) descr.nlocals;
+    PyObject *varnames_tuple = PyTuple_New(var_count);
+    if (unlikely(!varnames_tuple)) return NULL;
+    for (Py_ssize_t i=0; i < var_count; i++) {
+        Py_INCREF(varnames[i]);
+        if (__Pyx_PyTuple_SET_ITEM(varnames_tuple, i, varnames[i]) != (0)) goto done;
+    }
+    #if CYTHON_COMPILING_IN_LIMITED_API
+    varnames_tuple_dedup = PyDict_GetItem(tuple_dedup_map, varnames_tuple);
+    if (!varnames_tuple_dedup) {
+        if (unlikely(PyDict_SetItem(tuple_dedup_map, varnames_tuple, varnames_tuple) < 0)) goto done;
+        varnames_tuple_dedup = varnames_tuple;
+    }
+    #else
+    varnames_tuple_dedup = PyDict_SetDefault(tuple_dedup_map, varnames_tuple, varnames_tuple);
+    if (unlikely(!varnames_tuple_dedup)) goto done;
+    #endif
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_INCREF(varnames_tuple_dedup);
+    #endif
+    if (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table != NULL
+        && !CYTHON_COMPILING_IN_GRAAL) {
+        line_table_bytes = PyBytes_FromStringAndSize(line_table, descr.line_table_length);
+        if (unlikely(!line_table_bytes)) goto done;
+        Py_ssize_t code_len = (descr.line_table_length * 2 + 4) & ~3;
+        code_bytes = PyBytes_FromStringAndSize(NULL, code_len);
+        if (unlikely(!code_bytes)) goto done;
+        char* c_code_bytes = PyBytes_AsString(code_bytes);
+        if (unlikely(!c_code_bytes)) goto done;
+        memset(c_code_bytes, 0, (size_t) code_len);
+    }
+    code_obj = (PyObject*) __Pyx__PyCode_New(
+        (int) descr.argcount,
+        (int) descr.num_posonly_args,
+        (int) descr.num_kwonly_args,
+        (int) descr.nlocals,
+        0,
+        (int) descr.flags,
+        code_bytes ? code_bytes : __pyx_mstate_global->__pyx_empty_bytes,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        varnames_tuple_dedup,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        __pyx_mstate_global->__pyx_empty_tuple,
+        filename,
+        funcname,
+        (int) descr.first_line,
+        (__PYX_LIMITED_VERSION_HEX >= (0x030b0000) && line_table_bytes) ? line_table_bytes : __pyx_mstate_global->__pyx_empty_bytes
+    );
+done:
+    Py_XDECREF(code_bytes);
+    Py_XDECREF(line_table_bytes);
+    #if CYTHON_AVOID_BORROWED_REFS
+    Py_XDECREF(varnames_tuple_dedup);
+    #endif
+    Py_DECREF(varnames_tuple);
+    return code_obj;
+}
+
+/* InitStrings */
+static int __Pyx_InitStrings(__Pyx_StringTabEntry const *t, PyObject **target, const char* const* encoding_names) {
+    while (t->s) {
+        PyObject *str;
+        if (t->is_unicode) {
             if (t->intern) {
-                *t->p = PyUnicode_InternFromString(t->s);
+                str = PyUnicode_InternFromString(t->s);
             } else if (t->encoding) {
-                *t->p = PyUnicode_Decode(t->s, t->n - 1, t->encoding, NULL);
+                str = PyUnicode_Decode(t->s, t->n - 1, encoding_names[t->encoding], NULL);
             } else {
-                *t->p = PyUnicode_FromStringAndSize(t->s, t->n - 1);
+                str = PyUnicode_FromStringAndSize(t->s, t->n - 1);
             }
         } else {
-            *t->p = PyBytes_FromStringAndSize(t->s, t->n - 1);
+            str = PyBytes_FromStringAndSize(t->s, t->n - 1);
         }
-        #endif
-        if (!*t->p)
+        if (!str)
             return -1;
-        if (PyObject_Hash(*t->p) == -1)
+        *target = str;
+        if (PyObject_Hash(str) == -1)
             return -1;
         ++t;
+        ++target;
     }
     return 0;
 }
 
+#include <string.h>
+static CYTHON_INLINE Py_ssize_t __Pyx_ssize_strlen(const char *s) {
+    size_t len = strlen(s);
+    if (unlikely(len > (size_t) PY_SSIZE_T_MAX)) {
+        PyErr_SetString(PyExc_OverflowError, "byte string is too long");
+        return -1;
+    }
+    return (Py_ssize_t) len;
+}
 static CYTHON_INLINE PyObject* __Pyx_PyUnicode_FromString(const char* c_str) {
-    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return __Pyx_PyUnicode_FromStringAndSize(c_str, len);
+}
+static CYTHON_INLINE PyObject* __Pyx_PyByteArray_FromString(const char* c_str) {
+    Py_ssize_t len = __Pyx_ssize_strlen(c_str);
+    if (unlikely(len < 0)) return NULL;
+    return PyByteArray_FromStringAndSize(c_str, len);
 }
 static CYTHON_INLINE const char* __Pyx_PyObject_AsString(PyObject* o) {
     Py_ssize_t ignore;
     return __Pyx_PyObject_AsStringAndSize(o, &ignore);
 }
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-#if !CYTHON_PEP393_ENABLED
-static const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    char* defenc_c;
-    PyObject* defenc = _PyUnicode_AsDefaultEncodedString(o, NULL);
-    if (!defenc) return NULL;
-    defenc_c = PyBytes_AS_STRING(defenc);
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
+    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
+#if CYTHON_COMPILING_IN_LIMITED_API
     {
-        char* end = defenc_c + PyBytes_GET_SIZE(defenc);
-        char* c;
-        for (c = defenc_c; c < end; c++) {
-            if ((unsigned char) (*c) >= 128) {
-                PyUnicode_AsASCIIString(o);
-                return NULL;
-            }
+        const char* result;
+        Py_ssize_t unicode_length;
+        CYTHON_MAYBE_UNUSED_VAR(unicode_length); // only for __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        #if __PYX_LIMITED_VERSION_HEX < 0x030A0000
+        if (unlikely(PyArg_Parse(o, "s#", &result, length) < 0)) return NULL;
+        #else
+        result = PyUnicode_AsUTF8AndSize(o, length);
+        #endif
+        #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
+        unicode_length = PyUnicode_GetLength(o);
+        if (unlikely(unicode_length < 0)) return NULL;
+        if (unlikely(unicode_length != *length)) {
+            PyUnicode_AsASCIIString(o);
+            return NULL;
         }
+        #endif
+        return result;
     }
-#endif
-    *length = PyBytes_GET_SIZE(defenc);
-    return defenc_c;
-}
 #else
-static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-    if (unlikely(__Pyx_PyUnicode_READY(o) == -1)) return NULL;
 #if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
     if (likely(PyUnicode_IS_ASCII(o))) {
         *length = PyUnicode_GET_LENGTH(o);
@@ -5309,25 +9259,25 @@ static CYTHON_INLINE const char* __Pyx_PyUnicode_AsStringAndSize(PyObject* o, Py
 #else
     return PyUnicode_AsUTF8AndSize(o, length);
 #endif
-}
 #endif
+}
 #endif
 static CYTHON_INLINE const char* __Pyx_PyObject_AsStringAndSize(PyObject* o, Py_ssize_t *length) {
-#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_DEFAULT
-    if (
-#if PY_MAJOR_VERSION < 3 && __PYX_DEFAULT_STRING_ENCODING_IS_ASCII
-            __Pyx_sys_getdefaultencoding_not_ascii &&
-#endif
-            PyUnicode_Check(o)) {
+#if __PYX_DEFAULT_STRING_ENCODING_IS_ASCII || __PYX_DEFAULT_STRING_ENCODING_IS_UTF8
+    if (PyUnicode_Check(o)) {
         return __Pyx_PyUnicode_AsStringAndSize(o, length);
     } else
 #endif
-#if (!CYTHON_COMPILING_IN_PYPY) || (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE))
     if (PyByteArray_Check(o)) {
+#if (CYTHON_ASSUME_SAFE_SIZE && CYTHON_ASSUME_SAFE_MACROS) || (CYTHON_COMPILING_IN_PYPY && (defined(PyByteArray_AS_STRING) && defined(PyByteArray_GET_SIZE)))
         *length = PyByteArray_GET_SIZE(o);
         return PyByteArray_AS_STRING(o);
-    } else
+#else
+        *length = PyByteArray_Size(o);
+        if (*length == -1) return NULL;
+        return PyByteArray_AsString(o);
 #endif
+    } else
     {
         char* result;
         int r = PyBytes_AsStringAndSize(o, &result, length);
@@ -5350,95 +9300,66 @@ static CYTHON_INLINE int __Pyx_PyObject_IsTrueAndDecref(PyObject* x) {
     Py_DECREF(x);
     return retval;
 }
-static PyObject* __Pyx_PyNumber_IntOrLongWrongResultType(PyObject* result, const char* type_name) {
-#if PY_MAJOR_VERSION >= 3
+static PyObject* __Pyx_PyNumber_LongWrongResultType(PyObject* result) {
+    __Pyx_TypeName result_type_name = __Pyx_PyType_GetFullyQualifiedName(Py_TYPE(result));
     if (PyLong_Check(result)) {
         if (PyErr_WarnFormat(PyExc_DeprecationWarning, 1,
-                "__int__ returned non-int (type %.200s).  "
-                "The ability to return an instance of a strict subclass of int "
-                "is deprecated, and may be removed in a future version of Python.",
-                Py_TYPE(result)->tp_name)) {
+                "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ").  "
+                "The ability to return an instance of a strict subclass of int is deprecated, "
+                "and may be removed in a future version of Python.",
+                result_type_name)) {
+            __Pyx_DECREF_TypeName(result_type_name);
             Py_DECREF(result);
             return NULL;
         }
+        __Pyx_DECREF_TypeName(result_type_name);
         return result;
     }
-#endif
     PyErr_Format(PyExc_TypeError,
-                 "__%.4s__ returned non-%.4s (type %.200s)",
-                 type_name, type_name, Py_TYPE(result)->tp_name);
+                 "__int__ returned non-int (type " __Pyx_FMT_TYPENAME ")",
+                 result_type_name);
+    __Pyx_DECREF_TypeName(result_type_name);
     Py_DECREF(result);
     return NULL;
 }
-static CYTHON_INLINE PyObject* __Pyx_PyNumber_IntOrLong(PyObject* x) {
+static CYTHON_INLINE PyObject* __Pyx_PyNumber_Long(PyObject* x) {
 #if CYTHON_USE_TYPE_SLOTS
   PyNumberMethods *m;
 #endif
-  const char *name = NULL;
   PyObject *res = NULL;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_Check(x) || PyLong_Check(x)))
-#else
   if (likely(PyLong_Check(x)))
-#endif
-    return __Pyx_NewRef(x);
+      return __Pyx_NewRef(x);
 #if CYTHON_USE_TYPE_SLOTS
   m = Py_TYPE(x)->tp_as_number;
-  #if PY_MAJOR_VERSION < 3
-  if (m && m->nb_int) {
-    name = "int";
-    res = m->nb_int(x);
-  }
-  else if (m && m->nb_long) {
-    name = "long";
-    res = m->nb_long(x);
-  }
-  #else
   if (likely(m && m->nb_int)) {
-    name = "int";
-    res = m->nb_int(x);
+      res = m->nb_int(x);
   }
-  #endif
 #else
   if (!PyBytes_CheckExact(x) && !PyUnicode_CheckExact(x)) {
-    res = PyNumber_Int(x);
+      res = PyNumber_Long(x);
   }
 #endif
   if (likely(res)) {
-#if PY_MAJOR_VERSION < 3
-    if (unlikely(!PyInt_Check(res) && !PyLong_Check(res))) {
-#else
-    if (unlikely(!PyLong_CheckExact(res))) {
-#endif
-        return __Pyx_PyNumber_IntOrLongWrongResultType(res, name);
-    }
+      if (unlikely(!PyLong_CheckExact(res))) {
+          return __Pyx_PyNumber_LongWrongResultType(res);
+      }
   }
   else if (!PyErr_Occurred()) {
-    PyErr_SetString(PyExc_TypeError,
-                    "an integer is required");
+      PyErr_SetString(PyExc_TypeError,
+                      "an integer is required");
   }
   return res;
 }
 static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   Py_ssize_t ival;
   PyObject *x;
-#if PY_MAJOR_VERSION < 3
-  if (likely(PyInt_CheckExact(b))) {
-    if (sizeof(Py_ssize_t) >= sizeof(long))
-        return PyInt_AS_LONG(b);
-    else
-        return PyInt_AsSsize_t(b);
-  }
-#endif
   if (likely(PyLong_CheckExact(b))) {
     #if CYTHON_USE_PYLONG_INTERNALS
-    const digit* digits = ((PyLongObject*)b)->ob_digit;
-    const Py_ssize_t size = Py_SIZE(b);
-    if (likely(__Pyx_sst_abs(size) <= 1)) {
-        ival = likely(size) ? digits[0] : 0;
-        if (size == -1) ival = -ival;
-        return ival;
+    if (likely(__Pyx_PyLong_IsCompact(b))) {
+        return __Pyx_PyLong_CompactValue(b);
     } else {
+      const digit* digits = __Pyx_PyLong_Digits(b);
+      const Py_ssize_t size = __Pyx_PyLong_SignedDigitCount(b);
       switch (size) {
          case 2:
            if (8 * sizeof(Py_ssize_t) > 2 * PyLong_SHIFT) {
@@ -5477,33 +9398,356 @@ static CYTHON_INLINE Py_ssize_t __Pyx_PyIndex_AsSsize_t(PyObject* b) {
   }
   x = PyNumber_Index(b);
   if (!x) return -1;
-  ival = PyInt_AsSsize_t(x);
+  ival = PyLong_AsSsize_t(x);
   Py_DECREF(x);
   return ival;
 }
 static CYTHON_INLINE Py_hash_t __Pyx_PyIndex_AsHash_t(PyObject* o) {
   if (sizeof(Py_hash_t) == sizeof(Py_ssize_t)) {
     return (Py_hash_t) __Pyx_PyIndex_AsSsize_t(o);
-#if PY_MAJOR_VERSION < 3
-  } else if (likely(PyInt_CheckExact(o))) {
-    return PyInt_AS_LONG(o);
-#endif
   } else {
     Py_ssize_t ival;
     PyObject *x;
     x = PyNumber_Index(o);
     if (!x) return -1;
-    ival = PyInt_AsLong(x);
+    ival = PyLong_AsLong(x);
     Py_DECREF(x);
     return ival;
   }
 }
+static CYTHON_INLINE PyObject *__Pyx_Owned_Py_None(int b) {
+    CYTHON_UNUSED_VAR(b);
+    return __Pyx_NewRef(Py_None);
+}
 static CYTHON_INLINE PyObject * __Pyx_PyBool_FromLong(long b) {
   return b ? __Pyx_NewRef(Py_True) : __Pyx_NewRef(Py_False);
 }
-static CYTHON_INLINE PyObject * __Pyx_PyInt_FromSize_t(size_t ival) {
-    return PyInt_FromSize_t(ival);
+static CYTHON_INLINE PyObject * __Pyx_PyLong_FromSize_t(size_t ival) {
+    return PyLong_FromSize_t(ival);
+}
+
+
+/* MultiPhaseInitModuleState */
+#if CYTHON_PEP489_MULTI_PHASE_INIT && CYTHON_USE_MODULE_STATE
+#ifndef CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#if (CYTHON_COMPILING_IN_LIMITED_API || PY_VERSION_HEX >= 0x030C0000)
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 1
+#else
+  #define CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE 0
+#endif
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE && !CYTHON_ATOMICS
+#error "Module state with PEP489 requires atomics. Currently that's one of\
+ C11, C++11, gcc atomic intrinsics or MSVC atomic intrinsics"
+#endif
+#if !CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+#define __Pyx_ModuleStateLookup_Lock()
+#define __Pyx_ModuleStateLookup_Unlock()
+#elif !CYTHON_COMPILING_IN_LIMITED_API && PY_VERSION_HEX >= 0x030d0000
+static PyMutex __Pyx_ModuleStateLookup_mutex = {0};
+#define __Pyx_ModuleStateLookup_Lock() PyMutex_Lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() PyMutex_Unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+#include <mutex>
+static std::mutex __Pyx_ModuleStateLookup_mutex;
+#define __Pyx_ModuleStateLookup_Lock() __Pyx_ModuleStateLookup_mutex.lock()
+#define __Pyx_ModuleStateLookup_Unlock() __Pyx_ModuleStateLookup_mutex.unlock()
+#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ > 201112L) && !defined(__STDC_NO_THREADS__)
+#include <threads.h>
+static mtx_t __Pyx_ModuleStateLookup_mutex;
+static once_flag __Pyx_ModuleStateLookup_mutex_once_flag = ONCE_FLAG_INIT;
+static void __Pyx_ModuleStateLookup_initialize_mutex(void) {
+    mtx_init(&__Pyx_ModuleStateLookup_mutex, mtx_plain);
+}
+#define __Pyx_ModuleStateLookup_Lock()\
+  call_once(&__Pyx_ModuleStateLookup_mutex_once_flag, __Pyx_ModuleStateLookup_initialize_mutex);\
+  mtx_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() mtx_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+static pthread_mutex_t __Pyx_ModuleStateLookup_mutex = PTHREAD_MUTEX_INITIALIZER;
+#define __Pyx_ModuleStateLookup_Lock() pthread_mutex_lock(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() pthread_mutex_unlock(&__Pyx_ModuleStateLookup_mutex)
+#elif defined(_WIN32)
+#include <Windows.h>  // synchapi.h on its own doesn't work
+static SRWLOCK __Pyx_ModuleStateLookup_mutex = SRWLOCK_INIT;
+#define __Pyx_ModuleStateLookup_Lock() AcquireSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#define __Pyx_ModuleStateLookup_Unlock() ReleaseSRWLockExclusive(&__Pyx_ModuleStateLookup_mutex)
+#else
+#error "No suitable lock available for CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE.\
+ Requires C standard >= C11, or C++ standard >= C++11,\
+ or pthreads, or the Windows 32 API, or Python >= 3.13."
+#endif
+typedef struct {
+    int64_t id;
+    PyObject *module;
+} __Pyx_InterpreterIdAndModule;
+typedef struct {
+    char interpreter_id_as_index;
+    Py_ssize_t count;
+    Py_ssize_t allocated;
+    __Pyx_InterpreterIdAndModule table[1];
+} __Pyx_ModuleStateLookupData;
+#define __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE 32
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_int_type __Pyx_ModuleStateLookup_read_counter = 0;
+#endif
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static __pyx_atomic_ptr_type __Pyx_ModuleStateLookup_data = 0;
+#else
+static __Pyx_ModuleStateLookupData* __Pyx_ModuleStateLookup_data = NULL;
+#endif
+static __Pyx_InterpreterIdAndModule* __Pyx_State_FindModuleStateLookupTableLowerBound(
+        __Pyx_InterpreterIdAndModule* table,
+        Py_ssize_t count,
+        int64_t interpreterId) {
+    __Pyx_InterpreterIdAndModule* begin = table;
+    __Pyx_InterpreterIdAndModule* end = begin + count;
+    if (begin->id == interpreterId) {
+        return begin;
+    }
+    while ((end - begin) > __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+        __Pyx_InterpreterIdAndModule* halfway = begin + (end - begin)/2;
+        if (halfway->id == interpreterId) {
+            return halfway;
+        }
+        if (halfway->id < interpreterId) {
+            begin = halfway;
+        } else {
+            end = halfway;
+        }
+    }
+    for (; begin < end; ++begin) {
+        if (begin->id >= interpreterId) return begin;
+    }
+    return begin;
+}
+static PyObject *__Pyx_State_FindModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return NULL;
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData* data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+    {
+        __pyx_atomic_incr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        if (likely(data)) {
+            __Pyx_ModuleStateLookupData* new_data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_acquire(&__Pyx_ModuleStateLookup_data);
+            if (likely(data == new_data)) {
+                goto read_finished;
+            }
+        }
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+        __Pyx_ModuleStateLookup_Lock();
+        __pyx_atomic_incr_relaxed(&__Pyx_ModuleStateLookup_read_counter);
+        data = (__Pyx_ModuleStateLookupData*)__pyx_atomic_pointer_load_relaxed(&__Pyx_ModuleStateLookup_data);
+        __Pyx_ModuleStateLookup_Unlock();
+    }
+  read_finished:;
+#else
+    __Pyx_ModuleStateLookupData* data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_InterpreterIdAndModule* found = NULL;
+    if (unlikely(!data)) goto end;
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            found = data->table+interpreter_id;
+        }
+    } else {
+        found = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+    }
+  end:
+    {
+        PyObject *result=NULL;
+        if (found && found->id == interpreter_id) {
+            result = found->module;
+        }
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+        __pyx_atomic_decr_acq_rel(&__Pyx_ModuleStateLookup_read_counter);
+#endif
+        return result;
+    }
+}
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+static void __Pyx_ModuleStateLookup_wait_until_no_readers(void) {
+    while (__pyx_atomic_load(&__Pyx_ModuleStateLookup_read_counter) != 0);
+}
+#else
+#define __Pyx_ModuleStateLookup_wait_until_no_readers()
+#endif
+static int __Pyx_State_AddModuleInterpIdAsIndex(__Pyx_ModuleStateLookupData **old_data, PyObject* module, int64_t interpreter_id) {
+    Py_ssize_t to_allocate = (*old_data)->allocated;
+    while (to_allocate <= interpreter_id) {
+        if (to_allocate == 0) to_allocate = 1;
+        else to_allocate *= 2;
+    }
+    __Pyx_ModuleStateLookupData *new_data = *old_data;
+    if (to_allocate != (*old_data)->allocated) {
+         new_data = (__Pyx_ModuleStateLookupData *)realloc(
+            *old_data,
+            sizeof(__Pyx_ModuleStateLookupData)+(to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+        if (!new_data) {
+            PyErr_NoMemory();
+            return -1;
+        }
+        for (Py_ssize_t i = new_data->allocated; i < to_allocate; ++i) {
+            new_data->table[i].id = i;
+            new_data->table[i].module = NULL;
+        }
+        new_data->allocated = to_allocate;
+    }
+    new_data->table[interpreter_id].module = module;
+    if (new_data->count < interpreter_id+1) {
+        new_data->count = interpreter_id+1;
+    }
+    *old_data = new_data;
+    return 0;
+}
+static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData *data) {
+    __Pyx_InterpreterIdAndModule *read = data->table;
+    __Pyx_InterpreterIdAndModule *write = data->table;
+    __Pyx_InterpreterIdAndModule *end = read + data->count;
+    for (; read<end; ++read) {
+        if (read->module) {
+            write->id = read->id;
+            write->module = read->module;
+            ++write;
+        }
+    }
+    data->count = write - data->table;
+    for (; write<end; ++write) {
+        write->id = 0;
+        write->module = NULL;
+    }
+    data->interpreter_id_as_index = 0;
+}
+static int __Pyx_State_AddModule(PyObject* module, CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    int result = 0;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *old_data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *old_data = __Pyx_ModuleStateLookup_data;
+#endif
+    __Pyx_ModuleStateLookupData *new_data = old_data;
+    if (!new_data) {
+        new_data = (__Pyx_ModuleStateLookupData *)calloc(1, sizeof(__Pyx_ModuleStateLookupData));
+        if (!new_data) {
+            result = -1;
+            PyErr_NoMemory();
+            goto end;
+        }
+        new_data->allocated = 1;
+        new_data->interpreter_id_as_index = 1;
+    }
+    __Pyx_ModuleStateLookup_wait_until_no_readers();
+    if (new_data->interpreter_id_as_index) {
+        if (interpreter_id < __PYX_MODULE_STATE_LOOKUP_SMALL_SIZE) {
+            result = __Pyx_State_AddModuleInterpIdAsIndex(&new_data, module, interpreter_id);
+            goto end;
+        }
+        __Pyx_State_ConvertFromInterpIdAsIndex(new_data);
+    }
+    {
+        Py_ssize_t insert_at = 0;
+        {
+            __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+                new_data->table, new_data->count, interpreter_id);
+            assert(lower_bound);
+            insert_at = lower_bound - new_data->table;
+            if (unlikely(insert_at < new_data->count && lower_bound->id == interpreter_id)) {
+                lower_bound->module = module;
+                goto end;  // already in table, nothing more to do
+            }
+        }
+        if (new_data->count+1 >= new_data->allocated) {
+            Py_ssize_t to_allocate = (new_data->count+1)*2;
+            new_data =
+                (__Pyx_ModuleStateLookupData*)realloc(
+                    new_data,
+                    sizeof(__Pyx_ModuleStateLookupData) +
+                    (to_allocate-1)*sizeof(__Pyx_InterpreterIdAndModule));
+            if (!new_data) {
+                result = -1;
+                new_data = old_data;
+                PyErr_NoMemory();
+                goto end;
+            }
+            new_data->allocated = to_allocate;
+        }
+        ++new_data->count;
+        int64_t last_id = interpreter_id;
+        PyObject *last_module = module;
+        for (Py_ssize_t i=insert_at; i<new_data->count; ++i) {
+            int64_t current_id = new_data->table[i].id;
+            new_data->table[i].id = last_id;
+            last_id = current_id;
+            PyObject *current_module = new_data->table[i].module;
+            new_data->table[i].module = last_module;
+            last_module = current_module;
+        }
+    }
+  end:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, new_data);
+#else
+    __Pyx_ModuleStateLookup_data = new_data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return result;
+}
+static int __Pyx_State_RemoveModule(CYTHON_UNUSED void* dummy) {
+    int64_t interpreter_id = PyInterpreterState_GetID(__Pyx_PyInterpreterState_Get());
+    if (interpreter_id == -1) return -1;
+    __Pyx_ModuleStateLookup_Lock();
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __Pyx_ModuleStateLookupData *data = (__Pyx_ModuleStateLookupData *)
+            __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, 0);
+#else
+    __Pyx_ModuleStateLookupData *data = __Pyx_ModuleStateLookup_data;
+#endif
+    if (data->interpreter_id_as_index) {
+        if (interpreter_id < data->count) {
+            data->table[interpreter_id].module = NULL;
+        }
+        goto done;
+    }
+    {
+        __Pyx_ModuleStateLookup_wait_until_no_readers();
+        __Pyx_InterpreterIdAndModule* lower_bound = __Pyx_State_FindModuleStateLookupTableLowerBound(
+            data->table, data->count, interpreter_id);
+        if (!lower_bound) goto done;
+        if (lower_bound->id != interpreter_id) goto done;
+        __Pyx_InterpreterIdAndModule *end = data->table+data->count;
+        for (;lower_bound<end-1; ++lower_bound) {
+            lower_bound->id = (lower_bound+1)->id;
+            lower_bound->module = (lower_bound+1)->module;
+        }
+    }
+    --data->count;
+    if (data->count == 0) {
+        free(data);
+        data = NULL;
+    }
+  done:
+#if CYTHON_MODULE_STATE_LOOKUP_THREAD_SAFE
+    __pyx_atomic_pointer_exchange(&__Pyx_ModuleStateLookup_data, data);
+#else
+    __Pyx_ModuleStateLookup_data = data;
+#endif
+    __Pyx_ModuleStateLookup_Unlock();
+    return 0;
 }
+#endif
+
+/* #### Code section: utility_code_pragmas_end ### */
+#ifdef _MSC_VER
+#pragma warning( pop )
+#endif
+
 
 
+/* #### Code section: end ### */
 #endif /* Py_PYTHON_H */
diff --git a/ssh/utils.pxd b/ssh/utils.pxd
index 595a133c..1c5e8ff5 100644
--- a/ssh/utils.pxd
+++ b/ssh/utils.pxd
@@ -1,21 +1,21 @@
-# This file is part of ssh-python.
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# Copyright (C) 2017-2020 Panos Kittenis
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-from c_ssh cimport ssh_session, ssh_string
+from .c_ssh cimport ssh_session, ssh_string
 
 cdef bytes to_bytes(_str)
 cdef object to_str(const char *c_str)
diff --git a/ssh/utils.pyx b/ssh/utils.pyx
index 15ef3316..8f13794e 100644
--- a/ssh/utils.pyx
+++ b/ssh/utils.pyx
@@ -1,29 +1,30 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 from select import select
 
 from cpython.version cimport PY_MAJOR_VERSION
 
-from c_ssh cimport ssh_error_types_e, ssh_get_error, ssh_auth_e, \
+from .c_ssh cimport ssh_error_types_e, ssh_get_error, ssh_auth_e, \
     SSH_OK, SSH_ERROR, SSH_AGAIN, SSH_EOF, ssh_session, ssh_string, \
     ssh_string_get_char, ssh_string_free, ssh_string_len, SSH_READ_PENDING, \
     SSH_WRITE_PENDING
 
-from exceptions import OtherError, \
+from .exceptions import OtherError, \
     AuthenticationPartial, AuthenticationDenied, AuthenticationError, \
     SSHError, EOF
 
diff --git a/tests/__init__.py b/tests/__init__.py
index e69de29b..c1b9dac2 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -0,0 +1,16 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
diff --git a/tests/base_case.py b/tests/base_case.py
index e0a9a917..d568f19a 100644
--- a/tests/base_case.py
+++ b/tests/base_case.py
@@ -1,89 +1,32 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018-2020 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-import unittest
-import pwd
 import os
-import socket
-import subprocess
-from sys import version_info
-
-from .embedded_server.openssh import OpenSSHServer
-from ssh.session import Session
-from ssh.key import import_privkey_file
-from ssh import options
+import unittest
 
+import pwd
 
 PKEY_FILENAME = os.path.sep.join([os.path.dirname(__file__), 'unit_test_key'])
 PUB_FILE = "%s.pub" % (PKEY_FILENAME,)
-USER_CERT_PRIV_KEY = os.path.sep.join([os.path.dirname(__file__), 'unit_test_cert_key'])
-USER_CERT_PUB_KEY = os.path.sep.join([os.path.dirname(__file__), 'unit_test_cert_key.pub'])
-USER_CERT_FILE = os.path.sep.join([os.path.dirname(__file__), 'unit_test_cert_key-cert.pub'])
-CA_USER_KEY = os.path.sep.join([os.path.dirname(__file__), 'embedded_server', 'ca_user_key'])
 USER = pwd.getpwuid(os.geteuid()).pw_name
 
 
 class SSHTestCase(unittest.TestCase):
 
-    @classmethod
-    def sign_cert(cls):
-        cmd = [
-            'ssh-keygen', '-s', CA_USER_KEY, '-n', USER, '-I', 'tests', USER_CERT_PUB_KEY,
-        ]
-        subprocess.check_call(cmd)
-
-    @classmethod
-    def setUpClass(cls):
-        _mask = int('0600') if version_info <= (2,) else 0o600
-        for _file in [PKEY_FILENAME, USER_CERT_PRIV_KEY, CA_USER_KEY]:
-            os.chmod(_file, _mask)
-        cls.sign_cert()
-        cls.server = OpenSSHServer()
-        cls.server.start_server()
-
-    @classmethod
-    def tearDownClass(cls):
-        cls.server.stop()
-        del cls.server
-
     def setUp(self):
         self.host = '127.0.0.1'
         self.port = 2222
-        self.cmd = 'echo me'
-        self.resp = u'me'
-        self.user_key = PKEY_FILENAME
-        self.user_pub_key = PUB_FILE
-        self.user_ca_key = USER_CERT_PRIV_KEY
-        self.user_cert_file = USER_CERT_FILE
-        self.user = USER
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        sock.connect((self.host, self.port))
-        self.sock = sock
-        self.session = Session()
-        self.session.options_set(options.HOST, self.host)
-        self.session.options_set_port(self.port)
-        self.session.options_set(options.USER, self.user)
-        self.session.set_socket(sock)
-        self.pkey = import_privkey_file(self.user_key)
-        # self.session.options_set(options.LOG_VERBOSITY, '1')
-
-    def tearDown(self):
-        del self.session
-
-    def _auth(self):
-        self.assertEqual(self.session.connect(), 0)
-        self.assertEqual(
-            self.session.userauth_publickey(self.pkey), 0)
diff --git a/tests/test_channel.py b/tests/test_channel.py
index ff2b4406..356c724d 100644
--- a/tests/test_channel.py
+++ b/tests/test_channel.py
@@ -1,185 +1,29 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-import unittest
-from pytest import mark
-from time import sleep
-
-from ssh.key import SSHKey, import_pubkey_file, import_privkey_file
-from ssh import options
-from ssh.exceptions import KeyImportError
-from ssh.utils import wait_socket
-from ssh.error_codes import SSH_AGAIN
-from ssh.exceptions import EOF, SSHError
+from ssh.channel import Channel
+from ssh.session import Session
 
 from .base_case import SSHTestCase
 
 
 class ChannelTest(SSHTestCase):
 
-    def test_close(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertEqual(chan.open_session(), 0)
-        self.assertFalse(chan.closed)
-        chan.request_exec('echo me')
-        chan.read()
-        self.assertFalse(chan.closed)
-        chan.close()
-        self.assertTrue(chan.closed)
-        chan.close()
-        self.session.disconnect()
-        chan.close()
-
-    def test_channel_exec(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertEqual(chan.open_session(), 0)
-        self.assertTrue(chan.is_open())
-        self.assertFalse(chan.is_closed())
-        self.assertEqual(chan.request_exec(self.cmd), 0)
-        self.assertFalse(chan.is_eof())
-        self.assertFalse(chan.is_closed())
-        all_data = b""
-        size, data = chan.read()
-        while size > 0:
-            all_data += data
-            try:
-                size, data = chan.read()
-            except SSHError:
-                break
-        lines = [s.decode('utf-8') for s in all_data.splitlines()]
-        self.assertEqual(lines[0], self.resp)
-        sleep(1)
-        self.assertTrue(chan.is_eof())
-        self.assertEqual(chan.close(), 0)
-        self.assertFalse(chan.is_open())
-        self.assertTrue(chan.is_closed())
-
-    def test_channel_non_blocking_exec(self):
-        self._auth()
-        self.session.set_blocking(0)
-        chan = self.session.channel_new()
-        while chan == SSH_AGAIN:
-            wait_socket(self.session, self.sock)
-            chan = self.session.channel_new()
-        chan.set_blocking(0)
-        rc = chan.open_session()
-        while rc == SSH_AGAIN:
-            wait_socket(self.session, self.sock)
-            rc = chan.open_session()
-        self.assertEqual(rc, 0)
-        self.assertTrue(chan.is_open())
-        self.assertFalse(chan.is_closed())
-        rc = chan.request_exec(self.cmd)
-        while rc == SSH_AGAIN:
-            wait_socket(self.session, self.sock)
-            rc = chan.request_exec(self.cmd)
-        self.assertEqual(rc, 0)
-        self.assertFalse(chan.is_eof())
-        self.assertFalse(chan.is_closed())
-        all_data = b""
-        while True:
-            try:
-                if chan.poll():
-                    wait_socket(self.session, self.sock)
-                size, data = chan.read_nonblocking()
-                if size > 0:
-                    all_data += data
-            except EOF:
-                break
-        lines = [s.decode('utf-8') for s in all_data.splitlines()]
-        self.assertEqual(lines[0], self.resp)
-        self.assertRaises(EOF, chan.poll)
-        self.assertTrue(chan.is_eof())
-        rc = chan.close()
-        while rc == SSH_AGAIN:
-            wait_socket(self.session, self.sock)
-            rc = chan.close()
-        self.assertEqual(rc, 0)
-        self.assertFalse(chan.is_open())
-        self.assertTrue(chan.is_closed())
-
-    def test_exit_code(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertEqual(chan.open_session(), 0)
-        self.assertEqual(chan.request_exec('exit 2'), 0)
-        self.assertEqual(chan.send_eof(), 0)
-        self.assertEqual(chan.close(), 0)
-        status = chan.get_exit_status()
-        self.assertEqual(status, 2)
-
-    def test_long_running_execute(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertEqual(chan.open_session(), 0)
-        self.assertEqual(chan.request_exec('sleep 1; exit 3'), 0)
-        chan.send_eof()
-        self.assertEqual(chan.close(), 0)
-        self.assertEqual(chan.get_exit_status(), 3)
-
-    def test_read_stderr(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertEqual(chan.open_session(), 0)
-        expected = ['stderr output']
-        chan.request_exec('echo "stderr output" >&2')
-        size, data = chan.read(is_stderr=True)
-        self.assertTrue(size > 0)
-        lines = [s.decode('utf-8') for s in data.splitlines()]
-        self.assertListEqual(expected, lines)
-
-    def test_pty(self):
-        self._auth()
-        chan = self.session.channel_new()
-        chan.open_session()
-        self.assertTrue(chan.request_pty() == 0)
-        _out = u'stderr output'
-        expected = [_out]
-        chan.request_exec(u'echo "%s" >&2' % (_out,))
-        # stderr output gets redirected to stdout with a PTY
-        size, data = chan.read()
-        self.assertTrue(size > 0)
-        lines = [s.decode('utf-8') for s in data.splitlines()]
-        self.assertListEqual(expected, lines)
-
-    def test_write_stdin(self):
-        self._auth()
-        _in = u'writing to stdin'
-        chan = self.session.channel_new()
-        chan.open_session()
-        chan.request_exec('cat')
-        chan.write(_in + '\n')
-        self.assertEqual(chan.send_eof(), 0)
-        size, data = chan.read()
-        self.assertTrue(size > 0)
-        lines = [line.decode('utf-8') for line in data.splitlines()]
-        self.assertListEqual([_in], lines)
-        chan.close()
-        chan.read()
-        self.assertTrue(chan.is_eof())
-
-    def test_write_stderr(self):
-        self._auth()
-        chan = self.session.channel_new()
-        chan.open_session()
-        chan.request_exec('echo something')
-        _in = u'stderr'
-        rc, bytes_written = chan.write_stderr(_in + '\n')
-        self.assertEqual(rc, 7)
-        self.assertEqual(bytes_written, 7)
-        self.assertEqual(chan.close(), 0)
+    def test_channel(self):
+        session = Session()
+        chan = Channel(session)
+        self.assertIsInstance(chan, Channel)
diff --git a/tests/test_connector.py b/tests/test_connector.py
index 1d66c855..2ba3232a 100644
--- a/tests/test_connector.py
+++ b/tests/test_connector.py
@@ -1,24 +1,24 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-import unittest
 import socket
 
-from ssh.connector import Connector, CONNECTOR_STDOUT, CONNECTOR_STDERR, \
-    CONNECTOR_BOTH
+from ssh.connector import Connector
+from ssh.session import Session
 
 from .base_case import SSHTestCase
 
@@ -26,16 +26,9 @@
 class ConnectorTest(SSHTestCase):
 
     def test_connector(self):
-        self._auth()
-        connector = self.session.connector_new()
+        session = Session()
+        connector = session.connector_new()
         self.assertIsInstance(connector, Connector)
-        chan = self.session.channel_new()
-        self.assertEqual(
-            connector.set_in_channel(chan, CONNECTOR_STDOUT), 0)
-        self.assertEqual(
-            connector.set_out_channel(chan, CONNECTOR_STDERR), 0)
-        self.assertEqual(
-            connector.set_in_channel(chan, CONNECTOR_BOTH), 0)
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         self.assertIsNone(connector.set_in_fd(sock))
         self.assertIsNone(connector.set_out_fd(sock))
diff --git a/tests/test_event.py b/tests/test_event.py
index 55573739..41419412 100644
--- a/tests/test_event.py
+++ b/tests/test_event.py
@@ -1,28 +1,25 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-import unittest
 import socket
 
 from ssh.session import Session
-from ssh import options
 from ssh.event import Event
 from ssh.callbacks import Callbacks
-from ssh.connector import CONNECTOR_STDOUT, CONNECTOR_STDERR, \
-    CONNECTOR_BOTH
 from ssh.exceptions import SSHError
 
 from .base_case import SSHTestCase
@@ -31,22 +28,19 @@
 class CallbacksTest(SSHTestCase):
 
     def test_callbacks(self):
+        session = Session()
         cb = Callbacks()
-        self.assertEqual(cb.set_callbacks(self.session), 0)
+        self.assertEqual(cb.set_callbacks(session), 0)
 
 
 class EventTest(SSHTestCase):
 
     def test_event_session(self):
-        self._auth()
         event = Event()
         self.assertIsInstance(event, Event)
-        self.assertEqual(event.add_session(self.session), 0)
-        self.assertEqual(self.session, event.session)
-        self.assertEqual(event.remove_session(self.session), 0)
-        self.assertIsNone(event.session)
 
     def test_event_connector(self):
+        session = Session()
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         event = Event()
         self.assertEqual(event.add_fd(sock, 1), 0)
@@ -54,7 +48,7 @@ def test_event_connector(self):
         self.assertEqual(event.remove_fd(sock), 0)
         self.assertIsNone(event.socket)
         self.assertEqual(event.add_fd(sock, 1, callback=lambda: 1), 0)
-        connector = self.session.connector_new()
+        connector = session.connector_new()
         self.assertIsNone(event.connector)
         self.assertRaises(SSHError, event.add_connector, connector)
         self.assertIsNone(event.connector)
diff --git a/tests/test_keys.py b/tests/test_keys.py
new file mode 100644
index 00000000..3bb0dcdf
--- /dev/null
+++ b/tests/test_keys.py
@@ -0,0 +1,49 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
+import os
+
+from ssh.key import (SSHKey, SSH_FILE_FORMAT_OPENSSH, SSH_FILE_FORMAT_PEM, import_pubkey_file,
+                     import_privkey_file, generate)
+from ssh.keytypes import RSAKey
+
+from .base_case import SSHTestCase, PUB_FILE
+
+
+class KeyTest(SSHTestCase):
+
+    def test_imports(self):
+        pub_file = import_pubkey_file(PUB_FILE)
+        self.assertIsInstance(pub_file, SSHKey)
+
+    def test_export_file_format(self):
+        key_type = RSAKey()
+        key = generate(key_type, 1024)
+        for keyformat in (SSH_FILE_FORMAT_PEM, SSH_FILE_FORMAT_OPENSSH):
+            export_file_path = 'test_file_export'
+            try:
+                key.export_privkey_file_format(export_file_path, keyformat)
+                self.assertTrue(os.path.exists(export_file_path))
+                imported_key = import_privkey_file(export_file_path)
+                assert imported_key == key
+            finally:
+                os.unlink(export_file_path)
+
+    def test_export_bad_file_format(self):
+        key_type = RSAKey()
+        key = generate(key_type, 1024)
+        self.assertRaises(ValueError, key.export_privkey_file_format, "fake", 999)
diff --git a/tests/test_keytypes.py b/tests/test_keytypes.py
index 4bee8ea0..63a80eef 100644
--- a/tests/test_keytypes.py
+++ b/tests/test_keytypes.py
@@ -1,3 +1,20 @@
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+
 import unittest
 
 from ssh.key import generate
diff --git a/tests/test_session.py b/tests/test_session.py
index 3d790483..807cc40e 100644
--- a/tests/test_session.py
+++ b/tests/test_session.py
@@ -1,18 +1,19 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
 import unittest
 import socket
@@ -32,37 +33,17 @@
 from ssh.error_codes import SSH_AGAIN
 from ssh.utils import wait_socket
 
-from .base_case import SSHTestCase
+from .base_case import SSHTestCase, PUB_FILE
 
 
 class SessionTest(SSHTestCase):
 
-    def test_non_blocking_connect(self):
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        sock.connect((self.host, self.port))
-        session = Session()
-        session.options_set(options.USER, self.user)
-        session.options_set(options.HOST, self.host)
-        session.options_set_port(self.port)
-        self.assertEqual(session.set_socket(sock), 0)
-        session.set_blocking(0)
-        rc = session.connect()
-        while rc == SSH_AGAIN:
-            wait_socket(session, sock)
-            rc = session.connect()
-        self.assertEqual(rc, 0)
-        rc = session.userauth_publickey(self.pkey)
-        while rc == SSH_AUTH_AGAIN:
-            wait_socket(session, sock)
-            rc = session.userauth_publickey(self.pkey)
-        self.assertEqual(rc, 0)
-
     def test_should_not_segfault(self):
         session = Session()
         self.assertEqual(session.get_error(), '')
         self.assertRaises(InvalidAPIUse, session.userauth_none)
-        self.assertRaises(InvalidAPIUse, session.userauth_publickey, self.pkey)
-        key = import_pubkey_file(self.user_pub_key)
+        self.assertRaises(InvalidAPIUse, session.userauth_publickey, import_pubkey_file(PUB_FILE))
+        key = import_pubkey_file(PUB_FILE)
         self.assertRaises(InvalidAPIUse, session.userauth_try_publickey, key)
         self.assertRaises(InvalidAPIUse, session.userauth_publickey_auto, '')
         self.assertRaises(InvalidAPIUse, session.channel_new)
@@ -80,129 +61,15 @@ def test_should_not_segfault(self):
         self.assertIsNotNone(session.get_error_code())
         session.connector_new()
 
-    def test_disconnect(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertEqual(chan.open_session(), 0)
-        chan.close()
-        self.session.disconnect()
-        del chan
-
-    def test_socket_connect(self):
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        sock.connect((self.host, self.port))
-        session = Session()
-        session.options_set(options.USER, self.user)
-        session.options_set(options.HOST, self.host)
-        session.options_set_port(self.port)
-        self.assertEqual(session.set_socket(sock), 0)
-        self.assertEqual(session.connect(), 0)
-        self.assertRaises(AuthenticationDenied, session.userauth_none)
-        self.assertEqual(
-            session.userauth_publickey(self.pkey), 0)
-
-    def test_connect(self):
-        self.assertEqual(self.session.connect(), 0)
-        self.assertRaises(AuthenticationDenied, self.session.userauth_none)
-        self.assertRaises(
-            AuthenticationDenied, self.session.userauth_publickey_auto, '')
-
-    def test_key_auth(self):
-        self.assertEqual(self.session.connect(), 0)
-        self.assertRaises(KeyImportError, import_pubkey_file, self.user_key)
-        key = import_pubkey_file(self.user_pub_key)
-        self.assertIsInstance(key, SSHKey)
-        self.assertEqual(
-            self.session.userauth_try_publickey(key), 0)
-        # Private key as public key import error
-        self.assertRaises(KeyImportError, import_privkey_file, self.user_pub_key)
-        pkey = import_privkey_file(self.user_key)
-        self.assertEqual(
-            self.session.userauth_publickey(pkey), 0)
-
-    def test_cert_auth(self):
-        self.assertEqual(self.session.connect(), 0)
-        cert_key = import_cert_file(self.user_cert_file)
-        self.assertIsInstance(cert_key, SSHKey)
-        key_type = cert_key.key_type()
-        self.assertIsInstance(key_type, RSACert01Key)
-        cert_priv_key = import_privkey_file(self.user_ca_key)
-        copy_cert_to_privkey(cert_key, cert_priv_key)
-        self.assertEqual(self.session.userauth_try_publickey(cert_key), 0)
-        self.assertEqual(self.session.userauth_publickey(cert_priv_key), 0)
-        chan = self.session.channel_new()
-        self.assertIsInstance(chan, Channel)
-
-    def test_cert_imports(self):
-        self.assertRaises(KeyImportError, import_cert_file, self.user_key)
-        priv_key = SSHKey()
-        cert_key = import_cert_file(self.user_cert_file)
-        self.assertRaises(KeyImportError, copy_cert_to_privkey, cert_key, priv_key)
-        with open(self.user_cert_file, 'rb') as fh:
-            cert_key_data = base64.b64encode(fh.read())
-            # cert_key_data = fh.read()
-        rsa_cert = RSACert01Key()
-        self.assertIsNotNone(rsa_cert.value)
-        # Failing
-        # cert_key_b64 = import_cert_base64(cert_key_data, rsa_cert)
-        # self.assertIsInstance(cert_key_b64.key_type(), RSACert01Key)
-
-    def test_open_channel(self):
-        self._auth()
-        chan = self.session.channel_new()
-        self.assertIsInstance(chan, Channel)
-
-    def test_scp_push(self):
-        self._auth()
-        scp = self.session.scp_new(SSH_SCP_WRITE, 'test_file')
-        self.assertIsInstance(scp, SCP)
-        test_data = b"data\n"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        to_copy = os.sep.join([os.path.dirname(__file__),
-                               "copied"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        try:
-            fileinfo = os.stat(remote_filename)
-            scp.push_file64(to_copy, fileinfo.st_size, fileinfo.st_mode & 0o777)
-            scp.write(test_data)
-            del scp
-        finally:
-            os.unlink(remote_filename)
-
-    def test_gssapi_creds(self):
-        self.session.connect()
-        rc = self.session.options_set(options.GSSAPI_SERVER_IDENTITY, 'identity')
-        self.assertEqual(rc, 0)
-        rc = self.session.options_set(options.GSSAPI_CLIENT_IDENTITY, 'my_id')
-        self.assertEqual(rc, 0)
-        rc = self.session.options_set_gssapi_delegate_credentials(True)
-        self.assertEqual(rc, 0)
-        self.assertRaises(AuthenticationDenied, self.session.userauth_gssapi)
-        rc = self.session.options_set_gssapi_delegate_credentials(False)
-        self.assertEqual(rc, 0)
-        self.assertRaises(AuthenticationDenied, self.session.userauth_gssapi)
-
-    def test_agent_auth(self):
-        self.session.connect()
-        self.assertRaises(
-            AuthenticationDenied, self.session.userauth_agent, self.user)
-
     def test_set_timeout(self):
         session = Session()
         self.assertEqual(session.options_set(options.TIMEOUT, "1000"), 0)
         self.assertEqual(session.options_set(options.TIMEOUT_USEC, "1000"), 0)
         sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        sock.connect((self.host, self.port))
         session = Session()
-        session.options_set(options.USER, self.user)
+        session.options_set(options.USER, 'a user')
         session.options_set(options.HOST, self.host)
         session.options_set_port(self.port)
         self.assertEqual(session.set_socket(sock), 0)
         self.assertEqual(session.options_set(options.TIMEOUT, "1000"), 0)
         self.assertEqual(session.options_set(options.TIMEOUT_USEC, "1000"), 0)
-
-    def test_get_server_publickey(self):
-        self.session.connect()
-        self.assertIsInstance(self.session.get_server_publickey(), SSHKey)
diff --git a/tests/test_sftp.py b/tests/test_sftp.py
index 13ca9452..44e485fe 100644
--- a/tests/test_sftp.py
+++ b/tests/test_sftp.py
@@ -1,38 +1,21 @@
-# This file is part of ssh-python.
-# Copyright (C) 2018 Panos Kittenis
+#  This file is part of ssh-python.
+#  Copyright (C) 2018-2025 Panos Kittenis.
+#  Copyright (C) 2018-2025 ssh-python Contributors.
 #
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation, version 2.1.
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation, version 2.1.
 #
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-130
 
-import unittest
-import os
-import platform
-import stat
-from sys import version_info
-import shutil
-import socket
-from select import select
-import time
-
-from ssh.session import Session
-from ssh import options
 from ssh.sftp import SFTP
-from ssh.sftp_handles import SFTPDir, SFTPFile
-from ssh.sftp_attributes import SFTPAttributes
-from ssh.exceptions import InvalidAPIUse, SFTPHandleError, SFTPError
-from ssh.error_codes import SSH_AGAIN
-from ssh.utils import wait_socket
-
 
 from .base_case import SSHTestCase
 
@@ -40,377 +23,8 @@
 class SFTPTest(SSHTestCase):
 
     def test_sftp_init(self):
-        self._auth()
-        sftp = self.session.sftp_new()
+        sftp = SFTP()
         self.assertIsInstance(sftp, SFTP)
-        self.assertEqual(sftp.init(), 0)
         del sftp
-        sftp = self.session.sftp_init()
-        self.assertIsInstance(sftp, SFTP)
-
-    def test_sftp_fail(self):
-        self.assertRaises(InvalidAPIUse, self.session.sftp_new)
-        self._auth()
-        sftp = self.session.sftp_new()
-        self.assertRaises(SFTPHandleError, sftp.opendir, '.')
-
-    def test_sftp_dir(self):
-        self._auth()
-        sftp = self.session.sftp_new()
-        sftp.init()
-        _dir = sftp.opendir('.')
-        self.assertIsInstance(_dir, SFTPDir)
-        self.assertFalse(_dir.eof())
-        self.assertEqual(_dir.closedir(), 0)
-        # dir handle from context manager
-        with sftp.opendir('.') as _dir:
-            for attr in _dir:
-                self.assertIsInstance(attr, SFTPAttributes)
-                self.assertIsNotNone(attr.name)
-        self.assertTrue(_dir.eof())
-
-    def test_sftp_readdir(self):
-        self._auth()
-        sftp = self.session.sftp_new()
-        sftp.init()
-        with sftp.opendir('.') as _dir:
-            attrs = _dir.readdir()
-            self.assertIsInstance(attrs, SFTPAttributes)
-            self.assertIsNotNone(attrs.uid)
-            self.assertIsNotNone(attrs.gid)
-            self.assertIsNotNone(attrs.owner)
-            self.assertIsNotNone(attrs.group)
-            self.assertTrue(attrs.size > 0)
-            self.assertTrue(isinstance(attrs.name, bytes))
-            self.assertTrue(len(attrs.longname) > 1)
-            self.assertFalse(_dir.closed)
-            self.assertEqual(_dir.closedir(), 0)
-            self.assertTrue(_dir.closed)
-        del _dir
-        with sftp.opendir('.') as _dir:
-            pass
-        self.assertTrue(_dir.closed)
-        del _dir
-
-    def test_sftp_file_read(self):
-        self._auth()
-        sftp = self.session.sftp_new()
-        sftp.init()
-        if int(platform.python_version_tuple()[0]) >= 3:
-            test_file_data = b'test' + bytes(os.linesep, 'utf-8')
-        else:
-            test_file_data = b'test' + os.linesep
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       'remote_test_file'])
-        with open(remote_filename, 'wb') as test_fh:
-            test_fh.write(test_file_data)
-        try:
-            with sftp.open(remote_filename, os.O_RDONLY, 0) as remote_fh:
-                self.assertIsInstance(remote_fh, SFTPFile)
-                remote_data = b""
-                for rc, data in remote_fh:
-                    remote_data += data
-                self.assertFalse(remote_fh.closed)
-                self.assertEqual(remote_fh.close(), 0)
-                self.assertTrue(remote_fh.closed)
-                self.assertEqual(remote_data, test_file_data)
-            self.assertTrue(remote_fh.closed)
-            del remote_fh
-            with sftp.open(remote_filename, os.O_RDONLY, 0) as remote_fh:
-                pass
-            self.assertTrue(remote_fh.closed)
-        finally:
-            os.unlink(remote_filename)
-
-    def test_sftp_write(self):
-        self._auth()
-        sftp = self.session.sftp_new()
-        sftp.init()
-        data = b"test file data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        mode = int("0666") if version_info <= (2,) else 0o666
-        with sftp.open(remote_filename,
-                       os.O_CREAT | os.O_WRONLY,
-                       mode) as remote_fh:
-            remote_fh.write(data)
-        with open(remote_filename, 'rb') as fh:
-            written_data = fh.read()
-        _stat = os.stat(remote_filename)
-        try:
-            self.assertEqual(stat.S_IMODE(_stat.st_mode), 420)
-            self.assertTrue(fh.closed)
-            self.assertEqual(data, written_data)
-        except Exception:
-            raise
-        finally:
-            os.unlink(remote_filename)
-
-    def test_sftp_attrs_cls(self):
-        attrs = SFTPAttributes.new_attrs(None)
-        self.assertIsInstance(attrs, SFTPAttributes)
-        self.assertEqual(attrs.uid, 0)
-        self.assertEqual(attrs.gid, 0)
-        attrs.flags = 1
-        attrs.type = 2
-        attrs.size = 3
-        attrs.uid = 4
-        attrs.gid = 5
-        attrs.permissions = 6
-        attrs.atime64 = 7
-        attrs.atime = 8
-        attrs.atime_nseconds = 9
-        attrs.createtime = 10
-        attrs.createtime_nseconds = 11
-        attrs.mtime64 = 12
-        attrs.mtime = 13
-        attrs.mtime_nseconds = 14
-        attrs.extended_count = 15
-        self.assertEqual(attrs.flags, 1)
-        self.assertEqual(attrs.type, 2)
-        self.assertEqual(attrs.size, 3)
-        self.assertEqual(attrs.uid, 4)
-        self.assertEqual(attrs.gid, 5)
-        self.assertEqual(attrs.permissions, 6)
-        self.assertEqual(attrs.atime64, 7)
-        self.assertEqual(attrs.atime, 8)
-        self.assertEqual(attrs.atime_nseconds, 9)
-        self.assertEqual(attrs.createtime, 10)
-        self.assertEqual(attrs.createtime_nseconds, 11)
-        self.assertEqual(attrs.mtime64, 12)
-        self.assertEqual(attrs.mtime, 13)
-        self.assertEqual(attrs.mtime_nseconds, 14)
-        self.assertEqual(attrs.extended_count, 15)
-        del attrs
-
-    def test_sftp_stat(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.assertIsInstance(sftp, SFTP)
-        test_data = b"data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        _mask = int('0644') if version_info <= (2,) else 0o644
-        os.chmod(remote_filename, _mask)
-        _size = os.stat(remote_filename).st_size
-        try:
-            attrs = sftp.stat(remote_filename)
-            self.assertTrue(isinstance(attrs, SFTPAttributes))
-            self.assertEqual(attrs.uid, os.getuid())
-            self.assertEqual(attrs.gid, os.getgid())
-            self.assertEqual(stat.S_IMODE(attrs.permissions), 420)
-            self.assertTrue(attrs.atime > 0)
-            self.assertTrue(attrs.mtime > 0)
-            self.assertTrue(attrs.flags > 0)
-            self.assertEqual(attrs.size, _size)
-        except Exception:
-            raise
-        finally:
-            os.unlink(remote_filename)
-        self.assertRaises(SFTPError, sftp.stat, remote_filename)
-        self.assertNotEqual(sftp.get_error(), 0)
-
-    def test_sftp_fstat(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.assertTrue(sftp is not None)
-        test_data = b"data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        try:
-            with sftp.open(remote_filename, 0, 0) as fh:
-                attrs = fh.fstat()
-                self.assertTrue(isinstance(attrs, SFTPAttributes))
-                self.assertEqual(attrs.uid, os.getuid())
-                self.assertEqual(attrs.gid, os.getgid())
-                self.assertTrue(attrs.flags > 0)
-        except Exception:
-            raise
-        finally:
-            os.unlink(remote_filename)
-
-    def test_sftp_setstat(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.assertTrue(sftp is not None)
-        test_data = b"data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        _mask = int('0644') if version_info <= (2,) else 0o644
-        os.chmod(remote_filename, _mask)
-        attrs = sftp.stat(remote_filename)
-        attrs.permissions = int("0400") if version_info <= (2,) else 0o400
-        try:
-            self.assertEqual(sftp.setstat(remote_filename, attrs), 0)
-            attrs = sftp.stat(remote_filename)
-            self.assertEqual(attrs.permissions, 33024)
-        except Exception:
-            raise
-        finally:
-            os.unlink(remote_filename)
-
-    def test_canonicalize_path(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.assertTrue(sftp is not None)
-        self.assertIsNotNone(sftp.canonicalize_path('.'))
-
-    def test_sftp_symlink_realpath_lstat(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.assertTrue(sftp is not None)
-        test_data = b"data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        symlink_target = os.sep.join([os.path.dirname(__file__),
-                                      'remote_symlink'])
-        try:
-            self.assertEqual(sftp.symlink(remote_filename, symlink_target), 0)
-            lstat = sftp.lstat(symlink_target)
-            self.assertTrue(lstat is not None)
-            self.assertEqual(lstat.size, os.lstat(symlink_target).st_size)
-            realpath = sftp.canonicalize_path(symlink_target)
-            self.assertTrue(realpath is not None)
-            self.assertEqual(realpath, remote_filename)
-        except Exception:
-            raise
-        finally:
-            os.unlink(symlink_target)
-            os.unlink(remote_filename)
-
-    def test_readdir(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        dir_data = [_dir for _dir in sftp.opendir('.')]
-        self.assertTrue(len(dir_data) > 0)
-        self.assertTrue(b'.' in (_ls.name for _ls in dir_data))
-        self.assertTrue(b'..' in (_ls.name for _ls in dir_data))
-
-    def test_readdir_failure(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.assertRaises(SFTPError, sftp.opendir, 'fakeyfakey')
-
-    def test_fsync(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        test_data = b"data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        try:
-            with sftp.open(remote_filename, 0, 0) as fh:
-                self.assertEqual(fh.fsync(), 0)
-        except Exception:
-            raise
-        finally:
-            os.unlink(remote_filename)
-
-    def test_statvfs(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        vfs = sftp.statvfs('.')
-        self.assertTrue(vfs is not None)
-        self.assertTrue(vfs.f_files > 0)
-        self.assertTrue(vfs.f_bsize > 0)
-        self.assertTrue(vfs.f_namemax > 0)
-
-    def test_fstatvfs(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        test_data = b"data"
-        remote_filename = os.sep.join([os.path.dirname(__file__),
-                                       "remote_test_file"])
-        with open(remote_filename, 'wb') as fh:
-            fh.write(test_data)
-        try:
-            with sftp.open(remote_filename, 0, 0) as fh:
-                vfs = fh.fstatvfs()
-                self.assertTrue(vfs is not None)
-                self.assertTrue(vfs.f_files > 0)
-                self.assertTrue(vfs.f_bsize > 0)
-                self.assertTrue(vfs.f_namemax > 0)
-        except Exception:
-            raise
-        finally:
-            os.unlink(remote_filename)
-
-    def test_mkdir(self):
-        mode = int("0644") if version_info <= (2,) else 0o644
-        _path = 'tmp'
-        abspath = os.path.join(os.path.expanduser('~'), _path)
-        self._auth()
-        sftp = self.session.sftp_init()
-        try:
-            shutil.rmtree(abspath)
-        except OSError:
-            pass
-        sftp.mkdir(_path, mode)
-        try:
-            self.assertTrue(os.path.isdir(abspath))
-        finally:
-            shutil.rmtree(abspath)
-
-    def test_handle_open_nonblocking(self):
-        self._auth()
-        sftp = self.session.sftp_init()
-        self.session.set_blocking(False)
-        fh = sftp.open('.', 0, 0)
-        self.assertIsInstance(fh, SFTPFile)
-        fh.set_nonblocking()
-        fh.close()
-
-    # def test_async_read(self):
-    #     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    #     sock.connect((self.host, self.port))
-    #     self.session = Session()
-    #     self.session.options_set(options.USER, self.user)
-    #     self.session.options_set(options.HOST, self.host)
-    #     self.session.options_set_port(self.port)
-    #     self.assertEqual(self.session.set_socket(sock), 0)
-    #     self.assertEqual(self.session.connect(), 0)
-    #     self.assertEqual(self.session.userauth_publickey(self.pkey), 0)
-    #     sftp = self.session.sftp_new()
-    #     sftp.init()
-    #     if int(platform.python_version_tuple()[0]) >= 3:
-    #         test_file_data = b'test' + bytes(os.linesep, 'utf-8')
-    #     else:
-    #         test_file_data = b'test' + os.linesep
-    #     remote_filename = os.sep.join([os.path.dirname(__file__),
-    #                                    'remote_test_file'])
-    #     with open(remote_filename, 'wb') as test_fh:
-    #         test_fh.write(test_file_data)
-    #     # self.session.set_blocking(False)
-    #     try:
-    #         with sftp.open(remote_filename, os.O_RDONLY, 0) as remote_fh:
-    #             self.assertIsInstance(remote_fh, SFTPFile)
-    #             remote_fh.set_nonblocking()
-    #             remote_data = b""
-    #             async_id = remote_fh.async_read_begin()
-    #             self.assertNotEqual(async_id, 0)
-    #             import ipdb; ipdb.set_trace()
-    #             size, data = remote_fh.async_read(async_id)
-    #             while size > 0 or size == SSH_AGAIN:
-    #                 if size == SSH_AGAIN:
-    #                     print("Would try again")
-    #                     wait_socket(sock, self.session, timeout=1)
-    #                     size, data = remote_fh.async_read(async_id)
-    #                     continue
-    #                 remote_data += data
-    #                 size, data = remote_fh.async_read(async_id)
-    #             self.assertFalse(remote_fh.closed)
-    #             self.assertEqual(remote_fh.close(), 0)
-    #             self.assertTrue(remote_fh.closed)
-    #             self.assertEqual(remote_data, test_file_data)
-    #         self.assertTrue(remote_fh.closed)
-    #     finally:
-    #         os.unlink(remote_filename)
+        sftp = SFTP()
+        self.assertEqual(sftp.init(), 0)
diff --git a/versioneer.py b/versioneer.py
index a2870603..1e3753e6 100644
--- a/versioneer.py
+++ b/versioneer.py
@@ -1,5 +1,5 @@
 
-# Version: 0.18-1
+# Version: 0.29
 
 """The Versioneer - like a rocketeer, but for versions.
 
@@ -7,18 +7,14 @@
 ==============
 
 * like a rocketeer, but for versions!
-* https://github.com/warner/python-versioneer
+* https://github.com/python-versioneer/python-versioneer
 * Brian Warner
-* License: Public Domain
-* Compatible With: python2.6, 2.7, 3.2, 3.3, 3.4, 3.5, 3.6, and pypy
-* [![Latest Version]
-(https://pypip.in/version/versioneer/badge.svg?style=flat)
-](https://pypi.python.org/pypi/versioneer/)
-* [![Build Status]
-(https://travis-ci.org/warner/python-versioneer.png?branch=master)
-](https://travis-ci.org/warner/python-versioneer)
-
-This is a tool for managing a recorded version number in distutils-based
+* License: Public Domain (Unlicense)
+* Compatible with: Python 3.7, 3.8, 3.9, 3.10, 3.11 and pypy3
+* [![Latest Version][pypi-image]][pypi-url]
+* [![Build Status][travis-image]][travis-url]
+
+This is a tool for managing a recorded version number in setuptools-based
 python projects. The goal is to remove the tedious and error-prone "update
 the embedded version string" step from your release process. Making a new
 release should be as easy as recording a new tag in your version-control
@@ -27,9 +23,38 @@
 
 ## Quick Install
 
-* `pip install versioneer` to somewhere to your $PATH
-* add a `[versioneer]` section to your setup.cfg (see below)
-* run `versioneer install` in your source tree, commit the results
+Versioneer provides two installation modes. The "classic" vendored mode installs
+a copy of versioneer into your repository. The experimental build-time dependency mode
+is intended to allow you to skip this step and simplify the process of upgrading.
+
+### Vendored mode
+
+* `pip install versioneer` to somewhere in your $PATH
+   * A [conda-forge recipe](https://github.com/conda-forge/versioneer-feedstock) is
+     available, so you can also use `conda install -c conda-forge versioneer`
+* add a `[tool.versioneer]` section to your `pyproject.toml` or a
+  `[versioneer]` section to your `setup.cfg` (see [Install](INSTALL.md))
+   * Note that you will need to add `tomli; python_version < "3.11"` to your
+     build-time dependencies if you use `pyproject.toml`
+* run `versioneer install --vendor` in your source tree, commit the results
+* verify version information with `python setup.py version`
+
+### Build-time dependency mode
+
+* `pip install versioneer` to somewhere in your $PATH
+   * A [conda-forge recipe](https://github.com/conda-forge/versioneer-feedstock) is
+     available, so you can also use `conda install -c conda-forge versioneer`
+* add a `[tool.versioneer]` section to your `pyproject.toml` or a
+  `[versioneer]` section to your `setup.cfg` (see [Install](INSTALL.md))
+* add `versioneer` (with `[toml]` extra, if configuring in `pyproject.toml`)
+  to the `requires` key of the `build-system` table in `pyproject.toml`:
+  ```toml
+  [build-system]
+  requires = ["setuptools", "versioneer[toml]"]
+  build-backend = "setuptools.build_meta"
+  ```
+* run `versioneer install --no-vendor` in your source tree, commit the results
+* verify version information with `python setup.py version`
 
 ## Version Identifiers
 
@@ -61,7 +86,7 @@
 for example `git describe --tags --dirty --always` reports things like
 "0.7-1-g574ab98-dirty" to indicate that the checkout is one revision past the
 0.7 tag, has a unique revision id of "574ab98", and is "dirty" (it has
-uncommitted changes.
+uncommitted changes).
 
 The version identifier is used for multiple purposes:
 
@@ -166,7 +191,7 @@
 
 Some situations are known to cause problems for Versioneer. This details the
 most significant ones. More can be found on Github
-[issues page](https://github.com/warner/python-versioneer/issues).
+[issues page](https://github.com/python-versioneer/python-versioneer/issues).
 
 ### Subprojects
 
@@ -180,7 +205,7 @@
   `setup.cfg`, and `tox.ini`. Projects like these produce multiple PyPI
   distributions (and upload multiple independently-installable tarballs).
 * Source trees whose main purpose is to contain a C library, but which also
-  provide bindings to Python (and perhaps other langauges) in subdirectories.
+  provide bindings to Python (and perhaps other languages) in subdirectories.
 
 Versioneer will look for `.git` in parent directories, and most operations
 should get the right version string. However `pip` and `setuptools` have bugs
@@ -194,9 +219,9 @@
 Pip-8.1.1 is known to have this problem, but hopefully it will get fixed in
 some later version.
 
-[Bug #38](https://github.com/warner/python-versioneer/issues/38) is tracking
+[Bug #38](https://github.com/python-versioneer/python-versioneer/issues/38) is tracking
 this issue. The discussion in
-[PR #61](https://github.com/warner/python-versioneer/pull/61) describes the
+[PR #61](https://github.com/python-versioneer/python-versioneer/pull/61) describes the
 issue from the Versioneer side in more detail.
 [pip PR#3176](https://github.com/pypa/pip/pull/3176) and
 [pip PR#3615](https://github.com/pypa/pip/pull/3615) contain work to improve
@@ -224,31 +249,20 @@
 cause egg_info to be rebuilt (including `sdist`, `wheel`, and installing into
 a different virtualenv), so this can be surprising.
 
-[Bug #83](https://github.com/warner/python-versioneer/issues/83) describes
+[Bug #83](https://github.com/python-versioneer/python-versioneer/issues/83) describes
 this one, but upgrading to a newer version of setuptools should probably
 resolve it.
 
-### Unicode version strings
-
-While Versioneer works (and is continually tested) with both Python 2 and
-Python 3, it is not entirely consistent with bytes-vs-unicode distinctions.
-Newer releases probably generate unicode version strings on py2. It's not
-clear that this is wrong, but it may be surprising for applications when then
-write these strings to a network connection or include them in bytes-oriented
-APIs like cryptographic checksums.
-
-[Bug #71](https://github.com/warner/python-versioneer/issues/71) investigates
-this question.
-
 
 ## Updating Versioneer
 
 To upgrade your project to a new release of Versioneer, do the following:
 
 * install the new Versioneer (`pip install -U versioneer` or equivalent)
-* edit `setup.cfg`, if necessary, to include any new configuration settings
-  indicated by the release notes. See [UPGRADING](./UPGRADING.md) for details.
-* re-run `versioneer install` in your source tree, to replace
+* edit `setup.cfg` and `pyproject.toml`, if necessary,
+  to include any new configuration settings indicated by the release notes.
+  See [UPGRADING](./UPGRADING.md) for details.
+* re-run `versioneer install --[no-]vendor` in your source tree, to replace
   `SRC/_version.py`
 * commit any changed files
 
@@ -265,35 +279,70 @@
 direction and include code from all supported VCS systems, reducing the
 number of intermediate scripts.
 
+## Similar projects
+
+* [setuptools_scm](https://github.com/pypa/setuptools_scm/) - a non-vendored build-time
+  dependency
+* [minver](https://github.com/jbweston/miniver) - a lightweight reimplementation of
+  versioneer
+* [versioningit](https://github.com/jwodder/versioningit) - a PEP 518-based setuptools
+  plugin
 
 ## License
 
 To make Versioneer easier to embed, all its code is dedicated to the public
 domain. The `_version.py` that it creates is also in the public domain.
-Specifically, both are released under the Creative Commons "Public Domain
-Dedication" license (CC0-1.0), as described in
-https://creativecommons.org/publicdomain/zero/1.0/ .
+Specifically, both are released under the "Unlicense", as described in
+https://unlicense.org/.
+
+[pypi-image]: https://img.shields.io/pypi/v/versioneer.svg
+[pypi-url]: https://pypi.python.org/pypi/versioneer/
+[travis-image]:
+https://img.shields.io/travis/com/python-versioneer/python-versioneer.svg
+[travis-url]: https://travis-ci.com/github/python-versioneer/python-versioneer
 
 """
+# pylint:disable=invalid-name,import-outside-toplevel,missing-function-docstring
+# pylint:disable=missing-class-docstring,too-many-branches,too-many-statements
+# pylint:disable=raise-missing-from,too-many-lines,too-many-locals,import-error
+# pylint:disable=too-few-public-methods,redefined-outer-name,consider-using-with
+# pylint:disable=attribute-defined-outside-init,too-many-arguments
 
-from __future__ import print_function
-try:
-    import configparser
-except ImportError:
-    import ConfigParser as configparser
+import configparser
 import errno
 import json
 import os
 import re
 import subprocess
 import sys
+from pathlib import Path
+from typing import Any, Callable, cast, Dict, List, Optional, Tuple, Union
+from typing import NoReturn
+import functools
+
+have_tomllib = True
+if sys.version_info >= (3, 11):
+    import tomllib
+else:
+    try:
+        import tomli as tomllib
+    except ImportError:
+        have_tomllib = False
 
 
 class VersioneerConfig:
     """Container for Versioneer configuration parameters."""
 
+    VCS: str
+    style: str
+    tag_prefix: str
+    versionfile_source: str
+    versionfile_build: Optional[str]
+    parentdir_prefix: Optional[str]
+    verbose: Optional[bool]
+
 
-def get_root():
+def get_root() -> str:
     """Get the project root directory.
 
     We require that all commands are run from the project root, i.e. the
@@ -301,13 +350,23 @@ def get_root():
     """
     root = os.path.realpath(os.path.abspath(os.getcwd()))
     setup_py = os.path.join(root, "setup.py")
+    pyproject_toml = os.path.join(root, "pyproject.toml")
     versioneer_py = os.path.join(root, "versioneer.py")
-    if not (os.path.exists(setup_py) or os.path.exists(versioneer_py)):
+    if not (
+        os.path.exists(setup_py)
+        or os.path.exists(pyproject_toml)
+        or os.path.exists(versioneer_py)
+    ):
         # allow 'python path/to/setup.py COMMAND'
         root = os.path.dirname(os.path.realpath(os.path.abspath(sys.argv[0])))
         setup_py = os.path.join(root, "setup.py")
+        pyproject_toml = os.path.join(root, "pyproject.toml")
         versioneer_py = os.path.join(root, "versioneer.py")
-    if not (os.path.exists(setup_py) or os.path.exists(versioneer_py)):
+    if not (
+        os.path.exists(setup_py)
+        or os.path.exists(pyproject_toml)
+        or os.path.exists(versioneer_py)
+    ):
         err = ("Versioneer was unable to run the project root directory. "
                "Versioneer requires setup.py to be executed from "
                "its immediate directory (like 'python setup.py COMMAND'), "
@@ -321,43 +380,62 @@ def get_root():
         # module-import table will cache the first one. So we can't use
         # os.path.dirname(__file__), as that will find whichever
         # versioneer.py was first imported, even in later projects.
-        me = os.path.realpath(os.path.abspath(__file__))
-        me_dir = os.path.normcase(os.path.splitext(me)[0])
+        my_path = os.path.realpath(os.path.abspath(__file__))
+        me_dir = os.path.normcase(os.path.splitext(my_path)[0])
         vsr_dir = os.path.normcase(os.path.splitext(versioneer_py)[0])
-        if me_dir != vsr_dir:
+        if me_dir != vsr_dir and "VERSIONEER_PEP518" not in globals():
             print("Warning: build in %s is using versioneer.py from %s"
-                  % (os.path.dirname(me), versioneer_py))
+                  % (os.path.dirname(my_path), versioneer_py))
     except NameError:
         pass
     return root
 
 
-def get_config_from_root(root):
+def get_config_from_root(root: str) -> VersioneerConfig:
     """Read the project setup.cfg file to determine Versioneer config."""
-    # This might raise EnvironmentError (if setup.cfg is missing), or
+    # This might raise OSError (if setup.cfg is missing), or
     # configparser.NoSectionError (if it lacks a [versioneer] section), or
     # configparser.NoOptionError (if it lacks "VCS="). See the docstring at
     # the top of versioneer.py for instructions on writing your setup.cfg .
-    setup_cfg = os.path.join(root, "setup.cfg")
-    parser = configparser.SafeConfigParser()
-    with open(setup_cfg, "r") as f:
-        parser.readfp(f)
-    VCS = parser.get("versioneer", "VCS")  # mandatory
-
-    def get(parser, name):
-        if parser.has_option("versioneer", name):
-            return parser.get("versioneer", name)
-        return None
+    root_pth = Path(root)
+    pyproject_toml = root_pth / "pyproject.toml"
+    setup_cfg = root_pth / "setup.cfg"
+    section: Union[Dict[str, Any], configparser.SectionProxy, None] = None
+    if pyproject_toml.exists() and have_tomllib:
+        try:
+            with open(pyproject_toml, 'rb') as fobj:
+                pp = tomllib.load(fobj)
+            section = pp['tool']['versioneer']
+        except (tomllib.TOMLDecodeError, KeyError) as e:
+            print(f"Failed to load config from {pyproject_toml}: {e}")
+            print("Try to load it from setup.cfg")
+    if not section:
+        parser = configparser.ConfigParser()
+        with open(setup_cfg) as cfg_file:
+            parser.read_file(cfg_file)
+        parser.get("versioneer", "VCS")  # raise error if missing
+
+        section = parser["versioneer"]
+
+    # `cast`` really shouldn't be used, but its simplest for the
+    # common VersioneerConfig users at the moment. We verify against
+    # `None` values elsewhere where it matters
+
     cfg = VersioneerConfig()
-    cfg.VCS = VCS
-    cfg.style = get(parser, "style") or ""
-    cfg.versionfile_source = get(parser, "versionfile_source")
-    cfg.versionfile_build = get(parser, "versionfile_build")
-    cfg.tag_prefix = get(parser, "tag_prefix")
-    if cfg.tag_prefix in ("''", '""'):
+    cfg.VCS = section['VCS']
+    cfg.style = section.get("style", "")
+    cfg.versionfile_source = cast(str, section.get("versionfile_source"))
+    cfg.versionfile_build = section.get("versionfile_build")
+    cfg.tag_prefix = cast(str, section.get("tag_prefix"))
+    if cfg.tag_prefix in ("''", '""', None):
         cfg.tag_prefix = ""
-    cfg.parentdir_prefix = get(parser, "parentdir_prefix")
-    cfg.verbose = get(parser, "verbose")
+    cfg.parentdir_prefix = section.get("parentdir_prefix")
+    if isinstance(section, configparser.SectionProxy):
+        # Make sure configparser translates to bool
+        cfg.verbose = section.getboolean("verbose")
+    else:
+        cfg.verbose = section.get("verbose")
+
     return cfg
 
 
@@ -366,37 +444,48 @@ class NotThisMethod(Exception):
 
 
 # these dictionaries contain VCS-specific tools
-LONG_VERSION_PY = {}
-HANDLERS = {}
+LONG_VERSION_PY: Dict[str, str] = {}
+HANDLERS: Dict[str, Dict[str, Callable]] = {}
 
 
-def register_vcs_handler(vcs, method):  # decorator
-    """Decorator to mark a method as the handler for a particular VCS."""
-    def decorate(f):
+def register_vcs_handler(vcs: str, method: str) -> Callable:  # decorator
+    """Create decorator to mark a method as the handler of a VCS."""
+    def decorate(f: Callable) -> Callable:
         """Store f in HANDLERS[vcs][method]."""
-        if vcs not in HANDLERS:
-            HANDLERS[vcs] = {}
-        HANDLERS[vcs][method] = f
+        HANDLERS.setdefault(vcs, {})[method] = f
         return f
     return decorate
 
 
-def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
-                env=None):
+def run_command(
+    commands: List[str],
+    args: List[str],
+    cwd: Optional[str] = None,
+    verbose: bool = False,
+    hide_stderr: bool = False,
+    env: Optional[Dict[str, str]] = None,
+) -> Tuple[Optional[str], Optional[int]]:
     """Call the given command(s)."""
     assert isinstance(commands, list)
-    p = None
-    for c in commands:
+    process = None
+
+    popen_kwargs: Dict[str, Any] = {}
+    if sys.platform == "win32":
+        # This hides the console window if pythonw.exe is used
+        startupinfo = subprocess.STARTUPINFO()
+        startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
+        popen_kwargs["startupinfo"] = startupinfo
+
+    for command in commands:
         try:
-            dispcmd = str([c] + args)
+            dispcmd = str([command] + args)
             # remember shell=False, so use git.cmd on windows, not just git
-            p = subprocess.Popen([c] + args, cwd=cwd, env=env,
-                                 stdout=subprocess.PIPE,
-                                 stderr=(subprocess.PIPE if hide_stderr
-                                         else None))
+            process = subprocess.Popen([command] + args, cwd=cwd, env=env,
+                                       stdout=subprocess.PIPE,
+                                       stderr=(subprocess.PIPE if hide_stderr
+                                               else None), **popen_kwargs)
             break
-        except EnvironmentError:
-            e = sys.exc_info()[1]
+        except OSError as e:
             if e.errno == errno.ENOENT:
                 continue
             if verbose:
@@ -407,26 +496,25 @@ def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
         if verbose:
             print("unable to find command, tried %s" % (commands,))
         return None, None
-    stdout = p.communicate()[0].strip()
-    if sys.version_info[0] >= 3:
-        stdout = stdout.decode()
-    if p.returncode != 0:
+    stdout = process.communicate()[0].strip().decode()
+    if process.returncode != 0:
         if verbose:
             print("unable to run %s (error)" % dispcmd)
             print("stdout was %s" % stdout)
-        return None, p.returncode
-    return stdout, p.returncode
+        return None, process.returncode
+    return stdout, process.returncode
 
 
-LONG_VERSION_PY['git'] = '''
+LONG_VERSION_PY['git'] = r'''
 # This file helps to compute a version number in source trees obtained from
 # git-archive tarball (such as those provided by githubs download-from-tag
 # feature). Distribution tarballs (built by setup.py sdist) and build
 # directories (produced by setup.py build) will contain a much shorter file
 # that just contains the computed version number.
 
-# This file is released into the public domain. Generated by
-# versioneer-0.18 (https://github.com/warner/python-versioneer)
+# This file is released into the public domain.
+# Generated by versioneer-0.29
+# https://github.com/python-versioneer/python-versioneer
 
 """Git implementation of _version.py."""
 
@@ -435,9 +523,11 @@ def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
 import re
 import subprocess
 import sys
+from typing import Any, Callable, Dict, List, Optional, Tuple
+import functools
 
 
-def get_keywords():
+def get_keywords() -> Dict[str, str]:
     """Get the keywords needed to look up the version information."""
     # these strings will be replaced by git during git-archive.
     # setup.py/versioneer.py will grep for the variable names, so they must
@@ -453,8 +543,15 @@ def get_keywords():
 class VersioneerConfig:
     """Container for Versioneer configuration parameters."""
 
+    VCS: str
+    style: str
+    tag_prefix: str
+    parentdir_prefix: str
+    versionfile_source: str
+    verbose: bool
+
 
-def get_config():
+def get_config() -> VersioneerConfig:
     """Create, populate and return the VersioneerConfig() object."""
     # these strings are filled in when 'setup.py versioneer' creates
     # _version.py
@@ -472,13 +569,13 @@ class NotThisMethod(Exception):
     """Exception raised if a method is not valid for the current scenario."""
 
 
-LONG_VERSION_PY = {}
-HANDLERS = {}
+LONG_VERSION_PY: Dict[str, str] = {}
+HANDLERS: Dict[str, Dict[str, Callable]] = {}
 
 
-def register_vcs_handler(vcs, method):  # decorator
-    """Decorator to mark a method as the handler for a particular VCS."""
-    def decorate(f):
+def register_vcs_handler(vcs: str, method: str) -> Callable:  # decorator
+    """Create decorator to mark a method as the handler of a VCS."""
+    def decorate(f: Callable) -> Callable:
         """Store f in HANDLERS[vcs][method]."""
         if vcs not in HANDLERS:
             HANDLERS[vcs] = {}
@@ -487,22 +584,35 @@ def decorate(f):
     return decorate
 
 
-def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
-                env=None):
+def run_command(
+    commands: List[str],
+    args: List[str],
+    cwd: Optional[str] = None,
+    verbose: bool = False,
+    hide_stderr: bool = False,
+    env: Optional[Dict[str, str]] = None,
+) -> Tuple[Optional[str], Optional[int]]:
     """Call the given command(s)."""
     assert isinstance(commands, list)
-    p = None
-    for c in commands:
+    process = None
+
+    popen_kwargs: Dict[str, Any] = {}
+    if sys.platform == "win32":
+        # This hides the console window if pythonw.exe is used
+        startupinfo = subprocess.STARTUPINFO()
+        startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
+        popen_kwargs["startupinfo"] = startupinfo
+
+    for command in commands:
         try:
-            dispcmd = str([c] + args)
+            dispcmd = str([command] + args)
             # remember shell=False, so use git.cmd on windows, not just git
-            p = subprocess.Popen([c] + args, cwd=cwd, env=env,
-                                 stdout=subprocess.PIPE,
-                                 stderr=(subprocess.PIPE if hide_stderr
-                                         else None))
+            process = subprocess.Popen([command] + args, cwd=cwd, env=env,
+                                       stdout=subprocess.PIPE,
+                                       stderr=(subprocess.PIPE if hide_stderr
+                                               else None), **popen_kwargs)
             break
-        except EnvironmentError:
-            e = sys.exc_info()[1]
+        except OSError as e:
             if e.errno == errno.ENOENT:
                 continue
             if verbose:
@@ -513,18 +623,20 @@ def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False,
         if verbose:
             print("unable to find command, tried %%s" %% (commands,))
         return None, None
-    stdout = p.communicate()[0].strip()
-    if sys.version_info[0] >= 3:
-        stdout = stdout.decode()
-    if p.returncode != 0:
+    stdout = process.communicate()[0].strip().decode()
+    if process.returncode != 0:
         if verbose:
             print("unable to run %%s (error)" %% dispcmd)
             print("stdout was %%s" %% stdout)
-        return None, p.returncode
-    return stdout, p.returncode
+        return None, process.returncode
+    return stdout, process.returncode
 
 
-def versions_from_parentdir(parentdir_prefix, root, verbose):
+def versions_from_parentdir(
+    parentdir_prefix: str,
+    root: str,
+    verbose: bool,
+) -> Dict[str, Any]:
     """Try to determine the version from the parent directory name.
 
     Source tarballs conventionally unpack into a directory that includes both
@@ -533,15 +645,14 @@ def versions_from_parentdir(parentdir_prefix, root, verbose):
     """
     rootdirs = []
 
-    for i in range(3):
+    for _ in range(3):
         dirname = os.path.basename(root)
         if dirname.startswith(parentdir_prefix):
             return {"version": dirname[len(parentdir_prefix):],
                     "full-revisionid": None,
                     "dirty": False, "error": None, "date": None}
-        else:
-            rootdirs.append(root)
-            root = os.path.dirname(root)  # up a level
+        rootdirs.append(root)
+        root = os.path.dirname(root)  # up a level
 
     if verbose:
         print("Tried directories %%s but none started with prefix %%s" %%
@@ -550,41 +661,48 @@ def versions_from_parentdir(parentdir_prefix, root, verbose):
 
 
 @register_vcs_handler("git", "get_keywords")
-def git_get_keywords(versionfile_abs):
+def git_get_keywords(versionfile_abs: str) -> Dict[str, str]:
     """Extract version information from the given file."""
     # the code embedded in _version.py can just fetch the value of these
     # keywords. When used from setup.py, we don't want to import _version.py,
     # so we do it with a regexp instead. This function is not used from
     # _version.py.
-    keywords = {}
+    keywords: Dict[str, str] = {}
     try:
-        f = open(versionfile_abs, "r")
-        for line in f.readlines():
-            if line.strip().startswith("git_refnames ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["refnames"] = mo.group(1)
-            if line.strip().startswith("git_full ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["full"] = mo.group(1)
-            if line.strip().startswith("git_date ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["date"] = mo.group(1)
-        f.close()
-    except EnvironmentError:
+        with open(versionfile_abs, "r") as fobj:
+            for line in fobj:
+                if line.strip().startswith("git_refnames ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["refnames"] = mo.group(1)
+                if line.strip().startswith("git_full ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["full"] = mo.group(1)
+                if line.strip().startswith("git_date ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["date"] = mo.group(1)
+    except OSError:
         pass
     return keywords
 
 
 @register_vcs_handler("git", "keywords")
-def git_versions_from_keywords(keywords, tag_prefix, verbose):
+def git_versions_from_keywords(
+    keywords: Dict[str, str],
+    tag_prefix: str,
+    verbose: bool,
+) -> Dict[str, Any]:
     """Get version information from git keywords."""
-    if not keywords:
-        raise NotThisMethod("no keywords at all, weird")
+    if "refnames" not in keywords:
+        raise NotThisMethod("Short version file found")
     date = keywords.get("date")
     if date is not None:
+        # Use only the last line.  Previous lines may contain GPG signature
+        # information.
+        date = date.splitlines()[-1]
+
         # git-2.2.0 added "%%cI", which expands to an ISO-8601 -compliant
         # datestamp. However we prefer "%%ci" (which expands to an "ISO-8601
         # -like" string, which we must then edit to make compliant), because
@@ -597,11 +715,11 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         if verbose:
             print("keywords are unexpanded, not using")
         raise NotThisMethod("unexpanded keywords, not a git-archive tarball")
-    refs = set([r.strip() for r in refnames.strip("()").split(",")])
+    refs = {r.strip() for r in refnames.strip("()").split(",")}
     # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of
     # just "foo-1.0". If we see a "tag: " prefix, prefer those.
     TAG = "tag: "
-    tags = set([r[len(TAG):] for r in refs if r.startswith(TAG)])
+    tags = {r[len(TAG):] for r in refs if r.startswith(TAG)}
     if not tags:
         # Either we're using git < 1.8.3, or there really are no tags. We use
         # a heuristic: assume all version tags have a digit. The old git %%d
@@ -610,7 +728,7 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         # between branches and tags. By ignoring refnames without digits, we
         # filter out many common branch names like "release" and
         # "stabilization", as well as "HEAD" and "master".
-        tags = set([r for r in refs if re.search(r'\d', r)])
+        tags = {r for r in refs if re.search(r'\d', r)}
         if verbose:
             print("discarding '%%s', no digits" %% ",".join(refs - tags))
     if verbose:
@@ -619,6 +737,11 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         # sorting will prefer e.g. "2.0" over "2.0rc1"
         if ref.startswith(tag_prefix):
             r = ref[len(tag_prefix):]
+            # Filter out refs that exactly match prefix or that don't start
+            # with a number once the prefix is stripped (mostly a concern
+            # when prefix is '')
+            if not re.match(r'\d', r):
+                continue
             if verbose:
                 print("picking %%s" %% r)
             return {"version": r,
@@ -634,7 +757,12 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
 
 
 @register_vcs_handler("git", "pieces_from_vcs")
-def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
+def git_pieces_from_vcs(
+    tag_prefix: str,
+    root: str,
+    verbose: bool,
+    runner: Callable = run_command
+) -> Dict[str, Any]:
     """Get version from 'git describe' in the root of the source tree.
 
     This only gets called if the git-archive 'subst' keywords were *not*
@@ -645,8 +773,15 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
     if sys.platform == "win32":
         GITS = ["git.cmd", "git.exe"]
 
-    out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root,
-                          hide_stderr=True)
+    # GIT_DIR can interfere with correct operation of Versioneer.
+    # It may be intended to be passed to the Versioneer-versioned project,
+    # but that should not change where we get our version from.
+    env = os.environ.copy()
+    env.pop("GIT_DIR", None)
+    runner = functools.partial(runner, env=env)
+
+    _, rc = runner(GITS, ["rev-parse", "--git-dir"], cwd=root,
+                   hide_stderr=not verbose)
     if rc != 0:
         if verbose:
             print("Directory %%s not under git control" %% root)
@@ -654,24 +789,57 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
 
     # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty]
     # if there isn't one, this yields HEX[-dirty] (no NUM)
-    describe_out, rc = run_command(GITS, ["describe", "--tags", "--dirty",
-                                          "--always", "--long",
-                                          "--match", "%%s*" %% tag_prefix],
-                                   cwd=root)
+    describe_out, rc = runner(GITS, [
+        "describe", "--tags", "--dirty", "--always", "--long",
+        "--match", f"{tag_prefix}[[:digit:]]*"
+    ], cwd=root)
     # --long was added in git-1.5.5
     if describe_out is None:
         raise NotThisMethod("'git describe' failed")
     describe_out = describe_out.strip()
-    full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root)
+    full_out, rc = runner(GITS, ["rev-parse", "HEAD"], cwd=root)
     if full_out is None:
         raise NotThisMethod("'git rev-parse' failed")
     full_out = full_out.strip()
 
-    pieces = {}
+    pieces: Dict[str, Any] = {}
     pieces["long"] = full_out
     pieces["short"] = full_out[:7]  # maybe improved later
     pieces["error"] = None
 
+    branch_name, rc = runner(GITS, ["rev-parse", "--abbrev-ref", "HEAD"],
+                             cwd=root)
+    # --abbrev-ref was added in git-1.6.3
+    if rc != 0 or branch_name is None:
+        raise NotThisMethod("'git rev-parse --abbrev-ref' returned error")
+    branch_name = branch_name.strip()
+
+    if branch_name == "HEAD":
+        # If we aren't exactly on a branch, pick a branch which represents
+        # the current commit. If all else fails, we are on a branchless
+        # commit.
+        branches, rc = runner(GITS, ["branch", "--contains"], cwd=root)
+        # --contains was added in git-1.5.4
+        if rc != 0 or branches is None:
+            raise NotThisMethod("'git branch --contains' returned error")
+        branches = branches.split("\n")
+
+        # Remove the first line if we're running detached
+        if "(" in branches[0]:
+            branches.pop(0)
+
+        # Strip off the leading "* " from the list of branches.
+        branches = [branch[2:] for branch in branches]
+        if "master" in branches:
+            branch_name = "master"
+        elif not branches:
+            branch_name = None
+        else:
+            # Pick the first branch that is returned. Good or bad.
+            branch_name = branches[0]
+
+    pieces["branch"] = branch_name
+
     # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty]
     # TAG might have hyphens.
     git_describe = describe_out
@@ -688,7 +856,7 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
         # TAG-NUM-gHEX
         mo = re.search(r'^(.+)-(\d+)-g([0-9a-f]+)$', git_describe)
         if not mo:
-            # unparseable. Maybe git-describe is misbehaving?
+            # unparsable. Maybe git-describe is misbehaving?
             pieces["error"] = ("unable to parse git-describe output: '%%s'"
                                %% describe_out)
             return pieces
@@ -713,26 +881,27 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
     else:
         # HEX: no tags
         pieces["closest-tag"] = None
-        count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"],
-                                    cwd=root)
-        pieces["distance"] = int(count_out)  # total number of commits
+        out, rc = runner(GITS, ["rev-list", "HEAD", "--left-right"], cwd=root)
+        pieces["distance"] = len(out.split())  # total number of commits
 
     # commit date: see ISO-8601 comment in git_versions_from_keywords()
-    date = run_command(GITS, ["show", "-s", "--format=%%ci", "HEAD"],
-                       cwd=root)[0].strip()
+    date = runner(GITS, ["show", "-s", "--format=%%ci", "HEAD"], cwd=root)[0].strip()
+    # Use only the last line.  Previous lines may contain GPG signature
+    # information.
+    date = date.splitlines()[-1]
     pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
 
     return pieces
 
 
-def plus_or_dot(pieces):
+def plus_or_dot(pieces: Dict[str, Any]) -> str:
     """Return a + if we don't already have one, else return a ."""
     if "+" in pieces.get("closest-tag", ""):
         return "."
     return "+"
 
 
-def render_pep440(pieces):
+def render_pep440(pieces: Dict[str, Any]) -> str:
     """Build up version string, with post-release "local version identifier".
 
     Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you
@@ -757,23 +926,71 @@ def render_pep440(pieces):
     return rendered
 
 
-def render_pep440_pre(pieces):
-    """TAG[.post.devDISTANCE] -- No -dirty.
+def render_pep440_branch(pieces: Dict[str, Any]) -> str:
+    """TAG[[.dev0]+DISTANCE.gHEX[.dirty]] .
+
+    The ".dev0" means not master branch. Note that .dev0 sorts backwards
+    (a feature branch will appear "older" than the master branch).
 
     Exceptions:
-    1: no tags. 0.post.devDISTANCE
+    1: no tags. 0[.dev0]+untagged.DISTANCE.gHEX[.dirty]
     """
     if pieces["closest-tag"]:
         rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            if pieces["branch"] != "master":
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "%%d.g%%s" %% (pieces["distance"], pieces["short"])
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0"
+        if pieces["branch"] != "master":
+            rendered += ".dev0"
+        rendered += "+untagged.%%d.g%%s" %% (pieces["distance"],
+                                          pieces["short"])
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def pep440_split_post(ver: str) -> Tuple[str, Optional[int]]:
+    """Split pep440 version string at the post-release segment.
+
+    Returns the release segments before the post-release and the
+    post-release version number (or -1 if no post-release segment is present).
+    """
+    vc = str.split(ver, ".post")
+    return vc[0], int(vc[1] or 0) if len(vc) == 2 else None
+
+
+def render_pep440_pre(pieces: Dict[str, Any]) -> str:
+    """TAG[.postN.devDISTANCE] -- No -dirty.
+
+    Exceptions:
+    1: no tags. 0.post0.devDISTANCE
+    """
+    if pieces["closest-tag"]:
         if pieces["distance"]:
-            rendered += ".post.dev%%d" %% pieces["distance"]
+            # update the post release segment
+            tag_version, post_version = pep440_split_post(pieces["closest-tag"])
+            rendered = tag_version
+            if post_version is not None:
+                rendered += ".post%%d.dev%%d" %% (post_version + 1, pieces["distance"])
+            else:
+                rendered += ".post0.dev%%d" %% (pieces["distance"])
+        else:
+            # no commits, use the tag as the version
+            rendered = pieces["closest-tag"]
     else:
         # exception #1
-        rendered = "0.post.dev%%d" %% pieces["distance"]
+        rendered = "0.post0.dev%%d" %% pieces["distance"]
     return rendered
 
 
-def render_pep440_post(pieces):
+def render_pep440_post(pieces: Dict[str, Any]) -> str:
     """TAG[.postDISTANCE[.dev0]+gHEX] .
 
     The ".dev0" means dirty. Note that .dev0 sorts backwards
@@ -800,12 +1017,41 @@ def render_pep440_post(pieces):
     return rendered
 
 
-def render_pep440_old(pieces):
+def render_pep440_post_branch(pieces: Dict[str, Any]) -> str:
+    """TAG[.postDISTANCE[.dev0]+gHEX[.dirty]] .
+
+    The ".dev0" means not master branch.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]+gHEX[.dirty]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%%d" %% pieces["distance"]
+            if pieces["branch"] != "master":
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "g%%s" %% pieces["short"]
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0.post%%d" %% pieces["distance"]
+        if pieces["branch"] != "master":
+            rendered += ".dev0"
+        rendered += "+g%%s" %% pieces["short"]
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def render_pep440_old(pieces: Dict[str, Any]) -> str:
     """TAG[.postDISTANCE[.dev0]] .
 
     The ".dev0" means dirty.
 
-    Eexceptions:
+    Exceptions:
     1: no tags. 0.postDISTANCE[.dev0]
     """
     if pieces["closest-tag"]:
@@ -822,7 +1068,7 @@ def render_pep440_old(pieces):
     return rendered
 
 
-def render_git_describe(pieces):
+def render_git_describe(pieces: Dict[str, Any]) -> str:
     """TAG[-DISTANCE-gHEX][-dirty].
 
     Like 'git describe --tags --dirty --always'.
@@ -842,7 +1088,7 @@ def render_git_describe(pieces):
     return rendered
 
 
-def render_git_describe_long(pieces):
+def render_git_describe_long(pieces: Dict[str, Any]) -> str:
     """TAG-DISTANCE-gHEX[-dirty].
 
     Like 'git describe --tags --dirty --always -long'.
@@ -862,7 +1108,7 @@ def render_git_describe_long(pieces):
     return rendered
 
 
-def render(pieces, style):
+def render(pieces: Dict[str, Any], style: str) -> Dict[str, Any]:
     """Render the given version pieces into the requested style."""
     if pieces["error"]:
         return {"version": "unknown",
@@ -876,10 +1122,14 @@ def render(pieces, style):
 
     if style == "pep440":
         rendered = render_pep440(pieces)
+    elif style == "pep440-branch":
+        rendered = render_pep440_branch(pieces)
     elif style == "pep440-pre":
         rendered = render_pep440_pre(pieces)
     elif style == "pep440-post":
         rendered = render_pep440_post(pieces)
+    elif style == "pep440-post-branch":
+        rendered = render_pep440_post_branch(pieces)
     elif style == "pep440-old":
         rendered = render_pep440_old(pieces)
     elif style == "git-describe":
@@ -894,7 +1144,7 @@ def render(pieces, style):
             "date": pieces.get("date")}
 
 
-def get_versions():
+def get_versions() -> Dict[str, Any]:
     """Get version information or return default if unable to do so."""
     # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have
     # __file__, we can work backwards from there to the root. Some
@@ -915,7 +1165,7 @@ def get_versions():
         # versionfile_source is the relative path from the top of the source
         # tree (where the .git directory might live) to this file. Invert
         # this to find the root from __file__.
-        for i in cfg.versionfile_source.split('/'):
+        for _ in cfg.versionfile_source.split('/'):
             root = os.path.dirname(root)
     except NameError:
         return {"version": "0+unknown", "full-revisionid": None,
@@ -942,41 +1192,48 @@ def get_versions():
 
 
 @register_vcs_handler("git", "get_keywords")
-def git_get_keywords(versionfile_abs):
+def git_get_keywords(versionfile_abs: str) -> Dict[str, str]:
     """Extract version information from the given file."""
     # the code embedded in _version.py can just fetch the value of these
     # keywords. When used from setup.py, we don't want to import _version.py,
     # so we do it with a regexp instead. This function is not used from
     # _version.py.
-    keywords = {}
+    keywords: Dict[str, str] = {}
     try:
-        f = open(versionfile_abs, "r")
-        for line in f.readlines():
-            if line.strip().startswith("git_refnames ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["refnames"] = mo.group(1)
-            if line.strip().startswith("git_full ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["full"] = mo.group(1)
-            if line.strip().startswith("git_date ="):
-                mo = re.search(r'=\s*"(.*)"', line)
-                if mo:
-                    keywords["date"] = mo.group(1)
-        f.close()
-    except EnvironmentError:
+        with open(versionfile_abs, "r") as fobj:
+            for line in fobj:
+                if line.strip().startswith("git_refnames ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["refnames"] = mo.group(1)
+                if line.strip().startswith("git_full ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["full"] = mo.group(1)
+                if line.strip().startswith("git_date ="):
+                    mo = re.search(r'=\s*"(.*)"', line)
+                    if mo:
+                        keywords["date"] = mo.group(1)
+    except OSError:
         pass
     return keywords
 
 
 @register_vcs_handler("git", "keywords")
-def git_versions_from_keywords(keywords, tag_prefix, verbose):
+def git_versions_from_keywords(
+    keywords: Dict[str, str],
+    tag_prefix: str,
+    verbose: bool,
+) -> Dict[str, Any]:
     """Get version information from git keywords."""
-    if not keywords:
-        raise NotThisMethod("no keywords at all, weird")
+    if "refnames" not in keywords:
+        raise NotThisMethod("Short version file found")
     date = keywords.get("date")
     if date is not None:
+        # Use only the last line.  Previous lines may contain GPG signature
+        # information.
+        date = date.splitlines()[-1]
+
         # git-2.2.0 added "%cI", which expands to an ISO-8601 -compliant
         # datestamp. However we prefer "%ci" (which expands to an "ISO-8601
         # -like" string, which we must then edit to make compliant), because
@@ -989,11 +1246,11 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         if verbose:
             print("keywords are unexpanded, not using")
         raise NotThisMethod("unexpanded keywords, not a git-archive tarball")
-    refs = set([r.strip() for r in refnames.strip("()").split(",")])
+    refs = {r.strip() for r in refnames.strip("()").split(",")}
     # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of
     # just "foo-1.0". If we see a "tag: " prefix, prefer those.
     TAG = "tag: "
-    tags = set([r[len(TAG):] for r in refs if r.startswith(TAG)])
+    tags = {r[len(TAG):] for r in refs if r.startswith(TAG)}
     if not tags:
         # Either we're using git < 1.8.3, or there really are no tags. We use
         # a heuristic: assume all version tags have a digit. The old git %d
@@ -1002,7 +1259,7 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         # between branches and tags. By ignoring refnames without digits, we
         # filter out many common branch names like "release" and
         # "stabilization", as well as "HEAD" and "master".
-        tags = set([r for r in refs if re.search(r'\d', r)])
+        tags = {r for r in refs if re.search(r'\d', r)}
         if verbose:
             print("discarding '%s', no digits" % ",".join(refs - tags))
     if verbose:
@@ -1011,6 +1268,11 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
         # sorting will prefer e.g. "2.0" over "2.0rc1"
         if ref.startswith(tag_prefix):
             r = ref[len(tag_prefix):]
+            # Filter out refs that exactly match prefix or that don't start
+            # with a number once the prefix is stripped (mostly a concern
+            # when prefix is '')
+            if not re.match(r'\d', r):
+                continue
             if verbose:
                 print("picking %s" % r)
             return {"version": r,
@@ -1026,7 +1288,12 @@ def git_versions_from_keywords(keywords, tag_prefix, verbose):
 
 
 @register_vcs_handler("git", "pieces_from_vcs")
-def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
+def git_pieces_from_vcs(
+    tag_prefix: str,
+    root: str,
+    verbose: bool,
+    runner: Callable = run_command
+) -> Dict[str, Any]:
     """Get version from 'git describe' in the root of the source tree.
 
     This only gets called if the git-archive 'subst' keywords were *not*
@@ -1037,8 +1304,15 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
     if sys.platform == "win32":
         GITS = ["git.cmd", "git.exe"]
 
-    out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root,
-                          hide_stderr=True)
+    # GIT_DIR can interfere with correct operation of Versioneer.
+    # It may be intended to be passed to the Versioneer-versioned project,
+    # but that should not change where we get our version from.
+    env = os.environ.copy()
+    env.pop("GIT_DIR", None)
+    runner = functools.partial(runner, env=env)
+
+    _, rc = runner(GITS, ["rev-parse", "--git-dir"], cwd=root,
+                   hide_stderr=not verbose)
     if rc != 0:
         if verbose:
             print("Directory %s not under git control" % root)
@@ -1046,24 +1320,57 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
 
     # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty]
     # if there isn't one, this yields HEX[-dirty] (no NUM)
-    describe_out, rc = run_command(GITS, ["describe", "--tags", "--dirty",
-                                          "--always", "--long",
-                                          "--match", "%s*" % tag_prefix],
-                                   cwd=root)
+    describe_out, rc = runner(GITS, [
+        "describe", "--tags", "--dirty", "--always", "--long",
+        "--match", f"{tag_prefix}[[:digit:]]*"
+    ], cwd=root)
     # --long was added in git-1.5.5
     if describe_out is None:
         raise NotThisMethod("'git describe' failed")
     describe_out = describe_out.strip()
-    full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root)
+    full_out, rc = runner(GITS, ["rev-parse", "HEAD"], cwd=root)
     if full_out is None:
         raise NotThisMethod("'git rev-parse' failed")
     full_out = full_out.strip()
 
-    pieces = {}
+    pieces: Dict[str, Any] = {}
     pieces["long"] = full_out
     pieces["short"] = full_out[:7]  # maybe improved later
     pieces["error"] = None
 
+    branch_name, rc = runner(GITS, ["rev-parse", "--abbrev-ref", "HEAD"],
+                             cwd=root)
+    # --abbrev-ref was added in git-1.6.3
+    if rc != 0 or branch_name is None:
+        raise NotThisMethod("'git rev-parse --abbrev-ref' returned error")
+    branch_name = branch_name.strip()
+
+    if branch_name == "HEAD":
+        # If we aren't exactly on a branch, pick a branch which represents
+        # the current commit. If all else fails, we are on a branchless
+        # commit.
+        branches, rc = runner(GITS, ["branch", "--contains"], cwd=root)
+        # --contains was added in git-1.5.4
+        if rc != 0 or branches is None:
+            raise NotThisMethod("'git branch --contains' returned error")
+        branches = branches.split("\n")
+
+        # Remove the first line if we're running detached
+        if "(" in branches[0]:
+            branches.pop(0)
+
+        # Strip off the leading "* " from the list of branches.
+        branches = [branch[2:] for branch in branches]
+        if "master" in branches:
+            branch_name = "master"
+        elif not branches:
+            branch_name = None
+        else:
+            # Pick the first branch that is returned. Good or bad.
+            branch_name = branches[0]
+
+    pieces["branch"] = branch_name
+
     # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty]
     # TAG might have hyphens.
     git_describe = describe_out
@@ -1080,7 +1387,7 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
         # TAG-NUM-gHEX
         mo = re.search(r'^(.+)-(\d+)-g([0-9a-f]+)$', git_describe)
         if not mo:
-            # unparseable. Maybe git-describe is misbehaving?
+            # unparsable. Maybe git-describe is misbehaving?
             pieces["error"] = ("unable to parse git-describe output: '%s'"
                                % describe_out)
             return pieces
@@ -1105,19 +1412,20 @@ def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command):
     else:
         # HEX: no tags
         pieces["closest-tag"] = None
-        count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"],
-                                    cwd=root)
-        pieces["distance"] = int(count_out)  # total number of commits
+        out, rc = runner(GITS, ["rev-list", "HEAD", "--left-right"], cwd=root)
+        pieces["distance"] = len(out.split())  # total number of commits
 
     # commit date: see ISO-8601 comment in git_versions_from_keywords()
-    date = run_command(GITS, ["show", "-s", "--format=%ci", "HEAD"],
-                       cwd=root)[0].strip()
+    date = runner(GITS, ["show", "-s", "--format=%ci", "HEAD"], cwd=root)[0].strip()
+    # Use only the last line.  Previous lines may contain GPG signature
+    # information.
+    date = date.splitlines()[-1]
     pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1)
 
     return pieces
 
 
-def do_vcs_install(manifest_in, versionfile_source, ipy):
+def do_vcs_install(versionfile_source: str, ipy: Optional[str]) -> None:
     """Git-specific installation logic for Versioneer.
 
     For Git, this means creating/changing .gitattributes to mark _version.py
@@ -1126,36 +1434,40 @@ def do_vcs_install(manifest_in, versionfile_source, ipy):
     GITS = ["git"]
     if sys.platform == "win32":
         GITS = ["git.cmd", "git.exe"]
-    files = [manifest_in, versionfile_source]
+    files = [versionfile_source]
     if ipy:
         files.append(ipy)
-    try:
-        me = __file__
-        if me.endswith(".pyc") or me.endswith(".pyo"):
-            me = os.path.splitext(me)[0] + ".py"
-        versioneer_file = os.path.relpath(me)
-    except NameError:
-        versioneer_file = "versioneer.py"
-    files.append(versioneer_file)
+    if "VERSIONEER_PEP518" not in globals():
+        try:
+            my_path = __file__
+            if my_path.endswith((".pyc", ".pyo")):
+                my_path = os.path.splitext(my_path)[0] + ".py"
+            versioneer_file = os.path.relpath(my_path)
+        except NameError:
+            versioneer_file = "versioneer.py"
+        files.append(versioneer_file)
     present = False
     try:
-        f = open(".gitattributes", "r")
-        for line in f.readlines():
-            if line.strip().startswith(versionfile_source):
-                if "export-subst" in line.strip().split()[1:]:
-                    present = True
-        f.close()
-    except EnvironmentError:
+        with open(".gitattributes", "r") as fobj:
+            for line in fobj:
+                if line.strip().startswith(versionfile_source):
+                    if "export-subst" in line.strip().split()[1:]:
+                        present = True
+                        break
+    except OSError:
         pass
     if not present:
-        f = open(".gitattributes", "a+")
-        f.write("%s export-subst\n" % versionfile_source)
-        f.close()
+        with open(".gitattributes", "a+") as fobj:
+            fobj.write(f"{versionfile_source} export-subst\n")
         files.append(".gitattributes")
     run_command(GITS, ["add", "--"] + files)
 
 
-def versions_from_parentdir(parentdir_prefix, root, verbose):
+def versions_from_parentdir(
+    parentdir_prefix: str,
+    root: str,
+    verbose: bool,
+) -> Dict[str, Any]:
     """Try to determine the version from the parent directory name.
 
     Source tarballs conventionally unpack into a directory that includes both
@@ -1164,15 +1476,14 @@ def versions_from_parentdir(parentdir_prefix, root, verbose):
     """
     rootdirs = []
 
-    for i in range(3):
+    for _ in range(3):
         dirname = os.path.basename(root)
         if dirname.startswith(parentdir_prefix):
             return {"version": dirname[len(parentdir_prefix):],
                     "full-revisionid": None,
                     "dirty": False, "error": None, "date": None}
-        else:
-            rootdirs.append(root)
-            root = os.path.dirname(root)  # up a level
+        rootdirs.append(root)
+        root = os.path.dirname(root)  # up a level
 
     if verbose:
         print("Tried directories %s but none started with prefix %s" %
@@ -1181,7 +1492,7 @@ def versions_from_parentdir(parentdir_prefix, root, verbose):
 
 
 SHORT_VERSION_PY = """
-# This file was generated by 'versioneer.py' (0.18) from
+# This file was generated by 'versioneer.py' (0.29) from
 # revision-control system data, or from the parent directory name of an
 # unpacked source archive. Distribution tarballs contain a pre-generated copy
 # of this file.
@@ -1198,12 +1509,12 @@ def get_versions():
 """
 
 
-def versions_from_file(filename):
+def versions_from_file(filename: str) -> Dict[str, Any]:
     """Try to determine the version from _version.py if present."""
     try:
         with open(filename) as f:
             contents = f.read()
-    except EnvironmentError:
+    except OSError:
         raise NotThisMethod("unable to read _version.py")
     mo = re.search(r"version_json = '''\n(.*)'''  # END VERSION_JSON",
                    contents, re.M | re.S)
@@ -1215,9 +1526,8 @@ def versions_from_file(filename):
     return json.loads(mo.group(1))
 
 
-def write_to_version_file(filename, versions):
+def write_to_version_file(filename: str, versions: Dict[str, Any]) -> None:
     """Write the given version number to the given _version.py file."""
-    os.unlink(filename)
     contents = json.dumps(versions, sort_keys=True,
                           indent=1, separators=(",", ": "))
     with open(filename, "w") as f:
@@ -1226,14 +1536,14 @@ def write_to_version_file(filename, versions):
     print("set %s to '%s'" % (filename, versions["version"]))
 
 
-def plus_or_dot(pieces):
+def plus_or_dot(pieces: Dict[str, Any]) -> str:
     """Return a + if we don't already have one, else return a ."""
     if "+" in pieces.get("closest-tag", ""):
         return "."
     return "+"
 
 
-def render_pep440(pieces):
+def render_pep440(pieces: Dict[str, Any]) -> str:
     """Build up version string, with post-release "local version identifier".
 
     Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you
@@ -1258,23 +1568,71 @@ def render_pep440(pieces):
     return rendered
 
 
-def render_pep440_pre(pieces):
-    """TAG[.post.devDISTANCE] -- No -dirty.
+def render_pep440_branch(pieces: Dict[str, Any]) -> str:
+    """TAG[[.dev0]+DISTANCE.gHEX[.dirty]] .
+
+    The ".dev0" means not master branch. Note that .dev0 sorts backwards
+    (a feature branch will appear "older" than the master branch).
 
     Exceptions:
-    1: no tags. 0.post.devDISTANCE
+    1: no tags. 0[.dev0]+untagged.DISTANCE.gHEX[.dirty]
     """
     if pieces["closest-tag"]:
         rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            if pieces["branch"] != "master":
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "%d.g%s" % (pieces["distance"], pieces["short"])
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0"
+        if pieces["branch"] != "master":
+            rendered += ".dev0"
+        rendered += "+untagged.%d.g%s" % (pieces["distance"],
+                                          pieces["short"])
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def pep440_split_post(ver: str) -> Tuple[str, Optional[int]]:
+    """Split pep440 version string at the post-release segment.
+
+    Returns the release segments before the post-release and the
+    post-release version number (or -1 if no post-release segment is present).
+    """
+    vc = str.split(ver, ".post")
+    return vc[0], int(vc[1] or 0) if len(vc) == 2 else None
+
+
+def render_pep440_pre(pieces: Dict[str, Any]) -> str:
+    """TAG[.postN.devDISTANCE] -- No -dirty.
+
+    Exceptions:
+    1: no tags. 0.post0.devDISTANCE
+    """
+    if pieces["closest-tag"]:
         if pieces["distance"]:
-            rendered += ".post.dev%d" % pieces["distance"]
+            # update the post release segment
+            tag_version, post_version = pep440_split_post(pieces["closest-tag"])
+            rendered = tag_version
+            if post_version is not None:
+                rendered += ".post%d.dev%d" % (post_version + 1, pieces["distance"])
+            else:
+                rendered += ".post0.dev%d" % (pieces["distance"])
+        else:
+            # no commits, use the tag as the version
+            rendered = pieces["closest-tag"]
     else:
         # exception #1
-        rendered = "0.post.dev%d" % pieces["distance"]
+        rendered = "0.post0.dev%d" % pieces["distance"]
     return rendered
 
 
-def render_pep440_post(pieces):
+def render_pep440_post(pieces: Dict[str, Any]) -> str:
     """TAG[.postDISTANCE[.dev0]+gHEX] .
 
     The ".dev0" means dirty. Note that .dev0 sorts backwards
@@ -1301,12 +1659,41 @@ def render_pep440_post(pieces):
     return rendered
 
 
-def render_pep440_old(pieces):
+def render_pep440_post_branch(pieces: Dict[str, Any]) -> str:
+    """TAG[.postDISTANCE[.dev0]+gHEX[.dirty]] .
+
+    The ".dev0" means not master branch.
+
+    Exceptions:
+    1: no tags. 0.postDISTANCE[.dev0]+gHEX[.dirty]
+    """
+    if pieces["closest-tag"]:
+        rendered = pieces["closest-tag"]
+        if pieces["distance"] or pieces["dirty"]:
+            rendered += ".post%d" % pieces["distance"]
+            if pieces["branch"] != "master":
+                rendered += ".dev0"
+            rendered += plus_or_dot(pieces)
+            rendered += "g%s" % pieces["short"]
+            if pieces["dirty"]:
+                rendered += ".dirty"
+    else:
+        # exception #1
+        rendered = "0.post%d" % pieces["distance"]
+        if pieces["branch"] != "master":
+            rendered += ".dev0"
+        rendered += "+g%s" % pieces["short"]
+        if pieces["dirty"]:
+            rendered += ".dirty"
+    return rendered
+
+
+def render_pep440_old(pieces: Dict[str, Any]) -> str:
     """TAG[.postDISTANCE[.dev0]] .
 
     The ".dev0" means dirty.
 
-    Eexceptions:
+    Exceptions:
     1: no tags. 0.postDISTANCE[.dev0]
     """
     if pieces["closest-tag"]:
@@ -1323,7 +1710,7 @@ def render_pep440_old(pieces):
     return rendered
 
 
-def render_git_describe(pieces):
+def render_git_describe(pieces: Dict[str, Any]) -> str:
     """TAG[-DISTANCE-gHEX][-dirty].
 
     Like 'git describe --tags --dirty --always'.
@@ -1343,7 +1730,7 @@ def render_git_describe(pieces):
     return rendered
 
 
-def render_git_describe_long(pieces):
+def render_git_describe_long(pieces: Dict[str, Any]) -> str:
     """TAG-DISTANCE-gHEX[-dirty].
 
     Like 'git describe --tags --dirty --always -long'.
@@ -1363,7 +1750,7 @@ def render_git_describe_long(pieces):
     return rendered
 
 
-def render(pieces, style):
+def render(pieces: Dict[str, Any], style: str) -> Dict[str, Any]:
     """Render the given version pieces into the requested style."""
     if pieces["error"]:
         return {"version": "unknown",
@@ -1377,10 +1764,14 @@ def render(pieces, style):
 
     if style == "pep440":
         rendered = render_pep440(pieces)
+    elif style == "pep440-branch":
+        rendered = render_pep440_branch(pieces)
     elif style == "pep440-pre":
         rendered = render_pep440_pre(pieces)
     elif style == "pep440-post":
         rendered = render_pep440_post(pieces)
+    elif style == "pep440-post-branch":
+        rendered = render_pep440_post_branch(pieces)
     elif style == "pep440-old":
         rendered = render_pep440_old(pieces)
     elif style == "git-describe":
@@ -1399,7 +1790,7 @@ class VersioneerBadRootError(Exception):
     """The project root directory is unknown or missing key files."""
 
 
-def get_versions(verbose=False):
+def get_versions(verbose: bool = False) -> Dict[str, Any]:
     """Get the project version from whatever source is available.
 
     Returns dict with two keys: 'version' and 'full'.
@@ -1414,7 +1805,7 @@ def get_versions(verbose=False):
     assert cfg.VCS is not None, "please set [versioneer]VCS= in setup.cfg"
     handlers = HANDLERS.get(cfg.VCS)
     assert handlers, "unrecognized VCS '%s'" % cfg.VCS
-    verbose = verbose or cfg.verbose
+    verbose = verbose or bool(cfg.verbose)  # `bool()` used to avoid `None`
     assert cfg.versionfile_source is not None, \
         "please set versioneer.versionfile_source"
     assert cfg.tag_prefix is not None, "please set versioneer.tag_prefix"
@@ -1475,13 +1866,17 @@ def get_versions(verbose=False):
             "date": None}
 
 
-def get_version():
+def get_version() -> str:
     """Get the short version string for this project."""
     return get_versions()["version"]
 
 
-def get_cmdclass():
-    """Get the custom setuptools/distutils subclasses used by Versioneer."""
+def get_cmdclass(cmdclass: Optional[Dict[str, Any]] = None):
+    """Get the custom setuptools subclasses used by Versioneer.
+
+    If the package uses a different cmdclass (e.g. one from numpy), it
+    should be provide as an argument.
+    """
     if "versioneer" in sys.modules:
         del sys.modules["versioneer"]
         # this fixes the "python setup.py develop" case (also 'install' and
@@ -1495,25 +1890,25 @@ def get_cmdclass():
         # parent is protected against the child's "import versioneer". By
         # removing ourselves from sys.modules here, before the child build
         # happens, we protect the child from the parent's versioneer too.
-        # Also see https://github.com/warner/python-versioneer/issues/52
+        # Also see https://github.com/python-versioneer/python-versioneer/issues/52
 
-    cmds = {}
+    cmds = {} if cmdclass is None else cmdclass.copy()
 
-    # we add "version" to both distutils and setuptools
-    from distutils.core import Command
+    # we add "version" to setuptools
+    from setuptools import Command
 
     class cmd_version(Command):
         description = "report generated version string"
-        user_options = []
-        boolean_options = []
+        user_options: List[Tuple[str, str, str]] = []
+        boolean_options: List[str] = []
 
-        def initialize_options(self):
+        def initialize_options(self) -> None:
             pass
 
-        def finalize_options(self):
+        def finalize_options(self) -> None:
             pass
 
-        def run(self):
+        def run(self) -> None:
             vers = get_versions(verbose=True)
             print("Version: %s" % vers["version"])
             print(" full-revisionid: %s" % vers.get("full-revisionid"))
@@ -1523,7 +1918,7 @@ def run(self):
                 print(" error: %s" % vers["error"])
     cmds["version"] = cmd_version
 
-    # we override "build_py" in both distutils and setuptools
+    # we override "build_py" in setuptools
     #
     # most invocation pathways end up running build_py:
     #  distutils/build -> build_py
@@ -1538,18 +1933,25 @@ def run(self):
     #   then does setup.py bdist_wheel, or sometimes setup.py install
     #  setup.py egg_info -> ?
 
+    # pip install -e . and setuptool/editable_wheel will invoke build_py
+    # but the build_py command is not expected to copy any files.
+
     # we override different "build_py" commands for both environments
-    if "setuptools" in sys.modules:
-        from setuptools.command.build_py import build_py as _build_py
+    if 'build_py' in cmds:
+        _build_py: Any = cmds['build_py']
     else:
-        from distutils.command.build_py import build_py as _build_py
+        from setuptools.command.build_py import build_py as _build_py
 
     class cmd_build_py(_build_py):
-        def run(self):
+        def run(self) -> None:
             root = get_root()
             cfg = get_config_from_root(root)
             versions = get_versions()
             _build_py.run(self)
+            if getattr(self, "editable_mode", False):
+                # During editable installs `.py` and data files are
+                # not copied to build_lib
+                return
             # now locate _version.py in the new build/ directory and replace
             # it with an updated value
             if cfg.versionfile_build:
@@ -1559,33 +1961,40 @@ def run(self):
                 write_to_version_file(target_versionfile, versions)
     cmds["build_py"] = cmd_build_py
 
-    if "setuptools" in sys.modules:
-        from setuptools.command.build_ext import build_ext as _build_ext
+    if 'build_ext' in cmds:
+        _build_ext: Any = cmds['build_ext']
     else:
-        from distutils.command.build_ext import build_ext as _build_ext
+        from setuptools.command.build_ext import build_ext as _build_ext
 
     class cmd_build_ext(_build_ext):
-        def run(self):
+        def run(self) -> None:
             root = get_root()
             cfg = get_config_from_root(root)
             versions = get_versions()
             _build_ext.run(self)
             if self.inplace:
-                # build_ext --inplace will only build modules in
+                # build_ext --inplace will only build extensions in
                 # build/lib<..> dir with no _version.py to write to.
                 # As in place builds will already have a _version.py
                 # in the module dir, we do not need to write one.
                 return
             # now locate _version.py in the new build/ directory and replace
             # it with an updated value
+            if not cfg.versionfile_build:
+                return
             target_versionfile = os.path.join(self.build_lib,
-                                              cfg.versionfile_source)
+                                              cfg.versionfile_build)
+            if not os.path.exists(target_versionfile):
+                print(f"Warning: {target_versionfile} does not exist, skipping "
+                      "version update. This can happen if you are running build_ext "
+                      "without first running build_py.")
+                return
             print("UPDATING %s" % target_versionfile)
             write_to_version_file(target_versionfile, versions)
     cmds["build_ext"] = cmd_build_ext
 
     if "cx_Freeze" in sys.modules:  # cx_freeze enabled?
-        from cx_Freeze.dist import build_exe as _build_exe
+        from cx_Freeze.dist import build_exe as _build_exe  # type: ignore
         # nczeczulin reports that py2exe won't like the pep440-style string
         # as FILEVERSION, but it can be used for PRODUCTVERSION, e.g.
         # setup(console=[{
@@ -1594,7 +2003,7 @@ def run(self):
         #   ...
 
         class cmd_build_exe(_build_exe):
-            def run(self):
+            def run(self) -> None:
                 root = get_root()
                 cfg = get_config_from_root(root)
                 versions = get_versions()
@@ -1618,12 +2027,12 @@ def run(self):
 
     if 'py2exe' in sys.modules:  # py2exe enabled?
         try:
-            from py2exe.distutils_buildexe import py2exe as _py2exe  # py3
+            from py2exe.setuptools_buildexe import py2exe as _py2exe  # type: ignore
         except ImportError:
-            from py2exe.build_exe import py2exe as _py2exe  # py2
+            from py2exe.distutils_buildexe import py2exe as _py2exe  # type: ignore
 
         class cmd_py2exe(_py2exe):
-            def run(self):
+            def run(self) -> None:
                 root = get_root()
                 cfg = get_config_from_root(root)
                 versions = get_versions()
@@ -1644,14 +2053,51 @@ def run(self):
                              })
         cmds["py2exe"] = cmd_py2exe
 
+    # sdist farms its file list building out to egg_info
+    if 'egg_info' in cmds:
+        _egg_info: Any = cmds['egg_info']
+    else:
+        from setuptools.command.egg_info import egg_info as _egg_info
+
+    class cmd_egg_info(_egg_info):
+        def find_sources(self) -> None:
+            # egg_info.find_sources builds the manifest list and writes it
+            # in one shot
+            super().find_sources()
+
+            # Modify the filelist and normalize it
+            root = get_root()
+            cfg = get_config_from_root(root)
+            self.filelist.append('versioneer.py')
+            if cfg.versionfile_source:
+                # There are rare cases where versionfile_source might not be
+                # included by default, so we must be explicit
+                self.filelist.append(cfg.versionfile_source)
+            self.filelist.sort()
+            self.filelist.remove_duplicates()
+
+            # The write method is hidden in the manifest_maker instance that
+            # generated the filelist and was thrown away
+            # We will instead replicate their final normalization (to unicode,
+            # and POSIX-style paths)
+            from setuptools import unicode_utils
+            normalized = [unicode_utils.filesys_decode(f).replace(os.sep, '/')
+                          for f in self.filelist.files]
+
+            manifest_filename = os.path.join(self.egg_info, 'SOURCES.txt')
+            with open(manifest_filename, 'w') as fobj:
+                fobj.write('\n'.join(normalized))
+
+    cmds['egg_info'] = cmd_egg_info
+
     # we override different "sdist" commands for both environments
-    if "setuptools" in sys.modules:
-        from setuptools.command.sdist import sdist as _sdist
+    if 'sdist' in cmds:
+        _sdist: Any = cmds['sdist']
     else:
-        from distutils.command.sdist import sdist as _sdist
+        from setuptools.command.sdist import sdist as _sdist
 
     class cmd_sdist(_sdist):
-        def run(self):
+        def run(self) -> None:
             versions = get_versions()
             self._versioneer_generated_versions = versions
             # unless we update this, the command will keep using the old
@@ -1659,7 +2105,7 @@ def run(self):
             self.distribution.metadata.version = versions["version"]
             return _sdist.run(self)
 
-        def make_release_tree(self, base_dir, files):
+        def make_release_tree(self, base_dir: str, files: List[str]) -> None:
             root = get_root()
             cfg = get_config_from_root(root)
             _sdist.make_release_tree(self, base_dir, files)
@@ -1712,21 +2158,26 @@ def make_release_tree(self, base_dir, files):
 
 """
 
-INIT_PY_SNIPPET = """
+OLD_SNIPPET = """
 from ._version import get_versions
 __version__ = get_versions()['version']
 del get_versions
 """
 
+INIT_PY_SNIPPET = """
+from . import {0}
+__version__ = {0}.get_versions()['version']
+"""
 
-def do_setup():
-    """Main VCS-independent setup function for installing Versioneer."""
+
+def do_setup() -> int:
+    """Do main VCS-independent setup function for installing Versioneer."""
     root = get_root()
     try:
         cfg = get_config_from_root(root)
-    except (EnvironmentError, configparser.NoSectionError,
+    except (OSError, configparser.NoSectionError,
             configparser.NoOptionError) as e:
-        if isinstance(e, (EnvironmentError, configparser.NoSectionError)):
+        if isinstance(e, (OSError, configparser.NoSectionError)):
             print("Adding sample versioneer config to setup.cfg",
                   file=sys.stderr)
             with open(os.path.join(root, "setup.cfg"), "a") as f:
@@ -1746,62 +2197,37 @@ def do_setup():
 
     ipy = os.path.join(os.path.dirname(cfg.versionfile_source),
                        "__init__.py")
+    maybe_ipy: Optional[str] = ipy
     if os.path.exists(ipy):
         try:
             with open(ipy, "r") as f:
                 old = f.read()
-        except EnvironmentError:
+        except OSError:
             old = ""
-        if INIT_PY_SNIPPET not in old:
+        module = os.path.splitext(os.path.basename(cfg.versionfile_source))[0]
+        snippet = INIT_PY_SNIPPET.format(module)
+        if OLD_SNIPPET in old:
+            print(" replacing boilerplate in %s" % ipy)
+            with open(ipy, "w") as f:
+                f.write(old.replace(OLD_SNIPPET, snippet))
+        elif snippet not in old:
             print(" appending to %s" % ipy)
             with open(ipy, "a") as f:
-                f.write(INIT_PY_SNIPPET)
+                f.write(snippet)
         else:
             print(" %s unmodified" % ipy)
     else:
         print(" %s doesn't exist, ok" % ipy)
-        ipy = None
-
-    # Make sure both the top-level "versioneer.py" and versionfile_source
-    # (PKG/_version.py, used by runtime code) are in MANIFEST.in, so
-    # they'll be copied into source distributions. Pip won't be able to
-    # install the package without this.
-    manifest_in = os.path.join(root, "MANIFEST.in")
-    simple_includes = set()
-    try:
-        with open(manifest_in, "r") as f:
-            for line in f:
-                if line.startswith("include "):
-                    for include in line.split()[1:]:
-                        simple_includes.add(include)
-    except EnvironmentError:
-        pass
-    # That doesn't cover everything MANIFEST.in can do
-    # (http://docs.python.org/2/distutils/sourcedist.html#commands), so
-    # it might give some false negatives. Appending redundant 'include'
-    # lines is safe, though.
-    if "versioneer.py" not in simple_includes:
-        print(" appending 'versioneer.py' to MANIFEST.in")
-        with open(manifest_in, "a") as f:
-            f.write("include versioneer.py\n")
-    else:
-        print(" 'versioneer.py' already in MANIFEST.in")
-    if cfg.versionfile_source not in simple_includes:
-        print(" appending versionfile_source ('%s') to MANIFEST.in" %
-              cfg.versionfile_source)
-        with open(manifest_in, "a") as f:
-            f.write("include %s\n" % cfg.versionfile_source)
-    else:
-        print(" versionfile_source already in MANIFEST.in")
+        maybe_ipy = None
 
     # Make VCS-specific changes. For git, this means creating/changing
     # .gitattributes to mark _version.py for export-subst keyword
     # substitution.
-    do_vcs_install(manifest_in, cfg.versionfile_source, ipy)
+    do_vcs_install(cfg.versionfile_source, maybe_ipy)
     return 0
 
 
-def scan_setup_py():
+def scan_setup_py() -> int:
     """Validate the contents of setup.py against Versioneer's expectations."""
     found = set()
     setters = False
@@ -1838,10 +2264,14 @@ def scan_setup_py():
     return errors
 
 
+def setup_command() -> NoReturn:
+    """Set up Versioneer and exit with appropriate error code."""
+    errors = do_setup()
+    errors += scan_setup_py()
+    sys.exit(1 if errors else 0)
+
+
 if __name__ == "__main__":
     cmd = sys.argv[1]
     if cmd == "setup":
-        errors = do_setup()
-        errors += scan_setup_py()
-        if errors:
-            sys.exit(1)
+        setup_command()
diff --git a/zlib-1.3.1/CMakeLists.txt b/zlib-1.3.1/CMakeLists.txt
new file mode 100644
index 00000000..15ceebe7
--- /dev/null
+++ b/zlib-1.3.1/CMakeLists.txt
@@ -0,0 +1,218 @@
+cmake_minimum_required(VERSION 2.4.4...3.15.0)
+set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS ON)
+
+project(zlib C)
+
+set(VERSION "1.3.1")
+
+option(ZLIB_BUILD_EXAMPLES "Enable Zlib Examples" ON)
+
+set(INSTALL_BIN_DIR "${CMAKE_INSTALL_PREFIX}/bin" CACHE PATH "Installation directory for executables")
+set(INSTALL_LIB_DIR "${CMAKE_INSTALL_PREFIX}/lib" CACHE PATH "Installation directory for libraries")
+set(INSTALL_INC_DIR "${CMAKE_INSTALL_PREFIX}/include" CACHE PATH "Installation directory for headers")
+set(INSTALL_MAN_DIR "${CMAKE_INSTALL_PREFIX}/share/man" CACHE PATH "Installation directory for manual pages")
+set(INSTALL_PKGCONFIG_DIR "${CMAKE_INSTALL_PREFIX}/share/pkgconfig" CACHE PATH "Installation directory for pkgconfig (.pc) files")
+
+include(CheckTypeSize)
+include(CheckFunctionExists)
+include(CheckIncludeFile)
+include(CheckCSourceCompiles)
+enable_testing()
+
+check_include_file(sys/types.h HAVE_SYS_TYPES_H)
+check_include_file(stdint.h    HAVE_STDINT_H)
+check_include_file(stddef.h    HAVE_STDDEF_H)
+
+#
+# Check to see if we have large file support
+#
+set(CMAKE_REQUIRED_DEFINITIONS -D_LARGEFILE64_SOURCE=1)
+# We add these other definitions here because CheckTypeSize.cmake
+# in CMake 2.4.x does not automatically do so and we want
+# compatibility with CMake 2.4.x.
+if(HAVE_SYS_TYPES_H)
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_SYS_TYPES_H)
+endif()
+if(HAVE_STDINT_H)
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_STDINT_H)
+endif()
+if(HAVE_STDDEF_H)
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_STDDEF_H)
+endif()
+check_type_size(off64_t OFF64_T)
+if(HAVE_OFF64_T)
+   add_definitions(-D_LARGEFILE64_SOURCE=1)
+endif()
+set(CMAKE_REQUIRED_DEFINITIONS) # clear variable
+
+#
+# Check for fseeko
+#
+check_function_exists(fseeko HAVE_FSEEKO)
+if(NOT HAVE_FSEEKO)
+    add_definitions(-DNO_FSEEKO)
+endif()
+
+#
+# Check for unistd.h
+#
+check_include_file(unistd.h Z_HAVE_UNISTD_H)
+
+if(MSVC)
+    set(CMAKE_DEBUG_POSTFIX "d")
+    add_definitions(-D_CRT_SECURE_NO_DEPRECATE)
+    add_definitions(-D_CRT_NONSTDC_NO_DEPRECATE)
+    include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+endif()
+
+if(NOT CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_CURRENT_BINARY_DIR)
+    # If we're doing an out of source build and the user has a zconf.h
+    # in their source tree...
+    if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h)
+        message(STATUS "Renaming")
+        message(STATUS "    ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h")
+        message(STATUS "to 'zconf.h.included' because this file is included with zlib")
+        message(STATUS "but CMake generates it automatically in the build directory.")
+        file(RENAME ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h.included)
+  endif()
+endif()
+
+set(ZLIB_PC ${CMAKE_CURRENT_BINARY_DIR}/zlib.pc)
+configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/zlib.pc.cmakein
+		${ZLIB_PC} @ONLY)
+configure_file(	${CMAKE_CURRENT_SOURCE_DIR}/zconf.h.cmakein
+		${CMAKE_CURRENT_BINARY_DIR}/zconf.h @ONLY)
+include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_SOURCE_DIR})
+
+
+#============================================================================
+# zlib
+#============================================================================
+
+set(ZLIB_PUBLIC_HDRS
+    ${CMAKE_CURRENT_BINARY_DIR}/zconf.h
+    zlib.h
+)
+set(ZLIB_PRIVATE_HDRS
+    crc32.h
+    deflate.h
+    gzguts.h
+    inffast.h
+    inffixed.h
+    inflate.h
+    inftrees.h
+    trees.h
+    zutil.h
+)
+set(ZLIB_SRCS
+    adler32.c
+    compress.c
+    crc32.c
+    deflate.c
+    gzclose.c
+    gzlib.c
+    gzread.c
+    gzwrite.c
+    inflate.c
+    infback.c
+    inftrees.c
+    inffast.c
+    trees.c
+    uncompr.c
+    zutil.c
+)
+
+if(NOT MINGW)
+    set(ZLIB_DLL_SRCS
+        win32/zlib1.rc # If present will override custom build rule below.
+    )
+endif()
+
+# parse the full version number from zlib.h and include in ZLIB_FULL_VERSION
+file(READ ${CMAKE_CURRENT_SOURCE_DIR}/zlib.h _zlib_h_contents)
+string(REGEX REPLACE ".*#define[ \t]+ZLIB_VERSION[ \t]+\"([-0-9A-Za-z.]+)\".*"
+    "\\1" ZLIB_FULL_VERSION ${_zlib_h_contents})
+
+if(MINGW)
+    # This gets us DLL resource information when compiling on MinGW.
+    if(NOT CMAKE_RC_COMPILER)
+        set(CMAKE_RC_COMPILER windres.exe)
+    endif()
+
+    add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj
+                       COMMAND ${CMAKE_RC_COMPILER}
+                            -D GCC_WINDRES
+                            -I ${CMAKE_CURRENT_SOURCE_DIR}
+                            -I ${CMAKE_CURRENT_BINARY_DIR}
+                            -o ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj
+                            -i ${CMAKE_CURRENT_SOURCE_DIR}/win32/zlib1.rc)
+    set(ZLIB_DLL_SRCS ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj)
+endif(MINGW)
+
+add_library(zlib SHARED ${ZLIB_SRCS} ${ZLIB_DLL_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS})
+target_include_directories(zlib PUBLIC ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
+add_library(zlibstatic STATIC ${ZLIB_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS})
+target_include_directories(zlibstatic PUBLIC ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
+set_target_properties(zlib PROPERTIES DEFINE_SYMBOL ZLIB_DLL)
+set_target_properties(zlib PROPERTIES SOVERSION 1)
+
+if(NOT CYGWIN)
+    # This property causes shared libraries on Linux to have the full version
+    # encoded into their final filename.  We disable this on Cygwin because
+    # it causes cygz-${ZLIB_FULL_VERSION}.dll to be created when cygz.dll
+    # seems to be the default.
+    #
+    # This has no effect with MSVC, on that platform the version info for
+    # the DLL comes from the resource file win32/zlib1.rc
+    set_target_properties(zlib PROPERTIES VERSION ${ZLIB_FULL_VERSION})
+endif()
+
+if(UNIX)
+    # On unix-like platforms the library is almost always called libz
+   set_target_properties(zlib zlibstatic PROPERTIES OUTPUT_NAME z)
+   if(NOT APPLE AND NOT(CMAKE_SYSTEM_NAME STREQUAL AIX))
+     set_target_properties(zlib PROPERTIES LINK_FLAGS "-Wl,--version-script,\"${CMAKE_CURRENT_SOURCE_DIR}/zlib.map\"")
+   endif()
+elseif(BUILD_SHARED_LIBS AND WIN32)
+    # Creates zlib1.dll when building shared library version
+    set_target_properties(zlib PROPERTIES SUFFIX "1.dll")
+endif()
+
+if(NOT SKIP_INSTALL_LIBRARIES AND NOT SKIP_INSTALL_ALL )
+    install(TARGETS zlib zlibstatic
+        RUNTIME DESTINATION "${INSTALL_BIN_DIR}"
+        ARCHIVE DESTINATION "${INSTALL_LIB_DIR}"
+        LIBRARY DESTINATION "${INSTALL_LIB_DIR}" )
+endif()
+if(NOT SKIP_INSTALL_HEADERS AND NOT SKIP_INSTALL_ALL )
+    install(FILES ${ZLIB_PUBLIC_HDRS} DESTINATION "${INSTALL_INC_DIR}")
+endif()
+if(NOT SKIP_INSTALL_FILES AND NOT SKIP_INSTALL_ALL )
+    install(FILES zlib.3 DESTINATION "${INSTALL_MAN_DIR}/man3")
+endif()
+if(NOT SKIP_INSTALL_FILES AND NOT SKIP_INSTALL_ALL )
+    install(FILES ${ZLIB_PC} DESTINATION "${INSTALL_PKGCONFIG_DIR}")
+endif()
+
+#============================================================================
+# Example binaries
+#============================================================================
+if(ZLIB_BUILD_EXAMPLES)
+    add_executable(example test/example.c)
+    target_link_libraries(example zlib)
+    add_test(example example)
+
+    add_executable(minigzip test/minigzip.c)
+    target_link_libraries(minigzip zlib)
+
+    if(HAVE_OFF64_T)
+        add_executable(example64 test/example.c)
+        target_link_libraries(example64 zlib)
+        set_target_properties(example64 PROPERTIES COMPILE_FLAGS "-D_FILE_OFFSET_BITS=64")
+        add_test(example64 example64)
+
+        add_executable(minigzip64 test/minigzip.c)
+        target_link_libraries(minigzip64 zlib)
+        set_target_properties(minigzip64 PROPERTIES COMPILE_FLAGS "-D_FILE_OFFSET_BITS=64")
+    endif()
+endif()
diff --git a/zlib-1.3.1/ChangeLog b/zlib-1.3.1/ChangeLog
new file mode 100644
index 00000000..b801a103
--- /dev/null
+++ b/zlib-1.3.1/ChangeLog
@@ -0,0 +1,1618 @@
+
+                ChangeLog file for zlib
+
+Changes in 1.3.1 (22 Jan 2024)
+- Reject overflows of zip header fields in minizip
+- Fix bug in inflateSync() for data held in bit buffer
+- Add LIT_MEM define to use more memory for a small deflate speedup
+- Fix decision on the emission of Zip64 end records in minizip
+- Add bounds checking to ERR_MSG() macro, used by zError()
+- Neutralize zip file traversal attacks in miniunz
+- Fix a bug in ZLIB_DEBUG compiles in check_match()
+- Various portability and appearance improvements
+
+Changes in 1.3 (18 Aug 2023)
+- Remove K&R function definitions and zlib2ansi
+- Fix bug in deflateBound() for level 0 and memLevel 9
+- Fix bug when gzungetc() is used immediately after gzopen()
+- Fix bug when using gzflush() with a very small buffer
+- Fix crash when gzsetparams() attempted for transparent write
+- Fix test/example.c to work with FORCE_STORED
+- Rewrite of zran in examples (see zran.c version history)
+- Fix minizip to allow it to open an empty zip file
+- Fix reading disk number start on zip64 files in minizip
+- Fix logic error in minizip argument processing
+- Add minizip testing to Makefile
+- Read multiple bytes instead of byte-by-byte in minizip unzip.c
+- Add memory sanitizer to configure (--memory)
+- Various portability improvements
+- Various documentation improvements
+- Various spelling and typo corrections
+
+Changes in 1.2.13 (13 Oct 2022)
+- Fix configure issue that discarded provided CC definition
+- Correct incorrect inputs provided to the CRC functions
+- Repair prototypes and exporting of new CRC functions
+- Fix inflateBack to detect invalid input with distances too far
+- Have infback() deliver all of the available output up to any error
+- Fix a bug when getting a gzip header extra field with inflate()
+- Fix bug in block type selection when Z_FIXED used
+- Tighten deflateBound bounds
+- Remove deleted assembler code references
+- Various portability and appearance improvements
+
+Changes in 1.2.12 (27 Mar 2022)
+- Cygwin does not have _wopen(), so do not create gzopen_w() there
+- Permit a deflateParams() parameter change as soon as possible
+- Limit hash table inserts after switch from stored deflate
+- Fix bug when window full in deflate_stored()
+- Fix CLEAR_HASH macro to be usable as a single statement
+- Avoid a conversion error in gzseek when off_t type too small
+- Have Makefile return non-zero error code on test failure
+- Avoid some conversion warnings in gzread.c and gzwrite.c
+- Update use of errno for newer Windows CE versions
+- Small speedup to inflate [psumbera]
+- Return an error if the gzputs string length can't fit in an int
+- Add address checking in clang to -w option of configure
+- Don't compute check value for raw inflate if asked to validate
+- Handle case where inflateSync used when header never processed
+- Avoid the use of ptrdiff_t
+- Avoid an undefined behavior of memcpy() in gzappend()
+- Avoid undefined behaviors of memcpy() in gz*printf()
+- Avoid an undefined behavior of memcpy() in _tr_stored_block()
+- Make the names in functions declarations identical to definitions
+- Remove old assembler code in which bugs have manifested
+- Fix deflateEnd() to not report an error at start of raw deflate
+- Add legal disclaimer to README
+- Emphasize the need to continue decompressing gzip members
+- Correct the initialization requirements for deflateInit2()
+- Fix a bug that can crash deflate on some input when using Z_FIXED
+- Assure that the number of bits for deflatePrime() is valid
+- Use a structure to make globals in enough.c evident
+- Use a macro for the printf format of big_t in enough.c
+- Clean up code style in enough.c, update version
+- Use inline function instead of macro for index in enough.c
+- Clarify that prefix codes are counted in enough.c
+- Show all the codes for the maximum tables size in enough.c
+- Add gznorm.c example, which normalizes gzip files
+- Fix the zran.c example to work on a multiple-member gzip file
+- Add tables for crc32_combine(), to speed it up by a factor of 200
+- Add crc32_combine_gen() and crc32_combine_op() for fast combines
+- Speed up software CRC-32 computation by a factor of 1.5 to 3
+- Use atomic test and set, if available, for dynamic CRC tables
+- Don't bother computing check value after successful inflateSync()
+- Correct comment in crc32.c
+- Add use of the ARMv8 crc32 instructions when requested
+- Use ARM crc32 instructions if the ARM architecture has them
+- Explicitly note that the 32-bit check values are 32 bits
+- Avoid adding empty gzip member after gzflush with Z_FINISH
+- Fix memory leak on error in gzlog.c
+- Fix error in comment on the polynomial representation of a byte
+- Clarify gz* function interfaces, referring to parameter names
+- Change macro name in inflate.c to avoid collision in VxWorks
+- Correct typo in blast.c
+- Improve portability of contrib/minizip
+- Fix indentation in minizip's zip.c
+- Replace black/white with allow/block. (theresa-m)
+- minizip warning fix if MAXU32 already defined. (gvollant)
+- Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
+- Clean up minizip to reduce warnings for testing
+- Add fallthrough comments for gcc
+- Eliminate use of ULL constants
+- Separate out address sanitizing from warnings in configure
+- Remove destructive aspects of make distclean
+- Check for cc masquerading as gcc or clang in configure
+- Fix crc32.c to compile local functions only if used
+
+Changes in 1.2.11 (15 Jan 2017)
+- Fix deflate stored bug when pulling last block from window
+- Permit immediate deflateParams changes before any deflate input
+
+Changes in 1.2.10 (2 Jan 2017)
+- Avoid warnings on snprintf() return value
+- Fix bug in deflate_stored() for zero-length input
+- Fix bug in gzwrite.c that produced corrupt gzip files
+- Remove files to be installed before copying them in Makefile.in
+- Add warnings when compiling with assembler code
+
+Changes in 1.2.9 (31 Dec 2016)
+- Fix contrib/minizip to permit unzipping with desktop API [Zouzou]
+- Improve contrib/blast to return unused bytes
+- Assure that gzoffset() is correct when appending
+- Improve compress() and uncompress() to support large lengths
+- Fix bug in test/example.c where error code not saved
+- Remedy Coverity warning [Randers-Pehrson]
+- Improve speed of gzprintf() in transparent mode
+- Fix inflateInit2() bug when windowBits is 16 or 32
+- Change DEBUG macro to ZLIB_DEBUG
+- Avoid uninitialized access by gzclose_w()
+- Allow building zlib outside of the source directory
+- Fix bug that accepted invalid zlib header when windowBits is zero
+- Fix gzseek() problem on MinGW due to buggy _lseeki64 there
+- Loop on write() calls in gzwrite.c in case of non-blocking I/O
+- Add --warn (-w) option to ./configure for more compiler warnings
+- Reject a window size of 256 bytes if not using the zlib wrapper
+- Fix bug when level 0 used with Z_HUFFMAN or Z_RLE
+- Add --debug (-d) option to ./configure to define ZLIB_DEBUG
+- Fix bugs in creating a very large gzip header
+- Add uncompress2() function, which returns the input size used
+- Assure that deflateParams() will not switch functions mid-block
+- Dramatically speed up deflation for level 0 (storing)
+- Add gzfread(), duplicating the interface of fread()
+- Add gzfwrite(), duplicating the interface of fwrite()
+- Add deflateGetDictionary() function
+- Use snprintf() for later versions of Microsoft C
+- Fix *Init macros to use z_ prefix when requested
+- Replace as400 with os400 for OS/400 support [Monnerat]
+- Add crc32_z() and adler32_z() functions with size_t lengths
+- Update Visual Studio project files [AraHaan]
+
+Changes in 1.2.8 (28 Apr 2013)
+- Update contrib/minizip/iowin32.c for Windows RT [Vollant]
+- Do not force Z_CONST for C++
+- Clean up contrib/vstudio [Roß]
+- Correct spelling error in zlib.h
+- Fix mixed line endings in contrib/vstudio
+
+Changes in 1.2.7.3 (13 Apr 2013)
+- Fix version numbers and DLL names in contrib/vstudio/*/zlib.rc
+
+Changes in 1.2.7.2 (13 Apr 2013)
+- Change check for a four-byte type back to hexadecimal
+- Fix typo in win32/Makefile.msc
+- Add casts in gzwrite.c for pointer differences
+
+Changes in 1.2.7.1 (24 Mar 2013)
+- Replace use of unsafe string functions with snprintf if available
+- Avoid including stddef.h on Windows for Z_SOLO compile [Niessink]
+- Fix gzgetc undefine when Z_PREFIX set [Turk]
+- Eliminate use of mktemp in Makefile (not always available)
+- Fix bug in 'F' mode for gzopen()
+- Add inflateGetDictionary() function
+- Correct comment in deflate.h
+- Use _snprintf for snprintf in Microsoft C
+- On Darwin, only use /usr/bin/libtool if libtool is not Apple
+- Delete "--version" file if created by "ar --version" [Richard G.]
+- Fix configure check for veracity of compiler error return codes
+- Fix CMake compilation of static lib for MSVC2010 x64
+- Remove unused variable in infback9.c
+- Fix argument checks in gzlog_compress() and gzlog_write()
+- Clean up the usage of z_const and respect const usage within zlib
+- Clean up examples/gzlog.[ch] comparisons of different types
+- Avoid shift equal to bits in type (caused endless loop)
+- Fix uninitialized value bug in gzputc() introduced by const patches
+- Fix memory allocation error in examples/zran.c [Nor]
+- Fix bug where gzopen(), gzclose() would write an empty file
+- Fix bug in gzclose() when gzwrite() runs out of memory
+- Check for input buffer malloc failure in examples/gzappend.c
+- Add note to contrib/blast to use binary mode in stdio
+- Fix comparisons of differently signed integers in contrib/blast
+- Check for invalid code length codes in contrib/puff
+- Fix serious but very rare decompression bug in inftrees.c
+- Update inflateBack() comments, since inflate() can be faster
+- Use underscored I/O function names for WINAPI_FAMILY
+- Add _tr_flush_bits to the external symbols prefixed by --zprefix
+- Add contrib/vstudio/vc10 pre-build step for static only
+- Quote --version-script argument in CMakeLists.txt
+- Don't specify --version-script on Apple platforms in CMakeLists.txt
+- Fix casting error in contrib/testzlib/testzlib.c
+- Fix types in contrib/minizip to match result of get_crc_table()
+- Simplify contrib/vstudio/vc10 with 'd' suffix
+- Add TOP support to win32/Makefile.msc
+- Support i686 and amd64 assembler builds in CMakeLists.txt
+- Fix typos in the use of _LARGEFILE64_SOURCE in zconf.h
+- Add vc11 and vc12 build files to contrib/vstudio
+- Add gzvprintf() as an undocumented function in zlib
+- Fix configure for Sun shell
+- Remove runtime check in configure for four-byte integer type
+- Add casts and consts to ease user conversion to C++
+- Add man pages for minizip and miniunzip
+- In Makefile uninstall, don't rm if preceding cd fails
+- Do not return Z_BUF_ERROR if deflateParam() has nothing to write
+
+Changes in 1.2.7 (2 May 2012)
+- Replace use of memmove() with a simple copy for portability
+- Test for existence of strerror
+- Restore gzgetc_ for backward compatibility with 1.2.6
+- Fix build with non-GNU make on Solaris
+- Require gcc 4.0 or later on Mac OS X to use the hidden attribute
+- Include unistd.h for Watcom C
+- Use __WATCOMC__ instead of __WATCOM__
+- Do not use the visibility attribute if NO_VIZ defined
+- Improve the detection of no hidden visibility attribute
+- Avoid using __int64 for gcc or solo compilation
+- Cast to char * in gzprintf to avoid warnings [Zinser]
+- Fix make_vms.com for VAX [Zinser]
+- Don't use library or built-in byte swaps
+- Simplify test and use of gcc hidden attribute
+- Fix bug in gzclose_w() when gzwrite() fails to allocate memory
+- Add "x" (O_EXCL) and "e" (O_CLOEXEC) modes support to gzopen()
+- Fix bug in test/minigzip.c for configure --solo
+- Fix contrib/vstudio project link errors [Mohanathas]
+- Add ability to choose the builder in make_vms.com [Schweda]
+- Add DESTDIR support to mingw32 win32/Makefile.gcc
+- Fix comments in win32/Makefile.gcc for proper usage
+- Allow overriding the default install locations for cmake
+- Generate and install the pkg-config file with cmake
+- Build both a static and a shared version of zlib with cmake
+- Include version symbols for cmake builds
+- If using cmake with MSVC, add the source directory to the includes
+- Remove unneeded EXTRA_CFLAGS from win32/Makefile.gcc [Truta]
+- Move obsolete emx makefile to old [Truta]
+- Allow the use of -Wundef when compiling or using zlib
+- Avoid the use of the -u option with mktemp
+- Improve inflate() documentation on the use of Z_FINISH
+- Recognize clang as gcc
+- Add gzopen_w() in Windows for wide character path names
+- Rename zconf.h in CMakeLists.txt to move it out of the way
+- Add source directory in CMakeLists.txt for building examples
+- Look in build directory for zlib.pc in CMakeLists.txt
+- Remove gzflags from zlibvc.def in vc9 and vc10
+- Fix contrib/minizip compilation in the MinGW environment
+- Update ./configure for Solaris, support --64 [Mooney]
+- Remove -R. from Solaris shared build (possible security issue)
+- Avoid race condition for parallel make (-j) running example
+- Fix type mismatch between get_crc_table() and crc_table
+- Fix parsing of version with "-" in CMakeLists.txt [Snider, Ziegler]
+- Fix the path to zlib.map in CMakeLists.txt
+- Force the native libtool in Mac OS X to avoid GNU libtool [Beebe]
+- Add instructions to win32/Makefile.gcc for shared install [Torri]
+
+Changes in 1.2.6.1 (12 Feb 2012)
+- Avoid the use of the Objective-C reserved name "id"
+- Include io.h in gzguts.h for Microsoft compilers
+- Fix problem with ./configure --prefix and gzgetc macro
+- Include gz_header definition when compiling zlib solo
+- Put gzflags() functionality back in zutil.c
+- Avoid library header include in crc32.c for Z_SOLO
+- Use name in GCC_CLASSIC as C compiler for coverage testing, if set
+- Minor cleanup in contrib/minizip/zip.c [Vollant]
+- Update make_vms.com [Zinser]
+- Remove unnecessary gzgetc_ function
+- Use optimized byte swap operations for Microsoft and GNU [Snyder]
+- Fix minor typo in zlib.h comments [Rzesniowiecki]
+
+Changes in 1.2.6 (29 Jan 2012)
+- Update the Pascal interface in contrib/pascal
+- Fix function numbers for gzgetc_ in zlibvc.def files
+- Fix configure.ac for contrib/minizip [Schiffer]
+- Fix large-entry detection in minizip on 64-bit systems [Schiffer]
+- Have ./configure use the compiler return code for error indication
+- Fix CMakeLists.txt for cross compilation [McClure]
+- Fix contrib/minizip/zip.c for 64-bit architectures [Dalsnes]
+- Fix compilation of contrib/minizip on FreeBSD [Marquez]
+- Correct suggested usages in win32/Makefile.msc [Shachar, Horvath]
+- Include io.h for Turbo C / Borland C on all platforms [Truta]
+- Make version explicit in contrib/minizip/configure.ac [Bosmans]
+- Avoid warning for no encryption in contrib/minizip/zip.c [Vollant]
+- Minor cleanup up contrib/minizip/unzip.c [Vollant]
+- Fix bug when compiling minizip with C++ [Vollant]
+- Protect for long name and extra fields in contrib/minizip [Vollant]
+- Avoid some warnings in contrib/minizip [Vollant]
+- Add -I../.. -L../.. to CFLAGS for minizip and miniunzip
+- Add missing libs to minizip linker command
+- Add support for VPATH builds in contrib/minizip
+- Add an --enable-demos option to contrib/minizip/configure
+- Add the generation of configure.log by ./configure
+- Exit when required parameters not provided to win32/Makefile.gcc
+- Have gzputc return the character written instead of the argument
+- Use the -m option on ldconfig for BSD systems [Tobias]
+- Correct in zlib.map when deflateResetKeep was added
+
+Changes in 1.2.5.3 (15 Jan 2012)
+- Restore gzgetc function for binary compatibility
+- Do not use _lseeki64 under Borland C++ [Truta]
+- Update win32/Makefile.msc to build test/*.c [Truta]
+- Remove old/visualc6 given CMakefile and other alternatives
+- Update AS400 build files and documentation [Monnerat]
+- Update win32/Makefile.gcc to build test/*.c [Truta]
+- Permit stronger flushes after Z_BLOCK flushes
+- Avoid extraneous empty blocks when doing empty flushes
+- Permit Z_NULL arguments to deflatePending
+- Allow deflatePrime() to insert bits in the middle of a stream
+- Remove second empty static block for Z_PARTIAL_FLUSH
+- Write out all of the available bits when using Z_BLOCK
+- Insert the first two strings in the hash table after a flush
+
+Changes in 1.2.5.2 (17 Dec 2011)
+- fix ld error: unable to find version dependency 'ZLIB_1.2.5'
+- use relative symlinks for shared libs
+- Avoid searching past window for Z_RLE strategy
+- Assure that high-water mark initialization is always applied in deflate
+- Add assertions to fill_window() in deflate.c to match comments
+- Update python link in README
+- Correct spelling error in gzread.c
+- Fix bug in gzgets() for a concatenated empty gzip stream
+- Correct error in comment for gz_make()
+- Change gzread() and related to ignore junk after gzip streams
+- Allow gzread() and related to continue after gzclearerr()
+- Allow gzrewind() and gzseek() after a premature end-of-file
+- Simplify gzseek() now that raw after gzip is ignored
+- Change gzgetc() to a macro for speed (~40% speedup in testing)
+- Fix gzclose() to return the actual error last encountered
+- Always add large file support for windows
+- Include zconf.h for windows large file support
+- Include zconf.h.cmakein for windows large file support
+- Update zconf.h.cmakein on make distclean
+- Merge vestigial vsnprintf determination from zutil.h to gzguts.h
+- Clarify how gzopen() appends in zlib.h comments
+- Correct documentation of gzdirect() since junk at end now ignored
+- Add a transparent write mode to gzopen() when 'T' is in the mode
+- Update python link in zlib man page
+- Get inffixed.h and MAKEFIXED result to match
+- Add a ./config --solo option to make zlib subset with no library use
+- Add undocumented inflateResetKeep() function for CAB file decoding
+- Add --cover option to ./configure for gcc coverage testing
+- Add #define ZLIB_CONST option to use const in the z_stream interface
+- Add comment to gzdopen() in zlib.h to use dup() when using fileno()
+- Note behavior of uncompress() to provide as much data as it can
+- Add files in contrib/minizip to aid in building libminizip
+- Split off AR options in Makefile.in and configure
+- Change ON macro to Z_ARG to avoid application conflicts
+- Facilitate compilation with Borland C++ for pragmas and vsnprintf
+- Include io.h for Turbo C / Borland C++
+- Move example.c and minigzip.c to test/
+- Simplify incomplete code table filling in inflate_table()
+- Remove code from inflate.c and infback.c that is impossible to execute
+- Test the inflate code with full coverage
+- Allow deflateSetDictionary, inflateSetDictionary at any time (in raw)
+- Add deflateResetKeep and fix inflateResetKeep to retain dictionary
+- Fix gzwrite.c to accommodate reduced memory zlib compilation
+- Have inflate() with Z_FINISH avoid the allocation of a window
+- Do not set strm->adler when doing raw inflate
+- Fix gzeof() to behave just like feof() when read is not past end of file
+- Fix bug in gzread.c when end-of-file is reached
+- Avoid use of Z_BUF_ERROR in gz* functions except for premature EOF
+- Document gzread() capability to read concurrently written files
+- Remove hard-coding of resource compiler in CMakeLists.txt [Blammo]
+
+Changes in 1.2.5.1 (10 Sep 2011)
+- Update FAQ entry on shared builds (#13)
+- Avoid symbolic argument to chmod in Makefile.in
+- Fix bug and add consts in contrib/puff [Oberhumer]
+- Update contrib/puff/zeros.raw test file to have all block types
+- Add full coverage test for puff in contrib/puff/Makefile
+- Fix static-only-build install in Makefile.in
+- Fix bug in unzGetCurrentFileInfo() in contrib/minizip [Kuno]
+- Add libz.a dependency to shared in Makefile.in for parallel builds
+- Spell out "number" (instead of "nb") in zlib.h for total_in, total_out
+- Replace $(...) with `...` in configure for non-bash sh [Bowler]
+- Add darwin* to Darwin* and solaris* to SunOS\ 5* in configure [Groffen]
+- Add solaris* to Linux* in configure to allow gcc use [Groffen]
+- Add *bsd* to Linux* case in configure [Bar-Lev]
+- Add inffast.obj to dependencies in win32/Makefile.msc
+- Correct spelling error in deflate.h [Kohler]
+- Change libzdll.a again to libz.dll.a (!) in win32/Makefile.gcc
+- Add test to configure for GNU C looking for gcc in output of $cc -v
+- Add zlib.pc generation to win32/Makefile.gcc [Weigelt]
+- Fix bug in zlib.h for _FILE_OFFSET_BITS set and _LARGEFILE64_SOURCE not
+- Add comment in zlib.h that adler32_combine with len2 < 0 makes no sense
+- Make NO_DIVIDE option in adler32.c much faster (thanks to John Reiser)
+- Make stronger test in zconf.h to include unistd.h for LFS
+- Apply Darwin patches for 64-bit file offsets to contrib/minizip [Slack]
+- Fix zlib.h LFS support when Z_PREFIX used
+- Add updated as400 support (removed from old) [Monnerat]
+- Avoid deflate sensitivity to volatile input data
+- Avoid division in adler32_combine for NO_DIVIDE
+- Clarify the use of Z_FINISH with deflateBound() amount of space
+- Set binary for output file in puff.c
+- Use u4 type for crc_table to avoid conversion warnings
+- Apply casts in zlib.h to avoid conversion warnings
+- Add OF to prototypes for adler32_combine_ and crc32_combine_ [Miller]
+- Improve inflateSync() documentation to note indeterminacy
+- Add deflatePending() function to return the amount of pending output
+- Correct the spelling of "specification" in FAQ [Randers-Pehrson]
+- Add a check in configure for stdarg.h, use for gzprintf()
+- Check that pointers fit in ints when gzprint() compiled old style
+- Add dummy name before $(SHAREDLIBV) in Makefile [Bar-Lev, Bowler]
+- Delete line in configure that adds -L. libz.a to LDFLAGS [Weigelt]
+- Add debug records in assembler code [Londer]
+- Update RFC references to use http://tools.ietf.org/html/... [Li]
+- Add --archs option, use of libtool to configure for Mac OS X [Borstel]
+
+Changes in 1.2.5 (19 Apr 2010)
+- Disable visibility attribute in win32/Makefile.gcc [Bar-Lev]
+- Default to libdir as sharedlibdir in configure [Nieder]
+- Update copyright dates on modified source files
+- Update trees.c to be able to generate modified trees.h
+- Exit configure for MinGW, suggesting win32/Makefile.gcc
+- Check for NULL path in gz_open [Homurlu]
+
+Changes in 1.2.4.5 (18 Apr 2010)
+- Set sharedlibdir in configure [Torok]
+- Set LDFLAGS in Makefile.in [Bar-Lev]
+- Avoid mkdir objs race condition in Makefile.in [Bowler]
+- Add ZLIB_INTERNAL in front of internal inter-module functions and arrays
+- Define ZLIB_INTERNAL to hide internal functions and arrays for GNU C
+- Don't use hidden attribute when it is a warning generator (e.g. Solaris)
+
+Changes in 1.2.4.4 (18 Apr 2010)
+- Fix CROSS_PREFIX executable testing, CHOST extract, mingw* [Torok]
+- Undefine _LARGEFILE64_SOURCE in zconf.h if it is zero, but not if empty
+- Try to use bash or ksh regardless of functionality of /bin/sh
+- Fix configure incompatibility with NetBSD sh
+- Remove attempt to run under bash or ksh since have better NetBSD fix
+- Fix win32/Makefile.gcc for MinGW [Bar-Lev]
+- Add diagnostic messages when using CROSS_PREFIX in configure
+- Added --sharedlibdir option to configure [Weigelt]
+- Use hidden visibility attribute when available [Frysinger]
+
+Changes in 1.2.4.3 (10 Apr 2010)
+- Only use CROSS_PREFIX in configure for ar and ranlib if they exist
+- Use CROSS_PREFIX for nm [Bar-Lev]
+- Assume _LARGEFILE64_SOURCE defined is equivalent to true
+- Avoid use of undefined symbols in #if with && and ||
+- Make *64 prototypes in gzguts.h consistent with functions
+- Add -shared load option for MinGW in configure [Bowler]
+- Move z_off64_t to public interface, use instead of off64_t
+- Remove ! from shell test in configure (not portable to Solaris)
+- Change +0 macro tests to -0 for possibly increased portability
+
+Changes in 1.2.4.2 (9 Apr 2010)
+- Add consistent carriage returns to readme.txt's in masmx86 and masmx64
+- Really provide prototypes for *64 functions when building without LFS
+- Only define unlink() in minigzip.c if unistd.h not included
+- Update README to point to contrib/vstudio project files
+- Move projects/vc6 to old/ and remove projects/
+- Include stdlib.h in minigzip.c for setmode() definition under WinCE
+- Clean up assembler builds in win32/Makefile.msc [Rowe]
+- Include sys/types.h for Microsoft for off_t definition
+- Fix memory leak on error in gz_open()
+- Symbolize nm as $NM in configure [Weigelt]
+- Use TEST_LDSHARED instead of LDSHARED to link test programs [Weigelt]
+- Add +0 to _FILE_OFFSET_BITS and _LFS64_LARGEFILE in case not defined
+- Fix bug in gzeof() to take into account unused input data
+- Avoid initialization of structures with variables in puff.c
+- Updated win32/README-WIN32.txt [Rowe]
+
+Changes in 1.2.4.1 (28 Mar 2010)
+- Remove the use of [a-z] constructs for sed in configure [gentoo 310225]
+- Remove $(SHAREDLIB) from LIBS in Makefile.in [Creech]
+- Restore "for debugging" comment on sprintf() in gzlib.c
+- Remove fdopen for MVS from gzguts.h
+- Put new README-WIN32.txt in win32 [Rowe]
+- Add check for shell to configure and invoke another shell if needed
+- Fix big fat stinking bug in gzseek() on uncompressed files
+- Remove vestigial F_OPEN64 define in zutil.h
+- Set and check the value of _LARGEFILE_SOURCE and _LARGEFILE64_SOURCE
+- Avoid errors on non-LFS systems when applications define LFS macros
+- Set EXE to ".exe" in configure for MINGW [Kahle]
+- Match crc32() in crc32.c exactly to the prototype in zlib.h [Sherrill]
+- Add prefix for cross-compilation in win32/makefile.gcc [Bar-Lev]
+- Add DLL install in win32/makefile.gcc [Bar-Lev]
+- Allow Linux* or linux* from uname in configure [Bar-Lev]
+- Allow ldconfig to be redefined in configure and Makefile.in [Bar-Lev]
+- Add cross-compilation prefixes to configure [Bar-Lev]
+- Match type exactly in gz_load() invocation in gzread.c
+- Match type exactly of zcalloc() in zutil.c to zlib.h alloc_func
+- Provide prototypes for *64 functions when building zlib without LFS
+- Don't use -lc when linking shared library on MinGW
+- Remove errno.h check in configure and vestigial errno code in zutil.h
+
+Changes in 1.2.4 (14 Mar 2010)
+- Fix VER3 extraction in configure for no fourth subversion
+- Update zlib.3, add docs to Makefile.in to make .pdf out of it
+- Add zlib.3.pdf to distribution
+- Don't set error code in gzerror() if passed pointer is NULL
+- Apply destination directory fixes to CMakeLists.txt [Lowman]
+- Move #cmakedefine's to a new zconf.in.cmakein
+- Restore zconf.h for builds that don't use configure or cmake
+- Add distclean to dummy Makefile for convenience
+- Update and improve INDEX, README, and FAQ
+- Update CMakeLists.txt for the return of zconf.h [Lowman]
+- Update contrib/vstudio/vc9 and vc10 [Vollant]
+- Change libz.dll.a back to libzdll.a in win32/Makefile.gcc
+- Apply license and readme changes to contrib/asm686 [Raiter]
+- Check file name lengths and add -c option in minigzip.c [Li]
+- Update contrib/amd64 and contrib/masmx86/ [Vollant]
+- Avoid use of "eof" parameter in trees.c to not shadow library variable
+- Update make_vms.com for removal of zlibdefs.h [Zinser]
+- Update assembler code and vstudio projects in contrib [Vollant]
+- Remove outdated assembler code contrib/masm686 and contrib/asm586
+- Remove old vc7 and vc8 from contrib/vstudio
+- Update win32/Makefile.msc, add ZLIB_VER_SUBREVISION [Rowe]
+- Fix memory leaks in gzclose_r() and gzclose_w(), file leak in gz_open()
+- Add contrib/gcc_gvmat64 for longest_match and inflate_fast [Vollant]
+- Remove *64 functions from win32/zlib.def (they're not 64-bit yet)
+- Fix bug in void-returning vsprintf() case in gzwrite.c
+- Fix name change from inflate.h in contrib/inflate86/inffas86.c
+- Check if temporary file exists before removing in make_vms.com [Zinser]
+- Fix make install and uninstall for --static option
+- Fix usage of _MSC_VER in gzguts.h and zutil.h [Truta]
+- Update readme.txt in contrib/masmx64 and masmx86 to assemble
+
+Changes in 1.2.3.9 (21 Feb 2010)
+- Expunge gzio.c
+- Move as400 build information to old
+- Fix updates in contrib/minizip and contrib/vstudio
+- Add const to vsnprintf test in configure to avoid warnings [Weigelt]
+- Delete zconf.h (made by configure) [Weigelt]
+- Change zconf.in.h to zconf.h.in per convention [Weigelt]
+- Check for NULL buf in gzgets()
+- Return empty string for gzgets() with len == 1 (like fgets())
+- Fix description of gzgets() in zlib.h for end-of-file, NULL return
+- Update minizip to 1.1 [Vollant]
+- Avoid MSVC loss of data warnings in gzread.c, gzwrite.c
+- Note in zlib.h that gzerror() should be used to distinguish from EOF
+- Remove use of snprintf() from gzlib.c
+- Fix bug in gzseek()
+- Update contrib/vstudio, adding vc9 and vc10 [Kuno, Vollant]
+- Fix zconf.h generation in CMakeLists.txt [Lowman]
+- Improve comments in zconf.h where modified by configure
+
+Changes in 1.2.3.8 (13 Feb 2010)
+- Clean up text files (tabs, trailing whitespace, etc.) [Oberhumer]
+- Use z_off64_t in gz_zero() and gz_skip() to match state->skip
+- Avoid comparison problem when sizeof(int) == sizeof(z_off64_t)
+- Revert to Makefile.in from 1.2.3.6 (live with the clutter)
+- Fix missing error return in gzflush(), add zlib.h note
+- Add *64 functions to zlib.map [Levin]
+- Fix signed/unsigned comparison in gz_comp()
+- Use SFLAGS when testing shared linking in configure
+- Add --64 option to ./configure to use -m64 with gcc
+- Fix ./configure --help to correctly name options
+- Have make fail if a test fails [Levin]
+- Avoid buffer overrun in contrib/masmx64/gvmat64.asm [Simpson]
+- Remove assembler object files from contrib
+
+Changes in 1.2.3.7 (24 Jan 2010)
+- Always gzopen() with O_LARGEFILE if available
+- Fix gzdirect() to work immediately after gzopen() or gzdopen()
+- Make gzdirect() more precise when the state changes while reading
+- Improve zlib.h documentation in many places
+- Catch memory allocation failure in gz_open()
+- Complete close operation if seek forward in gzclose_w() fails
+- Return Z_ERRNO from gzclose_r() if close() fails
+- Return Z_STREAM_ERROR instead of EOF for gzclose() being passed NULL
+- Return zero for gzwrite() errors to match zlib.h description
+- Return -1 on gzputs() error to match zlib.h description
+- Add zconf.in.h to allow recovery from configure modification [Weigelt]
+- Fix static library permissions in Makefile.in [Weigelt]
+- Avoid warnings in configure tests that hide functionality [Weigelt]
+- Add *BSD and DragonFly to Linux case in configure [gentoo 123571]
+- Change libzdll.a to libz.dll.a in win32/Makefile.gcc [gentoo 288212]
+- Avoid access of uninitialized data for first inflateReset2 call [Gomes]
+- Keep object files in subdirectories to reduce the clutter somewhat
+- Remove default Makefile and zlibdefs.h, add dummy Makefile
+- Add new external functions to Z_PREFIX, remove duplicates, z_z_ -> z_
+- Remove zlibdefs.h completely -- modify zconf.h instead
+
+Changes in 1.2.3.6 (17 Jan 2010)
+- Avoid void * arithmetic in gzread.c and gzwrite.c
+- Make compilers happier with const char * for gz_error message
+- Avoid unused parameter warning in inflate.c
+- Avoid signed-unsigned comparison warning in inflate.c
+- Indent #pragma's for traditional C
+- Fix usage of strwinerror() in glib.c, change to gz_strwinerror()
+- Correct email address in configure for system options
+- Update make_vms.com and add make_vms.com to contrib/minizip [Zinser]
+- Update zlib.map [Brown]
+- Fix Makefile.in for Solaris 10 make of example64 and minizip64 [Torok]
+- Apply various fixes to CMakeLists.txt [Lowman]
+- Add checks on len in gzread() and gzwrite()
+- Add error message for no more room for gzungetc()
+- Remove zlib version check in gzwrite()
+- Defer compression of gzprintf() result until need to
+- Use snprintf() in gzdopen() if available
+- Remove USE_MMAP configuration determination (only used by minigzip)
+- Remove examples/pigz.c (available separately)
+- Update examples/gun.c to 1.6
+
+Changes in 1.2.3.5 (8 Jan 2010)
+- Add space after #if in zutil.h for some compilers
+- Fix relatively harmless bug in deflate_fast() [Exarevsky]
+- Fix same problem in deflate_slow()
+- Add $(SHAREDLIBV) to LIBS in Makefile.in [Brown]
+- Add deflate_rle() for faster Z_RLE strategy run-length encoding
+- Add deflate_huff() for faster Z_HUFFMAN_ONLY encoding
+- Change name of "write" variable in inffast.c to avoid library collisions
+- Fix premature EOF from gzread() in gzio.c [Brown]
+- Use zlib header window size if windowBits is 0 in inflateInit2()
+- Remove compressBound() call in deflate.c to avoid linking compress.o
+- Replace use of errno in gz* with functions, support WinCE [Alves]
+- Provide alternative to perror() in minigzip.c for WinCE [Alves]
+- Don't use _vsnprintf on later versions of MSVC [Lowman]
+- Add CMake build script and input file [Lowman]
+- Update contrib/minizip to 1.1 [Svensson, Vollant]
+- Moved nintendods directory from contrib to root
+- Replace gzio.c with a new set of routines with the same functionality
+- Add gzbuffer(), gzoffset(), gzclose_r(), gzclose_w() as part of above
+- Update contrib/minizip to 1.1b
+- Change gzeof() to return 0 on error instead of -1 to agree with zlib.h
+
+Changes in 1.2.3.4 (21 Dec 2009)
+- Use old school .SUFFIXES in Makefile.in for FreeBSD compatibility
+- Update comments in configure and Makefile.in for default --shared
+- Fix test -z's in configure [Marquess]
+- Build examplesh and minigzipsh when not testing
+- Change NULL's to Z_NULL's in deflate.c and in comments in zlib.h
+- Import LDFLAGS from the environment in configure
+- Fix configure to populate SFLAGS with discovered CFLAGS options
+- Adapt make_vms.com to the new Makefile.in [Zinser]
+- Add zlib2ansi script for C++ compilation [Marquess]
+- Add _FILE_OFFSET_BITS=64 test to make test (when applicable)
+- Add AMD64 assembler code for longest match to contrib [Teterin]
+- Include options from $SFLAGS when doing $LDSHARED
+- Simplify 64-bit file support by introducing z_off64_t type
+- Make shared object files in objs directory to work around old Sun cc
+- Use only three-part version number for Darwin shared compiles
+- Add rc option to ar in Makefile.in for when ./configure not run
+- Add -WI,-rpath,. to LDFLAGS for OSF 1 V4*
+- Set LD_LIBRARYN32_PATH for SGI IRIX shared compile
+- Protect against _FILE_OFFSET_BITS being defined when compiling zlib
+- Rename Makefile.in targets allstatic to static and allshared to shared
+- Fix static and shared Makefile.in targets to be independent
+- Correct error return bug in gz_open() by setting state [Brown]
+- Put spaces before ;;'s in configure for better sh compatibility
+- Add pigz.c (parallel implementation of gzip) to examples/
+- Correct constant in crc32.c to UL [Leventhal]
+- Reject negative lengths in crc32_combine()
+- Add inflateReset2() function to work like inflateEnd()/inflateInit2()
+- Include sys/types.h for _LARGEFILE64_SOURCE [Brown]
+- Correct typo in doc/algorithm.txt [Janik]
+- Fix bug in adler32_combine() [Zhu]
+- Catch missing-end-of-block-code error in all inflates and in puff
+    Assures that random input to inflate eventually results in an error
+- Added enough.c (calculation of ENOUGH for inftrees.h) to examples/
+- Update ENOUGH and its usage to reflect discovered bounds
+- Fix gzerror() error report on empty input file [Brown]
+- Add ush casts in trees.c to avoid pedantic runtime errors
+- Fix typo in zlib.h uncompress() description [Reiss]
+- Correct inflate() comments with regard to automatic header detection
+- Remove deprecation comment on Z_PARTIAL_FLUSH (it stays)
+- Put new version of gzlog (2.0) in examples with interruption recovery
+- Add puff compile option to permit invalid distance-too-far streams
+- Add puff TEST command options, ability to read piped input
+- Prototype the *64 functions in zlib.h when _FILE_OFFSET_BITS == 64, but
+  _LARGEFILE64_SOURCE not defined
+- Fix Z_FULL_FLUSH to truly erase the past by resetting s->strstart
+- Fix deflateSetDictionary() to use all 32K for output consistency
+- Remove extraneous #define MIN_LOOKAHEAD in deflate.c (in deflate.h)
+- Clear bytes after deflate lookahead to avoid use of uninitialized data
+- Change a limit in inftrees.c to be more transparent to Coverity Prevent
+- Update win32/zlib.def with exported symbols from zlib.h
+- Correct spelling errors in zlib.h [Willem, Sobrado]
+- Allow Z_BLOCK for deflate() to force a new block
+- Allow negative bits in inflatePrime() to delete existing bit buffer
+- Add Z_TREES flush option to inflate() to return at end of trees
+- Add inflateMark() to return current state information for random access
+- Add Makefile for NintendoDS to contrib [Costa]
+- Add -w in configure compile tests to avoid spurious warnings [Beucler]
+- Fix typos in zlib.h comments for deflateSetDictionary()
+- Fix EOF detection in transparent gzread() [Maier]
+
+Changes in 1.2.3.3 (2 October 2006)
+- Make --shared the default for configure, add a --static option
+- Add compile option to permit invalid distance-too-far streams
+- Add inflateUndermine() function which is required to enable above
+- Remove use of "this" variable name for C++ compatibility [Marquess]
+- Add testing of shared library in make test, if shared library built
+- Use ftello() and fseeko() if available instead of ftell() and fseek()
+- Provide two versions of all functions that use the z_off_t type for
+  binary compatibility -- a normal version and a 64-bit offset version,
+  per the Large File Support Extension when _LARGEFILE64_SOURCE is
+  defined; use the 64-bit versions by default when _FILE_OFFSET_BITS
+  is defined to be 64
+- Add a --uname= option to configure to perhaps help with cross-compiling
+
+Changes in 1.2.3.2 (3 September 2006)
+- Turn off silly Borland warnings [Hay]
+- Use off64_t and define _LARGEFILE64_SOURCE when present
+- Fix missing dependency on inffixed.h in Makefile.in
+- Rig configure --shared to build both shared and static [Teredesai, Truta]
+- Remove zconf.in.h and instead create a new zlibdefs.h file
+- Fix contrib/minizip/unzip.c non-encrypted after encrypted [Vollant]
+- Add treebuild.xml (see http://treebuild.metux.de/) [Weigelt]
+
+Changes in 1.2.3.1 (16 August 2006)
+- Add watcom directory with OpenWatcom make files [Daniel]
+- Remove #undef of FAR in zconf.in.h for MVS [Fedtke]
+- Update make_vms.com [Zinser]
+- Use -fPIC for shared build in configure [Teredesai, Nicholson]
+- Use only major version number for libz.so on IRIX and OSF1 [Reinholdtsen]
+- Use fdopen() (not _fdopen()) for Interix in zutil.h [Bäck]
+- Add some FAQ entries about the contrib directory
+- Update the MVS question in the FAQ
+- Avoid extraneous reads after EOF in gzio.c [Brown]
+- Correct spelling of "successfully" in gzio.c [Randers-Pehrson]
+- Add comments to zlib.h about gzerror() usage [Brown]
+- Set extra flags in gzip header in gzopen() like deflate() does
+- Make configure options more compatible with double-dash conventions
+  [Weigelt]
+- Clean up compilation under Solaris SunStudio cc [Rowe, Reinholdtsen]
+- Fix uninstall target in Makefile.in [Truta]
+- Add pkgconfig support [Weigelt]
+- Use $(DESTDIR) macro in Makefile.in [Reinholdtsen, Weigelt]
+- Replace set_data_type() with a more accurate detect_data_type() in
+  trees.c, according to the txtvsbin.txt document [Truta]
+- Swap the order of #include <stdio.h> and #include "zlib.h" in
+  gzio.c, example.c and minigzip.c [Truta]
+- Shut up annoying VS2005 warnings about standard C deprecation [Rowe,
+  Truta] (where?)
+- Fix target "clean" from win32/Makefile.bor [Truta]
+- Create .pdb and .manifest files in win32/makefile.msc [Ziegler, Rowe]
+- Update zlib www home address in win32/DLL_FAQ.txt [Truta]
+- Update contrib/masmx86/inffas32.asm for VS2005 [Vollant, Van Wassenhove]
+- Enable browse info in the "Debug" and "ASM Debug" configurations in
+  the Visual C++ 6 project, and set (non-ASM) "Debug" as default [Truta]
+- Add pkgconfig support [Weigelt]
+- Add ZLIB_VER_MAJOR, ZLIB_VER_MINOR and ZLIB_VER_REVISION in zlib.h,
+  for use in win32/zlib1.rc [Polushin, Rowe, Truta]
+- Add a document that explains the new text detection scheme to
+  doc/txtvsbin.txt [Truta]
+- Add rfc1950.txt, rfc1951.txt and rfc1952.txt to doc/ [Truta]
+- Move algorithm.txt into doc/ [Truta]
+- Synchronize FAQ with website
+- Fix compressBound(), was low for some pathological cases [Fearnley]
+- Take into account wrapper variations in deflateBound()
+- Set examples/zpipe.c input and output to binary mode for Windows
+- Update examples/zlib_how.html with new zpipe.c (also web site)
+- Fix some warnings in examples/gzlog.c and examples/zran.c (it seems
+  that gcc became pickier in 4.0)
+- Add zlib.map for Linux: "All symbols from zlib-1.1.4 remain
+  un-versioned, the patch adds versioning only for symbols introduced in
+  zlib-1.2.0 or later.  It also declares as local those symbols which are
+  not designed to be exported." [Levin]
+- Update Z_PREFIX list in zconf.in.h, add --zprefix option to configure
+- Do not initialize global static by default in trees.c, add a response
+  NO_INIT_GLOBAL_POINTERS to initialize them if needed [Marquess]
+- Don't use strerror() in gzio.c under WinCE [Yakimov]
+- Don't use errno.h in zutil.h under WinCE [Yakimov]
+- Move arguments for AR to its usage to allow replacing ar [Marot]
+- Add HAVE_VISIBILITY_PRAGMA in zconf.in.h for Mozilla [Randers-Pehrson]
+- Improve inflateInit() and inflateInit2() documentation
+- Fix structure size comment in inflate.h
+- Change configure help option from --h* to --help [Santos]
+
+Changes in 1.2.3 (18 July 2005)
+- Apply security vulnerability fixes to contrib/infback9 as well
+- Clean up some text files (carriage returns, trailing space)
+- Update testzlib, vstudio, masmx64, and masmx86 in contrib [Vollant]
+
+Changes in 1.2.2.4 (11 July 2005)
+- Add inflatePrime() function for starting inflation at bit boundary
+- Avoid some Visual C warnings in deflate.c
+- Avoid more silly Visual C warnings in inflate.c and inftrees.c for 64-bit
+  compile
+- Fix some spelling errors in comments [Betts]
+- Correct inflateInit2() error return documentation in zlib.h
+- Add zran.c example of compressed data random access to examples
+  directory, shows use of inflatePrime()
+- Fix cast for assignments to strm->state in inflate.c and infback.c
+- Fix zlibCompileFlags() in zutil.c to use 1L for long shifts [Oberhumer]
+- Move declarations of gf2 functions to right place in crc32.c [Oberhumer]
+- Add cast in trees.c t avoid a warning [Oberhumer]
+- Avoid some warnings in fitblk.c, gun.c, gzjoin.c in examples [Oberhumer]
+- Update make_vms.com [Zinser]
+- Initialize state->write in inflateReset() since copied in inflate_fast()
+- Be more strict on incomplete code sets in inflate_table() and increase
+  ENOUGH and MAXD -- this repairs a possible security vulnerability for
+  invalid inflate input.  Thanks to Tavis Ormandy and Markus Oberhumer for
+  discovering the vulnerability and providing test cases
+- Add ia64 support to configure for HP-UX [Smith]
+- Add error return to gzread() for format or i/o error [Levin]
+- Use malloc.h for OS/2 [Necasek]
+
+Changes in 1.2.2.3 (27 May 2005)
+- Replace 1U constants in inflate.c and inftrees.c for 64-bit compile
+- Typecast fread() return values in gzio.c [Vollant]
+- Remove trailing space in minigzip.c outmode (VC++ can't deal with it)
+- Fix crc check bug in gzread() after gzungetc() [Heiner]
+- Add the deflateTune() function to adjust internal compression parameters
+- Add a fast gzip decompressor, gun.c, to examples (use of inflateBack)
+- Remove an incorrect assertion in examples/zpipe.c
+- Add C++ wrapper in infback9.h [Donais]
+- Fix bug in inflateCopy() when decoding fixed codes
+- Note in zlib.h how much deflateSetDictionary() actually uses
+- Remove USE_DICT_HEAD in deflate.c (would mess up inflate if used)
+- Add _WIN32_WCE to define WIN32 in zconf.in.h [Spencer]
+- Don't include stderr.h or errno.h for _WIN32_WCE in zutil.h [Spencer]
+- Add gzdirect() function to indicate transparent reads
+- Update contrib/minizip [Vollant]
+- Fix compilation of deflate.c when both ASMV and FASTEST [Oberhumer]
+- Add casts in crc32.c to avoid warnings [Oberhumer]
+- Add contrib/masmx64 [Vollant]
+- Update contrib/asm586, asm686, masmx86, testzlib, vstudio [Vollant]
+
+Changes in 1.2.2.2 (30 December 2004)
+- Replace structure assignments in deflate.c and inflate.c with zmemcpy to
+  avoid implicit memcpy calls (portability for no-library compilation)
+- Increase sprintf() buffer size in gzdopen() to allow for large numbers
+- Add INFLATE_STRICT to check distances against zlib header
+- Improve WinCE errno handling and comments [Chang]
+- Remove comment about no gzip header processing in FAQ
+- Add Z_FIXED strategy option to deflateInit2() to force fixed trees
+- Add updated make_vms.com [Coghlan], update README
+- Create a new "examples" directory, move gzappend.c there, add zpipe.c,
+  fitblk.c, gzlog.[ch], gzjoin.c, and zlib_how.html
+- Add FAQ entry and comments in deflate.c on uninitialized memory access
+- Add Solaris 9 make options in configure [Gilbert]
+- Allow strerror() usage in gzio.c for STDC
+- Fix DecompressBuf in contrib/delphi/ZLib.pas [ManChesTer]
+- Update contrib/masmx86/inffas32.asm and gvmat32.asm [Vollant]
+- Use z_off_t for adler32_combine() and crc32_combine() lengths
+- Make adler32() much faster for small len
+- Use OS_CODE in deflate() default gzip header
+
+Changes in 1.2.2.1 (31 October 2004)
+- Allow inflateSetDictionary() call for raw inflate
+- Fix inflate header crc check bug for file names and comments
+- Add deflateSetHeader() and gz_header structure for custom gzip headers
+- Add inflateGetheader() to retrieve gzip headers
+- Add crc32_combine() and adler32_combine() functions
+- Add alloc_func, free_func, in_func, out_func to Z_PREFIX list
+- Use zstreamp consistently in zlib.h (inflate_back functions)
+- Remove GUNZIP condition from definition of inflate_mode in inflate.h
+  and in contrib/inflate86/inffast.S [Truta, Anderson]
+- Add support for AMD64 in contrib/inflate86/inffas86.c [Anderson]
+- Update projects/README.projects and projects/visualc6 [Truta]
+- Update win32/DLL_FAQ.txt [Truta]
+- Avoid warning under NO_GZCOMPRESS in gzio.c; fix typo [Truta]
+- Deprecate Z_ASCII; use Z_TEXT instead [Truta]
+- Use a new algorithm for setting strm->data_type in trees.c [Truta]
+- Do not define an exit() prototype in zutil.c unless DEBUG defined
+- Remove prototype of exit() from zutil.c, example.c, minigzip.c [Truta]
+- Add comment in zlib.h for Z_NO_FLUSH parameter to deflate()
+- Fix Darwin build version identification [Peterson]
+
+Changes in 1.2.2 (3 October 2004)
+- Update zlib.h comments on gzip in-memory processing
+- Set adler to 1 in inflateReset() to support Java test suite [Walles]
+- Add contrib/dotzlib [Ravn]
+- Update win32/DLL_FAQ.txt [Truta]
+- Update contrib/minizip [Vollant]
+- Move contrib/visual-basic.txt to old/ [Truta]
+- Fix assembler builds in projects/visualc6/ [Truta]
+
+Changes in 1.2.1.2 (9 September 2004)
+- Update INDEX file
+- Fix trees.c to update strm->data_type (no one ever noticed!)
+- Fix bug in error case in inflate.c, infback.c, and infback9.c [Brown]
+- Add "volatile" to crc table flag declaration (for DYNAMIC_CRC_TABLE)
+- Add limited multitasking protection to DYNAMIC_CRC_TABLE
+- Add NO_vsnprintf for VMS in zutil.h [Mozilla]
+- Don't declare strerror() under VMS [Mozilla]
+- Add comment to DYNAMIC_CRC_TABLE to use get_crc_table() to initialize
+- Update contrib/ada [Anisimkov]
+- Update contrib/minizip [Vollant]
+- Fix configure to not hardcode directories for Darwin [Peterson]
+- Fix gzio.c to not return error on empty files [Brown]
+- Fix indentation; update version in contrib/delphi/ZLib.pas and
+  contrib/pascal/zlibpas.pas [Truta]
+- Update mkasm.bat in contrib/masmx86 [Truta]
+- Update contrib/untgz [Truta]
+- Add projects/README.projects [Truta]
+- Add project for MS Visual C++ 6.0 in projects/visualc6 [Cadieux, Truta]
+- Update win32/DLL_FAQ.txt [Truta]
+- Update list of Z_PREFIX symbols in zconf.h [Randers-Pehrson, Truta]
+- Remove an unnecessary assignment to curr in inftrees.c [Truta]
+- Add OS/2 to exe builds in configure [Poltorak]
+- Remove err dummy parameter in zlib.h [Kientzle]
+
+Changes in 1.2.1.1 (9 January 2004)
+- Update email address in README
+- Several FAQ updates
+- Fix a big fat bug in inftrees.c that prevented decoding valid
+  dynamic blocks with only literals and no distance codes --
+  Thanks to "Hot Emu" for the bug report and sample file
+- Add a note to puff.c on no distance codes case
+
+Changes in 1.2.1 (17 November 2003)
+- Remove a tab in contrib/gzappend/gzappend.c
+- Update some interfaces in contrib for new zlib functions
+- Update zlib version number in some contrib entries
+- Add Windows CE definition for ptrdiff_t in zutil.h [Mai, Truta]
+- Support shared libraries on Hurd and KFreeBSD [Brown]
+- Fix error in NO_DIVIDE option of adler32.c
+
+Changes in 1.2.0.8 (4 November 2003)
+- Update version in contrib/delphi/ZLib.pas and contrib/pascal/zlibpas.pas
+- Add experimental NO_DIVIDE #define in adler32.c
+    - Possibly faster on some processors (let me know if it is)
+- Correct Z_BLOCK to not return on first inflate call if no wrap
+- Fix strm->data_type on inflate() return to correctly indicate EOB
+- Add deflatePrime() function for appending in the middle of a byte
+- Add contrib/gzappend for an example of appending to a stream
+- Update win32/DLL_FAQ.txt [Truta]
+- Delete Turbo C comment in README [Truta]
+- Improve some indentation in zconf.h [Truta]
+- Fix infinite loop on bad input in configure script [Church]
+- Fix gzeof() for concatenated gzip files [Johnson]
+- Add example to contrib/visual-basic.txt [Michael B.]
+- Add -p to mkdir's in Makefile.in [vda]
+- Fix configure to properly detect presence or lack of printf functions
+- Add AS400 support [Monnerat]
+- Add a little Cygwin support [Wilson]
+
+Changes in 1.2.0.7 (21 September 2003)
+- Correct some debug formats in contrib/infback9
+- Cast a type in a debug statement in trees.c
+- Change search and replace delimiter in configure from % to # [Beebe]
+- Update contrib/untgz to 0.2 with various fixes [Truta]
+- Add build support for Amiga [Nikl]
+- Remove some directories in old that have been updated to 1.2
+- Add dylib building for Mac OS X in configure and Makefile.in
+- Remove old distribution stuff from Makefile
+- Update README to point to DLL_FAQ.txt, and add comment on Mac OS X
+- Update links in README
+
+Changes in 1.2.0.6 (13 September 2003)
+- Minor FAQ updates
+- Update contrib/minizip to 1.00 [Vollant]
+- Remove test of gz functions in example.c when GZ_COMPRESS defined [Truta]
+- Update POSTINC comment for 68060 [Nikl]
+- Add contrib/infback9 with deflate64 decoding (unsupported)
+- For MVS define NO_vsnprintf and undefine FAR [van Burik]
+- Add pragma for fdopen on MVS [van Burik]
+
+Changes in 1.2.0.5 (8 September 2003)
+- Add OF to inflateBackEnd() declaration in zlib.h
+- Remember start when using gzdopen in the middle of a file
+- Use internal off_t counters in gz* functions to properly handle seeks
+- Perform more rigorous check for distance-too-far in inffast.c
+- Add Z_BLOCK flush option to return from inflate at block boundary
+- Set strm->data_type on return from inflate
+    - Indicate bits unused, if at block boundary, and if in last block
+- Replace size_t with ptrdiff_t in crc32.c, and check for correct size
+- Add condition so old NO_DEFLATE define still works for compatibility
+- FAQ update regarding the Windows DLL [Truta]
+- INDEX update: add qnx entry, remove aix entry [Truta]
+- Install zlib.3 into mandir [Wilson]
+- Move contrib/zlib_dll_FAQ.txt to win32/DLL_FAQ.txt; update [Truta]
+- Adapt the zlib interface to the new DLL convention guidelines [Truta]
+- Introduce ZLIB_WINAPI macro to allow the export of functions using
+  the WINAPI calling convention, for Visual Basic [Vollant, Truta]
+- Update msdos and win32 scripts and makefiles [Truta]
+- Export symbols by name, not by ordinal, in win32/zlib.def [Truta]
+- Add contrib/ada [Anisimkov]
+- Move asm files from contrib/vstudio/vc70_32 to contrib/asm386 [Truta]
+- Rename contrib/asm386 to contrib/masmx86 [Truta, Vollant]
+- Add contrib/masm686 [Truta]
+- Fix offsets in contrib/inflate86 and contrib/masmx86/inffas32.asm
+  [Truta, Vollant]
+- Update contrib/delphi; rename to contrib/pascal; add example [Truta]
+- Remove contrib/delphi2; add a new contrib/delphi [Truta]
+- Avoid inclusion of the nonstandard <memory.h> in contrib/iostream,
+  and fix some method prototypes [Truta]
+- Fix the ZCR_SEED2 constant to avoid warnings in contrib/minizip
+  [Truta]
+- Avoid the use of backslash (\) in contrib/minizip [Vollant]
+- Fix file time handling in contrib/untgz; update makefiles [Truta]
+- Update contrib/vstudio/vc70_32 to comply with the new DLL guidelines
+  [Vollant]
+- Remove contrib/vstudio/vc15_16 [Vollant]
+- Rename contrib/vstudio/vc70_32 to contrib/vstudio/vc7 [Truta]
+- Update README.contrib [Truta]
+- Invert the assignment order of match_head and s->prev[...] in
+  INSERT_STRING [Truta]
+- Compare TOO_FAR with 32767 instead of 32768, to avoid 16-bit warnings
+  [Truta]
+- Compare function pointers with 0, not with NULL or Z_NULL [Truta]
+- Fix prototype of syncsearch in inflate.c [Truta]
+- Introduce ASMINF macro to be enabled when using an ASM implementation
+  of inflate_fast [Truta]
+- Change NO_DEFLATE to NO_GZCOMPRESS [Truta]
+- Modify test_gzio in example.c to take a single file name as a
+  parameter [Truta]
+- Exit the example.c program if gzopen fails [Truta]
+- Add type casts around strlen in example.c [Truta]
+- Remove casting to sizeof in minigzip.c; give a proper type
+  to the variable compared with SUFFIX_LEN [Truta]
+- Update definitions of STDC and STDC99 in zconf.h [Truta]
+- Synchronize zconf.h with the new Windows DLL interface [Truta]
+- Use SYS16BIT instead of __32BIT__ to distinguish between
+  16- and 32-bit platforms [Truta]
+- Use far memory allocators in small 16-bit memory models for
+  Turbo C [Truta]
+- Add info about the use of ASMV, ASMINF and ZLIB_WINAPI in
+  zlibCompileFlags [Truta]
+- Cygwin has vsnprintf [Wilson]
+- In Windows16, OS_CODE is 0, as in MSDOS [Truta]
+- In Cygwin, OS_CODE is 3 (Unix), not 11 (Windows32) [Wilson]
+
+Changes in 1.2.0.4 (10 August 2003)
+- Minor FAQ updates
+- Be more strict when checking inflateInit2's windowBits parameter
+- Change NO_GUNZIP compile option to NO_GZIP to cover deflate as well
+- Add gzip wrapper option to deflateInit2 using windowBits
+- Add updated QNX rule in configure and qnx directory [Bonnefoy]
+- Make inflate distance-too-far checks more rigorous
+- Clean up FAR usage in inflate
+- Add casting to sizeof() in gzio.c and minigzip.c
+
+Changes in 1.2.0.3 (19 July 2003)
+- Fix silly error in gzungetc() implementation [Vollant]
+- Update contrib/minizip and contrib/vstudio [Vollant]
+- Fix printf format in example.c
+- Correct cdecl support in zconf.in.h [Anisimkov]
+- Minor FAQ updates
+
+Changes in 1.2.0.2 (13 July 2003)
+- Add ZLIB_VERNUM in zlib.h for numerical preprocessor comparisons
+- Attempt to avoid warnings in crc32.c for pointer-int conversion
+- Add AIX to configure, remove aix directory [Bakker]
+- Add some casts to minigzip.c
+- Improve checking after insecure sprintf() or vsprintf() calls
+- Remove #elif's from crc32.c
+- Change leave label to inf_leave in inflate.c and infback.c to avoid
+  library conflicts
+- Remove inflate gzip decoding by default--only enable gzip decoding by
+  special request for stricter backward compatibility
+- Add zlibCompileFlags() function to return compilation information
+- More typecasting in deflate.c to avoid warnings
+- Remove leading underscore from _Capital #defines [Truta]
+- Fix configure to link shared library when testing
+- Add some Windows CE target adjustments [Mai]
+- Remove #define ZLIB_DLL in zconf.h [Vollant]
+- Add zlib.3 [Rodgers]
+- Update RFC URL in deflate.c and algorithm.txt [Mai]
+- Add zlib_dll_FAQ.txt to contrib [Truta]
+- Add UL to some constants [Truta]
+- Update minizip and vstudio [Vollant]
+- Remove vestigial NEED_DUMMY_RETURN from zconf.in.h
+- Expand use of NO_DUMMY_DECL to avoid all dummy structures
+- Added iostream3 to contrib [Schwardt]
+- Replace rewind() with fseek() for WinCE [Truta]
+- Improve setting of zlib format compression level flags
+    - Report 0 for huffman and rle strategies and for level == 0 or 1
+    - Report 2 only for level == 6
+- Only deal with 64K limit when necessary at compile time [Truta]
+- Allow TOO_FAR check to be turned off at compile time [Truta]
+- Add gzclearerr() function [Souza]
+- Add gzungetc() function
+
+Changes in 1.2.0.1 (17 March 2003)
+- Add Z_RLE strategy for run-length encoding [Truta]
+    - When Z_RLE requested, restrict matches to distance one
+    - Update zlib.h, minigzip.c, gzopen(), gzdopen() for Z_RLE
+- Correct FASTEST compilation to allow level == 0
+- Clean up what gets compiled for FASTEST
+- Incorporate changes to zconf.in.h [Vollant]
+    - Refine detection of Turbo C need for dummy returns
+    - Refine ZLIB_DLL compilation
+    - Include additional header file on VMS for off_t typedef
+- Try to use _vsnprintf where it supplants vsprintf [Vollant]
+- Add some casts in inffast.c
+- Enhance comments in zlib.h on what happens if gzprintf() tries to
+  write more than 4095 bytes before compression
+- Remove unused state from inflateBackEnd()
+- Remove exit(0) from minigzip.c, example.c
+- Get rid of all those darn tabs
+- Add "check" target to Makefile.in that does the same thing as "test"
+- Add "mostlyclean" and "maintainer-clean" targets to Makefile.in
+- Update contrib/inflate86 [Anderson]
+- Update contrib/testzlib, contrib/vstudio, contrib/minizip [Vollant]
+- Add msdos and win32 directories with makefiles [Truta]
+- More additions and improvements to the FAQ
+
+Changes in 1.2.0 (9 March 2003)
+- New and improved inflate code
+    - About 20% faster
+    - Does not allocate 32K window unless and until needed
+    - Automatically detects and decompresses gzip streams
+    - Raw inflate no longer needs an extra dummy byte at end
+    - Added inflateBack functions using a callback interface--even faster
+      than inflate, useful for file utilities (gzip, zip)
+    - Added inflateCopy() function to record state for random access on
+      externally generated deflate streams (e.g. in gzip files)
+    - More readable code (I hope)
+- New and improved crc32()
+    - About 50% faster, thanks to suggestions from Rodney Brown
+- Add deflateBound() and compressBound() functions
+- Fix memory leak in deflateInit2()
+- Permit setting dictionary for raw deflate (for parallel deflate)
+- Fix const declaration for gzwrite()
+- Check for some malloc() failures in gzio.c
+- Fix bug in gzopen() on single-byte file 0x1f
+- Fix bug in gzread() on concatenated file with 0x1f at end of buffer
+  and next buffer doesn't start with 0x8b
+- Fix uncompress() to return Z_DATA_ERROR on truncated input
+- Free memory at end of example.c
+- Remove MAX #define in trees.c (conflicted with some libraries)
+- Fix static const's in deflate.c, gzio.c, and zutil.[ch]
+- Declare malloc() and free() in gzio.c if STDC not defined
+- Use malloc() instead of calloc() in zutil.c if int big enough
+- Define STDC for AIX
+- Add aix/ with approach for compiling shared library on AIX
+- Add HP-UX support for shared libraries in configure
+- Add OpenUNIX support for shared libraries in configure
+- Use $cc instead of gcc to build shared library
+- Make prefix directory if needed when installing
+- Correct Macintosh avoidance of typedef Byte in zconf.h
+- Correct Turbo C memory allocation when under Linux
+- Use libz.a instead of -lz in Makefile (assure use of compiled library)
+- Update configure to check for snprintf or vsnprintf functions and their
+  return value, warn during make if using an insecure function
+- Fix configure problem with compile-time knowledge of HAVE_UNISTD_H that
+  is lost when library is used--resolution is to build new zconf.h
+- Documentation improvements (in zlib.h):
+    - Document raw deflate and inflate
+    - Update RFCs URL
+    - Point out that zlib and gzip formats are different
+    - Note that Z_BUF_ERROR is not fatal
+    - Document string limit for gzprintf() and possible buffer overflow
+    - Note requirement on avail_out when flushing
+    - Note permitted values of flush parameter of inflate()
+- Add some FAQs (and even answers) to the FAQ
+- Add contrib/inflate86/ for x86 faster inflate
+- Add contrib/blast/ for PKWare Data Compression Library decompression
+- Add contrib/puff/ simple inflate for deflate format description
+
+Changes in 1.1.4 (11 March 2002)
+- ZFREE was repeated on same allocation on some error conditions
+  This creates a security problem described in
+  http://www.zlib.org/advisory-2002-03-11.txt
+- Returned incorrect error (Z_MEM_ERROR) on some invalid data
+- Avoid accesses before window for invalid distances with inflate window
+  less than 32K
+- force windowBits > 8 to avoid a bug in the encoder for a window size
+  of 256 bytes. (A complete fix will be available in 1.1.5)
+
+Changes in 1.1.3 (9 July 1998)
+- fix "an inflate input buffer bug that shows up on rare but persistent
+  occasions" (Mark)
+- fix gzread and gztell for concatenated .gz files (Didier Le Botlan)
+- fix gzseek(..., SEEK_SET) in write mode
+- fix crc check after a gzeek (Frank Faubert)
+- fix miniunzip when the last entry in a zip file is itself a zip file
+  (J Lillge)
+- add contrib/asm586 and contrib/asm686 (Brian Raiter)
+  See http://www.muppetlabs.com/~breadbox/software/assembly.html
+- add support for Delphi 3 in contrib/delphi (Bob Dellaca)
+- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti)
+- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren)
+- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks)
+- added a FAQ file
+
+- Support gzdopen on Mac with Metrowerks (Jason Linhart)
+- Do not redefine Byte on Mac (Brad Pettit & Jason Linhart)
+- define SEEK_END too if SEEK_SET is not defined (Albert Chin-A-Young)
+- avoid some warnings with Borland C (Tom Tanner)
+- fix a problem in contrib/minizip/zip.c for 16-bit MSDOS (Gilles Vollant)
+- emulate utime() for WIN32 in contrib/untgz  (Gilles Vollant)
+- allow several arguments to configure (Tim Mooney, Frodo Looijaard)
+- use libdir and includedir in Makefile.in (Tim Mooney)
+- support shared libraries on OSF1 V4 (Tim Mooney)
+- remove so_locations in "make clean"  (Tim Mooney)
+- fix maketree.c compilation error (Glenn, Mark)
+- Python interface to zlib now in Python 1.5 (Jeremy Hylton)
+- new Makefile.riscos (Rich Walker)
+- initialize static descriptors in trees.c for embedded targets (Nick Smith)
+- use "foo-gz" in example.c for RISCOS and VMS (Nick Smith)
+- add the OS/2 files in Makefile.in too (Andrew Zabolotny)
+- fix fdopen and halloc macros for Microsoft C 6.0 (Tom Lane)
+- fix maketree.c to allow clean compilation of inffixed.h (Mark)
+- fix parameter check in deflateCopy (Gunther Nikl)
+- cleanup trees.c, use compressed_len only in debug mode (Christian Spieler)
+- Many portability patches by Christian Spieler:
+  . zutil.c, zutil.h: added "const" for zmem*
+  . Make_vms.com: fixed some typos
+  . Make_vms.com: msdos/Makefile.*: removed zutil.h from some dependency lists
+  . msdos/Makefile.msc: remove "default rtl link library" info from obj files
+  . msdos/Makefile.*: use model-dependent name for the built zlib library
+  . msdos/Makefile.emx, nt/Makefile.emx, nt/Makefile.gcc:
+     new makefiles, for emx (DOS/OS2), emx&rsxnt and mingw32 (Windows 9x / NT)
+- use define instead of typedef for Bytef also for MSC small/medium (Tom Lane)
+- replace __far with _far for better portability (Christian Spieler, Tom Lane)
+- fix test for errno.h in configure (Tim Newsham)
+
+Changes in 1.1.2 (19 March 98)
+- added contrib/minzip, mini zip and unzip based on zlib (Gilles Vollant)
+  See http://www.winimage.com/zLibDll/unzip.html
+- preinitialize the inflate tables for fixed codes, to make the code
+  completely thread safe (Mark)
+- some simplifications and slight speed-up to the inflate code (Mark)
+- fix gzeof on non-compressed files (Allan Schrum)
+- add -std1 option in configure for OSF1 to fix gzprintf (Martin Mokrejs)
+- use default value of 4K for Z_BUFSIZE for 16-bit MSDOS (Tim Wegner + Glenn)
+- added os2/Makefile.def and os2/zlib.def (Andrew Zabolotny)
+- add shared lib support for UNIX_SV4.2MP (MATSUURA Takanori)
+- do not wrap extern "C" around system includes (Tom Lane)
+- mention zlib binding for TCL in README (Andreas Kupries)
+- added amiga/Makefile.pup for Amiga powerUP SAS/C PPC (Andreas Kleinert)
+- allow "make install prefix=..." even after configure (Glenn Randers-Pehrson)
+- allow "configure --prefix $HOME" (Tim Mooney)
+- remove warnings in example.c and gzio.c (Glenn Randers-Pehrson)
+- move Makefile.sas to amiga/Makefile.sas
+
+Changes in 1.1.1 (27 Feb 98)
+- fix macros _tr_tally_* in deflate.h for debug mode  (Glenn Randers-Pehrson)
+- remove block truncation heuristic which had very marginal effect for zlib
+  (smaller lit_bufsize than in gzip 1.2.4) and degraded a little the
+  compression ratio on some files. This also allows inlining _tr_tally for
+  matches in deflate_slow
+- added msdos/Makefile.w32 for WIN32 Microsoft Visual C++ (Bob Frazier)
+
+Changes in 1.1.0 (24 Feb 98)
+- do not return STREAM_END prematurely in inflate (John Bowler)
+- revert to the zlib 1.0.8 inflate to avoid the gcc 2.8.0 bug (Jeremy Buhler)
+- compile with -DFASTEST to get compression code optimized for speed only
+- in minigzip, try mmap'ing the input file first (Miguel Albrecht)
+- increase size of I/O buffers in minigzip.c and gzio.c (not a big gain
+  on Sun but significant on HP)
+
+- add a pointer to experimental unzip library in README (Gilles Vollant)
+- initialize variable gcc in configure (Chris Herborth)
+
+Changes in 1.0.9 (17 Feb 1998)
+- added gzputs and gzgets functions
+- do not clear eof flag in gzseek (Mark Diekhans)
+- fix gzseek for files in transparent mode (Mark Diekhans)
+- do not assume that vsprintf returns the number of bytes written (Jens Krinke)
+- replace EXPORT with ZEXPORT to avoid conflict with other programs
+- added compress2 in zconf.h, zlib.def, zlib.dnt
+- new asm code from Gilles Vollant in contrib/asm386
+- simplify the inflate code (Mark):
+ . Replace ZALLOC's in huft_build() with single ZALLOC in inflate_blocks_new()
+ . ZALLOC the length list in inflate_trees_fixed() instead of using stack
+ . ZALLOC the value area for huft_build() instead of using stack
+ . Simplify Z_FINISH check in inflate()
+
+- Avoid gcc 2.8.0 comparison bug a little differently than zlib 1.0.8
+- in inftrees.c, avoid cc -O bug on HP (Farshid Elahi)
+- in zconf.h move the ZLIB_DLL stuff earlier to avoid problems with
+  the declaration of FAR (Gilles Vollant)
+- install libz.so* with mode 755 (executable) instead of 644 (Marc Lehmann)
+- read_buf buf parameter of type Bytef* instead of charf*
+- zmemcpy parameters are of type Bytef*, not charf* (Joseph Strout)
+- do not redeclare unlink in minigzip.c for WIN32 (John Bowler)
+- fix check for presence of directories in "make install" (Ian Willis)
+
+Changes in 1.0.8 (27 Jan 1998)
+- fixed offsets in contrib/asm386/gvmat32.asm (Gilles Vollant)
+- fix gzgetc and gzputc for big endian systems (Markus Oberhumer)
+- added compress2() to allow setting the compression level
+- include sys/types.h to get off_t on some systems (Marc Lehmann & QingLong)
+- use constant arrays for the static trees in trees.c instead of computing
+  them at run time (thanks to Ken Raeburn for this suggestion). To create
+  trees.h, compile with GEN_TREES_H and run "make test"
+- check return code of example in "make test" and display result
+- pass minigzip command line options to file_compress
+- simplifying code of inflateSync to avoid gcc 2.8 bug
+
+- support CC="gcc -Wall" in configure -s (QingLong)
+- avoid a flush caused by ftell in gzopen for write mode (Ken Raeburn)
+- fix test for shared library support to avoid compiler warnings
+- zlib.lib -> zlib.dll in msdos/zlib.rc (Gilles Vollant)
+- check for TARGET_OS_MAC in addition to MACOS (Brad Pettit)
+- do not use fdopen for Metrowerks on Mac (Brad Pettit))
+- add checks for gzputc and gzputc in example.c
+- avoid warnings in gzio.c and deflate.c (Andreas Kleinert)
+- use const for the CRC table (Ken Raeburn)
+- fixed "make uninstall" for shared libraries
+- use Tracev instead of Trace in infblock.c
+- in example.c use correct compressed length for test_sync
+- suppress +vnocompatwarnings in configure for HPUX (not always supported)
+
+Changes in 1.0.7 (20 Jan 1998)
+- fix gzseek which was broken in write mode
+- return error for gzseek to negative absolute position
+- fix configure for Linux (Chun-Chung Chen)
+- increase stack space for MSC (Tim Wegner)
+- get_crc_table and inflateSyncPoint are EXPORTed (Gilles Vollant)
+- define EXPORTVA for gzprintf (Gilles Vollant)
+- added man page zlib.3 (Rick Rodgers)
+- for contrib/untgz, fix makedir() and improve Makefile
+
+- check gzseek in write mode in example.c
+- allocate extra buffer for seeks only if gzseek is actually called
+- avoid signed/unsigned comparisons (Tim Wegner, Gilles Vollant)
+- add inflateSyncPoint in zconf.h
+- fix list of exported functions in nt/zlib.dnt and mdsos/zlib.def
+
+Changes in 1.0.6 (19 Jan 1998)
+- add functions gzprintf, gzputc, gzgetc, gztell, gzeof, gzseek, gzrewind and
+  gzsetparams (thanks to Roland Giersig and Kevin Ruland for some of this code)
+- Fix a deflate bug occurring only with compression level 0 (thanks to
+  Andy Buckler for finding this one)
+- In minigzip, pass transparently also the first byte for .Z files
+- return Z_BUF_ERROR instead of Z_OK if output buffer full in uncompress()
+- check Z_FINISH in inflate (thanks to Marc Schluper)
+- Implement deflateCopy (thanks to Adam Costello)
+- make static libraries by default in configure, add --shared option
+- move MSDOS or Windows specific files to directory msdos
+- suppress the notion of partial flush to simplify the interface
+  (but the symbol Z_PARTIAL_FLUSH is kept for compatibility with 1.0.4)
+- suppress history buffer provided by application to simplify the interface
+  (this feature was not implemented anyway in 1.0.4)
+- next_in and avail_in must be initialized before calling inflateInit or
+  inflateInit2
+- add EXPORT in all exported functions (for Windows DLL)
+- added Makefile.nt (thanks to Stephen Williams)
+- added the unsupported "contrib" directory:
+   contrib/asm386/ by Gilles Vollant <info@winimage.com>
+        386 asm code replacing longest_match()
+   contrib/iostream/ by Kevin Ruland <kevin@rodin.wustl.edu>
+        A C++ I/O streams interface to the zlib gz* functions
+   contrib/iostream2/  by Tyge Løvset <Tyge.Lovset@cmr.no>
+        Another C++ I/O streams interface
+   contrib/untgz/  by "Pedro A. Aranda Guti\irrez" <paag@tid.es>
+        A very simple tar.gz file extractor using zlib
+   contrib/visual-basic.txt by Carlos Rios <c_rios@sonda.cl>
+        How to use compress(), uncompress() and the gz* functions from VB
+- pass params -f (filtered data), -h (huffman only), -1 to -9 (compression
+  level) in minigzip (thanks to Tom Lane)
+
+- use const for rommable constants in deflate
+- added test for gzseek and gztell in example.c
+- add undocumented function inflateSyncPoint() (hack for Paul Mackerras)
+- add undocumented function zError to convert error code to string
+  (for Tim Smithers)
+- Allow compilation of gzio with -DNO_DEFLATE to avoid the compression code
+- Use default memcpy for Symantec MSDOS compiler
+- Add EXPORT keyword for check_func (needed for Windows DLL)
+- add current directory to LD_LIBRARY_PATH for "make test"
+- create also a link for libz.so.1
+- added support for FUJITSU UXP/DS (thanks to Toshiaki Nomura)
+- use $(SHAREDLIB) instead of libz.so in Makefile.in (for HPUX)
+- added -soname for Linux in configure (Chun-Chung Chen,
+- assign numbers to the exported functions in zlib.def (for Windows DLL)
+- add advice in zlib.h for best usage of deflateSetDictionary
+- work around compiler bug on Atari (cast Z_NULL in call of s->checkfn)
+- allow compilation with ANSI keywords only enabled for TurboC in large model
+- avoid "versionString"[0] (Borland bug)
+- add NEED_DUMMY_RETURN for Borland
+- use variable z_verbose for tracing in debug mode (L. Peter Deutsch)
+- allow compilation with CC
+- defined STDC for OS/2 (David Charlap)
+- limit external names to 8 chars for MVS (Thomas Lund)
+- in minigzip.c, use static buffers only for 16-bit systems
+- fix suffix check for "minigzip -d foo.gz"
+- do not return an error for the 2nd of two consecutive gzflush() (Felix Lee)
+- use _fdopen instead of fdopen for MSC >= 6.0 (Thomas Fanslau)
+- added makelcc.bat for lcc-win32 (Tom St Denis)
+- in Makefile.dj2, use copy and del instead of install and rm (Frank Donahoe)
+- Avoid expanded $Id$. Use "rcs -kb" or "cvs admin -kb" to avoid Id expansion
+- check for unistd.h in configure (for off_t)
+- remove useless check parameter in inflate_blocks_free
+- avoid useless assignment of s->check to itself in inflate_blocks_new
+- do not flush twice in gzclose (thanks to Ken Raeburn)
+- rename FOPEN as F_OPEN to avoid clash with /usr/include/sys/file.h
+- use NO_ERRNO_H instead of enumeration of operating systems with errno.h
+- work around buggy fclose on pipes for HP/UX
+- support zlib DLL with BORLAND C++ 5.0 (thanks to Glenn Randers-Pehrson)
+- fix configure if CC is already equal to gcc
+
+Changes in 1.0.5 (3 Jan 98)
+- Fix inflate to terminate gracefully when fed corrupted or invalid data
+- Use const for rommable constants in inflate
+- Eliminate memory leaks on error conditions in inflate
+- Removed some vestigial code in inflate
+- Update web address in README
+
+Changes in 1.0.4 (24 Jul 96)
+- In very rare conditions, deflate(s, Z_FINISH) could fail to produce an EOF
+  bit, so the decompressor could decompress all the correct data but went
+  on to attempt decompressing extra garbage data. This affected minigzip too
+- zlibVersion and gzerror return const char* (needed for DLL)
+- port to RISCOS (no fdopen, no multiple dots, no unlink, no fileno)
+- use z_error only for DEBUG (avoid problem with DLLs)
+
+Changes in 1.0.3 (2 Jul 96)
+- use z_streamp instead of z_stream *, which is now a far pointer in MSDOS
+  small and medium models; this makes the library incompatible with previous
+  versions for these models. (No effect in large model or on other systems.)
+- return OK instead of BUF_ERROR if previous deflate call returned with
+  avail_out as zero but there is nothing to do
+- added memcmp for non STDC compilers
+- define NO_DUMMY_DECL for more Mac compilers (.h files merged incorrectly)
+- define __32BIT__ if __386__ or i386 is defined (pb. with Watcom and SCO)
+- better check for 16-bit mode MSC (avoids problem with Symantec)
+
+Changes in 1.0.2 (23 May 96)
+- added Windows DLL support
+- added a function zlibVersion (for the DLL support)
+- fixed declarations using Bytef in infutil.c (pb with MSDOS medium model)
+- Bytef is define's instead of typedef'd only for Borland C
+- avoid reading uninitialized memory in example.c
+- mention in README that the zlib format is now RFC1950
+- updated Makefile.dj2
+- added algorithm.doc
+
+Changes in 1.0.1 (20 May 96) [1.0 skipped to avoid confusion]
+- fix array overlay in deflate.c which sometimes caused bad compressed data
+- fix inflate bug with empty stored block
+- fix MSDOS medium model which was broken in 0.99
+- fix deflateParams() which could generate bad compressed data
+- Bytef is define'd instead of typedef'ed (work around Borland bug)
+- added an INDEX file
+- new makefiles for DJGPP (Makefile.dj2), 32-bit Borland (Makefile.b32),
+  Watcom (Makefile.wat), Amiga SAS/C (Makefile.sas)
+- speed up adler32 for modern machines without auto-increment
+- added -ansi for IRIX in configure
+- static_init_done in trees.c is an int
+- define unlink as delete for VMS
+- fix configure for QNX
+- add configure branch for SCO and HPUX
+- avoid many warnings (unused variables, dead assignments, etc...)
+- no fdopen for BeOS
+- fix the Watcom fix for 32 bit mode (define FAR as empty)
+- removed redefinition of Byte for MKWERKS
+- work around an MWKERKS bug (incorrect merge of all .h files)
+
+Changes in 0.99 (27 Jan 96)
+- allow preset dictionary shared between compressor and decompressor
+- allow compression level 0 (no compression)
+- add deflateParams in zlib.h: allow dynamic change of compression level
+  and compression strategy
+- test large buffers and deflateParams in example.c
+- add optional "configure" to build zlib as a shared library
+- suppress Makefile.qnx, use configure instead
+- fixed deflate for 64-bit systems (detected on Cray)
+- fixed inflate_blocks for 64-bit systems (detected on Alpha)
+- declare Z_DEFLATED in zlib.h (possible parameter for deflateInit2)
+- always return Z_BUF_ERROR when deflate() has nothing to do
+- deflateInit and inflateInit are now macros to allow version checking
+- prefix all global functions and types with z_ with -DZ_PREFIX
+- make falloc completely reentrant (inftrees.c)
+- fixed very unlikely race condition in ct_static_init
+- free in reverse order of allocation to help memory manager
+- use zlib-1.0/* instead of zlib/* inside the tar.gz
+- make zlib warning-free with "gcc -O3 -Wall -Wwrite-strings -Wpointer-arith
+  -Wconversion -Wstrict-prototypes -Wmissing-prototypes"
+- allow gzread on concatenated .gz files
+- deflateEnd now returns Z_DATA_ERROR if it was premature
+- deflate is finally (?) fully deterministic (no matches beyond end of input)
+- Document Z_SYNC_FLUSH
+- add uninstall in Makefile
+- Check for __cpluplus in zlib.h
+- Better test in ct_align for partial flush
+- avoid harmless warnings for Borland C++
+- initialize hash_head in deflate.c
+- avoid warning on fdopen (gzio.c) for HP cc -Aa
+- include stdlib.h for STDC compilers
+- include errno.h for Cray
+- ignore error if ranlib doesn't exist
+- call ranlib twice for NeXTSTEP
+- use exec_prefix instead of prefix for libz.a
+- renamed ct_* as _tr_* to avoid conflict with applications
+- clear z->msg in inflateInit2 before any error return
+- initialize opaque in example.c, gzio.c, deflate.c and inflate.c
+- fixed typo in zconf.h (_GNUC__ => __GNUC__)
+- check for WIN32 in zconf.h and zutil.c (avoid farmalloc in 32-bit mode)
+- fix typo in Make_vms.com (f$trnlnm -> f$getsyi)
+- in fcalloc, normalize pointer if size > 65520 bytes
+- don't use special fcalloc for 32 bit Borland C++
+- use STDC instead of __GO32__ to avoid redeclaring exit, calloc, etc.
+- use Z_BINARY instead of BINARY
+- document that gzclose after gzdopen will close the file
+- allow "a" as mode in gzopen
+- fix error checking in gzread
+- allow skipping .gz extra-field on pipes
+- added reference to Perl interface in README
+- put the crc table in FAR data (I dislike more and more the medium model :)
+- added get_crc_table
+- added a dimension to all arrays (Borland C can't count)
+- workaround Borland C bug in declaration of inflate_codes_new & inflate_fast
+- guard against multiple inclusion of *.h (for precompiled header on Mac)
+- Watcom C pretends to be Microsoft C small model even in 32 bit mode
+- don't use unsized arrays to avoid silly warnings by Visual C++:
+     warning C4746: 'inflate_mask' : unsized array treated as  '__far'
+     (what's wrong with far data in far model?)
+- define enum out of inflate_blocks_state to allow compilation with C++
+
+Changes in 0.95 (16 Aug 95)
+- fix MSDOS small and medium model (now easier to adapt to any compiler)
+- inlined send_bits
+- fix the final (:-) bug for deflate with flush (output was correct but
+  not completely flushed in rare occasions)
+- default window size is same for compression and decompression
+  (it's now sufficient to set MAX_WBITS in zconf.h)
+- voidp -> voidpf and voidnp -> voidp (for consistency with other
+  typedefs and because voidnp was not near in large model)
+
+Changes in 0.94 (13 Aug 95)
+- support MSDOS medium model
+- fix deflate with flush (could sometimes generate bad output)
+- fix deflateReset (zlib header was incorrectly suppressed)
+- added support for VMS
+- allow a compression level in gzopen()
+- gzflush now calls fflush
+- For deflate with flush, flush even if no more input is provided
+- rename libgz.a as libz.a
+- avoid complex expression in infcodes.c triggering Turbo C bug
+- work around a problem with gcc on Alpha (in INSERT_STRING)
+- don't use inline functions (problem with some gcc versions)
+- allow renaming of Byte, uInt, etc... with #define
+- avoid warning about (unused) pointer before start of array in deflate.c
+- avoid various warnings in gzio.c, example.c, infblock.c, adler32.c, zutil.c
+- avoid reserved word 'new' in trees.c
+
+Changes in 0.93 (25 June 95)
+- temporarily disable inline functions
+- make deflate deterministic
+- give enough lookahead for PARTIAL_FLUSH
+- Set binary mode for stdin/stdout in minigzip.c for OS/2
+- don't even use signed char in inflate (not portable enough)
+- fix inflate memory leak for segmented architectures
+
+Changes in 0.92 (3 May 95)
+- don't assume that char is signed (problem on SGI)
+- Clear bit buffer when starting a stored block
+- no memcpy on Pyramid
+- suppressed inftest.c
+- optimized fill_window, put longest_match inline for gcc
+- optimized inflate on stored blocks
+- untabify all sources to simplify patches
+
+Changes in 0.91 (2 May 95)
+- Default MEM_LEVEL is 8 (not 9 for Unix) as documented in zlib.h
+- Document the memory requirements in zconf.h
+- added "make install"
+- fix sync search logic in inflateSync
+- deflate(Z_FULL_FLUSH) now works even if output buffer too short
+- after inflateSync, don't scare people with just "lo world"
+- added support for DJGPP
+
+Changes in 0.9 (1 May 95)
+- don't assume that zalloc clears the allocated memory (the TurboC bug
+  was Mark's bug after all :)
+- let again gzread copy uncompressed data unchanged (was working in 0.71)
+- deflate(Z_FULL_FLUSH), inflateReset and inflateSync are now fully implemented
+- added a test of inflateSync in example.c
+- moved MAX_WBITS to zconf.h because users might want to change that
+- document explicitly that zalloc(64K) on MSDOS must return a normalized
+  pointer (zero offset)
+- added Makefiles for Microsoft C, Turbo C, Borland C++
+- faster crc32()
+
+Changes in 0.8 (29 April 95)
+- added fast inflate (inffast.c)
+- deflate(Z_FINISH) now returns Z_STREAM_END when done. Warning: this
+  is incompatible with previous versions of zlib which returned Z_OK
+- work around a TurboC compiler bug (bad code for b << 0, see infutil.h)
+  (actually that was not a compiler bug, see 0.81 above)
+- gzread no longer reads one extra byte in certain cases
+- In gzio destroy(), don't reference a freed structure
+- avoid many warnings for MSDOS
+- avoid the ERROR symbol which is used by MS Windows
+
+Changes in 0.71 (14 April 95)
+- Fixed more MSDOS compilation problems :( There is still a bug with
+  TurboC large model
+
+Changes in 0.7 (14 April 95)
+- Added full inflate support
+- Simplified the crc32() interface. The pre- and post-conditioning
+  (one's complement) is now done inside crc32(). WARNING: this is
+  incompatible with previous versions; see zlib.h for the new usage
+
+Changes in 0.61 (12 April 95)
+- workaround for a bug in TurboC. example and minigzip now work on MSDOS
+
+Changes in 0.6 (11 April 95)
+- added minigzip.c
+- added gzdopen to reopen a file descriptor as gzFile
+- added transparent reading of non-gziped files in gzread
+- fixed bug in gzread (don't read crc as data)
+- fixed bug in destroy (gzio.c) (don't return Z_STREAM_END for gzclose)
+- don't allocate big arrays in the stack (for MSDOS)
+- fix some MSDOS compilation problems
+
+Changes in 0.5:
+- do real compression in deflate.c. Z_PARTIAL_FLUSH is supported but
+  not yet Z_FULL_FLUSH
+- support decompression but only in a single step (forced Z_FINISH)
+- added opaque object for zalloc and zfree
+- added deflateReset and inflateReset
+- added a variable zlib_version for consistency checking
+- renamed the 'filter' parameter of deflateInit2 as 'strategy'
+  Added Z_FILTERED and Z_HUFFMAN_ONLY constants
+
+Changes in 0.4:
+- avoid "zip" everywhere, use zlib instead of ziplib
+- suppress Z_BLOCK_FLUSH, interpret Z_PARTIAL_FLUSH as block flush
+  if compression method == 8
+- added adler32 and crc32
+- renamed deflateOptions as deflateInit2, call one or the other but not both
+- added the method parameter for deflateInit2
+- added inflateInit2
+- simplified considerably deflateInit and inflateInit by not supporting
+  user-provided history buffer. This is supported only in deflateInit2
+  and inflateInit2
+
+Changes in 0.3:
+- prefix all macro names with Z_
+- use Z_FINISH instead of deflateEnd to finish compression
+- added Z_HUFFMAN_ONLY
+- added gzerror()
diff --git a/zlib-1.3.1/FAQ b/zlib-1.3.1/FAQ
new file mode 100644
index 00000000..92f5d3e2
--- /dev/null
+++ b/zlib-1.3.1/FAQ
@@ -0,0 +1,367 @@
+
+                Frequently Asked Questions about zlib
+
+
+If your question is not there, please check the zlib home page
+http://zlib.net/ which may have more recent information.
+The latest zlib FAQ is at http://zlib.net/zlib_faq.html
+
+
+ 1. Is zlib Y2K-compliant?
+
+    Yes. zlib doesn't handle dates.
+
+ 2. Where can I get a Windows DLL version?
+
+    The zlib sources can be compiled without change to produce a DLL.  See the
+    file win32/DLL_FAQ.txt in the zlib distribution.
+
+ 3. Where can I get a Visual Basic interface to zlib?
+
+    See
+        * http://marknelson.us/1997/01/01/zlib-engine/
+        * win32/DLL_FAQ.txt in the zlib distribution
+
+ 4. compress() returns Z_BUF_ERROR.
+
+    Make sure that before the call of compress(), the length of the compressed
+    buffer is equal to the available size of the compressed buffer and not
+    zero.  For Visual Basic, check that this parameter is passed by reference
+    ("as any"), not by value ("as long").
+
+ 5. deflate() or inflate() returns Z_BUF_ERROR.
+
+    Before making the call, make sure that avail_in and avail_out are not zero.
+    When setting the parameter flush equal to Z_FINISH, also make sure that
+    avail_out is big enough to allow processing all pending input.  Note that a
+    Z_BUF_ERROR is not fatal--another call to deflate() or inflate() can be
+    made with more input or output space.  A Z_BUF_ERROR may in fact be
+    unavoidable depending on how the functions are used, since it is not
+    possible to tell whether or not there is more output pending when
+    strm.avail_out returns with zero.  See http://zlib.net/zlib_how.html for a
+    heavily annotated example.
+
+ 6. Where's the zlib documentation (man pages, etc.)?
+
+    It's in zlib.h .  Examples of zlib usage are in the files test/example.c
+    and test/minigzip.c, with more in examples/ .
+
+ 7. Why don't you use GNU autoconf or libtool or ...?
+
+    Because we would like to keep zlib as a very small and simple package.
+    zlib is rather portable and doesn't need much configuration.
+
+ 8. I found a bug in zlib.
+
+    Most of the time, such problems are due to an incorrect usage of zlib.
+    Please try to reproduce the problem with a small program and send the
+    corresponding source to us at zlib@gzip.org .  Do not send multi-megabyte
+    data files without prior agreement.
+
+ 9. Why do I get "undefined reference to gzputc"?
+
+    If "make test" produces something like
+
+       example.o(.text+0x154): undefined reference to `gzputc'
+
+    check that you don't have old files libz.* in /usr/lib, /usr/local/lib or
+    /usr/X11R6/lib. Remove any old versions, then do "make install".
+
+10. I need a Delphi interface to zlib.
+
+    See the contrib/delphi directory in the zlib distribution.
+
+11. Can zlib handle .zip archives?
+
+    Not by itself, no.  See the directory contrib/minizip in the zlib
+    distribution.
+
+12. Can zlib handle .Z files?
+
+    No, sorry.  You have to spawn an uncompress or gunzip subprocess, or adapt
+    the code of uncompress on your own.
+
+13. How can I make a Unix shared library?
+
+    By default a shared (and a static) library is built for Unix.  So:
+
+    make distclean
+    ./configure
+    make
+
+14. How do I install a shared zlib library on Unix?
+
+    After the above, then:
+
+    make install
+
+    However, many flavors of Unix come with a shared zlib already installed.
+    Before going to the trouble of compiling a shared version of zlib and
+    trying to install it, you may want to check if it's already there!  If you
+    can #include <zlib.h>, it's there.  The -lz option will probably link to
+    it.  You can check the version at the top of zlib.h or with the
+    ZLIB_VERSION symbol defined in zlib.h .
+
+15. I have a question about OttoPDF.
+
+    We are not the authors of OttoPDF. The real author is on the OttoPDF web
+    site: Joel Hainley, jhainley@myndkryme.com.
+
+16. Can zlib decode Flate data in an Adobe PDF file?
+
+    Yes. See http://www.pdflib.com/ . To modify PDF forms, see
+    http://sourceforge.net/projects/acroformtool/ .
+
+17. Why am I getting this "register_frame_info not found" error on Solaris?
+
+    After installing zlib 1.1.4 on Solaris 2.6, running applications using zlib
+    generates an error such as:
+
+        ld.so.1: rpm: fatal: relocation error: file /usr/local/lib/libz.so:
+        symbol __register_frame_info: referenced symbol not found
+
+    The symbol __register_frame_info is not part of zlib, it is generated by
+    the C compiler (cc or gcc).  You must recompile applications using zlib
+    which have this problem.  This problem is specific to Solaris.  See
+    http://www.sunfreeware.com for Solaris versions of zlib and applications
+    using zlib.
+
+18. Why does gzip give an error on a file I make with compress/deflate?
+
+    The compress and deflate functions produce data in the zlib format, which
+    is different and incompatible with the gzip format.  The gz* functions in
+    zlib on the other hand use the gzip format.  Both the zlib and gzip formats
+    use the same compressed data format internally, but have different headers
+    and trailers around the compressed data.
+
+19. Ok, so why are there two different formats?
+
+    The gzip format was designed to retain the directory information about a
+    single file, such as the name and last modification date.  The zlib format
+    on the other hand was designed for in-memory and communication channel
+    applications, and has a much more compact header and trailer and uses a
+    faster integrity check than gzip.
+
+20. Well that's nice, but how do I make a gzip file in memory?
+
+    You can request that deflate write the gzip format instead of the zlib
+    format using deflateInit2().  You can also request that inflate decode the
+    gzip format using inflateInit2().  Read zlib.h for more details.
+
+21. Is zlib thread-safe?
+
+    Yes.  However any library routines that zlib uses and any application-
+    provided memory allocation routines must also be thread-safe.  zlib's gz*
+    functions use stdio library routines, and most of zlib's functions use the
+    library memory allocation routines by default.  zlib's *Init* functions
+    allow for the application to provide custom memory allocation routines.
+
+    Of course, you should only operate on any given zlib or gzip stream from a
+    single thread at a time.
+
+22. Can I use zlib in my commercial application?
+
+    Yes.  Please read the license in zlib.h.
+
+23. Is zlib under the GNU license?
+
+    No.  Please read the license in zlib.h.
+
+24. The license says that altered source versions must be "plainly marked". So
+    what exactly do I need to do to meet that requirement?
+
+    You need to change the ZLIB_VERSION and ZLIB_VERNUM #defines in zlib.h.  In
+    particular, the final version number needs to be changed to "f", and an
+    identification string should be appended to ZLIB_VERSION.  Version numbers
+    x.x.x.f are reserved for modifications to zlib by others than the zlib
+    maintainers.  For example, if the version of the base zlib you are altering
+    is "1.2.3.4", then in zlib.h you should change ZLIB_VERNUM to 0x123f, and
+    ZLIB_VERSION to something like "1.2.3.f-zachary-mods-v3".  You can also
+    update the version strings in deflate.c and inftrees.c.
+
+    For altered source distributions, you should also note the origin and
+    nature of the changes in zlib.h, as well as in ChangeLog and README, along
+    with the dates of the alterations.  The origin should include at least your
+    name (or your company's name), and an email address to contact for help or
+    issues with the library.
+
+    Note that distributing a compiled zlib library along with zlib.h and
+    zconf.h is also a source distribution, and so you should change
+    ZLIB_VERSION and ZLIB_VERNUM and note the origin and nature of the changes
+    in zlib.h as you would for a full source distribution.
+
+25. Will zlib work on a big-endian or little-endian architecture, and can I
+    exchange compressed data between them?
+
+    Yes and yes.
+
+26. Will zlib work on a 64-bit machine?
+
+    Yes.  It has been tested on 64-bit machines, and has no dependence on any
+    data types being limited to 32-bits in length.  If you have any
+    difficulties, please provide a complete problem report to zlib@gzip.org
+
+27. Will zlib decompress data from the PKWare Data Compression Library?
+
+    No.  The PKWare DCL uses a completely different compressed data format than
+    does PKZIP and zlib.  However, you can look in zlib's contrib/blast
+    directory for a possible solution to your problem.
+
+28. Can I access data randomly in a compressed stream?
+
+    No, not without some preparation.  If when compressing you periodically use
+    Z_FULL_FLUSH, carefully write all the pending data at those points, and
+    keep an index of those locations, then you can start decompression at those
+    points.  You have to be careful to not use Z_FULL_FLUSH too often, since it
+    can significantly degrade compression.  Alternatively, you can scan a
+    deflate stream once to generate an index, and then use that index for
+    random access.  See examples/zran.c .
+
+29. Does zlib work on MVS, OS/390, CICS, etc.?
+
+    It has in the past, but we have not heard of any recent evidence.  There
+    were working ports of zlib 1.1.4 to MVS, but those links no longer work.
+    If you know of recent, successful applications of zlib on these operating
+    systems, please let us know.  Thanks.
+
+30. Is there some simpler, easier to read version of inflate I can look at to
+    understand the deflate format?
+
+    First off, you should read RFC 1951.  Second, yes.  Look in zlib's
+    contrib/puff directory.
+
+31. Does zlib infringe on any patents?
+
+    As far as we know, no.  In fact, that was originally the whole point behind
+    zlib.  Look here for some more information:
+
+    http://www.gzip.org/#faq11
+
+32. Can zlib work with greater than 4 GB of data?
+
+    Yes.  inflate() and deflate() will process any amount of data correctly.
+    Each call of inflate() or deflate() is limited to input and output chunks
+    of the maximum value that can be stored in the compiler's "unsigned int"
+    type, but there is no limit to the number of chunks.  Note however that the
+    strm.total_in and strm_total_out counters may be limited to 4 GB.  These
+    counters are provided as a convenience and are not used internally by
+    inflate() or deflate().  The application can easily set up its own counters
+    updated after each call of inflate() or deflate() to count beyond 4 GB.
+    compress() and uncompress() may be limited to 4 GB, since they operate in a
+    single call.  gzseek() and gztell() may be limited to 4 GB depending on how
+    zlib is compiled.  See the zlibCompileFlags() function in zlib.h.
+
+    The word "may" appears several times above since there is a 4 GB limit only
+    if the compiler's "long" type is 32 bits.  If the compiler's "long" type is
+    64 bits, then the limit is 16 exabytes.
+
+33. Does zlib have any security vulnerabilities?
+
+    The only one that we are aware of is potentially in gzprintf().  If zlib is
+    compiled to use sprintf() or vsprintf(), then there is no protection
+    against a buffer overflow of an 8K string space (or other value as set by
+    gzbuffer()), other than the caller of gzprintf() assuring that the output
+    will not exceed 8K.  On the other hand, if zlib is compiled to use
+    snprintf() or vsnprintf(), which should normally be the case, then there is
+    no vulnerability.  The ./configure script will display warnings if an
+    insecure variation of sprintf() will be used by gzprintf().  Also the
+    zlibCompileFlags() function will return information on what variant of
+    sprintf() is used by gzprintf().
+
+    If you don't have snprintf() or vsnprintf() and would like one, you can
+    find a portable implementation here:
+
+        http://www.ijs.si/software/snprintf/
+
+    Note that you should be using the most recent version of zlib.  Versions
+    1.1.3 and before were subject to a double-free vulnerability, and versions
+    1.2.1 and 1.2.2 were subject to an access exception when decompressing
+    invalid compressed data.
+
+34. Is there a Java version of zlib?
+
+    Probably what you want is to use zlib in Java. zlib is already included
+    as part of the Java SDK in the java.util.zip package. If you really want
+    a version of zlib written in the Java language, look on the zlib home
+    page for links: http://zlib.net/ .
+
+35. I get this or that compiler or source-code scanner warning when I crank it
+    up to maximally-pedantic. Can't you guys write proper code?
+
+    Many years ago, we gave up attempting to avoid warnings on every compiler
+    in the universe.  It just got to be a waste of time, and some compilers
+    were downright silly as well as contradicted each other.  So now, we simply
+    make sure that the code always works.
+
+36. Valgrind (or some similar memory access checker) says that deflate is
+    performing a conditional jump that depends on an uninitialized value.
+    Isn't that a bug?
+
+    No.  That is intentional for performance reasons, and the output of deflate
+    is not affected.  This only started showing up recently since zlib 1.2.x
+    uses malloc() by default for allocations, whereas earlier versions used
+    calloc(), which zeros out the allocated memory.  Even though the code was
+    correct, versions 1.2.4 and later was changed to not stimulate these
+    checkers.
+
+37. Will zlib read the (insert any ancient or arcane format here) compressed
+    data format?
+
+    Probably not. Look in the comp.compression FAQ for pointers to various
+    formats and associated software.
+
+38. How can I encrypt/decrypt zip files with zlib?
+
+    zlib doesn't support encryption.  The original PKZIP encryption is very
+    weak and can be broken with freely available programs.  To get strong
+    encryption, use GnuPG, http://www.gnupg.org/ , which already includes zlib
+    compression.  For PKZIP compatible "encryption", look at
+    http://www.info-zip.org/
+
+39. What's the difference between the "gzip" and "deflate" HTTP 1.1 encodings?
+
+    "gzip" is the gzip format, and "deflate" is the zlib format.  They should
+    probably have called the second one "zlib" instead to avoid confusion with
+    the raw deflate compressed data format.  While the HTTP 1.1 RFC 2616
+    correctly points to the zlib specification in RFC 1950 for the "deflate"
+    transfer encoding, there have been reports of servers and browsers that
+    incorrectly produce or expect raw deflate data per the deflate
+    specification in RFC 1951, most notably Microsoft.  So even though the
+    "deflate" transfer encoding using the zlib format would be the more
+    efficient approach (and in fact exactly what the zlib format was designed
+    for), using the "gzip" transfer encoding is probably more reliable due to
+    an unfortunate choice of name on the part of the HTTP 1.1 authors.
+
+    Bottom line: use the gzip format for HTTP 1.1 encoding.
+
+40. Does zlib support the new "Deflate64" format introduced by PKWare?
+
+    No.  PKWare has apparently decided to keep that format proprietary, since
+    they have not documented it as they have previous compression formats.  In
+    any case, the compression improvements are so modest compared to other more
+    modern approaches, that it's not worth the effort to implement.
+
+41. I'm having a problem with the zip functions in zlib, can you help?
+
+    There are no zip functions in zlib.  You are probably using minizip by
+    Giles Vollant, which is found in the contrib directory of zlib.  It is not
+    part of zlib.  In fact none of the stuff in contrib is part of zlib.  The
+    files in there are not supported by the zlib authors.  You need to contact
+    the authors of the respective contribution for help.
+
+42. The match.asm code in contrib is under the GNU General Public License.
+    Since it's part of zlib, doesn't that mean that all of zlib falls under the
+    GNU GPL?
+
+    No.  The files in contrib are not part of zlib.  They were contributed by
+    other authors and are provided as a convenience to the user within the zlib
+    distribution.  Each item in contrib has its own license.
+
+43. Is zlib subject to export controls?  What is its ECCN?
+
+    zlib is not subject to export controls, and so is classified as EAR99.
+
+44. Can you please sign these lengthy legal documents and fax them back to us
+    so that we can use your software in our product?
+
+    No. Go away. Shoo.
diff --git a/zlib-1.3.1/INDEX b/zlib-1.3.1/INDEX
new file mode 100644
index 00000000..2ba06412
--- /dev/null
+++ b/zlib-1.3.1/INDEX
@@ -0,0 +1,68 @@
+CMakeLists.txt  cmake build file
+ChangeLog       history of changes
+FAQ             Frequently Asked Questions about zlib
+INDEX           this file
+Makefile        dummy Makefile that tells you to ./configure
+Makefile.in     template for Unix Makefile
+README          guess what
+configure       configure script for Unix
+make_vms.com    makefile for VMS
+test/example.c  zlib usages examples for build testing
+test/minigzip.c minimal gzip-like functionality for build testing
+test/infcover.c inf*.c code coverage for build coverage testing
+treebuild.xml   XML description of source file dependencies
+zconf.h.cmakein zconf.h template for cmake
+zconf.h.in      zconf.h template for configure
+zlib.3          Man page for zlib
+zlib.3.pdf      Man page in PDF format
+zlib.map        Linux symbol information
+zlib.pc.in      Template for pkg-config descriptor
+zlib.pc.cmakein zlib.pc template for cmake
+zlib2ansi       perl script to convert source files for C++ compilation
+
+amiga/          makefiles for Amiga SAS C
+as400/          makefiles for AS/400
+doc/            documentation for formats and algorithms
+msdos/          makefiles for MSDOS
+nintendods/     makefile for Nintendo DS
+old/            makefiles for various architectures and zlib documentation
+                files that have not yet been updated for zlib 1.2.x
+qnx/            makefiles for QNX
+watcom/         makefiles for OpenWatcom
+win32/          makefiles for Windows
+
+                zlib public header files (required for library use):
+zconf.h
+zlib.h
+
+                private source files used to build the zlib library:
+adler32.c
+compress.c
+crc32.c
+crc32.h
+deflate.c
+deflate.h
+gzclose.c
+gzguts.h
+gzlib.c
+gzread.c
+gzwrite.c
+infback.c
+inffast.c
+inffast.h
+inffixed.h
+inflate.c
+inflate.h
+inftrees.c
+inftrees.h
+trees.c
+trees.h
+uncompr.c
+zutil.c
+zutil.h
+
+                source files for sample programs
+See examples/README.examples
+
+                unsupported contributions by third parties
+See contrib/README.contrib
diff --git a/zlib-1.3.1/LICENSE b/zlib-1.3.1/LICENSE
new file mode 100644
index 00000000..ab8ee6f7
--- /dev/null
+++ b/zlib-1.3.1/LICENSE
@@ -0,0 +1,22 @@
+Copyright notice:
+
+ (C) 1995-2022 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
diff --git a/zlib-1.3.1/Makefile b/zlib-1.3.1/Makefile
new file mode 100644
index 00000000..6bba86c7
--- /dev/null
+++ b/zlib-1.3.1/Makefile
@@ -0,0 +1,5 @@
+all:
+	-@echo "Please use ./configure first.  Thank you."
+
+distclean:
+	make -f Makefile.in distclean
diff --git a/zlib-1.3.1/Makefile.in b/zlib-1.3.1/Makefile.in
new file mode 100644
index 00000000..cb8b00a9
--- /dev/null
+++ b/zlib-1.3.1/Makefile.in
@@ -0,0 +1,410 @@
+# Makefile for zlib
+# Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
+# For conditions of distribution and use, see copyright notice in zlib.h
+
+# To compile and test, type:
+#    ./configure; make test
+# Normally configure builds both a static and a shared library.
+# If you want to build just a static library, use: ./configure --static
+
+# To install /usr/local/lib/libz.* and /usr/local/include/zlib.h, type:
+#    make install
+# To install in $HOME instead of /usr/local, use:
+#    make install prefix=$HOME
+
+CC=cc
+
+CFLAGS=-O
+#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#CFLAGS=-g -DZLIB_DEBUG
+#CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+#           -Wstrict-prototypes -Wmissing-prototypes
+
+SFLAGS=-O
+LDFLAGS=
+TEST_LIBS=-L. libz.a
+LDSHARED=$(CC)
+CPP=$(CC) -E
+
+STATICLIB=libz.a
+SHAREDLIB=libz.so
+SHAREDLIBV=libz.so.1.3.1
+SHAREDLIBM=libz.so.1
+LIBS=$(STATICLIB) $(SHAREDLIBV)
+
+AR=ar
+ARFLAGS=rc
+RANLIB=ranlib
+LDCONFIG=ldconfig
+LDSHAREDLIBC=-lc
+TAR=tar
+SHELL=/bin/sh
+EXE=
+
+prefix = /usr/local
+exec_prefix = ${prefix}
+libdir = ${exec_prefix}/lib
+sharedlibdir = ${libdir}
+includedir = ${prefix}/include
+mandir = ${prefix}/share/man
+man3dir = ${mandir}/man3
+pkgconfigdir = ${libdir}/pkgconfig
+SRCDIR=
+ZINC=
+ZINCOUT=-I.
+
+OBJZ = adler32.o crc32.o deflate.o infback.o inffast.o inflate.o inftrees.o trees.o zutil.o
+OBJG = compress.o uncompr.o gzclose.o gzlib.o gzread.o gzwrite.o
+OBJC = $(OBJZ) $(OBJG)
+
+PIC_OBJZ = adler32.lo crc32.lo deflate.lo infback.lo inffast.lo inflate.lo inftrees.lo trees.lo zutil.lo
+PIC_OBJG = compress.lo uncompr.lo gzclose.lo gzlib.lo gzread.lo gzwrite.lo
+PIC_OBJC = $(PIC_OBJZ) $(PIC_OBJG)
+
+# to use the asm code: make OBJA=match.o, PIC_OBJA=match.lo
+OBJA =
+PIC_OBJA =
+
+OBJS = $(OBJC) $(OBJA)
+
+PIC_OBJS = $(PIC_OBJC) $(PIC_OBJA)
+
+all: static shared
+
+static: example$(EXE) minigzip$(EXE)
+
+shared: examplesh$(EXE) minigzipsh$(EXE)
+
+all64: example64$(EXE) minigzip64$(EXE)
+
+check: test
+
+test: all teststatic testshared
+
+teststatic: static
+	@TMPST=tmpst_$$; \
+	if echo hello world | ${QEMU_RUN} ./minigzip | ${QEMU_RUN} ./minigzip -d && ${QEMU_RUN} ./example $$TMPST ; then \
+	  echo '		*** zlib test OK ***'; \
+	else \
+	  echo '		*** zlib test FAILED ***'; false; \
+	fi
+	@rm -f tmpst_$$
+
+testshared: shared
+	@LD_LIBRARY_PATH=`pwd`:$(LD_LIBRARY_PATH) ; export LD_LIBRARY_PATH; \
+	LD_LIBRARYN32_PATH=`pwd`:$(LD_LIBRARYN32_PATH) ; export LD_LIBRARYN32_PATH; \
+	DYLD_LIBRARY_PATH=`pwd`:$(DYLD_LIBRARY_PATH) ; export DYLD_LIBRARY_PATH; \
+	SHLIB_PATH=`pwd`:$(SHLIB_PATH) ; export SHLIB_PATH; \
+	TMPSH=tmpsh_$$; \
+	if echo hello world | ${QEMU_RUN} ./minigzipsh | ${QEMU_RUN} ./minigzipsh -d && ${QEMU_RUN} ./examplesh $$TMPSH; then \
+	  echo '		*** zlib shared test OK ***'; \
+	else \
+	  echo '		*** zlib shared test FAILED ***'; false; \
+	fi
+	@rm -f tmpsh_$$
+
+test64: all64
+	@TMP64=tmp64_$$; \
+	if echo hello world | ${QEMU_RUN} ./minigzip64 | ${QEMU_RUN} ./minigzip64 -d && ${QEMU_RUN} ./example64 $$TMP64; then \
+	  echo '		*** zlib 64-bit test OK ***'; \
+	else \
+	  echo '		*** zlib 64-bit test FAILED ***'; false; \
+	fi
+	@rm -f tmp64_$$
+
+infcover.o: $(SRCDIR)test/infcover.c $(SRCDIR)zlib.h zconf.h
+	$(CC) $(CFLAGS) $(ZINCOUT) -c -o $@ $(SRCDIR)test/infcover.c
+
+infcover: infcover.o libz.a
+	$(CC) $(CFLAGS) -o $@ infcover.o libz.a
+
+cover: infcover
+	rm -f *.gcda
+	${QEMU_RUN} ./infcover
+	gcov inf*.c
+
+libz.a: $(OBJS)
+	$(AR) $(ARFLAGS) $@ $(OBJS)
+	-@ ($(RANLIB) $@ || true) >/dev/null 2>&1
+
+match.o: match.S
+	$(CPP) match.S > _match.s
+	$(CC) -c _match.s
+	mv _match.o match.o
+	rm -f _match.s
+
+match.lo: match.S
+	$(CPP) match.S > _match.s
+	$(CC) -c -fPIC _match.s
+	mv _match.o match.lo
+	rm -f _match.s
+
+example.o: $(SRCDIR)test/example.c $(SRCDIR)zlib.h zconf.h
+	$(CC) $(CFLAGS) $(ZINCOUT) -c -o $@ $(SRCDIR)test/example.c
+
+minigzip.o: $(SRCDIR)test/minigzip.c $(SRCDIR)zlib.h zconf.h
+	$(CC) $(CFLAGS) $(ZINCOUT) -c -o $@ $(SRCDIR)test/minigzip.c
+
+example64.o: $(SRCDIR)test/example.c $(SRCDIR)zlib.h zconf.h
+	$(CC) $(CFLAGS) $(ZINCOUT) -D_FILE_OFFSET_BITS=64 -c -o $@ $(SRCDIR)test/example.c
+
+minigzip64.o: $(SRCDIR)test/minigzip.c $(SRCDIR)zlib.h zconf.h
+	$(CC) $(CFLAGS) $(ZINCOUT) -D_FILE_OFFSET_BITS=64 -c -o $@ $(SRCDIR)test/minigzip.c
+
+
+adler32.o: $(SRCDIR)adler32.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)adler32.c
+
+crc32.o: $(SRCDIR)crc32.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)crc32.c
+
+deflate.o: $(SRCDIR)deflate.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)deflate.c
+
+infback.o: $(SRCDIR)infback.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)infback.c
+
+inffast.o: $(SRCDIR)inffast.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)inffast.c
+
+inflate.o: $(SRCDIR)inflate.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)inflate.c
+
+inftrees.o: $(SRCDIR)inftrees.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)inftrees.c
+
+trees.o: $(SRCDIR)trees.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)trees.c
+
+zutil.o: $(SRCDIR)zutil.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)zutil.c
+
+compress.o: $(SRCDIR)compress.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)compress.c
+
+uncompr.o: $(SRCDIR)uncompr.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)uncompr.c
+
+gzclose.o: $(SRCDIR)gzclose.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)gzclose.c
+
+gzlib.o: $(SRCDIR)gzlib.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)gzlib.c
+
+gzread.o: $(SRCDIR)gzread.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)gzread.c
+
+gzwrite.o: $(SRCDIR)gzwrite.c
+	$(CC) $(CFLAGS) $(ZINC) -c -o $@ $(SRCDIR)gzwrite.c
+
+
+adler32.lo: $(SRCDIR)adler32.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/adler32.o $(SRCDIR)adler32.c
+	-@mv objs/adler32.o $@
+
+crc32.lo: $(SRCDIR)crc32.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/crc32.o $(SRCDIR)crc32.c
+	-@mv objs/crc32.o $@
+
+deflate.lo: $(SRCDIR)deflate.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/deflate.o $(SRCDIR)deflate.c
+	-@mv objs/deflate.o $@
+
+infback.lo: $(SRCDIR)infback.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/infback.o $(SRCDIR)infback.c
+	-@mv objs/infback.o $@
+
+inffast.lo: $(SRCDIR)inffast.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/inffast.o $(SRCDIR)inffast.c
+	-@mv objs/inffast.o $@
+
+inflate.lo: $(SRCDIR)inflate.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/inflate.o $(SRCDIR)inflate.c
+	-@mv objs/inflate.o $@
+
+inftrees.lo: $(SRCDIR)inftrees.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/inftrees.o $(SRCDIR)inftrees.c
+	-@mv objs/inftrees.o $@
+
+trees.lo: $(SRCDIR)trees.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/trees.o $(SRCDIR)trees.c
+	-@mv objs/trees.o $@
+
+zutil.lo: $(SRCDIR)zutil.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/zutil.o $(SRCDIR)zutil.c
+	-@mv objs/zutil.o $@
+
+compress.lo: $(SRCDIR)compress.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/compress.o $(SRCDIR)compress.c
+	-@mv objs/compress.o $@
+
+uncompr.lo: $(SRCDIR)uncompr.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/uncompr.o $(SRCDIR)uncompr.c
+	-@mv objs/uncompr.o $@
+
+gzclose.lo: $(SRCDIR)gzclose.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/gzclose.o $(SRCDIR)gzclose.c
+	-@mv objs/gzclose.o $@
+
+gzlib.lo: $(SRCDIR)gzlib.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/gzlib.o $(SRCDIR)gzlib.c
+	-@mv objs/gzlib.o $@
+
+gzread.lo: $(SRCDIR)gzread.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/gzread.o $(SRCDIR)gzread.c
+	-@mv objs/gzread.o $@
+
+gzwrite.lo: $(SRCDIR)gzwrite.c
+	-@mkdir objs 2>/dev/null || test -d objs
+	$(CC) $(SFLAGS) $(ZINC) -DPIC -c -o objs/gzwrite.o $(SRCDIR)gzwrite.c
+	-@mv objs/gzwrite.o $@
+
+
+placebo $(SHAREDLIBV): $(PIC_OBJS) libz.a
+	$(LDSHARED) $(SFLAGS) -o $@ $(PIC_OBJS) $(LDSHAREDLIBC) $(LDFLAGS)
+	rm -f $(SHAREDLIB) $(SHAREDLIBM)
+	ln -s $@ $(SHAREDLIB)
+	ln -s $@ $(SHAREDLIBM)
+	-@rmdir objs
+
+example$(EXE): example.o $(STATICLIB)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ example.o $(TEST_LIBS)
+
+minigzip$(EXE): minigzip.o $(STATICLIB)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ minigzip.o $(TEST_LIBS)
+
+examplesh$(EXE): example.o $(SHAREDLIBV)
+	$(CC) $(CFLAGS) -o $@ example.o $(LDFLAGS) -L. $(SHAREDLIBV)
+
+minigzipsh$(EXE): minigzip.o $(SHAREDLIBV)
+	$(CC) $(CFLAGS) -o $@ minigzip.o $(LDFLAGS) -L. $(SHAREDLIBV)
+
+example64$(EXE): example64.o $(STATICLIB)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ example64.o $(TEST_LIBS)
+
+minigzip64$(EXE): minigzip64.o $(STATICLIB)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ minigzip64.o $(TEST_LIBS)
+
+install-libs: $(LIBS)
+	-@if [ ! -d $(DESTDIR)$(exec_prefix)  ]; then mkdir -p $(DESTDIR)$(exec_prefix); fi
+	-@if [ ! -d $(DESTDIR)$(libdir)       ]; then mkdir -p $(DESTDIR)$(libdir); fi
+	-@if [ ! -d $(DESTDIR)$(sharedlibdir) ]; then mkdir -p $(DESTDIR)$(sharedlibdir); fi
+	-@if [ ! -d $(DESTDIR)$(man3dir)      ]; then mkdir -p $(DESTDIR)$(man3dir); fi
+	-@if [ ! -d $(DESTDIR)$(pkgconfigdir) ]; then mkdir -p $(DESTDIR)$(pkgconfigdir); fi
+	rm -f $(DESTDIR)$(libdir)/$(STATICLIB)
+	cp $(STATICLIB) $(DESTDIR)$(libdir)
+	chmod 644 $(DESTDIR)$(libdir)/$(STATICLIB)
+	-@($(RANLIB) $(DESTDIR)$(libdir)/libz.a || true) >/dev/null 2>&1
+	-@if test -n "$(SHAREDLIBV)"; then \
+	  rm -f $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBV); \
+	  cp $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir); \
+	  echo "cp $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)"; \
+	  chmod 755 $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBV); \
+	  echo "chmod 755 $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBV)"; \
+	  rm -f $(DESTDIR)$(sharedlibdir)/$(SHAREDLIB) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBM); \
+	  ln -s $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIB); \
+	  ln -s $(SHAREDLIBV) $(DESTDIR)$(sharedlibdir)/$(SHAREDLIBM); \
+	  ($(LDCONFIG) || true)  >/dev/null 2>&1; \
+	fi
+	rm -f $(DESTDIR)$(man3dir)/zlib.3
+	cp $(SRCDIR)zlib.3 $(DESTDIR)$(man3dir)
+	chmod 644 $(DESTDIR)$(man3dir)/zlib.3
+	rm -f $(DESTDIR)$(pkgconfigdir)/zlib.pc
+	cp zlib.pc $(DESTDIR)$(pkgconfigdir)
+	chmod 644 $(DESTDIR)$(pkgconfigdir)/zlib.pc
+# The ranlib in install is needed on NeXTSTEP which checks file times
+# ldconfig is for Linux
+
+install: install-libs
+	-@if [ ! -d $(DESTDIR)$(includedir)   ]; then mkdir -p $(DESTDIR)$(includedir); fi
+	rm -f $(DESTDIR)$(includedir)/zlib.h $(DESTDIR)$(includedir)/zconf.h
+	cp $(SRCDIR)zlib.h zconf.h $(DESTDIR)$(includedir)
+	chmod 644 $(DESTDIR)$(includedir)/zlib.h $(DESTDIR)$(includedir)/zconf.h
+
+uninstall:
+	cd $(DESTDIR)$(includedir) && rm -f zlib.h zconf.h
+	cd $(DESTDIR)$(libdir) && rm -f libz.a; \
+	if test -n "$(SHAREDLIBV)" -a -f $(SHAREDLIBV); then \
+	  rm -f $(SHAREDLIBV) $(SHAREDLIB) $(SHAREDLIBM); \
+	fi
+	cd $(DESTDIR)$(man3dir) && rm -f zlib.3
+	cd $(DESTDIR)$(pkgconfigdir) && rm -f zlib.pc
+
+docs: zlib.3.pdf
+
+zlib.3.pdf: $(SRCDIR)zlib.3
+	groff -mandoc -f H -T ps $(SRCDIR)zlib.3 | ps2pdf - $@
+
+zconf.h.cmakein: $(SRCDIR)zconf.h.in
+	-@ TEMPFILE=zconfh_$$; \
+	echo "/#define ZCONF_H/ a\\\\\n#cmakedefine Z_PREFIX\\\\\n#cmakedefine Z_HAVE_UNISTD_H\n" >> $$TEMPFILE &&\
+	sed -f $$TEMPFILE $(SRCDIR)zconf.h.in > $@ &&\
+	touch -r $(SRCDIR)zconf.h.in $@ &&\
+	rm $$TEMPFILE
+
+zconf: $(SRCDIR)zconf.h.in
+	cp -p $(SRCDIR)zconf.h.in zconf.h
+
+minizip-test: static
+	cd contrib/minizip && { CC="$(CC)" CFLAGS="$(CFLAGS)" $(MAKE) test ; cd ../.. ; }
+
+minizip-clean:
+	cd contrib/minizip && { $(MAKE) clean ; cd ../.. ; }
+
+mostlyclean: clean
+clean: minizip-clean
+	rm -f *.o *.lo *~ \
+	   example$(EXE) minigzip$(EXE) examplesh$(EXE) minigzipsh$(EXE) \
+	   example64$(EXE) minigzip64$(EXE) \
+	   infcover \
+	   libz.* foo.gz so_locations \
+	   _match.s maketree contrib/infback9/*.o
+	rm -rf objs
+	rm -f *.gcda *.gcno *.gcov
+	rm -f contrib/infback9/*.gcda contrib/infback9/*.gcno contrib/infback9/*.gcov
+
+maintainer-clean: distclean
+distclean: clean zconf zconf.h.cmakein
+	rm -f Makefile zlib.pc configure.log
+	-@rm -f .DS_Store
+	@if [ -f Makefile.in ]; then \
+	printf 'all:\n\t-@echo "Please use ./configure first.  Thank you."\n' > Makefile ; \
+	printf '\ndistclean:\n\tmake -f Makefile.in distclean\n' >> Makefile ; \
+	touch -r $(SRCDIR)Makefile.in Makefile ; fi
+
+tags:
+	etags $(SRCDIR)*.[ch]
+
+adler32.o zutil.o: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h
+gzclose.o gzlib.o gzread.o gzwrite.o: $(SRCDIR)zlib.h zconf.h $(SRCDIR)gzguts.h
+compress.o example.o minigzip.o uncompr.o: $(SRCDIR)zlib.h zconf.h
+crc32.o: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)crc32.h
+deflate.o: $(SRCDIR)deflate.h $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h
+infback.o inflate.o: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)inftrees.h $(SRCDIR)inflate.h $(SRCDIR)inffast.h $(SRCDIR)inffixed.h
+inffast.o: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)inftrees.h $(SRCDIR)inflate.h $(SRCDIR)inffast.h
+inftrees.o: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)inftrees.h
+trees.o: $(SRCDIR)deflate.h $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)trees.h
+
+adler32.lo zutil.lo: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h
+gzclose.lo gzlib.lo gzread.lo gzwrite.lo: $(SRCDIR)zlib.h zconf.h $(SRCDIR)gzguts.h
+compress.lo example.lo minigzip.lo uncompr.lo: $(SRCDIR)zlib.h zconf.h
+crc32.lo: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)crc32.h
+deflate.lo: $(SRCDIR)deflate.h $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h
+infback.lo inflate.lo: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)inftrees.h $(SRCDIR)inflate.h $(SRCDIR)inffast.h $(SRCDIR)inffixed.h
+inffast.lo: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)inftrees.h $(SRCDIR)inflate.h $(SRCDIR)inffast.h
+inftrees.lo: $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)inftrees.h
+trees.lo: $(SRCDIR)deflate.h $(SRCDIR)zutil.h $(SRCDIR)zlib.h zconf.h $(SRCDIR)trees.h
diff --git a/zlib-1.3.1/README b/zlib-1.3.1/README
new file mode 100644
index 00000000..c5f91754
--- /dev/null
+++ b/zlib-1.3.1/README
@@ -0,0 +1,117 @@
+ZLIB DATA COMPRESSION LIBRARY
+
+zlib 1.3.1 is a general purpose data compression library.  All the code is
+thread safe.  The data format used by the zlib library is described by RFCs
+(Request for Comments) 1950 to 1952 in the files
+http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and
+rfc1952 (gzip format).
+
+All functions of the compression library are documented in the file zlib.h
+(volunteer to write man pages welcome, contact zlib@gzip.org).  A usage example
+of the library is given in the file test/example.c which also tests that
+the library is working correctly.  Another example is given in the file
+test/minigzip.c.  The compression library itself is composed of all source
+files in the root directory.
+
+To compile all files and run the test program, follow the instructions given at
+the top of Makefile.in.  In short "./configure; make test", and if that goes
+well, "make install" should work for most flavors of Unix.  For Windows, use
+one of the special makefiles in win32/ or contrib/vstudio/ .  For VMS, use
+make_vms.com.
+
+Questions about zlib should be sent to <zlib@gzip.org>, or to Gilles Vollant
+<info@winimage.com> for the Windows DLL version.  The zlib home page is
+http://zlib.net/ .  Before reporting a problem, please check this site to
+verify that you have the latest version of zlib; otherwise get the latest
+version and check whether the problem still exists or not.
+
+PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help.
+
+Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan.  1997
+issue of Dr.  Dobb's Journal; a copy of the article is available at
+https://marknelson.us/posts/1997/01/01/zlib-engine.html .
+
+The changes made in version 1.3.1 are documented in the file ChangeLog.
+
+Unsupported third party contributions are provided in directory contrib/ .
+
+zlib is available in Java using the java.util.zip package. Follow the API
+Documentation link at: https://docs.oracle.com/search/?q=java.util.zip .
+
+A Perl interface to zlib and bzip2 written by Paul Marquess <pmqs@cpan.org>
+can be found at https://github.com/pmqs/IO-Compress .
+
+A Python interface to zlib written by A.M. Kuchling <amk@amk.ca> is
+available in Python 1.5 and later versions, see
+http://docs.python.org/library/zlib.html .
+
+zlib is built into tcl: http://wiki.tcl.tk/4610 .
+
+An experimental package to read and write files in .zip format, written on top
+of zlib by Gilles Vollant <info@winimage.com>, is available in the
+contrib/minizip directory of zlib.
+
+
+Notes for some targets:
+
+- For Windows DLL versions, please see win32/DLL_FAQ.txt
+
+- For 64-bit Irix, deflate.c must be compiled without any optimization. With
+  -O, one libpng test fails. The test works in 32 bit mode (with the -n32
+  compiler flag). The compiler bug has been reported to SGI.
+
+- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works
+  when compiled with cc.
+
+- On Digital Unix 4.0D (formerly OSF/1) on AlphaServer, the cc option -std1 is
+  necessary to get gzprintf working correctly. This is done by configure.
+
+- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with
+  other compilers. Use "make test" to check your compiler.
+
+- gzdopen is not supported on RISCOS or BEOS.
+
+- For PalmOs, see http://palmzlib.sourceforge.net/
+
+
+Acknowledgments:
+
+  The deflate format used by zlib was defined by Phil Katz.  The deflate and
+  zlib specifications were written by L.  Peter Deutsch.  Thanks to all the
+  people who reported problems and suggested various improvements in zlib; they
+  are too numerous to cite here.
+
+Copyright notice:
+
+ (C) 1995-2024 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+If you use the zlib library in a product, we would appreciate *not* receiving
+lengthy legal documents to sign.  The sources are provided for free but without
+warranty of any kind.  The library has been entirely written by Jean-loup
+Gailly and Mark Adler; it does not include third-party code.  We make all
+contributions to and distributions of this project solely in our personal
+capacity, and are not conveying any rights to any intellectual property of
+any third parties.
+
+If you redistribute modified sources, we would appreciate that you include in
+the file ChangeLog history information documenting your changes.  Please read
+the FAQ for more information on the distribution of modified source versions.
diff --git a/zlib-1.3.1/adler32.c b/zlib-1.3.1/adler32.c
new file mode 100644
index 00000000..04b81d29
--- /dev/null
+++ b/zlib-1.3.1/adler32.c
@@ -0,0 +1,164 @@
+/* adler32.c -- compute the Adler-32 checksum of a data stream
+ * Copyright (C) 1995-2011, 2016 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zutil.h"
+
+#define BASE 65521U     /* largest prime smaller than 65536 */
+#define NMAX 5552
+/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
+
+#define DO1(buf,i)  {adler += (buf)[i]; sum2 += adler;}
+#define DO2(buf,i)  DO1(buf,i); DO1(buf,i+1);
+#define DO4(buf,i)  DO2(buf,i); DO2(buf,i+2);
+#define DO8(buf,i)  DO4(buf,i); DO4(buf,i+4);
+#define DO16(buf)   DO8(buf,0); DO8(buf,8);
+
+/* use NO_DIVIDE if your processor does not do division in hardware --
+   try it both ways to see which is faster */
+#ifdef NO_DIVIDE
+/* note that this assumes BASE is 65521, where 65536 % 65521 == 15
+   (thank you to John Reiser for pointing this out) */
+#  define CHOP(a) \
+    do { \
+        unsigned long tmp = a >> 16; \
+        a &= 0xffffUL; \
+        a += (tmp << 4) - tmp; \
+    } while (0)
+#  define MOD28(a) \
+    do { \
+        CHOP(a); \
+        if (a >= BASE) a -= BASE; \
+    } while (0)
+#  define MOD(a) \
+    do { \
+        CHOP(a); \
+        MOD28(a); \
+    } while (0)
+#  define MOD63(a) \
+    do { /* this assumes a is not negative */ \
+        z_off64_t tmp = a >> 32; \
+        a &= 0xffffffffL; \
+        a += (tmp << 8) - (tmp << 5) + tmp; \
+        tmp = a >> 16; \
+        a &= 0xffffL; \
+        a += (tmp << 4) - tmp; \
+        tmp = a >> 16; \
+        a &= 0xffffL; \
+        a += (tmp << 4) - tmp; \
+        if (a >= BASE) a -= BASE; \
+    } while (0)
+#else
+#  define MOD(a) a %= BASE
+#  define MOD28(a) a %= BASE
+#  define MOD63(a) a %= BASE
+#endif
+
+/* ========================================================================= */
+uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len) {
+    unsigned long sum2;
+    unsigned n;
+
+    /* split Adler-32 into component sums */
+    sum2 = (adler >> 16) & 0xffff;
+    adler &= 0xffff;
+
+    /* in case user likes doing a byte at a time, keep it fast */
+    if (len == 1) {
+        adler += buf[0];
+        if (adler >= BASE)
+            adler -= BASE;
+        sum2 += adler;
+        if (sum2 >= BASE)
+            sum2 -= BASE;
+        return adler | (sum2 << 16);
+    }
+
+    /* initial Adler-32 value (deferred check for len == 1 speed) */
+    if (buf == Z_NULL)
+        return 1L;
+
+    /* in case short lengths are provided, keep it somewhat fast */
+    if (len < 16) {
+        while (len--) {
+            adler += *buf++;
+            sum2 += adler;
+        }
+        if (adler >= BASE)
+            adler -= BASE;
+        MOD28(sum2);            /* only added so many BASE's */
+        return adler | (sum2 << 16);
+    }
+
+    /* do length NMAX blocks -- requires just one modulo operation */
+    while (len >= NMAX) {
+        len -= NMAX;
+        n = NMAX / 16;          /* NMAX is divisible by 16 */
+        do {
+            DO16(buf);          /* 16 sums unrolled */
+            buf += 16;
+        } while (--n);
+        MOD(adler);
+        MOD(sum2);
+    }
+
+    /* do remaining bytes (less than NMAX, still just one modulo) */
+    if (len) {                  /* avoid modulos if none remaining */
+        while (len >= 16) {
+            len -= 16;
+            DO16(buf);
+            buf += 16;
+        }
+        while (len--) {
+            adler += *buf++;
+            sum2 += adler;
+        }
+        MOD(adler);
+        MOD(sum2);
+    }
+
+    /* return recombined sums */
+    return adler | (sum2 << 16);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len) {
+    return adler32_z(adler, buf, len);
+}
+
+/* ========================================================================= */
+local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2) {
+    unsigned long sum1;
+    unsigned long sum2;
+    unsigned rem;
+
+    /* for negative len, return invalid adler32 as a clue for debugging */
+    if (len2 < 0)
+        return 0xffffffffUL;
+
+    /* the derivation of this formula is left as an exercise for the reader */
+    MOD63(len2);                /* assumes len2 >= 0 */
+    rem = (unsigned)len2;
+    sum1 = adler1 & 0xffff;
+    sum2 = rem * sum1;
+    MOD(sum2);
+    sum1 += (adler2 & 0xffff) + BASE - 1;
+    sum2 += ((adler1 >> 16) & 0xffff) + ((adler2 >> 16) & 0xffff) + BASE - rem;
+    if (sum1 >= BASE) sum1 -= BASE;
+    if (sum1 >= BASE) sum1 -= BASE;
+    if (sum2 >= ((unsigned long)BASE << 1)) sum2 -= ((unsigned long)BASE << 1);
+    if (sum2 >= BASE) sum2 -= BASE;
+    return sum1 | (sum2 << 16);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2, z_off_t len2) {
+    return adler32_combine_(adler1, adler2, len2);
+}
+
+uLong ZEXPORT adler32_combine64(uLong adler1, uLong adler2, z_off64_t len2) {
+    return adler32_combine_(adler1, adler2, len2);
+}
diff --git a/zlib-1.3.1/amiga/Makefile.pup b/zlib-1.3.1/amiga/Makefile.pup
new file mode 100644
index 00000000..8940c120
--- /dev/null
+++ b/zlib-1.3.1/amiga/Makefile.pup
@@ -0,0 +1,69 @@
+# Amiga powerUP (TM) Makefile
+# makefile for libpng and SAS C V6.58/7.00 PPC compiler
+# Copyright (C) 1998 by Andreas R. Kleinert
+
+LIBNAME	= libzip.a
+
+CC	= scppc
+CFLAGS	= NOSTKCHK NOSINT OPTIMIZE OPTGO OPTPEEP OPTINLOCAL OPTINL \
+	  OPTLOOP OPTRDEP=8 OPTDEP=8 OPTCOMP=8 NOVER
+AR	= ppc-amigaos-ar cr
+RANLIB	= ppc-amigaos-ranlib
+LD	= ppc-amigaos-ld -r
+LDFLAGS	= -o
+LDLIBS	= LIB:scppc.a LIB:end.o
+RM	= delete quiet
+
+OBJS = adler32.o compress.o crc32.o gzclose.o gzlib.o gzread.o gzwrite.o \
+       uncompr.o deflate.o trees.o zutil.o inflate.o infback.o inftrees.o inffast.o
+
+TEST_OBJS = example.o minigzip.o
+
+all: example minigzip
+
+check: test
+test: all
+	example
+	echo hello world | minigzip | minigzip -d
+
+$(LIBNAME): $(OBJS)
+	$(AR) $@ $(OBJS)
+	-$(RANLIB) $@
+
+example: example.o $(LIBNAME)
+	$(LD) $(LDFLAGS) $@ LIB:c_ppc.o $@.o $(LIBNAME) $(LDLIBS)
+
+minigzip: minigzip.o $(LIBNAME)
+	$(LD) $(LDFLAGS) $@ LIB:c_ppc.o $@.o $(LIBNAME) $(LDLIBS)
+
+mostlyclean: clean
+clean:
+	$(RM) *.o example minigzip $(LIBNAME) foo.gz
+
+zip:
+	zip -ul9 zlib README ChangeLog Makefile Make????.??? Makefile.?? \
+	  descrip.mms *.[ch]
+
+tgz:
+	cd ..; tar cfz zlib/zlib.tgz zlib/README zlib/ChangeLog zlib/Makefile \
+	  zlib/Make????.??? zlib/Makefile.?? zlib/descrip.mms zlib/*.[ch]
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+adler32.o: zlib.h zconf.h
+compress.o: zlib.h zconf.h
+crc32.o: crc32.h zlib.h zconf.h
+deflate.o: deflate.h zutil.h zlib.h zconf.h
+example.o: zlib.h zconf.h
+gzclose.o: zlib.h zconf.h gzguts.h
+gzlib.o: zlib.h zconf.h gzguts.h
+gzread.o: zlib.h zconf.h gzguts.h
+gzwrite.o: zlib.h zconf.h gzguts.h
+inffast.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+inflate.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+infback.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+inftrees.o: zutil.h zlib.h zconf.h inftrees.h
+minigzip.o: zlib.h zconf.h
+trees.o: deflate.h zutil.h zlib.h zconf.h trees.h
+uncompr.o: zlib.h zconf.h
+zutil.o: zutil.h zlib.h zconf.h
diff --git a/zlib-1.3.1/amiga/Makefile.sas b/zlib-1.3.1/amiga/Makefile.sas
new file mode 100644
index 00000000..749e2915
--- /dev/null
+++ b/zlib-1.3.1/amiga/Makefile.sas
@@ -0,0 +1,68 @@
+# SMakefile for zlib
+# Modified from the standard UNIX Makefile Copyright Jean-loup Gailly
+# Osma Ahvenlampi <Osma.Ahvenlampi@hut.fi>
+# Amiga, SAS/C 6.56 & Smake
+
+CC=sc
+CFLAGS=OPT
+#CFLAGS=OPT CPU=68030
+#CFLAGS=DEBUG=LINE
+LDFLAGS=LIB z.lib
+
+SCOPTIONS=OPTSCHED OPTINLINE OPTALIAS OPTTIME OPTINLOCAL STRMERGE \
+       NOICONS PARMS=BOTH NOSTACKCHECK UTILLIB NOVERSION ERRORREXX \
+       DEF=POSTINC
+
+OBJS = adler32.o compress.o crc32.o gzclose.o gzlib.o gzread.o gzwrite.o \
+       uncompr.o deflate.o trees.o zutil.o inflate.o infback.o inftrees.o inffast.o
+
+TEST_OBJS = example.o minigzip.o
+
+all: SCOPTIONS example minigzip
+
+check: test
+test: all
+	example
+	echo hello world | minigzip | minigzip -d
+
+install: z.lib
+	copy clone zlib.h zconf.h INCLUDE:
+	copy clone z.lib LIB:
+
+z.lib: $(OBJS)
+	oml z.lib r $(OBJS)
+
+example: example.o z.lib
+	$(CC) $(CFLAGS) LINK TO $@ example.o $(LDFLAGS)
+
+minigzip: minigzip.o z.lib
+	$(CC) $(CFLAGS) LINK TO $@ minigzip.o $(LDFLAGS)
+
+mostlyclean: clean
+clean:
+	-delete force quiet example minigzip *.o z.lib foo.gz *.lnk SCOPTIONS
+
+SCOPTIONS: Makefile.sas
+	copy to $@ <from <
+$(SCOPTIONS)
+<
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+adler32.o: zlib.h zconf.h
+compress.o: zlib.h zconf.h
+crc32.o: crc32.h zlib.h zconf.h
+deflate.o: deflate.h zutil.h zlib.h zconf.h
+example.o: zlib.h zconf.h
+gzclose.o: zlib.h zconf.h gzguts.h
+gzlib.o: zlib.h zconf.h gzguts.h
+gzread.o: zlib.h zconf.h gzguts.h
+gzwrite.o: zlib.h zconf.h gzguts.h
+inffast.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+inflate.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+infback.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+inftrees.o: zutil.h zlib.h zconf.h inftrees.h
+minigzip.o: zlib.h zconf.h
+trees.o: deflate.h zutil.h zlib.h zconf.h trees.h
+uncompr.o: zlib.h zconf.h
+zutil.o: zutil.h zlib.h zconf.h
diff --git a/zlib-1.3.1/compress.c b/zlib-1.3.1/compress.c
new file mode 100644
index 00000000..f43bacf7
--- /dev/null
+++ b/zlib-1.3.1/compress.c
@@ -0,0 +1,75 @@
+/* compress.c -- compress a memory buffer
+ * Copyright (C) 1995-2005, 2014, 2016 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#define ZLIB_INTERNAL
+#include "zlib.h"
+
+/* ===========================================================================
+     Compresses the source buffer into the destination buffer. The level
+   parameter has the same meaning as in deflateInit.  sourceLen is the byte
+   length of the source buffer. Upon entry, destLen is the total size of the
+   destination buffer, which must be at least 0.1% larger than sourceLen plus
+   12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
+
+     compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer,
+   Z_STREAM_ERROR if the level parameter is invalid.
+*/
+int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source,
+                      uLong sourceLen, int level) {
+    z_stream stream;
+    int err;
+    const uInt max = (uInt)-1;
+    uLong left;
+
+    left = *destLen;
+    *destLen = 0;
+
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+    stream.opaque = (voidpf)0;
+
+    err = deflateInit(&stream, level);
+    if (err != Z_OK) return err;
+
+    stream.next_out = dest;
+    stream.avail_out = 0;
+    stream.next_in = (z_const Bytef *)source;
+    stream.avail_in = 0;
+
+    do {
+        if (stream.avail_out == 0) {
+            stream.avail_out = left > (uLong)max ? max : (uInt)left;
+            left -= stream.avail_out;
+        }
+        if (stream.avail_in == 0) {
+            stream.avail_in = sourceLen > (uLong)max ? max : (uInt)sourceLen;
+            sourceLen -= stream.avail_in;
+        }
+        err = deflate(&stream, sourceLen ? Z_NO_FLUSH : Z_FINISH);
+    } while (err == Z_OK);
+
+    *destLen = stream.total_out;
+    deflateEnd(&stream);
+    return err == Z_STREAM_END ? Z_OK : err;
+}
+
+/* ===========================================================================
+ */
+int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source,
+                     uLong sourceLen) {
+    return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION);
+}
+
+/* ===========================================================================
+     If the default memLevel or windowBits for deflateInit() is changed, then
+   this function needs to be updated.
+ */
+uLong ZEXPORT compressBound(uLong sourceLen) {
+    return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
+           (sourceLen >> 25) + 13;
+}
diff --git a/zlib-1.3.1/configure b/zlib-1.3.1/configure
new file mode 100755
index 00000000..c55098af
--- /dev/null
+++ b/zlib-1.3.1/configure
@@ -0,0 +1,929 @@
+#!/bin/sh
+# configure script for zlib.
+#
+# Normally configure builds both a static and a shared library.
+# If you want to build just a static library, use: ./configure --static
+#
+# To impose specific compiler or flags or install directory, use for example:
+#    prefix=$HOME CC=cc CFLAGS="-O4" ./configure
+# or for csh/tcsh users:
+#    (setenv prefix $HOME; setenv CC cc; setenv CFLAGS "-O4"; ./configure)
+
+# Incorrect settings of CC or CFLAGS may prevent creating a shared library.
+# If you have problems, try without defining CC and CFLAGS before reporting
+# an error.
+
+# start off configure.log
+echo -------------------- >> configure.log
+echo $0 $* >> configure.log
+date >> configure.log
+
+# get source directory
+SRCDIR=`dirname $0`
+if test $SRCDIR = "."; then
+    ZINC=""
+    ZINCOUT="-I."
+    SRCDIR=""
+else
+    ZINC='-I. -include zconf.h'
+    ZINCOUT='-I. -I$(SRCDIR)'
+    SRCDIR="$SRCDIR/"
+fi
+
+# set command prefix for cross-compilation
+if [ -n "${CHOST}" ]; then
+    uname=${CHOST}
+    mname=${CHOST}
+    CROSS_PREFIX="${CHOST}-"
+else
+    mname=`(uname -a || echo unknown) 2>/dev/null`
+fi
+
+# destination name for static library
+STATICLIB=libz.a
+
+# extract zlib version numbers from zlib.h
+VER=`sed -n -e '/VERSION "/s/.*"\(.*\)".*/\1/p' < ${SRCDIR}zlib.h`
+VER3=`echo ${VER}|sed -n -e 's/\([0-9]\{1,\}\(\\.[0-9]\{1,\}\)\{1,2\}\).*/\1/p'`
+VER1=`echo ${VER}|sed -n -e 's/\([0-9]\{1,\}\)\\..*/\1/p'`
+
+# establish commands for library building
+if "${CROSS_PREFIX}ar" --version >/dev/null 2>/dev/null || test $? -lt 126; then
+    AR=${AR-"${CROSS_PREFIX}ar"}
+    test -n "${CROSS_PREFIX}" && echo Using ${AR} | tee -a configure.log
+else
+    AR=${AR-"ar"}
+    test -n "${CROSS_PREFIX}" && echo Using ${AR} | tee -a configure.log
+fi
+ARFLAGS=${ARFLAGS-"rc"}
+if "${CROSS_PREFIX}ranlib" --version >/dev/null 2>/dev/null || test $? -lt 126; then
+    RANLIB=${RANLIB-"${CROSS_PREFIX}ranlib"}
+    test -n "${CROSS_PREFIX}" && echo Using ${RANLIB} | tee -a configure.log
+else
+    RANLIB=${RANLIB-"ranlib"}
+fi
+if "${CROSS_PREFIX}nm" --version >/dev/null 2>/dev/null || test $? -lt 126; then
+    NM=${NM-"${CROSS_PREFIX}nm"}
+    test -n "${CROSS_PREFIX}" && echo Using ${NM} | tee -a configure.log
+else
+    NM=${NM-"nm"}
+fi
+
+# set defaults before processing command line options
+LDCONFIG=${LDCONFIG-"ldconfig"}
+LDSHAREDLIBC="${LDSHAREDLIBC--lc}"
+ARCHS=
+prefix=${prefix-/usr/local}
+exec_prefix=${exec_prefix-'${prefix}'}
+libdir=${libdir-'${exec_prefix}/lib'}
+sharedlibdir=${sharedlibdir-'${libdir}'}
+includedir=${includedir-'${prefix}/include'}
+mandir=${mandir-'${prefix}/share/man'}
+shared_ext='.so'
+shared=1
+solo=0
+cover=0
+zprefix=0
+zconst=0
+build64=0
+gcc=0
+warn=0
+debug=0
+address=0
+memory=0
+old_cc="$CC"
+old_cflags="$CFLAGS"
+OBJC='$(OBJZ) $(OBJG)'
+PIC_OBJC='$(PIC_OBJZ) $(PIC_OBJG)'
+
+# leave this script, optionally in a bad way
+leave()
+{
+  if test "$*" != "0"; then
+    echo "** $0 aborting." | tee -a configure.log
+  fi
+  rm -rf $test.[co] $test $test$shared_ext $test.gcno $test.dSYM ./--version
+  echo -------------------- >> configure.log
+  echo >> configure.log
+  echo >> configure.log
+  exit $1
+}
+
+# process command line options
+while test $# -ge 1
+do
+case "$1" in
+    -h* | --help)
+      echo 'usage:' | tee -a configure.log
+      echo '  configure [--const] [--zprefix] [--prefix=PREFIX]  [--eprefix=EXPREFIX]' | tee -a configure.log
+      echo '    [--static] [--64] [--libdir=LIBDIR] [--sharedlibdir=LIBDIR]' | tee -a configure.log
+      echo '    [--includedir=INCLUDEDIR] [--archs="-arch i386 -arch x86_64"]' | tee -a configure.log
+        exit 0 ;;
+    -p*=* | --prefix=*) prefix=`echo $1 | sed 's/.*=//'`; shift ;;
+    -e*=* | --eprefix=*) exec_prefix=`echo $1 | sed 's/.*=//'`; shift ;;
+    -l*=* | --libdir=*) libdir=`echo $1 | sed 's/.*=//'`; shift ;;
+    --sharedlibdir=*) sharedlibdir=`echo $1 | sed 's/.*=//'`; shift ;;
+    -i*=* | --includedir=*) includedir=`echo $1 | sed 's/.*=//'`;shift ;;
+    -u*=* | --uname=*) uname=`echo $1 | sed 's/.*=//'`;shift ;;
+    -p* | --prefix) prefix="$2"; shift; shift ;;
+    -e* | --eprefix) exec_prefix="$2"; shift; shift ;;
+    -l* | --libdir) libdir="$2"; shift; shift ;;
+    -i* | --includedir) includedir="$2"; shift; shift ;;
+    -s* | --shared | --enable-shared) shared=1; shift ;;
+    -t | --static) shared=0; shift ;;
+    --solo) solo=1; shift ;;
+    --cover) cover=1; shift ;;
+    -z* | --zprefix) zprefix=1; shift ;;
+    -6* | --64) build64=1; shift ;;
+    -a*=* | --archs=*) ARCHS=`echo $1 | sed 's/.*=//'`; shift ;;
+    --sysconfdir=*) echo "ignored option: --sysconfdir" | tee -a configure.log; shift ;;
+    --localstatedir=*) echo "ignored option: --localstatedir" | tee -a configure.log; shift ;;
+    -c* | --const) zconst=1; shift ;;
+    -w* | --warn) warn=1; shift ;;
+    -d* | --debug) debug=1; shift ;;
+    --sanitize) address=1; shift ;;
+    --address) address=1; shift ;;
+    --memory) memory=1; shift ;;
+    *)
+      echo "unknown option: $1" | tee -a configure.log
+      echo "$0 --help for help" | tee -a configure.log
+      leave 1;;
+    esac
+done
+
+# temporary file name
+test=ztest$$
+
+# put arguments in log, also put test file in log if used in arguments
+show()
+{
+  case "$*" in
+    *$test.c*)
+      echo === $test.c === >> configure.log
+      cat $test.c >> configure.log
+      echo === >> configure.log;;
+  esac
+  echo $* >> configure.log
+}
+
+# check for gcc vs. cc and set compile and link flags based on the system identified by uname
+cat > $test.c <<EOF
+extern int getchar();
+int hello() {return getchar();}
+EOF
+
+if test -z "$CC"; then
+  echo Checking for ${CROSS_PREFIX}gcc... | tee -a configure.log
+  if ${CROSS_PREFIX}gcc -v >/dev/null 2>&1; then
+    cc=${CROSS_PREFIX}gcc
+  else
+    cc=${CROSS_PREFIX}cc
+  fi
+else
+  cc=${CC}
+fi
+
+case "$cc" in
+  *gcc*) gcc=1 ;;
+  *clang*) gcc=1 ;;
+esac
+case `$cc -v 2>&1` in
+  *gcc*) gcc=1 ;;
+  *clang*) gcc=1 ;;
+esac
+
+show $cc -c $test.c
+if test "$gcc" -eq 1 && ($cc -c $test.c) >> configure.log 2>&1; then
+  echo ... using gcc >> configure.log
+  CC="$cc"
+  CFLAGS="${CFLAGS--O3}"
+  SFLAGS="${CFLAGS--O3} -fPIC"
+  if test "$ARCHS"; then
+    CFLAGS="${CFLAGS} ${ARCHS}"
+    LDFLAGS="${LDFLAGS} ${ARCHS}"
+  fi
+  if test $build64 -eq 1; then
+    CFLAGS="${CFLAGS} -m64"
+    SFLAGS="${SFLAGS} -m64"
+  fi
+  if test "$warn" -eq 1; then
+    if test "$zconst" -eq 1; then
+      CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual -DZLIB_CONST"
+    else
+      CFLAGS="${CFLAGS} -Wall -Wextra"
+    fi
+  fi
+  if test $address -eq 1; then
+    CFLAGS="${CFLAGS} -g -fsanitize=address -fno-omit-frame-pointer"
+  fi
+  if test $memory -eq 1; then
+    CFLAGS="${CFLAGS} -g -fsanitize=memory -fno-omit-frame-pointer"
+  fi
+  if test $debug -eq 1; then
+    CFLAGS="${CFLAGS} -DZLIB_DEBUG"
+    SFLAGS="${SFLAGS} -DZLIB_DEBUG"
+  fi
+  if test -z "$uname"; then
+    uname=`(uname -s || echo unknown) 2>/dev/null`
+  fi
+  case "$uname" in
+  Linux* | linux* | *-linux* | GNU | GNU/* | solaris*)
+        case "$mname" in
+        *sparc*)
+            LDFLAGS="${LDFLAGS} -Wl,--no-warn-rwx-segments" ;;
+        esac
+        LDSHARED=${LDSHARED-"$cc -shared -Wl,-soname,libz.so.1,--version-script,${SRCDIR}zlib.map"} ;;
+  *BSD | *bsd* | DragonFly)
+        LDSHARED=${LDSHARED-"$cc -shared -Wl,-soname,libz.so.1,--version-script,${SRCDIR}zlib.map"}
+        LDCONFIG="ldconfig -m" ;;
+  CYGWIN* | Cygwin* | cygwin* | *-cygwin* | OS/2*)
+        EXE='.exe' ;;
+  MINGW* | mingw* | *-mingw*)
+        rm -f $test.[co] $test $test$shared_ext
+        echo "If this doesn't work for you, try win32/Makefile.gcc." | tee -a configure.log
+        LDSHARED=${LDSHARED-"$cc -shared"}
+        LDSHAREDLIBC=""
+        EXE='.exe' ;;
+  QNX*) # This is for QNX6. I suppose that the QNX rule below is for QNX2,QNX4
+        # (alain.bonnefoy@icbt.com)
+        LDSHARED=${LDSHARED-"$cc -shared -Wl,-hlibz.so.1"} ;;
+  HP-UX*)
+        LDSHARED=${LDSHARED-"$cc -shared $SFLAGS"}
+        case `(uname -m || echo unknown) 2>/dev/null` in
+        ia64)
+            shared_ext='.so'
+            SHAREDLIB='libz.so' ;;
+        *)
+            shared_ext='.sl'
+            SHAREDLIB='libz.sl' ;;
+        esac ;;
+  AIX*)
+        LDFLAGS="${LDFLAGS} -Wl,-brtl" ;;
+  Darwin* | darwin* | *-darwin*)
+        shared_ext='.dylib'
+        SHAREDLIB=libz$shared_ext
+        SHAREDLIBV=libz.$VER$shared_ext
+        SHAREDLIBM=libz.$VER1$shared_ext
+        LDSHARED=${LDSHARED-"$cc -dynamiclib -install_name $libdir/$SHAREDLIBM -compatibility_version $VER1 -current_version $VER3"}
+        if "${CROSS_PREFIX}libtool" -V 2>&1 | grep Apple > /dev/null; then
+            AR="${CROSS_PREFIX}libtool"
+        elif libtool -V 2>&1 | grep Apple > /dev/null; then
+            AR="libtool"
+        else
+            AR="/usr/bin/libtool"
+        fi
+        ARFLAGS="-o" ;;
+  *)
+        LDSHARED=${LDSHARED-"$cc -shared"} ;;
+  esac
+else
+  # find system name and corresponding cc options
+  CC=${CC-cc}
+  gcc=0
+  echo ... using $CC >> configure.log
+  if test -z "$uname"; then
+    uname=`(uname -sr || echo unknown) 2>/dev/null`
+  fi
+  case "$uname" in
+  HP-UX*)    SFLAGS=${CFLAGS-"-O +z"}
+             CFLAGS=${CFLAGS-"-O"}
+#            LDSHARED=${LDSHARED-"ld -b +vnocompatwarnings"}
+             LDSHARED=${LDSHARED-"ld -b"}
+         case `(uname -m || echo unknown) 2>/dev/null` in
+         ia64)
+             shared_ext='.so'
+             SHAREDLIB='libz.so' ;;
+         *)
+             shared_ext='.sl'
+             SHAREDLIB='libz.sl' ;;
+         esac ;;
+  IRIX*)     SFLAGS=${CFLAGS-"-ansi -O2 -rpath ."}
+             CFLAGS=${CFLAGS-"-ansi -O2"}
+             LDSHARED=${LDSHARED-"cc -shared -Wl,-soname,libz.so.1"} ;;
+  OSF1\ V4*) SFLAGS=${CFLAGS-"-O -std1"}
+             CFLAGS=${CFLAGS-"-O -std1"}
+             LDFLAGS="${LDFLAGS} -Wl,-rpath,."
+             LDSHARED=${LDSHARED-"cc -shared  -Wl,-soname,libz.so -Wl,-msym -Wl,-rpath,$(libdir) -Wl,-set_version,${VER}:1.0"} ;;
+  OSF1*)     SFLAGS=${CFLAGS-"-O -std1"}
+             CFLAGS=${CFLAGS-"-O -std1"}
+             LDSHARED=${LDSHARED-"cc -shared -Wl,-soname,libz.so.1"} ;;
+  QNX*)      SFLAGS=${CFLAGS-"-4 -O"}
+             CFLAGS=${CFLAGS-"-4 -O"}
+             LDSHARED=${LDSHARED-"cc"}
+             RANLIB=${RANLIB-"true"}
+             AR="cc"
+             ARFLAGS="-A" ;;
+  SCO_SV\ 3.2*) SFLAGS=${CFLAGS-"-O3 -dy -KPIC "}
+             CFLAGS=${CFLAGS-"-O3"}
+             LDSHARED=${LDSHARED-"cc -dy -KPIC -G"} ;;
+  SunOS\ 5* | solaris*)
+         LDSHARED=${LDSHARED-"cc -G -h libz$shared_ext.$VER1"}
+         SFLAGS=${CFLAGS-"-fast -KPIC"}
+         CFLAGS=${CFLAGS-"-fast"}
+         if test $build64 -eq 1; then
+             # old versions of SunPRO/Workshop/Studio don't support -m64,
+             # but newer ones do.  Check for it.
+             flag64=`$CC -flags | egrep -- '^-m64'`
+             if test x"$flag64" != x"" ; then
+                 CFLAGS="${CFLAGS} -m64"
+                 SFLAGS="${SFLAGS} -m64"
+             else
+                 case `(uname -m || echo unknown) 2>/dev/null` in
+                   i86*)
+                     SFLAGS="$SFLAGS -xarch=amd64"
+                     CFLAGS="$CFLAGS -xarch=amd64" ;;
+                   *)
+                     SFLAGS="$SFLAGS -xarch=v9"
+                     CFLAGS="$CFLAGS -xarch=v9" ;;
+                 esac
+             fi
+         fi
+         if test -n "$ZINC"; then
+             ZINC='-I- -I. -I$(SRCDIR)'
+         fi
+         ;;
+  SunOS\ 4*) SFLAGS=${CFLAGS-"-O2 -PIC"}
+             CFLAGS=${CFLAGS-"-O2"}
+             LDSHARED=${LDSHARED-"ld"} ;;
+  SunStudio\ 9*) SFLAGS=${CFLAGS-"-fast -xcode=pic32 -xtarget=ultra3 -xarch=v9b"}
+             CFLAGS=${CFLAGS-"-fast -xtarget=ultra3 -xarch=v9b"}
+             LDSHARED=${LDSHARED-"cc -xarch=v9b"} ;;
+  UNIX_System_V\ 4.2.0)
+             SFLAGS=${CFLAGS-"-KPIC -O"}
+             CFLAGS=${CFLAGS-"-O"}
+             LDSHARED=${LDSHARED-"cc -G"} ;;
+  UNIX_SV\ 4.2MP)
+             SFLAGS=${CFLAGS-"-Kconform_pic -O"}
+             CFLAGS=${CFLAGS-"-O"}
+             LDSHARED=${LDSHARED-"cc -G"} ;;
+  OpenUNIX\ 5)
+             SFLAGS=${CFLAGS-"-KPIC -O"}
+             CFLAGS=${CFLAGS-"-O"}
+             LDSHARED=${LDSHARED-"cc -G"} ;;
+  AIX*)  # Courtesy of dbakker@arrayasolutions.com
+             SFLAGS=${CFLAGS-"-O -qmaxmem=8192"}
+             CFLAGS=${CFLAGS-"-O -qmaxmem=8192"}
+             LDSHARED=${LDSHARED-"xlc -G"} ;;
+  # send working options for other systems to zlib@gzip.org
+  *)         SFLAGS=${CFLAGS-"-O"}
+             CFLAGS=${CFLAGS-"-O"}
+             LDSHARED=${LDSHARED-"cc -shared"} ;;
+  esac
+fi
+
+# destination names for shared library if not defined above
+SHAREDLIB=${SHAREDLIB-"libz$shared_ext"}
+SHAREDLIBV=${SHAREDLIBV-"libz$shared_ext.$VER"}
+SHAREDLIBM=${SHAREDLIBM-"libz$shared_ext.$VER1"}
+
+echo >> configure.log
+
+# define functions for testing compiler and library characteristics and logging the results
+
+cat > $test.c <<EOF
+#error error
+EOF
+if ($CC -c $CFLAGS $test.c) 2>/dev/null; then
+  try()
+  {
+    show $*
+    test "`( $* ) 2>&1 | tee -a configure.log`" = ""
+  }
+  echo - using any output from compiler to indicate an error >> configure.log
+else
+  try()
+  {
+    show $*
+    got=`( $* ) 2>&1`
+    ret=$?
+    if test "$got" != ""; then
+      printf "%s\n" "$got" >> configure.log
+    fi
+    if test $ret -ne 0; then
+      echo "(exit code "$ret")" >> configure.log
+    fi
+    return $ret
+  }
+fi
+
+tryboth()
+{
+  show $*
+  got=`( $* ) 2>&1`
+  ret=$?
+  if test "$got" != ""; then
+    printf "%s\n" "$got" >> configure.log
+  fi
+  if test $ret -ne 0; then
+    echo "(exit code "$ret")" >> configure.log
+    return $ret
+  fi
+  test "$got" = ""
+}
+
+cat > $test.c << EOF
+int foo() { return 0; }
+EOF
+echo "Checking for obsessive-compulsive compiler options..." >> configure.log
+if try $CC -c $CFLAGS $test.c; then
+  :
+else
+  echo "Compiler error reporting is too harsh for $0 (perhaps remove -Werror)." | tee -a configure.log
+  leave 1
+fi
+
+echo >> configure.log
+
+# see if shared library build supported
+cat > $test.c <<EOF
+extern int getchar();
+int hello() {return getchar();}
+EOF
+if test $shared -eq 1; then
+  echo Checking for shared library support... | tee -a configure.log
+  # we must test in two steps (cc then ld), required at least on SunOS 4.x
+  if try $CC -c $SFLAGS $test.c &&
+     try $LDSHARED $SFLAGS -o $test$shared_ext $test.o; then
+    echo Building shared library $SHAREDLIBV with $CC. | tee -a configure.log
+  elif test -z "$old_cc" -a -z "$old_cflags"; then
+    echo No shared library support. | tee -a configure.log
+    shared=0;
+  else
+    echo 'No shared library support; try without defining CC and CFLAGS' | tee -a configure.log
+    shared=0;
+  fi
+fi
+if test $shared -eq 0; then
+  LDSHARED="$CC"
+  ALL="static"
+  TEST="all teststatic"
+  SHAREDLIB=""
+  SHAREDLIBV=""
+  SHAREDLIBM=""
+  echo Building static library $STATICLIB version $VER with $CC. | tee -a configure.log
+else
+  ALL="static shared"
+  TEST="all teststatic testshared"
+fi
+
+echo >> configure.log
+
+# check for size_t
+cat > $test.c <<EOF
+#include <stdio.h>
+#include <stdlib.h>
+size_t dummy = 0;
+EOF
+if try $CC -c $CFLAGS $test.c; then
+  echo "Checking for size_t... Yes." | tee -a configure.log
+else
+  echo "Checking for size_t... No." | tee -a configure.log
+  # find a size_t integer type
+  # check for long long
+  cat > $test.c << EOF
+long long dummy = 0;
+EOF
+  if try $CC -c $CFLAGS $test.c; then
+    echo "Checking for long long... Yes." | tee -a configure.log
+    cat > $test.c <<EOF
+#include <stdio.h>
+int main(void) {
+    if (sizeof(void *) <= sizeof(int)) puts("int");
+    else if (sizeof(void *) <= sizeof(long)) puts("long");
+    else puts("z_longlong");
+    return 0;
+}
+EOF
+  else
+    echo "Checking for long long... No." | tee -a configure.log
+    cat > $test.c <<EOF
+#include <stdio.h>
+int main(void) {
+    if (sizeof(void *) <= sizeof(int)) puts("int");
+    else puts("long");
+    return 0;
+}
+EOF
+  fi
+  if try $CC $CFLAGS -o $test $test.c; then
+    sizet=`./$test`
+    echo "Checking for a pointer-size integer type..." $sizet"." | tee -a configure.log
+    CFLAGS="${CFLAGS} -DNO_SIZE_T=${sizet}"
+    SFLAGS="${SFLAGS} -DNO_SIZE_T=${sizet}"
+  else
+    echo "Checking for a pointer-size integer type... not found." | tee -a configure.log
+  fi
+fi
+
+echo >> configure.log
+
+# check for large file support, and if none, check for fseeko()
+cat > $test.c <<EOF
+#include <sys/types.h>
+off64_t dummy = 0;
+EOF
+if try $CC -c $CFLAGS -D_LARGEFILE64_SOURCE=1 $test.c; then
+  CFLAGS="${CFLAGS} -D_LARGEFILE64_SOURCE=1"
+  SFLAGS="${SFLAGS} -D_LARGEFILE64_SOURCE=1"
+  ALL="${ALL} all64"
+  TEST="${TEST} test64"
+  echo "Checking for off64_t... Yes." | tee -a configure.log
+  echo "Checking for fseeko... Yes." | tee -a configure.log
+else
+  echo "Checking for off64_t... No." | tee -a configure.log
+  echo >> configure.log
+  cat > $test.c <<EOF
+#include <stdio.h>
+int main(void) {
+  fseeko(NULL, 0, 0);
+  return 0;
+}
+EOF
+  if try $CC $CFLAGS -o $test $test.c; then
+    echo "Checking for fseeko... Yes." | tee -a configure.log
+  else
+    CFLAGS="${CFLAGS} -DNO_FSEEKO"
+    SFLAGS="${SFLAGS} -DNO_FSEEKO"
+    echo "Checking for fseeko... No." | tee -a configure.log
+  fi
+fi
+
+echo >> configure.log
+
+# check for strerror() for use by gz* functions
+cat > $test.c <<EOF
+#include <string.h>
+#include <errno.h>
+int main() { return strlen(strerror(errno)); }
+EOF
+if try $CC $CFLAGS -o $test $test.c; then
+  echo "Checking for strerror... Yes." | tee -a configure.log
+else
+  CFLAGS="${CFLAGS} -DNO_STRERROR"
+  SFLAGS="${SFLAGS} -DNO_STRERROR"
+  echo "Checking for strerror... No." | tee -a configure.log
+fi
+
+# copy clean zconf.h for subsequent edits
+cp -p ${SRCDIR}zconf.h.in zconf.h
+
+echo >> configure.log
+
+# check for unistd.h and save result in zconf.h
+cat > $test.c <<EOF
+#include <unistd.h>
+int main() { return 0; }
+EOF
+if try $CC -c $CFLAGS $test.c; then
+  sed < zconf.h "/^#ifdef HAVE_UNISTD_H.* may be/s/def HAVE_UNISTD_H\(.*\) may be/ 1\1 was/" > zconf.temp.h
+  mv zconf.temp.h zconf.h
+  echo "Checking for unistd.h... Yes." | tee -a configure.log
+else
+  echo "Checking for unistd.h... No." | tee -a configure.log
+fi
+
+echo >> configure.log
+
+# check for stdarg.h and save result in zconf.h
+cat > $test.c <<EOF
+#include <stdarg.h>
+int main() { return 0; }
+EOF
+if try $CC -c $CFLAGS $test.c; then
+  sed < zconf.h "/^#ifdef HAVE_STDARG_H.* may be/s/def HAVE_STDARG_H\(.*\) may be/ 1\1 was/" > zconf.temp.h
+  mv zconf.temp.h zconf.h
+  echo "Checking for stdarg.h... Yes." | tee -a configure.log
+else
+  echo "Checking for stdarg.h... No." | tee -a configure.log
+fi
+
+# if the z_ prefix was requested, save that in zconf.h
+if test $zprefix -eq 1; then
+  sed < zconf.h "/#ifdef Z_PREFIX.* may be/s/def Z_PREFIX\(.*\) may be/ 1\1 was/" > zconf.temp.h
+  mv zconf.temp.h zconf.h
+  echo >> configure.log
+  echo "Using z_ prefix on all symbols." | tee -a configure.log
+fi
+
+# if --solo compilation was requested, save that in zconf.h and remove gz stuff from object lists
+if test $solo -eq 1; then
+  sed '/#define ZCONF_H/a\
+#define Z_SOLO
+
+' < zconf.h > zconf.temp.h
+  mv zconf.temp.h zconf.h
+OBJC='$(OBJZ)'
+PIC_OBJC='$(PIC_OBJZ)'
+fi
+
+# if code coverage testing was requested, use older gcc if defined, e.g. "gcc-4.2" on Mac OS X
+if test $cover -eq 1; then
+  CFLAGS="${CFLAGS} -fprofile-arcs -ftest-coverage"
+  if test -n "$GCC_CLASSIC"; then
+    CC=$GCC_CLASSIC
+  fi
+fi
+
+echo >> configure.log
+
+# conduct a series of tests to resolve eight possible cases of using "vs" or "s" printf functions
+# (using stdarg or not), with or without "n" (proving size of buffer), and with or without a
+# return value.  The most secure result is vsnprintf() with a return value.  snprintf() with a
+# return value is secure as well, but then gzprintf() will be limited to 20 arguments.
+cat > $test.c <<EOF
+#include <stdio.h>
+#include <stdarg.h>
+#include "zconf.h"
+int main()
+{
+#ifndef STDC
+  choke me
+#endif
+  return 0;
+}
+EOF
+if try $CC -c $CFLAGS $test.c; then
+  echo "Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf()." | tee -a configure.log
+
+  echo >> configure.log
+  cat > $test.c <<EOF
+#include <stdio.h>
+#include <stdarg.h>
+int mytest(const char *fmt, ...)
+{
+  char buf[20];
+  va_list ap;
+  va_start(ap, fmt);
+  vsnprintf(buf, sizeof(buf), fmt, ap);
+  va_end(ap);
+  return 0;
+}
+int main()
+{
+  return (mytest("Hello%d\n", 1));
+}
+EOF
+  if try $CC $CFLAGS -o $test $test.c; then
+    echo "Checking for vsnprintf() in stdio.h... Yes." | tee -a configure.log
+
+    echo >> configure.log
+    cat >$test.c <<EOF
+#include <stdio.h>
+#include <stdarg.h>
+int mytest(const char *fmt, ...)
+{
+  int n;
+  char buf[20];
+  va_list ap;
+  va_start(ap, fmt);
+  n = vsnprintf(buf, sizeof(buf), fmt, ap);
+  va_end(ap);
+  return n;
+}
+int main()
+{
+  return (mytest("Hello%d\n", 1));
+}
+EOF
+
+    if try $CC -c $CFLAGS $test.c; then
+      echo "Checking for return value of vsnprintf()... Yes." | tee -a configure.log
+    else
+      CFLAGS="$CFLAGS -DHAS_vsnprintf_void"
+      SFLAGS="$SFLAGS -DHAS_vsnprintf_void"
+      echo "Checking for return value of vsnprintf()... No." | tee -a configure.log
+      echo "  WARNING: apparently vsnprintf() does not return a value. zlib" | tee -a configure.log
+      echo "  can build but will be open to possible string-format security" | tee -a configure.log
+      echo "  vulnerabilities." | tee -a configure.log
+    fi
+  else
+    CFLAGS="$CFLAGS -DNO_vsnprintf"
+    SFLAGS="$SFLAGS -DNO_vsnprintf"
+    echo "Checking for vsnprintf() in stdio.h... No." | tee -a configure.log
+    echo "  WARNING: vsnprintf() not found, falling back to vsprintf(). zlib" | tee -a configure.log
+    echo "  can build but will be open to possible buffer-overflow security" | tee -a configure.log
+    echo "  vulnerabilities." | tee -a configure.log
+
+    echo >> configure.log
+    cat >$test.c <<EOF
+#include <stdio.h>
+#include <stdarg.h>
+int mytest(const char *fmt, ...)
+{
+  int n;
+  char buf[20];
+  va_list ap;
+  va_start(ap, fmt);
+  n = vsprintf(buf, fmt, ap);
+  va_end(ap);
+  return n;
+}
+int main()
+{
+  return (mytest("Hello%d\n", 1));
+}
+EOF
+
+    if try $CC -c $CFLAGS $test.c; then
+      echo "Checking for return value of vsprintf()... Yes." | tee -a configure.log
+    else
+      CFLAGS="$CFLAGS -DHAS_vsprintf_void"
+      SFLAGS="$SFLAGS -DHAS_vsprintf_void"
+      echo "Checking for return value of vsprintf()... No." | tee -a configure.log
+      echo "  WARNING: apparently vsprintf() does not return a value. zlib" | tee -a configure.log
+      echo "  can build but will be open to possible string-format security" | tee -a configure.log
+      echo "  vulnerabilities." | tee -a configure.log
+    fi
+  fi
+else
+  echo "Checking whether to use vs[n]printf() or s[n]printf()... using s[n]printf()." | tee -a configure.log
+
+  echo >> configure.log
+  cat >$test.c <<EOF
+#include <stdio.h>
+int mytest()
+{
+  char buf[20];
+  snprintf(buf, sizeof(buf), "%s", "foo");
+  return 0;
+}
+int main()
+{
+  return (mytest());
+}
+EOF
+
+  if try $CC $CFLAGS -o $test $test.c; then
+    echo "Checking for snprintf() in stdio.h... Yes." | tee -a configure.log
+
+    echo >> configure.log
+    cat >$test.c <<EOF
+#include <stdio.h>
+int mytest()
+{
+  char buf[20];
+  return snprintf(buf, sizeof(buf), "%s", "foo");
+}
+int main()
+{
+  return (mytest());
+}
+EOF
+
+    if try $CC -c $CFLAGS $test.c; then
+      echo "Checking for return value of snprintf()... Yes." | tee -a configure.log
+    else
+      CFLAGS="$CFLAGS -DHAS_snprintf_void"
+      SFLAGS="$SFLAGS -DHAS_snprintf_void"
+      echo "Checking for return value of snprintf()... No." | tee -a configure.log
+      echo "  WARNING: apparently snprintf() does not return a value. zlib" | tee -a configure.log
+      echo "  can build but will be open to possible string-format security" | tee -a configure.log
+      echo "  vulnerabilities." | tee -a configure.log
+    fi
+  else
+    CFLAGS="$CFLAGS -DNO_snprintf"
+    SFLAGS="$SFLAGS -DNO_snprintf"
+    echo "Checking for snprintf() in stdio.h... No." | tee -a configure.log
+    echo "  WARNING: snprintf() not found, falling back to sprintf(). zlib" | tee -a configure.log
+    echo "  can build but will be open to possible buffer-overflow security" | tee -a configure.log
+    echo "  vulnerabilities." | tee -a configure.log
+
+    echo >> configure.log
+    cat >$test.c <<EOF
+#include <stdio.h>
+int mytest()
+{
+  char buf[20];
+  return sprintf(buf, "%s", "foo");
+}
+int main()
+{
+  return (mytest());
+}
+EOF
+
+    if try $CC -c $CFLAGS $test.c; then
+      echo "Checking for return value of sprintf()... Yes." | tee -a configure.log
+    else
+      CFLAGS="$CFLAGS -DHAS_sprintf_void"
+      SFLAGS="$SFLAGS -DHAS_sprintf_void"
+      echo "Checking for return value of sprintf()... No." | tee -a configure.log
+      echo "  WARNING: apparently sprintf() does not return a value. zlib" | tee -a configure.log
+      echo "  can build but will be open to possible string-format security" | tee -a configure.log
+      echo "  vulnerabilities." | tee -a configure.log
+    fi
+  fi
+fi
+
+# see if we can hide zlib internal symbols that are linked between separate source files
+if test "$gcc" -eq 1; then
+  echo >> configure.log
+  cat > $test.c <<EOF
+#define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+int ZLIB_INTERNAL foo;
+int main()
+{
+  return 0;
+}
+EOF
+  if tryboth $CC -c $CFLAGS $test.c; then
+    CFLAGS="$CFLAGS -DHAVE_HIDDEN"
+    SFLAGS="$SFLAGS -DHAVE_HIDDEN"
+    echo "Checking for attribute(visibility) support... Yes." | tee -a configure.log
+  else
+    echo "Checking for attribute(visibility) support... No." | tee -a configure.log
+  fi
+fi
+
+# show the results in the log
+echo >> configure.log
+echo ALL = $ALL >> configure.log
+echo AR = $AR >> configure.log
+echo ARFLAGS = $ARFLAGS >> configure.log
+echo CC = $CC >> configure.log
+echo CFLAGS = $CFLAGS >> configure.log
+echo CPP = $CPP >> configure.log
+echo EXE = $EXE >> configure.log
+echo LDCONFIG = $LDCONFIG >> configure.log
+echo LDFLAGS = $LDFLAGS >> configure.log
+echo LDSHARED = $LDSHARED >> configure.log
+echo LDSHAREDLIBC = $LDSHAREDLIBC >> configure.log
+echo OBJC = $OBJC >> configure.log
+echo PIC_OBJC = $PIC_OBJC >> configure.log
+echo RANLIB = $RANLIB >> configure.log
+echo SFLAGS = $SFLAGS >> configure.log
+echo SHAREDLIB = $SHAREDLIB >> configure.log
+echo SHAREDLIBM = $SHAREDLIBM >> configure.log
+echo SHAREDLIBV = $SHAREDLIBV >> configure.log
+echo STATICLIB = $STATICLIB >> configure.log
+echo TEST = $TEST >> configure.log
+echo VER = $VER >> configure.log
+echo SRCDIR = $SRCDIR >> configure.log
+echo exec_prefix = $exec_prefix >> configure.log
+echo includedir = $includedir >> configure.log
+echo libdir = $libdir >> configure.log
+echo mandir = $mandir >> configure.log
+echo prefix = $prefix >> configure.log
+echo sharedlibdir = $sharedlibdir >> configure.log
+echo uname = $uname >> configure.log
+
+# update Makefile with the configure results
+sed < ${SRCDIR}Makefile.in "
+/^CC *=/s#=.*#=$CC#
+/^CFLAGS *=/s#=.*#=$CFLAGS#
+/^SFLAGS *=/s#=.*#=$SFLAGS#
+/^LDFLAGS *=/s#=.*#=$LDFLAGS#
+/^LDSHARED *=/s#=.*#=$LDSHARED#
+/^CPP *=/s#=.*#=$CPP#
+/^STATICLIB *=/s#=.*#=$STATICLIB#
+/^SHAREDLIB *=/s#=.*#=$SHAREDLIB#
+/^SHAREDLIBV *=/s#=.*#=$SHAREDLIBV#
+/^SHAREDLIBM *=/s#=.*#=$SHAREDLIBM#
+/^AR *=/s#=.*#=$AR#
+/^ARFLAGS *=/s#=.*#=$ARFLAGS#
+/^RANLIB *=/s#=.*#=$RANLIB#
+/^LDCONFIG *=/s#=.*#=$LDCONFIG#
+/^LDSHAREDLIBC *=/s#=.*#=$LDSHAREDLIBC#
+/^EXE *=/s#=.*#=$EXE#
+/^SRCDIR *=/s#=.*#=$SRCDIR#
+/^ZINC *=/s#=.*#=$ZINC#
+/^ZINCOUT *=/s#=.*#=$ZINCOUT#
+/^prefix *=/s#=.*#=$prefix#
+/^exec_prefix *=/s#=.*#=$exec_prefix#
+/^libdir *=/s#=.*#=$libdir#
+/^sharedlibdir *=/s#=.*#=$sharedlibdir#
+/^includedir *=/s#=.*#=$includedir#
+/^mandir *=/s#=.*#=$mandir#
+/^OBJC *=/s#=.*#= $OBJC#
+/^PIC_OBJC *=/s#=.*#= $PIC_OBJC#
+/^all: */s#:.*#: $ALL#
+/^test: */s#:.*#: $TEST#
+" > Makefile
+
+# create zlib.pc with the configure results
+sed < ${SRCDIR}zlib.pc.in "
+/^CC *=/s#=.*#=$CC#
+/^CFLAGS *=/s#=.*#=$CFLAGS#
+/^CPP *=/s#=.*#=$CPP#
+/^LDSHARED *=/s#=.*#=$LDSHARED#
+/^STATICLIB *=/s#=.*#=$STATICLIB#
+/^SHAREDLIB *=/s#=.*#=$SHAREDLIB#
+/^SHAREDLIBV *=/s#=.*#=$SHAREDLIBV#
+/^SHAREDLIBM *=/s#=.*#=$SHAREDLIBM#
+/^AR *=/s#=.*#=$AR#
+/^ARFLAGS *=/s#=.*#=$ARFLAGS#
+/^RANLIB *=/s#=.*#=$RANLIB#
+/^EXE *=/s#=.*#=$EXE#
+/^prefix *=/s#=.*#=$prefix#
+/^exec_prefix *=/s#=.*#=$exec_prefix#
+/^libdir *=/s#=.*#=$libdir#
+/^sharedlibdir *=/s#=.*#=$sharedlibdir#
+/^includedir *=/s#=.*#=$includedir#
+/^mandir *=/s#=.*#=$mandir#
+/^LDFLAGS *=/s#=.*#=$LDFLAGS#
+" | sed -e "
+s/\@VERSION\@/$VER/g;
+" > zlib.pc
+
+# done
+leave 0
diff --git a/zlib-1.3.1/contrib/README.contrib b/zlib-1.3.1/contrib/README.contrib
new file mode 100644
index 00000000..5e5f9505
--- /dev/null
+++ b/zlib-1.3.1/contrib/README.contrib
@@ -0,0 +1,57 @@
+All files under this contrib directory are UNSUPPORTED. They were
+provided by users of zlib and were not tested by the authors of zlib.
+Use at your own risk. Please contact the authors of the contributions
+for help about these, not the zlib authors. Thanks.
+
+
+ada/        by Dmitriy Anisimkov <anisimkov@yahoo.com>
+        Support for Ada
+        See http://zlib-ada.sourceforge.net/
+
+blast/      by Mark Adler <madler@alumni.caltech.edu>
+        Decompressor for output of PKWare Data Compression Library (DCL)
+
+delphi/     by Cosmin Truta <cosmint@cs.ubbcluj.ro>
+        Support for Delphi and C++ Builder
+
+dotzlib/    by Henrik Ravn <henrik@ravn.com>
+        Support for Microsoft .Net and Visual C++ .Net
+
+gcc_gvmat64/by Gilles Vollant <info@winimage.com>
+        GCC Version of x86 64-bit (AMD64 and Intel EM64t) code for x64
+        assembler to replace longest_match() and inflate_fast()
+
+infback9/   by Mark Adler <madler@alumni.caltech.edu>
+        Unsupported diffs to infback to decode the deflate64 format
+
+iostream/   by Kevin Ruland <kevin@rodin.wustl.edu>
+        A C++ I/O streams interface to the zlib gz* functions
+
+iostream2/  by Tyge Løvset <Tyge.Lovset@cmr.no>
+        Another C++ I/O streams interface
+
+iostream3/  by Ludwig Schwardt <schwardt@sun.ac.za>
+            and Kevin Ruland <kevin@rodin.wustl.edu>
+        Yet another C++ I/O streams interface
+
+minizip/    by Gilles Vollant <info@winimage.com>
+        Mini zip and unzip based on zlib
+        Includes Zip64 support by Mathias Svensson <mathias@result42.com>
+        See http://www.winimage.com/zLibDll/minizip.html
+
+pascal/     by Bob Dellaca <bobdl@xtra.co.nz> et al.
+        Support for Pascal
+
+puff/       by Mark Adler <madler@alumni.caltech.edu>
+        Small, low memory usage inflate.  Also serves to provide an
+        unambiguous description of the deflate format.
+
+testzlib/   by Gilles Vollant <info@winimage.com>
+        Example of the use of zlib
+
+untgz/      by Pedro A. Aranda Gutierrez <paag@tid.es>
+        A very simple tar.gz file extractor using zlib
+
+vstudio/    by Gilles Vollant <info@winimage.com>
+        Building a minizip-enhanced zlib with Microsoft Visual Studio
+        Includes vc11 from kreuzerkrieg and vc12 from davispuh
diff --git a/zlib-1.3.1/contrib/ada/buffer_demo.adb b/zlib-1.3.1/contrib/ada/buffer_demo.adb
new file mode 100644
index 00000000..46b86381
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/buffer_demo.adb
@@ -0,0 +1,106 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2004 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+--
+--  $Id: buffer_demo.adb,v 1.3 2004/09/06 06:55:35 vagul Exp $
+
+--  This demo program provided by Dr Steve Sangwine <sjs@essex.ac.uk>
+--
+--  Demonstration of a problem with Zlib-Ada (already fixed) when a buffer
+--  of exactly the correct size is used for decompressed data, and the last
+--  few bytes passed in to Zlib are checksum bytes.
+
+--  This program compresses a string of text, and then decompresses the
+--  compressed text into a buffer of the same size as the original text.
+
+with Ada.Streams; use Ada.Streams;
+with Ada.Text_IO;
+
+with ZLib; use ZLib;
+
+procedure Buffer_Demo is
+   EOL  : Character renames ASCII.LF;
+   Text : constant String
+     := "Four score and seven years ago our fathers brought forth," & EOL &
+        "upon this continent, a new nation, conceived in liberty," & EOL &
+        "and dedicated to the proposition that `all men are created equal'.";
+
+   Source : Stream_Element_Array (1 .. Text'Length);
+   for Source'Address use Text'Address;
+
+begin
+   Ada.Text_IO.Put (Text);
+   Ada.Text_IO.New_Line;
+   Ada.Text_IO.Put_Line
+     ("Uncompressed size : " & Positive'Image (Text'Length) & " bytes");
+
+   declare
+      Compressed_Data : Stream_Element_Array (1 .. Text'Length);
+      L               : Stream_Element_Offset;
+   begin
+      Compress : declare
+         Compressor : Filter_Type;
+         I : Stream_Element_Offset;
+      begin
+         Deflate_Init (Compressor);
+
+         --  Compress the whole of T at once.
+
+         Translate (Compressor, Source, I, Compressed_Data, L, Finish);
+         pragma Assert (I = Source'Last);
+
+         Close (Compressor);
+
+         Ada.Text_IO.Put_Line
+           ("Compressed size :   "
+            & Stream_Element_Offset'Image (L) & " bytes");
+      end Compress;
+
+      --  Now we decompress the data, passing short blocks of data to Zlib
+      --  (because this demonstrates the problem - the last block passed will
+      --  contain checksum information and there will be no output, only a
+      --  check inside Zlib that the checksum is correct).
+
+      Decompress : declare
+         Decompressor : Filter_Type;
+
+         Uncompressed_Data : Stream_Element_Array (1 .. Text'Length);
+
+         Block_Size : constant := 4;
+         --  This makes sure that the last block contains
+         --  only Adler checksum data.
+
+         P : Stream_Element_Offset := Compressed_Data'First - 1;
+         O : Stream_Element_Offset;
+      begin
+         Inflate_Init (Decompressor);
+
+         loop
+            Translate
+              (Decompressor,
+               Compressed_Data
+                 (P + 1 .. Stream_Element_Offset'Min (P + Block_Size, L)),
+               P,
+               Uncompressed_Data
+                 (Total_Out (Decompressor) + 1 .. Uncompressed_Data'Last),
+               O,
+               No_Flush);
+
+               Ada.Text_IO.Put_Line
+                 ("Total in : " & Count'Image (Total_In (Decompressor)) &
+                  ", out : " & Count'Image (Total_Out (Decompressor)));
+
+               exit when P = L;
+         end loop;
+
+         Ada.Text_IO.New_Line;
+         Ada.Text_IO.Put_Line
+           ("Decompressed text matches original text : "
+             & Boolean'Image (Uncompressed_Data = Source));
+      end Decompress;
+   end;
+end Buffer_Demo;
diff --git a/zlib-1.3.1/contrib/ada/mtest.adb b/zlib-1.3.1/contrib/ada/mtest.adb
new file mode 100644
index 00000000..c4dfd080
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/mtest.adb
@@ -0,0 +1,156 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+--  Continuous test for ZLib multithreading. If the test would fail
+--  we should provide thread safe allocation routines for the Z_Stream.
+--
+--  $Id: mtest.adb,v 1.4 2004/07/23 07:49:54 vagul Exp $
+
+with ZLib;
+with Ada.Streams;
+with Ada.Numerics.Discrete_Random;
+with Ada.Text_IO;
+with Ada.Exceptions;
+with Ada.Task_Identification;
+
+procedure MTest is
+   use Ada.Streams;
+   use ZLib;
+
+   Stop : Boolean := False;
+
+   pragma Atomic (Stop);
+
+   subtype Visible_Symbols is Stream_Element range 16#20# .. 16#7E#;
+
+   package Random_Elements is
+      new Ada.Numerics.Discrete_Random (Visible_Symbols);
+
+   task type Test_Task;
+
+   task body Test_Task is
+      Buffer : Stream_Element_Array (1 .. 100_000);
+      Gen : Random_Elements.Generator;
+
+      Buffer_First  : Stream_Element_Offset;
+      Compare_First : Stream_Element_Offset;
+
+      Deflate : Filter_Type;
+      Inflate : Filter_Type;
+
+      procedure Further (Item : in Stream_Element_Array);
+
+      procedure Read_Buffer
+        (Item : out Ada.Streams.Stream_Element_Array;
+         Last : out Ada.Streams.Stream_Element_Offset);
+
+      -------------
+      -- Further --
+      -------------
+
+      procedure Further (Item : in Stream_Element_Array) is
+
+         procedure Compare (Item : in Stream_Element_Array);
+
+         -------------
+         -- Compare --
+         -------------
+
+         procedure Compare (Item : in Stream_Element_Array) is
+            Next_First : Stream_Element_Offset := Compare_First + Item'Length;
+         begin
+            if Buffer (Compare_First .. Next_First - 1) /= Item then
+               raise Program_Error;
+            end if;
+
+            Compare_First := Next_First;
+         end Compare;
+
+         procedure Compare_Write is new ZLib.Write (Write => Compare);
+      begin
+         Compare_Write (Inflate, Item, No_Flush);
+      end Further;
+
+      -----------------
+      -- Read_Buffer --
+      -----------------
+
+      procedure Read_Buffer
+        (Item : out Ada.Streams.Stream_Element_Array;
+         Last : out Ada.Streams.Stream_Element_Offset)
+      is
+         Buff_Diff   : Stream_Element_Offset := Buffer'Last - Buffer_First;
+         Next_First : Stream_Element_Offset;
+      begin
+         if Item'Length <= Buff_Diff then
+            Last := Item'Last;
+
+            Next_First := Buffer_First + Item'Length;
+
+            Item := Buffer (Buffer_First .. Next_First - 1);
+
+            Buffer_First := Next_First;
+         else
+            Last := Item'First + Buff_Diff;
+            Item (Item'First .. Last) := Buffer (Buffer_First .. Buffer'Last);
+            Buffer_First := Buffer'Last + 1;
+         end if;
+      end Read_Buffer;
+
+      procedure Translate is new Generic_Translate
+                                   (Data_In  => Read_Buffer,
+                                    Data_Out => Further);
+
+   begin
+      Random_Elements.Reset (Gen);
+
+      Buffer := (others => 20);
+
+      Main : loop
+         for J in Buffer'Range loop
+            Buffer (J) := Random_Elements.Random (Gen);
+
+            Deflate_Init (Deflate);
+            Inflate_Init (Inflate);
+
+            Buffer_First  := Buffer'First;
+            Compare_First := Buffer'First;
+
+            Translate (Deflate);
+
+            if Compare_First /= Buffer'Last + 1 then
+               raise Program_Error;
+            end if;
+
+            Ada.Text_IO.Put_Line
+              (Ada.Task_Identification.Image
+                 (Ada.Task_Identification.Current_Task)
+               & Stream_Element_Offset'Image (J)
+               & ZLib.Count'Image (Total_Out (Deflate)));
+
+            Close (Deflate);
+            Close (Inflate);
+
+            exit Main when Stop;
+         end loop;
+      end loop Main;
+   exception
+      when E : others =>
+         Ada.Text_IO.Put_Line (Ada.Exceptions.Exception_Information (E));
+         Stop := True;
+   end Test_Task;
+
+   Test : array (1 .. 4) of Test_Task;
+
+   pragma Unreferenced (Test);
+
+   Dummy : Character;
+
+begin
+   Ada.Text_IO.Get_Immediate (Dummy);
+   Stop := True;
+end MTest;
diff --git a/zlib-1.3.1/contrib/ada/read.adb b/zlib-1.3.1/contrib/ada/read.adb
new file mode 100644
index 00000000..1f2efbfe
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/read.adb
@@ -0,0 +1,156 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: read.adb,v 1.8 2004/05/31 10:53:40 vagul Exp $
+
+--  Test/demo program for the generic read interface.
+
+with Ada.Numerics.Discrete_Random;
+with Ada.Streams;
+with Ada.Text_IO;
+
+with ZLib;
+
+procedure Read is
+
+   use Ada.Streams;
+
+   ------------------------------------
+   --  Test configuration parameters --
+   ------------------------------------
+
+   File_Size   : Stream_Element_Offset := 100_000;
+
+   Continuous  : constant Boolean          := False;
+   --  If this constant is True, the test would be repeated again and again,
+   --  with increment File_Size for every iteration.
+
+   Header      : constant ZLib.Header_Type := ZLib.Default;
+   --  Do not use Header other than Default in ZLib versions 1.1.4 and older.
+
+   Init_Random : constant := 8;
+   --  We are using the same random sequence, in case of we catch bug,
+   --  so we would be able to reproduce it.
+
+   -- End --
+
+   Pack_Size : Stream_Element_Offset;
+   Offset    : Stream_Element_Offset;
+
+   Filter     : ZLib.Filter_Type;
+
+   subtype Visible_Symbols
+      is Stream_Element range 16#20# .. 16#7E#;
+
+   package Random_Elements is new
+      Ada.Numerics.Discrete_Random (Visible_Symbols);
+
+   Gen : Random_Elements.Generator;
+   Period  : constant Stream_Element_Offset := 200;
+   --  Period constant variable for random generator not to be very random.
+   --  Bigger period, harder random.
+
+   Read_Buffer : Stream_Element_Array (1 .. 2048);
+   Read_First  : Stream_Element_Offset;
+   Read_Last   : Stream_Element_Offset;
+
+   procedure Reset;
+
+   procedure Read
+     (Item : out Stream_Element_Array;
+      Last : out Stream_Element_Offset);
+   --  this procedure is for generic instantiation of
+   --  ZLib.Read
+   --  reading data from the File_In.
+
+   procedure Read is new ZLib.Read
+                           (Read,
+                            Read_Buffer,
+                            Rest_First => Read_First,
+                            Rest_Last  => Read_Last);
+
+   ----------
+   -- Read --
+   ----------
+
+   procedure Read
+     (Item : out Stream_Element_Array;
+      Last : out Stream_Element_Offset) is
+   begin
+      Last := Stream_Element_Offset'Min
+               (Item'Last,
+                Item'First + File_Size - Offset);
+
+      for J in Item'First .. Last loop
+         if J < Item'First + Period then
+            Item (J) := Random_Elements.Random (Gen);
+         else
+            Item (J) := Item (J - Period);
+         end if;
+
+         Offset   := Offset + 1;
+      end loop;
+   end Read;
+
+   -----------
+   -- Reset --
+   -----------
+
+   procedure Reset is
+   begin
+      Random_Elements.Reset (Gen, Init_Random);
+      Pack_Size := 0;
+      Offset := 1;
+      Read_First := Read_Buffer'Last + 1;
+      Read_Last  := Read_Buffer'Last;
+   end Reset;
+
+begin
+   Ada.Text_IO.Put_Line ("ZLib " & ZLib.Version);
+
+   loop
+      for Level in ZLib.Compression_Level'Range loop
+
+         Ada.Text_IO.Put ("Level ="
+            & ZLib.Compression_Level'Image (Level));
+
+         --  Deflate using generic instantiation.
+
+         ZLib.Deflate_Init
+               (Filter,
+                Level,
+                Header => Header);
+
+         Reset;
+
+         Ada.Text_IO.Put
+           (Stream_Element_Offset'Image (File_Size) & " ->");
+
+         loop
+            declare
+               Buffer : Stream_Element_Array (1 .. 1024);
+               Last   : Stream_Element_Offset;
+            begin
+               Read (Filter, Buffer, Last);
+
+               Pack_Size := Pack_Size + Last - Buffer'First + 1;
+
+               exit when Last < Buffer'Last;
+            end;
+         end loop;
+
+         Ada.Text_IO.Put_Line (Stream_Element_Offset'Image (Pack_Size));
+
+         ZLib.Close (Filter);
+      end loop;
+
+      exit when not Continuous;
+
+      File_Size := File_Size + 1;
+   end loop;
+end Read;
diff --git a/zlib-1.3.1/contrib/ada/readme.txt b/zlib-1.3.1/contrib/ada/readme.txt
new file mode 100644
index 00000000..efdd639f
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/readme.txt
@@ -0,0 +1,65 @@
+                        ZLib for Ada thick binding (ZLib.Ada)
+                        Release 1.3
+
+ZLib.Ada is a thick binding interface to the popular ZLib data
+compression library, available at http://www.gzip.org/zlib/.
+It provides Ada-style access to the ZLib C library.
+
+
+        Here are the main changes since ZLib.Ada 1.2:
+
+- Attention: ZLib.Read generic routine have a initialization requirement
+  for Read_Last parameter now. It is a bit incompatible with previous version,
+  but extends functionality, we could use new parameters Allow_Read_Some and
+  Flush now.
+
+- Added Is_Open routines to ZLib and ZLib.Streams packages.
+
+- Add pragma Assert to check Stream_Element is 8 bit.
+
+- Fix extraction to buffer with exact known decompressed size. Error reported by
+  Steve Sangwine.
+
+- Fix definition of ULong (changed to unsigned_long), fix regression on 64 bits
+  computers. Patch provided by Pascal Obry.
+
+- Add Status_Error exception definition.
+
+- Add pragma Assertion that Ada.Streams.Stream_Element size is 8 bit.
+
+
+        How to build ZLib.Ada under GNAT
+
+You should have the ZLib library already build on your computer, before
+building ZLib.Ada. Make the directory of ZLib.Ada sources current and
+issue the command:
+
+  gnatmake test -largs -L<directory where libz.a is> -lz
+
+Or use the GNAT project file build for GNAT 3.15 or later:
+
+  gnatmake -Pzlib.gpr -L<directory where libz.a is>
+
+
+        How to build ZLib.Ada under Aonix ObjectAda for Win32 7.2.2
+
+1. Make a project with all *.ads and *.adb files from the distribution.
+2. Build the libz.a library from the ZLib C sources.
+3. Rename libz.a to z.lib.
+4. Add the library z.lib to the project.
+5. Add the libc.lib library from the ObjectAda distribution to the project.
+6. Build the executable using test.adb as a main procedure.
+
+
+        How to use ZLib.Ada
+
+The source files test.adb and read.adb are small demo programs that show
+the main functionality of ZLib.Ada.
+
+The routines from the package specifications are commented.
+
+
+Homepage: http://zlib-ada.sourceforge.net/
+Author: Dmitriy Anisimkov <anisimkov@yahoo.com>
+
+Contributors: Pascal Obry <pascal@obry.org>, Steve Sangwine <sjs@essex.ac.uk>
diff --git a/zlib-1.3.1/contrib/ada/test.adb b/zlib-1.3.1/contrib/ada/test.adb
new file mode 100644
index 00000000..8b350315
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/test.adb
@@ -0,0 +1,463 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: test.adb,v 1.17 2003/08/12 12:13:30 vagul Exp $
+
+--  The program has a few aims.
+--  1. Test ZLib.Ada95 thick binding functionality.
+--  2. Show the example of use main functionality of the ZLib.Ada95 binding.
+--  3. Build this program automatically compile all ZLib.Ada95 packages under
+--     GNAT Ada95 compiler.
+
+with ZLib.Streams;
+with Ada.Streams.Stream_IO;
+with Ada.Numerics.Discrete_Random;
+
+with Ada.Text_IO;
+
+with Ada.Calendar;
+
+procedure Test is
+
+   use Ada.Streams;
+   use Stream_IO;
+
+   ------------------------------------
+   --  Test configuration parameters --
+   ------------------------------------
+
+   File_Size   : Count   := 100_000;
+   Continuous  : constant Boolean := False;
+
+   Header      : constant ZLib.Header_Type := ZLib.Default;
+                                              --  ZLib.None;
+                                              --  ZLib.Auto;
+                                              --  ZLib.GZip;
+   --  Do not use Header other then Default in ZLib versions 1.1.4
+   --  and older.
+
+   Strategy    : constant ZLib.Strategy_Type := ZLib.Default_Strategy;
+   Init_Random : constant := 10;
+
+   -- End --
+
+   In_File_Name  : constant String := "testzlib.in";
+   --  Name of the input file
+
+   Z_File_Name   : constant String := "testzlib.zlb";
+   --  Name of the compressed file.
+
+   Out_File_Name : constant String := "testzlib.out";
+   --  Name of the decompressed file.
+
+   File_In   : File_Type;
+   File_Out  : File_Type;
+   File_Back : File_Type;
+   File_Z    : ZLib.Streams.Stream_Type;
+
+   Filter : ZLib.Filter_Type;
+
+   Time_Stamp : Ada.Calendar.Time;
+
+   procedure Generate_File;
+   --  Generate file of specified size with some random data.
+   --  The random data is repeatable, for the good compression.
+
+   procedure Compare_Streams
+     (Left, Right : in out Root_Stream_Type'Class);
+   --  The procedure comparing data in 2 streams.
+   --  It is for compare data before and after compression/decompression.
+
+   procedure Compare_Files (Left, Right : String);
+   --  Compare files. Based on the Compare_Streams.
+
+   procedure Copy_Streams
+     (Source, Target : in out Root_Stream_Type'Class;
+      Buffer_Size    : in     Stream_Element_Offset := 1024);
+   --  Copying data from one stream to another. It is for test stream
+   --  interface of the library.
+
+   procedure Data_In
+     (Item : out Stream_Element_Array;
+      Last : out Stream_Element_Offset);
+   --  this procedure is for generic instantiation of
+   --  ZLib.Generic_Translate.
+   --  reading data from the File_In.
+
+   procedure Data_Out (Item : in Stream_Element_Array);
+   --  this procedure is for generic instantiation of
+   --  ZLib.Generic_Translate.
+   --  writing data to the File_Out.
+
+   procedure Stamp;
+   --  Store the timestamp to the local variable.
+
+   procedure Print_Statistic (Msg : String; Data_Size : ZLib.Count);
+   --  Print the time statistic with the message.
+
+   procedure Translate is new ZLib.Generic_Translate
+                                (Data_In  => Data_In,
+                                 Data_Out => Data_Out);
+   --  This procedure is moving data from File_In to File_Out
+   --  with compression or decompression, depend on initialization of
+   --  Filter parameter.
+
+   -------------------
+   -- Compare_Files --
+   -------------------
+
+   procedure Compare_Files (Left, Right : String) is
+      Left_File, Right_File : File_Type;
+   begin
+      Open (Left_File, In_File, Left);
+      Open (Right_File, In_File, Right);
+      Compare_Streams (Stream (Left_File).all, Stream (Right_File).all);
+      Close (Left_File);
+      Close (Right_File);
+   end Compare_Files;
+
+   ---------------------
+   -- Compare_Streams --
+   ---------------------
+
+   procedure Compare_Streams
+     (Left, Right : in out Ada.Streams.Root_Stream_Type'Class)
+   is
+      Left_Buffer, Right_Buffer : Stream_Element_Array (0 .. 16#FFF#);
+      Left_Last, Right_Last : Stream_Element_Offset;
+   begin
+      loop
+         Read (Left, Left_Buffer, Left_Last);
+         Read (Right, Right_Buffer, Right_Last);
+
+         if Left_Last /= Right_Last then
+            Ada.Text_IO.Put_Line ("Compare error :"
+              & Stream_Element_Offset'Image (Left_Last)
+              & " /= "
+              & Stream_Element_Offset'Image (Right_Last));
+
+            raise Constraint_Error;
+
+         elsif Left_Buffer (0 .. Left_Last)
+               /= Right_Buffer (0 .. Right_Last)
+         then
+            Ada.Text_IO.Put_Line ("ERROR: IN and OUT files is not equal.");
+            raise Constraint_Error;
+
+         end if;
+
+         exit when Left_Last < Left_Buffer'Last;
+      end loop;
+   end Compare_Streams;
+
+   ------------------
+   -- Copy_Streams --
+   ------------------
+
+   procedure Copy_Streams
+     (Source, Target : in out Ada.Streams.Root_Stream_Type'Class;
+      Buffer_Size    : in     Stream_Element_Offset := 1024)
+   is
+      Buffer : Stream_Element_Array (1 .. Buffer_Size);
+      Last   : Stream_Element_Offset;
+   begin
+      loop
+         Read  (Source, Buffer, Last);
+         Write (Target, Buffer (1 .. Last));
+
+         exit when Last < Buffer'Last;
+      end loop;
+   end Copy_Streams;
+
+   -------------
+   -- Data_In --
+   -------------
+
+   procedure Data_In
+     (Item : out Stream_Element_Array;
+      Last : out Stream_Element_Offset) is
+   begin
+      Read (File_In, Item, Last);
+   end Data_In;
+
+   --------------
+   -- Data_Out --
+   --------------
+
+   procedure Data_Out (Item : in Stream_Element_Array) is
+   begin
+      Write (File_Out, Item);
+   end Data_Out;
+
+   -------------------
+   -- Generate_File --
+   -------------------
+
+   procedure Generate_File is
+      subtype Visible_Symbols is Stream_Element range 16#20# .. 16#7E#;
+
+      package Random_Elements is
+         new Ada.Numerics.Discrete_Random (Visible_Symbols);
+
+      Gen    : Random_Elements.Generator;
+      Buffer : Stream_Element_Array := (1 .. 77 => 16#20#) & 10;
+
+      Buffer_Count : constant Count := File_Size / Buffer'Length;
+      --  Number of same buffers in the packet.
+
+      Density : constant Count := 30; --  from 0 to Buffer'Length - 2;
+
+      procedure Fill_Buffer (J, D : in Count);
+      --  Change the part of the buffer.
+
+      -----------------
+      -- Fill_Buffer --
+      -----------------
+
+      procedure Fill_Buffer (J, D : in Count) is
+      begin
+         for K in 0 .. D loop
+            Buffer
+              (Stream_Element_Offset ((J + K) mod (Buffer'Length - 1) + 1))
+             := Random_Elements.Random (Gen);
+
+         end loop;
+      end Fill_Buffer;
+
+   begin
+      Random_Elements.Reset (Gen, Init_Random);
+
+      Create (File_In, Out_File, In_File_Name);
+
+      Fill_Buffer (1, Buffer'Length - 2);
+
+      for J in 1 .. Buffer_Count loop
+         Write (File_In, Buffer);
+
+         Fill_Buffer (J, Density);
+      end loop;
+
+      --  fill remain size.
+
+      Write
+        (File_In,
+         Buffer
+           (1 .. Stream_Element_Offset
+                   (File_Size - Buffer'Length * Buffer_Count)));
+
+      Flush (File_In);
+      Close (File_In);
+   end Generate_File;
+
+   ---------------------
+   -- Print_Statistic --
+   ---------------------
+
+   procedure Print_Statistic (Msg : String; Data_Size : ZLib.Count) is
+      use Ada.Calendar;
+      use Ada.Text_IO;
+
+      package Count_IO is new Integer_IO (ZLib.Count);
+
+      Curr_Dur : Duration := Clock - Time_Stamp;
+   begin
+      Put (Msg);
+
+      Set_Col (20);
+      Ada.Text_IO.Put ("size =");
+
+      Count_IO.Put
+        (Data_Size,
+         Width => Stream_IO.Count'Image (File_Size)'Length);
+
+      Put_Line (" duration =" & Duration'Image (Curr_Dur));
+   end Print_Statistic;
+
+   -----------
+   -- Stamp --
+   -----------
+
+   procedure Stamp is
+   begin
+      Time_Stamp := Ada.Calendar.Clock;
+   end Stamp;
+
+begin
+   Ada.Text_IO.Put_Line ("ZLib " & ZLib.Version);
+
+   loop
+      Generate_File;
+
+      for Level in ZLib.Compression_Level'Range loop
+
+         Ada.Text_IO.Put_Line ("Level ="
+            & ZLib.Compression_Level'Image (Level));
+
+         --  Test generic interface.
+         Open   (File_In, In_File, In_File_Name);
+         Create (File_Out, Out_File, Z_File_Name);
+
+         Stamp;
+
+         --  Deflate using generic instantiation.
+
+         ZLib.Deflate_Init
+               (Filter   => Filter,
+                Level    => Level,
+                Strategy => Strategy,
+                Header   => Header);
+
+         Translate (Filter);
+         Print_Statistic ("Generic compress", ZLib.Total_Out (Filter));
+         ZLib.Close (Filter);
+
+         Close (File_In);
+         Close (File_Out);
+
+         Open   (File_In, In_File, Z_File_Name);
+         Create (File_Out, Out_File, Out_File_Name);
+
+         Stamp;
+
+         --  Inflate using generic instantiation.
+
+         ZLib.Inflate_Init (Filter, Header => Header);
+
+         Translate (Filter);
+         Print_Statistic ("Generic decompress", ZLib.Total_Out (Filter));
+
+         ZLib.Close (Filter);
+
+         Close (File_In);
+         Close (File_Out);
+
+         Compare_Files (In_File_Name, Out_File_Name);
+
+         --  Test stream interface.
+
+         --  Compress to the back stream.
+
+         Open   (File_In, In_File, In_File_Name);
+         Create (File_Back, Out_File, Z_File_Name);
+
+         Stamp;
+
+         ZLib.Streams.Create
+           (Stream          => File_Z,
+            Mode            => ZLib.Streams.Out_Stream,
+            Back            => ZLib.Streams.Stream_Access
+                                 (Stream (File_Back)),
+            Back_Compressed => True,
+            Level           => Level,
+            Strategy        => Strategy,
+            Header          => Header);
+
+         Copy_Streams
+           (Source => Stream (File_In).all,
+            Target => File_Z);
+
+         --  Flushing internal buffers to the back stream.
+
+         ZLib.Streams.Flush (File_Z, ZLib.Finish);
+
+         Print_Statistic ("Write compress",
+                          ZLib.Streams.Write_Total_Out (File_Z));
+
+         ZLib.Streams.Close (File_Z);
+
+         Close (File_In);
+         Close (File_Back);
+
+         --  Compare reading from original file and from
+         --  decompression stream.
+
+         Open (File_In,   In_File, In_File_Name);
+         Open (File_Back, In_File, Z_File_Name);
+
+         ZLib.Streams.Create
+           (Stream          => File_Z,
+            Mode            => ZLib.Streams.In_Stream,
+            Back            => ZLib.Streams.Stream_Access
+                                 (Stream (File_Back)),
+            Back_Compressed => True,
+            Header          => Header);
+
+         Stamp;
+         Compare_Streams (Stream (File_In).all, File_Z);
+
+         Print_Statistic ("Read decompress",
+                          ZLib.Streams.Read_Total_Out (File_Z));
+
+         ZLib.Streams.Close (File_Z);
+         Close (File_In);
+         Close (File_Back);
+
+         --  Compress by reading from compression stream.
+
+         Open (File_Back, In_File, In_File_Name);
+         Create (File_Out, Out_File, Z_File_Name);
+
+         ZLib.Streams.Create
+           (Stream          => File_Z,
+            Mode            => ZLib.Streams.In_Stream,
+            Back            => ZLib.Streams.Stream_Access
+                                 (Stream (File_Back)),
+            Back_Compressed => False,
+            Level           => Level,
+            Strategy        => Strategy,
+            Header          => Header);
+
+         Stamp;
+         Copy_Streams
+           (Source => File_Z,
+            Target => Stream (File_Out).all);
+
+         Print_Statistic ("Read compress",
+                          ZLib.Streams.Read_Total_Out (File_Z));
+
+         ZLib.Streams.Close (File_Z);
+
+         Close (File_Out);
+         Close (File_Back);
+
+         --  Decompress to decompression stream.
+
+         Open   (File_In,   In_File, Z_File_Name);
+         Create (File_Back, Out_File, Out_File_Name);
+
+         ZLib.Streams.Create
+           (Stream          => File_Z,
+            Mode            => ZLib.Streams.Out_Stream,
+            Back            => ZLib.Streams.Stream_Access
+                                 (Stream (File_Back)),
+            Back_Compressed => False,
+            Header          => Header);
+
+         Stamp;
+
+         Copy_Streams
+           (Source => Stream (File_In).all,
+            Target => File_Z);
+
+         Print_Statistic ("Write decompress",
+                          ZLib.Streams.Write_Total_Out (File_Z));
+
+         ZLib.Streams.Close (File_Z);
+         Close (File_In);
+         Close (File_Back);
+
+         Compare_Files (In_File_Name, Out_File_Name);
+      end loop;
+
+      Ada.Text_IO.Put_Line (Count'Image (File_Size) & " Ok.");
+
+      exit when not Continuous;
+
+      File_Size := File_Size + 1;
+   end loop;
+end Test;
diff --git a/zlib-1.3.1/contrib/ada/zlib-streams.adb b/zlib-1.3.1/contrib/ada/zlib-streams.adb
new file mode 100644
index 00000000..b6497bae
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib-streams.adb
@@ -0,0 +1,225 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: zlib-streams.adb,v 1.10 2004/05/31 10:53:40 vagul Exp $
+
+with Ada.Unchecked_Deallocation;
+
+package body ZLib.Streams is
+
+   -----------
+   -- Close --
+   -----------
+
+   procedure Close (Stream : in out Stream_Type) is
+      procedure Free is new Ada.Unchecked_Deallocation
+         (Stream_Element_Array, Buffer_Access);
+   begin
+      if Stream.Mode = Out_Stream or Stream.Mode = Duplex then
+         --  We should flush the data written by the writer.
+
+         Flush (Stream, Finish);
+
+         Close (Stream.Writer);
+      end if;
+
+      if Stream.Mode = In_Stream or Stream.Mode = Duplex then
+         Close (Stream.Reader);
+         Free (Stream.Buffer);
+      end if;
+   end Close;
+
+   ------------
+   -- Create --
+   ------------
+
+   procedure Create
+     (Stream            :    out Stream_Type;
+      Mode              : in     Stream_Mode;
+      Back              : in     Stream_Access;
+      Back_Compressed   : in     Boolean;
+      Level             : in     Compression_Level := Default_Compression;
+      Strategy          : in     Strategy_Type     := Default_Strategy;
+      Header            : in     Header_Type       := Default;
+      Read_Buffer_Size  : in     Ada.Streams.Stream_Element_Offset
+                                    := Default_Buffer_Size;
+      Write_Buffer_Size : in     Ada.Streams.Stream_Element_Offset
+                                    := Default_Buffer_Size)
+   is
+
+      subtype Buffer_Subtype is Stream_Element_Array (1 .. Read_Buffer_Size);
+
+      procedure Init_Filter
+         (Filter   : in out Filter_Type;
+          Compress : in     Boolean);
+
+      -----------------
+      -- Init_Filter --
+      -----------------
+
+      procedure Init_Filter
+         (Filter   : in out Filter_Type;
+          Compress : in     Boolean) is
+      begin
+         if Compress then
+            Deflate_Init
+              (Filter, Level, Strategy, Header => Header);
+         else
+            Inflate_Init (Filter, Header => Header);
+         end if;
+      end Init_Filter;
+
+   begin
+      Stream.Back := Back;
+      Stream.Mode := Mode;
+
+      if Mode = Out_Stream or Mode = Duplex then
+         Init_Filter (Stream.Writer, Back_Compressed);
+         Stream.Buffer_Size := Write_Buffer_Size;
+      else
+         Stream.Buffer_Size := 0;
+      end if;
+
+      if Mode = In_Stream or Mode = Duplex then
+         Init_Filter (Stream.Reader, not Back_Compressed);
+
+         Stream.Buffer     := new Buffer_Subtype;
+         Stream.Rest_First := Stream.Buffer'Last + 1;
+         Stream.Rest_Last  := Stream.Buffer'Last;
+      end if;
+   end Create;
+
+   -----------
+   -- Flush --
+   -----------
+
+   procedure Flush
+     (Stream : in out Stream_Type;
+      Mode   : in     Flush_Mode := Sync_Flush)
+   is
+      Buffer : Stream_Element_Array (1 .. Stream.Buffer_Size);
+      Last   : Stream_Element_Offset;
+   begin
+      loop
+         Flush (Stream.Writer, Buffer, Last, Mode);
+
+         Ada.Streams.Write (Stream.Back.all, Buffer (1 .. Last));
+
+         exit when Last < Buffer'Last;
+      end loop;
+   end Flush;
+
+   -------------
+   -- Is_Open --
+   -------------
+
+   function Is_Open (Stream : Stream_Type) return Boolean is
+   begin
+      return Is_Open (Stream.Reader) or else Is_Open (Stream.Writer);
+   end Is_Open;
+
+   ----------
+   -- Read --
+   ----------
+
+   procedure Read
+     (Stream : in out Stream_Type;
+      Item   :    out Stream_Element_Array;
+      Last   :    out Stream_Element_Offset)
+   is
+
+      procedure Read
+        (Item : out Stream_Element_Array;
+         Last : out Stream_Element_Offset);
+
+      ----------
+      -- Read --
+      ----------
+
+      procedure Read
+        (Item : out Stream_Element_Array;
+         Last : out Stream_Element_Offset) is
+      begin
+         Ada.Streams.Read (Stream.Back.all, Item, Last);
+      end Read;
+
+      procedure Read is new ZLib.Read
+         (Read       => Read,
+          Buffer     => Stream.Buffer.all,
+          Rest_First => Stream.Rest_First,
+          Rest_Last  => Stream.Rest_Last);
+
+   begin
+      Read (Stream.Reader, Item, Last);
+   end Read;
+
+   -------------------
+   -- Read_Total_In --
+   -------------------
+
+   function Read_Total_In (Stream : in Stream_Type) return Count is
+   begin
+      return Total_In (Stream.Reader);
+   end Read_Total_In;
+
+   --------------------
+   -- Read_Total_Out --
+   --------------------
+
+   function Read_Total_Out (Stream : in Stream_Type) return Count is
+   begin
+      return Total_Out (Stream.Reader);
+   end Read_Total_Out;
+
+   -----------
+   -- Write --
+   -----------
+
+   procedure Write
+     (Stream : in out Stream_Type;
+      Item   : in     Stream_Element_Array)
+   is
+
+      procedure Write (Item : in Stream_Element_Array);
+
+      -----------
+      -- Write --
+      -----------
+
+      procedure Write (Item : in Stream_Element_Array) is
+      begin
+         Ada.Streams.Write (Stream.Back.all, Item);
+      end Write;
+
+      procedure Write is new ZLib.Write
+         (Write       => Write,
+          Buffer_Size => Stream.Buffer_Size);
+
+   begin
+      Write (Stream.Writer, Item, No_Flush);
+   end Write;
+
+   --------------------
+   -- Write_Total_In --
+   --------------------
+
+   function Write_Total_In (Stream : in Stream_Type) return Count is
+   begin
+      return Total_In (Stream.Writer);
+   end Write_Total_In;
+
+   ---------------------
+   -- Write_Total_Out --
+   ---------------------
+
+   function Write_Total_Out (Stream : in Stream_Type) return Count is
+   begin
+      return Total_Out (Stream.Writer);
+   end Write_Total_Out;
+
+end ZLib.Streams;
diff --git a/zlib-1.3.1/contrib/ada/zlib-streams.ads b/zlib-1.3.1/contrib/ada/zlib-streams.ads
new file mode 100644
index 00000000..af136933
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib-streams.ads
@@ -0,0 +1,114 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: zlib-streams.ads,v 1.12 2004/05/31 10:53:40 vagul Exp $
+
+package ZLib.Streams is
+
+   type Stream_Mode is (In_Stream, Out_Stream, Duplex);
+
+   type Stream_Access is access all Ada.Streams.Root_Stream_Type'Class;
+
+   type Stream_Type is
+      new Ada.Streams.Root_Stream_Type with private;
+
+   procedure Read
+     (Stream : in out Stream_Type;
+      Item   :    out Ada.Streams.Stream_Element_Array;
+      Last   :    out Ada.Streams.Stream_Element_Offset);
+
+   procedure Write
+     (Stream : in out Stream_Type;
+      Item   : in     Ada.Streams.Stream_Element_Array);
+
+   procedure Flush
+     (Stream : in out Stream_Type;
+      Mode   : in     Flush_Mode := Sync_Flush);
+   --  Flush the written data to the back stream,
+   --  all data placed to the compressor is flushing to the Back stream.
+   --  Should not be used until necessary, because it is decreasing
+   --  compression.
+
+   function Read_Total_In (Stream : in Stream_Type) return Count;
+   pragma Inline (Read_Total_In);
+   --  Return total number of bytes read from back stream so far.
+
+   function Read_Total_Out (Stream : in Stream_Type) return Count;
+   pragma Inline (Read_Total_Out);
+   --  Return total number of bytes read so far.
+
+   function Write_Total_In (Stream : in Stream_Type) return Count;
+   pragma Inline (Write_Total_In);
+   --  Return total number of bytes written so far.
+
+   function Write_Total_Out (Stream : in Stream_Type) return Count;
+   pragma Inline (Write_Total_Out);
+   --  Return total number of bytes written to the back stream.
+
+   procedure Create
+     (Stream            :    out Stream_Type;
+      Mode              : in     Stream_Mode;
+      Back              : in     Stream_Access;
+      Back_Compressed   : in     Boolean;
+      Level             : in     Compression_Level := Default_Compression;
+      Strategy          : in     Strategy_Type     := Default_Strategy;
+      Header            : in     Header_Type       := Default;
+      Read_Buffer_Size  : in     Ada.Streams.Stream_Element_Offset
+                                    := Default_Buffer_Size;
+      Write_Buffer_Size : in     Ada.Streams.Stream_Element_Offset
+                                    := Default_Buffer_Size);
+   --  Create the Compression/Decompression stream.
+   --  If mode is In_Stream then Write operation is disabled.
+   --  If mode is Out_Stream then Read operation is disabled.
+
+   --  If Back_Compressed is true then
+   --  Data written to the Stream is compressing to the Back stream
+   --  and data read from the Stream is decompressed data from the Back stream.
+
+   --  If Back_Compressed is false then
+   --  Data written to the Stream is decompressing to the Back stream
+   --  and data read from the Stream is compressed data from the Back stream.
+
+   --  !!! When the Need_Header is False ZLib-Ada is using undocumented
+   --  ZLib 1.1.4 functionality to do not create/wait for ZLib headers.
+
+   function Is_Open (Stream : Stream_Type) return Boolean;
+
+   procedure Close (Stream : in out Stream_Type);
+
+private
+
+   use Ada.Streams;
+
+   type Buffer_Access is access all Stream_Element_Array;
+
+   type Stream_Type
+     is new Root_Stream_Type with
+   record
+      Mode       : Stream_Mode;
+
+      Buffer     : Buffer_Access;
+      Rest_First : Stream_Element_Offset;
+      Rest_Last  : Stream_Element_Offset;
+      --  Buffer for Read operation.
+      --  We need to have this buffer in the record
+      --  because not all read data from back stream
+      --  could be processed during the read operation.
+
+      Buffer_Size : Stream_Element_Offset;
+      --  Buffer size for write operation.
+      --  We do not need to have this buffer
+      --  in the record because all data could be
+      --  processed in the write operation.
+
+      Back       : Stream_Access;
+      Reader     : Filter_Type;
+      Writer     : Filter_Type;
+   end record;
+
+end ZLib.Streams;
diff --git a/zlib-1.3.1/contrib/ada/zlib-thin.adb b/zlib-1.3.1/contrib/ada/zlib-thin.adb
new file mode 100644
index 00000000..0ca4a712
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib-thin.adb
@@ -0,0 +1,141 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: zlib-thin.adb,v 1.8 2003/12/14 18:27:31 vagul Exp $
+
+package body ZLib.Thin is
+
+   ZLIB_VERSION  : constant Chars_Ptr := zlibVersion;
+
+   Z_Stream_Size : constant Int := Z_Stream'Size / System.Storage_Unit;
+
+   --------------
+   -- Avail_In --
+   --------------
+
+   function Avail_In (Strm : in Z_Stream) return UInt is
+   begin
+      return Strm.Avail_In;
+   end Avail_In;
+
+   ---------------
+   -- Avail_Out --
+   ---------------
+
+   function Avail_Out (Strm : in Z_Stream) return UInt is
+   begin
+      return Strm.Avail_Out;
+   end Avail_Out;
+
+   ------------------
+   -- Deflate_Init --
+   ------------------
+
+   function Deflate_Init
+     (strm       : Z_Streamp;
+      level      : Int;
+      method     : Int;
+      windowBits : Int;
+      memLevel   : Int;
+      strategy   : Int)
+      return       Int is
+   begin
+      return deflateInit2
+               (strm,
+                level,
+                method,
+                windowBits,
+                memLevel,
+                strategy,
+                ZLIB_VERSION,
+                Z_Stream_Size);
+   end Deflate_Init;
+
+   ------------------
+   -- Inflate_Init --
+   ------------------
+
+   function Inflate_Init (strm : Z_Streamp; windowBits : Int) return Int is
+   begin
+      return inflateInit2 (strm, windowBits, ZLIB_VERSION, Z_Stream_Size);
+   end Inflate_Init;
+
+   ------------------------
+   -- Last_Error_Message --
+   ------------------------
+
+   function Last_Error_Message (Strm : in Z_Stream) return String is
+      use Interfaces.C.Strings;
+   begin
+      if Strm.msg = Null_Ptr then
+         return "";
+      else
+         return Value (Strm.msg);
+      end if;
+   end Last_Error_Message;
+
+   ------------
+   -- Set_In --
+   ------------
+
+   procedure Set_In
+     (Strm   : in out Z_Stream;
+      Buffer : in     Voidp;
+      Size   : in     UInt) is
+   begin
+      Strm.Next_In  := Buffer;
+      Strm.Avail_In := Size;
+   end Set_In;
+
+   ------------------
+   -- Set_Mem_Func --
+   ------------------
+
+   procedure Set_Mem_Func
+     (Strm   : in out Z_Stream;
+      Opaque : in     Voidp;
+      Alloc  : in     alloc_func;
+      Free   : in     free_func) is
+   begin
+      Strm.opaque := Opaque;
+      Strm.zalloc := Alloc;
+      Strm.zfree  := Free;
+   end Set_Mem_Func;
+
+   -------------
+   -- Set_Out --
+   -------------
+
+   procedure Set_Out
+     (Strm   : in out Z_Stream;
+      Buffer : in     Voidp;
+      Size   : in     UInt) is
+   begin
+      Strm.Next_Out  := Buffer;
+      Strm.Avail_Out := Size;
+   end Set_Out;
+
+   --------------
+   -- Total_In --
+   --------------
+
+   function Total_In (Strm : in Z_Stream) return ULong is
+   begin
+      return Strm.Total_In;
+   end Total_In;
+
+   ---------------
+   -- Total_Out --
+   ---------------
+
+   function Total_Out (Strm : in Z_Stream) return ULong is
+   begin
+      return Strm.Total_Out;
+   end Total_Out;
+
+end ZLib.Thin;
diff --git a/zlib-1.3.1/contrib/ada/zlib-thin.ads b/zlib-1.3.1/contrib/ada/zlib-thin.ads
new file mode 100644
index 00000000..810173cf
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib-thin.ads
@@ -0,0 +1,450 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2003 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: zlib-thin.ads,v 1.11 2004/07/23 06:33:11 vagul Exp $
+
+with Interfaces.C.Strings;
+
+with System;
+
+private package ZLib.Thin is
+
+   --  From zconf.h
+
+   MAX_MEM_LEVEL : constant := 9;         --  zconf.h:105
+                                          --  zconf.h:105
+   MAX_WBITS : constant := 15;      --  zconf.h:115
+                                    --  32K LZ77 window
+                                    --  zconf.h:115
+   SEEK_SET : constant := 8#0000#;  --  zconf.h:244
+                                    --  Seek from beginning of file.
+                                    --  zconf.h:244
+   SEEK_CUR : constant := 1;        --  zconf.h:245
+                                    --  Seek from current position.
+                                    --  zconf.h:245
+   SEEK_END : constant := 2;        --  zconf.h:246
+                                    --  Set file pointer to EOF plus "offset"
+                                    --  zconf.h:246
+
+   type Byte is new Interfaces.C.unsigned_char; --  8 bits
+                                                --  zconf.h:214
+   type UInt is new Interfaces.C.unsigned;      --  16 bits or more
+                                                --  zconf.h:216
+   type Int is new Interfaces.C.int;
+
+   type ULong is new Interfaces.C.unsigned_long;     --  32 bits or more
+                                                     --  zconf.h:217
+   subtype Chars_Ptr is Interfaces.C.Strings.chars_ptr;
+
+   type ULong_Access is access ULong;
+   type Int_Access is access Int;
+
+   subtype Voidp is System.Address;            --  zconf.h:232
+
+   subtype Byte_Access is Voidp;
+
+   Nul : constant Voidp := System.Null_Address;
+   --  end from zconf
+
+   Z_NO_FLUSH : constant := 8#0000#;   --  zlib.h:125
+                                       --  zlib.h:125
+   Z_PARTIAL_FLUSH : constant := 1;       --  zlib.h:126
+                                          --  will be removed, use
+                                          --  Z_SYNC_FLUSH instead
+                                          --  zlib.h:126
+   Z_SYNC_FLUSH : constant := 2;       --  zlib.h:127
+                                       --  zlib.h:127
+   Z_FULL_FLUSH : constant := 3;       --  zlib.h:128
+                                       --  zlib.h:128
+   Z_FINISH : constant := 4;        --  zlib.h:129
+                                    --  zlib.h:129
+   Z_OK : constant := 8#0000#;   --  zlib.h:132
+                                 --  zlib.h:132
+   Z_STREAM_END : constant := 1;       --  zlib.h:133
+                                       --  zlib.h:133
+   Z_NEED_DICT : constant := 2;        --  zlib.h:134
+                                       --  zlib.h:134
+   Z_ERRNO : constant := -1;        --  zlib.h:135
+                                    --  zlib.h:135
+   Z_STREAM_ERROR : constant := -2;       --  zlib.h:136
+                                          --  zlib.h:136
+   Z_DATA_ERROR : constant := -3;      --  zlib.h:137
+                                       --  zlib.h:137
+   Z_MEM_ERROR : constant := -4;       --  zlib.h:138
+                                       --  zlib.h:138
+   Z_BUF_ERROR : constant := -5;       --  zlib.h:139
+                                       --  zlib.h:139
+   Z_VERSION_ERROR : constant := -6;      --  zlib.h:140
+                                          --  zlib.h:140
+   Z_NO_COMPRESSION : constant := 8#0000#;   --  zlib.h:145
+                                             --  zlib.h:145
+   Z_BEST_SPEED : constant := 1;       --  zlib.h:146
+                                       --  zlib.h:146
+   Z_BEST_COMPRESSION : constant := 9;       --  zlib.h:147
+                                             --  zlib.h:147
+   Z_DEFAULT_COMPRESSION : constant := -1;      --  zlib.h:148
+                                                --  zlib.h:148
+   Z_FILTERED : constant := 1;      --  zlib.h:151
+                                    --  zlib.h:151
+   Z_HUFFMAN_ONLY : constant := 2;        --  zlib.h:152
+                                          --  zlib.h:152
+   Z_DEFAULT_STRATEGY : constant := 8#0000#; --  zlib.h:153
+                                             --  zlib.h:153
+   Z_BINARY : constant := 8#0000#;  --  zlib.h:156
+                                    --  zlib.h:156
+   Z_ASCII : constant := 1;      --  zlib.h:157
+                                 --  zlib.h:157
+   Z_UNKNOWN : constant := 2;       --  zlib.h:158
+                                    --  zlib.h:158
+   Z_DEFLATED : constant := 8;      --  zlib.h:161
+                                    --  zlib.h:161
+   Z_NULL : constant := 8#0000#; --  zlib.h:164
+                                 --  for initializing zalloc, zfree, opaque
+                                 --  zlib.h:164
+   type gzFile is new Voidp;                  --  zlib.h:646
+
+   type Z_Stream is private;
+
+   type Z_Streamp is access all Z_Stream;     --  zlib.h:89
+
+   type alloc_func is access function
+     (Opaque : Voidp;
+      Items  : UInt;
+      Size   : UInt)
+      return Voidp; --  zlib.h:63
+
+   type free_func is access procedure (opaque : Voidp; address : Voidp);
+
+   function zlibVersion return Chars_Ptr;
+
+   function Deflate (strm : Z_Streamp; flush : Int) return Int;
+
+   function DeflateEnd (strm : Z_Streamp) return Int;
+
+   function Inflate (strm : Z_Streamp; flush : Int) return Int;
+
+   function InflateEnd (strm : Z_Streamp) return Int;
+
+   function deflateSetDictionary
+     (strm       : Z_Streamp;
+      dictionary : Byte_Access;
+      dictLength : UInt)
+      return       Int;
+
+   function deflateCopy (dest : Z_Streamp; source : Z_Streamp) return Int;
+   --  zlib.h:478
+
+   function deflateReset (strm : Z_Streamp) return Int; -- zlib.h:495
+
+   function deflateParams
+     (strm     : Z_Streamp;
+      level    : Int;
+      strategy : Int)
+      return     Int;       -- zlib.h:506
+
+   function inflateSetDictionary
+     (strm       : Z_Streamp;
+      dictionary : Byte_Access;
+      dictLength : UInt)
+      return       Int; --  zlib.h:548
+
+   function inflateSync (strm : Z_Streamp) return Int;  --  zlib.h:565
+
+   function inflateReset (strm : Z_Streamp) return Int; --  zlib.h:580
+
+   function compress
+     (dest      : Byte_Access;
+      destLen   : ULong_Access;
+      source    : Byte_Access;
+      sourceLen : ULong)
+      return      Int;           -- zlib.h:601
+
+   function compress2
+     (dest      : Byte_Access;
+      destLen   : ULong_Access;
+      source    : Byte_Access;
+      sourceLen : ULong;
+      level     : Int)
+      return      Int;          -- zlib.h:615
+
+   function uncompress
+     (dest      : Byte_Access;
+      destLen   : ULong_Access;
+      source    : Byte_Access;
+      sourceLen : ULong)
+      return      Int;
+
+   function gzopen (path : Chars_Ptr; mode : Chars_Ptr) return gzFile;
+
+   function gzdopen (fd : Int; mode : Chars_Ptr) return gzFile;
+
+   function gzsetparams
+     (file     : gzFile;
+      level    : Int;
+      strategy : Int)
+      return     Int;
+
+   function gzread
+     (file : gzFile;
+      buf  : Voidp;
+      len  : UInt)
+      return Int;
+
+   function gzwrite
+     (file : in gzFile;
+      buf  : in Voidp;
+      len  : in UInt)
+      return Int;
+
+   function gzprintf (file : in gzFile; format : in Chars_Ptr) return Int;
+
+   function gzputs (file : in gzFile; s : in Chars_Ptr) return Int;
+
+   function gzgets
+     (file : gzFile;
+      buf  : Chars_Ptr;
+      len  : Int)
+      return Chars_Ptr;
+
+   function gzputc (file : gzFile; char : Int) return Int;
+
+   function gzgetc (file : gzFile) return Int;
+
+   function gzflush (file : gzFile; flush : Int) return Int;
+
+   function gzseek
+     (file   : gzFile;
+      offset : Int;
+      whence : Int)
+      return   Int;
+
+   function gzrewind (file : gzFile) return Int;
+
+   function gztell (file : gzFile) return Int;
+
+   function gzeof (file : gzFile) return Int;
+
+   function gzclose (file : gzFile) return Int;
+
+   function gzerror (file : gzFile; errnum : Int_Access) return Chars_Ptr;
+
+   function adler32
+     (adler : ULong;
+      buf   : Byte_Access;
+      len   : UInt)
+      return  ULong;
+
+   function crc32
+     (crc  : ULong;
+      buf  : Byte_Access;
+      len  : UInt)
+      return ULong;
+
+   function deflateInit
+     (strm        : Z_Streamp;
+      level       : Int;
+      version     : Chars_Ptr;
+      stream_size : Int)
+      return        Int;
+
+   function deflateInit2
+     (strm        : Z_Streamp;
+      level       : Int;
+      method      : Int;
+      windowBits  : Int;
+      memLevel    : Int;
+      strategy    : Int;
+      version     : Chars_Ptr;
+      stream_size : Int)
+      return        Int;
+
+   function Deflate_Init
+     (strm       : Z_Streamp;
+      level      : Int;
+      method     : Int;
+      windowBits : Int;
+      memLevel   : Int;
+      strategy   : Int)
+      return       Int;
+   pragma Inline (Deflate_Init);
+
+   function inflateInit
+     (strm        : Z_Streamp;
+      version     : Chars_Ptr;
+      stream_size : Int)
+      return        Int;
+
+   function inflateInit2
+     (strm        : in Z_Streamp;
+      windowBits  : in Int;
+      version     : in Chars_Ptr;
+      stream_size : in Int)
+      return      Int;
+
+   function inflateBackInit
+     (strm        : in Z_Streamp;
+      windowBits  : in Int;
+      window      : in Byte_Access;
+      version     : in Chars_Ptr;
+      stream_size : in Int)
+      return      Int;
+   --  Size of window have to be 2**windowBits.
+
+   function Inflate_Init (strm : Z_Streamp; windowBits : Int) return Int;
+   pragma Inline (Inflate_Init);
+
+   function zError (err : Int) return Chars_Ptr;
+
+   function inflateSyncPoint (z : Z_Streamp) return Int;
+
+   function get_crc_table return ULong_Access;
+
+   --  Interface to the available fields of the z_stream structure.
+   --  The application must update next_in and avail_in when avail_in has
+   --  dropped to zero. It must update next_out and avail_out when avail_out
+   --  has dropped to zero. The application must initialize zalloc, zfree and
+   --  opaque before calling the init function.
+
+   procedure Set_In
+     (Strm   : in out Z_Stream;
+      Buffer : in Voidp;
+      Size   : in UInt);
+   pragma Inline (Set_In);
+
+   procedure Set_Out
+     (Strm   : in out Z_Stream;
+      Buffer : in Voidp;
+      Size   : in UInt);
+   pragma Inline (Set_Out);
+
+   procedure Set_Mem_Func
+     (Strm   : in out Z_Stream;
+      Opaque : in Voidp;
+      Alloc  : in alloc_func;
+      Free   : in free_func);
+   pragma Inline (Set_Mem_Func);
+
+   function Last_Error_Message (Strm : in Z_Stream) return String;
+   pragma Inline (Last_Error_Message);
+
+   function Avail_Out (Strm : in Z_Stream) return UInt;
+   pragma Inline (Avail_Out);
+
+   function Avail_In (Strm : in Z_Stream) return UInt;
+   pragma Inline (Avail_In);
+
+   function Total_In (Strm : in Z_Stream) return ULong;
+   pragma Inline (Total_In);
+
+   function Total_Out (Strm : in Z_Stream) return ULong;
+   pragma Inline (Total_Out);
+
+   function inflateCopy
+     (dest   : in Z_Streamp;
+      Source : in Z_Streamp)
+      return Int;
+
+   function compressBound (Source_Len : in ULong) return ULong;
+
+   function deflateBound
+     (Strm       : in Z_Streamp;
+      Source_Len : in ULong)
+      return     ULong;
+
+   function gzungetc (C : in Int; File : in  gzFile) return Int;
+
+   function zlibCompileFlags return ULong;
+
+private
+
+   type Z_Stream is record            -- zlib.h:68
+      Next_In   : Voidp      := Nul;  -- next input byte
+      Avail_In  : UInt       := 0;    -- number of bytes available at next_in
+      Total_In  : ULong      := 0;    -- total nb of input bytes read so far
+      Next_Out  : Voidp      := Nul;  -- next output byte should be put there
+      Avail_Out : UInt       := 0;    -- remaining free space at next_out
+      Total_Out : ULong      := 0;    -- total nb of bytes output so far
+      msg       : Chars_Ptr;          -- last error message, NULL if no error
+      state     : Voidp;              -- not visible by applications
+      zalloc    : alloc_func := null; -- used to allocate the internal state
+      zfree     : free_func  := null; -- used to free the internal state
+      opaque    : Voidp;              -- private data object passed to
+                                      --  zalloc and zfree
+      data_type : Int;                -- best guess about the data type:
+                                      --  ascii or binary
+      adler     : ULong;              -- adler32 value of the uncompressed
+                                      --  data
+      reserved  : ULong;              -- reserved for future use
+   end record;
+
+   pragma Convention (C, Z_Stream);
+
+   pragma Import (C, zlibVersion, "zlibVersion");
+   pragma Import (C, Deflate, "deflate");
+   pragma Import (C, DeflateEnd, "deflateEnd");
+   pragma Import (C, Inflate, "inflate");
+   pragma Import (C, InflateEnd, "inflateEnd");
+   pragma Import (C, deflateSetDictionary, "deflateSetDictionary");
+   pragma Import (C, deflateCopy, "deflateCopy");
+   pragma Import (C, deflateReset, "deflateReset");
+   pragma Import (C, deflateParams, "deflateParams");
+   pragma Import (C, inflateSetDictionary, "inflateSetDictionary");
+   pragma Import (C, inflateSync, "inflateSync");
+   pragma Import (C, inflateReset, "inflateReset");
+   pragma Import (C, compress, "compress");
+   pragma Import (C, compress2, "compress2");
+   pragma Import (C, uncompress, "uncompress");
+   pragma Import (C, gzopen, "gzopen");
+   pragma Import (C, gzdopen, "gzdopen");
+   pragma Import (C, gzsetparams, "gzsetparams");
+   pragma Import (C, gzread, "gzread");
+   pragma Import (C, gzwrite, "gzwrite");
+   pragma Import (C, gzprintf, "gzprintf");
+   pragma Import (C, gzputs, "gzputs");
+   pragma Import (C, gzgets, "gzgets");
+   pragma Import (C, gzputc, "gzputc");
+   pragma Import (C, gzgetc, "gzgetc");
+   pragma Import (C, gzflush, "gzflush");
+   pragma Import (C, gzseek, "gzseek");
+   pragma Import (C, gzrewind, "gzrewind");
+   pragma Import (C, gztell, "gztell");
+   pragma Import (C, gzeof, "gzeof");
+   pragma Import (C, gzclose, "gzclose");
+   pragma Import (C, gzerror, "gzerror");
+   pragma Import (C, adler32, "adler32");
+   pragma Import (C, crc32, "crc32");
+   pragma Import (C, deflateInit, "deflateInit_");
+   pragma Import (C, inflateInit, "inflateInit_");
+   pragma Import (C, deflateInit2, "deflateInit2_");
+   pragma Import (C, inflateInit2, "inflateInit2_");
+   pragma Import (C, zError, "zError");
+   pragma Import (C, inflateSyncPoint, "inflateSyncPoint");
+   pragma Import (C, get_crc_table, "get_crc_table");
+
+   --  since zlib 1.2.0:
+
+   pragma Import (C, inflateCopy, "inflateCopy");
+   pragma Import (C, compressBound, "compressBound");
+   pragma Import (C, deflateBound, "deflateBound");
+   pragma Import (C, gzungetc, "gzungetc");
+   pragma Import (C, zlibCompileFlags, "zlibCompileFlags");
+
+   pragma Import (C, inflateBackInit, "inflateBackInit_");
+
+   --  I stopped binding the inflateBack routines, because realize that
+   --  it does not support zlib and gzip headers for now, and have no
+   --  symmetric deflateBack routines.
+   --  ZLib-Ada is symmetric regarding deflate/inflate data transformation
+   --  and has a similar generic callback interface for the
+   --  deflate/inflate transformation based on the regular Deflate/Inflate
+   --  routines.
+
+   --  pragma Import (C, inflateBack, "inflateBack");
+   --  pragma Import (C, inflateBackEnd, "inflateBackEnd");
+
+end ZLib.Thin;
diff --git a/zlib-1.3.1/contrib/ada/zlib.adb b/zlib-1.3.1/contrib/ada/zlib.adb
new file mode 100644
index 00000000..c1abe791
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib.adb
@@ -0,0 +1,701 @@
+----------------------------------------------------------------
+--  ZLib for Ada thick binding.                               --
+--                                                            --
+--  Copyright (C) 2002-2004 Dmitriy Anisimkov                 --
+--                                                            --
+--  Open source license information is in the zlib.ads file.  --
+----------------------------------------------------------------
+
+--  $Id: zlib.adb,v 1.31 2004/09/06 06:53:19 vagul Exp $
+
+with Ada.Exceptions;
+with Ada.Unchecked_Conversion;
+with Ada.Unchecked_Deallocation;
+
+with Interfaces.C.Strings;
+
+with ZLib.Thin;
+
+package body ZLib is
+
+   use type Thin.Int;
+
+   type Z_Stream is new Thin.Z_Stream;
+
+   type Return_Code_Enum is
+      (OK,
+       STREAM_END,
+       NEED_DICT,
+       ERRNO,
+       STREAM_ERROR,
+       DATA_ERROR,
+       MEM_ERROR,
+       BUF_ERROR,
+       VERSION_ERROR);
+
+   type Flate_Step_Function is access
+     function (Strm : in Thin.Z_Streamp; Flush : in Thin.Int) return Thin.Int;
+   pragma Convention (C, Flate_Step_Function);
+
+   type Flate_End_Function is access
+      function (Ctrm : in Thin.Z_Streamp) return Thin.Int;
+   pragma Convention (C, Flate_End_Function);
+
+   type Flate_Type is record
+      Step : Flate_Step_Function;
+      Done : Flate_End_Function;
+   end record;
+
+   subtype Footer_Array is Stream_Element_Array (1 .. 8);
+
+   Simple_GZip_Header : constant Stream_Element_Array (1 .. 10)
+     := (16#1f#, 16#8b#,                 --  Magic header
+         16#08#,                         --  Z_DEFLATED
+         16#00#,                         --  Flags
+         16#00#, 16#00#, 16#00#, 16#00#, --  Time
+         16#00#,                         --  XFlags
+         16#03#                          --  OS code
+        );
+   --  The simplest gzip header is not for informational, but just for
+   --  gzip format compatibility.
+   --  Note that some code below is using assumption
+   --  Simple_GZip_Header'Last > Footer_Array'Last, so do not make
+   --  Simple_GZip_Header'Last <= Footer_Array'Last.
+
+   Return_Code : constant array (Thin.Int range <>) of Return_Code_Enum
+     := (0 => OK,
+         1 => STREAM_END,
+         2 => NEED_DICT,
+        -1 => ERRNO,
+        -2 => STREAM_ERROR,
+        -3 => DATA_ERROR,
+        -4 => MEM_ERROR,
+        -5 => BUF_ERROR,
+        -6 => VERSION_ERROR);
+
+   Flate : constant array (Boolean) of Flate_Type
+     := (True  => (Step => Thin.Deflate'Access,
+                   Done => Thin.DeflateEnd'Access),
+         False => (Step => Thin.Inflate'Access,
+                   Done => Thin.InflateEnd'Access));
+
+   Flush_Finish : constant array (Boolean) of Flush_Mode
+     := (True => Finish, False => No_Flush);
+
+   procedure Raise_Error (Stream : in Z_Stream);
+   pragma Inline (Raise_Error);
+
+   procedure Raise_Error (Message : in String);
+   pragma Inline (Raise_Error);
+
+   procedure Check_Error (Stream : in Z_Stream; Code : in Thin.Int);
+
+   procedure Free is new Ada.Unchecked_Deallocation
+      (Z_Stream, Z_Stream_Access);
+
+   function To_Thin_Access is new Ada.Unchecked_Conversion
+     (Z_Stream_Access, Thin.Z_Streamp);
+
+   procedure Translate_GZip
+     (Filter    : in out Filter_Type;
+      In_Data   : in     Ada.Streams.Stream_Element_Array;
+      In_Last   :    out Ada.Streams.Stream_Element_Offset;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode);
+   --  Separate translate routine for make gzip header.
+
+   procedure Translate_Auto
+     (Filter    : in out Filter_Type;
+      In_Data   : in     Ada.Streams.Stream_Element_Array;
+      In_Last   :    out Ada.Streams.Stream_Element_Offset;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode);
+   --  translate routine without additional headers.
+
+   -----------------
+   -- Check_Error --
+   -----------------
+
+   procedure Check_Error (Stream : in Z_Stream; Code : in Thin.Int) is
+      use type Thin.Int;
+   begin
+      if Code /= Thin.Z_OK then
+         Raise_Error
+            (Return_Code_Enum'Image (Return_Code (Code))
+              & ": " & Last_Error_Message (Stream));
+      end if;
+   end Check_Error;
+
+   -----------
+   -- Close --
+   -----------
+
+   procedure Close
+     (Filter       : in out Filter_Type;
+      Ignore_Error : in     Boolean := False)
+   is
+      Code : Thin.Int;
+   begin
+      if not Ignore_Error and then not Is_Open (Filter) then
+         raise Status_Error;
+      end if;
+
+      Code := Flate (Filter.Compression).Done (To_Thin_Access (Filter.Strm));
+
+      if Ignore_Error or else Code = Thin.Z_OK then
+         Free (Filter.Strm);
+      else
+         declare
+            Error_Message : constant String
+              := Last_Error_Message (Filter.Strm.all);
+         begin
+            Free (Filter.Strm);
+            Ada.Exceptions.Raise_Exception
+               (ZLib_Error'Identity,
+                Return_Code_Enum'Image (Return_Code (Code))
+                  & ": " & Error_Message);
+         end;
+      end if;
+   end Close;
+
+   -----------
+   -- CRC32 --
+   -----------
+
+   function CRC32
+     (CRC  : in Unsigned_32;
+      Data : in Ada.Streams.Stream_Element_Array)
+      return Unsigned_32
+   is
+      use Thin;
+   begin
+      return Unsigned_32 (crc32 (ULong (CRC),
+                                 Data'Address,
+                                 Data'Length));
+   end CRC32;
+
+   procedure CRC32
+     (CRC  : in out Unsigned_32;
+      Data : in     Ada.Streams.Stream_Element_Array) is
+   begin
+      CRC := CRC32 (CRC, Data);
+   end CRC32;
+
+   ------------------
+   -- Deflate_Init --
+   ------------------
+
+   procedure Deflate_Init
+     (Filter       : in out Filter_Type;
+      Level        : in     Compression_Level  := Default_Compression;
+      Strategy     : in     Strategy_Type      := Default_Strategy;
+      Method       : in     Compression_Method := Deflated;
+      Window_Bits  : in     Window_Bits_Type   := Default_Window_Bits;
+      Memory_Level : in     Memory_Level_Type  := Default_Memory_Level;
+      Header       : in     Header_Type        := Default)
+   is
+      use type Thin.Int;
+      Win_Bits : Thin.Int := Thin.Int (Window_Bits);
+   begin
+      if Is_Open (Filter) then
+         raise Status_Error;
+      end if;
+
+      --  We allow ZLib to make header only in case of default header type.
+      --  Otherwise we would either do header by ourselves, or do not do
+      --  header at all.
+
+      if Header = None or else Header = GZip then
+         Win_Bits := -Win_Bits;
+      end if;
+
+      --  For the GZip CRC calculation and make headers.
+
+      if Header = GZip then
+         Filter.CRC    := 0;
+         Filter.Offset := Simple_GZip_Header'First;
+      else
+         Filter.Offset := Simple_GZip_Header'Last + 1;
+      end if;
+
+      Filter.Strm        := new Z_Stream;
+      Filter.Compression := True;
+      Filter.Stream_End  := False;
+      Filter.Header      := Header;
+
+      if Thin.Deflate_Init
+           (To_Thin_Access (Filter.Strm),
+            Level      => Thin.Int (Level),
+            method     => Thin.Int (Method),
+            windowBits => Win_Bits,
+            memLevel   => Thin.Int (Memory_Level),
+            strategy   => Thin.Int (Strategy)) /= Thin.Z_OK
+      then
+         Raise_Error (Filter.Strm.all);
+      end if;
+   end Deflate_Init;
+
+   -----------
+   -- Flush --
+   -----------
+
+   procedure Flush
+     (Filter    : in out Filter_Type;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode)
+   is
+      No_Data : Stream_Element_Array := (1 .. 0 => 0);
+      Last    : Stream_Element_Offset;
+   begin
+      Translate (Filter, No_Data, Last, Out_Data, Out_Last, Flush);
+   end Flush;
+
+   -----------------------
+   -- Generic_Translate --
+   -----------------------
+
+   procedure Generic_Translate
+     (Filter          : in out ZLib.Filter_Type;
+      In_Buffer_Size  : in     Integer := Default_Buffer_Size;
+      Out_Buffer_Size : in     Integer := Default_Buffer_Size)
+   is
+      In_Buffer  : Stream_Element_Array
+                     (1 .. Stream_Element_Offset (In_Buffer_Size));
+      Out_Buffer : Stream_Element_Array
+                     (1 .. Stream_Element_Offset (Out_Buffer_Size));
+      Last       : Stream_Element_Offset;
+      In_Last    : Stream_Element_Offset;
+      In_First   : Stream_Element_Offset;
+      Out_Last   : Stream_Element_Offset;
+   begin
+      Main : loop
+         Data_In (In_Buffer, Last);
+
+         In_First := In_Buffer'First;
+
+         loop
+            Translate
+              (Filter   => Filter,
+               In_Data  => In_Buffer (In_First .. Last),
+               In_Last  => In_Last,
+               Out_Data => Out_Buffer,
+               Out_Last => Out_Last,
+               Flush    => Flush_Finish (Last < In_Buffer'First));
+
+            if Out_Buffer'First <= Out_Last then
+               Data_Out (Out_Buffer (Out_Buffer'First .. Out_Last));
+            end if;
+
+            exit Main when Stream_End (Filter);
+
+            --  The end of in buffer.
+
+            exit when In_Last = Last;
+
+            In_First := In_Last + 1;
+         end loop;
+      end loop Main;
+
+   end Generic_Translate;
+
+   ------------------
+   -- Inflate_Init --
+   ------------------
+
+   procedure Inflate_Init
+     (Filter      : in out Filter_Type;
+      Window_Bits : in     Window_Bits_Type := Default_Window_Bits;
+      Header      : in     Header_Type      := Default)
+   is
+      use type Thin.Int;
+      Win_Bits : Thin.Int := Thin.Int (Window_Bits);
+
+      procedure Check_Version;
+      --  Check the latest header types compatibility.
+
+      procedure Check_Version is
+      begin
+         if Version <= "1.1.4" then
+            Raise_Error
+              ("Inflate header type " & Header_Type'Image (Header)
+               & " incompatible with ZLib version " & Version);
+         end if;
+      end Check_Version;
+
+   begin
+      if Is_Open (Filter) then
+         raise Status_Error;
+      end if;
+
+      case Header is
+         when None =>
+            Check_Version;
+
+            --  Inflate data without headers determined
+            --  by negative Win_Bits.
+
+            Win_Bits := -Win_Bits;
+         when GZip =>
+            Check_Version;
+
+            --  Inflate gzip data defined by flag 16.
+
+            Win_Bits := Win_Bits + 16;
+         when Auto =>
+            Check_Version;
+
+            --  Inflate with automatic detection
+            --  of gzip or native header defined by flag 32.
+
+            Win_Bits := Win_Bits + 32;
+         when Default => null;
+      end case;
+
+      Filter.Strm        := new Z_Stream;
+      Filter.Compression := False;
+      Filter.Stream_End  := False;
+      Filter.Header      := Header;
+
+      if Thin.Inflate_Init
+         (To_Thin_Access (Filter.Strm), Win_Bits) /= Thin.Z_OK
+      then
+         Raise_Error (Filter.Strm.all);
+      end if;
+   end Inflate_Init;
+
+   -------------
+   -- Is_Open --
+   -------------
+
+   function Is_Open (Filter : in Filter_Type) return Boolean is
+   begin
+      return Filter.Strm /= null;
+   end Is_Open;
+
+   -----------------
+   -- Raise_Error --
+   -----------------
+
+   procedure Raise_Error (Message : in String) is
+   begin
+      Ada.Exceptions.Raise_Exception (ZLib_Error'Identity, Message);
+   end Raise_Error;
+
+   procedure Raise_Error (Stream : in Z_Stream) is
+   begin
+      Raise_Error (Last_Error_Message (Stream));
+   end Raise_Error;
+
+   ----------
+   -- Read --
+   ----------
+
+   procedure Read
+     (Filter : in out Filter_Type;
+      Item   :    out Ada.Streams.Stream_Element_Array;
+      Last   :    out Ada.Streams.Stream_Element_Offset;
+      Flush  : in     Flush_Mode := No_Flush)
+   is
+      In_Last    : Stream_Element_Offset;
+      Item_First : Ada.Streams.Stream_Element_Offset := Item'First;
+      V_Flush    : Flush_Mode := Flush;
+
+   begin
+      pragma Assert (Rest_First in Buffer'First .. Buffer'Last + 1);
+      pragma Assert (Rest_Last in Buffer'First - 1 .. Buffer'Last);
+
+      loop
+         if Rest_Last = Buffer'First - 1 then
+            V_Flush := Finish;
+
+         elsif Rest_First > Rest_Last then
+            Read (Buffer, Rest_Last);
+            Rest_First := Buffer'First;
+
+            if Rest_Last < Buffer'First then
+               V_Flush := Finish;
+            end if;
+         end if;
+
+         Translate
+           (Filter   => Filter,
+            In_Data  => Buffer (Rest_First .. Rest_Last),
+            In_Last  => In_Last,
+            Out_Data => Item (Item_First .. Item'Last),
+            Out_Last => Last,
+            Flush    => V_Flush);
+
+         Rest_First := In_Last + 1;
+
+         exit when Stream_End (Filter)
+           or else Last = Item'Last
+           or else (Last >= Item'First and then Allow_Read_Some);
+
+         Item_First := Last + 1;
+      end loop;
+   end Read;
+
+   ----------------
+   -- Stream_End --
+   ----------------
+
+   function Stream_End (Filter : in Filter_Type) return Boolean is
+   begin
+      if Filter.Header = GZip and Filter.Compression then
+         return Filter.Stream_End
+            and then Filter.Offset = Footer_Array'Last + 1;
+      else
+         return Filter.Stream_End;
+      end if;
+   end Stream_End;
+
+   --------------
+   -- Total_In --
+   --------------
+
+   function Total_In (Filter : in Filter_Type) return Count is
+   begin
+      return Count (Thin.Total_In (To_Thin_Access (Filter.Strm).all));
+   end Total_In;
+
+   ---------------
+   -- Total_Out --
+   ---------------
+
+   function Total_Out (Filter : in Filter_Type) return Count is
+   begin
+      return Count (Thin.Total_Out (To_Thin_Access (Filter.Strm).all));
+   end Total_Out;
+
+   ---------------
+   -- Translate --
+   ---------------
+
+   procedure Translate
+     (Filter    : in out Filter_Type;
+      In_Data   : in     Ada.Streams.Stream_Element_Array;
+      In_Last   :    out Ada.Streams.Stream_Element_Offset;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode) is
+   begin
+      if Filter.Header = GZip and then Filter.Compression then
+         Translate_GZip
+           (Filter   => Filter,
+            In_Data  => In_Data,
+            In_Last  => In_Last,
+            Out_Data => Out_Data,
+            Out_Last => Out_Last,
+            Flush    => Flush);
+      else
+         Translate_Auto
+           (Filter   => Filter,
+            In_Data  => In_Data,
+            In_Last  => In_Last,
+            Out_Data => Out_Data,
+            Out_Last => Out_Last,
+            Flush    => Flush);
+      end if;
+   end Translate;
+
+   --------------------
+   -- Translate_Auto --
+   --------------------
+
+   procedure Translate_Auto
+     (Filter    : in out Filter_Type;
+      In_Data   : in     Ada.Streams.Stream_Element_Array;
+      In_Last   :    out Ada.Streams.Stream_Element_Offset;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode)
+   is
+      use type Thin.Int;
+      Code : Thin.Int;
+
+   begin
+      if not Is_Open (Filter) then
+         raise Status_Error;
+      end if;
+
+      if Out_Data'Length = 0 and then In_Data'Length = 0 then
+         raise Constraint_Error;
+      end if;
+
+      Set_Out (Filter.Strm.all, Out_Data'Address, Out_Data'Length);
+      Set_In  (Filter.Strm.all, In_Data'Address, In_Data'Length);
+
+      Code := Flate (Filter.Compression).Step
+        (To_Thin_Access (Filter.Strm),
+         Thin.Int (Flush));
+
+      if Code = Thin.Z_STREAM_END then
+         Filter.Stream_End := True;
+      else
+         Check_Error (Filter.Strm.all, Code);
+      end if;
+
+      In_Last  := In_Data'Last
+         - Stream_Element_Offset (Avail_In (Filter.Strm.all));
+      Out_Last := Out_Data'Last
+         - Stream_Element_Offset (Avail_Out (Filter.Strm.all));
+   end Translate_Auto;
+
+   --------------------
+   -- Translate_GZip --
+   --------------------
+
+   procedure Translate_GZip
+     (Filter    : in out Filter_Type;
+      In_Data   : in     Ada.Streams.Stream_Element_Array;
+      In_Last   :    out Ada.Streams.Stream_Element_Offset;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode)
+   is
+      Out_First : Stream_Element_Offset;
+
+      procedure Add_Data (Data : in Stream_Element_Array);
+      --  Add data to stream from the Filter.Offset till necessary,
+      --  used for add gzip headr/footer.
+
+      procedure Put_32
+        (Item : in out Stream_Element_Array;
+         Data : in     Unsigned_32);
+      pragma Inline (Put_32);
+
+      --------------
+      -- Add_Data --
+      --------------
+
+      procedure Add_Data (Data : in Stream_Element_Array) is
+         Data_First : Stream_Element_Offset renames Filter.Offset;
+         Data_Last  : Stream_Element_Offset;
+         Data_Len   : Stream_Element_Offset; --  -1
+         Out_Len    : Stream_Element_Offset; --  -1
+      begin
+         Out_First := Out_Last + 1;
+
+         if Data_First > Data'Last then
+            return;
+         end if;
+
+         Data_Len  := Data'Last     - Data_First;
+         Out_Len   := Out_Data'Last - Out_First;
+
+         if Data_Len <= Out_Len then
+            Out_Last  := Out_First  + Data_Len;
+            Data_Last := Data'Last;
+         else
+            Out_Last  := Out_Data'Last;
+            Data_Last := Data_First + Out_Len;
+         end if;
+
+         Out_Data (Out_First .. Out_Last) := Data (Data_First .. Data_Last);
+
+         Data_First := Data_Last + 1;
+         Out_First  := Out_Last + 1;
+      end Add_Data;
+
+      ------------
+      -- Put_32 --
+      ------------
+
+      procedure Put_32
+        (Item : in out Stream_Element_Array;
+         Data : in     Unsigned_32)
+      is
+         D : Unsigned_32 := Data;
+      begin
+         for J in Item'First .. Item'First + 3 loop
+            Item (J) := Stream_Element (D and 16#FF#);
+            D := Shift_Right (D, 8);
+         end loop;
+      end Put_32;
+
+   begin
+      Out_Last := Out_Data'First - 1;
+
+      if not Filter.Stream_End then
+         Add_Data (Simple_GZip_Header);
+
+         Translate_Auto
+           (Filter   => Filter,
+            In_Data  => In_Data,
+            In_Last  => In_Last,
+            Out_Data => Out_Data (Out_First .. Out_Data'Last),
+            Out_Last => Out_Last,
+            Flush    => Flush);
+
+         CRC32 (Filter.CRC, In_Data (In_Data'First .. In_Last));
+      end if;
+
+      if Filter.Stream_End and then Out_Last <= Out_Data'Last then
+         --  This detection method would work only when
+         --  Simple_GZip_Header'Last > Footer_Array'Last
+
+         if Filter.Offset = Simple_GZip_Header'Last + 1 then
+            Filter.Offset := Footer_Array'First;
+         end if;
+
+         declare
+            Footer : Footer_Array;
+         begin
+            Put_32 (Footer, Filter.CRC);
+            Put_32 (Footer (Footer'First + 4 .. Footer'Last),
+                    Unsigned_32 (Total_In (Filter)));
+            Add_Data (Footer);
+         end;
+      end if;
+   end Translate_GZip;
+
+   -------------
+   -- Version --
+   -------------
+
+   function Version return String is
+   begin
+      return Interfaces.C.Strings.Value (Thin.zlibVersion);
+   end Version;
+
+   -----------
+   -- Write --
+   -----------
+
+   procedure Write
+     (Filter : in out Filter_Type;
+      Item   : in     Ada.Streams.Stream_Element_Array;
+      Flush  : in     Flush_Mode := No_Flush)
+   is
+      Buffer   : Stream_Element_Array (1 .. Buffer_Size);
+      In_Last  : Stream_Element_Offset;
+      Out_Last : Stream_Element_Offset;
+      In_First : Stream_Element_Offset := Item'First;
+   begin
+      if Item'Length = 0 and Flush = No_Flush then
+         return;
+      end if;
+
+      loop
+         Translate
+           (Filter   => Filter,
+            In_Data  => Item (In_First .. Item'Last),
+            In_Last  => In_Last,
+            Out_Data => Buffer,
+            Out_Last => Out_Last,
+            Flush    => Flush);
+
+         if Out_Last >= Buffer'First then
+            Write (Buffer (1 .. Out_Last));
+         end if;
+
+         exit when In_Last = Item'Last or Stream_End (Filter);
+
+         In_First := In_Last + 1;
+      end loop;
+   end Write;
+
+end ZLib;
diff --git a/zlib-1.3.1/contrib/ada/zlib.ads b/zlib-1.3.1/contrib/ada/zlib.ads
new file mode 100644
index 00000000..81aaf1b6
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib.ads
@@ -0,0 +1,328 @@
+------------------------------------------------------------------------------
+--                      ZLib for Ada thick binding.                         --
+--                                                                          --
+--              Copyright (C) 2002-2004 Dmitriy Anisimkov                   --
+--                                                                          --
+--  This library is free software; you can redistribute it and/or modify    --
+--  it under the terms of the GNU General Public License as published by    --
+--  the Free Software Foundation; either version 2 of the License, or (at   --
+--  your option) any later version.                                         --
+--                                                                          --
+--  This library is distributed in the hope that it will be useful, but     --
+--  WITHOUT ANY WARRANTY; without even the implied warranty of              --
+--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU       --
+--  General Public License for more details.                                --
+--                                                                          --
+--  You should have received a copy of the GNU General Public License       --
+--  along with this library; if not, write to the Free Software Foundation, --
+--  Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.          --
+--                                                                          --
+--  As a special exception, if other files instantiate generics from this   --
+--  unit, or you link this unit with other files to produce an executable,  --
+--  this  unit  does not  by itself cause  the resulting executable to be   --
+--  covered by the GNU General Public License. This exception does not      --
+--  however invalidate any other reasons why the executable file  might be  --
+--  covered by the  GNU Public License.                                     --
+------------------------------------------------------------------------------
+
+--  $Id: zlib.ads,v 1.26 2004/09/06 06:53:19 vagul Exp $
+
+with Ada.Streams;
+
+with Interfaces;
+
+package ZLib is
+
+   ZLib_Error   : exception;
+   Status_Error : exception;
+
+   type Compression_Level is new Integer range -1 .. 9;
+
+   type Flush_Mode is private;
+
+   type Compression_Method is private;
+
+   type Window_Bits_Type is new Integer range 8 .. 15;
+
+   type Memory_Level_Type is new Integer range 1 .. 9;
+
+   type Unsigned_32 is new Interfaces.Unsigned_32;
+
+   type Strategy_Type is private;
+
+   type Header_Type is (None, Auto, Default, GZip);
+   --  Header type usage have a some limitation for inflate.
+   --  See comment for Inflate_Init.
+
+   subtype Count is Ada.Streams.Stream_Element_Count;
+
+   Default_Memory_Level : constant Memory_Level_Type := 8;
+   Default_Window_Bits  : constant Window_Bits_Type  := 15;
+
+   ----------------------------------
+   -- Compression method constants --
+   ----------------------------------
+
+   Deflated : constant Compression_Method;
+   --  Only one method allowed in this ZLib version
+
+   ---------------------------------
+   -- Compression level constants --
+   ---------------------------------
+
+   No_Compression      : constant Compression_Level := 0;
+   Best_Speed          : constant Compression_Level := 1;
+   Best_Compression    : constant Compression_Level := 9;
+   Default_Compression : constant Compression_Level := -1;
+
+   --------------------------
+   -- Flush mode constants --
+   --------------------------
+
+   No_Flush      : constant Flush_Mode;
+   --  Regular way for compression, no flush
+
+   Partial_Flush : constant Flush_Mode;
+   --  Will be removed, use Z_SYNC_FLUSH instead
+
+   Sync_Flush    : constant Flush_Mode;
+   --  All pending output is flushed to the output buffer and the output
+   --  is aligned on a byte boundary, so that the decompressor can get all
+   --  input data available so far. (In particular avail_in is zero after the
+   --  call if enough output space has been provided  before the call.)
+   --  Flushing may degrade compression for some compression algorithms and so
+   --  it should be used only when necessary.
+
+   Block_Flush   : constant Flush_Mode;
+   --  Z_BLOCK requests that inflate() stop
+   --  if and when it get to the next deflate block boundary. When decoding the
+   --  zlib or gzip format, this will cause inflate() to return immediately
+   --  after the header and before the first block. When doing a raw inflate,
+   --  inflate() will go ahead and process the first block, and will return
+   --  when it gets to the end of that block, or when it runs out of data.
+
+   Full_Flush    : constant Flush_Mode;
+   --  All output is flushed as with SYNC_FLUSH, and the compression state
+   --  is reset so that decompression can restart from this point if previous
+   --  compressed data has been damaged or if random access is desired. Using
+   --  Full_Flush too often can seriously degrade the compression.
+
+   Finish        : constant Flush_Mode;
+   --  Just for tell the compressor that input data is complete.
+
+   ------------------------------------
+   -- Compression strategy constants --
+   ------------------------------------
+
+   --  RLE strategy could be used only in version 1.2.0 and later.
+
+   Filtered         : constant Strategy_Type;
+   Huffman_Only     : constant Strategy_Type;
+   RLE              : constant Strategy_Type;
+   Default_Strategy : constant Strategy_Type;
+
+   Default_Buffer_Size : constant := 4096;
+
+   type Filter_Type is tagged limited private;
+   --  The filter is for compression and for decompression.
+   --  The usage of the type is depend of its initialization.
+
+   function Version return String;
+   pragma Inline (Version);
+   --  Return string representation of the ZLib version.
+
+   procedure Deflate_Init
+     (Filter       : in out Filter_Type;
+      Level        : in     Compression_Level  := Default_Compression;
+      Strategy     : in     Strategy_Type      := Default_Strategy;
+      Method       : in     Compression_Method := Deflated;
+      Window_Bits  : in     Window_Bits_Type   := Default_Window_Bits;
+      Memory_Level : in     Memory_Level_Type  := Default_Memory_Level;
+      Header       : in     Header_Type        := Default);
+   --  Compressor initialization.
+   --  When Header parameter is Auto or Default, then default zlib header
+   --  would be provided for compressed data.
+   --  When Header is GZip, then gzip header would be set instead of
+   --  default header.
+   --  When Header is None, no header would be set for compressed data.
+
+   procedure Inflate_Init
+     (Filter      : in out Filter_Type;
+      Window_Bits : in     Window_Bits_Type := Default_Window_Bits;
+      Header      : in     Header_Type      := Default);
+   --  Decompressor initialization.
+   --  Default header type mean that ZLib default header is expecting in the
+   --  input compressed stream.
+   --  Header type None mean that no header is expecting in the input stream.
+   --  GZip header type mean that GZip header is expecting in the
+   --  input compressed stream.
+   --  Auto header type mean that header type (GZip or Native) would be
+   --  detected automatically in the input stream.
+   --  Note that header types parameter values None, GZip and Auto are
+   --  supported for inflate routine only in ZLib versions 1.2.0.2 and later.
+   --  Deflate_Init is supporting all header types.
+
+   function Is_Open (Filter : in Filter_Type) return Boolean;
+   pragma Inline (Is_Open);
+   --  Is the filter opened for compression or decompression.
+
+   procedure Close
+     (Filter       : in out Filter_Type;
+      Ignore_Error : in     Boolean := False);
+   --  Closing the compression or decompressor.
+   --  If stream is closing before the complete and Ignore_Error is False,
+   --  The exception would be raised.
+
+   generic
+      with procedure Data_In
+        (Item : out Ada.Streams.Stream_Element_Array;
+         Last : out Ada.Streams.Stream_Element_Offset);
+      with procedure Data_Out
+        (Item : in Ada.Streams.Stream_Element_Array);
+   procedure Generic_Translate
+     (Filter          : in out Filter_Type;
+      In_Buffer_Size  : in     Integer := Default_Buffer_Size;
+      Out_Buffer_Size : in     Integer := Default_Buffer_Size);
+   --  Compress/decompress data fetch from Data_In routine and pass the result
+   --  to the Data_Out routine. User should provide Data_In and Data_Out
+   --  for compression/decompression data flow.
+   --  Compression or decompression depend on Filter initialization.
+
+   function Total_In (Filter : in Filter_Type) return Count;
+   pragma Inline (Total_In);
+   --  Returns total number of input bytes read so far
+
+   function Total_Out (Filter : in Filter_Type) return Count;
+   pragma Inline (Total_Out);
+   --  Returns total number of bytes output so far
+
+   function CRC32
+     (CRC    : in Unsigned_32;
+      Data   : in Ada.Streams.Stream_Element_Array)
+      return Unsigned_32;
+   pragma Inline (CRC32);
+   --  Compute CRC32, it could be necessary for make gzip format
+
+   procedure CRC32
+     (CRC  : in out Unsigned_32;
+      Data : in     Ada.Streams.Stream_Element_Array);
+   pragma Inline (CRC32);
+   --  Compute CRC32, it could be necessary for make gzip format
+
+   -------------------------------------------------
+   --  Below is more complex low level routines.  --
+   -------------------------------------------------
+
+   procedure Translate
+     (Filter    : in out Filter_Type;
+      In_Data   : in     Ada.Streams.Stream_Element_Array;
+      In_Last   :    out Ada.Streams.Stream_Element_Offset;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode);
+   --  Compress/decompress the In_Data buffer and place the result into
+   --  Out_Data. In_Last is the index of last element from In_Data accepted by
+   --  the Filter. Out_Last is the last element of the received data from
+   --  Filter. To tell the filter that incoming data are complete put the
+   --  Flush parameter to Finish.
+
+   function Stream_End (Filter : in Filter_Type) return Boolean;
+   pragma Inline (Stream_End);
+   --  Return the true when the stream is complete.
+
+   procedure Flush
+     (Filter    : in out Filter_Type;
+      Out_Data  :    out Ada.Streams.Stream_Element_Array;
+      Out_Last  :    out Ada.Streams.Stream_Element_Offset;
+      Flush     : in     Flush_Mode);
+   pragma Inline (Flush);
+   --  Flushing the data from the compressor.
+
+   generic
+      with procedure Write
+        (Item : in Ada.Streams.Stream_Element_Array);
+      --  User should provide this routine for accept
+      --  compressed/decompressed data.
+
+      Buffer_Size : in Ada.Streams.Stream_Element_Offset
+         := Default_Buffer_Size;
+      --  Buffer size for Write user routine.
+
+   procedure Write
+     (Filter  : in out Filter_Type;
+      Item    : in     Ada.Streams.Stream_Element_Array;
+      Flush   : in     Flush_Mode := No_Flush);
+   --  Compress/Decompress data from Item to the generic parameter procedure
+   --  Write. Output buffer size could be set in Buffer_Size generic parameter.
+
+   generic
+      with procedure Read
+        (Item : out Ada.Streams.Stream_Element_Array;
+         Last : out Ada.Streams.Stream_Element_Offset);
+      --  User should provide data for compression/decompression
+      --  thru this routine.
+
+      Buffer : in out Ada.Streams.Stream_Element_Array;
+      --  Buffer for keep remaining data from the previous
+      --  back read.
+
+      Rest_First, Rest_Last : in out Ada.Streams.Stream_Element_Offset;
+      --  Rest_First have to be initialized to Buffer'Last + 1
+      --  Rest_Last have to be initialized to Buffer'Last
+      --  before usage.
+
+      Allow_Read_Some : in Boolean := False;
+      --  Is it allowed to return Last < Item'Last before end of data.
+
+   procedure Read
+     (Filter : in out Filter_Type;
+      Item   :    out Ada.Streams.Stream_Element_Array;
+      Last   :    out Ada.Streams.Stream_Element_Offset;
+      Flush  : in     Flush_Mode := No_Flush);
+   --  Compress/Decompress data from generic parameter procedure Read to the
+   --  Item. User should provide Buffer and initialized Rest_First, Rest_Last
+   --  indicators. If Allow_Read_Some is True, Read routines could return
+   --  Last < Item'Last only at end of stream.
+
+private
+
+   use Ada.Streams;
+
+   pragma Assert (Ada.Streams.Stream_Element'Size    =    8);
+   pragma Assert (Ada.Streams.Stream_Element'Modulus = 2**8);
+
+   type Flush_Mode is new Integer range 0 .. 5;
+
+   type Compression_Method is new Integer range 8 .. 8;
+
+   type Strategy_Type is new Integer range 0 .. 3;
+
+   No_Flush      : constant Flush_Mode := 0;
+   Partial_Flush : constant Flush_Mode := 1;
+   Sync_Flush    : constant Flush_Mode := 2;
+   Full_Flush    : constant Flush_Mode := 3;
+   Finish        : constant Flush_Mode := 4;
+   Block_Flush   : constant Flush_Mode := 5;
+
+   Filtered         : constant Strategy_Type := 1;
+   Huffman_Only     : constant Strategy_Type := 2;
+   RLE              : constant Strategy_Type := 3;
+   Default_Strategy : constant Strategy_Type := 0;
+
+   Deflated : constant Compression_Method := 8;
+
+   type Z_Stream;
+
+   type Z_Stream_Access is access all Z_Stream;
+
+   type Filter_Type is tagged limited record
+      Strm        : Z_Stream_Access;
+      Compression : Boolean;
+      Stream_End  : Boolean;
+      Header      : Header_Type;
+      CRC         : Unsigned_32;
+      Offset      : Stream_Element_Offset;
+      --  Offset for gzip header/footer output.
+   end record;
+
+end ZLib;
diff --git a/zlib-1.3.1/contrib/ada/zlib.gpr b/zlib-1.3.1/contrib/ada/zlib.gpr
new file mode 100644
index 00000000..296b22aa
--- /dev/null
+++ b/zlib-1.3.1/contrib/ada/zlib.gpr
@@ -0,0 +1,20 @@
+project Zlib is
+
+   for Languages use ("Ada");
+   for Source_Dirs use (".");
+   for Object_Dir use ".";
+   for Main use ("test.adb", "mtest.adb", "read.adb", "buffer_demo");
+
+   package Compiler is
+      for Default_Switches ("ada") use ("-gnatwcfilopru", "-gnatVcdfimorst", "-gnatyabcefhiklmnoprst");
+   end Compiler;
+
+   package Linker is
+      for Default_Switches ("ada") use ("-lz");
+   end Linker;
+
+   package Builder is
+      for Default_Switches ("ada") use ("-s", "-gnatQ");
+   end Builder;
+
+end Zlib;
diff --git a/zlib-1.3.1/contrib/blast/Makefile b/zlib-1.3.1/contrib/blast/Makefile
new file mode 100644
index 00000000..9be80baf
--- /dev/null
+++ b/zlib-1.3.1/contrib/blast/Makefile
@@ -0,0 +1,8 @@
+blast: blast.c blast.h
+	cc -DTEST -o blast blast.c
+
+test: blast
+	blast < test.pk | cmp - test.txt
+
+clean:
+	rm -f blast blast.o
diff --git a/zlib-1.3.1/contrib/blast/README b/zlib-1.3.1/contrib/blast/README
new file mode 100644
index 00000000..e3a60b3f
--- /dev/null
+++ b/zlib-1.3.1/contrib/blast/README
@@ -0,0 +1,4 @@
+Read blast.h for purpose and usage.
+
+Mark Adler
+madler@alumni.caltech.edu
diff --git a/zlib-1.3.1/contrib/blast/blast.c b/zlib-1.3.1/contrib/blast/blast.c
new file mode 100644
index 00000000..e6e65907
--- /dev/null
+++ b/zlib-1.3.1/contrib/blast/blast.c
@@ -0,0 +1,466 @@
+/* blast.c
+ * Copyright (C) 2003, 2012, 2013 Mark Adler
+ * For conditions of distribution and use, see copyright notice in blast.h
+ * version 1.3, 24 Aug 2013
+ *
+ * blast.c decompresses data compressed by the PKWare Compression Library.
+ * This function provides functionality similar to the explode() function of
+ * the PKWare library, hence the name "blast".
+ *
+ * This decompressor is based on the excellent format description provided by
+ * Ben Rudiak-Gould in comp.compression on August 13, 2001.  Interestingly, the
+ * example Ben provided in the post is incorrect.  The distance 110001 should
+ * instead be 111000.  When corrected, the example byte stream becomes:
+ *
+ *    00 04 82 24 25 8f 80 7f
+ *
+ * which decompresses to "AIAIAIAIAIAIA" (without the quotes).
+ */
+
+/*
+ * Change history:
+ *
+ * 1.0  12 Feb 2003     - First version
+ * 1.1  16 Feb 2003     - Fixed distance check for > 4 GB uncompressed data
+ * 1.2  24 Oct 2012     - Add note about using binary mode in stdio
+ *                      - Fix comparisons of differently signed integers
+ * 1.3  24 Aug 2013     - Return unused input from blast()
+ *                      - Fix test code to correctly report unused input
+ *                      - Enable the provision of initial input to blast()
+ */
+
+#include <stddef.h>             /* for NULL */
+#include <setjmp.h>             /* for setjmp(), longjmp(), and jmp_buf */
+#include "blast.h"              /* prototype for blast() */
+
+#define local static            /* for local function definitions */
+#define MAXBITS 13              /* maximum code length */
+#define MAXWIN 4096             /* maximum window size */
+
+/* input and output state */
+struct state {
+    /* input state */
+    blast_in infun;             /* input function provided by user */
+    void *inhow;                /* opaque information passed to infun() */
+    unsigned char *in;          /* next input location */
+    unsigned left;              /* available input at in */
+    int bitbuf;                 /* bit buffer */
+    int bitcnt;                 /* number of bits in bit buffer */
+
+    /* input limit error return state for bits() and decode() */
+    jmp_buf env;
+
+    /* output state */
+    blast_out outfun;           /* output function provided by user */
+    void *outhow;               /* opaque information passed to outfun() */
+    unsigned next;              /* index of next write location in out[] */
+    int first;                  /* true to check distances (for first 4K) */
+    unsigned char out[MAXWIN];  /* output buffer and sliding window */
+};
+
+/*
+ * Return need bits from the input stream.  This always leaves less than
+ * eight bits in the buffer.  bits() works properly for need == 0.
+ *
+ * Format notes:
+ *
+ * - Bits are stored in bytes from the least significant bit to the most
+ *   significant bit.  Therefore bits are dropped from the bottom of the bit
+ *   buffer, using shift right, and new bytes are appended to the top of the
+ *   bit buffer, using shift left.
+ */
+local int bits(struct state *s, int need)
+{
+    int val;            /* bit accumulator */
+
+    /* load at least need bits into val */
+    val = s->bitbuf;
+    while (s->bitcnt < need) {
+        if (s->left == 0) {
+            s->left = s->infun(s->inhow, &(s->in));
+            if (s->left == 0) longjmp(s->env, 1);       /* out of input */
+        }
+        val |= (int)(*(s->in)++) << s->bitcnt;          /* load eight bits */
+        s->left--;
+        s->bitcnt += 8;
+    }
+
+    /* drop need bits and update buffer, always zero to seven bits left */
+    s->bitbuf = val >> need;
+    s->bitcnt -= need;
+
+    /* return need bits, zeroing the bits above that */
+    return val & ((1 << need) - 1);
+}
+
+/*
+ * Huffman code decoding tables.  count[1..MAXBITS] is the number of symbols of
+ * each length, which for a canonical code are stepped through in order.
+ * symbol[] are the symbol values in canonical order, where the number of
+ * entries is the sum of the counts in count[].  The decoding process can be
+ * seen in the function decode() below.
+ */
+struct huffman {
+    short *count;       /* number of symbols of each length */
+    short *symbol;      /* canonically ordered symbols */
+};
+
+/*
+ * Decode a code from the stream s using huffman table h.  Return the symbol or
+ * a negative value if there is an error.  If all of the lengths are zero, i.e.
+ * an empty code, or if the code is incomplete and an invalid code is received,
+ * then -9 is returned after reading MAXBITS bits.
+ *
+ * Format notes:
+ *
+ * - The codes as stored in the compressed data are bit-reversed relative to
+ *   a simple integer ordering of codes of the same lengths.  Hence below the
+ *   bits are pulled from the compressed data one at a time and used to
+ *   build the code value reversed from what is in the stream in order to
+ *   permit simple integer comparisons for decoding.
+ *
+ * - The first code for the shortest length is all ones.  Subsequent codes of
+ *   the same length are simply integer decrements of the previous code.  When
+ *   moving up a length, a one bit is appended to the code.  For a complete
+ *   code, the last code of the longest length will be all zeros.  To support
+ *   this ordering, the bits pulled during decoding are inverted to apply the
+ *   more "natural" ordering starting with all zeros and incrementing.
+ */
+local int decode(struct state *s, struct huffman *h)
+{
+    int len;            /* current number of bits in code */
+    int code;           /* len bits being decoded */
+    int first;          /* first code of length len */
+    int count;          /* number of codes of length len */
+    int index;          /* index of first code of length len in symbol table */
+    int bitbuf;         /* bits from stream */
+    int left;           /* bits left in next or left to process */
+    short *next;        /* next number of codes */
+
+    bitbuf = s->bitbuf;
+    left = s->bitcnt;
+    code = first = index = 0;
+    len = 1;
+    next = h->count + 1;
+    while (1) {
+        while (left--) {
+            code |= (bitbuf & 1) ^ 1;   /* invert code */
+            bitbuf >>= 1;
+            count = *next++;
+            if (code < first + count) { /* if length len, return symbol */
+                s->bitbuf = bitbuf;
+                s->bitcnt = (s->bitcnt - len) & 7;
+                return h->symbol[index + (code - first)];
+            }
+            index += count;             /* else update for next length */
+            first += count;
+            first <<= 1;
+            code <<= 1;
+            len++;
+        }
+        left = (MAXBITS+1) - len;
+        if (left == 0) break;
+        if (s->left == 0) {
+            s->left = s->infun(s->inhow, &(s->in));
+            if (s->left == 0) longjmp(s->env, 1);       /* out of input */
+        }
+        bitbuf = *(s->in)++;
+        s->left--;
+        if (left > 8) left = 8;
+    }
+    return -9;                          /* ran out of codes */
+}
+
+/*
+ * Given a list of repeated code lengths rep[0..n-1], where each byte is a
+ * count (high four bits + 1) and a code length (low four bits), generate the
+ * list of code lengths.  This compaction reduces the size of the object code.
+ * Then given the list of code lengths length[0..n-1] representing a canonical
+ * Huffman code for n symbols, construct the tables required to decode those
+ * codes.  Those tables are the number of codes of each length, and the symbols
+ * sorted by length, retaining their original order within each length.  The
+ * return value is zero for a complete code set, negative for an over-
+ * subscribed code set, and positive for an incomplete code set.  The tables
+ * can be used if the return value is zero or positive, but they cannot be used
+ * if the return value is negative.  If the return value is zero, it is not
+ * possible for decode() using that table to return an error--any stream of
+ * enough bits will resolve to a symbol.  If the return value is positive, then
+ * it is possible for decode() using that table to return an error for received
+ * codes past the end of the incomplete lengths.
+ */
+local int construct(struct huffman *h, const unsigned char *rep, int n)
+{
+    int symbol;         /* current symbol when stepping through length[] */
+    int len;            /* current length when stepping through h->count[] */
+    int left;           /* number of possible codes left of current length */
+    short offs[MAXBITS+1];      /* offsets in symbol table for each length */
+    short length[256];  /* code lengths */
+
+    /* convert compact repeat counts into symbol bit length list */
+    symbol = 0;
+    do {
+        len = *rep++;
+        left = (len >> 4) + 1;
+        len &= 15;
+        do {
+            length[symbol++] = len;
+        } while (--left);
+    } while (--n);
+    n = symbol;
+
+    /* count number of codes of each length */
+    for (len = 0; len <= MAXBITS; len++)
+        h->count[len] = 0;
+    for (symbol = 0; symbol < n; symbol++)
+        (h->count[length[symbol]])++;   /* assumes lengths are within bounds */
+    if (h->count[0] == n)               /* no codes! */
+        return 0;                       /* complete, but decode() will fail */
+
+    /* check for an over-subscribed or incomplete set of lengths */
+    left = 1;                           /* one possible code of zero length */
+    for (len = 1; len <= MAXBITS; len++) {
+        left <<= 1;                     /* one more bit, double codes left */
+        left -= h->count[len];          /* deduct count from possible codes */
+        if (left < 0) return left;      /* over-subscribed--return negative */
+    }                                   /* left > 0 means incomplete */
+
+    /* generate offsets into symbol table for each length for sorting */
+    offs[1] = 0;
+    for (len = 1; len < MAXBITS; len++)
+        offs[len + 1] = offs[len] + h->count[len];
+
+    /*
+     * put symbols in table sorted by length, by symbol order within each
+     * length
+     */
+    for (symbol = 0; symbol < n; symbol++)
+        if (length[symbol] != 0)
+            h->symbol[offs[length[symbol]]++] = symbol;
+
+    /* return zero for complete set, positive for incomplete set */
+    return left;
+}
+
+/*
+ * Decode PKWare Compression Library stream.
+ *
+ * Format notes:
+ *
+ * - First byte is 0 if literals are uncoded or 1 if they are coded.  Second
+ *   byte is 4, 5, or 6 for the number of extra bits in the distance code.
+ *   This is the base-2 logarithm of the dictionary size minus six.
+ *
+ * - Compressed data is a combination of literals and length/distance pairs
+ *   terminated by an end code.  Literals are either Huffman coded or
+ *   uncoded bytes.  A length/distance pair is a coded length followed by a
+ *   coded distance to represent a string that occurs earlier in the
+ *   uncompressed data that occurs again at the current location.
+ *
+ * - A bit preceding a literal or length/distance pair indicates which comes
+ *   next, 0 for literals, 1 for length/distance.
+ *
+ * - If literals are uncoded, then the next eight bits are the literal, in the
+ *   normal bit order in the stream, i.e. no bit-reversal is needed. Similarly,
+ *   no bit reversal is needed for either the length extra bits or the distance
+ *   extra bits.
+ *
+ * - Literal bytes are simply written to the output.  A length/distance pair is
+ *   an instruction to copy previously uncompressed bytes to the output.  The
+ *   copy is from distance bytes back in the output stream, copying for length
+ *   bytes.
+ *
+ * - Distances pointing before the beginning of the output data are not
+ *   permitted.
+ *
+ * - Overlapped copies, where the length is greater than the distance, are
+ *   allowed and common.  For example, a distance of one and a length of 518
+ *   simply copies the last byte 518 times.  A distance of four and a length of
+ *   twelve copies the last four bytes three times.  A simple forward copy
+ *   ignoring whether the length is greater than the distance or not implements
+ *   this correctly.
+ */
+local int decomp(struct state *s)
+{
+    int lit;            /* true if literals are coded */
+    int dict;           /* log2(dictionary size) - 6 */
+    int symbol;         /* decoded symbol, extra bits for distance */
+    int len;            /* length for copy */
+    unsigned dist;      /* distance for copy */
+    int copy;           /* copy counter */
+    unsigned char *from, *to;   /* copy pointers */
+    static int virgin = 1;                              /* build tables once */
+    static short litcnt[MAXBITS+1], litsym[256];        /* litcode memory */
+    static short lencnt[MAXBITS+1], lensym[16];         /* lencode memory */
+    static short distcnt[MAXBITS+1], distsym[64];       /* distcode memory */
+    static struct huffman litcode = {litcnt, litsym};   /* length code */
+    static struct huffman lencode = {lencnt, lensym};   /* length code */
+    static struct huffman distcode = {distcnt, distsym};/* distance code */
+        /* bit lengths of literal codes */
+    static const unsigned char litlen[] = {
+        11, 124, 8, 7, 28, 7, 188, 13, 76, 4, 10, 8, 12, 10, 12, 10, 8, 23, 8,
+        9, 7, 6, 7, 8, 7, 6, 55, 8, 23, 24, 12, 11, 7, 9, 11, 12, 6, 7, 22, 5,
+        7, 24, 6, 11, 9, 6, 7, 22, 7, 11, 38, 7, 9, 8, 25, 11, 8, 11, 9, 12,
+        8, 12, 5, 38, 5, 38, 5, 11, 7, 5, 6, 21, 6, 10, 53, 8, 7, 24, 10, 27,
+        44, 253, 253, 253, 252, 252, 252, 13, 12, 45, 12, 45, 12, 61, 12, 45,
+        44, 173};
+        /* bit lengths of length codes 0..15 */
+    static const unsigned char lenlen[] = {2, 35, 36, 53, 38, 23};
+        /* bit lengths of distance codes 0..63 */
+    static const unsigned char distlen[] = {2, 20, 53, 230, 247, 151, 248};
+    static const short base[16] = {     /* base for length codes */
+        3, 2, 4, 5, 6, 7, 8, 9, 10, 12, 16, 24, 40, 72, 136, 264};
+    static const char extra[16] = {     /* extra bits for length codes */
+        0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8};
+
+    /* set up decoding tables (once--might not be thread-safe) */
+    if (virgin) {
+        construct(&litcode, litlen, sizeof(litlen));
+        construct(&lencode, lenlen, sizeof(lenlen));
+        construct(&distcode, distlen, sizeof(distlen));
+        virgin = 0;
+    }
+
+    /* read header */
+    lit = bits(s, 8);
+    if (lit > 1) return -1;
+    dict = bits(s, 8);
+    if (dict < 4 || dict > 6) return -2;
+
+    /* decode literals and length/distance pairs */
+    do {
+        if (bits(s, 1)) {
+            /* get length */
+            symbol = decode(s, &lencode);
+            len = base[symbol] + bits(s, extra[symbol]);
+            if (len == 519) break;              /* end code */
+
+            /* get distance */
+            symbol = len == 2 ? 2 : dict;
+            dist = decode(s, &distcode) << symbol;
+            dist += bits(s, symbol);
+            dist++;
+            if (s->first && dist > s->next)
+                return -3;              /* distance too far back */
+
+            /* copy length bytes from distance bytes back */
+            do {
+                to = s->out + s->next;
+                from = to - dist;
+                copy = MAXWIN;
+                if (s->next < dist) {
+                    from += copy;
+                    copy = dist;
+                }
+                copy -= s->next;
+                if (copy > len) copy = len;
+                len -= copy;
+                s->next += copy;
+                do {
+                    *to++ = *from++;
+                } while (--copy);
+                if (s->next == MAXWIN) {
+                    if (s->outfun(s->outhow, s->out, s->next)) return 1;
+                    s->next = 0;
+                    s->first = 0;
+                }
+            } while (len != 0);
+        }
+        else {
+            /* get literal and write it */
+            symbol = lit ? decode(s, &litcode) : bits(s, 8);
+            s->out[s->next++] = symbol;
+            if (s->next == MAXWIN) {
+                if (s->outfun(s->outhow, s->out, s->next)) return 1;
+                s->next = 0;
+                s->first = 0;
+            }
+        }
+    } while (1);
+    return 0;
+}
+
+/* See comments in blast.h */
+int blast(blast_in infun, void *inhow, blast_out outfun, void *outhow,
+          unsigned *left, unsigned char **in)
+{
+    struct state s;             /* input/output state */
+    int err;                    /* return value */
+
+    /* initialize input state */
+    s.infun = infun;
+    s.inhow = inhow;
+    if (left != NULL && *left) {
+        s.left = *left;
+        s.in = *in;
+    }
+    else
+        s.left = 0;
+    s.bitbuf = 0;
+    s.bitcnt = 0;
+
+    /* initialize output state */
+    s.outfun = outfun;
+    s.outhow = outhow;
+    s.next = 0;
+    s.first = 1;
+
+    /* return if bits() or decode() tries to read past available input */
+    if (setjmp(s.env) != 0)             /* if came back here via longjmp(), */
+        err = 2;                        /*  then skip decomp(), return error */
+    else
+        err = decomp(&s);               /* decompress */
+
+    /* return unused input */
+    if (left != NULL)
+        *left = s.left;
+    if (in != NULL)
+        *in = s.left ? s.in : NULL;
+
+    /* write any leftover output and update the error code if needed */
+    if (err != 1 && s.next && s.outfun(s.outhow, s.out, s.next) && err == 0)
+        err = 1;
+    return err;
+}
+
+#ifdef TEST
+/* Example of how to use blast() */
+#include <stdio.h>
+#include <stdlib.h>
+
+#define CHUNK 16384
+
+local unsigned inf(void *how, unsigned char **buf)
+{
+    static unsigned char hold[CHUNK];
+
+    *buf = hold;
+    return fread(hold, 1, CHUNK, (FILE *)how);
+}
+
+local int outf(void *how, unsigned char *buf, unsigned len)
+{
+    return fwrite(buf, 1, len, (FILE *)how) != len;
+}
+
+/* Decompress a PKWare Compression Library stream from stdin to stdout */
+int main(void)
+{
+    int ret;
+    unsigned left;
+
+    /* decompress to stdout */
+    left = 0;
+    ret = blast(inf, stdin, outf, stdout, &left, NULL);
+    if (ret != 0)
+        fprintf(stderr, "blast error: %d\n", ret);
+
+    /* count any leftover bytes */
+    while (getchar() != EOF)
+        left++;
+    if (left)
+        fprintf(stderr, "blast warning: %u unused bytes of input\n", left);
+
+    /* return blast() error code */
+    return ret;
+}
+#endif
diff --git a/zlib-1.3.1/contrib/blast/blast.h b/zlib-1.3.1/contrib/blast/blast.h
new file mode 100644
index 00000000..ef8544c5
--- /dev/null
+++ b/zlib-1.3.1/contrib/blast/blast.h
@@ -0,0 +1,83 @@
+/* blast.h -- interface for blast.c
+  Copyright (C) 2003, 2012, 2013 Mark Adler
+  version 1.3, 24 Aug 2013
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the author be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Mark Adler    madler@alumni.caltech.edu
+ */
+
+
+/*
+ * blast() decompresses the PKWare Data Compression Library (DCL) compressed
+ * format.  It provides the same functionality as the explode() function in
+ * that library.  (Note: PKWare overused the "implode" verb, and the format
+ * used by their library implode() function is completely different and
+ * incompatible with the implode compression method supported by PKZIP.)
+ *
+ * The binary mode for stdio functions should be used to assure that the
+ * compressed data is not corrupted when read or written.  For example:
+ * fopen(..., "rb") and fopen(..., "wb").
+ */
+
+
+typedef unsigned (*blast_in)(void *how, unsigned char **buf);
+typedef int (*blast_out)(void *how, unsigned char *buf, unsigned len);
+/* Definitions for input/output functions passed to blast().  See below for
+ * what the provided functions need to do.
+ */
+
+
+int blast(blast_in infun, void *inhow, blast_out outfun, void *outhow,
+          unsigned *left, unsigned char **in);
+/* Decompress input to output using the provided infun() and outfun() calls.
+ * On success, the return value of blast() is zero.  If there is an error in
+ * the source data, i.e. it is not in the proper format, then a negative value
+ * is returned.  If there is not enough input available or there is not enough
+ * output space, then a positive error is returned.
+ *
+ * The input function is invoked: len = infun(how, &buf), where buf is set by
+ * infun() to point to the input buffer, and infun() returns the number of
+ * available bytes there.  If infun() returns zero, then blast() returns with
+ * an input error.  (blast() only asks for input if it needs it.)  inhow is for
+ * use by the application to pass an input descriptor to infun(), if desired.
+ *
+ * If left and in are not NULL and *left is not zero when blast() is called,
+ * then the *left bytes at *in are consumed for input before infun() is used.
+ *
+ * The output function is invoked: err = outfun(how, buf, len), where the bytes
+ * to be written are buf[0..len-1].  If err is not zero, then blast() returns
+ * with an output error.  outfun() is always called with len <= 4096.  outhow
+ * is for use by the application to pass an output descriptor to outfun(), if
+ * desired.
+ *
+ * If there is any unused input, *left is set to the number of bytes that were
+ * read and *in points to them.  Otherwise *left is set to zero and *in is set
+ * to NULL.  If left or in are NULL, then they are not set.
+ *
+ * The return codes are:
+ *
+ *   2:  ran out of input before completing decompression
+ *   1:  output error before completing decompression
+ *   0:  successful decompression
+ *  -1:  literal flag not zero or one
+ *  -2:  dictionary size not in 4..6
+ *  -3:  distance is too far back
+ *
+ * At the bottom of blast.c is an example program that uses blast() that can be
+ * compiled to produce a command-line decompression filter by defining TEST.
+ */
diff --git a/zlib-1.3.1/contrib/blast/test.pk b/zlib-1.3.1/contrib/blast/test.pk
new file mode 100644
index 00000000..be10b2bb
Binary files /dev/null and b/zlib-1.3.1/contrib/blast/test.pk differ
diff --git a/zlib-1.3.1/contrib/blast/test.txt b/zlib-1.3.1/contrib/blast/test.txt
new file mode 100644
index 00000000..bfdf1c5d
--- /dev/null
+++ b/zlib-1.3.1/contrib/blast/test.txt
@@ -0,0 +1 @@
+AIAIAIAIAIAIA
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/delphi/ZLib.pas b/zlib-1.3.1/contrib/delphi/ZLib.pas
new file mode 100644
index 00000000..93fa4c9e
--- /dev/null
+++ b/zlib-1.3.1/contrib/delphi/ZLib.pas
@@ -0,0 +1,557 @@
+{*******************************************************}
+{                                                       }
+{       Borland Delphi Supplemental Components          }
+{       ZLIB Data Compression Interface Unit            }
+{                                                       }
+{       Copyright (c) 1997,99 Borland Corporation       }
+{                                                       }
+{*******************************************************}
+
+{ Updated for zlib 1.2.x by Cosmin Truta <cosmint@cs.ubbcluj.ro> }
+
+unit ZLib;
+
+interface
+
+uses SysUtils, Classes;
+
+type
+  TAlloc = function (AppData: Pointer; Items, Size: Integer): Pointer; cdecl;
+  TFree = procedure (AppData, Block: Pointer); cdecl;
+
+  // Internal structure.  Ignore.
+  TZStreamRec = packed record
+    next_in: PChar;       // next input byte
+    avail_in: Integer;    // number of bytes available at next_in
+    total_in: Longint;    // total nb of input bytes read so far
+
+    next_out: PChar;      // next output byte should be put here
+    avail_out: Integer;   // remaining free space at next_out
+    total_out: Longint;   // total nb of bytes output so far
+
+    msg: PChar;           // last error message, NULL if no error
+    internal: Pointer;    // not visible by applications
+
+    zalloc: TAlloc;       // used to allocate the internal state
+    zfree: TFree;         // used to free the internal state
+    AppData: Pointer;     // private data object passed to zalloc and zfree
+
+    data_type: Integer;   // best guess about the data type: ascii or binary
+    adler: Longint;       // adler32 value of the uncompressed data
+    reserved: Longint;    // reserved for future use
+  end;
+
+  // Abstract ancestor class
+  TCustomZlibStream = class(TStream)
+  private
+    FStrm: TStream;
+    FStrmPos: Integer;
+    FOnProgress: TNotifyEvent;
+    FZRec: TZStreamRec;
+    FBuffer: array [Word] of Char;
+  protected
+    procedure Progress(Sender: TObject); dynamic;
+    property OnProgress: TNotifyEvent read FOnProgress write FOnProgress;
+    constructor Create(Strm: TStream);
+  end;
+
+{ TCompressionStream compresses data on the fly as data is written to it, and
+  stores the compressed data to another stream.
+
+  TCompressionStream is write-only and strictly sequential. Reading from the
+  stream will raise an exception. Using Seek to move the stream pointer
+  will raise an exception.
+
+  Output data is cached internally, written to the output stream only when
+  the internal output buffer is full.  All pending output data is flushed
+  when the stream is destroyed.
+
+  The Position property returns the number of uncompressed bytes of
+  data that have been written to the stream so far.
+
+  CompressionRate returns the on-the-fly percentage by which the original
+  data has been compressed:  (1 - (CompressedBytes / UncompressedBytes)) * 100
+  If raw data size = 100 and compressed data size = 25, the CompressionRate
+  is 75%
+
+  The OnProgress event is called each time the output buffer is filled and
+  written to the output stream.  This is useful for updating a progress
+  indicator when you are writing a large chunk of data to the compression
+  stream in a single call.}
+
+
+  TCompressionLevel = (clNone, clFastest, clDefault, clMax);
+
+  TCompressionStream = class(TCustomZlibStream)
+  private
+    function GetCompressionRate: Single;
+  public
+    constructor Create(CompressionLevel: TCompressionLevel; Dest: TStream);
+    destructor Destroy; override;
+    function Read(var Buffer; Count: Longint): Longint; override;
+    function Write(const Buffer; Count: Longint): Longint; override;
+    function Seek(Offset: Longint; Origin: Word): Longint; override;
+    property CompressionRate: Single read GetCompressionRate;
+    property OnProgress;
+  end;
+
+{ TDecompressionStream decompresses data on the fly as data is read from it.
+
+  Compressed data comes from a separate source stream.  TDecompressionStream
+  is read-only and unidirectional; you can seek forward in the stream, but not
+  backwards.  The special case of setting the stream position to zero is
+  allowed.  Seeking forward decompresses data until the requested position in
+  the uncompressed data has been reached.  Seeking backwards, seeking relative
+  to the end of the stream, requesting the size of the stream, and writing to
+  the stream will raise an exception.
+
+  The Position property returns the number of bytes of uncompressed data that
+  have been read from the stream so far.
+
+  The OnProgress event is called each time the internal input buffer of
+  compressed data is exhausted and the next block is read from the input stream.
+  This is useful for updating a progress indicator when you are reading a
+  large chunk of data from the decompression stream in a single call.}
+
+  TDecompressionStream = class(TCustomZlibStream)
+  public
+    constructor Create(Source: TStream);
+    destructor Destroy; override;
+    function Read(var Buffer; Count: Longint): Longint; override;
+    function Write(const Buffer; Count: Longint): Longint; override;
+    function Seek(Offset: Longint; Origin: Word): Longint; override;
+    property OnProgress;
+  end;
+
+
+
+{ CompressBuf compresses data, buffer to buffer, in one call.
+   In: InBuf = ptr to compressed data
+       InBytes = number of bytes in InBuf
+  Out: OutBuf = ptr to newly allocated buffer containing decompressed data
+       OutBytes = number of bytes in OutBuf   }
+procedure CompressBuf(const InBuf: Pointer; InBytes: Integer;
+                      out OutBuf: Pointer; out OutBytes: Integer);
+
+
+{ DecompressBuf decompresses data, buffer to buffer, in one call.
+   In: InBuf = ptr to compressed data
+       InBytes = number of bytes in InBuf
+       OutEstimate = zero, or est. size of the decompressed data
+  Out: OutBuf = ptr to newly allocated buffer containing decompressed data
+       OutBytes = number of bytes in OutBuf   }
+procedure DecompressBuf(const InBuf: Pointer; InBytes: Integer;
+ OutEstimate: Integer; out OutBuf: Pointer; out OutBytes: Integer);
+
+{ DecompressToUserBuf decompresses data, buffer to buffer, in one call.
+   In: InBuf = ptr to compressed data
+       InBytes = number of bytes in InBuf
+  Out: OutBuf = ptr to user-allocated buffer to contain decompressed data
+       BufSize = number of bytes in OutBuf   }
+procedure DecompressToUserBuf(const InBuf: Pointer; InBytes: Integer;
+  const OutBuf: Pointer; BufSize: Integer);
+
+const
+  zlib_version = '1.3.1';
+
+type
+  EZlibError = class(Exception);
+  ECompressionError = class(EZlibError);
+  EDecompressionError = class(EZlibError);
+
+implementation
+
+uses ZLibConst;
+
+const
+  Z_NO_FLUSH      = 0;
+  Z_PARTIAL_FLUSH = 1;
+  Z_SYNC_FLUSH    = 2;
+  Z_FULL_FLUSH    = 3;
+  Z_FINISH        = 4;
+
+  Z_OK            = 0;
+  Z_STREAM_END    = 1;
+  Z_NEED_DICT     = 2;
+  Z_ERRNO         = (-1);
+  Z_STREAM_ERROR  = (-2);
+  Z_DATA_ERROR    = (-3);
+  Z_MEM_ERROR     = (-4);
+  Z_BUF_ERROR     = (-5);
+  Z_VERSION_ERROR = (-6);
+
+  Z_NO_COMPRESSION       =   0;
+  Z_BEST_SPEED           =   1;
+  Z_BEST_COMPRESSION     =   9;
+  Z_DEFAULT_COMPRESSION  = (-1);
+
+  Z_FILTERED            = 1;
+  Z_HUFFMAN_ONLY        = 2;
+  Z_RLE                 = 3;
+  Z_DEFAULT_STRATEGY    = 0;
+
+  Z_BINARY   = 0;
+  Z_ASCII    = 1;
+  Z_UNKNOWN  = 2;
+
+  Z_DEFLATED = 8;
+
+
+{$L adler32.obj}
+{$L compress.obj}
+{$L crc32.obj}
+{$L deflate.obj}
+{$L infback.obj}
+{$L inffast.obj}
+{$L inflate.obj}
+{$L inftrees.obj}
+{$L trees.obj}
+{$L uncompr.obj}
+{$L zutil.obj}
+
+procedure adler32; external;
+procedure compressBound; external;
+procedure crc32; external;
+procedure deflateInit2_; external;
+procedure deflateParams; external;
+
+function _malloc(Size: Integer): Pointer; cdecl;
+begin
+  Result := AllocMem(Size);
+end;
+
+procedure _free(Block: Pointer); cdecl;
+begin
+  FreeMem(Block);
+end;
+
+procedure _memset(P: Pointer; B: Byte; count: Integer); cdecl;
+begin
+  FillChar(P^, count, B);
+end;
+
+procedure _memcpy(dest, source: Pointer; count: Integer); cdecl;
+begin
+  Move(source^, dest^, count);
+end;
+
+
+
+// deflate compresses data
+function deflateInit_(var strm: TZStreamRec; level: Integer; version: PChar;
+  recsize: Integer): Integer; external;
+function deflate(var strm: TZStreamRec; flush: Integer): Integer; external;
+function deflateEnd(var strm: TZStreamRec): Integer; external;
+
+// inflate decompresses data
+function inflateInit_(var strm: TZStreamRec; version: PChar;
+  recsize: Integer): Integer; external;
+function inflate(var strm: TZStreamRec; flush: Integer): Integer; external;
+function inflateEnd(var strm: TZStreamRec): Integer; external;
+function inflateReset(var strm: TZStreamRec): Integer; external;
+
+
+function zlibAllocMem(AppData: Pointer; Items, Size: Integer): Pointer; cdecl;
+begin
+//  GetMem(Result, Items*Size);
+  Result := AllocMem(Items * Size);
+end;
+
+procedure zlibFreeMem(AppData, Block: Pointer); cdecl;
+begin
+  FreeMem(Block);
+end;
+
+{function zlibCheck(code: Integer): Integer;
+begin
+  Result := code;
+  if code < 0 then
+    raise EZlibError.Create('error');    //!!
+end;}
+
+function CCheck(code: Integer): Integer;
+begin
+  Result := code;
+  if code < 0 then
+    raise ECompressionError.Create('error'); //!!
+end;
+
+function DCheck(code: Integer): Integer;
+begin
+  Result := code;
+  if code < 0 then
+    raise EDecompressionError.Create('error');  //!!
+end;
+
+procedure CompressBuf(const InBuf: Pointer; InBytes: Integer;
+                      out OutBuf: Pointer; out OutBytes: Integer);
+var
+  strm: TZStreamRec;
+  P: Pointer;
+begin
+  FillChar(strm, sizeof(strm), 0);
+  strm.zalloc := zlibAllocMem;
+  strm.zfree := zlibFreeMem;
+  OutBytes := ((InBytes + (InBytes div 10) + 12) + 255) and not 255;
+  GetMem(OutBuf, OutBytes);
+  try
+    strm.next_in := InBuf;
+    strm.avail_in := InBytes;
+    strm.next_out := OutBuf;
+    strm.avail_out := OutBytes;
+    CCheck(deflateInit_(strm, Z_BEST_COMPRESSION, zlib_version, sizeof(strm)));
+    try
+      while CCheck(deflate(strm, Z_FINISH)) <> Z_STREAM_END do
+      begin
+        P := OutBuf;
+        Inc(OutBytes, 256);
+        ReallocMem(OutBuf, OutBytes);
+        strm.next_out := PChar(Integer(OutBuf) + (Integer(strm.next_out) - Integer(P)));
+        strm.avail_out := 256;
+      end;
+    finally
+      CCheck(deflateEnd(strm));
+    end;
+    ReallocMem(OutBuf, strm.total_out);
+    OutBytes := strm.total_out;
+  except
+    FreeMem(OutBuf);
+    raise
+  end;
+end;
+
+
+procedure DecompressBuf(const InBuf: Pointer; InBytes: Integer;
+  OutEstimate: Integer; out OutBuf: Pointer; out OutBytes: Integer);
+var
+  strm: TZStreamRec;
+  P: Pointer;
+  BufInc: Integer;
+begin
+  FillChar(strm, sizeof(strm), 0);
+  strm.zalloc := zlibAllocMem;
+  strm.zfree := zlibFreeMem;
+  BufInc := (InBytes + 255) and not 255;
+  if OutEstimate = 0 then
+    OutBytes := BufInc
+  else
+    OutBytes := OutEstimate;
+  GetMem(OutBuf, OutBytes);
+  try
+    strm.next_in := InBuf;
+    strm.avail_in := InBytes;
+    strm.next_out := OutBuf;
+    strm.avail_out := OutBytes;
+    DCheck(inflateInit_(strm, zlib_version, sizeof(strm)));
+    try
+      while DCheck(inflate(strm, Z_NO_FLUSH)) <> Z_STREAM_END do
+      begin
+        P := OutBuf;
+        Inc(OutBytes, BufInc);
+        ReallocMem(OutBuf, OutBytes);
+        strm.next_out := PChar(Integer(OutBuf) + (Integer(strm.next_out) - Integer(P)));
+        strm.avail_out := BufInc;
+      end;
+    finally
+      DCheck(inflateEnd(strm));
+    end;
+    ReallocMem(OutBuf, strm.total_out);
+    OutBytes := strm.total_out;
+  except
+    FreeMem(OutBuf);
+    raise
+  end;
+end;
+
+procedure DecompressToUserBuf(const InBuf: Pointer; InBytes: Integer;
+  const OutBuf: Pointer; BufSize: Integer);
+var
+  strm: TZStreamRec;
+begin
+  FillChar(strm, sizeof(strm), 0);
+  strm.zalloc := zlibAllocMem;
+  strm.zfree := zlibFreeMem;
+  strm.next_in := InBuf;
+  strm.avail_in := InBytes;
+  strm.next_out := OutBuf;
+  strm.avail_out := BufSize;
+  DCheck(inflateInit_(strm, zlib_version, sizeof(strm)));
+  try
+    if DCheck(inflate(strm, Z_FINISH)) <> Z_STREAM_END then
+      raise EZlibError.CreateRes(@sTargetBufferTooSmall);
+  finally
+    DCheck(inflateEnd(strm));
+  end;
+end;
+
+// TCustomZlibStream
+
+constructor TCustomZLibStream.Create(Strm: TStream);
+begin
+  inherited Create;
+  FStrm := Strm;
+  FStrmPos := Strm.Position;
+  FZRec.zalloc := zlibAllocMem;
+  FZRec.zfree := zlibFreeMem;
+end;
+
+procedure TCustomZLibStream.Progress(Sender: TObject);
+begin
+  if Assigned(FOnProgress) then FOnProgress(Sender);
+end;
+
+
+// TCompressionStream
+
+constructor TCompressionStream.Create(CompressionLevel: TCompressionLevel;
+  Dest: TStream);
+const
+  Levels: array [TCompressionLevel] of ShortInt =
+    (Z_NO_COMPRESSION, Z_BEST_SPEED, Z_DEFAULT_COMPRESSION, Z_BEST_COMPRESSION);
+begin
+  inherited Create(Dest);
+  FZRec.next_out := FBuffer;
+  FZRec.avail_out := sizeof(FBuffer);
+  CCheck(deflateInit_(FZRec, Levels[CompressionLevel], zlib_version, sizeof(FZRec)));
+end;
+
+destructor TCompressionStream.Destroy;
+begin
+  FZRec.next_in := nil;
+  FZRec.avail_in := 0;
+  try
+    if FStrm.Position <> FStrmPos then FStrm.Position := FStrmPos;
+    while (CCheck(deflate(FZRec, Z_FINISH)) <> Z_STREAM_END)
+      and (FZRec.avail_out = 0) do
+    begin
+      FStrm.WriteBuffer(FBuffer, sizeof(FBuffer));
+      FZRec.next_out := FBuffer;
+      FZRec.avail_out := sizeof(FBuffer);
+    end;
+    if FZRec.avail_out < sizeof(FBuffer) then
+      FStrm.WriteBuffer(FBuffer, sizeof(FBuffer) - FZRec.avail_out);
+  finally
+    deflateEnd(FZRec);
+  end;
+  inherited Destroy;
+end;
+
+function TCompressionStream.Read(var Buffer; Count: Longint): Longint;
+begin
+  raise ECompressionError.CreateRes(@sInvalidStreamOp);
+end;
+
+function TCompressionStream.Write(const Buffer; Count: Longint): Longint;
+begin
+  FZRec.next_in := @Buffer;
+  FZRec.avail_in := Count;
+  if FStrm.Position <> FStrmPos then FStrm.Position := FStrmPos;
+  while (FZRec.avail_in > 0) do
+  begin
+    CCheck(deflate(FZRec, 0));
+    if FZRec.avail_out = 0 then
+    begin
+      FStrm.WriteBuffer(FBuffer, sizeof(FBuffer));
+      FZRec.next_out := FBuffer;
+      FZRec.avail_out := sizeof(FBuffer);
+      FStrmPos := FStrm.Position;
+      Progress(Self);
+    end;
+  end;
+  Result := Count;
+end;
+
+function TCompressionStream.Seek(Offset: Longint; Origin: Word): Longint;
+begin
+  if (Offset = 0) and (Origin = soFromCurrent) then
+    Result := FZRec.total_in
+  else
+    raise ECompressionError.CreateRes(@sInvalidStreamOp);
+end;
+
+function TCompressionStream.GetCompressionRate: Single;
+begin
+  if FZRec.total_in = 0 then
+    Result := 0
+  else
+    Result := (1.0 - (FZRec.total_out / FZRec.total_in)) * 100.0;
+end;
+
+
+// TDecompressionStream
+
+constructor TDecompressionStream.Create(Source: TStream);
+begin
+  inherited Create(Source);
+  FZRec.next_in := FBuffer;
+  FZRec.avail_in := 0;
+  DCheck(inflateInit_(FZRec, zlib_version, sizeof(FZRec)));
+end;
+
+destructor TDecompressionStream.Destroy;
+begin
+  FStrm.Seek(-FZRec.avail_in, 1);
+  inflateEnd(FZRec);
+  inherited Destroy;
+end;
+
+function TDecompressionStream.Read(var Buffer; Count: Longint): Longint;
+begin
+  FZRec.next_out := @Buffer;
+  FZRec.avail_out := Count;
+  if FStrm.Position <> FStrmPos then FStrm.Position := FStrmPos;
+  while (FZRec.avail_out > 0) do
+  begin
+    if FZRec.avail_in = 0 then
+    begin
+      FZRec.avail_in := FStrm.Read(FBuffer, sizeof(FBuffer));
+      if FZRec.avail_in = 0 then
+      begin
+        Result := Count - FZRec.avail_out;
+        Exit;
+      end;
+      FZRec.next_in := FBuffer;
+      FStrmPos := FStrm.Position;
+      Progress(Self);
+    end;
+    CCheck(inflate(FZRec, 0));
+  end;
+  Result := Count;
+end;
+
+function TDecompressionStream.Write(const Buffer; Count: Longint): Longint;
+begin
+  raise EDecompressionError.CreateRes(@sInvalidStreamOp);
+end;
+
+function TDecompressionStream.Seek(Offset: Longint; Origin: Word): Longint;
+var
+  I: Integer;
+  Buf: array [0..4095] of Char;
+begin
+  if (Offset = 0) and (Origin = soFromBeginning) then
+  begin
+    DCheck(inflateReset(FZRec));
+    FZRec.next_in := FBuffer;
+    FZRec.avail_in := 0;
+    FStrm.Position := 0;
+    FStrmPos := 0;
+  end
+  else if ( (Offset >= 0) and (Origin = soFromCurrent)) or
+          ( ((Offset - FZRec.total_out) > 0) and (Origin = soFromBeginning)) then
+  begin
+    if Origin = soFromBeginning then Dec(Offset, FZRec.total_out);
+    if Offset > 0 then
+    begin
+      for I := 1 to Offset div sizeof(Buf) do
+        ReadBuffer(Buf, sizeof(Buf));
+      ReadBuffer(Buf, Offset mod sizeof(Buf));
+    end;
+  end
+  else
+    raise EDecompressionError.CreateRes(@sInvalidStreamOp);
+  Result := FZRec.total_out;
+end;
+
+
+end.
diff --git a/zlib-1.3.1/contrib/delphi/ZLibConst.pas b/zlib-1.3.1/contrib/delphi/ZLibConst.pas
new file mode 100644
index 00000000..cdfe1367
--- /dev/null
+++ b/zlib-1.3.1/contrib/delphi/ZLibConst.pas
@@ -0,0 +1,11 @@
+unit ZLibConst;
+
+interface
+
+resourcestring
+  sTargetBufferTooSmall = 'ZLib error: target buffer may be too small';
+  sInvalidStreamOp = 'Invalid stream operation';
+
+implementation
+
+end.
diff --git a/zlib-1.3.1/contrib/delphi/readme.txt b/zlib-1.3.1/contrib/delphi/readme.txt
new file mode 100644
index 00000000..2dc9a8bb
--- /dev/null
+++ b/zlib-1.3.1/contrib/delphi/readme.txt
@@ -0,0 +1,76 @@
+
+Overview
+========
+
+This directory contains an update to the ZLib interface unit,
+distributed by Borland as a Delphi supplemental component.
+
+The original ZLib unit is Copyright (c) 1997,99 Borland Corp.,
+and is based on zlib version 1.0.4.  There are a series of bugs
+and security problems associated with that old zlib version, and
+we recommend the users to update their ZLib unit.
+
+
+Summary of modifications
+========================
+
+- Improved makefile, adapted to zlib version 1.2.1.
+
+- Some field types from TZStreamRec are changed from Integer to
+  Longint, for consistency with the zlib.h header, and for 64-bit
+  readiness.
+
+- The zlib_version constant is updated.
+
+- The new Z_RLE strategy has its corresponding symbolic constant.
+
+- The allocation and deallocation functions and function types
+  (TAlloc, TFree, zlibAllocMem and zlibFreeMem) are now cdecl,
+  and _malloc and _free are added as C RTL stubs.  As a result,
+  the original C sources of zlib can be compiled out of the box,
+  and linked to the ZLib unit.
+
+
+Suggestions for improvements
+============================
+
+Currently, the ZLib unit provides only a limited wrapper around
+the zlib library, and much of the original zlib functionality is
+missing.  Handling compressed file formats like ZIP/GZIP or PNG
+cannot be implemented without having this functionality.
+Applications that handle these formats are either using their own,
+duplicated code, or not using the ZLib unit at all.
+
+Here are a few suggestions:
+
+- Checksum class wrappers around adler32() and crc32(), similar
+  to the Java classes that implement the java.util.zip.Checksum
+  interface.
+
+- The ability to read and write raw deflate streams, without the
+  zlib stream header and trailer.  Raw deflate streams are used
+  in the ZIP file format.
+
+- The ability to read and write gzip streams, used in the GZIP
+  file format, and normally produced by the gzip program.
+
+- The ability to select a different compression strategy, useful
+  to PNG and MNG image compression, and to multimedia compression
+  in general.  Besides the compression level
+
+    TCompressionLevel = (clNone, clFastest, clDefault, clMax);
+
+  which, in fact, could have used the 'z' prefix and avoided
+  TColor-like symbols
+
+    TCompressionLevel = (zcNone, zcFastest, zcDefault, zcMax);
+
+  there could be a compression strategy
+
+    TCompressionStrategy = (zsDefault, zsFiltered, zsHuffmanOnly, zsRle);
+
+- ZIP and GZIP stream handling via TStreams.
+
+
+--
+Cosmin Truta <cosmint@cs.ubbcluj.ro>
diff --git a/zlib-1.3.1/contrib/delphi/zlibd32.mak b/zlib-1.3.1/contrib/delphi/zlibd32.mak
new file mode 100644
index 00000000..9bb00b7c
--- /dev/null
+++ b/zlib-1.3.1/contrib/delphi/zlibd32.mak
@@ -0,0 +1,99 @@
+# Makefile for zlib
+# For use with Delphi and C++ Builder under Win32
+# Updated for zlib 1.2.x by Cosmin Truta
+
+# ------------ Borland C++ ------------
+
+# This project uses the Delphi (fastcall/register) calling convention:
+LOC = -DZEXPORT=__fastcall -DZEXPORTVA=__cdecl
+
+CC = bcc32
+LD = bcc32
+AR = tlib
+# do not use "-pr" in CFLAGS
+CFLAGS = -a -d -k- -O2 $(LOC)
+LDFLAGS =
+
+
+# variables
+ZLIB_LIB = zlib.lib
+
+OBJ1 = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj
+OBJ2 = gzwrite.obj infback.obj inffast.obj inflate.obj inftrees.obj trees.obj uncompr.obj zutil.obj
+OBJP1 = +adler32.obj+compress.obj+crc32.obj+deflate.obj+gzclose.obj+gzlib.obj+gzread.obj
+OBJP2 = +gzwrite.obj+infback.obj+inffast.obj+inflate.obj+inftrees.obj+trees.obj+uncompr.obj+zutil.obj
+
+
+# targets
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+.c.obj:
+	$(CC) -c $(CFLAGS) $*.c
+
+adler32.obj: adler32.c zlib.h zconf.h
+
+compress.obj: compress.c zlib.h zconf.h
+
+crc32.obj: crc32.c zlib.h zconf.h crc32.h
+
+deflate.obj: deflate.c deflate.h zutil.h zlib.h zconf.h
+
+gzclose.obj: gzclose.c zlib.h zconf.h gzguts.h
+
+gzlib.obj: gzlib.c zlib.h zconf.h gzguts.h
+
+gzread.obj: gzread.c zlib.h zconf.h gzguts.h
+
+gzwrite.obj: gzwrite.c zlib.h zconf.h gzguts.h
+
+infback.obj: infback.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inffast.obj: inffast.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h
+
+inflate.obj: inflate.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inftrees.obj: inftrees.c zutil.h zlib.h zconf.h inftrees.h
+
+trees.obj: trees.c zutil.h zlib.h zconf.h deflate.h trees.h
+
+uncompr.obj: uncompr.c zlib.h zconf.h
+
+zutil.obj: zutil.c zutil.h zlib.h zconf.h
+
+example.obj: test/example.c zlib.h zconf.h
+
+minigzip.obj: test/minigzip.c zlib.h zconf.h
+
+
+# For the sake of the old Borland make,
+# the command line is cut to fit in the MS-DOS 128 byte limit:
+$(ZLIB_LIB): $(OBJ1) $(OBJ2)
+	-del $(ZLIB_LIB)
+	$(AR) $(ZLIB_LIB) $(OBJP1)
+	$(AR) $(ZLIB_LIB) $(OBJP2)
+
+
+# testing
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+example.exe: example.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) example.obj $(ZLIB_LIB)
+
+minigzip.exe: minigzip.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) minigzip.obj $(ZLIB_LIB)
+
+
+# cleanup
+clean:
+	-del *.obj
+	-del *.exe
+	-del *.lib
+	-del *.tds
+	-del zlib.bak
+	-del foo.gz
+
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib.build b/zlib-1.3.1/contrib/dotzlib/DotZLib.build
new file mode 100644
index 00000000..7f90d6bc
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib.build
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<project name="DotZLib" default="build" basedir="./DotZLib">
+	<description>A .Net wrapper library around ZLib1.dll</description>
+
+	<property name="nunit.location" value="c:/program files/NUnit V2.1/bin" />
+	<property name="build.root" value="bin" />
+
+	<property name="debug" value="true" />
+	<property name="nunit" value="true" />
+
+	<property name="build.folder" value="${build.root}/debug/" if="${debug}" />
+	<property name="build.folder" value="${build.root}/release/" unless="${debug}" />
+
+	<target name="clean" description="Remove all generated files">
+		<delete dir="${build.root}" failonerror="false" />
+	</target>
+
+	<target name="build" description="compiles the source code">
+
+		<mkdir dir="${build.folder}" />
+		<csc target="library" output="${build.folder}DotZLib.dll" debug="${debug}">
+			<references basedir="${nunit.location}">
+				<includes if="${nunit}" name="nunit.framework.dll" />
+			</references>
+			<sources>
+				<includes name="*.cs" />
+				<excludes name="UnitTests.cs" unless="${nunit}" />
+			</sources>
+			<arg value="/d:nunit" if="${nunit}" />
+		</csc>
+	</target>
+
+</project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib.chm b/zlib-1.3.1/contrib/dotzlib/DotZLib.chm
new file mode 100644
index 00000000..f214a444
Binary files /dev/null and b/zlib-1.3.1/contrib/dotzlib/DotZLib.chm differ
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib.sln b/zlib-1.3.1/contrib/dotzlib/DotZLib.sln
new file mode 100644
index 00000000..ac45ca04
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib.sln
@@ -0,0 +1,21 @@
+Microsoft Visual Studio Solution File, Format Version 8.00
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DotZLib", "DotZLib\DotZLib.csproj", "{BB1EE0B1-1808-46CB-B786-949D91117FC5}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfiguration) = preSolution
+		Debug = Debug
+		Release = Release
+	EndGlobalSection
+	GlobalSection(ProjectConfiguration) = postSolution
+		{BB1EE0B1-1808-46CB-B786-949D91117FC5}.Debug.ActiveCfg = Debug|.NET
+		{BB1EE0B1-1808-46CB-B786-949D91117FC5}.Debug.Build.0 = Debug|.NET
+		{BB1EE0B1-1808-46CB-B786-949D91117FC5}.Release.ActiveCfg = Release|.NET
+		{BB1EE0B1-1808-46CB-B786-949D91117FC5}.Release.Build.0 = Release|.NET
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+	EndGlobalSection
+	GlobalSection(ExtensibilityAddIns) = postSolution
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/AssemblyInfo.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/AssemblyInfo.cs
new file mode 100644
index 00000000..0491bfc2
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/AssemblyInfo.cs
@@ -0,0 +1,58 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+
+//
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+//
+[assembly: AssemblyTitle("DotZLib")]
+[assembly: AssemblyDescription(".Net bindings for ZLib compression dll 1.2.x")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("Henrik Ravn")]
+[assembly: AssemblyProduct("")]
+[assembly: AssemblyCopyright("(c) 2004 by Henrik Ravn")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+//
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Revision and Build Numbers
+// by using the '*' as shown below:
+
+[assembly: AssemblyVersion("1.0.*")]
+
+//
+// In order to sign your assembly you must specify a key to use. Refer to the
+// Microsoft .NET Framework documentation for more information on assembly signing.
+//
+// Use the attributes below to control which key is used for signing.
+//
+// Notes:
+//   (*) If no key is specified, the assembly is not signed.
+//   (*) KeyName refers to a key that has been installed in the Crypto Service
+//       Provider (CSP) on your machine. KeyFile refers to a file which contains
+//       a key.
+//   (*) If the KeyFile and the KeyName values are both specified, the
+//       following processing occurs:
+//       (1) If the KeyName can be found in the CSP, that key is used.
+//       (2) If the KeyName does not exist and the KeyFile does exist, the key
+//           in the KeyFile is installed into the CSP and used.
+//   (*) In order to create a KeyFile, you can use the sn.exe (Strong Name) utility.
+//       When specifying the KeyFile, the location of the KeyFile should be
+//       relative to the project output directory which is
+//       %Project Directory%\obj\<configuration>. For example, if your KeyFile is
+//       located in the project directory, you would specify the AssemblyKeyFile
+//       attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
+//   (*) Delay Signing is an advanced option - see the Microsoft .NET Framework
+//       documentation for more information on this.
+//
+[assembly: AssemblyDelaySign(false)]
+[assembly: AssemblyKeyFile("")]
+[assembly: AssemblyKeyName("")]
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/ChecksumImpl.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/ChecksumImpl.cs
new file mode 100644
index 00000000..de88dcf1
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/ChecksumImpl.cs
@@ -0,0 +1,202 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.Runtime.InteropServices;
+using System.Text;
+
+
+namespace DotZLib
+{
+    #region ChecksumGeneratorBase
+    /// <summary>
+    /// Implements the common functionality needed for all <see cref="ChecksumGenerator"/>s
+    /// </summary>
+    /// <example></example>
+    public abstract class ChecksumGeneratorBase : ChecksumGenerator
+    {
+        /// <summary>
+        /// The value of the current checksum
+        /// </summary>
+        protected uint _current;
+
+        /// <summary>
+        /// Initializes a new instance of the checksum generator base - the current checksum is
+        /// set to zero
+        /// </summary>
+        public ChecksumGeneratorBase()
+        {
+            _current = 0;
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the checksum generator base with a specified value
+        /// </summary>
+        /// <param name="initialValue">The value to set the current checksum to</param>
+        public ChecksumGeneratorBase(uint initialValue)
+        {
+            _current = initialValue;
+        }
+
+        /// <summary>
+        /// Resets the current checksum to zero
+        /// </summary>
+        public void Reset() { _current = 0; }
+
+        /// <summary>
+        /// Gets the current checksum value
+        /// </summary>
+        public uint Value { get { return _current; } }
+
+        /// <summary>
+        /// Updates the current checksum with part of an array of bytes
+        /// </summary>
+        /// <param name="data">The data to update the checksum with</param>
+        /// <param name="offset">Where in <c>data</c> to start updating</param>
+        /// <param name="count">The number of bytes from <c>data</c> to use</param>
+        /// <exception cref="ArgumentException">The sum of offset and count is larger than the length of <c>data</c></exception>
+        /// <exception cref="NullReferenceException"><c>data</c> is a null reference</exception>
+        /// <exception cref="ArgumentOutOfRangeException">Offset or count is negative.</exception>
+        /// <remarks>All the other <c>Update</c> methods are implemented in terms of this one.
+        /// This is therefore the only method a derived class has to implement</remarks>
+        public abstract void Update(byte[] data, int offset, int count);
+
+        /// <summary>
+        /// Updates the current checksum with an array of bytes.
+        /// </summary>
+        /// <param name="data">The data to update the checksum with</param>
+        public void Update(byte[] data)
+        {
+            Update(data, 0, data.Length);
+        }
+
+        /// <summary>
+        /// Updates the current checksum with the data from a string
+        /// </summary>
+        /// <param name="data">The string to update the checksum with</param>
+        /// <remarks>The characters in the string are converted by the UTF-8 encoding</remarks>
+        public void Update(string data)
+        {
+			Update(Encoding.UTF8.GetBytes(data));
+        }
+
+        /// <summary>
+        /// Updates the current checksum with the data from a string, using a specific encoding
+        /// </summary>
+        /// <param name="data">The string to update the checksum with</param>
+        /// <param name="encoding">The encoding to use</param>
+        public void Update(string data, Encoding encoding)
+        {
+            Update(encoding.GetBytes(data));
+        }
+
+    }
+    #endregion
+
+    #region CRC32
+    /// <summary>
+    /// Implements a CRC32 checksum generator
+    /// </summary>
+    public sealed class CRC32Checksum : ChecksumGeneratorBase
+    {
+        #region DLL imports
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern uint crc32(uint crc, int data, uint length);
+
+        #endregion
+
+        /// <summary>
+        /// Initializes a new instance of the CRC32 checksum generator
+        /// </summary>
+        public CRC32Checksum() : base() {}
+
+        /// <summary>
+        /// Initializes a new instance of the CRC32 checksum generator with a specified value
+        /// </summary>
+        /// <param name="initialValue">The value to set the current checksum to</param>
+        public CRC32Checksum(uint initialValue) : base(initialValue) {}
+
+        /// <summary>
+        /// Updates the current checksum with part of an array of bytes
+        /// </summary>
+        /// <param name="data">The data to update the checksum with</param>
+        /// <param name="offset">Where in <c>data</c> to start updating</param>
+        /// <param name="count">The number of bytes from <c>data</c> to use</param>
+        /// <exception cref="ArgumentException">The sum of offset and count is larger than the length of <c>data</c></exception>
+        /// <exception cref="NullReferenceException"><c>data</c> is a null reference</exception>
+        /// <exception cref="ArgumentOutOfRangeException">Offset or count is negative.</exception>
+        public override void Update(byte[] data, int offset, int count)
+        {
+            if (offset < 0 || count < 0) throw new ArgumentOutOfRangeException();
+            if ((offset+count) > data.Length) throw new ArgumentException();
+            GCHandle hData = GCHandle.Alloc(data, GCHandleType.Pinned);
+            try
+            {
+                _current = crc32(_current, hData.AddrOfPinnedObject().ToInt32()+offset, (uint)count);
+            }
+            finally
+            {
+                hData.Free();
+            }
+        }
+
+    }
+    #endregion
+
+    #region Adler
+    /// <summary>
+    /// Implements a checksum generator that computes the Adler checksum on data
+    /// </summary>
+    public sealed class AdlerChecksum : ChecksumGeneratorBase
+    {
+        #region DLL imports
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern uint adler32(uint adler, int data, uint length);
+
+        #endregion
+
+        /// <summary>
+        /// Initializes a new instance of the Adler checksum generator
+        /// </summary>
+        public AdlerChecksum() : base() {}
+
+        /// <summary>
+        /// Initializes a new instance of the Adler checksum generator with a specified value
+        /// </summary>
+        /// <param name="initialValue">The value to set the current checksum to</param>
+        public AdlerChecksum(uint initialValue) : base(initialValue) {}
+
+        /// <summary>
+        /// Updates the current checksum with part of an array of bytes
+        /// </summary>
+        /// <param name="data">The data to update the checksum with</param>
+        /// <param name="offset">Where in <c>data</c> to start updating</param>
+        /// <param name="count">The number of bytes from <c>data</c> to use</param>
+        /// <exception cref="ArgumentException">The sum of offset and count is larger than the length of <c>data</c></exception>
+        /// <exception cref="NullReferenceException"><c>data</c> is a null reference</exception>
+        /// <exception cref="ArgumentOutOfRangeException">Offset or count is negative.</exception>
+        public override void Update(byte[] data, int offset, int count)
+        {
+            if (offset < 0 || count < 0) throw new ArgumentOutOfRangeException();
+            if ((offset+count) > data.Length) throw new ArgumentException();
+            GCHandle hData = GCHandle.Alloc(data, GCHandleType.Pinned);
+            try
+            {
+                _current = adler32(_current, hData.AddrOfPinnedObject().ToInt32()+offset, (uint)count);
+            }
+            finally
+            {
+                hData.Free();
+            }
+        }
+
+    }
+    #endregion
+
+}
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/CircularBuffer.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/CircularBuffer.cs
new file mode 100644
index 00000000..c1cab3a0
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/CircularBuffer.cs
@@ -0,0 +1,83 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.Diagnostics;
+
+namespace DotZLib
+{
+
+	/// <summary>
+	/// This class implements a circular buffer
+	/// </summary>
+	internal class CircularBuffer
+	{
+        #region Private data
+        private int _capacity;
+        private int _head;
+        private int _tail;
+        private int _size;
+        private byte[] _buffer;
+        #endregion
+
+        public CircularBuffer(int capacity)
+        {
+            Debug.Assert( capacity > 0 );
+            _buffer = new byte[capacity];
+            _capacity = capacity;
+            _head = 0;
+            _tail = 0;
+            _size = 0;
+        }
+
+        public int Size { get { return _size; } }
+
+        public int Put(byte[] source, int offset, int count)
+        {
+            Debug.Assert( count > 0 );
+            int trueCount = Math.Min(count, _capacity - Size);
+            for (int i = 0; i < trueCount; ++i)
+                _buffer[(_tail+i) % _capacity] = source[offset+i];
+            _tail += trueCount;
+            _tail %= _capacity;
+            _size += trueCount;
+            return trueCount;
+        }
+
+        public bool Put(byte b)
+        {
+            if (Size == _capacity) // no room
+                return false;
+            _buffer[_tail++] = b;
+            _tail %= _capacity;
+            ++_size;
+            return true;
+        }
+
+        public int Get(byte[] destination, int offset, int count)
+        {
+            int trueCount = Math.Min(count,Size);
+            for (int i = 0; i < trueCount; ++i)
+                destination[offset + i] = _buffer[(_head+i) % _capacity];
+            _head += trueCount;
+            _head %= _capacity;
+            _size -= trueCount;
+            return trueCount;
+        }
+
+        public int Get()
+        {
+            if (Size == 0)
+                return -1;
+
+            int result = (int)_buffer[_head++ % _capacity];
+            --_size;
+            return result;
+        }
+
+    }
+}
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/CodecBase.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/CodecBase.cs
new file mode 100644
index 00000000..c4bc8b87
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/CodecBase.cs
@@ -0,0 +1,198 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace DotZLib
+{
+	/// <summary>
+	/// Implements the common functionality needed for all <see cref="Codec"/>s
+	/// </summary>
+	public abstract class CodecBase : Codec, IDisposable
+	{
+
+        #region Data members
+
+        /// <summary>
+        /// Instance of the internal zlib buffer structure that is
+        /// passed to all functions in the zlib dll
+        /// </summary>
+        internal ZStream _ztream = new ZStream();
+
+        /// <summary>
+        /// True if the object instance has been disposed, false otherwise
+        /// </summary>
+        protected bool _isDisposed = false;
+
+        /// <summary>
+        /// The size of the internal buffers
+        /// </summary>
+        protected const int kBufferSize = 16384;
+
+        private byte[] _outBuffer = new byte[kBufferSize];
+        private byte[] _inBuffer = new byte[kBufferSize];
+
+        private GCHandle _hInput;
+        private GCHandle _hOutput;
+
+        private uint _checksum = 0;
+
+        #endregion
+
+        /// <summary>
+        /// Initializes a new instance of the <c>CodeBase</c> class.
+        /// </summary>
+		public CodecBase()
+		{
+            try
+            {
+                _hInput = GCHandle.Alloc(_inBuffer, GCHandleType.Pinned);
+                _hOutput = GCHandle.Alloc(_outBuffer, GCHandleType.Pinned);
+            }
+            catch (Exception)
+            {
+                CleanUp(false);
+                throw;
+            }
+        }
+
+
+        #region Codec Members
+
+        /// <summary>
+        /// Occurs when more processed data are available.
+        /// </summary>
+        public event DataAvailableHandler DataAvailable;
+
+        /// <summary>
+        /// Fires the <see cref="DataAvailable"/> event
+        /// </summary>
+        protected void OnDataAvailable()
+        {
+            if (_ztream.total_out > 0)
+            {
+                if (DataAvailable != null)
+                    DataAvailable( _outBuffer, 0, (int)_ztream.total_out);
+                resetOutput();
+            }
+        }
+
+        /// <summary>
+        /// Adds more data to the codec to be processed.
+        /// </summary>
+        /// <param name="data">Byte array containing the data to be added to the codec</param>
+        /// <remarks>Adding data may, or may not, raise the <c>DataAvailable</c> event</remarks>
+        public void Add(byte[] data)
+        {
+            Add(data,0,data.Length);
+        }
+
+        /// <summary>
+        /// Adds more data to the codec to be processed.
+        /// </summary>
+        /// <param name="data">Byte array containing the data to be added to the codec</param>
+        /// <param name="offset">The index of the first byte to add from <c>data</c></param>
+        /// <param name="count">The number of bytes to add</param>
+        /// <remarks>Adding data may, or may not, raise the <c>DataAvailable</c> event</remarks>
+        /// <remarks>This must be implemented by a derived class</remarks>
+        public abstract void Add(byte[] data, int offset, int count);
+
+        /// <summary>
+        /// Finishes up any pending data that needs to be processed and handled.
+        /// </summary>
+        /// <remarks>This must be implemented by a derived class</remarks>
+        public abstract void Finish();
+
+        /// <summary>
+        /// Gets the checksum of the data that has been added so far
+        /// </summary>
+        public uint Checksum { get { return _checksum; } }
+
+        #endregion
+
+        #region Destructor & IDisposable stuff
+
+        /// <summary>
+        /// Destroys this instance
+        /// </summary>
+        ~CodecBase()
+        {
+            CleanUp(false);
+        }
+
+        /// <summary>
+        /// Releases any unmanaged resources and calls the <see cref="CleanUp()"/> method of the derived class
+        /// </summary>
+        public void Dispose()
+        {
+            CleanUp(true);
+        }
+
+        /// <summary>
+        /// Performs any codec specific cleanup
+        /// </summary>
+        /// <remarks>This must be implemented by a derived class</remarks>
+        protected abstract void CleanUp();
+
+        // performs the release of the handles and calls the derived CleanUp()
+        private void CleanUp(bool isDisposing)
+        {
+            if (!_isDisposed)
+            {
+                CleanUp();
+                if (_hInput.IsAllocated)
+                    _hInput.Free();
+                if (_hOutput.IsAllocated)
+                    _hOutput.Free();
+
+                _isDisposed = true;
+            }
+        }
+
+
+        #endregion
+
+        #region Helper methods
+
+        /// <summary>
+        /// Copies a number of bytes to the internal codec buffer - ready for processing
+        /// </summary>
+        /// <param name="data">The byte array that contains the data to copy</param>
+        /// <param name="startIndex">The index of the first byte to copy</param>
+        /// <param name="count">The number of bytes to copy from <c>data</c></param>
+        protected void copyInput(byte[] data, int startIndex, int count)
+        {
+            Array.Copy(data, startIndex, _inBuffer,0, count);
+            _ztream.next_in = _hInput.AddrOfPinnedObject();
+            _ztream.total_in = 0;
+            _ztream.avail_in = (uint)count;
+
+        }
+
+        /// <summary>
+        /// Resets the internal output buffers to a known state - ready for processing
+        /// </summary>
+        protected void resetOutput()
+        {
+            _ztream.total_out = 0;
+            _ztream.avail_out = kBufferSize;
+            _ztream.next_out = _hOutput.AddrOfPinnedObject();
+        }
+
+        /// <summary>
+        /// Updates the running checksum property
+        /// </summary>
+        /// <param name="newSum">The new checksum value</param>
+        protected void setChecksum(uint newSum)
+        {
+            _checksum = newSum;
+        }
+        #endregion
+
+    }
+}
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/Deflater.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/Deflater.cs
new file mode 100644
index 00000000..c2477925
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/Deflater.cs
@@ -0,0 +1,106 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+namespace DotZLib
+{
+
+    /// <summary>
+    /// Implements a data compressor, using the deflate algorithm in the ZLib dll
+    /// </summary>
+	public sealed class Deflater : CodecBase
+	{
+        #region Dll imports
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl, CharSet=CharSet.Ansi)]
+        private static extern int deflateInit_(ref ZStream sz, int level, string vs, int size);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int deflate(ref ZStream sz, int flush);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int deflateReset(ref ZStream sz);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int deflateEnd(ref ZStream sz);
+        #endregion
+
+        /// <summary>
+        /// Constructs an new instance of the <c>Deflater</c>
+        /// </summary>
+        /// <param name="level">The compression level to use for this <c>Deflater</c></param>
+		public Deflater(CompressLevel level) : base()
+		{
+            int retval = deflateInit_(ref _ztream, (int)level, Info.Version, Marshal.SizeOf(_ztream));
+            if (retval != 0)
+                throw new ZLibException(retval, "Could not initialize deflater");
+
+            resetOutput();
+		}
+
+        /// <summary>
+        /// Adds more data to the codec to be processed.
+        /// </summary>
+        /// <param name="data">Byte array containing the data to be added to the codec</param>
+        /// <param name="offset">The index of the first byte to add from <c>data</c></param>
+        /// <param name="count">The number of bytes to add</param>
+        /// <remarks>Adding data may, or may not, raise the <c>DataAvailable</c> event</remarks>
+        public override void Add(byte[] data, int offset, int count)
+        {
+            if (data == null) throw new ArgumentNullException();
+            if (offset < 0 || count < 0) throw new ArgumentOutOfRangeException();
+            if ((offset+count) > data.Length) throw new ArgumentException();
+
+            int total = count;
+            int inputIndex = offset;
+            int err = 0;
+
+            while (err >= 0 && inputIndex < total)
+            {
+                copyInput(data, inputIndex, Math.Min(total - inputIndex, kBufferSize));
+                while (err >= 0 && _ztream.avail_in > 0)
+                {
+                    err = deflate(ref _ztream, (int)FlushTypes.None);
+                    if (err == 0)
+                        while (_ztream.avail_out == 0)
+                        {
+                            OnDataAvailable();
+                            err = deflate(ref _ztream, (int)FlushTypes.None);
+                        }
+                    inputIndex += (int)_ztream.total_in;
+                }
+            }
+            setChecksum( _ztream.adler );
+        }
+
+
+        /// <summary>
+        /// Finishes up any pending data that needs to be processed and handled.
+        /// </summary>
+        public override void Finish()
+        {
+            int err;
+            do
+            {
+                err = deflate(ref _ztream, (int)FlushTypes.Finish);
+                OnDataAvailable();
+            }
+            while (err == 0);
+            setChecksum( _ztream.adler );
+            deflateReset(ref _ztream);
+            resetOutput();
+        }
+
+        /// <summary>
+        /// Closes the internal zlib deflate stream
+        /// </summary>
+        protected override void CleanUp() { deflateEnd(ref _ztream); }
+
+    }
+}
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/DotZLib.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/DotZLib.cs
new file mode 100644
index 00000000..be184b4c
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/DotZLib.cs
@@ -0,0 +1,288 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text;
+
+
+namespace DotZLib
+{
+
+    #region Internal types
+
+    /// <summary>
+    /// Defines constants for the various flush types used with zlib
+    /// </summary>
+    internal enum FlushTypes
+    {
+        None,  Partial,  Sync,  Full,  Finish,  Block
+    }
+
+    #region ZStream structure
+    // internal mapping of the zlib zstream structure for marshalling
+    [StructLayoutAttribute(LayoutKind.Sequential, Pack=4, Size=0, CharSet=CharSet.Ansi)]
+    internal struct ZStream
+    {
+        public IntPtr next_in;
+        public uint avail_in;
+        public uint total_in;
+
+        public IntPtr next_out;
+        public uint avail_out;
+        public uint total_out;
+
+        [MarshalAs(UnmanagedType.LPStr)]
+        string msg;
+        uint state;
+
+        uint zalloc;
+        uint zfree;
+        uint opaque;
+
+        int data_type;
+        public uint adler;
+        uint reserved;
+    }
+
+    #endregion
+
+    #endregion
+
+    #region Public enums
+    /// <summary>
+    /// Defines constants for the available compression levels in zlib
+    /// </summary>
+    public enum CompressLevel : int
+    {
+        /// <summary>
+        /// The default compression level with a reasonable compromise between compression and speed
+        /// </summary>
+        Default = -1,
+        /// <summary>
+        /// No compression at all. The data are passed straight through.
+        /// </summary>
+        None = 0,
+        /// <summary>
+        /// The maximum compression rate available.
+        /// </summary>
+        Best = 9,
+        /// <summary>
+        /// The fastest available compression level.
+        /// </summary>
+        Fastest = 1
+    }
+    #endregion
+
+    #region Exception classes
+    /// <summary>
+    /// The exception that is thrown when an error occurs on the zlib dll
+    /// </summary>
+    public class ZLibException : ApplicationException
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ZLibException"/> class with a specified
+        /// error message and error code
+        /// </summary>
+        /// <param name="errorCode">The zlib error code that caused the exception</param>
+        /// <param name="msg">A message that (hopefully) describes the error</param>
+        public ZLibException(int errorCode, string msg) : base(String.Format("ZLib error {0} {1}", errorCode, msg))
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ZLibException"/> class with a specified
+        /// error code
+        /// </summary>
+        /// <param name="errorCode">The zlib error code that caused the exception</param>
+        public ZLibException(int errorCode) : base(String.Format("ZLib error {0}", errorCode))
+        {
+        }
+    }
+    #endregion
+
+    #region Interfaces
+
+    /// <summary>
+    /// Declares methods and properties that enables a running checksum to be calculated
+    /// </summary>
+    public interface ChecksumGenerator
+    {
+        /// <summary>
+        /// Gets the current value of the checksum
+        /// </summary>
+        uint Value { get; }
+
+        /// <summary>
+        /// Clears the current checksum to 0
+        /// </summary>
+        void Reset();
+
+        /// <summary>
+        /// Updates the current checksum with an array of bytes
+        /// </summary>
+        /// <param name="data">The data to update the checksum with</param>
+        void Update(byte[] data);
+
+        /// <summary>
+        /// Updates the current checksum with part of an array of bytes
+        /// </summary>
+        /// <param name="data">The data to update the checksum with</param>
+        /// <param name="offset">Where in <c>data</c> to start updating</param>
+        /// <param name="count">The number of bytes from <c>data</c> to use</param>
+        /// <exception cref="ArgumentException">The sum of offset and count is larger than the length of <c>data</c></exception>
+        /// <exception cref="ArgumentNullException"><c>data</c> is a null reference</exception>
+        /// <exception cref="ArgumentOutOfRangeException">Offset or count is negative.</exception>
+        void Update(byte[] data, int offset, int count);
+
+        /// <summary>
+        /// Updates the current checksum with the data from a string
+        /// </summary>
+        /// <param name="data">The string to update the checksum with</param>
+        /// <remarks>The characters in the string are converted by the UTF-8 encoding</remarks>
+        void Update(string data);
+
+        /// <summary>
+        /// Updates the current checksum with the data from a string, using a specific encoding
+        /// </summary>
+        /// <param name="data">The string to update the checksum with</param>
+        /// <param name="encoding">The encoding to use</param>
+        void Update(string data, Encoding encoding);
+    }
+
+
+    /// <summary>
+    /// Represents the method that will be called from a codec when new data
+    /// are available.
+    /// </summary>
+    /// <paramref name="data">The byte array containing the processed data</paramref>
+    /// <paramref name="startIndex">The index of the first processed byte in <c>data</c></paramref>
+    /// <paramref name="count">The number of processed bytes available</paramref>
+    /// <remarks>On return from this method, the data may be overwritten, so grab it while you can.
+    /// You cannot assume that startIndex will be zero.
+    /// </remarks>
+    public delegate void DataAvailableHandler(byte[] data, int startIndex, int count);
+
+    /// <summary>
+    /// Declares methods and events for implementing compressors/decompressors
+    /// </summary>
+    public interface Codec
+    {
+        /// <summary>
+        /// Occurs when more processed data are available.
+        /// </summary>
+        event DataAvailableHandler DataAvailable;
+
+        /// <summary>
+        /// Adds more data to the codec to be processed.
+        /// </summary>
+        /// <param name="data">Byte array containing the data to be added to the codec</param>
+        /// <remarks>Adding data may, or may not, raise the <c>DataAvailable</c> event</remarks>
+        void Add(byte[] data);
+
+        /// <summary>
+        /// Adds more data to the codec to be processed.
+        /// </summary>
+        /// <param name="data">Byte array containing the data to be added to the codec</param>
+        /// <param name="offset">The index of the first byte to add from <c>data</c></param>
+        /// <param name="count">The number of bytes to add</param>
+        /// <remarks>Adding data may, or may not, raise the <c>DataAvailable</c> event</remarks>
+        void Add(byte[] data, int offset, int count);
+
+        /// <summary>
+        /// Finishes up any pending data that needs to be processed and handled.
+        /// </summary>
+        void Finish();
+
+        /// <summary>
+        /// Gets the checksum of the data that has been added so far
+        /// </summary>
+        uint Checksum { get; }
+
+
+    }
+
+    #endregion
+
+    #region Classes
+    /// <summary>
+    /// Encapsulates general information about the ZLib library
+    /// </summary>
+    public class Info
+    {
+        #region DLL imports
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern uint zlibCompileFlags();
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern string zlibVersion();
+        #endregion
+
+        #region Private stuff
+        private uint _flags;
+
+        // helper function that unpacks a bitsize mask
+        private static int bitSize(uint bits)
+        {
+            switch (bits)
+            {
+                case 0: return 16;
+                case 1: return 32;
+                case 2: return 64;
+            }
+            return -1;
+        }
+        #endregion
+
+        /// <summary>
+        /// Constructs an instance of the <c>Info</c> class.
+        /// </summary>
+        public Info()
+        {
+            _flags = zlibCompileFlags();
+        }
+
+        /// <summary>
+        /// True if the library is compiled with debug info
+        /// </summary>
+        public bool HasDebugInfo { get { return 0 != (_flags & 0x100); } }
+
+        /// <summary>
+        /// True if the library is compiled with assembly optimizations
+        /// </summary>
+        public bool UsesAssemblyCode { get { return 0 != (_flags & 0x200); } }
+
+        /// <summary>
+        /// Gets the size of the unsigned int that was compiled into Zlib
+        /// </summary>
+        public int SizeOfUInt { get { return bitSize(_flags & 3); } }
+
+        /// <summary>
+        /// Gets the size of the unsigned long that was compiled into Zlib
+        /// </summary>
+        public int SizeOfULong { get { return bitSize((_flags >> 2) & 3); } }
+
+        /// <summary>
+        /// Gets the size of the pointers that were compiled into Zlib
+        /// </summary>
+        public int SizeOfPointer { get { return bitSize((_flags >> 4) & 3); } }
+
+        /// <summary>
+        /// Gets the size of the z_off_t type that was compiled into Zlib
+        /// </summary>
+        public int SizeOfOffset { get { return bitSize((_flags >> 6) & 3); } }
+
+        /// <summary>
+        /// Gets the version of ZLib as a string, e.g. "1.2.1"
+        /// </summary>
+        public static string Version { get { return zlibVersion(); } }
+    }
+
+    #endregion
+
+}
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/DotZLib.csproj b/zlib-1.3.1/contrib/dotzlib/DotZLib/DotZLib.csproj
new file mode 100644
index 00000000..71eeb859
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/DotZLib.csproj
@@ -0,0 +1,141 @@
+<VisualStudioProject>
+    <CSHARP
+        ProjectType = "Local"
+        ProductVersion = "7.10.3077"
+        SchemaVersion = "2.0"
+        ProjectGuid = "{BB1EE0B1-1808-46CB-B786-949D91117FC5}"
+    >
+        <Build>
+            <Settings
+                ApplicationIcon = ""
+                AssemblyKeyContainerName = ""
+                AssemblyName = "DotZLib"
+                AssemblyOriginatorKeyFile = ""
+                DefaultClientScript = "JScript"
+                DefaultHTMLPageLayout = "Grid"
+                DefaultTargetSchema = "IE50"
+                DelaySign = "false"
+                OutputType = "Library"
+                PreBuildEvent = ""
+                PostBuildEvent = ""
+                RootNamespace = "DotZLib"
+                RunPostBuildEvent = "OnBuildSuccess"
+                StartupObject = ""
+            >
+                <Config
+                    Name = "Debug"
+                    AllowUnsafeBlocks = "false"
+                    BaseAddress = "285212672"
+                    CheckForOverflowUnderflow = "false"
+                    ConfigurationOverrideFile = ""
+                    DefineConstants = "DEBUG;TRACE"
+                    DocumentationFile = "docs\DotZLib.xml"
+                    DebugSymbols = "true"
+                    FileAlignment = "4096"
+                    IncrementalBuild = "false"
+                    NoStdLib = "false"
+                    NoWarn = "1591"
+                    Optimize = "false"
+                    OutputPath = "bin\Debug\"
+                    RegisterForComInterop = "false"
+                    RemoveIntegerChecks = "false"
+                    TreatWarningsAsErrors = "false"
+                    WarningLevel = "4"
+                />
+                <Config
+                    Name = "Release"
+                    AllowUnsafeBlocks = "false"
+                    BaseAddress = "285212672"
+                    CheckForOverflowUnderflow = "false"
+                    ConfigurationOverrideFile = ""
+                    DefineConstants = "TRACE"
+                    DocumentationFile = "docs\DotZLib.xml"
+                    DebugSymbols = "false"
+                    FileAlignment = "4096"
+                    IncrementalBuild = "false"
+                    NoStdLib = "false"
+                    NoWarn = ""
+                    Optimize = "true"
+                    OutputPath = "bin\Release\"
+                    RegisterForComInterop = "false"
+                    RemoveIntegerChecks = "false"
+                    TreatWarningsAsErrors = "false"
+                    WarningLevel = "4"
+                />
+            </Settings>
+            <References>
+                <Reference
+                    Name = "System"
+                    AssemblyName = "System"
+                    HintPath = "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll"
+                />
+                <Reference
+                    Name = "System.Data"
+                    AssemblyName = "System.Data"
+                    HintPath = "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Data.dll"
+                />
+                <Reference
+                    Name = "System.XML"
+                    AssemblyName = "System.Xml"
+                    HintPath = "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.XML.dll"
+                />
+                <Reference
+                    Name = "nunit.framework"
+                    AssemblyName = "nunit.framework"
+                    HintPath = "E:\apps\NUnit V2.1\\bin\nunit.framework.dll"
+                    AssemblyFolderKey = "hklm\dn\nunit.framework"
+                />
+            </References>
+        </Build>
+        <Files>
+            <Include>
+                <File
+                    RelPath = "AssemblyInfo.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "ChecksumImpl.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "CircularBuffer.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "CodecBase.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "Deflater.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "DotZLib.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "GZipStream.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "Inflater.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+                <File
+                    RelPath = "UnitTests.cs"
+                    SubType = "Code"
+                    BuildAction = "Compile"
+                />
+            </Include>
+        </Files>
+    </CSHARP>
+</VisualStudioProject>
+
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/GZipStream.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/GZipStream.cs
new file mode 100644
index 00000000..58091d3a
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/GZipStream.cs
@@ -0,0 +1,301 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.IO;
+using System.Runtime.InteropServices;
+
+namespace DotZLib
+{
+	/// <summary>
+	/// Implements a compressed <see cref="Stream"/>, in GZip (.gz) format.
+	/// </summary>
+	public class GZipStream : Stream, IDisposable
+	{
+        #region Dll Imports
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl, CharSet=CharSet.Ansi)]
+        private static extern IntPtr gzopen(string name, string mode);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int gzclose(IntPtr gzFile);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int gzwrite(IntPtr gzFile, int data, int length);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int gzread(IntPtr gzFile, int data, int length);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int gzgetc(IntPtr gzFile);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int gzputc(IntPtr gzFile, int c);
+
+        #endregion
+
+        #region Private data
+        private IntPtr _gzFile;
+        private bool _isDisposed = false;
+        private bool _isWriting;
+        #endregion
+
+        #region Constructors
+        /// <summary>
+        /// Creates a new file as a writeable GZipStream
+        /// </summary>
+        /// <param name="fileName">The name of the compressed file to create</param>
+        /// <param name="level">The compression level to use when adding data</param>
+        /// <exception cref="ZLibException">If an error occurred in the internal zlib function</exception>
+		public GZipStream(string fileName, CompressLevel level)
+		{
+            _isWriting = true;
+            _gzFile = gzopen(fileName, String.Format("wb{0}", (int)level));
+            if (_gzFile == IntPtr.Zero)
+                throw new ZLibException(-1, "Could not open " + fileName);
+		}
+
+        /// <summary>
+        /// Opens an existing file as a readable GZipStream
+        /// </summary>
+        /// <param name="fileName">The name of the file to open</param>
+        /// <exception cref="ZLibException">If an error occurred in the internal zlib function</exception>
+        public GZipStream(string fileName)
+        {
+            _isWriting = false;
+            _gzFile = gzopen(fileName, "rb");
+            if (_gzFile == IntPtr.Zero)
+                throw new ZLibException(-1, "Could not open " + fileName);
+
+        }
+        #endregion
+
+        #region Access properties
+        /// <summary>
+        /// Returns true of this stream can be read from, false otherwise
+        /// </summary>
+        public override bool CanRead
+        {
+            get
+            {
+                return !_isWriting;
+            }
+        }
+
+
+        /// <summary>
+        /// Returns false.
+        /// </summary>
+        public override bool CanSeek
+        {
+            get
+            {
+                return false;
+            }
+        }
+
+        /// <summary>
+        /// Returns true if this tsream is writeable, false otherwise
+        /// </summary>
+        public override bool CanWrite
+        {
+            get
+            {
+                return _isWriting;
+            }
+        }
+        #endregion
+
+        #region Destructor & IDispose stuff
+
+        /// <summary>
+        /// Destroys this instance
+        /// </summary>
+        ~GZipStream()
+        {
+            cleanUp(false);
+        }
+
+        /// <summary>
+        /// Closes the external file handle
+        /// </summary>
+        public void Dispose()
+        {
+            cleanUp(true);
+        }
+
+        // Does the actual closing of the file handle.
+        private void cleanUp(bool isDisposing)
+        {
+            if (!_isDisposed)
+            {
+                gzclose(_gzFile);
+                _isDisposed = true;
+            }
+        }
+        #endregion
+
+        #region Basic reading and writing
+        /// <summary>
+        /// Attempts to read a number of bytes from the stream.
+        /// </summary>
+        /// <param name="buffer">The destination data buffer</param>
+        /// <param name="offset">The index of the first destination byte in <c>buffer</c></param>
+        /// <param name="count">The number of bytes requested</param>
+        /// <returns>The number of bytes read</returns>
+        /// <exception cref="ArgumentNullException">If <c>buffer</c> is null</exception>
+        /// <exception cref="ArgumentOutOfRangeException">If <c>count</c> or <c>offset</c> are negative</exception>
+        /// <exception cref="ArgumentException">If <c>offset</c>  + <c>count</c> is &gt; buffer.Length</exception>
+        /// <exception cref="NotSupportedException">If this stream is not readable.</exception>
+        /// <exception cref="ObjectDisposedException">If this stream has been disposed.</exception>
+        public override int Read(byte[] buffer, int offset, int count)
+        {
+            if (!CanRead) throw new NotSupportedException();
+            if (buffer == null) throw new ArgumentNullException();
+            if (offset < 0 || count < 0) throw new ArgumentOutOfRangeException();
+            if ((offset+count) > buffer.Length) throw new ArgumentException();
+            if (_isDisposed) throw new ObjectDisposedException("GZipStream");
+
+            GCHandle h = GCHandle.Alloc(buffer, GCHandleType.Pinned);
+            int result;
+            try
+            {
+                result = gzread(_gzFile, h.AddrOfPinnedObject().ToInt32() + offset, count);
+                if (result < 0)
+                    throw new IOException();
+            }
+            finally
+            {
+                h.Free();
+            }
+            return result;
+        }
+
+        /// <summary>
+        /// Attempts to read a single byte from the stream.
+        /// </summary>
+        /// <returns>The byte that was read, or -1 in case of error or End-Of-File</returns>
+        public override int ReadByte()
+        {
+            if (!CanRead) throw new NotSupportedException();
+            if (_isDisposed) throw new ObjectDisposedException("GZipStream");
+            return gzgetc(_gzFile);
+        }
+
+        /// <summary>
+        /// Writes a number of bytes to the stream
+        /// </summary>
+        /// <param name="buffer"></param>
+        /// <param name="offset"></param>
+        /// <param name="count"></param>
+        /// <exception cref="ArgumentNullException">If <c>buffer</c> is null</exception>
+        /// <exception cref="ArgumentOutOfRangeException">If <c>count</c> or <c>offset</c> are negative</exception>
+        /// <exception cref="ArgumentException">If <c>offset</c>  + <c>count</c> is &gt; buffer.Length</exception>
+        /// <exception cref="NotSupportedException">If this stream is not writeable.</exception>
+        /// <exception cref="ObjectDisposedException">If this stream has been disposed.</exception>
+        public override void Write(byte[] buffer, int offset, int count)
+        {
+            if (!CanWrite) throw new NotSupportedException();
+            if (buffer == null) throw new ArgumentNullException();
+            if (offset < 0 || count < 0) throw new ArgumentOutOfRangeException();
+            if ((offset+count) > buffer.Length) throw new ArgumentException();
+            if (_isDisposed) throw new ObjectDisposedException("GZipStream");
+
+            GCHandle h = GCHandle.Alloc(buffer, GCHandleType.Pinned);
+            try
+            {
+                int result = gzwrite(_gzFile, h.AddrOfPinnedObject().ToInt32() + offset, count);
+                if (result < 0)
+                    throw new IOException();
+            }
+            finally
+            {
+                h.Free();
+            }
+        }
+
+        /// <summary>
+        /// Writes a single byte to the stream
+        /// </summary>
+        /// <param name="value">The byte to add to the stream.</param>
+        /// <exception cref="NotSupportedException">If this stream is not writeable.</exception>
+        /// <exception cref="ObjectDisposedException">If this stream has been disposed.</exception>
+        public override void WriteByte(byte value)
+        {
+            if (!CanWrite) throw new NotSupportedException();
+            if (_isDisposed) throw new ObjectDisposedException("GZipStream");
+
+            int result = gzputc(_gzFile, (int)value);
+            if (result < 0)
+                throw new IOException();
+        }
+        #endregion
+
+        #region Position & length stuff
+        /// <summary>
+        /// Not supported.
+        /// </summary>
+        /// <param name="value"></param>
+        /// <exception cref="NotSupportedException">Always thrown</exception>
+        public override void SetLength(long value)
+        {
+            throw new NotSupportedException();
+        }
+
+        /// <summary>
+        ///  Not supported.
+        /// </summary>
+        /// <param name="offset"></param>
+        /// <param name="origin"></param>
+        /// <returns></returns>
+        /// <exception cref="NotSupportedException">Always thrown</exception>
+        public override long Seek(long offset, SeekOrigin origin)
+        {
+            throw new NotSupportedException();
+        }
+
+        /// <summary>
+        /// Flushes the <c>GZipStream</c>.
+        /// </summary>
+        /// <remarks>In this implementation, this method does nothing. This is because excessive
+        /// flushing may degrade the achievable compression rates.</remarks>
+        public override void Flush()
+        {
+            // left empty on purpose
+        }
+
+        /// <summary>
+        /// Gets/sets the current position in the <c>GZipStream</c>. Not supported.
+        /// </summary>
+        /// <remarks>In this implementation this property is not supported</remarks>
+        /// <exception cref="NotSupportedException">Always thrown</exception>
+        public override long Position
+        {
+            get
+            {
+                throw new NotSupportedException();
+            }
+            set
+            {
+                throw new NotSupportedException();
+            }
+        }
+
+        /// <summary>
+        /// Gets the size of the stream. Not supported.
+        /// </summary>
+        /// <remarks>In this implementation this property is not supported</remarks>
+        /// <exception cref="NotSupportedException">Always thrown</exception>
+        public override long Length
+        {
+            get
+            {
+                throw new NotSupportedException();
+            }
+        }
+        #endregion
+    }
+}
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/Inflater.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/Inflater.cs
new file mode 100644
index 00000000..8ed5451d
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/Inflater.cs
@@ -0,0 +1,105 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+namespace DotZLib
+{
+
+    /// <summary>
+    /// Implements a data decompressor, using the inflate algorithm in the ZLib dll
+    /// </summary>
+    public class Inflater : CodecBase
+	{
+        #region Dll imports
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl, CharSet=CharSet.Ansi)]
+        private static extern int inflateInit_(ref ZStream sz, string vs, int size);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int inflate(ref ZStream sz, int flush);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int inflateReset(ref ZStream sz);
+
+        [DllImport("ZLIB1.dll", CallingConvention=CallingConvention.Cdecl)]
+        private static extern int inflateEnd(ref ZStream sz);
+        #endregion
+
+        /// <summary>
+        /// Constructs an new instance of the <c>Inflater</c>
+        /// </summary>
+        public Inflater() : base()
+		{
+            int retval = inflateInit_(ref _ztream, Info.Version, Marshal.SizeOf(_ztream));
+            if (retval != 0)
+                throw new ZLibException(retval, "Could not initialize inflater");
+
+            resetOutput();
+        }
+
+
+        /// <summary>
+        /// Adds more data to the codec to be processed.
+        /// </summary>
+        /// <param name="data">Byte array containing the data to be added to the codec</param>
+        /// <param name="offset">The index of the first byte to add from <c>data</c></param>
+        /// <param name="count">The number of bytes to add</param>
+        /// <remarks>Adding data may, or may not, raise the <c>DataAvailable</c> event</remarks>
+        public override void Add(byte[] data, int offset, int count)
+        {
+            if (data == null) throw new ArgumentNullException();
+            if (offset < 0 || count < 0) throw new ArgumentOutOfRangeException();
+            if ((offset+count) > data.Length) throw new ArgumentException();
+
+            int total = count;
+            int inputIndex = offset;
+            int err = 0;
+
+            while (err >= 0 && inputIndex < total)
+            {
+                copyInput(data, inputIndex, Math.Min(total - inputIndex, kBufferSize));
+                err = inflate(ref _ztream, (int)FlushTypes.None);
+                if (err == 0)
+                    while (_ztream.avail_out == 0)
+                    {
+                        OnDataAvailable();
+                        err = inflate(ref _ztream, (int)FlushTypes.None);
+                    }
+
+                inputIndex += (int)_ztream.total_in;
+            }
+            setChecksum( _ztream.adler );
+        }
+
+
+        /// <summary>
+        /// Finishes up any pending data that needs to be processed and handled.
+        /// </summary>
+        public override void Finish()
+        {
+            int err;
+            do
+            {
+                err = inflate(ref _ztream, (int)FlushTypes.Finish);
+                OnDataAvailable();
+            }
+            while (err == 0);
+            setChecksum( _ztream.adler );
+            inflateReset(ref _ztream);
+            resetOutput();
+        }
+
+        /// <summary>
+        /// Closes the internal zlib inflate stream
+        /// </summary>
+        protected override void CleanUp() { inflateEnd(ref _ztream); }
+
+
+	}
+}
diff --git a/zlib-1.3.1/contrib/dotzlib/DotZLib/UnitTests.cs b/zlib-1.3.1/contrib/dotzlib/DotZLib/UnitTests.cs
new file mode 100644
index 00000000..d4f09802
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/DotZLib/UnitTests.cs
@@ -0,0 +1,274 @@
+//
+// © Copyright Henrik Ravn 2004
+//
+// Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+// (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+using System;
+using System.Collections;
+using System.IO;
+
+// uncomment the define below to include unit tests
+//#define nunit
+#if nunit
+using NUnit.Framework;
+
+// Unit tests for the DotZLib class library
+// ----------------------------------------
+//
+// Use this with NUnit 2 from http://www.nunit.org
+//
+
+namespace DotZLibTests
+{
+    using DotZLib;
+
+    // helper methods
+    internal class Utils
+    {
+        public static bool byteArrEqual( byte[] lhs, byte[] rhs )
+        {
+            if (lhs.Length != rhs.Length)
+                return false;
+            for (int i = lhs.Length-1; i >= 0; --i)
+                if (lhs[i] != rhs[i])
+                    return false;
+            return true;
+        }
+
+    }
+
+
+    [TestFixture]
+    public class CircBufferTests
+    {
+        #region Circular buffer tests
+        [Test]
+        public void SinglePutGet()
+        {
+            CircularBuffer buf = new CircularBuffer(10);
+            Assert.AreEqual( 0, buf.Size );
+            Assert.AreEqual( -1, buf.Get() );
+
+            Assert.IsTrue(buf.Put( 1 ));
+            Assert.AreEqual( 1, buf.Size );
+            Assert.AreEqual( 1, buf.Get() );
+            Assert.AreEqual( 0, buf.Size );
+            Assert.AreEqual( -1, buf.Get() );
+        }
+
+        [Test]
+        public void BlockPutGet()
+        {
+            CircularBuffer buf = new CircularBuffer(10);
+            byte[] arr = {1,2,3,4,5,6,7,8,9,10};
+            Assert.AreEqual( 10, buf.Put(arr,0,10) );
+            Assert.AreEqual( 10, buf.Size );
+            Assert.IsFalse( buf.Put(11) );
+            Assert.AreEqual( 1, buf.Get() );
+            Assert.IsTrue( buf.Put(11) );
+
+            byte[] arr2 = (byte[])arr.Clone();
+            Assert.AreEqual( 9, buf.Get(arr2,1,9) );
+            Assert.IsTrue( Utils.byteArrEqual(arr,arr2) );
+        }
+
+        #endregion
+    }
+
+    [TestFixture]
+    public class ChecksumTests
+    {
+        #region CRC32 Tests
+        [Test]
+        public void CRC32_Null()
+        {
+            CRC32Checksum crc32 = new CRC32Checksum();
+            Assert.AreEqual( 0, crc32.Value );
+
+            crc32 = new CRC32Checksum(1);
+            Assert.AreEqual( 1, crc32.Value );
+
+            crc32 = new CRC32Checksum(556);
+            Assert.AreEqual( 556, crc32.Value );
+        }
+
+        [Test]
+        public void CRC32_Data()
+        {
+            CRC32Checksum crc32 = new CRC32Checksum();
+            byte[] data = { 1,2,3,4,5,6,7 };
+            crc32.Update(data);
+            Assert.AreEqual( 0x70e46888, crc32.Value  );
+
+            crc32 = new CRC32Checksum();
+            crc32.Update("penguin");
+            Assert.AreEqual( 0x0e5c1a120, crc32.Value );
+
+            crc32 = new CRC32Checksum(1);
+            crc32.Update("penguin");
+            Assert.AreEqual(0x43b6aa94, crc32.Value);
+
+        }
+        #endregion
+
+        #region Adler tests
+
+        [Test]
+        public void Adler_Null()
+        {
+            AdlerChecksum adler = new AdlerChecksum();
+            Assert.AreEqual(0, adler.Value);
+
+            adler = new AdlerChecksum(1);
+            Assert.AreEqual( 1, adler.Value );
+
+            adler = new AdlerChecksum(556);
+            Assert.AreEqual( 556, adler.Value );
+        }
+
+        [Test]
+        public void Adler_Data()
+        {
+            AdlerChecksum adler = new AdlerChecksum(1);
+            byte[] data = { 1,2,3,4,5,6,7 };
+            adler.Update(data);
+            Assert.AreEqual( 0x5b001d, adler.Value  );
+
+            adler = new AdlerChecksum();
+            adler.Update("penguin");
+            Assert.AreEqual(0x0bcf02f6, adler.Value );
+
+            adler = new AdlerChecksum(1);
+            adler.Update("penguin");
+            Assert.AreEqual(0x0bd602f7, adler.Value);
+
+        }
+        #endregion
+    }
+
+    [TestFixture]
+    public class InfoTests
+    {
+        #region Info tests
+        [Test]
+        public void Info_Version()
+        {
+            Info info = new Info();
+            Assert.AreEqual("1.3.1", Info.Version);
+            Assert.AreEqual(32, info.SizeOfUInt);
+            Assert.AreEqual(32, info.SizeOfULong);
+            Assert.AreEqual(32, info.SizeOfPointer);
+            Assert.AreEqual(32, info.SizeOfOffset);
+        }
+        #endregion
+    }
+
+    [TestFixture]
+    public class DeflateInflateTests
+    {
+        #region Deflate tests
+        [Test]
+        public void Deflate_Init()
+        {
+            using (Deflater def = new Deflater(CompressLevel.Default))
+            {
+            }
+        }
+
+        private ArrayList compressedData = new ArrayList();
+        private uint adler1;
+
+        private ArrayList uncompressedData = new ArrayList();
+        private uint adler2;
+
+        public void CDataAvail(byte[] data, int startIndex, int count)
+        {
+            for (int i = 0; i < count; ++i)
+                compressedData.Add(data[i+startIndex]);
+        }
+
+        [Test]
+        public void Deflate_Compress()
+        {
+            compressedData.Clear();
+
+            byte[] testData = new byte[35000];
+            for (int i = 0; i < testData.Length; ++i)
+                testData[i] = 5;
+
+            using (Deflater def = new Deflater((CompressLevel)5))
+            {
+                def.DataAvailable += new DataAvailableHandler(CDataAvail);
+                def.Add(testData);
+                def.Finish();
+                adler1 = def.Checksum;
+            }
+        }
+        #endregion
+
+        #region Inflate tests
+        [Test]
+        public void Inflate_Init()
+        {
+            using (Inflater inf = new Inflater())
+            {
+            }
+        }
+
+        private void DDataAvail(byte[] data, int startIndex, int count)
+        {
+            for (int i = 0; i < count; ++i)
+                uncompressedData.Add(data[i+startIndex]);
+        }
+
+        [Test]
+        public void Inflate_Expand()
+        {
+            uncompressedData.Clear();
+
+            using (Inflater inf = new Inflater())
+            {
+                inf.DataAvailable += new DataAvailableHandler(DDataAvail);
+                inf.Add((byte[])compressedData.ToArray(typeof(byte)));
+                inf.Finish();
+                adler2 = inf.Checksum;
+            }
+            Assert.AreEqual( adler1, adler2 );
+        }
+        #endregion
+    }
+
+    [TestFixture]
+    public class GZipStreamTests
+    {
+        #region GZipStream test
+        [Test]
+        public void GZipStream_WriteRead()
+        {
+            using (GZipStream gzOut = new GZipStream("gzstream.gz", CompressLevel.Best))
+            {
+                BinaryWriter writer = new BinaryWriter(gzOut);
+                writer.Write("hi there");
+                writer.Write(Math.PI);
+                writer.Write(42);
+            }
+
+            using (GZipStream gzIn = new GZipStream("gzstream.gz"))
+            {
+                BinaryReader reader = new BinaryReader(gzIn);
+                string s = reader.ReadString();
+                Assert.AreEqual("hi there",s);
+                double d = reader.ReadDouble();
+                Assert.AreEqual(Math.PI, d);
+                int i = reader.ReadInt32();
+                Assert.AreEqual(42,i);
+            }
+
+        }
+        #endregion
+	}
+}
+
+#endif
diff --git a/zlib-1.3.1/contrib/dotzlib/LICENSE_1_0.txt b/zlib-1.3.1/contrib/dotzlib/LICENSE_1_0.txt
new file mode 100644
index 00000000..30aac2cf
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/LICENSE_1_0.txt
@@ -0,0 +1,23 @@
+Boost Software License - Version 1.0 - August 17th, 2003
+
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/dotzlib/readme.txt b/zlib-1.3.1/contrib/dotzlib/readme.txt
new file mode 100644
index 00000000..47454fce
--- /dev/null
+++ b/zlib-1.3.1/contrib/dotzlib/readme.txt
@@ -0,0 +1,58 @@
+This directory contains a .Net wrapper class library for the ZLib1.dll
+
+The wrapper includes support for inflating/deflating memory buffers,
+.Net streaming wrappers for the gz streams part of zlib, and wrappers
+for the checksum parts of zlib. See DotZLib/UnitTests.cs for examples.
+
+Directory structure:
+--------------------
+
+LICENSE_1_0.txt       - License file.
+readme.txt            - This file.
+DotZLib.chm           - Class library documentation
+DotZLib.build         - NAnt build file
+DotZLib.sln           - Microsoft Visual Studio 2003 solution file
+
+DotZLib\*.cs          - Source files for the class library
+
+Unit tests:
+-----------
+The file DotZLib/UnitTests.cs contains unit tests for use with NUnit 2.1 or higher.
+To include unit tests in the build, define nunit before building.
+
+
+Build instructions:
+-------------------
+
+1. Using Visual Studio.Net 2003:
+   Open DotZLib.sln in VS.Net and build from there. Output file (DotZLib.dll)
+   will be found ./DotZLib/bin/release or ./DotZLib/bin/debug, depending on
+   you are building the release or debug version of the library. Check
+   DotZLib/UnitTests.cs for instructions on how to include unit tests in the
+   build.
+
+2. Using NAnt:
+   Open a command prompt with access to the build environment and run nant
+   in the same directory as the DotZLib.build file.
+   You can define 2 properties on the nant command-line to control the build:
+   debug={true|false} to toggle between release/debug builds (default=true).
+   nunit={true|false} to include or exclude unit tests (default=true).
+   Also the target clean will remove binaries.
+   Output file (DotZLib.dll) will be found in either ./DotZLib/bin/release
+   or ./DotZLib/bin/debug, depending on whether you are building the release
+   or debug version of the library.
+
+   Examples:
+     nant -D:debug=false -D:nunit=false
+       will build a release mode version of the library without unit tests.
+     nant
+       will build a debug version of the library with unit tests
+     nant clean
+       will remove all previously built files.
+
+
+---------------------------------
+Copyright (c) Henrik Ravn 2004
+
+Use, modification and distribution are subject to the Boost Software License, Version 1.0.
+(See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
diff --git a/zlib-1.3.1/contrib/gcc_gvmat64/gvmat64.S b/zlib-1.3.1/contrib/gcc_gvmat64/gvmat64.S
new file mode 100644
index 00000000..dd858ddb
--- /dev/null
+++ b/zlib-1.3.1/contrib/gcc_gvmat64/gvmat64.S
@@ -0,0 +1,574 @@
+/*
+;uInt longest_match_x64(
+;    deflate_state *s,
+;    IPos cur_match);                             // current match 
+
+; gvmat64.S -- Asm portion of the optimized longest_match for 32 bits x86_64
+;  (AMD64 on Athlon 64, Opteron, Phenom
+;     and Intel EM64T on Pentium 4 with EM64T, Pentium D, Core 2 Duo, Core I5/I7)
+; this file is translation from gvmat64.asm to GCC 4.x (for Linux, Mac XCode)
+; Copyright (C) 1995-2010 Jean-loup Gailly, Brian Raiter and Gilles Vollant.
+;
+; File written by Gilles Vollant, by converting to assembly the longest_match
+;  from Jean-loup Gailly in deflate.c of zLib and infoZip zip.
+;  and by taking inspiration on asm686 with masm, optimised assembly code
+;        from Brian Raiter, written 1998
+;
+;  This software is provided 'as-is', without any express or implied
+;  warranty.  In no event will the authors be held liable for any damages
+;  arising from the use of this software.
+;
+;  Permission is granted to anyone to use this software for any purpose,
+;  including commercial applications, and to alter it and redistribute it
+;  freely, subject to the following restrictions:
+;
+;  1. The origin of this software must not be misrepresented; you must not
+;     claim that you wrote the original software. If you use this software
+;     in a product, an acknowledgment in the product documentation would be
+;     appreciated but is not required.
+;  2. Altered source versions must be plainly marked as such, and must not be
+;     misrepresented as being the original software
+;  3. This notice may not be removed or altered from any source distribution.
+;
+;         http://www.zlib.net
+;         http://www.winimage.com/zLibDll
+;         http://www.muppetlabs.com/~breadbox/software/assembly.html
+;
+; to compile this file for zLib, I use option:
+;   gcc -c -arch x86_64 gvmat64.S
+
+
+;uInt longest_match(s, cur_match)
+;    deflate_state *s;
+;    IPos cur_match;                             // current match /
+;
+; with XCode for Mac, I had strange error with some jump on intel syntax
+; this is why BEFORE_JMP and AFTER_JMP are used
+ */
+
+
+#define BEFORE_JMP .att_syntax
+#define AFTER_JMP .intel_syntax noprefix
+
+#ifndef NO_UNDERLINE
+#	define	match_init	_match_init
+#	define	longest_match	_longest_match
+#endif
+
+.intel_syntax noprefix
+
+.globl	match_init, longest_match
+.text
+longest_match:
+
+
+
+#define LocalVarsSize 96
+/*
+; register used : rax,rbx,rcx,rdx,rsi,rdi,r8,r9,r10,r11,r12
+; free register :  r14,r15
+; register can be saved : rsp
+*/
+
+#define chainlenwmask     (rsp + 8 - LocalVarsSize)
+#define nicematch         (rsp + 16 - LocalVarsSize)
+
+#define save_rdi        (rsp + 24 - LocalVarsSize)
+#define save_rsi        (rsp + 32 - LocalVarsSize)
+#define save_rbx        (rsp + 40 - LocalVarsSize)
+#define save_rbp        (rsp + 48 - LocalVarsSize)
+#define save_r12        (rsp + 56 - LocalVarsSize)
+#define save_r13        (rsp + 64 - LocalVarsSize)
+#define save_r14        (rsp + 72 - LocalVarsSize)
+#define save_r15        (rsp + 80 - LocalVarsSize)
+
+
+/*
+;  all the +4 offsets are due to the addition of pending_buf_size (in zlib
+;  in the deflate_state structure since the asm code was first written
+;  (if you compile with zlib 1.0.4 or older, remove the +4).
+;  Note : these value are good with a 8 bytes boundary pack structure
+*/
+
+#define    MAX_MATCH              258
+#define    MIN_MATCH              3
+#define    MIN_LOOKAHEAD          (MAX_MATCH+MIN_MATCH+1)
+
+/*
+;;; Offsets for fields in the deflate_state structure. These numbers
+;;; are calculated from the definition of deflate_state, with the
+;;; assumption that the compiler will dword-align the fields. (Thus,
+;;; changing the definition of deflate_state could easily cause this
+;;; program to crash horribly, without so much as a warning at
+;;; compile time. Sigh.)
+
+;  all the +zlib1222add offsets are due to the addition of fields
+;  in zlib in the deflate_state structure since the asm code was first written
+;  (if you compile with zlib 1.0.4 or older, use "zlib1222add equ (-4)").
+;  (if you compile with zlib between 1.0.5 and 1.2.2.1, use "zlib1222add equ 0").
+;  if you compile with zlib 1.2.2.2 or later , use "zlib1222add equ 8").
+*/
+
+
+
+/* you can check the structure offset by running
+
+#include <stdlib.h>
+#include <stdio.h>
+#include "deflate.h"
+
+void print_depl()
+{
+deflate_state ds;
+deflate_state *s=&ds;
+printf("size pointer=%u\n",(int)sizeof(void*));
+
+printf("#define dsWSize         %u\n",(int)(((char*)&(s->w_size))-((char*)s)));
+printf("#define dsWMask         %u\n",(int)(((char*)&(s->w_mask))-((char*)s)));
+printf("#define dsWindow        %u\n",(int)(((char*)&(s->window))-((char*)s)));
+printf("#define dsPrev          %u\n",(int)(((char*)&(s->prev))-((char*)s)));
+printf("#define dsMatchLen      %u\n",(int)(((char*)&(s->match_length))-((char*)s)));
+printf("#define dsPrevMatch     %u\n",(int)(((char*)&(s->prev_match))-((char*)s)));
+printf("#define dsStrStart      %u\n",(int)(((char*)&(s->strstart))-((char*)s)));
+printf("#define dsMatchStart    %u\n",(int)(((char*)&(s->match_start))-((char*)s)));
+printf("#define dsLookahead     %u\n",(int)(((char*)&(s->lookahead))-((char*)s)));
+printf("#define dsPrevLen       %u\n",(int)(((char*)&(s->prev_length))-((char*)s)));
+printf("#define dsMaxChainLen   %u\n",(int)(((char*)&(s->max_chain_length))-((char*)s)));
+printf("#define dsGoodMatch     %u\n",(int)(((char*)&(s->good_match))-((char*)s)));
+printf("#define dsNiceMatch     %u\n",(int)(((char*)&(s->nice_match))-((char*)s)));
+}
+*/
+
+#define dsWSize          68
+#define dsWMask          76
+#define dsWindow         80
+#define dsPrev           96
+#define dsMatchLen       144
+#define dsPrevMatch      148
+#define dsStrStart       156
+#define dsMatchStart     160
+#define dsLookahead      164
+#define dsPrevLen        168
+#define dsMaxChainLen    172
+#define dsGoodMatch      188
+#define dsNiceMatch      192
+
+#define window_size      [ rcx + dsWSize]
+#define WMask            [ rcx + dsWMask]
+#define window_ad        [ rcx + dsWindow]
+#define prev_ad          [ rcx + dsPrev]
+#define strstart         [ rcx + dsStrStart]
+#define match_start      [ rcx + dsMatchStart]
+#define Lookahead        [ rcx + dsLookahead] //; 0ffffffffh on infozip
+#define prev_length      [ rcx + dsPrevLen]
+#define max_chain_length [ rcx + dsMaxChainLen]
+#define good_match       [ rcx + dsGoodMatch]
+#define nice_match       [ rcx + dsNiceMatch]
+
+/*
+; windows:
+; parameter 1 in rcx(deflate state s), param 2 in rdx (cur match)
+
+; see http://weblogs.asp.net/oldnewthing/archive/2004/01/14/58579.aspx and
+; http://msdn.microsoft.com/library/en-us/kmarch/hh/kmarch/64bitAMD_8e951dd2-ee77-4728-8702-55ce4b5dd24a.xml.asp
+;
+; All registers must be preserved across the call, except for
+;   rax, rcx, rdx, r8, r9, r10, and r11, which are scratch.
+
+;
+; gcc on macosx-linux:
+; see http://www.x86-64.org/documentation/abi-0.99.pdf
+; param 1 in rdi, param 2 in rsi
+; rbx, rsp, rbp, r12 to r15 must be preserved
+
+;;; Save registers that the compiler may be using, and adjust esp to
+;;; make room for our stack frame.
+
+
+;;; Retrieve the function arguments. r8d will hold cur_match
+;;; throughout the entire function. edx will hold the pointer to the
+;;; deflate_state structure during the function's setup (before
+;;; entering the main loop.
+
+; ms: parameter 1 in rcx (deflate_state* s), param 2 in edx -> r8 (cur match)
+; mac: param 1 in rdi, param 2 rsi
+; this clear high 32 bits of r8, which can be garbage in both r8 and rdx
+*/
+        mov [save_rbx],rbx
+        mov [save_rbp],rbp
+
+
+        mov rcx,rdi
+
+        mov r8d,esi
+
+
+        mov [save_r12],r12
+        mov [save_r13],r13
+        mov [save_r14],r14
+        mov [save_r15],r15
+
+
+//;;; uInt wmask = s->w_mask;
+//;;; unsigned chain_length = s->max_chain_length;
+//;;; if (s->prev_length >= s->good_match) {
+//;;;     chain_length >>= 2;
+//;;; }
+
+
+        mov edi, prev_length
+        mov esi, good_match
+        mov eax, WMask
+        mov ebx, max_chain_length
+        cmp edi, esi
+        jl  LastMatchGood
+        shr ebx, 2
+LastMatchGood:
+
+//;;; chainlen is decremented once beforehand so that the function can
+//;;; use the sign flag instead of the zero flag for the exit test.
+//;;; It is then shifted into the high word, to make room for the wmask
+//;;; value, which it will always accompany.
+
+        dec ebx
+        shl ebx, 16
+        or  ebx, eax
+
+//;;; on zlib only
+//;;; if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
+
+
+
+        mov eax, nice_match
+        mov [chainlenwmask], ebx
+        mov r10d, Lookahead
+        cmp r10d, eax
+        cmovnl r10d, eax
+        mov [nicematch],r10d
+
+
+
+//;;; register Bytef *scan = s->window + s->strstart;
+        mov r10, window_ad
+        mov ebp, strstart
+        lea r13, [r10 + rbp]
+
+//;;; Determine how many bytes the scan ptr is off from being
+//;;; dword-aligned.
+
+         mov r9,r13
+         neg r13
+         and r13,3
+
+//;;; IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
+//;;;     s->strstart - (IPos)MAX_DIST(s) : NIL;
+
+
+        mov eax, window_size
+        sub eax, MIN_LOOKAHEAD
+
+
+        xor edi,edi
+        sub ebp, eax
+
+        mov r11d, prev_length
+
+        cmovng ebp,edi
+
+//;;; int best_len = s->prev_length;
+
+
+//;;; Store the sum of s->window + best_len in esi locally, and in esi.
+
+       lea  rsi,[r10+r11]
+
+//;;; register ush scan_start = *(ushf*)scan;
+//;;; register ush scan_end   = *(ushf*)(scan+best_len-1);
+//;;; Posf *prev = s->prev;
+
+        movzx r12d,word ptr [r9]
+        movzx ebx, word ptr [r9 + r11 - 1]
+
+        mov rdi, prev_ad
+
+//;;; Jump into the main loop.
+
+        mov edx, [chainlenwmask]
+
+        cmp bx,word ptr [rsi + r8 - 1]
+        jz  LookupLoopIsZero
+				
+						
+						
+LookupLoop1:
+        and r8d, edx
+
+        movzx   r8d, word ptr [rdi + r8*2]
+        cmp r8d, ebp
+        jbe LeaveNow
+		
+		
+		
+        sub edx, 0x00010000
+		BEFORE_JMP
+        js  LeaveNow
+		AFTER_JMP
+
+LoopEntry1:
+        cmp bx,word ptr [rsi + r8 - 1]
+		BEFORE_JMP
+        jz  LookupLoopIsZero
+		AFTER_JMP
+
+LookupLoop2:
+        and r8d, edx
+
+        movzx   r8d, word ptr [rdi + r8*2]
+        cmp r8d, ebp
+		BEFORE_JMP
+        jbe LeaveNow
+		AFTER_JMP
+        sub edx, 0x00010000
+		BEFORE_JMP
+        js  LeaveNow
+		AFTER_JMP
+
+LoopEntry2:
+        cmp bx,word ptr [rsi + r8 - 1]
+		BEFORE_JMP
+        jz  LookupLoopIsZero
+		AFTER_JMP
+
+LookupLoop4:
+        and r8d, edx
+
+        movzx   r8d, word ptr [rdi + r8*2]
+        cmp r8d, ebp
+		BEFORE_JMP
+        jbe LeaveNow
+		AFTER_JMP
+        sub edx, 0x00010000
+		BEFORE_JMP
+        js  LeaveNow
+		AFTER_JMP
+
+LoopEntry4:
+
+        cmp bx,word ptr [rsi + r8 - 1]
+		BEFORE_JMP
+        jnz LookupLoop1
+        jmp LookupLoopIsZero
+		AFTER_JMP
+/*
+;;; do {
+;;;     match = s->window + cur_match;
+;;;     if (*(ushf*)(match+best_len-1) != scan_end ||
+;;;         *(ushf*)match != scan_start) continue;
+;;;     [...]
+;;; } while ((cur_match = prev[cur_match & wmask]) > limit
+;;;          && --chain_length != 0);
+;;;
+;;; Here is the inner loop of the function. The function will spend the
+;;; majority of its time in this loop, and majority of that time will
+;;; be spent in the first ten instructions.
+;;;
+;;; Within this loop:
+;;; ebx = scanend
+;;; r8d = curmatch
+;;; edx = chainlenwmask - i.e., ((chainlen << 16) | wmask)
+;;; esi = windowbestlen - i.e., (window + bestlen)
+;;; edi = prev
+;;; ebp = limit
+*/
+.balign 16
+LookupLoop:
+        and r8d, edx
+
+        movzx   r8d, word ptr [rdi + r8*2]
+        cmp r8d, ebp
+		BEFORE_JMP
+        jbe LeaveNow
+		AFTER_JMP
+        sub edx, 0x00010000
+		BEFORE_JMP
+        js  LeaveNow
+		AFTER_JMP
+
+LoopEntry:
+
+        cmp bx,word ptr [rsi + r8 - 1]
+		BEFORE_JMP
+        jnz LookupLoop1
+		AFTER_JMP
+LookupLoopIsZero:
+        cmp     r12w, word ptr [r10 + r8]
+		BEFORE_JMP
+        jnz LookupLoop1
+		AFTER_JMP
+
+
+//;;; Store the current value of chainlen.
+        mov [chainlenwmask], edx
+/*
+;;; Point edi to the string under scrutiny, and esi to the string we
+;;; are hoping to match it up with. In actuality, esi and edi are
+;;; both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and edx is
+;;; initialized to -(MAX_MATCH_8 - scanalign).
+*/
+        lea rsi,[r8+r10]
+        mov rdx, 0xfffffffffffffef8 //; -(MAX_MATCH_8)
+        lea rsi, [rsi + r13 + 0x0108] //;MAX_MATCH_8]
+        lea rdi, [r9 + r13 + 0x0108] //;MAX_MATCH_8]
+
+        prefetcht1 [rsi+rdx]
+        prefetcht1 [rdi+rdx]
+
+/*
+;;; Test the strings for equality, 8 bytes at a time. At the end,
+;;; adjust rdx so that it is offset to the exact byte that mismatched.
+;;;
+;;; We already know at this point that the first three bytes of the
+;;; strings match each other, and they can be safely passed over before
+;;; starting the compare loop. So what this code does is skip over 0-3
+;;; bytes, as much as necessary in order to dword-align the edi
+;;; pointer. (rsi will still be misaligned three times out of four.)
+;;;
+;;; It should be confessed that this loop usually does not represent
+;;; much of the total running time. Replacing it with a more
+;;; straightforward "rep cmpsb" would not drastically degrade
+;;; performance.
+*/
+
+LoopCmps:
+        mov rax, [rsi + rdx]
+        xor rax, [rdi + rdx]
+        jnz LeaveLoopCmps
+
+        mov rax, [rsi + rdx + 8]
+        xor rax, [rdi + rdx + 8]
+        jnz LeaveLoopCmps8
+
+
+        mov rax, [rsi + rdx + 8+8]
+        xor rax, [rdi + rdx + 8+8]
+        jnz LeaveLoopCmps16
+
+        add rdx,8+8+8
+
+		BEFORE_JMP
+        jnz  LoopCmps
+        jmp  LenMaximum
+		AFTER_JMP
+		
+LeaveLoopCmps16: add rdx,8
+LeaveLoopCmps8: add rdx,8
+LeaveLoopCmps:
+
+        test    eax, 0x0000FFFF
+        jnz LenLower
+
+        test eax,0xffffffff
+
+        jnz LenLower32
+
+        add rdx,4
+        shr rax,32
+        or ax,ax
+		BEFORE_JMP
+        jnz LenLower
+		AFTER_JMP
+
+LenLower32:
+        shr eax,16
+        add rdx,2
+		
+LenLower:		
+        sub al, 1
+        adc rdx, 0
+//;;; Calculate the length of the match. If it is longer than MAX_MATCH,
+//;;; then automatically accept it as the best possible match and leave.
+
+        lea rax, [rdi + rdx]
+        sub rax, r9
+        cmp eax, MAX_MATCH
+		BEFORE_JMP
+        jge LenMaximum
+		AFTER_JMP
+/*
+;;; If the length of the match is not longer than the best match we
+;;; have so far, then forget it and return to the lookup loop.
+;///////////////////////////////////
+*/
+        cmp eax, r11d
+        jg  LongerMatch
+
+        lea rsi,[r10+r11]
+
+        mov rdi, prev_ad
+        mov edx, [chainlenwmask]
+		BEFORE_JMP
+        jmp LookupLoop
+		AFTER_JMP
+/*
+;;;         s->match_start = cur_match;
+;;;         best_len = len;
+;;;         if (len >= nice_match) break;
+;;;         scan_end = *(ushf*)(scan+best_len-1);
+*/
+LongerMatch:
+        mov r11d, eax
+        mov match_start, r8d
+        cmp eax, [nicematch]
+		BEFORE_JMP
+        jge LeaveNow
+		AFTER_JMP
+
+        lea rsi,[r10+rax]
+
+        movzx   ebx, word ptr [r9 + rax - 1]
+        mov rdi, prev_ad
+        mov edx, [chainlenwmask]
+		BEFORE_JMP
+        jmp LookupLoop
+		AFTER_JMP
+
+//;;; Accept the current string, with the maximum possible length.
+
+LenMaximum:
+        mov r11d,MAX_MATCH
+        mov match_start, r8d
+
+//;;; if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
+//;;; return s->lookahead;
+
+LeaveNow:
+        mov eax, Lookahead
+        cmp r11d, eax
+        cmovng eax, r11d
+
+
+
+//;;; Restore the stack and return from whence we came.
+
+
+//        mov rsi,[save_rsi]
+//        mov rdi,[save_rdi]
+        mov rbx,[save_rbx]
+        mov rbp,[save_rbp]
+        mov r12,[save_r12]
+        mov r13,[save_r13]
+        mov r14,[save_r14]
+        mov r15,[save_r15]
+
+
+        ret 0
+//; please don't remove this string !
+//; Your can freely use gvmat64 in any free or commercial app
+//; but it is far better don't remove the string in the binary!
+ //   db     0dh,0ah,"asm686 with masm, optimised assembly code from Brian Raiter, written 1998, converted to amd 64 by Gilles Vollant 2005",0dh,0ah,0
+
+
+match_init:
+  ret 0
+
+
diff --git a/zlib-1.3.1/contrib/infback9/README b/zlib-1.3.1/contrib/infback9/README
new file mode 100644
index 00000000..e75ed132
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/README
@@ -0,0 +1 @@
+See infback9.h for what this is and how to use it.
diff --git a/zlib-1.3.1/contrib/infback9/infback9.c b/zlib-1.3.1/contrib/infback9/infback9.c
new file mode 100644
index 00000000..742a3921
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/infback9.c
@@ -0,0 +1,603 @@
+/* infback9.c -- inflate deflate64 data using a call-back interface
+ * Copyright (C) 1995-2008 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "infback9.h"
+#include "inftree9.h"
+#include "inflate9.h"
+
+#define WSIZE 65536UL
+
+/*
+   strm provides memory allocation functions in zalloc and zfree, or
+   Z_NULL to use the library memory allocation functions.
+
+   window is a user-supplied window and output buffer that is 64K bytes.
+ */
+int ZEXPORT inflateBack9Init_(z_stream FAR *strm, unsigned char FAR *window,
+                              const char *version, int stream_size) {
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL || window == Z_NULL)
+        return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+    }
+    if (strm->zfree == (free_func)0) strm->zfree = zcfree;
+    state = (struct inflate_state FAR *)ZALLOC(strm, 1,
+                                               sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (voidpf)state;
+    state->window = window;
+    return Z_OK;
+}
+
+/*
+   Build and output length and distance decoding tables for fixed code
+   decoding.
+ */
+#ifdef MAKEFIXED
+#include <stdio.h>
+
+void makefixed9(void) {
+    unsigned sym, bits, low, size;
+    code *next, *lenfix, *distfix;
+    struct inflate_state state;
+    code fixed[544];
+
+    /* literal/length table */
+    sym = 0;
+    while (sym < 144) state.lens[sym++] = 8;
+    while (sym < 256) state.lens[sym++] = 9;
+    while (sym < 280) state.lens[sym++] = 7;
+    while (sym < 288) state.lens[sym++] = 8;
+    next = fixed;
+    lenfix = next;
+    bits = 9;
+    inflate_table9(LENS, state.lens, 288, &(next), &(bits), state.work);
+
+    /* distance table */
+    sym = 0;
+    while (sym < 32) state.lens[sym++] = 5;
+    distfix = next;
+    bits = 5;
+    inflate_table9(DISTS, state.lens, 32, &(next), &(bits), state.work);
+
+    /* write tables */
+    puts("    /* inffix9.h -- table for decoding deflate64 fixed codes");
+    puts("     * Generated automatically by makefixed9().");
+    puts("     */");
+    puts("");
+    puts("    /* WARNING: this file should *not* be used by applications.");
+    puts("       It is part of the implementation of this library and is");
+    puts("       subject to change. Applications should only use zlib.h.");
+    puts("     */");
+    puts("");
+    size = 1U << 9;
+    printf("    static const code lenfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 6) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", lenfix[low].op, lenfix[low].bits,
+               lenfix[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+    size = 1U << 5;
+    printf("\n    static const code distfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 5) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", distfix[low].op, distfix[low].bits,
+               distfix[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+}
+#endif /* MAKEFIXED */
+
+/* Macros for inflateBack(): */
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Assure that some input is available.  If input is requested, but denied,
+   then return a Z_BUF_ERROR from inflateBack(). */
+#define PULL() \
+    do { \
+        if (have == 0) { \
+            have = in(in_desc, &next); \
+            if (have == 0) { \
+                next = Z_NULL; \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflateBack()
+   with an error if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        PULL(); \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflateBack() with
+   an error. */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n <= 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/* Assure that some output space is available, by writing out the window
+   if it's full.  If the write fails, return from inflateBack() with a
+   Z_BUF_ERROR. */
+#define ROOM() \
+    do { \
+        if (left == 0) { \
+            put = window; \
+            left = WSIZE; \
+            wrap = 1; \
+            if (out(out_desc, put, (unsigned)left)) { \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/*
+   strm provides the memory allocation functions and window buffer on input,
+   and provides information on the unused input on return.  For Z_DATA_ERROR
+   returns, strm will also provide an error message.
+
+   in() and out() are the call-back input and output functions.  When
+   inflateBack() needs more input, it calls in().  When inflateBack() has
+   filled the window with output, or when it completes with data in the
+   window, it calls out() to write out the data.  The application must not
+   change the provided input until in() is called again or inflateBack()
+   returns.  The application must not change the window/output buffer until
+   inflateBack() returns.
+
+   in() and out() are called with a descriptor parameter provided in the
+   inflateBack() call.  This parameter can be a structure that provides the
+   information required to do the read or write, as well as accumulated
+   information on the input and output such as totals and check values.
+
+   in() should return zero on failure.  out() should return non-zero on
+   failure.  If either in() or out() fails, than inflateBack() returns a
+   Z_BUF_ERROR.  strm->next_in can be checked for Z_NULL to see whether it
+   was in() or out() that caused in the error.  Otherwise,  inflateBack()
+   returns Z_STREAM_END on success, Z_DATA_ERROR for an deflate format
+   error, or Z_MEM_ERROR if it could not allocate memory for the state.
+   inflateBack() can also return Z_STREAM_ERROR if the input parameters
+   are not correct, i.e. strm is Z_NULL or the state was not initialized.
+ */
+int ZEXPORT inflateBack9(z_stream FAR *strm, in_func in, void FAR *in_desc,
+                         out_func out, void FAR *out_desc) {
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have;              /* available input */
+    unsigned long left;         /* available output */
+    inflate_mode mode;          /* current inflate mode */
+    int lastblock;              /* true if processing last block */
+    int wrap;                   /* true if the window has wrapped */
+    unsigned char FAR *window;  /* allocated sliding window, if needed */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned extra;             /* extra bits needed */
+    unsigned long length;       /* literal or length of data to copy */
+    unsigned long offset;       /* distance back to copy string from */
+    unsigned long copy;         /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code const FAR *lencode;    /* starting table for length/literal codes */
+    code const FAR *distcode;   /* starting table for distance codes */
+    unsigned lenbits;           /* index bits for lencode */
+    unsigned distbits;          /* index bits for distcode */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+#include "inffix9.h"
+
+    /* Check that the strm exists and that the state was initialized */
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* Reset the state */
+    strm->msg = Z_NULL;
+    mode = TYPE;
+    lastblock = 0;
+    wrap = 0;
+    window = state->window;
+    next = strm->next_in;
+    have = next != Z_NULL ? strm->avail_in : 0;
+    hold = 0;
+    bits = 0;
+    put = window;
+    left = WSIZE;
+    lencode = Z_NULL;
+    distcode = Z_NULL;
+
+    /* Inflate until end of block marked as last */
+    for (;;)
+        switch (mode) {
+        case TYPE:
+            /* determine and dispatch block type */
+            if (lastblock) {
+                BYTEBITS();
+                mode = DONE;
+                break;
+            }
+            NEEDBITS(3);
+            lastblock = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        lastblock ? " (last)" : ""));
+                mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                lencode = lenfix;
+                lenbits = 9;
+                distcode = distfix;
+                distbits = 5;
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        lastblock ? " (last)" : ""));
+                mode = LEN;                     /* decode codes */
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        lastblock ? " (last)" : ""));
+                mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+
+        case STORED:
+            /* get and verify stored block length */
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                mode = BAD;
+                break;
+            }
+            length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %lu\n",
+                    length));
+            INITBITS();
+
+            /* copy stored block from input to output */
+            while (length != 0) {
+                copy = length;
+                PULL();
+                ROOM();
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                length -= copy;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            mode = TYPE;
+            break;
+
+        case TABLE:
+            /* get dynamic table entries descriptor */
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+            if (state->nlen > 286) {
+                strm->msg = (char *)"too many length symbols";
+                mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+
+            /* get code length code lengths (not a typo) */
+            state->have = 0;
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            lencode = (code const FAR *)(state->next);
+            lenbits = 7;
+            ret = inflate_table9(CODES, state->lens, 19, &(state->next),
+                                &(lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+
+            /* get length and distance code code lengths */
+            state->have = 0;
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = lencode[BITS(lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    NEEDBITS(here.bits);
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            mode = BAD;
+                            break;
+                        }
+                        len = (unsigned)(state->lens[state->have - 1]);
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftree9.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            lencode = (code const FAR *)(state->next);
+            lenbits = 9;
+            ret = inflate_table9(LENS, state->lens, state->nlen,
+                            &(state->next), &(lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                mode = BAD;
+                break;
+            }
+            distcode = (code const FAR *)(state->next);
+            distbits = 6;
+            ret = inflate_table9(DISTS, state->lens + state->nlen,
+                            state->ndist, &(state->next), &(distbits),
+                            state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            mode = LEN;
+
+        case LEN:
+            /* get a literal, length, or end-of-block code */
+            for (;;) {
+                here = lencode[BITS(lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            length = (unsigned)here.val;
+
+            /* process literal */
+            if (here.op == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                ROOM();
+                *put++ = (unsigned char)(length);
+                left--;
+                mode = LEN;
+                break;
+            }
+
+            /* process end of block */
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                mode = TYPE;
+                break;
+            }
+
+            /* invalid code */
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                mode = BAD;
+                break;
+            }
+
+            /* length code -- get extra bits, if any */
+            extra = (unsigned)(here.op) & 31;
+            if (extra != 0) {
+                NEEDBITS(extra);
+                length += BITS(extra);
+                DROPBITS(extra);
+            }
+            Tracevv((stderr, "inflate:         length %lu\n", length));
+
+            /* get distance code */
+            for (;;) {
+                here = distcode[BITS(distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                mode = BAD;
+                break;
+            }
+            offset = (unsigned)here.val;
+
+            /* get distance extra bits, if any */
+            extra = (unsigned)(here.op) & 15;
+            if (extra != 0) {
+                NEEDBITS(extra);
+                offset += BITS(extra);
+                DROPBITS(extra);
+            }
+            if (offset > WSIZE - (wrap ? 0: left)) {
+                strm->msg = (char *)"invalid distance too far back";
+                mode = BAD;
+                break;
+            }
+            Tracevv((stderr, "inflate:         distance %lu\n", offset));
+
+            /* copy match from window to output */
+            do {
+                ROOM();
+                copy = WSIZE - offset;
+                if (copy < left) {
+                    from = put + copy;
+                    copy = left - copy;
+                }
+                else {
+                    from = put - offset;
+                    copy = left;
+                }
+                if (copy > length) copy = length;
+                length -= copy;
+                left -= copy;
+                do {
+                    *put++ = *from++;
+                } while (--copy);
+            } while (length != 0);
+            break;
+
+        case DONE:
+            /* inflate stream terminated properly -- write leftover output */
+            ret = Z_STREAM_END;
+            if (left < WSIZE) {
+                if (out(out_desc, window, (unsigned)(WSIZE - left)))
+                    ret = Z_BUF_ERROR;
+            }
+            goto inf_leave;
+
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+
+        default:                /* can't happen, but makes compilers happy */
+            ret = Z_STREAM_ERROR;
+            goto inf_leave;
+        }
+
+    /* Return unused input */
+  inf_leave:
+    strm->next_in = next;
+    strm->avail_in = have;
+    return ret;
+}
+
+int ZEXPORT inflateBack9End(z_stream FAR *strm) {
+    if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0)
+        return Z_STREAM_ERROR;
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
diff --git a/zlib-1.3.1/contrib/infback9/infback9.h b/zlib-1.3.1/contrib/infback9/infback9.h
new file mode 100644
index 00000000..8371b4ec
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/infback9.h
@@ -0,0 +1,37 @@
+/* infback9.h -- header for using inflateBack9 functions
+ * Copyright (C) 2003 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * This header file and associated patches provide a decoder for PKWare's
+ * undocumented deflate64 compression method (method 9).  Use with infback9.c,
+ * inftree9.h, inftree9.c, and inffix9.h.  These patches are not supported.
+ * This should be compiled with zlib, since it uses zutil.h and zutil.o.
+ * This code has not yet been tested on 16-bit architectures.  See the
+ * comments in zlib.h for inflateBack() usage.  These functions are used
+ * identically, except that there is no windowBits parameter, and a 64K
+ * window must be provided.  Also if int's are 16 bits, then a zero for
+ * the third parameter of the "out" function actually means 65536UL.
+ * zlib.h must be included before this header file.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ZEXTERN int ZEXPORT inflateBack9(z_stream FAR *strm,
+                                 in_func in, void FAR *in_desc,
+                                 out_func out, void FAR *out_desc);
+ZEXTERN int ZEXPORT inflateBack9End(z_stream FAR *strm);
+ZEXTERN int ZEXPORT inflateBack9Init_(z_stream FAR *strm,
+                                      unsigned char FAR *window,
+                                      const char *version,
+                                      int stream_size);
+#define inflateBack9Init(strm, window) \
+        inflateBack9Init_((strm), (window), \
+        ZLIB_VERSION, sizeof(z_stream))
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/zlib-1.3.1/contrib/infback9/inffix9.h b/zlib-1.3.1/contrib/infback9/inffix9.h
new file mode 100644
index 00000000..ee5671d2
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/inffix9.h
@@ -0,0 +1,107 @@
+    /* inffix9.h -- table for decoding deflate64 fixed codes
+     * Generated automatically by makefixed9().
+     */
+
+    /* WARNING: this file should *not* be used by applications.
+       It is part of the implementation of this library and is
+       subject to change. Applications should only use zlib.h.
+     */
+
+    static const code lenfix[512] = {
+        {96,7,0},{0,8,80},{0,8,16},{132,8,115},{130,7,31},{0,8,112},
+        {0,8,48},{0,9,192},{128,7,10},{0,8,96},{0,8,32},{0,9,160},
+        {0,8,0},{0,8,128},{0,8,64},{0,9,224},{128,7,6},{0,8,88},
+        {0,8,24},{0,9,144},{131,7,59},{0,8,120},{0,8,56},{0,9,208},
+        {129,7,17},{0,8,104},{0,8,40},{0,9,176},{0,8,8},{0,8,136},
+        {0,8,72},{0,9,240},{128,7,4},{0,8,84},{0,8,20},{133,8,227},
+        {131,7,43},{0,8,116},{0,8,52},{0,9,200},{129,7,13},{0,8,100},
+        {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},
+        {128,7,8},{0,8,92},{0,8,28},{0,9,152},{132,7,83},{0,8,124},
+        {0,8,60},{0,9,216},{130,7,23},{0,8,108},{0,8,44},{0,9,184},
+        {0,8,12},{0,8,140},{0,8,76},{0,9,248},{128,7,3},{0,8,82},
+        {0,8,18},{133,8,163},{131,7,35},{0,8,114},{0,8,50},{0,9,196},
+        {129,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2},{0,8,130},
+        {0,8,66},{0,9,228},{128,7,7},{0,8,90},{0,8,26},{0,9,148},
+        {132,7,67},{0,8,122},{0,8,58},{0,9,212},{130,7,19},{0,8,106},
+        {0,8,42},{0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},
+        {128,7,5},{0,8,86},{0,8,22},{65,8,0},{131,7,51},{0,8,118},
+        {0,8,54},{0,9,204},{129,7,15},{0,8,102},{0,8,38},{0,9,172},
+        {0,8,6},{0,8,134},{0,8,70},{0,9,236},{128,7,9},{0,8,94},
+        {0,8,30},{0,9,156},{132,7,99},{0,8,126},{0,8,62},{0,9,220},
+        {130,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142},
+        {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{133,8,131},
+        {130,7,31},{0,8,113},{0,8,49},{0,9,194},{128,7,10},{0,8,97},
+        {0,8,33},{0,9,162},{0,8,1},{0,8,129},{0,8,65},{0,9,226},
+        {128,7,6},{0,8,89},{0,8,25},{0,9,146},{131,7,59},{0,8,121},
+        {0,8,57},{0,9,210},{129,7,17},{0,8,105},{0,8,41},{0,9,178},
+        {0,8,9},{0,8,137},{0,8,73},{0,9,242},{128,7,4},{0,8,85},
+        {0,8,21},{144,8,3},{131,7,43},{0,8,117},{0,8,53},{0,9,202},
+        {129,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},
+        {0,8,69},{0,9,234},{128,7,8},{0,8,93},{0,8,29},{0,9,154},
+        {132,7,83},{0,8,125},{0,8,61},{0,9,218},{130,7,23},{0,8,109},
+        {0,8,45},{0,9,186},{0,8,13},{0,8,141},{0,8,77},{0,9,250},
+        {128,7,3},{0,8,83},{0,8,19},{133,8,195},{131,7,35},{0,8,115},
+        {0,8,51},{0,9,198},{129,7,11},{0,8,99},{0,8,35},{0,9,166},
+        {0,8,3},{0,8,131},{0,8,67},{0,9,230},{128,7,7},{0,8,91},
+        {0,8,27},{0,9,150},{132,7,67},{0,8,123},{0,8,59},{0,9,214},
+        {130,7,19},{0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},
+        {0,8,75},{0,9,246},{128,7,5},{0,8,87},{0,8,23},{77,8,0},
+        {131,7,51},{0,8,119},{0,8,55},{0,9,206},{129,7,15},{0,8,103},
+        {0,8,39},{0,9,174},{0,8,7},{0,8,135},{0,8,71},{0,9,238},
+        {128,7,9},{0,8,95},{0,8,31},{0,9,158},{132,7,99},{0,8,127},
+        {0,8,63},{0,9,222},{130,7,27},{0,8,111},{0,8,47},{0,9,190},
+        {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},
+        {0,8,16},{132,8,115},{130,7,31},{0,8,112},{0,8,48},{0,9,193},
+        {128,7,10},{0,8,96},{0,8,32},{0,9,161},{0,8,0},{0,8,128},
+        {0,8,64},{0,9,225},{128,7,6},{0,8,88},{0,8,24},{0,9,145},
+        {131,7,59},{0,8,120},{0,8,56},{0,9,209},{129,7,17},{0,8,104},
+        {0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72},{0,9,241},
+        {128,7,4},{0,8,84},{0,8,20},{133,8,227},{131,7,43},{0,8,116},
+        {0,8,52},{0,9,201},{129,7,13},{0,8,100},{0,8,36},{0,9,169},
+        {0,8,4},{0,8,132},{0,8,68},{0,9,233},{128,7,8},{0,8,92},
+        {0,8,28},{0,9,153},{132,7,83},{0,8,124},{0,8,60},{0,9,217},
+        {130,7,23},{0,8,108},{0,8,44},{0,9,185},{0,8,12},{0,8,140},
+        {0,8,76},{0,9,249},{128,7,3},{0,8,82},{0,8,18},{133,8,163},
+        {131,7,35},{0,8,114},{0,8,50},{0,9,197},{129,7,11},{0,8,98},
+        {0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229},
+        {128,7,7},{0,8,90},{0,8,26},{0,9,149},{132,7,67},{0,8,122},
+        {0,8,58},{0,9,213},{130,7,19},{0,8,106},{0,8,42},{0,9,181},
+        {0,8,10},{0,8,138},{0,8,74},{0,9,245},{128,7,5},{0,8,86},
+        {0,8,22},{65,8,0},{131,7,51},{0,8,118},{0,8,54},{0,9,205},
+        {129,7,15},{0,8,102},{0,8,38},{0,9,173},{0,8,6},{0,8,134},
+        {0,8,70},{0,9,237},{128,7,9},{0,8,94},{0,8,30},{0,9,157},
+        {132,7,99},{0,8,126},{0,8,62},{0,9,221},{130,7,27},{0,8,110},
+        {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},
+        {96,7,0},{0,8,81},{0,8,17},{133,8,131},{130,7,31},{0,8,113},
+        {0,8,49},{0,9,195},{128,7,10},{0,8,97},{0,8,33},{0,9,163},
+        {0,8,1},{0,8,129},{0,8,65},{0,9,227},{128,7,6},{0,8,89},
+        {0,8,25},{0,9,147},{131,7,59},{0,8,121},{0,8,57},{0,9,211},
+        {129,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9},{0,8,137},
+        {0,8,73},{0,9,243},{128,7,4},{0,8,85},{0,8,21},{144,8,3},
+        {131,7,43},{0,8,117},{0,8,53},{0,9,203},{129,7,13},{0,8,101},
+        {0,8,37},{0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},
+        {128,7,8},{0,8,93},{0,8,29},{0,9,155},{132,7,83},{0,8,125},
+        {0,8,61},{0,9,219},{130,7,23},{0,8,109},{0,8,45},{0,9,187},
+        {0,8,13},{0,8,141},{0,8,77},{0,9,251},{128,7,3},{0,8,83},
+        {0,8,19},{133,8,195},{131,7,35},{0,8,115},{0,8,51},{0,9,199},
+        {129,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131},
+        {0,8,67},{0,9,231},{128,7,7},{0,8,91},{0,8,27},{0,9,151},
+        {132,7,67},{0,8,123},{0,8,59},{0,9,215},{130,7,19},{0,8,107},
+        {0,8,43},{0,9,183},{0,8,11},{0,8,139},{0,8,75},{0,9,247},
+        {128,7,5},{0,8,87},{0,8,23},{77,8,0},{131,7,51},{0,8,119},
+        {0,8,55},{0,9,207},{129,7,15},{0,8,103},{0,8,39},{0,9,175},
+        {0,8,7},{0,8,135},{0,8,71},{0,9,239},{128,7,9},{0,8,95},
+        {0,8,31},{0,9,159},{132,7,99},{0,8,127},{0,8,63},{0,9,223},
+        {130,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},
+        {0,8,79},{0,9,255}
+    };
+
+    static const code distfix[32] = {
+        {128,5,1},{135,5,257},{131,5,17},{139,5,4097},{129,5,5},
+        {137,5,1025},{133,5,65},{141,5,16385},{128,5,3},{136,5,513},
+        {132,5,33},{140,5,8193},{130,5,9},{138,5,2049},{134,5,129},
+        {142,5,32769},{128,5,2},{135,5,385},{131,5,25},{139,5,6145},
+        {129,5,7},{137,5,1537},{133,5,97},{141,5,24577},{128,5,4},
+        {136,5,769},{132,5,49},{140,5,12289},{130,5,13},{138,5,3073},
+        {134,5,193},{142,5,49153}
+    };
diff --git a/zlib-1.3.1/contrib/infback9/inflate9.h b/zlib-1.3.1/contrib/infback9/inflate9.h
new file mode 100644
index 00000000..ee9a7939
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/inflate9.h
@@ -0,0 +1,47 @@
+/* inflate9.h -- internal inflate state definition
+ * Copyright (C) 1995-2003 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* Possible inflate modes between inflate() calls */
+typedef enum {
+        TYPE,       /* i: waiting for type bits, including last-flag bit */
+        STORED,     /* i: waiting for stored size (length and complement) */
+        TABLE,      /* i: waiting for dynamic block table lengths */
+            LEN,        /* i: waiting for length/lit code */
+    DONE,       /* finished check, done -- remain here until reset */
+    BAD         /* got a data error -- remain here until reset */
+} inflate_mode;
+
+/*
+    State transitions between above modes -
+
+    (most modes can go to the BAD mode -- not shown for clarity)
+
+    Read deflate blocks:
+            TYPE -> STORED or TABLE or LEN or DONE
+            STORED -> TYPE
+            TABLE -> LENLENS -> CODELENS -> LEN
+    Read deflate codes:
+                LEN -> LEN or TYPE
+ */
+
+/* state maintained between inflate() calls.  Approximately 7K bytes. */
+struct inflate_state {
+        /* sliding window */
+    unsigned char FAR *window;  /* allocated sliding window, if needed */
+        /* dynamic table building */
+    unsigned ncode;             /* number of code length code lengths */
+    unsigned nlen;              /* number of length code lengths */
+    unsigned ndist;             /* number of distance code lengths */
+    unsigned have;              /* number of code lengths in lens[] */
+    code FAR *next;             /* next available space in codes[] */
+    unsigned short lens[320];   /* temporary storage for code lengths */
+    unsigned short work[288];   /* work area for code table building */
+    code codes[ENOUGH];         /* space for code tables */
+};
diff --git a/zlib-1.3.1/contrib/infback9/inftree9.c b/zlib-1.3.1/contrib/infback9/inftree9.c
new file mode 100644
index 00000000..ac707ed3
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/inftree9.c
@@ -0,0 +1,319 @@
+/* inftree9.c -- generate Huffman trees for efficient decoding
+ * Copyright (C) 1995-2024 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftree9.h"
+
+#define MAXBITS 15
+
+const char inflate9_copyright[] =
+   " inflate9 1.3.1 Copyright 1995-2024 Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+/*
+   Build a set of tables to decode the provided canonical Huffman code.
+   The code lengths are lens[0..codes-1].  The result starts at *table,
+   whose indices are 0..2^bits-1.  work is a writable array of at least
+   lens shorts, which is used as a work area.  type is the type of code
+   to be generated, CODES, LENS, or DISTS.  On return, zero is success,
+   -1 is an invalid code, and +1 means that ENOUGH isn't enough.  table
+   on return points to the next available entry's address.  bits is the
+   requested root table index bits, and on return it is the actual root
+   table index bits.  It will differ if the request is greater than the
+   longest code or if it is less than the shortest code.
+ */
+int inflate_table9(codetype type, unsigned short FAR *lens, unsigned codes,
+                   code FAR * FAR *table, unsigned FAR *bits,
+                   unsigned short FAR *work) {
+    unsigned len;               /* a code's length in bits */
+    unsigned sym;               /* index of code symbols */
+    unsigned min, max;          /* minimum and maximum code lengths */
+    unsigned root;              /* number of index bits for root table */
+    unsigned curr;              /* number of index bits for current table */
+    unsigned drop;              /* code bits to drop for sub-table */
+    int left;                   /* number of prefix codes available */
+    unsigned used;              /* code entries in table used */
+    unsigned huff;              /* Huffman code */
+    unsigned incr;              /* for incrementing code, index */
+    unsigned fill;              /* index for replicating entries */
+    unsigned low;               /* low bits for current root entry */
+    unsigned mask;              /* mask for low root bits */
+    code this;                  /* table entry for duplication */
+    code FAR *next;             /* next available space in table */
+    const unsigned short FAR *base;     /* base value table to use */
+    const unsigned short FAR *extra;    /* extra bits table to use */
+    int end;                    /* use base and extra for symbol > end */
+    unsigned short count[MAXBITS+1];    /* number of codes of each length */
+    unsigned short offs[MAXBITS+1];     /* offsets in table for each length */
+    static const unsigned short lbase[31] = { /* Length codes 257..285 base */
+        3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17,
+        19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115,
+        131, 163, 195, 227, 3, 0, 0};
+    static const unsigned short lext[31] = { /* Length codes 257..285 extra */
+        128, 128, 128, 128, 128, 128, 128, 128, 129, 129, 129, 129,
+        130, 130, 130, 130, 131, 131, 131, 131, 132, 132, 132, 132,
+        133, 133, 133, 133, 144, 203, 77};
+    static const unsigned short dbase[32] = { /* Distance codes 0..31 base */
+        1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49,
+        65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073,
+        4097, 6145, 8193, 12289, 16385, 24577, 32769, 49153};
+    static const unsigned short dext[32] = { /* Distance codes 0..31 extra */
+        128, 128, 128, 128, 129, 129, 130, 130, 131, 131, 132, 132,
+        133, 133, 134, 134, 135, 135, 136, 136, 137, 137, 138, 138,
+        139, 139, 140, 140, 141, 141, 142, 142};
+
+    /*
+       Process a set of code lengths to create a canonical Huffman code.  The
+       code lengths are lens[0..codes-1].  Each length corresponds to the
+       symbols 0..codes-1.  The Huffman code is generated by first sorting the
+       symbols by length from short to long, and retaining the symbol order
+       for codes with equal lengths.  Then the code starts with all zero bits
+       for the first code of the shortest length, and the codes are integer
+       increments for the same length, and zeros are appended as the length
+       increases.  For the deflate format, these bits are stored backwards
+       from their more natural integer increment ordering, and so when the
+       decoding tables are built in the large loop below, the integer codes
+       are incremented backwards.
+
+       This routine assumes, but does not check, that all of the entries in
+       lens[] are in the range 0..MAXBITS.  The caller must assure this.
+       1..MAXBITS is interpreted as that code length.  zero means that that
+       symbol does not occur in this code.
+
+       The codes are sorted by computing a count of codes for each length,
+       creating from that a table of starting indices for each length in the
+       sorted table, and then entering the symbols in order in the sorted
+       table.  The sorted table is work[], with that space being provided by
+       the caller.
+
+       The length counts are used for other purposes as well, i.e. finding
+       the minimum and maximum length codes, determining if there are any
+       codes at all, checking for a valid set of lengths, and looking ahead
+       at length counts to determine sub-table sizes when building the
+       decoding tables.
+     */
+
+    /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */
+    for (len = 0; len <= MAXBITS; len++)
+        count[len] = 0;
+    for (sym = 0; sym < codes; sym++)
+        count[lens[sym]]++;
+
+    /* bound code lengths, force root to be within code lengths */
+    root = *bits;
+    for (max = MAXBITS; max >= 1; max--)
+        if (count[max] != 0) break;
+    if (root > max) root = max;
+    if (max == 0) return -1;            /* no codes! */
+    for (min = 1; min <= MAXBITS; min++)
+        if (count[min] != 0) break;
+    if (root < min) root = min;
+
+    /* check for an over-subscribed or incomplete set of lengths */
+    left = 1;
+    for (len = 1; len <= MAXBITS; len++) {
+        left <<= 1;
+        left -= count[len];
+        if (left < 0) return -1;        /* over-subscribed */
+    }
+    if (left > 0 && (type == CODES || max != 1))
+        return -1;                      /* incomplete set */
+
+    /* generate offsets into symbol table for each length for sorting */
+    offs[1] = 0;
+    for (len = 1; len < MAXBITS; len++)
+        offs[len + 1] = offs[len] + count[len];
+
+    /* sort symbols by length, by symbol order within each length */
+    for (sym = 0; sym < codes; sym++)
+        if (lens[sym] != 0) work[offs[lens[sym]]++] = (unsigned short)sym;
+
+    /*
+       Create and fill in decoding tables.  In this loop, the table being
+       filled is at next and has curr index bits.  The code being used is huff
+       with length len.  That code is converted to an index by dropping drop
+       bits off of the bottom.  For codes where len is less than drop + curr,
+       those top drop + curr - len bits are incremented through all values to
+       fill the table with replicated entries.
+
+       root is the number of index bits for the root table.  When len exceeds
+       root, sub-tables are created pointed to by the root entry with an index
+       of the low root bits of huff.  This is saved in low to check for when a
+       new sub-table should be started.  drop is zero when the root table is
+       being filled, and drop is root when sub-tables are being filled.
+
+       When a new sub-table is needed, it is necessary to look ahead in the
+       code lengths to determine what size sub-table is needed.  The length
+       counts are used for this, and so count[] is decremented as codes are
+       entered in the tables.
+
+       used keeps track of how many table entries have been allocated from the
+       provided *table space.  It is checked for LENS and DIST tables against
+       the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in
+       the initial root table size constants.  See the comments in inftree9.h
+       for more information.
+
+       sym increments through all symbols, and the loop terminates when
+       all codes of length max, i.e. all codes, have been processed.  This
+       routine permits incomplete codes, so another loop after this one fills
+       in the rest of the decoding tables with invalid code markers.
+     */
+
+    /* set up for code type */
+    switch (type) {
+    case CODES:
+        base = extra = work;    /* dummy value--not used */
+        end = 19;
+        break;
+    case LENS:
+        base = lbase;
+        base -= 257;
+        extra = lext;
+        extra -= 257;
+        end = 256;
+        break;
+    default:            /* DISTS */
+        base = dbase;
+        extra = dext;
+        end = -1;
+    }
+
+    /* initialize state for loop */
+    huff = 0;                   /* starting code */
+    sym = 0;                    /* starting code symbol */
+    len = min;                  /* starting code length */
+    next = *table;              /* current table to fill in */
+    curr = root;                /* current table index bits */
+    drop = 0;                   /* current bits to drop from code for index */
+    low = (unsigned)(-1);       /* trigger new sub-table when len > root */
+    used = 1U << root;          /* use root table entries */
+    mask = used - 1;            /* mask for comparing low */
+
+    /* check available table space */
+    if ((type == LENS && used >= ENOUGH_LENS) ||
+        (type == DISTS && used >= ENOUGH_DISTS))
+        return 1;
+
+    /* process all codes and make table entries */
+    for (;;) {
+        /* create table entry */
+        this.bits = (unsigned char)(len - drop);
+        if ((int)(work[sym]) < end) {
+            this.op = (unsigned char)0;
+            this.val = work[sym];
+        }
+        else if ((int)(work[sym]) > end) {
+            this.op = (unsigned char)(extra[work[sym]]);
+            this.val = base[work[sym]];
+        }
+        else {
+            this.op = (unsigned char)(32 + 64);         /* end of block */
+            this.val = 0;
+        }
+
+        /* replicate for those indices with low len bits equal to huff */
+        incr = 1U << (len - drop);
+        fill = 1U << curr;
+        do {
+            fill -= incr;
+            next[(huff >> drop) + fill] = this;
+        } while (fill != 0);
+
+        /* backwards increment the len-bit code huff */
+        incr = 1U << (len - 1);
+        while (huff & incr)
+            incr >>= 1;
+        if (incr != 0) {
+            huff &= incr - 1;
+            huff += incr;
+        }
+        else
+            huff = 0;
+
+        /* go to next symbol, update count, len */
+        sym++;
+        if (--(count[len]) == 0) {
+            if (len == max) break;
+            len = lens[work[sym]];
+        }
+
+        /* create new sub-table if needed */
+        if (len > root && (huff & mask) != low) {
+            /* if first time, transition to sub-tables */
+            if (drop == 0)
+                drop = root;
+
+            /* increment past last table */
+            next += 1U << curr;
+
+            /* determine length of next table */
+            curr = len - drop;
+            left = (int)(1 << curr);
+            while (curr + drop < max) {
+                left -= count[curr + drop];
+                if (left <= 0) break;
+                curr++;
+                left <<= 1;
+            }
+
+            /* check for enough space */
+            used += 1U << curr;
+            if ((type == LENS && used >= ENOUGH_LENS) ||
+                (type == DISTS && used >= ENOUGH_DISTS))
+                return 1;
+
+            /* point entry in root table to sub-table */
+            low = huff & mask;
+            (*table)[low].op = (unsigned char)curr;
+            (*table)[low].bits = (unsigned char)root;
+            (*table)[low].val = (unsigned short)(next - *table);
+        }
+    }
+
+    /*
+       Fill in rest of table for incomplete codes.  This loop is similar to the
+       loop above in incrementing huff for table indices.  It is assumed that
+       len is equal to curr + drop, so there is no loop needed to increment
+       through high index bits.  When the current sub-table is filled, the loop
+       drops back to the root table to fill in any remaining entries there.
+     */
+    this.op = (unsigned char)64;                /* invalid code marker */
+    this.bits = (unsigned char)(len - drop);
+    this.val = (unsigned short)0;
+    while (huff != 0) {
+        /* when done with sub-table, drop back to root table */
+        if (drop != 0 && (huff & mask) != low) {
+            drop = 0;
+            len = root;
+            next = *table;
+            curr = root;
+            this.bits = (unsigned char)len;
+        }
+
+        /* put invalid code marker in table */
+        next[huff >> drop] = this;
+
+        /* backwards increment the len-bit code huff */
+        incr = 1U << (len - 1);
+        while (huff & incr)
+            incr >>= 1;
+        if (incr != 0) {
+            huff &= incr - 1;
+            huff += incr;
+        }
+        else
+            huff = 0;
+    }
+
+    /* set return parameters */
+    *table += used;
+    *bits = root;
+    return 0;
+}
diff --git a/zlib-1.3.1/contrib/infback9/inftree9.h b/zlib-1.3.1/contrib/infback9/inftree9.h
new file mode 100644
index 00000000..ab2ea28b
--- /dev/null
+++ b/zlib-1.3.1/contrib/infback9/inftree9.h
@@ -0,0 +1,61 @@
+/* inftree9.h -- header to use inftree9.c
+ * Copyright (C) 1995-2008 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* Structure for decoding tables.  Each entry provides either the
+   information needed to do the operation requested by the code that
+   indexed that table entry, or it provides a pointer to another
+   table that indexes more bits of the code.  op indicates whether
+   the entry is a pointer to another table, a literal, a length or
+   distance, an end-of-block, or an invalid code.  For a table
+   pointer, the low four bits of op is the number of index bits of
+   that table.  For a length or distance, the low four bits of op
+   is the number of extra bits to get after the code.  bits is
+   the number of bits in this code or part of the code to drop off
+   of the bit buffer.  val is the actual byte to output in the case
+   of a literal, the base length or distance, or the offset from
+   the current table to the next table.  Each entry is four bytes. */
+typedef struct {
+    unsigned char op;           /* operation, extra bits, table bits */
+    unsigned char bits;         /* bits in this part of the code */
+    unsigned short val;         /* offset in table or code value */
+} code;
+
+/* op values as set by inflate_table():
+    00000000 - literal
+    0000tttt - table link, tttt != 0 is the number of table index bits
+    100eeeee - length or distance, eeee is the number of extra bits
+    01100000 - end of block
+    01000000 - invalid code
+ */
+
+/* Maximum size of the dynamic table.  The maximum number of code structures is
+   1446, which is the sum of 852 for literal/length codes and 594 for distance
+   codes.  These values were found by exhaustive searches using the program
+   examples/enough.c found in the zlib distribution.  The arguments to that
+   program are the number of symbols, the initial root table size, and the
+   maximum bit length of a code.  "enough 286 9 15" for literal/length codes
+   returns 852, and "enough 32 6 15" for distance codes returns 594. The
+   initial root table size (9 or 6) is found in the fifth argument of the
+   inflate_table() calls in infback9.c.  If the root table size is changed,
+   then these maximum sizes would be need to be recalculated and updated. */
+#define ENOUGH_LENS 852
+#define ENOUGH_DISTS 594
+#define ENOUGH (ENOUGH_LENS+ENOUGH_DISTS)
+
+/* Type of code to build for inflate_table9() */
+typedef enum {
+    CODES,
+    LENS,
+    DISTS
+} codetype;
+
+extern int inflate_table9(codetype type, unsigned short FAR *lens,
+                          unsigned codes, code FAR * FAR *table,
+                          unsigned FAR *bits, unsigned short FAR *work);
diff --git a/zlib-1.3.1/contrib/iostream/test.cpp b/zlib-1.3.1/contrib/iostream/test.cpp
new file mode 100644
index 00000000..7d265b3b
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream/test.cpp
@@ -0,0 +1,24 @@
+
+#include "zfstream.h"
+
+int main() {
+
+  // Construct a stream object with this filebuffer.  Anything sent
+  // to this stream will go to standard out.
+  gzofstream os( 1, ios::out );
+
+  // This text is getting compressed and sent to stdout.
+  // To prove this, run 'test | zcat'.
+  os << "Hello, Mommy" << endl;
+
+  os << setcompressionlevel( Z_NO_COMPRESSION );
+  os << "hello, hello, hi, ho!" << endl;
+
+  setcompressionlevel( os, Z_DEFAULT_COMPRESSION )
+    << "I'm compressing again" << endl;
+
+  os.close();
+
+  return 0;
+
+}
diff --git a/zlib-1.3.1/contrib/iostream/zfstream.cpp b/zlib-1.3.1/contrib/iostream/zfstream.cpp
new file mode 100644
index 00000000..d0cd85fa
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream/zfstream.cpp
@@ -0,0 +1,329 @@
+
+#include "zfstream.h"
+
+gzfilebuf::gzfilebuf() :
+  file(NULL),
+  mode(0),
+  own_file_descriptor(0)
+{ }
+
+gzfilebuf::~gzfilebuf() {
+
+  sync();
+  if ( own_file_descriptor )
+    close();
+
+}
+
+gzfilebuf *gzfilebuf::open( const char *name,
+                            int io_mode ) {
+
+  if ( is_open() )
+    return NULL;
+
+  char char_mode[10];
+  char *p = char_mode;
+
+  if ( io_mode & ios::in ) {
+    mode = ios::in;
+    *p++ = 'r';
+  } else if ( io_mode & ios::app ) {
+    mode = ios::app;
+    *p++ = 'a';
+  } else {
+    mode = ios::out;
+    *p++ = 'w';
+  }
+
+  if ( io_mode & ios::binary ) {
+    mode |= ios::binary;
+    *p++ = 'b';
+  }
+
+  // Hard code the compression level
+  if ( io_mode & (ios::out|ios::app )) {
+    *p++ = '9';
+  }
+
+  // Put the end-of-string indicator
+  *p = '\0';
+
+  if ( (file = gzopen(name, char_mode)) == NULL )
+    return NULL;
+
+  own_file_descriptor = 1;
+
+  return this;
+
+}
+
+gzfilebuf *gzfilebuf::attach( int file_descriptor,
+                              int io_mode ) {
+
+  if ( is_open() )
+    return NULL;
+
+  char char_mode[10];
+  char *p = char_mode;
+
+  if ( io_mode & ios::in ) {
+    mode = ios::in;
+    *p++ = 'r';
+  } else if ( io_mode & ios::app ) {
+    mode = ios::app;
+    *p++ = 'a';
+  } else {
+    mode = ios::out;
+    *p++ = 'w';
+  }
+
+  if ( io_mode & ios::binary ) {
+    mode |= ios::binary;
+    *p++ = 'b';
+  }
+
+  // Hard code the compression level
+  if ( io_mode & (ios::out|ios::app )) {
+    *p++ = '9';
+  }
+
+  // Put the end-of-string indicator
+  *p = '\0';
+
+  if ( (file = gzdopen(file_descriptor, char_mode)) == NULL )
+    return NULL;
+
+  own_file_descriptor = 0;
+
+  return this;
+
+}
+
+gzfilebuf *gzfilebuf::close() {
+
+  if ( is_open() ) {
+
+    sync();
+    gzclose( file );
+    file = NULL;
+
+  }
+
+  return this;
+
+}
+
+int gzfilebuf::setcompressionlevel( int comp_level ) {
+
+  return gzsetparams(file, comp_level, -2);
+
+}
+
+int gzfilebuf::setcompressionstrategy( int comp_strategy ) {
+
+  return gzsetparams(file, -2, comp_strategy);
+
+}
+
+
+streampos gzfilebuf::seekoff( streamoff off, ios::seek_dir dir, int which ) {
+
+  return streampos(EOF);
+
+}
+
+int gzfilebuf::underflow() {
+
+  // If the file hasn't been opened for reading, error.
+  if ( !is_open() || !(mode & ios::in) )
+    return EOF;
+
+  // if a buffer doesn't exists, allocate one.
+  if ( !base() ) {
+
+    if ( (allocate()) == EOF )
+      return EOF;
+    setp(0,0);
+
+  } else {
+
+    if ( in_avail() )
+      return (unsigned char) *gptr();
+
+    if ( out_waiting() ) {
+      if ( flushbuf() == EOF )
+        return EOF;
+    }
+
+  }
+
+  // Attempt to fill the buffer.
+
+  int result = fillbuf();
+  if ( result == EOF ) {
+    // disable get area
+    setg(0,0,0);
+    return EOF;
+  }
+
+  return (unsigned char) *gptr();
+
+}
+
+int gzfilebuf::overflow( int c ) {
+
+  if ( !is_open() || !(mode & ios::out) )
+    return EOF;
+
+  if ( !base() ) {
+    if ( allocate() == EOF )
+      return EOF;
+    setg(0,0,0);
+  } else {
+    if (in_avail()) {
+        return EOF;
+    }
+    if (out_waiting()) {
+      if (flushbuf() == EOF)
+        return EOF;
+    }
+  }
+
+  int bl = blen();
+  setp( base(), base() + bl);
+
+  if ( c != EOF ) {
+
+    *pptr() = c;
+    pbump(1);
+
+  }
+
+  return 0;
+
+}
+
+int gzfilebuf::sync() {
+
+  if ( !is_open() )
+    return EOF;
+
+  if ( out_waiting() )
+    return flushbuf();
+
+  return 0;
+
+}
+
+int gzfilebuf::flushbuf() {
+
+  int n;
+  char *q;
+
+  q = pbase();
+  n = pptr() - q;
+
+  if ( gzwrite( file, q, n) < n )
+    return EOF;
+
+  setp(0,0);
+
+  return 0;
+
+}
+
+int gzfilebuf::fillbuf() {
+
+  int required;
+  char *p;
+
+  p = base();
+
+  required = blen();
+
+  int t = gzread( file, p, required );
+
+  if ( t <= 0) return EOF;
+
+  setg( base(), base(), base()+t);
+
+  return t;
+
+}
+
+gzfilestream_common::gzfilestream_common() :
+  ios( gzfilestream_common::rdbuf() )
+{ }
+
+gzfilestream_common::~gzfilestream_common()
+{ }
+
+void gzfilestream_common::attach( int fd, int io_mode ) {
+
+  if ( !buffer.attach( fd, io_mode) )
+    clear( ios::failbit | ios::badbit );
+  else
+    clear();
+
+}
+
+void gzfilestream_common::open( const char *name, int io_mode ) {
+
+  if ( !buffer.open( name, io_mode ) )
+    clear( ios::failbit | ios::badbit );
+  else
+    clear();
+
+}
+
+void gzfilestream_common::close() {
+
+  if ( !buffer.close() )
+    clear( ios::failbit | ios::badbit );
+
+}
+
+gzfilebuf *gzfilestream_common::rdbuf()
+{
+  return &buffer;
+}
+
+gzifstream::gzifstream() :
+  ios( gzfilestream_common::rdbuf() )
+{
+  clear( ios::badbit );
+}
+
+gzifstream::gzifstream( const char *name, int io_mode ) :
+  ios( gzfilestream_common::rdbuf() )
+{
+  gzfilestream_common::open( name, io_mode );
+}
+
+gzifstream::gzifstream( int fd, int io_mode ) :
+  ios( gzfilestream_common::rdbuf() )
+{
+  gzfilestream_common::attach( fd, io_mode );
+}
+
+gzifstream::~gzifstream() { }
+
+gzofstream::gzofstream() :
+  ios( gzfilestream_common::rdbuf() )
+{
+  clear( ios::badbit );
+}
+
+gzofstream::gzofstream( const char *name, int io_mode ) :
+  ios( gzfilestream_common::rdbuf() )
+{
+  gzfilestream_common::open( name, io_mode );
+}
+
+gzofstream::gzofstream( int fd, int io_mode ) :
+  ios( gzfilestream_common::rdbuf() )
+{
+  gzfilestream_common::attach( fd, io_mode );
+}
+
+gzofstream::~gzofstream() { }
diff --git a/zlib-1.3.1/contrib/iostream/zfstream.h b/zlib-1.3.1/contrib/iostream/zfstream.h
new file mode 100644
index 00000000..ed79098a
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream/zfstream.h
@@ -0,0 +1,128 @@
+
+#ifndef zfstream_h
+#define zfstream_h
+
+#include <fstream.h>
+#include "zlib.h"
+
+class gzfilebuf : public streambuf {
+
+public:
+
+  gzfilebuf( );
+  virtual ~gzfilebuf();
+
+  gzfilebuf *open( const char *name, int io_mode );
+  gzfilebuf *attach( int file_descriptor, int io_mode );
+  gzfilebuf *close();
+
+  int setcompressionlevel( int comp_level );
+  int setcompressionstrategy( int comp_strategy );
+
+  inline int is_open() const { return (file !=NULL); }
+
+  virtual streampos seekoff( streamoff, ios::seek_dir, int );
+
+  virtual int sync();
+
+protected:
+
+  virtual int underflow();
+  virtual int overflow( int = EOF );
+
+private:
+
+  gzFile file;
+  short mode;
+  short own_file_descriptor;
+
+  int flushbuf();
+  int fillbuf();
+
+};
+
+class gzfilestream_common : virtual public ios {
+
+  friend class gzifstream;
+  friend class gzofstream;
+  friend gzofstream &setcompressionlevel( gzofstream &, int );
+  friend gzofstream &setcompressionstrategy( gzofstream &, int );
+
+public:
+  virtual ~gzfilestream_common();
+
+  void attach( int fd, int io_mode );
+  void open( const char *name, int io_mode );
+  void close();
+
+protected:
+  gzfilestream_common();
+
+private:
+  gzfilebuf *rdbuf();
+
+  gzfilebuf buffer;
+
+};
+
+class gzifstream : public gzfilestream_common, public istream {
+
+public:
+
+  gzifstream();
+  gzifstream( const char *name, int io_mode = ios::in );
+  gzifstream( int fd, int io_mode = ios::in );
+
+  virtual ~gzifstream();
+
+};
+
+class gzofstream : public gzfilestream_common, public ostream {
+
+public:
+
+  gzofstream();
+  gzofstream( const char *name, int io_mode = ios::out );
+  gzofstream( int fd, int io_mode = ios::out );
+
+  virtual ~gzofstream();
+
+};
+
+template<class T> class gzomanip {
+  friend gzofstream &operator<<(gzofstream &, const gzomanip<T> &);
+public:
+  gzomanip(gzofstream &(*f)(gzofstream &, T), T v) : func(f), val(v) { }
+private:
+  gzofstream &(*func)(gzofstream &, T);
+  T val;
+};
+
+template<class T> gzofstream &operator<<(gzofstream &s, const gzomanip<T> &m)
+{
+  return (*m.func)(s, m.val);
+}
+
+inline gzofstream &setcompressionlevel( gzofstream &s, int l )
+{
+  (s.rdbuf())->setcompressionlevel(l);
+  return s;
+}
+
+inline gzofstream &setcompressionstrategy( gzofstream &s, int l )
+{
+  (s.rdbuf())->setcompressionstrategy(l);
+  return s;
+}
+
+inline gzomanip<int> setcompressionlevel(int l)
+{
+  return gzomanip<int>(&setcompressionlevel,l);
+}
+
+inline gzomanip<int> setcompressionstrategy(int l)
+{
+  return gzomanip<int>(&setcompressionstrategy,l);
+}
+
+#endif
diff --git a/zlib-1.3.1/contrib/iostream2/zstream.h b/zlib-1.3.1/contrib/iostream2/zstream.h
new file mode 100644
index 00000000..43d2332b
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream2/zstream.h
@@ -0,0 +1,307 @@
+/*
+ *
+ * Copyright (c) 1997
+ * Christian Michelsen Research AS
+ * Advanced Computing
+ * Fantoftvegen 38, 5036 BERGEN, Norway
+ * http://www.cmr.no
+ *
+ * Permission to use, copy, modify, distribute and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appear in all copies and
+ * that both that copyright notice and this permission notice appear
+ * in supporting documentation.  Christian Michelsen Research AS makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ *
+ */
+
+#ifndef ZSTREAM__H
+#define ZSTREAM__H
+
+/*
+ * zstream.h - C++ interface to the 'zlib' general purpose compression library
+ * $Id: zstream.h 1.1 1997-06-25 12:00:56+02 tyge Exp tyge $
+ */
+
+#include <strstream.h>
+#include <string.h>
+#include <stdio.h>
+#include "zlib.h"
+
+#if defined(_WIN32)
+#   include <fcntl.h>
+#   include <io.h>
+#   define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#   define SET_BINARY_MODE(file)
+#endif
+
+class zstringlen {
+public:
+    zstringlen(class izstream&);
+    zstringlen(class ozstream&, const char*);
+    size_t value() const { return val.word; }
+private:
+    struct Val { unsigned char byte; size_t word; } val;
+};
+
+//  ----------------------------- izstream -----------------------------
+
+class izstream
+{
+    public:
+        izstream() : m_fp(0) {}
+        izstream(FILE* fp) : m_fp(0) { open(fp); }
+        izstream(const char* name) : m_fp(0) { open(name); }
+        ~izstream() { close(); }
+
+        /* Opens a gzip (.gz) file for reading.
+         * open() can be used to read a file which is not in gzip format;
+         * in this case read() will directly read from the file without
+         * decompression. errno can be checked to distinguish two error
+         * cases (if errno is zero, the zlib error is Z_MEM_ERROR).
+         */
+        void open(const char* name) {
+            if (m_fp) close();
+            m_fp = ::gzopen(name, "rb");
+        }
+
+        void open(FILE* fp) {
+            SET_BINARY_MODE(fp);
+            if (m_fp) close();
+            m_fp = ::gzdopen(fileno(fp), "rb");
+        }
+
+        /* Flushes all pending input if necessary, closes the compressed file
+         * and deallocates all the (de)compression state. The return value is
+         * the zlib error number (see function error() below).
+         */
+        int close() {
+            int r = ::gzclose(m_fp);
+            m_fp = 0; return r;
+        }
+
+        /* Binary read the given number of bytes from the compressed file.
+         */
+        int read(void* buf, size_t len) {
+            return ::gzread(m_fp, buf, len);
+        }
+
+        /* Returns the error message for the last error which occurred on the
+         * given compressed file. errnum is set to zlib error number. If an
+         * error occurred in the file system and not in the compression library,
+         * errnum is set to Z_ERRNO and the application may consult errno
+         * to get the exact error code.
+         */
+        const char* error(int* errnum) {
+            return ::gzerror(m_fp, errnum);
+        }
+
+        gzFile fp() { return m_fp; }
+
+    private:
+        gzFile m_fp;
+};
+
+/*
+ * Binary read the given (array of) object(s) from the compressed file.
+ * If the input file was not in gzip format, read() copies the objects number
+ * of bytes into the buffer.
+ * returns the number of uncompressed bytes actually read
+ * (0 for end of file, -1 for error).
+ */
+template <class T, class Items>
+inline int read(izstream& zs, T* x, Items items) {
+    return ::gzread(zs.fp(), x, items*sizeof(T));
+}
+
+/*
+ * Binary input with the '>' operator.
+ */
+template <class T>
+inline izstream& operator>(izstream& zs, T& x) {
+    ::gzread(zs.fp(), &x, sizeof(T));
+    return zs;
+}
+
+
+inline zstringlen::zstringlen(izstream& zs) {
+    zs > val.byte;
+    if (val.byte == 255) zs > val.word;
+    else val.word = val.byte;
+}
+
+/*
+ * Read length of string + the string with the '>' operator.
+ */
+inline izstream& operator>(izstream& zs, char* x) {
+    zstringlen len(zs);
+    ::gzread(zs.fp(), x, len.value());
+    x[len.value()] = '\0';
+    return zs;
+}
+
+inline char* read_string(izstream& zs) {
+    zstringlen len(zs);
+    char* x = new char[len.value()+1];
+    ::gzread(zs.fp(), x, len.value());
+    x[len.value()] = '\0';
+    return x;
+}
+
+// ----------------------------- ozstream -----------------------------
+
+class ozstream
+{
+    public:
+        ozstream() : m_fp(0), m_os(0) {
+        }
+        ozstream(FILE* fp, int level = Z_DEFAULT_COMPRESSION)
+            : m_fp(0), m_os(0) {
+            open(fp, level);
+        }
+        ozstream(const char* name, int level = Z_DEFAULT_COMPRESSION)
+            : m_fp(0), m_os(0) {
+            open(name, level);
+        }
+        ~ozstream() {
+            close();
+        }
+
+        /* Opens a gzip (.gz) file for writing.
+         * The compression level parameter should be in 0..9
+         * errno can be checked to distinguish two error cases
+         * (if errno is zero, the zlib error is Z_MEM_ERROR).
+         */
+        void open(const char* name, int level = Z_DEFAULT_COMPRESSION) {
+            char mode[4] = "wb\0";
+            if (level != Z_DEFAULT_COMPRESSION) mode[2] = '0'+level;
+            if (m_fp) close();
+            m_fp = ::gzopen(name, mode);
+        }
+
+        /* open from a FILE pointer.
+         */
+        void open(FILE* fp, int level = Z_DEFAULT_COMPRESSION) {
+            SET_BINARY_MODE(fp);
+            char mode[4] = "wb\0";
+            if (level != Z_DEFAULT_COMPRESSION) mode[2] = '0'+level;
+            if (m_fp) close();
+            m_fp = ::gzdopen(fileno(fp), mode);
+        }
+
+        /* Flushes all pending output if necessary, closes the compressed file
+         * and deallocates all the (de)compression state. The return value is
+         * the zlib error number (see function error() below).
+         */
+        int close() {
+            if (m_os) {
+                ::gzwrite(m_fp, m_os->str(), m_os->pcount());
+                delete[] m_os->str(); delete m_os; m_os = 0;
+            }
+            int r = ::gzclose(m_fp); m_fp = 0; return r;
+        }
+
+        /* Binary write the given number of bytes into the compressed file.
+         */
+        int write(const void* buf, size_t len) {
+            return ::gzwrite(m_fp, (voidp) buf, len);
+        }
+
+        /* Flushes all pending output into the compressed file. The parameter
+         * _flush is as in the deflate() function. The return value is the zlib
+         * error number (see function gzerror below). flush() returns Z_OK if
+         * the flush_ parameter is Z_FINISH and all output could be flushed.
+         * flush() should be called only when strictly necessary because it can
+         * degrade compression.
+         */
+        int flush(int _flush) {
+            os_flush();
+            return ::gzflush(m_fp, _flush);
+        }
+
+        /* Returns the error message for the last error which occurred on the
+         * given compressed file. errnum is set to zlib error number. If an
+         * error occurred in the file system and not in the compression library,
+         * errnum is set to Z_ERRNO and the application may consult errno
+         * to get the exact error code.
+         */
+        const char* error(int* errnum) {
+            return ::gzerror(m_fp, errnum);
+        }
+
+        gzFile fp() { return m_fp; }
+
+        ostream& os() {
+            if (m_os == 0) m_os = new ostrstream;
+            return *m_os;
+        }
+
+        void os_flush() {
+            if (m_os && m_os->pcount()>0) {
+                ostrstream* oss = new ostrstream;
+                oss->fill(m_os->fill());
+                oss->flags(m_os->flags());
+                oss->precision(m_os->precision());
+                oss->width(m_os->width());
+                ::gzwrite(m_fp, m_os->str(), m_os->pcount());
+                delete[] m_os->str(); delete m_os; m_os = oss;
+            }
+        }
+
+    private:
+        gzFile m_fp;
+        ostrstream* m_os;
+};
+
+/*
+ * Binary write the given (array of) object(s) into the compressed file.
+ * returns the number of uncompressed bytes actually written
+ * (0 in case of error).
+ */
+template <class T, class Items>
+inline int write(ozstream& zs, const T* x, Items items) {
+    return ::gzwrite(zs.fp(), (voidp) x, items*sizeof(T));
+}
+
+/*
+ * Binary output with the '<' operator.
+ */
+template <class T>
+inline ozstream& operator<(ozstream& zs, const T& x) {
+    ::gzwrite(zs.fp(), (voidp) &x, sizeof(T));
+    return zs;
+}
+
+inline zstringlen::zstringlen(ozstream& zs, const char* x) {
+    val.byte = 255;  val.word = ::strlen(x);
+    if (val.word < 255) zs < (val.byte = val.word);
+    else zs < val;
+}
+
+/*
+ * Write length of string + the string with the '<' operator.
+ */
+inline ozstream& operator<(ozstream& zs, const char* x) {
+    zstringlen len(zs, x);
+    ::gzwrite(zs.fp(), (voidp) x, len.value());
+    return zs;
+}
+
+#ifdef _MSC_VER
+inline ozstream& operator<(ozstream& zs, char* const& x) {
+    return zs < (const char*) x;
+}
+#endif
+
+/*
+ * Ascii write with the << operator;
+ */
+template <class T>
+inline ostream& operator<<(ozstream& zs, const T& x) {
+    zs.os_flush();
+    return zs.os() << x;
+}
+
+#endif
diff --git a/zlib-1.3.1/contrib/iostream2/zstream_test.cpp b/zlib-1.3.1/contrib/iostream2/zstream_test.cpp
new file mode 100644
index 00000000..6273f62d
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream2/zstream_test.cpp
@@ -0,0 +1,25 @@
+#include "zstream.h"
+#include <math.h>
+#include <stdlib.h>
+#include <iomanip.h>
+
+void main() {
+    char h[256] = "Hello";
+    char* g = "Goodbye";
+    ozstream out("temp.gz");
+    out < "This works well" < h < g;
+    out.close();
+
+    izstream in("temp.gz"); // read it back
+    char *x = read_string(in), *y = new char[256], z[256];
+    in > y > z;
+    in.close();
+    cout << x << endl << y << endl << z << endl;
+
+    out.open("temp.gz"); // try ascii output; zcat temp.gz to see the results
+    out << setw(50) << setfill('#') << setprecision(20) << x << endl << y << endl << z << endl;
+    out << z << endl << y << endl << x << endl;
+    out << 1.1234567890123456789 << endl;
+
+    delete[] x; delete[] y;
+}
diff --git a/zlib-1.3.1/contrib/iostream3/README b/zlib-1.3.1/contrib/iostream3/README
new file mode 100644
index 00000000..f7b319ab
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream3/README
@@ -0,0 +1,35 @@
+These classes provide a C++ stream interface to the zlib library. It allows you
+to do things like:
+
+  gzofstream outf("blah.gz");
+  outf << "These go into the gzip file " << 123 << endl;
+
+It does this by deriving a specialized stream buffer for gzipped files, which is
+the way Stroustrup would have done it. :->
+
+The gzifstream and gzofstream classes were originally written by Kevin Ruland
+and made available in the zlib contrib/iostream directory. The older version still
+compiles under gcc 2.xx, but not under gcc 3.xx, which sparked the development of
+this version.
+
+The new classes are as standard-compliant as possible, closely following the
+approach of the standard library's fstream classes. It compiles under gcc versions
+3.2 and 3.3, but not under gcc 2.xx. This is mainly due to changes in the standard
+library naming scheme. The new version of gzifstream/gzofstream/gzfilebuf differs
+from the previous one in the following respects:
+- added showmanyc
+- added setbuf, with support for unbuffered output via setbuf(0,0)
+- a few bug fixes of stream behavior
+- gzipped output file opened with default compression level instead of maximum level
+- setcompressionlevel()/strategy() members replaced by single setcompression()
+
+The code is provided "as is", with the permission to use, copy, modify, distribute
+and sell it for any purpose without fee.
+
+Ludwig Schwardt
+<schwardt@sun.ac.za>
+
+DSP Lab
+Electrical & Electronic Engineering Department
+University of Stellenbosch
+South Africa
diff --git a/zlib-1.3.1/contrib/iostream3/TODO b/zlib-1.3.1/contrib/iostream3/TODO
new file mode 100644
index 00000000..7032f97b
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream3/TODO
@@ -0,0 +1,17 @@
+Possible upgrades to gzfilebuf:
+
+- The ability to do putback (e.g. putbackfail)
+
+- The ability to seek (zlib supports this, but could be slow/tricky)
+
+- Simultaneous read/write access (does it make sense?)
+
+- Support for ios_base::ate open mode
+
+- Locale support?
+
+- Check public interface to see which calls give problems
+  (due to dependence on library internals)
+
+- Override operator<<(ostream&, gzfilebuf*) to allow direct copying
+  of stream buffer to stream ( i.e. os << is.rdbuf(); )
diff --git a/zlib-1.3.1/contrib/iostream3/test.cc b/zlib-1.3.1/contrib/iostream3/test.cc
new file mode 100644
index 00000000..94235334
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream3/test.cc
@@ -0,0 +1,50 @@
+/*
+ * Test program for gzifstream and gzofstream
+ *
+ * by Ludwig Schwardt <schwardt@sun.ac.za>
+ * original version by Kevin Ruland <kevin@rodin.wustl.edu>
+ */
+
+#include "zfstream.h"
+#include <iostream>      // for cout
+
+int main() {
+
+  gzofstream outf;
+  gzifstream inf;
+  char buf[80];
+
+  outf.open("test1.txt.gz");
+  outf << "The quick brown fox sidestepped the lazy canine\n"
+       << 1.3 << "\nPlan " << 9 << std::endl;
+  outf.close();
+  std::cout << "Wrote the following message to 'test1.txt.gz' (check with zcat or zless):\n"
+            << "The quick brown fox sidestepped the lazy canine\n"
+            << 1.3 << "\nPlan " << 9 << std::endl;
+
+  std::cout << "\nReading 'test1.txt.gz' (buffered) produces:\n";
+  inf.open("test1.txt.gz");
+  while (inf.getline(buf,80,'\n')) {
+    std::cout << buf << "\t(" << inf.rdbuf()->in_avail() << " chars left in buffer)\n";
+  }
+  inf.close();
+
+  outf.rdbuf()->pubsetbuf(0,0);
+  outf.open("test2.txt.gz");
+  outf << setcompression(Z_NO_COMPRESSION)
+       << "The quick brown fox sidestepped the lazy canine\n"
+       << 1.3 << "\nPlan " << 9 << std::endl;
+  outf.close();
+  std::cout << "\nWrote the same message to 'test2.txt.gz' in uncompressed form";
+
+  std::cout << "\nReading 'test2.txt.gz' (unbuffered) produces:\n";
+  inf.rdbuf()->pubsetbuf(0,0);
+  inf.open("test2.txt.gz");
+  while (inf.getline(buf,80,'\n')) {
+    std::cout << buf << "\t(" << inf.rdbuf()->in_avail() << " chars left in buffer)\n";
+  }
+  inf.close();
+
+  return 0;
+
+}
diff --git a/zlib-1.3.1/contrib/iostream3/zfstream.cc b/zlib-1.3.1/contrib/iostream3/zfstream.cc
new file mode 100644
index 00000000..94eb9334
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream3/zfstream.cc
@@ -0,0 +1,479 @@
+/*
+ * A C++ I/O streams interface to the zlib gz* functions
+ *
+ * by Ludwig Schwardt <schwardt@sun.ac.za>
+ * original version by Kevin Ruland <kevin@rodin.wustl.edu>
+ *
+ * This version is standard-compliant and compatible with gcc 3.x.
+ */
+
+#include "zfstream.h"
+#include <cstring>          // for strcpy, strcat, strlen (mode strings)
+#include <cstdio>           // for BUFSIZ
+
+// Internal buffer sizes (default and "unbuffered" versions)
+#define BIGBUFSIZE BUFSIZ
+#define SMALLBUFSIZE 1
+
+/*****************************************************************************/
+
+// Default constructor
+gzfilebuf::gzfilebuf()
+: file(NULL), io_mode(std::ios_base::openmode(0)), own_fd(false),
+  buffer(NULL), buffer_size(BIGBUFSIZE), own_buffer(true)
+{
+  // No buffers to start with
+  this->disable_buffer();
+}
+
+// Destructor
+gzfilebuf::~gzfilebuf()
+{
+  // Sync output buffer and close only if responsible for file
+  // (i.e. attached streams should be left open at this stage)
+  this->sync();
+  if (own_fd)
+    this->close();
+  // Make sure internal buffer is deallocated
+  this->disable_buffer();
+}
+
+// Set compression level and strategy
+int
+gzfilebuf::setcompression(int comp_level,
+                          int comp_strategy)
+{
+  return gzsetparams(file, comp_level, comp_strategy);
+}
+
+// Open gzipped file
+gzfilebuf*
+gzfilebuf::open(const char *name,
+                std::ios_base::openmode mode)
+{
+  // Fail if file already open
+  if (this->is_open())
+    return NULL;
+  // Don't support simultaneous read/write access (yet)
+  if ((mode & std::ios_base::in) && (mode & std::ios_base::out))
+    return NULL;
+
+  // Build mode string for gzopen and check it [27.8.1.3.2]
+  char char_mode[6] = "\0\0\0\0\0";
+  if (!this->open_mode(mode, char_mode))
+    return NULL;
+
+  // Attempt to open file
+  if ((file = gzopen(name, char_mode)) == NULL)
+    return NULL;
+
+  // On success, allocate internal buffer and set flags
+  this->enable_buffer();
+  io_mode = mode;
+  own_fd = true;
+  return this;
+}
+
+// Attach to gzipped file
+gzfilebuf*
+gzfilebuf::attach(int fd,
+                  std::ios_base::openmode mode)
+{
+  // Fail if file already open
+  if (this->is_open())
+    return NULL;
+  // Don't support simultaneous read/write access (yet)
+  if ((mode & std::ios_base::in) && (mode & std::ios_base::out))
+    return NULL;
+
+  // Build mode string for gzdopen and check it [27.8.1.3.2]
+  char char_mode[6] = "\0\0\0\0\0";
+  if (!this->open_mode(mode, char_mode))
+    return NULL;
+
+  // Attempt to attach to file
+  if ((file = gzdopen(fd, char_mode)) == NULL)
+    return NULL;
+
+  // On success, allocate internal buffer and set flags
+  this->enable_buffer();
+  io_mode = mode;
+  own_fd = false;
+  return this;
+}
+
+// Close gzipped file
+gzfilebuf*
+gzfilebuf::close()
+{
+  // Fail immediately if no file is open
+  if (!this->is_open())
+    return NULL;
+  // Assume success
+  gzfilebuf* retval = this;
+  // Attempt to sync and close gzipped file
+  if (this->sync() == -1)
+    retval = NULL;
+  if (gzclose(file) < 0)
+    retval = NULL;
+  // File is now gone anyway (postcondition [27.8.1.3.8])
+  file = NULL;
+  own_fd = false;
+  // Destroy internal buffer if it exists
+  this->disable_buffer();
+  return retval;
+}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+// Convert int open mode to mode string
+bool
+gzfilebuf::open_mode(std::ios_base::openmode mode,
+                     char* c_mode) const
+{
+  bool testb = mode & std::ios_base::binary;
+  bool testi = mode & std::ios_base::in;
+  bool testo = mode & std::ios_base::out;
+  bool testt = mode & std::ios_base::trunc;
+  bool testa = mode & std::ios_base::app;
+
+  // Check for valid flag combinations - see [27.8.1.3.2] (Table 92)
+  // Original zfstream hardcoded the compression level to maximum here...
+  // Double the time for less than 1% size improvement seems
+  // excessive though - keeping it at the default level
+  // To change back, just append "9" to the next three mode strings
+  if (!testi && testo && !testt && !testa)
+    strcpy(c_mode, "w");
+  if (!testi && testo && !testt && testa)
+    strcpy(c_mode, "a");
+  if (!testi && testo && testt && !testa)
+    strcpy(c_mode, "w");
+  if (testi && !testo && !testt && !testa)
+    strcpy(c_mode, "r");
+  // No read/write mode yet
+//  if (testi && testo && !testt && !testa)
+//    strcpy(c_mode, "r+");
+//  if (testi && testo && testt && !testa)
+//    strcpy(c_mode, "w+");
+
+  // Mode string should be empty for invalid combination of flags
+  if (strlen(c_mode) == 0)
+    return false;
+  if (testb)
+    strcat(c_mode, "b");
+  return true;
+}
+
+// Determine number of characters in internal get buffer
+std::streamsize
+gzfilebuf::showmanyc()
+{
+  // Calls to underflow will fail if file not opened for reading
+  if (!this->is_open() || !(io_mode & std::ios_base::in))
+    return -1;
+  // Make sure get area is in use
+  if (this->gptr() && (this->gptr() < this->egptr()))
+    return std::streamsize(this->egptr() - this->gptr());
+  else
+    return 0;
+}
+
+// Fill get area from gzipped file
+gzfilebuf::int_type
+gzfilebuf::underflow()
+{
+  // If something is left in the get area by chance, return it
+  // (this shouldn't normally happen, as underflow is only supposed
+  // to be called when gptr >= egptr, but it serves as error check)
+  if (this->gptr() && (this->gptr() < this->egptr()))
+    return traits_type::to_int_type(*(this->gptr()));
+
+  // If the file hasn't been opened for reading, produce error
+  if (!this->is_open() || !(io_mode & std::ios_base::in))
+    return traits_type::eof();
+
+  // Attempt to fill internal buffer from gzipped file
+  // (buffer must be guaranteed to exist...)
+  int bytes_read = gzread(file, buffer, buffer_size);
+  // Indicates error or EOF
+  if (bytes_read <= 0)
+  {
+    // Reset get area
+    this->setg(buffer, buffer, buffer);
+    return traits_type::eof();
+  }
+  // Make all bytes read from file available as get area
+  this->setg(buffer, buffer, buffer + bytes_read);
+
+  // Return next character in get area
+  return traits_type::to_int_type(*(this->gptr()));
+}
+
+// Write put area to gzipped file
+gzfilebuf::int_type
+gzfilebuf::overflow(int_type c)
+{
+  // Determine whether put area is in use
+  if (this->pbase())
+  {
+    // Double-check pointer range
+    if (this->pptr() > this->epptr() || this->pptr() < this->pbase())
+      return traits_type::eof();
+    // Add extra character to buffer if not EOF
+    if (!traits_type::eq_int_type(c, traits_type::eof()))
+    {
+      *(this->pptr()) = traits_type::to_char_type(c);
+      this->pbump(1);
+    }
+    // Number of characters to write to file
+    int bytes_to_write = this->pptr() - this->pbase();
+    // Overflow doesn't fail if nothing is to be written
+    if (bytes_to_write > 0)
+    {
+      // If the file hasn't been opened for writing, produce error
+      if (!this->is_open() || !(io_mode & std::ios_base::out))
+        return traits_type::eof();
+      // If gzipped file won't accept all bytes written to it, fail
+      if (gzwrite(file, this->pbase(), bytes_to_write) != bytes_to_write)
+        return traits_type::eof();
+      // Reset next pointer to point to pbase on success
+      this->pbump(-bytes_to_write);
+    }
+  }
+  // Write extra character to file if not EOF
+  else if (!traits_type::eq_int_type(c, traits_type::eof()))
+  {
+    // If the file hasn't been opened for writing, produce error
+    if (!this->is_open() || !(io_mode & std::ios_base::out))
+      return traits_type::eof();
+    // Impromptu char buffer (allows "unbuffered" output)
+    char_type last_char = traits_type::to_char_type(c);
+    // If gzipped file won't accept this character, fail
+    if (gzwrite(file, &last_char, 1) != 1)
+      return traits_type::eof();
+  }
+
+  // If you got here, you have succeeded (even if c was EOF)
+  // The return value should therefore be non-EOF
+  if (traits_type::eq_int_type(c, traits_type::eof()))
+    return traits_type::not_eof(c);
+  else
+    return c;
+}
+
+// Assign new buffer
+std::streambuf*
+gzfilebuf::setbuf(char_type* p,
+                  std::streamsize n)
+{
+  // First make sure stuff is sync'ed, for safety
+  if (this->sync() == -1)
+    return NULL;
+  // If buffering is turned off on purpose via setbuf(0,0), still allocate one...
+  // "Unbuffered" only really refers to put [27.8.1.4.10], while get needs at
+  // least a buffer of size 1 (very inefficient though, therefore make it bigger?)
+  // This follows from [27.5.2.4.3]/12 (gptr needs to point at something, it seems)
+  if (!p || !n)
+  {
+    // Replace existing buffer (if any) with small internal buffer
+    this->disable_buffer();
+    buffer = NULL;
+    buffer_size = 0;
+    own_buffer = true;
+    this->enable_buffer();
+  }
+  else
+  {
+    // Replace existing buffer (if any) with external buffer
+    this->disable_buffer();
+    buffer = p;
+    buffer_size = n;
+    own_buffer = false;
+    this->enable_buffer();
+  }
+  return this;
+}
+
+// Write put area to gzipped file (i.e. ensures that put area is empty)
+int
+gzfilebuf::sync()
+{
+  return traits_type::eq_int_type(this->overflow(), traits_type::eof()) ? -1 : 0;
+}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+// Allocate internal buffer
+void
+gzfilebuf::enable_buffer()
+{
+  // If internal buffer required, allocate one
+  if (own_buffer && !buffer)
+  {
+    // Check for buffered vs. "unbuffered"
+    if (buffer_size > 0)
+    {
+      // Allocate internal buffer
+      buffer = new char_type[buffer_size];
+      // Get area starts empty and will be expanded by underflow as need arises
+      this->setg(buffer, buffer, buffer);
+      // Setup entire internal buffer as put area.
+      // The one-past-end pointer actually points to the last element of the buffer,
+      // so that overflow(c) can safely add the extra character c to the sequence.
+      // These pointers remain in place for the duration of the buffer
+      this->setp(buffer, buffer + buffer_size - 1);
+    }
+    else
+    {
+      // Even in "unbuffered" case, (small?) get buffer is still required
+      buffer_size = SMALLBUFSIZE;
+      buffer = new char_type[buffer_size];
+      this->setg(buffer, buffer, buffer);
+      // "Unbuffered" means no put buffer
+      this->setp(0, 0);
+    }
+  }
+  else
+  {
+    // If buffer already allocated, reset buffer pointers just to make sure no
+    // stale chars are lying around
+    this->setg(buffer, buffer, buffer);
+    this->setp(buffer, buffer + buffer_size - 1);
+  }
+}
+
+// Destroy internal buffer
+void
+gzfilebuf::disable_buffer()
+{
+  // If internal buffer exists, deallocate it
+  if (own_buffer && buffer)
+  {
+    // Preserve unbuffered status by zeroing size
+    if (!this->pbase())
+      buffer_size = 0;
+    delete[] buffer;
+    buffer = NULL;
+    this->setg(0, 0, 0);
+    this->setp(0, 0);
+  }
+  else
+  {
+    // Reset buffer pointers to initial state if external buffer exists
+    this->setg(buffer, buffer, buffer);
+    if (buffer)
+      this->setp(buffer, buffer + buffer_size - 1);
+    else
+      this->setp(0, 0);
+  }
+}
+
+/*****************************************************************************/
+
+// Default constructor initializes stream buffer
+gzifstream::gzifstream()
+: std::istream(NULL), sb()
+{ this->init(&sb); }
+
+// Initialize stream buffer and open file
+gzifstream::gzifstream(const char* name,
+                       std::ios_base::openmode mode)
+: std::istream(NULL), sb()
+{
+  this->init(&sb);
+  this->open(name, mode);
+}
+
+// Initialize stream buffer and attach to file
+gzifstream::gzifstream(int fd,
+                       std::ios_base::openmode mode)
+: std::istream(NULL), sb()
+{
+  this->init(&sb);
+  this->attach(fd, mode);
+}
+
+// Open file and go into fail() state if unsuccessful
+void
+gzifstream::open(const char* name,
+                 std::ios_base::openmode mode)
+{
+  if (!sb.open(name, mode | std::ios_base::in))
+    this->setstate(std::ios_base::failbit);
+  else
+    this->clear();
+}
+
+// Attach to file and go into fail() state if unsuccessful
+void
+gzifstream::attach(int fd,
+                   std::ios_base::openmode mode)
+{
+  if (!sb.attach(fd, mode | std::ios_base::in))
+    this->setstate(std::ios_base::failbit);
+  else
+    this->clear();
+}
+
+// Close file
+void
+gzifstream::close()
+{
+  if (!sb.close())
+    this->setstate(std::ios_base::failbit);
+}
+
+/*****************************************************************************/
+
+// Default constructor initializes stream buffer
+gzofstream::gzofstream()
+: std::ostream(NULL), sb()
+{ this->init(&sb); }
+
+// Initialize stream buffer and open file
+gzofstream::gzofstream(const char* name,
+                       std::ios_base::openmode mode)
+: std::ostream(NULL), sb()
+{
+  this->init(&sb);
+  this->open(name, mode);
+}
+
+// Initialize stream buffer and attach to file
+gzofstream::gzofstream(int fd,
+                       std::ios_base::openmode mode)
+: std::ostream(NULL), sb()
+{
+  this->init(&sb);
+  this->attach(fd, mode);
+}
+
+// Open file and go into fail() state if unsuccessful
+void
+gzofstream::open(const char* name,
+                 std::ios_base::openmode mode)
+{
+  if (!sb.open(name, mode | std::ios_base::out))
+    this->setstate(std::ios_base::failbit);
+  else
+    this->clear();
+}
+
+// Attach to file and go into fail() state if unsuccessful
+void
+gzofstream::attach(int fd,
+                   std::ios_base::openmode mode)
+{
+  if (!sb.attach(fd, mode | std::ios_base::out))
+    this->setstate(std::ios_base::failbit);
+  else
+    this->clear();
+}
+
+// Close file
+void
+gzofstream::close()
+{
+  if (!sb.close())
+    this->setstate(std::ios_base::failbit);
+}
diff --git a/zlib-1.3.1/contrib/iostream3/zfstream.h b/zlib-1.3.1/contrib/iostream3/zfstream.h
new file mode 100644
index 00000000..3dabc0f9
--- /dev/null
+++ b/zlib-1.3.1/contrib/iostream3/zfstream.h
@@ -0,0 +1,466 @@
+/*
+ * A C++ I/O streams interface to the zlib gz* functions
+ *
+ * by Ludwig Schwardt <schwardt@sun.ac.za>
+ * original version by Kevin Ruland <kevin@rodin.wustl.edu>
+ *
+ * This version is standard-compliant and compatible with gcc 3.x.
+ */
+
+#ifndef ZFSTREAM_H
+#define ZFSTREAM_H
+
+#include <istream>  // not iostream, since we don't need cin/cout
+#include <ostream>
+#include "zlib.h"
+
+/*****************************************************************************/
+
+/**
+ *  @brief  Gzipped file stream buffer class.
+ *
+ *  This class implements basic_filebuf for gzipped files. It doesn't yet support
+ *  seeking (allowed by zlib but slow/limited), putback and read/write access
+ *  (tricky). Otherwise, it attempts to be a drop-in replacement for the standard
+ *  file streambuf.
+*/
+class gzfilebuf : public std::streambuf
+{
+public:
+  //  Default constructor.
+  gzfilebuf();
+
+  //  Destructor.
+  virtual
+  ~gzfilebuf();
+
+  /**
+   *  @brief  Set compression level and strategy on the fly.
+   *  @param  comp_level  Compression level (see zlib.h for allowed values)
+   *  @param  comp_strategy  Compression strategy (see zlib.h for allowed values)
+   *  @return  Z_OK on success, Z_STREAM_ERROR otherwise.
+   *
+   *  Unfortunately, these parameters cannot be modified separately, as the
+   *  previous zfstream version assumed. Since the strategy is seldom changed,
+   *  it can default and setcompression(level) then becomes like the old
+   *  setcompressionlevel(level).
+  */
+  int
+  setcompression(int comp_level,
+                 int comp_strategy = Z_DEFAULT_STRATEGY);
+
+  /**
+   *  @brief  Check if file is open.
+   *  @return  True if file is open.
+  */
+  bool
+  is_open() const { return (file != NULL); }
+
+  /**
+   *  @brief  Open gzipped file.
+   *  @param  name  File name.
+   *  @param  mode  Open mode flags.
+   *  @return  @c this on success, NULL on failure.
+  */
+  gzfilebuf*
+  open(const char* name,
+       std::ios_base::openmode mode);
+
+  /**
+   *  @brief  Attach to already open gzipped file.
+   *  @param  fd  File descriptor.
+   *  @param  mode  Open mode flags.
+   *  @return  @c this on success, NULL on failure.
+  */
+  gzfilebuf*
+  attach(int fd,
+         std::ios_base::openmode mode);
+
+  /**
+   *  @brief  Close gzipped file.
+   *  @return  @c this on success, NULL on failure.
+  */
+  gzfilebuf*
+  close();
+
+protected:
+  /**
+   *  @brief  Convert ios open mode int to mode string used by zlib.
+   *  @return  True if valid mode flag combination.
+  */
+  bool
+  open_mode(std::ios_base::openmode mode,
+            char* c_mode) const;
+
+  /**
+   *  @brief  Number of characters available in stream buffer.
+   *  @return  Number of characters.
+   *
+   *  This indicates number of characters in get area of stream buffer.
+   *  These characters can be read without accessing the gzipped file.
+  */
+  virtual std::streamsize
+  showmanyc();
+
+  /**
+   *  @brief  Fill get area from gzipped file.
+   *  @return  First character in get area on success, EOF on error.
+   *
+   *  This actually reads characters from gzipped file to stream
+   *  buffer. Always buffered.
+  */
+  virtual int_type
+  underflow();
+
+  /**
+   *  @brief  Write put area to gzipped file.
+   *  @param  c  Extra character to add to buffer contents.
+   *  @return  Non-EOF on success, EOF on error.
+   *
+   *  This actually writes characters in stream buffer to
+   *  gzipped file. With unbuffered output this is done one
+   *  character at a time.
+  */
+  virtual int_type
+  overflow(int_type c = traits_type::eof());
+
+  /**
+   *  @brief  Installs external stream buffer.
+   *  @param  p  Pointer to char buffer.
+   *  @param  n  Size of external buffer.
+   *  @return  @c this on success, NULL on failure.
+   *
+   *  Call setbuf(0,0) to enable unbuffered output.
+  */
+  virtual std::streambuf*
+  setbuf(char_type* p,
+         std::streamsize n);
+
+  /**
+   *  @brief  Flush stream buffer to file.
+   *  @return  0 on success, -1 on error.
+   *
+   *  This calls underflow(EOF) to do the job.
+  */
+  virtual int
+  sync();
+
+//
+// Some future enhancements
+//
+//  virtual int_type uflow();
+//  virtual int_type pbackfail(int_type c = traits_type::eof());
+//  virtual pos_type
+//  seekoff(off_type off,
+//          std::ios_base::seekdir way,
+//          std::ios_base::openmode mode = std::ios_base::in|std::ios_base::out);
+//  virtual pos_type
+//  seekpos(pos_type sp,
+//          std::ios_base::openmode mode = std::ios_base::in|std::ios_base::out);
+
+private:
+  /**
+   *  @brief  Allocate internal buffer.
+   *
+   *  This function is safe to call multiple times. It will ensure
+   *  that a proper internal buffer exists if it is required. If the
+   *  buffer already exists or is external, the buffer pointers will be
+   *  reset to their original state.
+  */
+  void
+  enable_buffer();
+
+  /**
+   *  @brief  Destroy internal buffer.
+   *
+   *  This function is safe to call multiple times. It will ensure
+   *  that the internal buffer is deallocated if it exists. In any
+   *  case, it will also reset the buffer pointers.
+  */
+  void
+  disable_buffer();
+
+  /**
+   *  Underlying file pointer.
+  */
+  gzFile file;
+
+  /**
+   *  Mode in which file was opened.
+  */
+  std::ios_base::openmode io_mode;
+
+  /**
+   *  @brief  True if this object owns file descriptor.
+   *
+   *  This makes the class responsible for closing the file
+   *  upon destruction.
+  */
+  bool own_fd;
+
+  /**
+   *  @brief  Stream buffer.
+   *
+   *  For simplicity this remains allocated on the free store for the
+   *  entire life span of the gzfilebuf object, unless replaced by setbuf.
+  */
+  char_type* buffer;
+
+  /**
+   *  @brief  Stream buffer size.
+   *
+   *  Defaults to system default buffer size (typically 8192 bytes).
+   *  Modified by setbuf.
+  */
+  std::streamsize buffer_size;
+
+  /**
+   *  @brief  True if this object owns stream buffer.
+   *
+   *  This makes the class responsible for deleting the buffer
+   *  upon destruction.
+  */
+  bool own_buffer;
+};
+
+/*****************************************************************************/
+
+/**
+ *  @brief  Gzipped file input stream class.
+ *
+ *  This class implements ifstream for gzipped files. Seeking and putback
+ *  is not supported yet.
+*/
+class gzifstream : public std::istream
+{
+public:
+  //  Default constructor
+  gzifstream();
+
+  /**
+   *  @brief  Construct stream on gzipped file to be opened.
+   *  @param  name  File name.
+   *  @param  mode  Open mode flags (forced to contain ios::in).
+  */
+  explicit
+  gzifstream(const char* name,
+             std::ios_base::openmode mode = std::ios_base::in);
+
+  /**
+   *  @brief  Construct stream on already open gzipped file.
+   *  @param  fd    File descriptor.
+   *  @param  mode  Open mode flags (forced to contain ios::in).
+  */
+  explicit
+  gzifstream(int fd,
+             std::ios_base::openmode mode = std::ios_base::in);
+
+  /**
+   *  Obtain underlying stream buffer.
+  */
+  gzfilebuf*
+  rdbuf() const
+  { return const_cast<gzfilebuf*>(&sb); }
+
+  /**
+   *  @brief  Check if file is open.
+   *  @return  True if file is open.
+  */
+  bool
+  is_open() { return sb.is_open(); }
+
+  /**
+   *  @brief  Open gzipped file.
+   *  @param  name  File name.
+   *  @param  mode  Open mode flags (forced to contain ios::in).
+   *
+   *  Stream will be in state good() if file opens successfully;
+   *  otherwise in state fail(). This differs from the behavior of
+   *  ifstream, which never sets the state to good() and therefore
+   *  won't allow you to reuse the stream for a second file unless
+   *  you manually clear() the state. The choice is a matter of
+   *  convenience.
+  */
+  void
+  open(const char* name,
+       std::ios_base::openmode mode = std::ios_base::in);
+
+  /**
+   *  @brief  Attach to already open gzipped file.
+   *  @param  fd  File descriptor.
+   *  @param  mode  Open mode flags (forced to contain ios::in).
+   *
+   *  Stream will be in state good() if attach succeeded; otherwise
+   *  in state fail().
+  */
+  void
+  attach(int fd,
+         std::ios_base::openmode mode = std::ios_base::in);
+
+  /**
+   *  @brief  Close gzipped file.
+   *
+   *  Stream will be in state fail() if close failed.
+  */
+  void
+  close();
+
+private:
+  /**
+   *  Underlying stream buffer.
+  */
+  gzfilebuf sb;
+};
+
+/*****************************************************************************/
+
+/**
+ *  @brief  Gzipped file output stream class.
+ *
+ *  This class implements ofstream for gzipped files. Seeking and putback
+ *  is not supported yet.
+*/
+class gzofstream : public std::ostream
+{
+public:
+  //  Default constructor
+  gzofstream();
+
+  /**
+   *  @brief  Construct stream on gzipped file to be opened.
+   *  @param  name  File name.
+   *  @param  mode  Open mode flags (forced to contain ios::out).
+  */
+  explicit
+  gzofstream(const char* name,
+             std::ios_base::openmode mode = std::ios_base::out);
+
+  /**
+   *  @brief  Construct stream on already open gzipped file.
+   *  @param  fd    File descriptor.
+   *  @param  mode  Open mode flags (forced to contain ios::out).
+  */
+  explicit
+  gzofstream(int fd,
+             std::ios_base::openmode mode = std::ios_base::out);
+
+  /**
+   *  Obtain underlying stream buffer.
+  */
+  gzfilebuf*
+  rdbuf() const
+  { return const_cast<gzfilebuf*>(&sb); }
+
+  /**
+   *  @brief  Check if file is open.
+   *  @return  True if file is open.
+  */
+  bool
+  is_open() { return sb.is_open(); }
+
+  /**
+   *  @brief  Open gzipped file.
+   *  @param  name  File name.
+   *  @param  mode  Open mode flags (forced to contain ios::out).
+   *
+   *  Stream will be in state good() if file opens successfully;
+   *  otherwise in state fail(). This differs from the behavior of
+   *  ofstream, which never sets the state to good() and therefore
+   *  won't allow you to reuse the stream for a second file unless
+   *  you manually clear() the state. The choice is a matter of
+   *  convenience.
+  */
+  void
+  open(const char* name,
+       std::ios_base::openmode mode = std::ios_base::out);
+
+  /**
+   *  @brief  Attach to already open gzipped file.
+   *  @param  fd  File descriptor.
+   *  @param  mode  Open mode flags (forced to contain ios::out).
+   *
+   *  Stream will be in state good() if attach succeeded; otherwise
+   *  in state fail().
+  */
+  void
+  attach(int fd,
+         std::ios_base::openmode mode = std::ios_base::out);
+
+  /**
+   *  @brief  Close gzipped file.
+   *
+   *  Stream will be in state fail() if close failed.
+  */
+  void
+  close();
+
+private:
+  /**
+   *  Underlying stream buffer.
+  */
+  gzfilebuf sb;
+};
+
+/*****************************************************************************/
+
+/**
+ *  @brief  Gzipped file output stream manipulator class.
+ *
+ *  This class defines a two-argument manipulator for gzofstream. It is used
+ *  as base for the setcompression(int,int) manipulator.
+*/
+template<typename T1, typename T2>
+  class gzomanip2
+  {
+  public:
+    // Allows inserter to peek at internals
+    template <typename Ta, typename Tb>
+      friend gzofstream&
+      operator<<(gzofstream&,
+                 const gzomanip2<Ta,Tb>&);
+
+    // Constructor
+    gzomanip2(gzofstream& (*f)(gzofstream&, T1, T2),
+              T1 v1,
+              T2 v2);
+  private:
+    // Underlying manipulator function
+    gzofstream&
+    (*func)(gzofstream&, T1, T2);
+
+    // Arguments for manipulator function
+    T1 val1;
+    T2 val2;
+  };
+
+/*****************************************************************************/
+
+// Manipulator function thunks through to stream buffer
+inline gzofstream&
+setcompression(gzofstream &gzs, int l, int s = Z_DEFAULT_STRATEGY)
+{
+  (gzs.rdbuf())->setcompression(l, s);
+  return gzs;
+}
+
+// Manipulator constructor stores arguments
+template<typename T1, typename T2>
+  inline
+  gzomanip2<T1,T2>::gzomanip2(gzofstream &(*f)(gzofstream &, T1, T2),
+                              T1 v1,
+                              T2 v2)
+  : func(f), val1(v1), val2(v2)
+  { }
+
+// Inserter applies underlying manipulator function to stream
+template<typename T1, typename T2>
+  inline gzofstream&
+  operator<<(gzofstream& s, const gzomanip2<T1,T2>& m)
+  { return (*m.func)(s, m.val1, m.val2); }
+
+// Insert this onto stream to simplify setting of compression level
+inline gzomanip2<int,int>
+setcompression(int l, int s = Z_DEFAULT_STRATEGY)
+{ return gzomanip2<int,int>(&setcompression, l, s); }
+
+#endif // ZFSTREAM_H
diff --git a/zlib-1.3.1/contrib/minizip/Makefile b/zlib-1.3.1/contrib/minizip/Makefile
new file mode 100644
index 00000000..3d927ec1
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/Makefile
@@ -0,0 +1,29 @@
+CC?=cc
+CFLAGS := $(CFLAGS) -O -I../..
+
+UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a
+ZIP_OBJS = minizip.o zip.o   ioapi.o ../../libz.a
+
+.c.o:
+	$(CC) -c $(CFLAGS) $*.c
+
+all: miniunz minizip
+
+miniunz:  $(UNZ_OBJS)
+	$(CC) $(CFLAGS) -o $@ $(UNZ_OBJS)
+
+minizip:  $(ZIP_OBJS)
+	$(CC) $(CFLAGS) -o $@ $(ZIP_OBJS)
+
+test:	miniunz minizip
+	@rm -f test.*
+	@echo hello hello hello > test.txt
+	./minizip test test.txt
+	./miniunz -l test.zip
+	@mv test.txt test.old
+	./miniunz test.zip
+	@cmp test.txt test.old
+	@rm -f test.*
+
+clean:
+	/bin/rm -f *.o *~ minizip miniunz test.*
diff --git a/zlib-1.3.1/contrib/minizip/Makefile.am b/zlib-1.3.1/contrib/minizip/Makefile.am
new file mode 100644
index 00000000..d343011e
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/Makefile.am
@@ -0,0 +1,45 @@
+lib_LTLIBRARIES = libminizip.la
+
+if COND_DEMOS
+bin_PROGRAMS = miniunzip minizip
+endif
+
+zlib_top_srcdir = $(top_srcdir)/../..
+zlib_top_builddir = $(top_builddir)/../..
+
+AM_CPPFLAGS = -I$(zlib_top_srcdir)
+AM_LDFLAGS = -L$(zlib_top_builddir)
+
+if WIN32
+iowin32_src = iowin32.c
+iowin32_h = iowin32.h
+endif
+
+libminizip_la_SOURCES = \
+	ioapi.c \
+	mztools.c \
+	unzip.c \
+	zip.c \
+	${iowin32_src}
+
+libminizip_la_LDFLAGS = $(AM_LDFLAGS) -version-info 1:0:0 -lz
+
+minizip_includedir = $(includedir)/minizip
+minizip_include_HEADERS = \
+	crypt.h \
+	ioapi.h \
+	mztools.h \
+	unzip.h \
+	zip.h \
+	${iowin32_h}
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = minizip.pc
+
+EXTRA_PROGRAMS = miniunzip minizip
+
+miniunzip_SOURCES = miniunz.c
+miniunzip_LDADD = libminizip.la
+
+minizip_SOURCES = minizip.c
+minizip_LDADD = libminizip.la -lz
diff --git a/zlib-1.3.1/contrib/minizip/MiniZip64_Changes.txt b/zlib-1.3.1/contrib/minizip/MiniZip64_Changes.txt
new file mode 100644
index 00000000..37594681
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/MiniZip64_Changes.txt
@@ -0,0 +1,6 @@
+
+MiniZip 1.1 was derived from MiniZip at version 1.01f
+
+Change in 1.0 (Okt 2009)
+ - **TODO - Add history**
+
diff --git a/zlib-1.3.1/contrib/minizip/MiniZip64_info.txt b/zlib-1.3.1/contrib/minizip/MiniZip64_info.txt
new file mode 100644
index 00000000..57d71524
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/MiniZip64_info.txt
@@ -0,0 +1,74 @@
+MiniZip - Copyright (c) 1998-2010 - by Gilles Vollant - version 1.1 64 bits from Mathias Svensson
+
+Introduction
+---------------------
+MiniZip 1.1 is built from MiniZip 1.0 by Gilles Vollant ( http://www.winimage.com/zLibDll/minizip.html )
+
+When adding ZIP64 support into minizip it would result into risk of breaking compatibility with minizip 1.0.
+All possible work was done for compatibility.
+
+
+Background
+---------------------
+When adding ZIP64 support Mathias Svensson found that Even Rouault have added ZIP64 
+support for unzip.c into minizip for a open source project called gdal ( http://www.gdal.org/ )
+
+That was used as a starting point. And after that ZIP64 support was added to zip.c
+some refactoring and code cleanup was also done.
+
+
+Changed from MiniZip 1.0 to MiniZip 1.1
+---------------------------------------
+* Added ZIP64 support for unzip ( by Even Rouault )
+* Added ZIP64 support for zip ( by Mathias Svensson )
+* Reverted some changed that Even Rouault did.
+* Bunch of patches received from Gulles Vollant that he received for MiniZip from various users.
+* Added unzip patch for BZIP Compression method (patch create by Daniel Borca)
+* Added BZIP Compress method for zip
+* Did some refactoring and code cleanup
+
+
+Credits
+
+ Gilles Vollant    - Original MiniZip author
+ Even Rouault      - ZIP64 unzip Support
+ Daniel Borca      - BZip Compression method support in unzip
+ Mathias Svensson  - ZIP64 zip support
+ Mathias Svensson  - BZip Compression method support in zip
+
+ Resources
+
+ ZipLayout   http://result42.com/projects/ZipFileLayout
+             Command line tool for Windows that shows the layout and information of the headers in a zip archive.
+             Used when debugging and validating the creation of zip files using MiniZip64
+
+
+ ZIP App Note  http://www.pkware.com/documents/casestudies/APPNOTE.TXT
+               Zip File specification
+
+
+Notes.
+ * To be able to use BZip compression method in zip64.c or unzip64.c the BZIP2 lib is needed and HAVE_BZIP2 need to be defined.
+
+License
+----------------------------------------------------------
+   Condition of use and distribution are the same than zlib :
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+----------------------------------------------------------
+
diff --git a/zlib-1.3.1/contrib/minizip/configure.ac b/zlib-1.3.1/contrib/minizip/configure.ac
new file mode 100644
index 00000000..15ec9171
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/configure.ac
@@ -0,0 +1,32 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_INIT([minizip], [1.3.1], [bugzilla.redhat.com])
+AC_CONFIG_SRCDIR([minizip.c])
+AM_INIT_AUTOMAKE([foreign])
+LT_INIT
+
+AC_MSG_CHECKING([whether to build example programs])
+AC_ARG_ENABLE([demos], AC_HELP_STRING([--enable-demos], [build example programs]))
+AM_CONDITIONAL([COND_DEMOS], [test "$enable_demos" = yes])
+if test "$enable_demos" = yes
+then
+	AC_MSG_RESULT([yes])
+else
+	AC_MSG_RESULT([no])
+fi
+
+case "${host}" in
+	*-mingw* | mingw*)
+		WIN32="yes"
+		;;
+	*)
+		;;
+esac
+AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
+
+
+AC_SUBST([HAVE_UNISTD_H], [0])
+AC_CHECK_HEADER([unistd.h], [HAVE_UNISTD_H=1], [])
+AC_CONFIG_FILES([Makefile minizip.pc])
+AC_OUTPUT
diff --git a/zlib-1.3.1/contrib/minizip/crypt.h b/zlib-1.3.1/contrib/minizip/crypt.h
new file mode 100644
index 00000000..f4b93b78
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/crypt.h
@@ -0,0 +1,128 @@
+/* crypt.h -- base code for crypt/uncrypt ZIPfile
+
+
+   Version 1.01e, February 12th, 2005
+
+   Copyright (C) 1998-2005 Gilles Vollant
+
+   This code is a modified version of crypting code in Infozip distribution
+
+   The encryption/decryption parts of this source code (as opposed to the
+   non-echoing password parts) were originally written in Europe.  The
+   whole source package can be freely distributed, including from the USA.
+   (Prior to January 2000, re-export from the US was a violation of US law.)
+
+   This encryption code is a direct transcription of the algorithm from
+   Roger Schlafly, described by Phil Katz in the file appnote.txt.  This
+   file (appnote.txt) is distributed with the PKZIP program (even in the
+   version without encryption capabilities).
+
+   If you don't need crypting in your application, just define symbols
+   NOCRYPT and NOUNCRYPT.
+
+   This code support the "Traditional PKWARE Encryption".
+
+   The new AES encryption added on Zip format by Winzip (see the page
+   http://www.winzip.com/aes_info.htm ) and PKWare PKZip 5.x Strong
+   Encryption is not supported.
+*/
+
+#define CRC32(c, b) ((*(pcrc_32_tab+(((int)(c) ^ (b)) & 0xff))) ^ ((c) >> 8))
+
+/***********************************************************************
+ * Return the next byte in the pseudo-random sequence
+ */
+static int decrypt_byte(unsigned long* pkeys, const z_crc_t* pcrc_32_tab) {
+    unsigned temp;  /* POTENTIAL BUG:  temp*(temp^1) may overflow in an
+                     * unpredictable manner on 16-bit systems; not a problem
+                     * with any known compiler so far, though */
+
+    (void)pcrc_32_tab;
+    temp = ((unsigned)(*(pkeys+2)) & 0xffff) | 2;
+    return (int)(((temp * (temp ^ 1)) >> 8) & 0xff);
+}
+
+/***********************************************************************
+ * Update the encryption keys with the next byte of plain text
+ */
+static int update_keys(unsigned long* pkeys, const z_crc_t* pcrc_32_tab, int c) {
+    (*(pkeys+0)) = CRC32((*(pkeys+0)), c);
+    (*(pkeys+1)) += (*(pkeys+0)) & 0xff;
+    (*(pkeys+1)) = (*(pkeys+1)) * 134775813L + 1;
+    {
+      register int keyshift = (int)((*(pkeys+1)) >> 24);
+      (*(pkeys+2)) = CRC32((*(pkeys+2)), keyshift);
+    }
+    return c;
+}
+
+
+/***********************************************************************
+ * Initialize the encryption keys and the random header according to
+ * the given password.
+ */
+static void init_keys(const char* passwd, unsigned long* pkeys, const z_crc_t* pcrc_32_tab) {
+    *(pkeys+0) = 305419896L;
+    *(pkeys+1) = 591751049L;
+    *(pkeys+2) = 878082192L;
+    while (*passwd != '\0') {
+        update_keys(pkeys,pcrc_32_tab,(int)*passwd);
+        passwd++;
+    }
+}
+
+#define zdecode(pkeys,pcrc_32_tab,c) \
+    (update_keys(pkeys,pcrc_32_tab,c ^= decrypt_byte(pkeys,pcrc_32_tab)))
+
+#define zencode(pkeys,pcrc_32_tab,c,t) \
+    (t=decrypt_byte(pkeys,pcrc_32_tab), update_keys(pkeys,pcrc_32_tab,c), (Byte)t^(c))
+
+#ifdef INCLUDECRYPTINGCODE_IFCRYPTALLOWED
+
+#define RAND_HEAD_LEN  12
+   /* "last resort" source for second part of crypt seed pattern */
+#  ifndef ZCR_SEED2
+#    define ZCR_SEED2 3141592654UL      /* use PI as default pattern */
+#  endif
+
+static unsigned crypthead(const char* passwd,       /* password string */
+                          unsigned char* buf,       /* where to write header */
+                          int bufSize,
+                          unsigned long* pkeys,
+                          const z_crc_t* pcrc_32_tab,
+                          unsigned long crcForCrypting) {
+    unsigned n;                  /* index in random header */
+    int t;                       /* temporary */
+    int c;                       /* random byte */
+    unsigned char header[RAND_HEAD_LEN-2]; /* random header */
+    static unsigned calls = 0;   /* ensure different random header each time */
+
+    if (bufSize<RAND_HEAD_LEN)
+      return 0;
+
+    /* First generate RAND_HEAD_LEN-2 random bytes. We encrypt the
+     * output of rand() to get less predictability, since rand() is
+     * often poorly implemented.
+     */
+    if (++calls == 1)
+    {
+        srand((unsigned)(time(NULL) ^ ZCR_SEED2));
+    }
+    init_keys(passwd, pkeys, pcrc_32_tab);
+    for (n = 0; n < RAND_HEAD_LEN-2; n++)
+    {
+        c = (rand() >> 7) & 0xff;
+        header[n] = (unsigned char)zencode(pkeys, pcrc_32_tab, c, t);
+    }
+    /* Encrypt random header (last two bytes is high word of crc) */
+    init_keys(passwd, pkeys, pcrc_32_tab);
+    for (n = 0; n < RAND_HEAD_LEN-2; n++)
+    {
+        buf[n] = (unsigned char)zencode(pkeys, pcrc_32_tab, header[n], t);
+    }
+    buf[n++] = (unsigned char)zencode(pkeys, pcrc_32_tab, (int)(crcForCrypting >> 16) & 0xff, t);
+    buf[n++] = (unsigned char)zencode(pkeys, pcrc_32_tab, (int)(crcForCrypting >> 24) & 0xff, t);
+    return n;
+}
+
+#endif
diff --git a/zlib-1.3.1/contrib/minizip/ioapi.c b/zlib-1.3.1/contrib/minizip/ioapi.c
new file mode 100644
index 00000000..782d3246
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/ioapi.c
@@ -0,0 +1,231 @@
+/* ioapi.h -- IO base function header for compress/uncompress .zip
+   part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications for Zip64 support
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+*/
+
+#if defined(_WIN32) && (!(defined(_CRT_SECURE_NO_WARNINGS)))
+        #define _CRT_SECURE_NO_WARNINGS
+#endif
+
+#if defined(__APPLE__) || defined(IOAPI_NO_64) || defined(__HAIKU__) || defined(MINIZIP_FOPEN_NO_64)
+// In darwin and perhaps other BSD variants off_t is a 64 bit value, hence no need for specific 64 bit functions
+#define FOPEN_FUNC(filename, mode) fopen(filename, mode)
+#define FTELLO_FUNC(stream) ftello(stream)
+#define FSEEKO_FUNC(stream, offset, origin) fseeko(stream, offset, origin)
+#else
+#define FOPEN_FUNC(filename, mode) fopen64(filename, mode)
+#define FTELLO_FUNC(stream) ftello64(stream)
+#define FSEEKO_FUNC(stream, offset, origin) fseeko64(stream, offset, origin)
+#endif
+
+
+#include "ioapi.h"
+
+voidpf call_zopen64 (const zlib_filefunc64_32_def* pfilefunc, const void*filename, int mode) {
+    if (pfilefunc->zfile_func64.zopen64_file != NULL)
+        return (*(pfilefunc->zfile_func64.zopen64_file)) (pfilefunc->zfile_func64.opaque,filename,mode);
+    else
+    {
+        return (*(pfilefunc->zopen32_file))(pfilefunc->zfile_func64.opaque,(const char*)filename,mode);
+    }
+}
+
+long call_zseek64 (const zlib_filefunc64_32_def* pfilefunc,voidpf filestream, ZPOS64_T offset, int origin) {
+    if (pfilefunc->zfile_func64.zseek64_file != NULL)
+        return (*(pfilefunc->zfile_func64.zseek64_file)) (pfilefunc->zfile_func64.opaque,filestream,offset,origin);
+    else
+    {
+        uLong offsetTruncated = (uLong)offset;
+        if (offsetTruncated != offset)
+            return -1;
+        else
+            return (*(pfilefunc->zseek32_file))(pfilefunc->zfile_func64.opaque,filestream,offsetTruncated,origin);
+    }
+}
+
+ZPOS64_T call_ztell64 (const zlib_filefunc64_32_def* pfilefunc, voidpf filestream) {
+    if (pfilefunc->zfile_func64.zseek64_file != NULL)
+        return (*(pfilefunc->zfile_func64.ztell64_file)) (pfilefunc->zfile_func64.opaque,filestream);
+    else
+    {
+        uLong tell_uLong = (uLong)(*(pfilefunc->ztell32_file))(pfilefunc->zfile_func64.opaque,filestream);
+        if ((tell_uLong) == MAXU32)
+            return (ZPOS64_T)-1;
+        else
+            return tell_uLong;
+    }
+}
+
+void fill_zlib_filefunc64_32_def_from_filefunc32(zlib_filefunc64_32_def* p_filefunc64_32, const zlib_filefunc_def* p_filefunc32) {
+    p_filefunc64_32->zfile_func64.zopen64_file = NULL;
+    p_filefunc64_32->zopen32_file = p_filefunc32->zopen_file;
+    p_filefunc64_32->zfile_func64.zread_file = p_filefunc32->zread_file;
+    p_filefunc64_32->zfile_func64.zwrite_file = p_filefunc32->zwrite_file;
+    p_filefunc64_32->zfile_func64.ztell64_file = NULL;
+    p_filefunc64_32->zfile_func64.zseek64_file = NULL;
+    p_filefunc64_32->zfile_func64.zclose_file = p_filefunc32->zclose_file;
+    p_filefunc64_32->zfile_func64.zerror_file = p_filefunc32->zerror_file;
+    p_filefunc64_32->zfile_func64.opaque = p_filefunc32->opaque;
+    p_filefunc64_32->zseek32_file = p_filefunc32->zseek_file;
+    p_filefunc64_32->ztell32_file = p_filefunc32->ztell_file;
+}
+
+
+
+static voidpf ZCALLBACK fopen_file_func(voidpf opaque, const char* filename, int mode) {
+    FILE* file = NULL;
+    const char* mode_fopen = NULL;
+    (void)opaque;
+    if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
+        mode_fopen = "rb";
+    else
+    if (mode & ZLIB_FILEFUNC_MODE_EXISTING)
+        mode_fopen = "r+b";
+    else
+    if (mode & ZLIB_FILEFUNC_MODE_CREATE)
+        mode_fopen = "wb";
+
+    if ((filename!=NULL) && (mode_fopen != NULL))
+        file = fopen(filename, mode_fopen);
+    return file;
+}
+
+static voidpf ZCALLBACK fopen64_file_func(voidpf opaque, const void* filename, int mode) {
+    FILE* file = NULL;
+    const char* mode_fopen = NULL;
+    (void)opaque;
+    if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
+        mode_fopen = "rb";
+    else
+    if (mode & ZLIB_FILEFUNC_MODE_EXISTING)
+        mode_fopen = "r+b";
+    else
+    if (mode & ZLIB_FILEFUNC_MODE_CREATE)
+        mode_fopen = "wb";
+
+    if ((filename!=NULL) && (mode_fopen != NULL))
+        file = FOPEN_FUNC((const char*)filename, mode_fopen);
+    return file;
+}
+
+
+static uLong ZCALLBACK fread_file_func(voidpf opaque, voidpf stream, void* buf, uLong size) {
+    uLong ret;
+    (void)opaque;
+    ret = (uLong)fread(buf, 1, (size_t)size, (FILE *)stream);
+    return ret;
+}
+
+static uLong ZCALLBACK fwrite_file_func(voidpf opaque, voidpf stream, const void* buf, uLong size) {
+    uLong ret;
+    (void)opaque;
+    ret = (uLong)fwrite(buf, 1, (size_t)size, (FILE *)stream);
+    return ret;
+}
+
+static long ZCALLBACK ftell_file_func(voidpf opaque, voidpf stream) {
+    long ret;
+    (void)opaque;
+    ret = ftell((FILE *)stream);
+    return ret;
+}
+
+
+static ZPOS64_T ZCALLBACK ftell64_file_func(voidpf opaque, voidpf stream) {
+    ZPOS64_T ret;
+    (void)opaque;
+    ret = (ZPOS64_T)FTELLO_FUNC((FILE *)stream);
+    return ret;
+}
+
+static long ZCALLBACK fseek_file_func(voidpf opaque, voidpf stream, uLong offset, int origin) {
+    int fseek_origin=0;
+    long ret;
+    (void)opaque;
+    switch (origin)
+    {
+    case ZLIB_FILEFUNC_SEEK_CUR :
+        fseek_origin = SEEK_CUR;
+        break;
+    case ZLIB_FILEFUNC_SEEK_END :
+        fseek_origin = SEEK_END;
+        break;
+    case ZLIB_FILEFUNC_SEEK_SET :
+        fseek_origin = SEEK_SET;
+        break;
+    default: return -1;
+    }
+    ret = 0;
+    if (fseek((FILE *)stream, (long)offset, fseek_origin) != 0)
+        ret = -1;
+    return ret;
+}
+
+static long ZCALLBACK fseek64_file_func(voidpf opaque, voidpf stream, ZPOS64_T offset, int origin) {
+    int fseek_origin=0;
+    long ret;
+    (void)opaque;
+    switch (origin)
+    {
+    case ZLIB_FILEFUNC_SEEK_CUR :
+        fseek_origin = SEEK_CUR;
+        break;
+    case ZLIB_FILEFUNC_SEEK_END :
+        fseek_origin = SEEK_END;
+        break;
+    case ZLIB_FILEFUNC_SEEK_SET :
+        fseek_origin = SEEK_SET;
+        break;
+    default: return -1;
+    }
+    ret = 0;
+
+    if(FSEEKO_FUNC((FILE *)stream, (z_off64_t)offset, fseek_origin) != 0)
+                        ret = -1;
+
+    return ret;
+}
+
+
+static int ZCALLBACK fclose_file_func(voidpf opaque, voidpf stream) {
+    int ret;
+    (void)opaque;
+    ret = fclose((FILE *)stream);
+    return ret;
+}
+
+static int ZCALLBACK ferror_file_func(voidpf opaque, voidpf stream) {
+    int ret;
+    (void)opaque;
+    ret = ferror((FILE *)stream);
+    return ret;
+}
+
+void fill_fopen_filefunc(zlib_filefunc_def* pzlib_filefunc_def) {
+    pzlib_filefunc_def->zopen_file = fopen_file_func;
+    pzlib_filefunc_def->zread_file = fread_file_func;
+    pzlib_filefunc_def->zwrite_file = fwrite_file_func;
+    pzlib_filefunc_def->ztell_file = ftell_file_func;
+    pzlib_filefunc_def->zseek_file = fseek_file_func;
+    pzlib_filefunc_def->zclose_file = fclose_file_func;
+    pzlib_filefunc_def->zerror_file = ferror_file_func;
+    pzlib_filefunc_def->opaque = NULL;
+}
+
+void fill_fopen64_filefunc(zlib_filefunc64_def* pzlib_filefunc_def) {
+    pzlib_filefunc_def->zopen64_file = fopen64_file_func;
+    pzlib_filefunc_def->zread_file = fread_file_func;
+    pzlib_filefunc_def->zwrite_file = fwrite_file_func;
+    pzlib_filefunc_def->ztell64_file = ftell64_file_func;
+    pzlib_filefunc_def->zseek64_file = fseek64_file_func;
+    pzlib_filefunc_def->zclose_file = fclose_file_func;
+    pzlib_filefunc_def->zerror_file = ferror_file_func;
+    pzlib_filefunc_def->opaque = NULL;
+}
diff --git a/zlib-1.3.1/contrib/minizip/ioapi.h b/zlib-1.3.1/contrib/minizip/ioapi.h
new file mode 100644
index 00000000..a2d2e6e6
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/ioapi.h
@@ -0,0 +1,210 @@
+/* ioapi.h -- IO base function header for compress/uncompress .zip
+   part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications for Zip64 support
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+         Changes
+
+    Oct-2009 - Defined ZPOS64_T to fpos_t on windows and u_int64_t on linux. (might need to find a better why for this)
+    Oct-2009 - Change to fseeko64, ftello64 and fopen64 so large files would work on linux.
+               More if/def section may be needed to support other platforms
+    Oct-2009 - Defined fxxxx64 calls to normal fopen/ftell/fseek so they would compile on windows.
+                          (but you should use iowin32.c for windows instead)
+
+*/
+
+#ifndef _ZLIBIOAPI64_H
+#define _ZLIBIOAPI64_H
+
+#if (!defined(_WIN32)) && (!defined(WIN32)) && (!defined(__APPLE__))
+
+  // Linux needs this to support file operation on files larger then 4+GB
+  // But might need better if/def to select just the platforms that needs them.
+
+        #ifndef __USE_FILE_OFFSET64
+                #define __USE_FILE_OFFSET64
+        #endif
+        #ifndef __USE_LARGEFILE64
+                #define __USE_LARGEFILE64
+        #endif
+        #ifndef _LARGEFILE64_SOURCE
+                #define _LARGEFILE64_SOURCE
+        #endif
+        #ifndef _FILE_OFFSET_BIT
+                #define _FILE_OFFSET_BIT 64
+        #endif
+
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "zlib.h"
+
+#if defined(USE_FILE32API)
+#define fopen64 fopen
+#define ftello64 ftell
+#define fseeko64 fseek
+#else
+#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__HAIKU__) || defined(MINIZIP_FOPEN_NO_64)
+#define fopen64 fopen
+#define ftello64 ftello
+#define fseeko64 fseeko
+#endif
+#ifdef _MSC_VER
+ #define fopen64 fopen
+ #if (_MSC_VER >= 1400) && (!(defined(NO_MSCVER_FILE64_FUNC)))
+  #define ftello64 _ftelli64
+  #define fseeko64 _fseeki64
+ #else // old MSC
+  #define ftello64 ftell
+  #define fseeko64 fseek
+ #endif
+#endif
+#endif
+
+/*
+#ifndef ZPOS64_T
+  #ifdef _WIN32
+                #define ZPOS64_T fpos_t
+  #else
+    #include <stdint.h>
+    #define ZPOS64_T uint64_t
+  #endif
+#endif
+*/
+
+#ifdef HAVE_MINIZIP64_CONF_H
+#include "mz64conf.h"
+#endif
+
+/* a type chosen by DEFINE */
+#ifdef HAVE_64BIT_INT_CUSTOM
+typedef  64BIT_INT_CUSTOM_TYPE ZPOS64_T;
+#else
+#ifdef HAS_STDINT_H
+#include "stdint.h"
+typedef uint64_t ZPOS64_T;
+#else
+
+
+
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+typedef unsigned __int64 ZPOS64_T;
+#else
+typedef unsigned long long int ZPOS64_T;
+#endif
+#endif
+#endif
+
+/* Maximum unsigned 32-bit value used as placeholder for zip64 */
+#ifndef MAXU32
+#define MAXU32 (0xffffffff)
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define ZLIB_FILEFUNC_SEEK_CUR (1)
+#define ZLIB_FILEFUNC_SEEK_END (2)
+#define ZLIB_FILEFUNC_SEEK_SET (0)
+
+#define ZLIB_FILEFUNC_MODE_READ      (1)
+#define ZLIB_FILEFUNC_MODE_WRITE     (2)
+#define ZLIB_FILEFUNC_MODE_READWRITEFILTER (3)
+
+#define ZLIB_FILEFUNC_MODE_EXISTING (4)
+#define ZLIB_FILEFUNC_MODE_CREATE   (8)
+
+
+#ifndef ZCALLBACK
+ #if (defined(WIN32) || defined(_WIN32) || defined (WINDOWS) || defined (_WINDOWS)) && defined(CALLBACK) && defined (USEWINDOWS_CALLBACK)
+   #define ZCALLBACK CALLBACK
+ #else
+   #define ZCALLBACK
+ #endif
+#endif
+
+
+
+
+typedef voidpf   (ZCALLBACK *open_file_func)      (voidpf opaque, const char* filename, int mode);
+typedef uLong    (ZCALLBACK *read_file_func)      (voidpf opaque, voidpf stream, void* buf, uLong size);
+typedef uLong    (ZCALLBACK *write_file_func)     (voidpf opaque, voidpf stream, const void* buf, uLong size);
+typedef int      (ZCALLBACK *close_file_func)     (voidpf opaque, voidpf stream);
+typedef int      (ZCALLBACK *testerror_file_func) (voidpf opaque, voidpf stream);
+
+typedef long     (ZCALLBACK *tell_file_func)      (voidpf opaque, voidpf stream);
+typedef long     (ZCALLBACK *seek_file_func)      (voidpf opaque, voidpf stream, uLong offset, int origin);
+
+
+/* here is the "old" 32 bits structure */
+typedef struct zlib_filefunc_def_s
+{
+    open_file_func      zopen_file;
+    read_file_func      zread_file;
+    write_file_func     zwrite_file;
+    tell_file_func      ztell_file;
+    seek_file_func      zseek_file;
+    close_file_func     zclose_file;
+    testerror_file_func zerror_file;
+    voidpf              opaque;
+} zlib_filefunc_def;
+
+typedef ZPOS64_T (ZCALLBACK *tell64_file_func)    (voidpf opaque, voidpf stream);
+typedef long     (ZCALLBACK *seek64_file_func)    (voidpf opaque, voidpf stream, ZPOS64_T offset, int origin);
+typedef voidpf   (ZCALLBACK *open64_file_func)    (voidpf opaque, const void* filename, int mode);
+
+typedef struct zlib_filefunc64_def_s
+{
+    open64_file_func    zopen64_file;
+    read_file_func      zread_file;
+    write_file_func     zwrite_file;
+    tell64_file_func    ztell64_file;
+    seek64_file_func    zseek64_file;
+    close_file_func     zclose_file;
+    testerror_file_func zerror_file;
+    voidpf              opaque;
+} zlib_filefunc64_def;
+
+void fill_fopen64_filefunc(zlib_filefunc64_def* pzlib_filefunc_def);
+void fill_fopen_filefunc(zlib_filefunc_def* pzlib_filefunc_def);
+
+/* now internal definition, only for zip.c and unzip.h */
+typedef struct zlib_filefunc64_32_def_s
+{
+    zlib_filefunc64_def zfile_func64;
+    open_file_func      zopen32_file;
+    tell_file_func      ztell32_file;
+    seek_file_func      zseek32_file;
+} zlib_filefunc64_32_def;
+
+
+#define ZREAD64(filefunc,filestream,buf,size)     ((*((filefunc).zfile_func64.zread_file))   ((filefunc).zfile_func64.opaque,filestream,buf,size))
+#define ZWRITE64(filefunc,filestream,buf,size)    ((*((filefunc).zfile_func64.zwrite_file))  ((filefunc).zfile_func64.opaque,filestream,buf,size))
+//#define ZTELL64(filefunc,filestream)            ((*((filefunc).ztell64_file)) ((filefunc).opaque,filestream))
+//#define ZSEEK64(filefunc,filestream,pos,mode)   ((*((filefunc).zseek64_file)) ((filefunc).opaque,filestream,pos,mode))
+#define ZCLOSE64(filefunc,filestream)             ((*((filefunc).zfile_func64.zclose_file))  ((filefunc).zfile_func64.opaque,filestream))
+#define ZERROR64(filefunc,filestream)             ((*((filefunc).zfile_func64.zerror_file))  ((filefunc).zfile_func64.opaque,filestream))
+
+voidpf call_zopen64(const zlib_filefunc64_32_def* pfilefunc,const void*filename,int mode);
+long call_zseek64(const zlib_filefunc64_32_def* pfilefunc,voidpf filestream, ZPOS64_T offset, int origin);
+ZPOS64_T call_ztell64(const zlib_filefunc64_32_def* pfilefunc,voidpf filestream);
+
+void fill_zlib_filefunc64_32_def_from_filefunc32(zlib_filefunc64_32_def* p_filefunc64_32,const zlib_filefunc_def* p_filefunc32);
+
+#define ZOPEN64(filefunc,filename,mode)         (call_zopen64((&(filefunc)),(filename),(mode)))
+#define ZTELL64(filefunc,filestream)            (call_ztell64((&(filefunc)),(filestream)))
+#define ZSEEK64(filefunc,filestream,pos,mode)   (call_zseek64((&(filefunc)),(filestream),(pos),(mode)))
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/zlib-1.3.1/contrib/minizip/iowin32.c b/zlib-1.3.1/contrib/minizip/iowin32.c
new file mode 100644
index 00000000..08536e94
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/iowin32.c
@@ -0,0 +1,440 @@
+/* iowin32.c -- IO base function header for compress/uncompress .zip
+     Version 1.1, February 14h, 2010
+     part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications for Zip64 support
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+     For more info read MiniZip_info.txt
+
+*/
+
+#include <stdlib.h>
+
+#include "zlib.h"
+#include "ioapi.h"
+#include "iowin32.h"
+
+#ifndef INVALID_HANDLE_VALUE
+#define INVALID_HANDLE_VALUE (0xFFFFFFFF)
+#endif
+
+#ifndef INVALID_SET_FILE_POINTER
+#define INVALID_SET_FILE_POINTER ((DWORD)-1)
+#endif
+
+
+// see Include/shared/winapifamily.h in the Windows Kit
+#if defined(WINAPI_FAMILY_PARTITION) && (!(defined(IOWIN32_USING_WINRT_API)))
+
+#if !defined(WINAPI_FAMILY_ONE_PARTITION)
+#define WINAPI_FAMILY_ONE_PARTITION(PartitionSet, Partition) ((WINAPI_FAMILY & PartitionSet) == Partition)
+#endif
+
+#if WINAPI_FAMILY_ONE_PARTITION(WINAPI_FAMILY, WINAPI_PARTITION_APP)
+#define IOWIN32_USING_WINRT_API 1
+#endif
+#endif
+
+typedef struct
+{
+    HANDLE hf;
+    int error;
+} WIN32FILE_IOWIN;
+
+
+static void win32_translate_open_mode(int mode,
+                                      DWORD* lpdwDesiredAccess,
+                                      DWORD* lpdwCreationDisposition,
+                                      DWORD* lpdwShareMode,
+                                      DWORD* lpdwFlagsAndAttributes) {
+    *lpdwDesiredAccess = *lpdwShareMode = *lpdwFlagsAndAttributes = *lpdwCreationDisposition = 0;
+
+    if ((mode & ZLIB_FILEFUNC_MODE_READWRITEFILTER)==ZLIB_FILEFUNC_MODE_READ)
+    {
+        *lpdwDesiredAccess = GENERIC_READ;
+        *lpdwCreationDisposition = OPEN_EXISTING;
+        *lpdwShareMode = FILE_SHARE_READ;
+    }
+    else if (mode & ZLIB_FILEFUNC_MODE_EXISTING)
+    {
+        *lpdwDesiredAccess = GENERIC_WRITE | GENERIC_READ;
+        *lpdwCreationDisposition = OPEN_EXISTING;
+    }
+    else if (mode & ZLIB_FILEFUNC_MODE_CREATE)
+    {
+        *lpdwDesiredAccess = GENERIC_WRITE | GENERIC_READ;
+        *lpdwCreationDisposition = CREATE_ALWAYS;
+    }
+}
+
+static voidpf win32_build_iowin(HANDLE hFile) {
+    voidpf ret=NULL;
+
+    if ((hFile != NULL) && (hFile != INVALID_HANDLE_VALUE))
+    {
+        WIN32FILE_IOWIN w32fiow;
+        w32fiow.hf = hFile;
+        w32fiow.error = 0;
+        ret = malloc(sizeof(WIN32FILE_IOWIN));
+
+        if (ret==NULL)
+            CloseHandle(hFile);
+        else
+            *((WIN32FILE_IOWIN*)ret) = w32fiow;
+    }
+    return ret;
+}
+
+voidpf ZCALLBACK win32_open64_file_func(voidpf opaque, const void* filename, int mode) {
+    const char* mode_fopen = NULL;
+    DWORD dwDesiredAccess,dwCreationDisposition,dwShareMode,dwFlagsAndAttributes ;
+    HANDLE hFile = NULL;
+
+    win32_translate_open_mode(mode,&dwDesiredAccess,&dwCreationDisposition,&dwShareMode,&dwFlagsAndAttributes);
+
+#ifdef IOWIN32_USING_WINRT_API
+#ifdef UNICODE
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFile2((LPCTSTR)filename, dwDesiredAccess, dwShareMode, dwCreationDisposition, NULL);
+#else
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+    {
+        WCHAR filenameW[FILENAME_MAX + 0x200 + 1];
+        MultiByteToWideChar(CP_ACP,0,(const char*)filename,-1,filenameW,FILENAME_MAX + 0x200);
+        hFile = CreateFile2(filenameW, dwDesiredAccess, dwShareMode, dwCreationDisposition, NULL);
+    }
+#endif
+#else
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFile((LPCTSTR)filename, dwDesiredAccess, dwShareMode, NULL, dwCreationDisposition, dwFlagsAndAttributes, NULL);
+#endif
+
+    return win32_build_iowin(hFile);
+}
+
+
+voidpf ZCALLBACK win32_open64_file_funcA(voidpf opaque, const void* filename, int mode) {
+    const char* mode_fopen = NULL;
+    DWORD dwDesiredAccess,dwCreationDisposition,dwShareMode,dwFlagsAndAttributes ;
+    HANDLE hFile = NULL;
+
+    win32_translate_open_mode(mode,&dwDesiredAccess,&dwCreationDisposition,&dwShareMode,&dwFlagsAndAttributes);
+
+#ifdef IOWIN32_USING_WINRT_API
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+    {
+        WCHAR filenameW[FILENAME_MAX + 0x200 + 1];
+        MultiByteToWideChar(CP_ACP,0,(const char*)filename,-1,filenameW,FILENAME_MAX + 0x200);
+        hFile = CreateFile2(filenameW, dwDesiredAccess, dwShareMode, dwCreationDisposition, NULL);
+    }
+#else
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFileA((LPCSTR)filename, dwDesiredAccess, dwShareMode, NULL, dwCreationDisposition, dwFlagsAndAttributes, NULL);
+#endif
+
+    return win32_build_iowin(hFile);
+}
+
+
+voidpf ZCALLBACK win32_open64_file_funcW(voidpf opaque, const void* filename, int mode) {
+    const char* mode_fopen = NULL;
+    DWORD dwDesiredAccess,dwCreationDisposition,dwShareMode,dwFlagsAndAttributes ;
+    HANDLE hFile = NULL;
+
+    win32_translate_open_mode(mode,&dwDesiredAccess,&dwCreationDisposition,&dwShareMode,&dwFlagsAndAttributes);
+
+#ifdef IOWIN32_USING_WINRT_API
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFile2((LPCWSTR)filename, dwDesiredAccess, dwShareMode, dwCreationDisposition,NULL);
+#else
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFileW((LPCWSTR)filename, dwDesiredAccess, dwShareMode, NULL, dwCreationDisposition, dwFlagsAndAttributes, NULL);
+#endif
+
+    return win32_build_iowin(hFile);
+}
+
+
+voidpf ZCALLBACK win32_open_file_func(voidpf opaque, const char* filename, int mode) {
+    const char* mode_fopen = NULL;
+    DWORD dwDesiredAccess,dwCreationDisposition,dwShareMode,dwFlagsAndAttributes ;
+    HANDLE hFile = NULL;
+
+    win32_translate_open_mode(mode,&dwDesiredAccess,&dwCreationDisposition,&dwShareMode,&dwFlagsAndAttributes);
+
+#ifdef IOWIN32_USING_WINRT_API
+#ifdef UNICODE
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFile2((LPCTSTR)filename, dwDesiredAccess, dwShareMode, dwCreationDisposition, NULL);
+#else
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+    {
+        WCHAR filenameW[FILENAME_MAX + 0x200 + 1];
+        MultiByteToWideChar(CP_ACP,0,(const char*)filename,-1,filenameW,FILENAME_MAX + 0x200);
+        hFile = CreateFile2(filenameW, dwDesiredAccess, dwShareMode, dwCreationDisposition, NULL);
+    }
+#endif
+#else
+    if ((filename!=NULL) && (dwDesiredAccess != 0))
+        hFile = CreateFile((LPCTSTR)filename, dwDesiredAccess, dwShareMode, NULL, dwCreationDisposition, dwFlagsAndAttributes, NULL);
+#endif
+
+    return win32_build_iowin(hFile);
+}
+
+
+uLong ZCALLBACK win32_read_file_func(voidpf opaque, voidpf stream, void* buf,uLong size) {
+    uLong ret=0;
+    HANDLE hFile = NULL;
+    if (stream!=NULL)
+        hFile = ((WIN32FILE_IOWIN*)stream) -> hf;
+
+    if (hFile != NULL)
+    {
+        if (!ReadFile(hFile, buf, size, &ret, NULL))
+        {
+            DWORD dwErr = GetLastError();
+            if (dwErr == ERROR_HANDLE_EOF)
+                dwErr = 0;
+            ((WIN32FILE_IOWIN*)stream) -> error=(int)dwErr;
+        }
+    }
+
+    return ret;
+}
+
+
+uLong ZCALLBACK win32_write_file_func(voidpf opaque, voidpf stream, const void* buf, uLong size) {
+    uLong ret=0;
+    HANDLE hFile = NULL;
+    if (stream!=NULL)
+        hFile = ((WIN32FILE_IOWIN*)stream) -> hf;
+
+    if (hFile != NULL)
+    {
+        if (!WriteFile(hFile, buf, size, &ret, NULL))
+        {
+            DWORD dwErr = GetLastError();
+            if (dwErr == ERROR_HANDLE_EOF)
+                dwErr = 0;
+            ((WIN32FILE_IOWIN*)stream) -> error=(int)dwErr;
+        }
+    }
+
+    return ret;
+}
+
+static BOOL MySetFilePointerEx(HANDLE hFile, LARGE_INTEGER pos, LARGE_INTEGER *newPos, DWORD dwMoveMethod) {
+#ifdef IOWIN32_USING_WINRT_API
+    return SetFilePointerEx(hFile, pos, newPos, dwMoveMethod);
+#else
+    LONG lHigh = pos.HighPart;
+    DWORD dwNewPos = SetFilePointer(hFile, pos.LowPart, &lHigh, dwMoveMethod);
+    BOOL fOk = TRUE;
+    if (dwNewPos == 0xFFFFFFFF)
+        if (GetLastError() != NO_ERROR)
+            fOk = FALSE;
+    if ((newPos != NULL) && (fOk))
+    {
+        newPos->LowPart = dwNewPos;
+        newPos->HighPart = lHigh;
+    }
+    return fOk;
+#endif
+}
+
+long ZCALLBACK win32_tell_file_func(voidpf opaque, voidpf stream) {
+    long ret=-1;
+    HANDLE hFile = NULL;
+    if (stream!=NULL)
+        hFile = ((WIN32FILE_IOWIN*)stream) -> hf;
+    if (hFile != NULL)
+    {
+        LARGE_INTEGER pos;
+        pos.QuadPart = 0;
+
+        if (!MySetFilePointerEx(hFile, pos, &pos, FILE_CURRENT))
+        {
+            DWORD dwErr = GetLastError();
+            ((WIN32FILE_IOWIN*)stream) -> error=(int)dwErr;
+            ret = -1;
+        }
+        else
+            ret=(long)pos.LowPart;
+    }
+    return ret;
+}
+
+ZPOS64_T ZCALLBACK win32_tell64_file_func(voidpf opaque, voidpf stream) {
+    ZPOS64_T ret= (ZPOS64_T)-1;
+    HANDLE hFile = NULL;
+    if (stream!=NULL)
+        hFile = ((WIN32FILE_IOWIN*)stream)->hf;
+
+    if (hFile)
+    {
+        LARGE_INTEGER pos;
+        pos.QuadPart = 0;
+
+        if (!MySetFilePointerEx(hFile, pos, &pos, FILE_CURRENT))
+        {
+            DWORD dwErr = GetLastError();
+            ((WIN32FILE_IOWIN*)stream) -> error=(int)dwErr;
+            ret = (ZPOS64_T)-1;
+        }
+        else
+            ret=pos.QuadPart;
+    }
+    return ret;
+}
+
+
+long ZCALLBACK win32_seek_file_func(voidpf opaque, voidpf stream, uLong offset, int origin) {
+    DWORD dwMoveMethod=0xFFFFFFFF;
+    HANDLE hFile = NULL;
+
+    long ret=-1;
+    if (stream!=NULL)
+        hFile = ((WIN32FILE_IOWIN*)stream) -> hf;
+    switch (origin)
+    {
+    case ZLIB_FILEFUNC_SEEK_CUR :
+        dwMoveMethod = FILE_CURRENT;
+        break;
+    case ZLIB_FILEFUNC_SEEK_END :
+        dwMoveMethod = FILE_END;
+        break;
+    case ZLIB_FILEFUNC_SEEK_SET :
+        dwMoveMethod = FILE_BEGIN;
+        break;
+    default: return -1;
+    }
+
+    if (hFile != NULL)
+    {
+        LARGE_INTEGER pos;
+        pos.QuadPart = offset;
+        if (!MySetFilePointerEx(hFile, pos, NULL, dwMoveMethod))
+        {
+            DWORD dwErr = GetLastError();
+            ((WIN32FILE_IOWIN*)stream) -> error=(int)dwErr;
+            ret = -1;
+        }
+        else
+            ret=0;
+    }
+    return ret;
+}
+
+long ZCALLBACK win32_seek64_file_func(voidpf opaque, voidpf stream, ZPOS64_T offset, int origin) {
+    DWORD dwMoveMethod=0xFFFFFFFF;
+    HANDLE hFile = NULL;
+    long ret=-1;
+
+    if (stream!=NULL)
+        hFile = ((WIN32FILE_IOWIN*)stream)->hf;
+
+    switch (origin)
+    {
+        case ZLIB_FILEFUNC_SEEK_CUR :
+            dwMoveMethod = FILE_CURRENT;
+            break;
+        case ZLIB_FILEFUNC_SEEK_END :
+            dwMoveMethod = FILE_END;
+            break;
+        case ZLIB_FILEFUNC_SEEK_SET :
+            dwMoveMethod = FILE_BEGIN;
+            break;
+        default: return -1;
+    }
+
+    if (hFile)
+    {
+        LARGE_INTEGER pos;
+        pos.QuadPart = offset;
+        if (!MySetFilePointerEx(hFile, pos, NULL, dwMoveMethod))
+        {
+            DWORD dwErr = GetLastError();
+            ((WIN32FILE_IOWIN*)stream) -> error=(int)dwErr;
+            ret = -1;
+        }
+        else
+            ret=0;
+    }
+    return ret;
+}
+
+int ZCALLBACK win32_close_file_func(voidpf opaque, voidpf stream) {
+    int ret=-1;
+
+    if (stream!=NULL)
+    {
+        HANDLE hFile;
+        hFile = ((WIN32FILE_IOWIN*)stream) -> hf;
+        if (hFile != NULL)
+        {
+            CloseHandle(hFile);
+            ret=0;
+        }
+        free(stream);
+    }
+    return ret;
+}
+
+int ZCALLBACK win32_error_file_func(voidpf opaque, voidpf stream) {
+    int ret=-1;
+    if (stream!=NULL)
+    {
+        ret = ((WIN32FILE_IOWIN*)stream) -> error;
+    }
+    return ret;
+}
+
+void fill_win32_filefunc(zlib_filefunc_def* pzlib_filefunc_def) {
+    pzlib_filefunc_def->zopen_file = win32_open_file_func;
+    pzlib_filefunc_def->zread_file = win32_read_file_func;
+    pzlib_filefunc_def->zwrite_file = win32_write_file_func;
+    pzlib_filefunc_def->ztell_file = win32_tell_file_func;
+    pzlib_filefunc_def->zseek_file = win32_seek_file_func;
+    pzlib_filefunc_def->zclose_file = win32_close_file_func;
+    pzlib_filefunc_def->zerror_file = win32_error_file_func;
+    pzlib_filefunc_def->opaque = NULL;
+}
+
+void fill_win32_filefunc64(zlib_filefunc64_def* pzlib_filefunc_def) {
+    pzlib_filefunc_def->zopen64_file = win32_open64_file_func;
+    pzlib_filefunc_def->zread_file = win32_read_file_func;
+    pzlib_filefunc_def->zwrite_file = win32_write_file_func;
+    pzlib_filefunc_def->ztell64_file = win32_tell64_file_func;
+    pzlib_filefunc_def->zseek64_file = win32_seek64_file_func;
+    pzlib_filefunc_def->zclose_file = win32_close_file_func;
+    pzlib_filefunc_def->zerror_file = win32_error_file_func;
+    pzlib_filefunc_def->opaque = NULL;
+}
+
+
+void fill_win32_filefunc64A(zlib_filefunc64_def* pzlib_filefunc_def) {
+    pzlib_filefunc_def->zopen64_file = win32_open64_file_funcA;
+    pzlib_filefunc_def->zread_file = win32_read_file_func;
+    pzlib_filefunc_def->zwrite_file = win32_write_file_func;
+    pzlib_filefunc_def->ztell64_file = win32_tell64_file_func;
+    pzlib_filefunc_def->zseek64_file = win32_seek64_file_func;
+    pzlib_filefunc_def->zclose_file = win32_close_file_func;
+    pzlib_filefunc_def->zerror_file = win32_error_file_func;
+    pzlib_filefunc_def->opaque = NULL;
+}
+
+
+void fill_win32_filefunc64W(zlib_filefunc64_def* pzlib_filefunc_def) {
+    pzlib_filefunc_def->zopen64_file = win32_open64_file_funcW;
+    pzlib_filefunc_def->zread_file = win32_read_file_func;
+    pzlib_filefunc_def->zwrite_file = win32_write_file_func;
+    pzlib_filefunc_def->ztell64_file = win32_tell64_file_func;
+    pzlib_filefunc_def->zseek64_file = win32_seek64_file_func;
+    pzlib_filefunc_def->zclose_file = win32_close_file_func;
+    pzlib_filefunc_def->zerror_file = win32_error_file_func;
+    pzlib_filefunc_def->opaque = NULL;
+}
diff --git a/zlib-1.3.1/contrib/minizip/iowin32.h b/zlib-1.3.1/contrib/minizip/iowin32.h
new file mode 100644
index 00000000..a23a65d4
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/iowin32.h
@@ -0,0 +1,28 @@
+/* iowin32.h -- IO base function header for compress/uncompress .zip
+     Version 1.1, February 14h, 2010
+     part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications for Zip64 support
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+*/
+
+#include <windows.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void fill_win32_filefunc(zlib_filefunc_def* pzlib_filefunc_def);
+void fill_win32_filefunc64(zlib_filefunc64_def* pzlib_filefunc_def);
+void fill_win32_filefunc64A(zlib_filefunc64_def* pzlib_filefunc_def);
+void fill_win32_filefunc64W(zlib_filefunc64_def* pzlib_filefunc_def);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/zlib-1.3.1/contrib/minizip/make_vms.com b/zlib-1.3.1/contrib/minizip/make_vms.com
new file mode 100644
index 00000000..9ac13a98
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/make_vms.com
@@ -0,0 +1,25 @@
+$ if f$search("ioapi.h_orig") .eqs. "" then copy ioapi.h ioapi.h_orig
+$ open/write zdef vmsdefs.h
+$ copy sys$input: zdef
+$ deck
+#define unix
+#define fill_zlib_filefunc64_32_def_from_filefunc32 fillzffunc64from
+#define Write_Zip64EndOfCentralDirectoryLocator Write_Zip64EoDLocator
+#define Write_Zip64EndOfCentralDirectoryRecord Write_Zip64EoDRecord
+#define Write_EndOfCentralDirectoryRecord Write_EoDRecord
+$ eod
+$ close zdef
+$ copy vmsdefs.h,ioapi.h_orig ioapi.h
+$ cc/include=[--]/prefix=all ioapi.c
+$ cc/include=[--]/prefix=all miniunz.c
+$ cc/include=[--]/prefix=all unzip.c
+$ cc/include=[--]/prefix=all minizip.c
+$ cc/include=[--]/prefix=all zip.c
+$ link miniunz,unzip,ioapi,[--]libz.olb/lib
+$ link minizip,zip,ioapi,[--]libz.olb/lib
+$ mcr []minizip test minizip_info.txt
+$ mcr []miniunz -l test.zip
+$ rename minizip_info.txt; minizip_info.txt_old
+$ mcr []miniunz test.zip
+$ delete test.zip;*
+$exit
diff --git a/zlib-1.3.1/contrib/minizip/miniunz.c b/zlib-1.3.1/contrib/minizip/miniunz.c
new file mode 100644
index 00000000..d627c422
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/miniunz.c
@@ -0,0 +1,647 @@
+/*
+   miniunz.c
+   Version 1.1, February 14h, 2010
+   sample part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications of Unzip for Zip64
+         Copyright (C) 2007-2008 Even Rouault
+
+         Modifications for Zip64 support on both zip and unzip
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+*/
+
+#if (!defined(_WIN32)) && (!defined(WIN32)) && (!defined(__APPLE__))
+        #ifndef __USE_FILE_OFFSET64
+                #define __USE_FILE_OFFSET64
+        #endif
+        #ifndef __USE_LARGEFILE64
+                #define __USE_LARGEFILE64
+        #endif
+        #ifndef _LARGEFILE64_SOURCE
+                #define _LARGEFILE64_SOURCE
+        #endif
+        #ifndef _FILE_OFFSET_BIT
+                #define _FILE_OFFSET_BIT 64
+        #endif
+#endif
+
+#if defined(__APPLE__) || defined(__HAIKU__) || defined(MINIZIP_FOPEN_NO_64)
+// In darwin and perhaps other BSD variants off_t is a 64 bit value, hence no need for specific 64 bit functions
+#define FOPEN_FUNC(filename, mode) fopen(filename, mode)
+#define FTELLO_FUNC(stream) ftello(stream)
+#define FSEEKO_FUNC(stream, offset, origin) fseeko(stream, offset, origin)
+#else
+#define FOPEN_FUNC(filename, mode) fopen64(filename, mode)
+#define FTELLO_FUNC(stream) ftello64(stream)
+#define FSEEKO_FUNC(stream, offset, origin) fseeko64(stream, offset, origin)
+#endif
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#ifdef _WIN32
+# include <direct.h>
+# include <io.h>
+#else
+# include <unistd.h>
+# include <utime.h>
+#endif
+
+
+#include "unzip.h"
+
+#define CASESENSITIVITY (0)
+#define WRITEBUFFERSIZE (8192)
+#define MAXFILENAME (256)
+
+#ifdef _WIN32
+#define USEWIN32IOAPI
+#include "iowin32.h"
+#endif
+/*
+  mini unzip, demo of unzip package
+
+  usage :
+  Usage : miniunz [-exvlo] file.zip [file_to_extract] [-d extractdir]
+
+  list the file in the zipfile, and print the content of FILE_ID.ZIP or README.TXT
+    if it exists
+*/
+
+
+/* change_file_date : change the date/time of a file
+    filename : the filename of the file where date/time must be modified
+    dosdate : the new date at the MSDOS format (4 bytes)
+    tmu_date : the SAME new date at the tm_unz format */
+static void change_file_date(const char *filename, uLong dosdate, tm_unz tmu_date) {
+#ifdef _WIN32
+  HANDLE hFile;
+  FILETIME ftm,ftLocal,ftCreate,ftLastAcc,ftLastWrite;
+
+  hFile = CreateFileA(filename,GENERIC_READ | GENERIC_WRITE,
+                      0,NULL,OPEN_EXISTING,0,NULL);
+  GetFileTime(hFile,&ftCreate,&ftLastAcc,&ftLastWrite);
+  DosDateTimeToFileTime((WORD)(dosdate>>16),(WORD)dosdate,&ftLocal);
+  LocalFileTimeToFileTime(&ftLocal,&ftm);
+  SetFileTime(hFile,&ftm,&ftLastAcc,&ftm);
+  CloseHandle(hFile);
+#else
+#if defined(unix) || defined(__APPLE__)
+  (void)dosdate;
+  struct utimbuf ut;
+  struct tm newdate;
+  newdate.tm_sec = tmu_date.tm_sec;
+  newdate.tm_min=tmu_date.tm_min;
+  newdate.tm_hour=tmu_date.tm_hour;
+  newdate.tm_mday=tmu_date.tm_mday;
+  newdate.tm_mon=tmu_date.tm_mon;
+  if (tmu_date.tm_year > 1900)
+      newdate.tm_year=tmu_date.tm_year - 1900;
+  else
+      newdate.tm_year=tmu_date.tm_year ;
+  newdate.tm_isdst=-1;
+
+  ut.actime=ut.modtime=mktime(&newdate);
+  utime(filename,&ut);
+#else
+  (void)filename;
+  (void)dosdate;
+  (void)tmu_date;
+#endif
+#endif
+}
+
+
+/* mymkdir and change_file_date are not 100 % portable
+   As I don't know well Unix, I wait feedback for the unix portion */
+
+static int mymkdir(const char* dirname) {
+    int ret=0;
+#ifdef _WIN32
+    ret = _mkdir(dirname);
+#elif unix
+    ret = mkdir (dirname,0775);
+#elif __APPLE__
+    ret = mkdir (dirname,0775);
+#else
+    (void)dirname;
+#endif
+    return ret;
+}
+
+static int makedir(const char *newdir) {
+  char *buffer ;
+  char *p;
+  size_t len = strlen(newdir);
+
+  if (len == 0)
+    return 0;
+
+  buffer = (char*)malloc(len+1);
+        if (buffer==NULL)
+        {
+                printf("Error allocating memory\n");
+                return UNZ_INTERNALERROR;
+        }
+  strcpy(buffer,newdir);
+
+  if (buffer[len-1] == '/') {
+    buffer[len-1] = '\0';
+  }
+  if (mymkdir(buffer) == 0)
+    {
+      free(buffer);
+      return 1;
+    }
+
+  p = buffer+1;
+  while (1)
+    {
+      char hold;
+
+      while(*p && *p != '\\' && *p != '/')
+        p++;
+      hold = *p;
+      *p = 0;
+      if ((mymkdir(buffer) == -1) && (errno == ENOENT))
+        {
+          printf("couldn't create directory %s\n",buffer);
+          free(buffer);
+          return 0;
+        }
+      if (hold == 0)
+        break;
+      *p++ = hold;
+    }
+  free(buffer);
+  return 1;
+}
+
+static void do_banner(void) {
+    printf("MiniUnz 1.1, demo of zLib + Unz package written by Gilles Vollant\n");
+    printf("more info at http://www.winimage.com/zLibDll/unzip.html\n\n");
+}
+
+static void do_help(void) {
+    printf("Usage : miniunz [-e] [-x] [-v] [-l] [-o] [-p password] file.zip [file_to_extr.] [-d extractdir]\n\n" \
+           "  -e  Extract without pathname (junk paths)\n" \
+           "  -x  Extract with pathname\n" \
+           "  -v  list files\n" \
+           "  -l  list files\n" \
+           "  -d  directory to extract into\n" \
+           "  -o  overwrite files without prompting\n" \
+           "  -p  extract encrypted file using password\n\n");
+}
+
+static void Display64BitsSize(ZPOS64_T n, int size_char) {
+  /* to avoid compatibility problem , we do here the conversion */
+  char number[21];
+  int offset=19;
+  int pos_string = 19;
+  number[20]=0;
+  for (;;) {
+      number[offset]=(char)((n%10)+'0');
+      if (number[offset] != '0')
+          pos_string=offset;
+      n/=10;
+      if (offset==0)
+          break;
+      offset--;
+  }
+  {
+      int size_display_string = 19-pos_string;
+      while (size_char > size_display_string)
+      {
+          size_char--;
+          printf(" ");
+      }
+  }
+
+  printf("%s",&number[pos_string]);
+}
+
+static int do_list(unzFile uf) {
+    uLong i;
+    unz_global_info64 gi;
+    int err;
+
+    err = unzGetGlobalInfo64(uf,&gi);
+    if (err!=UNZ_OK)
+        printf("error %d with zipfile in unzGetGlobalInfo \n",err);
+    printf("  Length  Method     Size Ratio   Date    Time   CRC-32     Name\n");
+    printf("  ------  ------     ---- -----   ----    ----   ------     ----\n");
+    for (i=0;i<gi.number_entry;i++)
+    {
+        char filename_inzip[256];
+        unz_file_info64 file_info;
+        uLong ratio=0;
+        const char *string_method = "";
+        char charCrypt=' ';
+        err = unzGetCurrentFileInfo64(uf,&file_info,filename_inzip,sizeof(filename_inzip),NULL,0,NULL,0);
+        if (err!=UNZ_OK)
+        {
+            printf("error %d with zipfile in unzGetCurrentFileInfo\n",err);
+            break;
+        }
+        if (file_info.uncompressed_size>0)
+            ratio = (uLong)((file_info.compressed_size*100)/file_info.uncompressed_size);
+
+        /* display a '*' if the file is encrypted */
+        if ((file_info.flag & 1) != 0)
+            charCrypt='*';
+
+        if (file_info.compression_method==0)
+            string_method="Stored";
+        else
+        if (file_info.compression_method==Z_DEFLATED)
+        {
+            uInt iLevel=(uInt)((file_info.flag & 0x6)/2);
+            if (iLevel==0)
+              string_method="Defl:N";
+            else if (iLevel==1)
+              string_method="Defl:X";
+            else if ((iLevel==2) || (iLevel==3))
+              string_method="Defl:F"; /* 2:fast , 3 : extra fast*/
+        }
+        else
+        if (file_info.compression_method==Z_BZIP2ED)
+        {
+              string_method="BZip2 ";
+        }
+        else
+            string_method="Unkn. ";
+
+        Display64BitsSize(file_info.uncompressed_size,7);
+        printf("  %6s%c",string_method,charCrypt);
+        Display64BitsSize(file_info.compressed_size,7);
+        printf(" %3lu%%  %2.2lu-%2.2lu-%2.2lu  %2.2lu:%2.2lu  %8.8lx   %s\n",
+                ratio,
+                (uLong)file_info.tmu_date.tm_mon + 1,
+                (uLong)file_info.tmu_date.tm_mday,
+                (uLong)file_info.tmu_date.tm_year % 100,
+                (uLong)file_info.tmu_date.tm_hour,(uLong)file_info.tmu_date.tm_min,
+                (uLong)file_info.crc,filename_inzip);
+        if ((i+1)<gi.number_entry)
+        {
+            err = unzGoToNextFile(uf);
+            if (err!=UNZ_OK)
+            {
+                printf("error %d with zipfile in unzGoToNextFile\n",err);
+                break;
+            }
+        }
+    }
+
+    return 0;
+}
+
+
+static int do_extract_currentfile(unzFile uf, const int* popt_extract_without_path, int* popt_overwrite, const char* password) {
+    char filename_inzip[256];
+    char* filename_withoutpath;
+    char* p;
+    int err=UNZ_OK;
+    FILE *fout=NULL;
+    void* buf;
+    uInt size_buf;
+
+    unz_file_info64 file_info;
+    err = unzGetCurrentFileInfo64(uf,&file_info,filename_inzip,sizeof(filename_inzip),NULL,0,NULL,0);
+
+    if (err!=UNZ_OK)
+    {
+        printf("error %d with zipfile in unzGetCurrentFileInfo\n",err);
+        return err;
+    }
+
+    size_buf = WRITEBUFFERSIZE;
+    buf = (void*)malloc(size_buf);
+    if (buf==NULL)
+    {
+        printf("Error allocating memory\n");
+        return UNZ_INTERNALERROR;
+    }
+
+    p = filename_withoutpath = filename_inzip;
+    while ((*p) != '\0')
+    {
+        if (((*p)=='/') || ((*p)=='\\'))
+            filename_withoutpath = p+1;
+        p++;
+    }
+
+    if ((*filename_withoutpath)=='\0')
+    {
+        if ((*popt_extract_without_path)==0)
+        {
+            printf("creating directory: %s\n",filename_inzip);
+            mymkdir(filename_inzip);
+        }
+    }
+    else
+    {
+        const char* write_filename;
+        int skip=0;
+
+        if ((*popt_extract_without_path)==0)
+            write_filename = filename_inzip;
+        else
+            write_filename = filename_withoutpath;
+
+        if (write_filename[0]!='\0')
+        {
+            const char* relative_check = write_filename;
+            while (relative_check[1]!='\0')
+            {
+                if (relative_check[0]=='.' && relative_check[1]=='.')
+                    write_filename = relative_check;
+                relative_check++;
+            }
+        }
+
+        while (write_filename[0]=='/' || write_filename[0]=='.')
+            write_filename++;
+
+        err = unzOpenCurrentFilePassword(uf,password);
+        if (err!=UNZ_OK)
+        {
+            printf("error %d with zipfile in unzOpenCurrentFilePassword\n",err);
+        }
+
+        if (((*popt_overwrite)==0) && (err==UNZ_OK))
+        {
+            char rep=0;
+            FILE* ftestexist;
+            ftestexist = FOPEN_FUNC(write_filename,"rb");
+            if (ftestexist!=NULL)
+            {
+                fclose(ftestexist);
+                do
+                {
+                    char answer[128];
+                    int ret;
+
+                    printf("The file %s exists. Overwrite ? [y]es, [n]o, [A]ll: ",write_filename);
+                    ret = scanf("%1s",answer);
+                    if (ret != 1)
+                    {
+                       exit(EXIT_FAILURE);
+                    }
+                    rep = answer[0] ;
+                    if ((rep>='a') && (rep<='z'))
+                        rep -= 0x20;
+                }
+                while ((rep!='Y') && (rep!='N') && (rep!='A'));
+            }
+
+            if (rep == 'N')
+                skip = 1;
+
+            if (rep == 'A')
+                *popt_overwrite=1;
+        }
+
+        if ((skip==0) && (err==UNZ_OK))
+        {
+            fout=FOPEN_FUNC(write_filename,"wb");
+            /* some zipfile don't contain directory alone before file */
+            if ((fout==NULL) && ((*popt_extract_without_path)==0) &&
+                                (filename_withoutpath!=(char*)filename_inzip))
+            {
+                char c=*(filename_withoutpath-1);
+                *(filename_withoutpath-1)='\0';
+                makedir(write_filename);
+                *(filename_withoutpath-1)=c;
+                fout=FOPEN_FUNC(write_filename,"wb");
+            }
+
+            if (fout==NULL)
+            {
+                printf("error opening %s\n",write_filename);
+            }
+        }
+
+        if (fout!=NULL)
+        {
+            printf(" extracting: %s\n",write_filename);
+
+            do
+            {
+                err = unzReadCurrentFile(uf,buf,size_buf);
+                if (err<0)
+                {
+                    printf("error %d with zipfile in unzReadCurrentFile\n",err);
+                    break;
+                }
+                if (err>0)
+                    if (fwrite(buf,(unsigned)err,1,fout)!=1)
+                    {
+                        printf("error in writing extracted file\n");
+                        err=UNZ_ERRNO;
+                        break;
+                    }
+            }
+            while (err>0);
+            if (fout)
+                    fclose(fout);
+
+            if (err==0)
+                change_file_date(write_filename,file_info.dosDate,
+                                 file_info.tmu_date);
+        }
+
+        if (err==UNZ_OK)
+        {
+            err = unzCloseCurrentFile (uf);
+            if (err!=UNZ_OK)
+            {
+                printf("error %d with zipfile in unzCloseCurrentFile\n",err);
+            }
+        }
+        else
+            unzCloseCurrentFile(uf); /* don't lose the error */
+    }
+
+    free(buf);
+    return err;
+}
+
+
+static int do_extract(unzFile uf, int opt_extract_without_path, int opt_overwrite, const char* password) {
+    uLong i;
+    unz_global_info64 gi;
+    int err;
+
+    err = unzGetGlobalInfo64(uf,&gi);
+    if (err!=UNZ_OK)
+        printf("error %d with zipfile in unzGetGlobalInfo \n",err);
+
+    for (i=0;i<gi.number_entry;i++)
+    {
+        if (do_extract_currentfile(uf,&opt_extract_without_path,
+                                      &opt_overwrite,
+                                      password) != UNZ_OK)
+            break;
+
+        if ((i+1)<gi.number_entry)
+        {
+            err = unzGoToNextFile(uf);
+            if (err!=UNZ_OK)
+            {
+                printf("error %d with zipfile in unzGoToNextFile\n",err);
+                break;
+            }
+        }
+    }
+
+    return 0;
+}
+
+static int do_extract_onefile(unzFile uf, const char* filename, int opt_extract_without_path, int opt_overwrite, const char* password) {
+    if (unzLocateFile(uf,filename,CASESENSITIVITY)!=UNZ_OK)
+    {
+        printf("file %s not found in the zipfile\n",filename);
+        return 2;
+    }
+
+    if (do_extract_currentfile(uf,&opt_extract_without_path,
+                                      &opt_overwrite,
+                                      password) == UNZ_OK)
+        return 0;
+    else
+        return 1;
+}
+
+
+int main(int argc, char *argv[]) {
+    const char *zipfilename=NULL;
+    const char *filename_to_extract=NULL;
+    const char *password=NULL;
+    char filename_try[MAXFILENAME+16] = "";
+    int i;
+    int ret_value=0;
+    int opt_do_list=0;
+    int opt_do_extract=1;
+    int opt_do_extract_withoutpath=0;
+    int opt_overwrite=0;
+    int opt_extractdir=0;
+    const char *dirname=NULL;
+    unzFile uf=NULL;
+
+    do_banner();
+    if (argc==1)
+    {
+        do_help();
+        return 0;
+    }
+    else
+    {
+        for (i=1;i<argc;i++)
+        {
+            if ((*argv[i])=='-')
+            {
+                const char *p=argv[i]+1;
+
+                while ((*p)!='\0')
+                {
+                    char c=*(p++);
+                    if ((c=='l') || (c=='L'))
+                        opt_do_list = 1;
+                    if ((c=='v') || (c=='V'))
+                        opt_do_list = 1;
+                    if ((c=='x') || (c=='X'))
+                        opt_do_extract = 1;
+                    if ((c=='e') || (c=='E'))
+                        opt_do_extract = opt_do_extract_withoutpath = 1;
+                    if ((c=='o') || (c=='O'))
+                        opt_overwrite=1;
+                    if ((c=='d') || (c=='D'))
+                    {
+                        opt_extractdir=1;
+                        dirname=argv[i+1];
+                    }
+
+                    if (((c=='p') || (c=='P')) && (i+1<argc))
+                    {
+                        password=argv[i+1];
+                        i++;
+                    }
+                }
+            }
+            else
+            {
+                if (zipfilename == NULL)
+                    zipfilename = argv[i];
+                else if ((filename_to_extract==NULL) && (!opt_extractdir))
+                        filename_to_extract = argv[i] ;
+            }
+        }
+    }
+
+    if (zipfilename!=NULL)
+    {
+
+#        ifdef USEWIN32IOAPI
+        zlib_filefunc64_def ffunc;
+#        endif
+
+        strncpy(filename_try, zipfilename,MAXFILENAME-1);
+        /* strncpy doesn't append the trailing NULL, of the string is too long. */
+        filename_try[ MAXFILENAME ] = '\0';
+
+#        ifdef USEWIN32IOAPI
+        fill_win32_filefunc64A(&ffunc);
+        uf = unzOpen2_64(zipfilename,&ffunc);
+#        else
+        uf = unzOpen64(zipfilename);
+#        endif
+        if (uf==NULL)
+        {
+            strcat(filename_try,".zip");
+#            ifdef USEWIN32IOAPI
+            uf = unzOpen2_64(filename_try,&ffunc);
+#            else
+            uf = unzOpen64(filename_try);
+#            endif
+        }
+    }
+
+    if (uf==NULL)
+    {
+        printf("Cannot open %s or %s.zip\n",zipfilename,zipfilename);
+        return 1;
+    }
+    printf("%s opened\n",filename_try);
+
+    if (opt_do_list==1)
+        ret_value = do_list(uf);
+    else if (opt_do_extract==1)
+    {
+#ifdef _WIN32
+        if (opt_extractdir && _chdir(dirname))
+#else
+        if (opt_extractdir && chdir(dirname))
+#endif
+        {
+          printf("Error changing into %s, aborting\n", dirname);
+          exit(-1);
+        }
+
+        if (filename_to_extract == NULL)
+            ret_value = do_extract(uf, opt_do_extract_withoutpath, opt_overwrite, password);
+        else
+            ret_value = do_extract_onefile(uf, filename_to_extract, opt_do_extract_withoutpath, opt_overwrite, password);
+    }
+
+    unzClose(uf);
+
+    return ret_value;
+}
diff --git a/zlib-1.3.1/contrib/minizip/miniunzip.1 b/zlib-1.3.1/contrib/minizip/miniunzip.1
new file mode 100644
index 00000000..111ac691
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/miniunzip.1
@@ -0,0 +1,63 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH miniunzip 1 "Nov 7, 2001"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+miniunzip - uncompress and examine ZIP archives
+.SH SYNOPSIS
+.B miniunzip
+.RI [ -exvlo ]
+zipfile [ files_to_extract ] [-d tempdir]
+.SH DESCRIPTION
+.B minizip
+is a simple tool which allows the extraction of compressed file
+archives in the ZIP format used by the MS-DOS utility PKZIP.  It was
+written as a demonstration of the
+.IR zlib (3)
+library and therefore lack many of the features of the
+.IR unzip (1)
+program.
+.SH OPTIONS
+A number of options are supported.  With the exception of
+.BI \-d\  tempdir
+these must be supplied before any
+other arguments and are:
+.TP
+.BI \-l\ ,\ \-\-v
+List the files in the archive without extracting them.
+.TP
+.B \-o
+Overwrite files without prompting for confirmation.
+.TP
+.B \-x
+Extract files (default).
+.PP
+The
+.I zipfile
+argument is the name of the archive to process. The next argument can be used
+to specify a single file to extract from the archive.
+
+Lastly, the following option can be specified at the end of the command-line:
+.TP
+.BI \-d\  tempdir
+Extract the archive in the directory
+.I tempdir
+rather than the current directory.
+.SH SEE ALSO
+.BR minizip (1),
+.BR zlib (3),
+.BR unzip (1).
+.SH AUTHOR
+This program was written by Gilles Vollant.  This manual page was
+written by Mark Brown <broonie@sirena.org.uk>. The -d tempdir option
+was added by Dirk Eddelbuettel <edd@debian.org>.
diff --git a/zlib-1.3.1/contrib/minizip/minizip.1 b/zlib-1.3.1/contrib/minizip/minizip.1
new file mode 100644
index 00000000..1154484c
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/minizip.1
@@ -0,0 +1,46 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.TH minizip 1 "May 2, 2001"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+minizip - create ZIP archives
+.SH SYNOPSIS
+.B minizip
+.RI [ -o ]
+zipfile [ " files" ... ]
+.SH DESCRIPTION
+.B minizip
+is a simple tool which allows the creation of compressed file archives
+in the ZIP format used by the MS-DOS utility PKZIP.  It was written as
+a demonstration of the
+.IR zlib (3)
+library and therefore lack many of the features of the
+.IR zip (1)
+program.
+.SH OPTIONS
+The first argument supplied is the name of the ZIP archive to create or
+.RI -o
+in which case it is ignored and the second argument treated as the
+name of the ZIP file.  If the ZIP file already exists it will be
+overwritten.
+.PP
+Subsequent arguments specify a list of files to place in the ZIP
+archive.  If none are specified then an empty archive will be created.
+.SH SEE ALSO
+.BR miniunzip (1),
+.BR zlib (3),
+.BR zip (1).
+.SH AUTHOR
+This program was written by Gilles Vollant.  This manual page was
+written by Mark Brown <broonie@sirena.org.uk>.
+
diff --git a/zlib-1.3.1/contrib/minizip/minizip.c b/zlib-1.3.1/contrib/minizip/minizip.c
new file mode 100644
index 00000000..26ee8d02
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/minizip.c
@@ -0,0 +1,509 @@
+/*
+   minizip.c
+   Version 1.1, February 14h, 2010
+   sample part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications of Unzip for Zip64
+         Copyright (C) 2007-2008 Even Rouault
+
+         Modifications for Zip64 support on both zip and unzip
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+*/
+
+
+#if (!defined(_WIN32)) && (!defined(WIN32)) && (!defined(__APPLE__))
+        #ifndef __USE_FILE_OFFSET64
+                #define __USE_FILE_OFFSET64
+        #endif
+        #ifndef __USE_LARGEFILE64
+                #define __USE_LARGEFILE64
+        #endif
+        #ifndef _LARGEFILE64_SOURCE
+                #define _LARGEFILE64_SOURCE
+        #endif
+        #ifndef _FILE_OFFSET_BIT
+                #define _FILE_OFFSET_BIT 64
+        #endif
+#endif
+
+#if defined(__APPLE__) || defined(__HAIKU__) || defined(MINIZIP_FOPEN_NO_64)
+// In darwin and perhaps other BSD variants off_t is a 64 bit value, hence no need for specific 64 bit functions
+#define FOPEN_FUNC(filename, mode) fopen(filename, mode)
+#define FTELLO_FUNC(stream) ftello(stream)
+#define FSEEKO_FUNC(stream, offset, origin) fseeko(stream, offset, origin)
+#else
+#define FOPEN_FUNC(filename, mode) fopen64(filename, mode)
+#define FTELLO_FUNC(stream) ftello64(stream)
+#define FSEEKO_FUNC(stream, offset, origin) fseeko64(stream, offset, origin)
+#endif
+
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#ifdef _WIN32
+# include <direct.h>
+# include <io.h>
+#else
+# include <unistd.h>
+# include <utime.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+#endif
+
+#include "zip.h"
+
+#ifdef _WIN32
+        #define USEWIN32IOAPI
+        #include "iowin32.h"
+#endif
+
+
+
+#define WRITEBUFFERSIZE (16384)
+#define MAXFILENAME (256)
+
+#ifdef _WIN32
+/* f: name of file to get info on, tmzip: return value: access,
+   modification and creation times, dt: dostime */
+static int filetime(const char *f, tm_zip *tmzip, uLong *dt) {
+  int ret = 0;
+  {
+      FILETIME ftLocal;
+      HANDLE hFind;
+      WIN32_FIND_DATAA ff32;
+
+      hFind = FindFirstFileA(f,&ff32);
+      if (hFind != INVALID_HANDLE_VALUE)
+      {
+        FileTimeToLocalFileTime(&(ff32.ftLastWriteTime),&ftLocal);
+        FileTimeToDosDateTime(&ftLocal,((LPWORD)dt)+1,((LPWORD)dt)+0);
+        FindClose(hFind);
+        ret = 1;
+      }
+  }
+  return ret;
+}
+#else
+#if defined(unix) || defined(__APPLE__)
+/* f: name of file to get info on, tmzip: return value: access,
+   modification and creation times, dt: dostime */
+static int filetime(const char *f, tm_zip *tmzip, uLong *dt) {
+  (void)dt;
+  int ret=0;
+  struct stat s;        /* results of stat() */
+  struct tm* filedate;
+  time_t tm_t=0;
+
+  if (strcmp(f,"-")!=0)
+  {
+    char name[MAXFILENAME+1];
+    size_t len = strlen(f);
+    if (len > MAXFILENAME)
+      len = MAXFILENAME;
+
+    strncpy(name, f,MAXFILENAME-1);
+    /* strncpy doesn't append the trailing NULL, of the string is too long. */
+    name[ MAXFILENAME ] = '\0';
+
+    if (name[len - 1] == '/')
+      name[len - 1] = '\0';
+    /* not all systems allow stat'ing a file with / appended */
+    if (stat(name,&s)==0)
+    {
+      tm_t = s.st_mtime;
+      ret = 1;
+    }
+  }
+  filedate = localtime(&tm_t);
+
+  tmzip->tm_sec  = filedate->tm_sec;
+  tmzip->tm_min  = filedate->tm_min;
+  tmzip->tm_hour = filedate->tm_hour;
+  tmzip->tm_mday = filedate->tm_mday;
+  tmzip->tm_mon  = filedate->tm_mon ;
+  tmzip->tm_year = filedate->tm_year;
+
+  return ret;
+}
+#else
+/* f: name of file to get info on, tmzip: return value: access,
+   modification and creation times, dt: dostime */
+static int filetime(const char *f, tm_zip *tmzip, uLong *dt) {
+    (void)f;
+    (void)tmzip;
+    (void)dt;
+    return 0;
+}
+#endif
+#endif
+
+
+
+
+static int check_exist_file(const char* filename) {
+    FILE* ftestexist;
+    int ret = 1;
+    ftestexist = FOPEN_FUNC(filename,"rb");
+    if (ftestexist==NULL)
+        ret = 0;
+    else
+        fclose(ftestexist);
+    return ret;
+}
+
+static void do_banner(void) {
+    printf("MiniZip 1.1, demo of zLib + MiniZip64 package, written by Gilles Vollant\n");
+    printf("more info on MiniZip at http://www.winimage.com/zLibDll/minizip.html\n\n");
+}
+
+static void do_help(void) {
+    printf("Usage : minizip [-o] [-a] [-0 to -9] [-p password] [-j] file.zip [files_to_add]\n\n" \
+           "  -o  Overwrite existing file.zip\n" \
+           "  -a  Append to existing file.zip\n" \
+           "  -0  Store only\n" \
+           "  -1  Compress faster\n" \
+           "  -9  Compress better\n\n" \
+           "  -j  exclude path. store only the file name.\n\n");
+}
+
+/* calculate the CRC32 of a file,
+   because to encrypt a file, we need known the CRC32 of the file before */
+static int getFileCrc(const char* filenameinzip, void* buf, unsigned long size_buf, unsigned long* result_crc) {
+   unsigned long calculate_crc=0;
+   int err=ZIP_OK;
+   FILE * fin = FOPEN_FUNC(filenameinzip,"rb");
+
+   unsigned long size_read = 0;
+   /* unsigned long total_read = 0; */
+   if (fin==NULL)
+   {
+       err = ZIP_ERRNO;
+   }
+
+    if (err == ZIP_OK)
+        do
+        {
+            err = ZIP_OK;
+            size_read = fread(buf,1,size_buf,fin);
+            if (size_read < size_buf)
+                if (feof(fin)==0)
+            {
+                printf("error in reading %s\n",filenameinzip);
+                err = ZIP_ERRNO;
+            }
+
+            if (size_read>0)
+                calculate_crc = crc32_z(calculate_crc,buf,size_read);
+            /* total_read += size_read; */
+
+        } while ((err == ZIP_OK) && (size_read>0));
+
+    if (fin)
+        fclose(fin);
+
+    *result_crc=calculate_crc;
+    printf("file %s crc %lx\n", filenameinzip, calculate_crc);
+    return err;
+}
+
+static int isLargeFile(const char* filename) {
+  int largeFile = 0;
+  ZPOS64_T pos = 0;
+  FILE* pFile = FOPEN_FUNC(filename, "rb");
+
+  if(pFile != NULL)
+  {
+    FSEEKO_FUNC(pFile, 0, SEEK_END);
+    pos = (ZPOS64_T)FTELLO_FUNC(pFile);
+
+                printf("File : %s is %llu bytes\n", filename, pos);
+
+    if(pos >= 0xffffffff)
+     largeFile = 1;
+
+                fclose(pFile);
+  }
+
+ return largeFile;
+}
+
+int main(int argc, char *argv[]) {
+    int i;
+    int opt_overwrite=0;
+    int opt_compress_level=Z_DEFAULT_COMPRESSION;
+    int opt_exclude_path=0;
+    int zipfilenamearg = 0;
+    char filename_try[MAXFILENAME+16];
+    int zipok;
+    int err=0;
+    size_t size_buf=0;
+    void* buf=NULL;
+    const char* password=NULL;
+
+
+    do_banner();
+    if (argc==1)
+    {
+        do_help();
+        return 0;
+    }
+    else
+    {
+        for (i=1;i<argc;i++)
+        {
+            if ((*argv[i])=='-')
+            {
+                const char *p=argv[i]+1;
+
+                while ((*p)!='\0')
+                {
+                    char c=*(p++);
+                    if ((c=='o') || (c=='O'))
+                        opt_overwrite = 1;
+                    if ((c=='a') || (c=='A'))
+                        opt_overwrite = 2;
+                    if ((c>='0') && (c<='9'))
+                        opt_compress_level = c-'0';
+                    if ((c=='j') || (c=='J'))
+                        opt_exclude_path = 1;
+
+                    if (((c=='p') || (c=='P')) && (i+1<argc))
+                    {
+                        password=argv[i+1];
+                        i++;
+                    }
+                }
+            }
+            else
+            {
+                if (zipfilenamearg == 0)
+                {
+                    zipfilenamearg = i ;
+                }
+            }
+        }
+    }
+
+    size_buf = WRITEBUFFERSIZE;
+    buf = (void*)malloc(size_buf);
+    if (buf==NULL)
+    {
+        printf("Error allocating memory\n");
+        return ZIP_INTERNALERROR;
+    }
+
+    if (zipfilenamearg==0)
+    {
+        zipok=0;
+    }
+    else
+    {
+        int i,len;
+        int dot_found=0;
+
+        zipok = 1 ;
+        strncpy(filename_try, argv[zipfilenamearg],MAXFILENAME-1);
+        /* strncpy doesn't append the trailing NULL, of the string is too long. */
+        filename_try[ MAXFILENAME ] = '\0';
+
+        len=(int)strlen(filename_try);
+        for (i=0;i<len;i++)
+            if (filename_try[i]=='.')
+                dot_found=1;
+
+        if (dot_found==0)
+            strcat(filename_try,".zip");
+
+        if (opt_overwrite==2)
+        {
+            /* if the file don't exist, we not append file */
+            if (check_exist_file(filename_try)==0)
+                opt_overwrite=1;
+        }
+        else
+        if (opt_overwrite==0)
+            if (check_exist_file(filename_try)!=0)
+            {
+                char rep=0;
+                do
+                {
+                    char answer[128];
+                    int ret;
+                    printf("The file %s exists. Overwrite ? [y]es, [n]o, [a]ppend : ",filename_try);
+                    ret = scanf("%1s",answer);
+                    if (ret != 1)
+                    {
+                       exit(EXIT_FAILURE);
+                    }
+                    rep = answer[0] ;
+                    if ((rep>='a') && (rep<='z'))
+                        rep -= 0x20;
+                }
+                while ((rep!='Y') && (rep!='N') && (rep!='A'));
+                if (rep=='N')
+                    zipok = 0;
+                if (rep=='A')
+                    opt_overwrite = 2;
+            }
+    }
+
+    if (zipok==1)
+    {
+        zipFile zf;
+        int errclose;
+#        ifdef USEWIN32IOAPI
+        zlib_filefunc64_def ffunc;
+        fill_win32_filefunc64A(&ffunc);
+        zf = zipOpen2_64(filename_try,(opt_overwrite==2) ? 2 : 0,NULL,&ffunc);
+#        else
+        zf = zipOpen64(filename_try,(opt_overwrite==2) ? 2 : 0);
+#        endif
+
+        if (zf == NULL)
+        {
+            printf("error opening %s\n",filename_try);
+            err= ZIP_ERRNO;
+        }
+        else
+            printf("creating %s\n",filename_try);
+
+        for (i=zipfilenamearg+1;(i<argc) && (err==ZIP_OK);i++)
+        {
+            if (!((((*(argv[i]))=='-') || ((*(argv[i]))=='/')) &&
+                  ((argv[i][1]=='o') || (argv[i][1]=='O') ||
+                   (argv[i][1]=='a') || (argv[i][1]=='A') ||
+                   (argv[i][1]=='p') || (argv[i][1]=='P') ||
+                   ((argv[i][1]>='0') && (argv[i][1]<='9'))) &&
+                  (strlen(argv[i]) == 2)))
+            {
+                FILE * fin = NULL;
+                size_t size_read;
+                const char* filenameinzip = argv[i];
+                const char *savefilenameinzip;
+                zip_fileinfo zi;
+                unsigned long crcFile=0;
+                int zip64 = 0;
+
+                zi.tmz_date.tm_sec = zi.tmz_date.tm_min = zi.tmz_date.tm_hour =
+                zi.tmz_date.tm_mday = zi.tmz_date.tm_mon = zi.tmz_date.tm_year = 0;
+                zi.dosDate = 0;
+                zi.internal_fa = 0;
+                zi.external_fa = 0;
+                filetime(filenameinzip,&zi.tmz_date,&zi.dosDate);
+
+/*
+                err = zipOpenNewFileInZip(zf,filenameinzip,&zi,
+                                 NULL,0,NULL,0,NULL / * comment * /,
+                                 (opt_compress_level != 0) ? Z_DEFLATED : 0,
+                                 opt_compress_level);
+*/
+                if ((password != NULL) && (err==ZIP_OK))
+                    err = getFileCrc(filenameinzip,buf,size_buf,&crcFile);
+
+                zip64 = isLargeFile(filenameinzip);
+
+                                                         /* The path name saved, should not include a leading slash. */
+               /*if it did, windows/xp and dynazip couldn't read the zip file. */
+                 savefilenameinzip = filenameinzip;
+                 while( savefilenameinzip[0] == '\\' || savefilenameinzip[0] == '/' )
+                 {
+                     savefilenameinzip++;
+                 }
+
+                 /*should the zip file contain any path at all?*/
+                 if( opt_exclude_path )
+                 {
+                     const char *tmpptr;
+                     const char *lastslash = 0;
+                     for( tmpptr = savefilenameinzip; *tmpptr; tmpptr++)
+                     {
+                         if( *tmpptr == '\\' || *tmpptr == '/')
+                         {
+                             lastslash = tmpptr;
+                         }
+                     }
+                     if( lastslash != NULL )
+                     {
+                         savefilenameinzip = lastslash+1; // base filename follows last slash.
+                     }
+                 }
+
+                 /**/
+                err = zipOpenNewFileInZip3_64(zf,savefilenameinzip,&zi,
+                                 NULL,0,NULL,0,NULL /* comment*/,
+                                 (opt_compress_level != 0) ? Z_DEFLATED : 0,
+                                 opt_compress_level,0,
+                                 /* -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY, */
+                                 -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY,
+                                 password,crcFile, zip64);
+
+                if (err != ZIP_OK)
+                    printf("error in opening %s in zipfile\n",filenameinzip);
+                else
+                {
+                    fin = FOPEN_FUNC(filenameinzip,"rb");
+                    if (fin==NULL)
+                    {
+                        err=ZIP_ERRNO;
+                        printf("error in opening %s for reading\n",filenameinzip);
+                    }
+                }
+
+                if (err == ZIP_OK)
+                    do
+                    {
+                        err = ZIP_OK;
+                        size_read = fread(buf,1,size_buf,fin);
+                        if (size_read < size_buf)
+                            if (feof(fin)==0)
+                        {
+                            printf("error in reading %s\n",filenameinzip);
+                            err = ZIP_ERRNO;
+                        }
+
+                        if (size_read>0)
+                        {
+                            err = zipWriteInFileInZip (zf,buf,(unsigned)size_read);
+                            if (err<0)
+                            {
+                                printf("error in writing %s in the zipfile\n",
+                                                 filenameinzip);
+                            }
+
+                        }
+                    } while ((err == ZIP_OK) && (size_read>0));
+
+                if (fin)
+                    fclose(fin);
+
+                if (err<0)
+                    err=ZIP_ERRNO;
+                else
+                {
+                    err = zipCloseFileInZip(zf);
+                    if (err!=ZIP_OK)
+                        printf("error in closing %s in the zipfile\n",
+                                    filenameinzip);
+                }
+            }
+        }
+        errclose = zipClose(zf,NULL);
+        if (errclose != ZIP_OK)
+            printf("error in closing %s\n",filename_try);
+    }
+    else
+    {
+       do_help();
+    }
+
+    free(buf);
+    return 0;
+}
diff --git a/zlib-1.3.1/contrib/minizip/minizip.pc.in b/zlib-1.3.1/contrib/minizip/minizip.pc.in
new file mode 100644
index 00000000..69b5b7fd
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/minizip.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@/minizip
+
+Name: minizip
+Description: Minizip zip file manipulation library
+Requires:
+Version: @PACKAGE_VERSION@
+Libs: -L${libdir} -lminizip
+Libs.private: -lz
+Cflags: -I${includedir}
diff --git a/zlib-1.3.1/contrib/minizip/mztools.c b/zlib-1.3.1/contrib/minizip/mztools.c
new file mode 100644
index 00000000..c8d23756
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/mztools.c
@@ -0,0 +1,285 @@
+/*
+  Additional tools for Minizip
+  Code: Xavier Roche '2004
+  License: Same as ZLIB (www.gzip.org)
+*/
+
+/* Code */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "zlib.h"
+#include "unzip.h"
+
+#define READ_8(adr)  ((unsigned char)*(adr))
+#define READ_16(adr) ( READ_8(adr) | (READ_8(adr+1) << 8) )
+#define READ_32(adr) ( READ_16(adr) | (READ_16((adr)+2) << 16) )
+
+#define WRITE_8(buff, n) do { \
+  *((unsigned char*)(buff)) = (unsigned char) ((n) & 0xff); \
+} while(0)
+#define WRITE_16(buff, n) do { \
+  WRITE_8((unsigned char*)(buff), n); \
+  WRITE_8(((unsigned char*)(buff)) + 1, (n) >> 8); \
+} while(0)
+#define WRITE_32(buff, n) do { \
+  WRITE_16((unsigned char*)(buff), (n) & 0xffff); \
+  WRITE_16((unsigned char*)(buff) + 2, (n) >> 16); \
+} while(0)
+
+extern int ZEXPORT unzRepair(const char* file, const char* fileOut, const char* fileOutTmp, uLong* nRecovered, uLong* bytesRecovered) {
+  int err = Z_OK;
+  FILE* fpZip = fopen(file, "rb");
+  FILE* fpOut = fopen(fileOut, "wb");
+  FILE* fpOutCD = fopen(fileOutTmp, "wb");
+  if (fpZip != NULL &&  fpOut != NULL) {
+    int entries = 0;
+    uLong totalBytes = 0;
+    char header[30];
+    char filename[1024];
+    char extra[1024];
+    int offset = 0;
+    int offsetCD = 0;
+    while ( fread(header, 1, 30, fpZip) == 30 ) {
+      int currentOffset = offset;
+
+      /* File entry */
+      if (READ_32(header) == 0x04034b50) {
+        unsigned int version = READ_16(header + 4);
+        unsigned int gpflag = READ_16(header + 6);
+        unsigned int method = READ_16(header + 8);
+        unsigned int filetime = READ_16(header + 10);
+        unsigned int filedate = READ_16(header + 12);
+        unsigned int crc = READ_32(header + 14); /* crc */
+        unsigned int cpsize = READ_32(header + 18); /* compressed size */
+        unsigned int uncpsize = READ_32(header + 22); /* uncompressed sz */
+        unsigned int fnsize = READ_16(header + 26); /* file name length */
+        unsigned int extsize = READ_16(header + 28); /* extra field length */
+        filename[0] = extra[0] = '\0';
+
+        /* Header */
+        if (fwrite(header, 1, 30, fpOut) == 30) {
+          offset += 30;
+        } else {
+          err = Z_ERRNO;
+          break;
+        }
+
+        /* Filename */
+        if (fnsize > 0) {
+          if (fnsize < sizeof(filename)) {
+            if (fread(filename, 1, fnsize, fpZip) == fnsize) {
+                if (fwrite(filename, 1, fnsize, fpOut) == fnsize) {
+                offset += fnsize;
+              } else {
+                err = Z_ERRNO;
+                break;
+              }
+            } else {
+              err = Z_ERRNO;
+              break;
+            }
+          } else {
+            err = Z_ERRNO;
+            break;
+          }
+        } else {
+          err = Z_STREAM_ERROR;
+          break;
+        }
+
+        /* Extra field */
+        if (extsize > 0) {
+          if (extsize < sizeof(extra)) {
+            if (fread(extra, 1, extsize, fpZip) == extsize) {
+              if (fwrite(extra, 1, extsize, fpOut) == extsize) {
+                offset += extsize;
+                } else {
+                err = Z_ERRNO;
+                break;
+              }
+            } else {
+              err = Z_ERRNO;
+              break;
+            }
+          } else {
+            err = Z_ERRNO;
+            break;
+          }
+        }
+
+        /* Data */
+        {
+          int dataSize = cpsize;
+          if (dataSize == 0) {
+            dataSize = uncpsize;
+          }
+          if (dataSize > 0) {
+            char* data = malloc(dataSize);
+            if (data != NULL) {
+              if ((int)fread(data, 1, dataSize, fpZip) == dataSize) {
+                if ((int)fwrite(data, 1, dataSize, fpOut) == dataSize) {
+                  offset += dataSize;
+                  totalBytes += dataSize;
+                } else {
+                  err = Z_ERRNO;
+                }
+              } else {
+                err = Z_ERRNO;
+              }
+              free(data);
+              if (err != Z_OK) {
+                break;
+              }
+            } else {
+              err = Z_MEM_ERROR;
+              break;
+            }
+          }
+        }
+
+        /* Central directory entry */
+        {
+          char header[46];
+          char* comment = "";
+          int comsize = (int) strlen(comment);
+          WRITE_32(header, 0x02014b50);
+          WRITE_16(header + 4, version);
+          WRITE_16(header + 6, version);
+          WRITE_16(header + 8, gpflag);
+          WRITE_16(header + 10, method);
+          WRITE_16(header + 12, filetime);
+          WRITE_16(header + 14, filedate);
+          WRITE_32(header + 16, crc);
+          WRITE_32(header + 20, cpsize);
+          WRITE_32(header + 24, uncpsize);
+          WRITE_16(header + 28, fnsize);
+          WRITE_16(header + 30, extsize);
+          WRITE_16(header + 32, comsize);
+          WRITE_16(header + 34, 0);     /* disk # */
+          WRITE_16(header + 36, 0);     /* int attrb */
+          WRITE_32(header + 38, 0);     /* ext attrb */
+          WRITE_32(header + 42, currentOffset);
+          /* Header */
+          if (fwrite(header, 1, 46, fpOutCD) == 46) {
+            offsetCD += 46;
+
+            /* Filename */
+            if (fnsize > 0) {
+              if (fwrite(filename, 1, fnsize, fpOutCD) == fnsize) {
+                offsetCD += fnsize;
+              } else {
+                err = Z_ERRNO;
+                break;
+              }
+            } else {
+              err = Z_STREAM_ERROR;
+              break;
+            }
+
+            /* Extra field */
+            if (extsize > 0) {
+              if (fwrite(extra, 1, extsize, fpOutCD) == extsize) {
+                offsetCD += extsize;
+              } else {
+                err = Z_ERRNO;
+                break;
+              }
+            }
+
+            /* Comment field */
+            if (comsize > 0) {
+              if ((int)fwrite(comment, 1, comsize, fpOutCD) == comsize) {
+                offsetCD += comsize;
+              } else {
+                err = Z_ERRNO;
+                break;
+              }
+            }
+
+
+          } else {
+            err = Z_ERRNO;
+            break;
+          }
+        }
+
+        /* Success */
+        entries++;
+
+      } else {
+        break;
+      }
+    }
+
+    /* Final central directory  */
+    {
+      int entriesZip = entries;
+      char header[22];
+      char* comment = ""; // "ZIP File recovered by zlib/minizip/mztools";
+      int comsize = (int) strlen(comment);
+      if (entriesZip > 0xffff) {
+        entriesZip = 0xffff;
+      }
+      WRITE_32(header, 0x06054b50);
+      WRITE_16(header + 4, 0);    /* disk # */
+      WRITE_16(header + 6, 0);    /* disk # */
+      WRITE_16(header + 8, entriesZip);   /* hack */
+      WRITE_16(header + 10, entriesZip);  /* hack */
+      WRITE_32(header + 12, offsetCD);    /* size of CD */
+      WRITE_32(header + 16, offset);      /* offset to CD */
+      WRITE_16(header + 20, comsize);     /* comment */
+
+      /* Header */
+      if (fwrite(header, 1, 22, fpOutCD) == 22) {
+
+        /* Comment field */
+        if (comsize > 0) {
+          if ((int)fwrite(comment, 1, comsize, fpOutCD) != comsize) {
+            err = Z_ERRNO;
+          }
+        }
+
+      } else {
+        err = Z_ERRNO;
+      }
+    }
+
+    /* Final merge (file + central directory) */
+    fclose(fpOutCD);
+    if (err == Z_OK) {
+      fpOutCD = fopen(fileOutTmp, "rb");
+      if (fpOutCD != NULL) {
+        int nRead;
+        char buffer[8192];
+        while ( (nRead = (int)fread(buffer, 1, sizeof(buffer), fpOutCD)) > 0) {
+          if ((int)fwrite(buffer, 1, nRead, fpOut) != nRead) {
+            err = Z_ERRNO;
+            break;
+          }
+        }
+        fclose(fpOutCD);
+      }
+    }
+
+    /* Close */
+    fclose(fpZip);
+    fclose(fpOut);
+
+    /* Wipe temporary file */
+    (void)remove(fileOutTmp);
+
+    /* Number of recovered entries */
+    if (err == Z_OK) {
+      if (nRecovered != NULL) {
+        *nRecovered = entries;
+      }
+      if (bytesRecovered != NULL) {
+        *bytesRecovered = totalBytes;
+      }
+    }
+  } else {
+    err = Z_STREAM_ERROR;
+  }
+  return err;
+}
diff --git a/zlib-1.3.1/contrib/minizip/mztools.h b/zlib-1.3.1/contrib/minizip/mztools.h
new file mode 100644
index 00000000..a49a426e
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/mztools.h
@@ -0,0 +1,37 @@
+/*
+  Additional tools for Minizip
+  Code: Xavier Roche '2004
+  License: Same as ZLIB (www.gzip.org)
+*/
+
+#ifndef _zip_tools_H
+#define _zip_tools_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef _ZLIB_H
+#include "zlib.h"
+#endif
+
+#include "unzip.h"
+
+/* Repair a ZIP file (missing central directory)
+   file: file to recover
+   fileOut: output file after recovery
+   fileOutTmp: temporary file name used for recovery
+*/
+extern int ZEXPORT unzRepair(const char* file,
+                             const char* fileOut,
+                             const char* fileOutTmp,
+                             uLong* nRecovered,
+                             uLong* bytesRecovered);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
diff --git a/zlib-1.3.1/contrib/minizip/unzip.c b/zlib-1.3.1/contrib/minizip/unzip.c
new file mode 100644
index 00000000..ea05b7d6
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/unzip.c
@@ -0,0 +1,1985 @@
+/* unzip.c -- IO for uncompress .zip files using zlib
+   Version 1.1, February 14h, 2010
+   part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications of Unzip for Zip64
+         Copyright (C) 2007-2008 Even Rouault
+
+         Modifications for Zip64 support on both zip and unzip
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+
+  ------------------------------------------------------------------------------------
+  Decryption code comes from crypt.c by Info-ZIP but has been greatly reduced in terms of
+  compatibility with older software. The following is from the original crypt.c.
+  Code woven in by Terry Thorsen 1/2003.
+
+  Copyright (c) 1990-2000 Info-ZIP.  All rights reserved.
+
+  See the accompanying file LICENSE, version 2000-Apr-09 or later
+  (the contents of which are also included in zip.h) for terms of use.
+  If, for some reason, all these files are missing, the Info-ZIP license
+  also may be found at:  ftp://ftp.info-zip.org/pub/infozip/license.html
+
+        crypt.c (full version) by Info-ZIP.      Last revised:  [see crypt.h]
+
+  The encryption/decryption parts of this source code (as opposed to the
+  non-echoing password parts) were originally written in Europe.  The
+  whole source package can be freely distributed, including from the USA.
+  (Prior to January 2000, re-export from the US was a violation of US law.)
+
+        This encryption code is a direct transcription of the algorithm from
+  Roger Schlafly, described by Phil Katz in the file appnote.txt.  This
+  file (appnote.txt) is distributed with the PKZIP program (even in the
+  version without encryption capabilities).
+
+        ------------------------------------------------------------------------------------
+
+        Changes in unzip.c
+
+        2007-2008 - Even Rouault - Addition of cpl_unzGetCurrentFileZStreamPos
+  2007-2008 - Even Rouault - Decoration of symbol names unz* -> cpl_unz*
+  2007-2008 - Even Rouault - Remove old C style function prototypes
+  2007-2008 - Even Rouault - Add unzip support for ZIP64
+
+        Copyright (C) 2007-2008 Even Rouault
+
+
+  Oct-2009 - Mathias Svensson - Removed cpl_* from symbol names (Even Rouault added them but since this is now moved to a new project (minizip64) I renamed them again).
+  Oct-2009 - Mathias Svensson - Fixed problem if uncompressed size was > 4G and compressed size was <4G
+                                should only read the compressed/uncompressed size from the Zip64 format if
+                                the size from normal header was 0xFFFFFFFF
+  Oct-2009 - Mathias Svensson - Applied some bug fixes from patches received from Gilles Vollant
+  Oct-2009 - Mathias Svensson - Applied support to unzip files with compression method BZIP2 (bzip2 lib is required)
+                                Patch created by Daniel Borca
+
+  Jan-2010 - back to unzip and minizip 1.0 name scheme, with compatibility layer
+
+  Copyright (C) 1998 - 2010 Gilles Vollant, Even Rouault, Mathias Svensson
+
+*/
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef NOUNCRYPT
+        #define NOUNCRYPT
+#endif
+
+#include "zlib.h"
+#include "unzip.h"
+
+#ifdef STDC
+#  include <stddef.h>
+#endif
+#ifdef NO_ERRNO_H
+    extern int errno;
+#else
+#   include <errno.h>
+#endif
+
+
+#ifndef local
+#  define local static
+#endif
+/* compile with -Dlocal if your debugger can't find static symbols */
+
+
+#ifndef CASESENSITIVITYDEFAULT_NO
+#  if !defined(unix) && !defined(CASESENSITIVITYDEFAULT_YES)
+#    define CASESENSITIVITYDEFAULT_NO
+#  endif
+#endif
+
+
+#ifndef UNZ_BUFSIZE
+#define UNZ_BUFSIZE (16384)
+#endif
+
+#ifndef UNZ_MAXFILENAMEINZIP
+#define UNZ_MAXFILENAMEINZIP (256)
+#endif
+
+#ifndef ALLOC
+# define ALLOC(size) (malloc(size))
+#endif
+
+#define SIZECENTRALDIRITEM (0x2e)
+#define SIZEZIPLOCALHEADER (0x1e)
+
+
+const char unz_copyright[] =
+   " unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll";
+
+/* unz_file_info64_internal contain internal info about a file in zipfile*/
+typedef struct unz_file_info64_internal_s
+{
+    ZPOS64_T offset_curfile;/* relative offset of local header 8 bytes */
+} unz_file_info64_internal;
+
+
+/* file_in_zip_read_info_s contain internal information about a file in zipfile,
+    when reading and decompress it */
+typedef struct
+{
+    char  *read_buffer;         /* internal buffer for compressed data */
+    z_stream stream;            /* zLib stream structure for inflate */
+
+#ifdef HAVE_BZIP2
+    bz_stream bstream;          /* bzLib stream structure for bziped */
+#endif
+
+    ZPOS64_T pos_in_zipfile;       /* position in byte on the zipfile, for fseek*/
+    uLong stream_initialised;   /* flag set if stream structure is initialised*/
+
+    ZPOS64_T offset_local_extrafield;/* offset of the local extra field */
+    uInt  size_local_extrafield;/* size of the local extra field */
+    ZPOS64_T pos_local_extrafield;   /* position in the local extra field in read*/
+    ZPOS64_T total_out_64;
+
+    uLong crc32;                /* crc32 of all data uncompressed */
+    uLong crc32_wait;           /* crc32 we must obtain after decompress all */
+    ZPOS64_T rest_read_compressed; /* number of byte to be decompressed */
+    ZPOS64_T rest_read_uncompressed;/*number of byte to be obtained after decomp*/
+    zlib_filefunc64_32_def z_filefunc;
+    voidpf filestream;        /* io structure of the zipfile */
+    uLong compression_method;   /* compression method (0==store) */
+    ZPOS64_T byte_before_the_zipfile;/* byte before the zipfile, (>0 for sfx)*/
+    int   raw;
+} file_in_zip64_read_info_s;
+
+
+/* unz64_s contain internal information about the zipfile
+*/
+typedef struct
+{
+    zlib_filefunc64_32_def z_filefunc;
+    int is64bitOpenFunction;
+    voidpf filestream;        /* io structure of the zipfile */
+    unz_global_info64 gi;       /* public global information */
+    ZPOS64_T byte_before_the_zipfile;/* byte before the zipfile, (>0 for sfx)*/
+    ZPOS64_T num_file;             /* number of the current file in the zipfile*/
+    ZPOS64_T pos_in_central_dir;   /* pos of the current file in the central dir*/
+    ZPOS64_T current_file_ok;      /* flag about the usability of the current file*/
+    ZPOS64_T central_pos;          /* position of the beginning of the central dir*/
+
+    ZPOS64_T size_central_dir;     /* size of the central directory  */
+    ZPOS64_T offset_central_dir;   /* offset of start of central directory with
+                                   respect to the starting disk number */
+
+    unz_file_info64 cur_file_info; /* public info about the current file in zip*/
+    unz_file_info64_internal cur_file_info_internal; /* private info about it*/
+    file_in_zip64_read_info_s* pfile_in_zip_read; /* structure about the current
+                                        file if we are decompressing it */
+    int encrypted;
+
+    int isZip64;
+
+#    ifndef NOUNCRYPT
+    unsigned long keys[3];     /* keys defining the pseudo-random sequence */
+    const z_crc_t* pcrc_32_tab;
+#    endif
+} unz64_s;
+
+
+#ifndef NOUNCRYPT
+#include "crypt.h"
+#endif
+
+
+/* ===========================================================================
+   Reads a long in LSB order from the given gz_stream. Sets
+*/
+
+local int unz64local_getShort(const zlib_filefunc64_32_def* pzlib_filefunc_def,
+                              voidpf filestream,
+                              uLong *pX) {
+    unsigned char c[2];
+    int err = (int)ZREAD64(*pzlib_filefunc_def,filestream,c,2);
+    if (err==2)
+    {
+        *pX = c[0] | ((uLong)c[1] << 8);
+        return UNZ_OK;
+    }
+    else
+    {
+        *pX = 0;
+        if (ZERROR64(*pzlib_filefunc_def,filestream))
+            return UNZ_ERRNO;
+        else
+            return UNZ_EOF;
+    }
+}
+
+local int unz64local_getLong(const zlib_filefunc64_32_def* pzlib_filefunc_def,
+                             voidpf filestream,
+                             uLong *pX) {
+    unsigned char c[4];
+    int err = (int)ZREAD64(*pzlib_filefunc_def,filestream,c,4);
+    if (err==4)
+    {
+        *pX = c[0] | ((uLong)c[1] << 8) | ((uLong)c[2] << 16) | ((uLong)c[3] << 24);
+        return UNZ_OK;
+    }
+    else
+    {
+        *pX = 0;
+        if (ZERROR64(*pzlib_filefunc_def,filestream))
+            return UNZ_ERRNO;
+        else
+            return UNZ_EOF;
+    }
+}
+
+
+local int unz64local_getLong64(const zlib_filefunc64_32_def* pzlib_filefunc_def,
+                               voidpf filestream,
+                               ZPOS64_T *pX) {
+    unsigned char c[8];
+    int err = (int)ZREAD64(*pzlib_filefunc_def,filestream,c,8);
+    if (err==8)
+    {
+        *pX = c[0] | ((ZPOS64_T)c[1] << 8) | ((ZPOS64_T)c[2] << 16) | ((ZPOS64_T)c[3] << 24)
+            | ((ZPOS64_T)c[4] << 32) | ((ZPOS64_T)c[5] << 40) | ((ZPOS64_T)c[6] << 48) | ((ZPOS64_T)c[7] << 56);
+        return UNZ_OK;
+    }
+    else
+    {
+        *pX = 0;
+        if (ZERROR64(*pzlib_filefunc_def,filestream))
+            return UNZ_ERRNO;
+        else
+            return UNZ_EOF;
+    }
+}
+
+/* My own strcmpi / strcasecmp */
+local int strcmpcasenosensitive_internal(const char* fileName1, const char* fileName2) {
+    for (;;)
+    {
+        char c1=*(fileName1++);
+        char c2=*(fileName2++);
+        if ((c1>='a') && (c1<='z'))
+            c1 -= 0x20;
+        if ((c2>='a') && (c2<='z'))
+            c2 -= 0x20;
+        if (c1=='\0')
+            return ((c2=='\0') ? 0 : -1);
+        if (c2=='\0')
+            return 1;
+        if (c1<c2)
+            return -1;
+        if (c1>c2)
+            return 1;
+    }
+}
+
+
+#ifdef  CASESENSITIVITYDEFAULT_NO
+#define CASESENSITIVITYDEFAULTVALUE 2
+#else
+#define CASESENSITIVITYDEFAULTVALUE 1
+#endif
+
+#ifndef STRCMPCASENOSENTIVEFUNCTION
+#define STRCMPCASENOSENTIVEFUNCTION strcmpcasenosensitive_internal
+#endif
+
+/*
+   Compare two filenames (fileName1,fileName2).
+   If iCaseSensitivity = 1, comparison is case sensitive (like strcmp)
+   If iCaseSensitivity = 2, comparison is not case sensitive (like strcmpi
+                                                                or strcasecmp)
+   If iCaseSensitivity = 0, case sensitivity is default of your operating system
+        (like 1 on Unix, 2 on Windows)
+
+*/
+extern int ZEXPORT unzStringFileNameCompare (const char*  fileName1,
+                                             const char*  fileName2,
+                                             int iCaseSensitivity) {
+    if (iCaseSensitivity==0)
+        iCaseSensitivity=CASESENSITIVITYDEFAULTVALUE;
+
+    if (iCaseSensitivity==1)
+        return strcmp(fileName1,fileName2);
+
+    return STRCMPCASENOSENTIVEFUNCTION(fileName1,fileName2);
+}
+
+#ifndef BUFREADCOMMENT
+#define BUFREADCOMMENT (0x400)
+#endif
+
+#ifndef CENTRALDIRINVALID
+#define CENTRALDIRINVALID ((ZPOS64_T)(-1))
+#endif
+
+/*
+  Locate the Central directory of a zipfile (at the end, just before
+    the global comment)
+*/
+local ZPOS64_T unz64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream) {
+    unsigned char* buf;
+    ZPOS64_T uSizeFile;
+    ZPOS64_T uBackRead;
+    ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */
+    ZPOS64_T uPosFound=CENTRALDIRINVALID;
+
+    if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0)
+        return CENTRALDIRINVALID;
+
+
+    uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream);
+
+    if (uMaxBack>uSizeFile)
+        uMaxBack = uSizeFile;
+
+    buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4);
+    if (buf==NULL)
+        return CENTRALDIRINVALID;
+
+    uBackRead = 4;
+    while (uBackRead<uMaxBack)
+    {
+        uLong uReadSize;
+        ZPOS64_T uReadPos ;
+        int i;
+        if (uBackRead+BUFREADCOMMENT>uMaxBack)
+            uBackRead = uMaxBack;
+        else
+            uBackRead+=BUFREADCOMMENT;
+        uReadPos = uSizeFile-uBackRead ;
+
+        uReadSize = ((BUFREADCOMMENT+4) < (uSizeFile-uReadPos)) ?
+                     (BUFREADCOMMENT+4) : (uLong)(uSizeFile-uReadPos);
+        if (ZSEEK64(*pzlib_filefunc_def,filestream,uReadPos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+            break;
+
+        if (ZREAD64(*pzlib_filefunc_def,filestream,buf,uReadSize)!=uReadSize)
+            break;
+
+        for (i=(int)uReadSize-3; (i--)>0;)
+            if (((*(buf+i))==0x50) && ((*(buf+i+1))==0x4b) &&
+                ((*(buf+i+2))==0x05) && ((*(buf+i+3))==0x06))
+            {
+                uPosFound = uReadPos+(unsigned)i;
+                break;
+            }
+
+        if (uPosFound!=CENTRALDIRINVALID)
+            break;
+    }
+    free(buf);
+    return uPosFound;
+}
+
+
+/*
+  Locate the Central directory 64 of a zipfile (at the end, just before
+    the global comment)
+*/
+local ZPOS64_T unz64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib_filefunc_def,
+                                             voidpf filestream) {
+    unsigned char* buf;
+    ZPOS64_T uSizeFile;
+    ZPOS64_T uBackRead;
+    ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */
+    ZPOS64_T uPosFound=CENTRALDIRINVALID;
+    uLong uL;
+                ZPOS64_T relativeOffset;
+
+    if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0)
+        return CENTRALDIRINVALID;
+
+
+    uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream);
+
+    if (uMaxBack>uSizeFile)
+        uMaxBack = uSizeFile;
+
+    buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4);
+    if (buf==NULL)
+        return CENTRALDIRINVALID;
+
+    uBackRead = 4;
+    while (uBackRead<uMaxBack)
+    {
+        uLong uReadSize;
+        ZPOS64_T uReadPos;
+        int i;
+        if (uBackRead+BUFREADCOMMENT>uMaxBack)
+            uBackRead = uMaxBack;
+        else
+            uBackRead+=BUFREADCOMMENT;
+        uReadPos = uSizeFile-uBackRead ;
+
+        uReadSize = ((BUFREADCOMMENT+4) < (uSizeFile-uReadPos)) ?
+                     (BUFREADCOMMENT+4) : (uLong)(uSizeFile-uReadPos);
+        if (ZSEEK64(*pzlib_filefunc_def,filestream,uReadPos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+            break;
+
+        if (ZREAD64(*pzlib_filefunc_def,filestream,buf,uReadSize)!=uReadSize)
+            break;
+
+        for (i=(int)uReadSize-3; (i--)>0;)
+            if (((*(buf+i))==0x50) && ((*(buf+i+1))==0x4b) &&
+                ((*(buf+i+2))==0x06) && ((*(buf+i+3))==0x07))
+            {
+                uPosFound = uReadPos+(unsigned)i;
+                break;
+            }
+
+        if (uPosFound!=CENTRALDIRINVALID)
+            break;
+    }
+    free(buf);
+    if (uPosFound == CENTRALDIRINVALID)
+        return CENTRALDIRINVALID;
+
+    /* Zip64 end of central directory locator */
+    if (ZSEEK64(*pzlib_filefunc_def,filestream, uPosFound,ZLIB_FILEFUNC_SEEK_SET)!=0)
+        return CENTRALDIRINVALID;
+
+    /* the signature, already checked */
+    if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
+        return CENTRALDIRINVALID;
+
+    /* number of the disk with the start of the zip64 end of central directory */
+    if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
+        return CENTRALDIRINVALID;
+    if (uL != 0)
+        return CENTRALDIRINVALID;
+
+    /* relative offset of the zip64 end of central directory record */
+    if (unz64local_getLong64(pzlib_filefunc_def,filestream,&relativeOffset)!=UNZ_OK)
+        return CENTRALDIRINVALID;
+
+    /* total number of disks */
+    if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
+        return CENTRALDIRINVALID;
+    if (uL != 1)
+        return CENTRALDIRINVALID;
+
+    /* Goto end of central directory record */
+    if (ZSEEK64(*pzlib_filefunc_def,filestream, relativeOffset,ZLIB_FILEFUNC_SEEK_SET)!=0)
+        return CENTRALDIRINVALID;
+
+     /* the signature */
+    if (unz64local_getLong(pzlib_filefunc_def,filestream,&uL)!=UNZ_OK)
+        return CENTRALDIRINVALID;
+
+    if (uL != 0x06064b50)
+        return CENTRALDIRINVALID;
+
+    return relativeOffset;
+}
+
+/*
+  Open a Zip file. path contain the full pathname (by example,
+     on a Windows NT computer "c:\\test\\zlib114.zip" or on an Unix computer
+     "zlib/zlib114.zip".
+     If the zipfile cannot be opened (file doesn't exist or in not valid), the
+       return value is NULL.
+     Else, the return value is a unzFile Handle, usable with other function
+       of this unzip package.
+*/
+local unzFile unzOpenInternal(const void *path,
+                              zlib_filefunc64_32_def* pzlib_filefunc64_32_def,
+                              int is64bitOpenFunction) {
+    unz64_s us;
+    unz64_s *s;
+    ZPOS64_T central_pos;
+    uLong   uL;
+
+    uLong number_disk;          /* number of the current disk, used for
+                                   spanning ZIP, unsupported, always 0*/
+    uLong number_disk_with_CD;  /* number the disk with central dir, used
+                                   for spanning ZIP, unsupported, always 0*/
+    ZPOS64_T number_entry_CD;      /* total number of entries in
+                                   the central dir
+                                   (same than number_entry on nospan) */
+
+    int err=UNZ_OK;
+
+    if (unz_copyright[0]!=' ')
+        return NULL;
+
+    us.z_filefunc.zseek32_file = NULL;
+    us.z_filefunc.ztell32_file = NULL;
+    if (pzlib_filefunc64_32_def==NULL)
+        fill_fopen64_filefunc(&us.z_filefunc.zfile_func64);
+    else
+        us.z_filefunc = *pzlib_filefunc64_32_def;
+    us.is64bitOpenFunction = is64bitOpenFunction;
+
+
+
+    us.filestream = ZOPEN64(us.z_filefunc,
+                                                 path,
+                                                 ZLIB_FILEFUNC_MODE_READ |
+                                                 ZLIB_FILEFUNC_MODE_EXISTING);
+    if (us.filestream==NULL)
+        return NULL;
+
+    central_pos = unz64local_SearchCentralDir64(&us.z_filefunc,us.filestream);
+    if (central_pos!=CENTRALDIRINVALID)
+    {
+        uLong uS;
+        ZPOS64_T uL64;
+
+        us.isZip64 = 1;
+
+        if (ZSEEK64(us.z_filefunc, us.filestream,
+                                      central_pos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+        err=UNZ_ERRNO;
+
+        /* the signature, already checked */
+        if (unz64local_getLong(&us.z_filefunc, us.filestream,&uL)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* size of zip64 end of central directory record */
+        if (unz64local_getLong64(&us.z_filefunc, us.filestream,&uL64)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* version made by */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&uS)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* version needed to extract */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&uS)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* number of this disk */
+        if (unz64local_getLong(&us.z_filefunc, us.filestream,&number_disk)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* number of the disk with the start of the central directory */
+        if (unz64local_getLong(&us.z_filefunc, us.filestream,&number_disk_with_CD)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* total number of entries in the central directory on this disk */
+        if (unz64local_getLong64(&us.z_filefunc, us.filestream,&us.gi.number_entry)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* total number of entries in the central directory */
+        if (unz64local_getLong64(&us.z_filefunc, us.filestream,&number_entry_CD)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        if ((number_entry_CD!=us.gi.number_entry) ||
+            (number_disk_with_CD!=0) ||
+            (number_disk!=0))
+            err=UNZ_BADZIPFILE;
+
+        /* size of the central directory */
+        if (unz64local_getLong64(&us.z_filefunc, us.filestream,&us.size_central_dir)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* offset of start of central directory with respect to the
+          starting disk number */
+        if (unz64local_getLong64(&us.z_filefunc, us.filestream,&us.offset_central_dir)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        us.gi.size_comment = 0;
+    }
+    else
+    {
+        central_pos = unz64local_SearchCentralDir(&us.z_filefunc,us.filestream);
+        if (central_pos==CENTRALDIRINVALID)
+            err=UNZ_ERRNO;
+
+        us.isZip64 = 0;
+
+        if (ZSEEK64(us.z_filefunc, us.filestream,
+                                        central_pos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+            err=UNZ_ERRNO;
+
+        /* the signature, already checked */
+        if (unz64local_getLong(&us.z_filefunc, us.filestream,&uL)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* number of this disk */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&number_disk)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* number of the disk with the start of the central directory */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&number_disk_with_CD)!=UNZ_OK)
+            err=UNZ_ERRNO;
+
+        /* total number of entries in the central dir on this disk */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&uL)!=UNZ_OK)
+            err=UNZ_ERRNO;
+        us.gi.number_entry = uL;
+
+        /* total number of entries in the central dir */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&uL)!=UNZ_OK)
+            err=UNZ_ERRNO;
+        number_entry_CD = uL;
+
+        if ((number_entry_CD!=us.gi.number_entry) ||
+            (number_disk_with_CD!=0) ||
+            (number_disk!=0))
+            err=UNZ_BADZIPFILE;
+
+        /* size of the central directory */
+        if (unz64local_getLong(&us.z_filefunc, us.filestream,&uL)!=UNZ_OK)
+            err=UNZ_ERRNO;
+        us.size_central_dir = uL;
+
+        /* offset of start of central directory with respect to the
+            starting disk number */
+        if (unz64local_getLong(&us.z_filefunc, us.filestream,&uL)!=UNZ_OK)
+            err=UNZ_ERRNO;
+        us.offset_central_dir = uL;
+
+        /* zipfile comment length */
+        if (unz64local_getShort(&us.z_filefunc, us.filestream,&us.gi.size_comment)!=UNZ_OK)
+            err=UNZ_ERRNO;
+    }
+
+    if ((central_pos<us.offset_central_dir+us.size_central_dir) &&
+        (err==UNZ_OK))
+        err=UNZ_BADZIPFILE;
+
+    if (err!=UNZ_OK)
+    {
+        ZCLOSE64(us.z_filefunc, us.filestream);
+        return NULL;
+    }
+
+    us.byte_before_the_zipfile = central_pos -
+                            (us.offset_central_dir+us.size_central_dir);
+    us.central_pos = central_pos;
+    us.pfile_in_zip_read = NULL;
+    us.encrypted = 0;
+
+
+    s=(unz64_s*)ALLOC(sizeof(unz64_s));
+    if( s != NULL)
+    {
+        *s=us;
+        unzGoToFirstFile((unzFile)s);
+    }
+    return (unzFile)s;
+}
+
+
+extern unzFile ZEXPORT unzOpen2(const char *path,
+                                zlib_filefunc_def* pzlib_filefunc32_def) {
+    if (pzlib_filefunc32_def != NULL)
+    {
+        zlib_filefunc64_32_def zlib_filefunc64_32_def_fill;
+        fill_zlib_filefunc64_32_def_from_filefunc32(&zlib_filefunc64_32_def_fill,pzlib_filefunc32_def);
+        return unzOpenInternal(path, &zlib_filefunc64_32_def_fill, 0);
+    }
+    else
+        return unzOpenInternal(path, NULL, 0);
+}
+
+extern unzFile ZEXPORT unzOpen2_64(const void *path,
+                                   zlib_filefunc64_def* pzlib_filefunc_def) {
+    if (pzlib_filefunc_def != NULL)
+    {
+        zlib_filefunc64_32_def zlib_filefunc64_32_def_fill;
+        zlib_filefunc64_32_def_fill.zfile_func64 = *pzlib_filefunc_def;
+        zlib_filefunc64_32_def_fill.ztell32_file = NULL;
+        zlib_filefunc64_32_def_fill.zseek32_file = NULL;
+        return unzOpenInternal(path, &zlib_filefunc64_32_def_fill, 1);
+    }
+    else
+        return unzOpenInternal(path, NULL, 1);
+}
+
+extern unzFile ZEXPORT unzOpen(const char *path) {
+    return unzOpenInternal(path, NULL, 0);
+}
+
+extern unzFile ZEXPORT unzOpen64(const void *path) {
+    return unzOpenInternal(path, NULL, 1);
+}
+
+/*
+  Close a ZipFile opened with unzOpen.
+  If there is files inside the .Zip opened with unzOpenCurrentFile (see later),
+    these files MUST be closed with unzCloseCurrentFile before call unzClose.
+  return UNZ_OK if there is no problem. */
+extern int ZEXPORT unzClose(unzFile file) {
+    unz64_s* s;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+
+    if (s->pfile_in_zip_read!=NULL)
+        unzCloseCurrentFile(file);
+
+    ZCLOSE64(s->z_filefunc, s->filestream);
+    free(s);
+    return UNZ_OK;
+}
+
+
+/*
+  Write info about the ZipFile in the *pglobal_info structure.
+  No preparation of the structure is needed
+  return UNZ_OK if there is no problem. */
+extern int ZEXPORT unzGetGlobalInfo64(unzFile file, unz_global_info64* pglobal_info) {
+    unz64_s* s;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    *pglobal_info=s->gi;
+    return UNZ_OK;
+}
+
+extern int ZEXPORT unzGetGlobalInfo(unzFile file, unz_global_info* pglobal_info32) {
+    unz64_s* s;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    /* to do : check if number_entry is not truncated */
+    pglobal_info32->number_entry = (uLong)s->gi.number_entry;
+    pglobal_info32->size_comment = s->gi.size_comment;
+    return UNZ_OK;
+}
+/*
+   Translate date/time from Dos format to tm_unz (readable more easily)
+*/
+local void unz64local_DosDateToTmuDate(ZPOS64_T ulDosDate, tm_unz* ptm) {
+    ZPOS64_T uDate;
+    uDate = (ZPOS64_T)(ulDosDate>>16);
+    ptm->tm_mday = (int)(uDate&0x1f) ;
+    ptm->tm_mon =  (int)((((uDate)&0x1E0)/0x20)-1) ;
+    ptm->tm_year = (int)(((uDate&0x0FE00)/0x0200)+1980) ;
+
+    ptm->tm_hour = (int) ((ulDosDate &0xF800)/0x800);
+    ptm->tm_min =  (int) ((ulDosDate&0x7E0)/0x20) ;
+    ptm->tm_sec =  (int) (2*(ulDosDate&0x1f)) ;
+}
+
+/*
+  Get Info about the current file in the zipfile, with internal only info
+*/
+local int unz64local_GetCurrentFileInfoInternal(unzFile file,
+                                                unz_file_info64 *pfile_info,
+                                                unz_file_info64_internal
+                                                *pfile_info_internal,
+                                                char *szFileName,
+                                                uLong fileNameBufferSize,
+                                                void *extraField,
+                                                uLong extraFieldBufferSize,
+                                                char *szComment,
+                                                uLong commentBufferSize) {
+    unz64_s* s;
+    unz_file_info64 file_info;
+    unz_file_info64_internal file_info_internal;
+    int err=UNZ_OK;
+    uLong uMagic;
+    long lSeek=0;
+    uLong uL;
+
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    if (ZSEEK64(s->z_filefunc, s->filestream,
+              s->pos_in_central_dir+s->byte_before_the_zipfile,
+              ZLIB_FILEFUNC_SEEK_SET)!=0)
+        err=UNZ_ERRNO;
+
+
+    /* we check the magic */
+    if (err==UNZ_OK)
+    {
+        if (unz64local_getLong(&s->z_filefunc, s->filestream,&uMagic) != UNZ_OK)
+            err=UNZ_ERRNO;
+        else if (uMagic!=0x02014b50)
+            err=UNZ_BADZIPFILE;
+    }
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.version) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.version_needed) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.flag) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.compression_method) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.dosDate) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    unz64local_DosDateToTmuDate(file_info.dosDate,&file_info.tmu_date);
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.crc) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK)
+        err=UNZ_ERRNO;
+    file_info.compressed_size = uL;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK)
+        err=UNZ_ERRNO;
+    file_info.uncompressed_size = uL;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.size_filename) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.size_file_extra) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.size_file_comment) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.disk_num_start) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&file_info.internal_fa) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.external_fa) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+                // relative offset of local header
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK)
+        err=UNZ_ERRNO;
+    file_info_internal.offset_curfile = uL;
+
+    lSeek+=file_info.size_filename;
+    if ((err==UNZ_OK) && (szFileName!=NULL))
+    {
+        uLong uSizeRead ;
+        if (file_info.size_filename<fileNameBufferSize)
+        {
+            *(szFileName+file_info.size_filename)='\0';
+            uSizeRead = file_info.size_filename;
+        }
+        else
+            uSizeRead = fileNameBufferSize;
+
+        if ((file_info.size_filename>0) && (fileNameBufferSize>0))
+            if (ZREAD64(s->z_filefunc, s->filestream,szFileName,uSizeRead)!=uSizeRead)
+                err=UNZ_ERRNO;
+        lSeek -= uSizeRead;
+    }
+
+    // Read extrafield
+    if ((err==UNZ_OK) && (extraField!=NULL))
+    {
+        ZPOS64_T uSizeRead ;
+        if (file_info.size_file_extra<extraFieldBufferSize)
+            uSizeRead = file_info.size_file_extra;
+        else
+            uSizeRead = extraFieldBufferSize;
+
+        if (lSeek!=0)
+        {
+            if (ZSEEK64(s->z_filefunc, s->filestream,(ZPOS64_T)lSeek,ZLIB_FILEFUNC_SEEK_CUR)==0)
+                lSeek=0;
+            else
+                err=UNZ_ERRNO;
+        }
+
+        if ((file_info.size_file_extra>0) && (extraFieldBufferSize>0))
+            if (ZREAD64(s->z_filefunc, s->filestream,extraField,(uLong)uSizeRead)!=uSizeRead)
+                err=UNZ_ERRNO;
+
+        lSeek += file_info.size_file_extra - (uLong)uSizeRead;
+    }
+    else
+        lSeek += file_info.size_file_extra;
+
+
+    if ((err==UNZ_OK) && (file_info.size_file_extra != 0))
+    {
+                                uLong acc = 0;
+
+        // since lSeek now points to after the extra field we need to move back
+        lSeek -= file_info.size_file_extra;
+
+        if (lSeek!=0)
+        {
+            if (ZSEEK64(s->z_filefunc, s->filestream,(ZPOS64_T)lSeek,ZLIB_FILEFUNC_SEEK_CUR)==0)
+                lSeek=0;
+            else
+                err=UNZ_ERRNO;
+        }
+
+        while(acc < file_info.size_file_extra)
+        {
+            uLong headerId;
+                                                uLong dataSize;
+
+            if (unz64local_getShort(&s->z_filefunc, s->filestream,&headerId) != UNZ_OK)
+                err=UNZ_ERRNO;
+
+            if (unz64local_getShort(&s->z_filefunc, s->filestream,&dataSize) != UNZ_OK)
+                err=UNZ_ERRNO;
+
+            /* ZIP64 extra fields */
+            if (headerId == 0x0001)
+            {
+                if(file_info.uncompressed_size == MAXU32)
+                {
+                    if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info.uncompressed_size) != UNZ_OK)
+                        err=UNZ_ERRNO;
+                }
+
+                if(file_info.compressed_size == MAXU32)
+                {
+                    if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info.compressed_size) != UNZ_OK)
+                        err=UNZ_ERRNO;
+                }
+
+                if(file_info_internal.offset_curfile == MAXU32)
+                {
+                    /* Relative Header offset */
+                    if (unz64local_getLong64(&s->z_filefunc, s->filestream,&file_info_internal.offset_curfile) != UNZ_OK)
+                        err=UNZ_ERRNO;
+                }
+
+                if(file_info.disk_num_start == 0xffff)
+                {
+                    /* Disk Start Number */
+                    if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.disk_num_start) != UNZ_OK)
+                        err=UNZ_ERRNO;
+                }
+
+            }
+            else
+            {
+                if (ZSEEK64(s->z_filefunc, s->filestream,dataSize,ZLIB_FILEFUNC_SEEK_CUR)!=0)
+                    err=UNZ_ERRNO;
+            }
+
+            acc += 2 + 2 + dataSize;
+        }
+    }
+
+    if ((err==UNZ_OK) && (szComment!=NULL))
+    {
+        uLong uSizeRead ;
+        if (file_info.size_file_comment<commentBufferSize)
+        {
+            *(szComment+file_info.size_file_comment)='\0';
+            uSizeRead = file_info.size_file_comment;
+        }
+        else
+            uSizeRead = commentBufferSize;
+
+        if (lSeek!=0)
+        {
+            if (ZSEEK64(s->z_filefunc, s->filestream,(ZPOS64_T)lSeek,ZLIB_FILEFUNC_SEEK_CUR)==0)
+                lSeek=0;
+            else
+                err=UNZ_ERRNO;
+        }
+
+        if ((file_info.size_file_comment>0) && (commentBufferSize>0))
+            if (ZREAD64(s->z_filefunc, s->filestream,szComment,uSizeRead)!=uSizeRead)
+                err=UNZ_ERRNO;
+        lSeek+=file_info.size_file_comment - uSizeRead;
+    }
+    else
+        lSeek+=file_info.size_file_comment;
+
+
+    if ((err==UNZ_OK) && (pfile_info!=NULL))
+        *pfile_info=file_info;
+
+    if ((err==UNZ_OK) && (pfile_info_internal!=NULL))
+        *pfile_info_internal=file_info_internal;
+
+    return err;
+}
+
+
+
+/*
+  Write info about the ZipFile in the *pglobal_info structure.
+  No preparation of the structure is needed
+  return UNZ_OK if there is no problem.
+*/
+extern int ZEXPORT unzGetCurrentFileInfo64(unzFile file,
+                                           unz_file_info64 * pfile_info,
+                                           char * szFileName, uLong fileNameBufferSize,
+                                           void *extraField, uLong extraFieldBufferSize,
+                                           char* szComment,  uLong commentBufferSize) {
+    return unz64local_GetCurrentFileInfoInternal(file,pfile_info,NULL,
+                                                 szFileName,fileNameBufferSize,
+                                                 extraField,extraFieldBufferSize,
+                                                 szComment,commentBufferSize);
+}
+
+extern int ZEXPORT unzGetCurrentFileInfo(unzFile file,
+                                         unz_file_info * pfile_info,
+                                         char * szFileName, uLong fileNameBufferSize,
+                                         void *extraField, uLong extraFieldBufferSize,
+                                         char* szComment,  uLong commentBufferSize) {
+    int err;
+    unz_file_info64 file_info64;
+    err = unz64local_GetCurrentFileInfoInternal(file,&file_info64,NULL,
+                                                szFileName,fileNameBufferSize,
+                                                extraField,extraFieldBufferSize,
+                                                szComment,commentBufferSize);
+    if ((err==UNZ_OK) && (pfile_info != NULL))
+    {
+        pfile_info->version = file_info64.version;
+        pfile_info->version_needed = file_info64.version_needed;
+        pfile_info->flag = file_info64.flag;
+        pfile_info->compression_method = file_info64.compression_method;
+        pfile_info->dosDate = file_info64.dosDate;
+        pfile_info->crc = file_info64.crc;
+
+        pfile_info->size_filename = file_info64.size_filename;
+        pfile_info->size_file_extra = file_info64.size_file_extra;
+        pfile_info->size_file_comment = file_info64.size_file_comment;
+
+        pfile_info->disk_num_start = file_info64.disk_num_start;
+        pfile_info->internal_fa = file_info64.internal_fa;
+        pfile_info->external_fa = file_info64.external_fa;
+
+        pfile_info->tmu_date = file_info64.tmu_date;
+
+
+        pfile_info->compressed_size = (uLong)file_info64.compressed_size;
+        pfile_info->uncompressed_size = (uLong)file_info64.uncompressed_size;
+
+    }
+    return err;
+}
+/*
+  Set the current file of the zipfile to the first file.
+  return UNZ_OK if there is no problem
+*/
+extern int ZEXPORT unzGoToFirstFile(unzFile file) {
+    int err=UNZ_OK;
+    unz64_s* s;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    s->pos_in_central_dir=s->offset_central_dir;
+    s->num_file=0;
+    err=unz64local_GetCurrentFileInfoInternal(file,&s->cur_file_info,
+                                             &s->cur_file_info_internal,
+                                             NULL,0,NULL,0,NULL,0);
+    s->current_file_ok = (err == UNZ_OK);
+    return err;
+}
+
+/*
+  Set the current file of the zipfile to the next file.
+  return UNZ_OK if there is no problem
+  return UNZ_END_OF_LIST_OF_FILE if the actual file was the latest.
+*/
+extern int ZEXPORT unzGoToNextFile(unzFile file) {
+    unz64_s* s;
+    int err;
+
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    if (!s->current_file_ok)
+        return UNZ_END_OF_LIST_OF_FILE;
+    if (s->gi.number_entry != 0xffff)    /* 2^16 files overflow hack */
+      if (s->num_file+1==s->gi.number_entry)
+        return UNZ_END_OF_LIST_OF_FILE;
+
+    s->pos_in_central_dir += SIZECENTRALDIRITEM + s->cur_file_info.size_filename +
+            s->cur_file_info.size_file_extra + s->cur_file_info.size_file_comment ;
+    s->num_file++;
+    err = unz64local_GetCurrentFileInfoInternal(file,&s->cur_file_info,
+                                               &s->cur_file_info_internal,
+                                               NULL,0,NULL,0,NULL,0);
+    s->current_file_ok = (err == UNZ_OK);
+    return err;
+}
+
+
+/*
+  Try locate the file szFileName in the zipfile.
+  For the iCaseSensitivity signification, see unzStringFileNameCompare
+
+  return value :
+  UNZ_OK if the file is found. It becomes the current file.
+  UNZ_END_OF_LIST_OF_FILE if the file is not found
+*/
+extern int ZEXPORT unzLocateFile(unzFile file, const char *szFileName, int iCaseSensitivity) {
+    unz64_s* s;
+    int err;
+
+    /* We remember the 'current' position in the file so that we can jump
+     * back there if we fail.
+     */
+    unz_file_info64 cur_file_infoSaved;
+    unz_file_info64_internal cur_file_info_internalSaved;
+    ZPOS64_T num_fileSaved;
+    ZPOS64_T pos_in_central_dirSaved;
+
+
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+
+    if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP)
+        return UNZ_PARAMERROR;
+
+    s=(unz64_s*)file;
+    if (!s->current_file_ok)
+        return UNZ_END_OF_LIST_OF_FILE;
+
+    /* Save the current state */
+    num_fileSaved = s->num_file;
+    pos_in_central_dirSaved = s->pos_in_central_dir;
+    cur_file_infoSaved = s->cur_file_info;
+    cur_file_info_internalSaved = s->cur_file_info_internal;
+
+    err = unzGoToFirstFile(file);
+
+    while (err == UNZ_OK)
+    {
+        char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
+        err = unzGetCurrentFileInfo64(file,NULL,
+                                    szCurrentFileName,sizeof(szCurrentFileName)-1,
+                                    NULL,0,NULL,0);
+        if (err == UNZ_OK)
+        {
+            if (unzStringFileNameCompare(szCurrentFileName,
+                                            szFileName,iCaseSensitivity)==0)
+                return UNZ_OK;
+            err = unzGoToNextFile(file);
+        }
+    }
+
+    /* We failed, so restore the state of the 'current file' to where we
+     * were.
+     */
+    s->num_file = num_fileSaved ;
+    s->pos_in_central_dir = pos_in_central_dirSaved ;
+    s->cur_file_info = cur_file_infoSaved;
+    s->cur_file_info_internal = cur_file_info_internalSaved;
+    return err;
+}
+
+
+/*
+///////////////////////////////////////////
+// Contributed by Ryan Haksi (mailto://cryogen@infoserve.net)
+// I need random access
+//
+// Further optimization could be realized by adding an ability
+// to cache the directory in memory. The goal being a single
+// comprehensive file read to put the file I need in a memory.
+*/
+
+/*
+typedef struct unz_file_pos_s
+{
+    ZPOS64_T pos_in_zip_directory;   // offset in file
+    ZPOS64_T num_of_file;            // # of file
+} unz_file_pos;
+*/
+
+extern int ZEXPORT unzGetFilePos64(unzFile file, unz64_file_pos* file_pos) {
+    unz64_s* s;
+
+    if (file==NULL || file_pos==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    if (!s->current_file_ok)
+        return UNZ_END_OF_LIST_OF_FILE;
+
+    file_pos->pos_in_zip_directory  = s->pos_in_central_dir;
+    file_pos->num_of_file           = s->num_file;
+
+    return UNZ_OK;
+}
+
+extern int ZEXPORT unzGetFilePos(unzFile file, unz_file_pos* file_pos) {
+    unz64_file_pos file_pos64;
+    int err = unzGetFilePos64(file,&file_pos64);
+    if (err==UNZ_OK)
+    {
+        file_pos->pos_in_zip_directory = (uLong)file_pos64.pos_in_zip_directory;
+        file_pos->num_of_file = (uLong)file_pos64.num_of_file;
+    }
+    return err;
+}
+
+extern int ZEXPORT unzGoToFilePos64(unzFile file, const unz64_file_pos* file_pos) {
+    unz64_s* s;
+    int err;
+
+    if (file==NULL || file_pos==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+
+    /* jump to the right spot */
+    s->pos_in_central_dir = file_pos->pos_in_zip_directory;
+    s->num_file           = file_pos->num_of_file;
+
+    /* set the current file */
+    err = unz64local_GetCurrentFileInfoInternal(file,&s->cur_file_info,
+                                               &s->cur_file_info_internal,
+                                               NULL,0,NULL,0,NULL,0);
+    /* return results */
+    s->current_file_ok = (err == UNZ_OK);
+    return err;
+}
+
+extern int ZEXPORT unzGoToFilePos(unzFile file, unz_file_pos* file_pos) {
+    unz64_file_pos file_pos64;
+    if (file_pos == NULL)
+        return UNZ_PARAMERROR;
+
+    file_pos64.pos_in_zip_directory = file_pos->pos_in_zip_directory;
+    file_pos64.num_of_file = file_pos->num_of_file;
+    return unzGoToFilePos64(file,&file_pos64);
+}
+
+/*
+// Unzip Helper Functions - should be here?
+///////////////////////////////////////////
+*/
+
+/*
+  Read the local header of the current zipfile
+  Check the coherency of the local header and info in the end of central
+        directory about this file
+  store in *piSizeVar the size of extra info in local header
+        (filename and size of extra field data)
+*/
+local int unz64local_CheckCurrentFileCoherencyHeader(unz64_s* s, uInt* piSizeVar,
+                                                     ZPOS64_T * poffset_local_extrafield,
+                                                     uInt  * psize_local_extrafield) {
+    uLong uMagic,uData,uFlags;
+    uLong size_filename;
+    uLong size_extra_field;
+    int err=UNZ_OK;
+
+    *piSizeVar = 0;
+    *poffset_local_extrafield = 0;
+    *psize_local_extrafield = 0;
+
+    if (ZSEEK64(s->z_filefunc, s->filestream,s->cur_file_info_internal.offset_curfile +
+                                s->byte_before_the_zipfile,ZLIB_FILEFUNC_SEEK_SET)!=0)
+        return UNZ_ERRNO;
+
+
+    if (err==UNZ_OK)
+    {
+        if (unz64local_getLong(&s->z_filefunc, s->filestream,&uMagic) != UNZ_OK)
+            err=UNZ_ERRNO;
+        else if (uMagic!=0x04034b50)
+            err=UNZ_BADZIPFILE;
+    }
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&uData) != UNZ_OK)
+        err=UNZ_ERRNO;
+/*
+    else if ((err==UNZ_OK) && (uData!=s->cur_file_info.wVersion))
+        err=UNZ_BADZIPFILE;
+*/
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&uFlags) != UNZ_OK)
+        err=UNZ_ERRNO;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&uData) != UNZ_OK)
+        err=UNZ_ERRNO;
+    else if ((err==UNZ_OK) && (uData!=s->cur_file_info.compression_method))
+        err=UNZ_BADZIPFILE;
+
+    if ((err==UNZ_OK) && (s->cur_file_info.compression_method!=0) &&
+/* #ifdef HAVE_BZIP2 */
+                         (s->cur_file_info.compression_method!=Z_BZIP2ED) &&
+/* #endif */
+                         (s->cur_file_info.compression_method!=Z_DEFLATED))
+        err=UNZ_BADZIPFILE;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uData) != UNZ_OK) /* date/time */
+        err=UNZ_ERRNO;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uData) != UNZ_OK) /* crc */
+        err=UNZ_ERRNO;
+    else if ((err==UNZ_OK) && (uData!=s->cur_file_info.crc) && ((uFlags & 8)==0))
+        err=UNZ_BADZIPFILE;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uData) != UNZ_OK) /* size compr */
+        err=UNZ_ERRNO;
+    else if (uData != 0xFFFFFFFF && (err==UNZ_OK) && (uData!=s->cur_file_info.compressed_size) && ((uFlags & 8)==0))
+        err=UNZ_BADZIPFILE;
+
+    if (unz64local_getLong(&s->z_filefunc, s->filestream,&uData) != UNZ_OK) /* size uncompr */
+        err=UNZ_ERRNO;
+    else if (uData != 0xFFFFFFFF && (err==UNZ_OK) && (uData!=s->cur_file_info.uncompressed_size) && ((uFlags & 8)==0))
+        err=UNZ_BADZIPFILE;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&size_filename) != UNZ_OK)
+        err=UNZ_ERRNO;
+    else if ((err==UNZ_OK) && (size_filename!=s->cur_file_info.size_filename))
+        err=UNZ_BADZIPFILE;
+
+    *piSizeVar += (uInt)size_filename;
+
+    if (unz64local_getShort(&s->z_filefunc, s->filestream,&size_extra_field) != UNZ_OK)
+        err=UNZ_ERRNO;
+    *poffset_local_extrafield= s->cur_file_info_internal.offset_curfile +
+                                    SIZEZIPLOCALHEADER + size_filename;
+    *psize_local_extrafield = (uInt)size_extra_field;
+
+    *piSizeVar += (uInt)size_extra_field;
+
+    return err;
+}
+
+/*
+  Open for reading data the current file in the zipfile.
+  If there is no error and the file is opened, the return value is UNZ_OK.
+*/
+extern int ZEXPORT unzOpenCurrentFile3(unzFile file, int* method,
+                                       int* level, int raw, const char* password) {
+    int err=UNZ_OK;
+    uInt iSizeVar;
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    ZPOS64_T offset_local_extrafield;  /* offset of the local extra field */
+    uInt  size_local_extrafield;    /* size of the local extra field */
+#    ifndef NOUNCRYPT
+    char source[12];
+#    else
+    if (password != NULL)
+        return UNZ_PARAMERROR;
+#    endif
+
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    if (!s->current_file_ok)
+        return UNZ_PARAMERROR;
+
+    if (s->pfile_in_zip_read != NULL)
+        unzCloseCurrentFile(file);
+
+    if (unz64local_CheckCurrentFileCoherencyHeader(s,&iSizeVar, &offset_local_extrafield,&size_local_extrafield)!=UNZ_OK)
+        return UNZ_BADZIPFILE;
+
+    pfile_in_zip_read_info = (file_in_zip64_read_info_s*)ALLOC(sizeof(file_in_zip64_read_info_s));
+    if (pfile_in_zip_read_info==NULL)
+        return UNZ_INTERNALERROR;
+
+    pfile_in_zip_read_info->read_buffer=(char*)ALLOC(UNZ_BUFSIZE);
+    pfile_in_zip_read_info->offset_local_extrafield = offset_local_extrafield;
+    pfile_in_zip_read_info->size_local_extrafield = size_local_extrafield;
+    pfile_in_zip_read_info->pos_local_extrafield=0;
+    pfile_in_zip_read_info->raw=raw;
+
+    if (pfile_in_zip_read_info->read_buffer==NULL)
+    {
+        free(pfile_in_zip_read_info);
+        return UNZ_INTERNALERROR;
+    }
+
+    pfile_in_zip_read_info->stream_initialised=0;
+
+    if (method!=NULL)
+        *method = (int)s->cur_file_info.compression_method;
+
+    if (level!=NULL)
+    {
+        *level = 6;
+        switch (s->cur_file_info.flag & 0x06)
+        {
+          case 6 : *level = 1; break;
+          case 4 : *level = 2; break;
+          case 2 : *level = 9; break;
+        }
+    }
+
+    if ((s->cur_file_info.compression_method!=0) &&
+/* #ifdef HAVE_BZIP2 */
+        (s->cur_file_info.compression_method!=Z_BZIP2ED) &&
+/* #endif */
+        (s->cur_file_info.compression_method!=Z_DEFLATED))
+
+        err=UNZ_BADZIPFILE;
+
+    pfile_in_zip_read_info->crc32_wait=s->cur_file_info.crc;
+    pfile_in_zip_read_info->crc32=0;
+    pfile_in_zip_read_info->total_out_64=0;
+    pfile_in_zip_read_info->compression_method = s->cur_file_info.compression_method;
+    pfile_in_zip_read_info->filestream=s->filestream;
+    pfile_in_zip_read_info->z_filefunc=s->z_filefunc;
+    pfile_in_zip_read_info->byte_before_the_zipfile=s->byte_before_the_zipfile;
+
+    pfile_in_zip_read_info->stream.total_out = 0;
+
+    if ((s->cur_file_info.compression_method==Z_BZIP2ED) && (!raw))
+    {
+#ifdef HAVE_BZIP2
+      pfile_in_zip_read_info->bstream.bzalloc = (void *(*) (void *, int, int))0;
+      pfile_in_zip_read_info->bstream.bzfree = (free_func)0;
+      pfile_in_zip_read_info->bstream.opaque = (voidpf)0;
+      pfile_in_zip_read_info->bstream.state = (voidpf)0;
+
+      pfile_in_zip_read_info->stream.zalloc = (alloc_func)0;
+      pfile_in_zip_read_info->stream.zfree = (free_func)0;
+      pfile_in_zip_read_info->stream.opaque = (voidpf)0;
+      pfile_in_zip_read_info->stream.next_in = (voidpf)0;
+      pfile_in_zip_read_info->stream.avail_in = 0;
+
+      err=BZ2_bzDecompressInit(&pfile_in_zip_read_info->bstream, 0, 0);
+      if (err == Z_OK)
+        pfile_in_zip_read_info->stream_initialised=Z_BZIP2ED;
+      else
+      {
+        free(pfile_in_zip_read_info->read_buffer);
+        free(pfile_in_zip_read_info);
+        return err;
+      }
+#else
+      pfile_in_zip_read_info->raw=1;
+#endif
+    }
+    else if ((s->cur_file_info.compression_method==Z_DEFLATED) && (!raw))
+    {
+      pfile_in_zip_read_info->stream.zalloc = (alloc_func)0;
+      pfile_in_zip_read_info->stream.zfree = (free_func)0;
+      pfile_in_zip_read_info->stream.opaque = (voidpf)0;
+      pfile_in_zip_read_info->stream.next_in = 0;
+      pfile_in_zip_read_info->stream.avail_in = 0;
+
+      err=inflateInit2(&pfile_in_zip_read_info->stream, -MAX_WBITS);
+      if (err == Z_OK)
+        pfile_in_zip_read_info->stream_initialised=Z_DEFLATED;
+      else
+      {
+        free(pfile_in_zip_read_info->read_buffer);
+        free(pfile_in_zip_read_info);
+        return err;
+      }
+        /* windowBits is passed < 0 to tell that there is no zlib header.
+         * Note that in this case inflate *requires* an extra "dummy" byte
+         * after the compressed stream in order to complete decompression and
+         * return Z_STREAM_END.
+         * In unzip, i don't wait absolutely Z_STREAM_END because I known the
+         * size of both compressed and uncompressed data
+         */
+    }
+    pfile_in_zip_read_info->rest_read_compressed =
+            s->cur_file_info.compressed_size ;
+    pfile_in_zip_read_info->rest_read_uncompressed =
+            s->cur_file_info.uncompressed_size ;
+
+
+    pfile_in_zip_read_info->pos_in_zipfile =
+            s->cur_file_info_internal.offset_curfile + SIZEZIPLOCALHEADER +
+              iSizeVar;
+
+    pfile_in_zip_read_info->stream.avail_in = (uInt)0;
+
+    s->pfile_in_zip_read = pfile_in_zip_read_info;
+                s->encrypted = 0;
+
+#    ifndef NOUNCRYPT
+    if (password != NULL)
+    {
+        int i;
+        s->pcrc_32_tab = get_crc_table();
+        init_keys(password,s->keys,s->pcrc_32_tab);
+        if (ZSEEK64(s->z_filefunc, s->filestream,
+                  s->pfile_in_zip_read->pos_in_zipfile +
+                     s->pfile_in_zip_read->byte_before_the_zipfile,
+                  SEEK_SET)!=0)
+            return UNZ_INTERNALERROR;
+        if(ZREAD64(s->z_filefunc, s->filestream,source, 12)<12)
+            return UNZ_INTERNALERROR;
+
+        for (i = 0; i<12; i++)
+            zdecode(s->keys,s->pcrc_32_tab,source[i]);
+
+        s->pfile_in_zip_read->pos_in_zipfile+=12;
+        s->encrypted=1;
+    }
+#    endif
+
+
+    return UNZ_OK;
+}
+
+extern int ZEXPORT unzOpenCurrentFile(unzFile file) {
+    return unzOpenCurrentFile3(file, NULL, NULL, 0, NULL);
+}
+
+extern int ZEXPORT unzOpenCurrentFilePassword(unzFile file, const char* password) {
+    return unzOpenCurrentFile3(file, NULL, NULL, 0, password);
+}
+
+extern int ZEXPORT unzOpenCurrentFile2(unzFile file, int* method, int* level, int raw) {
+    return unzOpenCurrentFile3(file, method, level, raw, NULL);
+}
+
+/** Addition for GDAL : START */
+
+extern ZPOS64_T ZEXPORT unzGetCurrentFileZStreamPos64(unzFile file) {
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    s=(unz64_s*)file;
+    if (file==NULL)
+        return 0; //UNZ_PARAMERROR;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+    if (pfile_in_zip_read_info==NULL)
+        return 0; //UNZ_PARAMERROR;
+    return pfile_in_zip_read_info->pos_in_zipfile +
+                         pfile_in_zip_read_info->byte_before_the_zipfile;
+}
+
+/** Addition for GDAL : END */
+
+/*
+  Read bytes from the current file.
+  buf contain buffer where data must be copied
+  len the size of buf.
+
+  return the number of byte copied if some bytes are copied
+  return 0 if the end of file was reached
+  return <0 with error code if there is an error
+    (UNZ_ERRNO for IO error, or zLib error for uncompress error)
+*/
+extern int ZEXPORT unzReadCurrentFile(unzFile file, voidp buf, unsigned len) {
+    int err=UNZ_OK;
+    uInt iRead = 0;
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+
+    if (pfile_in_zip_read_info==NULL)
+        return UNZ_PARAMERROR;
+
+
+    if (pfile_in_zip_read_info->read_buffer == NULL)
+        return UNZ_END_OF_LIST_OF_FILE;
+    if (len==0)
+        return 0;
+
+    pfile_in_zip_read_info->stream.next_out = (Bytef*)buf;
+
+    pfile_in_zip_read_info->stream.avail_out = (uInt)len;
+
+    if ((len>pfile_in_zip_read_info->rest_read_uncompressed) &&
+        (!(pfile_in_zip_read_info->raw)))
+        pfile_in_zip_read_info->stream.avail_out =
+            (uInt)pfile_in_zip_read_info->rest_read_uncompressed;
+
+    if ((len>pfile_in_zip_read_info->rest_read_compressed+
+           pfile_in_zip_read_info->stream.avail_in) &&
+         (pfile_in_zip_read_info->raw))
+        pfile_in_zip_read_info->stream.avail_out =
+            (uInt)pfile_in_zip_read_info->rest_read_compressed+
+            pfile_in_zip_read_info->stream.avail_in;
+
+    while (pfile_in_zip_read_info->stream.avail_out>0)
+    {
+        if ((pfile_in_zip_read_info->stream.avail_in==0) &&
+            (pfile_in_zip_read_info->rest_read_compressed>0))
+        {
+            uInt uReadThis = UNZ_BUFSIZE;
+            if (pfile_in_zip_read_info->rest_read_compressed<uReadThis)
+                uReadThis = (uInt)pfile_in_zip_read_info->rest_read_compressed;
+            if (uReadThis == 0)
+                return UNZ_EOF;
+            if (ZSEEK64(pfile_in_zip_read_info->z_filefunc,
+                      pfile_in_zip_read_info->filestream,
+                      pfile_in_zip_read_info->pos_in_zipfile +
+                         pfile_in_zip_read_info->byte_before_the_zipfile,
+                         ZLIB_FILEFUNC_SEEK_SET)!=0)
+                return UNZ_ERRNO;
+            if (ZREAD64(pfile_in_zip_read_info->z_filefunc,
+                      pfile_in_zip_read_info->filestream,
+                      pfile_in_zip_read_info->read_buffer,
+                      uReadThis)!=uReadThis)
+                return UNZ_ERRNO;
+
+
+#            ifndef NOUNCRYPT
+            if(s->encrypted)
+            {
+                uInt i;
+                for(i=0;i<uReadThis;i++)
+                  pfile_in_zip_read_info->read_buffer[i] =
+                      zdecode(s->keys,s->pcrc_32_tab,
+                              pfile_in_zip_read_info->read_buffer[i]);
+            }
+#            endif
+
+
+            pfile_in_zip_read_info->pos_in_zipfile += uReadThis;
+
+            pfile_in_zip_read_info->rest_read_compressed-=uReadThis;
+
+            pfile_in_zip_read_info->stream.next_in =
+                (Bytef*)pfile_in_zip_read_info->read_buffer;
+            pfile_in_zip_read_info->stream.avail_in = (uInt)uReadThis;
+        }
+
+        if ((pfile_in_zip_read_info->compression_method==0) || (pfile_in_zip_read_info->raw))
+        {
+            uInt uDoCopy,i ;
+
+            if ((pfile_in_zip_read_info->stream.avail_in == 0) &&
+                (pfile_in_zip_read_info->rest_read_compressed == 0))
+                return (iRead==0) ? UNZ_EOF : (int)iRead;
+
+            if (pfile_in_zip_read_info->stream.avail_out <
+                            pfile_in_zip_read_info->stream.avail_in)
+                uDoCopy = pfile_in_zip_read_info->stream.avail_out ;
+            else
+                uDoCopy = pfile_in_zip_read_info->stream.avail_in ;
+
+            for (i=0;i<uDoCopy;i++)
+                *(pfile_in_zip_read_info->stream.next_out+i) =
+                        *(pfile_in_zip_read_info->stream.next_in+i);
+
+            pfile_in_zip_read_info->total_out_64 = pfile_in_zip_read_info->total_out_64 + uDoCopy;
+
+            pfile_in_zip_read_info->crc32 = crc32(pfile_in_zip_read_info->crc32,
+                                pfile_in_zip_read_info->stream.next_out,
+                                uDoCopy);
+            pfile_in_zip_read_info->rest_read_uncompressed-=uDoCopy;
+            pfile_in_zip_read_info->stream.avail_in -= uDoCopy;
+            pfile_in_zip_read_info->stream.avail_out -= uDoCopy;
+            pfile_in_zip_read_info->stream.next_out += uDoCopy;
+            pfile_in_zip_read_info->stream.next_in += uDoCopy;
+            pfile_in_zip_read_info->stream.total_out += uDoCopy;
+            iRead += uDoCopy;
+        }
+        else if (pfile_in_zip_read_info->compression_method==Z_BZIP2ED)
+        {
+#ifdef HAVE_BZIP2
+            uLong uTotalOutBefore,uTotalOutAfter;
+            const Bytef *bufBefore;
+            uLong uOutThis;
+
+            pfile_in_zip_read_info->bstream.next_in        = (char*)pfile_in_zip_read_info->stream.next_in;
+            pfile_in_zip_read_info->bstream.avail_in       = pfile_in_zip_read_info->stream.avail_in;
+            pfile_in_zip_read_info->bstream.total_in_lo32  = pfile_in_zip_read_info->stream.total_in;
+            pfile_in_zip_read_info->bstream.total_in_hi32  = 0;
+            pfile_in_zip_read_info->bstream.next_out       = (char*)pfile_in_zip_read_info->stream.next_out;
+            pfile_in_zip_read_info->bstream.avail_out      = pfile_in_zip_read_info->stream.avail_out;
+            pfile_in_zip_read_info->bstream.total_out_lo32 = pfile_in_zip_read_info->stream.total_out;
+            pfile_in_zip_read_info->bstream.total_out_hi32 = 0;
+
+            uTotalOutBefore = pfile_in_zip_read_info->bstream.total_out_lo32;
+            bufBefore = (const Bytef *)pfile_in_zip_read_info->bstream.next_out;
+
+            err=BZ2_bzDecompress(&pfile_in_zip_read_info->bstream);
+
+            uTotalOutAfter = pfile_in_zip_read_info->bstream.total_out_lo32;
+            uOutThis = uTotalOutAfter-uTotalOutBefore;
+
+            pfile_in_zip_read_info->total_out_64 = pfile_in_zip_read_info->total_out_64 + uOutThis;
+
+            pfile_in_zip_read_info->crc32 = crc32(pfile_in_zip_read_info->crc32,bufBefore, (uInt)(uOutThis));
+            pfile_in_zip_read_info->rest_read_uncompressed -= uOutThis;
+            iRead += (uInt)(uTotalOutAfter - uTotalOutBefore);
+
+            pfile_in_zip_read_info->stream.next_in   = (Bytef*)pfile_in_zip_read_info->bstream.next_in;
+            pfile_in_zip_read_info->stream.avail_in  = pfile_in_zip_read_info->bstream.avail_in;
+            pfile_in_zip_read_info->stream.total_in  = pfile_in_zip_read_info->bstream.total_in_lo32;
+            pfile_in_zip_read_info->stream.next_out  = (Bytef*)pfile_in_zip_read_info->bstream.next_out;
+            pfile_in_zip_read_info->stream.avail_out = pfile_in_zip_read_info->bstream.avail_out;
+            pfile_in_zip_read_info->stream.total_out = pfile_in_zip_read_info->bstream.total_out_lo32;
+
+            if (err==BZ_STREAM_END)
+              return (iRead==0) ? UNZ_EOF : iRead;
+            if (err!=BZ_OK)
+              break;
+#endif
+        } // end Z_BZIP2ED
+        else
+        {
+            ZPOS64_T uTotalOutBefore,uTotalOutAfter;
+            const Bytef *bufBefore;
+            ZPOS64_T uOutThis;
+            int flush=Z_SYNC_FLUSH;
+
+            uTotalOutBefore = pfile_in_zip_read_info->stream.total_out;
+            bufBefore = pfile_in_zip_read_info->stream.next_out;
+
+            /*
+            if ((pfile_in_zip_read_info->rest_read_uncompressed ==
+                     pfile_in_zip_read_info->stream.avail_out) &&
+                (pfile_in_zip_read_info->rest_read_compressed == 0))
+                flush = Z_FINISH;
+            */
+            err=inflate(&pfile_in_zip_read_info->stream,flush);
+
+            if ((err>=0) && (pfile_in_zip_read_info->stream.msg!=NULL))
+              err = Z_DATA_ERROR;
+
+            uTotalOutAfter = pfile_in_zip_read_info->stream.total_out;
+            /* Detect overflow, because z_stream.total_out is uLong (32 bits) */
+            if (uTotalOutAfter<uTotalOutBefore)
+                uTotalOutAfter += 1LL << 32; /* Add maximum value of uLong + 1 */
+            uOutThis = uTotalOutAfter-uTotalOutBefore;
+
+            pfile_in_zip_read_info->total_out_64 = pfile_in_zip_read_info->total_out_64 + uOutThis;
+
+            pfile_in_zip_read_info->crc32 =
+                crc32(pfile_in_zip_read_info->crc32,bufBefore,
+                        (uInt)(uOutThis));
+
+            pfile_in_zip_read_info->rest_read_uncompressed -=
+                uOutThis;
+
+            iRead += (uInt)(uTotalOutAfter - uTotalOutBefore);
+
+            if (err==Z_STREAM_END)
+                return (iRead==0) ? UNZ_EOF : (int)iRead;
+            if (err!=Z_OK)
+                break;
+        }
+    }
+
+    if (err==Z_OK)
+        return (int)iRead;
+    return err;
+}
+
+
+/*
+  Give the current position in uncompressed data
+*/
+extern z_off_t ZEXPORT unztell(unzFile file) {
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+
+    if (pfile_in_zip_read_info==NULL)
+        return UNZ_PARAMERROR;
+
+    return (z_off_t)pfile_in_zip_read_info->stream.total_out;
+}
+
+extern ZPOS64_T ZEXPORT unztell64(unzFile file) {
+
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    if (file==NULL)
+        return (ZPOS64_T)-1;
+    s=(unz64_s*)file;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+
+    if (pfile_in_zip_read_info==NULL)
+        return (ZPOS64_T)-1;
+
+    return pfile_in_zip_read_info->total_out_64;
+}
+
+
+/*
+  return 1 if the end of file was reached, 0 elsewhere
+*/
+extern int ZEXPORT unzeof(unzFile file) {
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+
+    if (pfile_in_zip_read_info==NULL)
+        return UNZ_PARAMERROR;
+
+    if (pfile_in_zip_read_info->rest_read_uncompressed == 0)
+        return 1;
+    else
+        return 0;
+}
+
+
+
+/*
+Read extra field from the current file (opened by unzOpenCurrentFile)
+This is the local-header version of the extra field (sometimes, there is
+more info in the local-header version than in the central-header)
+
+  if buf==NULL, it return the size of the local extra field that can be read
+
+  if buf!=NULL, len is the size of the buffer, the extra header is copied in
+    buf.
+  the return value is the number of bytes copied in buf, or (if <0)
+    the error code
+*/
+extern int ZEXPORT unzGetLocalExtrafield(unzFile file, voidp buf, unsigned len) {
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    uInt read_now;
+    ZPOS64_T size_to_read;
+
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+
+    if (pfile_in_zip_read_info==NULL)
+        return UNZ_PARAMERROR;
+
+    size_to_read = (pfile_in_zip_read_info->size_local_extrafield -
+                pfile_in_zip_read_info->pos_local_extrafield);
+
+    if (buf==NULL)
+        return (int)size_to_read;
+
+    if (len>size_to_read)
+        read_now = (uInt)size_to_read;
+    else
+        read_now = (uInt)len ;
+
+    if (read_now==0)
+        return 0;
+
+    if (ZSEEK64(pfile_in_zip_read_info->z_filefunc,
+              pfile_in_zip_read_info->filestream,
+              pfile_in_zip_read_info->offset_local_extrafield +
+              pfile_in_zip_read_info->pos_local_extrafield,
+              ZLIB_FILEFUNC_SEEK_SET)!=0)
+        return UNZ_ERRNO;
+
+    if (ZREAD64(pfile_in_zip_read_info->z_filefunc,
+              pfile_in_zip_read_info->filestream,
+              buf,read_now)!=read_now)
+        return UNZ_ERRNO;
+
+    return (int)read_now;
+}
+
+/*
+  Close the file in zip opened with unzOpenCurrentFile
+  Return UNZ_CRCERROR if all the file was read but the CRC is not good
+*/
+extern int ZEXPORT unzCloseCurrentFile(unzFile file) {
+    int err=UNZ_OK;
+
+    unz64_s* s;
+    file_in_zip64_read_info_s* pfile_in_zip_read_info;
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    pfile_in_zip_read_info=s->pfile_in_zip_read;
+
+    if (pfile_in_zip_read_info==NULL)
+        return UNZ_PARAMERROR;
+
+
+    if ((pfile_in_zip_read_info->rest_read_uncompressed == 0) &&
+        (!pfile_in_zip_read_info->raw))
+    {
+        if (pfile_in_zip_read_info->crc32 != pfile_in_zip_read_info->crc32_wait)
+            err=UNZ_CRCERROR;
+    }
+
+
+    free(pfile_in_zip_read_info->read_buffer);
+    pfile_in_zip_read_info->read_buffer = NULL;
+    if (pfile_in_zip_read_info->stream_initialised == Z_DEFLATED)
+        inflateEnd(&pfile_in_zip_read_info->stream);
+#ifdef HAVE_BZIP2
+    else if (pfile_in_zip_read_info->stream_initialised == Z_BZIP2ED)
+        BZ2_bzDecompressEnd(&pfile_in_zip_read_info->bstream);
+#endif
+
+
+    pfile_in_zip_read_info->stream_initialised = 0;
+    free(pfile_in_zip_read_info);
+
+    s->pfile_in_zip_read=NULL;
+
+    return err;
+}
+
+
+/*
+  Get the global comment string of the ZipFile, in the szComment buffer.
+  uSizeBuf is the size of the szComment buffer.
+  return the number of byte copied or an error code <0
+*/
+extern int ZEXPORT unzGetGlobalComment(unzFile file, char * szComment, uLong uSizeBuf) {
+    unz64_s* s;
+    uLong uReadThis ;
+    if (file==NULL)
+        return (int)UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+
+    uReadThis = uSizeBuf;
+    if (uReadThis>s->gi.size_comment)
+        uReadThis = s->gi.size_comment;
+
+    if (ZSEEK64(s->z_filefunc,s->filestream,s->central_pos+22,ZLIB_FILEFUNC_SEEK_SET)!=0)
+        return UNZ_ERRNO;
+
+    if (uReadThis>0)
+    {
+      *szComment='\0';
+      if (ZREAD64(s->z_filefunc,s->filestream,szComment,uReadThis)!=uReadThis)
+        return UNZ_ERRNO;
+    }
+
+    if ((szComment != NULL) && (uSizeBuf > s->gi.size_comment))
+        *(szComment+s->gi.size_comment)='\0';
+    return (int)uReadThis;
+}
+
+/* Additions by RX '2004 */
+extern ZPOS64_T ZEXPORT unzGetOffset64(unzFile file) {
+    unz64_s* s;
+
+    if (file==NULL)
+          return 0; //UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+    if (!s->current_file_ok)
+      return 0;
+    if (s->gi.number_entry != 0 && s->gi.number_entry != 0xffff)
+      if (s->num_file==s->gi.number_entry)
+         return 0;
+    return s->pos_in_central_dir;
+}
+
+extern uLong ZEXPORT unzGetOffset(unzFile file) {
+    ZPOS64_T offset64;
+
+    if (file==NULL)
+          return 0; //UNZ_PARAMERROR;
+    offset64 = unzGetOffset64(file);
+    return (uLong)offset64;
+}
+
+extern int ZEXPORT unzSetOffset64(unzFile file, ZPOS64_T pos) {
+    unz64_s* s;
+    int err;
+
+    if (file==NULL)
+        return UNZ_PARAMERROR;
+    s=(unz64_s*)file;
+
+    s->pos_in_central_dir = pos;
+    s->num_file = s->gi.number_entry;      /* hack */
+    err = unz64local_GetCurrentFileInfoInternal(file,&s->cur_file_info,
+                                              &s->cur_file_info_internal,
+                                              NULL,0,NULL,0,NULL,0);
+    s->current_file_ok = (err == UNZ_OK);
+    return err;
+}
+
+extern int ZEXPORT unzSetOffset (unzFile file, uLong pos) {
+    return unzSetOffset64(file,pos);
+}
diff --git a/zlib-1.3.1/contrib/minizip/unzip.h b/zlib-1.3.1/contrib/minizip/unzip.h
new file mode 100644
index 00000000..5cfc9c62
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/unzip.h
@@ -0,0 +1,437 @@
+/* unzip.h -- IO for uncompress .zip files using zlib
+   Version 1.1, February 14h, 2010
+   part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications of Unzip for Zip64
+         Copyright (C) 2007-2008 Even Rouault
+
+         Modifications for Zip64 support on both zip and unzip
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+         ---------------------------------------------------------------------------------
+
+        Condition of use and distribution are the same than zlib :
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  ---------------------------------------------------------------------------------
+
+        Changes
+
+        See header of unzip64.c
+
+*/
+
+#ifndef _unz64_H
+#define _unz64_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef _ZLIB_H
+#include "zlib.h"
+#endif
+
+#ifndef  _ZLIBIOAPI_H
+#include "ioapi.h"
+#endif
+
+#ifdef HAVE_BZIP2
+#include "bzlib.h"
+#endif
+
+#define Z_BZIP2ED 12
+
+#if defined(STRICTUNZIP) || defined(STRICTZIPUNZIP)
+/* like the STRICT of WIN32, we define a pointer that cannot be converted
+    from (void*) without cast */
+typedef struct TagunzFile__ { int unused; } unzFile__;
+typedef unzFile__ *unzFile;
+#else
+typedef voidp unzFile;
+#endif
+
+
+#define UNZ_OK                          (0)
+#define UNZ_END_OF_LIST_OF_FILE         (-100)
+#define UNZ_ERRNO                       (Z_ERRNO)
+#define UNZ_EOF                         (0)
+#define UNZ_PARAMERROR                  (-102)
+#define UNZ_BADZIPFILE                  (-103)
+#define UNZ_INTERNALERROR               (-104)
+#define UNZ_CRCERROR                    (-105)
+
+/* tm_unz contain date/time info */
+typedef struct tm_unz_s
+{
+    int tm_sec;             /* seconds after the minute - [0,59] */
+    int tm_min;             /* minutes after the hour - [0,59] */
+    int tm_hour;            /* hours since midnight - [0,23] */
+    int tm_mday;            /* day of the month - [1,31] */
+    int tm_mon;             /* months since January - [0,11] */
+    int tm_year;            /* years - [1980..2044] */
+} tm_unz;
+
+/* unz_global_info structure contain global data about the ZIPfile
+   These data comes from the end of central dir */
+typedef struct unz_global_info64_s
+{
+    ZPOS64_T number_entry;         /* total number of entries in
+                                     the central dir on this disk */
+    uLong size_comment;         /* size of the global comment of the zipfile */
+} unz_global_info64;
+
+typedef struct unz_global_info_s
+{
+    uLong number_entry;         /* total number of entries in
+                                     the central dir on this disk */
+    uLong size_comment;         /* size of the global comment of the zipfile */
+} unz_global_info;
+
+/* unz_file_info contain information about a file in the zipfile */
+typedef struct unz_file_info64_s
+{
+    uLong version;              /* version made by                 2 bytes */
+    uLong version_needed;       /* version needed to extract       2 bytes */
+    uLong flag;                 /* general purpose bit flag        2 bytes */
+    uLong compression_method;   /* compression method              2 bytes */
+    uLong dosDate;              /* last mod file date in Dos fmt   4 bytes */
+    uLong crc;                  /* crc-32                          4 bytes */
+    ZPOS64_T compressed_size;   /* compressed size                 8 bytes */
+    ZPOS64_T uncompressed_size; /* uncompressed size               8 bytes */
+    uLong size_filename;        /* filename length                 2 bytes */
+    uLong size_file_extra;      /* extra field length              2 bytes */
+    uLong size_file_comment;    /* file comment length             2 bytes */
+
+    uLong disk_num_start;       /* disk number start               2 bytes */
+    uLong internal_fa;          /* internal file attributes        2 bytes */
+    uLong external_fa;          /* external file attributes        4 bytes */
+
+    tm_unz tmu_date;
+} unz_file_info64;
+
+typedef struct unz_file_info_s
+{
+    uLong version;              /* version made by                 2 bytes */
+    uLong version_needed;       /* version needed to extract       2 bytes */
+    uLong flag;                 /* general purpose bit flag        2 bytes */
+    uLong compression_method;   /* compression method              2 bytes */
+    uLong dosDate;              /* last mod file date in Dos fmt   4 bytes */
+    uLong crc;                  /* crc-32                          4 bytes */
+    uLong compressed_size;      /* compressed size                 4 bytes */
+    uLong uncompressed_size;    /* uncompressed size               4 bytes */
+    uLong size_filename;        /* filename length                 2 bytes */
+    uLong size_file_extra;      /* extra field length              2 bytes */
+    uLong size_file_comment;    /* file comment length             2 bytes */
+
+    uLong disk_num_start;       /* disk number start               2 bytes */
+    uLong internal_fa;          /* internal file attributes        2 bytes */
+    uLong external_fa;          /* external file attributes        4 bytes */
+
+    tm_unz tmu_date;
+} unz_file_info;
+
+extern int ZEXPORT unzStringFileNameCompare(const char* fileName1,
+                                            const char* fileName2,
+                                            int iCaseSensitivity);
+/*
+   Compare two filenames (fileName1,fileName2).
+   If iCaseSensitivity = 1, comparison is case sensitive (like strcmp)
+   If iCaseSensitivity = 2, comparison is not case sensitive (like strcmpi
+                                or strcasecmp)
+   If iCaseSensitivity = 0, case sensitivity is default of your operating system
+    (like 1 on Unix, 2 on Windows)
+*/
+
+
+extern unzFile ZEXPORT unzOpen(const char *path);
+extern unzFile ZEXPORT unzOpen64(const void *path);
+/*
+  Open a Zip file. path contain the full pathname (by example,
+     on a Windows XP computer "c:\\zlib\\zlib113.zip" or on an Unix computer
+     "zlib/zlib113.zip".
+     If the zipfile cannot be opened (file don't exist or in not valid), the
+       return value is NULL.
+     Else, the return value is a unzFile Handle, usable with other function
+       of this unzip package.
+     the "64" function take a const void* pointer, because the path is just the
+       value passed to the open64_file_func callback.
+     Under Windows, if UNICODE is defined, using fill_fopen64_filefunc, the path
+       is a pointer to a wide unicode string (LPCTSTR is LPCWSTR), so const char*
+       does not describe the reality
+*/
+
+
+extern unzFile ZEXPORT unzOpen2(const char *path,
+                                zlib_filefunc_def* pzlib_filefunc_def);
+/*
+   Open a Zip file, like unzOpen, but provide a set of file low level API
+      for read/write the zip file (see ioapi.h)
+*/
+
+extern unzFile ZEXPORT unzOpen2_64(const void *path,
+                                   zlib_filefunc64_def* pzlib_filefunc_def);
+/*
+   Open a Zip file, like unz64Open, but provide a set of file low level API
+      for read/write the zip file (see ioapi.h)
+*/
+
+extern int ZEXPORT unzClose(unzFile file);
+/*
+  Close a ZipFile opened with unzOpen.
+  If there is files inside the .Zip opened with unzOpenCurrentFile (see later),
+    these files MUST be closed with unzCloseCurrentFile before call unzClose.
+  return UNZ_OK if there is no problem. */
+
+extern int ZEXPORT unzGetGlobalInfo(unzFile file,
+                                    unz_global_info *pglobal_info);
+
+extern int ZEXPORT unzGetGlobalInfo64(unzFile file,
+                                      unz_global_info64 *pglobal_info);
+/*
+  Write info about the ZipFile in the *pglobal_info structure.
+  No preparation of the structure is needed
+  return UNZ_OK if there is no problem. */
+
+
+extern int ZEXPORT unzGetGlobalComment(unzFile file,
+                                       char *szComment,
+                                       uLong uSizeBuf);
+/*
+  Get the global comment string of the ZipFile, in the szComment buffer.
+  uSizeBuf is the size of the szComment buffer.
+  return the number of byte copied or an error code <0
+*/
+
+
+/***************************************************************************/
+/* Unzip package allow you browse the directory of the zipfile */
+
+extern int ZEXPORT unzGoToFirstFile(unzFile file);
+/*
+  Set the current file of the zipfile to the first file.
+  return UNZ_OK if there is no problem
+*/
+
+extern int ZEXPORT unzGoToNextFile(unzFile file);
+/*
+  Set the current file of the zipfile to the next file.
+  return UNZ_OK if there is no problem
+  return UNZ_END_OF_LIST_OF_FILE if the actual file was the latest.
+*/
+
+extern int ZEXPORT unzLocateFile(unzFile file,
+                                 const char *szFileName,
+                                 int iCaseSensitivity);
+/*
+  Try locate the file szFileName in the zipfile.
+  For the iCaseSensitivity signification, see unzStringFileNameCompare
+
+  return value :
+  UNZ_OK if the file is found. It becomes the current file.
+  UNZ_END_OF_LIST_OF_FILE if the file is not found
+*/
+
+
+/* ****************************************** */
+/* Ryan supplied functions */
+/* unz_file_info contain information about a file in the zipfile */
+typedef struct unz_file_pos_s
+{
+    uLong pos_in_zip_directory;   /* offset in zip file directory */
+    uLong num_of_file;            /* # of file */
+} unz_file_pos;
+
+extern int ZEXPORT unzGetFilePos(
+    unzFile file,
+    unz_file_pos* file_pos);
+
+extern int ZEXPORT unzGoToFilePos(
+    unzFile file,
+    unz_file_pos* file_pos);
+
+typedef struct unz64_file_pos_s
+{
+    ZPOS64_T pos_in_zip_directory;   /* offset in zip file directory */
+    ZPOS64_T num_of_file;            /* # of file */
+} unz64_file_pos;
+
+extern int ZEXPORT unzGetFilePos64(
+    unzFile file,
+    unz64_file_pos* file_pos);
+
+extern int ZEXPORT unzGoToFilePos64(
+    unzFile file,
+    const unz64_file_pos* file_pos);
+
+/* ****************************************** */
+
+extern int ZEXPORT unzGetCurrentFileInfo64(unzFile file,
+                                           unz_file_info64 *pfile_info,
+                                           char *szFileName,
+                                           uLong fileNameBufferSize,
+                                           void *extraField,
+                                           uLong extraFieldBufferSize,
+                                           char *szComment,
+                                           uLong commentBufferSize);
+
+extern int ZEXPORT unzGetCurrentFileInfo(unzFile file,
+                                         unz_file_info *pfile_info,
+                                         char *szFileName,
+                                         uLong fileNameBufferSize,
+                                         void *extraField,
+                                         uLong extraFieldBufferSize,
+                                         char *szComment,
+                                         uLong commentBufferSize);
+/*
+  Get Info about the current file
+  if pfile_info!=NULL, the *pfile_info structure will contain some info about
+        the current file
+  if szFileName!=NULL, the filename string will be copied in szFileName
+            (fileNameBufferSize is the size of the buffer)
+  if extraField!=NULL, the extra field information will be copied in extraField
+            (extraFieldBufferSize is the size of the buffer).
+            This is the Central-header version of the extra field
+  if szComment!=NULL, the comment string of the file will be copied in szComment
+            (commentBufferSize is the size of the buffer)
+*/
+
+
+/** Addition for GDAL : START */
+
+extern ZPOS64_T ZEXPORT unzGetCurrentFileZStreamPos64(unzFile file);
+
+/** Addition for GDAL : END */
+
+
+/***************************************************************************/
+/* for reading the content of the current zipfile, you can open it, read data
+   from it, and close it (you can close it before reading all the file)
+   */
+
+extern int ZEXPORT unzOpenCurrentFile(unzFile file);
+/*
+  Open for reading data the current file in the zipfile.
+  If there is no error, the return value is UNZ_OK.
+*/
+
+extern int ZEXPORT unzOpenCurrentFilePassword(unzFile file,
+                                              const char* password);
+/*
+  Open for reading data the current file in the zipfile.
+  password is a crypting password
+  If there is no error, the return value is UNZ_OK.
+*/
+
+extern int ZEXPORT unzOpenCurrentFile2(unzFile file,
+                                       int* method,
+                                       int* level,
+                                       int raw);
+/*
+  Same than unzOpenCurrentFile, but open for read raw the file (not uncompress)
+    if raw==1
+  *method will receive method of compression, *level will receive level of
+     compression
+  note : you can set level parameter as NULL (if you did not want known level,
+         but you CANNOT set method parameter as NULL
+*/
+
+extern int ZEXPORT unzOpenCurrentFile3(unzFile file,
+                                       int* method,
+                                       int* level,
+                                       int raw,
+                                       const char* password);
+/*
+  Same than unzOpenCurrentFile, but open for read raw the file (not uncompress)
+    if raw==1
+  *method will receive method of compression, *level will receive level of
+     compression
+  note : you can set level parameter as NULL (if you did not want known level,
+         but you CANNOT set method parameter as NULL
+*/
+
+
+extern int ZEXPORT unzCloseCurrentFile(unzFile file);
+/*
+  Close the file in zip opened with unzOpenCurrentFile
+  Return UNZ_CRCERROR if all the file was read but the CRC is not good
+*/
+
+extern int ZEXPORT unzReadCurrentFile(unzFile file,
+                                      voidp buf,
+                                      unsigned len);
+/*
+  Read bytes from the current file (opened by unzOpenCurrentFile)
+  buf contain buffer where data must be copied
+  len the size of buf.
+
+  return the number of byte copied if some bytes are copied
+  return 0 if the end of file was reached
+  return <0 with error code if there is an error
+    (UNZ_ERRNO for IO error, or zLib error for uncompress error)
+*/
+
+extern z_off_t ZEXPORT unztell(unzFile file);
+
+extern ZPOS64_T ZEXPORT unztell64(unzFile file);
+/*
+  Give the current position in uncompressed data
+*/
+
+extern int ZEXPORT unzeof(unzFile file);
+/*
+  return 1 if the end of file was reached, 0 elsewhere
+*/
+
+extern int ZEXPORT unzGetLocalExtrafield(unzFile file,
+                                         voidp buf,
+                                         unsigned len);
+/*
+  Read extra field from the current file (opened by unzOpenCurrentFile)
+  This is the local-header version of the extra field (sometimes, there is
+    more info in the local-header version than in the central-header)
+
+  if buf==NULL, it return the size of the local extra field
+
+  if buf!=NULL, len is the size of the buffer, the extra header is copied in
+    buf.
+  the return value is the number of bytes copied in buf, or (if <0)
+    the error code
+*/
+
+/***************************************************************************/
+
+/* Get the current file offset */
+extern ZPOS64_T ZEXPORT unzGetOffset64 (unzFile file);
+extern uLong ZEXPORT unzGetOffset (unzFile file);
+
+/* Set the current file offset */
+extern int ZEXPORT unzSetOffset64 (unzFile file, ZPOS64_T pos);
+extern int ZEXPORT unzSetOffset (unzFile file, uLong pos);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _unz64_H */
diff --git a/zlib-1.3.1/contrib/minizip/zip.c b/zlib-1.3.1/contrib/minizip/zip.c
new file mode 100644
index 00000000..60bdffac
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/zip.c
@@ -0,0 +1,1956 @@
+/* zip.c -- IO on .zip files using zlib
+   Version 1.1, February 14h, 2010
+   part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications for Zip64 support
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+         Changes
+   Oct-2009 - Mathias Svensson - Remove old C style function prototypes
+   Oct-2009 - Mathias Svensson - Added Zip64 Support when creating new file archives
+   Oct-2009 - Mathias Svensson - Did some code cleanup and refactoring to get better overview of some functions.
+   Oct-2009 - Mathias Svensson - Added zipRemoveExtraInfoBlock to strip extra field data from its ZIP64 data
+                                 It is used when recreating zip archive with RAW when deleting items from a zip.
+                                 ZIP64 data is automatically added to items that needs it, and existing ZIP64 data need to be removed.
+   Oct-2009 - Mathias Svensson - Added support for BZIP2 as compression mode (bzip2 lib is required)
+   Jan-2010 - back to unzip and minizip 1.0 name scheme, with compatibility layer
+
+*/
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <time.h>
+#include "zlib.h"
+#include "zip.h"
+
+#ifdef STDC
+#  include <stddef.h>
+#endif
+#ifdef NO_ERRNO_H
+    extern int errno;
+#else
+#   include <errno.h>
+#endif
+
+
+#ifndef local
+#  define local static
+#endif
+/* compile with -Dlocal if your debugger can't find static symbols */
+
+#ifndef VERSIONMADEBY
+# define VERSIONMADEBY   (0x0) /* platform dependent */
+#endif
+
+#ifndef Z_BUFSIZE
+#define Z_BUFSIZE (64*1024) //(16384)
+#endif
+
+#ifndef Z_MAXFILENAMEINZIP
+#define Z_MAXFILENAMEINZIP (256)
+#endif
+
+#ifndef ALLOC
+# define ALLOC(size) (malloc(size))
+#endif
+
+/*
+#define SIZECENTRALDIRITEM (0x2e)
+#define SIZEZIPLOCALHEADER (0x1e)
+*/
+
+/* I've found an old Unix (a SunOS 4.1.3_U1) without all SEEK_* defined.... */
+
+
+// NOT sure that this work on ALL platform
+#define MAKEULONG64(a, b) ((ZPOS64_T)(((unsigned long)(a)) | ((ZPOS64_T)((unsigned long)(b))) << 32))
+
+#ifndef SEEK_CUR
+#define SEEK_CUR    1
+#endif
+
+#ifndef SEEK_END
+#define SEEK_END    2
+#endif
+
+#ifndef SEEK_SET
+#define SEEK_SET    0
+#endif
+
+#ifndef DEF_MEM_LEVEL
+#if MAX_MEM_LEVEL >= 8
+#  define DEF_MEM_LEVEL 8
+#else
+#  define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#endif
+#endif
+const char zip_copyright[] =" zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll";
+
+
+#define SIZEDATA_INDATABLOCK (4096-(4*4))
+
+#define LOCALHEADERMAGIC    (0x04034b50)
+#define CENTRALHEADERMAGIC  (0x02014b50)
+#define ENDHEADERMAGIC      (0x06054b50)
+#define ZIP64ENDHEADERMAGIC      (0x6064b50)
+#define ZIP64ENDLOCHEADERMAGIC   (0x7064b50)
+
+#define FLAG_LOCALHEADER_OFFSET (0x06)
+#define CRC_LOCALHEADER_OFFSET  (0x0e)
+
+#define SIZECENTRALHEADER (0x2e) /* 46 */
+
+typedef struct linkedlist_datablock_internal_s
+{
+  struct linkedlist_datablock_internal_s* next_datablock;
+  uLong  avail_in_this_block;
+  uLong  filled_in_this_block;
+  uLong  unused; /* for future use and alignment */
+  unsigned char data[SIZEDATA_INDATABLOCK];
+} linkedlist_datablock_internal;
+
+typedef struct linkedlist_data_s
+{
+    linkedlist_datablock_internal* first_block;
+    linkedlist_datablock_internal* last_block;
+} linkedlist_data;
+
+
+typedef struct
+{
+    z_stream stream;            /* zLib stream structure for inflate */
+#ifdef HAVE_BZIP2
+    bz_stream bstream;          /* bzLib stream structure for bziped */
+#endif
+
+    int  stream_initialised;    /* 1 is stream is initialised */
+    uInt pos_in_buffered_data;  /* last written byte in buffered_data */
+
+    ZPOS64_T pos_local_header;     /* offset of the local header of the file
+                                     currently writing */
+    char* central_header;       /* central header data for the current file */
+    uLong size_centralExtra;
+    uLong size_centralheader;   /* size of the central header for cur file */
+    uLong size_centralExtraFree; /* Extra bytes allocated to the centralheader but that are not used */
+    uLong flag;                 /* flag of the file currently writing */
+
+    int  method;                /* compression method of file currently wr.*/
+    int  raw;                   /* 1 for directly writing raw data */
+    Byte buffered_data[Z_BUFSIZE];/* buffer contain compressed data to be writ*/
+    uLong dosDate;
+    uLong crc32;
+    int  encrypt;
+    int  zip64;               /* Add ZIP64 extended information in the extra field */
+    ZPOS64_T pos_zip64extrainfo;
+    ZPOS64_T totalCompressedData;
+    ZPOS64_T totalUncompressedData;
+#ifndef NOCRYPT
+    unsigned long keys[3];     /* keys defining the pseudo-random sequence */
+    const z_crc_t* pcrc_32_tab;
+    unsigned crypt_header_size;
+#endif
+} curfile64_info;
+
+typedef struct
+{
+    zlib_filefunc64_32_def z_filefunc;
+    voidpf filestream;        /* io structure of the zipfile */
+    linkedlist_data central_dir;/* datablock with central dir in construction*/
+    int  in_opened_file_inzip;  /* 1 if a file in the zip is currently writ.*/
+    curfile64_info ci;            /* info on the file currently writing */
+
+    ZPOS64_T begin_pos;            /* position of the beginning of the zipfile */
+    ZPOS64_T add_position_when_writing_offset;
+    ZPOS64_T number_entry;
+
+#ifndef NO_ADDFILEINEXISTINGZIP
+    char *globalcomment;
+#endif
+
+} zip64_internal;
+
+
+#ifndef NOCRYPT
+#define INCLUDECRYPTINGCODE_IFCRYPTALLOWED
+#include "crypt.h"
+#endif
+
+local linkedlist_datablock_internal* allocate_new_datablock(void) {
+    linkedlist_datablock_internal* ldi;
+    ldi = (linkedlist_datablock_internal*)
+                 ALLOC(sizeof(linkedlist_datablock_internal));
+    if (ldi!=NULL)
+    {
+        ldi->next_datablock = NULL ;
+        ldi->filled_in_this_block = 0 ;
+        ldi->avail_in_this_block = SIZEDATA_INDATABLOCK ;
+    }
+    return ldi;
+}
+
+local void free_datablock(linkedlist_datablock_internal* ldi) {
+    while (ldi!=NULL)
+    {
+        linkedlist_datablock_internal* ldinext = ldi->next_datablock;
+        free(ldi);
+        ldi = ldinext;
+    }
+}
+
+local void init_linkedlist(linkedlist_data* ll) {
+    ll->first_block = ll->last_block = NULL;
+}
+
+local void free_linkedlist(linkedlist_data* ll) {
+    free_datablock(ll->first_block);
+    ll->first_block = ll->last_block = NULL;
+}
+
+
+local int add_data_in_datablock(linkedlist_data* ll, const void* buf, uLong len) {
+    linkedlist_datablock_internal* ldi;
+    const unsigned char* from_copy;
+
+    if (ll==NULL)
+        return ZIP_INTERNALERROR;
+
+    if (ll->last_block == NULL)
+    {
+        ll->first_block = ll->last_block = allocate_new_datablock();
+        if (ll->first_block == NULL)
+            return ZIP_INTERNALERROR;
+    }
+
+    ldi = ll->last_block;
+    from_copy = (const unsigned char*)buf;
+
+    while (len>0)
+    {
+        uInt copy_this;
+        uInt i;
+        unsigned char* to_copy;
+
+        if (ldi->avail_in_this_block==0)
+        {
+            ldi->next_datablock = allocate_new_datablock();
+            if (ldi->next_datablock == NULL)
+                return ZIP_INTERNALERROR;
+            ldi = ldi->next_datablock ;
+            ll->last_block = ldi;
+        }
+
+        if (ldi->avail_in_this_block < len)
+            copy_this = (uInt)ldi->avail_in_this_block;
+        else
+            copy_this = (uInt)len;
+
+        to_copy = &(ldi->data[ldi->filled_in_this_block]);
+
+        for (i=0;i<copy_this;i++)
+            *(to_copy+i)=*(from_copy+i);
+
+        ldi->filled_in_this_block += copy_this;
+        ldi->avail_in_this_block -= copy_this;
+        from_copy += copy_this ;
+        len -= copy_this;
+    }
+    return ZIP_OK;
+}
+
+
+
+/****************************************************************************/
+
+#ifndef NO_ADDFILEINEXISTINGZIP
+/* ===========================================================================
+   Inputs a long in LSB order to the given file
+   nbByte == 1, 2 ,4 or 8 (byte, short or long, ZPOS64_T)
+*/
+
+local int zip64local_putValue(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream, ZPOS64_T x, int nbByte) {
+    unsigned char buf[8];
+    int n;
+    for (n = 0; n < nbByte; n++)
+    {
+        buf[n] = (unsigned char)(x & 0xff);
+        x >>= 8;
+    }
+    if (x != 0)
+      {     /* data overflow - hack for ZIP64 (X Roche) */
+      for (n = 0; n < nbByte; n++)
+        {
+          buf[n] = 0xff;
+        }
+      }
+
+    if (ZWRITE64(*pzlib_filefunc_def,filestream,buf,(uLong)nbByte)!=(uLong)nbByte)
+        return ZIP_ERRNO;
+    else
+        return ZIP_OK;
+}
+
+local void zip64local_putValue_inmemory (void* dest, ZPOS64_T x, int nbByte) {
+    unsigned char* buf=(unsigned char*)dest;
+    int n;
+    for (n = 0; n < nbByte; n++) {
+        buf[n] = (unsigned char)(x & 0xff);
+        x >>= 8;
+    }
+
+    if (x != 0)
+    {     /* data overflow - hack for ZIP64 */
+       for (n = 0; n < nbByte; n++)
+       {
+          buf[n] = 0xff;
+       }
+    }
+}
+
+/****************************************************************************/
+
+
+local uLong zip64local_TmzDateToDosDate(const tm_zip* ptm) {
+    uLong year = (uLong)ptm->tm_year;
+    if (year>=1980)
+        year-=1980;
+    else if (year>=80)
+        year-=80;
+    return
+      (uLong) (((uLong)(ptm->tm_mday) + (32 * (uLong)(ptm->tm_mon+1)) + (512 * year)) << 16) |
+        (((uLong)ptm->tm_sec/2) + (32 * (uLong)ptm->tm_min) + (2048 * (uLong)ptm->tm_hour));
+}
+
+
+/****************************************************************************/
+
+local int zip64local_getByte(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream, int* pi) {
+    unsigned char c;
+    int err = (int)ZREAD64(*pzlib_filefunc_def,filestream,&c,1);
+    if (err==1)
+    {
+        *pi = (int)c;
+        return ZIP_OK;
+    }
+    else
+    {
+        if (ZERROR64(*pzlib_filefunc_def,filestream))
+            return ZIP_ERRNO;
+        else
+            return ZIP_EOF;
+    }
+}
+
+
+/* ===========================================================================
+   Reads a long in LSB order from the given gz_stream. Sets
+*/
+local int zip64local_getShort(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream, uLong* pX) {
+    uLong x ;
+    int i = 0;
+    int err;
+
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+    x = (uLong)i;
+
+    if (err==ZIP_OK)
+        err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+    x += ((uLong)i)<<8;
+
+    if (err==ZIP_OK)
+        *pX = x;
+    else
+        *pX = 0;
+    return err;
+}
+
+local int zip64local_getLong(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream, uLong* pX) {
+    uLong x ;
+    int i = 0;
+    int err;
+
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+    x = (uLong)i;
+
+    if (err==ZIP_OK)
+        err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+    x += ((uLong)i)<<8;
+
+    if (err==ZIP_OK)
+        err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+    x += ((uLong)i)<<16;
+
+    if (err==ZIP_OK)
+        err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+    x += ((uLong)i)<<24;
+
+    if (err==ZIP_OK)
+        *pX = x;
+    else
+        *pX = 0;
+    return err;
+}
+
+
+local int zip64local_getLong64(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream, ZPOS64_T *pX) {
+  ZPOS64_T x;
+  int i = 0;
+  int err;
+
+  err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x = (ZPOS64_T)i;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<8;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<16;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<24;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<32;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<40;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<48;
+
+  if (err==ZIP_OK)
+    err = zip64local_getByte(pzlib_filefunc_def,filestream,&i);
+  x += ((ZPOS64_T)i)<<56;
+
+  if (err==ZIP_OK)
+    *pX = x;
+  else
+    *pX = 0;
+
+  return err;
+}
+
+#ifndef BUFREADCOMMENT
+#define BUFREADCOMMENT (0x400)
+#endif
+/*
+  Locate the Central directory of a zipfile (at the end, just before
+    the global comment)
+*/
+local ZPOS64_T zip64local_SearchCentralDir(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream) {
+  unsigned char* buf;
+  ZPOS64_T uSizeFile;
+  ZPOS64_T uBackRead;
+  ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */
+  ZPOS64_T uPosFound=0;
+
+  if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0)
+    return 0;
+
+
+  uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream);
+
+  if (uMaxBack>uSizeFile)
+    uMaxBack = uSizeFile;
+
+  buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4);
+  if (buf==NULL)
+    return 0;
+
+  uBackRead = 4;
+  while (uBackRead<uMaxBack)
+  {
+    uLong uReadSize;
+    ZPOS64_T uReadPos ;
+    int i;
+    if (uBackRead+BUFREADCOMMENT>uMaxBack)
+      uBackRead = uMaxBack;
+    else
+      uBackRead+=BUFREADCOMMENT;
+    uReadPos = uSizeFile-uBackRead ;
+
+    uReadSize = ((BUFREADCOMMENT+4) < (uSizeFile-uReadPos)) ?
+      (BUFREADCOMMENT+4) : (uLong)(uSizeFile-uReadPos);
+    if (ZSEEK64(*pzlib_filefunc_def,filestream,uReadPos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+      break;
+
+    if (ZREAD64(*pzlib_filefunc_def,filestream,buf,uReadSize)!=uReadSize)
+      break;
+
+    for (i=(int)uReadSize-3; (i--)>0;)
+      if (((*(buf+i))==0x50) && ((*(buf+i+1))==0x4b) &&
+        ((*(buf+i+2))==0x05) && ((*(buf+i+3))==0x06))
+      {
+        uPosFound = uReadPos+(unsigned)i;
+        break;
+      }
+
+    if (uPosFound!=0)
+      break;
+  }
+  free(buf);
+  return uPosFound;
+}
+
+/*
+Locate the End of Zip64 Central directory locator and from there find the CD of a zipfile (at the end, just before
+the global comment)
+*/
+local ZPOS64_T zip64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib_filefunc_def, voidpf filestream) {
+  unsigned char* buf;
+  ZPOS64_T uSizeFile;
+  ZPOS64_T uBackRead;
+  ZPOS64_T uMaxBack=0xffff; /* maximum size of global comment */
+  ZPOS64_T uPosFound=0;
+  uLong uL;
+  ZPOS64_T relativeOffset;
+
+  if (ZSEEK64(*pzlib_filefunc_def,filestream,0,ZLIB_FILEFUNC_SEEK_END) != 0)
+    return 0;
+
+  uSizeFile = ZTELL64(*pzlib_filefunc_def,filestream);
+
+  if (uMaxBack>uSizeFile)
+    uMaxBack = uSizeFile;
+
+  buf = (unsigned char*)ALLOC(BUFREADCOMMENT+4);
+  if (buf==NULL)
+    return 0;
+
+  uBackRead = 4;
+  while (uBackRead<uMaxBack)
+  {
+    uLong uReadSize;
+    ZPOS64_T uReadPos;
+    int i;
+    if (uBackRead+BUFREADCOMMENT>uMaxBack)
+      uBackRead = uMaxBack;
+    else
+      uBackRead+=BUFREADCOMMENT;
+    uReadPos = uSizeFile-uBackRead ;
+
+    uReadSize = ((BUFREADCOMMENT+4) < (uSizeFile-uReadPos)) ?
+      (BUFREADCOMMENT+4) : (uLong)(uSizeFile-uReadPos);
+    if (ZSEEK64(*pzlib_filefunc_def,filestream,uReadPos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+      break;
+
+    if (ZREAD64(*pzlib_filefunc_def,filestream,buf,uReadSize)!=uReadSize)
+      break;
+
+    for (i=(int)uReadSize-3; (i--)>0;)
+    {
+      // Signature "0x07064b50" Zip64 end of central directory locater
+      if (((*(buf+i))==0x50) && ((*(buf+i+1))==0x4b) && ((*(buf+i+2))==0x06) && ((*(buf+i+3))==0x07))
+      {
+        uPosFound = uReadPos+(unsigned)i;
+        break;
+      }
+    }
+
+      if (uPosFound!=0)
+        break;
+  }
+
+  free(buf);
+  if (uPosFound == 0)
+    return 0;
+
+  /* Zip64 end of central directory locator */
+  if (ZSEEK64(*pzlib_filefunc_def,filestream, uPosFound,ZLIB_FILEFUNC_SEEK_SET)!=0)
+    return 0;
+
+  /* the signature, already checked */
+  if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK)
+    return 0;
+
+  /* number of the disk with the start of the zip64 end of central directory */
+  if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK)
+    return 0;
+  if (uL != 0)
+    return 0;
+
+  /* relative offset of the zip64 end of central directory record */
+  if (zip64local_getLong64(pzlib_filefunc_def,filestream,&relativeOffset)!=ZIP_OK)
+    return 0;
+
+  /* total number of disks */
+  if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK)
+    return 0;
+  if (uL != 1)
+    return 0;
+
+  /* Goto Zip64 end of central directory record */
+  if (ZSEEK64(*pzlib_filefunc_def,filestream, relativeOffset,ZLIB_FILEFUNC_SEEK_SET)!=0)
+    return 0;
+
+  /* the signature */
+  if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK)
+    return 0;
+
+  if (uL != 0x06064b50) // signature of 'Zip64 end of central directory'
+    return 0;
+
+  return relativeOffset;
+}
+
+local int LoadCentralDirectoryRecord(zip64_internal* pziinit) {
+  int err=ZIP_OK;
+  ZPOS64_T byte_before_the_zipfile;/* byte before the zipfile, (>0 for sfx)*/
+
+  ZPOS64_T size_central_dir;     /* size of the central directory  */
+  ZPOS64_T offset_central_dir;   /* offset of start of central directory */
+  ZPOS64_T central_pos;
+  uLong uL;
+
+  uLong number_disk;          /* number of the current disk, used for
+                              spanning ZIP, unsupported, always 0*/
+  uLong number_disk_with_CD;  /* number of the disk with central dir, used
+                              for spanning ZIP, unsupported, always 0*/
+  ZPOS64_T number_entry;
+  ZPOS64_T number_entry_CD;      /* total number of entries in
+                                the central dir
+                                (same than number_entry on nospan) */
+  uLong VersionMadeBy;
+  uLong VersionNeeded;
+  uLong size_comment;
+
+  int hasZIP64Record = 0;
+
+  // check first if we find a ZIP64 record
+  central_pos = zip64local_SearchCentralDir64(&pziinit->z_filefunc,pziinit->filestream);
+  if(central_pos > 0)
+  {
+    hasZIP64Record = 1;
+  }
+  else if(central_pos == 0)
+  {
+    central_pos = zip64local_SearchCentralDir(&pziinit->z_filefunc,pziinit->filestream);
+  }
+
+/* disable to allow appending to empty ZIP archive
+        if (central_pos==0)
+            err=ZIP_ERRNO;
+*/
+
+  if(hasZIP64Record)
+  {
+    ZPOS64_T sizeEndOfCentralDirectory;
+    if (ZSEEK64(pziinit->z_filefunc, pziinit->filestream, central_pos, ZLIB_FILEFUNC_SEEK_SET) != 0)
+      err=ZIP_ERRNO;
+
+    /* the signature, already checked */
+    if (zip64local_getLong(&pziinit->z_filefunc, pziinit->filestream,&uL)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* size of zip64 end of central directory record */
+    if (zip64local_getLong64(&pziinit->z_filefunc, pziinit->filestream, &sizeEndOfCentralDirectory)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* version made by */
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream, &VersionMadeBy)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* version needed to extract */
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream, &VersionNeeded)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* number of this disk */
+    if (zip64local_getLong(&pziinit->z_filefunc, pziinit->filestream,&number_disk)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* number of the disk with the start of the central directory */
+    if (zip64local_getLong(&pziinit->z_filefunc, pziinit->filestream,&number_disk_with_CD)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* total number of entries in the central directory on this disk */
+    if (zip64local_getLong64(&pziinit->z_filefunc, pziinit->filestream, &number_entry)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* total number of entries in the central directory */
+    if (zip64local_getLong64(&pziinit->z_filefunc, pziinit->filestream,&number_entry_CD)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    if ((number_entry_CD!=number_entry) || (number_disk_with_CD!=0) || (number_disk!=0))
+      err=ZIP_BADZIPFILE;
+
+    /* size of the central directory */
+    if (zip64local_getLong64(&pziinit->z_filefunc, pziinit->filestream,&size_central_dir)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* offset of start of central directory with respect to the
+    starting disk number */
+    if (zip64local_getLong64(&pziinit->z_filefunc, pziinit->filestream,&offset_central_dir)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    // TODO..
+    // read the comment from the standard central header.
+    size_comment = 0;
+  }
+  else
+  {
+    // Read End of central Directory info
+    if (ZSEEK64(pziinit->z_filefunc, pziinit->filestream, central_pos,ZLIB_FILEFUNC_SEEK_SET)!=0)
+      err=ZIP_ERRNO;
+
+    /* the signature, already checked */
+    if (zip64local_getLong(&pziinit->z_filefunc, pziinit->filestream,&uL)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* number of this disk */
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream,&number_disk)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* number of the disk with the start of the central directory */
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream,&number_disk_with_CD)!=ZIP_OK)
+      err=ZIP_ERRNO;
+
+    /* total number of entries in the central dir on this disk */
+    number_entry = 0;
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream, &uL)!=ZIP_OK)
+      err=ZIP_ERRNO;
+    else
+      number_entry = uL;
+
+    /* total number of entries in the central dir */
+    number_entry_CD = 0;
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream, &uL)!=ZIP_OK)
+      err=ZIP_ERRNO;
+    else
+      number_entry_CD = uL;
+
+    if ((number_entry_CD!=number_entry) || (number_disk_with_CD!=0) || (number_disk!=0))
+      err=ZIP_BADZIPFILE;
+
+    /* size of the central directory */
+    size_central_dir = 0;
+    if (zip64local_getLong(&pziinit->z_filefunc, pziinit->filestream, &uL)!=ZIP_OK)
+      err=ZIP_ERRNO;
+    else
+      size_central_dir = uL;
+
+    /* offset of start of central directory with respect to the starting disk number */
+    offset_central_dir = 0;
+    if (zip64local_getLong(&pziinit->z_filefunc, pziinit->filestream, &uL)!=ZIP_OK)
+      err=ZIP_ERRNO;
+    else
+      offset_central_dir = uL;
+
+
+    /* zipfile global comment length */
+    if (zip64local_getShort(&pziinit->z_filefunc, pziinit->filestream, &size_comment)!=ZIP_OK)
+      err=ZIP_ERRNO;
+  }
+
+  if ((central_pos<offset_central_dir+size_central_dir) &&
+    (err==ZIP_OK))
+    err=ZIP_BADZIPFILE;
+
+  if (err!=ZIP_OK)
+  {
+    ZCLOSE64(pziinit->z_filefunc, pziinit->filestream);
+    return ZIP_ERRNO;
+  }
+
+  if (size_comment>0)
+  {
+    pziinit->globalcomment = (char*)ALLOC(size_comment+1);
+    if (pziinit->globalcomment)
+    {
+      size_comment = ZREAD64(pziinit->z_filefunc, pziinit->filestream, pziinit->globalcomment,size_comment);
+      pziinit->globalcomment[size_comment]=0;
+    }
+  }
+
+  byte_before_the_zipfile = central_pos - (offset_central_dir+size_central_dir);
+  pziinit->add_position_when_writing_offset = byte_before_the_zipfile;
+
+  {
+    ZPOS64_T size_central_dir_to_read = size_central_dir;
+    size_t buf_size = SIZEDATA_INDATABLOCK;
+    void* buf_read = (void*)ALLOC(buf_size);
+    if (ZSEEK64(pziinit->z_filefunc, pziinit->filestream, offset_central_dir + byte_before_the_zipfile, ZLIB_FILEFUNC_SEEK_SET) != 0)
+      err=ZIP_ERRNO;
+
+    while ((size_central_dir_to_read>0) && (err==ZIP_OK))
+    {
+      ZPOS64_T read_this = SIZEDATA_INDATABLOCK;
+      if (read_this > size_central_dir_to_read)
+        read_this = size_central_dir_to_read;
+
+      if (ZREAD64(pziinit->z_filefunc, pziinit->filestream,buf_read,(uLong)read_this) != read_this)
+        err=ZIP_ERRNO;
+
+      if (err==ZIP_OK)
+        err = add_data_in_datablock(&pziinit->central_dir,buf_read, (uLong)read_this);
+
+      size_central_dir_to_read-=read_this;
+    }
+    free(buf_read);
+  }
+  pziinit->begin_pos = byte_before_the_zipfile;
+  pziinit->number_entry = number_entry_CD;
+
+  if (ZSEEK64(pziinit->z_filefunc, pziinit->filestream, offset_central_dir+byte_before_the_zipfile,ZLIB_FILEFUNC_SEEK_SET) != 0)
+    err=ZIP_ERRNO;
+
+  return err;
+}
+
+
+#endif /* !NO_ADDFILEINEXISTINGZIP*/
+
+
+/************************************************************/
+extern zipFile ZEXPORT zipOpen3(const void *pathname, int append, zipcharpc* globalcomment, zlib_filefunc64_32_def* pzlib_filefunc64_32_def) {
+    zip64_internal ziinit;
+    zip64_internal* zi;
+    int err=ZIP_OK;
+
+    ziinit.z_filefunc.zseek32_file = NULL;
+    ziinit.z_filefunc.ztell32_file = NULL;
+    if (pzlib_filefunc64_32_def==NULL)
+        fill_fopen64_filefunc(&ziinit.z_filefunc.zfile_func64);
+    else
+        ziinit.z_filefunc = *pzlib_filefunc64_32_def;
+
+    ziinit.filestream = ZOPEN64(ziinit.z_filefunc,
+                  pathname,
+                  (append == APPEND_STATUS_CREATE) ?
+                  (ZLIB_FILEFUNC_MODE_READ | ZLIB_FILEFUNC_MODE_WRITE | ZLIB_FILEFUNC_MODE_CREATE) :
+                    (ZLIB_FILEFUNC_MODE_READ | ZLIB_FILEFUNC_MODE_WRITE | ZLIB_FILEFUNC_MODE_EXISTING));
+
+    if (ziinit.filestream == NULL)
+        return NULL;
+
+    if (append == APPEND_STATUS_CREATEAFTER)
+        ZSEEK64(ziinit.z_filefunc,ziinit.filestream,0,SEEK_END);
+
+    ziinit.begin_pos = ZTELL64(ziinit.z_filefunc,ziinit.filestream);
+    ziinit.in_opened_file_inzip = 0;
+    ziinit.ci.stream_initialised = 0;
+    ziinit.number_entry = 0;
+    ziinit.add_position_when_writing_offset = 0;
+    init_linkedlist(&(ziinit.central_dir));
+
+
+
+    zi = (zip64_internal*)ALLOC(sizeof(zip64_internal));
+    if (zi==NULL)
+    {
+        ZCLOSE64(ziinit.z_filefunc,ziinit.filestream);
+        return NULL;
+    }
+
+    /* now we add file in a zipfile */
+#    ifndef NO_ADDFILEINEXISTINGZIP
+    ziinit.globalcomment = NULL;
+    if (append == APPEND_STATUS_ADDINZIP)
+    {
+      // Read and Cache Central Directory Records
+      err = LoadCentralDirectoryRecord(&ziinit);
+    }
+
+    if (globalcomment)
+    {
+      *globalcomment = ziinit.globalcomment;
+    }
+#    endif /* !NO_ADDFILEINEXISTINGZIP*/
+
+    if (err != ZIP_OK)
+    {
+#    ifndef NO_ADDFILEINEXISTINGZIP
+        free(ziinit.globalcomment);
+#    endif /* !NO_ADDFILEINEXISTINGZIP*/
+        free(zi);
+        return NULL;
+    }
+    else
+    {
+        *zi = ziinit;
+        return (zipFile)zi;
+    }
+}
+
+extern zipFile ZEXPORT zipOpen2(const char *pathname, int append, zipcharpc* globalcomment, zlib_filefunc_def* pzlib_filefunc32_def) {
+    if (pzlib_filefunc32_def != NULL)
+    {
+        zlib_filefunc64_32_def zlib_filefunc64_32_def_fill;
+        fill_zlib_filefunc64_32_def_from_filefunc32(&zlib_filefunc64_32_def_fill,pzlib_filefunc32_def);
+        return zipOpen3(pathname, append, globalcomment, &zlib_filefunc64_32_def_fill);
+    }
+    else
+        return zipOpen3(pathname, append, globalcomment, NULL);
+}
+
+extern zipFile ZEXPORT zipOpen2_64(const void *pathname, int append, zipcharpc* globalcomment, zlib_filefunc64_def* pzlib_filefunc_def) {
+    if (pzlib_filefunc_def != NULL)
+    {
+        zlib_filefunc64_32_def zlib_filefunc64_32_def_fill;
+        zlib_filefunc64_32_def_fill.zfile_func64 = *pzlib_filefunc_def;
+        zlib_filefunc64_32_def_fill.ztell32_file = NULL;
+        zlib_filefunc64_32_def_fill.zseek32_file = NULL;
+        return zipOpen3(pathname, append, globalcomment, &zlib_filefunc64_32_def_fill);
+    }
+    else
+        return zipOpen3(pathname, append, globalcomment, NULL);
+}
+
+
+
+extern zipFile ZEXPORT zipOpen(const char* pathname, int append) {
+    return zipOpen3((const void*)pathname,append,NULL,NULL);
+}
+
+extern zipFile ZEXPORT zipOpen64(const void* pathname, int append) {
+    return zipOpen3(pathname,append,NULL,NULL);
+}
+
+local int Write_LocalFileHeader(zip64_internal* zi, const char* filename, uInt size_extrafield_local, const void* extrafield_local) {
+  /* write the local header */
+  int err;
+  uInt size_filename = (uInt)strlen(filename);
+  uInt size_extrafield = size_extrafield_local;
+
+  err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)LOCALHEADERMAGIC, 4);
+
+  if (err==ZIP_OK)
+  {
+    if(zi->ci.zip64)
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)45,2);/* version needed to extract */
+    else
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)20,2);/* version needed to extract */
+  }
+
+  if (err==ZIP_OK)
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->ci.flag,2);
+
+  if (err==ZIP_OK)
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->ci.method,2);
+
+  if (err==ZIP_OK)
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->ci.dosDate,4);
+
+  // CRC / Compressed size / Uncompressed size will be filled in later and rewritten later
+  if (err==ZIP_OK)
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4); /* crc 32, unknown */
+  if (err==ZIP_OK)
+  {
+    if(zi->ci.zip64)
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xFFFFFFFF,4); /* compressed size, unknown */
+    else
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4); /* compressed size, unknown */
+  }
+  if (err==ZIP_OK)
+  {
+    if(zi->ci.zip64)
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xFFFFFFFF,4); /* uncompressed size, unknown */
+    else
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4); /* uncompressed size, unknown */
+  }
+
+  if (err==ZIP_OK)
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)size_filename,2);
+
+  if(zi->ci.zip64)
+  {
+    size_extrafield += 20;
+  }
+
+  if (err==ZIP_OK)
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)size_extrafield,2);
+
+  if ((err==ZIP_OK) && (size_filename > 0))
+  {
+    if (ZWRITE64(zi->z_filefunc,zi->filestream,filename,size_filename)!=size_filename)
+      err = ZIP_ERRNO;
+  }
+
+  if ((err==ZIP_OK) && (size_extrafield_local > 0))
+  {
+    if (ZWRITE64(zi->z_filefunc, zi->filestream, extrafield_local, size_extrafield_local) != size_extrafield_local)
+      err = ZIP_ERRNO;
+  }
+
+
+  if ((err==ZIP_OK) && (zi->ci.zip64))
+  {
+      // write the Zip64 extended info
+      short HeaderID = 1;
+      short DataSize = 16;
+      ZPOS64_T CompressedSize = 0;
+      ZPOS64_T UncompressedSize = 0;
+
+      // Remember position of Zip64 extended info for the local file header. (needed when we update size after done with file)
+      zi->ci.pos_zip64extrainfo = ZTELL64(zi->z_filefunc,zi->filestream);
+
+      err = zip64local_putValue(&zi->z_filefunc, zi->filestream, (ZPOS64_T)HeaderID,2);
+      err = zip64local_putValue(&zi->z_filefunc, zi->filestream, (ZPOS64_T)DataSize,2);
+
+      err = zip64local_putValue(&zi->z_filefunc, zi->filestream, (ZPOS64_T)UncompressedSize,8);
+      err = zip64local_putValue(&zi->z_filefunc, zi->filestream, (ZPOS64_T)CompressedSize,8);
+  }
+
+  return err;
+}
+
+/*
+ NOTE.
+ When writing RAW the ZIP64 extended information in extrafield_local and extrafield_global needs to be stripped
+ before calling this function it can be done with zipRemoveExtraInfoBlock
+
+ It is not done here because then we need to realloc a new buffer since parameters are 'const' and I want to minimize
+ unnecessary allocations.
+ */
+extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                           const void* extrafield_local, uInt size_extrafield_local,
+                                           const void* extrafield_global, uInt size_extrafield_global,
+                                           const char* comment, int method, int level, int raw,
+                                           int windowBits,int memLevel, int strategy,
+                                           const char* password, uLong crcForCrypting,
+                                           uLong versionMadeBy, uLong flagBase, int zip64) {
+    zip64_internal* zi;
+    uInt size_filename;
+    uInt size_comment;
+    uInt i;
+    int err = ZIP_OK;
+
+#    ifdef NOCRYPT
+    (crcForCrypting);
+    if (password != NULL)
+        return ZIP_PARAMERROR;
+#    endif
+
+    if (file == NULL)
+        return ZIP_PARAMERROR;
+
+#ifdef HAVE_BZIP2
+    if ((method!=0) && (method!=Z_DEFLATED) && (method!=Z_BZIP2ED))
+      return ZIP_PARAMERROR;
+#else
+    if ((method!=0) && (method!=Z_DEFLATED))
+      return ZIP_PARAMERROR;
+#endif
+
+    // The filename and comment length must fit in 16 bits.
+    if ((filename!=NULL) && (strlen(filename)>0xffff))
+        return ZIP_PARAMERROR;
+    if ((comment!=NULL) && (strlen(comment)>0xffff))
+        return ZIP_PARAMERROR;
+    // The extra field length must fit in 16 bits. If the member also requires
+    // a Zip64 extra block, that will also need to fit within that 16-bit
+    // length, but that will be checked for later.
+    if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
+        return ZIP_PARAMERROR;
+
+    zi = (zip64_internal*)file;
+
+    if (zi->in_opened_file_inzip == 1)
+    {
+        err = zipCloseFileInZip (file);
+        if (err != ZIP_OK)
+            return err;
+    }
+
+    if (filename==NULL)
+        filename="-";
+
+    if (comment==NULL)
+        size_comment = 0;
+    else
+        size_comment = (uInt)strlen(comment);
+
+    size_filename = (uInt)strlen(filename);
+
+    if (zipfi == NULL)
+        zi->ci.dosDate = 0;
+    else
+    {
+        if (zipfi->dosDate != 0)
+            zi->ci.dosDate = zipfi->dosDate;
+        else
+          zi->ci.dosDate = zip64local_TmzDateToDosDate(&zipfi->tmz_date);
+    }
+
+    zi->ci.flag = flagBase;
+    if ((level==8) || (level==9))
+      zi->ci.flag |= 2;
+    if (level==2)
+      zi->ci.flag |= 4;
+    if (level==1)
+      zi->ci.flag |= 6;
+    if (password != NULL)
+      zi->ci.flag |= 1;
+
+    zi->ci.crc32 = 0;
+    zi->ci.method = method;
+    zi->ci.encrypt = 0;
+    zi->ci.stream_initialised = 0;
+    zi->ci.pos_in_buffered_data = 0;
+    zi->ci.raw = raw;
+    zi->ci.pos_local_header = ZTELL64(zi->z_filefunc,zi->filestream);
+
+    zi->ci.size_centralheader = SIZECENTRALHEADER + size_filename + size_extrafield_global + size_comment;
+    zi->ci.size_centralExtraFree = 32; // Extra space we have reserved in case we need to add ZIP64 extra info data
+
+    zi->ci.central_header = (char*)ALLOC((uInt)zi->ci.size_centralheader + zi->ci.size_centralExtraFree);
+
+    zi->ci.size_centralExtra = size_extrafield_global;
+    zip64local_putValue_inmemory(zi->ci.central_header,(uLong)CENTRALHEADERMAGIC,4);
+    /* version info */
+    zip64local_putValue_inmemory(zi->ci.central_header+4,(uLong)versionMadeBy,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+6,(uLong)20,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+8,(uLong)zi->ci.flag,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+10,(uLong)zi->ci.method,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+12,(uLong)zi->ci.dosDate,4);
+    zip64local_putValue_inmemory(zi->ci.central_header+16,(uLong)0,4); /*crc*/
+    zip64local_putValue_inmemory(zi->ci.central_header+20,(uLong)0,4); /*compr size*/
+    zip64local_putValue_inmemory(zi->ci.central_header+24,(uLong)0,4); /*uncompr size*/
+    zip64local_putValue_inmemory(zi->ci.central_header+28,(uLong)size_filename,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+30,(uLong)size_extrafield_global,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+32,(uLong)size_comment,2);
+    zip64local_putValue_inmemory(zi->ci.central_header+34,(uLong)0,2); /*disk nm start*/
+
+    if (zipfi==NULL)
+        zip64local_putValue_inmemory(zi->ci.central_header+36,(uLong)0,2);
+    else
+        zip64local_putValue_inmemory(zi->ci.central_header+36,(uLong)zipfi->internal_fa,2);
+
+    if (zipfi==NULL)
+        zip64local_putValue_inmemory(zi->ci.central_header+38,(uLong)0,4);
+    else
+        zip64local_putValue_inmemory(zi->ci.central_header+38,(uLong)zipfi->external_fa,4);
+
+    if(zi->ci.pos_local_header >= 0xffffffff)
+      zip64local_putValue_inmemory(zi->ci.central_header+42,(uLong)0xffffffff,4);
+    else
+      zip64local_putValue_inmemory(zi->ci.central_header+42,(uLong)zi->ci.pos_local_header - zi->add_position_when_writing_offset,4);
+
+    for (i=0;i<size_filename;i++)
+        *(zi->ci.central_header+SIZECENTRALHEADER+i) = *(filename+i);
+
+    for (i=0;i<size_extrafield_global;i++)
+        *(zi->ci.central_header+SIZECENTRALHEADER+size_filename+i) =
+              *(((const char*)extrafield_global)+i);
+
+    for (i=0;i<size_comment;i++)
+        *(zi->ci.central_header+SIZECENTRALHEADER+size_filename+
+              size_extrafield_global+i) = *(comment+i);
+    if (zi->ci.central_header == NULL)
+        return ZIP_INTERNALERROR;
+
+    zi->ci.zip64 = zip64;
+    zi->ci.totalCompressedData = 0;
+    zi->ci.totalUncompressedData = 0;
+    zi->ci.pos_zip64extrainfo = 0;
+
+    err = Write_LocalFileHeader(zi, filename, size_extrafield_local, extrafield_local);
+
+#ifdef HAVE_BZIP2
+    zi->ci.bstream.avail_in = (uInt)0;
+    zi->ci.bstream.avail_out = (uInt)Z_BUFSIZE;
+    zi->ci.bstream.next_out = (char*)zi->ci.buffered_data;
+    zi->ci.bstream.total_in_hi32 = 0;
+    zi->ci.bstream.total_in_lo32 = 0;
+    zi->ci.bstream.total_out_hi32 = 0;
+    zi->ci.bstream.total_out_lo32 = 0;
+#endif
+
+    zi->ci.stream.avail_in = (uInt)0;
+    zi->ci.stream.avail_out = (uInt)Z_BUFSIZE;
+    zi->ci.stream.next_out = zi->ci.buffered_data;
+    zi->ci.stream.total_in = 0;
+    zi->ci.stream.total_out = 0;
+    zi->ci.stream.data_type = Z_BINARY;
+
+#ifdef HAVE_BZIP2
+    if ((err==ZIP_OK) && (zi->ci.method == Z_DEFLATED || zi->ci.method == Z_BZIP2ED) && (!zi->ci.raw))
+#else
+    if ((err==ZIP_OK) && (zi->ci.method == Z_DEFLATED) && (!zi->ci.raw))
+#endif
+    {
+        if(zi->ci.method == Z_DEFLATED)
+        {
+          zi->ci.stream.zalloc = (alloc_func)0;
+          zi->ci.stream.zfree = (free_func)0;
+          zi->ci.stream.opaque = (voidpf)0;
+
+          if (windowBits>0)
+              windowBits = -windowBits;
+
+          err = deflateInit2(&zi->ci.stream, level, Z_DEFLATED, windowBits, memLevel, strategy);
+
+          if (err==Z_OK)
+              zi->ci.stream_initialised = Z_DEFLATED;
+        }
+        else if(zi->ci.method == Z_BZIP2ED)
+        {
+#ifdef HAVE_BZIP2
+            // Init BZip stuff here
+          zi->ci.bstream.bzalloc = 0;
+          zi->ci.bstream.bzfree = 0;
+          zi->ci.bstream.opaque = (voidpf)0;
+
+          err = BZ2_bzCompressInit(&zi->ci.bstream, level, 0,35);
+          if(err == BZ_OK)
+            zi->ci.stream_initialised = Z_BZIP2ED;
+#endif
+        }
+
+    }
+
+#    ifndef NOCRYPT
+    zi->ci.crypt_header_size = 0;
+    if ((err==Z_OK) && (password != NULL))
+    {
+        unsigned char bufHead[RAND_HEAD_LEN];
+        unsigned int sizeHead;
+        zi->ci.encrypt = 1;
+        zi->ci.pcrc_32_tab = get_crc_table();
+        /*init_keys(password,zi->ci.keys,zi->ci.pcrc_32_tab);*/
+
+        sizeHead=crypthead(password,bufHead,RAND_HEAD_LEN,zi->ci.keys,zi->ci.pcrc_32_tab,crcForCrypting);
+        zi->ci.crypt_header_size = sizeHead;
+
+        if (ZWRITE64(zi->z_filefunc,zi->filestream,bufHead,sizeHead) != sizeHead)
+                err = ZIP_ERRNO;
+    }
+#    endif
+
+    if (err==Z_OK)
+        zi->in_opened_file_inzip = 1;
+    return err;
+}
+
+extern int ZEXPORT zipOpenNewFileInZip4(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                        const void* extrafield_local, uInt size_extrafield_local,
+                                        const void* extrafield_global, uInt size_extrafield_global,
+                                        const char* comment, int method, int level, int raw,
+                                        int windowBits,int memLevel, int strategy,
+                                        const char* password, uLong crcForCrypting,
+                                        uLong versionMadeBy, uLong flagBase) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, raw,
+                                   windowBits, memLevel, strategy,
+                                   password, crcForCrypting, versionMadeBy, flagBase, 0);
+}
+
+extern int ZEXPORT zipOpenNewFileInZip3(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                        const void* extrafield_local, uInt size_extrafield_local,
+                                        const void* extrafield_global, uInt size_extrafield_global,
+                                        const char* comment, int method, int level, int raw,
+                                        int windowBits,int memLevel, int strategy,
+                                        const char* password, uLong crcForCrypting) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, raw,
+                                   windowBits, memLevel, strategy,
+                                   password, crcForCrypting, VERSIONMADEBY, 0, 0);
+}
+
+extern int ZEXPORT zipOpenNewFileInZip3_64(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                         const void* extrafield_local, uInt size_extrafield_local,
+                                         const void* extrafield_global, uInt size_extrafield_global,
+                                         const char* comment, int method, int level, int raw,
+                                         int windowBits,int memLevel, int strategy,
+                                         const char* password, uLong crcForCrypting, int zip64) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, raw,
+                                   windowBits, memLevel, strategy,
+                                   password, crcForCrypting, VERSIONMADEBY, 0, zip64);
+}
+
+extern int ZEXPORT zipOpenNewFileInZip2(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                        const void* extrafield_local, uInt size_extrafield_local,
+                                        const void* extrafield_global, uInt size_extrafield_global,
+                                        const char* comment, int method, int level, int raw) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, raw,
+                                   -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY,
+                                   NULL, 0, VERSIONMADEBY, 0, 0);
+}
+
+extern int ZEXPORT zipOpenNewFileInZip2_64(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                           const void* extrafield_local, uInt size_extrafield_local,
+                                           const void* extrafield_global, uInt size_extrafield_global,
+                                           const char* comment, int method, int level, int raw, int zip64) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, raw,
+                                   -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY,
+                                   NULL, 0, VERSIONMADEBY, 0, zip64);
+}
+
+extern int ZEXPORT zipOpenNewFileInZip64(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                         const void* extrafield_local, uInt size_extrafield_local,
+                                         const void*extrafield_global, uInt size_extrafield_global,
+                                         const char* comment, int method, int level, int zip64) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, 0,
+                                   -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY,
+                                   NULL, 0, VERSIONMADEBY, 0, zip64);
+}
+
+extern int ZEXPORT zipOpenNewFileInZip(zipFile file, const char* filename, const zip_fileinfo* zipfi,
+                                       const void* extrafield_local, uInt size_extrafield_local,
+                                       const void*extrafield_global, uInt size_extrafield_global,
+                                       const char* comment, int method, int level) {
+    return zipOpenNewFileInZip4_64(file, filename, zipfi,
+                                   extrafield_local, size_extrafield_local,
+                                   extrafield_global, size_extrafield_global,
+                                   comment, method, level, 0,
+                                   -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY,
+                                   NULL, 0, VERSIONMADEBY, 0, 0);
+}
+
+local int zip64FlushWriteBuffer(zip64_internal* zi) {
+    int err=ZIP_OK;
+
+    if (zi->ci.encrypt != 0)
+    {
+#ifndef NOCRYPT
+        uInt i;
+        int t;
+        for (i=0;i<zi->ci.pos_in_buffered_data;i++)
+            zi->ci.buffered_data[i] = zencode(zi->ci.keys, zi->ci.pcrc_32_tab, zi->ci.buffered_data[i],t);
+#endif
+    }
+
+    if (ZWRITE64(zi->z_filefunc,zi->filestream,zi->ci.buffered_data,zi->ci.pos_in_buffered_data) != zi->ci.pos_in_buffered_data)
+      err = ZIP_ERRNO;
+
+    zi->ci.totalCompressedData += zi->ci.pos_in_buffered_data;
+
+#ifdef HAVE_BZIP2
+    if(zi->ci.method == Z_BZIP2ED)
+    {
+      zi->ci.totalUncompressedData += zi->ci.bstream.total_in_lo32;
+      zi->ci.bstream.total_in_lo32 = 0;
+      zi->ci.bstream.total_in_hi32 = 0;
+    }
+    else
+#endif
+    {
+      zi->ci.totalUncompressedData += zi->ci.stream.total_in;
+      zi->ci.stream.total_in = 0;
+    }
+
+
+    zi->ci.pos_in_buffered_data = 0;
+
+    return err;
+}
+
+extern int ZEXPORT zipWriteInFileInZip(zipFile file, const void* buf, unsigned int len) {
+    zip64_internal* zi;
+    int err=ZIP_OK;
+
+    if (file == NULL)
+        return ZIP_PARAMERROR;
+    zi = (zip64_internal*)file;
+
+    if (zi->in_opened_file_inzip == 0)
+        return ZIP_PARAMERROR;
+
+    zi->ci.crc32 = crc32(zi->ci.crc32,buf,(uInt)len);
+
+#ifdef HAVE_BZIP2
+    if(zi->ci.method == Z_BZIP2ED && (!zi->ci.raw))
+    {
+      zi->ci.bstream.next_in = (void*)buf;
+      zi->ci.bstream.avail_in = len;
+      err = BZ_RUN_OK;
+
+      while ((err==BZ_RUN_OK) && (zi->ci.bstream.avail_in>0))
+      {
+        if (zi->ci.bstream.avail_out == 0)
+        {
+          if (zip64FlushWriteBuffer(zi) == ZIP_ERRNO)
+            err = ZIP_ERRNO;
+          zi->ci.bstream.avail_out = (uInt)Z_BUFSIZE;
+          zi->ci.bstream.next_out = (char*)zi->ci.buffered_data;
+        }
+
+
+        if(err != BZ_RUN_OK)
+          break;
+
+        if ((zi->ci.method == Z_BZIP2ED) && (!zi->ci.raw))
+        {
+          uLong uTotalOutBefore_lo = zi->ci.bstream.total_out_lo32;
+//          uLong uTotalOutBefore_hi = zi->ci.bstream.total_out_hi32;
+          err=BZ2_bzCompress(&zi->ci.bstream,  BZ_RUN);
+
+          zi->ci.pos_in_buffered_data += (uInt)(zi->ci.bstream.total_out_lo32 - uTotalOutBefore_lo) ;
+        }
+      }
+
+      if(err == BZ_RUN_OK)
+        err = ZIP_OK;
+    }
+    else
+#endif
+    {
+      zi->ci.stream.next_in = (Bytef*)(uintptr_t)buf;
+      zi->ci.stream.avail_in = len;
+
+      while ((err==ZIP_OK) && (zi->ci.stream.avail_in>0))
+      {
+          if (zi->ci.stream.avail_out == 0)
+          {
+              if (zip64FlushWriteBuffer(zi) == ZIP_ERRNO)
+                  err = ZIP_ERRNO;
+              zi->ci.stream.avail_out = (uInt)Z_BUFSIZE;
+              zi->ci.stream.next_out = zi->ci.buffered_data;
+          }
+
+
+          if(err != ZIP_OK)
+              break;
+
+          if ((zi->ci.method == Z_DEFLATED) && (!zi->ci.raw))
+          {
+              uLong uTotalOutBefore = zi->ci.stream.total_out;
+              err=deflate(&zi->ci.stream,  Z_NO_FLUSH);
+
+              zi->ci.pos_in_buffered_data += (uInt)(zi->ci.stream.total_out - uTotalOutBefore) ;
+          }
+          else
+          {
+              uInt copy_this,i;
+              if (zi->ci.stream.avail_in < zi->ci.stream.avail_out)
+                  copy_this = zi->ci.stream.avail_in;
+              else
+                  copy_this = zi->ci.stream.avail_out;
+
+              for (i = 0; i < copy_this; i++)
+                  *(((char*)zi->ci.stream.next_out)+i) =
+                      *(((const char*)zi->ci.stream.next_in)+i);
+              {
+                  zi->ci.stream.avail_in -= copy_this;
+                  zi->ci.stream.avail_out-= copy_this;
+                  zi->ci.stream.next_in+= copy_this;
+                  zi->ci.stream.next_out+= copy_this;
+                  zi->ci.stream.total_in+= copy_this;
+                  zi->ci.stream.total_out+= copy_this;
+                  zi->ci.pos_in_buffered_data += copy_this;
+              }
+          }
+      }// while(...)
+    }
+
+    return err;
+}
+
+extern int ZEXPORT zipCloseFileInZipRaw(zipFile file, uLong uncompressed_size, uLong crc32) {
+    return zipCloseFileInZipRaw64 (file, uncompressed_size, crc32);
+}
+
+extern int ZEXPORT zipCloseFileInZipRaw64(zipFile file, ZPOS64_T uncompressed_size, uLong crc32) {
+    zip64_internal* zi;
+    ZPOS64_T compressed_size;
+    uLong invalidValue = 0xffffffff;
+    unsigned datasize = 0;
+    int err=ZIP_OK;
+
+    if (file == NULL)
+        return ZIP_PARAMERROR;
+    zi = (zip64_internal*)file;
+
+    if (zi->in_opened_file_inzip == 0)
+        return ZIP_PARAMERROR;
+    zi->ci.stream.avail_in = 0;
+
+    if ((zi->ci.method == Z_DEFLATED) && (!zi->ci.raw))
+                {
+                        while (err==ZIP_OK)
+                        {
+                                uLong uTotalOutBefore;
+                                if (zi->ci.stream.avail_out == 0)
+                                {
+                                        if (zip64FlushWriteBuffer(zi) == ZIP_ERRNO)
+                                                err = ZIP_ERRNO;
+                                        zi->ci.stream.avail_out = (uInt)Z_BUFSIZE;
+                                        zi->ci.stream.next_out = zi->ci.buffered_data;
+                                }
+                                uTotalOutBefore = zi->ci.stream.total_out;
+                                err=deflate(&zi->ci.stream,  Z_FINISH);
+                                zi->ci.pos_in_buffered_data += (uInt)(zi->ci.stream.total_out - uTotalOutBefore) ;
+                        }
+                }
+    else if ((zi->ci.method == Z_BZIP2ED) && (!zi->ci.raw))
+    {
+#ifdef HAVE_BZIP2
+      err = BZ_FINISH_OK;
+      while (err==BZ_FINISH_OK)
+      {
+        uLong uTotalOutBefore;
+        if (zi->ci.bstream.avail_out == 0)
+        {
+          if (zip64FlushWriteBuffer(zi) == ZIP_ERRNO)
+            err = ZIP_ERRNO;
+          zi->ci.bstream.avail_out = (uInt)Z_BUFSIZE;
+          zi->ci.bstream.next_out = (char*)zi->ci.buffered_data;
+        }
+        uTotalOutBefore = zi->ci.bstream.total_out_lo32;
+        err=BZ2_bzCompress(&zi->ci.bstream,  BZ_FINISH);
+        if(err == BZ_STREAM_END)
+          err = Z_STREAM_END;
+
+        zi->ci.pos_in_buffered_data += (uInt)(zi->ci.bstream.total_out_lo32 - uTotalOutBefore);
+      }
+
+      if(err == BZ_FINISH_OK)
+        err = ZIP_OK;
+#endif
+    }
+
+    if (err==Z_STREAM_END)
+        err=ZIP_OK; /* this is normal */
+
+    if ((zi->ci.pos_in_buffered_data>0) && (err==ZIP_OK))
+                {
+        if (zip64FlushWriteBuffer(zi)==ZIP_ERRNO)
+            err = ZIP_ERRNO;
+                }
+
+    if ((zi->ci.method == Z_DEFLATED) && (!zi->ci.raw))
+    {
+        int tmp_err = deflateEnd(&zi->ci.stream);
+        if (err == ZIP_OK)
+            err = tmp_err;
+        zi->ci.stream_initialised = 0;
+    }
+#ifdef HAVE_BZIP2
+    else if((zi->ci.method == Z_BZIP2ED) && (!zi->ci.raw))
+    {
+      int tmperr = BZ2_bzCompressEnd(&zi->ci.bstream);
+                        if (err==ZIP_OK)
+                                err = tmperr;
+                        zi->ci.stream_initialised = 0;
+    }
+#endif
+
+    if (!zi->ci.raw)
+    {
+        crc32 = (uLong)zi->ci.crc32;
+        uncompressed_size = zi->ci.totalUncompressedData;
+    }
+    compressed_size = zi->ci.totalCompressedData;
+
+#    ifndef NOCRYPT
+    compressed_size += zi->ci.crypt_header_size;
+#    endif
+
+    // update Current Item crc and sizes,
+    if(compressed_size >= 0xffffffff || uncompressed_size >= 0xffffffff || zi->ci.pos_local_header >= 0xffffffff)
+    {
+      /*version Made by*/
+      zip64local_putValue_inmemory(zi->ci.central_header+4,(uLong)45,2);
+      /*version needed*/
+      zip64local_putValue_inmemory(zi->ci.central_header+6,(uLong)45,2);
+
+    }
+
+    zip64local_putValue_inmemory(zi->ci.central_header+16,crc32,4); /*crc*/
+
+
+    if(compressed_size >= 0xffffffff)
+      zip64local_putValue_inmemory(zi->ci.central_header+20, invalidValue,4); /*compr size*/
+    else
+      zip64local_putValue_inmemory(zi->ci.central_header+20, compressed_size,4); /*compr size*/
+
+    /// set internal file attributes field
+    if (zi->ci.stream.data_type == Z_ASCII)
+        zip64local_putValue_inmemory(zi->ci.central_header+36,(uLong)Z_ASCII,2);
+
+    if(uncompressed_size >= 0xffffffff)
+      zip64local_putValue_inmemory(zi->ci.central_header+24, invalidValue,4); /*uncompr size*/
+    else
+      zip64local_putValue_inmemory(zi->ci.central_header+24, uncompressed_size,4); /*uncompr size*/
+
+    // Add ZIP64 extra info field for uncompressed size
+    if(uncompressed_size >= 0xffffffff)
+      datasize += 8;
+
+    // Add ZIP64 extra info field for compressed size
+    if(compressed_size >= 0xffffffff)
+      datasize += 8;
+
+    // Add ZIP64 extra info field for relative offset to local file header of current file
+    if(zi->ci.pos_local_header >= 0xffffffff)
+      datasize += 8;
+
+    if(datasize > 0)
+    {
+      char* p = NULL;
+
+      if((uLong)(datasize + 4) > zi->ci.size_centralExtraFree)
+      {
+        // we cannot write more data to the buffer that we have room for.
+        return ZIP_BADZIPFILE;
+      }
+
+      p = zi->ci.central_header + zi->ci.size_centralheader;
+
+      // Add Extra Information Header for 'ZIP64 information'
+      zip64local_putValue_inmemory(p, 0x0001, 2); // HeaderID
+      p += 2;
+      zip64local_putValue_inmemory(p, datasize, 2); // DataSize
+      p += 2;
+
+      if(uncompressed_size >= 0xffffffff)
+      {
+        zip64local_putValue_inmemory(p, uncompressed_size, 8);
+        p += 8;
+      }
+
+      if(compressed_size >= 0xffffffff)
+      {
+        zip64local_putValue_inmemory(p, compressed_size, 8);
+        p += 8;
+      }
+
+      if(zi->ci.pos_local_header >= 0xffffffff)
+      {
+        zip64local_putValue_inmemory(p, zi->ci.pos_local_header, 8);
+        p += 8;
+      }
+
+      // Update how much extra free space we got in the memory buffer
+      // and increase the centralheader size so the new ZIP64 fields are included
+      // ( 4 below is the size of HeaderID and DataSize field )
+      zi->ci.size_centralExtraFree -= datasize + 4;
+      zi->ci.size_centralheader += datasize + 4;
+
+      // Update the extra info size field
+      zi->ci.size_centralExtra += datasize + 4;
+      zip64local_putValue_inmemory(zi->ci.central_header+30,(uLong)zi->ci.size_centralExtra,2);
+    }
+
+    if (err==ZIP_OK)
+        err = add_data_in_datablock(&zi->central_dir, zi->ci.central_header, (uLong)zi->ci.size_centralheader);
+
+    free(zi->ci.central_header);
+
+    if (err==ZIP_OK)
+    {
+        // Update the LocalFileHeader with the new values.
+
+        ZPOS64_T cur_pos_inzip = ZTELL64(zi->z_filefunc,zi->filestream);
+
+        if (ZSEEK64(zi->z_filefunc,zi->filestream, zi->ci.pos_local_header + 14,ZLIB_FILEFUNC_SEEK_SET)!=0)
+            err = ZIP_ERRNO;
+
+        if (err==ZIP_OK)
+            err = zip64local_putValue(&zi->z_filefunc,zi->filestream,crc32,4); /* crc 32, unknown */
+
+        if(uncompressed_size >= 0xffffffff || compressed_size >= 0xffffffff )
+        {
+          if(zi->ci.pos_zip64extrainfo > 0)
+          {
+            // Update the size in the ZIP64 extended field.
+            if (ZSEEK64(zi->z_filefunc,zi->filestream, zi->ci.pos_zip64extrainfo + 4,ZLIB_FILEFUNC_SEEK_SET)!=0)
+              err = ZIP_ERRNO;
+
+            if (err==ZIP_OK) /* compressed size, unknown */
+              err = zip64local_putValue(&zi->z_filefunc, zi->filestream, uncompressed_size, 8);
+
+            if (err==ZIP_OK) /* uncompressed size, unknown */
+              err = zip64local_putValue(&zi->z_filefunc, zi->filestream, compressed_size, 8);
+          }
+          else
+              err = ZIP_BADZIPFILE; // Caller passed zip64 = 0, so no room for zip64 info -> fatal
+        }
+        else
+        {
+          if (err==ZIP_OK) /* compressed size, unknown */
+              err = zip64local_putValue(&zi->z_filefunc,zi->filestream,compressed_size,4);
+
+          if (err==ZIP_OK) /* uncompressed size, unknown */
+              err = zip64local_putValue(&zi->z_filefunc,zi->filestream,uncompressed_size,4);
+        }
+
+        if (ZSEEK64(zi->z_filefunc,zi->filestream, cur_pos_inzip,ZLIB_FILEFUNC_SEEK_SET)!=0)
+            err = ZIP_ERRNO;
+    }
+
+    zi->number_entry ++;
+    zi->in_opened_file_inzip = 0;
+
+    return err;
+}
+
+extern int ZEXPORT zipCloseFileInZip(zipFile file) {
+    return zipCloseFileInZipRaw (file,0,0);
+}
+
+local int Write_Zip64EndOfCentralDirectoryLocator(zip64_internal* zi, ZPOS64_T zip64eocd_pos_inzip) {
+  int err = ZIP_OK;
+  ZPOS64_T pos = zip64eocd_pos_inzip - zi->add_position_when_writing_offset;
+
+  err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)ZIP64ENDLOCHEADERMAGIC,4);
+
+  /*num disks*/
+    if (err==ZIP_OK) /* number of the disk with the start of the central directory */
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4);
+
+  /*relative offset*/
+    if (err==ZIP_OK) /* Relative offset to the Zip64EndOfCentralDirectory */
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream, pos,8);
+
+  /*total disks*/ /* Do not support spawning of disk so always say 1 here*/
+    if (err==ZIP_OK) /* number of the disk with the start of the central directory */
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)1,4);
+
+    return err;
+}
+
+local int Write_Zip64EndOfCentralDirectoryRecord(zip64_internal* zi, uLong size_centraldir, ZPOS64_T centraldir_pos_inzip) {
+  int err = ZIP_OK;
+
+  uLong Zip64DataSize = 44;
+
+  err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)ZIP64ENDHEADERMAGIC,4);
+
+  if (err==ZIP_OK) /* size of this 'zip64 end of central directory' */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(ZPOS64_T)Zip64DataSize,8); // why ZPOS64_T of this ?
+
+  if (err==ZIP_OK) /* version made by */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)45,2);
+
+  if (err==ZIP_OK) /* version needed */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)45,2);
+
+  if (err==ZIP_OK) /* number of this disk */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4);
+
+  if (err==ZIP_OK) /* number of the disk with the start of the central directory */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4);
+
+  if (err==ZIP_OK) /* total number of entries in the central dir on this disk */
+    err = zip64local_putValue(&zi->z_filefunc, zi->filestream, zi->number_entry, 8);
+
+  if (err==ZIP_OK) /* total number of entries in the central dir */
+    err = zip64local_putValue(&zi->z_filefunc, zi->filestream, zi->number_entry, 8);
+
+  if (err==ZIP_OK) /* size of the central directory */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(ZPOS64_T)size_centraldir,8);
+
+  if (err==ZIP_OK) /* offset of start of central directory with respect to the starting disk number */
+  {
+    ZPOS64_T pos = centraldir_pos_inzip - zi->add_position_when_writing_offset;
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream, (ZPOS64_T)pos,8);
+  }
+  return err;
+}
+
+local int Write_EndOfCentralDirectoryRecord(zip64_internal* zi, uLong size_centraldir, ZPOS64_T centraldir_pos_inzip) {
+  int err = ZIP_OK;
+
+  /*signature*/
+  err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)ENDHEADERMAGIC,4);
+
+  if (err==ZIP_OK) /* number of this disk */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,2);
+
+  if (err==ZIP_OK) /* number of the disk with the start of the central directory */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,2);
+
+  if (err==ZIP_OK) /* total number of entries in the central dir on this disk */
+  {
+    {
+      if(zi->number_entry >= 0xFFFF)
+        err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xffff,2); // use value in ZIP64 record
+      else
+        err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->number_entry,2);
+    }
+  }
+
+  if (err==ZIP_OK) /* total number of entries in the central dir */
+  {
+    if(zi->number_entry >= 0xFFFF)
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xffff,2); // use value in ZIP64 record
+    else
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->number_entry,2);
+  }
+
+  if (err==ZIP_OK) /* size of the central directory */
+    err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)size_centraldir,4);
+
+  if (err==ZIP_OK) /* offset of start of central directory with respect to the starting disk number */
+  {
+    ZPOS64_T pos = centraldir_pos_inzip - zi->add_position_when_writing_offset;
+    if(pos >= 0xffffffff)
+    {
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream, (uLong)0xffffffff,4);
+    }
+    else
+      err = zip64local_putValue(&zi->z_filefunc,zi->filestream, (uLong)(centraldir_pos_inzip - zi->add_position_when_writing_offset),4);
+  }
+
+   return err;
+}
+
+local int Write_GlobalComment(zip64_internal* zi, const char* global_comment) {
+  int err = ZIP_OK;
+  uInt size_global_comment = 0;
+
+  if(global_comment != NULL)
+    size_global_comment = (uInt)strlen(global_comment);
+
+  err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)size_global_comment,2);
+
+  if (err == ZIP_OK && size_global_comment > 0)
+  {
+    if (ZWRITE64(zi->z_filefunc,zi->filestream, global_comment, size_global_comment) != size_global_comment)
+      err = ZIP_ERRNO;
+  }
+  return err;
+}
+
+extern int ZEXPORT zipClose(zipFile file, const char* global_comment) {
+    zip64_internal* zi;
+    int err = 0;
+    uLong size_centraldir = 0;
+    ZPOS64_T centraldir_pos_inzip;
+    ZPOS64_T pos;
+
+    if (file == NULL)
+        return ZIP_PARAMERROR;
+
+    zi = (zip64_internal*)file;
+
+    if (zi->in_opened_file_inzip == 1)
+    {
+        err = zipCloseFileInZip (file);
+    }
+
+#ifndef NO_ADDFILEINEXISTINGZIP
+    if (global_comment==NULL)
+        global_comment = zi->globalcomment;
+#endif
+
+    centraldir_pos_inzip = ZTELL64(zi->z_filefunc,zi->filestream);
+
+    if (err==ZIP_OK)
+    {
+        linkedlist_datablock_internal* ldi = zi->central_dir.first_block;
+        while (ldi!=NULL)
+        {
+            if ((err==ZIP_OK) && (ldi->filled_in_this_block>0))
+            {
+                if (ZWRITE64(zi->z_filefunc,zi->filestream, ldi->data, ldi->filled_in_this_block) != ldi->filled_in_this_block)
+                    err = ZIP_ERRNO;
+            }
+
+            size_centraldir += ldi->filled_in_this_block;
+            ldi = ldi->next_datablock;
+        }
+    }
+    free_linkedlist(&(zi->central_dir));
+
+    pos = centraldir_pos_inzip - zi->add_position_when_writing_offset;
+    if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF)
+    {
+      ZPOS64_T Zip64EOCDpos = ZTELL64(zi->z_filefunc,zi->filestream);
+      Write_Zip64EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip);
+
+      Write_Zip64EndOfCentralDirectoryLocator(zi, Zip64EOCDpos);
+    }
+
+    if (err==ZIP_OK)
+      err = Write_EndOfCentralDirectoryRecord(zi, size_centraldir, centraldir_pos_inzip);
+
+    if(err == ZIP_OK)
+      err = Write_GlobalComment(zi, global_comment);
+
+    if (ZCLOSE64(zi->z_filefunc,zi->filestream) != 0)
+        if (err == ZIP_OK)
+            err = ZIP_ERRNO;
+
+#ifndef NO_ADDFILEINEXISTINGZIP
+    free(zi->globalcomment);
+#endif
+    free(zi);
+
+    return err;
+}
+
+extern int ZEXPORT zipRemoveExtraInfoBlock(char* pData, int* dataLen, short sHeader) {
+  char* p = pData;
+  int size = 0;
+  char* pNewHeader;
+  char* pTmp;
+  short header;
+  short dataSize;
+
+  int retVal = ZIP_OK;
+
+  if(pData == NULL || dataLen == NULL || *dataLen < 4)
+    return ZIP_PARAMERROR;
+
+  pNewHeader = (char*)ALLOC((unsigned)*dataLen);
+  pTmp = pNewHeader;
+
+  while(p < (pData + *dataLen))
+  {
+    header = *(short*)p;
+    dataSize = *(((short*)p)+1);
+
+    if( header == sHeader ) // Header found.
+    {
+      p += dataSize + 4; // skip it. do not copy to temp buffer
+    }
+    else
+    {
+      // Extra Info block should not be removed, So copy it to the temp buffer.
+      memcpy(pTmp, p, dataSize + 4);
+      p += dataSize + 4;
+      size += dataSize + 4;
+    }
+
+  }
+
+  if(size < *dataLen)
+  {
+    // clean old extra info block.
+    memset(pData,0, *dataLen);
+
+    // copy the new extra info block over the old
+    if(size > 0)
+      memcpy(pData, pNewHeader, size);
+
+    // set the new extra info size
+    *dataLen = size;
+
+    retVal = ZIP_OK;
+  }
+  else
+    retVal = ZIP_ERRNO;
+
+  free(pNewHeader);
+
+  return retVal;
+}
diff --git a/zlib-1.3.1/contrib/minizip/zip.h b/zlib-1.3.1/contrib/minizip/zip.h
new file mode 100644
index 00000000..3e230d34
--- /dev/null
+++ b/zlib-1.3.1/contrib/minizip/zip.h
@@ -0,0 +1,364 @@
+/* zip.h -- IO on .zip files using zlib
+   Version 1.1, February 14h, 2010
+   part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html )
+
+         Modifications for Zip64 support
+         Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com )
+
+         For more info read MiniZip_info.txt
+
+         ---------------------------------------------------------------------------
+
+   Condition of use and distribution are the same than zlib :
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+        ---------------------------------------------------------------------------
+
+        Changes
+
+        See header of zip.h
+
+*/
+
+#ifndef _zip12_H
+#define _zip12_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//#define HAVE_BZIP2
+
+#ifndef _ZLIB_H
+#include "zlib.h"
+#endif
+
+#ifndef _ZLIBIOAPI_H
+#include "ioapi.h"
+#endif
+
+#ifdef HAVE_BZIP2
+#include "bzlib.h"
+#endif
+
+#define Z_BZIP2ED 12
+
+#if defined(STRICTZIP) || defined(STRICTZIPUNZIP)
+/* like the STRICT of WIN32, we define a pointer that cannot be converted
+    from (void*) without cast */
+typedef struct TagzipFile__ { int unused; } zipFile__;
+typedef zipFile__ *zipFile;
+#else
+typedef voidp zipFile;
+#endif
+
+#define ZIP_OK                          (0)
+#define ZIP_EOF                         (0)
+#define ZIP_ERRNO                       (Z_ERRNO)
+#define ZIP_PARAMERROR                  (-102)
+#define ZIP_BADZIPFILE                  (-103)
+#define ZIP_INTERNALERROR               (-104)
+
+#ifndef DEF_MEM_LEVEL
+#  if MAX_MEM_LEVEL >= 8
+#    define DEF_MEM_LEVEL 8
+#  else
+#    define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#  endif
+#endif
+/* default memLevel */
+
+/* tm_zip contain date/time info */
+typedef struct tm_zip_s
+{
+    int tm_sec;             /* seconds after the minute - [0,59] */
+    int tm_min;             /* minutes after the hour - [0,59] */
+    int tm_hour;            /* hours since midnight - [0,23] */
+    int tm_mday;            /* day of the month - [1,31] */
+    int tm_mon;             /* months since January - [0,11] */
+    int tm_year;            /* years - [1980..2044] */
+} tm_zip;
+
+typedef struct
+{
+    tm_zip      tmz_date;       /* date in understandable format           */
+    uLong       dosDate;       /* if dos_date == 0, tmu_date is used      */
+/*    uLong       flag;        */   /* general purpose bit flag        2 bytes */
+
+    uLong       internal_fa;    /* internal file attributes        2 bytes */
+    uLong       external_fa;    /* external file attributes        4 bytes */
+} zip_fileinfo;
+
+typedef const char* zipcharpc;
+
+
+#define APPEND_STATUS_CREATE        (0)
+#define APPEND_STATUS_CREATEAFTER   (1)
+#define APPEND_STATUS_ADDINZIP      (2)
+
+extern zipFile ZEXPORT zipOpen(const char *pathname, int append);
+extern zipFile ZEXPORT zipOpen64(const void *pathname, int append);
+/*
+  Create a zipfile.
+     pathname contain on Windows XP a filename like "c:\\zlib\\zlib113.zip" or on
+       an Unix computer "zlib/zlib113.zip".
+     if the file pathname exist and append==APPEND_STATUS_CREATEAFTER, the zip
+       will be created at the end of the file.
+         (useful if the file contain a self extractor code)
+     if the file pathname exist and append==APPEND_STATUS_ADDINZIP, we will
+       add files in existing zip (be sure you don't add file that doesn't exist)
+     If the zipfile cannot be opened, the return value is NULL.
+     Else, the return value is a zipFile Handle, usable with other function
+       of this zip package.
+*/
+
+/* Note : there is no delete function into a zipfile.
+   If you want delete file into a zipfile, you must open a zipfile, and create another
+   Of course, you can use RAW reading and writing to copy the file you did not want delete
+*/
+
+extern zipFile ZEXPORT zipOpen2(const char *pathname,
+                                int append,
+                                zipcharpc* globalcomment,
+                                zlib_filefunc_def* pzlib_filefunc_def);
+
+extern zipFile ZEXPORT zipOpen2_64(const void *pathname,
+                                   int append,
+                                   zipcharpc* globalcomment,
+                                   zlib_filefunc64_def* pzlib_filefunc_def);
+
+extern zipFile ZEXPORT zipOpen3(const void *pathname,
+                                int append,
+                                zipcharpc* globalcomment,
+                                zlib_filefunc64_32_def* pzlib_filefunc64_32_def);
+
+extern int ZEXPORT zipOpenNewFileInZip(zipFile file,
+                                       const char* filename,
+                                       const zip_fileinfo* zipfi,
+                                       const void* extrafield_local,
+                                       uInt size_extrafield_local,
+                                       const void* extrafield_global,
+                                       uInt size_extrafield_global,
+                                       const char* comment,
+                                       int method,
+                                       int level);
+
+extern int ZEXPORT zipOpenNewFileInZip64(zipFile file,
+                                         const char* filename,
+                                         const zip_fileinfo* zipfi,
+                                         const void* extrafield_local,
+                                         uInt size_extrafield_local,
+                                         const void* extrafield_global,
+                                         uInt size_extrafield_global,
+                                         const char* comment,
+                                         int method,
+                                         int level,
+                                         int zip64);
+
+/*
+  Open a file in the ZIP for writing.
+  filename : the filename in zip (if NULL, '-' without quote will be used
+  *zipfi contain supplemental information
+  if extrafield_local!=NULL and size_extrafield_local>0, extrafield_local
+    contains the extrafield data for the local header
+  if extrafield_global!=NULL and size_extrafield_global>0, extrafield_global
+    contains the extrafield data for the global header
+  if comment != NULL, comment contain the comment string
+  method contain the compression method (0 for store, Z_DEFLATED for deflate)
+  level contain the level of compression (can be Z_DEFAULT_COMPRESSION)
+  zip64 is set to 1 if a zip64 extended information block should be added to the local file header.
+                    this MUST be '1' if the uncompressed size is >= 0xffffffff.
+
+*/
+
+
+extern int ZEXPORT zipOpenNewFileInZip2(zipFile file,
+                                        const char* filename,
+                                        const zip_fileinfo* zipfi,
+                                        const void* extrafield_local,
+                                        uInt size_extrafield_local,
+                                        const void* extrafield_global,
+                                        uInt size_extrafield_global,
+                                        const char* comment,
+                                        int method,
+                                        int level,
+                                        int raw);
+
+
+extern int ZEXPORT zipOpenNewFileInZip2_64(zipFile file,
+                                           const char* filename,
+                                           const zip_fileinfo* zipfi,
+                                           const void* extrafield_local,
+                                           uInt size_extrafield_local,
+                                           const void* extrafield_global,
+                                           uInt size_extrafield_global,
+                                           const char* comment,
+                                           int method,
+                                           int level,
+                                           int raw,
+                                           int zip64);
+/*
+  Same than zipOpenNewFileInZip, except if raw=1, we write raw file
+ */
+
+extern int ZEXPORT zipOpenNewFileInZip3(zipFile file,
+                                        const char* filename,
+                                        const zip_fileinfo* zipfi,
+                                        const void* extrafield_local,
+                                        uInt size_extrafield_local,
+                                        const void* extrafield_global,
+                                        uInt size_extrafield_global,
+                                        const char* comment,
+                                        int method,
+                                        int level,
+                                        int raw,
+                                        int windowBits,
+                                        int memLevel,
+                                        int strategy,
+                                        const char* password,
+                                        uLong crcForCrypting);
+
+extern int ZEXPORT zipOpenNewFileInZip3_64(zipFile file,
+                                           const char* filename,
+                                           const zip_fileinfo* zipfi,
+                                           const void* extrafield_local,
+                                           uInt size_extrafield_local,
+                                           const void* extrafield_global,
+                                           uInt size_extrafield_global,
+                                           const char* comment,
+                                           int method,
+                                           int level,
+                                           int raw,
+                                           int windowBits,
+                                           int memLevel,
+                                           int strategy,
+                                           const char* password,
+                                           uLong crcForCrypting,
+                                           int zip64);
+
+/*
+  Same than zipOpenNewFileInZip2, except
+    windowBits,memLevel,,strategy : see parameter strategy in deflateInit2
+    password : crypting password (NULL for no crypting)
+    crcForCrypting : crc of file to compress (needed for crypting)
+ */
+
+extern int ZEXPORT zipOpenNewFileInZip4(zipFile file,
+                                        const char* filename,
+                                        const zip_fileinfo* zipfi,
+                                        const void* extrafield_local,
+                                        uInt size_extrafield_local,
+                                        const void* extrafield_global,
+                                        uInt size_extrafield_global,
+                                        const char* comment,
+                                        int method,
+                                        int level,
+                                        int raw,
+                                        int windowBits,
+                                        int memLevel,
+                                        int strategy,
+                                        const char* password,
+                                        uLong crcForCrypting,
+                                        uLong versionMadeBy,
+                                        uLong flagBase);
+
+
+extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file,
+                                           const char* filename,
+                                           const zip_fileinfo* zipfi,
+                                           const void* extrafield_local,
+                                           uInt size_extrafield_local,
+                                           const void* extrafield_global,
+                                           uInt size_extrafield_global,
+                                           const char* comment,
+                                           int method,
+                                           int level,
+                                           int raw,
+                                           int windowBits,
+                                           int memLevel,
+                                           int strategy,
+                                           const char* password,
+                                           uLong crcForCrypting,
+                                           uLong versionMadeBy,
+                                           uLong flagBase,
+                                           int zip64);
+/*
+  Same than zipOpenNewFileInZip4, except
+    versionMadeBy : value for Version made by field
+    flag : value for flag field (compression level info will be added)
+ */
+
+
+extern int ZEXPORT zipWriteInFileInZip(zipFile file,
+                                       const void* buf,
+                                       unsigned len);
+/*
+  Write data in the zipfile
+*/
+
+extern int ZEXPORT zipCloseFileInZip(zipFile file);
+/*
+  Close the current file in the zipfile
+*/
+
+extern int ZEXPORT zipCloseFileInZipRaw(zipFile file,
+                                        uLong uncompressed_size,
+                                        uLong crc32);
+
+extern int ZEXPORT zipCloseFileInZipRaw64(zipFile file,
+                                          ZPOS64_T uncompressed_size,
+                                          uLong crc32);
+
+/*
+  Close the current file in the zipfile, for file opened with
+    parameter raw=1 in zipOpenNewFileInZip2
+  uncompressed_size and crc32 are value for the uncompressed size
+*/
+
+extern int ZEXPORT zipClose(zipFile file,
+                            const char* global_comment);
+/*
+  Close the zipfile
+*/
+
+
+extern int ZEXPORT zipRemoveExtraInfoBlock(char* pData, int* dataLen, short sHeader);
+/*
+  zipRemoveExtraInfoBlock -  Added by Mathias Svensson
+
+  Remove extra information block from a extra information data for the local file header or central directory header
+
+  It is needed to remove ZIP64 extra information blocks when before data is written if using RAW mode.
+
+  0x0001 is the signature header for the ZIP64 extra information blocks
+
+  usage.
+                        Remove ZIP64 Extra information from a central director extra field data
+              zipRemoveExtraInfoBlock(pCenDirExtraFieldData, &nCenDirExtraFieldDataLen, 0x0001);
+
+                        Remove ZIP64 Extra information from a Local File Header extra field data
+        zipRemoveExtraInfoBlock(pLocalHeaderExtraFieldData, &nLocalHeaderExtraFieldDataLen, 0x0001);
+*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _zip64_H */
diff --git a/zlib-1.3.1/contrib/nuget/nuget.csproj b/zlib-1.3.1/contrib/nuget/nuget.csproj
new file mode 100644
index 00000000..68627f03
--- /dev/null
+++ b/zlib-1.3.1/contrib/nuget/nuget.csproj
@@ -0,0 +1,43 @@
+<Project Sdk="Microsoft.Build.NoTargets/3.5.6">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <PackageId>madler.zlib.redist</PackageId>
+    <PackageId Condition="$([MSBuild]::IsOSPlatform('Windows'))">$(PackageId).win</PackageId>
+    <PackageId Condition="$([MSBuild]::IsOSPlatform('Linux'))">$(PackageId).linux</PackageId>
+    <PackageId Condition="$([MSBuild]::IsOSPlatform('OSX'))">$(PackageId).osx</PackageId>
+    <Copyright>(C) 1995-2024 Jean-loup Gailly and Mark Adler</Copyright>
+    <version>1.3.1</version>
+    <PackageDescription>NuGet Package for consuming native builds of zlib into .NET without complexity.</PackageDescription>
+    <!--
+        Warns about not having any lib or ref assemblies (.NET Assemblies) in those directories.
+        Native only packages that is to be consumed in .NET should not require these.
+    -->
+    <NoWarn>NU5128</NoWarn>
+    <PackageOutputPath>$(MSBuildProjectDirectory)</PackageOutputPath>
+    <Authors>Jean-loup Gailly and Mark Adler</Authors>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="../../LICENSE" Pack="true" PackagePath="" />
+    <!-- Package up Windows builds. -->
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/x86/ZlibDll$(Configuration)/zlibwapi.dll" Pack="true" PackagePath="runtimes/win-x86/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/x64/ZlibDll$(Configuration)/zlibwapi.dll" Pack="true" PackagePath="runtimes/win-x64/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/arm/ZlibDll$(Configuration)/zlibwapi.dll" Pack="true" PackagePath="runtimes/win-arm/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/arm64/ZlibDll$(Configuration)/zlibwapi.dll" Pack="true" PackagePath="runtimes/win-arm64/native" />
+    <!-- Include debug symbols as well as we never know if they might actually be needed in the future. -->
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/x86/ZlibDll$(Configuration)/zlibwapi.pdb" Pack="true" PackagePath="runtimes/win-x86/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/x64/ZlibDll$(Configuration)/zlibwapi.pdb" Pack="true" PackagePath="runtimes/win-x64/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/arm/ZlibDll$(Configuration)/zlibwapi.pdb" Pack="true" PackagePath="runtimes/win-arm/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Windows'))" Include="../vstudio/vc17/arm64/ZlibDll$(Configuration)/zlibwapi.pdb" Pack="true" PackagePath="runtimes/win-arm64/native" />
+    <!-- Package up Linux builds. -->
+    <None Condition="$([MSBuild]::IsOSPlatform('Linux'))" Include="./linux-x86/libz.so" Pack="true" PackagePath="runtimes/linux-x86/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Linux'))" Include="./linux-x64/libz.so" Pack="true" PackagePath="runtimes/linux-x64/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Linux'))" Include="./linux-arm/libz.so" Pack="true" PackagePath="runtimes/linux-arm/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('Linux'))" Include="./linux-arm64/libz.so" Pack="true" PackagePath="runtimes/linux-arm64/native" />
+    <!-- Package up MacOS builds. -->
+    <None Condition="$([MSBuild]::IsOSPlatform('OSX'))" Include="./osx-x64/libz.dylib" Pack="true" PackagePath="runtimes/osx-x64/native" />
+    <None Condition="$([MSBuild]::IsOSPlatform('OSX'))" Include="./osx-arm64/libz.dylib" Pack="true" PackagePath="runtimes/osx-arm64/native" />
+  </ItemGroup>
+
+</Project>
diff --git a/zlib-1.3.1/contrib/nuget/nuget.sln b/zlib-1.3.1/contrib/nuget/nuget.sln
new file mode 100644
index 00000000..46ee8dea
--- /dev/null
+++ b/zlib-1.3.1/contrib/nuget/nuget.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nuget", "nuget.csproj", "{B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/pascal/example.pas b/zlib-1.3.1/contrib/pascal/example.pas
new file mode 100644
index 00000000..5518b36a
--- /dev/null
+++ b/zlib-1.3.1/contrib/pascal/example.pas
@@ -0,0 +1,599 @@
+(* example.c -- usage example of the zlib compression library
+ * Copyright (C) 1995-2003 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ *
+ * Pascal translation
+ * Copyright (C) 1998 by Jacques Nomssi Nzali.
+ * For conditions of distribution and use, see copyright notice in readme.txt
+ *
+ * Adaptation to the zlibpas interface
+ * Copyright (C) 2003 by Cosmin Truta.
+ * For conditions of distribution and use, see copyright notice in readme.txt
+ *)
+
+program example;
+
+{$DEFINE TEST_COMPRESS}
+{DO NOT $DEFINE TEST_GZIO}
+{$DEFINE TEST_DEFLATE}
+{$DEFINE TEST_INFLATE}
+{$DEFINE TEST_FLUSH}
+{$DEFINE TEST_SYNC}
+{$DEFINE TEST_DICT}
+
+uses SysUtils, zlibpas;
+
+const TESTFILE = 'foo.gz';
+
+(* "hello world" would be more standard, but the repeated "hello"
+ * stresses the compression code better, sorry...
+ *)
+const hello: PChar = 'hello, hello!';
+
+const dictionary: PChar = 'hello';
+
+var dictId: LongInt; (* Adler32 value of the dictionary *)
+
+procedure CHECK_ERR(err: Integer; msg: String);
+begin
+  if err <> Z_OK then
+  begin
+    WriteLn(msg, ' error: ', err);
+    Halt(1);
+  end;
+end;
+
+procedure EXIT_ERR(const msg: String);
+begin
+  WriteLn('Error: ', msg);
+  Halt(1);
+end;
+
+(* ===========================================================================
+ * Test compress and uncompress
+ *)
+{$IFDEF TEST_COMPRESS}
+procedure test_compress(compr: Pointer; comprLen: LongInt;
+                        uncompr: Pointer; uncomprLen: LongInt);
+var err: Integer;
+    len: LongInt;
+begin
+  len := StrLen(hello)+1;
+
+  err := compress(compr, comprLen, hello, len);
+  CHECK_ERR(err, 'compress');
+
+  StrCopy(PChar(uncompr), 'garbage');
+
+  err := uncompress(uncompr, uncomprLen, compr, comprLen);
+  CHECK_ERR(err, 'uncompress');
+
+  if StrComp(PChar(uncompr), hello) <> 0 then
+    EXIT_ERR('bad uncompress')
+  else
+    WriteLn('uncompress(): ', PChar(uncompr));
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test read/write of .gz files
+ *)
+{$IFDEF TEST_GZIO}
+procedure test_gzio(const fname: PChar; (* compressed file name *)
+                    uncompr: Pointer;
+                    uncomprLen: LongInt);
+var err: Integer;
+    len: Integer;
+    zfile: gzFile;
+    pos: LongInt;
+begin
+  len := StrLen(hello)+1;
+
+  zfile := gzopen(fname, 'wb');
+  if zfile = NIL then
+  begin
+    WriteLn('gzopen error');
+    Halt(1);
+  end;
+  gzputc(zfile, 'h');
+  if gzputs(zfile, 'ello') <> 4 then
+  begin
+    WriteLn('gzputs err: ', gzerror(zfile, err));
+    Halt(1);
+  end;
+  {$IFDEF GZ_FORMAT_STRING}
+  if gzprintf(zfile, ', %s!', 'hello') <> 8 then
+  begin
+    WriteLn('gzprintf err: ', gzerror(zfile, err));
+    Halt(1);
+  end;
+  {$ELSE}
+  if gzputs(zfile, ', hello!') <> 8 then
+  begin
+    WriteLn('gzputs err: ', gzerror(zfile, err));
+    Halt(1);
+  end;
+  {$ENDIF}
+  gzseek(zfile, 1, SEEK_CUR); (* add one zero byte *)
+  gzclose(zfile);
+
+  zfile := gzopen(fname, 'rb');
+  if zfile = NIL then
+  begin
+    WriteLn('gzopen error');
+    Halt(1);
+  end;
+
+  StrCopy(PChar(uncompr), 'garbage');
+
+  if gzread(zfile, uncompr, uncomprLen) <> len then
+  begin
+    WriteLn('gzread err: ', gzerror(zfile, err));
+    Halt(1);
+  end;
+  if StrComp(PChar(uncompr), hello) <> 0 then
+  begin
+    WriteLn('bad gzread: ', PChar(uncompr));
+    Halt(1);
+  end
+  else
+    WriteLn('gzread(): ', PChar(uncompr));
+
+  pos := gzseek(zfile, -8, SEEK_CUR);
+  if (pos <> 6) or (gztell(zfile) <> pos) then
+  begin
+    WriteLn('gzseek error, pos=', pos, ', gztell=', gztell(zfile));
+    Halt(1);
+  end;
+
+  if gzgetc(zfile) <> ' ' then
+  begin
+    WriteLn('gzgetc error');
+    Halt(1);
+  end;
+
+  if gzungetc(' ', zfile) <> ' ' then
+  begin
+    WriteLn('gzungetc error');
+    Halt(1);
+  end;
+
+  gzgets(zfile, PChar(uncompr), uncomprLen);
+  uncomprLen := StrLen(PChar(uncompr));
+  if uncomprLen <> 7 then (* " hello!" *)
+  begin
+    WriteLn('gzgets err after gzseek: ', gzerror(zfile, err));
+    Halt(1);
+  end;
+  if StrComp(PChar(uncompr), hello + 6) <> 0 then
+  begin
+    WriteLn('bad gzgets after gzseek');
+    Halt(1);
+  end
+  else
+    WriteLn('gzgets() after gzseek: ', PChar(uncompr));
+
+  gzclose(zfile);
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test deflate with small buffers
+ *)
+{$IFDEF TEST_DEFLATE}
+procedure test_deflate(compr: Pointer; comprLen: LongInt);
+var c_stream: z_stream; (* compression stream *)
+    err: Integer;
+    len: LongInt;
+begin
+  len := StrLen(hello)+1;
+
+  c_stream.zalloc := NIL;
+  c_stream.zfree := NIL;
+  c_stream.opaque := NIL;
+
+  err := deflateInit(c_stream, Z_DEFAULT_COMPRESSION);
+  CHECK_ERR(err, 'deflateInit');
+
+  c_stream.next_in := hello;
+  c_stream.next_out := compr;
+
+  while (c_stream.total_in <> len) and
+        (c_stream.total_out < comprLen) do
+  begin
+    c_stream.avail_out := 1; { force small buffers }
+    c_stream.avail_in := 1;
+    err := deflate(c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, 'deflate');
+  end;
+
+  (* Finish the stream, still forcing small buffers: *)
+  while TRUE do
+  begin
+    c_stream.avail_out := 1;
+    err := deflate(c_stream, Z_FINISH);
+    if err = Z_STREAM_END then
+      break;
+    CHECK_ERR(err, 'deflate');
+  end;
+
+  err := deflateEnd(c_stream);
+  CHECK_ERR(err, 'deflateEnd');
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test inflate with small buffers
+ *)
+{$IFDEF TEST_INFLATE}
+procedure test_inflate(compr: Pointer; comprLen : LongInt;
+                       uncompr: Pointer; uncomprLen : LongInt);
+var err: Integer;
+    d_stream: z_stream; (* decompression stream *)
+begin
+  StrCopy(PChar(uncompr), 'garbage');
+
+  d_stream.zalloc := NIL;
+  d_stream.zfree := NIL;
+  d_stream.opaque := NIL;
+
+  d_stream.next_in := compr;
+  d_stream.avail_in := 0;
+  d_stream.next_out := uncompr;
+
+  err := inflateInit(d_stream);
+  CHECK_ERR(err, 'inflateInit');
+
+  while (d_stream.total_out < uncomprLen) and
+        (d_stream.total_in < comprLen) do
+  begin
+    d_stream.avail_out := 1; (* force small buffers *)
+    d_stream.avail_in := 1;
+    err := inflate(d_stream, Z_NO_FLUSH);
+    if err = Z_STREAM_END then
+      break;
+    CHECK_ERR(err, 'inflate');
+  end;
+
+  err := inflateEnd(d_stream);
+  CHECK_ERR(err, 'inflateEnd');
+
+  if StrComp(PChar(uncompr), hello) <> 0 then
+    EXIT_ERR('bad inflate')
+  else
+    WriteLn('inflate(): ', PChar(uncompr));
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test deflate with large buffers and dynamic change of compression level
+ *)
+{$IFDEF TEST_DEFLATE}
+procedure test_large_deflate(compr: Pointer; comprLen: LongInt;
+                             uncompr: Pointer; uncomprLen: LongInt);
+var c_stream: z_stream; (* compression stream *)
+    err: Integer;
+begin
+  c_stream.zalloc := NIL;
+  c_stream.zfree := NIL;
+  c_stream.opaque := NIL;
+
+  err := deflateInit(c_stream, Z_BEST_SPEED);
+  CHECK_ERR(err, 'deflateInit');
+
+  c_stream.next_out := compr;
+  c_stream.avail_out := Integer(comprLen);
+
+  (* At this point, uncompr is still mostly zeroes, so it should compress
+   * very well:
+   *)
+  c_stream.next_in := uncompr;
+  c_stream.avail_in := Integer(uncomprLen);
+  err := deflate(c_stream, Z_NO_FLUSH);
+  CHECK_ERR(err, 'deflate');
+  if c_stream.avail_in <> 0 then
+    EXIT_ERR('deflate not greedy');
+
+  (* Feed in already compressed data and switch to no compression: *)
+  deflateParams(c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
+  c_stream.next_in := compr;
+  c_stream.avail_in := Integer(comprLen div 2);
+  err := deflate(c_stream, Z_NO_FLUSH);
+  CHECK_ERR(err, 'deflate');
+
+  (* Switch back to compressing mode: *)
+  deflateParams(c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
+  c_stream.next_in := uncompr;
+  c_stream.avail_in := Integer(uncomprLen);
+  err := deflate(c_stream, Z_NO_FLUSH);
+  CHECK_ERR(err, 'deflate');
+
+  err := deflate(c_stream, Z_FINISH);
+  if err <> Z_STREAM_END then
+    EXIT_ERR('deflate should report Z_STREAM_END');
+
+  err := deflateEnd(c_stream);
+  CHECK_ERR(err, 'deflateEnd');
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test inflate with large buffers
+ *)
+{$IFDEF TEST_INFLATE}
+procedure test_large_inflate(compr: Pointer; comprLen: LongInt;
+                             uncompr: Pointer; uncomprLen: LongInt);
+var err: Integer;
+    d_stream: z_stream; (* decompression stream *)
+begin
+  StrCopy(PChar(uncompr), 'garbage');
+
+  d_stream.zalloc := NIL;
+  d_stream.zfree := NIL;
+  d_stream.opaque := NIL;
+
+  d_stream.next_in := compr;
+  d_stream.avail_in := Integer(comprLen);
+
+  err := inflateInit(d_stream);
+  CHECK_ERR(err, 'inflateInit');
+
+  while TRUE do
+  begin
+    d_stream.next_out := uncompr;            (* discard the output *)
+    d_stream.avail_out := Integer(uncomprLen);
+    err := inflate(d_stream, Z_NO_FLUSH);
+    if err = Z_STREAM_END then
+      break;
+    CHECK_ERR(err, 'large inflate');
+  end;
+
+  err := inflateEnd(d_stream);
+  CHECK_ERR(err, 'inflateEnd');
+
+  if d_stream.total_out <> 2 * uncomprLen + comprLen div 2 then
+  begin
+    WriteLn('bad large inflate: ', d_stream.total_out);
+    Halt(1);
+  end
+  else
+    WriteLn('large_inflate(): OK');
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test deflate with full flush
+ *)
+{$IFDEF TEST_FLUSH}
+procedure test_flush(compr: Pointer; var comprLen : LongInt);
+var c_stream: z_stream; (* compression stream *)
+    err: Integer;
+    len: Integer;
+begin
+  len := StrLen(hello)+1;
+
+  c_stream.zalloc := NIL;
+  c_stream.zfree := NIL;
+  c_stream.opaque := NIL;
+
+  err := deflateInit(c_stream, Z_DEFAULT_COMPRESSION);
+  CHECK_ERR(err, 'deflateInit');
+
+  c_stream.next_in := hello;
+  c_stream.next_out := compr;
+  c_stream.avail_in := 3;
+  c_stream.avail_out := Integer(comprLen);
+  err := deflate(c_stream, Z_FULL_FLUSH);
+  CHECK_ERR(err, 'deflate');
+
+  Inc(PByteArray(compr)^[3]); (* force an error in first compressed block *)
+  c_stream.avail_in := len - 3;
+
+  err := deflate(c_stream, Z_FINISH);
+  if err <> Z_STREAM_END then
+    CHECK_ERR(err, 'deflate');
+
+  err := deflateEnd(c_stream);
+  CHECK_ERR(err, 'deflateEnd');
+
+  comprLen := c_stream.total_out;
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test inflateSync()
+ *)
+{$IFDEF TEST_SYNC}
+procedure test_sync(compr: Pointer; comprLen: LongInt;
+                    uncompr: Pointer; uncomprLen : LongInt);
+var err: Integer;
+    d_stream: z_stream; (* decompression stream *)
+begin
+  StrCopy(PChar(uncompr), 'garbage');
+
+  d_stream.zalloc := NIL;
+  d_stream.zfree := NIL;
+  d_stream.opaque := NIL;
+
+  d_stream.next_in := compr;
+  d_stream.avail_in := 2; (* just read the zlib header *)
+
+  err := inflateInit(d_stream);
+  CHECK_ERR(err, 'inflateInit');
+
+  d_stream.next_out := uncompr;
+  d_stream.avail_out := Integer(uncomprLen);
+
+  inflate(d_stream, Z_NO_FLUSH);
+  CHECK_ERR(err, 'inflate');
+
+  d_stream.avail_in := Integer(comprLen-2);   (* read all compressed data *)
+  err := inflateSync(d_stream);               (* but skip the damaged part *)
+  CHECK_ERR(err, 'inflateSync');
+
+  err := inflate(d_stream, Z_FINISH);
+  if err <> Z_DATA_ERROR then
+    EXIT_ERR('inflate should report DATA_ERROR');
+    (* Because of incorrect adler32 *)
+
+  err := inflateEnd(d_stream);
+  CHECK_ERR(err, 'inflateEnd');
+
+  WriteLn('after inflateSync(): hel', PChar(uncompr));
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test deflate with preset dictionary
+ *)
+{$IFDEF TEST_DICT}
+procedure test_dict_deflate(compr: Pointer; comprLen: LongInt);
+var c_stream: z_stream; (* compression stream *)
+    err: Integer;
+begin
+  c_stream.zalloc := NIL;
+  c_stream.zfree := NIL;
+  c_stream.opaque := NIL;
+
+  err := deflateInit(c_stream, Z_BEST_COMPRESSION);
+  CHECK_ERR(err, 'deflateInit');
+
+  err := deflateSetDictionary(c_stream, dictionary, StrLen(dictionary));
+  CHECK_ERR(err, 'deflateSetDictionary');
+
+  dictId := c_stream.adler;
+  c_stream.next_out := compr;
+  c_stream.avail_out := Integer(comprLen);
+
+  c_stream.next_in := hello;
+  c_stream.avail_in := StrLen(hello)+1;
+
+  err := deflate(c_stream, Z_FINISH);
+  if err <> Z_STREAM_END then
+    EXIT_ERR('deflate should report Z_STREAM_END');
+
+  err := deflateEnd(c_stream);
+  CHECK_ERR(err, 'deflateEnd');
+end;
+{$ENDIF}
+
+(* ===========================================================================
+ * Test inflate with a preset dictionary
+ *)
+{$IFDEF TEST_DICT}
+procedure test_dict_inflate(compr: Pointer; comprLen: LongInt;
+                            uncompr: Pointer; uncomprLen: LongInt);
+var err: Integer;
+    d_stream: z_stream; (* decompression stream *)
+begin
+  StrCopy(PChar(uncompr), 'garbage');
+
+  d_stream.zalloc := NIL;
+  d_stream.zfree := NIL;
+  d_stream.opaque := NIL;
+
+  d_stream.next_in := compr;
+  d_stream.avail_in := Integer(comprLen);
+
+  err := inflateInit(d_stream);
+  CHECK_ERR(err, 'inflateInit');
+
+  d_stream.next_out := uncompr;
+  d_stream.avail_out := Integer(uncomprLen);
+
+  while TRUE do
+  begin
+    err := inflate(d_stream, Z_NO_FLUSH);
+    if err = Z_STREAM_END then
+      break;
+    if err = Z_NEED_DICT then
+    begin
+      if d_stream.adler <> dictId then
+        EXIT_ERR('unexpected dictionary');
+      err := inflateSetDictionary(d_stream, dictionary, StrLen(dictionary));
+    end;
+    CHECK_ERR(err, 'inflate with dict');
+  end;
+
+  err := inflateEnd(d_stream);
+  CHECK_ERR(err, 'inflateEnd');
+
+  if StrComp(PChar(uncompr), hello) <> 0 then
+    EXIT_ERR('bad inflate with dict')
+  else
+    WriteLn('inflate with dictionary: ', PChar(uncompr));
+end;
+{$ENDIF}
+
+var compr, uncompr: Pointer;
+    comprLen, uncomprLen: LongInt;
+
+begin
+  if zlibVersion^ <> ZLIB_VERSION[1] then
+    EXIT_ERR('Incompatible zlib version');
+
+  WriteLn('zlib version: ', zlibVersion);
+  WriteLn('zlib compile flags: ', Format('0x%x', [zlibCompileFlags]));
+
+  comprLen := 10000 * SizeOf(Integer); (* don't overflow on MSDOS *)
+  uncomprLen := comprLen;
+  GetMem(compr, comprLen);
+  GetMem(uncompr, uncomprLen);
+  if (compr = NIL) or (uncompr = NIL) then
+    EXIT_ERR('Out of memory');
+  (* compr and uncompr are cleared to avoid reading uninitialized
+   * data and to ensure that uncompr compresses well.
+   *)
+  FillChar(compr^, comprLen, 0);
+  FillChar(uncompr^, uncomprLen, 0);
+
+  {$IFDEF TEST_COMPRESS}
+  WriteLn('** Testing compress');
+  test_compress(compr, comprLen, uncompr, uncomprLen);
+  {$ENDIF}
+
+  {$IFDEF TEST_GZIO}
+  WriteLn('** Testing gzio');
+  if ParamCount >= 1 then
+    test_gzio(ParamStr(1), uncompr, uncomprLen)
+  else
+    test_gzio(TESTFILE, uncompr, uncomprLen);
+  {$ENDIF}
+
+  {$IFDEF TEST_DEFLATE}
+  WriteLn('** Testing deflate with small buffers');
+  test_deflate(compr, comprLen);
+  {$ENDIF}
+  {$IFDEF TEST_INFLATE}
+  WriteLn('** Testing inflate with small buffers');
+  test_inflate(compr, comprLen, uncompr, uncomprLen);
+  {$ENDIF}
+
+  {$IFDEF TEST_DEFLATE}
+  WriteLn('** Testing deflate with large buffers');
+  test_large_deflate(compr, comprLen, uncompr, uncomprLen);
+  {$ENDIF}
+  {$IFDEF TEST_INFLATE}
+  WriteLn('** Testing inflate with large buffers');
+  test_large_inflate(compr, comprLen, uncompr, uncomprLen);
+  {$ENDIF}
+
+  {$IFDEF TEST_FLUSH}
+  WriteLn('** Testing deflate with full flush');
+  test_flush(compr, comprLen);
+  {$ENDIF}
+  {$IFDEF TEST_SYNC}
+  WriteLn('** Testing inflateSync');
+  test_sync(compr, comprLen, uncompr, uncomprLen);
+  {$ENDIF}
+  comprLen := uncomprLen;
+
+  {$IFDEF TEST_DICT}
+  WriteLn('** Testing deflate and inflate with preset dictionary');
+  test_dict_deflate(compr, comprLen);
+  test_dict_inflate(compr, comprLen, uncompr, uncomprLen);
+  {$ENDIF}
+
+  FreeMem(compr, comprLen);
+  FreeMem(uncompr, uncomprLen);
+end.
diff --git a/zlib-1.3.1/contrib/pascal/readme.txt b/zlib-1.3.1/contrib/pascal/readme.txt
new file mode 100644
index 00000000..60e87c8a
--- /dev/null
+++ b/zlib-1.3.1/contrib/pascal/readme.txt
@@ -0,0 +1,76 @@
+
+This directory contains a Pascal (Delphi, Kylix) interface to the
+zlib data compression library.
+
+
+Directory listing
+=================
+
+zlibd32.mak     makefile for Borland C++
+example.pas     usage example of zlib
+zlibpas.pas     the Pascal interface to zlib
+readme.txt      this file
+
+
+Compatibility notes
+===================
+
+- Although the name "zlib" would have been more normal for the
+  zlibpas unit, this name is already taken by Borland's ZLib unit.
+  This is somehow unfortunate, because that unit is not a genuine
+  interface to the full-fledged zlib functionality, but a suite of
+  class wrappers around zlib streams.  Other essential features,
+  such as checksums, are missing.
+  It would have been more appropriate for that unit to have a name
+  like "ZStreams", or something similar.
+
+- The C and zlib-supplied types int, uInt, long, uLong, etc. are
+  translated directly into Pascal types of similar sizes (Integer,
+  LongInt, etc.), to avoid namespace pollution.  In particular,
+  there is no conversion of unsigned int into a Pascal unsigned
+  integer.  The Word type is non-portable and has the same size
+  (16 bits) both in a 16-bit and in a 32-bit environment, unlike
+  Integer.  Even if there is a 32-bit Cardinal type, there is no
+  real need for unsigned int in zlib under a 32-bit environment.
+
+- Except for the callbacks, the zlib function interfaces are
+  assuming the calling convention normally used in Pascal
+  (__pascal for DOS and Windows16, __fastcall for Windows32).
+  Since the cdecl keyword is used, the old Turbo Pascal does
+  not work with this interface.
+
+- The gz* function interfaces are not translated, to avoid
+  interfacing problems with the C runtime library.  Besides,
+    gzprintf(gzFile file, const char *format, ...)
+  cannot be translated into Pascal.
+
+
+Legal issues
+============
+
+The zlibpas interface is:
+  Copyright (C) 1995-2003 Jean-loup Gailly and Mark Adler.
+  Copyright (C) 1998 by Bob Dellaca.
+  Copyright (C) 2003 by Cosmin Truta.
+
+The example program is:
+  Copyright (C) 1995-2003 by Jean-loup Gailly.
+  Copyright (C) 1998,1999,2000 by Jacques Nomssi Nzali.
+  Copyright (C) 2003 by Cosmin Truta.
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the author be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
diff --git a/zlib-1.3.1/contrib/pascal/zlibd32.mak b/zlib-1.3.1/contrib/pascal/zlibd32.mak
new file mode 100644
index 00000000..9bb00b7c
--- /dev/null
+++ b/zlib-1.3.1/contrib/pascal/zlibd32.mak
@@ -0,0 +1,99 @@
+# Makefile for zlib
+# For use with Delphi and C++ Builder under Win32
+# Updated for zlib 1.2.x by Cosmin Truta
+
+# ------------ Borland C++ ------------
+
+# This project uses the Delphi (fastcall/register) calling convention:
+LOC = -DZEXPORT=__fastcall -DZEXPORTVA=__cdecl
+
+CC = bcc32
+LD = bcc32
+AR = tlib
+# do not use "-pr" in CFLAGS
+CFLAGS = -a -d -k- -O2 $(LOC)
+LDFLAGS =
+
+
+# variables
+ZLIB_LIB = zlib.lib
+
+OBJ1 = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj
+OBJ2 = gzwrite.obj infback.obj inffast.obj inflate.obj inftrees.obj trees.obj uncompr.obj zutil.obj
+OBJP1 = +adler32.obj+compress.obj+crc32.obj+deflate.obj+gzclose.obj+gzlib.obj+gzread.obj
+OBJP2 = +gzwrite.obj+infback.obj+inffast.obj+inflate.obj+inftrees.obj+trees.obj+uncompr.obj+zutil.obj
+
+
+# targets
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+.c.obj:
+	$(CC) -c $(CFLAGS) $*.c
+
+adler32.obj: adler32.c zlib.h zconf.h
+
+compress.obj: compress.c zlib.h zconf.h
+
+crc32.obj: crc32.c zlib.h zconf.h crc32.h
+
+deflate.obj: deflate.c deflate.h zutil.h zlib.h zconf.h
+
+gzclose.obj: gzclose.c zlib.h zconf.h gzguts.h
+
+gzlib.obj: gzlib.c zlib.h zconf.h gzguts.h
+
+gzread.obj: gzread.c zlib.h zconf.h gzguts.h
+
+gzwrite.obj: gzwrite.c zlib.h zconf.h gzguts.h
+
+infback.obj: infback.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inffast.obj: inffast.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h
+
+inflate.obj: inflate.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inftrees.obj: inftrees.c zutil.h zlib.h zconf.h inftrees.h
+
+trees.obj: trees.c zutil.h zlib.h zconf.h deflate.h trees.h
+
+uncompr.obj: uncompr.c zlib.h zconf.h
+
+zutil.obj: zutil.c zutil.h zlib.h zconf.h
+
+example.obj: test/example.c zlib.h zconf.h
+
+minigzip.obj: test/minigzip.c zlib.h zconf.h
+
+
+# For the sake of the old Borland make,
+# the command line is cut to fit in the MS-DOS 128 byte limit:
+$(ZLIB_LIB): $(OBJ1) $(OBJ2)
+	-del $(ZLIB_LIB)
+	$(AR) $(ZLIB_LIB) $(OBJP1)
+	$(AR) $(ZLIB_LIB) $(OBJP2)
+
+
+# testing
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+example.exe: example.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) example.obj $(ZLIB_LIB)
+
+minigzip.exe: minigzip.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) minigzip.obj $(ZLIB_LIB)
+
+
+# cleanup
+clean:
+	-del *.obj
+	-del *.exe
+	-del *.lib
+	-del *.tds
+	-del zlib.bak
+	-del foo.gz
+
diff --git a/zlib-1.3.1/contrib/pascal/zlibpas.pas b/zlib-1.3.1/contrib/pascal/zlibpas.pas
new file mode 100644
index 00000000..0cf0e7b8
--- /dev/null
+++ b/zlib-1.3.1/contrib/pascal/zlibpas.pas
@@ -0,0 +1,276 @@
+(* zlibpas -- Pascal interface to the zlib data compression library
+ *
+ * Copyright (C) 2003 Cosmin Truta.
+ * Derived from original sources by Bob Dellaca.
+ * For conditions of distribution and use, see copyright notice in readme.txt
+ *)
+
+unit zlibpas;
+
+interface
+
+const
+  ZLIB_VERSION = '1.3.1';
+  ZLIB_VERNUM  = $12a0;
+
+type
+  alloc_func = function(opaque: Pointer; items, size: Integer): Pointer;
+                 cdecl;
+  free_func  = procedure(opaque, address: Pointer);
+                 cdecl;
+
+  in_func    = function(opaque: Pointer; var buf: PByte): Integer;
+                 cdecl;
+  out_func   = function(opaque: Pointer; buf: PByte; size: Integer): Integer;
+                 cdecl;
+
+  z_streamp = ^z_stream;
+  z_stream = packed record
+    next_in: PChar;       (* next input byte *)
+    avail_in: Integer;    (* number of bytes available at next_in *)
+    total_in: LongInt;    (* total nb of input bytes read so far *)
+
+    next_out: PChar;      (* next output byte should be put there *)
+    avail_out: Integer;   (* remaining free space at next_out *)
+    total_out: LongInt;   (* total nb of bytes output so far *)
+
+    msg: PChar;           (* last error message, NULL if no error *)
+    state: Pointer;       (* not visible by applications *)
+
+    zalloc: alloc_func;   (* used to allocate the internal state *)
+    zfree: free_func;     (* used to free the internal state *)
+    opaque: Pointer;      (* private data object passed to zalloc and zfree *)
+
+    data_type: Integer;   (* best guess about the data type: ascii or binary *)
+    adler: LongInt;       (* adler32 value of the uncompressed data *)
+    reserved: LongInt;    (* reserved for future use *)
+  end;
+
+  gz_headerp = ^gz_header;
+  gz_header = packed record
+    text: Integer;        (* true if compressed data believed to be text *)
+    time: LongInt;        (* modification time *)
+    xflags: Integer;      (* extra flags (not used when writing a gzip file) *)
+    os: Integer;          (* operating system *)
+    extra: PChar;         (* pointer to extra field or Z_NULL if none *)
+    extra_len: Integer;   (* extra field length (valid if extra != Z_NULL) *)
+    extra_max: Integer;   (* space at extra (only when reading header) *)
+    name: PChar;          (* pointer to zero-terminated file name or Z_NULL *)
+    name_max: Integer;    (* space at name (only when reading header) *)
+    comment: PChar;       (* pointer to zero-terminated comment or Z_NULL *)
+    comm_max: Integer;    (* space at comment (only when reading header) *)
+    hcrc: Integer;        (* true if there was or will be a header crc *)
+    done: Integer;        (* true when done reading gzip header *)
+  end;
+
+(* constants *)
+const
+  Z_NO_FLUSH      = 0;
+  Z_PARTIAL_FLUSH = 1;
+  Z_SYNC_FLUSH    = 2;
+  Z_FULL_FLUSH    = 3;
+  Z_FINISH        = 4;
+  Z_BLOCK         = 5;
+  Z_TREES         = 6;
+
+  Z_OK            =  0;
+  Z_STREAM_END    =  1;
+  Z_NEED_DICT     =  2;
+  Z_ERRNO         = -1;
+  Z_STREAM_ERROR  = -2;
+  Z_DATA_ERROR    = -3;
+  Z_MEM_ERROR     = -4;
+  Z_BUF_ERROR     = -5;
+  Z_VERSION_ERROR = -6;
+
+  Z_NO_COMPRESSION       =  0;
+  Z_BEST_SPEED           =  1;
+  Z_BEST_COMPRESSION     =  9;
+  Z_DEFAULT_COMPRESSION  = -1;
+
+  Z_FILTERED            = 1;
+  Z_HUFFMAN_ONLY        = 2;
+  Z_RLE                 = 3;
+  Z_FIXED               = 4;
+  Z_DEFAULT_STRATEGY    = 0;
+
+  Z_BINARY   = 0;
+  Z_TEXT     = 1;
+  Z_ASCII    = 1;
+  Z_UNKNOWN  = 2;
+
+  Z_DEFLATED = 8;
+
+(* basic functions *)
+function zlibVersion: PChar;
+function deflateInit(var strm: z_stream; level: Integer): Integer;
+function deflate(var strm: z_stream; flush: Integer): Integer;
+function deflateEnd(var strm: z_stream): Integer;
+function inflateInit(var strm: z_stream): Integer;
+function inflate(var strm: z_stream; flush: Integer): Integer;
+function inflateEnd(var strm: z_stream): Integer;
+
+(* advanced functions *)
+function deflateInit2(var strm: z_stream; level, method, windowBits,
+                      memLevel, strategy: Integer): Integer;
+function deflateSetDictionary(var strm: z_stream; const dictionary: PChar;
+                              dictLength: Integer): Integer;
+function deflateCopy(var dest, source: z_stream): Integer;
+function deflateReset(var strm: z_stream): Integer;
+function deflateParams(var strm: z_stream; level, strategy: Integer): Integer;
+function deflateTune(var strm: z_stream; good_length, max_lazy, nice_length, max_chain: Integer): Integer;
+function deflateBound(var strm: z_stream; sourceLen: LongInt): LongInt;
+function deflatePending(var strm: z_stream; var pending: Integer; var bits: Integer): Integer;
+function deflatePrime(var strm: z_stream; bits, value: Integer): Integer;
+function deflateSetHeader(var strm: z_stream; head: gz_header): Integer;
+function inflateInit2(var strm: z_stream; windowBits: Integer): Integer;
+function inflateSetDictionary(var strm: z_stream; const dictionary: PChar;
+                              dictLength: Integer): Integer;
+function inflateSync(var strm: z_stream): Integer;
+function inflateCopy(var dest, source: z_stream): Integer;
+function inflateReset(var strm: z_stream): Integer;
+function inflateReset2(var strm: z_stream; windowBits: Integer): Integer;
+function inflatePrime(var strm: z_stream; bits, value: Integer): Integer;
+function inflateMark(var strm: z_stream): LongInt;
+function inflateGetHeader(var strm: z_stream; var head: gz_header): Integer;
+function inflateBackInit(var strm: z_stream;
+                         windowBits: Integer; window: PChar): Integer;
+function inflateBack(var strm: z_stream; in_fn: in_func; in_desc: Pointer;
+                     out_fn: out_func; out_desc: Pointer): Integer;
+function inflateBackEnd(var strm: z_stream): Integer;
+function zlibCompileFlags: LongInt;
+
+(* utility functions *)
+function compress(dest: PChar; var destLen: LongInt;
+                  const source: PChar; sourceLen: LongInt): Integer;
+function compress2(dest: PChar; var destLen: LongInt;
+                  const source: PChar; sourceLen: LongInt;
+                  level: Integer): Integer;
+function compressBound(sourceLen: LongInt): LongInt;
+function uncompress(dest: PChar; var destLen: LongInt;
+                    const source: PChar; sourceLen: LongInt): Integer;
+
+(* checksum functions *)
+function adler32(adler: LongInt; const buf: PChar; len: Integer): LongInt;
+function adler32_combine(adler1, adler2, len2: LongInt): LongInt;
+function crc32(crc: LongInt; const buf: PChar; len: Integer): LongInt;
+function crc32_combine(crc1, crc2, len2: LongInt): LongInt;
+
+(* various hacks, don't look :) *)
+function deflateInit_(var strm: z_stream; level: Integer;
+                      const version: PChar; stream_size: Integer): Integer;
+function inflateInit_(var strm: z_stream; const version: PChar;
+                      stream_size: Integer): Integer;
+function deflateInit2_(var strm: z_stream;
+                       level, method, windowBits, memLevel, strategy: Integer;
+                       const version: PChar; stream_size: Integer): Integer;
+function inflateInit2_(var strm: z_stream; windowBits: Integer;
+                       const version: PChar; stream_size: Integer): Integer;
+function inflateBackInit_(var strm: z_stream;
+                          windowBits: Integer; window: PChar;
+                          const version: PChar; stream_size: Integer): Integer;
+
+
+implementation
+
+{$L adler32.obj}
+{$L compress.obj}
+{$L crc32.obj}
+{$L deflate.obj}
+{$L infback.obj}
+{$L inffast.obj}
+{$L inflate.obj}
+{$L inftrees.obj}
+{$L trees.obj}
+{$L uncompr.obj}
+{$L zutil.obj}
+
+function adler32; external;
+function adler32_combine; external;
+function compress; external;
+function compress2; external;
+function compressBound; external;
+function crc32; external;
+function crc32_combine; external;
+function deflate; external;
+function deflateBound; external;
+function deflateCopy; external;
+function deflateEnd; external;
+function deflateInit_; external;
+function deflateInit2_; external;
+function deflateParams; external;
+function deflatePending; external;
+function deflatePrime; external;
+function deflateReset; external;
+function deflateSetDictionary; external;
+function deflateSetHeader; external;
+function deflateTune; external;
+function inflate; external;
+function inflateBack; external;
+function inflateBackEnd; external;
+function inflateBackInit_; external;
+function inflateCopy; external;
+function inflateEnd; external;
+function inflateGetHeader; external;
+function inflateInit_; external;
+function inflateInit2_; external;
+function inflateMark; external;
+function inflatePrime; external;
+function inflateReset; external;
+function inflateReset2; external;
+function inflateSetDictionary; external;
+function inflateSync; external;
+function uncompress; external;
+function zlibCompileFlags; external;
+function zlibVersion; external;
+
+function deflateInit(var strm: z_stream; level: Integer): Integer;
+begin
+  Result := deflateInit_(strm, level, ZLIB_VERSION, sizeof(z_stream));
+end;
+
+function deflateInit2(var strm: z_stream; level, method, windowBits, memLevel,
+                      strategy: Integer): Integer;
+begin
+  Result := deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+                          ZLIB_VERSION, sizeof(z_stream));
+end;
+
+function inflateInit(var strm: z_stream): Integer;
+begin
+  Result := inflateInit_(strm, ZLIB_VERSION, sizeof(z_stream));
+end;
+
+function inflateInit2(var strm: z_stream; windowBits: Integer): Integer;
+begin
+  Result := inflateInit2_(strm, windowBits, ZLIB_VERSION, sizeof(z_stream));
+end;
+
+function inflateBackInit(var strm: z_stream;
+                         windowBits: Integer; window: PChar): Integer;
+begin
+  Result := inflateBackInit_(strm, windowBits, window,
+                             ZLIB_VERSION, sizeof(z_stream));
+end;
+
+function _malloc(Size: Integer): Pointer; cdecl;
+begin
+  GetMem(Result, Size);
+end;
+
+procedure _free(Block: Pointer); cdecl;
+begin
+  FreeMem(Block);
+end;
+
+procedure _memset(P: Pointer; B: Byte; count: Integer); cdecl;
+begin
+  FillChar(P^, count, B);
+end;
+
+procedure _memcpy(dest, source: Pointer; count: Integer); cdecl;
+begin
+  Move(source^, dest^, count);
+end;
+
+end.
diff --git a/zlib-1.3.1/contrib/puff/Makefile b/zlib-1.3.1/contrib/puff/Makefile
new file mode 100644
index 00000000..0e2594c8
--- /dev/null
+++ b/zlib-1.3.1/contrib/puff/Makefile
@@ -0,0 +1,42 @@
+CFLAGS=-O
+
+puff: puff.o pufftest.o
+
+puff.o: puff.h
+
+pufftest.o: puff.h
+
+test: puff
+	puff zeros.raw
+
+puft: puff.c puff.h pufftest.o
+	cc -fprofile-arcs -ftest-coverage -o puft puff.c pufftest.o
+
+# puff full coverage test (should say 100%)
+cov: puft
+	@rm -f *.gcov *.gcda
+	@puft -w zeros.raw 2>&1 | cat > /dev/null
+	@echo '04' | xxd -r -p | puft 2> /dev/null || test $$? -eq 2
+	@echo '00' | xxd -r -p | puft 2> /dev/null || test $$? -eq 2
+	@echo '00 00 00 00 00' | xxd -r -p | puft 2> /dev/null || test $$? -eq 254
+	@echo '00 01 00 fe ff' | xxd -r -p | puft 2> /dev/null || test $$? -eq 2
+	@echo '01 01 00 fe ff 0a' | xxd -r -p | puft -f 2>&1 | cat > /dev/null
+	@echo '02 7e ff ff' | xxd -r -p | puft 2> /dev/null || test $$? -eq 246
+	@echo '02' | xxd -r -p | puft 2> /dev/null || test $$? -eq 2
+	@echo '04 80 49 92 24 49 92 24 0f b4 ff ff c3 04' | xxd -r -p | puft 2> /dev/null || test $$? -eq 2
+	@echo '04 80 49 92 24 49 92 24 71 ff ff 93 11 00' | xxd -r -p | puft 2> /dev/null || test $$? -eq 249
+	@echo '04 c0 81 08 00 00 00 00 20 7f eb 0b 00 00' | xxd -r -p | puft 2> /dev/null || test $$? -eq 246
+	@echo '0b 00 00' | xxd -r -p | puft -f 2>&1 | cat > /dev/null
+	@echo '1a 07' | xxd -r -p | puft 2> /dev/null || test $$? -eq 246
+	@echo '0c c0 81 00 00 00 00 00 90 ff 6b 04' | xxd -r -p | puft 2> /dev/null || test $$? -eq 245
+	@puft -f zeros.raw 2>&1 | cat > /dev/null
+	@echo 'fc 00 00' | xxd -r -p | puft 2> /dev/null || test $$? -eq 253
+	@echo '04 00 fe ff' | xxd -r -p | puft 2> /dev/null || test $$? -eq 252
+	@echo '04 00 24 49' | xxd -r -p | puft 2> /dev/null || test $$? -eq 251
+	@echo '04 80 49 92 24 49 92 24 0f b4 ff ff c3 84' | xxd -r -p | puft 2> /dev/null || test $$? -eq 248
+	@echo '04 00 24 e9 ff ff' | xxd -r -p | puft 2> /dev/null || test $$? -eq 250
+	@echo '04 00 24 e9 ff 6d' | xxd -r -p | puft 2> /dev/null || test $$? -eq 247
+	@gcov -n puff.c
+
+clean:
+	rm -f puff puft *.o *.gc*
diff --git a/zlib-1.3.1/contrib/puff/README b/zlib-1.3.1/contrib/puff/README
new file mode 100644
index 00000000..d8192c78
--- /dev/null
+++ b/zlib-1.3.1/contrib/puff/README
@@ -0,0 +1,63 @@
+Puff -- A Simple Inflate
+3 Mar 2003
+Mark Adler
+madler@alumni.caltech.edu
+
+What this is --
+
+puff.c provides the routine puff() to decompress the deflate data format.  It
+does so more slowly than zlib, but the code is about one-fifth the size of the
+inflate code in zlib, and written to be very easy to read.
+
+Why I wrote this --
+
+puff.c was written to document the deflate format unambiguously, by virtue of
+being working C code.  It is meant to supplement RFC 1951, which formally
+describes the deflate format.  I have received many questions on details of the
+deflate format, and I hope that reading this code will answer those questions.
+puff.c is heavily commented with details of the deflate format, especially
+those little nooks and cranies of the format that might not be obvious from a
+specification.
+
+puff.c may also be useful in applications where code size or memory usage is a
+very limited resource, and speed is not as important.
+
+How to use it --
+
+Well, most likely you should just be reading puff.c and using zlib for actual
+applications, but if you must ...
+
+Include puff.h in your code, which provides this prototype:
+
+int puff(unsigned char *dest,           /* pointer to destination pointer */
+         unsigned long *destlen,        /* amount of output space */
+         unsigned char *source,         /* pointer to source data pointer */
+         unsigned long *sourcelen);     /* amount of input available */
+
+Then you can call puff() to decompress a deflate stream that is in memory in
+its entirety at source, to a sufficiently sized block of memory for the
+decompressed data at dest.  puff() is the only external symbol in puff.c  The
+only C library functions that puff.c needs are setjmp() and longjmp(), which
+are used to simplify error checking in the code to improve readability.  puff.c
+does no memory allocation, and uses less than 2K bytes off of the stack.
+
+If destlen is not enough space for the uncompressed data, then inflate will
+return an error without writing more than destlen bytes.  Note that this means
+that in order to decompress the deflate data successfully, you need to know
+the size of the uncompressed data ahead of time.
+
+If needed, puff() can determine the size of the uncompressed data with no
+output space.  This is done by passing dest equal to (unsigned char *)0.  Then
+the initial value of *destlen is ignored and *destlen is set to the length of
+the uncompressed data.  So if the size of the uncompressed data is not known,
+then two passes of puff() can be used--first to determine the size, and second
+to do the actual inflation after allocating the appropriate memory.  Not
+pretty, but it works.  (This is one of the reasons you should be using zlib.)
+
+The deflate format is self-terminating.  If the deflate stream does not end
+in *sourcelen bytes, puff() will return an error without reading at or past
+endsource.
+
+On return, *sourcelen is updated to the amount of input data consumed, and
+*destlen is updated to the size of the uncompressed data.  See the comments
+in puff.c for the possible return codes for puff().
diff --git a/zlib-1.3.1/contrib/puff/puff.c b/zlib-1.3.1/contrib/puff/puff.c
new file mode 100644
index 00000000..d759825a
--- /dev/null
+++ b/zlib-1.3.1/contrib/puff/puff.c
@@ -0,0 +1,840 @@
+/*
+ * puff.c
+ * Copyright (C) 2002-2013 Mark Adler
+ * For conditions of distribution and use, see copyright notice in puff.h
+ * version 2.3, 21 Jan 2013
+ *
+ * puff.c is a simple inflate written to be an unambiguous way to specify the
+ * deflate format.  It is not written for speed but rather simplicity.  As a
+ * side benefit, this code might actually be useful when small code is more
+ * important than speed, such as bootstrap applications.  For typical deflate
+ * data, zlib's inflate() is about four times as fast as puff().  zlib's
+ * inflate compiles to around 20K on my machine, whereas puff.c compiles to
+ * around 4K on my machine (a PowerPC using GNU cc).  If the faster decode()
+ * function here is used, then puff() is only twice as slow as zlib's
+ * inflate().
+ *
+ * All dynamically allocated memory comes from the stack.  The stack required
+ * is less than 2K bytes.  This code is compatible with 16-bit int's and
+ * assumes that long's are at least 32 bits.  puff.c uses the short data type,
+ * assumed to be 16 bits, for arrays in order to conserve memory.  The code
+ * works whether integers are stored big endian or little endian.
+ *
+ * In the comments below are "Format notes" that describe the inflate process
+ * and document some of the less obvious aspects of the format.  This source
+ * code is meant to supplement RFC 1951, which formally describes the deflate
+ * format:
+ *
+ *    http://www.zlib.org/rfc-deflate.html
+ */
+
+/*
+ * Change history:
+ *
+ * 1.0  10 Feb 2002     - First version
+ * 1.1  17 Feb 2002     - Clarifications of some comments and notes
+ *                      - Update puff() dest and source pointers on negative
+ *                        errors to facilitate debugging deflators
+ *                      - Remove longest from struct huffman -- not needed
+ *                      - Simplify offs[] index in construct()
+ *                      - Add input size and checking, using longjmp() to
+ *                        maintain easy readability
+ *                      - Use short data type for large arrays
+ *                      - Use pointers instead of long to specify source and
+ *                        destination sizes to avoid arbitrary 4 GB limits
+ * 1.2  17 Mar 2002     - Add faster version of decode(), doubles speed (!),
+ *                        but leave simple version for readability
+ *                      - Make sure invalid distances detected if pointers
+ *                        are 16 bits
+ *                      - Fix fixed codes table error
+ *                      - Provide a scanning mode for determining size of
+ *                        uncompressed data
+ * 1.3  20 Mar 2002     - Go back to lengths for puff() parameters [Gailly]
+ *                      - Add a puff.h file for the interface
+ *                      - Add braces in puff() for else do [Gailly]
+ *                      - Use indexes instead of pointers for readability
+ * 1.4  31 Mar 2002     - Simplify construct() code set check
+ *                      - Fix some comments
+ *                      - Add FIXLCODES #define
+ * 1.5   6 Apr 2002     - Minor comment fixes
+ * 1.6   7 Aug 2002     - Minor format changes
+ * 1.7   3 Mar 2003     - Added test code for distribution
+ *                      - Added zlib-like license
+ * 1.8   9 Jan 2004     - Added some comments on no distance codes case
+ * 1.9  21 Feb 2008     - Fix bug on 16-bit integer architectures [Pohland]
+ *                      - Catch missing end-of-block symbol error
+ * 2.0  25 Jul 2008     - Add #define to permit distance too far back
+ *                      - Add option in TEST code for puff to write the data
+ *                      - Add option in TEST code to skip input bytes
+ *                      - Allow TEST code to read from piped stdin
+ * 2.1   4 Apr 2010     - Avoid variable initialization for happier compilers
+ *                      - Avoid unsigned comparisons for even happier compilers
+ * 2.2  25 Apr 2010     - Fix bug in variable initializations [Oberhumer]
+ *                      - Add const where appropriate [Oberhumer]
+ *                      - Split if's and ?'s for coverage testing
+ *                      - Break out test code to separate file
+ *                      - Move NIL to puff.h
+ *                      - Allow incomplete code only if single code length is 1
+ *                      - Add full code coverage test to Makefile
+ * 2.3  21 Jan 2013     - Check for invalid code length codes in dynamic blocks
+ */
+
+#include <setjmp.h>             /* for setjmp(), longjmp(), and jmp_buf */
+#include "puff.h"               /* prototype for puff() */
+
+#define local static            /* for local function definitions */
+
+/*
+ * Maximums for allocations and loops.  It is not useful to change these --
+ * they are fixed by the deflate format.
+ */
+#define MAXBITS 15              /* maximum bits in a code */
+#define MAXLCODES 286           /* maximum number of literal/length codes */
+#define MAXDCODES 30            /* maximum number of distance codes */
+#define MAXCODES (MAXLCODES+MAXDCODES)  /* maximum codes lengths to read */
+#define FIXLCODES 288           /* number of fixed literal/length codes */
+
+/* input and output state */
+struct state {
+    /* output state */
+    unsigned char *out;         /* output buffer */
+    unsigned long outlen;       /* available space at out */
+    unsigned long outcnt;       /* bytes written to out so far */
+
+    /* input state */
+    const unsigned char *in;    /* input buffer */
+    unsigned long inlen;        /* available input at in */
+    unsigned long incnt;        /* bytes read so far */
+    int bitbuf;                 /* bit buffer */
+    int bitcnt;                 /* number of bits in bit buffer */
+
+    /* input limit error return state for bits() and decode() */
+    jmp_buf env;
+};
+
+/*
+ * Return need bits from the input stream.  This always leaves less than
+ * eight bits in the buffer.  bits() works properly for need == 0.
+ *
+ * Format notes:
+ *
+ * - Bits are stored in bytes from the least significant bit to the most
+ *   significant bit.  Therefore bits are dropped from the bottom of the bit
+ *   buffer, using shift right, and new bytes are appended to the top of the
+ *   bit buffer, using shift left.
+ */
+local int bits(struct state *s, int need)
+{
+    long val;           /* bit accumulator (can use up to 20 bits) */
+
+    /* load at least need bits into val */
+    val = s->bitbuf;
+    while (s->bitcnt < need) {
+        if (s->incnt == s->inlen)
+            longjmp(s->env, 1);         /* out of input */
+        val |= (long)(s->in[s->incnt++]) << s->bitcnt;  /* load eight bits */
+        s->bitcnt += 8;
+    }
+
+    /* drop need bits and update buffer, always zero to seven bits left */
+    s->bitbuf = (int)(val >> need);
+    s->bitcnt -= need;
+
+    /* return need bits, zeroing the bits above that */
+    return (int)(val & ((1L << need) - 1));
+}
+
+/*
+ * Process a stored block.
+ *
+ * Format notes:
+ *
+ * - After the two-bit stored block type (00), the stored block length and
+ *   stored bytes are byte-aligned for fast copying.  Therefore any leftover
+ *   bits in the byte that has the last bit of the type, as many as seven, are
+ *   discarded.  The value of the discarded bits are not defined and should not
+ *   be checked against any expectation.
+ *
+ * - The second inverted copy of the stored block length does not have to be
+ *   checked, but it's probably a good idea to do so anyway.
+ *
+ * - A stored block can have zero length.  This is sometimes used to byte-align
+ *   subsets of the compressed data for random access or partial recovery.
+ */
+local int stored(struct state *s)
+{
+    unsigned len;       /* length of stored block */
+
+    /* discard leftover bits from current byte (assumes s->bitcnt < 8) */
+    s->bitbuf = 0;
+    s->bitcnt = 0;
+
+    /* get length and check against its one's complement */
+    if (s->incnt + 4 > s->inlen)
+        return 2;                               /* not enough input */
+    len = s->in[s->incnt++];
+    len |= s->in[s->incnt++] << 8;
+    if (s->in[s->incnt++] != (~len & 0xff) ||
+        s->in[s->incnt++] != ((~len >> 8) & 0xff))
+        return -2;                              /* didn't match complement! */
+
+    /* copy len bytes from in to out */
+    if (s->incnt + len > s->inlen)
+        return 2;                               /* not enough input */
+    if (s->out != NIL) {
+        if (s->outcnt + len > s->outlen)
+            return 1;                           /* not enough output space */
+        while (len--)
+            s->out[s->outcnt++] = s->in[s->incnt++];
+    }
+    else {                                      /* just scanning */
+        s->outcnt += len;
+        s->incnt += len;
+    }
+
+    /* done with a valid stored block */
+    return 0;
+}
+
+/*
+ * Huffman code decoding tables.  count[1..MAXBITS] is the number of symbols of
+ * each length, which for a canonical code are stepped through in order.
+ * symbol[] are the symbol values in canonical order, where the number of
+ * entries is the sum of the counts in count[].  The decoding process can be
+ * seen in the function decode() below.
+ */
+struct huffman {
+    short *count;       /* number of symbols of each length */
+    short *symbol;      /* canonically ordered symbols */
+};
+
+/*
+ * Decode a code from the stream s using huffman table h.  Return the symbol or
+ * a negative value if there is an error.  If all of the lengths are zero, i.e.
+ * an empty code, or if the code is incomplete and an invalid code is received,
+ * then -10 is returned after reading MAXBITS bits.
+ *
+ * Format notes:
+ *
+ * - The codes as stored in the compressed data are bit-reversed relative to
+ *   a simple integer ordering of codes of the same lengths.  Hence below the
+ *   bits are pulled from the compressed data one at a time and used to
+ *   build the code value reversed from what is in the stream in order to
+ *   permit simple integer comparisons for decoding.  A table-based decoding
+ *   scheme (as used in zlib) does not need to do this reversal.
+ *
+ * - The first code for the shortest length is all zeros.  Subsequent codes of
+ *   the same length are simply integer increments of the previous code.  When
+ *   moving up a length, a zero bit is appended to the code.  For a complete
+ *   code, the last code of the longest length will be all ones.
+ *
+ * - Incomplete codes are handled by this decoder, since they are permitted
+ *   in the deflate format.  See the format notes for fixed() and dynamic().
+ */
+#ifdef SLOW
+local int decode(struct state *s, const struct huffman *h)
+{
+    int len;            /* current number of bits in code */
+    int code;           /* len bits being decoded */
+    int first;          /* first code of length len */
+    int count;          /* number of codes of length len */
+    int index;          /* index of first code of length len in symbol table */
+
+    code = first = index = 0;
+    for (len = 1; len <= MAXBITS; len++) {
+        code |= bits(s, 1);             /* get next bit */
+        count = h->count[len];
+        if (code - count < first)       /* if length len, return symbol */
+            return h->symbol[index + (code - first)];
+        index += count;                 /* else update for next length */
+        first += count;
+        first <<= 1;
+        code <<= 1;
+    }
+    return -10;                         /* ran out of codes */
+}
+
+/*
+ * A faster version of decode() for real applications of this code.   It's not
+ * as readable, but it makes puff() twice as fast.  And it only makes the code
+ * a few percent larger.
+ */
+#else /* !SLOW */
+local int decode(struct state *s, const struct huffman *h)
+{
+    int len;            /* current number of bits in code */
+    int code;           /* len bits being decoded */
+    int first;          /* first code of length len */
+    int count;          /* number of codes of length len */
+    int index;          /* index of first code of length len in symbol table */
+    int bitbuf;         /* bits from stream */
+    int left;           /* bits left in next or left to process */
+    short *next;        /* next number of codes */
+
+    bitbuf = s->bitbuf;
+    left = s->bitcnt;
+    code = first = index = 0;
+    len = 1;
+    next = h->count + 1;
+    while (1) {
+        while (left--) {
+            code |= bitbuf & 1;
+            bitbuf >>= 1;
+            count = *next++;
+            if (code - count < first) { /* if length len, return symbol */
+                s->bitbuf = bitbuf;
+                s->bitcnt = (s->bitcnt - len) & 7;
+                return h->symbol[index + (code - first)];
+            }
+            index += count;             /* else update for next length */
+            first += count;
+            first <<= 1;
+            code <<= 1;
+            len++;
+        }
+        left = (MAXBITS+1) - len;
+        if (left == 0)
+            break;
+        if (s->incnt == s->inlen)
+            longjmp(s->env, 1);         /* out of input */
+        bitbuf = s->in[s->incnt++];
+        if (left > 8)
+            left = 8;
+    }
+    return -10;                         /* ran out of codes */
+}
+#endif /* SLOW */
+
+/*
+ * Given the list of code lengths length[0..n-1] representing a canonical
+ * Huffman code for n symbols, construct the tables required to decode those
+ * codes.  Those tables are the number of codes of each length, and the symbols
+ * sorted by length, retaining their original order within each length.  The
+ * return value is zero for a complete code set, negative for an over-
+ * subscribed code set, and positive for an incomplete code set.  The tables
+ * can be used if the return value is zero or positive, but they cannot be used
+ * if the return value is negative.  If the return value is zero, it is not
+ * possible for decode() using that table to return an error--any stream of
+ * enough bits will resolve to a symbol.  If the return value is positive, then
+ * it is possible for decode() using that table to return an error for received
+ * codes past the end of the incomplete lengths.
+ *
+ * Not used by decode(), but used for error checking, h->count[0] is the number
+ * of the n symbols not in the code.  So n - h->count[0] is the number of
+ * codes.  This is useful for checking for incomplete codes that have more than
+ * one symbol, which is an error in a dynamic block.
+ *
+ * Assumption: for all i in 0..n-1, 0 <= length[i] <= MAXBITS
+ * This is assured by the construction of the length arrays in dynamic() and
+ * fixed() and is not verified by construct().
+ *
+ * Format notes:
+ *
+ * - Permitted and expected examples of incomplete codes are one of the fixed
+ *   codes and any code with a single symbol which in deflate is coded as one
+ *   bit instead of zero bits.  See the format notes for fixed() and dynamic().
+ *
+ * - Within a given code length, the symbols are kept in ascending order for
+ *   the code bits definition.
+ */
+local int construct(struct huffman *h, const short *length, int n)
+{
+    int symbol;         /* current symbol when stepping through length[] */
+    int len;            /* current length when stepping through h->count[] */
+    int left;           /* number of possible codes left of current length */
+    short offs[MAXBITS+1];      /* offsets in symbol table for each length */
+
+    /* count number of codes of each length */
+    for (len = 0; len <= MAXBITS; len++)
+        h->count[len] = 0;
+    for (symbol = 0; symbol < n; symbol++)
+        (h->count[length[symbol]])++;   /* assumes lengths are within bounds */
+    if (h->count[0] == n)               /* no codes! */
+        return 0;                       /* complete, but decode() will fail */
+
+    /* check for an over-subscribed or incomplete set of lengths */
+    left = 1;                           /* one possible code of zero length */
+    for (len = 1; len <= MAXBITS; len++) {
+        left <<= 1;                     /* one more bit, double codes left */
+        left -= h->count[len];          /* deduct count from possible codes */
+        if (left < 0)
+            return left;                /* over-subscribed--return negative */
+    }                                   /* left > 0 means incomplete */
+
+    /* generate offsets into symbol table for each length for sorting */
+    offs[1] = 0;
+    for (len = 1; len < MAXBITS; len++)
+        offs[len + 1] = offs[len] + h->count[len];
+
+    /*
+     * put symbols in table sorted by length, by symbol order within each
+     * length
+     */
+    for (symbol = 0; symbol < n; symbol++)
+        if (length[symbol] != 0)
+            h->symbol[offs[length[symbol]]++] = symbol;
+
+    /* return zero for complete set, positive for incomplete set */
+    return left;
+}
+
+/*
+ * Decode literal/length and distance codes until an end-of-block code.
+ *
+ * Format notes:
+ *
+ * - Compressed data that is after the block type if fixed or after the code
+ *   description if dynamic is a combination of literals and length/distance
+ *   pairs terminated by and end-of-block code.  Literals are simply Huffman
+ *   coded bytes.  A length/distance pair is a coded length followed by a
+ *   coded distance to represent a string that occurs earlier in the
+ *   uncompressed data that occurs again at the current location.
+ *
+ * - Literals, lengths, and the end-of-block code are combined into a single
+ *   code of up to 286 symbols.  They are 256 literals (0..255), 29 length
+ *   symbols (257..285), and the end-of-block symbol (256).
+ *
+ * - There are 256 possible lengths (3..258), and so 29 symbols are not enough
+ *   to represent all of those.  Lengths 3..10 and 258 are in fact represented
+ *   by just a length symbol.  Lengths 11..257 are represented as a symbol and
+ *   some number of extra bits that are added as an integer to the base length
+ *   of the length symbol.  The number of extra bits is determined by the base
+ *   length symbol.  These are in the static arrays below, lens[] for the base
+ *   lengths and lext[] for the corresponding number of extra bits.
+ *
+ * - The reason that 258 gets its own symbol is that the longest length is used
+ *   often in highly redundant files.  Note that 258 can also be coded as the
+ *   base value 227 plus the maximum extra value of 31.  While a good deflate
+ *   should never do this, it is not an error, and should be decoded properly.
+ *
+ * - If a length is decoded, including its extra bits if any, then it is
+ *   followed a distance code.  There are up to 30 distance symbols.  Again
+ *   there are many more possible distances (1..32768), so extra bits are added
+ *   to a base value represented by the symbol.  The distances 1..4 get their
+ *   own symbol, but the rest require extra bits.  The base distances and
+ *   corresponding number of extra bits are below in the static arrays dist[]
+ *   and dext[].
+ *
+ * - Literal bytes are simply written to the output.  A length/distance pair is
+ *   an instruction to copy previously uncompressed bytes to the output.  The
+ *   copy is from distance bytes back in the output stream, copying for length
+ *   bytes.
+ *
+ * - Distances pointing before the beginning of the output data are not
+ *   permitted.
+ *
+ * - Overlapped copies, where the length is greater than the distance, are
+ *   allowed and common.  For example, a distance of one and a length of 258
+ *   simply copies the last byte 258 times.  A distance of four and a length of
+ *   twelve copies the last four bytes three times.  A simple forward copy
+ *   ignoring whether the length is greater than the distance or not implements
+ *   this correctly.  You should not use memcpy() since its behavior is not
+ *   defined for overlapped arrays.  You should not use memmove() or bcopy()
+ *   since though their behavior -is- defined for overlapping arrays, it is
+ *   defined to do the wrong thing in this case.
+ */
+local int codes(struct state *s,
+                const struct huffman *lencode,
+                const struct huffman *distcode)
+{
+    int symbol;         /* decoded symbol */
+    int len;            /* length for copy */
+    unsigned dist;      /* distance for copy */
+    static const short lens[29] = { /* Size base for length codes 257..285 */
+        3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
+        35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258};
+    static const short lext[29] = { /* Extra bits for length codes 257..285 */
+        0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2,
+        3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0};
+    static const short dists[30] = { /* Offset base for distance codes 0..29 */
+        1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
+        257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
+        8193, 12289, 16385, 24577};
+    static const short dext[30] = { /* Extra bits for distance codes 0..29 */
+        0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6,
+        7, 7, 8, 8, 9, 9, 10, 10, 11, 11,
+        12, 12, 13, 13};
+
+    /* decode literals and length/distance pairs */
+    do {
+        symbol = decode(s, lencode);
+        if (symbol < 0)
+            return symbol;              /* invalid symbol */
+        if (symbol < 256) {             /* literal: symbol is the byte */
+            /* write out the literal */
+            if (s->out != NIL) {
+                if (s->outcnt == s->outlen)
+                    return 1;
+                s->out[s->outcnt] = symbol;
+            }
+            s->outcnt++;
+        }
+        else if (symbol > 256) {        /* length */
+            /* get and compute length */
+            symbol -= 257;
+            if (symbol >= 29)
+                return -10;             /* invalid fixed code */
+            len = lens[symbol] + bits(s, lext[symbol]);
+
+            /* get and check distance */
+            symbol = decode(s, distcode);
+            if (symbol < 0)
+                return symbol;          /* invalid symbol */
+            dist = dists[symbol] + bits(s, dext[symbol]);
+#ifndef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+            if (dist > s->outcnt)
+                return -11;     /* distance too far back */
+#endif
+
+            /* copy length bytes from distance bytes back */
+            if (s->out != NIL) {
+                if (s->outcnt + len > s->outlen)
+                    return 1;
+                while (len--) {
+                    s->out[s->outcnt] =
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                        dist > s->outcnt ?
+                            0 :
+#endif
+                            s->out[s->outcnt - dist];
+                    s->outcnt++;
+                }
+            }
+            else
+                s->outcnt += len;
+        }
+    } while (symbol != 256);            /* end of block symbol */
+
+    /* done with a valid fixed or dynamic block */
+    return 0;
+}
+
+/*
+ * Process a fixed codes block.
+ *
+ * Format notes:
+ *
+ * - This block type can be useful for compressing small amounts of data for
+ *   which the size of the code descriptions in a dynamic block exceeds the
+ *   benefit of custom codes for that block.  For fixed codes, no bits are
+ *   spent on code descriptions.  Instead the code lengths for literal/length
+ *   codes and distance codes are fixed.  The specific lengths for each symbol
+ *   can be seen in the "for" loops below.
+ *
+ * - The literal/length code is complete, but has two symbols that are invalid
+ *   and should result in an error if received.  This cannot be implemented
+ *   simply as an incomplete code since those two symbols are in the "middle"
+ *   of the code.  They are eight bits long and the longest literal/length\
+ *   code is nine bits.  Therefore the code must be constructed with those
+ *   symbols, and the invalid symbols must be detected after decoding.
+ *
+ * - The fixed distance codes also have two invalid symbols that should result
+ *   in an error if received.  Since all of the distance codes are the same
+ *   length, this can be implemented as an incomplete code.  Then the invalid
+ *   codes are detected while decoding.
+ */
+local int fixed(struct state *s)
+{
+    static int virgin = 1;
+    static short lencnt[MAXBITS+1], lensym[FIXLCODES];
+    static short distcnt[MAXBITS+1], distsym[MAXDCODES];
+    static struct huffman lencode, distcode;
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        int symbol;
+        short lengths[FIXLCODES];
+
+        /* construct lencode and distcode */
+        lencode.count = lencnt;
+        lencode.symbol = lensym;
+        distcode.count = distcnt;
+        distcode.symbol = distsym;
+
+        /* literal/length table */
+        for (symbol = 0; symbol < 144; symbol++)
+            lengths[symbol] = 8;
+        for (; symbol < 256; symbol++)
+            lengths[symbol] = 9;
+        for (; symbol < 280; symbol++)
+            lengths[symbol] = 7;
+        for (; symbol < FIXLCODES; symbol++)
+            lengths[symbol] = 8;
+        construct(&lencode, lengths, FIXLCODES);
+
+        /* distance table */
+        for (symbol = 0; symbol < MAXDCODES; symbol++)
+            lengths[symbol] = 5;
+        construct(&distcode, lengths, MAXDCODES);
+
+        /* do this just once */
+        virgin = 0;
+    }
+
+    /* decode data until end-of-block code */
+    return codes(s, &lencode, &distcode);
+}
+
+/*
+ * Process a dynamic codes block.
+ *
+ * Format notes:
+ *
+ * - A dynamic block starts with a description of the literal/length and
+ *   distance codes for that block.  New dynamic blocks allow the compressor to
+ *   rapidly adapt to changing data with new codes optimized for that data.
+ *
+ * - The codes used by the deflate format are "canonical", which means that
+ *   the actual bits of the codes are generated in an unambiguous way simply
+ *   from the number of bits in each code.  Therefore the code descriptions
+ *   are simply a list of code lengths for each symbol.
+ *
+ * - The code lengths are stored in order for the symbols, so lengths are
+ *   provided for each of the literal/length symbols, and for each of the
+ *   distance symbols.
+ *
+ * - If a symbol is not used in the block, this is represented by a zero as the
+ *   code length.  This does not mean a zero-length code, but rather that no
+ *   code should be created for this symbol.  There is no way in the deflate
+ *   format to represent a zero-length code.
+ *
+ * - The maximum number of bits in a code is 15, so the possible lengths for
+ *   any code are 1..15.
+ *
+ * - The fact that a length of zero is not permitted for a code has an
+ *   interesting consequence.  Normally if only one symbol is used for a given
+ *   code, then in fact that code could be represented with zero bits.  However
+ *   in deflate, that code has to be at least one bit.  So for example, if
+ *   only a single distance base symbol appears in a block, then it will be
+ *   represented by a single code of length one, in particular one 0 bit.  This
+ *   is an incomplete code, since if a 1 bit is received, it has no meaning,
+ *   and should result in an error.  So incomplete distance codes of one symbol
+ *   should be permitted, and the receipt of invalid codes should be handled.
+ *
+ * - It is also possible to have a single literal/length code, but that code
+ *   must be the end-of-block code, since every dynamic block has one.  This
+ *   is not the most efficient way to create an empty block (an empty fixed
+ *   block is fewer bits), but it is allowed by the format.  So incomplete
+ *   literal/length codes of one symbol should also be permitted.
+ *
+ * - If there are only literal codes and no lengths, then there are no distance
+ *   codes.  This is represented by one distance code with zero bits.
+ *
+ * - The list of up to 286 length/literal lengths and up to 30 distance lengths
+ *   are themselves compressed using Huffman codes and run-length encoding.  In
+ *   the list of code lengths, a 0 symbol means no code, a 1..15 symbol means
+ *   that length, and the symbols 16, 17, and 18 are run-length instructions.
+ *   Each of 16, 17, and 18 are followed by extra bits to define the length of
+ *   the run.  16 copies the last length 3 to 6 times.  17 represents 3 to 10
+ *   zero lengths, and 18 represents 11 to 138 zero lengths.  Unused symbols
+ *   are common, hence the special coding for zero lengths.
+ *
+ * - The symbols for 0..18 are Huffman coded, and so that code must be
+ *   described first.  This is simply a sequence of up to 19 three-bit values
+ *   representing no code (0) or the code length for that symbol (1..7).
+ *
+ * - A dynamic block starts with three fixed-size counts from which is computed
+ *   the number of literal/length code lengths, the number of distance code
+ *   lengths, and the number of code length code lengths (ok, you come up with
+ *   a better name!) in the code descriptions.  For the literal/length and
+ *   distance codes, lengths after those provided are considered zero, i.e. no
+ *   code.  The code length code lengths are received in a permuted order (see
+ *   the order[] array below) to make a short code length code length list more
+ *   likely.  As it turns out, very short and very long codes are less likely
+ *   to be seen in a dynamic code description, hence what may appear initially
+ *   to be a peculiar ordering.
+ *
+ * - Given the number of literal/length code lengths (nlen) and distance code
+ *   lengths (ndist), then they are treated as one long list of nlen + ndist
+ *   code lengths.  Therefore run-length coding can and often does cross the
+ *   boundary between the two sets of lengths.
+ *
+ * - So to summarize, the code description at the start of a dynamic block is
+ *   three counts for the number of code lengths for the literal/length codes,
+ *   the distance codes, and the code length codes.  This is followed by the
+ *   code length code lengths, three bits each.  This is used to construct the
+ *   code length code which is used to read the remainder of the lengths.  Then
+ *   the literal/length code lengths and distance lengths are read as a single
+ *   set of lengths using the code length codes.  Codes are constructed from
+ *   the resulting two sets of lengths, and then finally you can start
+ *   decoding actual compressed data in the block.
+ *
+ * - For reference, a "typical" size for the code description in a dynamic
+ *   block is around 80 bytes.
+ */
+local int dynamic(struct state *s)
+{
+    int nlen, ndist, ncode;             /* number of lengths in descriptor */
+    int index;                          /* index of lengths[] */
+    int err;                            /* construct() return value */
+    short lengths[MAXCODES];            /* descriptor code lengths */
+    short lencnt[MAXBITS+1], lensym[MAXLCODES];         /* lencode memory */
+    short distcnt[MAXBITS+1], distsym[MAXDCODES];       /* distcode memory */
+    struct huffman lencode, distcode;   /* length and distance codes */
+    static const short order[19] =      /* permutation of code length codes */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    /* construct lencode and distcode */
+    lencode.count = lencnt;
+    lencode.symbol = lensym;
+    distcode.count = distcnt;
+    distcode.symbol = distsym;
+
+    /* get number of lengths in each table, check lengths */
+    nlen = bits(s, 5) + 257;
+    ndist = bits(s, 5) + 1;
+    ncode = bits(s, 4) + 4;
+    if (nlen > MAXLCODES || ndist > MAXDCODES)
+        return -3;                      /* bad counts */
+
+    /* read code length code lengths (really), missing lengths are zero */
+    for (index = 0; index < ncode; index++)
+        lengths[order[index]] = bits(s, 3);
+    for (; index < 19; index++)
+        lengths[order[index]] = 0;
+
+    /* build huffman table for code lengths codes (use lencode temporarily) */
+    err = construct(&lencode, lengths, 19);
+    if (err != 0)               /* require complete code set here */
+        return -4;
+
+    /* read length/literal and distance code length tables */
+    index = 0;
+    while (index < nlen + ndist) {
+        int symbol;             /* decoded value */
+        int len;                /* last length to repeat */
+
+        symbol = decode(s, &lencode);
+        if (symbol < 0)
+            return symbol;          /* invalid symbol */
+        if (symbol < 16)                /* length in 0..15 */
+            lengths[index++] = symbol;
+        else {                          /* repeat instruction */
+            len = 0;                    /* assume repeating zeros */
+            if (symbol == 16) {         /* repeat last length 3..6 times */
+                if (index == 0)
+                    return -5;          /* no last length! */
+                len = lengths[index - 1];       /* last length */
+                symbol = 3 + bits(s, 2);
+            }
+            else if (symbol == 17)      /* repeat zero 3..10 times */
+                symbol = 3 + bits(s, 3);
+            else                        /* == 18, repeat zero 11..138 times */
+                symbol = 11 + bits(s, 7);
+            if (index + symbol > nlen + ndist)
+                return -6;              /* too many lengths! */
+            while (symbol--)            /* repeat last or zero symbol times */
+                lengths[index++] = len;
+        }
+    }
+
+    /* check for end-of-block code -- there better be one! */
+    if (lengths[256] == 0)
+        return -9;
+
+    /* build huffman table for literal/length codes */
+    err = construct(&lencode, lengths, nlen);
+    if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1]))
+        return -7;      /* incomplete code ok only for single length 1 code */
+
+    /* build huffman table for distance codes */
+    err = construct(&distcode, lengths + nlen, ndist);
+    if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1]))
+        return -8;      /* incomplete code ok only for single length 1 code */
+
+    /* decode data until end-of-block code */
+    return codes(s, &lencode, &distcode);
+}
+
+/*
+ * Inflate source to dest.  On return, destlen and sourcelen are updated to the
+ * size of the uncompressed data and the size of the deflate data respectively.
+ * On success, the return value of puff() is zero.  If there is an error in the
+ * source data, i.e. it is not in the deflate format, then a negative value is
+ * returned.  If there is not enough input available or there is not enough
+ * output space, then a positive error is returned.  In that case, destlen and
+ * sourcelen are not updated to facilitate retrying from the beginning with the
+ * provision of more input data or more output space.  In the case of invalid
+ * inflate data (a negative error), the dest and source pointers are updated to
+ * facilitate the debugging of deflators.
+ *
+ * puff() also has a mode to determine the size of the uncompressed output with
+ * no output written.  For this dest must be (unsigned char *)0.  In this case,
+ * the input value of *destlen is ignored, and on return *destlen is set to the
+ * size of the uncompressed output.
+ *
+ * The return codes are:
+ *
+ *   2:  available inflate data did not terminate
+ *   1:  output space exhausted before completing inflate
+ *   0:  successful inflate
+ *  -1:  invalid block type (type == 3)
+ *  -2:  stored block length did not match one's complement
+ *  -3:  dynamic block code description: too many length or distance codes
+ *  -4:  dynamic block code description: code lengths codes incomplete
+ *  -5:  dynamic block code description: repeat lengths with no first length
+ *  -6:  dynamic block code description: repeat more than specified lengths
+ *  -7:  dynamic block code description: invalid literal/length code lengths
+ *  -8:  dynamic block code description: invalid distance code lengths
+ *  -9:  dynamic block code description: missing end-of-block code
+ * -10:  invalid literal/length or distance code in fixed or dynamic block
+ * -11:  distance is too far back in fixed or dynamic block
+ *
+ * Format notes:
+ *
+ * - Three bits are read for each block to determine the kind of block and
+ *   whether or not it is the last block.  Then the block is decoded and the
+ *   process repeated if it was not the last block.
+ *
+ * - The leftover bits in the last byte of the deflate data after the last
+ *   block (if it was a fixed or dynamic block) are undefined and have no
+ *   expected values to check.
+ */
+int puff(unsigned char *dest,           /* pointer to destination pointer */
+         unsigned long *destlen,        /* amount of output space */
+         const unsigned char *source,   /* pointer to source data pointer */
+         unsigned long *sourcelen)      /* amount of input available */
+{
+    struct state s;             /* input/output state */
+    int last, type;             /* block information */
+    int err;                    /* return value */
+
+    /* initialize output state */
+    s.out = dest;
+    s.outlen = *destlen;                /* ignored if dest is NIL */
+    s.outcnt = 0;
+
+    /* initialize input state */
+    s.in = source;
+    s.inlen = *sourcelen;
+    s.incnt = 0;
+    s.bitbuf = 0;
+    s.bitcnt = 0;
+
+    /* return if bits() or decode() tries to read past available input */
+    if (setjmp(s.env) != 0)             /* if came back here via longjmp() */
+        err = 2;                        /* then skip do-loop, return error */
+    else {
+        /* process blocks until last block or error */
+        do {
+            last = bits(&s, 1);         /* one if last block */
+            type = bits(&s, 2);         /* block type 0..3 */
+            err = type == 0 ?
+                    stored(&s) :
+                    (type == 1 ?
+                        fixed(&s) :
+                        (type == 2 ?
+                            dynamic(&s) :
+                            -1));       /* type == 3, invalid */
+            if (err != 0)
+                break;                  /* return with error */
+        } while (!last);
+    }
+
+    /* update the lengths and return */
+    if (err <= 0) {
+        *destlen = s.outcnt;
+        *sourcelen = s.incnt;
+    }
+    return err;
+}
diff --git a/zlib-1.3.1/contrib/puff/puff.h b/zlib-1.3.1/contrib/puff/puff.h
new file mode 100644
index 00000000..e23a2454
--- /dev/null
+++ b/zlib-1.3.1/contrib/puff/puff.h
@@ -0,0 +1,35 @@
+/* puff.h
+  Copyright (C) 2002-2013 Mark Adler, all rights reserved
+  version 2.3, 21 Jan 2013
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the author be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Mark Adler    madler@alumni.caltech.edu
+ */
+
+
+/*
+ * See puff.c for purpose and usage.
+ */
+#ifndef NIL
+#  define NIL ((unsigned char *)0)      /* for no output option */
+#endif
+
+int puff(unsigned char *dest,           /* pointer to destination pointer */
+         unsigned long *destlen,        /* amount of output space */
+         const unsigned char *source,   /* pointer to source data pointer */
+         unsigned long *sourcelen);     /* amount of input available */
diff --git a/zlib-1.3.1/contrib/puff/pufftest.c b/zlib-1.3.1/contrib/puff/pufftest.c
new file mode 100644
index 00000000..5f72ecc8
--- /dev/null
+++ b/zlib-1.3.1/contrib/puff/pufftest.c
@@ -0,0 +1,165 @@
+/*
+ * pufftest.c
+ * Copyright (C) 2002-2013 Mark Adler
+ * For conditions of distribution and use, see copyright notice in puff.h
+ * version 2.3, 21 Jan 2013
+ */
+
+/* Example of how to use puff().
+
+   Usage: puff [-w] [-f] [-nnn] file
+          ... | puff [-w] [-f] [-nnn]
+
+   where file is the input file with deflate data, nnn is the number of bytes
+   of input to skip before inflating (e.g. to skip a zlib or gzip header), and
+   -w is used to write the decompressed data to stdout.  -f is for coverage
+   testing, and causes pufftest to fail with not enough output space (-f does
+   a write like -w, so -w is not required). */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "puff.h"
+
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include <fcntl.h>
+#  include <io.h>
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+
+#define local static
+
+/* Return size times approximately the cube root of 2, keeping the result as 1,
+   3, or 5 times a power of 2 -- the result is always > size, until the result
+   is the maximum value of an unsigned long, where it remains.  This is useful
+   to keep reallocations less than ~33% over the actual data. */
+local size_t bythirds(size_t size)
+{
+    int n;
+    size_t m;
+
+    m = size;
+    for (n = 0; m; n++)
+        m >>= 1;
+    if (n < 3)
+        return size + 1;
+    n -= 3;
+    m = size >> n;
+    m += m == 6 ? 2 : 1;
+    m <<= n;
+    return m > size ? m : (size_t)(-1);
+}
+
+/* Read the input file *name, or stdin if name is NULL, into allocated memory.
+   Reallocate to larger buffers until the entire file is read in.  Return a
+   pointer to the allocated data, or NULL if there was a memory allocation
+   failure.  *len is the number of bytes of data read from the input file (even
+   if load() returns NULL).  If the input file was empty or could not be opened
+   or read, *len is zero. */
+local void *load(const char *name, size_t *len)
+{
+    size_t size;
+    void *buf, *swap;
+    FILE *in;
+
+    *len = 0;
+    buf = malloc(size = 4096);
+    if (buf == NULL)
+        return NULL;
+    in = name == NULL ? stdin : fopen(name, "rb");
+    if (in != NULL) {
+        for (;;) {
+            *len += fread((char *)buf + *len, 1, size - *len, in);
+            if (*len < size) break;
+            size = bythirds(size);
+            if (size == *len || (swap = realloc(buf, size)) == NULL) {
+                free(buf);
+                buf = NULL;
+                break;
+            }
+            buf = swap;
+        }
+        fclose(in);
+    }
+    return buf;
+}
+
+int main(int argc, char **argv)
+{
+    int ret, put = 0, fail = 0;
+    unsigned skip = 0;
+    char *arg, *name = NULL;
+    unsigned char *source = NULL, *dest;
+    size_t len = 0;
+    unsigned long sourcelen, destlen;
+
+    /* process arguments */
+    while (arg = *++argv, --argc)
+        if (arg[0] == '-') {
+            if (arg[1] == 'w' && arg[2] == 0)
+                put = 1;
+            else if (arg[1] == 'f' && arg[2] == 0)
+                fail = 1, put = 1;
+            else if (arg[1] >= '0' && arg[1] <= '9')
+                skip = (unsigned)atoi(arg + 1);
+            else {
+                fprintf(stderr, "invalid option %s\n", arg);
+                return 3;
+            }
+        }
+        else if (name != NULL) {
+            fprintf(stderr, "only one file name allowed\n");
+            return 3;
+        }
+        else
+            name = arg;
+    source = load(name, &len);
+    if (source == NULL) {
+        fprintf(stderr, "memory allocation failure\n");
+        return 4;
+    }
+    if (len == 0) {
+        fprintf(stderr, "could not read %s, or it was empty\n",
+                name == NULL ? "<stdin>" : name);
+        free(source);
+        return 3;
+    }
+    if (skip >= len) {
+        fprintf(stderr, "skip request of %d leaves no input\n", skip);
+        free(source);
+        return 3;
+    }
+
+    /* test inflate data with offset skip */
+    len -= skip;
+    sourcelen = (unsigned long)len;
+    ret = puff(NIL, &destlen, source + skip, &sourcelen);
+    if (ret)
+        fprintf(stderr, "puff() failed with return code %d\n", ret);
+    else {
+        fprintf(stderr, "puff() succeeded uncompressing %lu bytes\n", destlen);
+        if (sourcelen < len) fprintf(stderr, "%lu compressed bytes unused\n",
+                                     len - sourcelen);
+    }
+
+    /* if requested, inflate again and write decompressed data to stdout */
+    if (put && ret == 0) {
+        if (fail)
+            destlen >>= 1;
+        dest = malloc(destlen);
+        if (dest == NULL) {
+            fprintf(stderr, "memory allocation failure\n");
+            free(source);
+            return 4;
+        }
+        puff(dest, &destlen, source + skip, &sourcelen);
+        SET_BINARY_MODE(stdout);
+        fwrite(dest, 1, destlen, stdout);
+        free(dest);
+    }
+
+    /* clean up */
+    free(source);
+    return ret;
+}
diff --git a/zlib-1.3.1/contrib/puff/zeros.raw b/zlib-1.3.1/contrib/puff/zeros.raw
new file mode 100644
index 00000000..0a90e76b
Binary files /dev/null and b/zlib-1.3.1/contrib/puff/zeros.raw differ
diff --git a/zlib-1.3.1/contrib/testzlib/testzlib.c b/zlib-1.3.1/contrib/testzlib/testzlib.c
new file mode 100644
index 00000000..b3c0014f
--- /dev/null
+++ b/zlib-1.3.1/contrib/testzlib/testzlib.c
@@ -0,0 +1,275 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <windows.h>
+
+#include "zlib.h"
+
+
+void MyDoMinus64(LARGE_INTEGER *R,LARGE_INTEGER A,LARGE_INTEGER B)
+{
+    R->HighPart = A.HighPart - B.HighPart;
+    if (A.LowPart >= B.LowPart)
+        R->LowPart = A.LowPart - B.LowPart;
+    else
+    {
+        R->LowPart = A.LowPart - B.LowPart;
+        R->HighPart --;
+    }
+}
+
+#ifdef _M_X64
+// see http://msdn2.microsoft.com/library/twchhe95(en-us,vs.80).aspx for __rdtsc
+unsigned __int64 __rdtsc(void);
+void BeginCountRdtsc(LARGE_INTEGER * pbeginTime64)
+{
+ //   printf("rdtsc = %I64x\n",__rdtsc());
+   pbeginTime64->QuadPart=__rdtsc();
+}
+
+LARGE_INTEGER GetResRdtsc(LARGE_INTEGER beginTime64,BOOL fComputeTimeQueryPerf)
+{
+    LARGE_INTEGER LIres;
+    unsigned _int64 res=__rdtsc()-((unsigned _int64)(beginTime64.QuadPart));
+    LIres.QuadPart=res;
+   // printf("rdtsc = %I64x\n",__rdtsc());
+    return LIres;
+}
+#else
+#ifdef _M_IX86
+void myGetRDTSC32(LARGE_INTEGER * pbeginTime64)
+{
+    DWORD dwEdx,dwEax;
+    _asm
+    {
+        rdtsc
+        mov dwEax,eax
+        mov dwEdx,edx
+    }
+    pbeginTime64->LowPart=dwEax;
+    pbeginTime64->HighPart=dwEdx;
+}
+
+void BeginCountRdtsc(LARGE_INTEGER * pbeginTime64)
+{
+    myGetRDTSC32(pbeginTime64);
+}
+
+LARGE_INTEGER GetResRdtsc(LARGE_INTEGER beginTime64,BOOL fComputeTimeQueryPerf)
+{
+    LARGE_INTEGER LIres,endTime64;
+    myGetRDTSC32(&endTime64);
+
+    LIres.LowPart=LIres.HighPart=0;
+    MyDoMinus64(&LIres,endTime64,beginTime64);
+    return LIres;
+}
+#else
+void myGetRDTSC32(LARGE_INTEGER * pbeginTime64)
+{
+}
+
+void BeginCountRdtsc(LARGE_INTEGER * pbeginTime64)
+{
+}
+
+LARGE_INTEGER GetResRdtsc(LARGE_INTEGER beginTime64,BOOL fComputeTimeQueryPerf)
+{
+    LARGE_INTEGER lr;
+    lr.QuadPart=0;
+    return lr;
+}
+#endif
+#endif
+
+void BeginCountPerfCounter(LARGE_INTEGER * pbeginTime64,BOOL fComputeTimeQueryPerf)
+{
+    if ((!fComputeTimeQueryPerf) || (!QueryPerformanceCounter(pbeginTime64)))
+    {
+        pbeginTime64->LowPart = GetTickCount();
+        pbeginTime64->HighPart = 0;
+    }
+}
+
+DWORD GetMsecSincePerfCounter(LARGE_INTEGER beginTime64,BOOL fComputeTimeQueryPerf)
+{
+    LARGE_INTEGER endTime64,ticksPerSecond,ticks;
+    DWORDLONG ticksShifted,tickSecShifted;
+    DWORD dwLog=16+0;
+    DWORD dwRet;
+    if ((!fComputeTimeQueryPerf) || (!QueryPerformanceCounter(&endTime64)))
+        dwRet = (GetTickCount() - beginTime64.LowPart)*1;
+    else
+    {
+        MyDoMinus64(&ticks,endTime64,beginTime64);
+        QueryPerformanceFrequency(&ticksPerSecond);
+
+
+        {
+            ticksShifted = Int64ShrlMod32(*(DWORDLONG*)&ticks,dwLog);
+            tickSecShifted = Int64ShrlMod32(*(DWORDLONG*)&ticksPerSecond,dwLog);
+
+        }
+
+        dwRet = (DWORD)((((DWORD)ticksShifted)*1000)/(DWORD)(tickSecShifted));
+        dwRet *=1;
+    }
+    return dwRet;
+}
+
+int ReadFileMemory(const char* filename,long* plFileSize,unsigned char** pFilePtr)
+{
+    FILE* stream;
+    unsigned char* ptr;
+    int retVal=1;
+    stream=fopen(filename, "rb");
+    if (stream==NULL)
+        return 0;
+
+    fseek(stream,0,SEEK_END);
+
+    *plFileSize=ftell(stream);
+    fseek(stream,0,SEEK_SET);
+    ptr=malloc((*plFileSize)+1);
+    if (ptr==NULL)
+        retVal=0;
+    else
+    {
+        if (fread(ptr, 1, *plFileSize,stream) != (*plFileSize))
+            retVal=0;
+    }
+    fclose(stream);
+    *pFilePtr=ptr;
+    return retVal;
+}
+
+int main(int argc, char *argv[])
+{
+    int BlockSizeCompress=0x8000;
+    int BlockSizeUncompress=0x8000;
+    int cprLevel=Z_DEFAULT_COMPRESSION ;
+    long lFileSize;
+    unsigned char* FilePtr;
+    long lBufferSizeCpr;
+    long lBufferSizeUncpr;
+    long lCompressedSize=0;
+    unsigned char* CprPtr;
+    unsigned char* UncprPtr;
+    long lSizeCpr,lSizeUncpr;
+    DWORD dwGetTick,dwMsecQP;
+    LARGE_INTEGER li_qp,li_rdtsc,dwResRdtsc;
+
+    if (argc<=1)
+    {
+        printf("run TestZlib <File> [BlockSizeCompress] [BlockSizeUncompress] [compres. level]\n");
+        return 0;
+    }
+
+    if (ReadFileMemory(argv[1],&lFileSize,&FilePtr)==0)
+    {
+        printf("error reading %s\n",argv[1]);
+        return 1;
+    }
+    else printf("file %s read, %ld bytes\n",argv[1],lFileSize);
+
+    if (argc>=3)
+        BlockSizeCompress=atol(argv[2]);
+
+    if (argc>=4)
+        BlockSizeUncompress=atol(argv[3]);
+
+    if (argc>=5)
+        cprLevel=(int)atol(argv[4]);
+
+    lBufferSizeCpr = lFileSize + (lFileSize/0x10) + 0x200;
+    lBufferSizeUncpr = lBufferSizeCpr;
+
+    CprPtr=(unsigned char*)malloc(lBufferSizeCpr + BlockSizeCompress);
+
+    BeginCountPerfCounter(&li_qp,TRUE);
+    dwGetTick=GetTickCount();
+    BeginCountRdtsc(&li_rdtsc);
+    {
+        z_stream zcpr;
+        int ret=Z_OK;
+        long lOrigToDo = lFileSize;
+        long lOrigDone = 0;
+        int step=0;
+        memset(&zcpr,0,sizeof(z_stream));
+        deflateInit(&zcpr,cprLevel);
+
+        zcpr.next_in = FilePtr;
+        zcpr.next_out = CprPtr;
+
+
+        do
+        {
+            long all_read_before = zcpr.total_in;
+            zcpr.avail_in = min(lOrigToDo,BlockSizeCompress);
+            zcpr.avail_out = BlockSizeCompress;
+            ret=deflate(&zcpr,(zcpr.avail_in==lOrigToDo) ? Z_FINISH : Z_SYNC_FLUSH);
+            lOrigDone += (zcpr.total_in-all_read_before);
+            lOrigToDo -= (zcpr.total_in-all_read_before);
+            step++;
+        } while (ret==Z_OK);
+
+        lSizeCpr=zcpr.total_out;
+        deflateEnd(&zcpr);
+        dwGetTick=GetTickCount()-dwGetTick;
+        dwMsecQP=GetMsecSincePerfCounter(li_qp,TRUE);
+        dwResRdtsc=GetResRdtsc(li_rdtsc,TRUE);
+        printf("total compress size = %u, in %u step\n",lSizeCpr,step);
+        printf("time = %u msec = %f sec\n",dwGetTick,dwGetTick/(double)1000.);
+        printf("defcpr time QP = %u msec = %f sec\n",dwMsecQP,dwMsecQP/(double)1000.);
+        printf("defcpr result rdtsc = %I64x\n\n",dwResRdtsc.QuadPart);
+    }
+
+    CprPtr=(unsigned char*)realloc(CprPtr,lSizeCpr);
+    UncprPtr=(unsigned char*)malloc(lBufferSizeUncpr + BlockSizeUncompress);
+
+    BeginCountPerfCounter(&li_qp,TRUE);
+    dwGetTick=GetTickCount();
+    BeginCountRdtsc(&li_rdtsc);
+    {
+        z_stream zcpr;
+        int ret=Z_OK;
+        long lOrigToDo = lSizeCpr;
+        long lOrigDone = 0;
+        int step=0;
+        memset(&zcpr,0,sizeof(z_stream));
+        inflateInit(&zcpr);
+
+        zcpr.next_in = CprPtr;
+        zcpr.next_out = UncprPtr;
+
+
+        do
+        {
+            long all_read_before = zcpr.total_in;
+            zcpr.avail_in = min(lOrigToDo,BlockSizeUncompress);
+            zcpr.avail_out = BlockSizeUncompress;
+            ret=inflate(&zcpr,Z_SYNC_FLUSH);
+            lOrigDone += (zcpr.total_in-all_read_before);
+            lOrigToDo -= (zcpr.total_in-all_read_before);
+            step++;
+        } while (ret==Z_OK);
+
+        lSizeUncpr=zcpr.total_out;
+        inflateEnd(&zcpr);
+        dwGetTick=GetTickCount()-dwGetTick;
+        dwMsecQP=GetMsecSincePerfCounter(li_qp,TRUE);
+        dwResRdtsc=GetResRdtsc(li_rdtsc,TRUE);
+        printf("total uncompress size = %u, in %u step\n",lSizeUncpr,step);
+        printf("time = %u msec = %f sec\n",dwGetTick,dwGetTick/(double)1000.);
+        printf("uncpr  time QP = %u msec = %f sec\n",dwMsecQP,dwMsecQP/(double)1000.);
+        printf("uncpr  result rdtsc = %I64x\n\n",dwResRdtsc.QuadPart);
+    }
+
+    if (lSizeUncpr==lFileSize)
+    {
+        if (memcmp(FilePtr,UncprPtr,lFileSize)==0)
+            printf("compare ok\n");
+
+    }
+
+    return 0;
+}
diff --git a/zlib-1.3.1/contrib/testzlib/testzlib.txt b/zlib-1.3.1/contrib/testzlib/testzlib.txt
new file mode 100644
index 00000000..62258f14
--- /dev/null
+++ b/zlib-1.3.1/contrib/testzlib/testzlib.txt
@@ -0,0 +1,10 @@
+To build testzLib with Visual Studio 2005:
+
+copy to a directory file from :
+- root of zLib tree
+- contrib/testzlib
+- contrib/masmx86
+- contrib/masmx64
+- contrib/vstudio/vc7
+
+and open testzlib8.sln
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/untgz/Makefile b/zlib-1.3.1/contrib/untgz/Makefile
new file mode 100644
index 00000000..b54266fb
--- /dev/null
+++ b/zlib-1.3.1/contrib/untgz/Makefile
@@ -0,0 +1,14 @@
+CC=cc
+CFLAGS=-g
+
+untgz: untgz.o ../../libz.a
+	$(CC) $(CFLAGS) -o untgz untgz.o -L../.. -lz
+
+untgz.o: untgz.c ../../zlib.h
+	$(CC) $(CFLAGS) -c -I../.. untgz.c
+
+../../libz.a:
+	cd ../..; ./configure; make
+
+clean:
+	rm -f untgz untgz.o *~
diff --git a/zlib-1.3.1/contrib/untgz/Makefile.msc b/zlib-1.3.1/contrib/untgz/Makefile.msc
new file mode 100644
index 00000000..77b86022
--- /dev/null
+++ b/zlib-1.3.1/contrib/untgz/Makefile.msc
@@ -0,0 +1,17 @@
+CC=cl
+CFLAGS=-MD
+
+untgz.exe: untgz.obj ..\..\zlib.lib
+	$(CC) $(CFLAGS) untgz.obj ..\..\zlib.lib
+
+untgz.obj: untgz.c ..\..\zlib.h
+	$(CC) $(CFLAGS) -c -I..\.. untgz.c
+
+..\..\zlib.lib:
+	cd ..\..
+	$(MAKE) -f win32\makefile.msc
+	cd contrib\untgz
+
+clean:
+	-del untgz.obj
+	-del untgz.exe
diff --git a/zlib-1.3.1/contrib/untgz/untgz.c b/zlib-1.3.1/contrib/untgz/untgz.c
new file mode 100644
index 00000000..78579211
--- /dev/null
+++ b/zlib-1.3.1/contrib/untgz/untgz.c
@@ -0,0 +1,667 @@
+/*
+ * untgz.c -- Display contents and extract files from a gzip'd TAR file
+ *
+ * written by Pedro A. Aranda Gutierrez <paag@tid.es>
+ * adaptation to Unix by Jean-loup Gailly <jloup@gzip.org>
+ * various fixes by Cosmin Truta <cosmint@cs.ubbcluj.ro>
+ *
+ * This software is provided 'as-is', without any express or implied
+ * warranty.  In no event will the authors be held liable for any damages
+ * arising from the use of this software.
+ *
+ * Permission is granted to anyone to use this software for any purpose,
+ * including commercial applications, and to alter it and redistribute it
+ * freely, subject to the following restrictions:
+ *
+ * 1. The origin of this software must not be misrepresented; you must not
+ *    claim that you wrote the original software. If you use this software
+ *    in a product, an acknowledgment in the product documentation would be
+ *    appreciated but is not required.
+ * 2. Altered source versions must be plainly marked as such, and must not be
+ *    misrepresented as being the original software.
+ * 3. This notice may not be removed or altered from any source distribution.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+
+#include "zlib.h"
+
+#ifdef _WIN32
+#  include <direct.h>
+#  include <io.h>
+#  include <windows.h>
+#  ifndef F_OK
+#    define F_OK  0
+#  endif
+#  define mkdir(dirname,mode)   _mkdir(dirname)
+#  ifdef _MSC_VER
+#    define access(path,mode)   _access(path,mode)
+#    define chmod(path,mode)    _chmod(path,mode)
+#    define strdup(str)         _strdup(str)
+#  endif
+#else
+#  include <sys/stat.h>
+#  include <unistd.h>
+#  include <utime.h>
+#endif
+
+
+/* values used in typeflag field */
+
+#define REGTYPE  '0'            /* regular file */
+#define AREGTYPE '\0'           /* regular file */
+#define LNKTYPE  '1'            /* link */
+#define SYMTYPE  '2'            /* reserved */
+#define CHRTYPE  '3'            /* character special */
+#define BLKTYPE  '4'            /* block special */
+#define DIRTYPE  '5'            /* directory */
+#define FIFOTYPE '6'            /* FIFO special */
+#define CONTTYPE '7'            /* reserved */
+
+/* GNU tar extensions */
+
+#define GNUTYPE_DUMPDIR  'D'    /* file names from dumped directory */
+#define GNUTYPE_LONGLINK 'K'    /* long link name */
+#define GNUTYPE_LONGNAME 'L'    /* long file name */
+#define GNUTYPE_MULTIVOL 'M'    /* continuation of file from another volume */
+#define GNUTYPE_NAMES    'N'    /* file name that does not fit into main hdr */
+#define GNUTYPE_SPARSE   'S'    /* sparse file */
+#define GNUTYPE_VOLHDR   'V'    /* tape/volume header */
+
+
+/* tar header */
+
+#define BLOCKSIZE     512
+#define SHORTNAMESIZE 100
+
+struct tar_header
+{                               /* byte offset */
+  char name[100];               /*   0 */
+  char mode[8];                 /* 100 */
+  char uid[8];                  /* 108 */
+  char gid[8];                  /* 116 */
+  char size[12];                /* 124 */
+  char mtime[12];               /* 136 */
+  char chksum[8];               /* 148 */
+  char typeflag;                /* 156 */
+  char linkname[100];           /* 157 */
+  char magic[6];                /* 257 */
+  char version[2];              /* 263 */
+  char uname[32];               /* 265 */
+  char gname[32];               /* 297 */
+  char devmajor[8];             /* 329 */
+  char devminor[8];             /* 337 */
+  char prefix[155];             /* 345 */
+                                /* 500 */
+};
+
+union tar_buffer
+{
+  char               buffer[BLOCKSIZE];
+  struct tar_header  header;
+};
+
+struct attr_item
+{
+  struct attr_item  *next;
+  char              *fname;
+  int                mode;
+  time_t             time;
+};
+
+enum { TGZ_EXTRACT, TGZ_LIST, TGZ_INVALID };
+
+char *prog;
+
+void error(const char *msg)
+{
+  fprintf(stderr, "%s: %s\n", prog, msg);
+  exit(1);
+}
+
+const char *TGZsuffix[] = { "\0", ".tar", ".tar.gz", ".taz", ".tgz", NULL };
+
+/* return the file name of the TGZ archive */
+/* or NULL if it does not exist */
+
+char *TGZfname (const char *arcname)
+{
+  static char buffer[1024];
+  int origlen,i;
+
+  strcpy(buffer,arcname);
+  origlen = strlen(buffer);
+
+  for (i=0; TGZsuffix[i]; i++)
+    {
+       strcpy(buffer+origlen,TGZsuffix[i]);
+       if (access(buffer,F_OK) == 0)
+         return buffer;
+    }
+  return NULL;
+}
+
+
+/* error message for the filename */
+
+void TGZnotfound (const char *arcname)
+{
+  int i;
+
+  fprintf(stderr,"%s: Couldn't find ",prog);
+  for (i=0;TGZsuffix[i];i++)
+    fprintf(stderr,(TGZsuffix[i+1]) ? "%s%s, " : "or %s%s\n",
+            arcname,
+            TGZsuffix[i]);
+  exit(1);
+}
+
+
+/* convert octal digits to int */
+/* on error return -1 */
+
+int getoct (char *p,int width)
+{
+  int result = 0;
+  char c;
+
+  while (width--)
+    {
+      c = *p++;
+      if (c == 0)
+        break;
+      if (c == ' ')
+        continue;
+      if (c < '0' || c > '7')
+        return -1;
+      result = result * 8 + (c - '0');
+    }
+  return result;
+}
+
+
+/* convert time_t to string */
+/* use the "YYYY/MM/DD hh:mm:ss" format */
+
+char *strtime (time_t *t)
+{
+  struct tm   *local;
+  static char result[32];
+
+  local = localtime(t);
+  sprintf(result,"%4d/%02d/%02d %02d:%02d:%02d",
+          local->tm_year+1900, local->tm_mon+1, local->tm_mday,
+          local->tm_hour, local->tm_min, local->tm_sec);
+  return result;
+}
+
+
+/* set file time */
+
+int setfiletime (char *fname,time_t ftime)
+{
+#ifdef _WIN32
+  static int isWinNT = -1;
+  SYSTEMTIME st;
+  FILETIME locft, modft;
+  struct tm *loctm;
+  HANDLE hFile;
+  int result;
+
+  loctm = localtime(&ftime);
+  if (loctm == NULL)
+    return -1;
+
+  st.wYear         = (WORD)loctm->tm_year + 1900;
+  st.wMonth        = (WORD)loctm->tm_mon + 1;
+  st.wDayOfWeek    = (WORD)loctm->tm_wday;
+  st.wDay          = (WORD)loctm->tm_mday;
+  st.wHour         = (WORD)loctm->tm_hour;
+  st.wMinute       = (WORD)loctm->tm_min;
+  st.wSecond       = (WORD)loctm->tm_sec;
+  st.wMilliseconds = 0;
+  if (!SystemTimeToFileTime(&st, &locft) ||
+      !LocalFileTimeToFileTime(&locft, &modft))
+    return -1;
+
+  if (isWinNT < 0)
+    isWinNT = (GetVersion() < 0x80000000) ? 1 : 0;
+  hFile = CreateFile(fname, GENERIC_WRITE, 0, NULL, OPEN_EXISTING,
+                     (isWinNT ? FILE_FLAG_BACKUP_SEMANTICS : 0),
+                     NULL);
+  if (hFile == INVALID_HANDLE_VALUE)
+    return -1;
+  result = SetFileTime(hFile, NULL, NULL, &modft) ? 0 : -1;
+  CloseHandle(hFile);
+  return result;
+#else
+  struct utimbuf settime;
+
+  settime.actime = settime.modtime = ftime;
+  return utime(fname,&settime);
+#endif
+}
+
+
+/* push file attributes */
+
+void push_attr(struct attr_item **list,char *fname,int mode,time_t time)
+{
+  struct attr_item *item;
+
+  item = (struct attr_item *)malloc(sizeof(struct attr_item));
+  if (item == NULL)
+    error("Out of memory");
+  item->fname = strdup(fname);
+  item->mode  = mode;
+  item->time  = time;
+  item->next  = *list;
+  *list       = item;
+}
+
+
+/* restore file attributes */
+
+void restore_attr(struct attr_item **list)
+{
+  struct attr_item *item, *prev;
+
+  for (item = *list; item != NULL; )
+    {
+      setfiletime(item->fname,item->time);
+      chmod(item->fname,item->mode);
+      prev = item;
+      item = item->next;
+      free(prev);
+    }
+  *list = NULL;
+}
+
+
+/* match regular expression */
+
+#define ISSPECIAL(c) (((c) == '*') || ((c) == '/'))
+
+int ExprMatch (char *string,char *expr)
+{
+  while (1)
+    {
+      if (ISSPECIAL(*expr))
+        {
+          if (*expr == '/')
+            {
+              if (*string != '\\' && *string != '/')
+                return 0;
+              string ++; expr++;
+            }
+          else if (*expr == '*')
+            {
+              if (*expr ++ == 0)
+                return 1;
+              while (*++string != *expr)
+                if (*string == 0)
+                  return 0;
+            }
+        }
+      else
+        {
+          if (*string != *expr)
+            return 0;
+          if (*expr++ == 0)
+            return 1;
+          string++;
+        }
+    }
+}
+
+
+/* recursive mkdir */
+/* abort on ENOENT; ignore other errors like "directory already exists" */
+/* return 1 if OK */
+/*        0 on error */
+
+int makedir (char *newdir)
+{
+  char *buffer = strdup(newdir);
+  char *p;
+  int  len = strlen(buffer);
+
+  if (len <= 0) {
+    free(buffer);
+    return 0;
+  }
+  if (buffer[len-1] == '/') {
+    buffer[len-1] = '\0';
+  }
+  if (mkdir(buffer, 0755) == 0)
+    {
+      free(buffer);
+      return 1;
+    }
+
+  p = buffer+1;
+  while (1)
+    {
+      char hold;
+
+      while(*p && *p != '\\' && *p != '/')
+        p++;
+      hold = *p;
+      *p = 0;
+      if ((mkdir(buffer, 0755) == -1) && (errno == ENOENT))
+        {
+          fprintf(stderr,"%s: Couldn't create directory %s\n",prog,buffer);
+          free(buffer);
+          return 0;
+        }
+      if (hold == 0)
+        break;
+      *p++ = hold;
+    }
+  free(buffer);
+  return 1;
+}
+
+
+int matchname (int arg,int argc,char **argv,char *fname)
+{
+  if (arg == argc)      /* no arguments given (untgz tgzarchive) */
+    return 1;
+
+  while (arg < argc)
+    if (ExprMatch(fname,argv[arg++]))
+      return 1;
+
+  return 0; /* ignore this for the moment being */
+}
+
+
+/* tar file list or extract */
+
+int tar (gzFile in,int action,int arg,int argc,char **argv)
+{
+  union  tar_buffer buffer;
+  int    len;
+  int    err;
+  int    getheader = 1;
+  int    remaining = 0;
+  FILE   *outfile = NULL;
+  char   fname[BLOCKSIZE];
+  int    tarmode;
+  time_t tartime;
+  struct attr_item *attributes = NULL;
+
+  if (action == TGZ_LIST)
+    printf("    date      time     size                       file\n"
+           " ---------- -------- --------- -------------------------------------\n");
+  while (1)
+    {
+      len = gzread(in, &buffer, BLOCKSIZE);
+      if (len < 0)
+        error(gzerror(in, &err));
+      /*
+       * Always expect complete blocks to process
+       * the tar information.
+       */
+      if (len != BLOCKSIZE)
+        {
+          action = TGZ_INVALID; /* force error exit */
+          remaining = 0;        /* force I/O cleanup */
+        }
+
+      /*
+       * If we have to get a tar header
+       */
+      if (getheader >= 1)
+        {
+          /*
+           * if we met the end of the tar
+           * or the end-of-tar block,
+           * we are done
+           */
+          if (len == 0 || buffer.header.name[0] == 0)
+            break;
+
+          tarmode = getoct(buffer.header.mode,8);
+          tartime = (time_t)getoct(buffer.header.mtime,12);
+          if (tarmode == -1 || tartime == (time_t)-1)
+            {
+              buffer.header.name[0] = 0;
+              action = TGZ_INVALID;
+            }
+
+          if (getheader == 1)
+            {
+              strncpy(fname,buffer.header.name,SHORTNAMESIZE);
+              if (fname[SHORTNAMESIZE-1] != 0)
+                  fname[SHORTNAMESIZE] = 0;
+            }
+          else
+            {
+              /*
+               * The file name is longer than SHORTNAMESIZE
+               */
+              if (strncmp(fname,buffer.header.name,SHORTNAMESIZE-1) != 0)
+                  error("bad long name");
+              getheader = 1;
+            }
+
+          /*
+           * Act according to the type flag
+           */
+          switch (buffer.header.typeflag)
+            {
+            case DIRTYPE:
+              if (action == TGZ_LIST)
+                printf(" %s     <dir> %s\n",strtime(&tartime),fname);
+              if (action == TGZ_EXTRACT)
+                {
+                  makedir(fname);
+                  push_attr(&attributes,fname,tarmode,tartime);
+                }
+              break;
+            case REGTYPE:
+            case AREGTYPE:
+              remaining = getoct(buffer.header.size,12);
+              if (remaining == -1)
+                {
+                  action = TGZ_INVALID;
+                  break;
+                }
+              if (action == TGZ_LIST)
+                printf(" %s %9d %s\n",strtime(&tartime),remaining,fname);
+              else if (action == TGZ_EXTRACT)
+                {
+                  if (matchname(arg,argc,argv,fname))
+                    {
+                      outfile = fopen(fname,"wb");
+                      if (outfile == NULL) {
+                        /* try creating directory */
+                        char *p = strrchr(fname, '/');
+                        if (p != NULL) {
+                          *p = '\0';
+                          makedir(fname);
+                          *p = '/';
+                          outfile = fopen(fname,"wb");
+                        }
+                      }
+                      if (outfile != NULL)
+                        printf("Extracting %s\n",fname);
+                      else
+                        fprintf(stderr, "%s: Couldn't create %s",prog,fname);
+                    }
+                  else
+                    outfile = NULL;
+                }
+              getheader = 0;
+              break;
+            case GNUTYPE_LONGLINK:
+            case GNUTYPE_LONGNAME:
+              remaining = getoct(buffer.header.size,12);
+              if (remaining < 0 || remaining >= BLOCKSIZE)
+                {
+                  action = TGZ_INVALID;
+                  break;
+                }
+              len = gzread(in, fname, BLOCKSIZE);
+              if (len < 0)
+                error(gzerror(in, &err));
+              if (fname[BLOCKSIZE-1] != 0 || (int)strlen(fname) > remaining)
+                {
+                  action = TGZ_INVALID;
+                  break;
+                }
+              getheader = 2;
+              break;
+            default:
+              if (action == TGZ_LIST)
+                printf(" %s     <---> %s\n",strtime(&tartime),fname);
+              break;
+            }
+        }
+      else
+        {
+          unsigned int bytes = (remaining > BLOCKSIZE) ? BLOCKSIZE : remaining;
+
+          if (outfile != NULL)
+            {
+              if (fwrite(&buffer,sizeof(char),bytes,outfile) != bytes)
+                {
+                  fprintf(stderr,
+                    "%s: Error writing %s -- skipping\n",prog,fname);
+                  fclose(outfile);
+                  outfile = NULL;
+                  remove(fname);
+                }
+            }
+          remaining -= bytes;
+        }
+
+      if (remaining == 0)
+        {
+          getheader = 1;
+          if (outfile != NULL)
+            {
+              fclose(outfile);
+              outfile = NULL;
+              if (action != TGZ_INVALID)
+                push_attr(&attributes,fname,tarmode,tartime);
+            }
+        }
+
+      /*
+       * Abandon if errors are found
+       */
+      if (action == TGZ_INVALID)
+        {
+          error("broken archive");
+          break;
+        }
+    }
+
+  /*
+   * Restore file modes and time stamps
+   */
+  restore_attr(&attributes);
+
+  if (gzclose(in) != Z_OK)
+    error("failed gzclose");
+
+  return 0;
+}
+
+
+/* ============================================================ */
+
+void help(int exitval)
+{
+  printf("untgz version 0.2.1\n"
+         "  using zlib version %s\n\n",
+         zlibVersion());
+  printf("Usage: untgz file.tgz            extract all files\n"
+         "       untgz file.tgz fname ...  extract selected files\n"
+         "       untgz -l file.tgz         list archive contents\n"
+         "       untgz -h                  display this help\n");
+  exit(exitval);
+}
+
+
+/* ============================================================ */
+
+#if defined(WIN32) && defined(__GNUC__)
+int _CRT_glob = 0;      /* disable argument globbing in MinGW */
+#endif
+
+int main(int argc,char **argv)
+{
+    int         action = TGZ_EXTRACT;
+    int         arg = 1;
+    char        *TGZfile;
+    gzFile      f;
+
+    prog = strrchr(argv[0],'\\');
+    if (prog == NULL)
+      {
+        prog = strrchr(argv[0],'/');
+        if (prog == NULL)
+          {
+            prog = strrchr(argv[0],':');
+            if (prog == NULL)
+              prog = argv[0];
+            else
+              prog++;
+          }
+        else
+          prog++;
+      }
+    else
+      prog++;
+
+    if (argc == 1)
+      help(0);
+
+    if (strcmp(argv[arg],"-l") == 0)
+      {
+        action = TGZ_LIST;
+        if (argc == ++arg)
+          help(0);
+      }
+    else if (strcmp(argv[arg],"-h") == 0)
+      {
+        help(0);
+      }
+
+    if ((TGZfile = TGZfname(argv[arg])) == NULL)
+      TGZnotfound(argv[arg]);
+
+    ++arg;
+    if ((action == TGZ_LIST) && (arg != argc))
+      help(1);
+
+/*
+ *  Process the TGZ file
+ */
+    switch(action)
+      {
+      case TGZ_LIST:
+      case TGZ_EXTRACT:
+        f = gzopen(TGZfile,"rb");
+        if (f == NULL)
+          {
+            fprintf(stderr,"%s: Couldn't gzopen %s\n",prog,TGZfile);
+            return 1;
+          }
+        exit(tar(f, action, arg, argc, argv));
+      break;
+
+      default:
+        error("Unknown option");
+        exit(1);
+      }
+
+    return 0;
+}
diff --git a/zlib-1.3.1/contrib/vstudio/readme.txt b/zlib-1.3.1/contrib/vstudio/readme.txt
new file mode 100644
index 00000000..061bbc0e
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/readme.txt
@@ -0,0 +1,81 @@
+Building instructions for the DLL versions of Zlib 1.3.1
+========================================================
+
+This directory contains projects that build zlib and minizip using
+Microsoft Visual C++ 9.0/10.0.
+
+You don't need to build these projects yourself. You can download the
+binaries from:
+  http://www.winimage.com/zLibDll
+
+More information can be found at this site.
+
+
+
+
+
+Build instructions for Visual Studio 2008 (32 bits or 64 bits)
+--------------------------------------------------------------
+- Decompress current zlib, including all contrib/* files
+- Open contrib\vstudio\vc9\zlibvc.sln with Microsoft Visual C++ 2008
+- Or run: vcbuild /rebuild contrib\vstudio\vc9\zlibvc.sln "Release|Win32"
+
+Build instructions for Visual Studio 2010 (32 bits or 64 bits)
+--------------------------------------------------------------
+- Decompress current zlib, including all contrib/* files
+- Open contrib\vstudio\vc10\zlibvc.sln with Microsoft Visual C++ 2010
+
+Build instructions for Visual Studio 2012 (32 bits or 64 bits)
+--------------------------------------------------------------
+- Decompress current zlib, including all contrib/* files
+- Open contrib\vstudio\vc11\zlibvc.sln with Microsoft Visual C++ 2012
+
+Build instructions for Visual Studio 2013 (32 bits or 64 bits)
+--------------------------------------------------------------
+- Decompress current zlib, including all contrib/* files
+- Open contrib\vstudio\vc12\zlibvc.sln with Microsoft Visual C++ 2013
+
+Build instructions for Visual Studio 2015 (32 bits or 64 bits)
+--------------------------------------------------------------
+- Decompress current zlib, including all contrib/* files
+- Open contrib\vstudio\vc14\zlibvc.sln with Microsoft Visual C++ 2015
+
+Build instructions for Visual Studio 2022 (64 bits)
+--------------------------------------------------------------
+- Decompress current zlib, including all contrib/* files
+- Open contrib\vstudio\vc143\zlibvc.sln with Microsoft Visual C++ 2022
+
+
+
+Important
+---------
+- To use zlibwapi.dll in your application, you must define the
+  macro ZLIB_WINAPI when compiling your application's source files.
+
+
+Additional notes
+----------------
+- This DLL, named zlibwapi.dll, is compatible to the old zlib.dll built
+  by Gilles Vollant from the zlib 1.1.x sources, and distributed at
+    http://www.winimage.com/zLibDll
+  It uses the WINAPI calling convention for the exported functions, and
+  includes the minizip functionality. If your application needs that
+  particular build of zlib.dll, you can rename zlibwapi.dll to zlib.dll.
+
+- The new DLL was renamed because there exist several incompatible
+  versions of zlib.dll on the Internet.
+
+- There is also an official DLL build of zlib, named zlib1.dll. This one
+  is exporting the functions using the CDECL convention. See the file
+  win32\DLL_FAQ.txt found in this zlib distribution.
+
+- There used to be a ZLIB_DLL macro in zlib 1.1.x, but now this symbol
+  has a slightly different effect. To avoid compatibility problems, do
+  not define it here.
+
+
+Gilles Vollant
+info@winimage.com
+
+Visual Studio 2013, 2015, and 2022 Projects from Sean Hunt
+seandhunt_7@yahoo.com
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/miniunz.vcxproj b/zlib-1.3.1/contrib/vstudio/vc10/miniunz.vcxproj
new file mode 100644
index 00000000..74e15c90
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/miniunz.vcxproj
@@ -0,0 +1,310 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694382A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\miniunz.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/miniunz.vcxproj.filters b/zlib-1.3.1/contrib/vstudio/vc10/miniunz.vcxproj.filters
new file mode 100644
index 00000000..e53556a6
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/miniunz.vcxproj.filters
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{048af943-022b-4db6-beeb-a54c34774ee2}</UniqueIdentifier>
+      <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{c1d600d2-888f-4aea-b73e-8b0dd9befa0c}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{0844199a-966b-4f19-81db-1e0125e141b9}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\miniunz.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/minizip.vcxproj b/zlib-1.3.1/contrib/vstudio/vc10/minizip.vcxproj
new file mode 100644
index 00000000..917e1565
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/minizip.vcxproj
@@ -0,0 +1,307 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\minizip.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/minizip.vcxproj.filters b/zlib-1.3.1/contrib/vstudio/vc10/minizip.vcxproj.filters
new file mode 100644
index 00000000..bd18d715
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/minizip.vcxproj.filters
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{c0419b40-bf50-40da-b153-ff74215b79de}</UniqueIdentifier>
+      <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{bb87b070-735b-478e-92ce-7383abb2f36c}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{f46ab6a6-548f-43cb-ae96-681abb5bd5db}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\minizip.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/testzlib.vcxproj b/zlib-1.3.1/contrib/vstudio/vc10/testzlib.vcxproj
new file mode 100644
index 00000000..0e668f76
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/testzlib.vcxproj
@@ -0,0 +1,412 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <RootNamespace>testzlib</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/testzlib.vcxproj.filters b/zlib-1.3.1/contrib/vstudio/vc10/testzlib.vcxproj.filters
new file mode 100644
index 00000000..3cf52ee3
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/testzlib.vcxproj.filters
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{c1f6a2e3-5da5-4955-8653-310d3efe05a9}</UniqueIdentifier>
+      <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{c2aaffdc-2c95-4d6f-8466-4bec5890af2c}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{c274fe07-05f2-461c-964b-f6341e4e7eb5}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\compress.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\crc32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\deflate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\infback.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inffast.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inflate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inftrees.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\testzlib\testzlib.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\trees.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\uncompr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/testzlibdll.vcxproj b/zlib-1.3.1/contrib/vstudio/vc10/testzlibdll.vcxproj
new file mode 100644
index 00000000..bcb08ff9
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/testzlibdll.vcxproj
@@ -0,0 +1,310 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694366A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/testzlibdll.vcxproj.filters b/zlib-1.3.1/contrib/vstudio/vc10/testzlibdll.vcxproj.filters
new file mode 100644
index 00000000..aeb550e9
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/testzlibdll.vcxproj.filters
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{fa61a89f-93fc-4c89-b29e-36224b7592f4}</UniqueIdentifier>
+      <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{d4b85da0-2ba2-4934-b57f-e2584e3848ee}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{e573e075-00bd-4a7d-bd67-a8cc9bfc5aca}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\testzlib\testzlib.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlib.rc b/zlib-1.3.1/contrib/vstudio/vc10/zlib.rc
new file mode 100644
index 00000000..856bd11f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlib.rc
@@ -0,0 +1,32 @@
+#include <windows.h>
+
+#define IDR_VERSION1  1
+IDR_VERSION1	VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+  FILEVERSION	 1, 3, 1, 0
+  PRODUCTVERSION 1, 3, 1, 0
+  FILEFLAGSMASK	VS_FFI_FILEFLAGSMASK
+  FILEFLAGS	0
+  FILEOS	VOS_DOS_WINDOWS32
+  FILETYPE	VFT_DLL
+  FILESUBTYPE	0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+
+    BEGIN
+      VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0"
+      VALUE "FileVersion",	"1.3.1\0"
+      VALUE "InternalName",	"zlib\0"
+      VALUE "OriginalFilename",	"zlibwapi.dll\0"
+      VALUE "ProductName",	"ZLib.DLL\0"
+      VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0"
+      VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlibstat.vcxproj b/zlib-1.3.1/contrib/vstudio/vc10/zlibstat.vcxproj
new file mode 100644
index 00000000..c7ed09e5
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlibstat.vcxproj
@@ -0,0 +1,449 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c" />
+    <ClCompile Include="..\..\minizip\zip.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlibstat.vcxproj.filters b/zlib-1.3.1/contrib/vstudio/vc10/zlibstat.vcxproj.filters
new file mode 100644
index 00000000..ba7e23d3
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlibstat.vcxproj.filters
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{174213f6-7f66-4ae8-a3a8-a1e0a1e6ffdd}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\compress.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\crc32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\deflate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzclose.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzlib.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzread.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzwrite.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\infback.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inffast.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inflate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inftrees.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\ioapi.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\trees.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\uncompr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc">
+      <Filter>Source Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def">
+      <Filter>Source Files</Filter>
+    </None>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.def b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.def
new file mode 100644
index 00000000..3234a02d
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.def
@@ -0,0 +1,158 @@
+LIBRARY
+; zlib data compression and ZIP file I/O library
+
+VERSION		1.3.1
+
+EXPORTS
+        adler32                                  @1
+        compress                                 @2
+        crc32                                    @3
+        deflate                                  @4
+        deflateCopy                              @5
+        deflateEnd                               @6
+        deflateInit2_                            @7
+        deflateInit_                             @8
+        deflateParams                            @9
+        deflateReset                             @10
+        deflateSetDictionary                     @11
+        gzclose                                  @12
+        gzdopen                                  @13
+        gzerror                                  @14
+        gzflush                                  @15
+        gzopen                                   @16
+        gzread                                   @17
+        gzwrite                                  @18
+        inflate                                  @19
+        inflateEnd                               @20
+        inflateInit2_                            @21
+        inflateInit_                             @22
+        inflateReset                             @23
+        inflateSetDictionary                     @24
+        inflateSync                              @25
+        uncompress                               @26
+        zlibVersion                              @27
+        gzprintf                                 @28
+        gzputc                                   @29
+        gzgetc                                   @30
+        gzseek                                   @31
+        gzrewind                                 @32
+        gztell                                   @33
+        gzeof                                    @34
+        gzsetparams                              @35
+        zError                                   @36
+        inflateSyncPoint                         @37
+        get_crc_table                            @38
+        compress2                                @39
+        gzputs                                   @40
+        gzgets                                   @41
+        inflateCopy                              @42
+        inflateBackInit_                         @43
+        inflateBack                              @44
+        inflateBackEnd                           @45
+        compressBound                            @46
+        deflateBound                             @47
+        gzclearerr                               @48
+        gzungetc                                 @49
+        zlibCompileFlags                         @50
+        deflatePrime                             @51
+        deflatePending                           @52
+
+        unzOpen                                  @61
+        unzClose                                 @62
+        unzGetGlobalInfo                         @63
+        unzGetCurrentFileInfo                    @64
+        unzGoToFirstFile                         @65
+        unzGoToNextFile                          @66
+        unzOpenCurrentFile                       @67
+        unzReadCurrentFile                       @68
+        unzOpenCurrentFile3                      @69
+        unztell                                  @70
+        unzeof                                   @71
+        unzCloseCurrentFile                      @72
+        unzGetGlobalComment                      @73
+        unzStringFileNameCompare                 @74
+        unzLocateFile                            @75
+        unzGetLocalExtrafield                    @76
+        unzOpen2                                 @77
+        unzOpenCurrentFile2                      @78
+        unzOpenCurrentFilePassword               @79
+
+        zipOpen                                  @80
+        zipOpenNewFileInZip                      @81
+        zipWriteInFileInZip                      @82
+        zipCloseFileInZip                        @83
+        zipClose                                 @84
+        zipOpenNewFileInZip2                     @86
+        zipCloseFileInZipRaw                     @87
+        zipOpen2                                 @88
+        zipOpenNewFileInZip3                     @89
+
+        unzGetFilePos                            @100
+        unzGoToFilePos                           @101
+
+        fill_win32_filefunc                      @110
+
+; zlibwapi v1.2.4 added:
+        fill_win32_filefunc64                   @111
+        fill_win32_filefunc64A                  @112
+        fill_win32_filefunc64W                  @113
+
+        unzOpen64                               @120
+        unzOpen2_64                             @121
+        unzGetGlobalInfo64                      @122
+        unzGetCurrentFileInfo64                 @124
+        unzGetCurrentFileZStreamPos64           @125
+        unztell64                               @126
+        unzGetFilePos64                         @127
+        unzGoToFilePos64                        @128
+
+        zipOpen64                               @130
+        zipOpen2_64                             @131
+        zipOpenNewFileInZip64                   @132
+        zipOpenNewFileInZip2_64                 @133
+        zipOpenNewFileInZip3_64                 @134
+        zipOpenNewFileInZip4_64                 @135
+        zipCloseFileInZipRaw64                  @136
+
+; zlib1 v1.2.4 added:
+        adler32_combine                         @140
+        crc32_combine                           @142
+        deflateSetHeader                        @144
+        deflateTune                             @145
+        gzbuffer                                @146
+        gzclose_r                               @147
+        gzclose_w                               @148
+        gzdirect                                @149
+        gzoffset                                @150
+        inflateGetHeader                        @156
+        inflateMark                             @157
+        inflatePrime                            @158
+        inflateReset2                           @159
+        inflateUndermine                        @160
+
+; zlib1 v1.2.6 added:
+        gzgetc_                                 @161
+        inflateResetKeep                        @163
+        deflateResetKeep                        @164
+
+; zlib1 v1.2.7 added:
+        gzopen_w                                @165
+
+; zlib1 v1.2.8 added:
+        inflateGetDictionary                    @166
+        gzvprintf                               @167
+
+; zlib1 v1.2.9 added:
+        inflateCodesUsed                        @168
+        inflateValidate                         @169
+        uncompress2                             @170
+        gzfread                                 @171
+        gzfwrite                                @172
+        deflateGetDictionary                    @173
+        adler32_z                               @174
+        crc32_z                                 @175
+
+; zlib1 v1.2.12 added:
+		crc32_combine_gen						@176
+		crc32_combine_gen64						@177
+		crc32_combine_op						@178
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.sln b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.sln
new file mode 100644
index 00000000..6f6ffd5e
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.sln
@@ -0,0 +1,135 @@
+
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual Studio 2010
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcxproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcxproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcxproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlibdll", "testzlibdll.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcxproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Itanium = Debug|Itanium
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Itanium = Release|Itanium
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		ReleaseWithoutAsm|Itanium = ReleaseWithoutAsm|Itanium
+		ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32
+		ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.Build.0 = Debug|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.ActiveCfg = Release|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.Build.0 = Release|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.Build.0 = ReleaseWithoutAsm|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.Build.0 = Debug|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.ActiveCfg = Release|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.Build.0 = Release|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.Build.0 = ReleaseWithoutAsm|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.Build.0 = Debug|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.Build.0 = Release|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.Build.0 = ReleaseWithoutAsm|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.Build.0 = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.Build.0 = Debug|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.Build.0 = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.Build.0 = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.Build.0 = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.vcxproj b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.vcxproj
new file mode 100644
index 00000000..19dfc35b
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.vcxproj
@@ -0,0 +1,633 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8FD826F8-3739-44E6-8CC8-997122E53B8D}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">zlibwapid</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">zlibwapid</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">zlibwapi</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <GenerateMapFile>true</GenerateMapFile>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <GenerateMapFile>true</GenerateMapFile>
+      <SubSystem>Windows</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <SubSystem>Windows</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <SubSystem>Windows</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\minizip\iowin32.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\deflate.h" />
+    <ClInclude Include="..\..\..\infblock.h" />
+    <ClInclude Include="..\..\..\infcodes.h" />
+    <ClInclude Include="..\..\..\inffast.h" />
+    <ClInclude Include="..\..\..\inftrees.h" />
+    <ClInclude Include="..\..\..\infutil.h" />
+    <ClInclude Include="..\..\..\zconf.h" />
+    <ClInclude Include="..\..\..\zlib.h" />
+    <ClInclude Include="..\..\..\zutil.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.vcxproj.filters b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.vcxproj.filters
new file mode 100644
index 00000000..67c444ab
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc10/zlibvc.vcxproj.filters
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{07934a85-8b61-443d-a0ee-b2eedb74f3cd}</UniqueIdentifier>
+      <Extensions>cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{1d99675b-433d-4a21-9e50-ed4ab8b19762}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;fi;fd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{431c0958-fa71-44d0-9084-2d19d100c0cc}</UniqueIdentifier>
+      <Extensions>ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\compress.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\crc32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\deflate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzclose.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzlib.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzread.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\gzwrite.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\infback.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inffast.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inflate.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\inftrees.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\ioapi.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\iowin32.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\trees.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\uncompr.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc">
+      <Filter>Source Files</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def">
+      <Filter>Source Files</Filter>
+    </None>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\deflate.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\infblock.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\infcodes.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\inffast.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\inftrees.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\infutil.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\zconf.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\zlib.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\..\zutil.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/miniunz.vcxproj b/zlib-1.3.1/contrib/vstudio/vc11/miniunz.vcxproj
new file mode 100644
index 00000000..8f9f20bd
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/miniunz.vcxproj
@@ -0,0 +1,314 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694382A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\miniunz.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/minizip.vcxproj b/zlib-1.3.1/contrib/vstudio/vc11/minizip.vcxproj
new file mode 100644
index 00000000..c93d9e6f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/minizip.vcxproj
@@ -0,0 +1,311 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\minizip.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/testzlib.vcxproj b/zlib-1.3.1/contrib/vstudio/vc11/testzlib.vcxproj
new file mode 100644
index 00000000..c6198c1f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/testzlib.vcxproj
@@ -0,0 +1,418 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <RootNamespace>testzlib</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/testzlibdll.vcxproj b/zlib-1.3.1/contrib/vstudio/vc11/testzlibdll.vcxproj
new file mode 100644
index 00000000..9f20c78f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/testzlibdll.vcxproj
@@ -0,0 +1,314 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694366A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/zlib.rc b/zlib-1.3.1/contrib/vstudio/vc11/zlib.rc
new file mode 100644
index 00000000..856bd11f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/zlib.rc
@@ -0,0 +1,32 @@
+#include <windows.h>
+
+#define IDR_VERSION1  1
+IDR_VERSION1	VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+  FILEVERSION	 1, 3, 1, 0
+  PRODUCTVERSION 1, 3, 1, 0
+  FILEFLAGSMASK	VS_FFI_FILEFLAGSMASK
+  FILEFLAGS	0
+  FILEOS	VOS_DOS_WINDOWS32
+  FILETYPE	VFT_DLL
+  FILESUBTYPE	0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+
+    BEGIN
+      VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0"
+      VALUE "FileVersion",	"1.3.1\0"
+      VALUE "InternalName",	"zlib\0"
+      VALUE "OriginalFilename",	"zlibwapi.dll\0"
+      VALUE "ProductName",	"ZLib.DLL\0"
+      VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0"
+      VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/zlibstat.vcxproj b/zlib-1.3.1/contrib/vstudio/vc11/zlibstat.vcxproj
new file mode 100644
index 00000000..86fb1c8b
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/zlibstat.vcxproj
@@ -0,0 +1,456 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c" />
+    <ClCompile Include="..\..\minizip\zip.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.def b/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.def
new file mode 100644
index 00000000..3234a02d
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.def
@@ -0,0 +1,158 @@
+LIBRARY
+; zlib data compression and ZIP file I/O library
+
+VERSION		1.3.1
+
+EXPORTS
+        adler32                                  @1
+        compress                                 @2
+        crc32                                    @3
+        deflate                                  @4
+        deflateCopy                              @5
+        deflateEnd                               @6
+        deflateInit2_                            @7
+        deflateInit_                             @8
+        deflateParams                            @9
+        deflateReset                             @10
+        deflateSetDictionary                     @11
+        gzclose                                  @12
+        gzdopen                                  @13
+        gzerror                                  @14
+        gzflush                                  @15
+        gzopen                                   @16
+        gzread                                   @17
+        gzwrite                                  @18
+        inflate                                  @19
+        inflateEnd                               @20
+        inflateInit2_                            @21
+        inflateInit_                             @22
+        inflateReset                             @23
+        inflateSetDictionary                     @24
+        inflateSync                              @25
+        uncompress                               @26
+        zlibVersion                              @27
+        gzprintf                                 @28
+        gzputc                                   @29
+        gzgetc                                   @30
+        gzseek                                   @31
+        gzrewind                                 @32
+        gztell                                   @33
+        gzeof                                    @34
+        gzsetparams                              @35
+        zError                                   @36
+        inflateSyncPoint                         @37
+        get_crc_table                            @38
+        compress2                                @39
+        gzputs                                   @40
+        gzgets                                   @41
+        inflateCopy                              @42
+        inflateBackInit_                         @43
+        inflateBack                              @44
+        inflateBackEnd                           @45
+        compressBound                            @46
+        deflateBound                             @47
+        gzclearerr                               @48
+        gzungetc                                 @49
+        zlibCompileFlags                         @50
+        deflatePrime                             @51
+        deflatePending                           @52
+
+        unzOpen                                  @61
+        unzClose                                 @62
+        unzGetGlobalInfo                         @63
+        unzGetCurrentFileInfo                    @64
+        unzGoToFirstFile                         @65
+        unzGoToNextFile                          @66
+        unzOpenCurrentFile                       @67
+        unzReadCurrentFile                       @68
+        unzOpenCurrentFile3                      @69
+        unztell                                  @70
+        unzeof                                   @71
+        unzCloseCurrentFile                      @72
+        unzGetGlobalComment                      @73
+        unzStringFileNameCompare                 @74
+        unzLocateFile                            @75
+        unzGetLocalExtrafield                    @76
+        unzOpen2                                 @77
+        unzOpenCurrentFile2                      @78
+        unzOpenCurrentFilePassword               @79
+
+        zipOpen                                  @80
+        zipOpenNewFileInZip                      @81
+        zipWriteInFileInZip                      @82
+        zipCloseFileInZip                        @83
+        zipClose                                 @84
+        zipOpenNewFileInZip2                     @86
+        zipCloseFileInZipRaw                     @87
+        zipOpen2                                 @88
+        zipOpenNewFileInZip3                     @89
+
+        unzGetFilePos                            @100
+        unzGoToFilePos                           @101
+
+        fill_win32_filefunc                      @110
+
+; zlibwapi v1.2.4 added:
+        fill_win32_filefunc64                   @111
+        fill_win32_filefunc64A                  @112
+        fill_win32_filefunc64W                  @113
+
+        unzOpen64                               @120
+        unzOpen2_64                             @121
+        unzGetGlobalInfo64                      @122
+        unzGetCurrentFileInfo64                 @124
+        unzGetCurrentFileZStreamPos64           @125
+        unztell64                               @126
+        unzGetFilePos64                         @127
+        unzGoToFilePos64                        @128
+
+        zipOpen64                               @130
+        zipOpen2_64                             @131
+        zipOpenNewFileInZip64                   @132
+        zipOpenNewFileInZip2_64                 @133
+        zipOpenNewFileInZip3_64                 @134
+        zipOpenNewFileInZip4_64                 @135
+        zipCloseFileInZipRaw64                  @136
+
+; zlib1 v1.2.4 added:
+        adler32_combine                         @140
+        crc32_combine                           @142
+        deflateSetHeader                        @144
+        deflateTune                             @145
+        gzbuffer                                @146
+        gzclose_r                               @147
+        gzclose_w                               @148
+        gzdirect                                @149
+        gzoffset                                @150
+        inflateGetHeader                        @156
+        inflateMark                             @157
+        inflatePrime                            @158
+        inflateReset2                           @159
+        inflateUndermine                        @160
+
+; zlib1 v1.2.6 added:
+        gzgetc_                                 @161
+        inflateResetKeep                        @163
+        deflateResetKeep                        @164
+
+; zlib1 v1.2.7 added:
+        gzopen_w                                @165
+
+; zlib1 v1.2.8 added:
+        inflateGetDictionary                    @166
+        gzvprintf                               @167
+
+; zlib1 v1.2.9 added:
+        inflateCodesUsed                        @168
+        inflateValidate                         @169
+        uncompress2                             @170
+        gzfread                                 @171
+        gzfwrite                                @172
+        deflateGetDictionary                    @173
+        adler32_z                               @174
+        crc32_z                                 @175
+
+; zlib1 v1.2.12 added:
+		crc32_combine_gen						@176
+		crc32_combine_gen64						@177
+		crc32_combine_op						@178
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.sln b/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.sln
new file mode 100644
index 00000000..9fcbafdd
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.sln
@@ -0,0 +1,117 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2012
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcxproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcxproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcxproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlibdll", "testzlibdll.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcxproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Itanium = Debug|Itanium
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Itanium = Release|Itanium
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		ReleaseWithoutAsm|Itanium = ReleaseWithoutAsm|Itanium
+		ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32
+		ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.vcxproj b/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.vcxproj
new file mode 100644
index 00000000..fc8cd9c1
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc11/zlibvc.vcxproj
@@ -0,0 +1,664 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8FD826F8-3739-44E6-8CC8-997122E53B8D}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">zlibwapi</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\minizip\iowin32.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\deflate.h" />
+    <ClInclude Include="..\..\..\infblock.h" />
+    <ClInclude Include="..\..\..\infcodes.h" />
+    <ClInclude Include="..\..\..\inffast.h" />
+    <ClInclude Include="..\..\..\inftrees.h" />
+    <ClInclude Include="..\..\..\infutil.h" />
+    <ClInclude Include="..\..\..\zconf.h" />
+    <ClInclude Include="..\..\..\zlib.h" />
+    <ClInclude Include="..\..\..\zutil.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/miniunz.vcxproj b/zlib-1.3.1/contrib/vstudio/vc12/miniunz.vcxproj
new file mode 100644
index 00000000..d88ac7fc
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/miniunz.vcxproj
@@ -0,0 +1,316 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694382A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\miniunz.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/minizip.vcxproj b/zlib-1.3.1/contrib/vstudio/vc12/minizip.vcxproj
new file mode 100644
index 00000000..f1f239c9
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/minizip.vcxproj
@@ -0,0 +1,313 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\minizip.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/testzlib.vcxproj b/zlib-1.3.1/contrib/vstudio/vc12/testzlib.vcxproj
new file mode 100644
index 00000000..41303c0a
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/testzlib.vcxproj
@@ -0,0 +1,422 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <RootNamespace>testzlib</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/testzlibdll.vcxproj b/zlib-1.3.1/contrib/vstudio/vc12/testzlibdll.vcxproj
new file mode 100644
index 00000000..c66573a8
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/testzlibdll.vcxproj
@@ -0,0 +1,316 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694366A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/zlib.rc b/zlib-1.3.1/contrib/vstudio/vc12/zlib.rc
new file mode 100644
index 00000000..a55f341c
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/zlib.rc
@@ -0,0 +1,32 @@
+#include <windows.h>
+
+#define IDR_VERSION1  1
+IDR_VERSION1	VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+  FILEVERSION	 1, 3, 1, 0
+  PRODUCTVERSION 1, 3, 1, 0
+  FILEFLAGSMASK	VS_FFI_FILEFLAGSMASK
+  FILEFLAGS	0
+  FILEOS	VOS_DOS_WINDOWS32
+  FILETYPE	VFT_DLL
+  FILESUBTYPE	0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+
+    BEGIN
+      VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0"
+      VALUE "FileVersion",	"1.3.1\0"
+      VALUE "InternalName",	"zlib\0"
+      VALUE "OriginalFilename",	"zlibwapi.dll\0"
+      VALUE "ProductName",	"ZLib.DLL\0"
+      VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0"
+      VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/zlibstat.vcxproj b/zlib-1.3.1/contrib/vstudio/vc12/zlibstat.vcxproj
new file mode 100644
index 00000000..6629d8e2
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/zlibstat.vcxproj
@@ -0,0 +1,459 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c" />
+    <ClCompile Include="..\..\minizip\zip.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.def b/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.def
new file mode 100644
index 00000000..3234a02d
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.def
@@ -0,0 +1,158 @@
+LIBRARY
+; zlib data compression and ZIP file I/O library
+
+VERSION		1.3.1
+
+EXPORTS
+        adler32                                  @1
+        compress                                 @2
+        crc32                                    @3
+        deflate                                  @4
+        deflateCopy                              @5
+        deflateEnd                               @6
+        deflateInit2_                            @7
+        deflateInit_                             @8
+        deflateParams                            @9
+        deflateReset                             @10
+        deflateSetDictionary                     @11
+        gzclose                                  @12
+        gzdopen                                  @13
+        gzerror                                  @14
+        gzflush                                  @15
+        gzopen                                   @16
+        gzread                                   @17
+        gzwrite                                  @18
+        inflate                                  @19
+        inflateEnd                               @20
+        inflateInit2_                            @21
+        inflateInit_                             @22
+        inflateReset                             @23
+        inflateSetDictionary                     @24
+        inflateSync                              @25
+        uncompress                               @26
+        zlibVersion                              @27
+        gzprintf                                 @28
+        gzputc                                   @29
+        gzgetc                                   @30
+        gzseek                                   @31
+        gzrewind                                 @32
+        gztell                                   @33
+        gzeof                                    @34
+        gzsetparams                              @35
+        zError                                   @36
+        inflateSyncPoint                         @37
+        get_crc_table                            @38
+        compress2                                @39
+        gzputs                                   @40
+        gzgets                                   @41
+        inflateCopy                              @42
+        inflateBackInit_                         @43
+        inflateBack                              @44
+        inflateBackEnd                           @45
+        compressBound                            @46
+        deflateBound                             @47
+        gzclearerr                               @48
+        gzungetc                                 @49
+        zlibCompileFlags                         @50
+        deflatePrime                             @51
+        deflatePending                           @52
+
+        unzOpen                                  @61
+        unzClose                                 @62
+        unzGetGlobalInfo                         @63
+        unzGetCurrentFileInfo                    @64
+        unzGoToFirstFile                         @65
+        unzGoToNextFile                          @66
+        unzOpenCurrentFile                       @67
+        unzReadCurrentFile                       @68
+        unzOpenCurrentFile3                      @69
+        unztell                                  @70
+        unzeof                                   @71
+        unzCloseCurrentFile                      @72
+        unzGetGlobalComment                      @73
+        unzStringFileNameCompare                 @74
+        unzLocateFile                            @75
+        unzGetLocalExtrafield                    @76
+        unzOpen2                                 @77
+        unzOpenCurrentFile2                      @78
+        unzOpenCurrentFilePassword               @79
+
+        zipOpen                                  @80
+        zipOpenNewFileInZip                      @81
+        zipWriteInFileInZip                      @82
+        zipCloseFileInZip                        @83
+        zipClose                                 @84
+        zipOpenNewFileInZip2                     @86
+        zipCloseFileInZipRaw                     @87
+        zipOpen2                                 @88
+        zipOpenNewFileInZip3                     @89
+
+        unzGetFilePos                            @100
+        unzGoToFilePos                           @101
+
+        fill_win32_filefunc                      @110
+
+; zlibwapi v1.2.4 added:
+        fill_win32_filefunc64                   @111
+        fill_win32_filefunc64A                  @112
+        fill_win32_filefunc64W                  @113
+
+        unzOpen64                               @120
+        unzOpen2_64                             @121
+        unzGetGlobalInfo64                      @122
+        unzGetCurrentFileInfo64                 @124
+        unzGetCurrentFileZStreamPos64           @125
+        unztell64                               @126
+        unzGetFilePos64                         @127
+        unzGoToFilePos64                        @128
+
+        zipOpen64                               @130
+        zipOpen2_64                             @131
+        zipOpenNewFileInZip64                   @132
+        zipOpenNewFileInZip2_64                 @133
+        zipOpenNewFileInZip3_64                 @134
+        zipOpenNewFileInZip4_64                 @135
+        zipCloseFileInZipRaw64                  @136
+
+; zlib1 v1.2.4 added:
+        adler32_combine                         @140
+        crc32_combine                           @142
+        deflateSetHeader                        @144
+        deflateTune                             @145
+        gzbuffer                                @146
+        gzclose_r                               @147
+        gzclose_w                               @148
+        gzdirect                                @149
+        gzoffset                                @150
+        inflateGetHeader                        @156
+        inflateMark                             @157
+        inflatePrime                            @158
+        inflateReset2                           @159
+        inflateUndermine                        @160
+
+; zlib1 v1.2.6 added:
+        gzgetc_                                 @161
+        inflateResetKeep                        @163
+        deflateResetKeep                        @164
+
+; zlib1 v1.2.7 added:
+        gzopen_w                                @165
+
+; zlib1 v1.2.8 added:
+        inflateGetDictionary                    @166
+        gzvprintf                               @167
+
+; zlib1 v1.2.9 added:
+        inflateCodesUsed                        @168
+        inflateValidate                         @169
+        uncompress2                             @170
+        gzfread                                 @171
+        gzfwrite                                @172
+        deflateGetDictionary                    @173
+        adler32_z                               @174
+        crc32_z                                 @175
+
+; zlib1 v1.2.12 added:
+		crc32_combine_gen						@176
+		crc32_combine_gen64						@177
+		crc32_combine_op						@178
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.sln b/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.sln
new file mode 100644
index 00000000..dcda2298
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.sln
@@ -0,0 +1,119 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcxproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcxproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcxproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlibdll", "testzlibdll.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcxproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Itanium = Debug|Itanium
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Itanium = Release|Itanium
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		ReleaseWithoutAsm|Itanium = ReleaseWithoutAsm|Itanium
+		ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32
+		ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.vcxproj b/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.vcxproj
new file mode 100644
index 00000000..4e0de691
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc12/zlibvc.vcxproj
@@ -0,0 +1,668 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8FD826F8-3739-44E6-8CC8-997122E53B8D}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v120</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">zlibwapi</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\minizip\iowin32.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\deflate.h" />
+    <ClInclude Include="..\..\..\infblock.h" />
+    <ClInclude Include="..\..\..\infcodes.h" />
+    <ClInclude Include="..\..\..\inffast.h" />
+    <ClInclude Include="..\..\..\inftrees.h" />
+    <ClInclude Include="..\..\..\infutil.h" />
+    <ClInclude Include="..\..\..\zconf.h" />
+    <ClInclude Include="..\..\..\zlib.h" />
+    <ClInclude Include="..\..\..\zutil.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/miniunz.vcxproj b/zlib-1.3.1/contrib/vstudio/vc14/miniunz.vcxproj
new file mode 100644
index 00000000..9b5c0758
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/miniunz.vcxproj
@@ -0,0 +1,316 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694382A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\miniunz.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/minizip.vcxproj b/zlib-1.3.1/contrib/vstudio/vc14/minizip.vcxproj
new file mode 100644
index 00000000..968a410a
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/minizip.vcxproj
@@ -0,0 +1,313 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\minizip.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/testzlib.vcxproj b/zlib-1.3.1/contrib/vstudio/vc14/testzlib.vcxproj
new file mode 100644
index 00000000..54520495
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/testzlib.vcxproj
@@ -0,0 +1,422 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <RootNamespace>testzlib</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/testzlibdll.vcxproj b/zlib-1.3.1/contrib/vstudio/vc14/testzlibdll.vcxproj
new file mode 100644
index 00000000..d87474de
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/testzlibdll.vcxproj
@@ -0,0 +1,316 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694366A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ia64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/zlib.rc b/zlib-1.3.1/contrib/vstudio/vc14/zlib.rc
new file mode 100644
index 00000000..a55f341c
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/zlib.rc
@@ -0,0 +1,32 @@
+#include <windows.h>
+
+#define IDR_VERSION1  1
+IDR_VERSION1	VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+  FILEVERSION	 1, 3, 1, 0
+  PRODUCTVERSION 1, 3, 1, 0
+  FILEFLAGSMASK	VS_FFI_FILEFLAGSMASK
+  FILEFLAGS	0
+  FILEOS	VOS_DOS_WINDOWS32
+  FILETYPE	VFT_DLL
+  FILESUBTYPE	0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+
+    BEGIN
+      VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0"
+      VALUE "FileVersion",	"1.3.1\0"
+      VALUE "InternalName",	"zlib\0"
+      VALUE "OriginalFilename",	"zlibwapi.dll\0"
+      VALUE "ProductName",	"ZLib.DLL\0"
+      VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0"
+      VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/zlibstat.vcxproj b/zlib-1.3.1/contrib/vstudio/vc14/zlibstat.vcxproj
new file mode 100644
index 00000000..85c1e895
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/zlibstat.vcxproj
@@ -0,0 +1,459 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:IA64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c" />
+    <ClCompile Include="..\..\minizip\zip.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.def b/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.def
new file mode 100644
index 00000000..3234a02d
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.def
@@ -0,0 +1,158 @@
+LIBRARY
+; zlib data compression and ZIP file I/O library
+
+VERSION		1.3.1
+
+EXPORTS
+        adler32                                  @1
+        compress                                 @2
+        crc32                                    @3
+        deflate                                  @4
+        deflateCopy                              @5
+        deflateEnd                               @6
+        deflateInit2_                            @7
+        deflateInit_                             @8
+        deflateParams                            @9
+        deflateReset                             @10
+        deflateSetDictionary                     @11
+        gzclose                                  @12
+        gzdopen                                  @13
+        gzerror                                  @14
+        gzflush                                  @15
+        gzopen                                   @16
+        gzread                                   @17
+        gzwrite                                  @18
+        inflate                                  @19
+        inflateEnd                               @20
+        inflateInit2_                            @21
+        inflateInit_                             @22
+        inflateReset                             @23
+        inflateSetDictionary                     @24
+        inflateSync                              @25
+        uncompress                               @26
+        zlibVersion                              @27
+        gzprintf                                 @28
+        gzputc                                   @29
+        gzgetc                                   @30
+        gzseek                                   @31
+        gzrewind                                 @32
+        gztell                                   @33
+        gzeof                                    @34
+        gzsetparams                              @35
+        zError                                   @36
+        inflateSyncPoint                         @37
+        get_crc_table                            @38
+        compress2                                @39
+        gzputs                                   @40
+        gzgets                                   @41
+        inflateCopy                              @42
+        inflateBackInit_                         @43
+        inflateBack                              @44
+        inflateBackEnd                           @45
+        compressBound                            @46
+        deflateBound                             @47
+        gzclearerr                               @48
+        gzungetc                                 @49
+        zlibCompileFlags                         @50
+        deflatePrime                             @51
+        deflatePending                           @52
+
+        unzOpen                                  @61
+        unzClose                                 @62
+        unzGetGlobalInfo                         @63
+        unzGetCurrentFileInfo                    @64
+        unzGoToFirstFile                         @65
+        unzGoToNextFile                          @66
+        unzOpenCurrentFile                       @67
+        unzReadCurrentFile                       @68
+        unzOpenCurrentFile3                      @69
+        unztell                                  @70
+        unzeof                                   @71
+        unzCloseCurrentFile                      @72
+        unzGetGlobalComment                      @73
+        unzStringFileNameCompare                 @74
+        unzLocateFile                            @75
+        unzGetLocalExtrafield                    @76
+        unzOpen2                                 @77
+        unzOpenCurrentFile2                      @78
+        unzOpenCurrentFilePassword               @79
+
+        zipOpen                                  @80
+        zipOpenNewFileInZip                      @81
+        zipWriteInFileInZip                      @82
+        zipCloseFileInZip                        @83
+        zipClose                                 @84
+        zipOpenNewFileInZip2                     @86
+        zipCloseFileInZipRaw                     @87
+        zipOpen2                                 @88
+        zipOpenNewFileInZip3                     @89
+
+        unzGetFilePos                            @100
+        unzGoToFilePos                           @101
+
+        fill_win32_filefunc                      @110
+
+; zlibwapi v1.2.4 added:
+        fill_win32_filefunc64                   @111
+        fill_win32_filefunc64A                  @112
+        fill_win32_filefunc64W                  @113
+
+        unzOpen64                               @120
+        unzOpen2_64                             @121
+        unzGetGlobalInfo64                      @122
+        unzGetCurrentFileInfo64                 @124
+        unzGetCurrentFileZStreamPos64           @125
+        unztell64                               @126
+        unzGetFilePos64                         @127
+        unzGoToFilePos64                        @128
+
+        zipOpen64                               @130
+        zipOpen2_64                             @131
+        zipOpenNewFileInZip64                   @132
+        zipOpenNewFileInZip2_64                 @133
+        zipOpenNewFileInZip3_64                 @134
+        zipOpenNewFileInZip4_64                 @135
+        zipCloseFileInZipRaw64                  @136
+
+; zlib1 v1.2.4 added:
+        adler32_combine                         @140
+        crc32_combine                           @142
+        deflateSetHeader                        @144
+        deflateTune                             @145
+        gzbuffer                                @146
+        gzclose_r                               @147
+        gzclose_w                               @148
+        gzdirect                                @149
+        gzoffset                                @150
+        inflateGetHeader                        @156
+        inflateMark                             @157
+        inflatePrime                            @158
+        inflateReset2                           @159
+        inflateUndermine                        @160
+
+; zlib1 v1.2.6 added:
+        gzgetc_                                 @161
+        inflateResetKeep                        @163
+        deflateResetKeep                        @164
+
+; zlib1 v1.2.7 added:
+        gzopen_w                                @165
+
+; zlib1 v1.2.8 added:
+        inflateGetDictionary                    @166
+        gzvprintf                               @167
+
+; zlib1 v1.2.9 added:
+        inflateCodesUsed                        @168
+        inflateValidate                         @169
+        uncompress2                             @170
+        gzfread                                 @171
+        gzfwrite                                @172
+        deflateGetDictionary                    @173
+        adler32_z                               @174
+        crc32_z                                 @175
+
+; zlib1 v1.2.12 added:
+		crc32_combine_gen						@176
+		crc32_combine_gen64						@177
+		crc32_combine_op						@178
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.sln b/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.sln
new file mode 100644
index 00000000..6f4a1076
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.sln
@@ -0,0 +1,119 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcxproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcxproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcxproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlibdll", "testzlibdll.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcxproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Itanium = Debug|Itanium
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Itanium = Release|Itanium
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		ReleaseWithoutAsm|Itanium = ReleaseWithoutAsm|Itanium
+		ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32
+		ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.vcxproj b/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.vcxproj
new file mode 100644
index 00000000..424ff55b
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc14/zlibvc.vcxproj
@@ -0,0 +1,668 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Itanium">
+      <Configuration>Debug</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Itanium">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Itanium">
+      <Configuration>Release</Configuration>
+      <Platform>Itanium</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8FD826F8-3739-44E6-8CC8-997122E53B8D}</ProjectGuid>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ia64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">zlibwapi</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Itanium</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineIA64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\minizip\iowin32.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Itanium'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\deflate.h" />
+    <ClInclude Include="..\..\..\infblock.h" />
+    <ClInclude Include="..\..\..\infcodes.h" />
+    <ClInclude Include="..\..\..\inffast.h" />
+    <ClInclude Include="..\..\..\inftrees.h" />
+    <ClInclude Include="..\..\..\infutil.h" />
+    <ClInclude Include="..\..\..\zconf.h" />
+    <ClInclude Include="..\..\..\zlib.h" />
+    <ClInclude Include="..\..\..\zutil.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/miniunz.vcxproj b/zlib-1.3.1/contrib/vstudio/vc17/miniunz.vcxproj
new file mode 100644
index 00000000..68ef1658
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/miniunz.vcxproj
@@ -0,0 +1,409 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694382A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>arm64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir>arm64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>arm64\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir>arm64\MiniUnzip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>arm\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir>arm\MiniUnzip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>arm\MiniUnzip$(Configuration)\</OutDir>
+    <IntDir>arm\MiniUnzip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)miniunz.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)miniunz.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\miniunz.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/minizip.vcxproj b/zlib-1.3.1/contrib/vstudio/vc17/minizip.vcxproj
new file mode 100644
index 00000000..dd3c52e7
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/minizip.vcxproj
@@ -0,0 +1,405 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\MiniZip$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\$(Configuration)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</LinkIncremental>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>arm64\MiniZip$(Configuration)\</OutDir>
+    <IntDir>arm64\MiniZip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>arm64\MiniZip$(Configuration)\</OutDir>
+    <IntDir>arm64\MiniZip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>arm\MiniZip$(Configuration)\</OutDir>
+    <IntDir>arm\MiniZip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>arm\MiniZip$(Configuration)\</OutDir>
+    <IntDir>arm\MiniZip$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)minizip.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)minizip.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\minizip\minizip.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/testzlib.vcxproj b/zlib-1.3.1/contrib/vstudio/vc17/testzlib.vcxproj
new file mode 100644
index 00000000..4cc99b3f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/testzlib.vcxproj
@@ -0,0 +1,473 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|ARM">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|ARM64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}</ProjectGuid>
+    <RootNamespace>testzlib</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlib$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlib$(Configuration)\Tmp\</IntDir>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>arm64\TestZlib$(Configuration)\</OutDir>
+    <IntDir>arm64\TestZlib$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>arm64\TestZlib$(Configuration)\</OutDir>
+    <IntDir>arm64\TestZlib$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">
+    <OutDir>arm64\TestZlib$(Configuration)\</OutDir>
+    <IntDir>arm64\TestZlib$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>arm\TestZlib$(Configuration)\</OutDir>
+    <IntDir>arm\TestZlib$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>arm\TestZlib$(Configuration)\</OutDir>
+    <IntDir>arm\TestZlib$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">
+    <OutDir>arm\TestZlib$(Configuration)\</OutDir>
+    <IntDir>arm\TestZlib$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerOutput>AssemblyAndSourceCode</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlib.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/testzlibdll.vcxproj b/zlib-1.3.1/contrib/vstudio/vc17/testzlibdll.vcxproj
new file mode 100644
index 00000000..73bba55d
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/testzlibdll.vcxproj
@@ -0,0 +1,409 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{C52F9E7B-498A-42BE-8DB4-85A15694366A}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>arm64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>arm64\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm64\TestZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>arm\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm\TestZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>arm\TestZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm\TestZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)testzlib.pdb</ProgramDatabaseFile>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <OmitFramePointers>true</OmitFramePointers>
+      <AdditionalIncludeDirectories>..\..\..;..\..\minizip;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)testzlibdll.exe</OutputFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\testzlib\testzlib.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="zlibvc.vcxproj">
+      <Project>{8fd826f8-3739-44e6-8cc8-997122e53b8d}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/zlib.rc b/zlib-1.3.1/contrib/vstudio/vc17/zlib.rc
new file mode 100644
index 00000000..a55f341c
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/zlib.rc
@@ -0,0 +1,32 @@
+#include <windows.h>
+
+#define IDR_VERSION1  1
+IDR_VERSION1	VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+  FILEVERSION	 1, 3, 1, 0
+  PRODUCTVERSION 1, 3, 1, 0
+  FILEFLAGSMASK	VS_FFI_FILEFLAGSMASK
+  FILEFLAGS	0
+  FILEOS	VOS_DOS_WINDOWS32
+  FILETYPE	VFT_DLL
+  FILESUBTYPE	0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+
+    BEGIN
+      VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0"
+      VALUE "FileVersion",	"1.3.1\0"
+      VALUE "InternalName",	"zlib\0"
+      VALUE "OriginalFilename",	"zlibwapi.dll\0"
+      VALUE "ProductName",	"ZLib.DLL\0"
+      VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0"
+      VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/zlibstat.vcxproj b/zlib-1.3.1/contrib/vstudio/vc17/zlibstat.vcxproj
new file mode 100644
index 00000000..b946ac2a
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/zlibstat.vcxproj
@@ -0,0 +1,602 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|ARM">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|ARM64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}</ProjectGuid>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibStat$(Configuration)\Tmp\</IntDir>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>arm64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir>arm64\ZlibStat$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>arm64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir>arm64\ZlibStat$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">
+    <OutDir>arm64\ZlibStat$(Configuration)\</OutDir>
+    <IntDir>arm64\ZlibStat$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>arm\ZlibStat$(Configuration)\</OutDir>
+    <IntDir>arm\ZlibStat$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>arm\ZlibStat$(Configuration)\</OutDir>
+    <IntDir>arm\ZlibStat$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">
+    <OutDir>arm\ZlibStat$(Configuration)\</OutDir>
+    <IntDir>arm\ZlibStat$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:ARM64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <Midl />
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:ARM /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl />
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:ARM64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <Midl />
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:ARM /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <TargetEnvironment>X64</TargetEnvironment>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">
+    <Midl />
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:ARM64 /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">
+    <Midl />
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibstat.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Lib>
+      <AdditionalOptions>/MACHINE:ARM /NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibstat.lib</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c" />
+    <ClCompile Include="..\..\minizip\zip.c" />
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.def b/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.def
new file mode 100644
index 00000000..53947cc3
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.def
@@ -0,0 +1,158 @@
+LIBRARY
+; zlib data compression and ZIP file I/O library
+
+VERSION		1.3.1
+
+EXPORTS
+        adler32                                  @1
+        compress                                 @2
+        crc32                                    @3
+        deflate                                  @4
+        deflateCopy                              @5
+        deflateEnd                               @6
+        deflateInit2_                            @7
+        deflateInit_                             @8
+        deflateParams                            @9
+        deflateReset                             @10
+        deflateSetDictionary                     @11
+        gzclose                                  @12
+        gzdopen                                  @13
+        gzerror                                  @14
+        gzflush                                  @15
+        gzopen                                   @16
+        gzread                                   @17
+        gzwrite                                  @18
+        inflate                                  @19
+        inflateEnd                               @20
+        inflateInit2_                            @21
+        inflateInit_                             @22
+        inflateReset                             @23
+        inflateSetDictionary                     @24
+        inflateSync                              @25
+        uncompress                               @26
+        zlibVersion                              @27
+        gzprintf                                 @28
+        gzputc                                   @29
+        gzgetc                                   @30
+        gzseek                                   @31
+        gzrewind                                 @32
+        gztell                                   @33
+        gzeof                                    @34
+        gzsetparams                              @35
+        zError                                   @36
+        inflateSyncPoint                         @37
+        get_crc_table                            @38
+        compress2                                @39
+        gzputs                                   @40
+        gzgets                                   @41
+        inflateCopy                              @42
+        inflateBackInit_                         @43
+        inflateBack                              @44
+        inflateBackEnd                           @45
+        compressBound                            @46
+        deflateBound                             @47
+        gzclearerr                               @48
+        gzungetc                                 @49
+        zlibCompileFlags                         @50
+        deflatePrime                             @51
+        deflatePending                           @52
+
+        unzOpen                                  @61
+        unzClose                                 @62
+        unzGetGlobalInfo                         @63
+        unzGetCurrentFileInfo                    @64
+        unzGoToFirstFile                         @65
+        unzGoToNextFile                          @66
+        unzOpenCurrentFile                       @67
+        unzReadCurrentFile                       @68
+        unzOpenCurrentFile3                      @69
+        unztell                                  @70
+        unzeof                                   @71
+        unzCloseCurrentFile                      @72
+        unzGetGlobalComment                      @73
+        unzStringFileNameCompare                 @74
+        unzLocateFile                            @75
+        unzGetLocalExtrafield                    @76
+        unzOpen2                                 @77
+        unzOpenCurrentFile2                      @78
+        unzOpenCurrentFilePassword               @79
+
+        zipOpen                                  @80
+        zipOpenNewFileInZip                      @81
+        zipWriteInFileInZip                      @82
+        zipCloseFileInZip                        @83
+        zipClose                                 @84
+        zipOpenNewFileInZip2                     @86
+        zipCloseFileInZipRaw                     @87
+        zipOpen2                                 @88
+        zipOpenNewFileInZip3                     @89
+
+        unzGetFilePos                            @100
+        unzGoToFilePos                           @101
+
+        fill_win32_filefunc                      @110
+
+; zlibwapi v1.2.4 added:
+        fill_win32_filefunc64                   @111
+        fill_win32_filefunc64A                  @112
+        fill_win32_filefunc64W                  @113
+
+        unzOpen64                               @120
+        unzOpen2_64                             @121
+        unzGetGlobalInfo64                      @122
+        unzGetCurrentFileInfo64                 @124
+        unzGetCurrentFileZStreamPos64           @125
+        unztell64                               @126
+        unzGetFilePos64                         @127
+        unzGoToFilePos64                        @128
+
+        zipOpen64                               @130
+        zipOpen2_64                             @131
+        zipOpenNewFileInZip64                   @132
+        zipOpenNewFileInZip2_64                 @133
+        zipOpenNewFileInZip3_64                 @134
+        zipOpenNewFileInZip4_64                 @135
+        zipCloseFileInZipRaw64                  @136
+
+; zlib1 v1.2.4 added:
+        adler32_combine                         @140
+        crc32_combine                           @142
+        deflateSetHeader                        @144
+        deflateTune                             @145
+        gzbuffer                                @146
+        gzclose_r                               @147
+        gzclose_w                               @148
+        gzdirect                                @149
+        gzoffset                                @150
+        inflateGetHeader                        @156
+        inflateMark                             @157
+        inflatePrime                            @158
+        inflateReset2                           @159
+        inflateUndermine                        @160
+
+; zlib1 v1.2.6 added:
+        gzgetc_                                 @161
+        inflateResetKeep                        @163
+        deflateResetKeep                        @164
+
+; zlib1 v1.2.7 added:
+        gzopen_w                                @165
+
+; zlib1 v1.2.8 added:
+        inflateGetDictionary                    @166
+        gzvprintf                               @167
+
+; zlib1 v1.2.9 added:
+        inflateCodesUsed                        @168
+        inflateValidate                         @169
+        uncompress2                             @170
+        gzfread                                 @171
+        gzfwrite                                @172
+        deflateGetDictionary                    @173
+        adler32_z                               @174
+        crc32_z                                 @175
+
+; zlib1 v1.2.12 added:
+		crc32_combine_gen						@176
+		crc32_combine_gen64						@177
+		crc32_combine_op						@178
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.sln b/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.sln
new file mode 100644
index 00000000..67896b74
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.sln
@@ -0,0 +1,179 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.4.33015.44
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcxproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcxproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcxproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlibdll", "testzlibdll.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcxproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|ARM = Debug|ARM
+		Debug|ARM64 = Debug|ARM64
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|ARM = Release|ARM
+		Release|ARM64 = Release|ARM64
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		ReleaseWithoutAsm|ARM = ReleaseWithoutAsm|ARM
+		ReleaseWithoutAsm|ARM64 = ReleaseWithoutAsm|ARM64
+		ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32
+		ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM.ActiveCfg = Debug|ARM
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM.Build.0 = Debug|ARM
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM64.Build.0 = Debug|ARM64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM.ActiveCfg = Release|ARM
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM.Build.0 = Release|ARM
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM64.ActiveCfg = Release|ARM64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM64.Build.0 = Release|ARM64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM.ActiveCfg = ReleaseWithoutAsm|ARM
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM.Build.0 = ReleaseWithoutAsm|ARM
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM64.ActiveCfg = ReleaseWithoutAsm|ARM64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM64.Build.0 = ReleaseWithoutAsm|ARM64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM.ActiveCfg = Debug|ARM
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM.Build.0 = Debug|ARM
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM64.Build.0 = Debug|ARM64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM.ActiveCfg = Release|ARM
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM.Build.0 = Release|ARM
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM64.ActiveCfg = Release|ARM64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM64.Build.0 = Release|ARM64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM.ActiveCfg = ReleaseWithoutAsm|ARM
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM.Build.0 = ReleaseWithoutAsm|ARM
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM64.ActiveCfg = ReleaseWithoutAsm|ARM64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM64.Build.0 = ReleaseWithoutAsm|ARM64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.ActiveCfg = Debug|ARM
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.Build.0 = Debug|ARM
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.Build.0 = Debug|ARM64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.ActiveCfg = Release|ARM
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.Build.0 = Release|ARM
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.ActiveCfg = Release|ARM64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.Build.0 = Release|ARM64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.ActiveCfg = ReleaseWithoutAsm|ARM
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.Build.0 = ReleaseWithoutAsm|ARM
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.ActiveCfg = ReleaseWithoutAsm|ARM64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.Build.0 = ReleaseWithoutAsm|ARM64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM.ActiveCfg = Debug|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM.Build.0 = Debug|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM64.Build.0 = Debug|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM.ActiveCfg = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM.Build.0 = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM64.ActiveCfg = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM64.Build.0 = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM.ActiveCfg = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM.Build.0 = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM64.ActiveCfg = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM64.Build.0 = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.ActiveCfg = Debug|ARM
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.Build.0 = Debug|ARM
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.Build.0 = Debug|ARM64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.ActiveCfg = Release|ARM
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.Build.0 = Release|ARM
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.ActiveCfg = Release|ARM64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.Build.0 = Release|ARM64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.ActiveCfg = Release|ARM
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.Build.0 = Release|ARM
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.ActiveCfg = Release|ARM64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.Build.0 = Release|ARM64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM.ActiveCfg = Debug|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM.Build.0 = Debug|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM64.ActiveCfg = Debug|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM64.Build.0 = Debug|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM.ActiveCfg = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM.Build.0 = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM64.ActiveCfg = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM64.Build.0 = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM.ActiveCfg = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM.Build.0 = Release|ARM
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM64.ActiveCfg = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM64.Build.0 = Release|ARM64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {EAA58685-56D9-43F2-8703-FD2CB020745E}
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.vcxproj b/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.vcxproj
new file mode 100644
index 00000000..10a7a901
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc17/zlibvc.vcxproj
@@ -0,0 +1,875 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|ARM">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|ARM64">
+      <Configuration>Debug</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|ARM">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|ARM64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|Win32">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="ReleaseWithoutAsm|x64">
+      <Configuration>ReleaseWithoutAsm</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM">
+      <Configuration>Release</Configuration>
+      <Platform>ARM</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|ARM64">
+      <Configuration>Release</Configuration>
+      <Platform>ARM64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{8FD826F8-3739-44E6-8CC8-997122E53B8D}</ProjectGuid>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseOfMfc>false</UseOfMfc>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30128.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">x86\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">false</GenerateManifest>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">x64\ZlibDll$(Configuration)\Tmp\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</LinkIncremental>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">false</GenerateManifest>
+    <GenerateManifest Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">false</GenerateManifest>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">AllRules.ruleset</CodeAnalysisRuleSet>
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" />
+    <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" />
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|x64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">zlibwapi</TargetName>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">zlibwapi</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <OutDir>arm64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm64\ZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <OutDir>arm\ZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm\ZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <OutDir>arm64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm64\ZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">
+    <OutDir>arm64\ZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm64\ZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <OutDir>arm\ZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm\ZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">
+    <OutDir>arm\ZlibDll$(Configuration)\</OutDir>
+    <IntDir>arm\ZlibDll$(Configuration)\Tmp\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>Win32</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalOptions>/MACHINE:I386 %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <Midl>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='ReleaseWithoutAsm|ARM'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetEnvironment>X64</TargetEnvironment>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <Midl>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MkTypLibCompatible>true</MkTypLibCompatible>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TypeLibraryName>$(OutDir)zlibvc.tlb</TypeLibraryName>
+    </Midl>
+    <ClCompile>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <AdditionalIncludeDirectories>..\..\..;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN32;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>
+      </ExceptionHandling>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeaderOutputFile>$(IntDir)zlibvc.pch</PrecompiledHeaderOutputFile>
+      <AssemblerOutput>All</AssemblerOutput>
+      <AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>
+      <ObjectFileName>$(IntDir)</ObjectFileName>
+      <ProgramDataBaseFileName>$(OutDir)</ProgramDataBaseFileName>
+      <BrowseInformation>
+      </BrowseInformation>
+      <WarningLevel>Level3</WarningLevel>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+    </ClCompile>
+    <ResourceCompile>
+      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+    <Link>
+      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)zlibwapi.dll</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+      <ModuleDefinitionFile>.\zlibvc.def</ModuleDefinitionFile>
+      <ProgramDatabaseFile>$(OutDir)zlibwapi.pdb</ProgramDatabaseFile>
+      <GenerateMapFile>true</GenerateMapFile>
+      <MapFileName>$(OutDir)zlibwapi.map</MapFileName>
+      <SubSystem>Windows</SubSystem>
+      <ImportLibrary>$(OutDir)zlibwapi.lib</ImportLibrary>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\..\adler32.c" />
+    <ClCompile Include="..\..\..\compress.c" />
+    <ClCompile Include="..\..\..\crc32.c" />
+    <ClCompile Include="..\..\..\deflate.c" />
+    <ClCompile Include="..\..\..\gzclose.c" />
+    <ClCompile Include="..\..\..\gzlib.c" />
+    <ClCompile Include="..\..\..\gzread.c" />
+    <ClCompile Include="..\..\..\gzwrite.c" />
+    <ClCompile Include="..\..\..\infback.c" />
+    <ClCompile Include="..\..\..\inffast.c" />
+    <ClCompile Include="..\..\..\inflate.c" />
+    <ClCompile Include="..\..\..\inftrees.c" />
+    <ClCompile Include="..\..\minizip\ioapi.c" />
+    <ClCompile Include="..\..\minizip\iowin32.c" />
+    <ClCompile Include="..\..\..\trees.c" />
+    <ClCompile Include="..\..\..\uncompr.c" />
+    <ClCompile Include="..\..\minizip\unzip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\minizip\zip.c">
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|x64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">ZLIB_INTERNAL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <ClCompile Include="..\..\..\zutil.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="zlib.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="zlibvc.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\..\deflate.h" />
+    <ClInclude Include="..\..\..\infblock.h" />
+    <ClInclude Include="..\..\..\infcodes.h" />
+    <ClInclude Include="..\..\..\inffast.h" />
+    <ClInclude Include="..\..\..\inftrees.h" />
+    <ClInclude Include="..\..\..\infutil.h" />
+    <ClInclude Include="..\..\..\zconf.h" />
+    <ClInclude Include="..\..\..\zlib.h" />
+    <ClInclude Include="..\..\..\zutil.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/miniunz.vcproj b/zlib-1.3.1/contrib/vstudio/vc9/miniunz.vcproj
new file mode 100644
index 00000000..cc3d13a1
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/miniunz.vcproj
@@ -0,0 +1,565 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9.00"
+	Name="miniunz"
+	ProjectGUID="{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="131072"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+		<Platform
+			Name="Itanium"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="x86\MiniUnzip$(ConfigurationName)"
+			IntermediateDirectory="x86\MiniUnzip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="1"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x86\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/miniunz.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/miniunz.pdb"
+				SubSystem="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="x86\MiniUnzip$(ConfigurationName)"
+			IntermediateDirectory="x86\MiniUnzip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x86\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/miniunz.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="x64\MiniUnzip$(ConfigurationName)"
+			IntermediateDirectory="x64\MiniUnzip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x64\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/miniunz.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/miniunz.pdb"
+				SubSystem="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|Itanium"
+			OutputDirectory="ia64\MiniUnzip$(ConfigurationName)"
+			IntermediateDirectory="ia64\MiniUnzip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ia64\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/miniunz.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/miniunz.pdb"
+				SubSystem="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="x64\MiniUnzip$(ConfigurationName)"
+			IntermediateDirectory="x64\MiniUnzip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x64\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/miniunz.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Itanium"
+			OutputDirectory="ia64\MiniUnzip$(ConfigurationName)"
+			IntermediateDirectory="ia64\MiniUnzip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ia64\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/miniunz.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat"
+			>
+			<File
+				RelativePath="..\..\minizip\miniunz.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/minizip.vcproj b/zlib-1.3.1/contrib/vstudio/vc9/minizip.vcproj
new file mode 100644
index 00000000..fecd9dd0
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/minizip.vcproj
@@ -0,0 +1,562 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9.00"
+	Name="minizip"
+	ProjectGUID="{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="131072"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+		<Platform
+			Name="Itanium"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="x86\MiniZip$(ConfigurationName)"
+			IntermediateDirectory="x86\MiniZip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="1"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x86\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/minizip.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/minizip.pdb"
+				SubSystem="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="x86\MiniZip$(ConfigurationName)"
+			IntermediateDirectory="x86\MiniZip$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x86\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/minizip.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="x64\$(ConfigurationName)"
+			IntermediateDirectory="x64\$(ConfigurationName)"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x64\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/minizip.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/minizip.pdb"
+				SubSystem="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|Itanium"
+			OutputDirectory="ia64\$(ConfigurationName)"
+			IntermediateDirectory="ia64\$(ConfigurationName)"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ia64\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/minizip.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/minizip.pdb"
+				SubSystem="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="x64\$(ConfigurationName)"
+			IntermediateDirectory="x64\$(ConfigurationName)"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x64\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/minizip.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Itanium"
+			OutputDirectory="ia64\$(ConfigurationName)"
+			IntermediateDirectory="ia64\$(ConfigurationName)"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ia64\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/minizip.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat"
+			>
+			<File
+				RelativePath="..\..\minizip\minizip.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/testzlib.vcproj b/zlib-1.3.1/contrib/vstudio/vc9/testzlib.vcproj
new file mode 100644
index 00000000..ff69640e
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/testzlib.vcproj
@@ -0,0 +1,796 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9,00"
+	Name="testzlib"
+	ProjectGUID="{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+	RootNamespace="testzlib"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="131072"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+		<Platform
+			Name="Itanium"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="x86\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="x86\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="1"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerOutput="4"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/testzlib.pdb"
+				SubSystem="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="x64\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="x64\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				AssemblerListingLocation="$(IntDir)\"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				GenerateManifest="false"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|Itanium"
+			OutputDirectory="ia64\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="ia64\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerOutput="4"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/testzlib.pdb"
+				SubSystem="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|Win32"
+			OutputDirectory="x86\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="x86\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|x64"
+			OutputDirectory="x64\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="x64\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				AssemblerListingLocation="$(IntDir)\"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies=""
+				GenerateManifest="false"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|Itanium"
+			OutputDirectory="ia64\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="ia64\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="x86\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="x86\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="x64\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="x64\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				AssemblerListingLocation="$(IntDir)\"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				GenerateManifest="false"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Itanium"
+			OutputDirectory="ia64\TestZlib$(ConfigurationName)"
+			IntermediateDirectory="ia64\TestZlib$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			CharacterSet="2"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat"
+			>
+			<File
+				RelativePath="..\..\..\adler32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\compress.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\crc32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\deflate.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\infback.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inffast.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inflate.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inftrees.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\testzlib\testzlib.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\trees.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\uncompr.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\zutil.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/testzlibdll.vcproj b/zlib-1.3.1/contrib/vstudio/vc9/testzlibdll.vcproj
new file mode 100644
index 00000000..6448b497
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/testzlibdll.vcproj
@@ -0,0 +1,565 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9.00"
+	Name="TestZlibDll"
+	ProjectGUID="{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="131072"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+		<Platform
+			Name="Itanium"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="x86\TestZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x86\TestZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="1"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x86\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/testzlib.pdb"
+				SubSystem="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="x86\TestZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x86\TestZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x86\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				TargetMachine="1"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="x64\TestZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x64\TestZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x64\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/testzlib.pdb"
+				SubSystem="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|Itanium"
+			OutputDirectory="ia64\TestZlibDll$(ConfigurationName)"
+			IntermediateDirectory="ia64\TestZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64"
+				MinimalRebuild="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ia64\ZlibDllDebug\zlibwapi.lib"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="2"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/testzlib.pdb"
+				SubSystem="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="x64\TestZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x64\TestZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="x64\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Itanium"
+			OutputDirectory="ia64\TestZlibDll$(ConfigurationName)"
+			IntermediateDirectory="ia64\TestZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="1"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="2"
+				InlineFunctionExpansion="1"
+				OmitFramePointers="true"
+				AdditionalIncludeDirectories="..\..\..;..\..\minizip"
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64"
+				StringPooling="true"
+				BasicRuntimeChecks="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				UsePrecompiledHeader="0"
+				AssemblerListingLocation="$(IntDir)\"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalDependencies="ia64\ZlibDllRelease\zlibwapi.lib"
+				OutputFile="$(OutDir)/testzlib.exe"
+				LinkIncremental="1"
+				GenerateManifest="false"
+				GenerateDebugInformation="true"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				OptimizeForWindows98="1"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCWebDeploymentTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat"
+			>
+			<File
+				RelativePath="..\..\testzlib\testzlib.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc"
+			>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/zlib.rc b/zlib-1.3.1/contrib/vstudio/vc9/zlib.rc
new file mode 100644
index 00000000..856bd11f
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/zlib.rc
@@ -0,0 +1,32 @@
+#include <windows.h>
+
+#define IDR_VERSION1  1
+IDR_VERSION1	VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+  FILEVERSION	 1, 3, 1, 0
+  PRODUCTVERSION 1, 3, 1, 0
+  FILEFLAGSMASK	VS_FFI_FILEFLAGSMASK
+  FILEFLAGS	0
+  FILEOS	VOS_DOS_WINDOWS32
+  FILETYPE	VFT_DLL
+  FILESUBTYPE	0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+
+    BEGIN
+      VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0"
+      VALUE "FileVersion",	"1.3.1\0"
+      VALUE "InternalName",	"zlib\0"
+      VALUE "OriginalFilename",	"zlibwapi.dll\0"
+      VALUE "ProductName",	"ZLib.DLL\0"
+      VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0"
+      VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/zlibstat.vcproj b/zlib-1.3.1/contrib/vstudio/vc9/zlibstat.vcproj
new file mode 100644
index 00000000..1bf15635
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/zlibstat.vcproj
@@ -0,0 +1,781 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9,00"
+	Name="zlibstat"
+	ProjectGUID="{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+	TargetFrameworkVersion="131072"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+		<Platform
+			Name="Itanium"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="x86\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="x86\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				ExceptionHandling="0"
+				RuntimeLibrary="1"
+				BufferSecurityCheck="false"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:X86 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="x64\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="x64\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				ExceptionHandling="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:AMD64 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|Itanium"
+			OutputDirectory="ia64\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="ia64\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				ExceptionHandling="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+				Detect64BitPortabilityProblems="true"
+				DebugInformationFormat="1"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:IA64 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="x86\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="x86\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:X86 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="x64\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="x64\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:AMD64 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Itanium"
+			OutputDirectory="ia64\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="ia64\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:IA64 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|Win32"
+			OutputDirectory="x86\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="x86\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:X86 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|x64"
+			OutputDirectory="x64\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="x64\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="3"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:AMD64 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|Itanium"
+			OutputDirectory="ia64\ZlibStat$(ConfigurationName)"
+			IntermediateDirectory="ia64\ZlibStat$(ConfigurationName)\Tmp"
+			ConfigurationType="4"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				TargetEnvironment="2"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibstat.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLibrarianTool"
+				AdditionalOptions="/MACHINE:IA64 /NODEFAULTLIB"
+				OutputFile="$(OutDir)\zlibstat.lib"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			>
+			<File
+				RelativePath="..\..\..\adler32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\compress.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\crc32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\deflate.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzclose.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzguts.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzlib.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzread.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzwrite.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\infback.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inffast.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inflate.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inftrees.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\minizip\ioapi.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\trees.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\uncompr.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\minizip\unzip.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\minizip\zip.c"
+				>
+			</File>
+			<File
+				RelativePath=".\zlib.rc"
+				>
+			</File>
+			<File
+				RelativePath=".\zlibvc.def"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\zutil.c"
+				>
+			</File>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.def b/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.def
new file mode 100644
index 00000000..3234a02d
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.def
@@ -0,0 +1,158 @@
+LIBRARY
+; zlib data compression and ZIP file I/O library
+
+VERSION		1.3.1
+
+EXPORTS
+        adler32                                  @1
+        compress                                 @2
+        crc32                                    @3
+        deflate                                  @4
+        deflateCopy                              @5
+        deflateEnd                               @6
+        deflateInit2_                            @7
+        deflateInit_                             @8
+        deflateParams                            @9
+        deflateReset                             @10
+        deflateSetDictionary                     @11
+        gzclose                                  @12
+        gzdopen                                  @13
+        gzerror                                  @14
+        gzflush                                  @15
+        gzopen                                   @16
+        gzread                                   @17
+        gzwrite                                  @18
+        inflate                                  @19
+        inflateEnd                               @20
+        inflateInit2_                            @21
+        inflateInit_                             @22
+        inflateReset                             @23
+        inflateSetDictionary                     @24
+        inflateSync                              @25
+        uncompress                               @26
+        zlibVersion                              @27
+        gzprintf                                 @28
+        gzputc                                   @29
+        gzgetc                                   @30
+        gzseek                                   @31
+        gzrewind                                 @32
+        gztell                                   @33
+        gzeof                                    @34
+        gzsetparams                              @35
+        zError                                   @36
+        inflateSyncPoint                         @37
+        get_crc_table                            @38
+        compress2                                @39
+        gzputs                                   @40
+        gzgets                                   @41
+        inflateCopy                              @42
+        inflateBackInit_                         @43
+        inflateBack                              @44
+        inflateBackEnd                           @45
+        compressBound                            @46
+        deflateBound                             @47
+        gzclearerr                               @48
+        gzungetc                                 @49
+        zlibCompileFlags                         @50
+        deflatePrime                             @51
+        deflatePending                           @52
+
+        unzOpen                                  @61
+        unzClose                                 @62
+        unzGetGlobalInfo                         @63
+        unzGetCurrentFileInfo                    @64
+        unzGoToFirstFile                         @65
+        unzGoToNextFile                          @66
+        unzOpenCurrentFile                       @67
+        unzReadCurrentFile                       @68
+        unzOpenCurrentFile3                      @69
+        unztell                                  @70
+        unzeof                                   @71
+        unzCloseCurrentFile                      @72
+        unzGetGlobalComment                      @73
+        unzStringFileNameCompare                 @74
+        unzLocateFile                            @75
+        unzGetLocalExtrafield                    @76
+        unzOpen2                                 @77
+        unzOpenCurrentFile2                      @78
+        unzOpenCurrentFilePassword               @79
+
+        zipOpen                                  @80
+        zipOpenNewFileInZip                      @81
+        zipWriteInFileInZip                      @82
+        zipCloseFileInZip                        @83
+        zipClose                                 @84
+        zipOpenNewFileInZip2                     @86
+        zipCloseFileInZipRaw                     @87
+        zipOpen2                                 @88
+        zipOpenNewFileInZip3                     @89
+
+        unzGetFilePos                            @100
+        unzGoToFilePos                           @101
+
+        fill_win32_filefunc                      @110
+
+; zlibwapi v1.2.4 added:
+        fill_win32_filefunc64                   @111
+        fill_win32_filefunc64A                  @112
+        fill_win32_filefunc64W                  @113
+
+        unzOpen64                               @120
+        unzOpen2_64                             @121
+        unzGetGlobalInfo64                      @122
+        unzGetCurrentFileInfo64                 @124
+        unzGetCurrentFileZStreamPos64           @125
+        unztell64                               @126
+        unzGetFilePos64                         @127
+        unzGoToFilePos64                        @128
+
+        zipOpen64                               @130
+        zipOpen2_64                             @131
+        zipOpenNewFileInZip64                   @132
+        zipOpenNewFileInZip2_64                 @133
+        zipOpenNewFileInZip3_64                 @134
+        zipOpenNewFileInZip4_64                 @135
+        zipCloseFileInZipRaw64                  @136
+
+; zlib1 v1.2.4 added:
+        adler32_combine                         @140
+        crc32_combine                           @142
+        deflateSetHeader                        @144
+        deflateTune                             @145
+        gzbuffer                                @146
+        gzclose_r                               @147
+        gzclose_w                               @148
+        gzdirect                                @149
+        gzoffset                                @150
+        inflateGetHeader                        @156
+        inflateMark                             @157
+        inflatePrime                            @158
+        inflateReset2                           @159
+        inflateUndermine                        @160
+
+; zlib1 v1.2.6 added:
+        gzgetc_                                 @161
+        inflateResetKeep                        @163
+        deflateResetKeep                        @164
+
+; zlib1 v1.2.7 added:
+        gzopen_w                                @165
+
+; zlib1 v1.2.8 added:
+        inflateGetDictionary                    @166
+        gzvprintf                               @167
+
+; zlib1 v1.2.9 added:
+        inflateCodesUsed                        @168
+        inflateValidate                         @169
+        uncompress2                             @170
+        gzfread                                 @171
+        gzfwrite                                @172
+        deflateGetDictionary                    @173
+        adler32_z                               @174
+        crc32_z                                 @175
+
+; zlib1 v1.2.12 added:
+		crc32_combine_gen						@176
+		crc32_combine_gen64						@177
+		crc32_combine_op						@178
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.sln b/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.sln
new file mode 100644
index 00000000..b4829671
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.sln
@@ -0,0 +1,144 @@
+
+Microsoft Visual Studio Solution File, Format Version 10.00
+# Visual Studio 2008
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestZlibDll", "testzlibdll.vcproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}"
+	ProjectSection(ProjectDependencies) = postProject
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D} = {8FD826F8-3739-44E6-8CC8-997122E53B8D}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}"
+	ProjectSection(ProjectDependencies) = postProject
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D} = {8FD826F8-3739-44E6-8CC8-997122E53B8D}
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}"
+	ProjectSection(ProjectDependencies) = postProject
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D} = {8FD826F8-3739-44E6-8CC8-997122E53B8D}
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Itanium = Debug|Itanium
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		Release|Itanium = Release|Itanium
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+		ReleaseWithoutAsm|Itanium = ReleaseWithoutAsm|Itanium
+		ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32
+		ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Itanium.Build.0 = Debug|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.ActiveCfg = Release|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Itanium.Build.0 = Release|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Itanium.Build.0 = ReleaseWithoutAsm|Itanium
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Itanium.Build.0 = Debug|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.ActiveCfg = Release|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Itanium.Build.0 = Release|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Itanium.Build.0 = ReleaseWithoutAsm|Itanium
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.Build.0 = Debug|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.Build.0 = Release|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = ReleaseWithoutAsm|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.Build.0 = ReleaseWithoutAsm|Itanium
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64
+		{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Itanium.Build.0 = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Itanium.Build.0 = Debug|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.ActiveCfg = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Itanium.Build.0 = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Itanium.Build.0 = Release|Itanium
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.ActiveCfg = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Itanium.Build.0 = Debug|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.ActiveCfg = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Itanium.Build.0 = Release|Itanium
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32
+		{C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.vcproj b/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.vcproj
new file mode 100644
index 00000000..f11dd1fb
--- /dev/null
+++ b/zlib-1.3.1/contrib/vstudio/vc9/zlibvc.vcproj
@@ -0,0 +1,1100 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="9,00"
+	Name="zlibvc"
+	ProjectGUID="{8FD826F8-3739-44E6-8CC8-997122E53B8D}"
+	RootNamespace="zlibvc"
+	TargetFrameworkVersion="131072"
+	>
+	<Platforms>
+		<Platform
+			Name="Win32"
+		/>
+		<Platform
+			Name="x64"
+		/>
+		<Platform
+			Name="Itanium"
+		/>
+	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="x86\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x86\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="_DEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="1"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI"
+				ExceptionHandling="0"
+				RuntimeLibrary="1"
+				BufferSecurityCheck="false"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+				DebugInformationFormat="4"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="_DEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalOptions="/MACHINE:I386"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="2"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|x64"
+			OutputDirectory="x64\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x64\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="_DEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="3"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64"
+				ExceptionHandling="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="_DEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="2"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Debug|Itanium"
+			OutputDirectory="ia64\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="ia64\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="_DEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="2"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64"
+				ExceptionHandling="0"
+				RuntimeLibrary="3"
+				BufferSecurityCheck="false"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+				DebugInformationFormat="3"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="_DEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="2"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				GenerateDebugInformation="true"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|Win32"
+			OutputDirectory="x86\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x86\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="NDEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="1"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerOutput="2"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="NDEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalOptions="/MACHINE:I386"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="1"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				IgnoreAllDefaultLibraries="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|x64"
+			OutputDirectory="x64\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x64\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="NDEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="3"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerOutput="2"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="NDEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="1"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				IgnoreAllDefaultLibraries="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				OptimizeForWindows98="1"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="ReleaseWithoutAsm|Itanium"
+			OutputDirectory="ia64\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="ia64\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="NDEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="2"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerOutput="2"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="NDEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="1"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				IgnoreAllDefaultLibraries="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				OptimizeForWindows98="1"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="x86\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x86\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="NDEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="1"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="0"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerOutput="2"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="NDEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				AdditionalOptions="/MACHINE:I386"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="1"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				IgnoreAllDefaultLibraries="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				OptimizeForWindows98="1"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|x64"
+			OutputDirectory="x64\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="x64\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="NDEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="3"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerOutput="2"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="NDEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="1"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				IgnoreAllDefaultLibraries="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				OptimizeForWindows98="1"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+				TargetMachine="17"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+		<Configuration
+			Name="Release|Itanium"
+			OutputDirectory="ia64\ZlibDll$(ConfigurationName)"
+			IntermediateDirectory="ia64\ZlibDll$(ConfigurationName)\Tmp"
+			ConfigurationType="2"
+			InheritedPropertySheets="UpgradeFromVC70.vsprops"
+			UseOfMFC="0"
+			ATLMinimizesCRunTimeLibraryUsage="false"
+			WholeProgramOptimization="1"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+				PreprocessorDefinitions="NDEBUG"
+				MkTypLibCompatible="true"
+				SuppressStartupBanner="true"
+				TargetEnvironment="2"
+				TypeLibraryName="$(OutDir)/zlibvc.tlb"
+			/>
+			<Tool
+				Name="VCCLCompilerTool"
+				InlineFunctionExpansion="1"
+				AdditionalIncludeDirectories="..\..\.."
+				PreprocessorDefinitions="_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64"
+				StringPooling="true"
+				ExceptionHandling="0"
+				RuntimeLibrary="2"
+				BufferSecurityCheck="false"
+				EnableFunctionLevelLinking="true"
+				PrecompiledHeaderFile="$(IntDir)/zlibvc.pch"
+				AssemblerOutput="2"
+				AssemblerListingLocation="$(IntDir)\"
+				ObjectFile="$(IntDir)\"
+				ProgramDataBaseFileName="$(OutDir)\"
+				BrowseInformation="0"
+				WarningLevel="3"
+				SuppressStartupBanner="true"
+			/>
+			<Tool
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+				PreprocessorDefinitions="NDEBUG"
+				Culture="1036"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)\zlibwapi.dll"
+				LinkIncremental="1"
+				SuppressStartupBanner="true"
+				GenerateManifest="false"
+				IgnoreAllDefaultLibraries="false"
+				ModuleDefinitionFile=".\zlibvc.def"
+				ProgramDatabaseFile="$(OutDir)/zlibwapi.pdb"
+				GenerateMapFile="true"
+				MapFileName="$(OutDir)/zlibwapi.map"
+				SubSystem="2"
+				OptimizeForWindows98="1"
+				ImportLibrary="$(OutDir)/zlibwapi.lib"
+				TargetMachine="5"
+			/>
+			<Tool
+				Name="VCALinkTool"
+			/>
+			<Tool
+				Name="VCManifestTool"
+			/>
+			<Tool
+				Name="VCXDCMakeTool"
+			/>
+			<Tool
+				Name="VCBscMakeTool"
+			/>
+			<Tool
+				Name="VCFxCopTool"
+			/>
+			<Tool
+				Name="VCAppVerifierTool"
+			/>
+			<Tool
+				Name="VCPostBuildEventTool"
+			/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;rc;def;r;odl;hpj;bat;for;f90"
+			>
+			<File
+				RelativePath="..\..\..\adler32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\compress.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\crc32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\deflate.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzclose.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzguts.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzlib.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzread.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\gzwrite.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\infback.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inffast.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inflate.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inftrees.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\minizip\ioapi.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\minizip\iowin32.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\trees.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\uncompr.c"
+				>
+			</File>
+			<File
+				RelativePath="..\..\minizip\unzip.c"
+				>
+				<FileConfiguration
+					Name="Release|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories=""
+						PreprocessorDefinitions="ZLIB_INTERNAL"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories=""
+						PreprocessorDefinitions="ZLIB_INTERNAL"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Itanium"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories=""
+						PreprocessorDefinitions="ZLIB_INTERNAL"
+					/>
+				</FileConfiguration>
+			</File>
+			<File
+				RelativePath="..\..\minizip\zip.c"
+				>
+				<FileConfiguration
+					Name="Release|Win32"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories=""
+						PreprocessorDefinitions="ZLIB_INTERNAL"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|x64"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories=""
+						PreprocessorDefinitions="ZLIB_INTERNAL"
+					/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Itanium"
+					>
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories=""
+						PreprocessorDefinitions="ZLIB_INTERNAL"
+					/>
+				</FileConfiguration>
+			</File>
+			<File
+				RelativePath=".\zlib.rc"
+				>
+			</File>
+			<File
+				RelativePath=".\zlibvc.def"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\zutil.c"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;fi;fd"
+			>
+			<File
+				RelativePath="..\..\..\deflate.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\infblock.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\infcodes.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inffast.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\inftrees.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\infutil.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\zconf.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\zlib.h"
+				>
+			</File>
+			<File
+				RelativePath="..\..\..\zutil.h"
+				>
+			</File>
+		</Filter>
+		<Filter
+			Name="Resource Files"
+			Filter="ico;cur;bmp;dlg;rc2;rct;bin;cnt;rtf;gif;jpg;jpeg;jpe"
+			>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/zlib-1.3.1/crc32.c b/zlib-1.3.1/crc32.c
new file mode 100644
index 00000000..6c38f5c0
--- /dev/null
+++ b/zlib-1.3.1/crc32.c
@@ -0,0 +1,1049 @@
+/* crc32.c -- compute the CRC-32 of a data stream
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ *
+ * This interleaved implementation of a CRC makes use of pipelined multiple
+ * arithmetic-logic units, commonly found in modern CPU cores. It is due to
+ * Kadatch and Jenkins (2010). See doc/crc-doc.1.0.pdf in this distribution.
+ */
+
+/* @(#) $Id$ */
+
+/*
+  Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore
+  protection on the static variables used to control the first-use generation
+  of the crc tables. Therefore, if you #define DYNAMIC_CRC_TABLE, you should
+  first call get_crc_table() to initialize the tables before allowing more than
+  one thread to use crc32().
+
+  MAKECRCH can be #defined to write out crc32.h. A main() routine is also
+  produced, so that this one source file can be compiled to an executable.
+ */
+
+#ifdef MAKECRCH
+#  include <stdio.h>
+#  ifndef DYNAMIC_CRC_TABLE
+#    define DYNAMIC_CRC_TABLE
+#  endif /* !DYNAMIC_CRC_TABLE */
+#endif /* MAKECRCH */
+
+#include "zutil.h"      /* for Z_U4, Z_U8, z_crc_t, and FAR definitions */
+
+ /*
+  A CRC of a message is computed on N braids of words in the message, where
+  each word consists of W bytes (4 or 8). If N is 3, for example, then three
+  running sparse CRCs are calculated respectively on each braid, at these
+  indices in the array of words: 0, 3, 6, ..., 1, 4, 7, ..., and 2, 5, 8, ...
+  This is done starting at a word boundary, and continues until as many blocks
+  of N * W bytes as are available have been processed. The results are combined
+  into a single CRC at the end. For this code, N must be in the range 1..6 and
+  W must be 4 or 8. The upper limit on N can be increased if desired by adding
+  more #if blocks, extending the patterns apparent in the code. In addition,
+  crc32.h would need to be regenerated, if the maximum N value is increased.
+
+  N and W are chosen empirically by benchmarking the execution time on a given
+  processor. The choices for N and W below were based on testing on Intel Kaby
+  Lake i7, AMD Ryzen 7, ARM Cortex-A57, Sparc64-VII, PowerPC POWER9, and MIPS64
+  Octeon II processors. The Intel, AMD, and ARM processors were all fastest
+  with N=5, W=8. The Sparc, PowerPC, and MIPS64 were all fastest at N=5, W=4.
+  They were all tested with either gcc or clang, all using the -O3 optimization
+  level. Your mileage may vary.
+ */
+
+/* Define N */
+#ifdef Z_TESTN
+#  define N Z_TESTN
+#else
+#  define N 5
+#endif
+#if N < 1 || N > 6
+#  error N must be in 1..6
+#endif
+
+/*
+  z_crc_t must be at least 32 bits. z_word_t must be at least as long as
+  z_crc_t. It is assumed here that z_word_t is either 32 bits or 64 bits, and
+  that bytes are eight bits.
+ */
+
+/*
+  Define W and the associated z_word_t type. If W is not defined, then a
+  braided calculation is not used, and the associated tables and code are not
+  compiled.
+ */
+#ifdef Z_TESTW
+#  if Z_TESTW-1 != -1
+#    define W Z_TESTW
+#  endif
+#else
+#  ifdef MAKECRCH
+#    define W 8         /* required for MAKECRCH */
+#  else
+#    if defined(__x86_64__) || defined(__aarch64__)
+#      define W 8
+#    else
+#      define W 4
+#    endif
+#  endif
+#endif
+#ifdef W
+#  if W == 8 && defined(Z_U8)
+     typedef Z_U8 z_word_t;
+#  elif defined(Z_U4)
+#    undef W
+#    define W 4
+     typedef Z_U4 z_word_t;
+#  else
+#    undef W
+#  endif
+#endif
+
+/* If available, use the ARM processor CRC32 instruction. */
+#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) && W == 8
+#  define ARMCRC32
+#endif
+
+#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
+/*
+  Swap the bytes in a z_word_t to convert between little and big endian. Any
+  self-respecting compiler will optimize this to a single machine byte-swap
+  instruction, if one is available. This assumes that word_t is either 32 bits
+  or 64 bits.
+ */
+local z_word_t byte_swap(z_word_t word) {
+#  if W == 8
+    return
+        (word & 0xff00000000000000) >> 56 |
+        (word & 0xff000000000000) >> 40 |
+        (word & 0xff0000000000) >> 24 |
+        (word & 0xff00000000) >> 8 |
+        (word & 0xff000000) << 8 |
+        (word & 0xff0000) << 24 |
+        (word & 0xff00) << 40 |
+        (word & 0xff) << 56;
+#  else   /* W == 4 */
+    return
+        (word & 0xff000000) >> 24 |
+        (word & 0xff0000) >> 8 |
+        (word & 0xff00) << 8 |
+        (word & 0xff) << 24;
+#  endif
+}
+#endif
+
+#ifdef DYNAMIC_CRC_TABLE
+/* =========================================================================
+ * Table of powers of x for combining CRC-32s, filled in by make_crc_table()
+ * below.
+ */
+   local z_crc_t FAR x2n_table[32];
+#else
+/* =========================================================================
+ * Tables for byte-wise and braided CRC-32 calculations, and a table of powers
+ * of x for combining CRC-32s, all made by make_crc_table().
+ */
+#  include "crc32.h"
+#endif
+
+/* CRC polynomial. */
+#define POLY 0xedb88320         /* p(x) reflected, with x^32 implied */
+
+/*
+  Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial,
+  reflected. For speed, this requires that a not be zero.
+ */
+local z_crc_t multmodp(z_crc_t a, z_crc_t b) {
+    z_crc_t m, p;
+
+    m = (z_crc_t)1 << 31;
+    p = 0;
+    for (;;) {
+        if (a & m) {
+            p ^= b;
+            if ((a & (m - 1)) == 0)
+                break;
+        }
+        m >>= 1;
+        b = b & 1 ? (b >> 1) ^ POLY : b >> 1;
+    }
+    return p;
+}
+
+/*
+  Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been
+  initialized.
+ */
+local z_crc_t x2nmodp(z_off64_t n, unsigned k) {
+    z_crc_t p;
+
+    p = (z_crc_t)1 << 31;           /* x^0 == 1 */
+    while (n) {
+        if (n & 1)
+            p = multmodp(x2n_table[k & 31], p);
+        n >>= 1;
+        k++;
+    }
+    return p;
+}
+
+#ifdef DYNAMIC_CRC_TABLE
+/* =========================================================================
+ * Build the tables for byte-wise and braided CRC-32 calculations, and a table
+ * of powers of x for combining CRC-32s.
+ */
+local z_crc_t FAR crc_table[256];
+#ifdef W
+   local z_word_t FAR crc_big_table[256];
+   local z_crc_t FAR crc_braid_table[W][256];
+   local z_word_t FAR crc_braid_big_table[W][256];
+   local void braid(z_crc_t [][256], z_word_t [][256], int, int);
+#endif
+#ifdef MAKECRCH
+   local void write_table(FILE *, const z_crc_t FAR *, int);
+   local void write_table32hi(FILE *, const z_word_t FAR *, int);
+   local void write_table64(FILE *, const z_word_t FAR *, int);
+#endif /* MAKECRCH */
+
+/*
+  Define a once() function depending on the availability of atomics. If this is
+  compiled with DYNAMIC_CRC_TABLE defined, and if CRCs will be computed in
+  multiple threads, and if atomics are not available, then get_crc_table() must
+  be called to initialize the tables and must return before any threads are
+  allowed to compute or combine CRCs.
+ */
+
+/* Definition of once functionality. */
+typedef struct once_s once_t;
+
+/* Check for the availability of atomics. */
+#if defined(__STDC__) && __STDC_VERSION__ >= 201112L && \
+    !defined(__STDC_NO_ATOMICS__)
+
+#include <stdatomic.h>
+
+/* Structure for once(), which must be initialized with ONCE_INIT. */
+struct once_s {
+    atomic_flag begun;
+    atomic_int done;
+};
+#define ONCE_INIT {ATOMIC_FLAG_INIT, 0}
+
+/*
+  Run the provided init() function exactly once, even if multiple threads
+  invoke once() at the same time. The state must be a once_t initialized with
+  ONCE_INIT.
+ */
+local void once(once_t *state, void (*init)(void)) {
+    if (!atomic_load(&state->done)) {
+        if (atomic_flag_test_and_set(&state->begun))
+            while (!atomic_load(&state->done))
+                ;
+        else {
+            init();
+            atomic_store(&state->done, 1);
+        }
+    }
+}
+
+#else   /* no atomics */
+
+/* Structure for once(), which must be initialized with ONCE_INIT. */
+struct once_s {
+    volatile int begun;
+    volatile int done;
+};
+#define ONCE_INIT {0, 0}
+
+/* Test and set. Alas, not atomic, but tries to minimize the period of
+   vulnerability. */
+local int test_and_set(int volatile *flag) {
+    int was;
+
+    was = *flag;
+    *flag = 1;
+    return was;
+}
+
+/* Run the provided init() function once. This is not thread-safe. */
+local void once(once_t *state, void (*init)(void)) {
+    if (!state->done) {
+        if (test_and_set(&state->begun))
+            while (!state->done)
+                ;
+        else {
+            init();
+            state->done = 1;
+        }
+    }
+}
+
+#endif
+
+/* State for once(). */
+local once_t made = ONCE_INIT;
+
+/*
+  Generate tables for a byte-wise 32-bit CRC calculation on the polynomial:
+  x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.
+
+  Polynomials over GF(2) are represented in binary, one bit per coefficient,
+  with the lowest powers in the most significant bit. Then adding polynomials
+  is just exclusive-or, and multiplying a polynomial by x is a right shift by
+  one. If we call the above polynomial p, and represent a byte as the
+  polynomial q, also with the lowest power in the most significant bit (so the
+  byte 0xb1 is the polynomial x^7+x^3+x^2+1), then the CRC is (q*x^32) mod p,
+  where a mod b means the remainder after dividing a by b.
+
+  This calculation is done using the shift-register method of multiplying and
+  taking the remainder. The register is initialized to zero, and for each
+  incoming bit, x^32 is added mod p to the register if the bit is a one (where
+  x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by x
+  (which is shifting right by one and adding x^32 mod p if the bit shifted out
+  is a one). We start with the highest power (least significant bit) of q and
+  repeat for all eight bits of q.
+
+  The table is simply the CRC of all possible eight bit values. This is all the
+  information needed to generate CRCs on data a byte at a time for all
+  combinations of CRC register values and incoming bytes.
+ */
+
+local void make_crc_table(void) {
+    unsigned i, j, n;
+    z_crc_t p;
+
+    /* initialize the CRC of bytes tables */
+    for (i = 0; i < 256; i++) {
+        p = i;
+        for (j = 0; j < 8; j++)
+            p = p & 1 ? (p >> 1) ^ POLY : p >> 1;
+        crc_table[i] = p;
+#ifdef W
+        crc_big_table[i] = byte_swap(p);
+#endif
+    }
+
+    /* initialize the x^2^n mod p(x) table */
+    p = (z_crc_t)1 << 30;         /* x^1 */
+    x2n_table[0] = p;
+    for (n = 1; n < 32; n++)
+        x2n_table[n] = p = multmodp(p, p);
+
+#ifdef W
+    /* initialize the braiding tables -- needs x2n_table[] */
+    braid(crc_braid_table, crc_braid_big_table, N, W);
+#endif
+
+#ifdef MAKECRCH
+    {
+        /*
+          The crc32.h header file contains tables for both 32-bit and 64-bit
+          z_word_t's, and so requires a 64-bit type be available. In that case,
+          z_word_t must be defined to be 64-bits. This code then also generates
+          and writes out the tables for the case that z_word_t is 32 bits.
+         */
+#if !defined(W) || W != 8
+#  error Need a 64-bit integer type in order to generate crc32.h.
+#endif
+        FILE *out;
+        int k, n;
+        z_crc_t ltl[8][256];
+        z_word_t big[8][256];
+
+        out = fopen("crc32.h", "w");
+        if (out == NULL) return;
+
+        /* write out little-endian CRC table to crc32.h */
+        fprintf(out,
+            "/* crc32.h -- tables for rapid CRC calculation\n"
+            " * Generated automatically by crc32.c\n */\n"
+            "\n"
+            "local const z_crc_t FAR crc_table[] = {\n"
+            "    ");
+        write_table(out, crc_table, 256);
+        fprintf(out,
+            "};\n");
+
+        /* write out big-endian CRC table for 64-bit z_word_t to crc32.h */
+        fprintf(out,
+            "\n"
+            "#ifdef W\n"
+            "\n"
+            "#if W == 8\n"
+            "\n"
+            "local const z_word_t FAR crc_big_table[] = {\n"
+            "    ");
+        write_table64(out, crc_big_table, 256);
+        fprintf(out,
+            "};\n");
+
+        /* write out big-endian CRC table for 32-bit z_word_t to crc32.h */
+        fprintf(out,
+            "\n"
+            "#else /* W == 4 */\n"
+            "\n"
+            "local const z_word_t FAR crc_big_table[] = {\n"
+            "    ");
+        write_table32hi(out, crc_big_table, 256);
+        fprintf(out,
+            "};\n"
+            "\n"
+            "#endif\n");
+
+        /* write out braid tables for each value of N */
+        for (n = 1; n <= 6; n++) {
+            fprintf(out,
+            "\n"
+            "#if N == %d\n", n);
+
+            /* compute braid tables for this N and 64-bit word_t */
+            braid(ltl, big, n, 8);
+
+            /* write out braid tables for 64-bit z_word_t to crc32.h */
+            fprintf(out,
+            "\n"
+            "#if W == 8\n"
+            "\n"
+            "local const z_crc_t FAR crc_braid_table[][256] = {\n");
+            for (k = 0; k < 8; k++) {
+                fprintf(out, "   {");
+                write_table(out, ltl[k], 256);
+                fprintf(out, "}%s", k < 7 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n"
+            "\n"
+            "local const z_word_t FAR crc_braid_big_table[][256] = {\n");
+            for (k = 0; k < 8; k++) {
+                fprintf(out, "   {");
+                write_table64(out, big[k], 256);
+                fprintf(out, "}%s", k < 7 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n");
+
+            /* compute braid tables for this N and 32-bit word_t */
+            braid(ltl, big, n, 4);
+
+            /* write out braid tables for 32-bit z_word_t to crc32.h */
+            fprintf(out,
+            "\n"
+            "#else /* W == 4 */\n"
+            "\n"
+            "local const z_crc_t FAR crc_braid_table[][256] = {\n");
+            for (k = 0; k < 4; k++) {
+                fprintf(out, "   {");
+                write_table(out, ltl[k], 256);
+                fprintf(out, "}%s", k < 3 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n"
+            "\n"
+            "local const z_word_t FAR crc_braid_big_table[][256] = {\n");
+            for (k = 0; k < 4; k++) {
+                fprintf(out, "   {");
+                write_table32hi(out, big[k], 256);
+                fprintf(out, "}%s", k < 3 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n"
+            "\n"
+            "#endif\n"
+            "\n"
+            "#endif\n");
+        }
+        fprintf(out,
+            "\n"
+            "#endif\n");
+
+        /* write out zeros operator table to crc32.h */
+        fprintf(out,
+            "\n"
+            "local const z_crc_t FAR x2n_table[] = {\n"
+            "    ");
+        write_table(out, x2n_table, 32);
+        fprintf(out,
+            "};\n");
+        fclose(out);
+    }
+#endif /* MAKECRCH */
+}
+
+#ifdef MAKECRCH
+
+/*
+   Write the 32-bit values in table[0..k-1] to out, five per line in
+   hexadecimal separated by commas.
+ */
+local void write_table(FILE *out, const z_crc_t FAR *table, int k) {
+    int n;
+
+    for (n = 0; n < k; n++)
+        fprintf(out, "%s0x%08lx%s", n == 0 || n % 5 ? "" : "    ",
+                (unsigned long)(table[n]),
+                n == k - 1 ? "" : (n % 5 == 4 ? ",\n" : ", "));
+}
+
+/*
+   Write the high 32-bits of each value in table[0..k-1] to out, five per line
+   in hexadecimal separated by commas.
+ */
+local void write_table32hi(FILE *out, const z_word_t FAR *table, int k) {
+    int n;
+
+    for (n = 0; n < k; n++)
+        fprintf(out, "%s0x%08lx%s", n == 0 || n % 5 ? "" : "    ",
+                (unsigned long)(table[n] >> 32),
+                n == k - 1 ? "" : (n % 5 == 4 ? ",\n" : ", "));
+}
+
+/*
+  Write the 64-bit values in table[0..k-1] to out, three per line in
+  hexadecimal separated by commas. This assumes that if there is a 64-bit
+  type, then there is also a long long integer type, and it is at least 64
+  bits. If not, then the type cast and format string can be adjusted
+  accordingly.
+ */
+local void write_table64(FILE *out, const z_word_t FAR *table, int k) {
+    int n;
+
+    for (n = 0; n < k; n++)
+        fprintf(out, "%s0x%016llx%s", n == 0 || n % 3 ? "" : "    ",
+                (unsigned long long)(table[n]),
+                n == k - 1 ? "" : (n % 3 == 2 ? ",\n" : ", "));
+}
+
+/* Actually do the deed. */
+int main(void) {
+    make_crc_table();
+    return 0;
+}
+
+#endif /* MAKECRCH */
+
+#ifdef W
+/*
+  Generate the little and big-endian braid tables for the given n and z_word_t
+  size w. Each array must have room for w blocks of 256 elements.
+ */
+local void braid(z_crc_t ltl[][256], z_word_t big[][256], int n, int w) {
+    int k;
+    z_crc_t i, p, q;
+    for (k = 0; k < w; k++) {
+        p = x2nmodp((n * w + 3 - k) << 3, 0);
+        ltl[k][0] = 0;
+        big[w - 1 - k][0] = 0;
+        for (i = 1; i < 256; i++) {
+            ltl[k][i] = q = multmodp(i << 24, p);
+            big[w - 1 - k][i] = byte_swap(q);
+        }
+    }
+}
+#endif
+
+#endif /* DYNAMIC_CRC_TABLE */
+
+/* =========================================================================
+ * This function can be used by asm versions of crc32(), and to force the
+ * generation of the CRC tables in a threaded application.
+ */
+const z_crc_t FAR * ZEXPORT get_crc_table(void) {
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+    return (const z_crc_t FAR *)crc_table;
+}
+
+/* =========================================================================
+ * Use ARM machine instructions if available. This will compute the CRC about
+ * ten times faster than the braided calculation. This code does not check for
+ * the presence of the CRC instruction at run time. __ARM_FEATURE_CRC32 will
+ * only be defined if the compilation specifies an ARM processor architecture
+ * that has the instructions. For example, compiling with -march=armv8.1-a or
+ * -march=armv8-a+crc, or -march=native if the compile machine has the crc32
+ * instructions.
+ */
+#ifdef ARMCRC32
+
+/*
+   Constants empirically determined to maximize speed. These values are from
+   measurements on a Cortex-A57. Your mileage may vary.
+ */
+#define Z_BATCH 3990                /* number of words in a batch */
+#define Z_BATCH_ZEROS 0xa10d3d0c    /* computed from Z_BATCH = 3990 */
+#define Z_BATCH_MIN 800             /* fewest words in a final batch */
+
+unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf,
+                              z_size_t len) {
+    z_crc_t val;
+    z_word_t crc1, crc2;
+    const z_word_t *word;
+    z_word_t val0, val1, val2;
+    z_size_t last, last2, i;
+    z_size_t num;
+
+    /* Return initial CRC, if requested. */
+    if (buf == Z_NULL) return 0;
+
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+
+    /* Pre-condition the CRC */
+    crc = (~crc) & 0xffffffff;
+
+    /* Compute the CRC up to a word boundary. */
+    while (len && ((z_size_t)buf & 7) != 0) {
+        len--;
+        val = *buf++;
+        __asm__ volatile("crc32b %w0, %w0, %w1" : "+r"(crc) : "r"(val));
+    }
+
+    /* Prepare to compute the CRC on full 64-bit words word[0..num-1]. */
+    word = (z_word_t const *)buf;
+    num = len >> 3;
+    len &= 7;
+
+    /* Do three interleaved CRCs to realize the throughput of one crc32x
+       instruction per cycle. Each CRC is calculated on Z_BATCH words. The
+       three CRCs are combined into a single CRC after each set of batches. */
+    while (num >= 3 * Z_BATCH) {
+        crc1 = 0;
+        crc2 = 0;
+        for (i = 0; i < Z_BATCH; i++) {
+            val0 = word[i];
+            val1 = word[i + Z_BATCH];
+            val2 = word[i + 2 * Z_BATCH];
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc) : "r"(val0));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc1) : "r"(val1));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc2) : "r"(val2));
+        }
+        word += 3 * Z_BATCH;
+        num -= 3 * Z_BATCH;
+        crc = multmodp(Z_BATCH_ZEROS, crc) ^ crc1;
+        crc = multmodp(Z_BATCH_ZEROS, crc) ^ crc2;
+    }
+
+    /* Do one last smaller batch with the remaining words, if there are enough
+       to pay for the combination of CRCs. */
+    last = num / 3;
+    if (last >= Z_BATCH_MIN) {
+        last2 = last << 1;
+        crc1 = 0;
+        crc2 = 0;
+        for (i = 0; i < last; i++) {
+            val0 = word[i];
+            val1 = word[i + last];
+            val2 = word[i + last2];
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc) : "r"(val0));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc1) : "r"(val1));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc2) : "r"(val2));
+        }
+        word += 3 * last;
+        num -= 3 * last;
+        val = x2nmodp(last, 6);
+        crc = multmodp(val, crc) ^ crc1;
+        crc = multmodp(val, crc) ^ crc2;
+    }
+
+    /* Compute the CRC on any remaining words. */
+    for (i = 0; i < num; i++) {
+        val0 = word[i];
+        __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc) : "r"(val0));
+    }
+    word += num;
+
+    /* Complete the CRC on any remaining bytes. */
+    buf = (const unsigned char FAR *)word;
+    while (len) {
+        len--;
+        val = *buf++;
+        __asm__ volatile("crc32b %w0, %w0, %w1" : "+r"(crc) : "r"(val));
+    }
+
+    /* Return the CRC, post-conditioned. */
+    return crc ^ 0xffffffff;
+}
+
+#else
+
+#ifdef W
+
+/*
+  Return the CRC of the W bytes in the word_t data, taking the
+  least-significant byte of the word as the first byte of data, without any pre
+  or post conditioning. This is used to combine the CRCs of each braid.
+ */
+local z_crc_t crc_word(z_word_t data) {
+    int k;
+    for (k = 0; k < W; k++)
+        data = (data >> 8) ^ crc_table[data & 0xff];
+    return (z_crc_t)data;
+}
+
+local z_word_t crc_word_big(z_word_t data) {
+    int k;
+    for (k = 0; k < W; k++)
+        data = (data << 8) ^
+            crc_big_table[(data >> ((W - 1) << 3)) & 0xff];
+    return data;
+}
+
+#endif
+
+/* ========================================================================= */
+unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf,
+                              z_size_t len) {
+    /* Return initial CRC, if requested. */
+    if (buf == Z_NULL) return 0;
+
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+
+    /* Pre-condition the CRC */
+    crc = (~crc) & 0xffffffff;
+
+#ifdef W
+
+    /* If provided enough bytes, do a braided CRC calculation. */
+    if (len >= N * W + W - 1) {
+        z_size_t blks;
+        z_word_t const *words;
+        unsigned endian;
+        int k;
+
+        /* Compute the CRC up to a z_word_t boundary. */
+        while (len && ((z_size_t)buf & (W - 1)) != 0) {
+            len--;
+            crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        }
+
+        /* Compute the CRC on as many N z_word_t blocks as are available. */
+        blks = len / (N * W);
+        len -= blks * N * W;
+        words = (z_word_t const *)buf;
+
+        /* Do endian check at execution time instead of compile time, since ARM
+           processors can change the endianness at execution time. If the
+           compiler knows what the endianness will be, it can optimize out the
+           check and the unused branch. */
+        endian = 1;
+        if (*(unsigned char *)&endian) {
+            /* Little endian. */
+
+            z_crc_t crc0;
+            z_word_t word0;
+#if N > 1
+            z_crc_t crc1;
+            z_word_t word1;
+#if N > 2
+            z_crc_t crc2;
+            z_word_t word2;
+#if N > 3
+            z_crc_t crc3;
+            z_word_t word3;
+#if N > 4
+            z_crc_t crc4;
+            z_word_t word4;
+#if N > 5
+            z_crc_t crc5;
+            z_word_t word5;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /* Initialize the CRC for each braid. */
+            crc0 = crc;
+#if N > 1
+            crc1 = 0;
+#if N > 2
+            crc2 = 0;
+#if N > 3
+            crc3 = 0;
+#if N > 4
+            crc4 = 0;
+#if N > 5
+            crc5 = 0;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /*
+              Process the first blks-1 blocks, computing the CRCs on each braid
+              independently.
+             */
+            while (--blks) {
+                /* Load the word for each braid into registers. */
+                word0 = crc0 ^ words[0];
+#if N > 1
+                word1 = crc1 ^ words[1];
+#if N > 2
+                word2 = crc2 ^ words[2];
+#if N > 3
+                word3 = crc3 ^ words[3];
+#if N > 4
+                word4 = crc4 ^ words[4];
+#if N > 5
+                word5 = crc5 ^ words[5];
+#endif
+#endif
+#endif
+#endif
+#endif
+                words += N;
+
+                /* Compute and update the CRC for each word. The loop should
+                   get unrolled. */
+                crc0 = crc_braid_table[0][word0 & 0xff];
+#if N > 1
+                crc1 = crc_braid_table[0][word1 & 0xff];
+#if N > 2
+                crc2 = crc_braid_table[0][word2 & 0xff];
+#if N > 3
+                crc3 = crc_braid_table[0][word3 & 0xff];
+#if N > 4
+                crc4 = crc_braid_table[0][word4 & 0xff];
+#if N > 5
+                crc5 = crc_braid_table[0][word5 & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                for (k = 1; k < W; k++) {
+                    crc0 ^= crc_braid_table[k][(word0 >> (k << 3)) & 0xff];
+#if N > 1
+                    crc1 ^= crc_braid_table[k][(word1 >> (k << 3)) & 0xff];
+#if N > 2
+                    crc2 ^= crc_braid_table[k][(word2 >> (k << 3)) & 0xff];
+#if N > 3
+                    crc3 ^= crc_braid_table[k][(word3 >> (k << 3)) & 0xff];
+#if N > 4
+                    crc4 ^= crc_braid_table[k][(word4 >> (k << 3)) & 0xff];
+#if N > 5
+                    crc5 ^= crc_braid_table[k][(word5 >> (k << 3)) & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                }
+            }
+
+            /*
+              Process the last block, combining the CRCs of the N braids at the
+              same time.
+             */
+            crc = crc_word(crc0 ^ words[0]);
+#if N > 1
+            crc = crc_word(crc1 ^ words[1] ^ crc);
+#if N > 2
+            crc = crc_word(crc2 ^ words[2] ^ crc);
+#if N > 3
+            crc = crc_word(crc3 ^ words[3] ^ crc);
+#if N > 4
+            crc = crc_word(crc4 ^ words[4] ^ crc);
+#if N > 5
+            crc = crc_word(crc5 ^ words[5] ^ crc);
+#endif
+#endif
+#endif
+#endif
+#endif
+            words += N;
+        }
+        else {
+            /* Big endian. */
+
+            z_word_t crc0, word0, comb;
+#if N > 1
+            z_word_t crc1, word1;
+#if N > 2
+            z_word_t crc2, word2;
+#if N > 3
+            z_word_t crc3, word3;
+#if N > 4
+            z_word_t crc4, word4;
+#if N > 5
+            z_word_t crc5, word5;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /* Initialize the CRC for each braid. */
+            crc0 = byte_swap(crc);
+#if N > 1
+            crc1 = 0;
+#if N > 2
+            crc2 = 0;
+#if N > 3
+            crc3 = 0;
+#if N > 4
+            crc4 = 0;
+#if N > 5
+            crc5 = 0;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /*
+              Process the first blks-1 blocks, computing the CRCs on each braid
+              independently.
+             */
+            while (--blks) {
+                /* Load the word for each braid into registers. */
+                word0 = crc0 ^ words[0];
+#if N > 1
+                word1 = crc1 ^ words[1];
+#if N > 2
+                word2 = crc2 ^ words[2];
+#if N > 3
+                word3 = crc3 ^ words[3];
+#if N > 4
+                word4 = crc4 ^ words[4];
+#if N > 5
+                word5 = crc5 ^ words[5];
+#endif
+#endif
+#endif
+#endif
+#endif
+                words += N;
+
+                /* Compute and update the CRC for each word. The loop should
+                   get unrolled. */
+                crc0 = crc_braid_big_table[0][word0 & 0xff];
+#if N > 1
+                crc1 = crc_braid_big_table[0][word1 & 0xff];
+#if N > 2
+                crc2 = crc_braid_big_table[0][word2 & 0xff];
+#if N > 3
+                crc3 = crc_braid_big_table[0][word3 & 0xff];
+#if N > 4
+                crc4 = crc_braid_big_table[0][word4 & 0xff];
+#if N > 5
+                crc5 = crc_braid_big_table[0][word5 & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                for (k = 1; k < W; k++) {
+                    crc0 ^= crc_braid_big_table[k][(word0 >> (k << 3)) & 0xff];
+#if N > 1
+                    crc1 ^= crc_braid_big_table[k][(word1 >> (k << 3)) & 0xff];
+#if N > 2
+                    crc2 ^= crc_braid_big_table[k][(word2 >> (k << 3)) & 0xff];
+#if N > 3
+                    crc3 ^= crc_braid_big_table[k][(word3 >> (k << 3)) & 0xff];
+#if N > 4
+                    crc4 ^= crc_braid_big_table[k][(word4 >> (k << 3)) & 0xff];
+#if N > 5
+                    crc5 ^= crc_braid_big_table[k][(word5 >> (k << 3)) & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                }
+            }
+
+            /*
+              Process the last block, combining the CRCs of the N braids at the
+              same time.
+             */
+            comb = crc_word_big(crc0 ^ words[0]);
+#if N > 1
+            comb = crc_word_big(crc1 ^ words[1] ^ comb);
+#if N > 2
+            comb = crc_word_big(crc2 ^ words[2] ^ comb);
+#if N > 3
+            comb = crc_word_big(crc3 ^ words[3] ^ comb);
+#if N > 4
+            comb = crc_word_big(crc4 ^ words[4] ^ comb);
+#if N > 5
+            comb = crc_word_big(crc5 ^ words[5] ^ comb);
+#endif
+#endif
+#endif
+#endif
+#endif
+            words += N;
+            crc = byte_swap(comb);
+        }
+
+        /*
+          Update the pointer to the remaining bytes to process.
+         */
+        buf = (unsigned char const *)words;
+    }
+
+#endif /* W */
+
+    /* Complete the computation of the CRC on any remaining bytes. */
+    while (len >= 8) {
+        len -= 8;
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+    }
+    while (len) {
+        len--;
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+    }
+
+    /* Return the CRC, post-conditioned. */
+    return crc ^ 0xffffffff;
+}
+
+#endif
+
+/* ========================================================================= */
+unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *buf,
+                            uInt len) {
+    return crc32_z(crc, buf, len);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) {
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) {
+    return crc32_combine64(crc1, crc2, (z_off64_t)len2);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) {
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+    return x2nmodp(len2, 3);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine_gen(z_off_t len2) {
+    return crc32_combine_gen64((z_off64_t)len2);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op) {
+    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
+}
diff --git a/zlib-1.3.1/crc32.h b/zlib-1.3.1/crc32.h
new file mode 100644
index 00000000..137df68d
--- /dev/null
+++ b/zlib-1.3.1/crc32.h
@@ -0,0 +1,9446 @@
+/* crc32.h -- tables for rapid CRC calculation
+ * Generated automatically by crc32.c
+ */
+
+local const z_crc_t FAR crc_table[] = {
+    0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+    0x2d02ef8d};
+
+#ifdef W
+
+#if W == 8
+
+local const z_word_t FAR crc_big_table[] = {
+    0x0000000000000000, 0x9630077700000000, 0x2c610eee00000000,
+    0xba51099900000000, 0x19c46d0700000000, 0x8ff46a7000000000,
+    0x35a563e900000000, 0xa395649e00000000, 0x3288db0e00000000,
+    0xa4b8dc7900000000, 0x1ee9d5e000000000, 0x88d9d29700000000,
+    0x2b4cb60900000000, 0xbd7cb17e00000000, 0x072db8e700000000,
+    0x911dbf9000000000, 0x6410b71d00000000, 0xf220b06a00000000,
+    0x4871b9f300000000, 0xde41be8400000000, 0x7dd4da1a00000000,
+    0xebe4dd6d00000000, 0x51b5d4f400000000, 0xc785d38300000000,
+    0x56986c1300000000, 0xc0a86b6400000000, 0x7af962fd00000000,
+    0xecc9658a00000000, 0x4f5c011400000000, 0xd96c066300000000,
+    0x633d0ffa00000000, 0xf50d088d00000000, 0xc8206e3b00000000,
+    0x5e10694c00000000, 0xe44160d500000000, 0x727167a200000000,
+    0xd1e4033c00000000, 0x47d4044b00000000, 0xfd850dd200000000,
+    0x6bb50aa500000000, 0xfaa8b53500000000, 0x6c98b24200000000,
+    0xd6c9bbdb00000000, 0x40f9bcac00000000, 0xe36cd83200000000,
+    0x755cdf4500000000, 0xcf0dd6dc00000000, 0x593dd1ab00000000,
+    0xac30d92600000000, 0x3a00de5100000000, 0x8051d7c800000000,
+    0x1661d0bf00000000, 0xb5f4b42100000000, 0x23c4b35600000000,
+    0x9995bacf00000000, 0x0fa5bdb800000000, 0x9eb8022800000000,
+    0x0888055f00000000, 0xb2d90cc600000000, 0x24e90bb100000000,
+    0x877c6f2f00000000, 0x114c685800000000, 0xab1d61c100000000,
+    0x3d2d66b600000000, 0x9041dc7600000000, 0x0671db0100000000,
+    0xbc20d29800000000, 0x2a10d5ef00000000, 0x8985b17100000000,
+    0x1fb5b60600000000, 0xa5e4bf9f00000000, 0x33d4b8e800000000,
+    0xa2c9077800000000, 0x34f9000f00000000, 0x8ea8099600000000,
+    0x18980ee100000000, 0xbb0d6a7f00000000, 0x2d3d6d0800000000,
+    0x976c649100000000, 0x015c63e600000000, 0xf4516b6b00000000,
+    0x62616c1c00000000, 0xd830658500000000, 0x4e0062f200000000,
+    0xed95066c00000000, 0x7ba5011b00000000, 0xc1f4088200000000,
+    0x57c40ff500000000, 0xc6d9b06500000000, 0x50e9b71200000000,
+    0xeab8be8b00000000, 0x7c88b9fc00000000, 0xdf1ddd6200000000,
+    0x492dda1500000000, 0xf37cd38c00000000, 0x654cd4fb00000000,
+    0x5861b24d00000000, 0xce51b53a00000000, 0x7400bca300000000,
+    0xe230bbd400000000, 0x41a5df4a00000000, 0xd795d83d00000000,
+    0x6dc4d1a400000000, 0xfbf4d6d300000000, 0x6ae9694300000000,
+    0xfcd96e3400000000, 0x468867ad00000000, 0xd0b860da00000000,
+    0x732d044400000000, 0xe51d033300000000, 0x5f4c0aaa00000000,
+    0xc97c0ddd00000000, 0x3c71055000000000, 0xaa41022700000000,
+    0x10100bbe00000000, 0x86200cc900000000, 0x25b5685700000000,
+    0xb3856f2000000000, 0x09d466b900000000, 0x9fe461ce00000000,
+    0x0ef9de5e00000000, 0x98c9d92900000000, 0x2298d0b000000000,
+    0xb4a8d7c700000000, 0x173db35900000000, 0x810db42e00000000,
+    0x3b5cbdb700000000, 0xad6cbac000000000, 0x2083b8ed00000000,
+    0xb6b3bf9a00000000, 0x0ce2b60300000000, 0x9ad2b17400000000,
+    0x3947d5ea00000000, 0xaf77d29d00000000, 0x1526db0400000000,
+    0x8316dc7300000000, 0x120b63e300000000, 0x843b649400000000,
+    0x3e6a6d0d00000000, 0xa85a6a7a00000000, 0x0bcf0ee400000000,
+    0x9dff099300000000, 0x27ae000a00000000, 0xb19e077d00000000,
+    0x44930ff000000000, 0xd2a3088700000000, 0x68f2011e00000000,
+    0xfec2066900000000, 0x5d5762f700000000, 0xcb67658000000000,
+    0x71366c1900000000, 0xe7066b6e00000000, 0x761bd4fe00000000,
+    0xe02bd38900000000, 0x5a7ada1000000000, 0xcc4add6700000000,
+    0x6fdfb9f900000000, 0xf9efbe8e00000000, 0x43beb71700000000,
+    0xd58eb06000000000, 0xe8a3d6d600000000, 0x7e93d1a100000000,
+    0xc4c2d83800000000, 0x52f2df4f00000000, 0xf167bbd100000000,
+    0x6757bca600000000, 0xdd06b53f00000000, 0x4b36b24800000000,
+    0xda2b0dd800000000, 0x4c1b0aaf00000000, 0xf64a033600000000,
+    0x607a044100000000, 0xc3ef60df00000000, 0x55df67a800000000,
+    0xef8e6e3100000000, 0x79be694600000000, 0x8cb361cb00000000,
+    0x1a8366bc00000000, 0xa0d26f2500000000, 0x36e2685200000000,
+    0x95770ccc00000000, 0x03470bbb00000000, 0xb916022200000000,
+    0x2f26055500000000, 0xbe3bbac500000000, 0x280bbdb200000000,
+    0x925ab42b00000000, 0x046ab35c00000000, 0xa7ffd7c200000000,
+    0x31cfd0b500000000, 0x8b9ed92c00000000, 0x1daede5b00000000,
+    0xb0c2649b00000000, 0x26f263ec00000000, 0x9ca36a7500000000,
+    0x0a936d0200000000, 0xa906099c00000000, 0x3f360eeb00000000,
+    0x8567077200000000, 0x1357000500000000, 0x824abf9500000000,
+    0x147ab8e200000000, 0xae2bb17b00000000, 0x381bb60c00000000,
+    0x9b8ed29200000000, 0x0dbed5e500000000, 0xb7efdc7c00000000,
+    0x21dfdb0b00000000, 0xd4d2d38600000000, 0x42e2d4f100000000,
+    0xf8b3dd6800000000, 0x6e83da1f00000000, 0xcd16be8100000000,
+    0x5b26b9f600000000, 0xe177b06f00000000, 0x7747b71800000000,
+    0xe65a088800000000, 0x706a0fff00000000, 0xca3b066600000000,
+    0x5c0b011100000000, 0xff9e658f00000000, 0x69ae62f800000000,
+    0xd3ff6b6100000000, 0x45cf6c1600000000, 0x78e20aa000000000,
+    0xeed20dd700000000, 0x5483044e00000000, 0xc2b3033900000000,
+    0x612667a700000000, 0xf71660d000000000, 0x4d47694900000000,
+    0xdb776e3e00000000, 0x4a6ad1ae00000000, 0xdc5ad6d900000000,
+    0x660bdf4000000000, 0xf03bd83700000000, 0x53aebca900000000,
+    0xc59ebbde00000000, 0x7fcfb24700000000, 0xe9ffb53000000000,
+    0x1cf2bdbd00000000, 0x8ac2baca00000000, 0x3093b35300000000,
+    0xa6a3b42400000000, 0x0536d0ba00000000, 0x9306d7cd00000000,
+    0x2957de5400000000, 0xbf67d92300000000, 0x2e7a66b300000000,
+    0xb84a61c400000000, 0x021b685d00000000, 0x942b6f2a00000000,
+    0x37be0bb400000000, 0xa18e0cc300000000, 0x1bdf055a00000000,
+    0x8def022d00000000};
+
+#else /* W == 4 */
+
+local const z_word_t FAR crc_big_table[] = {
+    0x00000000, 0x96300777, 0x2c610eee, 0xba510999, 0x19c46d07,
+    0x8ff46a70, 0x35a563e9, 0xa395649e, 0x3288db0e, 0xa4b8dc79,
+    0x1ee9d5e0, 0x88d9d297, 0x2b4cb609, 0xbd7cb17e, 0x072db8e7,
+    0x911dbf90, 0x6410b71d, 0xf220b06a, 0x4871b9f3, 0xde41be84,
+    0x7dd4da1a, 0xebe4dd6d, 0x51b5d4f4, 0xc785d383, 0x56986c13,
+    0xc0a86b64, 0x7af962fd, 0xecc9658a, 0x4f5c0114, 0xd96c0663,
+    0x633d0ffa, 0xf50d088d, 0xc8206e3b, 0x5e10694c, 0xe44160d5,
+    0x727167a2, 0xd1e4033c, 0x47d4044b, 0xfd850dd2, 0x6bb50aa5,
+    0xfaa8b535, 0x6c98b242, 0xd6c9bbdb, 0x40f9bcac, 0xe36cd832,
+    0x755cdf45, 0xcf0dd6dc, 0x593dd1ab, 0xac30d926, 0x3a00de51,
+    0x8051d7c8, 0x1661d0bf, 0xb5f4b421, 0x23c4b356, 0x9995bacf,
+    0x0fa5bdb8, 0x9eb80228, 0x0888055f, 0xb2d90cc6, 0x24e90bb1,
+    0x877c6f2f, 0x114c6858, 0xab1d61c1, 0x3d2d66b6, 0x9041dc76,
+    0x0671db01, 0xbc20d298, 0x2a10d5ef, 0x8985b171, 0x1fb5b606,
+    0xa5e4bf9f, 0x33d4b8e8, 0xa2c90778, 0x34f9000f, 0x8ea80996,
+    0x18980ee1, 0xbb0d6a7f, 0x2d3d6d08, 0x976c6491, 0x015c63e6,
+    0xf4516b6b, 0x62616c1c, 0xd8306585, 0x4e0062f2, 0xed95066c,
+    0x7ba5011b, 0xc1f40882, 0x57c40ff5, 0xc6d9b065, 0x50e9b712,
+    0xeab8be8b, 0x7c88b9fc, 0xdf1ddd62, 0x492dda15, 0xf37cd38c,
+    0x654cd4fb, 0x5861b24d, 0xce51b53a, 0x7400bca3, 0xe230bbd4,
+    0x41a5df4a, 0xd795d83d, 0x6dc4d1a4, 0xfbf4d6d3, 0x6ae96943,
+    0xfcd96e34, 0x468867ad, 0xd0b860da, 0x732d0444, 0xe51d0333,
+    0x5f4c0aaa, 0xc97c0ddd, 0x3c710550, 0xaa410227, 0x10100bbe,
+    0x86200cc9, 0x25b56857, 0xb3856f20, 0x09d466b9, 0x9fe461ce,
+    0x0ef9de5e, 0x98c9d929, 0x2298d0b0, 0xb4a8d7c7, 0x173db359,
+    0x810db42e, 0x3b5cbdb7, 0xad6cbac0, 0x2083b8ed, 0xb6b3bf9a,
+    0x0ce2b603, 0x9ad2b174, 0x3947d5ea, 0xaf77d29d, 0x1526db04,
+    0x8316dc73, 0x120b63e3, 0x843b6494, 0x3e6a6d0d, 0xa85a6a7a,
+    0x0bcf0ee4, 0x9dff0993, 0x27ae000a, 0xb19e077d, 0x44930ff0,
+    0xd2a30887, 0x68f2011e, 0xfec20669, 0x5d5762f7, 0xcb676580,
+    0x71366c19, 0xe7066b6e, 0x761bd4fe, 0xe02bd389, 0x5a7ada10,
+    0xcc4add67, 0x6fdfb9f9, 0xf9efbe8e, 0x43beb717, 0xd58eb060,
+    0xe8a3d6d6, 0x7e93d1a1, 0xc4c2d838, 0x52f2df4f, 0xf167bbd1,
+    0x6757bca6, 0xdd06b53f, 0x4b36b248, 0xda2b0dd8, 0x4c1b0aaf,
+    0xf64a0336, 0x607a0441, 0xc3ef60df, 0x55df67a8, 0xef8e6e31,
+    0x79be6946, 0x8cb361cb, 0x1a8366bc, 0xa0d26f25, 0x36e26852,
+    0x95770ccc, 0x03470bbb, 0xb9160222, 0x2f260555, 0xbe3bbac5,
+    0x280bbdb2, 0x925ab42b, 0x046ab35c, 0xa7ffd7c2, 0x31cfd0b5,
+    0x8b9ed92c, 0x1daede5b, 0xb0c2649b, 0x26f263ec, 0x9ca36a75,
+    0x0a936d02, 0xa906099c, 0x3f360eeb, 0x85670772, 0x13570005,
+    0x824abf95, 0x147ab8e2, 0xae2bb17b, 0x381bb60c, 0x9b8ed292,
+    0x0dbed5e5, 0xb7efdc7c, 0x21dfdb0b, 0xd4d2d386, 0x42e2d4f1,
+    0xf8b3dd68, 0x6e83da1f, 0xcd16be81, 0x5b26b9f6, 0xe177b06f,
+    0x7747b718, 0xe65a0888, 0x706a0fff, 0xca3b0666, 0x5c0b0111,
+    0xff9e658f, 0x69ae62f8, 0xd3ff6b61, 0x45cf6c16, 0x78e20aa0,
+    0xeed20dd7, 0x5483044e, 0xc2b30339, 0x612667a7, 0xf71660d0,
+    0x4d476949, 0xdb776e3e, 0x4a6ad1ae, 0xdc5ad6d9, 0x660bdf40,
+    0xf03bd837, 0x53aebca9, 0xc59ebbde, 0x7fcfb247, 0xe9ffb530,
+    0x1cf2bdbd, 0x8ac2baca, 0x3093b353, 0xa6a3b424, 0x0536d0ba,
+    0x9306d7cd, 0x2957de54, 0xbf67d923, 0x2e7a66b3, 0xb84a61c4,
+    0x021b685d, 0x942b6f2a, 0x37be0bb4, 0xa18e0cc3, 0x1bdf055a,
+    0x8def022d};
+
+#endif
+
+#if N == 1
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xccaa009e, 0x4225077d, 0x8e8f07e3, 0x844a0efa,
+    0x48e00e64, 0xc66f0987, 0x0ac50919, 0xd3e51bb5, 0x1f4f1b2b,
+    0x91c01cc8, 0x5d6a1c56, 0x57af154f, 0x9b0515d1, 0x158a1232,
+    0xd92012ac, 0x7cbb312b, 0xb01131b5, 0x3e9e3656, 0xf23436c8,
+    0xf8f13fd1, 0x345b3f4f, 0xbad438ac, 0x767e3832, 0xaf5e2a9e,
+    0x63f42a00, 0xed7b2de3, 0x21d12d7d, 0x2b142464, 0xe7be24fa,
+    0x69312319, 0xa59b2387, 0xf9766256, 0x35dc62c8, 0xbb53652b,
+    0x77f965b5, 0x7d3c6cac, 0xb1966c32, 0x3f196bd1, 0xf3b36b4f,
+    0x2a9379e3, 0xe639797d, 0x68b67e9e, 0xa41c7e00, 0xaed97719,
+    0x62737787, 0xecfc7064, 0x205670fa, 0x85cd537d, 0x496753e3,
+    0xc7e85400, 0x0b42549e, 0x01875d87, 0xcd2d5d19, 0x43a25afa,
+    0x8f085a64, 0x562848c8, 0x9a824856, 0x140d4fb5, 0xd8a74f2b,
+    0xd2624632, 0x1ec846ac, 0x9047414f, 0x5ced41d1, 0x299dc2ed,
+    0xe537c273, 0x6bb8c590, 0xa712c50e, 0xadd7cc17, 0x617dcc89,
+    0xeff2cb6a, 0x2358cbf4, 0xfa78d958, 0x36d2d9c6, 0xb85dde25,
+    0x74f7debb, 0x7e32d7a2, 0xb298d73c, 0x3c17d0df, 0xf0bdd041,
+    0x5526f3c6, 0x998cf358, 0x1703f4bb, 0xdba9f425, 0xd16cfd3c,
+    0x1dc6fda2, 0x9349fa41, 0x5fe3fadf, 0x86c3e873, 0x4a69e8ed,
+    0xc4e6ef0e, 0x084cef90, 0x0289e689, 0xce23e617, 0x40ace1f4,
+    0x8c06e16a, 0xd0eba0bb, 0x1c41a025, 0x92cea7c6, 0x5e64a758,
+    0x54a1ae41, 0x980baedf, 0x1684a93c, 0xda2ea9a2, 0x030ebb0e,
+    0xcfa4bb90, 0x412bbc73, 0x8d81bced, 0x8744b5f4, 0x4beeb56a,
+    0xc561b289, 0x09cbb217, 0xac509190, 0x60fa910e, 0xee7596ed,
+    0x22df9673, 0x281a9f6a, 0xe4b09ff4, 0x6a3f9817, 0xa6959889,
+    0x7fb58a25, 0xb31f8abb, 0x3d908d58, 0xf13a8dc6, 0xfbff84df,
+    0x37558441, 0xb9da83a2, 0x7570833c, 0x533b85da, 0x9f918544,
+    0x111e82a7, 0xddb48239, 0xd7718b20, 0x1bdb8bbe, 0x95548c5d,
+    0x59fe8cc3, 0x80de9e6f, 0x4c749ef1, 0xc2fb9912, 0x0e51998c,
+    0x04949095, 0xc83e900b, 0x46b197e8, 0x8a1b9776, 0x2f80b4f1,
+    0xe32ab46f, 0x6da5b38c, 0xa10fb312, 0xabcaba0b, 0x6760ba95,
+    0xe9efbd76, 0x2545bde8, 0xfc65af44, 0x30cfafda, 0xbe40a839,
+    0x72eaa8a7, 0x782fa1be, 0xb485a120, 0x3a0aa6c3, 0xf6a0a65d,
+    0xaa4de78c, 0x66e7e712, 0xe868e0f1, 0x24c2e06f, 0x2e07e976,
+    0xe2ade9e8, 0x6c22ee0b, 0xa088ee95, 0x79a8fc39, 0xb502fca7,
+    0x3b8dfb44, 0xf727fbda, 0xfde2f2c3, 0x3148f25d, 0xbfc7f5be,
+    0x736df520, 0xd6f6d6a7, 0x1a5cd639, 0x94d3d1da, 0x5879d144,
+    0x52bcd85d, 0x9e16d8c3, 0x1099df20, 0xdc33dfbe, 0x0513cd12,
+    0xc9b9cd8c, 0x4736ca6f, 0x8b9ccaf1, 0x8159c3e8, 0x4df3c376,
+    0xc37cc495, 0x0fd6c40b, 0x7aa64737, 0xb60c47a9, 0x3883404a,
+    0xf42940d4, 0xfeec49cd, 0x32464953, 0xbcc94eb0, 0x70634e2e,
+    0xa9435c82, 0x65e95c1c, 0xeb665bff, 0x27cc5b61, 0x2d095278,
+    0xe1a352e6, 0x6f2c5505, 0xa386559b, 0x061d761c, 0xcab77682,
+    0x44387161, 0x889271ff, 0x825778e6, 0x4efd7878, 0xc0727f9b,
+    0x0cd87f05, 0xd5f86da9, 0x19526d37, 0x97dd6ad4, 0x5b776a4a,
+    0x51b26353, 0x9d1863cd, 0x1397642e, 0xdf3d64b0, 0x83d02561,
+    0x4f7a25ff, 0xc1f5221c, 0x0d5f2282, 0x079a2b9b, 0xcb302b05,
+    0x45bf2ce6, 0x89152c78, 0x50353ed4, 0x9c9f3e4a, 0x121039a9,
+    0xdeba3937, 0xd47f302e, 0x18d530b0, 0x965a3753, 0x5af037cd,
+    0xff6b144a, 0x33c114d4, 0xbd4e1337, 0x71e413a9, 0x7b211ab0,
+    0xb78b1a2e, 0x39041dcd, 0xf5ae1d53, 0x2c8e0fff, 0xe0240f61,
+    0x6eab0882, 0xa201081c, 0xa8c40105, 0x646e019b, 0xeae10678,
+    0x264b06e6},
+   {0x00000000, 0xa6770bb4, 0x979f1129, 0x31e81a9d, 0xf44f2413,
+    0x52382fa7, 0x63d0353a, 0xc5a73e8e, 0x33ef4e67, 0x959845d3,
+    0xa4705f4e, 0x020754fa, 0xc7a06a74, 0x61d761c0, 0x503f7b5d,
+    0xf64870e9, 0x67de9cce, 0xc1a9977a, 0xf0418de7, 0x56368653,
+    0x9391b8dd, 0x35e6b369, 0x040ea9f4, 0xa279a240, 0x5431d2a9,
+    0xf246d91d, 0xc3aec380, 0x65d9c834, 0xa07ef6ba, 0x0609fd0e,
+    0x37e1e793, 0x9196ec27, 0xcfbd399c, 0x69ca3228, 0x582228b5,
+    0xfe552301, 0x3bf21d8f, 0x9d85163b, 0xac6d0ca6, 0x0a1a0712,
+    0xfc5277fb, 0x5a257c4f, 0x6bcd66d2, 0xcdba6d66, 0x081d53e8,
+    0xae6a585c, 0x9f8242c1, 0x39f54975, 0xa863a552, 0x0e14aee6,
+    0x3ffcb47b, 0x998bbfcf, 0x5c2c8141, 0xfa5b8af5, 0xcbb39068,
+    0x6dc49bdc, 0x9b8ceb35, 0x3dfbe081, 0x0c13fa1c, 0xaa64f1a8,
+    0x6fc3cf26, 0xc9b4c492, 0xf85cde0f, 0x5e2bd5bb, 0x440b7579,
+    0xe27c7ecd, 0xd3946450, 0x75e36fe4, 0xb044516a, 0x16335ade,
+    0x27db4043, 0x81ac4bf7, 0x77e43b1e, 0xd19330aa, 0xe07b2a37,
+    0x460c2183, 0x83ab1f0d, 0x25dc14b9, 0x14340e24, 0xb2430590,
+    0x23d5e9b7, 0x85a2e203, 0xb44af89e, 0x123df32a, 0xd79acda4,
+    0x71edc610, 0x4005dc8d, 0xe672d739, 0x103aa7d0, 0xb64dac64,
+    0x87a5b6f9, 0x21d2bd4d, 0xe47583c3, 0x42028877, 0x73ea92ea,
+    0xd59d995e, 0x8bb64ce5, 0x2dc14751, 0x1c295dcc, 0xba5e5678,
+    0x7ff968f6, 0xd98e6342, 0xe86679df, 0x4e11726b, 0xb8590282,
+    0x1e2e0936, 0x2fc613ab, 0x89b1181f, 0x4c162691, 0xea612d25,
+    0xdb8937b8, 0x7dfe3c0c, 0xec68d02b, 0x4a1fdb9f, 0x7bf7c102,
+    0xdd80cab6, 0x1827f438, 0xbe50ff8c, 0x8fb8e511, 0x29cfeea5,
+    0xdf879e4c, 0x79f095f8, 0x48188f65, 0xee6f84d1, 0x2bc8ba5f,
+    0x8dbfb1eb, 0xbc57ab76, 0x1a20a0c2, 0x8816eaf2, 0x2e61e146,
+    0x1f89fbdb, 0xb9fef06f, 0x7c59cee1, 0xda2ec555, 0xebc6dfc8,
+    0x4db1d47c, 0xbbf9a495, 0x1d8eaf21, 0x2c66b5bc, 0x8a11be08,
+    0x4fb68086, 0xe9c18b32, 0xd82991af, 0x7e5e9a1b, 0xefc8763c,
+    0x49bf7d88, 0x78576715, 0xde206ca1, 0x1b87522f, 0xbdf0599b,
+    0x8c184306, 0x2a6f48b2, 0xdc27385b, 0x7a5033ef, 0x4bb82972,
+    0xedcf22c6, 0x28681c48, 0x8e1f17fc, 0xbff70d61, 0x198006d5,
+    0x47abd36e, 0xe1dcd8da, 0xd034c247, 0x7643c9f3, 0xb3e4f77d,
+    0x1593fcc9, 0x247be654, 0x820cede0, 0x74449d09, 0xd23396bd,
+    0xe3db8c20, 0x45ac8794, 0x800bb91a, 0x267cb2ae, 0x1794a833,
+    0xb1e3a387, 0x20754fa0, 0x86024414, 0xb7ea5e89, 0x119d553d,
+    0xd43a6bb3, 0x724d6007, 0x43a57a9a, 0xe5d2712e, 0x139a01c7,
+    0xb5ed0a73, 0x840510ee, 0x22721b5a, 0xe7d525d4, 0x41a22e60,
+    0x704a34fd, 0xd63d3f49, 0xcc1d9f8b, 0x6a6a943f, 0x5b828ea2,
+    0xfdf58516, 0x3852bb98, 0x9e25b02c, 0xafcdaab1, 0x09baa105,
+    0xfff2d1ec, 0x5985da58, 0x686dc0c5, 0xce1acb71, 0x0bbdf5ff,
+    0xadcafe4b, 0x9c22e4d6, 0x3a55ef62, 0xabc30345, 0x0db408f1,
+    0x3c5c126c, 0x9a2b19d8, 0x5f8c2756, 0xf9fb2ce2, 0xc813367f,
+    0x6e643dcb, 0x982c4d22, 0x3e5b4696, 0x0fb35c0b, 0xa9c457bf,
+    0x6c636931, 0xca146285, 0xfbfc7818, 0x5d8b73ac, 0x03a0a617,
+    0xa5d7ada3, 0x943fb73e, 0x3248bc8a, 0xf7ef8204, 0x519889b0,
+    0x6070932d, 0xc6079899, 0x304fe870, 0x9638e3c4, 0xa7d0f959,
+    0x01a7f2ed, 0xc400cc63, 0x6277c7d7, 0x539fdd4a, 0xf5e8d6fe,
+    0x647e3ad9, 0xc209316d, 0xf3e12bf0, 0x55962044, 0x90311eca,
+    0x3646157e, 0x07ae0fe3, 0xa1d90457, 0x579174be, 0xf1e67f0a,
+    0xc00e6597, 0x66796e23, 0xa3de50ad, 0x05a95b19, 0x34414184,
+    0x92364a30},
+   {0x00000000, 0xcb5cd3a5, 0x4dc8a10b, 0x869472ae, 0x9b914216,
+    0x50cd91b3, 0xd659e31d, 0x1d0530b8, 0xec53826d, 0x270f51c8,
+    0xa19b2366, 0x6ac7f0c3, 0x77c2c07b, 0xbc9e13de, 0x3a0a6170,
+    0xf156b2d5, 0x03d6029b, 0xc88ad13e, 0x4e1ea390, 0x85427035,
+    0x9847408d, 0x531b9328, 0xd58fe186, 0x1ed33223, 0xef8580f6,
+    0x24d95353, 0xa24d21fd, 0x6911f258, 0x7414c2e0, 0xbf481145,
+    0x39dc63eb, 0xf280b04e, 0x07ac0536, 0xccf0d693, 0x4a64a43d,
+    0x81387798, 0x9c3d4720, 0x57619485, 0xd1f5e62b, 0x1aa9358e,
+    0xebff875b, 0x20a354fe, 0xa6372650, 0x6d6bf5f5, 0x706ec54d,
+    0xbb3216e8, 0x3da66446, 0xf6fab7e3, 0x047a07ad, 0xcf26d408,
+    0x49b2a6a6, 0x82ee7503, 0x9feb45bb, 0x54b7961e, 0xd223e4b0,
+    0x197f3715, 0xe82985c0, 0x23755665, 0xa5e124cb, 0x6ebdf76e,
+    0x73b8c7d6, 0xb8e41473, 0x3e7066dd, 0xf52cb578, 0x0f580a6c,
+    0xc404d9c9, 0x4290ab67, 0x89cc78c2, 0x94c9487a, 0x5f959bdf,
+    0xd901e971, 0x125d3ad4, 0xe30b8801, 0x28575ba4, 0xaec3290a,
+    0x659ffaaf, 0x789aca17, 0xb3c619b2, 0x35526b1c, 0xfe0eb8b9,
+    0x0c8e08f7, 0xc7d2db52, 0x4146a9fc, 0x8a1a7a59, 0x971f4ae1,
+    0x5c439944, 0xdad7ebea, 0x118b384f, 0xe0dd8a9a, 0x2b81593f,
+    0xad152b91, 0x6649f834, 0x7b4cc88c, 0xb0101b29, 0x36846987,
+    0xfdd8ba22, 0x08f40f5a, 0xc3a8dcff, 0x453cae51, 0x8e607df4,
+    0x93654d4c, 0x58399ee9, 0xdeadec47, 0x15f13fe2, 0xe4a78d37,
+    0x2ffb5e92, 0xa96f2c3c, 0x6233ff99, 0x7f36cf21, 0xb46a1c84,
+    0x32fe6e2a, 0xf9a2bd8f, 0x0b220dc1, 0xc07ede64, 0x46eaacca,
+    0x8db67f6f, 0x90b34fd7, 0x5bef9c72, 0xdd7beedc, 0x16273d79,
+    0xe7718fac, 0x2c2d5c09, 0xaab92ea7, 0x61e5fd02, 0x7ce0cdba,
+    0xb7bc1e1f, 0x31286cb1, 0xfa74bf14, 0x1eb014d8, 0xd5ecc77d,
+    0x5378b5d3, 0x98246676, 0x852156ce, 0x4e7d856b, 0xc8e9f7c5,
+    0x03b52460, 0xf2e396b5, 0x39bf4510, 0xbf2b37be, 0x7477e41b,
+    0x6972d4a3, 0xa22e0706, 0x24ba75a8, 0xefe6a60d, 0x1d661643,
+    0xd63ac5e6, 0x50aeb748, 0x9bf264ed, 0x86f75455, 0x4dab87f0,
+    0xcb3ff55e, 0x006326fb, 0xf135942e, 0x3a69478b, 0xbcfd3525,
+    0x77a1e680, 0x6aa4d638, 0xa1f8059d, 0x276c7733, 0xec30a496,
+    0x191c11ee, 0xd240c24b, 0x54d4b0e5, 0x9f886340, 0x828d53f8,
+    0x49d1805d, 0xcf45f2f3, 0x04192156, 0xf54f9383, 0x3e134026,
+    0xb8873288, 0x73dbe12d, 0x6eded195, 0xa5820230, 0x2316709e,
+    0xe84aa33b, 0x1aca1375, 0xd196c0d0, 0x5702b27e, 0x9c5e61db,
+    0x815b5163, 0x4a0782c6, 0xcc93f068, 0x07cf23cd, 0xf6999118,
+    0x3dc542bd, 0xbb513013, 0x700de3b6, 0x6d08d30e, 0xa65400ab,
+    0x20c07205, 0xeb9ca1a0, 0x11e81eb4, 0xdab4cd11, 0x5c20bfbf,
+    0x977c6c1a, 0x8a795ca2, 0x41258f07, 0xc7b1fda9, 0x0ced2e0c,
+    0xfdbb9cd9, 0x36e74f7c, 0xb0733dd2, 0x7b2fee77, 0x662adecf,
+    0xad760d6a, 0x2be27fc4, 0xe0beac61, 0x123e1c2f, 0xd962cf8a,
+    0x5ff6bd24, 0x94aa6e81, 0x89af5e39, 0x42f38d9c, 0xc467ff32,
+    0x0f3b2c97, 0xfe6d9e42, 0x35314de7, 0xb3a53f49, 0x78f9ecec,
+    0x65fcdc54, 0xaea00ff1, 0x28347d5f, 0xe368aefa, 0x16441b82,
+    0xdd18c827, 0x5b8cba89, 0x90d0692c, 0x8dd55994, 0x46898a31,
+    0xc01df89f, 0x0b412b3a, 0xfa1799ef, 0x314b4a4a, 0xb7df38e4,
+    0x7c83eb41, 0x6186dbf9, 0xaada085c, 0x2c4e7af2, 0xe712a957,
+    0x15921919, 0xdececabc, 0x585ab812, 0x93066bb7, 0x8e035b0f,
+    0x455f88aa, 0xc3cbfa04, 0x089729a1, 0xf9c19b74, 0x329d48d1,
+    0xb4093a7f, 0x7f55e9da, 0x6250d962, 0xa90c0ac7, 0x2f987869,
+    0xe4c4abcc},
+   {0x00000000, 0x3d6029b0, 0x7ac05360, 0x47a07ad0, 0xf580a6c0,
+    0xc8e08f70, 0x8f40f5a0, 0xb220dc10, 0x30704bc1, 0x0d106271,
+    0x4ab018a1, 0x77d03111, 0xc5f0ed01, 0xf890c4b1, 0xbf30be61,
+    0x825097d1, 0x60e09782, 0x5d80be32, 0x1a20c4e2, 0x2740ed52,
+    0x95603142, 0xa80018f2, 0xefa06222, 0xd2c04b92, 0x5090dc43,
+    0x6df0f5f3, 0x2a508f23, 0x1730a693, 0xa5107a83, 0x98705333,
+    0xdfd029e3, 0xe2b00053, 0xc1c12f04, 0xfca106b4, 0xbb017c64,
+    0x866155d4, 0x344189c4, 0x0921a074, 0x4e81daa4, 0x73e1f314,
+    0xf1b164c5, 0xccd14d75, 0x8b7137a5, 0xb6111e15, 0x0431c205,
+    0x3951ebb5, 0x7ef19165, 0x4391b8d5, 0xa121b886, 0x9c419136,
+    0xdbe1ebe6, 0xe681c256, 0x54a11e46, 0x69c137f6, 0x2e614d26,
+    0x13016496, 0x9151f347, 0xac31daf7, 0xeb91a027, 0xd6f18997,
+    0x64d15587, 0x59b17c37, 0x1e1106e7, 0x23712f57, 0x58f35849,
+    0x659371f9, 0x22330b29, 0x1f532299, 0xad73fe89, 0x9013d739,
+    0xd7b3ade9, 0xead38459, 0x68831388, 0x55e33a38, 0x124340e8,
+    0x2f236958, 0x9d03b548, 0xa0639cf8, 0xe7c3e628, 0xdaa3cf98,
+    0x3813cfcb, 0x0573e67b, 0x42d39cab, 0x7fb3b51b, 0xcd93690b,
+    0xf0f340bb, 0xb7533a6b, 0x8a3313db, 0x0863840a, 0x3503adba,
+    0x72a3d76a, 0x4fc3feda, 0xfde322ca, 0xc0830b7a, 0x872371aa,
+    0xba43581a, 0x9932774d, 0xa4525efd, 0xe3f2242d, 0xde920d9d,
+    0x6cb2d18d, 0x51d2f83d, 0x167282ed, 0x2b12ab5d, 0xa9423c8c,
+    0x9422153c, 0xd3826fec, 0xeee2465c, 0x5cc29a4c, 0x61a2b3fc,
+    0x2602c92c, 0x1b62e09c, 0xf9d2e0cf, 0xc4b2c97f, 0x8312b3af,
+    0xbe729a1f, 0x0c52460f, 0x31326fbf, 0x7692156f, 0x4bf23cdf,
+    0xc9a2ab0e, 0xf4c282be, 0xb362f86e, 0x8e02d1de, 0x3c220dce,
+    0x0142247e, 0x46e25eae, 0x7b82771e, 0xb1e6b092, 0x8c869922,
+    0xcb26e3f2, 0xf646ca42, 0x44661652, 0x79063fe2, 0x3ea64532,
+    0x03c66c82, 0x8196fb53, 0xbcf6d2e3, 0xfb56a833, 0xc6368183,
+    0x74165d93, 0x49767423, 0x0ed60ef3, 0x33b62743, 0xd1062710,
+    0xec660ea0, 0xabc67470, 0x96a65dc0, 0x248681d0, 0x19e6a860,
+    0x5e46d2b0, 0x6326fb00, 0xe1766cd1, 0xdc164561, 0x9bb63fb1,
+    0xa6d61601, 0x14f6ca11, 0x2996e3a1, 0x6e369971, 0x5356b0c1,
+    0x70279f96, 0x4d47b626, 0x0ae7ccf6, 0x3787e546, 0x85a73956,
+    0xb8c710e6, 0xff676a36, 0xc2074386, 0x4057d457, 0x7d37fde7,
+    0x3a978737, 0x07f7ae87, 0xb5d77297, 0x88b75b27, 0xcf1721f7,
+    0xf2770847, 0x10c70814, 0x2da721a4, 0x6a075b74, 0x576772c4,
+    0xe547aed4, 0xd8278764, 0x9f87fdb4, 0xa2e7d404, 0x20b743d5,
+    0x1dd76a65, 0x5a7710b5, 0x67173905, 0xd537e515, 0xe857cca5,
+    0xaff7b675, 0x92979fc5, 0xe915e8db, 0xd475c16b, 0x93d5bbbb,
+    0xaeb5920b, 0x1c954e1b, 0x21f567ab, 0x66551d7b, 0x5b3534cb,
+    0xd965a31a, 0xe4058aaa, 0xa3a5f07a, 0x9ec5d9ca, 0x2ce505da,
+    0x11852c6a, 0x562556ba, 0x6b457f0a, 0x89f57f59, 0xb49556e9,
+    0xf3352c39, 0xce550589, 0x7c75d999, 0x4115f029, 0x06b58af9,
+    0x3bd5a349, 0xb9853498, 0x84e51d28, 0xc34567f8, 0xfe254e48,
+    0x4c059258, 0x7165bbe8, 0x36c5c138, 0x0ba5e888, 0x28d4c7df,
+    0x15b4ee6f, 0x521494bf, 0x6f74bd0f, 0xdd54611f, 0xe03448af,
+    0xa794327f, 0x9af41bcf, 0x18a48c1e, 0x25c4a5ae, 0x6264df7e,
+    0x5f04f6ce, 0xed242ade, 0xd044036e, 0x97e479be, 0xaa84500e,
+    0x4834505d, 0x755479ed, 0x32f4033d, 0x0f942a8d, 0xbdb4f69d,
+    0x80d4df2d, 0xc774a5fd, 0xfa148c4d, 0x78441b9c, 0x4524322c,
+    0x028448fc, 0x3fe4614c, 0x8dc4bd5c, 0xb0a494ec, 0xf704ee3c,
+    0xca64c78c},
+   {0x00000000, 0xb8bc6765, 0xaa09c88b, 0x12b5afee, 0x8f629757,
+    0x37def032, 0x256b5fdc, 0x9dd738b9, 0xc5b428ef, 0x7d084f8a,
+    0x6fbde064, 0xd7018701, 0x4ad6bfb8, 0xf26ad8dd, 0xe0df7733,
+    0x58631056, 0x5019579f, 0xe8a530fa, 0xfa109f14, 0x42acf871,
+    0xdf7bc0c8, 0x67c7a7ad, 0x75720843, 0xcdce6f26, 0x95ad7f70,
+    0x2d111815, 0x3fa4b7fb, 0x8718d09e, 0x1acfe827, 0xa2738f42,
+    0xb0c620ac, 0x087a47c9, 0xa032af3e, 0x188ec85b, 0x0a3b67b5,
+    0xb28700d0, 0x2f503869, 0x97ec5f0c, 0x8559f0e2, 0x3de59787,
+    0x658687d1, 0xdd3ae0b4, 0xcf8f4f5a, 0x7733283f, 0xeae41086,
+    0x525877e3, 0x40edd80d, 0xf851bf68, 0xf02bf8a1, 0x48979fc4,
+    0x5a22302a, 0xe29e574f, 0x7f496ff6, 0xc7f50893, 0xd540a77d,
+    0x6dfcc018, 0x359fd04e, 0x8d23b72b, 0x9f9618c5, 0x272a7fa0,
+    0xbafd4719, 0x0241207c, 0x10f48f92, 0xa848e8f7, 0x9b14583d,
+    0x23a83f58, 0x311d90b6, 0x89a1f7d3, 0x1476cf6a, 0xaccaa80f,
+    0xbe7f07e1, 0x06c36084, 0x5ea070d2, 0xe61c17b7, 0xf4a9b859,
+    0x4c15df3c, 0xd1c2e785, 0x697e80e0, 0x7bcb2f0e, 0xc377486b,
+    0xcb0d0fa2, 0x73b168c7, 0x6104c729, 0xd9b8a04c, 0x446f98f5,
+    0xfcd3ff90, 0xee66507e, 0x56da371b, 0x0eb9274d, 0xb6054028,
+    0xa4b0efc6, 0x1c0c88a3, 0x81dbb01a, 0x3967d77f, 0x2bd27891,
+    0x936e1ff4, 0x3b26f703, 0x839a9066, 0x912f3f88, 0x299358ed,
+    0xb4446054, 0x0cf80731, 0x1e4da8df, 0xa6f1cfba, 0xfe92dfec,
+    0x462eb889, 0x549b1767, 0xec277002, 0x71f048bb, 0xc94c2fde,
+    0xdbf98030, 0x6345e755, 0x6b3fa09c, 0xd383c7f9, 0xc1366817,
+    0x798a0f72, 0xe45d37cb, 0x5ce150ae, 0x4e54ff40, 0xf6e89825,
+    0xae8b8873, 0x1637ef16, 0x048240f8, 0xbc3e279d, 0x21e91f24,
+    0x99557841, 0x8be0d7af, 0x335cb0ca, 0xed59b63b, 0x55e5d15e,
+    0x47507eb0, 0xffec19d5, 0x623b216c, 0xda874609, 0xc832e9e7,
+    0x708e8e82, 0x28ed9ed4, 0x9051f9b1, 0x82e4565f, 0x3a58313a,
+    0xa78f0983, 0x1f336ee6, 0x0d86c108, 0xb53aa66d, 0xbd40e1a4,
+    0x05fc86c1, 0x1749292f, 0xaff54e4a, 0x322276f3, 0x8a9e1196,
+    0x982bbe78, 0x2097d91d, 0x78f4c94b, 0xc048ae2e, 0xd2fd01c0,
+    0x6a4166a5, 0xf7965e1c, 0x4f2a3979, 0x5d9f9697, 0xe523f1f2,
+    0x4d6b1905, 0xf5d77e60, 0xe762d18e, 0x5fdeb6eb, 0xc2098e52,
+    0x7ab5e937, 0x680046d9, 0xd0bc21bc, 0x88df31ea, 0x3063568f,
+    0x22d6f961, 0x9a6a9e04, 0x07bda6bd, 0xbf01c1d8, 0xadb46e36,
+    0x15080953, 0x1d724e9a, 0xa5ce29ff, 0xb77b8611, 0x0fc7e174,
+    0x9210d9cd, 0x2aacbea8, 0x38191146, 0x80a57623, 0xd8c66675,
+    0x607a0110, 0x72cfaefe, 0xca73c99b, 0x57a4f122, 0xef189647,
+    0xfdad39a9, 0x45115ecc, 0x764dee06, 0xcef18963, 0xdc44268d,
+    0x64f841e8, 0xf92f7951, 0x41931e34, 0x5326b1da, 0xeb9ad6bf,
+    0xb3f9c6e9, 0x0b45a18c, 0x19f00e62, 0xa14c6907, 0x3c9b51be,
+    0x842736db, 0x96929935, 0x2e2efe50, 0x2654b999, 0x9ee8defc,
+    0x8c5d7112, 0x34e11677, 0xa9362ece, 0x118a49ab, 0x033fe645,
+    0xbb838120, 0xe3e09176, 0x5b5cf613, 0x49e959fd, 0xf1553e98,
+    0x6c820621, 0xd43e6144, 0xc68bceaa, 0x7e37a9cf, 0xd67f4138,
+    0x6ec3265d, 0x7c7689b3, 0xc4caeed6, 0x591dd66f, 0xe1a1b10a,
+    0xf3141ee4, 0x4ba87981, 0x13cb69d7, 0xab770eb2, 0xb9c2a15c,
+    0x017ec639, 0x9ca9fe80, 0x241599e5, 0x36a0360b, 0x8e1c516e,
+    0x866616a7, 0x3eda71c2, 0x2c6fde2c, 0x94d3b949, 0x090481f0,
+    0xb1b8e695, 0xa30d497b, 0x1bb12e1e, 0x43d23e48, 0xfb6e592d,
+    0xe9dbf6c3, 0x516791a6, 0xccb0a91f, 0x740cce7a, 0x66b96194,
+    0xde0506f1},
+   {0x00000000, 0x01c26a37, 0x0384d46e, 0x0246be59, 0x0709a8dc,
+    0x06cbc2eb, 0x048d7cb2, 0x054f1685, 0x0e1351b8, 0x0fd13b8f,
+    0x0d9785d6, 0x0c55efe1, 0x091af964, 0x08d89353, 0x0a9e2d0a,
+    0x0b5c473d, 0x1c26a370, 0x1de4c947, 0x1fa2771e, 0x1e601d29,
+    0x1b2f0bac, 0x1aed619b, 0x18abdfc2, 0x1969b5f5, 0x1235f2c8,
+    0x13f798ff, 0x11b126a6, 0x10734c91, 0x153c5a14, 0x14fe3023,
+    0x16b88e7a, 0x177ae44d, 0x384d46e0, 0x398f2cd7, 0x3bc9928e,
+    0x3a0bf8b9, 0x3f44ee3c, 0x3e86840b, 0x3cc03a52, 0x3d025065,
+    0x365e1758, 0x379c7d6f, 0x35dac336, 0x3418a901, 0x3157bf84,
+    0x3095d5b3, 0x32d36bea, 0x331101dd, 0x246be590, 0x25a98fa7,
+    0x27ef31fe, 0x262d5bc9, 0x23624d4c, 0x22a0277b, 0x20e69922,
+    0x2124f315, 0x2a78b428, 0x2bbade1f, 0x29fc6046, 0x283e0a71,
+    0x2d711cf4, 0x2cb376c3, 0x2ef5c89a, 0x2f37a2ad, 0x709a8dc0,
+    0x7158e7f7, 0x731e59ae, 0x72dc3399, 0x7793251c, 0x76514f2b,
+    0x7417f172, 0x75d59b45, 0x7e89dc78, 0x7f4bb64f, 0x7d0d0816,
+    0x7ccf6221, 0x798074a4, 0x78421e93, 0x7a04a0ca, 0x7bc6cafd,
+    0x6cbc2eb0, 0x6d7e4487, 0x6f38fade, 0x6efa90e9, 0x6bb5866c,
+    0x6a77ec5b, 0x68315202, 0x69f33835, 0x62af7f08, 0x636d153f,
+    0x612bab66, 0x60e9c151, 0x65a6d7d4, 0x6464bde3, 0x662203ba,
+    0x67e0698d, 0x48d7cb20, 0x4915a117, 0x4b531f4e, 0x4a917579,
+    0x4fde63fc, 0x4e1c09cb, 0x4c5ab792, 0x4d98dda5, 0x46c49a98,
+    0x4706f0af, 0x45404ef6, 0x448224c1, 0x41cd3244, 0x400f5873,
+    0x4249e62a, 0x438b8c1d, 0x54f16850, 0x55330267, 0x5775bc3e,
+    0x56b7d609, 0x53f8c08c, 0x523aaabb, 0x507c14e2, 0x51be7ed5,
+    0x5ae239e8, 0x5b2053df, 0x5966ed86, 0x58a487b1, 0x5deb9134,
+    0x5c29fb03, 0x5e6f455a, 0x5fad2f6d, 0xe1351b80, 0xe0f771b7,
+    0xe2b1cfee, 0xe373a5d9, 0xe63cb35c, 0xe7fed96b, 0xe5b86732,
+    0xe47a0d05, 0xef264a38, 0xeee4200f, 0xeca29e56, 0xed60f461,
+    0xe82fe2e4, 0xe9ed88d3, 0xebab368a, 0xea695cbd, 0xfd13b8f0,
+    0xfcd1d2c7, 0xfe976c9e, 0xff5506a9, 0xfa1a102c, 0xfbd87a1b,
+    0xf99ec442, 0xf85cae75, 0xf300e948, 0xf2c2837f, 0xf0843d26,
+    0xf1465711, 0xf4094194, 0xf5cb2ba3, 0xf78d95fa, 0xf64fffcd,
+    0xd9785d60, 0xd8ba3757, 0xdafc890e, 0xdb3ee339, 0xde71f5bc,
+    0xdfb39f8b, 0xddf521d2, 0xdc374be5, 0xd76b0cd8, 0xd6a966ef,
+    0xd4efd8b6, 0xd52db281, 0xd062a404, 0xd1a0ce33, 0xd3e6706a,
+    0xd2241a5d, 0xc55efe10, 0xc49c9427, 0xc6da2a7e, 0xc7184049,
+    0xc25756cc, 0xc3953cfb, 0xc1d382a2, 0xc011e895, 0xcb4dafa8,
+    0xca8fc59f, 0xc8c97bc6, 0xc90b11f1, 0xcc440774, 0xcd866d43,
+    0xcfc0d31a, 0xce02b92d, 0x91af9640, 0x906dfc77, 0x922b422e,
+    0x93e92819, 0x96a63e9c, 0x976454ab, 0x9522eaf2, 0x94e080c5,
+    0x9fbcc7f8, 0x9e7eadcf, 0x9c381396, 0x9dfa79a1, 0x98b56f24,
+    0x99770513, 0x9b31bb4a, 0x9af3d17d, 0x8d893530, 0x8c4b5f07,
+    0x8e0de15e, 0x8fcf8b69, 0x8a809dec, 0x8b42f7db, 0x89044982,
+    0x88c623b5, 0x839a6488, 0x82580ebf, 0x801eb0e6, 0x81dcdad1,
+    0x8493cc54, 0x8551a663, 0x8717183a, 0x86d5720d, 0xa9e2d0a0,
+    0xa820ba97, 0xaa6604ce, 0xaba46ef9, 0xaeeb787c, 0xaf29124b,
+    0xad6fac12, 0xacadc625, 0xa7f18118, 0xa633eb2f, 0xa4755576,
+    0xa5b73f41, 0xa0f829c4, 0xa13a43f3, 0xa37cfdaa, 0xa2be979d,
+    0xb5c473d0, 0xb40619e7, 0xb640a7be, 0xb782cd89, 0xb2cddb0c,
+    0xb30fb13b, 0xb1490f62, 0xb08b6555, 0xbbd72268, 0xba15485f,
+    0xb853f606, 0xb9919c31, 0xbcde8ab4, 0xbd1ce083, 0xbf5a5eda,
+    0xbe9834ed},
+   {0x00000000, 0x191b3141, 0x32366282, 0x2b2d53c3, 0x646cc504,
+    0x7d77f445, 0x565aa786, 0x4f4196c7, 0xc8d98a08, 0xd1c2bb49,
+    0xfaefe88a, 0xe3f4d9cb, 0xacb54f0c, 0xb5ae7e4d, 0x9e832d8e,
+    0x87981ccf, 0x4ac21251, 0x53d92310, 0x78f470d3, 0x61ef4192,
+    0x2eaed755, 0x37b5e614, 0x1c98b5d7, 0x05838496, 0x821b9859,
+    0x9b00a918, 0xb02dfadb, 0xa936cb9a, 0xe6775d5d, 0xff6c6c1c,
+    0xd4413fdf, 0xcd5a0e9e, 0x958424a2, 0x8c9f15e3, 0xa7b24620,
+    0xbea97761, 0xf1e8e1a6, 0xe8f3d0e7, 0xc3de8324, 0xdac5b265,
+    0x5d5daeaa, 0x44469feb, 0x6f6bcc28, 0x7670fd69, 0x39316bae,
+    0x202a5aef, 0x0b07092c, 0x121c386d, 0xdf4636f3, 0xc65d07b2,
+    0xed705471, 0xf46b6530, 0xbb2af3f7, 0xa231c2b6, 0x891c9175,
+    0x9007a034, 0x179fbcfb, 0x0e848dba, 0x25a9de79, 0x3cb2ef38,
+    0x73f379ff, 0x6ae848be, 0x41c51b7d, 0x58de2a3c, 0xf0794f05,
+    0xe9627e44, 0xc24f2d87, 0xdb541cc6, 0x94158a01, 0x8d0ebb40,
+    0xa623e883, 0xbf38d9c2, 0x38a0c50d, 0x21bbf44c, 0x0a96a78f,
+    0x138d96ce, 0x5ccc0009, 0x45d73148, 0x6efa628b, 0x77e153ca,
+    0xbabb5d54, 0xa3a06c15, 0x888d3fd6, 0x91960e97, 0xded79850,
+    0xc7cca911, 0xece1fad2, 0xf5facb93, 0x7262d75c, 0x6b79e61d,
+    0x4054b5de, 0x594f849f, 0x160e1258, 0x0f152319, 0x243870da,
+    0x3d23419b, 0x65fd6ba7, 0x7ce65ae6, 0x57cb0925, 0x4ed03864,
+    0x0191aea3, 0x188a9fe2, 0x33a7cc21, 0x2abcfd60, 0xad24e1af,
+    0xb43fd0ee, 0x9f12832d, 0x8609b26c, 0xc94824ab, 0xd05315ea,
+    0xfb7e4629, 0xe2657768, 0x2f3f79f6, 0x362448b7, 0x1d091b74,
+    0x04122a35, 0x4b53bcf2, 0x52488db3, 0x7965de70, 0x607eef31,
+    0xe7e6f3fe, 0xfefdc2bf, 0xd5d0917c, 0xcccba03d, 0x838a36fa,
+    0x9a9107bb, 0xb1bc5478, 0xa8a76539, 0x3b83984b, 0x2298a90a,
+    0x09b5fac9, 0x10aecb88, 0x5fef5d4f, 0x46f46c0e, 0x6dd93fcd,
+    0x74c20e8c, 0xf35a1243, 0xea412302, 0xc16c70c1, 0xd8774180,
+    0x9736d747, 0x8e2de606, 0xa500b5c5, 0xbc1b8484, 0x71418a1a,
+    0x685abb5b, 0x4377e898, 0x5a6cd9d9, 0x152d4f1e, 0x0c367e5f,
+    0x271b2d9c, 0x3e001cdd, 0xb9980012, 0xa0833153, 0x8bae6290,
+    0x92b553d1, 0xddf4c516, 0xc4eff457, 0xefc2a794, 0xf6d996d5,
+    0xae07bce9, 0xb71c8da8, 0x9c31de6b, 0x852aef2a, 0xca6b79ed,
+    0xd37048ac, 0xf85d1b6f, 0xe1462a2e, 0x66de36e1, 0x7fc507a0,
+    0x54e85463, 0x4df36522, 0x02b2f3e5, 0x1ba9c2a4, 0x30849167,
+    0x299fa026, 0xe4c5aeb8, 0xfdde9ff9, 0xd6f3cc3a, 0xcfe8fd7b,
+    0x80a96bbc, 0x99b25afd, 0xb29f093e, 0xab84387f, 0x2c1c24b0,
+    0x350715f1, 0x1e2a4632, 0x07317773, 0x4870e1b4, 0x516bd0f5,
+    0x7a468336, 0x635db277, 0xcbfad74e, 0xd2e1e60f, 0xf9ccb5cc,
+    0xe0d7848d, 0xaf96124a, 0xb68d230b, 0x9da070c8, 0x84bb4189,
+    0x03235d46, 0x1a386c07, 0x31153fc4, 0x280e0e85, 0x674f9842,
+    0x7e54a903, 0x5579fac0, 0x4c62cb81, 0x8138c51f, 0x9823f45e,
+    0xb30ea79d, 0xaa1596dc, 0xe554001b, 0xfc4f315a, 0xd7626299,
+    0xce7953d8, 0x49e14f17, 0x50fa7e56, 0x7bd72d95, 0x62cc1cd4,
+    0x2d8d8a13, 0x3496bb52, 0x1fbbe891, 0x06a0d9d0, 0x5e7ef3ec,
+    0x4765c2ad, 0x6c48916e, 0x7553a02f, 0x3a1236e8, 0x230907a9,
+    0x0824546a, 0x113f652b, 0x96a779e4, 0x8fbc48a5, 0xa4911b66,
+    0xbd8a2a27, 0xf2cbbce0, 0xebd08da1, 0xc0fdde62, 0xd9e6ef23,
+    0x14bce1bd, 0x0da7d0fc, 0x268a833f, 0x3f91b27e, 0x70d024b9,
+    0x69cb15f8, 0x42e6463b, 0x5bfd777a, 0xdc656bb5, 0xc57e5af4,
+    0xee530937, 0xf7483876, 0xb809aeb1, 0xa1129ff0, 0x8a3fcc33,
+    0x9324fd72},
+   {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+    0x2d02ef8d}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x9630077700000000, 0x2c610eee00000000,
+    0xba51099900000000, 0x19c46d0700000000, 0x8ff46a7000000000,
+    0x35a563e900000000, 0xa395649e00000000, 0x3288db0e00000000,
+    0xa4b8dc7900000000, 0x1ee9d5e000000000, 0x88d9d29700000000,
+    0x2b4cb60900000000, 0xbd7cb17e00000000, 0x072db8e700000000,
+    0x911dbf9000000000, 0x6410b71d00000000, 0xf220b06a00000000,
+    0x4871b9f300000000, 0xde41be8400000000, 0x7dd4da1a00000000,
+    0xebe4dd6d00000000, 0x51b5d4f400000000, 0xc785d38300000000,
+    0x56986c1300000000, 0xc0a86b6400000000, 0x7af962fd00000000,
+    0xecc9658a00000000, 0x4f5c011400000000, 0xd96c066300000000,
+    0x633d0ffa00000000, 0xf50d088d00000000, 0xc8206e3b00000000,
+    0x5e10694c00000000, 0xe44160d500000000, 0x727167a200000000,
+    0xd1e4033c00000000, 0x47d4044b00000000, 0xfd850dd200000000,
+    0x6bb50aa500000000, 0xfaa8b53500000000, 0x6c98b24200000000,
+    0xd6c9bbdb00000000, 0x40f9bcac00000000, 0xe36cd83200000000,
+    0x755cdf4500000000, 0xcf0dd6dc00000000, 0x593dd1ab00000000,
+    0xac30d92600000000, 0x3a00de5100000000, 0x8051d7c800000000,
+    0x1661d0bf00000000, 0xb5f4b42100000000, 0x23c4b35600000000,
+    0x9995bacf00000000, 0x0fa5bdb800000000, 0x9eb8022800000000,
+    0x0888055f00000000, 0xb2d90cc600000000, 0x24e90bb100000000,
+    0x877c6f2f00000000, 0x114c685800000000, 0xab1d61c100000000,
+    0x3d2d66b600000000, 0x9041dc7600000000, 0x0671db0100000000,
+    0xbc20d29800000000, 0x2a10d5ef00000000, 0x8985b17100000000,
+    0x1fb5b60600000000, 0xa5e4bf9f00000000, 0x33d4b8e800000000,
+    0xa2c9077800000000, 0x34f9000f00000000, 0x8ea8099600000000,
+    0x18980ee100000000, 0xbb0d6a7f00000000, 0x2d3d6d0800000000,
+    0x976c649100000000, 0x015c63e600000000, 0xf4516b6b00000000,
+    0x62616c1c00000000, 0xd830658500000000, 0x4e0062f200000000,
+    0xed95066c00000000, 0x7ba5011b00000000, 0xc1f4088200000000,
+    0x57c40ff500000000, 0xc6d9b06500000000, 0x50e9b71200000000,
+    0xeab8be8b00000000, 0x7c88b9fc00000000, 0xdf1ddd6200000000,
+    0x492dda1500000000, 0xf37cd38c00000000, 0x654cd4fb00000000,
+    0x5861b24d00000000, 0xce51b53a00000000, 0x7400bca300000000,
+    0xe230bbd400000000, 0x41a5df4a00000000, 0xd795d83d00000000,
+    0x6dc4d1a400000000, 0xfbf4d6d300000000, 0x6ae9694300000000,
+    0xfcd96e3400000000, 0x468867ad00000000, 0xd0b860da00000000,
+    0x732d044400000000, 0xe51d033300000000, 0x5f4c0aaa00000000,
+    0xc97c0ddd00000000, 0x3c71055000000000, 0xaa41022700000000,
+    0x10100bbe00000000, 0x86200cc900000000, 0x25b5685700000000,
+    0xb3856f2000000000, 0x09d466b900000000, 0x9fe461ce00000000,
+    0x0ef9de5e00000000, 0x98c9d92900000000, 0x2298d0b000000000,
+    0xb4a8d7c700000000, 0x173db35900000000, 0x810db42e00000000,
+    0x3b5cbdb700000000, 0xad6cbac000000000, 0x2083b8ed00000000,
+    0xb6b3bf9a00000000, 0x0ce2b60300000000, 0x9ad2b17400000000,
+    0x3947d5ea00000000, 0xaf77d29d00000000, 0x1526db0400000000,
+    0x8316dc7300000000, 0x120b63e300000000, 0x843b649400000000,
+    0x3e6a6d0d00000000, 0xa85a6a7a00000000, 0x0bcf0ee400000000,
+    0x9dff099300000000, 0x27ae000a00000000, 0xb19e077d00000000,
+    0x44930ff000000000, 0xd2a3088700000000, 0x68f2011e00000000,
+    0xfec2066900000000, 0x5d5762f700000000, 0xcb67658000000000,
+    0x71366c1900000000, 0xe7066b6e00000000, 0x761bd4fe00000000,
+    0xe02bd38900000000, 0x5a7ada1000000000, 0xcc4add6700000000,
+    0x6fdfb9f900000000, 0xf9efbe8e00000000, 0x43beb71700000000,
+    0xd58eb06000000000, 0xe8a3d6d600000000, 0x7e93d1a100000000,
+    0xc4c2d83800000000, 0x52f2df4f00000000, 0xf167bbd100000000,
+    0x6757bca600000000, 0xdd06b53f00000000, 0x4b36b24800000000,
+    0xda2b0dd800000000, 0x4c1b0aaf00000000, 0xf64a033600000000,
+    0x607a044100000000, 0xc3ef60df00000000, 0x55df67a800000000,
+    0xef8e6e3100000000, 0x79be694600000000, 0x8cb361cb00000000,
+    0x1a8366bc00000000, 0xa0d26f2500000000, 0x36e2685200000000,
+    0x95770ccc00000000, 0x03470bbb00000000, 0xb916022200000000,
+    0x2f26055500000000, 0xbe3bbac500000000, 0x280bbdb200000000,
+    0x925ab42b00000000, 0x046ab35c00000000, 0xa7ffd7c200000000,
+    0x31cfd0b500000000, 0x8b9ed92c00000000, 0x1daede5b00000000,
+    0xb0c2649b00000000, 0x26f263ec00000000, 0x9ca36a7500000000,
+    0x0a936d0200000000, 0xa906099c00000000, 0x3f360eeb00000000,
+    0x8567077200000000, 0x1357000500000000, 0x824abf9500000000,
+    0x147ab8e200000000, 0xae2bb17b00000000, 0x381bb60c00000000,
+    0x9b8ed29200000000, 0x0dbed5e500000000, 0xb7efdc7c00000000,
+    0x21dfdb0b00000000, 0xd4d2d38600000000, 0x42e2d4f100000000,
+    0xf8b3dd6800000000, 0x6e83da1f00000000, 0xcd16be8100000000,
+    0x5b26b9f600000000, 0xe177b06f00000000, 0x7747b71800000000,
+    0xe65a088800000000, 0x706a0fff00000000, 0xca3b066600000000,
+    0x5c0b011100000000, 0xff9e658f00000000, 0x69ae62f800000000,
+    0xd3ff6b6100000000, 0x45cf6c1600000000, 0x78e20aa000000000,
+    0xeed20dd700000000, 0x5483044e00000000, 0xc2b3033900000000,
+    0x612667a700000000, 0xf71660d000000000, 0x4d47694900000000,
+    0xdb776e3e00000000, 0x4a6ad1ae00000000, 0xdc5ad6d900000000,
+    0x660bdf4000000000, 0xf03bd83700000000, 0x53aebca900000000,
+    0xc59ebbde00000000, 0x7fcfb24700000000, 0xe9ffb53000000000,
+    0x1cf2bdbd00000000, 0x8ac2baca00000000, 0x3093b35300000000,
+    0xa6a3b42400000000, 0x0536d0ba00000000, 0x9306d7cd00000000,
+    0x2957de5400000000, 0xbf67d92300000000, 0x2e7a66b300000000,
+    0xb84a61c400000000, 0x021b685d00000000, 0x942b6f2a00000000,
+    0x37be0bb400000000, 0xa18e0cc300000000, 0x1bdf055a00000000,
+    0x8def022d00000000},
+   {0x0000000000000000, 0x41311b1900000000, 0x8262363200000000,
+    0xc3532d2b00000000, 0x04c56c6400000000, 0x45f4777d00000000,
+    0x86a75a5600000000, 0xc796414f00000000, 0x088ad9c800000000,
+    0x49bbc2d100000000, 0x8ae8effa00000000, 0xcbd9f4e300000000,
+    0x0c4fb5ac00000000, 0x4d7eaeb500000000, 0x8e2d839e00000000,
+    0xcf1c988700000000, 0x5112c24a00000000, 0x1023d95300000000,
+    0xd370f47800000000, 0x9241ef6100000000, 0x55d7ae2e00000000,
+    0x14e6b53700000000, 0xd7b5981c00000000, 0x9684830500000000,
+    0x59981b8200000000, 0x18a9009b00000000, 0xdbfa2db000000000,
+    0x9acb36a900000000, 0x5d5d77e600000000, 0x1c6c6cff00000000,
+    0xdf3f41d400000000, 0x9e0e5acd00000000, 0xa224849500000000,
+    0xe3159f8c00000000, 0x2046b2a700000000, 0x6177a9be00000000,
+    0xa6e1e8f100000000, 0xe7d0f3e800000000, 0x2483dec300000000,
+    0x65b2c5da00000000, 0xaaae5d5d00000000, 0xeb9f464400000000,
+    0x28cc6b6f00000000, 0x69fd707600000000, 0xae6b313900000000,
+    0xef5a2a2000000000, 0x2c09070b00000000, 0x6d381c1200000000,
+    0xf33646df00000000, 0xb2075dc600000000, 0x715470ed00000000,
+    0x30656bf400000000, 0xf7f32abb00000000, 0xb6c231a200000000,
+    0x75911c8900000000, 0x34a0079000000000, 0xfbbc9f1700000000,
+    0xba8d840e00000000, 0x79dea92500000000, 0x38efb23c00000000,
+    0xff79f37300000000, 0xbe48e86a00000000, 0x7d1bc54100000000,
+    0x3c2ade5800000000, 0x054f79f000000000, 0x447e62e900000000,
+    0x872d4fc200000000, 0xc61c54db00000000, 0x018a159400000000,
+    0x40bb0e8d00000000, 0x83e823a600000000, 0xc2d938bf00000000,
+    0x0dc5a03800000000, 0x4cf4bb2100000000, 0x8fa7960a00000000,
+    0xce968d1300000000, 0x0900cc5c00000000, 0x4831d74500000000,
+    0x8b62fa6e00000000, 0xca53e17700000000, 0x545dbbba00000000,
+    0x156ca0a300000000, 0xd63f8d8800000000, 0x970e969100000000,
+    0x5098d7de00000000, 0x11a9ccc700000000, 0xd2fae1ec00000000,
+    0x93cbfaf500000000, 0x5cd7627200000000, 0x1de6796b00000000,
+    0xdeb5544000000000, 0x9f844f5900000000, 0x58120e1600000000,
+    0x1923150f00000000, 0xda70382400000000, 0x9b41233d00000000,
+    0xa76bfd6500000000, 0xe65ae67c00000000, 0x2509cb5700000000,
+    0x6438d04e00000000, 0xa3ae910100000000, 0xe29f8a1800000000,
+    0x21cca73300000000, 0x60fdbc2a00000000, 0xafe124ad00000000,
+    0xeed03fb400000000, 0x2d83129f00000000, 0x6cb2098600000000,
+    0xab2448c900000000, 0xea1553d000000000, 0x29467efb00000000,
+    0x687765e200000000, 0xf6793f2f00000000, 0xb748243600000000,
+    0x741b091d00000000, 0x352a120400000000, 0xf2bc534b00000000,
+    0xb38d485200000000, 0x70de657900000000, 0x31ef7e6000000000,
+    0xfef3e6e700000000, 0xbfc2fdfe00000000, 0x7c91d0d500000000,
+    0x3da0cbcc00000000, 0xfa368a8300000000, 0xbb07919a00000000,
+    0x7854bcb100000000, 0x3965a7a800000000, 0x4b98833b00000000,
+    0x0aa9982200000000, 0xc9fab50900000000, 0x88cbae1000000000,
+    0x4f5def5f00000000, 0x0e6cf44600000000, 0xcd3fd96d00000000,
+    0x8c0ec27400000000, 0x43125af300000000, 0x022341ea00000000,
+    0xc1706cc100000000, 0x804177d800000000, 0x47d7369700000000,
+    0x06e62d8e00000000, 0xc5b500a500000000, 0x84841bbc00000000,
+    0x1a8a417100000000, 0x5bbb5a6800000000, 0x98e8774300000000,
+    0xd9d96c5a00000000, 0x1e4f2d1500000000, 0x5f7e360c00000000,
+    0x9c2d1b2700000000, 0xdd1c003e00000000, 0x120098b900000000,
+    0x533183a000000000, 0x9062ae8b00000000, 0xd153b59200000000,
+    0x16c5f4dd00000000, 0x57f4efc400000000, 0x94a7c2ef00000000,
+    0xd596d9f600000000, 0xe9bc07ae00000000, 0xa88d1cb700000000,
+    0x6bde319c00000000, 0x2aef2a8500000000, 0xed796bca00000000,
+    0xac4870d300000000, 0x6f1b5df800000000, 0x2e2a46e100000000,
+    0xe136de6600000000, 0xa007c57f00000000, 0x6354e85400000000,
+    0x2265f34d00000000, 0xe5f3b20200000000, 0xa4c2a91b00000000,
+    0x6791843000000000, 0x26a09f2900000000, 0xb8aec5e400000000,
+    0xf99fdefd00000000, 0x3accf3d600000000, 0x7bfde8cf00000000,
+    0xbc6ba98000000000, 0xfd5ab29900000000, 0x3e099fb200000000,
+    0x7f3884ab00000000, 0xb0241c2c00000000, 0xf115073500000000,
+    0x32462a1e00000000, 0x7377310700000000, 0xb4e1704800000000,
+    0xf5d06b5100000000, 0x3683467a00000000, 0x77b25d6300000000,
+    0x4ed7facb00000000, 0x0fe6e1d200000000, 0xccb5ccf900000000,
+    0x8d84d7e000000000, 0x4a1296af00000000, 0x0b238db600000000,
+    0xc870a09d00000000, 0x8941bb8400000000, 0x465d230300000000,
+    0x076c381a00000000, 0xc43f153100000000, 0x850e0e2800000000,
+    0x42984f6700000000, 0x03a9547e00000000, 0xc0fa795500000000,
+    0x81cb624c00000000, 0x1fc5388100000000, 0x5ef4239800000000,
+    0x9da70eb300000000, 0xdc9615aa00000000, 0x1b0054e500000000,
+    0x5a314ffc00000000, 0x996262d700000000, 0xd85379ce00000000,
+    0x174fe14900000000, 0x567efa5000000000, 0x952dd77b00000000,
+    0xd41ccc6200000000, 0x138a8d2d00000000, 0x52bb963400000000,
+    0x91e8bb1f00000000, 0xd0d9a00600000000, 0xecf37e5e00000000,
+    0xadc2654700000000, 0x6e91486c00000000, 0x2fa0537500000000,
+    0xe836123a00000000, 0xa907092300000000, 0x6a54240800000000,
+    0x2b653f1100000000, 0xe479a79600000000, 0xa548bc8f00000000,
+    0x661b91a400000000, 0x272a8abd00000000, 0xe0bccbf200000000,
+    0xa18dd0eb00000000, 0x62defdc000000000, 0x23efe6d900000000,
+    0xbde1bc1400000000, 0xfcd0a70d00000000, 0x3f838a2600000000,
+    0x7eb2913f00000000, 0xb924d07000000000, 0xf815cb6900000000,
+    0x3b46e64200000000, 0x7a77fd5b00000000, 0xb56b65dc00000000,
+    0xf45a7ec500000000, 0x370953ee00000000, 0x763848f700000000,
+    0xb1ae09b800000000, 0xf09f12a100000000, 0x33cc3f8a00000000,
+    0x72fd249300000000},
+   {0x0000000000000000, 0x376ac20100000000, 0x6ed4840300000000,
+    0x59be460200000000, 0xdca8090700000000, 0xebc2cb0600000000,
+    0xb27c8d0400000000, 0x85164f0500000000, 0xb851130e00000000,
+    0x8f3bd10f00000000, 0xd685970d00000000, 0xe1ef550c00000000,
+    0x64f91a0900000000, 0x5393d80800000000, 0x0a2d9e0a00000000,
+    0x3d475c0b00000000, 0x70a3261c00000000, 0x47c9e41d00000000,
+    0x1e77a21f00000000, 0x291d601e00000000, 0xac0b2f1b00000000,
+    0x9b61ed1a00000000, 0xc2dfab1800000000, 0xf5b5691900000000,
+    0xc8f2351200000000, 0xff98f71300000000, 0xa626b11100000000,
+    0x914c731000000000, 0x145a3c1500000000, 0x2330fe1400000000,
+    0x7a8eb81600000000, 0x4de47a1700000000, 0xe0464d3800000000,
+    0xd72c8f3900000000, 0x8e92c93b00000000, 0xb9f80b3a00000000,
+    0x3cee443f00000000, 0x0b84863e00000000, 0x523ac03c00000000,
+    0x6550023d00000000, 0x58175e3600000000, 0x6f7d9c3700000000,
+    0x36c3da3500000000, 0x01a9183400000000, 0x84bf573100000000,
+    0xb3d5953000000000, 0xea6bd33200000000, 0xdd01113300000000,
+    0x90e56b2400000000, 0xa78fa92500000000, 0xfe31ef2700000000,
+    0xc95b2d2600000000, 0x4c4d622300000000, 0x7b27a02200000000,
+    0x2299e62000000000, 0x15f3242100000000, 0x28b4782a00000000,
+    0x1fdeba2b00000000, 0x4660fc2900000000, 0x710a3e2800000000,
+    0xf41c712d00000000, 0xc376b32c00000000, 0x9ac8f52e00000000,
+    0xada2372f00000000, 0xc08d9a7000000000, 0xf7e7587100000000,
+    0xae591e7300000000, 0x9933dc7200000000, 0x1c25937700000000,
+    0x2b4f517600000000, 0x72f1177400000000, 0x459bd57500000000,
+    0x78dc897e00000000, 0x4fb64b7f00000000, 0x16080d7d00000000,
+    0x2162cf7c00000000, 0xa474807900000000, 0x931e427800000000,
+    0xcaa0047a00000000, 0xfdcac67b00000000, 0xb02ebc6c00000000,
+    0x87447e6d00000000, 0xdefa386f00000000, 0xe990fa6e00000000,
+    0x6c86b56b00000000, 0x5bec776a00000000, 0x0252316800000000,
+    0x3538f36900000000, 0x087faf6200000000, 0x3f156d6300000000,
+    0x66ab2b6100000000, 0x51c1e96000000000, 0xd4d7a66500000000,
+    0xe3bd646400000000, 0xba03226600000000, 0x8d69e06700000000,
+    0x20cbd74800000000, 0x17a1154900000000, 0x4e1f534b00000000,
+    0x7975914a00000000, 0xfc63de4f00000000, 0xcb091c4e00000000,
+    0x92b75a4c00000000, 0xa5dd984d00000000, 0x989ac44600000000,
+    0xaff0064700000000, 0xf64e404500000000, 0xc124824400000000,
+    0x4432cd4100000000, 0x73580f4000000000, 0x2ae6494200000000,
+    0x1d8c8b4300000000, 0x5068f15400000000, 0x6702335500000000,
+    0x3ebc755700000000, 0x09d6b75600000000, 0x8cc0f85300000000,
+    0xbbaa3a5200000000, 0xe2147c5000000000, 0xd57ebe5100000000,
+    0xe839e25a00000000, 0xdf53205b00000000, 0x86ed665900000000,
+    0xb187a45800000000, 0x3491eb5d00000000, 0x03fb295c00000000,
+    0x5a456f5e00000000, 0x6d2fad5f00000000, 0x801b35e100000000,
+    0xb771f7e000000000, 0xeecfb1e200000000, 0xd9a573e300000000,
+    0x5cb33ce600000000, 0x6bd9fee700000000, 0x3267b8e500000000,
+    0x050d7ae400000000, 0x384a26ef00000000, 0x0f20e4ee00000000,
+    0x569ea2ec00000000, 0x61f460ed00000000, 0xe4e22fe800000000,
+    0xd388ede900000000, 0x8a36abeb00000000, 0xbd5c69ea00000000,
+    0xf0b813fd00000000, 0xc7d2d1fc00000000, 0x9e6c97fe00000000,
+    0xa90655ff00000000, 0x2c101afa00000000, 0x1b7ad8fb00000000,
+    0x42c49ef900000000, 0x75ae5cf800000000, 0x48e900f300000000,
+    0x7f83c2f200000000, 0x263d84f000000000, 0x115746f100000000,
+    0x944109f400000000, 0xa32bcbf500000000, 0xfa958df700000000,
+    0xcdff4ff600000000, 0x605d78d900000000, 0x5737bad800000000,
+    0x0e89fcda00000000, 0x39e33edb00000000, 0xbcf571de00000000,
+    0x8b9fb3df00000000, 0xd221f5dd00000000, 0xe54b37dc00000000,
+    0xd80c6bd700000000, 0xef66a9d600000000, 0xb6d8efd400000000,
+    0x81b22dd500000000, 0x04a462d000000000, 0x33cea0d100000000,
+    0x6a70e6d300000000, 0x5d1a24d200000000, 0x10fe5ec500000000,
+    0x27949cc400000000, 0x7e2adac600000000, 0x494018c700000000,
+    0xcc5657c200000000, 0xfb3c95c300000000, 0xa282d3c100000000,
+    0x95e811c000000000, 0xa8af4dcb00000000, 0x9fc58fca00000000,
+    0xc67bc9c800000000, 0xf1110bc900000000, 0x740744cc00000000,
+    0x436d86cd00000000, 0x1ad3c0cf00000000, 0x2db902ce00000000,
+    0x4096af9100000000, 0x77fc6d9000000000, 0x2e422b9200000000,
+    0x1928e99300000000, 0x9c3ea69600000000, 0xab54649700000000,
+    0xf2ea229500000000, 0xc580e09400000000, 0xf8c7bc9f00000000,
+    0xcfad7e9e00000000, 0x9613389c00000000, 0xa179fa9d00000000,
+    0x246fb59800000000, 0x1305779900000000, 0x4abb319b00000000,
+    0x7dd1f39a00000000, 0x3035898d00000000, 0x075f4b8c00000000,
+    0x5ee10d8e00000000, 0x698bcf8f00000000, 0xec9d808a00000000,
+    0xdbf7428b00000000, 0x8249048900000000, 0xb523c68800000000,
+    0x88649a8300000000, 0xbf0e588200000000, 0xe6b01e8000000000,
+    0xd1dadc8100000000, 0x54cc938400000000, 0x63a6518500000000,
+    0x3a18178700000000, 0x0d72d58600000000, 0xa0d0e2a900000000,
+    0x97ba20a800000000, 0xce0466aa00000000, 0xf96ea4ab00000000,
+    0x7c78ebae00000000, 0x4b1229af00000000, 0x12ac6fad00000000,
+    0x25c6adac00000000, 0x1881f1a700000000, 0x2feb33a600000000,
+    0x765575a400000000, 0x413fb7a500000000, 0xc429f8a000000000,
+    0xf3433aa100000000, 0xaafd7ca300000000, 0x9d97bea200000000,
+    0xd073c4b500000000, 0xe71906b400000000, 0xbea740b600000000,
+    0x89cd82b700000000, 0x0cdbcdb200000000, 0x3bb10fb300000000,
+    0x620f49b100000000, 0x55658bb000000000, 0x6822d7bb00000000,
+    0x5f4815ba00000000, 0x06f653b800000000, 0x319c91b900000000,
+    0xb48adebc00000000, 0x83e01cbd00000000, 0xda5e5abf00000000,
+    0xed3498be00000000},
+   {0x0000000000000000, 0x6567bcb800000000, 0x8bc809aa00000000,
+    0xeeafb51200000000, 0x5797628f00000000, 0x32f0de3700000000,
+    0xdc5f6b2500000000, 0xb938d79d00000000, 0xef28b4c500000000,
+    0x8a4f087d00000000, 0x64e0bd6f00000000, 0x018701d700000000,
+    0xb8bfd64a00000000, 0xddd86af200000000, 0x3377dfe000000000,
+    0x5610635800000000, 0x9f57195000000000, 0xfa30a5e800000000,
+    0x149f10fa00000000, 0x71f8ac4200000000, 0xc8c07bdf00000000,
+    0xada7c76700000000, 0x4308727500000000, 0x266fcecd00000000,
+    0x707fad9500000000, 0x1518112d00000000, 0xfbb7a43f00000000,
+    0x9ed0188700000000, 0x27e8cf1a00000000, 0x428f73a200000000,
+    0xac20c6b000000000, 0xc9477a0800000000, 0x3eaf32a000000000,
+    0x5bc88e1800000000, 0xb5673b0a00000000, 0xd00087b200000000,
+    0x6938502f00000000, 0x0c5fec9700000000, 0xe2f0598500000000,
+    0x8797e53d00000000, 0xd187866500000000, 0xb4e03add00000000,
+    0x5a4f8fcf00000000, 0x3f28337700000000, 0x8610e4ea00000000,
+    0xe377585200000000, 0x0dd8ed4000000000, 0x68bf51f800000000,
+    0xa1f82bf000000000, 0xc49f974800000000, 0x2a30225a00000000,
+    0x4f579ee200000000, 0xf66f497f00000000, 0x9308f5c700000000,
+    0x7da740d500000000, 0x18c0fc6d00000000, 0x4ed09f3500000000,
+    0x2bb7238d00000000, 0xc518969f00000000, 0xa07f2a2700000000,
+    0x1947fdba00000000, 0x7c20410200000000, 0x928ff41000000000,
+    0xf7e848a800000000, 0x3d58149b00000000, 0x583fa82300000000,
+    0xb6901d3100000000, 0xd3f7a18900000000, 0x6acf761400000000,
+    0x0fa8caac00000000, 0xe1077fbe00000000, 0x8460c30600000000,
+    0xd270a05e00000000, 0xb7171ce600000000, 0x59b8a9f400000000,
+    0x3cdf154c00000000, 0x85e7c2d100000000, 0xe0807e6900000000,
+    0x0e2fcb7b00000000, 0x6b4877c300000000, 0xa20f0dcb00000000,
+    0xc768b17300000000, 0x29c7046100000000, 0x4ca0b8d900000000,
+    0xf5986f4400000000, 0x90ffd3fc00000000, 0x7e5066ee00000000,
+    0x1b37da5600000000, 0x4d27b90e00000000, 0x284005b600000000,
+    0xc6efb0a400000000, 0xa3880c1c00000000, 0x1ab0db8100000000,
+    0x7fd7673900000000, 0x9178d22b00000000, 0xf41f6e9300000000,
+    0x03f7263b00000000, 0x66909a8300000000, 0x883f2f9100000000,
+    0xed58932900000000, 0x546044b400000000, 0x3107f80c00000000,
+    0xdfa84d1e00000000, 0xbacff1a600000000, 0xecdf92fe00000000,
+    0x89b82e4600000000, 0x67179b5400000000, 0x027027ec00000000,
+    0xbb48f07100000000, 0xde2f4cc900000000, 0x3080f9db00000000,
+    0x55e7456300000000, 0x9ca03f6b00000000, 0xf9c783d300000000,
+    0x176836c100000000, 0x720f8a7900000000, 0xcb375de400000000,
+    0xae50e15c00000000, 0x40ff544e00000000, 0x2598e8f600000000,
+    0x73888bae00000000, 0x16ef371600000000, 0xf840820400000000,
+    0x9d273ebc00000000, 0x241fe92100000000, 0x4178559900000000,
+    0xafd7e08b00000000, 0xcab05c3300000000, 0x3bb659ed00000000,
+    0x5ed1e55500000000, 0xb07e504700000000, 0xd519ecff00000000,
+    0x6c213b6200000000, 0x094687da00000000, 0xe7e932c800000000,
+    0x828e8e7000000000, 0xd49eed2800000000, 0xb1f9519000000000,
+    0x5f56e48200000000, 0x3a31583a00000000, 0x83098fa700000000,
+    0xe66e331f00000000, 0x08c1860d00000000, 0x6da63ab500000000,
+    0xa4e140bd00000000, 0xc186fc0500000000, 0x2f29491700000000,
+    0x4a4ef5af00000000, 0xf376223200000000, 0x96119e8a00000000,
+    0x78be2b9800000000, 0x1dd9972000000000, 0x4bc9f47800000000,
+    0x2eae48c000000000, 0xc001fdd200000000, 0xa566416a00000000,
+    0x1c5e96f700000000, 0x79392a4f00000000, 0x97969f5d00000000,
+    0xf2f123e500000000, 0x05196b4d00000000, 0x607ed7f500000000,
+    0x8ed162e700000000, 0xebb6de5f00000000, 0x528e09c200000000,
+    0x37e9b57a00000000, 0xd946006800000000, 0xbc21bcd000000000,
+    0xea31df8800000000, 0x8f56633000000000, 0x61f9d62200000000,
+    0x049e6a9a00000000, 0xbda6bd0700000000, 0xd8c101bf00000000,
+    0x366eb4ad00000000, 0x5309081500000000, 0x9a4e721d00000000,
+    0xff29cea500000000, 0x11867bb700000000, 0x74e1c70f00000000,
+    0xcdd9109200000000, 0xa8beac2a00000000, 0x4611193800000000,
+    0x2376a58000000000, 0x7566c6d800000000, 0x10017a6000000000,
+    0xfeaecf7200000000, 0x9bc973ca00000000, 0x22f1a45700000000,
+    0x479618ef00000000, 0xa939adfd00000000, 0xcc5e114500000000,
+    0x06ee4d7600000000, 0x6389f1ce00000000, 0x8d2644dc00000000,
+    0xe841f86400000000, 0x51792ff900000000, 0x341e934100000000,
+    0xdab1265300000000, 0xbfd69aeb00000000, 0xe9c6f9b300000000,
+    0x8ca1450b00000000, 0x620ef01900000000, 0x07694ca100000000,
+    0xbe519b3c00000000, 0xdb36278400000000, 0x3599929600000000,
+    0x50fe2e2e00000000, 0x99b9542600000000, 0xfcdee89e00000000,
+    0x12715d8c00000000, 0x7716e13400000000, 0xce2e36a900000000,
+    0xab498a1100000000, 0x45e63f0300000000, 0x208183bb00000000,
+    0x7691e0e300000000, 0x13f65c5b00000000, 0xfd59e94900000000,
+    0x983e55f100000000, 0x2106826c00000000, 0x44613ed400000000,
+    0xaace8bc600000000, 0xcfa9377e00000000, 0x38417fd600000000,
+    0x5d26c36e00000000, 0xb389767c00000000, 0xd6eecac400000000,
+    0x6fd61d5900000000, 0x0ab1a1e100000000, 0xe41e14f300000000,
+    0x8179a84b00000000, 0xd769cb1300000000, 0xb20e77ab00000000,
+    0x5ca1c2b900000000, 0x39c67e0100000000, 0x80fea99c00000000,
+    0xe599152400000000, 0x0b36a03600000000, 0x6e511c8e00000000,
+    0xa716668600000000, 0xc271da3e00000000, 0x2cde6f2c00000000,
+    0x49b9d39400000000, 0xf081040900000000, 0x95e6b8b100000000,
+    0x7b490da300000000, 0x1e2eb11b00000000, 0x483ed24300000000,
+    0x2d596efb00000000, 0xc3f6dbe900000000, 0xa691675100000000,
+    0x1fa9b0cc00000000, 0x7ace0c7400000000, 0x9461b96600000000,
+    0xf10605de00000000},
+   {0x0000000000000000, 0xb029603d00000000, 0x6053c07a00000000,
+    0xd07aa04700000000, 0xc0a680f500000000, 0x708fe0c800000000,
+    0xa0f5408f00000000, 0x10dc20b200000000, 0xc14b703000000000,
+    0x7162100d00000000, 0xa118b04a00000000, 0x1131d07700000000,
+    0x01edf0c500000000, 0xb1c490f800000000, 0x61be30bf00000000,
+    0xd197508200000000, 0x8297e06000000000, 0x32be805d00000000,
+    0xe2c4201a00000000, 0x52ed402700000000, 0x4231609500000000,
+    0xf21800a800000000, 0x2262a0ef00000000, 0x924bc0d200000000,
+    0x43dc905000000000, 0xf3f5f06d00000000, 0x238f502a00000000,
+    0x93a6301700000000, 0x837a10a500000000, 0x3353709800000000,
+    0xe329d0df00000000, 0x5300b0e200000000, 0x042fc1c100000000,
+    0xb406a1fc00000000, 0x647c01bb00000000, 0xd455618600000000,
+    0xc489413400000000, 0x74a0210900000000, 0xa4da814e00000000,
+    0x14f3e17300000000, 0xc564b1f100000000, 0x754dd1cc00000000,
+    0xa537718b00000000, 0x151e11b600000000, 0x05c2310400000000,
+    0xb5eb513900000000, 0x6591f17e00000000, 0xd5b8914300000000,
+    0x86b821a100000000, 0x3691419c00000000, 0xe6ebe1db00000000,
+    0x56c281e600000000, 0x461ea15400000000, 0xf637c16900000000,
+    0x264d612e00000000, 0x9664011300000000, 0x47f3519100000000,
+    0xf7da31ac00000000, 0x27a091eb00000000, 0x9789f1d600000000,
+    0x8755d16400000000, 0x377cb15900000000, 0xe706111e00000000,
+    0x572f712300000000, 0x4958f35800000000, 0xf971936500000000,
+    0x290b332200000000, 0x9922531f00000000, 0x89fe73ad00000000,
+    0x39d7139000000000, 0xe9adb3d700000000, 0x5984d3ea00000000,
+    0x8813836800000000, 0x383ae35500000000, 0xe840431200000000,
+    0x5869232f00000000, 0x48b5039d00000000, 0xf89c63a000000000,
+    0x28e6c3e700000000, 0x98cfa3da00000000, 0xcbcf133800000000,
+    0x7be6730500000000, 0xab9cd34200000000, 0x1bb5b37f00000000,
+    0x0b6993cd00000000, 0xbb40f3f000000000, 0x6b3a53b700000000,
+    0xdb13338a00000000, 0x0a84630800000000, 0xbaad033500000000,
+    0x6ad7a37200000000, 0xdafec34f00000000, 0xca22e3fd00000000,
+    0x7a0b83c000000000, 0xaa71238700000000, 0x1a5843ba00000000,
+    0x4d77329900000000, 0xfd5e52a400000000, 0x2d24f2e300000000,
+    0x9d0d92de00000000, 0x8dd1b26c00000000, 0x3df8d25100000000,
+    0xed82721600000000, 0x5dab122b00000000, 0x8c3c42a900000000,
+    0x3c15229400000000, 0xec6f82d300000000, 0x5c46e2ee00000000,
+    0x4c9ac25c00000000, 0xfcb3a26100000000, 0x2cc9022600000000,
+    0x9ce0621b00000000, 0xcfe0d2f900000000, 0x7fc9b2c400000000,
+    0xafb3128300000000, 0x1f9a72be00000000, 0x0f46520c00000000,
+    0xbf6f323100000000, 0x6f15927600000000, 0xdf3cf24b00000000,
+    0x0eaba2c900000000, 0xbe82c2f400000000, 0x6ef862b300000000,
+    0xded1028e00000000, 0xce0d223c00000000, 0x7e24420100000000,
+    0xae5ee24600000000, 0x1e77827b00000000, 0x92b0e6b100000000,
+    0x2299868c00000000, 0xf2e326cb00000000, 0x42ca46f600000000,
+    0x5216664400000000, 0xe23f067900000000, 0x3245a63e00000000,
+    0x826cc60300000000, 0x53fb968100000000, 0xe3d2f6bc00000000,
+    0x33a856fb00000000, 0x838136c600000000, 0x935d167400000000,
+    0x2374764900000000, 0xf30ed60e00000000, 0x4327b63300000000,
+    0x102706d100000000, 0xa00e66ec00000000, 0x7074c6ab00000000,
+    0xc05da69600000000, 0xd081862400000000, 0x60a8e61900000000,
+    0xb0d2465e00000000, 0x00fb266300000000, 0xd16c76e100000000,
+    0x614516dc00000000, 0xb13fb69b00000000, 0x0116d6a600000000,
+    0x11caf61400000000, 0xa1e3962900000000, 0x7199366e00000000,
+    0xc1b0565300000000, 0x969f277000000000, 0x26b6474d00000000,
+    0xf6cce70a00000000, 0x46e5873700000000, 0x5639a78500000000,
+    0xe610c7b800000000, 0x366a67ff00000000, 0x864307c200000000,
+    0x57d4574000000000, 0xe7fd377d00000000, 0x3787973a00000000,
+    0x87aef70700000000, 0x9772d7b500000000, 0x275bb78800000000,
+    0xf72117cf00000000, 0x470877f200000000, 0x1408c71000000000,
+    0xa421a72d00000000, 0x745b076a00000000, 0xc472675700000000,
+    0xd4ae47e500000000, 0x648727d800000000, 0xb4fd879f00000000,
+    0x04d4e7a200000000, 0xd543b72000000000, 0x656ad71d00000000,
+    0xb510775a00000000, 0x0539176700000000, 0x15e537d500000000,
+    0xa5cc57e800000000, 0x75b6f7af00000000, 0xc59f979200000000,
+    0xdbe815e900000000, 0x6bc175d400000000, 0xbbbbd59300000000,
+    0x0b92b5ae00000000, 0x1b4e951c00000000, 0xab67f52100000000,
+    0x7b1d556600000000, 0xcb34355b00000000, 0x1aa365d900000000,
+    0xaa8a05e400000000, 0x7af0a5a300000000, 0xcad9c59e00000000,
+    0xda05e52c00000000, 0x6a2c851100000000, 0xba56255600000000,
+    0x0a7f456b00000000, 0x597ff58900000000, 0xe95695b400000000,
+    0x392c35f300000000, 0x890555ce00000000, 0x99d9757c00000000,
+    0x29f0154100000000, 0xf98ab50600000000, 0x49a3d53b00000000,
+    0x983485b900000000, 0x281de58400000000, 0xf86745c300000000,
+    0x484e25fe00000000, 0x5892054c00000000, 0xe8bb657100000000,
+    0x38c1c53600000000, 0x88e8a50b00000000, 0xdfc7d42800000000,
+    0x6feeb41500000000, 0xbf94145200000000, 0x0fbd746f00000000,
+    0x1f6154dd00000000, 0xaf4834e000000000, 0x7f3294a700000000,
+    0xcf1bf49a00000000, 0x1e8ca41800000000, 0xaea5c42500000000,
+    0x7edf646200000000, 0xcef6045f00000000, 0xde2a24ed00000000,
+    0x6e0344d000000000, 0xbe79e49700000000, 0x0e5084aa00000000,
+    0x5d50344800000000, 0xed79547500000000, 0x3d03f43200000000,
+    0x8d2a940f00000000, 0x9df6b4bd00000000, 0x2ddfd48000000000,
+    0xfda574c700000000, 0x4d8c14fa00000000, 0x9c1b447800000000,
+    0x2c32244500000000, 0xfc48840200000000, 0x4c61e43f00000000,
+    0x5cbdc48d00000000, 0xec94a4b000000000, 0x3cee04f700000000,
+    0x8cc764ca00000000},
+   {0x0000000000000000, 0xa5d35ccb00000000, 0x0ba1c84d00000000,
+    0xae72948600000000, 0x1642919b00000000, 0xb391cd5000000000,
+    0x1de359d600000000, 0xb830051d00000000, 0x6d8253ec00000000,
+    0xc8510f2700000000, 0x66239ba100000000, 0xc3f0c76a00000000,
+    0x7bc0c27700000000, 0xde139ebc00000000, 0x70610a3a00000000,
+    0xd5b256f100000000, 0x9b02d60300000000, 0x3ed18ac800000000,
+    0x90a31e4e00000000, 0x3570428500000000, 0x8d40479800000000,
+    0x28931b5300000000, 0x86e18fd500000000, 0x2332d31e00000000,
+    0xf68085ef00000000, 0x5353d92400000000, 0xfd214da200000000,
+    0x58f2116900000000, 0xe0c2147400000000, 0x451148bf00000000,
+    0xeb63dc3900000000, 0x4eb080f200000000, 0x3605ac0700000000,
+    0x93d6f0cc00000000, 0x3da4644a00000000, 0x9877388100000000,
+    0x20473d9c00000000, 0x8594615700000000, 0x2be6f5d100000000,
+    0x8e35a91a00000000, 0x5b87ffeb00000000, 0xfe54a32000000000,
+    0x502637a600000000, 0xf5f56b6d00000000, 0x4dc56e7000000000,
+    0xe81632bb00000000, 0x4664a63d00000000, 0xe3b7faf600000000,
+    0xad077a0400000000, 0x08d426cf00000000, 0xa6a6b24900000000,
+    0x0375ee8200000000, 0xbb45eb9f00000000, 0x1e96b75400000000,
+    0xb0e423d200000000, 0x15377f1900000000, 0xc08529e800000000,
+    0x6556752300000000, 0xcb24e1a500000000, 0x6ef7bd6e00000000,
+    0xd6c7b87300000000, 0x7314e4b800000000, 0xdd66703e00000000,
+    0x78b52cf500000000, 0x6c0a580f00000000, 0xc9d904c400000000,
+    0x67ab904200000000, 0xc278cc8900000000, 0x7a48c99400000000,
+    0xdf9b955f00000000, 0x71e901d900000000, 0xd43a5d1200000000,
+    0x01880be300000000, 0xa45b572800000000, 0x0a29c3ae00000000,
+    0xaffa9f6500000000, 0x17ca9a7800000000, 0xb219c6b300000000,
+    0x1c6b523500000000, 0xb9b80efe00000000, 0xf7088e0c00000000,
+    0x52dbd2c700000000, 0xfca9464100000000, 0x597a1a8a00000000,
+    0xe14a1f9700000000, 0x4499435c00000000, 0xeaebd7da00000000,
+    0x4f388b1100000000, 0x9a8adde000000000, 0x3f59812b00000000,
+    0x912b15ad00000000, 0x34f8496600000000, 0x8cc84c7b00000000,
+    0x291b10b000000000, 0x8769843600000000, 0x22bad8fd00000000,
+    0x5a0ff40800000000, 0xffdca8c300000000, 0x51ae3c4500000000,
+    0xf47d608e00000000, 0x4c4d659300000000, 0xe99e395800000000,
+    0x47ecadde00000000, 0xe23ff11500000000, 0x378da7e400000000,
+    0x925efb2f00000000, 0x3c2c6fa900000000, 0x99ff336200000000,
+    0x21cf367f00000000, 0x841c6ab400000000, 0x2a6efe3200000000,
+    0x8fbda2f900000000, 0xc10d220b00000000, 0x64de7ec000000000,
+    0xcaacea4600000000, 0x6f7fb68d00000000, 0xd74fb39000000000,
+    0x729cef5b00000000, 0xdcee7bdd00000000, 0x793d271600000000,
+    0xac8f71e700000000, 0x095c2d2c00000000, 0xa72eb9aa00000000,
+    0x02fde56100000000, 0xbacde07c00000000, 0x1f1ebcb700000000,
+    0xb16c283100000000, 0x14bf74fa00000000, 0xd814b01e00000000,
+    0x7dc7ecd500000000, 0xd3b5785300000000, 0x7666249800000000,
+    0xce56218500000000, 0x6b857d4e00000000, 0xc5f7e9c800000000,
+    0x6024b50300000000, 0xb596e3f200000000, 0x1045bf3900000000,
+    0xbe372bbf00000000, 0x1be4777400000000, 0xa3d4726900000000,
+    0x06072ea200000000, 0xa875ba2400000000, 0x0da6e6ef00000000,
+    0x4316661d00000000, 0xe6c53ad600000000, 0x48b7ae5000000000,
+    0xed64f29b00000000, 0x5554f78600000000, 0xf087ab4d00000000,
+    0x5ef53fcb00000000, 0xfb26630000000000, 0x2e9435f100000000,
+    0x8b47693a00000000, 0x2535fdbc00000000, 0x80e6a17700000000,
+    0x38d6a46a00000000, 0x9d05f8a100000000, 0x33776c2700000000,
+    0x96a430ec00000000, 0xee111c1900000000, 0x4bc240d200000000,
+    0xe5b0d45400000000, 0x4063889f00000000, 0xf8538d8200000000,
+    0x5d80d14900000000, 0xf3f245cf00000000, 0x5621190400000000,
+    0x83934ff500000000, 0x2640133e00000000, 0x883287b800000000,
+    0x2de1db7300000000, 0x95d1de6e00000000, 0x300282a500000000,
+    0x9e70162300000000, 0x3ba34ae800000000, 0x7513ca1a00000000,
+    0xd0c096d100000000, 0x7eb2025700000000, 0xdb615e9c00000000,
+    0x63515b8100000000, 0xc682074a00000000, 0x68f093cc00000000,
+    0xcd23cf0700000000, 0x189199f600000000, 0xbd42c53d00000000,
+    0x133051bb00000000, 0xb6e30d7000000000, 0x0ed3086d00000000,
+    0xab0054a600000000, 0x0572c02000000000, 0xa0a19ceb00000000,
+    0xb41ee81100000000, 0x11cdb4da00000000, 0xbfbf205c00000000,
+    0x1a6c7c9700000000, 0xa25c798a00000000, 0x078f254100000000,
+    0xa9fdb1c700000000, 0x0c2eed0c00000000, 0xd99cbbfd00000000,
+    0x7c4fe73600000000, 0xd23d73b000000000, 0x77ee2f7b00000000,
+    0xcfde2a6600000000, 0x6a0d76ad00000000, 0xc47fe22b00000000,
+    0x61acbee000000000, 0x2f1c3e1200000000, 0x8acf62d900000000,
+    0x24bdf65f00000000, 0x816eaa9400000000, 0x395eaf8900000000,
+    0x9c8df34200000000, 0x32ff67c400000000, 0x972c3b0f00000000,
+    0x429e6dfe00000000, 0xe74d313500000000, 0x493fa5b300000000,
+    0xececf97800000000, 0x54dcfc6500000000, 0xf10fa0ae00000000,
+    0x5f7d342800000000, 0xfaae68e300000000, 0x821b441600000000,
+    0x27c818dd00000000, 0x89ba8c5b00000000, 0x2c69d09000000000,
+    0x9459d58d00000000, 0x318a894600000000, 0x9ff81dc000000000,
+    0x3a2b410b00000000, 0xef9917fa00000000, 0x4a4a4b3100000000,
+    0xe438dfb700000000, 0x41eb837c00000000, 0xf9db866100000000,
+    0x5c08daaa00000000, 0xf27a4e2c00000000, 0x57a912e700000000,
+    0x1919921500000000, 0xbccacede00000000, 0x12b85a5800000000,
+    0xb76b069300000000, 0x0f5b038e00000000, 0xaa885f4500000000,
+    0x04facbc300000000, 0xa129970800000000, 0x749bc1f900000000,
+    0xd1489d3200000000, 0x7f3a09b400000000, 0xdae9557f00000000,
+    0x62d9506200000000, 0xc70a0ca900000000, 0x6978982f00000000,
+    0xccabc4e400000000},
+   {0x0000000000000000, 0xb40b77a600000000, 0x29119f9700000000,
+    0x9d1ae83100000000, 0x13244ff400000000, 0xa72f385200000000,
+    0x3a35d06300000000, 0x8e3ea7c500000000, 0x674eef3300000000,
+    0xd345989500000000, 0x4e5f70a400000000, 0xfa54070200000000,
+    0x746aa0c700000000, 0xc061d76100000000, 0x5d7b3f5000000000,
+    0xe97048f600000000, 0xce9cde6700000000, 0x7a97a9c100000000,
+    0xe78d41f000000000, 0x5386365600000000, 0xddb8919300000000,
+    0x69b3e63500000000, 0xf4a90e0400000000, 0x40a279a200000000,
+    0xa9d2315400000000, 0x1dd946f200000000, 0x80c3aec300000000,
+    0x34c8d96500000000, 0xbaf67ea000000000, 0x0efd090600000000,
+    0x93e7e13700000000, 0x27ec969100000000, 0x9c39bdcf00000000,
+    0x2832ca6900000000, 0xb528225800000000, 0x012355fe00000000,
+    0x8f1df23b00000000, 0x3b16859d00000000, 0xa60c6dac00000000,
+    0x12071a0a00000000, 0xfb7752fc00000000, 0x4f7c255a00000000,
+    0xd266cd6b00000000, 0x666dbacd00000000, 0xe8531d0800000000,
+    0x5c586aae00000000, 0xc142829f00000000, 0x7549f53900000000,
+    0x52a563a800000000, 0xe6ae140e00000000, 0x7bb4fc3f00000000,
+    0xcfbf8b9900000000, 0x41812c5c00000000, 0xf58a5bfa00000000,
+    0x6890b3cb00000000, 0xdc9bc46d00000000, 0x35eb8c9b00000000,
+    0x81e0fb3d00000000, 0x1cfa130c00000000, 0xa8f164aa00000000,
+    0x26cfc36f00000000, 0x92c4b4c900000000, 0x0fde5cf800000000,
+    0xbbd52b5e00000000, 0x79750b4400000000, 0xcd7e7ce200000000,
+    0x506494d300000000, 0xe46fe37500000000, 0x6a5144b000000000,
+    0xde5a331600000000, 0x4340db2700000000, 0xf74bac8100000000,
+    0x1e3be47700000000, 0xaa3093d100000000, 0x372a7be000000000,
+    0x83210c4600000000, 0x0d1fab8300000000, 0xb914dc2500000000,
+    0x240e341400000000, 0x900543b200000000, 0xb7e9d52300000000,
+    0x03e2a28500000000, 0x9ef84ab400000000, 0x2af33d1200000000,
+    0xa4cd9ad700000000, 0x10c6ed7100000000, 0x8ddc054000000000,
+    0x39d772e600000000, 0xd0a73a1000000000, 0x64ac4db600000000,
+    0xf9b6a58700000000, 0x4dbdd22100000000, 0xc38375e400000000,
+    0x7788024200000000, 0xea92ea7300000000, 0x5e999dd500000000,
+    0xe54cb68b00000000, 0x5147c12d00000000, 0xcc5d291c00000000,
+    0x78565eba00000000, 0xf668f97f00000000, 0x42638ed900000000,
+    0xdf7966e800000000, 0x6b72114e00000000, 0x820259b800000000,
+    0x36092e1e00000000, 0xab13c62f00000000, 0x1f18b18900000000,
+    0x9126164c00000000, 0x252d61ea00000000, 0xb83789db00000000,
+    0x0c3cfe7d00000000, 0x2bd068ec00000000, 0x9fdb1f4a00000000,
+    0x02c1f77b00000000, 0xb6ca80dd00000000, 0x38f4271800000000,
+    0x8cff50be00000000, 0x11e5b88f00000000, 0xa5eecf2900000000,
+    0x4c9e87df00000000, 0xf895f07900000000, 0x658f184800000000,
+    0xd1846fee00000000, 0x5fbac82b00000000, 0xebb1bf8d00000000,
+    0x76ab57bc00000000, 0xc2a0201a00000000, 0xf2ea168800000000,
+    0x46e1612e00000000, 0xdbfb891f00000000, 0x6ff0feb900000000,
+    0xe1ce597c00000000, 0x55c52eda00000000, 0xc8dfc6eb00000000,
+    0x7cd4b14d00000000, 0x95a4f9bb00000000, 0x21af8e1d00000000,
+    0xbcb5662c00000000, 0x08be118a00000000, 0x8680b64f00000000,
+    0x328bc1e900000000, 0xaf9129d800000000, 0x1b9a5e7e00000000,
+    0x3c76c8ef00000000, 0x887dbf4900000000, 0x1567577800000000,
+    0xa16c20de00000000, 0x2f52871b00000000, 0x9b59f0bd00000000,
+    0x0643188c00000000, 0xb2486f2a00000000, 0x5b3827dc00000000,
+    0xef33507a00000000, 0x7229b84b00000000, 0xc622cfed00000000,
+    0x481c682800000000, 0xfc171f8e00000000, 0x610df7bf00000000,
+    0xd506801900000000, 0x6ed3ab4700000000, 0xdad8dce100000000,
+    0x47c234d000000000, 0xf3c9437600000000, 0x7df7e4b300000000,
+    0xc9fc931500000000, 0x54e67b2400000000, 0xe0ed0c8200000000,
+    0x099d447400000000, 0xbd9633d200000000, 0x208cdbe300000000,
+    0x9487ac4500000000, 0x1ab90b8000000000, 0xaeb27c2600000000,
+    0x33a8941700000000, 0x87a3e3b100000000, 0xa04f752000000000,
+    0x1444028600000000, 0x895eeab700000000, 0x3d559d1100000000,
+    0xb36b3ad400000000, 0x07604d7200000000, 0x9a7aa54300000000,
+    0x2e71d2e500000000, 0xc7019a1300000000, 0x730aedb500000000,
+    0xee10058400000000, 0x5a1b722200000000, 0xd425d5e700000000,
+    0x602ea24100000000, 0xfd344a7000000000, 0x493f3dd600000000,
+    0x8b9f1dcc00000000, 0x3f946a6a00000000, 0xa28e825b00000000,
+    0x1685f5fd00000000, 0x98bb523800000000, 0x2cb0259e00000000,
+    0xb1aacdaf00000000, 0x05a1ba0900000000, 0xecd1f2ff00000000,
+    0x58da855900000000, 0xc5c06d6800000000, 0x71cb1ace00000000,
+    0xfff5bd0b00000000, 0x4bfecaad00000000, 0xd6e4229c00000000,
+    0x62ef553a00000000, 0x4503c3ab00000000, 0xf108b40d00000000,
+    0x6c125c3c00000000, 0xd8192b9a00000000, 0x56278c5f00000000,
+    0xe22cfbf900000000, 0x7f3613c800000000, 0xcb3d646e00000000,
+    0x224d2c9800000000, 0x96465b3e00000000, 0x0b5cb30f00000000,
+    0xbf57c4a900000000, 0x3169636c00000000, 0x856214ca00000000,
+    0x1878fcfb00000000, 0xac738b5d00000000, 0x17a6a00300000000,
+    0xa3add7a500000000, 0x3eb73f9400000000, 0x8abc483200000000,
+    0x0482eff700000000, 0xb089985100000000, 0x2d93706000000000,
+    0x999807c600000000, 0x70e84f3000000000, 0xc4e3389600000000,
+    0x59f9d0a700000000, 0xedf2a70100000000, 0x63cc00c400000000,
+    0xd7c7776200000000, 0x4add9f5300000000, 0xfed6e8f500000000,
+    0xd93a7e6400000000, 0x6d3109c200000000, 0xf02be1f300000000,
+    0x4420965500000000, 0xca1e319000000000, 0x7e15463600000000,
+    0xe30fae0700000000, 0x5704d9a100000000, 0xbe74915700000000,
+    0x0a7fe6f100000000, 0x97650ec000000000, 0x236e796600000000,
+    0xad50dea300000000, 0x195ba90500000000, 0x8441413400000000,
+    0x304a369200000000},
+   {0x0000000000000000, 0x9e00aacc00000000, 0x7d07254200000000,
+    0xe3078f8e00000000, 0xfa0e4a8400000000, 0x640ee04800000000,
+    0x87096fc600000000, 0x1909c50a00000000, 0xb51be5d300000000,
+    0x2b1b4f1f00000000, 0xc81cc09100000000, 0x561c6a5d00000000,
+    0x4f15af5700000000, 0xd115059b00000000, 0x32128a1500000000,
+    0xac1220d900000000, 0x2b31bb7c00000000, 0xb53111b000000000,
+    0x56369e3e00000000, 0xc83634f200000000, 0xd13ff1f800000000,
+    0x4f3f5b3400000000, 0xac38d4ba00000000, 0x32387e7600000000,
+    0x9e2a5eaf00000000, 0x002af46300000000, 0xe32d7bed00000000,
+    0x7d2dd12100000000, 0x6424142b00000000, 0xfa24bee700000000,
+    0x1923316900000000, 0x87239ba500000000, 0x566276f900000000,
+    0xc862dc3500000000, 0x2b6553bb00000000, 0xb565f97700000000,
+    0xac6c3c7d00000000, 0x326c96b100000000, 0xd16b193f00000000,
+    0x4f6bb3f300000000, 0xe379932a00000000, 0x7d7939e600000000,
+    0x9e7eb66800000000, 0x007e1ca400000000, 0x1977d9ae00000000,
+    0x8777736200000000, 0x6470fcec00000000, 0xfa70562000000000,
+    0x7d53cd8500000000, 0xe353674900000000, 0x0054e8c700000000,
+    0x9e54420b00000000, 0x875d870100000000, 0x195d2dcd00000000,
+    0xfa5aa24300000000, 0x645a088f00000000, 0xc848285600000000,
+    0x5648829a00000000, 0xb54f0d1400000000, 0x2b4fa7d800000000,
+    0x324662d200000000, 0xac46c81e00000000, 0x4f41479000000000,
+    0xd141ed5c00000000, 0xedc29d2900000000, 0x73c237e500000000,
+    0x90c5b86b00000000, 0x0ec512a700000000, 0x17ccd7ad00000000,
+    0x89cc7d6100000000, 0x6acbf2ef00000000, 0xf4cb582300000000,
+    0x58d978fa00000000, 0xc6d9d23600000000, 0x25de5db800000000,
+    0xbbdef77400000000, 0xa2d7327e00000000, 0x3cd798b200000000,
+    0xdfd0173c00000000, 0x41d0bdf000000000, 0xc6f3265500000000,
+    0x58f38c9900000000, 0xbbf4031700000000, 0x25f4a9db00000000,
+    0x3cfd6cd100000000, 0xa2fdc61d00000000, 0x41fa499300000000,
+    0xdffae35f00000000, 0x73e8c38600000000, 0xede8694a00000000,
+    0x0eefe6c400000000, 0x90ef4c0800000000, 0x89e6890200000000,
+    0x17e623ce00000000, 0xf4e1ac4000000000, 0x6ae1068c00000000,
+    0xbba0ebd000000000, 0x25a0411c00000000, 0xc6a7ce9200000000,
+    0x58a7645e00000000, 0x41aea15400000000, 0xdfae0b9800000000,
+    0x3ca9841600000000, 0xa2a92eda00000000, 0x0ebb0e0300000000,
+    0x90bba4cf00000000, 0x73bc2b4100000000, 0xedbc818d00000000,
+    0xf4b5448700000000, 0x6ab5ee4b00000000, 0x89b261c500000000,
+    0x17b2cb0900000000, 0x909150ac00000000, 0x0e91fa6000000000,
+    0xed9675ee00000000, 0x7396df2200000000, 0x6a9f1a2800000000,
+    0xf49fb0e400000000, 0x17983f6a00000000, 0x899895a600000000,
+    0x258ab57f00000000, 0xbb8a1fb300000000, 0x588d903d00000000,
+    0xc68d3af100000000, 0xdf84fffb00000000, 0x4184553700000000,
+    0xa283dab900000000, 0x3c83707500000000, 0xda853b5300000000,
+    0x4485919f00000000, 0xa7821e1100000000, 0x3982b4dd00000000,
+    0x208b71d700000000, 0xbe8bdb1b00000000, 0x5d8c549500000000,
+    0xc38cfe5900000000, 0x6f9ede8000000000, 0xf19e744c00000000,
+    0x1299fbc200000000, 0x8c99510e00000000, 0x9590940400000000,
+    0x0b903ec800000000, 0xe897b14600000000, 0x76971b8a00000000,
+    0xf1b4802f00000000, 0x6fb42ae300000000, 0x8cb3a56d00000000,
+    0x12b30fa100000000, 0x0bbacaab00000000, 0x95ba606700000000,
+    0x76bdefe900000000, 0xe8bd452500000000, 0x44af65fc00000000,
+    0xdaafcf3000000000, 0x39a840be00000000, 0xa7a8ea7200000000,
+    0xbea12f7800000000, 0x20a185b400000000, 0xc3a60a3a00000000,
+    0x5da6a0f600000000, 0x8ce74daa00000000, 0x12e7e76600000000,
+    0xf1e068e800000000, 0x6fe0c22400000000, 0x76e9072e00000000,
+    0xe8e9ade200000000, 0x0bee226c00000000, 0x95ee88a000000000,
+    0x39fca87900000000, 0xa7fc02b500000000, 0x44fb8d3b00000000,
+    0xdafb27f700000000, 0xc3f2e2fd00000000, 0x5df2483100000000,
+    0xbef5c7bf00000000, 0x20f56d7300000000, 0xa7d6f6d600000000,
+    0x39d65c1a00000000, 0xdad1d39400000000, 0x44d1795800000000,
+    0x5dd8bc5200000000, 0xc3d8169e00000000, 0x20df991000000000,
+    0xbedf33dc00000000, 0x12cd130500000000, 0x8ccdb9c900000000,
+    0x6fca364700000000, 0xf1ca9c8b00000000, 0xe8c3598100000000,
+    0x76c3f34d00000000, 0x95c47cc300000000, 0x0bc4d60f00000000,
+    0x3747a67a00000000, 0xa9470cb600000000, 0x4a40833800000000,
+    0xd44029f400000000, 0xcd49ecfe00000000, 0x5349463200000000,
+    0xb04ec9bc00000000, 0x2e4e637000000000, 0x825c43a900000000,
+    0x1c5ce96500000000, 0xff5b66eb00000000, 0x615bcc2700000000,
+    0x7852092d00000000, 0xe652a3e100000000, 0x05552c6f00000000,
+    0x9b5586a300000000, 0x1c761d0600000000, 0x8276b7ca00000000,
+    0x6171384400000000, 0xff71928800000000, 0xe678578200000000,
+    0x7878fd4e00000000, 0x9b7f72c000000000, 0x057fd80c00000000,
+    0xa96df8d500000000, 0x376d521900000000, 0xd46add9700000000,
+    0x4a6a775b00000000, 0x5363b25100000000, 0xcd63189d00000000,
+    0x2e64971300000000, 0xb0643ddf00000000, 0x6125d08300000000,
+    0xff257a4f00000000, 0x1c22f5c100000000, 0x82225f0d00000000,
+    0x9b2b9a0700000000, 0x052b30cb00000000, 0xe62cbf4500000000,
+    0x782c158900000000, 0xd43e355000000000, 0x4a3e9f9c00000000,
+    0xa939101200000000, 0x3739bade00000000, 0x2e307fd400000000,
+    0xb030d51800000000, 0x53375a9600000000, 0xcd37f05a00000000,
+    0x4a146bff00000000, 0xd414c13300000000, 0x37134ebd00000000,
+    0xa913e47100000000, 0xb01a217b00000000, 0x2e1a8bb700000000,
+    0xcd1d043900000000, 0x531daef500000000, 0xff0f8e2c00000000,
+    0x610f24e000000000, 0x8208ab6e00000000, 0x1c0801a200000000,
+    0x0501c4a800000000, 0x9b016e6400000000, 0x7806e1ea00000000,
+    0xe6064b2600000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xb8bc6765, 0xaa09c88b, 0x12b5afee, 0x8f629757,
+    0x37def032, 0x256b5fdc, 0x9dd738b9, 0xc5b428ef, 0x7d084f8a,
+    0x6fbde064, 0xd7018701, 0x4ad6bfb8, 0xf26ad8dd, 0xe0df7733,
+    0x58631056, 0x5019579f, 0xe8a530fa, 0xfa109f14, 0x42acf871,
+    0xdf7bc0c8, 0x67c7a7ad, 0x75720843, 0xcdce6f26, 0x95ad7f70,
+    0x2d111815, 0x3fa4b7fb, 0x8718d09e, 0x1acfe827, 0xa2738f42,
+    0xb0c620ac, 0x087a47c9, 0xa032af3e, 0x188ec85b, 0x0a3b67b5,
+    0xb28700d0, 0x2f503869, 0x97ec5f0c, 0x8559f0e2, 0x3de59787,
+    0x658687d1, 0xdd3ae0b4, 0xcf8f4f5a, 0x7733283f, 0xeae41086,
+    0x525877e3, 0x40edd80d, 0xf851bf68, 0xf02bf8a1, 0x48979fc4,
+    0x5a22302a, 0xe29e574f, 0x7f496ff6, 0xc7f50893, 0xd540a77d,
+    0x6dfcc018, 0x359fd04e, 0x8d23b72b, 0x9f9618c5, 0x272a7fa0,
+    0xbafd4719, 0x0241207c, 0x10f48f92, 0xa848e8f7, 0x9b14583d,
+    0x23a83f58, 0x311d90b6, 0x89a1f7d3, 0x1476cf6a, 0xaccaa80f,
+    0xbe7f07e1, 0x06c36084, 0x5ea070d2, 0xe61c17b7, 0xf4a9b859,
+    0x4c15df3c, 0xd1c2e785, 0x697e80e0, 0x7bcb2f0e, 0xc377486b,
+    0xcb0d0fa2, 0x73b168c7, 0x6104c729, 0xd9b8a04c, 0x446f98f5,
+    0xfcd3ff90, 0xee66507e, 0x56da371b, 0x0eb9274d, 0xb6054028,
+    0xa4b0efc6, 0x1c0c88a3, 0x81dbb01a, 0x3967d77f, 0x2bd27891,
+    0x936e1ff4, 0x3b26f703, 0x839a9066, 0x912f3f88, 0x299358ed,
+    0xb4446054, 0x0cf80731, 0x1e4da8df, 0xa6f1cfba, 0xfe92dfec,
+    0x462eb889, 0x549b1767, 0xec277002, 0x71f048bb, 0xc94c2fde,
+    0xdbf98030, 0x6345e755, 0x6b3fa09c, 0xd383c7f9, 0xc1366817,
+    0x798a0f72, 0xe45d37cb, 0x5ce150ae, 0x4e54ff40, 0xf6e89825,
+    0xae8b8873, 0x1637ef16, 0x048240f8, 0xbc3e279d, 0x21e91f24,
+    0x99557841, 0x8be0d7af, 0x335cb0ca, 0xed59b63b, 0x55e5d15e,
+    0x47507eb0, 0xffec19d5, 0x623b216c, 0xda874609, 0xc832e9e7,
+    0x708e8e82, 0x28ed9ed4, 0x9051f9b1, 0x82e4565f, 0x3a58313a,
+    0xa78f0983, 0x1f336ee6, 0x0d86c108, 0xb53aa66d, 0xbd40e1a4,
+    0x05fc86c1, 0x1749292f, 0xaff54e4a, 0x322276f3, 0x8a9e1196,
+    0x982bbe78, 0x2097d91d, 0x78f4c94b, 0xc048ae2e, 0xd2fd01c0,
+    0x6a4166a5, 0xf7965e1c, 0x4f2a3979, 0x5d9f9697, 0xe523f1f2,
+    0x4d6b1905, 0xf5d77e60, 0xe762d18e, 0x5fdeb6eb, 0xc2098e52,
+    0x7ab5e937, 0x680046d9, 0xd0bc21bc, 0x88df31ea, 0x3063568f,
+    0x22d6f961, 0x9a6a9e04, 0x07bda6bd, 0xbf01c1d8, 0xadb46e36,
+    0x15080953, 0x1d724e9a, 0xa5ce29ff, 0xb77b8611, 0x0fc7e174,
+    0x9210d9cd, 0x2aacbea8, 0x38191146, 0x80a57623, 0xd8c66675,
+    0x607a0110, 0x72cfaefe, 0xca73c99b, 0x57a4f122, 0xef189647,
+    0xfdad39a9, 0x45115ecc, 0x764dee06, 0xcef18963, 0xdc44268d,
+    0x64f841e8, 0xf92f7951, 0x41931e34, 0x5326b1da, 0xeb9ad6bf,
+    0xb3f9c6e9, 0x0b45a18c, 0x19f00e62, 0xa14c6907, 0x3c9b51be,
+    0x842736db, 0x96929935, 0x2e2efe50, 0x2654b999, 0x9ee8defc,
+    0x8c5d7112, 0x34e11677, 0xa9362ece, 0x118a49ab, 0x033fe645,
+    0xbb838120, 0xe3e09176, 0x5b5cf613, 0x49e959fd, 0xf1553e98,
+    0x6c820621, 0xd43e6144, 0xc68bceaa, 0x7e37a9cf, 0xd67f4138,
+    0x6ec3265d, 0x7c7689b3, 0xc4caeed6, 0x591dd66f, 0xe1a1b10a,
+    0xf3141ee4, 0x4ba87981, 0x13cb69d7, 0xab770eb2, 0xb9c2a15c,
+    0x017ec639, 0x9ca9fe80, 0x241599e5, 0x36a0360b, 0x8e1c516e,
+    0x866616a7, 0x3eda71c2, 0x2c6fde2c, 0x94d3b949, 0x090481f0,
+    0xb1b8e695, 0xa30d497b, 0x1bb12e1e, 0x43d23e48, 0xfb6e592d,
+    0xe9dbf6c3, 0x516791a6, 0xccb0a91f, 0x740cce7a, 0x66b96194,
+    0xde0506f1},
+   {0x00000000, 0x01c26a37, 0x0384d46e, 0x0246be59, 0x0709a8dc,
+    0x06cbc2eb, 0x048d7cb2, 0x054f1685, 0x0e1351b8, 0x0fd13b8f,
+    0x0d9785d6, 0x0c55efe1, 0x091af964, 0x08d89353, 0x0a9e2d0a,
+    0x0b5c473d, 0x1c26a370, 0x1de4c947, 0x1fa2771e, 0x1e601d29,
+    0x1b2f0bac, 0x1aed619b, 0x18abdfc2, 0x1969b5f5, 0x1235f2c8,
+    0x13f798ff, 0x11b126a6, 0x10734c91, 0x153c5a14, 0x14fe3023,
+    0x16b88e7a, 0x177ae44d, 0x384d46e0, 0x398f2cd7, 0x3bc9928e,
+    0x3a0bf8b9, 0x3f44ee3c, 0x3e86840b, 0x3cc03a52, 0x3d025065,
+    0x365e1758, 0x379c7d6f, 0x35dac336, 0x3418a901, 0x3157bf84,
+    0x3095d5b3, 0x32d36bea, 0x331101dd, 0x246be590, 0x25a98fa7,
+    0x27ef31fe, 0x262d5bc9, 0x23624d4c, 0x22a0277b, 0x20e69922,
+    0x2124f315, 0x2a78b428, 0x2bbade1f, 0x29fc6046, 0x283e0a71,
+    0x2d711cf4, 0x2cb376c3, 0x2ef5c89a, 0x2f37a2ad, 0x709a8dc0,
+    0x7158e7f7, 0x731e59ae, 0x72dc3399, 0x7793251c, 0x76514f2b,
+    0x7417f172, 0x75d59b45, 0x7e89dc78, 0x7f4bb64f, 0x7d0d0816,
+    0x7ccf6221, 0x798074a4, 0x78421e93, 0x7a04a0ca, 0x7bc6cafd,
+    0x6cbc2eb0, 0x6d7e4487, 0x6f38fade, 0x6efa90e9, 0x6bb5866c,
+    0x6a77ec5b, 0x68315202, 0x69f33835, 0x62af7f08, 0x636d153f,
+    0x612bab66, 0x60e9c151, 0x65a6d7d4, 0x6464bde3, 0x662203ba,
+    0x67e0698d, 0x48d7cb20, 0x4915a117, 0x4b531f4e, 0x4a917579,
+    0x4fde63fc, 0x4e1c09cb, 0x4c5ab792, 0x4d98dda5, 0x46c49a98,
+    0x4706f0af, 0x45404ef6, 0x448224c1, 0x41cd3244, 0x400f5873,
+    0x4249e62a, 0x438b8c1d, 0x54f16850, 0x55330267, 0x5775bc3e,
+    0x56b7d609, 0x53f8c08c, 0x523aaabb, 0x507c14e2, 0x51be7ed5,
+    0x5ae239e8, 0x5b2053df, 0x5966ed86, 0x58a487b1, 0x5deb9134,
+    0x5c29fb03, 0x5e6f455a, 0x5fad2f6d, 0xe1351b80, 0xe0f771b7,
+    0xe2b1cfee, 0xe373a5d9, 0xe63cb35c, 0xe7fed96b, 0xe5b86732,
+    0xe47a0d05, 0xef264a38, 0xeee4200f, 0xeca29e56, 0xed60f461,
+    0xe82fe2e4, 0xe9ed88d3, 0xebab368a, 0xea695cbd, 0xfd13b8f0,
+    0xfcd1d2c7, 0xfe976c9e, 0xff5506a9, 0xfa1a102c, 0xfbd87a1b,
+    0xf99ec442, 0xf85cae75, 0xf300e948, 0xf2c2837f, 0xf0843d26,
+    0xf1465711, 0xf4094194, 0xf5cb2ba3, 0xf78d95fa, 0xf64fffcd,
+    0xd9785d60, 0xd8ba3757, 0xdafc890e, 0xdb3ee339, 0xde71f5bc,
+    0xdfb39f8b, 0xddf521d2, 0xdc374be5, 0xd76b0cd8, 0xd6a966ef,
+    0xd4efd8b6, 0xd52db281, 0xd062a404, 0xd1a0ce33, 0xd3e6706a,
+    0xd2241a5d, 0xc55efe10, 0xc49c9427, 0xc6da2a7e, 0xc7184049,
+    0xc25756cc, 0xc3953cfb, 0xc1d382a2, 0xc011e895, 0xcb4dafa8,
+    0xca8fc59f, 0xc8c97bc6, 0xc90b11f1, 0xcc440774, 0xcd866d43,
+    0xcfc0d31a, 0xce02b92d, 0x91af9640, 0x906dfc77, 0x922b422e,
+    0x93e92819, 0x96a63e9c, 0x976454ab, 0x9522eaf2, 0x94e080c5,
+    0x9fbcc7f8, 0x9e7eadcf, 0x9c381396, 0x9dfa79a1, 0x98b56f24,
+    0x99770513, 0x9b31bb4a, 0x9af3d17d, 0x8d893530, 0x8c4b5f07,
+    0x8e0de15e, 0x8fcf8b69, 0x8a809dec, 0x8b42f7db, 0x89044982,
+    0x88c623b5, 0x839a6488, 0x82580ebf, 0x801eb0e6, 0x81dcdad1,
+    0x8493cc54, 0x8551a663, 0x8717183a, 0x86d5720d, 0xa9e2d0a0,
+    0xa820ba97, 0xaa6604ce, 0xaba46ef9, 0xaeeb787c, 0xaf29124b,
+    0xad6fac12, 0xacadc625, 0xa7f18118, 0xa633eb2f, 0xa4755576,
+    0xa5b73f41, 0xa0f829c4, 0xa13a43f3, 0xa37cfdaa, 0xa2be979d,
+    0xb5c473d0, 0xb40619e7, 0xb640a7be, 0xb782cd89, 0xb2cddb0c,
+    0xb30fb13b, 0xb1490f62, 0xb08b6555, 0xbbd72268, 0xba15485f,
+    0xb853f606, 0xb9919c31, 0xbcde8ab4, 0xbd1ce083, 0xbf5a5eda,
+    0xbe9834ed},
+   {0x00000000, 0x191b3141, 0x32366282, 0x2b2d53c3, 0x646cc504,
+    0x7d77f445, 0x565aa786, 0x4f4196c7, 0xc8d98a08, 0xd1c2bb49,
+    0xfaefe88a, 0xe3f4d9cb, 0xacb54f0c, 0xb5ae7e4d, 0x9e832d8e,
+    0x87981ccf, 0x4ac21251, 0x53d92310, 0x78f470d3, 0x61ef4192,
+    0x2eaed755, 0x37b5e614, 0x1c98b5d7, 0x05838496, 0x821b9859,
+    0x9b00a918, 0xb02dfadb, 0xa936cb9a, 0xe6775d5d, 0xff6c6c1c,
+    0xd4413fdf, 0xcd5a0e9e, 0x958424a2, 0x8c9f15e3, 0xa7b24620,
+    0xbea97761, 0xf1e8e1a6, 0xe8f3d0e7, 0xc3de8324, 0xdac5b265,
+    0x5d5daeaa, 0x44469feb, 0x6f6bcc28, 0x7670fd69, 0x39316bae,
+    0x202a5aef, 0x0b07092c, 0x121c386d, 0xdf4636f3, 0xc65d07b2,
+    0xed705471, 0xf46b6530, 0xbb2af3f7, 0xa231c2b6, 0x891c9175,
+    0x9007a034, 0x179fbcfb, 0x0e848dba, 0x25a9de79, 0x3cb2ef38,
+    0x73f379ff, 0x6ae848be, 0x41c51b7d, 0x58de2a3c, 0xf0794f05,
+    0xe9627e44, 0xc24f2d87, 0xdb541cc6, 0x94158a01, 0x8d0ebb40,
+    0xa623e883, 0xbf38d9c2, 0x38a0c50d, 0x21bbf44c, 0x0a96a78f,
+    0x138d96ce, 0x5ccc0009, 0x45d73148, 0x6efa628b, 0x77e153ca,
+    0xbabb5d54, 0xa3a06c15, 0x888d3fd6, 0x91960e97, 0xded79850,
+    0xc7cca911, 0xece1fad2, 0xf5facb93, 0x7262d75c, 0x6b79e61d,
+    0x4054b5de, 0x594f849f, 0x160e1258, 0x0f152319, 0x243870da,
+    0x3d23419b, 0x65fd6ba7, 0x7ce65ae6, 0x57cb0925, 0x4ed03864,
+    0x0191aea3, 0x188a9fe2, 0x33a7cc21, 0x2abcfd60, 0xad24e1af,
+    0xb43fd0ee, 0x9f12832d, 0x8609b26c, 0xc94824ab, 0xd05315ea,
+    0xfb7e4629, 0xe2657768, 0x2f3f79f6, 0x362448b7, 0x1d091b74,
+    0x04122a35, 0x4b53bcf2, 0x52488db3, 0x7965de70, 0x607eef31,
+    0xe7e6f3fe, 0xfefdc2bf, 0xd5d0917c, 0xcccba03d, 0x838a36fa,
+    0x9a9107bb, 0xb1bc5478, 0xa8a76539, 0x3b83984b, 0x2298a90a,
+    0x09b5fac9, 0x10aecb88, 0x5fef5d4f, 0x46f46c0e, 0x6dd93fcd,
+    0x74c20e8c, 0xf35a1243, 0xea412302, 0xc16c70c1, 0xd8774180,
+    0x9736d747, 0x8e2de606, 0xa500b5c5, 0xbc1b8484, 0x71418a1a,
+    0x685abb5b, 0x4377e898, 0x5a6cd9d9, 0x152d4f1e, 0x0c367e5f,
+    0x271b2d9c, 0x3e001cdd, 0xb9980012, 0xa0833153, 0x8bae6290,
+    0x92b553d1, 0xddf4c516, 0xc4eff457, 0xefc2a794, 0xf6d996d5,
+    0xae07bce9, 0xb71c8da8, 0x9c31de6b, 0x852aef2a, 0xca6b79ed,
+    0xd37048ac, 0xf85d1b6f, 0xe1462a2e, 0x66de36e1, 0x7fc507a0,
+    0x54e85463, 0x4df36522, 0x02b2f3e5, 0x1ba9c2a4, 0x30849167,
+    0x299fa026, 0xe4c5aeb8, 0xfdde9ff9, 0xd6f3cc3a, 0xcfe8fd7b,
+    0x80a96bbc, 0x99b25afd, 0xb29f093e, 0xab84387f, 0x2c1c24b0,
+    0x350715f1, 0x1e2a4632, 0x07317773, 0x4870e1b4, 0x516bd0f5,
+    0x7a468336, 0x635db277, 0xcbfad74e, 0xd2e1e60f, 0xf9ccb5cc,
+    0xe0d7848d, 0xaf96124a, 0xb68d230b, 0x9da070c8, 0x84bb4189,
+    0x03235d46, 0x1a386c07, 0x31153fc4, 0x280e0e85, 0x674f9842,
+    0x7e54a903, 0x5579fac0, 0x4c62cb81, 0x8138c51f, 0x9823f45e,
+    0xb30ea79d, 0xaa1596dc, 0xe554001b, 0xfc4f315a, 0xd7626299,
+    0xce7953d8, 0x49e14f17, 0x50fa7e56, 0x7bd72d95, 0x62cc1cd4,
+    0x2d8d8a13, 0x3496bb52, 0x1fbbe891, 0x06a0d9d0, 0x5e7ef3ec,
+    0x4765c2ad, 0x6c48916e, 0x7553a02f, 0x3a1236e8, 0x230907a9,
+    0x0824546a, 0x113f652b, 0x96a779e4, 0x8fbc48a5, 0xa4911b66,
+    0xbd8a2a27, 0xf2cbbce0, 0xebd08da1, 0xc0fdde62, 0xd9e6ef23,
+    0x14bce1bd, 0x0da7d0fc, 0x268a833f, 0x3f91b27e, 0x70d024b9,
+    0x69cb15f8, 0x42e6463b, 0x5bfd777a, 0xdc656bb5, 0xc57e5af4,
+    0xee530937, 0xf7483876, 0xb809aeb1, 0xa1129ff0, 0x8a3fcc33,
+    0x9324fd72},
+   {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+    0x2d02ef8d}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x96300777, 0x2c610eee, 0xba510999, 0x19c46d07,
+    0x8ff46a70, 0x35a563e9, 0xa395649e, 0x3288db0e, 0xa4b8dc79,
+    0x1ee9d5e0, 0x88d9d297, 0x2b4cb609, 0xbd7cb17e, 0x072db8e7,
+    0x911dbf90, 0x6410b71d, 0xf220b06a, 0x4871b9f3, 0xde41be84,
+    0x7dd4da1a, 0xebe4dd6d, 0x51b5d4f4, 0xc785d383, 0x56986c13,
+    0xc0a86b64, 0x7af962fd, 0xecc9658a, 0x4f5c0114, 0xd96c0663,
+    0x633d0ffa, 0xf50d088d, 0xc8206e3b, 0x5e10694c, 0xe44160d5,
+    0x727167a2, 0xd1e4033c, 0x47d4044b, 0xfd850dd2, 0x6bb50aa5,
+    0xfaa8b535, 0x6c98b242, 0xd6c9bbdb, 0x40f9bcac, 0xe36cd832,
+    0x755cdf45, 0xcf0dd6dc, 0x593dd1ab, 0xac30d926, 0x3a00de51,
+    0x8051d7c8, 0x1661d0bf, 0xb5f4b421, 0x23c4b356, 0x9995bacf,
+    0x0fa5bdb8, 0x9eb80228, 0x0888055f, 0xb2d90cc6, 0x24e90bb1,
+    0x877c6f2f, 0x114c6858, 0xab1d61c1, 0x3d2d66b6, 0x9041dc76,
+    0x0671db01, 0xbc20d298, 0x2a10d5ef, 0x8985b171, 0x1fb5b606,
+    0xa5e4bf9f, 0x33d4b8e8, 0xa2c90778, 0x34f9000f, 0x8ea80996,
+    0x18980ee1, 0xbb0d6a7f, 0x2d3d6d08, 0x976c6491, 0x015c63e6,
+    0xf4516b6b, 0x62616c1c, 0xd8306585, 0x4e0062f2, 0xed95066c,
+    0x7ba5011b, 0xc1f40882, 0x57c40ff5, 0xc6d9b065, 0x50e9b712,
+    0xeab8be8b, 0x7c88b9fc, 0xdf1ddd62, 0x492dda15, 0xf37cd38c,
+    0x654cd4fb, 0x5861b24d, 0xce51b53a, 0x7400bca3, 0xe230bbd4,
+    0x41a5df4a, 0xd795d83d, 0x6dc4d1a4, 0xfbf4d6d3, 0x6ae96943,
+    0xfcd96e34, 0x468867ad, 0xd0b860da, 0x732d0444, 0xe51d0333,
+    0x5f4c0aaa, 0xc97c0ddd, 0x3c710550, 0xaa410227, 0x10100bbe,
+    0x86200cc9, 0x25b56857, 0xb3856f20, 0x09d466b9, 0x9fe461ce,
+    0x0ef9de5e, 0x98c9d929, 0x2298d0b0, 0xb4a8d7c7, 0x173db359,
+    0x810db42e, 0x3b5cbdb7, 0xad6cbac0, 0x2083b8ed, 0xb6b3bf9a,
+    0x0ce2b603, 0x9ad2b174, 0x3947d5ea, 0xaf77d29d, 0x1526db04,
+    0x8316dc73, 0x120b63e3, 0x843b6494, 0x3e6a6d0d, 0xa85a6a7a,
+    0x0bcf0ee4, 0x9dff0993, 0x27ae000a, 0xb19e077d, 0x44930ff0,
+    0xd2a30887, 0x68f2011e, 0xfec20669, 0x5d5762f7, 0xcb676580,
+    0x71366c19, 0xe7066b6e, 0x761bd4fe, 0xe02bd389, 0x5a7ada10,
+    0xcc4add67, 0x6fdfb9f9, 0xf9efbe8e, 0x43beb717, 0xd58eb060,
+    0xe8a3d6d6, 0x7e93d1a1, 0xc4c2d838, 0x52f2df4f, 0xf167bbd1,
+    0x6757bca6, 0xdd06b53f, 0x4b36b248, 0xda2b0dd8, 0x4c1b0aaf,
+    0xf64a0336, 0x607a0441, 0xc3ef60df, 0x55df67a8, 0xef8e6e31,
+    0x79be6946, 0x8cb361cb, 0x1a8366bc, 0xa0d26f25, 0x36e26852,
+    0x95770ccc, 0x03470bbb, 0xb9160222, 0x2f260555, 0xbe3bbac5,
+    0x280bbdb2, 0x925ab42b, 0x046ab35c, 0xa7ffd7c2, 0x31cfd0b5,
+    0x8b9ed92c, 0x1daede5b, 0xb0c2649b, 0x26f263ec, 0x9ca36a75,
+    0x0a936d02, 0xa906099c, 0x3f360eeb, 0x85670772, 0x13570005,
+    0x824abf95, 0x147ab8e2, 0xae2bb17b, 0x381bb60c, 0x9b8ed292,
+    0x0dbed5e5, 0xb7efdc7c, 0x21dfdb0b, 0xd4d2d386, 0x42e2d4f1,
+    0xf8b3dd68, 0x6e83da1f, 0xcd16be81, 0x5b26b9f6, 0xe177b06f,
+    0x7747b718, 0xe65a0888, 0x706a0fff, 0xca3b0666, 0x5c0b0111,
+    0xff9e658f, 0x69ae62f8, 0xd3ff6b61, 0x45cf6c16, 0x78e20aa0,
+    0xeed20dd7, 0x5483044e, 0xc2b30339, 0x612667a7, 0xf71660d0,
+    0x4d476949, 0xdb776e3e, 0x4a6ad1ae, 0xdc5ad6d9, 0x660bdf40,
+    0xf03bd837, 0x53aebca9, 0xc59ebbde, 0x7fcfb247, 0xe9ffb530,
+    0x1cf2bdbd, 0x8ac2baca, 0x3093b353, 0xa6a3b424, 0x0536d0ba,
+    0x9306d7cd, 0x2957de54, 0xbf67d923, 0x2e7a66b3, 0xb84a61c4,
+    0x021b685d, 0x942b6f2a, 0x37be0bb4, 0xa18e0cc3, 0x1bdf055a,
+    0x8def022d},
+   {0x00000000, 0x41311b19, 0x82623632, 0xc3532d2b, 0x04c56c64,
+    0x45f4777d, 0x86a75a56, 0xc796414f, 0x088ad9c8, 0x49bbc2d1,
+    0x8ae8effa, 0xcbd9f4e3, 0x0c4fb5ac, 0x4d7eaeb5, 0x8e2d839e,
+    0xcf1c9887, 0x5112c24a, 0x1023d953, 0xd370f478, 0x9241ef61,
+    0x55d7ae2e, 0x14e6b537, 0xd7b5981c, 0x96848305, 0x59981b82,
+    0x18a9009b, 0xdbfa2db0, 0x9acb36a9, 0x5d5d77e6, 0x1c6c6cff,
+    0xdf3f41d4, 0x9e0e5acd, 0xa2248495, 0xe3159f8c, 0x2046b2a7,
+    0x6177a9be, 0xa6e1e8f1, 0xe7d0f3e8, 0x2483dec3, 0x65b2c5da,
+    0xaaae5d5d, 0xeb9f4644, 0x28cc6b6f, 0x69fd7076, 0xae6b3139,
+    0xef5a2a20, 0x2c09070b, 0x6d381c12, 0xf33646df, 0xb2075dc6,
+    0x715470ed, 0x30656bf4, 0xf7f32abb, 0xb6c231a2, 0x75911c89,
+    0x34a00790, 0xfbbc9f17, 0xba8d840e, 0x79dea925, 0x38efb23c,
+    0xff79f373, 0xbe48e86a, 0x7d1bc541, 0x3c2ade58, 0x054f79f0,
+    0x447e62e9, 0x872d4fc2, 0xc61c54db, 0x018a1594, 0x40bb0e8d,
+    0x83e823a6, 0xc2d938bf, 0x0dc5a038, 0x4cf4bb21, 0x8fa7960a,
+    0xce968d13, 0x0900cc5c, 0x4831d745, 0x8b62fa6e, 0xca53e177,
+    0x545dbbba, 0x156ca0a3, 0xd63f8d88, 0x970e9691, 0x5098d7de,
+    0x11a9ccc7, 0xd2fae1ec, 0x93cbfaf5, 0x5cd76272, 0x1de6796b,
+    0xdeb55440, 0x9f844f59, 0x58120e16, 0x1923150f, 0xda703824,
+    0x9b41233d, 0xa76bfd65, 0xe65ae67c, 0x2509cb57, 0x6438d04e,
+    0xa3ae9101, 0xe29f8a18, 0x21cca733, 0x60fdbc2a, 0xafe124ad,
+    0xeed03fb4, 0x2d83129f, 0x6cb20986, 0xab2448c9, 0xea1553d0,
+    0x29467efb, 0x687765e2, 0xf6793f2f, 0xb7482436, 0x741b091d,
+    0x352a1204, 0xf2bc534b, 0xb38d4852, 0x70de6579, 0x31ef7e60,
+    0xfef3e6e7, 0xbfc2fdfe, 0x7c91d0d5, 0x3da0cbcc, 0xfa368a83,
+    0xbb07919a, 0x7854bcb1, 0x3965a7a8, 0x4b98833b, 0x0aa99822,
+    0xc9fab509, 0x88cbae10, 0x4f5def5f, 0x0e6cf446, 0xcd3fd96d,
+    0x8c0ec274, 0x43125af3, 0x022341ea, 0xc1706cc1, 0x804177d8,
+    0x47d73697, 0x06e62d8e, 0xc5b500a5, 0x84841bbc, 0x1a8a4171,
+    0x5bbb5a68, 0x98e87743, 0xd9d96c5a, 0x1e4f2d15, 0x5f7e360c,
+    0x9c2d1b27, 0xdd1c003e, 0x120098b9, 0x533183a0, 0x9062ae8b,
+    0xd153b592, 0x16c5f4dd, 0x57f4efc4, 0x94a7c2ef, 0xd596d9f6,
+    0xe9bc07ae, 0xa88d1cb7, 0x6bde319c, 0x2aef2a85, 0xed796bca,
+    0xac4870d3, 0x6f1b5df8, 0x2e2a46e1, 0xe136de66, 0xa007c57f,
+    0x6354e854, 0x2265f34d, 0xe5f3b202, 0xa4c2a91b, 0x67918430,
+    0x26a09f29, 0xb8aec5e4, 0xf99fdefd, 0x3accf3d6, 0x7bfde8cf,
+    0xbc6ba980, 0xfd5ab299, 0x3e099fb2, 0x7f3884ab, 0xb0241c2c,
+    0xf1150735, 0x32462a1e, 0x73773107, 0xb4e17048, 0xf5d06b51,
+    0x3683467a, 0x77b25d63, 0x4ed7facb, 0x0fe6e1d2, 0xccb5ccf9,
+    0x8d84d7e0, 0x4a1296af, 0x0b238db6, 0xc870a09d, 0x8941bb84,
+    0x465d2303, 0x076c381a, 0xc43f1531, 0x850e0e28, 0x42984f67,
+    0x03a9547e, 0xc0fa7955, 0x81cb624c, 0x1fc53881, 0x5ef42398,
+    0x9da70eb3, 0xdc9615aa, 0x1b0054e5, 0x5a314ffc, 0x996262d7,
+    0xd85379ce, 0x174fe149, 0x567efa50, 0x952dd77b, 0xd41ccc62,
+    0x138a8d2d, 0x52bb9634, 0x91e8bb1f, 0xd0d9a006, 0xecf37e5e,
+    0xadc26547, 0x6e91486c, 0x2fa05375, 0xe836123a, 0xa9070923,
+    0x6a542408, 0x2b653f11, 0xe479a796, 0xa548bc8f, 0x661b91a4,
+    0x272a8abd, 0xe0bccbf2, 0xa18dd0eb, 0x62defdc0, 0x23efe6d9,
+    0xbde1bc14, 0xfcd0a70d, 0x3f838a26, 0x7eb2913f, 0xb924d070,
+    0xf815cb69, 0x3b46e642, 0x7a77fd5b, 0xb56b65dc, 0xf45a7ec5,
+    0x370953ee, 0x763848f7, 0xb1ae09b8, 0xf09f12a1, 0x33cc3f8a,
+    0x72fd2493},
+   {0x00000000, 0x376ac201, 0x6ed48403, 0x59be4602, 0xdca80907,
+    0xebc2cb06, 0xb27c8d04, 0x85164f05, 0xb851130e, 0x8f3bd10f,
+    0xd685970d, 0xe1ef550c, 0x64f91a09, 0x5393d808, 0x0a2d9e0a,
+    0x3d475c0b, 0x70a3261c, 0x47c9e41d, 0x1e77a21f, 0x291d601e,
+    0xac0b2f1b, 0x9b61ed1a, 0xc2dfab18, 0xf5b56919, 0xc8f23512,
+    0xff98f713, 0xa626b111, 0x914c7310, 0x145a3c15, 0x2330fe14,
+    0x7a8eb816, 0x4de47a17, 0xe0464d38, 0xd72c8f39, 0x8e92c93b,
+    0xb9f80b3a, 0x3cee443f, 0x0b84863e, 0x523ac03c, 0x6550023d,
+    0x58175e36, 0x6f7d9c37, 0x36c3da35, 0x01a91834, 0x84bf5731,
+    0xb3d59530, 0xea6bd332, 0xdd011133, 0x90e56b24, 0xa78fa925,
+    0xfe31ef27, 0xc95b2d26, 0x4c4d6223, 0x7b27a022, 0x2299e620,
+    0x15f32421, 0x28b4782a, 0x1fdeba2b, 0x4660fc29, 0x710a3e28,
+    0xf41c712d, 0xc376b32c, 0x9ac8f52e, 0xada2372f, 0xc08d9a70,
+    0xf7e75871, 0xae591e73, 0x9933dc72, 0x1c259377, 0x2b4f5176,
+    0x72f11774, 0x459bd575, 0x78dc897e, 0x4fb64b7f, 0x16080d7d,
+    0x2162cf7c, 0xa4748079, 0x931e4278, 0xcaa0047a, 0xfdcac67b,
+    0xb02ebc6c, 0x87447e6d, 0xdefa386f, 0xe990fa6e, 0x6c86b56b,
+    0x5bec776a, 0x02523168, 0x3538f369, 0x087faf62, 0x3f156d63,
+    0x66ab2b61, 0x51c1e960, 0xd4d7a665, 0xe3bd6464, 0xba032266,
+    0x8d69e067, 0x20cbd748, 0x17a11549, 0x4e1f534b, 0x7975914a,
+    0xfc63de4f, 0xcb091c4e, 0x92b75a4c, 0xa5dd984d, 0x989ac446,
+    0xaff00647, 0xf64e4045, 0xc1248244, 0x4432cd41, 0x73580f40,
+    0x2ae64942, 0x1d8c8b43, 0x5068f154, 0x67023355, 0x3ebc7557,
+    0x09d6b756, 0x8cc0f853, 0xbbaa3a52, 0xe2147c50, 0xd57ebe51,
+    0xe839e25a, 0xdf53205b, 0x86ed6659, 0xb187a458, 0x3491eb5d,
+    0x03fb295c, 0x5a456f5e, 0x6d2fad5f, 0x801b35e1, 0xb771f7e0,
+    0xeecfb1e2, 0xd9a573e3, 0x5cb33ce6, 0x6bd9fee7, 0x3267b8e5,
+    0x050d7ae4, 0x384a26ef, 0x0f20e4ee, 0x569ea2ec, 0x61f460ed,
+    0xe4e22fe8, 0xd388ede9, 0x8a36abeb, 0xbd5c69ea, 0xf0b813fd,
+    0xc7d2d1fc, 0x9e6c97fe, 0xa90655ff, 0x2c101afa, 0x1b7ad8fb,
+    0x42c49ef9, 0x75ae5cf8, 0x48e900f3, 0x7f83c2f2, 0x263d84f0,
+    0x115746f1, 0x944109f4, 0xa32bcbf5, 0xfa958df7, 0xcdff4ff6,
+    0x605d78d9, 0x5737bad8, 0x0e89fcda, 0x39e33edb, 0xbcf571de,
+    0x8b9fb3df, 0xd221f5dd, 0xe54b37dc, 0xd80c6bd7, 0xef66a9d6,
+    0xb6d8efd4, 0x81b22dd5, 0x04a462d0, 0x33cea0d1, 0x6a70e6d3,
+    0x5d1a24d2, 0x10fe5ec5, 0x27949cc4, 0x7e2adac6, 0x494018c7,
+    0xcc5657c2, 0xfb3c95c3, 0xa282d3c1, 0x95e811c0, 0xa8af4dcb,
+    0x9fc58fca, 0xc67bc9c8, 0xf1110bc9, 0x740744cc, 0x436d86cd,
+    0x1ad3c0cf, 0x2db902ce, 0x4096af91, 0x77fc6d90, 0x2e422b92,
+    0x1928e993, 0x9c3ea696, 0xab546497, 0xf2ea2295, 0xc580e094,
+    0xf8c7bc9f, 0xcfad7e9e, 0x9613389c, 0xa179fa9d, 0x246fb598,
+    0x13057799, 0x4abb319b, 0x7dd1f39a, 0x3035898d, 0x075f4b8c,
+    0x5ee10d8e, 0x698bcf8f, 0xec9d808a, 0xdbf7428b, 0x82490489,
+    0xb523c688, 0x88649a83, 0xbf0e5882, 0xe6b01e80, 0xd1dadc81,
+    0x54cc9384, 0x63a65185, 0x3a181787, 0x0d72d586, 0xa0d0e2a9,
+    0x97ba20a8, 0xce0466aa, 0xf96ea4ab, 0x7c78ebae, 0x4b1229af,
+    0x12ac6fad, 0x25c6adac, 0x1881f1a7, 0x2feb33a6, 0x765575a4,
+    0x413fb7a5, 0xc429f8a0, 0xf3433aa1, 0xaafd7ca3, 0x9d97bea2,
+    0xd073c4b5, 0xe71906b4, 0xbea740b6, 0x89cd82b7, 0x0cdbcdb2,
+    0x3bb10fb3, 0x620f49b1, 0x55658bb0, 0x6822d7bb, 0x5f4815ba,
+    0x06f653b8, 0x319c91b9, 0xb48adebc, 0x83e01cbd, 0xda5e5abf,
+    0xed3498be},
+   {0x00000000, 0x6567bcb8, 0x8bc809aa, 0xeeafb512, 0x5797628f,
+    0x32f0de37, 0xdc5f6b25, 0xb938d79d, 0xef28b4c5, 0x8a4f087d,
+    0x64e0bd6f, 0x018701d7, 0xb8bfd64a, 0xddd86af2, 0x3377dfe0,
+    0x56106358, 0x9f571950, 0xfa30a5e8, 0x149f10fa, 0x71f8ac42,
+    0xc8c07bdf, 0xada7c767, 0x43087275, 0x266fcecd, 0x707fad95,
+    0x1518112d, 0xfbb7a43f, 0x9ed01887, 0x27e8cf1a, 0x428f73a2,
+    0xac20c6b0, 0xc9477a08, 0x3eaf32a0, 0x5bc88e18, 0xb5673b0a,
+    0xd00087b2, 0x6938502f, 0x0c5fec97, 0xe2f05985, 0x8797e53d,
+    0xd1878665, 0xb4e03add, 0x5a4f8fcf, 0x3f283377, 0x8610e4ea,
+    0xe3775852, 0x0dd8ed40, 0x68bf51f8, 0xa1f82bf0, 0xc49f9748,
+    0x2a30225a, 0x4f579ee2, 0xf66f497f, 0x9308f5c7, 0x7da740d5,
+    0x18c0fc6d, 0x4ed09f35, 0x2bb7238d, 0xc518969f, 0xa07f2a27,
+    0x1947fdba, 0x7c204102, 0x928ff410, 0xf7e848a8, 0x3d58149b,
+    0x583fa823, 0xb6901d31, 0xd3f7a189, 0x6acf7614, 0x0fa8caac,
+    0xe1077fbe, 0x8460c306, 0xd270a05e, 0xb7171ce6, 0x59b8a9f4,
+    0x3cdf154c, 0x85e7c2d1, 0xe0807e69, 0x0e2fcb7b, 0x6b4877c3,
+    0xa20f0dcb, 0xc768b173, 0x29c70461, 0x4ca0b8d9, 0xf5986f44,
+    0x90ffd3fc, 0x7e5066ee, 0x1b37da56, 0x4d27b90e, 0x284005b6,
+    0xc6efb0a4, 0xa3880c1c, 0x1ab0db81, 0x7fd76739, 0x9178d22b,
+    0xf41f6e93, 0x03f7263b, 0x66909a83, 0x883f2f91, 0xed589329,
+    0x546044b4, 0x3107f80c, 0xdfa84d1e, 0xbacff1a6, 0xecdf92fe,
+    0x89b82e46, 0x67179b54, 0x027027ec, 0xbb48f071, 0xde2f4cc9,
+    0x3080f9db, 0x55e74563, 0x9ca03f6b, 0xf9c783d3, 0x176836c1,
+    0x720f8a79, 0xcb375de4, 0xae50e15c, 0x40ff544e, 0x2598e8f6,
+    0x73888bae, 0x16ef3716, 0xf8408204, 0x9d273ebc, 0x241fe921,
+    0x41785599, 0xafd7e08b, 0xcab05c33, 0x3bb659ed, 0x5ed1e555,
+    0xb07e5047, 0xd519ecff, 0x6c213b62, 0x094687da, 0xe7e932c8,
+    0x828e8e70, 0xd49eed28, 0xb1f95190, 0x5f56e482, 0x3a31583a,
+    0x83098fa7, 0xe66e331f, 0x08c1860d, 0x6da63ab5, 0xa4e140bd,
+    0xc186fc05, 0x2f294917, 0x4a4ef5af, 0xf3762232, 0x96119e8a,
+    0x78be2b98, 0x1dd99720, 0x4bc9f478, 0x2eae48c0, 0xc001fdd2,
+    0xa566416a, 0x1c5e96f7, 0x79392a4f, 0x97969f5d, 0xf2f123e5,
+    0x05196b4d, 0x607ed7f5, 0x8ed162e7, 0xebb6de5f, 0x528e09c2,
+    0x37e9b57a, 0xd9460068, 0xbc21bcd0, 0xea31df88, 0x8f566330,
+    0x61f9d622, 0x049e6a9a, 0xbda6bd07, 0xd8c101bf, 0x366eb4ad,
+    0x53090815, 0x9a4e721d, 0xff29cea5, 0x11867bb7, 0x74e1c70f,
+    0xcdd91092, 0xa8beac2a, 0x46111938, 0x2376a580, 0x7566c6d8,
+    0x10017a60, 0xfeaecf72, 0x9bc973ca, 0x22f1a457, 0x479618ef,
+    0xa939adfd, 0xcc5e1145, 0x06ee4d76, 0x6389f1ce, 0x8d2644dc,
+    0xe841f864, 0x51792ff9, 0x341e9341, 0xdab12653, 0xbfd69aeb,
+    0xe9c6f9b3, 0x8ca1450b, 0x620ef019, 0x07694ca1, 0xbe519b3c,
+    0xdb362784, 0x35999296, 0x50fe2e2e, 0x99b95426, 0xfcdee89e,
+    0x12715d8c, 0x7716e134, 0xce2e36a9, 0xab498a11, 0x45e63f03,
+    0x208183bb, 0x7691e0e3, 0x13f65c5b, 0xfd59e949, 0x983e55f1,
+    0x2106826c, 0x44613ed4, 0xaace8bc6, 0xcfa9377e, 0x38417fd6,
+    0x5d26c36e, 0xb389767c, 0xd6eecac4, 0x6fd61d59, 0x0ab1a1e1,
+    0xe41e14f3, 0x8179a84b, 0xd769cb13, 0xb20e77ab, 0x5ca1c2b9,
+    0x39c67e01, 0x80fea99c, 0xe5991524, 0x0b36a036, 0x6e511c8e,
+    0xa7166686, 0xc271da3e, 0x2cde6f2c, 0x49b9d394, 0xf0810409,
+    0x95e6b8b1, 0x7b490da3, 0x1e2eb11b, 0x483ed243, 0x2d596efb,
+    0xc3f6dbe9, 0xa6916751, 0x1fa9b0cc, 0x7ace0c74, 0x9461b966,
+    0xf10605de}};
+
+#endif
+
+#endif
+
+#if N == 2
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xae689191, 0x87a02563, 0x29c8b4f2, 0xd4314c87,
+    0x7a59dd16, 0x539169e4, 0xfdf9f875, 0x73139f4f, 0xdd7b0ede,
+    0xf4b3ba2c, 0x5adb2bbd, 0xa722d3c8, 0x094a4259, 0x2082f6ab,
+    0x8eea673a, 0xe6273e9e, 0x484faf0f, 0x61871bfd, 0xcfef8a6c,
+    0x32167219, 0x9c7ee388, 0xb5b6577a, 0x1bdec6eb, 0x9534a1d1,
+    0x3b5c3040, 0x129484b2, 0xbcfc1523, 0x4105ed56, 0xef6d7cc7,
+    0xc6a5c835, 0x68cd59a4, 0x173f7b7d, 0xb957eaec, 0x909f5e1e,
+    0x3ef7cf8f, 0xc30e37fa, 0x6d66a66b, 0x44ae1299, 0xeac68308,
+    0x642ce432, 0xca4475a3, 0xe38cc151, 0x4de450c0, 0xb01da8b5,
+    0x1e753924, 0x37bd8dd6, 0x99d51c47, 0xf11845e3, 0x5f70d472,
+    0x76b86080, 0xd8d0f111, 0x25290964, 0x8b4198f5, 0xa2892c07,
+    0x0ce1bd96, 0x820bdaac, 0x2c634b3d, 0x05abffcf, 0xabc36e5e,
+    0x563a962b, 0xf85207ba, 0xd19ab348, 0x7ff222d9, 0x2e7ef6fa,
+    0x8016676b, 0xa9ded399, 0x07b64208, 0xfa4fba7d, 0x54272bec,
+    0x7def9f1e, 0xd3870e8f, 0x5d6d69b5, 0xf305f824, 0xdacd4cd6,
+    0x74a5dd47, 0x895c2532, 0x2734b4a3, 0x0efc0051, 0xa09491c0,
+    0xc859c864, 0x663159f5, 0x4ff9ed07, 0xe1917c96, 0x1c6884e3,
+    0xb2001572, 0x9bc8a180, 0x35a03011, 0xbb4a572b, 0x1522c6ba,
+    0x3cea7248, 0x9282e3d9, 0x6f7b1bac, 0xc1138a3d, 0xe8db3ecf,
+    0x46b3af5e, 0x39418d87, 0x97291c16, 0xbee1a8e4, 0x10893975,
+    0xed70c100, 0x43185091, 0x6ad0e463, 0xc4b875f2, 0x4a5212c8,
+    0xe43a8359, 0xcdf237ab, 0x639aa63a, 0x9e635e4f, 0x300bcfde,
+    0x19c37b2c, 0xb7abeabd, 0xdf66b319, 0x710e2288, 0x58c6967a,
+    0xf6ae07eb, 0x0b57ff9e, 0xa53f6e0f, 0x8cf7dafd, 0x229f4b6c,
+    0xac752c56, 0x021dbdc7, 0x2bd50935, 0x85bd98a4, 0x784460d1,
+    0xd62cf140, 0xffe445b2, 0x518cd423, 0x5cfdedf4, 0xf2957c65,
+    0xdb5dc897, 0x75355906, 0x88cca173, 0x26a430e2, 0x0f6c8410,
+    0xa1041581, 0x2fee72bb, 0x8186e32a, 0xa84e57d8, 0x0626c649,
+    0xfbdf3e3c, 0x55b7afad, 0x7c7f1b5f, 0xd2178ace, 0xbadad36a,
+    0x14b242fb, 0x3d7af609, 0x93126798, 0x6eeb9fed, 0xc0830e7c,
+    0xe94bba8e, 0x47232b1f, 0xc9c94c25, 0x67a1ddb4, 0x4e696946,
+    0xe001f8d7, 0x1df800a2, 0xb3909133, 0x9a5825c1, 0x3430b450,
+    0x4bc29689, 0xe5aa0718, 0xcc62b3ea, 0x620a227b, 0x9ff3da0e,
+    0x319b4b9f, 0x1853ff6d, 0xb63b6efc, 0x38d109c6, 0x96b99857,
+    0xbf712ca5, 0x1119bd34, 0xece04541, 0x4288d4d0, 0x6b406022,
+    0xc528f1b3, 0xade5a817, 0x038d3986, 0x2a458d74, 0x842d1ce5,
+    0x79d4e490, 0xd7bc7501, 0xfe74c1f3, 0x501c5062, 0xdef63758,
+    0x709ea6c9, 0x5956123b, 0xf73e83aa, 0x0ac77bdf, 0xa4afea4e,
+    0x8d675ebc, 0x230fcf2d, 0x72831b0e, 0xdceb8a9f, 0xf5233e6d,
+    0x5b4baffc, 0xa6b25789, 0x08dac618, 0x211272ea, 0x8f7ae37b,
+    0x01908441, 0xaff815d0, 0x8630a122, 0x285830b3, 0xd5a1c8c6,
+    0x7bc95957, 0x5201eda5, 0xfc697c34, 0x94a42590, 0x3accb401,
+    0x130400f3, 0xbd6c9162, 0x40956917, 0xeefdf886, 0xc7354c74,
+    0x695ddde5, 0xe7b7badf, 0x49df2b4e, 0x60179fbc, 0xce7f0e2d,
+    0x3386f658, 0x9dee67c9, 0xb426d33b, 0x1a4e42aa, 0x65bc6073,
+    0xcbd4f1e2, 0xe21c4510, 0x4c74d481, 0xb18d2cf4, 0x1fe5bd65,
+    0x362d0997, 0x98459806, 0x16afff3c, 0xb8c76ead, 0x910fda5f,
+    0x3f674bce, 0xc29eb3bb, 0x6cf6222a, 0x453e96d8, 0xeb560749,
+    0x839b5eed, 0x2df3cf7c, 0x043b7b8e, 0xaa53ea1f, 0x57aa126a,
+    0xf9c283fb, 0xd00a3709, 0x7e62a698, 0xf088c1a2, 0x5ee05033,
+    0x7728e4c1, 0xd9407550, 0x24b98d25, 0x8ad11cb4, 0xa319a846,
+    0x0d7139d7},
+   {0x00000000, 0xb9fbdbe8, 0xa886b191, 0x117d6a79, 0x8a7c6563,
+    0x3387be8b, 0x22fad4f2, 0x9b010f1a, 0xcf89cc87, 0x7672176f,
+    0x670f7d16, 0xdef4a6fe, 0x45f5a9e4, 0xfc0e720c, 0xed731875,
+    0x5488c39d, 0x44629f4f, 0xfd9944a7, 0xece42ede, 0x551ff536,
+    0xce1efa2c, 0x77e521c4, 0x66984bbd, 0xdf639055, 0x8beb53c8,
+    0x32108820, 0x236de259, 0x9a9639b1, 0x019736ab, 0xb86ced43,
+    0xa911873a, 0x10ea5cd2, 0x88c53e9e, 0x313ee576, 0x20438f0f,
+    0x99b854e7, 0x02b95bfd, 0xbb428015, 0xaa3fea6c, 0x13c43184,
+    0x474cf219, 0xfeb729f1, 0xefca4388, 0x56319860, 0xcd30977a,
+    0x74cb4c92, 0x65b626eb, 0xdc4dfd03, 0xcca7a1d1, 0x755c7a39,
+    0x64211040, 0xdddacba8, 0x46dbc4b2, 0xff201f5a, 0xee5d7523,
+    0x57a6aecb, 0x032e6d56, 0xbad5b6be, 0xaba8dcc7, 0x1253072f,
+    0x89520835, 0x30a9d3dd, 0x21d4b9a4, 0x982f624c, 0xcafb7b7d,
+    0x7300a095, 0x627dcaec, 0xdb861104, 0x40871e1e, 0xf97cc5f6,
+    0xe801af8f, 0x51fa7467, 0x0572b7fa, 0xbc896c12, 0xadf4066b,
+    0x140fdd83, 0x8f0ed299, 0x36f50971, 0x27886308, 0x9e73b8e0,
+    0x8e99e432, 0x37623fda, 0x261f55a3, 0x9fe48e4b, 0x04e58151,
+    0xbd1e5ab9, 0xac6330c0, 0x1598eb28, 0x411028b5, 0xf8ebf35d,
+    0xe9969924, 0x506d42cc, 0xcb6c4dd6, 0x7297963e, 0x63eafc47,
+    0xda1127af, 0x423e45e3, 0xfbc59e0b, 0xeab8f472, 0x53432f9a,
+    0xc8422080, 0x71b9fb68, 0x60c49111, 0xd93f4af9, 0x8db78964,
+    0x344c528c, 0x253138f5, 0x9ccae31d, 0x07cbec07, 0xbe3037ef,
+    0xaf4d5d96, 0x16b6867e, 0x065cdaac, 0xbfa70144, 0xaeda6b3d,
+    0x1721b0d5, 0x8c20bfcf, 0x35db6427, 0x24a60e5e, 0x9d5dd5b6,
+    0xc9d5162b, 0x702ecdc3, 0x6153a7ba, 0xd8a87c52, 0x43a97348,
+    0xfa52a8a0, 0xeb2fc2d9, 0x52d41931, 0x4e87f0bb, 0xf77c2b53,
+    0xe601412a, 0x5ffa9ac2, 0xc4fb95d8, 0x7d004e30, 0x6c7d2449,
+    0xd586ffa1, 0x810e3c3c, 0x38f5e7d4, 0x29888dad, 0x90735645,
+    0x0b72595f, 0xb28982b7, 0xa3f4e8ce, 0x1a0f3326, 0x0ae56ff4,
+    0xb31eb41c, 0xa263de65, 0x1b98058d, 0x80990a97, 0x3962d17f,
+    0x281fbb06, 0x91e460ee, 0xc56ca373, 0x7c97789b, 0x6dea12e2,
+    0xd411c90a, 0x4f10c610, 0xf6eb1df8, 0xe7967781, 0x5e6dac69,
+    0xc642ce25, 0x7fb915cd, 0x6ec47fb4, 0xd73fa45c, 0x4c3eab46,
+    0xf5c570ae, 0xe4b81ad7, 0x5d43c13f, 0x09cb02a2, 0xb030d94a,
+    0xa14db333, 0x18b668db, 0x83b767c1, 0x3a4cbc29, 0x2b31d650,
+    0x92ca0db8, 0x8220516a, 0x3bdb8a82, 0x2aa6e0fb, 0x935d3b13,
+    0x085c3409, 0xb1a7efe1, 0xa0da8598, 0x19215e70, 0x4da99ded,
+    0xf4524605, 0xe52f2c7c, 0x5cd4f794, 0xc7d5f88e, 0x7e2e2366,
+    0x6f53491f, 0xd6a892f7, 0x847c8bc6, 0x3d87502e, 0x2cfa3a57,
+    0x9501e1bf, 0x0e00eea5, 0xb7fb354d, 0xa6865f34, 0x1f7d84dc,
+    0x4bf54741, 0xf20e9ca9, 0xe373f6d0, 0x5a882d38, 0xc1892222,
+    0x7872f9ca, 0x690f93b3, 0xd0f4485b, 0xc01e1489, 0x79e5cf61,
+    0x6898a518, 0xd1637ef0, 0x4a6271ea, 0xf399aa02, 0xe2e4c07b,
+    0x5b1f1b93, 0x0f97d80e, 0xb66c03e6, 0xa711699f, 0x1eeab277,
+    0x85ebbd6d, 0x3c106685, 0x2d6d0cfc, 0x9496d714, 0x0cb9b558,
+    0xb5426eb0, 0xa43f04c9, 0x1dc4df21, 0x86c5d03b, 0x3f3e0bd3,
+    0x2e4361aa, 0x97b8ba42, 0xc33079df, 0x7acba237, 0x6bb6c84e,
+    0xd24d13a6, 0x494c1cbc, 0xf0b7c754, 0xe1caad2d, 0x583176c5,
+    0x48db2a17, 0xf120f1ff, 0xe05d9b86, 0x59a6406e, 0xc2a74f74,
+    0x7b5c949c, 0x6a21fee5, 0xd3da250d, 0x8752e690, 0x3ea93d78,
+    0x2fd45701, 0x962f8ce9, 0x0d2e83f3, 0xb4d5581b, 0xa5a83262,
+    0x1c53e98a},
+   {0x00000000, 0x9d0fe176, 0xe16ec4ad, 0x7c6125db, 0x19ac8f1b,
+    0x84a36e6d, 0xf8c24bb6, 0x65cdaac0, 0x33591e36, 0xae56ff40,
+    0xd237da9b, 0x4f383bed, 0x2af5912d, 0xb7fa705b, 0xcb9b5580,
+    0x5694b4f6, 0x66b23c6c, 0xfbbddd1a, 0x87dcf8c1, 0x1ad319b7,
+    0x7f1eb377, 0xe2115201, 0x9e7077da, 0x037f96ac, 0x55eb225a,
+    0xc8e4c32c, 0xb485e6f7, 0x298a0781, 0x4c47ad41, 0xd1484c37,
+    0xad2969ec, 0x3026889a, 0xcd6478d8, 0x506b99ae, 0x2c0abc75,
+    0xb1055d03, 0xd4c8f7c3, 0x49c716b5, 0x35a6336e, 0xa8a9d218,
+    0xfe3d66ee, 0x63328798, 0x1f53a243, 0x825c4335, 0xe791e9f5,
+    0x7a9e0883, 0x06ff2d58, 0x9bf0cc2e, 0xabd644b4, 0x36d9a5c2,
+    0x4ab88019, 0xd7b7616f, 0xb27acbaf, 0x2f752ad9, 0x53140f02,
+    0xce1bee74, 0x988f5a82, 0x0580bbf4, 0x79e19e2f, 0xe4ee7f59,
+    0x8123d599, 0x1c2c34ef, 0x604d1134, 0xfd42f042, 0x41b9f7f1,
+    0xdcb61687, 0xa0d7335c, 0x3dd8d22a, 0x581578ea, 0xc51a999c,
+    0xb97bbc47, 0x24745d31, 0x72e0e9c7, 0xefef08b1, 0x938e2d6a,
+    0x0e81cc1c, 0x6b4c66dc, 0xf64387aa, 0x8a22a271, 0x172d4307,
+    0x270bcb9d, 0xba042aeb, 0xc6650f30, 0x5b6aee46, 0x3ea74486,
+    0xa3a8a5f0, 0xdfc9802b, 0x42c6615d, 0x1452d5ab, 0x895d34dd,
+    0xf53c1106, 0x6833f070, 0x0dfe5ab0, 0x90f1bbc6, 0xec909e1d,
+    0x719f7f6b, 0x8cdd8f29, 0x11d26e5f, 0x6db34b84, 0xf0bcaaf2,
+    0x95710032, 0x087ee144, 0x741fc49f, 0xe91025e9, 0xbf84911f,
+    0x228b7069, 0x5eea55b2, 0xc3e5b4c4, 0xa6281e04, 0x3b27ff72,
+    0x4746daa9, 0xda493bdf, 0xea6fb345, 0x77605233, 0x0b0177e8,
+    0x960e969e, 0xf3c33c5e, 0x6eccdd28, 0x12adf8f3, 0x8fa21985,
+    0xd936ad73, 0x44394c05, 0x385869de, 0xa55788a8, 0xc09a2268,
+    0x5d95c31e, 0x21f4e6c5, 0xbcfb07b3, 0x8373efe2, 0x1e7c0e94,
+    0x621d2b4f, 0xff12ca39, 0x9adf60f9, 0x07d0818f, 0x7bb1a454,
+    0xe6be4522, 0xb02af1d4, 0x2d2510a2, 0x51443579, 0xcc4bd40f,
+    0xa9867ecf, 0x34899fb9, 0x48e8ba62, 0xd5e75b14, 0xe5c1d38e,
+    0x78ce32f8, 0x04af1723, 0x99a0f655, 0xfc6d5c95, 0x6162bde3,
+    0x1d039838, 0x800c794e, 0xd698cdb8, 0x4b972cce, 0x37f60915,
+    0xaaf9e863, 0xcf3442a3, 0x523ba3d5, 0x2e5a860e, 0xb3556778,
+    0x4e17973a, 0xd318764c, 0xaf795397, 0x3276b2e1, 0x57bb1821,
+    0xcab4f957, 0xb6d5dc8c, 0x2bda3dfa, 0x7d4e890c, 0xe041687a,
+    0x9c204da1, 0x012facd7, 0x64e20617, 0xf9ede761, 0x858cc2ba,
+    0x188323cc, 0x28a5ab56, 0xb5aa4a20, 0xc9cb6ffb, 0x54c48e8d,
+    0x3109244d, 0xac06c53b, 0xd067e0e0, 0x4d680196, 0x1bfcb560,
+    0x86f35416, 0xfa9271cd, 0x679d90bb, 0x02503a7b, 0x9f5fdb0d,
+    0xe33efed6, 0x7e311fa0, 0xc2ca1813, 0x5fc5f965, 0x23a4dcbe,
+    0xbeab3dc8, 0xdb669708, 0x4669767e, 0x3a0853a5, 0xa707b2d3,
+    0xf1930625, 0x6c9ce753, 0x10fdc288, 0x8df223fe, 0xe83f893e,
+    0x75306848, 0x09514d93, 0x945eace5, 0xa478247f, 0x3977c509,
+    0x4516e0d2, 0xd81901a4, 0xbdd4ab64, 0x20db4a12, 0x5cba6fc9,
+    0xc1b58ebf, 0x97213a49, 0x0a2edb3f, 0x764ffee4, 0xeb401f92,
+    0x8e8db552, 0x13825424, 0x6fe371ff, 0xf2ec9089, 0x0fae60cb,
+    0x92a181bd, 0xeec0a466, 0x73cf4510, 0x1602efd0, 0x8b0d0ea6,
+    0xf76c2b7d, 0x6a63ca0b, 0x3cf77efd, 0xa1f89f8b, 0xdd99ba50,
+    0x40965b26, 0x255bf1e6, 0xb8541090, 0xc435354b, 0x593ad43d,
+    0x691c5ca7, 0xf413bdd1, 0x8872980a, 0x157d797c, 0x70b0d3bc,
+    0xedbf32ca, 0x91de1711, 0x0cd1f667, 0x5a454291, 0xc74aa3e7,
+    0xbb2b863c, 0x2624674a, 0x43e9cd8a, 0xdee62cfc, 0xa2870927,
+    0x3f88e851},
+   {0x00000000, 0xdd96d985, 0x605cb54b, 0xbdca6cce, 0xc0b96a96,
+    0x1d2fb313, 0xa0e5dfdd, 0x7d730658, 0x5a03d36d, 0x87950ae8,
+    0x3a5f6626, 0xe7c9bfa3, 0x9abab9fb, 0x472c607e, 0xfae60cb0,
+    0x2770d535, 0xb407a6da, 0x69917f5f, 0xd45b1391, 0x09cdca14,
+    0x74becc4c, 0xa92815c9, 0x14e27907, 0xc974a082, 0xee0475b7,
+    0x3392ac32, 0x8e58c0fc, 0x53ce1979, 0x2ebd1f21, 0xf32bc6a4,
+    0x4ee1aa6a, 0x937773ef, 0xb37e4bf5, 0x6ee89270, 0xd322febe,
+    0x0eb4273b, 0x73c72163, 0xae51f8e6, 0x139b9428, 0xce0d4dad,
+    0xe97d9898, 0x34eb411d, 0x89212dd3, 0x54b7f456, 0x29c4f20e,
+    0xf4522b8b, 0x49984745, 0x940e9ec0, 0x0779ed2f, 0xdaef34aa,
+    0x67255864, 0xbab381e1, 0xc7c087b9, 0x1a565e3c, 0xa79c32f2,
+    0x7a0aeb77, 0x5d7a3e42, 0x80ece7c7, 0x3d268b09, 0xe0b0528c,
+    0x9dc354d4, 0x40558d51, 0xfd9fe19f, 0x2009381a, 0xbd8d91ab,
+    0x601b482e, 0xddd124e0, 0x0047fd65, 0x7d34fb3d, 0xa0a222b8,
+    0x1d684e76, 0xc0fe97f3, 0xe78e42c6, 0x3a189b43, 0x87d2f78d,
+    0x5a442e08, 0x27372850, 0xfaa1f1d5, 0x476b9d1b, 0x9afd449e,
+    0x098a3771, 0xd41ceef4, 0x69d6823a, 0xb4405bbf, 0xc9335de7,
+    0x14a58462, 0xa96fe8ac, 0x74f93129, 0x5389e41c, 0x8e1f3d99,
+    0x33d55157, 0xee4388d2, 0x93308e8a, 0x4ea6570f, 0xf36c3bc1,
+    0x2efae244, 0x0ef3da5e, 0xd36503db, 0x6eaf6f15, 0xb339b690,
+    0xce4ab0c8, 0x13dc694d, 0xae160583, 0x7380dc06, 0x54f00933,
+    0x8966d0b6, 0x34acbc78, 0xe93a65fd, 0x944963a5, 0x49dfba20,
+    0xf415d6ee, 0x29830f6b, 0xbaf47c84, 0x6762a501, 0xdaa8c9cf,
+    0x073e104a, 0x7a4d1612, 0xa7dbcf97, 0x1a11a359, 0xc7877adc,
+    0xe0f7afe9, 0x3d61766c, 0x80ab1aa2, 0x5d3dc327, 0x204ec57f,
+    0xfdd81cfa, 0x40127034, 0x9d84a9b1, 0xa06a2517, 0x7dfcfc92,
+    0xc036905c, 0x1da049d9, 0x60d34f81, 0xbd459604, 0x008ffaca,
+    0xdd19234f, 0xfa69f67a, 0x27ff2fff, 0x9a354331, 0x47a39ab4,
+    0x3ad09cec, 0xe7464569, 0x5a8c29a7, 0x871af022, 0x146d83cd,
+    0xc9fb5a48, 0x74313686, 0xa9a7ef03, 0xd4d4e95b, 0x094230de,
+    0xb4885c10, 0x691e8595, 0x4e6e50a0, 0x93f88925, 0x2e32e5eb,
+    0xf3a43c6e, 0x8ed73a36, 0x5341e3b3, 0xee8b8f7d, 0x331d56f8,
+    0x13146ee2, 0xce82b767, 0x7348dba9, 0xaede022c, 0xd3ad0474,
+    0x0e3bddf1, 0xb3f1b13f, 0x6e6768ba, 0x4917bd8f, 0x9481640a,
+    0x294b08c4, 0xf4ddd141, 0x89aed719, 0x54380e9c, 0xe9f26252,
+    0x3464bbd7, 0xa713c838, 0x7a8511bd, 0xc74f7d73, 0x1ad9a4f6,
+    0x67aaa2ae, 0xba3c7b2b, 0x07f617e5, 0xda60ce60, 0xfd101b55,
+    0x2086c2d0, 0x9d4cae1e, 0x40da779b, 0x3da971c3, 0xe03fa846,
+    0x5df5c488, 0x80631d0d, 0x1de7b4bc, 0xc0716d39, 0x7dbb01f7,
+    0xa02dd872, 0xdd5ede2a, 0x00c807af, 0xbd026b61, 0x6094b2e4,
+    0x47e467d1, 0x9a72be54, 0x27b8d29a, 0xfa2e0b1f, 0x875d0d47,
+    0x5acbd4c2, 0xe701b80c, 0x3a976189, 0xa9e01266, 0x7476cbe3,
+    0xc9bca72d, 0x142a7ea8, 0x695978f0, 0xb4cfa175, 0x0905cdbb,
+    0xd493143e, 0xf3e3c10b, 0x2e75188e, 0x93bf7440, 0x4e29adc5,
+    0x335aab9d, 0xeecc7218, 0x53061ed6, 0x8e90c753, 0xae99ff49,
+    0x730f26cc, 0xcec54a02, 0x13539387, 0x6e2095df, 0xb3b64c5a,
+    0x0e7c2094, 0xd3eaf911, 0xf49a2c24, 0x290cf5a1, 0x94c6996f,
+    0x495040ea, 0x342346b2, 0xe9b59f37, 0x547ff3f9, 0x89e92a7c,
+    0x1a9e5993, 0xc7088016, 0x7ac2ecd8, 0xa754355d, 0xda273305,
+    0x07b1ea80, 0xba7b864e, 0x67ed5fcb, 0x409d8afe, 0x9d0b537b,
+    0x20c13fb5, 0xfd57e630, 0x8024e068, 0x5db239ed, 0xe0785523,
+    0x3dee8ca6},
+   {0x00000000, 0x9ba54c6f, 0xec3b9e9f, 0x779ed2f0, 0x03063b7f,
+    0x98a37710, 0xef3da5e0, 0x7498e98f, 0x060c76fe, 0x9da93a91,
+    0xea37e861, 0x7192a40e, 0x050a4d81, 0x9eaf01ee, 0xe931d31e,
+    0x72949f71, 0x0c18edfc, 0x97bda193, 0xe0237363, 0x7b863f0c,
+    0x0f1ed683, 0x94bb9aec, 0xe325481c, 0x78800473, 0x0a149b02,
+    0x91b1d76d, 0xe62f059d, 0x7d8a49f2, 0x0912a07d, 0x92b7ec12,
+    0xe5293ee2, 0x7e8c728d, 0x1831dbf8, 0x83949797, 0xf40a4567,
+    0x6faf0908, 0x1b37e087, 0x8092ace8, 0xf70c7e18, 0x6ca93277,
+    0x1e3dad06, 0x8598e169, 0xf2063399, 0x69a37ff6, 0x1d3b9679,
+    0x869eda16, 0xf10008e6, 0x6aa54489, 0x14293604, 0x8f8c7a6b,
+    0xf812a89b, 0x63b7e4f4, 0x172f0d7b, 0x8c8a4114, 0xfb1493e4,
+    0x60b1df8b, 0x122540fa, 0x89800c95, 0xfe1ede65, 0x65bb920a,
+    0x11237b85, 0x8a8637ea, 0xfd18e51a, 0x66bda975, 0x3063b7f0,
+    0xabc6fb9f, 0xdc58296f, 0x47fd6500, 0x33658c8f, 0xa8c0c0e0,
+    0xdf5e1210, 0x44fb5e7f, 0x366fc10e, 0xadca8d61, 0xda545f91,
+    0x41f113fe, 0x3569fa71, 0xaeccb61e, 0xd95264ee, 0x42f72881,
+    0x3c7b5a0c, 0xa7de1663, 0xd040c493, 0x4be588fc, 0x3f7d6173,
+    0xa4d82d1c, 0xd346ffec, 0x48e3b383, 0x3a772cf2, 0xa1d2609d,
+    0xd64cb26d, 0x4de9fe02, 0x3971178d, 0xa2d45be2, 0xd54a8912,
+    0x4eefc57d, 0x28526c08, 0xb3f72067, 0xc469f297, 0x5fccbef8,
+    0x2b545777, 0xb0f11b18, 0xc76fc9e8, 0x5cca8587, 0x2e5e1af6,
+    0xb5fb5699, 0xc2658469, 0x59c0c806, 0x2d582189, 0xb6fd6de6,
+    0xc163bf16, 0x5ac6f379, 0x244a81f4, 0xbfefcd9b, 0xc8711f6b,
+    0x53d45304, 0x274cba8b, 0xbce9f6e4, 0xcb772414, 0x50d2687b,
+    0x2246f70a, 0xb9e3bb65, 0xce7d6995, 0x55d825fa, 0x2140cc75,
+    0xbae5801a, 0xcd7b52ea, 0x56de1e85, 0x60c76fe0, 0xfb62238f,
+    0x8cfcf17f, 0x1759bd10, 0x63c1549f, 0xf86418f0, 0x8ffaca00,
+    0x145f866f, 0x66cb191e, 0xfd6e5571, 0x8af08781, 0x1155cbee,
+    0x65cd2261, 0xfe686e0e, 0x89f6bcfe, 0x1253f091, 0x6cdf821c,
+    0xf77ace73, 0x80e41c83, 0x1b4150ec, 0x6fd9b963, 0xf47cf50c,
+    0x83e227fc, 0x18476b93, 0x6ad3f4e2, 0xf176b88d, 0x86e86a7d,
+    0x1d4d2612, 0x69d5cf9d, 0xf27083f2, 0x85ee5102, 0x1e4b1d6d,
+    0x78f6b418, 0xe353f877, 0x94cd2a87, 0x0f6866e8, 0x7bf08f67,
+    0xe055c308, 0x97cb11f8, 0x0c6e5d97, 0x7efac2e6, 0xe55f8e89,
+    0x92c15c79, 0x09641016, 0x7dfcf999, 0xe659b5f6, 0x91c76706,
+    0x0a622b69, 0x74ee59e4, 0xef4b158b, 0x98d5c77b, 0x03708b14,
+    0x77e8629b, 0xec4d2ef4, 0x9bd3fc04, 0x0076b06b, 0x72e22f1a,
+    0xe9476375, 0x9ed9b185, 0x057cfdea, 0x71e41465, 0xea41580a,
+    0x9ddf8afa, 0x067ac695, 0x50a4d810, 0xcb01947f, 0xbc9f468f,
+    0x273a0ae0, 0x53a2e36f, 0xc807af00, 0xbf997df0, 0x243c319f,
+    0x56a8aeee, 0xcd0de281, 0xba933071, 0x21367c1e, 0x55ae9591,
+    0xce0bd9fe, 0xb9950b0e, 0x22304761, 0x5cbc35ec, 0xc7197983,
+    0xb087ab73, 0x2b22e71c, 0x5fba0e93, 0xc41f42fc, 0xb381900c,
+    0x2824dc63, 0x5ab04312, 0xc1150f7d, 0xb68bdd8d, 0x2d2e91e2,
+    0x59b6786d, 0xc2133402, 0xb58de6f2, 0x2e28aa9d, 0x489503e8,
+    0xd3304f87, 0xa4ae9d77, 0x3f0bd118, 0x4b933897, 0xd03674f8,
+    0xa7a8a608, 0x3c0dea67, 0x4e997516, 0xd53c3979, 0xa2a2eb89,
+    0x3907a7e6, 0x4d9f4e69, 0xd63a0206, 0xa1a4d0f6, 0x3a019c99,
+    0x448dee14, 0xdf28a27b, 0xa8b6708b, 0x33133ce4, 0x478bd56b,
+    0xdc2e9904, 0xabb04bf4, 0x3015079b, 0x428198ea, 0xd924d485,
+    0xaeba0675, 0x351f4a1a, 0x4187a395, 0xda22effa, 0xadbc3d0a,
+    0x36197165},
+   {0x00000000, 0xc18edfc0, 0x586cb9c1, 0x99e26601, 0xb0d97382,
+    0x7157ac42, 0xe8b5ca43, 0x293b1583, 0xbac3e145, 0x7b4d3e85,
+    0xe2af5884, 0x23218744, 0x0a1a92c7, 0xcb944d07, 0x52762b06,
+    0x93f8f4c6, 0xaef6c4cb, 0x6f781b0b, 0xf69a7d0a, 0x3714a2ca,
+    0x1e2fb749, 0xdfa16889, 0x46430e88, 0x87cdd148, 0x1435258e,
+    0xd5bbfa4e, 0x4c599c4f, 0x8dd7438f, 0xa4ec560c, 0x656289cc,
+    0xfc80efcd, 0x3d0e300d, 0x869c8fd7, 0x47125017, 0xdef03616,
+    0x1f7ee9d6, 0x3645fc55, 0xf7cb2395, 0x6e294594, 0xafa79a54,
+    0x3c5f6e92, 0xfdd1b152, 0x6433d753, 0xa5bd0893, 0x8c861d10,
+    0x4d08c2d0, 0xd4eaa4d1, 0x15647b11, 0x286a4b1c, 0xe9e494dc,
+    0x7006f2dd, 0xb1882d1d, 0x98b3389e, 0x593de75e, 0xc0df815f,
+    0x01515e9f, 0x92a9aa59, 0x53277599, 0xcac51398, 0x0b4bcc58,
+    0x2270d9db, 0xe3fe061b, 0x7a1c601a, 0xbb92bfda, 0xd64819ef,
+    0x17c6c62f, 0x8e24a02e, 0x4faa7fee, 0x66916a6d, 0xa71fb5ad,
+    0x3efdd3ac, 0xff730c6c, 0x6c8bf8aa, 0xad05276a, 0x34e7416b,
+    0xf5699eab, 0xdc528b28, 0x1ddc54e8, 0x843e32e9, 0x45b0ed29,
+    0x78bedd24, 0xb93002e4, 0x20d264e5, 0xe15cbb25, 0xc867aea6,
+    0x09e97166, 0x900b1767, 0x5185c8a7, 0xc27d3c61, 0x03f3e3a1,
+    0x9a1185a0, 0x5b9f5a60, 0x72a44fe3, 0xb32a9023, 0x2ac8f622,
+    0xeb4629e2, 0x50d49638, 0x915a49f8, 0x08b82ff9, 0xc936f039,
+    0xe00de5ba, 0x21833a7a, 0xb8615c7b, 0x79ef83bb, 0xea17777d,
+    0x2b99a8bd, 0xb27bcebc, 0x73f5117c, 0x5ace04ff, 0x9b40db3f,
+    0x02a2bd3e, 0xc32c62fe, 0xfe2252f3, 0x3fac8d33, 0xa64eeb32,
+    0x67c034f2, 0x4efb2171, 0x8f75feb1, 0x169798b0, 0xd7194770,
+    0x44e1b3b6, 0x856f6c76, 0x1c8d0a77, 0xdd03d5b7, 0xf438c034,
+    0x35b61ff4, 0xac5479f5, 0x6ddaa635, 0x77e1359f, 0xb66fea5f,
+    0x2f8d8c5e, 0xee03539e, 0xc738461d, 0x06b699dd, 0x9f54ffdc,
+    0x5eda201c, 0xcd22d4da, 0x0cac0b1a, 0x954e6d1b, 0x54c0b2db,
+    0x7dfba758, 0xbc757898, 0x25971e99, 0xe419c159, 0xd917f154,
+    0x18992e94, 0x817b4895, 0x40f59755, 0x69ce82d6, 0xa8405d16,
+    0x31a23b17, 0xf02ce4d7, 0x63d41011, 0xa25acfd1, 0x3bb8a9d0,
+    0xfa367610, 0xd30d6393, 0x1283bc53, 0x8b61da52, 0x4aef0592,
+    0xf17dba48, 0x30f36588, 0xa9110389, 0x689fdc49, 0x41a4c9ca,
+    0x802a160a, 0x19c8700b, 0xd846afcb, 0x4bbe5b0d, 0x8a3084cd,
+    0x13d2e2cc, 0xd25c3d0c, 0xfb67288f, 0x3ae9f74f, 0xa30b914e,
+    0x62854e8e, 0x5f8b7e83, 0x9e05a143, 0x07e7c742, 0xc6691882,
+    0xef520d01, 0x2edcd2c1, 0xb73eb4c0, 0x76b06b00, 0xe5489fc6,
+    0x24c64006, 0xbd242607, 0x7caaf9c7, 0x5591ec44, 0x941f3384,
+    0x0dfd5585, 0xcc738a45, 0xa1a92c70, 0x6027f3b0, 0xf9c595b1,
+    0x384b4a71, 0x11705ff2, 0xd0fe8032, 0x491ce633, 0x889239f3,
+    0x1b6acd35, 0xdae412f5, 0x430674f4, 0x8288ab34, 0xabb3beb7,
+    0x6a3d6177, 0xf3df0776, 0x3251d8b6, 0x0f5fe8bb, 0xced1377b,
+    0x5733517a, 0x96bd8eba, 0xbf869b39, 0x7e0844f9, 0xe7ea22f8,
+    0x2664fd38, 0xb59c09fe, 0x7412d63e, 0xedf0b03f, 0x2c7e6fff,
+    0x05457a7c, 0xc4cba5bc, 0x5d29c3bd, 0x9ca71c7d, 0x2735a3a7,
+    0xe6bb7c67, 0x7f591a66, 0xbed7c5a6, 0x97ecd025, 0x56620fe5,
+    0xcf8069e4, 0x0e0eb624, 0x9df642e2, 0x5c789d22, 0xc59afb23,
+    0x041424e3, 0x2d2f3160, 0xeca1eea0, 0x754388a1, 0xb4cd5761,
+    0x89c3676c, 0x484db8ac, 0xd1afdead, 0x1021016d, 0x391a14ee,
+    0xf894cb2e, 0x6176ad2f, 0xa0f872ef, 0x33008629, 0xf28e59e9,
+    0x6b6c3fe8, 0xaae2e028, 0x83d9f5ab, 0x42572a6b, 0xdbb54c6a,
+    0x1a3b93aa},
+   {0x00000000, 0xefc26b3e, 0x04f5d03d, 0xeb37bb03, 0x09eba07a,
+    0xe629cb44, 0x0d1e7047, 0xe2dc1b79, 0x13d740f4, 0xfc152bca,
+    0x172290c9, 0xf8e0fbf7, 0x1a3ce08e, 0xf5fe8bb0, 0x1ec930b3,
+    0xf10b5b8d, 0x27ae81e8, 0xc86cead6, 0x235b51d5, 0xcc993aeb,
+    0x2e452192, 0xc1874aac, 0x2ab0f1af, 0xc5729a91, 0x3479c11c,
+    0xdbbbaa22, 0x308c1121, 0xdf4e7a1f, 0x3d926166, 0xd2500a58,
+    0x3967b15b, 0xd6a5da65, 0x4f5d03d0, 0xa09f68ee, 0x4ba8d3ed,
+    0xa46ab8d3, 0x46b6a3aa, 0xa974c894, 0x42437397, 0xad8118a9,
+    0x5c8a4324, 0xb348281a, 0x587f9319, 0xb7bdf827, 0x5561e35e,
+    0xbaa38860, 0x51943363, 0xbe56585d, 0x68f38238, 0x8731e906,
+    0x6c065205, 0x83c4393b, 0x61182242, 0x8eda497c, 0x65edf27f,
+    0x8a2f9941, 0x7b24c2cc, 0x94e6a9f2, 0x7fd112f1, 0x901379cf,
+    0x72cf62b6, 0x9d0d0988, 0x763ab28b, 0x99f8d9b5, 0x9eba07a0,
+    0x71786c9e, 0x9a4fd79d, 0x758dbca3, 0x9751a7da, 0x7893cce4,
+    0x93a477e7, 0x7c661cd9, 0x8d6d4754, 0x62af2c6a, 0x89989769,
+    0x665afc57, 0x8486e72e, 0x6b448c10, 0x80733713, 0x6fb15c2d,
+    0xb9148648, 0x56d6ed76, 0xbde15675, 0x52233d4b, 0xb0ff2632,
+    0x5f3d4d0c, 0xb40af60f, 0x5bc89d31, 0xaac3c6bc, 0x4501ad82,
+    0xae361681, 0x41f47dbf, 0xa32866c6, 0x4cea0df8, 0xa7ddb6fb,
+    0x481fddc5, 0xd1e70470, 0x3e256f4e, 0xd512d44d, 0x3ad0bf73,
+    0xd80ca40a, 0x37cecf34, 0xdcf97437, 0x333b1f09, 0xc2304484,
+    0x2df22fba, 0xc6c594b9, 0x2907ff87, 0xcbdbe4fe, 0x24198fc0,
+    0xcf2e34c3, 0x20ec5ffd, 0xf6498598, 0x198beea6, 0xf2bc55a5,
+    0x1d7e3e9b, 0xffa225e2, 0x10604edc, 0xfb57f5df, 0x14959ee1,
+    0xe59ec56c, 0x0a5cae52, 0xe16b1551, 0x0ea97e6f, 0xec756516,
+    0x03b70e28, 0xe880b52b, 0x0742de15, 0xe6050901, 0x09c7623f,
+    0xe2f0d93c, 0x0d32b202, 0xefeea97b, 0x002cc245, 0xeb1b7946,
+    0x04d91278, 0xf5d249f5, 0x1a1022cb, 0xf12799c8, 0x1ee5f2f6,
+    0xfc39e98f, 0x13fb82b1, 0xf8cc39b2, 0x170e528c, 0xc1ab88e9,
+    0x2e69e3d7, 0xc55e58d4, 0x2a9c33ea, 0xc8402893, 0x278243ad,
+    0xccb5f8ae, 0x23779390, 0xd27cc81d, 0x3dbea323, 0xd6891820,
+    0x394b731e, 0xdb976867, 0x34550359, 0xdf62b85a, 0x30a0d364,
+    0xa9580ad1, 0x469a61ef, 0xadaddaec, 0x426fb1d2, 0xa0b3aaab,
+    0x4f71c195, 0xa4467a96, 0x4b8411a8, 0xba8f4a25, 0x554d211b,
+    0xbe7a9a18, 0x51b8f126, 0xb364ea5f, 0x5ca68161, 0xb7913a62,
+    0x5853515c, 0x8ef68b39, 0x6134e007, 0x8a035b04, 0x65c1303a,
+    0x871d2b43, 0x68df407d, 0x83e8fb7e, 0x6c2a9040, 0x9d21cbcd,
+    0x72e3a0f3, 0x99d41bf0, 0x761670ce, 0x94ca6bb7, 0x7b080089,
+    0x903fbb8a, 0x7ffdd0b4, 0x78bf0ea1, 0x977d659f, 0x7c4ade9c,
+    0x9388b5a2, 0x7154aedb, 0x9e96c5e5, 0x75a17ee6, 0x9a6315d8,
+    0x6b684e55, 0x84aa256b, 0x6f9d9e68, 0x805ff556, 0x6283ee2f,
+    0x8d418511, 0x66763e12, 0x89b4552c, 0x5f118f49, 0xb0d3e477,
+    0x5be45f74, 0xb426344a, 0x56fa2f33, 0xb938440d, 0x520fff0e,
+    0xbdcd9430, 0x4cc6cfbd, 0xa304a483, 0x48331f80, 0xa7f174be,
+    0x452d6fc7, 0xaaef04f9, 0x41d8bffa, 0xae1ad4c4, 0x37e20d71,
+    0xd820664f, 0x3317dd4c, 0xdcd5b672, 0x3e09ad0b, 0xd1cbc635,
+    0x3afc7d36, 0xd53e1608, 0x24354d85, 0xcbf726bb, 0x20c09db8,
+    0xcf02f686, 0x2ddeedff, 0xc21c86c1, 0x292b3dc2, 0xc6e956fc,
+    0x104c8c99, 0xff8ee7a7, 0x14b95ca4, 0xfb7b379a, 0x19a72ce3,
+    0xf66547dd, 0x1d52fcde, 0xf29097e0, 0x039bcc6d, 0xec59a753,
+    0x076e1c50, 0xe8ac776e, 0x0a706c17, 0xe5b20729, 0x0e85bc2a,
+    0xe147d714},
+   {0x00000000, 0x177b1443, 0x2ef62886, 0x398d3cc5, 0x5dec510c,
+    0x4a97454f, 0x731a798a, 0x64616dc9, 0xbbd8a218, 0xaca3b65b,
+    0x952e8a9e, 0x82559edd, 0xe634f314, 0xf14fe757, 0xc8c2db92,
+    0xdfb9cfd1, 0xacc04271, 0xbbbb5632, 0x82366af7, 0x954d7eb4,
+    0xf12c137d, 0xe657073e, 0xdfda3bfb, 0xc8a12fb8, 0x1718e069,
+    0x0063f42a, 0x39eec8ef, 0x2e95dcac, 0x4af4b165, 0x5d8fa526,
+    0x640299e3, 0x73798da0, 0x82f182a3, 0x958a96e0, 0xac07aa25,
+    0xbb7cbe66, 0xdf1dd3af, 0xc866c7ec, 0xf1ebfb29, 0xe690ef6a,
+    0x392920bb, 0x2e5234f8, 0x17df083d, 0x00a41c7e, 0x64c571b7,
+    0x73be65f4, 0x4a335931, 0x5d484d72, 0x2e31c0d2, 0x394ad491,
+    0x00c7e854, 0x17bcfc17, 0x73dd91de, 0x64a6859d, 0x5d2bb958,
+    0x4a50ad1b, 0x95e962ca, 0x82927689, 0xbb1f4a4c, 0xac645e0f,
+    0xc80533c6, 0xdf7e2785, 0xe6f31b40, 0xf1880f03, 0xde920307,
+    0xc9e91744, 0xf0642b81, 0xe71f3fc2, 0x837e520b, 0x94054648,
+    0xad887a8d, 0xbaf36ece, 0x654aa11f, 0x7231b55c, 0x4bbc8999,
+    0x5cc79dda, 0x38a6f013, 0x2fdde450, 0x1650d895, 0x012bccd6,
+    0x72524176, 0x65295535, 0x5ca469f0, 0x4bdf7db3, 0x2fbe107a,
+    0x38c50439, 0x014838fc, 0x16332cbf, 0xc98ae36e, 0xdef1f72d,
+    0xe77ccbe8, 0xf007dfab, 0x9466b262, 0x831da621, 0xba909ae4,
+    0xadeb8ea7, 0x5c6381a4, 0x4b1895e7, 0x7295a922, 0x65eebd61,
+    0x018fd0a8, 0x16f4c4eb, 0x2f79f82e, 0x3802ec6d, 0xe7bb23bc,
+    0xf0c037ff, 0xc94d0b3a, 0xde361f79, 0xba5772b0, 0xad2c66f3,
+    0x94a15a36, 0x83da4e75, 0xf0a3c3d5, 0xe7d8d796, 0xde55eb53,
+    0xc92eff10, 0xad4f92d9, 0xba34869a, 0x83b9ba5f, 0x94c2ae1c,
+    0x4b7b61cd, 0x5c00758e, 0x658d494b, 0x72f65d08, 0x169730c1,
+    0x01ec2482, 0x38611847, 0x2f1a0c04, 0x6655004f, 0x712e140c,
+    0x48a328c9, 0x5fd83c8a, 0x3bb95143, 0x2cc24500, 0x154f79c5,
+    0x02346d86, 0xdd8da257, 0xcaf6b614, 0xf37b8ad1, 0xe4009e92,
+    0x8061f35b, 0x971ae718, 0xae97dbdd, 0xb9eccf9e, 0xca95423e,
+    0xddee567d, 0xe4636ab8, 0xf3187efb, 0x97791332, 0x80020771,
+    0xb98f3bb4, 0xaef42ff7, 0x714de026, 0x6636f465, 0x5fbbc8a0,
+    0x48c0dce3, 0x2ca1b12a, 0x3bdaa569, 0x025799ac, 0x152c8def,
+    0xe4a482ec, 0xf3df96af, 0xca52aa6a, 0xdd29be29, 0xb948d3e0,
+    0xae33c7a3, 0x97befb66, 0x80c5ef25, 0x5f7c20f4, 0x480734b7,
+    0x718a0872, 0x66f11c31, 0x029071f8, 0x15eb65bb, 0x2c66597e,
+    0x3b1d4d3d, 0x4864c09d, 0x5f1fd4de, 0x6692e81b, 0x71e9fc58,
+    0x15889191, 0x02f385d2, 0x3b7eb917, 0x2c05ad54, 0xf3bc6285,
+    0xe4c776c6, 0xdd4a4a03, 0xca315e40, 0xae503389, 0xb92b27ca,
+    0x80a61b0f, 0x97dd0f4c, 0xb8c70348, 0xafbc170b, 0x96312bce,
+    0x814a3f8d, 0xe52b5244, 0xf2504607, 0xcbdd7ac2, 0xdca66e81,
+    0x031fa150, 0x1464b513, 0x2de989d6, 0x3a929d95, 0x5ef3f05c,
+    0x4988e41f, 0x7005d8da, 0x677ecc99, 0x14074139, 0x037c557a,
+    0x3af169bf, 0x2d8a7dfc, 0x49eb1035, 0x5e900476, 0x671d38b3,
+    0x70662cf0, 0xafdfe321, 0xb8a4f762, 0x8129cba7, 0x9652dfe4,
+    0xf233b22d, 0xe548a66e, 0xdcc59aab, 0xcbbe8ee8, 0x3a3681eb,
+    0x2d4d95a8, 0x14c0a96d, 0x03bbbd2e, 0x67dad0e7, 0x70a1c4a4,
+    0x492cf861, 0x5e57ec22, 0x81ee23f3, 0x969537b0, 0xaf180b75,
+    0xb8631f36, 0xdc0272ff, 0xcb7966bc, 0xf2f45a79, 0xe58f4e3a,
+    0x96f6c39a, 0x818dd7d9, 0xb800eb1c, 0xaf7bff5f, 0xcb1a9296,
+    0xdc6186d5, 0xe5ecba10, 0xf297ae53, 0x2d2e6182, 0x3a5575c1,
+    0x03d84904, 0x14a35d47, 0x70c2308e, 0x67b924cd, 0x5e341808,
+    0x494f0c4b}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x43147b1700000000, 0x8628f62e00000000,
+    0xc53c8d3900000000, 0x0c51ec5d00000000, 0x4f45974a00000000,
+    0x8a791a7300000000, 0xc96d616400000000, 0x18a2d8bb00000000,
+    0x5bb6a3ac00000000, 0x9e8a2e9500000000, 0xdd9e558200000000,
+    0x14f334e600000000, 0x57e74ff100000000, 0x92dbc2c800000000,
+    0xd1cfb9df00000000, 0x7142c0ac00000000, 0x3256bbbb00000000,
+    0xf76a368200000000, 0xb47e4d9500000000, 0x7d132cf100000000,
+    0x3e0757e600000000, 0xfb3bdadf00000000, 0xb82fa1c800000000,
+    0x69e0181700000000, 0x2af4630000000000, 0xefc8ee3900000000,
+    0xacdc952e00000000, 0x65b1f44a00000000, 0x26a58f5d00000000,
+    0xe399026400000000, 0xa08d797300000000, 0xa382f18200000000,
+    0xe0968a9500000000, 0x25aa07ac00000000, 0x66be7cbb00000000,
+    0xafd31ddf00000000, 0xecc766c800000000, 0x29fbebf100000000,
+    0x6aef90e600000000, 0xbb20293900000000, 0xf834522e00000000,
+    0x3d08df1700000000, 0x7e1ca40000000000, 0xb771c56400000000,
+    0xf465be7300000000, 0x3159334a00000000, 0x724d485d00000000,
+    0xd2c0312e00000000, 0x91d44a3900000000, 0x54e8c70000000000,
+    0x17fcbc1700000000, 0xde91dd7300000000, 0x9d85a66400000000,
+    0x58b92b5d00000000, 0x1bad504a00000000, 0xca62e99500000000,
+    0x8976928200000000, 0x4c4a1fbb00000000, 0x0f5e64ac00000000,
+    0xc63305c800000000, 0x85277edf00000000, 0x401bf3e600000000,
+    0x030f88f100000000, 0x070392de00000000, 0x4417e9c900000000,
+    0x812b64f000000000, 0xc23f1fe700000000, 0x0b527e8300000000,
+    0x4846059400000000, 0x8d7a88ad00000000, 0xce6ef3ba00000000,
+    0x1fa14a6500000000, 0x5cb5317200000000, 0x9989bc4b00000000,
+    0xda9dc75c00000000, 0x13f0a63800000000, 0x50e4dd2f00000000,
+    0x95d8501600000000, 0xd6cc2b0100000000, 0x7641527200000000,
+    0x3555296500000000, 0xf069a45c00000000, 0xb37ddf4b00000000,
+    0x7a10be2f00000000, 0x3904c53800000000, 0xfc38480100000000,
+    0xbf2c331600000000, 0x6ee38ac900000000, 0x2df7f1de00000000,
+    0xe8cb7ce700000000, 0xabdf07f000000000, 0x62b2669400000000,
+    0x21a61d8300000000, 0xe49a90ba00000000, 0xa78eebad00000000,
+    0xa481635c00000000, 0xe795184b00000000, 0x22a9957200000000,
+    0x61bdee6500000000, 0xa8d08f0100000000, 0xebc4f41600000000,
+    0x2ef8792f00000000, 0x6dec023800000000, 0xbc23bbe700000000,
+    0xff37c0f000000000, 0x3a0b4dc900000000, 0x791f36de00000000,
+    0xb07257ba00000000, 0xf3662cad00000000, 0x365aa19400000000,
+    0x754eda8300000000, 0xd5c3a3f000000000, 0x96d7d8e700000000,
+    0x53eb55de00000000, 0x10ff2ec900000000, 0xd9924fad00000000,
+    0x9a8634ba00000000, 0x5fbab98300000000, 0x1caec29400000000,
+    0xcd617b4b00000000, 0x8e75005c00000000, 0x4b498d6500000000,
+    0x085df67200000000, 0xc130971600000000, 0x8224ec0100000000,
+    0x4718613800000000, 0x040c1a2f00000000, 0x4f00556600000000,
+    0x0c142e7100000000, 0xc928a34800000000, 0x8a3cd85f00000000,
+    0x4351b93b00000000, 0x0045c22c00000000, 0xc5794f1500000000,
+    0x866d340200000000, 0x57a28ddd00000000, 0x14b6f6ca00000000,
+    0xd18a7bf300000000, 0x929e00e400000000, 0x5bf3618000000000,
+    0x18e71a9700000000, 0xdddb97ae00000000, 0x9ecfecb900000000,
+    0x3e4295ca00000000, 0x7d56eedd00000000, 0xb86a63e400000000,
+    0xfb7e18f300000000, 0x3213799700000000, 0x7107028000000000,
+    0xb43b8fb900000000, 0xf72ff4ae00000000, 0x26e04d7100000000,
+    0x65f4366600000000, 0xa0c8bb5f00000000, 0xe3dcc04800000000,
+    0x2ab1a12c00000000, 0x69a5da3b00000000, 0xac99570200000000,
+    0xef8d2c1500000000, 0xec82a4e400000000, 0xaf96dff300000000,
+    0x6aaa52ca00000000, 0x29be29dd00000000, 0xe0d348b900000000,
+    0xa3c733ae00000000, 0x66fbbe9700000000, 0x25efc58000000000,
+    0xf4207c5f00000000, 0xb734074800000000, 0x72088a7100000000,
+    0x311cf16600000000, 0xf871900200000000, 0xbb65eb1500000000,
+    0x7e59662c00000000, 0x3d4d1d3b00000000, 0x9dc0644800000000,
+    0xded41f5f00000000, 0x1be8926600000000, 0x58fce97100000000,
+    0x9191881500000000, 0xd285f30200000000, 0x17b97e3b00000000,
+    0x54ad052c00000000, 0x8562bcf300000000, 0xc676c7e400000000,
+    0x034a4add00000000, 0x405e31ca00000000, 0x893350ae00000000,
+    0xca272bb900000000, 0x0f1ba68000000000, 0x4c0fdd9700000000,
+    0x4803c7b800000000, 0x0b17bcaf00000000, 0xce2b319600000000,
+    0x8d3f4a8100000000, 0x44522be500000000, 0x074650f200000000,
+    0xc27addcb00000000, 0x816ea6dc00000000, 0x50a11f0300000000,
+    0x13b5641400000000, 0xd689e92d00000000, 0x959d923a00000000,
+    0x5cf0f35e00000000, 0x1fe4884900000000, 0xdad8057000000000,
+    0x99cc7e6700000000, 0x3941071400000000, 0x7a557c0300000000,
+    0xbf69f13a00000000, 0xfc7d8a2d00000000, 0x3510eb4900000000,
+    0x7604905e00000000, 0xb3381d6700000000, 0xf02c667000000000,
+    0x21e3dfaf00000000, 0x62f7a4b800000000, 0xa7cb298100000000,
+    0xe4df529600000000, 0x2db233f200000000, 0x6ea648e500000000,
+    0xab9ac5dc00000000, 0xe88ebecb00000000, 0xeb81363a00000000,
+    0xa8954d2d00000000, 0x6da9c01400000000, 0x2ebdbb0300000000,
+    0xe7d0da6700000000, 0xa4c4a17000000000, 0x61f82c4900000000,
+    0x22ec575e00000000, 0xf323ee8100000000, 0xb037959600000000,
+    0x750b18af00000000, 0x361f63b800000000, 0xff7202dc00000000,
+    0xbc6679cb00000000, 0x795af4f200000000, 0x3a4e8fe500000000,
+    0x9ac3f69600000000, 0xd9d78d8100000000, 0x1ceb00b800000000,
+    0x5fff7baf00000000, 0x96921acb00000000, 0xd58661dc00000000,
+    0x10baece500000000, 0x53ae97f200000000, 0x82612e2d00000000,
+    0xc175553a00000000, 0x0449d80300000000, 0x475da31400000000,
+    0x8e30c27000000000, 0xcd24b96700000000, 0x0818345e00000000,
+    0x4b0c4f4900000000},
+   {0x0000000000000000, 0x3e6bc2ef00000000, 0x3dd0f50400000000,
+    0x03bb37eb00000000, 0x7aa0eb0900000000, 0x44cb29e600000000,
+    0x47701e0d00000000, 0x791bdce200000000, 0xf440d71300000000,
+    0xca2b15fc00000000, 0xc990221700000000, 0xf7fbe0f800000000,
+    0x8ee03c1a00000000, 0xb08bfef500000000, 0xb330c91e00000000,
+    0x8d5b0bf100000000, 0xe881ae2700000000, 0xd6ea6cc800000000,
+    0xd5515b2300000000, 0xeb3a99cc00000000, 0x9221452e00000000,
+    0xac4a87c100000000, 0xaff1b02a00000000, 0x919a72c500000000,
+    0x1cc1793400000000, 0x22aabbdb00000000, 0x21118c3000000000,
+    0x1f7a4edf00000000, 0x6661923d00000000, 0x580a50d200000000,
+    0x5bb1673900000000, 0x65daa5d600000000, 0xd0035d4f00000000,
+    0xee689fa000000000, 0xedd3a84b00000000, 0xd3b86aa400000000,
+    0xaaa3b64600000000, 0x94c874a900000000, 0x9773434200000000,
+    0xa91881ad00000000, 0x24438a5c00000000, 0x1a2848b300000000,
+    0x19937f5800000000, 0x27f8bdb700000000, 0x5ee3615500000000,
+    0x6088a3ba00000000, 0x6333945100000000, 0x5d5856be00000000,
+    0x3882f36800000000, 0x06e9318700000000, 0x0552066c00000000,
+    0x3b39c48300000000, 0x4222186100000000, 0x7c49da8e00000000,
+    0x7ff2ed6500000000, 0x41992f8a00000000, 0xccc2247b00000000,
+    0xf2a9e69400000000, 0xf112d17f00000000, 0xcf79139000000000,
+    0xb662cf7200000000, 0x88090d9d00000000, 0x8bb23a7600000000,
+    0xb5d9f89900000000, 0xa007ba9e00000000, 0x9e6c787100000000,
+    0x9dd74f9a00000000, 0xa3bc8d7500000000, 0xdaa7519700000000,
+    0xe4cc937800000000, 0xe777a49300000000, 0xd91c667c00000000,
+    0x54476d8d00000000, 0x6a2caf6200000000, 0x6997988900000000,
+    0x57fc5a6600000000, 0x2ee7868400000000, 0x108c446b00000000,
+    0x1337738000000000, 0x2d5cb16f00000000, 0x488614b900000000,
+    0x76edd65600000000, 0x7556e1bd00000000, 0x4b3d235200000000,
+    0x3226ffb000000000, 0x0c4d3d5f00000000, 0x0ff60ab400000000,
+    0x319dc85b00000000, 0xbcc6c3aa00000000, 0x82ad014500000000,
+    0x811636ae00000000, 0xbf7df44100000000, 0xc66628a300000000,
+    0xf80dea4c00000000, 0xfbb6dda700000000, 0xc5dd1f4800000000,
+    0x7004e7d100000000, 0x4e6f253e00000000, 0x4dd412d500000000,
+    0x73bfd03a00000000, 0x0aa40cd800000000, 0x34cfce3700000000,
+    0x3774f9dc00000000, 0x091f3b3300000000, 0x844430c200000000,
+    0xba2ff22d00000000, 0xb994c5c600000000, 0x87ff072900000000,
+    0xfee4dbcb00000000, 0xc08f192400000000, 0xc3342ecf00000000,
+    0xfd5fec2000000000, 0x988549f600000000, 0xa6ee8b1900000000,
+    0xa555bcf200000000, 0x9b3e7e1d00000000, 0xe225a2ff00000000,
+    0xdc4e601000000000, 0xdff557fb00000000, 0xe19e951400000000,
+    0x6cc59ee500000000, 0x52ae5c0a00000000, 0x51156be100000000,
+    0x6f7ea90e00000000, 0x166575ec00000000, 0x280eb70300000000,
+    0x2bb580e800000000, 0x15de420700000000, 0x010905e600000000,
+    0x3f62c70900000000, 0x3cd9f0e200000000, 0x02b2320d00000000,
+    0x7ba9eeef00000000, 0x45c22c0000000000, 0x46791beb00000000,
+    0x7812d90400000000, 0xf549d2f500000000, 0xcb22101a00000000,
+    0xc89927f100000000, 0xf6f2e51e00000000, 0x8fe939fc00000000,
+    0xb182fb1300000000, 0xb239ccf800000000, 0x8c520e1700000000,
+    0xe988abc100000000, 0xd7e3692e00000000, 0xd4585ec500000000,
+    0xea339c2a00000000, 0x932840c800000000, 0xad43822700000000,
+    0xaef8b5cc00000000, 0x9093772300000000, 0x1dc87cd200000000,
+    0x23a3be3d00000000, 0x201889d600000000, 0x1e734b3900000000,
+    0x676897db00000000, 0x5903553400000000, 0x5ab862df00000000,
+    0x64d3a03000000000, 0xd10a58a900000000, 0xef619a4600000000,
+    0xecdaadad00000000, 0xd2b16f4200000000, 0xabaab3a000000000,
+    0x95c1714f00000000, 0x967a46a400000000, 0xa811844b00000000,
+    0x254a8fba00000000, 0x1b214d5500000000, 0x189a7abe00000000,
+    0x26f1b85100000000, 0x5fea64b300000000, 0x6181a65c00000000,
+    0x623a91b700000000, 0x5c51535800000000, 0x398bf68e00000000,
+    0x07e0346100000000, 0x045b038a00000000, 0x3a30c16500000000,
+    0x432b1d8700000000, 0x7d40df6800000000, 0x7efbe88300000000,
+    0x40902a6c00000000, 0xcdcb219d00000000, 0xf3a0e37200000000,
+    0xf01bd49900000000, 0xce70167600000000, 0xb76bca9400000000,
+    0x8900087b00000000, 0x8abb3f9000000000, 0xb4d0fd7f00000000,
+    0xa10ebf7800000000, 0x9f657d9700000000, 0x9cde4a7c00000000,
+    0xa2b5889300000000, 0xdbae547100000000, 0xe5c5969e00000000,
+    0xe67ea17500000000, 0xd815639a00000000, 0x554e686b00000000,
+    0x6b25aa8400000000, 0x689e9d6f00000000, 0x56f55f8000000000,
+    0x2fee836200000000, 0x1185418d00000000, 0x123e766600000000,
+    0x2c55b48900000000, 0x498f115f00000000, 0x77e4d3b000000000,
+    0x745fe45b00000000, 0x4a3426b400000000, 0x332ffa5600000000,
+    0x0d4438b900000000, 0x0eff0f5200000000, 0x3094cdbd00000000,
+    0xbdcfc64c00000000, 0x83a404a300000000, 0x801f334800000000,
+    0xbe74f1a700000000, 0xc76f2d4500000000, 0xf904efaa00000000,
+    0xfabfd84100000000, 0xc4d41aae00000000, 0x710de23700000000,
+    0x4f6620d800000000, 0x4cdd173300000000, 0x72b6d5dc00000000,
+    0x0bad093e00000000, 0x35c6cbd100000000, 0x367dfc3a00000000,
+    0x08163ed500000000, 0x854d352400000000, 0xbb26f7cb00000000,
+    0xb89dc02000000000, 0x86f602cf00000000, 0xffedde2d00000000,
+    0xc1861cc200000000, 0xc23d2b2900000000, 0xfc56e9c600000000,
+    0x998c4c1000000000, 0xa7e78eff00000000, 0xa45cb91400000000,
+    0x9a377bfb00000000, 0xe32ca71900000000, 0xdd4765f600000000,
+    0xdefc521d00000000, 0xe09790f200000000, 0x6dcc9b0300000000,
+    0x53a759ec00000000, 0x501c6e0700000000, 0x6e77ace800000000,
+    0x176c700a00000000, 0x2907b2e500000000, 0x2abc850e00000000,
+    0x14d747e100000000},
+   {0x0000000000000000, 0xc0df8ec100000000, 0xc1b96c5800000000,
+    0x0166e29900000000, 0x8273d9b000000000, 0x42ac577100000000,
+    0x43cab5e800000000, 0x83153b2900000000, 0x45e1c3ba00000000,
+    0x853e4d7b00000000, 0x8458afe200000000, 0x4487212300000000,
+    0xc7921a0a00000000, 0x074d94cb00000000, 0x062b765200000000,
+    0xc6f4f89300000000, 0xcbc4f6ae00000000, 0x0b1b786f00000000,
+    0x0a7d9af600000000, 0xcaa2143700000000, 0x49b72f1e00000000,
+    0x8968a1df00000000, 0x880e434600000000, 0x48d1cd8700000000,
+    0x8e25351400000000, 0x4efabbd500000000, 0x4f9c594c00000000,
+    0x8f43d78d00000000, 0x0c56eca400000000, 0xcc89626500000000,
+    0xcdef80fc00000000, 0x0d300e3d00000000, 0xd78f9c8600000000,
+    0x1750124700000000, 0x1636f0de00000000, 0xd6e97e1f00000000,
+    0x55fc453600000000, 0x9523cbf700000000, 0x9445296e00000000,
+    0x549aa7af00000000, 0x926e5f3c00000000, 0x52b1d1fd00000000,
+    0x53d7336400000000, 0x9308bda500000000, 0x101d868c00000000,
+    0xd0c2084d00000000, 0xd1a4ead400000000, 0x117b641500000000,
+    0x1c4b6a2800000000, 0xdc94e4e900000000, 0xddf2067000000000,
+    0x1d2d88b100000000, 0x9e38b39800000000, 0x5ee73d5900000000,
+    0x5f81dfc000000000, 0x9f5e510100000000, 0x59aaa99200000000,
+    0x9975275300000000, 0x9813c5ca00000000, 0x58cc4b0b00000000,
+    0xdbd9702200000000, 0x1b06fee300000000, 0x1a601c7a00000000,
+    0xdabf92bb00000000, 0xef1948d600000000, 0x2fc6c61700000000,
+    0x2ea0248e00000000, 0xee7faa4f00000000, 0x6d6a916600000000,
+    0xadb51fa700000000, 0xacd3fd3e00000000, 0x6c0c73ff00000000,
+    0xaaf88b6c00000000, 0x6a2705ad00000000, 0x6b41e73400000000,
+    0xab9e69f500000000, 0x288b52dc00000000, 0xe854dc1d00000000,
+    0xe9323e8400000000, 0x29edb04500000000, 0x24ddbe7800000000,
+    0xe40230b900000000, 0xe564d22000000000, 0x25bb5ce100000000,
+    0xa6ae67c800000000, 0x6671e90900000000, 0x67170b9000000000,
+    0xa7c8855100000000, 0x613c7dc200000000, 0xa1e3f30300000000,
+    0xa085119a00000000, 0x605a9f5b00000000, 0xe34fa47200000000,
+    0x23902ab300000000, 0x22f6c82a00000000, 0xe22946eb00000000,
+    0x3896d45000000000, 0xf8495a9100000000, 0xf92fb80800000000,
+    0x39f036c900000000, 0xbae50de000000000, 0x7a3a832100000000,
+    0x7b5c61b800000000, 0xbb83ef7900000000, 0x7d7717ea00000000,
+    0xbda8992b00000000, 0xbcce7bb200000000, 0x7c11f57300000000,
+    0xff04ce5a00000000, 0x3fdb409b00000000, 0x3ebda20200000000,
+    0xfe622cc300000000, 0xf35222fe00000000, 0x338dac3f00000000,
+    0x32eb4ea600000000, 0xf234c06700000000, 0x7121fb4e00000000,
+    0xb1fe758f00000000, 0xb098971600000000, 0x704719d700000000,
+    0xb6b3e14400000000, 0x766c6f8500000000, 0x770a8d1c00000000,
+    0xb7d503dd00000000, 0x34c038f400000000, 0xf41fb63500000000,
+    0xf57954ac00000000, 0x35a6da6d00000000, 0x9f35e17700000000,
+    0x5fea6fb600000000, 0x5e8c8d2f00000000, 0x9e5303ee00000000,
+    0x1d4638c700000000, 0xdd99b60600000000, 0xdcff549f00000000,
+    0x1c20da5e00000000, 0xdad422cd00000000, 0x1a0bac0c00000000,
+    0x1b6d4e9500000000, 0xdbb2c05400000000, 0x58a7fb7d00000000,
+    0x987875bc00000000, 0x991e972500000000, 0x59c119e400000000,
+    0x54f117d900000000, 0x942e991800000000, 0x95487b8100000000,
+    0x5597f54000000000, 0xd682ce6900000000, 0x165d40a800000000,
+    0x173ba23100000000, 0xd7e42cf000000000, 0x1110d46300000000,
+    0xd1cf5aa200000000, 0xd0a9b83b00000000, 0x107636fa00000000,
+    0x93630dd300000000, 0x53bc831200000000, 0x52da618b00000000,
+    0x9205ef4a00000000, 0x48ba7df100000000, 0x8865f33000000000,
+    0x890311a900000000, 0x49dc9f6800000000, 0xcac9a44100000000,
+    0x0a162a8000000000, 0x0b70c81900000000, 0xcbaf46d800000000,
+    0x0d5bbe4b00000000, 0xcd84308a00000000, 0xcce2d21300000000,
+    0x0c3d5cd200000000, 0x8f2867fb00000000, 0x4ff7e93a00000000,
+    0x4e910ba300000000, 0x8e4e856200000000, 0x837e8b5f00000000,
+    0x43a1059e00000000, 0x42c7e70700000000, 0x821869c600000000,
+    0x010d52ef00000000, 0xc1d2dc2e00000000, 0xc0b43eb700000000,
+    0x006bb07600000000, 0xc69f48e500000000, 0x0640c62400000000,
+    0x072624bd00000000, 0xc7f9aa7c00000000, 0x44ec915500000000,
+    0x84331f9400000000, 0x8555fd0d00000000, 0x458a73cc00000000,
+    0x702ca9a100000000, 0xb0f3276000000000, 0xb195c5f900000000,
+    0x714a4b3800000000, 0xf25f701100000000, 0x3280fed000000000,
+    0x33e61c4900000000, 0xf339928800000000, 0x35cd6a1b00000000,
+    0xf512e4da00000000, 0xf474064300000000, 0x34ab888200000000,
+    0xb7beb3ab00000000, 0x77613d6a00000000, 0x7607dff300000000,
+    0xb6d8513200000000, 0xbbe85f0f00000000, 0x7b37d1ce00000000,
+    0x7a51335700000000, 0xba8ebd9600000000, 0x399b86bf00000000,
+    0xf944087e00000000, 0xf822eae700000000, 0x38fd642600000000,
+    0xfe099cb500000000, 0x3ed6127400000000, 0x3fb0f0ed00000000,
+    0xff6f7e2c00000000, 0x7c7a450500000000, 0xbca5cbc400000000,
+    0xbdc3295d00000000, 0x7d1ca79c00000000, 0xa7a3352700000000,
+    0x677cbbe600000000, 0x661a597f00000000, 0xa6c5d7be00000000,
+    0x25d0ec9700000000, 0xe50f625600000000, 0xe46980cf00000000,
+    0x24b60e0e00000000, 0xe242f69d00000000, 0x229d785c00000000,
+    0x23fb9ac500000000, 0xe324140400000000, 0x60312f2d00000000,
+    0xa0eea1ec00000000, 0xa188437500000000, 0x6157cdb400000000,
+    0x6c67c38900000000, 0xacb84d4800000000, 0xaddeafd100000000,
+    0x6d01211000000000, 0xee141a3900000000, 0x2ecb94f800000000,
+    0x2fad766100000000, 0xef72f8a000000000, 0x2986003300000000,
+    0xe9598ef200000000, 0xe83f6c6b00000000, 0x28e0e2aa00000000,
+    0xabf5d98300000000, 0x6b2a574200000000, 0x6a4cb5db00000000,
+    0xaa933b1a00000000},
+   {0x0000000000000000, 0x6f4ca59b00000000, 0x9f9e3bec00000000,
+    0xf0d29e7700000000, 0x7f3b060300000000, 0x1077a39800000000,
+    0xe0a53def00000000, 0x8fe9987400000000, 0xfe760c0600000000,
+    0x913aa99d00000000, 0x61e837ea00000000, 0x0ea4927100000000,
+    0x814d0a0500000000, 0xee01af9e00000000, 0x1ed331e900000000,
+    0x719f947200000000, 0xfced180c00000000, 0x93a1bd9700000000,
+    0x637323e000000000, 0x0c3f867b00000000, 0x83d61e0f00000000,
+    0xec9abb9400000000, 0x1c4825e300000000, 0x7304807800000000,
+    0x029b140a00000000, 0x6dd7b19100000000, 0x9d052fe600000000,
+    0xf2498a7d00000000, 0x7da0120900000000, 0x12ecb79200000000,
+    0xe23e29e500000000, 0x8d728c7e00000000, 0xf8db311800000000,
+    0x9797948300000000, 0x67450af400000000, 0x0809af6f00000000,
+    0x87e0371b00000000, 0xe8ac928000000000, 0x187e0cf700000000,
+    0x7732a96c00000000, 0x06ad3d1e00000000, 0x69e1988500000000,
+    0x993306f200000000, 0xf67fa36900000000, 0x79963b1d00000000,
+    0x16da9e8600000000, 0xe60800f100000000, 0x8944a56a00000000,
+    0x0436291400000000, 0x6b7a8c8f00000000, 0x9ba812f800000000,
+    0xf4e4b76300000000, 0x7b0d2f1700000000, 0x14418a8c00000000,
+    0xe49314fb00000000, 0x8bdfb16000000000, 0xfa40251200000000,
+    0x950c808900000000, 0x65de1efe00000000, 0x0a92bb6500000000,
+    0x857b231100000000, 0xea37868a00000000, 0x1ae518fd00000000,
+    0x75a9bd6600000000, 0xf0b7633000000000, 0x9ffbc6ab00000000,
+    0x6f2958dc00000000, 0x0065fd4700000000, 0x8f8c653300000000,
+    0xe0c0c0a800000000, 0x10125edf00000000, 0x7f5efb4400000000,
+    0x0ec16f3600000000, 0x618dcaad00000000, 0x915f54da00000000,
+    0xfe13f14100000000, 0x71fa693500000000, 0x1eb6ccae00000000,
+    0xee6452d900000000, 0x8128f74200000000, 0x0c5a7b3c00000000,
+    0x6316dea700000000, 0x93c440d000000000, 0xfc88e54b00000000,
+    0x73617d3f00000000, 0x1c2dd8a400000000, 0xecff46d300000000,
+    0x83b3e34800000000, 0xf22c773a00000000, 0x9d60d2a100000000,
+    0x6db24cd600000000, 0x02fee94d00000000, 0x8d17713900000000,
+    0xe25bd4a200000000, 0x12894ad500000000, 0x7dc5ef4e00000000,
+    0x086c522800000000, 0x6720f7b300000000, 0x97f269c400000000,
+    0xf8becc5f00000000, 0x7757542b00000000, 0x181bf1b000000000,
+    0xe8c96fc700000000, 0x8785ca5c00000000, 0xf61a5e2e00000000,
+    0x9956fbb500000000, 0x698465c200000000, 0x06c8c05900000000,
+    0x8921582d00000000, 0xe66dfdb600000000, 0x16bf63c100000000,
+    0x79f3c65a00000000, 0xf4814a2400000000, 0x9bcdefbf00000000,
+    0x6b1f71c800000000, 0x0453d45300000000, 0x8bba4c2700000000,
+    0xe4f6e9bc00000000, 0x142477cb00000000, 0x7b68d25000000000,
+    0x0af7462200000000, 0x65bbe3b900000000, 0x95697dce00000000,
+    0xfa25d85500000000, 0x75cc402100000000, 0x1a80e5ba00000000,
+    0xea527bcd00000000, 0x851ede5600000000, 0xe06fc76000000000,
+    0x8f2362fb00000000, 0x7ff1fc8c00000000, 0x10bd591700000000,
+    0x9f54c16300000000, 0xf01864f800000000, 0x00cafa8f00000000,
+    0x6f865f1400000000, 0x1e19cb6600000000, 0x71556efd00000000,
+    0x8187f08a00000000, 0xeecb551100000000, 0x6122cd6500000000,
+    0x0e6e68fe00000000, 0xfebcf68900000000, 0x91f0531200000000,
+    0x1c82df6c00000000, 0x73ce7af700000000, 0x831ce48000000000,
+    0xec50411b00000000, 0x63b9d96f00000000, 0x0cf57cf400000000,
+    0xfc27e28300000000, 0x936b471800000000, 0xe2f4d36a00000000,
+    0x8db876f100000000, 0x7d6ae88600000000, 0x12264d1d00000000,
+    0x9dcfd56900000000, 0xf28370f200000000, 0x0251ee8500000000,
+    0x6d1d4b1e00000000, 0x18b4f67800000000, 0x77f853e300000000,
+    0x872acd9400000000, 0xe866680f00000000, 0x678ff07b00000000,
+    0x08c355e000000000, 0xf811cb9700000000, 0x975d6e0c00000000,
+    0xe6c2fa7e00000000, 0x898e5fe500000000, 0x795cc19200000000,
+    0x1610640900000000, 0x99f9fc7d00000000, 0xf6b559e600000000,
+    0x0667c79100000000, 0x692b620a00000000, 0xe459ee7400000000,
+    0x8b154bef00000000, 0x7bc7d59800000000, 0x148b700300000000,
+    0x9b62e87700000000, 0xf42e4dec00000000, 0x04fcd39b00000000,
+    0x6bb0760000000000, 0x1a2fe27200000000, 0x756347e900000000,
+    0x85b1d99e00000000, 0xeafd7c0500000000, 0x6514e47100000000,
+    0x0a5841ea00000000, 0xfa8adf9d00000000, 0x95c67a0600000000,
+    0x10d8a45000000000, 0x7f9401cb00000000, 0x8f469fbc00000000,
+    0xe00a3a2700000000, 0x6fe3a25300000000, 0x00af07c800000000,
+    0xf07d99bf00000000, 0x9f313c2400000000, 0xeeaea85600000000,
+    0x81e20dcd00000000, 0x713093ba00000000, 0x1e7c362100000000,
+    0x9195ae5500000000, 0xfed90bce00000000, 0x0e0b95b900000000,
+    0x6147302200000000, 0xec35bc5c00000000, 0x837919c700000000,
+    0x73ab87b000000000, 0x1ce7222b00000000, 0x930eba5f00000000,
+    0xfc421fc400000000, 0x0c9081b300000000, 0x63dc242800000000,
+    0x1243b05a00000000, 0x7d0f15c100000000, 0x8ddd8bb600000000,
+    0xe2912e2d00000000, 0x6d78b65900000000, 0x023413c200000000,
+    0xf2e68db500000000, 0x9daa282e00000000, 0xe803954800000000,
+    0x874f30d300000000, 0x779daea400000000, 0x18d10b3f00000000,
+    0x9738934b00000000, 0xf87436d000000000, 0x08a6a8a700000000,
+    0x67ea0d3c00000000, 0x1675994e00000000, 0x79393cd500000000,
+    0x89eba2a200000000, 0xe6a7073900000000, 0x694e9f4d00000000,
+    0x06023ad600000000, 0xf6d0a4a100000000, 0x999c013a00000000,
+    0x14ee8d4400000000, 0x7ba228df00000000, 0x8b70b6a800000000,
+    0xe43c133300000000, 0x6bd58b4700000000, 0x04992edc00000000,
+    0xf44bb0ab00000000, 0x9b07153000000000, 0xea98814200000000,
+    0x85d424d900000000, 0x7506baae00000000, 0x1a4a1f3500000000,
+    0x95a3874100000000, 0xfaef22da00000000, 0x0a3dbcad00000000,
+    0x6571193600000000},
+   {0x0000000000000000, 0x85d996dd00000000, 0x4bb55c6000000000,
+    0xce6ccabd00000000, 0x966ab9c000000000, 0x13b32f1d00000000,
+    0xdddfe5a000000000, 0x5806737d00000000, 0x6dd3035a00000000,
+    0xe80a958700000000, 0x26665f3a00000000, 0xa3bfc9e700000000,
+    0xfbb9ba9a00000000, 0x7e602c4700000000, 0xb00ce6fa00000000,
+    0x35d5702700000000, 0xdaa607b400000000, 0x5f7f916900000000,
+    0x91135bd400000000, 0x14cacd0900000000, 0x4cccbe7400000000,
+    0xc91528a900000000, 0x0779e21400000000, 0x82a074c900000000,
+    0xb77504ee00000000, 0x32ac923300000000, 0xfcc0588e00000000,
+    0x7919ce5300000000, 0x211fbd2e00000000, 0xa4c62bf300000000,
+    0x6aaae14e00000000, 0xef73779300000000, 0xf54b7eb300000000,
+    0x7092e86e00000000, 0xbefe22d300000000, 0x3b27b40e00000000,
+    0x6321c77300000000, 0xe6f851ae00000000, 0x28949b1300000000,
+    0xad4d0dce00000000, 0x98987de900000000, 0x1d41eb3400000000,
+    0xd32d218900000000, 0x56f4b75400000000, 0x0ef2c42900000000,
+    0x8b2b52f400000000, 0x4547984900000000, 0xc09e0e9400000000,
+    0x2fed790700000000, 0xaa34efda00000000, 0x6458256700000000,
+    0xe181b3ba00000000, 0xb987c0c700000000, 0x3c5e561a00000000,
+    0xf2329ca700000000, 0x77eb0a7a00000000, 0x423e7a5d00000000,
+    0xc7e7ec8000000000, 0x098b263d00000000, 0x8c52b0e000000000,
+    0xd454c39d00000000, 0x518d554000000000, 0x9fe19ffd00000000,
+    0x1a38092000000000, 0xab918dbd00000000, 0x2e481b6000000000,
+    0xe024d1dd00000000, 0x65fd470000000000, 0x3dfb347d00000000,
+    0xb822a2a000000000, 0x764e681d00000000, 0xf397fec000000000,
+    0xc6428ee700000000, 0x439b183a00000000, 0x8df7d28700000000,
+    0x082e445a00000000, 0x5028372700000000, 0xd5f1a1fa00000000,
+    0x1b9d6b4700000000, 0x9e44fd9a00000000, 0x71378a0900000000,
+    0xf4ee1cd400000000, 0x3a82d66900000000, 0xbf5b40b400000000,
+    0xe75d33c900000000, 0x6284a51400000000, 0xace86fa900000000,
+    0x2931f97400000000, 0x1ce4895300000000, 0x993d1f8e00000000,
+    0x5751d53300000000, 0xd28843ee00000000, 0x8a8e309300000000,
+    0x0f57a64e00000000, 0xc13b6cf300000000, 0x44e2fa2e00000000,
+    0x5edaf30e00000000, 0xdb0365d300000000, 0x156faf6e00000000,
+    0x90b639b300000000, 0xc8b04ace00000000, 0x4d69dc1300000000,
+    0x830516ae00000000, 0x06dc807300000000, 0x3309f05400000000,
+    0xb6d0668900000000, 0x78bcac3400000000, 0xfd653ae900000000,
+    0xa563499400000000, 0x20badf4900000000, 0xeed615f400000000,
+    0x6b0f832900000000, 0x847cf4ba00000000, 0x01a5626700000000,
+    0xcfc9a8da00000000, 0x4a103e0700000000, 0x12164d7a00000000,
+    0x97cfdba700000000, 0x59a3111a00000000, 0xdc7a87c700000000,
+    0xe9aff7e000000000, 0x6c76613d00000000, 0xa21aab8000000000,
+    0x27c33d5d00000000, 0x7fc54e2000000000, 0xfa1cd8fd00000000,
+    0x3470124000000000, 0xb1a9849d00000000, 0x17256aa000000000,
+    0x92fcfc7d00000000, 0x5c9036c000000000, 0xd949a01d00000000,
+    0x814fd36000000000, 0x049645bd00000000, 0xcafa8f0000000000,
+    0x4f2319dd00000000, 0x7af669fa00000000, 0xff2fff2700000000,
+    0x3143359a00000000, 0xb49aa34700000000, 0xec9cd03a00000000,
+    0x694546e700000000, 0xa7298c5a00000000, 0x22f01a8700000000,
+    0xcd836d1400000000, 0x485afbc900000000, 0x8636317400000000,
+    0x03efa7a900000000, 0x5be9d4d400000000, 0xde30420900000000,
+    0x105c88b400000000, 0x95851e6900000000, 0xa0506e4e00000000,
+    0x2589f89300000000, 0xebe5322e00000000, 0x6e3ca4f300000000,
+    0x363ad78e00000000, 0xb3e3415300000000, 0x7d8f8bee00000000,
+    0xf8561d3300000000, 0xe26e141300000000, 0x67b782ce00000000,
+    0xa9db487300000000, 0x2c02deae00000000, 0x7404add300000000,
+    0xf1dd3b0e00000000, 0x3fb1f1b300000000, 0xba68676e00000000,
+    0x8fbd174900000000, 0x0a64819400000000, 0xc4084b2900000000,
+    0x41d1ddf400000000, 0x19d7ae8900000000, 0x9c0e385400000000,
+    0x5262f2e900000000, 0xd7bb643400000000, 0x38c813a700000000,
+    0xbd11857a00000000, 0x737d4fc700000000, 0xf6a4d91a00000000,
+    0xaea2aa6700000000, 0x2b7b3cba00000000, 0xe517f60700000000,
+    0x60ce60da00000000, 0x551b10fd00000000, 0xd0c2862000000000,
+    0x1eae4c9d00000000, 0x9b77da4000000000, 0xc371a93d00000000,
+    0x46a83fe000000000, 0x88c4f55d00000000, 0x0d1d638000000000,
+    0xbcb4e71d00000000, 0x396d71c000000000, 0xf701bb7d00000000,
+    0x72d82da000000000, 0x2ade5edd00000000, 0xaf07c80000000000,
+    0x616b02bd00000000, 0xe4b2946000000000, 0xd167e44700000000,
+    0x54be729a00000000, 0x9ad2b82700000000, 0x1f0b2efa00000000,
+    0x470d5d8700000000, 0xc2d4cb5a00000000, 0x0cb801e700000000,
+    0x8961973a00000000, 0x6612e0a900000000, 0xe3cb767400000000,
+    0x2da7bcc900000000, 0xa87e2a1400000000, 0xf078596900000000,
+    0x75a1cfb400000000, 0xbbcd050900000000, 0x3e1493d400000000,
+    0x0bc1e3f300000000, 0x8e18752e00000000, 0x4074bf9300000000,
+    0xc5ad294e00000000, 0x9dab5a3300000000, 0x1872ccee00000000,
+    0xd61e065300000000, 0x53c7908e00000000, 0x49ff99ae00000000,
+    0xcc260f7300000000, 0x024ac5ce00000000, 0x8793531300000000,
+    0xdf95206e00000000, 0x5a4cb6b300000000, 0x94207c0e00000000,
+    0x11f9ead300000000, 0x242c9af400000000, 0xa1f50c2900000000,
+    0x6f99c69400000000, 0xea40504900000000, 0xb246233400000000,
+    0x379fb5e900000000, 0xf9f37f5400000000, 0x7c2ae98900000000,
+    0x93599e1a00000000, 0x168008c700000000, 0xd8ecc27a00000000,
+    0x5d3554a700000000, 0x053327da00000000, 0x80eab10700000000,
+    0x4e867bba00000000, 0xcb5fed6700000000, 0xfe8a9d4000000000,
+    0x7b530b9d00000000, 0xb53fc12000000000, 0x30e657fd00000000,
+    0x68e0248000000000, 0xed39b25d00000000, 0x235578e000000000,
+    0xa68cee3d00000000},
+   {0x0000000000000000, 0x76e10f9d00000000, 0xadc46ee100000000,
+    0xdb25617c00000000, 0x1b8fac1900000000, 0x6d6ea38400000000,
+    0xb64bc2f800000000, 0xc0aacd6500000000, 0x361e593300000000,
+    0x40ff56ae00000000, 0x9bda37d200000000, 0xed3b384f00000000,
+    0x2d91f52a00000000, 0x5b70fab700000000, 0x80559bcb00000000,
+    0xf6b4945600000000, 0x6c3cb26600000000, 0x1addbdfb00000000,
+    0xc1f8dc8700000000, 0xb719d31a00000000, 0x77b31e7f00000000,
+    0x015211e200000000, 0xda77709e00000000, 0xac967f0300000000,
+    0x5a22eb5500000000, 0x2cc3e4c800000000, 0xf7e685b400000000,
+    0x81078a2900000000, 0x41ad474c00000000, 0x374c48d100000000,
+    0xec6929ad00000000, 0x9a88263000000000, 0xd87864cd00000000,
+    0xae996b5000000000, 0x75bc0a2c00000000, 0x035d05b100000000,
+    0xc3f7c8d400000000, 0xb516c74900000000, 0x6e33a63500000000,
+    0x18d2a9a800000000, 0xee663dfe00000000, 0x9887326300000000,
+    0x43a2531f00000000, 0x35435c8200000000, 0xf5e991e700000000,
+    0x83089e7a00000000, 0x582dff0600000000, 0x2eccf09b00000000,
+    0xb444d6ab00000000, 0xc2a5d93600000000, 0x1980b84a00000000,
+    0x6f61b7d700000000, 0xafcb7ab200000000, 0xd92a752f00000000,
+    0x020f145300000000, 0x74ee1bce00000000, 0x825a8f9800000000,
+    0xf4bb800500000000, 0x2f9ee17900000000, 0x597feee400000000,
+    0x99d5238100000000, 0xef342c1c00000000, 0x34114d6000000000,
+    0x42f042fd00000000, 0xf1f7b94100000000, 0x8716b6dc00000000,
+    0x5c33d7a000000000, 0x2ad2d83d00000000, 0xea78155800000000,
+    0x9c991ac500000000, 0x47bc7bb900000000, 0x315d742400000000,
+    0xc7e9e07200000000, 0xb108efef00000000, 0x6a2d8e9300000000,
+    0x1ccc810e00000000, 0xdc664c6b00000000, 0xaa8743f600000000,
+    0x71a2228a00000000, 0x07432d1700000000, 0x9dcb0b2700000000,
+    0xeb2a04ba00000000, 0x300f65c600000000, 0x46ee6a5b00000000,
+    0x8644a73e00000000, 0xf0a5a8a300000000, 0x2b80c9df00000000,
+    0x5d61c64200000000, 0xabd5521400000000, 0xdd345d8900000000,
+    0x06113cf500000000, 0x70f0336800000000, 0xb05afe0d00000000,
+    0xc6bbf19000000000, 0x1d9e90ec00000000, 0x6b7f9f7100000000,
+    0x298fdd8c00000000, 0x5f6ed21100000000, 0x844bb36d00000000,
+    0xf2aabcf000000000, 0x3200719500000000, 0x44e17e0800000000,
+    0x9fc41f7400000000, 0xe92510e900000000, 0x1f9184bf00000000,
+    0x69708b2200000000, 0xb255ea5e00000000, 0xc4b4e5c300000000,
+    0x041e28a600000000, 0x72ff273b00000000, 0xa9da464700000000,
+    0xdf3b49da00000000, 0x45b36fea00000000, 0x3352607700000000,
+    0xe877010b00000000, 0x9e960e9600000000, 0x5e3cc3f300000000,
+    0x28ddcc6e00000000, 0xf3f8ad1200000000, 0x8519a28f00000000,
+    0x73ad36d900000000, 0x054c394400000000, 0xde69583800000000,
+    0xa88857a500000000, 0x68229ac000000000, 0x1ec3955d00000000,
+    0xc5e6f42100000000, 0xb307fbbc00000000, 0xe2ef738300000000,
+    0x940e7c1e00000000, 0x4f2b1d6200000000, 0x39ca12ff00000000,
+    0xf960df9a00000000, 0x8f81d00700000000, 0x54a4b17b00000000,
+    0x2245bee600000000, 0xd4f12ab000000000, 0xa210252d00000000,
+    0x7935445100000000, 0x0fd44bcc00000000, 0xcf7e86a900000000,
+    0xb99f893400000000, 0x62bae84800000000, 0x145be7d500000000,
+    0x8ed3c1e500000000, 0xf832ce7800000000, 0x2317af0400000000,
+    0x55f6a09900000000, 0x955c6dfc00000000, 0xe3bd626100000000,
+    0x3898031d00000000, 0x4e790c8000000000, 0xb8cd98d600000000,
+    0xce2c974b00000000, 0x1509f63700000000, 0x63e8f9aa00000000,
+    0xa34234cf00000000, 0xd5a33b5200000000, 0x0e865a2e00000000,
+    0x786755b300000000, 0x3a97174e00000000, 0x4c7618d300000000,
+    0x975379af00000000, 0xe1b2763200000000, 0x2118bb5700000000,
+    0x57f9b4ca00000000, 0x8cdcd5b600000000, 0xfa3dda2b00000000,
+    0x0c894e7d00000000, 0x7a6841e000000000, 0xa14d209c00000000,
+    0xd7ac2f0100000000, 0x1706e26400000000, 0x61e7edf900000000,
+    0xbac28c8500000000, 0xcc23831800000000, 0x56aba52800000000,
+    0x204aaab500000000, 0xfb6fcbc900000000, 0x8d8ec45400000000,
+    0x4d24093100000000, 0x3bc506ac00000000, 0xe0e067d000000000,
+    0x9601684d00000000, 0x60b5fc1b00000000, 0x1654f38600000000,
+    0xcd7192fa00000000, 0xbb909d6700000000, 0x7b3a500200000000,
+    0x0ddb5f9f00000000, 0xd6fe3ee300000000, 0xa01f317e00000000,
+    0x1318cac200000000, 0x65f9c55f00000000, 0xbedca42300000000,
+    0xc83dabbe00000000, 0x089766db00000000, 0x7e76694600000000,
+    0xa553083a00000000, 0xd3b207a700000000, 0x250693f100000000,
+    0x53e79c6c00000000, 0x88c2fd1000000000, 0xfe23f28d00000000,
+    0x3e893fe800000000, 0x4868307500000000, 0x934d510900000000,
+    0xe5ac5e9400000000, 0x7f2478a400000000, 0x09c5773900000000,
+    0xd2e0164500000000, 0xa40119d800000000, 0x64abd4bd00000000,
+    0x124adb2000000000, 0xc96fba5c00000000, 0xbf8eb5c100000000,
+    0x493a219700000000, 0x3fdb2e0a00000000, 0xe4fe4f7600000000,
+    0x921f40eb00000000, 0x52b58d8e00000000, 0x2454821300000000,
+    0xff71e36f00000000, 0x8990ecf200000000, 0xcb60ae0f00000000,
+    0xbd81a19200000000, 0x66a4c0ee00000000, 0x1045cf7300000000,
+    0xd0ef021600000000, 0xa60e0d8b00000000, 0x7d2b6cf700000000,
+    0x0bca636a00000000, 0xfd7ef73c00000000, 0x8b9ff8a100000000,
+    0x50ba99dd00000000, 0x265b964000000000, 0xe6f15b2500000000,
+    0x901054b800000000, 0x4b3535c400000000, 0x3dd43a5900000000,
+    0xa75c1c6900000000, 0xd1bd13f400000000, 0x0a98728800000000,
+    0x7c797d1500000000, 0xbcd3b07000000000, 0xca32bfed00000000,
+    0x1117de9100000000, 0x67f6d10c00000000, 0x9142455a00000000,
+    0xe7a34ac700000000, 0x3c862bbb00000000, 0x4a67242600000000,
+    0x8acde94300000000, 0xfc2ce6de00000000, 0x270987a200000000,
+    0x51e8883f00000000},
+   {0x0000000000000000, 0xe8dbfbb900000000, 0x91b186a800000000,
+    0x796a7d1100000000, 0x63657c8a00000000, 0x8bbe873300000000,
+    0xf2d4fa2200000000, 0x1a0f019b00000000, 0x87cc89cf00000000,
+    0x6f17727600000000, 0x167d0f6700000000, 0xfea6f4de00000000,
+    0xe4a9f54500000000, 0x0c720efc00000000, 0x751873ed00000000,
+    0x9dc3885400000000, 0x4f9f624400000000, 0xa74499fd00000000,
+    0xde2ee4ec00000000, 0x36f51f5500000000, 0x2cfa1ece00000000,
+    0xc421e57700000000, 0xbd4b986600000000, 0x559063df00000000,
+    0xc853eb8b00000000, 0x2088103200000000, 0x59e26d2300000000,
+    0xb139969a00000000, 0xab36970100000000, 0x43ed6cb800000000,
+    0x3a8711a900000000, 0xd25cea1000000000, 0x9e3ec58800000000,
+    0x76e53e3100000000, 0x0f8f432000000000, 0xe754b89900000000,
+    0xfd5bb90200000000, 0x158042bb00000000, 0x6cea3faa00000000,
+    0x8431c41300000000, 0x19f24c4700000000, 0xf129b7fe00000000,
+    0x8843caef00000000, 0x6098315600000000, 0x7a9730cd00000000,
+    0x924ccb7400000000, 0xeb26b66500000000, 0x03fd4ddc00000000,
+    0xd1a1a7cc00000000, 0x397a5c7500000000, 0x4010216400000000,
+    0xa8cbdadd00000000, 0xb2c4db4600000000, 0x5a1f20ff00000000,
+    0x23755dee00000000, 0xcbaea65700000000, 0x566d2e0300000000,
+    0xbeb6d5ba00000000, 0xc7dca8ab00000000, 0x2f07531200000000,
+    0x3508528900000000, 0xddd3a93000000000, 0xa4b9d42100000000,
+    0x4c622f9800000000, 0x7d7bfbca00000000, 0x95a0007300000000,
+    0xecca7d6200000000, 0x041186db00000000, 0x1e1e874000000000,
+    0xf6c57cf900000000, 0x8faf01e800000000, 0x6774fa5100000000,
+    0xfab7720500000000, 0x126c89bc00000000, 0x6b06f4ad00000000,
+    0x83dd0f1400000000, 0x99d20e8f00000000, 0x7109f53600000000,
+    0x0863882700000000, 0xe0b8739e00000000, 0x32e4998e00000000,
+    0xda3f623700000000, 0xa3551f2600000000, 0x4b8ee49f00000000,
+    0x5181e50400000000, 0xb95a1ebd00000000, 0xc03063ac00000000,
+    0x28eb981500000000, 0xb528104100000000, 0x5df3ebf800000000,
+    0x249996e900000000, 0xcc426d5000000000, 0xd64d6ccb00000000,
+    0x3e96977200000000, 0x47fcea6300000000, 0xaf2711da00000000,
+    0xe3453e4200000000, 0x0b9ec5fb00000000, 0x72f4b8ea00000000,
+    0x9a2f435300000000, 0x802042c800000000, 0x68fbb97100000000,
+    0x1191c46000000000, 0xf94a3fd900000000, 0x6489b78d00000000,
+    0x8c524c3400000000, 0xf538312500000000, 0x1de3ca9c00000000,
+    0x07eccb0700000000, 0xef3730be00000000, 0x965d4daf00000000,
+    0x7e86b61600000000, 0xacda5c0600000000, 0x4401a7bf00000000,
+    0x3d6bdaae00000000, 0xd5b0211700000000, 0xcfbf208c00000000,
+    0x2764db3500000000, 0x5e0ea62400000000, 0xb6d55d9d00000000,
+    0x2b16d5c900000000, 0xc3cd2e7000000000, 0xbaa7536100000000,
+    0x527ca8d800000000, 0x4873a94300000000, 0xa0a852fa00000000,
+    0xd9c22feb00000000, 0x3119d45200000000, 0xbbf0874e00000000,
+    0x532b7cf700000000, 0x2a4101e600000000, 0xc29afa5f00000000,
+    0xd895fbc400000000, 0x304e007d00000000, 0x49247d6c00000000,
+    0xa1ff86d500000000, 0x3c3c0e8100000000, 0xd4e7f53800000000,
+    0xad8d882900000000, 0x4556739000000000, 0x5f59720b00000000,
+    0xb78289b200000000, 0xcee8f4a300000000, 0x26330f1a00000000,
+    0xf46fe50a00000000, 0x1cb41eb300000000, 0x65de63a200000000,
+    0x8d05981b00000000, 0x970a998000000000, 0x7fd1623900000000,
+    0x06bb1f2800000000, 0xee60e49100000000, 0x73a36cc500000000,
+    0x9b78977c00000000, 0xe212ea6d00000000, 0x0ac911d400000000,
+    0x10c6104f00000000, 0xf81debf600000000, 0x817796e700000000,
+    0x69ac6d5e00000000, 0x25ce42c600000000, 0xcd15b97f00000000,
+    0xb47fc46e00000000, 0x5ca43fd700000000, 0x46ab3e4c00000000,
+    0xae70c5f500000000, 0xd71ab8e400000000, 0x3fc1435d00000000,
+    0xa202cb0900000000, 0x4ad930b000000000, 0x33b34da100000000,
+    0xdb68b61800000000, 0xc167b78300000000, 0x29bc4c3a00000000,
+    0x50d6312b00000000, 0xb80dca9200000000, 0x6a51208200000000,
+    0x828adb3b00000000, 0xfbe0a62a00000000, 0x133b5d9300000000,
+    0x09345c0800000000, 0xe1efa7b100000000, 0x9885daa000000000,
+    0x705e211900000000, 0xed9da94d00000000, 0x054652f400000000,
+    0x7c2c2fe500000000, 0x94f7d45c00000000, 0x8ef8d5c700000000,
+    0x66232e7e00000000, 0x1f49536f00000000, 0xf792a8d600000000,
+    0xc68b7c8400000000, 0x2e50873d00000000, 0x573afa2c00000000,
+    0xbfe1019500000000, 0xa5ee000e00000000, 0x4d35fbb700000000,
+    0x345f86a600000000, 0xdc847d1f00000000, 0x4147f54b00000000,
+    0xa99c0ef200000000, 0xd0f673e300000000, 0x382d885a00000000,
+    0x222289c100000000, 0xcaf9727800000000, 0xb3930f6900000000,
+    0x5b48f4d000000000, 0x89141ec000000000, 0x61cfe57900000000,
+    0x18a5986800000000, 0xf07e63d100000000, 0xea71624a00000000,
+    0x02aa99f300000000, 0x7bc0e4e200000000, 0x931b1f5b00000000,
+    0x0ed8970f00000000, 0xe6036cb600000000, 0x9f6911a700000000,
+    0x77b2ea1e00000000, 0x6dbdeb8500000000, 0x8566103c00000000,
+    0xfc0c6d2d00000000, 0x14d7969400000000, 0x58b5b90c00000000,
+    0xb06e42b500000000, 0xc9043fa400000000, 0x21dfc41d00000000,
+    0x3bd0c58600000000, 0xd30b3e3f00000000, 0xaa61432e00000000,
+    0x42bab89700000000, 0xdf7930c300000000, 0x37a2cb7a00000000,
+    0x4ec8b66b00000000, 0xa6134dd200000000, 0xbc1c4c4900000000,
+    0x54c7b7f000000000, 0x2dadcae100000000, 0xc576315800000000,
+    0x172adb4800000000, 0xfff120f100000000, 0x869b5de000000000,
+    0x6e40a65900000000, 0x744fa7c200000000, 0x9c945c7b00000000,
+    0xe5fe216a00000000, 0x0d25dad300000000, 0x90e6528700000000,
+    0x783da93e00000000, 0x0157d42f00000000, 0xe98c2f9600000000,
+    0xf3832e0d00000000, 0x1b58d5b400000000, 0x6232a8a500000000,
+    0x8ae9531c00000000},
+   {0x0000000000000000, 0x919168ae00000000, 0x6325a08700000000,
+    0xf2b4c82900000000, 0x874c31d400000000, 0x16dd597a00000000,
+    0xe469915300000000, 0x75f8f9fd00000000, 0x4f9f137300000000,
+    0xde0e7bdd00000000, 0x2cbab3f400000000, 0xbd2bdb5a00000000,
+    0xc8d322a700000000, 0x59424a0900000000, 0xabf6822000000000,
+    0x3a67ea8e00000000, 0x9e3e27e600000000, 0x0faf4f4800000000,
+    0xfd1b876100000000, 0x6c8aefcf00000000, 0x1972163200000000,
+    0x88e37e9c00000000, 0x7a57b6b500000000, 0xebc6de1b00000000,
+    0xd1a1349500000000, 0x40305c3b00000000, 0xb284941200000000,
+    0x2315fcbc00000000, 0x56ed054100000000, 0xc77c6def00000000,
+    0x35c8a5c600000000, 0xa459cd6800000000, 0x7d7b3f1700000000,
+    0xecea57b900000000, 0x1e5e9f9000000000, 0x8fcff73e00000000,
+    0xfa370ec300000000, 0x6ba6666d00000000, 0x9912ae4400000000,
+    0x0883c6ea00000000, 0x32e42c6400000000, 0xa37544ca00000000,
+    0x51c18ce300000000, 0xc050e44d00000000, 0xb5a81db000000000,
+    0x2439751e00000000, 0xd68dbd3700000000, 0x471cd59900000000,
+    0xe34518f100000000, 0x72d4705f00000000, 0x8060b87600000000,
+    0x11f1d0d800000000, 0x6409292500000000, 0xf598418b00000000,
+    0x072c89a200000000, 0x96bde10c00000000, 0xacda0b8200000000,
+    0x3d4b632c00000000, 0xcfffab0500000000, 0x5e6ec3ab00000000,
+    0x2b963a5600000000, 0xba0752f800000000, 0x48b39ad100000000,
+    0xd922f27f00000000, 0xfaf67e2e00000000, 0x6b67168000000000,
+    0x99d3dea900000000, 0x0842b60700000000, 0x7dba4ffa00000000,
+    0xec2b275400000000, 0x1e9fef7d00000000, 0x8f0e87d300000000,
+    0xb5696d5d00000000, 0x24f805f300000000, 0xd64ccdda00000000,
+    0x47dda57400000000, 0x32255c8900000000, 0xa3b4342700000000,
+    0x5100fc0e00000000, 0xc09194a000000000, 0x64c859c800000000,
+    0xf559316600000000, 0x07edf94f00000000, 0x967c91e100000000,
+    0xe384681c00000000, 0x721500b200000000, 0x80a1c89b00000000,
+    0x1130a03500000000, 0x2b574abb00000000, 0xbac6221500000000,
+    0x4872ea3c00000000, 0xd9e3829200000000, 0xac1b7b6f00000000,
+    0x3d8a13c100000000, 0xcf3edbe800000000, 0x5eafb34600000000,
+    0x878d413900000000, 0x161c299700000000, 0xe4a8e1be00000000,
+    0x7539891000000000, 0x00c170ed00000000, 0x9150184300000000,
+    0x63e4d06a00000000, 0xf275b8c400000000, 0xc812524a00000000,
+    0x59833ae400000000, 0xab37f2cd00000000, 0x3aa69a6300000000,
+    0x4f5e639e00000000, 0xdecf0b3000000000, 0x2c7bc31900000000,
+    0xbdeaabb700000000, 0x19b366df00000000, 0x88220e7100000000,
+    0x7a96c65800000000, 0xeb07aef600000000, 0x9eff570b00000000,
+    0x0f6e3fa500000000, 0xfddaf78c00000000, 0x6c4b9f2200000000,
+    0x562c75ac00000000, 0xc7bd1d0200000000, 0x3509d52b00000000,
+    0xa498bd8500000000, 0xd160447800000000, 0x40f12cd600000000,
+    0xb245e4ff00000000, 0x23d48c5100000000, 0xf4edfd5c00000000,
+    0x657c95f200000000, 0x97c85ddb00000000, 0x0659357500000000,
+    0x73a1cc8800000000, 0xe230a42600000000, 0x10846c0f00000000,
+    0x811504a100000000, 0xbb72ee2f00000000, 0x2ae3868100000000,
+    0xd8574ea800000000, 0x49c6260600000000, 0x3c3edffb00000000,
+    0xadafb75500000000, 0x5f1b7f7c00000000, 0xce8a17d200000000,
+    0x6ad3daba00000000, 0xfb42b21400000000, 0x09f67a3d00000000,
+    0x9867129300000000, 0xed9feb6e00000000, 0x7c0e83c000000000,
+    0x8eba4be900000000, 0x1f2b234700000000, 0x254cc9c900000000,
+    0xb4dda16700000000, 0x4669694e00000000, 0xd7f801e000000000,
+    0xa200f81d00000000, 0x339190b300000000, 0xc125589a00000000,
+    0x50b4303400000000, 0x8996c24b00000000, 0x1807aae500000000,
+    0xeab362cc00000000, 0x7b220a6200000000, 0x0edaf39f00000000,
+    0x9f4b9b3100000000, 0x6dff531800000000, 0xfc6e3bb600000000,
+    0xc609d13800000000, 0x5798b99600000000, 0xa52c71bf00000000,
+    0x34bd191100000000, 0x4145e0ec00000000, 0xd0d4884200000000,
+    0x2260406b00000000, 0xb3f128c500000000, 0x17a8e5ad00000000,
+    0x86398d0300000000, 0x748d452a00000000, 0xe51c2d8400000000,
+    0x90e4d47900000000, 0x0175bcd700000000, 0xf3c174fe00000000,
+    0x62501c5000000000, 0x5837f6de00000000, 0xc9a69e7000000000,
+    0x3b12565900000000, 0xaa833ef700000000, 0xdf7bc70a00000000,
+    0x4eeaafa400000000, 0xbc5e678d00000000, 0x2dcf0f2300000000,
+    0x0e1b837200000000, 0x9f8aebdc00000000, 0x6d3e23f500000000,
+    0xfcaf4b5b00000000, 0x8957b2a600000000, 0x18c6da0800000000,
+    0xea72122100000000, 0x7be37a8f00000000, 0x4184900100000000,
+    0xd015f8af00000000, 0x22a1308600000000, 0xb330582800000000,
+    0xc6c8a1d500000000, 0x5759c97b00000000, 0xa5ed015200000000,
+    0x347c69fc00000000, 0x9025a49400000000, 0x01b4cc3a00000000,
+    0xf300041300000000, 0x62916cbd00000000, 0x1769954000000000,
+    0x86f8fdee00000000, 0x744c35c700000000, 0xe5dd5d6900000000,
+    0xdfbab7e700000000, 0x4e2bdf4900000000, 0xbc9f176000000000,
+    0x2d0e7fce00000000, 0x58f6863300000000, 0xc967ee9d00000000,
+    0x3bd326b400000000, 0xaa424e1a00000000, 0x7360bc6500000000,
+    0xe2f1d4cb00000000, 0x10451ce200000000, 0x81d4744c00000000,
+    0xf42c8db100000000, 0x65bde51f00000000, 0x97092d3600000000,
+    0x0698459800000000, 0x3cffaf1600000000, 0xad6ec7b800000000,
+    0x5fda0f9100000000, 0xce4b673f00000000, 0xbbb39ec200000000,
+    0x2a22f66c00000000, 0xd8963e4500000000, 0x490756eb00000000,
+    0xed5e9b8300000000, 0x7ccff32d00000000, 0x8e7b3b0400000000,
+    0x1fea53aa00000000, 0x6a12aa5700000000, 0xfb83c2f900000000,
+    0x09370ad000000000, 0x98a6627e00000000, 0xa2c188f000000000,
+    0x3350e05e00000000, 0xc1e4287700000000, 0x507540d900000000,
+    0x258db92400000000, 0xb41cd18a00000000, 0x46a819a300000000,
+    0xd739710d00000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xccaa009e, 0x4225077d, 0x8e8f07e3, 0x844a0efa,
+    0x48e00e64, 0xc66f0987, 0x0ac50919, 0xd3e51bb5, 0x1f4f1b2b,
+    0x91c01cc8, 0x5d6a1c56, 0x57af154f, 0x9b0515d1, 0x158a1232,
+    0xd92012ac, 0x7cbb312b, 0xb01131b5, 0x3e9e3656, 0xf23436c8,
+    0xf8f13fd1, 0x345b3f4f, 0xbad438ac, 0x767e3832, 0xaf5e2a9e,
+    0x63f42a00, 0xed7b2de3, 0x21d12d7d, 0x2b142464, 0xe7be24fa,
+    0x69312319, 0xa59b2387, 0xf9766256, 0x35dc62c8, 0xbb53652b,
+    0x77f965b5, 0x7d3c6cac, 0xb1966c32, 0x3f196bd1, 0xf3b36b4f,
+    0x2a9379e3, 0xe639797d, 0x68b67e9e, 0xa41c7e00, 0xaed97719,
+    0x62737787, 0xecfc7064, 0x205670fa, 0x85cd537d, 0x496753e3,
+    0xc7e85400, 0x0b42549e, 0x01875d87, 0xcd2d5d19, 0x43a25afa,
+    0x8f085a64, 0x562848c8, 0x9a824856, 0x140d4fb5, 0xd8a74f2b,
+    0xd2624632, 0x1ec846ac, 0x9047414f, 0x5ced41d1, 0x299dc2ed,
+    0xe537c273, 0x6bb8c590, 0xa712c50e, 0xadd7cc17, 0x617dcc89,
+    0xeff2cb6a, 0x2358cbf4, 0xfa78d958, 0x36d2d9c6, 0xb85dde25,
+    0x74f7debb, 0x7e32d7a2, 0xb298d73c, 0x3c17d0df, 0xf0bdd041,
+    0x5526f3c6, 0x998cf358, 0x1703f4bb, 0xdba9f425, 0xd16cfd3c,
+    0x1dc6fda2, 0x9349fa41, 0x5fe3fadf, 0x86c3e873, 0x4a69e8ed,
+    0xc4e6ef0e, 0x084cef90, 0x0289e689, 0xce23e617, 0x40ace1f4,
+    0x8c06e16a, 0xd0eba0bb, 0x1c41a025, 0x92cea7c6, 0x5e64a758,
+    0x54a1ae41, 0x980baedf, 0x1684a93c, 0xda2ea9a2, 0x030ebb0e,
+    0xcfa4bb90, 0x412bbc73, 0x8d81bced, 0x8744b5f4, 0x4beeb56a,
+    0xc561b289, 0x09cbb217, 0xac509190, 0x60fa910e, 0xee7596ed,
+    0x22df9673, 0x281a9f6a, 0xe4b09ff4, 0x6a3f9817, 0xa6959889,
+    0x7fb58a25, 0xb31f8abb, 0x3d908d58, 0xf13a8dc6, 0xfbff84df,
+    0x37558441, 0xb9da83a2, 0x7570833c, 0x533b85da, 0x9f918544,
+    0x111e82a7, 0xddb48239, 0xd7718b20, 0x1bdb8bbe, 0x95548c5d,
+    0x59fe8cc3, 0x80de9e6f, 0x4c749ef1, 0xc2fb9912, 0x0e51998c,
+    0x04949095, 0xc83e900b, 0x46b197e8, 0x8a1b9776, 0x2f80b4f1,
+    0xe32ab46f, 0x6da5b38c, 0xa10fb312, 0xabcaba0b, 0x6760ba95,
+    0xe9efbd76, 0x2545bde8, 0xfc65af44, 0x30cfafda, 0xbe40a839,
+    0x72eaa8a7, 0x782fa1be, 0xb485a120, 0x3a0aa6c3, 0xf6a0a65d,
+    0xaa4de78c, 0x66e7e712, 0xe868e0f1, 0x24c2e06f, 0x2e07e976,
+    0xe2ade9e8, 0x6c22ee0b, 0xa088ee95, 0x79a8fc39, 0xb502fca7,
+    0x3b8dfb44, 0xf727fbda, 0xfde2f2c3, 0x3148f25d, 0xbfc7f5be,
+    0x736df520, 0xd6f6d6a7, 0x1a5cd639, 0x94d3d1da, 0x5879d144,
+    0x52bcd85d, 0x9e16d8c3, 0x1099df20, 0xdc33dfbe, 0x0513cd12,
+    0xc9b9cd8c, 0x4736ca6f, 0x8b9ccaf1, 0x8159c3e8, 0x4df3c376,
+    0xc37cc495, 0x0fd6c40b, 0x7aa64737, 0xb60c47a9, 0x3883404a,
+    0xf42940d4, 0xfeec49cd, 0x32464953, 0xbcc94eb0, 0x70634e2e,
+    0xa9435c82, 0x65e95c1c, 0xeb665bff, 0x27cc5b61, 0x2d095278,
+    0xe1a352e6, 0x6f2c5505, 0xa386559b, 0x061d761c, 0xcab77682,
+    0x44387161, 0x889271ff, 0x825778e6, 0x4efd7878, 0xc0727f9b,
+    0x0cd87f05, 0xd5f86da9, 0x19526d37, 0x97dd6ad4, 0x5b776a4a,
+    0x51b26353, 0x9d1863cd, 0x1397642e, 0xdf3d64b0, 0x83d02561,
+    0x4f7a25ff, 0xc1f5221c, 0x0d5f2282, 0x079a2b9b, 0xcb302b05,
+    0x45bf2ce6, 0x89152c78, 0x50353ed4, 0x9c9f3e4a, 0x121039a9,
+    0xdeba3937, 0xd47f302e, 0x18d530b0, 0x965a3753, 0x5af037cd,
+    0xff6b144a, 0x33c114d4, 0xbd4e1337, 0x71e413a9, 0x7b211ab0,
+    0xb78b1a2e, 0x39041dcd, 0xf5ae1d53, 0x2c8e0fff, 0xe0240f61,
+    0x6eab0882, 0xa201081c, 0xa8c40105, 0x646e019b, 0xeae10678,
+    0x264b06e6},
+   {0x00000000, 0xa6770bb4, 0x979f1129, 0x31e81a9d, 0xf44f2413,
+    0x52382fa7, 0x63d0353a, 0xc5a73e8e, 0x33ef4e67, 0x959845d3,
+    0xa4705f4e, 0x020754fa, 0xc7a06a74, 0x61d761c0, 0x503f7b5d,
+    0xf64870e9, 0x67de9cce, 0xc1a9977a, 0xf0418de7, 0x56368653,
+    0x9391b8dd, 0x35e6b369, 0x040ea9f4, 0xa279a240, 0x5431d2a9,
+    0xf246d91d, 0xc3aec380, 0x65d9c834, 0xa07ef6ba, 0x0609fd0e,
+    0x37e1e793, 0x9196ec27, 0xcfbd399c, 0x69ca3228, 0x582228b5,
+    0xfe552301, 0x3bf21d8f, 0x9d85163b, 0xac6d0ca6, 0x0a1a0712,
+    0xfc5277fb, 0x5a257c4f, 0x6bcd66d2, 0xcdba6d66, 0x081d53e8,
+    0xae6a585c, 0x9f8242c1, 0x39f54975, 0xa863a552, 0x0e14aee6,
+    0x3ffcb47b, 0x998bbfcf, 0x5c2c8141, 0xfa5b8af5, 0xcbb39068,
+    0x6dc49bdc, 0x9b8ceb35, 0x3dfbe081, 0x0c13fa1c, 0xaa64f1a8,
+    0x6fc3cf26, 0xc9b4c492, 0xf85cde0f, 0x5e2bd5bb, 0x440b7579,
+    0xe27c7ecd, 0xd3946450, 0x75e36fe4, 0xb044516a, 0x16335ade,
+    0x27db4043, 0x81ac4bf7, 0x77e43b1e, 0xd19330aa, 0xe07b2a37,
+    0x460c2183, 0x83ab1f0d, 0x25dc14b9, 0x14340e24, 0xb2430590,
+    0x23d5e9b7, 0x85a2e203, 0xb44af89e, 0x123df32a, 0xd79acda4,
+    0x71edc610, 0x4005dc8d, 0xe672d739, 0x103aa7d0, 0xb64dac64,
+    0x87a5b6f9, 0x21d2bd4d, 0xe47583c3, 0x42028877, 0x73ea92ea,
+    0xd59d995e, 0x8bb64ce5, 0x2dc14751, 0x1c295dcc, 0xba5e5678,
+    0x7ff968f6, 0xd98e6342, 0xe86679df, 0x4e11726b, 0xb8590282,
+    0x1e2e0936, 0x2fc613ab, 0x89b1181f, 0x4c162691, 0xea612d25,
+    0xdb8937b8, 0x7dfe3c0c, 0xec68d02b, 0x4a1fdb9f, 0x7bf7c102,
+    0xdd80cab6, 0x1827f438, 0xbe50ff8c, 0x8fb8e511, 0x29cfeea5,
+    0xdf879e4c, 0x79f095f8, 0x48188f65, 0xee6f84d1, 0x2bc8ba5f,
+    0x8dbfb1eb, 0xbc57ab76, 0x1a20a0c2, 0x8816eaf2, 0x2e61e146,
+    0x1f89fbdb, 0xb9fef06f, 0x7c59cee1, 0xda2ec555, 0xebc6dfc8,
+    0x4db1d47c, 0xbbf9a495, 0x1d8eaf21, 0x2c66b5bc, 0x8a11be08,
+    0x4fb68086, 0xe9c18b32, 0xd82991af, 0x7e5e9a1b, 0xefc8763c,
+    0x49bf7d88, 0x78576715, 0xde206ca1, 0x1b87522f, 0xbdf0599b,
+    0x8c184306, 0x2a6f48b2, 0xdc27385b, 0x7a5033ef, 0x4bb82972,
+    0xedcf22c6, 0x28681c48, 0x8e1f17fc, 0xbff70d61, 0x198006d5,
+    0x47abd36e, 0xe1dcd8da, 0xd034c247, 0x7643c9f3, 0xb3e4f77d,
+    0x1593fcc9, 0x247be654, 0x820cede0, 0x74449d09, 0xd23396bd,
+    0xe3db8c20, 0x45ac8794, 0x800bb91a, 0x267cb2ae, 0x1794a833,
+    0xb1e3a387, 0x20754fa0, 0x86024414, 0xb7ea5e89, 0x119d553d,
+    0xd43a6bb3, 0x724d6007, 0x43a57a9a, 0xe5d2712e, 0x139a01c7,
+    0xb5ed0a73, 0x840510ee, 0x22721b5a, 0xe7d525d4, 0x41a22e60,
+    0x704a34fd, 0xd63d3f49, 0xcc1d9f8b, 0x6a6a943f, 0x5b828ea2,
+    0xfdf58516, 0x3852bb98, 0x9e25b02c, 0xafcdaab1, 0x09baa105,
+    0xfff2d1ec, 0x5985da58, 0x686dc0c5, 0xce1acb71, 0x0bbdf5ff,
+    0xadcafe4b, 0x9c22e4d6, 0x3a55ef62, 0xabc30345, 0x0db408f1,
+    0x3c5c126c, 0x9a2b19d8, 0x5f8c2756, 0xf9fb2ce2, 0xc813367f,
+    0x6e643dcb, 0x982c4d22, 0x3e5b4696, 0x0fb35c0b, 0xa9c457bf,
+    0x6c636931, 0xca146285, 0xfbfc7818, 0x5d8b73ac, 0x03a0a617,
+    0xa5d7ada3, 0x943fb73e, 0x3248bc8a, 0xf7ef8204, 0x519889b0,
+    0x6070932d, 0xc6079899, 0x304fe870, 0x9638e3c4, 0xa7d0f959,
+    0x01a7f2ed, 0xc400cc63, 0x6277c7d7, 0x539fdd4a, 0xf5e8d6fe,
+    0x647e3ad9, 0xc209316d, 0xf3e12bf0, 0x55962044, 0x90311eca,
+    0x3646157e, 0x07ae0fe3, 0xa1d90457, 0x579174be, 0xf1e67f0a,
+    0xc00e6597, 0x66796e23, 0xa3de50ad, 0x05a95b19, 0x34414184,
+    0x92364a30},
+   {0x00000000, 0xcb5cd3a5, 0x4dc8a10b, 0x869472ae, 0x9b914216,
+    0x50cd91b3, 0xd659e31d, 0x1d0530b8, 0xec53826d, 0x270f51c8,
+    0xa19b2366, 0x6ac7f0c3, 0x77c2c07b, 0xbc9e13de, 0x3a0a6170,
+    0xf156b2d5, 0x03d6029b, 0xc88ad13e, 0x4e1ea390, 0x85427035,
+    0x9847408d, 0x531b9328, 0xd58fe186, 0x1ed33223, 0xef8580f6,
+    0x24d95353, 0xa24d21fd, 0x6911f258, 0x7414c2e0, 0xbf481145,
+    0x39dc63eb, 0xf280b04e, 0x07ac0536, 0xccf0d693, 0x4a64a43d,
+    0x81387798, 0x9c3d4720, 0x57619485, 0xd1f5e62b, 0x1aa9358e,
+    0xebff875b, 0x20a354fe, 0xa6372650, 0x6d6bf5f5, 0x706ec54d,
+    0xbb3216e8, 0x3da66446, 0xf6fab7e3, 0x047a07ad, 0xcf26d408,
+    0x49b2a6a6, 0x82ee7503, 0x9feb45bb, 0x54b7961e, 0xd223e4b0,
+    0x197f3715, 0xe82985c0, 0x23755665, 0xa5e124cb, 0x6ebdf76e,
+    0x73b8c7d6, 0xb8e41473, 0x3e7066dd, 0xf52cb578, 0x0f580a6c,
+    0xc404d9c9, 0x4290ab67, 0x89cc78c2, 0x94c9487a, 0x5f959bdf,
+    0xd901e971, 0x125d3ad4, 0xe30b8801, 0x28575ba4, 0xaec3290a,
+    0x659ffaaf, 0x789aca17, 0xb3c619b2, 0x35526b1c, 0xfe0eb8b9,
+    0x0c8e08f7, 0xc7d2db52, 0x4146a9fc, 0x8a1a7a59, 0x971f4ae1,
+    0x5c439944, 0xdad7ebea, 0x118b384f, 0xe0dd8a9a, 0x2b81593f,
+    0xad152b91, 0x6649f834, 0x7b4cc88c, 0xb0101b29, 0x36846987,
+    0xfdd8ba22, 0x08f40f5a, 0xc3a8dcff, 0x453cae51, 0x8e607df4,
+    0x93654d4c, 0x58399ee9, 0xdeadec47, 0x15f13fe2, 0xe4a78d37,
+    0x2ffb5e92, 0xa96f2c3c, 0x6233ff99, 0x7f36cf21, 0xb46a1c84,
+    0x32fe6e2a, 0xf9a2bd8f, 0x0b220dc1, 0xc07ede64, 0x46eaacca,
+    0x8db67f6f, 0x90b34fd7, 0x5bef9c72, 0xdd7beedc, 0x16273d79,
+    0xe7718fac, 0x2c2d5c09, 0xaab92ea7, 0x61e5fd02, 0x7ce0cdba,
+    0xb7bc1e1f, 0x31286cb1, 0xfa74bf14, 0x1eb014d8, 0xd5ecc77d,
+    0x5378b5d3, 0x98246676, 0x852156ce, 0x4e7d856b, 0xc8e9f7c5,
+    0x03b52460, 0xf2e396b5, 0x39bf4510, 0xbf2b37be, 0x7477e41b,
+    0x6972d4a3, 0xa22e0706, 0x24ba75a8, 0xefe6a60d, 0x1d661643,
+    0xd63ac5e6, 0x50aeb748, 0x9bf264ed, 0x86f75455, 0x4dab87f0,
+    0xcb3ff55e, 0x006326fb, 0xf135942e, 0x3a69478b, 0xbcfd3525,
+    0x77a1e680, 0x6aa4d638, 0xa1f8059d, 0x276c7733, 0xec30a496,
+    0x191c11ee, 0xd240c24b, 0x54d4b0e5, 0x9f886340, 0x828d53f8,
+    0x49d1805d, 0xcf45f2f3, 0x04192156, 0xf54f9383, 0x3e134026,
+    0xb8873288, 0x73dbe12d, 0x6eded195, 0xa5820230, 0x2316709e,
+    0xe84aa33b, 0x1aca1375, 0xd196c0d0, 0x5702b27e, 0x9c5e61db,
+    0x815b5163, 0x4a0782c6, 0xcc93f068, 0x07cf23cd, 0xf6999118,
+    0x3dc542bd, 0xbb513013, 0x700de3b6, 0x6d08d30e, 0xa65400ab,
+    0x20c07205, 0xeb9ca1a0, 0x11e81eb4, 0xdab4cd11, 0x5c20bfbf,
+    0x977c6c1a, 0x8a795ca2, 0x41258f07, 0xc7b1fda9, 0x0ced2e0c,
+    0xfdbb9cd9, 0x36e74f7c, 0xb0733dd2, 0x7b2fee77, 0x662adecf,
+    0xad760d6a, 0x2be27fc4, 0xe0beac61, 0x123e1c2f, 0xd962cf8a,
+    0x5ff6bd24, 0x94aa6e81, 0x89af5e39, 0x42f38d9c, 0xc467ff32,
+    0x0f3b2c97, 0xfe6d9e42, 0x35314de7, 0xb3a53f49, 0x78f9ecec,
+    0x65fcdc54, 0xaea00ff1, 0x28347d5f, 0xe368aefa, 0x16441b82,
+    0xdd18c827, 0x5b8cba89, 0x90d0692c, 0x8dd55994, 0x46898a31,
+    0xc01df89f, 0x0b412b3a, 0xfa1799ef, 0x314b4a4a, 0xb7df38e4,
+    0x7c83eb41, 0x6186dbf9, 0xaada085c, 0x2c4e7af2, 0xe712a957,
+    0x15921919, 0xdececabc, 0x585ab812, 0x93066bb7, 0x8e035b0f,
+    0x455f88aa, 0xc3cbfa04, 0x089729a1, 0xf9c19b74, 0x329d48d1,
+    0xb4093a7f, 0x7f55e9da, 0x6250d962, 0xa90c0ac7, 0x2f987869,
+    0xe4c4abcc},
+   {0x00000000, 0x3d6029b0, 0x7ac05360, 0x47a07ad0, 0xf580a6c0,
+    0xc8e08f70, 0x8f40f5a0, 0xb220dc10, 0x30704bc1, 0x0d106271,
+    0x4ab018a1, 0x77d03111, 0xc5f0ed01, 0xf890c4b1, 0xbf30be61,
+    0x825097d1, 0x60e09782, 0x5d80be32, 0x1a20c4e2, 0x2740ed52,
+    0x95603142, 0xa80018f2, 0xefa06222, 0xd2c04b92, 0x5090dc43,
+    0x6df0f5f3, 0x2a508f23, 0x1730a693, 0xa5107a83, 0x98705333,
+    0xdfd029e3, 0xe2b00053, 0xc1c12f04, 0xfca106b4, 0xbb017c64,
+    0x866155d4, 0x344189c4, 0x0921a074, 0x4e81daa4, 0x73e1f314,
+    0xf1b164c5, 0xccd14d75, 0x8b7137a5, 0xb6111e15, 0x0431c205,
+    0x3951ebb5, 0x7ef19165, 0x4391b8d5, 0xa121b886, 0x9c419136,
+    0xdbe1ebe6, 0xe681c256, 0x54a11e46, 0x69c137f6, 0x2e614d26,
+    0x13016496, 0x9151f347, 0xac31daf7, 0xeb91a027, 0xd6f18997,
+    0x64d15587, 0x59b17c37, 0x1e1106e7, 0x23712f57, 0x58f35849,
+    0x659371f9, 0x22330b29, 0x1f532299, 0xad73fe89, 0x9013d739,
+    0xd7b3ade9, 0xead38459, 0x68831388, 0x55e33a38, 0x124340e8,
+    0x2f236958, 0x9d03b548, 0xa0639cf8, 0xe7c3e628, 0xdaa3cf98,
+    0x3813cfcb, 0x0573e67b, 0x42d39cab, 0x7fb3b51b, 0xcd93690b,
+    0xf0f340bb, 0xb7533a6b, 0x8a3313db, 0x0863840a, 0x3503adba,
+    0x72a3d76a, 0x4fc3feda, 0xfde322ca, 0xc0830b7a, 0x872371aa,
+    0xba43581a, 0x9932774d, 0xa4525efd, 0xe3f2242d, 0xde920d9d,
+    0x6cb2d18d, 0x51d2f83d, 0x167282ed, 0x2b12ab5d, 0xa9423c8c,
+    0x9422153c, 0xd3826fec, 0xeee2465c, 0x5cc29a4c, 0x61a2b3fc,
+    0x2602c92c, 0x1b62e09c, 0xf9d2e0cf, 0xc4b2c97f, 0x8312b3af,
+    0xbe729a1f, 0x0c52460f, 0x31326fbf, 0x7692156f, 0x4bf23cdf,
+    0xc9a2ab0e, 0xf4c282be, 0xb362f86e, 0x8e02d1de, 0x3c220dce,
+    0x0142247e, 0x46e25eae, 0x7b82771e, 0xb1e6b092, 0x8c869922,
+    0xcb26e3f2, 0xf646ca42, 0x44661652, 0x79063fe2, 0x3ea64532,
+    0x03c66c82, 0x8196fb53, 0xbcf6d2e3, 0xfb56a833, 0xc6368183,
+    0x74165d93, 0x49767423, 0x0ed60ef3, 0x33b62743, 0xd1062710,
+    0xec660ea0, 0xabc67470, 0x96a65dc0, 0x248681d0, 0x19e6a860,
+    0x5e46d2b0, 0x6326fb00, 0xe1766cd1, 0xdc164561, 0x9bb63fb1,
+    0xa6d61601, 0x14f6ca11, 0x2996e3a1, 0x6e369971, 0x5356b0c1,
+    0x70279f96, 0x4d47b626, 0x0ae7ccf6, 0x3787e546, 0x85a73956,
+    0xb8c710e6, 0xff676a36, 0xc2074386, 0x4057d457, 0x7d37fde7,
+    0x3a978737, 0x07f7ae87, 0xb5d77297, 0x88b75b27, 0xcf1721f7,
+    0xf2770847, 0x10c70814, 0x2da721a4, 0x6a075b74, 0x576772c4,
+    0xe547aed4, 0xd8278764, 0x9f87fdb4, 0xa2e7d404, 0x20b743d5,
+    0x1dd76a65, 0x5a7710b5, 0x67173905, 0xd537e515, 0xe857cca5,
+    0xaff7b675, 0x92979fc5, 0xe915e8db, 0xd475c16b, 0x93d5bbbb,
+    0xaeb5920b, 0x1c954e1b, 0x21f567ab, 0x66551d7b, 0x5b3534cb,
+    0xd965a31a, 0xe4058aaa, 0xa3a5f07a, 0x9ec5d9ca, 0x2ce505da,
+    0x11852c6a, 0x562556ba, 0x6b457f0a, 0x89f57f59, 0xb49556e9,
+    0xf3352c39, 0xce550589, 0x7c75d999, 0x4115f029, 0x06b58af9,
+    0x3bd5a349, 0xb9853498, 0x84e51d28, 0xc34567f8, 0xfe254e48,
+    0x4c059258, 0x7165bbe8, 0x36c5c138, 0x0ba5e888, 0x28d4c7df,
+    0x15b4ee6f, 0x521494bf, 0x6f74bd0f, 0xdd54611f, 0xe03448af,
+    0xa794327f, 0x9af41bcf, 0x18a48c1e, 0x25c4a5ae, 0x6264df7e,
+    0x5f04f6ce, 0xed242ade, 0xd044036e, 0x97e479be, 0xaa84500e,
+    0x4834505d, 0x755479ed, 0x32f4033d, 0x0f942a8d, 0xbdb4f69d,
+    0x80d4df2d, 0xc774a5fd, 0xfa148c4d, 0x78441b9c, 0x4524322c,
+    0x028448fc, 0x3fe4614c, 0x8dc4bd5c, 0xb0a494ec, 0xf704ee3c,
+    0xca64c78c}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0xb029603d, 0x6053c07a, 0xd07aa047, 0xc0a680f5,
+    0x708fe0c8, 0xa0f5408f, 0x10dc20b2, 0xc14b7030, 0x7162100d,
+    0xa118b04a, 0x1131d077, 0x01edf0c5, 0xb1c490f8, 0x61be30bf,
+    0xd1975082, 0x8297e060, 0x32be805d, 0xe2c4201a, 0x52ed4027,
+    0x42316095, 0xf21800a8, 0x2262a0ef, 0x924bc0d2, 0x43dc9050,
+    0xf3f5f06d, 0x238f502a, 0x93a63017, 0x837a10a5, 0x33537098,
+    0xe329d0df, 0x5300b0e2, 0x042fc1c1, 0xb406a1fc, 0x647c01bb,
+    0xd4556186, 0xc4894134, 0x74a02109, 0xa4da814e, 0x14f3e173,
+    0xc564b1f1, 0x754dd1cc, 0xa537718b, 0x151e11b6, 0x05c23104,
+    0xb5eb5139, 0x6591f17e, 0xd5b89143, 0x86b821a1, 0x3691419c,
+    0xe6ebe1db, 0x56c281e6, 0x461ea154, 0xf637c169, 0x264d612e,
+    0x96640113, 0x47f35191, 0xf7da31ac, 0x27a091eb, 0x9789f1d6,
+    0x8755d164, 0x377cb159, 0xe706111e, 0x572f7123, 0x4958f358,
+    0xf9719365, 0x290b3322, 0x9922531f, 0x89fe73ad, 0x39d71390,
+    0xe9adb3d7, 0x5984d3ea, 0x88138368, 0x383ae355, 0xe8404312,
+    0x5869232f, 0x48b5039d, 0xf89c63a0, 0x28e6c3e7, 0x98cfa3da,
+    0xcbcf1338, 0x7be67305, 0xab9cd342, 0x1bb5b37f, 0x0b6993cd,
+    0xbb40f3f0, 0x6b3a53b7, 0xdb13338a, 0x0a846308, 0xbaad0335,
+    0x6ad7a372, 0xdafec34f, 0xca22e3fd, 0x7a0b83c0, 0xaa712387,
+    0x1a5843ba, 0x4d773299, 0xfd5e52a4, 0x2d24f2e3, 0x9d0d92de,
+    0x8dd1b26c, 0x3df8d251, 0xed827216, 0x5dab122b, 0x8c3c42a9,
+    0x3c152294, 0xec6f82d3, 0x5c46e2ee, 0x4c9ac25c, 0xfcb3a261,
+    0x2cc90226, 0x9ce0621b, 0xcfe0d2f9, 0x7fc9b2c4, 0xafb31283,
+    0x1f9a72be, 0x0f46520c, 0xbf6f3231, 0x6f159276, 0xdf3cf24b,
+    0x0eaba2c9, 0xbe82c2f4, 0x6ef862b3, 0xded1028e, 0xce0d223c,
+    0x7e244201, 0xae5ee246, 0x1e77827b, 0x92b0e6b1, 0x2299868c,
+    0xf2e326cb, 0x42ca46f6, 0x52166644, 0xe23f0679, 0x3245a63e,
+    0x826cc603, 0x53fb9681, 0xe3d2f6bc, 0x33a856fb, 0x838136c6,
+    0x935d1674, 0x23747649, 0xf30ed60e, 0x4327b633, 0x102706d1,
+    0xa00e66ec, 0x7074c6ab, 0xc05da696, 0xd0818624, 0x60a8e619,
+    0xb0d2465e, 0x00fb2663, 0xd16c76e1, 0x614516dc, 0xb13fb69b,
+    0x0116d6a6, 0x11caf614, 0xa1e39629, 0x7199366e, 0xc1b05653,
+    0x969f2770, 0x26b6474d, 0xf6cce70a, 0x46e58737, 0x5639a785,
+    0xe610c7b8, 0x366a67ff, 0x864307c2, 0x57d45740, 0xe7fd377d,
+    0x3787973a, 0x87aef707, 0x9772d7b5, 0x275bb788, 0xf72117cf,
+    0x470877f2, 0x1408c710, 0xa421a72d, 0x745b076a, 0xc4726757,
+    0xd4ae47e5, 0x648727d8, 0xb4fd879f, 0x04d4e7a2, 0xd543b720,
+    0x656ad71d, 0xb510775a, 0x05391767, 0x15e537d5, 0xa5cc57e8,
+    0x75b6f7af, 0xc59f9792, 0xdbe815e9, 0x6bc175d4, 0xbbbbd593,
+    0x0b92b5ae, 0x1b4e951c, 0xab67f521, 0x7b1d5566, 0xcb34355b,
+    0x1aa365d9, 0xaa8a05e4, 0x7af0a5a3, 0xcad9c59e, 0xda05e52c,
+    0x6a2c8511, 0xba562556, 0x0a7f456b, 0x597ff589, 0xe95695b4,
+    0x392c35f3, 0x890555ce, 0x99d9757c, 0x29f01541, 0xf98ab506,
+    0x49a3d53b, 0x983485b9, 0x281de584, 0xf86745c3, 0x484e25fe,
+    0x5892054c, 0xe8bb6571, 0x38c1c536, 0x88e8a50b, 0xdfc7d428,
+    0x6feeb415, 0xbf941452, 0x0fbd746f, 0x1f6154dd, 0xaf4834e0,
+    0x7f3294a7, 0xcf1bf49a, 0x1e8ca418, 0xaea5c425, 0x7edf6462,
+    0xcef6045f, 0xde2a24ed, 0x6e0344d0, 0xbe79e497, 0x0e5084aa,
+    0x5d503448, 0xed795475, 0x3d03f432, 0x8d2a940f, 0x9df6b4bd,
+    0x2ddfd480, 0xfda574c7, 0x4d8c14fa, 0x9c1b4478, 0x2c322445,
+    0xfc488402, 0x4c61e43f, 0x5cbdc48d, 0xec94a4b0, 0x3cee04f7,
+    0x8cc764ca},
+   {0x00000000, 0xa5d35ccb, 0x0ba1c84d, 0xae729486, 0x1642919b,
+    0xb391cd50, 0x1de359d6, 0xb830051d, 0x6d8253ec, 0xc8510f27,
+    0x66239ba1, 0xc3f0c76a, 0x7bc0c277, 0xde139ebc, 0x70610a3a,
+    0xd5b256f1, 0x9b02d603, 0x3ed18ac8, 0x90a31e4e, 0x35704285,
+    0x8d404798, 0x28931b53, 0x86e18fd5, 0x2332d31e, 0xf68085ef,
+    0x5353d924, 0xfd214da2, 0x58f21169, 0xe0c21474, 0x451148bf,
+    0xeb63dc39, 0x4eb080f2, 0x3605ac07, 0x93d6f0cc, 0x3da4644a,
+    0x98773881, 0x20473d9c, 0x85946157, 0x2be6f5d1, 0x8e35a91a,
+    0x5b87ffeb, 0xfe54a320, 0x502637a6, 0xf5f56b6d, 0x4dc56e70,
+    0xe81632bb, 0x4664a63d, 0xe3b7faf6, 0xad077a04, 0x08d426cf,
+    0xa6a6b249, 0x0375ee82, 0xbb45eb9f, 0x1e96b754, 0xb0e423d2,
+    0x15377f19, 0xc08529e8, 0x65567523, 0xcb24e1a5, 0x6ef7bd6e,
+    0xd6c7b873, 0x7314e4b8, 0xdd66703e, 0x78b52cf5, 0x6c0a580f,
+    0xc9d904c4, 0x67ab9042, 0xc278cc89, 0x7a48c994, 0xdf9b955f,
+    0x71e901d9, 0xd43a5d12, 0x01880be3, 0xa45b5728, 0x0a29c3ae,
+    0xaffa9f65, 0x17ca9a78, 0xb219c6b3, 0x1c6b5235, 0xb9b80efe,
+    0xf7088e0c, 0x52dbd2c7, 0xfca94641, 0x597a1a8a, 0xe14a1f97,
+    0x4499435c, 0xeaebd7da, 0x4f388b11, 0x9a8adde0, 0x3f59812b,
+    0x912b15ad, 0x34f84966, 0x8cc84c7b, 0x291b10b0, 0x87698436,
+    0x22bad8fd, 0x5a0ff408, 0xffdca8c3, 0x51ae3c45, 0xf47d608e,
+    0x4c4d6593, 0xe99e3958, 0x47ecadde, 0xe23ff115, 0x378da7e4,
+    0x925efb2f, 0x3c2c6fa9, 0x99ff3362, 0x21cf367f, 0x841c6ab4,
+    0x2a6efe32, 0x8fbda2f9, 0xc10d220b, 0x64de7ec0, 0xcaacea46,
+    0x6f7fb68d, 0xd74fb390, 0x729cef5b, 0xdcee7bdd, 0x793d2716,
+    0xac8f71e7, 0x095c2d2c, 0xa72eb9aa, 0x02fde561, 0xbacde07c,
+    0x1f1ebcb7, 0xb16c2831, 0x14bf74fa, 0xd814b01e, 0x7dc7ecd5,
+    0xd3b57853, 0x76662498, 0xce562185, 0x6b857d4e, 0xc5f7e9c8,
+    0x6024b503, 0xb596e3f2, 0x1045bf39, 0xbe372bbf, 0x1be47774,
+    0xa3d47269, 0x06072ea2, 0xa875ba24, 0x0da6e6ef, 0x4316661d,
+    0xe6c53ad6, 0x48b7ae50, 0xed64f29b, 0x5554f786, 0xf087ab4d,
+    0x5ef53fcb, 0xfb266300, 0x2e9435f1, 0x8b47693a, 0x2535fdbc,
+    0x80e6a177, 0x38d6a46a, 0x9d05f8a1, 0x33776c27, 0x96a430ec,
+    0xee111c19, 0x4bc240d2, 0xe5b0d454, 0x4063889f, 0xf8538d82,
+    0x5d80d149, 0xf3f245cf, 0x56211904, 0x83934ff5, 0x2640133e,
+    0x883287b8, 0x2de1db73, 0x95d1de6e, 0x300282a5, 0x9e701623,
+    0x3ba34ae8, 0x7513ca1a, 0xd0c096d1, 0x7eb20257, 0xdb615e9c,
+    0x63515b81, 0xc682074a, 0x68f093cc, 0xcd23cf07, 0x189199f6,
+    0xbd42c53d, 0x133051bb, 0xb6e30d70, 0x0ed3086d, 0xab0054a6,
+    0x0572c020, 0xa0a19ceb, 0xb41ee811, 0x11cdb4da, 0xbfbf205c,
+    0x1a6c7c97, 0xa25c798a, 0x078f2541, 0xa9fdb1c7, 0x0c2eed0c,
+    0xd99cbbfd, 0x7c4fe736, 0xd23d73b0, 0x77ee2f7b, 0xcfde2a66,
+    0x6a0d76ad, 0xc47fe22b, 0x61acbee0, 0x2f1c3e12, 0x8acf62d9,
+    0x24bdf65f, 0x816eaa94, 0x395eaf89, 0x9c8df342, 0x32ff67c4,
+    0x972c3b0f, 0x429e6dfe, 0xe74d3135, 0x493fa5b3, 0xececf978,
+    0x54dcfc65, 0xf10fa0ae, 0x5f7d3428, 0xfaae68e3, 0x821b4416,
+    0x27c818dd, 0x89ba8c5b, 0x2c69d090, 0x9459d58d, 0x318a8946,
+    0x9ff81dc0, 0x3a2b410b, 0xef9917fa, 0x4a4a4b31, 0xe438dfb7,
+    0x41eb837c, 0xf9db8661, 0x5c08daaa, 0xf27a4e2c, 0x57a912e7,
+    0x19199215, 0xbccacede, 0x12b85a58, 0xb76b0693, 0x0f5b038e,
+    0xaa885f45, 0x04facbc3, 0xa1299708, 0x749bc1f9, 0xd1489d32,
+    0x7f3a09b4, 0xdae9557f, 0x62d95062, 0xc70a0ca9, 0x6978982f,
+    0xccabc4e4},
+   {0x00000000, 0xb40b77a6, 0x29119f97, 0x9d1ae831, 0x13244ff4,
+    0xa72f3852, 0x3a35d063, 0x8e3ea7c5, 0x674eef33, 0xd3459895,
+    0x4e5f70a4, 0xfa540702, 0x746aa0c7, 0xc061d761, 0x5d7b3f50,
+    0xe97048f6, 0xce9cde67, 0x7a97a9c1, 0xe78d41f0, 0x53863656,
+    0xddb89193, 0x69b3e635, 0xf4a90e04, 0x40a279a2, 0xa9d23154,
+    0x1dd946f2, 0x80c3aec3, 0x34c8d965, 0xbaf67ea0, 0x0efd0906,
+    0x93e7e137, 0x27ec9691, 0x9c39bdcf, 0x2832ca69, 0xb5282258,
+    0x012355fe, 0x8f1df23b, 0x3b16859d, 0xa60c6dac, 0x12071a0a,
+    0xfb7752fc, 0x4f7c255a, 0xd266cd6b, 0x666dbacd, 0xe8531d08,
+    0x5c586aae, 0xc142829f, 0x7549f539, 0x52a563a8, 0xe6ae140e,
+    0x7bb4fc3f, 0xcfbf8b99, 0x41812c5c, 0xf58a5bfa, 0x6890b3cb,
+    0xdc9bc46d, 0x35eb8c9b, 0x81e0fb3d, 0x1cfa130c, 0xa8f164aa,
+    0x26cfc36f, 0x92c4b4c9, 0x0fde5cf8, 0xbbd52b5e, 0x79750b44,
+    0xcd7e7ce2, 0x506494d3, 0xe46fe375, 0x6a5144b0, 0xde5a3316,
+    0x4340db27, 0xf74bac81, 0x1e3be477, 0xaa3093d1, 0x372a7be0,
+    0x83210c46, 0x0d1fab83, 0xb914dc25, 0x240e3414, 0x900543b2,
+    0xb7e9d523, 0x03e2a285, 0x9ef84ab4, 0x2af33d12, 0xa4cd9ad7,
+    0x10c6ed71, 0x8ddc0540, 0x39d772e6, 0xd0a73a10, 0x64ac4db6,
+    0xf9b6a587, 0x4dbdd221, 0xc38375e4, 0x77880242, 0xea92ea73,
+    0x5e999dd5, 0xe54cb68b, 0x5147c12d, 0xcc5d291c, 0x78565eba,
+    0xf668f97f, 0x42638ed9, 0xdf7966e8, 0x6b72114e, 0x820259b8,
+    0x36092e1e, 0xab13c62f, 0x1f18b189, 0x9126164c, 0x252d61ea,
+    0xb83789db, 0x0c3cfe7d, 0x2bd068ec, 0x9fdb1f4a, 0x02c1f77b,
+    0xb6ca80dd, 0x38f42718, 0x8cff50be, 0x11e5b88f, 0xa5eecf29,
+    0x4c9e87df, 0xf895f079, 0x658f1848, 0xd1846fee, 0x5fbac82b,
+    0xebb1bf8d, 0x76ab57bc, 0xc2a0201a, 0xf2ea1688, 0x46e1612e,
+    0xdbfb891f, 0x6ff0feb9, 0xe1ce597c, 0x55c52eda, 0xc8dfc6eb,
+    0x7cd4b14d, 0x95a4f9bb, 0x21af8e1d, 0xbcb5662c, 0x08be118a,
+    0x8680b64f, 0x328bc1e9, 0xaf9129d8, 0x1b9a5e7e, 0x3c76c8ef,
+    0x887dbf49, 0x15675778, 0xa16c20de, 0x2f52871b, 0x9b59f0bd,
+    0x0643188c, 0xb2486f2a, 0x5b3827dc, 0xef33507a, 0x7229b84b,
+    0xc622cfed, 0x481c6828, 0xfc171f8e, 0x610df7bf, 0xd5068019,
+    0x6ed3ab47, 0xdad8dce1, 0x47c234d0, 0xf3c94376, 0x7df7e4b3,
+    0xc9fc9315, 0x54e67b24, 0xe0ed0c82, 0x099d4474, 0xbd9633d2,
+    0x208cdbe3, 0x9487ac45, 0x1ab90b80, 0xaeb27c26, 0x33a89417,
+    0x87a3e3b1, 0xa04f7520, 0x14440286, 0x895eeab7, 0x3d559d11,
+    0xb36b3ad4, 0x07604d72, 0x9a7aa543, 0x2e71d2e5, 0xc7019a13,
+    0x730aedb5, 0xee100584, 0x5a1b7222, 0xd425d5e7, 0x602ea241,
+    0xfd344a70, 0x493f3dd6, 0x8b9f1dcc, 0x3f946a6a, 0xa28e825b,
+    0x1685f5fd, 0x98bb5238, 0x2cb0259e, 0xb1aacdaf, 0x05a1ba09,
+    0xecd1f2ff, 0x58da8559, 0xc5c06d68, 0x71cb1ace, 0xfff5bd0b,
+    0x4bfecaad, 0xd6e4229c, 0x62ef553a, 0x4503c3ab, 0xf108b40d,
+    0x6c125c3c, 0xd8192b9a, 0x56278c5f, 0xe22cfbf9, 0x7f3613c8,
+    0xcb3d646e, 0x224d2c98, 0x96465b3e, 0x0b5cb30f, 0xbf57c4a9,
+    0x3169636c, 0x856214ca, 0x1878fcfb, 0xac738b5d, 0x17a6a003,
+    0xa3add7a5, 0x3eb73f94, 0x8abc4832, 0x0482eff7, 0xb0899851,
+    0x2d937060, 0x999807c6, 0x70e84f30, 0xc4e33896, 0x59f9d0a7,
+    0xedf2a701, 0x63cc00c4, 0xd7c77762, 0x4add9f53, 0xfed6e8f5,
+    0xd93a7e64, 0x6d3109c2, 0xf02be1f3, 0x44209655, 0xca1e3190,
+    0x7e154636, 0xe30fae07, 0x5704d9a1, 0xbe749157, 0x0a7fe6f1,
+    0x97650ec0, 0x236e7966, 0xad50dea3, 0x195ba905, 0x84414134,
+    0x304a3692},
+   {0x00000000, 0x9e00aacc, 0x7d072542, 0xe3078f8e, 0xfa0e4a84,
+    0x640ee048, 0x87096fc6, 0x1909c50a, 0xb51be5d3, 0x2b1b4f1f,
+    0xc81cc091, 0x561c6a5d, 0x4f15af57, 0xd115059b, 0x32128a15,
+    0xac1220d9, 0x2b31bb7c, 0xb53111b0, 0x56369e3e, 0xc83634f2,
+    0xd13ff1f8, 0x4f3f5b34, 0xac38d4ba, 0x32387e76, 0x9e2a5eaf,
+    0x002af463, 0xe32d7bed, 0x7d2dd121, 0x6424142b, 0xfa24bee7,
+    0x19233169, 0x87239ba5, 0x566276f9, 0xc862dc35, 0x2b6553bb,
+    0xb565f977, 0xac6c3c7d, 0x326c96b1, 0xd16b193f, 0x4f6bb3f3,
+    0xe379932a, 0x7d7939e6, 0x9e7eb668, 0x007e1ca4, 0x1977d9ae,
+    0x87777362, 0x6470fcec, 0xfa705620, 0x7d53cd85, 0xe3536749,
+    0x0054e8c7, 0x9e54420b, 0x875d8701, 0x195d2dcd, 0xfa5aa243,
+    0x645a088f, 0xc8482856, 0x5648829a, 0xb54f0d14, 0x2b4fa7d8,
+    0x324662d2, 0xac46c81e, 0x4f414790, 0xd141ed5c, 0xedc29d29,
+    0x73c237e5, 0x90c5b86b, 0x0ec512a7, 0x17ccd7ad, 0x89cc7d61,
+    0x6acbf2ef, 0xf4cb5823, 0x58d978fa, 0xc6d9d236, 0x25de5db8,
+    0xbbdef774, 0xa2d7327e, 0x3cd798b2, 0xdfd0173c, 0x41d0bdf0,
+    0xc6f32655, 0x58f38c99, 0xbbf40317, 0x25f4a9db, 0x3cfd6cd1,
+    0xa2fdc61d, 0x41fa4993, 0xdffae35f, 0x73e8c386, 0xede8694a,
+    0x0eefe6c4, 0x90ef4c08, 0x89e68902, 0x17e623ce, 0xf4e1ac40,
+    0x6ae1068c, 0xbba0ebd0, 0x25a0411c, 0xc6a7ce92, 0x58a7645e,
+    0x41aea154, 0xdfae0b98, 0x3ca98416, 0xa2a92eda, 0x0ebb0e03,
+    0x90bba4cf, 0x73bc2b41, 0xedbc818d, 0xf4b54487, 0x6ab5ee4b,
+    0x89b261c5, 0x17b2cb09, 0x909150ac, 0x0e91fa60, 0xed9675ee,
+    0x7396df22, 0x6a9f1a28, 0xf49fb0e4, 0x17983f6a, 0x899895a6,
+    0x258ab57f, 0xbb8a1fb3, 0x588d903d, 0xc68d3af1, 0xdf84fffb,
+    0x41845537, 0xa283dab9, 0x3c837075, 0xda853b53, 0x4485919f,
+    0xa7821e11, 0x3982b4dd, 0x208b71d7, 0xbe8bdb1b, 0x5d8c5495,
+    0xc38cfe59, 0x6f9ede80, 0xf19e744c, 0x1299fbc2, 0x8c99510e,
+    0x95909404, 0x0b903ec8, 0xe897b146, 0x76971b8a, 0xf1b4802f,
+    0x6fb42ae3, 0x8cb3a56d, 0x12b30fa1, 0x0bbacaab, 0x95ba6067,
+    0x76bdefe9, 0xe8bd4525, 0x44af65fc, 0xdaafcf30, 0x39a840be,
+    0xa7a8ea72, 0xbea12f78, 0x20a185b4, 0xc3a60a3a, 0x5da6a0f6,
+    0x8ce74daa, 0x12e7e766, 0xf1e068e8, 0x6fe0c224, 0x76e9072e,
+    0xe8e9ade2, 0x0bee226c, 0x95ee88a0, 0x39fca879, 0xa7fc02b5,
+    0x44fb8d3b, 0xdafb27f7, 0xc3f2e2fd, 0x5df24831, 0xbef5c7bf,
+    0x20f56d73, 0xa7d6f6d6, 0x39d65c1a, 0xdad1d394, 0x44d17958,
+    0x5dd8bc52, 0xc3d8169e, 0x20df9910, 0xbedf33dc, 0x12cd1305,
+    0x8ccdb9c9, 0x6fca3647, 0xf1ca9c8b, 0xe8c35981, 0x76c3f34d,
+    0x95c47cc3, 0x0bc4d60f, 0x3747a67a, 0xa9470cb6, 0x4a408338,
+    0xd44029f4, 0xcd49ecfe, 0x53494632, 0xb04ec9bc, 0x2e4e6370,
+    0x825c43a9, 0x1c5ce965, 0xff5b66eb, 0x615bcc27, 0x7852092d,
+    0xe652a3e1, 0x05552c6f, 0x9b5586a3, 0x1c761d06, 0x8276b7ca,
+    0x61713844, 0xff719288, 0xe6785782, 0x7878fd4e, 0x9b7f72c0,
+    0x057fd80c, 0xa96df8d5, 0x376d5219, 0xd46add97, 0x4a6a775b,
+    0x5363b251, 0xcd63189d, 0x2e649713, 0xb0643ddf, 0x6125d083,
+    0xff257a4f, 0x1c22f5c1, 0x82225f0d, 0x9b2b9a07, 0x052b30cb,
+    0xe62cbf45, 0x782c1589, 0xd43e3550, 0x4a3e9f9c, 0xa9391012,
+    0x3739bade, 0x2e307fd4, 0xb030d518, 0x53375a96, 0xcd37f05a,
+    0x4a146bff, 0xd414c133, 0x37134ebd, 0xa913e471, 0xb01a217b,
+    0x2e1a8bb7, 0xcd1d0439, 0x531daef5, 0xff0f8e2c, 0x610f24e0,
+    0x8208ab6e, 0x1c0801a2, 0x0501c4a8, 0x9b016e64, 0x7806e1ea,
+    0xe6064b26}};
+
+#endif
+
+#endif
+
+#if N == 3
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x81256527, 0xd93bcc0f, 0x581ea928, 0x69069e5f,
+    0xe823fb78, 0xb03d5250, 0x31183777, 0xd20d3cbe, 0x53285999,
+    0x0b36f0b1, 0x8a139596, 0xbb0ba2e1, 0x3a2ec7c6, 0x62306eee,
+    0xe3150bc9, 0x7f6b7f3d, 0xfe4e1a1a, 0xa650b332, 0x2775d615,
+    0x166de162, 0x97488445, 0xcf562d6d, 0x4e73484a, 0xad664383,
+    0x2c4326a4, 0x745d8f8c, 0xf578eaab, 0xc460dddc, 0x4545b8fb,
+    0x1d5b11d3, 0x9c7e74f4, 0xfed6fe7a, 0x7ff39b5d, 0x27ed3275,
+    0xa6c85752, 0x97d06025, 0x16f50502, 0x4eebac2a, 0xcfcec90d,
+    0x2cdbc2c4, 0xadfea7e3, 0xf5e00ecb, 0x74c56bec, 0x45dd5c9b,
+    0xc4f839bc, 0x9ce69094, 0x1dc3f5b3, 0x81bd8147, 0x0098e460,
+    0x58864d48, 0xd9a3286f, 0xe8bb1f18, 0x699e7a3f, 0x3180d317,
+    0xb0a5b630, 0x53b0bdf9, 0xd295d8de, 0x8a8b71f6, 0x0bae14d1,
+    0x3ab623a6, 0xbb934681, 0xe38defa9, 0x62a88a8e, 0x26dcfab5,
+    0xa7f99f92, 0xffe736ba, 0x7ec2539d, 0x4fda64ea, 0xceff01cd,
+    0x96e1a8e5, 0x17c4cdc2, 0xf4d1c60b, 0x75f4a32c, 0x2dea0a04,
+    0xaccf6f23, 0x9dd75854, 0x1cf23d73, 0x44ec945b, 0xc5c9f17c,
+    0x59b78588, 0xd892e0af, 0x808c4987, 0x01a92ca0, 0x30b11bd7,
+    0xb1947ef0, 0xe98ad7d8, 0x68afb2ff, 0x8bbab936, 0x0a9fdc11,
+    0x52817539, 0xd3a4101e, 0xe2bc2769, 0x6399424e, 0x3b87eb66,
+    0xbaa28e41, 0xd80a04cf, 0x592f61e8, 0x0131c8c0, 0x8014ade7,
+    0xb10c9a90, 0x3029ffb7, 0x6837569f, 0xe91233b8, 0x0a073871,
+    0x8b225d56, 0xd33cf47e, 0x52199159, 0x6301a62e, 0xe224c309,
+    0xba3a6a21, 0x3b1f0f06, 0xa7617bf2, 0x26441ed5, 0x7e5ab7fd,
+    0xff7fd2da, 0xce67e5ad, 0x4f42808a, 0x175c29a2, 0x96794c85,
+    0x756c474c, 0xf449226b, 0xac578b43, 0x2d72ee64, 0x1c6ad913,
+    0x9d4fbc34, 0xc551151c, 0x4474703b, 0x4db9f56a, 0xcc9c904d,
+    0x94823965, 0x15a75c42, 0x24bf6b35, 0xa59a0e12, 0xfd84a73a,
+    0x7ca1c21d, 0x9fb4c9d4, 0x1e91acf3, 0x468f05db, 0xc7aa60fc,
+    0xf6b2578b, 0x779732ac, 0x2f899b84, 0xaeacfea3, 0x32d28a57,
+    0xb3f7ef70, 0xebe94658, 0x6acc237f, 0x5bd41408, 0xdaf1712f,
+    0x82efd807, 0x03cabd20, 0xe0dfb6e9, 0x61fad3ce, 0x39e47ae6,
+    0xb8c11fc1, 0x89d928b6, 0x08fc4d91, 0x50e2e4b9, 0xd1c7819e,
+    0xb36f0b10, 0x324a6e37, 0x6a54c71f, 0xeb71a238, 0xda69954f,
+    0x5b4cf068, 0x03525940, 0x82773c67, 0x616237ae, 0xe0475289,
+    0xb859fba1, 0x397c9e86, 0x0864a9f1, 0x8941ccd6, 0xd15f65fe,
+    0x507a00d9, 0xcc04742d, 0x4d21110a, 0x153fb822, 0x941add05,
+    0xa502ea72, 0x24278f55, 0x7c39267d, 0xfd1c435a, 0x1e094893,
+    0x9f2c2db4, 0xc732849c, 0x4617e1bb, 0x770fd6cc, 0xf62ab3eb,
+    0xae341ac3, 0x2f117fe4, 0x6b650fdf, 0xea406af8, 0xb25ec3d0,
+    0x337ba6f7, 0x02639180, 0x8346f4a7, 0xdb585d8f, 0x5a7d38a8,
+    0xb9683361, 0x384d5646, 0x6053ff6e, 0xe1769a49, 0xd06ead3e,
+    0x514bc819, 0x09556131, 0x88700416, 0x140e70e2, 0x952b15c5,
+    0xcd35bced, 0x4c10d9ca, 0x7d08eebd, 0xfc2d8b9a, 0xa43322b2,
+    0x25164795, 0xc6034c5c, 0x4726297b, 0x1f388053, 0x9e1de574,
+    0xaf05d203, 0x2e20b724, 0x763e1e0c, 0xf71b7b2b, 0x95b3f1a5,
+    0x14969482, 0x4c883daa, 0xcdad588d, 0xfcb56ffa, 0x7d900add,
+    0x258ea3f5, 0xa4abc6d2, 0x47becd1b, 0xc69ba83c, 0x9e850114,
+    0x1fa06433, 0x2eb85344, 0xaf9d3663, 0xf7839f4b, 0x76a6fa6c,
+    0xead88e98, 0x6bfdebbf, 0x33e34297, 0xb2c627b0, 0x83de10c7,
+    0x02fb75e0, 0x5ae5dcc8, 0xdbc0b9ef, 0x38d5b226, 0xb9f0d701,
+    0xe1ee7e29, 0x60cb1b0e, 0x51d32c79, 0xd0f6495e, 0x88e8e076,
+    0x09cd8551},
+   {0x00000000, 0x9b73ead4, 0xed96d3e9, 0x76e5393d, 0x005ca193,
+    0x9b2f4b47, 0xedca727a, 0x76b998ae, 0x00b94326, 0x9bcaa9f2,
+    0xed2f90cf, 0x765c7a1b, 0x00e5e2b5, 0x9b960861, 0xed73315c,
+    0x7600db88, 0x0172864c, 0x9a016c98, 0xece455a5, 0x7797bf71,
+    0x012e27df, 0x9a5dcd0b, 0xecb8f436, 0x77cb1ee2, 0x01cbc56a,
+    0x9ab82fbe, 0xec5d1683, 0x772efc57, 0x019764f9, 0x9ae48e2d,
+    0xec01b710, 0x77725dc4, 0x02e50c98, 0x9996e64c, 0xef73df71,
+    0x740035a5, 0x02b9ad0b, 0x99ca47df, 0xef2f7ee2, 0x745c9436,
+    0x025c4fbe, 0x992fa56a, 0xefca9c57, 0x74b97683, 0x0200ee2d,
+    0x997304f9, 0xef963dc4, 0x74e5d710, 0x03978ad4, 0x98e46000,
+    0xee01593d, 0x7572b3e9, 0x03cb2b47, 0x98b8c193, 0xee5df8ae,
+    0x752e127a, 0x032ec9f2, 0x985d2326, 0xeeb81a1b, 0x75cbf0cf,
+    0x03726861, 0x980182b5, 0xeee4bb88, 0x7597515c, 0x05ca1930,
+    0x9eb9f3e4, 0xe85ccad9, 0x732f200d, 0x0596b8a3, 0x9ee55277,
+    0xe8006b4a, 0x7373819e, 0x05735a16, 0x9e00b0c2, 0xe8e589ff,
+    0x7396632b, 0x052ffb85, 0x9e5c1151, 0xe8b9286c, 0x73cac2b8,
+    0x04b89f7c, 0x9fcb75a8, 0xe92e4c95, 0x725da641, 0x04e43eef,
+    0x9f97d43b, 0xe972ed06, 0x720107d2, 0x0401dc5a, 0x9f72368e,
+    0xe9970fb3, 0x72e4e567, 0x045d7dc9, 0x9f2e971d, 0xe9cbae20,
+    0x72b844f4, 0x072f15a8, 0x9c5cff7c, 0xeab9c641, 0x71ca2c95,
+    0x0773b43b, 0x9c005eef, 0xeae567d2, 0x71968d06, 0x0796568e,
+    0x9ce5bc5a, 0xea008567, 0x71736fb3, 0x07caf71d, 0x9cb91dc9,
+    0xea5c24f4, 0x712fce20, 0x065d93e4, 0x9d2e7930, 0xebcb400d,
+    0x70b8aad9, 0x06013277, 0x9d72d8a3, 0xeb97e19e, 0x70e40b4a,
+    0x06e4d0c2, 0x9d973a16, 0xeb72032b, 0x7001e9ff, 0x06b87151,
+    0x9dcb9b85, 0xeb2ea2b8, 0x705d486c, 0x0b943260, 0x90e7d8b4,
+    0xe602e189, 0x7d710b5d, 0x0bc893f3, 0x90bb7927, 0xe65e401a,
+    0x7d2daace, 0x0b2d7146, 0x905e9b92, 0xe6bba2af, 0x7dc8487b,
+    0x0b71d0d5, 0x90023a01, 0xe6e7033c, 0x7d94e9e8, 0x0ae6b42c,
+    0x91955ef8, 0xe77067c5, 0x7c038d11, 0x0aba15bf, 0x91c9ff6b,
+    0xe72cc656, 0x7c5f2c82, 0x0a5ff70a, 0x912c1dde, 0xe7c924e3,
+    0x7cbace37, 0x0a035699, 0x9170bc4d, 0xe7958570, 0x7ce66fa4,
+    0x09713ef8, 0x9202d42c, 0xe4e7ed11, 0x7f9407c5, 0x092d9f6b,
+    0x925e75bf, 0xe4bb4c82, 0x7fc8a656, 0x09c87dde, 0x92bb970a,
+    0xe45eae37, 0x7f2d44e3, 0x0994dc4d, 0x92e73699, 0xe4020fa4,
+    0x7f71e570, 0x0803b8b4, 0x93705260, 0xe5956b5d, 0x7ee68189,
+    0x085f1927, 0x932cf3f3, 0xe5c9cace, 0x7eba201a, 0x08bafb92,
+    0x93c91146, 0xe52c287b, 0x7e5fc2af, 0x08e65a01, 0x9395b0d5,
+    0xe57089e8, 0x7e03633c, 0x0e5e2b50, 0x952dc184, 0xe3c8f8b9,
+    0x78bb126d, 0x0e028ac3, 0x95716017, 0xe394592a, 0x78e7b3fe,
+    0x0ee76876, 0x959482a2, 0xe371bb9f, 0x7802514b, 0x0ebbc9e5,
+    0x95c82331, 0xe32d1a0c, 0x785ef0d8, 0x0f2cad1c, 0x945f47c8,
+    0xe2ba7ef5, 0x79c99421, 0x0f700c8f, 0x9403e65b, 0xe2e6df66,
+    0x799535b2, 0x0f95ee3a, 0x94e604ee, 0xe2033dd3, 0x7970d707,
+    0x0fc94fa9, 0x94baa57d, 0xe25f9c40, 0x792c7694, 0x0cbb27c8,
+    0x97c8cd1c, 0xe12df421, 0x7a5e1ef5, 0x0ce7865b, 0x97946c8f,
+    0xe17155b2, 0x7a02bf66, 0x0c0264ee, 0x97718e3a, 0xe194b707,
+    0x7ae75dd3, 0x0c5ec57d, 0x972d2fa9, 0xe1c81694, 0x7abbfc40,
+    0x0dc9a184, 0x96ba4b50, 0xe05f726d, 0x7b2c98b9, 0x0d950017,
+    0x96e6eac3, 0xe003d3fe, 0x7b70392a, 0x0d70e2a2, 0x96030876,
+    0xe0e6314b, 0x7b95db9f, 0x0d2c4331, 0x965fa9e5, 0xe0ba90d8,
+    0x7bc97a0c},
+   {0x00000000, 0x172864c0, 0x2e50c980, 0x3978ad40, 0x5ca19300,
+    0x4b89f7c0, 0x72f15a80, 0x65d93e40, 0xb9432600, 0xae6b42c0,
+    0x9713ef80, 0x803b8b40, 0xe5e2b500, 0xf2cad1c0, 0xcbb27c80,
+    0xdc9a1840, 0xa9f74a41, 0xbedf2e81, 0x87a783c1, 0x908fe701,
+    0xf556d941, 0xe27ebd81, 0xdb0610c1, 0xcc2e7401, 0x10b46c41,
+    0x079c0881, 0x3ee4a5c1, 0x29ccc101, 0x4c15ff41, 0x5b3d9b81,
+    0x624536c1, 0x756d5201, 0x889f92c3, 0x9fb7f603, 0xa6cf5b43,
+    0xb1e73f83, 0xd43e01c3, 0xc3166503, 0xfa6ec843, 0xed46ac83,
+    0x31dcb4c3, 0x26f4d003, 0x1f8c7d43, 0x08a41983, 0x6d7d27c3,
+    0x7a554303, 0x432dee43, 0x54058a83, 0x2168d882, 0x3640bc42,
+    0x0f381102, 0x181075c2, 0x7dc94b82, 0x6ae12f42, 0x53998202,
+    0x44b1e6c2, 0x982bfe82, 0x8f039a42, 0xb67b3702, 0xa15353c2,
+    0xc48a6d82, 0xd3a20942, 0xeadaa402, 0xfdf2c0c2, 0xca4e23c7,
+    0xdd664707, 0xe41eea47, 0xf3368e87, 0x96efb0c7, 0x81c7d407,
+    0xb8bf7947, 0xaf971d87, 0x730d05c7, 0x64256107, 0x5d5dcc47,
+    0x4a75a887, 0x2fac96c7, 0x3884f207, 0x01fc5f47, 0x16d43b87,
+    0x63b96986, 0x74910d46, 0x4de9a006, 0x5ac1c4c6, 0x3f18fa86,
+    0x28309e46, 0x11483306, 0x066057c6, 0xdafa4f86, 0xcdd22b46,
+    0xf4aa8606, 0xe382e2c6, 0x865bdc86, 0x9173b846, 0xa80b1506,
+    0xbf2371c6, 0x42d1b104, 0x55f9d5c4, 0x6c817884, 0x7ba91c44,
+    0x1e702204, 0x095846c4, 0x3020eb84, 0x27088f44, 0xfb929704,
+    0xecbaf3c4, 0xd5c25e84, 0xc2ea3a44, 0xa7330404, 0xb01b60c4,
+    0x8963cd84, 0x9e4ba944, 0xeb26fb45, 0xfc0e9f85, 0xc57632c5,
+    0xd25e5605, 0xb7876845, 0xa0af0c85, 0x99d7a1c5, 0x8effc505,
+    0x5265dd45, 0x454db985, 0x7c3514c5, 0x6b1d7005, 0x0ec44e45,
+    0x19ec2a85, 0x209487c5, 0x37bce305, 0x4fed41cf, 0x58c5250f,
+    0x61bd884f, 0x7695ec8f, 0x134cd2cf, 0x0464b60f, 0x3d1c1b4f,
+    0x2a347f8f, 0xf6ae67cf, 0xe186030f, 0xd8feae4f, 0xcfd6ca8f,
+    0xaa0ff4cf, 0xbd27900f, 0x845f3d4f, 0x9377598f, 0xe61a0b8e,
+    0xf1326f4e, 0xc84ac20e, 0xdf62a6ce, 0xbabb988e, 0xad93fc4e,
+    0x94eb510e, 0x83c335ce, 0x5f592d8e, 0x4871494e, 0x7109e40e,
+    0x662180ce, 0x03f8be8e, 0x14d0da4e, 0x2da8770e, 0x3a8013ce,
+    0xc772d30c, 0xd05ab7cc, 0xe9221a8c, 0xfe0a7e4c, 0x9bd3400c,
+    0x8cfb24cc, 0xb583898c, 0xa2abed4c, 0x7e31f50c, 0x691991cc,
+    0x50613c8c, 0x4749584c, 0x2290660c, 0x35b802cc, 0x0cc0af8c,
+    0x1be8cb4c, 0x6e85994d, 0x79adfd8d, 0x40d550cd, 0x57fd340d,
+    0x32240a4d, 0x250c6e8d, 0x1c74c3cd, 0x0b5ca70d, 0xd7c6bf4d,
+    0xc0eedb8d, 0xf99676cd, 0xeebe120d, 0x8b672c4d, 0x9c4f488d,
+    0xa537e5cd, 0xb21f810d, 0x85a36208, 0x928b06c8, 0xabf3ab88,
+    0xbcdbcf48, 0xd902f108, 0xce2a95c8, 0xf7523888, 0xe07a5c48,
+    0x3ce04408, 0x2bc820c8, 0x12b08d88, 0x0598e948, 0x6041d708,
+    0x7769b3c8, 0x4e111e88, 0x59397a48, 0x2c542849, 0x3b7c4c89,
+    0x0204e1c9, 0x152c8509, 0x70f5bb49, 0x67dddf89, 0x5ea572c9,
+    0x498d1609, 0x95170e49, 0x823f6a89, 0xbb47c7c9, 0xac6fa309,
+    0xc9b69d49, 0xde9ef989, 0xe7e654c9, 0xf0ce3009, 0x0d3cf0cb,
+    0x1a14940b, 0x236c394b, 0x34445d8b, 0x519d63cb, 0x46b5070b,
+    0x7fcdaa4b, 0x68e5ce8b, 0xb47fd6cb, 0xa357b20b, 0x9a2f1f4b,
+    0x8d077b8b, 0xe8de45cb, 0xfff6210b, 0xc68e8c4b, 0xd1a6e88b,
+    0xa4cbba8a, 0xb3e3de4a, 0x8a9b730a, 0x9db317ca, 0xf86a298a,
+    0xef424d4a, 0xd63ae00a, 0xc11284ca, 0x1d889c8a, 0x0aa0f84a,
+    0x33d8550a, 0x24f031ca, 0x41290f8a, 0x56016b4a, 0x6f79c60a,
+    0x7851a2ca},
+   {0x00000000, 0x9fda839e, 0xe4c4017d, 0x7b1e82e3, 0x12f904bb,
+    0x8d238725, 0xf63d05c6, 0x69e78658, 0x25f20976, 0xba288ae8,
+    0xc136080b, 0x5eec8b95, 0x370b0dcd, 0xa8d18e53, 0xd3cf0cb0,
+    0x4c158f2e, 0x4be412ec, 0xd43e9172, 0xaf201391, 0x30fa900f,
+    0x591d1657, 0xc6c795c9, 0xbdd9172a, 0x220394b4, 0x6e161b9a,
+    0xf1cc9804, 0x8ad21ae7, 0x15089979, 0x7cef1f21, 0xe3359cbf,
+    0x982b1e5c, 0x07f19dc2, 0x97c825d8, 0x0812a646, 0x730c24a5,
+    0xecd6a73b, 0x85312163, 0x1aeba2fd, 0x61f5201e, 0xfe2fa380,
+    0xb23a2cae, 0x2de0af30, 0x56fe2dd3, 0xc924ae4d, 0xa0c32815,
+    0x3f19ab8b, 0x44072968, 0xdbddaaf6, 0xdc2c3734, 0x43f6b4aa,
+    0x38e83649, 0xa732b5d7, 0xced5338f, 0x510fb011, 0x2a1132f2,
+    0xb5cbb16c, 0xf9de3e42, 0x6604bddc, 0x1d1a3f3f, 0x82c0bca1,
+    0xeb273af9, 0x74fdb967, 0x0fe33b84, 0x9039b81a, 0xf4e14df1,
+    0x6b3bce6f, 0x10254c8c, 0x8fffcf12, 0xe618494a, 0x79c2cad4,
+    0x02dc4837, 0x9d06cba9, 0xd1134487, 0x4ec9c719, 0x35d745fa,
+    0xaa0dc664, 0xc3ea403c, 0x5c30c3a2, 0x272e4141, 0xb8f4c2df,
+    0xbf055f1d, 0x20dfdc83, 0x5bc15e60, 0xc41bddfe, 0xadfc5ba6,
+    0x3226d838, 0x49385adb, 0xd6e2d945, 0x9af7566b, 0x052dd5f5,
+    0x7e335716, 0xe1e9d488, 0x880e52d0, 0x17d4d14e, 0x6cca53ad,
+    0xf310d033, 0x63296829, 0xfcf3ebb7, 0x87ed6954, 0x1837eaca,
+    0x71d06c92, 0xee0aef0c, 0x95146def, 0x0aceee71, 0x46db615f,
+    0xd901e2c1, 0xa21f6022, 0x3dc5e3bc, 0x542265e4, 0xcbf8e67a,
+    0xb0e66499, 0x2f3ce707, 0x28cd7ac5, 0xb717f95b, 0xcc097bb8,
+    0x53d3f826, 0x3a347e7e, 0xa5eefde0, 0xdef07f03, 0x412afc9d,
+    0x0d3f73b3, 0x92e5f02d, 0xe9fb72ce, 0x7621f150, 0x1fc67708,
+    0x801cf496, 0xfb027675, 0x64d8f5eb, 0x32b39da3, 0xad691e3d,
+    0xd6779cde, 0x49ad1f40, 0x204a9918, 0xbf901a86, 0xc48e9865,
+    0x5b541bfb, 0x174194d5, 0x889b174b, 0xf38595a8, 0x6c5f1636,
+    0x05b8906e, 0x9a6213f0, 0xe17c9113, 0x7ea6128d, 0x79578f4f,
+    0xe68d0cd1, 0x9d938e32, 0x02490dac, 0x6bae8bf4, 0xf474086a,
+    0x8f6a8a89, 0x10b00917, 0x5ca58639, 0xc37f05a7, 0xb8618744,
+    0x27bb04da, 0x4e5c8282, 0xd186011c, 0xaa9883ff, 0x35420061,
+    0xa57bb87b, 0x3aa13be5, 0x41bfb906, 0xde653a98, 0xb782bcc0,
+    0x28583f5e, 0x5346bdbd, 0xcc9c3e23, 0x8089b10d, 0x1f533293,
+    0x644db070, 0xfb9733ee, 0x9270b5b6, 0x0daa3628, 0x76b4b4cb,
+    0xe96e3755, 0xee9faa97, 0x71452909, 0x0a5babea, 0x95812874,
+    0xfc66ae2c, 0x63bc2db2, 0x18a2af51, 0x87782ccf, 0xcb6da3e1,
+    0x54b7207f, 0x2fa9a29c, 0xb0732102, 0xd994a75a, 0x464e24c4,
+    0x3d50a627, 0xa28a25b9, 0xc652d052, 0x598853cc, 0x2296d12f,
+    0xbd4c52b1, 0xd4abd4e9, 0x4b715777, 0x306fd594, 0xafb5560a,
+    0xe3a0d924, 0x7c7a5aba, 0x0764d859, 0x98be5bc7, 0xf159dd9f,
+    0x6e835e01, 0x159ddce2, 0x8a475f7c, 0x8db6c2be, 0x126c4120,
+    0x6972c3c3, 0xf6a8405d, 0x9f4fc605, 0x0095459b, 0x7b8bc778,
+    0xe45144e6, 0xa844cbc8, 0x379e4856, 0x4c80cab5, 0xd35a492b,
+    0xbabdcf73, 0x25674ced, 0x5e79ce0e, 0xc1a34d90, 0x519af58a,
+    0xce407614, 0xb55ef4f7, 0x2a847769, 0x4363f131, 0xdcb972af,
+    0xa7a7f04c, 0x387d73d2, 0x7468fcfc, 0xebb27f62, 0x90acfd81,
+    0x0f767e1f, 0x6691f847, 0xf94b7bd9, 0x8255f93a, 0x1d8f7aa4,
+    0x1a7ee766, 0x85a464f8, 0xfebae61b, 0x61606585, 0x0887e3dd,
+    0x975d6043, 0xec43e2a0, 0x7399613e, 0x3f8cee10, 0xa0566d8e,
+    0xdb48ef6d, 0x44926cf3, 0x2d75eaab, 0xb2af6935, 0xc9b1ebd6,
+    0x566b6848},
+   {0x00000000, 0x65673b46, 0xcace768c, 0xafa94dca, 0x4eedeb59,
+    0x2b8ad01f, 0x84239dd5, 0xe144a693, 0x9ddbd6b2, 0xf8bcedf4,
+    0x5715a03e, 0x32729b78, 0xd3363deb, 0xb65106ad, 0x19f84b67,
+    0x7c9f7021, 0xe0c6ab25, 0x85a19063, 0x2a08dda9, 0x4f6fe6ef,
+    0xae2b407c, 0xcb4c7b3a, 0x64e536f0, 0x01820db6, 0x7d1d7d97,
+    0x187a46d1, 0xb7d30b1b, 0xd2b4305d, 0x33f096ce, 0x5697ad88,
+    0xf93ee042, 0x9c59db04, 0x1afc500b, 0x7f9b6b4d, 0xd0322687,
+    0xb5551dc1, 0x5411bb52, 0x31768014, 0x9edfcdde, 0xfbb8f698,
+    0x872786b9, 0xe240bdff, 0x4de9f035, 0x288ecb73, 0xc9ca6de0,
+    0xacad56a6, 0x03041b6c, 0x6663202a, 0xfa3afb2e, 0x9f5dc068,
+    0x30f48da2, 0x5593b6e4, 0xb4d71077, 0xd1b02b31, 0x7e1966fb,
+    0x1b7e5dbd, 0x67e12d9c, 0x028616da, 0xad2f5b10, 0xc8486056,
+    0x290cc6c5, 0x4c6bfd83, 0xe3c2b049, 0x86a58b0f, 0x35f8a016,
+    0x509f9b50, 0xff36d69a, 0x9a51eddc, 0x7b154b4f, 0x1e727009,
+    0xb1db3dc3, 0xd4bc0685, 0xa82376a4, 0xcd444de2, 0x62ed0028,
+    0x078a3b6e, 0xe6ce9dfd, 0x83a9a6bb, 0x2c00eb71, 0x4967d037,
+    0xd53e0b33, 0xb0593075, 0x1ff07dbf, 0x7a9746f9, 0x9bd3e06a,
+    0xfeb4db2c, 0x511d96e6, 0x347aada0, 0x48e5dd81, 0x2d82e6c7,
+    0x822bab0d, 0xe74c904b, 0x060836d8, 0x636f0d9e, 0xccc64054,
+    0xa9a17b12, 0x2f04f01d, 0x4a63cb5b, 0xe5ca8691, 0x80adbdd7,
+    0x61e91b44, 0x048e2002, 0xab276dc8, 0xce40568e, 0xb2df26af,
+    0xd7b81de9, 0x78115023, 0x1d766b65, 0xfc32cdf6, 0x9955f6b0,
+    0x36fcbb7a, 0x539b803c, 0xcfc25b38, 0xaaa5607e, 0x050c2db4,
+    0x606b16f2, 0x812fb061, 0xe4488b27, 0x4be1c6ed, 0x2e86fdab,
+    0x52198d8a, 0x377eb6cc, 0x98d7fb06, 0xfdb0c040, 0x1cf466d3,
+    0x79935d95, 0xd63a105f, 0xb35d2b19, 0x6bf1402c, 0x0e967b6a,
+    0xa13f36a0, 0xc4580de6, 0x251cab75, 0x407b9033, 0xefd2ddf9,
+    0x8ab5e6bf, 0xf62a969e, 0x934dadd8, 0x3ce4e012, 0x5983db54,
+    0xb8c77dc7, 0xdda04681, 0x72090b4b, 0x176e300d, 0x8b37eb09,
+    0xee50d04f, 0x41f99d85, 0x249ea6c3, 0xc5da0050, 0xa0bd3b16,
+    0x0f1476dc, 0x6a734d9a, 0x16ec3dbb, 0x738b06fd, 0xdc224b37,
+    0xb9457071, 0x5801d6e2, 0x3d66eda4, 0x92cfa06e, 0xf7a89b28,
+    0x710d1027, 0x146a2b61, 0xbbc366ab, 0xdea45ded, 0x3fe0fb7e,
+    0x5a87c038, 0xf52e8df2, 0x9049b6b4, 0xecd6c695, 0x89b1fdd3,
+    0x2618b019, 0x437f8b5f, 0xa23b2dcc, 0xc75c168a, 0x68f55b40,
+    0x0d926006, 0x91cbbb02, 0xf4ac8044, 0x5b05cd8e, 0x3e62f6c8,
+    0xdf26505b, 0xba416b1d, 0x15e826d7, 0x708f1d91, 0x0c106db0,
+    0x697756f6, 0xc6de1b3c, 0xa3b9207a, 0x42fd86e9, 0x279abdaf,
+    0x8833f065, 0xed54cb23, 0x5e09e03a, 0x3b6edb7c, 0x94c796b6,
+    0xf1a0adf0, 0x10e40b63, 0x75833025, 0xda2a7def, 0xbf4d46a9,
+    0xc3d23688, 0xa6b50dce, 0x091c4004, 0x6c7b7b42, 0x8d3fddd1,
+    0xe858e697, 0x47f1ab5d, 0x2296901b, 0xbecf4b1f, 0xdba87059,
+    0x74013d93, 0x116606d5, 0xf022a046, 0x95459b00, 0x3aecd6ca,
+    0x5f8bed8c, 0x23149dad, 0x4673a6eb, 0xe9daeb21, 0x8cbdd067,
+    0x6df976f4, 0x089e4db2, 0xa7370078, 0xc2503b3e, 0x44f5b031,
+    0x21928b77, 0x8e3bc6bd, 0xeb5cfdfb, 0x0a185b68, 0x6f7f602e,
+    0xc0d62de4, 0xa5b116a2, 0xd92e6683, 0xbc495dc5, 0x13e0100f,
+    0x76872b49, 0x97c38dda, 0xf2a4b69c, 0x5d0dfb56, 0x386ac010,
+    0xa4331b14, 0xc1542052, 0x6efd6d98, 0x0b9a56de, 0xeadef04d,
+    0x8fb9cb0b, 0x201086c1, 0x4577bd87, 0x39e8cda6, 0x5c8ff6e0,
+    0xf326bb2a, 0x9641806c, 0x770526ff, 0x12621db9, 0xbdcb5073,
+    0xd8ac6b35},
+   {0x00000000, 0xd7e28058, 0x74b406f1, 0xa35686a9, 0xe9680de2,
+    0x3e8a8dba, 0x9ddc0b13, 0x4a3e8b4b, 0x09a11d85, 0xde439ddd,
+    0x7d151b74, 0xaaf79b2c, 0xe0c91067, 0x372b903f, 0x947d1696,
+    0x439f96ce, 0x13423b0a, 0xc4a0bb52, 0x67f63dfb, 0xb014bda3,
+    0xfa2a36e8, 0x2dc8b6b0, 0x8e9e3019, 0x597cb041, 0x1ae3268f,
+    0xcd01a6d7, 0x6e57207e, 0xb9b5a026, 0xf38b2b6d, 0x2469ab35,
+    0x873f2d9c, 0x50ddadc4, 0x26847614, 0xf166f64c, 0x523070e5,
+    0x85d2f0bd, 0xcfec7bf6, 0x180efbae, 0xbb587d07, 0x6cbafd5f,
+    0x2f256b91, 0xf8c7ebc9, 0x5b916d60, 0x8c73ed38, 0xc64d6673,
+    0x11afe62b, 0xb2f96082, 0x651be0da, 0x35c64d1e, 0xe224cd46,
+    0x41724bef, 0x9690cbb7, 0xdcae40fc, 0x0b4cc0a4, 0xa81a460d,
+    0x7ff8c655, 0x3c67509b, 0xeb85d0c3, 0x48d3566a, 0x9f31d632,
+    0xd50f5d79, 0x02eddd21, 0xa1bb5b88, 0x7659dbd0, 0x4d08ec28,
+    0x9aea6c70, 0x39bcead9, 0xee5e6a81, 0xa460e1ca, 0x73826192,
+    0xd0d4e73b, 0x07366763, 0x44a9f1ad, 0x934b71f5, 0x301df75c,
+    0xe7ff7704, 0xadc1fc4f, 0x7a237c17, 0xd975fabe, 0x0e977ae6,
+    0x5e4ad722, 0x89a8577a, 0x2afed1d3, 0xfd1c518b, 0xb722dac0,
+    0x60c05a98, 0xc396dc31, 0x14745c69, 0x57ebcaa7, 0x80094aff,
+    0x235fcc56, 0xf4bd4c0e, 0xbe83c745, 0x6961471d, 0xca37c1b4,
+    0x1dd541ec, 0x6b8c9a3c, 0xbc6e1a64, 0x1f389ccd, 0xc8da1c95,
+    0x82e497de, 0x55061786, 0xf650912f, 0x21b21177, 0x622d87b9,
+    0xb5cf07e1, 0x16998148, 0xc17b0110, 0x8b458a5b, 0x5ca70a03,
+    0xfff18caa, 0x28130cf2, 0x78cea136, 0xaf2c216e, 0x0c7aa7c7,
+    0xdb98279f, 0x91a6acd4, 0x46442c8c, 0xe512aa25, 0x32f02a7d,
+    0x716fbcb3, 0xa68d3ceb, 0x05dbba42, 0xd2393a1a, 0x9807b151,
+    0x4fe53109, 0xecb3b7a0, 0x3b5137f8, 0x9a11d850, 0x4df35808,
+    0xeea5dea1, 0x39475ef9, 0x7379d5b2, 0xa49b55ea, 0x07cdd343,
+    0xd02f531b, 0x93b0c5d5, 0x4452458d, 0xe704c324, 0x30e6437c,
+    0x7ad8c837, 0xad3a486f, 0x0e6ccec6, 0xd98e4e9e, 0x8953e35a,
+    0x5eb16302, 0xfde7e5ab, 0x2a0565f3, 0x603beeb8, 0xb7d96ee0,
+    0x148fe849, 0xc36d6811, 0x80f2fedf, 0x57107e87, 0xf446f82e,
+    0x23a47876, 0x699af33d, 0xbe787365, 0x1d2ef5cc, 0xcacc7594,
+    0xbc95ae44, 0x6b772e1c, 0xc821a8b5, 0x1fc328ed, 0x55fda3a6,
+    0x821f23fe, 0x2149a557, 0xf6ab250f, 0xb534b3c1, 0x62d63399,
+    0xc180b530, 0x16623568, 0x5c5cbe23, 0x8bbe3e7b, 0x28e8b8d2,
+    0xff0a388a, 0xafd7954e, 0x78351516, 0xdb6393bf, 0x0c8113e7,
+    0x46bf98ac, 0x915d18f4, 0x320b9e5d, 0xe5e91e05, 0xa67688cb,
+    0x71940893, 0xd2c28e3a, 0x05200e62, 0x4f1e8529, 0x98fc0571,
+    0x3baa83d8, 0xec480380, 0xd7193478, 0x00fbb420, 0xa3ad3289,
+    0x744fb2d1, 0x3e71399a, 0xe993b9c2, 0x4ac53f6b, 0x9d27bf33,
+    0xdeb829fd, 0x095aa9a5, 0xaa0c2f0c, 0x7deeaf54, 0x37d0241f,
+    0xe032a447, 0x436422ee, 0x9486a2b6, 0xc45b0f72, 0x13b98f2a,
+    0xb0ef0983, 0x670d89db, 0x2d330290, 0xfad182c8, 0x59870461,
+    0x8e658439, 0xcdfa12f7, 0x1a1892af, 0xb94e1406, 0x6eac945e,
+    0x24921f15, 0xf3709f4d, 0x502619e4, 0x87c499bc, 0xf19d426c,
+    0x267fc234, 0x8529449d, 0x52cbc4c5, 0x18f54f8e, 0xcf17cfd6,
+    0x6c41497f, 0xbba3c927, 0xf83c5fe9, 0x2fdedfb1, 0x8c885918,
+    0x5b6ad940, 0x1154520b, 0xc6b6d253, 0x65e054fa, 0xb202d4a2,
+    0xe2df7966, 0x353df93e, 0x966b7f97, 0x4189ffcf, 0x0bb77484,
+    0xdc55f4dc, 0x7f037275, 0xa8e1f22d, 0xeb7e64e3, 0x3c9ce4bb,
+    0x9fca6212, 0x4828e24a, 0x02166901, 0xd5f4e959, 0x76a26ff0,
+    0xa140efa8},
+   {0x00000000, 0xef52b6e1, 0x05d46b83, 0xea86dd62, 0x0ba8d706,
+    0xe4fa61e7, 0x0e7cbc85, 0xe12e0a64, 0x1751ae0c, 0xf80318ed,
+    0x1285c58f, 0xfdd7736e, 0x1cf9790a, 0xf3abcfeb, 0x192d1289,
+    0xf67fa468, 0x2ea35c18, 0xc1f1eaf9, 0x2b77379b, 0xc425817a,
+    0x250b8b1e, 0xca593dff, 0x20dfe09d, 0xcf8d567c, 0x39f2f214,
+    0xd6a044f5, 0x3c269997, 0xd3742f76, 0x325a2512, 0xdd0893f3,
+    0x378e4e91, 0xd8dcf870, 0x5d46b830, 0xb2140ed1, 0x5892d3b3,
+    0xb7c06552, 0x56ee6f36, 0xb9bcd9d7, 0x533a04b5, 0xbc68b254,
+    0x4a17163c, 0xa545a0dd, 0x4fc37dbf, 0xa091cb5e, 0x41bfc13a,
+    0xaeed77db, 0x446baab9, 0xab391c58, 0x73e5e428, 0x9cb752c9,
+    0x76318fab, 0x9963394a, 0x784d332e, 0x971f85cf, 0x7d9958ad,
+    0x92cbee4c, 0x64b44a24, 0x8be6fcc5, 0x616021a7, 0x8e329746,
+    0x6f1c9d22, 0x804e2bc3, 0x6ac8f6a1, 0x859a4040, 0xba8d7060,
+    0x55dfc681, 0xbf591be3, 0x500bad02, 0xb125a766, 0x5e771187,
+    0xb4f1cce5, 0x5ba37a04, 0xaddcde6c, 0x428e688d, 0xa808b5ef,
+    0x475a030e, 0xa674096a, 0x4926bf8b, 0xa3a062e9, 0x4cf2d408,
+    0x942e2c78, 0x7b7c9a99, 0x91fa47fb, 0x7ea8f11a, 0x9f86fb7e,
+    0x70d44d9f, 0x9a5290fd, 0x7500261c, 0x837f8274, 0x6c2d3495,
+    0x86abe9f7, 0x69f95f16, 0x88d75572, 0x6785e393, 0x8d033ef1,
+    0x62518810, 0xe7cbc850, 0x08997eb1, 0xe21fa3d3, 0x0d4d1532,
+    0xec631f56, 0x0331a9b7, 0xe9b774d5, 0x06e5c234, 0xf09a665c,
+    0x1fc8d0bd, 0xf54e0ddf, 0x1a1cbb3e, 0xfb32b15a, 0x146007bb,
+    0xfee6dad9, 0x11b46c38, 0xc9689448, 0x263a22a9, 0xccbcffcb,
+    0x23ee492a, 0xc2c0434e, 0x2d92f5af, 0xc71428cd, 0x28469e2c,
+    0xde393a44, 0x316b8ca5, 0xdbed51c7, 0x34bfe726, 0xd591ed42,
+    0x3ac35ba3, 0xd04586c1, 0x3f173020, 0xae6be681, 0x41395060,
+    0xabbf8d02, 0x44ed3be3, 0xa5c33187, 0x4a918766, 0xa0175a04,
+    0x4f45ece5, 0xb93a488d, 0x5668fe6c, 0xbcee230e, 0x53bc95ef,
+    0xb2929f8b, 0x5dc0296a, 0xb746f408, 0x581442e9, 0x80c8ba99,
+    0x6f9a0c78, 0x851cd11a, 0x6a4e67fb, 0x8b606d9f, 0x6432db7e,
+    0x8eb4061c, 0x61e6b0fd, 0x97991495, 0x78cba274, 0x924d7f16,
+    0x7d1fc9f7, 0x9c31c393, 0x73637572, 0x99e5a810, 0x76b71ef1,
+    0xf32d5eb1, 0x1c7fe850, 0xf6f93532, 0x19ab83d3, 0xf88589b7,
+    0x17d73f56, 0xfd51e234, 0x120354d5, 0xe47cf0bd, 0x0b2e465c,
+    0xe1a89b3e, 0x0efa2ddf, 0xefd427bb, 0x0086915a, 0xea004c38,
+    0x0552fad9, 0xdd8e02a9, 0x32dcb448, 0xd85a692a, 0x3708dfcb,
+    0xd626d5af, 0x3974634e, 0xd3f2be2c, 0x3ca008cd, 0xcadfaca5,
+    0x258d1a44, 0xcf0bc726, 0x205971c7, 0xc1777ba3, 0x2e25cd42,
+    0xc4a31020, 0x2bf1a6c1, 0x14e696e1, 0xfbb42000, 0x1132fd62,
+    0xfe604b83, 0x1f4e41e7, 0xf01cf706, 0x1a9a2a64, 0xf5c89c85,
+    0x03b738ed, 0xece58e0c, 0x0663536e, 0xe931e58f, 0x081fefeb,
+    0xe74d590a, 0x0dcb8468, 0xe2993289, 0x3a45caf9, 0xd5177c18,
+    0x3f91a17a, 0xd0c3179b, 0x31ed1dff, 0xdebfab1e, 0x3439767c,
+    0xdb6bc09d, 0x2d1464f5, 0xc246d214, 0x28c00f76, 0xc792b997,
+    0x26bcb3f3, 0xc9ee0512, 0x2368d870, 0xcc3a6e91, 0x49a02ed1,
+    0xa6f29830, 0x4c744552, 0xa326f3b3, 0x4208f9d7, 0xad5a4f36,
+    0x47dc9254, 0xa88e24b5, 0x5ef180dd, 0xb1a3363c, 0x5b25eb5e,
+    0xb4775dbf, 0x555957db, 0xba0be13a, 0x508d3c58, 0xbfdf8ab9,
+    0x670372c9, 0x8851c428, 0x62d7194a, 0x8d85afab, 0x6caba5cf,
+    0x83f9132e, 0x697fce4c, 0x862d78ad, 0x7052dcc5, 0x9f006a24,
+    0x7586b746, 0x9ad401a7, 0x7bfa0bc3, 0x94a8bd22, 0x7e2e6040,
+    0x917cd6a1},
+   {0x00000000, 0x87a6cb43, 0xd43c90c7, 0x539a5b84, 0x730827cf,
+    0xf4aeec8c, 0xa734b708, 0x20927c4b, 0xe6104f9e, 0x61b684dd,
+    0x322cdf59, 0xb58a141a, 0x95186851, 0x12bea312, 0x4124f896,
+    0xc68233d5, 0x1751997d, 0x90f7523e, 0xc36d09ba, 0x44cbc2f9,
+    0x6459beb2, 0xe3ff75f1, 0xb0652e75, 0x37c3e536, 0xf141d6e3,
+    0x76e71da0, 0x257d4624, 0xa2db8d67, 0x8249f12c, 0x05ef3a6f,
+    0x567561eb, 0xd1d3aaa8, 0x2ea332fa, 0xa905f9b9, 0xfa9fa23d,
+    0x7d39697e, 0x5dab1535, 0xda0dde76, 0x899785f2, 0x0e314eb1,
+    0xc8b37d64, 0x4f15b627, 0x1c8feda3, 0x9b2926e0, 0xbbbb5aab,
+    0x3c1d91e8, 0x6f87ca6c, 0xe821012f, 0x39f2ab87, 0xbe5460c4,
+    0xedce3b40, 0x6a68f003, 0x4afa8c48, 0xcd5c470b, 0x9ec61c8f,
+    0x1960d7cc, 0xdfe2e419, 0x58442f5a, 0x0bde74de, 0x8c78bf9d,
+    0xaceac3d6, 0x2b4c0895, 0x78d65311, 0xff709852, 0x5d4665f4,
+    0xdae0aeb7, 0x897af533, 0x0edc3e70, 0x2e4e423b, 0xa9e88978,
+    0xfa72d2fc, 0x7dd419bf, 0xbb562a6a, 0x3cf0e129, 0x6f6abaad,
+    0xe8cc71ee, 0xc85e0da5, 0x4ff8c6e6, 0x1c629d62, 0x9bc45621,
+    0x4a17fc89, 0xcdb137ca, 0x9e2b6c4e, 0x198da70d, 0x391fdb46,
+    0xbeb91005, 0xed234b81, 0x6a8580c2, 0xac07b317, 0x2ba17854,
+    0x783b23d0, 0xff9de893, 0xdf0f94d8, 0x58a95f9b, 0x0b33041f,
+    0x8c95cf5c, 0x73e5570e, 0xf4439c4d, 0xa7d9c7c9, 0x207f0c8a,
+    0x00ed70c1, 0x874bbb82, 0xd4d1e006, 0x53772b45, 0x95f51890,
+    0x1253d3d3, 0x41c98857, 0xc66f4314, 0xe6fd3f5f, 0x615bf41c,
+    0x32c1af98, 0xb56764db, 0x64b4ce73, 0xe3120530, 0xb0885eb4,
+    0x372e95f7, 0x17bce9bc, 0x901a22ff, 0xc380797b, 0x4426b238,
+    0x82a481ed, 0x05024aae, 0x5698112a, 0xd13eda69, 0xf1aca622,
+    0x760a6d61, 0x259036e5, 0xa236fda6, 0xba8ccbe8, 0x3d2a00ab,
+    0x6eb05b2f, 0xe916906c, 0xc984ec27, 0x4e222764, 0x1db87ce0,
+    0x9a1eb7a3, 0x5c9c8476, 0xdb3a4f35, 0x88a014b1, 0x0f06dff2,
+    0x2f94a3b9, 0xa83268fa, 0xfba8337e, 0x7c0ef83d, 0xaddd5295,
+    0x2a7b99d6, 0x79e1c252, 0xfe470911, 0xded5755a, 0x5973be19,
+    0x0ae9e59d, 0x8d4f2ede, 0x4bcd1d0b, 0xcc6bd648, 0x9ff18dcc,
+    0x1857468f, 0x38c53ac4, 0xbf63f187, 0xecf9aa03, 0x6b5f6140,
+    0x942ff912, 0x13893251, 0x401369d5, 0xc7b5a296, 0xe727dedd,
+    0x6081159e, 0x331b4e1a, 0xb4bd8559, 0x723fb68c, 0xf5997dcf,
+    0xa603264b, 0x21a5ed08, 0x01379143, 0x86915a00, 0xd50b0184,
+    0x52adcac7, 0x837e606f, 0x04d8ab2c, 0x5742f0a8, 0xd0e43beb,
+    0xf07647a0, 0x77d08ce3, 0x244ad767, 0xa3ec1c24, 0x656e2ff1,
+    0xe2c8e4b2, 0xb152bf36, 0x36f47475, 0x1666083e, 0x91c0c37d,
+    0xc25a98f9, 0x45fc53ba, 0xe7caae1c, 0x606c655f, 0x33f63edb,
+    0xb450f598, 0x94c289d3, 0x13644290, 0x40fe1914, 0xc758d257,
+    0x01dae182, 0x867c2ac1, 0xd5e67145, 0x5240ba06, 0x72d2c64d,
+    0xf5740d0e, 0xa6ee568a, 0x21489dc9, 0xf09b3761, 0x773dfc22,
+    0x24a7a7a6, 0xa3016ce5, 0x839310ae, 0x0435dbed, 0x57af8069,
+    0xd0094b2a, 0x168b78ff, 0x912db3bc, 0xc2b7e838, 0x4511237b,
+    0x65835f30, 0xe2259473, 0xb1bfcff7, 0x361904b4, 0xc9699ce6,
+    0x4ecf57a5, 0x1d550c21, 0x9af3c762, 0xba61bb29, 0x3dc7706a,
+    0x6e5d2bee, 0xe9fbe0ad, 0x2f79d378, 0xa8df183b, 0xfb4543bf,
+    0x7ce388fc, 0x5c71f4b7, 0xdbd73ff4, 0x884d6470, 0x0febaf33,
+    0xde38059b, 0x599eced8, 0x0a04955c, 0x8da25e1f, 0xad302254,
+    0x2a96e917, 0x790cb293, 0xfeaa79d0, 0x38284a05, 0xbf8e8146,
+    0xec14dac2, 0x6bb21181, 0x4b206dca, 0xcc86a689, 0x9f1cfd0d,
+    0x18ba364e}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x43cba68700000000, 0xc7903cd400000000,
+    0x845b9a5300000000, 0xcf27087300000000, 0x8cecaef400000000,
+    0x08b734a700000000, 0x4b7c922000000000, 0x9e4f10e600000000,
+    0xdd84b66100000000, 0x59df2c3200000000, 0x1a148ab500000000,
+    0x5168189500000000, 0x12a3be1200000000, 0x96f8244100000000,
+    0xd53382c600000000, 0x7d99511700000000, 0x3e52f79000000000,
+    0xba096dc300000000, 0xf9c2cb4400000000, 0xb2be596400000000,
+    0xf175ffe300000000, 0x752e65b000000000, 0x36e5c33700000000,
+    0xe3d641f100000000, 0xa01de77600000000, 0x24467d2500000000,
+    0x678ddba200000000, 0x2cf1498200000000, 0x6f3aef0500000000,
+    0xeb61755600000000, 0xa8aad3d100000000, 0xfa32a32e00000000,
+    0xb9f905a900000000, 0x3da29ffa00000000, 0x7e69397d00000000,
+    0x3515ab5d00000000, 0x76de0dda00000000, 0xf285978900000000,
+    0xb14e310e00000000, 0x647db3c800000000, 0x27b6154f00000000,
+    0xa3ed8f1c00000000, 0xe026299b00000000, 0xab5abbbb00000000,
+    0xe8911d3c00000000, 0x6cca876f00000000, 0x2f0121e800000000,
+    0x87abf23900000000, 0xc46054be00000000, 0x403bceed00000000,
+    0x03f0686a00000000, 0x488cfa4a00000000, 0x0b475ccd00000000,
+    0x8f1cc69e00000000, 0xccd7601900000000, 0x19e4e2df00000000,
+    0x5a2f445800000000, 0xde74de0b00000000, 0x9dbf788c00000000,
+    0xd6c3eaac00000000, 0x95084c2b00000000, 0x1153d67800000000,
+    0x529870ff00000000, 0xf465465d00000000, 0xb7aee0da00000000,
+    0x33f57a8900000000, 0x703edc0e00000000, 0x3b424e2e00000000,
+    0x7889e8a900000000, 0xfcd272fa00000000, 0xbf19d47d00000000,
+    0x6a2a56bb00000000, 0x29e1f03c00000000, 0xadba6a6f00000000,
+    0xee71cce800000000, 0xa50d5ec800000000, 0xe6c6f84f00000000,
+    0x629d621c00000000, 0x2156c49b00000000, 0x89fc174a00000000,
+    0xca37b1cd00000000, 0x4e6c2b9e00000000, 0x0da78d1900000000,
+    0x46db1f3900000000, 0x0510b9be00000000, 0x814b23ed00000000,
+    0xc280856a00000000, 0x17b307ac00000000, 0x5478a12b00000000,
+    0xd0233b7800000000, 0x93e89dff00000000, 0xd8940fdf00000000,
+    0x9b5fa95800000000, 0x1f04330b00000000, 0x5ccf958c00000000,
+    0x0e57e57300000000, 0x4d9c43f400000000, 0xc9c7d9a700000000,
+    0x8a0c7f2000000000, 0xc170ed0000000000, 0x82bb4b8700000000,
+    0x06e0d1d400000000, 0x452b775300000000, 0x9018f59500000000,
+    0xd3d3531200000000, 0x5788c94100000000, 0x14436fc600000000,
+    0x5f3ffde600000000, 0x1cf45b6100000000, 0x98afc13200000000,
+    0xdb6467b500000000, 0x73ceb46400000000, 0x300512e300000000,
+    0xb45e88b000000000, 0xf7952e3700000000, 0xbce9bc1700000000,
+    0xff221a9000000000, 0x7b7980c300000000, 0x38b2264400000000,
+    0xed81a48200000000, 0xae4a020500000000, 0x2a11985600000000,
+    0x69da3ed100000000, 0x22a6acf100000000, 0x616d0a7600000000,
+    0xe536902500000000, 0xa6fd36a200000000, 0xe8cb8cba00000000,
+    0xab002a3d00000000, 0x2f5bb06e00000000, 0x6c9016e900000000,
+    0x27ec84c900000000, 0x6427224e00000000, 0xe07cb81d00000000,
+    0xa3b71e9a00000000, 0x76849c5c00000000, 0x354f3adb00000000,
+    0xb114a08800000000, 0xf2df060f00000000, 0xb9a3942f00000000,
+    0xfa6832a800000000, 0x7e33a8fb00000000, 0x3df80e7c00000000,
+    0x9552ddad00000000, 0xd6997b2a00000000, 0x52c2e17900000000,
+    0x110947fe00000000, 0x5a75d5de00000000, 0x19be735900000000,
+    0x9de5e90a00000000, 0xde2e4f8d00000000, 0x0b1dcd4b00000000,
+    0x48d66bcc00000000, 0xcc8df19f00000000, 0x8f46571800000000,
+    0xc43ac53800000000, 0x87f163bf00000000, 0x03aaf9ec00000000,
+    0x40615f6b00000000, 0x12f92f9400000000, 0x5132891300000000,
+    0xd569134000000000, 0x96a2b5c700000000, 0xddde27e700000000,
+    0x9e15816000000000, 0x1a4e1b3300000000, 0x5985bdb400000000,
+    0x8cb63f7200000000, 0xcf7d99f500000000, 0x4b2603a600000000,
+    0x08eda52100000000, 0x4391370100000000, 0x005a918600000000,
+    0x84010bd500000000, 0xc7caad5200000000, 0x6f607e8300000000,
+    0x2cabd80400000000, 0xa8f0425700000000, 0xeb3be4d000000000,
+    0xa04776f000000000, 0xe38cd07700000000, 0x67d74a2400000000,
+    0x241ceca300000000, 0xf12f6e6500000000, 0xb2e4c8e200000000,
+    0x36bf52b100000000, 0x7574f43600000000, 0x3e08661600000000,
+    0x7dc3c09100000000, 0xf9985ac200000000, 0xba53fc4500000000,
+    0x1caecae700000000, 0x5f656c6000000000, 0xdb3ef63300000000,
+    0x98f550b400000000, 0xd389c29400000000, 0x9042641300000000,
+    0x1419fe4000000000, 0x57d258c700000000, 0x82e1da0100000000,
+    0xc12a7c8600000000, 0x4571e6d500000000, 0x06ba405200000000,
+    0x4dc6d27200000000, 0x0e0d74f500000000, 0x8a56eea600000000,
+    0xc99d482100000000, 0x61379bf000000000, 0x22fc3d7700000000,
+    0xa6a7a72400000000, 0xe56c01a300000000, 0xae10938300000000,
+    0xeddb350400000000, 0x6980af5700000000, 0x2a4b09d000000000,
+    0xff788b1600000000, 0xbcb32d9100000000, 0x38e8b7c200000000,
+    0x7b23114500000000, 0x305f836500000000, 0x739425e200000000,
+    0xf7cfbfb100000000, 0xb404193600000000, 0xe69c69c900000000,
+    0xa557cf4e00000000, 0x210c551d00000000, 0x62c7f39a00000000,
+    0x29bb61ba00000000, 0x6a70c73d00000000, 0xee2b5d6e00000000,
+    0xade0fbe900000000, 0x78d3792f00000000, 0x3b18dfa800000000,
+    0xbf4345fb00000000, 0xfc88e37c00000000, 0xb7f4715c00000000,
+    0xf43fd7db00000000, 0x70644d8800000000, 0x33afeb0f00000000,
+    0x9b0538de00000000, 0xd8ce9e5900000000, 0x5c95040a00000000,
+    0x1f5ea28d00000000, 0x542230ad00000000, 0x17e9962a00000000,
+    0x93b20c7900000000, 0xd079aafe00000000, 0x054a283800000000,
+    0x46818ebf00000000, 0xc2da14ec00000000, 0x8111b26b00000000,
+    0xca6d204b00000000, 0x89a686cc00000000, 0x0dfd1c9f00000000,
+    0x4e36ba1800000000},
+   {0x0000000000000000, 0xe1b652ef00000000, 0x836bd40500000000,
+    0x62dd86ea00000000, 0x06d7a80b00000000, 0xe761fae400000000,
+    0x85bc7c0e00000000, 0x640a2ee100000000, 0x0cae511700000000,
+    0xed1803f800000000, 0x8fc5851200000000, 0x6e73d7fd00000000,
+    0x0a79f91c00000000, 0xebcfabf300000000, 0x89122d1900000000,
+    0x68a47ff600000000, 0x185ca32e00000000, 0xf9eaf1c100000000,
+    0x9b37772b00000000, 0x7a8125c400000000, 0x1e8b0b2500000000,
+    0xff3d59ca00000000, 0x9de0df2000000000, 0x7c568dcf00000000,
+    0x14f2f23900000000, 0xf544a0d600000000, 0x9799263c00000000,
+    0x762f74d300000000, 0x12255a3200000000, 0xf39308dd00000000,
+    0x914e8e3700000000, 0x70f8dcd800000000, 0x30b8465d00000000,
+    0xd10e14b200000000, 0xb3d3925800000000, 0x5265c0b700000000,
+    0x366fee5600000000, 0xd7d9bcb900000000, 0xb5043a5300000000,
+    0x54b268bc00000000, 0x3c16174a00000000, 0xdda045a500000000,
+    0xbf7dc34f00000000, 0x5ecb91a000000000, 0x3ac1bf4100000000,
+    0xdb77edae00000000, 0xb9aa6b4400000000, 0x581c39ab00000000,
+    0x28e4e57300000000, 0xc952b79c00000000, 0xab8f317600000000,
+    0x4a39639900000000, 0x2e334d7800000000, 0xcf851f9700000000,
+    0xad58997d00000000, 0x4ceecb9200000000, 0x244ab46400000000,
+    0xc5fce68b00000000, 0xa721606100000000, 0x4697328e00000000,
+    0x229d1c6f00000000, 0xc32b4e8000000000, 0xa1f6c86a00000000,
+    0x40409a8500000000, 0x60708dba00000000, 0x81c6df5500000000,
+    0xe31b59bf00000000, 0x02ad0b5000000000, 0x66a725b100000000,
+    0x8711775e00000000, 0xe5ccf1b400000000, 0x047aa35b00000000,
+    0x6cdedcad00000000, 0x8d688e4200000000, 0xefb508a800000000,
+    0x0e035a4700000000, 0x6a0974a600000000, 0x8bbf264900000000,
+    0xe962a0a300000000, 0x08d4f24c00000000, 0x782c2e9400000000,
+    0x999a7c7b00000000, 0xfb47fa9100000000, 0x1af1a87e00000000,
+    0x7efb869f00000000, 0x9f4dd47000000000, 0xfd90529a00000000,
+    0x1c26007500000000, 0x74827f8300000000, 0x95342d6c00000000,
+    0xf7e9ab8600000000, 0x165ff96900000000, 0x7255d78800000000,
+    0x93e3856700000000, 0xf13e038d00000000, 0x1088516200000000,
+    0x50c8cbe700000000, 0xb17e990800000000, 0xd3a31fe200000000,
+    0x32154d0d00000000, 0x561f63ec00000000, 0xb7a9310300000000,
+    0xd574b7e900000000, 0x34c2e50600000000, 0x5c669af000000000,
+    0xbdd0c81f00000000, 0xdf0d4ef500000000, 0x3ebb1c1a00000000,
+    0x5ab132fb00000000, 0xbb07601400000000, 0xd9dae6fe00000000,
+    0x386cb41100000000, 0x489468c900000000, 0xa9223a2600000000,
+    0xcbffbccc00000000, 0x2a49ee2300000000, 0x4e43c0c200000000,
+    0xaff5922d00000000, 0xcd2814c700000000, 0x2c9e462800000000,
+    0x443a39de00000000, 0xa58c6b3100000000, 0xc751eddb00000000,
+    0x26e7bf3400000000, 0x42ed91d500000000, 0xa35bc33a00000000,
+    0xc18645d000000000, 0x2030173f00000000, 0x81e66bae00000000,
+    0x6050394100000000, 0x028dbfab00000000, 0xe33bed4400000000,
+    0x8731c3a500000000, 0x6687914a00000000, 0x045a17a000000000,
+    0xe5ec454f00000000, 0x8d483ab900000000, 0x6cfe685600000000,
+    0x0e23eebc00000000, 0xef95bc5300000000, 0x8b9f92b200000000,
+    0x6a29c05d00000000, 0x08f446b700000000, 0xe942145800000000,
+    0x99bac88000000000, 0x780c9a6f00000000, 0x1ad11c8500000000,
+    0xfb674e6a00000000, 0x9f6d608b00000000, 0x7edb326400000000,
+    0x1c06b48e00000000, 0xfdb0e66100000000, 0x9514999700000000,
+    0x74a2cb7800000000, 0x167f4d9200000000, 0xf7c91f7d00000000,
+    0x93c3319c00000000, 0x7275637300000000, 0x10a8e59900000000,
+    0xf11eb77600000000, 0xb15e2df300000000, 0x50e87f1c00000000,
+    0x3235f9f600000000, 0xd383ab1900000000, 0xb78985f800000000,
+    0x563fd71700000000, 0x34e251fd00000000, 0xd554031200000000,
+    0xbdf07ce400000000, 0x5c462e0b00000000, 0x3e9ba8e100000000,
+    0xdf2dfa0e00000000, 0xbb27d4ef00000000, 0x5a91860000000000,
+    0x384c00ea00000000, 0xd9fa520500000000, 0xa9028edd00000000,
+    0x48b4dc3200000000, 0x2a695ad800000000, 0xcbdf083700000000,
+    0xafd526d600000000, 0x4e63743900000000, 0x2cbef2d300000000,
+    0xcd08a03c00000000, 0xa5acdfca00000000, 0x441a8d2500000000,
+    0x26c70bcf00000000, 0xc771592000000000, 0xa37b77c100000000,
+    0x42cd252e00000000, 0x2010a3c400000000, 0xc1a6f12b00000000,
+    0xe196e61400000000, 0x0020b4fb00000000, 0x62fd321100000000,
+    0x834b60fe00000000, 0xe7414e1f00000000, 0x06f71cf000000000,
+    0x642a9a1a00000000, 0x859cc8f500000000, 0xed38b70300000000,
+    0x0c8ee5ec00000000, 0x6e53630600000000, 0x8fe531e900000000,
+    0xebef1f0800000000, 0x0a594de700000000, 0x6884cb0d00000000,
+    0x893299e200000000, 0xf9ca453a00000000, 0x187c17d500000000,
+    0x7aa1913f00000000, 0x9b17c3d000000000, 0xff1ded3100000000,
+    0x1eabbfde00000000, 0x7c76393400000000, 0x9dc06bdb00000000,
+    0xf564142d00000000, 0x14d246c200000000, 0x760fc02800000000,
+    0x97b992c700000000, 0xf3b3bc2600000000, 0x1205eec900000000,
+    0x70d8682300000000, 0x916e3acc00000000, 0xd12ea04900000000,
+    0x3098f2a600000000, 0x5245744c00000000, 0xb3f326a300000000,
+    0xd7f9084200000000, 0x364f5aad00000000, 0x5492dc4700000000,
+    0xb5248ea800000000, 0xdd80f15e00000000, 0x3c36a3b100000000,
+    0x5eeb255b00000000, 0xbf5d77b400000000, 0xdb57595500000000,
+    0x3ae10bba00000000, 0x583c8d5000000000, 0xb98adfbf00000000,
+    0xc972036700000000, 0x28c4518800000000, 0x4a19d76200000000,
+    0xabaf858d00000000, 0xcfa5ab6c00000000, 0x2e13f98300000000,
+    0x4cce7f6900000000, 0xad782d8600000000, 0xc5dc527000000000,
+    0x246a009f00000000, 0x46b7867500000000, 0xa701d49a00000000,
+    0xc30bfa7b00000000, 0x22bda89400000000, 0x40602e7e00000000,
+    0xa1d67c9100000000},
+   {0x0000000000000000, 0x5880e2d700000000, 0xf106b47400000000,
+    0xa98656a300000000, 0xe20d68e900000000, 0xba8d8a3e00000000,
+    0x130bdc9d00000000, 0x4b8b3e4a00000000, 0x851da10900000000,
+    0xdd9d43de00000000, 0x741b157d00000000, 0x2c9bf7aa00000000,
+    0x6710c9e000000000, 0x3f902b3700000000, 0x96167d9400000000,
+    0xce969f4300000000, 0x0a3b421300000000, 0x52bba0c400000000,
+    0xfb3df66700000000, 0xa3bd14b000000000, 0xe8362afa00000000,
+    0xb0b6c82d00000000, 0x19309e8e00000000, 0x41b07c5900000000,
+    0x8f26e31a00000000, 0xd7a601cd00000000, 0x7e20576e00000000,
+    0x26a0b5b900000000, 0x6d2b8bf300000000, 0x35ab692400000000,
+    0x9c2d3f8700000000, 0xc4addd5000000000, 0x1476842600000000,
+    0x4cf666f100000000, 0xe570305200000000, 0xbdf0d28500000000,
+    0xf67beccf00000000, 0xaefb0e1800000000, 0x077d58bb00000000,
+    0x5ffdba6c00000000, 0x916b252f00000000, 0xc9ebc7f800000000,
+    0x606d915b00000000, 0x38ed738c00000000, 0x73664dc600000000,
+    0x2be6af1100000000, 0x8260f9b200000000, 0xdae01b6500000000,
+    0x1e4dc63500000000, 0x46cd24e200000000, 0xef4b724100000000,
+    0xb7cb909600000000, 0xfc40aedc00000000, 0xa4c04c0b00000000,
+    0x0d461aa800000000, 0x55c6f87f00000000, 0x9b50673c00000000,
+    0xc3d085eb00000000, 0x6a56d34800000000, 0x32d6319f00000000,
+    0x795d0fd500000000, 0x21dded0200000000, 0x885bbba100000000,
+    0xd0db597600000000, 0x28ec084d00000000, 0x706cea9a00000000,
+    0xd9eabc3900000000, 0x816a5eee00000000, 0xcae160a400000000,
+    0x9261827300000000, 0x3be7d4d000000000, 0x6367360700000000,
+    0xadf1a94400000000, 0xf5714b9300000000, 0x5cf71d3000000000,
+    0x0477ffe700000000, 0x4ffcc1ad00000000, 0x177c237a00000000,
+    0xbefa75d900000000, 0xe67a970e00000000, 0x22d74a5e00000000,
+    0x7a57a88900000000, 0xd3d1fe2a00000000, 0x8b511cfd00000000,
+    0xc0da22b700000000, 0x985ac06000000000, 0x31dc96c300000000,
+    0x695c741400000000, 0xa7caeb5700000000, 0xff4a098000000000,
+    0x56cc5f2300000000, 0x0e4cbdf400000000, 0x45c783be00000000,
+    0x1d47616900000000, 0xb4c137ca00000000, 0xec41d51d00000000,
+    0x3c9a8c6b00000000, 0x641a6ebc00000000, 0xcd9c381f00000000,
+    0x951cdac800000000, 0xde97e48200000000, 0x8617065500000000,
+    0x2f9150f600000000, 0x7711b22100000000, 0xb9872d6200000000,
+    0xe107cfb500000000, 0x4881991600000000, 0x10017bc100000000,
+    0x5b8a458b00000000, 0x030aa75c00000000, 0xaa8cf1ff00000000,
+    0xf20c132800000000, 0x36a1ce7800000000, 0x6e212caf00000000,
+    0xc7a77a0c00000000, 0x9f2798db00000000, 0xd4aca69100000000,
+    0x8c2c444600000000, 0x25aa12e500000000, 0x7d2af03200000000,
+    0xb3bc6f7100000000, 0xeb3c8da600000000, 0x42badb0500000000,
+    0x1a3a39d200000000, 0x51b1079800000000, 0x0931e54f00000000,
+    0xa0b7b3ec00000000, 0xf837513b00000000, 0x50d8119a00000000,
+    0x0858f34d00000000, 0xa1dea5ee00000000, 0xf95e473900000000,
+    0xb2d5797300000000, 0xea559ba400000000, 0x43d3cd0700000000,
+    0x1b532fd000000000, 0xd5c5b09300000000, 0x8d45524400000000,
+    0x24c304e700000000, 0x7c43e63000000000, 0x37c8d87a00000000,
+    0x6f483aad00000000, 0xc6ce6c0e00000000, 0x9e4e8ed900000000,
+    0x5ae3538900000000, 0x0263b15e00000000, 0xabe5e7fd00000000,
+    0xf365052a00000000, 0xb8ee3b6000000000, 0xe06ed9b700000000,
+    0x49e88f1400000000, 0x11686dc300000000, 0xdffef28000000000,
+    0x877e105700000000, 0x2ef846f400000000, 0x7678a42300000000,
+    0x3df39a6900000000, 0x657378be00000000, 0xccf52e1d00000000,
+    0x9475ccca00000000, 0x44ae95bc00000000, 0x1c2e776b00000000,
+    0xb5a821c800000000, 0xed28c31f00000000, 0xa6a3fd5500000000,
+    0xfe231f8200000000, 0x57a5492100000000, 0x0f25abf600000000,
+    0xc1b334b500000000, 0x9933d66200000000, 0x30b580c100000000,
+    0x6835621600000000, 0x23be5c5c00000000, 0x7b3ebe8b00000000,
+    0xd2b8e82800000000, 0x8a380aff00000000, 0x4e95d7af00000000,
+    0x1615357800000000, 0xbf9363db00000000, 0xe713810c00000000,
+    0xac98bf4600000000, 0xf4185d9100000000, 0x5d9e0b3200000000,
+    0x051ee9e500000000, 0xcb8876a600000000, 0x9308947100000000,
+    0x3a8ec2d200000000, 0x620e200500000000, 0x29851e4f00000000,
+    0x7105fc9800000000, 0xd883aa3b00000000, 0x800348ec00000000,
+    0x783419d700000000, 0x20b4fb0000000000, 0x8932ada300000000,
+    0xd1b24f7400000000, 0x9a39713e00000000, 0xc2b993e900000000,
+    0x6b3fc54a00000000, 0x33bf279d00000000, 0xfd29b8de00000000,
+    0xa5a95a0900000000, 0x0c2f0caa00000000, 0x54afee7d00000000,
+    0x1f24d03700000000, 0x47a432e000000000, 0xee22644300000000,
+    0xb6a2869400000000, 0x720f5bc400000000, 0x2a8fb91300000000,
+    0x8309efb000000000, 0xdb890d6700000000, 0x9002332d00000000,
+    0xc882d1fa00000000, 0x6104875900000000, 0x3984658e00000000,
+    0xf712facd00000000, 0xaf92181a00000000, 0x06144eb900000000,
+    0x5e94ac6e00000000, 0x151f922400000000, 0x4d9f70f300000000,
+    0xe419265000000000, 0xbc99c48700000000, 0x6c429df100000000,
+    0x34c27f2600000000, 0x9d44298500000000, 0xc5c4cb5200000000,
+    0x8e4ff51800000000, 0xd6cf17cf00000000, 0x7f49416c00000000,
+    0x27c9a3bb00000000, 0xe95f3cf800000000, 0xb1dfde2f00000000,
+    0x1859888c00000000, 0x40d96a5b00000000, 0x0b52541100000000,
+    0x53d2b6c600000000, 0xfa54e06500000000, 0xa2d402b200000000,
+    0x6679dfe200000000, 0x3ef93d3500000000, 0x977f6b9600000000,
+    0xcfff894100000000, 0x8474b70b00000000, 0xdcf455dc00000000,
+    0x7572037f00000000, 0x2df2e1a800000000, 0xe3647eeb00000000,
+    0xbbe49c3c00000000, 0x1262ca9f00000000, 0x4ae2284800000000,
+    0x0169160200000000, 0x59e9f4d500000000, 0xf06fa27600000000,
+    0xa8ef40a100000000},
+   {0x0000000000000000, 0x463b676500000000, 0x8c76ceca00000000,
+    0xca4da9af00000000, 0x59ebed4e00000000, 0x1fd08a2b00000000,
+    0xd59d238400000000, 0x93a644e100000000, 0xb2d6db9d00000000,
+    0xf4edbcf800000000, 0x3ea0155700000000, 0x789b723200000000,
+    0xeb3d36d300000000, 0xad0651b600000000, 0x674bf81900000000,
+    0x21709f7c00000000, 0x25abc6e000000000, 0x6390a18500000000,
+    0xa9dd082a00000000, 0xefe66f4f00000000, 0x7c402bae00000000,
+    0x3a7b4ccb00000000, 0xf036e56400000000, 0xb60d820100000000,
+    0x977d1d7d00000000, 0xd1467a1800000000, 0x1b0bd3b700000000,
+    0x5d30b4d200000000, 0xce96f03300000000, 0x88ad975600000000,
+    0x42e03ef900000000, 0x04db599c00000000, 0x0b50fc1a00000000,
+    0x4d6b9b7f00000000, 0x872632d000000000, 0xc11d55b500000000,
+    0x52bb115400000000, 0x1480763100000000, 0xdecddf9e00000000,
+    0x98f6b8fb00000000, 0xb986278700000000, 0xffbd40e200000000,
+    0x35f0e94d00000000, 0x73cb8e2800000000, 0xe06dcac900000000,
+    0xa656adac00000000, 0x6c1b040300000000, 0x2a20636600000000,
+    0x2efb3afa00000000, 0x68c05d9f00000000, 0xa28df43000000000,
+    0xe4b6935500000000, 0x7710d7b400000000, 0x312bb0d100000000,
+    0xfb66197e00000000, 0xbd5d7e1b00000000, 0x9c2de16700000000,
+    0xda16860200000000, 0x105b2fad00000000, 0x566048c800000000,
+    0xc5c60c2900000000, 0x83fd6b4c00000000, 0x49b0c2e300000000,
+    0x0f8ba58600000000, 0x16a0f83500000000, 0x509b9f5000000000,
+    0x9ad636ff00000000, 0xdced519a00000000, 0x4f4b157b00000000,
+    0x0970721e00000000, 0xc33ddbb100000000, 0x8506bcd400000000,
+    0xa47623a800000000, 0xe24d44cd00000000, 0x2800ed6200000000,
+    0x6e3b8a0700000000, 0xfd9dcee600000000, 0xbba6a98300000000,
+    0x71eb002c00000000, 0x37d0674900000000, 0x330b3ed500000000,
+    0x753059b000000000, 0xbf7df01f00000000, 0xf946977a00000000,
+    0x6ae0d39b00000000, 0x2cdbb4fe00000000, 0xe6961d5100000000,
+    0xa0ad7a3400000000, 0x81dde54800000000, 0xc7e6822d00000000,
+    0x0dab2b8200000000, 0x4b904ce700000000, 0xd836080600000000,
+    0x9e0d6f6300000000, 0x5440c6cc00000000, 0x127ba1a900000000,
+    0x1df0042f00000000, 0x5bcb634a00000000, 0x9186cae500000000,
+    0xd7bdad8000000000, 0x441be96100000000, 0x02208e0400000000,
+    0xc86d27ab00000000, 0x8e5640ce00000000, 0xaf26dfb200000000,
+    0xe91db8d700000000, 0x2350117800000000, 0x656b761d00000000,
+    0xf6cd32fc00000000, 0xb0f6559900000000, 0x7abbfc3600000000,
+    0x3c809b5300000000, 0x385bc2cf00000000, 0x7e60a5aa00000000,
+    0xb42d0c0500000000, 0xf2166b6000000000, 0x61b02f8100000000,
+    0x278b48e400000000, 0xedc6e14b00000000, 0xabfd862e00000000,
+    0x8a8d195200000000, 0xccb67e3700000000, 0x06fbd79800000000,
+    0x40c0b0fd00000000, 0xd366f41c00000000, 0x955d937900000000,
+    0x5f103ad600000000, 0x192b5db300000000, 0x2c40f16b00000000,
+    0x6a7b960e00000000, 0xa0363fa100000000, 0xe60d58c400000000,
+    0x75ab1c2500000000, 0x33907b4000000000, 0xf9ddd2ef00000000,
+    0xbfe6b58a00000000, 0x9e962af600000000, 0xd8ad4d9300000000,
+    0x12e0e43c00000000, 0x54db835900000000, 0xc77dc7b800000000,
+    0x8146a0dd00000000, 0x4b0b097200000000, 0x0d306e1700000000,
+    0x09eb378b00000000, 0x4fd050ee00000000, 0x859df94100000000,
+    0xc3a69e2400000000, 0x5000dac500000000, 0x163bbda000000000,
+    0xdc76140f00000000, 0x9a4d736a00000000, 0xbb3dec1600000000,
+    0xfd068b7300000000, 0x374b22dc00000000, 0x717045b900000000,
+    0xe2d6015800000000, 0xa4ed663d00000000, 0x6ea0cf9200000000,
+    0x289ba8f700000000, 0x27100d7100000000, 0x612b6a1400000000,
+    0xab66c3bb00000000, 0xed5da4de00000000, 0x7efbe03f00000000,
+    0x38c0875a00000000, 0xf28d2ef500000000, 0xb4b6499000000000,
+    0x95c6d6ec00000000, 0xd3fdb18900000000, 0x19b0182600000000,
+    0x5f8b7f4300000000, 0xcc2d3ba200000000, 0x8a165cc700000000,
+    0x405bf56800000000, 0x0660920d00000000, 0x02bbcb9100000000,
+    0x4480acf400000000, 0x8ecd055b00000000, 0xc8f6623e00000000,
+    0x5b5026df00000000, 0x1d6b41ba00000000, 0xd726e81500000000,
+    0x911d8f7000000000, 0xb06d100c00000000, 0xf656776900000000,
+    0x3c1bdec600000000, 0x7a20b9a300000000, 0xe986fd4200000000,
+    0xafbd9a2700000000, 0x65f0338800000000, 0x23cb54ed00000000,
+    0x3ae0095e00000000, 0x7cdb6e3b00000000, 0xb696c79400000000,
+    0xf0ada0f100000000, 0x630be41000000000, 0x2530837500000000,
+    0xef7d2ada00000000, 0xa9464dbf00000000, 0x8836d2c300000000,
+    0xce0db5a600000000, 0x04401c0900000000, 0x427b7b6c00000000,
+    0xd1dd3f8d00000000, 0x97e658e800000000, 0x5dabf14700000000,
+    0x1b90962200000000, 0x1f4bcfbe00000000, 0x5970a8db00000000,
+    0x933d017400000000, 0xd506661100000000, 0x46a022f000000000,
+    0x009b459500000000, 0xcad6ec3a00000000, 0x8ced8b5f00000000,
+    0xad9d142300000000, 0xeba6734600000000, 0x21ebdae900000000,
+    0x67d0bd8c00000000, 0xf476f96d00000000, 0xb24d9e0800000000,
+    0x780037a700000000, 0x3e3b50c200000000, 0x31b0f54400000000,
+    0x778b922100000000, 0xbdc63b8e00000000, 0xfbfd5ceb00000000,
+    0x685b180a00000000, 0x2e607f6f00000000, 0xe42dd6c000000000,
+    0xa216b1a500000000, 0x83662ed900000000, 0xc55d49bc00000000,
+    0x0f10e01300000000, 0x492b877600000000, 0xda8dc39700000000,
+    0x9cb6a4f200000000, 0x56fb0d5d00000000, 0x10c06a3800000000,
+    0x141b33a400000000, 0x522054c100000000, 0x986dfd6e00000000,
+    0xde569a0b00000000, 0x4df0deea00000000, 0x0bcbb98f00000000,
+    0xc186102000000000, 0x87bd774500000000, 0xa6cde83900000000,
+    0xe0f68f5c00000000, 0x2abb26f300000000, 0x6c80419600000000,
+    0xff26057700000000, 0xb91d621200000000, 0x7350cbbd00000000,
+    0x356bacd800000000},
+   {0x0000000000000000, 0x9e83da9f00000000, 0x7d01c4e400000000,
+    0xe3821e7b00000000, 0xbb04f91200000000, 0x2587238d00000000,
+    0xc6053df600000000, 0x5886e76900000000, 0x7609f22500000000,
+    0xe88a28ba00000000, 0x0b0836c100000000, 0x958bec5e00000000,
+    0xcd0d0b3700000000, 0x538ed1a800000000, 0xb00ccfd300000000,
+    0x2e8f154c00000000, 0xec12e44b00000000, 0x72913ed400000000,
+    0x911320af00000000, 0x0f90fa3000000000, 0x57161d5900000000,
+    0xc995c7c600000000, 0x2a17d9bd00000000, 0xb494032200000000,
+    0x9a1b166e00000000, 0x0498ccf100000000, 0xe71ad28a00000000,
+    0x7999081500000000, 0x211fef7c00000000, 0xbf9c35e300000000,
+    0x5c1e2b9800000000, 0xc29df10700000000, 0xd825c89700000000,
+    0x46a6120800000000, 0xa5240c7300000000, 0x3ba7d6ec00000000,
+    0x6321318500000000, 0xfda2eb1a00000000, 0x1e20f56100000000,
+    0x80a32ffe00000000, 0xae2c3ab200000000, 0x30afe02d00000000,
+    0xd32dfe5600000000, 0x4dae24c900000000, 0x1528c3a000000000,
+    0x8bab193f00000000, 0x6829074400000000, 0xf6aadddb00000000,
+    0x34372cdc00000000, 0xaab4f64300000000, 0x4936e83800000000,
+    0xd7b532a700000000, 0x8f33d5ce00000000, 0x11b00f5100000000,
+    0xf232112a00000000, 0x6cb1cbb500000000, 0x423edef900000000,
+    0xdcbd046600000000, 0x3f3f1a1d00000000, 0xa1bcc08200000000,
+    0xf93a27eb00000000, 0x67b9fd7400000000, 0x843be30f00000000,
+    0x1ab8399000000000, 0xf14de1f400000000, 0x6fce3b6b00000000,
+    0x8c4c251000000000, 0x12cfff8f00000000, 0x4a4918e600000000,
+    0xd4cac27900000000, 0x3748dc0200000000, 0xa9cb069d00000000,
+    0x874413d100000000, 0x19c7c94e00000000, 0xfa45d73500000000,
+    0x64c60daa00000000, 0x3c40eac300000000, 0xa2c3305c00000000,
+    0x41412e2700000000, 0xdfc2f4b800000000, 0x1d5f05bf00000000,
+    0x83dcdf2000000000, 0x605ec15b00000000, 0xfedd1bc400000000,
+    0xa65bfcad00000000, 0x38d8263200000000, 0xdb5a384900000000,
+    0x45d9e2d600000000, 0x6b56f79a00000000, 0xf5d52d0500000000,
+    0x1657337e00000000, 0x88d4e9e100000000, 0xd0520e8800000000,
+    0x4ed1d41700000000, 0xad53ca6c00000000, 0x33d010f300000000,
+    0x2968296300000000, 0xb7ebf3fc00000000, 0x5469ed8700000000,
+    0xcaea371800000000, 0x926cd07100000000, 0x0cef0aee00000000,
+    0xef6d149500000000, 0x71eece0a00000000, 0x5f61db4600000000,
+    0xc1e201d900000000, 0x22601fa200000000, 0xbce3c53d00000000,
+    0xe465225400000000, 0x7ae6f8cb00000000, 0x9964e6b000000000,
+    0x07e73c2f00000000, 0xc57acd2800000000, 0x5bf917b700000000,
+    0xb87b09cc00000000, 0x26f8d35300000000, 0x7e7e343a00000000,
+    0xe0fdeea500000000, 0x037ff0de00000000, 0x9dfc2a4100000000,
+    0xb3733f0d00000000, 0x2df0e59200000000, 0xce72fbe900000000,
+    0x50f1217600000000, 0x0877c61f00000000, 0x96f41c8000000000,
+    0x757602fb00000000, 0xebf5d86400000000, 0xa39db33200000000,
+    0x3d1e69ad00000000, 0xde9c77d600000000, 0x401fad4900000000,
+    0x18994a2000000000, 0x861a90bf00000000, 0x65988ec400000000,
+    0xfb1b545b00000000, 0xd594411700000000, 0x4b179b8800000000,
+    0xa89585f300000000, 0x36165f6c00000000, 0x6e90b80500000000,
+    0xf013629a00000000, 0x13917ce100000000, 0x8d12a67e00000000,
+    0x4f8f577900000000, 0xd10c8de600000000, 0x328e939d00000000,
+    0xac0d490200000000, 0xf48bae6b00000000, 0x6a0874f400000000,
+    0x898a6a8f00000000, 0x1709b01000000000, 0x3986a55c00000000,
+    0xa7057fc300000000, 0x448761b800000000, 0xda04bb2700000000,
+    0x82825c4e00000000, 0x1c0186d100000000, 0xff8398aa00000000,
+    0x6100423500000000, 0x7bb87ba500000000, 0xe53ba13a00000000,
+    0x06b9bf4100000000, 0x983a65de00000000, 0xc0bc82b700000000,
+    0x5e3f582800000000, 0xbdbd465300000000, 0x233e9ccc00000000,
+    0x0db1898000000000, 0x9332531f00000000, 0x70b04d6400000000,
+    0xee3397fb00000000, 0xb6b5709200000000, 0x2836aa0d00000000,
+    0xcbb4b47600000000, 0x55376ee900000000, 0x97aa9fee00000000,
+    0x0929457100000000, 0xeaab5b0a00000000, 0x7428819500000000,
+    0x2cae66fc00000000, 0xb22dbc6300000000, 0x51afa21800000000,
+    0xcf2c788700000000, 0xe1a36dcb00000000, 0x7f20b75400000000,
+    0x9ca2a92f00000000, 0x022173b000000000, 0x5aa794d900000000,
+    0xc4244e4600000000, 0x27a6503d00000000, 0xb9258aa200000000,
+    0x52d052c600000000, 0xcc53885900000000, 0x2fd1962200000000,
+    0xb1524cbd00000000, 0xe9d4abd400000000, 0x7757714b00000000,
+    0x94d56f3000000000, 0x0a56b5af00000000, 0x24d9a0e300000000,
+    0xba5a7a7c00000000, 0x59d8640700000000, 0xc75bbe9800000000,
+    0x9fdd59f100000000, 0x015e836e00000000, 0xe2dc9d1500000000,
+    0x7c5f478a00000000, 0xbec2b68d00000000, 0x20416c1200000000,
+    0xc3c3726900000000, 0x5d40a8f600000000, 0x05c64f9f00000000,
+    0x9b45950000000000, 0x78c78b7b00000000, 0xe64451e400000000,
+    0xc8cb44a800000000, 0x56489e3700000000, 0xb5ca804c00000000,
+    0x2b495ad300000000, 0x73cfbdba00000000, 0xed4c672500000000,
+    0x0ece795e00000000, 0x904da3c100000000, 0x8af59a5100000000,
+    0x147640ce00000000, 0xf7f45eb500000000, 0x6977842a00000000,
+    0x31f1634300000000, 0xaf72b9dc00000000, 0x4cf0a7a700000000,
+    0xd2737d3800000000, 0xfcfc687400000000, 0x627fb2eb00000000,
+    0x81fdac9000000000, 0x1f7e760f00000000, 0x47f8916600000000,
+    0xd97b4bf900000000, 0x3af9558200000000, 0xa47a8f1d00000000,
+    0x66e77e1a00000000, 0xf864a48500000000, 0x1be6bafe00000000,
+    0x8565606100000000, 0xdde3870800000000, 0x43605d9700000000,
+    0xa0e243ec00000000, 0x3e61997300000000, 0x10ee8c3f00000000,
+    0x8e6d56a000000000, 0x6def48db00000000, 0xf36c924400000000,
+    0xabea752d00000000, 0x3569afb200000000, 0xd6ebb1c900000000,
+    0x48686b5600000000},
+   {0x0000000000000000, 0xc064281700000000, 0x80c9502e00000000,
+    0x40ad783900000000, 0x0093a15c00000000, 0xc0f7894b00000000,
+    0x805af17200000000, 0x403ed96500000000, 0x002643b900000000,
+    0xc0426bae00000000, 0x80ef139700000000, 0x408b3b8000000000,
+    0x00b5e2e500000000, 0xc0d1caf200000000, 0x807cb2cb00000000,
+    0x40189adc00000000, 0x414af7a900000000, 0x812edfbe00000000,
+    0xc183a78700000000, 0x01e78f9000000000, 0x41d956f500000000,
+    0x81bd7ee200000000, 0xc11006db00000000, 0x01742ecc00000000,
+    0x416cb41000000000, 0x81089c0700000000, 0xc1a5e43e00000000,
+    0x01c1cc2900000000, 0x41ff154c00000000, 0x819b3d5b00000000,
+    0xc136456200000000, 0x01526d7500000000, 0xc3929f8800000000,
+    0x03f6b79f00000000, 0x435bcfa600000000, 0x833fe7b100000000,
+    0xc3013ed400000000, 0x036516c300000000, 0x43c86efa00000000,
+    0x83ac46ed00000000, 0xc3b4dc3100000000, 0x03d0f42600000000,
+    0x437d8c1f00000000, 0x8319a40800000000, 0xc3277d6d00000000,
+    0x0343557a00000000, 0x43ee2d4300000000, 0x838a055400000000,
+    0x82d8682100000000, 0x42bc403600000000, 0x0211380f00000000,
+    0xc275101800000000, 0x824bc97d00000000, 0x422fe16a00000000,
+    0x0282995300000000, 0xc2e6b14400000000, 0x82fe2b9800000000,
+    0x429a038f00000000, 0x02377bb600000000, 0xc25353a100000000,
+    0x826d8ac400000000, 0x4209a2d300000000, 0x02a4daea00000000,
+    0xc2c0f2fd00000000, 0xc7234eca00000000, 0x074766dd00000000,
+    0x47ea1ee400000000, 0x878e36f300000000, 0xc7b0ef9600000000,
+    0x07d4c78100000000, 0x4779bfb800000000, 0x871d97af00000000,
+    0xc7050d7300000000, 0x0761256400000000, 0x47cc5d5d00000000,
+    0x87a8754a00000000, 0xc796ac2f00000000, 0x07f2843800000000,
+    0x475ffc0100000000, 0x873bd41600000000, 0x8669b96300000000,
+    0x460d917400000000, 0x06a0e94d00000000, 0xc6c4c15a00000000,
+    0x86fa183f00000000, 0x469e302800000000, 0x0633481100000000,
+    0xc657600600000000, 0x864ffada00000000, 0x462bd2cd00000000,
+    0x0686aaf400000000, 0xc6e282e300000000, 0x86dc5b8600000000,
+    0x46b8739100000000, 0x06150ba800000000, 0xc67123bf00000000,
+    0x04b1d14200000000, 0xc4d5f95500000000, 0x8478816c00000000,
+    0x441ca97b00000000, 0x0422701e00000000, 0xc446580900000000,
+    0x84eb203000000000, 0x448f082700000000, 0x049792fb00000000,
+    0xc4f3baec00000000, 0x845ec2d500000000, 0x443aeac200000000,
+    0x040433a700000000, 0xc4601bb000000000, 0x84cd638900000000,
+    0x44a94b9e00000000, 0x45fb26eb00000000, 0x859f0efc00000000,
+    0xc53276c500000000, 0x05565ed200000000, 0x456887b700000000,
+    0x850cafa000000000, 0xc5a1d79900000000, 0x05c5ff8e00000000,
+    0x45dd655200000000, 0x85b94d4500000000, 0xc514357c00000000,
+    0x05701d6b00000000, 0x454ec40e00000000, 0x852aec1900000000,
+    0xc587942000000000, 0x05e3bc3700000000, 0xcf41ed4f00000000,
+    0x0f25c55800000000, 0x4f88bd6100000000, 0x8fec957600000000,
+    0xcfd24c1300000000, 0x0fb6640400000000, 0x4f1b1c3d00000000,
+    0x8f7f342a00000000, 0xcf67aef600000000, 0x0f0386e100000000,
+    0x4faefed800000000, 0x8fcad6cf00000000, 0xcff40faa00000000,
+    0x0f9027bd00000000, 0x4f3d5f8400000000, 0x8f59779300000000,
+    0x8e0b1ae600000000, 0x4e6f32f100000000, 0x0ec24ac800000000,
+    0xcea662df00000000, 0x8e98bbba00000000, 0x4efc93ad00000000,
+    0x0e51eb9400000000, 0xce35c38300000000, 0x8e2d595f00000000,
+    0x4e49714800000000, 0x0ee4097100000000, 0xce80216600000000,
+    0x8ebef80300000000, 0x4edad01400000000, 0x0e77a82d00000000,
+    0xce13803a00000000, 0x0cd372c700000000, 0xccb75ad000000000,
+    0x8c1a22e900000000, 0x4c7e0afe00000000, 0x0c40d39b00000000,
+    0xcc24fb8c00000000, 0x8c8983b500000000, 0x4cedaba200000000,
+    0x0cf5317e00000000, 0xcc91196900000000, 0x8c3c615000000000,
+    0x4c58494700000000, 0x0c66902200000000, 0xcc02b83500000000,
+    0x8cafc00c00000000, 0x4ccbe81b00000000, 0x4d99856e00000000,
+    0x8dfdad7900000000, 0xcd50d54000000000, 0x0d34fd5700000000,
+    0x4d0a243200000000, 0x8d6e0c2500000000, 0xcdc3741c00000000,
+    0x0da75c0b00000000, 0x4dbfc6d700000000, 0x8ddbeec000000000,
+    0xcd7696f900000000, 0x0d12beee00000000, 0x4d2c678b00000000,
+    0x8d484f9c00000000, 0xcde537a500000000, 0x0d811fb200000000,
+    0x0862a38500000000, 0xc8068b9200000000, 0x88abf3ab00000000,
+    0x48cfdbbc00000000, 0x08f102d900000000, 0xc8952ace00000000,
+    0x883852f700000000, 0x485c7ae000000000, 0x0844e03c00000000,
+    0xc820c82b00000000, 0x888db01200000000, 0x48e9980500000000,
+    0x08d7416000000000, 0xc8b3697700000000, 0x881e114e00000000,
+    0x487a395900000000, 0x4928542c00000000, 0x894c7c3b00000000,
+    0xc9e1040200000000, 0x09852c1500000000, 0x49bbf57000000000,
+    0x89dfdd6700000000, 0xc972a55e00000000, 0x09168d4900000000,
+    0x490e179500000000, 0x896a3f8200000000, 0xc9c747bb00000000,
+    0x09a36fac00000000, 0x499db6c900000000, 0x89f99ede00000000,
+    0xc954e6e700000000, 0x0930cef000000000, 0xcbf03c0d00000000,
+    0x0b94141a00000000, 0x4b396c2300000000, 0x8b5d443400000000,
+    0xcb639d5100000000, 0x0b07b54600000000, 0x4baacd7f00000000,
+    0x8bcee56800000000, 0xcbd67fb400000000, 0x0bb257a300000000,
+    0x4b1f2f9a00000000, 0x8b7b078d00000000, 0xcb45dee800000000,
+    0x0b21f6ff00000000, 0x4b8c8ec600000000, 0x8be8a6d100000000,
+    0x8abacba400000000, 0x4adee3b300000000, 0x0a739b8a00000000,
+    0xca17b39d00000000, 0x8a296af800000000, 0x4a4d42ef00000000,
+    0x0ae03ad600000000, 0xca8412c100000000, 0x8a9c881d00000000,
+    0x4af8a00a00000000, 0x0a55d83300000000, 0xca31f02400000000,
+    0x8a0f294100000000, 0x4a6b015600000000, 0x0ac6796f00000000,
+    0xcaa2517800000000},
+   {0x0000000000000000, 0xd4ea739b00000000, 0xe9d396ed00000000,
+    0x3d39e57600000000, 0x93a15c0000000000, 0x474b2f9b00000000,
+    0x7a72caed00000000, 0xae98b97600000000, 0x2643b90000000000,
+    0xf2a9ca9b00000000, 0xcf902fed00000000, 0x1b7a5c7600000000,
+    0xb5e2e50000000000, 0x6108969b00000000, 0x5c3173ed00000000,
+    0x88db007600000000, 0x4c86720100000000, 0x986c019a00000000,
+    0xa555e4ec00000000, 0x71bf977700000000, 0xdf272e0100000000,
+    0x0bcd5d9a00000000, 0x36f4b8ec00000000, 0xe21ecb7700000000,
+    0x6ac5cb0100000000, 0xbe2fb89a00000000, 0x83165dec00000000,
+    0x57fc2e7700000000, 0xf964970100000000, 0x2d8ee49a00000000,
+    0x10b701ec00000000, 0xc45d727700000000, 0x980ce50200000000,
+    0x4ce6969900000000, 0x71df73ef00000000, 0xa535007400000000,
+    0x0badb90200000000, 0xdf47ca9900000000, 0xe27e2fef00000000,
+    0x36945c7400000000, 0xbe4f5c0200000000, 0x6aa52f9900000000,
+    0x579ccaef00000000, 0x8376b97400000000, 0x2dee000200000000,
+    0xf904739900000000, 0xc43d96ef00000000, 0x10d7e57400000000,
+    0xd48a970300000000, 0x0060e49800000000, 0x3d5901ee00000000,
+    0xe9b3727500000000, 0x472bcb0300000000, 0x93c1b89800000000,
+    0xaef85dee00000000, 0x7a122e7500000000, 0xf2c92e0300000000,
+    0x26235d9800000000, 0x1b1ab8ee00000000, 0xcff0cb7500000000,
+    0x6168720300000000, 0xb582019800000000, 0x88bbe4ee00000000,
+    0x5c51977500000000, 0x3019ca0500000000, 0xe4f3b99e00000000,
+    0xd9ca5ce800000000, 0x0d202f7300000000, 0xa3b8960500000000,
+    0x7752e59e00000000, 0x4a6b00e800000000, 0x9e81737300000000,
+    0x165a730500000000, 0xc2b0009e00000000, 0xff89e5e800000000,
+    0x2b63967300000000, 0x85fb2f0500000000, 0x51115c9e00000000,
+    0x6c28b9e800000000, 0xb8c2ca7300000000, 0x7c9fb80400000000,
+    0xa875cb9f00000000, 0x954c2ee900000000, 0x41a65d7200000000,
+    0xef3ee40400000000, 0x3bd4979f00000000, 0x06ed72e900000000,
+    0xd207017200000000, 0x5adc010400000000, 0x8e36729f00000000,
+    0xb30f97e900000000, 0x67e5e47200000000, 0xc97d5d0400000000,
+    0x1d972e9f00000000, 0x20aecbe900000000, 0xf444b87200000000,
+    0xa8152f0700000000, 0x7cff5c9c00000000, 0x41c6b9ea00000000,
+    0x952cca7100000000, 0x3bb4730700000000, 0xef5e009c00000000,
+    0xd267e5ea00000000, 0x068d967100000000, 0x8e56960700000000,
+    0x5abce59c00000000, 0x678500ea00000000, 0xb36f737100000000,
+    0x1df7ca0700000000, 0xc91db99c00000000, 0xf4245cea00000000,
+    0x20ce2f7100000000, 0xe4935d0600000000, 0x30792e9d00000000,
+    0x0d40cbeb00000000, 0xd9aab87000000000, 0x7732010600000000,
+    0xa3d8729d00000000, 0x9ee197eb00000000, 0x4a0be47000000000,
+    0xc2d0e40600000000, 0x163a979d00000000, 0x2b0372eb00000000,
+    0xffe9017000000000, 0x5171b80600000000, 0x859bcb9d00000000,
+    0xb8a22eeb00000000, 0x6c485d7000000000, 0x6032940b00000000,
+    0xb4d8e79000000000, 0x89e102e600000000, 0x5d0b717d00000000,
+    0xf393c80b00000000, 0x2779bb9000000000, 0x1a405ee600000000,
+    0xceaa2d7d00000000, 0x46712d0b00000000, 0x929b5e9000000000,
+    0xafa2bbe600000000, 0x7b48c87d00000000, 0xd5d0710b00000000,
+    0x013a029000000000, 0x3c03e7e600000000, 0xe8e9947d00000000,
+    0x2cb4e60a00000000, 0xf85e959100000000, 0xc56770e700000000,
+    0x118d037c00000000, 0xbf15ba0a00000000, 0x6bffc99100000000,
+    0x56c62ce700000000, 0x822c5f7c00000000, 0x0af75f0a00000000,
+    0xde1d2c9100000000, 0xe324c9e700000000, 0x37ceba7c00000000,
+    0x9956030a00000000, 0x4dbc709100000000, 0x708595e700000000,
+    0xa46fe67c00000000, 0xf83e710900000000, 0x2cd4029200000000,
+    0x11ede7e400000000, 0xc507947f00000000, 0x6b9f2d0900000000,
+    0xbf755e9200000000, 0x824cbbe400000000, 0x56a6c87f00000000,
+    0xde7dc80900000000, 0x0a97bb9200000000, 0x37ae5ee400000000,
+    0xe3442d7f00000000, 0x4ddc940900000000, 0x9936e79200000000,
+    0xa40f02e400000000, 0x70e5717f00000000, 0xb4b8030800000000,
+    0x6052709300000000, 0x5d6b95e500000000, 0x8981e67e00000000,
+    0x27195f0800000000, 0xf3f32c9300000000, 0xcecac9e500000000,
+    0x1a20ba7e00000000, 0x92fbba0800000000, 0x4611c99300000000,
+    0x7b282ce500000000, 0xafc25f7e00000000, 0x015ae60800000000,
+    0xd5b0959300000000, 0xe88970e500000000, 0x3c63037e00000000,
+    0x502b5e0e00000000, 0x84c12d9500000000, 0xb9f8c8e300000000,
+    0x6d12bb7800000000, 0xc38a020e00000000, 0x1760719500000000,
+    0x2a5994e300000000, 0xfeb3e77800000000, 0x7668e70e00000000,
+    0xa282949500000000, 0x9fbb71e300000000, 0x4b51027800000000,
+    0xe5c9bb0e00000000, 0x3123c89500000000, 0x0c1a2de300000000,
+    0xd8f05e7800000000, 0x1cad2c0f00000000, 0xc8475f9400000000,
+    0xf57ebae200000000, 0x2194c97900000000, 0x8f0c700f00000000,
+    0x5be6039400000000, 0x66dfe6e200000000, 0xb235957900000000,
+    0x3aee950f00000000, 0xee04e69400000000, 0xd33d03e200000000,
+    0x07d7707900000000, 0xa94fc90f00000000, 0x7da5ba9400000000,
+    0x409c5fe200000000, 0x94762c7900000000, 0xc827bb0c00000000,
+    0x1ccdc89700000000, 0x21f42de100000000, 0xf51e5e7a00000000,
+    0x5b86e70c00000000, 0x8f6c949700000000, 0xb25571e100000000,
+    0x66bf027a00000000, 0xee64020c00000000, 0x3a8e719700000000,
+    0x07b794e100000000, 0xd35de77a00000000, 0x7dc55e0c00000000,
+    0xa92f2d9700000000, 0x9416c8e100000000, 0x40fcbb7a00000000,
+    0x84a1c90d00000000, 0x504bba9600000000, 0x6d725fe000000000,
+    0xb9982c7b00000000, 0x1700950d00000000, 0xc3eae69600000000,
+    0xfed303e000000000, 0x2a39707b00000000, 0xa2e2700d00000000,
+    0x7608039600000000, 0x4b31e6e000000000, 0x9fdb957b00000000,
+    0x31432c0d00000000, 0xe5a95f9600000000, 0xd890bae000000000,
+    0x0c7ac97b00000000},
+   {0x0000000000000000, 0x2765258100000000, 0x0fcc3bd900000000,
+    0x28a91e5800000000, 0x5f9e066900000000, 0x78fb23e800000000,
+    0x50523db000000000, 0x7737183100000000, 0xbe3c0dd200000000,
+    0x9959285300000000, 0xb1f0360b00000000, 0x9695138a00000000,
+    0xe1a20bbb00000000, 0xc6c72e3a00000000, 0xee6e306200000000,
+    0xc90b15e300000000, 0x3d7f6b7f00000000, 0x1a1a4efe00000000,
+    0x32b350a600000000, 0x15d6752700000000, 0x62e16d1600000000,
+    0x4584489700000000, 0x6d2d56cf00000000, 0x4a48734e00000000,
+    0x834366ad00000000, 0xa426432c00000000, 0x8c8f5d7400000000,
+    0xabea78f500000000, 0xdcdd60c400000000, 0xfbb8454500000000,
+    0xd3115b1d00000000, 0xf4747e9c00000000, 0x7afed6fe00000000,
+    0x5d9bf37f00000000, 0x7532ed2700000000, 0x5257c8a600000000,
+    0x2560d09700000000, 0x0205f51600000000, 0x2aaceb4e00000000,
+    0x0dc9cecf00000000, 0xc4c2db2c00000000, 0xe3a7fead00000000,
+    0xcb0ee0f500000000, 0xec6bc57400000000, 0x9b5cdd4500000000,
+    0xbc39f8c400000000, 0x9490e69c00000000, 0xb3f5c31d00000000,
+    0x4781bd8100000000, 0x60e4980000000000, 0x484d865800000000,
+    0x6f28a3d900000000, 0x181fbbe800000000, 0x3f7a9e6900000000,
+    0x17d3803100000000, 0x30b6a5b000000000, 0xf9bdb05300000000,
+    0xded895d200000000, 0xf6718b8a00000000, 0xd114ae0b00000000,
+    0xa623b63a00000000, 0x814693bb00000000, 0xa9ef8de300000000,
+    0x8e8aa86200000000, 0xb5fadc2600000000, 0x929ff9a700000000,
+    0xba36e7ff00000000, 0x9d53c27e00000000, 0xea64da4f00000000,
+    0xcd01ffce00000000, 0xe5a8e19600000000, 0xc2cdc41700000000,
+    0x0bc6d1f400000000, 0x2ca3f47500000000, 0x040aea2d00000000,
+    0x236fcfac00000000, 0x5458d79d00000000, 0x733df21c00000000,
+    0x5b94ec4400000000, 0x7cf1c9c500000000, 0x8885b75900000000,
+    0xafe092d800000000, 0x87498c8000000000, 0xa02ca90100000000,
+    0xd71bb13000000000, 0xf07e94b100000000, 0xd8d78ae900000000,
+    0xffb2af6800000000, 0x36b9ba8b00000000, 0x11dc9f0a00000000,
+    0x3975815200000000, 0x1e10a4d300000000, 0x6927bce200000000,
+    0x4e42996300000000, 0x66eb873b00000000, 0x418ea2ba00000000,
+    0xcf040ad800000000, 0xe8612f5900000000, 0xc0c8310100000000,
+    0xe7ad148000000000, 0x909a0cb100000000, 0xb7ff293000000000,
+    0x9f56376800000000, 0xb83312e900000000, 0x7138070a00000000,
+    0x565d228b00000000, 0x7ef43cd300000000, 0x5991195200000000,
+    0x2ea6016300000000, 0x09c324e200000000, 0x216a3aba00000000,
+    0x060f1f3b00000000, 0xf27b61a700000000, 0xd51e442600000000,
+    0xfdb75a7e00000000, 0xdad27fff00000000, 0xade567ce00000000,
+    0x8a80424f00000000, 0xa2295c1700000000, 0x854c799600000000,
+    0x4c476c7500000000, 0x6b2249f400000000, 0x438b57ac00000000,
+    0x64ee722d00000000, 0x13d96a1c00000000, 0x34bc4f9d00000000,
+    0x1c1551c500000000, 0x3b70744400000000, 0x6af5b94d00000000,
+    0x4d909ccc00000000, 0x6539829400000000, 0x425ca71500000000,
+    0x356bbf2400000000, 0x120e9aa500000000, 0x3aa784fd00000000,
+    0x1dc2a17c00000000, 0xd4c9b49f00000000, 0xf3ac911e00000000,
+    0xdb058f4600000000, 0xfc60aac700000000, 0x8b57b2f600000000,
+    0xac32977700000000, 0x849b892f00000000, 0xa3feacae00000000,
+    0x578ad23200000000, 0x70eff7b300000000, 0x5846e9eb00000000,
+    0x7f23cc6a00000000, 0x0814d45b00000000, 0x2f71f1da00000000,
+    0x07d8ef8200000000, 0x20bdca0300000000, 0xe9b6dfe000000000,
+    0xced3fa6100000000, 0xe67ae43900000000, 0xc11fc1b800000000,
+    0xb628d98900000000, 0x914dfc0800000000, 0xb9e4e25000000000,
+    0x9e81c7d100000000, 0x100b6fb300000000, 0x376e4a3200000000,
+    0x1fc7546a00000000, 0x38a271eb00000000, 0x4f9569da00000000,
+    0x68f04c5b00000000, 0x4059520300000000, 0x673c778200000000,
+    0xae37626100000000, 0x895247e000000000, 0xa1fb59b800000000,
+    0x869e7c3900000000, 0xf1a9640800000000, 0xd6cc418900000000,
+    0xfe655fd100000000, 0xd9007a5000000000, 0x2d7404cc00000000,
+    0x0a11214d00000000, 0x22b83f1500000000, 0x05dd1a9400000000,
+    0x72ea02a500000000, 0x558f272400000000, 0x7d26397c00000000,
+    0x5a431cfd00000000, 0x9348091e00000000, 0xb42d2c9f00000000,
+    0x9c8432c700000000, 0xbbe1174600000000, 0xccd60f7700000000,
+    0xebb32af600000000, 0xc31a34ae00000000, 0xe47f112f00000000,
+    0xdf0f656b00000000, 0xf86a40ea00000000, 0xd0c35eb200000000,
+    0xf7a67b3300000000, 0x8091630200000000, 0xa7f4468300000000,
+    0x8f5d58db00000000, 0xa8387d5a00000000, 0x613368b900000000,
+    0x46564d3800000000, 0x6eff536000000000, 0x499a76e100000000,
+    0x3ead6ed000000000, 0x19c84b5100000000, 0x3161550900000000,
+    0x1604708800000000, 0xe2700e1400000000, 0xc5152b9500000000,
+    0xedbc35cd00000000, 0xcad9104c00000000, 0xbdee087d00000000,
+    0x9a8b2dfc00000000, 0xb22233a400000000, 0x9547162500000000,
+    0x5c4c03c600000000, 0x7b29264700000000, 0x5380381f00000000,
+    0x74e51d9e00000000, 0x03d205af00000000, 0x24b7202e00000000,
+    0x0c1e3e7600000000, 0x2b7b1bf700000000, 0xa5f1b39500000000,
+    0x8294961400000000, 0xaa3d884c00000000, 0x8d58adcd00000000,
+    0xfa6fb5fc00000000, 0xdd0a907d00000000, 0xf5a38e2500000000,
+    0xd2c6aba400000000, 0x1bcdbe4700000000, 0x3ca89bc600000000,
+    0x1401859e00000000, 0x3364a01f00000000, 0x4453b82e00000000,
+    0x63369daf00000000, 0x4b9f83f700000000, 0x6cfaa67600000000,
+    0x988ed8ea00000000, 0xbfebfd6b00000000, 0x9742e33300000000,
+    0xb027c6b200000000, 0xc710de8300000000, 0xe075fb0200000000,
+    0xc8dce55a00000000, 0xefb9c0db00000000, 0x26b2d53800000000,
+    0x01d7f0b900000000, 0x297eeee100000000, 0x0e1bcb6000000000,
+    0x792cd35100000000, 0x5e49f6d000000000, 0x76e0e88800000000,
+    0x5185cd0900000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x9ba54c6f, 0xec3b9e9f, 0x779ed2f0, 0x03063b7f,
+    0x98a37710, 0xef3da5e0, 0x7498e98f, 0x060c76fe, 0x9da93a91,
+    0xea37e861, 0x7192a40e, 0x050a4d81, 0x9eaf01ee, 0xe931d31e,
+    0x72949f71, 0x0c18edfc, 0x97bda193, 0xe0237363, 0x7b863f0c,
+    0x0f1ed683, 0x94bb9aec, 0xe325481c, 0x78800473, 0x0a149b02,
+    0x91b1d76d, 0xe62f059d, 0x7d8a49f2, 0x0912a07d, 0x92b7ec12,
+    0xe5293ee2, 0x7e8c728d, 0x1831dbf8, 0x83949797, 0xf40a4567,
+    0x6faf0908, 0x1b37e087, 0x8092ace8, 0xf70c7e18, 0x6ca93277,
+    0x1e3dad06, 0x8598e169, 0xf2063399, 0x69a37ff6, 0x1d3b9679,
+    0x869eda16, 0xf10008e6, 0x6aa54489, 0x14293604, 0x8f8c7a6b,
+    0xf812a89b, 0x63b7e4f4, 0x172f0d7b, 0x8c8a4114, 0xfb1493e4,
+    0x60b1df8b, 0x122540fa, 0x89800c95, 0xfe1ede65, 0x65bb920a,
+    0x11237b85, 0x8a8637ea, 0xfd18e51a, 0x66bda975, 0x3063b7f0,
+    0xabc6fb9f, 0xdc58296f, 0x47fd6500, 0x33658c8f, 0xa8c0c0e0,
+    0xdf5e1210, 0x44fb5e7f, 0x366fc10e, 0xadca8d61, 0xda545f91,
+    0x41f113fe, 0x3569fa71, 0xaeccb61e, 0xd95264ee, 0x42f72881,
+    0x3c7b5a0c, 0xa7de1663, 0xd040c493, 0x4be588fc, 0x3f7d6173,
+    0xa4d82d1c, 0xd346ffec, 0x48e3b383, 0x3a772cf2, 0xa1d2609d,
+    0xd64cb26d, 0x4de9fe02, 0x3971178d, 0xa2d45be2, 0xd54a8912,
+    0x4eefc57d, 0x28526c08, 0xb3f72067, 0xc469f297, 0x5fccbef8,
+    0x2b545777, 0xb0f11b18, 0xc76fc9e8, 0x5cca8587, 0x2e5e1af6,
+    0xb5fb5699, 0xc2658469, 0x59c0c806, 0x2d582189, 0xb6fd6de6,
+    0xc163bf16, 0x5ac6f379, 0x244a81f4, 0xbfefcd9b, 0xc8711f6b,
+    0x53d45304, 0x274cba8b, 0xbce9f6e4, 0xcb772414, 0x50d2687b,
+    0x2246f70a, 0xb9e3bb65, 0xce7d6995, 0x55d825fa, 0x2140cc75,
+    0xbae5801a, 0xcd7b52ea, 0x56de1e85, 0x60c76fe0, 0xfb62238f,
+    0x8cfcf17f, 0x1759bd10, 0x63c1549f, 0xf86418f0, 0x8ffaca00,
+    0x145f866f, 0x66cb191e, 0xfd6e5571, 0x8af08781, 0x1155cbee,
+    0x65cd2261, 0xfe686e0e, 0x89f6bcfe, 0x1253f091, 0x6cdf821c,
+    0xf77ace73, 0x80e41c83, 0x1b4150ec, 0x6fd9b963, 0xf47cf50c,
+    0x83e227fc, 0x18476b93, 0x6ad3f4e2, 0xf176b88d, 0x86e86a7d,
+    0x1d4d2612, 0x69d5cf9d, 0xf27083f2, 0x85ee5102, 0x1e4b1d6d,
+    0x78f6b418, 0xe353f877, 0x94cd2a87, 0x0f6866e8, 0x7bf08f67,
+    0xe055c308, 0x97cb11f8, 0x0c6e5d97, 0x7efac2e6, 0xe55f8e89,
+    0x92c15c79, 0x09641016, 0x7dfcf999, 0xe659b5f6, 0x91c76706,
+    0x0a622b69, 0x74ee59e4, 0xef4b158b, 0x98d5c77b, 0x03708b14,
+    0x77e8629b, 0xec4d2ef4, 0x9bd3fc04, 0x0076b06b, 0x72e22f1a,
+    0xe9476375, 0x9ed9b185, 0x057cfdea, 0x71e41465, 0xea41580a,
+    0x9ddf8afa, 0x067ac695, 0x50a4d810, 0xcb01947f, 0xbc9f468f,
+    0x273a0ae0, 0x53a2e36f, 0xc807af00, 0xbf997df0, 0x243c319f,
+    0x56a8aeee, 0xcd0de281, 0xba933071, 0x21367c1e, 0x55ae9591,
+    0xce0bd9fe, 0xb9950b0e, 0x22304761, 0x5cbc35ec, 0xc7197983,
+    0xb087ab73, 0x2b22e71c, 0x5fba0e93, 0xc41f42fc, 0xb381900c,
+    0x2824dc63, 0x5ab04312, 0xc1150f7d, 0xb68bdd8d, 0x2d2e91e2,
+    0x59b6786d, 0xc2133402, 0xb58de6f2, 0x2e28aa9d, 0x489503e8,
+    0xd3304f87, 0xa4ae9d77, 0x3f0bd118, 0x4b933897, 0xd03674f8,
+    0xa7a8a608, 0x3c0dea67, 0x4e997516, 0xd53c3979, 0xa2a2eb89,
+    0x3907a7e6, 0x4d9f4e69, 0xd63a0206, 0xa1a4d0f6, 0x3a019c99,
+    0x448dee14, 0xdf28a27b, 0xa8b6708b, 0x33133ce4, 0x478bd56b,
+    0xdc2e9904, 0xabb04bf4, 0x3015079b, 0x428198ea, 0xd924d485,
+    0xaeba0675, 0x351f4a1a, 0x4187a395, 0xda22effa, 0xadbc3d0a,
+    0x36197165},
+   {0x00000000, 0xc18edfc0, 0x586cb9c1, 0x99e26601, 0xb0d97382,
+    0x7157ac42, 0xe8b5ca43, 0x293b1583, 0xbac3e145, 0x7b4d3e85,
+    0xe2af5884, 0x23218744, 0x0a1a92c7, 0xcb944d07, 0x52762b06,
+    0x93f8f4c6, 0xaef6c4cb, 0x6f781b0b, 0xf69a7d0a, 0x3714a2ca,
+    0x1e2fb749, 0xdfa16889, 0x46430e88, 0x87cdd148, 0x1435258e,
+    0xd5bbfa4e, 0x4c599c4f, 0x8dd7438f, 0xa4ec560c, 0x656289cc,
+    0xfc80efcd, 0x3d0e300d, 0x869c8fd7, 0x47125017, 0xdef03616,
+    0x1f7ee9d6, 0x3645fc55, 0xf7cb2395, 0x6e294594, 0xafa79a54,
+    0x3c5f6e92, 0xfdd1b152, 0x6433d753, 0xa5bd0893, 0x8c861d10,
+    0x4d08c2d0, 0xd4eaa4d1, 0x15647b11, 0x286a4b1c, 0xe9e494dc,
+    0x7006f2dd, 0xb1882d1d, 0x98b3389e, 0x593de75e, 0xc0df815f,
+    0x01515e9f, 0x92a9aa59, 0x53277599, 0xcac51398, 0x0b4bcc58,
+    0x2270d9db, 0xe3fe061b, 0x7a1c601a, 0xbb92bfda, 0xd64819ef,
+    0x17c6c62f, 0x8e24a02e, 0x4faa7fee, 0x66916a6d, 0xa71fb5ad,
+    0x3efdd3ac, 0xff730c6c, 0x6c8bf8aa, 0xad05276a, 0x34e7416b,
+    0xf5699eab, 0xdc528b28, 0x1ddc54e8, 0x843e32e9, 0x45b0ed29,
+    0x78bedd24, 0xb93002e4, 0x20d264e5, 0xe15cbb25, 0xc867aea6,
+    0x09e97166, 0x900b1767, 0x5185c8a7, 0xc27d3c61, 0x03f3e3a1,
+    0x9a1185a0, 0x5b9f5a60, 0x72a44fe3, 0xb32a9023, 0x2ac8f622,
+    0xeb4629e2, 0x50d49638, 0x915a49f8, 0x08b82ff9, 0xc936f039,
+    0xe00de5ba, 0x21833a7a, 0xb8615c7b, 0x79ef83bb, 0xea17777d,
+    0x2b99a8bd, 0xb27bcebc, 0x73f5117c, 0x5ace04ff, 0x9b40db3f,
+    0x02a2bd3e, 0xc32c62fe, 0xfe2252f3, 0x3fac8d33, 0xa64eeb32,
+    0x67c034f2, 0x4efb2171, 0x8f75feb1, 0x169798b0, 0xd7194770,
+    0x44e1b3b6, 0x856f6c76, 0x1c8d0a77, 0xdd03d5b7, 0xf438c034,
+    0x35b61ff4, 0xac5479f5, 0x6ddaa635, 0x77e1359f, 0xb66fea5f,
+    0x2f8d8c5e, 0xee03539e, 0xc738461d, 0x06b699dd, 0x9f54ffdc,
+    0x5eda201c, 0xcd22d4da, 0x0cac0b1a, 0x954e6d1b, 0x54c0b2db,
+    0x7dfba758, 0xbc757898, 0x25971e99, 0xe419c159, 0xd917f154,
+    0x18992e94, 0x817b4895, 0x40f59755, 0x69ce82d6, 0xa8405d16,
+    0x31a23b17, 0xf02ce4d7, 0x63d41011, 0xa25acfd1, 0x3bb8a9d0,
+    0xfa367610, 0xd30d6393, 0x1283bc53, 0x8b61da52, 0x4aef0592,
+    0xf17dba48, 0x30f36588, 0xa9110389, 0x689fdc49, 0x41a4c9ca,
+    0x802a160a, 0x19c8700b, 0xd846afcb, 0x4bbe5b0d, 0x8a3084cd,
+    0x13d2e2cc, 0xd25c3d0c, 0xfb67288f, 0x3ae9f74f, 0xa30b914e,
+    0x62854e8e, 0x5f8b7e83, 0x9e05a143, 0x07e7c742, 0xc6691882,
+    0xef520d01, 0x2edcd2c1, 0xb73eb4c0, 0x76b06b00, 0xe5489fc6,
+    0x24c64006, 0xbd242607, 0x7caaf9c7, 0x5591ec44, 0x941f3384,
+    0x0dfd5585, 0xcc738a45, 0xa1a92c70, 0x6027f3b0, 0xf9c595b1,
+    0x384b4a71, 0x11705ff2, 0xd0fe8032, 0x491ce633, 0x889239f3,
+    0x1b6acd35, 0xdae412f5, 0x430674f4, 0x8288ab34, 0xabb3beb7,
+    0x6a3d6177, 0xf3df0776, 0x3251d8b6, 0x0f5fe8bb, 0xced1377b,
+    0x5733517a, 0x96bd8eba, 0xbf869b39, 0x7e0844f9, 0xe7ea22f8,
+    0x2664fd38, 0xb59c09fe, 0x7412d63e, 0xedf0b03f, 0x2c7e6fff,
+    0x05457a7c, 0xc4cba5bc, 0x5d29c3bd, 0x9ca71c7d, 0x2735a3a7,
+    0xe6bb7c67, 0x7f591a66, 0xbed7c5a6, 0x97ecd025, 0x56620fe5,
+    0xcf8069e4, 0x0e0eb624, 0x9df642e2, 0x5c789d22, 0xc59afb23,
+    0x041424e3, 0x2d2f3160, 0xeca1eea0, 0x754388a1, 0xb4cd5761,
+    0x89c3676c, 0x484db8ac, 0xd1afdead, 0x1021016d, 0x391a14ee,
+    0xf894cb2e, 0x6176ad2f, 0xa0f872ef, 0x33008629, 0xf28e59e9,
+    0x6b6c3fe8, 0xaae2e028, 0x83d9f5ab, 0x42572a6b, 0xdbb54c6a,
+    0x1a3b93aa},
+   {0x00000000, 0xefc26b3e, 0x04f5d03d, 0xeb37bb03, 0x09eba07a,
+    0xe629cb44, 0x0d1e7047, 0xe2dc1b79, 0x13d740f4, 0xfc152bca,
+    0x172290c9, 0xf8e0fbf7, 0x1a3ce08e, 0xf5fe8bb0, 0x1ec930b3,
+    0xf10b5b8d, 0x27ae81e8, 0xc86cead6, 0x235b51d5, 0xcc993aeb,
+    0x2e452192, 0xc1874aac, 0x2ab0f1af, 0xc5729a91, 0x3479c11c,
+    0xdbbbaa22, 0x308c1121, 0xdf4e7a1f, 0x3d926166, 0xd2500a58,
+    0x3967b15b, 0xd6a5da65, 0x4f5d03d0, 0xa09f68ee, 0x4ba8d3ed,
+    0xa46ab8d3, 0x46b6a3aa, 0xa974c894, 0x42437397, 0xad8118a9,
+    0x5c8a4324, 0xb348281a, 0x587f9319, 0xb7bdf827, 0x5561e35e,
+    0xbaa38860, 0x51943363, 0xbe56585d, 0x68f38238, 0x8731e906,
+    0x6c065205, 0x83c4393b, 0x61182242, 0x8eda497c, 0x65edf27f,
+    0x8a2f9941, 0x7b24c2cc, 0x94e6a9f2, 0x7fd112f1, 0x901379cf,
+    0x72cf62b6, 0x9d0d0988, 0x763ab28b, 0x99f8d9b5, 0x9eba07a0,
+    0x71786c9e, 0x9a4fd79d, 0x758dbca3, 0x9751a7da, 0x7893cce4,
+    0x93a477e7, 0x7c661cd9, 0x8d6d4754, 0x62af2c6a, 0x89989769,
+    0x665afc57, 0x8486e72e, 0x6b448c10, 0x80733713, 0x6fb15c2d,
+    0xb9148648, 0x56d6ed76, 0xbde15675, 0x52233d4b, 0xb0ff2632,
+    0x5f3d4d0c, 0xb40af60f, 0x5bc89d31, 0xaac3c6bc, 0x4501ad82,
+    0xae361681, 0x41f47dbf, 0xa32866c6, 0x4cea0df8, 0xa7ddb6fb,
+    0x481fddc5, 0xd1e70470, 0x3e256f4e, 0xd512d44d, 0x3ad0bf73,
+    0xd80ca40a, 0x37cecf34, 0xdcf97437, 0x333b1f09, 0xc2304484,
+    0x2df22fba, 0xc6c594b9, 0x2907ff87, 0xcbdbe4fe, 0x24198fc0,
+    0xcf2e34c3, 0x20ec5ffd, 0xf6498598, 0x198beea6, 0xf2bc55a5,
+    0x1d7e3e9b, 0xffa225e2, 0x10604edc, 0xfb57f5df, 0x14959ee1,
+    0xe59ec56c, 0x0a5cae52, 0xe16b1551, 0x0ea97e6f, 0xec756516,
+    0x03b70e28, 0xe880b52b, 0x0742de15, 0xe6050901, 0x09c7623f,
+    0xe2f0d93c, 0x0d32b202, 0xefeea97b, 0x002cc245, 0xeb1b7946,
+    0x04d91278, 0xf5d249f5, 0x1a1022cb, 0xf12799c8, 0x1ee5f2f6,
+    0xfc39e98f, 0x13fb82b1, 0xf8cc39b2, 0x170e528c, 0xc1ab88e9,
+    0x2e69e3d7, 0xc55e58d4, 0x2a9c33ea, 0xc8402893, 0x278243ad,
+    0xccb5f8ae, 0x23779390, 0xd27cc81d, 0x3dbea323, 0xd6891820,
+    0x394b731e, 0xdb976867, 0x34550359, 0xdf62b85a, 0x30a0d364,
+    0xa9580ad1, 0x469a61ef, 0xadaddaec, 0x426fb1d2, 0xa0b3aaab,
+    0x4f71c195, 0xa4467a96, 0x4b8411a8, 0xba8f4a25, 0x554d211b,
+    0xbe7a9a18, 0x51b8f126, 0xb364ea5f, 0x5ca68161, 0xb7913a62,
+    0x5853515c, 0x8ef68b39, 0x6134e007, 0x8a035b04, 0x65c1303a,
+    0x871d2b43, 0x68df407d, 0x83e8fb7e, 0x6c2a9040, 0x9d21cbcd,
+    0x72e3a0f3, 0x99d41bf0, 0x761670ce, 0x94ca6bb7, 0x7b080089,
+    0x903fbb8a, 0x7ffdd0b4, 0x78bf0ea1, 0x977d659f, 0x7c4ade9c,
+    0x9388b5a2, 0x7154aedb, 0x9e96c5e5, 0x75a17ee6, 0x9a6315d8,
+    0x6b684e55, 0x84aa256b, 0x6f9d9e68, 0x805ff556, 0x6283ee2f,
+    0x8d418511, 0x66763e12, 0x89b4552c, 0x5f118f49, 0xb0d3e477,
+    0x5be45f74, 0xb426344a, 0x56fa2f33, 0xb938440d, 0x520fff0e,
+    0xbdcd9430, 0x4cc6cfbd, 0xa304a483, 0x48331f80, 0xa7f174be,
+    0x452d6fc7, 0xaaef04f9, 0x41d8bffa, 0xae1ad4c4, 0x37e20d71,
+    0xd820664f, 0x3317dd4c, 0xdcd5b672, 0x3e09ad0b, 0xd1cbc635,
+    0x3afc7d36, 0xd53e1608, 0x24354d85, 0xcbf726bb, 0x20c09db8,
+    0xcf02f686, 0x2ddeedff, 0xc21c86c1, 0x292b3dc2, 0xc6e956fc,
+    0x104c8c99, 0xff8ee7a7, 0x14b95ca4, 0xfb7b379a, 0x19a72ce3,
+    0xf66547dd, 0x1d52fcde, 0xf29097e0, 0x039bcc6d, 0xec59a753,
+    0x076e1c50, 0xe8ac776e, 0x0a706c17, 0xe5b20729, 0x0e85bc2a,
+    0xe147d714},
+   {0x00000000, 0x177b1443, 0x2ef62886, 0x398d3cc5, 0x5dec510c,
+    0x4a97454f, 0x731a798a, 0x64616dc9, 0xbbd8a218, 0xaca3b65b,
+    0x952e8a9e, 0x82559edd, 0xe634f314, 0xf14fe757, 0xc8c2db92,
+    0xdfb9cfd1, 0xacc04271, 0xbbbb5632, 0x82366af7, 0x954d7eb4,
+    0xf12c137d, 0xe657073e, 0xdfda3bfb, 0xc8a12fb8, 0x1718e069,
+    0x0063f42a, 0x39eec8ef, 0x2e95dcac, 0x4af4b165, 0x5d8fa526,
+    0x640299e3, 0x73798da0, 0x82f182a3, 0x958a96e0, 0xac07aa25,
+    0xbb7cbe66, 0xdf1dd3af, 0xc866c7ec, 0xf1ebfb29, 0xe690ef6a,
+    0x392920bb, 0x2e5234f8, 0x17df083d, 0x00a41c7e, 0x64c571b7,
+    0x73be65f4, 0x4a335931, 0x5d484d72, 0x2e31c0d2, 0x394ad491,
+    0x00c7e854, 0x17bcfc17, 0x73dd91de, 0x64a6859d, 0x5d2bb958,
+    0x4a50ad1b, 0x95e962ca, 0x82927689, 0xbb1f4a4c, 0xac645e0f,
+    0xc80533c6, 0xdf7e2785, 0xe6f31b40, 0xf1880f03, 0xde920307,
+    0xc9e91744, 0xf0642b81, 0xe71f3fc2, 0x837e520b, 0x94054648,
+    0xad887a8d, 0xbaf36ece, 0x654aa11f, 0x7231b55c, 0x4bbc8999,
+    0x5cc79dda, 0x38a6f013, 0x2fdde450, 0x1650d895, 0x012bccd6,
+    0x72524176, 0x65295535, 0x5ca469f0, 0x4bdf7db3, 0x2fbe107a,
+    0x38c50439, 0x014838fc, 0x16332cbf, 0xc98ae36e, 0xdef1f72d,
+    0xe77ccbe8, 0xf007dfab, 0x9466b262, 0x831da621, 0xba909ae4,
+    0xadeb8ea7, 0x5c6381a4, 0x4b1895e7, 0x7295a922, 0x65eebd61,
+    0x018fd0a8, 0x16f4c4eb, 0x2f79f82e, 0x3802ec6d, 0xe7bb23bc,
+    0xf0c037ff, 0xc94d0b3a, 0xde361f79, 0xba5772b0, 0xad2c66f3,
+    0x94a15a36, 0x83da4e75, 0xf0a3c3d5, 0xe7d8d796, 0xde55eb53,
+    0xc92eff10, 0xad4f92d9, 0xba34869a, 0x83b9ba5f, 0x94c2ae1c,
+    0x4b7b61cd, 0x5c00758e, 0x658d494b, 0x72f65d08, 0x169730c1,
+    0x01ec2482, 0x38611847, 0x2f1a0c04, 0x6655004f, 0x712e140c,
+    0x48a328c9, 0x5fd83c8a, 0x3bb95143, 0x2cc24500, 0x154f79c5,
+    0x02346d86, 0xdd8da257, 0xcaf6b614, 0xf37b8ad1, 0xe4009e92,
+    0x8061f35b, 0x971ae718, 0xae97dbdd, 0xb9eccf9e, 0xca95423e,
+    0xddee567d, 0xe4636ab8, 0xf3187efb, 0x97791332, 0x80020771,
+    0xb98f3bb4, 0xaef42ff7, 0x714de026, 0x6636f465, 0x5fbbc8a0,
+    0x48c0dce3, 0x2ca1b12a, 0x3bdaa569, 0x025799ac, 0x152c8def,
+    0xe4a482ec, 0xf3df96af, 0xca52aa6a, 0xdd29be29, 0xb948d3e0,
+    0xae33c7a3, 0x97befb66, 0x80c5ef25, 0x5f7c20f4, 0x480734b7,
+    0x718a0872, 0x66f11c31, 0x029071f8, 0x15eb65bb, 0x2c66597e,
+    0x3b1d4d3d, 0x4864c09d, 0x5f1fd4de, 0x6692e81b, 0x71e9fc58,
+    0x15889191, 0x02f385d2, 0x3b7eb917, 0x2c05ad54, 0xf3bc6285,
+    0xe4c776c6, 0xdd4a4a03, 0xca315e40, 0xae503389, 0xb92b27ca,
+    0x80a61b0f, 0x97dd0f4c, 0xb8c70348, 0xafbc170b, 0x96312bce,
+    0x814a3f8d, 0xe52b5244, 0xf2504607, 0xcbdd7ac2, 0xdca66e81,
+    0x031fa150, 0x1464b513, 0x2de989d6, 0x3a929d95, 0x5ef3f05c,
+    0x4988e41f, 0x7005d8da, 0x677ecc99, 0x14074139, 0x037c557a,
+    0x3af169bf, 0x2d8a7dfc, 0x49eb1035, 0x5e900476, 0x671d38b3,
+    0x70662cf0, 0xafdfe321, 0xb8a4f762, 0x8129cba7, 0x9652dfe4,
+    0xf233b22d, 0xe548a66e, 0xdcc59aab, 0xcbbe8ee8, 0x3a3681eb,
+    0x2d4d95a8, 0x14c0a96d, 0x03bbbd2e, 0x67dad0e7, 0x70a1c4a4,
+    0x492cf861, 0x5e57ec22, 0x81ee23f3, 0x969537b0, 0xaf180b75,
+    0xb8631f36, 0xdc0272ff, 0xcb7966bc, 0xf2f45a79, 0xe58f4e3a,
+    0x96f6c39a, 0x818dd7d9, 0xb800eb1c, 0xaf7bff5f, 0xcb1a9296,
+    0xdc6186d5, 0xe5ecba10, 0xf297ae53, 0x2d2e6182, 0x3a5575c1,
+    0x03d84904, 0x14a35d47, 0x70c2308e, 0x67b924cd, 0x5e341808,
+    0x494f0c4b}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x43147b17, 0x8628f62e, 0xc53c8d39, 0x0c51ec5d,
+    0x4f45974a, 0x8a791a73, 0xc96d6164, 0x18a2d8bb, 0x5bb6a3ac,
+    0x9e8a2e95, 0xdd9e5582, 0x14f334e6, 0x57e74ff1, 0x92dbc2c8,
+    0xd1cfb9df, 0x7142c0ac, 0x3256bbbb, 0xf76a3682, 0xb47e4d95,
+    0x7d132cf1, 0x3e0757e6, 0xfb3bdadf, 0xb82fa1c8, 0x69e01817,
+    0x2af46300, 0xefc8ee39, 0xacdc952e, 0x65b1f44a, 0x26a58f5d,
+    0xe3990264, 0xa08d7973, 0xa382f182, 0xe0968a95, 0x25aa07ac,
+    0x66be7cbb, 0xafd31ddf, 0xecc766c8, 0x29fbebf1, 0x6aef90e6,
+    0xbb202939, 0xf834522e, 0x3d08df17, 0x7e1ca400, 0xb771c564,
+    0xf465be73, 0x3159334a, 0x724d485d, 0xd2c0312e, 0x91d44a39,
+    0x54e8c700, 0x17fcbc17, 0xde91dd73, 0x9d85a664, 0x58b92b5d,
+    0x1bad504a, 0xca62e995, 0x89769282, 0x4c4a1fbb, 0x0f5e64ac,
+    0xc63305c8, 0x85277edf, 0x401bf3e6, 0x030f88f1, 0x070392de,
+    0x4417e9c9, 0x812b64f0, 0xc23f1fe7, 0x0b527e83, 0x48460594,
+    0x8d7a88ad, 0xce6ef3ba, 0x1fa14a65, 0x5cb53172, 0x9989bc4b,
+    0xda9dc75c, 0x13f0a638, 0x50e4dd2f, 0x95d85016, 0xd6cc2b01,
+    0x76415272, 0x35552965, 0xf069a45c, 0xb37ddf4b, 0x7a10be2f,
+    0x3904c538, 0xfc384801, 0xbf2c3316, 0x6ee38ac9, 0x2df7f1de,
+    0xe8cb7ce7, 0xabdf07f0, 0x62b26694, 0x21a61d83, 0xe49a90ba,
+    0xa78eebad, 0xa481635c, 0xe795184b, 0x22a99572, 0x61bdee65,
+    0xa8d08f01, 0xebc4f416, 0x2ef8792f, 0x6dec0238, 0xbc23bbe7,
+    0xff37c0f0, 0x3a0b4dc9, 0x791f36de, 0xb07257ba, 0xf3662cad,
+    0x365aa194, 0x754eda83, 0xd5c3a3f0, 0x96d7d8e7, 0x53eb55de,
+    0x10ff2ec9, 0xd9924fad, 0x9a8634ba, 0x5fbab983, 0x1caec294,
+    0xcd617b4b, 0x8e75005c, 0x4b498d65, 0x085df672, 0xc1309716,
+    0x8224ec01, 0x47186138, 0x040c1a2f, 0x4f005566, 0x0c142e71,
+    0xc928a348, 0x8a3cd85f, 0x4351b93b, 0x0045c22c, 0xc5794f15,
+    0x866d3402, 0x57a28ddd, 0x14b6f6ca, 0xd18a7bf3, 0x929e00e4,
+    0x5bf36180, 0x18e71a97, 0xdddb97ae, 0x9ecfecb9, 0x3e4295ca,
+    0x7d56eedd, 0xb86a63e4, 0xfb7e18f3, 0x32137997, 0x71070280,
+    0xb43b8fb9, 0xf72ff4ae, 0x26e04d71, 0x65f43666, 0xa0c8bb5f,
+    0xe3dcc048, 0x2ab1a12c, 0x69a5da3b, 0xac995702, 0xef8d2c15,
+    0xec82a4e4, 0xaf96dff3, 0x6aaa52ca, 0x29be29dd, 0xe0d348b9,
+    0xa3c733ae, 0x66fbbe97, 0x25efc580, 0xf4207c5f, 0xb7340748,
+    0x72088a71, 0x311cf166, 0xf8719002, 0xbb65eb15, 0x7e59662c,
+    0x3d4d1d3b, 0x9dc06448, 0xded41f5f, 0x1be89266, 0x58fce971,
+    0x91918815, 0xd285f302, 0x17b97e3b, 0x54ad052c, 0x8562bcf3,
+    0xc676c7e4, 0x034a4add, 0x405e31ca, 0x893350ae, 0xca272bb9,
+    0x0f1ba680, 0x4c0fdd97, 0x4803c7b8, 0x0b17bcaf, 0xce2b3196,
+    0x8d3f4a81, 0x44522be5, 0x074650f2, 0xc27addcb, 0x816ea6dc,
+    0x50a11f03, 0x13b56414, 0xd689e92d, 0x959d923a, 0x5cf0f35e,
+    0x1fe48849, 0xdad80570, 0x99cc7e67, 0x39410714, 0x7a557c03,
+    0xbf69f13a, 0xfc7d8a2d, 0x3510eb49, 0x7604905e, 0xb3381d67,
+    0xf02c6670, 0x21e3dfaf, 0x62f7a4b8, 0xa7cb2981, 0xe4df5296,
+    0x2db233f2, 0x6ea648e5, 0xab9ac5dc, 0xe88ebecb, 0xeb81363a,
+    0xa8954d2d, 0x6da9c014, 0x2ebdbb03, 0xe7d0da67, 0xa4c4a170,
+    0x61f82c49, 0x22ec575e, 0xf323ee81, 0xb0379596, 0x750b18af,
+    0x361f63b8, 0xff7202dc, 0xbc6679cb, 0x795af4f2, 0x3a4e8fe5,
+    0x9ac3f696, 0xd9d78d81, 0x1ceb00b8, 0x5fff7baf, 0x96921acb,
+    0xd58661dc, 0x10baece5, 0x53ae97f2, 0x82612e2d, 0xc175553a,
+    0x0449d803, 0x475da314, 0x8e30c270, 0xcd24b967, 0x0818345e,
+    0x4b0c4f49},
+   {0x00000000, 0x3e6bc2ef, 0x3dd0f504, 0x03bb37eb, 0x7aa0eb09,
+    0x44cb29e6, 0x47701e0d, 0x791bdce2, 0xf440d713, 0xca2b15fc,
+    0xc9902217, 0xf7fbe0f8, 0x8ee03c1a, 0xb08bfef5, 0xb330c91e,
+    0x8d5b0bf1, 0xe881ae27, 0xd6ea6cc8, 0xd5515b23, 0xeb3a99cc,
+    0x9221452e, 0xac4a87c1, 0xaff1b02a, 0x919a72c5, 0x1cc17934,
+    0x22aabbdb, 0x21118c30, 0x1f7a4edf, 0x6661923d, 0x580a50d2,
+    0x5bb16739, 0x65daa5d6, 0xd0035d4f, 0xee689fa0, 0xedd3a84b,
+    0xd3b86aa4, 0xaaa3b646, 0x94c874a9, 0x97734342, 0xa91881ad,
+    0x24438a5c, 0x1a2848b3, 0x19937f58, 0x27f8bdb7, 0x5ee36155,
+    0x6088a3ba, 0x63339451, 0x5d5856be, 0x3882f368, 0x06e93187,
+    0x0552066c, 0x3b39c483, 0x42221861, 0x7c49da8e, 0x7ff2ed65,
+    0x41992f8a, 0xccc2247b, 0xf2a9e694, 0xf112d17f, 0xcf791390,
+    0xb662cf72, 0x88090d9d, 0x8bb23a76, 0xb5d9f899, 0xa007ba9e,
+    0x9e6c7871, 0x9dd74f9a, 0xa3bc8d75, 0xdaa75197, 0xe4cc9378,
+    0xe777a493, 0xd91c667c, 0x54476d8d, 0x6a2caf62, 0x69979889,
+    0x57fc5a66, 0x2ee78684, 0x108c446b, 0x13377380, 0x2d5cb16f,
+    0x488614b9, 0x76edd656, 0x7556e1bd, 0x4b3d2352, 0x3226ffb0,
+    0x0c4d3d5f, 0x0ff60ab4, 0x319dc85b, 0xbcc6c3aa, 0x82ad0145,
+    0x811636ae, 0xbf7df441, 0xc66628a3, 0xf80dea4c, 0xfbb6dda7,
+    0xc5dd1f48, 0x7004e7d1, 0x4e6f253e, 0x4dd412d5, 0x73bfd03a,
+    0x0aa40cd8, 0x34cfce37, 0x3774f9dc, 0x091f3b33, 0x844430c2,
+    0xba2ff22d, 0xb994c5c6, 0x87ff0729, 0xfee4dbcb, 0xc08f1924,
+    0xc3342ecf, 0xfd5fec20, 0x988549f6, 0xa6ee8b19, 0xa555bcf2,
+    0x9b3e7e1d, 0xe225a2ff, 0xdc4e6010, 0xdff557fb, 0xe19e9514,
+    0x6cc59ee5, 0x52ae5c0a, 0x51156be1, 0x6f7ea90e, 0x166575ec,
+    0x280eb703, 0x2bb580e8, 0x15de4207, 0x010905e6, 0x3f62c709,
+    0x3cd9f0e2, 0x02b2320d, 0x7ba9eeef, 0x45c22c00, 0x46791beb,
+    0x7812d904, 0xf549d2f5, 0xcb22101a, 0xc89927f1, 0xf6f2e51e,
+    0x8fe939fc, 0xb182fb13, 0xb239ccf8, 0x8c520e17, 0xe988abc1,
+    0xd7e3692e, 0xd4585ec5, 0xea339c2a, 0x932840c8, 0xad438227,
+    0xaef8b5cc, 0x90937723, 0x1dc87cd2, 0x23a3be3d, 0x201889d6,
+    0x1e734b39, 0x676897db, 0x59035534, 0x5ab862df, 0x64d3a030,
+    0xd10a58a9, 0xef619a46, 0xecdaadad, 0xd2b16f42, 0xabaab3a0,
+    0x95c1714f, 0x967a46a4, 0xa811844b, 0x254a8fba, 0x1b214d55,
+    0x189a7abe, 0x26f1b851, 0x5fea64b3, 0x6181a65c, 0x623a91b7,
+    0x5c515358, 0x398bf68e, 0x07e03461, 0x045b038a, 0x3a30c165,
+    0x432b1d87, 0x7d40df68, 0x7efbe883, 0x40902a6c, 0xcdcb219d,
+    0xf3a0e372, 0xf01bd499, 0xce701676, 0xb76bca94, 0x8900087b,
+    0x8abb3f90, 0xb4d0fd7f, 0xa10ebf78, 0x9f657d97, 0x9cde4a7c,
+    0xa2b58893, 0xdbae5471, 0xe5c5969e, 0xe67ea175, 0xd815639a,
+    0x554e686b, 0x6b25aa84, 0x689e9d6f, 0x56f55f80, 0x2fee8362,
+    0x1185418d, 0x123e7666, 0x2c55b489, 0x498f115f, 0x77e4d3b0,
+    0x745fe45b, 0x4a3426b4, 0x332ffa56, 0x0d4438b9, 0x0eff0f52,
+    0x3094cdbd, 0xbdcfc64c, 0x83a404a3, 0x801f3348, 0xbe74f1a7,
+    0xc76f2d45, 0xf904efaa, 0xfabfd841, 0xc4d41aae, 0x710de237,
+    0x4f6620d8, 0x4cdd1733, 0x72b6d5dc, 0x0bad093e, 0x35c6cbd1,
+    0x367dfc3a, 0x08163ed5, 0x854d3524, 0xbb26f7cb, 0xb89dc020,
+    0x86f602cf, 0xffedde2d, 0xc1861cc2, 0xc23d2b29, 0xfc56e9c6,
+    0x998c4c10, 0xa7e78eff, 0xa45cb914, 0x9a377bfb, 0xe32ca719,
+    0xdd4765f6, 0xdefc521d, 0xe09790f2, 0x6dcc9b03, 0x53a759ec,
+    0x501c6e07, 0x6e77ace8, 0x176c700a, 0x2907b2e5, 0x2abc850e,
+    0x14d747e1},
+   {0x00000000, 0xc0df8ec1, 0xc1b96c58, 0x0166e299, 0x8273d9b0,
+    0x42ac5771, 0x43cab5e8, 0x83153b29, 0x45e1c3ba, 0x853e4d7b,
+    0x8458afe2, 0x44872123, 0xc7921a0a, 0x074d94cb, 0x062b7652,
+    0xc6f4f893, 0xcbc4f6ae, 0x0b1b786f, 0x0a7d9af6, 0xcaa21437,
+    0x49b72f1e, 0x8968a1df, 0x880e4346, 0x48d1cd87, 0x8e253514,
+    0x4efabbd5, 0x4f9c594c, 0x8f43d78d, 0x0c56eca4, 0xcc896265,
+    0xcdef80fc, 0x0d300e3d, 0xd78f9c86, 0x17501247, 0x1636f0de,
+    0xd6e97e1f, 0x55fc4536, 0x9523cbf7, 0x9445296e, 0x549aa7af,
+    0x926e5f3c, 0x52b1d1fd, 0x53d73364, 0x9308bda5, 0x101d868c,
+    0xd0c2084d, 0xd1a4ead4, 0x117b6415, 0x1c4b6a28, 0xdc94e4e9,
+    0xddf20670, 0x1d2d88b1, 0x9e38b398, 0x5ee73d59, 0x5f81dfc0,
+    0x9f5e5101, 0x59aaa992, 0x99752753, 0x9813c5ca, 0x58cc4b0b,
+    0xdbd97022, 0x1b06fee3, 0x1a601c7a, 0xdabf92bb, 0xef1948d6,
+    0x2fc6c617, 0x2ea0248e, 0xee7faa4f, 0x6d6a9166, 0xadb51fa7,
+    0xacd3fd3e, 0x6c0c73ff, 0xaaf88b6c, 0x6a2705ad, 0x6b41e734,
+    0xab9e69f5, 0x288b52dc, 0xe854dc1d, 0xe9323e84, 0x29edb045,
+    0x24ddbe78, 0xe40230b9, 0xe564d220, 0x25bb5ce1, 0xa6ae67c8,
+    0x6671e909, 0x67170b90, 0xa7c88551, 0x613c7dc2, 0xa1e3f303,
+    0xa085119a, 0x605a9f5b, 0xe34fa472, 0x23902ab3, 0x22f6c82a,
+    0xe22946eb, 0x3896d450, 0xf8495a91, 0xf92fb808, 0x39f036c9,
+    0xbae50de0, 0x7a3a8321, 0x7b5c61b8, 0xbb83ef79, 0x7d7717ea,
+    0xbda8992b, 0xbcce7bb2, 0x7c11f573, 0xff04ce5a, 0x3fdb409b,
+    0x3ebda202, 0xfe622cc3, 0xf35222fe, 0x338dac3f, 0x32eb4ea6,
+    0xf234c067, 0x7121fb4e, 0xb1fe758f, 0xb0989716, 0x704719d7,
+    0xb6b3e144, 0x766c6f85, 0x770a8d1c, 0xb7d503dd, 0x34c038f4,
+    0xf41fb635, 0xf57954ac, 0x35a6da6d, 0x9f35e177, 0x5fea6fb6,
+    0x5e8c8d2f, 0x9e5303ee, 0x1d4638c7, 0xdd99b606, 0xdcff549f,
+    0x1c20da5e, 0xdad422cd, 0x1a0bac0c, 0x1b6d4e95, 0xdbb2c054,
+    0x58a7fb7d, 0x987875bc, 0x991e9725, 0x59c119e4, 0x54f117d9,
+    0x942e9918, 0x95487b81, 0x5597f540, 0xd682ce69, 0x165d40a8,
+    0x173ba231, 0xd7e42cf0, 0x1110d463, 0xd1cf5aa2, 0xd0a9b83b,
+    0x107636fa, 0x93630dd3, 0x53bc8312, 0x52da618b, 0x9205ef4a,
+    0x48ba7df1, 0x8865f330, 0x890311a9, 0x49dc9f68, 0xcac9a441,
+    0x0a162a80, 0x0b70c819, 0xcbaf46d8, 0x0d5bbe4b, 0xcd84308a,
+    0xcce2d213, 0x0c3d5cd2, 0x8f2867fb, 0x4ff7e93a, 0x4e910ba3,
+    0x8e4e8562, 0x837e8b5f, 0x43a1059e, 0x42c7e707, 0x821869c6,
+    0x010d52ef, 0xc1d2dc2e, 0xc0b43eb7, 0x006bb076, 0xc69f48e5,
+    0x0640c624, 0x072624bd, 0xc7f9aa7c, 0x44ec9155, 0x84331f94,
+    0x8555fd0d, 0x458a73cc, 0x702ca9a1, 0xb0f32760, 0xb195c5f9,
+    0x714a4b38, 0xf25f7011, 0x3280fed0, 0x33e61c49, 0xf3399288,
+    0x35cd6a1b, 0xf512e4da, 0xf4740643, 0x34ab8882, 0xb7beb3ab,
+    0x77613d6a, 0x7607dff3, 0xb6d85132, 0xbbe85f0f, 0x7b37d1ce,
+    0x7a513357, 0xba8ebd96, 0x399b86bf, 0xf944087e, 0xf822eae7,
+    0x38fd6426, 0xfe099cb5, 0x3ed61274, 0x3fb0f0ed, 0xff6f7e2c,
+    0x7c7a4505, 0xbca5cbc4, 0xbdc3295d, 0x7d1ca79c, 0xa7a33527,
+    0x677cbbe6, 0x661a597f, 0xa6c5d7be, 0x25d0ec97, 0xe50f6256,
+    0xe46980cf, 0x24b60e0e, 0xe242f69d, 0x229d785c, 0x23fb9ac5,
+    0xe3241404, 0x60312f2d, 0xa0eea1ec, 0xa1884375, 0x6157cdb4,
+    0x6c67c389, 0xacb84d48, 0xaddeafd1, 0x6d012110, 0xee141a39,
+    0x2ecb94f8, 0x2fad7661, 0xef72f8a0, 0x29860033, 0xe9598ef2,
+    0xe83f6c6b, 0x28e0e2aa, 0xabf5d983, 0x6b2a5742, 0x6a4cb5db,
+    0xaa933b1a},
+   {0x00000000, 0x6f4ca59b, 0x9f9e3bec, 0xf0d29e77, 0x7f3b0603,
+    0x1077a398, 0xe0a53def, 0x8fe99874, 0xfe760c06, 0x913aa99d,
+    0x61e837ea, 0x0ea49271, 0x814d0a05, 0xee01af9e, 0x1ed331e9,
+    0x719f9472, 0xfced180c, 0x93a1bd97, 0x637323e0, 0x0c3f867b,
+    0x83d61e0f, 0xec9abb94, 0x1c4825e3, 0x73048078, 0x029b140a,
+    0x6dd7b191, 0x9d052fe6, 0xf2498a7d, 0x7da01209, 0x12ecb792,
+    0xe23e29e5, 0x8d728c7e, 0xf8db3118, 0x97979483, 0x67450af4,
+    0x0809af6f, 0x87e0371b, 0xe8ac9280, 0x187e0cf7, 0x7732a96c,
+    0x06ad3d1e, 0x69e19885, 0x993306f2, 0xf67fa369, 0x79963b1d,
+    0x16da9e86, 0xe60800f1, 0x8944a56a, 0x04362914, 0x6b7a8c8f,
+    0x9ba812f8, 0xf4e4b763, 0x7b0d2f17, 0x14418a8c, 0xe49314fb,
+    0x8bdfb160, 0xfa402512, 0x950c8089, 0x65de1efe, 0x0a92bb65,
+    0x857b2311, 0xea37868a, 0x1ae518fd, 0x75a9bd66, 0xf0b76330,
+    0x9ffbc6ab, 0x6f2958dc, 0x0065fd47, 0x8f8c6533, 0xe0c0c0a8,
+    0x10125edf, 0x7f5efb44, 0x0ec16f36, 0x618dcaad, 0x915f54da,
+    0xfe13f141, 0x71fa6935, 0x1eb6ccae, 0xee6452d9, 0x8128f742,
+    0x0c5a7b3c, 0x6316dea7, 0x93c440d0, 0xfc88e54b, 0x73617d3f,
+    0x1c2dd8a4, 0xecff46d3, 0x83b3e348, 0xf22c773a, 0x9d60d2a1,
+    0x6db24cd6, 0x02fee94d, 0x8d177139, 0xe25bd4a2, 0x12894ad5,
+    0x7dc5ef4e, 0x086c5228, 0x6720f7b3, 0x97f269c4, 0xf8becc5f,
+    0x7757542b, 0x181bf1b0, 0xe8c96fc7, 0x8785ca5c, 0xf61a5e2e,
+    0x9956fbb5, 0x698465c2, 0x06c8c059, 0x8921582d, 0xe66dfdb6,
+    0x16bf63c1, 0x79f3c65a, 0xf4814a24, 0x9bcdefbf, 0x6b1f71c8,
+    0x0453d453, 0x8bba4c27, 0xe4f6e9bc, 0x142477cb, 0x7b68d250,
+    0x0af74622, 0x65bbe3b9, 0x95697dce, 0xfa25d855, 0x75cc4021,
+    0x1a80e5ba, 0xea527bcd, 0x851ede56, 0xe06fc760, 0x8f2362fb,
+    0x7ff1fc8c, 0x10bd5917, 0x9f54c163, 0xf01864f8, 0x00cafa8f,
+    0x6f865f14, 0x1e19cb66, 0x71556efd, 0x8187f08a, 0xeecb5511,
+    0x6122cd65, 0x0e6e68fe, 0xfebcf689, 0x91f05312, 0x1c82df6c,
+    0x73ce7af7, 0x831ce480, 0xec50411b, 0x63b9d96f, 0x0cf57cf4,
+    0xfc27e283, 0x936b4718, 0xe2f4d36a, 0x8db876f1, 0x7d6ae886,
+    0x12264d1d, 0x9dcfd569, 0xf28370f2, 0x0251ee85, 0x6d1d4b1e,
+    0x18b4f678, 0x77f853e3, 0x872acd94, 0xe866680f, 0x678ff07b,
+    0x08c355e0, 0xf811cb97, 0x975d6e0c, 0xe6c2fa7e, 0x898e5fe5,
+    0x795cc192, 0x16106409, 0x99f9fc7d, 0xf6b559e6, 0x0667c791,
+    0x692b620a, 0xe459ee74, 0x8b154bef, 0x7bc7d598, 0x148b7003,
+    0x9b62e877, 0xf42e4dec, 0x04fcd39b, 0x6bb07600, 0x1a2fe272,
+    0x756347e9, 0x85b1d99e, 0xeafd7c05, 0x6514e471, 0x0a5841ea,
+    0xfa8adf9d, 0x95c67a06, 0x10d8a450, 0x7f9401cb, 0x8f469fbc,
+    0xe00a3a27, 0x6fe3a253, 0x00af07c8, 0xf07d99bf, 0x9f313c24,
+    0xeeaea856, 0x81e20dcd, 0x713093ba, 0x1e7c3621, 0x9195ae55,
+    0xfed90bce, 0x0e0b95b9, 0x61473022, 0xec35bc5c, 0x837919c7,
+    0x73ab87b0, 0x1ce7222b, 0x930eba5f, 0xfc421fc4, 0x0c9081b3,
+    0x63dc2428, 0x1243b05a, 0x7d0f15c1, 0x8ddd8bb6, 0xe2912e2d,
+    0x6d78b659, 0x023413c2, 0xf2e68db5, 0x9daa282e, 0xe8039548,
+    0x874f30d3, 0x779daea4, 0x18d10b3f, 0x9738934b, 0xf87436d0,
+    0x08a6a8a7, 0x67ea0d3c, 0x1675994e, 0x79393cd5, 0x89eba2a2,
+    0xe6a70739, 0x694e9f4d, 0x06023ad6, 0xf6d0a4a1, 0x999c013a,
+    0x14ee8d44, 0x7ba228df, 0x8b70b6a8, 0xe43c1333, 0x6bd58b47,
+    0x04992edc, 0xf44bb0ab, 0x9b071530, 0xea988142, 0x85d424d9,
+    0x7506baae, 0x1a4a1f35, 0x95a38741, 0xfaef22da, 0x0a3dbcad,
+    0x65711936}};
+
+#endif
+
+#endif
+
+#if N == 4
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xf1da05aa, 0x38c50d15, 0xc91f08bf, 0x718a1a2a,
+    0x80501f80, 0x494f173f, 0xb8951295, 0xe3143454, 0x12ce31fe,
+    0xdbd13941, 0x2a0b3ceb, 0x929e2e7e, 0x63442bd4, 0xaa5b236b,
+    0x5b8126c1, 0x1d596ee9, 0xec836b43, 0x259c63fc, 0xd4466656,
+    0x6cd374c3, 0x9d097169, 0x541679d6, 0xa5cc7c7c, 0xfe4d5abd,
+    0x0f975f17, 0xc68857a8, 0x37525202, 0x8fc74097, 0x7e1d453d,
+    0xb7024d82, 0x46d84828, 0x3ab2ddd2, 0xcb68d878, 0x0277d0c7,
+    0xf3add56d, 0x4b38c7f8, 0xbae2c252, 0x73fdcaed, 0x8227cf47,
+    0xd9a6e986, 0x287cec2c, 0xe163e493, 0x10b9e139, 0xa82cf3ac,
+    0x59f6f606, 0x90e9feb9, 0x6133fb13, 0x27ebb33b, 0xd631b691,
+    0x1f2ebe2e, 0xeef4bb84, 0x5661a911, 0xa7bbacbb, 0x6ea4a404,
+    0x9f7ea1ae, 0xc4ff876f, 0x352582c5, 0xfc3a8a7a, 0x0de08fd0,
+    0xb5759d45, 0x44af98ef, 0x8db09050, 0x7c6a95fa, 0x7565bba4,
+    0x84bfbe0e, 0x4da0b6b1, 0xbc7ab31b, 0x04efa18e, 0xf535a424,
+    0x3c2aac9b, 0xcdf0a931, 0x96718ff0, 0x67ab8a5a, 0xaeb482e5,
+    0x5f6e874f, 0xe7fb95da, 0x16219070, 0xdf3e98cf, 0x2ee49d65,
+    0x683cd54d, 0x99e6d0e7, 0x50f9d858, 0xa123ddf2, 0x19b6cf67,
+    0xe86ccacd, 0x2173c272, 0xd0a9c7d8, 0x8b28e119, 0x7af2e4b3,
+    0xb3edec0c, 0x4237e9a6, 0xfaa2fb33, 0x0b78fe99, 0xc267f626,
+    0x33bdf38c, 0x4fd76676, 0xbe0d63dc, 0x77126b63, 0x86c86ec9,
+    0x3e5d7c5c, 0xcf8779f6, 0x06987149, 0xf74274e3, 0xacc35222,
+    0x5d195788, 0x94065f37, 0x65dc5a9d, 0xdd494808, 0x2c934da2,
+    0xe58c451d, 0x145640b7, 0x528e089f, 0xa3540d35, 0x6a4b058a,
+    0x9b910020, 0x230412b5, 0xd2de171f, 0x1bc11fa0, 0xea1b1a0a,
+    0xb19a3ccb, 0x40403961, 0x895f31de, 0x78853474, 0xc01026e1,
+    0x31ca234b, 0xf8d52bf4, 0x090f2e5e, 0xeacb7748, 0x1b1172e2,
+    0xd20e7a5d, 0x23d47ff7, 0x9b416d62, 0x6a9b68c8, 0xa3846077,
+    0x525e65dd, 0x09df431c, 0xf80546b6, 0x311a4e09, 0xc0c04ba3,
+    0x78555936, 0x898f5c9c, 0x40905423, 0xb14a5189, 0xf79219a1,
+    0x06481c0b, 0xcf5714b4, 0x3e8d111e, 0x8618038b, 0x77c20621,
+    0xbedd0e9e, 0x4f070b34, 0x14862df5, 0xe55c285f, 0x2c4320e0,
+    0xdd99254a, 0x650c37df, 0x94d63275, 0x5dc93aca, 0xac133f60,
+    0xd079aa9a, 0x21a3af30, 0xe8bca78f, 0x1966a225, 0xa1f3b0b0,
+    0x5029b51a, 0x9936bda5, 0x68ecb80f, 0x336d9ece, 0xc2b79b64,
+    0x0ba893db, 0xfa729671, 0x42e784e4, 0xb33d814e, 0x7a2289f1,
+    0x8bf88c5b, 0xcd20c473, 0x3cfac1d9, 0xf5e5c966, 0x043fcccc,
+    0xbcaade59, 0x4d70dbf3, 0x846fd34c, 0x75b5d6e6, 0x2e34f027,
+    0xdfeef58d, 0x16f1fd32, 0xe72bf898, 0x5fbeea0d, 0xae64efa7,
+    0x677be718, 0x96a1e2b2, 0x9faeccec, 0x6e74c946, 0xa76bc1f9,
+    0x56b1c453, 0xee24d6c6, 0x1ffed36c, 0xd6e1dbd3, 0x273bde79,
+    0x7cbaf8b8, 0x8d60fd12, 0x447ff5ad, 0xb5a5f007, 0x0d30e292,
+    0xfceae738, 0x35f5ef87, 0xc42fea2d, 0x82f7a205, 0x732da7af,
+    0xba32af10, 0x4be8aaba, 0xf37db82f, 0x02a7bd85, 0xcbb8b53a,
+    0x3a62b090, 0x61e39651, 0x903993fb, 0x59269b44, 0xa8fc9eee,
+    0x10698c7b, 0xe1b389d1, 0x28ac816e, 0xd97684c4, 0xa51c113e,
+    0x54c61494, 0x9dd91c2b, 0x6c031981, 0xd4960b14, 0x254c0ebe,
+    0xec530601, 0x1d8903ab, 0x4608256a, 0xb7d220c0, 0x7ecd287f,
+    0x8f172dd5, 0x37823f40, 0xc6583aea, 0x0f473255, 0xfe9d37ff,
+    0xb8457fd7, 0x499f7a7d, 0x808072c2, 0x715a7768, 0xc9cf65fd,
+    0x38156057, 0xf10a68e8, 0x00d06d42, 0x5b514b83, 0xaa8b4e29,
+    0x63944696, 0x924e433c, 0x2adb51a9, 0xdb015403, 0x121e5cbc,
+    0xe3c45916},
+   {0x00000000, 0x0ee7e8d1, 0x1dcfd1a2, 0x13283973, 0x3b9fa344,
+    0x35784b95, 0x265072e6, 0x28b79a37, 0x773f4688, 0x79d8ae59,
+    0x6af0972a, 0x64177ffb, 0x4ca0e5cc, 0x42470d1d, 0x516f346e,
+    0x5f88dcbf, 0xee7e8d10, 0xe09965c1, 0xf3b15cb2, 0xfd56b463,
+    0xd5e12e54, 0xdb06c685, 0xc82efff6, 0xc6c91727, 0x9941cb98,
+    0x97a62349, 0x848e1a3a, 0x8a69f2eb, 0xa2de68dc, 0xac39800d,
+    0xbf11b97e, 0xb1f651af, 0x078c1c61, 0x096bf4b0, 0x1a43cdc3,
+    0x14a42512, 0x3c13bf25, 0x32f457f4, 0x21dc6e87, 0x2f3b8656,
+    0x70b35ae9, 0x7e54b238, 0x6d7c8b4b, 0x639b639a, 0x4b2cf9ad,
+    0x45cb117c, 0x56e3280f, 0x5804c0de, 0xe9f29171, 0xe71579a0,
+    0xf43d40d3, 0xfadaa802, 0xd26d3235, 0xdc8adae4, 0xcfa2e397,
+    0xc1450b46, 0x9ecdd7f9, 0x902a3f28, 0x8302065b, 0x8de5ee8a,
+    0xa55274bd, 0xabb59c6c, 0xb89da51f, 0xb67a4dce, 0x0f1838c2,
+    0x01ffd013, 0x12d7e960, 0x1c3001b1, 0x34879b86, 0x3a607357,
+    0x29484a24, 0x27afa2f5, 0x78277e4a, 0x76c0969b, 0x65e8afe8,
+    0x6b0f4739, 0x43b8dd0e, 0x4d5f35df, 0x5e770cac, 0x5090e47d,
+    0xe166b5d2, 0xef815d03, 0xfca96470, 0xf24e8ca1, 0xdaf91696,
+    0xd41efe47, 0xc736c734, 0xc9d12fe5, 0x9659f35a, 0x98be1b8b,
+    0x8b9622f8, 0x8571ca29, 0xadc6501e, 0xa321b8cf, 0xb00981bc,
+    0xbeee696d, 0x089424a3, 0x0673cc72, 0x155bf501, 0x1bbc1dd0,
+    0x330b87e7, 0x3dec6f36, 0x2ec45645, 0x2023be94, 0x7fab622b,
+    0x714c8afa, 0x6264b389, 0x6c835b58, 0x4434c16f, 0x4ad329be,
+    0x59fb10cd, 0x571cf81c, 0xe6eaa9b3, 0xe80d4162, 0xfb257811,
+    0xf5c290c0, 0xdd750af7, 0xd392e226, 0xc0badb55, 0xce5d3384,
+    0x91d5ef3b, 0x9f3207ea, 0x8c1a3e99, 0x82fdd648, 0xaa4a4c7f,
+    0xa4ada4ae, 0xb7859ddd, 0xb962750c, 0x1e307184, 0x10d79955,
+    0x03ffa026, 0x0d1848f7, 0x25afd2c0, 0x2b483a11, 0x38600362,
+    0x3687ebb3, 0x690f370c, 0x67e8dfdd, 0x74c0e6ae, 0x7a270e7f,
+    0x52909448, 0x5c777c99, 0x4f5f45ea, 0x41b8ad3b, 0xf04efc94,
+    0xfea91445, 0xed812d36, 0xe366c5e7, 0xcbd15fd0, 0xc536b701,
+    0xd61e8e72, 0xd8f966a3, 0x8771ba1c, 0x899652cd, 0x9abe6bbe,
+    0x9459836f, 0xbcee1958, 0xb209f189, 0xa121c8fa, 0xafc6202b,
+    0x19bc6de5, 0x175b8534, 0x0473bc47, 0x0a945496, 0x2223cea1,
+    0x2cc42670, 0x3fec1f03, 0x310bf7d2, 0x6e832b6d, 0x6064c3bc,
+    0x734cfacf, 0x7dab121e, 0x551c8829, 0x5bfb60f8, 0x48d3598b,
+    0x4634b15a, 0xf7c2e0f5, 0xf9250824, 0xea0d3157, 0xe4ead986,
+    0xcc5d43b1, 0xc2baab60, 0xd1929213, 0xdf757ac2, 0x80fda67d,
+    0x8e1a4eac, 0x9d3277df, 0x93d59f0e, 0xbb620539, 0xb585ede8,
+    0xa6add49b, 0xa84a3c4a, 0x11284946, 0x1fcfa197, 0x0ce798e4,
+    0x02007035, 0x2ab7ea02, 0x245002d3, 0x37783ba0, 0x399fd371,
+    0x66170fce, 0x68f0e71f, 0x7bd8de6c, 0x753f36bd, 0x5d88ac8a,
+    0x536f445b, 0x40477d28, 0x4ea095f9, 0xff56c456, 0xf1b12c87,
+    0xe29915f4, 0xec7efd25, 0xc4c96712, 0xca2e8fc3, 0xd906b6b0,
+    0xd7e15e61, 0x886982de, 0x868e6a0f, 0x95a6537c, 0x9b41bbad,
+    0xb3f6219a, 0xbd11c94b, 0xae39f038, 0xa0de18e9, 0x16a45527,
+    0x1843bdf6, 0x0b6b8485, 0x058c6c54, 0x2d3bf663, 0x23dc1eb2,
+    0x30f427c1, 0x3e13cf10, 0x619b13af, 0x6f7cfb7e, 0x7c54c20d,
+    0x72b32adc, 0x5a04b0eb, 0x54e3583a, 0x47cb6149, 0x492c8998,
+    0xf8dad837, 0xf63d30e6, 0xe5150995, 0xebf2e144, 0xc3457b73,
+    0xcda293a2, 0xde8aaad1, 0xd06d4200, 0x8fe59ebf, 0x8102766e,
+    0x922a4f1d, 0x9ccda7cc, 0xb47a3dfb, 0xba9dd52a, 0xa9b5ec59,
+    0xa7520488},
+   {0x00000000, 0x3c60e308, 0x78c1c610, 0x44a12518, 0xf1838c20,
+    0xcde36f28, 0x89424a30, 0xb522a938, 0x38761e01, 0x0416fd09,
+    0x40b7d811, 0x7cd73b19, 0xc9f59221, 0xf5957129, 0xb1345431,
+    0x8d54b739, 0x70ec3c02, 0x4c8cdf0a, 0x082dfa12, 0x344d191a,
+    0x816fb022, 0xbd0f532a, 0xf9ae7632, 0xc5ce953a, 0x489a2203,
+    0x74fac10b, 0x305be413, 0x0c3b071b, 0xb919ae23, 0x85794d2b,
+    0xc1d86833, 0xfdb88b3b, 0xe1d87804, 0xddb89b0c, 0x9919be14,
+    0xa5795d1c, 0x105bf424, 0x2c3b172c, 0x689a3234, 0x54fad13c,
+    0xd9ae6605, 0xe5ce850d, 0xa16fa015, 0x9d0f431d, 0x282dea25,
+    0x144d092d, 0x50ec2c35, 0x6c8ccf3d, 0x91344406, 0xad54a70e,
+    0xe9f58216, 0xd595611e, 0x60b7c826, 0x5cd72b2e, 0x18760e36,
+    0x2416ed3e, 0xa9425a07, 0x9522b90f, 0xd1839c17, 0xede37f1f,
+    0x58c1d627, 0x64a1352f, 0x20001037, 0x1c60f33f, 0x18c1f649,
+    0x24a11541, 0x60003059, 0x5c60d351, 0xe9427a69, 0xd5229961,
+    0x9183bc79, 0xade35f71, 0x20b7e848, 0x1cd70b40, 0x58762e58,
+    0x6416cd50, 0xd1346468, 0xed548760, 0xa9f5a278, 0x95954170,
+    0x682dca4b, 0x544d2943, 0x10ec0c5b, 0x2c8cef53, 0x99ae466b,
+    0xa5cea563, 0xe16f807b, 0xdd0f6373, 0x505bd44a, 0x6c3b3742,
+    0x289a125a, 0x14faf152, 0xa1d8586a, 0x9db8bb62, 0xd9199e7a,
+    0xe5797d72, 0xf9198e4d, 0xc5796d45, 0x81d8485d, 0xbdb8ab55,
+    0x089a026d, 0x34fae165, 0x705bc47d, 0x4c3b2775, 0xc16f904c,
+    0xfd0f7344, 0xb9ae565c, 0x85ceb554, 0x30ec1c6c, 0x0c8cff64,
+    0x482dda7c, 0x744d3974, 0x89f5b24f, 0xb5955147, 0xf134745f,
+    0xcd549757, 0x78763e6f, 0x4416dd67, 0x00b7f87f, 0x3cd71b77,
+    0xb183ac4e, 0x8de34f46, 0xc9426a5e, 0xf5228956, 0x4000206e,
+    0x7c60c366, 0x38c1e67e, 0x04a10576, 0x3183ec92, 0x0de30f9a,
+    0x49422a82, 0x7522c98a, 0xc00060b2, 0xfc6083ba, 0xb8c1a6a2,
+    0x84a145aa, 0x09f5f293, 0x3595119b, 0x71343483, 0x4d54d78b,
+    0xf8767eb3, 0xc4169dbb, 0x80b7b8a3, 0xbcd75bab, 0x416fd090,
+    0x7d0f3398, 0x39ae1680, 0x05cef588, 0xb0ec5cb0, 0x8c8cbfb8,
+    0xc82d9aa0, 0xf44d79a8, 0x7919ce91, 0x45792d99, 0x01d80881,
+    0x3db8eb89, 0x889a42b1, 0xb4faa1b9, 0xf05b84a1, 0xcc3b67a9,
+    0xd05b9496, 0xec3b779e, 0xa89a5286, 0x94fab18e, 0x21d818b6,
+    0x1db8fbbe, 0x5919dea6, 0x65793dae, 0xe82d8a97, 0xd44d699f,
+    0x90ec4c87, 0xac8caf8f, 0x19ae06b7, 0x25cee5bf, 0x616fc0a7,
+    0x5d0f23af, 0xa0b7a894, 0x9cd74b9c, 0xd8766e84, 0xe4168d8c,
+    0x513424b4, 0x6d54c7bc, 0x29f5e2a4, 0x159501ac, 0x98c1b695,
+    0xa4a1559d, 0xe0007085, 0xdc60938d, 0x69423ab5, 0x5522d9bd,
+    0x1183fca5, 0x2de31fad, 0x29421adb, 0x1522f9d3, 0x5183dccb,
+    0x6de33fc3, 0xd8c196fb, 0xe4a175f3, 0xa00050eb, 0x9c60b3e3,
+    0x113404da, 0x2d54e7d2, 0x69f5c2ca, 0x559521c2, 0xe0b788fa,
+    0xdcd76bf2, 0x98764eea, 0xa416ade2, 0x59ae26d9, 0x65cec5d1,
+    0x216fe0c9, 0x1d0f03c1, 0xa82daaf9, 0x944d49f1, 0xd0ec6ce9,
+    0xec8c8fe1, 0x61d838d8, 0x5db8dbd0, 0x1919fec8, 0x25791dc0,
+    0x905bb4f8, 0xac3b57f0, 0xe89a72e8, 0xd4fa91e0, 0xc89a62df,
+    0xf4fa81d7, 0xb05ba4cf, 0x8c3b47c7, 0x3919eeff, 0x05790df7,
+    0x41d828ef, 0x7db8cbe7, 0xf0ec7cde, 0xcc8c9fd6, 0x882dbace,
+    0xb44d59c6, 0x016ff0fe, 0x3d0f13f6, 0x79ae36ee, 0x45ced5e6,
+    0xb8765edd, 0x8416bdd5, 0xc0b798cd, 0xfcd77bc5, 0x49f5d2fd,
+    0x759531f5, 0x313414ed, 0x0d54f7e5, 0x800040dc, 0xbc60a3d4,
+    0xf8c186cc, 0xc4a165c4, 0x7183ccfc, 0x4de32ff4, 0x09420aec,
+    0x3522e9e4},
+   {0x00000000, 0x6307d924, 0xc60fb248, 0xa5086b6c, 0x576e62d1,
+    0x3469bbf5, 0x9161d099, 0xf26609bd, 0xaedcc5a2, 0xcddb1c86,
+    0x68d377ea, 0x0bd4aece, 0xf9b2a773, 0x9ab57e57, 0x3fbd153b,
+    0x5cbacc1f, 0x86c88d05, 0xe5cf5421, 0x40c73f4d, 0x23c0e669,
+    0xd1a6efd4, 0xb2a136f0, 0x17a95d9c, 0x74ae84b8, 0x281448a7,
+    0x4b139183, 0xee1bfaef, 0x8d1c23cb, 0x7f7a2a76, 0x1c7df352,
+    0xb975983e, 0xda72411a, 0xd6e01c4b, 0xb5e7c56f, 0x10efae03,
+    0x73e87727, 0x818e7e9a, 0xe289a7be, 0x4781ccd2, 0x248615f6,
+    0x783cd9e9, 0x1b3b00cd, 0xbe336ba1, 0xdd34b285, 0x2f52bb38,
+    0x4c55621c, 0xe95d0970, 0x8a5ad054, 0x5028914e, 0x332f486a,
+    0x96272306, 0xf520fa22, 0x0746f39f, 0x64412abb, 0xc14941d7,
+    0xa24e98f3, 0xfef454ec, 0x9df38dc8, 0x38fbe6a4, 0x5bfc3f80,
+    0xa99a363d, 0xca9def19, 0x6f958475, 0x0c925d51, 0x76b13ed7,
+    0x15b6e7f3, 0xb0be8c9f, 0xd3b955bb, 0x21df5c06, 0x42d88522,
+    0xe7d0ee4e, 0x84d7376a, 0xd86dfb75, 0xbb6a2251, 0x1e62493d,
+    0x7d659019, 0x8f0399a4, 0xec044080, 0x490c2bec, 0x2a0bf2c8,
+    0xf079b3d2, 0x937e6af6, 0x3676019a, 0x5571d8be, 0xa717d103,
+    0xc4100827, 0x6118634b, 0x021fba6f, 0x5ea57670, 0x3da2af54,
+    0x98aac438, 0xfbad1d1c, 0x09cb14a1, 0x6acccd85, 0xcfc4a6e9,
+    0xacc37fcd, 0xa051229c, 0xc356fbb8, 0x665e90d4, 0x055949f0,
+    0xf73f404d, 0x94389969, 0x3130f205, 0x52372b21, 0x0e8de73e,
+    0x6d8a3e1a, 0xc8825576, 0xab858c52, 0x59e385ef, 0x3ae45ccb,
+    0x9fec37a7, 0xfcebee83, 0x2699af99, 0x459e76bd, 0xe0961dd1,
+    0x8391c4f5, 0x71f7cd48, 0x12f0146c, 0xb7f87f00, 0xd4ffa624,
+    0x88456a3b, 0xeb42b31f, 0x4e4ad873, 0x2d4d0157, 0xdf2b08ea,
+    0xbc2cd1ce, 0x1924baa2, 0x7a236386, 0xed627dae, 0x8e65a48a,
+    0x2b6dcfe6, 0x486a16c2, 0xba0c1f7f, 0xd90bc65b, 0x7c03ad37,
+    0x1f047413, 0x43beb80c, 0x20b96128, 0x85b10a44, 0xe6b6d360,
+    0x14d0dadd, 0x77d703f9, 0xd2df6895, 0xb1d8b1b1, 0x6baaf0ab,
+    0x08ad298f, 0xada542e3, 0xcea29bc7, 0x3cc4927a, 0x5fc34b5e,
+    0xfacb2032, 0x99ccf916, 0xc5763509, 0xa671ec2d, 0x03798741,
+    0x607e5e65, 0x921857d8, 0xf11f8efc, 0x5417e590, 0x37103cb4,
+    0x3b8261e5, 0x5885b8c1, 0xfd8dd3ad, 0x9e8a0a89, 0x6cec0334,
+    0x0febda10, 0xaae3b17c, 0xc9e46858, 0x955ea447, 0xf6597d63,
+    0x5351160f, 0x3056cf2b, 0xc230c696, 0xa1371fb2, 0x043f74de,
+    0x6738adfa, 0xbd4aece0, 0xde4d35c4, 0x7b455ea8, 0x1842878c,
+    0xea248e31, 0x89235715, 0x2c2b3c79, 0x4f2ce55d, 0x13962942,
+    0x7091f066, 0xd5999b0a, 0xb69e422e, 0x44f84b93, 0x27ff92b7,
+    0x82f7f9db, 0xe1f020ff, 0x9bd34379, 0xf8d49a5d, 0x5ddcf131,
+    0x3edb2815, 0xccbd21a8, 0xafbaf88c, 0x0ab293e0, 0x69b54ac4,
+    0x350f86db, 0x56085fff, 0xf3003493, 0x9007edb7, 0x6261e40a,
+    0x01663d2e, 0xa46e5642, 0xc7698f66, 0x1d1bce7c, 0x7e1c1758,
+    0xdb147c34, 0xb813a510, 0x4a75acad, 0x29727589, 0x8c7a1ee5,
+    0xef7dc7c1, 0xb3c70bde, 0xd0c0d2fa, 0x75c8b996, 0x16cf60b2,
+    0xe4a9690f, 0x87aeb02b, 0x22a6db47, 0x41a10263, 0x4d335f32,
+    0x2e348616, 0x8b3ced7a, 0xe83b345e, 0x1a5d3de3, 0x795ae4c7,
+    0xdc528fab, 0xbf55568f, 0xe3ef9a90, 0x80e843b4, 0x25e028d8,
+    0x46e7f1fc, 0xb481f841, 0xd7862165, 0x728e4a09, 0x1189932d,
+    0xcbfbd237, 0xa8fc0b13, 0x0df4607f, 0x6ef3b95b, 0x9c95b0e6,
+    0xff9269c2, 0x5a9a02ae, 0x399ddb8a, 0x65271795, 0x0620ceb1,
+    0xa328a5dd, 0xc02f7cf9, 0x32497544, 0x514eac60, 0xf446c70c,
+    0x97411e28},
+   {0x00000000, 0x01b5fd1d, 0x036bfa3a, 0x02de0727, 0x06d7f474,
+    0x07620969, 0x05bc0e4e, 0x0409f353, 0x0dafe8e8, 0x0c1a15f5,
+    0x0ec412d2, 0x0f71efcf, 0x0b781c9c, 0x0acde181, 0x0813e6a6,
+    0x09a61bbb, 0x1b5fd1d0, 0x1aea2ccd, 0x18342bea, 0x1981d6f7,
+    0x1d8825a4, 0x1c3dd8b9, 0x1ee3df9e, 0x1f562283, 0x16f03938,
+    0x1745c425, 0x159bc302, 0x142e3e1f, 0x1027cd4c, 0x11923051,
+    0x134c3776, 0x12f9ca6b, 0x36bfa3a0, 0x370a5ebd, 0x35d4599a,
+    0x3461a487, 0x306857d4, 0x31ddaac9, 0x3303adee, 0x32b650f3,
+    0x3b104b48, 0x3aa5b655, 0x387bb172, 0x39ce4c6f, 0x3dc7bf3c,
+    0x3c724221, 0x3eac4506, 0x3f19b81b, 0x2de07270, 0x2c558f6d,
+    0x2e8b884a, 0x2f3e7557, 0x2b378604, 0x2a827b19, 0x285c7c3e,
+    0x29e98123, 0x204f9a98, 0x21fa6785, 0x232460a2, 0x22919dbf,
+    0x26986eec, 0x272d93f1, 0x25f394d6, 0x244669cb, 0x6d7f4740,
+    0x6ccaba5d, 0x6e14bd7a, 0x6fa14067, 0x6ba8b334, 0x6a1d4e29,
+    0x68c3490e, 0x6976b413, 0x60d0afa8, 0x616552b5, 0x63bb5592,
+    0x620ea88f, 0x66075bdc, 0x67b2a6c1, 0x656ca1e6, 0x64d95cfb,
+    0x76209690, 0x77956b8d, 0x754b6caa, 0x74fe91b7, 0x70f762e4,
+    0x71429ff9, 0x739c98de, 0x722965c3, 0x7b8f7e78, 0x7a3a8365,
+    0x78e48442, 0x7951795f, 0x7d588a0c, 0x7ced7711, 0x7e337036,
+    0x7f868d2b, 0x5bc0e4e0, 0x5a7519fd, 0x58ab1eda, 0x591ee3c7,
+    0x5d171094, 0x5ca2ed89, 0x5e7ceaae, 0x5fc917b3, 0x566f0c08,
+    0x57daf115, 0x5504f632, 0x54b10b2f, 0x50b8f87c, 0x510d0561,
+    0x53d30246, 0x5266ff5b, 0x409f3530, 0x412ac82d, 0x43f4cf0a,
+    0x42413217, 0x4648c144, 0x47fd3c59, 0x45233b7e, 0x4496c663,
+    0x4d30ddd8, 0x4c8520c5, 0x4e5b27e2, 0x4feedaff, 0x4be729ac,
+    0x4a52d4b1, 0x488cd396, 0x49392e8b, 0xdafe8e80, 0xdb4b739d,
+    0xd99574ba, 0xd82089a7, 0xdc297af4, 0xdd9c87e9, 0xdf4280ce,
+    0xdef77dd3, 0xd7516668, 0xd6e49b75, 0xd43a9c52, 0xd58f614f,
+    0xd186921c, 0xd0336f01, 0xd2ed6826, 0xd358953b, 0xc1a15f50,
+    0xc014a24d, 0xc2caa56a, 0xc37f5877, 0xc776ab24, 0xc6c35639,
+    0xc41d511e, 0xc5a8ac03, 0xcc0eb7b8, 0xcdbb4aa5, 0xcf654d82,
+    0xced0b09f, 0xcad943cc, 0xcb6cbed1, 0xc9b2b9f6, 0xc80744eb,
+    0xec412d20, 0xedf4d03d, 0xef2ad71a, 0xee9f2a07, 0xea96d954,
+    0xeb232449, 0xe9fd236e, 0xe848de73, 0xe1eec5c8, 0xe05b38d5,
+    0xe2853ff2, 0xe330c2ef, 0xe73931bc, 0xe68ccca1, 0xe452cb86,
+    0xe5e7369b, 0xf71efcf0, 0xf6ab01ed, 0xf47506ca, 0xf5c0fbd7,
+    0xf1c90884, 0xf07cf599, 0xf2a2f2be, 0xf3170fa3, 0xfab11418,
+    0xfb04e905, 0xf9daee22, 0xf86f133f, 0xfc66e06c, 0xfdd31d71,
+    0xff0d1a56, 0xfeb8e74b, 0xb781c9c0, 0xb63434dd, 0xb4ea33fa,
+    0xb55fcee7, 0xb1563db4, 0xb0e3c0a9, 0xb23dc78e, 0xb3883a93,
+    0xba2e2128, 0xbb9bdc35, 0xb945db12, 0xb8f0260f, 0xbcf9d55c,
+    0xbd4c2841, 0xbf922f66, 0xbe27d27b, 0xacde1810, 0xad6be50d,
+    0xafb5e22a, 0xae001f37, 0xaa09ec64, 0xabbc1179, 0xa962165e,
+    0xa8d7eb43, 0xa171f0f8, 0xa0c40de5, 0xa21a0ac2, 0xa3aff7df,
+    0xa7a6048c, 0xa613f991, 0xa4cdfeb6, 0xa57803ab, 0x813e6a60,
+    0x808b977d, 0x8255905a, 0x83e06d47, 0x87e99e14, 0x865c6309,
+    0x8482642e, 0x85379933, 0x8c918288, 0x8d247f95, 0x8ffa78b2,
+    0x8e4f85af, 0x8a4676fc, 0x8bf38be1, 0x892d8cc6, 0x889871db,
+    0x9a61bbb0, 0x9bd446ad, 0x990a418a, 0x98bfbc97, 0x9cb64fc4,
+    0x9d03b2d9, 0x9fddb5fe, 0x9e6848e3, 0x97ce5358, 0x967bae45,
+    0x94a5a962, 0x9510547f, 0x9119a72c, 0x90ac5a31, 0x92725d16,
+    0x93c7a00b},
+   {0x00000000, 0x6e8c1b41, 0xdd183682, 0xb3942dc3, 0x61416b45,
+    0x0fcd7004, 0xbc595dc7, 0xd2d54686, 0xc282d68a, 0xac0ecdcb,
+    0x1f9ae008, 0x7116fb49, 0xa3c3bdcf, 0xcd4fa68e, 0x7edb8b4d,
+    0x1057900c, 0x5e74ab55, 0x30f8b014, 0x836c9dd7, 0xede08696,
+    0x3f35c010, 0x51b9db51, 0xe22df692, 0x8ca1edd3, 0x9cf67ddf,
+    0xf27a669e, 0x41ee4b5d, 0x2f62501c, 0xfdb7169a, 0x933b0ddb,
+    0x20af2018, 0x4e233b59, 0xbce956aa, 0xd2654deb, 0x61f16028,
+    0x0f7d7b69, 0xdda83def, 0xb32426ae, 0x00b00b6d, 0x6e3c102c,
+    0x7e6b8020, 0x10e79b61, 0xa373b6a2, 0xcdffade3, 0x1f2aeb65,
+    0x71a6f024, 0xc232dde7, 0xacbec6a6, 0xe29dfdff, 0x8c11e6be,
+    0x3f85cb7d, 0x5109d03c, 0x83dc96ba, 0xed508dfb, 0x5ec4a038,
+    0x3048bb79, 0x201f2b75, 0x4e933034, 0xfd071df7, 0x938b06b6,
+    0x415e4030, 0x2fd25b71, 0x9c4676b2, 0xf2ca6df3, 0xa2a3ab15,
+    0xcc2fb054, 0x7fbb9d97, 0x113786d6, 0xc3e2c050, 0xad6edb11,
+    0x1efaf6d2, 0x7076ed93, 0x60217d9f, 0x0ead66de, 0xbd394b1d,
+    0xd3b5505c, 0x016016da, 0x6fec0d9b, 0xdc782058, 0xb2f43b19,
+    0xfcd70040, 0x925b1b01, 0x21cf36c2, 0x4f432d83, 0x9d966b05,
+    0xf31a7044, 0x408e5d87, 0x2e0246c6, 0x3e55d6ca, 0x50d9cd8b,
+    0xe34de048, 0x8dc1fb09, 0x5f14bd8f, 0x3198a6ce, 0x820c8b0d,
+    0xec80904c, 0x1e4afdbf, 0x70c6e6fe, 0xc352cb3d, 0xadded07c,
+    0x7f0b96fa, 0x11878dbb, 0xa213a078, 0xcc9fbb39, 0xdcc82b35,
+    0xb2443074, 0x01d01db7, 0x6f5c06f6, 0xbd894070, 0xd3055b31,
+    0x609176f2, 0x0e1d6db3, 0x403e56ea, 0x2eb24dab, 0x9d266068,
+    0xf3aa7b29, 0x217f3daf, 0x4ff326ee, 0xfc670b2d, 0x92eb106c,
+    0x82bc8060, 0xec309b21, 0x5fa4b6e2, 0x3128ada3, 0xe3fdeb25,
+    0x8d71f064, 0x3ee5dda7, 0x5069c6e6, 0x9e36506b, 0xf0ba4b2a,
+    0x432e66e9, 0x2da27da8, 0xff773b2e, 0x91fb206f, 0x226f0dac,
+    0x4ce316ed, 0x5cb486e1, 0x32389da0, 0x81acb063, 0xef20ab22,
+    0x3df5eda4, 0x5379f6e5, 0xe0eddb26, 0x8e61c067, 0xc042fb3e,
+    0xaecee07f, 0x1d5acdbc, 0x73d6d6fd, 0xa103907b, 0xcf8f8b3a,
+    0x7c1ba6f9, 0x1297bdb8, 0x02c02db4, 0x6c4c36f5, 0xdfd81b36,
+    0xb1540077, 0x638146f1, 0x0d0d5db0, 0xbe997073, 0xd0156b32,
+    0x22df06c1, 0x4c531d80, 0xffc73043, 0x914b2b02, 0x439e6d84,
+    0x2d1276c5, 0x9e865b06, 0xf00a4047, 0xe05dd04b, 0x8ed1cb0a,
+    0x3d45e6c9, 0x53c9fd88, 0x811cbb0e, 0xef90a04f, 0x5c048d8c,
+    0x328896cd, 0x7cabad94, 0x1227b6d5, 0xa1b39b16, 0xcf3f8057,
+    0x1deac6d1, 0x7366dd90, 0xc0f2f053, 0xae7eeb12, 0xbe297b1e,
+    0xd0a5605f, 0x63314d9c, 0x0dbd56dd, 0xdf68105b, 0xb1e40b1a,
+    0x027026d9, 0x6cfc3d98, 0x3c95fb7e, 0x5219e03f, 0xe18dcdfc,
+    0x8f01d6bd, 0x5dd4903b, 0x33588b7a, 0x80cca6b9, 0xee40bdf8,
+    0xfe172df4, 0x909b36b5, 0x230f1b76, 0x4d830037, 0x9f5646b1,
+    0xf1da5df0, 0x424e7033, 0x2cc26b72, 0x62e1502b, 0x0c6d4b6a,
+    0xbff966a9, 0xd1757de8, 0x03a03b6e, 0x6d2c202f, 0xdeb80dec,
+    0xb03416ad, 0xa06386a1, 0xceef9de0, 0x7d7bb023, 0x13f7ab62,
+    0xc122ede4, 0xafaef6a5, 0x1c3adb66, 0x72b6c027, 0x807cadd4,
+    0xeef0b695, 0x5d649b56, 0x33e88017, 0xe13dc691, 0x8fb1ddd0,
+    0x3c25f013, 0x52a9eb52, 0x42fe7b5e, 0x2c72601f, 0x9fe64ddc,
+    0xf16a569d, 0x23bf101b, 0x4d330b5a, 0xfea72699, 0x902b3dd8,
+    0xde080681, 0xb0841dc0, 0x03103003, 0x6d9c2b42, 0xbf496dc4,
+    0xd1c57685, 0x62515b46, 0x0cdd4007, 0x1c8ad00b, 0x7206cb4a,
+    0xc192e689, 0xaf1efdc8, 0x7dcbbb4e, 0x1347a00f, 0xa0d38dcc,
+    0xce5f968d},
+   {0x00000000, 0xe71da697, 0x154a4b6f, 0xf257edf8, 0x2a9496de,
+    0xcd893049, 0x3fdeddb1, 0xd8c37b26, 0x55292dbc, 0xb2348b2b,
+    0x406366d3, 0xa77ec044, 0x7fbdbb62, 0x98a01df5, 0x6af7f00d,
+    0x8dea569a, 0xaa525b78, 0x4d4ffdef, 0xbf181017, 0x5805b680,
+    0x80c6cda6, 0x67db6b31, 0x958c86c9, 0x7291205e, 0xff7b76c4,
+    0x1866d053, 0xea313dab, 0x0d2c9b3c, 0xd5efe01a, 0x32f2468d,
+    0xc0a5ab75, 0x27b80de2, 0x8fd5b0b1, 0x68c81626, 0x9a9ffbde,
+    0x7d825d49, 0xa541266f, 0x425c80f8, 0xb00b6d00, 0x5716cb97,
+    0xdafc9d0d, 0x3de13b9a, 0xcfb6d662, 0x28ab70f5, 0xf0680bd3,
+    0x1775ad44, 0xe52240bc, 0x023fe62b, 0x2587ebc9, 0xc29a4d5e,
+    0x30cda0a6, 0xd7d00631, 0x0f137d17, 0xe80edb80, 0x1a593678,
+    0xfd4490ef, 0x70aec675, 0x97b360e2, 0x65e48d1a, 0x82f92b8d,
+    0x5a3a50ab, 0xbd27f63c, 0x4f701bc4, 0xa86dbd53, 0xc4da6723,
+    0x23c7c1b4, 0xd1902c4c, 0x368d8adb, 0xee4ef1fd, 0x0953576a,
+    0xfb04ba92, 0x1c191c05, 0x91f34a9f, 0x76eeec08, 0x84b901f0,
+    0x63a4a767, 0xbb67dc41, 0x5c7a7ad6, 0xae2d972e, 0x493031b9,
+    0x6e883c5b, 0x89959acc, 0x7bc27734, 0x9cdfd1a3, 0x441caa85,
+    0xa3010c12, 0x5156e1ea, 0xb64b477d, 0x3ba111e7, 0xdcbcb770,
+    0x2eeb5a88, 0xc9f6fc1f, 0x11358739, 0xf62821ae, 0x047fcc56,
+    0xe3626ac1, 0x4b0fd792, 0xac127105, 0x5e459cfd, 0xb9583a6a,
+    0x619b414c, 0x8686e7db, 0x74d10a23, 0x93ccacb4, 0x1e26fa2e,
+    0xf93b5cb9, 0x0b6cb141, 0xec7117d6, 0x34b26cf0, 0xd3afca67,
+    0x21f8279f, 0xc6e58108, 0xe15d8cea, 0x06402a7d, 0xf417c785,
+    0x130a6112, 0xcbc91a34, 0x2cd4bca3, 0xde83515b, 0x399ef7cc,
+    0xb474a156, 0x536907c1, 0xa13eea39, 0x46234cae, 0x9ee03788,
+    0x79fd911f, 0x8baa7ce7, 0x6cb7da70, 0x52c5c807, 0xb5d86e90,
+    0x478f8368, 0xa09225ff, 0x78515ed9, 0x9f4cf84e, 0x6d1b15b6,
+    0x8a06b321, 0x07ece5bb, 0xe0f1432c, 0x12a6aed4, 0xf5bb0843,
+    0x2d787365, 0xca65d5f2, 0x3832380a, 0xdf2f9e9d, 0xf897937f,
+    0x1f8a35e8, 0xedddd810, 0x0ac07e87, 0xd20305a1, 0x351ea336,
+    0xc7494ece, 0x2054e859, 0xadbebec3, 0x4aa31854, 0xb8f4f5ac,
+    0x5fe9533b, 0x872a281d, 0x60378e8a, 0x92606372, 0x757dc5e5,
+    0xdd1078b6, 0x3a0dde21, 0xc85a33d9, 0x2f47954e, 0xf784ee68,
+    0x109948ff, 0xe2cea507, 0x05d30390, 0x8839550a, 0x6f24f39d,
+    0x9d731e65, 0x7a6eb8f2, 0xa2adc3d4, 0x45b06543, 0xb7e788bb,
+    0x50fa2e2c, 0x774223ce, 0x905f8559, 0x620868a1, 0x8515ce36,
+    0x5dd6b510, 0xbacb1387, 0x489cfe7f, 0xaf8158e8, 0x226b0e72,
+    0xc576a8e5, 0x3721451d, 0xd03ce38a, 0x08ff98ac, 0xefe23e3b,
+    0x1db5d3c3, 0xfaa87554, 0x961faf24, 0x710209b3, 0x8355e44b,
+    0x644842dc, 0xbc8b39fa, 0x5b969f6d, 0xa9c17295, 0x4edcd402,
+    0xc3368298, 0x242b240f, 0xd67cc9f7, 0x31616f60, 0xe9a21446,
+    0x0ebfb2d1, 0xfce85f29, 0x1bf5f9be, 0x3c4df45c, 0xdb5052cb,
+    0x2907bf33, 0xce1a19a4, 0x16d96282, 0xf1c4c415, 0x039329ed,
+    0xe48e8f7a, 0x6964d9e0, 0x8e797f77, 0x7c2e928f, 0x9b333418,
+    0x43f04f3e, 0xa4ede9a9, 0x56ba0451, 0xb1a7a2c6, 0x19ca1f95,
+    0xfed7b902, 0x0c8054fa, 0xeb9df26d, 0x335e894b, 0xd4432fdc,
+    0x2614c224, 0xc10964b3, 0x4ce33229, 0xabfe94be, 0x59a97946,
+    0xbeb4dfd1, 0x6677a4f7, 0x816a0260, 0x733def98, 0x9420490f,
+    0xb39844ed, 0x5485e27a, 0xa6d20f82, 0x41cfa915, 0x990cd233,
+    0x7e1174a4, 0x8c46995c, 0x6b5b3fcb, 0xe6b16951, 0x01accfc6,
+    0xf3fb223e, 0x14e684a9, 0xcc25ff8f, 0x2b385918, 0xd96fb4e0,
+    0x3e721277},
+   {0x00000000, 0xa58b900e, 0x9066265d, 0x35edb653, 0xfbbd4afb,
+    0x5e36daf5, 0x6bdb6ca6, 0xce50fca8, 0x2c0b93b7, 0x898003b9,
+    0xbc6db5ea, 0x19e625e4, 0xd7b6d94c, 0x723d4942, 0x47d0ff11,
+    0xe25b6f1f, 0x5817276e, 0xfd9cb760, 0xc8710133, 0x6dfa913d,
+    0xa3aa6d95, 0x0621fd9b, 0x33cc4bc8, 0x9647dbc6, 0x741cb4d9,
+    0xd19724d7, 0xe47a9284, 0x41f1028a, 0x8fa1fe22, 0x2a2a6e2c,
+    0x1fc7d87f, 0xba4c4871, 0xb02e4edc, 0x15a5ded2, 0x20486881,
+    0x85c3f88f, 0x4b930427, 0xee189429, 0xdbf5227a, 0x7e7eb274,
+    0x9c25dd6b, 0x39ae4d65, 0x0c43fb36, 0xa9c86b38, 0x67989790,
+    0xc213079e, 0xf7feb1cd, 0x527521c3, 0xe83969b2, 0x4db2f9bc,
+    0x785f4fef, 0xddd4dfe1, 0x13842349, 0xb60fb347, 0x83e20514,
+    0x2669951a, 0xc432fa05, 0x61b96a0b, 0x5454dc58, 0xf1df4c56,
+    0x3f8fb0fe, 0x9a0420f0, 0xafe996a3, 0x0a6206ad, 0xbb2d9bf9,
+    0x1ea60bf7, 0x2b4bbda4, 0x8ec02daa, 0x4090d102, 0xe51b410c,
+    0xd0f6f75f, 0x757d6751, 0x9726084e, 0x32ad9840, 0x07402e13,
+    0xa2cbbe1d, 0x6c9b42b5, 0xc910d2bb, 0xfcfd64e8, 0x5976f4e6,
+    0xe33abc97, 0x46b12c99, 0x735c9aca, 0xd6d70ac4, 0x1887f66c,
+    0xbd0c6662, 0x88e1d031, 0x2d6a403f, 0xcf312f20, 0x6ababf2e,
+    0x5f57097d, 0xfadc9973, 0x348c65db, 0x9107f5d5, 0xa4ea4386,
+    0x0161d388, 0x0b03d525, 0xae88452b, 0x9b65f378, 0x3eee6376,
+    0xf0be9fde, 0x55350fd0, 0x60d8b983, 0xc553298d, 0x27084692,
+    0x8283d69c, 0xb76e60cf, 0x12e5f0c1, 0xdcb50c69, 0x793e9c67,
+    0x4cd32a34, 0xe958ba3a, 0x5314f24b, 0xf69f6245, 0xc372d416,
+    0x66f94418, 0xa8a9b8b0, 0x0d2228be, 0x38cf9eed, 0x9d440ee3,
+    0x7f1f61fc, 0xda94f1f2, 0xef7947a1, 0x4af2d7af, 0x84a22b07,
+    0x2129bb09, 0x14c40d5a, 0xb14f9d54, 0xad2a31b3, 0x08a1a1bd,
+    0x3d4c17ee, 0x98c787e0, 0x56977b48, 0xf31ceb46, 0xc6f15d15,
+    0x637acd1b, 0x8121a204, 0x24aa320a, 0x11478459, 0xb4cc1457,
+    0x7a9ce8ff, 0xdf1778f1, 0xeafacea2, 0x4f715eac, 0xf53d16dd,
+    0x50b686d3, 0x655b3080, 0xc0d0a08e, 0x0e805c26, 0xab0bcc28,
+    0x9ee67a7b, 0x3b6dea75, 0xd936856a, 0x7cbd1564, 0x4950a337,
+    0xecdb3339, 0x228bcf91, 0x87005f9f, 0xb2ede9cc, 0x176679c2,
+    0x1d047f6f, 0xb88fef61, 0x8d625932, 0x28e9c93c, 0xe6b93594,
+    0x4332a59a, 0x76df13c9, 0xd35483c7, 0x310fecd8, 0x94847cd6,
+    0xa169ca85, 0x04e25a8b, 0xcab2a623, 0x6f39362d, 0x5ad4807e,
+    0xff5f1070, 0x45135801, 0xe098c80f, 0xd5757e5c, 0x70feee52,
+    0xbeae12fa, 0x1b2582f4, 0x2ec834a7, 0x8b43a4a9, 0x6918cbb6,
+    0xcc935bb8, 0xf97eedeb, 0x5cf57de5, 0x92a5814d, 0x372e1143,
+    0x02c3a710, 0xa748371e, 0x1607aa4a, 0xb38c3a44, 0x86618c17,
+    0x23ea1c19, 0xedbae0b1, 0x483170bf, 0x7ddcc6ec, 0xd85756e2,
+    0x3a0c39fd, 0x9f87a9f3, 0xaa6a1fa0, 0x0fe18fae, 0xc1b17306,
+    0x643ae308, 0x51d7555b, 0xf45cc555, 0x4e108d24, 0xeb9b1d2a,
+    0xde76ab79, 0x7bfd3b77, 0xb5adc7df, 0x102657d1, 0x25cbe182,
+    0x8040718c, 0x621b1e93, 0xc7908e9d, 0xf27d38ce, 0x57f6a8c0,
+    0x99a65468, 0x3c2dc466, 0x09c07235, 0xac4be23b, 0xa629e496,
+    0x03a27498, 0x364fc2cb, 0x93c452c5, 0x5d94ae6d, 0xf81f3e63,
+    0xcdf28830, 0x6879183e, 0x8a227721, 0x2fa9e72f, 0x1a44517c,
+    0xbfcfc172, 0x719f3dda, 0xd414add4, 0xe1f91b87, 0x44728b89,
+    0xfe3ec3f8, 0x5bb553f6, 0x6e58e5a5, 0xcbd375ab, 0x05838903,
+    0xa008190d, 0x95e5af5e, 0x306e3f50, 0xd235504f, 0x77bec041,
+    0x42537612, 0xe7d8e61c, 0x29881ab4, 0x8c038aba, 0xb9ee3ce9,
+    0x1c65ace7}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x0e908ba500000000, 0x5d26669000000000,
+    0x53b6ed3500000000, 0xfb4abdfb00000000, 0xf5da365e00000000,
+    0xa66cdb6b00000000, 0xa8fc50ce00000000, 0xb7930b2c00000000,
+    0xb903808900000000, 0xeab56dbc00000000, 0xe425e61900000000,
+    0x4cd9b6d700000000, 0x42493d7200000000, 0x11ffd04700000000,
+    0x1f6f5be200000000, 0x6e27175800000000, 0x60b79cfd00000000,
+    0x330171c800000000, 0x3d91fa6d00000000, 0x956daaa300000000,
+    0x9bfd210600000000, 0xc84bcc3300000000, 0xc6db479600000000,
+    0xd9b41c7400000000, 0xd72497d100000000, 0x84927ae400000000,
+    0x8a02f14100000000, 0x22fea18f00000000, 0x2c6e2a2a00000000,
+    0x7fd8c71f00000000, 0x71484cba00000000, 0xdc4e2eb000000000,
+    0xd2dea51500000000, 0x8168482000000000, 0x8ff8c38500000000,
+    0x2704934b00000000, 0x299418ee00000000, 0x7a22f5db00000000,
+    0x74b27e7e00000000, 0x6bdd259c00000000, 0x654dae3900000000,
+    0x36fb430c00000000, 0x386bc8a900000000, 0x9097986700000000,
+    0x9e0713c200000000, 0xcdb1fef700000000, 0xc321755200000000,
+    0xb26939e800000000, 0xbcf9b24d00000000, 0xef4f5f7800000000,
+    0xe1dfd4dd00000000, 0x4923841300000000, 0x47b30fb600000000,
+    0x1405e28300000000, 0x1a95692600000000, 0x05fa32c400000000,
+    0x0b6ab96100000000, 0x58dc545400000000, 0x564cdff100000000,
+    0xfeb08f3f00000000, 0xf020049a00000000, 0xa396e9af00000000,
+    0xad06620a00000000, 0xf99b2dbb00000000, 0xf70ba61e00000000,
+    0xa4bd4b2b00000000, 0xaa2dc08e00000000, 0x02d1904000000000,
+    0x0c411be500000000, 0x5ff7f6d000000000, 0x51677d7500000000,
+    0x4e08269700000000, 0x4098ad3200000000, 0x132e400700000000,
+    0x1dbecba200000000, 0xb5429b6c00000000, 0xbbd210c900000000,
+    0xe864fdfc00000000, 0xe6f4765900000000, 0x97bc3ae300000000,
+    0x992cb14600000000, 0xca9a5c7300000000, 0xc40ad7d600000000,
+    0x6cf6871800000000, 0x62660cbd00000000, 0x31d0e18800000000,
+    0x3f406a2d00000000, 0x202f31cf00000000, 0x2ebfba6a00000000,
+    0x7d09575f00000000, 0x7399dcfa00000000, 0xdb658c3400000000,
+    0xd5f5079100000000, 0x8643eaa400000000, 0x88d3610100000000,
+    0x25d5030b00000000, 0x2b4588ae00000000, 0x78f3659b00000000,
+    0x7663ee3e00000000, 0xde9fbef000000000, 0xd00f355500000000,
+    0x83b9d86000000000, 0x8d2953c500000000, 0x9246082700000000,
+    0x9cd6838200000000, 0xcf606eb700000000, 0xc1f0e51200000000,
+    0x690cb5dc00000000, 0x679c3e7900000000, 0x342ad34c00000000,
+    0x3aba58e900000000, 0x4bf2145300000000, 0x45629ff600000000,
+    0x16d472c300000000, 0x1844f96600000000, 0xb0b8a9a800000000,
+    0xbe28220d00000000, 0xed9ecf3800000000, 0xe30e449d00000000,
+    0xfc611f7f00000000, 0xf2f194da00000000, 0xa14779ef00000000,
+    0xafd7f24a00000000, 0x072ba28400000000, 0x09bb292100000000,
+    0x5a0dc41400000000, 0x549d4fb100000000, 0xb3312aad00000000,
+    0xbda1a10800000000, 0xee174c3d00000000, 0xe087c79800000000,
+    0x487b975600000000, 0x46eb1cf300000000, 0x155df1c600000000,
+    0x1bcd7a6300000000, 0x04a2218100000000, 0x0a32aa2400000000,
+    0x5984471100000000, 0x5714ccb400000000, 0xffe89c7a00000000,
+    0xf17817df00000000, 0xa2cefaea00000000, 0xac5e714f00000000,
+    0xdd163df500000000, 0xd386b65000000000, 0x80305b6500000000,
+    0x8ea0d0c000000000, 0x265c800e00000000, 0x28cc0bab00000000,
+    0x7b7ae69e00000000, 0x75ea6d3b00000000, 0x6a8536d900000000,
+    0x6415bd7c00000000, 0x37a3504900000000, 0x3933dbec00000000,
+    0x91cf8b2200000000, 0x9f5f008700000000, 0xcce9edb200000000,
+    0xc279661700000000, 0x6f7f041d00000000, 0x61ef8fb800000000,
+    0x3259628d00000000, 0x3cc9e92800000000, 0x9435b9e600000000,
+    0x9aa5324300000000, 0xc913df7600000000, 0xc78354d300000000,
+    0xd8ec0f3100000000, 0xd67c849400000000, 0x85ca69a100000000,
+    0x8b5ae20400000000, 0x23a6b2ca00000000, 0x2d36396f00000000,
+    0x7e80d45a00000000, 0x70105fff00000000, 0x0158134500000000,
+    0x0fc898e000000000, 0x5c7e75d500000000, 0x52eefe7000000000,
+    0xfa12aebe00000000, 0xf482251b00000000, 0xa734c82e00000000,
+    0xa9a4438b00000000, 0xb6cb186900000000, 0xb85b93cc00000000,
+    0xebed7ef900000000, 0xe57df55c00000000, 0x4d81a59200000000,
+    0x43112e3700000000, 0x10a7c30200000000, 0x1e3748a700000000,
+    0x4aaa071600000000, 0x443a8cb300000000, 0x178c618600000000,
+    0x191cea2300000000, 0xb1e0baed00000000, 0xbf70314800000000,
+    0xecc6dc7d00000000, 0xe25657d800000000, 0xfd390c3a00000000,
+    0xf3a9879f00000000, 0xa01f6aaa00000000, 0xae8fe10f00000000,
+    0x0673b1c100000000, 0x08e33a6400000000, 0x5b55d75100000000,
+    0x55c55cf400000000, 0x248d104e00000000, 0x2a1d9beb00000000,
+    0x79ab76de00000000, 0x773bfd7b00000000, 0xdfc7adb500000000,
+    0xd157261000000000, 0x82e1cb2500000000, 0x8c71408000000000,
+    0x931e1b6200000000, 0x9d8e90c700000000, 0xce387df200000000,
+    0xc0a8f65700000000, 0x6854a69900000000, 0x66c42d3c00000000,
+    0x3572c00900000000, 0x3be24bac00000000, 0x96e429a600000000,
+    0x9874a20300000000, 0xcbc24f3600000000, 0xc552c49300000000,
+    0x6dae945d00000000, 0x633e1ff800000000, 0x3088f2cd00000000,
+    0x3e18796800000000, 0x2177228a00000000, 0x2fe7a92f00000000,
+    0x7c51441a00000000, 0x72c1cfbf00000000, 0xda3d9f7100000000,
+    0xd4ad14d400000000, 0x871bf9e100000000, 0x898b724400000000,
+    0xf8c33efe00000000, 0xf653b55b00000000, 0xa5e5586e00000000,
+    0xab75d3cb00000000, 0x0389830500000000, 0x0d1908a000000000,
+    0x5eafe59500000000, 0x503f6e3000000000, 0x4f5035d200000000,
+    0x41c0be7700000000, 0x1276534200000000, 0x1ce6d8e700000000,
+    0xb41a882900000000, 0xba8a038c00000000, 0xe93ceeb900000000,
+    0xe7ac651c00000000},
+   {0x0000000000000000, 0x97a61de700000000, 0x6f4b4a1500000000,
+    0xf8ed57f200000000, 0xde96942a00000000, 0x493089cd00000000,
+    0xb1ddde3f00000000, 0x267bc3d800000000, 0xbc2d295500000000,
+    0x2b8b34b200000000, 0xd366634000000000, 0x44c07ea700000000,
+    0x62bbbd7f00000000, 0xf51da09800000000, 0x0df0f76a00000000,
+    0x9a56ea8d00000000, 0x785b52aa00000000, 0xeffd4f4d00000000,
+    0x171018bf00000000, 0x80b6055800000000, 0xa6cdc68000000000,
+    0x316bdb6700000000, 0xc9868c9500000000, 0x5e20917200000000,
+    0xc4767bff00000000, 0x53d0661800000000, 0xab3d31ea00000000,
+    0x3c9b2c0d00000000, 0x1ae0efd500000000, 0x8d46f23200000000,
+    0x75aba5c000000000, 0xe20db82700000000, 0xb1b0d58f00000000,
+    0x2616c86800000000, 0xdefb9f9a00000000, 0x495d827d00000000,
+    0x6f2641a500000000, 0xf8805c4200000000, 0x006d0bb000000000,
+    0x97cb165700000000, 0x0d9dfcda00000000, 0x9a3be13d00000000,
+    0x62d6b6cf00000000, 0xf570ab2800000000, 0xd30b68f000000000,
+    0x44ad751700000000, 0xbc4022e500000000, 0x2be63f0200000000,
+    0xc9eb872500000000, 0x5e4d9ac200000000, 0xa6a0cd3000000000,
+    0x3106d0d700000000, 0x177d130f00000000, 0x80db0ee800000000,
+    0x7836591a00000000, 0xef9044fd00000000, 0x75c6ae7000000000,
+    0xe260b39700000000, 0x1a8de46500000000, 0x8d2bf98200000000,
+    0xab503a5a00000000, 0x3cf627bd00000000, 0xc41b704f00000000,
+    0x53bd6da800000000, 0x2367dac400000000, 0xb4c1c72300000000,
+    0x4c2c90d100000000, 0xdb8a8d3600000000, 0xfdf14eee00000000,
+    0x6a57530900000000, 0x92ba04fb00000000, 0x051c191c00000000,
+    0x9f4af39100000000, 0x08ecee7600000000, 0xf001b98400000000,
+    0x67a7a46300000000, 0x41dc67bb00000000, 0xd67a7a5c00000000,
+    0x2e972dae00000000, 0xb931304900000000, 0x5b3c886e00000000,
+    0xcc9a958900000000, 0x3477c27b00000000, 0xa3d1df9c00000000,
+    0x85aa1c4400000000, 0x120c01a300000000, 0xeae1565100000000,
+    0x7d474bb600000000, 0xe711a13b00000000, 0x70b7bcdc00000000,
+    0x885aeb2e00000000, 0x1ffcf6c900000000, 0x3987351100000000,
+    0xae2128f600000000, 0x56cc7f0400000000, 0xc16a62e300000000,
+    0x92d70f4b00000000, 0x057112ac00000000, 0xfd9c455e00000000,
+    0x6a3a58b900000000, 0x4c419b6100000000, 0xdbe7868600000000,
+    0x230ad17400000000, 0xb4accc9300000000, 0x2efa261e00000000,
+    0xb95c3bf900000000, 0x41b16c0b00000000, 0xd61771ec00000000,
+    0xf06cb23400000000, 0x67caafd300000000, 0x9f27f82100000000,
+    0x0881e5c600000000, 0xea8c5de100000000, 0x7d2a400600000000,
+    0x85c717f400000000, 0x12610a1300000000, 0x341ac9cb00000000,
+    0xa3bcd42c00000000, 0x5b5183de00000000, 0xccf79e3900000000,
+    0x56a174b400000000, 0xc107695300000000, 0x39ea3ea100000000,
+    0xae4c234600000000, 0x8837e09e00000000, 0x1f91fd7900000000,
+    0xe77caa8b00000000, 0x70dab76c00000000, 0x07c8c55200000000,
+    0x906ed8b500000000, 0x68838f4700000000, 0xff2592a000000000,
+    0xd95e517800000000, 0x4ef84c9f00000000, 0xb6151b6d00000000,
+    0x21b3068a00000000, 0xbbe5ec0700000000, 0x2c43f1e000000000,
+    0xd4aea61200000000, 0x4308bbf500000000, 0x6573782d00000000,
+    0xf2d565ca00000000, 0x0a38323800000000, 0x9d9e2fdf00000000,
+    0x7f9397f800000000, 0xe8358a1f00000000, 0x10d8dded00000000,
+    0x877ec00a00000000, 0xa10503d200000000, 0x36a31e3500000000,
+    0xce4e49c700000000, 0x59e8542000000000, 0xc3bebead00000000,
+    0x5418a34a00000000, 0xacf5f4b800000000, 0x3b53e95f00000000,
+    0x1d282a8700000000, 0x8a8e376000000000, 0x7263609200000000,
+    0xe5c57d7500000000, 0xb67810dd00000000, 0x21de0d3a00000000,
+    0xd9335ac800000000, 0x4e95472f00000000, 0x68ee84f700000000,
+    0xff48991000000000, 0x07a5cee200000000, 0x9003d30500000000,
+    0x0a55398800000000, 0x9df3246f00000000, 0x651e739d00000000,
+    0xf2b86e7a00000000, 0xd4c3ada200000000, 0x4365b04500000000,
+    0xbb88e7b700000000, 0x2c2efa5000000000, 0xce23427700000000,
+    0x59855f9000000000, 0xa168086200000000, 0x36ce158500000000,
+    0x10b5d65d00000000, 0x8713cbba00000000, 0x7ffe9c4800000000,
+    0xe85881af00000000, 0x720e6b2200000000, 0xe5a876c500000000,
+    0x1d45213700000000, 0x8ae33cd000000000, 0xac98ff0800000000,
+    0x3b3ee2ef00000000, 0xc3d3b51d00000000, 0x5475a8fa00000000,
+    0x24af1f9600000000, 0xb309027100000000, 0x4be4558300000000,
+    0xdc42486400000000, 0xfa398bbc00000000, 0x6d9f965b00000000,
+    0x9572c1a900000000, 0x02d4dc4e00000000, 0x988236c300000000,
+    0x0f242b2400000000, 0xf7c97cd600000000, 0x606f613100000000,
+    0x4614a2e900000000, 0xd1b2bf0e00000000, 0x295fe8fc00000000,
+    0xbef9f51b00000000, 0x5cf44d3c00000000, 0xcb5250db00000000,
+    0x33bf072900000000, 0xa4191ace00000000, 0x8262d91600000000,
+    0x15c4c4f100000000, 0xed29930300000000, 0x7a8f8ee400000000,
+    0xe0d9646900000000, 0x777f798e00000000, 0x8f922e7c00000000,
+    0x1834339b00000000, 0x3e4ff04300000000, 0xa9e9eda400000000,
+    0x5104ba5600000000, 0xc6a2a7b100000000, 0x951fca1900000000,
+    0x02b9d7fe00000000, 0xfa54800c00000000, 0x6df29deb00000000,
+    0x4b895e3300000000, 0xdc2f43d400000000, 0x24c2142600000000,
+    0xb36409c100000000, 0x2932e34c00000000, 0xbe94feab00000000,
+    0x4679a95900000000, 0xd1dfb4be00000000, 0xf7a4776600000000,
+    0x60026a8100000000, 0x98ef3d7300000000, 0x0f49209400000000,
+    0xed4498b300000000, 0x7ae2855400000000, 0x820fd2a600000000,
+    0x15a9cf4100000000, 0x33d20c9900000000, 0xa474117e00000000,
+    0x5c99468c00000000, 0xcb3f5b6b00000000, 0x5169b1e600000000,
+    0xc6cfac0100000000, 0x3e22fbf300000000, 0xa984e61400000000,
+    0x8fff25cc00000000, 0x1859382b00000000, 0xe0b46fd900000000,
+    0x7712723e00000000},
+   {0x0000000000000000, 0x411b8c6e00000000, 0x823618dd00000000,
+    0xc32d94b300000000, 0x456b416100000000, 0x0470cd0f00000000,
+    0xc75d59bc00000000, 0x8646d5d200000000, 0x8ad682c200000000,
+    0xcbcd0eac00000000, 0x08e09a1f00000000, 0x49fb167100000000,
+    0xcfbdc3a300000000, 0x8ea64fcd00000000, 0x4d8bdb7e00000000,
+    0x0c90571000000000, 0x55ab745e00000000, 0x14b0f83000000000,
+    0xd79d6c8300000000, 0x9686e0ed00000000, 0x10c0353f00000000,
+    0x51dbb95100000000, 0x92f62de200000000, 0xd3eda18c00000000,
+    0xdf7df69c00000000, 0x9e667af200000000, 0x5d4bee4100000000,
+    0x1c50622f00000000, 0x9a16b7fd00000000, 0xdb0d3b9300000000,
+    0x1820af2000000000, 0x593b234e00000000, 0xaa56e9bc00000000,
+    0xeb4d65d200000000, 0x2860f16100000000, 0x697b7d0f00000000,
+    0xef3da8dd00000000, 0xae2624b300000000, 0x6d0bb00000000000,
+    0x2c103c6e00000000, 0x20806b7e00000000, 0x619be71000000000,
+    0xa2b673a300000000, 0xe3adffcd00000000, 0x65eb2a1f00000000,
+    0x24f0a67100000000, 0xe7dd32c200000000, 0xa6c6beac00000000,
+    0xfffd9de200000000, 0xbee6118c00000000, 0x7dcb853f00000000,
+    0x3cd0095100000000, 0xba96dc8300000000, 0xfb8d50ed00000000,
+    0x38a0c45e00000000, 0x79bb483000000000, 0x752b1f2000000000,
+    0x3430934e00000000, 0xf71d07fd00000000, 0xb6068b9300000000,
+    0x30405e4100000000, 0x715bd22f00000000, 0xb276469c00000000,
+    0xf36dcaf200000000, 0x15aba3a200000000, 0x54b02fcc00000000,
+    0x979dbb7f00000000, 0xd686371100000000, 0x50c0e2c300000000,
+    0x11db6ead00000000, 0xd2f6fa1e00000000, 0x93ed767000000000,
+    0x9f7d216000000000, 0xde66ad0e00000000, 0x1d4b39bd00000000,
+    0x5c50b5d300000000, 0xda16600100000000, 0x9b0dec6f00000000,
+    0x582078dc00000000, 0x193bf4b200000000, 0x4000d7fc00000000,
+    0x011b5b9200000000, 0xc236cf2100000000, 0x832d434f00000000,
+    0x056b969d00000000, 0x44701af300000000, 0x875d8e4000000000,
+    0xc646022e00000000, 0xcad6553e00000000, 0x8bcdd95000000000,
+    0x48e04de300000000, 0x09fbc18d00000000, 0x8fbd145f00000000,
+    0xcea6983100000000, 0x0d8b0c8200000000, 0x4c9080ec00000000,
+    0xbffd4a1e00000000, 0xfee6c67000000000, 0x3dcb52c300000000,
+    0x7cd0dead00000000, 0xfa960b7f00000000, 0xbb8d871100000000,
+    0x78a013a200000000, 0x39bb9fcc00000000, 0x352bc8dc00000000,
+    0x743044b200000000, 0xb71dd00100000000, 0xf6065c6f00000000,
+    0x704089bd00000000, 0x315b05d300000000, 0xf276916000000000,
+    0xb36d1d0e00000000, 0xea563e4000000000, 0xab4db22e00000000,
+    0x6860269d00000000, 0x297baaf300000000, 0xaf3d7f2100000000,
+    0xee26f34f00000000, 0x2d0b67fc00000000, 0x6c10eb9200000000,
+    0x6080bc8200000000, 0x219b30ec00000000, 0xe2b6a45f00000000,
+    0xa3ad283100000000, 0x25ebfde300000000, 0x64f0718d00000000,
+    0xa7dde53e00000000, 0xe6c6695000000000, 0x6b50369e00000000,
+    0x2a4bbaf000000000, 0xe9662e4300000000, 0xa87da22d00000000,
+    0x2e3b77ff00000000, 0x6f20fb9100000000, 0xac0d6f2200000000,
+    0xed16e34c00000000, 0xe186b45c00000000, 0xa09d383200000000,
+    0x63b0ac8100000000, 0x22ab20ef00000000, 0xa4edf53d00000000,
+    0xe5f6795300000000, 0x26dbede000000000, 0x67c0618e00000000,
+    0x3efb42c000000000, 0x7fe0ceae00000000, 0xbccd5a1d00000000,
+    0xfdd6d67300000000, 0x7b9003a100000000, 0x3a8b8fcf00000000,
+    0xf9a61b7c00000000, 0xb8bd971200000000, 0xb42dc00200000000,
+    0xf5364c6c00000000, 0x361bd8df00000000, 0x770054b100000000,
+    0xf146816300000000, 0xb05d0d0d00000000, 0x737099be00000000,
+    0x326b15d000000000, 0xc106df2200000000, 0x801d534c00000000,
+    0x4330c7ff00000000, 0x022b4b9100000000, 0x846d9e4300000000,
+    0xc576122d00000000, 0x065b869e00000000, 0x47400af000000000,
+    0x4bd05de000000000, 0x0acbd18e00000000, 0xc9e6453d00000000,
+    0x88fdc95300000000, 0x0ebb1c8100000000, 0x4fa090ef00000000,
+    0x8c8d045c00000000, 0xcd96883200000000, 0x94adab7c00000000,
+    0xd5b6271200000000, 0x169bb3a100000000, 0x57803fcf00000000,
+    0xd1c6ea1d00000000, 0x90dd667300000000, 0x53f0f2c000000000,
+    0x12eb7eae00000000, 0x1e7b29be00000000, 0x5f60a5d000000000,
+    0x9c4d316300000000, 0xdd56bd0d00000000, 0x5b1068df00000000,
+    0x1a0be4b100000000, 0xd926700200000000, 0x983dfc6c00000000,
+    0x7efb953c00000000, 0x3fe0195200000000, 0xfccd8de100000000,
+    0xbdd6018f00000000, 0x3b90d45d00000000, 0x7a8b583300000000,
+    0xb9a6cc8000000000, 0xf8bd40ee00000000, 0xf42d17fe00000000,
+    0xb5369b9000000000, 0x761b0f2300000000, 0x3700834d00000000,
+    0xb146569f00000000, 0xf05ddaf100000000, 0x33704e4200000000,
+    0x726bc22c00000000, 0x2b50e16200000000, 0x6a4b6d0c00000000,
+    0xa966f9bf00000000, 0xe87d75d100000000, 0x6e3ba00300000000,
+    0x2f202c6d00000000, 0xec0db8de00000000, 0xad1634b000000000,
+    0xa18663a000000000, 0xe09defce00000000, 0x23b07b7d00000000,
+    0x62abf71300000000, 0xe4ed22c100000000, 0xa5f6aeaf00000000,
+    0x66db3a1c00000000, 0x27c0b67200000000, 0xd4ad7c8000000000,
+    0x95b6f0ee00000000, 0x569b645d00000000, 0x1780e83300000000,
+    0x91c63de100000000, 0xd0ddb18f00000000, 0x13f0253c00000000,
+    0x52eba95200000000, 0x5e7bfe4200000000, 0x1f60722c00000000,
+    0xdc4de69f00000000, 0x9d566af100000000, 0x1b10bf2300000000,
+    0x5a0b334d00000000, 0x9926a7fe00000000, 0xd83d2b9000000000,
+    0x810608de00000000, 0xc01d84b000000000, 0x0330100300000000,
+    0x422b9c6d00000000, 0xc46d49bf00000000, 0x8576c5d100000000,
+    0x465b516200000000, 0x0740dd0c00000000, 0x0bd08a1c00000000,
+    0x4acb067200000000, 0x89e692c100000000, 0xc8fd1eaf00000000,
+    0x4ebbcb7d00000000, 0x0fa0471300000000, 0xcc8dd3a000000000,
+    0x8d965fce00000000},
+   {0x0000000000000000, 0x1dfdb50100000000, 0x3afa6b0300000000,
+    0x2707de0200000000, 0x74f4d70600000000, 0x6909620700000000,
+    0x4e0ebc0500000000, 0x53f3090400000000, 0xe8e8af0d00000000,
+    0xf5151a0c00000000, 0xd212c40e00000000, 0xcfef710f00000000,
+    0x9c1c780b00000000, 0x81e1cd0a00000000, 0xa6e6130800000000,
+    0xbb1ba60900000000, 0xd0d15f1b00000000, 0xcd2cea1a00000000,
+    0xea2b341800000000, 0xf7d6811900000000, 0xa425881d00000000,
+    0xb9d83d1c00000000, 0x9edfe31e00000000, 0x8322561f00000000,
+    0x3839f01600000000, 0x25c4451700000000, 0x02c39b1500000000,
+    0x1f3e2e1400000000, 0x4ccd271000000000, 0x5130921100000000,
+    0x76374c1300000000, 0x6bcaf91200000000, 0xa0a3bf3600000000,
+    0xbd5e0a3700000000, 0x9a59d43500000000, 0x87a4613400000000,
+    0xd457683000000000, 0xc9aadd3100000000, 0xeead033300000000,
+    0xf350b63200000000, 0x484b103b00000000, 0x55b6a53a00000000,
+    0x72b17b3800000000, 0x6f4cce3900000000, 0x3cbfc73d00000000,
+    0x2142723c00000000, 0x0645ac3e00000000, 0x1bb8193f00000000,
+    0x7072e02d00000000, 0x6d8f552c00000000, 0x4a888b2e00000000,
+    0x57753e2f00000000, 0x0486372b00000000, 0x197b822a00000000,
+    0x3e7c5c2800000000, 0x2381e92900000000, 0x989a4f2000000000,
+    0x8567fa2100000000, 0xa260242300000000, 0xbf9d912200000000,
+    0xec6e982600000000, 0xf1932d2700000000, 0xd694f32500000000,
+    0xcb69462400000000, 0x40477f6d00000000, 0x5dbaca6c00000000,
+    0x7abd146e00000000, 0x6740a16f00000000, 0x34b3a86b00000000,
+    0x294e1d6a00000000, 0x0e49c36800000000, 0x13b4766900000000,
+    0xa8afd06000000000, 0xb552656100000000, 0x9255bb6300000000,
+    0x8fa80e6200000000, 0xdc5b076600000000, 0xc1a6b26700000000,
+    0xe6a16c6500000000, 0xfb5cd96400000000, 0x9096207600000000,
+    0x8d6b957700000000, 0xaa6c4b7500000000, 0xb791fe7400000000,
+    0xe462f77000000000, 0xf99f427100000000, 0xde989c7300000000,
+    0xc365297200000000, 0x787e8f7b00000000, 0x65833a7a00000000,
+    0x4284e47800000000, 0x5f79517900000000, 0x0c8a587d00000000,
+    0x1177ed7c00000000, 0x3670337e00000000, 0x2b8d867f00000000,
+    0xe0e4c05b00000000, 0xfd19755a00000000, 0xda1eab5800000000,
+    0xc7e31e5900000000, 0x9410175d00000000, 0x89eda25c00000000,
+    0xaeea7c5e00000000, 0xb317c95f00000000, 0x080c6f5600000000,
+    0x15f1da5700000000, 0x32f6045500000000, 0x2f0bb15400000000,
+    0x7cf8b85000000000, 0x61050d5100000000, 0x4602d35300000000,
+    0x5bff665200000000, 0x30359f4000000000, 0x2dc82a4100000000,
+    0x0acff44300000000, 0x1732414200000000, 0x44c1484600000000,
+    0x593cfd4700000000, 0x7e3b234500000000, 0x63c6964400000000,
+    0xd8dd304d00000000, 0xc520854c00000000, 0xe2275b4e00000000,
+    0xffdaee4f00000000, 0xac29e74b00000000, 0xb1d4524a00000000,
+    0x96d38c4800000000, 0x8b2e394900000000, 0x808efeda00000000,
+    0x9d734bdb00000000, 0xba7495d900000000, 0xa78920d800000000,
+    0xf47a29dc00000000, 0xe9879cdd00000000, 0xce8042df00000000,
+    0xd37df7de00000000, 0x686651d700000000, 0x759be4d600000000,
+    0x529c3ad400000000, 0x4f618fd500000000, 0x1c9286d100000000,
+    0x016f33d000000000, 0x2668edd200000000, 0x3b9558d300000000,
+    0x505fa1c100000000, 0x4da214c000000000, 0x6aa5cac200000000,
+    0x77587fc300000000, 0x24ab76c700000000, 0x3956c3c600000000,
+    0x1e511dc400000000, 0x03aca8c500000000, 0xb8b70ecc00000000,
+    0xa54abbcd00000000, 0x824d65cf00000000, 0x9fb0d0ce00000000,
+    0xcc43d9ca00000000, 0xd1be6ccb00000000, 0xf6b9b2c900000000,
+    0xeb4407c800000000, 0x202d41ec00000000, 0x3dd0f4ed00000000,
+    0x1ad72aef00000000, 0x072a9fee00000000, 0x54d996ea00000000,
+    0x492423eb00000000, 0x6e23fde900000000, 0x73de48e800000000,
+    0xc8c5eee100000000, 0xd5385be000000000, 0xf23f85e200000000,
+    0xefc230e300000000, 0xbc3139e700000000, 0xa1cc8ce600000000,
+    0x86cb52e400000000, 0x9b36e7e500000000, 0xf0fc1ef700000000,
+    0xed01abf600000000, 0xca0675f400000000, 0xd7fbc0f500000000,
+    0x8408c9f100000000, 0x99f57cf000000000, 0xbef2a2f200000000,
+    0xa30f17f300000000, 0x1814b1fa00000000, 0x05e904fb00000000,
+    0x22eedaf900000000, 0x3f136ff800000000, 0x6ce066fc00000000,
+    0x711dd3fd00000000, 0x561a0dff00000000, 0x4be7b8fe00000000,
+    0xc0c981b700000000, 0xdd3434b600000000, 0xfa33eab400000000,
+    0xe7ce5fb500000000, 0xb43d56b100000000, 0xa9c0e3b000000000,
+    0x8ec73db200000000, 0x933a88b300000000, 0x28212eba00000000,
+    0x35dc9bbb00000000, 0x12db45b900000000, 0x0f26f0b800000000,
+    0x5cd5f9bc00000000, 0x41284cbd00000000, 0x662f92bf00000000,
+    0x7bd227be00000000, 0x1018deac00000000, 0x0de56bad00000000,
+    0x2ae2b5af00000000, 0x371f00ae00000000, 0x64ec09aa00000000,
+    0x7911bcab00000000, 0x5e1662a900000000, 0x43ebd7a800000000,
+    0xf8f071a100000000, 0xe50dc4a000000000, 0xc20a1aa200000000,
+    0xdff7afa300000000, 0x8c04a6a700000000, 0x91f913a600000000,
+    0xb6fecda400000000, 0xab0378a500000000, 0x606a3e8100000000,
+    0x7d978b8000000000, 0x5a90558200000000, 0x476de08300000000,
+    0x149ee98700000000, 0x09635c8600000000, 0x2e64828400000000,
+    0x3399378500000000, 0x8882918c00000000, 0x957f248d00000000,
+    0xb278fa8f00000000, 0xaf854f8e00000000, 0xfc76468a00000000,
+    0xe18bf38b00000000, 0xc68c2d8900000000, 0xdb71988800000000,
+    0xb0bb619a00000000, 0xad46d49b00000000, 0x8a410a9900000000,
+    0x97bcbf9800000000, 0xc44fb69c00000000, 0xd9b2039d00000000,
+    0xfeb5dd9f00000000, 0xe348689e00000000, 0x5853ce9700000000,
+    0x45ae7b9600000000, 0x62a9a59400000000, 0x7f54109500000000,
+    0x2ca7199100000000, 0x315aac9000000000, 0x165d729200000000,
+    0x0ba0c79300000000},
+   {0x0000000000000000, 0x24d9076300000000, 0x48b20fc600000000,
+    0x6c6b08a500000000, 0xd1626e5700000000, 0xf5bb693400000000,
+    0x99d0619100000000, 0xbd0966f200000000, 0xa2c5dcae00000000,
+    0x861cdbcd00000000, 0xea77d36800000000, 0xceaed40b00000000,
+    0x73a7b2f900000000, 0x577eb59a00000000, 0x3b15bd3f00000000,
+    0x1fccba5c00000000, 0x058dc88600000000, 0x2154cfe500000000,
+    0x4d3fc74000000000, 0x69e6c02300000000, 0xd4efa6d100000000,
+    0xf036a1b200000000, 0x9c5da91700000000, 0xb884ae7400000000,
+    0xa748142800000000, 0x8391134b00000000, 0xeffa1bee00000000,
+    0xcb231c8d00000000, 0x762a7a7f00000000, 0x52f37d1c00000000,
+    0x3e9875b900000000, 0x1a4172da00000000, 0x4b1ce0d600000000,
+    0x6fc5e7b500000000, 0x03aeef1000000000, 0x2777e87300000000,
+    0x9a7e8e8100000000, 0xbea789e200000000, 0xd2cc814700000000,
+    0xf615862400000000, 0xe9d93c7800000000, 0xcd003b1b00000000,
+    0xa16b33be00000000, 0x85b234dd00000000, 0x38bb522f00000000,
+    0x1c62554c00000000, 0x70095de900000000, 0x54d05a8a00000000,
+    0x4e91285000000000, 0x6a482f3300000000, 0x0623279600000000,
+    0x22fa20f500000000, 0x9ff3460700000000, 0xbb2a416400000000,
+    0xd74149c100000000, 0xf3984ea200000000, 0xec54f4fe00000000,
+    0xc88df39d00000000, 0xa4e6fb3800000000, 0x803ffc5b00000000,
+    0x3d369aa900000000, 0x19ef9dca00000000, 0x7584956f00000000,
+    0x515d920c00000000, 0xd73eb17600000000, 0xf3e7b61500000000,
+    0x9f8cbeb000000000, 0xbb55b9d300000000, 0x065cdf2100000000,
+    0x2285d84200000000, 0x4eeed0e700000000, 0x6a37d78400000000,
+    0x75fb6dd800000000, 0x51226abb00000000, 0x3d49621e00000000,
+    0x1990657d00000000, 0xa499038f00000000, 0x804004ec00000000,
+    0xec2b0c4900000000, 0xc8f20b2a00000000, 0xd2b379f000000000,
+    0xf66a7e9300000000, 0x9a01763600000000, 0xbed8715500000000,
+    0x03d117a700000000, 0x270810c400000000, 0x4b63186100000000,
+    0x6fba1f0200000000, 0x7076a55e00000000, 0x54afa23d00000000,
+    0x38c4aa9800000000, 0x1c1dadfb00000000, 0xa114cb0900000000,
+    0x85cdcc6a00000000, 0xe9a6c4cf00000000, 0xcd7fc3ac00000000,
+    0x9c2251a000000000, 0xb8fb56c300000000, 0xd4905e6600000000,
+    0xf049590500000000, 0x4d403ff700000000, 0x6999389400000000,
+    0x05f2303100000000, 0x212b375200000000, 0x3ee78d0e00000000,
+    0x1a3e8a6d00000000, 0x765582c800000000, 0x528c85ab00000000,
+    0xef85e35900000000, 0xcb5ce43a00000000, 0xa737ec9f00000000,
+    0x83eeebfc00000000, 0x99af992600000000, 0xbd769e4500000000,
+    0xd11d96e000000000, 0xf5c4918300000000, 0x48cdf77100000000,
+    0x6c14f01200000000, 0x007ff8b700000000, 0x24a6ffd400000000,
+    0x3b6a458800000000, 0x1fb342eb00000000, 0x73d84a4e00000000,
+    0x57014d2d00000000, 0xea082bdf00000000, 0xced12cbc00000000,
+    0xa2ba241900000000, 0x8663237a00000000, 0xae7d62ed00000000,
+    0x8aa4658e00000000, 0xe6cf6d2b00000000, 0xc2166a4800000000,
+    0x7f1f0cba00000000, 0x5bc60bd900000000, 0x37ad037c00000000,
+    0x1374041f00000000, 0x0cb8be4300000000, 0x2861b92000000000,
+    0x440ab18500000000, 0x60d3b6e600000000, 0xdddad01400000000,
+    0xf903d77700000000, 0x9568dfd200000000, 0xb1b1d8b100000000,
+    0xabf0aa6b00000000, 0x8f29ad0800000000, 0xe342a5ad00000000,
+    0xc79ba2ce00000000, 0x7a92c43c00000000, 0x5e4bc35f00000000,
+    0x3220cbfa00000000, 0x16f9cc9900000000, 0x093576c500000000,
+    0x2dec71a600000000, 0x4187790300000000, 0x655e7e6000000000,
+    0xd857189200000000, 0xfc8e1ff100000000, 0x90e5175400000000,
+    0xb43c103700000000, 0xe561823b00000000, 0xc1b8855800000000,
+    0xadd38dfd00000000, 0x890a8a9e00000000, 0x3403ec6c00000000,
+    0x10daeb0f00000000, 0x7cb1e3aa00000000, 0x5868e4c900000000,
+    0x47a45e9500000000, 0x637d59f600000000, 0x0f16515300000000,
+    0x2bcf563000000000, 0x96c630c200000000, 0xb21f37a100000000,
+    0xde743f0400000000, 0xfaad386700000000, 0xe0ec4abd00000000,
+    0xc4354dde00000000, 0xa85e457b00000000, 0x8c87421800000000,
+    0x318e24ea00000000, 0x1557238900000000, 0x793c2b2c00000000,
+    0x5de52c4f00000000, 0x4229961300000000, 0x66f0917000000000,
+    0x0a9b99d500000000, 0x2e429eb600000000, 0x934bf84400000000,
+    0xb792ff2700000000, 0xdbf9f78200000000, 0xff20f0e100000000,
+    0x7943d39b00000000, 0x5d9ad4f800000000, 0x31f1dc5d00000000,
+    0x1528db3e00000000, 0xa821bdcc00000000, 0x8cf8baaf00000000,
+    0xe093b20a00000000, 0xc44ab56900000000, 0xdb860f3500000000,
+    0xff5f085600000000, 0x933400f300000000, 0xb7ed079000000000,
+    0x0ae4616200000000, 0x2e3d660100000000, 0x42566ea400000000,
+    0x668f69c700000000, 0x7cce1b1d00000000, 0x58171c7e00000000,
+    0x347c14db00000000, 0x10a513b800000000, 0xadac754a00000000,
+    0x8975722900000000, 0xe51e7a8c00000000, 0xc1c77def00000000,
+    0xde0bc7b300000000, 0xfad2c0d000000000, 0x96b9c87500000000,
+    0xb260cf1600000000, 0x0f69a9e400000000, 0x2bb0ae8700000000,
+    0x47dba62200000000, 0x6302a14100000000, 0x325f334d00000000,
+    0x1686342e00000000, 0x7aed3c8b00000000, 0x5e343be800000000,
+    0xe33d5d1a00000000, 0xc7e45a7900000000, 0xab8f52dc00000000,
+    0x8f5655bf00000000, 0x909aefe300000000, 0xb443e88000000000,
+    0xd828e02500000000, 0xfcf1e74600000000, 0x41f881b400000000,
+    0x652186d700000000, 0x094a8e7200000000, 0x2d93891100000000,
+    0x37d2fbcb00000000, 0x130bfca800000000, 0x7f60f40d00000000,
+    0x5bb9f36e00000000, 0xe6b0959c00000000, 0xc26992ff00000000,
+    0xae029a5a00000000, 0x8adb9d3900000000, 0x9517276500000000,
+    0xb1ce200600000000, 0xdda528a300000000, 0xf97c2fc000000000,
+    0x4475493200000000, 0x60ac4e5100000000, 0x0cc746f400000000,
+    0x281e419700000000},
+   {0x0000000000000000, 0x08e3603c00000000, 0x10c6c17800000000,
+    0x1825a14400000000, 0x208c83f100000000, 0x286fe3cd00000000,
+    0x304a428900000000, 0x38a922b500000000, 0x011e763800000000,
+    0x09fd160400000000, 0x11d8b74000000000, 0x193bd77c00000000,
+    0x2192f5c900000000, 0x297195f500000000, 0x315434b100000000,
+    0x39b7548d00000000, 0x023cec7000000000, 0x0adf8c4c00000000,
+    0x12fa2d0800000000, 0x1a194d3400000000, 0x22b06f8100000000,
+    0x2a530fbd00000000, 0x3276aef900000000, 0x3a95cec500000000,
+    0x03229a4800000000, 0x0bc1fa7400000000, 0x13e45b3000000000,
+    0x1b073b0c00000000, 0x23ae19b900000000, 0x2b4d798500000000,
+    0x3368d8c100000000, 0x3b8bb8fd00000000, 0x0478d8e100000000,
+    0x0c9bb8dd00000000, 0x14be199900000000, 0x1c5d79a500000000,
+    0x24f45b1000000000, 0x2c173b2c00000000, 0x34329a6800000000,
+    0x3cd1fa5400000000, 0x0566aed900000000, 0x0d85cee500000000,
+    0x15a06fa100000000, 0x1d430f9d00000000, 0x25ea2d2800000000,
+    0x2d094d1400000000, 0x352cec5000000000, 0x3dcf8c6c00000000,
+    0x0644349100000000, 0x0ea754ad00000000, 0x1682f5e900000000,
+    0x1e6195d500000000, 0x26c8b76000000000, 0x2e2bd75c00000000,
+    0x360e761800000000, 0x3eed162400000000, 0x075a42a900000000,
+    0x0fb9229500000000, 0x179c83d100000000, 0x1f7fe3ed00000000,
+    0x27d6c15800000000, 0x2f35a16400000000, 0x3710002000000000,
+    0x3ff3601c00000000, 0x49f6c11800000000, 0x4115a12400000000,
+    0x5930006000000000, 0x51d3605c00000000, 0x697a42e900000000,
+    0x619922d500000000, 0x79bc839100000000, 0x715fe3ad00000000,
+    0x48e8b72000000000, 0x400bd71c00000000, 0x582e765800000000,
+    0x50cd166400000000, 0x686434d100000000, 0x608754ed00000000,
+    0x78a2f5a900000000, 0x7041959500000000, 0x4bca2d6800000000,
+    0x43294d5400000000, 0x5b0cec1000000000, 0x53ef8c2c00000000,
+    0x6b46ae9900000000, 0x63a5cea500000000, 0x7b806fe100000000,
+    0x73630fdd00000000, 0x4ad45b5000000000, 0x42373b6c00000000,
+    0x5a129a2800000000, 0x52f1fa1400000000, 0x6a58d8a100000000,
+    0x62bbb89d00000000, 0x7a9e19d900000000, 0x727d79e500000000,
+    0x4d8e19f900000000, 0x456d79c500000000, 0x5d48d88100000000,
+    0x55abb8bd00000000, 0x6d029a0800000000, 0x65e1fa3400000000,
+    0x7dc45b7000000000, 0x75273b4c00000000, 0x4c906fc100000000,
+    0x44730ffd00000000, 0x5c56aeb900000000, 0x54b5ce8500000000,
+    0x6c1cec3000000000, 0x64ff8c0c00000000, 0x7cda2d4800000000,
+    0x74394d7400000000, 0x4fb2f58900000000, 0x475195b500000000,
+    0x5f7434f100000000, 0x579754cd00000000, 0x6f3e767800000000,
+    0x67dd164400000000, 0x7ff8b70000000000, 0x771bd73c00000000,
+    0x4eac83b100000000, 0x464fe38d00000000, 0x5e6a42c900000000,
+    0x568922f500000000, 0x6e20004000000000, 0x66c3607c00000000,
+    0x7ee6c13800000000, 0x7605a10400000000, 0x92ec833100000000,
+    0x9a0fe30d00000000, 0x822a424900000000, 0x8ac9227500000000,
+    0xb26000c000000000, 0xba8360fc00000000, 0xa2a6c1b800000000,
+    0xaa45a18400000000, 0x93f2f50900000000, 0x9b11953500000000,
+    0x8334347100000000, 0x8bd7544d00000000, 0xb37e76f800000000,
+    0xbb9d16c400000000, 0xa3b8b78000000000, 0xab5bd7bc00000000,
+    0x90d06f4100000000, 0x98330f7d00000000, 0x8016ae3900000000,
+    0x88f5ce0500000000, 0xb05cecb000000000, 0xb8bf8c8c00000000,
+    0xa09a2dc800000000, 0xa8794df400000000, 0x91ce197900000000,
+    0x992d794500000000, 0x8108d80100000000, 0x89ebb83d00000000,
+    0xb1429a8800000000, 0xb9a1fab400000000, 0xa1845bf000000000,
+    0xa9673bcc00000000, 0x96945bd000000000, 0x9e773bec00000000,
+    0x86529aa800000000, 0x8eb1fa9400000000, 0xb618d82100000000,
+    0xbefbb81d00000000, 0xa6de195900000000, 0xae3d796500000000,
+    0x978a2de800000000, 0x9f694dd400000000, 0x874cec9000000000,
+    0x8faf8cac00000000, 0xb706ae1900000000, 0xbfe5ce2500000000,
+    0xa7c06f6100000000, 0xaf230f5d00000000, 0x94a8b7a000000000,
+    0x9c4bd79c00000000, 0x846e76d800000000, 0x8c8d16e400000000,
+    0xb424345100000000, 0xbcc7546d00000000, 0xa4e2f52900000000,
+    0xac01951500000000, 0x95b6c19800000000, 0x9d55a1a400000000,
+    0x857000e000000000, 0x8d9360dc00000000, 0xb53a426900000000,
+    0xbdd9225500000000, 0xa5fc831100000000, 0xad1fe32d00000000,
+    0xdb1a422900000000, 0xd3f9221500000000, 0xcbdc835100000000,
+    0xc33fe36d00000000, 0xfb96c1d800000000, 0xf375a1e400000000,
+    0xeb5000a000000000, 0xe3b3609c00000000, 0xda04341100000000,
+    0xd2e7542d00000000, 0xcac2f56900000000, 0xc221955500000000,
+    0xfa88b7e000000000, 0xf26bd7dc00000000, 0xea4e769800000000,
+    0xe2ad16a400000000, 0xd926ae5900000000, 0xd1c5ce6500000000,
+    0xc9e06f2100000000, 0xc1030f1d00000000, 0xf9aa2da800000000,
+    0xf1494d9400000000, 0xe96cecd000000000, 0xe18f8cec00000000,
+    0xd838d86100000000, 0xd0dbb85d00000000, 0xc8fe191900000000,
+    0xc01d792500000000, 0xf8b45b9000000000, 0xf0573bac00000000,
+    0xe8729ae800000000, 0xe091fad400000000, 0xdf629ac800000000,
+    0xd781faf400000000, 0xcfa45bb000000000, 0xc7473b8c00000000,
+    0xffee193900000000, 0xf70d790500000000, 0xef28d84100000000,
+    0xe7cbb87d00000000, 0xde7cecf000000000, 0xd69f8ccc00000000,
+    0xceba2d8800000000, 0xc6594db400000000, 0xfef06f0100000000,
+    0xf6130f3d00000000, 0xee36ae7900000000, 0xe6d5ce4500000000,
+    0xdd5e76b800000000, 0xd5bd168400000000, 0xcd98b7c000000000,
+    0xc57bd7fc00000000, 0xfdd2f54900000000, 0xf531957500000000,
+    0xed14343100000000, 0xe5f7540d00000000, 0xdc40008000000000,
+    0xd4a360bc00000000, 0xcc86c1f800000000, 0xc465a1c400000000,
+    0xfccc837100000000, 0xf42fe34d00000000, 0xec0a420900000000,
+    0xe4e9223500000000},
+   {0x0000000000000000, 0xd1e8e70e00000000, 0xa2d1cf1d00000000,
+    0x7339281300000000, 0x44a39f3b00000000, 0x954b783500000000,
+    0xe672502600000000, 0x379ab72800000000, 0x88463f7700000000,
+    0x59aed87900000000, 0x2a97f06a00000000, 0xfb7f176400000000,
+    0xcce5a04c00000000, 0x1d0d474200000000, 0x6e346f5100000000,
+    0xbfdc885f00000000, 0x108d7eee00000000, 0xc16599e000000000,
+    0xb25cb1f300000000, 0x63b456fd00000000, 0x542ee1d500000000,
+    0x85c606db00000000, 0xf6ff2ec800000000, 0x2717c9c600000000,
+    0x98cb419900000000, 0x4923a69700000000, 0x3a1a8e8400000000,
+    0xebf2698a00000000, 0xdc68dea200000000, 0x0d8039ac00000000,
+    0x7eb911bf00000000, 0xaf51f6b100000000, 0x611c8c0700000000,
+    0xb0f46b0900000000, 0xc3cd431a00000000, 0x1225a41400000000,
+    0x25bf133c00000000, 0xf457f43200000000, 0x876edc2100000000,
+    0x56863b2f00000000, 0xe95ab37000000000, 0x38b2547e00000000,
+    0x4b8b7c6d00000000, 0x9a639b6300000000, 0xadf92c4b00000000,
+    0x7c11cb4500000000, 0x0f28e35600000000, 0xdec0045800000000,
+    0x7191f2e900000000, 0xa07915e700000000, 0xd3403df400000000,
+    0x02a8dafa00000000, 0x35326dd200000000, 0xe4da8adc00000000,
+    0x97e3a2cf00000000, 0x460b45c100000000, 0xf9d7cd9e00000000,
+    0x283f2a9000000000, 0x5b06028300000000, 0x8aeee58d00000000,
+    0xbd7452a500000000, 0x6c9cb5ab00000000, 0x1fa59db800000000,
+    0xce4d7ab600000000, 0xc238180f00000000, 0x13d0ff0100000000,
+    0x60e9d71200000000, 0xb101301c00000000, 0x869b873400000000,
+    0x5773603a00000000, 0x244a482900000000, 0xf5a2af2700000000,
+    0x4a7e277800000000, 0x9b96c07600000000, 0xe8afe86500000000,
+    0x39470f6b00000000, 0x0eddb84300000000, 0xdf355f4d00000000,
+    0xac0c775e00000000, 0x7de4905000000000, 0xd2b566e100000000,
+    0x035d81ef00000000, 0x7064a9fc00000000, 0xa18c4ef200000000,
+    0x9616f9da00000000, 0x47fe1ed400000000, 0x34c736c700000000,
+    0xe52fd1c900000000, 0x5af3599600000000, 0x8b1bbe9800000000,
+    0xf822968b00000000, 0x29ca718500000000, 0x1e50c6ad00000000,
+    0xcfb821a300000000, 0xbc8109b000000000, 0x6d69eebe00000000,
+    0xa324940800000000, 0x72cc730600000000, 0x01f55b1500000000,
+    0xd01dbc1b00000000, 0xe7870b3300000000, 0x366fec3d00000000,
+    0x4556c42e00000000, 0x94be232000000000, 0x2b62ab7f00000000,
+    0xfa8a4c7100000000, 0x89b3646200000000, 0x585b836c00000000,
+    0x6fc1344400000000, 0xbe29d34a00000000, 0xcd10fb5900000000,
+    0x1cf81c5700000000, 0xb3a9eae600000000, 0x62410de800000000,
+    0x117825fb00000000, 0xc090c2f500000000, 0xf70a75dd00000000,
+    0x26e292d300000000, 0x55dbbac000000000, 0x84335dce00000000,
+    0x3befd59100000000, 0xea07329f00000000, 0x993e1a8c00000000,
+    0x48d6fd8200000000, 0x7f4c4aaa00000000, 0xaea4ada400000000,
+    0xdd9d85b700000000, 0x0c7562b900000000, 0x8471301e00000000,
+    0x5599d71000000000, 0x26a0ff0300000000, 0xf748180d00000000,
+    0xc0d2af2500000000, 0x113a482b00000000, 0x6203603800000000,
+    0xb3eb873600000000, 0x0c370f6900000000, 0xdddfe86700000000,
+    0xaee6c07400000000, 0x7f0e277a00000000, 0x4894905200000000,
+    0x997c775c00000000, 0xea455f4f00000000, 0x3badb84100000000,
+    0x94fc4ef000000000, 0x4514a9fe00000000, 0x362d81ed00000000,
+    0xe7c566e300000000, 0xd05fd1cb00000000, 0x01b736c500000000,
+    0x728e1ed600000000, 0xa366f9d800000000, 0x1cba718700000000,
+    0xcd52968900000000, 0xbe6bbe9a00000000, 0x6f83599400000000,
+    0x5819eebc00000000, 0x89f109b200000000, 0xfac821a100000000,
+    0x2b20c6af00000000, 0xe56dbc1900000000, 0x34855b1700000000,
+    0x47bc730400000000, 0x9654940a00000000, 0xa1ce232200000000,
+    0x7026c42c00000000, 0x031fec3f00000000, 0xd2f70b3100000000,
+    0x6d2b836e00000000, 0xbcc3646000000000, 0xcffa4c7300000000,
+    0x1e12ab7d00000000, 0x29881c5500000000, 0xf860fb5b00000000,
+    0x8b59d34800000000, 0x5ab1344600000000, 0xf5e0c2f700000000,
+    0x240825f900000000, 0x57310dea00000000, 0x86d9eae400000000,
+    0xb1435dcc00000000, 0x60abbac200000000, 0x139292d100000000,
+    0xc27a75df00000000, 0x7da6fd8000000000, 0xac4e1a8e00000000,
+    0xdf77329d00000000, 0x0e9fd59300000000, 0x390562bb00000000,
+    0xe8ed85b500000000, 0x9bd4ada600000000, 0x4a3c4aa800000000,
+    0x4649281100000000, 0x97a1cf1f00000000, 0xe498e70c00000000,
+    0x3570000200000000, 0x02eab72a00000000, 0xd302502400000000,
+    0xa03b783700000000, 0x71d39f3900000000, 0xce0f176600000000,
+    0x1fe7f06800000000, 0x6cded87b00000000, 0xbd363f7500000000,
+    0x8aac885d00000000, 0x5b446f5300000000, 0x287d474000000000,
+    0xf995a04e00000000, 0x56c456ff00000000, 0x872cb1f100000000,
+    0xf41599e200000000, 0x25fd7eec00000000, 0x1267c9c400000000,
+    0xc38f2eca00000000, 0xb0b606d900000000, 0x615ee1d700000000,
+    0xde82698800000000, 0x0f6a8e8600000000, 0x7c53a69500000000,
+    0xadbb419b00000000, 0x9a21f6b300000000, 0x4bc911bd00000000,
+    0x38f039ae00000000, 0xe918dea000000000, 0x2755a41600000000,
+    0xf6bd431800000000, 0x85846b0b00000000, 0x546c8c0500000000,
+    0x63f63b2d00000000, 0xb21edc2300000000, 0xc127f43000000000,
+    0x10cf133e00000000, 0xaf139b6100000000, 0x7efb7c6f00000000,
+    0x0dc2547c00000000, 0xdc2ab37200000000, 0xebb0045a00000000,
+    0x3a58e35400000000, 0x4961cb4700000000, 0x98892c4900000000,
+    0x37d8daf800000000, 0xe6303df600000000, 0x950915e500000000,
+    0x44e1f2eb00000000, 0x737b45c300000000, 0xa293a2cd00000000,
+    0xd1aa8ade00000000, 0x00426dd000000000, 0xbf9ee58f00000000,
+    0x6e76028100000000, 0x1d4f2a9200000000, 0xcca7cd9c00000000,
+    0xfb3d7ab400000000, 0x2ad59dba00000000, 0x59ecb5a900000000,
+    0x880452a700000000},
+   {0x0000000000000000, 0xaa05daf100000000, 0x150dc53800000000,
+    0xbf081fc900000000, 0x2a1a8a7100000000, 0x801f508000000000,
+    0x3f174f4900000000, 0x951295b800000000, 0x543414e300000000,
+    0xfe31ce1200000000, 0x4139d1db00000000, 0xeb3c0b2a00000000,
+    0x7e2e9e9200000000, 0xd42b446300000000, 0x6b235baa00000000,
+    0xc126815b00000000, 0xe96e591d00000000, 0x436b83ec00000000,
+    0xfc639c2500000000, 0x566646d400000000, 0xc374d36c00000000,
+    0x6971099d00000000, 0xd679165400000000, 0x7c7ccca500000000,
+    0xbd5a4dfe00000000, 0x175f970f00000000, 0xa85788c600000000,
+    0x0252523700000000, 0x9740c78f00000000, 0x3d451d7e00000000,
+    0x824d02b700000000, 0x2848d84600000000, 0xd2ddb23a00000000,
+    0x78d868cb00000000, 0xc7d0770200000000, 0x6dd5adf300000000,
+    0xf8c7384b00000000, 0x52c2e2ba00000000, 0xedcafd7300000000,
+    0x47cf278200000000, 0x86e9a6d900000000, 0x2cec7c2800000000,
+    0x93e463e100000000, 0x39e1b91000000000, 0xacf32ca800000000,
+    0x06f6f65900000000, 0xb9fee99000000000, 0x13fb336100000000,
+    0x3bb3eb2700000000, 0x91b631d600000000, 0x2ebe2e1f00000000,
+    0x84bbf4ee00000000, 0x11a9615600000000, 0xbbacbba700000000,
+    0x04a4a46e00000000, 0xaea17e9f00000000, 0x6f87ffc400000000,
+    0xc582253500000000, 0x7a8a3afc00000000, 0xd08fe00d00000000,
+    0x459d75b500000000, 0xef98af4400000000, 0x5090b08d00000000,
+    0xfa956a7c00000000, 0xa4bb657500000000, 0x0ebebf8400000000,
+    0xb1b6a04d00000000, 0x1bb37abc00000000, 0x8ea1ef0400000000,
+    0x24a435f500000000, 0x9bac2a3c00000000, 0x31a9f0cd00000000,
+    0xf08f719600000000, 0x5a8aab6700000000, 0xe582b4ae00000000,
+    0x4f876e5f00000000, 0xda95fbe700000000, 0x7090211600000000,
+    0xcf983edf00000000, 0x659de42e00000000, 0x4dd53c6800000000,
+    0xe7d0e69900000000, 0x58d8f95000000000, 0xf2dd23a100000000,
+    0x67cfb61900000000, 0xcdca6ce800000000, 0x72c2732100000000,
+    0xd8c7a9d000000000, 0x19e1288b00000000, 0xb3e4f27a00000000,
+    0x0cecedb300000000, 0xa6e9374200000000, 0x33fba2fa00000000,
+    0x99fe780b00000000, 0x26f667c200000000, 0x8cf3bd3300000000,
+    0x7666d74f00000000, 0xdc630dbe00000000, 0x636b127700000000,
+    0xc96ec88600000000, 0x5c7c5d3e00000000, 0xf67987cf00000000,
+    0x4971980600000000, 0xe37442f700000000, 0x2252c3ac00000000,
+    0x8857195d00000000, 0x375f069400000000, 0x9d5adc6500000000,
+    0x084849dd00000000, 0xa24d932c00000000, 0x1d458ce500000000,
+    0xb740561400000000, 0x9f088e5200000000, 0x350d54a300000000,
+    0x8a054b6a00000000, 0x2000919b00000000, 0xb512042300000000,
+    0x1f17ded200000000, 0xa01fc11b00000000, 0x0a1a1bea00000000,
+    0xcb3c9ab100000000, 0x6139404000000000, 0xde315f8900000000,
+    0x7434857800000000, 0xe12610c000000000, 0x4b23ca3100000000,
+    0xf42bd5f800000000, 0x5e2e0f0900000000, 0x4877cbea00000000,
+    0xe272111b00000000, 0x5d7a0ed200000000, 0xf77fd42300000000,
+    0x626d419b00000000, 0xc8689b6a00000000, 0x776084a300000000,
+    0xdd655e5200000000, 0x1c43df0900000000, 0xb64605f800000000,
+    0x094e1a3100000000, 0xa34bc0c000000000, 0x3659557800000000,
+    0x9c5c8f8900000000, 0x2354904000000000, 0x89514ab100000000,
+    0xa11992f700000000, 0x0b1c480600000000, 0xb41457cf00000000,
+    0x1e118d3e00000000, 0x8b03188600000000, 0x2106c27700000000,
+    0x9e0eddbe00000000, 0x340b074f00000000, 0xf52d861400000000,
+    0x5f285ce500000000, 0xe020432c00000000, 0x4a2599dd00000000,
+    0xdf370c6500000000, 0x7532d69400000000, 0xca3ac95d00000000,
+    0x603f13ac00000000, 0x9aaa79d000000000, 0x30afa32100000000,
+    0x8fa7bce800000000, 0x25a2661900000000, 0xb0b0f3a100000000,
+    0x1ab5295000000000, 0xa5bd369900000000, 0x0fb8ec6800000000,
+    0xce9e6d3300000000, 0x649bb7c200000000, 0xdb93a80b00000000,
+    0x719672fa00000000, 0xe484e74200000000, 0x4e813db300000000,
+    0xf189227a00000000, 0x5b8cf88b00000000, 0x73c420cd00000000,
+    0xd9c1fa3c00000000, 0x66c9e5f500000000, 0xcccc3f0400000000,
+    0x59deaabc00000000, 0xf3db704d00000000, 0x4cd36f8400000000,
+    0xe6d6b57500000000, 0x27f0342e00000000, 0x8df5eedf00000000,
+    0x32fdf11600000000, 0x98f82be700000000, 0x0deabe5f00000000,
+    0xa7ef64ae00000000, 0x18e77b6700000000, 0xb2e2a19600000000,
+    0xecccae9f00000000, 0x46c9746e00000000, 0xf9c16ba700000000,
+    0x53c4b15600000000, 0xc6d624ee00000000, 0x6cd3fe1f00000000,
+    0xd3dbe1d600000000, 0x79de3b2700000000, 0xb8f8ba7c00000000,
+    0x12fd608d00000000, 0xadf57f4400000000, 0x07f0a5b500000000,
+    0x92e2300d00000000, 0x38e7eafc00000000, 0x87eff53500000000,
+    0x2dea2fc400000000, 0x05a2f78200000000, 0xafa72d7300000000,
+    0x10af32ba00000000, 0xbaaae84b00000000, 0x2fb87df300000000,
+    0x85bda70200000000, 0x3ab5b8cb00000000, 0x90b0623a00000000,
+    0x5196e36100000000, 0xfb93399000000000, 0x449b265900000000,
+    0xee9efca800000000, 0x7b8c691000000000, 0xd189b3e100000000,
+    0x6e81ac2800000000, 0xc48476d900000000, 0x3e111ca500000000,
+    0x9414c65400000000, 0x2b1cd99d00000000, 0x8119036c00000000,
+    0x140b96d400000000, 0xbe0e4c2500000000, 0x010653ec00000000,
+    0xab03891d00000000, 0x6a25084600000000, 0xc020d2b700000000,
+    0x7f28cd7e00000000, 0xd52d178f00000000, 0x403f823700000000,
+    0xea3a58c600000000, 0x5532470f00000000, 0xff379dfe00000000,
+    0xd77f45b800000000, 0x7d7a9f4900000000, 0xc272808000000000,
+    0x68775a7100000000, 0xfd65cfc900000000, 0x5760153800000000,
+    0xe8680af100000000, 0x426dd00000000000, 0x834b515b00000000,
+    0x294e8baa00000000, 0x9646946300000000, 0x3c434e9200000000,
+    0xa951db2a00000000, 0x035401db00000000, 0xbc5c1e1200000000,
+    0x1659c4e300000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xae689191, 0x87a02563, 0x29c8b4f2, 0xd4314c87,
+    0x7a59dd16, 0x539169e4, 0xfdf9f875, 0x73139f4f, 0xdd7b0ede,
+    0xf4b3ba2c, 0x5adb2bbd, 0xa722d3c8, 0x094a4259, 0x2082f6ab,
+    0x8eea673a, 0xe6273e9e, 0x484faf0f, 0x61871bfd, 0xcfef8a6c,
+    0x32167219, 0x9c7ee388, 0xb5b6577a, 0x1bdec6eb, 0x9534a1d1,
+    0x3b5c3040, 0x129484b2, 0xbcfc1523, 0x4105ed56, 0xef6d7cc7,
+    0xc6a5c835, 0x68cd59a4, 0x173f7b7d, 0xb957eaec, 0x909f5e1e,
+    0x3ef7cf8f, 0xc30e37fa, 0x6d66a66b, 0x44ae1299, 0xeac68308,
+    0x642ce432, 0xca4475a3, 0xe38cc151, 0x4de450c0, 0xb01da8b5,
+    0x1e753924, 0x37bd8dd6, 0x99d51c47, 0xf11845e3, 0x5f70d472,
+    0x76b86080, 0xd8d0f111, 0x25290964, 0x8b4198f5, 0xa2892c07,
+    0x0ce1bd96, 0x820bdaac, 0x2c634b3d, 0x05abffcf, 0xabc36e5e,
+    0x563a962b, 0xf85207ba, 0xd19ab348, 0x7ff222d9, 0x2e7ef6fa,
+    0x8016676b, 0xa9ded399, 0x07b64208, 0xfa4fba7d, 0x54272bec,
+    0x7def9f1e, 0xd3870e8f, 0x5d6d69b5, 0xf305f824, 0xdacd4cd6,
+    0x74a5dd47, 0x895c2532, 0x2734b4a3, 0x0efc0051, 0xa09491c0,
+    0xc859c864, 0x663159f5, 0x4ff9ed07, 0xe1917c96, 0x1c6884e3,
+    0xb2001572, 0x9bc8a180, 0x35a03011, 0xbb4a572b, 0x1522c6ba,
+    0x3cea7248, 0x9282e3d9, 0x6f7b1bac, 0xc1138a3d, 0xe8db3ecf,
+    0x46b3af5e, 0x39418d87, 0x97291c16, 0xbee1a8e4, 0x10893975,
+    0xed70c100, 0x43185091, 0x6ad0e463, 0xc4b875f2, 0x4a5212c8,
+    0xe43a8359, 0xcdf237ab, 0x639aa63a, 0x9e635e4f, 0x300bcfde,
+    0x19c37b2c, 0xb7abeabd, 0xdf66b319, 0x710e2288, 0x58c6967a,
+    0xf6ae07eb, 0x0b57ff9e, 0xa53f6e0f, 0x8cf7dafd, 0x229f4b6c,
+    0xac752c56, 0x021dbdc7, 0x2bd50935, 0x85bd98a4, 0x784460d1,
+    0xd62cf140, 0xffe445b2, 0x518cd423, 0x5cfdedf4, 0xf2957c65,
+    0xdb5dc897, 0x75355906, 0x88cca173, 0x26a430e2, 0x0f6c8410,
+    0xa1041581, 0x2fee72bb, 0x8186e32a, 0xa84e57d8, 0x0626c649,
+    0xfbdf3e3c, 0x55b7afad, 0x7c7f1b5f, 0xd2178ace, 0xbadad36a,
+    0x14b242fb, 0x3d7af609, 0x93126798, 0x6eeb9fed, 0xc0830e7c,
+    0xe94bba8e, 0x47232b1f, 0xc9c94c25, 0x67a1ddb4, 0x4e696946,
+    0xe001f8d7, 0x1df800a2, 0xb3909133, 0x9a5825c1, 0x3430b450,
+    0x4bc29689, 0xe5aa0718, 0xcc62b3ea, 0x620a227b, 0x9ff3da0e,
+    0x319b4b9f, 0x1853ff6d, 0xb63b6efc, 0x38d109c6, 0x96b99857,
+    0xbf712ca5, 0x1119bd34, 0xece04541, 0x4288d4d0, 0x6b406022,
+    0xc528f1b3, 0xade5a817, 0x038d3986, 0x2a458d74, 0x842d1ce5,
+    0x79d4e490, 0xd7bc7501, 0xfe74c1f3, 0x501c5062, 0xdef63758,
+    0x709ea6c9, 0x5956123b, 0xf73e83aa, 0x0ac77bdf, 0xa4afea4e,
+    0x8d675ebc, 0x230fcf2d, 0x72831b0e, 0xdceb8a9f, 0xf5233e6d,
+    0x5b4baffc, 0xa6b25789, 0x08dac618, 0x211272ea, 0x8f7ae37b,
+    0x01908441, 0xaff815d0, 0x8630a122, 0x285830b3, 0xd5a1c8c6,
+    0x7bc95957, 0x5201eda5, 0xfc697c34, 0x94a42590, 0x3accb401,
+    0x130400f3, 0xbd6c9162, 0x40956917, 0xeefdf886, 0xc7354c74,
+    0x695ddde5, 0xe7b7badf, 0x49df2b4e, 0x60179fbc, 0xce7f0e2d,
+    0x3386f658, 0x9dee67c9, 0xb426d33b, 0x1a4e42aa, 0x65bc6073,
+    0xcbd4f1e2, 0xe21c4510, 0x4c74d481, 0xb18d2cf4, 0x1fe5bd65,
+    0x362d0997, 0x98459806, 0x16afff3c, 0xb8c76ead, 0x910fda5f,
+    0x3f674bce, 0xc29eb3bb, 0x6cf6222a, 0x453e96d8, 0xeb560749,
+    0x839b5eed, 0x2df3cf7c, 0x043b7b8e, 0xaa53ea1f, 0x57aa126a,
+    0xf9c283fb, 0xd00a3709, 0x7e62a698, 0xf088c1a2, 0x5ee05033,
+    0x7728e4c1, 0xd9407550, 0x24b98d25, 0x8ad11cb4, 0xa319a846,
+    0x0d7139d7},
+   {0x00000000, 0xb9fbdbe8, 0xa886b191, 0x117d6a79, 0x8a7c6563,
+    0x3387be8b, 0x22fad4f2, 0x9b010f1a, 0xcf89cc87, 0x7672176f,
+    0x670f7d16, 0xdef4a6fe, 0x45f5a9e4, 0xfc0e720c, 0xed731875,
+    0x5488c39d, 0x44629f4f, 0xfd9944a7, 0xece42ede, 0x551ff536,
+    0xce1efa2c, 0x77e521c4, 0x66984bbd, 0xdf639055, 0x8beb53c8,
+    0x32108820, 0x236de259, 0x9a9639b1, 0x019736ab, 0xb86ced43,
+    0xa911873a, 0x10ea5cd2, 0x88c53e9e, 0x313ee576, 0x20438f0f,
+    0x99b854e7, 0x02b95bfd, 0xbb428015, 0xaa3fea6c, 0x13c43184,
+    0x474cf219, 0xfeb729f1, 0xefca4388, 0x56319860, 0xcd30977a,
+    0x74cb4c92, 0x65b626eb, 0xdc4dfd03, 0xcca7a1d1, 0x755c7a39,
+    0x64211040, 0xdddacba8, 0x46dbc4b2, 0xff201f5a, 0xee5d7523,
+    0x57a6aecb, 0x032e6d56, 0xbad5b6be, 0xaba8dcc7, 0x1253072f,
+    0x89520835, 0x30a9d3dd, 0x21d4b9a4, 0x982f624c, 0xcafb7b7d,
+    0x7300a095, 0x627dcaec, 0xdb861104, 0x40871e1e, 0xf97cc5f6,
+    0xe801af8f, 0x51fa7467, 0x0572b7fa, 0xbc896c12, 0xadf4066b,
+    0x140fdd83, 0x8f0ed299, 0x36f50971, 0x27886308, 0x9e73b8e0,
+    0x8e99e432, 0x37623fda, 0x261f55a3, 0x9fe48e4b, 0x04e58151,
+    0xbd1e5ab9, 0xac6330c0, 0x1598eb28, 0x411028b5, 0xf8ebf35d,
+    0xe9969924, 0x506d42cc, 0xcb6c4dd6, 0x7297963e, 0x63eafc47,
+    0xda1127af, 0x423e45e3, 0xfbc59e0b, 0xeab8f472, 0x53432f9a,
+    0xc8422080, 0x71b9fb68, 0x60c49111, 0xd93f4af9, 0x8db78964,
+    0x344c528c, 0x253138f5, 0x9ccae31d, 0x07cbec07, 0xbe3037ef,
+    0xaf4d5d96, 0x16b6867e, 0x065cdaac, 0xbfa70144, 0xaeda6b3d,
+    0x1721b0d5, 0x8c20bfcf, 0x35db6427, 0x24a60e5e, 0x9d5dd5b6,
+    0xc9d5162b, 0x702ecdc3, 0x6153a7ba, 0xd8a87c52, 0x43a97348,
+    0xfa52a8a0, 0xeb2fc2d9, 0x52d41931, 0x4e87f0bb, 0xf77c2b53,
+    0xe601412a, 0x5ffa9ac2, 0xc4fb95d8, 0x7d004e30, 0x6c7d2449,
+    0xd586ffa1, 0x810e3c3c, 0x38f5e7d4, 0x29888dad, 0x90735645,
+    0x0b72595f, 0xb28982b7, 0xa3f4e8ce, 0x1a0f3326, 0x0ae56ff4,
+    0xb31eb41c, 0xa263de65, 0x1b98058d, 0x80990a97, 0x3962d17f,
+    0x281fbb06, 0x91e460ee, 0xc56ca373, 0x7c97789b, 0x6dea12e2,
+    0xd411c90a, 0x4f10c610, 0xf6eb1df8, 0xe7967781, 0x5e6dac69,
+    0xc642ce25, 0x7fb915cd, 0x6ec47fb4, 0xd73fa45c, 0x4c3eab46,
+    0xf5c570ae, 0xe4b81ad7, 0x5d43c13f, 0x09cb02a2, 0xb030d94a,
+    0xa14db333, 0x18b668db, 0x83b767c1, 0x3a4cbc29, 0x2b31d650,
+    0x92ca0db8, 0x8220516a, 0x3bdb8a82, 0x2aa6e0fb, 0x935d3b13,
+    0x085c3409, 0xb1a7efe1, 0xa0da8598, 0x19215e70, 0x4da99ded,
+    0xf4524605, 0xe52f2c7c, 0x5cd4f794, 0xc7d5f88e, 0x7e2e2366,
+    0x6f53491f, 0xd6a892f7, 0x847c8bc6, 0x3d87502e, 0x2cfa3a57,
+    0x9501e1bf, 0x0e00eea5, 0xb7fb354d, 0xa6865f34, 0x1f7d84dc,
+    0x4bf54741, 0xf20e9ca9, 0xe373f6d0, 0x5a882d38, 0xc1892222,
+    0x7872f9ca, 0x690f93b3, 0xd0f4485b, 0xc01e1489, 0x79e5cf61,
+    0x6898a518, 0xd1637ef0, 0x4a6271ea, 0xf399aa02, 0xe2e4c07b,
+    0x5b1f1b93, 0x0f97d80e, 0xb66c03e6, 0xa711699f, 0x1eeab277,
+    0x85ebbd6d, 0x3c106685, 0x2d6d0cfc, 0x9496d714, 0x0cb9b558,
+    0xb5426eb0, 0xa43f04c9, 0x1dc4df21, 0x86c5d03b, 0x3f3e0bd3,
+    0x2e4361aa, 0x97b8ba42, 0xc33079df, 0x7acba237, 0x6bb6c84e,
+    0xd24d13a6, 0x494c1cbc, 0xf0b7c754, 0xe1caad2d, 0x583176c5,
+    0x48db2a17, 0xf120f1ff, 0xe05d9b86, 0x59a6406e, 0xc2a74f74,
+    0x7b5c949c, 0x6a21fee5, 0xd3da250d, 0x8752e690, 0x3ea93d78,
+    0x2fd45701, 0x962f8ce9, 0x0d2e83f3, 0xb4d5581b, 0xa5a83262,
+    0x1c53e98a},
+   {0x00000000, 0x9d0fe176, 0xe16ec4ad, 0x7c6125db, 0x19ac8f1b,
+    0x84a36e6d, 0xf8c24bb6, 0x65cdaac0, 0x33591e36, 0xae56ff40,
+    0xd237da9b, 0x4f383bed, 0x2af5912d, 0xb7fa705b, 0xcb9b5580,
+    0x5694b4f6, 0x66b23c6c, 0xfbbddd1a, 0x87dcf8c1, 0x1ad319b7,
+    0x7f1eb377, 0xe2115201, 0x9e7077da, 0x037f96ac, 0x55eb225a,
+    0xc8e4c32c, 0xb485e6f7, 0x298a0781, 0x4c47ad41, 0xd1484c37,
+    0xad2969ec, 0x3026889a, 0xcd6478d8, 0x506b99ae, 0x2c0abc75,
+    0xb1055d03, 0xd4c8f7c3, 0x49c716b5, 0x35a6336e, 0xa8a9d218,
+    0xfe3d66ee, 0x63328798, 0x1f53a243, 0x825c4335, 0xe791e9f5,
+    0x7a9e0883, 0x06ff2d58, 0x9bf0cc2e, 0xabd644b4, 0x36d9a5c2,
+    0x4ab88019, 0xd7b7616f, 0xb27acbaf, 0x2f752ad9, 0x53140f02,
+    0xce1bee74, 0x988f5a82, 0x0580bbf4, 0x79e19e2f, 0xe4ee7f59,
+    0x8123d599, 0x1c2c34ef, 0x604d1134, 0xfd42f042, 0x41b9f7f1,
+    0xdcb61687, 0xa0d7335c, 0x3dd8d22a, 0x581578ea, 0xc51a999c,
+    0xb97bbc47, 0x24745d31, 0x72e0e9c7, 0xefef08b1, 0x938e2d6a,
+    0x0e81cc1c, 0x6b4c66dc, 0xf64387aa, 0x8a22a271, 0x172d4307,
+    0x270bcb9d, 0xba042aeb, 0xc6650f30, 0x5b6aee46, 0x3ea74486,
+    0xa3a8a5f0, 0xdfc9802b, 0x42c6615d, 0x1452d5ab, 0x895d34dd,
+    0xf53c1106, 0x6833f070, 0x0dfe5ab0, 0x90f1bbc6, 0xec909e1d,
+    0x719f7f6b, 0x8cdd8f29, 0x11d26e5f, 0x6db34b84, 0xf0bcaaf2,
+    0x95710032, 0x087ee144, 0x741fc49f, 0xe91025e9, 0xbf84911f,
+    0x228b7069, 0x5eea55b2, 0xc3e5b4c4, 0xa6281e04, 0x3b27ff72,
+    0x4746daa9, 0xda493bdf, 0xea6fb345, 0x77605233, 0x0b0177e8,
+    0x960e969e, 0xf3c33c5e, 0x6eccdd28, 0x12adf8f3, 0x8fa21985,
+    0xd936ad73, 0x44394c05, 0x385869de, 0xa55788a8, 0xc09a2268,
+    0x5d95c31e, 0x21f4e6c5, 0xbcfb07b3, 0x8373efe2, 0x1e7c0e94,
+    0x621d2b4f, 0xff12ca39, 0x9adf60f9, 0x07d0818f, 0x7bb1a454,
+    0xe6be4522, 0xb02af1d4, 0x2d2510a2, 0x51443579, 0xcc4bd40f,
+    0xa9867ecf, 0x34899fb9, 0x48e8ba62, 0xd5e75b14, 0xe5c1d38e,
+    0x78ce32f8, 0x04af1723, 0x99a0f655, 0xfc6d5c95, 0x6162bde3,
+    0x1d039838, 0x800c794e, 0xd698cdb8, 0x4b972cce, 0x37f60915,
+    0xaaf9e863, 0xcf3442a3, 0x523ba3d5, 0x2e5a860e, 0xb3556778,
+    0x4e17973a, 0xd318764c, 0xaf795397, 0x3276b2e1, 0x57bb1821,
+    0xcab4f957, 0xb6d5dc8c, 0x2bda3dfa, 0x7d4e890c, 0xe041687a,
+    0x9c204da1, 0x012facd7, 0x64e20617, 0xf9ede761, 0x858cc2ba,
+    0x188323cc, 0x28a5ab56, 0xb5aa4a20, 0xc9cb6ffb, 0x54c48e8d,
+    0x3109244d, 0xac06c53b, 0xd067e0e0, 0x4d680196, 0x1bfcb560,
+    0x86f35416, 0xfa9271cd, 0x679d90bb, 0x02503a7b, 0x9f5fdb0d,
+    0xe33efed6, 0x7e311fa0, 0xc2ca1813, 0x5fc5f965, 0x23a4dcbe,
+    0xbeab3dc8, 0xdb669708, 0x4669767e, 0x3a0853a5, 0xa707b2d3,
+    0xf1930625, 0x6c9ce753, 0x10fdc288, 0x8df223fe, 0xe83f893e,
+    0x75306848, 0x09514d93, 0x945eace5, 0xa478247f, 0x3977c509,
+    0x4516e0d2, 0xd81901a4, 0xbdd4ab64, 0x20db4a12, 0x5cba6fc9,
+    0xc1b58ebf, 0x97213a49, 0x0a2edb3f, 0x764ffee4, 0xeb401f92,
+    0x8e8db552, 0x13825424, 0x6fe371ff, 0xf2ec9089, 0x0fae60cb,
+    0x92a181bd, 0xeec0a466, 0x73cf4510, 0x1602efd0, 0x8b0d0ea6,
+    0xf76c2b7d, 0x6a63ca0b, 0x3cf77efd, 0xa1f89f8b, 0xdd99ba50,
+    0x40965b26, 0x255bf1e6, 0xb8541090, 0xc435354b, 0x593ad43d,
+    0x691c5ca7, 0xf413bdd1, 0x8872980a, 0x157d797c, 0x70b0d3bc,
+    0xedbf32ca, 0x91de1711, 0x0cd1f667, 0x5a454291, 0xc74aa3e7,
+    0xbb2b863c, 0x2624674a, 0x43e9cd8a, 0xdee62cfc, 0xa2870927,
+    0x3f88e851},
+   {0x00000000, 0xdd96d985, 0x605cb54b, 0xbdca6cce, 0xc0b96a96,
+    0x1d2fb313, 0xa0e5dfdd, 0x7d730658, 0x5a03d36d, 0x87950ae8,
+    0x3a5f6626, 0xe7c9bfa3, 0x9abab9fb, 0x472c607e, 0xfae60cb0,
+    0x2770d535, 0xb407a6da, 0x69917f5f, 0xd45b1391, 0x09cdca14,
+    0x74becc4c, 0xa92815c9, 0x14e27907, 0xc974a082, 0xee0475b7,
+    0x3392ac32, 0x8e58c0fc, 0x53ce1979, 0x2ebd1f21, 0xf32bc6a4,
+    0x4ee1aa6a, 0x937773ef, 0xb37e4bf5, 0x6ee89270, 0xd322febe,
+    0x0eb4273b, 0x73c72163, 0xae51f8e6, 0x139b9428, 0xce0d4dad,
+    0xe97d9898, 0x34eb411d, 0x89212dd3, 0x54b7f456, 0x29c4f20e,
+    0xf4522b8b, 0x49984745, 0x940e9ec0, 0x0779ed2f, 0xdaef34aa,
+    0x67255864, 0xbab381e1, 0xc7c087b9, 0x1a565e3c, 0xa79c32f2,
+    0x7a0aeb77, 0x5d7a3e42, 0x80ece7c7, 0x3d268b09, 0xe0b0528c,
+    0x9dc354d4, 0x40558d51, 0xfd9fe19f, 0x2009381a, 0xbd8d91ab,
+    0x601b482e, 0xddd124e0, 0x0047fd65, 0x7d34fb3d, 0xa0a222b8,
+    0x1d684e76, 0xc0fe97f3, 0xe78e42c6, 0x3a189b43, 0x87d2f78d,
+    0x5a442e08, 0x27372850, 0xfaa1f1d5, 0x476b9d1b, 0x9afd449e,
+    0x098a3771, 0xd41ceef4, 0x69d6823a, 0xb4405bbf, 0xc9335de7,
+    0x14a58462, 0xa96fe8ac, 0x74f93129, 0x5389e41c, 0x8e1f3d99,
+    0x33d55157, 0xee4388d2, 0x93308e8a, 0x4ea6570f, 0xf36c3bc1,
+    0x2efae244, 0x0ef3da5e, 0xd36503db, 0x6eaf6f15, 0xb339b690,
+    0xce4ab0c8, 0x13dc694d, 0xae160583, 0x7380dc06, 0x54f00933,
+    0x8966d0b6, 0x34acbc78, 0xe93a65fd, 0x944963a5, 0x49dfba20,
+    0xf415d6ee, 0x29830f6b, 0xbaf47c84, 0x6762a501, 0xdaa8c9cf,
+    0x073e104a, 0x7a4d1612, 0xa7dbcf97, 0x1a11a359, 0xc7877adc,
+    0xe0f7afe9, 0x3d61766c, 0x80ab1aa2, 0x5d3dc327, 0x204ec57f,
+    0xfdd81cfa, 0x40127034, 0x9d84a9b1, 0xa06a2517, 0x7dfcfc92,
+    0xc036905c, 0x1da049d9, 0x60d34f81, 0xbd459604, 0x008ffaca,
+    0xdd19234f, 0xfa69f67a, 0x27ff2fff, 0x9a354331, 0x47a39ab4,
+    0x3ad09cec, 0xe7464569, 0x5a8c29a7, 0x871af022, 0x146d83cd,
+    0xc9fb5a48, 0x74313686, 0xa9a7ef03, 0xd4d4e95b, 0x094230de,
+    0xb4885c10, 0x691e8595, 0x4e6e50a0, 0x93f88925, 0x2e32e5eb,
+    0xf3a43c6e, 0x8ed73a36, 0x5341e3b3, 0xee8b8f7d, 0x331d56f8,
+    0x13146ee2, 0xce82b767, 0x7348dba9, 0xaede022c, 0xd3ad0474,
+    0x0e3bddf1, 0xb3f1b13f, 0x6e6768ba, 0x4917bd8f, 0x9481640a,
+    0x294b08c4, 0xf4ddd141, 0x89aed719, 0x54380e9c, 0xe9f26252,
+    0x3464bbd7, 0xa713c838, 0x7a8511bd, 0xc74f7d73, 0x1ad9a4f6,
+    0x67aaa2ae, 0xba3c7b2b, 0x07f617e5, 0xda60ce60, 0xfd101b55,
+    0x2086c2d0, 0x9d4cae1e, 0x40da779b, 0x3da971c3, 0xe03fa846,
+    0x5df5c488, 0x80631d0d, 0x1de7b4bc, 0xc0716d39, 0x7dbb01f7,
+    0xa02dd872, 0xdd5ede2a, 0x00c807af, 0xbd026b61, 0x6094b2e4,
+    0x47e467d1, 0x9a72be54, 0x27b8d29a, 0xfa2e0b1f, 0x875d0d47,
+    0x5acbd4c2, 0xe701b80c, 0x3a976189, 0xa9e01266, 0x7476cbe3,
+    0xc9bca72d, 0x142a7ea8, 0x695978f0, 0xb4cfa175, 0x0905cdbb,
+    0xd493143e, 0xf3e3c10b, 0x2e75188e, 0x93bf7440, 0x4e29adc5,
+    0x335aab9d, 0xeecc7218, 0x53061ed6, 0x8e90c753, 0xae99ff49,
+    0x730f26cc, 0xcec54a02, 0x13539387, 0x6e2095df, 0xb3b64c5a,
+    0x0e7c2094, 0xd3eaf911, 0xf49a2c24, 0x290cf5a1, 0x94c6996f,
+    0x495040ea, 0x342346b2, 0xe9b59f37, 0x547ff3f9, 0x89e92a7c,
+    0x1a9e5993, 0xc7088016, 0x7ac2ecd8, 0xa754355d, 0xda273305,
+    0x07b1ea80, 0xba7b864e, 0x67ed5fcb, 0x409d8afe, 0x9d0b537b,
+    0x20c13fb5, 0xfd57e630, 0x8024e068, 0x5db239ed, 0xe0785523,
+    0x3dee8ca6}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x85d996dd, 0x4bb55c60, 0xce6ccabd, 0x966ab9c0,
+    0x13b32f1d, 0xdddfe5a0, 0x5806737d, 0x6dd3035a, 0xe80a9587,
+    0x26665f3a, 0xa3bfc9e7, 0xfbb9ba9a, 0x7e602c47, 0xb00ce6fa,
+    0x35d57027, 0xdaa607b4, 0x5f7f9169, 0x91135bd4, 0x14cacd09,
+    0x4cccbe74, 0xc91528a9, 0x0779e214, 0x82a074c9, 0xb77504ee,
+    0x32ac9233, 0xfcc0588e, 0x7919ce53, 0x211fbd2e, 0xa4c62bf3,
+    0x6aaae14e, 0xef737793, 0xf54b7eb3, 0x7092e86e, 0xbefe22d3,
+    0x3b27b40e, 0x6321c773, 0xe6f851ae, 0x28949b13, 0xad4d0dce,
+    0x98987de9, 0x1d41eb34, 0xd32d2189, 0x56f4b754, 0x0ef2c429,
+    0x8b2b52f4, 0x45479849, 0xc09e0e94, 0x2fed7907, 0xaa34efda,
+    0x64582567, 0xe181b3ba, 0xb987c0c7, 0x3c5e561a, 0xf2329ca7,
+    0x77eb0a7a, 0x423e7a5d, 0xc7e7ec80, 0x098b263d, 0x8c52b0e0,
+    0xd454c39d, 0x518d5540, 0x9fe19ffd, 0x1a380920, 0xab918dbd,
+    0x2e481b60, 0xe024d1dd, 0x65fd4700, 0x3dfb347d, 0xb822a2a0,
+    0x764e681d, 0xf397fec0, 0xc6428ee7, 0x439b183a, 0x8df7d287,
+    0x082e445a, 0x50283727, 0xd5f1a1fa, 0x1b9d6b47, 0x9e44fd9a,
+    0x71378a09, 0xf4ee1cd4, 0x3a82d669, 0xbf5b40b4, 0xe75d33c9,
+    0x6284a514, 0xace86fa9, 0x2931f974, 0x1ce48953, 0x993d1f8e,
+    0x5751d533, 0xd28843ee, 0x8a8e3093, 0x0f57a64e, 0xc13b6cf3,
+    0x44e2fa2e, 0x5edaf30e, 0xdb0365d3, 0x156faf6e, 0x90b639b3,
+    0xc8b04ace, 0x4d69dc13, 0x830516ae, 0x06dc8073, 0x3309f054,
+    0xb6d06689, 0x78bcac34, 0xfd653ae9, 0xa5634994, 0x20badf49,
+    0xeed615f4, 0x6b0f8329, 0x847cf4ba, 0x01a56267, 0xcfc9a8da,
+    0x4a103e07, 0x12164d7a, 0x97cfdba7, 0x59a3111a, 0xdc7a87c7,
+    0xe9aff7e0, 0x6c76613d, 0xa21aab80, 0x27c33d5d, 0x7fc54e20,
+    0xfa1cd8fd, 0x34701240, 0xb1a9849d, 0x17256aa0, 0x92fcfc7d,
+    0x5c9036c0, 0xd949a01d, 0x814fd360, 0x049645bd, 0xcafa8f00,
+    0x4f2319dd, 0x7af669fa, 0xff2fff27, 0x3143359a, 0xb49aa347,
+    0xec9cd03a, 0x694546e7, 0xa7298c5a, 0x22f01a87, 0xcd836d14,
+    0x485afbc9, 0x86363174, 0x03efa7a9, 0x5be9d4d4, 0xde304209,
+    0x105c88b4, 0x95851e69, 0xa0506e4e, 0x2589f893, 0xebe5322e,
+    0x6e3ca4f3, 0x363ad78e, 0xb3e34153, 0x7d8f8bee, 0xf8561d33,
+    0xe26e1413, 0x67b782ce, 0xa9db4873, 0x2c02deae, 0x7404add3,
+    0xf1dd3b0e, 0x3fb1f1b3, 0xba68676e, 0x8fbd1749, 0x0a648194,
+    0xc4084b29, 0x41d1ddf4, 0x19d7ae89, 0x9c0e3854, 0x5262f2e9,
+    0xd7bb6434, 0x38c813a7, 0xbd11857a, 0x737d4fc7, 0xf6a4d91a,
+    0xaea2aa67, 0x2b7b3cba, 0xe517f607, 0x60ce60da, 0x551b10fd,
+    0xd0c28620, 0x1eae4c9d, 0x9b77da40, 0xc371a93d, 0x46a83fe0,
+    0x88c4f55d, 0x0d1d6380, 0xbcb4e71d, 0x396d71c0, 0xf701bb7d,
+    0x72d82da0, 0x2ade5edd, 0xaf07c800, 0x616b02bd, 0xe4b29460,
+    0xd167e447, 0x54be729a, 0x9ad2b827, 0x1f0b2efa, 0x470d5d87,
+    0xc2d4cb5a, 0x0cb801e7, 0x8961973a, 0x6612e0a9, 0xe3cb7674,
+    0x2da7bcc9, 0xa87e2a14, 0xf0785969, 0x75a1cfb4, 0xbbcd0509,
+    0x3e1493d4, 0x0bc1e3f3, 0x8e18752e, 0x4074bf93, 0xc5ad294e,
+    0x9dab5a33, 0x1872ccee, 0xd61e0653, 0x53c7908e, 0x49ff99ae,
+    0xcc260f73, 0x024ac5ce, 0x87935313, 0xdf95206e, 0x5a4cb6b3,
+    0x94207c0e, 0x11f9ead3, 0x242c9af4, 0xa1f50c29, 0x6f99c694,
+    0xea405049, 0xb2462334, 0x379fb5e9, 0xf9f37f54, 0x7c2ae989,
+    0x93599e1a, 0x168008c7, 0xd8ecc27a, 0x5d3554a7, 0x053327da,
+    0x80eab107, 0x4e867bba, 0xcb5fed67, 0xfe8a9d40, 0x7b530b9d,
+    0xb53fc120, 0x30e657fd, 0x68e02480, 0xed39b25d, 0x235578e0,
+    0xa68cee3d},
+   {0x00000000, 0x76e10f9d, 0xadc46ee1, 0xdb25617c, 0x1b8fac19,
+    0x6d6ea384, 0xb64bc2f8, 0xc0aacd65, 0x361e5933, 0x40ff56ae,
+    0x9bda37d2, 0xed3b384f, 0x2d91f52a, 0x5b70fab7, 0x80559bcb,
+    0xf6b49456, 0x6c3cb266, 0x1addbdfb, 0xc1f8dc87, 0xb719d31a,
+    0x77b31e7f, 0x015211e2, 0xda77709e, 0xac967f03, 0x5a22eb55,
+    0x2cc3e4c8, 0xf7e685b4, 0x81078a29, 0x41ad474c, 0x374c48d1,
+    0xec6929ad, 0x9a882630, 0xd87864cd, 0xae996b50, 0x75bc0a2c,
+    0x035d05b1, 0xc3f7c8d4, 0xb516c749, 0x6e33a635, 0x18d2a9a8,
+    0xee663dfe, 0x98873263, 0x43a2531f, 0x35435c82, 0xf5e991e7,
+    0x83089e7a, 0x582dff06, 0x2eccf09b, 0xb444d6ab, 0xc2a5d936,
+    0x1980b84a, 0x6f61b7d7, 0xafcb7ab2, 0xd92a752f, 0x020f1453,
+    0x74ee1bce, 0x825a8f98, 0xf4bb8005, 0x2f9ee179, 0x597feee4,
+    0x99d52381, 0xef342c1c, 0x34114d60, 0x42f042fd, 0xf1f7b941,
+    0x8716b6dc, 0x5c33d7a0, 0x2ad2d83d, 0xea781558, 0x9c991ac5,
+    0x47bc7bb9, 0x315d7424, 0xc7e9e072, 0xb108efef, 0x6a2d8e93,
+    0x1ccc810e, 0xdc664c6b, 0xaa8743f6, 0x71a2228a, 0x07432d17,
+    0x9dcb0b27, 0xeb2a04ba, 0x300f65c6, 0x46ee6a5b, 0x8644a73e,
+    0xf0a5a8a3, 0x2b80c9df, 0x5d61c642, 0xabd55214, 0xdd345d89,
+    0x06113cf5, 0x70f03368, 0xb05afe0d, 0xc6bbf190, 0x1d9e90ec,
+    0x6b7f9f71, 0x298fdd8c, 0x5f6ed211, 0x844bb36d, 0xf2aabcf0,
+    0x32007195, 0x44e17e08, 0x9fc41f74, 0xe92510e9, 0x1f9184bf,
+    0x69708b22, 0xb255ea5e, 0xc4b4e5c3, 0x041e28a6, 0x72ff273b,
+    0xa9da4647, 0xdf3b49da, 0x45b36fea, 0x33526077, 0xe877010b,
+    0x9e960e96, 0x5e3cc3f3, 0x28ddcc6e, 0xf3f8ad12, 0x8519a28f,
+    0x73ad36d9, 0x054c3944, 0xde695838, 0xa88857a5, 0x68229ac0,
+    0x1ec3955d, 0xc5e6f421, 0xb307fbbc, 0xe2ef7383, 0x940e7c1e,
+    0x4f2b1d62, 0x39ca12ff, 0xf960df9a, 0x8f81d007, 0x54a4b17b,
+    0x2245bee6, 0xd4f12ab0, 0xa210252d, 0x79354451, 0x0fd44bcc,
+    0xcf7e86a9, 0xb99f8934, 0x62bae848, 0x145be7d5, 0x8ed3c1e5,
+    0xf832ce78, 0x2317af04, 0x55f6a099, 0x955c6dfc, 0xe3bd6261,
+    0x3898031d, 0x4e790c80, 0xb8cd98d6, 0xce2c974b, 0x1509f637,
+    0x63e8f9aa, 0xa34234cf, 0xd5a33b52, 0x0e865a2e, 0x786755b3,
+    0x3a97174e, 0x4c7618d3, 0x975379af, 0xe1b27632, 0x2118bb57,
+    0x57f9b4ca, 0x8cdcd5b6, 0xfa3dda2b, 0x0c894e7d, 0x7a6841e0,
+    0xa14d209c, 0xd7ac2f01, 0x1706e264, 0x61e7edf9, 0xbac28c85,
+    0xcc238318, 0x56aba528, 0x204aaab5, 0xfb6fcbc9, 0x8d8ec454,
+    0x4d240931, 0x3bc506ac, 0xe0e067d0, 0x9601684d, 0x60b5fc1b,
+    0x1654f386, 0xcd7192fa, 0xbb909d67, 0x7b3a5002, 0x0ddb5f9f,
+    0xd6fe3ee3, 0xa01f317e, 0x1318cac2, 0x65f9c55f, 0xbedca423,
+    0xc83dabbe, 0x089766db, 0x7e766946, 0xa553083a, 0xd3b207a7,
+    0x250693f1, 0x53e79c6c, 0x88c2fd10, 0xfe23f28d, 0x3e893fe8,
+    0x48683075, 0x934d5109, 0xe5ac5e94, 0x7f2478a4, 0x09c57739,
+    0xd2e01645, 0xa40119d8, 0x64abd4bd, 0x124adb20, 0xc96fba5c,
+    0xbf8eb5c1, 0x493a2197, 0x3fdb2e0a, 0xe4fe4f76, 0x921f40eb,
+    0x52b58d8e, 0x24548213, 0xff71e36f, 0x8990ecf2, 0xcb60ae0f,
+    0xbd81a192, 0x66a4c0ee, 0x1045cf73, 0xd0ef0216, 0xa60e0d8b,
+    0x7d2b6cf7, 0x0bca636a, 0xfd7ef73c, 0x8b9ff8a1, 0x50ba99dd,
+    0x265b9640, 0xe6f15b25, 0x901054b8, 0x4b3535c4, 0x3dd43a59,
+    0xa75c1c69, 0xd1bd13f4, 0x0a987288, 0x7c797d15, 0xbcd3b070,
+    0xca32bfed, 0x1117de91, 0x67f6d10c, 0x9142455a, 0xe7a34ac7,
+    0x3c862bbb, 0x4a672426, 0x8acde943, 0xfc2ce6de, 0x270987a2,
+    0x51e8883f},
+   {0x00000000, 0xe8dbfbb9, 0x91b186a8, 0x796a7d11, 0x63657c8a,
+    0x8bbe8733, 0xf2d4fa22, 0x1a0f019b, 0x87cc89cf, 0x6f177276,
+    0x167d0f67, 0xfea6f4de, 0xe4a9f545, 0x0c720efc, 0x751873ed,
+    0x9dc38854, 0x4f9f6244, 0xa74499fd, 0xde2ee4ec, 0x36f51f55,
+    0x2cfa1ece, 0xc421e577, 0xbd4b9866, 0x559063df, 0xc853eb8b,
+    0x20881032, 0x59e26d23, 0xb139969a, 0xab369701, 0x43ed6cb8,
+    0x3a8711a9, 0xd25cea10, 0x9e3ec588, 0x76e53e31, 0x0f8f4320,
+    0xe754b899, 0xfd5bb902, 0x158042bb, 0x6cea3faa, 0x8431c413,
+    0x19f24c47, 0xf129b7fe, 0x8843caef, 0x60983156, 0x7a9730cd,
+    0x924ccb74, 0xeb26b665, 0x03fd4ddc, 0xd1a1a7cc, 0x397a5c75,
+    0x40102164, 0xa8cbdadd, 0xb2c4db46, 0x5a1f20ff, 0x23755dee,
+    0xcbaea657, 0x566d2e03, 0xbeb6d5ba, 0xc7dca8ab, 0x2f075312,
+    0x35085289, 0xddd3a930, 0xa4b9d421, 0x4c622f98, 0x7d7bfbca,
+    0x95a00073, 0xecca7d62, 0x041186db, 0x1e1e8740, 0xf6c57cf9,
+    0x8faf01e8, 0x6774fa51, 0xfab77205, 0x126c89bc, 0x6b06f4ad,
+    0x83dd0f14, 0x99d20e8f, 0x7109f536, 0x08638827, 0xe0b8739e,
+    0x32e4998e, 0xda3f6237, 0xa3551f26, 0x4b8ee49f, 0x5181e504,
+    0xb95a1ebd, 0xc03063ac, 0x28eb9815, 0xb5281041, 0x5df3ebf8,
+    0x249996e9, 0xcc426d50, 0xd64d6ccb, 0x3e969772, 0x47fcea63,
+    0xaf2711da, 0xe3453e42, 0x0b9ec5fb, 0x72f4b8ea, 0x9a2f4353,
+    0x802042c8, 0x68fbb971, 0x1191c460, 0xf94a3fd9, 0x6489b78d,
+    0x8c524c34, 0xf5383125, 0x1de3ca9c, 0x07eccb07, 0xef3730be,
+    0x965d4daf, 0x7e86b616, 0xacda5c06, 0x4401a7bf, 0x3d6bdaae,
+    0xd5b02117, 0xcfbf208c, 0x2764db35, 0x5e0ea624, 0xb6d55d9d,
+    0x2b16d5c9, 0xc3cd2e70, 0xbaa75361, 0x527ca8d8, 0x4873a943,
+    0xa0a852fa, 0xd9c22feb, 0x3119d452, 0xbbf0874e, 0x532b7cf7,
+    0x2a4101e6, 0xc29afa5f, 0xd895fbc4, 0x304e007d, 0x49247d6c,
+    0xa1ff86d5, 0x3c3c0e81, 0xd4e7f538, 0xad8d8829, 0x45567390,
+    0x5f59720b, 0xb78289b2, 0xcee8f4a3, 0x26330f1a, 0xf46fe50a,
+    0x1cb41eb3, 0x65de63a2, 0x8d05981b, 0x970a9980, 0x7fd16239,
+    0x06bb1f28, 0xee60e491, 0x73a36cc5, 0x9b78977c, 0xe212ea6d,
+    0x0ac911d4, 0x10c6104f, 0xf81debf6, 0x817796e7, 0x69ac6d5e,
+    0x25ce42c6, 0xcd15b97f, 0xb47fc46e, 0x5ca43fd7, 0x46ab3e4c,
+    0xae70c5f5, 0xd71ab8e4, 0x3fc1435d, 0xa202cb09, 0x4ad930b0,
+    0x33b34da1, 0xdb68b618, 0xc167b783, 0x29bc4c3a, 0x50d6312b,
+    0xb80dca92, 0x6a512082, 0x828adb3b, 0xfbe0a62a, 0x133b5d93,
+    0x09345c08, 0xe1efa7b1, 0x9885daa0, 0x705e2119, 0xed9da94d,
+    0x054652f4, 0x7c2c2fe5, 0x94f7d45c, 0x8ef8d5c7, 0x66232e7e,
+    0x1f49536f, 0xf792a8d6, 0xc68b7c84, 0x2e50873d, 0x573afa2c,
+    0xbfe10195, 0xa5ee000e, 0x4d35fbb7, 0x345f86a6, 0xdc847d1f,
+    0x4147f54b, 0xa99c0ef2, 0xd0f673e3, 0x382d885a, 0x222289c1,
+    0xcaf97278, 0xb3930f69, 0x5b48f4d0, 0x89141ec0, 0x61cfe579,
+    0x18a59868, 0xf07e63d1, 0xea71624a, 0x02aa99f3, 0x7bc0e4e2,
+    0x931b1f5b, 0x0ed8970f, 0xe6036cb6, 0x9f6911a7, 0x77b2ea1e,
+    0x6dbdeb85, 0x8566103c, 0xfc0c6d2d, 0x14d79694, 0x58b5b90c,
+    0xb06e42b5, 0xc9043fa4, 0x21dfc41d, 0x3bd0c586, 0xd30b3e3f,
+    0xaa61432e, 0x42bab897, 0xdf7930c3, 0x37a2cb7a, 0x4ec8b66b,
+    0xa6134dd2, 0xbc1c4c49, 0x54c7b7f0, 0x2dadcae1, 0xc5763158,
+    0x172adb48, 0xfff120f1, 0x869b5de0, 0x6e40a659, 0x744fa7c2,
+    0x9c945c7b, 0xe5fe216a, 0x0d25dad3, 0x90e65287, 0x783da93e,
+    0x0157d42f, 0xe98c2f96, 0xf3832e0d, 0x1b58d5b4, 0x6232a8a5,
+    0x8ae9531c},
+   {0x00000000, 0x919168ae, 0x6325a087, 0xf2b4c829, 0x874c31d4,
+    0x16dd597a, 0xe4699153, 0x75f8f9fd, 0x4f9f1373, 0xde0e7bdd,
+    0x2cbab3f4, 0xbd2bdb5a, 0xc8d322a7, 0x59424a09, 0xabf68220,
+    0x3a67ea8e, 0x9e3e27e6, 0x0faf4f48, 0xfd1b8761, 0x6c8aefcf,
+    0x19721632, 0x88e37e9c, 0x7a57b6b5, 0xebc6de1b, 0xd1a13495,
+    0x40305c3b, 0xb2849412, 0x2315fcbc, 0x56ed0541, 0xc77c6def,
+    0x35c8a5c6, 0xa459cd68, 0x7d7b3f17, 0xecea57b9, 0x1e5e9f90,
+    0x8fcff73e, 0xfa370ec3, 0x6ba6666d, 0x9912ae44, 0x0883c6ea,
+    0x32e42c64, 0xa37544ca, 0x51c18ce3, 0xc050e44d, 0xb5a81db0,
+    0x2439751e, 0xd68dbd37, 0x471cd599, 0xe34518f1, 0x72d4705f,
+    0x8060b876, 0x11f1d0d8, 0x64092925, 0xf598418b, 0x072c89a2,
+    0x96bde10c, 0xacda0b82, 0x3d4b632c, 0xcfffab05, 0x5e6ec3ab,
+    0x2b963a56, 0xba0752f8, 0x48b39ad1, 0xd922f27f, 0xfaf67e2e,
+    0x6b671680, 0x99d3dea9, 0x0842b607, 0x7dba4ffa, 0xec2b2754,
+    0x1e9fef7d, 0x8f0e87d3, 0xb5696d5d, 0x24f805f3, 0xd64ccdda,
+    0x47dda574, 0x32255c89, 0xa3b43427, 0x5100fc0e, 0xc09194a0,
+    0x64c859c8, 0xf5593166, 0x07edf94f, 0x967c91e1, 0xe384681c,
+    0x721500b2, 0x80a1c89b, 0x1130a035, 0x2b574abb, 0xbac62215,
+    0x4872ea3c, 0xd9e38292, 0xac1b7b6f, 0x3d8a13c1, 0xcf3edbe8,
+    0x5eafb346, 0x878d4139, 0x161c2997, 0xe4a8e1be, 0x75398910,
+    0x00c170ed, 0x91501843, 0x63e4d06a, 0xf275b8c4, 0xc812524a,
+    0x59833ae4, 0xab37f2cd, 0x3aa69a63, 0x4f5e639e, 0xdecf0b30,
+    0x2c7bc319, 0xbdeaabb7, 0x19b366df, 0x88220e71, 0x7a96c658,
+    0xeb07aef6, 0x9eff570b, 0x0f6e3fa5, 0xfddaf78c, 0x6c4b9f22,
+    0x562c75ac, 0xc7bd1d02, 0x3509d52b, 0xa498bd85, 0xd1604478,
+    0x40f12cd6, 0xb245e4ff, 0x23d48c51, 0xf4edfd5c, 0x657c95f2,
+    0x97c85ddb, 0x06593575, 0x73a1cc88, 0xe230a426, 0x10846c0f,
+    0x811504a1, 0xbb72ee2f, 0x2ae38681, 0xd8574ea8, 0x49c62606,
+    0x3c3edffb, 0xadafb755, 0x5f1b7f7c, 0xce8a17d2, 0x6ad3daba,
+    0xfb42b214, 0x09f67a3d, 0x98671293, 0xed9feb6e, 0x7c0e83c0,
+    0x8eba4be9, 0x1f2b2347, 0x254cc9c9, 0xb4dda167, 0x4669694e,
+    0xd7f801e0, 0xa200f81d, 0x339190b3, 0xc125589a, 0x50b43034,
+    0x8996c24b, 0x1807aae5, 0xeab362cc, 0x7b220a62, 0x0edaf39f,
+    0x9f4b9b31, 0x6dff5318, 0xfc6e3bb6, 0xc609d138, 0x5798b996,
+    0xa52c71bf, 0x34bd1911, 0x4145e0ec, 0xd0d48842, 0x2260406b,
+    0xb3f128c5, 0x17a8e5ad, 0x86398d03, 0x748d452a, 0xe51c2d84,
+    0x90e4d479, 0x0175bcd7, 0xf3c174fe, 0x62501c50, 0x5837f6de,
+    0xc9a69e70, 0x3b125659, 0xaa833ef7, 0xdf7bc70a, 0x4eeaafa4,
+    0xbc5e678d, 0x2dcf0f23, 0x0e1b8372, 0x9f8aebdc, 0x6d3e23f5,
+    0xfcaf4b5b, 0x8957b2a6, 0x18c6da08, 0xea721221, 0x7be37a8f,
+    0x41849001, 0xd015f8af, 0x22a13086, 0xb3305828, 0xc6c8a1d5,
+    0x5759c97b, 0xa5ed0152, 0x347c69fc, 0x9025a494, 0x01b4cc3a,
+    0xf3000413, 0x62916cbd, 0x17699540, 0x86f8fdee, 0x744c35c7,
+    0xe5dd5d69, 0xdfbab7e7, 0x4e2bdf49, 0xbc9f1760, 0x2d0e7fce,
+    0x58f68633, 0xc967ee9d, 0x3bd326b4, 0xaa424e1a, 0x7360bc65,
+    0xe2f1d4cb, 0x10451ce2, 0x81d4744c, 0xf42c8db1, 0x65bde51f,
+    0x97092d36, 0x06984598, 0x3cffaf16, 0xad6ec7b8, 0x5fda0f91,
+    0xce4b673f, 0xbbb39ec2, 0x2a22f66c, 0xd8963e45, 0x490756eb,
+    0xed5e9b83, 0x7ccff32d, 0x8e7b3b04, 0x1fea53aa, 0x6a12aa57,
+    0xfb83c2f9, 0x09370ad0, 0x98a6627e, 0xa2c188f0, 0x3350e05e,
+    0xc1e42877, 0x507540d9, 0x258db924, 0xb41cd18a, 0x46a819a3,
+    0xd739710d}};
+
+#endif
+
+#endif
+
+#if N == 5
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xaf449247, 0x85f822cf, 0x2abcb088, 0xd08143df,
+    0x7fc5d198, 0x55796110, 0xfa3df357, 0x7a7381ff, 0xd53713b8,
+    0xff8ba330, 0x50cf3177, 0xaaf2c220, 0x05b65067, 0x2f0ae0ef,
+    0x804e72a8, 0xf4e703fe, 0x5ba391b9, 0x711f2131, 0xde5bb376,
+    0x24664021, 0x8b22d266, 0xa19e62ee, 0x0edaf0a9, 0x8e948201,
+    0x21d01046, 0x0b6ca0ce, 0xa4283289, 0x5e15c1de, 0xf1515399,
+    0xdbede311, 0x74a97156, 0x32bf01bd, 0x9dfb93fa, 0xb7472372,
+    0x1803b135, 0xe23e4262, 0x4d7ad025, 0x67c660ad, 0xc882f2ea,
+    0x48cc8042, 0xe7881205, 0xcd34a28d, 0x627030ca, 0x984dc39d,
+    0x370951da, 0x1db5e152, 0xb2f17315, 0xc6580243, 0x691c9004,
+    0x43a0208c, 0xece4b2cb, 0x16d9419c, 0xb99dd3db, 0x93216353,
+    0x3c65f114, 0xbc2b83bc, 0x136f11fb, 0x39d3a173, 0x96973334,
+    0x6caac063, 0xc3ee5224, 0xe952e2ac, 0x461670eb, 0x657e037a,
+    0xca3a913d, 0xe08621b5, 0x4fc2b3f2, 0xb5ff40a5, 0x1abbd2e2,
+    0x3007626a, 0x9f43f02d, 0x1f0d8285, 0xb04910c2, 0x9af5a04a,
+    0x35b1320d, 0xcf8cc15a, 0x60c8531d, 0x4a74e395, 0xe53071d2,
+    0x91990084, 0x3edd92c3, 0x1461224b, 0xbb25b00c, 0x4118435b,
+    0xee5cd11c, 0xc4e06194, 0x6ba4f3d3, 0xebea817b, 0x44ae133c,
+    0x6e12a3b4, 0xc15631f3, 0x3b6bc2a4, 0x942f50e3, 0xbe93e06b,
+    0x11d7722c, 0x57c102c7, 0xf8859080, 0xd2392008, 0x7d7db24f,
+    0x87404118, 0x2804d35f, 0x02b863d7, 0xadfcf190, 0x2db28338,
+    0x82f6117f, 0xa84aa1f7, 0x070e33b0, 0xfd33c0e7, 0x527752a0,
+    0x78cbe228, 0xd78f706f, 0xa3260139, 0x0c62937e, 0x26de23f6,
+    0x899ab1b1, 0x73a742e6, 0xdce3d0a1, 0xf65f6029, 0x591bf26e,
+    0xd95580c6, 0x76111281, 0x5cada209, 0xf3e9304e, 0x09d4c319,
+    0xa690515e, 0x8c2ce1d6, 0x23687391, 0xcafc06f4, 0x65b894b3,
+    0x4f04243b, 0xe040b67c, 0x1a7d452b, 0xb539d76c, 0x9f8567e4,
+    0x30c1f5a3, 0xb08f870b, 0x1fcb154c, 0x3577a5c4, 0x9a333783,
+    0x600ec4d4, 0xcf4a5693, 0xe5f6e61b, 0x4ab2745c, 0x3e1b050a,
+    0x915f974d, 0xbbe327c5, 0x14a7b582, 0xee9a46d5, 0x41ded492,
+    0x6b62641a, 0xc426f65d, 0x446884f5, 0xeb2c16b2, 0xc190a63a,
+    0x6ed4347d, 0x94e9c72a, 0x3bad556d, 0x1111e5e5, 0xbe5577a2,
+    0xf8430749, 0x5707950e, 0x7dbb2586, 0xd2ffb7c1, 0x28c24496,
+    0x8786d6d1, 0xad3a6659, 0x027ef41e, 0x823086b6, 0x2d7414f1,
+    0x07c8a479, 0xa88c363e, 0x52b1c569, 0xfdf5572e, 0xd749e7a6,
+    0x780d75e1, 0x0ca404b7, 0xa3e096f0, 0x895c2678, 0x2618b43f,
+    0xdc254768, 0x7361d52f, 0x59dd65a7, 0xf699f7e0, 0x76d78548,
+    0xd993170f, 0xf32fa787, 0x5c6b35c0, 0xa656c697, 0x091254d0,
+    0x23aee458, 0x8cea761f, 0xaf82058e, 0x00c697c9, 0x2a7a2741,
+    0x853eb506, 0x7f034651, 0xd047d416, 0xfafb649e, 0x55bff6d9,
+    0xd5f18471, 0x7ab51636, 0x5009a6be, 0xff4d34f9, 0x0570c7ae,
+    0xaa3455e9, 0x8088e561, 0x2fcc7726, 0x5b650670, 0xf4219437,
+    0xde9d24bf, 0x71d9b6f8, 0x8be445af, 0x24a0d7e8, 0x0e1c6760,
+    0xa158f527, 0x2116878f, 0x8e5215c8, 0xa4eea540, 0x0baa3707,
+    0xf197c450, 0x5ed35617, 0x746fe69f, 0xdb2b74d8, 0x9d3d0433,
+    0x32799674, 0x18c526fc, 0xb781b4bb, 0x4dbc47ec, 0xe2f8d5ab,
+    0xc8446523, 0x6700f764, 0xe74e85cc, 0x480a178b, 0x62b6a703,
+    0xcdf23544, 0x37cfc613, 0x988b5454, 0xb237e4dc, 0x1d73769b,
+    0x69da07cd, 0xc69e958a, 0xec222502, 0x4366b745, 0xb95b4412,
+    0x161fd655, 0x3ca366dd, 0x93e7f49a, 0x13a98632, 0xbced1475,
+    0x9651a4fd, 0x391536ba, 0xc328c5ed, 0x6c6c57aa, 0x46d0e722,
+    0xe9947565},
+   {0x00000000, 0x4e890ba9, 0x9d121752, 0xd39b1cfb, 0xe15528e5,
+    0xafdc234c, 0x7c473fb7, 0x32ce341e, 0x19db578b, 0x57525c22,
+    0x84c940d9, 0xca404b70, 0xf88e7f6e, 0xb60774c7, 0x659c683c,
+    0x2b156395, 0x33b6af16, 0x7d3fa4bf, 0xaea4b844, 0xe02db3ed,
+    0xd2e387f3, 0x9c6a8c5a, 0x4ff190a1, 0x01789b08, 0x2a6df89d,
+    0x64e4f334, 0xb77fefcf, 0xf9f6e466, 0xcb38d078, 0x85b1dbd1,
+    0x562ac72a, 0x18a3cc83, 0x676d5e2c, 0x29e45585, 0xfa7f497e,
+    0xb4f642d7, 0x863876c9, 0xc8b17d60, 0x1b2a619b, 0x55a36a32,
+    0x7eb609a7, 0x303f020e, 0xe3a41ef5, 0xad2d155c, 0x9fe32142,
+    0xd16a2aeb, 0x02f13610, 0x4c783db9, 0x54dbf13a, 0x1a52fa93,
+    0xc9c9e668, 0x8740edc1, 0xb58ed9df, 0xfb07d276, 0x289cce8d,
+    0x6615c524, 0x4d00a6b1, 0x0389ad18, 0xd012b1e3, 0x9e9bba4a,
+    0xac558e54, 0xe2dc85fd, 0x31479906, 0x7fce92af, 0xcedabc58,
+    0x8053b7f1, 0x53c8ab0a, 0x1d41a0a3, 0x2f8f94bd, 0x61069f14,
+    0xb29d83ef, 0xfc148846, 0xd701ebd3, 0x9988e07a, 0x4a13fc81,
+    0x049af728, 0x3654c336, 0x78ddc89f, 0xab46d464, 0xe5cfdfcd,
+    0xfd6c134e, 0xb3e518e7, 0x607e041c, 0x2ef70fb5, 0x1c393bab,
+    0x52b03002, 0x812b2cf9, 0xcfa22750, 0xe4b744c5, 0xaa3e4f6c,
+    0x79a55397, 0x372c583e, 0x05e26c20, 0x4b6b6789, 0x98f07b72,
+    0xd67970db, 0xa9b7e274, 0xe73ee9dd, 0x34a5f526, 0x7a2cfe8f,
+    0x48e2ca91, 0x066bc138, 0xd5f0ddc3, 0x9b79d66a, 0xb06cb5ff,
+    0xfee5be56, 0x2d7ea2ad, 0x63f7a904, 0x51399d1a, 0x1fb096b3,
+    0xcc2b8a48, 0x82a281e1, 0x9a014d62, 0xd48846cb, 0x07135a30,
+    0x499a5199, 0x7b546587, 0x35dd6e2e, 0xe64672d5, 0xa8cf797c,
+    0x83da1ae9, 0xcd531140, 0x1ec80dbb, 0x50410612, 0x628f320c,
+    0x2c0639a5, 0xff9d255e, 0xb1142ef7, 0x46c47ef1, 0x084d7558,
+    0xdbd669a3, 0x955f620a, 0xa7915614, 0xe9185dbd, 0x3a834146,
+    0x740a4aef, 0x5f1f297a, 0x119622d3, 0xc20d3e28, 0x8c843581,
+    0xbe4a019f, 0xf0c30a36, 0x235816cd, 0x6dd11d64, 0x7572d1e7,
+    0x3bfbda4e, 0xe860c6b5, 0xa6e9cd1c, 0x9427f902, 0xdaaef2ab,
+    0x0935ee50, 0x47bce5f9, 0x6ca9866c, 0x22208dc5, 0xf1bb913e,
+    0xbf329a97, 0x8dfcae89, 0xc375a520, 0x10eeb9db, 0x5e67b272,
+    0x21a920dd, 0x6f202b74, 0xbcbb378f, 0xf2323c26, 0xc0fc0838,
+    0x8e750391, 0x5dee1f6a, 0x136714c3, 0x38727756, 0x76fb7cff,
+    0xa5606004, 0xebe96bad, 0xd9275fb3, 0x97ae541a, 0x443548e1,
+    0x0abc4348, 0x121f8fcb, 0x5c968462, 0x8f0d9899, 0xc1849330,
+    0xf34aa72e, 0xbdc3ac87, 0x6e58b07c, 0x20d1bbd5, 0x0bc4d840,
+    0x454dd3e9, 0x96d6cf12, 0xd85fc4bb, 0xea91f0a5, 0xa418fb0c,
+    0x7783e7f7, 0x390aec5e, 0x881ec2a9, 0xc697c900, 0x150cd5fb,
+    0x5b85de52, 0x694bea4c, 0x27c2e1e5, 0xf459fd1e, 0xbad0f6b7,
+    0x91c59522, 0xdf4c9e8b, 0x0cd78270, 0x425e89d9, 0x7090bdc7,
+    0x3e19b66e, 0xed82aa95, 0xa30ba13c, 0xbba86dbf, 0xf5216616,
+    0x26ba7aed, 0x68337144, 0x5afd455a, 0x14744ef3, 0xc7ef5208,
+    0x896659a1, 0xa2733a34, 0xecfa319d, 0x3f612d66, 0x71e826cf,
+    0x432612d1, 0x0daf1978, 0xde340583, 0x90bd0e2a, 0xef739c85,
+    0xa1fa972c, 0x72618bd7, 0x3ce8807e, 0x0e26b460, 0x40afbfc9,
+    0x9334a332, 0xddbda89b, 0xf6a8cb0e, 0xb821c0a7, 0x6bbadc5c,
+    0x2533d7f5, 0x17fde3eb, 0x5974e842, 0x8aeff4b9, 0xc466ff10,
+    0xdcc53393, 0x924c383a, 0x41d724c1, 0x0f5e2f68, 0x3d901b76,
+    0x731910df, 0xa0820c24, 0xee0b078d, 0xc51e6418, 0x8b976fb1,
+    0x580c734a, 0x168578e3, 0x244b4cfd, 0x6ac24754, 0xb9595baf,
+    0xf7d05006},
+   {0x00000000, 0x8d88fde2, 0xc060fd85, 0x4de80067, 0x5bb0fd4b,
+    0xd63800a9, 0x9bd000ce, 0x1658fd2c, 0xb761fa96, 0x3ae90774,
+    0x77010713, 0xfa89faf1, 0xecd107dd, 0x6159fa3f, 0x2cb1fa58,
+    0xa13907ba, 0xb5b2f36d, 0x383a0e8f, 0x75d20ee8, 0xf85af30a,
+    0xee020e26, 0x638af3c4, 0x2e62f3a3, 0xa3ea0e41, 0x02d309fb,
+    0x8f5bf419, 0xc2b3f47e, 0x4f3b099c, 0x5963f4b0, 0xd4eb0952,
+    0x99030935, 0x148bf4d7, 0xb014e09b, 0x3d9c1d79, 0x70741d1e,
+    0xfdfce0fc, 0xeba41dd0, 0x662ce032, 0x2bc4e055, 0xa64c1db7,
+    0x07751a0d, 0x8afde7ef, 0xc715e788, 0x4a9d1a6a, 0x5cc5e746,
+    0xd14d1aa4, 0x9ca51ac3, 0x112de721, 0x05a613f6, 0x882eee14,
+    0xc5c6ee73, 0x484e1391, 0x5e16eebd, 0xd39e135f, 0x9e761338,
+    0x13feeeda, 0xb2c7e960, 0x3f4f1482, 0x72a714e5, 0xff2fe907,
+    0xe977142b, 0x64ffe9c9, 0x2917e9ae, 0xa49f144c, 0xbb58c777,
+    0x36d03a95, 0x7b383af2, 0xf6b0c710, 0xe0e83a3c, 0x6d60c7de,
+    0x2088c7b9, 0xad003a5b, 0x0c393de1, 0x81b1c003, 0xcc59c064,
+    0x41d13d86, 0x5789c0aa, 0xda013d48, 0x97e93d2f, 0x1a61c0cd,
+    0x0eea341a, 0x8362c9f8, 0xce8ac99f, 0x4302347d, 0x555ac951,
+    0xd8d234b3, 0x953a34d4, 0x18b2c936, 0xb98bce8c, 0x3403336e,
+    0x79eb3309, 0xf463ceeb, 0xe23b33c7, 0x6fb3ce25, 0x225bce42,
+    0xafd333a0, 0x0b4c27ec, 0x86c4da0e, 0xcb2cda69, 0x46a4278b,
+    0x50fcdaa7, 0xdd742745, 0x909c2722, 0x1d14dac0, 0xbc2ddd7a,
+    0x31a52098, 0x7c4d20ff, 0xf1c5dd1d, 0xe79d2031, 0x6a15ddd3,
+    0x27fdddb4, 0xaa752056, 0xbefed481, 0x33762963, 0x7e9e2904,
+    0xf316d4e6, 0xe54e29ca, 0x68c6d428, 0x252ed44f, 0xa8a629ad,
+    0x099f2e17, 0x8417d3f5, 0xc9ffd392, 0x44772e70, 0x522fd35c,
+    0xdfa72ebe, 0x924f2ed9, 0x1fc7d33b, 0xadc088af, 0x2048754d,
+    0x6da0752a, 0xe02888c8, 0xf67075e4, 0x7bf88806, 0x36108861,
+    0xbb987583, 0x1aa17239, 0x97298fdb, 0xdac18fbc, 0x5749725e,
+    0x41118f72, 0xcc997290, 0x817172f7, 0x0cf98f15, 0x18727bc2,
+    0x95fa8620, 0xd8128647, 0x559a7ba5, 0x43c28689, 0xce4a7b6b,
+    0x83a27b0c, 0x0e2a86ee, 0xaf138154, 0x229b7cb6, 0x6f737cd1,
+    0xe2fb8133, 0xf4a37c1f, 0x792b81fd, 0x34c3819a, 0xb94b7c78,
+    0x1dd46834, 0x905c95d6, 0xddb495b1, 0x503c6853, 0x4664957f,
+    0xcbec689d, 0x860468fa, 0x0b8c9518, 0xaab592a2, 0x273d6f40,
+    0x6ad56f27, 0xe75d92c5, 0xf1056fe9, 0x7c8d920b, 0x3165926c,
+    0xbced6f8e, 0xa8669b59, 0x25ee66bb, 0x680666dc, 0xe58e9b3e,
+    0xf3d66612, 0x7e5e9bf0, 0x33b69b97, 0xbe3e6675, 0x1f0761cf,
+    0x928f9c2d, 0xdf679c4a, 0x52ef61a8, 0x44b79c84, 0xc93f6166,
+    0x84d76101, 0x095f9ce3, 0x16984fd8, 0x9b10b23a, 0xd6f8b25d,
+    0x5b704fbf, 0x4d28b293, 0xc0a04f71, 0x8d484f16, 0x00c0b2f4,
+    0xa1f9b54e, 0x2c7148ac, 0x619948cb, 0xec11b529, 0xfa494805,
+    0x77c1b5e7, 0x3a29b580, 0xb7a14862, 0xa32abcb5, 0x2ea24157,
+    0x634a4130, 0xeec2bcd2, 0xf89a41fe, 0x7512bc1c, 0x38fabc7b,
+    0xb5724199, 0x144b4623, 0x99c3bbc1, 0xd42bbba6, 0x59a34644,
+    0x4ffbbb68, 0xc273468a, 0x8f9b46ed, 0x0213bb0f, 0xa68caf43,
+    0x2b0452a1, 0x66ec52c6, 0xeb64af24, 0xfd3c5208, 0x70b4afea,
+    0x3d5caf8d, 0xb0d4526f, 0x11ed55d5, 0x9c65a837, 0xd18da850,
+    0x5c0555b2, 0x4a5da89e, 0xc7d5557c, 0x8a3d551b, 0x07b5a8f9,
+    0x133e5c2e, 0x9eb6a1cc, 0xd35ea1ab, 0x5ed65c49, 0x488ea165,
+    0xc5065c87, 0x88ee5ce0, 0x0566a102, 0xa45fa6b8, 0x29d75b5a,
+    0x643f5b3d, 0xe9b7a6df, 0xffef5bf3, 0x7267a611, 0x3f8fa676,
+    0xb2075b94},
+   {0x00000000, 0x80f0171f, 0xda91287f, 0x5a613f60, 0x6e5356bf,
+    0xeea341a0, 0xb4c27ec0, 0x343269df, 0xdca6ad7e, 0x5c56ba61,
+    0x06378501, 0x86c7921e, 0xb2f5fbc1, 0x3205ecde, 0x6864d3be,
+    0xe894c4a1, 0x623c5cbd, 0xe2cc4ba2, 0xb8ad74c2, 0x385d63dd,
+    0x0c6f0a02, 0x8c9f1d1d, 0xd6fe227d, 0x560e3562, 0xbe9af1c3,
+    0x3e6ae6dc, 0x640bd9bc, 0xe4fbcea3, 0xd0c9a77c, 0x5039b063,
+    0x0a588f03, 0x8aa8981c, 0xc478b97a, 0x4488ae65, 0x1ee99105,
+    0x9e19861a, 0xaa2befc5, 0x2adbf8da, 0x70bac7ba, 0xf04ad0a5,
+    0x18de1404, 0x982e031b, 0xc24f3c7b, 0x42bf2b64, 0x768d42bb,
+    0xf67d55a4, 0xac1c6ac4, 0x2cec7ddb, 0xa644e5c7, 0x26b4f2d8,
+    0x7cd5cdb8, 0xfc25daa7, 0xc817b378, 0x48e7a467, 0x12869b07,
+    0x92768c18, 0x7ae248b9, 0xfa125fa6, 0xa07360c6, 0x208377d9,
+    0x14b11e06, 0x94410919, 0xce203679, 0x4ed02166, 0x538074b5,
+    0xd37063aa, 0x89115cca, 0x09e14bd5, 0x3dd3220a, 0xbd233515,
+    0xe7420a75, 0x67b21d6a, 0x8f26d9cb, 0x0fd6ced4, 0x55b7f1b4,
+    0xd547e6ab, 0xe1758f74, 0x6185986b, 0x3be4a70b, 0xbb14b014,
+    0x31bc2808, 0xb14c3f17, 0xeb2d0077, 0x6bdd1768, 0x5fef7eb7,
+    0xdf1f69a8, 0x857e56c8, 0x058e41d7, 0xed1a8576, 0x6dea9269,
+    0x378bad09, 0xb77bba16, 0x8349d3c9, 0x03b9c4d6, 0x59d8fbb6,
+    0xd928eca9, 0x97f8cdcf, 0x1708dad0, 0x4d69e5b0, 0xcd99f2af,
+    0xf9ab9b70, 0x795b8c6f, 0x233ab30f, 0xa3caa410, 0x4b5e60b1,
+    0xcbae77ae, 0x91cf48ce, 0x113f5fd1, 0x250d360e, 0xa5fd2111,
+    0xff9c1e71, 0x7f6c096e, 0xf5c49172, 0x7534866d, 0x2f55b90d,
+    0xafa5ae12, 0x9b97c7cd, 0x1b67d0d2, 0x4106efb2, 0xc1f6f8ad,
+    0x29623c0c, 0xa9922b13, 0xf3f31473, 0x7303036c, 0x47316ab3,
+    0xc7c17dac, 0x9da042cc, 0x1d5055d3, 0xa700e96a, 0x27f0fe75,
+    0x7d91c115, 0xfd61d60a, 0xc953bfd5, 0x49a3a8ca, 0x13c297aa,
+    0x933280b5, 0x7ba64414, 0xfb56530b, 0xa1376c6b, 0x21c77b74,
+    0x15f512ab, 0x950505b4, 0xcf643ad4, 0x4f942dcb, 0xc53cb5d7,
+    0x45cca2c8, 0x1fad9da8, 0x9f5d8ab7, 0xab6fe368, 0x2b9ff477,
+    0x71fecb17, 0xf10edc08, 0x199a18a9, 0x996a0fb6, 0xc30b30d6,
+    0x43fb27c9, 0x77c94e16, 0xf7395909, 0xad586669, 0x2da87176,
+    0x63785010, 0xe388470f, 0xb9e9786f, 0x39196f70, 0x0d2b06af,
+    0x8ddb11b0, 0xd7ba2ed0, 0x574a39cf, 0xbfdefd6e, 0x3f2eea71,
+    0x654fd511, 0xe5bfc20e, 0xd18dabd1, 0x517dbcce, 0x0b1c83ae,
+    0x8bec94b1, 0x01440cad, 0x81b41bb2, 0xdbd524d2, 0x5b2533cd,
+    0x6f175a12, 0xefe74d0d, 0xb586726d, 0x35766572, 0xdde2a1d3,
+    0x5d12b6cc, 0x077389ac, 0x87839eb3, 0xb3b1f76c, 0x3341e073,
+    0x6920df13, 0xe9d0c80c, 0xf4809ddf, 0x74708ac0, 0x2e11b5a0,
+    0xaee1a2bf, 0x9ad3cb60, 0x1a23dc7f, 0x4042e31f, 0xc0b2f400,
+    0x282630a1, 0xa8d627be, 0xf2b718de, 0x72470fc1, 0x4675661e,
+    0xc6857101, 0x9ce44e61, 0x1c14597e, 0x96bcc162, 0x164cd67d,
+    0x4c2de91d, 0xccddfe02, 0xf8ef97dd, 0x781f80c2, 0x227ebfa2,
+    0xa28ea8bd, 0x4a1a6c1c, 0xcaea7b03, 0x908b4463, 0x107b537c,
+    0x24493aa3, 0xa4b92dbc, 0xfed812dc, 0x7e2805c3, 0x30f824a5,
+    0xb00833ba, 0xea690cda, 0x6a991bc5, 0x5eab721a, 0xde5b6505,
+    0x843a5a65, 0x04ca4d7a, 0xec5e89db, 0x6cae9ec4, 0x36cfa1a4,
+    0xb63fb6bb, 0x820ddf64, 0x02fdc87b, 0x589cf71b, 0xd86ce004,
+    0x52c47818, 0xd2346f07, 0x88555067, 0x08a54778, 0x3c972ea7,
+    0xbc6739b8, 0xe60606d8, 0x66f611c7, 0x8e62d566, 0x0e92c279,
+    0x54f3fd19, 0xd403ea06, 0xe03183d9, 0x60c194c6, 0x3aa0aba6,
+    0xba50bcb9},
+   {0x00000000, 0x9570d495, 0xf190af6b, 0x64e07bfe, 0x38505897,
+    0xad208c02, 0xc9c0f7fc, 0x5cb02369, 0x70a0b12e, 0xe5d065bb,
+    0x81301e45, 0x1440cad0, 0x48f0e9b9, 0xdd803d2c, 0xb96046d2,
+    0x2c109247, 0xe141625c, 0x7431b6c9, 0x10d1cd37, 0x85a119a2,
+    0xd9113acb, 0x4c61ee5e, 0x288195a0, 0xbdf14135, 0x91e1d372,
+    0x049107e7, 0x60717c19, 0xf501a88c, 0xa9b18be5, 0x3cc15f70,
+    0x5821248e, 0xcd51f01b, 0x19f3c2f9, 0x8c83166c, 0xe8636d92,
+    0x7d13b907, 0x21a39a6e, 0xb4d34efb, 0xd0333505, 0x4543e190,
+    0x695373d7, 0xfc23a742, 0x98c3dcbc, 0x0db30829, 0x51032b40,
+    0xc473ffd5, 0xa093842b, 0x35e350be, 0xf8b2a0a5, 0x6dc27430,
+    0x09220fce, 0x9c52db5b, 0xc0e2f832, 0x55922ca7, 0x31725759,
+    0xa40283cc, 0x8812118b, 0x1d62c51e, 0x7982bee0, 0xecf26a75,
+    0xb042491c, 0x25329d89, 0x41d2e677, 0xd4a232e2, 0x33e785f2,
+    0xa6975167, 0xc2772a99, 0x5707fe0c, 0x0bb7dd65, 0x9ec709f0,
+    0xfa27720e, 0x6f57a69b, 0x434734dc, 0xd637e049, 0xb2d79bb7,
+    0x27a74f22, 0x7b176c4b, 0xee67b8de, 0x8a87c320, 0x1ff717b5,
+    0xd2a6e7ae, 0x47d6333b, 0x233648c5, 0xb6469c50, 0xeaf6bf39,
+    0x7f866bac, 0x1b661052, 0x8e16c4c7, 0xa2065680, 0x37768215,
+    0x5396f9eb, 0xc6e62d7e, 0x9a560e17, 0x0f26da82, 0x6bc6a17c,
+    0xfeb675e9, 0x2a14470b, 0xbf64939e, 0xdb84e860, 0x4ef43cf5,
+    0x12441f9c, 0x8734cb09, 0xe3d4b0f7, 0x76a46462, 0x5ab4f625,
+    0xcfc422b0, 0xab24594e, 0x3e548ddb, 0x62e4aeb2, 0xf7947a27,
+    0x937401d9, 0x0604d54c, 0xcb552557, 0x5e25f1c2, 0x3ac58a3c,
+    0xafb55ea9, 0xf3057dc0, 0x6675a955, 0x0295d2ab, 0x97e5063e,
+    0xbbf59479, 0x2e8540ec, 0x4a653b12, 0xdf15ef87, 0x83a5ccee,
+    0x16d5187b, 0x72356385, 0xe745b710, 0x67cf0be4, 0xf2bfdf71,
+    0x965fa48f, 0x032f701a, 0x5f9f5373, 0xcaef87e6, 0xae0ffc18,
+    0x3b7f288d, 0x176fbaca, 0x821f6e5f, 0xe6ff15a1, 0x738fc134,
+    0x2f3fe25d, 0xba4f36c8, 0xdeaf4d36, 0x4bdf99a3, 0x868e69b8,
+    0x13febd2d, 0x771ec6d3, 0xe26e1246, 0xbede312f, 0x2baee5ba,
+    0x4f4e9e44, 0xda3e4ad1, 0xf62ed896, 0x635e0c03, 0x07be77fd,
+    0x92cea368, 0xce7e8001, 0x5b0e5494, 0x3fee2f6a, 0xaa9efbff,
+    0x7e3cc91d, 0xeb4c1d88, 0x8fac6676, 0x1adcb2e3, 0x466c918a,
+    0xd31c451f, 0xb7fc3ee1, 0x228cea74, 0x0e9c7833, 0x9becaca6,
+    0xff0cd758, 0x6a7c03cd, 0x36cc20a4, 0xa3bcf431, 0xc75c8fcf,
+    0x522c5b5a, 0x9f7dab41, 0x0a0d7fd4, 0x6eed042a, 0xfb9dd0bf,
+    0xa72df3d6, 0x325d2743, 0x56bd5cbd, 0xc3cd8828, 0xefdd1a6f,
+    0x7aadcefa, 0x1e4db504, 0x8b3d6191, 0xd78d42f8, 0x42fd966d,
+    0x261ded93, 0xb36d3906, 0x54288e16, 0xc1585a83, 0xa5b8217d,
+    0x30c8f5e8, 0x6c78d681, 0xf9080214, 0x9de879ea, 0x0898ad7f,
+    0x24883f38, 0xb1f8ebad, 0xd5189053, 0x406844c6, 0x1cd867af,
+    0x89a8b33a, 0xed48c8c4, 0x78381c51, 0xb569ec4a, 0x201938df,
+    0x44f94321, 0xd18997b4, 0x8d39b4dd, 0x18496048, 0x7ca91bb6,
+    0xe9d9cf23, 0xc5c95d64, 0x50b989f1, 0x3459f20f, 0xa129269a,
+    0xfd9905f3, 0x68e9d166, 0x0c09aa98, 0x99797e0d, 0x4ddb4cef,
+    0xd8ab987a, 0xbc4be384, 0x293b3711, 0x758b1478, 0xe0fbc0ed,
+    0x841bbb13, 0x116b6f86, 0x3d7bfdc1, 0xa80b2954, 0xcceb52aa,
+    0x599b863f, 0x052ba556, 0x905b71c3, 0xf4bb0a3d, 0x61cbdea8,
+    0xac9a2eb3, 0x39eafa26, 0x5d0a81d8, 0xc87a554d, 0x94ca7624,
+    0x01baa2b1, 0x655ad94f, 0xf02a0dda, 0xdc3a9f9d, 0x494a4b08,
+    0x2daa30f6, 0xb8dae463, 0xe46ac70a, 0x711a139f, 0x15fa6861,
+    0x808abcf4},
+   {0x00000000, 0xcf9e17c8, 0x444d29d1, 0x8bd33e19, 0x889a53a2,
+    0x4704446a, 0xccd77a73, 0x03496dbb, 0xca45a105, 0x05dbb6cd,
+    0x8e0888d4, 0x41969f1c, 0x42dff2a7, 0x8d41e56f, 0x0692db76,
+    0xc90cccbe, 0x4ffa444b, 0x80645383, 0x0bb76d9a, 0xc4297a52,
+    0xc76017e9, 0x08fe0021, 0x832d3e38, 0x4cb329f0, 0x85bfe54e,
+    0x4a21f286, 0xc1f2cc9f, 0x0e6cdb57, 0x0d25b6ec, 0xc2bba124,
+    0x49689f3d, 0x86f688f5, 0x9ff48896, 0x506a9f5e, 0xdbb9a147,
+    0x1427b68f, 0x176edb34, 0xd8f0ccfc, 0x5323f2e5, 0x9cbde52d,
+    0x55b12993, 0x9a2f3e5b, 0x11fc0042, 0xde62178a, 0xdd2b7a31,
+    0x12b56df9, 0x996653e0, 0x56f84428, 0xd00eccdd, 0x1f90db15,
+    0x9443e50c, 0x5bddf2c4, 0x58949f7f, 0x970a88b7, 0x1cd9b6ae,
+    0xd347a166, 0x1a4b6dd8, 0xd5d57a10, 0x5e064409, 0x919853c1,
+    0x92d13e7a, 0x5d4f29b2, 0xd69c17ab, 0x19020063, 0xe498176d,
+    0x2b0600a5, 0xa0d53ebc, 0x6f4b2974, 0x6c0244cf, 0xa39c5307,
+    0x284f6d1e, 0xe7d17ad6, 0x2eddb668, 0xe143a1a0, 0x6a909fb9,
+    0xa50e8871, 0xa647e5ca, 0x69d9f202, 0xe20acc1b, 0x2d94dbd3,
+    0xab625326, 0x64fc44ee, 0xef2f7af7, 0x20b16d3f, 0x23f80084,
+    0xec66174c, 0x67b52955, 0xa82b3e9d, 0x6127f223, 0xaeb9e5eb,
+    0x256adbf2, 0xeaf4cc3a, 0xe9bda181, 0x2623b649, 0xadf08850,
+    0x626e9f98, 0x7b6c9ffb, 0xb4f28833, 0x3f21b62a, 0xf0bfa1e2,
+    0xf3f6cc59, 0x3c68db91, 0xb7bbe588, 0x7825f240, 0xb1293efe,
+    0x7eb72936, 0xf564172f, 0x3afa00e7, 0x39b36d5c, 0xf62d7a94,
+    0x7dfe448d, 0xb2605345, 0x3496dbb0, 0xfb08cc78, 0x70dbf261,
+    0xbf45e5a9, 0xbc0c8812, 0x73929fda, 0xf841a1c3, 0x37dfb60b,
+    0xfed37ab5, 0x314d6d7d, 0xba9e5364, 0x750044ac, 0x76492917,
+    0xb9d73edf, 0x320400c6, 0xfd9a170e, 0x1241289b, 0xdddf3f53,
+    0x560c014a, 0x99921682, 0x9adb7b39, 0x55456cf1, 0xde9652e8,
+    0x11084520, 0xd804899e, 0x179a9e56, 0x9c49a04f, 0x53d7b787,
+    0x509eda3c, 0x9f00cdf4, 0x14d3f3ed, 0xdb4de425, 0x5dbb6cd0,
+    0x92257b18, 0x19f64501, 0xd66852c9, 0xd5213f72, 0x1abf28ba,
+    0x916c16a3, 0x5ef2016b, 0x97fecdd5, 0x5860da1d, 0xd3b3e404,
+    0x1c2df3cc, 0x1f649e77, 0xd0fa89bf, 0x5b29b7a6, 0x94b7a06e,
+    0x8db5a00d, 0x422bb7c5, 0xc9f889dc, 0x06669e14, 0x052ff3af,
+    0xcab1e467, 0x4162da7e, 0x8efccdb6, 0x47f00108, 0x886e16c0,
+    0x03bd28d9, 0xcc233f11, 0xcf6a52aa, 0x00f44562, 0x8b277b7b,
+    0x44b96cb3, 0xc24fe446, 0x0dd1f38e, 0x8602cd97, 0x499cda5f,
+    0x4ad5b7e4, 0x854ba02c, 0x0e989e35, 0xc10689fd, 0x080a4543,
+    0xc794528b, 0x4c476c92, 0x83d97b5a, 0x809016e1, 0x4f0e0129,
+    0xc4dd3f30, 0x0b4328f8, 0xf6d93ff6, 0x3947283e, 0xb2941627,
+    0x7d0a01ef, 0x7e436c54, 0xb1dd7b9c, 0x3a0e4585, 0xf590524d,
+    0x3c9c9ef3, 0xf302893b, 0x78d1b722, 0xb74fa0ea, 0xb406cd51,
+    0x7b98da99, 0xf04be480, 0x3fd5f348, 0xb9237bbd, 0x76bd6c75,
+    0xfd6e526c, 0x32f045a4, 0x31b9281f, 0xfe273fd7, 0x75f401ce,
+    0xba6a1606, 0x7366dab8, 0xbcf8cd70, 0x372bf369, 0xf8b5e4a1,
+    0xfbfc891a, 0x34629ed2, 0xbfb1a0cb, 0x702fb703, 0x692db760,
+    0xa6b3a0a8, 0x2d609eb1, 0xe2fe8979, 0xe1b7e4c2, 0x2e29f30a,
+    0xa5facd13, 0x6a64dadb, 0xa3681665, 0x6cf601ad, 0xe7253fb4,
+    0x28bb287c, 0x2bf245c7, 0xe46c520f, 0x6fbf6c16, 0xa0217bde,
+    0x26d7f32b, 0xe949e4e3, 0x629adafa, 0xad04cd32, 0xae4da089,
+    0x61d3b741, 0xea008958, 0x259e9e90, 0xec92522e, 0x230c45e6,
+    0xa8df7bff, 0x67416c37, 0x6408018c, 0xab961644, 0x2045285d,
+    0xefdb3f95},
+   {0x00000000, 0x24825136, 0x4904a26c, 0x6d86f35a, 0x920944d8,
+    0xb68b15ee, 0xdb0de6b4, 0xff8fb782, 0xff638ff1, 0xdbe1dec7,
+    0xb6672d9d, 0x92e57cab, 0x6d6acb29, 0x49e89a1f, 0x246e6945,
+    0x00ec3873, 0x25b619a3, 0x01344895, 0x6cb2bbcf, 0x4830eaf9,
+    0xb7bf5d7b, 0x933d0c4d, 0xfebbff17, 0xda39ae21, 0xdad59652,
+    0xfe57c764, 0x93d1343e, 0xb7536508, 0x48dcd28a, 0x6c5e83bc,
+    0x01d870e6, 0x255a21d0, 0x4b6c3346, 0x6fee6270, 0x0268912a,
+    0x26eac01c, 0xd965779e, 0xfde726a8, 0x9061d5f2, 0xb4e384c4,
+    0xb40fbcb7, 0x908ded81, 0xfd0b1edb, 0xd9894fed, 0x2606f86f,
+    0x0284a959, 0x6f025a03, 0x4b800b35, 0x6eda2ae5, 0x4a587bd3,
+    0x27de8889, 0x035cd9bf, 0xfcd36e3d, 0xd8513f0b, 0xb5d7cc51,
+    0x91559d67, 0x91b9a514, 0xb53bf422, 0xd8bd0778, 0xfc3f564e,
+    0x03b0e1cc, 0x2732b0fa, 0x4ab443a0, 0x6e361296, 0x96d8668c,
+    0xb25a37ba, 0xdfdcc4e0, 0xfb5e95d6, 0x04d12254, 0x20537362,
+    0x4dd58038, 0x6957d10e, 0x69bbe97d, 0x4d39b84b, 0x20bf4b11,
+    0x043d1a27, 0xfbb2ada5, 0xdf30fc93, 0xb2b60fc9, 0x96345eff,
+    0xb36e7f2f, 0x97ec2e19, 0xfa6add43, 0xdee88c75, 0x21673bf7,
+    0x05e56ac1, 0x6863999b, 0x4ce1c8ad, 0x4c0df0de, 0x688fa1e8,
+    0x050952b2, 0x218b0384, 0xde04b406, 0xfa86e530, 0x9700166a,
+    0xb382475c, 0xddb455ca, 0xf93604fc, 0x94b0f7a6, 0xb032a690,
+    0x4fbd1112, 0x6b3f4024, 0x06b9b37e, 0x223be248, 0x22d7da3b,
+    0x06558b0d, 0x6bd37857, 0x4f512961, 0xb0de9ee3, 0x945ccfd5,
+    0xf9da3c8f, 0xdd586db9, 0xf8024c69, 0xdc801d5f, 0xb106ee05,
+    0x9584bf33, 0x6a0b08b1, 0x4e895987, 0x230faadd, 0x078dfbeb,
+    0x0761c398, 0x23e392ae, 0x4e6561f4, 0x6ae730c2, 0x95688740,
+    0xb1ead676, 0xdc6c252c, 0xf8ee741a, 0xf6c1cb59, 0xd2439a6f,
+    0xbfc56935, 0x9b473803, 0x64c88f81, 0x404adeb7, 0x2dcc2ded,
+    0x094e7cdb, 0x09a244a8, 0x2d20159e, 0x40a6e6c4, 0x6424b7f2,
+    0x9bab0070, 0xbf295146, 0xd2afa21c, 0xf62df32a, 0xd377d2fa,
+    0xf7f583cc, 0x9a737096, 0xbef121a0, 0x417e9622, 0x65fcc714,
+    0x087a344e, 0x2cf86578, 0x2c145d0b, 0x08960c3d, 0x6510ff67,
+    0x4192ae51, 0xbe1d19d3, 0x9a9f48e5, 0xf719bbbf, 0xd39bea89,
+    0xbdadf81f, 0x992fa929, 0xf4a95a73, 0xd02b0b45, 0x2fa4bcc7,
+    0x0b26edf1, 0x66a01eab, 0x42224f9d, 0x42ce77ee, 0x664c26d8,
+    0x0bcad582, 0x2f4884b4, 0xd0c73336, 0xf4456200, 0x99c3915a,
+    0xbd41c06c, 0x981be1bc, 0xbc99b08a, 0xd11f43d0, 0xf59d12e6,
+    0x0a12a564, 0x2e90f452, 0x43160708, 0x6794563e, 0x67786e4d,
+    0x43fa3f7b, 0x2e7ccc21, 0x0afe9d17, 0xf5712a95, 0xd1f37ba3,
+    0xbc7588f9, 0x98f7d9cf, 0x6019add5, 0x449bfce3, 0x291d0fb9,
+    0x0d9f5e8f, 0xf210e90d, 0xd692b83b, 0xbb144b61, 0x9f961a57,
+    0x9f7a2224, 0xbbf87312, 0xd67e8048, 0xf2fcd17e, 0x0d7366fc,
+    0x29f137ca, 0x4477c490, 0x60f595a6, 0x45afb476, 0x612de540,
+    0x0cab161a, 0x2829472c, 0xd7a6f0ae, 0xf324a198, 0x9ea252c2,
+    0xba2003f4, 0xbacc3b87, 0x9e4e6ab1, 0xf3c899eb, 0xd74ac8dd,
+    0x28c57f5f, 0x0c472e69, 0x61c1dd33, 0x45438c05, 0x2b759e93,
+    0x0ff7cfa5, 0x62713cff, 0x46f36dc9, 0xb97cda4b, 0x9dfe8b7d,
+    0xf0787827, 0xd4fa2911, 0xd4161162, 0xf0944054, 0x9d12b30e,
+    0xb990e238, 0x461f55ba, 0x629d048c, 0x0f1bf7d6, 0x2b99a6e0,
+    0x0ec38730, 0x2a41d606, 0x47c7255c, 0x6345746a, 0x9ccac3e8,
+    0xb84892de, 0xd5ce6184, 0xf14c30b2, 0xf1a008c1, 0xd52259f7,
+    0xb8a4aaad, 0x9c26fb9b, 0x63a94c19, 0x472b1d2f, 0x2aadee75,
+    0x0e2fbf43},
+   {0x00000000, 0x36f290f3, 0x6de521e6, 0x5b17b115, 0xdbca43cc,
+    0xed38d33f, 0xb62f622a, 0x80ddf2d9, 0x6ce581d9, 0x5a17112a,
+    0x0100a03f, 0x37f230cc, 0xb72fc215, 0x81dd52e6, 0xdacae3f3,
+    0xec387300, 0xd9cb03b2, 0xef399341, 0xb42e2254, 0x82dcb2a7,
+    0x0201407e, 0x34f3d08d, 0x6fe46198, 0x5916f16b, 0xb52e826b,
+    0x83dc1298, 0xd8cba38d, 0xee39337e, 0x6ee4c1a7, 0x58165154,
+    0x0301e041, 0x35f370b2, 0x68e70125, 0x5e1591d6, 0x050220c3,
+    0x33f0b030, 0xb32d42e9, 0x85dfd21a, 0xdec8630f, 0xe83af3fc,
+    0x040280fc, 0x32f0100f, 0x69e7a11a, 0x5f1531e9, 0xdfc8c330,
+    0xe93a53c3, 0xb22de2d6, 0x84df7225, 0xb12c0297, 0x87de9264,
+    0xdcc92371, 0xea3bb382, 0x6ae6415b, 0x5c14d1a8, 0x070360bd,
+    0x31f1f04e, 0xddc9834e, 0xeb3b13bd, 0xb02ca2a8, 0x86de325b,
+    0x0603c082, 0x30f15071, 0x6be6e164, 0x5d147197, 0xd1ce024a,
+    0xe73c92b9, 0xbc2b23ac, 0x8ad9b35f, 0x0a044186, 0x3cf6d175,
+    0x67e16060, 0x5113f093, 0xbd2b8393, 0x8bd91360, 0xd0cea275,
+    0xe63c3286, 0x66e1c05f, 0x501350ac, 0x0b04e1b9, 0x3df6714a,
+    0x080501f8, 0x3ef7910b, 0x65e0201e, 0x5312b0ed, 0xd3cf4234,
+    0xe53dd2c7, 0xbe2a63d2, 0x88d8f321, 0x64e08021, 0x521210d2,
+    0x0905a1c7, 0x3ff73134, 0xbf2ac3ed, 0x89d8531e, 0xd2cfe20b,
+    0xe43d72f8, 0xb929036f, 0x8fdb939c, 0xd4cc2289, 0xe23eb27a,
+    0x62e340a3, 0x5411d050, 0x0f066145, 0x39f4f1b6, 0xd5cc82b6,
+    0xe33e1245, 0xb829a350, 0x8edb33a3, 0x0e06c17a, 0x38f45189,
+    0x63e3e09c, 0x5511706f, 0x60e200dd, 0x5610902e, 0x0d07213b,
+    0x3bf5b1c8, 0xbb284311, 0x8ddad3e2, 0xd6cd62f7, 0xe03ff204,
+    0x0c078104, 0x3af511f7, 0x61e2a0e2, 0x57103011, 0xd7cdc2c8,
+    0xe13f523b, 0xba28e32e, 0x8cda73dd, 0x78ed02d5, 0x4e1f9226,
+    0x15082333, 0x23fab3c0, 0xa3274119, 0x95d5d1ea, 0xcec260ff,
+    0xf830f00c, 0x1408830c, 0x22fa13ff, 0x79eda2ea, 0x4f1f3219,
+    0xcfc2c0c0, 0xf9305033, 0xa227e126, 0x94d571d5, 0xa1260167,
+    0x97d49194, 0xccc32081, 0xfa31b072, 0x7aec42ab, 0x4c1ed258,
+    0x1709634d, 0x21fbf3be, 0xcdc380be, 0xfb31104d, 0xa026a158,
+    0x96d431ab, 0x1609c372, 0x20fb5381, 0x7bece294, 0x4d1e7267,
+    0x100a03f0, 0x26f89303, 0x7def2216, 0x4b1db2e5, 0xcbc0403c,
+    0xfd32d0cf, 0xa62561da, 0x90d7f129, 0x7cef8229, 0x4a1d12da,
+    0x110aa3cf, 0x27f8333c, 0xa725c1e5, 0x91d75116, 0xcac0e003,
+    0xfc3270f0, 0xc9c10042, 0xff3390b1, 0xa42421a4, 0x92d6b157,
+    0x120b438e, 0x24f9d37d, 0x7fee6268, 0x491cf29b, 0xa524819b,
+    0x93d61168, 0xc8c1a07d, 0xfe33308e, 0x7eeec257, 0x481c52a4,
+    0x130be3b1, 0x25f97342, 0xa923009f, 0x9fd1906c, 0xc4c62179,
+    0xf234b18a, 0x72e94353, 0x441bd3a0, 0x1f0c62b5, 0x29fef246,
+    0xc5c68146, 0xf33411b5, 0xa823a0a0, 0x9ed13053, 0x1e0cc28a,
+    0x28fe5279, 0x73e9e36c, 0x451b739f, 0x70e8032d, 0x461a93de,
+    0x1d0d22cb, 0x2bffb238, 0xab2240e1, 0x9dd0d012, 0xc6c76107,
+    0xf035f1f4, 0x1c0d82f4, 0x2aff1207, 0x71e8a312, 0x471a33e1,
+    0xc7c7c138, 0xf13551cb, 0xaa22e0de, 0x9cd0702d, 0xc1c401ba,
+    0xf7369149, 0xac21205c, 0x9ad3b0af, 0x1a0e4276, 0x2cfcd285,
+    0x77eb6390, 0x4119f363, 0xad218063, 0x9bd31090, 0xc0c4a185,
+    0xf6363176, 0x76ebc3af, 0x4019535c, 0x1b0ee249, 0x2dfc72ba,
+    0x180f0208, 0x2efd92fb, 0x75ea23ee, 0x4318b31d, 0xc3c541c4,
+    0xf537d137, 0xae206022, 0x98d2f0d1, 0x74ea83d1, 0x42181322,
+    0x190fa237, 0x2ffd32c4, 0xaf20c01d, 0x99d250ee, 0xc2c5e1fb,
+    0xf4377108}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0xf390f23600000000, 0xe621e56d00000000,
+    0x15b1175b00000000, 0xcc43cadb00000000, 0x3fd338ed00000000,
+    0x2a622fb600000000, 0xd9f2dd8000000000, 0xd981e56c00000000,
+    0x2a11175a00000000, 0x3fa0000100000000, 0xcc30f23700000000,
+    0x15c22fb700000000, 0xe652dd8100000000, 0xf3e3cada00000000,
+    0x007338ec00000000, 0xb203cbd900000000, 0x419339ef00000000,
+    0x54222eb400000000, 0xa7b2dc8200000000, 0x7e40010200000000,
+    0x8dd0f33400000000, 0x9861e46f00000000, 0x6bf1165900000000,
+    0x6b822eb500000000, 0x9812dc8300000000, 0x8da3cbd800000000,
+    0x7e3339ee00000000, 0xa7c1e46e00000000, 0x5451165800000000,
+    0x41e0010300000000, 0xb270f33500000000, 0x2501e76800000000,
+    0xd691155e00000000, 0xc320020500000000, 0x30b0f03300000000,
+    0xe9422db300000000, 0x1ad2df8500000000, 0x0f63c8de00000000,
+    0xfcf33ae800000000, 0xfc80020400000000, 0x0f10f03200000000,
+    0x1aa1e76900000000, 0xe931155f00000000, 0x30c3c8df00000000,
+    0xc3533ae900000000, 0xd6e22db200000000, 0x2572df8400000000,
+    0x97022cb100000000, 0x6492de8700000000, 0x7123c9dc00000000,
+    0x82b33bea00000000, 0x5b41e66a00000000, 0xa8d1145c00000000,
+    0xbd60030700000000, 0x4ef0f13100000000, 0x4e83c9dd00000000,
+    0xbd133beb00000000, 0xa8a22cb000000000, 0x5b32de8600000000,
+    0x82c0030600000000, 0x7150f13000000000, 0x64e1e66b00000000,
+    0x9771145d00000000, 0x4a02ced100000000, 0xb9923ce700000000,
+    0xac232bbc00000000, 0x5fb3d98a00000000, 0x8641040a00000000,
+    0x75d1f63c00000000, 0x6060e16700000000, 0x93f0135100000000,
+    0x93832bbd00000000, 0x6013d98b00000000, 0x75a2ced000000000,
+    0x86323ce600000000, 0x5fc0e16600000000, 0xac50135000000000,
+    0xb9e1040b00000000, 0x4a71f63d00000000, 0xf801050800000000,
+    0x0b91f73e00000000, 0x1e20e06500000000, 0xedb0125300000000,
+    0x3442cfd300000000, 0xc7d23de500000000, 0xd2632abe00000000,
+    0x21f3d88800000000, 0x2180e06400000000, 0xd210125200000000,
+    0xc7a1050900000000, 0x3431f73f00000000, 0xedc32abf00000000,
+    0x1e53d88900000000, 0x0be2cfd200000000, 0xf8723de400000000,
+    0x6f0329b900000000, 0x9c93db8f00000000, 0x8922ccd400000000,
+    0x7ab23ee200000000, 0xa340e36200000000, 0x50d0115400000000,
+    0x4561060f00000000, 0xb6f1f43900000000, 0xb682ccd500000000,
+    0x45123ee300000000, 0x50a329b800000000, 0xa333db8e00000000,
+    0x7ac1060e00000000, 0x8951f43800000000, 0x9ce0e36300000000,
+    0x6f70115500000000, 0xdd00e26000000000, 0x2e90105600000000,
+    0x3b21070d00000000, 0xc8b1f53b00000000, 0x114328bb00000000,
+    0xe2d3da8d00000000, 0xf762cdd600000000, 0x04f23fe000000000,
+    0x0481070c00000000, 0xf711f53a00000000, 0xe2a0e26100000000,
+    0x1130105700000000, 0xc8c2cdd700000000, 0x3b523fe100000000,
+    0x2ee328ba00000000, 0xdd73da8c00000000, 0xd502ed7800000000,
+    0x26921f4e00000000, 0x3323081500000000, 0xc0b3fa2300000000,
+    0x194127a300000000, 0xead1d59500000000, 0xff60c2ce00000000,
+    0x0cf030f800000000, 0x0c83081400000000, 0xff13fa2200000000,
+    0xeaa2ed7900000000, 0x19321f4f00000000, 0xc0c0c2cf00000000,
+    0x335030f900000000, 0x26e127a200000000, 0xd571d59400000000,
+    0x670126a100000000, 0x9491d49700000000, 0x8120c3cc00000000,
+    0x72b031fa00000000, 0xab42ec7a00000000, 0x58d21e4c00000000,
+    0x4d63091700000000, 0xbef3fb2100000000, 0xbe80c3cd00000000,
+    0x4d1031fb00000000, 0x58a126a000000000, 0xab31d49600000000,
+    0x72c3091600000000, 0x8153fb2000000000, 0x94e2ec7b00000000,
+    0x67721e4d00000000, 0xf0030a1000000000, 0x0393f82600000000,
+    0x1622ef7d00000000, 0xe5b21d4b00000000, 0x3c40c0cb00000000,
+    0xcfd032fd00000000, 0xda6125a600000000, 0x29f1d79000000000,
+    0x2982ef7c00000000, 0xda121d4a00000000, 0xcfa30a1100000000,
+    0x3c33f82700000000, 0xe5c125a700000000, 0x1651d79100000000,
+    0x03e0c0ca00000000, 0xf07032fc00000000, 0x4200c1c900000000,
+    0xb19033ff00000000, 0xa42124a400000000, 0x57b1d69200000000,
+    0x8e430b1200000000, 0x7dd3f92400000000, 0x6862ee7f00000000,
+    0x9bf21c4900000000, 0x9b8124a500000000, 0x6811d69300000000,
+    0x7da0c1c800000000, 0x8e3033fe00000000, 0x57c2ee7e00000000,
+    0xa4521c4800000000, 0xb1e30b1300000000, 0x4273f92500000000,
+    0x9f0023a900000000, 0x6c90d19f00000000, 0x7921c6c400000000,
+    0x8ab134f200000000, 0x5343e97200000000, 0xa0d31b4400000000,
+    0xb5620c1f00000000, 0x46f2fe2900000000, 0x4681c6c500000000,
+    0xb51134f300000000, 0xa0a023a800000000, 0x5330d19e00000000,
+    0x8ac20c1e00000000, 0x7952fe2800000000, 0x6ce3e97300000000,
+    0x9f731b4500000000, 0x2d03e87000000000, 0xde931a4600000000,
+    0xcb220d1d00000000, 0x38b2ff2b00000000, 0xe14022ab00000000,
+    0x12d0d09d00000000, 0x0761c7c600000000, 0xf4f135f000000000,
+    0xf4820d1c00000000, 0x0712ff2a00000000, 0x12a3e87100000000,
+    0xe1331a4700000000, 0x38c1c7c700000000, 0xcb5135f100000000,
+    0xdee022aa00000000, 0x2d70d09c00000000, 0xba01c4c100000000,
+    0x499136f700000000, 0x5c2021ac00000000, 0xafb0d39a00000000,
+    0x76420e1a00000000, 0x85d2fc2c00000000, 0x9063eb7700000000,
+    0x63f3194100000000, 0x638021ad00000000, 0x9010d39b00000000,
+    0x85a1c4c000000000, 0x763136f600000000, 0xafc3eb7600000000,
+    0x5c53194000000000, 0x49e20e1b00000000, 0xba72fc2d00000000,
+    0x08020f1800000000, 0xfb92fd2e00000000, 0xee23ea7500000000,
+    0x1db3184300000000, 0xc441c5c300000000, 0x37d137f500000000,
+    0x226020ae00000000, 0xd1f0d29800000000, 0xd183ea7400000000,
+    0x2213184200000000, 0x37a20f1900000000, 0xc432fd2f00000000,
+    0x1dc020af00000000, 0xee50d29900000000, 0xfbe1c5c200000000,
+    0x087137f400000000},
+   {0x0000000000000000, 0x3651822400000000, 0x6ca2044900000000,
+    0x5af3866d00000000, 0xd844099200000000, 0xee158bb600000000,
+    0xb4e60ddb00000000, 0x82b78fff00000000, 0xf18f63ff00000000,
+    0xc7dee1db00000000, 0x9d2d67b600000000, 0xab7ce59200000000,
+    0x29cb6a6d00000000, 0x1f9ae84900000000, 0x45696e2400000000,
+    0x7338ec0000000000, 0xa319b62500000000, 0x9548340100000000,
+    0xcfbbb26c00000000, 0xf9ea304800000000, 0x7b5dbfb700000000,
+    0x4d0c3d9300000000, 0x17ffbbfe00000000, 0x21ae39da00000000,
+    0x5296d5da00000000, 0x64c757fe00000000, 0x3e34d19300000000,
+    0x086553b700000000, 0x8ad2dc4800000000, 0xbc835e6c00000000,
+    0xe670d80100000000, 0xd0215a2500000000, 0x46336c4b00000000,
+    0x7062ee6f00000000, 0x2a91680200000000, 0x1cc0ea2600000000,
+    0x9e7765d900000000, 0xa826e7fd00000000, 0xf2d5619000000000,
+    0xc484e3b400000000, 0xb7bc0fb400000000, 0x81ed8d9000000000,
+    0xdb1e0bfd00000000, 0xed4f89d900000000, 0x6ff8062600000000,
+    0x59a9840200000000, 0x035a026f00000000, 0x350b804b00000000,
+    0xe52ada6e00000000, 0xd37b584a00000000, 0x8988de2700000000,
+    0xbfd95c0300000000, 0x3d6ed3fc00000000, 0x0b3f51d800000000,
+    0x51ccd7b500000000, 0x679d559100000000, 0x14a5b99100000000,
+    0x22f43bb500000000, 0x7807bdd800000000, 0x4e563ffc00000000,
+    0xcce1b00300000000, 0xfab0322700000000, 0xa043b44a00000000,
+    0x9612366e00000000, 0x8c66d89600000000, 0xba375ab200000000,
+    0xe0c4dcdf00000000, 0xd6955efb00000000, 0x5422d10400000000,
+    0x6273532000000000, 0x3880d54d00000000, 0x0ed1576900000000,
+    0x7de9bb6900000000, 0x4bb8394d00000000, 0x114bbf2000000000,
+    0x271a3d0400000000, 0xa5adb2fb00000000, 0x93fc30df00000000,
+    0xc90fb6b200000000, 0xff5e349600000000, 0x2f7f6eb300000000,
+    0x192eec9700000000, 0x43dd6afa00000000, 0x758ce8de00000000,
+    0xf73b672100000000, 0xc16ae50500000000, 0x9b99636800000000,
+    0xadc8e14c00000000, 0xdef00d4c00000000, 0xe8a18f6800000000,
+    0xb252090500000000, 0x84038b2100000000, 0x06b404de00000000,
+    0x30e586fa00000000, 0x6a16009700000000, 0x5c4782b300000000,
+    0xca55b4dd00000000, 0xfc0436f900000000, 0xa6f7b09400000000,
+    0x90a632b000000000, 0x1211bd4f00000000, 0x24403f6b00000000,
+    0x7eb3b90600000000, 0x48e23b2200000000, 0x3bdad72200000000,
+    0x0d8b550600000000, 0x5778d36b00000000, 0x6129514f00000000,
+    0xe39edeb000000000, 0xd5cf5c9400000000, 0x8f3cdaf900000000,
+    0xb96d58dd00000000, 0x694c02f800000000, 0x5f1d80dc00000000,
+    0x05ee06b100000000, 0x33bf849500000000, 0xb1080b6a00000000,
+    0x8759894e00000000, 0xddaa0f2300000000, 0xebfb8d0700000000,
+    0x98c3610700000000, 0xae92e32300000000, 0xf461654e00000000,
+    0xc230e76a00000000, 0x4087689500000000, 0x76d6eab100000000,
+    0x2c256cdc00000000, 0x1a74eef800000000, 0x59cbc1f600000000,
+    0x6f9a43d200000000, 0x3569c5bf00000000, 0x0338479b00000000,
+    0x818fc86400000000, 0xb7de4a4000000000, 0xed2dcc2d00000000,
+    0xdb7c4e0900000000, 0xa844a20900000000, 0x9e15202d00000000,
+    0xc4e6a64000000000, 0xf2b7246400000000, 0x7000ab9b00000000,
+    0x465129bf00000000, 0x1ca2afd200000000, 0x2af32df600000000,
+    0xfad277d300000000, 0xcc83f5f700000000, 0x9670739a00000000,
+    0xa021f1be00000000, 0x22967e4100000000, 0x14c7fc6500000000,
+    0x4e347a0800000000, 0x7865f82c00000000, 0x0b5d142c00000000,
+    0x3d0c960800000000, 0x67ff106500000000, 0x51ae924100000000,
+    0xd3191dbe00000000, 0xe5489f9a00000000, 0xbfbb19f700000000,
+    0x89ea9bd300000000, 0x1ff8adbd00000000, 0x29a92f9900000000,
+    0x735aa9f400000000, 0x450b2bd000000000, 0xc7bca42f00000000,
+    0xf1ed260b00000000, 0xab1ea06600000000, 0x9d4f224200000000,
+    0xee77ce4200000000, 0xd8264c6600000000, 0x82d5ca0b00000000,
+    0xb484482f00000000, 0x3633c7d000000000, 0x006245f400000000,
+    0x5a91c39900000000, 0x6cc041bd00000000, 0xbce11b9800000000,
+    0x8ab099bc00000000, 0xd0431fd100000000, 0xe6129df500000000,
+    0x64a5120a00000000, 0x52f4902e00000000, 0x0807164300000000,
+    0x3e56946700000000, 0x4d6e786700000000, 0x7b3ffa4300000000,
+    0x21cc7c2e00000000, 0x179dfe0a00000000, 0x952a71f500000000,
+    0xa37bf3d100000000, 0xf98875bc00000000, 0xcfd9f79800000000,
+    0xd5ad196000000000, 0xe3fc9b4400000000, 0xb90f1d2900000000,
+    0x8f5e9f0d00000000, 0x0de910f200000000, 0x3bb892d600000000,
+    0x614b14bb00000000, 0x571a969f00000000, 0x24227a9f00000000,
+    0x1273f8bb00000000, 0x48807ed600000000, 0x7ed1fcf200000000,
+    0xfc66730d00000000, 0xca37f12900000000, 0x90c4774400000000,
+    0xa695f56000000000, 0x76b4af4500000000, 0x40e52d6100000000,
+    0x1a16ab0c00000000, 0x2c47292800000000, 0xaef0a6d700000000,
+    0x98a124f300000000, 0xc252a29e00000000, 0xf40320ba00000000,
+    0x873bccba00000000, 0xb16a4e9e00000000, 0xeb99c8f300000000,
+    0xddc84ad700000000, 0x5f7fc52800000000, 0x692e470c00000000,
+    0x33ddc16100000000, 0x058c434500000000, 0x939e752b00000000,
+    0xa5cff70f00000000, 0xff3c716200000000, 0xc96df34600000000,
+    0x4bda7cb900000000, 0x7d8bfe9d00000000, 0x277878f000000000,
+    0x1129fad400000000, 0x621116d400000000, 0x544094f000000000,
+    0x0eb3129d00000000, 0x38e290b900000000, 0xba551f4600000000,
+    0x8c049d6200000000, 0xd6f71b0f00000000, 0xe0a6992b00000000,
+    0x3087c30e00000000, 0x06d6412a00000000, 0x5c25c74700000000,
+    0x6a74456300000000, 0xe8c3ca9c00000000, 0xde9248b800000000,
+    0x8461ced500000000, 0xb2304cf100000000, 0xc108a0f100000000,
+    0xf75922d500000000, 0xadaaa4b800000000, 0x9bfb269c00000000,
+    0x194ca96300000000, 0x2f1d2b4700000000, 0x75eead2a00000000,
+    0x43bf2f0e00000000},
+   {0x0000000000000000, 0xc8179ecf00000000, 0xd1294d4400000000,
+    0x193ed38b00000000, 0xa2539a8800000000, 0x6a44044700000000,
+    0x737ad7cc00000000, 0xbb6d490300000000, 0x05a145ca00000000,
+    0xcdb6db0500000000, 0xd488088e00000000, 0x1c9f964100000000,
+    0xa7f2df4200000000, 0x6fe5418d00000000, 0x76db920600000000,
+    0xbecc0cc900000000, 0x4b44fa4f00000000, 0x8353648000000000,
+    0x9a6db70b00000000, 0x527a29c400000000, 0xe91760c700000000,
+    0x2100fe0800000000, 0x383e2d8300000000, 0xf029b34c00000000,
+    0x4ee5bf8500000000, 0x86f2214a00000000, 0x9fccf2c100000000,
+    0x57db6c0e00000000, 0xecb6250d00000000, 0x24a1bbc200000000,
+    0x3d9f684900000000, 0xf588f68600000000, 0x9688f49f00000000,
+    0x5e9f6a5000000000, 0x47a1b9db00000000, 0x8fb6271400000000,
+    0x34db6e1700000000, 0xfcccf0d800000000, 0xe5f2235300000000,
+    0x2de5bd9c00000000, 0x9329b15500000000, 0x5b3e2f9a00000000,
+    0x4200fc1100000000, 0x8a1762de00000000, 0x317a2bdd00000000,
+    0xf96db51200000000, 0xe053669900000000, 0x2844f85600000000,
+    0xddcc0ed000000000, 0x15db901f00000000, 0x0ce5439400000000,
+    0xc4f2dd5b00000000, 0x7f9f945800000000, 0xb7880a9700000000,
+    0xaeb6d91c00000000, 0x66a147d300000000, 0xd86d4b1a00000000,
+    0x107ad5d500000000, 0x0944065e00000000, 0xc153989100000000,
+    0x7a3ed19200000000, 0xb2294f5d00000000, 0xab179cd600000000,
+    0x6300021900000000, 0x6d1798e400000000, 0xa500062b00000000,
+    0xbc3ed5a000000000, 0x74294b6f00000000, 0xcf44026c00000000,
+    0x07539ca300000000, 0x1e6d4f2800000000, 0xd67ad1e700000000,
+    0x68b6dd2e00000000, 0xa0a143e100000000, 0xb99f906a00000000,
+    0x71880ea500000000, 0xcae547a600000000, 0x02f2d96900000000,
+    0x1bcc0ae200000000, 0xd3db942d00000000, 0x265362ab00000000,
+    0xee44fc6400000000, 0xf77a2fef00000000, 0x3f6db12000000000,
+    0x8400f82300000000, 0x4c1766ec00000000, 0x5529b56700000000,
+    0x9d3e2ba800000000, 0x23f2276100000000, 0xebe5b9ae00000000,
+    0xf2db6a2500000000, 0x3accf4ea00000000, 0x81a1bde900000000,
+    0x49b6232600000000, 0x5088f0ad00000000, 0x989f6e6200000000,
+    0xfb9f6c7b00000000, 0x3388f2b400000000, 0x2ab6213f00000000,
+    0xe2a1bff000000000, 0x59ccf6f300000000, 0x91db683c00000000,
+    0x88e5bbb700000000, 0x40f2257800000000, 0xfe3e29b100000000,
+    0x3629b77e00000000, 0x2f1764f500000000, 0xe700fa3a00000000,
+    0x5c6db33900000000, 0x947a2df600000000, 0x8d44fe7d00000000,
+    0x455360b200000000, 0xb0db963400000000, 0x78cc08fb00000000,
+    0x61f2db7000000000, 0xa9e545bf00000000, 0x12880cbc00000000,
+    0xda9f927300000000, 0xc3a141f800000000, 0x0bb6df3700000000,
+    0xb57ad3fe00000000, 0x7d6d4d3100000000, 0x64539eba00000000,
+    0xac44007500000000, 0x1729497600000000, 0xdf3ed7b900000000,
+    0xc600043200000000, 0x0e179afd00000000, 0x9b28411200000000,
+    0x533fdfdd00000000, 0x4a010c5600000000, 0x8216929900000000,
+    0x397bdb9a00000000, 0xf16c455500000000, 0xe85296de00000000,
+    0x2045081100000000, 0x9e8904d800000000, 0x569e9a1700000000,
+    0x4fa0499c00000000, 0x87b7d75300000000, 0x3cda9e5000000000,
+    0xf4cd009f00000000, 0xedf3d31400000000, 0x25e44ddb00000000,
+    0xd06cbb5d00000000, 0x187b259200000000, 0x0145f61900000000,
+    0xc95268d600000000, 0x723f21d500000000, 0xba28bf1a00000000,
+    0xa3166c9100000000, 0x6b01f25e00000000, 0xd5cdfe9700000000,
+    0x1dda605800000000, 0x04e4b3d300000000, 0xccf32d1c00000000,
+    0x779e641f00000000, 0xbf89fad000000000, 0xa6b7295b00000000,
+    0x6ea0b79400000000, 0x0da0b58d00000000, 0xc5b72b4200000000,
+    0xdc89f8c900000000, 0x149e660600000000, 0xaff32f0500000000,
+    0x67e4b1ca00000000, 0x7eda624100000000, 0xb6cdfc8e00000000,
+    0x0801f04700000000, 0xc0166e8800000000, 0xd928bd0300000000,
+    0x113f23cc00000000, 0xaa526acf00000000, 0x6245f40000000000,
+    0x7b7b278b00000000, 0xb36cb94400000000, 0x46e44fc200000000,
+    0x8ef3d10d00000000, 0x97cd028600000000, 0x5fda9c4900000000,
+    0xe4b7d54a00000000, 0x2ca04b8500000000, 0x359e980e00000000,
+    0xfd8906c100000000, 0x43450a0800000000, 0x8b5294c700000000,
+    0x926c474c00000000, 0x5a7bd98300000000, 0xe116908000000000,
+    0x29010e4f00000000, 0x303fddc400000000, 0xf828430b00000000,
+    0xf63fd9f600000000, 0x3e28473900000000, 0x271694b200000000,
+    0xef010a7d00000000, 0x546c437e00000000, 0x9c7bddb100000000,
+    0x85450e3a00000000, 0x4d5290f500000000, 0xf39e9c3c00000000,
+    0x3b8902f300000000, 0x22b7d17800000000, 0xeaa04fb700000000,
+    0x51cd06b400000000, 0x99da987b00000000, 0x80e44bf000000000,
+    0x48f3d53f00000000, 0xbd7b23b900000000, 0x756cbd7600000000,
+    0x6c526efd00000000, 0xa445f03200000000, 0x1f28b93100000000,
+    0xd73f27fe00000000, 0xce01f47500000000, 0x06166aba00000000,
+    0xb8da667300000000, 0x70cdf8bc00000000, 0x69f32b3700000000,
+    0xa1e4b5f800000000, 0x1a89fcfb00000000, 0xd29e623400000000,
+    0xcba0b1bf00000000, 0x03b72f7000000000, 0x60b72d6900000000,
+    0xa8a0b3a600000000, 0xb19e602d00000000, 0x7989fee200000000,
+    0xc2e4b7e100000000, 0x0af3292e00000000, 0x13cdfaa500000000,
+    0xdbda646a00000000, 0x651668a300000000, 0xad01f66c00000000,
+    0xb43f25e700000000, 0x7c28bb2800000000, 0xc745f22b00000000,
+    0x0f526ce400000000, 0x166cbf6f00000000, 0xde7b21a000000000,
+    0x2bf3d72600000000, 0xe3e449e900000000, 0xfada9a6200000000,
+    0x32cd04ad00000000, 0x89a04dae00000000, 0x41b7d36100000000,
+    0x588900ea00000000, 0x909e9e2500000000, 0x2e5292ec00000000,
+    0xe6450c2300000000, 0xff7bdfa800000000, 0x376c416700000000,
+    0x8c01086400000000, 0x441696ab00000000, 0x5d28452000000000,
+    0x953fdbef00000000},
+   {0x0000000000000000, 0x95d4709500000000, 0x6baf90f100000000,
+    0xfe7be06400000000, 0x9758503800000000, 0x028c20ad00000000,
+    0xfcf7c0c900000000, 0x6923b05c00000000, 0x2eb1a07000000000,
+    0xbb65d0e500000000, 0x451e308100000000, 0xd0ca401400000000,
+    0xb9e9f04800000000, 0x2c3d80dd00000000, 0xd24660b900000000,
+    0x4792102c00000000, 0x5c6241e100000000, 0xc9b6317400000000,
+    0x37cdd11000000000, 0xa219a18500000000, 0xcb3a11d900000000,
+    0x5eee614c00000000, 0xa095812800000000, 0x3541f1bd00000000,
+    0x72d3e19100000000, 0xe707910400000000, 0x197c716000000000,
+    0x8ca801f500000000, 0xe58bb1a900000000, 0x705fc13c00000000,
+    0x8e24215800000000, 0x1bf051cd00000000, 0xf9c2f31900000000,
+    0x6c16838c00000000, 0x926d63e800000000, 0x07b9137d00000000,
+    0x6e9aa32100000000, 0xfb4ed3b400000000, 0x053533d000000000,
+    0x90e1434500000000, 0xd773536900000000, 0x42a723fc00000000,
+    0xbcdcc39800000000, 0x2908b30d00000000, 0x402b035100000000,
+    0xd5ff73c400000000, 0x2b8493a000000000, 0xbe50e33500000000,
+    0xa5a0b2f800000000, 0x3074c26d00000000, 0xce0f220900000000,
+    0x5bdb529c00000000, 0x32f8e2c000000000, 0xa72c925500000000,
+    0x5957723100000000, 0xcc8302a400000000, 0x8b11128800000000,
+    0x1ec5621d00000000, 0xe0be827900000000, 0x756af2ec00000000,
+    0x1c4942b000000000, 0x899d322500000000, 0x77e6d24100000000,
+    0xe232a2d400000000, 0xf285e73300000000, 0x675197a600000000,
+    0x992a77c200000000, 0x0cfe075700000000, 0x65ddb70b00000000,
+    0xf009c79e00000000, 0x0e7227fa00000000, 0x9ba6576f00000000,
+    0xdc34474300000000, 0x49e037d600000000, 0xb79bd7b200000000,
+    0x224fa72700000000, 0x4b6c177b00000000, 0xdeb867ee00000000,
+    0x20c3878a00000000, 0xb517f71f00000000, 0xaee7a6d200000000,
+    0x3b33d64700000000, 0xc548362300000000, 0x509c46b600000000,
+    0x39bff6ea00000000, 0xac6b867f00000000, 0x5210661b00000000,
+    0xc7c4168e00000000, 0x805606a200000000, 0x1582763700000000,
+    0xebf9965300000000, 0x7e2de6c600000000, 0x170e569a00000000,
+    0x82da260f00000000, 0x7ca1c66b00000000, 0xe975b6fe00000000,
+    0x0b47142a00000000, 0x9e9364bf00000000, 0x60e884db00000000,
+    0xf53cf44e00000000, 0x9c1f441200000000, 0x09cb348700000000,
+    0xf7b0d4e300000000, 0x6264a47600000000, 0x25f6b45a00000000,
+    0xb022c4cf00000000, 0x4e5924ab00000000, 0xdb8d543e00000000,
+    0xb2aee46200000000, 0x277a94f700000000, 0xd901749300000000,
+    0x4cd5040600000000, 0x572555cb00000000, 0xc2f1255e00000000,
+    0x3c8ac53a00000000, 0xa95eb5af00000000, 0xc07d05f300000000,
+    0x55a9756600000000, 0xabd2950200000000, 0x3e06e59700000000,
+    0x7994f5bb00000000, 0xec40852e00000000, 0x123b654a00000000,
+    0x87ef15df00000000, 0xeecca58300000000, 0x7b18d51600000000,
+    0x8563357200000000, 0x10b745e700000000, 0xe40bcf6700000000,
+    0x71dfbff200000000, 0x8fa45f9600000000, 0x1a702f0300000000,
+    0x73539f5f00000000, 0xe687efca00000000, 0x18fc0fae00000000,
+    0x8d287f3b00000000, 0xcaba6f1700000000, 0x5f6e1f8200000000,
+    0xa115ffe600000000, 0x34c18f7300000000, 0x5de23f2f00000000,
+    0xc8364fba00000000, 0x364dafde00000000, 0xa399df4b00000000,
+    0xb8698e8600000000, 0x2dbdfe1300000000, 0xd3c61e7700000000,
+    0x46126ee200000000, 0x2f31debe00000000, 0xbae5ae2b00000000,
+    0x449e4e4f00000000, 0xd14a3eda00000000, 0x96d82ef600000000,
+    0x030c5e6300000000, 0xfd77be0700000000, 0x68a3ce9200000000,
+    0x01807ece00000000, 0x94540e5b00000000, 0x6a2fee3f00000000,
+    0xfffb9eaa00000000, 0x1dc93c7e00000000, 0x881d4ceb00000000,
+    0x7666ac8f00000000, 0xe3b2dc1a00000000, 0x8a916c4600000000,
+    0x1f451cd300000000, 0xe13efcb700000000, 0x74ea8c2200000000,
+    0x33789c0e00000000, 0xa6acec9b00000000, 0x58d70cff00000000,
+    0xcd037c6a00000000, 0xa420cc3600000000, 0x31f4bca300000000,
+    0xcf8f5cc700000000, 0x5a5b2c5200000000, 0x41ab7d9f00000000,
+    0xd47f0d0a00000000, 0x2a04ed6e00000000, 0xbfd09dfb00000000,
+    0xd6f32da700000000, 0x43275d3200000000, 0xbd5cbd5600000000,
+    0x2888cdc300000000, 0x6f1addef00000000, 0xfacead7a00000000,
+    0x04b54d1e00000000, 0x91613d8b00000000, 0xf8428dd700000000,
+    0x6d96fd4200000000, 0x93ed1d2600000000, 0x06396db300000000,
+    0x168e285400000000, 0x835a58c100000000, 0x7d21b8a500000000,
+    0xe8f5c83000000000, 0x81d6786c00000000, 0x140208f900000000,
+    0xea79e89d00000000, 0x7fad980800000000, 0x383f882400000000,
+    0xadebf8b100000000, 0x539018d500000000, 0xc644684000000000,
+    0xaf67d81c00000000, 0x3ab3a88900000000, 0xc4c848ed00000000,
+    0x511c387800000000, 0x4aec69b500000000, 0xdf38192000000000,
+    0x2143f94400000000, 0xb49789d100000000, 0xddb4398d00000000,
+    0x4860491800000000, 0xb61ba97c00000000, 0x23cfd9e900000000,
+    0x645dc9c500000000, 0xf189b95000000000, 0x0ff2593400000000,
+    0x9a2629a100000000, 0xf30599fd00000000, 0x66d1e96800000000,
+    0x98aa090c00000000, 0x0d7e799900000000, 0xef4cdb4d00000000,
+    0x7a98abd800000000, 0x84e34bbc00000000, 0x11373b2900000000,
+    0x78148b7500000000, 0xedc0fbe000000000, 0x13bb1b8400000000,
+    0x866f6b1100000000, 0xc1fd7b3d00000000, 0x54290ba800000000,
+    0xaa52ebcc00000000, 0x3f869b5900000000, 0x56a52b0500000000,
+    0xc3715b9000000000, 0x3d0abbf400000000, 0xa8decb6100000000,
+    0xb32e9aac00000000, 0x26faea3900000000, 0xd8810a5d00000000,
+    0x4d557ac800000000, 0x2476ca9400000000, 0xb1a2ba0100000000,
+    0x4fd95a6500000000, 0xda0d2af000000000, 0x9d9f3adc00000000,
+    0x084b4a4900000000, 0xf630aa2d00000000, 0x63e4dab800000000,
+    0x0ac76ae400000000, 0x9f131a7100000000, 0x6168fa1500000000,
+    0xf4bc8a8000000000},
+   {0x0000000000000000, 0x1f17f08000000000, 0x7f2891da00000000,
+    0x603f615a00000000, 0xbf56536e00000000, 0xa041a3ee00000000,
+    0xc07ec2b400000000, 0xdf69323400000000, 0x7eada6dc00000000,
+    0x61ba565c00000000, 0x0185370600000000, 0x1e92c78600000000,
+    0xc1fbf5b200000000, 0xdeec053200000000, 0xbed3646800000000,
+    0xa1c494e800000000, 0xbd5c3c6200000000, 0xa24bcce200000000,
+    0xc274adb800000000, 0xdd635d3800000000, 0x020a6f0c00000000,
+    0x1d1d9f8c00000000, 0x7d22fed600000000, 0x62350e5600000000,
+    0xc3f19abe00000000, 0xdce66a3e00000000, 0xbcd90b6400000000,
+    0xa3cefbe400000000, 0x7ca7c9d000000000, 0x63b0395000000000,
+    0x038f580a00000000, 0x1c98a88a00000000, 0x7ab978c400000000,
+    0x65ae884400000000, 0x0591e91e00000000, 0x1a86199e00000000,
+    0xc5ef2baa00000000, 0xdaf8db2a00000000, 0xbac7ba7000000000,
+    0xa5d04af000000000, 0x0414de1800000000, 0x1b032e9800000000,
+    0x7b3c4fc200000000, 0x642bbf4200000000, 0xbb428d7600000000,
+    0xa4557df600000000, 0xc46a1cac00000000, 0xdb7dec2c00000000,
+    0xc7e544a600000000, 0xd8f2b42600000000, 0xb8cdd57c00000000,
+    0xa7da25fc00000000, 0x78b317c800000000, 0x67a4e74800000000,
+    0x079b861200000000, 0x188c769200000000, 0xb948e27a00000000,
+    0xa65f12fa00000000, 0xc66073a000000000, 0xd977832000000000,
+    0x061eb11400000000, 0x1909419400000000, 0x793620ce00000000,
+    0x6621d04e00000000, 0xb574805300000000, 0xaa6370d300000000,
+    0xca5c118900000000, 0xd54be10900000000, 0x0a22d33d00000000,
+    0x153523bd00000000, 0x750a42e700000000, 0x6a1db26700000000,
+    0xcbd9268f00000000, 0xd4ced60f00000000, 0xb4f1b75500000000,
+    0xabe647d500000000, 0x748f75e100000000, 0x6b98856100000000,
+    0x0ba7e43b00000000, 0x14b014bb00000000, 0x0828bc3100000000,
+    0x173f4cb100000000, 0x77002deb00000000, 0x6817dd6b00000000,
+    0xb77eef5f00000000, 0xa8691fdf00000000, 0xc8567e8500000000,
+    0xd7418e0500000000, 0x76851aed00000000, 0x6992ea6d00000000,
+    0x09ad8b3700000000, 0x16ba7bb700000000, 0xc9d3498300000000,
+    0xd6c4b90300000000, 0xb6fbd85900000000, 0xa9ec28d900000000,
+    0xcfcdf89700000000, 0xd0da081700000000, 0xb0e5694d00000000,
+    0xaff299cd00000000, 0x709babf900000000, 0x6f8c5b7900000000,
+    0x0fb33a2300000000, 0x10a4caa300000000, 0xb1605e4b00000000,
+    0xae77aecb00000000, 0xce48cf9100000000, 0xd15f3f1100000000,
+    0x0e360d2500000000, 0x1121fda500000000, 0x711e9cff00000000,
+    0x6e096c7f00000000, 0x7291c4f500000000, 0x6d86347500000000,
+    0x0db9552f00000000, 0x12aea5af00000000, 0xcdc7979b00000000,
+    0xd2d0671b00000000, 0xb2ef064100000000, 0xadf8f6c100000000,
+    0x0c3c622900000000, 0x132b92a900000000, 0x7314f3f300000000,
+    0x6c03037300000000, 0xb36a314700000000, 0xac7dc1c700000000,
+    0xcc42a09d00000000, 0xd355501d00000000, 0x6ae900a700000000,
+    0x75fef02700000000, 0x15c1917d00000000, 0x0ad661fd00000000,
+    0xd5bf53c900000000, 0xcaa8a34900000000, 0xaa97c21300000000,
+    0xb580329300000000, 0x1444a67b00000000, 0x0b5356fb00000000,
+    0x6b6c37a100000000, 0x747bc72100000000, 0xab12f51500000000,
+    0xb405059500000000, 0xd43a64cf00000000, 0xcb2d944f00000000,
+    0xd7b53cc500000000, 0xc8a2cc4500000000, 0xa89dad1f00000000,
+    0xb78a5d9f00000000, 0x68e36fab00000000, 0x77f49f2b00000000,
+    0x17cbfe7100000000, 0x08dc0ef100000000, 0xa9189a1900000000,
+    0xb60f6a9900000000, 0xd6300bc300000000, 0xc927fb4300000000,
+    0x164ec97700000000, 0x095939f700000000, 0x696658ad00000000,
+    0x7671a82d00000000, 0x1050786300000000, 0x0f4788e300000000,
+    0x6f78e9b900000000, 0x706f193900000000, 0xaf062b0d00000000,
+    0xb011db8d00000000, 0xd02ebad700000000, 0xcf394a5700000000,
+    0x6efddebf00000000, 0x71ea2e3f00000000, 0x11d54f6500000000,
+    0x0ec2bfe500000000, 0xd1ab8dd100000000, 0xcebc7d5100000000,
+    0xae831c0b00000000, 0xb194ec8b00000000, 0xad0c440100000000,
+    0xb21bb48100000000, 0xd224d5db00000000, 0xcd33255b00000000,
+    0x125a176f00000000, 0x0d4de7ef00000000, 0x6d7286b500000000,
+    0x7265763500000000, 0xd3a1e2dd00000000, 0xccb6125d00000000,
+    0xac89730700000000, 0xb39e838700000000, 0x6cf7b1b300000000,
+    0x73e0413300000000, 0x13df206900000000, 0x0cc8d0e900000000,
+    0xdf9d80f400000000, 0xc08a707400000000, 0xa0b5112e00000000,
+    0xbfa2e1ae00000000, 0x60cbd39a00000000, 0x7fdc231a00000000,
+    0x1fe3424000000000, 0x00f4b2c000000000, 0xa130262800000000,
+    0xbe27d6a800000000, 0xde18b7f200000000, 0xc10f477200000000,
+    0x1e66754600000000, 0x017185c600000000, 0x614ee49c00000000,
+    0x7e59141c00000000, 0x62c1bc9600000000, 0x7dd64c1600000000,
+    0x1de92d4c00000000, 0x02feddcc00000000, 0xdd97eff800000000,
+    0xc2801f7800000000, 0xa2bf7e2200000000, 0xbda88ea200000000,
+    0x1c6c1a4a00000000, 0x037beaca00000000, 0x63448b9000000000,
+    0x7c537b1000000000, 0xa33a492400000000, 0xbc2db9a400000000,
+    0xdc12d8fe00000000, 0xc305287e00000000, 0xa524f83000000000,
+    0xba3308b000000000, 0xda0c69ea00000000, 0xc51b996a00000000,
+    0x1a72ab5e00000000, 0x05655bde00000000, 0x655a3a8400000000,
+    0x7a4dca0400000000, 0xdb895eec00000000, 0xc49eae6c00000000,
+    0xa4a1cf3600000000, 0xbbb63fb600000000, 0x64df0d8200000000,
+    0x7bc8fd0200000000, 0x1bf79c5800000000, 0x04e06cd800000000,
+    0x1878c45200000000, 0x076f34d200000000, 0x6750558800000000,
+    0x7847a50800000000, 0xa72e973c00000000, 0xb83967bc00000000,
+    0xd80606e600000000, 0xc711f66600000000, 0x66d5628e00000000,
+    0x79c2920e00000000, 0x19fdf35400000000, 0x06ea03d400000000,
+    0xd98331e000000000, 0xc694c16000000000, 0xa6aba03a00000000,
+    0xb9bc50ba00000000},
+   {0x0000000000000000, 0xe2fd888d00000000, 0x85fd60c000000000,
+    0x6700e84d00000000, 0x4bfdb05b00000000, 0xa90038d600000000,
+    0xce00d09b00000000, 0x2cfd581600000000, 0x96fa61b700000000,
+    0x7407e93a00000000, 0x1307017700000000, 0xf1fa89fa00000000,
+    0xdd07d1ec00000000, 0x3ffa596100000000, 0x58fab12c00000000,
+    0xba0739a100000000, 0x6df3b2b500000000, 0x8f0e3a3800000000,
+    0xe80ed27500000000, 0x0af35af800000000, 0x260e02ee00000000,
+    0xc4f38a6300000000, 0xa3f3622e00000000, 0x410eeaa300000000,
+    0xfb09d30200000000, 0x19f45b8f00000000, 0x7ef4b3c200000000,
+    0x9c093b4f00000000, 0xb0f4635900000000, 0x5209ebd400000000,
+    0x3509039900000000, 0xd7f48b1400000000, 0x9be014b000000000,
+    0x791d9c3d00000000, 0x1e1d747000000000, 0xfce0fcfd00000000,
+    0xd01da4eb00000000, 0x32e02c6600000000, 0x55e0c42b00000000,
+    0xb71d4ca600000000, 0x0d1a750700000000, 0xefe7fd8a00000000,
+    0x88e715c700000000, 0x6a1a9d4a00000000, 0x46e7c55c00000000,
+    0xa41a4dd100000000, 0xc31aa59c00000000, 0x21e72d1100000000,
+    0xf613a60500000000, 0x14ee2e8800000000, 0x73eec6c500000000,
+    0x91134e4800000000, 0xbdee165e00000000, 0x5f139ed300000000,
+    0x3813769e00000000, 0xdaeefe1300000000, 0x60e9c7b200000000,
+    0x82144f3f00000000, 0xe514a77200000000, 0x07e92fff00000000,
+    0x2b1477e900000000, 0xc9e9ff6400000000, 0xaee9172900000000,
+    0x4c149fa400000000, 0x77c758bb00000000, 0x953ad03600000000,
+    0xf23a387b00000000, 0x10c7b0f600000000, 0x3c3ae8e000000000,
+    0xdec7606d00000000, 0xb9c7882000000000, 0x5b3a00ad00000000,
+    0xe13d390c00000000, 0x03c0b18100000000, 0x64c059cc00000000,
+    0x863dd14100000000, 0xaac0895700000000, 0x483d01da00000000,
+    0x2f3de99700000000, 0xcdc0611a00000000, 0x1a34ea0e00000000,
+    0xf8c9628300000000, 0x9fc98ace00000000, 0x7d34024300000000,
+    0x51c95a5500000000, 0xb334d2d800000000, 0xd4343a9500000000,
+    0x36c9b21800000000, 0x8cce8bb900000000, 0x6e33033400000000,
+    0x0933eb7900000000, 0xebce63f400000000, 0xc7333be200000000,
+    0x25ceb36f00000000, 0x42ce5b2200000000, 0xa033d3af00000000,
+    0xec274c0b00000000, 0x0edac48600000000, 0x69da2ccb00000000,
+    0x8b27a44600000000, 0xa7dafc5000000000, 0x452774dd00000000,
+    0x22279c9000000000, 0xc0da141d00000000, 0x7add2dbc00000000,
+    0x9820a53100000000, 0xff204d7c00000000, 0x1dddc5f100000000,
+    0x31209de700000000, 0xd3dd156a00000000, 0xb4ddfd2700000000,
+    0x562075aa00000000, 0x81d4febe00000000, 0x6329763300000000,
+    0x04299e7e00000000, 0xe6d416f300000000, 0xca294ee500000000,
+    0x28d4c66800000000, 0x4fd42e2500000000, 0xad29a6a800000000,
+    0x172e9f0900000000, 0xf5d3178400000000, 0x92d3ffc900000000,
+    0x702e774400000000, 0x5cd32f5200000000, 0xbe2ea7df00000000,
+    0xd92e4f9200000000, 0x3bd3c71f00000000, 0xaf88c0ad00000000,
+    0x4d75482000000000, 0x2a75a06d00000000, 0xc88828e000000000,
+    0xe47570f600000000, 0x0688f87b00000000, 0x6188103600000000,
+    0x837598bb00000000, 0x3972a11a00000000, 0xdb8f299700000000,
+    0xbc8fc1da00000000, 0x5e72495700000000, 0x728f114100000000,
+    0x907299cc00000000, 0xf772718100000000, 0x158ff90c00000000,
+    0xc27b721800000000, 0x2086fa9500000000, 0x478612d800000000,
+    0xa57b9a5500000000, 0x8986c24300000000, 0x6b7b4ace00000000,
+    0x0c7ba28300000000, 0xee862a0e00000000, 0x548113af00000000,
+    0xb67c9b2200000000, 0xd17c736f00000000, 0x3381fbe200000000,
+    0x1f7ca3f400000000, 0xfd812b7900000000, 0x9a81c33400000000,
+    0x787c4bb900000000, 0x3468d41d00000000, 0xd6955c9000000000,
+    0xb195b4dd00000000, 0x53683c5000000000, 0x7f95644600000000,
+    0x9d68eccb00000000, 0xfa68048600000000, 0x18958c0b00000000,
+    0xa292b5aa00000000, 0x406f3d2700000000, 0x276fd56a00000000,
+    0xc5925de700000000, 0xe96f05f100000000, 0x0b928d7c00000000,
+    0x6c92653100000000, 0x8e6fedbc00000000, 0x599b66a800000000,
+    0xbb66ee2500000000, 0xdc66066800000000, 0x3e9b8ee500000000,
+    0x1266d6f300000000, 0xf09b5e7e00000000, 0x979bb63300000000,
+    0x75663ebe00000000, 0xcf61071f00000000, 0x2d9c8f9200000000,
+    0x4a9c67df00000000, 0xa861ef5200000000, 0x849cb74400000000,
+    0x66613fc900000000, 0x0161d78400000000, 0xe39c5f0900000000,
+    0xd84f981600000000, 0x3ab2109b00000000, 0x5db2f8d600000000,
+    0xbf4f705b00000000, 0x93b2284d00000000, 0x714fa0c000000000,
+    0x164f488d00000000, 0xf4b2c00000000000, 0x4eb5f9a100000000,
+    0xac48712c00000000, 0xcb48996100000000, 0x29b511ec00000000,
+    0x054849fa00000000, 0xe7b5c17700000000, 0x80b5293a00000000,
+    0x6248a1b700000000, 0xb5bc2aa300000000, 0x5741a22e00000000,
+    0x30414a6300000000, 0xd2bcc2ee00000000, 0xfe419af800000000,
+    0x1cbc127500000000, 0x7bbcfa3800000000, 0x994172b500000000,
+    0x23464b1400000000, 0xc1bbc39900000000, 0xa6bb2bd400000000,
+    0x4446a35900000000, 0x68bbfb4f00000000, 0x8a4673c200000000,
+    0xed469b8f00000000, 0x0fbb130200000000, 0x43af8ca600000000,
+    0xa152042b00000000, 0xc652ec6600000000, 0x24af64eb00000000,
+    0x08523cfd00000000, 0xeaafb47000000000, 0x8daf5c3d00000000,
+    0x6f52d4b000000000, 0xd555ed1100000000, 0x37a8659c00000000,
+    0x50a88dd100000000, 0xb255055c00000000, 0x9ea85d4a00000000,
+    0x7c55d5c700000000, 0x1b553d8a00000000, 0xf9a8b50700000000,
+    0x2e5c3e1300000000, 0xcca1b69e00000000, 0xaba15ed300000000,
+    0x495cd65e00000000, 0x65a18e4800000000, 0x875c06c500000000,
+    0xe05cee8800000000, 0x02a1660500000000, 0xb8a65fa400000000,
+    0x5a5bd72900000000, 0x3d5b3f6400000000, 0xdfa6b7e900000000,
+    0xf35befff00000000, 0x11a6677200000000, 0x76a68f3f00000000,
+    0x945b07b200000000},
+   {0x0000000000000000, 0xa90b894e00000000, 0x5217129d00000000,
+    0xfb1c9bd300000000, 0xe52855e100000000, 0x4c23dcaf00000000,
+    0xb73f477c00000000, 0x1e34ce3200000000, 0x8b57db1900000000,
+    0x225c525700000000, 0xd940c98400000000, 0x704b40ca00000000,
+    0x6e7f8ef800000000, 0xc77407b600000000, 0x3c689c6500000000,
+    0x9563152b00000000, 0x16afb63300000000, 0xbfa43f7d00000000,
+    0x44b8a4ae00000000, 0xedb32de000000000, 0xf387e3d200000000,
+    0x5a8c6a9c00000000, 0xa190f14f00000000, 0x089b780100000000,
+    0x9df86d2a00000000, 0x34f3e46400000000, 0xcfef7fb700000000,
+    0x66e4f6f900000000, 0x78d038cb00000000, 0xd1dbb18500000000,
+    0x2ac72a5600000000, 0x83cca31800000000, 0x2c5e6d6700000000,
+    0x8555e42900000000, 0x7e497ffa00000000, 0xd742f6b400000000,
+    0xc976388600000000, 0x607db1c800000000, 0x9b612a1b00000000,
+    0x326aa35500000000, 0xa709b67e00000000, 0x0e023f3000000000,
+    0xf51ea4e300000000, 0x5c152dad00000000, 0x4221e39f00000000,
+    0xeb2a6ad100000000, 0x1036f10200000000, 0xb93d784c00000000,
+    0x3af1db5400000000, 0x93fa521a00000000, 0x68e6c9c900000000,
+    0xc1ed408700000000, 0xdfd98eb500000000, 0x76d207fb00000000,
+    0x8dce9c2800000000, 0x24c5156600000000, 0xb1a6004d00000000,
+    0x18ad890300000000, 0xe3b112d000000000, 0x4aba9b9e00000000,
+    0x548e55ac00000000, 0xfd85dce200000000, 0x0699473100000000,
+    0xaf92ce7f00000000, 0x58bcdace00000000, 0xf1b7538000000000,
+    0x0aabc85300000000, 0xa3a0411d00000000, 0xbd948f2f00000000,
+    0x149f066100000000, 0xef839db200000000, 0x468814fc00000000,
+    0xd3eb01d700000000, 0x7ae0889900000000, 0x81fc134a00000000,
+    0x28f79a0400000000, 0x36c3543600000000, 0x9fc8dd7800000000,
+    0x64d446ab00000000, 0xcddfcfe500000000, 0x4e136cfd00000000,
+    0xe718e5b300000000, 0x1c047e6000000000, 0xb50ff72e00000000,
+    0xab3b391c00000000, 0x0230b05200000000, 0xf92c2b8100000000,
+    0x5027a2cf00000000, 0xc544b7e400000000, 0x6c4f3eaa00000000,
+    0x9753a57900000000, 0x3e582c3700000000, 0x206ce20500000000,
+    0x89676b4b00000000, 0x727bf09800000000, 0xdb7079d600000000,
+    0x74e2b7a900000000, 0xdde93ee700000000, 0x26f5a53400000000,
+    0x8ffe2c7a00000000, 0x91cae24800000000, 0x38c16b0600000000,
+    0xc3ddf0d500000000, 0x6ad6799b00000000, 0xffb56cb000000000,
+    0x56bee5fe00000000, 0xada27e2d00000000, 0x04a9f76300000000,
+    0x1a9d395100000000, 0xb396b01f00000000, 0x488a2bcc00000000,
+    0xe181a28200000000, 0x624d019a00000000, 0xcb4688d400000000,
+    0x305a130700000000, 0x99519a4900000000, 0x8765547b00000000,
+    0x2e6edd3500000000, 0xd57246e600000000, 0x7c79cfa800000000,
+    0xe91ada8300000000, 0x401153cd00000000, 0xbb0dc81e00000000,
+    0x1206415000000000, 0x0c328f6200000000, 0xa539062c00000000,
+    0x5e259dff00000000, 0xf72e14b100000000, 0xf17ec44600000000,
+    0x58754d0800000000, 0xa369d6db00000000, 0x0a625f9500000000,
+    0x145691a700000000, 0xbd5d18e900000000, 0x4641833a00000000,
+    0xef4a0a7400000000, 0x7a291f5f00000000, 0xd322961100000000,
+    0x283e0dc200000000, 0x8135848c00000000, 0x9f014abe00000000,
+    0x360ac3f000000000, 0xcd16582300000000, 0x641dd16d00000000,
+    0xe7d1727500000000, 0x4edafb3b00000000, 0xb5c660e800000000,
+    0x1ccde9a600000000, 0x02f9279400000000, 0xabf2aeda00000000,
+    0x50ee350900000000, 0xf9e5bc4700000000, 0x6c86a96c00000000,
+    0xc58d202200000000, 0x3e91bbf100000000, 0x979a32bf00000000,
+    0x89aefc8d00000000, 0x20a575c300000000, 0xdbb9ee1000000000,
+    0x72b2675e00000000, 0xdd20a92100000000, 0x742b206f00000000,
+    0x8f37bbbc00000000, 0x263c32f200000000, 0x3808fcc000000000,
+    0x9103758e00000000, 0x6a1fee5d00000000, 0xc314671300000000,
+    0x5677723800000000, 0xff7cfb7600000000, 0x046060a500000000,
+    0xad6be9eb00000000, 0xb35f27d900000000, 0x1a54ae9700000000,
+    0xe148354400000000, 0x4843bc0a00000000, 0xcb8f1f1200000000,
+    0x6284965c00000000, 0x99980d8f00000000, 0x309384c100000000,
+    0x2ea74af300000000, 0x87acc3bd00000000, 0x7cb0586e00000000,
+    0xd5bbd12000000000, 0x40d8c40b00000000, 0xe9d34d4500000000,
+    0x12cfd69600000000, 0xbbc45fd800000000, 0xa5f091ea00000000,
+    0x0cfb18a400000000, 0xf7e7837700000000, 0x5eec0a3900000000,
+    0xa9c21e8800000000, 0x00c997c600000000, 0xfbd50c1500000000,
+    0x52de855b00000000, 0x4cea4b6900000000, 0xe5e1c22700000000,
+    0x1efd59f400000000, 0xb7f6d0ba00000000, 0x2295c59100000000,
+    0x8b9e4cdf00000000, 0x7082d70c00000000, 0xd9895e4200000000,
+    0xc7bd907000000000, 0x6eb6193e00000000, 0x95aa82ed00000000,
+    0x3ca10ba300000000, 0xbf6da8bb00000000, 0x166621f500000000,
+    0xed7aba2600000000, 0x4471336800000000, 0x5a45fd5a00000000,
+    0xf34e741400000000, 0x0852efc700000000, 0xa159668900000000,
+    0x343a73a200000000, 0x9d31faec00000000, 0x662d613f00000000,
+    0xcf26e87100000000, 0xd112264300000000, 0x7819af0d00000000,
+    0x830534de00000000, 0x2a0ebd9000000000, 0x859c73ef00000000,
+    0x2c97faa100000000, 0xd78b617200000000, 0x7e80e83c00000000,
+    0x60b4260e00000000, 0xc9bfaf4000000000, 0x32a3349300000000,
+    0x9ba8bddd00000000, 0x0ecba8f600000000, 0xa7c021b800000000,
+    0x5cdcba6b00000000, 0xf5d7332500000000, 0xebe3fd1700000000,
+    0x42e8745900000000, 0xb9f4ef8a00000000, 0x10ff66c400000000,
+    0x9333c5dc00000000, 0x3a384c9200000000, 0xc124d74100000000,
+    0x682f5e0f00000000, 0x761b903d00000000, 0xdf10197300000000,
+    0x240c82a000000000, 0x8d070bee00000000, 0x18641ec500000000,
+    0xb16f978b00000000, 0x4a730c5800000000, 0xe378851600000000,
+    0xfd4c4b2400000000, 0x5447c26a00000000, 0xaf5b59b900000000,
+    0x0650d0f700000000},
+   {0x0000000000000000, 0x479244af00000000, 0xcf22f88500000000,
+    0x88b0bc2a00000000, 0xdf4381d000000000, 0x98d1c57f00000000,
+    0x1061795500000000, 0x57f33dfa00000000, 0xff81737a00000000,
+    0xb81337d500000000, 0x30a38bff00000000, 0x7731cf5000000000,
+    0x20c2f2aa00000000, 0x6750b60500000000, 0xefe00a2f00000000,
+    0xa8724e8000000000, 0xfe03e7f400000000, 0xb991a35b00000000,
+    0x31211f7100000000, 0x76b35bde00000000, 0x2140662400000000,
+    0x66d2228b00000000, 0xee629ea100000000, 0xa9f0da0e00000000,
+    0x0182948e00000000, 0x4610d02100000000, 0xcea06c0b00000000,
+    0x893228a400000000, 0xdec1155e00000000, 0x995351f100000000,
+    0x11e3eddb00000000, 0x5671a97400000000, 0xbd01bf3200000000,
+    0xfa93fb9d00000000, 0x722347b700000000, 0x35b1031800000000,
+    0x62423ee200000000, 0x25d07a4d00000000, 0xad60c66700000000,
+    0xeaf282c800000000, 0x4280cc4800000000, 0x051288e700000000,
+    0x8da234cd00000000, 0xca30706200000000, 0x9dc34d9800000000,
+    0xda51093700000000, 0x52e1b51d00000000, 0x1573f1b200000000,
+    0x430258c600000000, 0x04901c6900000000, 0x8c20a04300000000,
+    0xcbb2e4ec00000000, 0x9c41d91600000000, 0xdbd39db900000000,
+    0x5363219300000000, 0x14f1653c00000000, 0xbc832bbc00000000,
+    0xfb116f1300000000, 0x73a1d33900000000, 0x3433979600000000,
+    0x63c0aa6c00000000, 0x2452eec300000000, 0xace252e900000000,
+    0xeb70164600000000, 0x7a037e6500000000, 0x3d913aca00000000,
+    0xb52186e000000000, 0xf2b3c24f00000000, 0xa540ffb500000000,
+    0xe2d2bb1a00000000, 0x6a62073000000000, 0x2df0439f00000000,
+    0x85820d1f00000000, 0xc21049b000000000, 0x4aa0f59a00000000,
+    0x0d32b13500000000, 0x5ac18ccf00000000, 0x1d53c86000000000,
+    0x95e3744a00000000, 0xd27130e500000000, 0x8400999100000000,
+    0xc392dd3e00000000, 0x4b22611400000000, 0x0cb025bb00000000,
+    0x5b43184100000000, 0x1cd15cee00000000, 0x9461e0c400000000,
+    0xd3f3a46b00000000, 0x7b81eaeb00000000, 0x3c13ae4400000000,
+    0xb4a3126e00000000, 0xf33156c100000000, 0xa4c26b3b00000000,
+    0xe3502f9400000000, 0x6be093be00000000, 0x2c72d71100000000,
+    0xc702c15700000000, 0x809085f800000000, 0x082039d200000000,
+    0x4fb27d7d00000000, 0x1841408700000000, 0x5fd3042800000000,
+    0xd763b80200000000, 0x90f1fcad00000000, 0x3883b22d00000000,
+    0x7f11f68200000000, 0xf7a14aa800000000, 0xb0330e0700000000,
+    0xe7c033fd00000000, 0xa052775200000000, 0x28e2cb7800000000,
+    0x6f708fd700000000, 0x390126a300000000, 0x7e93620c00000000,
+    0xf623de2600000000, 0xb1b19a8900000000, 0xe642a77300000000,
+    0xa1d0e3dc00000000, 0x29605ff600000000, 0x6ef21b5900000000,
+    0xc68055d900000000, 0x8112117600000000, 0x09a2ad5c00000000,
+    0x4e30e9f300000000, 0x19c3d40900000000, 0x5e5190a600000000,
+    0xd6e12c8c00000000, 0x9173682300000000, 0xf406fcca00000000,
+    0xb394b86500000000, 0x3b24044f00000000, 0x7cb640e000000000,
+    0x2b457d1a00000000, 0x6cd739b500000000, 0xe467859f00000000,
+    0xa3f5c13000000000, 0x0b878fb000000000, 0x4c15cb1f00000000,
+    0xc4a5773500000000, 0x8337339a00000000, 0xd4c40e6000000000,
+    0x93564acf00000000, 0x1be6f6e500000000, 0x5c74b24a00000000,
+    0x0a051b3e00000000, 0x4d975f9100000000, 0xc527e3bb00000000,
+    0x82b5a71400000000, 0xd5469aee00000000, 0x92d4de4100000000,
+    0x1a64626b00000000, 0x5df626c400000000, 0xf584684400000000,
+    0xb2162ceb00000000, 0x3aa690c100000000, 0x7d34d46e00000000,
+    0x2ac7e99400000000, 0x6d55ad3b00000000, 0xe5e5111100000000,
+    0xa27755be00000000, 0x490743f800000000, 0x0e95075700000000,
+    0x8625bb7d00000000, 0xc1b7ffd200000000, 0x9644c22800000000,
+    0xd1d6868700000000, 0x59663aad00000000, 0x1ef47e0200000000,
+    0xb686308200000000, 0xf114742d00000000, 0x79a4c80700000000,
+    0x3e368ca800000000, 0x69c5b15200000000, 0x2e57f5fd00000000,
+    0xa6e749d700000000, 0xe1750d7800000000, 0xb704a40c00000000,
+    0xf096e0a300000000, 0x78265c8900000000, 0x3fb4182600000000,
+    0x684725dc00000000, 0x2fd5617300000000, 0xa765dd5900000000,
+    0xe0f799f600000000, 0x4885d77600000000, 0x0f1793d900000000,
+    0x87a72ff300000000, 0xc0356b5c00000000, 0x97c656a600000000,
+    0xd054120900000000, 0x58e4ae2300000000, 0x1f76ea8c00000000,
+    0x8e0582af00000000, 0xc997c60000000000, 0x41277a2a00000000,
+    0x06b53e8500000000, 0x5146037f00000000, 0x16d447d000000000,
+    0x9e64fbfa00000000, 0xd9f6bf5500000000, 0x7184f1d500000000,
+    0x3616b57a00000000, 0xbea6095000000000, 0xf9344dff00000000,
+    0xaec7700500000000, 0xe95534aa00000000, 0x61e5888000000000,
+    0x2677cc2f00000000, 0x7006655b00000000, 0x379421f400000000,
+    0xbf249dde00000000, 0xf8b6d97100000000, 0xaf45e48b00000000,
+    0xe8d7a02400000000, 0x60671c0e00000000, 0x27f558a100000000,
+    0x8f87162100000000, 0xc815528e00000000, 0x40a5eea400000000,
+    0x0737aa0b00000000, 0x50c497f100000000, 0x1756d35e00000000,
+    0x9fe66f7400000000, 0xd8742bdb00000000, 0x33043d9d00000000,
+    0x7496793200000000, 0xfc26c51800000000, 0xbbb481b700000000,
+    0xec47bc4d00000000, 0xabd5f8e200000000, 0x236544c800000000,
+    0x64f7006700000000, 0xcc854ee700000000, 0x8b170a4800000000,
+    0x03a7b66200000000, 0x4435f2cd00000000, 0x13c6cf3700000000,
+    0x54548b9800000000, 0xdce437b200000000, 0x9b76731d00000000,
+    0xcd07da6900000000, 0x8a959ec600000000, 0x022522ec00000000,
+    0x45b7664300000000, 0x12445bb900000000, 0x55d61f1600000000,
+    0xdd66a33c00000000, 0x9af4e79300000000, 0x3286a91300000000,
+    0x7514edbc00000000, 0xfda4519600000000, 0xba36153900000000,
+    0xedc528c300000000, 0xaa576c6c00000000, 0x22e7d04600000000,
+    0x657594e900000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x65673b46, 0xcace768c, 0xafa94dca, 0x4eedeb59,
+    0x2b8ad01f, 0x84239dd5, 0xe144a693, 0x9ddbd6b2, 0xf8bcedf4,
+    0x5715a03e, 0x32729b78, 0xd3363deb, 0xb65106ad, 0x19f84b67,
+    0x7c9f7021, 0xe0c6ab25, 0x85a19063, 0x2a08dda9, 0x4f6fe6ef,
+    0xae2b407c, 0xcb4c7b3a, 0x64e536f0, 0x01820db6, 0x7d1d7d97,
+    0x187a46d1, 0xb7d30b1b, 0xd2b4305d, 0x33f096ce, 0x5697ad88,
+    0xf93ee042, 0x9c59db04, 0x1afc500b, 0x7f9b6b4d, 0xd0322687,
+    0xb5551dc1, 0x5411bb52, 0x31768014, 0x9edfcdde, 0xfbb8f698,
+    0x872786b9, 0xe240bdff, 0x4de9f035, 0x288ecb73, 0xc9ca6de0,
+    0xacad56a6, 0x03041b6c, 0x6663202a, 0xfa3afb2e, 0x9f5dc068,
+    0x30f48da2, 0x5593b6e4, 0xb4d71077, 0xd1b02b31, 0x7e1966fb,
+    0x1b7e5dbd, 0x67e12d9c, 0x028616da, 0xad2f5b10, 0xc8486056,
+    0x290cc6c5, 0x4c6bfd83, 0xe3c2b049, 0x86a58b0f, 0x35f8a016,
+    0x509f9b50, 0xff36d69a, 0x9a51eddc, 0x7b154b4f, 0x1e727009,
+    0xb1db3dc3, 0xd4bc0685, 0xa82376a4, 0xcd444de2, 0x62ed0028,
+    0x078a3b6e, 0xe6ce9dfd, 0x83a9a6bb, 0x2c00eb71, 0x4967d037,
+    0xd53e0b33, 0xb0593075, 0x1ff07dbf, 0x7a9746f9, 0x9bd3e06a,
+    0xfeb4db2c, 0x511d96e6, 0x347aada0, 0x48e5dd81, 0x2d82e6c7,
+    0x822bab0d, 0xe74c904b, 0x060836d8, 0x636f0d9e, 0xccc64054,
+    0xa9a17b12, 0x2f04f01d, 0x4a63cb5b, 0xe5ca8691, 0x80adbdd7,
+    0x61e91b44, 0x048e2002, 0xab276dc8, 0xce40568e, 0xb2df26af,
+    0xd7b81de9, 0x78115023, 0x1d766b65, 0xfc32cdf6, 0x9955f6b0,
+    0x36fcbb7a, 0x539b803c, 0xcfc25b38, 0xaaa5607e, 0x050c2db4,
+    0x606b16f2, 0x812fb061, 0xe4488b27, 0x4be1c6ed, 0x2e86fdab,
+    0x52198d8a, 0x377eb6cc, 0x98d7fb06, 0xfdb0c040, 0x1cf466d3,
+    0x79935d95, 0xd63a105f, 0xb35d2b19, 0x6bf1402c, 0x0e967b6a,
+    0xa13f36a0, 0xc4580de6, 0x251cab75, 0x407b9033, 0xefd2ddf9,
+    0x8ab5e6bf, 0xf62a969e, 0x934dadd8, 0x3ce4e012, 0x5983db54,
+    0xb8c77dc7, 0xdda04681, 0x72090b4b, 0x176e300d, 0x8b37eb09,
+    0xee50d04f, 0x41f99d85, 0x249ea6c3, 0xc5da0050, 0xa0bd3b16,
+    0x0f1476dc, 0x6a734d9a, 0x16ec3dbb, 0x738b06fd, 0xdc224b37,
+    0xb9457071, 0x5801d6e2, 0x3d66eda4, 0x92cfa06e, 0xf7a89b28,
+    0x710d1027, 0x146a2b61, 0xbbc366ab, 0xdea45ded, 0x3fe0fb7e,
+    0x5a87c038, 0xf52e8df2, 0x9049b6b4, 0xecd6c695, 0x89b1fdd3,
+    0x2618b019, 0x437f8b5f, 0xa23b2dcc, 0xc75c168a, 0x68f55b40,
+    0x0d926006, 0x91cbbb02, 0xf4ac8044, 0x5b05cd8e, 0x3e62f6c8,
+    0xdf26505b, 0xba416b1d, 0x15e826d7, 0x708f1d91, 0x0c106db0,
+    0x697756f6, 0xc6de1b3c, 0xa3b9207a, 0x42fd86e9, 0x279abdaf,
+    0x8833f065, 0xed54cb23, 0x5e09e03a, 0x3b6edb7c, 0x94c796b6,
+    0xf1a0adf0, 0x10e40b63, 0x75833025, 0xda2a7def, 0xbf4d46a9,
+    0xc3d23688, 0xa6b50dce, 0x091c4004, 0x6c7b7b42, 0x8d3fddd1,
+    0xe858e697, 0x47f1ab5d, 0x2296901b, 0xbecf4b1f, 0xdba87059,
+    0x74013d93, 0x116606d5, 0xf022a046, 0x95459b00, 0x3aecd6ca,
+    0x5f8bed8c, 0x23149dad, 0x4673a6eb, 0xe9daeb21, 0x8cbdd067,
+    0x6df976f4, 0x089e4db2, 0xa7370078, 0xc2503b3e, 0x44f5b031,
+    0x21928b77, 0x8e3bc6bd, 0xeb5cfdfb, 0x0a185b68, 0x6f7f602e,
+    0xc0d62de4, 0xa5b116a2, 0xd92e6683, 0xbc495dc5, 0x13e0100f,
+    0x76872b49, 0x97c38dda, 0xf2a4b69c, 0x5d0dfb56, 0x386ac010,
+    0xa4331b14, 0xc1542052, 0x6efd6d98, 0x0b9a56de, 0xeadef04d,
+    0x8fb9cb0b, 0x201086c1, 0x4577bd87, 0x39e8cda6, 0x5c8ff6e0,
+    0xf326bb2a, 0x9641806c, 0x770526ff, 0x12621db9, 0xbdcb5073,
+    0xd8ac6b35},
+   {0x00000000, 0xd7e28058, 0x74b406f1, 0xa35686a9, 0xe9680de2,
+    0x3e8a8dba, 0x9ddc0b13, 0x4a3e8b4b, 0x09a11d85, 0xde439ddd,
+    0x7d151b74, 0xaaf79b2c, 0xe0c91067, 0x372b903f, 0x947d1696,
+    0x439f96ce, 0x13423b0a, 0xc4a0bb52, 0x67f63dfb, 0xb014bda3,
+    0xfa2a36e8, 0x2dc8b6b0, 0x8e9e3019, 0x597cb041, 0x1ae3268f,
+    0xcd01a6d7, 0x6e57207e, 0xb9b5a026, 0xf38b2b6d, 0x2469ab35,
+    0x873f2d9c, 0x50ddadc4, 0x26847614, 0xf166f64c, 0x523070e5,
+    0x85d2f0bd, 0xcfec7bf6, 0x180efbae, 0xbb587d07, 0x6cbafd5f,
+    0x2f256b91, 0xf8c7ebc9, 0x5b916d60, 0x8c73ed38, 0xc64d6673,
+    0x11afe62b, 0xb2f96082, 0x651be0da, 0x35c64d1e, 0xe224cd46,
+    0x41724bef, 0x9690cbb7, 0xdcae40fc, 0x0b4cc0a4, 0xa81a460d,
+    0x7ff8c655, 0x3c67509b, 0xeb85d0c3, 0x48d3566a, 0x9f31d632,
+    0xd50f5d79, 0x02eddd21, 0xa1bb5b88, 0x7659dbd0, 0x4d08ec28,
+    0x9aea6c70, 0x39bcead9, 0xee5e6a81, 0xa460e1ca, 0x73826192,
+    0xd0d4e73b, 0x07366763, 0x44a9f1ad, 0x934b71f5, 0x301df75c,
+    0xe7ff7704, 0xadc1fc4f, 0x7a237c17, 0xd975fabe, 0x0e977ae6,
+    0x5e4ad722, 0x89a8577a, 0x2afed1d3, 0xfd1c518b, 0xb722dac0,
+    0x60c05a98, 0xc396dc31, 0x14745c69, 0x57ebcaa7, 0x80094aff,
+    0x235fcc56, 0xf4bd4c0e, 0xbe83c745, 0x6961471d, 0xca37c1b4,
+    0x1dd541ec, 0x6b8c9a3c, 0xbc6e1a64, 0x1f389ccd, 0xc8da1c95,
+    0x82e497de, 0x55061786, 0xf650912f, 0x21b21177, 0x622d87b9,
+    0xb5cf07e1, 0x16998148, 0xc17b0110, 0x8b458a5b, 0x5ca70a03,
+    0xfff18caa, 0x28130cf2, 0x78cea136, 0xaf2c216e, 0x0c7aa7c7,
+    0xdb98279f, 0x91a6acd4, 0x46442c8c, 0xe512aa25, 0x32f02a7d,
+    0x716fbcb3, 0xa68d3ceb, 0x05dbba42, 0xd2393a1a, 0x9807b151,
+    0x4fe53109, 0xecb3b7a0, 0x3b5137f8, 0x9a11d850, 0x4df35808,
+    0xeea5dea1, 0x39475ef9, 0x7379d5b2, 0xa49b55ea, 0x07cdd343,
+    0xd02f531b, 0x93b0c5d5, 0x4452458d, 0xe704c324, 0x30e6437c,
+    0x7ad8c837, 0xad3a486f, 0x0e6ccec6, 0xd98e4e9e, 0x8953e35a,
+    0x5eb16302, 0xfde7e5ab, 0x2a0565f3, 0x603beeb8, 0xb7d96ee0,
+    0x148fe849, 0xc36d6811, 0x80f2fedf, 0x57107e87, 0xf446f82e,
+    0x23a47876, 0x699af33d, 0xbe787365, 0x1d2ef5cc, 0xcacc7594,
+    0xbc95ae44, 0x6b772e1c, 0xc821a8b5, 0x1fc328ed, 0x55fda3a6,
+    0x821f23fe, 0x2149a557, 0xf6ab250f, 0xb534b3c1, 0x62d63399,
+    0xc180b530, 0x16623568, 0x5c5cbe23, 0x8bbe3e7b, 0x28e8b8d2,
+    0xff0a388a, 0xafd7954e, 0x78351516, 0xdb6393bf, 0x0c8113e7,
+    0x46bf98ac, 0x915d18f4, 0x320b9e5d, 0xe5e91e05, 0xa67688cb,
+    0x71940893, 0xd2c28e3a, 0x05200e62, 0x4f1e8529, 0x98fc0571,
+    0x3baa83d8, 0xec480380, 0xd7193478, 0x00fbb420, 0xa3ad3289,
+    0x744fb2d1, 0x3e71399a, 0xe993b9c2, 0x4ac53f6b, 0x9d27bf33,
+    0xdeb829fd, 0x095aa9a5, 0xaa0c2f0c, 0x7deeaf54, 0x37d0241f,
+    0xe032a447, 0x436422ee, 0x9486a2b6, 0xc45b0f72, 0x13b98f2a,
+    0xb0ef0983, 0x670d89db, 0x2d330290, 0xfad182c8, 0x59870461,
+    0x8e658439, 0xcdfa12f7, 0x1a1892af, 0xb94e1406, 0x6eac945e,
+    0x24921f15, 0xf3709f4d, 0x502619e4, 0x87c499bc, 0xf19d426c,
+    0x267fc234, 0x8529449d, 0x52cbc4c5, 0x18f54f8e, 0xcf17cfd6,
+    0x6c41497f, 0xbba3c927, 0xf83c5fe9, 0x2fdedfb1, 0x8c885918,
+    0x5b6ad940, 0x1154520b, 0xc6b6d253, 0x65e054fa, 0xb202d4a2,
+    0xe2df7966, 0x353df93e, 0x966b7f97, 0x4189ffcf, 0x0bb77484,
+    0xdc55f4dc, 0x7f037275, 0xa8e1f22d, 0xeb7e64e3, 0x3c9ce4bb,
+    0x9fca6212, 0x4828e24a, 0x02166901, 0xd5f4e959, 0x76a26ff0,
+    0xa140efa8},
+   {0x00000000, 0xef52b6e1, 0x05d46b83, 0xea86dd62, 0x0ba8d706,
+    0xe4fa61e7, 0x0e7cbc85, 0xe12e0a64, 0x1751ae0c, 0xf80318ed,
+    0x1285c58f, 0xfdd7736e, 0x1cf9790a, 0xf3abcfeb, 0x192d1289,
+    0xf67fa468, 0x2ea35c18, 0xc1f1eaf9, 0x2b77379b, 0xc425817a,
+    0x250b8b1e, 0xca593dff, 0x20dfe09d, 0xcf8d567c, 0x39f2f214,
+    0xd6a044f5, 0x3c269997, 0xd3742f76, 0x325a2512, 0xdd0893f3,
+    0x378e4e91, 0xd8dcf870, 0x5d46b830, 0xb2140ed1, 0x5892d3b3,
+    0xb7c06552, 0x56ee6f36, 0xb9bcd9d7, 0x533a04b5, 0xbc68b254,
+    0x4a17163c, 0xa545a0dd, 0x4fc37dbf, 0xa091cb5e, 0x41bfc13a,
+    0xaeed77db, 0x446baab9, 0xab391c58, 0x73e5e428, 0x9cb752c9,
+    0x76318fab, 0x9963394a, 0x784d332e, 0x971f85cf, 0x7d9958ad,
+    0x92cbee4c, 0x64b44a24, 0x8be6fcc5, 0x616021a7, 0x8e329746,
+    0x6f1c9d22, 0x804e2bc3, 0x6ac8f6a1, 0x859a4040, 0xba8d7060,
+    0x55dfc681, 0xbf591be3, 0x500bad02, 0xb125a766, 0x5e771187,
+    0xb4f1cce5, 0x5ba37a04, 0xaddcde6c, 0x428e688d, 0xa808b5ef,
+    0x475a030e, 0xa674096a, 0x4926bf8b, 0xa3a062e9, 0x4cf2d408,
+    0x942e2c78, 0x7b7c9a99, 0x91fa47fb, 0x7ea8f11a, 0x9f86fb7e,
+    0x70d44d9f, 0x9a5290fd, 0x7500261c, 0x837f8274, 0x6c2d3495,
+    0x86abe9f7, 0x69f95f16, 0x88d75572, 0x6785e393, 0x8d033ef1,
+    0x62518810, 0xe7cbc850, 0x08997eb1, 0xe21fa3d3, 0x0d4d1532,
+    0xec631f56, 0x0331a9b7, 0xe9b774d5, 0x06e5c234, 0xf09a665c,
+    0x1fc8d0bd, 0xf54e0ddf, 0x1a1cbb3e, 0xfb32b15a, 0x146007bb,
+    0xfee6dad9, 0x11b46c38, 0xc9689448, 0x263a22a9, 0xccbcffcb,
+    0x23ee492a, 0xc2c0434e, 0x2d92f5af, 0xc71428cd, 0x28469e2c,
+    0xde393a44, 0x316b8ca5, 0xdbed51c7, 0x34bfe726, 0xd591ed42,
+    0x3ac35ba3, 0xd04586c1, 0x3f173020, 0xae6be681, 0x41395060,
+    0xabbf8d02, 0x44ed3be3, 0xa5c33187, 0x4a918766, 0xa0175a04,
+    0x4f45ece5, 0xb93a488d, 0x5668fe6c, 0xbcee230e, 0x53bc95ef,
+    0xb2929f8b, 0x5dc0296a, 0xb746f408, 0x581442e9, 0x80c8ba99,
+    0x6f9a0c78, 0x851cd11a, 0x6a4e67fb, 0x8b606d9f, 0x6432db7e,
+    0x8eb4061c, 0x61e6b0fd, 0x97991495, 0x78cba274, 0x924d7f16,
+    0x7d1fc9f7, 0x9c31c393, 0x73637572, 0x99e5a810, 0x76b71ef1,
+    0xf32d5eb1, 0x1c7fe850, 0xf6f93532, 0x19ab83d3, 0xf88589b7,
+    0x17d73f56, 0xfd51e234, 0x120354d5, 0xe47cf0bd, 0x0b2e465c,
+    0xe1a89b3e, 0x0efa2ddf, 0xefd427bb, 0x0086915a, 0xea004c38,
+    0x0552fad9, 0xdd8e02a9, 0x32dcb448, 0xd85a692a, 0x3708dfcb,
+    0xd626d5af, 0x3974634e, 0xd3f2be2c, 0x3ca008cd, 0xcadfaca5,
+    0x258d1a44, 0xcf0bc726, 0x205971c7, 0xc1777ba3, 0x2e25cd42,
+    0xc4a31020, 0x2bf1a6c1, 0x14e696e1, 0xfbb42000, 0x1132fd62,
+    0xfe604b83, 0x1f4e41e7, 0xf01cf706, 0x1a9a2a64, 0xf5c89c85,
+    0x03b738ed, 0xece58e0c, 0x0663536e, 0xe931e58f, 0x081fefeb,
+    0xe74d590a, 0x0dcb8468, 0xe2993289, 0x3a45caf9, 0xd5177c18,
+    0x3f91a17a, 0xd0c3179b, 0x31ed1dff, 0xdebfab1e, 0x3439767c,
+    0xdb6bc09d, 0x2d1464f5, 0xc246d214, 0x28c00f76, 0xc792b997,
+    0x26bcb3f3, 0xc9ee0512, 0x2368d870, 0xcc3a6e91, 0x49a02ed1,
+    0xa6f29830, 0x4c744552, 0xa326f3b3, 0x4208f9d7, 0xad5a4f36,
+    0x47dc9254, 0xa88e24b5, 0x5ef180dd, 0xb1a3363c, 0x5b25eb5e,
+    0xb4775dbf, 0x555957db, 0xba0be13a, 0x508d3c58, 0xbfdf8ab9,
+    0x670372c9, 0x8851c428, 0x62d7194a, 0x8d85afab, 0x6caba5cf,
+    0x83f9132e, 0x697fce4c, 0x862d78ad, 0x7052dcc5, 0x9f006a24,
+    0x7586b746, 0x9ad401a7, 0x7bfa0bc3, 0x94a8bd22, 0x7e2e6040,
+    0x917cd6a1},
+   {0x00000000, 0x87a6cb43, 0xd43c90c7, 0x539a5b84, 0x730827cf,
+    0xf4aeec8c, 0xa734b708, 0x20927c4b, 0xe6104f9e, 0x61b684dd,
+    0x322cdf59, 0xb58a141a, 0x95186851, 0x12bea312, 0x4124f896,
+    0xc68233d5, 0x1751997d, 0x90f7523e, 0xc36d09ba, 0x44cbc2f9,
+    0x6459beb2, 0xe3ff75f1, 0xb0652e75, 0x37c3e536, 0xf141d6e3,
+    0x76e71da0, 0x257d4624, 0xa2db8d67, 0x8249f12c, 0x05ef3a6f,
+    0x567561eb, 0xd1d3aaa8, 0x2ea332fa, 0xa905f9b9, 0xfa9fa23d,
+    0x7d39697e, 0x5dab1535, 0xda0dde76, 0x899785f2, 0x0e314eb1,
+    0xc8b37d64, 0x4f15b627, 0x1c8feda3, 0x9b2926e0, 0xbbbb5aab,
+    0x3c1d91e8, 0x6f87ca6c, 0xe821012f, 0x39f2ab87, 0xbe5460c4,
+    0xedce3b40, 0x6a68f003, 0x4afa8c48, 0xcd5c470b, 0x9ec61c8f,
+    0x1960d7cc, 0xdfe2e419, 0x58442f5a, 0x0bde74de, 0x8c78bf9d,
+    0xaceac3d6, 0x2b4c0895, 0x78d65311, 0xff709852, 0x5d4665f4,
+    0xdae0aeb7, 0x897af533, 0x0edc3e70, 0x2e4e423b, 0xa9e88978,
+    0xfa72d2fc, 0x7dd419bf, 0xbb562a6a, 0x3cf0e129, 0x6f6abaad,
+    0xe8cc71ee, 0xc85e0da5, 0x4ff8c6e6, 0x1c629d62, 0x9bc45621,
+    0x4a17fc89, 0xcdb137ca, 0x9e2b6c4e, 0x198da70d, 0x391fdb46,
+    0xbeb91005, 0xed234b81, 0x6a8580c2, 0xac07b317, 0x2ba17854,
+    0x783b23d0, 0xff9de893, 0xdf0f94d8, 0x58a95f9b, 0x0b33041f,
+    0x8c95cf5c, 0x73e5570e, 0xf4439c4d, 0xa7d9c7c9, 0x207f0c8a,
+    0x00ed70c1, 0x874bbb82, 0xd4d1e006, 0x53772b45, 0x95f51890,
+    0x1253d3d3, 0x41c98857, 0xc66f4314, 0xe6fd3f5f, 0x615bf41c,
+    0x32c1af98, 0xb56764db, 0x64b4ce73, 0xe3120530, 0xb0885eb4,
+    0x372e95f7, 0x17bce9bc, 0x901a22ff, 0xc380797b, 0x4426b238,
+    0x82a481ed, 0x05024aae, 0x5698112a, 0xd13eda69, 0xf1aca622,
+    0x760a6d61, 0x259036e5, 0xa236fda6, 0xba8ccbe8, 0x3d2a00ab,
+    0x6eb05b2f, 0xe916906c, 0xc984ec27, 0x4e222764, 0x1db87ce0,
+    0x9a1eb7a3, 0x5c9c8476, 0xdb3a4f35, 0x88a014b1, 0x0f06dff2,
+    0x2f94a3b9, 0xa83268fa, 0xfba8337e, 0x7c0ef83d, 0xaddd5295,
+    0x2a7b99d6, 0x79e1c252, 0xfe470911, 0xded5755a, 0x5973be19,
+    0x0ae9e59d, 0x8d4f2ede, 0x4bcd1d0b, 0xcc6bd648, 0x9ff18dcc,
+    0x1857468f, 0x38c53ac4, 0xbf63f187, 0xecf9aa03, 0x6b5f6140,
+    0x942ff912, 0x13893251, 0x401369d5, 0xc7b5a296, 0xe727dedd,
+    0x6081159e, 0x331b4e1a, 0xb4bd8559, 0x723fb68c, 0xf5997dcf,
+    0xa603264b, 0x21a5ed08, 0x01379143, 0x86915a00, 0xd50b0184,
+    0x52adcac7, 0x837e606f, 0x04d8ab2c, 0x5742f0a8, 0xd0e43beb,
+    0xf07647a0, 0x77d08ce3, 0x244ad767, 0xa3ec1c24, 0x656e2ff1,
+    0xe2c8e4b2, 0xb152bf36, 0x36f47475, 0x1666083e, 0x91c0c37d,
+    0xc25a98f9, 0x45fc53ba, 0xe7caae1c, 0x606c655f, 0x33f63edb,
+    0xb450f598, 0x94c289d3, 0x13644290, 0x40fe1914, 0xc758d257,
+    0x01dae182, 0x867c2ac1, 0xd5e67145, 0x5240ba06, 0x72d2c64d,
+    0xf5740d0e, 0xa6ee568a, 0x21489dc9, 0xf09b3761, 0x773dfc22,
+    0x24a7a7a6, 0xa3016ce5, 0x839310ae, 0x0435dbed, 0x57af8069,
+    0xd0094b2a, 0x168b78ff, 0x912db3bc, 0xc2b7e838, 0x4511237b,
+    0x65835f30, 0xe2259473, 0xb1bfcff7, 0x361904b4, 0xc9699ce6,
+    0x4ecf57a5, 0x1d550c21, 0x9af3c762, 0xba61bb29, 0x3dc7706a,
+    0x6e5d2bee, 0xe9fbe0ad, 0x2f79d378, 0xa8df183b, 0xfb4543bf,
+    0x7ce388fc, 0x5c71f4b7, 0xdbd73ff4, 0x884d6470, 0x0febaf33,
+    0xde38059b, 0x599eced8, 0x0a04955c, 0x8da25e1f, 0xad302254,
+    0x2a96e917, 0x790cb293, 0xfeaa79d0, 0x38284a05, 0xbf8e8146,
+    0xec14dac2, 0x6bb21181, 0x4b206dca, 0xcc86a689, 0x9f1cfd0d,
+    0x18ba364e}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x43cba687, 0xc7903cd4, 0x845b9a53, 0xcf270873,
+    0x8cecaef4, 0x08b734a7, 0x4b7c9220, 0x9e4f10e6, 0xdd84b661,
+    0x59df2c32, 0x1a148ab5, 0x51681895, 0x12a3be12, 0x96f82441,
+    0xd53382c6, 0x7d995117, 0x3e52f790, 0xba096dc3, 0xf9c2cb44,
+    0xb2be5964, 0xf175ffe3, 0x752e65b0, 0x36e5c337, 0xe3d641f1,
+    0xa01de776, 0x24467d25, 0x678ddba2, 0x2cf14982, 0x6f3aef05,
+    0xeb617556, 0xa8aad3d1, 0xfa32a32e, 0xb9f905a9, 0x3da29ffa,
+    0x7e69397d, 0x3515ab5d, 0x76de0dda, 0xf2859789, 0xb14e310e,
+    0x647db3c8, 0x27b6154f, 0xa3ed8f1c, 0xe026299b, 0xab5abbbb,
+    0xe8911d3c, 0x6cca876f, 0x2f0121e8, 0x87abf239, 0xc46054be,
+    0x403bceed, 0x03f0686a, 0x488cfa4a, 0x0b475ccd, 0x8f1cc69e,
+    0xccd76019, 0x19e4e2df, 0x5a2f4458, 0xde74de0b, 0x9dbf788c,
+    0xd6c3eaac, 0x95084c2b, 0x1153d678, 0x529870ff, 0xf465465d,
+    0xb7aee0da, 0x33f57a89, 0x703edc0e, 0x3b424e2e, 0x7889e8a9,
+    0xfcd272fa, 0xbf19d47d, 0x6a2a56bb, 0x29e1f03c, 0xadba6a6f,
+    0xee71cce8, 0xa50d5ec8, 0xe6c6f84f, 0x629d621c, 0x2156c49b,
+    0x89fc174a, 0xca37b1cd, 0x4e6c2b9e, 0x0da78d19, 0x46db1f39,
+    0x0510b9be, 0x814b23ed, 0xc280856a, 0x17b307ac, 0x5478a12b,
+    0xd0233b78, 0x93e89dff, 0xd8940fdf, 0x9b5fa958, 0x1f04330b,
+    0x5ccf958c, 0x0e57e573, 0x4d9c43f4, 0xc9c7d9a7, 0x8a0c7f20,
+    0xc170ed00, 0x82bb4b87, 0x06e0d1d4, 0x452b7753, 0x9018f595,
+    0xd3d35312, 0x5788c941, 0x14436fc6, 0x5f3ffde6, 0x1cf45b61,
+    0x98afc132, 0xdb6467b5, 0x73ceb464, 0x300512e3, 0xb45e88b0,
+    0xf7952e37, 0xbce9bc17, 0xff221a90, 0x7b7980c3, 0x38b22644,
+    0xed81a482, 0xae4a0205, 0x2a119856, 0x69da3ed1, 0x22a6acf1,
+    0x616d0a76, 0xe5369025, 0xa6fd36a2, 0xe8cb8cba, 0xab002a3d,
+    0x2f5bb06e, 0x6c9016e9, 0x27ec84c9, 0x6427224e, 0xe07cb81d,
+    0xa3b71e9a, 0x76849c5c, 0x354f3adb, 0xb114a088, 0xf2df060f,
+    0xb9a3942f, 0xfa6832a8, 0x7e33a8fb, 0x3df80e7c, 0x9552ddad,
+    0xd6997b2a, 0x52c2e179, 0x110947fe, 0x5a75d5de, 0x19be7359,
+    0x9de5e90a, 0xde2e4f8d, 0x0b1dcd4b, 0x48d66bcc, 0xcc8df19f,
+    0x8f465718, 0xc43ac538, 0x87f163bf, 0x03aaf9ec, 0x40615f6b,
+    0x12f92f94, 0x51328913, 0xd5691340, 0x96a2b5c7, 0xddde27e7,
+    0x9e158160, 0x1a4e1b33, 0x5985bdb4, 0x8cb63f72, 0xcf7d99f5,
+    0x4b2603a6, 0x08eda521, 0x43913701, 0x005a9186, 0x84010bd5,
+    0xc7caad52, 0x6f607e83, 0x2cabd804, 0xa8f04257, 0xeb3be4d0,
+    0xa04776f0, 0xe38cd077, 0x67d74a24, 0x241ceca3, 0xf12f6e65,
+    0xb2e4c8e2, 0x36bf52b1, 0x7574f436, 0x3e086616, 0x7dc3c091,
+    0xf9985ac2, 0xba53fc45, 0x1caecae7, 0x5f656c60, 0xdb3ef633,
+    0x98f550b4, 0xd389c294, 0x90426413, 0x1419fe40, 0x57d258c7,
+    0x82e1da01, 0xc12a7c86, 0x4571e6d5, 0x06ba4052, 0x4dc6d272,
+    0x0e0d74f5, 0x8a56eea6, 0xc99d4821, 0x61379bf0, 0x22fc3d77,
+    0xa6a7a724, 0xe56c01a3, 0xae109383, 0xeddb3504, 0x6980af57,
+    0x2a4b09d0, 0xff788b16, 0xbcb32d91, 0x38e8b7c2, 0x7b231145,
+    0x305f8365, 0x739425e2, 0xf7cfbfb1, 0xb4041936, 0xe69c69c9,
+    0xa557cf4e, 0x210c551d, 0x62c7f39a, 0x29bb61ba, 0x6a70c73d,
+    0xee2b5d6e, 0xade0fbe9, 0x78d3792f, 0x3b18dfa8, 0xbf4345fb,
+    0xfc88e37c, 0xb7f4715c, 0xf43fd7db, 0x70644d88, 0x33afeb0f,
+    0x9b0538de, 0xd8ce9e59, 0x5c95040a, 0x1f5ea28d, 0x542230ad,
+    0x17e9962a, 0x93b20c79, 0xd079aafe, 0x054a2838, 0x46818ebf,
+    0xc2da14ec, 0x8111b26b, 0xca6d204b, 0x89a686cc, 0x0dfd1c9f,
+    0x4e36ba18},
+   {0x00000000, 0xe1b652ef, 0x836bd405, 0x62dd86ea, 0x06d7a80b,
+    0xe761fae4, 0x85bc7c0e, 0x640a2ee1, 0x0cae5117, 0xed1803f8,
+    0x8fc58512, 0x6e73d7fd, 0x0a79f91c, 0xebcfabf3, 0x89122d19,
+    0x68a47ff6, 0x185ca32e, 0xf9eaf1c1, 0x9b37772b, 0x7a8125c4,
+    0x1e8b0b25, 0xff3d59ca, 0x9de0df20, 0x7c568dcf, 0x14f2f239,
+    0xf544a0d6, 0x9799263c, 0x762f74d3, 0x12255a32, 0xf39308dd,
+    0x914e8e37, 0x70f8dcd8, 0x30b8465d, 0xd10e14b2, 0xb3d39258,
+    0x5265c0b7, 0x366fee56, 0xd7d9bcb9, 0xb5043a53, 0x54b268bc,
+    0x3c16174a, 0xdda045a5, 0xbf7dc34f, 0x5ecb91a0, 0x3ac1bf41,
+    0xdb77edae, 0xb9aa6b44, 0x581c39ab, 0x28e4e573, 0xc952b79c,
+    0xab8f3176, 0x4a396399, 0x2e334d78, 0xcf851f97, 0xad58997d,
+    0x4ceecb92, 0x244ab464, 0xc5fce68b, 0xa7216061, 0x4697328e,
+    0x229d1c6f, 0xc32b4e80, 0xa1f6c86a, 0x40409a85, 0x60708dba,
+    0x81c6df55, 0xe31b59bf, 0x02ad0b50, 0x66a725b1, 0x8711775e,
+    0xe5ccf1b4, 0x047aa35b, 0x6cdedcad, 0x8d688e42, 0xefb508a8,
+    0x0e035a47, 0x6a0974a6, 0x8bbf2649, 0xe962a0a3, 0x08d4f24c,
+    0x782c2e94, 0x999a7c7b, 0xfb47fa91, 0x1af1a87e, 0x7efb869f,
+    0x9f4dd470, 0xfd90529a, 0x1c260075, 0x74827f83, 0x95342d6c,
+    0xf7e9ab86, 0x165ff969, 0x7255d788, 0x93e38567, 0xf13e038d,
+    0x10885162, 0x50c8cbe7, 0xb17e9908, 0xd3a31fe2, 0x32154d0d,
+    0x561f63ec, 0xb7a93103, 0xd574b7e9, 0x34c2e506, 0x5c669af0,
+    0xbdd0c81f, 0xdf0d4ef5, 0x3ebb1c1a, 0x5ab132fb, 0xbb076014,
+    0xd9dae6fe, 0x386cb411, 0x489468c9, 0xa9223a26, 0xcbffbccc,
+    0x2a49ee23, 0x4e43c0c2, 0xaff5922d, 0xcd2814c7, 0x2c9e4628,
+    0x443a39de, 0xa58c6b31, 0xc751eddb, 0x26e7bf34, 0x42ed91d5,
+    0xa35bc33a, 0xc18645d0, 0x2030173f, 0x81e66bae, 0x60503941,
+    0x028dbfab, 0xe33bed44, 0x8731c3a5, 0x6687914a, 0x045a17a0,
+    0xe5ec454f, 0x8d483ab9, 0x6cfe6856, 0x0e23eebc, 0xef95bc53,
+    0x8b9f92b2, 0x6a29c05d, 0x08f446b7, 0xe9421458, 0x99bac880,
+    0x780c9a6f, 0x1ad11c85, 0xfb674e6a, 0x9f6d608b, 0x7edb3264,
+    0x1c06b48e, 0xfdb0e661, 0x95149997, 0x74a2cb78, 0x167f4d92,
+    0xf7c91f7d, 0x93c3319c, 0x72756373, 0x10a8e599, 0xf11eb776,
+    0xb15e2df3, 0x50e87f1c, 0x3235f9f6, 0xd383ab19, 0xb78985f8,
+    0x563fd717, 0x34e251fd, 0xd5540312, 0xbdf07ce4, 0x5c462e0b,
+    0x3e9ba8e1, 0xdf2dfa0e, 0xbb27d4ef, 0x5a918600, 0x384c00ea,
+    0xd9fa5205, 0xa9028edd, 0x48b4dc32, 0x2a695ad8, 0xcbdf0837,
+    0xafd526d6, 0x4e637439, 0x2cbef2d3, 0xcd08a03c, 0xa5acdfca,
+    0x441a8d25, 0x26c70bcf, 0xc7715920, 0xa37b77c1, 0x42cd252e,
+    0x2010a3c4, 0xc1a6f12b, 0xe196e614, 0x0020b4fb, 0x62fd3211,
+    0x834b60fe, 0xe7414e1f, 0x06f71cf0, 0x642a9a1a, 0x859cc8f5,
+    0xed38b703, 0x0c8ee5ec, 0x6e536306, 0x8fe531e9, 0xebef1f08,
+    0x0a594de7, 0x6884cb0d, 0x893299e2, 0xf9ca453a, 0x187c17d5,
+    0x7aa1913f, 0x9b17c3d0, 0xff1ded31, 0x1eabbfde, 0x7c763934,
+    0x9dc06bdb, 0xf564142d, 0x14d246c2, 0x760fc028, 0x97b992c7,
+    0xf3b3bc26, 0x1205eec9, 0x70d86823, 0x916e3acc, 0xd12ea049,
+    0x3098f2a6, 0x5245744c, 0xb3f326a3, 0xd7f90842, 0x364f5aad,
+    0x5492dc47, 0xb5248ea8, 0xdd80f15e, 0x3c36a3b1, 0x5eeb255b,
+    0xbf5d77b4, 0xdb575955, 0x3ae10bba, 0x583c8d50, 0xb98adfbf,
+    0xc9720367, 0x28c45188, 0x4a19d762, 0xabaf858d, 0xcfa5ab6c,
+    0x2e13f983, 0x4cce7f69, 0xad782d86, 0xc5dc5270, 0x246a009f,
+    0x46b78675, 0xa701d49a, 0xc30bfa7b, 0x22bda894, 0x40602e7e,
+    0xa1d67c91},
+   {0x00000000, 0x5880e2d7, 0xf106b474, 0xa98656a3, 0xe20d68e9,
+    0xba8d8a3e, 0x130bdc9d, 0x4b8b3e4a, 0x851da109, 0xdd9d43de,
+    0x741b157d, 0x2c9bf7aa, 0x6710c9e0, 0x3f902b37, 0x96167d94,
+    0xce969f43, 0x0a3b4213, 0x52bba0c4, 0xfb3df667, 0xa3bd14b0,
+    0xe8362afa, 0xb0b6c82d, 0x19309e8e, 0x41b07c59, 0x8f26e31a,
+    0xd7a601cd, 0x7e20576e, 0x26a0b5b9, 0x6d2b8bf3, 0x35ab6924,
+    0x9c2d3f87, 0xc4addd50, 0x14768426, 0x4cf666f1, 0xe5703052,
+    0xbdf0d285, 0xf67beccf, 0xaefb0e18, 0x077d58bb, 0x5ffdba6c,
+    0x916b252f, 0xc9ebc7f8, 0x606d915b, 0x38ed738c, 0x73664dc6,
+    0x2be6af11, 0x8260f9b2, 0xdae01b65, 0x1e4dc635, 0x46cd24e2,
+    0xef4b7241, 0xb7cb9096, 0xfc40aedc, 0xa4c04c0b, 0x0d461aa8,
+    0x55c6f87f, 0x9b50673c, 0xc3d085eb, 0x6a56d348, 0x32d6319f,
+    0x795d0fd5, 0x21dded02, 0x885bbba1, 0xd0db5976, 0x28ec084d,
+    0x706cea9a, 0xd9eabc39, 0x816a5eee, 0xcae160a4, 0x92618273,
+    0x3be7d4d0, 0x63673607, 0xadf1a944, 0xf5714b93, 0x5cf71d30,
+    0x0477ffe7, 0x4ffcc1ad, 0x177c237a, 0xbefa75d9, 0xe67a970e,
+    0x22d74a5e, 0x7a57a889, 0xd3d1fe2a, 0x8b511cfd, 0xc0da22b7,
+    0x985ac060, 0x31dc96c3, 0x695c7414, 0xa7caeb57, 0xff4a0980,
+    0x56cc5f23, 0x0e4cbdf4, 0x45c783be, 0x1d476169, 0xb4c137ca,
+    0xec41d51d, 0x3c9a8c6b, 0x641a6ebc, 0xcd9c381f, 0x951cdac8,
+    0xde97e482, 0x86170655, 0x2f9150f6, 0x7711b221, 0xb9872d62,
+    0xe107cfb5, 0x48819916, 0x10017bc1, 0x5b8a458b, 0x030aa75c,
+    0xaa8cf1ff, 0xf20c1328, 0x36a1ce78, 0x6e212caf, 0xc7a77a0c,
+    0x9f2798db, 0xd4aca691, 0x8c2c4446, 0x25aa12e5, 0x7d2af032,
+    0xb3bc6f71, 0xeb3c8da6, 0x42badb05, 0x1a3a39d2, 0x51b10798,
+    0x0931e54f, 0xa0b7b3ec, 0xf837513b, 0x50d8119a, 0x0858f34d,
+    0xa1dea5ee, 0xf95e4739, 0xb2d57973, 0xea559ba4, 0x43d3cd07,
+    0x1b532fd0, 0xd5c5b093, 0x8d455244, 0x24c304e7, 0x7c43e630,
+    0x37c8d87a, 0x6f483aad, 0xc6ce6c0e, 0x9e4e8ed9, 0x5ae35389,
+    0x0263b15e, 0xabe5e7fd, 0xf365052a, 0xb8ee3b60, 0xe06ed9b7,
+    0x49e88f14, 0x11686dc3, 0xdffef280, 0x877e1057, 0x2ef846f4,
+    0x7678a423, 0x3df39a69, 0x657378be, 0xccf52e1d, 0x9475ccca,
+    0x44ae95bc, 0x1c2e776b, 0xb5a821c8, 0xed28c31f, 0xa6a3fd55,
+    0xfe231f82, 0x57a54921, 0x0f25abf6, 0xc1b334b5, 0x9933d662,
+    0x30b580c1, 0x68356216, 0x23be5c5c, 0x7b3ebe8b, 0xd2b8e828,
+    0x8a380aff, 0x4e95d7af, 0x16153578, 0xbf9363db, 0xe713810c,
+    0xac98bf46, 0xf4185d91, 0x5d9e0b32, 0x051ee9e5, 0xcb8876a6,
+    0x93089471, 0x3a8ec2d2, 0x620e2005, 0x29851e4f, 0x7105fc98,
+    0xd883aa3b, 0x800348ec, 0x783419d7, 0x20b4fb00, 0x8932ada3,
+    0xd1b24f74, 0x9a39713e, 0xc2b993e9, 0x6b3fc54a, 0x33bf279d,
+    0xfd29b8de, 0xa5a95a09, 0x0c2f0caa, 0x54afee7d, 0x1f24d037,
+    0x47a432e0, 0xee226443, 0xb6a28694, 0x720f5bc4, 0x2a8fb913,
+    0x8309efb0, 0xdb890d67, 0x9002332d, 0xc882d1fa, 0x61048759,
+    0x3984658e, 0xf712facd, 0xaf92181a, 0x06144eb9, 0x5e94ac6e,
+    0x151f9224, 0x4d9f70f3, 0xe4192650, 0xbc99c487, 0x6c429df1,
+    0x34c27f26, 0x9d442985, 0xc5c4cb52, 0x8e4ff518, 0xd6cf17cf,
+    0x7f49416c, 0x27c9a3bb, 0xe95f3cf8, 0xb1dfde2f, 0x1859888c,
+    0x40d96a5b, 0x0b525411, 0x53d2b6c6, 0xfa54e065, 0xa2d402b2,
+    0x6679dfe2, 0x3ef93d35, 0x977f6b96, 0xcfff8941, 0x8474b70b,
+    0xdcf455dc, 0x7572037f, 0x2df2e1a8, 0xe3647eeb, 0xbbe49c3c,
+    0x1262ca9f, 0x4ae22848, 0x01691602, 0x59e9f4d5, 0xf06fa276,
+    0xa8ef40a1},
+   {0x00000000, 0x463b6765, 0x8c76ceca, 0xca4da9af, 0x59ebed4e,
+    0x1fd08a2b, 0xd59d2384, 0x93a644e1, 0xb2d6db9d, 0xf4edbcf8,
+    0x3ea01557, 0x789b7232, 0xeb3d36d3, 0xad0651b6, 0x674bf819,
+    0x21709f7c, 0x25abc6e0, 0x6390a185, 0xa9dd082a, 0xefe66f4f,
+    0x7c402bae, 0x3a7b4ccb, 0xf036e564, 0xb60d8201, 0x977d1d7d,
+    0xd1467a18, 0x1b0bd3b7, 0x5d30b4d2, 0xce96f033, 0x88ad9756,
+    0x42e03ef9, 0x04db599c, 0x0b50fc1a, 0x4d6b9b7f, 0x872632d0,
+    0xc11d55b5, 0x52bb1154, 0x14807631, 0xdecddf9e, 0x98f6b8fb,
+    0xb9862787, 0xffbd40e2, 0x35f0e94d, 0x73cb8e28, 0xe06dcac9,
+    0xa656adac, 0x6c1b0403, 0x2a206366, 0x2efb3afa, 0x68c05d9f,
+    0xa28df430, 0xe4b69355, 0x7710d7b4, 0x312bb0d1, 0xfb66197e,
+    0xbd5d7e1b, 0x9c2de167, 0xda168602, 0x105b2fad, 0x566048c8,
+    0xc5c60c29, 0x83fd6b4c, 0x49b0c2e3, 0x0f8ba586, 0x16a0f835,
+    0x509b9f50, 0x9ad636ff, 0xdced519a, 0x4f4b157b, 0x0970721e,
+    0xc33ddbb1, 0x8506bcd4, 0xa47623a8, 0xe24d44cd, 0x2800ed62,
+    0x6e3b8a07, 0xfd9dcee6, 0xbba6a983, 0x71eb002c, 0x37d06749,
+    0x330b3ed5, 0x753059b0, 0xbf7df01f, 0xf946977a, 0x6ae0d39b,
+    0x2cdbb4fe, 0xe6961d51, 0xa0ad7a34, 0x81dde548, 0xc7e6822d,
+    0x0dab2b82, 0x4b904ce7, 0xd8360806, 0x9e0d6f63, 0x5440c6cc,
+    0x127ba1a9, 0x1df0042f, 0x5bcb634a, 0x9186cae5, 0xd7bdad80,
+    0x441be961, 0x02208e04, 0xc86d27ab, 0x8e5640ce, 0xaf26dfb2,
+    0xe91db8d7, 0x23501178, 0x656b761d, 0xf6cd32fc, 0xb0f65599,
+    0x7abbfc36, 0x3c809b53, 0x385bc2cf, 0x7e60a5aa, 0xb42d0c05,
+    0xf2166b60, 0x61b02f81, 0x278b48e4, 0xedc6e14b, 0xabfd862e,
+    0x8a8d1952, 0xccb67e37, 0x06fbd798, 0x40c0b0fd, 0xd366f41c,
+    0x955d9379, 0x5f103ad6, 0x192b5db3, 0x2c40f16b, 0x6a7b960e,
+    0xa0363fa1, 0xe60d58c4, 0x75ab1c25, 0x33907b40, 0xf9ddd2ef,
+    0xbfe6b58a, 0x9e962af6, 0xd8ad4d93, 0x12e0e43c, 0x54db8359,
+    0xc77dc7b8, 0x8146a0dd, 0x4b0b0972, 0x0d306e17, 0x09eb378b,
+    0x4fd050ee, 0x859df941, 0xc3a69e24, 0x5000dac5, 0x163bbda0,
+    0xdc76140f, 0x9a4d736a, 0xbb3dec16, 0xfd068b73, 0x374b22dc,
+    0x717045b9, 0xe2d60158, 0xa4ed663d, 0x6ea0cf92, 0x289ba8f7,
+    0x27100d71, 0x612b6a14, 0xab66c3bb, 0xed5da4de, 0x7efbe03f,
+    0x38c0875a, 0xf28d2ef5, 0xb4b64990, 0x95c6d6ec, 0xd3fdb189,
+    0x19b01826, 0x5f8b7f43, 0xcc2d3ba2, 0x8a165cc7, 0x405bf568,
+    0x0660920d, 0x02bbcb91, 0x4480acf4, 0x8ecd055b, 0xc8f6623e,
+    0x5b5026df, 0x1d6b41ba, 0xd726e815, 0x911d8f70, 0xb06d100c,
+    0xf6567769, 0x3c1bdec6, 0x7a20b9a3, 0xe986fd42, 0xafbd9a27,
+    0x65f03388, 0x23cb54ed, 0x3ae0095e, 0x7cdb6e3b, 0xb696c794,
+    0xf0ada0f1, 0x630be410, 0x25308375, 0xef7d2ada, 0xa9464dbf,
+    0x8836d2c3, 0xce0db5a6, 0x04401c09, 0x427b7b6c, 0xd1dd3f8d,
+    0x97e658e8, 0x5dabf147, 0x1b909622, 0x1f4bcfbe, 0x5970a8db,
+    0x933d0174, 0xd5066611, 0x46a022f0, 0x009b4595, 0xcad6ec3a,
+    0x8ced8b5f, 0xad9d1423, 0xeba67346, 0x21ebdae9, 0x67d0bd8c,
+    0xf476f96d, 0xb24d9e08, 0x780037a7, 0x3e3b50c2, 0x31b0f544,
+    0x778b9221, 0xbdc63b8e, 0xfbfd5ceb, 0x685b180a, 0x2e607f6f,
+    0xe42dd6c0, 0xa216b1a5, 0x83662ed9, 0xc55d49bc, 0x0f10e013,
+    0x492b8776, 0xda8dc397, 0x9cb6a4f2, 0x56fb0d5d, 0x10c06a38,
+    0x141b33a4, 0x522054c1, 0x986dfd6e, 0xde569a0b, 0x4df0deea,
+    0x0bcbb98f, 0xc1861020, 0x87bd7745, 0xa6cde839, 0xe0f68f5c,
+    0x2abb26f3, 0x6c804196, 0xff260577, 0xb91d6212, 0x7350cbbd,
+    0x356bacd8}};
+
+#endif
+
+#endif
+
+#if N == 6
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x3db1ecdc, 0x7b63d9b8, 0x46d23564, 0xf6c7b370,
+    0xcb765fac, 0x8da46ac8, 0xb0158614, 0x36fe60a1, 0x0b4f8c7d,
+    0x4d9db919, 0x702c55c5, 0xc039d3d1, 0xfd883f0d, 0xbb5a0a69,
+    0x86ebe6b5, 0x6dfcc142, 0x504d2d9e, 0x169f18fa, 0x2b2ef426,
+    0x9b3b7232, 0xa68a9eee, 0xe058ab8a, 0xdde94756, 0x5b02a1e3,
+    0x66b34d3f, 0x2061785b, 0x1dd09487, 0xadc51293, 0x9074fe4f,
+    0xd6a6cb2b, 0xeb1727f7, 0xdbf98284, 0xe6486e58, 0xa09a5b3c,
+    0x9d2bb7e0, 0x2d3e31f4, 0x108fdd28, 0x565de84c, 0x6bec0490,
+    0xed07e225, 0xd0b60ef9, 0x96643b9d, 0xabd5d741, 0x1bc05155,
+    0x2671bd89, 0x60a388ed, 0x5d126431, 0xb60543c6, 0x8bb4af1a,
+    0xcd669a7e, 0xf0d776a2, 0x40c2f0b6, 0x7d731c6a, 0x3ba1290e,
+    0x0610c5d2, 0x80fb2367, 0xbd4acfbb, 0xfb98fadf, 0xc6291603,
+    0x763c9017, 0x4b8d7ccb, 0x0d5f49af, 0x30eea573, 0x6c820349,
+    0x5133ef95, 0x17e1daf1, 0x2a50362d, 0x9a45b039, 0xa7f45ce5,
+    0xe1266981, 0xdc97855d, 0x5a7c63e8, 0x67cd8f34, 0x211fba50,
+    0x1cae568c, 0xacbbd098, 0x910a3c44, 0xd7d80920, 0xea69e5fc,
+    0x017ec20b, 0x3ccf2ed7, 0x7a1d1bb3, 0x47acf76f, 0xf7b9717b,
+    0xca089da7, 0x8cdaa8c3, 0xb16b441f, 0x3780a2aa, 0x0a314e76,
+    0x4ce37b12, 0x715297ce, 0xc14711da, 0xfcf6fd06, 0xba24c862,
+    0x879524be, 0xb77b81cd, 0x8aca6d11, 0xcc185875, 0xf1a9b4a9,
+    0x41bc32bd, 0x7c0dde61, 0x3adfeb05, 0x076e07d9, 0x8185e16c,
+    0xbc340db0, 0xfae638d4, 0xc757d408, 0x7742521c, 0x4af3bec0,
+    0x0c218ba4, 0x31906778, 0xda87408f, 0xe736ac53, 0xa1e49937,
+    0x9c5575eb, 0x2c40f3ff, 0x11f11f23, 0x57232a47, 0x6a92c69b,
+    0xec79202e, 0xd1c8ccf2, 0x971af996, 0xaaab154a, 0x1abe935e,
+    0x270f7f82, 0x61dd4ae6, 0x5c6ca63a, 0xd9040692, 0xe4b5ea4e,
+    0xa267df2a, 0x9fd633f6, 0x2fc3b5e2, 0x1272593e, 0x54a06c5a,
+    0x69118086, 0xeffa6633, 0xd24b8aef, 0x9499bf8b, 0xa9285357,
+    0x193dd543, 0x248c399f, 0x625e0cfb, 0x5fefe027, 0xb4f8c7d0,
+    0x89492b0c, 0xcf9b1e68, 0xf22af2b4, 0x423f74a0, 0x7f8e987c,
+    0x395cad18, 0x04ed41c4, 0x8206a771, 0xbfb74bad, 0xf9657ec9,
+    0xc4d49215, 0x74c11401, 0x4970f8dd, 0x0fa2cdb9, 0x32132165,
+    0x02fd8416, 0x3f4c68ca, 0x799e5dae, 0x442fb172, 0xf43a3766,
+    0xc98bdbba, 0x8f59eede, 0xb2e80202, 0x3403e4b7, 0x09b2086b,
+    0x4f603d0f, 0x72d1d1d3, 0xc2c457c7, 0xff75bb1b, 0xb9a78e7f,
+    0x841662a3, 0x6f014554, 0x52b0a988, 0x14629cec, 0x29d37030,
+    0x99c6f624, 0xa4771af8, 0xe2a52f9c, 0xdf14c340, 0x59ff25f5,
+    0x644ec929, 0x229cfc4d, 0x1f2d1091, 0xaf389685, 0x92897a59,
+    0xd45b4f3d, 0xe9eaa3e1, 0xb58605db, 0x8837e907, 0xcee5dc63,
+    0xf35430bf, 0x4341b6ab, 0x7ef05a77, 0x38226f13, 0x059383cf,
+    0x8378657a, 0xbec989a6, 0xf81bbcc2, 0xc5aa501e, 0x75bfd60a,
+    0x480e3ad6, 0x0edc0fb2, 0x336de36e, 0xd87ac499, 0xe5cb2845,
+    0xa3191d21, 0x9ea8f1fd, 0x2ebd77e9, 0x130c9b35, 0x55deae51,
+    0x686f428d, 0xee84a438, 0xd33548e4, 0x95e77d80, 0xa856915c,
+    0x18431748, 0x25f2fb94, 0x6320cef0, 0x5e91222c, 0x6e7f875f,
+    0x53ce6b83, 0x151c5ee7, 0x28adb23b, 0x98b8342f, 0xa509d8f3,
+    0xe3dbed97, 0xde6a014b, 0x5881e7fe, 0x65300b22, 0x23e23e46,
+    0x1e53d29a, 0xae46548e, 0x93f7b852, 0xd5258d36, 0xe89461ea,
+    0x0383461d, 0x3e32aac1, 0x78e09fa5, 0x45517379, 0xf544f56d,
+    0xc8f519b1, 0x8e272cd5, 0xb396c009, 0x357d26bc, 0x08ccca60,
+    0x4e1eff04, 0x73af13d8, 0xc3ba95cc, 0xfe0b7910, 0xb8d94c74,
+    0x8568a0a8},
+   {0x00000000, 0x69790b65, 0xd2f216ca, 0xbb8b1daf, 0x7e952bd5,
+    0x17ec20b0, 0xac673d1f, 0xc51e367a, 0xfd2a57aa, 0x94535ccf,
+    0x2fd84160, 0x46a14a05, 0x83bf7c7f, 0xeac6771a, 0x514d6ab5,
+    0x383461d0, 0x2125a915, 0x485ca270, 0xf3d7bfdf, 0x9aaeb4ba,
+    0x5fb082c0, 0x36c989a5, 0x8d42940a, 0xe43b9f6f, 0xdc0ffebf,
+    0xb576f5da, 0x0efde875, 0x6784e310, 0xa29ad56a, 0xcbe3de0f,
+    0x7068c3a0, 0x1911c8c5, 0x424b522a, 0x2b32594f, 0x90b944e0,
+    0xf9c04f85, 0x3cde79ff, 0x55a7729a, 0xee2c6f35, 0x87556450,
+    0xbf610580, 0xd6180ee5, 0x6d93134a, 0x04ea182f, 0xc1f42e55,
+    0xa88d2530, 0x1306389f, 0x7a7f33fa, 0x636efb3f, 0x0a17f05a,
+    0xb19cedf5, 0xd8e5e690, 0x1dfbd0ea, 0x7482db8f, 0xcf09c620,
+    0xa670cd45, 0x9e44ac95, 0xf73da7f0, 0x4cb6ba5f, 0x25cfb13a,
+    0xe0d18740, 0x89a88c25, 0x3223918a, 0x5b5a9aef, 0x8496a454,
+    0xedefaf31, 0x5664b29e, 0x3f1db9fb, 0xfa038f81, 0x937a84e4,
+    0x28f1994b, 0x4188922e, 0x79bcf3fe, 0x10c5f89b, 0xab4ee534,
+    0xc237ee51, 0x0729d82b, 0x6e50d34e, 0xd5dbcee1, 0xbca2c584,
+    0xa5b30d41, 0xccca0624, 0x77411b8b, 0x1e3810ee, 0xdb262694,
+    0xb25f2df1, 0x09d4305e, 0x60ad3b3b, 0x58995aeb, 0x31e0518e,
+    0x8a6b4c21, 0xe3124744, 0x260c713e, 0x4f757a5b, 0xf4fe67f4,
+    0x9d876c91, 0xc6ddf67e, 0xafa4fd1b, 0x142fe0b4, 0x7d56ebd1,
+    0xb848ddab, 0xd131d6ce, 0x6abacb61, 0x03c3c004, 0x3bf7a1d4,
+    0x528eaab1, 0xe905b71e, 0x807cbc7b, 0x45628a01, 0x2c1b8164,
+    0x97909ccb, 0xfee997ae, 0xe7f85f6b, 0x8e81540e, 0x350a49a1,
+    0x5c7342c4, 0x996d74be, 0xf0147fdb, 0x4b9f6274, 0x22e66911,
+    0x1ad208c1, 0x73ab03a4, 0xc8201e0b, 0xa159156e, 0x64472314,
+    0x0d3e2871, 0xb6b535de, 0xdfcc3ebb, 0xd25c4ee9, 0xbb25458c,
+    0x00ae5823, 0x69d75346, 0xacc9653c, 0xc5b06e59, 0x7e3b73f6,
+    0x17427893, 0x2f761943, 0x460f1226, 0xfd840f89, 0x94fd04ec,
+    0x51e33296, 0x389a39f3, 0x8311245c, 0xea682f39, 0xf379e7fc,
+    0x9a00ec99, 0x218bf136, 0x48f2fa53, 0x8deccc29, 0xe495c74c,
+    0x5f1edae3, 0x3667d186, 0x0e53b056, 0x672abb33, 0xdca1a69c,
+    0xb5d8adf9, 0x70c69b83, 0x19bf90e6, 0xa2348d49, 0xcb4d862c,
+    0x90171cc3, 0xf96e17a6, 0x42e50a09, 0x2b9c016c, 0xee823716,
+    0x87fb3c73, 0x3c7021dc, 0x55092ab9, 0x6d3d4b69, 0x0444400c,
+    0xbfcf5da3, 0xd6b656c6, 0x13a860bc, 0x7ad16bd9, 0xc15a7676,
+    0xa8237d13, 0xb132b5d6, 0xd84bbeb3, 0x63c0a31c, 0x0ab9a879,
+    0xcfa79e03, 0xa6de9566, 0x1d5588c9, 0x742c83ac, 0x4c18e27c,
+    0x2561e919, 0x9eeaf4b6, 0xf793ffd3, 0x328dc9a9, 0x5bf4c2cc,
+    0xe07fdf63, 0x8906d406, 0x56caeabd, 0x3fb3e1d8, 0x8438fc77,
+    0xed41f712, 0x285fc168, 0x4126ca0d, 0xfaadd7a2, 0x93d4dcc7,
+    0xabe0bd17, 0xc299b672, 0x7912abdd, 0x106ba0b8, 0xd57596c2,
+    0xbc0c9da7, 0x07878008, 0x6efe8b6d, 0x77ef43a8, 0x1e9648cd,
+    0xa51d5562, 0xcc645e07, 0x097a687d, 0x60036318, 0xdb887eb7,
+    0xb2f175d2, 0x8ac51402, 0xe3bc1f67, 0x583702c8, 0x314e09ad,
+    0xf4503fd7, 0x9d2934b2, 0x26a2291d, 0x4fdb2278, 0x1481b897,
+    0x7df8b3f2, 0xc673ae5d, 0xaf0aa538, 0x6a149342, 0x036d9827,
+    0xb8e68588, 0xd19f8eed, 0xe9abef3d, 0x80d2e458, 0x3b59f9f7,
+    0x5220f292, 0x973ec4e8, 0xfe47cf8d, 0x45ccd222, 0x2cb5d947,
+    0x35a41182, 0x5cdd1ae7, 0xe7560748, 0x8e2f0c2d, 0x4b313a57,
+    0x22483132, 0x99c32c9d, 0xf0ba27f8, 0xc88e4628, 0xa1f74d4d,
+    0x1a7c50e2, 0x73055b87, 0xb61b6dfd, 0xdf626698, 0x64e97b37,
+    0x0d907052},
+   {0x00000000, 0x7fc99b93, 0xff933726, 0x805aacb5, 0x2457680d,
+    0x5b9ef39e, 0xdbc45f2b, 0xa40dc4b8, 0x48aed01a, 0x37674b89,
+    0xb73de73c, 0xc8f47caf, 0x6cf9b817, 0x13302384, 0x936a8f31,
+    0xeca314a2, 0x915da034, 0xee943ba7, 0x6ece9712, 0x11070c81,
+    0xb50ac839, 0xcac353aa, 0x4a99ff1f, 0x3550648c, 0xd9f3702e,
+    0xa63aebbd, 0x26604708, 0x59a9dc9b, 0xfda41823, 0x826d83b0,
+    0x02372f05, 0x7dfeb496, 0xf9ca4629, 0x8603ddba, 0x0659710f,
+    0x7990ea9c, 0xdd9d2e24, 0xa254b5b7, 0x220e1902, 0x5dc78291,
+    0xb1649633, 0xcead0da0, 0x4ef7a115, 0x313e3a86, 0x9533fe3e,
+    0xeafa65ad, 0x6aa0c918, 0x1569528b, 0x6897e61d, 0x175e7d8e,
+    0x9704d13b, 0xe8cd4aa8, 0x4cc08e10, 0x33091583, 0xb353b936,
+    0xcc9a22a5, 0x20393607, 0x5ff0ad94, 0xdfaa0121, 0xa0639ab2,
+    0x046e5e0a, 0x7ba7c599, 0xfbfd692c, 0x8434f2bf, 0x28e58a13,
+    0x572c1180, 0xd776bd35, 0xa8bf26a6, 0x0cb2e21e, 0x737b798d,
+    0xf321d538, 0x8ce84eab, 0x604b5a09, 0x1f82c19a, 0x9fd86d2f,
+    0xe011f6bc, 0x441c3204, 0x3bd5a997, 0xbb8f0522, 0xc4469eb1,
+    0xb9b82a27, 0xc671b1b4, 0x462b1d01, 0x39e28692, 0x9def422a,
+    0xe226d9b9, 0x627c750c, 0x1db5ee9f, 0xf116fa3d, 0x8edf61ae,
+    0x0e85cd1b, 0x714c5688, 0xd5419230, 0xaa8809a3, 0x2ad2a516,
+    0x551b3e85, 0xd12fcc3a, 0xaee657a9, 0x2ebcfb1c, 0x5175608f,
+    0xf578a437, 0x8ab13fa4, 0x0aeb9311, 0x75220882, 0x99811c20,
+    0xe64887b3, 0x66122b06, 0x19dbb095, 0xbdd6742d, 0xc21fefbe,
+    0x4245430b, 0x3d8cd898, 0x40726c0e, 0x3fbbf79d, 0xbfe15b28,
+    0xc028c0bb, 0x64250403, 0x1bec9f90, 0x9bb63325, 0xe47fa8b6,
+    0x08dcbc14, 0x77152787, 0xf74f8b32, 0x888610a1, 0x2c8bd419,
+    0x53424f8a, 0xd318e33f, 0xacd178ac, 0x51cb1426, 0x2e028fb5,
+    0xae582300, 0xd191b893, 0x759c7c2b, 0x0a55e7b8, 0x8a0f4b0d,
+    0xf5c6d09e, 0x1965c43c, 0x66ac5faf, 0xe6f6f31a, 0x993f6889,
+    0x3d32ac31, 0x42fb37a2, 0xc2a19b17, 0xbd680084, 0xc096b412,
+    0xbf5f2f81, 0x3f058334, 0x40cc18a7, 0xe4c1dc1f, 0x9b08478c,
+    0x1b52eb39, 0x649b70aa, 0x88386408, 0xf7f1ff9b, 0x77ab532e,
+    0x0862c8bd, 0xac6f0c05, 0xd3a69796, 0x53fc3b23, 0x2c35a0b0,
+    0xa801520f, 0xd7c8c99c, 0x57926529, 0x285bfeba, 0x8c563a02,
+    0xf39fa191, 0x73c50d24, 0x0c0c96b7, 0xe0af8215, 0x9f661986,
+    0x1f3cb533, 0x60f52ea0, 0xc4f8ea18, 0xbb31718b, 0x3b6bdd3e,
+    0x44a246ad, 0x395cf23b, 0x469569a8, 0xc6cfc51d, 0xb9065e8e,
+    0x1d0b9a36, 0x62c201a5, 0xe298ad10, 0x9d513683, 0x71f22221,
+    0x0e3bb9b2, 0x8e611507, 0xf1a88e94, 0x55a54a2c, 0x2a6cd1bf,
+    0xaa367d0a, 0xd5ffe699, 0x792e9e35, 0x06e705a6, 0x86bda913,
+    0xf9743280, 0x5d79f638, 0x22b06dab, 0xa2eac11e, 0xdd235a8d,
+    0x31804e2f, 0x4e49d5bc, 0xce137909, 0xb1dae29a, 0x15d72622,
+    0x6a1ebdb1, 0xea441104, 0x958d8a97, 0xe8733e01, 0x97baa592,
+    0x17e00927, 0x682992b4, 0xcc24560c, 0xb3edcd9f, 0x33b7612a,
+    0x4c7efab9, 0xa0ddee1b, 0xdf147588, 0x5f4ed93d, 0x208742ae,
+    0x848a8616, 0xfb431d85, 0x7b19b130, 0x04d02aa3, 0x80e4d81c,
+    0xff2d438f, 0x7f77ef3a, 0x00be74a9, 0xa4b3b011, 0xdb7a2b82,
+    0x5b208737, 0x24e91ca4, 0xc84a0806, 0xb7839395, 0x37d93f20,
+    0x4810a4b3, 0xec1d600b, 0x93d4fb98, 0x138e572d, 0x6c47ccbe,
+    0x11b97828, 0x6e70e3bb, 0xee2a4f0e, 0x91e3d49d, 0x35ee1025,
+    0x4a278bb6, 0xca7d2703, 0xb5b4bc90, 0x5917a832, 0x26de33a1,
+    0xa6849f14, 0xd94d0487, 0x7d40c03f, 0x02895bac, 0x82d3f719,
+    0xfd1a6c8a},
+   {0x00000000, 0xa396284c, 0x9c5d56d9, 0x3fcb7e95, 0xe3cbabf3,
+    0x405d83bf, 0x7f96fd2a, 0xdc00d566, 0x1ce651a7, 0xbf7079eb,
+    0x80bb077e, 0x232d2f32, 0xff2dfa54, 0x5cbbd218, 0x6370ac8d,
+    0xc0e684c1, 0x39cca34e, 0x9a5a8b02, 0xa591f597, 0x0607dddb,
+    0xda0708bd, 0x799120f1, 0x465a5e64, 0xe5cc7628, 0x252af2e9,
+    0x86bcdaa5, 0xb977a430, 0x1ae18c7c, 0xc6e1591a, 0x65777156,
+    0x5abc0fc3, 0xf92a278f, 0x7399469c, 0xd00f6ed0, 0xefc41045,
+    0x4c523809, 0x9052ed6f, 0x33c4c523, 0x0c0fbbb6, 0xaf9993fa,
+    0x6f7f173b, 0xcce93f77, 0xf32241e2, 0x50b469ae, 0x8cb4bcc8,
+    0x2f229484, 0x10e9ea11, 0xb37fc25d, 0x4a55e5d2, 0xe9c3cd9e,
+    0xd608b30b, 0x759e9b47, 0xa99e4e21, 0x0a08666d, 0x35c318f8,
+    0x965530b4, 0x56b3b475, 0xf5259c39, 0xcaeee2ac, 0x6978cae0,
+    0xb5781f86, 0x16ee37ca, 0x2925495f, 0x8ab36113, 0xe7328d38,
+    0x44a4a574, 0x7b6fdbe1, 0xd8f9f3ad, 0x04f926cb, 0xa76f0e87,
+    0x98a47012, 0x3b32585e, 0xfbd4dc9f, 0x5842f4d3, 0x67898a46,
+    0xc41fa20a, 0x181f776c, 0xbb895f20, 0x844221b5, 0x27d409f9,
+    0xdefe2e76, 0x7d68063a, 0x42a378af, 0xe13550e3, 0x3d358585,
+    0x9ea3adc9, 0xa168d35c, 0x02fefb10, 0xc2187fd1, 0x618e579d,
+    0x5e452908, 0xfdd30144, 0x21d3d422, 0x8245fc6e, 0xbd8e82fb,
+    0x1e18aab7, 0x94abcba4, 0x373de3e8, 0x08f69d7d, 0xab60b531,
+    0x77606057, 0xd4f6481b, 0xeb3d368e, 0x48ab1ec2, 0x884d9a03,
+    0x2bdbb24f, 0x1410ccda, 0xb786e496, 0x6b8631f0, 0xc81019bc,
+    0xf7db6729, 0x544d4f65, 0xad6768ea, 0x0ef140a6, 0x313a3e33,
+    0x92ac167f, 0x4eacc319, 0xed3aeb55, 0xd2f195c0, 0x7167bd8c,
+    0xb181394d, 0x12171101, 0x2ddc6f94, 0x8e4a47d8, 0x524a92be,
+    0xf1dcbaf2, 0xce17c467, 0x6d81ec2b, 0x15141c31, 0xb682347d,
+    0x89494ae8, 0x2adf62a4, 0xf6dfb7c2, 0x55499f8e, 0x6a82e11b,
+    0xc914c957, 0x09f24d96, 0xaa6465da, 0x95af1b4f, 0x36393303,
+    0xea39e665, 0x49afce29, 0x7664b0bc, 0xd5f298f0, 0x2cd8bf7f,
+    0x8f4e9733, 0xb085e9a6, 0x1313c1ea, 0xcf13148c, 0x6c853cc0,
+    0x534e4255, 0xf0d86a19, 0x303eeed8, 0x93a8c694, 0xac63b801,
+    0x0ff5904d, 0xd3f5452b, 0x70636d67, 0x4fa813f2, 0xec3e3bbe,
+    0x668d5aad, 0xc51b72e1, 0xfad00c74, 0x59462438, 0x8546f15e,
+    0x26d0d912, 0x191ba787, 0xba8d8fcb, 0x7a6b0b0a, 0xd9fd2346,
+    0xe6365dd3, 0x45a0759f, 0x99a0a0f9, 0x3a3688b5, 0x05fdf620,
+    0xa66bde6c, 0x5f41f9e3, 0xfcd7d1af, 0xc31caf3a, 0x608a8776,
+    0xbc8a5210, 0x1f1c7a5c, 0x20d704c9, 0x83412c85, 0x43a7a844,
+    0xe0318008, 0xdffafe9d, 0x7c6cd6d1, 0xa06c03b7, 0x03fa2bfb,
+    0x3c31556e, 0x9fa77d22, 0xf2269109, 0x51b0b945, 0x6e7bc7d0,
+    0xcdedef9c, 0x11ed3afa, 0xb27b12b6, 0x8db06c23, 0x2e26446f,
+    0xeec0c0ae, 0x4d56e8e2, 0x729d9677, 0xd10bbe3b, 0x0d0b6b5d,
+    0xae9d4311, 0x91563d84, 0x32c015c8, 0xcbea3247, 0x687c1a0b,
+    0x57b7649e, 0xf4214cd2, 0x282199b4, 0x8bb7b1f8, 0xb47ccf6d,
+    0x17eae721, 0xd70c63e0, 0x749a4bac, 0x4b513539, 0xe8c71d75,
+    0x34c7c813, 0x9751e05f, 0xa89a9eca, 0x0b0cb686, 0x81bfd795,
+    0x2229ffd9, 0x1de2814c, 0xbe74a900, 0x62747c66, 0xc1e2542a,
+    0xfe292abf, 0x5dbf02f3, 0x9d598632, 0x3ecfae7e, 0x0104d0eb,
+    0xa292f8a7, 0x7e922dc1, 0xdd04058d, 0xe2cf7b18, 0x41595354,
+    0xb87374db, 0x1be55c97, 0x242e2202, 0x87b80a4e, 0x5bb8df28,
+    0xf82ef764, 0xc7e589f1, 0x6473a1bd, 0xa495257c, 0x07030d30,
+    0x38c873a5, 0x9b5e5be9, 0x475e8e8f, 0xe4c8a6c3, 0xdb03d856,
+    0x7895f01a},
+   {0x00000000, 0x2a283862, 0x545070c4, 0x7e7848a6, 0xa8a0e188,
+    0x8288d9ea, 0xfcf0914c, 0xd6d8a92e, 0x8a30c551, 0xa018fd33,
+    0xde60b595, 0xf4488df7, 0x229024d9, 0x08b81cbb, 0x76c0541d,
+    0x5ce86c7f, 0xcf108ce3, 0xe538b481, 0x9b40fc27, 0xb168c445,
+    0x67b06d6b, 0x4d985509, 0x33e01daf, 0x19c825cd, 0x452049b2,
+    0x6f0871d0, 0x11703976, 0x3b580114, 0xed80a83a, 0xc7a89058,
+    0xb9d0d8fe, 0x93f8e09c, 0x45501f87, 0x6f7827e5, 0x11006f43,
+    0x3b285721, 0xedf0fe0f, 0xc7d8c66d, 0xb9a08ecb, 0x9388b6a9,
+    0xcf60dad6, 0xe548e2b4, 0x9b30aa12, 0xb1189270, 0x67c03b5e,
+    0x4de8033c, 0x33904b9a, 0x19b873f8, 0x8a409364, 0xa068ab06,
+    0xde10e3a0, 0xf438dbc2, 0x22e072ec, 0x08c84a8e, 0x76b00228,
+    0x5c983a4a, 0x00705635, 0x2a586e57, 0x542026f1, 0x7e081e93,
+    0xa8d0b7bd, 0x82f88fdf, 0xfc80c779, 0xd6a8ff1b, 0x8aa03f0e,
+    0xa088076c, 0xdef04fca, 0xf4d877a8, 0x2200de86, 0x0828e6e4,
+    0x7650ae42, 0x5c789620, 0x0090fa5f, 0x2ab8c23d, 0x54c08a9b,
+    0x7ee8b2f9, 0xa8301bd7, 0x821823b5, 0xfc606b13, 0xd6485371,
+    0x45b0b3ed, 0x6f988b8f, 0x11e0c329, 0x3bc8fb4b, 0xed105265,
+    0xc7386a07, 0xb94022a1, 0x93681ac3, 0xcf8076bc, 0xe5a84ede,
+    0x9bd00678, 0xb1f83e1a, 0x67209734, 0x4d08af56, 0x3370e7f0,
+    0x1958df92, 0xcff02089, 0xe5d818eb, 0x9ba0504d, 0xb188682f,
+    0x6750c101, 0x4d78f963, 0x3300b1c5, 0x192889a7, 0x45c0e5d8,
+    0x6fe8ddba, 0x1190951c, 0x3bb8ad7e, 0xed600450, 0xc7483c32,
+    0xb9307494, 0x93184cf6, 0x00e0ac6a, 0x2ac89408, 0x54b0dcae,
+    0x7e98e4cc, 0xa8404de2, 0x82687580, 0xfc103d26, 0xd6380544,
+    0x8ad0693b, 0xa0f85159, 0xde8019ff, 0xf4a8219d, 0x227088b3,
+    0x0858b0d1, 0x7620f877, 0x5c08c015, 0xce31785d, 0xe419403f,
+    0x9a610899, 0xb04930fb, 0x669199d5, 0x4cb9a1b7, 0x32c1e911,
+    0x18e9d173, 0x4401bd0c, 0x6e29856e, 0x1051cdc8, 0x3a79f5aa,
+    0xeca15c84, 0xc68964e6, 0xb8f12c40, 0x92d91422, 0x0121f4be,
+    0x2b09ccdc, 0x5571847a, 0x7f59bc18, 0xa9811536, 0x83a92d54,
+    0xfdd165f2, 0xd7f95d90, 0x8b1131ef, 0xa139098d, 0xdf41412b,
+    0xf5697949, 0x23b1d067, 0x0999e805, 0x77e1a0a3, 0x5dc998c1,
+    0x8b6167da, 0xa1495fb8, 0xdf31171e, 0xf5192f7c, 0x23c18652,
+    0x09e9be30, 0x7791f696, 0x5db9cef4, 0x0151a28b, 0x2b799ae9,
+    0x5501d24f, 0x7f29ea2d, 0xa9f14303, 0x83d97b61, 0xfda133c7,
+    0xd7890ba5, 0x4471eb39, 0x6e59d35b, 0x10219bfd, 0x3a09a39f,
+    0xecd10ab1, 0xc6f932d3, 0xb8817a75, 0x92a94217, 0xce412e68,
+    0xe469160a, 0x9a115eac, 0xb03966ce, 0x66e1cfe0, 0x4cc9f782,
+    0x32b1bf24, 0x18998746, 0x44914753, 0x6eb97f31, 0x10c13797,
+    0x3ae90ff5, 0xec31a6db, 0xc6199eb9, 0xb861d61f, 0x9249ee7d,
+    0xcea18202, 0xe489ba60, 0x9af1f2c6, 0xb0d9caa4, 0x6601638a,
+    0x4c295be8, 0x3251134e, 0x18792b2c, 0x8b81cbb0, 0xa1a9f3d2,
+    0xdfd1bb74, 0xf5f98316, 0x23212a38, 0x0909125a, 0x77715afc,
+    0x5d59629e, 0x01b10ee1, 0x2b993683, 0x55e17e25, 0x7fc94647,
+    0xa911ef69, 0x8339d70b, 0xfd419fad, 0xd769a7cf, 0x01c158d4,
+    0x2be960b6, 0x55912810, 0x7fb91072, 0xa961b95c, 0x8349813e,
+    0xfd31c998, 0xd719f1fa, 0x8bf19d85, 0xa1d9a5e7, 0xdfa1ed41,
+    0xf589d523, 0x23517c0d, 0x0979446f, 0x77010cc9, 0x5d2934ab,
+    0xced1d437, 0xe4f9ec55, 0x9a81a4f3, 0xb0a99c91, 0x667135bf,
+    0x4c590ddd, 0x3221457b, 0x18097d19, 0x44e11166, 0x6ec92904,
+    0x10b161a2, 0x3a9959c0, 0xec41f0ee, 0xc669c88c, 0xb811802a,
+    0x9239b848},
+   {0x00000000, 0x4713f6fb, 0x8e27edf6, 0xc9341b0d, 0xc73eddad,
+    0x802d2b56, 0x4919305b, 0x0e0ac6a0, 0x550cbd1b, 0x121f4be0,
+    0xdb2b50ed, 0x9c38a616, 0x923260b6, 0xd521964d, 0x1c158d40,
+    0x5b067bbb, 0xaa197a36, 0xed0a8ccd, 0x243e97c0, 0x632d613b,
+    0x6d27a79b, 0x2a345160, 0xe3004a6d, 0xa413bc96, 0xff15c72d,
+    0xb80631d6, 0x71322adb, 0x3621dc20, 0x382b1a80, 0x7f38ec7b,
+    0xb60cf776, 0xf11f018d, 0x8f43f22d, 0xc85004d6, 0x01641fdb,
+    0x4677e920, 0x487d2f80, 0x0f6ed97b, 0xc65ac276, 0x8149348d,
+    0xda4f4f36, 0x9d5cb9cd, 0x5468a2c0, 0x137b543b, 0x1d71929b,
+    0x5a626460, 0x93567f6d, 0xd4458996, 0x255a881b, 0x62497ee0,
+    0xab7d65ed, 0xec6e9316, 0xe26455b6, 0xa577a34d, 0x6c43b840,
+    0x2b504ebb, 0x70563500, 0x3745c3fb, 0xfe71d8f6, 0xb9622e0d,
+    0xb768e8ad, 0xf07b1e56, 0x394f055b, 0x7e5cf3a0, 0xc5f6e21b,
+    0x82e514e0, 0x4bd10fed, 0x0cc2f916, 0x02c83fb6, 0x45dbc94d,
+    0x8cefd240, 0xcbfc24bb, 0x90fa5f00, 0xd7e9a9fb, 0x1eddb2f6,
+    0x59ce440d, 0x57c482ad, 0x10d77456, 0xd9e36f5b, 0x9ef099a0,
+    0x6fef982d, 0x28fc6ed6, 0xe1c875db, 0xa6db8320, 0xa8d14580,
+    0xefc2b37b, 0x26f6a876, 0x61e55e8d, 0x3ae32536, 0x7df0d3cd,
+    0xb4c4c8c0, 0xf3d73e3b, 0xfdddf89b, 0xbace0e60, 0x73fa156d,
+    0x34e9e396, 0x4ab51036, 0x0da6e6cd, 0xc492fdc0, 0x83810b3b,
+    0x8d8bcd9b, 0xca983b60, 0x03ac206d, 0x44bfd696, 0x1fb9ad2d,
+    0x58aa5bd6, 0x919e40db, 0xd68db620, 0xd8877080, 0x9f94867b,
+    0x56a09d76, 0x11b36b8d, 0xe0ac6a00, 0xa7bf9cfb, 0x6e8b87f6,
+    0x2998710d, 0x2792b7ad, 0x60814156, 0xa9b55a5b, 0xeea6aca0,
+    0xb5a0d71b, 0xf2b321e0, 0x3b873aed, 0x7c94cc16, 0x729e0ab6,
+    0x358dfc4d, 0xfcb9e740, 0xbbaa11bb, 0x509cc277, 0x178f348c,
+    0xdebb2f81, 0x99a8d97a, 0x97a21fda, 0xd0b1e921, 0x1985f22c,
+    0x5e9604d7, 0x05907f6c, 0x42838997, 0x8bb7929a, 0xcca46461,
+    0xc2aea2c1, 0x85bd543a, 0x4c894f37, 0x0b9ab9cc, 0xfa85b841,
+    0xbd964eba, 0x74a255b7, 0x33b1a34c, 0x3dbb65ec, 0x7aa89317,
+    0xb39c881a, 0xf48f7ee1, 0xaf89055a, 0xe89af3a1, 0x21aee8ac,
+    0x66bd1e57, 0x68b7d8f7, 0x2fa42e0c, 0xe6903501, 0xa183c3fa,
+    0xdfdf305a, 0x98ccc6a1, 0x51f8ddac, 0x16eb2b57, 0x18e1edf7,
+    0x5ff21b0c, 0x96c60001, 0xd1d5f6fa, 0x8ad38d41, 0xcdc07bba,
+    0x04f460b7, 0x43e7964c, 0x4ded50ec, 0x0afea617, 0xc3cabd1a,
+    0x84d94be1, 0x75c64a6c, 0x32d5bc97, 0xfbe1a79a, 0xbcf25161,
+    0xb2f897c1, 0xf5eb613a, 0x3cdf7a37, 0x7bcc8ccc, 0x20caf777,
+    0x67d9018c, 0xaeed1a81, 0xe9feec7a, 0xe7f42ada, 0xa0e7dc21,
+    0x69d3c72c, 0x2ec031d7, 0x956a206c, 0xd279d697, 0x1b4dcd9a,
+    0x5c5e3b61, 0x5254fdc1, 0x15470b3a, 0xdc731037, 0x9b60e6cc,
+    0xc0669d77, 0x87756b8c, 0x4e417081, 0x0952867a, 0x075840da,
+    0x404bb621, 0x897fad2c, 0xce6c5bd7, 0x3f735a5a, 0x7860aca1,
+    0xb154b7ac, 0xf6474157, 0xf84d87f7, 0xbf5e710c, 0x766a6a01,
+    0x31799cfa, 0x6a7fe741, 0x2d6c11ba, 0xe4580ab7, 0xa34bfc4c,
+    0xad413aec, 0xea52cc17, 0x2366d71a, 0x647521e1, 0x1a29d241,
+    0x5d3a24ba, 0x940e3fb7, 0xd31dc94c, 0xdd170fec, 0x9a04f917,
+    0x5330e21a, 0x142314e1, 0x4f256f5a, 0x083699a1, 0xc10282ac,
+    0x86117457, 0x881bb2f7, 0xcf08440c, 0x063c5f01, 0x412fa9fa,
+    0xb030a877, 0xf7235e8c, 0x3e174581, 0x7904b37a, 0x770e75da,
+    0x301d8321, 0xf929982c, 0xbe3a6ed7, 0xe53c156c, 0xa22fe397,
+    0x6b1bf89a, 0x2c080e61, 0x2202c8c1, 0x65113e3a, 0xac252537,
+    0xeb36d3cc},
+   {0x00000000, 0xa13984ee, 0x99020f9d, 0x383b8b73, 0xe975197b,
+    0x484c9d95, 0x707716e6, 0xd14e9208, 0x099b34b7, 0xa8a2b059,
+    0x90993b2a, 0x31a0bfc4, 0xe0ee2dcc, 0x41d7a922, 0x79ec2251,
+    0xd8d5a6bf, 0x1336696e, 0xb20fed80, 0x8a3466f3, 0x2b0de21d,
+    0xfa437015, 0x5b7af4fb, 0x63417f88, 0xc278fb66, 0x1aad5dd9,
+    0xbb94d937, 0x83af5244, 0x2296d6aa, 0xf3d844a2, 0x52e1c04c,
+    0x6ada4b3f, 0xcbe3cfd1, 0x266cd2dc, 0x87555632, 0xbf6edd41,
+    0x1e5759af, 0xcf19cba7, 0x6e204f49, 0x561bc43a, 0xf72240d4,
+    0x2ff7e66b, 0x8ece6285, 0xb6f5e9f6, 0x17cc6d18, 0xc682ff10,
+    0x67bb7bfe, 0x5f80f08d, 0xfeb97463, 0x355abbb2, 0x94633f5c,
+    0xac58b42f, 0x0d6130c1, 0xdc2fa2c9, 0x7d162627, 0x452dad54,
+    0xe41429ba, 0x3cc18f05, 0x9df80beb, 0xa5c38098, 0x04fa0476,
+    0xd5b4967e, 0x748d1290, 0x4cb699e3, 0xed8f1d0d, 0x4cd9a5b8,
+    0xede02156, 0xd5dbaa25, 0x74e22ecb, 0xa5acbcc3, 0x0495382d,
+    0x3caeb35e, 0x9d9737b0, 0x4542910f, 0xe47b15e1, 0xdc409e92,
+    0x7d791a7c, 0xac378874, 0x0d0e0c9a, 0x353587e9, 0x940c0307,
+    0x5fefccd6, 0xfed64838, 0xc6edc34b, 0x67d447a5, 0xb69ad5ad,
+    0x17a35143, 0x2f98da30, 0x8ea15ede, 0x5674f861, 0xf74d7c8f,
+    0xcf76f7fc, 0x6e4f7312, 0xbf01e11a, 0x1e3865f4, 0x2603ee87,
+    0x873a6a69, 0x6ab57764, 0xcb8cf38a, 0xf3b778f9, 0x528efc17,
+    0x83c06e1f, 0x22f9eaf1, 0x1ac26182, 0xbbfbe56c, 0x632e43d3,
+    0xc217c73d, 0xfa2c4c4e, 0x5b15c8a0, 0x8a5b5aa8, 0x2b62de46,
+    0x13595535, 0xb260d1db, 0x79831e0a, 0xd8ba9ae4, 0xe0811197,
+    0x41b89579, 0x90f60771, 0x31cf839f, 0x09f408ec, 0xa8cd8c02,
+    0x70182abd, 0xd121ae53, 0xe91a2520, 0x4823a1ce, 0x996d33c6,
+    0x3854b728, 0x006f3c5b, 0xa156b8b5, 0x99b34b70, 0x388acf9e,
+    0x00b144ed, 0xa188c003, 0x70c6520b, 0xd1ffd6e5, 0xe9c45d96,
+    0x48fdd978, 0x90287fc7, 0x3111fb29, 0x092a705a, 0xa813f4b4,
+    0x795d66bc, 0xd864e252, 0xe05f6921, 0x4166edcf, 0x8a85221e,
+    0x2bbca6f0, 0x13872d83, 0xb2bea96d, 0x63f03b65, 0xc2c9bf8b,
+    0xfaf234f8, 0x5bcbb016, 0x831e16a9, 0x22279247, 0x1a1c1934,
+    0xbb259dda, 0x6a6b0fd2, 0xcb528b3c, 0xf369004f, 0x525084a1,
+    0xbfdf99ac, 0x1ee61d42, 0x26dd9631, 0x87e412df, 0x56aa80d7,
+    0xf7930439, 0xcfa88f4a, 0x6e910ba4, 0xb644ad1b, 0x177d29f5,
+    0x2f46a286, 0x8e7f2668, 0x5f31b460, 0xfe08308e, 0xc633bbfd,
+    0x670a3f13, 0xace9f0c2, 0x0dd0742c, 0x35ebff5f, 0x94d27bb1,
+    0x459ce9b9, 0xe4a56d57, 0xdc9ee624, 0x7da762ca, 0xa572c475,
+    0x044b409b, 0x3c70cbe8, 0x9d494f06, 0x4c07dd0e, 0xed3e59e0,
+    0xd505d293, 0x743c567d, 0xd56aeec8, 0x74536a26, 0x4c68e155,
+    0xed5165bb, 0x3c1ff7b3, 0x9d26735d, 0xa51df82e, 0x04247cc0,
+    0xdcf1da7f, 0x7dc85e91, 0x45f3d5e2, 0xe4ca510c, 0x3584c304,
+    0x94bd47ea, 0xac86cc99, 0x0dbf4877, 0xc65c87a6, 0x67650348,
+    0x5f5e883b, 0xfe670cd5, 0x2f299edd, 0x8e101a33, 0xb62b9140,
+    0x171215ae, 0xcfc7b311, 0x6efe37ff, 0x56c5bc8c, 0xf7fc3862,
+    0x26b2aa6a, 0x878b2e84, 0xbfb0a5f7, 0x1e892119, 0xf3063c14,
+    0x523fb8fa, 0x6a043389, 0xcb3db767, 0x1a73256f, 0xbb4aa181,
+    0x83712af2, 0x2248ae1c, 0xfa9d08a3, 0x5ba48c4d, 0x639f073e,
+    0xc2a683d0, 0x13e811d8, 0xb2d19536, 0x8aea1e45, 0x2bd39aab,
+    0xe030557a, 0x4109d194, 0x79325ae7, 0xd80bde09, 0x09454c01,
+    0xa87cc8ef, 0x9047439c, 0x317ec772, 0xe9ab61cd, 0x4892e523,
+    0x70a96e50, 0xd190eabe, 0x00de78b6, 0xa1e7fc58, 0x99dc772b,
+    0x38e5f3c5},
+   {0x00000000, 0xe81790a1, 0x0b5e2703, 0xe349b7a2, 0x16bc4e06,
+    0xfeabdea7, 0x1de26905, 0xf5f5f9a4, 0x2d789c0c, 0xc56f0cad,
+    0x2626bb0f, 0xce312bae, 0x3bc4d20a, 0xd3d342ab, 0x309af509,
+    0xd88d65a8, 0x5af13818, 0xb2e6a8b9, 0x51af1f1b, 0xb9b88fba,
+    0x4c4d761e, 0xa45ae6bf, 0x4713511d, 0xaf04c1bc, 0x7789a414,
+    0x9f9e34b5, 0x7cd78317, 0x94c013b6, 0x6135ea12, 0x89227ab3,
+    0x6a6bcd11, 0x827c5db0, 0xb5e27030, 0x5df5e091, 0xbebc5733,
+    0x56abc792, 0xa35e3e36, 0x4b49ae97, 0xa8001935, 0x40178994,
+    0x989aec3c, 0x708d7c9d, 0x93c4cb3f, 0x7bd35b9e, 0x8e26a23a,
+    0x6631329b, 0x85788539, 0x6d6f1598, 0xef134828, 0x0704d889,
+    0xe44d6f2b, 0x0c5aff8a, 0xf9af062e, 0x11b8968f, 0xf2f1212d,
+    0x1ae6b18c, 0xc26bd424, 0x2a7c4485, 0xc935f327, 0x21226386,
+    0xd4d79a22, 0x3cc00a83, 0xdf89bd21, 0x379e2d80, 0xb0b5e621,
+    0x58a27680, 0xbbebc122, 0x53fc5183, 0xa609a827, 0x4e1e3886,
+    0xad578f24, 0x45401f85, 0x9dcd7a2d, 0x75daea8c, 0x96935d2e,
+    0x7e84cd8f, 0x8b71342b, 0x6366a48a, 0x802f1328, 0x68388389,
+    0xea44de39, 0x02534e98, 0xe11af93a, 0x090d699b, 0xfcf8903f,
+    0x14ef009e, 0xf7a6b73c, 0x1fb1279d, 0xc73c4235, 0x2f2bd294,
+    0xcc626536, 0x2475f597, 0xd1800c33, 0x39979c92, 0xdade2b30,
+    0x32c9bb91, 0x05579611, 0xed4006b0, 0x0e09b112, 0xe61e21b3,
+    0x13ebd817, 0xfbfc48b6, 0x18b5ff14, 0xf0a26fb5, 0x282f0a1d,
+    0xc0389abc, 0x23712d1e, 0xcb66bdbf, 0x3e93441b, 0xd684d4ba,
+    0x35cd6318, 0xdddaf3b9, 0x5fa6ae09, 0xb7b13ea8, 0x54f8890a,
+    0xbcef19ab, 0x491ae00f, 0xa10d70ae, 0x4244c70c, 0xaa5357ad,
+    0x72de3205, 0x9ac9a2a4, 0x79801506, 0x919785a7, 0x64627c03,
+    0x8c75eca2, 0x6f3c5b00, 0x872bcba1, 0xba1aca03, 0x520d5aa2,
+    0xb144ed00, 0x59537da1, 0xaca68405, 0x44b114a4, 0xa7f8a306,
+    0x4fef33a7, 0x9762560f, 0x7f75c6ae, 0x9c3c710c, 0x742be1ad,
+    0x81de1809, 0x69c988a8, 0x8a803f0a, 0x6297afab, 0xe0ebf21b,
+    0x08fc62ba, 0xebb5d518, 0x03a245b9, 0xf657bc1d, 0x1e402cbc,
+    0xfd099b1e, 0x151e0bbf, 0xcd936e17, 0x2584feb6, 0xc6cd4914,
+    0x2edad9b5, 0xdb2f2011, 0x3338b0b0, 0xd0710712, 0x386697b3,
+    0x0ff8ba33, 0xe7ef2a92, 0x04a69d30, 0xecb10d91, 0x1944f435,
+    0xf1536494, 0x121ad336, 0xfa0d4397, 0x2280263f, 0xca97b69e,
+    0x29de013c, 0xc1c9919d, 0x343c6839, 0xdc2bf898, 0x3f624f3a,
+    0xd775df9b, 0x5509822b, 0xbd1e128a, 0x5e57a528, 0xb6403589,
+    0x43b5cc2d, 0xaba25c8c, 0x48ebeb2e, 0xa0fc7b8f, 0x78711e27,
+    0x90668e86, 0x732f3924, 0x9b38a985, 0x6ecd5021, 0x86dac080,
+    0x65937722, 0x8d84e783, 0x0aaf2c22, 0xe2b8bc83, 0x01f10b21,
+    0xe9e69b80, 0x1c136224, 0xf404f285, 0x174d4527, 0xff5ad586,
+    0x27d7b02e, 0xcfc0208f, 0x2c89972d, 0xc49e078c, 0x316bfe28,
+    0xd97c6e89, 0x3a35d92b, 0xd222498a, 0x505e143a, 0xb849849b,
+    0x5b003339, 0xb317a398, 0x46e25a3c, 0xaef5ca9d, 0x4dbc7d3f,
+    0xa5abed9e, 0x7d268836, 0x95311897, 0x7678af35, 0x9e6f3f94,
+    0x6b9ac630, 0x838d5691, 0x60c4e133, 0x88d37192, 0xbf4d5c12,
+    0x575accb3, 0xb4137b11, 0x5c04ebb0, 0xa9f11214, 0x41e682b5,
+    0xa2af3517, 0x4ab8a5b6, 0x9235c01e, 0x7a2250bf, 0x996be71d,
+    0x717c77bc, 0x84898e18, 0x6c9e1eb9, 0x8fd7a91b, 0x67c039ba,
+    0xe5bc640a, 0x0dabf4ab, 0xeee24309, 0x06f5d3a8, 0xf3002a0c,
+    0x1b17baad, 0xf85e0d0f, 0x10499dae, 0xc8c4f806, 0x20d368a7,
+    0xc39adf05, 0x2b8d4fa4, 0xde78b600, 0x366f26a1, 0xd5269103,
+    0x3d3101a2}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0xa19017e800000000, 0x03275e0b00000000,
+    0xa2b749e300000000, 0x064ebc1600000000, 0xa7deabfe00000000,
+    0x0569e21d00000000, 0xa4f9f5f500000000, 0x0c9c782d00000000,
+    0xad0c6fc500000000, 0x0fbb262600000000, 0xae2b31ce00000000,
+    0x0ad2c43b00000000, 0xab42d3d300000000, 0x09f59a3000000000,
+    0xa8658dd800000000, 0x1838f15a00000000, 0xb9a8e6b200000000,
+    0x1b1faf5100000000, 0xba8fb8b900000000, 0x1e764d4c00000000,
+    0xbfe65aa400000000, 0x1d51134700000000, 0xbcc104af00000000,
+    0x14a4897700000000, 0xb5349e9f00000000, 0x1783d77c00000000,
+    0xb613c09400000000, 0x12ea356100000000, 0xb37a228900000000,
+    0x11cd6b6a00000000, 0xb05d7c8200000000, 0x3070e2b500000000,
+    0x91e0f55d00000000, 0x3357bcbe00000000, 0x92c7ab5600000000,
+    0x363e5ea300000000, 0x97ae494b00000000, 0x351900a800000000,
+    0x9489174000000000, 0x3cec9a9800000000, 0x9d7c8d7000000000,
+    0x3fcbc49300000000, 0x9e5bd37b00000000, 0x3aa2268e00000000,
+    0x9b32316600000000, 0x3985788500000000, 0x98156f6d00000000,
+    0x284813ef00000000, 0x89d8040700000000, 0x2b6f4de400000000,
+    0x8aff5a0c00000000, 0x2e06aff900000000, 0x8f96b81100000000,
+    0x2d21f1f200000000, 0x8cb1e61a00000000, 0x24d46bc200000000,
+    0x85447c2a00000000, 0x27f335c900000000, 0x8663222100000000,
+    0x229ad7d400000000, 0x830ac03c00000000, 0x21bd89df00000000,
+    0x802d9e3700000000, 0x21e6b5b000000000, 0x8076a25800000000,
+    0x22c1ebbb00000000, 0x8351fc5300000000, 0x27a809a600000000,
+    0x86381e4e00000000, 0x248f57ad00000000, 0x851f404500000000,
+    0x2d7acd9d00000000, 0x8ceada7500000000, 0x2e5d939600000000,
+    0x8fcd847e00000000, 0x2b34718b00000000, 0x8aa4666300000000,
+    0x28132f8000000000, 0x8983386800000000, 0x39de44ea00000000,
+    0x984e530200000000, 0x3af91ae100000000, 0x9b690d0900000000,
+    0x3f90f8fc00000000, 0x9e00ef1400000000, 0x3cb7a6f700000000,
+    0x9d27b11f00000000, 0x35423cc700000000, 0x94d22b2f00000000,
+    0x366562cc00000000, 0x97f5752400000000, 0x330c80d100000000,
+    0x929c973900000000, 0x302bdeda00000000, 0x91bbc93200000000,
+    0x1196570500000000, 0xb00640ed00000000, 0x12b1090e00000000,
+    0xb3211ee600000000, 0x17d8eb1300000000, 0xb648fcfb00000000,
+    0x14ffb51800000000, 0xb56fa2f000000000, 0x1d0a2f2800000000,
+    0xbc9a38c000000000, 0x1e2d712300000000, 0xbfbd66cb00000000,
+    0x1b44933e00000000, 0xbad484d600000000, 0x1863cd3500000000,
+    0xb9f3dadd00000000, 0x09aea65f00000000, 0xa83eb1b700000000,
+    0x0a89f85400000000, 0xab19efbc00000000, 0x0fe01a4900000000,
+    0xae700da100000000, 0x0cc7444200000000, 0xad5753aa00000000,
+    0x0532de7200000000, 0xa4a2c99a00000000, 0x0615807900000000,
+    0xa785979100000000, 0x037c626400000000, 0xa2ec758c00000000,
+    0x005b3c6f00000000, 0xa1cb2b8700000000, 0x03ca1aba00000000,
+    0xa25a0d5200000000, 0x00ed44b100000000, 0xa17d535900000000,
+    0x0584a6ac00000000, 0xa414b14400000000, 0x06a3f8a700000000,
+    0xa733ef4f00000000, 0x0f56629700000000, 0xaec6757f00000000,
+    0x0c713c9c00000000, 0xade12b7400000000, 0x0918de8100000000,
+    0xa888c96900000000, 0x0a3f808a00000000, 0xabaf976200000000,
+    0x1bf2ebe000000000, 0xba62fc0800000000, 0x18d5b5eb00000000,
+    0xb945a20300000000, 0x1dbc57f600000000, 0xbc2c401e00000000,
+    0x1e9b09fd00000000, 0xbf0b1e1500000000, 0x176e93cd00000000,
+    0xb6fe842500000000, 0x1449cdc600000000, 0xb5d9da2e00000000,
+    0x11202fdb00000000, 0xb0b0383300000000, 0x120771d000000000,
+    0xb397663800000000, 0x33baf80f00000000, 0x922aefe700000000,
+    0x309da60400000000, 0x910db1ec00000000, 0x35f4441900000000,
+    0x946453f100000000, 0x36d31a1200000000, 0x97430dfa00000000,
+    0x3f26802200000000, 0x9eb697ca00000000, 0x3c01de2900000000,
+    0x9d91c9c100000000, 0x39683c3400000000, 0x98f82bdc00000000,
+    0x3a4f623f00000000, 0x9bdf75d700000000, 0x2b82095500000000,
+    0x8a121ebd00000000, 0x28a5575e00000000, 0x893540b600000000,
+    0x2dccb54300000000, 0x8c5ca2ab00000000, 0x2eebeb4800000000,
+    0x8f7bfca000000000, 0x271e717800000000, 0x868e669000000000,
+    0x24392f7300000000, 0x85a9389b00000000, 0x2150cd6e00000000,
+    0x80c0da8600000000, 0x2277936500000000, 0x83e7848d00000000,
+    0x222caf0a00000000, 0x83bcb8e200000000, 0x210bf10100000000,
+    0x809be6e900000000, 0x2462131c00000000, 0x85f204f400000000,
+    0x27454d1700000000, 0x86d55aff00000000, 0x2eb0d72700000000,
+    0x8f20c0cf00000000, 0x2d97892c00000000, 0x8c079ec400000000,
+    0x28fe6b3100000000, 0x896e7cd900000000, 0x2bd9353a00000000,
+    0x8a4922d200000000, 0x3a145e5000000000, 0x9b8449b800000000,
+    0x3933005b00000000, 0x98a317b300000000, 0x3c5ae24600000000,
+    0x9dcaf5ae00000000, 0x3f7dbc4d00000000, 0x9eedaba500000000,
+    0x3688267d00000000, 0x9718319500000000, 0x35af787600000000,
+    0x943f6f9e00000000, 0x30c69a6b00000000, 0x91568d8300000000,
+    0x33e1c46000000000, 0x9271d38800000000, 0x125c4dbf00000000,
+    0xb3cc5a5700000000, 0x117b13b400000000, 0xb0eb045c00000000,
+    0x1412f1a900000000, 0xb582e64100000000, 0x1735afa200000000,
+    0xb6a5b84a00000000, 0x1ec0359200000000, 0xbf50227a00000000,
+    0x1de76b9900000000, 0xbc777c7100000000, 0x188e898400000000,
+    0xb91e9e6c00000000, 0x1ba9d78f00000000, 0xba39c06700000000,
+    0x0a64bce500000000, 0xabf4ab0d00000000, 0x0943e2ee00000000,
+    0xa8d3f50600000000, 0x0c2a00f300000000, 0xadba171b00000000,
+    0x0f0d5ef800000000, 0xae9d491000000000, 0x06f8c4c800000000,
+    0xa768d32000000000, 0x05df9ac300000000, 0xa44f8d2b00000000,
+    0x00b678de00000000, 0xa1266f3600000000, 0x039126d500000000,
+    0xa201313d00000000},
+   {0x0000000000000000, 0xee8439a100000000, 0x9d0f029900000000,
+    0x738b3b3800000000, 0x7b1975e900000000, 0x959d4c4800000000,
+    0xe616777000000000, 0x08924ed100000000, 0xb7349b0900000000,
+    0x59b0a2a800000000, 0x2a3b999000000000, 0xc4bfa03100000000,
+    0xcc2deee000000000, 0x22a9d74100000000, 0x5122ec7900000000,
+    0xbfa6d5d800000000, 0x6e69361300000000, 0x80ed0fb200000000,
+    0xf366348a00000000, 0x1de20d2b00000000, 0x157043fa00000000,
+    0xfbf47a5b00000000, 0x887f416300000000, 0x66fb78c200000000,
+    0xd95dad1a00000000, 0x37d994bb00000000, 0x4452af8300000000,
+    0xaad6962200000000, 0xa244d8f300000000, 0x4cc0e15200000000,
+    0x3f4bda6a00000000, 0xd1cfe3cb00000000, 0xdcd26c2600000000,
+    0x3256558700000000, 0x41dd6ebf00000000, 0xaf59571e00000000,
+    0xa7cb19cf00000000, 0x494f206e00000000, 0x3ac41b5600000000,
+    0xd44022f700000000, 0x6be6f72f00000000, 0x8562ce8e00000000,
+    0xf6e9f5b600000000, 0x186dcc1700000000, 0x10ff82c600000000,
+    0xfe7bbb6700000000, 0x8df0805f00000000, 0x6374b9fe00000000,
+    0xb2bb5a3500000000, 0x5c3f639400000000, 0x2fb458ac00000000,
+    0xc130610d00000000, 0xc9a22fdc00000000, 0x2726167d00000000,
+    0x54ad2d4500000000, 0xba2914e400000000, 0x058fc13c00000000,
+    0xeb0bf89d00000000, 0x9880c3a500000000, 0x7604fa0400000000,
+    0x7e96b4d500000000, 0x90128d7400000000, 0xe399b64c00000000,
+    0x0d1d8fed00000000, 0xb8a5d94c00000000, 0x5621e0ed00000000,
+    0x25aadbd500000000, 0xcb2ee27400000000, 0xc3bcaca500000000,
+    0x2d38950400000000, 0x5eb3ae3c00000000, 0xb037979d00000000,
+    0x0f91424500000000, 0xe1157be400000000, 0x929e40dc00000000,
+    0x7c1a797d00000000, 0x748837ac00000000, 0x9a0c0e0d00000000,
+    0xe987353500000000, 0x07030c9400000000, 0xd6ccef5f00000000,
+    0x3848d6fe00000000, 0x4bc3edc600000000, 0xa547d46700000000,
+    0xadd59ab600000000, 0x4351a31700000000, 0x30da982f00000000,
+    0xde5ea18e00000000, 0x61f8745600000000, 0x8f7c4df700000000,
+    0xfcf776cf00000000, 0x12734f6e00000000, 0x1ae101bf00000000,
+    0xf465381e00000000, 0x87ee032600000000, 0x696a3a8700000000,
+    0x6477b56a00000000, 0x8af38ccb00000000, 0xf978b7f300000000,
+    0x17fc8e5200000000, 0x1f6ec08300000000, 0xf1eaf92200000000,
+    0x8261c21a00000000, 0x6ce5fbbb00000000, 0xd3432e6300000000,
+    0x3dc717c200000000, 0x4e4c2cfa00000000, 0xa0c8155b00000000,
+    0xa85a5b8a00000000, 0x46de622b00000000, 0x3555591300000000,
+    0xdbd160b200000000, 0x0a1e837900000000, 0xe49abad800000000,
+    0x971181e000000000, 0x7995b84100000000, 0x7107f69000000000,
+    0x9f83cf3100000000, 0xec08f40900000000, 0x028ccda800000000,
+    0xbd2a187000000000, 0x53ae21d100000000, 0x20251ae900000000,
+    0xcea1234800000000, 0xc6336d9900000000, 0x28b7543800000000,
+    0x5b3c6f0000000000, 0xb5b856a100000000, 0x704bb39900000000,
+    0x9ecf8a3800000000, 0xed44b10000000000, 0x03c088a100000000,
+    0x0b52c67000000000, 0xe5d6ffd100000000, 0x965dc4e900000000,
+    0x78d9fd4800000000, 0xc77f289000000000, 0x29fb113100000000,
+    0x5a702a0900000000, 0xb4f413a800000000, 0xbc665d7900000000,
+    0x52e264d800000000, 0x21695fe000000000, 0xcfed664100000000,
+    0x1e22858a00000000, 0xf0a6bc2b00000000, 0x832d871300000000,
+    0x6da9beb200000000, 0x653bf06300000000, 0x8bbfc9c200000000,
+    0xf834f2fa00000000, 0x16b0cb5b00000000, 0xa9161e8300000000,
+    0x4792272200000000, 0x34191c1a00000000, 0xda9d25bb00000000,
+    0xd20f6b6a00000000, 0x3c8b52cb00000000, 0x4f0069f300000000,
+    0xa184505200000000, 0xac99dfbf00000000, 0x421de61e00000000,
+    0x3196dd2600000000, 0xdf12e48700000000, 0xd780aa5600000000,
+    0x390493f700000000, 0x4a8fa8cf00000000, 0xa40b916e00000000,
+    0x1bad44b600000000, 0xf5297d1700000000, 0x86a2462f00000000,
+    0x68267f8e00000000, 0x60b4315f00000000, 0x8e3008fe00000000,
+    0xfdbb33c600000000, 0x133f0a6700000000, 0xc2f0e9ac00000000,
+    0x2c74d00d00000000, 0x5fffeb3500000000, 0xb17bd29400000000,
+    0xb9e99c4500000000, 0x576da5e400000000, 0x24e69edc00000000,
+    0xca62a77d00000000, 0x75c472a500000000, 0x9b404b0400000000,
+    0xe8cb703c00000000, 0x064f499d00000000, 0x0edd074c00000000,
+    0xe0593eed00000000, 0x93d205d500000000, 0x7d563c7400000000,
+    0xc8ee6ad500000000, 0x266a537400000000, 0x55e1684c00000000,
+    0xbb6551ed00000000, 0xb3f71f3c00000000, 0x5d73269d00000000,
+    0x2ef81da500000000, 0xc07c240400000000, 0x7fdaf1dc00000000,
+    0x915ec87d00000000, 0xe2d5f34500000000, 0x0c51cae400000000,
+    0x04c3843500000000, 0xea47bd9400000000, 0x99cc86ac00000000,
+    0x7748bf0d00000000, 0xa6875cc600000000, 0x4803656700000000,
+    0x3b885e5f00000000, 0xd50c67fe00000000, 0xdd9e292f00000000,
+    0x331a108e00000000, 0x40912bb600000000, 0xae15121700000000,
+    0x11b3c7cf00000000, 0xff37fe6e00000000, 0x8cbcc55600000000,
+    0x6238fcf700000000, 0x6aaab22600000000, 0x842e8b8700000000,
+    0xf7a5b0bf00000000, 0x1921891e00000000, 0x143c06f300000000,
+    0xfab83f5200000000, 0x8933046a00000000, 0x67b73dcb00000000,
+    0x6f25731a00000000, 0x81a14abb00000000, 0xf22a718300000000,
+    0x1cae482200000000, 0xa3089dfa00000000, 0x4d8ca45b00000000,
+    0x3e079f6300000000, 0xd083a6c200000000, 0xd811e81300000000,
+    0x3695d1b200000000, 0x451eea8a00000000, 0xab9ad32b00000000,
+    0x7a5530e000000000, 0x94d1094100000000, 0xe75a327900000000,
+    0x09de0bd800000000, 0x014c450900000000, 0xefc87ca800000000,
+    0x9c43479000000000, 0x72c77e3100000000, 0xcd61abe900000000,
+    0x23e5924800000000, 0x506ea97000000000, 0xbeea90d100000000,
+    0xb678de0000000000, 0x58fce7a100000000, 0x2b77dc9900000000,
+    0xc5f3e53800000000},
+   {0x0000000000000000, 0xfbf6134700000000, 0xf6ed278e00000000,
+    0x0d1b34c900000000, 0xaddd3ec700000000, 0x562b2d8000000000,
+    0x5b30194900000000, 0xa0c60a0e00000000, 0x1bbd0c5500000000,
+    0xe04b1f1200000000, 0xed502bdb00000000, 0x16a6389c00000000,
+    0xb660329200000000, 0x4d9621d500000000, 0x408d151c00000000,
+    0xbb7b065b00000000, 0x367a19aa00000000, 0xcd8c0aed00000000,
+    0xc0973e2400000000, 0x3b612d6300000000, 0x9ba7276d00000000,
+    0x6051342a00000000, 0x6d4a00e300000000, 0x96bc13a400000000,
+    0x2dc715ff00000000, 0xd63106b800000000, 0xdb2a327100000000,
+    0x20dc213600000000, 0x801a2b3800000000, 0x7bec387f00000000,
+    0x76f70cb600000000, 0x8d011ff100000000, 0x2df2438f00000000,
+    0xd60450c800000000, 0xdb1f640100000000, 0x20e9774600000000,
+    0x802f7d4800000000, 0x7bd96e0f00000000, 0x76c25ac600000000,
+    0x8d34498100000000, 0x364f4fda00000000, 0xcdb95c9d00000000,
+    0xc0a2685400000000, 0x3b547b1300000000, 0x9b92711d00000000,
+    0x6064625a00000000, 0x6d7f569300000000, 0x968945d400000000,
+    0x1b885a2500000000, 0xe07e496200000000, 0xed657dab00000000,
+    0x16936eec00000000, 0xb65564e200000000, 0x4da377a500000000,
+    0x40b8436c00000000, 0xbb4e502b00000000, 0x0035567000000000,
+    0xfbc3453700000000, 0xf6d871fe00000000, 0x0d2e62b900000000,
+    0xade868b700000000, 0x561e7bf000000000, 0x5b054f3900000000,
+    0xa0f35c7e00000000, 0x1be2f6c500000000, 0xe014e58200000000,
+    0xed0fd14b00000000, 0x16f9c20c00000000, 0xb63fc80200000000,
+    0x4dc9db4500000000, 0x40d2ef8c00000000, 0xbb24fccb00000000,
+    0x005ffa9000000000, 0xfba9e9d700000000, 0xf6b2dd1e00000000,
+    0x0d44ce5900000000, 0xad82c45700000000, 0x5674d71000000000,
+    0x5b6fe3d900000000, 0xa099f09e00000000, 0x2d98ef6f00000000,
+    0xd66efc2800000000, 0xdb75c8e100000000, 0x2083dba600000000,
+    0x8045d1a800000000, 0x7bb3c2ef00000000, 0x76a8f62600000000,
+    0x8d5ee56100000000, 0x3625e33a00000000, 0xcdd3f07d00000000,
+    0xc0c8c4b400000000, 0x3b3ed7f300000000, 0x9bf8ddfd00000000,
+    0x600eceba00000000, 0x6d15fa7300000000, 0x96e3e93400000000,
+    0x3610b54a00000000, 0xcde6a60d00000000, 0xc0fd92c400000000,
+    0x3b0b818300000000, 0x9bcd8b8d00000000, 0x603b98ca00000000,
+    0x6d20ac0300000000, 0x96d6bf4400000000, 0x2dadb91f00000000,
+    0xd65baa5800000000, 0xdb409e9100000000, 0x20b68dd600000000,
+    0x807087d800000000, 0x7b86949f00000000, 0x769da05600000000,
+    0x8d6bb31100000000, 0x006aace000000000, 0xfb9cbfa700000000,
+    0xf6878b6e00000000, 0x0d71982900000000, 0xadb7922700000000,
+    0x5641816000000000, 0x5b5ab5a900000000, 0xa0aca6ee00000000,
+    0x1bd7a0b500000000, 0xe021b3f200000000, 0xed3a873b00000000,
+    0x16cc947c00000000, 0xb60a9e7200000000, 0x4dfc8d3500000000,
+    0x40e7b9fc00000000, 0xbb11aabb00000000, 0x77c29c5000000000,
+    0x8c348f1700000000, 0x812fbbde00000000, 0x7ad9a89900000000,
+    0xda1fa29700000000, 0x21e9b1d000000000, 0x2cf2851900000000,
+    0xd704965e00000000, 0x6c7f900500000000, 0x9789834200000000,
+    0x9a92b78b00000000, 0x6164a4cc00000000, 0xc1a2aec200000000,
+    0x3a54bd8500000000, 0x374f894c00000000, 0xccb99a0b00000000,
+    0x41b885fa00000000, 0xba4e96bd00000000, 0xb755a27400000000,
+    0x4ca3b13300000000, 0xec65bb3d00000000, 0x1793a87a00000000,
+    0x1a889cb300000000, 0xe17e8ff400000000, 0x5a0589af00000000,
+    0xa1f39ae800000000, 0xace8ae2100000000, 0x571ebd6600000000,
+    0xf7d8b76800000000, 0x0c2ea42f00000000, 0x013590e600000000,
+    0xfac383a100000000, 0x5a30dfdf00000000, 0xa1c6cc9800000000,
+    0xacddf85100000000, 0x572beb1600000000, 0xf7ede11800000000,
+    0x0c1bf25f00000000, 0x0100c69600000000, 0xfaf6d5d100000000,
+    0x418dd38a00000000, 0xba7bc0cd00000000, 0xb760f40400000000,
+    0x4c96e74300000000, 0xec50ed4d00000000, 0x17a6fe0a00000000,
+    0x1abdcac300000000, 0xe14bd98400000000, 0x6c4ac67500000000,
+    0x97bcd53200000000, 0x9aa7e1fb00000000, 0x6151f2bc00000000,
+    0xc197f8b200000000, 0x3a61ebf500000000, 0x377adf3c00000000,
+    0xcc8ccc7b00000000, 0x77f7ca2000000000, 0x8c01d96700000000,
+    0x811aedae00000000, 0x7aecfee900000000, 0xda2af4e700000000,
+    0x21dce7a000000000, 0x2cc7d36900000000, 0xd731c02e00000000,
+    0x6c206a9500000000, 0x97d679d200000000, 0x9acd4d1b00000000,
+    0x613b5e5c00000000, 0xc1fd545200000000, 0x3a0b471500000000,
+    0x371073dc00000000, 0xcce6609b00000000, 0x779d66c000000000,
+    0x8c6b758700000000, 0x8170414e00000000, 0x7a86520900000000,
+    0xda40580700000000, 0x21b64b4000000000, 0x2cad7f8900000000,
+    0xd75b6cce00000000, 0x5a5a733f00000000, 0xa1ac607800000000,
+    0xacb754b100000000, 0x574147f600000000, 0xf7874df800000000,
+    0x0c715ebf00000000, 0x016a6a7600000000, 0xfa9c793100000000,
+    0x41e77f6a00000000, 0xba116c2d00000000, 0xb70a58e400000000,
+    0x4cfc4ba300000000, 0xec3a41ad00000000, 0x17cc52ea00000000,
+    0x1ad7662300000000, 0xe121756400000000, 0x41d2291a00000000,
+    0xba243a5d00000000, 0xb73f0e9400000000, 0x4cc91dd300000000,
+    0xec0f17dd00000000, 0x17f9049a00000000, 0x1ae2305300000000,
+    0xe114231400000000, 0x5a6f254f00000000, 0xa199360800000000,
+    0xac8202c100000000, 0x5774118600000000, 0xf7b21b8800000000,
+    0x0c4408cf00000000, 0x015f3c0600000000, 0xfaa92f4100000000,
+    0x77a830b000000000, 0x8c5e23f700000000, 0x8145173e00000000,
+    0x7ab3047900000000, 0xda750e7700000000, 0x21831d3000000000,
+    0x2c9829f900000000, 0xd76e3abe00000000, 0x6c153ce500000000,
+    0x97e32fa200000000, 0x9af81b6b00000000, 0x610e082c00000000,
+    0xc1c8022200000000, 0x3a3e116500000000, 0x372525ac00000000,
+    0xccd336eb00000000},
+   {0x0000000000000000, 0x6238282a00000000, 0xc470505400000000,
+    0xa648787e00000000, 0x88e1a0a800000000, 0xead9888200000000,
+    0x4c91f0fc00000000, 0x2ea9d8d600000000, 0x51c5308a00000000,
+    0x33fd18a000000000, 0x95b560de00000000, 0xf78d48f400000000,
+    0xd924902200000000, 0xbb1cb80800000000, 0x1d54c07600000000,
+    0x7f6ce85c00000000, 0xe38c10cf00000000, 0x81b438e500000000,
+    0x27fc409b00000000, 0x45c468b100000000, 0x6b6db06700000000,
+    0x0955984d00000000, 0xaf1de03300000000, 0xcd25c81900000000,
+    0xb249204500000000, 0xd071086f00000000, 0x7639701100000000,
+    0x1401583b00000000, 0x3aa880ed00000000, 0x5890a8c700000000,
+    0xfed8d0b900000000, 0x9ce0f89300000000, 0x871f504500000000,
+    0xe527786f00000000, 0x436f001100000000, 0x2157283b00000000,
+    0x0ffef0ed00000000, 0x6dc6d8c700000000, 0xcb8ea0b900000000,
+    0xa9b6889300000000, 0xd6da60cf00000000, 0xb4e248e500000000,
+    0x12aa309b00000000, 0x709218b100000000, 0x5e3bc06700000000,
+    0x3c03e84d00000000, 0x9a4b903300000000, 0xf873b81900000000,
+    0x6493408a00000000, 0x06ab68a000000000, 0xa0e310de00000000,
+    0xc2db38f400000000, 0xec72e02200000000, 0x8e4ac80800000000,
+    0x2802b07600000000, 0x4a3a985c00000000, 0x3556700000000000,
+    0x576e582a00000000, 0xf126205400000000, 0x931e087e00000000,
+    0xbdb7d0a800000000, 0xdf8ff88200000000, 0x79c780fc00000000,
+    0x1bffa8d600000000, 0x0e3fa08a00000000, 0x6c0788a000000000,
+    0xca4ff0de00000000, 0xa877d8f400000000, 0x86de002200000000,
+    0xe4e6280800000000, 0x42ae507600000000, 0x2096785c00000000,
+    0x5ffa900000000000, 0x3dc2b82a00000000, 0x9b8ac05400000000,
+    0xf9b2e87e00000000, 0xd71b30a800000000, 0xb523188200000000,
+    0x136b60fc00000000, 0x715348d600000000, 0xedb3b04500000000,
+    0x8f8b986f00000000, 0x29c3e01100000000, 0x4bfbc83b00000000,
+    0x655210ed00000000, 0x076a38c700000000, 0xa12240b900000000,
+    0xc31a689300000000, 0xbc7680cf00000000, 0xde4ea8e500000000,
+    0x7806d09b00000000, 0x1a3ef8b100000000, 0x3497206700000000,
+    0x56af084d00000000, 0xf0e7703300000000, 0x92df581900000000,
+    0x8920f0cf00000000, 0xeb18d8e500000000, 0x4d50a09b00000000,
+    0x2f6888b100000000, 0x01c1506700000000, 0x63f9784d00000000,
+    0xc5b1003300000000, 0xa789281900000000, 0xd8e5c04500000000,
+    0xbadde86f00000000, 0x1c95901100000000, 0x7eadb83b00000000,
+    0x500460ed00000000, 0x323c48c700000000, 0x947430b900000000,
+    0xf64c189300000000, 0x6aace00000000000, 0x0894c82a00000000,
+    0xaedcb05400000000, 0xcce4987e00000000, 0xe24d40a800000000,
+    0x8075688200000000, 0x263d10fc00000000, 0x440538d600000000,
+    0x3b69d08a00000000, 0x5951f8a000000000, 0xff1980de00000000,
+    0x9d21a8f400000000, 0xb388702200000000, 0xd1b0580800000000,
+    0x77f8207600000000, 0x15c0085c00000000, 0x5d7831ce00000000,
+    0x3f4019e400000000, 0x9908619a00000000, 0xfb3049b000000000,
+    0xd599916600000000, 0xb7a1b94c00000000, 0x11e9c13200000000,
+    0x73d1e91800000000, 0x0cbd014400000000, 0x6e85296e00000000,
+    0xc8cd511000000000, 0xaaf5793a00000000, 0x845ca1ec00000000,
+    0xe66489c600000000, 0x402cf1b800000000, 0x2214d99200000000,
+    0xbef4210100000000, 0xdccc092b00000000, 0x7a84715500000000,
+    0x18bc597f00000000, 0x361581a900000000, 0x542da98300000000,
+    0xf265d1fd00000000, 0x905df9d700000000, 0xef31118b00000000,
+    0x8d0939a100000000, 0x2b4141df00000000, 0x497969f500000000,
+    0x67d0b12300000000, 0x05e8990900000000, 0xa3a0e17700000000,
+    0xc198c95d00000000, 0xda67618b00000000, 0xb85f49a100000000,
+    0x1e1731df00000000, 0x7c2f19f500000000, 0x5286c12300000000,
+    0x30bee90900000000, 0x96f6917700000000, 0xf4ceb95d00000000,
+    0x8ba2510100000000, 0xe99a792b00000000, 0x4fd2015500000000,
+    0x2dea297f00000000, 0x0343f1a900000000, 0x617bd98300000000,
+    0xc733a1fd00000000, 0xa50b89d700000000, 0x39eb714400000000,
+    0x5bd3596e00000000, 0xfd9b211000000000, 0x9fa3093a00000000,
+    0xb10ad1ec00000000, 0xd332f9c600000000, 0x757a81b800000000,
+    0x1742a99200000000, 0x682e41ce00000000, 0x0a1669e400000000,
+    0xac5e119a00000000, 0xce6639b000000000, 0xe0cfe16600000000,
+    0x82f7c94c00000000, 0x24bfb13200000000, 0x4687991800000000,
+    0x5347914400000000, 0x317fb96e00000000, 0x9737c11000000000,
+    0xf50fe93a00000000, 0xdba631ec00000000, 0xb99e19c600000000,
+    0x1fd661b800000000, 0x7dee499200000000, 0x0282a1ce00000000,
+    0x60ba89e400000000, 0xc6f2f19a00000000, 0xa4cad9b000000000,
+    0x8a63016600000000, 0xe85b294c00000000, 0x4e13513200000000,
+    0x2c2b791800000000, 0xb0cb818b00000000, 0xd2f3a9a100000000,
+    0x74bbd1df00000000, 0x1683f9f500000000, 0x382a212300000000,
+    0x5a12090900000000, 0xfc5a717700000000, 0x9e62595d00000000,
+    0xe10eb10100000000, 0x8336992b00000000, 0x257ee15500000000,
+    0x4746c97f00000000, 0x69ef11a900000000, 0x0bd7398300000000,
+    0xad9f41fd00000000, 0xcfa769d700000000, 0xd458c10100000000,
+    0xb660e92b00000000, 0x1028915500000000, 0x7210b97f00000000,
+    0x5cb961a900000000, 0x3e81498300000000, 0x98c931fd00000000,
+    0xfaf119d700000000, 0x859df18b00000000, 0xe7a5d9a100000000,
+    0x41eda1df00000000, 0x23d589f500000000, 0x0d7c512300000000,
+    0x6f44790900000000, 0xc90c017700000000, 0xab34295d00000000,
+    0x37d4d1ce00000000, 0x55ecf9e400000000, 0xf3a4819a00000000,
+    0x919ca9b000000000, 0xbf35716600000000, 0xdd0d594c00000000,
+    0x7b45213200000000, 0x197d091800000000, 0x6611e14400000000,
+    0x0429c96e00000000, 0xa261b11000000000, 0xc059993a00000000,
+    0xeef041ec00000000, 0x8cc869c600000000, 0x2a8011b800000000,
+    0x48b8399200000000},
+   {0x0000000000000000, 0x4c2896a300000000, 0xd9565d9c00000000,
+    0x957ecb3f00000000, 0xf3abcbe300000000, 0xbf835d4000000000,
+    0x2afd967f00000000, 0x66d500dc00000000, 0xa751e61c00000000,
+    0xeb7970bf00000000, 0x7e07bb8000000000, 0x322f2d2300000000,
+    0x54fa2dff00000000, 0x18d2bb5c00000000, 0x8dac706300000000,
+    0xc184e6c000000000, 0x4ea3cc3900000000, 0x028b5a9a00000000,
+    0x97f591a500000000, 0xdbdd070600000000, 0xbd0807da00000000,
+    0xf120917900000000, 0x645e5a4600000000, 0x2876cce500000000,
+    0xe9f22a2500000000, 0xa5dabc8600000000, 0x30a477b900000000,
+    0x7c8ce11a00000000, 0x1a59e1c600000000, 0x5671776500000000,
+    0xc30fbc5a00000000, 0x8f272af900000000, 0x9c46997300000000,
+    0xd06e0fd000000000, 0x4510c4ef00000000, 0x0938524c00000000,
+    0x6fed529000000000, 0x23c5c43300000000, 0xb6bb0f0c00000000,
+    0xfa9399af00000000, 0x3b177f6f00000000, 0x773fe9cc00000000,
+    0xe24122f300000000, 0xae69b45000000000, 0xc8bcb48c00000000,
+    0x8494222f00000000, 0x11eae91000000000, 0x5dc27fb300000000,
+    0xd2e5554a00000000, 0x9ecdc3e900000000, 0x0bb308d600000000,
+    0x479b9e7500000000, 0x214e9ea900000000, 0x6d66080a00000000,
+    0xf818c33500000000, 0xb430559600000000, 0x75b4b35600000000,
+    0x399c25f500000000, 0xace2eeca00000000, 0xe0ca786900000000,
+    0x861f78b500000000, 0xca37ee1600000000, 0x5f49252900000000,
+    0x1361b38a00000000, 0x388d32e700000000, 0x74a5a44400000000,
+    0xe1db6f7b00000000, 0xadf3f9d800000000, 0xcb26f90400000000,
+    0x870e6fa700000000, 0x1270a49800000000, 0x5e58323b00000000,
+    0x9fdcd4fb00000000, 0xd3f4425800000000, 0x468a896700000000,
+    0x0aa21fc400000000, 0x6c771f1800000000, 0x205f89bb00000000,
+    0xb521428400000000, 0xf909d42700000000, 0x762efede00000000,
+    0x3a06687d00000000, 0xaf78a34200000000, 0xe35035e100000000,
+    0x8585353d00000000, 0xc9ada39e00000000, 0x5cd368a100000000,
+    0x10fbfe0200000000, 0xd17f18c200000000, 0x9d578e6100000000,
+    0x0829455e00000000, 0x4401d3fd00000000, 0x22d4d32100000000,
+    0x6efc458200000000, 0xfb828ebd00000000, 0xb7aa181e00000000,
+    0xa4cbab9400000000, 0xe8e33d3700000000, 0x7d9df60800000000,
+    0x31b560ab00000000, 0x5760607700000000, 0x1b48f6d400000000,
+    0x8e363deb00000000, 0xc21eab4800000000, 0x039a4d8800000000,
+    0x4fb2db2b00000000, 0xdacc101400000000, 0x96e486b700000000,
+    0xf031866b00000000, 0xbc1910c800000000, 0x2967dbf700000000,
+    0x654f4d5400000000, 0xea6867ad00000000, 0xa640f10e00000000,
+    0x333e3a3100000000, 0x7f16ac9200000000, 0x19c3ac4e00000000,
+    0x55eb3aed00000000, 0xc095f1d200000000, 0x8cbd677100000000,
+    0x4d3981b100000000, 0x0111171200000000, 0x946fdc2d00000000,
+    0xd8474a8e00000000, 0xbe924a5200000000, 0xf2badcf100000000,
+    0x67c417ce00000000, 0x2bec816d00000000, 0x311c141500000000,
+    0x7d3482b600000000, 0xe84a498900000000, 0xa462df2a00000000,
+    0xc2b7dff600000000, 0x8e9f495500000000, 0x1be1826a00000000,
+    0x57c914c900000000, 0x964df20900000000, 0xda6564aa00000000,
+    0x4f1baf9500000000, 0x0333393600000000, 0x65e639ea00000000,
+    0x29ceaf4900000000, 0xbcb0647600000000, 0xf098f2d500000000,
+    0x7fbfd82c00000000, 0x33974e8f00000000, 0xa6e985b000000000,
+    0xeac1131300000000, 0x8c1413cf00000000, 0xc03c856c00000000,
+    0x55424e5300000000, 0x196ad8f000000000, 0xd8ee3e3000000000,
+    0x94c6a89300000000, 0x01b863ac00000000, 0x4d90f50f00000000,
+    0x2b45f5d300000000, 0x676d637000000000, 0xf213a84f00000000,
+    0xbe3b3eec00000000, 0xad5a8d6600000000, 0xe1721bc500000000,
+    0x740cd0fa00000000, 0x3824465900000000, 0x5ef1468500000000,
+    0x12d9d02600000000, 0x87a71b1900000000, 0xcb8f8dba00000000,
+    0x0a0b6b7a00000000, 0x4623fdd900000000, 0xd35d36e600000000,
+    0x9f75a04500000000, 0xf9a0a09900000000, 0xb588363a00000000,
+    0x20f6fd0500000000, 0x6cde6ba600000000, 0xe3f9415f00000000,
+    0xafd1d7fc00000000, 0x3aaf1cc300000000, 0x76878a6000000000,
+    0x10528abc00000000, 0x5c7a1c1f00000000, 0xc904d72000000000,
+    0x852c418300000000, 0x44a8a74300000000, 0x088031e000000000,
+    0x9dfefadf00000000, 0xd1d66c7c00000000, 0xb7036ca000000000,
+    0xfb2bfa0300000000, 0x6e55313c00000000, 0x227da79f00000000,
+    0x099126f200000000, 0x45b9b05100000000, 0xd0c77b6e00000000,
+    0x9cefedcd00000000, 0xfa3aed1100000000, 0xb6127bb200000000,
+    0x236cb08d00000000, 0x6f44262e00000000, 0xaec0c0ee00000000,
+    0xe2e8564d00000000, 0x77969d7200000000, 0x3bbe0bd100000000,
+    0x5d6b0b0d00000000, 0x11439dae00000000, 0x843d569100000000,
+    0xc815c03200000000, 0x4732eacb00000000, 0x0b1a7c6800000000,
+    0x9e64b75700000000, 0xd24c21f400000000, 0xb499212800000000,
+    0xf8b1b78b00000000, 0x6dcf7cb400000000, 0x21e7ea1700000000,
+    0xe0630cd700000000, 0xac4b9a7400000000, 0x3935514b00000000,
+    0x751dc7e800000000, 0x13c8c73400000000, 0x5fe0519700000000,
+    0xca9e9aa800000000, 0x86b60c0b00000000, 0x95d7bf8100000000,
+    0xd9ff292200000000, 0x4c81e21d00000000, 0x00a974be00000000,
+    0x667c746200000000, 0x2a54e2c100000000, 0xbf2a29fe00000000,
+    0xf302bf5d00000000, 0x3286599d00000000, 0x7eaecf3e00000000,
+    0xebd0040100000000, 0xa7f892a200000000, 0xc12d927e00000000,
+    0x8d0504dd00000000, 0x187bcfe200000000, 0x5453594100000000,
+    0xdb7473b800000000, 0x975ce51b00000000, 0x02222e2400000000,
+    0x4e0ab88700000000, 0x28dfb85b00000000, 0x64f72ef800000000,
+    0xf189e5c700000000, 0xbda1736400000000, 0x7c2595a400000000,
+    0x300d030700000000, 0xa573c83800000000, 0xe95b5e9b00000000,
+    0x8f8e5e4700000000, 0xc3a6c8e400000000, 0x56d803db00000000,
+    0x1af0957800000000},
+   {0x0000000000000000, 0x939bc97f00000000, 0x263793ff00000000,
+    0xb5ac5a8000000000, 0x0d68572400000000, 0x9ef39e5b00000000,
+    0x2b5fc4db00000000, 0xb8c40da400000000, 0x1ad0ae4800000000,
+    0x894b673700000000, 0x3ce73db700000000, 0xaf7cf4c800000000,
+    0x17b8f96c00000000, 0x8423301300000000, 0x318f6a9300000000,
+    0xa214a3ec00000000, 0x34a05d9100000000, 0xa73b94ee00000000,
+    0x1297ce6e00000000, 0x810c071100000000, 0x39c80ab500000000,
+    0xaa53c3ca00000000, 0x1fff994a00000000, 0x8c64503500000000,
+    0x2e70f3d900000000, 0xbdeb3aa600000000, 0x0847602600000000,
+    0x9bdca95900000000, 0x2318a4fd00000000, 0xb0836d8200000000,
+    0x052f370200000000, 0x96b4fe7d00000000, 0x2946caf900000000,
+    0xbadd038600000000, 0x0f71590600000000, 0x9cea907900000000,
+    0x242e9ddd00000000, 0xb7b554a200000000, 0x02190e2200000000,
+    0x9182c75d00000000, 0x339664b100000000, 0xa00dadce00000000,
+    0x15a1f74e00000000, 0x863a3e3100000000, 0x3efe339500000000,
+    0xad65faea00000000, 0x18c9a06a00000000, 0x8b52691500000000,
+    0x1de6976800000000, 0x8e7d5e1700000000, 0x3bd1049700000000,
+    0xa84acde800000000, 0x108ec04c00000000, 0x8315093300000000,
+    0x36b953b300000000, 0xa5229acc00000000, 0x0736392000000000,
+    0x94adf05f00000000, 0x2101aadf00000000, 0xb29a63a000000000,
+    0x0a5e6e0400000000, 0x99c5a77b00000000, 0x2c69fdfb00000000,
+    0xbff2348400000000, 0x138ae52800000000, 0x80112c5700000000,
+    0x35bd76d700000000, 0xa626bfa800000000, 0x1ee2b20c00000000,
+    0x8d797b7300000000, 0x38d521f300000000, 0xab4ee88c00000000,
+    0x095a4b6000000000, 0x9ac1821f00000000, 0x2f6dd89f00000000,
+    0xbcf611e000000000, 0x04321c4400000000, 0x97a9d53b00000000,
+    0x22058fbb00000000, 0xb19e46c400000000, 0x272ab8b900000000,
+    0xb4b171c600000000, 0x011d2b4600000000, 0x9286e23900000000,
+    0x2a42ef9d00000000, 0xb9d926e200000000, 0x0c757c6200000000,
+    0x9feeb51d00000000, 0x3dfa16f100000000, 0xae61df8e00000000,
+    0x1bcd850e00000000, 0x88564c7100000000, 0x309241d500000000,
+    0xa30988aa00000000, 0x16a5d22a00000000, 0x853e1b5500000000,
+    0x3acc2fd100000000, 0xa957e6ae00000000, 0x1cfbbc2e00000000,
+    0x8f60755100000000, 0x37a478f500000000, 0xa43fb18a00000000,
+    0x1193eb0a00000000, 0x8208227500000000, 0x201c819900000000,
+    0xb38748e600000000, 0x062b126600000000, 0x95b0db1900000000,
+    0x2d74d6bd00000000, 0xbeef1fc200000000, 0x0b43454200000000,
+    0x98d88c3d00000000, 0x0e6c724000000000, 0x9df7bb3f00000000,
+    0x285be1bf00000000, 0xbbc028c000000000, 0x0304256400000000,
+    0x909fec1b00000000, 0x2533b69b00000000, 0xb6a87fe400000000,
+    0x14bcdc0800000000, 0x8727157700000000, 0x328b4ff700000000,
+    0xa110868800000000, 0x19d48b2c00000000, 0x8a4f425300000000,
+    0x3fe318d300000000, 0xac78d1ac00000000, 0x2614cb5100000000,
+    0xb58f022e00000000, 0x002358ae00000000, 0x93b891d100000000,
+    0x2b7c9c7500000000, 0xb8e7550a00000000, 0x0d4b0f8a00000000,
+    0x9ed0c6f500000000, 0x3cc4651900000000, 0xaf5fac6600000000,
+    0x1af3f6e600000000, 0x89683f9900000000, 0x31ac323d00000000,
+    0xa237fb4200000000, 0x179ba1c200000000, 0x840068bd00000000,
+    0x12b496c000000000, 0x812f5fbf00000000, 0x3483053f00000000,
+    0xa718cc4000000000, 0x1fdcc1e400000000, 0x8c47089b00000000,
+    0x39eb521b00000000, 0xaa709b6400000000, 0x0864388800000000,
+    0x9bfff1f700000000, 0x2e53ab7700000000, 0xbdc8620800000000,
+    0x050c6fac00000000, 0x9697a6d300000000, 0x233bfc5300000000,
+    0xb0a0352c00000000, 0x0f5201a800000000, 0x9cc9c8d700000000,
+    0x2965925700000000, 0xbafe5b2800000000, 0x023a568c00000000,
+    0x91a19ff300000000, 0x240dc57300000000, 0xb7960c0c00000000,
+    0x1582afe000000000, 0x8619669f00000000, 0x33b53c1f00000000,
+    0xa02ef56000000000, 0x18eaf8c400000000, 0x8b7131bb00000000,
+    0x3edd6b3b00000000, 0xad46a24400000000, 0x3bf25c3900000000,
+    0xa869954600000000, 0x1dc5cfc600000000, 0x8e5e06b900000000,
+    0x369a0b1d00000000, 0xa501c26200000000, 0x10ad98e200000000,
+    0x8336519d00000000, 0x2122f27100000000, 0xb2b93b0e00000000,
+    0x0715618e00000000, 0x948ea8f100000000, 0x2c4aa55500000000,
+    0xbfd16c2a00000000, 0x0a7d36aa00000000, 0x99e6ffd500000000,
+    0x359e2e7900000000, 0xa605e70600000000, 0x13a9bd8600000000,
+    0x803274f900000000, 0x38f6795d00000000, 0xab6db02200000000,
+    0x1ec1eaa200000000, 0x8d5a23dd00000000, 0x2f4e803100000000,
+    0xbcd5494e00000000, 0x097913ce00000000, 0x9ae2dab100000000,
+    0x2226d71500000000, 0xb1bd1e6a00000000, 0x041144ea00000000,
+    0x978a8d9500000000, 0x013e73e800000000, 0x92a5ba9700000000,
+    0x2709e01700000000, 0xb492296800000000, 0x0c5624cc00000000,
+    0x9fcdedb300000000, 0x2a61b73300000000, 0xb9fa7e4c00000000,
+    0x1beedda000000000, 0x887514df00000000, 0x3dd94e5f00000000,
+    0xae42872000000000, 0x16868a8400000000, 0x851d43fb00000000,
+    0x30b1197b00000000, 0xa32ad00400000000, 0x1cd8e48000000000,
+    0x8f432dff00000000, 0x3aef777f00000000, 0xa974be0000000000,
+    0x11b0b3a400000000, 0x822b7adb00000000, 0x3787205b00000000,
+    0xa41ce92400000000, 0x06084ac800000000, 0x959383b700000000,
+    0x203fd93700000000, 0xb3a4104800000000, 0x0b601dec00000000,
+    0x98fbd49300000000, 0x2d578e1300000000, 0xbecc476c00000000,
+    0x2878b91100000000, 0xbbe3706e00000000, 0x0e4f2aee00000000,
+    0x9dd4e39100000000, 0x2510ee3500000000, 0xb68b274a00000000,
+    0x03277dca00000000, 0x90bcb4b500000000, 0x32a8175900000000,
+    0xa133de2600000000, 0x149f84a600000000, 0x87044dd900000000,
+    0x3fc0407d00000000, 0xac5b890200000000, 0x19f7d38200000000,
+    0x8a6c1afd00000000},
+   {0x0000000000000000, 0x650b796900000000, 0xca16f2d200000000,
+    0xaf1d8bbb00000000, 0xd52b957e00000000, 0xb020ec1700000000,
+    0x1f3d67ac00000000, 0x7a361ec500000000, 0xaa572afd00000000,
+    0xcf5c539400000000, 0x6041d82f00000000, 0x054aa14600000000,
+    0x7f7cbf8300000000, 0x1a77c6ea00000000, 0xb56a4d5100000000,
+    0xd061343800000000, 0x15a9252100000000, 0x70a25c4800000000,
+    0xdfbfd7f300000000, 0xbab4ae9a00000000, 0xc082b05f00000000,
+    0xa589c93600000000, 0x0a94428d00000000, 0x6f9f3be400000000,
+    0xbffe0fdc00000000, 0xdaf576b500000000, 0x75e8fd0e00000000,
+    0x10e3846700000000, 0x6ad59aa200000000, 0x0fdee3cb00000000,
+    0xa0c3687000000000, 0xc5c8111900000000, 0x2a524b4200000000,
+    0x4f59322b00000000, 0xe044b99000000000, 0x854fc0f900000000,
+    0xff79de3c00000000, 0x9a72a75500000000, 0x356f2cee00000000,
+    0x5064558700000000, 0x800561bf00000000, 0xe50e18d600000000,
+    0x4a13936d00000000, 0x2f18ea0400000000, 0x552ef4c100000000,
+    0x30258da800000000, 0x9f38061300000000, 0xfa337f7a00000000,
+    0x3ffb6e6300000000, 0x5af0170a00000000, 0xf5ed9cb100000000,
+    0x90e6e5d800000000, 0xead0fb1d00000000, 0x8fdb827400000000,
+    0x20c609cf00000000, 0x45cd70a600000000, 0x95ac449e00000000,
+    0xf0a73df700000000, 0x5fbab64c00000000, 0x3ab1cf2500000000,
+    0x4087d1e000000000, 0x258ca88900000000, 0x8a91233200000000,
+    0xef9a5a5b00000000, 0x54a4968400000000, 0x31afefed00000000,
+    0x9eb2645600000000, 0xfbb91d3f00000000, 0x818f03fa00000000,
+    0xe4847a9300000000, 0x4b99f12800000000, 0x2e92884100000000,
+    0xfef3bc7900000000, 0x9bf8c51000000000, 0x34e54eab00000000,
+    0x51ee37c200000000, 0x2bd8290700000000, 0x4ed3506e00000000,
+    0xe1cedbd500000000, 0x84c5a2bc00000000, 0x410db3a500000000,
+    0x2406cacc00000000, 0x8b1b417700000000, 0xee10381e00000000,
+    0x942626db00000000, 0xf12d5fb200000000, 0x5e30d40900000000,
+    0x3b3bad6000000000, 0xeb5a995800000000, 0x8e51e03100000000,
+    0x214c6b8a00000000, 0x444712e300000000, 0x3e710c2600000000,
+    0x5b7a754f00000000, 0xf467fef400000000, 0x916c879d00000000,
+    0x7ef6ddc600000000, 0x1bfda4af00000000, 0xb4e02f1400000000,
+    0xd1eb567d00000000, 0xabdd48b800000000, 0xced631d100000000,
+    0x61cbba6a00000000, 0x04c0c30300000000, 0xd4a1f73b00000000,
+    0xb1aa8e5200000000, 0x1eb705e900000000, 0x7bbc7c8000000000,
+    0x018a624500000000, 0x64811b2c00000000, 0xcb9c909700000000,
+    0xae97e9fe00000000, 0x6b5ff8e700000000, 0x0e54818e00000000,
+    0xa1490a3500000000, 0xc442735c00000000, 0xbe746d9900000000,
+    0xdb7f14f000000000, 0x74629f4b00000000, 0x1169e62200000000,
+    0xc108d21a00000000, 0xa403ab7300000000, 0x0b1e20c800000000,
+    0x6e1559a100000000, 0x1423476400000000, 0x71283e0d00000000,
+    0xde35b5b600000000, 0xbb3eccdf00000000, 0xe94e5cd200000000,
+    0x8c4525bb00000000, 0x2358ae0000000000, 0x4653d76900000000,
+    0x3c65c9ac00000000, 0x596eb0c500000000, 0xf6733b7e00000000,
+    0x9378421700000000, 0x4319762f00000000, 0x26120f4600000000,
+    0x890f84fd00000000, 0xec04fd9400000000, 0x9632e35100000000,
+    0xf3399a3800000000, 0x5c24118300000000, 0x392f68ea00000000,
+    0xfce779f300000000, 0x99ec009a00000000, 0x36f18b2100000000,
+    0x53faf24800000000, 0x29ccec8d00000000, 0x4cc795e400000000,
+    0xe3da1e5f00000000, 0x86d1673600000000, 0x56b0530e00000000,
+    0x33bb2a6700000000, 0x9ca6a1dc00000000, 0xf9add8b500000000,
+    0x839bc67000000000, 0xe690bf1900000000, 0x498d34a200000000,
+    0x2c864dcb00000000, 0xc31c179000000000, 0xa6176ef900000000,
+    0x090ae54200000000, 0x6c019c2b00000000, 0x163782ee00000000,
+    0x733cfb8700000000, 0xdc21703c00000000, 0xb92a095500000000,
+    0x694b3d6d00000000, 0x0c40440400000000, 0xa35dcfbf00000000,
+    0xc656b6d600000000, 0xbc60a81300000000, 0xd96bd17a00000000,
+    0x76765ac100000000, 0x137d23a800000000, 0xd6b532b100000000,
+    0xb3be4bd800000000, 0x1ca3c06300000000, 0x79a8b90a00000000,
+    0x039ea7cf00000000, 0x6695dea600000000, 0xc988551d00000000,
+    0xac832c7400000000, 0x7ce2184c00000000, 0x19e9612500000000,
+    0xb6f4ea9e00000000, 0xd3ff93f700000000, 0xa9c98d3200000000,
+    0xccc2f45b00000000, 0x63df7fe000000000, 0x06d4068900000000,
+    0xbdeaca5600000000, 0xd8e1b33f00000000, 0x77fc388400000000,
+    0x12f741ed00000000, 0x68c15f2800000000, 0x0dca264100000000,
+    0xa2d7adfa00000000, 0xc7dcd49300000000, 0x17bde0ab00000000,
+    0x72b699c200000000, 0xddab127900000000, 0xb8a06b1000000000,
+    0xc29675d500000000, 0xa79d0cbc00000000, 0x0880870700000000,
+    0x6d8bfe6e00000000, 0xa843ef7700000000, 0xcd48961e00000000,
+    0x62551da500000000, 0x075e64cc00000000, 0x7d687a0900000000,
+    0x1863036000000000, 0xb77e88db00000000, 0xd275f1b200000000,
+    0x0214c58a00000000, 0x671fbce300000000, 0xc802375800000000,
+    0xad094e3100000000, 0xd73f50f400000000, 0xb234299d00000000,
+    0x1d29a22600000000, 0x7822db4f00000000, 0x97b8811400000000,
+    0xf2b3f87d00000000, 0x5dae73c600000000, 0x38a50aaf00000000,
+    0x4293146a00000000, 0x27986d0300000000, 0x8885e6b800000000,
+    0xed8e9fd100000000, 0x3defabe900000000, 0x58e4d28000000000,
+    0xf7f9593b00000000, 0x92f2205200000000, 0xe8c43e9700000000,
+    0x8dcf47fe00000000, 0x22d2cc4500000000, 0x47d9b52c00000000,
+    0x8211a43500000000, 0xe71add5c00000000, 0x480756e700000000,
+    0x2d0c2f8e00000000, 0x573a314b00000000, 0x3231482200000000,
+    0x9d2cc39900000000, 0xf827baf000000000, 0x28468ec800000000,
+    0x4d4df7a100000000, 0xe2507c1a00000000, 0x875b057300000000,
+    0xfd6d1bb600000000, 0x986662df00000000, 0x377be96400000000,
+    0x5270900d00000000},
+   {0x0000000000000000, 0xdcecb13d00000000, 0xb8d9637b00000000,
+    0x6435d24600000000, 0x70b3c7f600000000, 0xac5f76cb00000000,
+    0xc86aa48d00000000, 0x148615b000000000, 0xa160fe3600000000,
+    0x7d8c4f0b00000000, 0x19b99d4d00000000, 0xc5552c7000000000,
+    0xd1d339c000000000, 0x0d3f88fd00000000, 0x690a5abb00000000,
+    0xb5e6eb8600000000, 0x42c1fc6d00000000, 0x9e2d4d5000000000,
+    0xfa189f1600000000, 0x26f42e2b00000000, 0x32723b9b00000000,
+    0xee9e8aa600000000, 0x8aab58e000000000, 0x5647e9dd00000000,
+    0xe3a1025b00000000, 0x3f4db36600000000, 0x5b78612000000000,
+    0x8794d01d00000000, 0x9312c5ad00000000, 0x4ffe749000000000,
+    0x2bcba6d600000000, 0xf72717eb00000000, 0x8482f9db00000000,
+    0x586e48e600000000, 0x3c5b9aa000000000, 0xe0b72b9d00000000,
+    0xf4313e2d00000000, 0x28dd8f1000000000, 0x4ce85d5600000000,
+    0x9004ec6b00000000, 0x25e207ed00000000, 0xf90eb6d000000000,
+    0x9d3b649600000000, 0x41d7d5ab00000000, 0x5551c01b00000000,
+    0x89bd712600000000, 0xed88a36000000000, 0x3164125d00000000,
+    0xc64305b600000000, 0x1aafb48b00000000, 0x7e9a66cd00000000,
+    0xa276d7f000000000, 0xb6f0c24000000000, 0x6a1c737d00000000,
+    0x0e29a13b00000000, 0xd2c5100600000000, 0x6723fb8000000000,
+    0xbbcf4abd00000000, 0xdffa98fb00000000, 0x031629c600000000,
+    0x17903c7600000000, 0xcb7c8d4b00000000, 0xaf495f0d00000000,
+    0x73a5ee3000000000, 0x4903826c00000000, 0x95ef335100000000,
+    0xf1dae11700000000, 0x2d36502a00000000, 0x39b0459a00000000,
+    0xe55cf4a700000000, 0x816926e100000000, 0x5d8597dc00000000,
+    0xe8637c5a00000000, 0x348fcd6700000000, 0x50ba1f2100000000,
+    0x8c56ae1c00000000, 0x98d0bbac00000000, 0x443c0a9100000000,
+    0x2009d8d700000000, 0xfce569ea00000000, 0x0bc27e0100000000,
+    0xd72ecf3c00000000, 0xb31b1d7a00000000, 0x6ff7ac4700000000,
+    0x7b71b9f700000000, 0xa79d08ca00000000, 0xc3a8da8c00000000,
+    0x1f446bb100000000, 0xaaa2803700000000, 0x764e310a00000000,
+    0x127be34c00000000, 0xce97527100000000, 0xda1147c100000000,
+    0x06fdf6fc00000000, 0x62c824ba00000000, 0xbe24958700000000,
+    0xcd817bb700000000, 0x116dca8a00000000, 0x755818cc00000000,
+    0xa9b4a9f100000000, 0xbd32bc4100000000, 0x61de0d7c00000000,
+    0x05ebdf3a00000000, 0xd9076e0700000000, 0x6ce1858100000000,
+    0xb00d34bc00000000, 0xd438e6fa00000000, 0x08d457c700000000,
+    0x1c52427700000000, 0xc0bef34a00000000, 0xa48b210c00000000,
+    0x7867903100000000, 0x8f4087da00000000, 0x53ac36e700000000,
+    0x3799e4a100000000, 0xeb75559c00000000, 0xfff3402c00000000,
+    0x231ff11100000000, 0x472a235700000000, 0x9bc6926a00000000,
+    0x2e2079ec00000000, 0xf2ccc8d100000000, 0x96f91a9700000000,
+    0x4a15abaa00000000, 0x5e93be1a00000000, 0x827f0f2700000000,
+    0xe64add6100000000, 0x3aa66c5c00000000, 0x920604d900000000,
+    0x4eeab5e400000000, 0x2adf67a200000000, 0xf633d69f00000000,
+    0xe2b5c32f00000000, 0x3e59721200000000, 0x5a6ca05400000000,
+    0x8680116900000000, 0x3366faef00000000, 0xef8a4bd200000000,
+    0x8bbf999400000000, 0x575328a900000000, 0x43d53d1900000000,
+    0x9f398c2400000000, 0xfb0c5e6200000000, 0x27e0ef5f00000000,
+    0xd0c7f8b400000000, 0x0c2b498900000000, 0x681e9bcf00000000,
+    0xb4f22af200000000, 0xa0743f4200000000, 0x7c988e7f00000000,
+    0x18ad5c3900000000, 0xc441ed0400000000, 0x71a7068200000000,
+    0xad4bb7bf00000000, 0xc97e65f900000000, 0x1592d4c400000000,
+    0x0114c17400000000, 0xddf8704900000000, 0xb9cda20f00000000,
+    0x6521133200000000, 0x1684fd0200000000, 0xca684c3f00000000,
+    0xae5d9e7900000000, 0x72b12f4400000000, 0x66373af400000000,
+    0xbadb8bc900000000, 0xdeee598f00000000, 0x0202e8b200000000,
+    0xb7e4033400000000, 0x6b08b20900000000, 0x0f3d604f00000000,
+    0xd3d1d17200000000, 0xc757c4c200000000, 0x1bbb75ff00000000,
+    0x7f8ea7b900000000, 0xa362168400000000, 0x5445016f00000000,
+    0x88a9b05200000000, 0xec9c621400000000, 0x3070d32900000000,
+    0x24f6c69900000000, 0xf81a77a400000000, 0x9c2fa5e200000000,
+    0x40c314df00000000, 0xf525ff5900000000, 0x29c94e6400000000,
+    0x4dfc9c2200000000, 0x91102d1f00000000, 0x859638af00000000,
+    0x597a899200000000, 0x3d4f5bd400000000, 0xe1a3eae900000000,
+    0xdb0586b500000000, 0x07e9378800000000, 0x63dce5ce00000000,
+    0xbf3054f300000000, 0xabb6414300000000, 0x775af07e00000000,
+    0x136f223800000000, 0xcf83930500000000, 0x7a65788300000000,
+    0xa689c9be00000000, 0xc2bc1bf800000000, 0x1e50aac500000000,
+    0x0ad6bf7500000000, 0xd63a0e4800000000, 0xb20fdc0e00000000,
+    0x6ee36d3300000000, 0x99c47ad800000000, 0x4528cbe500000000,
+    0x211d19a300000000, 0xfdf1a89e00000000, 0xe977bd2e00000000,
+    0x359b0c1300000000, 0x51aede5500000000, 0x8d426f6800000000,
+    0x38a484ee00000000, 0xe44835d300000000, 0x807de79500000000,
+    0x5c9156a800000000, 0x4817431800000000, 0x94fbf22500000000,
+    0xf0ce206300000000, 0x2c22915e00000000, 0x5f877f6e00000000,
+    0x836bce5300000000, 0xe75e1c1500000000, 0x3bb2ad2800000000,
+    0x2f34b89800000000, 0xf3d809a500000000, 0x97eddbe300000000,
+    0x4b016ade00000000, 0xfee7815800000000, 0x220b306500000000,
+    0x463ee22300000000, 0x9ad2531e00000000, 0x8e5446ae00000000,
+    0x52b8f79300000000, 0x368d25d500000000, 0xea6194e800000000,
+    0x1d46830300000000, 0xc1aa323e00000000, 0xa59fe07800000000,
+    0x7973514500000000, 0x6df544f500000000, 0xb119f5c800000000,
+    0xd52c278e00000000, 0x09c096b300000000, 0xbc267d3500000000,
+    0x60cacc0800000000, 0x04ff1e4e00000000, 0xd813af7300000000,
+    0xcc95bac300000000, 0x10790bfe00000000, 0x744cd9b800000000,
+    0xa8a0688500000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x81256527, 0xd93bcc0f, 0x581ea928, 0x69069e5f,
+    0xe823fb78, 0xb03d5250, 0x31183777, 0xd20d3cbe, 0x53285999,
+    0x0b36f0b1, 0x8a139596, 0xbb0ba2e1, 0x3a2ec7c6, 0x62306eee,
+    0xe3150bc9, 0x7f6b7f3d, 0xfe4e1a1a, 0xa650b332, 0x2775d615,
+    0x166de162, 0x97488445, 0xcf562d6d, 0x4e73484a, 0xad664383,
+    0x2c4326a4, 0x745d8f8c, 0xf578eaab, 0xc460dddc, 0x4545b8fb,
+    0x1d5b11d3, 0x9c7e74f4, 0xfed6fe7a, 0x7ff39b5d, 0x27ed3275,
+    0xa6c85752, 0x97d06025, 0x16f50502, 0x4eebac2a, 0xcfcec90d,
+    0x2cdbc2c4, 0xadfea7e3, 0xf5e00ecb, 0x74c56bec, 0x45dd5c9b,
+    0xc4f839bc, 0x9ce69094, 0x1dc3f5b3, 0x81bd8147, 0x0098e460,
+    0x58864d48, 0xd9a3286f, 0xe8bb1f18, 0x699e7a3f, 0x3180d317,
+    0xb0a5b630, 0x53b0bdf9, 0xd295d8de, 0x8a8b71f6, 0x0bae14d1,
+    0x3ab623a6, 0xbb934681, 0xe38defa9, 0x62a88a8e, 0x26dcfab5,
+    0xa7f99f92, 0xffe736ba, 0x7ec2539d, 0x4fda64ea, 0xceff01cd,
+    0x96e1a8e5, 0x17c4cdc2, 0xf4d1c60b, 0x75f4a32c, 0x2dea0a04,
+    0xaccf6f23, 0x9dd75854, 0x1cf23d73, 0x44ec945b, 0xc5c9f17c,
+    0x59b78588, 0xd892e0af, 0x808c4987, 0x01a92ca0, 0x30b11bd7,
+    0xb1947ef0, 0xe98ad7d8, 0x68afb2ff, 0x8bbab936, 0x0a9fdc11,
+    0x52817539, 0xd3a4101e, 0xe2bc2769, 0x6399424e, 0x3b87eb66,
+    0xbaa28e41, 0xd80a04cf, 0x592f61e8, 0x0131c8c0, 0x8014ade7,
+    0xb10c9a90, 0x3029ffb7, 0x6837569f, 0xe91233b8, 0x0a073871,
+    0x8b225d56, 0xd33cf47e, 0x52199159, 0x6301a62e, 0xe224c309,
+    0xba3a6a21, 0x3b1f0f06, 0xa7617bf2, 0x26441ed5, 0x7e5ab7fd,
+    0xff7fd2da, 0xce67e5ad, 0x4f42808a, 0x175c29a2, 0x96794c85,
+    0x756c474c, 0xf449226b, 0xac578b43, 0x2d72ee64, 0x1c6ad913,
+    0x9d4fbc34, 0xc551151c, 0x4474703b, 0x4db9f56a, 0xcc9c904d,
+    0x94823965, 0x15a75c42, 0x24bf6b35, 0xa59a0e12, 0xfd84a73a,
+    0x7ca1c21d, 0x9fb4c9d4, 0x1e91acf3, 0x468f05db, 0xc7aa60fc,
+    0xf6b2578b, 0x779732ac, 0x2f899b84, 0xaeacfea3, 0x32d28a57,
+    0xb3f7ef70, 0xebe94658, 0x6acc237f, 0x5bd41408, 0xdaf1712f,
+    0x82efd807, 0x03cabd20, 0xe0dfb6e9, 0x61fad3ce, 0x39e47ae6,
+    0xb8c11fc1, 0x89d928b6, 0x08fc4d91, 0x50e2e4b9, 0xd1c7819e,
+    0xb36f0b10, 0x324a6e37, 0x6a54c71f, 0xeb71a238, 0xda69954f,
+    0x5b4cf068, 0x03525940, 0x82773c67, 0x616237ae, 0xe0475289,
+    0xb859fba1, 0x397c9e86, 0x0864a9f1, 0x8941ccd6, 0xd15f65fe,
+    0x507a00d9, 0xcc04742d, 0x4d21110a, 0x153fb822, 0x941add05,
+    0xa502ea72, 0x24278f55, 0x7c39267d, 0xfd1c435a, 0x1e094893,
+    0x9f2c2db4, 0xc732849c, 0x4617e1bb, 0x770fd6cc, 0xf62ab3eb,
+    0xae341ac3, 0x2f117fe4, 0x6b650fdf, 0xea406af8, 0xb25ec3d0,
+    0x337ba6f7, 0x02639180, 0x8346f4a7, 0xdb585d8f, 0x5a7d38a8,
+    0xb9683361, 0x384d5646, 0x6053ff6e, 0xe1769a49, 0xd06ead3e,
+    0x514bc819, 0x09556131, 0x88700416, 0x140e70e2, 0x952b15c5,
+    0xcd35bced, 0x4c10d9ca, 0x7d08eebd, 0xfc2d8b9a, 0xa43322b2,
+    0x25164795, 0xc6034c5c, 0x4726297b, 0x1f388053, 0x9e1de574,
+    0xaf05d203, 0x2e20b724, 0x763e1e0c, 0xf71b7b2b, 0x95b3f1a5,
+    0x14969482, 0x4c883daa, 0xcdad588d, 0xfcb56ffa, 0x7d900add,
+    0x258ea3f5, 0xa4abc6d2, 0x47becd1b, 0xc69ba83c, 0x9e850114,
+    0x1fa06433, 0x2eb85344, 0xaf9d3663, 0xf7839f4b, 0x76a6fa6c,
+    0xead88e98, 0x6bfdebbf, 0x33e34297, 0xb2c627b0, 0x83de10c7,
+    0x02fb75e0, 0x5ae5dcc8, 0xdbc0b9ef, 0x38d5b226, 0xb9f0d701,
+    0xe1ee7e29, 0x60cb1b0e, 0x51d32c79, 0xd0f6495e, 0x88e8e076,
+    0x09cd8551},
+   {0x00000000, 0x9b73ead4, 0xed96d3e9, 0x76e5393d, 0x005ca193,
+    0x9b2f4b47, 0xedca727a, 0x76b998ae, 0x00b94326, 0x9bcaa9f2,
+    0xed2f90cf, 0x765c7a1b, 0x00e5e2b5, 0x9b960861, 0xed73315c,
+    0x7600db88, 0x0172864c, 0x9a016c98, 0xece455a5, 0x7797bf71,
+    0x012e27df, 0x9a5dcd0b, 0xecb8f436, 0x77cb1ee2, 0x01cbc56a,
+    0x9ab82fbe, 0xec5d1683, 0x772efc57, 0x019764f9, 0x9ae48e2d,
+    0xec01b710, 0x77725dc4, 0x02e50c98, 0x9996e64c, 0xef73df71,
+    0x740035a5, 0x02b9ad0b, 0x99ca47df, 0xef2f7ee2, 0x745c9436,
+    0x025c4fbe, 0x992fa56a, 0xefca9c57, 0x74b97683, 0x0200ee2d,
+    0x997304f9, 0xef963dc4, 0x74e5d710, 0x03978ad4, 0x98e46000,
+    0xee01593d, 0x7572b3e9, 0x03cb2b47, 0x98b8c193, 0xee5df8ae,
+    0x752e127a, 0x032ec9f2, 0x985d2326, 0xeeb81a1b, 0x75cbf0cf,
+    0x03726861, 0x980182b5, 0xeee4bb88, 0x7597515c, 0x05ca1930,
+    0x9eb9f3e4, 0xe85ccad9, 0x732f200d, 0x0596b8a3, 0x9ee55277,
+    0xe8006b4a, 0x7373819e, 0x05735a16, 0x9e00b0c2, 0xe8e589ff,
+    0x7396632b, 0x052ffb85, 0x9e5c1151, 0xe8b9286c, 0x73cac2b8,
+    0x04b89f7c, 0x9fcb75a8, 0xe92e4c95, 0x725da641, 0x04e43eef,
+    0x9f97d43b, 0xe972ed06, 0x720107d2, 0x0401dc5a, 0x9f72368e,
+    0xe9970fb3, 0x72e4e567, 0x045d7dc9, 0x9f2e971d, 0xe9cbae20,
+    0x72b844f4, 0x072f15a8, 0x9c5cff7c, 0xeab9c641, 0x71ca2c95,
+    0x0773b43b, 0x9c005eef, 0xeae567d2, 0x71968d06, 0x0796568e,
+    0x9ce5bc5a, 0xea008567, 0x71736fb3, 0x07caf71d, 0x9cb91dc9,
+    0xea5c24f4, 0x712fce20, 0x065d93e4, 0x9d2e7930, 0xebcb400d,
+    0x70b8aad9, 0x06013277, 0x9d72d8a3, 0xeb97e19e, 0x70e40b4a,
+    0x06e4d0c2, 0x9d973a16, 0xeb72032b, 0x7001e9ff, 0x06b87151,
+    0x9dcb9b85, 0xeb2ea2b8, 0x705d486c, 0x0b943260, 0x90e7d8b4,
+    0xe602e189, 0x7d710b5d, 0x0bc893f3, 0x90bb7927, 0xe65e401a,
+    0x7d2daace, 0x0b2d7146, 0x905e9b92, 0xe6bba2af, 0x7dc8487b,
+    0x0b71d0d5, 0x90023a01, 0xe6e7033c, 0x7d94e9e8, 0x0ae6b42c,
+    0x91955ef8, 0xe77067c5, 0x7c038d11, 0x0aba15bf, 0x91c9ff6b,
+    0xe72cc656, 0x7c5f2c82, 0x0a5ff70a, 0x912c1dde, 0xe7c924e3,
+    0x7cbace37, 0x0a035699, 0x9170bc4d, 0xe7958570, 0x7ce66fa4,
+    0x09713ef8, 0x9202d42c, 0xe4e7ed11, 0x7f9407c5, 0x092d9f6b,
+    0x925e75bf, 0xe4bb4c82, 0x7fc8a656, 0x09c87dde, 0x92bb970a,
+    0xe45eae37, 0x7f2d44e3, 0x0994dc4d, 0x92e73699, 0xe4020fa4,
+    0x7f71e570, 0x0803b8b4, 0x93705260, 0xe5956b5d, 0x7ee68189,
+    0x085f1927, 0x932cf3f3, 0xe5c9cace, 0x7eba201a, 0x08bafb92,
+    0x93c91146, 0xe52c287b, 0x7e5fc2af, 0x08e65a01, 0x9395b0d5,
+    0xe57089e8, 0x7e03633c, 0x0e5e2b50, 0x952dc184, 0xe3c8f8b9,
+    0x78bb126d, 0x0e028ac3, 0x95716017, 0xe394592a, 0x78e7b3fe,
+    0x0ee76876, 0x959482a2, 0xe371bb9f, 0x7802514b, 0x0ebbc9e5,
+    0x95c82331, 0xe32d1a0c, 0x785ef0d8, 0x0f2cad1c, 0x945f47c8,
+    0xe2ba7ef5, 0x79c99421, 0x0f700c8f, 0x9403e65b, 0xe2e6df66,
+    0x799535b2, 0x0f95ee3a, 0x94e604ee, 0xe2033dd3, 0x7970d707,
+    0x0fc94fa9, 0x94baa57d, 0xe25f9c40, 0x792c7694, 0x0cbb27c8,
+    0x97c8cd1c, 0xe12df421, 0x7a5e1ef5, 0x0ce7865b, 0x97946c8f,
+    0xe17155b2, 0x7a02bf66, 0x0c0264ee, 0x97718e3a, 0xe194b707,
+    0x7ae75dd3, 0x0c5ec57d, 0x972d2fa9, 0xe1c81694, 0x7abbfc40,
+    0x0dc9a184, 0x96ba4b50, 0xe05f726d, 0x7b2c98b9, 0x0d950017,
+    0x96e6eac3, 0xe003d3fe, 0x7b70392a, 0x0d70e2a2, 0x96030876,
+    0xe0e6314b, 0x7b95db9f, 0x0d2c4331, 0x965fa9e5, 0xe0ba90d8,
+    0x7bc97a0c},
+   {0x00000000, 0x172864c0, 0x2e50c980, 0x3978ad40, 0x5ca19300,
+    0x4b89f7c0, 0x72f15a80, 0x65d93e40, 0xb9432600, 0xae6b42c0,
+    0x9713ef80, 0x803b8b40, 0xe5e2b500, 0xf2cad1c0, 0xcbb27c80,
+    0xdc9a1840, 0xa9f74a41, 0xbedf2e81, 0x87a783c1, 0x908fe701,
+    0xf556d941, 0xe27ebd81, 0xdb0610c1, 0xcc2e7401, 0x10b46c41,
+    0x079c0881, 0x3ee4a5c1, 0x29ccc101, 0x4c15ff41, 0x5b3d9b81,
+    0x624536c1, 0x756d5201, 0x889f92c3, 0x9fb7f603, 0xa6cf5b43,
+    0xb1e73f83, 0xd43e01c3, 0xc3166503, 0xfa6ec843, 0xed46ac83,
+    0x31dcb4c3, 0x26f4d003, 0x1f8c7d43, 0x08a41983, 0x6d7d27c3,
+    0x7a554303, 0x432dee43, 0x54058a83, 0x2168d882, 0x3640bc42,
+    0x0f381102, 0x181075c2, 0x7dc94b82, 0x6ae12f42, 0x53998202,
+    0x44b1e6c2, 0x982bfe82, 0x8f039a42, 0xb67b3702, 0xa15353c2,
+    0xc48a6d82, 0xd3a20942, 0xeadaa402, 0xfdf2c0c2, 0xca4e23c7,
+    0xdd664707, 0xe41eea47, 0xf3368e87, 0x96efb0c7, 0x81c7d407,
+    0xb8bf7947, 0xaf971d87, 0x730d05c7, 0x64256107, 0x5d5dcc47,
+    0x4a75a887, 0x2fac96c7, 0x3884f207, 0x01fc5f47, 0x16d43b87,
+    0x63b96986, 0x74910d46, 0x4de9a006, 0x5ac1c4c6, 0x3f18fa86,
+    0x28309e46, 0x11483306, 0x066057c6, 0xdafa4f86, 0xcdd22b46,
+    0xf4aa8606, 0xe382e2c6, 0x865bdc86, 0x9173b846, 0xa80b1506,
+    0xbf2371c6, 0x42d1b104, 0x55f9d5c4, 0x6c817884, 0x7ba91c44,
+    0x1e702204, 0x095846c4, 0x3020eb84, 0x27088f44, 0xfb929704,
+    0xecbaf3c4, 0xd5c25e84, 0xc2ea3a44, 0xa7330404, 0xb01b60c4,
+    0x8963cd84, 0x9e4ba944, 0xeb26fb45, 0xfc0e9f85, 0xc57632c5,
+    0xd25e5605, 0xb7876845, 0xa0af0c85, 0x99d7a1c5, 0x8effc505,
+    0x5265dd45, 0x454db985, 0x7c3514c5, 0x6b1d7005, 0x0ec44e45,
+    0x19ec2a85, 0x209487c5, 0x37bce305, 0x4fed41cf, 0x58c5250f,
+    0x61bd884f, 0x7695ec8f, 0x134cd2cf, 0x0464b60f, 0x3d1c1b4f,
+    0x2a347f8f, 0xf6ae67cf, 0xe186030f, 0xd8feae4f, 0xcfd6ca8f,
+    0xaa0ff4cf, 0xbd27900f, 0x845f3d4f, 0x9377598f, 0xe61a0b8e,
+    0xf1326f4e, 0xc84ac20e, 0xdf62a6ce, 0xbabb988e, 0xad93fc4e,
+    0x94eb510e, 0x83c335ce, 0x5f592d8e, 0x4871494e, 0x7109e40e,
+    0x662180ce, 0x03f8be8e, 0x14d0da4e, 0x2da8770e, 0x3a8013ce,
+    0xc772d30c, 0xd05ab7cc, 0xe9221a8c, 0xfe0a7e4c, 0x9bd3400c,
+    0x8cfb24cc, 0xb583898c, 0xa2abed4c, 0x7e31f50c, 0x691991cc,
+    0x50613c8c, 0x4749584c, 0x2290660c, 0x35b802cc, 0x0cc0af8c,
+    0x1be8cb4c, 0x6e85994d, 0x79adfd8d, 0x40d550cd, 0x57fd340d,
+    0x32240a4d, 0x250c6e8d, 0x1c74c3cd, 0x0b5ca70d, 0xd7c6bf4d,
+    0xc0eedb8d, 0xf99676cd, 0xeebe120d, 0x8b672c4d, 0x9c4f488d,
+    0xa537e5cd, 0xb21f810d, 0x85a36208, 0x928b06c8, 0xabf3ab88,
+    0xbcdbcf48, 0xd902f108, 0xce2a95c8, 0xf7523888, 0xe07a5c48,
+    0x3ce04408, 0x2bc820c8, 0x12b08d88, 0x0598e948, 0x6041d708,
+    0x7769b3c8, 0x4e111e88, 0x59397a48, 0x2c542849, 0x3b7c4c89,
+    0x0204e1c9, 0x152c8509, 0x70f5bb49, 0x67dddf89, 0x5ea572c9,
+    0x498d1609, 0x95170e49, 0x823f6a89, 0xbb47c7c9, 0xac6fa309,
+    0xc9b69d49, 0xde9ef989, 0xe7e654c9, 0xf0ce3009, 0x0d3cf0cb,
+    0x1a14940b, 0x236c394b, 0x34445d8b, 0x519d63cb, 0x46b5070b,
+    0x7fcdaa4b, 0x68e5ce8b, 0xb47fd6cb, 0xa357b20b, 0x9a2f1f4b,
+    0x8d077b8b, 0xe8de45cb, 0xfff6210b, 0xc68e8c4b, 0xd1a6e88b,
+    0xa4cbba8a, 0xb3e3de4a, 0x8a9b730a, 0x9db317ca, 0xf86a298a,
+    0xef424d4a, 0xd63ae00a, 0xc11284ca, 0x1d889c8a, 0x0aa0f84a,
+    0x33d8550a, 0x24f031ca, 0x41290f8a, 0x56016b4a, 0x6f79c60a,
+    0x7851a2ca},
+   {0x00000000, 0x9fda839e, 0xe4c4017d, 0x7b1e82e3, 0x12f904bb,
+    0x8d238725, 0xf63d05c6, 0x69e78658, 0x25f20976, 0xba288ae8,
+    0xc136080b, 0x5eec8b95, 0x370b0dcd, 0xa8d18e53, 0xd3cf0cb0,
+    0x4c158f2e, 0x4be412ec, 0xd43e9172, 0xaf201391, 0x30fa900f,
+    0x591d1657, 0xc6c795c9, 0xbdd9172a, 0x220394b4, 0x6e161b9a,
+    0xf1cc9804, 0x8ad21ae7, 0x15089979, 0x7cef1f21, 0xe3359cbf,
+    0x982b1e5c, 0x07f19dc2, 0x97c825d8, 0x0812a646, 0x730c24a5,
+    0xecd6a73b, 0x85312163, 0x1aeba2fd, 0x61f5201e, 0xfe2fa380,
+    0xb23a2cae, 0x2de0af30, 0x56fe2dd3, 0xc924ae4d, 0xa0c32815,
+    0x3f19ab8b, 0x44072968, 0xdbddaaf6, 0xdc2c3734, 0x43f6b4aa,
+    0x38e83649, 0xa732b5d7, 0xced5338f, 0x510fb011, 0x2a1132f2,
+    0xb5cbb16c, 0xf9de3e42, 0x6604bddc, 0x1d1a3f3f, 0x82c0bca1,
+    0xeb273af9, 0x74fdb967, 0x0fe33b84, 0x9039b81a, 0xf4e14df1,
+    0x6b3bce6f, 0x10254c8c, 0x8fffcf12, 0xe618494a, 0x79c2cad4,
+    0x02dc4837, 0x9d06cba9, 0xd1134487, 0x4ec9c719, 0x35d745fa,
+    0xaa0dc664, 0xc3ea403c, 0x5c30c3a2, 0x272e4141, 0xb8f4c2df,
+    0xbf055f1d, 0x20dfdc83, 0x5bc15e60, 0xc41bddfe, 0xadfc5ba6,
+    0x3226d838, 0x49385adb, 0xd6e2d945, 0x9af7566b, 0x052dd5f5,
+    0x7e335716, 0xe1e9d488, 0x880e52d0, 0x17d4d14e, 0x6cca53ad,
+    0xf310d033, 0x63296829, 0xfcf3ebb7, 0x87ed6954, 0x1837eaca,
+    0x71d06c92, 0xee0aef0c, 0x95146def, 0x0aceee71, 0x46db615f,
+    0xd901e2c1, 0xa21f6022, 0x3dc5e3bc, 0x542265e4, 0xcbf8e67a,
+    0xb0e66499, 0x2f3ce707, 0x28cd7ac5, 0xb717f95b, 0xcc097bb8,
+    0x53d3f826, 0x3a347e7e, 0xa5eefde0, 0xdef07f03, 0x412afc9d,
+    0x0d3f73b3, 0x92e5f02d, 0xe9fb72ce, 0x7621f150, 0x1fc67708,
+    0x801cf496, 0xfb027675, 0x64d8f5eb, 0x32b39da3, 0xad691e3d,
+    0xd6779cde, 0x49ad1f40, 0x204a9918, 0xbf901a86, 0xc48e9865,
+    0x5b541bfb, 0x174194d5, 0x889b174b, 0xf38595a8, 0x6c5f1636,
+    0x05b8906e, 0x9a6213f0, 0xe17c9113, 0x7ea6128d, 0x79578f4f,
+    0xe68d0cd1, 0x9d938e32, 0x02490dac, 0x6bae8bf4, 0xf474086a,
+    0x8f6a8a89, 0x10b00917, 0x5ca58639, 0xc37f05a7, 0xb8618744,
+    0x27bb04da, 0x4e5c8282, 0xd186011c, 0xaa9883ff, 0x35420061,
+    0xa57bb87b, 0x3aa13be5, 0x41bfb906, 0xde653a98, 0xb782bcc0,
+    0x28583f5e, 0x5346bdbd, 0xcc9c3e23, 0x8089b10d, 0x1f533293,
+    0x644db070, 0xfb9733ee, 0x9270b5b6, 0x0daa3628, 0x76b4b4cb,
+    0xe96e3755, 0xee9faa97, 0x71452909, 0x0a5babea, 0x95812874,
+    0xfc66ae2c, 0x63bc2db2, 0x18a2af51, 0x87782ccf, 0xcb6da3e1,
+    0x54b7207f, 0x2fa9a29c, 0xb0732102, 0xd994a75a, 0x464e24c4,
+    0x3d50a627, 0xa28a25b9, 0xc652d052, 0x598853cc, 0x2296d12f,
+    0xbd4c52b1, 0xd4abd4e9, 0x4b715777, 0x306fd594, 0xafb5560a,
+    0xe3a0d924, 0x7c7a5aba, 0x0764d859, 0x98be5bc7, 0xf159dd9f,
+    0x6e835e01, 0x159ddce2, 0x8a475f7c, 0x8db6c2be, 0x126c4120,
+    0x6972c3c3, 0xf6a8405d, 0x9f4fc605, 0x0095459b, 0x7b8bc778,
+    0xe45144e6, 0xa844cbc8, 0x379e4856, 0x4c80cab5, 0xd35a492b,
+    0xbabdcf73, 0x25674ced, 0x5e79ce0e, 0xc1a34d90, 0x519af58a,
+    0xce407614, 0xb55ef4f7, 0x2a847769, 0x4363f131, 0xdcb972af,
+    0xa7a7f04c, 0x387d73d2, 0x7468fcfc, 0xebb27f62, 0x90acfd81,
+    0x0f767e1f, 0x6691f847, 0xf94b7bd9, 0x8255f93a, 0x1d8f7aa4,
+    0x1a7ee766, 0x85a464f8, 0xfebae61b, 0x61606585, 0x0887e3dd,
+    0x975d6043, 0xec43e2a0, 0x7399613e, 0x3f8cee10, 0xa0566d8e,
+    0xdb48ef6d, 0x44926cf3, 0x2d75eaab, 0xb2af6935, 0xc9b1ebd6,
+    0x566b6848}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x9e83da9f, 0x7d01c4e4, 0xe3821e7b, 0xbb04f912,
+    0x2587238d, 0xc6053df6, 0x5886e769, 0x7609f225, 0xe88a28ba,
+    0x0b0836c1, 0x958bec5e, 0xcd0d0b37, 0x538ed1a8, 0xb00ccfd3,
+    0x2e8f154c, 0xec12e44b, 0x72913ed4, 0x911320af, 0x0f90fa30,
+    0x57161d59, 0xc995c7c6, 0x2a17d9bd, 0xb4940322, 0x9a1b166e,
+    0x0498ccf1, 0xe71ad28a, 0x79990815, 0x211fef7c, 0xbf9c35e3,
+    0x5c1e2b98, 0xc29df107, 0xd825c897, 0x46a61208, 0xa5240c73,
+    0x3ba7d6ec, 0x63213185, 0xfda2eb1a, 0x1e20f561, 0x80a32ffe,
+    0xae2c3ab2, 0x30afe02d, 0xd32dfe56, 0x4dae24c9, 0x1528c3a0,
+    0x8bab193f, 0x68290744, 0xf6aadddb, 0x34372cdc, 0xaab4f643,
+    0x4936e838, 0xd7b532a7, 0x8f33d5ce, 0x11b00f51, 0xf232112a,
+    0x6cb1cbb5, 0x423edef9, 0xdcbd0466, 0x3f3f1a1d, 0xa1bcc082,
+    0xf93a27eb, 0x67b9fd74, 0x843be30f, 0x1ab83990, 0xf14de1f4,
+    0x6fce3b6b, 0x8c4c2510, 0x12cfff8f, 0x4a4918e6, 0xd4cac279,
+    0x3748dc02, 0xa9cb069d, 0x874413d1, 0x19c7c94e, 0xfa45d735,
+    0x64c60daa, 0x3c40eac3, 0xa2c3305c, 0x41412e27, 0xdfc2f4b8,
+    0x1d5f05bf, 0x83dcdf20, 0x605ec15b, 0xfedd1bc4, 0xa65bfcad,
+    0x38d82632, 0xdb5a3849, 0x45d9e2d6, 0x6b56f79a, 0xf5d52d05,
+    0x1657337e, 0x88d4e9e1, 0xd0520e88, 0x4ed1d417, 0xad53ca6c,
+    0x33d010f3, 0x29682963, 0xb7ebf3fc, 0x5469ed87, 0xcaea3718,
+    0x926cd071, 0x0cef0aee, 0xef6d1495, 0x71eece0a, 0x5f61db46,
+    0xc1e201d9, 0x22601fa2, 0xbce3c53d, 0xe4652254, 0x7ae6f8cb,
+    0x9964e6b0, 0x07e73c2f, 0xc57acd28, 0x5bf917b7, 0xb87b09cc,
+    0x26f8d353, 0x7e7e343a, 0xe0fdeea5, 0x037ff0de, 0x9dfc2a41,
+    0xb3733f0d, 0x2df0e592, 0xce72fbe9, 0x50f12176, 0x0877c61f,
+    0x96f41c80, 0x757602fb, 0xebf5d864, 0xa39db332, 0x3d1e69ad,
+    0xde9c77d6, 0x401fad49, 0x18994a20, 0x861a90bf, 0x65988ec4,
+    0xfb1b545b, 0xd5944117, 0x4b179b88, 0xa89585f3, 0x36165f6c,
+    0x6e90b805, 0xf013629a, 0x13917ce1, 0x8d12a67e, 0x4f8f5779,
+    0xd10c8de6, 0x328e939d, 0xac0d4902, 0xf48bae6b, 0x6a0874f4,
+    0x898a6a8f, 0x1709b010, 0x3986a55c, 0xa7057fc3, 0x448761b8,
+    0xda04bb27, 0x82825c4e, 0x1c0186d1, 0xff8398aa, 0x61004235,
+    0x7bb87ba5, 0xe53ba13a, 0x06b9bf41, 0x983a65de, 0xc0bc82b7,
+    0x5e3f5828, 0xbdbd4653, 0x233e9ccc, 0x0db18980, 0x9332531f,
+    0x70b04d64, 0xee3397fb, 0xb6b57092, 0x2836aa0d, 0xcbb4b476,
+    0x55376ee9, 0x97aa9fee, 0x09294571, 0xeaab5b0a, 0x74288195,
+    0x2cae66fc, 0xb22dbc63, 0x51afa218, 0xcf2c7887, 0xe1a36dcb,
+    0x7f20b754, 0x9ca2a92f, 0x022173b0, 0x5aa794d9, 0xc4244e46,
+    0x27a6503d, 0xb9258aa2, 0x52d052c6, 0xcc538859, 0x2fd19622,
+    0xb1524cbd, 0xe9d4abd4, 0x7757714b, 0x94d56f30, 0x0a56b5af,
+    0x24d9a0e3, 0xba5a7a7c, 0x59d86407, 0xc75bbe98, 0x9fdd59f1,
+    0x015e836e, 0xe2dc9d15, 0x7c5f478a, 0xbec2b68d, 0x20416c12,
+    0xc3c37269, 0x5d40a8f6, 0x05c64f9f, 0x9b459500, 0x78c78b7b,
+    0xe64451e4, 0xc8cb44a8, 0x56489e37, 0xb5ca804c, 0x2b495ad3,
+    0x73cfbdba, 0xed4c6725, 0x0ece795e, 0x904da3c1, 0x8af59a51,
+    0x147640ce, 0xf7f45eb5, 0x6977842a, 0x31f16343, 0xaf72b9dc,
+    0x4cf0a7a7, 0xd2737d38, 0xfcfc6874, 0x627fb2eb, 0x81fdac90,
+    0x1f7e760f, 0x47f89166, 0xd97b4bf9, 0x3af95582, 0xa47a8f1d,
+    0x66e77e1a, 0xf864a485, 0x1be6bafe, 0x85656061, 0xdde38708,
+    0x43605d97, 0xa0e243ec, 0x3e619973, 0x10ee8c3f, 0x8e6d56a0,
+    0x6def48db, 0xf36c9244, 0xabea752d, 0x3569afb2, 0xd6ebb1c9,
+    0x48686b56},
+   {0x00000000, 0xc0642817, 0x80c9502e, 0x40ad7839, 0x0093a15c,
+    0xc0f7894b, 0x805af172, 0x403ed965, 0x002643b9, 0xc0426bae,
+    0x80ef1397, 0x408b3b80, 0x00b5e2e5, 0xc0d1caf2, 0x807cb2cb,
+    0x40189adc, 0x414af7a9, 0x812edfbe, 0xc183a787, 0x01e78f90,
+    0x41d956f5, 0x81bd7ee2, 0xc11006db, 0x01742ecc, 0x416cb410,
+    0x81089c07, 0xc1a5e43e, 0x01c1cc29, 0x41ff154c, 0x819b3d5b,
+    0xc1364562, 0x01526d75, 0xc3929f88, 0x03f6b79f, 0x435bcfa6,
+    0x833fe7b1, 0xc3013ed4, 0x036516c3, 0x43c86efa, 0x83ac46ed,
+    0xc3b4dc31, 0x03d0f426, 0x437d8c1f, 0x8319a408, 0xc3277d6d,
+    0x0343557a, 0x43ee2d43, 0x838a0554, 0x82d86821, 0x42bc4036,
+    0x0211380f, 0xc2751018, 0x824bc97d, 0x422fe16a, 0x02829953,
+    0xc2e6b144, 0x82fe2b98, 0x429a038f, 0x02377bb6, 0xc25353a1,
+    0x826d8ac4, 0x4209a2d3, 0x02a4daea, 0xc2c0f2fd, 0xc7234eca,
+    0x074766dd, 0x47ea1ee4, 0x878e36f3, 0xc7b0ef96, 0x07d4c781,
+    0x4779bfb8, 0x871d97af, 0xc7050d73, 0x07612564, 0x47cc5d5d,
+    0x87a8754a, 0xc796ac2f, 0x07f28438, 0x475ffc01, 0x873bd416,
+    0x8669b963, 0x460d9174, 0x06a0e94d, 0xc6c4c15a, 0x86fa183f,
+    0x469e3028, 0x06334811, 0xc6576006, 0x864ffada, 0x462bd2cd,
+    0x0686aaf4, 0xc6e282e3, 0x86dc5b86, 0x46b87391, 0x06150ba8,
+    0xc67123bf, 0x04b1d142, 0xc4d5f955, 0x8478816c, 0x441ca97b,
+    0x0422701e, 0xc4465809, 0x84eb2030, 0x448f0827, 0x049792fb,
+    0xc4f3baec, 0x845ec2d5, 0x443aeac2, 0x040433a7, 0xc4601bb0,
+    0x84cd6389, 0x44a94b9e, 0x45fb26eb, 0x859f0efc, 0xc53276c5,
+    0x05565ed2, 0x456887b7, 0x850cafa0, 0xc5a1d799, 0x05c5ff8e,
+    0x45dd6552, 0x85b94d45, 0xc514357c, 0x05701d6b, 0x454ec40e,
+    0x852aec19, 0xc5879420, 0x05e3bc37, 0xcf41ed4f, 0x0f25c558,
+    0x4f88bd61, 0x8fec9576, 0xcfd24c13, 0x0fb66404, 0x4f1b1c3d,
+    0x8f7f342a, 0xcf67aef6, 0x0f0386e1, 0x4faefed8, 0x8fcad6cf,
+    0xcff40faa, 0x0f9027bd, 0x4f3d5f84, 0x8f597793, 0x8e0b1ae6,
+    0x4e6f32f1, 0x0ec24ac8, 0xcea662df, 0x8e98bbba, 0x4efc93ad,
+    0x0e51eb94, 0xce35c383, 0x8e2d595f, 0x4e497148, 0x0ee40971,
+    0xce802166, 0x8ebef803, 0x4edad014, 0x0e77a82d, 0xce13803a,
+    0x0cd372c7, 0xccb75ad0, 0x8c1a22e9, 0x4c7e0afe, 0x0c40d39b,
+    0xcc24fb8c, 0x8c8983b5, 0x4cedaba2, 0x0cf5317e, 0xcc911969,
+    0x8c3c6150, 0x4c584947, 0x0c669022, 0xcc02b835, 0x8cafc00c,
+    0x4ccbe81b, 0x4d99856e, 0x8dfdad79, 0xcd50d540, 0x0d34fd57,
+    0x4d0a2432, 0x8d6e0c25, 0xcdc3741c, 0x0da75c0b, 0x4dbfc6d7,
+    0x8ddbeec0, 0xcd7696f9, 0x0d12beee, 0x4d2c678b, 0x8d484f9c,
+    0xcde537a5, 0x0d811fb2, 0x0862a385, 0xc8068b92, 0x88abf3ab,
+    0x48cfdbbc, 0x08f102d9, 0xc8952ace, 0x883852f7, 0x485c7ae0,
+    0x0844e03c, 0xc820c82b, 0x888db012, 0x48e99805, 0x08d74160,
+    0xc8b36977, 0x881e114e, 0x487a3959, 0x4928542c, 0x894c7c3b,
+    0xc9e10402, 0x09852c15, 0x49bbf570, 0x89dfdd67, 0xc972a55e,
+    0x09168d49, 0x490e1795, 0x896a3f82, 0xc9c747bb, 0x09a36fac,
+    0x499db6c9, 0x89f99ede, 0xc954e6e7, 0x0930cef0, 0xcbf03c0d,
+    0x0b94141a, 0x4b396c23, 0x8b5d4434, 0xcb639d51, 0x0b07b546,
+    0x4baacd7f, 0x8bcee568, 0xcbd67fb4, 0x0bb257a3, 0x4b1f2f9a,
+    0x8b7b078d, 0xcb45dee8, 0x0b21f6ff, 0x4b8c8ec6, 0x8be8a6d1,
+    0x8abacba4, 0x4adee3b3, 0x0a739b8a, 0xca17b39d, 0x8a296af8,
+    0x4a4d42ef, 0x0ae03ad6, 0xca8412c1, 0x8a9c881d, 0x4af8a00a,
+    0x0a55d833, 0xca31f024, 0x8a0f2941, 0x4a6b0156, 0x0ac6796f,
+    0xcaa25178},
+   {0x00000000, 0xd4ea739b, 0xe9d396ed, 0x3d39e576, 0x93a15c00,
+    0x474b2f9b, 0x7a72caed, 0xae98b976, 0x2643b900, 0xf2a9ca9b,
+    0xcf902fed, 0x1b7a5c76, 0xb5e2e500, 0x6108969b, 0x5c3173ed,
+    0x88db0076, 0x4c867201, 0x986c019a, 0xa555e4ec, 0x71bf9777,
+    0xdf272e01, 0x0bcd5d9a, 0x36f4b8ec, 0xe21ecb77, 0x6ac5cb01,
+    0xbe2fb89a, 0x83165dec, 0x57fc2e77, 0xf9649701, 0x2d8ee49a,
+    0x10b701ec, 0xc45d7277, 0x980ce502, 0x4ce69699, 0x71df73ef,
+    0xa5350074, 0x0badb902, 0xdf47ca99, 0xe27e2fef, 0x36945c74,
+    0xbe4f5c02, 0x6aa52f99, 0x579ccaef, 0x8376b974, 0x2dee0002,
+    0xf9047399, 0xc43d96ef, 0x10d7e574, 0xd48a9703, 0x0060e498,
+    0x3d5901ee, 0xe9b37275, 0x472bcb03, 0x93c1b898, 0xaef85dee,
+    0x7a122e75, 0xf2c92e03, 0x26235d98, 0x1b1ab8ee, 0xcff0cb75,
+    0x61687203, 0xb5820198, 0x88bbe4ee, 0x5c519775, 0x3019ca05,
+    0xe4f3b99e, 0xd9ca5ce8, 0x0d202f73, 0xa3b89605, 0x7752e59e,
+    0x4a6b00e8, 0x9e817373, 0x165a7305, 0xc2b0009e, 0xff89e5e8,
+    0x2b639673, 0x85fb2f05, 0x51115c9e, 0x6c28b9e8, 0xb8c2ca73,
+    0x7c9fb804, 0xa875cb9f, 0x954c2ee9, 0x41a65d72, 0xef3ee404,
+    0x3bd4979f, 0x06ed72e9, 0xd2070172, 0x5adc0104, 0x8e36729f,
+    0xb30f97e9, 0x67e5e472, 0xc97d5d04, 0x1d972e9f, 0x20aecbe9,
+    0xf444b872, 0xa8152f07, 0x7cff5c9c, 0x41c6b9ea, 0x952cca71,
+    0x3bb47307, 0xef5e009c, 0xd267e5ea, 0x068d9671, 0x8e569607,
+    0x5abce59c, 0x678500ea, 0xb36f7371, 0x1df7ca07, 0xc91db99c,
+    0xf4245cea, 0x20ce2f71, 0xe4935d06, 0x30792e9d, 0x0d40cbeb,
+    0xd9aab870, 0x77320106, 0xa3d8729d, 0x9ee197eb, 0x4a0be470,
+    0xc2d0e406, 0x163a979d, 0x2b0372eb, 0xffe90170, 0x5171b806,
+    0x859bcb9d, 0xb8a22eeb, 0x6c485d70, 0x6032940b, 0xb4d8e790,
+    0x89e102e6, 0x5d0b717d, 0xf393c80b, 0x2779bb90, 0x1a405ee6,
+    0xceaa2d7d, 0x46712d0b, 0x929b5e90, 0xafa2bbe6, 0x7b48c87d,
+    0xd5d0710b, 0x013a0290, 0x3c03e7e6, 0xe8e9947d, 0x2cb4e60a,
+    0xf85e9591, 0xc56770e7, 0x118d037c, 0xbf15ba0a, 0x6bffc991,
+    0x56c62ce7, 0x822c5f7c, 0x0af75f0a, 0xde1d2c91, 0xe324c9e7,
+    0x37ceba7c, 0x9956030a, 0x4dbc7091, 0x708595e7, 0xa46fe67c,
+    0xf83e7109, 0x2cd40292, 0x11ede7e4, 0xc507947f, 0x6b9f2d09,
+    0xbf755e92, 0x824cbbe4, 0x56a6c87f, 0xde7dc809, 0x0a97bb92,
+    0x37ae5ee4, 0xe3442d7f, 0x4ddc9409, 0x9936e792, 0xa40f02e4,
+    0x70e5717f, 0xb4b80308, 0x60527093, 0x5d6b95e5, 0x8981e67e,
+    0x27195f08, 0xf3f32c93, 0xcecac9e5, 0x1a20ba7e, 0x92fbba08,
+    0x4611c993, 0x7b282ce5, 0xafc25f7e, 0x015ae608, 0xd5b09593,
+    0xe88970e5, 0x3c63037e, 0x502b5e0e, 0x84c12d95, 0xb9f8c8e3,
+    0x6d12bb78, 0xc38a020e, 0x17607195, 0x2a5994e3, 0xfeb3e778,
+    0x7668e70e, 0xa2829495, 0x9fbb71e3, 0x4b510278, 0xe5c9bb0e,
+    0x3123c895, 0x0c1a2de3, 0xd8f05e78, 0x1cad2c0f, 0xc8475f94,
+    0xf57ebae2, 0x2194c979, 0x8f0c700f, 0x5be60394, 0x66dfe6e2,
+    0xb2359579, 0x3aee950f, 0xee04e694, 0xd33d03e2, 0x07d77079,
+    0xa94fc90f, 0x7da5ba94, 0x409c5fe2, 0x94762c79, 0xc827bb0c,
+    0x1ccdc897, 0x21f42de1, 0xf51e5e7a, 0x5b86e70c, 0x8f6c9497,
+    0xb25571e1, 0x66bf027a, 0xee64020c, 0x3a8e7197, 0x07b794e1,
+    0xd35de77a, 0x7dc55e0c, 0xa92f2d97, 0x9416c8e1, 0x40fcbb7a,
+    0x84a1c90d, 0x504bba96, 0x6d725fe0, 0xb9982c7b, 0x1700950d,
+    0xc3eae696, 0xfed303e0, 0x2a39707b, 0xa2e2700d, 0x76080396,
+    0x4b31e6e0, 0x9fdb957b, 0x31432c0d, 0xe5a95f96, 0xd890bae0,
+    0x0c7ac97b},
+   {0x00000000, 0x27652581, 0x0fcc3bd9, 0x28a91e58, 0x5f9e0669,
+    0x78fb23e8, 0x50523db0, 0x77371831, 0xbe3c0dd2, 0x99592853,
+    0xb1f0360b, 0x9695138a, 0xe1a20bbb, 0xc6c72e3a, 0xee6e3062,
+    0xc90b15e3, 0x3d7f6b7f, 0x1a1a4efe, 0x32b350a6, 0x15d67527,
+    0x62e16d16, 0x45844897, 0x6d2d56cf, 0x4a48734e, 0x834366ad,
+    0xa426432c, 0x8c8f5d74, 0xabea78f5, 0xdcdd60c4, 0xfbb84545,
+    0xd3115b1d, 0xf4747e9c, 0x7afed6fe, 0x5d9bf37f, 0x7532ed27,
+    0x5257c8a6, 0x2560d097, 0x0205f516, 0x2aaceb4e, 0x0dc9cecf,
+    0xc4c2db2c, 0xe3a7fead, 0xcb0ee0f5, 0xec6bc574, 0x9b5cdd45,
+    0xbc39f8c4, 0x9490e69c, 0xb3f5c31d, 0x4781bd81, 0x60e49800,
+    0x484d8658, 0x6f28a3d9, 0x181fbbe8, 0x3f7a9e69, 0x17d38031,
+    0x30b6a5b0, 0xf9bdb053, 0xded895d2, 0xf6718b8a, 0xd114ae0b,
+    0xa623b63a, 0x814693bb, 0xa9ef8de3, 0x8e8aa862, 0xb5fadc26,
+    0x929ff9a7, 0xba36e7ff, 0x9d53c27e, 0xea64da4f, 0xcd01ffce,
+    0xe5a8e196, 0xc2cdc417, 0x0bc6d1f4, 0x2ca3f475, 0x040aea2d,
+    0x236fcfac, 0x5458d79d, 0x733df21c, 0x5b94ec44, 0x7cf1c9c5,
+    0x8885b759, 0xafe092d8, 0x87498c80, 0xa02ca901, 0xd71bb130,
+    0xf07e94b1, 0xd8d78ae9, 0xffb2af68, 0x36b9ba8b, 0x11dc9f0a,
+    0x39758152, 0x1e10a4d3, 0x6927bce2, 0x4e429963, 0x66eb873b,
+    0x418ea2ba, 0xcf040ad8, 0xe8612f59, 0xc0c83101, 0xe7ad1480,
+    0x909a0cb1, 0xb7ff2930, 0x9f563768, 0xb83312e9, 0x7138070a,
+    0x565d228b, 0x7ef43cd3, 0x59911952, 0x2ea60163, 0x09c324e2,
+    0x216a3aba, 0x060f1f3b, 0xf27b61a7, 0xd51e4426, 0xfdb75a7e,
+    0xdad27fff, 0xade567ce, 0x8a80424f, 0xa2295c17, 0x854c7996,
+    0x4c476c75, 0x6b2249f4, 0x438b57ac, 0x64ee722d, 0x13d96a1c,
+    0x34bc4f9d, 0x1c1551c5, 0x3b707444, 0x6af5b94d, 0x4d909ccc,
+    0x65398294, 0x425ca715, 0x356bbf24, 0x120e9aa5, 0x3aa784fd,
+    0x1dc2a17c, 0xd4c9b49f, 0xf3ac911e, 0xdb058f46, 0xfc60aac7,
+    0x8b57b2f6, 0xac329777, 0x849b892f, 0xa3feacae, 0x578ad232,
+    0x70eff7b3, 0x5846e9eb, 0x7f23cc6a, 0x0814d45b, 0x2f71f1da,
+    0x07d8ef82, 0x20bdca03, 0xe9b6dfe0, 0xced3fa61, 0xe67ae439,
+    0xc11fc1b8, 0xb628d989, 0x914dfc08, 0xb9e4e250, 0x9e81c7d1,
+    0x100b6fb3, 0x376e4a32, 0x1fc7546a, 0x38a271eb, 0x4f9569da,
+    0x68f04c5b, 0x40595203, 0x673c7782, 0xae376261, 0x895247e0,
+    0xa1fb59b8, 0x869e7c39, 0xf1a96408, 0xd6cc4189, 0xfe655fd1,
+    0xd9007a50, 0x2d7404cc, 0x0a11214d, 0x22b83f15, 0x05dd1a94,
+    0x72ea02a5, 0x558f2724, 0x7d26397c, 0x5a431cfd, 0x9348091e,
+    0xb42d2c9f, 0x9c8432c7, 0xbbe11746, 0xccd60f77, 0xebb32af6,
+    0xc31a34ae, 0xe47f112f, 0xdf0f656b, 0xf86a40ea, 0xd0c35eb2,
+    0xf7a67b33, 0x80916302, 0xa7f44683, 0x8f5d58db, 0xa8387d5a,
+    0x613368b9, 0x46564d38, 0x6eff5360, 0x499a76e1, 0x3ead6ed0,
+    0x19c84b51, 0x31615509, 0x16047088, 0xe2700e14, 0xc5152b95,
+    0xedbc35cd, 0xcad9104c, 0xbdee087d, 0x9a8b2dfc, 0xb22233a4,
+    0x95471625, 0x5c4c03c6, 0x7b292647, 0x5380381f, 0x74e51d9e,
+    0x03d205af, 0x24b7202e, 0x0c1e3e76, 0x2b7b1bf7, 0xa5f1b395,
+    0x82949614, 0xaa3d884c, 0x8d58adcd, 0xfa6fb5fc, 0xdd0a907d,
+    0xf5a38e25, 0xd2c6aba4, 0x1bcdbe47, 0x3ca89bc6, 0x1401859e,
+    0x3364a01f, 0x4453b82e, 0x63369daf, 0x4b9f83f7, 0x6cfaa676,
+    0x988ed8ea, 0xbfebfd6b, 0x9742e333, 0xb027c6b2, 0xc710de83,
+    0xe075fb02, 0xc8dce55a, 0xefb9c0db, 0x26b2d538, 0x01d7f0b9,
+    0x297eeee1, 0x0e1bcb60, 0x792cd351, 0x5e49f6d0, 0x76e0e888,
+    0x5185cd09}};
+
+#endif
+
+#endif
+
+#endif
+
+local const z_crc_t FAR x2n_table[] = {
+    0x40000000, 0x20000000, 0x08000000, 0x00800000, 0x00008000,
+    0xedb88320, 0xb1e6b092, 0xa06a2517, 0xed627dae, 0x88d14467,
+    0xd7bbfe6a, 0xec447f11, 0x8e7ea170, 0x6427800e, 0x4d47bae0,
+    0x09fe548f, 0x83852d0f, 0x30362f1a, 0x7b5a9cc3, 0x31fec169,
+    0x9fec022a, 0x6c8dedc4, 0x15d6874d, 0x5fde7a4e, 0xbad90e37,
+    0x2e4e5eef, 0x4eaba214, 0xa8a472c0, 0x429a969e, 0x148d302a,
+    0xc40ba6d0, 0xc4e22c3c};
diff --git a/zlib-1.3.1/deflate.c b/zlib-1.3.1/deflate.c
new file mode 100644
index 00000000..012ea814
--- /dev/null
+++ b/zlib-1.3.1/deflate.c
@@ -0,0 +1,2139 @@
+/* deflate.c -- compress data using the deflation algorithm
+ * Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ *  ALGORITHM
+ *
+ *      The "deflation" process depends on being able to identify portions
+ *      of the input text which are identical to earlier input (within a
+ *      sliding window trailing behind the input currently being processed).
+ *
+ *      The most straightforward technique turns out to be the fastest for
+ *      most input files: try all possible matches and select the longest.
+ *      The key feature of this algorithm is that insertions into the string
+ *      dictionary are very simple and thus fast, and deletions are avoided
+ *      completely. Insertions are performed at each input character, whereas
+ *      string matches are performed only when the previous match ends. So it
+ *      is preferable to spend more time in matches to allow very fast string
+ *      insertions and avoid deletions. The matching algorithm for small
+ *      strings is inspired from that of Rabin & Karp. A brute force approach
+ *      is used to find longer strings when a small match has been found.
+ *      A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
+ *      (by Leonid Broukhis).
+ *         A previous version of this file used a more sophisticated algorithm
+ *      (by Fiala and Greene) which is guaranteed to run in linear amortized
+ *      time, but has a larger average cost, uses more memory and is patented.
+ *      However the F&G algorithm may be faster for some highly redundant
+ *      files if the parameter max_chain_length (described below) is too large.
+ *
+ *  ACKNOWLEDGEMENTS
+ *
+ *      The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
+ *      I found it in 'freeze' written by Leonid Broukhis.
+ *      Thanks to many people for bug reports and testing.
+ *
+ *  REFERENCES
+ *
+ *      Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
+ *      Available in http://tools.ietf.org/html/rfc1951
+ *
+ *      A description of the Rabin and Karp algorithm is given in the book
+ *         "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
+ *
+ *      Fiala,E.R., and Greene,D.H.
+ *         Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
+ *
+ */
+
+/* @(#) $Id$ */
+
+#include "deflate.h"
+
+const char deflate_copyright[] =
+   " deflate 1.3.1 Copyright 1995-2024 Jean-loup Gailly and Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+typedef enum {
+    need_more,      /* block not completed, need more input or more output */
+    block_done,     /* block flush performed */
+    finish_started, /* finish started, need only more output at next deflate */
+    finish_done     /* finish done, accept no more input or output */
+} block_state;
+
+typedef block_state (*compress_func)(deflate_state *s, int flush);
+/* Compression function. Returns the block state after the call. */
+
+local block_state deflate_stored(deflate_state *s, int flush);
+local block_state deflate_fast(deflate_state *s, int flush);
+#ifndef FASTEST
+local block_state deflate_slow(deflate_state *s, int flush);
+#endif
+local block_state deflate_rle(deflate_state *s, int flush);
+local block_state deflate_huff(deflate_state *s, int flush);
+
+/* ===========================================================================
+ * Local data
+ */
+
+#define NIL 0
+/* Tail of hash chains */
+
+#ifndef TOO_FAR
+#  define TOO_FAR 4096
+#endif
+/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
+
+/* Values for max_lazy_match, good_match and max_chain_length, depending on
+ * the desired pack level (0..9). The values given below have been tuned to
+ * exclude worst case performance for pathological files. Better values may be
+ * found for specific files.
+ */
+typedef struct config_s {
+   ush good_length; /* reduce lazy search above this match length */
+   ush max_lazy;    /* do not perform lazy search above this match length */
+   ush nice_length; /* quit search above this match length */
+   ush max_chain;
+   compress_func func;
+} config;
+
+#ifdef FASTEST
+local const config configuration_table[2] = {
+/*      good lazy nice chain */
+/* 0 */ {0,    0,  0,    0, deflate_stored},  /* store only */
+/* 1 */ {4,    4,  8,    4, deflate_fast}}; /* max speed, no lazy matches */
+#else
+local const config configuration_table[10] = {
+/*      good lazy nice chain */
+/* 0 */ {0,    0,  0,    0, deflate_stored},  /* store only */
+/* 1 */ {4,    4,  8,    4, deflate_fast}, /* max speed, no lazy matches */
+/* 2 */ {4,    5, 16,    8, deflate_fast},
+/* 3 */ {4,    6, 32,   32, deflate_fast},
+
+/* 4 */ {4,    4, 16,   16, deflate_slow},  /* lazy matches */
+/* 5 */ {8,   16, 32,   32, deflate_slow},
+/* 6 */ {8,   16, 128, 128, deflate_slow},
+/* 7 */ {8,   32, 128, 256, deflate_slow},
+/* 8 */ {32, 128, 258, 1024, deflate_slow},
+/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* max compression */
+#endif
+
+/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
+ * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
+ * meaning.
+ */
+
+/* rank Z_BLOCK between Z_NO_FLUSH and Z_PARTIAL_FLUSH */
+#define RANK(f) (((f) * 2) - ((f) > 4 ? 9 : 0))
+
+/* ===========================================================================
+ * Update a hash value with the given input byte
+ * IN  assertion: all calls to UPDATE_HASH are made with consecutive input
+ *    characters, so that a running hash key can be computed from the previous
+ *    key instead of complete recalculation each time.
+ */
+#define UPDATE_HASH(s,h,c) (h = (((h) << s->hash_shift) ^ (c)) & s->hash_mask)
+
+
+/* ===========================================================================
+ * Insert string str in the dictionary and set match_head to the previous head
+ * of the hash chain (the most recent string with same hash key). Return
+ * the previous length of the hash chain.
+ * If this file is compiled with -DFASTEST, the compression level is forced
+ * to 1, and no hash chains are maintained.
+ * IN  assertion: all calls to INSERT_STRING are made with consecutive input
+ *    characters and the first MIN_MATCH bytes of str are valid (except for
+ *    the last MIN_MATCH-1 bytes of the input file).
+ */
+#ifdef FASTEST
+#define INSERT_STRING(s, str, match_head) \
+   (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
+    match_head = s->head[s->ins_h], \
+    s->head[s->ins_h] = (Pos)(str))
+#else
+#define INSERT_STRING(s, str, match_head) \
+   (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
+    match_head = s->prev[(str) & s->w_mask] = s->head[s->ins_h], \
+    s->head[s->ins_h] = (Pos)(str))
+#endif
+
+/* ===========================================================================
+ * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
+ * prev[] will be initialized on the fly.
+ */
+#define CLEAR_HASH(s) \
+    do { \
+        s->head[s->hash_size - 1] = NIL; \
+        zmemzero((Bytef *)s->head, \
+                 (unsigned)(s->hash_size - 1)*sizeof(*s->head)); \
+    } while (0)
+
+/* ===========================================================================
+ * Slide the hash table when sliding the window down (could be avoided with 32
+ * bit values at the expense of memory usage). We slide even when level == 0 to
+ * keep the hash table consistent if we switch back to level > 0 later.
+ */
+#if defined(__has_feature)
+#  if __has_feature(memory_sanitizer)
+     __attribute__((no_sanitize("memory")))
+#  endif
+#endif
+local void slide_hash(deflate_state *s) {
+    unsigned n, m;
+    Posf *p;
+    uInt wsize = s->w_size;
+
+    n = s->hash_size;
+    p = &s->head[n];
+    do {
+        m = *--p;
+        *p = (Pos)(m >= wsize ? m - wsize : NIL);
+    } while (--n);
+    n = wsize;
+#ifndef FASTEST
+    p = &s->prev[n];
+    do {
+        m = *--p;
+        *p = (Pos)(m >= wsize ? m - wsize : NIL);
+        /* If n is not on any hash chain, prev[n] is garbage but
+         * its value will never be used.
+         */
+    } while (--n);
+#endif
+}
+
+/* ===========================================================================
+ * Read a new buffer from the current input stream, update the adler32
+ * and total number of bytes read.  All deflate() input goes through
+ * this function so some applications may wish to modify it to avoid
+ * allocating a large strm->next_in buffer and copying from it.
+ * (See also flush_pending()).
+ */
+local unsigned read_buf(z_streamp strm, Bytef *buf, unsigned size) {
+    unsigned len = strm->avail_in;
+
+    if (len > size) len = size;
+    if (len == 0) return 0;
+
+    strm->avail_in  -= len;
+
+    zmemcpy(buf, strm->next_in, len);
+    if (strm->state->wrap == 1) {
+        strm->adler = adler32(strm->adler, buf, len);
+    }
+#ifdef GZIP
+    else if (strm->state->wrap == 2) {
+        strm->adler = crc32(strm->adler, buf, len);
+    }
+#endif
+    strm->next_in  += len;
+    strm->total_in += len;
+
+    return len;
+}
+
+/* ===========================================================================
+ * Fill the window when the lookahead becomes insufficient.
+ * Updates strstart and lookahead.
+ *
+ * IN assertion: lookahead < MIN_LOOKAHEAD
+ * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
+ *    At least one byte has been read, or avail_in == 0; reads are
+ *    performed for at least two bytes (required for the zip translate_eol
+ *    option -- not supported here).
+ */
+local void fill_window(deflate_state *s) {
+    unsigned n;
+    unsigned more;    /* Amount of free space at the end of the window. */
+    uInt wsize = s->w_size;
+
+    Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead");
+
+    do {
+        more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
+
+        /* Deal with !@#$% 64K limit: */
+        if (sizeof(int) <= 2) {
+            if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
+                more = wsize;
+
+            } else if (more == (unsigned)(-1)) {
+                /* Very unlikely, but possible on 16 bit machine if
+                 * strstart == 0 && lookahead == 1 (input done a byte at time)
+                 */
+                more--;
+            }
+        }
+
+        /* If the window is almost full and there is insufficient lookahead,
+         * move the upper half to the lower one to make room in the upper half.
+         */
+        if (s->strstart >= wsize + MAX_DIST(s)) {
+
+            zmemcpy(s->window, s->window + wsize, (unsigned)wsize - more);
+            s->match_start -= wsize;
+            s->strstart    -= wsize; /* we now have strstart >= MAX_DIST */
+            s->block_start -= (long) wsize;
+            if (s->insert > s->strstart)
+                s->insert = s->strstart;
+            slide_hash(s);
+            more += wsize;
+        }
+        if (s->strm->avail_in == 0) break;
+
+        /* If there was no sliding:
+         *    strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
+         *    more == window_size - lookahead - strstart
+         * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
+         * => more >= window_size - 2*WSIZE + 2
+         * In the BIG_MEM or MMAP case (not yet supported),
+         *   window_size == input_size + MIN_LOOKAHEAD  &&
+         *   strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
+         * Otherwise, window_size == 2*WSIZE so more >= 2.
+         * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
+         */
+        Assert(more >= 2, "more < 2");
+
+        n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
+        s->lookahead += n;
+
+        /* Initialize the hash value now that we have some input: */
+        if (s->lookahead + s->insert >= MIN_MATCH) {
+            uInt str = s->strstart - s->insert;
+            s->ins_h = s->window[str];
+            UPDATE_HASH(s, s->ins_h, s->window[str + 1]);
+#if MIN_MATCH != 3
+            Call UPDATE_HASH() MIN_MATCH-3 more times
+#endif
+            while (s->insert) {
+                UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]);
+#ifndef FASTEST
+                s->prev[str & s->w_mask] = s->head[s->ins_h];
+#endif
+                s->head[s->ins_h] = (Pos)str;
+                str++;
+                s->insert--;
+                if (s->lookahead + s->insert < MIN_MATCH)
+                    break;
+            }
+        }
+        /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
+         * but this is not important since only literal bytes will be emitted.
+         */
+
+    } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
+
+    /* If the WIN_INIT bytes after the end of the current data have never been
+     * written, then zero those bytes in order to avoid memory check reports of
+     * the use of uninitialized (or uninitialised as Julian writes) bytes by
+     * the longest match routines.  Update the high water mark for the next
+     * time through here.  WIN_INIT is set to MAX_MATCH since the longest match
+     * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.
+     */
+    if (s->high_water < s->window_size) {
+        ulg curr = s->strstart + (ulg)(s->lookahead);
+        ulg init;
+
+        if (s->high_water < curr) {
+            /* Previous high water mark below current data -- zero WIN_INIT
+             * bytes or up to end of window, whichever is less.
+             */
+            init = s->window_size - curr;
+            if (init > WIN_INIT)
+                init = WIN_INIT;
+            zmemzero(s->window + curr, (unsigned)init);
+            s->high_water = curr + init;
+        }
+        else if (s->high_water < (ulg)curr + WIN_INIT) {
+            /* High water mark at or above current data, but below current data
+             * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up
+             * to end of window, whichever is less.
+             */
+            init = (ulg)curr + WIN_INIT - s->high_water;
+            if (init > s->window_size - s->high_water)
+                init = s->window_size - s->high_water;
+            zmemzero(s->window + s->high_water, (unsigned)init);
+            s->high_water += init;
+        }
+    }
+
+    Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,
+           "not enough room for search");
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateInit_(z_streamp strm, int level, const char *version,
+                         int stream_size) {
+    return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
+                         Z_DEFAULT_STRATEGY, version, stream_size);
+    /* To do: ignore strm->next_in if we use it as window */
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
+                          int windowBits, int memLevel, int strategy,
+                          const char *version, int stream_size) {
+    deflate_state *s;
+    int wrap = 1;
+    static const char my_version[] = ZLIB_VERSION;
+
+    if (version == Z_NULL || version[0] != my_version[0] ||
+        stream_size != sizeof(z_stream)) {
+        return Z_VERSION_ERROR;
+    }
+    if (strm == Z_NULL) return Z_STREAM_ERROR;
+
+    strm->msg = Z_NULL;
+    if (strm->zalloc == (alloc_func)0) {
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+#endif
+    }
+    if (strm->zfree == (free_func)0)
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zfree = zcfree;
+#endif
+
+#ifdef FASTEST
+    if (level != 0) level = 1;
+#else
+    if (level == Z_DEFAULT_COMPRESSION) level = 6;
+#endif
+
+    if (windowBits < 0) { /* suppress zlib wrapper */
+        wrap = 0;
+        if (windowBits < -15)
+            return Z_STREAM_ERROR;
+        windowBits = -windowBits;
+    }
+#ifdef GZIP
+    else if (windowBits > 15) {
+        wrap = 2;       /* write gzip wrapper instead */
+        windowBits -= 16;
+    }
+#endif
+    if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
+        strategy < 0 || strategy > Z_FIXED || (windowBits == 8 && wrap != 1)) {
+        return Z_STREAM_ERROR;
+    }
+    if (windowBits == 8) windowBits = 9;  /* until 256-byte window bug fixed */
+    s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
+    if (s == Z_NULL) return Z_MEM_ERROR;
+    strm->state = (struct internal_state FAR *)s;
+    s->strm = strm;
+    s->status = INIT_STATE;     /* to pass state test in deflateReset() */
+
+    s->wrap = wrap;
+    s->gzhead = Z_NULL;
+    s->w_bits = (uInt)windowBits;
+    s->w_size = 1 << s->w_bits;
+    s->w_mask = s->w_size - 1;
+
+    s->hash_bits = (uInt)memLevel + 7;
+    s->hash_size = 1 << s->hash_bits;
+    s->hash_mask = s->hash_size - 1;
+    s->hash_shift =  ((s->hash_bits + MIN_MATCH-1) / MIN_MATCH);
+
+    s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
+    s->prev   = (Posf *)  ZALLOC(strm, s->w_size, sizeof(Pos));
+    s->head   = (Posf *)  ZALLOC(strm, s->hash_size, sizeof(Pos));
+
+    s->high_water = 0;      /* nothing written to s->window yet */
+
+    s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
+
+    /* We overlay pending_buf and sym_buf. This works since the average size
+     * for length/distance pairs over any compressed block is assured to be 31
+     * bits or less.
+     *
+     * Analysis: The longest fixed codes are a length code of 8 bits plus 5
+     * extra bits, for lengths 131 to 257. The longest fixed distance codes are
+     * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
+     * possible fixed-codes length/distance pair is then 31 bits total.
+     *
+     * sym_buf starts one-fourth of the way into pending_buf. So there are
+     * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
+     * in sym_buf is three bytes -- two for the distance and one for the
+     * literal/length. As each symbol is consumed, the pointer to the next
+     * sym_buf value to read moves forward three bytes. From that symbol, up to
+     * 31 bits are written to pending_buf. The closest the written pending_buf
+     * bits gets to the next sym_buf symbol to read is just before the last
+     * code is written. At that time, 31*(n - 2) bits have been written, just
+     * after 24*(n - 2) bits have been consumed from sym_buf. sym_buf starts at
+     * 8*n bits into pending_buf. (Note that the symbol buffer fills when n - 1
+     * symbols are written.) The closest the writing gets to what is unread is
+     * then n + 14 bits. Here n is lit_bufsize, which is 16384 by default, and
+     * can range from 128 to 32768.
+     *
+     * Therefore, at a minimum, there are 142 bits of space between what is
+     * written and what is read in the overlain buffers, so the symbols cannot
+     * be overwritten by the compressed data. That space is actually 139 bits,
+     * due to the three-bit fixed-code block header.
+     *
+     * That covers the case where either Z_FIXED is specified, forcing fixed
+     * codes, or when the use of fixed codes is chosen, because that choice
+     * results in a smaller compressed block than dynamic codes. That latter
+     * condition then assures that the above analysis also covers all dynamic
+     * blocks. A dynamic-code block will only be chosen to be emitted if it has
+     * fewer bits than a fixed-code block would for the same set of symbols.
+     * Therefore its average symbol length is assured to be less than 31. So
+     * the compressed data for a dynamic block also cannot overwrite the
+     * symbols from which it is being constructed.
+     */
+
+    s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, LIT_BUFS);
+    s->pending_buf_size = (ulg)s->lit_bufsize * 4;
+
+    if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
+        s->pending_buf == Z_NULL) {
+        s->status = FINISH_STATE;
+        strm->msg = ERR_MSG(Z_MEM_ERROR);
+        deflateEnd (strm);
+        return Z_MEM_ERROR;
+    }
+#ifdef LIT_MEM
+    s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1));
+    s->l_buf = s->pending_buf + (s->lit_bufsize << 2);
+    s->sym_end = s->lit_bufsize - 1;
+#else
+    s->sym_buf = s->pending_buf + s->lit_bufsize;
+    s->sym_end = (s->lit_bufsize - 1) * 3;
+#endif
+    /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
+     * on 16 bit machines and because stored blocks are restricted to
+     * 64K-1 bytes.
+     */
+
+    s->level = level;
+    s->strategy = strategy;
+    s->method = (Byte)method;
+
+    return deflateReset(strm);
+}
+
+/* =========================================================================
+ * Check for a valid deflate stream state. Return 0 if ok, 1 if not.
+ */
+local int deflateStateCheck(z_streamp strm) {
+    deflate_state *s;
+    if (strm == Z_NULL ||
+        strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0)
+        return 1;
+    s = strm->state;
+    if (s == Z_NULL || s->strm != strm || (s->status != INIT_STATE &&
+#ifdef GZIP
+                                           s->status != GZIP_STATE &&
+#endif
+                                           s->status != EXTRA_STATE &&
+                                           s->status != NAME_STATE &&
+                                           s->status != COMMENT_STATE &&
+                                           s->status != HCRC_STATE &&
+                                           s->status != BUSY_STATE &&
+                                           s->status != FINISH_STATE))
+        return 1;
+    return 0;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateSetDictionary(z_streamp strm, const Bytef *dictionary,
+                                 uInt  dictLength) {
+    deflate_state *s;
+    uInt str, n;
+    int wrap;
+    unsigned avail;
+    z_const unsigned char *next;
+
+    if (deflateStateCheck(strm) || dictionary == Z_NULL)
+        return Z_STREAM_ERROR;
+    s = strm->state;
+    wrap = s->wrap;
+    if (wrap == 2 || (wrap == 1 && s->status != INIT_STATE) || s->lookahead)
+        return Z_STREAM_ERROR;
+
+    /* when using zlib wrappers, compute Adler-32 for provided dictionary */
+    if (wrap == 1)
+        strm->adler = adler32(strm->adler, dictionary, dictLength);
+    s->wrap = 0;                    /* avoid computing Adler-32 in read_buf */
+
+    /* if dictionary would fill window, just replace the history */
+    if (dictLength >= s->w_size) {
+        if (wrap == 0) {            /* already empty otherwise */
+            CLEAR_HASH(s);
+            s->strstart = 0;
+            s->block_start = 0L;
+            s->insert = 0;
+        }
+        dictionary += dictLength - s->w_size;  /* use the tail */
+        dictLength = s->w_size;
+    }
+
+    /* insert dictionary into window and hash */
+    avail = strm->avail_in;
+    next = strm->next_in;
+    strm->avail_in = dictLength;
+    strm->next_in = (z_const Bytef *)dictionary;
+    fill_window(s);
+    while (s->lookahead >= MIN_MATCH) {
+        str = s->strstart;
+        n = s->lookahead - (MIN_MATCH-1);
+        do {
+            UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]);
+#ifndef FASTEST
+            s->prev[str & s->w_mask] = s->head[s->ins_h];
+#endif
+            s->head[s->ins_h] = (Pos)str;
+            str++;
+        } while (--n);
+        s->strstart = str;
+        s->lookahead = MIN_MATCH-1;
+        fill_window(s);
+    }
+    s->strstart += s->lookahead;
+    s->block_start = (long)s->strstart;
+    s->insert = s->lookahead;
+    s->lookahead = 0;
+    s->match_length = s->prev_length = MIN_MATCH-1;
+    s->match_available = 0;
+    strm->next_in = next;
+    strm->avail_in = avail;
+    s->wrap = wrap;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateGetDictionary(z_streamp strm, Bytef *dictionary,
+                                 uInt *dictLength) {
+    deflate_state *s;
+    uInt len;
+
+    if (deflateStateCheck(strm))
+        return Z_STREAM_ERROR;
+    s = strm->state;
+    len = s->strstart + s->lookahead;
+    if (len > s->w_size)
+        len = s->w_size;
+    if (dictionary != Z_NULL && len)
+        zmemcpy(dictionary, s->window + s->strstart + s->lookahead - len, len);
+    if (dictLength != Z_NULL)
+        *dictLength = len;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateResetKeep(z_streamp strm) {
+    deflate_state *s;
+
+    if (deflateStateCheck(strm)) {
+        return Z_STREAM_ERROR;
+    }
+
+    strm->total_in = strm->total_out = 0;
+    strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
+    strm->data_type = Z_UNKNOWN;
+
+    s = (deflate_state *)strm->state;
+    s->pending = 0;
+    s->pending_out = s->pending_buf;
+
+    if (s->wrap < 0) {
+        s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */
+    }
+    s->status =
+#ifdef GZIP
+        s->wrap == 2 ? GZIP_STATE :
+#endif
+        INIT_STATE;
+    strm->adler =
+#ifdef GZIP
+        s->wrap == 2 ? crc32(0L, Z_NULL, 0) :
+#endif
+        adler32(0L, Z_NULL, 0);
+    s->last_flush = -2;
+
+    _tr_init(s);
+
+    return Z_OK;
+}
+
+/* ===========================================================================
+ * Initialize the "longest match" routines for a new zlib stream
+ */
+local void lm_init(deflate_state *s) {
+    s->window_size = (ulg)2L*s->w_size;
+
+    CLEAR_HASH(s);
+
+    /* Set the default configuration parameters:
+     */
+    s->max_lazy_match   = configuration_table[s->level].max_lazy;
+    s->good_match       = configuration_table[s->level].good_length;
+    s->nice_match       = configuration_table[s->level].nice_length;
+    s->max_chain_length = configuration_table[s->level].max_chain;
+
+    s->strstart = 0;
+    s->block_start = 0L;
+    s->lookahead = 0;
+    s->insert = 0;
+    s->match_length = s->prev_length = MIN_MATCH-1;
+    s->match_available = 0;
+    s->ins_h = 0;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateReset(z_streamp strm) {
+    int ret;
+
+    ret = deflateResetKeep(strm);
+    if (ret == Z_OK)
+        lm_init(strm->state);
+    return ret;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateSetHeader(z_streamp strm, gz_headerp head) {
+    if (deflateStateCheck(strm) || strm->state->wrap != 2)
+        return Z_STREAM_ERROR;
+    strm->state->gzhead = head;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflatePending(z_streamp strm, unsigned *pending, int *bits) {
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    if (pending != Z_NULL)
+        *pending = strm->state->pending;
+    if (bits != Z_NULL)
+        *bits = strm->state->bi_valid;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflatePrime(z_streamp strm, int bits, int value) {
+    deflate_state *s;
+    int put;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    s = strm->state;
+#ifdef LIT_MEM
+    if (bits < 0 || bits > 16 ||
+        (uchf *)s->d_buf < s->pending_out + ((Buf_size + 7) >> 3))
+        return Z_BUF_ERROR;
+#else
+    if (bits < 0 || bits > 16 ||
+        s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+        return Z_BUF_ERROR;
+#endif
+    do {
+        put = Buf_size - s->bi_valid;
+        if (put > bits)
+            put = bits;
+        s->bi_buf |= (ush)((value & ((1 << put) - 1)) << s->bi_valid);
+        s->bi_valid += put;
+        _tr_flush_bits(s);
+        value >>= put;
+        bits -= put;
+    } while (bits);
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateParams(z_streamp strm, int level, int strategy) {
+    deflate_state *s;
+    compress_func func;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    s = strm->state;
+
+#ifdef FASTEST
+    if (level != 0) level = 1;
+#else
+    if (level == Z_DEFAULT_COMPRESSION) level = 6;
+#endif
+    if (level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED) {
+        return Z_STREAM_ERROR;
+    }
+    func = configuration_table[s->level].func;
+
+    if ((strategy != s->strategy || func != configuration_table[level].func) &&
+        s->last_flush != -2) {
+        /* Flush the last buffer: */
+        int err = deflate(strm, Z_BLOCK);
+        if (err == Z_STREAM_ERROR)
+            return err;
+        if (strm->avail_in || (s->strstart - s->block_start) + s->lookahead)
+            return Z_BUF_ERROR;
+    }
+    if (s->level != level) {
+        if (s->level == 0 && s->matches != 0) {
+            if (s->matches == 1)
+                slide_hash(s);
+            else
+                CLEAR_HASH(s);
+            s->matches = 0;
+        }
+        s->level = level;
+        s->max_lazy_match   = configuration_table[level].max_lazy;
+        s->good_match       = configuration_table[level].good_length;
+        s->nice_match       = configuration_table[level].nice_length;
+        s->max_chain_length = configuration_table[level].max_chain;
+    }
+    s->strategy = strategy;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateTune(z_streamp strm, int good_length, int max_lazy,
+                        int nice_length, int max_chain) {
+    deflate_state *s;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    s = strm->state;
+    s->good_match = (uInt)good_length;
+    s->max_lazy_match = (uInt)max_lazy;
+    s->nice_match = nice_length;
+    s->max_chain_length = (uInt)max_chain;
+    return Z_OK;
+}
+
+/* =========================================================================
+ * For the default windowBits of 15 and memLevel of 8, this function returns a
+ * close to exact, as well as small, upper bound on the compressed size. This
+ * is an expansion of ~0.03%, plus a small constant.
+ *
+ * For any setting other than those defaults for windowBits and memLevel, one
+ * of two worst case bounds is returned. This is at most an expansion of ~4% or
+ * ~13%, plus a small constant.
+ *
+ * Both the 0.03% and 4% derive from the overhead of stored blocks. The first
+ * one is for stored blocks of 16383 bytes (memLevel == 8), whereas the second
+ * is for stored blocks of 127 bytes (the worst case memLevel == 1). The
+ * expansion results from five bytes of header for each stored block.
+ *
+ * The larger expansion of 13% results from a window size less than or equal to
+ * the symbols buffer size (windowBits <= memLevel + 7). In that case some of
+ * the data being compressed may have slid out of the sliding window, impeding
+ * a stored block from being emitted. Then the only choice is a fixed or
+ * dynamic block, where a fixed block limits the maximum expansion to 9 bits
+ * per 8-bit byte, plus 10 bits for every block. The smallest block size for
+ * which this can occur is 255 (memLevel == 2).
+ *
+ * Shifts are used to approximate divisions, for speed.
+ */
+uLong ZEXPORT deflateBound(z_streamp strm, uLong sourceLen) {
+    deflate_state *s;
+    uLong fixedlen, storelen, wraplen;
+
+    /* upper bound for fixed blocks with 9-bit literals and length 255
+       (memLevel == 2, which is the lowest that may not use stored blocks) --
+       ~13% overhead plus a small constant */
+    fixedlen = sourceLen + (sourceLen >> 3) + (sourceLen >> 8) +
+               (sourceLen >> 9) + 4;
+
+    /* upper bound for stored blocks with length 127 (memLevel == 1) --
+       ~4% overhead plus a small constant */
+    storelen = sourceLen + (sourceLen >> 5) + (sourceLen >> 7) +
+               (sourceLen >> 11) + 7;
+
+    /* if can't get parameters, return larger bound plus a zlib wrapper */
+    if (deflateStateCheck(strm))
+        return (fixedlen > storelen ? fixedlen : storelen) + 6;
+
+    /* compute wrapper length */
+    s = strm->state;
+    switch (s->wrap) {
+    case 0:                                 /* raw deflate */
+        wraplen = 0;
+        break;
+    case 1:                                 /* zlib wrapper */
+        wraplen = 6 + (s->strstart ? 4 : 0);
+        break;
+#ifdef GZIP
+    case 2:                                 /* gzip wrapper */
+        wraplen = 18;
+        if (s->gzhead != Z_NULL) {          /* user-supplied gzip header */
+            Bytef *str;
+            if (s->gzhead->extra != Z_NULL)
+                wraplen += 2 + s->gzhead->extra_len;
+            str = s->gzhead->name;
+            if (str != Z_NULL)
+                do {
+                    wraplen++;
+                } while (*str++);
+            str = s->gzhead->comment;
+            if (str != Z_NULL)
+                do {
+                    wraplen++;
+                } while (*str++);
+            if (s->gzhead->hcrc)
+                wraplen += 2;
+        }
+        break;
+#endif
+    default:                                /* for compiler happiness */
+        wraplen = 6;
+    }
+
+    /* if not default parameters, return one of the conservative bounds */
+    if (s->w_bits != 15 || s->hash_bits != 8 + 7)
+        return (s->w_bits <= s->hash_bits && s->level ? fixedlen : storelen) +
+               wraplen;
+
+    /* default settings: return tight bound for that case -- ~0.03% overhead
+       plus a small constant */
+    return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
+           (sourceLen >> 25) + 13 - 6 + wraplen;
+}
+
+/* =========================================================================
+ * Put a short in the pending buffer. The 16-bit value is put in MSB order.
+ * IN assertion: the stream state is correct and there is enough room in
+ * pending_buf.
+ */
+local void putShortMSB(deflate_state *s, uInt b) {
+    put_byte(s, (Byte)(b >> 8));
+    put_byte(s, (Byte)(b & 0xff));
+}
+
+/* =========================================================================
+ * Flush as much pending output as possible. All deflate() output, except for
+ * some deflate_stored() output, goes through this function so some
+ * applications may wish to modify it to avoid allocating a large
+ * strm->next_out buffer and copying into it. (See also read_buf()).
+ */
+local void flush_pending(z_streamp strm) {
+    unsigned len;
+    deflate_state *s = strm->state;
+
+    _tr_flush_bits(s);
+    len = s->pending;
+    if (len > strm->avail_out) len = strm->avail_out;
+    if (len == 0) return;
+
+    zmemcpy(strm->next_out, s->pending_out, len);
+    strm->next_out  += len;
+    s->pending_out  += len;
+    strm->total_out += len;
+    strm->avail_out -= len;
+    s->pending      -= len;
+    if (s->pending == 0) {
+        s->pending_out = s->pending_buf;
+    }
+}
+
+/* ===========================================================================
+ * Update the header CRC with the bytes s->pending_buf[beg..s->pending - 1].
+ */
+#define HCRC_UPDATE(beg) \
+    do { \
+        if (s->gzhead->hcrc && s->pending > (beg)) \
+            strm->adler = crc32(strm->adler, s->pending_buf + (beg), \
+                                s->pending - (beg)); \
+    } while (0)
+
+/* ========================================================================= */
+int ZEXPORT deflate(z_streamp strm, int flush) {
+    int old_flush; /* value of flush param for previous deflate call */
+    deflate_state *s;
+
+    if (deflateStateCheck(strm) || flush > Z_BLOCK || flush < 0) {
+        return Z_STREAM_ERROR;
+    }
+    s = strm->state;
+
+    if (strm->next_out == Z_NULL ||
+        (strm->avail_in != 0 && strm->next_in == Z_NULL) ||
+        (s->status == FINISH_STATE && flush != Z_FINISH)) {
+        ERR_RETURN(strm, Z_STREAM_ERROR);
+    }
+    if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
+
+    old_flush = s->last_flush;
+    s->last_flush = flush;
+
+    /* Flush as much pending output as possible */
+    if (s->pending != 0) {
+        flush_pending(strm);
+        if (strm->avail_out == 0) {
+            /* Since avail_out is 0, deflate will be called again with
+             * more output space, but possibly with both pending and
+             * avail_in equal to zero. There won't be anything to do,
+             * but this is not an error situation so make sure we
+             * return OK instead of BUF_ERROR at next call of deflate:
+             */
+            s->last_flush = -1;
+            return Z_OK;
+        }
+
+    /* Make sure there is something to do and avoid duplicate consecutive
+     * flushes. For repeated and useless calls with Z_FINISH, we keep
+     * returning Z_STREAM_END instead of Z_BUF_ERROR.
+     */
+    } else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) &&
+               flush != Z_FINISH) {
+        ERR_RETURN(strm, Z_BUF_ERROR);
+    }
+
+    /* User must not provide more input after the first FINISH: */
+    if (s->status == FINISH_STATE && strm->avail_in != 0) {
+        ERR_RETURN(strm, Z_BUF_ERROR);
+    }
+
+    /* Write the header */
+    if (s->status == INIT_STATE && s->wrap == 0)
+        s->status = BUSY_STATE;
+    if (s->status == INIT_STATE) {
+        /* zlib header */
+        uInt header = (Z_DEFLATED + ((s->w_bits - 8) << 4)) << 8;
+        uInt level_flags;
+
+        if (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2)
+            level_flags = 0;
+        else if (s->level < 6)
+            level_flags = 1;
+        else if (s->level == 6)
+            level_flags = 2;
+        else
+            level_flags = 3;
+        header |= (level_flags << 6);
+        if (s->strstart != 0) header |= PRESET_DICT;
+        header += 31 - (header % 31);
+
+        putShortMSB(s, header);
+
+        /* Save the adler32 of the preset dictionary: */
+        if (s->strstart != 0) {
+            putShortMSB(s, (uInt)(strm->adler >> 16));
+            putShortMSB(s, (uInt)(strm->adler & 0xffff));
+        }
+        strm->adler = adler32(0L, Z_NULL, 0);
+        s->status = BUSY_STATE;
+
+        /* Compression must start with an empty pending buffer */
+        flush_pending(strm);
+        if (s->pending != 0) {
+            s->last_flush = -1;
+            return Z_OK;
+        }
+    }
+#ifdef GZIP
+    if (s->status == GZIP_STATE) {
+        /* gzip header */
+        strm->adler = crc32(0L, Z_NULL, 0);
+        put_byte(s, 31);
+        put_byte(s, 139);
+        put_byte(s, 8);
+        if (s->gzhead == Z_NULL) {
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, s->level == 9 ? 2 :
+                     (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ?
+                      4 : 0));
+            put_byte(s, OS_CODE);
+            s->status = BUSY_STATE;
+
+            /* Compression must start with an empty pending buffer */
+            flush_pending(strm);
+            if (s->pending != 0) {
+                s->last_flush = -1;
+                return Z_OK;
+            }
+        }
+        else {
+            put_byte(s, (s->gzhead->text ? 1 : 0) +
+                     (s->gzhead->hcrc ? 2 : 0) +
+                     (s->gzhead->extra == Z_NULL ? 0 : 4) +
+                     (s->gzhead->name == Z_NULL ? 0 : 8) +
+                     (s->gzhead->comment == Z_NULL ? 0 : 16)
+                     );
+            put_byte(s, (Byte)(s->gzhead->time & 0xff));
+            put_byte(s, (Byte)((s->gzhead->time >> 8) & 0xff));
+            put_byte(s, (Byte)((s->gzhead->time >> 16) & 0xff));
+            put_byte(s, (Byte)((s->gzhead->time >> 24) & 0xff));
+            put_byte(s, s->level == 9 ? 2 :
+                     (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ?
+                      4 : 0));
+            put_byte(s, s->gzhead->os & 0xff);
+            if (s->gzhead->extra != Z_NULL) {
+                put_byte(s, s->gzhead->extra_len & 0xff);
+                put_byte(s, (s->gzhead->extra_len >> 8) & 0xff);
+            }
+            if (s->gzhead->hcrc)
+                strm->adler = crc32(strm->adler, s->pending_buf,
+                                    s->pending);
+            s->gzindex = 0;
+            s->status = EXTRA_STATE;
+        }
+    }
+    if (s->status == EXTRA_STATE) {
+        if (s->gzhead->extra != Z_NULL) {
+            ulg beg = s->pending;   /* start of bytes to update crc */
+            uInt left = (s->gzhead->extra_len & 0xffff) - s->gzindex;
+            while (s->pending + left > s->pending_buf_size) {
+                uInt copy = s->pending_buf_size - s->pending;
+                zmemcpy(s->pending_buf + s->pending,
+                        s->gzhead->extra + s->gzindex, copy);
+                s->pending = s->pending_buf_size;
+                HCRC_UPDATE(beg);
+                s->gzindex += copy;
+                flush_pending(strm);
+                if (s->pending != 0) {
+                    s->last_flush = -1;
+                    return Z_OK;
+                }
+                beg = 0;
+                left -= copy;
+            }
+            zmemcpy(s->pending_buf + s->pending,
+                    s->gzhead->extra + s->gzindex, left);
+            s->pending += left;
+            HCRC_UPDATE(beg);
+            s->gzindex = 0;
+        }
+        s->status = NAME_STATE;
+    }
+    if (s->status == NAME_STATE) {
+        if (s->gzhead->name != Z_NULL) {
+            ulg beg = s->pending;   /* start of bytes to update crc */
+            int val;
+            do {
+                if (s->pending == s->pending_buf_size) {
+                    HCRC_UPDATE(beg);
+                    flush_pending(strm);
+                    if (s->pending != 0) {
+                        s->last_flush = -1;
+                        return Z_OK;
+                    }
+                    beg = 0;
+                }
+                val = s->gzhead->name[s->gzindex++];
+                put_byte(s, val);
+            } while (val != 0);
+            HCRC_UPDATE(beg);
+            s->gzindex = 0;
+        }
+        s->status = COMMENT_STATE;
+    }
+    if (s->status == COMMENT_STATE) {
+        if (s->gzhead->comment != Z_NULL) {
+            ulg beg = s->pending;   /* start of bytes to update crc */
+            int val;
+            do {
+                if (s->pending == s->pending_buf_size) {
+                    HCRC_UPDATE(beg);
+                    flush_pending(strm);
+                    if (s->pending != 0) {
+                        s->last_flush = -1;
+                        return Z_OK;
+                    }
+                    beg = 0;
+                }
+                val = s->gzhead->comment[s->gzindex++];
+                put_byte(s, val);
+            } while (val != 0);
+            HCRC_UPDATE(beg);
+        }
+        s->status = HCRC_STATE;
+    }
+    if (s->status == HCRC_STATE) {
+        if (s->gzhead->hcrc) {
+            if (s->pending + 2 > s->pending_buf_size) {
+                flush_pending(strm);
+                if (s->pending != 0) {
+                    s->last_flush = -1;
+                    return Z_OK;
+                }
+            }
+            put_byte(s, (Byte)(strm->adler & 0xff));
+            put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
+            strm->adler = crc32(0L, Z_NULL, 0);
+        }
+        s->status = BUSY_STATE;
+
+        /* Compression must start with an empty pending buffer */
+        flush_pending(strm);
+        if (s->pending != 0) {
+            s->last_flush = -1;
+            return Z_OK;
+        }
+    }
+#endif
+
+    /* Start a new block or continue the current one.
+     */
+    if (strm->avail_in != 0 || s->lookahead != 0 ||
+        (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
+        block_state bstate;
+
+        bstate = s->level == 0 ? deflate_stored(s, flush) :
+                 s->strategy == Z_HUFFMAN_ONLY ? deflate_huff(s, flush) :
+                 s->strategy == Z_RLE ? deflate_rle(s, flush) :
+                 (*(configuration_table[s->level].func))(s, flush);
+
+        if (bstate == finish_started || bstate == finish_done) {
+            s->status = FINISH_STATE;
+        }
+        if (bstate == need_more || bstate == finish_started) {
+            if (strm->avail_out == 0) {
+                s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
+            }
+            return Z_OK;
+            /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
+             * of deflate should use the same flush parameter to make sure
+             * that the flush is complete. So we don't have to output an
+             * empty block here, this will be done at next call. This also
+             * ensures that for a very small output buffer, we emit at most
+             * one empty block.
+             */
+        }
+        if (bstate == block_done) {
+            if (flush == Z_PARTIAL_FLUSH) {
+                _tr_align(s);
+            } else if (flush != Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */
+                _tr_stored_block(s, (char*)0, 0L, 0);
+                /* For a full flush, this empty block will be recognized
+                 * as a special marker by inflate_sync().
+                 */
+                if (flush == Z_FULL_FLUSH) {
+                    CLEAR_HASH(s);             /* forget history */
+                    if (s->lookahead == 0) {
+                        s->strstart = 0;
+                        s->block_start = 0L;
+                        s->insert = 0;
+                    }
+                }
+            }
+            flush_pending(strm);
+            if (strm->avail_out == 0) {
+              s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
+              return Z_OK;
+            }
+        }
+    }
+
+    if (flush != Z_FINISH) return Z_OK;
+    if (s->wrap <= 0) return Z_STREAM_END;
+
+    /* Write the trailer */
+#ifdef GZIP
+    if (s->wrap == 2) {
+        put_byte(s, (Byte)(strm->adler & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 16) & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 24) & 0xff));
+        put_byte(s, (Byte)(strm->total_in & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 8) & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 16) & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 24) & 0xff));
+    }
+    else
+#endif
+    {
+        putShortMSB(s, (uInt)(strm->adler >> 16));
+        putShortMSB(s, (uInt)(strm->adler & 0xffff));
+    }
+    flush_pending(strm);
+    /* If avail_out is zero, the application will call deflate again
+     * to flush the rest.
+     */
+    if (s->wrap > 0) s->wrap = -s->wrap; /* write the trailer only once! */
+    return s->pending != 0 ? Z_OK : Z_STREAM_END;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateEnd(z_streamp strm) {
+    int status;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+
+    status = strm->state->status;
+
+    /* Deallocate in reverse order of allocations: */
+    TRY_FREE(strm, strm->state->pending_buf);
+    TRY_FREE(strm, strm->state->head);
+    TRY_FREE(strm, strm->state->prev);
+    TRY_FREE(strm, strm->state->window);
+
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+
+    return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
+}
+
+/* =========================================================================
+ * Copy the source state to the destination state.
+ * To simplify the source, this is not supported for 16-bit MSDOS (which
+ * doesn't have enough memory anyway to duplicate compression states).
+ */
+int ZEXPORT deflateCopy(z_streamp dest, z_streamp source) {
+#ifdef MAXSEG_64K
+    (void)dest;
+    (void)source;
+    return Z_STREAM_ERROR;
+#else
+    deflate_state *ds;
+    deflate_state *ss;
+
+
+    if (deflateStateCheck(source) || dest == Z_NULL) {
+        return Z_STREAM_ERROR;
+    }
+
+    ss = source->state;
+
+    zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream));
+
+    ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
+    if (ds == Z_NULL) return Z_MEM_ERROR;
+    dest->state = (struct internal_state FAR *) ds;
+    zmemcpy((voidpf)ds, (voidpf)ss, sizeof(deflate_state));
+    ds->strm = dest;
+
+    ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
+    ds->prev   = (Posf *)  ZALLOC(dest, ds->w_size, sizeof(Pos));
+    ds->head   = (Posf *)  ZALLOC(dest, ds->hash_size, sizeof(Pos));
+    ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, LIT_BUFS);
+
+    if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
+        ds->pending_buf == Z_NULL) {
+        deflateEnd (dest);
+        return Z_MEM_ERROR;
+    }
+    /* following zmemcpy do not work for 16-bit MSDOS */
+    zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
+    zmemcpy((voidpf)ds->prev, (voidpf)ss->prev, ds->w_size * sizeof(Pos));
+    zmemcpy((voidpf)ds->head, (voidpf)ss->head, ds->hash_size * sizeof(Pos));
+    zmemcpy(ds->pending_buf, ss->pending_buf, ds->lit_bufsize * LIT_BUFS);
+
+    ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+#ifdef LIT_MEM
+    ds->d_buf = (ushf *)(ds->pending_buf + (ds->lit_bufsize << 1));
+    ds->l_buf = ds->pending_buf + (ds->lit_bufsize << 2);
+#else
+    ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
+#endif
+
+    ds->l_desc.dyn_tree = ds->dyn_ltree;
+    ds->d_desc.dyn_tree = ds->dyn_dtree;
+    ds->bl_desc.dyn_tree = ds->bl_tree;
+
+    return Z_OK;
+#endif /* MAXSEG_64K */
+}
+
+#ifndef FASTEST
+/* ===========================================================================
+ * Set match_start to the longest match starting at the given string and
+ * return its length. Matches shorter or equal to prev_length are discarded,
+ * in which case the result is equal to prev_length and match_start is
+ * garbage.
+ * IN assertions: cur_match is the head of the hash chain for the current
+ *   string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
+ * OUT assertion: the match length is not greater than s->lookahead.
+ */
+local uInt longest_match(deflate_state *s, IPos cur_match) {
+    unsigned chain_length = s->max_chain_length;/* max hash chain length */
+    register Bytef *scan = s->window + s->strstart; /* current string */
+    register Bytef *match;                      /* matched string */
+    register int len;                           /* length of current match */
+    int best_len = (int)s->prev_length;         /* best match length so far */
+    int nice_match = s->nice_match;             /* stop if match long enough */
+    IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
+        s->strstart - (IPos)MAX_DIST(s) : NIL;
+    /* Stop when cur_match becomes <= limit. To simplify the code,
+     * we prevent matches with the string of window index 0.
+     */
+    Posf *prev = s->prev;
+    uInt wmask = s->w_mask;
+
+#ifdef UNALIGNED_OK
+    /* Compare two bytes at a time. Note: this is not always beneficial.
+     * Try with and without -DUNALIGNED_OK to check.
+     */
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
+    register ush scan_start = *(ushf*)scan;
+    register ush scan_end   = *(ushf*)(scan + best_len - 1);
+#else
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+    register Byte scan_end1  = scan[best_len - 1];
+    register Byte scan_end   = scan[best_len];
+#endif
+
+    /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
+     * It is easy to get rid of this optimization if necessary.
+     */
+    Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
+
+    /* Do not waste too much time if we already have a good match: */
+    if (s->prev_length >= s->good_match) {
+        chain_length >>= 2;
+    }
+    /* Do not look for matches beyond the end of the input. This is necessary
+     * to make deflate deterministic.
+     */
+    if ((uInt)nice_match > s->lookahead) nice_match = (int)s->lookahead;
+
+    Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,
+           "need lookahead");
+
+    do {
+        Assert(cur_match < s->strstart, "no future");
+        match = s->window + cur_match;
+
+        /* Skip to next match if the match length cannot increase
+         * or if the match length is less than 2.  Note that the checks below
+         * for insufficient lookahead only occur occasionally for performance
+         * reasons.  Therefore uninitialized memory will be accessed, and
+         * conditional jumps will be made that depend on those values.
+         * However the length of the match is limited to the lookahead, so
+         * the output of deflate is not affected by the uninitialized values.
+         */
+#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
+        /* This code assumes sizeof(unsigned short) == 2. Do not use
+         * UNALIGNED_OK if your compiler uses a different size.
+         */
+        if (*(ushf*)(match + best_len - 1) != scan_end ||
+            *(ushf*)match != scan_start) continue;
+
+        /* It is not necessary to compare scan[2] and match[2] since they are
+         * always equal when the other bytes match, given that the hash keys
+         * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
+         * strstart + 3, + 5, up to strstart + 257. We check for insufficient
+         * lookahead only every 4th comparison; the 128th check will be made
+         * at strstart + 257. If MAX_MATCH-2 is not a multiple of 8, it is
+         * necessary to put more guard bytes at the end of the window, or
+         * to check more often for insufficient lookahead.
+         */
+        Assert(scan[2] == match[2], "scan[2]?");
+        scan++, match++;
+        do {
+        } while (*(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 *(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 *(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 *(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 scan < strend);
+        /* The funny "do {}" generates better code on most compilers */
+
+        /* Here, scan <= window + strstart + 257 */
+        Assert(scan <= s->window + (unsigned)(s->window_size - 1),
+               "wild scan");
+        if (*scan == *match) scan++;
+
+        len = (MAX_MATCH - 1) - (int)(strend - scan);
+        scan = strend - (MAX_MATCH-1);
+
+#else /* UNALIGNED_OK */
+
+        if (match[best_len]     != scan_end  ||
+            match[best_len - 1] != scan_end1 ||
+            *match              != *scan     ||
+            *++match            != scan[1])      continue;
+
+        /* The check at best_len - 1 can be removed because it will be made
+         * again later. (This heuristic is not always a win.)
+         * It is not necessary to compare scan[2] and match[2] since they
+         * are always equal when the other bytes match, given that
+         * the hash keys are equal and that HASH_BITS >= 8.
+         */
+        scan += 2, match++;
+        Assert(*scan == *match, "match[2]?");
+
+        /* We check for insufficient lookahead only every 8th comparison;
+         * the 256th check will be made at strstart + 258.
+         */
+        do {
+        } while (*++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 scan < strend);
+
+        Assert(scan <= s->window + (unsigned)(s->window_size - 1),
+               "wild scan");
+
+        len = MAX_MATCH - (int)(strend - scan);
+        scan = strend - MAX_MATCH;
+
+#endif /* UNALIGNED_OK */
+
+        if (len > best_len) {
+            s->match_start = cur_match;
+            best_len = len;
+            if (len >= nice_match) break;
+#ifdef UNALIGNED_OK
+            scan_end = *(ushf*)(scan + best_len - 1);
+#else
+            scan_end1  = scan[best_len - 1];
+            scan_end   = scan[best_len];
+#endif
+        }
+    } while ((cur_match = prev[cur_match & wmask]) > limit
+             && --chain_length != 0);
+
+    if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
+    return s->lookahead;
+}
+
+#else /* FASTEST */
+
+/* ---------------------------------------------------------------------------
+ * Optimized version for FASTEST only
+ */
+local uInt longest_match(deflate_state *s, IPos cur_match) {
+    register Bytef *scan = s->window + s->strstart; /* current string */
+    register Bytef *match;                       /* matched string */
+    register int len;                           /* length of current match */
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+
+    /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
+     * It is easy to get rid of this optimization if necessary.
+     */
+    Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
+
+    Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,
+           "need lookahead");
+
+    Assert(cur_match < s->strstart, "no future");
+
+    match = s->window + cur_match;
+
+    /* Return failure if the match length is less than 2:
+     */
+    if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
+
+    /* The check at best_len - 1 can be removed because it will be made
+     * again later. (This heuristic is not always a win.)
+     * It is not necessary to compare scan[2] and match[2] since they
+     * are always equal when the other bytes match, given that
+     * the hash keys are equal and that HASH_BITS >= 8.
+     */
+    scan += 2, match += 2;
+    Assert(*scan == *match, "match[2]?");
+
+    /* We check for insufficient lookahead only every 8th comparison;
+     * the 256th check will be made at strstart + 258.
+     */
+    do {
+    } while (*++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             scan < strend);
+
+    Assert(scan <= s->window + (unsigned)(s->window_size - 1), "wild scan");
+
+    len = MAX_MATCH - (int)(strend - scan);
+
+    if (len < MIN_MATCH) return MIN_MATCH - 1;
+
+    s->match_start = cur_match;
+    return (uInt)len <= s->lookahead ? (uInt)len : s->lookahead;
+}
+
+#endif /* FASTEST */
+
+#ifdef ZLIB_DEBUG
+
+#define EQUAL 0
+/* result of memcmp for equal strings */
+
+/* ===========================================================================
+ * Check that the match at match_start is indeed a match.
+ */
+local void check_match(deflate_state *s, IPos start, IPos match, int length) {
+    /* check that the match is indeed a match */
+    Bytef *back = s->window + (int)match, *here = s->window + start;
+    IPos len = length;
+    if (match == (IPos)-1) {
+        /* match starts one byte before the current window -- just compare the
+           subsequent length-1 bytes */
+        back++;
+        here++;
+        len--;
+    }
+    if (zmemcmp(back, here, len) != EQUAL) {
+        fprintf(stderr, " start %u, match %d, length %d\n",
+                start, (int)match, length);
+        do {
+            fprintf(stderr, "(%02x %02x)", *back++, *here++);
+        } while (--len != 0);
+        z_error("invalid match");
+    }
+    if (z_verbose > 1) {
+        fprintf(stderr,"\\[%d,%d]", start - match, length);
+        do { putc(s->window[start++], stderr); } while (--length != 0);
+    }
+}
+#else
+#  define check_match(s, start, match, length)
+#endif /* ZLIB_DEBUG */
+
+/* ===========================================================================
+ * Flush the current block, with given end-of-file flag.
+ * IN assertion: strstart is set to the end of the current match.
+ */
+#define FLUSH_BLOCK_ONLY(s, last) { \
+   _tr_flush_block(s, (s->block_start >= 0L ? \
+                   (charf *)&s->window[(unsigned)s->block_start] : \
+                   (charf *)Z_NULL), \
+                (ulg)((long)s->strstart - s->block_start), \
+                (last)); \
+   s->block_start = s->strstart; \
+   flush_pending(s->strm); \
+   Tracev((stderr,"[FLUSH]")); \
+}
+
+/* Same but force premature exit if necessary. */
+#define FLUSH_BLOCK(s, last) { \
+   FLUSH_BLOCK_ONLY(s, last); \
+   if (s->strm->avail_out == 0) return (last) ? finish_started : need_more; \
+}
+
+/* Maximum stored block length in deflate format (not including header). */
+#define MAX_STORED 65535
+
+/* Minimum of a and b. */
+#define MIN(a, b) ((a) > (b) ? (b) : (a))
+
+/* ===========================================================================
+ * Copy without compression as much as possible from the input stream, return
+ * the current block state.
+ *
+ * In case deflateParams() is used to later switch to a non-zero compression
+ * level, s->matches (otherwise unused when storing) keeps track of the number
+ * of hash table slides to perform. If s->matches is 1, then one hash table
+ * slide will be done when switching. If s->matches is 2, the maximum value
+ * allowed here, then the hash table will be cleared, since two or more slides
+ * is the same as a clear.
+ *
+ * deflate_stored() is written to minimize the number of times an input byte is
+ * copied. It is most efficient with large input and output buffers, which
+ * maximizes the opportunities to have a single copy from next_in to next_out.
+ */
+local block_state deflate_stored(deflate_state *s, int flush) {
+    /* Smallest worthy block size when not flushing or finishing. By default
+     * this is 32K. This can be as small as 507 bytes for memLevel == 1. For
+     * large input and output buffers, the stored block size will be larger.
+     */
+    unsigned min_block = MIN(s->pending_buf_size - 5, s->w_size);
+
+    /* Copy as many min_block or larger stored blocks directly to next_out as
+     * possible. If flushing, copy the remaining available input to next_out as
+     * stored blocks, if there is enough space.
+     */
+    unsigned len, left, have, last = 0;
+    unsigned used = s->strm->avail_in;
+    do {
+        /* Set len to the maximum size block that we can copy directly with the
+         * available input data and output space. Set left to how much of that
+         * would be copied from what's left in the window.
+         */
+        len = MAX_STORED;       /* maximum deflate stored block length */
+        have = (s->bi_valid + 42) >> 3;         /* number of header bytes */
+        if (s->strm->avail_out < have)          /* need room for header */
+            break;
+            /* maximum stored block length that will fit in avail_out: */
+        have = s->strm->avail_out - have;
+        left = s->strstart - s->block_start;    /* bytes left in window */
+        if (len > (ulg)left + s->strm->avail_in)
+            len = left + s->strm->avail_in;     /* limit len to the input */
+        if (len > have)
+            len = have;                         /* limit len to the output */
+
+        /* If the stored block would be less than min_block in length, or if
+         * unable to copy all of the available input when flushing, then try
+         * copying to the window and the pending buffer instead. Also don't
+         * write an empty block when flushing -- deflate() does that.
+         */
+        if (len < min_block && ((len == 0 && flush != Z_FINISH) ||
+                                flush == Z_NO_FLUSH ||
+                                len != left + s->strm->avail_in))
+            break;
+
+        /* Make a dummy stored block in pending to get the header bytes,
+         * including any pending bits. This also updates the debugging counts.
+         */
+        last = flush == Z_FINISH && len == left + s->strm->avail_in ? 1 : 0;
+        _tr_stored_block(s, (char *)0, 0L, last);
+
+        /* Replace the lengths in the dummy stored block with len. */
+        s->pending_buf[s->pending - 4] = len;
+        s->pending_buf[s->pending - 3] = len >> 8;
+        s->pending_buf[s->pending - 2] = ~len;
+        s->pending_buf[s->pending - 1] = ~len >> 8;
+
+        /* Write the stored block header bytes. */
+        flush_pending(s->strm);
+
+#ifdef ZLIB_DEBUG
+        /* Update debugging counts for the data about to be copied. */
+        s->compressed_len += len << 3;
+        s->bits_sent += len << 3;
+#endif
+
+        /* Copy uncompressed bytes from the window to next_out. */
+        if (left) {
+            if (left > len)
+                left = len;
+            zmemcpy(s->strm->next_out, s->window + s->block_start, left);
+            s->strm->next_out += left;
+            s->strm->avail_out -= left;
+            s->strm->total_out += left;
+            s->block_start += left;
+            len -= left;
+        }
+
+        /* Copy uncompressed bytes directly from next_in to next_out, updating
+         * the check value.
+         */
+        if (len) {
+            read_buf(s->strm, s->strm->next_out, len);
+            s->strm->next_out += len;
+            s->strm->avail_out -= len;
+            s->strm->total_out += len;
+        }
+    } while (last == 0);
+
+    /* Update the sliding window with the last s->w_size bytes of the copied
+     * data, or append all of the copied data to the existing window if less
+     * than s->w_size bytes were copied. Also update the number of bytes to
+     * insert in the hash tables, in the event that deflateParams() switches to
+     * a non-zero compression level.
+     */
+    used -= s->strm->avail_in;      /* number of input bytes directly copied */
+    if (used) {
+        /* If any input was used, then no unused input remains in the window,
+         * therefore s->block_start == s->strstart.
+         */
+        if (used >= s->w_size) {    /* supplant the previous history */
+            s->matches = 2;         /* clear hash */
+            zmemcpy(s->window, s->strm->next_in - s->w_size, s->w_size);
+            s->strstart = s->w_size;
+            s->insert = s->strstart;
+        }
+        else {
+            if (s->window_size - s->strstart <= used) {
+                /* Slide the window down. */
+                s->strstart -= s->w_size;
+                zmemcpy(s->window, s->window + s->w_size, s->strstart);
+                if (s->matches < 2)
+                    s->matches++;   /* add a pending slide_hash() */
+                if (s->insert > s->strstart)
+                    s->insert = s->strstart;
+            }
+            zmemcpy(s->window + s->strstart, s->strm->next_in - used, used);
+            s->strstart += used;
+            s->insert += MIN(used, s->w_size - s->insert);
+        }
+        s->block_start = s->strstart;
+    }
+    if (s->high_water < s->strstart)
+        s->high_water = s->strstart;
+
+    /* If the last block was written to next_out, then done. */
+    if (last)
+        return finish_done;
+
+    /* If flushing and all input has been consumed, then done. */
+    if (flush != Z_NO_FLUSH && flush != Z_FINISH &&
+        s->strm->avail_in == 0 && (long)s->strstart == s->block_start)
+        return block_done;
+
+    /* Fill the window with any remaining input. */
+    have = s->window_size - s->strstart;
+    if (s->strm->avail_in > have && s->block_start >= (long)s->w_size) {
+        /* Slide the window down. */
+        s->block_start -= s->w_size;
+        s->strstart -= s->w_size;
+        zmemcpy(s->window, s->window + s->w_size, s->strstart);
+        if (s->matches < 2)
+            s->matches++;           /* add a pending slide_hash() */
+        have += s->w_size;          /* more space now */
+        if (s->insert > s->strstart)
+            s->insert = s->strstart;
+    }
+    if (have > s->strm->avail_in)
+        have = s->strm->avail_in;
+    if (have) {
+        read_buf(s->strm, s->window + s->strstart, have);
+        s->strstart += have;
+        s->insert += MIN(have, s->w_size - s->insert);
+    }
+    if (s->high_water < s->strstart)
+        s->high_water = s->strstart;
+
+    /* There was not enough avail_out to write a complete worthy or flushed
+     * stored block to next_out. Write a stored block to pending instead, if we
+     * have enough input for a worthy block, or if flushing and there is enough
+     * room for the remaining input as a stored block in the pending buffer.
+     */
+    have = (s->bi_valid + 42) >> 3;         /* number of header bytes */
+        /* maximum stored block length that will fit in pending: */
+    have = MIN(s->pending_buf_size - have, MAX_STORED);
+    min_block = MIN(have, s->w_size);
+    left = s->strstart - s->block_start;
+    if (left >= min_block ||
+        ((left || flush == Z_FINISH) && flush != Z_NO_FLUSH &&
+         s->strm->avail_in == 0 && left <= have)) {
+        len = MIN(left, have);
+        last = flush == Z_FINISH && s->strm->avail_in == 0 &&
+               len == left ? 1 : 0;
+        _tr_stored_block(s, (charf *)s->window + s->block_start, len, last);
+        s->block_start += len;
+        flush_pending(s->strm);
+    }
+
+    /* We've done all we can with the available input and output. */
+    return last ? finish_started : need_more;
+}
+
+/* ===========================================================================
+ * Compress as much as possible from the input stream, return the current
+ * block state.
+ * This function does not perform lazy evaluation of matches and inserts
+ * new strings in the dictionary only for unmatched strings or for short
+ * matches. It is used only for the fast compression options.
+ */
+local block_state deflate_fast(deflate_state *s, int flush) {
+    IPos hash_head;       /* head of the hash chain */
+    int bflush;           /* set if current block must be flushed */
+
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the next match, plus MIN_MATCH bytes to insert the
+         * string following the next match.
+         */
+        if (s->lookahead < MIN_LOOKAHEAD) {
+            fill_window(s);
+            if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* Insert the string window[strstart .. strstart + 2] in the
+         * dictionary, and set hash_head to the head of the hash chain:
+         */
+        hash_head = NIL;
+        if (s->lookahead >= MIN_MATCH) {
+            INSERT_STRING(s, s->strstart, hash_head);
+        }
+
+        /* Find the longest match, discarding those <= prev_length.
+         * At this point we have always match_length < MIN_MATCH
+         */
+        if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
+            /* To simplify the code, we prevent matches with the string
+             * of window index 0 (in particular we have to avoid a match
+             * of the string with itself at the start of the input file).
+             */
+            s->match_length = longest_match (s, hash_head);
+            /* longest_match() sets match_start */
+        }
+        if (s->match_length >= MIN_MATCH) {
+            check_match(s, s->strstart, s->match_start, s->match_length);
+
+            _tr_tally_dist(s, s->strstart - s->match_start,
+                           s->match_length - MIN_MATCH, bflush);
+
+            s->lookahead -= s->match_length;
+
+            /* Insert new strings in the hash table only if the match length
+             * is not too large. This saves time but degrades compression.
+             */
+#ifndef FASTEST
+            if (s->match_length <= s->max_insert_length &&
+                s->lookahead >= MIN_MATCH) {
+                s->match_length--; /* string at strstart already in table */
+                do {
+                    s->strstart++;
+                    INSERT_STRING(s, s->strstart, hash_head);
+                    /* strstart never exceeds WSIZE-MAX_MATCH, so there are
+                     * always MIN_MATCH bytes ahead.
+                     */
+                } while (--s->match_length != 0);
+                s->strstart++;
+            } else
+#endif
+            {
+                s->strstart += s->match_length;
+                s->match_length = 0;
+                s->ins_h = s->window[s->strstart];
+                UPDATE_HASH(s, s->ins_h, s->window[s->strstart + 1]);
+#if MIN_MATCH != 3
+                Call UPDATE_HASH() MIN_MATCH-3 more times
+#endif
+                /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
+                 * matter since it will be recomputed at next deflate call.
+                 */
+            }
+        } else {
+            /* No match, output a literal byte */
+            Tracevv((stderr,"%c", s->window[s->strstart]));
+            _tr_tally_lit(s, s->window[s->strstart], bflush);
+            s->lookahead--;
+            s->strstart++;
+        }
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
+
+#ifndef FASTEST
+/* ===========================================================================
+ * Same as above, but achieves better compression. We use a lazy
+ * evaluation for matches: a match is finally adopted only if there is
+ * no better match at the next window position.
+ */
+local block_state deflate_slow(deflate_state *s, int flush) {
+    IPos hash_head;          /* head of hash chain */
+    int bflush;              /* set if current block must be flushed */
+
+    /* Process the input block. */
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the next match, plus MIN_MATCH bytes to insert the
+         * string following the next match.
+         */
+        if (s->lookahead < MIN_LOOKAHEAD) {
+            fill_window(s);
+            if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* Insert the string window[strstart .. strstart + 2] in the
+         * dictionary, and set hash_head to the head of the hash chain:
+         */
+        hash_head = NIL;
+        if (s->lookahead >= MIN_MATCH) {
+            INSERT_STRING(s, s->strstart, hash_head);
+        }
+
+        /* Find the longest match, discarding those <= prev_length.
+         */
+        s->prev_length = s->match_length, s->prev_match = s->match_start;
+        s->match_length = MIN_MATCH-1;
+
+        if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
+            s->strstart - hash_head <= MAX_DIST(s)) {
+            /* To simplify the code, we prevent matches with the string
+             * of window index 0 (in particular we have to avoid a match
+             * of the string with itself at the start of the input file).
+             */
+            s->match_length = longest_match (s, hash_head);
+            /* longest_match() sets match_start */
+
+            if (s->match_length <= 5 && (s->strategy == Z_FILTERED
+#if TOO_FAR <= 32767
+                || (s->match_length == MIN_MATCH &&
+                    s->strstart - s->match_start > TOO_FAR)
+#endif
+                )) {
+
+                /* If prev_match is also MIN_MATCH, match_start is garbage
+                 * but we will ignore the current match anyway.
+                 */
+                s->match_length = MIN_MATCH-1;
+            }
+        }
+        /* If there was a match at the previous step and the current
+         * match is not better, output the previous match:
+         */
+        if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
+            uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
+            /* Do not insert strings in hash table beyond this. */
+
+            check_match(s, s->strstart - 1, s->prev_match, s->prev_length);
+
+            _tr_tally_dist(s, s->strstart - 1 - s->prev_match,
+                           s->prev_length - MIN_MATCH, bflush);
+
+            /* Insert in hash table all strings up to the end of the match.
+             * strstart - 1 and strstart are already inserted. If there is not
+             * enough lookahead, the last two strings are not inserted in
+             * the hash table.
+             */
+            s->lookahead -= s->prev_length - 1;
+            s->prev_length -= 2;
+            do {
+                if (++s->strstart <= max_insert) {
+                    INSERT_STRING(s, s->strstart, hash_head);
+                }
+            } while (--s->prev_length != 0);
+            s->match_available = 0;
+            s->match_length = MIN_MATCH-1;
+            s->strstart++;
+
+            if (bflush) FLUSH_BLOCK(s, 0);
+
+        } else if (s->match_available) {
+            /* If there was no match at the previous position, output a
+             * single literal. If there was a match but the current match
+             * is longer, truncate the previous match to a single literal.
+             */
+            Tracevv((stderr,"%c", s->window[s->strstart - 1]));
+            _tr_tally_lit(s, s->window[s->strstart - 1], bflush);
+            if (bflush) {
+                FLUSH_BLOCK_ONLY(s, 0);
+            }
+            s->strstart++;
+            s->lookahead--;
+            if (s->strm->avail_out == 0) return need_more;
+        } else {
+            /* There is no previous match to compare with, wait for
+             * the next step to decide.
+             */
+            s->match_available = 1;
+            s->strstart++;
+            s->lookahead--;
+        }
+    }
+    Assert (flush != Z_NO_FLUSH, "no flush?");
+    if (s->match_available) {
+        Tracevv((stderr,"%c", s->window[s->strstart - 1]));
+        _tr_tally_lit(s, s->window[s->strstart - 1], bflush);
+        s->match_available = 0;
+    }
+    s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
+#endif /* FASTEST */
+
+/* ===========================================================================
+ * For Z_RLE, simply look for runs of bytes, generate matches only of distance
+ * one.  Do not maintain a hash table.  (It will be regenerated if this run of
+ * deflate switches away from Z_RLE.)
+ */
+local block_state deflate_rle(deflate_state *s, int flush) {
+    int bflush;             /* set if current block must be flushed */
+    uInt prev;              /* byte at distance one to match */
+    Bytef *scan, *strend;   /* scan goes up to strend for length of run */
+
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the longest run, plus one for the unrolled loop.
+         */
+        if (s->lookahead <= MAX_MATCH) {
+            fill_window(s);
+            if (s->lookahead <= MAX_MATCH && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* See how many times the previous byte repeats */
+        s->match_length = 0;
+        if (s->lookahead >= MIN_MATCH && s->strstart > 0) {
+            scan = s->window + s->strstart - 1;
+            prev = *scan;
+            if (prev == *++scan && prev == *++scan && prev == *++scan) {
+                strend = s->window + s->strstart + MAX_MATCH;
+                do {
+                } while (prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         scan < strend);
+                s->match_length = MAX_MATCH - (uInt)(strend - scan);
+                if (s->match_length > s->lookahead)
+                    s->match_length = s->lookahead;
+            }
+            Assert(scan <= s->window + (uInt)(s->window_size - 1),
+                   "wild scan");
+        }
+
+        /* Emit match if have run of MIN_MATCH or longer, else emit literal */
+        if (s->match_length >= MIN_MATCH) {
+            check_match(s, s->strstart, s->strstart - 1, s->match_length);
+
+            _tr_tally_dist(s, 1, s->match_length - MIN_MATCH, bflush);
+
+            s->lookahead -= s->match_length;
+            s->strstart += s->match_length;
+            s->match_length = 0;
+        } else {
+            /* No match, output a literal byte */
+            Tracevv((stderr,"%c", s->window[s->strstart]));
+            _tr_tally_lit(s, s->window[s->strstart], bflush);
+            s->lookahead--;
+            s->strstart++;
+        }
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    s->insert = 0;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
+
+/* ===========================================================================
+ * For Z_HUFFMAN_ONLY, do not look for matches.  Do not maintain a hash table.
+ * (It will be regenerated if this run of deflate switches away from Huffman.)
+ */
+local block_state deflate_huff(deflate_state *s, int flush) {
+    int bflush;             /* set if current block must be flushed */
+
+    for (;;) {
+        /* Make sure that we have a literal to write. */
+        if (s->lookahead == 0) {
+            fill_window(s);
+            if (s->lookahead == 0) {
+                if (flush == Z_NO_FLUSH)
+                    return need_more;
+                break;      /* flush the current block */
+            }
+        }
+
+        /* Output a literal byte */
+        s->match_length = 0;
+        Tracevv((stderr,"%c", s->window[s->strstart]));
+        _tr_tally_lit(s, s->window[s->strstart], bflush);
+        s->lookahead--;
+        s->strstart++;
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    s->insert = 0;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
diff --git a/zlib-1.3.1/deflate.h b/zlib-1.3.1/deflate.h
new file mode 100644
index 00000000..300c6ada
--- /dev/null
+++ b/zlib-1.3.1/deflate.h
@@ -0,0 +1,377 @@
+/* deflate.h -- internal compression state
+ * Copyright (C) 1995-2024 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* @(#) $Id$ */
+
+#ifndef DEFLATE_H
+#define DEFLATE_H
+
+#include "zutil.h"
+
+/* define NO_GZIP when compiling if you want to disable gzip header and
+   trailer creation by deflate().  NO_GZIP would be used to avoid linking in
+   the crc code when it is not needed.  For shared libraries, gzip encoding
+   should be left enabled. */
+#ifndef NO_GZIP
+#  define GZIP
+#endif
+
+/* define LIT_MEM to slightly increase the speed of deflate (order 1% to 2%) at
+   the cost of a larger memory footprint */
+/* #define LIT_MEM */
+
+/* ===========================================================================
+ * Internal compression state.
+ */
+
+#define LENGTH_CODES 29
+/* number of length codes, not counting the special END_BLOCK code */
+
+#define LITERALS  256
+/* number of literal bytes 0..255 */
+
+#define L_CODES (LITERALS+1+LENGTH_CODES)
+/* number of Literal or Length codes, including the END_BLOCK code */
+
+#define D_CODES   30
+/* number of distance codes */
+
+#define BL_CODES  19
+/* number of codes used to transfer the bit lengths */
+
+#define HEAP_SIZE (2*L_CODES+1)
+/* maximum heap size */
+
+#define MAX_BITS 15
+/* All codes must not exceed MAX_BITS bits */
+
+#define Buf_size 16
+/* size of bit buffer in bi_buf */
+
+#define INIT_STATE    42    /* zlib header -> BUSY_STATE */
+#ifdef GZIP
+#  define GZIP_STATE  57    /* gzip header -> BUSY_STATE | EXTRA_STATE */
+#endif
+#define EXTRA_STATE   69    /* gzip extra block -> NAME_STATE */
+#define NAME_STATE    73    /* gzip file name -> COMMENT_STATE */
+#define COMMENT_STATE 91    /* gzip comment -> HCRC_STATE */
+#define HCRC_STATE   103    /* gzip header CRC -> BUSY_STATE */
+#define BUSY_STATE   113    /* deflate -> FINISH_STATE */
+#define FINISH_STATE 666    /* stream complete */
+/* Stream status */
+
+
+/* Data structure describing a single value and its code string. */
+typedef struct ct_data_s {
+    union {
+        ush  freq;       /* frequency count */
+        ush  code;       /* bit string */
+    } fc;
+    union {
+        ush  dad;        /* father node in Huffman tree */
+        ush  len;        /* length of bit string */
+    } dl;
+} FAR ct_data;
+
+#define Freq fc.freq
+#define Code fc.code
+#define Dad  dl.dad
+#define Len  dl.len
+
+typedef struct static_tree_desc_s  static_tree_desc;
+
+typedef struct tree_desc_s {
+    ct_data *dyn_tree;           /* the dynamic tree */
+    int     max_code;            /* largest code with non zero frequency */
+    const static_tree_desc *stat_desc;  /* the corresponding static tree */
+} FAR tree_desc;
+
+typedef ush Pos;
+typedef Pos FAR Posf;
+typedef unsigned IPos;
+
+/* A Pos is an index in the character window. We use short instead of int to
+ * save space in the various tables. IPos is used only for parameter passing.
+ */
+
+typedef struct internal_state {
+    z_streamp strm;      /* pointer back to this zlib stream */
+    int   status;        /* as the name implies */
+    Bytef *pending_buf;  /* output still pending */
+    ulg   pending_buf_size; /* size of pending_buf */
+    Bytef *pending_out;  /* next pending byte to output to the stream */
+    ulg   pending;       /* nb of bytes in the pending buffer */
+    int   wrap;          /* bit 0 true for zlib, bit 1 true for gzip */
+    gz_headerp  gzhead;  /* gzip header information to write */
+    ulg   gzindex;       /* where in extra, name, or comment */
+    Byte  method;        /* can only be DEFLATED */
+    int   last_flush;    /* value of flush param for previous deflate call */
+
+                /* used by deflate.c: */
+
+    uInt  w_size;        /* LZ77 window size (32K by default) */
+    uInt  w_bits;        /* log2(w_size)  (8..16) */
+    uInt  w_mask;        /* w_size - 1 */
+
+    Bytef *window;
+    /* Sliding window. Input bytes are read into the second half of the window,
+     * and move to the first half later to keep a dictionary of at least wSize
+     * bytes. With this organization, matches are limited to a distance of
+     * wSize-MAX_MATCH bytes, but this ensures that IO is always
+     * performed with a length multiple of the block size. Also, it limits
+     * the window size to 64K, which is quite useful on MSDOS.
+     * To do: use the user input buffer as sliding window.
+     */
+
+    ulg window_size;
+    /* Actual size of window: 2*wSize, except when the user input buffer
+     * is directly used as sliding window.
+     */
+
+    Posf *prev;
+    /* Link to older string with same hash index. To limit the size of this
+     * array to 64K, this link is maintained only for the last 32K strings.
+     * An index in this array is thus a window index modulo 32K.
+     */
+
+    Posf *head; /* Heads of the hash chains or NIL. */
+
+    uInt  ins_h;          /* hash index of string to be inserted */
+    uInt  hash_size;      /* number of elements in hash table */
+    uInt  hash_bits;      /* log2(hash_size) */
+    uInt  hash_mask;      /* hash_size-1 */
+
+    uInt  hash_shift;
+    /* Number of bits by which ins_h must be shifted at each input
+     * step. It must be such that after MIN_MATCH steps, the oldest
+     * byte no longer takes part in the hash key, that is:
+     *   hash_shift * MIN_MATCH >= hash_bits
+     */
+
+    long block_start;
+    /* Window position at the beginning of the current output block. Gets
+     * negative when the window is moved backwards.
+     */
+
+    uInt match_length;           /* length of best match */
+    IPos prev_match;             /* previous match */
+    int match_available;         /* set if previous match exists */
+    uInt strstart;               /* start of string to insert */
+    uInt match_start;            /* start of matching string */
+    uInt lookahead;              /* number of valid bytes ahead in window */
+
+    uInt prev_length;
+    /* Length of the best match at previous step. Matches not greater than this
+     * are discarded. This is used in the lazy match evaluation.
+     */
+
+    uInt max_chain_length;
+    /* To speed up deflation, hash chains are never searched beyond this
+     * length.  A higher limit improves compression ratio but degrades the
+     * speed.
+     */
+
+    uInt max_lazy_match;
+    /* Attempt to find a better match only when the current match is strictly
+     * smaller than this value. This mechanism is used only for compression
+     * levels >= 4.
+     */
+#   define max_insert_length  max_lazy_match
+    /* Insert new strings in the hash table only if the match length is not
+     * greater than this length. This saves time but degrades compression.
+     * max_insert_length is used only for compression levels <= 3.
+     */
+
+    int level;    /* compression level (1..9) */
+    int strategy; /* favor or force Huffman coding*/
+
+    uInt good_match;
+    /* Use a faster search when the previous match is longer than this */
+
+    int nice_match; /* Stop searching when current match exceeds this */
+
+                /* used by trees.c: */
+    /* Didn't use ct_data typedef below to suppress compiler warning */
+    struct ct_data_s dyn_ltree[HEAP_SIZE];   /* literal and length tree */
+    struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
+    struct ct_data_s bl_tree[2*BL_CODES+1];  /* Huffman tree for bit lengths */
+
+    struct tree_desc_s l_desc;               /* desc. for literal tree */
+    struct tree_desc_s d_desc;               /* desc. for distance tree */
+    struct tree_desc_s bl_desc;              /* desc. for bit length tree */
+
+    ush bl_count[MAX_BITS+1];
+    /* number of codes at each bit length for an optimal tree */
+
+    int heap[2*L_CODES+1];      /* heap used to build the Huffman trees */
+    int heap_len;               /* number of elements in the heap */
+    int heap_max;               /* element of largest frequency */
+    /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
+     * The same heap array is used to build all trees.
+     */
+
+    uch depth[2*L_CODES+1];
+    /* Depth of each subtree used as tie breaker for trees of equal frequency
+     */
+
+#ifdef LIT_MEM
+#   define LIT_BUFS 5
+    ushf *d_buf;          /* buffer for distances */
+    uchf *l_buf;          /* buffer for literals/lengths */
+#else
+#   define LIT_BUFS 4
+    uchf *sym_buf;        /* buffer for distances and literals/lengths */
+#endif
+
+    uInt  lit_bufsize;
+    /* Size of match buffer for literals/lengths.  There are 4 reasons for
+     * limiting lit_bufsize to 64K:
+     *   - frequencies can be kept in 16 bit counters
+     *   - if compression is not successful for the first block, all input
+     *     data is still in the window so we can still emit a stored block even
+     *     when input comes from standard input.  (This can also be done for
+     *     all blocks if lit_bufsize is not greater than 32K.)
+     *   - if compression is not successful for a file smaller than 64K, we can
+     *     even emit a stored file instead of a stored block (saving 5 bytes).
+     *     This is applicable only for zip (not gzip or zlib).
+     *   - creating new Huffman trees less frequently may not provide fast
+     *     adaptation to changes in the input data statistics. (Take for
+     *     example a binary file with poorly compressible code followed by
+     *     a highly compressible string table.) Smaller buffer sizes give
+     *     fast adaptation but have of course the overhead of transmitting
+     *     trees more frequently.
+     *   - I can't count above 4
+     */
+
+    uInt sym_next;      /* running index in symbol buffer */
+    uInt sym_end;       /* symbol table full when sym_next reaches this */
+
+    ulg opt_len;        /* bit length of current block with optimal trees */
+    ulg static_len;     /* bit length of current block with static trees */
+    uInt matches;       /* number of string matches in current block */
+    uInt insert;        /* bytes at end of window left to insert */
+
+#ifdef ZLIB_DEBUG
+    ulg compressed_len; /* total bit length of compressed file mod 2^32 */
+    ulg bits_sent;      /* bit length of compressed data sent mod 2^32 */
+#endif
+
+    ush bi_buf;
+    /* Output buffer. bits are inserted starting at the bottom (least
+     * significant bits).
+     */
+    int bi_valid;
+    /* Number of valid bits in bi_buf.  All bits above the last valid bit
+     * are always zero.
+     */
+
+    ulg high_water;
+    /* High water mark offset in window for initialized bytes -- bytes above
+     * this are set to zero in order to avoid memory check warnings when
+     * longest match routines access bytes past the input.  This is then
+     * updated to the new high water mark.
+     */
+
+} FAR deflate_state;
+
+/* Output a byte on the stream.
+ * IN assertion: there is enough room in pending_buf.
+ */
+#define put_byte(s, c) {s->pending_buf[s->pending++] = (Bytef)(c);}
+
+
+#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
+/* Minimum amount of lookahead, except at the end of the input file.
+ * See deflate.c for comments about the MIN_MATCH+1.
+ */
+
+#define MAX_DIST(s)  ((s)->w_size-MIN_LOOKAHEAD)
+/* In order to simplify the code, particularly on 16 bit machines, match
+ * distances are limited to MAX_DIST instead of WSIZE.
+ */
+
+#define WIN_INIT MAX_MATCH
+/* Number of bytes after end of data in window to initialize in order to avoid
+   memory checker errors from longest match routines */
+
+        /* in trees.c */
+void ZLIB_INTERNAL _tr_init(deflate_state *s);
+int ZLIB_INTERNAL _tr_tally(deflate_state *s, unsigned dist, unsigned lc);
+void ZLIB_INTERNAL _tr_flush_block(deflate_state *s, charf *buf,
+                                   ulg stored_len, int last);
+void ZLIB_INTERNAL _tr_flush_bits(deflate_state *s);
+void ZLIB_INTERNAL _tr_align(deflate_state *s);
+void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf,
+                                    ulg stored_len, int last);
+
+#define d_code(dist) \
+   ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
+/* Mapping from a distance to a distance code. dist is the distance - 1 and
+ * must not have side effects. _dist_code[256] and _dist_code[257] are never
+ * used.
+ */
+
+#ifndef ZLIB_DEBUG
+/* Inline versions of _tr_tally for speed: */
+
+#if defined(GEN_TREES_H) || !defined(STDC)
+  extern uch ZLIB_INTERNAL _length_code[];
+  extern uch ZLIB_INTERNAL _dist_code[];
+#else
+  extern const uch ZLIB_INTERNAL _length_code[];
+  extern const uch ZLIB_INTERNAL _dist_code[];
+#endif
+
+#ifdef LIT_MEM
+# define _tr_tally_lit(s, c, flush) \
+  { uch cc = (c); \
+    s->d_buf[s->sym_next] = 0; \
+    s->l_buf[s->sym_next++] = cc; \
+    s->dyn_ltree[cc].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+   }
+# define _tr_tally_dist(s, distance, length, flush) \
+  { uch len = (uch)(length); \
+    ush dist = (ush)(distance); \
+    s->d_buf[s->sym_next] = dist; \
+    s->l_buf[s->sym_next++] = len; \
+    dist--; \
+    s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+    s->dyn_dtree[d_code(dist)].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+  }
+#else
+# define _tr_tally_lit(s, c, flush) \
+  { uch cc = (c); \
+    s->sym_buf[s->sym_next++] = 0; \
+    s->sym_buf[s->sym_next++] = 0; \
+    s->sym_buf[s->sym_next++] = cc; \
+    s->dyn_ltree[cc].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+   }
+# define _tr_tally_dist(s, distance, length, flush) \
+  { uch len = (uch)(length); \
+    ush dist = (ush)(distance); \
+    s->sym_buf[s->sym_next++] = (uch)dist; \
+    s->sym_buf[s->sym_next++] = (uch)(dist >> 8); \
+    s->sym_buf[s->sym_next++] = len; \
+    dist--; \
+    s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+    s->dyn_dtree[d_code(dist)].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+  }
+#endif
+#else
+# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
+# define _tr_tally_dist(s, distance, length, flush) \
+              flush = _tr_tally(s, distance, length)
+#endif
+
+#endif /* DEFLATE_H */
diff --git a/zlib-1.3.1/doc/algorithm.txt b/zlib-1.3.1/doc/algorithm.txt
new file mode 100644
index 00000000..029e5a31
--- /dev/null
+++ b/zlib-1.3.1/doc/algorithm.txt
@@ -0,0 +1,209 @@
+1. Compression algorithm (deflate)
+
+The deflation algorithm used by gzip (also zip and zlib) is a variation of
+LZ77 (Lempel-Ziv 1977, see reference below). It finds duplicated strings in
+the input data.  The second occurrence of a string is replaced by a
+pointer to the previous string, in the form of a pair (distance,
+length).  Distances are limited to 32K bytes, and lengths are limited
+to 258 bytes. When a string does not occur anywhere in the previous
+32K bytes, it is emitted as a sequence of literal bytes.  (In this
+description, `string' must be taken as an arbitrary sequence of bytes,
+and is not restricted to printable characters.)
+
+Literals or match lengths are compressed with one Huffman tree, and
+match distances are compressed with another tree. The trees are stored
+in a compact form at the start of each block. The blocks can have any
+size (except that the compressed data for one block must fit in
+available memory). A block is terminated when deflate() determines that
+it would be useful to start another block with fresh trees. (This is
+somewhat similar to the behavior of LZW-based _compress_.)
+
+Duplicated strings are found using a hash table. All input strings of
+length 3 are inserted in the hash table. A hash index is computed for
+the next 3 bytes. If the hash chain for this index is not empty, all
+strings in the chain are compared with the current input string, and
+the longest match is selected.
+
+The hash chains are searched starting with the most recent strings, to
+favor small distances and thus take advantage of the Huffman encoding.
+The hash chains are singly linked. There are no deletions from the
+hash chains, the algorithm simply discards matches that are too old.
+
+To avoid a worst-case situation, very long hash chains are arbitrarily
+truncated at a certain length, determined by a runtime option (level
+parameter of deflateInit). So deflate() does not always find the longest
+possible match but generally finds a match which is long enough.
+
+deflate() also defers the selection of matches with a lazy evaluation
+mechanism. After a match of length N has been found, deflate() searches for
+a longer match at the next input byte. If a longer match is found, the
+previous match is truncated to a length of one (thus producing a single
+literal byte) and the process of lazy evaluation begins again. Otherwise,
+the original match is kept, and the next match search is attempted only N
+steps later.
+
+The lazy match evaluation is also subject to a runtime parameter. If
+the current match is long enough, deflate() reduces the search for a longer
+match, thus speeding up the whole process. If compression ratio is more
+important than speed, deflate() attempts a complete second search even if
+the first match is already long enough.
+
+The lazy match evaluation is not performed for the fastest compression
+modes (level parameter 1 to 3). For these fast modes, new strings
+are inserted in the hash table only when no match was found, or
+when the match is not too long. This degrades the compression ratio
+but saves time since there are both fewer insertions and fewer searches.
+
+
+2. Decompression algorithm (inflate)
+
+2.1 Introduction
+
+The key question is how to represent a Huffman code (or any prefix code) so
+that you can decode fast.  The most important characteristic is that shorter
+codes are much more common than longer codes, so pay attention to decoding the
+short codes fast, and let the long codes take longer to decode.
+
+inflate() sets up a first level table that covers some number of bits of
+input less than the length of longest code.  It gets that many bits from the
+stream, and looks it up in the table.  The table will tell if the next
+code is that many bits or less and how many, and if it is, it will tell
+the value, else it will point to the next level table for which inflate()
+grabs more bits and tries to decode a longer code.
+
+How many bits to make the first lookup is a tradeoff between the time it
+takes to decode and the time it takes to build the table.  If building the
+table took no time (and if you had infinite memory), then there would only
+be a first level table to cover all the way to the longest code.  However,
+building the table ends up taking a lot longer for more bits since short
+codes are replicated many times in such a table.  What inflate() does is
+simply to make the number of bits in the first table a variable, and then
+to set that variable for the maximum speed.
+
+For inflate, which has 286 possible codes for the literal/length tree, the size
+of the first table is nine bits.  Also the distance trees have 30 possible
+values, and the size of the first table is six bits.  Note that for each of
+those cases, the table ended up one bit longer than the ``average'' code
+length, i.e. the code length of an approximately flat code which would be a
+little more than eight bits for 286 symbols and a little less than five bits
+for 30 symbols.
+
+
+2.2 More details on the inflate table lookup
+
+Ok, you want to know what this cleverly obfuscated inflate tree actually
+looks like.  You are correct that it's not a Huffman tree.  It is simply a
+lookup table for the first, let's say, nine bits of a Huffman symbol.  The
+symbol could be as short as one bit or as long as 15 bits.  If a particular
+symbol is shorter than nine bits, then that symbol's translation is duplicated
+in all those entries that start with that symbol's bits.  For example, if the
+symbol is four bits, then it's duplicated 32 times in a nine-bit table.  If a
+symbol is nine bits long, it appears in the table once.
+
+If the symbol is longer than nine bits, then that entry in the table points
+to another similar table for the remaining bits.  Again, there are duplicated
+entries as needed.  The idea is that most of the time the symbol will be short
+and there will only be one table look up.  (That's whole idea behind data
+compression in the first place.)  For the less frequent long symbols, there
+will be two lookups.  If you had a compression method with really long
+symbols, you could have as many levels of lookups as is efficient.  For
+inflate, two is enough.
+
+So a table entry either points to another table (in which case nine bits in
+the above example are gobbled), or it contains the translation for the symbol
+and the number of bits to gobble.  Then you start again with the next
+ungobbled bit.
+
+You may wonder: why not just have one lookup table for how ever many bits the
+longest symbol is?  The reason is that if you do that, you end up spending
+more time filling in duplicate symbol entries than you do actually decoding.
+At least for deflate's output that generates new trees every several 10's of
+kbytes.  You can imagine that filling in a 2^15 entry table for a 15-bit code
+would take too long if you're only decoding several thousand symbols.  At the
+other extreme, you could make a new table for every bit in the code.  In fact,
+that's essentially a Huffman tree.  But then you spend too much time
+traversing the tree while decoding, even for short symbols.
+
+So the number of bits for the first lookup table is a trade of the time to
+fill out the table vs. the time spent looking at the second level and above of
+the table.
+
+Here is an example, scaled down:
+
+The code being decoded, with 10 symbols, from 1 to 6 bits long:
+
+A: 0
+B: 10
+C: 1100
+D: 11010
+E: 11011
+F: 11100
+G: 11101
+H: 11110
+I: 111110
+J: 111111
+
+Let's make the first table three bits long (eight entries):
+
+000: A,1
+001: A,1
+010: A,1
+011: A,1
+100: B,2
+101: B,2
+110: -> table X (gobble 3 bits)
+111: -> table Y (gobble 3 bits)
+
+Each entry is what the bits decode as and how many bits that is, i.e. how
+many bits to gobble.  Or the entry points to another table, with the number of
+bits to gobble implicit in the size of the table.
+
+Table X is two bits long since the longest code starting with 110 is five bits
+long:
+
+00: C,1
+01: C,1
+10: D,2
+11: E,2
+
+Table Y is three bits long since the longest code starting with 111 is six
+bits long:
+
+000: F,2
+001: F,2
+010: G,2
+011: G,2
+100: H,2
+101: H,2
+110: I,3
+111: J,3
+
+So what we have here are three tables with a total of 20 entries that had to
+be constructed.  That's compared to 64 entries for a single table.  Or
+compared to 16 entries for a Huffman tree (six two entry tables and one four
+entry table).  Assuming that the code ideally represents the probability of
+the symbols, it takes on the average 1.25 lookups per symbol.  That's compared
+to one lookup for the single table, or 1.66 lookups per symbol for the
+Huffman tree.
+
+There, I think that gives you a picture of what's going on.  For inflate, the
+meaning of a particular symbol is often more than just a letter.  It can be a
+byte (a "literal"), or it can be either a length or a distance which
+indicates a base value and a number of bits to fetch after the code that is
+added to the base value.  Or it might be the special end-of-block code.  The
+data structures created in inftrees.c try to encode all that information
+compactly in the tables.
+
+
+Jean-loup Gailly        Mark Adler
+jloup@gzip.org          madler@alumni.caltech.edu
+
+
+References:
+
+[LZ77] Ziv J., Lempel A., ``A Universal Algorithm for Sequential Data
+Compression,'' IEEE Transactions on Information Theory, Vol. 23, No. 3,
+pp. 337-343.
+
+``DEFLATE Compressed Data Format Specification'' available in
+http://tools.ietf.org/html/rfc1951
diff --git a/zlib-1.3.1/doc/crc-doc.1.0.pdf b/zlib-1.3.1/doc/crc-doc.1.0.pdf
new file mode 100644
index 00000000..d6942ecc
Binary files /dev/null and b/zlib-1.3.1/doc/crc-doc.1.0.pdf differ
diff --git a/zlib-1.3.1/doc/rfc1950.txt b/zlib-1.3.1/doc/rfc1950.txt
new file mode 100644
index 00000000..ce6428a0
--- /dev/null
+++ b/zlib-1.3.1/doc/rfc1950.txt
@@ -0,0 +1,619 @@
+
+
+
+
+
+
+Network Working Group                                         P. Deutsch
+Request for Comments: 1950                           Aladdin Enterprises
+Category: Informational                                      J-L. Gailly
+                                                                Info-ZIP
+                                                                May 1996
+
+
+         ZLIB Compressed Data Format Specification version 3.3
+
+Status of This Memo
+
+   This memo provides information for the Internet community.  This memo
+   does not specify an Internet standard of any kind.  Distribution of
+   this memo is unlimited.
+
+IESG Note:
+
+   The IESG takes no position on the validity of any Intellectual
+   Property Rights statements contained in this document.
+
+Notices
+
+   Copyright (c) 1996 L. Peter Deutsch and Jean-Loup Gailly
+
+   Permission is granted to copy and distribute this document for any
+   purpose and without charge, including translations into other
+   languages and incorporation into compilations, provided that the
+   copyright notice and this notice are preserved, and that any
+   substantive changes or deletions from the original are clearly
+   marked.
+
+   A pointer to the latest version of this and related documentation in
+   HTML format can be found at the URL
+   <ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html>.
+
+Abstract
+
+   This specification defines a lossless compressed data format.  The
+   data can be produced or consumed, even for an arbitrarily long
+   sequentially presented input data stream, using only an a priori
+   bounded amount of intermediate storage.  The format presently uses
+   the DEFLATE compression method but can be easily extended to use
+   other compression methods.  It can be implemented readily in a manner
+   not covered by patents.  This specification also defines the ADLER-32
+   checksum (an extension and improvement of the Fletcher checksum),
+   used for detection of data corruption, and provides an algorithm for
+   computing it.
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 1]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+Table of Contents
+
+   1. Introduction ................................................... 2
+      1.1. Purpose ................................................... 2
+      1.2. Intended audience ......................................... 3
+      1.3. Scope ..................................................... 3
+      1.4. Compliance ................................................ 3
+      1.5.  Definitions of terms and conventions used ................ 3
+      1.6. Changes from previous versions ............................ 3
+   2. Detailed specification ......................................... 3
+      2.1. Overall conventions ....................................... 3
+      2.2. Data format ............................................... 4
+      2.3. Compliance ................................................ 7
+   3. References ..................................................... 7
+   4. Source code .................................................... 8
+   5. Security Considerations ........................................ 8
+   6. Acknowledgements ............................................... 8
+   7. Authors' Addresses ............................................. 8
+   8. Appendix: Rationale ............................................ 9
+   9. Appendix: Sample code ..........................................10
+
+1. Introduction
+
+   1.1. Purpose
+
+      The purpose of this specification is to define a lossless
+      compressed data format that:
+
+          * Is independent of CPU type, operating system, file system,
+            and character set, and hence can be used for interchange;
+
+          * Can be produced or consumed, even for an arbitrarily long
+            sequentially presented input data stream, using only an a
+            priori bounded amount of intermediate storage, and hence can
+            be used in data communications or similar structures such as
+            Unix filters;
+
+          * Can use a number of different compression methods;
+
+          * Can be implemented readily in a manner not covered by
+            patents, and hence can be practiced freely.
+
+      The data format defined by this specification does not attempt to
+      allow random access to compressed data.
+
+
+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 2]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+   1.2. Intended audience
+
+      This specification is intended for use by implementors of software
+      to compress data into zlib format and/or decompress data from zlib
+      format.
+
+      The text of the specification assumes a basic background in
+      programming at the level of bits and other primitive data
+      representations.
+
+   1.3. Scope
+
+      The specification specifies a compressed data format that can be
+      used for in-memory compression of a sequence of arbitrary bytes.
+
+   1.4. Compliance
+
+      Unless otherwise indicated below, a compliant decompressor must be
+      able to accept and decompress any data set that conforms to all
+      the specifications presented here; a compliant compressor must
+      produce data sets that conform to all the specifications presented
+      here.
+
+   1.5.  Definitions of terms and conventions used
+
+      byte: 8 bits stored or transmitted as a unit (same as an octet).
+      (For this specification, a byte is exactly 8 bits, even on
+      machines which store a character on a number of bits different
+      from 8.) See below, for the numbering of bits within a byte.
+
+   1.6. Changes from previous versions
+
+      Version 3.1 was the first public release of this specification.
+      In version 3.2, some terminology was changed and the Adler-32
+      sample code was rewritten for clarity.  In version 3.3, the
+      support for a preset dictionary was introduced, and the
+      specification was converted to RFC style.
+
+2. Detailed specification
+
+   2.1. Overall conventions
+
+      In the diagrams below, a box like this:
+
+         +---+
+         |   | <-- the vertical bars might be missing
+         +---+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 3]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+      represents one byte; a box like this:
+
+         +==============+
+         |              |
+         +==============+
+
+      represents a variable number of bytes.
+
+      Bytes stored within a computer do not have a "bit order", since
+      they are always treated as a unit.  However, a byte considered as
+      an integer between 0 and 255 does have a most- and least-
+      significant bit, and since we write numbers with the most-
+      significant digit on the left, we also write bytes with the most-
+      significant bit on the left.  In the diagrams below, we number the
+      bits of a byte so that bit 0 is the least-significant bit, i.e.,
+      the bits are numbered:
+
+         +--------+
+         |76543210|
+         +--------+
+
+      Within a computer, a number may occupy multiple bytes.  All
+      multi-byte numbers in the format described here are stored with
+      the MOST-significant byte first (at the lower memory address).
+      For example, the decimal number 520 is stored as:
+
+             0     1
+         +--------+--------+
+         |00000010|00001000|
+         +--------+--------+
+          ^        ^
+          |        |
+          |        + less significant byte = 8
+          + more significant byte = 2 x 256
+
+   2.2. Data format
+
+      A zlib stream has the following structure:
+
+           0   1
+         +---+---+
+         |CMF|FLG|   (more-->)
+         +---+---+
+
+
+
+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 4]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+      (if FLG.FDICT set)
+
+           0   1   2   3
+         +---+---+---+---+
+         |     DICTID    |   (more-->)
+         +---+---+---+---+
+
+         +=====================+---+---+---+---+
+         |...compressed data...|    ADLER32    |
+         +=====================+---+---+---+---+
+
+      Any data which may appear after ADLER32 are not part of the zlib
+      stream.
+
+      CMF (Compression Method and flags)
+         This byte is divided into a 4-bit compression method and a 4-
+         bit information field depending on the compression method.
+
+            bits 0 to 3  CM     Compression method
+            bits 4 to 7  CINFO  Compression info
+
+      CM (Compression method)
+         This identifies the compression method used in the file. CM = 8
+         denotes the "deflate" compression method with a window size up
+         to 32K.  This is the method used by gzip and PNG (see
+         references [1] and [2] in Chapter 3, below, for the reference
+         documents).  CM = 15 is reserved.  It might be used in a future
+         version of this specification to indicate the presence of an
+         extra field before the compressed data.
+
+      CINFO (Compression info)
+         For CM = 8, CINFO is the base-2 logarithm of the LZ77 window
+         size, minus eight (CINFO=7 indicates a 32K window size). Values
+         of CINFO above 7 are not allowed in this version of the
+         specification.  CINFO is not defined in this specification for
+         CM not equal to 8.
+
+      FLG (FLaGs)
+         This flag byte is divided as follows:
+
+            bits 0 to 4  FCHECK  (check bits for CMF and FLG)
+            bit  5       FDICT   (preset dictionary)
+            bits 6 to 7  FLEVEL  (compression level)
+
+         The FCHECK value must be such that CMF and FLG, when viewed as
+         a 16-bit unsigned integer stored in MSB order (CMF*256 + FLG),
+         is a multiple of 31.
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 5]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+      FDICT (Preset dictionary)
+         If FDICT is set, a DICT dictionary identifier is present
+         immediately after the FLG byte. The dictionary is a sequence of
+         bytes which are initially fed to the compressor without
+         producing any compressed output. DICT is the Adler-32 checksum
+         of this sequence of bytes (see the definition of ADLER32
+         below).  The decompressor can use this identifier to determine
+         which dictionary has been used by the compressor.
+
+      FLEVEL (Compression level)
+         These flags are available for use by specific compression
+         methods.  The "deflate" method (CM = 8) sets these flags as
+         follows:
+
+            0 - compressor used fastest algorithm
+            1 - compressor used fast algorithm
+            2 - compressor used default algorithm
+            3 - compressor used maximum compression, slowest algorithm
+
+         The information in FLEVEL is not needed for decompression; it
+         is there to indicate if recompression might be worthwhile.
+
+      compressed data
+         For compression method 8, the compressed data is stored in the
+         deflate compressed data format as described in the document
+         "DEFLATE Compressed Data Format Specification" by L. Peter
+         Deutsch. (See reference [3] in Chapter 3, below)
+
+         Other compressed data formats are not specified in this version
+         of the zlib specification.
+
+      ADLER32 (Adler-32 checksum)
+         This contains a checksum value of the uncompressed data
+         (excluding any dictionary data) computed according to Adler-32
+         algorithm. This algorithm is a 32-bit extension and improvement
+         of the Fletcher algorithm, used in the ITU-T X.224 / ISO 8073
+         standard. See references [4] and [5] in Chapter 3, below)
+
+         Adler-32 is composed of two sums accumulated per byte: s1 is
+         the sum of all bytes, s2 is the sum of all s1 values. Both sums
+         are done modulo 65521. s1 is initialized to 1, s2 to zero.  The
+         Adler-32 checksum is stored as s2*65536 + s1 in most-
+         significant-byte first (network) order.
+
+
+
+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 6]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+   2.3. Compliance
+
+      A compliant compressor must produce streams with correct CMF, FLG
+      and ADLER32, but need not support preset dictionaries.  When the
+      zlib data format is used as part of another standard data format,
+      the compressor may use only preset dictionaries that are specified
+      by this other data format.  If this other format does not use the
+      preset dictionary feature, the compressor must not set the FDICT
+      flag.
+
+      A compliant decompressor must check CMF, FLG, and ADLER32, and
+      provide an error indication if any of these have incorrect values.
+      A compliant decompressor must give an error indication if CM is
+      not one of the values defined in this specification (only the
+      value 8 is permitted in this version), since another value could
+      indicate the presence of new features that would cause subsequent
+      data to be interpreted incorrectly.  A compliant decompressor must
+      give an error indication if FDICT is set and DICTID is not the
+      identifier of a known preset dictionary.  A decompressor may
+      ignore FLEVEL and still be compliant.  When the zlib data format
+      is being used as a part of another standard format, a compliant
+      decompressor must support all the preset dictionaries specified by
+      the other format. When the other format does not use the preset
+      dictionary feature, a compliant decompressor must reject any
+      stream in which the FDICT flag is set.
+
+3. References
+
+   [1] Deutsch, L.P.,"GZIP Compressed Data Format Specification",
+       available in ftp://ftp.uu.net/pub/archiving/zip/doc/
+
+   [2] Thomas Boutell, "PNG (Portable Network Graphics) specification",
+       available in ftp://ftp.uu.net/graphics/png/documents/
+
+   [3] Deutsch, L.P.,"DEFLATE Compressed Data Format Specification",
+       available in ftp://ftp.uu.net/pub/archiving/zip/doc/
+
+   [4] Fletcher, J. G., "An Arithmetic Checksum for Serial
+       Transmissions," IEEE Transactions on Communications, Vol. COM-30,
+       No. 1, January 1982, pp. 247-252.
+
+   [5] ITU-T Recommendation X.224, Annex D, "Checksum Algorithms,"
+       November, 1993, pp. 144, 145. (Available from
+       gopher://info.itu.ch). ITU-T X.244 is also the same as ISO 8073.
+
+
+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 7]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+4. Source code
+
+   Source code for a C language implementation of a "zlib" compliant
+   library is available at ftp://ftp.uu.net/pub/archiving/zip/zlib/.
+
+5. Security Considerations
+
+   A decoder that fails to check the ADLER32 checksum value may be
+   subject to undetected data corruption.
+
+6. Acknowledgements
+
+   Trademarks cited in this document are the property of their
+   respective owners.
+
+   Jean-Loup Gailly and Mark Adler designed the zlib format and wrote
+   the related software described in this specification.  Glenn
+   Randers-Pehrson converted this document to RFC and HTML format.
+
+7. Authors' Addresses
+
+   L. Peter Deutsch
+   Aladdin Enterprises
+   203 Santa Margarita Ave.
+   Menlo Park, CA 94025
+
+   Phone: (415) 322-0103 (AM only)
+   FAX:   (415) 322-1734
+   EMail: <ghost@aladdin.com>
+
+
+   Jean-Loup Gailly
+
+   EMail: <gzip@prep.ai.mit.edu>
+
+   Questions about the technical content of this specification can be
+   sent by email to
+
+   Jean-Loup Gailly <gzip@prep.ai.mit.edu> and
+   Mark Adler <madler@alumni.caltech.edu>
+
+   Editorial comments on this specification can be sent by email to
+
+   L. Peter Deutsch <ghost@aladdin.com> and
+   Glenn Randers-Pehrson <randeg@alumni.rpi.edu>
+
+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 8]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+8. Appendix: Rationale
+
+   8.1. Preset dictionaries
+
+      A preset dictionary is specially useful to compress short input
+      sequences. The compressor can take advantage of the dictionary
+      context to encode the input in a more compact manner. The
+      decompressor can be initialized with the appropriate context by
+      virtually decompressing a compressed version of the dictionary
+      without producing any output. However for certain compression
+      algorithms such as the deflate algorithm this operation can be
+      achieved without actually performing any decompression.
+
+      The compressor and the decompressor must use exactly the same
+      dictionary. The dictionary may be fixed or may be chosen among a
+      certain number of predefined dictionaries, according to the kind
+      of input data. The decompressor can determine which dictionary has
+      been chosen by the compressor by checking the dictionary
+      identifier. This document does not specify the contents of
+      predefined dictionaries, since the optimal dictionaries are
+      application specific. Standard data formats using this feature of
+      the zlib specification must precisely define the allowed
+      dictionaries.
+
+   8.2. The Adler-32 algorithm
+
+      The Adler-32 algorithm is much faster than the CRC32 algorithm yet
+      still provides an extremely low probability of undetected errors.
+
+      The modulo on unsigned long accumulators can be delayed for 5552
+      bytes, so the modulo operation time is negligible.  If the bytes
+      are a, b, c, the second sum is 3a + 2b + c + 3, and so is position
+      and order sensitive, unlike the first sum, which is just a
+      checksum.  That 65521 is prime is important to avoid a possible
+      large class of two-byte errors that leave the check unchanged.
+      (The Fletcher checksum uses 255, which is not prime and which also
+      makes the Fletcher check insensitive to single byte changes 0 <->
+      255.)
+
+      The sum s1 is initialized to 1 instead of zero to make the length
+      of the sequence part of s2, so that the length does not have to be
+      checked separately. (Any sequence of zeroes has a Fletcher
+      checksum of zero.)
+
+
+
+
+
+
+
+
+Deutsch & Gailly             Informational                      [Page 9]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+9. Appendix: Sample code
+
+   The following C code computes the Adler-32 checksum of a data buffer.
+   It is written for clarity, not for speed.  The sample code is in the
+   ANSI C programming language. Non C users may find it easier to read
+   with these hints:
+
+      &      Bitwise AND operator.
+      >>     Bitwise right shift operator. When applied to an
+             unsigned quantity, as here, right shift inserts zero bit(s)
+             at the left.
+      <<     Bitwise left shift operator. Left shift inserts zero
+             bit(s) at the right.
+      ++     "n++" increments the variable n.
+      %      modulo operator: a % b is the remainder of a divided by b.
+
+      #define BASE 65521 /* largest prime smaller than 65536 */
+
+      /*
+         Update a running Adler-32 checksum with the bytes buf[0..len-1]
+       and return the updated checksum. The Adler-32 checksum should be
+       initialized to 1.
+
+       Usage example:
+
+         unsigned long adler = 1L;
+
+         while (read_buffer(buffer, length) != EOF) {
+           adler = update_adler32(adler, buffer, length);
+         }
+         if (adler != original_adler) error();
+      */
+      unsigned long update_adler32(unsigned long adler,
+         unsigned char *buf, int len)
+      {
+        unsigned long s1 = adler & 0xffff;
+        unsigned long s2 = (adler >> 16) & 0xffff;
+        int n;
+
+        for (n = 0; n < len; n++) {
+          s1 = (s1 + buf[n]) % BASE;
+          s2 = (s2 + s1)     % BASE;
+        }
+        return (s2 << 16) + s1;
+      }
+
+      /* Return the adler32 of the bytes buf[0..len-1] */
+
+
+
+
+Deutsch & Gailly             Informational                     [Page 10]
+
+RFC 1950       ZLIB Compressed Data Format Specification        May 1996
+
+
+      unsigned long adler32(unsigned char *buf, int len)
+      {
+        return update_adler32(1L, buf, len);
+      }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Deutsch & Gailly             Informational                     [Page 11]
+
diff --git a/zlib-1.3.1/doc/rfc1951.txt b/zlib-1.3.1/doc/rfc1951.txt
new file mode 100644
index 00000000..403c8c72
--- /dev/null
+++ b/zlib-1.3.1/doc/rfc1951.txt
@@ -0,0 +1,955 @@
+
+
+
+
+
+
+Network Working Group                                         P. Deutsch
+Request for Comments: 1951                           Aladdin Enterprises
+Category: Informational                                         May 1996
+
+
+        DEFLATE Compressed Data Format Specification version 1.3
+
+Status of This Memo
+
+   This memo provides information for the Internet community.  This memo
+   does not specify an Internet standard of any kind.  Distribution of
+   this memo is unlimited.
+
+IESG Note:
+
+   The IESG takes no position on the validity of any Intellectual
+   Property Rights statements contained in this document.
+
+Notices
+
+   Copyright (c) 1996 L. Peter Deutsch
+
+   Permission is granted to copy and distribute this document for any
+   purpose and without charge, including translations into other
+   languages and incorporation into compilations, provided that the
+   copyright notice and this notice are preserved, and that any
+   substantive changes or deletions from the original are clearly
+   marked.
+
+   A pointer to the latest version of this and related documentation in
+   HTML format can be found at the URL
+   <ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html>.
+
+Abstract
+
+   This specification defines a lossless compressed data format that
+   compresses data using a combination of the LZ77 algorithm and Huffman
+   coding, with efficiency comparable to the best currently available
+   general-purpose compression methods.  The data can be produced or
+   consumed, even for an arbitrarily long sequentially presented input
+   data stream, using only an a priori bounded amount of intermediate
+   storage.  The format can be implemented readily in a manner not
+   covered by patents.
+
+
+
+
+
+
+
+
+Deutsch                      Informational                      [Page 1]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+Table of Contents
+
+   1. Introduction ................................................... 2
+      1.1. Purpose ................................................... 2
+      1.2. Intended audience ......................................... 3
+      1.3. Scope ..................................................... 3
+      1.4. Compliance ................................................ 3
+      1.5.  Definitions of terms and conventions used ................ 3
+      1.6. Changes from previous versions ............................ 4
+   2. Compressed representation overview ............................. 4
+   3. Detailed specification ......................................... 5
+      3.1. Overall conventions ....................................... 5
+          3.1.1. Packing into bytes .................................. 5
+      3.2. Compressed block format ................................... 6
+          3.2.1. Synopsis of prefix and Huffman coding ............... 6
+          3.2.2. Use of Huffman coding in the "deflate" format ....... 7
+          3.2.3. Details of block format ............................. 9
+          3.2.4. Non-compressed blocks (BTYPE=00) ................... 11
+          3.2.5. Compressed blocks (length and distance codes) ...... 11
+          3.2.6. Compression with fixed Huffman codes (BTYPE=01) .... 12
+          3.2.7. Compression with dynamic Huffman codes (BTYPE=10) .. 13
+      3.3. Compliance ............................................... 14
+   4. Compression algorithm details ................................. 14
+   5. References .................................................... 16
+   6. Security Considerations ....................................... 16
+   7. Source code ................................................... 16
+   8. Acknowledgements .............................................. 16
+   9. Author's Address .............................................. 17
+
+1. Introduction
+
+   1.1. Purpose
+
+      The purpose of this specification is to define a lossless
+      compressed data format that:
+          * Is independent of CPU type, operating system, file system,
+            and character set, and hence can be used for interchange;
+          * Can be produced or consumed, even for an arbitrarily long
+            sequentially presented input data stream, using only an a
+            priori bounded amount of intermediate storage, and hence
+            can be used in data communications or similar structures
+            such as Unix filters;
+          * Compresses data with efficiency comparable to the best
+            currently available general-purpose compression methods,
+            and in particular considerably better than the "compress"
+            program;
+          * Can be implemented readily in a manner not covered by
+            patents, and hence can be practiced freely;
+
+
+
+Deutsch                      Informational                      [Page 2]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+          * Is compatible with the file format produced by the current
+            widely used gzip utility, in that conforming decompressors
+            will be able to read data produced by the existing gzip
+            compressor.
+
+      The data format defined by this specification does not attempt to:
+
+          * Allow random access to compressed data;
+          * Compress specialized data (e.g., raster graphics) as well
+            as the best currently available specialized algorithms.
+
+      A simple counting argument shows that no lossless compression
+      algorithm can compress every possible input data set.  For the
+      format defined here, the worst case expansion is 5 bytes per 32K-
+      byte block, i.e., a size increase of 0.015% for large data sets.
+      English text usually compresses by a factor of 2.5 to 3;
+      executable files usually compress somewhat less; graphical data
+      such as raster images may compress much more.
+
+   1.2. Intended audience
+
+      This specification is intended for use by implementors of software
+      to compress data into "deflate" format and/or decompress data from
+      "deflate" format.
+
+      The text of the specification assumes a basic background in
+      programming at the level of bits and other primitive data
+      representations.  Familiarity with the technique of Huffman coding
+      is helpful but not required.
+
+   1.3. Scope
+
+      The specification specifies a method for representing a sequence
+      of bytes as a (usually shorter) sequence of bits, and a method for
+      packing the latter bit sequence into bytes.
+
+   1.4. Compliance
+
+      Unless otherwise indicated below, a compliant decompressor must be
+      able to accept and decompress any data set that conforms to all
+      the specifications presented here; a compliant compressor must
+      produce data sets that conform to all the specifications presented
+      here.
+
+   1.5.  Definitions of terms and conventions used
+
+      Byte: 8 bits stored or transmitted as a unit (same as an octet).
+      For this specification, a byte is exactly 8 bits, even on machines
+
+
+
+Deutsch                      Informational                      [Page 3]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+      which store a character on a number of bits different from eight.
+      See below, for the numbering of bits within a byte.
+
+      String: a sequence of arbitrary bytes.
+
+   1.6. Changes from previous versions
+
+      There have been no technical changes to the deflate format since
+      version 1.1 of this specification.  In version 1.2, some
+      terminology was changed.  Version 1.3 is a conversion of the
+      specification to RFC style.
+
+2. Compressed representation overview
+
+   A compressed data set consists of a series of blocks, corresponding
+   to successive blocks of input data.  The block sizes are arbitrary,
+   except that non-compressible blocks are limited to 65,535 bytes.
+
+   Each block is compressed using a combination of the LZ77 algorithm
+   and Huffman coding. The Huffman trees for each block are independent
+   of those for previous or subsequent blocks; the LZ77 algorithm may
+   use a reference to a duplicated string occurring in a previous block,
+   up to 32K input bytes before.
+
+   Each block consists of two parts: a pair of Huffman code trees that
+   describe the representation of the compressed data part, and a
+   compressed data part.  (The Huffman trees themselves are compressed
+   using Huffman encoding.)  The compressed data consists of a series of
+   elements of two types: literal bytes (of strings that have not been
+   detected as duplicated within the previous 32K input bytes), and
+   pointers to duplicated strings, where a pointer is represented as a
+   pair <length, backward distance>.  The representation used in the
+   "deflate" format limits distances to 32K bytes and lengths to 258
+   bytes, but does not limit the size of a block, except for
+   uncompressible blocks, which are limited as noted above.
+
+   Each type of value (literals, distances, and lengths) in the
+   compressed data is represented using a Huffman code, using one code
+   tree for literals and lengths and a separate code tree for distances.
+   The code trees for each block appear in a compact form just before
+   the compressed data for that block.
+
+
+
+
+
+
+
+
+
+
+Deutsch                      Informational                      [Page 4]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+3. Detailed specification
+
+   3.1. Overall conventions In the diagrams below, a box like this:
+
+         +---+
+         |   | <-- the vertical bars might be missing
+         +---+
+
+      represents one byte; a box like this:
+
+         +==============+
+         |              |
+         +==============+
+
+      represents a variable number of bytes.
+
+      Bytes stored within a computer do not have a "bit order", since
+      they are always treated as a unit.  However, a byte considered as
+      an integer between 0 and 255 does have a most- and least-
+      significant bit, and since we write numbers with the most-
+      significant digit on the left, we also write bytes with the most-
+      significant bit on the left.  In the diagrams below, we number the
+      bits of a byte so that bit 0 is the least-significant bit, i.e.,
+      the bits are numbered:
+
+         +--------+
+         |76543210|
+         +--------+
+
+      Within a computer, a number may occupy multiple bytes.  All
+      multi-byte numbers in the format described here are stored with
+      the least-significant byte first (at the lower memory address).
+      For example, the decimal number 520 is stored as:
+
+             0        1
+         +--------+--------+
+         |00001000|00000010|
+         +--------+--------+
+          ^        ^
+          |        |
+          |        + more significant byte = 2 x 256
+          + less significant byte = 8
+
+      3.1.1. Packing into bytes
+
+         This document does not address the issue of the order in which
+         bits of a byte are transmitted on a bit-sequential medium,
+         since the final data format described here is byte- rather than
+
+
+
+Deutsch                      Informational                      [Page 5]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+         bit-oriented.  However, we describe the compressed block format
+         in below, as a sequence of data elements of various bit
+         lengths, not a sequence of bytes.  We must therefore specify
+         how to pack these data elements into bytes to form the final
+         compressed byte sequence:
+
+             * Data elements are packed into bytes in order of
+               increasing bit number within the byte, i.e., starting
+               with the least-significant bit of the byte.
+             * Data elements other than Huffman codes are packed
+               starting with the least-significant bit of the data
+               element.
+             * Huffman codes are packed starting with the most-
+               significant bit of the code.
+
+         In other words, if one were to print out the compressed data as
+         a sequence of bytes, starting with the first byte at the
+         *right* margin and proceeding to the *left*, with the most-
+         significant bit of each byte on the left as usual, one would be
+         able to parse the result from right to left, with fixed-width
+         elements in the correct MSB-to-LSB order and Huffman codes in
+         bit-reversed order (i.e., with the first bit of the code in the
+         relative LSB position).
+
+   3.2. Compressed block format
+
+      3.2.1. Synopsis of prefix and Huffman coding
+
+         Prefix coding represents symbols from an a priori known
+         alphabet by bit sequences (codes), one code for each symbol, in
+         a manner such that different symbols may be represented by bit
+         sequences of different lengths, but a parser can always parse
+         an encoded string unambiguously symbol-by-symbol.
+
+         We define a prefix code in terms of a binary tree in which the
+         two edges descending from each non-leaf node are labeled 0 and
+         1 and in which the leaf nodes correspond one-for-one with (are
+         labeled with) the symbols of the alphabet; then the code for a
+         symbol is the sequence of 0's and 1's on the edges leading from
+         the root to the leaf labeled with that symbol.  For example:
+
+
+
+
+
+
+
+
+
+
+
+Deutsch                      Informational                      [Page 6]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+                          /\              Symbol    Code
+                         0  1             ------    ----
+                        /    \                A      00
+                       /\     B               B       1
+                      0  1                    C     011
+                     /    \                   D     010
+                    A     /\
+                         0  1
+                        /    \
+                       D      C
+
+         A parser can decode the next symbol from an encoded input
+         stream by walking down the tree from the root, at each step
+         choosing the edge corresponding to the next input bit.
+
+         Given an alphabet with known symbol frequencies, the Huffman
+         algorithm allows the construction of an optimal prefix code
+         (one which represents strings with those symbol frequencies
+         using the fewest bits of any possible prefix codes for that
+         alphabet).  Such a code is called a Huffman code.  (See
+         reference [1] in Chapter 5, references for additional
+         information on Huffman codes.)
+
+         Note that in the "deflate" format, the Huffman codes for the
+         various alphabets must not exceed certain maximum code lengths.
+         This constraint complicates the algorithm for computing code
+         lengths from symbol frequencies.  Again, see Chapter 5,
+         references for details.
+
+      3.2.2. Use of Huffman coding in the "deflate" format
+
+         The Huffman codes used for each alphabet in the "deflate"
+         format have two additional rules:
+
+             * All codes of a given bit length have lexicographically
+               consecutive values, in the same order as the symbols
+               they represent;
+
+             * Shorter codes lexicographically precede longer codes.
+
+
+
+
+
+
+
+
+
+
+
+
+Deutsch                      Informational                      [Page 7]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+         We could recode the example above to follow this rule as
+         follows, assuming that the order of the alphabet is ABCD:
+
+            Symbol  Code
+            ------  ----
+            A       10
+            B       0
+            C       110
+            D       111
+
+         I.e., 0 precedes 10 which precedes 11x, and 110 and 111 are
+         lexicographically consecutive.
+
+         Given this rule, we can define the Huffman code for an alphabet
+         just by giving the bit lengths of the codes for each symbol of
+         the alphabet in order; this is sufficient to determine the
+         actual codes.  In our example, the code is completely defined
+         by the sequence of bit lengths (2, 1, 3, 3).  The following
+         algorithm generates the codes as integers, intended to be read
+         from most- to least-significant bit.  The code lengths are
+         initially in tree[I].Len; the codes are produced in
+         tree[I].Code.
+
+         1)  Count the number of codes for each code length.  Let
+             bl_count[N] be the number of codes of length N, N >= 1.
+
+         2)  Find the numerical value of the smallest code for each
+             code length:
+
+                code = 0;
+                bl_count[0] = 0;
+                for (bits = 1; bits <= MAX_BITS; bits++) {
+                    code = (code + bl_count[bits-1]) << 1;
+                    next_code[bits] = code;
+                }
+
+         3)  Assign numerical values to all codes, using consecutive
+             values for all codes of the same length with the base
+             values determined at step 2. Codes that are never used
+             (which have a bit length of zero) must not be assigned a
+             value.
+
+                for (n = 0;  n <= max_code; n++) {
+                    len = tree[n].Len;
+                    if (len != 0) {
+                        tree[n].Code = next_code[len];
+                        next_code[len]++;
+                    }
+
+
+
+Deutsch                      Informational                      [Page 8]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+                }
+
+         Example:
+
+         Consider the alphabet ABCDEFGH, with bit lengths (3, 3, 3, 3,
+         3, 2, 4, 4).  After step 1, we have:
+
+            N      bl_count[N]
+            -      -----------
+            2      1
+            3      5
+            4      2
+
+         Step 2 computes the following next_code values:
+
+            N      next_code[N]
+            -      ------------
+            1      0
+            2      0
+            3      2
+            4      14
+
+         Step 3 produces the following code values:
+
+            Symbol Length   Code
+            ------ ------   ----
+            A       3        010
+            B       3        011
+            C       3        100
+            D       3        101
+            E       3        110
+            F       2         00
+            G       4       1110
+            H       4       1111
+
+      3.2.3. Details of block format
+
+         Each block of compressed data begins with 3 header bits
+         containing the following data:
+
+            first bit       BFINAL
+            next 2 bits     BTYPE
+
+         Note that the header bits do not necessarily begin on a byte
+         boundary, since a block does not necessarily occupy an integral
+         number of bytes.
+
+
+
+
+
+Deutsch                      Informational                      [Page 9]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+         BFINAL is set if and only if this is the last block of the data
+         set.
+
+         BTYPE specifies how the data are compressed, as follows:
+
+            00 - no compression
+            01 - compressed with fixed Huffman codes
+            10 - compressed with dynamic Huffman codes
+            11 - reserved (error)
+
+         The only difference between the two compressed cases is how the
+         Huffman codes for the literal/length and distance alphabets are
+         defined.
+
+         In all cases, the decoding algorithm for the actual data is as
+         follows:
+
+            do
+               read block header from input stream.
+               if stored with no compression
+                  skip any remaining bits in current partially
+                     processed byte
+                  read LEN and NLEN (see next section)
+                  copy LEN bytes of data to output
+               otherwise
+                  if compressed with dynamic Huffman codes
+                     read representation of code trees (see
+                        subsection below)
+                  loop (until end of block code recognized)
+                     decode literal/length value from input stream
+                     if value < 256
+                        copy value (literal byte) to output stream
+                     otherwise
+                        if value = end of block (256)
+                           break from loop
+                        otherwise (value = 257..285)
+                           decode distance from input stream
+
+                           move backwards distance bytes in the output
+                           stream, and copy length bytes from this
+                           position to the output stream.
+                  end loop
+            while not last block
+
+         Note that a duplicated string reference may refer to a string
+         in a previous block; i.e., the backward distance may cross one
+         or more block boundaries.  However a distance cannot refer past
+         the beginning of the output stream.  (An application using a
+
+
+
+Deutsch                      Informational                     [Page 10]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+         preset dictionary might discard part of the output stream; a
+         distance can refer to that part of the output stream anyway)
+         Note also that the referenced string may overlap the current
+         position; for example, if the last 2 bytes decoded have values
+         X and Y, a string reference with <length = 5, distance = 2>
+         adds X,Y,X,Y,X to the output stream.
+
+         We now specify each compression method in turn.
+
+      3.2.4. Non-compressed blocks (BTYPE=00)
+
+         Any bits of input up to the next byte boundary are ignored.
+         The rest of the block consists of the following information:
+
+              0   1   2   3   4...
+            +---+---+---+---+================================+
+            |  LEN  | NLEN  |... LEN bytes of literal data...|
+            +---+---+---+---+================================+
+
+         LEN is the number of data bytes in the block.  NLEN is the
+         one's complement of LEN.
+
+      3.2.5. Compressed blocks (length and distance codes)
+
+         As noted above, encoded data blocks in the "deflate" format
+         consist of sequences of symbols drawn from three conceptually
+         distinct alphabets: either literal bytes, from the alphabet of
+         byte values (0..255), or <length, backward distance> pairs,
+         where the length is drawn from (3..258) and the distance is
+         drawn from (1..32,768).  In fact, the literal and length
+         alphabets are merged into a single alphabet (0..285), where
+         values 0..255 represent literal bytes, the value 256 indicates
+         end-of-block, and values 257..285 represent length codes
+         (possibly in conjunction with extra bits following the symbol
+         code) as follows:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Deutsch                      Informational                     [Page 11]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+                 Extra               Extra               Extra
+            Code Bits Length(s) Code Bits Lengths   Code Bits Length(s)
+            ---- ---- ------     ---- ---- -------   ---- ---- -------
+             257   0     3       267   1   15,16     277   4   67-82
+             258   0     4       268   1   17,18     278   4   83-98
+             259   0     5       269   2   19-22     279   4   99-114
+             260   0     6       270   2   23-26     280   4  115-130
+             261   0     7       271   2   27-30     281   5  131-162
+             262   0     8       272   2   31-34     282   5  163-194
+             263   0     9       273   3   35-42     283   5  195-226
+             264   0    10       274   3   43-50     284   5  227-257
+             265   1  11,12      275   3   51-58     285   0    258
+             266   1  13,14      276   3   59-66
+
+         The extra bits should be interpreted as a machine integer
+         stored with the most-significant bit first, e.g., bits 1110
+         represent the value 14.
+
+                  Extra           Extra               Extra
+             Code Bits Dist  Code Bits   Dist     Code Bits Distance
+             ---- ---- ----  ---- ----  ------    ---- ---- --------
+               0   0    1     10   4     33-48    20    9   1025-1536
+               1   0    2     11   4     49-64    21    9   1537-2048
+               2   0    3     12   5     65-96    22   10   2049-3072
+               3   0    4     13   5     97-128   23   10   3073-4096
+               4   1   5,6    14   6    129-192   24   11   4097-6144
+               5   1   7,8    15   6    193-256   25   11   6145-8192
+               6   2   9-12   16   7    257-384   26   12  8193-12288
+               7   2  13-16   17   7    385-512   27   12 12289-16384
+               8   3  17-24   18   8    513-768   28   13 16385-24576
+               9   3  25-32   19   8   769-1024   29   13 24577-32768
+
+      3.2.6. Compression with fixed Huffman codes (BTYPE=01)
+
+         The Huffman codes for the two alphabets are fixed, and are not
+         represented explicitly in the data.  The Huffman code lengths
+         for the literal/length alphabet are:
+
+                   Lit Value    Bits        Codes
+                   ---------    ----        -----
+                     0 - 143     8          00110000 through
+                                            10111111
+                   144 - 255     9          110010000 through
+                                            111111111
+                   256 - 279     7          0000000 through
+                                            0010111
+                   280 - 287     8          11000000 through
+                                            11000111
+
+
+
+Deutsch                      Informational                     [Page 12]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+         The code lengths are sufficient to generate the actual codes,
+         as described above; we show the codes in the table for added
+         clarity.  Literal/length values 286-287 will never actually
+         occur in the compressed data, but participate in the code
+         construction.
+
+         Distance codes 0-31 are represented by (fixed-length) 5-bit
+         codes, with possible additional bits as shown in the table
+         shown in Paragraph 3.2.5, above.  Note that distance codes 30-
+         31 will never actually occur in the compressed data.
+
+      3.2.7. Compression with dynamic Huffman codes (BTYPE=10)
+
+         The Huffman codes for the two alphabets appear in the block
+         immediately after the header bits and before the actual
+         compressed data, first the literal/length code and then the
+         distance code.  Each code is defined by a sequence of code
+         lengths, as discussed in Paragraph 3.2.2, above.  For even
+         greater compactness, the code length sequences themselves are
+         compressed using a Huffman code.  The alphabet for code lengths
+         is as follows:
+
+               0 - 15: Represent code lengths of 0 - 15
+                   16: Copy the previous code length 3 - 6 times.
+                       The next 2 bits indicate repeat length
+                             (0 = 3, ... , 3 = 6)
+                          Example:  Codes 8, 16 (+2 bits 11),
+                                    16 (+2 bits 10) will expand to
+                                    12 code lengths of 8 (1 + 6 + 5)
+                   17: Repeat a code length of 0 for 3 - 10 times.
+                       (3 bits of length)
+                   18: Repeat a code length of 0 for 11 - 138 times
+                       (7 bits of length)
+
+         A code length of 0 indicates that the corresponding symbol in
+         the literal/length or distance alphabet will not occur in the
+         block, and should not participate in the Huffman code
+         construction algorithm given earlier.  If only one distance
+         code is used, it is encoded using one bit, not zero bits; in
+         this case there is a single code length of one, with one unused
+         code.  One distance code of zero bits means that there are no
+         distance codes used at all (the data is all literals).
+
+         We can now define the format of the block:
+
+               5 Bits: HLIT, # of Literal/Length codes - 257 (257 - 286)
+               5 Bits: HDIST, # of Distance codes - 1        (1 - 32)
+               4 Bits: HCLEN, # of Code Length codes - 4     (4 - 19)
+
+
+
+Deutsch                      Informational                     [Page 13]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+               (HCLEN + 4) x 3 bits: code lengths for the code length
+                  alphabet given just above, in the order: 16, 17, 18,
+                  0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15
+
+                  These code lengths are interpreted as 3-bit integers
+                  (0-7); as above, a code length of 0 means the
+                  corresponding symbol (literal/length or distance code
+                  length) is not used.
+
+               HLIT + 257 code lengths for the literal/length alphabet,
+                  encoded using the code length Huffman code
+
+               HDIST + 1 code lengths for the distance alphabet,
+                  encoded using the code length Huffman code
+
+               The actual compressed data of the block,
+                  encoded using the literal/length and distance Huffman
+                  codes
+
+               The literal/length symbol 256 (end of data),
+                  encoded using the literal/length Huffman code
+
+         The code length repeat codes can cross from HLIT + 257 to the
+         HDIST + 1 code lengths.  In other words, all code lengths form
+         a single sequence of HLIT + HDIST + 258 values.
+
+   3.3. Compliance
+
+      A compressor may limit further the ranges of values specified in
+      the previous section and still be compliant; for example, it may
+      limit the range of backward pointers to some value smaller than
+      32K.  Similarly, a compressor may limit the size of blocks so that
+      a compressible block fits in memory.
+
+      A compliant decompressor must accept the full range of possible
+      values defined in the previous section, and must accept blocks of
+      arbitrary size.
+
+4. Compression algorithm details
+
+   While it is the intent of this document to define the "deflate"
+   compressed data format without reference to any particular
+   compression algorithm, the format is related to the compressed
+   formats produced by LZ77 (Lempel-Ziv 1977, see reference [2] below);
+   since many variations of LZ77 are patented, it is strongly
+   recommended that the implementor of a compressor follow the general
+   algorithm presented here, which is known not to be patented per se.
+   The material in this section is not part of the definition of the
+
+
+
+Deutsch                      Informational                     [Page 14]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+   specification per se, and a compressor need not follow it in order to
+   be compliant.
+
+   The compressor terminates a block when it determines that starting a
+   new block with fresh trees would be useful, or when the block size
+   fills up the compressor's block buffer.
+
+   The compressor uses a chained hash table to find duplicated strings,
+   using a hash function that operates on 3-byte sequences.  At any
+   given point during compression, let XYZ be the next 3 input bytes to
+   be examined (not necessarily all different, of course).  First, the
+   compressor examines the hash chain for XYZ.  If the chain is empty,
+   the compressor simply writes out X as a literal byte and advances one
+   byte in the input.  If the hash chain is not empty, indicating that
+   the sequence XYZ (or, if we are unlucky, some other 3 bytes with the
+   same hash function value) has occurred recently, the compressor
+   compares all strings on the XYZ hash chain with the actual input data
+   sequence starting at the current point, and selects the longest
+   match.
+
+   The compressor searches the hash chains starting with the most recent
+   strings, to favor small distances and thus take advantage of the
+   Huffman encoding.  The hash chains are singly linked. There are no
+   deletions from the hash chains; the algorithm simply discards matches
+   that are too old.  To avoid a worst-case situation, very long hash
+   chains are arbitrarily truncated at a certain length, determined by a
+   run-time parameter.
+
+   To improve overall compression, the compressor optionally defers the
+   selection of matches ("lazy matching"): after a match of length N has
+   been found, the compressor searches for a longer match starting at
+   the next input byte.  If it finds a longer match, it truncates the
+   previous match to a length of one (thus producing a single literal
+   byte) and then emits the longer match.  Otherwise, it emits the
+   original match, and, as described above, advances N bytes before
+   continuing.
+
+   Run-time parameters also control this "lazy match" procedure.  If
+   compression ratio is most important, the compressor attempts a
+   complete second search regardless of the length of the first match.
+   In the normal case, if the current match is "long enough", the
+   compressor reduces the search for a longer match, thus speeding up
+   the process.  If speed is most important, the compressor inserts new
+   strings in the hash table only when no match was found, or when the
+   match is not "too long".  This degrades the compression ratio but
+   saves time since there are both fewer insertions and fewer searches.
+
+
+
+
+
+Deutsch                      Informational                     [Page 15]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+5. References
+
+   [1] Huffman, D. A., "A Method for the Construction of Minimum
+       Redundancy Codes", Proceedings of the Institute of Radio
+       Engineers, September 1952, Volume 40, Number 9, pp. 1098-1101.
+
+   [2] Ziv J., Lempel A., "A Universal Algorithm for Sequential Data
+       Compression", IEEE Transactions on Information Theory, Vol. 23,
+       No. 3, pp. 337-343.
+
+   [3] Gailly, J.-L., and Adler, M., ZLIB documentation and sources,
+       available in ftp://ftp.uu.net/pub/archiving/zip/doc/
+
+   [4] Gailly, J.-L., and Adler, M., GZIP documentation and sources,
+       available as gzip-*.tar in ftp://prep.ai.mit.edu/pub/gnu/
+
+   [5] Schwartz, E. S., and Kallick, B. "Generating a canonical prefix
+       encoding." Comm. ACM, 7,3 (Mar. 1964), pp. 166-169.
+
+   [6] Hirschberg and Lelewer, "Efficient decoding of prefix codes,"
+       Comm. ACM, 33,4, April 1990, pp. 449-459.
+
+6. Security Considerations
+
+   Any data compression method involves the reduction of redundancy in
+   the data.  Consequently, any corruption of the data is likely to have
+   severe effects and be difficult to correct.  Uncompressed text, on
+   the other hand, will probably still be readable despite the presence
+   of some corrupted bytes.
+
+   It is recommended that systems using this data format provide some
+   means of validating the integrity of the compressed data.  See
+   reference [3], for example.
+
+7. Source code
+
+   Source code for a C language implementation of a "deflate" compliant
+   compressor and decompressor is available within the zlib package at
+   ftp://ftp.uu.net/pub/archiving/zip/zlib/.
+
+8. Acknowledgements
+
+   Trademarks cited in this document are the property of their
+   respective owners.
+
+   Phil Katz designed the deflate format.  Jean-Loup Gailly and Mark
+   Adler wrote the related software described in this specification.
+   Glenn Randers-Pehrson converted this document to RFC and HTML format.
+
+
+
+Deutsch                      Informational                     [Page 16]
+
+RFC 1951      DEFLATE Compressed Data Format Specification      May 1996
+
+
+9. Author's Address
+
+   L. Peter Deutsch
+   Aladdin Enterprises
+   203 Santa Margarita Ave.
+   Menlo Park, CA 94025
+
+   Phone: (415) 322-0103 (AM only)
+   FAX:   (415) 322-1734
+   EMail: <ghost@aladdin.com>
+
+   Questions about the technical content of this specification can be
+   sent by email to:
+
+   Jean-Loup Gailly <gzip@prep.ai.mit.edu> and
+   Mark Adler <madler@alumni.caltech.edu>
+
+   Editorial comments on this specification can be sent by email to:
+
+   L. Peter Deutsch <ghost@aladdin.com> and
+   Glenn Randers-Pehrson <randeg@alumni.rpi.edu>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Deutsch                      Informational                     [Page 17]
+
diff --git a/zlib-1.3.1/doc/rfc1952.txt b/zlib-1.3.1/doc/rfc1952.txt
new file mode 100644
index 00000000..a8e51b45
--- /dev/null
+++ b/zlib-1.3.1/doc/rfc1952.txt
@@ -0,0 +1,675 @@
+
+
+
+
+
+
+Network Working Group                                         P. Deutsch
+Request for Comments: 1952                           Aladdin Enterprises
+Category: Informational                                         May 1996
+
+
+               GZIP file format specification version 4.3
+
+Status of This Memo
+
+   This memo provides information for the Internet community.  This memo
+   does not specify an Internet standard of any kind.  Distribution of
+   this memo is unlimited.
+
+IESG Note:
+
+   The IESG takes no position on the validity of any Intellectual
+   Property Rights statements contained in this document.
+
+Notices
+
+   Copyright (c) 1996 L. Peter Deutsch
+
+   Permission is granted to copy and distribute this document for any
+   purpose and without charge, including translations into other
+   languages and incorporation into compilations, provided that the
+   copyright notice and this notice are preserved, and that any
+   substantive changes or deletions from the original are clearly
+   marked.
+
+   A pointer to the latest version of this and related documentation in
+   HTML format can be found at the URL
+   <ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html>.
+
+Abstract
+
+   This specification defines a lossless compressed data format that is
+   compatible with the widely used GZIP utility.  The format includes a
+   cyclic redundancy check value for detecting data corruption.  The
+   format presently uses the DEFLATE method of compression but can be
+   easily extended to use other compression methods.  The format can be
+   implemented readily in a manner not covered by patents.
+
+
+
+
+
+
+
+
+
+
+Deutsch                      Informational                      [Page 1]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+Table of Contents
+
+   1. Introduction ................................................... 2
+      1.1. Purpose ................................................... 2
+      1.2. Intended audience ......................................... 3
+      1.3. Scope ..................................................... 3
+      1.4. Compliance ................................................ 3
+      1.5. Definitions of terms and conventions used ................. 3
+      1.6. Changes from previous versions ............................ 3
+   2. Detailed specification ......................................... 4
+      2.1. Overall conventions ....................................... 4
+      2.2. File format ............................................... 5
+      2.3. Member format ............................................. 5
+          2.3.1. Member header and trailer ........................... 6
+              2.3.1.1. Extra field ................................... 8
+              2.3.1.2. Compliance .................................... 9
+      3. References .................................................. 9
+      4. Security Considerations .................................... 10
+      5. Acknowledgements ........................................... 10
+      6. Author's Address ........................................... 10
+      7. Appendix: Jean-Loup Gailly's gzip utility .................. 11
+      8. Appendix: Sample CRC Code .................................. 11
+
+1. Introduction
+
+   1.1. Purpose
+
+      The purpose of this specification is to define a lossless
+      compressed data format that:
+
+          * Is independent of CPU type, operating system, file system,
+            and character set, and hence can be used for interchange;
+          * Can compress or decompress a data stream (as opposed to a
+            randomly accessible file) to produce another data stream,
+            using only an a priori bounded amount of intermediate
+            storage, and hence can be used in data communications or
+            similar structures such as Unix filters;
+          * Compresses data with efficiency comparable to the best
+            currently available general-purpose compression methods,
+            and in particular considerably better than the "compress"
+            program;
+          * Can be implemented readily in a manner not covered by
+            patents, and hence can be practiced freely;
+          * Is compatible with the file format produced by the current
+            widely used gzip utility, in that conforming decompressors
+            will be able to read data produced by the existing gzip
+            compressor.
+
+
+
+
+Deutsch                      Informational                      [Page 2]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+      The data format defined by this specification does not attempt to:
+
+          * Provide random access to compressed data;
+          * Compress specialized data (e.g., raster graphics) as well as
+            the best currently available specialized algorithms.
+
+   1.2. Intended audience
+
+      This specification is intended for use by implementors of software
+      to compress data into gzip format and/or decompress data from gzip
+      format.
+
+      The text of the specification assumes a basic background in
+      programming at the level of bits and other primitive data
+      representations.
+
+   1.3. Scope
+
+      The specification specifies a compression method and a file format
+      (the latter assuming only that a file can store a sequence of
+      arbitrary bytes).  It does not specify any particular interface to
+      a file system or anything about character sets or encodings
+      (except for file names and comments, which are optional).
+
+   1.4. Compliance
+
+      Unless otherwise indicated below, a compliant decompressor must be
+      able to accept and decompress any file that conforms to all the
+      specifications presented here; a compliant compressor must produce
+      files that conform to all the specifications presented here.  The
+      material in the appendices is not part of the specification per se
+      and is not relevant to compliance.
+
+   1.5. Definitions of terms and conventions used
+
+      byte: 8 bits stored or transmitted as a unit (same as an octet).
+      (For this specification, a byte is exactly 8 bits, even on
+      machines which store a character on a number of bits different
+      from 8.)  See below for the numbering of bits within a byte.
+
+   1.6. Changes from previous versions
+
+      There have been no technical changes to the gzip format since
+      version 4.1 of this specification.  In version 4.2, some
+      terminology was changed, and the sample CRC code was rewritten for
+      clarity and to eliminate the requirement for the caller to do pre-
+      and post-conditioning.  Version 4.3 is a conversion of the
+      specification to RFC style.
+
+
+
+Deutsch                      Informational                      [Page 3]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+2. Detailed specification
+
+   2.1. Overall conventions
+
+      In the diagrams below, a box like this:
+
+         +---+
+         |   | <-- the vertical bars might be missing
+         +---+
+
+      represents one byte; a box like this:
+
+         +==============+
+         |              |
+         +==============+
+
+      represents a variable number of bytes.
+
+      Bytes stored within a computer do not have a "bit order", since
+      they are always treated as a unit.  However, a byte considered as
+      an integer between 0 and 255 does have a most- and least-
+      significant bit, and since we write numbers with the most-
+      significant digit on the left, we also write bytes with the most-
+      significant bit on the left.  In the diagrams below, we number the
+      bits of a byte so that bit 0 is the least-significant bit, i.e.,
+      the bits are numbered:
+
+         +--------+
+         |76543210|
+         +--------+
+
+      This document does not address the issue of the order in which
+      bits of a byte are transmitted on a bit-sequential medium, since
+      the data format described here is byte- rather than bit-oriented.
+
+      Within a computer, a number may occupy multiple bytes.  All
+      multi-byte numbers in the format described here are stored with
+      the least-significant byte first (at the lower memory address).
+      For example, the decimal number 520 is stored as:
+
+             0        1
+         +--------+--------+
+         |00001000|00000010|
+         +--------+--------+
+          ^        ^
+          |        |
+          |        + more significant byte = 2 x 256
+          + less significant byte = 8
+
+
+
+Deutsch                      Informational                      [Page 4]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+   2.2. File format
+
+      A gzip file consists of a series of "members" (compressed data
+      sets).  The format of each member is specified in the following
+      section.  The members simply appear one after another in the file,
+      with no additional information before, between, or after them.
+
+   2.3. Member format
+
+      Each member has the following structure:
+
+         +---+---+---+---+---+---+---+---+---+---+
+         |ID1|ID2|CM |FLG|     MTIME     |XFL|OS | (more-->)
+         +---+---+---+---+---+---+---+---+---+---+
+
+      (if FLG.FEXTRA set)
+
+         +---+---+=================================+
+         | XLEN  |...XLEN bytes of "extra field"...| (more-->)
+         +---+---+=================================+
+
+      (if FLG.FNAME set)
+
+         +=========================================+
+         |...original file name, zero-terminated...| (more-->)
+         +=========================================+
+
+      (if FLG.FCOMMENT set)
+
+         +===================================+
+         |...file comment, zero-terminated...| (more-->)
+         +===================================+
+
+      (if FLG.FHCRC set)
+
+         +---+---+
+         | CRC16 |
+         +---+---+
+
+         +=======================+
+         |...compressed blocks...| (more-->)
+         +=======================+
+
+           0   1   2   3   4   5   6   7
+         +---+---+---+---+---+---+---+---+
+         |     CRC32     |     ISIZE     |
+         +---+---+---+---+---+---+---+---+
+
+
+
+
+Deutsch                      Informational                      [Page 5]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+      2.3.1. Member header and trailer
+
+         ID1 (IDentification 1)
+         ID2 (IDentification 2)
+            These have the fixed values ID1 = 31 (0x1f, \037), ID2 = 139
+            (0x8b, \213), to identify the file as being in gzip format.
+
+         CM (Compression Method)
+            This identifies the compression method used in the file.  CM
+            = 0-7 are reserved.  CM = 8 denotes the "deflate"
+            compression method, which is the one customarily used by
+            gzip and which is documented elsewhere.
+
+         FLG (FLaGs)
+            This flag byte is divided into individual bits as follows:
+
+               bit 0   FTEXT
+               bit 1   FHCRC
+               bit 2   FEXTRA
+               bit 3   FNAME
+               bit 4   FCOMMENT
+               bit 5   reserved
+               bit 6   reserved
+               bit 7   reserved
+
+            If FTEXT is set, the file is probably ASCII text.  This is
+            an optional indication, which the compressor may set by
+            checking a small amount of the input data to see whether any
+            non-ASCII characters are present.  In case of doubt, FTEXT
+            is cleared, indicating binary data. For systems which have
+            different file formats for ascii text and binary data, the
+            decompressor can use FTEXT to choose the appropriate format.
+            We deliberately do not specify the algorithm used to set
+            this bit, since a compressor always has the option of
+            leaving it cleared and a decompressor always has the option
+            of ignoring it and letting some other program handle issues
+            of data conversion.
+
+            If FHCRC is set, a CRC16 for the gzip header is present,
+            immediately before the compressed data. The CRC16 consists
+            of the two least significant bytes of the CRC32 for all
+            bytes of the gzip header up to and not including the CRC16.
+            [The FHCRC bit was never set by versions of gzip up to
+            1.2.4, even though it was documented with a different
+            meaning in gzip 1.2.4.]
+
+            If FEXTRA is set, optional extra fields are present, as
+            described in a following section.
+
+
+
+Deutsch                      Informational                      [Page 6]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+            If FNAME is set, an original file name is present,
+            terminated by a zero byte.  The name must consist of ISO
+            8859-1 (LATIN-1) characters; on operating systems using
+            EBCDIC or any other character set for file names, the name
+            must be translated to the ISO LATIN-1 character set.  This
+            is the original name of the file being compressed, with any
+            directory components removed, and, if the file being
+            compressed is on a file system with case insensitive names,
+            forced to lower case. There is no original file name if the
+            data was compressed from a source other than a named file;
+            for example, if the source was stdin on a Unix system, there
+            is no file name.
+
+            If FCOMMENT is set, a zero-terminated file comment is
+            present.  This comment is not interpreted; it is only
+            intended for human consumption.  The comment must consist of
+            ISO 8859-1 (LATIN-1) characters.  Line breaks should be
+            denoted by a single line feed character (10 decimal).
+
+            Reserved FLG bits must be zero.
+
+         MTIME (Modification TIME)
+            This gives the most recent modification time of the original
+            file being compressed.  The time is in Unix format, i.e.,
+            seconds since 00:00:00 GMT, Jan.  1, 1970.  (Note that this
+            may cause problems for MS-DOS and other systems that use
+            local rather than Universal time.)  If the compressed data
+            did not come from a file, MTIME is set to the time at which
+            compression started.  MTIME = 0 means no time stamp is
+            available.
+
+         XFL (eXtra FLags)
+            These flags are available for use by specific compression
+            methods.  The "deflate" method (CM = 8) sets these flags as
+            follows:
+
+               XFL = 2 - compressor used maximum compression,
+                         slowest algorithm
+               XFL = 4 - compressor used fastest algorithm
+
+         OS (Operating System)
+            This identifies the type of file system on which compression
+            took place.  This may be useful in determining end-of-line
+            convention for text files.  The currently defined values are
+            as follows:
+
+
+
+
+
+
+Deutsch                      Informational                      [Page 7]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+                 0 - FAT filesystem (MS-DOS, OS/2, NT/Win32)
+                 1 - Amiga
+                 2 - VMS (or OpenVMS)
+                 3 - Unix
+                 4 - VM/CMS
+                 5 - Atari TOS
+                 6 - HPFS filesystem (OS/2, NT)
+                 7 - Macintosh
+                 8 - Z-System
+                 9 - CP/M
+                10 - TOPS-20
+                11 - NTFS filesystem (NT)
+                12 - QDOS
+                13 - Acorn RISCOS
+               255 - unknown
+
+         XLEN (eXtra LENgth)
+            If FLG.FEXTRA is set, this gives the length of the optional
+            extra field.  See below for details.
+
+         CRC32 (CRC-32)
+            This contains a Cyclic Redundancy Check value of the
+            uncompressed data computed according to CRC-32 algorithm
+            used in the ISO 3309 standard and in section 8.1.1.6.2 of
+            ITU-T recommendation V.42.  (See http://www.iso.ch for
+            ordering ISO documents. See gopher://info.itu.ch for an
+            online version of ITU-T V.42.)
+
+         ISIZE (Input SIZE)
+            This contains the size of the original (uncompressed) input
+            data modulo 2^32.
+
+      2.3.1.1. Extra field
+
+         If the FLG.FEXTRA bit is set, an "extra field" is present in
+         the header, with total length XLEN bytes.  It consists of a
+         series of subfields, each of the form:
+
+            +---+---+---+---+==================================+
+            |SI1|SI2|  LEN  |... LEN bytes of subfield data ...|
+            +---+---+---+---+==================================+
+
+         SI1 and SI2 provide a subfield ID, typically two ASCII letters
+         with some mnemonic value.  Jean-Loup Gailly
+         <gzip@prep.ai.mit.edu> is maintaining a registry of subfield
+         IDs; please send him any subfield ID you wish to use.  Subfield
+         IDs with SI2 = 0 are reserved for future use.  The following
+         IDs are currently defined:
+
+
+
+Deutsch                      Informational                      [Page 8]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+            SI1         SI2         Data
+            ----------  ----------  ----
+            0x41 ('A')  0x70 ('P')  Apollo file type information
+
+         LEN gives the length of the subfield data, excluding the 4
+         initial bytes.
+
+      2.3.1.2. Compliance
+
+         A compliant compressor must produce files with correct ID1,
+         ID2, CM, CRC32, and ISIZE, but may set all the other fields in
+         the fixed-length part of the header to default values (255 for
+         OS, 0 for all others).  The compressor must set all reserved
+         bits to zero.
+
+         A compliant decompressor must check ID1, ID2, and CM, and
+         provide an error indication if any of these have incorrect
+         values.  It must examine FEXTRA/XLEN, FNAME, FCOMMENT and FHCRC
+         at least so it can skip over the optional fields if they are
+         present.  It need not examine any other part of the header or
+         trailer; in particular, a decompressor may ignore FTEXT and OS
+         and always produce binary output, and still be compliant.  A
+         compliant decompressor must give an error indication if any
+         reserved bit is non-zero, since such a bit could indicate the
+         presence of a new field that would cause subsequent data to be
+         interpreted incorrectly.
+
+3. References
+
+   [1] "Information Processing - 8-bit single-byte coded graphic
+       character sets - Part 1: Latin alphabet No.1" (ISO 8859-1:1987).
+       The ISO 8859-1 (Latin-1) character set is a superset of 7-bit
+       ASCII. Files defining this character set are available as
+       iso_8859-1.* in ftp://ftp.uu.net/graphics/png/documents/
+
+   [2] ISO 3309
+
+   [3] ITU-T recommendation V.42
+
+   [4] Deutsch, L.P.,"DEFLATE Compressed Data Format Specification",
+       available in ftp://ftp.uu.net/pub/archiving/zip/doc/
+
+   [5] Gailly, J.-L., GZIP documentation, available as gzip-*.tar in
+       ftp://prep.ai.mit.edu/pub/gnu/
+
+   [6] Sarwate, D.V., "Computation of Cyclic Redundancy Checks via Table
+       Look-Up", Communications of the ACM, 31(8), pp.1008-1013.
+
+
+
+
+Deutsch                      Informational                      [Page 9]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+   [7] Schwaderer, W.D., "CRC Calculation", April 85 PC Tech Journal,
+       pp.118-133.
+
+   [8] ftp://ftp.adelaide.edu.au/pub/rocksoft/papers/crc_v3.txt,
+       describing the CRC concept.
+
+4. Security Considerations
+
+   Any data compression method involves the reduction of redundancy in
+   the data.  Consequently, any corruption of the data is likely to have
+   severe effects and be difficult to correct.  Uncompressed text, on
+   the other hand, will probably still be readable despite the presence
+   of some corrupted bytes.
+
+   It is recommended that systems using this data format provide some
+   means of validating the integrity of the compressed data, such as by
+   setting and checking the CRC-32 check value.
+
+5. Acknowledgements
+
+   Trademarks cited in this document are the property of their
+   respective owners.
+
+   Jean-Loup Gailly designed the gzip format and wrote, with Mark Adler,
+   the related software described in this specification.  Glenn
+   Randers-Pehrson converted this document to RFC and HTML format.
+
+6. Author's Address
+
+   L. Peter Deutsch
+   Aladdin Enterprises
+   203 Santa Margarita Ave.
+   Menlo Park, CA 94025
+
+   Phone: (415) 322-0103 (AM only)
+   FAX:   (415) 322-1734
+   EMail: <ghost@aladdin.com>
+
+   Questions about the technical content of this specification can be
+   sent by email to:
+
+   Jean-Loup Gailly <gzip@prep.ai.mit.edu> and
+   Mark Adler <madler@alumni.caltech.edu>
+
+   Editorial comments on this specification can be sent by email to:
+
+   L. Peter Deutsch <ghost@aladdin.com> and
+   Glenn Randers-Pehrson <randeg@alumni.rpi.edu>
+
+
+
+Deutsch                      Informational                     [Page 10]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+7. Appendix: Jean-Loup Gailly's gzip utility
+
+   The most widely used implementation of gzip compression, and the
+   original documentation on which this specification is based, were
+   created by Jean-Loup Gailly <gzip@prep.ai.mit.edu>.  Since this
+   implementation is a de facto standard, we mention some more of its
+   features here.  Again, the material in this section is not part of
+   the specification per se, and implementations need not follow it to
+   be compliant.
+
+   When compressing or decompressing a file, gzip preserves the
+   protection, ownership, and modification time attributes on the local
+   file system, since there is no provision for representing protection
+   attributes in the gzip file format itself.  Since the file format
+   includes a modification time, the gzip decompressor provides a
+   command line switch that assigns the modification time from the file,
+   rather than the local modification time of the compressed input, to
+   the decompressed output.
+
+8. Appendix: Sample CRC Code
+
+   The following sample code represents a practical implementation of
+   the CRC (Cyclic Redundancy Check). (See also ISO 3309 and ITU-T V.42
+   for a formal specification.)
+
+   The sample code is in the ANSI C programming language. Non C users
+   may find it easier to read with these hints:
+
+      &      Bitwise AND operator.
+      ^      Bitwise exclusive-OR operator.
+      >>     Bitwise right shift operator. When applied to an
+             unsigned quantity, as here, right shift inserts zero
+             bit(s) at the left.
+      !      Logical NOT operator.
+      ++     "n++" increments the variable n.
+      0xNNN  0x introduces a hexadecimal (base 16) constant.
+             Suffix L indicates a long value (at least 32 bits).
+
+      /* Table of CRCs of all 8-bit messages. */
+      unsigned long crc_table[256];
+
+      /* Flag: has the table been computed? Initially false. */
+      int crc_table_computed = 0;
+
+      /* Make the table for a fast CRC. */
+      void make_crc_table(void)
+      {
+        unsigned long c;
+
+
+
+Deutsch                      Informational                     [Page 11]
+
+RFC 1952             GZIP File Format Specification             May 1996
+
+
+        int n, k;
+        for (n = 0; n < 256; n++) {
+          c = (unsigned long) n;
+          for (k = 0; k < 8; k++) {
+            if (c & 1) {
+              c = 0xedb88320L ^ (c >> 1);
+            } else {
+              c = c >> 1;
+            }
+          }
+          crc_table[n] = c;
+        }
+        crc_table_computed = 1;
+      }
+
+      /*
+         Update a running crc with the bytes buf[0..len-1] and return
+       the updated crc. The crc should be initialized to zero. Pre- and
+       post-conditioning (one's complement) is performed within this
+       function so it shouldn't be done by the caller. Usage example:
+
+         unsigned long crc = 0L;
+
+         while (read_buffer(buffer, length) != EOF) {
+           crc = update_crc(crc, buffer, length);
+         }
+         if (crc != original_crc) error();
+      */
+      unsigned long update_crc(unsigned long crc,
+                      unsigned char *buf, int len)
+      {
+        unsigned long c = crc ^ 0xffffffffL;
+        int n;
+
+        if (!crc_table_computed)
+          make_crc_table();
+        for (n = 0; n < len; n++) {
+          c = crc_table[(c ^ buf[n]) & 0xff] ^ (c >> 8);
+        }
+        return c ^ 0xffffffffL;
+      }
+
+      /* Return the CRC of the bytes buf[0..len-1]. */
+      unsigned long crc(unsigned char *buf, int len)
+      {
+        return update_crc(0L, buf, len);
+      }
+
+
+
+
+Deutsch                      Informational                     [Page 12]
+
diff --git a/zlib-1.3.1/doc/txtvsbin.txt b/zlib-1.3.1/doc/txtvsbin.txt
new file mode 100644
index 00000000..2a901eaa
--- /dev/null
+++ b/zlib-1.3.1/doc/txtvsbin.txt
@@ -0,0 +1,107 @@
+A Fast Method for Identifying Plain Text Files
+==============================================
+
+
+Introduction
+------------
+
+Given a file coming from an unknown source, it is sometimes desirable
+to find out whether the format of that file is plain text.  Although
+this may appear like a simple task, a fully accurate detection of the
+file type requires heavy-duty semantic analysis on the file contents.
+It is, however, possible to obtain satisfactory results by employing
+various heuristics.
+
+Previous versions of PKZip and other zip-compatible compression tools
+were using a crude detection scheme: if more than 80% (4/5) of the bytes
+found in a certain buffer are within the range [7..127], the file is
+labeled as plain text, otherwise it is labeled as binary.  A prominent
+limitation of this scheme is the restriction to Latin-based alphabets.
+Other alphabets, like Greek, Cyrillic or Asian, make extensive use of
+the bytes within the range [128..255], and texts using these alphabets
+are most often misidentified by this scheme; in other words, the rate
+of false negatives is sometimes too high, which means that the recall
+is low.  Another weakness of this scheme is a reduced precision, due to
+the false positives that may occur when binary files containing large
+amounts of textual characters are misidentified as plain text.
+
+In this article we propose a new, simple detection scheme that features
+a much increased precision and a near-100% recall.  This scheme is
+designed to work on ASCII, Unicode and other ASCII-derived alphabets,
+and it handles single-byte encodings (ISO-8859, MacRoman, KOI8, etc.)
+and variable-sized encodings (ISO-2022, UTF-8, etc.).  Wider encodings
+(UCS-2/UTF-16 and UCS-4/UTF-32) are not handled, however.
+
+
+The Algorithm
+-------------
+
+The algorithm works by dividing the set of bytecodes [0..255] into three
+categories:
+- The allow list of textual bytecodes:
+  9 (TAB), 10 (LF), 13 (CR), 32 (SPACE) to 255.
+- The gray list of tolerated bytecodes:
+  7 (BEL), 8 (BS), 11 (VT), 12 (FF), 26 (SUB), 27 (ESC).
+- The block list of undesired, non-textual bytecodes:
+  0 (NUL) to 6, 14 to 31.
+
+If a file contains at least one byte that belongs to the allow list and
+no byte that belongs to the block list, then the file is categorized as
+plain text; otherwise, it is categorized as binary.  (The boundary case,
+when the file is empty, automatically falls into the latter category.)
+
+
+Rationale
+---------
+
+The idea behind this algorithm relies on two observations.
+
+The first observation is that, although the full range of 7-bit codes
+[0..127] is properly specified by the ASCII standard, most control
+characters in the range [0..31] are not used in practice.  The only
+widely-used, almost universally-portable control codes are 9 (TAB),
+10 (LF) and 13 (CR).  There are a few more control codes that are
+recognized on a reduced range of platforms and text viewers/editors:
+7 (BEL), 8 (BS), 11 (VT), 12 (FF), 26 (SUB) and 27 (ESC); but these
+codes are rarely (if ever) used alone, without being accompanied by
+some printable text.  Even the newer, portable text formats such as
+XML avoid using control characters outside the list mentioned here.
+
+The second observation is that most of the binary files tend to contain
+control characters, especially 0 (NUL).  Even though the older text
+detection schemes observe the presence of non-ASCII codes from the range
+[128..255], the precision rarely has to suffer if this upper range is
+labeled as textual, because the files that are genuinely binary tend to
+contain both control characters and codes from the upper range.  On the
+other hand, the upper range needs to be labeled as textual, because it
+is used by virtually all ASCII extensions.  In particular, this range is
+used for encoding non-Latin scripts.
+
+Since there is no counting involved, other than simply observing the
+presence or the absence of some byte values, the algorithm produces
+consistent results, regardless what alphabet encoding is being used.
+(If counting were involved, it could be possible to obtain different
+results on a text encoded, say, using ISO-8859-16 versus UTF-8.)
+
+There is an extra category of plain text files that are "polluted" with
+one or more block-listed codes, either by mistake or by peculiar design
+considerations.  In such cases, a scheme that tolerates a small fraction
+of block-listed codes would provide an increased recall (i.e. more true
+positives).  This, however, incurs a reduced precision overall, since
+false positives are more likely to appear in binary files that contain
+large chunks of textual data.  Furthermore, "polluted" plain text should
+be regarded as binary by general-purpose text detection schemes, because
+general-purpose text processing algorithms might not be applicable.
+Under this premise, it is safe to say that our detection method provides
+a near-100% recall.
+
+Experiments have been run on many files coming from various platforms
+and applications.  We tried plain text files, system logs, source code,
+formatted office documents, compiled object code, etc.  The results
+confirm the optimistic assumptions about the capabilities of this
+algorithm.
+
+
+--
+Cosmin Truta
+Last updated: 2006-May-28
diff --git a/zlib-1.3.1/examples/README.examples b/zlib-1.3.1/examples/README.examples
new file mode 100644
index 00000000..e3a4b88b
--- /dev/null
+++ b/zlib-1.3.1/examples/README.examples
@@ -0,0 +1,54 @@
+This directory contains examples of the use of zlib and other relevant
+programs and documentation.
+
+enough.c
+    calculation and justification of ENOUGH parameter in inftrees.h
+    - calculates the maximum table space used in inflate tree
+      construction over all possible Huffman codes
+
+fitblk.c
+    compress just enough input to nearly fill a requested output size
+    - zlib isn't designed to do this, but fitblk does it anyway
+
+gun.c
+    uncompress a gzip file
+    - illustrates the use of inflateBack() for high speed file-to-file
+      decompression using call-back functions
+    - is approximately twice as fast as gzip -d
+    - also provides Unix uncompress functionality, again twice as fast
+
+gzappend.c
+    append to a gzip file
+    - illustrates the use of the Z_BLOCK flush parameter for inflate()
+    - illustrates the use of deflatePrime() to start at any bit
+
+gzjoin.c
+    join gzip files without recalculating the crc or recompressing
+    - illustrates the use of the Z_BLOCK flush parameter for inflate()
+    - illustrates the use of crc32_combine()
+
+gzlog.c
+gzlog.h
+    efficiently and robustly maintain a message log file in gzip format
+    - illustrates use of raw deflate, Z_PARTIAL_FLUSH, deflatePrime(),
+      and deflateSetDictionary()
+    - illustrates use of a gzip header extra field
+
+gznorm.c
+    normalize a gzip file by combining members into a single member
+    - demonstrates how to concatenate deflate streams using Z_BLOCK
+
+zlib_how.html
+    painfully comprehensive description of zpipe.c (see below)
+    - describes in excruciating detail the use of deflate() and inflate()
+
+zpipe.c
+    reads and writes zlib streams from stdin to stdout
+    - illustrates the proper use of deflate() and inflate()
+    - deeply commented in zlib_how.html (see above)
+
+zran.c
+zran.h
+    index a zlib or gzip stream and randomly access it
+    - illustrates the use of Z_BLOCK, inflatePrime(), and
+      inflateSetDictionary() to provide random access
diff --git a/zlib-1.3.1/examples/enough.c b/zlib-1.3.1/examples/enough.c
new file mode 100644
index 00000000..8a3cade4
--- /dev/null
+++ b/zlib-1.3.1/examples/enough.c
@@ -0,0 +1,597 @@
+/* enough.c -- determine the maximum size of inflate's Huffman code tables over
+ * all possible valid and complete prefix codes, subject to a length limit.
+ * Copyright (C) 2007, 2008, 2012, 2018 Mark Adler
+ * Version 1.5  5 August 2018  Mark Adler
+ */
+
+/* Version history:
+   1.0   3 Jan 2007  First version (derived from codecount.c version 1.4)
+   1.1   4 Jan 2007  Use faster incremental table usage computation
+                     Prune examine() search on previously visited states
+   1.2   5 Jan 2007  Comments clean up
+                     As inflate does, decrease root for short codes
+                     Refuse cases where inflate would increase root
+   1.3  17 Feb 2008  Add argument for initial root table size
+                     Fix bug for initial root table size == max - 1
+                     Use a macro to compute the history index
+   1.4  18 Aug 2012  Avoid shifts more than bits in type (caused endless loop!)
+                     Clean up comparisons of different types
+                     Clean up code indentation
+   1.5   5 Aug 2018  Clean up code style, formatting, and comments
+                     Show all the codes for the maximum, and only the maximum
+ */
+
+/*
+   Examine all possible prefix codes for a given number of symbols and a
+   maximum code length in bits to determine the maximum table size for zlib's
+   inflate. Only complete prefix codes are counted.
+
+   Two codes are considered distinct if the vectors of the number of codes per
+   length are not identical. So permutations of the symbol assignments result
+   in the same code for the counting, as do permutations of the assignments of
+   the bit values to the codes (i.e. only canonical codes are counted).
+
+   We build a code from shorter to longer lengths, determining how many symbols
+   are coded at each length. At each step, we have how many symbols remain to
+   be coded, what the last code length used was, and how many bit patterns of
+   that length remain unused. Then we add one to the code length and double the
+   number of unused patterns to graduate to the next code length. We then
+   assign all portions of the remaining symbols to that code length that
+   preserve the properties of a correct and eventually complete code. Those
+   properties are: we cannot use more bit patterns than are available; and when
+   all the symbols are used, there are exactly zero possible bit patterns left
+   unused.
+
+   The inflate Huffman decoding algorithm uses two-level lookup tables for
+   speed. There is a single first-level table to decode codes up to root bits
+   in length (root == 9 for literal/length codes and root == 6 for distance
+   codes, in the current inflate implementation). The base table has 1 << root
+   entries and is indexed by the next root bits of input. Codes shorter than
+   root bits have replicated table entries, so that the correct entry is
+   pointed to regardless of the bits that follow the short code. If the code is
+   longer than root bits, then the table entry points to a second-level table.
+   The size of that table is determined by the longest code with that root-bit
+   prefix. If that longest code has length len, then the table has size 1 <<
+   (len - root), to index the remaining bits in that set of codes. Each
+   subsequent root-bit prefix then has its own sub-table. The total number of
+   table entries required by the code is calculated incrementally as the number
+   of codes at each bit length is populated. When all of the codes are shorter
+   than root bits, then root is reduced to the longest code length, resulting
+   in a single, smaller, one-level table.
+
+   The inflate algorithm also provides for small values of root (relative to
+   the log2 of the number of symbols), where the shortest code has more bits
+   than root. In that case, root is increased to the length of the shortest
+   code. This program, by design, does not handle that case, so it is verified
+   that the number of symbols is less than 1 << (root + 1).
+
+   In order to speed up the examination (by about ten orders of magnitude for
+   the default arguments), the intermediate states in the build-up of a code
+   are remembered and previously visited branches are pruned. The memory
+   required for this will increase rapidly with the total number of symbols and
+   the maximum code length in bits. However this is a very small price to pay
+   for the vast speedup.
+
+   First, all of the possible prefix codes are counted, and reachable
+   intermediate states are noted by a non-zero count in a saved-results array.
+   Second, the intermediate states that lead to (root + 1) bit or longer codes
+   are used to look at all sub-codes from those junctures for their inflate
+   memory usage. (The amount of memory used is not affected by the number of
+   codes of root bits or less in length.)  Third, the visited states in the
+   construction of those sub-codes and the associated calculation of the table
+   size is recalled in order to avoid recalculating from the same juncture.
+   Beginning the code examination at (root + 1) bit codes, which is enabled by
+   identifying the reachable nodes, accounts for about six of the orders of
+   magnitude of improvement for the default arguments. About another four
+   orders of magnitude come from not revisiting previous states. Out of
+   approximately 2x10^16 possible prefix codes, only about 2x10^6 sub-codes
+   need to be examined to cover all of the possible table memory usage cases
+   for the default arguments of 286 symbols limited to 15-bit codes.
+
+   Note that the uintmax_t type is used for counting. It is quite easy to
+   exceed the capacity of an eight-byte integer with a large number of symbols
+   and a large maximum code length, so multiple-precision arithmetic would need
+   to replace the integer arithmetic in that case. This program will abort if
+   an overflow occurs. The big_t type identifies where the counting takes
+   place.
+
+   The uintmax_t type is also used for calculating the number of possible codes
+   remaining at the maximum length. This limits the maximum code length to the
+   number of bits in a long long minus the number of bits needed to represent
+   the symbols in a flat code. The code_t type identifies where the bit-pattern
+   counting takes place.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <assert.h>
+
+#define local static
+
+// Special data types.
+typedef uintmax_t big_t;    // type for code counting
+#define PRIbig "ju"         // printf format for big_t
+typedef uintmax_t code_t;   // type for bit pattern counting
+struct tab {                // type for been-here check
+    size_t len;             // allocated length of bit vector in octets
+    char *vec;              // allocated bit vector
+};
+
+/* The array for saving results, num[], is indexed with this triplet:
+
+      syms: number of symbols remaining to code
+      left: number of available bit patterns at length len
+      len: number of bits in the codes currently being assigned
+
+   Those indices are constrained thusly when saving results:
+
+      syms: 3..totsym (totsym == total symbols to code)
+      left: 2..syms - 1, but only the evens (so syms == 8 -> 2, 4, 6)
+      len: 1..max - 1 (max == maximum code length in bits)
+
+   syms == 2 is not saved since that immediately leads to a single code. left
+   must be even, since it represents the number of available bit patterns at
+   the current length, which is double the number at the previous length. left
+   ends at syms-1 since left == syms immediately results in a single code.
+   (left > sym is not allowed since that would result in an incomplete code.)
+   len is less than max, since the code completes immediately when len == max.
+
+   The offset into the array is calculated for the three indices with the first
+   one (syms) being outermost, and the last one (len) being innermost. We build
+   the array with length max-1 lists for the len index, with syms-3 of those
+   for each symbol. There are totsym-2 of those, with each one varying in
+   length as a function of sym. See the calculation of index in map() for the
+   index, and the calculation of size in main() for the size of the array.
+
+   For the deflate example of 286 symbols limited to 15-bit codes, the array
+   has 284,284 entries, taking up 2.17 MB for an 8-byte big_t. More than half
+   of the space allocated for saved results is actually used -- not all
+   possible triplets are reached in the generation of valid prefix codes.
+ */
+
+/* The array for tracking visited states, done[], is itself indexed identically
+   to the num[] array as described above for the (syms, left, len) triplet.
+   Each element in the array is further indexed by the (mem, rem) doublet,
+   where mem is the amount of inflate table space used so far, and rem is the
+   remaining unused entries in the current inflate sub-table. Each indexed
+   element is simply one bit indicating whether the state has been visited or
+   not. Since the ranges for mem and rem are not known a priori, each bit
+   vector is of a variable size, and grows as needed to accommodate the visited
+   states. mem and rem are used to calculate a single index in a triangular
+   array. Since the range of mem is expected in the default case to be about
+   ten times larger than the range of rem, the array is skewed to reduce the
+   memory usage, with eight times the range for mem than for rem. See the
+   calculations for offset and bit in been_here() for the details.
+
+   For the deflate example of 286 symbols limited to 15-bit codes, the bit
+   vectors grow to total 5.5 MB, in addition to the 4.3 MB done array itself.
+ */
+
+// Type for a variable-length, allocated string.
+typedef struct {
+    char *str;          // pointer to allocated string
+    size_t size;        // size of allocation
+    size_t len;         // length of string, not including terminating zero
+} string_t;
+
+// Clear a string_t.
+local void string_clear(string_t *s) {
+    s->str[0] = 0;
+    s->len = 0;
+}
+
+// Initialize a string_t.
+local void string_init(string_t *s) {
+    s->size = 16;
+    s->str = malloc(s->size);
+    assert(s->str != NULL && "out of memory");
+    string_clear(s);
+}
+
+// Release the allocation of a string_t.
+local void string_free(string_t *s) {
+    free(s->str);
+    s->str = NULL;
+    s->size = 0;
+    s->len = 0;
+}
+
+// Save the results of printf with fmt and the subsequent argument list to s.
+// Each call appends to s. The allocated space for s is increased as needed.
+local void string_printf(string_t *s, char *fmt, ...) {
+    va_list ap;
+    va_start(ap, fmt);
+    size_t len = s->len;
+    int ret = vsnprintf(s->str + len, s->size - len, fmt, ap);
+    assert(ret >= 0 && "out of memory");
+    s->len += ret;
+    if (s->size < s->len + 1) {
+        do {
+            s->size <<= 1;
+            assert(s->size != 0 && "overflow");
+        } while (s->size < s->len + 1);
+        s->str = realloc(s->str, s->size);
+        assert(s->str != NULL && "out of memory");
+        vsnprintf(s->str + len, s->size - len, fmt, ap);
+    }
+    va_end(ap);
+}
+
+// Globals to avoid propagating constants or constant pointers recursively.
+struct {
+    int max;            // maximum allowed bit length for the codes
+    int root;           // size of base code table in bits
+    int large;          // largest code table so far
+    size_t size;        // number of elements in num and done
+    big_t tot;          // total number of codes with maximum tables size
+    string_t out;       // display of subcodes for maximum tables size
+    int *code;          // number of symbols assigned to each bit length
+    big_t *num;         // saved results array for code counting
+    struct tab *done;   // states already evaluated array
+} g;
+
+// Index function for num[] and done[].
+local inline size_t map(int syms, int left, int len) {
+    return ((size_t)((syms - 1) >> 1) * ((syms - 2) >> 1) +
+            (left >> 1) - 1) * (g.max - 1) +
+           len - 1;
+}
+
+// Free allocated space in globals.
+local void cleanup(void) {
+    if (g.done != NULL) {
+        for (size_t n = 0; n < g.size; n++)
+            if (g.done[n].len)
+                free(g.done[n].vec);
+        g.size = 0;
+        free(g.done);   g.done = NULL;
+    }
+    free(g.num);    g.num = NULL;
+    free(g.code);   g.code = NULL;
+    string_free(&g.out);
+}
+
+// Return the number of possible prefix codes using bit patterns of lengths len
+// through max inclusive, coding syms symbols, with left bit patterns of length
+// len unused -- return -1 if there is an overflow in the counting. Keep a
+// record of previous results in num to prevent repeating the same calculation.
+local big_t count(int syms, int left, int len) {
+    // see if only one possible code
+    if (syms == left)
+        return 1;
+
+    // note and verify the expected state
+    assert(syms > left && left > 0 && len < g.max);
+
+    // see if we've done this one already
+    size_t index = map(syms, left, len);
+    big_t got = g.num[index];
+    if (got)
+        return got;         // we have -- return the saved result
+
+    // we need to use at least this many bit patterns so that the code won't be
+    // incomplete at the next length (more bit patterns than symbols)
+    int least = (left << 1) - syms;
+    if (least < 0)
+        least = 0;
+
+    // we can use at most this many bit patterns, lest there not be enough
+    // available for the remaining symbols at the maximum length (if there were
+    // no limit to the code length, this would become: most = left - 1)
+    int most = (((code_t)left << (g.max - len)) - syms) /
+               (((code_t)1 << (g.max - len)) - 1);
+
+    // count all possible codes from this juncture and add them up
+    big_t sum = 0;
+    for (int use = least; use <= most; use++) {
+        got = count(syms - use, (left - use) << 1, len + 1);
+        sum += got;
+        if (got == (big_t)-1 || sum < got)      // overflow
+            return (big_t)-1;
+    }
+
+    // verify that all recursive calls are productive
+    assert(sum != 0);
+
+    // save the result and return it
+    g.num[index] = sum;
+    return sum;
+}
+
+// Return true if we've been here before, set to true if not. Set a bit in a
+// bit vector to indicate visiting this state. Each (syms,len,left) state has a
+// variable size bit vector indexed by (mem,rem). The bit vector is lengthened
+// as needed to allow setting the (mem,rem) bit.
+local int been_here(int syms, int left, int len, int mem, int rem) {
+    // point to vector for (syms,left,len), bit in vector for (mem,rem)
+    size_t index = map(syms, left, len);
+    mem -= 1 << g.root;             // mem always includes the root table
+    mem >>= 1;                      // mem and rem are always even
+    rem >>= 1;
+    size_t offset = (mem >> 3) + rem;
+    offset = ((offset * (offset + 1)) >> 1) + rem;
+    int bit = 1 << (mem & 7);
+
+    // see if we've been here
+    size_t length = g.done[index].len;
+    if (offset < length && (g.done[index].vec[offset] & bit) != 0)
+        return 1;       // done this!
+
+    // we haven't been here before -- set the bit to show we have now
+
+    // see if we need to lengthen the vector in order to set the bit
+    if (length <= offset) {
+        // if we have one already, enlarge it, zero out the appended space
+        char *vector;
+        if (length) {
+            do {
+                length <<= 1;
+            } while (length <= offset);
+            vector = realloc(g.done[index].vec, length);
+            assert(vector != NULL && "out of memory");
+            memset(vector + g.done[index].len, 0, length - g.done[index].len);
+        }
+
+        // otherwise we need to make a new vector and zero it out
+        else {
+            length = 16;
+            while (length <= offset)
+                length <<= 1;
+            vector = calloc(length, 1);
+            assert(vector != NULL && "out of memory");
+        }
+
+        // install the new vector
+        g.done[index].len = length;
+        g.done[index].vec = vector;
+    }
+
+    // set the bit
+    g.done[index].vec[offset] |= bit;
+    return 0;
+}
+
+// Examine all possible codes from the given node (syms, len, left). Compute
+// the amount of memory required to build inflate's decoding tables, where the
+// number of code structures used so far is mem, and the number remaining in
+// the current sub-table is rem.
+local void examine(int syms, int left, int len, int mem, int rem) {
+    // see if we have a complete code
+    if (syms == left) {
+        // set the last code entry
+        g.code[len] = left;
+
+        // complete computation of memory used by this code
+        while (rem < left) {
+            left -= rem;
+            rem = 1 << (len - g.root);
+            mem += rem;
+        }
+        assert(rem == left);
+
+        // if this is at the maximum, show the sub-code
+        if (mem >= g.large) {
+            // if this is a new maximum, update the maximum and clear out the
+            // printed sub-codes from the previous maximum
+            if (mem > g.large) {
+                g.large = mem;
+                string_clear(&g.out);
+            }
+
+            // compute the starting state for this sub-code
+            syms = 0;
+            left = 1 << g.max;
+            for (int bits = g.max; bits > g.root; bits--) {
+                syms += g.code[bits];
+                left -= g.code[bits];
+                assert((left & 1) == 0);
+                left >>= 1;
+            }
+
+            // print the starting state and the resulting sub-code to g.out
+            string_printf(&g.out, "<%u, %u, %u>:",
+                          syms, g.root + 1, ((1 << g.root) - left) << 1);
+            for (int bits = g.root + 1; bits <= g.max; bits++)
+                if (g.code[bits])
+                    string_printf(&g.out, " %d[%d]", g.code[bits], bits);
+            string_printf(&g.out, "\n");
+        }
+
+        // remove entries as we drop back down in the recursion
+        g.code[len] = 0;
+        return;
+    }
+
+    // prune the tree if we can
+    if (been_here(syms, left, len, mem, rem))
+        return;
+
+    // we need to use at least this many bit patterns so that the code won't be
+    // incomplete at the next length (more bit patterns than symbols)
+    int least = (left << 1) - syms;
+    if (least < 0)
+        least = 0;
+
+    // we can use at most this many bit patterns, lest there not be enough
+    // available for the remaining symbols at the maximum length (if there were
+    // no limit to the code length, this would become: most = left - 1)
+    int most = (((code_t)left << (g.max - len)) - syms) /
+               (((code_t)1 << (g.max - len)) - 1);
+
+    // occupy least table spaces, creating new sub-tables as needed
+    int use = least;
+    while (rem < use) {
+        use -= rem;
+        rem = 1 << (len - g.root);
+        mem += rem;
+    }
+    rem -= use;
+
+    // examine codes from here, updating table space as we go
+    for (use = least; use <= most; use++) {
+        g.code[len] = use;
+        examine(syms - use, (left - use) << 1, len + 1,
+                mem + (rem ? 1 << (len - g.root) : 0), rem << 1);
+        if (rem == 0) {
+            rem = 1 << (len - g.root);
+            mem += rem;
+        }
+        rem--;
+    }
+
+    // remove entries as we drop back down in the recursion
+    g.code[len] = 0;
+}
+
+// Look at all sub-codes starting with root + 1 bits. Look at only the valid
+// intermediate code states (syms, left, len). For each completed code,
+// calculate the amount of memory required by inflate to build the decoding
+// tables. Find the maximum amount of memory required and show the codes that
+// require that maximum.
+local void enough(int syms) {
+    // clear code
+    for (int n = 0; n <= g.max; n++)
+        g.code[n] = 0;
+
+    // look at all (root + 1) bit and longer codes
+    string_clear(&g.out);           // empty saved results
+    g.large = 1 << g.root;          // base table
+    if (g.root < g.max)             // otherwise, there's only a base table
+        for (int n = 3; n <= syms; n++)
+            for (int left = 2; left < n; left += 2) {
+                // look at all reachable (root + 1) bit nodes, and the
+                // resulting codes (complete at root + 2 or more)
+                size_t index = map(n, left, g.root + 1);
+                if (g.root + 1 < g.max && g.num[index]) // reachable node
+                    examine(n, left, g.root + 1, 1 << g.root, 0);
+
+                // also look at root bit codes with completions at root + 1
+                // bits (not saved in num, since complete), just in case
+                if (g.num[index - 1] && n <= left << 1)
+                    examine((n - left) << 1, (n - left) << 1, g.root + 1,
+                            1 << g.root, 0);
+            }
+
+    // done
+    printf("maximum of %d table entries for root = %d\n", g.large, g.root);
+    fputs(g.out.str, stdout);
+}
+
+// Examine and show the total number of possible prefix codes for a given
+// maximum number of symbols, initial root table size, and maximum code length
+// in bits -- those are the command arguments in that order. The default values
+// are 286, 9, and 15 respectively, for the deflate literal/length code. The
+// possible codes are counted for each number of coded symbols from two to the
+// maximum. The counts for each of those and the total number of codes are
+// shown. The maximum number of inflate table entries is then calculated across
+// all possible codes. Each new maximum number of table entries and the
+// associated sub-code (starting at root + 1 == 10 bits) is shown.
+//
+// To count and examine prefix codes that are not length-limited, provide a
+// maximum length equal to the number of symbols minus one.
+//
+// For the deflate literal/length code, use "enough". For the deflate distance
+// code, use "enough 30 6".
+int main(int argc, char **argv) {
+    // set up globals for cleanup()
+    g.code = NULL;
+    g.num = NULL;
+    g.done = NULL;
+    string_init(&g.out);
+
+    // get arguments -- default to the deflate literal/length code
+    int syms = 286;
+    g.root = 9;
+    g.max = 15;
+    if (argc > 1) {
+        syms = atoi(argv[1]);
+        if (argc > 2) {
+            g.root = atoi(argv[2]);
+            if (argc > 3)
+                g.max = atoi(argv[3]);
+        }
+    }
+    if (argc > 4 || syms < 2 || g.root < 1 || g.max < 1) {
+        fputs("invalid arguments, need: [sym >= 2 [root >= 1 [max >= 1]]]\n",
+              stderr);
+        return 1;
+    }
+
+    // if not restricting the code length, the longest is syms - 1
+    if (g.max > syms - 1)
+        g.max = syms - 1;
+
+    // determine the number of bits in a code_t
+    int bits = 0;
+    for (code_t word = 1; word; word <<= 1)
+        bits++;
+
+    // make sure that the calculation of most will not overflow
+    if (g.max > bits || (code_t)(syms - 2) >= ((code_t)-1 >> (g.max - 1))) {
+        fputs("abort: code length too long for internal types\n", stderr);
+        return 1;
+    }
+
+    // reject impossible code requests
+    if ((code_t)(syms - 1) > ((code_t)1 << g.max) - 1) {
+        fprintf(stderr, "%d symbols cannot be coded in %d bits\n",
+                syms, g.max);
+        return 1;
+    }
+
+    // allocate code vector
+    g.code = calloc(g.max + 1, sizeof(int));
+    assert(g.code != NULL && "out of memory");
+
+    // determine size of saved results array, checking for overflows,
+    // allocate and clear the array (set all to zero with calloc())
+    if (syms == 2)              // iff max == 1
+        g.num = NULL;           // won't be saving any results
+    else {
+        g.size = syms >> 1;
+        int n = (syms - 1) >> 1;
+        assert(g.size <= (size_t)-1 / n && "overflow");
+        g.size *= n;
+        n = g.max - 1;
+        assert(g.size <= (size_t)-1 / n && "overflow");
+        g.size *= n;
+        g.num = calloc(g.size, sizeof(big_t));
+        assert(g.num != NULL && "out of memory");
+    }
+
+    // count possible codes for all numbers of symbols, add up counts
+    big_t sum = 0;
+    for (int n = 2; n <= syms; n++) {
+        big_t got = count(n, 2, 1);
+        sum += got;
+        assert(got != (big_t)-1 && sum >= got && "overflow");
+    }
+    printf("%"PRIbig" total codes for 2 to %d symbols", sum, syms);
+    if (g.max < syms - 1)
+        printf(" (%d-bit length limit)\n", g.max);
+    else
+        puts(" (no length limit)");
+
+    // allocate and clear done array for been_here()
+    if (syms == 2)
+        g.done = NULL;
+    else {
+        g.done = calloc(g.size, sizeof(struct tab));
+        assert(g.done != NULL && "out of memory");
+    }
+
+    // find and show maximum inflate table usage
+    if (g.root > g.max)             // reduce root to max length
+        g.root = g.max;
+    if ((code_t)syms < ((code_t)1 << (g.root + 1)))
+        enough(syms);
+    else
+        fputs("cannot handle minimum code lengths > root", stderr);
+
+    // done
+    cleanup();
+    return 0;
+}
diff --git a/zlib-1.3.1/examples/fitblk.c b/zlib-1.3.1/examples/fitblk.c
new file mode 100644
index 00000000..723dc002
--- /dev/null
+++ b/zlib-1.3.1/examples/fitblk.c
@@ -0,0 +1,233 @@
+/* fitblk.c: example of fitting compressed output to a specified size
+   Not copyrighted -- provided to the public domain
+   Version 1.1  25 November 2004  Mark Adler */
+
+/* Version history:
+   1.0  24 Nov 2004  First version
+   1.1  25 Nov 2004  Change deflateInit2() to deflateInit()
+                     Use fixed-size, stack-allocated raw buffers
+                     Simplify code moving compression to subroutines
+                     Use assert() for internal errors
+                     Add detailed description of approach
+ */
+
+/* Approach to just fitting a requested compressed size:
+
+   fitblk performs three compression passes on a portion of the input
+   data in order to determine how much of that input will compress to
+   nearly the requested output block size.  The first pass generates
+   enough deflate blocks to produce output to fill the requested
+   output size plus a specified excess amount (see the EXCESS define
+   below).  The last deflate block may go quite a bit past that, but
+   is discarded.  The second pass decompresses and recompresses just
+   the compressed data that fit in the requested plus excess sized
+   buffer.  The deflate process is terminated after that amount of
+   input, which is less than the amount consumed on the first pass.
+   The last deflate block of the result will be of a comparable size
+   to the final product, so that the header for that deflate block and
+   the compression ratio for that block will be about the same as in
+   the final product.  The third compression pass decompresses the
+   result of the second step, but only the compressed data up to the
+   requested size minus an amount to allow the compressed stream to
+   complete (see the MARGIN define below).  That will result in a
+   final compressed stream whose length is less than or equal to the
+   requested size.  Assuming sufficient input and a requested size
+   greater than a few hundred bytes, the shortfall will typically be
+   less than ten bytes.
+
+   If the input is short enough that the first compression completes
+   before filling the requested output size, then that compressed
+   stream is return with no recompression.
+
+   EXCESS is chosen to be just greater than the shortfall seen in a
+   two pass approach similar to the above.  That shortfall is due to
+   the last deflate block compressing more efficiently with a smaller
+   header on the second pass.  EXCESS is set to be large enough so
+   that there is enough uncompressed data for the second pass to fill
+   out the requested size, and small enough so that the final deflate
+   block of the second pass will be close in size to the final deflate
+   block of the third and final pass.  MARGIN is chosen to be just
+   large enough to assure that the final compression has enough room
+   to complete in all cases.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include "zlib.h"
+
+#define local static
+
+/* print nastygram and leave */
+local void quit(char *why)
+{
+    fprintf(stderr, "fitblk abort: %s\n", why);
+    exit(1);
+}
+
+#define RAWLEN 4096    /* intermediate uncompressed buffer size */
+
+/* compress from file to def until provided buffer is full or end of
+   input reached; return last deflate() return value, or Z_ERRNO if
+   there was read error on the file */
+local int partcompress(FILE *in, z_streamp def)
+{
+    int ret, flush;
+    unsigned char raw[RAWLEN];
+
+    flush = Z_NO_FLUSH;
+    do {
+        def->avail_in = fread(raw, 1, RAWLEN, in);
+        if (ferror(in))
+            return Z_ERRNO;
+        def->next_in = raw;
+        if (feof(in))
+            flush = Z_FINISH;
+        ret = deflate(def, flush);
+        assert(ret != Z_STREAM_ERROR);
+    } while (def->avail_out != 0 && flush == Z_NO_FLUSH);
+    return ret;
+}
+
+/* recompress from inf's input to def's output; the input for inf and
+   the output for def are set in those structures before calling;
+   return last deflate() return value, or Z_MEM_ERROR if inflate()
+   was not able to allocate enough memory when it needed to */
+local int recompress(z_streamp inf, z_streamp def)
+{
+    int ret, flush;
+    unsigned char raw[RAWLEN];
+
+    flush = Z_NO_FLUSH;
+    do {
+        /* decompress */
+        inf->avail_out = RAWLEN;
+        inf->next_out = raw;
+        ret = inflate(inf, Z_NO_FLUSH);
+        assert(ret != Z_STREAM_ERROR && ret != Z_DATA_ERROR &&
+               ret != Z_NEED_DICT);
+        if (ret == Z_MEM_ERROR)
+            return ret;
+
+        /* compress what was decompressed until done or no room */
+        def->avail_in = RAWLEN - inf->avail_out;
+        def->next_in = raw;
+        if (inf->avail_out != 0)
+            flush = Z_FINISH;
+        ret = deflate(def, flush);
+        assert(ret != Z_STREAM_ERROR);
+    } while (ret != Z_STREAM_END && def->avail_out != 0);
+    return ret;
+}
+
+#define EXCESS 256      /* empirically determined stream overage */
+#define MARGIN 8        /* amount to back off for completion */
+
+/* compress from stdin to fixed-size block on stdout */
+int main(int argc, char **argv)
+{
+    int ret;                /* return code */
+    unsigned size;          /* requested fixed output block size */
+    unsigned have;          /* bytes written by deflate() call */
+    unsigned char *blk;     /* intermediate and final stream */
+    unsigned char *tmp;     /* close to desired size stream */
+    z_stream def, inf;      /* zlib deflate and inflate states */
+
+    /* get requested output size */
+    if (argc != 2)
+        quit("need one argument: size of output block");
+    ret = strtol(argv[1], argv + 1, 10);
+    if (argv[1][0] != 0)
+        quit("argument must be a number");
+    if (ret < 8)            /* 8 is minimum zlib stream size */
+        quit("need positive size of 8 or greater");
+    size = (unsigned)ret;
+
+    /* allocate memory for buffers and compression engine */
+    blk = malloc(size + EXCESS);
+    def.zalloc = Z_NULL;
+    def.zfree = Z_NULL;
+    def.opaque = Z_NULL;
+    ret = deflateInit(&def, Z_DEFAULT_COMPRESSION);
+    if (ret != Z_OK || blk == NULL)
+        quit("out of memory");
+
+    /* compress from stdin until output full, or no more input */
+    def.avail_out = size + EXCESS;
+    def.next_out = blk;
+    ret = partcompress(stdin, &def);
+    if (ret == Z_ERRNO)
+        quit("error reading input");
+
+    /* if it all fit, then size was undersubscribed -- done! */
+    if (ret == Z_STREAM_END && def.avail_out >= EXCESS) {
+        /* write block to stdout */
+        have = size + EXCESS - def.avail_out;
+        if (fwrite(blk, 1, have, stdout) != have || ferror(stdout))
+            quit("error writing output");
+
+        /* clean up and print results to stderr */
+        ret = deflateEnd(&def);
+        assert(ret != Z_STREAM_ERROR);
+        free(blk);
+        fprintf(stderr,
+                "%u bytes unused out of %u requested (all input)\n",
+                size - have, size);
+        return 0;
+    }
+
+    /* it didn't all fit -- set up for recompression */
+    inf.zalloc = Z_NULL;
+    inf.zfree = Z_NULL;
+    inf.opaque = Z_NULL;
+    inf.avail_in = 0;
+    inf.next_in = Z_NULL;
+    ret = inflateInit(&inf);
+    tmp = malloc(size + EXCESS);
+    if (ret != Z_OK || tmp == NULL)
+        quit("out of memory");
+    ret = deflateReset(&def);
+    assert(ret != Z_STREAM_ERROR);
+
+    /* do first recompression close to the right amount */
+    inf.avail_in = size + EXCESS;
+    inf.next_in = blk;
+    def.avail_out = size + EXCESS;
+    def.next_out = tmp;
+    ret = recompress(&inf, &def);
+    if (ret == Z_MEM_ERROR)
+        quit("out of memory");
+
+    /* set up for next recompression */
+    ret = inflateReset(&inf);
+    assert(ret != Z_STREAM_ERROR);
+    ret = deflateReset(&def);
+    assert(ret != Z_STREAM_ERROR);
+
+    /* do second and final recompression (third compression) */
+    inf.avail_in = size - MARGIN;   /* assure stream will complete */
+    inf.next_in = tmp;
+    def.avail_out = size;
+    def.next_out = blk;
+    ret = recompress(&inf, &def);
+    if (ret == Z_MEM_ERROR)
+        quit("out of memory");
+    assert(ret == Z_STREAM_END);    /* otherwise MARGIN too small */
+
+    /* done -- write block to stdout */
+    have = size - def.avail_out;
+    if (fwrite(blk, 1, have, stdout) != have || ferror(stdout))
+        quit("error writing output");
+
+    /* clean up and print results to stderr */
+    free(tmp);
+    ret = inflateEnd(&inf);
+    assert(ret != Z_STREAM_ERROR);
+    ret = deflateEnd(&def);
+    assert(ret != Z_STREAM_ERROR);
+    free(blk);
+    fprintf(stderr,
+            "%u bytes unused out of %u requested (%lu input)\n",
+            size - have, size, def.total_in);
+    return 0;
+}
diff --git a/zlib-1.3.1/examples/gun.c b/zlib-1.3.1/examples/gun.c
new file mode 100644
index 00000000..bea5497e
--- /dev/null
+++ b/zlib-1.3.1/examples/gun.c
@@ -0,0 +1,702 @@
+/* gun.c -- simple gunzip to give an example of the use of inflateBack()
+ * Copyright (C) 2003, 2005, 2008, 2010, 2012 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+   Version 1.7  12 August 2012  Mark Adler */
+
+/* Version history:
+   1.0  16 Feb 2003  First version for testing of inflateBack()
+   1.1  21 Feb 2005  Decompress concatenated gzip streams
+                     Remove use of "this" variable (C++ keyword)
+                     Fix return value for in()
+                     Improve allocation failure checking
+                     Add typecasting for void * structures
+                     Add -h option for command version and usage
+                     Add a bunch of comments
+   1.2  20 Mar 2005  Add Unix compress (LZW) decompression
+                     Copy file attributes from input file to output file
+   1.3  12 Jun 2005  Add casts for error messages [Oberhumer]
+   1.4   8 Dec 2006  LZW decompression speed improvements
+   1.5   9 Feb 2008  Avoid warning in latest version of gcc
+   1.6  17 Jan 2010  Avoid signed/unsigned comparison warnings
+   1.7  12 Aug 2012  Update for z_const usage in zlib 1.2.8
+ */
+
+/*
+   gun [ -t ] [ name ... ]
+
+   decompresses the data in the named gzip files.  If no arguments are given,
+   gun will decompress from stdin to stdout.  The names must end in .gz, -gz,
+   .z, -z, _z, or .Z.  The uncompressed data will be written to a file name
+   with the suffix stripped.  On success, the original file is deleted.  On
+   failure, the output file is deleted.  For most failures, the command will
+   continue to process the remaining names on the command line.  A memory
+   allocation failure will abort the command.  If -t is specified, then the
+   listed files or stdin will be tested as gzip files for integrity (without
+   checking for a proper suffix), no output will be written, and no files
+   will be deleted.
+
+   Like gzip, gun allows concatenated gzip streams and will decompress them,
+   writing all of the uncompressed data to the output.  Unlike gzip, gun allows
+   an empty file on input, and will produce no error writing an empty output
+   file.
+
+   gun will also decompress files made by Unix compress, which uses LZW
+   compression.  These files are automatically detected by virtue of their
+   magic header bytes.  Since the end of Unix compress stream is marked by the
+   end-of-file, they cannot be concatenated.  If a Unix compress stream is
+   encountered in an input file, it is the last stream in that file.
+
+   Like gunzip and uncompress, the file attributes of the original compressed
+   file are maintained in the final uncompressed file, to the extent that the
+   user permissions allow it.
+
+   On my Mac OS X PowerPC G4, gun is almost twice as fast as gunzip (version
+   1.2.4) is on the same file, when gun is linked with zlib 1.2.2.  Also the
+   LZW decompression provided by gun is about twice as fast as the standard
+   Unix uncompress command.
+ */
+
+/* external functions and related types and constants */
+#include <stdio.h>          /* fprintf() */
+#include <stdlib.h>         /* malloc(), free() */
+#include <string.h>         /* strerror(), strcmp(), strlen(), memcpy() */
+#include <errno.h>          /* errno */
+#include <fcntl.h>          /* open() */
+#include <unistd.h>         /* read(), write(), close(), chown(), unlink() */
+#include <sys/types.h>
+#include <sys/stat.h>       /* stat(), chmod() */
+#include <utime.h>          /* utime() */
+#include "zlib.h"           /* inflateBackInit(), inflateBack(), */
+                            /* inflateBackEnd(), crc32() */
+
+/* function declaration */
+#define local static
+
+/* buffer constants */
+#define SIZE 32768U         /* input and output buffer sizes */
+#define PIECE 16384         /* limits i/o chunks for 16-bit int case */
+
+/* structure for infback() to pass to input function in() -- it maintains the
+   input file and a buffer of size SIZE */
+struct ind {
+    int infile;
+    unsigned char *inbuf;
+};
+
+/* Load input buffer, assumed to be empty, and return bytes loaded and a
+   pointer to them.  read() is called until the buffer is full, or until it
+   returns end-of-file or error.  Return 0 on error. */
+local unsigned in(void *in_desc, z_const unsigned char **buf)
+{
+    int ret;
+    unsigned len;
+    unsigned char *next;
+    struct ind *me = (struct ind *)in_desc;
+
+    next = me->inbuf;
+    *buf = next;
+    len = 0;
+    do {
+        ret = PIECE;
+        if ((unsigned)ret > SIZE - len)
+            ret = (int)(SIZE - len);
+        ret = (int)read(me->infile, next, ret);
+        if (ret == -1) {
+            len = 0;
+            break;
+        }
+        next += ret;
+        len += ret;
+    } while (ret != 0 && len < SIZE);
+    return len;
+}
+
+/* structure for infback() to pass to output function out() -- it maintains the
+   output file, a running CRC-32 check on the output and the total number of
+   bytes output, both for checking against the gzip trailer.  (The length in
+   the gzip trailer is stored modulo 2^32, so it's ok if a long is 32 bits and
+   the output is greater than 4 GB.) */
+struct outd {
+    int outfile;
+    int check;                  /* true if checking crc and total */
+    unsigned long crc;
+    unsigned long total;
+};
+
+/* Write output buffer and update the CRC-32 and total bytes written.  write()
+   is called until all of the output is written or an error is encountered.
+   On success out() returns 0.  For a write failure, out() returns 1.  If the
+   output file descriptor is -1, then nothing is written.
+ */
+local int out(void *out_desc, unsigned char *buf, unsigned len)
+{
+    int ret;
+    struct outd *me = (struct outd *)out_desc;
+
+    if (me->check) {
+        me->crc = crc32(me->crc, buf, len);
+        me->total += len;
+    }
+    if (me->outfile != -1)
+        do {
+            ret = PIECE;
+            if ((unsigned)ret > len)
+                ret = (int)len;
+            ret = (int)write(me->outfile, buf, ret);
+            if (ret == -1)
+                return 1;
+            buf += ret;
+            len -= ret;
+        } while (len != 0);
+    return 0;
+}
+
+/* next input byte macro for use inside lunpipe() and gunpipe() */
+#define NEXT() (have ? 0 : (have = in(indp, &next)), \
+                last = have ? (have--, (int)(*next++)) : -1)
+
+/* memory for gunpipe() and lunpipe() --
+   the first 256 entries of prefix[] and suffix[] are never used, could
+   have offset the index, but it's faster to waste the memory */
+unsigned char inbuf[SIZE];              /* input buffer */
+unsigned char outbuf[SIZE];             /* output buffer */
+unsigned short prefix[65536];           /* index to LZW prefix string */
+unsigned char suffix[65536];            /* one-character LZW suffix */
+unsigned char match[65280 + 2];         /* buffer for reversed match or gzip
+                                           32K sliding window */
+
+/* throw out what's left in the current bits byte buffer (this is a vestigial
+   aspect of the compressed data format derived from an implementation that
+   made use of a special VAX machine instruction!) */
+#define FLUSHCODE() \
+    do { \
+        left = 0; \
+        rem = 0; \
+        if (chunk > have) { \
+            chunk -= have; \
+            have = 0; \
+            if (NEXT() == -1) \
+                break; \
+            chunk--; \
+            if (chunk > have) { \
+                chunk = have = 0; \
+                break; \
+            } \
+        } \
+        have -= chunk; \
+        next += chunk; \
+        chunk = 0; \
+    } while (0)
+
+/* Decompress a compress (LZW) file from indp to outfile.  The compress magic
+   header (two bytes) has already been read and verified.  There are have bytes
+   of buffered input at next.  strm is used for passing error information back
+   to gunpipe().
+
+   lunpipe() will return Z_OK on success, Z_BUF_ERROR for an unexpected end of
+   file, read error, or write error (a write error indicated by strm->next_in
+   not equal to Z_NULL), or Z_DATA_ERROR for invalid input.
+ */
+local int lunpipe(unsigned have, z_const unsigned char *next, struct ind *indp,
+                  int outfile, z_stream *strm)
+{
+    int last;                   /* last byte read by NEXT(), or -1 if EOF */
+    unsigned chunk;             /* bytes left in current chunk */
+    int left;                   /* bits left in rem */
+    unsigned rem;               /* unused bits from input */
+    int bits;                   /* current bits per code */
+    unsigned code;              /* code, table traversal index */
+    unsigned mask;              /* mask for current bits codes */
+    int max;                    /* maximum bits per code for this stream */
+    unsigned flags;             /* compress flags, then block compress flag */
+    unsigned end;               /* last valid entry in prefix/suffix tables */
+    unsigned temp;              /* current code */
+    unsigned prev;              /* previous code */
+    unsigned final;             /* last character written for previous code */
+    unsigned stack;             /* next position for reversed string */
+    unsigned outcnt;            /* bytes in output buffer */
+    struct outd outd;           /* output structure */
+    unsigned char *p;
+
+    /* set up output */
+    outd.outfile = outfile;
+    outd.check = 0;
+
+    /* process remainder of compress header -- a flags byte */
+    flags = NEXT();
+    if (last == -1)
+        return Z_BUF_ERROR;
+    if (flags & 0x60) {
+        strm->msg = (char *)"unknown lzw flags set";
+        return Z_DATA_ERROR;
+    }
+    max = flags & 0x1f;
+    if (max < 9 || max > 16) {
+        strm->msg = (char *)"lzw bits out of range";
+        return Z_DATA_ERROR;
+    }
+    if (max == 9)                           /* 9 doesn't really mean 9 */
+        max = 10;
+    flags &= 0x80;                          /* true if block compress */
+
+    /* clear table */
+    bits = 9;
+    mask = 0x1ff;
+    end = flags ? 256 : 255;
+
+    /* set up: get first 9-bit code, which is the first decompressed byte, but
+       don't create a table entry until the next code */
+    if (NEXT() == -1)                       /* no compressed data is ok */
+        return Z_OK;
+    final = prev = (unsigned)last;          /* low 8 bits of code */
+    if (NEXT() == -1)                       /* missing a bit */
+        return Z_BUF_ERROR;
+    if (last & 1) {                         /* code must be < 256 */
+        strm->msg = (char *)"invalid lzw code";
+        return Z_DATA_ERROR;
+    }
+    rem = (unsigned)last >> 1;              /* remaining 7 bits */
+    left = 7;
+    chunk = bits - 2;                       /* 7 bytes left in this chunk */
+    outbuf[0] = (unsigned char)final;       /* write first decompressed byte */
+    outcnt = 1;
+
+    /* decode codes */
+    stack = 0;
+    for (;;) {
+        /* if the table will be full after this, increment the code size */
+        if (end >= mask && bits < max) {
+            FLUSHCODE();
+            bits++;
+            mask <<= 1;
+            mask++;
+        }
+
+        /* get a code of length bits */
+        if (chunk == 0)                     /* decrement chunk modulo bits */
+            chunk = bits;
+        code = rem;                         /* low bits of code */
+        if (NEXT() == -1) {                 /* EOF is end of compressed data */
+            /* write remaining buffered output */
+            if (outcnt && out(&outd, outbuf, outcnt)) {
+                strm->next_in = outbuf;     /* signal write error */
+                return Z_BUF_ERROR;
+            }
+            return Z_OK;
+        }
+        code += (unsigned)last << left;     /* middle (or high) bits of code */
+        left += 8;
+        chunk--;
+        if (bits > left) {                  /* need more bits */
+            if (NEXT() == -1)               /* can't end in middle of code */
+                return Z_BUF_ERROR;
+            code += (unsigned)last << left; /* high bits of code */
+            left += 8;
+            chunk--;
+        }
+        code &= mask;                       /* mask to current code length */
+        left -= bits;                       /* number of unused bits */
+        rem = (unsigned)last >> (8 - left); /* unused bits from last byte */
+
+        /* process clear code (256) */
+        if (code == 256 && flags) {
+            FLUSHCODE();
+            bits = 9;                       /* initialize bits and mask */
+            mask = 0x1ff;
+            end = 255;                      /* empty table */
+            continue;                       /* get next code */
+        }
+
+        /* special code to reuse last match */
+        temp = code;                        /* save the current code */
+        if (code > end) {
+            /* Be picky on the allowed code here, and make sure that the code
+               we drop through (prev) will be a valid index so that random
+               input does not cause an exception.  The code != end + 1 check is
+               empirically derived, and not checked in the original uncompress
+               code.  If this ever causes a problem, that check could be safely
+               removed.  Leaving this check in greatly improves gun's ability
+               to detect random or corrupted input after a compress header.
+               In any case, the prev > end check must be retained. */
+            if (code != end + 1 || prev > end) {
+                strm->msg = (char *)"invalid lzw code";
+                return Z_DATA_ERROR;
+            }
+            match[stack++] = (unsigned char)final;
+            code = prev;
+        }
+
+        /* walk through linked list to generate output in reverse order */
+        p = match + stack;
+        while (code >= 256) {
+            *p++ = suffix[code];
+            code = prefix[code];
+        }
+        stack = p - match;
+        match[stack++] = (unsigned char)code;
+        final = code;
+
+        /* link new table entry */
+        if (end < mask) {
+            end++;
+            prefix[end] = (unsigned short)prev;
+            suffix[end] = (unsigned char)final;
+        }
+
+        /* set previous code for next iteration */
+        prev = temp;
+
+        /* write output in forward order */
+        while (stack > SIZE - outcnt) {
+            while (outcnt < SIZE)
+                outbuf[outcnt++] = match[--stack];
+            if (out(&outd, outbuf, outcnt)) {
+                strm->next_in = outbuf; /* signal write error */
+                return Z_BUF_ERROR;
+            }
+            outcnt = 0;
+        }
+        p = match + stack;
+        do {
+            outbuf[outcnt++] = *--p;
+        } while (p > match);
+        stack = 0;
+
+        /* loop for next code with final and prev as the last match, rem and
+           left provide the first 0..7 bits of the next code, end is the last
+           valid table entry */
+    }
+}
+
+/* Decompress a gzip file from infile to outfile.  strm is assumed to have been
+   successfully initialized with inflateBackInit().  The input file may consist
+   of a series of gzip streams, in which case all of them will be decompressed
+   to the output file.  If outfile is -1, then the gzip stream(s) integrity is
+   checked and nothing is written.
+
+   The return value is a zlib error code: Z_MEM_ERROR if out of memory,
+   Z_DATA_ERROR if the header or the compressed data is invalid, or if the
+   trailer CRC-32 check or length doesn't match, Z_BUF_ERROR if the input ends
+   prematurely or a write error occurs, or Z_ERRNO if junk (not a another gzip
+   stream) follows a valid gzip stream.
+ */
+local int gunpipe(z_stream *strm, int infile, int outfile)
+{
+    int ret, first, last;
+    unsigned have, flags, len;
+    z_const unsigned char *next = NULL;
+    struct ind ind, *indp;
+    struct outd outd;
+
+    /* setup input buffer */
+    ind.infile = infile;
+    ind.inbuf = inbuf;
+    indp = &ind;
+
+    /* decompress concatenated gzip streams */
+    have = 0;                               /* no input data read in yet */
+    first = 1;                              /* looking for first gzip header */
+    strm->next_in = Z_NULL;                 /* so Z_BUF_ERROR means EOF */
+    for (;;) {
+        /* look for the two magic header bytes for a gzip stream */
+        if (NEXT() == -1) {
+            ret = Z_OK;
+            break;                          /* empty gzip stream is ok */
+        }
+        if (last != 31 || (NEXT() != 139 && last != 157)) {
+            strm->msg = (char *)"incorrect header check";
+            ret = first ? Z_DATA_ERROR : Z_ERRNO;
+            break;                          /* not a gzip or compress header */
+        }
+        first = 0;                          /* next non-header is junk */
+
+        /* process a compress (LZW) file -- can't be concatenated after this */
+        if (last == 157) {
+            ret = lunpipe(have, next, indp, outfile, strm);
+            break;
+        }
+
+        /* process remainder of gzip header */
+        ret = Z_BUF_ERROR;
+        if (NEXT() != 8) {                  /* only deflate method allowed */
+            if (last == -1) break;
+            strm->msg = (char *)"unknown compression method";
+            ret = Z_DATA_ERROR;
+            break;
+        }
+        flags = NEXT();                     /* header flags */
+        NEXT();                             /* discard mod time, xflgs, os */
+        NEXT();
+        NEXT();
+        NEXT();
+        NEXT();
+        NEXT();
+        if (last == -1) break;
+        if (flags & 0xe0) {
+            strm->msg = (char *)"unknown header flags set";
+            ret = Z_DATA_ERROR;
+            break;
+        }
+        if (flags & 4) {                    /* extra field */
+            len = NEXT();
+            len += (unsigned)(NEXT()) << 8;
+            if (last == -1) break;
+            while (len > have) {
+                len -= have;
+                have = 0;
+                if (NEXT() == -1) break;
+                len--;
+            }
+            if (last == -1) break;
+            have -= len;
+            next += len;
+        }
+        if (flags & 8)                      /* file name */
+            while (NEXT() != 0 && last != -1)
+                ;
+        if (flags & 16)                     /* comment */
+            while (NEXT() != 0 && last != -1)
+                ;
+        if (flags & 2) {                    /* header crc */
+            NEXT();
+            NEXT();
+        }
+        if (last == -1) break;
+
+        /* set up output */
+        outd.outfile = outfile;
+        outd.check = 1;
+        outd.crc = crc32(0L, Z_NULL, 0);
+        outd.total = 0;
+
+        /* decompress data to output */
+        strm->next_in = next;
+        strm->avail_in = have;
+        ret = inflateBack(strm, in, indp, out, &outd);
+        if (ret != Z_STREAM_END) break;
+        next = strm->next_in;
+        have = strm->avail_in;
+        strm->next_in = Z_NULL;             /* so Z_BUF_ERROR means EOF */
+
+        /* check trailer */
+        ret = Z_BUF_ERROR;
+        if (NEXT() != (int)(outd.crc & 0xff) ||
+            NEXT() != (int)((outd.crc >> 8) & 0xff) ||
+            NEXT() != (int)((outd.crc >> 16) & 0xff) ||
+            NEXT() != (int)((outd.crc >> 24) & 0xff)) {
+            /* crc error */
+            if (last != -1) {
+                strm->msg = (char *)"incorrect data check";
+                ret = Z_DATA_ERROR;
+            }
+            break;
+        }
+        if (NEXT() != (int)(outd.total & 0xff) ||
+            NEXT() != (int)((outd.total >> 8) & 0xff) ||
+            NEXT() != (int)((outd.total >> 16) & 0xff) ||
+            NEXT() != (int)((outd.total >> 24) & 0xff)) {
+            /* length error */
+            if (last != -1) {
+                strm->msg = (char *)"incorrect length check";
+                ret = Z_DATA_ERROR;
+            }
+            break;
+        }
+
+        /* go back and look for another gzip stream */
+    }
+
+    /* clean up and return */
+    return ret;
+}
+
+/* Copy file attributes, from -> to, as best we can.  This is best effort, so
+   no errors are reported.  The mode bits, including suid, sgid, and the sticky
+   bit are copied (if allowed), the owner's user id and group id are copied
+   (again if allowed), and the access and modify times are copied. */
+local void copymeta(char *from, char *to)
+{
+    struct stat was;
+    struct utimbuf when;
+
+    /* get all of from's Unix meta data, return if not a regular file */
+    if (stat(from, &was) != 0 || (was.st_mode & S_IFMT) != S_IFREG)
+        return;
+
+    /* set to's mode bits, ignore errors */
+    (void)chmod(to, was.st_mode & 07777);
+
+    /* copy owner's user and group, ignore errors */
+    (void)chown(to, was.st_uid, was.st_gid);
+
+    /* copy access and modify times, ignore errors */
+    when.actime = was.st_atime;
+    when.modtime = was.st_mtime;
+    (void)utime(to, &when);
+}
+
+/* Decompress the file inname to the file outnname, of if test is true, just
+   decompress without writing and check the gzip trailer for integrity.  If
+   inname is NULL or an empty string, read from stdin.  If outname is NULL or
+   an empty string, write to stdout.  strm is a pre-initialized inflateBack
+   structure.  When appropriate, copy the file attributes from inname to
+   outname.
+
+   gunzip() returns 1 if there is an out-of-memory error or an unexpected
+   return code from gunpipe().  Otherwise it returns 0.
+ */
+local int gunzip(z_stream *strm, char *inname, char *outname, int test)
+{
+    int ret;
+    int infile, outfile;
+
+    /* open files */
+    if (inname == NULL || *inname == 0) {
+        inname = "-";
+        infile = 0;     /* stdin */
+    }
+    else {
+        infile = open(inname, O_RDONLY, 0);
+        if (infile == -1) {
+            fprintf(stderr, "gun cannot open %s\n", inname);
+            return 0;
+        }
+    }
+    if (test)
+        outfile = -1;
+    else if (outname == NULL || *outname == 0) {
+        outname = "-";
+        outfile = 1;    /* stdout */
+    }
+    else {
+        outfile = open(outname, O_CREAT | O_TRUNC | O_WRONLY, 0666);
+        if (outfile == -1) {
+            close(infile);
+            fprintf(stderr, "gun cannot create %s\n", outname);
+            return 0;
+        }
+    }
+    errno = 0;
+
+    /* decompress */
+    ret = gunpipe(strm, infile, outfile);
+    if (outfile > 2) close(outfile);
+    if (infile > 2) close(infile);
+
+    /* interpret result */
+    switch (ret) {
+    case Z_OK:
+    case Z_ERRNO:
+        if (infile > 2 && outfile > 2) {
+            copymeta(inname, outname);          /* copy attributes */
+            unlink(inname);
+        }
+        if (ret == Z_ERRNO)
+            fprintf(stderr, "gun warning: trailing garbage ignored in %s\n",
+                    inname);
+        break;
+    case Z_DATA_ERROR:
+        if (outfile > 2) unlink(outname);
+        fprintf(stderr, "gun data error on %s: %s\n", inname, strm->msg);
+        break;
+    case Z_MEM_ERROR:
+        if (outfile > 2) unlink(outname);
+        fprintf(stderr, "gun out of memory error--aborting\n");
+        return 1;
+    case Z_BUF_ERROR:
+        if (outfile > 2) unlink(outname);
+        if (strm->next_in != Z_NULL) {
+            fprintf(stderr, "gun write error on %s: %s\n",
+                    outname, strerror(errno));
+        }
+        else if (errno) {
+            fprintf(stderr, "gun read error on %s: %s\n",
+                    inname, strerror(errno));
+        }
+        else {
+            fprintf(stderr, "gun unexpected end of file on %s\n",
+                    inname);
+        }
+        break;
+    default:
+        if (outfile > 2) unlink(outname);
+        fprintf(stderr, "gun internal error--aborting\n");
+        return 1;
+    }
+    return 0;
+}
+
+/* Process the gun command line arguments.  See the command syntax near the
+   beginning of this source file. */
+int main(int argc, char **argv)
+{
+    int ret, len, test;
+    char *outname;
+    unsigned char *window;
+    z_stream strm;
+
+    /* initialize inflateBack state for repeated use */
+    window = match;                         /* reuse LZW match buffer */
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    ret = inflateBackInit(&strm, 15, window);
+    if (ret != Z_OK) {
+        fprintf(stderr, "gun out of memory error--aborting\n");
+        return 1;
+    }
+
+    /* decompress each file to the same name with the suffix removed */
+    argc--;
+    argv++;
+    test = 0;
+    if (argc && strcmp(*argv, "-h") == 0) {
+        fprintf(stderr, "gun 1.6 (17 Jan 2010)\n");
+        fprintf(stderr, "Copyright (C) 2003-2010 Mark Adler\n");
+        fprintf(stderr, "usage: gun [-t] [file1.gz [file2.Z ...]]\n");
+        return 0;
+    }
+    if (argc && strcmp(*argv, "-t") == 0) {
+        test = 1;
+        argc--;
+        argv++;
+    }
+    if (argc)
+        do {
+            if (test)
+                outname = NULL;
+            else {
+                len = (int)strlen(*argv);
+                if (strcmp(*argv + len - 3, ".gz") == 0 ||
+                    strcmp(*argv + len - 3, "-gz") == 0)
+                    len -= 3;
+                else if (strcmp(*argv + len - 2, ".z") == 0 ||
+                    strcmp(*argv + len - 2, "-z") == 0 ||
+                    strcmp(*argv + len - 2, "_z") == 0 ||
+                    strcmp(*argv + len - 2, ".Z") == 0)
+                    len -= 2;
+                else {
+                    fprintf(stderr, "gun error: no gz type on %s--skipping\n",
+                            *argv);
+                    continue;
+                }
+                outname = malloc(len + 1);
+                if (outname == NULL) {
+                    fprintf(stderr, "gun out of memory error--aborting\n");
+                    ret = 1;
+                    break;
+                }
+                memcpy(outname, *argv, len);
+                outname[len] = 0;
+            }
+            ret = gunzip(&strm, *argv, outname, test);
+            if (outname != NULL) free(outname);
+            if (ret) break;
+        } while (argv++, --argc);
+    else
+        ret = gunzip(&strm, NULL, NULL, test);
+
+    /* clean up */
+    inflateBackEnd(&strm);
+    return ret;
+}
diff --git a/zlib-1.3.1/examples/gzappend.c b/zlib-1.3.1/examples/gzappend.c
new file mode 100644
index 00000000..23e93cf6
--- /dev/null
+++ b/zlib-1.3.1/examples/gzappend.c
@@ -0,0 +1,504 @@
+/* gzappend -- command to append to a gzip file
+
+  Copyright (C) 2003, 2012 Mark Adler, all rights reserved
+  version 1.2, 11 Oct 2012
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the author be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Mark Adler    madler@alumni.caltech.edu
+ */
+
+/*
+ * Change history:
+ *
+ * 1.0  19 Oct 2003     - First version
+ * 1.1   4 Nov 2003     - Expand and clarify some comments and notes
+ *                      - Add version and copyright to help
+ *                      - Send help to stdout instead of stderr
+ *                      - Add some preemptive typecasts
+ *                      - Add L to constants in lseek() calls
+ *                      - Remove some debugging information in error messages
+ *                      - Use new data_type definition for zlib 1.2.1
+ *                      - Simplify and unify file operations
+ *                      - Finish off gzip file in gztack()
+ *                      - Use deflatePrime() instead of adding empty blocks
+ *                      - Keep gzip file clean on appended file read errors
+ *                      - Use in-place rotate instead of auxiliary buffer
+ *                        (Why you ask?  Because it was fun to write!)
+ * 1.2  11 Oct 2012     - Fix for proper z_const usage
+ *                      - Check for input buffer malloc failure
+ */
+
+/*
+   gzappend takes a gzip file and appends to it, compressing files from the
+   command line or data from stdin.  The gzip file is written to directly, to
+   avoid copying that file, in case it's large.  Note that this results in the
+   unfriendly behavior that if gzappend fails, the gzip file is corrupted.
+
+   This program was written to illustrate the use of the new Z_BLOCK option of
+   zlib 1.2.x's inflate() function.  This option returns from inflate() at each
+   block boundary to facilitate locating and modifying the last block bit at
+   the start of the final deflate block.  Also whether using Z_BLOCK or not,
+   another required feature of zlib 1.2.x is that inflate() now provides the
+   number of unused bits in the last input byte used.  gzappend will not work
+   with versions of zlib earlier than 1.2.1.
+
+   gzappend first decompresses the gzip file internally, discarding all but
+   the last 32K of uncompressed data, and noting the location of the last block
+   bit and the number of unused bits in the last byte of the compressed data.
+   The gzip trailer containing the CRC-32 and length of the uncompressed data
+   is verified.  This trailer will be later overwritten.
+
+   Then the last block bit is cleared by seeking back in the file and rewriting
+   the byte that contains it.  Seeking forward, the last byte of the compressed
+   data is saved along with the number of unused bits to initialize deflate.
+
+   A deflate process is initialized, using the last 32K of the uncompressed
+   data from the gzip file to initialize the dictionary.  If the total
+   uncompressed data was less than 32K, then all of it is used to initialize
+   the dictionary.  The deflate output bit buffer is also initialized with the
+   last bits from the original deflate stream.  From here on, the data to
+   append is simply compressed using deflate, and written to the gzip file.
+   When that is complete, the new CRC-32 and uncompressed length are written
+   as the trailer of the gzip file.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include "zlib.h"
+
+#define local static
+#define LGCHUNK 14
+#define CHUNK (1U << LGCHUNK)
+#define DSIZE 32768U
+
+/* print an error message and terminate with extreme prejudice */
+local void bye(char *msg1, char *msg2)
+{
+    fprintf(stderr, "gzappend error: %s%s\n", msg1, msg2);
+    exit(1);
+}
+
+/* return the greatest common divisor of a and b using Euclid's algorithm,
+   modified to be fast when one argument much greater than the other, and
+   coded to avoid unnecessary swapping */
+local unsigned gcd(unsigned a, unsigned b)
+{
+    unsigned c;
+
+    while (a && b)
+        if (a > b) {
+            c = b;
+            while (a - c >= c)
+                c <<= 1;
+            a -= c;
+        }
+        else {
+            c = a;
+            while (b - c >= c)
+                c <<= 1;
+            b -= c;
+        }
+    return a + b;
+}
+
+/* rotate list[0..len-1] left by rot positions, in place */
+local void rotate(unsigned char *list, unsigned len, unsigned rot)
+{
+    unsigned char tmp;
+    unsigned cycles;
+    unsigned char *start, *last, *to, *from;
+
+    /* normalize rot and handle degenerate cases */
+    if (len < 2) return;
+    if (rot >= len) rot %= len;
+    if (rot == 0) return;
+
+    /* pointer to last entry in list */
+    last = list + (len - 1);
+
+    /* do simple left shift by one */
+    if (rot == 1) {
+        tmp = *list;
+        memmove(list, list + 1, len - 1);
+        *last = tmp;
+        return;
+    }
+
+    /* do simple right shift by one */
+    if (rot == len - 1) {
+        tmp = *last;
+        memmove(list + 1, list, len - 1);
+        *list = tmp;
+        return;
+    }
+
+    /* otherwise do rotate as a set of cycles in place */
+    cycles = gcd(len, rot);             /* number of cycles */
+    do {
+        start = from = list + cycles;   /* start index is arbitrary */
+        tmp = *from;                    /* save entry to be overwritten */
+        for (;;) {
+            to = from;                  /* next step in cycle */
+            from += rot;                /* go right rot positions */
+            if (from > last) from -= len;   /* (pointer better not wrap) */
+            if (from == start) break;   /* all but one shifted */
+            *to = *from;                /* shift left */
+        }
+        *to = tmp;                      /* complete the circle */
+    } while (--cycles);
+}
+
+/* structure for gzip file read operations */
+typedef struct {
+    int fd;                     /* file descriptor */
+    int size;                   /* 1 << size is bytes in buf */
+    unsigned left;              /* bytes available at next */
+    unsigned char *buf;         /* buffer */
+    z_const unsigned char *next;    /* next byte in buffer */
+    char *name;                 /* file name for error messages */
+} file;
+
+/* reload buffer */
+local int readin(file *in)
+{
+    int len;
+
+    len = read(in->fd, in->buf, 1 << in->size);
+    if (len == -1) bye("error reading ", in->name);
+    in->left = (unsigned)len;
+    in->next = in->buf;
+    return len;
+}
+
+/* read from file in, exit if end-of-file */
+local int readmore(file *in)
+{
+    if (readin(in) == 0) bye("unexpected end of ", in->name);
+    return 0;
+}
+
+#define read1(in) (in->left == 0 ? readmore(in) : 0, \
+                   in->left--, *(in->next)++)
+
+/* skip over n bytes of in */
+local void skip(file *in, unsigned n)
+{
+    unsigned bypass;
+
+    if (n > in->left) {
+        n -= in->left;
+        bypass = n & ~((1U << in->size) - 1);
+        if (bypass) {
+            if (lseek(in->fd, (off_t)bypass, SEEK_CUR) == -1)
+                bye("seeking ", in->name);
+            n -= bypass;
+        }
+        readmore(in);
+        if (n > in->left)
+            bye("unexpected end of ", in->name);
+    }
+    in->left -= n;
+    in->next += n;
+}
+
+/* read a four-byte unsigned integer, little-endian, from in */
+unsigned long read4(file *in)
+{
+    unsigned long val;
+
+    val = read1(in);
+    val += (unsigned)read1(in) << 8;
+    val += (unsigned long)read1(in) << 16;
+    val += (unsigned long)read1(in) << 24;
+    return val;
+}
+
+/* skip over gzip header */
+local void gzheader(file *in)
+{
+    int flags;
+    unsigned n;
+
+    if (read1(in) != 31 || read1(in) != 139) bye(in->name, " not a gzip file");
+    if (read1(in) != 8) bye("unknown compression method in", in->name);
+    flags = read1(in);
+    if (flags & 0xe0) bye("unknown header flags set in", in->name);
+    skip(in, 6);
+    if (flags & 4) {
+        n = read1(in);
+        n += (unsigned)(read1(in)) << 8;
+        skip(in, n);
+    }
+    if (flags & 8) while (read1(in) != 0) ;
+    if (flags & 16) while (read1(in) != 0) ;
+    if (flags & 2) skip(in, 2);
+}
+
+/* decompress gzip file "name", return strm with a deflate stream ready to
+   continue compression of the data in the gzip file, and return a file
+   descriptor pointing to where to write the compressed data -- the deflate
+   stream is initialized to compress using level "level" */
+local int gzscan(char *name, z_stream *strm, int level)
+{
+    int ret, lastbit, left, full;
+    unsigned have;
+    unsigned long crc, tot;
+    unsigned char *window;
+    off_t lastoff, end;
+    file gz;
+
+    /* open gzip file */
+    gz.name = name;
+    gz.fd = open(name, O_RDWR, 0);
+    if (gz.fd == -1) bye("cannot open ", name);
+    gz.buf = malloc(CHUNK);
+    if (gz.buf == NULL) bye("out of memory", "");
+    gz.size = LGCHUNK;
+    gz.left = 0;
+
+    /* skip gzip header */
+    gzheader(&gz);
+
+    /* prepare to decompress */
+    window = malloc(DSIZE);
+    if (window == NULL) bye("out of memory", "");
+    strm->zalloc = Z_NULL;
+    strm->zfree = Z_NULL;
+    strm->opaque = Z_NULL;
+    ret = inflateInit2(strm, -15);
+    if (ret != Z_OK) bye("out of memory", " or library mismatch");
+
+    /* decompress the deflate stream, saving append information */
+    lastbit = 0;
+    lastoff = lseek(gz.fd, 0L, SEEK_CUR) - gz.left;
+    left = 0;
+    strm->avail_in = gz.left;
+    strm->next_in = gz.next;
+    crc = crc32(0L, Z_NULL, 0);
+    have = full = 0;
+    do {
+        /* if needed, get more input */
+        if (strm->avail_in == 0) {
+            readmore(&gz);
+            strm->avail_in = gz.left;
+            strm->next_in = gz.next;
+        }
+
+        /* set up output to next available section of sliding window */
+        strm->avail_out = DSIZE - have;
+        strm->next_out = window + have;
+
+        /* inflate and check for errors */
+        ret = inflate(strm, Z_BLOCK);
+        if (ret == Z_STREAM_ERROR) bye("internal stream error!", "");
+        if (ret == Z_MEM_ERROR) bye("out of memory", "");
+        if (ret == Z_DATA_ERROR)
+            bye("invalid compressed data--format violated in", name);
+
+        /* update crc and sliding window pointer */
+        crc = crc32(crc, window + have, DSIZE - have - strm->avail_out);
+        if (strm->avail_out)
+            have = DSIZE - strm->avail_out;
+        else {
+            have = 0;
+            full = 1;
+        }
+
+        /* process end of block */
+        if (strm->data_type & 128) {
+            if (strm->data_type & 64)
+                left = strm->data_type & 0x1f;
+            else {
+                lastbit = strm->data_type & 0x1f;
+                lastoff = lseek(gz.fd, 0L, SEEK_CUR) - strm->avail_in;
+            }
+        }
+    } while (ret != Z_STREAM_END);
+    inflateEnd(strm);
+    gz.left = strm->avail_in;
+    gz.next = strm->next_in;
+
+    /* save the location of the end of the compressed data */
+    end = lseek(gz.fd, 0L, SEEK_CUR) - gz.left;
+
+    /* check gzip trailer and save total for deflate */
+    if (crc != read4(&gz))
+        bye("invalid compressed data--crc mismatch in ", name);
+    tot = strm->total_out;
+    if ((tot & 0xffffffffUL) != read4(&gz))
+        bye("invalid compressed data--length mismatch in", name);
+
+    /* if not at end of file, warn */
+    if (gz.left || readin(&gz))
+        fprintf(stderr,
+            "gzappend warning: junk at end of gzip file overwritten\n");
+
+    /* clear last block bit */
+    lseek(gz.fd, lastoff - (lastbit != 0), SEEK_SET);
+    if (read(gz.fd, gz.buf, 1) != 1) bye("reading after seek on ", name);
+    *gz.buf = (unsigned char)(*gz.buf ^ (1 << ((8 - lastbit) & 7)));
+    lseek(gz.fd, -1L, SEEK_CUR);
+    if (write(gz.fd, gz.buf, 1) != 1) bye("writing after seek to ", name);
+
+    /* if window wrapped, build dictionary from window by rotating */
+    if (full) {
+        rotate(window, DSIZE, have);
+        have = DSIZE;
+    }
+
+    /* set up deflate stream with window, crc, total_in, and leftover bits */
+    ret = deflateInit2(strm, level, Z_DEFLATED, -15, 8, Z_DEFAULT_STRATEGY);
+    if (ret != Z_OK) bye("out of memory", "");
+    deflateSetDictionary(strm, window, have);
+    strm->adler = crc;
+    strm->total_in = tot;
+    if (left) {
+        lseek(gz.fd, --end, SEEK_SET);
+        if (read(gz.fd, gz.buf, 1) != 1) bye("reading after seek on ", name);
+        deflatePrime(strm, 8 - left, *gz.buf);
+    }
+    lseek(gz.fd, end, SEEK_SET);
+
+    /* clean up and return */
+    free(window);
+    free(gz.buf);
+    return gz.fd;
+}
+
+/* append file "name" to gzip file gd using deflate stream strm -- if last
+   is true, then finish off the deflate stream at the end */
+local void gztack(char *name, int gd, z_stream *strm, int last)
+{
+    int fd, len, ret;
+    unsigned left;
+    unsigned char *in, *out;
+
+    /* open file to compress and append */
+    fd = 0;
+    if (name != NULL) {
+        fd = open(name, O_RDONLY, 0);
+        if (fd == -1)
+            fprintf(stderr, "gzappend warning: %s not found, skipping ...\n",
+                    name);
+    }
+
+    /* allocate buffers */
+    in = malloc(CHUNK);
+    out = malloc(CHUNK);
+    if (in == NULL || out == NULL) bye("out of memory", "");
+
+    /* compress input file and append to gzip file */
+    do {
+        /* get more input */
+        len = read(fd, in, CHUNK);
+        if (len == -1) {
+            fprintf(stderr,
+                    "gzappend warning: error reading %s, skipping rest ...\n",
+                    name);
+            len = 0;
+        }
+        strm->avail_in = (unsigned)len;
+        strm->next_in = in;
+        if (len) strm->adler = crc32(strm->adler, in, (unsigned)len);
+
+        /* compress and write all available output */
+        do {
+            strm->avail_out = CHUNK;
+            strm->next_out = out;
+            ret = deflate(strm, last && len == 0 ? Z_FINISH : Z_NO_FLUSH);
+            left = CHUNK - strm->avail_out;
+            while (left) {
+                len = write(gd, out + CHUNK - strm->avail_out - left, left);
+                if (len == -1) bye("writing gzip file", "");
+                left -= (unsigned)len;
+            }
+        } while (strm->avail_out == 0 && ret != Z_STREAM_END);
+    } while (len != 0);
+
+    /* write trailer after last entry */
+    if (last) {
+        deflateEnd(strm);
+        out[0] = (unsigned char)(strm->adler);
+        out[1] = (unsigned char)(strm->adler >> 8);
+        out[2] = (unsigned char)(strm->adler >> 16);
+        out[3] = (unsigned char)(strm->adler >> 24);
+        out[4] = (unsigned char)(strm->total_in);
+        out[5] = (unsigned char)(strm->total_in >> 8);
+        out[6] = (unsigned char)(strm->total_in >> 16);
+        out[7] = (unsigned char)(strm->total_in >> 24);
+        len = 8;
+        do {
+            ret = write(gd, out + 8 - len, len);
+            if (ret == -1) bye("writing gzip file", "");
+            len -= ret;
+        } while (len);
+        close(gd);
+    }
+
+    /* clean up and return */
+    free(out);
+    free(in);
+    if (fd > 0) close(fd);
+}
+
+/* process the compression level option if present, scan the gzip file, and
+   append the specified files, or append the data from stdin if no other file
+   names are provided on the command line -- the gzip file must be writable
+   and seekable */
+int main(int argc, char **argv)
+{
+    int gd, level;
+    z_stream strm;
+
+    /* ignore command name */
+    argc--; argv++;
+
+    /* provide usage if no arguments */
+    if (*argv == NULL) {
+        printf(
+            "gzappend 1.2 (11 Oct 2012) Copyright (C) 2003, 2012 Mark Adler\n"
+               );
+        printf(
+            "usage: gzappend [-level] file.gz [ addthis [ andthis ... ]]\n");
+        return 0;
+    }
+
+    /* set compression level */
+    level = Z_DEFAULT_COMPRESSION;
+    if (argv[0][0] == '-') {
+        if (argv[0][1] < '0' || argv[0][1] > '9' || argv[0][2] != 0)
+            bye("invalid compression level", "");
+        level = argv[0][1] - '0';
+        if (*++argv == NULL) bye("no gzip file name after options", "");
+    }
+
+    /* prepare to append to gzip file */
+    gd = gzscan(*argv++, &strm, level);
+
+    /* append files on command line, or from stdin if none */
+    if (*argv == NULL)
+        gztack(NULL, gd, &strm, 1);
+    else
+        do {
+            gztack(*argv, gd, &strm, argv[1] == NULL);
+        } while (*++argv != NULL);
+    return 0;
+}
diff --git a/zlib-1.3.1/examples/gzjoin.c b/zlib-1.3.1/examples/gzjoin.c
new file mode 100644
index 00000000..89e80984
--- /dev/null
+++ b/zlib-1.3.1/examples/gzjoin.c
@@ -0,0 +1,449 @@
+/* gzjoin -- command to join gzip files into one gzip file
+
+  Copyright (C) 2004, 2005, 2012 Mark Adler, all rights reserved
+  version 1.2, 14 Aug 2012
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the author be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Mark Adler    madler@alumni.caltech.edu
+ */
+
+/*
+ * Change history:
+ *
+ * 1.0  11 Dec 2004     - First version
+ * 1.1  12 Jun 2005     - Changed ssize_t to long for portability
+ * 1.2  14 Aug 2012     - Clean up for z_const usage
+ */
+
+/*
+   gzjoin takes one or more gzip files on the command line and writes out a
+   single gzip file that will uncompress to the concatenation of the
+   uncompressed data from the individual gzip files.  gzjoin does this without
+   having to recompress any of the data and without having to calculate a new
+   crc32 for the concatenated uncompressed data.  gzjoin does however have to
+   decompress all of the input data in order to find the bits in the compressed
+   data that need to be modified to concatenate the streams.
+
+   gzjoin does not do an integrity check on the input gzip files other than
+   checking the gzip header and decompressing the compressed data.  They are
+   otherwise assumed to be complete and correct.
+
+   Each joint between gzip files removes at least 18 bytes of previous trailer
+   and subsequent header, and inserts an average of about three bytes to the
+   compressed data in order to connect the streams.  The output gzip file
+   has a minimal ten-byte gzip header with no file name or modification time.
+
+   This program was written to illustrate the use of the Z_BLOCK option of
+   inflate() and the crc32_combine() function.  gzjoin will not compile with
+   versions of zlib earlier than 1.2.3.
+ */
+
+#include <stdio.h>      /* fputs(), fprintf(), fwrite(), putc() */
+#include <stdlib.h>     /* exit(), malloc(), free() */
+#include <fcntl.h>      /* open() */
+#include <unistd.h>     /* close(), read(), lseek() */
+#include "zlib.h"
+    /* crc32(), crc32_combine(), inflateInit2(), inflate(), inflateEnd() */
+
+#define local static
+
+/* exit with an error (return a value to allow use in an expression) */
+local int bail(char *why1, char *why2)
+{
+    fprintf(stderr, "gzjoin error: %s%s, output incomplete\n", why1, why2);
+    exit(1);
+    return 0;
+}
+
+/* -- simple buffered file input with access to the buffer -- */
+
+#define CHUNK 32768         /* must be a power of two and fit in unsigned */
+
+/* bin buffered input file type */
+typedef struct {
+    char *name;             /* name of file for error messages */
+    int fd;                 /* file descriptor */
+    unsigned left;          /* bytes remaining at next */
+    unsigned char *next;    /* next byte to read */
+    unsigned char *buf;     /* allocated buffer of length CHUNK */
+} bin;
+
+/* close a buffered file and free allocated memory */
+local void bclose(bin *in)
+{
+    if (in != NULL) {
+        if (in->fd != -1)
+            close(in->fd);
+        if (in->buf != NULL)
+            free(in->buf);
+        free(in);
+    }
+}
+
+/* open a buffered file for input, return a pointer to type bin, or NULL on
+   failure */
+local bin *bopen(char *name)
+{
+    bin *in;
+
+    in = malloc(sizeof(bin));
+    if (in == NULL)
+        return NULL;
+    in->buf = malloc(CHUNK);
+    in->fd = open(name, O_RDONLY, 0);
+    if (in->buf == NULL || in->fd == -1) {
+        bclose(in);
+        return NULL;
+    }
+    in->left = 0;
+    in->next = in->buf;
+    in->name = name;
+    return in;
+}
+
+/* load buffer from file, return -1 on read error, 0 or 1 on success, with
+   1 indicating that end-of-file was reached */
+local int bload(bin *in)
+{
+    long len;
+
+    if (in == NULL)
+        return -1;
+    if (in->left != 0)
+        return 0;
+    in->next = in->buf;
+    do {
+        len = (long)read(in->fd, in->buf + in->left, CHUNK - in->left);
+        if (len < 0)
+            return -1;
+        in->left += (unsigned)len;
+    } while (len != 0 && in->left < CHUNK);
+    return len == 0 ? 1 : 0;
+}
+
+/* get a byte from the file, bail if end of file */
+#define bget(in) (in->left ? 0 : bload(in), \
+                  in->left ? (in->left--, *(in->next)++) : \
+                    bail("unexpected end of file on ", in->name))
+
+/* get a four-byte little-endian unsigned integer from file */
+local unsigned long bget4(bin *in)
+{
+    unsigned long val;
+
+    val = bget(in);
+    val += (unsigned long)(bget(in)) << 8;
+    val += (unsigned long)(bget(in)) << 16;
+    val += (unsigned long)(bget(in)) << 24;
+    return val;
+}
+
+/* skip bytes in file */
+local void bskip(bin *in, unsigned skip)
+{
+    /* check pointer */
+    if (in == NULL)
+        return;
+
+    /* easy case -- skip bytes in buffer */
+    if (skip <= in->left) {
+        in->left -= skip;
+        in->next += skip;
+        return;
+    }
+
+    /* skip what's in buffer, discard buffer contents */
+    skip -= in->left;
+    in->left = 0;
+
+    /* seek past multiples of CHUNK bytes */
+    if (skip > CHUNK) {
+        unsigned left;
+
+        left = skip & (CHUNK - 1);
+        if (left == 0) {
+            /* exact number of chunks: seek all the way minus one byte to check
+               for end-of-file with a read */
+            lseek(in->fd, skip - 1, SEEK_CUR);
+            if (read(in->fd, in->buf, 1) != 1)
+                bail("unexpected end of file on ", in->name);
+            return;
+        }
+
+        /* skip the integral chunks, update skip with remainder */
+        lseek(in->fd, skip - left, SEEK_CUR);
+        skip = left;
+    }
+
+    /* read more input and skip remainder */
+    bload(in);
+    if (skip > in->left)
+        bail("unexpected end of file on ", in->name);
+    in->left -= skip;
+    in->next += skip;
+}
+
+/* -- end of buffered input functions -- */
+
+/* skip the gzip header from file in */
+local void gzhead(bin *in)
+{
+    int flags;
+
+    /* verify gzip magic header and compression method */
+    if (bget(in) != 0x1f || bget(in) != 0x8b || bget(in) != 8)
+        bail(in->name, " is not a valid gzip file");
+
+    /* get and verify flags */
+    flags = bget(in);
+    if ((flags & 0xe0) != 0)
+        bail("unknown reserved bits set in ", in->name);
+
+    /* skip modification time, extra flags, and os */
+    bskip(in, 6);
+
+    /* skip extra field if present */
+    if (flags & 4) {
+        unsigned len;
+
+        len = bget(in);
+        len += (unsigned)(bget(in)) << 8;
+        bskip(in, len);
+    }
+
+    /* skip file name if present */
+    if (flags & 8)
+        while (bget(in) != 0)
+            ;
+
+    /* skip comment if present */
+    if (flags & 16)
+        while (bget(in) != 0)
+            ;
+
+    /* skip header crc if present */
+    if (flags & 2)
+        bskip(in, 2);
+}
+
+/* write a four-byte little-endian unsigned integer to out */
+local void put4(unsigned long val, FILE *out)
+{
+    putc(val & 0xff, out);
+    putc((val >> 8) & 0xff, out);
+    putc((val >> 16) & 0xff, out);
+    putc((val >> 24) & 0xff, out);
+}
+
+/* Load up zlib stream from buffered input, bail if end of file */
+local void zpull(z_streamp strm, bin *in)
+{
+    if (in->left == 0)
+        bload(in);
+    if (in->left == 0)
+        bail("unexpected end of file on ", in->name);
+    strm->avail_in = in->left;
+    strm->next_in = in->next;
+}
+
+/* Write header for gzip file to out and initialize trailer. */
+local void gzinit(unsigned long *crc, unsigned long *tot, FILE *out)
+{
+    fwrite("\x1f\x8b\x08\0\0\0\0\0\0\xff", 1, 10, out);
+    *crc = crc32(0L, Z_NULL, 0);
+    *tot = 0;
+}
+
+/* Copy the compressed data from name, zeroing the last block bit of the last
+   block if clr is true, and adding empty blocks as needed to get to a byte
+   boundary.  If clr is false, then the last block becomes the last block of
+   the output, and the gzip trailer is written.  crc and tot maintains the
+   crc and length (modulo 2^32) of the output for the trailer.  The resulting
+   gzip file is written to out.  gzinit() must be called before the first call
+   of gzcopy() to write the gzip header and to initialize crc and tot. */
+local void gzcopy(char *name, int clr, unsigned long *crc, unsigned long *tot,
+                  FILE *out)
+{
+    int ret;                /* return value from zlib functions */
+    int pos;                /* where the "last block" bit is in byte */
+    int last;               /* true if processing the last block */
+    bin *in;                /* buffered input file */
+    unsigned char *start;   /* start of compressed data in buffer */
+    unsigned char *junk;    /* buffer for uncompressed data -- discarded */
+    z_off_t len;            /* length of uncompressed data (support > 4 GB) */
+    z_stream strm;          /* zlib inflate stream */
+
+    /* open gzip file and skip header */
+    in = bopen(name);
+    if (in == NULL)
+        bail("could not open ", name);
+    gzhead(in);
+
+    /* allocate buffer for uncompressed data and initialize raw inflate
+       stream */
+    junk = malloc(CHUNK);
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit2(&strm, -15);
+    if (junk == NULL || ret != Z_OK)
+        bail("out of memory", "");
+
+    /* inflate and copy compressed data, clear last-block bit if requested */
+    len = 0;
+    zpull(&strm, in);
+    start = in->next;
+    last = start[0] & 1;
+    if (last && clr)
+        start[0] &= ~1;
+    strm.avail_out = 0;
+    for (;;) {
+        /* if input used and output done, write used input and get more */
+        if (strm.avail_in == 0 && strm.avail_out != 0) {
+            fwrite(start, 1, strm.next_in - start, out);
+            start = in->buf;
+            in->left = 0;
+            zpull(&strm, in);
+        }
+
+        /* decompress -- return early when end-of-block reached */
+        strm.avail_out = CHUNK;
+        strm.next_out = junk;
+        ret = inflate(&strm, Z_BLOCK);
+        switch (ret) {
+        case Z_MEM_ERROR:
+            bail("out of memory", "");
+        case Z_DATA_ERROR:
+            bail("invalid compressed data in ", in->name);
+        }
+
+        /* update length of uncompressed data */
+        len += CHUNK - strm.avail_out;
+
+        /* check for block boundary (only get this when block copied out) */
+        if (strm.data_type & 128) {
+            /* if that was the last block, then done */
+            if (last)
+                break;
+
+            /* number of unused bits in last byte */
+            pos = strm.data_type & 7;
+
+            /* find the next last-block bit */
+            if (pos != 0) {
+                /* next last-block bit is in last used byte */
+                pos = 0x100 >> pos;
+                last = strm.next_in[-1] & pos;
+                if (last && clr)
+                    in->buf[strm.next_in - in->buf - 1] &= ~pos;
+            }
+            else {
+                /* next last-block bit is in next unused byte */
+                if (strm.avail_in == 0) {
+                    /* don't have that byte yet -- get it */
+                    fwrite(start, 1, strm.next_in - start, out);
+                    start = in->buf;
+                    in->left = 0;
+                    zpull(&strm, in);
+                }
+                last = strm.next_in[0] & 1;
+                if (last && clr)
+                    in->buf[strm.next_in - in->buf] &= ~1;
+            }
+        }
+    }
+
+    /* update buffer with unused input */
+    in->left = strm.avail_in;
+    in->next = in->buf + (strm.next_in - in->buf);
+
+    /* copy used input, write empty blocks to get to byte boundary */
+    pos = strm.data_type & 7;
+    fwrite(start, 1, in->next - start - 1, out);
+    last = in->next[-1];
+    if (pos == 0 || !clr)
+        /* already at byte boundary, or last file: write last byte */
+        putc(last, out);
+    else {
+        /* append empty blocks to last byte */
+        last &= ((0x100 >> pos) - 1);       /* assure unused bits are zero */
+        if (pos & 1) {
+            /* odd -- append an empty stored block */
+            putc(last, out);
+            if (pos == 1)
+                putc(0, out);               /* two more bits in block header */
+            fwrite("\0\0\xff\xff", 1, 4, out);
+        }
+        else {
+            /* even -- append 1, 2, or 3 empty fixed blocks */
+            switch (pos) {
+            case 6:
+                putc(last | 8, out);
+                last = 0;
+            case 4:
+                putc(last | 0x20, out);
+                last = 0;
+            case 2:
+                putc(last | 0x80, out);
+                putc(0, out);
+            }
+        }
+    }
+
+    /* update crc and tot */
+    *crc = crc32_combine(*crc, bget4(in), len);
+    *tot += (unsigned long)len;
+
+    /* clean up */
+    inflateEnd(&strm);
+    free(junk);
+    bclose(in);
+
+    /* write trailer if this is the last gzip file */
+    if (!clr) {
+        put4(*crc, out);
+        put4(*tot, out);
+    }
+}
+
+/* join the gzip files on the command line, write result to stdout */
+int main(int argc, char **argv)
+{
+    unsigned long crc, tot;     /* running crc and total uncompressed length */
+
+    /* skip command name */
+    argc--;
+    argv++;
+
+    /* show usage if no arguments */
+    if (argc == 0) {
+        fputs("gzjoin usage: gzjoin f1.gz [f2.gz [f3.gz ...]] > fjoin.gz\n",
+              stderr);
+        return 0;
+    }
+
+    /* join gzip files on command line and write to stdout */
+    gzinit(&crc, &tot, stdout);
+    while (argc--)
+        gzcopy(*argv++, argc, &crc, &tot, stdout);
+
+    /* done */
+    return 0;
+}
diff --git a/zlib-1.3.1/examples/gzlog.c b/zlib-1.3.1/examples/gzlog.c
new file mode 100644
index 00000000..da1b02e7
--- /dev/null
+++ b/zlib-1.3.1/examples/gzlog.c
@@ -0,0 +1,1061 @@
+/*
+ * gzlog.c
+ * Copyright (C) 2004, 2008, 2012, 2016, 2019 Mark Adler, all rights reserved
+ * For conditions of distribution and use, see copyright notice in gzlog.h
+ * version 2.3, 25 May 2019
+ */
+
+/*
+   gzlog provides a mechanism for frequently appending short strings to a gzip
+   file that is efficient both in execution time and compression ratio.  The
+   strategy is to write the short strings in an uncompressed form to the end of
+   the gzip file, only compressing when the amount of uncompressed data has
+   reached a given threshold.
+
+   gzlog also provides protection against interruptions in the process due to
+   system crashes.  The status of the operation is recorded in an extra field
+   in the gzip file, and is only updated once the gzip file is brought to a
+   valid state.  The last data to be appended or compressed is saved in an
+   auxiliary file, so that if the operation is interrupted, it can be completed
+   the next time an append operation is attempted.
+
+   gzlog maintains another auxiliary file with the last 32K of data from the
+   compressed portion, which is preloaded for the compression of the subsequent
+   data.  This minimizes the impact to the compression ratio of appending.
+ */
+
+/*
+   Operations Concept:
+
+   Files (log name "foo"):
+   foo.gz -- gzip file with the complete log
+   foo.add -- last message to append or last data to compress
+   foo.dict -- dictionary of the last 32K of data for next compression
+   foo.temp -- temporary dictionary file for compression after this one
+   foo.lock -- lock file for reading and writing the other files
+   foo.repairs -- log file for log file recovery operations (not compressed)
+
+   gzip file structure:
+   - fixed-length (no file name) header with extra field (see below)
+   - compressed data ending initially with empty stored block
+   - uncompressed data filling out originally empty stored block and
+     subsequent stored blocks as needed (16K max each)
+   - gzip trailer
+   - no junk at end (no other gzip streams)
+
+   When appending data, the information in the first three items above plus the
+   foo.add file are sufficient to recover an interrupted append operation.  The
+   extra field has the necessary information to restore the start of the last
+   stored block and determine where to append the data in the foo.add file, as
+   well as the crc and length of the gzip data before the append operation.
+
+   The foo.add file is created before the gzip file is marked for append, and
+   deleted after the gzip file is marked as complete.  So if the append
+   operation is interrupted, the data to add will still be there.  If due to
+   some external force, the foo.add file gets deleted between when the append
+   operation was interrupted and when recovery is attempted, the gzip file will
+   still be restored, but without the appended data.
+
+   When compressing data, the information in the first two items above plus the
+   foo.add file are sufficient to recover an interrupted compress operation.
+   The extra field has the necessary information to find the end of the
+   compressed data, and contains both the crc and length of just the compressed
+   data and of the complete set of data including the contents of the foo.add
+   file.
+
+   Again, the foo.add file is maintained during the compress operation in case
+   of an interruption.  If in the unlikely event the foo.add file with the data
+   to be compressed is missing due to some external force, a gzip file with
+   just the previous compressed data will be reconstructed.  In this case, all
+   of the data that was to be compressed is lost (approximately one megabyte).
+   This will not occur if all that happened was an interruption of the compress
+   operation.
+
+   The third state that is marked is the replacement of the old dictionary with
+   the new dictionary after a compress operation.  Once compression is
+   complete, the gzip file is marked as being in the replace state.  This
+   completes the gzip file, so an interrupt after being so marked does not
+   result in recompression.  Then the dictionary file is replaced, and the gzip
+   file is marked as completed.  This state prevents the possibility of
+   restarting compression with the wrong dictionary file.
+
+   All three operations are wrapped by a lock/unlock procedure.  In order to
+   gain exclusive access to the log files, first a foo.lock file must be
+   exclusively created.  When all operations are complete, the lock is
+   released by deleting the foo.lock file.  If when attempting to create the
+   lock file, it already exists and the modify time of the lock file is more
+   than five minutes old (set by the PATIENCE define below), then the old
+   lock file is considered stale and deleted, and the exclusive creation of
+   the lock file is retried.  To assure that there are no false assessments
+   of the staleness of the lock file, the operations periodically touch the
+   lock file to update the modified date.
+
+   Following is the definition of the extra field with all of the information
+   required to enable the above append and compress operations and their
+   recovery if interrupted.  Multi-byte values are stored little endian
+   (consistent with the gzip format).  File pointers are eight bytes long.
+   The crc's and lengths for the gzip trailer are four bytes long.  (Note that
+   the length at the end of a gzip file is used for error checking only, and
+   for large files is actually the length modulo 2^32.)  The stored block
+   length is two bytes long.  The gzip extra field two-byte identification is
+   "ap" for append.  It is assumed that writing the extra field to the file is
+   an "atomic" operation.  That is, either all of the extra field is written
+   to the file, or none of it is, if the operation is interrupted right at the
+   point of updating the extra field.  This is a reasonable assumption, since
+   the extra field is within the first 52 bytes of the file, which is smaller
+   than any expected block size for a mass storage device (usually 512 bytes or
+   larger).
+
+   Extra field (35 bytes):
+   - Pointer to first stored block length -- this points to the two-byte length
+     of the first stored block, which is followed by the two-byte, one's
+     complement of that length.  The stored block length is preceded by the
+     three-bit header of the stored block, which is the actual start of the
+     stored block in the deflate format.  See the bit offset field below.
+   - Pointer to the last stored block length.  This is the same as above, but
+     for the last stored block of the uncompressed data in the gzip file.
+     Initially this is the same as the first stored block length pointer.
+     When the stored block gets to 16K (see the MAX_STORE define), then a new
+     stored block as added, at which point the last stored block length pointer
+     is different from the first stored block length pointer.  When they are
+     different, the first bit of the last stored block header is eight bits, or
+     one byte back from the block length.
+   - Compressed data crc and length.  This is the crc and length of the data
+     that is in the compressed portion of the deflate stream.  These are used
+     only in the event that the foo.add file containing the data to compress is
+     lost after a compress operation is interrupted.
+   - Total data crc and length.  This is the crc and length of all of the data
+     stored in the gzip file, compressed and uncompressed.  It is used to
+     reconstruct the gzip trailer when compressing, as well as when recovering
+     interrupted operations.
+   - Final stored block length.  This is used to quickly find where to append,
+     and allows the restoration of the original final stored block state when
+     an append operation is interrupted.
+   - First stored block start as the number of bits back from the final stored
+     block first length byte.  This value is in the range of 3..10, and is
+     stored as the low three bits of the final byte of the extra field after
+     subtracting three (0..7).  This allows the last-block bit of the stored
+     block header to be updated when a new stored block is added, for the case
+     when the first stored block and the last stored block are the same.  (When
+     they are different, the numbers of bits back is known to be eight.)  This
+     also allows for new compressed data to be appended to the old compressed
+     data in the compress operation, overwriting the previous first stored
+     block, or for the compressed data to be terminated and a valid gzip file
+     reconstructed on the off chance that a compression operation was
+     interrupted and the data to compress in the foo.add file was deleted.
+   - The operation in process.  This is the next two bits in the last byte (the
+     bits under the mask 0x18).  The are interpreted as 0: nothing in process,
+     1: append in process, 2: compress in process, 3: replace in process.
+   - The top three bits of the last byte in the extra field are reserved and
+     are currently set to zero.
+
+   Main procedure:
+   - Exclusively create the foo.lock file using the O_CREAT and O_EXCL modes of
+     the system open() call.  If the modify time of an existing lock file is
+     more than PATIENCE seconds old, then the lock file is deleted and the
+     exclusive create is retried.
+   - Load the extra field from the foo.gz file, and see if an operation was in
+     progress but not completed.  If so, apply the recovery procedure below.
+   - Perform the append procedure with the provided data.
+   - If the uncompressed data in the foo.gz file is 1MB or more, apply the
+     compress procedure.
+   - Delete the foo.lock file.
+
+   Append procedure:
+   - Put what to append in the foo.add file so that the operation can be
+     restarted if this procedure is interrupted.
+   - Mark the foo.gz extra field with the append operation in progress.
+   + Restore the original last-block bit and stored block length of the last
+     stored block from the information in the extra field, in case a previous
+     append operation was interrupted.
+   - Append the provided data to the last stored block, creating new stored
+     blocks as needed and updating the stored blocks last-block bits and
+     lengths.
+   - Update the crc and length with the new data, and write the gzip trailer.
+   - Write over the extra field (with a single write operation) with the new
+     pointers, lengths, and crc's, and mark the gzip file as not in process.
+     Though there is still a foo.add file, it will be ignored since nothing
+     is in process.  If a foo.add file is leftover from a previously
+     completed operation, it is truncated when writing new data to it.
+   - Delete the foo.add file.
+
+   Compress and replace procedures:
+   - Read all of the uncompressed data in the stored blocks in foo.gz and write
+     it to foo.add.  Also write foo.temp with the last 32K of that data to
+     provide a dictionary for the next invocation of this procedure.
+   - Rewrite the extra field marking foo.gz with a compression in process.
+   * If there is no data provided to compress (due to a missing foo.add file
+     when recovering), reconstruct and truncate the foo.gz file to contain
+     only the previous compressed data and proceed to the step after the next
+     one.  Otherwise ...
+   - Compress the data with the dictionary in foo.dict, and write to the
+     foo.gz file starting at the bit immediately following the last previously
+     compressed block.  If there is no foo.dict, proceed anyway with the
+     compression at slightly reduced efficiency.  (For the foo.dict file to be
+     missing requires some external failure beyond simply the interruption of
+     a compress operation.)  During this process, the foo.lock file is
+     periodically touched to assure that that file is not considered stale by
+     another process before we're done.  The deflation is terminated with a
+     non-last empty static block (10 bits long), that is then located and
+     written over by a last-bit-set empty stored block.
+   - Append the crc and length of the data in the gzip file (previously
+     calculated during the append operations).
+   - Write over the extra field with the updated stored block offsets, bits
+     back, crc's, and lengths, and mark foo.gz as in process for a replacement
+     of the dictionary.
+   @ Delete the foo.add file.
+   - Replace foo.dict with foo.temp.
+   - Write over the extra field, marking foo.gz as complete.
+
+   Recovery procedure:
+   - If not a replace recovery, read in the foo.add file, and provide that data
+     to the appropriate recovery below.  If there is no foo.add file, provide
+     a zero data length to the recovery.  In that case, the append recovery
+     restores the foo.gz to the previous compressed + uncompressed data state.
+     For the compress recovery, a missing foo.add file results in foo.gz being
+     restored to the previous compressed-only data state.
+   - Append recovery:
+     - Pick up append at + step above
+   - Compress recovery:
+     - Pick up compress at * step above
+   - Replace recovery:
+     - Pick up compress at @ step above
+   - Log the repair with a date stamp in foo.repairs
+ */
+
+#include <sys/types.h>
+#include <stdio.h>      /* rename, fopen, fprintf, fclose */
+#include <stdlib.h>     /* malloc, free */
+#include <string.h>     /* strlen, strrchr, strcpy, strncpy, strcmp */
+#include <fcntl.h>      /* open */
+#include <unistd.h>     /* lseek, read, write, close, unlink, sleep, */
+                        /* ftruncate, fsync */
+#include <errno.h>      /* errno */
+#include <time.h>       /* time, ctime */
+#include <sys/stat.h>   /* stat */
+#include <sys/time.h>   /* utimes */
+#include "zlib.h"       /* crc32 */
+
+#include "gzlog.h"      /* header for external access */
+
+#define local static
+typedef unsigned int uint;
+typedef unsigned long ulong;
+
+/* Macro for debugging to deterministically force recovery operations */
+#ifdef GZLOG_DEBUG
+    #include <setjmp.h>         /* longjmp */
+    jmp_buf gzlog_jump;         /* where to go back to */
+    int gzlog_bail = 0;         /* which point to bail at (1..8) */
+    int gzlog_count = -1;       /* number of times through to wait */
+#   define BAIL(n) do { if (n == gzlog_bail && gzlog_count-- == 0) \
+                            longjmp(gzlog_jump, gzlog_bail); } while (0)
+#else
+#   define BAIL(n)
+#endif
+
+/* how old the lock file can be in seconds before considering it stale */
+#define PATIENCE 300
+
+/* maximum stored block size in Kbytes -- must be in 1..63 */
+#define MAX_STORE 16
+
+/* number of stored Kbytes to trigger compression (must be >= 32 to allow
+   dictionary construction, and <= 204 * MAX_STORE, in order for >> 10 to
+   discard the stored block headers contribution of five bytes each) */
+#define TRIGGER 1024
+
+/* size of a deflate dictionary (this cannot be changed) */
+#define DICT 32768U
+
+/* values for the operation (2 bits) */
+#define NO_OP 0
+#define APPEND_OP 1
+#define COMPRESS_OP 2
+#define REPLACE_OP 3
+
+/* macros to extract little-endian integers from an unsigned byte buffer */
+#define PULL2(p) ((p)[0]+((uint)((p)[1])<<8))
+#define PULL4(p) (PULL2(p)+((ulong)PULL2(p+2)<<16))
+#define PULL8(p) (PULL4(p)+((off_t)PULL4(p+4)<<32))
+
+/* macros to store integers into a byte buffer in little-endian order */
+#define PUT2(p,a) do {(p)[0]=a;(p)[1]=(a)>>8;} while(0)
+#define PUT4(p,a) do {PUT2(p,a);PUT2(p+2,a>>16);} while(0)
+#define PUT8(p,a) do {PUT4(p,a);PUT4(p+4,a>>32);} while(0)
+
+/* internal structure for log information */
+#define LOGID "\106\035\172"    /* should be three non-zero characters */
+struct log {
+    char id[4];     /* contains LOGID to detect inadvertent overwrites */
+    int fd;         /* file descriptor for .gz file, opened read/write */
+    char *path;     /* allocated path, e.g. "/var/log/foo" or "foo" */
+    char *end;      /* end of path, for appending suffices such as ".gz" */
+    off_t first;    /* offset of first stored block first length byte */
+    int back;       /* location of first block id in bits back from first */
+    uint stored;    /* bytes currently in last stored block */
+    off_t last;     /* offset of last stored block first length byte */
+    ulong ccrc;     /* crc of compressed data */
+    ulong clen;     /* length (modulo 2^32) of compressed data */
+    ulong tcrc;     /* crc of total data */
+    ulong tlen;     /* length (modulo 2^32) of total data */
+    time_t lock;    /* last modify time of our lock file */
+};
+
+/* gzip header for gzlog */
+local unsigned char log_gzhead[] = {
+    0x1f, 0x8b,                 /* magic gzip id */
+    8,                          /* compression method is deflate */
+    4,                          /* there is an extra field (no file name) */
+    0, 0, 0, 0,                 /* no modification time provided */
+    0, 0xff,                    /* no extra flags, no OS specified */
+    39, 0, 'a', 'p', 35, 0      /* extra field with "ap" subfield */
+                                /* 35 is EXTRA, 39 is EXTRA + 4 */
+};
+
+#define HEAD sizeof(log_gzhead)     /* should be 16 */
+
+/* initial gzip extra field content (52 == HEAD + EXTRA + 1) */
+local unsigned char log_gzext[] = {
+    52, 0, 0, 0, 0, 0, 0, 0,    /* offset of first stored block length */
+    52, 0, 0, 0, 0, 0, 0, 0,    /* offset of last stored block length */
+    0, 0, 0, 0, 0, 0, 0, 0,     /* compressed data crc and length */
+    0, 0, 0, 0, 0, 0, 0, 0,     /* total data crc and length */
+    0, 0,                       /* final stored block data length */
+    5                           /* op is NO_OP, last bit 8 bits back */
+};
+
+#define EXTRA sizeof(log_gzext)     /* should be 35 */
+
+/* initial gzip data and trailer */
+local unsigned char log_gzbody[] = {
+    1, 0, 0, 0xff, 0xff,        /* empty stored block (last) */
+    0, 0, 0, 0,                 /* crc */
+    0, 0, 0, 0                  /* uncompressed length */
+};
+
+#define BODY sizeof(log_gzbody)
+
+/* Exclusively create foo.lock in order to negotiate exclusive access to the
+   foo.* files.  If the modify time of an existing lock file is greater than
+   PATIENCE seconds in the past, then consider the lock file to have been
+   abandoned, delete it, and try the exclusive create again.  Save the lock
+   file modify time for verification of ownership.  Return 0 on success, or -1
+   on failure, usually due to an access restriction or invalid path.  Note that
+   if stat() or unlink() fails, it may be due to another process noticing the
+   abandoned lock file a smidge sooner and deleting it, so those are not
+   flagged as an error. */
+local int log_lock(struct log *log)
+{
+    int fd;
+    struct stat st;
+
+    strcpy(log->end, ".lock");
+    while ((fd = open(log->path, O_CREAT | O_EXCL, 0644)) < 0) {
+        if (errno != EEXIST)
+            return -1;
+        if (stat(log->path, &st) == 0 && time(NULL) - st.st_mtime > PATIENCE) {
+            unlink(log->path);
+            continue;
+        }
+        sleep(2);       /* relinquish the CPU for two seconds while waiting */
+    }
+    close(fd);
+    if (stat(log->path, &st) == 0)
+        log->lock = st.st_mtime;
+    return 0;
+}
+
+/* Update the modify time of the lock file to now, in order to prevent another
+   task from thinking that the lock is stale.  Save the lock file modify time
+   for verification of ownership. */
+local void log_touch(struct log *log)
+{
+    struct stat st;
+
+    strcpy(log->end, ".lock");
+    utimes(log->path, NULL);
+    if (stat(log->path, &st) == 0)
+        log->lock = st.st_mtime;
+}
+
+/* Check the log file modify time against what is expected.  Return true if
+   this is not our lock.  If it is our lock, touch it to keep it. */
+local int log_check(struct log *log)
+{
+    struct stat st;
+
+    strcpy(log->end, ".lock");
+    if (stat(log->path, &st) || st.st_mtime != log->lock)
+        return 1;
+    log_touch(log);
+    return 0;
+}
+
+/* Unlock a previously acquired lock, but only if it's ours. */
+local void log_unlock(struct log *log)
+{
+    if (log_check(log))
+        return;
+    strcpy(log->end, ".lock");
+    unlink(log->path);
+    log->lock = 0;
+}
+
+/* Check the gzip header and read in the extra field, filling in the values in
+   the log structure.  Return op on success or -1 if the gzip header was not as
+   expected.  op is the current operation in progress last written to the extra
+   field.  This assumes that the gzip file has already been opened, with the
+   file descriptor log->fd. */
+local int log_head(struct log *log)
+{
+    int op;
+    unsigned char buf[HEAD + EXTRA];
+
+    if (lseek(log->fd, 0, SEEK_SET) < 0 ||
+        read(log->fd, buf, HEAD + EXTRA) != HEAD + EXTRA ||
+        memcmp(buf, log_gzhead, HEAD)) {
+        return -1;
+    }
+    log->first = PULL8(buf + HEAD);
+    log->last = PULL8(buf + HEAD + 8);
+    log->ccrc = PULL4(buf + HEAD + 16);
+    log->clen = PULL4(buf + HEAD + 20);
+    log->tcrc = PULL4(buf + HEAD + 24);
+    log->tlen = PULL4(buf + HEAD + 28);
+    log->stored = PULL2(buf + HEAD + 32);
+    log->back = 3 + (buf[HEAD + 34] & 7);
+    op = (buf[HEAD + 34] >> 3) & 3;
+    return op;
+}
+
+/* Write over the extra field contents, marking the operation as op.  Use fsync
+   to assure that the device is written to, and in the requested order.  This
+   operation, and only this operation, is assumed to be atomic in order to
+   assure that the log is recoverable in the event of an interruption at any
+   point in the process.  Return -1 if the write to foo.gz failed. */
+local int log_mark(struct log *log, int op)
+{
+    int ret;
+    unsigned char ext[EXTRA];
+
+    PUT8(ext, log->first);
+    PUT8(ext + 8, log->last);
+    PUT4(ext + 16, log->ccrc);
+    PUT4(ext + 20, log->clen);
+    PUT4(ext + 24, log->tcrc);
+    PUT4(ext + 28, log->tlen);
+    PUT2(ext + 32, log->stored);
+    ext[34] = log->back - 3 + (op << 3);
+    fsync(log->fd);
+    ret = lseek(log->fd, HEAD, SEEK_SET) < 0 ||
+          write(log->fd, ext, EXTRA) != EXTRA ? -1 : 0;
+    fsync(log->fd);
+    return ret;
+}
+
+/* Rewrite the last block header bits and subsequent zero bits to get to a byte
+   boundary, setting the last block bit if last is true, and then write the
+   remainder of the stored block header (length and one's complement).  Leave
+   the file pointer after the end of the last stored block data.  Return -1 if
+   there is a read or write failure on the foo.gz file */
+local int log_last(struct log *log, int last)
+{
+    int back, len, mask;
+    unsigned char buf[6];
+
+    /* determine the locations of the bytes and bits to modify */
+    back = log->last == log->first ? log->back : 8;
+    len = back > 8 ? 2 : 1;                 /* bytes back from log->last */
+    mask = 0x80 >> ((back - 1) & 7);        /* mask for block last-bit */
+
+    /* get the byte to modify (one or two back) into buf[0] -- don't need to
+       read the byte if the last-bit is eight bits back, since in that case
+       the entire byte will be modified */
+    buf[0] = 0;
+    if (back != 8 && (lseek(log->fd, log->last - len, SEEK_SET) < 0 ||
+                      read(log->fd, buf, 1) != 1))
+        return -1;
+
+    /* change the last-bit of the last stored block as requested -- note
+       that all bits above the last-bit are set to zero, per the type bits
+       of a stored block being 00 and per the convention that the bits to
+       bring the stream to a byte boundary are also zeros */
+    buf[1] = 0;
+    buf[2 - len] = (*buf & (mask - 1)) + (last ? mask : 0);
+
+    /* write the modified stored block header and lengths, move the file
+       pointer to after the last stored block data */
+    PUT2(buf + 2, log->stored);
+    PUT2(buf + 4, log->stored ^ 0xffff);
+    return lseek(log->fd, log->last - len, SEEK_SET) < 0 ||
+           write(log->fd, buf + 2 - len, len + 4) != len + 4 ||
+           lseek(log->fd, log->stored, SEEK_CUR) < 0 ? -1 : 0;
+}
+
+/* Append len bytes from data to the locked and open log file.  len may be zero
+   if recovering and no .add file was found.  In that case, the previous state
+   of the foo.gz file is restored.  The data is appended uncompressed in
+   deflate stored blocks.  Return -1 if there was an error reading or writing
+   the foo.gz file. */
+local int log_append(struct log *log, unsigned char *data, size_t len)
+{
+    uint put;
+    off_t end;
+    unsigned char buf[8];
+
+    /* set the last block last-bit and length, in case recovering an
+       interrupted append, then position the file pointer to append to the
+       block */
+    if (log_last(log, 1))
+        return -1;
+
+    /* append, adding stored blocks and updating the offset of the last stored
+       block as needed, and update the total crc and length */
+    while (len) {
+        /* append as much as we can to the last block */
+        put = (MAX_STORE << 10) - log->stored;
+        if (put > len)
+            put = (uint)len;
+        if (put) {
+            if (write(log->fd, data, put) != put)
+                return -1;
+            BAIL(1);
+            log->tcrc = crc32(log->tcrc, data, put);
+            log->tlen += put;
+            log->stored += put;
+            data += put;
+            len -= put;
+        }
+
+        /* if we need to, add a new empty stored block */
+        if (len) {
+            /* mark current block as not last */
+            if (log_last(log, 0))
+                return -1;
+
+            /* point to new, empty stored block */
+            log->last += 4 + log->stored + 1;
+            log->stored = 0;
+        }
+
+        /* mark last block as last, update its length */
+        if (log_last(log, 1))
+            return -1;
+        BAIL(2);
+    }
+
+    /* write the new crc and length trailer, and truncate just in case (could
+       be recovering from partial append with a missing foo.add file) */
+    PUT4(buf, log->tcrc);
+    PUT4(buf + 4, log->tlen);
+    if (write(log->fd, buf, 8) != 8 ||
+        (end = lseek(log->fd, 0, SEEK_CUR)) < 0 || ftruncate(log->fd, end))
+        return -1;
+
+    /* write the extra field, marking the log file as done, delete .add file */
+    if (log_mark(log, NO_OP))
+        return -1;
+    strcpy(log->end, ".add");
+    unlink(log->path);          /* ignore error, since may not exist */
+    return 0;
+}
+
+/* Replace the foo.dict file with the foo.temp file.  Also delete the foo.add
+   file, since the compress operation may have been interrupted before that was
+   done.  Returns 1 if memory could not be allocated, or -1 if reading or
+   writing foo.gz fails, or if the rename fails for some reason other than
+   foo.temp not existing.  foo.temp not existing is a permitted error, since
+   the replace operation may have been interrupted after the rename is done,
+   but before foo.gz is marked as complete. */
+local int log_replace(struct log *log)
+{
+    int ret;
+    char *dest;
+
+    /* delete foo.add file */
+    strcpy(log->end, ".add");
+    unlink(log->path);         /* ignore error, since may not exist */
+    BAIL(3);
+
+    /* rename foo.name to foo.dict, replacing foo.dict if it exists */
+    strcpy(log->end, ".dict");
+    dest = malloc(strlen(log->path) + 1);
+    if (dest == NULL)
+        return -2;
+    strcpy(dest, log->path);
+    strcpy(log->end, ".temp");
+    ret = rename(log->path, dest);
+    free(dest);
+    if (ret && errno != ENOENT)
+        return -1;
+    BAIL(4);
+
+    /* mark the foo.gz file as done */
+    return log_mark(log, NO_OP);
+}
+
+/* Compress the len bytes at data and append the compressed data to the
+   foo.gz deflate data immediately after the previous compressed data.  This
+   overwrites the previous uncompressed data, which was stored in foo.add
+   and is the data provided in data[0..len-1].  If this operation is
+   interrupted, it picks up at the start of this routine, with the foo.add
+   file read in again.  If there is no data to compress (len == 0), then we
+   simply terminate the foo.gz file after the previously compressed data,
+   appending a final empty stored block and the gzip trailer.  Return -1 if
+   reading or writing the log.gz file failed, or -2 if there was a memory
+   allocation failure. */
+local int log_compress(struct log *log, unsigned char *data, size_t len)
+{
+    int fd;
+    uint got, max;
+    ssize_t dict;
+    off_t end;
+    z_stream strm;
+    unsigned char buf[DICT];
+
+    /* compress and append compressed data */
+    if (len) {
+        /* set up for deflate, allocating memory */
+        strm.zalloc = Z_NULL;
+        strm.zfree = Z_NULL;
+        strm.opaque = Z_NULL;
+        if (deflateInit2(&strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -15, 8,
+                         Z_DEFAULT_STRATEGY) != Z_OK)
+            return -2;
+
+        /* read in dictionary (last 32K of data that was compressed) */
+        strcpy(log->end, ".dict");
+        fd = open(log->path, O_RDONLY, 0);
+        if (fd >= 0) {
+            dict = read(fd, buf, DICT);
+            close(fd);
+            if (dict < 0) {
+                deflateEnd(&strm);
+                return -1;
+            }
+            if (dict)
+                deflateSetDictionary(&strm, buf, (uint)dict);
+        }
+        log_touch(log);
+
+        /* prime deflate with last bits of previous block, position write
+           pointer to write those bits and overwrite what follows */
+        if (lseek(log->fd, log->first - (log->back > 8 ? 2 : 1),
+                SEEK_SET) < 0 ||
+            read(log->fd, buf, 1) != 1 || lseek(log->fd, -1, SEEK_CUR) < 0) {
+            deflateEnd(&strm);
+            return -1;
+        }
+        deflatePrime(&strm, (8 - log->back) & 7, *buf);
+
+        /* compress, finishing with a partial non-last empty static block */
+        strm.next_in = data;
+        max = (((uint)0 - 1) >> 1) + 1; /* in case int smaller than size_t */
+        do {
+            strm.avail_in = len > max ? max : (uint)len;
+            len -= strm.avail_in;
+            do {
+                strm.avail_out = DICT;
+                strm.next_out = buf;
+                deflate(&strm, len ? Z_NO_FLUSH : Z_PARTIAL_FLUSH);
+                got = DICT - strm.avail_out;
+                if (got && write(log->fd, buf, got) != got) {
+                    deflateEnd(&strm);
+                    return -1;
+                }
+                log_touch(log);
+            } while (strm.avail_out == 0);
+        } while (len);
+        deflateEnd(&strm);
+        BAIL(5);
+
+        /* find start of empty static block -- scanning backwards the first one
+           bit is the second bit of the block, if the last byte is zero, then
+           we know the byte before that has a one in the top bit, since an
+           empty static block is ten bits long */
+        if ((log->first = lseek(log->fd, -1, SEEK_CUR)) < 0 ||
+            read(log->fd, buf, 1) != 1)
+            return -1;
+        log->first++;
+        if (*buf) {
+            log->back = 1;
+            while ((*buf & ((uint)1 << (8 - log->back++))) == 0)
+                ;       /* guaranteed to terminate, since *buf != 0 */
+        }
+        else
+            log->back = 10;
+
+        /* update compressed crc and length */
+        log->ccrc = log->tcrc;
+        log->clen = log->tlen;
+    }
+    else {
+        /* no data to compress -- fix up existing gzip stream */
+        log->tcrc = log->ccrc;
+        log->tlen = log->clen;
+    }
+
+    /* complete and truncate gzip stream */
+    log->last = log->first;
+    log->stored = 0;
+    PUT4(buf, log->tcrc);
+    PUT4(buf + 4, log->tlen);
+    if (log_last(log, 1) || write(log->fd, buf, 8) != 8 ||
+        (end = lseek(log->fd, 0, SEEK_CUR)) < 0 || ftruncate(log->fd, end))
+        return -1;
+    BAIL(6);
+
+    /* mark as being in the replace operation */
+    if (log_mark(log, REPLACE_OP))
+        return -1;
+
+    /* execute the replace operation and mark the file as done */
+    return log_replace(log);
+}
+
+/* log a repair record to the .repairs file */
+local void log_log(struct log *log, int op, char *record)
+{
+    time_t now;
+    FILE *rec;
+
+    now = time(NULL);
+    strcpy(log->end, ".repairs");
+    rec = fopen(log->path, "a");
+    if (rec == NULL)
+        return;
+    fprintf(rec, "%.24s %s recovery: %s\n", ctime(&now), op == APPEND_OP ?
+            "append" : (op == COMPRESS_OP ? "compress" : "replace"), record);
+    fclose(rec);
+    return;
+}
+
+/* Recover the interrupted operation op.  First read foo.add for recovering an
+   append or compress operation.  Return -1 if there was an error reading or
+   writing foo.gz or reading an existing foo.add, or -2 if there was a memory
+   allocation failure. */
+local int log_recover(struct log *log, int op)
+{
+    int fd, ret = 0;
+    unsigned char *data = NULL;
+    size_t len = 0;
+    struct stat st;
+
+    /* log recovery */
+    log_log(log, op, "start");
+
+    /* load foo.add file if expected and present */
+    if (op == APPEND_OP || op == COMPRESS_OP) {
+        strcpy(log->end, ".add");
+        if (stat(log->path, &st) == 0 && st.st_size) {
+            len = (size_t)(st.st_size);
+            if ((off_t)len != st.st_size ||
+                    (data = malloc(st.st_size)) == NULL) {
+                log_log(log, op, "allocation failure");
+                return -2;
+            }
+            if ((fd = open(log->path, O_RDONLY, 0)) < 0) {
+                free(data);
+                log_log(log, op, ".add file read failure");
+                return -1;
+            }
+            ret = (size_t)read(fd, data, len) != len;
+            close(fd);
+            if (ret) {
+                free(data);
+                log_log(log, op, ".add file read failure");
+                return -1;
+            }
+            log_log(log, op, "loaded .add file");
+        }
+        else
+            log_log(log, op, "missing .add file!");
+    }
+
+    /* recover the interrupted operation */
+    switch (op) {
+    case APPEND_OP:
+        ret = log_append(log, data, len);
+        break;
+    case COMPRESS_OP:
+        ret = log_compress(log, data, len);
+        break;
+    case REPLACE_OP:
+        ret = log_replace(log);
+    }
+
+    /* log status */
+    log_log(log, op, ret ? "failure" : "complete");
+
+    /* clean up */
+    if (data != NULL)
+        free(data);
+    return ret;
+}
+
+/* Close the foo.gz file (if open) and release the lock. */
+local void log_close(struct log *log)
+{
+    if (log->fd >= 0)
+        close(log->fd);
+    log->fd = -1;
+    log_unlock(log);
+}
+
+/* Open foo.gz, verify the header, and load the extra field contents, after
+   first creating the foo.lock file to gain exclusive access to the foo.*
+   files.  If foo.gz does not exist or is empty, then write the initial header,
+   extra, and body content of an empty foo.gz log file.  If there is an error
+   creating the lock file due to access restrictions, or an error reading or
+   writing the foo.gz file, or if the foo.gz file is not a proper log file for
+   this object (e.g. not a gzip file or does not contain the expected extra
+   field), then return true.  If there is an error, the lock is released.
+   Otherwise, the lock is left in place. */
+local int log_open(struct log *log)
+{
+    int op;
+
+    /* release open file resource if left over -- can occur if lock lost
+       between gzlog_open() and gzlog_write() */
+    if (log->fd >= 0)
+        close(log->fd);
+    log->fd = -1;
+
+    /* negotiate exclusive access */
+    if (log_lock(log) < 0)
+        return -1;
+
+    /* open the log file, foo.gz */
+    strcpy(log->end, ".gz");
+    log->fd = open(log->path, O_RDWR | O_CREAT, 0644);
+    if (log->fd < 0) {
+        log_close(log);
+        return -1;
+    }
+
+    /* if new, initialize foo.gz with an empty log, delete old dictionary */
+    if (lseek(log->fd, 0, SEEK_END) == 0) {
+        if (write(log->fd, log_gzhead, HEAD) != HEAD ||
+            write(log->fd, log_gzext, EXTRA) != EXTRA ||
+            write(log->fd, log_gzbody, BODY) != BODY) {
+            log_close(log);
+            return -1;
+        }
+        strcpy(log->end, ".dict");
+        unlink(log->path);
+    }
+
+    /* verify log file and load extra field information */
+    if ((op = log_head(log)) < 0) {
+        log_close(log);
+        return -1;
+    }
+
+    /* check for interrupted process and if so, recover */
+    if (op != NO_OP && log_recover(log, op)) {
+        log_close(log);
+        return -1;
+    }
+
+    /* touch the lock file to prevent another process from grabbing it */
+    log_touch(log);
+    return 0;
+}
+
+/* See gzlog.h for the description of the external methods below */
+gzlog *gzlog_open(char *path)
+{
+    size_t n;
+    struct log *log;
+
+    /* check arguments */
+    if (path == NULL || *path == 0)
+        return NULL;
+
+    /* allocate and initialize log structure */
+    log = malloc(sizeof(struct log));
+    if (log == NULL)
+        return NULL;
+    strcpy(log->id, LOGID);
+    log->fd = -1;
+
+    /* save path and end of path for name construction */
+    n = strlen(path);
+    log->path = malloc(n + 9);              /* allow for ".repairs" */
+    if (log->path == NULL) {
+        free(log);
+        return NULL;
+    }
+    strcpy(log->path, path);
+    log->end = log->path + n;
+
+    /* gain exclusive access and verify log file -- may perform a
+       recovery operation if needed */
+    if (log_open(log)) {
+        free(log->path);
+        free(log);
+        return NULL;
+    }
+
+    /* return pointer to log structure */
+    return log;
+}
+
+/* gzlog_compress() return values:
+    0: all good
+   -1: file i/o error (usually access issue)
+   -2: memory allocation failure
+   -3: invalid log pointer argument */
+int gzlog_compress(gzlog *logd)
+{
+    int fd, ret;
+    uint block;
+    size_t len, next;
+    unsigned char *data, buf[5];
+    struct log *log = logd;
+
+    /* check arguments */
+    if (log == NULL || strcmp(log->id, LOGID))
+        return -3;
+
+    /* see if we lost the lock -- if so get it again and reload the extra
+       field information (it probably changed), recover last operation if
+       necessary */
+    if (log_check(log) && log_open(log))
+        return -1;
+
+    /* create space for uncompressed data */
+    len = ((size_t)(log->last - log->first) & ~(((size_t)1 << 10) - 1)) +
+          log->stored;
+    if ((data = malloc(len)) == NULL)
+        return -2;
+
+    /* do statement here is just a cheap trick for error handling */
+    do {
+        /* read in the uncompressed data */
+        if (lseek(log->fd, log->first - 1, SEEK_SET) < 0)
+            break;
+        next = 0;
+        while (next < len) {
+            if (read(log->fd, buf, 5) != 5)
+                break;
+            block = PULL2(buf + 1);
+            if (next + block > len ||
+                read(log->fd, (char *)data + next, block) != block)
+                break;
+            next += block;
+        }
+        if (lseek(log->fd, 0, SEEK_CUR) != log->last + 4 + log->stored)
+            break;
+        log_touch(log);
+
+        /* write the uncompressed data to the .add file */
+        strcpy(log->end, ".add");
+        fd = open(log->path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        if (fd < 0)
+            break;
+        ret = (size_t)write(fd, data, len) != len;
+        if (ret | close(fd))
+            break;
+        log_touch(log);
+
+        /* write the dictionary for the next compress to the .temp file */
+        strcpy(log->end, ".temp");
+        fd = open(log->path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+        if (fd < 0)
+            break;
+        next = DICT > len ? len : DICT;
+        ret = (size_t)write(fd, (char *)data + len - next, next) != next;
+        if (ret | close(fd))
+            break;
+        log_touch(log);
+
+        /* roll back to compressed data, mark the compress in progress */
+        log->last = log->first;
+        log->stored = 0;
+        if (log_mark(log, COMPRESS_OP))
+            break;
+        BAIL(7);
+
+        /* compress and append the data (clears mark) */
+        ret = log_compress(log, data, len);
+        free(data);
+        return ret;
+    } while (0);
+
+    /* broke out of do above on i/o error */
+    free(data);
+    return -1;
+}
+
+/* gzlog_write() return values:
+    0: all good
+   -1: file i/o error (usually access issue)
+   -2: memory allocation failure
+   -3: invalid log pointer argument */
+int gzlog_write(gzlog *logd, void *data, size_t len)
+{
+    int fd, ret;
+    struct log *log = logd;
+
+    /* check arguments */
+    if (log == NULL || strcmp(log->id, LOGID))
+        return -3;
+    if (data == NULL || len <= 0)
+        return 0;
+
+    /* see if we lost the lock -- if so get it again and reload the extra
+       field information (it probably changed), recover last operation if
+       necessary */
+    if (log_check(log) && log_open(log))
+        return -1;
+
+    /* create and write .add file */
+    strcpy(log->end, ".add");
+    fd = open(log->path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+    if (fd < 0)
+        return -1;
+    ret = (size_t)write(fd, data, len) != len;
+    if (ret | close(fd))
+        return -1;
+    log_touch(log);
+
+    /* mark log file with append in progress */
+    if (log_mark(log, APPEND_OP))
+        return -1;
+    BAIL(8);
+
+    /* append data (clears mark) */
+    if (log_append(log, data, len))
+        return -1;
+
+    /* check to see if it's time to compress -- if not, then done */
+    if (((log->last - log->first) >> 10) + (log->stored >> 10) < TRIGGER)
+        return 0;
+
+    /* time to compress */
+    return gzlog_compress(log);
+}
+
+/* gzlog_close() return values:
+    0: ok
+   -3: invalid log pointer argument */
+int gzlog_close(gzlog *logd)
+{
+    struct log *log = logd;
+
+    /* check arguments */
+    if (log == NULL || strcmp(log->id, LOGID))
+        return -3;
+
+    /* close the log file and release the lock */
+    log_close(log);
+
+    /* free structure and return */
+    if (log->path != NULL)
+        free(log->path);
+    strcpy(log->id, "bad");
+    free(log);
+    return 0;
+}
diff --git a/zlib-1.3.1/examples/gzlog.h b/zlib-1.3.1/examples/gzlog.h
new file mode 100644
index 00000000..4f051095
--- /dev/null
+++ b/zlib-1.3.1/examples/gzlog.h
@@ -0,0 +1,91 @@
+/* gzlog.h
+  Copyright (C) 2004, 2008, 2012 Mark Adler, all rights reserved
+  version 2.2, 14 Aug 2012
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the author be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Mark Adler    madler@alumni.caltech.edu
+ */
+
+/* Version History:
+   1.0  26 Nov 2004  First version
+   2.0  25 Apr 2008  Complete redesign for recovery of interrupted operations
+                     Interface changed slightly in that now path is a prefix
+                     Compression now occurs as needed during gzlog_write()
+                     gzlog_write() now always leaves the log file as valid gzip
+   2.1   8 Jul 2012  Fix argument checks in gzlog_compress() and gzlog_write()
+   2.2  14 Aug 2012  Clean up signed comparisons
+ */
+
+/*
+   The gzlog object allows writing short messages to a gzipped log file,
+   opening the log file locked for small bursts, and then closing it.  The log
+   object works by appending stored (uncompressed) data to the gzip file until
+   1 MB has been accumulated.  At that time, the stored data is compressed, and
+   replaces the uncompressed data in the file.  The log file is truncated to
+   its new size at that time.  After each write operation, the log file is a
+   valid gzip file that can decompressed to recover what was written.
+
+   The gzlog operations can be interrupted at any point due to an application or
+   system crash, and the log file will be recovered the next time the log is
+   opened with gzlog_open().
+ */
+
+#ifndef GZLOG_H
+#define GZLOG_H
+
+/* gzlog object type */
+typedef void gzlog;
+
+/* Open a gzlog object, creating the log file if it does not exist.  Return
+   NULL on error.  Note that gzlog_open() could take a while to complete if it
+   has to wait to verify that a lock is stale (possibly for five minutes), or
+   if there is significant contention with other instantiations of this object
+   when locking the resource.  path is the prefix of the file names created by
+   this object.  If path is "foo", then the log file will be "foo.gz", and
+   other auxiliary files will be created and destroyed during the process:
+   "foo.dict" for a compression dictionary, "foo.temp" for a temporary (next)
+   dictionary, "foo.add" for data being added or compressed, "foo.lock" for the
+   lock file, and "foo.repairs" to log recovery operations performed due to
+   interrupted gzlog operations.  A gzlog_open() followed by a gzlog_close()
+   will recover a previously interrupted operation, if any. */
+gzlog *gzlog_open(char *path);
+
+/* Write to a gzlog object.  Return zero on success, -1 if there is a file i/o
+   error on any of the gzlog files (this should not happen if gzlog_open()
+   succeeded, unless the device has run out of space or leftover auxiliary
+   files have permissions or ownership that prevent their use), -2 if there is
+   a memory allocation failure, or -3 if the log argument is invalid (e.g. if
+   it was not created by gzlog_open()).  This function will write data to the
+   file uncompressed, until 1 MB has been accumulated, at which time that data
+   will be compressed.  The log file will be a valid gzip file upon successful
+   return. */
+int gzlog_write(gzlog *log, void *data, size_t len);
+
+/* Force compression of any uncompressed data in the log.  This should be used
+   sparingly, if at all.  The main application would be when a log file will
+   not be appended to again.  If this is used to compress frequently while
+   appending, it will both significantly increase the execution time and
+   reduce the compression ratio.  The return codes are the same as for
+   gzlog_write(). */
+int gzlog_compress(gzlog *log);
+
+/* Close a gzlog object.  Return zero on success, -3 if the log argument is
+   invalid.  The log object is freed, and so cannot be referenced again. */
+int gzlog_close(gzlog *log);
+
+#endif
diff --git a/zlib-1.3.1/examples/gznorm.c b/zlib-1.3.1/examples/gznorm.c
new file mode 100644
index 00000000..68e0a0f2
--- /dev/null
+++ b/zlib-1.3.1/examples/gznorm.c
@@ -0,0 +1,470 @@
+/* gznorm.c -- normalize a gzip stream
+ * Copyright (C) 2018 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ * Version 1.0  7 Oct 2018  Mark Adler */
+
+// gznorm takes a gzip stream, potentially containing multiple members, and
+// converts it to a gzip stream with a single member. In addition the gzip
+// header is normalized, removing the file name and time stamp, and setting the
+// other header contents (XFL, OS) to fixed values. gznorm does not recompress
+// the data, so it is fast, but no advantage is gained from the history that
+// could be available across member boundaries.
+
+#include <stdio.h>      // fread, fwrite, putc, fflush, ferror, fprintf,
+                        // vsnprintf, stdout, stderr, NULL, FILE
+#include <stdlib.h>     // malloc, free
+#include <string.h>     // strerror
+#include <errno.h>      // errno
+#include <stdarg.h>     // va_list, va_start, va_end
+#include "zlib.h"       // inflateInit2, inflate, inflateReset, inflateEnd,
+                        // z_stream, z_off_t, crc32_combine, Z_NULL, Z_BLOCK,
+                        // Z_OK, Z_STREAM_END, Z_BUF_ERROR, Z_DATA_ERROR,
+                        // Z_MEM_ERROR
+
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include <fcntl.h>
+#  include <io.h>
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+
+#define local static
+
+// printf to an allocated string. Return the string, or NULL if the printf or
+// allocation fails.
+local char *aprintf(char *fmt, ...) {
+    // Get the length of the result of the printf.
+    va_list args;
+    va_start(args, fmt);
+    int len = vsnprintf(NULL, 0, fmt, args);
+    va_end(args);
+    if (len < 0)
+        return NULL;
+
+    // Allocate the required space and printf to it.
+    char *str = malloc(len + 1);
+    if (str == NULL)
+        return NULL;
+    va_start(args, fmt);
+    vsnprintf(str, len + 1, fmt, args);
+    va_end(args);
+    return str;
+}
+
+// Return with an error, putting an allocated error message in *err. Doing an
+// inflateEnd() on an already ended state, or one with state set to Z_NULL, is
+// permitted.
+#define BYE(...) \
+    do { \
+        inflateEnd(&strm); \
+        *err = aprintf(__VA_ARGS__); \
+        return 1; \
+    } while (0)
+
+// Chunk size for buffered reads and for decompression. Twice this many bytes
+// will be allocated on the stack by gzip_normalize(). Must fit in an unsigned.
+#define CHUNK 16384
+
+// Read a gzip stream from in and write an equivalent normalized gzip stream to
+// out. If given no input, an empty gzip stream will be written. If successful,
+// 0 is returned, and *err is set to NULL. On error, 1 is returned, where the
+// details of the error are returned in *err, a pointer to an allocated string.
+//
+// The input may be a stream with multiple gzip members, which is converted to
+// a single gzip member on the output. Each gzip member is decompressed at the
+// level of deflate blocks. This enables clearing the last-block bit, shifting
+// the compressed data to concatenate to the previous member's compressed data,
+// which can end at an arbitrary bit boundary, and identifying stored blocks in
+// order to resynchronize those to byte boundaries. The deflate compressed data
+// is terminated with a 10-bit empty fixed block. If any members on the input
+// end with a 10-bit empty fixed block, then that block is excised from the
+// stream. This avoids appending empty fixed blocks for every normalization,
+// and assures that gzip_normalize applied a second time will not change the
+// input. The pad bits after stored block headers and after the final deflate
+// block are all forced to zeros.
+local int gzip_normalize(FILE *in, FILE *out, char **err) {
+    // initialize the inflate engine to process a gzip member
+    z_stream strm;
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    if (inflateInit2(&strm, 15 + 16) != Z_OK)
+        BYE("out of memory");
+
+    // State while processing the input gzip stream.
+    enum {              // BETWEEN -> HEAD -> BLOCK -> TAIL -> BETWEEN -> ...
+        BETWEEN,        // between gzip members (must end in this state)
+        HEAD,           // reading a gzip header
+        BLOCK,          // reading deflate blocks
+        TAIL            // reading a gzip trailer
+    } state = BETWEEN;              // current component being processed
+    unsigned long crc = 0;          // accumulated CRC of uncompressed data
+    unsigned long len = 0;          // accumulated length of uncompressed data
+    unsigned long buf = 0;          // deflate stream bit buffer of num bits
+    int num = 0;                    // number of bits in buf (at bottom)
+
+    // Write a canonical gzip header (no mod time, file name, comment, extra
+    // block, or extra flags, and OS is marked as unknown).
+    fwrite("\x1f\x8b\x08\0\0\0\0\0\0\xff", 1, 10, out);
+
+    // Process the gzip stream from in until reaching the end of the input,
+    // encountering invalid input, or experiencing an i/o error.
+    int more;                       // true if not at the end of the input
+    do {
+        // State inside this loop.
+        unsigned char *put;         // next input buffer location to process
+        int prev;                   // number of bits from previous block in
+                                    // the bit buffer, or -1 if not at the
+                                    // start of a block
+        unsigned long long memb;    // uncompressed length of member
+        size_t tail;                // number of trailer bytes read (0..8)
+        unsigned long part;         // accumulated trailer component
+
+        // Get the next chunk of input from in.
+        unsigned char dat[CHUNK];
+        strm.avail_in = fread(dat, 1, CHUNK, in);
+        if (strm.avail_in == 0)
+            break;
+        more = strm.avail_in == CHUNK;
+        strm.next_in = put = dat;
+
+        // Run that chunk of input through the inflate engine to exhaustion.
+        do {
+            // At this point it is assured that strm.avail_in > 0.
+
+            // Inflate until the end of a gzip component (header, deflate
+            // block, trailer) is reached, or until all of the chunk is
+            // consumed. The resulting decompressed data is discarded, though
+            // the total size of the decompressed data in each member is
+            // tracked, for the calculation of the total CRC.
+            do {
+                // inflate and handle any errors
+                unsigned char scrap[CHUNK];
+                strm.avail_out = CHUNK;
+                strm.next_out = scrap;
+                int ret = inflate(&strm, Z_BLOCK);
+                if (ret == Z_MEM_ERROR)
+                    BYE("out of memory");
+                if (ret == Z_DATA_ERROR)
+                    BYE("input invalid: %s", strm.msg);
+                if (ret != Z_OK && ret != Z_BUF_ERROR && ret != Z_STREAM_END)
+                    BYE("internal error");
+
+                // Update the number of uncompressed bytes generated in this
+                // member. The actual count (not modulo 2^32) is required to
+                // correctly compute the total CRC.
+                unsigned got = CHUNK - strm.avail_out;
+                memb += got;
+                if (memb < got)
+                    BYE("overflow error");
+
+                // Continue to process this chunk until it is consumed, or
+                // until the end of a component (header, deflate block, or
+                // trailer) is reached.
+            } while (strm.avail_out == 0 && (strm.data_type & 0x80) == 0);
+
+            // Since strm.avail_in was > 0 for the inflate call, some input was
+            // just consumed. It is therefore assured that put < strm.next_in.
+
+            // Disposition the consumed component or part of a component.
+            switch (state) {
+                case BETWEEN:
+                    state = HEAD;
+                    // Fall through to HEAD when some or all of the header is
+                    // processed.
+
+                case HEAD:
+                    // Discard the header.
+                    if (strm.data_type & 0x80) {
+                        // End of header reached -- deflate blocks follow.
+                        put = strm.next_in;
+                        prev = num;
+                        memb = 0;
+                        state = BLOCK;
+                    }
+                    break;
+
+                case BLOCK:
+                    // Copy the deflate stream to the output, but with the
+                    // last-block-bit cleared. Re-synchronize stored block
+                    // headers to the output byte boundaries. The bytes at
+                    // put..strm.next_in-1 is the compressed data that has been
+                    // processed and is ready to be copied to the output.
+
+                    // At this point, it is assured that new compressed data is
+                    // available, i.e., put < strm.next_in. If prev is -1, then
+                    // that compressed data starts in the middle of a deflate
+                    // block. If prev is not -1, then the bits in the bit
+                    // buffer, possibly combined with the bits in *put, contain
+                    // the three-bit header of the new deflate block. In that
+                    // case, prev is the number of bits from the previous block
+                    // that remain in the bit buffer. Since num is the number
+                    // of bits in the bit buffer, we have that num - prev is
+                    // the number of bits from the new block currently in the
+                    // bit buffer.
+
+                    // If strm.data_type & 0xc0 is 0x80, then the last byte of
+                    // the available compressed data includes the last bits of
+                    // the end of a deflate block. In that case, that last byte
+                    // also has strm.data_type & 0x1f bits of the next deflate
+                    // block, in the range 0..7. If strm.data_type & 0xc0 is
+                    // 0xc0, then the last byte of the compressed data is the
+                    // end of the deflate stream, followed by strm.data_type &
+                    // 0x1f pad bits, also in the range 0..7.
+
+                    // Set bits to the number of bits not yet consumed from the
+                    // last byte. If we are at the end of the block, bits is
+                    // either the number of bits in the last byte belonging to
+                    // the next block, or the number of pad bits after the
+                    // final block. In either of those cases, bits is in the
+                    // range 0..7.
+                    ;                   // (required due to C syntax oddity)
+                    int bits = strm.data_type & 0x1f;
+
+                    if (prev != -1) {
+                        // We are at the start of a new block. Clear the last
+                        // block bit, and check for special cases. If it is a
+                        // stored block, then emit the header and pad to the
+                        // next byte boundary. If it is a final, empty fixed
+                        // block, then excise it.
+
+                        // Some or all of the three header bits for this block
+                        // may already be in the bit buffer. Load any remaining
+                        // header bits into the bit buffer.
+                        if (num - prev < 3) {
+                            buf += (unsigned long)*put++ << num;
+                            num += 8;
+                        }
+
+                        // Set last to have a 1 in the position of the last
+                        // block bit in the bit buffer.
+                        unsigned long last = (unsigned long)1 << prev;
+
+                        if (((buf >> prev) & 7) == 3) {
+                            // This is a final fixed block. Load at least ten
+                            // bits from this block, including the header, into
+                            // the bit buffer. We already have at least three,
+                            // so at most one more byte needs to be loaded.
+                            if (num - prev < 10) {
+                                if (put == strm.next_in)
+                                    // Need to go get and process more input.
+                                    // We'll end up back here to finish this.
+                                    break;
+                                buf += (unsigned long)*put++ << num;
+                                num += 8;
+                            }
+                            if (((buf >> prev) & 0x3ff) == 3) {
+                                // That final fixed block is empty. Delete it
+                                // to avoid adding an empty block every time a
+                                // gzip stream is normalized.
+                                num = prev;
+                                buf &= last - 1;    // zero the pad bits
+                            }
+                        }
+                        else if (((buf >> prev) & 6) == 0) {
+                            // This is a stored block. Flush to the next
+                            // byte boundary after the three-bit header.
+                            num = (prev + 10) & ~7;
+                            buf &= last - 1;        // zero the pad bits
+                        }
+
+                        // Clear the last block bit.
+                        buf &= ~last;
+
+                        // Write out complete bytes in the bit buffer.
+                        while (num >= 8) {
+                            putc(buf, out);
+                            buf >>= 8;
+                            num -= 8;
+                        }
+
+                        // If no more bytes left to process, then we have
+                        // consumed the byte that had bits from the next block.
+                        if (put == strm.next_in)
+                            bits = 0;
+                    }
+
+                    // We are done handling the deflate block header. Now copy
+                    // all or almost all of the remaining compressed data that
+                    // has been processed so far. Don't copy one byte at the
+                    // end if it contains bits from the next deflate block or
+                    // pad bits at the end of a deflate block.
+
+                    // mix is 1 if we are at the end of a deflate block, and if
+                    // some of the bits in the last byte follow this block. mix
+                    // is 0 if we are in the middle of a deflate block, if the
+                    // deflate block ended on a byte boundary, or if all of the
+                    // compressed data processed so far has been consumed.
+                    int mix = (strm.data_type & 0x80) && bits;
+
+                    // Copy all of the processed compressed data to the output,
+                    // except for the last byte if it contains bits from the
+                    // next deflate block or pad bits at the end of the deflate
+                    // stream. Copy the data after shifting in num bits from
+                    // buf in front of it, leaving num bits from the end of the
+                    // compressed data in buf when done.
+                    unsigned char *end = strm.next_in - mix;
+                    if (put < end) {
+                        if (num)
+                            // Insert num bits from buf before the data being
+                            // copied.
+                            do {
+                                buf += (unsigned)(*put++) << num;
+                                putc(buf, out);
+                                buf >>= 8;
+                            } while (put < end);
+                        else {
+                            // No shifting needed -- write directly.
+                            fwrite(put, 1, end - put, out);
+                            put = end;
+                        }
+                    }
+
+                    // Process the last processed byte if it wasn't written.
+                    if (mix) {
+                        // Load the last byte into the bit buffer.
+                        buf += (unsigned)(*put++) << num;
+                        num += 8;
+
+                        if (strm.data_type & 0x40) {
+                            // We are at the end of the deflate stream and
+                            // there are bits pad bits. Discard the pad bits
+                            // and write a byte to the output, if available.
+                            // Leave the num bits left over in buf to prepend
+                            // to the next deflate stream.
+                            num -= bits;
+                            if (num >= 8) {
+                                putc(buf, out);
+                                num -= 8;
+                                buf >>= 8;
+                            }
+
+                            // Force the pad bits in the bit buffer to zeros.
+                            buf &= ((unsigned long)1 << num) - 1;
+
+                            // Don't need to set prev here since going to TAIL.
+                        }
+                        else
+                            // At the end of an internal deflate block. Leave
+                            // the last byte in the bit buffer to examine on
+                            // the next entry to BLOCK, when more bits from the
+                            // next block will be available.
+                            prev = num - bits;      // number of bits in buffer
+                                                    // from current block
+                    }
+
+                    // Don't have a byte left over, so we are in the middle of
+                    // a deflate block, or the deflate block ended on a byte
+                    // boundary. Set prev appropriately for the next entry into
+                    // BLOCK.
+                    else if (strm.data_type & 0x80)
+                        // The block ended on a byte boundary, so no header
+                        // bits are in the bit buffer.
+                        prev = num;
+                    else
+                        // In the middle of a deflate block, so no header here.
+                        prev = -1;
+
+                    // Check for the end of the deflate stream.
+                    if ((strm.data_type & 0xc0) == 0xc0) {
+                        // That ends the deflate stream on the input side, the
+                        // pad bits were discarded, and any remaining bits from
+                        // the last block in the stream are saved in the bit
+                        // buffer to prepend to the next stream. Process the
+                        // gzip trailer next.
+                        tail = 0;
+                        part = 0;
+                        state = TAIL;
+                    }
+                    break;
+
+                case TAIL:
+                    // Accumulate available trailer bytes to update the total
+                    // CRC and the total uncompressed length.
+                    do {
+                        part = (part >> 8) + ((unsigned long)(*put++) << 24);
+                        tail++;
+                        if (tail == 4) {
+                            // Update the total CRC.
+                            z_off_t len2 = memb;
+                            if (len2 < 0 || (unsigned long long)len2 != memb)
+                                BYE("overflow error");
+                            crc = crc ? crc32_combine(crc, part, len2) : part;
+                            part = 0;
+                        }
+                        else if (tail == 8) {
+                            // Update the total uncompressed length. (It's ok
+                            // if this sum is done modulo 2^32.)
+                            len += part;
+
+                            // At the end of a member. Set up to inflate an
+                            // immediately following gzip member. (If we made
+                            // it this far, then the trailer was valid.)
+                            if (inflateReset(&strm) != Z_OK)
+                                BYE("internal error");
+                            state = BETWEEN;
+                            break;
+                        }
+                    } while (put < strm.next_in);
+                    break;
+            }
+
+            // Process the input buffer until completely consumed.
+        } while (strm.avail_in > 0);
+
+        // Process input until end of file, invalid input, or i/o error.
+    } while (more);
+
+    // Done with the inflate engine.
+    inflateEnd(&strm);
+
+    // Verify the validity of the input.
+    if (state != BETWEEN)
+        BYE("input invalid: incomplete gzip stream");
+
+    // Write the remaining deflate stream bits, followed by a terminating
+    // deflate fixed block.
+    buf += (unsigned long)3 << num;
+    putc(buf, out);
+    putc(buf >> 8, out);
+    if (num > 6)
+        putc(0, out);
+
+    // Write the gzip trailer, which is the CRC and the uncompressed length
+    // modulo 2^32, both in little-endian order.
+    putc(crc, out);
+    putc(crc >> 8, out);
+    putc(crc >> 16, out);
+    putc(crc >> 24, out);
+    putc(len, out);
+    putc(len >> 8, out);
+    putc(len >> 16, out);
+    putc(len >> 24, out);
+    fflush(out);
+
+    // Check for any i/o errors.
+    if (ferror(in) || ferror(out))
+        BYE("i/o error: %s", strerror(errno));
+
+    // All good!
+    *err = NULL;
+    return 0;
+}
+
+// Normalize the gzip stream on stdin, writing the result to stdout.
+int main(void) {
+    // Avoid end-of-line conversions on evil operating systems.
+    SET_BINARY_MODE(stdin);
+    SET_BINARY_MODE(stdout);
+
+    // Normalize from stdin to stdout, returning 1 on error, 0 if ok.
+    char *err;
+    int ret = gzip_normalize(stdin, stdout, &err);
+    if (ret)
+        fprintf(stderr, "gznorm error: %s\n", err);
+    free(err);
+    return ret;
+}
diff --git a/zlib-1.3.1/examples/zlib_how.html b/zlib-1.3.1/examples/zlib_how.html
new file mode 100644
index 00000000..43271b98
--- /dev/null
+++ b/zlib-1.3.1/examples/zlib_how.html
@@ -0,0 +1,549 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+  "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>zlib Usage Example</title>
+<!--  Copyright (c) 2004-2023 Mark Adler.  -->
+</head>
+<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#00A000">
+<h2 align="center"> zlib Usage Example </h2>
+We often get questions about how the <tt>deflate()</tt> and <tt>inflate()</tt> functions should be used.
+Users wonder when they should provide more input, when they should use more output,
+what to do with a <tt>Z_BUF_ERROR</tt>, how to make sure the process terminates properly, and
+so on.  So for those who have read <tt>zlib.h</tt> (a few times), and
+would like further edification, below is an annotated example in C of simple routines to compress and decompress
+from an input file to an output file using <tt>deflate()</tt> and <tt>inflate()</tt> respectively.  The
+annotations are interspersed between lines of the code.  So please read between the lines.
+We hope this helps explain some of the intricacies of <em>zlib</em>.
+<p>
+Without further ado, here is the program <a href="zpipe.c"><tt>zpipe.c</tt></a>:
+<pre><b>
+/* zpipe.c: example of proper use of zlib's inflate() and deflate()
+   Not copyrighted -- provided to the public domain
+   Version 1.4  11 December 2005  Mark Adler */
+
+/* Version history:
+   1.0  30 Oct 2004  First version
+   1.1   8 Nov 2004  Add void casting for unused return values
+                     Use switch statement for inflate() return values
+   1.2   9 Nov 2004  Add assertions to document zlib guarantees
+   1.3   6 Apr 2005  Remove incorrect assertion in inf()
+   1.4  11 Dec 2005  Add hack to avoid MSDOS end-of-line conversions
+                     Avoid some compiler warnings for input and output buffers
+ */
+</b></pre><!-- -->
+We now include the header files for the required definitions.  From
+<tt>stdio.h</tt> we use <tt>fopen()</tt>, <tt>fread()</tt>, <tt>fwrite()</tt>,
+<tt>feof()</tt>, <tt>ferror()</tt>, and <tt>fclose()</tt> for file i/o, and
+<tt>fputs()</tt> for error messages.  From <tt>string.h</tt> we use
+<tt>strcmp()</tt> for command line argument processing.
+From <tt>assert.h</tt> we use the <tt>assert()</tt> macro.
+From <tt>zlib.h</tt>
+we use the basic compression functions <tt>deflateInit()</tt>,
+<tt>deflate()</tt>, and <tt>deflateEnd()</tt>, and the basic decompression
+functions <tt>inflateInit()</tt>, <tt>inflate()</tt>, and
+<tt>inflateEnd()</tt>.
+<pre><b>
+#include &lt;stdio.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+#include "zlib.h"
+</b></pre><!-- -->
+This is an ugly hack required to avoid corruption of the input and output data on
+Windows/MS-DOS systems.  Without this, those systems would assume that the input and output
+files are text, and try to convert the end-of-line characters from one standard to
+another.  That would corrupt binary data, and in particular would render the compressed data unusable.
+This sets the input and output to binary which suppresses the end-of-line conversions.
+<tt>SET_BINARY_MODE()</tt> will be used later on <tt>stdin</tt> and <tt>stdout</tt>, at the beginning of <tt>main()</tt>.
+<pre><b>
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include &lt;fcntl.h&gt;
+#  include &lt;io.h&gt;
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+</b></pre><!-- -->
+<tt>CHUNK</tt> is simply the buffer size for feeding data to and pulling data
+from the <em>zlib</em> routines.  Larger buffer sizes would be more efficient,
+especially for <tt>inflate()</tt>.  If the memory is available, buffers sizes
+on the order of 128K or 256K bytes should be used.
+<pre><b>
+#define CHUNK 16384
+</b></pre><!-- -->
+The <tt>def()</tt> routine compresses data from an input file to an output file.  The output data
+will be in the <em>zlib</em> format, which is different from the <em>gzip</em> or <em>zip</em>
+formats.  The <em>zlib</em> format has a very small header of only two bytes to identify it as
+a <em>zlib</em> stream and to provide decoding information, and a four-byte trailer with a fast
+check value to verify the integrity of the uncompressed data after decoding.
+<pre><b>
+/* Compress from file source to file dest until EOF on source.
+   def() returns Z_OK on success, Z_MEM_ERROR if memory could not be
+   allocated for processing, Z_STREAM_ERROR if an invalid compression
+   level is supplied, Z_VERSION_ERROR if the version of zlib.h and the
+   version of the library linked do not match, or Z_ERRNO if there is
+   an error reading or writing the files. */
+int def(FILE *source, FILE *dest, int level)
+{
+</b></pre>
+Here are the local variables for <tt>def()</tt>.  <tt>ret</tt> will be used for <em>zlib</em>
+return codes.  <tt>flush</tt> will keep track of the current flushing state for <tt>deflate()</tt>,
+which is either no flushing, or flush to completion after the end of the input file is reached.
+<tt>have</tt> is the amount of data returned from <tt>deflate()</tt>.  The <tt>strm</tt> structure
+is used to pass information to and from the <em>zlib</em> routines, and to maintain the
+<tt>deflate()</tt> state.  <tt>in</tt> and <tt>out</tt> are the input and output buffers for
+<tt>deflate()</tt>.
+<pre><b>
+    int ret, flush;
+    unsigned have;
+    z_stream strm;
+    unsigned char in[CHUNK];
+    unsigned char out[CHUNK];
+</b></pre><!-- -->
+The first thing we do is to initialize the <em>zlib</em> state for compression using
+<tt>deflateInit()</tt>.  This must be done before the first use of <tt>deflate()</tt>.
+The <tt>zalloc</tt>, <tt>zfree</tt>, and <tt>opaque</tt> fields in the <tt>strm</tt>
+structure must be initialized before calling <tt>deflateInit()</tt>.  Here they are
+set to the <em>zlib</em> constant <tt>Z_NULL</tt> to request that <em>zlib</em> use
+the default memory allocation routines.  An application may also choose to provide
+custom memory allocation routines here.  <tt>deflateInit()</tt> will allocate on the
+order of 256K bytes for the internal state.
+(See <a href="zlib_tech.html"><em>zlib Technical Details</em></a>.)
+<p>
+<tt>deflateInit()</tt> is called with a pointer to the structure to be initialized and
+the compression level, which is an integer in the range of -1 to 9.  Lower compression
+levels result in faster execution, but less compression.  Higher levels result in
+greater compression, but slower execution.  The <em>zlib</em> constant Z_DEFAULT_COMPRESSION,
+equal to -1,
+provides a good compromise between compression and speed and is equivalent to level 6.
+Level 0 actually does no compression at all, and in fact expands the data slightly to produce
+the <em>zlib</em> format (it is not a byte-for-byte copy of the input).
+More advanced applications of <em>zlib</em>
+may use <tt>deflateInit2()</tt> here instead.  Such an application may want to reduce how
+much memory will be used, at some price in compression.  Or it may need to request a
+<em>gzip</em> header and trailer instead of a <em>zlib</em> header and trailer, or raw
+encoding with no header or trailer at all.
+<p>
+We must check the return value of <tt>deflateInit()</tt> against the <em>zlib</em> constant
+<tt>Z_OK</tt> to make sure that it was able to
+allocate memory for the internal state, and that the provided arguments were valid.
+<tt>deflateInit()</tt> will also check that the version of <em>zlib</em> that the <tt>zlib.h</tt>
+file came from matches the version of <em>zlib</em> actually linked with the program.  This
+is especially important for environments in which <em>zlib</em> is a shared library.
+<p>
+Note that an application can initialize multiple, independent <em>zlib</em> streams, which can
+operate in parallel.  The state information maintained in the structure allows the <em>zlib</em>
+routines to be reentrant.
+<pre><b>
+    /* allocate deflate state */
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    ret = deflateInit(&amp;strm, level);
+    if (ret != Z_OK)
+        return ret;
+</b></pre><!-- -->
+With the pleasantries out of the way, now we can get down to business.  The outer <tt>do</tt>-loop
+reads all of the input file and exits at the bottom of the loop once end-of-file is reached.
+This loop contains the only call of <tt>deflate()</tt>.  So we must make sure that all of the
+input data has been processed and that all of the output data has been generated and consumed
+before we fall out of the loop at the bottom.
+<pre><b>
+    /* compress until end of file */
+    do {
+</b></pre>
+We start off by reading data from the input file.  The number of bytes read is put directly
+into <tt>avail_in</tt>, and a pointer to those bytes is put into <tt>next_in</tt>.  We also
+check to see if end-of-file on the input has been reached using feof().
+If we are at the end of file, then <tt>flush</tt> is set to the
+<em>zlib</em> constant <tt>Z_FINISH</tt>, which is later passed to <tt>deflate()</tt> to
+indicate that this is the last chunk of input data to compress.
+If we are not yet at the end of the input, then the <em>zlib</em>
+constant <tt>Z_NO_FLUSH</tt> will be passed to <tt>deflate</tt> to indicate that we are still
+in the middle of the uncompressed data.
+<p>
+If there is an error in reading from the input file, the process is aborted with
+<tt>deflateEnd()</tt> being called to free the allocated <em>zlib</em> state before returning
+the error.  We wouldn't want a memory leak, now would we?  <tt>deflateEnd()</tt> can be called
+at any time after the state has been initialized.  Once that's done, <tt>deflateInit()</tt> (or
+<tt>deflateInit2()</tt>) would have to be called to start a new compression process.  There is
+no point here in checking the <tt>deflateEnd()</tt> return code.  The deallocation can't fail.
+<pre><b>
+        strm.avail_in = fread(in, 1, CHUNK, source);
+        if (ferror(source)) {
+            (void)deflateEnd(&amp;strm);
+            return Z_ERRNO;
+        }
+        flush = feof(source) ? Z_FINISH : Z_NO_FLUSH;
+        strm.next_in = in;
+</b></pre><!-- -->
+The inner <tt>do</tt>-loop passes our chunk of input data to <tt>deflate()</tt>, and then
+keeps calling <tt>deflate()</tt> until it is done producing output.  Once there is no more
+new output, <tt>deflate()</tt> is guaranteed to have consumed all of the input, i.e.,
+<tt>avail_in</tt> will be zero.
+<pre><b>
+        /* run deflate() on input until output buffer not full, finish
+           compression if all of source has been read in */
+        do {
+</b></pre>
+Output space is provided to <tt>deflate()</tt> by setting <tt>avail_out</tt> to the number
+of available output bytes and <tt>next_out</tt> to a pointer to that space.
+<pre><b>
+            strm.avail_out = CHUNK;
+            strm.next_out = out;
+</b></pre>
+Now we call the compression engine itself, <tt>deflate()</tt>.  It takes as many of the
+<tt>avail_in</tt> bytes at <tt>next_in</tt> as it can process, and writes as many as
+<tt>avail_out</tt> bytes to <tt>next_out</tt>.  Those counters and pointers are then
+updated past the input data consumed and the output data written.  It is the amount of
+output space available that may limit how much input is consumed.
+Hence the inner loop to make sure that
+all of the input is consumed by providing more output space each time.  Since <tt>avail_in</tt>
+and <tt>next_in</tt> are updated by <tt>deflate()</tt>, we don't have to mess with those
+between <tt>deflate()</tt> calls until it's all used up.
+<p>
+The parameters to <tt>deflate()</tt> are a pointer to the <tt>strm</tt> structure containing
+the input and output information and the internal compression engine state, and a parameter
+indicating whether and how to flush data to the output.  Normally <tt>deflate</tt> will consume
+several K bytes of input data before producing any output (except for the header), in order
+to accumulate statistics on the data for optimum compression.  It will then put out a burst of
+compressed data, and proceed to consume more input before the next burst.  Eventually,
+<tt>deflate()</tt>
+must be told to terminate the stream, complete the compression with provided input data, and
+write out the trailer check value.  <tt>deflate()</tt> will continue to compress normally as long
+as the flush parameter is <tt>Z_NO_FLUSH</tt>.  Once the <tt>Z_FINISH</tt> parameter is provided,
+<tt>deflate()</tt> will begin to complete the compressed output stream.  However depending on how
+much output space is provided, <tt>deflate()</tt> may have to be called several times until it
+has provided the complete compressed stream, even after it has consumed all of the input.  The flush
+parameter must continue to be <tt>Z_FINISH</tt> for those subsequent calls.
+<p>
+There are other values of the flush parameter that are used in more advanced applications.  You can
+force <tt>deflate()</tt> to produce a burst of output that encodes all of the input data provided
+so far, even if it wouldn't have otherwise, for example to control data latency on a link with
+compressed data.  You can also ask that <tt>deflate()</tt> do that as well as erase any history up to
+that point so that what follows can be decompressed independently, for example for random access
+applications.  Both requests will degrade compression by an amount depending on how often such
+requests are made.
+<p>
+<tt>deflate()</tt> has a return value that can indicate errors, yet we do not check it here.  Why
+not?  Well, it turns out that <tt>deflate()</tt> can do no wrong here.  Let's go through
+<tt>deflate()</tt>'s return values and dispense with them one by one.  The possible values are
+<tt>Z_OK</tt>, <tt>Z_STREAM_END</tt>, <tt>Z_STREAM_ERROR</tt>, or <tt>Z_BUF_ERROR</tt>.  <tt>Z_OK</tt>
+is, well, ok.  <tt>Z_STREAM_END</tt> is also ok and will be returned for the last call of
+<tt>deflate()</tt>.  This is already guaranteed by calling <tt>deflate()</tt> with <tt>Z_FINISH</tt>
+until it has no more output.  <tt>Z_STREAM_ERROR</tt> is only possible if the stream is not
+initialized properly, but we did initialize it properly.  There is no harm in checking for
+<tt>Z_STREAM_ERROR</tt> here, for example to check for the possibility that some
+other part of the application inadvertently clobbered the memory containing the <em>zlib</em> state.
+<tt>Z_BUF_ERROR</tt> will be explained further below, but
+suffice it to say that this is simply an indication that <tt>deflate()</tt> could not consume
+more input or produce more output.  <tt>deflate()</tt> can be called again with more output space
+or more available input, which it will be in this code.
+<pre><b>
+            ret = deflate(&amp;strm, flush);    /* no bad return value */
+            assert(ret != Z_STREAM_ERROR);  /* state not clobbered */
+</b></pre>
+Now we compute how much output <tt>deflate()</tt> provided on the last call, which is the
+difference between how much space was provided before the call, and how much output space
+is still available after the call.  Then that data, if any, is written to the output file.
+We can then reuse the output buffer for the next call of <tt>deflate()</tt>.  Again if there
+is a file i/o error, we call <tt>deflateEnd()</tt> before returning to avoid a memory leak.
+<pre><b>
+            have = CHUNK - strm.avail_out;
+            if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
+                (void)deflateEnd(&amp;strm);
+                return Z_ERRNO;
+            }
+</b></pre>
+The inner <tt>do</tt>-loop is repeated until the last <tt>deflate()</tt> call fails to fill the
+provided output buffer.  Then we know that <tt>deflate()</tt> has done as much as it can with
+the provided input, and that all of that input has been consumed.  We can then fall out of this
+loop and reuse the input buffer.
+<p>
+The way we tell that <tt>deflate()</tt> has no more output is by seeing that it did not fill
+the output buffer, leaving <tt>avail_out</tt> greater than zero.  However suppose that
+<tt>deflate()</tt> has no more output, but just so happened to exactly fill the output buffer!
+<tt>avail_out</tt> is zero, and we can't tell that <tt>deflate()</tt> has done all it can.
+As far as we know, <tt>deflate()</tt>
+has more output for us.  So we call it again.  But now <tt>deflate()</tt> produces no output
+at all, and <tt>avail_out</tt> remains unchanged as <tt>CHUNK</tt>.  That <tt>deflate()</tt> call
+wasn't able to do anything, either consume input or produce output, and so it returns
+<tt>Z_BUF_ERROR</tt>.  (See, I told you I'd cover this later.)  However this is not a problem at
+all.  Now we finally have the desired indication that <tt>deflate()</tt> is really done,
+and so we drop out of the inner loop to provide more input to <tt>deflate()</tt>.
+<p>
+With <tt>flush</tt> set to <tt>Z_FINISH</tt>, this final set of <tt>deflate()</tt> calls will
+complete the output stream.  Once that is done, subsequent calls of <tt>deflate()</tt> would return
+<tt>Z_STREAM_ERROR</tt> if the flush parameter is not <tt>Z_FINISH</tt>, and do no more processing
+until the state is reinitialized.
+<p>
+Some applications of <em>zlib</em> have two loops that call <tt>deflate()</tt>
+instead of the single inner loop we have here.  The first loop would call
+without flushing and feed all of the data to <tt>deflate()</tt>.  The second loop would call
+<tt>deflate()</tt> with no more
+data and the <tt>Z_FINISH</tt> parameter to complete the process.  As you can see from this
+example, that can be avoided by simply keeping track of the current flush state.
+<pre><b>
+        } while (strm.avail_out == 0);
+        assert(strm.avail_in == 0);     /* all input will be used */
+</b></pre><!-- -->
+Now we check to see if we have already processed all of the input file.  That information was
+saved in the <tt>flush</tt> variable, so we see if that was set to <tt>Z_FINISH</tt>.  If so,
+then we're done and we fall out of the outer loop.  We're guaranteed to get <tt>Z_STREAM_END</tt>
+from the last <tt>deflate()</tt> call, since we ran it until the last chunk of input was
+consumed and all of the output was generated.
+<pre><b>
+        /* done when last data in file processed */
+    } while (flush != Z_FINISH);
+    assert(ret == Z_STREAM_END);        /* stream will be complete */
+</b></pre><!-- -->
+The process is complete, but we still need to deallocate the state to avoid a memory leak
+(or rather more like a memory hemorrhage if you didn't do this).  Then
+finally we can return with a happy return value.
+<pre><b>
+    /* clean up and return */
+    (void)deflateEnd(&amp;strm);
+    return Z_OK;
+}
+</b></pre><!-- -->
+Now we do the same thing for decompression in the <tt>inf()</tt> routine. <tt>inf()</tt>
+decompresses what is hopefully a valid <em>zlib</em> stream from the input file and writes the
+uncompressed data to the output file.  Much of the discussion above for <tt>def()</tt>
+applies to <tt>inf()</tt> as well, so the discussion here will focus on the differences between
+the two.
+<pre><b>
+/* Decompress from file source to file dest until stream ends or EOF.
+   inf() returns Z_OK on success, Z_MEM_ERROR if memory could not be
+   allocated for processing, Z_DATA_ERROR if the deflate data is
+   invalid or incomplete, Z_VERSION_ERROR if the version of zlib.h and
+   the version of the library linked do not match, or Z_ERRNO if there
+   is an error reading or writing the files. */
+int inf(FILE *source, FILE *dest)
+{
+</b></pre>
+The local variables have the same functionality as they do for <tt>def()</tt>.  The
+only difference is that there is no <tt>flush</tt> variable, since <tt>inflate()</tt>
+can tell from the <em>zlib</em> stream itself when the stream is complete.
+<pre><b>
+    int ret;
+    unsigned have;
+    z_stream strm;
+    unsigned char in[CHUNK];
+    unsigned char out[CHUNK];
+</b></pre><!-- -->
+The initialization of the state is the same, except that there is no compression level,
+of course, and two more elements of the structure are initialized.  <tt>avail_in</tt>
+and <tt>next_in</tt> must be initialized before calling <tt>inflateInit()</tt>.  This
+is because the application has the option to provide the start of the zlib stream in
+order for <tt>inflateInit()</tt> to have access to information about the compression
+method to aid in memory allocation.  In the current implementation of <em>zlib</em>
+(up through versions 1.2.x), the method-dependent memory allocations are deferred to the first call of
+<tt>inflate()</tt> anyway.  However those fields must be initialized since later versions
+of <em>zlib</em> that provide more compression methods may take advantage of this interface.
+In any case, no decompression is performed by <tt>inflateInit()</tt>, so the
+<tt>avail_out</tt> and <tt>next_out</tt> fields do not need to be initialized before calling.
+<p>
+Here <tt>avail_in</tt> is set to zero and <tt>next_in</tt> is set to <tt>Z_NULL</tt> to
+indicate that no input data is being provided.
+<pre><b>
+    /* allocate inflate state */
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit(&amp;strm);
+    if (ret != Z_OK)
+        return ret;
+</b></pre><!-- -->
+The outer <tt>do</tt>-loop decompresses input until <tt>inflate()</tt> indicates
+that it has reached the end of the compressed data and has produced all of the uncompressed
+output.  This is in contrast to <tt>def()</tt> which processes all of the input file.
+If end-of-file is reached before the compressed data self-terminates, then the compressed
+data is incomplete and an error is returned.
+<pre><b>
+    /* decompress until deflate stream ends or end of file */
+    do {
+</b></pre>
+We read input data and set the <tt>strm</tt> structure accordingly.  If we've reached the
+end of the input file, then we leave the outer loop and report an error, since the
+compressed data is incomplete.  Note that we may read more data than is eventually consumed
+by <tt>inflate()</tt>, if the input file continues past the <em>zlib</em> stream.
+For applications where <em>zlib</em> streams are embedded in other data, this routine would
+need to be modified to return the unused data, or at least indicate how much of the input
+data was not used, so the application would know where to pick up after the <em>zlib</em> stream.
+<pre><b>
+        strm.avail_in = fread(in, 1, CHUNK, source);
+        if (ferror(source)) {
+            (void)inflateEnd(&amp;strm);
+            return Z_ERRNO;
+        }
+        if (strm.avail_in == 0)
+            break;
+        strm.next_in = in;
+</b></pre><!-- -->
+The inner <tt>do</tt>-loop has the same function it did in <tt>def()</tt>, which is to
+keep calling <tt>inflate()</tt> until has generated all of the output it can with the
+provided input.
+<pre><b>
+        /* run inflate() on input until output buffer not full */
+        do {
+</b></pre>
+Just like in <tt>def()</tt>, the same output space is provided for each call of <tt>inflate()</tt>.
+<pre><b>
+            strm.avail_out = CHUNK;
+            strm.next_out = out;
+</b></pre>
+Now we run the decompression engine itself.  There is no need to adjust the flush parameter, since
+the <em>zlib</em> format is self-terminating. The main difference here is that there are
+return values that we need to pay attention to.  <tt>Z_DATA_ERROR</tt>
+indicates that <tt>inflate()</tt> detected an error in the <em>zlib</em> compressed data format,
+which means that either the data is not a <em>zlib</em> stream to begin with, or that the data was
+corrupted somewhere along the way since it was compressed.  The other error to be processed is
+<tt>Z_MEM_ERROR</tt>, which can occur since memory allocation is deferred until <tt>inflate()</tt>
+needs it, unlike <tt>deflate()</tt>, whose memory is allocated at the start by <tt>deflateInit()</tt>.
+<p>
+Advanced applications may use
+<tt>deflateSetDictionary()</tt> to prime <tt>deflate()</tt> with a set of likely data to improve the
+first 32K or so of compression.  This is noted in the <em>zlib</em> header, so <tt>inflate()</tt>
+requests that that dictionary be provided before it can start to decompress.  Without the dictionary,
+correct decompression is not possible.  For this routine, we have no idea what the dictionary is,
+so the <tt>Z_NEED_DICT</tt> indication is converted to a <tt>Z_DATA_ERROR</tt>.
+<p>
+<tt>inflate()</tt> can also return <tt>Z_STREAM_ERROR</tt>, which should not be possible here,
+but could be checked for as noted above for <tt>def()</tt>.  <tt>Z_BUF_ERROR</tt> does not need to be
+checked for here, for the same reasons noted for <tt>def()</tt>.  <tt>Z_STREAM_END</tt> will be
+checked for later.
+<pre><b>
+            ret = inflate(&amp;strm, Z_NO_FLUSH);
+            assert(ret != Z_STREAM_ERROR);  /* state not clobbered */
+            switch (ret) {
+            case Z_NEED_DICT:
+                ret = Z_DATA_ERROR;     /* and fall through */
+            case Z_DATA_ERROR:
+            case Z_MEM_ERROR:
+                (void)inflateEnd(&amp;strm);
+                return ret;
+            }
+</b></pre>
+The output of <tt>inflate()</tt> is handled identically to that of <tt>deflate()</tt>.
+<pre><b>
+            have = CHUNK - strm.avail_out;
+            if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
+                (void)inflateEnd(&amp;strm);
+                return Z_ERRNO;
+            }
+</b></pre>
+The inner <tt>do</tt>-loop ends when <tt>inflate()</tt> has no more output as indicated
+by not filling the output buffer, just as for <tt>deflate()</tt>.  In this case, we cannot
+assert that <tt>strm.avail_in</tt> will be zero, since the deflate stream may end before the file
+does.
+<pre><b>
+        } while (strm.avail_out == 0);
+</b></pre><!-- -->
+The outer <tt>do</tt>-loop ends when <tt>inflate()</tt> reports that it has reached the
+end of the input <em>zlib</em> stream, has completed the decompression and integrity
+check, and has provided all of the output.  This is indicated by the <tt>inflate()</tt>
+return value <tt>Z_STREAM_END</tt>.  The inner loop is guaranteed to leave <tt>ret</tt>
+equal to <tt>Z_STREAM_END</tt> if the last chunk of the input file read contained the end
+of the <em>zlib</em> stream.  So if the return value is not <tt>Z_STREAM_END</tt>, the
+loop continues to read more input.
+<pre><b>
+        /* done when inflate() says it's done */
+    } while (ret != Z_STREAM_END);
+</b></pre><!-- -->
+At this point, decompression successfully completed, or we broke out of the loop due to no
+more data being available from the input file.  If the last <tt>inflate()</tt> return value
+is not <tt>Z_STREAM_END</tt>, then the <em>zlib</em> stream was incomplete and a data error
+is returned.  Otherwise, we return with a happy return value.  Of course, <tt>inflateEnd()</tt>
+is called first to avoid a memory leak.
+<pre><b>
+    /* clean up and return */
+    (void)inflateEnd(&amp;strm);
+    return ret == Z_STREAM_END ? Z_OK : Z_DATA_ERROR;
+}
+</b></pre><!-- -->
+That ends the routines that directly use <em>zlib</em>.  The following routines make this
+a command-line program by running data through the above routines from <tt>stdin</tt> to
+<tt>stdout</tt>, and handling any errors reported by <tt>def()</tt> or <tt>inf()</tt>.
+<p>
+<tt>zerr()</tt> is used to interpret the possible error codes from <tt>def()</tt>
+and <tt>inf()</tt>, as detailed in their comments above, and print out an error message.
+Note that these are only a subset of the possible return values from <tt>deflate()</tt>
+and <tt>inflate()</tt>.
+<pre><b>
+/* report a zlib or i/o error */
+void zerr(int ret)
+{
+    fputs("zpipe: ", stderr);
+    switch (ret) {
+    case Z_ERRNO:
+        if (ferror(stdin))
+            fputs("error reading stdin\n", stderr);
+        if (ferror(stdout))
+            fputs("error writing stdout\n", stderr);
+        break;
+    case Z_STREAM_ERROR:
+        fputs("invalid compression level\n", stderr);
+        break;
+    case Z_DATA_ERROR:
+        fputs("invalid or incomplete deflate data\n", stderr);
+        break;
+    case Z_MEM_ERROR:
+        fputs("out of memory\n", stderr);
+        break;
+    case Z_VERSION_ERROR:
+        fputs("zlib version mismatch!\n", stderr);
+    }
+}
+</b></pre><!-- -->
+Here is the <tt>main()</tt> routine used to test <tt>def()</tt> and <tt>inf()</tt>.  The
+<tt>zpipe</tt> command is simply a compression pipe from <tt>stdin</tt> to <tt>stdout</tt>, if
+no arguments are given, or it is a decompression pipe if <tt>zpipe -d</tt> is used.  If any other
+arguments are provided, no compression or decompression is performed.  Instead a usage
+message is displayed.  Examples are <tt>zpipe < foo.txt > foo.txt.z</tt> to compress, and
+<tt>zpipe -d < foo.txt.z > foo.txt</tt> to decompress.
+<pre><b>
+/* compress or decompress from stdin to stdout */
+int main(int argc, char **argv)
+{
+    int ret;
+
+    /* avoid end-of-line conversions */
+    SET_BINARY_MODE(stdin);
+    SET_BINARY_MODE(stdout);
+
+    /* do compression if no arguments */
+    if (argc == 1) {
+        ret = def(stdin, stdout, Z_DEFAULT_COMPRESSION);
+        if (ret != Z_OK)
+            zerr(ret);
+        return ret;
+    }
+
+    /* do decompression if -d specified */
+    else if (argc == 2 &amp;&amp; strcmp(argv[1], "-d") == 0) {
+        ret = inf(stdin, stdout);
+        if (ret != Z_OK)
+            zerr(ret);
+        return ret;
+    }
+
+    /* otherwise, report usage */
+    else {
+        fputs("zpipe usage: zpipe [-d] &lt; source &gt; dest\n", stderr);
+        return 1;
+    }
+}
+</b></pre>
+<hr>
+<i>Last modified 24 January 2023<br>
+Copyright &#169; 2004-2023 Mark Adler</i><br>
+<a rel="license" href="http://creativecommons.org/licenses/by-nd/4.0/">
+<img alt="Creative Commons License" style="border-width:0"
+src="https://i.creativecommons.org/l/by-nd/4.0/88x31.png"></a>
+<a rel="license" href="http://creativecommons.org/licenses/by-nd/4.0/">
+Creative Commons Attribution-NoDerivatives 4.0 International License</a>.
+</body>
+</html>
diff --git a/zlib-1.3.1/examples/zpipe.c b/zlib-1.3.1/examples/zpipe.c
new file mode 100644
index 00000000..83535d16
--- /dev/null
+++ b/zlib-1.3.1/examples/zpipe.c
@@ -0,0 +1,205 @@
+/* zpipe.c: example of proper use of zlib's inflate() and deflate()
+   Not copyrighted -- provided to the public domain
+   Version 1.4  11 December 2005  Mark Adler */
+
+/* Version history:
+   1.0  30 Oct 2004  First version
+   1.1   8 Nov 2004  Add void casting for unused return values
+                     Use switch statement for inflate() return values
+   1.2   9 Nov 2004  Add assertions to document zlib guarantees
+   1.3   6 Apr 2005  Remove incorrect assertion in inf()
+   1.4  11 Dec 2005  Add hack to avoid MSDOS end-of-line conversions
+                     Avoid some compiler warnings for input and output buffers
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include "zlib.h"
+
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include <fcntl.h>
+#  include <io.h>
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+
+#define CHUNK 16384
+
+/* Compress from file source to file dest until EOF on source.
+   def() returns Z_OK on success, Z_MEM_ERROR if memory could not be
+   allocated for processing, Z_STREAM_ERROR if an invalid compression
+   level is supplied, Z_VERSION_ERROR if the version of zlib.h and the
+   version of the library linked do not match, or Z_ERRNO if there is
+   an error reading or writing the files. */
+int def(FILE *source, FILE *dest, int level)
+{
+    int ret, flush;
+    unsigned have;
+    z_stream strm;
+    unsigned char in[CHUNK];
+    unsigned char out[CHUNK];
+
+    /* allocate deflate state */
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    ret = deflateInit(&strm, level);
+    if (ret != Z_OK)
+        return ret;
+
+    /* compress until end of file */
+    do {
+        strm.avail_in = fread(in, 1, CHUNK, source);
+        if (ferror(source)) {
+            (void)deflateEnd(&strm);
+            return Z_ERRNO;
+        }
+        flush = feof(source) ? Z_FINISH : Z_NO_FLUSH;
+        strm.next_in = in;
+
+        /* run deflate() on input until output buffer not full, finish
+           compression if all of source has been read in */
+        do {
+            strm.avail_out = CHUNK;
+            strm.next_out = out;
+            ret = deflate(&strm, flush);    /* no bad return value */
+            assert(ret != Z_STREAM_ERROR);  /* state not clobbered */
+            have = CHUNK - strm.avail_out;
+            if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
+                (void)deflateEnd(&strm);
+                return Z_ERRNO;
+            }
+        } while (strm.avail_out == 0);
+        assert(strm.avail_in == 0);     /* all input will be used */
+
+        /* done when last data in file processed */
+    } while (flush != Z_FINISH);
+    assert(ret == Z_STREAM_END);        /* stream will be complete */
+
+    /* clean up and return */
+    (void)deflateEnd(&strm);
+    return Z_OK;
+}
+
+/* Decompress from file source to file dest until stream ends or EOF.
+   inf() returns Z_OK on success, Z_MEM_ERROR if memory could not be
+   allocated for processing, Z_DATA_ERROR if the deflate data is
+   invalid or incomplete, Z_VERSION_ERROR if the version of zlib.h and
+   the version of the library linked do not match, or Z_ERRNO if there
+   is an error reading or writing the files. */
+int inf(FILE *source, FILE *dest)
+{
+    int ret;
+    unsigned have;
+    z_stream strm;
+    unsigned char in[CHUNK];
+    unsigned char out[CHUNK];
+
+    /* allocate inflate state */
+    strm.zalloc = Z_NULL;
+    strm.zfree = Z_NULL;
+    strm.opaque = Z_NULL;
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit(&strm);
+    if (ret != Z_OK)
+        return ret;
+
+    /* decompress until deflate stream ends or end of file */
+    do {
+        strm.avail_in = fread(in, 1, CHUNK, source);
+        if (ferror(source)) {
+            (void)inflateEnd(&strm);
+            return Z_ERRNO;
+        }
+        if (strm.avail_in == 0)
+            break;
+        strm.next_in = in;
+
+        /* run inflate() on input until output buffer not full */
+        do {
+            strm.avail_out = CHUNK;
+            strm.next_out = out;
+            ret = inflate(&strm, Z_NO_FLUSH);
+            assert(ret != Z_STREAM_ERROR);  /* state not clobbered */
+            switch (ret) {
+            case Z_NEED_DICT:
+                ret = Z_DATA_ERROR;     /* and fall through */
+            case Z_DATA_ERROR:
+            case Z_MEM_ERROR:
+                (void)inflateEnd(&strm);
+                return ret;
+            }
+            have = CHUNK - strm.avail_out;
+            if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
+                (void)inflateEnd(&strm);
+                return Z_ERRNO;
+            }
+        } while (strm.avail_out == 0);
+
+        /* done when inflate() says it's done */
+    } while (ret != Z_STREAM_END);
+
+    /* clean up and return */
+    (void)inflateEnd(&strm);
+    return ret == Z_STREAM_END ? Z_OK : Z_DATA_ERROR;
+}
+
+/* report a zlib or i/o error */
+void zerr(int ret)
+{
+    fputs("zpipe: ", stderr);
+    switch (ret) {
+    case Z_ERRNO:
+        if (ferror(stdin))
+            fputs("error reading stdin\n", stderr);
+        if (ferror(stdout))
+            fputs("error writing stdout\n", stderr);
+        break;
+    case Z_STREAM_ERROR:
+        fputs("invalid compression level\n", stderr);
+        break;
+    case Z_DATA_ERROR:
+        fputs("invalid or incomplete deflate data\n", stderr);
+        break;
+    case Z_MEM_ERROR:
+        fputs("out of memory\n", stderr);
+        break;
+    case Z_VERSION_ERROR:
+        fputs("zlib version mismatch!\n", stderr);
+    }
+}
+
+/* compress or decompress from stdin to stdout */
+int main(int argc, char **argv)
+{
+    int ret;
+
+    /* avoid end-of-line conversions */
+    SET_BINARY_MODE(stdin);
+    SET_BINARY_MODE(stdout);
+
+    /* do compression if no arguments */
+    if (argc == 1) {
+        ret = def(stdin, stdout, Z_DEFAULT_COMPRESSION);
+        if (ret != Z_OK)
+            zerr(ret);
+        return ret;
+    }
+
+    /* do decompression if -d specified */
+    else if (argc == 2 && strcmp(argv[1], "-d") == 0) {
+        ret = inf(stdin, stdout);
+        if (ret != Z_OK)
+            zerr(ret);
+        return ret;
+    }
+
+    /* otherwise, report usage */
+    else {
+        fputs("zpipe usage: zpipe [-d] < source > dest\n", stderr);
+        return 1;
+    }
+}
diff --git a/zlib-1.3.1/examples/zran.c b/zlib-1.3.1/examples/zran.c
new file mode 100644
index 00000000..d3135955
--- /dev/null
+++ b/zlib-1.3.1/examples/zran.c
@@ -0,0 +1,533 @@
+/* zran.c -- example of deflate stream indexing and random access
+ * Copyright (C) 2005, 2012, 2018, 2023 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ * Version 1.4  13 Apr 2023  Mark Adler */
+
+/* Version History:
+ 1.0  29 May 2005  First version
+ 1.1  29 Sep 2012  Fix memory reallocation error
+ 1.2  14 Oct 2018  Handle gzip streams with multiple members
+                   Add a header file to facilitate usage in applications
+ 1.3  18 Feb 2023  Permit raw deflate streams as well as zlib and gzip
+                   Permit crossing gzip member boundaries when extracting
+                   Support a size_t size when extracting (was an int)
+                   Do a binary search over the index for an access point
+                   Expose the access point type to enable save and load
+ 1.4  13 Apr 2023  Add a NOPRIME define to not use inflatePrime()
+ */
+
+// Illustrate the use of Z_BLOCK, inflatePrime(), and inflateSetDictionary()
+// for random access of a compressed file. A file containing a raw deflate
+// stream is provided on the command line. The compressed stream is decoded in
+// its entirety, and an index built with access points about every SPAN bytes
+// in the uncompressed output. The compressed file is left open, and can then
+// be read randomly, having to decompress on the average SPAN/2 uncompressed
+// bytes before getting to the desired block of data.
+//
+// An access point can be created at the start of any deflate block, by saving
+// the starting file offset and bit of that block, and the 32K bytes of
+// uncompressed data that precede that block. Also the uncompressed offset of
+// that block is saved to provide a reference for locating a desired starting
+// point in the uncompressed stream. deflate_index_build() decompresses the
+// input raw deflate stream a block at a time, and at the end of each block
+// decides if enough uncompressed data has gone by to justify the creation of a
+// new access point. If so, that point is saved in a data structure that grows
+// as needed to accommodate the points.
+//
+// To use the index, an offset in the uncompressed data is provided, for which
+// the latest access point at or preceding that offset is located in the index.
+// The input file is positioned to the specified location in the index, and if
+// necessary the first few bits of the compressed data is read from the file.
+// inflate is initialized with those bits and the 32K of uncompressed data, and
+// decompression then proceeds until the desired offset in the file is reached.
+// Then decompression continues to read the requested uncompressed data from
+// the file.
+//
+// There is some fair bit of overhead to starting inflation for the random
+// access, mainly copying the 32K byte dictionary. If small pieces of the file
+// are being accessed, it would make sense to implement a cache to hold some
+// lookahead to avoid many calls to deflate_index_extract() for small lengths.
+//
+// Another way to build an index would be to use inflateCopy(). That would not
+// be constrained to have access points at block boundaries, but would require
+// more memory per access point, and could not be saved to a file due to the
+// use of pointers in the state. The approach here allows for storage of the
+// index in a file.
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include "zlib.h"
+#include "zran.h"
+
+#define WINSIZE 32768U      // sliding window size
+#define CHUNK 16384         // file input buffer size
+
+// See comments in zran.h.
+void deflate_index_free(struct deflate_index *index) {
+    if (index != NULL) {
+        free(index->list);
+        free(index);
+    }
+}
+
+// Add an access point to the list. If out of memory, deallocate the existing
+// list and return NULL. index->mode is temporarily the allocated number of
+// access points, until it is time for deflate_index_build() to return. Then
+// index->mode is set to the mode of inflation.
+static struct deflate_index *add_point(struct deflate_index *index, int bits,
+                                       off_t in, off_t out, unsigned left,
+                                       unsigned char *window) {
+    if (index == NULL) {
+        // The list is empty. Create it, starting with eight access points.
+        index = malloc(sizeof(struct deflate_index));
+        if (index == NULL)
+            return NULL;
+        index->have = 0;
+        index->mode = 8;
+        index->list = malloc(sizeof(point_t) * index->mode);
+        if (index->list == NULL) {
+            free(index);
+            return NULL;
+        }
+    }
+
+    else if (index->have == index->mode) {
+        // The list is full. Make it bigger.
+        index->mode <<= 1;
+        point_t *next = realloc(index->list, sizeof(point_t) * index->mode);
+        if (next == NULL) {
+            deflate_index_free(index);
+            return NULL;
+        }
+        index->list = next;
+    }
+
+    // Fill in the access point and increment how many we have.
+    point_t *next = (point_t *)(index->list) + index->have++;
+    if (index->have < 0) {
+        // Overflowed the int!
+        deflate_index_free(index);
+        return NULL;
+    }
+    next->out = out;
+    next->in = in;
+    next->bits = bits;
+    if (left)
+        memcpy(next->window, window + WINSIZE - left, left);
+    if (left < WINSIZE)
+        memcpy(next->window + left, window, WINSIZE - left);
+
+    // Return the index, which may have been newly allocated or destroyed.
+    return index;
+}
+
+// Decompression modes. These are the inflateInit2() windowBits parameter.
+#define RAW -15
+#define ZLIB 15
+#define GZIP 31
+
+// See comments in zran.h.
+int deflate_index_build(FILE *in, off_t span, struct deflate_index **built) {
+    // Set up inflation state.
+    z_stream strm = {0};        // inflate engine (gets fired up later)
+    unsigned char buf[CHUNK];   // input buffer
+    unsigned char win[WINSIZE] = {0};   // output sliding window
+    off_t totin = 0;            // total bytes read from input
+    off_t totout = 0;           // total bytes uncompressed
+    int mode = 0;               // mode: RAW, ZLIB, or GZIP (0 => not set yet)
+
+    // Decompress from in, generating access points along the way.
+    int ret;                    // the return value from zlib, or Z_ERRNO
+    off_t last;                 // last access point uncompressed offset
+    struct deflate_index *index = NULL;     // list of access points
+    do {
+        // Assure available input, at least until reaching EOF.
+        if (strm.avail_in == 0) {
+            strm.avail_in = fread(buf, 1, sizeof(buf), in);
+            totin += strm.avail_in;
+            strm.next_in = buf;
+            if (strm.avail_in < sizeof(buf) && ferror(in)) {
+                ret = Z_ERRNO;
+                break;
+            }
+
+            if (mode == 0) {
+                // At the start of the input -- determine the type. Assume raw
+                // if it is neither zlib nor gzip. This could in theory result
+                // in a false positive for zlib, but in practice the fill bits
+                // after a stored block are always zeros, so a raw stream won't
+                // start with an 8 in the low nybble.
+                mode = strm.avail_in == 0 ? RAW :       // empty -- will fail
+                       (strm.next_in[0] & 0xf) == 8 ? ZLIB :
+                       strm.next_in[0] == 0x1f ? GZIP :
+                       /* else */ RAW;
+                ret = inflateInit2(&strm, mode);
+                if (ret != Z_OK)
+                    break;
+            }
+        }
+
+        // Assure available output. This rotates the output through, for use as
+        // a sliding window on the uncompressed data.
+        if (strm.avail_out == 0) {
+            strm.avail_out = sizeof(win);
+            strm.next_out = win;
+        }
+
+        if (mode == RAW && index == NULL)
+            // We skip the inflate() call at the start of raw deflate data in
+            // order generate an access point there. Set data_type to imitate
+            // the end of a header.
+            strm.data_type = 0x80;
+        else {
+            // Inflate and update the number of uncompressed bytes.
+            unsigned before = strm.avail_out;
+            ret = inflate(&strm, Z_BLOCK);
+            totout += before - strm.avail_out;
+        }
+
+        if ((strm.data_type & 0xc0) == 0x80 &&
+            (index == NULL || totout - last >= span)) {
+            // We are at the end of a header or a non-last deflate block, so we
+            // can add an access point here. Furthermore, we are either at the
+            // very start for the first access point, or there has been span or
+            // more uncompressed bytes since the last access point, so we want
+            // to add an access point here.
+            index = add_point(index, strm.data_type & 7, totin - strm.avail_in,
+                              totout, strm.avail_out, win);
+            if (index == NULL) {
+                ret = Z_MEM_ERROR;
+                break;
+            }
+            last = totout;
+        }
+
+        if (ret == Z_STREAM_END && mode == GZIP &&
+            (strm.avail_in || ungetc(getc(in), in) != EOF))
+            // There is more input after the end of a gzip member. Reset the
+            // inflate state to read another gzip member. On success, this will
+            // set ret to Z_OK to continue decompressing.
+            ret = inflateReset2(&strm, GZIP);
+
+        // Keep going until Z_STREAM_END or error. If the compressed data ends
+        // prematurely without a file read error, Z_BUF_ERROR is returned.
+    } while (ret == Z_OK);
+    inflateEnd(&strm);
+
+    if (ret != Z_STREAM_END) {
+        // An error was encountered. Discard the index and return a negative
+        // error code.
+        deflate_index_free(index);
+        return ret == Z_NEED_DICT ? Z_DATA_ERROR : ret;
+    }
+
+    // Shrink the index to only the occupied access points and return it.
+    index->mode = mode;
+    index->length = totout;
+    point_t *list = realloc(index->list, sizeof(point_t) * index->have);
+    if (list == NULL) {
+        // Seems like a realloc() to make something smaller should always work,
+        // but just in case.
+        deflate_index_free(index);
+        return Z_MEM_ERROR;
+    }
+    index->list = list;
+    *built = index;
+    return index->have;
+}
+
+#ifdef NOPRIME
+// Support zlib versions before 1.2.3 (July 2005), or incomplete zlib clones
+// that do not have inflatePrime().
+
+#  define INFLATEPRIME inflatePreface
+
+// Append the low bits bits of value to in[] at bit position *have, updating
+// *have. value must be zero above its low bits bits. bits must be positive.
+// This assumes that any bits above the *have bits in the last byte are zeros.
+// That assumption is preserved on return, as any bits above *have + bits in
+// the last byte written will be set to zeros.
+static inline void append_bits(unsigned value, int bits,
+                               unsigned char *in, int *have) {
+    in += *have >> 3;           // where the first bits from value will go
+    int k = *have & 7;          // the number of bits already there
+    *have += bits;
+    if (k)
+        *in |= value << k;      // write value above the low k bits
+    else
+        *in = value;
+    k = 8 - k;                  // the number of bits just appended
+    while (bits > k) {
+        value >>= k;            // drop the bits appended
+        bits -= k;
+        k = 8;                  // now at a byte boundary
+        *++in = value;
+    }
+}
+
+// Insert enough bits in the form of empty deflate blocks in front of the
+// low bits bits of value, in order to bring the sequence to a byte boundary.
+// Then feed that to inflate(). This does what inflatePrime() does, except that
+// a negative value of bits is not supported. bits must be in 0..16. If the
+// arguments are invalid, Z_STREAM_ERROR is returned. Otherwise the return
+// value from inflate() is returned.
+static int inflatePreface(z_stream *strm, int bits, int value) {
+    // Check input.
+    if (strm == Z_NULL || bits < 0 || bits > 16)
+        return Z_STREAM_ERROR;
+    if (bits == 0)
+        return Z_OK;
+    value &= (2 << (bits - 1)) - 1;
+
+    // An empty dynamic block with an odd number of bits (95). The high bit of
+    // the last byte is unused.
+    static const unsigned char dyn[] = {
+        4, 0xe0, 0x81, 8, 0, 0, 0, 0, 0x20, 0xa8, 0xab, 0x1f
+    };
+    const int dynlen = 95;          // number of bits in the block
+
+    // Build an input buffer for inflate that is a multiple of eight bits in
+    // length, and that ends with the low bits bits of value.
+    unsigned char in[(dynlen + 3 * 10 + 16 + 7) / 8];
+    int have = 0;
+    if (bits & 1) {
+        // Insert an empty dynamic block to get to an odd number of bits, so
+        // when bits bits from value are appended, we are at an even number of
+        // bits.
+        memcpy(in, dyn, sizeof(dyn));
+        have = dynlen;
+    }
+    while ((have + bits) & 7)
+        // Insert empty fixed blocks until appending bits bits would put us on
+        // a byte boundary. This will insert at most three fixed blocks.
+        append_bits(2, 10, in, &have);
+
+    // Append the bits bits from value, which takes us to a byte boundary.
+    append_bits(value, bits, in, &have);
+
+    // Deliver the input to inflate(). There is no output space provided, but
+    // inflate() can't get stuck waiting on output not ingesting all of the
+    // provided input. The reason is that there will be at most 16 bits of
+    // input from value after the empty deflate blocks (which themselves
+    // generate no output). At least ten bits are needed to generate the first
+    // output byte from a fixed block. The last two bytes of the buffer have to
+    // be ingested in order to get ten bits, which is the most that value can
+    // occupy.
+    strm->avail_in = have >> 3;
+    strm->next_in = in;
+    strm->avail_out = 0;
+    strm->next_out = in;                // not used, but can't be NULL
+    return inflate(strm, Z_NO_FLUSH);
+}
+
+#else
+#  define INFLATEPRIME inflatePrime
+#endif
+
+// See comments in zran.h.
+ptrdiff_t deflate_index_extract(FILE *in, struct deflate_index *index,
+                                off_t offset, unsigned char *buf, size_t len) {
+    // Do a quick sanity check on the index.
+    if (index == NULL || index->have < 1 || index->list[0].out != 0)
+        return Z_STREAM_ERROR;
+
+    // If nothing to extract, return zero bytes extracted.
+    if (len == 0 || offset < 0 || offset >= index->length)
+        return 0;
+
+    // Find the access point closest to but not after offset.
+    int lo = -1, hi = index->have;
+    point_t *point = index->list;
+    while (hi - lo > 1) {
+        int mid = (lo + hi) >> 1;
+        if (offset < point[mid].out)
+            hi = mid;
+        else
+            lo = mid;
+    }
+    point += lo;
+
+    // Initialize the input file and prime the inflate engine to start there.
+    int ret = fseeko(in, point->in - (point->bits ? 1 : 0), SEEK_SET);
+    if (ret == -1)
+        return Z_ERRNO;
+    int ch = 0;
+    if (point->bits && (ch = getc(in)) == EOF)
+        return ferror(in) ? Z_ERRNO : Z_BUF_ERROR;
+    z_stream strm = {0};
+    ret = inflateInit2(&strm, RAW);
+    if (ret != Z_OK)
+        return ret;
+    if (point->bits)
+        INFLATEPRIME(&strm, point->bits, ch >> (8 - point->bits));
+    inflateSetDictionary(&strm, point->window, WINSIZE);
+
+    // Skip uncompressed bytes until offset reached, then satisfy request.
+    unsigned char input[CHUNK];
+    unsigned char discard[WINSIZE];
+    offset -= point->out;       // number of bytes to skip to get to offset
+    size_t left = len;          // number of bytes left to read after offset
+    do {
+        if (offset) {
+            // Discard up to offset uncompressed bytes.
+            strm.avail_out = offset < WINSIZE ? (unsigned)offset : WINSIZE;
+            strm.next_out = discard;
+        }
+        else {
+            // Uncompress up to left bytes into buf.
+            strm.avail_out = left < UINT_MAX ? (unsigned)left : UINT_MAX;
+            strm.next_out = buf + len - left;
+        }
+
+        // Uncompress, setting got to the number of bytes uncompressed.
+        if (strm.avail_in == 0) {
+            // Assure available input.
+            strm.avail_in = fread(input, 1, CHUNK, in);
+            if (strm.avail_in < CHUNK && ferror(in)) {
+                ret = Z_ERRNO;
+                break;
+            }
+            strm.next_in = input;
+        }
+        unsigned got = strm.avail_out;
+        ret = inflate(&strm, Z_NO_FLUSH);
+        got -= strm.avail_out;
+
+        // Update the appropriate count.
+        if (offset)
+            offset -= got;
+        else
+            left -= got;
+
+        // If we're at the end of a gzip member and there's more to read,
+        // continue to the next gzip member.
+        if (ret == Z_STREAM_END && index->mode == GZIP) {
+            // Discard the gzip trailer.
+            unsigned drop = 8;              // length of gzip trailer
+            if (strm.avail_in >= drop) {
+                strm.avail_in -= drop;
+                strm.next_in += drop;
+            }
+            else {
+                // Read and discard the remainder of the gzip trailer.
+                drop -= strm.avail_in;
+                strm.avail_in = 0;
+                do {
+                    if (getc(in) == EOF)
+                        // The input does not have a complete trailer.
+                        return ferror(in) ? Z_ERRNO : Z_BUF_ERROR;
+                } while (--drop);
+            }
+
+            if (strm.avail_in || ungetc(getc(in), in) != EOF) {
+                // There's more after the gzip trailer. Use inflate to skip the
+                // gzip header and resume the raw inflate there.
+                inflateReset2(&strm, GZIP);
+                do {
+                    if (strm.avail_in == 0) {
+                        strm.avail_in = fread(input, 1, CHUNK, in);
+                        if (strm.avail_in < CHUNK && ferror(in)) {
+                            ret = Z_ERRNO;
+                            break;
+                        }
+                        strm.next_in = input;
+                    }
+                    strm.avail_out = WINSIZE;
+                    strm.next_out = discard;
+                    ret = inflate(&strm, Z_BLOCK);  // stop at end of header
+                } while (ret == Z_OK && (strm.data_type & 0x80) == 0);
+                if (ret != Z_OK)
+                    break;
+                inflateReset2(&strm, RAW);
+            }
+        }
+
+        // Continue until we have the requested data, the deflate data has
+        // ended, or an error is encountered.
+    } while (ret == Z_OK && left);
+    inflateEnd(&strm);
+
+    // Return the number of uncompressed bytes read into buf, or the error.
+    return ret == Z_OK || ret == Z_STREAM_END ? len - left : ret;
+}
+
+#ifdef TEST
+
+#define SPAN 1048576L       // desired distance between access points
+#define LEN 16384           // number of bytes to extract
+
+// Demonstrate the use of deflate_index_build() and deflate_index_extract() by
+// processing the file provided on the command line, and extracting LEN bytes
+// from 2/3rds of the way through the uncompressed output, writing that to
+// stdout. An offset can be provided as the second argument, in which case the
+// data is extracted from there instead.
+int main(int argc, char **argv) {
+    // Open the input file.
+    if (argc < 2 || argc > 3) {
+        fprintf(stderr, "usage: zran file.raw [offset]\n");
+        return 1;
+    }
+    FILE *in = fopen(argv[1], "rb");
+    if (in == NULL) {
+        fprintf(stderr, "zran: could not open %s for reading\n", argv[1]);
+        return 1;
+    }
+
+    // Get optional offset.
+    off_t offset = -1;
+    if (argc == 3) {
+        char *end;
+        offset = strtoll(argv[2], &end, 10);
+        if (*end || offset < 0) {
+            fprintf(stderr, "zran: %s is not a valid offset\n", argv[2]);
+            return 1;
+        }
+    }
+
+    // Build index.
+    struct deflate_index *index = NULL;
+    int len = deflate_index_build(in, SPAN, &index);
+    if (len < 0) {
+        fclose(in);
+        switch (len) {
+        case Z_MEM_ERROR:
+            fprintf(stderr, "zran: out of memory\n");
+            break;
+        case Z_BUF_ERROR:
+            fprintf(stderr, "zran: %s ended prematurely\n", argv[1]);
+            break;
+        case Z_DATA_ERROR:
+            fprintf(stderr, "zran: compressed data error in %s\n", argv[1]);
+            break;
+        case Z_ERRNO:
+            fprintf(stderr, "zran: read error on %s\n", argv[1]);
+            break;
+        default:
+            fprintf(stderr, "zran: error %d while building index\n", len);
+        }
+        return 1;
+    }
+    fprintf(stderr, "zran: built index with %d access points\n", len);
+
+    // Use index by reading some bytes from an arbitrary offset.
+    unsigned char buf[LEN];
+    if (offset == -1)
+        offset = ((index->length + 1) << 1) / 3;
+    ptrdiff_t got = deflate_index_extract(in, index, offset, buf, LEN);
+    if (got < 0)
+        fprintf(stderr, "zran: extraction failed: %s error\n",
+                got == Z_MEM_ERROR ? "out of memory" : "input corrupted");
+    else {
+        fwrite(buf, 1, got, stdout);
+        fprintf(stderr, "zran: extracted %ld bytes at %lld\n", got, offset);
+    }
+
+    // Clean up and exit.
+    deflate_index_free(index);
+    fclose(in);
+    return 0;
+}
+
+#endif
diff --git a/zlib-1.3.1/examples/zran.h b/zlib-1.3.1/examples/zran.h
new file mode 100644
index 00000000..ebf780d0
--- /dev/null
+++ b/zlib-1.3.1/examples/zran.h
@@ -0,0 +1,51 @@
+/* zran.h -- example of deflated stream indexing and random access
+ * Copyright (C) 2005, 2012, 2018, 2023 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ * Version 1.3  18 Feb 2023  Mark Adler */
+
+#include <stdio.h>
+#include "zlib.h"
+
+// Access point.
+typedef struct point {
+    off_t out;          // offset in uncompressed data
+    off_t in;           // offset in compressed file of first full byte
+    int bits;           // 0, or number of bits (1-7) from byte at in-1
+    unsigned char window[32768];    // preceding 32K of uncompressed data
+} point_t;
+
+// Access point list.
+struct deflate_index {
+    int have;           // number of access points in list
+    int mode;           // -15 for raw, 15 for zlib, or 31 for gzip
+    off_t length;       // total length of uncompressed data
+    point_t *list;      // allocated list of access points
+};
+
+// Make one pass through a zlib, gzip, or raw deflate compressed stream and
+// build an index, with access points about every span bytes of uncompressed
+// output. gzip files with multiple members are fully indexed. span should be
+// chosen to balance the speed of random access against the memory requirements
+// of the list, which is about 32K bytes per access point. The return value is
+// the number of access points on success (>= 1), Z_MEM_ERROR for out of
+// memory, Z_BUF_ERROR for a premature end of input, Z_DATA_ERROR for a format
+// or verification error in the input file, or Z_ERRNO for a file read error.
+// On success, *built points to the resulting index.
+int deflate_index_build(FILE *in, off_t span, struct deflate_index **built);
+
+// Use the index to read len bytes from offset into buf. Return the number of
+// bytes read or a negative error code. If data is requested past the end of
+// the uncompressed data, then deflate_index_extract() will return a value less
+// than len, indicating how much was actually read into buf. If given a valid
+// index, this function should not return an error unless the file was modified
+// somehow since the index was generated, given that deflate_index_build() had
+// validated all of the input. If nevertheless there is a failure, Z_BUF_ERROR
+// is returned if the compressed data ends prematurely, Z_DATA_ERROR if the
+// deflate compressed data is not valid, Z_MEM_ERROR if out of memory,
+// Z_STREAM_ERROR if the index is not valid, or Z_ERRNO if there is an error
+// reading or seeking on the input file.
+ptrdiff_t deflate_index_extract(FILE *in, struct deflate_index *index,
+                                off_t offset, unsigned char *buf, size_t len);
+
+// Deallocate an index built by deflate_index_build().
+void deflate_index_free(struct deflate_index *index);
diff --git a/zlib-1.3.1/gzclose.c b/zlib-1.3.1/gzclose.c
new file mode 100644
index 00000000..48d6a86f
--- /dev/null
+++ b/zlib-1.3.1/gzclose.c
@@ -0,0 +1,23 @@
+/* gzclose.c -- zlib gzclose() function
+ * Copyright (C) 2004, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* gzclose() is in a separate file so that it is linked in only if it is used.
+   That way the other gzclose functions can be used instead to avoid linking in
+   unneeded compression or decompression routines. */
+int ZEXPORT gzclose(gzFile file) {
+#ifndef NO_GZCOMPRESS
+    gz_statep state;
+
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    return state->mode == GZ_READ ? gzclose_r(file) : gzclose_w(file);
+#else
+    return gzclose_r(file);
+#endif
+}
diff --git a/zlib-1.3.1/gzguts.h b/zlib-1.3.1/gzguts.h
new file mode 100644
index 00000000..eba72085
--- /dev/null
+++ b/zlib-1.3.1/gzguts.h
@@ -0,0 +1,214 @@
+/* gzguts.h -- zlib internal header definitions for gz* operations
+ * Copyright (C) 2004-2024 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#ifdef _LARGEFILE64_SOURCE
+#  ifndef _LARGEFILE_SOURCE
+#    define _LARGEFILE_SOURCE 1
+#  endif
+#  undef _FILE_OFFSET_BITS
+#  undef _TIME_BITS
+#endif
+
+#ifdef HAVE_HIDDEN
+#  define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+#else
+#  define ZLIB_INTERNAL
+#endif
+
+#include <stdio.h>
+#include "zlib.h"
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#  include <limits.h>
+#endif
+
+#ifndef _POSIX_SOURCE
+#  define _POSIX_SOURCE
+#endif
+#include <fcntl.h>
+
+#ifdef _WIN32
+#  include <stddef.h>
+#endif
+
+#if defined(__TURBOC__) || defined(_MSC_VER) || defined(_WIN32)
+#  include <io.h>
+#endif
+
+#if defined(_WIN32)
+#  define WIDECHAR
+#endif
+
+#ifdef WINAPI_FAMILY
+#  define open _open
+#  define read _read
+#  define write _write
+#  define close _close
+#endif
+
+#ifdef NO_DEFLATE       /* for compatibility with old definition */
+#  define NO_GZCOMPRESS
+#endif
+
+#if defined(STDC99) || (defined(__TURBOC__) && __TURBOC__ >= 0x550)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+
+#if defined(__CYGWIN__)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+
+#if defined(MSDOS) && defined(__BORLANDC__) && (BORLANDC > 0x410)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+
+#ifndef HAVE_VSNPRINTF
+#  ifdef MSDOS
+/* vsnprintf may exist on some MS-DOS compilers (DJGPP?),
+   but for now we just assume it doesn't. */
+#    define NO_vsnprintf
+#  endif
+#  ifdef __TURBOC__
+#    define NO_vsnprintf
+#  endif
+#  ifdef WIN32
+/* In Win32, vsnprintf is available as the "non-ANSI" _vsnprintf. */
+#    if !defined(vsnprintf) && !defined(NO_vsnprintf)
+#      if !defined(_MSC_VER) || ( defined(_MSC_VER) && _MSC_VER < 1500 )
+#         define vsnprintf _vsnprintf
+#      endif
+#    endif
+#  endif
+#  ifdef __SASC
+#    define NO_vsnprintf
+#  endif
+#  ifdef VMS
+#    define NO_vsnprintf
+#  endif
+#  ifdef __OS400__
+#    define NO_vsnprintf
+#  endif
+#  ifdef __MVS__
+#    define NO_vsnprintf
+#  endif
+#endif
+
+/* unlike snprintf (which is required in C99), _snprintf does not guarantee
+   null termination of the result -- however this is only used in gzlib.c where
+   the result is assured to fit in the space provided */
+#if defined(_MSC_VER) && _MSC_VER < 1900
+#  define snprintf _snprintf
+#endif
+
+#ifndef local
+#  define local static
+#endif
+/* since "static" is used to mean two completely different things in C, we
+   define "local" for the non-static meaning of "static", for readability
+   (compile with -Dlocal if your debugger can't find static symbols) */
+
+/* gz* functions always use library allocation functions */
+#ifndef STDC
+  extern voidp  malloc(uInt size);
+  extern void   free(voidpf ptr);
+#endif
+
+/* get errno and strerror definition */
+#if defined UNDER_CE
+#  include <windows.h>
+#  define zstrerror() gz_strwinerror((DWORD)GetLastError())
+#else
+#  ifndef NO_STRERROR
+#    include <errno.h>
+#    define zstrerror() strerror(errno)
+#  else
+#    define zstrerror() "stdio error (consult errno)"
+#  endif
+#endif
+
+/* provide prototypes for these when building zlib without LFS */
+#if !defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0
+    ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+    ZEXTERN z_off64_t ZEXPORT gzseek64(gzFile, z_off64_t, int);
+    ZEXTERN z_off64_t ZEXPORT gztell64(gzFile);
+    ZEXTERN z_off64_t ZEXPORT gzoffset64(gzFile);
+#endif
+
+/* default memLevel */
+#if MAX_MEM_LEVEL >= 8
+#  define DEF_MEM_LEVEL 8
+#else
+#  define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#endif
+
+/* default i/o buffer size -- double this for output when reading (this and
+   twice this must be able to fit in an unsigned type) */
+#define GZBUFSIZE 8192
+
+/* gzip modes, also provide a little integrity check on the passed structure */
+#define GZ_NONE 0
+#define GZ_READ 7247
+#define GZ_WRITE 31153
+#define GZ_APPEND 1     /* mode set to GZ_WRITE after the file is opened */
+
+/* values for gz_state how */
+#define LOOK 0      /* look for a gzip header */
+#define COPY 1      /* copy input directly */
+#define GZIP 2      /* decompress a gzip stream */
+
+/* internal gzip file state data structure */
+typedef struct {
+        /* exposed contents for gzgetc() macro */
+    struct gzFile_s x;      /* "x" for exposed */
+                            /* x.have: number of bytes available at x.next */
+                            /* x.next: next output data to deliver or write */
+                            /* x.pos: current position in uncompressed data */
+        /* used for both reading and writing */
+    int mode;               /* see gzip modes above */
+    int fd;                 /* file descriptor */
+    char *path;             /* path or fd for error messages */
+    unsigned size;          /* buffer size, zero if not allocated yet */
+    unsigned want;          /* requested buffer size, default is GZBUFSIZE */
+    unsigned char *in;      /* input buffer (double-sized when writing) */
+    unsigned char *out;     /* output buffer (double-sized when reading) */
+    int direct;             /* 0 if processing gzip, 1 if transparent */
+        /* just for reading */
+    int how;                /* 0: get header, 1: copy, 2: decompress */
+    z_off64_t start;        /* where the gzip data started, for rewinding */
+    int eof;                /* true if end of input file reached */
+    int past;               /* true if read requested past end */
+        /* just for writing */
+    int level;              /* compression level */
+    int strategy;           /* compression strategy */
+    int reset;              /* true if a reset is pending after a Z_FINISH */
+        /* seek request */
+    z_off64_t skip;         /* amount to skip (already rewound if backwards) */
+    int seek;               /* true if seek request pending */
+        /* error information */
+    int err;                /* error code */
+    char *msg;              /* error message */
+        /* zlib inflate or deflate stream */
+    z_stream strm;          /* stream structure in-place (not a pointer) */
+} gz_state;
+typedef gz_state FAR *gz_statep;
+
+/* shared functions */
+void ZLIB_INTERNAL gz_error(gz_statep, int, const char *);
+#if defined UNDER_CE
+char ZLIB_INTERNAL *gz_strwinerror(DWORD error);
+#endif
+
+/* GT_OFF(x), where x is an unsigned value, is true if x > maximum z_off64_t
+   value -- needed when comparing unsigned to z_off64_t, which is signed
+   (possible z_off64_t types off_t, off64_t, and long are all signed) */
+unsigned ZLIB_INTERNAL gz_intmax(void);
+#define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > gz_intmax())
diff --git a/zlib-1.3.1/gzlib.c b/zlib-1.3.1/gzlib.c
new file mode 100644
index 00000000..983153cc
--- /dev/null
+++ b/zlib-1.3.1/gzlib.c
@@ -0,0 +1,582 @@
+/* gzlib.c -- zlib functions common to reading and writing gzip files
+ * Copyright (C) 2004-2024 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+#if defined(_WIN32) && !defined(__BORLANDC__)
+#  define LSEEK _lseeki64
+#else
+#if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0
+#  define LSEEK lseek64
+#else
+#  define LSEEK lseek
+#endif
+#endif
+
+#if defined UNDER_CE
+
+/* Map the Windows error number in ERROR to a locale-dependent error message
+   string and return a pointer to it.  Typically, the values for ERROR come
+   from GetLastError.
+
+   The string pointed to shall not be modified by the application, but may be
+   overwritten by a subsequent call to gz_strwinerror
+
+   The gz_strwinerror function does not change the current setting of
+   GetLastError. */
+char ZLIB_INTERNAL *gz_strwinerror(DWORD error) {
+    static char buf[1024];
+
+    wchar_t *msgbuf;
+    DWORD lasterr = GetLastError();
+    DWORD chars = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM
+        | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+        NULL,
+        error,
+        0, /* Default language */
+        (LPVOID)&msgbuf,
+        0,
+        NULL);
+    if (chars != 0) {
+        /* If there is an \r\n appended, zap it.  */
+        if (chars >= 2
+            && msgbuf[chars - 2] == '\r' && msgbuf[chars - 1] == '\n') {
+            chars -= 2;
+            msgbuf[chars] = 0;
+        }
+
+        if (chars > sizeof (buf) - 1) {
+            chars = sizeof (buf) - 1;
+            msgbuf[chars] = 0;
+        }
+
+        wcstombs(buf, msgbuf, chars + 1);
+        LocalFree(msgbuf);
+    }
+    else {
+        sprintf(buf, "unknown win32 error (%ld)", error);
+    }
+
+    SetLastError(lasterr);
+    return buf;
+}
+
+#endif /* UNDER_CE */
+
+/* Reset gzip file state */
+local void gz_reset(gz_statep state) {
+    state->x.have = 0;              /* no output data available */
+    if (state->mode == GZ_READ) {   /* for reading ... */
+        state->eof = 0;             /* not at end of file */
+        state->past = 0;            /* have not read past end yet */
+        state->how = LOOK;          /* look for gzip header */
+    }
+    else                            /* for writing ... */
+        state->reset = 0;           /* no deflateReset pending */
+    state->seek = 0;                /* no seek request pending */
+    gz_error(state, Z_OK, NULL);    /* clear error */
+    state->x.pos = 0;               /* no uncompressed data yet */
+    state->strm.avail_in = 0;       /* no input data yet */
+}
+
+/* Open a gzip file either by name or file descriptor. */
+local gzFile gz_open(const void *path, int fd, const char *mode) {
+    gz_statep state;
+    z_size_t len;
+    int oflag;
+#ifdef O_CLOEXEC
+    int cloexec = 0;
+#endif
+#ifdef O_EXCL
+    int exclusive = 0;
+#endif
+
+    /* check input */
+    if (path == NULL)
+        return NULL;
+
+    /* allocate gzFile structure to return */
+    state = (gz_statep)malloc(sizeof(gz_state));
+    if (state == NULL)
+        return NULL;
+    state->size = 0;            /* no buffers allocated yet */
+    state->want = GZBUFSIZE;    /* requested buffer size */
+    state->msg = NULL;          /* no error message yet */
+
+    /* interpret mode */
+    state->mode = GZ_NONE;
+    state->level = Z_DEFAULT_COMPRESSION;
+    state->strategy = Z_DEFAULT_STRATEGY;
+    state->direct = 0;
+    while (*mode) {
+        if (*mode >= '0' && *mode <= '9')
+            state->level = *mode - '0';
+        else
+            switch (*mode) {
+            case 'r':
+                state->mode = GZ_READ;
+                break;
+#ifndef NO_GZCOMPRESS
+            case 'w':
+                state->mode = GZ_WRITE;
+                break;
+            case 'a':
+                state->mode = GZ_APPEND;
+                break;
+#endif
+            case '+':       /* can't read and write at the same time */
+                free(state);
+                return NULL;
+            case 'b':       /* ignore -- will request binary anyway */
+                break;
+#ifdef O_CLOEXEC
+            case 'e':
+                cloexec = 1;
+                break;
+#endif
+#ifdef O_EXCL
+            case 'x':
+                exclusive = 1;
+                break;
+#endif
+            case 'f':
+                state->strategy = Z_FILTERED;
+                break;
+            case 'h':
+                state->strategy = Z_HUFFMAN_ONLY;
+                break;
+            case 'R':
+                state->strategy = Z_RLE;
+                break;
+            case 'F':
+                state->strategy = Z_FIXED;
+                break;
+            case 'T':
+                state->direct = 1;
+                break;
+            default:        /* could consider as an error, but just ignore */
+                ;
+            }
+        mode++;
+    }
+
+    /* must provide an "r", "w", or "a" */
+    if (state->mode == GZ_NONE) {
+        free(state);
+        return NULL;
+    }
+
+    /* can't force transparent read */
+    if (state->mode == GZ_READ) {
+        if (state->direct) {
+            free(state);
+            return NULL;
+        }
+        state->direct = 1;      /* for empty file */
+    }
+
+    /* save the path name for error messages */
+#ifdef WIDECHAR
+    if (fd == -2) {
+        len = wcstombs(NULL, path, 0);
+        if (len == (z_size_t)-1)
+            len = 0;
+    }
+    else
+#endif
+        len = strlen((const char *)path);
+    state->path = (char *)malloc(len + 1);
+    if (state->path == NULL) {
+        free(state);
+        return NULL;
+    }
+#ifdef WIDECHAR
+    if (fd == -2)
+        if (len)
+            wcstombs(state->path, path, len + 1);
+        else
+            *(state->path) = 0;
+    else
+#endif
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+        (void)snprintf(state->path, len + 1, "%s", (const char *)path);
+#else
+        strcpy(state->path, path);
+#endif
+
+    /* compute the flags for open() */
+    oflag =
+#ifdef O_LARGEFILE
+        O_LARGEFILE |
+#endif
+#ifdef O_BINARY
+        O_BINARY |
+#endif
+#ifdef O_CLOEXEC
+        (cloexec ? O_CLOEXEC : 0) |
+#endif
+        (state->mode == GZ_READ ?
+         O_RDONLY :
+         (O_WRONLY | O_CREAT |
+#ifdef O_EXCL
+          (exclusive ? O_EXCL : 0) |
+#endif
+          (state->mode == GZ_WRITE ?
+           O_TRUNC :
+           O_APPEND)));
+
+    /* open the file with the appropriate flags (or just use fd) */
+    state->fd = fd > -1 ? fd : (
+#ifdef WIDECHAR
+        fd == -2 ? _wopen(path, oflag, 0666) :
+#endif
+        open((const char *)path, oflag, 0666));
+    if (state->fd == -1) {
+        free(state->path);
+        free(state);
+        return NULL;
+    }
+    if (state->mode == GZ_APPEND) {
+        LSEEK(state->fd, 0, SEEK_END);  /* so gzoffset() is correct */
+        state->mode = GZ_WRITE;         /* simplify later checks */
+    }
+
+    /* save the current position for rewinding (only if reading) */
+    if (state->mode == GZ_READ) {
+        state->start = LSEEK(state->fd, 0, SEEK_CUR);
+        if (state->start == -1) state->start = 0;
+    }
+
+    /* initialize stream */
+    gz_reset(state);
+
+    /* return stream */
+    return (gzFile)state;
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzopen(const char *path, const char *mode) {
+    return gz_open(path, -1, mode);
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzopen64(const char *path, const char *mode) {
+    return gz_open(path, -1, mode);
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzdopen(int fd, const char *mode) {
+    char *path;         /* identifier for error messages */
+    gzFile gz;
+
+    if (fd == -1 || (path = (char *)malloc(7 + 3 * sizeof(int))) == NULL)
+        return NULL;
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    (void)snprintf(path, 7 + 3 * sizeof(int), "<fd:%d>", fd);
+#else
+    sprintf(path, "<fd:%d>", fd);   /* for debugging */
+#endif
+    gz = gz_open(path, fd, mode);
+    free(path);
+    return gz;
+}
+
+/* -- see zlib.h -- */
+#ifdef WIDECHAR
+gzFile ZEXPORT gzopen_w(const wchar_t *path, const char *mode) {
+    return gz_open(path, -2, mode);
+}
+#endif
+
+/* -- see zlib.h -- */
+int ZEXPORT gzbuffer(gzFile file, unsigned size) {
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* make sure we haven't already allocated memory */
+    if (state->size != 0)
+        return -1;
+
+    /* check and set requested size */
+    if ((size << 1) < size)
+        return -1;              /* need to be able to double it */
+    if (size < 8)
+        size = 8;               /* needed to behave well with flushing */
+    state->want = size;
+    return 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzrewind(gzFile file) {
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ ||
+            (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* back up and start over */
+    if (LSEEK(state->fd, state->start, SEEK_SET) == -1)
+        return -1;
+    gz_reset(state);
+    return 0;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gzseek64(gzFile file, z_off64_t offset, int whence) {
+    unsigned n;
+    z_off64_t ret;
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* check that there's no error */
+    if (state->err != Z_OK && state->err != Z_BUF_ERROR)
+        return -1;
+
+    /* can only seek from start or relative to current position */
+    if (whence != SEEK_SET && whence != SEEK_CUR)
+        return -1;
+
+    /* normalize offset to a SEEK_CUR specification */
+    if (whence == SEEK_SET)
+        offset -= state->x.pos;
+    else if (state->seek)
+        offset += state->skip;
+    state->seek = 0;
+
+    /* if within raw area while reading, just go there */
+    if (state->mode == GZ_READ && state->how == COPY &&
+            state->x.pos + offset >= 0) {
+        ret = LSEEK(state->fd, offset - (z_off64_t)state->x.have, SEEK_CUR);
+        if (ret == -1)
+            return -1;
+        state->x.have = 0;
+        state->eof = 0;
+        state->past = 0;
+        state->seek = 0;
+        gz_error(state, Z_OK, NULL);
+        state->strm.avail_in = 0;
+        state->x.pos += offset;
+        return state->x.pos;
+    }
+
+    /* calculate skip amount, rewinding if needed for back seek when reading */
+    if (offset < 0) {
+        if (state->mode != GZ_READ)         /* writing -- can't go backwards */
+            return -1;
+        offset += state->x.pos;
+        if (offset < 0)                     /* before start of file! */
+            return -1;
+        if (gzrewind(file) == -1)           /* rewind, then skip to offset */
+            return -1;
+    }
+
+    /* if reading, skip what's in output buffer (one less gzgetc() check) */
+    if (state->mode == GZ_READ) {
+        n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > offset ?
+            (unsigned)offset : state->x.have;
+        state->x.have -= n;
+        state->x.next += n;
+        state->x.pos += n;
+        offset -= n;
+    }
+
+    /* request skip (if not zero) */
+    if (offset) {
+        state->seek = 1;
+        state->skip = offset;
+    }
+    return state->x.pos + offset;
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gzseek(gzFile file, z_off_t offset, int whence) {
+    z_off64_t ret;
+
+    ret = gzseek64(file, (z_off64_t)offset, whence);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gztell64(gzFile file) {
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* return position */
+    return state->x.pos + (state->seek ? state->skip : 0);
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gztell(gzFile file) {
+    z_off64_t ret;
+
+    ret = gztell64(file);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gzoffset64(gzFile file) {
+    z_off64_t offset;
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* compute and return effective offset in file */
+    offset = LSEEK(state->fd, 0, SEEK_CUR);
+    if (offset == -1)
+        return -1;
+    if (state->mode == GZ_READ)             /* reading */
+        offset -= state->strm.avail_in;     /* don't count buffered input */
+    return offset;
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gzoffset(gzFile file) {
+    z_off64_t ret;
+
+    ret = gzoffset64(file);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzeof(gzFile file) {
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return 0;
+
+    /* return end-of-file state */
+    return state->mode == GZ_READ ? state->past : 0;
+}
+
+/* -- see zlib.h -- */
+const char * ZEXPORT gzerror(gzFile file, int *errnum) {
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return NULL;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return NULL;
+
+    /* return error information */
+    if (errnum != NULL)
+        *errnum = state->err;
+    return state->err == Z_MEM_ERROR ? "out of memory" :
+                                       (state->msg == NULL ? "" : state->msg);
+}
+
+/* -- see zlib.h -- */
+void ZEXPORT gzclearerr(gzFile file) {
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return;
+
+    /* clear error and end-of-file */
+    if (state->mode == GZ_READ) {
+        state->eof = 0;
+        state->past = 0;
+    }
+    gz_error(state, Z_OK, NULL);
+}
+
+/* Create an error message in allocated memory and set state->err and
+   state->msg accordingly.  Free any previous error message already there.  Do
+   not try to free or allocate space if the error is Z_MEM_ERROR (out of
+   memory).  Simply save the error message as a static string.  If there is an
+   allocation failure constructing the error message, then convert the error to
+   out of memory. */
+void ZLIB_INTERNAL gz_error(gz_statep state, int err, const char *msg) {
+    /* free previously allocated message and clear */
+    if (state->msg != NULL) {
+        if (state->err != Z_MEM_ERROR)
+            free(state->msg);
+        state->msg = NULL;
+    }
+
+    /* if fatal, set state->x.have to 0 so that the gzgetc() macro fails */
+    if (err != Z_OK && err != Z_BUF_ERROR)
+        state->x.have = 0;
+
+    /* set error code, and if no message, then done */
+    state->err = err;
+    if (msg == NULL)
+        return;
+
+    /* for an out of memory error, return literal string when requested */
+    if (err == Z_MEM_ERROR)
+        return;
+
+    /* construct error message with path */
+    if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
+            NULL) {
+        state->err = Z_MEM_ERROR;
+        return;
+    }
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    (void)snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
+                   "%s%s%s", state->path, ": ", msg);
+#else
+    strcpy(state->msg, state->path);
+    strcat(state->msg, ": ");
+    strcat(state->msg, msg);
+#endif
+}
+
+/* portably return maximum value for an int (when limits.h presumed not
+   available) -- we need to do this to cover cases where 2's complement not
+   used, since C standard permits 1's complement and sign-bit representations,
+   otherwise we could just use ((unsigned)-1) >> 1 */
+unsigned ZLIB_INTERNAL gz_intmax(void) {
+#ifdef INT_MAX
+    return INT_MAX;
+#else
+    unsigned p = 1, q;
+    do {
+        q = p;
+        p <<= 1;
+        p++;
+    } while (p > q);
+    return q >> 1;
+#endif
+}
diff --git a/zlib-1.3.1/gzread.c b/zlib-1.3.1/gzread.c
new file mode 100644
index 00000000..4168cbc8
--- /dev/null
+++ b/zlib-1.3.1/gzread.c
@@ -0,0 +1,602 @@
+/* gzread.c -- zlib functions for reading gzip files
+ * Copyright (C) 2004-2017 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* Use read() to load a buffer -- return -1 on error, otherwise 0.  Read from
+   state->fd, and update state->eof, state->err, and state->msg as appropriate.
+   This function needs to loop on read(), since read() is not guaranteed to
+   read the number of bytes requested, depending on the type of descriptor. */
+local int gz_load(gz_statep state, unsigned char *buf, unsigned len,
+                  unsigned *have) {
+    int ret;
+    unsigned get, max = ((unsigned)-1 >> 2) + 1;
+
+    *have = 0;
+    do {
+        get = len - *have;
+        if (get > max)
+            get = max;
+        ret = read(state->fd, buf + *have, get);
+        if (ret <= 0)
+            break;
+        *have += (unsigned)ret;
+    } while (*have < len);
+    if (ret < 0) {
+        gz_error(state, Z_ERRNO, zstrerror());
+        return -1;
+    }
+    if (ret == 0)
+        state->eof = 1;
+    return 0;
+}
+
+/* Load up input buffer and set eof flag if last data loaded -- return -1 on
+   error, 0 otherwise.  Note that the eof flag is set when the end of the input
+   file is reached, even though there may be unused data in the buffer.  Once
+   that data has been used, no more attempts will be made to read the file.
+   If strm->avail_in != 0, then the current data is moved to the beginning of
+   the input buffer, and then the remainder of the buffer is loaded with the
+   available data from the input file. */
+local int gz_avail(gz_statep state) {
+    unsigned got;
+    z_streamp strm = &(state->strm);
+
+    if (state->err != Z_OK && state->err != Z_BUF_ERROR)
+        return -1;
+    if (state->eof == 0) {
+        if (strm->avail_in) {       /* copy what's there to the start */
+            unsigned char *p = state->in;
+            unsigned const char *q = strm->next_in;
+            unsigned n = strm->avail_in;
+            do {
+                *p++ = *q++;
+            } while (--n);
+        }
+        if (gz_load(state, state->in + strm->avail_in,
+                    state->size - strm->avail_in, &got) == -1)
+            return -1;
+        strm->avail_in += got;
+        strm->next_in = state->in;
+    }
+    return 0;
+}
+
+/* Look for gzip header, set up for inflate or copy.  state->x.have must be 0.
+   If this is the first time in, allocate required memory.  state->how will be
+   left unchanged if there is no more input data available, will be set to COPY
+   if there is no gzip header and direct copying will be performed, or it will
+   be set to GZIP for decompression.  If direct copying, then leftover input
+   data from the input buffer will be copied to the output buffer.  In that
+   case, all further file reads will be directly to either the output buffer or
+   a user buffer.  If decompressing, the inflate state will be initialized.
+   gz_look() will return 0 on success or -1 on failure. */
+local int gz_look(gz_statep state) {
+    z_streamp strm = &(state->strm);
+
+    /* allocate read buffers and inflate memory */
+    if (state->size == 0) {
+        /* allocate buffers */
+        state->in = (unsigned char *)malloc(state->want);
+        state->out = (unsigned char *)malloc(state->want << 1);
+        if (state->in == NULL || state->out == NULL) {
+            free(state->out);
+            free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        state->size = state->want;
+
+        /* allocate inflate memory */
+        state->strm.zalloc = Z_NULL;
+        state->strm.zfree = Z_NULL;
+        state->strm.opaque = Z_NULL;
+        state->strm.avail_in = 0;
+        state->strm.next_in = Z_NULL;
+        if (inflateInit2(&(state->strm), 15 + 16) != Z_OK) {    /* gunzip */
+            free(state->out);
+            free(state->in);
+            state->size = 0;
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+    }
+
+    /* get at least the magic bytes in the input buffer */
+    if (strm->avail_in < 2) {
+        if (gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in == 0)
+            return 0;
+    }
+
+    /* look for gzip magic bytes -- if there, do gzip decoding (note: there is
+       a logical dilemma here when considering the case of a partially written
+       gzip file, to wit, if a single 31 byte is written, then we cannot tell
+       whether this is a single-byte file, or just a partially written gzip
+       file -- for here we assume that if a gzip file is being written, then
+       the header will be written in a single operation, so that reading a
+       single byte is sufficient indication that it is not a gzip file) */
+    if (strm->avail_in > 1 &&
+            strm->next_in[0] == 31 && strm->next_in[1] == 139) {
+        inflateReset(strm);
+        state->how = GZIP;
+        state->direct = 0;
+        return 0;
+    }
+
+    /* no gzip header -- if we were decoding gzip before, then this is trailing
+       garbage.  Ignore the trailing garbage and finish. */
+    if (state->direct == 0) {
+        strm->avail_in = 0;
+        state->eof = 1;
+        state->x.have = 0;
+        return 0;
+    }
+
+    /* doing raw i/o, copy any leftover input to output -- this assumes that
+       the output buffer is larger than the input buffer, which also assures
+       space for gzungetc() */
+    state->x.next = state->out;
+    memcpy(state->x.next, strm->next_in, strm->avail_in);
+    state->x.have = strm->avail_in;
+    strm->avail_in = 0;
+    state->how = COPY;
+    state->direct = 1;
+    return 0;
+}
+
+/* Decompress from input to the provided next_out and avail_out in the state.
+   On return, state->x.have and state->x.next point to the just decompressed
+   data.  If the gzip stream completes, state->how is reset to LOOK to look for
+   the next gzip stream or raw data, once state->x.have is depleted.  Returns 0
+   on success, -1 on failure. */
+local int gz_decomp(gz_statep state) {
+    int ret = Z_OK;
+    unsigned had;
+    z_streamp strm = &(state->strm);
+
+    /* fill output buffer up to end of deflate stream */
+    had = strm->avail_out;
+    do {
+        /* get more input for inflate() */
+        if (strm->avail_in == 0 && gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in == 0) {
+            gz_error(state, Z_BUF_ERROR, "unexpected end of file");
+            break;
+        }
+
+        /* decompress and handle errors */
+        ret = inflate(strm, Z_NO_FLUSH);
+        if (ret == Z_STREAM_ERROR || ret == Z_NEED_DICT) {
+            gz_error(state, Z_STREAM_ERROR,
+                     "internal error: inflate stream corrupt");
+            return -1;
+        }
+        if (ret == Z_MEM_ERROR) {
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        if (ret == Z_DATA_ERROR) {              /* deflate stream invalid */
+            gz_error(state, Z_DATA_ERROR,
+                     strm->msg == NULL ? "compressed data error" : strm->msg);
+            return -1;
+        }
+    } while (strm->avail_out && ret != Z_STREAM_END);
+
+    /* update available output */
+    state->x.have = had - strm->avail_out;
+    state->x.next = strm->next_out - state->x.have;
+
+    /* if the gzip stream completed successfully, look for another */
+    if (ret == Z_STREAM_END)
+        state->how = LOOK;
+
+    /* good decompression */
+    return 0;
+}
+
+/* Fetch data and put it in the output buffer.  Assumes state->x.have is 0.
+   Data is either copied from the input file or decompressed from the input
+   file depending on state->how.  If state->how is LOOK, then a gzip header is
+   looked for to determine whether to copy or decompress.  Returns -1 on error,
+   otherwise 0.  gz_fetch() will leave state->how as COPY or GZIP unless the
+   end of the input file has been reached and all data has been processed.  */
+local int gz_fetch(gz_statep state) {
+    z_streamp strm = &(state->strm);
+
+    do {
+        switch(state->how) {
+        case LOOK:      /* -> LOOK, COPY (only if never GZIP), or GZIP */
+            if (gz_look(state) == -1)
+                return -1;
+            if (state->how == LOOK)
+                return 0;
+            break;
+        case COPY:      /* -> COPY */
+            if (gz_load(state, state->out, state->size << 1, &(state->x.have))
+                    == -1)
+                return -1;
+            state->x.next = state->out;
+            return 0;
+        case GZIP:      /* -> GZIP or LOOK (if end of gzip stream) */
+            strm->avail_out = state->size << 1;
+            strm->next_out = state->out;
+            if (gz_decomp(state) == -1)
+                return -1;
+        }
+    } while (state->x.have == 0 && (!state->eof || strm->avail_in));
+    return 0;
+}
+
+/* Skip len uncompressed bytes of output.  Return -1 on error, 0 on success. */
+local int gz_skip(gz_statep state, z_off64_t len) {
+    unsigned n;
+
+    /* skip over len bytes or reach end-of-file, whichever comes first */
+    while (len)
+        /* skip over whatever is in output buffer */
+        if (state->x.have) {
+            n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > len ?
+                (unsigned)len : state->x.have;
+            state->x.have -= n;
+            state->x.next += n;
+            state->x.pos += n;
+            len -= n;
+        }
+
+        /* output buffer empty -- return if we're at the end of the input */
+        else if (state->eof && state->strm.avail_in == 0)
+            break;
+
+        /* need more data to skip -- load up output buffer */
+        else {
+            /* get more output, looking for header if required */
+            if (gz_fetch(state) == -1)
+                return -1;
+        }
+    return 0;
+}
+
+/* Read len bytes into buf from file, or less than len up to the end of the
+   input.  Return the number of bytes read.  If zero is returned, either the
+   end of file was reached, or there was an error.  state->err must be
+   consulted in that case to determine which. */
+local z_size_t gz_read(gz_statep state, voidp buf, z_size_t len) {
+    z_size_t got;
+    unsigned n;
+
+    /* if len is zero, avoid unnecessary operations */
+    if (len == 0)
+        return 0;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* get len bytes to buf, or less than len if at the end */
+    got = 0;
+    do {
+        /* set n to the maximum amount of len that fits in an unsigned int */
+        n = (unsigned)-1;
+        if (n > len)
+            n = (unsigned)len;
+
+        /* first just try copying data from the output buffer */
+        if (state->x.have) {
+            if (state->x.have < n)
+                n = state->x.have;
+            memcpy(buf, state->x.next, n);
+            state->x.next += n;
+            state->x.have -= n;
+        }
+
+        /* output buffer empty -- return if we're at the end of the input */
+        else if (state->eof && state->strm.avail_in == 0) {
+            state->past = 1;        /* tried to read past end */
+            break;
+        }
+
+        /* need output data -- for small len or new stream load up our output
+           buffer */
+        else if (state->how == LOOK || n < (state->size << 1)) {
+            /* get more output, looking for header if required */
+            if (gz_fetch(state) == -1)
+                return 0;
+            continue;       /* no progress yet -- go back to copy above */
+            /* the copy above assures that we will leave with space in the
+               output buffer, allowing at least one gzungetc() to succeed */
+        }
+
+        /* large len -- read directly into user buffer */
+        else if (state->how == COPY) {      /* read directly */
+            if (gz_load(state, (unsigned char *)buf, n, &n) == -1)
+                return 0;
+        }
+
+        /* large len -- decompress directly into user buffer */
+        else {  /* state->how == GZIP */
+            state->strm.avail_out = n;
+            state->strm.next_out = (unsigned char *)buf;
+            if (gz_decomp(state) == -1)
+                return 0;
+            n = state->x.have;
+            state->x.have = 0;
+        }
+
+        /* update progress */
+        len -= n;
+        buf = (char *)buf + n;
+        got += n;
+        state->x.pos += n;
+    } while (len);
+
+    /* return number of bytes read into user buffer */
+    return got;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzread(gzFile file, voidp buf, unsigned len) {
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+            (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* since an int is returned, make sure len fits in one, otherwise return
+       with an error (this avoids a flaw in the interface) */
+    if ((int)len < 0) {
+        gz_error(state, Z_STREAM_ERROR, "request does not fit in an int");
+        return -1;
+    }
+
+    /* read len or fewer bytes to buf */
+    len = (unsigned)gz_read(state, buf, len);
+
+    /* check for an error */
+    if (len == 0 && state->err != Z_OK && state->err != Z_BUF_ERROR)
+        return -1;
+
+    /* return the number of bytes read (this is assured to fit in an int) */
+    return (int)len;
+}
+
+/* -- see zlib.h -- */
+z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems, gzFile file) {
+    z_size_t len;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+            (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return 0;
+
+    /* compute bytes to read -- error on overflow */
+    len = nitems * size;
+    if (size && len / size != nitems) {
+        gz_error(state, Z_STREAM_ERROR, "request does not fit in a size_t");
+        return 0;
+    }
+
+    /* read len or fewer bytes to buf, return the number of full items read */
+    return len ? gz_read(state, buf, len) / size : 0;
+}
+
+/* -- see zlib.h -- */
+#ifdef Z_PREFIX_SET
+#  undef z_gzgetc
+#else
+#  undef gzgetc
+#endif
+int ZEXPORT gzgetc(gzFile file) {
+    unsigned char buf[1];
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+        (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* try output buffer (no need to check for skip request) */
+    if (state->x.have) {
+        state->x.have--;
+        state->x.pos++;
+        return *(state->x.next)++;
+    }
+
+    /* nothing there -- try gz_read() */
+    return gz_read(state, buf, 1) < 1 ? -1 : buf[0];
+}
+
+int ZEXPORT gzgetc_(gzFile file) {
+    return gzgetc(file);
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzungetc(int c, gzFile file) {
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* in case this was just opened, set up the input buffer */
+    if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0)
+        (void)gz_look(state);
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+        (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* can't push EOF */
+    if (c < 0)
+        return -1;
+
+    /* if output buffer empty, put byte at end (allows more pushing) */
+    if (state->x.have == 0) {
+        state->x.have = 1;
+        state->x.next = state->out + (state->size << 1) - 1;
+        state->x.next[0] = (unsigned char)c;
+        state->x.pos--;
+        state->past = 0;
+        return c;
+    }
+
+    /* if no room, give up (must have already done a gzungetc()) */
+    if (state->x.have == (state->size << 1)) {
+        gz_error(state, Z_DATA_ERROR, "out of room to push characters");
+        return -1;
+    }
+
+    /* slide output data if needed and insert byte before existing data */
+    if (state->x.next == state->out) {
+        unsigned char *src = state->out + state->x.have;
+        unsigned char *dest = state->out + (state->size << 1);
+        while (src > state->out)
+            *--dest = *--src;
+        state->x.next = dest;
+    }
+    state->x.have++;
+    state->x.next--;
+    state->x.next[0] = (unsigned char)c;
+    state->x.pos--;
+    state->past = 0;
+    return c;
+}
+
+/* -- see zlib.h -- */
+char * ZEXPORT gzgets(gzFile file, char *buf, int len) {
+    unsigned left, n;
+    char *str;
+    unsigned char *eol;
+    gz_statep state;
+
+    /* check parameters and get internal structure */
+    if (file == NULL || buf == NULL || len < 1)
+        return NULL;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+        (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return NULL;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return NULL;
+    }
+
+    /* copy output bytes up to new line or len - 1, whichever comes first --
+       append a terminating zero to the string (we don't check for a zero in
+       the contents, let the user worry about that) */
+    str = buf;
+    left = (unsigned)len - 1;
+    if (left) do {
+        /* assure that something is in the output buffer */
+        if (state->x.have == 0 && gz_fetch(state) == -1)
+            return NULL;                /* error */
+        if (state->x.have == 0) {       /* end of file */
+            state->past = 1;            /* read past end */
+            break;                      /* return what we have */
+        }
+
+        /* look for end-of-line in current output buffer */
+        n = state->x.have > left ? left : state->x.have;
+        eol = (unsigned char *)memchr(state->x.next, '\n', n);
+        if (eol != NULL)
+            n = (unsigned)(eol - state->x.next) + 1;
+
+        /* copy through end-of-line, or remainder if not found */
+        memcpy(buf, state->x.next, n);
+        state->x.have -= n;
+        state->x.next += n;
+        state->x.pos += n;
+        left -= n;
+        buf += n;
+    } while (left && eol == NULL);
+
+    /* return terminated string, or if nothing, end of file */
+    if (buf == str)
+        return NULL;
+    buf[0] = 0;
+    return str;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzdirect(gzFile file) {
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* if the state is not known, but we can find out, then do so (this is
+       mainly for right after a gzopen() or gzdopen()) */
+    if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0)
+        (void)gz_look(state);
+
+    /* return 1 if transparent, 0 if processing a gzip stream */
+    return state->direct;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzclose_r(gzFile file) {
+    int ret, err;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're reading */
+    if (state->mode != GZ_READ)
+        return Z_STREAM_ERROR;
+
+    /* free memory and close file */
+    if (state->size) {
+        inflateEnd(&(state->strm));
+        free(state->out);
+        free(state->in);
+    }
+    err = state->err == Z_BUF_ERROR ? Z_BUF_ERROR : Z_OK;
+    gz_error(state, Z_OK, NULL);
+    free(state->path);
+    ret = close(state->fd);
+    free(state);
+    return ret ? Z_ERRNO : err;
+}
diff --git a/zlib-1.3.1/gzwrite.c b/zlib-1.3.1/gzwrite.c
new file mode 100644
index 00000000..435b4621
--- /dev/null
+++ b/zlib-1.3.1/gzwrite.c
@@ -0,0 +1,631 @@
+/* gzwrite.c -- zlib functions for writing gzip files
+ * Copyright (C) 2004-2019 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* Initialize state for writing a gzip file.  Mark initialization by setting
+   state->size to non-zero.  Return -1 on a memory allocation failure, or 0 on
+   success. */
+local int gz_init(gz_statep state) {
+    int ret;
+    z_streamp strm = &(state->strm);
+
+    /* allocate input buffer (double size for gzprintf) */
+    state->in = (unsigned char *)malloc(state->want << 1);
+    if (state->in == NULL) {
+        gz_error(state, Z_MEM_ERROR, "out of memory");
+        return -1;
+    }
+
+    /* only need output buffer and deflate state if compressing */
+    if (!state->direct) {
+        /* allocate output buffer */
+        state->out = (unsigned char *)malloc(state->want);
+        if (state->out == NULL) {
+            free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+
+        /* allocate deflate memory, set up for gzip compression */
+        strm->zalloc = Z_NULL;
+        strm->zfree = Z_NULL;
+        strm->opaque = Z_NULL;
+        ret = deflateInit2(strm, state->level, Z_DEFLATED,
+                           MAX_WBITS + 16, DEF_MEM_LEVEL, state->strategy);
+        if (ret != Z_OK) {
+            free(state->out);
+            free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        strm->next_in = NULL;
+    }
+
+    /* mark state as initialized */
+    state->size = state->want;
+
+    /* initialize write buffer if compressing */
+    if (!state->direct) {
+        strm->avail_out = state->size;
+        strm->next_out = state->out;
+        state->x.next = strm->next_out;
+    }
+    return 0;
+}
+
+/* Compress whatever is at avail_in and next_in and write to the output file.
+   Return -1 if there is an error writing to the output file or if gz_init()
+   fails to allocate memory, otherwise 0.  flush is assumed to be a valid
+   deflate() flush value.  If flush is Z_FINISH, then the deflate() state is
+   reset to start a new gzip stream.  If gz->direct is true, then simply write
+   to the output file without compressing, and ignore flush. */
+local int gz_comp(gz_statep state, int flush) {
+    int ret, writ;
+    unsigned have, put, max = ((unsigned)-1 >> 2) + 1;
+    z_streamp strm = &(state->strm);
+
+    /* allocate memory if this is the first time through */
+    if (state->size == 0 && gz_init(state) == -1)
+        return -1;
+
+    /* write directly if requested */
+    if (state->direct) {
+        while (strm->avail_in) {
+            put = strm->avail_in > max ? max : strm->avail_in;
+            writ = write(state->fd, strm->next_in, put);
+            if (writ < 0) {
+                gz_error(state, Z_ERRNO, zstrerror());
+                return -1;
+            }
+            strm->avail_in -= (unsigned)writ;
+            strm->next_in += writ;
+        }
+        return 0;
+    }
+
+    /* check for a pending reset */
+    if (state->reset) {
+        /* don't start a new gzip member unless there is data to write */
+        if (strm->avail_in == 0)
+            return 0;
+        deflateReset(strm);
+        state->reset = 0;
+    }
+
+    /* run deflate() on provided input until it produces no more output */
+    ret = Z_OK;
+    do {
+        /* write out current buffer contents if full, or if flushing, but if
+           doing Z_FINISH then don't write until we get to Z_STREAM_END */
+        if (strm->avail_out == 0 || (flush != Z_NO_FLUSH &&
+            (flush != Z_FINISH || ret == Z_STREAM_END))) {
+            while (strm->next_out > state->x.next) {
+                put = strm->next_out - state->x.next > (int)max ? max :
+                      (unsigned)(strm->next_out - state->x.next);
+                writ = write(state->fd, state->x.next, put);
+                if (writ < 0) {
+                    gz_error(state, Z_ERRNO, zstrerror());
+                    return -1;
+                }
+                state->x.next += writ;
+            }
+            if (strm->avail_out == 0) {
+                strm->avail_out = state->size;
+                strm->next_out = state->out;
+                state->x.next = state->out;
+            }
+        }
+
+        /* compress */
+        have = strm->avail_out;
+        ret = deflate(strm, flush);
+        if (ret == Z_STREAM_ERROR) {
+            gz_error(state, Z_STREAM_ERROR,
+                      "internal error: deflate stream corrupt");
+            return -1;
+        }
+        have -= strm->avail_out;
+    } while (have);
+
+    /* if that completed a deflate stream, allow another to start */
+    if (flush == Z_FINISH)
+        state->reset = 1;
+
+    /* all done, no errors */
+    return 0;
+}
+
+/* Compress len zeros to output.  Return -1 on a write error or memory
+   allocation failure by gz_comp(), or 0 on success. */
+local int gz_zero(gz_statep state, z_off64_t len) {
+    int first;
+    unsigned n;
+    z_streamp strm = &(state->strm);
+
+    /* consume whatever's left in the input buffer */
+    if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+        return -1;
+
+    /* compress len zeros (len guaranteed > 0) */
+    first = 1;
+    while (len) {
+        n = GT_OFF(state->size) || (z_off64_t)state->size > len ?
+            (unsigned)len : state->size;
+        if (first) {
+            memset(state->in, 0, n);
+            first = 0;
+        }
+        strm->avail_in = n;
+        strm->next_in = state->in;
+        state->x.pos += n;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return -1;
+        len -= n;
+    }
+    return 0;
+}
+
+/* Write len bytes from buf to file.  Return the number of bytes written.  If
+   the returned value is less than len, then there was an error. */
+local z_size_t gz_write(gz_statep state, voidpc buf, z_size_t len) {
+    z_size_t put = len;
+
+    /* if len is zero, avoid unnecessary operations */
+    if (len == 0)
+        return 0;
+
+    /* allocate memory if this is the first time through */
+    if (state->size == 0 && gz_init(state) == -1)
+        return 0;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* for small len, copy to input buffer, otherwise compress directly */
+    if (len < state->size) {
+        /* copy to input buffer, compress when full */
+        do {
+            unsigned have, copy;
+
+            if (state->strm.avail_in == 0)
+                state->strm.next_in = state->in;
+            have = (unsigned)((state->strm.next_in + state->strm.avail_in) -
+                              state->in);
+            copy = state->size - have;
+            if (copy > len)
+                copy = (unsigned)len;
+            memcpy(state->in + have, buf, copy);
+            state->strm.avail_in += copy;
+            state->x.pos += copy;
+            buf = (const char *)buf + copy;
+            len -= copy;
+            if (len && gz_comp(state, Z_NO_FLUSH) == -1)
+                return 0;
+        } while (len);
+    }
+    else {
+        /* consume whatever's left in the input buffer */
+        if (state->strm.avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+            return 0;
+
+        /* directly compress user buffer to file */
+        state->strm.next_in = (z_const Bytef *)buf;
+        do {
+            unsigned n = (unsigned)-1;
+            if (n > len)
+                n = (unsigned)len;
+            state->strm.avail_in = n;
+            state->x.pos += n;
+            if (gz_comp(state, Z_NO_FLUSH) == -1)
+                return 0;
+            len -= n;
+        } while (len);
+    }
+
+    /* input was all buffered or compressed */
+    return put;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzwrite(gzFile file, voidpc buf, unsigned len) {
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* since an int is returned, make sure len fits in one, otherwise return
+       with an error (this avoids a flaw in the interface) */
+    if ((int)len < 0) {
+        gz_error(state, Z_DATA_ERROR, "requested length does not fit in int");
+        return 0;
+    }
+
+    /* write len bytes from buf (the return value will fit in an int) */
+    return (int)gz_write(state, buf, len);
+}
+
+/* -- see zlib.h -- */
+z_size_t ZEXPORT gzfwrite(voidpc buf, z_size_t size, z_size_t nitems,
+                          gzFile file) {
+    z_size_t len;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* compute bytes to read -- error on overflow */
+    len = nitems * size;
+    if (size && len / size != nitems) {
+        gz_error(state, Z_STREAM_ERROR, "request does not fit in a size_t");
+        return 0;
+    }
+
+    /* write len bytes to buf, return the number of full items written */
+    return len ? gz_write(state, buf, len) / size : 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzputc(gzFile file, int c) {
+    unsigned have;
+    unsigned char buf[1];
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return -1;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* try writing to input buffer for speed (state->size == 0 if buffer not
+       initialized) */
+    if (state->size) {
+        if (strm->avail_in == 0)
+            strm->next_in = state->in;
+        have = (unsigned)((strm->next_in + strm->avail_in) - state->in);
+        if (have < state->size) {
+            state->in[have] = (unsigned char)c;
+            strm->avail_in++;
+            state->x.pos++;
+            return c & 0xff;
+        }
+    }
+
+    /* no room in buffer or not initialized, use gz_write() */
+    buf[0] = (unsigned char)c;
+    if (gz_write(state, buf, 1) != 1)
+        return -1;
+    return c & 0xff;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzputs(gzFile file, const char *s) {
+    z_size_t len, put;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return -1;
+
+    /* write string */
+    len = strlen(s);
+    if ((int)len < 0 || (unsigned)len != len) {
+        gz_error(state, Z_STREAM_ERROR, "string length does not fit in int");
+        return -1;
+    }
+    put = gz_write(state, s, len);
+    return put < len ? -1 : (int)len;
+}
+
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#include <stdarg.h>
+
+/* -- see zlib.h -- */
+int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) {
+    int len;
+    unsigned left;
+    char *next;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* make sure we have some buffer space */
+    if (state->size == 0 && gz_init(state) == -1)
+        return state->err;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->err;
+    }
+
+    /* do the printf() into the input buffer, put length in len -- the input
+       buffer is double-sized just for this function, so there is guaranteed to
+       be state->size bytes available after the current contents */
+    if (strm->avail_in == 0)
+        strm->next_in = state->in;
+    next = (char *)(state->in + (strm->next_in - state->in) + strm->avail_in);
+    next[state->size - 1] = 0;
+#ifdef NO_vsnprintf
+#  ifdef HAS_vsprintf_void
+    (void)vsprintf(next, format, va);
+    for (len = 0; len < state->size; len++)
+        if (next[len] == 0) break;
+#  else
+    len = vsprintf(next, format, va);
+#  endif
+#else
+#  ifdef HAS_vsnprintf_void
+    (void)vsnprintf(next, state->size, format, va);
+    len = strlen(next);
+#  else
+    len = vsnprintf(next, state->size, format, va);
+#  endif
+#endif
+
+    /* check that printf() results fit in buffer */
+    if (len == 0 || (unsigned)len >= state->size || next[state->size - 1] != 0)
+        return 0;
+
+    /* update buffer and position, compress first half if past that */
+    strm->avail_in += (unsigned)len;
+    state->x.pos += len;
+    if (strm->avail_in >= state->size) {
+        left = strm->avail_in - state->size;
+        strm->avail_in = state->size;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return state->err;
+        memmove(state->in, state->in + state->size, left);
+        strm->next_in = state->in;
+        strm->avail_in = left;
+    }
+    return len;
+}
+
+int ZEXPORTVA gzprintf(gzFile file, const char *format, ...) {
+    va_list va;
+    int ret;
+
+    va_start(va, format);
+    ret = gzvprintf(file, format, va);
+    va_end(va);
+    return ret;
+}
+
+#else /* !STDC && !Z_HAVE_STDARG_H */
+
+/* -- see zlib.h -- */
+int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3,
+                       int a4, int a5, int a6, int a7, int a8, int a9, int a10,
+                       int a11, int a12, int a13, int a14, int a15, int a16,
+                       int a17, int a18, int a19, int a20) {
+    unsigned len, left;
+    char *next;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that can really pass pointer in ints */
+    if (sizeof(int) != sizeof(void *))
+        return Z_STREAM_ERROR;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* make sure we have some buffer space */
+    if (state->size == 0 && gz_init(state) == -1)
+        return state->error;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->error;
+    }
+
+    /* do the printf() into the input buffer, put length in len -- the input
+       buffer is double-sized just for this function, so there is guaranteed to
+       be state->size bytes available after the current contents */
+    if (strm->avail_in == 0)
+        strm->next_in = state->in;
+    next = (char *)(strm->next_in + strm->avail_in);
+    next[state->size - 1] = 0;
+#ifdef NO_snprintf
+#  ifdef HAS_sprintf_void
+    sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12,
+            a13, a14, a15, a16, a17, a18, a19, a20);
+    for (len = 0; len < size; len++)
+        if (next[len] == 0)
+            break;
+#  else
+    len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11,
+                  a12, a13, a14, a15, a16, a17, a18, a19, a20);
+#  endif
+#else
+#  ifdef HAS_snprintf_void
+    snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9,
+             a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+    len = strlen(next);
+#  else
+    len = snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8,
+                   a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+#  endif
+#endif
+
+    /* check that printf() results fit in buffer */
+    if (len == 0 || len >= state->size || next[state->size - 1] != 0)
+        return 0;
+
+    /* update buffer and position, compress first half if past that */
+    strm->avail_in += len;
+    state->x.pos += len;
+    if (strm->avail_in >= state->size) {
+        left = strm->avail_in - state->size;
+        strm->avail_in = state->size;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return state->err;
+        memmove(state->in, state->in + state->size, left);
+        strm->next_in = state->in;
+        strm->avail_in = left;
+    }
+    return (int)len;
+}
+
+#endif
+
+/* -- see zlib.h -- */
+int ZEXPORT gzflush(gzFile file, int flush) {
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* check flush parameter */
+    if (flush < 0 || flush > Z_FINISH)
+        return Z_STREAM_ERROR;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->err;
+    }
+
+    /* compress remaining data with requested flush */
+    (void)gz_comp(state, flush);
+    return state->err;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzsetparams(gzFile file, int level, int strategy) {
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK || state->direct)
+        return Z_STREAM_ERROR;
+
+    /* if no change is requested, then do nothing */
+    if (level == state->level && strategy == state->strategy)
+        return Z_OK;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->err;
+    }
+
+    /* change compression parameters for subsequent input */
+    if (state->size) {
+        /* flush previous input with previous parameters before changing */
+        if (strm->avail_in && gz_comp(state, Z_BLOCK) == -1)
+            return state->err;
+        deflateParams(strm, level, strategy);
+    }
+    state->level = level;
+    state->strategy = strategy;
+    return Z_OK;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzclose_w(gzFile file) {
+    int ret = Z_OK;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're writing */
+    if (state->mode != GZ_WRITE)
+        return Z_STREAM_ERROR;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            ret = state->err;
+    }
+
+    /* flush, free memory, and close file */
+    if (gz_comp(state, Z_FINISH) == -1)
+        ret = state->err;
+    if (state->size) {
+        if (!state->direct) {
+            (void)deflateEnd(&(state->strm));
+            free(state->out);
+        }
+        free(state->in);
+    }
+    gz_error(state, Z_OK, NULL);
+    free(state->path);
+    if (close(state->fd) == -1)
+        ret = Z_ERRNO;
+    free(state);
+    return ret;
+}
diff --git a/zlib-1.3.1/infback.c b/zlib-1.3.1/infback.c
new file mode 100644
index 00000000..e7b25b30
--- /dev/null
+++ b/zlib-1.3.1/infback.c
@@ -0,0 +1,628 @@
+/* infback.c -- inflate using a call-back interface
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+   This code is largely copied from inflate.c.  Normally either infback.o or
+   inflate.o would be linked into an application--not both.  The interface
+   with inffast.c is retained so that optimized assembler-coded versions of
+   inflate_fast() can be used with either inflate.c or infback.c.
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+/*
+   strm provides memory allocation functions in zalloc and zfree, or
+   Z_NULL to use the library memory allocation functions.
+
+   windowBits is in the range 8..15, and window is a user-supplied
+   window and output buffer that is 2**windowBits bytes.
+ */
+int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
+                             unsigned char FAR *window, const char *version,
+                             int stream_size) {
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL || window == Z_NULL ||
+        windowBits < 8 || windowBits > 15)
+        return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+#endif
+    }
+    if (strm->zfree == (free_func)0)
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+    strm->zfree = zcfree;
+#endif
+    state = (struct inflate_state FAR *)ZALLOC(strm, 1,
+                                               sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (struct internal_state FAR *)state;
+    state->dmax = 32768U;
+    state->wbits = (uInt)windowBits;
+    state->wsize = 1U << windowBits;
+    state->window = window;
+    state->wnext = 0;
+    state->whave = 0;
+    state->sane = 1;
+    return Z_OK;
+}
+
+/*
+   Return state with length and distance decoding tables and index sizes set to
+   fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+   If BUILDFIXED is defined, then instead this routine builds the tables the
+   first time it's called, and returns those tables the first time and
+   thereafter.  This reduces the size of the code by about 2K bytes, in
+   exchange for a little execution time.  However, BUILDFIXED should not be
+   used for threaded applications, since the rewriting of the tables and virgin
+   may not be thread-safe.
+ */
+local void fixedtables(struct inflate_state FAR *state) {
+#ifdef BUILDFIXED
+    static int virgin = 1;
+    static code *lenfix, *distfix;
+    static code fixed[544];
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        unsigned sym, bits;
+        static code *next;
+
+        /* literal/length table */
+        sym = 0;
+        while (sym < 144) state->lens[sym++] = 8;
+        while (sym < 256) state->lens[sym++] = 9;
+        while (sym < 280) state->lens[sym++] = 7;
+        while (sym < 288) state->lens[sym++] = 8;
+        next = fixed;
+        lenfix = next;
+        bits = 9;
+        inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work);
+
+        /* distance table */
+        sym = 0;
+        while (sym < 32) state->lens[sym++] = 5;
+        distfix = next;
+        bits = 5;
+        inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work);
+
+        /* do this just once */
+        virgin = 0;
+    }
+#else /* !BUILDFIXED */
+#   include "inffixed.h"
+#endif /* BUILDFIXED */
+    state->lencode = lenfix;
+    state->lenbits = 9;
+    state->distcode = distfix;
+    state->distbits = 5;
+}
+
+/* Macros for inflateBack(): */
+
+/* Load returned state from inflate_fast() */
+#define LOAD() \
+    do { \
+        put = strm->next_out; \
+        left = strm->avail_out; \
+        next = strm->next_in; \
+        have = strm->avail_in; \
+        hold = state->hold; \
+        bits = state->bits; \
+    } while (0)
+
+/* Set state from registers for inflate_fast() */
+#define RESTORE() \
+    do { \
+        strm->next_out = put; \
+        strm->avail_out = left; \
+        strm->next_in = next; \
+        strm->avail_in = have; \
+        state->hold = hold; \
+        state->bits = bits; \
+    } while (0)
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Assure that some input is available.  If input is requested, but denied,
+   then return a Z_BUF_ERROR from inflateBack(). */
+#define PULL() \
+    do { \
+        if (have == 0) { \
+            have = in(in_desc, &next); \
+            if (have == 0) { \
+                next = Z_NULL; \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflateBack()
+   with an error if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        PULL(); \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflateBack() with
+   an error. */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n < 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/* Assure that some output space is available, by writing out the window
+   if it's full.  If the write fails, return from inflateBack() with a
+   Z_BUF_ERROR. */
+#define ROOM() \
+    do { \
+        if (left == 0) { \
+            put = state->window; \
+            left = state->wsize; \
+            state->whave = left; \
+            if (out(out_desc, put, left)) { \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/*
+   strm provides the memory allocation functions and window buffer on input,
+   and provides information on the unused input on return.  For Z_DATA_ERROR
+   returns, strm will also provide an error message.
+
+   in() and out() are the call-back input and output functions.  When
+   inflateBack() needs more input, it calls in().  When inflateBack() has
+   filled the window with output, or when it completes with data in the
+   window, it calls out() to write out the data.  The application must not
+   change the provided input until in() is called again or inflateBack()
+   returns.  The application must not change the window/output buffer until
+   inflateBack() returns.
+
+   in() and out() are called with a descriptor parameter provided in the
+   inflateBack() call.  This parameter can be a structure that provides the
+   information required to do the read or write, as well as accumulated
+   information on the input and output such as totals and check values.
+
+   in() should return zero on failure.  out() should return non-zero on
+   failure.  If either in() or out() fails, than inflateBack() returns a
+   Z_BUF_ERROR.  strm->next_in can be checked for Z_NULL to see whether it
+   was in() or out() that caused in the error.  Otherwise,  inflateBack()
+   returns Z_STREAM_END on success, Z_DATA_ERROR for an deflate format
+   error, or Z_MEM_ERROR if it could not allocate memory for the state.
+   inflateBack() can also return Z_STREAM_ERROR if the input parameters
+   are not correct, i.e. strm is Z_NULL or the state was not initialized.
+ */
+int ZEXPORT inflateBack(z_streamp strm, in_func in, void FAR *in_desc,
+                        out_func out, void FAR *out_desc) {
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have, left;        /* available input and output */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned copy;              /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    /* Check that the strm exists and that the state was initialized */
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* Reset the state */
+    strm->msg = Z_NULL;
+    state->mode = TYPE;
+    state->last = 0;
+    state->whave = 0;
+    next = strm->next_in;
+    have = next != Z_NULL ? strm->avail_in : 0;
+    hold = 0;
+    bits = 0;
+    put = state->window;
+    left = state->wsize;
+
+    /* Inflate until end of block marked as last */
+    for (;;)
+        switch (state->mode) {
+        case TYPE:
+            /* determine and dispatch block type */
+            if (state->last) {
+                BYTEBITS();
+                state->mode = DONE;
+                break;
+            }
+            NEEDBITS(3);
+            state->last = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                fixedtables(state);
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = LEN;              /* decode codes */
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                state->mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+
+        case STORED:
+            /* get and verify stored block length */
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                state->mode = BAD;
+                break;
+            }
+            state->length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %u\n",
+                    state->length));
+            INITBITS();
+
+            /* copy stored block from input to output */
+            while (state->length != 0) {
+                copy = state->length;
+                PULL();
+                ROOM();
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                state->length -= copy;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            state->mode = TYPE;
+            break;
+
+        case TABLE:
+            /* get dynamic table entries descriptor */
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+#ifndef PKZIP_BUG_WORKAROUND
+            if (state->nlen > 286 || state->ndist > 30) {
+                strm->msg = (char *)"too many length or distance symbols";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+
+            /* get code length code lengths (not a typo) */
+            state->have = 0;
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 7;
+            ret = inflate_table(CODES, state->lens, 19, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+
+            /* get length and distance code code lengths */
+            state->have = 0;
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = state->lencode[BITS(state->lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            state->mode = BAD;
+                            break;
+                        }
+                        len = (unsigned)(state->lens[state->have - 1]);
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        state->mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                state->mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftrees.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 9;
+            ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                state->mode = BAD;
+                break;
+            }
+            state->distcode = (code const FAR *)(state->next);
+            state->distbits = 6;
+            ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
+                            &(state->next), &(state->distbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            state->mode = LEN;
+                /* fallthrough */
+
+        case LEN:
+            /* use inflate_fast() if we have enough input and output */
+            if (have >= 6 && left >= 258) {
+                RESTORE();
+                if (state->whave < state->wsize)
+                    state->whave = state->wsize - left;
+                inflate_fast(strm, state->wsize);
+                LOAD();
+                break;
+            }
+
+            /* get a literal, length, or end-of-block code */
+            for (;;) {
+                here = state->lencode[BITS(state->lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            state->length = (unsigned)here.val;
+
+            /* process literal */
+            if (here.op == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                ROOM();
+                *put++ = (unsigned char)(state->length);
+                left--;
+                state->mode = LEN;
+                break;
+            }
+
+            /* process end of block */
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                state->mode = TYPE;
+                break;
+            }
+
+            /* invalid code */
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                state->mode = BAD;
+                break;
+            }
+
+            /* length code -- get extra bits, if any */
+            state->extra = (unsigned)(here.op) & 15;
+            if (state->extra != 0) {
+                NEEDBITS(state->extra);
+                state->length += BITS(state->extra);
+                DROPBITS(state->extra);
+            }
+            Tracevv((stderr, "inflate:         length %u\n", state->length));
+
+            /* get distance code */
+            for (;;) {
+                here = state->distcode[BITS(state->distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+            state->offset = (unsigned)here.val;
+
+            /* get distance extra bits, if any */
+            state->extra = (unsigned)(here.op) & 15;
+            if (state->extra != 0) {
+                NEEDBITS(state->extra);
+                state->offset += BITS(state->extra);
+                DROPBITS(state->extra);
+            }
+            if (state->offset > state->wsize - (state->whave < state->wsize ?
+                                                left : 0)) {
+                strm->msg = (char *)"invalid distance too far back";
+                state->mode = BAD;
+                break;
+            }
+            Tracevv((stderr, "inflate:         distance %u\n", state->offset));
+
+            /* copy match from window to output */
+            do {
+                ROOM();
+                copy = state->wsize - state->offset;
+                if (copy < left) {
+                    from = put + copy;
+                    copy = left - copy;
+                }
+                else {
+                    from = put - state->offset;
+                    copy = left;
+                }
+                if (copy > state->length) copy = state->length;
+                state->length -= copy;
+                left -= copy;
+                do {
+                    *put++ = *from++;
+                } while (--copy);
+            } while (state->length != 0);
+            break;
+
+        case DONE:
+            /* inflate stream terminated properly */
+            ret = Z_STREAM_END;
+            goto inf_leave;
+
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+
+        default:
+            /* can't happen, but makes compilers happy */
+            ret = Z_STREAM_ERROR;
+            goto inf_leave;
+        }
+
+    /* Write leftover output and return unused input */
+  inf_leave:
+    if (left < state->wsize) {
+        if (out(out_desc, state->window, state->wsize - left) &&
+            ret == Z_STREAM_END)
+            ret = Z_BUF_ERROR;
+    }
+    strm->next_in = next;
+    strm->avail_in = have;
+    return ret;
+}
+
+int ZEXPORT inflateBackEnd(z_streamp strm) {
+    if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0)
+        return Z_STREAM_ERROR;
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
diff --git a/zlib-1.3.1/inffast.c b/zlib-1.3.1/inffast.c
new file mode 100644
index 00000000..9354676e
--- /dev/null
+++ b/zlib-1.3.1/inffast.c
@@ -0,0 +1,320 @@
+/* inffast.c -- fast decoding
+ * Copyright (C) 1995-2017 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+#ifdef ASMINF
+#  pragma message("Assembler code may have bugs -- use at your own risk")
+#else
+
+/*
+   Decode literal, length, and distance codes and write out the resulting
+   literal and match bytes until either not enough input or output is
+   available, an end-of-block is encountered, or a data error is encountered.
+   When large enough input and output buffers are supplied to inflate(), for
+   example, a 16K input buffer and a 64K output buffer, more than 95% of the
+   inflate execution time is spent in this routine.
+
+   Entry assumptions:
+
+        state->mode == LEN
+        strm->avail_in >= 6
+        strm->avail_out >= 258
+        start >= strm->avail_out
+        state->bits < 8
+
+   On return, state->mode is one of:
+
+        LEN -- ran out of enough output space or enough available input
+        TYPE -- reached end of block code, inflate() to interpret next block
+        BAD -- error in block data
+
+   Notes:
+
+    - The maximum input bits used by a length/distance pair is 15 bits for the
+      length code, 5 bits for the length extra, 15 bits for the distance code,
+      and 13 bits for the distance extra.  This totals 48 bits, or six bytes.
+      Therefore if strm->avail_in >= 6, then there is enough input to avoid
+      checking for available input while decoding.
+
+    - The maximum bytes that a single length/distance pair can output is 258
+      bytes, which is the maximum length that can be coded.  inflate_fast()
+      requires strm->avail_out >= 258 for each loop to avoid checking for
+      output space.
+ */
+void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start) {
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *in;      /* local strm->next_in */
+    z_const unsigned char FAR *last;    /* have enough input while in < last */
+    unsigned char FAR *out;     /* local strm->next_out */
+    unsigned char FAR *beg;     /* inflate()'s initial strm->next_out */
+    unsigned char FAR *end;     /* while out < end, enough space available */
+#ifdef INFLATE_STRICT
+    unsigned dmax;              /* maximum distance from zlib header */
+#endif
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if wsize != 0 */
+    unsigned long hold;         /* local strm->hold */
+    unsigned bits;              /* local strm->bits */
+    code const FAR *lcode;      /* local strm->lencode */
+    code const FAR *dcode;      /* local strm->distcode */
+    unsigned lmask;             /* mask for first level of length codes */
+    unsigned dmask;             /* mask for first level of distance codes */
+    code const *here;           /* retrieved table entry */
+    unsigned op;                /* code bits, operation, extra bits, or */
+                                /*  window position, window bytes to copy */
+    unsigned len;               /* match length, unused bytes */
+    unsigned dist;              /* match distance */
+    unsigned char FAR *from;    /* where to copy match from */
+
+    /* copy state to local variables */
+    state = (struct inflate_state FAR *)strm->state;
+    in = strm->next_in;
+    last = in + (strm->avail_in - 5);
+    out = strm->next_out;
+    beg = out - (start - strm->avail_out);
+    end = out + (strm->avail_out - 257);
+#ifdef INFLATE_STRICT
+    dmax = state->dmax;
+#endif
+    wsize = state->wsize;
+    whave = state->whave;
+    wnext = state->wnext;
+    window = state->window;
+    hold = state->hold;
+    bits = state->bits;
+    lcode = state->lencode;
+    dcode = state->distcode;
+    lmask = (1U << state->lenbits) - 1;
+    dmask = (1U << state->distbits) - 1;
+
+    /* decode literals and length/distances until end-of-block or not enough
+       input data or output space */
+    do {
+        if (bits < 15) {
+            hold += (unsigned long)(*in++) << bits;
+            bits += 8;
+            hold += (unsigned long)(*in++) << bits;
+            bits += 8;
+        }
+        here = lcode + (hold & lmask);
+      dolen:
+        op = (unsigned)(here->bits);
+        hold >>= op;
+        bits -= op;
+        op = (unsigned)(here->op);
+        if (op == 0) {                          /* literal */
+            Tracevv((stderr, here->val >= 0x20 && here->val < 0x7f ?
+                    "inflate:         literal '%c'\n" :
+                    "inflate:         literal 0x%02x\n", here->val));
+            *out++ = (unsigned char)(here->val);
+        }
+        else if (op & 16) {                     /* length base */
+            len = (unsigned)(here->val);
+            op &= 15;                           /* number of extra bits */
+            if (op) {
+                if (bits < op) {
+                    hold += (unsigned long)(*in++) << bits;
+                    bits += 8;
+                }
+                len += (unsigned)hold & ((1U << op) - 1);
+                hold >>= op;
+                bits -= op;
+            }
+            Tracevv((stderr, "inflate:         length %u\n", len));
+            if (bits < 15) {
+                hold += (unsigned long)(*in++) << bits;
+                bits += 8;
+                hold += (unsigned long)(*in++) << bits;
+                bits += 8;
+            }
+            here = dcode + (hold & dmask);
+          dodist:
+            op = (unsigned)(here->bits);
+            hold >>= op;
+            bits -= op;
+            op = (unsigned)(here->op);
+            if (op & 16) {                      /* distance base */
+                dist = (unsigned)(here->val);
+                op &= 15;                       /* number of extra bits */
+                if (bits < op) {
+                    hold += (unsigned long)(*in++) << bits;
+                    bits += 8;
+                    if (bits < op) {
+                        hold += (unsigned long)(*in++) << bits;
+                        bits += 8;
+                    }
+                }
+                dist += (unsigned)hold & ((1U << op) - 1);
+#ifdef INFLATE_STRICT
+                if (dist > dmax) {
+                    strm->msg = (char *)"invalid distance too far back";
+                    state->mode = BAD;
+                    break;
+                }
+#endif
+                hold >>= op;
+                bits -= op;
+                Tracevv((stderr, "inflate:         distance %u\n", dist));
+                op = (unsigned)(out - beg);     /* max distance in output */
+                if (dist > op) {                /* see if copy from window */
+                    op = dist - op;             /* distance back in window */
+                    if (op > whave) {
+                        if (state->sane) {
+                            strm->msg =
+                                (char *)"invalid distance too far back";
+                            state->mode = BAD;
+                            break;
+                        }
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                        if (len <= op - whave) {
+                            do {
+                                *out++ = 0;
+                            } while (--len);
+                            continue;
+                        }
+                        len -= op - whave;
+                        do {
+                            *out++ = 0;
+                        } while (--op > whave);
+                        if (op == 0) {
+                            from = out - dist;
+                            do {
+                                *out++ = *from++;
+                            } while (--len);
+                            continue;
+                        }
+#endif
+                    }
+                    from = window;
+                    if (wnext == 0) {           /* very common case */
+                        from += wsize - op;
+                        if (op < len) {         /* some from window */
+                            len -= op;
+                            do {
+                                *out++ = *from++;
+                            } while (--op);
+                            from = out - dist;  /* rest from output */
+                        }
+                    }
+                    else if (wnext < op) {      /* wrap around window */
+                        from += wsize + wnext - op;
+                        op -= wnext;
+                        if (op < len) {         /* some from end of window */
+                            len -= op;
+                            do {
+                                *out++ = *from++;
+                            } while (--op);
+                            from = window;
+                            if (wnext < len) {  /* some from start of window */
+                                op = wnext;
+                                len -= op;
+                                do {
+                                    *out++ = *from++;
+                                } while (--op);
+                                from = out - dist;      /* rest from output */
+                            }
+                        }
+                    }
+                    else {                      /* contiguous in window */
+                        from += wnext - op;
+                        if (op < len) {         /* some from window */
+                            len -= op;
+                            do {
+                                *out++ = *from++;
+                            } while (--op);
+                            from = out - dist;  /* rest from output */
+                        }
+                    }
+                    while (len > 2) {
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        len -= 3;
+                    }
+                    if (len) {
+                        *out++ = *from++;
+                        if (len > 1)
+                            *out++ = *from++;
+                    }
+                }
+                else {
+                    from = out - dist;          /* copy direct from output */
+                    do {                        /* minimum length is three */
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        len -= 3;
+                    } while (len > 2);
+                    if (len) {
+                        *out++ = *from++;
+                        if (len > 1)
+                            *out++ = *from++;
+                    }
+                }
+            }
+            else if ((op & 64) == 0) {          /* 2nd level distance code */
+                here = dcode + here->val + (hold & ((1U << op) - 1));
+                goto dodist;
+            }
+            else {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+        }
+        else if ((op & 64) == 0) {              /* 2nd level length code */
+            here = lcode + here->val + (hold & ((1U << op) - 1));
+            goto dolen;
+        }
+        else if (op & 32) {                     /* end-of-block */
+            Tracevv((stderr, "inflate:         end of block\n"));
+            state->mode = TYPE;
+            break;
+        }
+        else {
+            strm->msg = (char *)"invalid literal/length code";
+            state->mode = BAD;
+            break;
+        }
+    } while (in < last && out < end);
+
+    /* return unused bytes (on entry, bits < 8, so in won't go too far back) */
+    len = bits >> 3;
+    in -= len;
+    bits -= len << 3;
+    hold &= (1U << bits) - 1;
+
+    /* update state and return */
+    strm->next_in = in;
+    strm->next_out = out;
+    strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last));
+    strm->avail_out = (unsigned)(out < end ?
+                                 257 + (end - out) : 257 - (out - end));
+    state->hold = hold;
+    state->bits = bits;
+    return;
+}
+
+/*
+   inflate_fast() speedups that turned out slower (on a PowerPC G3 750CXe):
+   - Using bit fields for code structure
+   - Different op definition to avoid & for extra bits (do & for table bits)
+   - Three separate decoding do-loops for direct, window, and wnext == 0
+   - Special case for distance > 1 copies to do overlapped load and store copy
+   - Explicit branch predictions (based on measured branch probabilities)
+   - Deferring match copy and interspersed it with decoding subsequent codes
+   - Swapping literal/length else
+   - Swapping window/direct else
+   - Larger unrolled copy loops (three is about right)
+   - Moving len -= 3 statement into middle of loop
+ */
+
+#endif /* !ASMINF */
diff --git a/zlib-1.3.1/inffast.h b/zlib-1.3.1/inffast.h
new file mode 100644
index 00000000..49c6d156
--- /dev/null
+++ b/zlib-1.3.1/inffast.h
@@ -0,0 +1,11 @@
+/* inffast.h -- header to use inffast.c
+ * Copyright (C) 1995-2003, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start);
diff --git a/zlib-1.3.1/inffixed.h b/zlib-1.3.1/inffixed.h
new file mode 100644
index 00000000..d6283277
--- /dev/null
+++ b/zlib-1.3.1/inffixed.h
@@ -0,0 +1,94 @@
+    /* inffixed.h -- table for decoding fixed codes
+     * Generated automatically by makefixed().
+     */
+
+    /* WARNING: this file should *not* be used by applications.
+       It is part of the implementation of this library and is
+       subject to change. Applications should only use zlib.h.
+     */
+
+    static const code lenfix[512] = {
+        {96,7,0},{0,8,80},{0,8,16},{20,8,115},{18,7,31},{0,8,112},{0,8,48},
+        {0,9,192},{16,7,10},{0,8,96},{0,8,32},{0,9,160},{0,8,0},{0,8,128},
+        {0,8,64},{0,9,224},{16,7,6},{0,8,88},{0,8,24},{0,9,144},{19,7,59},
+        {0,8,120},{0,8,56},{0,9,208},{17,7,17},{0,8,104},{0,8,40},{0,9,176},
+        {0,8,8},{0,8,136},{0,8,72},{0,9,240},{16,7,4},{0,8,84},{0,8,20},
+        {21,8,227},{19,7,43},{0,8,116},{0,8,52},{0,9,200},{17,7,13},{0,8,100},
+        {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},{16,7,8},
+        {0,8,92},{0,8,28},{0,9,152},{20,7,83},{0,8,124},{0,8,60},{0,9,216},
+        {18,7,23},{0,8,108},{0,8,44},{0,9,184},{0,8,12},{0,8,140},{0,8,76},
+        {0,9,248},{16,7,3},{0,8,82},{0,8,18},{21,8,163},{19,7,35},{0,8,114},
+        {0,8,50},{0,9,196},{17,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2},
+        {0,8,130},{0,8,66},{0,9,228},{16,7,7},{0,8,90},{0,8,26},{0,9,148},
+        {20,7,67},{0,8,122},{0,8,58},{0,9,212},{18,7,19},{0,8,106},{0,8,42},
+        {0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},{16,7,5},{0,8,86},
+        {0,8,22},{64,8,0},{19,7,51},{0,8,118},{0,8,54},{0,9,204},{17,7,15},
+        {0,8,102},{0,8,38},{0,9,172},{0,8,6},{0,8,134},{0,8,70},{0,9,236},
+        {16,7,9},{0,8,94},{0,8,30},{0,9,156},{20,7,99},{0,8,126},{0,8,62},
+        {0,9,220},{18,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142},
+        {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{21,8,131},{18,7,31},
+        {0,8,113},{0,8,49},{0,9,194},{16,7,10},{0,8,97},{0,8,33},{0,9,162},
+        {0,8,1},{0,8,129},{0,8,65},{0,9,226},{16,7,6},{0,8,89},{0,8,25},
+        {0,9,146},{19,7,59},{0,8,121},{0,8,57},{0,9,210},{17,7,17},{0,8,105},
+        {0,8,41},{0,9,178},{0,8,9},{0,8,137},{0,8,73},{0,9,242},{16,7,4},
+        {0,8,85},{0,8,21},{16,8,258},{19,7,43},{0,8,117},{0,8,53},{0,9,202},
+        {17,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},{0,8,69},
+        {0,9,234},{16,7,8},{0,8,93},{0,8,29},{0,9,154},{20,7,83},{0,8,125},
+        {0,8,61},{0,9,218},{18,7,23},{0,8,109},{0,8,45},{0,9,186},{0,8,13},
+        {0,8,141},{0,8,77},{0,9,250},{16,7,3},{0,8,83},{0,8,19},{21,8,195},
+        {19,7,35},{0,8,115},{0,8,51},{0,9,198},{17,7,11},{0,8,99},{0,8,35},
+        {0,9,166},{0,8,3},{0,8,131},{0,8,67},{0,9,230},{16,7,7},{0,8,91},
+        {0,8,27},{0,9,150},{20,7,67},{0,8,123},{0,8,59},{0,9,214},{18,7,19},
+        {0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},{0,8,75},{0,9,246},
+        {16,7,5},{0,8,87},{0,8,23},{64,8,0},{19,7,51},{0,8,119},{0,8,55},
+        {0,9,206},{17,7,15},{0,8,103},{0,8,39},{0,9,174},{0,8,7},{0,8,135},
+        {0,8,71},{0,9,238},{16,7,9},{0,8,95},{0,8,31},{0,9,158},{20,7,99},
+        {0,8,127},{0,8,63},{0,9,222},{18,7,27},{0,8,111},{0,8,47},{0,9,190},
+        {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},{0,8,16},
+        {20,8,115},{18,7,31},{0,8,112},{0,8,48},{0,9,193},{16,7,10},{0,8,96},
+        {0,8,32},{0,9,161},{0,8,0},{0,8,128},{0,8,64},{0,9,225},{16,7,6},
+        {0,8,88},{0,8,24},{0,9,145},{19,7,59},{0,8,120},{0,8,56},{0,9,209},
+        {17,7,17},{0,8,104},{0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72},
+        {0,9,241},{16,7,4},{0,8,84},{0,8,20},{21,8,227},{19,7,43},{0,8,116},
+        {0,8,52},{0,9,201},{17,7,13},{0,8,100},{0,8,36},{0,9,169},{0,8,4},
+        {0,8,132},{0,8,68},{0,9,233},{16,7,8},{0,8,92},{0,8,28},{0,9,153},
+        {20,7,83},{0,8,124},{0,8,60},{0,9,217},{18,7,23},{0,8,108},{0,8,44},
+        {0,9,185},{0,8,12},{0,8,140},{0,8,76},{0,9,249},{16,7,3},{0,8,82},
+        {0,8,18},{21,8,163},{19,7,35},{0,8,114},{0,8,50},{0,9,197},{17,7,11},
+        {0,8,98},{0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229},
+        {16,7,7},{0,8,90},{0,8,26},{0,9,149},{20,7,67},{0,8,122},{0,8,58},
+        {0,9,213},{18,7,19},{0,8,106},{0,8,42},{0,9,181},{0,8,10},{0,8,138},
+        {0,8,74},{0,9,245},{16,7,5},{0,8,86},{0,8,22},{64,8,0},{19,7,51},
+        {0,8,118},{0,8,54},{0,9,205},{17,7,15},{0,8,102},{0,8,38},{0,9,173},
+        {0,8,6},{0,8,134},{0,8,70},{0,9,237},{16,7,9},{0,8,94},{0,8,30},
+        {0,9,157},{20,7,99},{0,8,126},{0,8,62},{0,9,221},{18,7,27},{0,8,110},
+        {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},{96,7,0},
+        {0,8,81},{0,8,17},{21,8,131},{18,7,31},{0,8,113},{0,8,49},{0,9,195},
+        {16,7,10},{0,8,97},{0,8,33},{0,9,163},{0,8,1},{0,8,129},{0,8,65},
+        {0,9,227},{16,7,6},{0,8,89},{0,8,25},{0,9,147},{19,7,59},{0,8,121},
+        {0,8,57},{0,9,211},{17,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9},
+        {0,8,137},{0,8,73},{0,9,243},{16,7,4},{0,8,85},{0,8,21},{16,8,258},
+        {19,7,43},{0,8,117},{0,8,53},{0,9,203},{17,7,13},{0,8,101},{0,8,37},
+        {0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},{16,7,8},{0,8,93},
+        {0,8,29},{0,9,155},{20,7,83},{0,8,125},{0,8,61},{0,9,219},{18,7,23},
+        {0,8,109},{0,8,45},{0,9,187},{0,8,13},{0,8,141},{0,8,77},{0,9,251},
+        {16,7,3},{0,8,83},{0,8,19},{21,8,195},{19,7,35},{0,8,115},{0,8,51},
+        {0,9,199},{17,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131},
+        {0,8,67},{0,9,231},{16,7,7},{0,8,91},{0,8,27},{0,9,151},{20,7,67},
+        {0,8,123},{0,8,59},{0,9,215},{18,7,19},{0,8,107},{0,8,43},{0,9,183},
+        {0,8,11},{0,8,139},{0,8,75},{0,9,247},{16,7,5},{0,8,87},{0,8,23},
+        {64,8,0},{19,7,51},{0,8,119},{0,8,55},{0,9,207},{17,7,15},{0,8,103},
+        {0,8,39},{0,9,175},{0,8,7},{0,8,135},{0,8,71},{0,9,239},{16,7,9},
+        {0,8,95},{0,8,31},{0,9,159},{20,7,99},{0,8,127},{0,8,63},{0,9,223},
+        {18,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},{0,8,79},
+        {0,9,255}
+    };
+
+    static const code distfix[32] = {
+        {16,5,1},{23,5,257},{19,5,17},{27,5,4097},{17,5,5},{25,5,1025},
+        {21,5,65},{29,5,16385},{16,5,3},{24,5,513},{20,5,33},{28,5,8193},
+        {18,5,9},{26,5,2049},{22,5,129},{64,5,0},{16,5,2},{23,5,385},
+        {19,5,25},{27,5,6145},{17,5,7},{25,5,1537},{21,5,97},{29,5,24577},
+        {16,5,4},{24,5,769},{20,5,49},{28,5,12289},{18,5,13},{26,5,3073},
+        {22,5,193},{64,5,0}
+    };
diff --git a/zlib-1.3.1/inflate.c b/zlib-1.3.1/inflate.c
new file mode 100644
index 00000000..94ecff01
--- /dev/null
+++ b/zlib-1.3.1/inflate.c
@@ -0,0 +1,1526 @@
+/* inflate.c -- zlib decompression
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * Change history:
+ *
+ * 1.2.beta0    24 Nov 2002
+ * - First version -- complete rewrite of inflate to simplify code, avoid
+ *   creation of window when not needed, minimize use of window when it is
+ *   needed, make inffast.c even faster, implement gzip decoding, and to
+ *   improve code readability and style over the previous zlib inflate code
+ *
+ * 1.2.beta1    25 Nov 2002
+ * - Use pointers for available input and output checking in inffast.c
+ * - Remove input and output counters in inffast.c
+ * - Change inffast.c entry and loop from avail_in >= 7 to >= 6
+ * - Remove unnecessary second byte pull from length extra in inffast.c
+ * - Unroll direct copy to three copies per loop in inffast.c
+ *
+ * 1.2.beta2    4 Dec 2002
+ * - Change external routine names to reduce potential conflicts
+ * - Correct filename to inffixed.h for fixed tables in inflate.c
+ * - Make hbuf[] unsigned char to match parameter type in inflate.c
+ * - Change strm->next_out[-state->offset] to *(strm->next_out - state->offset)
+ *   to avoid negation problem on Alphas (64 bit) in inflate.c
+ *
+ * 1.2.beta3    22 Dec 2002
+ * - Add comments on state->bits assertion in inffast.c
+ * - Add comments on op field in inftrees.h
+ * - Fix bug in reuse of allocated window after inflateReset()
+ * - Remove bit fields--back to byte structure for speed
+ * - Remove distance extra == 0 check in inflate_fast()--only helps for lengths
+ * - Change post-increments to pre-increments in inflate_fast(), PPC biased?
+ * - Add compile time option, POSTINC, to use post-increments instead (Intel?)
+ * - Make MATCH copy in inflate() much faster for when inflate_fast() not used
+ * - Use local copies of stream next and avail values, as well as local bit
+ *   buffer and bit count in inflate()--for speed when inflate_fast() not used
+ *
+ * 1.2.beta4    1 Jan 2003
+ * - Split ptr - 257 statements in inflate_table() to avoid compiler warnings
+ * - Move a comment on output buffer sizes from inffast.c to inflate.c
+ * - Add comments in inffast.c to introduce the inflate_fast() routine
+ * - Rearrange window copies in inflate_fast() for speed and simplification
+ * - Unroll last copy for window match in inflate_fast()
+ * - Use local copies of window variables in inflate_fast() for speed
+ * - Pull out common wnext == 0 case for speed in inflate_fast()
+ * - Make op and len in inflate_fast() unsigned for consistency
+ * - Add FAR to lcode and dcode declarations in inflate_fast()
+ * - Simplified bad distance check in inflate_fast()
+ * - Added inflateBackInit(), inflateBack(), and inflateBackEnd() in new
+ *   source file infback.c to provide a call-back interface to inflate for
+ *   programs like gzip and unzip -- uses window as output buffer to avoid
+ *   window copying
+ *
+ * 1.2.beta5    1 Jan 2003
+ * - Improved inflateBack() interface to allow the caller to provide initial
+ *   input in strm.
+ * - Fixed stored blocks bug in inflateBack()
+ *
+ * 1.2.beta6    4 Jan 2003
+ * - Added comments in inffast.c on effectiveness of POSTINC
+ * - Typecasting all around to reduce compiler warnings
+ * - Changed loops from while (1) or do {} while (1) to for (;;), again to
+ *   make compilers happy
+ * - Changed type of window in inflateBackInit() to unsigned char *
+ *
+ * 1.2.beta7    27 Jan 2003
+ * - Changed many types to unsigned or unsigned short to avoid warnings
+ * - Added inflateCopy() function
+ *
+ * 1.2.0        9 Mar 2003
+ * - Changed inflateBack() interface to provide separate opaque descriptors
+ *   for the in() and out() functions
+ * - Changed inflateBack() argument and in_func typedef to swap the length
+ *   and buffer address return values for the input function
+ * - Check next_in and next_out for Z_NULL on entry to inflate()
+ *
+ * The history for versions after 1.2.0 are in ChangeLog in zlib distribution.
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+#ifdef MAKEFIXED
+#  ifndef BUILDFIXED
+#    define BUILDFIXED
+#  endif
+#endif
+
+local int inflateStateCheck(z_streamp strm) {
+    struct inflate_state FAR *state;
+    if (strm == Z_NULL ||
+        strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0)
+        return 1;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state == Z_NULL || state->strm != strm ||
+        state->mode < HEAD || state->mode > SYNC)
+        return 1;
+    return 0;
+}
+
+int ZEXPORT inflateResetKeep(z_streamp strm) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    strm->total_in = strm->total_out = state->total = 0;
+    strm->msg = Z_NULL;
+    if (state->wrap)        /* to support ill-conceived Java test suite */
+        strm->adler = state->wrap & 1;
+    state->mode = HEAD;
+    state->last = 0;
+    state->havedict = 0;
+    state->flags = -1;
+    state->dmax = 32768U;
+    state->head = Z_NULL;
+    state->hold = 0;
+    state->bits = 0;
+    state->lencode = state->distcode = state->next = state->codes;
+    state->sane = 1;
+    state->back = -1;
+    Tracev((stderr, "inflate: reset\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateReset(z_streamp strm) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    state->wsize = 0;
+    state->whave = 0;
+    state->wnext = 0;
+    return inflateResetKeep(strm);
+}
+
+int ZEXPORT inflateReset2(z_streamp strm, int windowBits) {
+    int wrap;
+    struct inflate_state FAR *state;
+
+    /* get the state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* extract wrap request from windowBits parameter */
+    if (windowBits < 0) {
+        if (windowBits < -15)
+            return Z_STREAM_ERROR;
+        wrap = 0;
+        windowBits = -windowBits;
+    }
+    else {
+        wrap = (windowBits >> 4) + 5;
+#ifdef GUNZIP
+        if (windowBits < 48)
+            windowBits &= 15;
+#endif
+    }
+
+    /* set number of window bits, free window if different */
+    if (windowBits && (windowBits < 8 || windowBits > 15))
+        return Z_STREAM_ERROR;
+    if (state->window != Z_NULL && state->wbits != (unsigned)windowBits) {
+        ZFREE(strm, state->window);
+        state->window = Z_NULL;
+    }
+
+    /* update state and reset the rest of it */
+    state->wrap = wrap;
+    state->wbits = (unsigned)windowBits;
+    return inflateReset(strm);
+}
+
+int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+                          const char *version, int stream_size) {
+    int ret;
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL) return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+#endif
+    }
+    if (strm->zfree == (free_func)0)
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zfree = zcfree;
+#endif
+    state = (struct inflate_state FAR *)
+            ZALLOC(strm, 1, sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (struct internal_state FAR *)state;
+    state->strm = strm;
+    state->window = Z_NULL;
+    state->mode = HEAD;     /* to pass state test in inflateReset2() */
+    ret = inflateReset2(strm, windowBits);
+    if (ret != Z_OK) {
+        ZFREE(strm, state);
+        strm->state = Z_NULL;
+    }
+    return ret;
+}
+
+int ZEXPORT inflateInit_(z_streamp strm, const char *version,
+                         int stream_size) {
+    return inflateInit2_(strm, DEF_WBITS, version, stream_size);
+}
+
+int ZEXPORT inflatePrime(z_streamp strm, int bits, int value) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    if (bits == 0)
+        return Z_OK;
+    state = (struct inflate_state FAR *)strm->state;
+    if (bits < 0) {
+        state->hold = 0;
+        state->bits = 0;
+        return Z_OK;
+    }
+    if (bits > 16 || state->bits + (uInt)bits > 32) return Z_STREAM_ERROR;
+    value &= (1L << bits) - 1;
+    state->hold += (unsigned)value << state->bits;
+    state->bits += (uInt)bits;
+    return Z_OK;
+}
+
+/*
+   Return state with length and distance decoding tables and index sizes set to
+   fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+   If BUILDFIXED is defined, then instead this routine builds the tables the
+   first time it's called, and returns those tables the first time and
+   thereafter.  This reduces the size of the code by about 2K bytes, in
+   exchange for a little execution time.  However, BUILDFIXED should not be
+   used for threaded applications, since the rewriting of the tables and virgin
+   may not be thread-safe.
+ */
+local void fixedtables(struct inflate_state FAR *state) {
+#ifdef BUILDFIXED
+    static int virgin = 1;
+    static code *lenfix, *distfix;
+    static code fixed[544];
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        unsigned sym, bits;
+        static code *next;
+
+        /* literal/length table */
+        sym = 0;
+        while (sym < 144) state->lens[sym++] = 8;
+        while (sym < 256) state->lens[sym++] = 9;
+        while (sym < 280) state->lens[sym++] = 7;
+        while (sym < 288) state->lens[sym++] = 8;
+        next = fixed;
+        lenfix = next;
+        bits = 9;
+        inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work);
+
+        /* distance table */
+        sym = 0;
+        while (sym < 32) state->lens[sym++] = 5;
+        distfix = next;
+        bits = 5;
+        inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work);
+
+        /* do this just once */
+        virgin = 0;
+    }
+#else /* !BUILDFIXED */
+#   include "inffixed.h"
+#endif /* BUILDFIXED */
+    state->lencode = lenfix;
+    state->lenbits = 9;
+    state->distcode = distfix;
+    state->distbits = 5;
+}
+
+#ifdef MAKEFIXED
+#include <stdio.h>
+
+/*
+   Write out the inffixed.h that is #include'd above.  Defining MAKEFIXED also
+   defines BUILDFIXED, so the tables are built on the fly.  makefixed() writes
+   those tables to stdout, which would be piped to inffixed.h.  A small program
+   can simply call makefixed to do this:
+
+    void makefixed(void);
+
+    int main(void)
+    {
+        makefixed();
+        return 0;
+    }
+
+   Then that can be linked with zlib built with MAKEFIXED defined and run:
+
+    a.out > inffixed.h
+ */
+void makefixed(void)
+{
+    unsigned low, size;
+    struct inflate_state state;
+
+    fixedtables(&state);
+    puts("    /* inffixed.h -- table for decoding fixed codes");
+    puts("     * Generated automatically by makefixed().");
+    puts("     */");
+    puts("");
+    puts("    /* WARNING: this file should *not* be used by applications.");
+    puts("       It is part of the implementation of this library and is");
+    puts("       subject to change. Applications should only use zlib.h.");
+    puts("     */");
+    puts("");
+    size = 1U << 9;
+    printf("    static const code lenfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 7) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", (low & 127) == 99 ? 64 : state.lencode[low].op,
+               state.lencode[low].bits, state.lencode[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+    size = 1U << 5;
+    printf("\n    static const code distfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 6) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", state.distcode[low].op, state.distcode[low].bits,
+               state.distcode[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+}
+#endif /* MAKEFIXED */
+
+/*
+   Update the window with the last wsize (normally 32K) bytes written before
+   returning.  If window does not exist yet, create it.  This is only called
+   when a window is already in use, or when output has been written during this
+   inflate call, but the end of the deflate stream has not been reached yet.
+   It is also called to create a window for dictionary data when a dictionary
+   is loaded.
+
+   Providing output buffers larger than 32K to inflate() should provide a speed
+   advantage, since only the last 32K of output is copied to the sliding window
+   upon return from inflate(), and since all distances after the first 32K of
+   output will fall in the output data, making match copies simpler and faster.
+   The advantage may be dependent on the size of the processor's data caches.
+ */
+local int updatewindow(z_streamp strm, const Bytef *end, unsigned copy) {
+    struct inflate_state FAR *state;
+    unsigned dist;
+
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* if it hasn't been done already, allocate space for the window */
+    if (state->window == Z_NULL) {
+        state->window = (unsigned char FAR *)
+                        ZALLOC(strm, 1U << state->wbits,
+                               sizeof(unsigned char));
+        if (state->window == Z_NULL) return 1;
+    }
+
+    /* if window not in use yet, initialize */
+    if (state->wsize == 0) {
+        state->wsize = 1U << state->wbits;
+        state->wnext = 0;
+        state->whave = 0;
+    }
+
+    /* copy state->wsize or less output bytes into the circular window */
+    if (copy >= state->wsize) {
+        zmemcpy(state->window, end - state->wsize, state->wsize);
+        state->wnext = 0;
+        state->whave = state->wsize;
+    }
+    else {
+        dist = state->wsize - state->wnext;
+        if (dist > copy) dist = copy;
+        zmemcpy(state->window + state->wnext, end - copy, dist);
+        copy -= dist;
+        if (copy) {
+            zmemcpy(state->window, end - copy, copy);
+            state->wnext = copy;
+            state->whave = state->wsize;
+        }
+        else {
+            state->wnext += dist;
+            if (state->wnext == state->wsize) state->wnext = 0;
+            if (state->whave < state->wsize) state->whave += dist;
+        }
+    }
+    return 0;
+}
+
+/* Macros for inflate(): */
+
+/* check function to use adler32() for zlib or crc32() for gzip */
+#ifdef GUNZIP
+#  define UPDATE_CHECK(check, buf, len) \
+    (state->flags ? crc32(check, buf, len) : adler32(check, buf, len))
+#else
+#  define UPDATE_CHECK(check, buf, len) adler32(check, buf, len)
+#endif
+
+/* check macros for header crc */
+#ifdef GUNZIP
+#  define CRC2(check, word) \
+    do { \
+        hbuf[0] = (unsigned char)(word); \
+        hbuf[1] = (unsigned char)((word) >> 8); \
+        check = crc32(check, hbuf, 2); \
+    } while (0)
+
+#  define CRC4(check, word) \
+    do { \
+        hbuf[0] = (unsigned char)(word); \
+        hbuf[1] = (unsigned char)((word) >> 8); \
+        hbuf[2] = (unsigned char)((word) >> 16); \
+        hbuf[3] = (unsigned char)((word) >> 24); \
+        check = crc32(check, hbuf, 4); \
+    } while (0)
+#endif
+
+/* Load registers with state in inflate() for speed */
+#define LOAD() \
+    do { \
+        put = strm->next_out; \
+        left = strm->avail_out; \
+        next = strm->next_in; \
+        have = strm->avail_in; \
+        hold = state->hold; \
+        bits = state->bits; \
+    } while (0)
+
+/* Restore state from registers in inflate() */
+#define RESTORE() \
+    do { \
+        strm->next_out = put; \
+        strm->avail_out = left; \
+        strm->next_in = next; \
+        strm->avail_in = have; \
+        state->hold = hold; \
+        state->bits = bits; \
+    } while (0)
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflate()
+   if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        if (have == 0) goto inf_leave; \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflate(). */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n < 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/*
+   inflate() uses a state machine to process as much input data and generate as
+   much output data as possible before returning.  The state machine is
+   structured roughly as follows:
+
+    for (;;) switch (state) {
+    ...
+    case STATEn:
+        if (not enough input data or output space to make progress)
+            return;
+        ... make progress ...
+        state = STATEm;
+        break;
+    ...
+    }
+
+   so when inflate() is called again, the same case is attempted again, and
+   if the appropriate resources are provided, the machine proceeds to the
+   next state.  The NEEDBITS() macro is usually the way the state evaluates
+   whether it can proceed or should return.  NEEDBITS() does the return if
+   the requested bits are not available.  The typical use of the BITS macros
+   is:
+
+        NEEDBITS(n);
+        ... do something with BITS(n) ...
+        DROPBITS(n);
+
+   where NEEDBITS(n) either returns from inflate() if there isn't enough
+   input left to load n bits into the accumulator, or it continues.  BITS(n)
+   gives the low n bits in the accumulator.  When done, DROPBITS(n) drops
+   the low n bits off the accumulator.  INITBITS() clears the accumulator
+   and sets the number of available bits to zero.  BYTEBITS() discards just
+   enough bits to put the accumulator on a byte boundary.  After BYTEBITS()
+   and a NEEDBITS(8), then BITS(8) would return the next byte in the stream.
+
+   NEEDBITS(n) uses PULLBYTE() to get an available byte of input, or to return
+   if there is no input available.  The decoding of variable length codes uses
+   PULLBYTE() directly in order to pull just enough bytes to decode the next
+   code, and no more.
+
+   Some states loop until they get enough input, making sure that enough
+   state information is maintained to continue the loop where it left off
+   if NEEDBITS() returns in the loop.  For example, want, need, and keep
+   would all have to actually be part of the saved state in case NEEDBITS()
+   returns:
+
+    case STATEw:
+        while (want < need) {
+            NEEDBITS(n);
+            keep[want++] = BITS(n);
+            DROPBITS(n);
+        }
+        state = STATEx;
+    case STATEx:
+
+   As shown above, if the next state is also the next case, then the break
+   is omitted.
+
+   A state may also return if there is not enough output space available to
+   complete that state.  Those states are copying stored data, writing a
+   literal byte, and copying a matching string.
+
+   When returning, a "goto inf_leave" is used to update the total counters,
+   update the check value, and determine whether any progress has been made
+   during that inflate() call in order to return the proper return code.
+   Progress is defined as a change in either strm->avail_in or strm->avail_out.
+   When there is a window, goto inf_leave will update the window with the last
+   output written.  If a goto inf_leave occurs in the middle of decompression
+   and there is no window currently, goto inf_leave will create one and copy
+   output to the window for the next call of inflate().
+
+   In this implementation, the flush parameter of inflate() only affects the
+   return code (per zlib.h).  inflate() always writes as much as possible to
+   strm->next_out, given the space available and the provided input--the effect
+   documented in zlib.h of Z_SYNC_FLUSH.  Furthermore, inflate() always defers
+   the allocation of and copying into a sliding window until necessary, which
+   provides the effect documented in zlib.h for Z_FINISH when the entire input
+   stream available.  So the only thing the flush parameter actually does is:
+   when flush is set to Z_FINISH, inflate() cannot return Z_OK.  Instead it
+   will return Z_BUF_ERROR if it has not reached the end of the stream.
+ */
+
+int ZEXPORT inflate(z_streamp strm, int flush) {
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have, left;        /* available input and output */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned in, out;           /* save starting available input and output */
+    unsigned copy;              /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+#ifdef GUNZIP
+    unsigned char hbuf[4];      /* buffer for gzip header crc calculation */
+#endif
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    if (inflateStateCheck(strm) || strm->next_out == Z_NULL ||
+        (strm->next_in == Z_NULL && strm->avail_in != 0))
+        return Z_STREAM_ERROR;
+
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->mode == TYPE) state->mode = TYPEDO;      /* skip check */
+    LOAD();
+    in = have;
+    out = left;
+    ret = Z_OK;
+    for (;;)
+        switch (state->mode) {
+        case HEAD:
+            if (state->wrap == 0) {
+                state->mode = TYPEDO;
+                break;
+            }
+            NEEDBITS(16);
+#ifdef GUNZIP
+            if ((state->wrap & 2) && hold == 0x8b1f) {  /* gzip header */
+                if (state->wbits == 0)
+                    state->wbits = 15;
+                state->check = crc32(0L, Z_NULL, 0);
+                CRC2(state->check, hold);
+                INITBITS();
+                state->mode = FLAGS;
+                break;
+            }
+            if (state->head != Z_NULL)
+                state->head->done = -1;
+            if (!(state->wrap & 1) ||   /* check if zlib header allowed */
+#else
+            if (
+#endif
+                ((BITS(8) << 8) + (hold >> 8)) % 31) {
+                strm->msg = (char *)"incorrect header check";
+                state->mode = BAD;
+                break;
+            }
+            if (BITS(4) != Z_DEFLATED) {
+                strm->msg = (char *)"unknown compression method";
+                state->mode = BAD;
+                break;
+            }
+            DROPBITS(4);
+            len = BITS(4) + 8;
+            if (state->wbits == 0)
+                state->wbits = len;
+            if (len > 15 || len > state->wbits) {
+                strm->msg = (char *)"invalid window size";
+                state->mode = BAD;
+                break;
+            }
+            state->dmax = 1U << len;
+            state->flags = 0;               /* indicate zlib header */
+            Tracev((stderr, "inflate:   zlib header ok\n"));
+            strm->adler = state->check = adler32(0L, Z_NULL, 0);
+            state->mode = hold & 0x200 ? DICTID : TYPE;
+            INITBITS();
+            break;
+#ifdef GUNZIP
+        case FLAGS:
+            NEEDBITS(16);
+            state->flags = (int)(hold);
+            if ((state->flags & 0xff) != Z_DEFLATED) {
+                strm->msg = (char *)"unknown compression method";
+                state->mode = BAD;
+                break;
+            }
+            if (state->flags & 0xe000) {
+                strm->msg = (char *)"unknown header flags set";
+                state->mode = BAD;
+                break;
+            }
+            if (state->head != Z_NULL)
+                state->head->text = (int)((hold >> 8) & 1);
+            if ((state->flags & 0x0200) && (state->wrap & 4))
+                CRC2(state->check, hold);
+            INITBITS();
+            state->mode = TIME;
+                /* fallthrough */
+        case TIME:
+            NEEDBITS(32);
+            if (state->head != Z_NULL)
+                state->head->time = hold;
+            if ((state->flags & 0x0200) && (state->wrap & 4))
+                CRC4(state->check, hold);
+            INITBITS();
+            state->mode = OS;
+                /* fallthrough */
+        case OS:
+            NEEDBITS(16);
+            if (state->head != Z_NULL) {
+                state->head->xflags = (int)(hold & 0xff);
+                state->head->os = (int)(hold >> 8);
+            }
+            if ((state->flags & 0x0200) && (state->wrap & 4))
+                CRC2(state->check, hold);
+            INITBITS();
+            state->mode = EXLEN;
+                /* fallthrough */
+        case EXLEN:
+            if (state->flags & 0x0400) {
+                NEEDBITS(16);
+                state->length = (unsigned)(hold);
+                if (state->head != Z_NULL)
+                    state->head->extra_len = (unsigned)hold;
+                if ((state->flags & 0x0200) && (state->wrap & 4))
+                    CRC2(state->check, hold);
+                INITBITS();
+            }
+            else if (state->head != Z_NULL)
+                state->head->extra = Z_NULL;
+            state->mode = EXTRA;
+                /* fallthrough */
+        case EXTRA:
+            if (state->flags & 0x0400) {
+                copy = state->length;
+                if (copy > have) copy = have;
+                if (copy) {
+                    if (state->head != Z_NULL &&
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
+                        zmemcpy(state->head->extra + len, next,
+                                len + copy > state->head->extra_max ?
+                                state->head->extra_max - len : copy);
+                    }
+                    if ((state->flags & 0x0200) && (state->wrap & 4))
+                        state->check = crc32(state->check, next, copy);
+                    have -= copy;
+                    next += copy;
+                    state->length -= copy;
+                }
+                if (state->length) goto inf_leave;
+            }
+            state->length = 0;
+            state->mode = NAME;
+                /* fallthrough */
+        case NAME:
+            if (state->flags & 0x0800) {
+                if (have == 0) goto inf_leave;
+                copy = 0;
+                do {
+                    len = (unsigned)(next[copy++]);
+                    if (state->head != Z_NULL &&
+                            state->head->name != Z_NULL &&
+                            state->length < state->head->name_max)
+                        state->head->name[state->length++] = (Bytef)len;
+                } while (len && copy < have);
+                if ((state->flags & 0x0200) && (state->wrap & 4))
+                    state->check = crc32(state->check, next, copy);
+                have -= copy;
+                next += copy;
+                if (len) goto inf_leave;
+            }
+            else if (state->head != Z_NULL)
+                state->head->name = Z_NULL;
+            state->length = 0;
+            state->mode = COMMENT;
+                /* fallthrough */
+        case COMMENT:
+            if (state->flags & 0x1000) {
+                if (have == 0) goto inf_leave;
+                copy = 0;
+                do {
+                    len = (unsigned)(next[copy++]);
+                    if (state->head != Z_NULL &&
+                            state->head->comment != Z_NULL &&
+                            state->length < state->head->comm_max)
+                        state->head->comment[state->length++] = (Bytef)len;
+                } while (len && copy < have);
+                if ((state->flags & 0x0200) && (state->wrap & 4))
+                    state->check = crc32(state->check, next, copy);
+                have -= copy;
+                next += copy;
+                if (len) goto inf_leave;
+            }
+            else if (state->head != Z_NULL)
+                state->head->comment = Z_NULL;
+            state->mode = HCRC;
+                /* fallthrough */
+        case HCRC:
+            if (state->flags & 0x0200) {
+                NEEDBITS(16);
+                if ((state->wrap & 4) && hold != (state->check & 0xffff)) {
+                    strm->msg = (char *)"header crc mismatch";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+            }
+            if (state->head != Z_NULL) {
+                state->head->hcrc = (int)((state->flags >> 9) & 1);
+                state->head->done = 1;
+            }
+            strm->adler = state->check = crc32(0L, Z_NULL, 0);
+            state->mode = TYPE;
+            break;
+#endif
+        case DICTID:
+            NEEDBITS(32);
+            strm->adler = state->check = ZSWAP32(hold);
+            INITBITS();
+            state->mode = DICT;
+                /* fallthrough */
+        case DICT:
+            if (state->havedict == 0) {
+                RESTORE();
+                return Z_NEED_DICT;
+            }
+            strm->adler = state->check = adler32(0L, Z_NULL, 0);
+            state->mode = TYPE;
+                /* fallthrough */
+        case TYPE:
+            if (flush == Z_BLOCK || flush == Z_TREES) goto inf_leave;
+                /* fallthrough */
+        case TYPEDO:
+            if (state->last) {
+                BYTEBITS();
+                state->mode = CHECK;
+                break;
+            }
+            NEEDBITS(3);
+            state->last = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                fixedtables(state);
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = LEN_;             /* decode codes */
+                if (flush == Z_TREES) {
+                    DROPBITS(2);
+                    goto inf_leave;
+                }
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                state->mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+        case STORED:
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                state->mode = BAD;
+                break;
+            }
+            state->length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %u\n",
+                    state->length));
+            INITBITS();
+            state->mode = COPY_;
+            if (flush == Z_TREES) goto inf_leave;
+                /* fallthrough */
+        case COPY_:
+            state->mode = COPY;
+                /* fallthrough */
+        case COPY:
+            copy = state->length;
+            if (copy) {
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                if (copy == 0) goto inf_leave;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                state->length -= copy;
+                break;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            state->mode = TYPE;
+            break;
+        case TABLE:
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+#ifndef PKZIP_BUG_WORKAROUND
+            if (state->nlen > 286 || state->ndist > 30) {
+                strm->msg = (char *)"too many length or distance symbols";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+            state->have = 0;
+            state->mode = LENLENS;
+                /* fallthrough */
+        case LENLENS:
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            state->lencode = (const code FAR *)(state->next);
+            state->lenbits = 7;
+            ret = inflate_table(CODES, state->lens, 19, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+            state->have = 0;
+            state->mode = CODELENS;
+                /* fallthrough */
+        case CODELENS:
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = state->lencode[BITS(state->lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            state->mode = BAD;
+                            break;
+                        }
+                        len = state->lens[state->have - 1];
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        state->mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                state->mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftrees.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            state->lencode = (const code FAR *)(state->next);
+            state->lenbits = 9;
+            ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                state->mode = BAD;
+                break;
+            }
+            state->distcode = (const code FAR *)(state->next);
+            state->distbits = 6;
+            ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
+                            &(state->next), &(state->distbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            state->mode = LEN_;
+            if (flush == Z_TREES) goto inf_leave;
+                /* fallthrough */
+        case LEN_:
+            state->mode = LEN;
+                /* fallthrough */
+        case LEN:
+            if (have >= 6 && left >= 258) {
+                RESTORE();
+                inflate_fast(strm, out);
+                LOAD();
+                if (state->mode == TYPE)
+                    state->back = -1;
+                break;
+            }
+            state->back = 0;
+            for (;;) {
+                here = state->lencode[BITS(state->lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+                state->back += last.bits;
+            }
+            DROPBITS(here.bits);
+            state->back += here.bits;
+            state->length = (unsigned)here.val;
+            if ((int)(here.op) == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                state->mode = LIT;
+                break;
+            }
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                state->back = -1;
+                state->mode = TYPE;
+                break;
+            }
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                state->mode = BAD;
+                break;
+            }
+            state->extra = (unsigned)(here.op) & 15;
+            state->mode = LENEXT;
+                /* fallthrough */
+        case LENEXT:
+            if (state->extra) {
+                NEEDBITS(state->extra);
+                state->length += BITS(state->extra);
+                DROPBITS(state->extra);
+                state->back += state->extra;
+            }
+            Tracevv((stderr, "inflate:         length %u\n", state->length));
+            state->was = state->length;
+            state->mode = DIST;
+                /* fallthrough */
+        case DIST:
+            for (;;) {
+                here = state->distcode[BITS(state->distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+                state->back += last.bits;
+            }
+            DROPBITS(here.bits);
+            state->back += here.bits;
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+            state->offset = (unsigned)here.val;
+            state->extra = (unsigned)(here.op) & 15;
+            state->mode = DISTEXT;
+                /* fallthrough */
+        case DISTEXT:
+            if (state->extra) {
+                NEEDBITS(state->extra);
+                state->offset += BITS(state->extra);
+                DROPBITS(state->extra);
+                state->back += state->extra;
+            }
+#ifdef INFLATE_STRICT
+            if (state->offset > state->dmax) {
+                strm->msg = (char *)"invalid distance too far back";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracevv((stderr, "inflate:         distance %u\n", state->offset));
+            state->mode = MATCH;
+                /* fallthrough */
+        case MATCH:
+            if (left == 0) goto inf_leave;
+            copy = out - left;
+            if (state->offset > copy) {         /* copy from window */
+                copy = state->offset - copy;
+                if (copy > state->whave) {
+                    if (state->sane) {
+                        strm->msg = (char *)"invalid distance too far back";
+                        state->mode = BAD;
+                        break;
+                    }
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                    Trace((stderr, "inflate.c too far\n"));
+                    copy -= state->whave;
+                    if (copy > state->length) copy = state->length;
+                    if (copy > left) copy = left;
+                    left -= copy;
+                    state->length -= copy;
+                    do {
+                        *put++ = 0;
+                    } while (--copy);
+                    if (state->length == 0) state->mode = LEN;
+                    break;
+#endif
+                }
+                if (copy > state->wnext) {
+                    copy -= state->wnext;
+                    from = state->window + (state->wsize - copy);
+                }
+                else
+                    from = state->window + (state->wnext - copy);
+                if (copy > state->length) copy = state->length;
+            }
+            else {                              /* copy from output */
+                from = put - state->offset;
+                copy = state->length;
+            }
+            if (copy > left) copy = left;
+            left -= copy;
+            state->length -= copy;
+            do {
+                *put++ = *from++;
+            } while (--copy);
+            if (state->length == 0) state->mode = LEN;
+            break;
+        case LIT:
+            if (left == 0) goto inf_leave;
+            *put++ = (unsigned char)(state->length);
+            left--;
+            state->mode = LEN;
+            break;
+        case CHECK:
+            if (state->wrap) {
+                NEEDBITS(32);
+                out -= left;
+                strm->total_out += out;
+                state->total += out;
+                if ((state->wrap & 4) && out)
+                    strm->adler = state->check =
+                        UPDATE_CHECK(state->check, put - out, out);
+                out = left;
+                if ((state->wrap & 4) && (
+#ifdef GUNZIP
+                     state->flags ? hold :
+#endif
+                     ZSWAP32(hold)) != state->check) {
+                    strm->msg = (char *)"incorrect data check";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+                Tracev((stderr, "inflate:   check matches trailer\n"));
+            }
+#ifdef GUNZIP
+            state->mode = LENGTH;
+                /* fallthrough */
+        case LENGTH:
+            if (state->wrap && state->flags) {
+                NEEDBITS(32);
+                if ((state->wrap & 4) && hold != (state->total & 0xffffffff)) {
+                    strm->msg = (char *)"incorrect length check";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+                Tracev((stderr, "inflate:   length matches trailer\n"));
+            }
+#endif
+            state->mode = DONE;
+                /* fallthrough */
+        case DONE:
+            ret = Z_STREAM_END;
+            goto inf_leave;
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+        case MEM:
+            return Z_MEM_ERROR;
+        case SYNC:
+                /* fallthrough */
+        default:
+            return Z_STREAM_ERROR;
+        }
+
+    /*
+       Return from inflate(), updating the total counts and the check value.
+       If there was no progress during the inflate() call, return a buffer
+       error.  Call updatewindow() to create and/or update the window state.
+       Note: a memory error from inflate() is non-recoverable.
+     */
+  inf_leave:
+    RESTORE();
+    if (state->wsize || (out != strm->avail_out && state->mode < BAD &&
+            (state->mode < CHECK || flush != Z_FINISH)))
+        if (updatewindow(strm, strm->next_out, out - strm->avail_out)) {
+            state->mode = MEM;
+            return Z_MEM_ERROR;
+        }
+    in -= strm->avail_in;
+    out -= strm->avail_out;
+    strm->total_in += in;
+    strm->total_out += out;
+    state->total += out;
+    if ((state->wrap & 4) && out)
+        strm->adler = state->check =
+            UPDATE_CHECK(state->check, strm->next_out - out, out);
+    strm->data_type = (int)state->bits + (state->last ? 64 : 0) +
+                      (state->mode == TYPE ? 128 : 0) +
+                      (state->mode == LEN_ || state->mode == COPY_ ? 256 : 0);
+    if (((in == 0 && out == 0) || flush == Z_FINISH) && ret == Z_OK)
+        ret = Z_BUF_ERROR;
+    return ret;
+}
+
+int ZEXPORT inflateEnd(z_streamp strm) {
+    struct inflate_state FAR *state;
+    if (inflateStateCheck(strm))
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->window != Z_NULL) ZFREE(strm, state->window);
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateGetDictionary(z_streamp strm, Bytef *dictionary,
+                                 uInt *dictLength) {
+    struct inflate_state FAR *state;
+
+    /* check state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* copy dictionary */
+    if (state->whave && dictionary != Z_NULL) {
+        zmemcpy(dictionary, state->window + state->wnext,
+                state->whave - state->wnext);
+        zmemcpy(dictionary + state->whave - state->wnext,
+                state->window, state->wnext);
+    }
+    if (dictLength != Z_NULL)
+        *dictLength = state->whave;
+    return Z_OK;
+}
+
+int ZEXPORT inflateSetDictionary(z_streamp strm, const Bytef *dictionary,
+                                 uInt dictLength) {
+    struct inflate_state FAR *state;
+    unsigned long dictid;
+    int ret;
+
+    /* check state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->wrap != 0 && state->mode != DICT)
+        return Z_STREAM_ERROR;
+
+    /* check for correct dictionary identifier */
+    if (state->mode == DICT) {
+        dictid = adler32(0L, Z_NULL, 0);
+        dictid = adler32(dictid, dictionary, dictLength);
+        if (dictid != state->check)
+            return Z_DATA_ERROR;
+    }
+
+    /* copy dictionary to window using updatewindow(), which will amend the
+       existing dictionary if appropriate */
+    ret = updatewindow(strm, dictionary + dictLength, dictLength);
+    if (ret) {
+        state->mode = MEM;
+        return Z_MEM_ERROR;
+    }
+    state->havedict = 1;
+    Tracev((stderr, "inflate:   dictionary set\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateGetHeader(z_streamp strm, gz_headerp head) {
+    struct inflate_state FAR *state;
+
+    /* check state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if ((state->wrap & 2) == 0) return Z_STREAM_ERROR;
+
+    /* save header structure */
+    state->head = head;
+    head->done = 0;
+    return Z_OK;
+}
+
+/*
+   Search buf[0..len-1] for the pattern: 0, 0, 0xff, 0xff.  Return when found
+   or when out of input.  When called, *have is the number of pattern bytes
+   found in order so far, in 0..3.  On return *have is updated to the new
+   state.  If on return *have equals four, then the pattern was found and the
+   return value is how many bytes were read including the last byte of the
+   pattern.  If *have is less than four, then the pattern has not been found
+   yet and the return value is len.  In the latter case, syncsearch() can be
+   called again with more data and the *have state.  *have is initialized to
+   zero for the first call.
+ */
+local unsigned syncsearch(unsigned FAR *have, const unsigned char FAR *buf,
+                          unsigned len) {
+    unsigned got;
+    unsigned next;
+
+    got = *have;
+    next = 0;
+    while (next < len && got < 4) {
+        if ((int)(buf[next]) == (got < 2 ? 0 : 0xff))
+            got++;
+        else if (buf[next])
+            got = 0;
+        else
+            got = 4 - got;
+        next++;
+    }
+    *have = got;
+    return next;
+}
+
+int ZEXPORT inflateSync(z_streamp strm) {
+    unsigned len;               /* number of bytes to look at or looked at */
+    int flags;                  /* temporary to save header status */
+    unsigned long in, out;      /* temporary to save total_in and total_out */
+    unsigned char buf[4];       /* to restore bit buffer to byte string */
+    struct inflate_state FAR *state;
+
+    /* check parameters */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (strm->avail_in == 0 && state->bits < 8) return Z_BUF_ERROR;
+
+    /* if first time, start search in bit buffer */
+    if (state->mode != SYNC) {
+        state->mode = SYNC;
+        state->hold >>= state->bits & 7;
+        state->bits -= state->bits & 7;
+        len = 0;
+        while (state->bits >= 8) {
+            buf[len++] = (unsigned char)(state->hold);
+            state->hold >>= 8;
+            state->bits -= 8;
+        }
+        state->have = 0;
+        syncsearch(&(state->have), buf, len);
+    }
+
+    /* search available input */
+    len = syncsearch(&(state->have), strm->next_in, strm->avail_in);
+    strm->avail_in -= len;
+    strm->next_in += len;
+    strm->total_in += len;
+
+    /* return no joy or set up to restart inflate() on a new block */
+    if (state->have != 4) return Z_DATA_ERROR;
+    if (state->flags == -1)
+        state->wrap = 0;    /* if no header yet, treat as raw */
+    else
+        state->wrap &= ~4;  /* no point in computing a check value now */
+    flags = state->flags;
+    in = strm->total_in;  out = strm->total_out;
+    inflateReset(strm);
+    strm->total_in = in;  strm->total_out = out;
+    state->flags = flags;
+    state->mode = TYPE;
+    return Z_OK;
+}
+
+/*
+   Returns true if inflate is currently at the end of a block generated by
+   Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP
+   implementation to provide an additional safety check. PPP uses
+   Z_SYNC_FLUSH but removes the length bytes of the resulting empty stored
+   block. When decompressing, PPP checks that at the end of input packet,
+   inflate is waiting for these length bytes.
+ */
+int ZEXPORT inflateSyncPoint(z_streamp strm) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    return state->mode == STORED && state->bits == 0;
+}
+
+int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
+    struct inflate_state FAR *state;
+    struct inflate_state FAR *copy;
+    unsigned char FAR *window;
+    unsigned wsize;
+
+    /* check input */
+    if (inflateStateCheck(source) || dest == Z_NULL)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)source->state;
+
+    /* allocate space */
+    copy = (struct inflate_state FAR *)
+           ZALLOC(source, 1, sizeof(struct inflate_state));
+    if (copy == Z_NULL) return Z_MEM_ERROR;
+    window = Z_NULL;
+    if (state->window != Z_NULL) {
+        window = (unsigned char FAR *)
+                 ZALLOC(source, 1U << state->wbits, sizeof(unsigned char));
+        if (window == Z_NULL) {
+            ZFREE(source, copy);
+            return Z_MEM_ERROR;
+        }
+    }
+
+    /* copy state */
+    zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream));
+    zmemcpy((voidpf)copy, (voidpf)state, sizeof(struct inflate_state));
+    copy->strm = dest;
+    if (state->lencode >= state->codes &&
+        state->lencode <= state->codes + ENOUGH - 1) {
+        copy->lencode = copy->codes + (state->lencode - state->codes);
+        copy->distcode = copy->codes + (state->distcode - state->codes);
+    }
+    copy->next = copy->codes + (state->next - state->codes);
+    if (window != Z_NULL) {
+        wsize = 1U << state->wbits;
+        zmemcpy(window, state->window, wsize);
+    }
+    copy->window = window;
+    dest->state = (struct internal_state FAR *)copy;
+    return Z_OK;
+}
+
+int ZEXPORT inflateUndermine(z_streamp strm, int subvert) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+    state->sane = !subvert;
+    return Z_OK;
+#else
+    (void)subvert;
+    state->sane = 1;
+    return Z_DATA_ERROR;
+#endif
+}
+
+int ZEXPORT inflateValidate(z_streamp strm, int check) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (check && state->wrap)
+        state->wrap |= 4;
+    else
+        state->wrap &= ~4;
+    return Z_OK;
+}
+
+long ZEXPORT inflateMark(z_streamp strm) {
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm))
+        return -(1L << 16);
+    state = (struct inflate_state FAR *)strm->state;
+    return (long)(((unsigned long)((long)state->back)) << 16) +
+        (state->mode == COPY ? state->length :
+            (state->mode == MATCH ? state->was - state->length : 0));
+}
+
+unsigned long ZEXPORT inflateCodesUsed(z_streamp strm) {
+    struct inflate_state FAR *state;
+    if (inflateStateCheck(strm)) return (unsigned long)-1;
+    state = (struct inflate_state FAR *)strm->state;
+    return (unsigned long)(state->next - state->codes);
+}
diff --git a/zlib-1.3.1/inflate.h b/zlib-1.3.1/inflate.h
new file mode 100644
index 00000000..f127b6b1
--- /dev/null
+++ b/zlib-1.3.1/inflate.h
@@ -0,0 +1,126 @@
+/* inflate.h -- internal inflate state definition
+ * Copyright (C) 1995-2019 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* define NO_GZIP when compiling if you want to disable gzip header and
+   trailer decoding by inflate().  NO_GZIP would be used to avoid linking in
+   the crc code when it is not needed.  For shared libraries, gzip decoding
+   should be left enabled. */
+#ifndef NO_GZIP
+#  define GUNZIP
+#endif
+
+/* Possible inflate modes between inflate() calls */
+typedef enum {
+    HEAD = 16180,   /* i: waiting for magic header */
+    FLAGS,      /* i: waiting for method and flags (gzip) */
+    TIME,       /* i: waiting for modification time (gzip) */
+    OS,         /* i: waiting for extra flags and operating system (gzip) */
+    EXLEN,      /* i: waiting for extra length (gzip) */
+    EXTRA,      /* i: waiting for extra bytes (gzip) */
+    NAME,       /* i: waiting for end of file name (gzip) */
+    COMMENT,    /* i: waiting for end of comment (gzip) */
+    HCRC,       /* i: waiting for header crc (gzip) */
+    DICTID,     /* i: waiting for dictionary check value */
+    DICT,       /* waiting for inflateSetDictionary() call */
+        TYPE,       /* i: waiting for type bits, including last-flag bit */
+        TYPEDO,     /* i: same, but skip check to exit inflate on new block */
+        STORED,     /* i: waiting for stored size (length and complement) */
+        COPY_,      /* i/o: same as COPY below, but only first time in */
+        COPY,       /* i/o: waiting for input or output to copy stored block */
+        TABLE,      /* i: waiting for dynamic block table lengths */
+        LENLENS,    /* i: waiting for code length code lengths */
+        CODELENS,   /* i: waiting for length/lit and distance code lengths */
+            LEN_,       /* i: same as LEN below, but only first time in */
+            LEN,        /* i: waiting for length/lit/eob code */
+            LENEXT,     /* i: waiting for length extra bits */
+            DIST,       /* i: waiting for distance code */
+            DISTEXT,    /* i: waiting for distance extra bits */
+            MATCH,      /* o: waiting for output space to copy string */
+            LIT,        /* o: waiting for output space to write literal */
+    CHECK,      /* i: waiting for 32-bit check value */
+    LENGTH,     /* i: waiting for 32-bit length (gzip) */
+    DONE,       /* finished check, done -- remain here until reset */
+    BAD,        /* got a data error -- remain here until reset */
+    MEM,        /* got an inflate() memory error -- remain here until reset */
+    SYNC        /* looking for synchronization bytes to restart inflate() */
+} inflate_mode;
+
+/*
+    State transitions between above modes -
+
+    (most modes can go to BAD or MEM on error -- not shown for clarity)
+
+    Process header:
+        HEAD -> (gzip) or (zlib) or (raw)
+        (gzip) -> FLAGS -> TIME -> OS -> EXLEN -> EXTRA -> NAME -> COMMENT ->
+                  HCRC -> TYPE
+        (zlib) -> DICTID or TYPE
+        DICTID -> DICT -> TYPE
+        (raw) -> TYPEDO
+    Read deflate blocks:
+            TYPE -> TYPEDO -> STORED or TABLE or LEN_ or CHECK
+            STORED -> COPY_ -> COPY -> TYPE
+            TABLE -> LENLENS -> CODELENS -> LEN_
+            LEN_ -> LEN
+    Read deflate codes in fixed or dynamic block:
+                LEN -> LENEXT or LIT or TYPE
+                LENEXT -> DIST -> DISTEXT -> MATCH -> LEN
+                LIT -> LEN
+    Process trailer:
+        CHECK -> LENGTH -> DONE
+ */
+
+/* State maintained between inflate() calls -- approximately 7K bytes, not
+   including the allocated sliding window, which is up to 32K bytes. */
+struct inflate_state {
+    z_streamp strm;             /* pointer back to this zlib stream */
+    inflate_mode mode;          /* current inflate mode */
+    int last;                   /* true if processing last block */
+    int wrap;                   /* bit 0 true for zlib, bit 1 true for gzip,
+                                   bit 2 true to validate check value */
+    int havedict;               /* true if dictionary provided */
+    int flags;                  /* gzip header method and flags, 0 if zlib, or
+                                   -1 if raw or no header yet */
+    unsigned dmax;              /* zlib header max distance (INFLATE_STRICT) */
+    unsigned long check;        /* protected copy of check value */
+    unsigned long total;        /* protected copy of output count */
+    gz_headerp head;            /* where to save gzip header information */
+        /* sliding window */
+    unsigned wbits;             /* log base 2 of requested window size */
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if needed */
+        /* bit accumulator */
+    unsigned long hold;         /* input bit accumulator */
+    unsigned bits;              /* number of bits in "in" */
+        /* for string and stored block copying */
+    unsigned length;            /* literal or length of data to copy */
+    unsigned offset;            /* distance back to copy string from */
+        /* for table and code decoding */
+    unsigned extra;             /* extra bits needed */
+        /* fixed and dynamic code tables */
+    code const FAR *lencode;    /* starting table for length/literal codes */
+    code const FAR *distcode;   /* starting table for distance codes */
+    unsigned lenbits;           /* index bits for lencode */
+    unsigned distbits;          /* index bits for distcode */
+        /* dynamic table building */
+    unsigned ncode;             /* number of code length code lengths */
+    unsigned nlen;              /* number of length code lengths */
+    unsigned ndist;             /* number of distance code lengths */
+    unsigned have;              /* number of code lengths in lens[] */
+    code FAR *next;             /* next available space in codes[] */
+    unsigned short lens[320];   /* temporary storage for code lengths */
+    unsigned short work[288];   /* work area for code table building */
+    code codes[ENOUGH];         /* space for code tables */
+    int sane;                   /* if false, allow invalid distance too far */
+    int back;                   /* bits back of last unprocessed length/lit */
+    unsigned was;               /* initial length of match */
+};
diff --git a/zlib-1.3.1/inftrees.c b/zlib-1.3.1/inftrees.c
new file mode 100644
index 00000000..98cfe164
--- /dev/null
+++ b/zlib-1.3.1/inftrees.c
@@ -0,0 +1,299 @@
+/* inftrees.c -- generate Huffman trees for efficient decoding
+ * Copyright (C) 1995-2024 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+
+#define MAXBITS 15
+
+const char inflate_copyright[] =
+   " inflate 1.3.1 Copyright 1995-2024 Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+/*
+   Build a set of tables to decode the provided canonical Huffman code.
+   The code lengths are lens[0..codes-1].  The result starts at *table,
+   whose indices are 0..2^bits-1.  work is a writable array of at least
+   lens shorts, which is used as a work area.  type is the type of code
+   to be generated, CODES, LENS, or DISTS.  On return, zero is success,
+   -1 is an invalid code, and +1 means that ENOUGH isn't enough.  table
+   on return points to the next available entry's address.  bits is the
+   requested root table index bits, and on return it is the actual root
+   table index bits.  It will differ if the request is greater than the
+   longest code or if it is less than the shortest code.
+ */
+int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
+                                unsigned codes, code FAR * FAR *table,
+                                unsigned FAR *bits, unsigned short FAR *work) {
+    unsigned len;               /* a code's length in bits */
+    unsigned sym;               /* index of code symbols */
+    unsigned min, max;          /* minimum and maximum code lengths */
+    unsigned root;              /* number of index bits for root table */
+    unsigned curr;              /* number of index bits for current table */
+    unsigned drop;              /* code bits to drop for sub-table */
+    int left;                   /* number of prefix codes available */
+    unsigned used;              /* code entries in table used */
+    unsigned huff;              /* Huffman code */
+    unsigned incr;              /* for incrementing code, index */
+    unsigned fill;              /* index for replicating entries */
+    unsigned low;               /* low bits for current root entry */
+    unsigned mask;              /* mask for low root bits */
+    code here;                  /* table entry for duplication */
+    code FAR *next;             /* next available space in table */
+    const unsigned short FAR *base;     /* base value table to use */
+    const unsigned short FAR *extra;    /* extra bits table to use */
+    unsigned match;             /* use base and extra for symbol >= match */
+    unsigned short count[MAXBITS+1];    /* number of codes of each length */
+    unsigned short offs[MAXBITS+1];     /* offsets in table for each length */
+    static const unsigned short lbase[31] = { /* Length codes 257..285 base */
+        3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
+        35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
+    static const unsigned short lext[31] = { /* Length codes 257..285 extra */
+        16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
+        19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 203, 77};
+    static const unsigned short dbase[32] = { /* Distance codes 0..29 base */
+        1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
+        257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
+        8193, 12289, 16385, 24577, 0, 0};
+    static const unsigned short dext[32] = { /* Distance codes 0..29 extra */
+        16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,
+        23, 23, 24, 24, 25, 25, 26, 26, 27, 27,
+        28, 28, 29, 29, 64, 64};
+
+    /*
+       Process a set of code lengths to create a canonical Huffman code.  The
+       code lengths are lens[0..codes-1].  Each length corresponds to the
+       symbols 0..codes-1.  The Huffman code is generated by first sorting the
+       symbols by length from short to long, and retaining the symbol order
+       for codes with equal lengths.  Then the code starts with all zero bits
+       for the first code of the shortest length, and the codes are integer
+       increments for the same length, and zeros are appended as the length
+       increases.  For the deflate format, these bits are stored backwards
+       from their more natural integer increment ordering, and so when the
+       decoding tables are built in the large loop below, the integer codes
+       are incremented backwards.
+
+       This routine assumes, but does not check, that all of the entries in
+       lens[] are in the range 0..MAXBITS.  The caller must assure this.
+       1..MAXBITS is interpreted as that code length.  zero means that that
+       symbol does not occur in this code.
+
+       The codes are sorted by computing a count of codes for each length,
+       creating from that a table of starting indices for each length in the
+       sorted table, and then entering the symbols in order in the sorted
+       table.  The sorted table is work[], with that space being provided by
+       the caller.
+
+       The length counts are used for other purposes as well, i.e. finding
+       the minimum and maximum length codes, determining if there are any
+       codes at all, checking for a valid set of lengths, and looking ahead
+       at length counts to determine sub-table sizes when building the
+       decoding tables.
+     */
+
+    /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */
+    for (len = 0; len <= MAXBITS; len++)
+        count[len] = 0;
+    for (sym = 0; sym < codes; sym++)
+        count[lens[sym]]++;
+
+    /* bound code lengths, force root to be within code lengths */
+    root = *bits;
+    for (max = MAXBITS; max >= 1; max--)
+        if (count[max] != 0) break;
+    if (root > max) root = max;
+    if (max == 0) {                     /* no symbols to code at all */
+        here.op = (unsigned char)64;    /* invalid code marker */
+        here.bits = (unsigned char)1;
+        here.val = (unsigned short)0;
+        *(*table)++ = here;             /* make a table to force an error */
+        *(*table)++ = here;
+        *bits = 1;
+        return 0;     /* no symbols, but wait for decoding to report error */
+    }
+    for (min = 1; min < max; min++)
+        if (count[min] != 0) break;
+    if (root < min) root = min;
+
+    /* check for an over-subscribed or incomplete set of lengths */
+    left = 1;
+    for (len = 1; len <= MAXBITS; len++) {
+        left <<= 1;
+        left -= count[len];
+        if (left < 0) return -1;        /* over-subscribed */
+    }
+    if (left > 0 && (type == CODES || max != 1))
+        return -1;                      /* incomplete set */
+
+    /* generate offsets into symbol table for each length for sorting */
+    offs[1] = 0;
+    for (len = 1; len < MAXBITS; len++)
+        offs[len + 1] = offs[len] + count[len];
+
+    /* sort symbols by length, by symbol order within each length */
+    for (sym = 0; sym < codes; sym++)
+        if (lens[sym] != 0) work[offs[lens[sym]]++] = (unsigned short)sym;
+
+    /*
+       Create and fill in decoding tables.  In this loop, the table being
+       filled is at next and has curr index bits.  The code being used is huff
+       with length len.  That code is converted to an index by dropping drop
+       bits off of the bottom.  For codes where len is less than drop + curr,
+       those top drop + curr - len bits are incremented through all values to
+       fill the table with replicated entries.
+
+       root is the number of index bits for the root table.  When len exceeds
+       root, sub-tables are created pointed to by the root entry with an index
+       of the low root bits of huff.  This is saved in low to check for when a
+       new sub-table should be started.  drop is zero when the root table is
+       being filled, and drop is root when sub-tables are being filled.
+
+       When a new sub-table is needed, it is necessary to look ahead in the
+       code lengths to determine what size sub-table is needed.  The length
+       counts are used for this, and so count[] is decremented as codes are
+       entered in the tables.
+
+       used keeps track of how many table entries have been allocated from the
+       provided *table space.  It is checked for LENS and DIST tables against
+       the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in
+       the initial root table size constants.  See the comments in inftrees.h
+       for more information.
+
+       sym increments through all symbols, and the loop terminates when
+       all codes of length max, i.e. all codes, have been processed.  This
+       routine permits incomplete codes, so another loop after this one fills
+       in the rest of the decoding tables with invalid code markers.
+     */
+
+    /* set up for code type */
+    switch (type) {
+    case CODES:
+        base = extra = work;    /* dummy value--not used */
+        match = 20;
+        break;
+    case LENS:
+        base = lbase;
+        extra = lext;
+        match = 257;
+        break;
+    default:    /* DISTS */
+        base = dbase;
+        extra = dext;
+        match = 0;
+    }
+
+    /* initialize state for loop */
+    huff = 0;                   /* starting code */
+    sym = 0;                    /* starting code symbol */
+    len = min;                  /* starting code length */
+    next = *table;              /* current table to fill in */
+    curr = root;                /* current table index bits */
+    drop = 0;                   /* current bits to drop from code for index */
+    low = (unsigned)(-1);       /* trigger new sub-table when len > root */
+    used = 1U << root;          /* use root table entries */
+    mask = used - 1;            /* mask for comparing low */
+
+    /* check available table space */
+    if ((type == LENS && used > ENOUGH_LENS) ||
+        (type == DISTS && used > ENOUGH_DISTS))
+        return 1;
+
+    /* process all codes and make table entries */
+    for (;;) {
+        /* create table entry */
+        here.bits = (unsigned char)(len - drop);
+        if (work[sym] + 1U < match) {
+            here.op = (unsigned char)0;
+            here.val = work[sym];
+        }
+        else if (work[sym] >= match) {
+            here.op = (unsigned char)(extra[work[sym] - match]);
+            here.val = base[work[sym] - match];
+        }
+        else {
+            here.op = (unsigned char)(32 + 64);         /* end of block */
+            here.val = 0;
+        }
+
+        /* replicate for those indices with low len bits equal to huff */
+        incr = 1U << (len - drop);
+        fill = 1U << curr;
+        min = fill;                 /* save offset to next table */
+        do {
+            fill -= incr;
+            next[(huff >> drop) + fill] = here;
+        } while (fill != 0);
+
+        /* backwards increment the len-bit code huff */
+        incr = 1U << (len - 1);
+        while (huff & incr)
+            incr >>= 1;
+        if (incr != 0) {
+            huff &= incr - 1;
+            huff += incr;
+        }
+        else
+            huff = 0;
+
+        /* go to next symbol, update count, len */
+        sym++;
+        if (--(count[len]) == 0) {
+            if (len == max) break;
+            len = lens[work[sym]];
+        }
+
+        /* create new sub-table if needed */
+        if (len > root && (huff & mask) != low) {
+            /* if first time, transition to sub-tables */
+            if (drop == 0)
+                drop = root;
+
+            /* increment past last table */
+            next += min;            /* here min is 1 << curr */
+
+            /* determine length of next table */
+            curr = len - drop;
+            left = (int)(1 << curr);
+            while (curr + drop < max) {
+                left -= count[curr + drop];
+                if (left <= 0) break;
+                curr++;
+                left <<= 1;
+            }
+
+            /* check for enough space */
+            used += 1U << curr;
+            if ((type == LENS && used > ENOUGH_LENS) ||
+                (type == DISTS && used > ENOUGH_DISTS))
+                return 1;
+
+            /* point entry in root table to sub-table */
+            low = huff & mask;
+            (*table)[low].op = (unsigned char)curr;
+            (*table)[low].bits = (unsigned char)root;
+            (*table)[low].val = (unsigned short)(next - *table);
+        }
+    }
+
+    /* fill in remaining table entry if code is incomplete (guaranteed to have
+       at most one remaining entry, since if the code is incomplete, the
+       maximum code length that was allowed to get this far is one bit) */
+    if (huff != 0) {
+        here.op = (unsigned char)64;            /* invalid code marker */
+        here.bits = (unsigned char)(len - drop);
+        here.val = (unsigned short)0;
+        next[huff] = here;
+    }
+
+    /* set return parameters */
+    *table += used;
+    *bits = root;
+    return 0;
+}
diff --git a/zlib-1.3.1/inftrees.h b/zlib-1.3.1/inftrees.h
new file mode 100644
index 00000000..396f74b5
--- /dev/null
+++ b/zlib-1.3.1/inftrees.h
@@ -0,0 +1,62 @@
+/* inftrees.h -- header to use inftrees.c
+ * Copyright (C) 1995-2005, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* Structure for decoding tables.  Each entry provides either the
+   information needed to do the operation requested by the code that
+   indexed that table entry, or it provides a pointer to another
+   table that indexes more bits of the code.  op indicates whether
+   the entry is a pointer to another table, a literal, a length or
+   distance, an end-of-block, or an invalid code.  For a table
+   pointer, the low four bits of op is the number of index bits of
+   that table.  For a length or distance, the low four bits of op
+   is the number of extra bits to get after the code.  bits is
+   the number of bits in this code or part of the code to drop off
+   of the bit buffer.  val is the actual byte to output in the case
+   of a literal, the base length or distance, or the offset from
+   the current table to the next table.  Each entry is four bytes. */
+typedef struct {
+    unsigned char op;           /* operation, extra bits, table bits */
+    unsigned char bits;         /* bits in this part of the code */
+    unsigned short val;         /* offset in table or code value */
+} code;
+
+/* op values as set by inflate_table():
+    00000000 - literal
+    0000tttt - table link, tttt != 0 is the number of table index bits
+    0001eeee - length or distance, eeee is the number of extra bits
+    01100000 - end of block
+    01000000 - invalid code
+ */
+
+/* Maximum size of the dynamic table.  The maximum number of code structures is
+   1444, which is the sum of 852 for literal/length codes and 592 for distance
+   codes.  These values were found by exhaustive searches using the program
+   examples/enough.c found in the zlib distribution.  The arguments to that
+   program are the number of symbols, the initial root table size, and the
+   maximum bit length of a code.  "enough 286 9 15" for literal/length codes
+   returns 852, and "enough 30 6 15" for distance codes returns 592. The
+   initial root table size (9 or 6) is found in the fifth argument of the
+   inflate_table() calls in inflate.c and infback.c.  If the root table size is
+   changed, then these maximum sizes would be need to be recalculated and
+   updated. */
+#define ENOUGH_LENS 852
+#define ENOUGH_DISTS 592
+#define ENOUGH (ENOUGH_LENS+ENOUGH_DISTS)
+
+/* Type of code to build for inflate_table() */
+typedef enum {
+    CODES,
+    LENS,
+    DISTS
+} codetype;
+
+int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
+                                unsigned codes, code FAR * FAR *table,
+                                unsigned FAR *bits, unsigned short FAR *work);
diff --git a/zlib-1.3.1/make_vms.com b/zlib-1.3.1/make_vms.com
new file mode 100644
index 00000000..4dc8a891
--- /dev/null
+++ b/zlib-1.3.1/make_vms.com
@@ -0,0 +1,867 @@
+$! make libz under VMS written by
+$! Martin P.J. Zinser
+$!
+$! In case of problems with the install you might contact me at
+$! zinser@zinser.no-ip.info(preferred) or
+$! martin.zinser@eurexchange.com (work)
+$!
+$! Make procedure history for Zlib
+$!
+$!------------------------------------------------------------------------------
+$! Version history
+$! 0.01 20060120 First version to receive a number
+$! 0.02 20061008 Adapt to new Makefile.in
+$! 0.03 20091224 Add support for large file check
+$! 0.04 20100110 Add new gzclose, gzlib, gzread, gzwrite
+$! 0.05 20100221 Exchange zlibdefs.h by zconf.h.in
+$! 0.06 20120111 Fix missing amiss_err, update zconf_h.in, fix new examples
+$!               subdir path, update module search in makefile.in
+$! 0.07 20120115 Triggered by work done by Alexey Chupahin completely redesigned
+$!               shared image creation
+$! 0.08 20120219 Make it work on VAX again, pre-load missing symbols to shared
+$!               image
+$! 0.09 20120305 SMS.  P1 sets builder ("MMK", "MMS", " " (built-in)).
+$!               "" -> automatic, preference: MMK, MMS, built-in.
+$!
+$ on error then goto err_exit
+$!
+$ true  = 1
+$ false = 0
+$ tmpnam = "temp_" + f$getjpi("","pid")
+$ tt = tmpnam + ".txt"
+$ tc = tmpnam + ".c"
+$ th = tmpnam + ".h"
+$ define/nolog tconfig 'th'
+$ its_decc = false
+$ its_vaxc = false
+$ its_gnuc = false
+$ s_case   = False
+$!
+$! Setup variables holding "config" information
+$!
+$ Make    = "''p1'"
+$ name     = "Zlib"
+$ version  = "?.?.?"
+$ v_string = "ZLIB_VERSION"
+$ v_file   = "zlib.h"
+$ ccopt   = "/include = []"
+$ lopts   = ""
+$ dnsrl   = ""
+$ aconf_in_file = "zconf.h.in#zconf.h_in#zconf_h.in"
+$ conf_check_string = ""
+$ linkonly = false
+$ optfile  = name + ".opt"
+$ mapfile  = name + ".map"
+$ libdefs  = ""
+$ vax      = f$getsyi("HW_MODEL").lt.1024
+$ axp      = f$getsyi("HW_MODEL").ge.1024 .and. f$getsyi("HW_MODEL").lt.4096
+$ ia64     = f$getsyi("HW_MODEL").ge.4096
+$!
+$! 2012-03-05 SMS.
+$! Why is this needed?  And if it is needed, why not simply ".not. vax"?
+$!
+$!!! if axp .or. ia64 then  set proc/parse=extended
+$!
+$ whoami = f$parse(f$environment("Procedure"),,,,"NO_CONCEAL")
+$ mydef  = F$parse(whoami,,,"DEVICE")
+$ mydir  = f$parse(whoami,,,"DIRECTORY") - "]["
+$ myproc = f$parse(whoami,,,"Name") + f$parse(whoami,,,"type")
+$!
+$! Check for MMK/MMS
+$!
+$ if (Make .eqs. "")
+$ then
+$   If F$Search ("Sys$System:MMS.EXE") .nes. "" Then Make = "MMS"
+$   If F$Type (MMK) .eqs. "STRING" Then Make = "MMK"
+$ else
+$   Make = f$edit( Make, "trim")
+$ endif
+$!
+$ gosub find_version
+$!
+$  open/write topt tmp.opt
+$  open/write optf 'optfile'
+$!
+$ gosub check_opts
+$!
+$! Look for the compiler used
+$!
+$ gosub check_compiler
+$ close topt
+$ close optf
+$!
+$ if its_decc
+$ then
+$   ccopt = "/prefix=all" + ccopt
+$   if f$trnlnm("SYS") .eqs. ""
+$   then
+$     if axp
+$     then
+$       define sys sys$library:
+$     else
+$       ccopt = "/decc" + ccopt
+$       define sys decc$library_include:
+$     endif
+$   endif
+$!
+$! 2012-03-05 SMS.
+$! Why /NAMES = AS_IS?  Why not simply ".not. vax"?  And why not on VAX?
+$!
+$   if axp .or. ia64
+$   then
+$       ccopt = ccopt + "/name=as_is/opt=(inline=speed)"
+$       s_case = true
+$   endif
+$ endif
+$ if its_vaxc .or. its_gnuc
+$ then
+$    if f$trnlnm("SYS").eqs."" then define sys sys$library:
+$ endif
+$!
+$! Build a fake configure input header
+$!
+$ open/write conf_hin config.hin
+$ write conf_hin "#undef _LARGEFILE64_SOURCE"
+$ close conf_hin
+$!
+$!
+$ i = 0
+$FIND_ACONF:
+$ fname = f$element(i,"#",aconf_in_file)
+$ if fname .eqs. "#" then goto AMISS_ERR
+$ if f$search(fname) .eqs. ""
+$ then
+$   i = i + 1
+$   goto find_aconf
+$ endif
+$ open/read/err=aconf_err aconf_in 'fname'
+$ open/write aconf zconf.h
+$ACONF_LOOP:
+$ read/end_of_file=aconf_exit aconf_in line
+$ work = f$edit(line, "compress,trim")
+$ if f$extract(0,6,work) .nes. "#undef"
+$ then
+$   if f$extract(0,12,work) .nes. "#cmakedefine"
+$   then
+$       write aconf line
+$   endif
+$ else
+$   cdef = f$element(1," ",work)
+$   gosub check_config
+$ endif
+$ goto aconf_loop
+$ACONF_EXIT:
+$ write aconf ""
+$ write aconf "/* VMS specifics added by make_vms.com: */"
+$ write aconf "#define VMS 1"
+$ write aconf "#include <unistd.h>"
+$ write aconf "#include <unixio.h>"
+$ write aconf "#ifdef _LARGEFILE"
+$ write aconf "# define off64_t __off64_t"
+$ write aconf "# define fopen64 fopen"
+$ write aconf "# define fseeko64 fseeko"
+$ write aconf "# define lseek64 lseek"
+$ write aconf "# define ftello64 ftell"
+$ write aconf "#endif"
+$ write aconf "#if !defined( __VAX) && (__CRTL_VER >= 70312000)"
+$ write aconf "# define HAVE_VSNPRINTF"
+$ write aconf "#endif"
+$ close aconf_in
+$ close aconf
+$ if f$search("''th'") .nes. "" then delete 'th';*
+$! Build the thing plain or with mms
+$!
+$ write sys$output "Compiling Zlib sources ..."
+$ if make.eqs.""
+$ then
+$   if (f$search( "example.obj;*") .nes. "") then delete example.obj;*
+$   if (f$search( "minigzip.obj;*") .nes. "") then delete minigzip.obj;*
+$   CALL MAKE adler32.OBJ "CC ''CCOPT' adler32" -
+                adler32.c zlib.h zconf.h
+$   CALL MAKE compress.OBJ "CC ''CCOPT' compress" -
+                compress.c zlib.h zconf.h
+$   CALL MAKE crc32.OBJ "CC ''CCOPT' crc32" -
+                crc32.c zlib.h zconf.h
+$   CALL MAKE deflate.OBJ "CC ''CCOPT' deflate" -
+                deflate.c deflate.h zutil.h zlib.h zconf.h
+$   CALL MAKE gzclose.OBJ "CC ''CCOPT' gzclose" -
+                gzclose.c zutil.h zlib.h zconf.h
+$   CALL MAKE gzlib.OBJ "CC ''CCOPT' gzlib" -
+                gzlib.c zutil.h zlib.h zconf.h
+$   CALL MAKE gzread.OBJ "CC ''CCOPT' gzread" -
+                gzread.c zutil.h zlib.h zconf.h
+$   CALL MAKE gzwrite.OBJ "CC ''CCOPT' gzwrite" -
+                gzwrite.c zutil.h zlib.h zconf.h
+$   CALL MAKE infback.OBJ "CC ''CCOPT' infback" -
+                infback.c zutil.h inftrees.h inflate.h inffast.h inffixed.h
+$   CALL MAKE inffast.OBJ "CC ''CCOPT' inffast" -
+                inffast.c zutil.h zlib.h zconf.h inffast.h
+$   CALL MAKE inflate.OBJ "CC ''CCOPT' inflate" -
+                inflate.c zutil.h zlib.h zconf.h infblock.h
+$   CALL MAKE inftrees.OBJ "CC ''CCOPT' inftrees" -
+                inftrees.c zutil.h zlib.h zconf.h inftrees.h
+$   CALL MAKE trees.OBJ "CC ''CCOPT' trees" -
+                trees.c deflate.h zutil.h zlib.h zconf.h
+$   CALL MAKE uncompr.OBJ "CC ''CCOPT' uncompr" -
+                uncompr.c zlib.h zconf.h
+$   CALL MAKE zutil.OBJ "CC ''CCOPT' zutil" -
+                zutil.c zutil.h zlib.h zconf.h
+$   write sys$output "Building Zlib ..."
+$   CALL MAKE libz.OLB "lib/crea libz.olb *.obj" *.OBJ
+$   write sys$output "Building example..."
+$   CALL MAKE example.OBJ "CC ''CCOPT' [.test]example" -
+                [.test]example.c zlib.h zconf.h
+$   call make example.exe "LINK example,libz.olb/lib" example.obj libz.olb
+$   write sys$output "Building minigzip..."
+$   CALL MAKE minigzip.OBJ "CC ''CCOPT' [.test]minigzip" -
+              [.test]minigzip.c zlib.h zconf.h
+$   call make minigzip.exe -
+              "LINK minigzip,libz.olb/lib" -
+              minigzip.obj libz.olb
+$ else
+$   gosub crea_mms
+$   write sys$output "Make ''name' ''version' with ''Make' "
+$   'make'
+$ endif
+$!
+$! Create shareable image
+$!
+$ gosub crea_olist
+$ write sys$output "Creating libzshr.exe"
+$ call map_2_shopt 'mapfile' 'optfile'
+$ LINK_'lopts'/SHARE=libzshr.exe modules.opt/opt,'optfile'/opt
+$ write sys$output "Zlib build completed"
+$ delete/nolog tmp.opt;*
+$ exit
+$AMISS_ERR:
+$ write sys$output "No source for config.hin found."
+$ write sys$output "Tried any of ''aconf_in_file'"
+$ goto err_exit
+$CC_ERR:
+$ write sys$output "C compiler required to build ''name'"
+$ goto err_exit
+$ERR_EXIT:
+$ set message/facil/ident/sever/text
+$ close/nolog optf
+$ close/nolog topt
+$ close/nolog aconf_in
+$ close/nolog aconf
+$ close/nolog out
+$ close/nolog min
+$ close/nolog mod
+$ close/nolog h_in
+$ write sys$output "Exiting..."
+$ exit 2
+$!
+$!
+$MAKE: SUBROUTINE   !SUBROUTINE TO CHECK DEPENDENCIES
+$ V = 'F$Verify(0)
+$! P1 = What we are trying to make
+$! P2 = Command to make it
+$! P3 - P8  What it depends on
+$
+$ If F$Search(P1) .Eqs. "" Then Goto Makeit
+$ Time = F$CvTime(F$File(P1,"RDT"))
+$arg=3
+$Loop:
+$       Argument = P'arg
+$       If Argument .Eqs. "" Then Goto Exit
+$       El=0
+$Loop2:
+$       File = F$Element(El," ",Argument)
+$       If File .Eqs. " " Then Goto Endl
+$       AFile = ""
+$Loop3:
+$       OFile = AFile
+$       AFile = F$Search(File)
+$       If AFile .Eqs. "" .Or. AFile .Eqs. OFile Then Goto NextEl
+$       If F$CvTime(F$File(AFile,"RDT")) .Ges. Time Then Goto Makeit
+$       Goto Loop3
+$NextEL:
+$       El = El + 1
+$       Goto Loop2
+$EndL:
+$ arg=arg+1
+$ If arg .Le. 8 Then Goto Loop
+$ Goto Exit
+$
+$Makeit:
+$ VV=F$VERIFY(0)
+$ write sys$output P2
+$ 'P2
+$ VV='F$Verify(VV)
+$Exit:
+$ If V Then Set Verify
+$ENDSUBROUTINE
+$!------------------------------------------------------------------------------
+$!
+$! Check command line options and set symbols accordingly
+$!
+$!------------------------------------------------------------------------------
+$! Version history
+$! 0.01 20041206 First version to receive a number
+$! 0.02 20060126 Add new "HELP" target
+$ CHECK_OPTS:
+$ i = 1
+$ OPT_LOOP:
+$ if i .lt. 9
+$ then
+$   cparm = f$edit(p'i',"upcase")
+$!
+$! Check if parameter actually contains something
+$!
+$   if f$edit(cparm,"trim") .nes. ""
+$   then
+$     if cparm .eqs. "DEBUG"
+$     then
+$       ccopt = ccopt + "/noopt/deb"
+$       lopts = lopts + "/deb"
+$     endif
+$     if f$locate("CCOPT=",cparm) .lt. f$length(cparm)
+$     then
+$       start = f$locate("=",cparm) + 1
+$       len   = f$length(cparm) - start
+$       ccopt = ccopt + f$extract(start,len,cparm)
+$       if f$locate("AS_IS",f$edit(ccopt,"UPCASE")) .lt. f$length(ccopt) -
+          then s_case = true
+$     endif
+$     if cparm .eqs. "LINK" then linkonly = true
+$     if f$locate("LOPTS=",cparm) .lt. f$length(cparm)
+$     then
+$       start = f$locate("=",cparm) + 1
+$       len   = f$length(cparm) - start
+$       lopts = lopts + f$extract(start,len,cparm)
+$     endif
+$     if f$locate("CC=",cparm) .lt. f$length(cparm)
+$     then
+$       start  = f$locate("=",cparm) + 1
+$       len    = f$length(cparm) - start
+$       cc_com = f$extract(start,len,cparm)
+        if (cc_com .nes. "DECC") .and. -
+           (cc_com .nes. "VAXC") .and. -
+           (cc_com .nes. "GNUC")
+$       then
+$         write sys$output "Unsupported compiler choice ''cc_com' ignored"
+$         write sys$output "Use DECC, VAXC, or GNUC instead"
+$       else
+$         if cc_com .eqs. "DECC" then its_decc = true
+$         if cc_com .eqs. "VAXC" then its_vaxc = true
+$         if cc_com .eqs. "GNUC" then its_gnuc = true
+$       endif
+$     endif
+$     if f$locate("MAKE=",cparm) .lt. f$length(cparm)
+$     then
+$       start  = f$locate("=",cparm) + 1
+$       len    = f$length(cparm) - start
+$       mmks = f$extract(start,len,cparm)
+$       if (mmks .eqs. "MMK") .or. (mmks .eqs. "MMS")
+$       then
+$         make = mmks
+$       else
+$         write sys$output "Unsupported make choice ''mmks' ignored"
+$         write sys$output "Use MMK or MMS instead"
+$       endif
+$     endif
+$     if cparm .eqs. "HELP" then gosub bhelp
+$   endif
+$   i = i + 1
+$   goto opt_loop
+$ endif
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Look for the compiler used
+$!
+$! Version history
+$! 0.01 20040223 First version to receive a number
+$! 0.02 20040229 Save/set value of decc$no_rooted_search_lists
+$! 0.03 20060202 Extend handling of GNU C
+$! 0.04 20090402 Compaq -> hp
+$CHECK_COMPILER:
+$ if (.not. (its_decc .or. its_vaxc .or. its_gnuc))
+$ then
+$   its_decc = (f$search("SYS$SYSTEM:DECC$COMPILER.EXE") .nes. "")
+$   its_vaxc = .not. its_decc .and. (F$Search("SYS$System:VAXC.Exe") .nes. "")
+$   its_gnuc = .not. (its_decc .or. its_vaxc) .and. (f$trnlnm("gnu_cc") .nes. "")
+$ endif
+$!
+$! Exit if no compiler available
+$!
+$ if (.not. (its_decc .or. its_vaxc .or. its_gnuc))
+$ then goto CC_ERR
+$ else
+$   if its_decc
+$   then
+$     write sys$output "CC compiler check ... hp C"
+$     if f$trnlnm("decc$no_rooted_search_lists") .nes. ""
+$     then
+$       dnrsl = f$trnlnm("decc$no_rooted_search_lists")
+$     endif
+$     define/nolog decc$no_rooted_search_lists 1
+$   else
+$     if its_vaxc then write sys$output "CC compiler check ... VAX C"
+$     if its_gnuc
+$     then
+$         write sys$output "CC compiler check ... GNU C"
+$         if f$trnlnm(topt) then write topt "gnu_cc:[000000]gcclib.olb/lib"
+$         if f$trnlnm(optf) then write optf "gnu_cc:[000000]gcclib.olb/lib"
+$         cc = "gcc"
+$     endif
+$     if f$trnlnm(topt) then write topt "sys$share:vaxcrtl.exe/share"
+$     if f$trnlnm(optf) then write optf "sys$share:vaxcrtl.exe/share"
+$   endif
+$ endif
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! If MMS/MMK are available dump out the descrip.mms if required
+$!
+$CREA_MMS:
+$ write sys$output "Creating descrip.mms..."
+$ create descrip.mms
+$ open/append out descrip.mms
+$ copy sys$input: out
+$ deck
+# descrip.mms: MMS description file for building zlib on VMS
+# written by Martin P.J. Zinser
+# <zinser@zinser.no-ip.info or martin.zinser@eurexchange.com>
+
+OBJS = adler32.obj, compress.obj, crc32.obj, gzclose.obj, gzlib.obj\
+       gzread.obj, gzwrite.obj, uncompr.obj, infback.obj\
+       deflate.obj, trees.obj, zutil.obj, inflate.obj, \
+       inftrees.obj, inffast.obj
+
+$ eod
+$ write out "CFLAGS=", ccopt
+$ write out "LOPTS=", lopts
+$ write out "all : example.exe minigzip.exe libz.olb"
+$ copy sys$input: out
+$ deck
+        @ write sys$output " Example applications available"
+
+libz.olb : libz.olb($(OBJS))
+	@ write sys$output " libz available"
+
+example.exe : example.obj libz.olb
+              link $(LOPTS) example,libz.olb/lib
+
+minigzip.exe : minigzip.obj libz.olb
+              link $(LOPTS) minigzip,libz.olb/lib
+
+clean :
+	delete *.obj;*,libz.olb;*,*.opt;*,*.exe;*
+
+
+# Other dependencies.
+adler32.obj  : adler32.c zutil.h zlib.h zconf.h
+compress.obj : compress.c zlib.h zconf.h
+crc32.obj    : crc32.c zutil.h zlib.h zconf.h
+deflate.obj  : deflate.c deflate.h zutil.h zlib.h zconf.h
+example.obj  : [.test]example.c zlib.h zconf.h
+gzclose.obj  : gzclose.c zutil.h zlib.h zconf.h
+gzlib.obj    : gzlib.c zutil.h zlib.h zconf.h
+gzread.obj   : gzread.c zutil.h zlib.h zconf.h
+gzwrite.obj  : gzwrite.c zutil.h zlib.h zconf.h
+inffast.obj  : inffast.c zutil.h zlib.h zconf.h inftrees.h inffast.h
+inflate.obj  : inflate.c zutil.h zlib.h zconf.h
+inftrees.obj : inftrees.c zutil.h zlib.h zconf.h inftrees.h
+minigzip.obj : [.test]minigzip.c zlib.h zconf.h
+trees.obj    : trees.c deflate.h zutil.h zlib.h zconf.h
+uncompr.obj  : uncompr.c zlib.h zconf.h
+zutil.obj    : zutil.c zutil.h zlib.h zconf.h
+infback.obj  : infback.c zutil.h inftrees.h inflate.h inffast.h inffixed.h
+$ eod
+$ close out
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Read list of core library sources from makefile.in and create options
+$! needed to build shareable image
+$!
+$CREA_OLIST:
+$ open/read min makefile.in
+$ open/write mod modules.opt
+$ src_check_list = "OBJZ =#OBJG ="
+$MRLOOP:
+$ read/end=mrdone min rec
+$ i = 0
+$SRC_CHECK_LOOP:
+$ src_check = f$element(i, "#", src_check_list)
+$ i = i+1
+$ if src_check .eqs. "#" then goto mrloop
+$ if (f$extract(0,6,rec) .nes. src_check) then goto src_check_loop
+$ rec = rec - src_check
+$ gosub extra_filnam
+$ if (f$element(1,"\",rec) .eqs. "\") then goto mrloop
+$MRSLOOP:
+$ read/end=mrdone min rec
+$ gosub extra_filnam
+$ if (f$element(1,"\",rec) .nes. "\") then goto mrsloop
+$MRDONE:
+$ close min
+$ close mod
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Take record extracted in crea_olist and split it into single filenames
+$!
+$EXTRA_FILNAM:
+$ myrec = f$edit(rec - "\", "trim,compress")
+$ i = 0
+$FELOOP:
+$ srcfil = f$element(i," ", myrec)
+$ if (srcfil .nes. " ")
+$ then
+$   write mod f$parse(srcfil,,,"NAME"), ".obj"
+$   i = i + 1
+$   goto feloop
+$ endif
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Find current Zlib version number
+$!
+$FIND_VERSION:
+$ open/read h_in 'v_file'
+$hloop:
+$ read/end=hdone h_in rec
+$ rec = f$edit(rec,"TRIM")
+$ if (f$extract(0,1,rec) .nes. "#") then goto hloop
+$ rec = f$edit(rec - "#", "TRIM")
+$ if f$element(0," ",rec) .nes. "define" then goto hloop
+$ if f$element(1," ",rec) .eqs. v_string
+$ then
+$   version = 'f$element(2," ",rec)'
+$   goto hdone
+$ endif
+$ goto hloop
+$hdone:
+$ close h_in
+$ return
+$!------------------------------------------------------------------------------
+$!
+$CHECK_CONFIG:
+$!
+$ in_ldef = f$locate(cdef,libdefs)
+$ if (in_ldef .lt. f$length(libdefs))
+$ then
+$   write aconf "#define ''cdef' 1"
+$   libdefs = f$extract(0,in_ldef,libdefs) + -
+              f$extract(in_ldef + f$length(cdef) + 1, -
+                        f$length(libdefs) - in_ldef - f$length(cdef) - 1, -
+                        libdefs)
+$ else
+$   if (f$type('cdef') .eqs. "INTEGER")
+$   then
+$     write aconf "#define ''cdef' ", 'cdef'
+$   else
+$     if (f$type('cdef') .eqs. "STRING")
+$     then
+$       write aconf "#define ''cdef' ", """", '''cdef'', """"
+$     else
+$       gosub check_cc_def
+$     endif
+$   endif
+$ endif
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Check if this is a define relating to the properties of the C/C++
+$! compiler
+$!
+$ CHECK_CC_DEF:
+$ if (cdef .eqs. "_LARGEFILE64_SOURCE")
+$ then
+$   copy sys$input: 'tc'
+$   deck
+#include "tconfig"
+#define _LARGEFILE
+#include <stdio.h>
+
+int main(){
+FILE *fp;
+  fp = fopen("temp.txt","r");
+  fseeko(fp,1,SEEK_SET);
+  fclose(fp);
+}
+
+$   eod
+$   test_inv = false
+$   comm_h = false
+$   gosub cc_prop_check
+$   return
+$ endif
+$ write aconf "/* ", line, " */"
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Check for properties of C/C++ compiler
+$!
+$! Version history
+$! 0.01 20031020 First version to receive a number
+$! 0.02 20031022 Added logic for defines with value
+$! 0.03 20040309 Make sure local config file gets not deleted
+$! 0.04 20041230 Also write include for configure run
+$! 0.05 20050103 Add processing of "comment defines"
+$CC_PROP_CHECK:
+$ cc_prop = true
+$ is_need = false
+$ is_need = (f$extract(0,4,cdef) .eqs. "NEED") .or. (test_inv .eq. true)
+$ if f$search(th) .eqs. "" then create 'th'
+$ set message/nofac/noident/nosever/notext
+$ on error then continue
+$ cc 'tmpnam'
+$ if .not. ($status)  then cc_prop = false
+$ on error then continue
+$! The headers might lie about the capabilities of the RTL
+$ link 'tmpnam',tmp.opt/opt
+$ if .not. ($status)  then cc_prop = false
+$ set message/fac/ident/sever/text
+$ on error then goto err_exit
+$ delete/nolog 'tmpnam'.*;*/exclude='th'
+$ if (cc_prop .and. .not. is_need) .or. -
+     (.not. cc_prop .and. is_need)
+$ then
+$   write sys$output "Checking for ''cdef'... yes"
+$   if f$type('cdef_val'_yes) .nes. ""
+$   then
+$     if f$type('cdef_val'_yes) .eqs. "INTEGER" -
+         then call write_config f$fao("#define !AS !UL",cdef,'cdef_val'_yes)
+$     if f$type('cdef_val'_yes) .eqs. "STRING" -
+         then call write_config f$fao("#define !AS !AS",cdef,'cdef_val'_yes)
+$   else
+$     call write_config f$fao("#define !AS 1",cdef)
+$   endif
+$   if (cdef .eqs. "HAVE_FSEEKO") .or. (cdef .eqs. "_LARGE_FILES") .or. -
+       (cdef .eqs. "_LARGEFILE64_SOURCE") then -
+      call write_config f$string("#define _LARGEFILE 1")
+$ else
+$   write sys$output "Checking for ''cdef'... no"
+$   if (comm_h)
+$   then
+      call write_config f$fao("/* !AS */",line)
+$   else
+$     if f$type('cdef_val'_no) .nes. ""
+$     then
+$       if f$type('cdef_val'_no) .eqs. "INTEGER" -
+           then call write_config f$fao("#define !AS !UL",cdef,'cdef_val'_no)
+$       if f$type('cdef_val'_no) .eqs. "STRING" -
+           then call write_config f$fao("#define !AS !AS",cdef,'cdef_val'_no)
+$     else
+$       call write_config f$fao("#undef !AS",cdef)
+$     endif
+$   endif
+$ endif
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Check for properties of C/C++ compiler with multiple result values
+$!
+$! Version history
+$! 0.01 20040127 First version
+$! 0.02 20050103 Reconcile changes from cc_prop up to version 0.05
+$CC_MPROP_CHECK:
+$ cc_prop = true
+$ i    = 1
+$ idel = 1
+$ MT_LOOP:
+$ if f$type(result_'i') .eqs. "STRING"
+$ then
+$   set message/nofac/noident/nosever/notext
+$   on error then continue
+$   cc 'tmpnam'_'i'
+$   if .not. ($status)  then cc_prop = false
+$   on error then continue
+$! The headers might lie about the capabilities of the RTL
+$   link 'tmpnam'_'i',tmp.opt/opt
+$   if .not. ($status)  then cc_prop = false
+$   set message/fac/ident/sever/text
+$   on error then goto err_exit
+$   delete/nolog 'tmpnam'_'i'.*;*
+$   if (cc_prop)
+$   then
+$     write sys$output "Checking for ''cdef'... ", mdef_'i'
+$     if f$type(mdef_'i') .eqs. "INTEGER" -
+         then call write_config f$fao("#define !AS !UL",cdef,mdef_'i')
+$     if f$type('cdef_val'_yes) .eqs. "STRING" -
+         then call write_config f$fao("#define !AS !AS",cdef,mdef_'i')
+$     goto msym_clean
+$   else
+$     i = i + 1
+$     goto mt_loop
+$   endif
+$ endif
+$ write sys$output "Checking for ''cdef'... no"
+$ call write_config f$fao("#undef !AS",cdef)
+$ MSYM_CLEAN:
+$ if (idel .le. msym_max)
+$ then
+$   delete/sym mdef_'idel'
+$   idel = idel + 1
+$   goto msym_clean
+$ endif
+$ return
+$!------------------------------------------------------------------------------
+$!
+$! Write configuration to both permanent and temporary config file
+$!
+$! Version history
+$! 0.01 20031029 First version to receive a number
+$!
+$WRITE_CONFIG: SUBROUTINE
+$  write aconf 'p1'
+$  open/append confh 'th'
+$  write confh 'p1'
+$  close confh
+$ENDSUBROUTINE
+$!------------------------------------------------------------------------------
+$!
+$! Analyze the project map file and create the symbol vector for a shareable
+$! image from it
+$!
+$! Version history
+$! 0.01 20120128 First version
+$! 0.02 20120226 Add pre-load logic
+$!
+$ MAP_2_SHOPT: Subroutine
+$!
+$ SAY := "WRITE_ SYS$OUTPUT"
+$!
+$ IF F$SEARCH("''P1'") .EQS. ""
+$ THEN
+$    SAY "MAP_2_SHOPT-E-NOSUCHFILE:  Error, inputfile ''p1' not available"
+$    goto exit_m2s
+$ ENDIF
+$ IF "''P2'" .EQS. ""
+$ THEN
+$    SAY "MAP_2_SHOPT:  Error, no output file provided"
+$    goto exit_m2s
+$ ENDIF
+$!
+$ module1 = "deflate#deflateEnd#deflateInit_#deflateParams#deflateSetDictionary"
+$ module2 = "gzclose#gzerror#gzgetc#gzgets#gzopen#gzprintf#gzputc#gzputs#gzread"
+$ module3 = "gzseek#gztell#inflate#inflateEnd#inflateInit_#inflateSetDictionary"
+$ module4 = "inflateSync#uncompress#zlibVersion#compress"
+$ open/read map 'p1
+$ if axp .or. ia64
+$ then
+$     open/write aopt a.opt
+$     open/write bopt b.opt
+$     write aopt " CASE_SENSITIVE=YES"
+$     write bopt "SYMBOL_VECTOR= (-"
+$     mod_sym_num = 1
+$ MOD_SYM_LOOP:
+$     if f$type(module'mod_sym_num') .nes. ""
+$     then
+$         mod_in = 0
+$ MOD_SYM_IN:
+$         shared_proc = f$element(mod_in, "#", module'mod_sym_num')
+$         if shared_proc .nes. "#"
+$         then
+$             write aopt f$fao(" symbol_vector=(!AS/!AS=PROCEDURE)",-
+        		       f$edit(shared_proc,"upcase"),shared_proc)
+$             write bopt f$fao("!AS=PROCEDURE,-",shared_proc)
+$             mod_in = mod_in + 1
+$             goto mod_sym_in
+$         endif
+$         mod_sym_num = mod_sym_num + 1
+$         goto mod_sym_loop
+$     endif
+$MAP_LOOP:
+$     read/end=map_end map line
+$     if (f$locate("{",line).lt. f$length(line)) .or. -
+         (f$locate("global:", line) .lt. f$length(line))
+$     then
+$         proc = true
+$         goto map_loop
+$     endif
+$     if f$locate("}",line).lt. f$length(line) then proc = false
+$     if f$locate("local:", line) .lt. f$length(line) then proc = false
+$     if proc
+$     then
+$         shared_proc = f$edit(line,"collapse")
+$         chop_semi = f$locate(";", shared_proc)
+$         if chop_semi .lt. f$length(shared_proc) then -
+              shared_proc = f$extract(0, chop_semi, shared_proc)
+$         write aopt f$fao(" symbol_vector=(!AS/!AS=PROCEDURE)",-
+        			 f$edit(shared_proc,"upcase"),shared_proc)
+$         write bopt f$fao("!AS=PROCEDURE,-",shared_proc)
+$     endif
+$     goto map_loop
+$MAP_END:
+$     close/nolog aopt
+$     close/nolog bopt
+$     open/append libopt 'p2'
+$     open/read aopt a.opt
+$     open/read bopt b.opt
+$ALOOP:
+$     read/end=aloop_end aopt line
+$     write libopt line
+$     goto aloop
+$ALOOP_END:
+$     close/nolog aopt
+$     sv = ""
+$BLOOP:
+$     read/end=bloop_end bopt svn
+$     if (svn.nes."")
+$     then
+$        if (sv.nes."") then write libopt sv
+$        sv = svn
+$     endif
+$     goto bloop
+$BLOOP_END:
+$     write libopt f$extract(0,f$length(sv)-2,sv), "-"
+$     write libopt ")"
+$     close/nolog bopt
+$     delete/nolog/noconf a.opt;*,b.opt;*
+$ else
+$     if vax
+$     then
+$     open/append libopt 'p2'
+$     mod_sym_num = 1
+$ VMOD_SYM_LOOP:
+$     if f$type(module'mod_sym_num') .nes. ""
+$     then
+$         mod_in = 0
+$ VMOD_SYM_IN:
+$         shared_proc = f$element(mod_in, "#", module'mod_sym_num')
+$         if shared_proc .nes. "#"
+$         then
+$     	      write libopt f$fao("UNIVERSAL=!AS",-
+      	  			     f$edit(shared_proc,"upcase"))
+$             mod_in = mod_in + 1
+$             goto vmod_sym_in
+$         endif
+$         mod_sym_num = mod_sym_num + 1
+$         goto vmod_sym_loop
+$     endif
+$VMAP_LOOP:
+$     	  read/end=vmap_end map line
+$     	  if (f$locate("{",line).lt. f$length(line)) .or. -
+   	      (f$locate("global:", line) .lt. f$length(line))
+$     	  then
+$     	      proc = true
+$     	      goto vmap_loop
+$     	  endif
+$     	  if f$locate("}",line).lt. f$length(line) then proc = false
+$     	  if f$locate("local:", line) .lt. f$length(line) then proc = false
+$     	  if proc
+$     	  then
+$     	      shared_proc = f$edit(line,"collapse")
+$     	      chop_semi = f$locate(";", shared_proc)
+$     	      if chop_semi .lt. f$length(shared_proc) then -
+      	  	  shared_proc = f$extract(0, chop_semi, shared_proc)
+$     	      write libopt f$fao("UNIVERSAL=!AS",-
+      	  			     f$edit(shared_proc,"upcase"))
+$     	  endif
+$     	  goto vmap_loop
+$VMAP_END:
+$     else
+$         write sys$output "Unknown Architecture (Not VAX, AXP, or IA64)"
+$         write sys$output "No options file created"
+$     endif
+$ endif
+$ EXIT_M2S:
+$ close/nolog map
+$ close/nolog libopt
+$ endsubroutine
diff --git a/zlib-1.3.1/msdos/Makefile.bor b/zlib-1.3.1/msdos/Makefile.bor
new file mode 100644
index 00000000..3d12a2c2
--- /dev/null
+++ b/zlib-1.3.1/msdos/Makefile.bor
@@ -0,0 +1,115 @@
+# Makefile for zlib
+# Borland C++
+# Last updated: 15-Mar-2003
+
+# To use, do "make -fmakefile.bor"
+# To compile in small model, set below: MODEL=s
+
+# WARNING: the small model is supported but only for small values of
+# MAX_WBITS and MAX_MEM_LEVEL. For example:
+#    -DMAX_WBITS=11 -DDEF_WBITS=11 -DMAX_MEM_LEVEL=3
+# If you wish to reduce the memory requirements (default 256K for big
+# objects plus a few K), you can add to the LOC macro below:
+#   -DMAX_MEM_LEVEL=7 -DMAX_WBITS=14
+# See zconf.h for details about the memory requirements.
+
+# ------------ Turbo C++, Borland C++ ------------
+
+#    Optional nonstandard preprocessor flags (e.g. -DMAX_MEM_LEVEL=7)
+#    should be added to the environment via "set LOCAL_ZLIB=-DFOO" or added
+#    to the declaration of LOC here:
+LOC = $(LOCAL_ZLIB)
+
+# type for CPU required: 0: 8086, 1: 80186, 2: 80286, 3: 80386, etc.
+CPU_TYP = 0
+
+# memory model: one of s, m, c, l (small, medium, compact, large)
+MODEL=l
+
+# replace bcc with tcc for Turbo C++ 1.0, with bcc32 for the 32 bit version
+CC=bcc
+LD=bcc
+AR=tlib
+
+# compiler flags
+# replace "-O2" by "-O -G -a -d" for Turbo C++ 1.0
+CFLAGS=-O2 -Z -m$(MODEL) $(LOC)
+
+LDFLAGS=-m$(MODEL) -f-
+
+
+# variables
+ZLIB_LIB = zlib_$(MODEL).lib
+
+OBJ1 = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj
+OBJ2 = gzwrite.obj infback.obj inffast.obj inflate.obj inftrees.obj trees.obj uncompr.obj zutil.obj
+OBJP1 = +adler32.obj+compress.obj+crc32.obj+deflate.obj+gzclose.obj+gzlib.obj+gzread.obj
+OBJP2 = +gzwrite.obj+infback.obj+inffast.obj+inflate.obj+inftrees.obj+trees.obj+uncompr.obj+zutil.obj
+
+
+# targets
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+.c.obj:
+	$(CC) -c $(CFLAGS) $*.c
+
+adler32.obj: adler32.c zlib.h zconf.h
+
+compress.obj: compress.c zlib.h zconf.h
+
+crc32.obj: crc32.c zlib.h zconf.h crc32.h
+
+deflate.obj: deflate.c deflate.h zutil.h zlib.h zconf.h
+
+gzclose.obj: gzclose.c zlib.h zconf.h gzguts.h
+
+gzlib.obj: gzlib.c zlib.h zconf.h gzguts.h
+
+gzread.obj: gzread.c zlib.h zconf.h gzguts.h
+
+gzwrite.obj: gzwrite.c zlib.h zconf.h gzguts.h
+
+infback.obj: infback.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inffast.obj: inffast.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h
+
+inflate.obj: inflate.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inftrees.obj: inftrees.c zutil.h zlib.h zconf.h inftrees.h
+
+trees.obj: trees.c zutil.h zlib.h zconf.h deflate.h trees.h
+
+uncompr.obj: uncompr.c zlib.h zconf.h
+
+zutil.obj: zutil.c zutil.h zlib.h zconf.h
+
+example.obj: test/example.c zlib.h zconf.h
+
+minigzip.obj: test/minigzip.c zlib.h zconf.h
+
+
+# the command line is cut to fit in the MS-DOS 128 byte limit:
+$(ZLIB_LIB): $(OBJ1) $(OBJ2)
+	-del $(ZLIB_LIB)
+	$(AR) $(ZLIB_LIB) $(OBJP1)
+	$(AR) $(ZLIB_LIB) $(OBJP2)
+
+example.exe: example.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) example.obj $(ZLIB_LIB)
+
+minigzip.exe: minigzip.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) minigzip.obj $(ZLIB_LIB)
+
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+clean:
+	-del *.obj
+	-del *.lib
+	-del *.exe
+	-del zlib_*.bak
+	-del foo.gz
diff --git a/zlib-1.3.1/msdos/Makefile.dj2 b/zlib-1.3.1/msdos/Makefile.dj2
new file mode 100644
index 00000000..59d2037d
--- /dev/null
+++ b/zlib-1.3.1/msdos/Makefile.dj2
@@ -0,0 +1,104 @@
+# Makefile for zlib.  Modified for djgpp v2.0 by F. J. Donahoe, 3/15/96.
+# Copyright (C) 1995-1998 Jean-loup Gailly.
+# For conditions of distribution and use, see copyright notice in zlib.h
+
+# To compile, or to compile and test, type:
+#
+#   make -fmakefile.dj2;  make test -fmakefile.dj2
+#
+# To install libz.a, zconf.h and zlib.h in the djgpp directories, type:
+#
+#    make install -fmakefile.dj2
+#
+# after first defining LIBRARY_PATH and INCLUDE_PATH in djgpp.env as
+# in the sample below if the pattern of the DJGPP distribution is to
+# be followed.  Remember that, while <sp>'es around <=> are ignored in
+# makefiles, they are *not* in batch files or in djgpp.env.
+# - - - - -
+# [make]
+# INCLUDE_PATH=%\>;INCLUDE_PATH%%\DJDIR%\include
+# LIBRARY_PATH=%\>;LIBRARY_PATH%%\DJDIR%\lib
+# BUTT=-m486
+# - - - - -
+# Alternately, these variables may be defined below, overriding the values
+# in djgpp.env, as
+# INCLUDE_PATH=c:\usr\include
+# LIBRARY_PATH=c:\usr\lib
+
+CC=gcc
+
+#CFLAGS=-MMD -O
+#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#CFLAGS=-MMD -g -DZLIB_DEBUG
+CFLAGS=-MMD -O3 $(BUTT) -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+             -Wstrict-prototypes -Wmissing-prototypes
+
+# If cp.exe is available, replace "copy /Y" with "cp -fp" .
+CP=copy /Y
+# If gnu install.exe is available, replace $(CP) with ginstall.
+INSTALL=$(CP)
+# The default value of RM is "rm -f."  If "rm.exe" is found, comment out:
+RM=del
+LDLIBS=-L. -lz
+LD=$(CC) -s -o
+LDSHARED=$(CC)
+
+INCL=zlib.h zconf.h
+LIBS=libz.a
+
+AR=ar rcs
+
+prefix=/usr/local
+exec_prefix = $(prefix)
+
+OBJS = adler32.o compress.o crc32.o gzclose.o gzlib.o gzread.o gzwrite.o \
+       uncompr.o deflate.o trees.o zutil.o inflate.o infback.o inftrees.o inffast.o
+
+OBJA =
+# to use the asm code: make OBJA=match.o
+
+TEST_OBJS = example.o minigzip.o
+
+all: example.exe minigzip.exe
+
+check: test
+test: all
+	./example
+	echo hello world | .\minigzip | .\minigzip -d
+
+%.o : %.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+libz.a: $(OBJS) $(OBJA)
+	$(AR) $@ $(OBJS) $(OBJA)
+
+%.exe : %.o $(LIBS)
+	$(LD) $@ $< $(LDLIBS)
+
+# INCLUDE_PATH and LIBRARY_PATH were set for [make] in djgpp.env .
+
+.PHONY : uninstall clean
+
+install: $(INCL) $(LIBS)
+	-@if not exist $(INCLUDE_PATH)\nul mkdir $(INCLUDE_PATH)
+	-@if not exist $(LIBRARY_PATH)\nul mkdir $(LIBRARY_PATH)
+	$(INSTALL) zlib.h $(INCLUDE_PATH)
+	$(INSTALL) zconf.h $(INCLUDE_PATH)
+	$(INSTALL) libz.a $(LIBRARY_PATH)
+
+uninstall:
+	$(RM) $(INCLUDE_PATH)\zlib.h
+	$(RM) $(INCLUDE_PATH)\zconf.h
+	$(RM) $(LIBRARY_PATH)\libz.a
+
+clean:
+	$(RM) *.d
+	$(RM) *.o
+	$(RM) *.exe
+	$(RM) libz.a
+	$(RM) foo.gz
+
+DEPS := $(wildcard *.d)
+ifneq ($(DEPS),)
+include $(DEPS)
+endif
diff --git a/zlib-1.3.1/msdos/Makefile.emx b/zlib-1.3.1/msdos/Makefile.emx
new file mode 100644
index 00000000..e30f67be
--- /dev/null
+++ b/zlib-1.3.1/msdos/Makefile.emx
@@ -0,0 +1,69 @@
+# Makefile for zlib.  Modified for emx 0.9c by Chr. Spieler, 6/17/98.
+# Copyright (C) 1995-1998 Jean-loup Gailly.
+# For conditions of distribution and use, see copyright notice in zlib.h
+
+# To compile, or to compile and test, type:
+#
+#   make -fmakefile.emx;  make test -fmakefile.emx
+#
+
+CC=gcc
+
+#CFLAGS=-MMD -O
+#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#CFLAGS=-MMD -g -DZLIB_DEBUG
+CFLAGS=-MMD -O3 $(BUTT) -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+             -Wstrict-prototypes -Wmissing-prototypes
+
+# If cp.exe is available, replace "copy /Y" with "cp -fp" .
+CP=copy /Y
+# If gnu install.exe is available, replace $(CP) with ginstall.
+INSTALL=$(CP)
+# The default value of RM is "rm -f."  If "rm.exe" is found, comment out:
+RM=del
+LDLIBS=-L. -lzlib
+LD=$(CC) -s -o
+LDSHARED=$(CC)
+
+INCL=zlib.h zconf.h
+LIBS=zlib.a
+
+AR=ar rcs
+
+prefix=/usr/local
+exec_prefix = $(prefix)
+
+OBJS = adler32.o compress.o crc32.o gzclose.o gzlib.o gzread.o gzwrite.o \
+       uncompr.o deflate.o trees.o zutil.o inflate.o infback.o inftrees.o inffast.o
+
+TEST_OBJS = example.o minigzip.o
+
+all: example.exe minigzip.exe
+
+test: all
+	./example
+	echo hello world | .\minigzip | .\minigzip -d
+
+%.o : %.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+zlib.a: $(OBJS)
+	$(AR) $@ $(OBJS)
+
+%.exe : %.o $(LIBS)
+	$(LD) $@ $< $(LDLIBS)
+
+
+.PHONY : clean
+
+clean:
+	$(RM) *.d
+	$(RM) *.o
+	$(RM) *.exe
+	$(RM) zlib.a
+	$(RM) foo.gz
+
+DEPS := $(wildcard *.d)
+ifneq ($(DEPS),)
+include $(DEPS)
+endif
diff --git a/zlib-1.3.1/msdos/Makefile.msc b/zlib-1.3.1/msdos/Makefile.msc
new file mode 100644
index 00000000..ae837861
--- /dev/null
+++ b/zlib-1.3.1/msdos/Makefile.msc
@@ -0,0 +1,112 @@
+# Makefile for zlib
+# Microsoft C 5.1 or later
+# Last updated: 19-Mar-2003
+
+# To use, do "make makefile.msc"
+# To compile in small model, set below: MODEL=S
+
+# If you wish to reduce the memory requirements (default 256K for big
+# objects plus a few K), you can add to the LOC macro below:
+#   -DMAX_MEM_LEVEL=7 -DMAX_WBITS=14
+# See zconf.h for details about the memory requirements.
+
+# ------------- Microsoft C 5.1 and later -------------
+
+#    Optional nonstandard preprocessor flags (e.g. -DMAX_MEM_LEVEL=7)
+#    should be added to the environment via "set LOCAL_ZLIB=-DFOO" or added
+#    to the declaration of LOC here:
+LOC = $(LOCAL_ZLIB)
+
+# Type for CPU required: 0: 8086, 1: 80186, 2: 80286, 3: 80386, etc.
+CPU_TYP = 0
+
+# Memory model: one of S, M, C, L (small, medium, compact, large)
+MODEL=L
+
+CC=cl
+CFLAGS=-nologo -A$(MODEL) -G$(CPU_TYP) -W3 -Oait -Gs $(LOC)
+#-Ox generates bad code with MSC 5.1
+LIB_CFLAGS=-Zl $(CFLAGS)
+
+LD=link
+LDFLAGS=/noi/e/st:0x1500/noe/farcall/packcode
+# "/farcall/packcode" are only useful for `large code' memory models
+# but should be a "no-op" for small code models.
+
+
+# variables
+ZLIB_LIB = zlib_$(MODEL).lib
+
+OBJ1 = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj
+OBJ2 = gzwrite.obj infback.obj inffast.obj inflate.obj inftrees.obj trees.obj uncompr.obj zutil.obj
+
+
+# targets
+all:  $(ZLIB_LIB) example.exe minigzip.exe
+
+.c.obj:
+	$(CC) -c $(LIB_CFLAGS) $*.c
+
+adler32.obj: adler32.c zlib.h zconf.h
+
+compress.obj: compress.c zlib.h zconf.h
+
+crc32.obj: crc32.c zlib.h zconf.h crc32.h
+
+deflate.obj: deflate.c deflate.h zutil.h zlib.h zconf.h
+
+gzclose.obj: gzclose.c zlib.h zconf.h gzguts.h
+
+gzlib.obj: gzlib.c zlib.h zconf.h gzguts.h
+
+gzread.obj: gzread.c zlib.h zconf.h gzguts.h
+
+gzwrite.obj: gzwrite.c zlib.h zconf.h gzguts.h
+
+infback.obj: infback.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inffast.obj: inffast.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h
+
+inflate.obj: inflate.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inftrees.obj: inftrees.c zutil.h zlib.h zconf.h inftrees.h
+
+trees.obj: trees.c zutil.h zlib.h zconf.h deflate.h trees.h
+
+uncompr.obj: uncompr.c zlib.h zconf.h
+
+zutil.obj: zutil.c zutil.h zlib.h zconf.h
+
+example.obj: test/example.c zlib.h zconf.h
+	$(CC) -c $(CFLAGS) $*.c
+
+minigzip.obj: test/minigzip.c zlib.h zconf.h
+	$(CC) -c $(CFLAGS) $*.c
+
+
+# the command line is cut to fit in the MS-DOS 128 byte limit:
+$(ZLIB_LIB): $(OBJ1) $(OBJ2)
+	if exist $(ZLIB_LIB) del $(ZLIB_LIB)
+	lib $(ZLIB_LIB) $(OBJ1);
+	lib $(ZLIB_LIB) $(OBJ2);
+
+example.exe: example.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) example.obj,,,$(ZLIB_LIB);
+
+minigzip.exe: minigzip.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) minigzip.obj,,,$(ZLIB_LIB);
+
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+clean:
+	-del *.obj
+	-del *.lib
+	-del *.exe
+	-del *.map
+	-del zlib_*.bak
+	-del foo.gz
diff --git a/zlib-1.3.1/msdos/Makefile.tc b/zlib-1.3.1/msdos/Makefile.tc
new file mode 100644
index 00000000..5aec82a9
--- /dev/null
+++ b/zlib-1.3.1/msdos/Makefile.tc
@@ -0,0 +1,100 @@
+# Makefile for zlib
+# Turbo C 2.01, Turbo C++ 1.01
+# Last updated: 15-Mar-2003
+
+# To use, do "make -fmakefile.tc"
+# To compile in small model, set below: MODEL=s
+
+# WARNING: the small model is supported but only for small values of
+# MAX_WBITS and MAX_MEM_LEVEL. For example:
+#    -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3
+# If you wish to reduce the memory requirements (default 256K for big
+# objects plus a few K), you can add to CFLAGS below:
+#   -DMAX_MEM_LEVEL=7 -DMAX_WBITS=14
+# See zconf.h for details about the memory requirements.
+
+# ------------ Turbo C 2.01, Turbo C++ 1.01 ------------
+MODEL=l
+CC=tcc
+LD=tcc
+AR=tlib
+# CFLAGS=-O2 -G -Z -m$(MODEL) -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3
+CFLAGS=-O2 -G -Z -m$(MODEL)
+LDFLAGS=-m$(MODEL) -f-
+
+
+# variables
+ZLIB_LIB = zlib_$(MODEL).lib
+
+OBJ1 = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj
+OBJ2 = gzwrite.obj infback.obj inffast.obj inflate.obj inftrees.obj trees.obj uncompr.obj zutil.obj
+OBJP1 = +adler32.obj+compress.obj+crc32.obj+deflate.obj+gzclose.obj+gzlib.obj+gzread.obj
+OBJP2 = +gzwrite.obj+infback.obj+inffast.obj+inflate.obj+inftrees.obj+trees.obj+uncompr.obj+zutil.obj
+
+
+# targets
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+.c.obj:
+	$(CC) -c $(CFLAGS) $*.c
+
+adler32.obj: adler32.c zlib.h zconf.h
+
+compress.obj: compress.c zlib.h zconf.h
+
+crc32.obj: crc32.c zlib.h zconf.h crc32.h
+
+deflate.obj: deflate.c deflate.h zutil.h zlib.h zconf.h
+
+gzclose.obj: gzclose.c zlib.h zconf.h gzguts.h
+
+gzlib.obj: gzlib.c zlib.h zconf.h gzguts.h
+
+gzread.obj: gzread.c zlib.h zconf.h gzguts.h
+
+gzwrite.obj: gzwrite.c zlib.h zconf.h gzguts.h
+
+infback.obj: infback.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inffast.obj: inffast.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h
+
+inflate.obj: inflate.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inftrees.obj: inftrees.c zutil.h zlib.h zconf.h inftrees.h
+
+trees.obj: trees.c zutil.h zlib.h zconf.h deflate.h trees.h
+
+uncompr.obj: uncompr.c zlib.h zconf.h
+
+zutil.obj: zutil.c zutil.h zlib.h zconf.h
+
+example.obj: test/example.c zlib.h zconf.h
+
+minigzip.obj: test/minigzip.c zlib.h zconf.h
+
+
+# the command line is cut to fit in the MS-DOS 128 byte limit:
+$(ZLIB_LIB): $(OBJ1) $(OBJ2)
+	-del $(ZLIB_LIB)
+	$(AR) $(ZLIB_LIB) $(OBJP1)
+	$(AR) $(ZLIB_LIB) $(OBJP2)
+
+example.exe: example.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) example.obj $(ZLIB_LIB)
+
+minigzip.exe: minigzip.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) minigzip.obj $(ZLIB_LIB)
+
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+clean:
+	-del *.obj
+	-del *.lib
+	-del *.exe
+	-del zlib_*.bak
+	-del foo.gz
diff --git a/zlib-1.3.1/nintendods/Makefile b/zlib-1.3.1/nintendods/Makefile
new file mode 100644
index 00000000..21337d01
--- /dev/null
+++ b/zlib-1.3.1/nintendods/Makefile
@@ -0,0 +1,126 @@
+#---------------------------------------------------------------------------------
+.SUFFIXES:
+#---------------------------------------------------------------------------------
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/ds_rules
+
+#---------------------------------------------------------------------------------
+# TARGET is the name of the output
+# BUILD is the directory where object files & intermediate files will be placed
+# SOURCES is a list of directories containing source code
+# DATA is a list of directories containing data files
+# INCLUDES is a list of directories containing header files
+#---------------------------------------------------------------------------------
+TARGET		:=	$(shell basename $(CURDIR))
+BUILD		:=	build
+SOURCES		:=	../../
+DATA		:=	data
+INCLUDES	:=	include
+
+#---------------------------------------------------------------------------------
+# options for code generation
+#---------------------------------------------------------------------------------
+ARCH	:=	-mthumb -mthumb-interwork
+
+CFLAGS	:=	-Wall -O2\
+		-march=armv5te -mtune=arm946e-s \
+		-fomit-frame-pointer -ffast-math \
+		$(ARCH)
+
+CFLAGS	+=	$(INCLUDE) -DARM9
+CXXFLAGS	:= $(CFLAGS) -fno-rtti -fno-exceptions
+
+ASFLAGS	:=	$(ARCH) -march=armv5te -mtune=arm946e-s
+LDFLAGS	=	-specs=ds_arm9.specs -g $(ARCH) -Wl,-Map,$(notdir $*.map)
+
+#---------------------------------------------------------------------------------
+# list of directories containing libraries, this must be the top level containing
+# include and lib
+#---------------------------------------------------------------------------------
+LIBDIRS	:=	$(LIBNDS)
+
+#---------------------------------------------------------------------------------
+# no real need to edit anything past this point unless you need to add additional
+# rules for different file extensions
+#---------------------------------------------------------------------------------
+ifneq ($(BUILD),$(notdir $(CURDIR)))
+#---------------------------------------------------------------------------------
+
+export OUTPUT	:=	$(CURDIR)/lib/libz.a
+
+export VPATH	:=	$(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
+			$(foreach dir,$(DATA),$(CURDIR)/$(dir))
+
+export DEPSDIR	:=	$(CURDIR)/$(BUILD)
+
+CFILES		:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
+CPPFILES	:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
+SFILES		:=	$(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
+BINFILES	:=	$(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
+
+#---------------------------------------------------------------------------------
+# use CXX for linking C++ projects, CC for standard C
+#---------------------------------------------------------------------------------
+ifeq ($(strip $(CPPFILES)),)
+#---------------------------------------------------------------------------------
+	export LD	:=	$(CC)
+#---------------------------------------------------------------------------------
+else
+#---------------------------------------------------------------------------------
+	export LD	:=	$(CXX)
+#---------------------------------------------------------------------------------
+endif
+#---------------------------------------------------------------------------------
+
+export OFILES	:=	$(addsuffix .o,$(BINFILES)) \
+			$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
+
+export INCLUDE	:=	$(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
+			$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
+			-I$(CURDIR)/$(BUILD)
+
+.PHONY: $(BUILD) clean all
+
+#---------------------------------------------------------------------------------
+all: $(BUILD)
+	@[ -d $@ ] || mkdir -p include
+	@cp ../../*.h include
+
+lib:
+	@[ -d $@ ] || mkdir -p $@
+	
+$(BUILD): lib
+	@[ -d $@ ] || mkdir -p $@
+	@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
+
+#---------------------------------------------------------------------------------
+clean:
+	@echo clean ...
+	@rm -fr $(BUILD) lib
+
+#---------------------------------------------------------------------------------
+else
+
+DEPENDS	:=	$(OFILES:.o=.d)
+
+#---------------------------------------------------------------------------------
+# main targets
+#---------------------------------------------------------------------------------
+$(OUTPUT)	:	$(OFILES)
+
+#---------------------------------------------------------------------------------
+%.bin.o	:	%.bin
+#---------------------------------------------------------------------------------
+	@echo $(notdir $<)
+	@$(bin2o)
+
+
+-include $(DEPENDS)
+
+#---------------------------------------------------------------------------------------
+endif
+#---------------------------------------------------------------------------------------
diff --git a/zlib-1.3.1/nintendods/README b/zlib-1.3.1/nintendods/README
new file mode 100644
index 00000000..ba7a37db
--- /dev/null
+++ b/zlib-1.3.1/nintendods/README
@@ -0,0 +1,5 @@
+This Makefile requires devkitARM (http://www.devkitpro.org/category/devkitarm/) and works inside "contrib/nds". It is based on a devkitARM template.
+
+Eduardo Costa <eduardo.m.costa@gmail.com>
+January 3, 2009
+
diff --git a/zlib-1.3.1/old/Makefile.emx b/zlib-1.3.1/old/Makefile.emx
new file mode 100644
index 00000000..612b0379
--- /dev/null
+++ b/zlib-1.3.1/old/Makefile.emx
@@ -0,0 +1,69 @@
+# Makefile for zlib.  Modified for emx/rsxnt by Chr. Spieler, 6/16/98.
+# Copyright (C) 1995-1998 Jean-loup Gailly.
+# For conditions of distribution and use, see copyright notice in zlib.h
+
+# To compile, or to compile and test, type:
+#
+#   make -fmakefile.emx;  make test -fmakefile.emx
+#
+
+CC=gcc -Zwin32
+
+#CFLAGS=-MMD -O
+#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#CFLAGS=-MMD -g -DZLIB_DEBUG
+CFLAGS=-MMD -O3 $(BUTT) -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+             -Wstrict-prototypes -Wmissing-prototypes
+
+# If cp.exe is available, replace "copy /Y" with "cp -fp" .
+CP=copy /Y
+# If gnu install.exe is available, replace $(CP) with ginstall.
+INSTALL=$(CP)
+# The default value of RM is "rm -f."  If "rm.exe" is found, comment out:
+RM=del
+LDLIBS=-L. -lzlib
+LD=$(CC) -s -o
+LDSHARED=$(CC)
+
+INCL=zlib.h zconf.h
+LIBS=zlib.a
+
+AR=ar rcs
+
+prefix=/usr/local
+exec_prefix = $(prefix)
+
+OBJS = adler32.o compress.o crc32.o deflate.o gzclose.o gzlib.o gzread.o \
+       gzwrite.o infback.o inffast.o inflate.o inftrees.o trees.o uncompr.o zutil.o
+
+TEST_OBJS = example.o minigzip.o
+
+all: example.exe minigzip.exe
+
+test: all
+	./example
+	echo hello world | .\minigzip | .\minigzip -d
+
+%.o : %.c
+	$(CC) $(CFLAGS) -c $< -o $@
+
+zlib.a: $(OBJS)
+	$(AR) $@ $(OBJS)
+
+%.exe : %.o $(LIBS)
+	$(LD) $@ $< $(LDLIBS)
+
+
+.PHONY : clean
+
+clean:
+	$(RM) *.d
+	$(RM) *.o
+	$(RM) *.exe
+	$(RM) zlib.a
+	$(RM) foo.gz
+
+DEPS := $(wildcard *.d)
+ifneq ($(DEPS),)
+include $(DEPS)
+endif
diff --git a/zlib-1.3.1/old/Makefile.riscos b/zlib-1.3.1/old/Makefile.riscos
new file mode 100644
index 00000000..57e29d3f
--- /dev/null
+++ b/zlib-1.3.1/old/Makefile.riscos
@@ -0,0 +1,151 @@
+# Project:   zlib_1_03
+# Patched for zlib 1.1.2 rw@shadow.org.uk 19980430
+# test works out-of-the-box, installs `somewhere' on demand
+
+# Toolflags:
+CCflags = -c -depend !Depend -IC: -g -throwback  -DRISCOS  -fah
+C++flags = -c -depend !Depend -IC: -throwback
+Linkflags = -aif -c++ -o $@
+ObjAsmflags = -throwback -NoCache -depend !Depend
+CMHGflags =
+LibFileflags = -c -l -o $@
+Squeezeflags = -o $@
+
+# change the line below to where _you_ want the library installed.
+libdest = lib:zlib
+
+# Final targets:
+@.lib:   @.o.adler32 @.o.compress @.o.crc32 @.o.deflate @.o.gzio \
+        @.o.infblock @.o.infcodes @.o.inffast @.o.inflate @.o.inftrees @.o.infutil @.o.trees \
+        @.o.uncompr @.o.zutil
+        LibFile $(LibFileflags) @.o.adler32 @.o.compress @.o.crc32 @.o.deflate \
+        @.o.gzio @.o.infblock @.o.infcodes @.o.inffast @.o.inflate @.o.inftrees @.o.infutil \
+        @.o.trees @.o.uncompr @.o.zutil
+test:   @.minigzip @.example @.lib
+	@copy @.lib @.libc  A~C~DF~L~N~P~Q~RS~TV
+	@echo running tests: hang on.
+	@/@.minigzip -f -9 libc
+	@/@.minigzip -d libc-gz
+	@/@.minigzip -f -1 libc
+	@/@.minigzip -d libc-gz
+	@/@.minigzip -h -9 libc
+	@/@.minigzip -d libc-gz
+	@/@.minigzip -h -1 libc
+	@/@.minigzip -d libc-gz
+	@/@.minigzip -9 libc
+	@/@.minigzip -d libc-gz
+	@/@.minigzip -1 libc
+	@/@.minigzip -d libc-gz
+	@diff @.lib @.libc
+	@echo that should have reported '@.lib and @.libc identical' if you have diff.
+	@/@.example @.fred @.fred
+	@echo that will have given lots of hello!'s.
+
+@.minigzip:   @.o.minigzip @.lib C:o.Stubs
+        Link $(Linkflags) @.o.minigzip @.lib C:o.Stubs
+@.example:   @.o.example @.lib C:o.Stubs
+        Link $(Linkflags) @.o.example @.lib C:o.Stubs
+
+install: @.lib
+	cdir $(libdest)
+	cdir $(libdest).h
+	@copy @.h.zlib $(libdest).h.zlib A~C~DF~L~N~P~Q~RS~TV
+	@copy @.h.zconf $(libdest).h.zconf A~C~DF~L~N~P~Q~RS~TV
+	@copy @.lib $(libdest).lib  A~C~DF~L~N~P~Q~RS~TV
+	@echo okay, installed zlib in $(libdest)
+
+clean:; remove @.minigzip
+	remove @.example
+	remove @.libc
+	-wipe @.o.* F~r~cV
+	remove @.fred
+
+# User-editable dependencies:
+.c.o:
+        cc $(ccflags) -o $@ $<
+
+# Static dependencies:
+
+# Dynamic dependencies:
+o.example:	c.example
+o.example:	h.zlib
+o.example:	h.zconf
+o.minigzip:	c.minigzip
+o.minigzip:	h.zlib
+o.minigzip:	h.zconf
+o.adler32:	c.adler32
+o.adler32:	h.zlib
+o.adler32:	h.zconf
+o.compress:	c.compress
+o.compress:	h.zlib
+o.compress:	h.zconf
+o.crc32:	c.crc32
+o.crc32:	h.zlib
+o.crc32:	h.zconf
+o.deflate:	c.deflate
+o.deflate:	h.deflate
+o.deflate:	h.zutil
+o.deflate:	h.zlib
+o.deflate:	h.zconf
+o.gzio:	c.gzio
+o.gzio:	h.zutil
+o.gzio:	h.zlib
+o.gzio:	h.zconf
+o.infblock:	c.infblock
+o.infblock:	h.zutil
+o.infblock:	h.zlib
+o.infblock:	h.zconf
+o.infblock:	h.infblock
+o.infblock:	h.inftrees
+o.infblock:	h.infcodes
+o.infblock:	h.infutil
+o.infcodes:	c.infcodes
+o.infcodes:	h.zutil
+o.infcodes:	h.zlib
+o.infcodes:	h.zconf
+o.infcodes:	h.inftrees
+o.infcodes:	h.infblock
+o.infcodes:	h.infcodes
+o.infcodes:	h.infutil
+o.infcodes:	h.inffast
+o.inffast:	c.inffast
+o.inffast:	h.zutil
+o.inffast:	h.zlib
+o.inffast:	h.zconf
+o.inffast:	h.inftrees
+o.inffast:	h.infblock
+o.inffast:	h.infcodes
+o.inffast:	h.infutil
+o.inffast:	h.inffast
+o.inflate:	c.inflate
+o.inflate:	h.zutil
+o.inflate:	h.zlib
+o.inflate:	h.zconf
+o.inflate:	h.infblock
+o.inftrees:	c.inftrees
+o.inftrees:	h.zutil
+o.inftrees:	h.zlib
+o.inftrees:	h.zconf
+o.inftrees:	h.inftrees
+o.inftrees:	h.inffixed
+o.infutil:	c.infutil
+o.infutil:	h.zutil
+o.infutil:	h.zlib
+o.infutil:	h.zconf
+o.infutil:	h.infblock
+o.infutil:	h.inftrees
+o.infutil:	h.infcodes
+o.infutil:	h.infutil
+o.trees:	c.trees
+o.trees:	h.deflate
+o.trees:	h.zutil
+o.trees:	h.zlib
+o.trees:	h.zconf
+o.trees:	h.trees
+o.uncompr:	c.uncompr
+o.uncompr:	h.zlib
+o.uncompr:	h.zconf
+o.zutil:	c.zutil
+o.zutil:	h.zutil
+o.zutil:	h.zlib
+o.zutil:	h.zconf
diff --git a/zlib-1.3.1/old/README b/zlib-1.3.1/old/README
new file mode 100644
index 00000000..800bf079
--- /dev/null
+++ b/zlib-1.3.1/old/README
@@ -0,0 +1,3 @@
+This directory contains files that have not been updated for zlib 1.2.x
+
+(Volunteers are encouraged to help clean this up.  Thanks.)
diff --git a/zlib-1.3.1/old/descrip.mms b/zlib-1.3.1/old/descrip.mms
new file mode 100644
index 00000000..7066da5b
--- /dev/null
+++ b/zlib-1.3.1/old/descrip.mms
@@ -0,0 +1,48 @@
+# descrip.mms: MMS description file for building zlib on VMS
+# written by Martin P.J. Zinser <m.zinser@gsi.de>
+
+cc_defs =
+c_deb =
+
+.ifdef __DECC__
+pref = /prefix=all
+.endif
+
+OBJS = adler32.obj, compress.obj, crc32.obj, gzio.obj, uncompr.obj,\
+       deflate.obj, trees.obj, zutil.obj, inflate.obj, infblock.obj,\
+       inftrees.obj, infcodes.obj, infutil.obj, inffast.obj
+
+CFLAGS= $(C_DEB) $(CC_DEFS) $(PREF)
+
+all : example.exe minigzip.exe
+        @ write sys$output " Example applications available"
+libz.olb : libz.olb($(OBJS))
+	@ write sys$output " libz available"
+
+example.exe : example.obj libz.olb
+              link example,libz.olb/lib
+
+minigzip.exe : minigzip.obj libz.olb
+              link minigzip,libz.olb/lib,x11vms:xvmsutils.olb/lib
+
+clean :
+	delete *.obj;*,libz.olb;*
+
+
+# Other dependencies.
+adler32.obj : zutil.h zlib.h zconf.h
+compress.obj : zlib.h zconf.h
+crc32.obj : zutil.h zlib.h zconf.h
+deflate.obj : deflate.h zutil.h zlib.h zconf.h
+example.obj : zlib.h zconf.h
+gzio.obj : zutil.h zlib.h zconf.h
+infblock.obj : zutil.h zlib.h zconf.h infblock.h inftrees.h infcodes.h infutil.h
+infcodes.obj : zutil.h zlib.h zconf.h inftrees.h infutil.h infcodes.h inffast.h
+inffast.obj : zutil.h zlib.h zconf.h inftrees.h infutil.h inffast.h
+inflate.obj : zutil.h zlib.h zconf.h infblock.h
+inftrees.obj : zutil.h zlib.h zconf.h inftrees.h
+infutil.obj : zutil.h zlib.h zconf.h inftrees.h infutil.h
+minigzip.obj : zlib.h zconf.h
+trees.obj : deflate.h zutil.h zlib.h zconf.h
+uncompr.obj : zlib.h zconf.h
+zutil.obj : zutil.h zlib.h zconf.h
diff --git a/zlib-1.3.1/old/os2/Makefile.os2 b/zlib-1.3.1/old/os2/Makefile.os2
new file mode 100644
index 00000000..bb426c0d
--- /dev/null
+++ b/zlib-1.3.1/old/os2/Makefile.os2
@@ -0,0 +1,136 @@
+# Makefile for zlib under OS/2 using GCC (PGCC)
+# For conditions of distribution and use, see copyright notice in zlib.h
+
+# To compile and test, type:
+#   cp Makefile.os2 ..
+#   cd ..
+#   make -f Makefile.os2 test
+
+# This makefile will build a static library z.lib, a shared library
+# z.dll and a import library zdll.lib. You can use either z.lib or
+# zdll.lib by specifying either -lz or -lzdll on gcc's command line
+
+CC=gcc -Zomf -s
+
+CFLAGS=-O6 -Wall
+#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#CFLAGS=-g -DZLIB_DEBUG
+#CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+#           -Wstrict-prototypes -Wmissing-prototypes
+
+#################### BUG WARNING: #####################
+## infcodes.c hits a bug in pgcc-1.0, so you have to use either
+## -O# where # <= 4 or one of (-fno-ommit-frame-pointer or -fno-force-mem)
+## This bug is reportedly fixed in pgcc >1.0, but this was not tested
+CFLAGS+=-fno-force-mem
+
+LDFLAGS=-s -L. -lzdll -Zcrtdll
+LDSHARED=$(CC) -s -Zomf -Zdll -Zcrtdll
+
+VER=1.1.0
+ZLIB=z.lib
+SHAREDLIB=z.dll
+SHAREDLIBIMP=zdll.lib
+LIBS=$(ZLIB) $(SHAREDLIB) $(SHAREDLIBIMP)
+
+AR=emxomfar cr
+IMPLIB=emximp
+RANLIB=echo
+TAR=tar
+SHELL=bash
+
+prefix=/usr/local
+exec_prefix = $(prefix)
+
+OBJS = adler32.o compress.o crc32.o gzio.o uncompr.o deflate.o trees.o \
+       zutil.o inflate.o infblock.o inftrees.o infcodes.o infutil.o inffast.o
+
+TEST_OBJS = example.o minigzip.o
+
+DISTFILES = README INDEX ChangeLog configure Make*[a-z0-9] *.[ch] descrip.mms \
+  algorithm.txt zlib.3 msdos/Make*[a-z0-9] msdos/zlib.def msdos/zlib.rc \
+  nt/Makefile.nt nt/zlib.dnt  contrib/README.contrib contrib/*.txt \
+  contrib/asm386/*.asm contrib/asm386/*.c \
+  contrib/asm386/*.bat contrib/asm386/zlibvc.d?? contrib/iostream/*.cpp \
+  contrib/iostream/*.h  contrib/iostream2/*.h contrib/iostream2/*.cpp \
+  contrib/untgz/Makefile contrib/untgz/*.c contrib/untgz/*.w32
+
+all: example.exe minigzip.exe
+
+test: all
+	@LD_LIBRARY_PATH=.:$(LD_LIBRARY_PATH) ; export LD_LIBRARY_PATH; \
+	echo hello world | ./minigzip | ./minigzip -d || \
+	  echo '		*** minigzip test FAILED ***' ; \
+	if ./example; then \
+	  echo '		*** zlib test OK ***'; \
+	else \
+	  echo '		*** zlib test FAILED ***'; \
+	fi
+
+$(ZLIB): $(OBJS)
+	$(AR) $@ $(OBJS)
+	-@ ($(RANLIB) $@ || true) >/dev/null 2>&1
+
+$(SHAREDLIB): $(OBJS) os2/z.def
+	$(LDSHARED) -o $@ $^
+
+$(SHAREDLIBIMP): os2/z.def
+	$(IMPLIB) -o $@ $^
+
+example.exe: example.o $(LIBS)
+	$(CC) $(CFLAGS) -o $@ example.o $(LDFLAGS)
+
+minigzip.exe: minigzip.o $(LIBS)
+	$(CC) $(CFLAGS) -o $@ minigzip.o $(LDFLAGS)
+
+clean:
+	rm -f *.o *~ example minigzip libz.a libz.so* foo.gz
+
+distclean:	clean
+
+zip:
+	mv Makefile Makefile~; cp -p Makefile.in Makefile
+	rm -f test.c ztest*.c
+	v=`sed -n -e 's/\.//g' -e '/VERSION "/s/.*"\(.*\)".*/\1/p' < zlib.h`;\
+	zip -ul9 zlib$$v $(DISTFILES)
+	mv Makefile~ Makefile
+
+dist:
+	mv Makefile Makefile~; cp -p Makefile.in Makefile
+	rm -f test.c ztest*.c
+	d=zlib-`sed -n '/VERSION "/s/.*"\(.*\)".*/\1/p' < zlib.h`;\
+	rm -f $$d.tar.gz; \
+	if test ! -d ../$$d; then rm -f ../$$d; ln -s `pwd` ../$$d; fi; \
+	files=""; \
+	for f in $(DISTFILES); do files="$$files $$d/$$f"; done; \
+	cd ..; \
+	GZIP=-9 $(TAR) chofz $$d/$$d.tar.gz $$files; \
+	if test ! -d $$d; then rm -f $$d; fi
+	mv Makefile~ Makefile
+
+tags:
+	etags *.[ch]
+
+depend:
+	makedepend -- $(CFLAGS) -- *.[ch]
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+adler32.o: zlib.h zconf.h
+compress.o: zlib.h zconf.h
+crc32.o: zlib.h zconf.h
+deflate.o: deflate.h zutil.h zlib.h zconf.h
+example.o: zlib.h zconf.h
+gzio.o: zutil.h zlib.h zconf.h
+infblock.o: infblock.h inftrees.h infcodes.h infutil.h zutil.h zlib.h zconf.h
+infcodes.o: zutil.h zlib.h zconf.h
+infcodes.o: inftrees.h infblock.h infcodes.h infutil.h inffast.h
+inffast.o: zutil.h zlib.h zconf.h inftrees.h
+inffast.o: infblock.h infcodes.h infutil.h inffast.h
+inflate.o: zutil.h zlib.h zconf.h infblock.h
+inftrees.o: zutil.h zlib.h zconf.h inftrees.h
+infutil.o: zutil.h zlib.h zconf.h infblock.h inftrees.h infcodes.h infutil.h
+minigzip.o: zlib.h zconf.h
+trees.o: deflate.h zutil.h zlib.h zconf.h trees.h
+uncompr.o: zlib.h zconf.h
+zutil.o: zutil.h zlib.h zconf.h
diff --git a/zlib-1.3.1/old/os2/zlib.def b/zlib-1.3.1/old/os2/zlib.def
new file mode 100644
index 00000000..4c753f1a
--- /dev/null
+++ b/zlib-1.3.1/old/os2/zlib.def
@@ -0,0 +1,51 @@
+;
+; Slightly modified version of ../nt/zlib.dnt :-)
+;
+
+LIBRARY		Z
+DESCRIPTION	"Zlib compression library for OS/2"
+CODE		PRELOAD MOVEABLE DISCARDABLE
+DATA		PRELOAD MOVEABLE MULTIPLE
+
+EXPORTS
+    adler32
+    compress
+    crc32
+    deflate
+    deflateCopy
+    deflateEnd
+    deflateInit2_
+    deflateInit_
+    deflateParams
+    deflateReset
+    deflateSetDictionary
+    gzclose
+    gzdopen
+    gzerror
+    gzflush
+    gzopen
+    gzread
+    gzwrite
+    inflate
+    inflateEnd
+    inflateInit2_
+    inflateInit_
+    inflateReset
+    inflateSetDictionary
+    inflateSync
+    uncompress
+    zlibVersion
+    gzprintf
+    gzputc
+    gzgetc
+    gzseek
+    gzrewind
+    gztell
+    gzeof
+    gzsetparams
+    zError
+    inflateSyncPoint
+    get_crc_table
+    compress2
+    gzputs
+    gzgets
diff --git a/zlib-1.3.1/old/visual-basic.txt b/zlib-1.3.1/old/visual-basic.txt
new file mode 100644
index 00000000..3c8d2a42
--- /dev/null
+++ b/zlib-1.3.1/old/visual-basic.txt
@@ -0,0 +1,160 @@
+See below some functions declarations for Visual Basic.
+
+Frequently Asked Question:
+
+Q: Each time I use the compress function I get the -5 error (not enough
+   room in the output buffer).
+
+A: Make sure that the length of the compressed buffer is passed by
+   reference ("as any"), not by value ("as long"). Also check that
+   before the call of compress this length is equal to the total size of
+   the compressed buffer and not zero.
+
+
+From: "Jon Caruana" <jon-net@usa.net>
+Subject: Re: How to port zlib declares to vb?
+Date: Mon, 28 Oct 1996 18:33:03 -0600
+
+Got the answer! (I haven't had time to check this but it's what I got, and
+looks correct):
+
+He has the following routines working:
+        compress
+        uncompress
+        gzopen
+        gzwrite
+        gzread
+        gzclose
+
+Declares follow: (Quoted from Carlos Rios <c_rios@sonda.cl>, in Vb4 form)
+
+#If Win16 Then   'Use Win16 calls.
+Declare Function compress Lib "ZLIB.DLL" (ByVal compr As
+        String, comprLen As Any, ByVal buf As String, ByVal buflen
+        As Long) As Integer
+Declare Function uncompress Lib "ZLIB.DLL" (ByVal uncompr
+        As String, uncomprLen As Any, ByVal compr As String, ByVal
+        lcompr As Long) As Integer
+Declare Function gzopen Lib "ZLIB.DLL" (ByVal filePath As
+        String, ByVal mode As String) As Long
+Declare Function gzread Lib "ZLIB.DLL" (ByVal file As
+        Long, ByVal uncompr As String, ByVal uncomprLen As Integer)
+        As Integer
+Declare Function gzwrite Lib "ZLIB.DLL" (ByVal file As
+        Long, ByVal uncompr As String, ByVal uncomprLen As Integer)
+        As Integer
+Declare Function gzclose Lib "ZLIB.DLL" (ByVal file As
+        Long) As Integer
+#Else
+Declare Function compress Lib "ZLIB32.DLL"
+        (ByVal compr As String, comprLen As Any, ByVal buf As
+        String, ByVal buflen As Long) As Integer
+Declare Function uncompress Lib "ZLIB32.DLL"
+        (ByVal uncompr As String, uncomprLen As Any, ByVal compr As
+        String, ByVal lcompr As Long) As Long
+Declare Function gzopen Lib "ZLIB32.DLL"
+        (ByVal file As String, ByVal mode As String) As Long
+Declare Function gzread Lib "ZLIB32.DLL"
+        (ByVal file As Long, ByVal uncompr As String, ByVal
+        uncomprLen As Long) As Long
+Declare Function gzwrite Lib "ZLIB32.DLL"
+        (ByVal file As Long, ByVal uncompr As String, ByVal
+        uncomprLen As Long) As Long
+Declare Function gzclose Lib "ZLIB32.DLL"
+        (ByVal file As Long) As Long
+#End If
+
+-Jon Caruana
+jon-net@usa.net
+Microsoft Sitebuilder Network Level 1 Member - HTML Writer's Guild Member
+
+
+Here is another example from Michael <michael_borgsys@hotmail.com> that he
+says conforms to the VB guidelines, and that solves the problem of not
+knowing the uncompressed size by storing it at the end of the file:
+
+'Calling the functions:
+'bracket meaning: <parameter> [optional] {Range of possible values}
+'Call subCompressFile(<path with filename to compress> [, <path with
+filename to write to>, [level of compression {1..9}]])
+'Call subUncompressFile(<path with filename to compress>)
+
+Option Explicit
+Private lngpvtPcnSml As Long 'Stores value for 'lngPercentSmaller'
+Private Const SUCCESS As Long = 0
+Private Const strFilExt As String = ".cpr"
+Private Declare Function lngfncCpr Lib "zlib.dll" Alias "compress2" (ByRef
+dest As Any, ByRef destLen As Any, ByRef src As Any, ByVal srcLen As Long,
+ByVal level As Integer) As Long
+Private Declare Function lngfncUcp Lib "zlib.dll" Alias "uncompress" (ByRef
+dest As Any, ByRef destLen As Any, ByRef src As Any, ByVal srcLen As Long)
+As Long
+
+Public Sub subCompressFile(ByVal strargOriFilPth As String, Optional ByVal
+strargCprFilPth As String, Optional ByVal intLvl As Integer = 9)
+    Dim strCprPth As String
+    Dim lngOriSiz As Long
+    Dim lngCprSiz As Long
+    Dim bytaryOri() As Byte
+    Dim bytaryCpr() As Byte
+    lngOriSiz = FileLen(strargOriFilPth)
+    ReDim bytaryOri(lngOriSiz - 1)
+    Open strargOriFilPth For Binary Access Read As #1
+        Get #1, , bytaryOri()
+    Close #1
+    strCprPth = IIf(strargCprFilPth = "", strargOriFilPth, strargCprFilPth)
+'Select file path and name
+    strCprPth = strCprPth & IIf(Right(strCprPth, Len(strFilExt)) =
+strFilExt, "", strFilExt) 'Add file extension if not exists
+    lngCprSiz = (lngOriSiz * 1.01) + 12 'Compression needs temporary a bit
+more space then original file size
+    ReDim bytaryCpr(lngCprSiz - 1)
+    If lngfncCpr(bytaryCpr(0), lngCprSiz, bytaryOri(0), lngOriSiz, intLvl) =
+SUCCESS Then
+        lngpvtPcnSml = (1# - (lngCprSiz / lngOriSiz)) * 100
+        ReDim Preserve bytaryCpr(lngCprSiz - 1)
+        Open strCprPth For Binary Access Write As #1
+            Put #1, , bytaryCpr()
+            Put #1, , lngOriSiz 'Add the original size value to the end
+(last 4 bytes)
+        Close #1
+    Else
+        MsgBox "Compression error"
+    End If
+    Erase bytaryCpr
+    Erase bytaryOri
+End Sub
+
+Public Sub subUncompressFile(ByVal strargFilPth As String)
+    Dim bytaryCpr() As Byte
+    Dim bytaryOri() As Byte
+    Dim lngOriSiz As Long
+    Dim lngCprSiz As Long
+    Dim strOriPth As String
+    lngCprSiz = FileLen(strargFilPth)
+    ReDim bytaryCpr(lngCprSiz - 1)
+    Open strargFilPth For Binary Access Read As #1
+        Get #1, , bytaryCpr()
+    Close #1
+    'Read the original file size value:
+    lngOriSiz = bytaryCpr(lngCprSiz - 1) * (2 ^ 24) _
+              + bytaryCpr(lngCprSiz - 2) * (2 ^ 16) _
+              + bytaryCpr(lngCprSiz - 3) * (2 ^ 8) _
+              + bytaryCpr(lngCprSiz - 4)
+    ReDim Preserve bytaryCpr(lngCprSiz - 5) 'Cut of the original size value
+    ReDim bytaryOri(lngOriSiz - 1)
+    If lngfncUcp(bytaryOri(0), lngOriSiz, bytaryCpr(0), lngCprSiz) = SUCCESS
+Then
+        strOriPth = Left(strargFilPth, Len(strargFilPth) - Len(strFilExt))
+        Open strOriPth For Binary Access Write As #1
+            Put #1, , bytaryOri()
+        Close #1
+    Else
+        MsgBox "Uncompression error"
+    End If
+    Erase bytaryCpr
+    Erase bytaryOri
+End Sub
+Public Property Get lngPercentSmaller() As Long
+    lngPercentSmaller = lngpvtPcnSml
+End Property
diff --git a/zlib-1.3.1/os400/README400 b/zlib-1.3.1/os400/README400
new file mode 100644
index 00000000..30ed5a12
--- /dev/null
+++ b/zlib-1.3.1/os400/README400
@@ -0,0 +1,48 @@
+        ZLIB version 1.3.1 for OS/400 installation instructions
+
+1) Download and unpack the zlib tarball to some IFS directory.
+   (i.e.: /path/to/the/zlib/ifs/source/directory)
+
+   If the installed IFS command supports gzip format, this is straightforward,
+else you have to unpack first to some directory on a system supporting it,
+then move the whole directory to the IFS via the network (via SMB or FTP).
+
+2) Edit the configuration parameters in the compilation script.
+
+        EDTF STMF('/path/to/the/zlib/ifs/source/directory/os400/make.sh')
+
+Tune the parameters according to your needs if not matching the defaults.
+Save the file and exit after edition.
+
+3) Enter qshell, then work in the zlib OS/400 specific directory.
+
+        QSH
+        cd /path/to/the/zlib/ifs/source/directory/os400
+
+4) Compile and install
+
+        sh make.sh
+
+The script will:
+- create the libraries, objects and IFS directories for the zlib environment,
+- compile all modules,
+- create a service program,
+- create a static and a dynamic binding directory,
+- install header files for C/C++ and for ILE/RPG, both for compilation in
+  DB2 and IFS environments.
+
+That's all. 
+
+
+Notes:  For OS/400 ILE RPG programmers, a /copy member defining the ZLIB
+                API prototypes for ILE RPG can be found in ZLIB/H(ZLIB.INC).
+                In the ILE environment, the same definitions are available from
+                file zlib.inc located in the same IFS include directory as the
+                C/C++ header files.
+                Please read comments in this member for more information.
+
+        Remember that most foreign textual data are ASCII coded: this
+                implementation does not handle conversion from/to ASCII, so
+                text data code conversions must be done explicitly.
+
+        Mainly for the reason above, always open zipped files in binary mode.
diff --git a/zlib-1.3.1/os400/bndsrc b/zlib-1.3.1/os400/bndsrc
new file mode 100644
index 00000000..9f92bb10
--- /dev/null
+++ b/zlib-1.3.1/os400/bndsrc
@@ -0,0 +1,127 @@
+STRPGMEXP PGMLVL(*CURRENT) SIGNATURE('ZLIB')
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.1.3 entry points.                                    */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("adler32")
+  EXPORT SYMBOL("compress")
+  EXPORT SYMBOL("compress2")
+  EXPORT SYMBOL("crc32")
+  EXPORT SYMBOL("get_crc_table")
+  EXPORT SYMBOL("deflate")
+  EXPORT SYMBOL("deflateEnd")
+  EXPORT SYMBOL("deflateSetDictionary")
+  EXPORT SYMBOL("deflateCopy")
+  EXPORT SYMBOL("deflateReset")
+  EXPORT SYMBOL("deflateParams")
+  EXPORT SYMBOL("deflatePrime")
+  EXPORT SYMBOL("deflateInit_")
+  EXPORT SYMBOL("deflateInit2_")
+  EXPORT SYMBOL("gzopen")
+  EXPORT SYMBOL("gzdopen")
+  EXPORT SYMBOL("gzsetparams")
+  EXPORT SYMBOL("gzread")
+  EXPORT SYMBOL("gzwrite")
+  EXPORT SYMBOL("gzprintf")
+  EXPORT SYMBOL("gzputs")
+  EXPORT SYMBOL("gzgets")
+  EXPORT SYMBOL("gzputc")
+  EXPORT SYMBOL("gzgetc")
+  EXPORT SYMBOL("gzflush")
+  EXPORT SYMBOL("gzseek")
+  EXPORT SYMBOL("gzrewind")
+  EXPORT SYMBOL("gztell")
+  EXPORT SYMBOL("gzeof")
+  EXPORT SYMBOL("gzclose")
+  EXPORT SYMBOL("gzerror")
+  EXPORT SYMBOL("inflate")
+  EXPORT SYMBOL("inflateEnd")
+  EXPORT SYMBOL("inflateSetDictionary")
+  EXPORT SYMBOL("inflateSync")
+  EXPORT SYMBOL("inflateReset")
+  EXPORT SYMBOL("inflateInit_")
+  EXPORT SYMBOL("inflateInit2_")
+  EXPORT SYMBOL("inflateSyncPoint")
+  EXPORT SYMBOL("uncompress")
+  EXPORT SYMBOL("zlibVersion")
+  EXPORT SYMBOL("zError")
+  EXPORT SYMBOL("z_errmsg")
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.2.1 additional entry points.                         */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("compressBound")
+  EXPORT SYMBOL("deflateBound")
+  EXPORT SYMBOL("deflatePending")
+  EXPORT SYMBOL("gzungetc")
+  EXPORT SYMBOL("gzclearerr")
+  EXPORT SYMBOL("inflateBack")
+  EXPORT SYMBOL("inflateBackEnd")
+  EXPORT SYMBOL("inflateBackInit_")
+  EXPORT SYMBOL("inflateCopy")
+  EXPORT SYMBOL("zlibCompileFlags")
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.2.4 additional entry points.                         */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("adler32_combine")
+  EXPORT SYMBOL("adler32_combine64")
+  EXPORT SYMBOL("crc32_combine")
+  EXPORT SYMBOL("crc32_combine64")
+  EXPORT SYMBOL("deflateSetHeader")
+  EXPORT SYMBOL("deflateTune")
+  EXPORT SYMBOL("gzbuffer")
+  EXPORT SYMBOL("gzclose_r")
+  EXPORT SYMBOL("gzclose_w")
+  EXPORT SYMBOL("gzdirect")
+  EXPORT SYMBOL("gzoffset")
+  EXPORT SYMBOL("gzoffset64")
+  EXPORT SYMBOL("gzopen64")
+  EXPORT SYMBOL("gzseek64")
+  EXPORT SYMBOL("gztell64")
+  EXPORT SYMBOL("inflateGetHeader")
+  EXPORT SYMBOL("inflateMark")
+  EXPORT SYMBOL("inflatePrime")
+  EXPORT SYMBOL("inflateReset2")
+  EXPORT SYMBOL("inflateUndermine")
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.2.6 additional entry points.                         */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("deflateResetKeep")
+  EXPORT SYMBOL("gzgetc_")
+  EXPORT SYMBOL("inflateResetKeep")
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.2.8 additional entry points.                         */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("gzvprintf")
+  EXPORT SYMBOL("inflateGetDictionary")
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.2.9 additional entry points.                         */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("adler32_z")
+  EXPORT SYMBOL("crc32_z")
+  EXPORT SYMBOL("deflateGetDictionary")
+  EXPORT SYMBOL("gzfread")
+  EXPORT SYMBOL("gzfwrite")
+  EXPORT SYMBOL("inflateCodesUsed")
+  EXPORT SYMBOL("inflateValidate")
+  EXPORT SYMBOL("uncompress2")
+
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+/*   Version 1.2.12 additional entry points.                        */
+/*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*/
+
+  EXPORT SYMBOL("crc32_combine_gen64")
+  EXPORT SYMBOL("crc32_combine_gen")
+  EXPORT SYMBOL("crc32_combine_op")
+
+ENDPGMEXP
diff --git a/zlib-1.3.1/os400/make.sh b/zlib-1.3.1/os400/make.sh
new file mode 100644
index 00000000..19eec117
--- /dev/null
+++ b/zlib-1.3.1/os400/make.sh
@@ -0,0 +1,366 @@
+#!/bin/sh
+#
+#       ZLIB compilation script for the OS/400.
+#
+#
+#       This is a shell script since make is not a standard component of OS/400.
+
+
+################################################################################
+#
+#                       Tunable configuration parameters.
+#
+################################################################################
+
+TARGETLIB='ZLIB'                # Target OS/400 program library
+STATBNDDIR='ZLIB_A'             # Static binding directory.
+DYNBNDDIR='ZLIB'                # Dynamic binding directory.
+SRVPGM="ZLIB"                   # Service program.
+IFSDIR='/zlib'                  # IFS support base directory.
+TGTCCSID='500'                  # Target CCSID of objects
+DEBUG='*NONE'                   # Debug level
+OPTIMIZE='40'                   # Optimisation level
+OUTPUT='*NONE'                  # Compilation output option.
+TGTRLS='V6R1M0'                 # Target OS release
+
+export TARGETLIB STATBNDDIR DYNBNDDIR SRVPGM IFSDIR
+export TGTCCSID DEBUG OPTIMIZE OUTPUT TGTRLS
+
+
+################################################################################
+#
+#                       OS/400 specific definitions.
+#
+################################################################################
+
+LIBIFSNAME="/QSYS.LIB/${TARGETLIB}.LIB"
+
+
+################################################################################
+#
+#                               Procedures.
+#
+################################################################################
+
+#       action_needed dest [src]
+#
+#       dest is an object to build
+#       if specified, src is an object on which dest depends.
+#
+#       exit 0 (succeeds) if some action has to be taken, else 1.
+
+action_needed()
+
+{
+        [ ! -e "${1}" ] && return 0
+        [ "${2}" ] || return 1
+        [ "${1}" -ot "${2}" ] && return 0
+        return 1
+}
+
+
+#       make_module module_name source_name [additional_definitions]
+#
+#       Compile source name into module if needed.
+#       As side effect, append the module name to variable MODULES.
+#       Set LINK to "YES" if the module has been compiled.
+
+make_module()
+
+{
+    MODULES="${MODULES} ${1}"
+    MODIFSNAME="${LIBIFSNAME}/${1}.MODULE"
+    CSRC="`basename \"${2}\"`"
+
+    if action_needed "${MODIFSNAME}" "${2}"
+    then    :
+    elif [ ! "`sed -e \"/<source name=\\\"${CSRC}\\\">/,/<\\\\/source>/!d\" \
+      -e '/<depend /!d'                                                 \
+      -e 's/.* name=\"\\([^\"]*\\)\".*/\\1/' < \"${TOPDIR}/treebuild.xml\" |
+        while read HDR
+        do      if action_needed \"${MODIFSNAME}\" \"${IFSDIR}/include/${HDR}\"
+                then    echo recompile
+                        break
+                fi
+        done`" ]
+    then    return 0
+    fi
+
+    CMD="CRTCMOD MODULE(${TARGETLIB}/${1}) SRCSTMF('${2}')"
+    CMD="${CMD} SYSIFCOPT(*IFS64IO) OPTION(*INCDIRFIRST)"
+    CMD="${CMD} LOCALETYPE(*LOCALE) FLAG(10)"
+    CMD="${CMD} INCDIR('${IFSDIR}/include' ${INCLUDES})"
+    CMD="${CMD} TGTCCSID(${TGTCCSID}) TGTRLS(${TGTRLS})"
+    CMD="${CMD} OUTPUT(${OUTPUT})"
+    CMD="${CMD} OPTIMIZE(${OPTIMIZE})"
+    CMD="${CMD} DBGVIEW(${DEBUG})"
+    system "${CMD}"
+    LINK=YES
+}
+
+
+#       Determine DB2 object name from IFS name.
+
+db2_name()
+
+{
+        basename "${1}"                                                 |
+        tr 'a-z-' 'A-Z_'                                                |
+        sed -e 's/\..*//'                                               \
+            -e 's/^\(.\).*\(.........\)$/\1\2/'
+}
+
+
+#       Force enumeration types to be the same size as integers.
+
+copy_hfile()
+
+{
+        sed -e '1i\
+#pragma enum(int)\
+' "${@}" -e '$a\
+#pragma enum(pop)\
+'
+}
+
+
+################################################################################
+#
+#                             Script initialization.
+#
+################################################################################
+
+SCRIPTDIR=`dirname "${0}"`
+
+case "${SCRIPTDIR}" in
+/*)     ;;
+*)      SCRIPTDIR="`pwd`/${SCRIPTDIR}"
+esac
+
+while true
+do      case "${SCRIPTDIR}" in
+        */.)    SCRIPTDIR="${SCRIPTDIR%/.}";;
+        *)      break;;
+        esac
+done
+
+#  The script directory is supposed to be in ${TOPDIR}/os400.
+
+TOPDIR=`dirname "${SCRIPTDIR}"`
+export SCRIPTDIR TOPDIR
+cd "${TOPDIR}"
+
+
+#  Extract the version from the master compilation XML file.
+
+VERSION=`sed -e '/^<package /!d'                                        \
+            -e 's/^.* version="\([0-9.]*\)".*$/\1/' -e 'q'              \
+            < treebuild.xml`
+export VERSION
+
+################################################################################
+
+
+#       Create the OS/400 library if it does not exist.
+
+if action_needed "${LIBIFSNAME}"
+then    CMD="CRTLIB LIB(${TARGETLIB}) TEXT('ZLIB: Data compression API')"
+        system "${CMD}"
+fi
+
+
+#       Create the DOCS source file if it does not exist.
+
+if action_needed "${LIBIFSNAME}/DOCS.FILE"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/DOCS) RCDLEN(112)"
+        CMD="${CMD} CCSID(${TGTCCSID}) TEXT('Documentation texts')"
+        system "${CMD}"
+fi
+
+#       Copy some documentation files if needed.
+
+for TEXT in "${TOPDIR}/ChangeLog" "${TOPDIR}/FAQ"                       \
+    "${TOPDIR}/README" "${SCRIPTDIR}/README400"
+do      MEMBER="${LIBIFSNAME}/DOCS.FILE/`db2_name \"${TEXT}\"`.MBR"
+
+        if action_needed "${MEMBER}" "${TEXT}"
+        then    CMD="CPY OBJ('${TEXT}') TOOBJ('${MEMBER}') TOCCSID(${TGTCCSID})"
+                CMD="${CMD} DTAFMT(*TEXT) REPLACE(*YES)"
+                system "${CMD}"
+        fi
+done
+
+
+#       Create the OS/400 source program file for the C header files.
+
+SRCPF="${LIBIFSNAME}/H.FILE"
+
+if action_needed "${SRCPF}"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/H) RCDLEN(112)"
+        CMD="${CMD} CCSID(${TGTCCSID}) TEXT('ZLIB: C/C++ header files')"
+        system "${CMD}"
+fi
+
+
+#       Create the IFS directory for the C header files.
+
+if action_needed "${IFSDIR}/include"
+then    mkdir -p "${IFSDIR}/include"
+fi
+
+#       Copy the header files to DB2 library. Link from IFS include directory.
+
+for HFILE in "${TOPDIR}/"*.h
+do      DEST="${SRCPF}/`db2_name \"${HFILE}\"`.MBR"
+
+        if action_needed "${DEST}" "${HFILE}"
+        then    copy_hfile < "${HFILE}" > tmphdrfile
+
+                #       Need to translate to target CCSID.
+
+                CMD="CPY OBJ('`pwd`/tmphdrfile') TOOBJ('${DEST}')"
+                CMD="${CMD} TOCCSID(${TGTCCSID}) DTAFMT(*TEXT) REPLACE(*YES)"
+                system "${CMD}"
+                # touch -r "${HFILE}" "${DEST}"
+                rm -f tmphdrfile
+        fi
+
+        IFSFILE="${IFSDIR}/include/`basename \"${HFILE}\"`"
+
+        if action_needed "${IFSFILE}" "${DEST}"
+        then    rm -f "${IFSFILE}"
+                ln -s "${DEST}" "${IFSFILE}"
+        fi
+done
+
+
+#       Install the ILE/RPG header file.
+
+
+HFILE="${SCRIPTDIR}/zlib.inc"
+DEST="${SRCPF}/ZLIB.INC.MBR"
+
+if action_needed "${DEST}" "${HFILE}"
+then    CMD="CPY OBJ('${HFILE}') TOOBJ('${DEST}')"
+        CMD="${CMD} TOCCSID(${TGTCCSID}) DTAFMT(*TEXT) REPLACE(*YES)"
+        system "${CMD}"
+        # touch -r "${HFILE}" "${DEST}"
+fi
+
+IFSFILE="${IFSDIR}/include/`basename \"${HFILE}\"`"
+
+if action_needed "${IFSFILE}" "${DEST}"
+then    rm -f "${IFSFILE}"
+        ln -s "${DEST}" "${IFSFILE}"
+fi
+
+
+#      Create and compile the identification source file.
+
+echo '#pragma comment(user, "ZLIB version '"${VERSION}"'")' > os400.c
+echo '#pragma comment(user, __DATE__)' >> os400.c
+echo '#pragma comment(user, __TIME__)' >> os400.c
+echo '#pragma comment(copyright, "Copyright (C) 1995-2017 Jean-Loup Gailly, Mark Adler. OS/400 version by P. Monnerat.")' >> os400.c
+make_module     OS400           os400.c
+LINK=                           # No need to rebuild service program yet.
+MODULES=
+
+
+#       Get source list.
+
+CSOURCES=`sed -e '/<source name="/!d'                                   \
+    -e 's/.* name="\([^"]*\)".*/\1/' < treebuild.xml`
+
+#       Compile the sources into modules.
+
+for SRC in ${CSOURCES}
+do      MODULE=`db2_name "${SRC}"`
+        make_module "${MODULE}" "${SRC}"
+done
+
+
+#       If needed, (re)create the static binding directory.
+
+if action_needed "${LIBIFSNAME}/${STATBNDDIR}.BNDDIR"
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    rm -rf "${LIBIFSNAME}/${STATBNDDIR}.BNDDIR"
+        CMD="CRTBNDDIR BNDDIR(${TARGETLIB}/${STATBNDDIR})"
+        CMD="${CMD} TEXT('ZLIB static binding directory')"
+        system "${CMD}"
+
+        for MODULE in ${MODULES}
+        do      CMD="ADDBNDDIRE BNDDIR(${TARGETLIB}/${STATBNDDIR})"
+                CMD="${CMD} OBJ((${TARGETLIB}/${MODULE} *MODULE))"
+                system "${CMD}"
+        done
+fi
+
+
+#       The exportation file for service program creation must be in a DB2
+#               source file, so make sure it exists.
+
+if action_needed "${LIBIFSNAME}/TOOLS.FILE"
+then    CMD="CRTSRCPF FILE(${TARGETLIB}/TOOLS) RCDLEN(112)"
+        CMD="${CMD} CCSID(${TGTCCSID}) TEXT('ZLIB: build tools')"
+        system "${CMD}"
+fi
+
+
+DEST="${LIBIFSNAME}/TOOLS.FILE/BNDSRC.MBR"
+
+if action_needed "${SCRIPTDIR}/bndsrc" "${DEST}"
+then    CMD="CPY OBJ('${SCRIPTDIR}/bndsrc') TOOBJ('${DEST}')"
+        CMD="${CMD} TOCCSID(${TGTCCSID}) DTAFMT(*TEXT) REPLACE(*YES)"
+        system "${CMD}"
+        # touch -r "${SCRIPTDIR}/bndsrc" "${DEST}"
+        LINK=YES
+fi
+
+
+#       Build the service program if needed.
+
+if action_needed "${LIBIFSNAME}/${SRVPGM}.SRVPGM"
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    CMD="CRTSRVPGM SRVPGM(${TARGETLIB}/${SRVPGM})"
+        CMD="${CMD} SRCFILE(${TARGETLIB}/TOOLS) SRCMBR(BNDSRC)"
+        CMD="${CMD} MODULE(${TARGETLIB}/OS400)"
+        CMD="${CMD} BNDDIR(${TARGETLIB}/${STATBNDDIR})"
+        CMD="${CMD} TEXT('ZLIB ${VERSION} dynamic library')"
+        CMD="${CMD} TGTRLS(${TGTRLS})"
+        system "${CMD}"
+        LINK=YES
+
+        #       Duplicate the service program for a versioned backup.
+
+        BACKUP=`echo "${SRVPGM}${VERSION}"                              |
+                sed -e 's/.*\(..........\)$/\1/' -e 's/\./_/g'`
+        BACKUP="`db2_name \"${BACKUP}\"`"
+        BKUPIFSNAME="${LIBIFSNAME}/${BACKUP}.SRVPGM"
+        rm -f "${BKUPIFSNAME}"
+        CMD="CRTDUPOBJ OBJ(${SRVPGM}) FROMLIB(${TARGETLIB})"
+        CMD="${CMD} OBJTYPE(*SRVPGM) NEWOBJ(${BACKUP})"
+        system "${CMD}"
+fi
+
+
+#       If needed, (re)create the dynamic binding directory.
+
+if action_needed "${LIBIFSNAME}/${DYNBNDDIR}.BNDDIR"
+then    LINK=YES
+fi
+
+if [ "${LINK}" ]
+then    rm -rf "${LIBIFSNAME}/${DYNBNDDIR}.BNDDIR"
+        CMD="CRTBNDDIR BNDDIR(${TARGETLIB}/${DYNBNDDIR})"
+        CMD="${CMD} TEXT('ZLIB dynamic binding directory')"
+        system "${CMD}"
+        CMD="ADDBNDDIRE BNDDIR(${TARGETLIB}/${DYNBNDDIR})"
+        CMD="${CMD} OBJ((*LIBL/${SRVPGM} *SRVPGM))"
+        system "${CMD}"
+fi
diff --git a/zlib-1.3.1/os400/zlib.inc b/zlib-1.3.1/os400/zlib.inc
new file mode 100644
index 00000000..744729ab
--- /dev/null
+++ b/zlib-1.3.1/os400/zlib.inc
@@ -0,0 +1,527 @@
+      *  ZLIB.INC - Interface to the general purpose compression library
+      *
+      *  ILE RPG400 version by Patrick Monnerat, DATASPHERE.
+      *  Version 1.3.1
+      *
+      *
+      *  WARNING:
+      *     Procedures inflateInit(), inflateInit2(), deflateInit(),
+      *         deflateInit2() and inflateBackInit() need to be called with
+      *         two additional arguments:
+      *         the package version string and the stream control structure.
+      *         size. This is needed because RPG lacks some macro feature.
+      *         Call these procedures as:
+      *             inflateInit(...: ZLIB_VERSION: %size(z_stream))
+      *
+      /if not defined(ZLIB_H_)
+      /define ZLIB_H_
+      *
+      **************************************************************************
+      *                               Constants
+      **************************************************************************
+      *
+      *  Versioning information.
+      *
+     D ZLIB_VERSION    C                   '1.3.1'
+     D ZLIB_VERNUM     C                   X'12a0'
+     D ZLIB_VER_MAJOR  C                   1
+     D ZLIB_VER_MINOR  C                   3
+     D ZLIB_VER_REVISION...
+     D                 C                   1
+     D ZLIB_VER_SUBREVISION...
+     D                 C                   0
+      *
+      *  Other equates.
+      *
+     D Z_NO_FLUSH      C                   0
+     D Z_PARTIAL_FLUSH...
+     D                 C                   1
+     D Z_SYNC_FLUSH    C                   2
+     D Z_FULL_FLUSH    C                   3
+     D Z_FINISH        C                   4
+     D Z_BLOCK         C                   5
+     D Z_TREES         C                   6
+      *
+     D Z_OK            C                   0
+     D Z_STREAM_END    C                   1
+     D Z_NEED_DICT     C                   2
+     D Z_ERRNO         C                   -1
+     D Z_STREAM_ERROR  C                   -2
+     D Z_DATA_ERROR    C                   -3
+     D Z_MEM_ERROR     C                   -4
+     D Z_BUF_ERROR     C                   -5
+     D Z_VERSION_ERROR C                   -6
+      *
+     D Z_NO_COMPRESSION...
+     D                 C                   0
+     D Z_BEST_SPEED    C                   1
+     D Z_BEST_COMPRESSION...
+     D                 C                   9
+     D Z_DEFAULT_COMPRESSION...
+     D                 C                   -1
+      *
+     D Z_FILTERED      C                   1
+     D Z_HUFFMAN_ONLY  C                   2
+     D Z_RLE           C                   3
+     D Z_DEFAULT_STRATEGY...
+     D                 C                   0
+      *
+     D Z_BINARY        C                   0
+     D Z_ASCII         C                   1
+     D Z_UNKNOWN       C                   2
+      *
+     D Z_DEFLATED      C                   8
+      *
+     D Z_NULL          C                   0
+      *
+      **************************************************************************
+      *                                 Types
+      **************************************************************************
+      *
+     D z_streamp       S               *                                        Stream struct ptr
+     D gzFile          S               *                                        File pointer
+     D gz_headerp      S               *
+     D z_off_t         S             10i 0                                      Stream offsets
+     D z_off64_t       S             20i 0                                      Stream offsets
+      *
+      **************************************************************************
+      *                               Structures
+      **************************************************************************
+      *
+      *  The GZIP encode/decode stream support structure.
+      *
+     D z_stream        DS                  align based(z_streamp)
+     D  zs_next_in                     *                                        Next input byte
+     D  zs_avail_in                  10U 0                                      Byte cnt at next_in
+     D  zs_total_in                  10U 0                                      Total bytes read
+     D  zs_next_out                    *                                        Output buffer ptr
+     D  zs_avail_out                 10U 0                                      Room left @ next_out
+     D  zs_total_out                 10U 0                                      Total bytes written
+     D  zs_msg                         *                                        Last errmsg or null
+     D  zs_state                       *                                        Internal state
+     D  zs_zalloc                      *   procptr                              Int. state allocator
+     D  zs_free                        *   procptr                              Int. state dealloc.
+     D  zs_opaque                      *                                        Private alloc. data
+     D  zs_data_type                 10i 0                                      ASC/BIN best guess
+     D  zs_adler                     10u 0                                      Uncompr. adler32 val
+     D                               10U 0                                      Reserved
+     D                               10U 0                                      Ptr. alignment
+      *
+      **************************************************************************
+      *                     Utility function prototypes
+      **************************************************************************
+      *
+     D compress        PR            10I 0 extproc('compress')
+     D  dest                      65535    options(*varsize)                    Destination buffer
+     D  destLen                      10U 0                                      Destination length
+     D  source                    65535    const options(*varsize)              Source buffer
+     D  sourceLen                    10u 0 value                                Source length
+      *
+     D compress2       PR            10I 0 extproc('compress2')
+     D  dest                      65535    options(*varsize)                    Destination buffer
+     D  destLen                      10U 0                                      Destination length
+     D  source                    65535    const options(*varsize)              Source buffer
+     D  sourceLen                    10U 0 value                                Source length
+     D  level                        10I 0 value                                Compression level
+      *
+     D compressBound   PR            10U 0 extproc('compressBound')
+     D  sourceLen                    10U 0 value
+      *
+     D uncompress      PR            10I 0 extproc('uncompress')
+     D  dest                      65535    options(*varsize)                    Destination buffer
+     D  destLen                      10U 0                                      Destination length
+     D  source                    65535    const options(*varsize)              Source buffer
+     D  sourceLen                    10U 0 value                                Source length
+      *
+     D uncompress2     PR            10I 0 extproc('uncompress2')
+     D  dest                      65535    options(*varsize)                    Destination buffer
+     D  destLen                      10U 0                                      Destination length
+     D  source                    65535    const options(*varsize)              Source buffer
+     D  sourceLen                    10U 0                                      Source length
+      *
+      /if not defined(LARGE_FILES)
+     D gzopen          PR                  extproc('gzopen')
+     D                                     like(gzFile)
+     D  path                           *   value options(*string)               File pathname
+     D  mode                           *   value options(*string)               Open mode
+      /else
+     D gzopen          PR                  extproc('gzopen64')
+     D                                     like(gzFile)
+     D  path                           *   value options(*string)               File pathname
+     D  mode                           *   value options(*string)               Open mode
+      *
+     D gzopen64        PR                  extproc('gzopen64')
+     D                                     like(gzFile)
+     D  path                           *   value options(*string)               File pathname
+     D  mode                           *   value options(*string)               Open mode
+      /endif
+      *
+     D gzdopen         PR                  extproc('gzdopen')
+     D                                     like(gzFile)
+     D  fd                           10I 0 value                                File descriptor
+     D  mode                           *   value options(*string)               Open mode
+      *
+     D gzbuffer        PR            10I 0 extproc('gzbuffer')
+     D  file                               value like(gzFile)                   File pointer
+     D  size                         10U 0 value
+      *
+     D gzsetparams     PR            10I 0 extproc('gzsetparams')
+     D  file                               value like(gzFile)                   File pointer
+     D  level                        10I 0 value
+     D  strategy                     10I 0 value
+      *
+     D gzread          PR            10I 0 extproc('gzread')
+     D  file                               value like(gzFile)                   File pointer
+     D  buf                       65535    options(*varsize)                    Buffer
+     D  len                          10u 0 value                                Buffer length
+      *
+     D gzfread          PR           20I 0 extproc('gzfread')
+     D  buf                       65535    options(*varsize)                    Buffer
+     D  size                         20u 0 value                                Buffer length
+     D  nitems                       20u 0 value                                Buffer length
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzwrite         PR            10I 0 extproc('gzwrite')
+     D  file                               value like(gzFile)                   File pointer
+     D  buf                       65535    const options(*varsize)              Buffer
+     D  len                          10u 0 value                                Buffer length
+      *
+     D gzfwrite         PR           20I 0 extproc('gzfwrite')
+     D  buf                       65535    options(*varsize)                    Buffer
+     D  size                         20u 0 value                                Buffer length
+     D  nitems                       20u 0 value                                Buffer length
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzputs          PR            10I 0 extproc('gzputs')
+     D  file                               value like(gzFile)                   File pointer
+     D  s                              *   value options(*string)               String to output
+      *
+     D gzgets          PR              *   extproc('gzgets')
+     D  file                               value like(gzFile)                   File pointer
+     D  buf                       65535    options(*varsize)                    Read buffer
+     D  len                          10i 0 value                                Buffer length
+      *
+     D gzputc          PR            10i 0 extproc('gzputc')
+     D  file                               value like(gzFile)                   File pointer
+     D  c                            10I 0 value                                Character to write
+      *
+     D gzgetc          PR            10i 0 extproc('gzgetc')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzgetc_         PR            10i 0 extproc('gzgetc_')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzungetc        PR            10i 0 extproc('gzungetc')
+     D  c                            10I 0 value                                Character to push
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzflush         PR            10i 0 extproc('gzflush')
+     D  file                               value like(gzFile)                   File pointer
+     D  flush                        10I 0 value                                Type of flush
+      *
+      /if not defined(LARGE_FILES)
+     D gzseek          PR                  extproc('gzseek')
+     D                                     like(z_off_t)
+     D  file                               value like(gzFile)                   File pointer
+     D  offset                             value like(z_off_t)                  Offset
+     D  whence                       10i 0 value                                Origin
+      /else
+     D gzseek          PR                  extproc('gzseek64')
+     D                                     like(z_off_t)
+     D  file                               value like(gzFile)                   File pointer
+     D  offset                             value like(z_off_t)                  Offset
+     D  whence                       10i 0 value                                Origin
+      *
+     D gzseek64        PR                  extproc('gzseek64')
+     D                                     like(z_off64_t)
+     D  file                               value like(gzFile)                   File pointer
+     D  offset                             value like(z_off64_t)                Offset
+     D  whence                       10i 0 value                                Origin
+      /endif
+      *
+     D gzrewind        PR            10i 0 extproc('gzrewind')
+     D  file                               value like(gzFile)                   File pointer
+      *
+      /if not defined(LARGE_FILES)
+     D gztell          PR                  extproc('gztell')
+     D                                     like(z_off_t)
+     D  file                               value like(gzFile)                   File pointer
+      /else
+     D gztell          PR                  extproc('gztell64')
+     D                                     like(z_off_t)
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gztell64        PR                  extproc('gztell64')
+     D                                     like(z_off64_t)
+     D  file                               value like(gzFile)                   File pointer
+      /endif
+      *
+      /if not defined(LARGE_FILES)
+     D gzoffset        PR                  extproc('gzoffset')
+     D                                     like(z_off_t)
+     D  file                               value like(gzFile)                   File pointer
+      /else
+     D gzoffset        PR                  extproc('gzoffset64')
+     D                                     like(z_off_t)
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzoffset64      PR                  extproc('gzoffset64')
+     D                                     like(z_off64_t)
+     D  file                               value like(gzFile)                   File pointer
+      /endif
+      *
+     D gzeof           PR            10i 0 extproc('gzeof')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzdirect        PR            10i 0 extproc('gzdirect')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzclose_r       PR            10i 0 extproc('gzclose_r')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzclose_w       PR            10i 0 extproc('gzclose_w')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzclose         PR            10i 0 extproc('gzclose')
+     D  file                               value like(gzFile)                   File pointer
+      *
+     D gzerror         PR              *   extproc('gzerror')                   Error string
+     D  file                               value like(gzFile)                   File pointer
+     D  errnum                       10I 0                                      Error code
+      *
+     D gzclearerr      PR                  extproc('gzclearerr')
+     D  file                               value like(gzFile)                   File pointer
+      *
+      **************************************************************************
+      *                        Basic function prototypes
+      **************************************************************************
+      *
+     D zlibVersion     PR              *   extproc('zlibVersion')               Version string
+      *
+     D deflateInit     PR            10I 0 extproc('deflateInit_')              Init. compression
+     D  strm                               like(z_stream)                       Compression stream
+     D  level                        10I 0 value                                Compression level
+     D  version                        *   value options(*string)               Version string
+     D  stream_size                  10i 0 value                                Stream struct. size
+      *
+     D deflate         PR            10I 0 extproc('deflate')                   Compress data
+     D  strm                               like(z_stream)                       Compression stream
+     D  flush                        10I 0 value                                Flush type required
+      *
+     D deflateEnd      PR            10I 0 extproc('deflateEnd')                Termin. compression
+     D  strm                               like(z_stream)                       Compression stream
+      *
+     D inflateInit     PR            10I 0 extproc('inflateInit_')              Init. expansion
+     D  strm                               like(z_stream)                       Expansion stream
+     D  version                        *   value options(*string)               Version string
+     D  stream_size                  10i 0 value                                Stream struct. size
+      *
+     D inflate         PR            10I 0 extproc('inflate')                   Expand data
+     D  strm                               like(z_stream)                       Expansion stream
+     D  flush                        10I 0 value                                Flush type required
+      *
+     D inflateEnd      PR            10I 0 extproc('inflateEnd')                Termin. expansion
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+      **************************************************************************
+      *                        Advanced function prototypes
+      **************************************************************************
+      *
+     D deflateInit2    PR            10I 0 extproc('deflateInit2_')             Init. compression
+     D  strm                               like(z_stream)                       Compression stream
+     D  level                        10I 0 value                                Compression level
+     D  method                       10I 0 value                                Compression method
+     D  windowBits                   10I 0 value                                log2(window size)
+     D  memLevel                     10I 0 value                                Mem/cmpress tradeoff
+     D  strategy                     10I 0 value                                Compression strategy
+     D  version                        *   value options(*string)               Version string
+     D  stream_size                  10i 0 value                                Stream struct. size
+      *
+     D deflateSetDictionary...
+     D                 PR            10I 0 extproc('deflateSetDictionary')      Init. dictionary
+     D  strm                               like(z_stream)                       Compression stream
+     D  dictionary                65535    const options(*varsize)              Dictionary bytes
+     D  dictLength                   10U 0 value                                Dictionary length
+      *
+     D deflateCopy     PR            10I 0 extproc('deflateCopy')               Compress strm 2 strm
+     D  dest                               like(z_stream)                       Destination stream
+     D  source                             like(z_stream)                       Source stream
+      *
+     D deflateReset    PR            10I 0 extproc('deflateReset')              End and init. stream
+     D  strm                               like(z_stream)                       Compression stream
+      *
+     D deflateParams   PR            10I 0 extproc('deflateParams')             Change level & strat
+     D  strm                               like(z_stream)                       Compression stream
+     D  level                        10I 0 value                                Compression level
+     D  strategy                     10I 0 value                                Compression strategy
+      *
+     D deflateTune     PR            10I 0 extproc('deflateTune')
+     D  strm                               like(z_stream)                       Compression stream
+     D  good                         10I 0 value
+     D  lazy                         10I 0 value
+     D  nice                         10I 0 value
+     D  chain                        10I 0 value
+      *
+     D deflateBound    PR            10U 0 extproc('deflateBound')              Change level & strat
+     D  strm                               like(z_stream)                       Compression stream
+     D  sourcelen                    10U 0 value                                Compression level
+      *
+     D deflatePending  PR            10I 0 extproc('deflatePending')            Change level & strat
+     D  strm                               like(z_stream)                       Compression stream
+     D  pending                      10U 0                                      Pending bytes
+     D  bits                         10I 0                                      Pending bits
+      *
+     D deflatePrime    PR            10I 0 extproc('deflatePrime')              Change level & strat
+     D  strm                               like(z_stream)                       Compression stream
+     D  bits                         10I 0 value                                # of bits to insert
+     D  value                        10I 0 value                                Bits to insert
+      *
+     D inflateInit2    PR            10I 0 extproc('inflateInit2_')             Init. expansion
+     D  strm                               like(z_stream)                       Expansion stream
+     D  windowBits                   10I 0 value                                log2(window size)
+     D  version                        *   value options(*string)               Version string
+     D  stream_size                  10i 0 value                                Stream struct. size
+      *
+     D inflateSetDictionary...
+     D                 PR            10I 0 extproc('inflateSetDictionary')      Init. dictionary
+     D  strm                               like(z_stream)                       Expansion stream
+     D  dictionary                65535    const options(*varsize)              Dictionary bytes
+     D  dictLength                   10U 0 value                                Dictionary length
+      *
+     D inflateGetDictionary...
+     D                 PR            10I 0 extproc('inflateGetDictionary')      Get dictionary
+     D  strm                               like(z_stream)                       Expansion stream
+     D  dictionary                65535    options(*varsize)                    Dictionary bytes
+     D  dictLength                   10U 0                                      Dictionary length
+      *
+     D deflateGetDictionary...
+     D                 PR            10I 0 extproc('deflateGetDictionary')      Get dictionary
+     D  strm                               like(z_stream)                       Expansion stream
+     D  dictionary                65535    options(*varsize)                    Dictionary bytes
+     D  dictLength                   10U 0                                      Dictionary length
+      *
+     D inflateSync     PR            10I 0 extproc('inflateSync')               Sync. expansion
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D inflateCopy     PR            10I 0 extproc('inflateCopy')
+     D  dest                               like(z_stream)                       Destination stream
+     D  source                             like(z_stream)                       Source stream
+      *
+     D inflateReset    PR            10I 0 extproc('inflateReset')              End and init. stream
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D inflateReset2   PR            10I 0 extproc('inflateReset2')             End and init. stream
+     D  strm                               like(z_stream)                       Expansion stream
+     D  windowBits                   10I 0 value                                Log2(buffer size)
+      *
+     D inflatePrime    PR            10I 0 extproc('inflatePrime')              Insert bits
+     D  strm                               like(z_stream)                       Expansion stream
+     D  bits                         10I 0 value                                Bit count
+     D  value                        10I 0 value                                Bits to insert
+      *
+     D inflateMark     PR            10I 0 extproc('inflateMark')               Get inflate info
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D inflateCodesUsed...
+                       PR            20U 0 extproc('inflateCodesUsed')
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D inflateValidate...
+                       PR            20U 0 extproc('inflateValidate')
+     D  strm                               like(z_stream)                       Expansion stream
+     D  check                        10I 0 value
+      *
+     D inflateGetHeader...
+                       PR            10U 0 extproc('inflateGetHeader')
+     D  strm                               like(z_stream)                       Expansion stream
+     D  head                               like(gz_headerp)
+      *
+     D deflateSetHeader...
+                       PR            10U 0 extproc('deflateSetHeader')
+     D  strm                               like(z_stream)                       Expansion stream
+     D  head                               like(gz_headerp)
+      *
+     D inflateBackInit...
+     D                 PR            10I 0 extproc('inflateBackInit_')
+     D  strm                               like(z_stream)                       Expansion stream
+     D  windowBits                   10I 0 value                                Log2(buffer size)
+     D  window                    65535    options(*varsize)                    Buffer
+     D  version                        *   value options(*string)               Version string
+     D  stream_size                  10i 0 value                                Stream struct. size
+      *
+     D inflateBack     PR            10I 0 extproc('inflateBack')
+     D  strm                               like(z_stream)                       Expansion stream
+     D  in                             *   value procptr                        Input function
+     D  in_desc                        *   value                                Input descriptor
+     D  out                            *   value procptr                        Output function
+     D  out_desc                       *   value                                Output descriptor
+      *
+     D inflateBackEnd  PR            10I 0 extproc('inflateBackEnd')
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D zlibCompileFlags...
+     D                 PR            10U 0 extproc('zlibCompileFlags')
+      *
+      **************************************************************************
+      *                        Checksum function prototypes
+      **************************************************************************
+      *
+     D adler32         PR            10U 0 extproc('adler32')                   New checksum
+     D  adler                        10U 0 value                                Old checksum
+     D  buf                       65535    const options(*varsize)              Bytes to accumulate
+     D  len                          10U 0 value                                Buffer length
+      *
+     D adler32_combine...
+                       PR            10U 0 extproc('adler32_combine')           New checksum
+     D  adler1                       10U 0 value                                Old checksum
+     D  adler2                       10U 0 value                                Old checksum
+     D  len2                         20U 0 value                                Buffer length
+      *
+     D adler32_z       PR            10U 0 extproc('adler32_z')                 New checksum
+     D  adler                        10U 0 value                                Old checksum
+     D  buf                       65535    const options(*varsize)              Bytes to accumulate
+     D  len                          20U 0 value                                Buffer length
+      *
+     D crc32           PR            10U 0 extproc('crc32')                     New checksum
+     D  crc                          10U 0 value                                Old checksum
+     D  buf                       65535    const options(*varsize)              Bytes to accumulate
+     D  len                          10U 0 value                                Buffer length
+      *
+     D crc32_combine...
+                       PR            10U 0 extproc('crc32_combine')             New checksum
+     D  crc1                         10U 0 value                                Old checksum
+     D  crc2                         10U 0 value                                Old checksum
+     D  len2                         20U 0 value                                Buffer length
+      *
+     D crc32_z         PR            10U 0 extproc('crc32_z')                   New checksum
+     D  crc                          10U 0 value                                Old checksum
+     D  buf                       65535    const options(*varsize)              Bytes to accumulate
+     D  len                          20U 0 value                                Buffer length
+      *
+      **************************************************************************
+      *                     Miscellaneous function prototypes
+      **************************************************************************
+      *
+     D zError          PR              *   extproc('zError')                    Error string
+     D  err                          10I 0 value                                Error code
+      *
+     D inflateSyncPoint...
+     D                 PR            10I 0 extproc('inflateSyncPoint')
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D get_crc_table   PR              *   extproc('get_crc_table')             Ptr to ulongs
+      *
+     D inflateUndermine...
+     D                 PR            10I 0 extproc('inflateUndermine')
+     D  strm                               like(z_stream)                       Expansion stream
+     D  arg                          10I 0 value                                Error code
+      *
+     D inflateResetKeep...
+     D                 PR            10I 0 extproc('inflateResetKeep')          End and init. stream
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+     D deflateResetKeep...
+     D                 PR            10I 0 extproc('deflateResetKeep')          End and init. stream
+     D  strm                               like(z_stream)                       Expansion stream
+      *
+      /endif
diff --git a/zlib-1.3.1/qnx/package.qpg b/zlib-1.3.1/qnx/package.qpg
new file mode 100644
index 00000000..4877e0ef
--- /dev/null
+++ b/zlib-1.3.1/qnx/package.qpg
@@ -0,0 +1,141 @@
+<QPG:Generation>
+   <QPG:Options>
+      <QPG:User unattended="no" verbosity="2" listfiles="yes"/>
+      <QPG:Defaults type="qnx_package"/>
+      <QPG:Source></QPG:Source>
+      <QPG:Release number="+"/>
+      <QPG:Build></QPG:Build>
+      <QPG:FileSorting strip="yes"/>
+      <QPG:Package targets="combine"/>
+      <QPG:Repository generate="yes"/>
+      <QPG:FinalDir></QPG:FinalDir>
+      <QPG:Cleanup></QPG:Cleanup>
+   </QPG:Options>
+
+   <QPG:Responsible>
+      <QPG:Company></QPG:Company>
+      <QPG:Department></QPG:Department>
+      <QPG:Group></QPG:Group>
+      <QPG:Team></QPG:Team>
+      <QPG:Employee></QPG:Employee>
+      <QPG:EmailAddress></QPG:EmailAddress>
+   </QPG:Responsible>
+
+   <QPG:Values>
+      <QPG:Files>
+         <QPG:Add file="../zconf.h" install="/opt/include/" user="root:sys" permission="644"/>
+         <QPG:Add file="../zlib.h" install="/opt/include/" user="root:sys" permission="644"/>
+         <QPG:Add file="../libz.so.1.3.1" install="/opt/lib/" user="root:bin" permission="644"/>
+         <QPG:Add file="libz.so" install="/opt/lib/" component="dev" filetype="symlink" linkto="libz.so.1.3.1"/>
+         <QPG:Add file="libz.so.1" install="/opt/lib/" filetype="symlink" linkto="libz.so.1.3.1"/>
+         <QPG:Add file="../libz.so.1.3.1" install="/opt/lib/" component="slib"/>
+      </QPG:Files>
+
+      <QPG:PackageFilter>
+         <QPM:PackageManifest>
+            <QPM:PackageDescription>
+               <QPM:PackageType>Library</QPM:PackageType>
+               <QPM:PackageReleaseNotes></QPM:PackageReleaseNotes>
+               <QPM:PackageReleaseUrgency>Medium</QPM:PackageReleaseUrgency>
+               <QPM:PackageRepository></QPM:PackageRepository>
+               <QPM:FileVersion>2.0</QPM:FileVersion>
+            </QPM:PackageDescription>
+
+            <QPM:ProductDescription>
+               <QPM:ProductName>zlib</QPM:ProductName>
+               <QPM:ProductIdentifier>zlib</QPM:ProductIdentifier>
+               <QPM:ProductEmail>alain.bonnefoy@icbt.com</QPM:ProductEmail>
+               <QPM:VendorName>Public</QPM:VendorName>
+               <QPM:VendorInstallName>public</QPM:VendorInstallName>
+               <QPM:VendorURL>www.gzip.org/zlib</QPM:VendorURL>
+               <QPM:VendorEmbedURL></QPM:VendorEmbedURL>
+               <QPM:VendorEmail></QPM:VendorEmail>
+               <QPM:AuthorName>Jean-Loup Gailly,Mark Adler</QPM:AuthorName>
+               <QPM:AuthorURL>www.gzip.org/zlib</QPM:AuthorURL>
+               <QPM:AuthorEmbedURL></QPM:AuthorEmbedURL>
+               <QPM:AuthorEmail>zlib@gzip.org</QPM:AuthorEmail>
+               <QPM:ProductIconSmall></QPM:ProductIconSmall>
+               <QPM:ProductIconLarge></QPM:ProductIconLarge>
+               <QPM:ProductDescriptionShort>A massively spiffy yet delicately unobtrusive compression library.</QPM:ProductDescriptionShort>
+               <QPM:ProductDescriptionLong>zlib is designed to be a free, general-purpose, legally unencumbered, lossless data compression library for use on virtually any computer hardware and operating system.</QPM:ProductDescriptionLong>
+               <QPM:ProductDescriptionURL>http://www.gzip.org/zlib</QPM:ProductDescriptionURL>
+               <QPM:ProductDescriptionEmbedURL></QPM:ProductDescriptionEmbedURL>
+            </QPM:ProductDescription>
+
+            <QPM:ReleaseDescription>
+               <QPM:ReleaseVersion>1.3.1</QPM:ReleaseVersion>
+               <QPM:ReleaseUrgency>Medium</QPM:ReleaseUrgency>
+               <QPM:ReleaseStability>Stable</QPM:ReleaseStability>
+               <QPM:ReleaseNoteMinor></QPM:ReleaseNoteMinor>
+               <QPM:ReleaseNoteMajor></QPM:ReleaseNoteMajor>
+               <QPM:ExcludeCountries>
+                  <QPM:Country></QPM:Country>
+               </QPM:ExcludeCountries>
+
+               <QPM:ReleaseCopyright>No License</QPM:ReleaseCopyright>
+            </QPM:ReleaseDescription>
+
+            <QPM:ContentDescription>
+               <QPM:ContentTopic xmlmultiple="true">Software Development/Libraries and Extensions/C Libraries</QPM:ContentTopic>
+               <QPM:ContentKeyword>zlib,compression</QPM:ContentKeyword>
+               <QPM:TargetOS>qnx6</QPM:TargetOS>
+               <QPM:HostOS>qnx6</QPM:HostOS>
+               <QPM:DisplayEnvironment xmlmultiple="true">None</QPM:DisplayEnvironment>
+               <QPM:TargetAudience xmlmultiple="true">Developer</QPM:TargetAudience>
+            </QPM:ContentDescription>
+         </QPM:PackageManifest>
+      </QPG:PackageFilter>
+
+      <QPG:PackageFilter proc="none" target="none">
+         <QPM:PackageManifest>
+            <QPM:ProductInstallationDependencies>
+               <QPM:ProductRequirements></QPM:ProductRequirements>
+            </QPM:ProductInstallationDependencies>
+
+            <QPM:ProductInstallationProcedure>
+               <QPM:Script xmlmultiple="true">
+                  <QPM:ScriptName></QPM:ScriptName>
+                  <QPM:ScriptType>Install</QPM:ScriptType>
+                  <QPM:ScriptTiming>Post</QPM:ScriptTiming>
+                  <QPM:ScriptBlocking>No</QPM:ScriptBlocking>
+                  <QPM:ScriptResult>Ignore</QPM:ScriptResult>
+                  <QPM:ShortDescription></QPM:ShortDescription>
+                  <QPM:UseBinaries>No</QPM:UseBinaries>
+                  <QPM:Priority>Optional</QPM:Priority>
+               </QPM:Script>
+            </QPM:ProductInstallationProcedure>
+         </QPM:PackageManifest>
+
+         <QPM:Launch>
+         </QPM:Launch>
+      </QPG:PackageFilter>
+
+      <QPG:PackageFilter type="core" component="none">
+         <QPM:PackageManifest>
+            <QPM:ProductInstallationProcedure>
+	       <QPM:OrderDependency xmlmultiple="true">
+	          <QPM:Order>InstallOver</QPM:Order>
+	          <QPM:Product>zlib</QPM:Product>
+	       </QPM:OrderDependency>
+            </QPM:ProductInstallationProcedure>
+         </QPM:PackageManifest>
+
+         <QPM:Launch>
+         </QPM:Launch>
+      </QPG:PackageFilter>
+
+      <QPG:PackageFilter type="core" component="dev">
+         <QPM:PackageManifest>
+            <QPM:ProductInstallationProcedure>
+	       <QPM:OrderDependency xmlmultiple="true">
+	          <QPM:Order>InstallOver</QPM:Order>
+	          <QPM:Product>zlib-dev</QPM:Product>
+	       </QPM:OrderDependency>
+            </QPM:ProductInstallationProcedure>
+         </QPM:PackageManifest>
+
+         <QPM:Launch>
+         </QPM:Launch>
+      </QPG:PackageFilter>
+   </QPG:Values>
+</QPG:Generation>
diff --git a/zlib-1.3.1/test/example.c b/zlib-1.3.1/test/example.c
new file mode 100644
index 00000000..c3521dd5
--- /dev/null
+++ b/zlib-1.3.1/test/example.c
@@ -0,0 +1,546 @@
+/* example.c -- usage example of the zlib compression library
+ * Copyright (C) 1995-2006, 2011, 2016 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zlib.h"
+#include <stdio.h>
+
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#if defined(VMS) || defined(RISCOS)
+#  define TESTFILE "foo-gz"
+#else
+#  define TESTFILE "foo.gz"
+#endif
+
+#define CHECK_ERR(err, msg) { \
+    if (err != Z_OK) { \
+        fprintf(stderr, "%s error: %d\n", msg, err); \
+        exit(1); \
+    } \
+}
+
+static z_const char hello[] = "hello, hello!";
+/* "hello world" would be more standard, but the repeated "hello"
+ * stresses the compression code better, sorry...
+ */
+
+static const char dictionary[] = "hello";
+static uLong dictId;    /* Adler32 value of the dictionary */
+
+#ifdef Z_SOLO
+
+static void *myalloc(void *q, unsigned n, unsigned m) {
+    (void)q;
+    return calloc(n, m);
+}
+
+static void myfree(void *q, void *p) {
+    (void)q;
+    free(p);
+}
+
+static alloc_func zalloc = myalloc;
+static free_func zfree = myfree;
+
+#else /* !Z_SOLO */
+
+static alloc_func zalloc = (alloc_func)0;
+static free_func zfree = (free_func)0;
+
+/* ===========================================================================
+ * Test compress() and uncompress()
+ */
+static void test_compress(Byte *compr, uLong comprLen, Byte *uncompr,
+                   uLong uncomprLen) {
+    int err;
+    uLong len = (uLong)strlen(hello)+1;
+
+    err = compress(compr, &comprLen, (const Bytef*)hello, len);
+    CHECK_ERR(err, "compress");
+
+    strcpy((char*)uncompr, "garbage");
+
+    err = uncompress(uncompr, &uncomprLen, compr, comprLen);
+    CHECK_ERR(err, "uncompress");
+
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad uncompress\n");
+        exit(1);
+    } else {
+        printf("uncompress(): %s\n", (char *)uncompr);
+    }
+}
+
+/* ===========================================================================
+ * Test read/write of .gz files
+ */
+static void test_gzio(const char *fname, Byte *uncompr, uLong uncomprLen) {
+#ifdef NO_GZCOMPRESS
+    fprintf(stderr, "NO_GZCOMPRESS -- gz* functions cannot compress\n");
+#else
+    int err;
+    int len = (int)strlen(hello)+1;
+    gzFile file;
+    z_off_t pos;
+
+    file = gzopen(fname, "wb");
+    if (file == NULL) {
+        fprintf(stderr, "gzopen error\n");
+        exit(1);
+    }
+    gzputc(file, 'h');
+    if (gzputs(file, "ello") != 4) {
+        fprintf(stderr, "gzputs err: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    if (gzprintf(file, ", %s!", "hello") != 8) {
+        fprintf(stderr, "gzprintf err: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    gzseek(file, 1L, SEEK_CUR); /* add one zero byte */
+    gzclose(file);
+
+    file = gzopen(fname, "rb");
+    if (file == NULL) {
+        fprintf(stderr, "gzopen error\n");
+        exit(1);
+    }
+    strcpy((char*)uncompr, "garbage");
+
+    if (gzread(file, uncompr, (unsigned)uncomprLen) != len) {
+        fprintf(stderr, "gzread err: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad gzread: %s\n", (char*)uncompr);
+        exit(1);
+    } else {
+        printf("gzread(): %s\n", (char*)uncompr);
+    }
+
+    pos = gzseek(file, -8L, SEEK_CUR);
+    if (pos != 6 || gztell(file) != pos) {
+        fprintf(stderr, "gzseek error, pos=%ld, gztell=%ld\n",
+                (long)pos, (long)gztell(file));
+        exit(1);
+    }
+
+    if (gzgetc(file) != ' ') {
+        fprintf(stderr, "gzgetc error\n");
+        exit(1);
+    }
+
+    if (gzungetc(' ', file) != ' ') {
+        fprintf(stderr, "gzungetc error\n");
+        exit(1);
+    }
+
+    gzgets(file, (char*)uncompr, (int)uncomprLen);
+    if (strlen((char*)uncompr) != 7) { /* " hello!" */
+        fprintf(stderr, "gzgets err after gzseek: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    if (strcmp((char*)uncompr, hello + 6)) {
+        fprintf(stderr, "bad gzgets after gzseek\n");
+        exit(1);
+    } else {
+        printf("gzgets() after gzseek: %s\n", (char*)uncompr);
+    }
+
+    gzclose(file);
+#endif
+}
+
+#endif /* Z_SOLO */
+
+/* ===========================================================================
+ * Test deflate() with small buffers
+ */
+static void test_deflate(Byte *compr, uLong comprLen) {
+    z_stream c_stream; /* compression stream */
+    int err;
+    uLong len = (uLong)strlen(hello)+1;
+
+    c_stream.zalloc = zalloc;
+    c_stream.zfree = zfree;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
+    CHECK_ERR(err, "deflateInit");
+
+    c_stream.next_in  = (z_const unsigned char *)hello;
+    c_stream.next_out = compr;
+
+    while (c_stream.total_in != len && c_stream.total_out < comprLen) {
+        c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
+        err = deflate(&c_stream, Z_NO_FLUSH);
+        CHECK_ERR(err, "deflate");
+    }
+    /* Finish the stream, still forcing small buffers: */
+    for (;;) {
+        c_stream.avail_out = 1;
+        err = deflate(&c_stream, Z_FINISH);
+        if (err == Z_STREAM_END) break;
+        CHECK_ERR(err, "deflate");
+    }
+
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with small buffers
+ */
+static void test_inflate(Byte *compr, uLong comprLen, Byte *uncompr,
+                  uLong uncomprLen) {
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = zalloc;
+    d_stream.zfree = zfree;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = 0;
+    d_stream.next_out = uncompr;
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
+        d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
+        err = inflate(&d_stream, Z_NO_FLUSH);
+        if (err == Z_STREAM_END) break;
+        CHECK_ERR(err, "inflate");
+    }
+
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad inflate\n");
+        exit(1);
+    } else {
+        printf("inflate(): %s\n", (char *)uncompr);
+    }
+}
+
+/* ===========================================================================
+ * Test deflate() with large buffers and dynamic change of compression level
+ */
+static void test_large_deflate(Byte *compr, uLong comprLen, Byte *uncompr,
+                        uLong uncomprLen) {
+    z_stream c_stream; /* compression stream */
+    int err;
+
+    c_stream.zalloc = zalloc;
+    c_stream.zfree = zfree;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_BEST_SPEED);
+    CHECK_ERR(err, "deflateInit");
+
+    c_stream.next_out = compr;
+    c_stream.avail_out = (uInt)comprLen;
+
+    /* At this point, uncompr is still mostly zeroes, so it should compress
+     * very well:
+     */
+    c_stream.next_in = uncompr;
+    c_stream.avail_in = (uInt)uncomprLen;
+    err = deflate(&c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "deflate");
+    if (c_stream.avail_in != 0) {
+        fprintf(stderr, "deflate not greedy\n");
+        exit(1);
+    }
+
+    /* Feed in already compressed data and switch to no compression: */
+    deflateParams(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
+    c_stream.next_in = compr;
+    c_stream.avail_in = (uInt)uncomprLen/2;
+    err = deflate(&c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "deflate");
+
+    /* Switch back to compressing mode: */
+    deflateParams(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
+    c_stream.next_in = uncompr;
+    c_stream.avail_in = (uInt)uncomprLen;
+    err = deflate(&c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "deflate");
+
+    err = deflate(&c_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        fprintf(stderr, "deflate should report Z_STREAM_END\n");
+        exit(1);
+    }
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with large buffers
+ */
+static void test_large_inflate(Byte *compr, uLong comprLen, Byte *uncompr,
+                        uLong uncomprLen) {
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = zalloc;
+    d_stream.zfree = zfree;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = (uInt)comprLen;
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    for (;;) {
+        d_stream.next_out = uncompr;            /* discard the output */
+        d_stream.avail_out = (uInt)uncomprLen;
+        err = inflate(&d_stream, Z_NO_FLUSH);
+        if (err == Z_STREAM_END) break;
+        CHECK_ERR(err, "large inflate");
+    }
+
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    if (d_stream.total_out != 2*uncomprLen + uncomprLen/2) {
+        fprintf(stderr, "bad large inflate: %ld\n", d_stream.total_out);
+        exit(1);
+    } else {
+        printf("large_inflate(): OK\n");
+    }
+}
+
+/* ===========================================================================
+ * Test deflate() with full flush
+ */
+static void test_flush(Byte *compr, uLong *comprLen) {
+    z_stream c_stream; /* compression stream */
+    int err;
+    uInt len = (uInt)strlen(hello)+1;
+
+    c_stream.zalloc = zalloc;
+    c_stream.zfree = zfree;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
+    CHECK_ERR(err, "deflateInit");
+
+    c_stream.next_in  = (z_const unsigned char *)hello;
+    c_stream.next_out = compr;
+    c_stream.avail_in = 3;
+    c_stream.avail_out = (uInt)*comprLen;
+    err = deflate(&c_stream, Z_FULL_FLUSH);
+    CHECK_ERR(err, "deflate");
+
+    compr[3]++; /* force an error in first compressed block */
+    c_stream.avail_in = len - 3;
+
+    err = deflate(&c_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        CHECK_ERR(err, "deflate");
+    }
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+
+    *comprLen = c_stream.total_out;
+}
+
+/* ===========================================================================
+ * Test inflateSync()
+ */
+static void test_sync(Byte *compr, uLong comprLen, Byte *uncompr,
+                      uLong uncomprLen) {
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = zalloc;
+    d_stream.zfree = zfree;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = 2; /* just read the zlib header */
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    d_stream.next_out = uncompr;
+    d_stream.avail_out = (uInt)uncomprLen;
+
+    err = inflate(&d_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "inflate");
+
+    d_stream.avail_in = (uInt)comprLen-2;   /* read all compressed data */
+    err = inflateSync(&d_stream);           /* but skip the damaged part */
+    CHECK_ERR(err, "inflateSync");
+
+    err = inflate(&d_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        fprintf(stderr, "inflate should report Z_STREAM_END\n");
+        exit(1);
+    }
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    printf("after inflateSync(): hel%s\n", (char *)uncompr);
+}
+
+/* ===========================================================================
+ * Test deflate() with preset dictionary
+ */
+static void test_dict_deflate(Byte *compr, uLong comprLen) {
+    z_stream c_stream; /* compression stream */
+    int err;
+
+    c_stream.zalloc = zalloc;
+    c_stream.zfree = zfree;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_BEST_COMPRESSION);
+    CHECK_ERR(err, "deflateInit");
+
+    err = deflateSetDictionary(&c_stream,
+                (const Bytef*)dictionary, (int)sizeof(dictionary));
+    CHECK_ERR(err, "deflateSetDictionary");
+
+    dictId = c_stream.adler;
+    c_stream.next_out = compr;
+    c_stream.avail_out = (uInt)comprLen;
+
+    c_stream.next_in = (z_const unsigned char *)hello;
+    c_stream.avail_in = (uInt)strlen(hello)+1;
+
+    err = deflate(&c_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        fprintf(stderr, "deflate should report Z_STREAM_END\n");
+        exit(1);
+    }
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with a preset dictionary
+ */
+static void test_dict_inflate(Byte *compr, uLong comprLen, Byte *uncompr,
+                       uLong uncomprLen) {
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = zalloc;
+    d_stream.zfree = zfree;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = (uInt)comprLen;
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    d_stream.next_out = uncompr;
+    d_stream.avail_out = (uInt)uncomprLen;
+
+    for (;;) {
+        err = inflate(&d_stream, Z_NO_FLUSH);
+        if (err == Z_STREAM_END) break;
+        if (err == Z_NEED_DICT) {
+            if (d_stream.adler != dictId) {
+                fprintf(stderr, "unexpected dictionary");
+                exit(1);
+            }
+            err = inflateSetDictionary(&d_stream, (const Bytef*)dictionary,
+                                       (int)sizeof(dictionary));
+        }
+        CHECK_ERR(err, "inflate with dict");
+    }
+
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad inflate with dict\n");
+        exit(1);
+    } else {
+        printf("inflate with dictionary: %s\n", (char *)uncompr);
+    }
+}
+
+/* ===========================================================================
+ * Usage:  example [output.gz  [input.gz]]
+ */
+
+int main(int argc, char *argv[]) {
+    Byte *compr, *uncompr;
+    uLong uncomprLen = 20000;
+    uLong comprLen = 3 * uncomprLen;
+    static const char* myVersion = ZLIB_VERSION;
+
+    if (zlibVersion()[0] != myVersion[0]) {
+        fprintf(stderr, "incompatible zlib version\n");
+        exit(1);
+
+    } else if (strcmp(zlibVersion(), ZLIB_VERSION) != 0) {
+        fprintf(stderr, "warning: different zlib version linked: %s\n",
+                zlibVersion());
+    }
+
+    printf("zlib version %s = 0x%04x, compile flags = 0x%lx\n",
+            ZLIB_VERSION, ZLIB_VERNUM, zlibCompileFlags());
+
+    compr    = (Byte*)calloc((uInt)comprLen, 1);
+    uncompr  = (Byte*)calloc((uInt)uncomprLen, 1);
+    /* compr and uncompr are cleared to avoid reading uninitialized
+     * data and to ensure that uncompr compresses well.
+     */
+    if (compr == Z_NULL || uncompr == Z_NULL) {
+        printf("out of memory\n");
+        exit(1);
+    }
+
+#ifdef Z_SOLO
+    (void)argc;
+    (void)argv;
+#else
+    test_compress(compr, comprLen, uncompr, uncomprLen);
+
+    test_gzio((argc > 1 ? argv[1] : TESTFILE),
+              uncompr, uncomprLen);
+#endif
+
+    test_deflate(compr, comprLen);
+    test_inflate(compr, comprLen, uncompr, uncomprLen);
+
+    test_large_deflate(compr, comprLen, uncompr, uncomprLen);
+    test_large_inflate(compr, comprLen, uncompr, uncomprLen);
+
+    test_flush(compr, &comprLen);
+    test_sync(compr, comprLen, uncompr, uncomprLen);
+    comprLen = 3 * uncomprLen;
+
+    test_dict_deflate(compr, comprLen);
+    test_dict_inflate(compr, comprLen, uncompr, uncomprLen);
+
+    free(compr);
+    free(uncompr);
+
+    return 0;
+}
diff --git a/zlib-1.3.1/test/infcover.c b/zlib-1.3.1/test/infcover.c
new file mode 100644
index 00000000..8912c403
--- /dev/null
+++ b/zlib-1.3.1/test/infcover.c
@@ -0,0 +1,672 @@
+/* infcover.c -- test zlib's inflate routines with full code coverage
+ * Copyright (C) 2011, 2016 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* to use, do: ./configure --cover && make cover */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "zlib.h"
+
+/* get definition of internal structure so we can mess with it (see pull()),
+   and so we can call inflate_trees() (see cover5()) */
+#define ZLIB_INTERNAL
+#include "inftrees.h"
+#include "inflate.h"
+
+#define local static
+
+/* -- memory tracking routines -- */
+
+/*
+   These memory tracking routines are provided to zlib and track all of zlib's
+   allocations and deallocations, check for LIFO operations, keep a current
+   and high water mark of total bytes requested, optionally set a limit on the
+   total memory that can be allocated, and when done check for memory leaks.
+
+   They are used as follows:
+
+   z_stream strm;
+   mem_setup(&strm)         initializes the memory tracking and sets the
+                            zalloc, zfree, and opaque members of strm to use
+                            memory tracking for all zlib operations on strm
+   mem_limit(&strm, limit)  sets a limit on the total bytes requested -- a
+                            request that exceeds this limit will result in an
+                            allocation failure (returns NULL) -- setting the
+                            limit to zero means no limit, which is the default
+                            after mem_setup()
+   mem_used(&strm, "msg")   prints to stderr "msg" and the total bytes used
+   mem_high(&strm, "msg")   prints to stderr "msg" and the high water mark
+   mem_done(&strm, "msg")   ends memory tracking, releases all allocations
+                            for the tracking as well as leaked zlib blocks, if
+                            any.  If there was anything unusual, such as leaked
+                            blocks, non-FIFO frees, or frees of addresses not
+                            allocated, then "msg" and information about the
+                            problem is printed to stderr.  If everything is
+                            normal, nothing is printed. mem_done resets the
+                            strm members to Z_NULL to use the default memory
+                            allocation routines on the next zlib initialization
+                            using strm.
+ */
+
+/* these items are strung together in a linked list, one for each allocation */
+struct mem_item {
+    void *ptr;                  /* pointer to allocated memory */
+    size_t size;                /* requested size of allocation */
+    struct mem_item *next;      /* pointer to next item in list, or NULL */
+};
+
+/* this structure is at the root of the linked list, and tracks statistics */
+struct mem_zone {
+    struct mem_item *first;     /* pointer to first item in list, or NULL */
+    size_t total, highwater;    /* total allocations, and largest total */
+    size_t limit;               /* memory allocation limit, or 0 if no limit */
+    int notlifo, rogue;         /* counts of non-LIFO frees and rogue frees */
+};
+
+/* memory allocation routine to pass to zlib */
+local void *mem_alloc(void *mem, unsigned count, unsigned size)
+{
+    void *ptr;
+    struct mem_item *item;
+    struct mem_zone *zone = mem;
+    size_t len = count * (size_t)size;
+
+    /* induced allocation failure */
+    if (zone == NULL || (zone->limit && zone->total + len > zone->limit))
+        return NULL;
+
+    /* perform allocation using the standard library, fill memory with a
+       non-zero value to make sure that the code isn't depending on zeros */
+    ptr = malloc(len);
+    if (ptr == NULL)
+        return NULL;
+    memset(ptr, 0xa5, len);
+
+    /* create a new item for the list */
+    item = malloc(sizeof(struct mem_item));
+    if (item == NULL) {
+        free(ptr);
+        return NULL;
+    }
+    item->ptr = ptr;
+    item->size = len;
+
+    /* insert item at the beginning of the list */
+    item->next = zone->first;
+    zone->first = item;
+
+    /* update the statistics */
+    zone->total += item->size;
+    if (zone->total > zone->highwater)
+        zone->highwater = zone->total;
+
+    /* return the allocated memory */
+    return ptr;
+}
+
+/* memory free routine to pass to zlib */
+local void mem_free(void *mem, void *ptr)
+{
+    struct mem_item *item, *next;
+    struct mem_zone *zone = mem;
+
+    /* if no zone, just do a free */
+    if (zone == NULL) {
+        free(ptr);
+        return;
+    }
+
+    /* point next to the item that matches ptr, or NULL if not found -- remove
+       the item from the linked list if found */
+    next = zone->first;
+    if (next) {
+        if (next->ptr == ptr)
+            zone->first = next->next;   /* first one is it, remove from list */
+        else {
+            do {                        /* search the linked list */
+                item = next;
+                next = item->next;
+            } while (next != NULL && next->ptr != ptr);
+            if (next) {                 /* if found, remove from linked list */
+                item->next = next->next;
+                zone->notlifo++;        /* not a LIFO free */
+            }
+
+        }
+    }
+
+    /* if found, update the statistics and free the item */
+    if (next) {
+        zone->total -= next->size;
+        free(next);
+    }
+
+    /* if not found, update the rogue count */
+    else
+        zone->rogue++;
+
+    /* in any case, do the requested free with the standard library function */
+    free(ptr);
+}
+
+/* set up a controlled memory allocation space for monitoring, set the stream
+   parameters to the controlled routines, with opaque pointing to the space */
+local void mem_setup(z_stream *strm)
+{
+    struct mem_zone *zone;
+
+    zone = malloc(sizeof(struct mem_zone));
+    assert(zone != NULL);
+    zone->first = NULL;
+    zone->total = 0;
+    zone->highwater = 0;
+    zone->limit = 0;
+    zone->notlifo = 0;
+    zone->rogue = 0;
+    strm->opaque = zone;
+    strm->zalloc = mem_alloc;
+    strm->zfree = mem_free;
+}
+
+/* set a limit on the total memory allocation, or 0 to remove the limit */
+local void mem_limit(z_stream *strm, size_t limit)
+{
+    struct mem_zone *zone = strm->opaque;
+
+    zone->limit = limit;
+}
+
+/* show the current total requested allocations in bytes */
+local void mem_used(z_stream *strm, char *prefix)
+{
+    struct mem_zone *zone = strm->opaque;
+
+    fprintf(stderr, "%s: %lu allocated\n", prefix, zone->total);
+}
+
+/* show the high water allocation in bytes */
+local void mem_high(z_stream *strm, char *prefix)
+{
+    struct mem_zone *zone = strm->opaque;
+
+    fprintf(stderr, "%s: %lu high water mark\n", prefix, zone->highwater);
+}
+
+/* release the memory allocation zone -- if there are any surprises, notify */
+local void mem_done(z_stream *strm, char *prefix)
+{
+    int count = 0;
+    struct mem_item *item, *next;
+    struct mem_zone *zone = strm->opaque;
+
+    /* show high water mark */
+    mem_high(strm, prefix);
+
+    /* free leftover allocations and item structures, if any */
+    item = zone->first;
+    while (item != NULL) {
+        free(item->ptr);
+        next = item->next;
+        free(item);
+        item = next;
+        count++;
+    }
+
+    /* issue alerts about anything unexpected */
+    if (count || zone->total)
+        fprintf(stderr, "** %s: %lu bytes in %d blocks not freed\n",
+                prefix, zone->total, count);
+    if (zone->notlifo)
+        fprintf(stderr, "** %s: %d frees not LIFO\n", prefix, zone->notlifo);
+    if (zone->rogue)
+        fprintf(stderr, "** %s: %d frees not recognized\n",
+                prefix, zone->rogue);
+
+    /* free the zone and delete from the stream */
+    free(zone);
+    strm->opaque = Z_NULL;
+    strm->zalloc = Z_NULL;
+    strm->zfree = Z_NULL;
+}
+
+/* -- inflate test routines -- */
+
+/* Decode a hexadecimal string, set *len to length, in[] to the bytes.  This
+   decodes liberally, in that hex digits can be adjacent, in which case two in
+   a row writes a byte.  Or they can be delimited by any non-hex character,
+   where the delimiters are ignored except when a single hex digit is followed
+   by a delimiter, where that single digit writes a byte.  The returned data is
+   allocated and must eventually be freed.  NULL is returned if out of memory.
+   If the length is not needed, then len can be NULL. */
+local unsigned char *h2b(const char *hex, unsigned *len)
+{
+    unsigned char *in, *re;
+    unsigned next, val;
+
+    in = malloc((strlen(hex) + 1) >> 1);
+    if (in == NULL)
+        return NULL;
+    next = 0;
+    val = 1;
+    do {
+        if (*hex >= '0' && *hex <= '9')
+            val = (val << 4) + *hex - '0';
+        else if (*hex >= 'A' && *hex <= 'F')
+            val = (val << 4) + *hex - 'A' + 10;
+        else if (*hex >= 'a' && *hex <= 'f')
+            val = (val << 4) + *hex - 'a' + 10;
+        else if (val != 1 && val < 32)  /* one digit followed by delimiter */
+            val += 240;                 /* make it look like two digits */
+        if (val > 255) {                /* have two digits */
+            in[next++] = val & 0xff;    /* save the decoded byte */
+            val = 1;                    /* start over */
+        }
+    } while (*hex++);       /* go through the loop with the terminating null */
+    if (len != NULL)
+        *len = next;
+    re = realloc(in, next);
+    return re == NULL ? in : re;
+}
+
+/* generic inflate() run, where hex is the hexadecimal input data, what is the
+   text to include in an error message, step is how much input data to feed
+   inflate() on each call, or zero to feed it all, win is the window bits
+   parameter to inflateInit2(), len is the size of the output buffer, and err
+   is the error code expected from the first inflate() call (the second
+   inflate() call is expected to return Z_STREAM_END).  If win is 47, then
+   header information is collected with inflateGetHeader().  If a zlib stream
+   is looking for a dictionary, then an empty dictionary is provided.
+   inflate() is run until all of the input data is consumed. */
+local void inf(char *hex, char *what, unsigned step, int win, unsigned len,
+               int err)
+{
+    int ret;
+    unsigned have;
+    unsigned char *in, *out;
+    z_stream strm, copy;
+    gz_header head;
+
+    mem_setup(&strm);
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit2(&strm, win);
+    if (ret != Z_OK) {
+        mem_done(&strm, what);
+        return;
+    }
+    out = malloc(len);                          assert(out != NULL);
+    if (win == 47) {
+        head.extra = out;
+        head.extra_max = len;
+        head.name = out;
+        head.name_max = len;
+        head.comment = out;
+        head.comm_max = len;
+        ret = inflateGetHeader(&strm, &head);   assert(ret == Z_OK);
+    }
+    in = h2b(hex, &have);                       assert(in != NULL);
+    if (step == 0 || step > have)
+        step = have;
+    strm.avail_in = step;
+    have -= step;
+    strm.next_in = in;
+    do {
+        strm.avail_out = len;
+        strm.next_out = out;
+        ret = inflate(&strm, Z_NO_FLUSH);       assert(err == 9 || ret == err);
+        if (ret != Z_OK && ret != Z_BUF_ERROR && ret != Z_NEED_DICT)
+            break;
+        if (ret == Z_NEED_DICT) {
+            ret = inflateSetDictionary(&strm, in, 1);
+                                                assert(ret == Z_DATA_ERROR);
+            mem_limit(&strm, 1);
+            ret = inflateSetDictionary(&strm, out, 0);
+                                                assert(ret == Z_MEM_ERROR);
+            mem_limit(&strm, 0);
+            ((struct inflate_state *)strm.state)->mode = DICT;
+            ret = inflateSetDictionary(&strm, out, 0);
+                                                assert(ret == Z_OK);
+            ret = inflate(&strm, Z_NO_FLUSH);   assert(ret == Z_BUF_ERROR);
+        }
+        ret = inflateCopy(&copy, &strm);        assert(ret == Z_OK);
+        ret = inflateEnd(&copy);                assert(ret == Z_OK);
+        err = 9;                        /* don't care next time around */
+        have += strm.avail_in;
+        strm.avail_in = step > have ? have : step;
+        have -= strm.avail_in;
+    } while (strm.avail_in);
+    free(in);
+    free(out);
+    ret = inflateReset2(&strm, -8);             assert(ret == Z_OK);
+    ret = inflateEnd(&strm);                    assert(ret == Z_OK);
+    mem_done(&strm, what);
+}
+
+/* cover all of the lines in inflate.c up to inflate() */
+local void cover_support(void)
+{
+    int ret;
+    z_stream strm;
+
+    mem_setup(&strm);
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit(&strm);                   assert(ret == Z_OK);
+    mem_used(&strm, "inflate init");
+    ret = inflatePrime(&strm, 5, 31);           assert(ret == Z_OK);
+    ret = inflatePrime(&strm, -1, 0);           assert(ret == Z_OK);
+    ret = inflateSetDictionary(&strm, Z_NULL, 0);
+                                                assert(ret == Z_STREAM_ERROR);
+    ret = inflateEnd(&strm);                    assert(ret == Z_OK);
+    mem_done(&strm, "prime");
+
+    inf("63 0", "force window allocation", 0, -15, 1, Z_OK);
+    inf("63 18 5", "force window replacement", 0, -8, 259, Z_OK);
+    inf("63 18 68 30 d0 0 0", "force split window update", 4, -8, 259, Z_OK);
+    inf("3 0", "use fixed blocks", 0, -15, 1, Z_STREAM_END);
+    inf("", "bad window size", 0, 1, 0, Z_STREAM_ERROR);
+
+    mem_setup(&strm);
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit_(&strm, "!", (int)sizeof(z_stream));
+                                                assert(ret == Z_VERSION_ERROR);
+    mem_done(&strm, "wrong version");
+
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit(&strm);                   assert(ret == Z_OK);
+    ret = inflateEnd(&strm);                    assert(ret == Z_OK);
+    fputs("inflate built-in memory routines\n", stderr);
+}
+
+/* cover all inflate() header and trailer cases and code after inflate() */
+local void cover_wrap(void)
+{
+    int ret;
+    z_stream strm, copy;
+    unsigned char dict[257];
+
+    ret = inflate(Z_NULL, 0);                   assert(ret == Z_STREAM_ERROR);
+    ret = inflateEnd(Z_NULL);                   assert(ret == Z_STREAM_ERROR);
+    ret = inflateCopy(Z_NULL, Z_NULL);          assert(ret == Z_STREAM_ERROR);
+    fputs("inflate bad parameters\n", stderr);
+
+    inf("1f 8b 0 0", "bad gzip method", 0, 31, 0, Z_DATA_ERROR);
+    inf("1f 8b 8 80", "bad gzip flags", 0, 31, 0, Z_DATA_ERROR);
+    inf("77 85", "bad zlib method", 0, 15, 0, Z_DATA_ERROR);
+    inf("8 99", "set window size from header", 0, 0, 0, Z_OK);
+    inf("78 9c", "bad zlib window size", 0, 8, 0, Z_DATA_ERROR);
+    inf("78 9c 63 0 0 0 1 0 1", "check adler32", 0, 15, 1, Z_STREAM_END);
+    inf("1f 8b 8 1e 0 0 0 0 0 0 1 0 0 0 0 0 0", "bad header crc", 0, 47, 1,
+        Z_DATA_ERROR);
+    inf("1f 8b 8 2 0 0 0 0 0 0 1d 26 3 0 0 0 0 0 0 0 0 0", "check gzip length",
+        0, 47, 0, Z_STREAM_END);
+    inf("78 90", "bad zlib header check", 0, 47, 0, Z_DATA_ERROR);
+    inf("8 b8 0 0 0 1", "need dictionary", 0, 8, 0, Z_NEED_DICT);
+    inf("78 9c 63 0", "compute adler32", 0, 15, 1, Z_OK);
+
+    mem_setup(&strm);
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit2(&strm, -8);
+    strm.avail_in = 2;
+    strm.next_in = (void *)"\x63";
+    strm.avail_out = 1;
+    strm.next_out = (void *)&ret;
+    mem_limit(&strm, 1);
+    ret = inflate(&strm, Z_NO_FLUSH);           assert(ret == Z_MEM_ERROR);
+    ret = inflate(&strm, Z_NO_FLUSH);           assert(ret == Z_MEM_ERROR);
+    mem_limit(&strm, 0);
+    memset(dict, 0, 257);
+    ret = inflateSetDictionary(&strm, dict, 257);
+                                                assert(ret == Z_OK);
+    mem_limit(&strm, (sizeof(struct inflate_state) << 1) + 256);
+    ret = inflatePrime(&strm, 16, 0);           assert(ret == Z_OK);
+    strm.avail_in = 2;
+    strm.next_in = (void *)"\x80";
+    ret = inflateSync(&strm);                   assert(ret == Z_DATA_ERROR);
+    ret = inflate(&strm, Z_NO_FLUSH);           assert(ret == Z_STREAM_ERROR);
+    strm.avail_in = 4;
+    strm.next_in = (void *)"\0\0\xff\xff";
+    ret = inflateSync(&strm);                   assert(ret == Z_OK);
+    (void)inflateSyncPoint(&strm);
+    ret = inflateCopy(&copy, &strm);            assert(ret == Z_MEM_ERROR);
+    mem_limit(&strm, 0);
+    ret = inflateUndermine(&strm, 1);           assert(ret == Z_DATA_ERROR);
+    (void)inflateMark(&strm);
+    ret = inflateEnd(&strm);                    assert(ret == Z_OK);
+    mem_done(&strm, "miscellaneous, force memory errors");
+}
+
+/* input and output functions for inflateBack() */
+local unsigned pull(void *desc, unsigned char **buf)
+{
+    static unsigned int next = 0;
+    static unsigned char dat[] = {0x63, 0, 2, 0};
+    struct inflate_state *state;
+
+    if (desc == Z_NULL) {
+        next = 0;
+        return 0;   /* no input (already provided at next_in) */
+    }
+    state = (void *)((z_stream *)desc)->state;
+    if (state != Z_NULL)
+        state->mode = SYNC;     /* force an otherwise impossible situation */
+    return next < sizeof(dat) ? (*buf = dat + next++, 1) : 0;
+}
+
+local int push(void *desc, unsigned char *buf, unsigned len)
+{
+    (void)buf;
+    (void)len;
+    return desc != Z_NULL;      /* force error if desc not null */
+}
+
+/* cover inflateBack() up to common deflate data cases and after those */
+local void cover_back(void)
+{
+    int ret;
+    z_stream strm;
+    unsigned char win[32768];
+
+    ret = inflateBackInit_(Z_NULL, 0, win, 0, 0);
+                                                assert(ret == Z_VERSION_ERROR);
+    ret = inflateBackInit(Z_NULL, 0, win);      assert(ret == Z_STREAM_ERROR);
+    ret = inflateBack(Z_NULL, Z_NULL, Z_NULL, Z_NULL, Z_NULL);
+                                                assert(ret == Z_STREAM_ERROR);
+    ret = inflateBackEnd(Z_NULL);               assert(ret == Z_STREAM_ERROR);
+    fputs("inflateBack bad parameters\n", stderr);
+
+    mem_setup(&strm);
+    ret = inflateBackInit(&strm, 15, win);      assert(ret == Z_OK);
+    strm.avail_in = 2;
+    strm.next_in = (void *)"\x03";
+    ret = inflateBack(&strm, pull, Z_NULL, push, Z_NULL);
+                                                assert(ret == Z_STREAM_END);
+        /* force output error */
+    strm.avail_in = 3;
+    strm.next_in = (void *)"\x63\x00";
+    ret = inflateBack(&strm, pull, Z_NULL, push, &strm);
+                                                assert(ret == Z_BUF_ERROR);
+        /* force mode error by mucking with state */
+    ret = inflateBack(&strm, pull, &strm, push, Z_NULL);
+                                                assert(ret == Z_STREAM_ERROR);
+    ret = inflateBackEnd(&strm);                assert(ret == Z_OK);
+    mem_done(&strm, "inflateBack bad state");
+
+    ret = inflateBackInit(&strm, 15, win);      assert(ret == Z_OK);
+    ret = inflateBackEnd(&strm);                assert(ret == Z_OK);
+    fputs("inflateBack built-in memory routines\n", stderr);
+}
+
+/* do a raw inflate of data in hexadecimal with both inflate and inflateBack */
+local int try(char *hex, char *id, int err)
+{
+    int ret;
+    unsigned len, size;
+    unsigned char *in, *out, *win;
+    char *prefix;
+    z_stream strm;
+
+    /* convert to hex */
+    in = h2b(hex, &len);
+    assert(in != NULL);
+
+    /* allocate work areas */
+    size = len << 3;
+    out = malloc(size);
+    assert(out != NULL);
+    win = malloc(32768);
+    assert(win != NULL);
+    prefix = malloc(strlen(id) + 6);
+    assert(prefix != NULL);
+
+    /* first with inflate */
+    strcpy(prefix, id);
+    strcat(prefix, "-late");
+    mem_setup(&strm);
+    strm.avail_in = 0;
+    strm.next_in = Z_NULL;
+    ret = inflateInit2(&strm, err < 0 ? 47 : -15);
+    assert(ret == Z_OK);
+    strm.avail_in = len;
+    strm.next_in = in;
+    do {
+        strm.avail_out = size;
+        strm.next_out = out;
+        ret = inflate(&strm, Z_TREES);
+        assert(ret != Z_STREAM_ERROR && ret != Z_MEM_ERROR);
+        if (ret == Z_DATA_ERROR || ret == Z_NEED_DICT)
+            break;
+    } while (strm.avail_in || strm.avail_out == 0);
+    if (err) {
+        assert(ret == Z_DATA_ERROR);
+        assert(strcmp(id, strm.msg) == 0);
+    }
+    inflateEnd(&strm);
+    mem_done(&strm, prefix);
+
+    /* then with inflateBack */
+    if (err >= 0) {
+        strcpy(prefix, id);
+        strcat(prefix, "-back");
+        mem_setup(&strm);
+        ret = inflateBackInit(&strm, 15, win);
+        assert(ret == Z_OK);
+        strm.avail_in = len;
+        strm.next_in = in;
+        ret = inflateBack(&strm, pull, Z_NULL, push, Z_NULL);
+        assert(ret != Z_STREAM_ERROR);
+        if (err) {
+            assert(ret == Z_DATA_ERROR);
+            assert(strcmp(id, strm.msg) == 0);
+        }
+        inflateBackEnd(&strm);
+        mem_done(&strm, prefix);
+    }
+
+    /* clean up */
+    free(prefix);
+    free(win);
+    free(out);
+    free(in);
+    return ret;
+}
+
+/* cover deflate data cases in both inflate() and inflateBack() */
+local void cover_inflate(void)
+{
+    try("0 0 0 0 0", "invalid stored block lengths", 1);
+    try("3 0", "fixed", 0);
+    try("6", "invalid block type", 1);
+    try("1 1 0 fe ff 0", "stored", 0);
+    try("fc 0 0", "too many length or distance symbols", 1);
+    try("4 0 fe ff", "invalid code lengths set", 1);
+    try("4 0 24 49 0", "invalid bit length repeat", 1);
+    try("4 0 24 e9 ff ff", "invalid bit length repeat", 1);
+    try("4 0 24 e9 ff 6d", "invalid code -- missing end-of-block", 1);
+    try("4 80 49 92 24 49 92 24 71 ff ff 93 11 0",
+        "invalid literal/lengths set", 1);
+    try("4 80 49 92 24 49 92 24 f b4 ff ff c3 84", "invalid distances set", 1);
+    try("4 c0 81 8 0 0 0 0 20 7f eb b 0 0", "invalid literal/length code", 1);
+    try("2 7e ff ff", "invalid distance code", 1);
+    try("c c0 81 0 0 0 0 0 90 ff 6b 4 0", "invalid distance too far back", 1);
+
+    /* also trailer mismatch just in inflate() */
+    try("1f 8b 8 0 0 0 0 0 0 0 3 0 0 0 0 1", "incorrect data check", -1);
+    try("1f 8b 8 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 1",
+        "incorrect length check", -1);
+    try("5 c0 21 d 0 0 0 80 b0 fe 6d 2f 91 6c", "pull 17", 0);
+    try("5 e0 81 91 24 cb b2 2c 49 e2 f 2e 8b 9a 47 56 9f fb fe ec d2 ff 1f",
+        "long code", 0);
+    try("ed c0 1 1 0 0 0 40 20 ff 57 1b 42 2c 4f", "length extra", 0);
+    try("ed cf c1 b1 2c 47 10 c4 30 fa 6f 35 1d 1 82 59 3d fb be 2e 2a fc f c",
+        "long distance and extra", 0);
+    try("ed c0 81 0 0 0 0 80 a0 fd a9 17 a9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 "
+        "0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6", "window end", 0);
+    inf("2 8 20 80 0 3 0", "inflate_fast TYPE return", 0, -15, 258,
+        Z_STREAM_END);
+    inf("63 18 5 40 c 0", "window wrap", 3, -8, 300, Z_OK);
+}
+
+/* cover remaining lines in inftrees.c */
+local void cover_trees(void)
+{
+    int ret;
+    unsigned bits;
+    unsigned short lens[16], work[16];
+    code *next, table[ENOUGH_DISTS];
+
+    /* we need to call inflate_table() directly in order to manifest not-
+       enough errors, since zlib insures that enough is always enough */
+    for (bits = 0; bits < 15; bits++)
+        lens[bits] = (unsigned short)(bits + 1);
+    lens[15] = 15;
+    next = table;
+    bits = 15;
+    ret = inflate_table(DISTS, lens, 16, &next, &bits, work);
+                                                assert(ret == 1);
+    next = table;
+    bits = 1;
+    ret = inflate_table(DISTS, lens, 16, &next, &bits, work);
+                                                assert(ret == 1);
+    fputs("inflate_table not enough errors\n", stderr);
+}
+
+/* cover remaining inffast.c decoding and window copying */
+local void cover_fast(void)
+{
+    inf("e5 e0 81 ad 6d cb b2 2c c9 01 1e 59 63 ae 7d ee fb 4d fd b5 35 41 68"
+        " ff 7f 0f 0 0 0", "fast length extra bits", 0, -8, 258, Z_DATA_ERROR);
+    inf("25 fd 81 b5 6d 59 b6 6a 49 ea af 35 6 34 eb 8c b9 f6 b9 1e ef 67 49"
+        " 50 fe ff ff 3f 0 0", "fast distance extra bits", 0, -8, 258,
+        Z_DATA_ERROR);
+    inf("3 7e 0 0 0 0 0", "fast invalid distance code", 0, -8, 258,
+        Z_DATA_ERROR);
+    inf("1b 7 0 0 0 0 0", "fast invalid literal/length code", 0, -8, 258,
+        Z_DATA_ERROR);
+    inf("d c7 1 ae eb 38 c 4 41 a0 87 72 de df fb 1f b8 36 b1 38 5d ff ff 0",
+        "fast 2nd level codes and too far back", 0, -8, 258, Z_DATA_ERROR);
+    inf("63 18 5 8c 10 8 0 0 0 0", "very common case", 0, -8, 259, Z_OK);
+    inf("63 60 60 18 c9 0 8 18 18 18 26 c0 28 0 29 0 0 0",
+        "contiguous and wrap around window", 6, -8, 259, Z_OK);
+    inf("63 0 3 0 0 0 0 0", "copy direct from output", 0, -8, 259,
+        Z_STREAM_END);
+}
+
+int main(void)
+{
+    fprintf(stderr, "%s\n", zlibVersion());
+    cover_support();
+    cover_wrap();
+    cover_back();
+    cover_inflate();
+    cover_trees();
+    cover_fast();
+    return 0;
+}
diff --git a/zlib-1.3.1/test/minigzip.c b/zlib-1.3.1/test/minigzip.c
new file mode 100644
index 00000000..134e10e6
--- /dev/null
+++ b/zlib-1.3.1/test/minigzip.c
@@ -0,0 +1,579 @@
+/* minigzip.c -- simulate gzip using the zlib compression library
+ * Copyright (C) 1995-2006, 2010, 2011, 2016 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * minigzip is a minimal implementation of the gzip utility. This is
+ * only an example of using zlib and isn't meant to replace the
+ * full-featured gzip. No attempt is made to deal with file systems
+ * limiting names to 14 or 8+3 characters, etc... Error checking is
+ * very limited. So use minigzip only for testing; use gzip for the
+ * real thing. On MSDOS, use only on file names without extension
+ * or in pipe mode.
+ */
+
+/* @(#) $Id$ */
+
+#include "zlib.h"
+#include <stdio.h>
+
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#ifdef USE_MMAP
+#  include <sys/types.h>
+#  include <sys/mman.h>
+#  include <sys/stat.h>
+#endif
+
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include <fcntl.h>
+#  include <io.h>
+#  ifdef UNDER_CE
+#    include <stdlib.h>
+#  endif
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+
+#if defined(_MSC_VER) && _MSC_VER < 1900
+#  define snprintf _snprintf
+#endif
+
+#ifdef VMS
+#  define unlink delete
+#  define GZ_SUFFIX "-gz"
+#endif
+#ifdef RISCOS
+#  define unlink remove
+#  define GZ_SUFFIX "-gz"
+#  define fileno(file) file->__file
+#endif
+#if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
+#  include <unix.h> /* for fileno */
+#endif
+
+#if !defined(Z_HAVE_UNISTD_H) && !defined(_LARGEFILE64_SOURCE)
+#ifndef WIN32 /* unlink already in stdio.h for WIN32 */
+  extern int unlink(const char *);
+#endif
+#endif
+
+#if defined(UNDER_CE)
+#  include <windows.h>
+#  define perror(s) pwinerror(s)
+
+/* Map the Windows error number in ERROR to a locale-dependent error
+   message string and return a pointer to it.  Typically, the values
+   for ERROR come from GetLastError.
+
+   The string pointed to shall not be modified by the application,
+   but may be overwritten by a subsequent call to strwinerror
+
+   The strwinerror function does not change the current setting
+   of GetLastError.  */
+
+static char *strwinerror (error)
+     DWORD error;
+{
+    static char buf[1024];
+
+    wchar_t *msgbuf;
+    DWORD lasterr = GetLastError();
+    DWORD chars = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM
+        | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+        NULL,
+        error,
+        0, /* Default language */
+        (LPVOID)&msgbuf,
+        0,
+        NULL);
+    if (chars != 0) {
+        /* If there is an \r\n appended, zap it.  */
+        if (chars >= 2
+            && msgbuf[chars - 2] == '\r' && msgbuf[chars - 1] == '\n') {
+            chars -= 2;
+            msgbuf[chars] = 0;
+        }
+
+        if (chars > sizeof (buf) - 1) {
+            chars = sizeof (buf) - 1;
+            msgbuf[chars] = 0;
+        }
+
+        wcstombs(buf, msgbuf, chars + 1);
+        LocalFree(msgbuf);
+    }
+    else {
+        sprintf(buf, "unknown win32 error (%ld)", error);
+    }
+
+    SetLastError(lasterr);
+    return buf;
+}
+
+static void pwinerror (s)
+    const char *s;
+{
+    if (s && *s)
+        fprintf(stderr, "%s: %s\n", s, strwinerror(GetLastError ()));
+    else
+        fprintf(stderr, "%s\n", strwinerror(GetLastError ()));
+}
+
+#endif /* UNDER_CE */
+
+#ifndef GZ_SUFFIX
+#  define GZ_SUFFIX ".gz"
+#endif
+#define SUFFIX_LEN (sizeof(GZ_SUFFIX)-1)
+
+#define BUFLEN      16384
+#define MAX_NAME_LEN 1024
+
+#ifdef MAXSEG_64K
+#  define local static
+   /* Needed for systems with limitation on stack size. */
+#else
+#  define local
+#endif
+
+#ifdef Z_SOLO
+/* for Z_SOLO, create simplified gz* functions using deflate and inflate */
+
+#if defined(Z_HAVE_UNISTD_H) || defined(Z_LARGE)
+#  include <unistd.h>       /* for unlink() */
+#endif
+
+static void *myalloc(void *q, unsigned n, unsigned m) {
+    (void)q;
+    return calloc(n, m);
+}
+
+static void myfree(void *q, void *p) {
+    (void)q;
+    free(p);
+}
+
+typedef struct gzFile_s {
+    FILE *file;
+    int write;
+    int err;
+    char *msg;
+    z_stream strm;
+} *gzFile;
+
+static gzFile gz_open(const char *path, int fd, const char *mode) {
+    gzFile gz;
+    int ret;
+
+    gz = malloc(sizeof(struct gzFile_s));
+    if (gz == NULL)
+        return NULL;
+    gz->write = strchr(mode, 'w') != NULL;
+    gz->strm.zalloc = myalloc;
+    gz->strm.zfree = myfree;
+    gz->strm.opaque = Z_NULL;
+    if (gz->write)
+        ret = deflateInit2(&(gz->strm), -1, 8, 15 + 16, 8, 0);
+    else {
+        gz->strm.next_in = 0;
+        gz->strm.avail_in = Z_NULL;
+        ret = inflateInit2(&(gz->strm), 15 + 16);
+    }
+    if (ret != Z_OK) {
+        free(gz);
+        return NULL;
+    }
+    gz->file = path == NULL ? fdopen(fd, gz->write ? "wb" : "rb") :
+                              fopen(path, gz->write ? "wb" : "rb");
+    if (gz->file == NULL) {
+        gz->write ? deflateEnd(&(gz->strm)) : inflateEnd(&(gz->strm));
+        free(gz);
+        return NULL;
+    }
+    gz->err = 0;
+    gz->msg = "";
+    return gz;
+}
+
+static gzFile gzopen(const char *path, const char *mode) {
+    return gz_open(path, -1, mode);
+}
+
+static gzFile gzdopen(int fd, const char *mode) {
+    return gz_open(NULL, fd, mode);
+}
+
+static int gzwrite(gzFile gz, const void *buf, unsigned len) {
+    z_stream *strm;
+    unsigned char out[BUFLEN];
+
+    if (gz == NULL || !gz->write)
+        return 0;
+    strm = &(gz->strm);
+    strm->next_in = (void *)buf;
+    strm->avail_in = len;
+    do {
+        strm->next_out = out;
+        strm->avail_out = BUFLEN;
+        (void)deflate(strm, Z_NO_FLUSH);
+        fwrite(out, 1, BUFLEN - strm->avail_out, gz->file);
+    } while (strm->avail_out == 0);
+    return len;
+}
+
+static int gzread(gzFile gz, void *buf, unsigned len) {
+    int ret;
+    unsigned got;
+    unsigned char in[1];
+    z_stream *strm;
+
+    if (gz == NULL || gz->write)
+        return 0;
+    if (gz->err)
+        return 0;
+    strm = &(gz->strm);
+    strm->next_out = (void *)buf;
+    strm->avail_out = len;
+    do {
+        got = fread(in, 1, 1, gz->file);
+        if (got == 0)
+            break;
+        strm->next_in = in;
+        strm->avail_in = 1;
+        ret = inflate(strm, Z_NO_FLUSH);
+        if (ret == Z_DATA_ERROR) {
+            gz->err = Z_DATA_ERROR;
+            gz->msg = strm->msg;
+            return 0;
+        }
+        if (ret == Z_STREAM_END)
+            inflateReset(strm);
+    } while (strm->avail_out);
+    return len - strm->avail_out;
+}
+
+static int gzclose(gzFile gz) {
+    z_stream *strm;
+    unsigned char out[BUFLEN];
+
+    if (gz == NULL)
+        return Z_STREAM_ERROR;
+    strm = &(gz->strm);
+    if (gz->write) {
+        strm->next_in = Z_NULL;
+        strm->avail_in = 0;
+        do {
+            strm->next_out = out;
+            strm->avail_out = BUFLEN;
+            (void)deflate(strm, Z_FINISH);
+            fwrite(out, 1, BUFLEN - strm->avail_out, gz->file);
+        } while (strm->avail_out == 0);
+        deflateEnd(strm);
+    }
+    else
+        inflateEnd(strm);
+    fclose(gz->file);
+    free(gz);
+    return Z_OK;
+}
+
+static const char *gzerror(gzFile gz, int *err) {
+    *err = gz->err;
+    return gz->msg;
+}
+
+#endif
+
+static char *prog;
+
+/* ===========================================================================
+ * Display error message and exit
+ */
+static void error(const char *msg) {
+    fprintf(stderr, "%s: %s\n", prog, msg);
+    exit(1);
+}
+
+#ifdef USE_MMAP /* MMAP version, Miguel Albrecht <malbrech@eso.org> */
+
+/* Try compressing the input file at once using mmap. Return Z_OK if
+ * success, Z_ERRNO otherwise.
+ */
+static int gz_compress_mmap(FILE *in, gzFile out) {
+    int len;
+    int err;
+    int ifd = fileno(in);
+    caddr_t buf;    /* mmap'ed buffer for the entire input file */
+    off_t buf_len;  /* length of the input file */
+    struct stat sb;
+
+    /* Determine the size of the file, needed for mmap: */
+    if (fstat(ifd, &sb) < 0) return Z_ERRNO;
+    buf_len = sb.st_size;
+    if (buf_len <= 0) return Z_ERRNO;
+
+    /* Now do the actual mmap: */
+    buf = mmap((caddr_t) 0, buf_len, PROT_READ, MAP_SHARED, ifd, (off_t)0);
+    if (buf == (caddr_t)(-1)) return Z_ERRNO;
+
+    /* Compress the whole file at once: */
+    len = gzwrite(out, (char *)buf, (unsigned)buf_len);
+
+    if (len != (int)buf_len) error(gzerror(out, &err));
+
+    munmap(buf, buf_len);
+    fclose(in);
+    if (gzclose(out) != Z_OK) error("failed gzclose");
+    return Z_OK;
+}
+#endif /* USE_MMAP */
+
+/* ===========================================================================
+ * Compress input to output then close both files.
+ */
+
+static void gz_compress(FILE *in, gzFile out) {
+    local char buf[BUFLEN];
+    int len;
+    int err;
+
+#ifdef USE_MMAP
+    /* Try first compressing with mmap. If mmap fails (minigzip used in a
+     * pipe), use the normal fread loop.
+     */
+    if (gz_compress_mmap(in, out) == Z_OK) return;
+#endif
+    for (;;) {
+        len = (int)fread(buf, 1, sizeof(buf), in);
+        if (ferror(in)) {
+            perror("fread");
+            exit(1);
+        }
+        if (len == 0) break;
+
+        if (gzwrite(out, buf, (unsigned)len) != len) error(gzerror(out, &err));
+    }
+    fclose(in);
+    if (gzclose(out) != Z_OK) error("failed gzclose");
+}
+
+/* ===========================================================================
+ * Uncompress input to output then close both files.
+ */
+static void gz_uncompress(gzFile in, FILE *out) {
+    local char buf[BUFLEN];
+    int len;
+    int err;
+
+    for (;;) {
+        len = gzread(in, buf, sizeof(buf));
+        if (len < 0) error (gzerror(in, &err));
+        if (len == 0) break;
+
+        if ((int)fwrite(buf, 1, (unsigned)len, out) != len) {
+            error("failed fwrite");
+        }
+    }
+    if (fclose(out)) error("failed fclose");
+
+    if (gzclose(in) != Z_OK) error("failed gzclose");
+}
+
+
+/* ===========================================================================
+ * Compress the given file: create a corresponding .gz file and remove the
+ * original.
+ */
+static void file_compress(char *file, char *mode) {
+    local char outfile[MAX_NAME_LEN];
+    FILE  *in;
+    gzFile out;
+
+    if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
+        fprintf(stderr, "%s: filename too long\n", prog);
+        exit(1);
+    }
+
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    snprintf(outfile, sizeof(outfile), "%s%s", file, GZ_SUFFIX);
+#else
+    strcpy(outfile, file);
+    strcat(outfile, GZ_SUFFIX);
+#endif
+
+    in = fopen(file, "rb");
+    if (in == NULL) {
+        perror(file);
+        exit(1);
+    }
+    out = gzopen(outfile, mode);
+    if (out == NULL) {
+        fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile);
+        exit(1);
+    }
+    gz_compress(in, out);
+
+    unlink(file);
+}
+
+
+/* ===========================================================================
+ * Uncompress the given file and remove the original.
+ */
+static void file_uncompress(char *file) {
+    local char buf[MAX_NAME_LEN];
+    char *infile, *outfile;
+    FILE  *out;
+    gzFile in;
+    z_size_t len = strlen(file);
+
+    if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
+        fprintf(stderr, "%s: filename too long\n", prog);
+        exit(1);
+    }
+
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    snprintf(buf, sizeof(buf), "%s", file);
+#else
+    strcpy(buf, file);
+#endif
+
+    if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) {
+        infile = file;
+        outfile = buf;
+        outfile[len-3] = '\0';
+    } else {
+        outfile = file;
+        infile = buf;
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+        snprintf(buf + len, sizeof(buf) - len, "%s", GZ_SUFFIX);
+#else
+        strcat(infile, GZ_SUFFIX);
+#endif
+    }
+    in = gzopen(infile, "rb");
+    if (in == NULL) {
+        fprintf(stderr, "%s: can't gzopen %s\n", prog, infile);
+        exit(1);
+    }
+    out = fopen(outfile, "wb");
+    if (out == NULL) {
+        perror(file);
+        exit(1);
+    }
+
+    gz_uncompress(in, out);
+
+    unlink(infile);
+}
+
+
+/* ===========================================================================
+ * Usage:  minigzip [-c] [-d] [-f] [-h] [-r] [-1 to -9] [files...]
+ *   -c : write to standard output
+ *   -d : decompress
+ *   -f : compress with Z_FILTERED
+ *   -h : compress with Z_HUFFMAN_ONLY
+ *   -r : compress with Z_RLE
+ *   -1 to -9 : compression level
+ */
+
+int main(int argc, char *argv[]) {
+    int copyout = 0;
+    int uncompr = 0;
+    gzFile file;
+    char *bname, outmode[20];
+
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    snprintf(outmode, sizeof(outmode), "%s", "wb6 ");
+#else
+    strcpy(outmode, "wb6 ");
+#endif
+
+    prog = argv[0];
+    bname = strrchr(argv[0], '/');
+    if (bname)
+      bname++;
+    else
+      bname = argv[0];
+    argc--, argv++;
+
+    if (!strcmp(bname, "gunzip"))
+      uncompr = 1;
+    else if (!strcmp(bname, "zcat"))
+      copyout = uncompr = 1;
+
+    while (argc > 0) {
+      if (strcmp(*argv, "-c") == 0)
+        copyout = 1;
+      else if (strcmp(*argv, "-d") == 0)
+        uncompr = 1;
+      else if (strcmp(*argv, "-f") == 0)
+        outmode[3] = 'f';
+      else if (strcmp(*argv, "-h") == 0)
+        outmode[3] = 'h';
+      else if (strcmp(*argv, "-r") == 0)
+        outmode[3] = 'R';
+      else if ((*argv)[0] == '-' && (*argv)[1] >= '1' && (*argv)[1] <= '9' &&
+               (*argv)[2] == 0)
+        outmode[2] = (*argv)[1];
+      else
+        break;
+      argc--, argv++;
+    }
+    if (outmode[3] == ' ')
+        outmode[3] = 0;
+    if (argc == 0) {
+        SET_BINARY_MODE(stdin);
+        SET_BINARY_MODE(stdout);
+        if (uncompr) {
+            file = gzdopen(fileno(stdin), "rb");
+            if (file == NULL) error("can't gzdopen stdin");
+            gz_uncompress(file, stdout);
+        } else {
+            file = gzdopen(fileno(stdout), outmode);
+            if (file == NULL) error("can't gzdopen stdout");
+            gz_compress(stdin, file);
+        }
+    } else {
+        if (copyout) {
+            SET_BINARY_MODE(stdout);
+        }
+        do {
+            if (uncompr) {
+                if (copyout) {
+                    file = gzopen(*argv, "rb");
+                    if (file == NULL)
+                        fprintf(stderr, "%s: can't gzopen %s\n", prog, *argv);
+                    else
+                        gz_uncompress(file, stdout);
+                } else {
+                    file_uncompress(*argv);
+                }
+            } else {
+                if (copyout) {
+                    FILE * in = fopen(*argv, "rb");
+
+                    if (in == NULL) {
+                        perror(*argv);
+                    } else {
+                        file = gzdopen(fileno(stdout), outmode);
+                        if (file == NULL) error("can't gzdopen stdout");
+
+                        gz_compress(in, file);
+                    }
+
+                } else {
+                    file_compress(*argv, outmode);
+                }
+            }
+        } while (argv++, --argc);
+    }
+    return 0;
+}
diff --git a/zlib-1.3.1/treebuild.xml b/zlib-1.3.1/treebuild.xml
new file mode 100644
index 00000000..930b00be
--- /dev/null
+++ b/zlib-1.3.1/treebuild.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" ?>
+<package name="zlib" version="1.3.1">
+    <library name="zlib" dlversion="1.3.1" dlname="z">
+	<property name="description"> zip compression library </property>
+	<property name="include-target-dir" value="$(@PACKAGE/install-includedir)" />
+
+	<!-- fixme: not implemented yet -->
+	<property name="compiler/c/inline" value="yes" />
+
+	<include-file name="zlib.h" scope="public" mode="644" />
+	<include-file name="zconf.h" scope="public" mode="644" />
+
+	<source name="adler32.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	</source>
+	<source name="compress.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	</source>
+	<source name="crc32.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="crc32.h" />
+	</source>
+	<source name="gzclose.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="gzguts.h" />
+	</source>
+	<source name="gzlib.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="gzguts.h" />
+	</source>
+	<source name="gzread.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="gzguts.h" />
+	</source>
+	<source name="gzwrite.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="gzguts.h" />
+	</source>
+	<source name="uncompr.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	</source>
+	<source name="deflate.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	    <depend name="deflate.h" />
+	</source>
+	<source name="trees.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	    <depend name="deflate.h" />
+	    <depend name="trees.h" />
+	</source>
+	<source name="zutil.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	</source>
+	<source name="inflate.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	    <depend name="inftrees.h" />
+	    <depend name="inflate.h" />
+	    <depend name="inffast.h" />
+	</source>
+	<source name="infback.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	    <depend name="inftrees.h" />
+	    <depend name="inflate.h" />
+	    <depend name="inffast.h" />
+	</source>
+	<source name="inftrees.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	    <depend name="inftrees.h" />
+	</source>
+	<source name="inffast.c">
+	    <depend name="zlib.h" />
+	    <depend name="zconf.h" />
+	    <depend name="zutil.h" />
+	    <depend name="inftrees.h" />
+	    <depend name="inflate.h" />
+	    <depend name="inffast.h" />
+	</source>
+    </library>
+</package>
+
+<!--
+CFLAGS=-O
+#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+#CFLAGS=-g -DZLIB_DEBUG
+#CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+#           -Wstrict-prototypes -Wmissing-prototypes
+
+# OBJA =
+# to use the asm code: make OBJA=match.o
+#
+match.o: match.S
+	$(CPP) match.S > _match.s
+	$(CC) -c _match.s
+	mv _match.o match.o
+	rm -f _match.s
+-->
diff --git a/zlib-1.3.1/trees.c b/zlib-1.3.1/trees.c
new file mode 100644
index 00000000..6a523ef3
--- /dev/null
+++ b/zlib-1.3.1/trees.c
@@ -0,0 +1,1117 @@
+/* trees.c -- output deflated data using Huffman coding
+ * Copyright (C) 1995-2024 Jean-loup Gailly
+ * detect_data_type() function provided freely by Cosmin Truta, 2006
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ *  ALGORITHM
+ *
+ *      The "deflation" process uses several Huffman trees. The more
+ *      common source values are represented by shorter bit sequences.
+ *
+ *      Each code tree is stored in a compressed form which is itself
+ * a Huffman encoding of the lengths of all the code strings (in
+ * ascending order by source values).  The actual code strings are
+ * reconstructed from the lengths in the inflate process, as described
+ * in the deflate specification.
+ *
+ *  REFERENCES
+ *
+ *      Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
+ *      Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
+ *
+ *      Storer, James A.
+ *          Data Compression:  Methods and Theory, pp. 49-50.
+ *          Computer Science Press, 1988.  ISBN 0-7167-8156-5.
+ *
+ *      Sedgewick, R.
+ *          Algorithms, p290.
+ *          Addison-Wesley, 1983. ISBN 0-201-06672-6.
+ */
+
+/* @(#) $Id$ */
+
+/* #define GEN_TREES_H */
+
+#include "deflate.h"
+
+#ifdef ZLIB_DEBUG
+#  include <ctype.h>
+#endif
+
+/* ===========================================================================
+ * Constants
+ */
+
+#define MAX_BL_BITS 7
+/* Bit length codes must not exceed MAX_BL_BITS bits */
+
+#define END_BLOCK 256
+/* end of block literal code */
+
+#define REP_3_6      16
+/* repeat previous bit length 3-6 times (2 bits of repeat count) */
+
+#define REPZ_3_10    17
+/* repeat a zero length 3-10 times  (3 bits of repeat count) */
+
+#define REPZ_11_138  18
+/* repeat a zero length 11-138 times  (7 bits of repeat count) */
+
+local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
+   = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
+
+local const int extra_dbits[D_CODES] /* extra bits for each distance code */
+   = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
+
+local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */
+   = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
+
+local const uch bl_order[BL_CODES]
+   = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
+/* The lengths of the bit length codes are sent in order of decreasing
+ * probability, to avoid transmitting the lengths for unused bit length codes.
+ */
+
+/* ===========================================================================
+ * Local data. These are initialized only once.
+ */
+
+#define DIST_CODE_LEN  512 /* see definition of array dist_code below */
+
+#if defined(GEN_TREES_H) || !defined(STDC)
+/* non ANSI compilers may not accept trees.h */
+
+local ct_data static_ltree[L_CODES+2];
+/* The static literal tree. Since the bit lengths are imposed, there is no
+ * need for the L_CODES extra codes used during heap construction. However
+ * The codes 286 and 287 are needed to build a canonical tree (see _tr_init
+ * below).
+ */
+
+local ct_data static_dtree[D_CODES];
+/* The static distance tree. (Actually a trivial tree since all codes use
+ * 5 bits.)
+ */
+
+uch _dist_code[DIST_CODE_LEN];
+/* Distance codes. The first 256 values correspond to the distances
+ * 3 .. 258, the last 256 values correspond to the top 8 bits of
+ * the 15 bit distances.
+ */
+
+uch _length_code[MAX_MATCH-MIN_MATCH+1];
+/* length code for each normalized match length (0 == MIN_MATCH) */
+
+local int base_length[LENGTH_CODES];
+/* First normalized length for each code (0 = MIN_MATCH) */
+
+local int base_dist[D_CODES];
+/* First normalized distance for each code (0 = distance of 1) */
+
+#else
+#  include "trees.h"
+#endif /* GEN_TREES_H */
+
+struct static_tree_desc_s {
+    const ct_data *static_tree;  /* static tree or NULL */
+    const intf *extra_bits;      /* extra bits for each code or NULL */
+    int     extra_base;          /* base index for extra_bits */
+    int     elems;               /* max number of elements in the tree */
+    int     max_length;          /* max bit length for the codes */
+};
+
+#ifdef NO_INIT_GLOBAL_POINTERS
+#  define TCONST
+#else
+#  define TCONST const
+#endif
+
+local TCONST static_tree_desc static_l_desc =
+{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
+
+local TCONST static_tree_desc static_d_desc =
+{static_dtree, extra_dbits, 0,          D_CODES, MAX_BITS};
+
+local TCONST static_tree_desc static_bl_desc =
+{(const ct_data *)0, extra_blbits, 0,   BL_CODES, MAX_BL_BITS};
+
+/* ===========================================================================
+ * Output a short LSB first on the stream.
+ * IN assertion: there is enough room in pendingBuf.
+ */
+#define put_short(s, w) { \
+    put_byte(s, (uch)((w) & 0xff)); \
+    put_byte(s, (uch)((ush)(w) >> 8)); \
+}
+
+/* ===========================================================================
+ * Reverse the first len bits of a code, using straightforward code (a faster
+ * method would use a table)
+ * IN assertion: 1 <= len <= 15
+ */
+local unsigned bi_reverse(unsigned code, int len) {
+    register unsigned res = 0;
+    do {
+        res |= code & 1;
+        code >>= 1, res <<= 1;
+    } while (--len > 0);
+    return res >> 1;
+}
+
+/* ===========================================================================
+ * Flush the bit buffer, keeping at most 7 bits in it.
+ */
+local void bi_flush(deflate_state *s) {
+    if (s->bi_valid == 16) {
+        put_short(s, s->bi_buf);
+        s->bi_buf = 0;
+        s->bi_valid = 0;
+    } else if (s->bi_valid >= 8) {
+        put_byte(s, (Byte)s->bi_buf);
+        s->bi_buf >>= 8;
+        s->bi_valid -= 8;
+    }
+}
+
+/* ===========================================================================
+ * Flush the bit buffer and align the output on a byte boundary
+ */
+local void bi_windup(deflate_state *s) {
+    if (s->bi_valid > 8) {
+        put_short(s, s->bi_buf);
+    } else if (s->bi_valid > 0) {
+        put_byte(s, (Byte)s->bi_buf);
+    }
+    s->bi_buf = 0;
+    s->bi_valid = 0;
+#ifdef ZLIB_DEBUG
+    s->bits_sent = (s->bits_sent + 7) & ~7;
+#endif
+}
+
+/* ===========================================================================
+ * Generate the codes for a given tree and bit counts (which need not be
+ * optimal).
+ * IN assertion: the array bl_count contains the bit length statistics for
+ * the given tree and the field len is set for all tree elements.
+ * OUT assertion: the field code is set for all tree elements of non
+ *     zero code length.
+ */
+local void gen_codes(ct_data *tree, int max_code, ushf *bl_count) {
+    ush next_code[MAX_BITS+1]; /* next code value for each bit length */
+    unsigned code = 0;         /* running code value */
+    int bits;                  /* bit index */
+    int n;                     /* code index */
+
+    /* The distribution counts are first used to generate the code values
+     * without bit reversal.
+     */
+    for (bits = 1; bits <= MAX_BITS; bits++) {
+        code = (code + bl_count[bits - 1]) << 1;
+        next_code[bits] = (ush)code;
+    }
+    /* Check that the bit counts in bl_count are consistent. The last code
+     * must be all ones.
+     */
+    Assert (code + bl_count[MAX_BITS] - 1 == (1 << MAX_BITS) - 1,
+            "inconsistent bit counts");
+    Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
+
+    for (n = 0;  n <= max_code; n++) {
+        int len = tree[n].Len;
+        if (len == 0) continue;
+        /* Now reverse the bits */
+        tree[n].Code = (ush)bi_reverse(next_code[len]++, len);
+
+        Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
+            n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len] - 1));
+    }
+}
+
+#ifdef GEN_TREES_H
+local void gen_trees_header(void);
+#endif
+
+#ifndef ZLIB_DEBUG
+#  define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
+   /* Send a code of the given tree. c and tree must not have side effects */
+
+#else /* !ZLIB_DEBUG */
+#  define send_code(s, c, tree) \
+     { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \
+       send_bits(s, tree[c].Code, tree[c].Len); }
+#endif
+
+/* ===========================================================================
+ * Send a value on a given number of bits.
+ * IN assertion: length <= 16 and value fits in length bits.
+ */
+#ifdef ZLIB_DEBUG
+local void send_bits(deflate_state *s, int value, int length) {
+    Tracevv((stderr," l %2d v %4x ", length, value));
+    Assert(length > 0 && length <= 15, "invalid length");
+    s->bits_sent += (ulg)length;
+
+    /* If not enough room in bi_buf, use (valid) bits from bi_buf and
+     * (16 - bi_valid) bits from value, leaving (width - (16 - bi_valid))
+     * unused bits in value.
+     */
+    if (s->bi_valid > (int)Buf_size - length) {
+        s->bi_buf |= (ush)value << s->bi_valid;
+        put_short(s, s->bi_buf);
+        s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
+        s->bi_valid += length - Buf_size;
+    } else {
+        s->bi_buf |= (ush)value << s->bi_valid;
+        s->bi_valid += length;
+    }
+}
+#else /* !ZLIB_DEBUG */
+
+#define send_bits(s, value, length) \
+{ int len = length;\
+  if (s->bi_valid > (int)Buf_size - len) {\
+    int val = (int)value;\
+    s->bi_buf |= (ush)val << s->bi_valid;\
+    put_short(s, s->bi_buf);\
+    s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
+    s->bi_valid += len - Buf_size;\
+  } else {\
+    s->bi_buf |= (ush)(value) << s->bi_valid;\
+    s->bi_valid += len;\
+  }\
+}
+#endif /* ZLIB_DEBUG */
+
+
+/* the arguments must not have side effects */
+
+/* ===========================================================================
+ * Initialize the various 'constant' tables.
+ */
+local void tr_static_init(void) {
+#if defined(GEN_TREES_H) || !defined(STDC)
+    static int static_init_done = 0;
+    int n;        /* iterates over tree elements */
+    int bits;     /* bit counter */
+    int length;   /* length value */
+    int code;     /* code value */
+    int dist;     /* distance index */
+    ush bl_count[MAX_BITS+1];
+    /* number of codes at each bit length for an optimal tree */
+
+    if (static_init_done) return;
+
+    /* For some embedded targets, global variables are not initialized: */
+#ifdef NO_INIT_GLOBAL_POINTERS
+    static_l_desc.static_tree = static_ltree;
+    static_l_desc.extra_bits = extra_lbits;
+    static_d_desc.static_tree = static_dtree;
+    static_d_desc.extra_bits = extra_dbits;
+    static_bl_desc.extra_bits = extra_blbits;
+#endif
+
+    /* Initialize the mapping length (0..255) -> length code (0..28) */
+    length = 0;
+    for (code = 0; code < LENGTH_CODES-1; code++) {
+        base_length[code] = length;
+        for (n = 0; n < (1 << extra_lbits[code]); n++) {
+            _length_code[length++] = (uch)code;
+        }
+    }
+    Assert (length == 256, "tr_static_init: length != 256");
+    /* Note that the length 255 (match length 258) can be represented
+     * in two different ways: code 284 + 5 bits or code 285, so we
+     * overwrite length_code[255] to use the best encoding:
+     */
+    _length_code[length - 1] = (uch)code;
+
+    /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
+    dist = 0;
+    for (code = 0 ; code < 16; code++) {
+        base_dist[code] = dist;
+        for (n = 0; n < (1 << extra_dbits[code]); n++) {
+            _dist_code[dist++] = (uch)code;
+        }
+    }
+    Assert (dist == 256, "tr_static_init: dist != 256");
+    dist >>= 7; /* from now on, all distances are divided by 128 */
+    for ( ; code < D_CODES; code++) {
+        base_dist[code] = dist << 7;
+        for (n = 0; n < (1 << (extra_dbits[code] - 7)); n++) {
+            _dist_code[256 + dist++] = (uch)code;
+        }
+    }
+    Assert (dist == 256, "tr_static_init: 256 + dist != 512");
+
+    /* Construct the codes of the static literal tree */
+    for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
+    n = 0;
+    while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
+    while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
+    while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
+    while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
+    /* Codes 286 and 287 do not exist, but we must include them in the
+     * tree construction to get a canonical Huffman tree (longest code
+     * all ones)
+     */
+    gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
+
+    /* The static distance tree is trivial: */
+    for (n = 0; n < D_CODES; n++) {
+        static_dtree[n].Len = 5;
+        static_dtree[n].Code = bi_reverse((unsigned)n, 5);
+    }
+    static_init_done = 1;
+
+#  ifdef GEN_TREES_H
+    gen_trees_header();
+#  endif
+#endif /* defined(GEN_TREES_H) || !defined(STDC) */
+}
+
+/* ===========================================================================
+ * Generate the file trees.h describing the static trees.
+ */
+#ifdef GEN_TREES_H
+#  ifndef ZLIB_DEBUG
+#    include <stdio.h>
+#  endif
+
+#  define SEPARATOR(i, last, width) \
+      ((i) == (last)? "\n};\n\n" :    \
+       ((i) % (width) == (width) - 1 ? ",\n" : ", "))
+
+void gen_trees_header(void) {
+    FILE *header = fopen("trees.h", "w");
+    int i;
+
+    Assert (header != NULL, "Can't open trees.h");
+    fprintf(header,
+            "/* header created automatically with -DGEN_TREES_H */\n\n");
+
+    fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n");
+    for (i = 0; i < L_CODES+2; i++) {
+        fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code,
+                static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5));
+    }
+
+    fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n");
+    for (i = 0; i < D_CODES; i++) {
+        fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code,
+                static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5));
+    }
+
+    fprintf(header, "const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {\n");
+    for (i = 0; i < DIST_CODE_LEN; i++) {
+        fprintf(header, "%2u%s", _dist_code[i],
+                SEPARATOR(i, DIST_CODE_LEN-1, 20));
+    }
+
+    fprintf(header,
+        "const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {\n");
+    for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) {
+        fprintf(header, "%2u%s", _length_code[i],
+                SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20));
+    }
+
+    fprintf(header, "local const int base_length[LENGTH_CODES] = {\n");
+    for (i = 0; i < LENGTH_CODES; i++) {
+        fprintf(header, "%1u%s", base_length[i],
+                SEPARATOR(i, LENGTH_CODES-1, 20));
+    }
+
+    fprintf(header, "local const int base_dist[D_CODES] = {\n");
+    for (i = 0; i < D_CODES; i++) {
+        fprintf(header, "%5u%s", base_dist[i],
+                SEPARATOR(i, D_CODES-1, 10));
+    }
+
+    fclose(header);
+}
+#endif /* GEN_TREES_H */
+
+/* ===========================================================================
+ * Initialize a new block.
+ */
+local void init_block(deflate_state *s) {
+    int n; /* iterates over tree elements */
+
+    /* Initialize the trees. */
+    for (n = 0; n < L_CODES;  n++) s->dyn_ltree[n].Freq = 0;
+    for (n = 0; n < D_CODES;  n++) s->dyn_dtree[n].Freq = 0;
+    for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
+
+    s->dyn_ltree[END_BLOCK].Freq = 1;
+    s->opt_len = s->static_len = 0L;
+    s->sym_next = s->matches = 0;
+}
+
+/* ===========================================================================
+ * Initialize the tree data structures for a new zlib stream.
+ */
+void ZLIB_INTERNAL _tr_init(deflate_state *s) {
+    tr_static_init();
+
+    s->l_desc.dyn_tree = s->dyn_ltree;
+    s->l_desc.stat_desc = &static_l_desc;
+
+    s->d_desc.dyn_tree = s->dyn_dtree;
+    s->d_desc.stat_desc = &static_d_desc;
+
+    s->bl_desc.dyn_tree = s->bl_tree;
+    s->bl_desc.stat_desc = &static_bl_desc;
+
+    s->bi_buf = 0;
+    s->bi_valid = 0;
+#ifdef ZLIB_DEBUG
+    s->compressed_len = 0L;
+    s->bits_sent = 0L;
+#endif
+
+    /* Initialize the first block of the first file: */
+    init_block(s);
+}
+
+#define SMALLEST 1
+/* Index within the heap array of least frequent node in the Huffman tree */
+
+
+/* ===========================================================================
+ * Remove the smallest element from the heap and recreate the heap with
+ * one less element. Updates heap and heap_len.
+ */
+#define pqremove(s, tree, top) \
+{\
+    top = s->heap[SMALLEST]; \
+    s->heap[SMALLEST] = s->heap[s->heap_len--]; \
+    pqdownheap(s, tree, SMALLEST); \
+}
+
+/* ===========================================================================
+ * Compares to subtrees, using the tree depth as tie breaker when
+ * the subtrees have equal frequency. This minimizes the worst case length.
+ */
+#define smaller(tree, n, m, depth) \
+   (tree[n].Freq < tree[m].Freq || \
+   (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
+
+/* ===========================================================================
+ * Restore the heap property by moving down the tree starting at node k,
+ * exchanging a node with the smallest of its two sons if necessary, stopping
+ * when the heap property is re-established (each father smaller than its
+ * two sons).
+ */
+local void pqdownheap(deflate_state *s, ct_data *tree, int k) {
+    int v = s->heap[k];
+    int j = k << 1;  /* left son of k */
+    while (j <= s->heap_len) {
+        /* Set j to the smallest of the two sons: */
+        if (j < s->heap_len &&
+            smaller(tree, s->heap[j + 1], s->heap[j], s->depth)) {
+            j++;
+        }
+        /* Exit if v is smaller than both sons */
+        if (smaller(tree, v, s->heap[j], s->depth)) break;
+
+        /* Exchange v with the smallest son */
+        s->heap[k] = s->heap[j];  k = j;
+
+        /* And continue down the tree, setting j to the left son of k */
+        j <<= 1;
+    }
+    s->heap[k] = v;
+}
+
+/* ===========================================================================
+ * Compute the optimal bit lengths for a tree and update the total bit length
+ * for the current block.
+ * IN assertion: the fields freq and dad are set, heap[heap_max] and
+ *    above are the tree nodes sorted by increasing frequency.
+ * OUT assertions: the field len is set to the optimal bit length, the
+ *     array bl_count contains the frequencies for each bit length.
+ *     The length opt_len is updated; static_len is also updated if stree is
+ *     not null.
+ */
+local void gen_bitlen(deflate_state *s, tree_desc *desc) {
+    ct_data *tree        = desc->dyn_tree;
+    int max_code         = desc->max_code;
+    const ct_data *stree = desc->stat_desc->static_tree;
+    const intf *extra    = desc->stat_desc->extra_bits;
+    int base             = desc->stat_desc->extra_base;
+    int max_length       = desc->stat_desc->max_length;
+    int h;              /* heap index */
+    int n, m;           /* iterate over the tree elements */
+    int bits;           /* bit length */
+    int xbits;          /* extra bits */
+    ush f;              /* frequency */
+    int overflow = 0;   /* number of elements with bit length too large */
+
+    for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
+
+    /* In a first pass, compute the optimal bit lengths (which may
+     * overflow in the case of the bit length tree).
+     */
+    tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
+
+    for (h = s->heap_max + 1; h < HEAP_SIZE; h++) {
+        n = s->heap[h];
+        bits = tree[tree[n].Dad].Len + 1;
+        if (bits > max_length) bits = max_length, overflow++;
+        tree[n].Len = (ush)bits;
+        /* We overwrite tree[n].Dad which is no longer needed */
+
+        if (n > max_code) continue; /* not a leaf node */
+
+        s->bl_count[bits]++;
+        xbits = 0;
+        if (n >= base) xbits = extra[n - base];
+        f = tree[n].Freq;
+        s->opt_len += (ulg)f * (unsigned)(bits + xbits);
+        if (stree) s->static_len += (ulg)f * (unsigned)(stree[n].Len + xbits);
+    }
+    if (overflow == 0) return;
+
+    Tracev((stderr,"\nbit length overflow\n"));
+    /* This happens for example on obj2 and pic of the Calgary corpus */
+
+    /* Find the first bit length which could increase: */
+    do {
+        bits = max_length - 1;
+        while (s->bl_count[bits] == 0) bits--;
+        s->bl_count[bits]--;        /* move one leaf down the tree */
+        s->bl_count[bits + 1] += 2; /* move one overflow item as its brother */
+        s->bl_count[max_length]--;
+        /* The brother of the overflow item also moves one step up,
+         * but this does not affect bl_count[max_length]
+         */
+        overflow -= 2;
+    } while (overflow > 0);
+
+    /* Now recompute all bit lengths, scanning in increasing frequency.
+     * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
+     * lengths instead of fixing only the wrong ones. This idea is taken
+     * from 'ar' written by Haruhiko Okumura.)
+     */
+    for (bits = max_length; bits != 0; bits--) {
+        n = s->bl_count[bits];
+        while (n != 0) {
+            m = s->heap[--h];
+            if (m > max_code) continue;
+            if ((unsigned) tree[m].Len != (unsigned) bits) {
+                Tracev((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
+                s->opt_len += ((ulg)bits - tree[m].Len) * tree[m].Freq;
+                tree[m].Len = (ush)bits;
+            }
+            n--;
+        }
+    }
+}
+
+#ifdef DUMP_BL_TREE
+#  include <stdio.h>
+#endif
+
+/* ===========================================================================
+ * Construct one Huffman tree and assigns the code bit strings and lengths.
+ * Update the total bit length for the current block.
+ * IN assertion: the field freq is set for all tree elements.
+ * OUT assertions: the fields len and code are set to the optimal bit length
+ *     and corresponding code. The length opt_len is updated; static_len is
+ *     also updated if stree is not null. The field max_code is set.
+ */
+local void build_tree(deflate_state *s, tree_desc *desc) {
+    ct_data *tree         = desc->dyn_tree;
+    const ct_data *stree  = desc->stat_desc->static_tree;
+    int elems             = desc->stat_desc->elems;
+    int n, m;          /* iterate over heap elements */
+    int max_code = -1; /* largest code with non zero frequency */
+    int node;          /* new node being created */
+
+    /* Construct the initial heap, with least frequent element in
+     * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n + 1].
+     * heap[0] is not used.
+     */
+    s->heap_len = 0, s->heap_max = HEAP_SIZE;
+
+    for (n = 0; n < elems; n++) {
+        if (tree[n].Freq != 0) {
+            s->heap[++(s->heap_len)] = max_code = n;
+            s->depth[n] = 0;
+        } else {
+            tree[n].Len = 0;
+        }
+    }
+
+    /* The pkzip format requires that at least one distance code exists,
+     * and that at least one bit should be sent even if there is only one
+     * possible code. So to avoid special checks later on we force at least
+     * two codes of non zero frequency.
+     */
+    while (s->heap_len < 2) {
+        node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
+        tree[node].Freq = 1;
+        s->depth[node] = 0;
+        s->opt_len--; if (stree) s->static_len -= stree[node].Len;
+        /* node is 0 or 1 so it does not have extra bits */
+    }
+    desc->max_code = max_code;
+
+    /* The elements heap[heap_len/2 + 1 .. heap_len] are leaves of the tree,
+     * establish sub-heaps of increasing lengths:
+     */
+    for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
+
+    /* Construct the Huffman tree by repeatedly combining the least two
+     * frequent nodes.
+     */
+    node = elems;              /* next internal node of the tree */
+    do {
+        pqremove(s, tree, n);  /* n = node of least frequency */
+        m = s->heap[SMALLEST]; /* m = node of next least frequency */
+
+        s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
+        s->heap[--(s->heap_max)] = m;
+
+        /* Create a new node father of n and m */
+        tree[node].Freq = tree[n].Freq + tree[m].Freq;
+        s->depth[node] = (uch)((s->depth[n] >= s->depth[m] ?
+                                s->depth[n] : s->depth[m]) + 1);
+        tree[n].Dad = tree[m].Dad = (ush)node;
+#ifdef DUMP_BL_TREE
+        if (tree == s->bl_tree) {
+            fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
+                    node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
+        }
+#endif
+        /* and insert the new node in the heap */
+        s->heap[SMALLEST] = node++;
+        pqdownheap(s, tree, SMALLEST);
+
+    } while (s->heap_len >= 2);
+
+    s->heap[--(s->heap_max)] = s->heap[SMALLEST];
+
+    /* At this point, the fields freq and dad are set. We can now
+     * generate the bit lengths.
+     */
+    gen_bitlen(s, (tree_desc *)desc);
+
+    /* The field len is now set, we can generate the bit codes */
+    gen_codes ((ct_data *)tree, max_code, s->bl_count);
+}
+
+/* ===========================================================================
+ * Scan a literal or distance tree to determine the frequencies of the codes
+ * in the bit length tree.
+ */
+local void scan_tree(deflate_state *s, ct_data *tree, int max_code) {
+    int n;                     /* iterates over all tree elements */
+    int prevlen = -1;          /* last emitted length */
+    int curlen;                /* length of current code */
+    int nextlen = tree[0].Len; /* length of next code */
+    int count = 0;             /* repeat count of the current code */
+    int max_count = 7;         /* max repeat count */
+    int min_count = 4;         /* min repeat count */
+
+    if (nextlen == 0) max_count = 138, min_count = 3;
+    tree[max_code + 1].Len = (ush)0xffff; /* guard */
+
+    for (n = 0; n <= max_code; n++) {
+        curlen = nextlen; nextlen = tree[n + 1].Len;
+        if (++count < max_count && curlen == nextlen) {
+            continue;
+        } else if (count < min_count) {
+            s->bl_tree[curlen].Freq += count;
+        } else if (curlen != 0) {
+            if (curlen != prevlen) s->bl_tree[curlen].Freq++;
+            s->bl_tree[REP_3_6].Freq++;
+        } else if (count <= 10) {
+            s->bl_tree[REPZ_3_10].Freq++;
+        } else {
+            s->bl_tree[REPZ_11_138].Freq++;
+        }
+        count = 0; prevlen = curlen;
+        if (nextlen == 0) {
+            max_count = 138, min_count = 3;
+        } else if (curlen == nextlen) {
+            max_count = 6, min_count = 3;
+        } else {
+            max_count = 7, min_count = 4;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Send a literal or distance tree in compressed form, using the codes in
+ * bl_tree.
+ */
+local void send_tree(deflate_state *s, ct_data *tree, int max_code) {
+    int n;                     /* iterates over all tree elements */
+    int prevlen = -1;          /* last emitted length */
+    int curlen;                /* length of current code */
+    int nextlen = tree[0].Len; /* length of next code */
+    int count = 0;             /* repeat count of the current code */
+    int max_count = 7;         /* max repeat count */
+    int min_count = 4;         /* min repeat count */
+
+    /* tree[max_code + 1].Len = -1; */  /* guard already set */
+    if (nextlen == 0) max_count = 138, min_count = 3;
+
+    for (n = 0; n <= max_code; n++) {
+        curlen = nextlen; nextlen = tree[n + 1].Len;
+        if (++count < max_count && curlen == nextlen) {
+            continue;
+        } else if (count < min_count) {
+            do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
+
+        } else if (curlen != 0) {
+            if (curlen != prevlen) {
+                send_code(s, curlen, s->bl_tree); count--;
+            }
+            Assert(count >= 3 && count <= 6, " 3_6?");
+            send_code(s, REP_3_6, s->bl_tree); send_bits(s, count - 3, 2);
+
+        } else if (count <= 10) {
+            send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count - 3, 3);
+
+        } else {
+            send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count - 11, 7);
+        }
+        count = 0; prevlen = curlen;
+        if (nextlen == 0) {
+            max_count = 138, min_count = 3;
+        } else if (curlen == nextlen) {
+            max_count = 6, min_count = 3;
+        } else {
+            max_count = 7, min_count = 4;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Construct the Huffman tree for the bit lengths and return the index in
+ * bl_order of the last bit length code to send.
+ */
+local int build_bl_tree(deflate_state *s) {
+    int max_blindex;  /* index of last bit length code of non zero freq */
+
+    /* Determine the bit length frequencies for literal and distance trees */
+    scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
+    scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
+
+    /* Build the bit length tree: */
+    build_tree(s, (tree_desc *)(&(s->bl_desc)));
+    /* opt_len now includes the length of the tree representations, except the
+     * lengths of the bit lengths codes and the 5 + 5 + 4 bits for the counts.
+     */
+
+    /* Determine the number of bit length codes to send. The pkzip format
+     * requires that at least 4 bit length codes be sent. (appnote.txt says
+     * 3 but the actual value used is 4.)
+     */
+    for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
+        if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
+    }
+    /* Update opt_len to include the bit length tree and counts */
+    s->opt_len += 3*((ulg)max_blindex + 1) + 5 + 5 + 4;
+    Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
+            s->opt_len, s->static_len));
+
+    return max_blindex;
+}
+
+/* ===========================================================================
+ * Send the header for a block using dynamic Huffman trees: the counts, the
+ * lengths of the bit length codes, the literal tree and the distance tree.
+ * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
+ */
+local void send_all_trees(deflate_state *s, int lcodes, int dcodes,
+                          int blcodes) {
+    int rank;                    /* index in bl_order */
+
+    Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
+    Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
+            "too many codes");
+    Tracev((stderr, "\nbl counts: "));
+    send_bits(s, lcodes - 257, 5);  /* not +255 as stated in appnote.txt */
+    send_bits(s, dcodes - 1,   5);
+    send_bits(s, blcodes - 4,  4);  /* not -3 as stated in appnote.txt */
+    for (rank = 0; rank < blcodes; rank++) {
+        Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
+        send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
+    }
+    Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
+
+    send_tree(s, (ct_data *)s->dyn_ltree, lcodes - 1);  /* literal tree */
+    Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
+
+    send_tree(s, (ct_data *)s->dyn_dtree, dcodes - 1);  /* distance tree */
+    Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
+}
+
+/* ===========================================================================
+ * Send a stored block
+ */
+void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf,
+                                    ulg stored_len, int last) {
+    send_bits(s, (STORED_BLOCK<<1) + last, 3);  /* send block type */
+    bi_windup(s);        /* align on byte boundary */
+    put_short(s, (ush)stored_len);
+    put_short(s, (ush)~stored_len);
+    if (stored_len)
+        zmemcpy(s->pending_buf + s->pending, (Bytef *)buf, stored_len);
+    s->pending += stored_len;
+#ifdef ZLIB_DEBUG
+    s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L;
+    s->compressed_len += (stored_len + 4) << 3;
+    s->bits_sent += 2*16;
+    s->bits_sent += stored_len << 3;
+#endif
+}
+
+/* ===========================================================================
+ * Flush the bits in the bit buffer to pending output (leaves at most 7 bits)
+ */
+void ZLIB_INTERNAL _tr_flush_bits(deflate_state *s) {
+    bi_flush(s);
+}
+
+/* ===========================================================================
+ * Send one empty static block to give enough lookahead for inflate.
+ * This takes 10 bits, of which 7 may remain in the bit buffer.
+ */
+void ZLIB_INTERNAL _tr_align(deflate_state *s) {
+    send_bits(s, STATIC_TREES<<1, 3);
+    send_code(s, END_BLOCK, static_ltree);
+#ifdef ZLIB_DEBUG
+    s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
+#endif
+    bi_flush(s);
+}
+
+/* ===========================================================================
+ * Send the block data compressed using the given Huffman trees
+ */
+local void compress_block(deflate_state *s, const ct_data *ltree,
+                          const ct_data *dtree) {
+    unsigned dist;      /* distance of matched string */
+    int lc;             /* match length or unmatched char (if dist == 0) */
+    unsigned sx = 0;    /* running index in symbol buffers */
+    unsigned code;      /* the code to send */
+    int extra;          /* number of extra bits to send */
+
+    if (s->sym_next != 0) do {
+#ifdef LIT_MEM
+        dist = s->d_buf[sx];
+        lc = s->l_buf[sx++];
+#else
+        dist = s->sym_buf[sx++] & 0xff;
+        dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
+        lc = s->sym_buf[sx++];
+#endif
+        if (dist == 0) {
+            send_code(s, lc, ltree); /* send a literal byte */
+            Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+        } else {
+            /* Here, lc is the match length - MIN_MATCH */
+            code = _length_code[lc];
+            send_code(s, code + LITERALS + 1, ltree);   /* send length code */
+            extra = extra_lbits[code];
+            if (extra != 0) {
+                lc -= base_length[code];
+                send_bits(s, lc, extra);       /* send the extra length bits */
+            }
+            dist--; /* dist is now the match distance - 1 */
+            code = d_code(dist);
+            Assert (code < D_CODES, "bad d_code");
+
+            send_code(s, code, dtree);       /* send the distance code */
+            extra = extra_dbits[code];
+            if (extra != 0) {
+                dist -= (unsigned)base_dist[code];
+                send_bits(s, dist, extra);   /* send the extra distance bits */
+            }
+        } /* literal or match pair ? */
+
+        /* Check for no overlay of pending_buf on needed symbols */
+#ifdef LIT_MEM
+        Assert(s->pending < 2 * (s->lit_bufsize + sx), "pendingBuf overflow");
+#else
+        Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
+#endif
+
+    } while (sx < s->sym_next);
+
+    send_code(s, END_BLOCK, ltree);
+}
+
+/* ===========================================================================
+ * Check if the data type is TEXT or BINARY, using the following algorithm:
+ * - TEXT if the two conditions below are satisfied:
+ *    a) There are no non-portable control characters belonging to the
+ *       "block list" (0..6, 14..25, 28..31).
+ *    b) There is at least one printable character belonging to the
+ *       "allow list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).
+ * - BINARY otherwise.
+ * - The following partially-portable control characters form a
+ *   "gray list" that is ignored in this detection algorithm:
+ *   (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).
+ * IN assertion: the fields Freq of dyn_ltree are set.
+ */
+local int detect_data_type(deflate_state *s) {
+    /* block_mask is the bit mask of block-listed bytes
+     * set bits 0..6, 14..25, and 28..31
+     * 0xf3ffc07f = binary 11110011111111111100000001111111
+     */
+    unsigned long block_mask = 0xf3ffc07fUL;
+    int n;
+
+    /* Check for non-textual ("block-listed") bytes. */
+    for (n = 0; n <= 31; n++, block_mask >>= 1)
+        if ((block_mask & 1) && (s->dyn_ltree[n].Freq != 0))
+            return Z_BINARY;
+
+    /* Check for textual ("allow-listed") bytes. */
+    if (s->dyn_ltree[9].Freq != 0 || s->dyn_ltree[10].Freq != 0
+            || s->dyn_ltree[13].Freq != 0)
+        return Z_TEXT;
+    for (n = 32; n < LITERALS; n++)
+        if (s->dyn_ltree[n].Freq != 0)
+            return Z_TEXT;
+
+    /* There are no "block-listed" or "allow-listed" bytes:
+     * this stream either is empty or has tolerated ("gray-listed") bytes only.
+     */
+    return Z_BINARY;
+}
+
+/* ===========================================================================
+ * Determine the best encoding for the current block: dynamic trees, static
+ * trees or store, and write out the encoded block.
+ */
+void ZLIB_INTERNAL _tr_flush_block(deflate_state *s, charf *buf,
+                                   ulg stored_len, int last) {
+    ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
+    int max_blindex = 0;  /* index of last bit length code of non zero freq */
+
+    /* Build the Huffman trees unless a stored block is forced */
+    if (s->level > 0) {
+
+        /* Check if the file is binary or text */
+        if (s->strm->data_type == Z_UNKNOWN)
+            s->strm->data_type = detect_data_type(s);
+
+        /* Construct the literal and distance trees */
+        build_tree(s, (tree_desc *)(&(s->l_desc)));
+        Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
+                s->static_len));
+
+        build_tree(s, (tree_desc *)(&(s->d_desc)));
+        Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
+                s->static_len));
+        /* At this point, opt_len and static_len are the total bit lengths of
+         * the compressed block data, excluding the tree representations.
+         */
+
+        /* Build the bit length tree for the above two trees, and get the index
+         * in bl_order of the last bit length code to send.
+         */
+        max_blindex = build_bl_tree(s);
+
+        /* Determine the best encoding. Compute the block lengths in bytes. */
+        opt_lenb = (s->opt_len + 3 + 7) >> 3;
+        static_lenb = (s->static_len + 3 + 7) >> 3;
+
+        Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
+                opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
+                s->sym_next / 3));
+
+#ifndef FORCE_STATIC
+        if (static_lenb <= opt_lenb || s->strategy == Z_FIXED)
+#endif
+            opt_lenb = static_lenb;
+
+    } else {
+        Assert(buf != (char*)0, "lost buf");
+        opt_lenb = static_lenb = stored_len + 5; /* force a stored block */
+    }
+
+#ifdef FORCE_STORED
+    if (buf != (char*)0) { /* force stored block */
+#else
+    if (stored_len + 4 <= opt_lenb && buf != (char*)0) {
+                       /* 4: two words for the lengths */
+#endif
+        /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
+         * Otherwise we can't have processed more than WSIZE input bytes since
+         * the last block flush, because compression would have been
+         * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
+         * transform a block into a stored block.
+         */
+        _tr_stored_block(s, buf, stored_len, last);
+
+    } else if (static_lenb == opt_lenb) {
+        send_bits(s, (STATIC_TREES<<1) + last, 3);
+        compress_block(s, (const ct_data *)static_ltree,
+                       (const ct_data *)static_dtree);
+#ifdef ZLIB_DEBUG
+        s->compressed_len += 3 + s->static_len;
+#endif
+    } else {
+        send_bits(s, (DYN_TREES<<1) + last, 3);
+        send_all_trees(s, s->l_desc.max_code + 1, s->d_desc.max_code + 1,
+                       max_blindex + 1);
+        compress_block(s, (const ct_data *)s->dyn_ltree,
+                       (const ct_data *)s->dyn_dtree);
+#ifdef ZLIB_DEBUG
+        s->compressed_len += 3 + s->opt_len;
+#endif
+    }
+    Assert (s->compressed_len == s->bits_sent, "bad compressed size");
+    /* The above check is made mod 2^32, for files larger than 512 MB
+     * and uLong implemented on 32 bits.
+     */
+    init_block(s);
+
+    if (last) {
+        bi_windup(s);
+#ifdef ZLIB_DEBUG
+        s->compressed_len += 7;  /* align on byte boundary */
+#endif
+    }
+    Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len >> 3,
+           s->compressed_len - 7*last));
+}
+
+/* ===========================================================================
+ * Save the match info and tally the frequency counts. Return true if
+ * the current block must be flushed.
+ */
+int ZLIB_INTERNAL _tr_tally(deflate_state *s, unsigned dist, unsigned lc) {
+#ifdef LIT_MEM
+    s->d_buf[s->sym_next] = (ush)dist;
+    s->l_buf[s->sym_next++] = (uch)lc;
+#else
+    s->sym_buf[s->sym_next++] = (uch)dist;
+    s->sym_buf[s->sym_next++] = (uch)(dist >> 8);
+    s->sym_buf[s->sym_next++] = (uch)lc;
+#endif
+    if (dist == 0) {
+        /* lc is the unmatched char */
+        s->dyn_ltree[lc].Freq++;
+    } else {
+        s->matches++;
+        /* Here, lc is the match length - MIN_MATCH */
+        dist--;             /* dist = match distance - 1 */
+        Assert((ush)dist < (ush)MAX_DIST(s) &&
+               (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
+               (ush)d_code(dist) < (ush)D_CODES,  "_tr_tally: bad match");
+
+        s->dyn_ltree[_length_code[lc] + LITERALS + 1].Freq++;
+        s->dyn_dtree[d_code(dist)].Freq++;
+    }
+    return (s->sym_next == s->sym_end);
+}
diff --git a/zlib-1.3.1/trees.h b/zlib-1.3.1/trees.h
new file mode 100644
index 00000000..d35639d8
--- /dev/null
+++ b/zlib-1.3.1/trees.h
@@ -0,0 +1,128 @@
+/* header created automatically with -DGEN_TREES_H */
+
+local const ct_data static_ltree[L_CODES+2] = {
+{{ 12},{  8}}, {{140},{  8}}, {{ 76},{  8}}, {{204},{  8}}, {{ 44},{  8}},
+{{172},{  8}}, {{108},{  8}}, {{236},{  8}}, {{ 28},{  8}}, {{156},{  8}},
+{{ 92},{  8}}, {{220},{  8}}, {{ 60},{  8}}, {{188},{  8}}, {{124},{  8}},
+{{252},{  8}}, {{  2},{  8}}, {{130},{  8}}, {{ 66},{  8}}, {{194},{  8}},
+{{ 34},{  8}}, {{162},{  8}}, {{ 98},{  8}}, {{226},{  8}}, {{ 18},{  8}},
+{{146},{  8}}, {{ 82},{  8}}, {{210},{  8}}, {{ 50},{  8}}, {{178},{  8}},
+{{114},{  8}}, {{242},{  8}}, {{ 10},{  8}}, {{138},{  8}}, {{ 74},{  8}},
+{{202},{  8}}, {{ 42},{  8}}, {{170},{  8}}, {{106},{  8}}, {{234},{  8}},
+{{ 26},{  8}}, {{154},{  8}}, {{ 90},{  8}}, {{218},{  8}}, {{ 58},{  8}},
+{{186},{  8}}, {{122},{  8}}, {{250},{  8}}, {{  6},{  8}}, {{134},{  8}},
+{{ 70},{  8}}, {{198},{  8}}, {{ 38},{  8}}, {{166},{  8}}, {{102},{  8}},
+{{230},{  8}}, {{ 22},{  8}}, {{150},{  8}}, {{ 86},{  8}}, {{214},{  8}},
+{{ 54},{  8}}, {{182},{  8}}, {{118},{  8}}, {{246},{  8}}, {{ 14},{  8}},
+{{142},{  8}}, {{ 78},{  8}}, {{206},{  8}}, {{ 46},{  8}}, {{174},{  8}},
+{{110},{  8}}, {{238},{  8}}, {{ 30},{  8}}, {{158},{  8}}, {{ 94},{  8}},
+{{222},{  8}}, {{ 62},{  8}}, {{190},{  8}}, {{126},{  8}}, {{254},{  8}},
+{{  1},{  8}}, {{129},{  8}}, {{ 65},{  8}}, {{193},{  8}}, {{ 33},{  8}},
+{{161},{  8}}, {{ 97},{  8}}, {{225},{  8}}, {{ 17},{  8}}, {{145},{  8}},
+{{ 81},{  8}}, {{209},{  8}}, {{ 49},{  8}}, {{177},{  8}}, {{113},{  8}},
+{{241},{  8}}, {{  9},{  8}}, {{137},{  8}}, {{ 73},{  8}}, {{201},{  8}},
+{{ 41},{  8}}, {{169},{  8}}, {{105},{  8}}, {{233},{  8}}, {{ 25},{  8}},
+{{153},{  8}}, {{ 89},{  8}}, {{217},{  8}}, {{ 57},{  8}}, {{185},{  8}},
+{{121},{  8}}, {{249},{  8}}, {{  5},{  8}}, {{133},{  8}}, {{ 69},{  8}},
+{{197},{  8}}, {{ 37},{  8}}, {{165},{  8}}, {{101},{  8}}, {{229},{  8}},
+{{ 21},{  8}}, {{149},{  8}}, {{ 85},{  8}}, {{213},{  8}}, {{ 53},{  8}},
+{{181},{  8}}, {{117},{  8}}, {{245},{  8}}, {{ 13},{  8}}, {{141},{  8}},
+{{ 77},{  8}}, {{205},{  8}}, {{ 45},{  8}}, {{173},{  8}}, {{109},{  8}},
+{{237},{  8}}, {{ 29},{  8}}, {{157},{  8}}, {{ 93},{  8}}, {{221},{  8}},
+{{ 61},{  8}}, {{189},{  8}}, {{125},{  8}}, {{253},{  8}}, {{ 19},{  9}},
+{{275},{  9}}, {{147},{  9}}, {{403},{  9}}, {{ 83},{  9}}, {{339},{  9}},
+{{211},{  9}}, {{467},{  9}}, {{ 51},{  9}}, {{307},{  9}}, {{179},{  9}},
+{{435},{  9}}, {{115},{  9}}, {{371},{  9}}, {{243},{  9}}, {{499},{  9}},
+{{ 11},{  9}}, {{267},{  9}}, {{139},{  9}}, {{395},{  9}}, {{ 75},{  9}},
+{{331},{  9}}, {{203},{  9}}, {{459},{  9}}, {{ 43},{  9}}, {{299},{  9}},
+{{171},{  9}}, {{427},{  9}}, {{107},{  9}}, {{363},{  9}}, {{235},{  9}},
+{{491},{  9}}, {{ 27},{  9}}, {{283},{  9}}, {{155},{  9}}, {{411},{  9}},
+{{ 91},{  9}}, {{347},{  9}}, {{219},{  9}}, {{475},{  9}}, {{ 59},{  9}},
+{{315},{  9}}, {{187},{  9}}, {{443},{  9}}, {{123},{  9}}, {{379},{  9}},
+{{251},{  9}}, {{507},{  9}}, {{  7},{  9}}, {{263},{  9}}, {{135},{  9}},
+{{391},{  9}}, {{ 71},{  9}}, {{327},{  9}}, {{199},{  9}}, {{455},{  9}},
+{{ 39},{  9}}, {{295},{  9}}, {{167},{  9}}, {{423},{  9}}, {{103},{  9}},
+{{359},{  9}}, {{231},{  9}}, {{487},{  9}}, {{ 23},{  9}}, {{279},{  9}},
+{{151},{  9}}, {{407},{  9}}, {{ 87},{  9}}, {{343},{  9}}, {{215},{  9}},
+{{471},{  9}}, {{ 55},{  9}}, {{311},{  9}}, {{183},{  9}}, {{439},{  9}},
+{{119},{  9}}, {{375},{  9}}, {{247},{  9}}, {{503},{  9}}, {{ 15},{  9}},
+{{271},{  9}}, {{143},{  9}}, {{399},{  9}}, {{ 79},{  9}}, {{335},{  9}},
+{{207},{  9}}, {{463},{  9}}, {{ 47},{  9}}, {{303},{  9}}, {{175},{  9}},
+{{431},{  9}}, {{111},{  9}}, {{367},{  9}}, {{239},{  9}}, {{495},{  9}},
+{{ 31},{  9}}, {{287},{  9}}, {{159},{  9}}, {{415},{  9}}, {{ 95},{  9}},
+{{351},{  9}}, {{223},{  9}}, {{479},{  9}}, {{ 63},{  9}}, {{319},{  9}},
+{{191},{  9}}, {{447},{  9}}, {{127},{  9}}, {{383},{  9}}, {{255},{  9}},
+{{511},{  9}}, {{  0},{  7}}, {{ 64},{  7}}, {{ 32},{  7}}, {{ 96},{  7}},
+{{ 16},{  7}}, {{ 80},{  7}}, {{ 48},{  7}}, {{112},{  7}}, {{  8},{  7}},
+{{ 72},{  7}}, {{ 40},{  7}}, {{104},{  7}}, {{ 24},{  7}}, {{ 88},{  7}},
+{{ 56},{  7}}, {{120},{  7}}, {{  4},{  7}}, {{ 68},{  7}}, {{ 36},{  7}},
+{{100},{  7}}, {{ 20},{  7}}, {{ 84},{  7}}, {{ 52},{  7}}, {{116},{  7}},
+{{  3},{  8}}, {{131},{  8}}, {{ 67},{  8}}, {{195},{  8}}, {{ 35},{  8}},
+{{163},{  8}}, {{ 99},{  8}}, {{227},{  8}}
+};
+
+local const ct_data static_dtree[D_CODES] = {
+{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}},
+{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}},
+{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}},
+{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}},
+{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}},
+{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}}
+};
+
+const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {
+ 0,  1,  2,  3,  4,  4,  5,  5,  6,  6,  6,  6,  7,  7,  7,  7,  8,  8,  8,  8,
+ 8,  8,  8,  8,  9,  9,  9,  9,  9,  9,  9,  9, 10, 10, 10, 10, 10, 10, 10, 10,
+10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11,
+11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12,
+12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13,
+13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,  0,  0, 16, 17,
+18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22,
+23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29
+};
+
+const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {
+ 0,  1,  2,  3,  4,  5,  6,  7,  8,  8,  9,  9, 10, 10, 11, 11, 12, 12, 12, 12,
+13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16,
+17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19,
+19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20,
+21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22,
+22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23,
+23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
+25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28
+};
+
+local const int base_length[LENGTH_CODES] = {
+0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56,
+64, 80, 96, 112, 128, 160, 192, 224, 0
+};
+
+local const int base_dist[D_CODES] = {
+    0,     1,     2,     3,     4,     6,     8,    12,    16,    24,
+   32,    48,    64,    96,   128,   192,   256,   384,   512,   768,
+ 1024,  1536,  2048,  3072,  4096,  6144,  8192, 12288, 16384, 24576
+};
+
diff --git a/zlib-1.3.1/uncompr.c b/zlib-1.3.1/uncompr.c
new file mode 100644
index 00000000..5e256663
--- /dev/null
+++ b/zlib-1.3.1/uncompr.c
@@ -0,0 +1,85 @@
+/* uncompr.c -- decompress a memory buffer
+ * Copyright (C) 1995-2003, 2010, 2014, 2016 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#define ZLIB_INTERNAL
+#include "zlib.h"
+
+/* ===========================================================================
+     Decompresses the source buffer into the destination buffer.  *sourceLen is
+   the byte length of the source buffer. Upon entry, *destLen is the total size
+   of the destination buffer, which must be large enough to hold the entire
+   uncompressed data. (The size of the uncompressed data must have been saved
+   previously by the compressor and transmitted to the decompressor by some
+   mechanism outside the scope of this compression library.) Upon exit,
+   *destLen is the size of the decompressed data and *sourceLen is the number
+   of source bytes consumed. Upon return, source + *sourceLen points to the
+   first unused input byte.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer, or
+   Z_DATA_ERROR if the input data was corrupted, including if the input data is
+   an incomplete zlib stream.
+*/
+int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen, const Bytef *source,
+                        uLong *sourceLen) {
+    z_stream stream;
+    int err;
+    const uInt max = (uInt)-1;
+    uLong len, left;
+    Byte buf[1];    /* for detection of incomplete stream when *destLen == 0 */
+
+    len = *sourceLen;
+    if (*destLen) {
+        left = *destLen;
+        *destLen = 0;
+    }
+    else {
+        left = 1;
+        dest = buf;
+    }
+
+    stream.next_in = (z_const Bytef *)source;
+    stream.avail_in = 0;
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+    stream.opaque = (voidpf)0;
+
+    err = inflateInit(&stream);
+    if (err != Z_OK) return err;
+
+    stream.next_out = dest;
+    stream.avail_out = 0;
+
+    do {
+        if (stream.avail_out == 0) {
+            stream.avail_out = left > (uLong)max ? max : (uInt)left;
+            left -= stream.avail_out;
+        }
+        if (stream.avail_in == 0) {
+            stream.avail_in = len > (uLong)max ? max : (uInt)len;
+            len -= stream.avail_in;
+        }
+        err = inflate(&stream, Z_NO_FLUSH);
+    } while (err == Z_OK);
+
+    *sourceLen -= len + stream.avail_in;
+    if (dest != buf)
+        *destLen = stream.total_out;
+    else if (stream.total_out && err == Z_BUF_ERROR)
+        left = 1;
+
+    inflateEnd(&stream);
+    return err == Z_STREAM_END ? Z_OK :
+           err == Z_NEED_DICT ? Z_DATA_ERROR  :
+           err == Z_BUF_ERROR && left + stream.avail_out ? Z_DATA_ERROR :
+           err;
+}
+
+int ZEXPORT uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
+                       uLong sourceLen) {
+    return uncompress2(dest, destLen, source, &sourceLen);
+}
diff --git a/zlib-1.3.1/watcom/watcom_f.mak b/zlib-1.3.1/watcom/watcom_f.mak
new file mode 100644
index 00000000..37f4d74c
--- /dev/null
+++ b/zlib-1.3.1/watcom/watcom_f.mak
@@ -0,0 +1,43 @@
+# Makefile for zlib
+# OpenWatcom flat model
+# Last updated: 28-Dec-2005
+
+# To use, do "wmake -f watcom_f.mak"
+
+C_SOURCE =  adler32.c  compress.c crc32.c   deflate.c    &
+	    gzclose.c  gzlib.c    gzread.c  gzwrite.c    &
+            infback.c  inffast.c  inflate.c inftrees.c   &
+            trees.c    uncompr.c  zutil.c
+
+OBJS =      adler32.obj  compress.obj crc32.obj   deflate.obj    &
+	    gzclose.obj  gzlib.obj    gzread.obj  gzwrite.obj    &
+            infback.obj  inffast.obj  inflate.obj inftrees.obj   &
+            trees.obj    uncompr.obj  zutil.obj
+
+CC       = wcc386
+LINKER   = wcl386
+CFLAGS   = -zq -mf -3r -fp3 -s -bt=dos -oilrtfm -fr=nul -wx
+ZLIB_LIB = zlib_f.lib
+
+.C.OBJ:
+        $(CC) $(CFLAGS) $[@
+
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+$(ZLIB_LIB): $(OBJS)
+	wlib -b -c $(ZLIB_LIB) -+adler32.obj  -+compress.obj -+crc32.obj
+	wlib -b -c $(ZLIB_LIB) -+gzclose.obj  -+gzlib.obj    -+gzread.obj   -+gzwrite.obj
+        wlib -b -c $(ZLIB_LIB) -+deflate.obj  -+infback.obj
+        wlib -b -c $(ZLIB_LIB) -+inffast.obj  -+inflate.obj  -+inftrees.obj
+        wlib -b -c $(ZLIB_LIB) -+trees.obj    -+uncompr.obj  -+zutil.obj
+
+example.exe: $(ZLIB_LIB) example.obj
+	$(LINKER) -ldos32a -fe=example.exe example.obj $(ZLIB_LIB)
+
+minigzip.exe: $(ZLIB_LIB) minigzip.obj
+	$(LINKER) -ldos32a -fe=minigzip.exe minigzip.obj $(ZLIB_LIB)
+
+clean: .SYMBOLIC
+          del *.obj
+          del $(ZLIB_LIB)
+          @echo Cleaning done
diff --git a/zlib-1.3.1/watcom/watcom_l.mak b/zlib-1.3.1/watcom/watcom_l.mak
new file mode 100644
index 00000000..193eed7b
--- /dev/null
+++ b/zlib-1.3.1/watcom/watcom_l.mak
@@ -0,0 +1,43 @@
+# Makefile for zlib
+# OpenWatcom large model
+# Last updated: 28-Dec-2005
+
+# To use, do "wmake -f watcom_l.mak"
+
+C_SOURCE =  adler32.c  compress.c crc32.c   deflate.c    &
+	    gzclose.c  gzlib.c    gzread.c  gzwrite.c    &
+            infback.c  inffast.c  inflate.c inftrees.c   &
+            trees.c    uncompr.c  zutil.c
+
+OBJS =      adler32.obj  compress.obj crc32.obj   deflate.obj    &
+	    gzclose.obj  gzlib.obj    gzread.obj  gzwrite.obj    &
+            infback.obj  inffast.obj  inflate.obj inftrees.obj   &
+            trees.obj    uncompr.obj  zutil.obj
+
+CC       = wcc
+LINKER   = wcl
+CFLAGS   = -zq -ml -s -bt=dos -oilrtfm -fr=nul -wx
+ZLIB_LIB = zlib_l.lib
+
+.C.OBJ:
+        $(CC) $(CFLAGS) $[@
+
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+$(ZLIB_LIB): $(OBJS)
+	wlib -b -c $(ZLIB_LIB) -+adler32.obj  -+compress.obj -+crc32.obj
+	wlib -b -c $(ZLIB_LIB) -+gzclose.obj  -+gzlib.obj    -+gzread.obj   -+gzwrite.obj
+        wlib -b -c $(ZLIB_LIB) -+deflate.obj  -+infback.obj
+        wlib -b -c $(ZLIB_LIB) -+inffast.obj  -+inflate.obj  -+inftrees.obj
+        wlib -b -c $(ZLIB_LIB) -+trees.obj    -+uncompr.obj  -+zutil.obj
+
+example.exe: $(ZLIB_LIB) example.obj
+	$(LINKER) -fe=example.exe example.obj $(ZLIB_LIB)
+
+minigzip.exe: $(ZLIB_LIB) minigzip.obj
+	$(LINKER) -fe=minigzip.exe minigzip.obj $(ZLIB_LIB)
+
+clean: .SYMBOLIC
+          del *.obj
+          del $(ZLIB_LIB)
+          @echo Cleaning done
diff --git a/zlib-1.3.1/win32/DLL_FAQ.txt b/zlib-1.3.1/win32/DLL_FAQ.txt
new file mode 100644
index 00000000..d8cf5f31
--- /dev/null
+++ b/zlib-1.3.1/win32/DLL_FAQ.txt
@@ -0,0 +1,381 @@
+
+            Frequently Asked Questions about ZLIB1.DLL
+
+
+This document describes the design, the rationale, and the usage
+of the common DLL build of zlib, named ZLIB1.DLL.  If you have
+general questions about zlib, you should see the file "FAQ" found
+in the zlib distribution, or at the following location:
+  http://www.gzip.org/zlib/zlib_faq.html
+
+
+ 1. What is ZLIB1.DLL, and how can I get it?
+
+  - ZLIB1.DLL is the common build of zlib as a DLL.
+    (Please remark the character '1' in the name.)
+
+    Applications that link to ZLIB1.DLL can rely on the following
+    specification:
+
+    * The exported symbols are exclusively defined in the source
+      files "zlib.h" and "zlib.def", found in an official zlib
+      source distribution.
+    * The symbols are exported by name, not by ordinal.
+    * The exported names are undecorated.
+    * The calling convention of functions is "C" (CDECL).
+    * The ZLIB1.DLL binary is linked to MSVCRT.DLL.
+
+    The archive in which ZLIB1.DLL is bundled contains compiled
+    test programs that must run with a valid build of ZLIB1.DLL.
+    It is recommended to download the prebuilt DLL from the zlib
+    web site, instead of building it yourself, to avoid potential
+    incompatibilities that could be introduced by your compiler
+    and build settings.  If you do build the DLL yourself, please
+    make sure that it complies with all the above requirements,
+    and it runs with the precompiled test programs, bundled with
+    the original ZLIB1.DLL distribution.
+
+    If, for any reason, you need to build an incompatible DLL,
+    please use a different file name.
+
+
+ 2. Why did you change the name of the DLL to ZLIB1.DLL?
+    What happened to the old ZLIB.DLL?
+
+  - The old ZLIB.DLL, built from zlib-1.1.4 or earlier, required
+    compilation settings that were incompatible to those used by
+    a static build.  The DLL settings were supposed to be enabled
+    by defining the macro ZLIB_DLL, before including "zlib.h".
+    Incorrect handling of this macro was silently accepted at
+    build time, resulting in two major problems:
+
+    * ZLIB_DLL was missing from the old makefile.  When building
+      the DLL, not all people added it to the build options.  In
+      consequence, incompatible incarnations of ZLIB.DLL started
+      to circulate around the net.
+
+    * When switching from using the static library to using the
+      DLL, applications had to define the ZLIB_DLL macro and
+      to recompile all the sources that contained calls to zlib
+      functions.  Failure to do so resulted in creating binaries
+      that were unable to run with the official ZLIB.DLL build.
+
+    The only possible solution that we could foresee was to make
+    a binary-incompatible change in the DLL interface, in order to
+    remove the dependency on the ZLIB_DLL macro, and to release
+    the new DLL under a different name.
+
+    We chose the name ZLIB1.DLL, where '1' indicates the major
+    zlib version number.  We hope that we will not have to break
+    the binary compatibility again, at least not as long as the
+    zlib-1.x series will last.
+
+    There is still a ZLIB_DLL macro, that can trigger a more
+    efficient build and use of the DLL, but compatibility no
+    longer dependents on it.
+
+
+ 3. Can I build ZLIB.DLL from the new zlib sources, and replace
+    an old ZLIB.DLL, that was built from zlib-1.1.4 or earlier?
+
+  - In principle, you can do it by assigning calling convention
+    keywords to the macros ZEXPORT and ZEXPORTVA.  In practice,
+    it depends on what you mean by "an old ZLIB.DLL", because the
+    old DLL exists in several mutually-incompatible versions.
+    You have to find out first what kind of calling convention is
+    being used in your particular ZLIB.DLL build, and to use the
+    same one in the new build.  If you don't know what this is all
+    about, you might be better off if you would just leave the old
+    DLL intact.
+
+
+ 4. Can I compile my application using the new zlib interface, and
+    link it to an old ZLIB.DLL, that was built from zlib-1.1.4 or
+    earlier?
+
+  - The official answer is "no"; the real answer depends again on
+    what kind of ZLIB.DLL you have.  Even if you are lucky, this
+    course of action is unreliable.
+
+    If you rebuild your application and you intend to use a newer
+    version of zlib (post- 1.1.4), it is strongly recommended to
+    link it to the new ZLIB1.DLL.
+
+
+ 5. Why are the zlib symbols exported by name, and not by ordinal?
+
+  - Although exporting symbols by ordinal is a little faster, it
+    is risky.  Any single glitch in the maintenance or use of the
+    DEF file that contains the ordinals can result in incompatible
+    builds and frustrating crashes.  Simply put, the benefits of
+    exporting symbols by ordinal do not justify the risks.
+
+    Technically, it should be possible to maintain ordinals in
+    the DEF file, and still export the symbols by name.  Ordinals
+    exist in every DLL, and even if the dynamic linking performed
+    at the DLL startup is searching for names, ordinals serve as
+    hints, for a faster name lookup.  However, if the DEF file
+    contains ordinals, the Microsoft linker automatically builds
+    an implib that will cause the executables linked to it to use
+    those ordinals, and not the names.  It is interesting to
+    notice that the GNU linker for Win32 does not suffer from this
+    problem.
+
+    It is possible to avoid the DEF file if the exported symbols
+    are accompanied by a "__declspec(dllexport)" attribute in the
+    source files.  You can do this in zlib by predefining the
+    ZLIB_DLL macro.
+
+
+ 6. I see that the ZLIB1.DLL functions use the "C" (CDECL) calling
+    convention.  Why not use the STDCALL convention?
+    STDCALL is the standard convention in Win32, and I need it in
+    my Visual Basic project!
+
+    (For readability, we use CDECL to refer to the convention
+     triggered by the "__cdecl" keyword, STDCALL to refer to
+     the convention triggered by "__stdcall", and FASTCALL to
+     refer to the convention triggered by "__fastcall".)
+
+  - Most of the native Windows API functions (without varargs) use
+    indeed the WINAPI convention (which translates to STDCALL in
+    Win32), but the standard C functions use CDECL.  If a user
+    application is intrinsically tied to the Windows API (e.g.
+    it calls native Windows API functions such as CreateFile()),
+    sometimes it makes sense to decorate its own functions with
+    WINAPI.  But if ANSI C or POSIX portability is a goal (e.g.
+    it calls standard C functions such as fopen()), it is not a
+    sound decision to request the inclusion of <windows.h>, or to
+    use non-ANSI constructs, for the sole purpose to make the user
+    functions STDCALL-able.
+
+    The functionality offered by zlib is not in the category of
+    "Windows functionality", but is more like "C functionality".
+
+    Technically, STDCALL is not bad; in fact, it is slightly
+    faster than CDECL, and it works with variable-argument
+    functions, just like CDECL.  It is unfortunate that, in spite
+    of using STDCALL in the Windows API, it is not the default
+    convention used by the C compilers that run under Windows.
+    The roots of the problem reside deep inside the unsafety of
+    the K&R-style function prototypes, where the argument types
+    are not specified; but that is another story for another day.
+
+    The remaining fact is that CDECL is the default convention.
+    Even if an explicit convention is hard-coded into the function
+    prototypes inside C headers, problems may appear.  The
+    necessity to expose the convention in users' callbacks is one
+    of these problems.
+
+    The calling convention issues are also important when using
+    zlib in other programming languages.  Some of them, like Ada
+    (GNAT) and Fortran (GNU G77), have C bindings implemented
+    initially on Unix, and relying on the C calling convention.
+    On the other hand, the pre- .NET versions of Microsoft Visual
+    Basic require STDCALL, while Borland Delphi prefers, although
+    it does not require, FASTCALL.
+
+    In fairness to all possible uses of zlib outside the C
+    programming language, we choose the default "C" convention.
+    Anyone interested in different bindings or conventions is
+    encouraged to maintain specialized projects.  The "contrib/"
+    directory from the zlib distribution already holds a couple
+    of foreign bindings, such as Ada, C++, and Delphi.
+
+
+ 7. I need a DLL for my Visual Basic project.  What can I do?
+
+  - Define the ZLIB_WINAPI macro before including "zlib.h", when
+    building both the DLL and the user application (except that
+    you don't need to define anything when using the DLL in Visual
+    Basic).  The ZLIB_WINAPI macro will switch on the WINAPI
+    (STDCALL) convention.  The name of this DLL must be different
+    than the official ZLIB1.DLL.
+
+    Gilles Vollant has contributed a build named ZLIBWAPI.DLL,
+    with the ZLIB_WINAPI macro turned on, and with the minizip
+    functionality built in.  For more information, please read
+    the notes inside "contrib/vstudio/readme.txt", found in the
+    zlib distribution.
+
+
+ 8. I need to use zlib in my Microsoft .NET project.  What can I
+    do?
+
+  - Henrik Ravn has contributed a .NET wrapper around zlib.  Look
+    into contrib/dotzlib/, inside the zlib distribution.
+
+
+ 9. If my application uses ZLIB1.DLL, should I link it to
+    MSVCRT.DLL?  Why?
+
+  - It is not required, but it is recommended to link your
+    application to MSVCRT.DLL, if it uses ZLIB1.DLL.
+
+    The executables (.EXE, .DLL, etc.) that are involved in the
+    same process and are using the C run-time library (i.e. they
+    are calling standard C functions), must link to the same
+    library.  There are several libraries in the Win32 system:
+    CRTDLL.DLL, MSVCRT.DLL, the static C libraries, etc.
+    Since ZLIB1.DLL is linked to MSVCRT.DLL, the executables that
+    depend on it should also be linked to MSVCRT.DLL.
+
+
+10. Why are you saying that ZLIB1.DLL and my application should
+    be linked to the same C run-time (CRT) library?  I linked my
+    application and my DLLs to different C libraries (e.g. my
+    application to a static library, and my DLLs to MSVCRT.DLL),
+    and everything works fine.
+
+  - If a user library invokes only pure Win32 API (accessible via
+    <windows.h> and the related headers), its DLL build will work
+    in any context.  But if this library invokes standard C API,
+    things get more complicated.
+
+    There is a single Win32 library in a Win32 system.  Every
+    function in this library resides in a single DLL module, that
+    is safe to call from anywhere.  On the other hand, there are
+    multiple versions of the C library, and each of them has its
+    own separate internal state.  Standalone executables and user
+    DLLs that call standard C functions must link to a C run-time
+    (CRT) library, be it static or shared (DLL).  Intermixing
+    occurs when an executable (not necessarily standalone) and a
+    DLL are linked to different CRTs, and both are running in the
+    same process.
+
+    Intermixing multiple CRTs is possible, as long as their
+    internal states are kept intact.  The Microsoft Knowledge Base
+    articles KB94248 "HOWTO: Use the C Run-Time" and KB140584
+    "HOWTO: Link with the Correct C Run-Time (CRT) Library"
+    mention the potential problems raised by intermixing.
+
+    If intermixing works for you, it's because your application
+    and DLLs are avoiding the corruption of each of the CRTs'
+    internal states, maybe by careful design, or maybe by fortune.
+
+    Also note that linking ZLIB1.DLL to non-Microsoft CRTs, such
+    as those provided by Borland, raises similar problems.
+
+
+11. Why are you linking ZLIB1.DLL to MSVCRT.DLL?
+
+  - MSVCRT.DLL exists on every Windows 95 with a new service pack
+    installed, or with Microsoft Internet Explorer 4 or later, and
+    on all other Windows 4.x or later (Windows 98, Windows NT 4,
+    or later).  It is freely distributable; if not present in the
+    system, it can be downloaded from Microsoft or from other
+    software provider for free.
+
+    The fact that MSVCRT.DLL does not exist on a virgin Windows 95
+    is not so problematic.  Windows 95 is scarcely found nowadays,
+    Microsoft ended its support a long time ago, and many recent
+    applications from various vendors, including Microsoft, do not
+    even run on it.  Furthermore, no serious user should run
+    Windows 95 without a proper update installed.
+
+
+12. Why are you not linking ZLIB1.DLL to
+    <<my favorite C run-time library>> ?
+
+  - We considered and abandoned the following alternatives:
+
+    * Linking ZLIB1.DLL to a static C library (LIBC.LIB, or
+      LIBCMT.LIB) is not a good option.  People are using the DLL
+      mainly to save disk space.  If you are linking your program
+      to a static C library, you may as well consider linking zlib
+      in statically, too.
+
+    * Linking ZLIB1.DLL to CRTDLL.DLL looks appealing, because
+      CRTDLL.DLL is present on every Win32 installation.
+      Unfortunately, it has a series of problems: it does not
+      work properly with Microsoft's C++ libraries, it does not
+      provide support for 64-bit file offsets, (and so on...),
+      and Microsoft discontinued its support a long time ago.
+
+    * Linking ZLIB1.DLL to MSVCR70.DLL or MSVCR71.DLL, supplied
+      with the Microsoft .NET platform, and Visual C++ 7.0/7.1,
+      raises problems related to the status of ZLIB1.DLL as a
+      system component.  According to the Microsoft Knowledge Base
+      article KB326922 "INFO: Redistribution of the Shared C
+      Runtime Component in Visual C++ .NET", MSVCR70.DLL and
+      MSVCR71.DLL are not supposed to function as system DLLs,
+      because they may clash with MSVCRT.DLL.  Instead, the
+      application's installer is supposed to put these DLLs
+      (if needed) in the application's private directory.
+      If ZLIB1.DLL depends on a non-system runtime, it cannot
+      function as a redistributable system component.
+
+    * Linking ZLIB1.DLL to non-Microsoft runtimes, such as
+      Borland's, or Cygwin's, raises problems related to the
+      reliable presence of these runtimes on Win32 systems.
+      It's easier to let the DLL build of zlib up to the people
+      who distribute these runtimes, and who may proceed as
+      explained in the answer to Question 14.
+
+
+13. If ZLIB1.DLL cannot be linked to MSVCR70.DLL or MSVCR71.DLL,
+    how can I build/use ZLIB1.DLL in Microsoft Visual C++ 7.0
+    (Visual Studio .NET) or newer?
+
+  - Due to the problems explained in the Microsoft Knowledge Base
+    article KB326922 (see the previous answer), the C runtime that
+    comes with the VC7 environment is no longer considered a
+    system component.  That is, it should not be assumed that this
+    runtime exists, or may be installed in a system directory.
+    Since ZLIB1.DLL is supposed to be a system component, it may
+    not depend on a non-system component.
+
+    In order to link ZLIB1.DLL and your application to MSVCRT.DLL
+    in VC7, you need the library of Visual C++ 6.0 or older.  If
+    you don't have this library at hand, it's probably best not to
+    use ZLIB1.DLL.
+
+    We are hoping that, in the future, Microsoft will provide a
+    way to build applications linked to a proper system runtime,
+    from the Visual C++ environment.  Until then, you have a
+    couple of alternatives, such as linking zlib in statically.
+    If your application requires dynamic linking, you may proceed
+    as explained in the answer to Question 14.
+
+
+14. I need to link my own DLL build to a CRT different than
+    MSVCRT.DLL.  What can I do?
+
+  - Feel free to rebuild the DLL from the zlib sources, and link
+    it the way you want.  You should, however, clearly state that
+    your build is unofficial.  You should give it a different file
+    name, and/or install it in a private directory that can be
+    accessed by your application only, and is not visible to the
+    others (i.e. it's neither in the PATH, nor in the SYSTEM or
+    SYSTEM32 directories).  Otherwise, your build may clash with
+    applications that link to the official build.
+
+    For example, in Cygwin, zlib is linked to the Cygwin runtime
+    CYGWIN1.DLL, and it is distributed under the name CYGZ.DLL.
+
+
+15. May I include additional pieces of code that I find useful,
+    link them in ZLIB1.DLL, and export them?
+
+  - No.  A legitimate build of ZLIB1.DLL must not include code
+    that does not originate from the official zlib source code.
+    But you can make your own private DLL build, under a different
+    file name, as suggested in the previous answer.
+
+    For example, zlib is a part of the VCL library, distributed
+    with Borland Delphi and C++ Builder.  The DLL build of VCL
+    is a redistributable file, named VCLxx.DLL.
+
+
+16. May I remove some functionality out of ZLIB1.DLL, by enabling
+    macros like NO_GZCOMPRESS or NO_GZIP at compile time?
+
+  - No.  A legitimate build of ZLIB1.DLL must provide the complete
+    zlib functionality, as implemented in the official zlib source
+    code.  But you can make your own private DLL build, under a
+    different file name, as suggested in the previous answer.
+
+**
+
+This document is written and maintained by
+Cosmin Truta <cosmint@cs.ubbcluj.ro>
diff --git a/zlib-1.3.1/win32/Makefile.bor b/zlib-1.3.1/win32/Makefile.bor
new file mode 100644
index 00000000..4495353f
--- /dev/null
+++ b/zlib-1.3.1/win32/Makefile.bor
@@ -0,0 +1,109 @@
+# Makefile for zlib
+# Borland C++ for Win32
+#
+# Usage:
+#  make -f win32/Makefile.bor
+
+# ------------ Borland C++ ------------
+
+# Optional nonstandard preprocessor flags (e.g. -DMAX_MEM_LEVEL=7)
+# should be added to the environment via "set LOCAL_ZLIB=-DFOO" or
+# added to the declaration of LOC here:
+LOC = $(LOCAL_ZLIB)
+
+CC = bcc32
+AS = bcc32
+LD = bcc32
+AR = tlib
+CFLAGS  = -a -d -k- -O2 $(LOC)
+ASFLAGS = $(LOC)
+LDFLAGS = $(LOC)
+
+
+# variables
+ZLIB_LIB = zlib.lib
+
+OBJ1 = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj
+OBJ2 = gzwrite.obj infback.obj inffast.obj inflate.obj inftrees.obj trees.obj uncompr.obj zutil.obj
+#OBJA =
+OBJP1 = +adler32.obj+compress.obj+crc32.obj+deflate.obj+gzclose.obj+gzlib.obj+gzread.obj
+OBJP2 = +gzwrite.obj+infback.obj+inffast.obj+inflate.obj+inftrees.obj+trees.obj+uncompr.obj+zutil.obj
+#OBJPA=
+
+
+# targets
+all: $(ZLIB_LIB) example.exe minigzip.exe
+
+.c.obj:
+	$(CC) -c $(CFLAGS) $<
+
+.asm.obj:
+	$(AS) -c $(ASFLAGS) $<
+
+adler32.obj: adler32.c zlib.h zconf.h
+
+compress.obj: compress.c zlib.h zconf.h
+
+crc32.obj: crc32.c zlib.h zconf.h crc32.h
+
+deflate.obj: deflate.c deflate.h zutil.h zlib.h zconf.h
+
+gzclose.obj: gzclose.c zlib.h zconf.h gzguts.h
+
+gzlib.obj: gzlib.c zlib.h zconf.h gzguts.h
+
+gzread.obj: gzread.c zlib.h zconf.h gzguts.h
+
+gzwrite.obj: gzwrite.c zlib.h zconf.h gzguts.h
+
+infback.obj: infback.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inffast.obj: inffast.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h
+
+inflate.obj: inflate.c zutil.h zlib.h zconf.h inftrees.h inflate.h \
+ inffast.h inffixed.h
+
+inftrees.obj: inftrees.c zutil.h zlib.h zconf.h inftrees.h
+
+trees.obj: trees.c zutil.h zlib.h zconf.h deflate.h trees.h
+
+uncompr.obj: uncompr.c zlib.h zconf.h
+
+zutil.obj: zutil.c zutil.h zlib.h zconf.h
+
+example.obj: test/example.c zlib.h zconf.h
+
+minigzip.obj: test/minigzip.c zlib.h zconf.h
+
+
+# For the sake of the old Borland make,
+# the command line is cut to fit in the MS-DOS 128 byte limit:
+$(ZLIB_LIB): $(OBJ1) $(OBJ2) $(OBJA)
+	-del $(ZLIB_LIB)
+	$(AR) $(ZLIB_LIB) $(OBJP1)
+	$(AR) $(ZLIB_LIB) $(OBJP2)
+	$(AR) $(ZLIB_LIB) $(OBJPA)
+
+
+# testing
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+example.exe: example.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) example.obj $(ZLIB_LIB)
+
+minigzip.exe: minigzip.obj $(ZLIB_LIB)
+	$(LD) $(LDFLAGS) minigzip.obj $(ZLIB_LIB)
+
+
+# cleanup
+clean:
+	-del $(ZLIB_LIB)
+	-del *.obj
+	-del *.exe
+	-del *.tds
+	-del zlib.bak
+	-del foo.gz
diff --git a/zlib-1.3.1/win32/Makefile.gcc b/zlib-1.3.1/win32/Makefile.gcc
new file mode 100644
index 00000000..081e391e
--- /dev/null
+++ b/zlib-1.3.1/win32/Makefile.gcc
@@ -0,0 +1,177 @@
+# Makefile for zlib, derived from Makefile.dj2.
+# Modified for mingw32 by C. Spieler, 6/16/98.
+# Updated for zlib 1.2.x by Christian Spieler and Cosmin Truta, Mar-2003.
+# Last updated: Mar 2012.
+# Tested under Cygwin and MinGW.
+
+# Copyright (C) 1995-2003 Jean-loup Gailly.
+# For conditions of distribution and use, see copyright notice in zlib.h
+
+# To compile, or to compile and test, type from the top level zlib directory:
+#
+#   make -fwin32/Makefile.gcc;  make test testdll -fwin32/Makefile.gcc
+#
+# To install libz.a, zconf.h and zlib.h in the system directories, type:
+#
+#   make install -fwin32/Makefile.gcc
+#
+# BINARY_PATH, INCLUDE_PATH and LIBRARY_PATH must be set.
+#
+# To install the shared lib, append SHARED_MODE=1 to the make command :
+#
+#   make install -fwin32/Makefile.gcc SHARED_MODE=1
+
+# Note:
+# If the platform is *not* MinGW (e.g. it is Cygwin or UWIN),
+# the DLL name should be changed from "zlib1.dll".
+
+STATICLIB = libz.a
+SHAREDLIB = zlib1.dll
+IMPLIB    = libz.dll.a
+
+#
+# Set to 1 if shared object needs to be installed
+#
+SHARED_MODE=0
+
+#LOC = -DZLIB_DEBUG -g
+
+PREFIX =
+CC = $(PREFIX)gcc
+CFLAGS = $(LOC) -O3 -Wall
+
+AS = $(CC)
+ASFLAGS = $(LOC) -Wall
+
+LD = $(CC)
+LDFLAGS = $(LOC)
+
+AR = $(PREFIX)ar
+ARFLAGS = rcs
+
+RC = $(PREFIX)windres
+RCFLAGS = --define GCC_WINDRES
+
+STRIP = $(PREFIX)strip
+
+CP = cp -fp
+# If GNU install is available, replace $(CP) with install.
+INSTALL = $(CP)
+RM = rm -f
+
+prefix ?= /usr/local
+exec_prefix = $(prefix)
+
+OBJS = adler32.o compress.o crc32.o deflate.o gzclose.o gzlib.o gzread.o \
+       gzwrite.o infback.o inffast.o inflate.o inftrees.o trees.o uncompr.o zutil.o
+OBJA =
+
+all: $(STATICLIB) $(SHAREDLIB) $(IMPLIB) example.exe minigzip.exe example_d.exe minigzip_d.exe
+
+test: example.exe minigzip.exe
+	./example
+	echo hello world | ./minigzip | ./minigzip -d
+
+testdll: example_d.exe minigzip_d.exe
+	./example_d
+	echo hello world | ./minigzip_d | ./minigzip_d -d
+
+.c.o:
+	$(CC) $(CFLAGS) -c -o $@ $<
+
+.S.o:
+	$(AS) $(ASFLAGS) -c -o $@ $<
+
+$(STATICLIB): $(OBJS) $(OBJA)
+	$(AR) $(ARFLAGS) $@ $(OBJS) $(OBJA)
+
+$(IMPLIB): $(SHAREDLIB)
+
+$(SHAREDLIB): win32/zlib.def $(OBJS) $(OBJA) zlibrc.o
+	$(CC) -shared -Wl,--out-implib,$(IMPLIB) $(LDFLAGS) \
+	-o $@ win32/zlib.def $(OBJS) $(OBJA) zlibrc.o
+	$(STRIP) $@
+
+example.exe: example.o $(STATICLIB)
+	$(LD) $(LDFLAGS) -o $@ example.o $(STATICLIB)
+	$(STRIP) $@
+
+minigzip.exe: minigzip.o $(STATICLIB)
+	$(LD) $(LDFLAGS) -o $@ minigzip.o $(STATICLIB)
+	$(STRIP) $@
+
+example_d.exe: example.o $(IMPLIB)
+	$(LD) $(LDFLAGS) -o $@ example.o $(IMPLIB)
+	$(STRIP) $@
+
+minigzip_d.exe: minigzip.o $(IMPLIB)
+	$(LD) $(LDFLAGS) -o $@ minigzip.o $(IMPLIB)
+	$(STRIP) $@
+
+example.o: test/example.c zlib.h zconf.h
+	$(CC) $(CFLAGS) -I. -c -o $@ test/example.c
+
+minigzip.o: test/minigzip.c zlib.h zconf.h
+	$(CC) $(CFLAGS) -I. -c -o $@ test/minigzip.c
+
+zlibrc.o: win32/zlib1.rc
+	$(RC) $(RCFLAGS) -o $@ win32/zlib1.rc
+
+.PHONY: install uninstall clean
+
+install: zlib.h zconf.h $(STATICLIB) $(IMPLIB)
+	@if test -z "$(DESTDIR)$(INCLUDE_PATH)" -o -z "$(DESTDIR)$(LIBRARY_PATH)" -o -z "$(DESTDIR)$(BINARY_PATH)"; then \
+		echo INCLUDE_PATH, LIBRARY_PATH, and BINARY_PATH must be specified; \
+		exit 1; \
+	fi
+	-@mkdir -p '$(DESTDIR)$(INCLUDE_PATH)'
+	-@mkdir -p '$(DESTDIR)$(LIBRARY_PATH)' '$(DESTDIR)$(LIBRARY_PATH)'/pkgconfig
+	-if [ "$(SHARED_MODE)" = "1" ]; then \
+		mkdir -p '$(DESTDIR)$(BINARY_PATH)'; \
+		$(INSTALL) $(SHAREDLIB) '$(DESTDIR)$(BINARY_PATH)'; \
+		$(INSTALL) $(IMPLIB) '$(DESTDIR)$(LIBRARY_PATH)'; \
+	fi
+	-$(INSTALL) zlib.h '$(DESTDIR)$(INCLUDE_PATH)'
+	-$(INSTALL) zconf.h '$(DESTDIR)$(INCLUDE_PATH)'
+	-$(INSTALL) $(STATICLIB) '$(DESTDIR)$(LIBRARY_PATH)'
+	sed \
+		-e 's|@prefix@|${prefix}|g' \
+		-e 's|@exec_prefix@|${exec_prefix}|g' \
+		-e 's|@libdir@|$(LIBRARY_PATH)|g' \
+		-e 's|@sharedlibdir@|$(LIBRARY_PATH)|g' \
+		-e 's|@includedir@|$(INCLUDE_PATH)|g' \
+		-e 's|@VERSION@|'`sed -n -e '/VERSION "/s/.*"\(.*\)".*/\1/p' zlib.h`'|g' \
+		zlib.pc.in > '$(DESTDIR)$(LIBRARY_PATH)'/pkgconfig/zlib.pc
+
+uninstall:
+	-if [ "$(SHARED_MODE)" = "1" ]; then \
+		$(RM) '$(DESTDIR)$(BINARY_PATH)'/$(SHAREDLIB); \
+		$(RM) '$(DESTDIR)$(LIBRARY_PATH)'/$(IMPLIB); \
+	fi
+	-$(RM) '$(DESTDIR)$(INCLUDE_PATH)'/zlib.h
+	-$(RM) '$(DESTDIR)$(INCLUDE_PATH)'/zconf.h
+	-$(RM) '$(DESTDIR)$(LIBRARY_PATH)'/$(STATICLIB)
+
+clean:
+	-$(RM) $(STATICLIB)
+	-$(RM) $(SHAREDLIB)
+	-$(RM) $(IMPLIB)
+	-$(RM) *.o
+	-$(RM) *.exe
+	-$(RM) foo.gz
+
+adler32.o: zlib.h zconf.h
+compress.o: zlib.h zconf.h
+crc32.o: crc32.h zlib.h zconf.h
+deflate.o: deflate.h zutil.h zlib.h zconf.h
+gzclose.o: zlib.h zconf.h gzguts.h
+gzlib.o: zlib.h zconf.h gzguts.h
+gzread.o: zlib.h zconf.h gzguts.h
+gzwrite.o: zlib.h zconf.h gzguts.h
+inffast.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+inflate.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+infback.o: zutil.h zlib.h zconf.h inftrees.h inflate.h inffast.h
+inftrees.o: zutil.h zlib.h zconf.h inftrees.h
+trees.o: deflate.h zutil.h zlib.h zconf.h trees.h
+uncompr.o: zlib.h zconf.h
+zutil.o: zutil.h zlib.h zconf.h
diff --git a/zlib-1.3.1/win32/Makefile.msc b/zlib-1.3.1/win32/Makefile.msc
new file mode 100644
index 00000000..9c651536
--- /dev/null
+++ b/zlib-1.3.1/win32/Makefile.msc
@@ -0,0 +1,159 @@
+# Makefile for zlib using Microsoft (Visual) C
+# zlib is copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler
+#
+# Usage:
+#   nmake -f win32/Makefile.msc                          (standard build)
+#   nmake -f win32/Makefile.msc LOC=-DFOO                (nonstandard build)
+
+# The toplevel directory of the source tree.
+#
+TOP = .
+
+# optional build flags
+LOC =
+
+# variables
+STATICLIB = zlib.lib
+SHAREDLIB = zlib1.dll
+IMPLIB    = zdll.lib
+
+CC = cl
+AS = ml
+LD = link
+AR = lib
+RC = rc
+CFLAGS  = -nologo -MD -W3 -O2 -Oy- -Zi -Fd"zlib" $(LOC)
+WFLAGS  = -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE
+ASFLAGS = -coff -Zi $(LOC)
+LDFLAGS = -nologo -debug -incremental:no -opt:ref
+ARFLAGS = -nologo
+RCFLAGS = /dWIN32 /r
+
+OBJS = adler32.obj compress.obj crc32.obj deflate.obj gzclose.obj gzlib.obj gzread.obj \
+       gzwrite.obj infback.obj inflate.obj inftrees.obj inffast.obj trees.obj uncompr.obj zutil.obj
+OBJA =
+
+
+# targets
+all: $(STATICLIB) $(SHAREDLIB) $(IMPLIB) \
+     example.exe minigzip.exe example_d.exe minigzip_d.exe
+
+$(STATICLIB): $(OBJS) $(OBJA)
+	$(AR) $(ARFLAGS) -out:$@ $(OBJS) $(OBJA)
+
+$(IMPLIB): $(SHAREDLIB)
+
+$(SHAREDLIB): $(TOP)/win32/zlib.def $(OBJS) $(OBJA) zlib1.res
+	$(LD) $(LDFLAGS) -def:$(TOP)/win32/zlib.def -dll -implib:$(IMPLIB) \
+	  -out:$@ -base:0x5A4C0000 $(OBJS) $(OBJA) zlib1.res
+	if exist $@.manifest \
+	  mt -nologo -manifest $@.manifest -outputresource:$@;2
+
+example.exe: example.obj $(STATICLIB)
+	$(LD) $(LDFLAGS) example.obj $(STATICLIB)
+	if exist $@.manifest \
+	  mt -nologo -manifest $@.manifest -outputresource:$@;1
+
+minigzip.exe: minigzip.obj $(STATICLIB)
+	$(LD) $(LDFLAGS) minigzip.obj $(STATICLIB)
+	if exist $@.manifest \
+	  mt -nologo -manifest $@.manifest -outputresource:$@;1
+
+example_d.exe: example.obj $(IMPLIB)
+	$(LD) $(LDFLAGS) -out:$@ example.obj $(IMPLIB)
+	if exist $@.manifest \
+	  mt -nologo -manifest $@.manifest -outputresource:$@;1
+
+minigzip_d.exe: minigzip.obj $(IMPLIB)
+	$(LD) $(LDFLAGS) -out:$@ minigzip.obj $(IMPLIB)
+	if exist $@.manifest \
+	  mt -nologo -manifest $@.manifest -outputresource:$@;1
+
+{$(TOP)}.c.obj:
+	$(CC) -c $(WFLAGS) $(CFLAGS) $<
+
+{$(TOP)/test}.c.obj:
+	$(CC) -c -I$(TOP) $(WFLAGS) $(CFLAGS) $<
+
+{$(TOP)/contrib/masmx64}.c.obj:
+	$(CC) -c $(WFLAGS) $(CFLAGS) $<
+
+{$(TOP)/contrib/masmx64}.asm.obj:
+	$(AS) -c $(ASFLAGS) $<
+
+{$(TOP)/contrib/masmx86}.asm.obj:
+	$(AS) -c $(ASFLAGS) $<
+
+adler32.obj: $(TOP)/adler32.c $(TOP)/zlib.h $(TOP)/zconf.h
+
+compress.obj: $(TOP)/compress.c $(TOP)/zlib.h $(TOP)/zconf.h
+
+crc32.obj: $(TOP)/crc32.c $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/crc32.h
+
+deflate.obj: $(TOP)/deflate.c $(TOP)/deflate.h $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h
+
+gzclose.obj: $(TOP)/gzclose.c $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/gzguts.h
+
+gzlib.obj: $(TOP)/gzlib.c $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/gzguts.h
+
+gzread.obj: $(TOP)/gzread.c $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/gzguts.h
+
+gzwrite.obj: $(TOP)/gzwrite.c $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/gzguts.h
+
+infback.obj: $(TOP)/infback.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/inftrees.h $(TOP)/inflate.h \
+             $(TOP)/inffast.h $(TOP)/inffixed.h
+
+inffast.obj: $(TOP)/inffast.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/inftrees.h $(TOP)/inflate.h \
+             $(TOP)/inffast.h
+
+inflate.obj: $(TOP)/inflate.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/inftrees.h $(TOP)/inflate.h \
+             $(TOP)/inffast.h $(TOP)/inffixed.h
+
+inftrees.obj: $(TOP)/inftrees.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/inftrees.h
+
+trees.obj: $(TOP)/trees.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h $(TOP)/deflate.h $(TOP)/trees.h
+
+uncompr.obj: $(TOP)/uncompr.c $(TOP)/zlib.h $(TOP)/zconf.h
+
+zutil.obj: $(TOP)/zutil.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h
+
+gvmat64.obj: $(TOP)/contrib\masmx64\gvmat64.asm
+
+inffasx64.obj: $(TOP)/contrib\masmx64\inffasx64.asm
+
+inffas8664.obj: $(TOP)/contrib\masmx64\inffas8664.c $(TOP)/zutil.h $(TOP)/zlib.h $(TOP)/zconf.h \
+		$(TOP)/inftrees.h $(TOP)/inflate.h $(TOP)/inffast.h
+
+inffas32.obj: $(TOP)/contrib\masmx86\inffas32.asm
+
+match686.obj: $(TOP)/contrib\masmx86\match686.asm
+
+example.obj: $(TOP)/test/example.c $(TOP)/zlib.h $(TOP)/zconf.h
+
+minigzip.obj: $(TOP)/test/minigzip.c $(TOP)/zlib.h $(TOP)/zconf.h
+
+zlib1.res: $(TOP)/win32/zlib1.rc
+	$(RC) $(RCFLAGS) /fo$@ $(TOP)/win32/zlib1.rc
+
+# testing
+test: example.exe minigzip.exe
+	example
+	echo hello world | minigzip | minigzip -d
+
+testdll: example_d.exe minigzip_d.exe
+	example_d
+	echo hello world | minigzip_d | minigzip_d -d
+
+
+# cleanup
+clean:
+	-del $(STATICLIB)
+	-del $(SHAREDLIB)
+	-del $(IMPLIB)
+	-del *.obj
+	-del *.res
+	-del *.exp
+	-del *.exe
+	-del *.pdb
+	-del *.manifest
+	-del foo.gz
diff --git a/zlib-1.3.1/win32/README-WIN32.txt b/zlib-1.3.1/win32/README-WIN32.txt
new file mode 100644
index 00000000..14e6398e
--- /dev/null
+++ b/zlib-1.3.1/win32/README-WIN32.txt
@@ -0,0 +1,103 @@
+ZLIB DATA COMPRESSION LIBRARY
+
+zlib 1.3.1 is a general purpose data compression library.  All the code is
+thread safe.  The data format used by the zlib library is described by RFCs
+(Request for Comments) 1950 to 1952 in the files
+http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format)
+and rfc1952.txt (gzip format).
+
+All functions of the compression library are documented in the file zlib.h
+(volunteer to write man pages welcome, contact zlib@gzip.org).  Two compiled
+examples are distributed in this package, example and minigzip.  The example_d
+and minigzip_d flavors validate that the zlib1.dll file is working correctly.
+
+Questions about zlib should be sent to <zlib@gzip.org>.  The zlib home page
+is http://zlib.net/ .  Before reporting a problem, please check this site to
+verify that you have the latest version of zlib; otherwise get the latest
+version and check whether the problem still exists or not.
+
+PLEASE read DLL_FAQ.txt, and the zlib FAQ http://zlib.net/zlib_faq.html before
+asking for help.
+
+
+Manifest:
+
+The package zlib-1.3.1-win32-x86.zip will contain the following files:
+
+  README-WIN32.txt This document
+  ChangeLog        Changes since previous zlib packages
+  DLL_FAQ.txt      Frequently asked questions about zlib1.dll
+  zlib.3.pdf       Documentation of this library in Adobe Acrobat format
+
+  example.exe      A statically-bound example (using zlib.lib, not the dll)
+  example.pdb      Symbolic information for debugging example.exe
+
+  example_d.exe    A zlib1.dll bound example (using zdll.lib)
+  example_d.pdb    Symbolic information for debugging example_d.exe
+
+  minigzip.exe     A statically-bound test program (using zlib.lib, not the dll)
+  minigzip.pdb     Symbolic information for debugging minigzip.exe
+
+  minigzip_d.exe   A zlib1.dll bound test program (using zdll.lib)
+  minigzip_d.pdb   Symbolic information for debugging minigzip_d.exe
+
+  zlib.h           Install these files into the compilers' INCLUDE path to
+  zconf.h          compile programs which use zlib.lib or zdll.lib
+
+  zdll.lib         Install these files into the compilers' LIB path if linking
+  zdll.exp         a compiled program to the zlib1.dll binary
+
+  zlib.lib         Install these files into the compilers' LIB path to link zlib
+  zlib.pdb         into compiled programs, without zlib1.dll runtime dependency
+                   (zlib.pdb provides debugging info to the compile time linker)
+
+  zlib1.dll        Install this binary shared library into the system PATH, or
+                   the program's runtime directory (where the .exe resides)
+  zlib1.pdb        Install in the same directory as zlib1.dll, in order to debug
+                   an application crash using WinDbg or similar tools.
+
+All .pdb files above are entirely optional, but are very useful to a developer
+attempting to diagnose program misbehavior or a crash.  Many additional
+important files for developers can be found in the zlib127.zip source package
+available from http://zlib.net/ - review that package's README file for details.
+
+
+Acknowledgments:
+
+The deflate format used by zlib was defined by Phil Katz.  The deflate and
+zlib specifications were written by L.  Peter Deutsch.  Thanks to all the
+people who reported problems and suggested various improvements in zlib; they
+are too numerous to cite here.
+
+
+Copyright notice:
+
+  (C) 1995-2017 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+If you use the zlib library in a product, we would appreciate *not* receiving
+lengthy legal documents to sign.  The sources are provided for free but without
+warranty of any kind.  The library has been entirely written by Jean-loup
+Gailly and Mark Adler; it does not include third-party code.
+
+If you redistribute modified sources, we would appreciate that you include in
+the file ChangeLog history information documenting your changes.  Please read
+the FAQ for more information on the distribution of modified source versions.
diff --git a/zlib-1.3.1/win32/VisualC.txt b/zlib-1.3.1/win32/VisualC.txt
new file mode 100644
index 00000000..1005b219
--- /dev/null
+++ b/zlib-1.3.1/win32/VisualC.txt
@@ -0,0 +1,3 @@
+
+To build zlib using the Microsoft Visual C++ environment,
+use the appropriate project from the contrib/vstudio/ directory.
diff --git a/zlib-1.3.1/win32/zlib.def b/zlib-1.3.1/win32/zlib.def
new file mode 100644
index 00000000..53c80115
--- /dev/null
+++ b/zlib-1.3.1/win32/zlib.def
@@ -0,0 +1,97 @@
+; zlib data compression library
+EXPORTS
+; basic functions
+    zlibVersion
+    deflate
+    deflateEnd
+    inflate
+    inflateEnd
+; advanced functions
+    deflateSetDictionary
+    deflateGetDictionary
+    deflateCopy
+    deflateReset
+    deflateParams
+    deflateTune
+    deflateBound
+    deflatePending
+    deflatePrime
+    deflateSetHeader
+    inflateSetDictionary
+    inflateGetDictionary
+    inflateSync
+    inflateCopy
+    inflateReset
+    inflateReset2
+    inflatePrime
+    inflateMark
+    inflateGetHeader
+    inflateBack
+    inflateBackEnd
+    zlibCompileFlags
+; utility functions
+    compress
+    compress2
+    compressBound
+    uncompress
+    uncompress2
+    gzopen
+    gzdopen
+    gzbuffer
+    gzsetparams
+    gzread
+    gzfread
+    gzwrite
+    gzfwrite
+    gzprintf
+    gzvprintf
+    gzputs
+    gzgets
+    gzputc
+    gzgetc
+    gzungetc
+    gzflush
+    gzseek
+    gzrewind
+    gztell
+    gzoffset
+    gzeof
+    gzdirect
+    gzclose
+    gzclose_r
+    gzclose_w
+    gzerror
+    gzclearerr
+; large file functions
+    gzopen64
+    gzseek64
+    gztell64
+    gzoffset64
+    adler32_combine64
+    crc32_combine64
+    crc32_combine_gen64
+; checksum functions
+    adler32
+    adler32_z
+    crc32
+    crc32_z
+    adler32_combine
+    crc32_combine
+    crc32_combine_gen
+    crc32_combine_op
+; various hacks, don't look :)
+    deflateInit_
+    deflateInit2_
+    inflateInit_
+    inflateInit2_
+    inflateBackInit_
+    gzgetc_
+    zError
+    inflateSyncPoint
+    get_crc_table
+    inflateUndermine
+    inflateValidate
+    inflateCodesUsed
+    inflateResetKeep
+    deflateResetKeep
+    gzopen_w
diff --git a/zlib-1.3.1/win32/zlib1.rc b/zlib-1.3.1/win32/zlib1.rc
new file mode 100644
index 00000000..ceb4ee5c
--- /dev/null
+++ b/zlib-1.3.1/win32/zlib1.rc
@@ -0,0 +1,40 @@
+#include <winver.h>
+#include "../zlib.h"
+
+#ifdef GCC_WINDRES
+VS_VERSION_INFO		VERSIONINFO
+#else
+VS_VERSION_INFO		VERSIONINFO	MOVEABLE IMPURE LOADONCALL DISCARDABLE
+#endif
+  FILEVERSION		ZLIB_VER_MAJOR,ZLIB_VER_MINOR,ZLIB_VER_REVISION,0
+  PRODUCTVERSION	ZLIB_VER_MAJOR,ZLIB_VER_MINOR,ZLIB_VER_REVISION,0
+  FILEFLAGSMASK		VS_FFI_FILEFLAGSMASK
+#ifdef _DEBUG
+  FILEFLAGS		1
+#else
+  FILEFLAGS		0
+#endif
+  FILEOS		VOS__WINDOWS32
+  FILETYPE		VFT_DLL
+  FILESUBTYPE		0	// not used
+BEGIN
+  BLOCK "StringFileInfo"
+  BEGIN
+    BLOCK "040904E4"
+    //language ID = U.S. English, char set = Windows, Multilingual
+    BEGIN
+      VALUE "FileDescription",	"zlib data compression library\0"
+      VALUE "FileVersion",	ZLIB_VERSION "\0"
+      VALUE "InternalName",	"zlib1.dll\0"
+      VALUE "LegalCopyright",	"(C) 1995-2022 Jean-loup Gailly & Mark Adler\0"
+      VALUE "OriginalFilename",	"zlib1.dll\0"
+      VALUE "ProductName",	"zlib\0"
+      VALUE "ProductVersion",	ZLIB_VERSION "\0"
+      VALUE "Comments",		"For more information visit http://www.zlib.net/\0"
+    END
+  END
+  BLOCK "VarFileInfo"
+  BEGIN
+    VALUE "Translation", 0x0409, 1252
+  END
+END
diff --git a/zlib-1.3.1/zconf.h b/zlib-1.3.1/zconf.h
new file mode 100644
index 00000000..62adc8d8
--- /dev/null
+++ b/zlib-1.3.1/zconf.h
@@ -0,0 +1,543 @@
+/* zconf.h -- configuration of the zlib compression library
+ * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZCONF_H
+#define ZCONF_H
+
+/*
+ * If you *really* need a unique prefix for all types and library functions,
+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
+ * Even better than compiling with -DZ_PREFIX would be to use configure to set
+ * this permanently in zconf.h using "./configure --zprefix".
+ */
+#ifdef Z_PREFIX     /* may be set to #if 1 by ./configure */
+#  define Z_PREFIX_SET
+
+/* all linked symbols and init macros */
+#  define _dist_code            z__dist_code
+#  define _length_code          z__length_code
+#  define _tr_align             z__tr_align
+#  define _tr_flush_bits        z__tr_flush_bits
+#  define _tr_flush_block       z__tr_flush_block
+#  define _tr_init              z__tr_init
+#  define _tr_stored_block      z__tr_stored_block
+#  define _tr_tally             z__tr_tally
+#  define adler32               z_adler32
+#  define adler32_combine       z_adler32_combine
+#  define adler32_combine64     z_adler32_combine64
+#  define adler32_z             z_adler32_z
+#  ifndef Z_SOLO
+#    define compress              z_compress
+#    define compress2             z_compress2
+#    define compressBound         z_compressBound
+#  endif
+#  define crc32                 z_crc32
+#  define crc32_combine         z_crc32_combine
+#  define crc32_combine64       z_crc32_combine64
+#  define crc32_combine_gen     z_crc32_combine_gen
+#  define crc32_combine_gen64   z_crc32_combine_gen64
+#  define crc32_combine_op      z_crc32_combine_op
+#  define crc32_z               z_crc32_z
+#  define deflate               z_deflate
+#  define deflateBound          z_deflateBound
+#  define deflateCopy           z_deflateCopy
+#  define deflateEnd            z_deflateEnd
+#  define deflateGetDictionary  z_deflateGetDictionary
+#  define deflateInit           z_deflateInit
+#  define deflateInit2          z_deflateInit2
+#  define deflateInit2_         z_deflateInit2_
+#  define deflateInit_          z_deflateInit_
+#  define deflateParams         z_deflateParams
+#  define deflatePending        z_deflatePending
+#  define deflatePrime          z_deflatePrime
+#  define deflateReset          z_deflateReset
+#  define deflateResetKeep      z_deflateResetKeep
+#  define deflateSetDictionary  z_deflateSetDictionary
+#  define deflateSetHeader      z_deflateSetHeader
+#  define deflateTune           z_deflateTune
+#  define deflate_copyright     z_deflate_copyright
+#  define get_crc_table         z_get_crc_table
+#  ifndef Z_SOLO
+#    define gz_error              z_gz_error
+#    define gz_intmax             z_gz_intmax
+#    define gz_strwinerror        z_gz_strwinerror
+#    define gzbuffer              z_gzbuffer
+#    define gzclearerr            z_gzclearerr
+#    define gzclose               z_gzclose
+#    define gzclose_r             z_gzclose_r
+#    define gzclose_w             z_gzclose_w
+#    define gzdirect              z_gzdirect
+#    define gzdopen               z_gzdopen
+#    define gzeof                 z_gzeof
+#    define gzerror               z_gzerror
+#    define gzflush               z_gzflush
+#    define gzfread               z_gzfread
+#    define gzfwrite              z_gzfwrite
+#    define gzgetc                z_gzgetc
+#    define gzgetc_               z_gzgetc_
+#    define gzgets                z_gzgets
+#    define gzoffset              z_gzoffset
+#    define gzoffset64            z_gzoffset64
+#    define gzopen                z_gzopen
+#    define gzopen64              z_gzopen64
+#    ifdef _WIN32
+#      define gzopen_w              z_gzopen_w
+#    endif
+#    define gzprintf              z_gzprintf
+#    define gzputc                z_gzputc
+#    define gzputs                z_gzputs
+#    define gzread                z_gzread
+#    define gzrewind              z_gzrewind
+#    define gzseek                z_gzseek
+#    define gzseek64              z_gzseek64
+#    define gzsetparams           z_gzsetparams
+#    define gztell                z_gztell
+#    define gztell64              z_gztell64
+#    define gzungetc              z_gzungetc
+#    define gzvprintf             z_gzvprintf
+#    define gzwrite               z_gzwrite
+#  endif
+#  define inflate               z_inflate
+#  define inflateBack           z_inflateBack
+#  define inflateBackEnd        z_inflateBackEnd
+#  define inflateBackInit       z_inflateBackInit
+#  define inflateBackInit_      z_inflateBackInit_
+#  define inflateCodesUsed      z_inflateCodesUsed
+#  define inflateCopy           z_inflateCopy
+#  define inflateEnd            z_inflateEnd
+#  define inflateGetDictionary  z_inflateGetDictionary
+#  define inflateGetHeader      z_inflateGetHeader
+#  define inflateInit           z_inflateInit
+#  define inflateInit2          z_inflateInit2
+#  define inflateInit2_         z_inflateInit2_
+#  define inflateInit_          z_inflateInit_
+#  define inflateMark           z_inflateMark
+#  define inflatePrime          z_inflatePrime
+#  define inflateReset          z_inflateReset
+#  define inflateReset2         z_inflateReset2
+#  define inflateResetKeep      z_inflateResetKeep
+#  define inflateSetDictionary  z_inflateSetDictionary
+#  define inflateSync           z_inflateSync
+#  define inflateSyncPoint      z_inflateSyncPoint
+#  define inflateUndermine      z_inflateUndermine
+#  define inflateValidate       z_inflateValidate
+#  define inflate_copyright     z_inflate_copyright
+#  define inflate_fast          z_inflate_fast
+#  define inflate_table         z_inflate_table
+#  ifndef Z_SOLO
+#    define uncompress            z_uncompress
+#    define uncompress2           z_uncompress2
+#  endif
+#  define zError                z_zError
+#  ifndef Z_SOLO
+#    define zcalloc               z_zcalloc
+#    define zcfree                z_zcfree
+#  endif
+#  define zlibCompileFlags      z_zlibCompileFlags
+#  define zlibVersion           z_zlibVersion
+
+/* all zlib typedefs in zlib.h and zconf.h */
+#  define Byte                  z_Byte
+#  define Bytef                 z_Bytef
+#  define alloc_func            z_alloc_func
+#  define charf                 z_charf
+#  define free_func             z_free_func
+#  ifndef Z_SOLO
+#    define gzFile                z_gzFile
+#  endif
+#  define gz_header             z_gz_header
+#  define gz_headerp            z_gz_headerp
+#  define in_func               z_in_func
+#  define intf                  z_intf
+#  define out_func              z_out_func
+#  define uInt                  z_uInt
+#  define uIntf                 z_uIntf
+#  define uLong                 z_uLong
+#  define uLongf                z_uLongf
+#  define voidp                 z_voidp
+#  define voidpc                z_voidpc
+#  define voidpf                z_voidpf
+
+/* all zlib structs in zlib.h and zconf.h */
+#  define gz_header_s           z_gz_header_s
+#  define internal_state        z_internal_state
+
+#endif
+
+#if defined(__MSDOS__) && !defined(MSDOS)
+#  define MSDOS
+#endif
+#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2)
+#  define OS2
+#endif
+#if defined(_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(_WIN32) || defined(_WIN32_WCE) || defined(__WIN32__)
+#  ifndef WIN32
+#    define WIN32
+#  endif
+#endif
+#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32)
+#  if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__)
+#    ifndef SYS16BIT
+#      define SYS16BIT
+#    endif
+#  endif
+#endif
+
+/*
+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
+ * than 64k bytes at a time (needed on systems with 16-bit int).
+ */
+#ifdef SYS16BIT
+#  define MAXSEG_64K
+#endif
+#ifdef MSDOS
+#  define UNALIGNED_OK
+#endif
+
+#ifdef __STDC_VERSION__
+#  ifndef STDC
+#    define STDC
+#  endif
+#  if __STDC_VERSION__ >= 199901L
+#    ifndef STDC99
+#      define STDC99
+#    endif
+#  endif
+#endif
+#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__))
+#  define STDC
+#endif
+
+#if defined(__OS400__) && !defined(STDC)    /* iSeries (formerly AS/400). */
+#  define STDC
+#endif
+
+#ifndef STDC
+#  ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
+#    define const       /* note: need a more gentle solution here */
+#  endif
+#endif
+
+#if defined(ZLIB_CONST) && !defined(z_const)
+#  define z_const const
+#else
+#  define z_const
+#endif
+
+#ifdef Z_SOLO
+#  ifdef _WIN64
+     typedef unsigned long long z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#else
+#  define z_longlong long long
+#  if defined(NO_SIZE_T)
+     typedef unsigned NO_SIZE_T z_size_t;
+#  elif defined(STDC)
+#    include <stddef.h>
+     typedef size_t z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#  undef z_longlong
+#endif
+
+/* Maximum value for memLevel in deflateInit2 */
+#ifndef MAX_MEM_LEVEL
+#  ifdef MAXSEG_64K
+#    define MAX_MEM_LEVEL 8
+#  else
+#    define MAX_MEM_LEVEL 9
+#  endif
+#endif
+
+/* Maximum value for windowBits in deflateInit2 and inflateInit2.
+ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
+ * created by gzip. (Files created by minigzip can still be extracted by
+ * gzip.)
+ */
+#ifndef MAX_WBITS
+#  define MAX_WBITS   15 /* 32K LZ77 window */
+#endif
+
+/* The memory requirements for deflate are (in bytes):
+            (1 << (windowBits+2)) +  (1 << (memLevel+9))
+ that is: 128K for windowBits=15  +  128K for memLevel = 8  (default values)
+ plus a few kilobytes for small objects. For example, if you want to reduce
+ the default memory requirements from 256K to 128K, compile with
+     make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
+ Of course this will generally degrade compression (there's no free lunch).
+
+   The memory requirements for inflate are (in bytes) 1 << windowBits
+ that is, 32K for windowBits=15 (default value) plus about 7 kilobytes
+ for small objects.
+*/
+
+                        /* Type declarations */
+
+#ifndef OF /* function prototypes */
+#  ifdef STDC
+#    define OF(args)  args
+#  else
+#    define OF(args)  ()
+#  endif
+#endif
+
+/* The following definitions for FAR are needed only for MSDOS mixed
+ * model programming (small or medium model with some far allocations).
+ * This was tested only with MSC; for other MSDOS compilers you may have
+ * to define NO_MEMCPY in zutil.h.  If you don't need the mixed model,
+ * just define FAR to be empty.
+ */
+#ifdef SYS16BIT
+#  if defined(M_I86SM) || defined(M_I86MM)
+     /* MSC small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef _MSC_VER
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#  if (defined(__SMALL__) || defined(__MEDIUM__))
+     /* Turbo C small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef __BORLANDC__
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#endif
+
+#if defined(WINDOWS) || defined(WIN32)
+   /* If building or using zlib as a DLL, define ZLIB_DLL.
+    * This is not mandatory, but it offers a little performance increase.
+    */
+#  ifdef ZLIB_DLL
+#    if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500))
+#      ifdef ZLIB_INTERNAL
+#        define ZEXTERN extern __declspec(dllexport)
+#      else
+#        define ZEXTERN extern __declspec(dllimport)
+#      endif
+#    endif
+#  endif  /* ZLIB_DLL */
+   /* If building or using zlib with the WINAPI/WINAPIV calling convention,
+    * define ZLIB_WINAPI.
+    * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI.
+    */
+#  ifdef ZLIB_WINAPI
+#    ifdef FAR
+#      undef FAR
+#    endif
+#    ifndef WIN32_LEAN_AND_MEAN
+#      define WIN32_LEAN_AND_MEAN
+#    endif
+#    include <windows.h>
+     /* No need for _export, use ZLIB.DEF instead. */
+     /* For complete Windows compatibility, use WINAPI, not __stdcall. */
+#    define ZEXPORT WINAPI
+#    ifdef WIN32
+#      define ZEXPORTVA WINAPIV
+#    else
+#      define ZEXPORTVA FAR CDECL
+#    endif
+#  endif
+#endif
+
+#if defined (__BEOS__)
+#  ifdef ZLIB_DLL
+#    ifdef ZLIB_INTERNAL
+#      define ZEXPORT   __declspec(dllexport)
+#      define ZEXPORTVA __declspec(dllexport)
+#    else
+#      define ZEXPORT   __declspec(dllimport)
+#      define ZEXPORTVA __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+#ifndef ZEXTERN
+#  define ZEXTERN extern
+#endif
+#ifndef ZEXPORT
+#  define ZEXPORT
+#endif
+#ifndef ZEXPORTVA
+#  define ZEXPORTVA
+#endif
+
+#ifndef FAR
+#  define FAR
+#endif
+
+#if !defined(__MACTYPES__)
+typedef unsigned char  Byte;  /* 8 bits */
+#endif
+typedef unsigned int   uInt;  /* 16 bits or more */
+typedef unsigned long  uLong; /* 32 bits or more */
+
+#ifdef SMALL_MEDIUM
+   /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
+#  define Bytef Byte FAR
+#else
+   typedef Byte  FAR Bytef;
+#endif
+typedef char  FAR charf;
+typedef int   FAR intf;
+typedef uInt  FAR uIntf;
+typedef uLong FAR uLongf;
+
+#ifdef STDC
+   typedef void const *voidpc;
+   typedef void FAR   *voidpf;
+   typedef void       *voidp;
+#else
+   typedef Byte const *voidpc;
+   typedef Byte FAR   *voidpf;
+   typedef Byte       *voidp;
+#endif
+
+#if !defined(Z_U4) && !defined(Z_SOLO) && defined(STDC)
+#  include <limits.h>
+#  if (UINT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned
+#  elif (ULONG_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned long
+#  elif (USHRT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned short
+#  endif
+#endif
+
+#ifdef Z_U4
+   typedef Z_U4 z_crc_t;
+#else
+   typedef unsigned long z_crc_t;
+#endif
+
+#ifdef HAVE_UNISTD_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_UNISTD_H
+#endif
+
+#ifdef HAVE_STDARG_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_STDARG_H
+#endif
+
+#ifdef STDC
+#  ifndef Z_SOLO
+#    include <sys/types.h>      /* for off_t */
+#  endif
+#endif
+
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifndef Z_SOLO
+#    include <stdarg.h>         /* for va_list */
+#  endif
+#endif
+
+#ifdef _WIN32
+#  ifndef Z_SOLO
+#    include <stddef.h>         /* for wchar_t */
+#  endif
+#endif
+
+/* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and
+ * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even
+ * though the former does not conform to the LFS document), but considering
+ * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as
+ * equivalently requesting no 64-bit operations
+ */
+#if defined(_LARGEFILE64_SOURCE) && -_LARGEFILE64_SOURCE - -1 == 1
+#  undef _LARGEFILE64_SOURCE
+#endif
+
+#ifndef Z_HAVE_UNISTD_H
+#  ifdef __WATCOMC__
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_HAVE_UNISTD_H
+#  if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32)
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_SOLO
+#  if defined(Z_HAVE_UNISTD_H)
+#    include <unistd.h>         /* for SEEK_*, off_t, and _LFS64_LARGEFILE */
+#    ifdef VMS
+#      include <unixio.h>       /* for off_t */
+#    endif
+#    ifndef z_off_t
+#      define z_off_t off_t
+#    endif
+#  endif
+#endif
+
+#if defined(_LFS64_LARGEFILE) && _LFS64_LARGEFILE-0
+#  define Z_LFS64
+#endif
+
+#if defined(_LARGEFILE64_SOURCE) && defined(Z_LFS64)
+#  define Z_LARGE64
+#endif
+
+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS-0 == 64 && defined(Z_LFS64)
+#  define Z_WANT64
+#endif
+
+#if !defined(SEEK_SET) && !defined(Z_SOLO)
+#  define SEEK_SET        0       /* Seek from beginning of file.  */
+#  define SEEK_CUR        1       /* Seek from current position.  */
+#  define SEEK_END        2       /* Set file pointer to EOF plus "offset" */
+#endif
+
+#ifndef z_off_t
+#  define z_off_t long
+#endif
+
+#if !defined(_WIN32) && defined(Z_LARGE64)
+#  define z_off64_t off64_t
+#else
+#  if defined(_WIN32) && !defined(__GNUC__)
+#    define z_off64_t __int64
+#  else
+#    define z_off64_t z_off_t
+#  endif
+#endif
+
+/* MVS linker does not support external names larger than 8 bytes */
+#if defined(__MVS__)
+  #pragma map(deflateInit_,"DEIN")
+  #pragma map(deflateInit2_,"DEIN2")
+  #pragma map(deflateEnd,"DEEND")
+  #pragma map(deflateBound,"DEBND")
+  #pragma map(inflateInit_,"ININ")
+  #pragma map(inflateInit2_,"ININ2")
+  #pragma map(inflateEnd,"INEND")
+  #pragma map(inflateSync,"INSY")
+  #pragma map(inflateSetDictionary,"INSEDI")
+  #pragma map(compressBound,"CMBND")
+  #pragma map(inflate_table,"INTABL")
+  #pragma map(inflate_fast,"INFA")
+  #pragma map(inflate_copyright,"INCOPY")
+#endif
+
+#endif /* ZCONF_H */
diff --git a/zlib-1.3.1/zconf.h.cmakein b/zlib-1.3.1/zconf.h.cmakein
new file mode 100644
index 00000000..0abe3bc9
--- /dev/null
+++ b/zlib-1.3.1/zconf.h.cmakein
@@ -0,0 +1,545 @@
+/* zconf.h -- configuration of the zlib compression library
+ * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZCONF_H
+#define ZCONF_H
+#cmakedefine Z_PREFIX
+#cmakedefine Z_HAVE_UNISTD_H
+
+/*
+ * If you *really* need a unique prefix for all types and library functions,
+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
+ * Even better than compiling with -DZ_PREFIX would be to use configure to set
+ * this permanently in zconf.h using "./configure --zprefix".
+ */
+#ifdef Z_PREFIX     /* may be set to #if 1 by ./configure */
+#  define Z_PREFIX_SET
+
+/* all linked symbols and init macros */
+#  define _dist_code            z__dist_code
+#  define _length_code          z__length_code
+#  define _tr_align             z__tr_align
+#  define _tr_flush_bits        z__tr_flush_bits
+#  define _tr_flush_block       z__tr_flush_block
+#  define _tr_init              z__tr_init
+#  define _tr_stored_block      z__tr_stored_block
+#  define _tr_tally             z__tr_tally
+#  define adler32               z_adler32
+#  define adler32_combine       z_adler32_combine
+#  define adler32_combine64     z_adler32_combine64
+#  define adler32_z             z_adler32_z
+#  ifndef Z_SOLO
+#    define compress              z_compress
+#    define compress2             z_compress2
+#    define compressBound         z_compressBound
+#  endif
+#  define crc32                 z_crc32
+#  define crc32_combine         z_crc32_combine
+#  define crc32_combine64       z_crc32_combine64
+#  define crc32_combine_gen     z_crc32_combine_gen
+#  define crc32_combine_gen64   z_crc32_combine_gen64
+#  define crc32_combine_op      z_crc32_combine_op
+#  define crc32_z               z_crc32_z
+#  define deflate               z_deflate
+#  define deflateBound          z_deflateBound
+#  define deflateCopy           z_deflateCopy
+#  define deflateEnd            z_deflateEnd
+#  define deflateGetDictionary  z_deflateGetDictionary
+#  define deflateInit           z_deflateInit
+#  define deflateInit2          z_deflateInit2
+#  define deflateInit2_         z_deflateInit2_
+#  define deflateInit_          z_deflateInit_
+#  define deflateParams         z_deflateParams
+#  define deflatePending        z_deflatePending
+#  define deflatePrime          z_deflatePrime
+#  define deflateReset          z_deflateReset
+#  define deflateResetKeep      z_deflateResetKeep
+#  define deflateSetDictionary  z_deflateSetDictionary
+#  define deflateSetHeader      z_deflateSetHeader
+#  define deflateTune           z_deflateTune
+#  define deflate_copyright     z_deflate_copyright
+#  define get_crc_table         z_get_crc_table
+#  ifndef Z_SOLO
+#    define gz_error              z_gz_error
+#    define gz_intmax             z_gz_intmax
+#    define gz_strwinerror        z_gz_strwinerror
+#    define gzbuffer              z_gzbuffer
+#    define gzclearerr            z_gzclearerr
+#    define gzclose               z_gzclose
+#    define gzclose_r             z_gzclose_r
+#    define gzclose_w             z_gzclose_w
+#    define gzdirect              z_gzdirect
+#    define gzdopen               z_gzdopen
+#    define gzeof                 z_gzeof
+#    define gzerror               z_gzerror
+#    define gzflush               z_gzflush
+#    define gzfread               z_gzfread
+#    define gzfwrite              z_gzfwrite
+#    define gzgetc                z_gzgetc
+#    define gzgetc_               z_gzgetc_
+#    define gzgets                z_gzgets
+#    define gzoffset              z_gzoffset
+#    define gzoffset64            z_gzoffset64
+#    define gzopen                z_gzopen
+#    define gzopen64              z_gzopen64
+#    ifdef _WIN32
+#      define gzopen_w              z_gzopen_w
+#    endif
+#    define gzprintf              z_gzprintf
+#    define gzputc                z_gzputc
+#    define gzputs                z_gzputs
+#    define gzread                z_gzread
+#    define gzrewind              z_gzrewind
+#    define gzseek                z_gzseek
+#    define gzseek64              z_gzseek64
+#    define gzsetparams           z_gzsetparams
+#    define gztell                z_gztell
+#    define gztell64              z_gztell64
+#    define gzungetc              z_gzungetc
+#    define gzvprintf             z_gzvprintf
+#    define gzwrite               z_gzwrite
+#  endif
+#  define inflate               z_inflate
+#  define inflateBack           z_inflateBack
+#  define inflateBackEnd        z_inflateBackEnd
+#  define inflateBackInit       z_inflateBackInit
+#  define inflateBackInit_      z_inflateBackInit_
+#  define inflateCodesUsed      z_inflateCodesUsed
+#  define inflateCopy           z_inflateCopy
+#  define inflateEnd            z_inflateEnd
+#  define inflateGetDictionary  z_inflateGetDictionary
+#  define inflateGetHeader      z_inflateGetHeader
+#  define inflateInit           z_inflateInit
+#  define inflateInit2          z_inflateInit2
+#  define inflateInit2_         z_inflateInit2_
+#  define inflateInit_          z_inflateInit_
+#  define inflateMark           z_inflateMark
+#  define inflatePrime          z_inflatePrime
+#  define inflateReset          z_inflateReset
+#  define inflateReset2         z_inflateReset2
+#  define inflateResetKeep      z_inflateResetKeep
+#  define inflateSetDictionary  z_inflateSetDictionary
+#  define inflateSync           z_inflateSync
+#  define inflateSyncPoint      z_inflateSyncPoint
+#  define inflateUndermine      z_inflateUndermine
+#  define inflateValidate       z_inflateValidate
+#  define inflate_copyright     z_inflate_copyright
+#  define inflate_fast          z_inflate_fast
+#  define inflate_table         z_inflate_table
+#  ifndef Z_SOLO
+#    define uncompress            z_uncompress
+#    define uncompress2           z_uncompress2
+#  endif
+#  define zError                z_zError
+#  ifndef Z_SOLO
+#    define zcalloc               z_zcalloc
+#    define zcfree                z_zcfree
+#  endif
+#  define zlibCompileFlags      z_zlibCompileFlags
+#  define zlibVersion           z_zlibVersion
+
+/* all zlib typedefs in zlib.h and zconf.h */
+#  define Byte                  z_Byte
+#  define Bytef                 z_Bytef
+#  define alloc_func            z_alloc_func
+#  define charf                 z_charf
+#  define free_func             z_free_func
+#  ifndef Z_SOLO
+#    define gzFile                z_gzFile
+#  endif
+#  define gz_header             z_gz_header
+#  define gz_headerp            z_gz_headerp
+#  define in_func               z_in_func
+#  define intf                  z_intf
+#  define out_func              z_out_func
+#  define uInt                  z_uInt
+#  define uIntf                 z_uIntf
+#  define uLong                 z_uLong
+#  define uLongf                z_uLongf
+#  define voidp                 z_voidp
+#  define voidpc                z_voidpc
+#  define voidpf                z_voidpf
+
+/* all zlib structs in zlib.h and zconf.h */
+#  define gz_header_s           z_gz_header_s
+#  define internal_state        z_internal_state
+
+#endif
+
+#if defined(__MSDOS__) && !defined(MSDOS)
+#  define MSDOS
+#endif
+#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2)
+#  define OS2
+#endif
+#if defined(_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(_WIN32) || defined(_WIN32_WCE) || defined(__WIN32__)
+#  ifndef WIN32
+#    define WIN32
+#  endif
+#endif
+#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32)
+#  if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__)
+#    ifndef SYS16BIT
+#      define SYS16BIT
+#    endif
+#  endif
+#endif
+
+/*
+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
+ * than 64k bytes at a time (needed on systems with 16-bit int).
+ */
+#ifdef SYS16BIT
+#  define MAXSEG_64K
+#endif
+#ifdef MSDOS
+#  define UNALIGNED_OK
+#endif
+
+#ifdef __STDC_VERSION__
+#  ifndef STDC
+#    define STDC
+#  endif
+#  if __STDC_VERSION__ >= 199901L
+#    ifndef STDC99
+#      define STDC99
+#    endif
+#  endif
+#endif
+#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__))
+#  define STDC
+#endif
+
+#if defined(__OS400__) && !defined(STDC)    /* iSeries (formerly AS/400). */
+#  define STDC
+#endif
+
+#ifndef STDC
+#  ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
+#    define const       /* note: need a more gentle solution here */
+#  endif
+#endif
+
+#if defined(ZLIB_CONST) && !defined(z_const)
+#  define z_const const
+#else
+#  define z_const
+#endif
+
+#ifdef Z_SOLO
+#  ifdef _WIN64
+     typedef unsigned long long z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#else
+#  define z_longlong long long
+#  if defined(NO_SIZE_T)
+     typedef unsigned NO_SIZE_T z_size_t;
+#  elif defined(STDC)
+#    include <stddef.h>
+     typedef size_t z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#  undef z_longlong
+#endif
+
+/* Maximum value for memLevel in deflateInit2 */
+#ifndef MAX_MEM_LEVEL
+#  ifdef MAXSEG_64K
+#    define MAX_MEM_LEVEL 8
+#  else
+#    define MAX_MEM_LEVEL 9
+#  endif
+#endif
+
+/* Maximum value for windowBits in deflateInit2 and inflateInit2.
+ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
+ * created by gzip. (Files created by minigzip can still be extracted by
+ * gzip.)
+ */
+#ifndef MAX_WBITS
+#  define MAX_WBITS   15 /* 32K LZ77 window */
+#endif
+
+/* The memory requirements for deflate are (in bytes):
+            (1 << (windowBits+2)) +  (1 << (memLevel+9))
+ that is: 128K for windowBits=15  +  128K for memLevel = 8  (default values)
+ plus a few kilobytes for small objects. For example, if you want to reduce
+ the default memory requirements from 256K to 128K, compile with
+     make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
+ Of course this will generally degrade compression (there's no free lunch).
+
+   The memory requirements for inflate are (in bytes) 1 << windowBits
+ that is, 32K for windowBits=15 (default value) plus about 7 kilobytes
+ for small objects.
+*/
+
+                        /* Type declarations */
+
+#ifndef OF /* function prototypes */
+#  ifdef STDC
+#    define OF(args)  args
+#  else
+#    define OF(args)  ()
+#  endif
+#endif
+
+/* The following definitions for FAR are needed only for MSDOS mixed
+ * model programming (small or medium model with some far allocations).
+ * This was tested only with MSC; for other MSDOS compilers you may have
+ * to define NO_MEMCPY in zutil.h.  If you don't need the mixed model,
+ * just define FAR to be empty.
+ */
+#ifdef SYS16BIT
+#  if defined(M_I86SM) || defined(M_I86MM)
+     /* MSC small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef _MSC_VER
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#  if (defined(__SMALL__) || defined(__MEDIUM__))
+     /* Turbo C small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef __BORLANDC__
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#endif
+
+#if defined(WINDOWS) || defined(WIN32)
+   /* If building or using zlib as a DLL, define ZLIB_DLL.
+    * This is not mandatory, but it offers a little performance increase.
+    */
+#  ifdef ZLIB_DLL
+#    if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500))
+#      ifdef ZLIB_INTERNAL
+#        define ZEXTERN extern __declspec(dllexport)
+#      else
+#        define ZEXTERN extern __declspec(dllimport)
+#      endif
+#    endif
+#  endif  /* ZLIB_DLL */
+   /* If building or using zlib with the WINAPI/WINAPIV calling convention,
+    * define ZLIB_WINAPI.
+    * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI.
+    */
+#  ifdef ZLIB_WINAPI
+#    ifdef FAR
+#      undef FAR
+#    endif
+#    ifndef WIN32_LEAN_AND_MEAN
+#      define WIN32_LEAN_AND_MEAN
+#    endif
+#    include <windows.h>
+     /* No need for _export, use ZLIB.DEF instead. */
+     /* For complete Windows compatibility, use WINAPI, not __stdcall. */
+#    define ZEXPORT WINAPI
+#    ifdef WIN32
+#      define ZEXPORTVA WINAPIV
+#    else
+#      define ZEXPORTVA FAR CDECL
+#    endif
+#  endif
+#endif
+
+#if defined (__BEOS__)
+#  ifdef ZLIB_DLL
+#    ifdef ZLIB_INTERNAL
+#      define ZEXPORT   __declspec(dllexport)
+#      define ZEXPORTVA __declspec(dllexport)
+#    else
+#      define ZEXPORT   __declspec(dllimport)
+#      define ZEXPORTVA __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+#ifndef ZEXTERN
+#  define ZEXTERN extern
+#endif
+#ifndef ZEXPORT
+#  define ZEXPORT
+#endif
+#ifndef ZEXPORTVA
+#  define ZEXPORTVA
+#endif
+
+#ifndef FAR
+#  define FAR
+#endif
+
+#if !defined(__MACTYPES__)
+typedef unsigned char  Byte;  /* 8 bits */
+#endif
+typedef unsigned int   uInt;  /* 16 bits or more */
+typedef unsigned long  uLong; /* 32 bits or more */
+
+#ifdef SMALL_MEDIUM
+   /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
+#  define Bytef Byte FAR
+#else
+   typedef Byte  FAR Bytef;
+#endif
+typedef char  FAR charf;
+typedef int   FAR intf;
+typedef uInt  FAR uIntf;
+typedef uLong FAR uLongf;
+
+#ifdef STDC
+   typedef void const *voidpc;
+   typedef void FAR   *voidpf;
+   typedef void       *voidp;
+#else
+   typedef Byte const *voidpc;
+   typedef Byte FAR   *voidpf;
+   typedef Byte       *voidp;
+#endif
+
+#if !defined(Z_U4) && !defined(Z_SOLO) && defined(STDC)
+#  include <limits.h>
+#  if (UINT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned
+#  elif (ULONG_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned long
+#  elif (USHRT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned short
+#  endif
+#endif
+
+#ifdef Z_U4
+   typedef Z_U4 z_crc_t;
+#else
+   typedef unsigned long z_crc_t;
+#endif
+
+#ifdef HAVE_UNISTD_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_UNISTD_H
+#endif
+
+#ifdef HAVE_STDARG_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_STDARG_H
+#endif
+
+#ifdef STDC
+#  ifndef Z_SOLO
+#    include <sys/types.h>      /* for off_t */
+#  endif
+#endif
+
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifndef Z_SOLO
+#    include <stdarg.h>         /* for va_list */
+#  endif
+#endif
+
+#ifdef _WIN32
+#  ifndef Z_SOLO
+#    include <stddef.h>         /* for wchar_t */
+#  endif
+#endif
+
+/* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and
+ * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even
+ * though the former does not conform to the LFS document), but considering
+ * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as
+ * equivalently requesting no 64-bit operations
+ */
+#if defined(_LARGEFILE64_SOURCE) && -_LARGEFILE64_SOURCE - -1 == 1
+#  undef _LARGEFILE64_SOURCE
+#endif
+
+#ifndef Z_HAVE_UNISTD_H
+#  ifdef __WATCOMC__
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_HAVE_UNISTD_H
+#  if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32)
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_SOLO
+#  if defined(Z_HAVE_UNISTD_H)
+#    include <unistd.h>         /* for SEEK_*, off_t, and _LFS64_LARGEFILE */
+#    ifdef VMS
+#      include <unixio.h>       /* for off_t */
+#    endif
+#    ifndef z_off_t
+#      define z_off_t off_t
+#    endif
+#  endif
+#endif
+
+#if defined(_LFS64_LARGEFILE) && _LFS64_LARGEFILE-0
+#  define Z_LFS64
+#endif
+
+#if defined(_LARGEFILE64_SOURCE) && defined(Z_LFS64)
+#  define Z_LARGE64
+#endif
+
+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS-0 == 64 && defined(Z_LFS64)
+#  define Z_WANT64
+#endif
+
+#if !defined(SEEK_SET) && !defined(Z_SOLO)
+#  define SEEK_SET        0       /* Seek from beginning of file.  */
+#  define SEEK_CUR        1       /* Seek from current position.  */
+#  define SEEK_END        2       /* Set file pointer to EOF plus "offset" */
+#endif
+
+#ifndef z_off_t
+#  define z_off_t long
+#endif
+
+#if !defined(_WIN32) && defined(Z_LARGE64)
+#  define z_off64_t off64_t
+#else
+#  if defined(_WIN32) && !defined(__GNUC__)
+#    define z_off64_t __int64
+#  else
+#    define z_off64_t z_off_t
+#  endif
+#endif
+
+/* MVS linker does not support external names larger than 8 bytes */
+#if defined(__MVS__)
+  #pragma map(deflateInit_,"DEIN")
+  #pragma map(deflateInit2_,"DEIN2")
+  #pragma map(deflateEnd,"DEEND")
+  #pragma map(deflateBound,"DEBND")
+  #pragma map(inflateInit_,"ININ")
+  #pragma map(inflateInit2_,"ININ2")
+  #pragma map(inflateEnd,"INEND")
+  #pragma map(inflateSync,"INSY")
+  #pragma map(inflateSetDictionary,"INSEDI")
+  #pragma map(compressBound,"CMBND")
+  #pragma map(inflate_table,"INTABL")
+  #pragma map(inflate_fast,"INFA")
+  #pragma map(inflate_copyright,"INCOPY")
+#endif
+
+#endif /* ZCONF_H */
diff --git a/zlib-1.3.1/zconf.h.in b/zlib-1.3.1/zconf.h.in
new file mode 100644
index 00000000..62adc8d8
--- /dev/null
+++ b/zlib-1.3.1/zconf.h.in
@@ -0,0 +1,543 @@
+/* zconf.h -- configuration of the zlib compression library
+ * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZCONF_H
+#define ZCONF_H
+
+/*
+ * If you *really* need a unique prefix for all types and library functions,
+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
+ * Even better than compiling with -DZ_PREFIX would be to use configure to set
+ * this permanently in zconf.h using "./configure --zprefix".
+ */
+#ifdef Z_PREFIX     /* may be set to #if 1 by ./configure */
+#  define Z_PREFIX_SET
+
+/* all linked symbols and init macros */
+#  define _dist_code            z__dist_code
+#  define _length_code          z__length_code
+#  define _tr_align             z__tr_align
+#  define _tr_flush_bits        z__tr_flush_bits
+#  define _tr_flush_block       z__tr_flush_block
+#  define _tr_init              z__tr_init
+#  define _tr_stored_block      z__tr_stored_block
+#  define _tr_tally             z__tr_tally
+#  define adler32               z_adler32
+#  define adler32_combine       z_adler32_combine
+#  define adler32_combine64     z_adler32_combine64
+#  define adler32_z             z_adler32_z
+#  ifndef Z_SOLO
+#    define compress              z_compress
+#    define compress2             z_compress2
+#    define compressBound         z_compressBound
+#  endif
+#  define crc32                 z_crc32
+#  define crc32_combine         z_crc32_combine
+#  define crc32_combine64       z_crc32_combine64
+#  define crc32_combine_gen     z_crc32_combine_gen
+#  define crc32_combine_gen64   z_crc32_combine_gen64
+#  define crc32_combine_op      z_crc32_combine_op
+#  define crc32_z               z_crc32_z
+#  define deflate               z_deflate
+#  define deflateBound          z_deflateBound
+#  define deflateCopy           z_deflateCopy
+#  define deflateEnd            z_deflateEnd
+#  define deflateGetDictionary  z_deflateGetDictionary
+#  define deflateInit           z_deflateInit
+#  define deflateInit2          z_deflateInit2
+#  define deflateInit2_         z_deflateInit2_
+#  define deflateInit_          z_deflateInit_
+#  define deflateParams         z_deflateParams
+#  define deflatePending        z_deflatePending
+#  define deflatePrime          z_deflatePrime
+#  define deflateReset          z_deflateReset
+#  define deflateResetKeep      z_deflateResetKeep
+#  define deflateSetDictionary  z_deflateSetDictionary
+#  define deflateSetHeader      z_deflateSetHeader
+#  define deflateTune           z_deflateTune
+#  define deflate_copyright     z_deflate_copyright
+#  define get_crc_table         z_get_crc_table
+#  ifndef Z_SOLO
+#    define gz_error              z_gz_error
+#    define gz_intmax             z_gz_intmax
+#    define gz_strwinerror        z_gz_strwinerror
+#    define gzbuffer              z_gzbuffer
+#    define gzclearerr            z_gzclearerr
+#    define gzclose               z_gzclose
+#    define gzclose_r             z_gzclose_r
+#    define gzclose_w             z_gzclose_w
+#    define gzdirect              z_gzdirect
+#    define gzdopen               z_gzdopen
+#    define gzeof                 z_gzeof
+#    define gzerror               z_gzerror
+#    define gzflush               z_gzflush
+#    define gzfread               z_gzfread
+#    define gzfwrite              z_gzfwrite
+#    define gzgetc                z_gzgetc
+#    define gzgetc_               z_gzgetc_
+#    define gzgets                z_gzgets
+#    define gzoffset              z_gzoffset
+#    define gzoffset64            z_gzoffset64
+#    define gzopen                z_gzopen
+#    define gzopen64              z_gzopen64
+#    ifdef _WIN32
+#      define gzopen_w              z_gzopen_w
+#    endif
+#    define gzprintf              z_gzprintf
+#    define gzputc                z_gzputc
+#    define gzputs                z_gzputs
+#    define gzread                z_gzread
+#    define gzrewind              z_gzrewind
+#    define gzseek                z_gzseek
+#    define gzseek64              z_gzseek64
+#    define gzsetparams           z_gzsetparams
+#    define gztell                z_gztell
+#    define gztell64              z_gztell64
+#    define gzungetc              z_gzungetc
+#    define gzvprintf             z_gzvprintf
+#    define gzwrite               z_gzwrite
+#  endif
+#  define inflate               z_inflate
+#  define inflateBack           z_inflateBack
+#  define inflateBackEnd        z_inflateBackEnd
+#  define inflateBackInit       z_inflateBackInit
+#  define inflateBackInit_      z_inflateBackInit_
+#  define inflateCodesUsed      z_inflateCodesUsed
+#  define inflateCopy           z_inflateCopy
+#  define inflateEnd            z_inflateEnd
+#  define inflateGetDictionary  z_inflateGetDictionary
+#  define inflateGetHeader      z_inflateGetHeader
+#  define inflateInit           z_inflateInit
+#  define inflateInit2          z_inflateInit2
+#  define inflateInit2_         z_inflateInit2_
+#  define inflateInit_          z_inflateInit_
+#  define inflateMark           z_inflateMark
+#  define inflatePrime          z_inflatePrime
+#  define inflateReset          z_inflateReset
+#  define inflateReset2         z_inflateReset2
+#  define inflateResetKeep      z_inflateResetKeep
+#  define inflateSetDictionary  z_inflateSetDictionary
+#  define inflateSync           z_inflateSync
+#  define inflateSyncPoint      z_inflateSyncPoint
+#  define inflateUndermine      z_inflateUndermine
+#  define inflateValidate       z_inflateValidate
+#  define inflate_copyright     z_inflate_copyright
+#  define inflate_fast          z_inflate_fast
+#  define inflate_table         z_inflate_table
+#  ifndef Z_SOLO
+#    define uncompress            z_uncompress
+#    define uncompress2           z_uncompress2
+#  endif
+#  define zError                z_zError
+#  ifndef Z_SOLO
+#    define zcalloc               z_zcalloc
+#    define zcfree                z_zcfree
+#  endif
+#  define zlibCompileFlags      z_zlibCompileFlags
+#  define zlibVersion           z_zlibVersion
+
+/* all zlib typedefs in zlib.h and zconf.h */
+#  define Byte                  z_Byte
+#  define Bytef                 z_Bytef
+#  define alloc_func            z_alloc_func
+#  define charf                 z_charf
+#  define free_func             z_free_func
+#  ifndef Z_SOLO
+#    define gzFile                z_gzFile
+#  endif
+#  define gz_header             z_gz_header
+#  define gz_headerp            z_gz_headerp
+#  define in_func               z_in_func
+#  define intf                  z_intf
+#  define out_func              z_out_func
+#  define uInt                  z_uInt
+#  define uIntf                 z_uIntf
+#  define uLong                 z_uLong
+#  define uLongf                z_uLongf
+#  define voidp                 z_voidp
+#  define voidpc                z_voidpc
+#  define voidpf                z_voidpf
+
+/* all zlib structs in zlib.h and zconf.h */
+#  define gz_header_s           z_gz_header_s
+#  define internal_state        z_internal_state
+
+#endif
+
+#if defined(__MSDOS__) && !defined(MSDOS)
+#  define MSDOS
+#endif
+#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2)
+#  define OS2
+#endif
+#if defined(_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(_WIN32) || defined(_WIN32_WCE) || defined(__WIN32__)
+#  ifndef WIN32
+#    define WIN32
+#  endif
+#endif
+#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32)
+#  if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__)
+#    ifndef SYS16BIT
+#      define SYS16BIT
+#    endif
+#  endif
+#endif
+
+/*
+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
+ * than 64k bytes at a time (needed on systems with 16-bit int).
+ */
+#ifdef SYS16BIT
+#  define MAXSEG_64K
+#endif
+#ifdef MSDOS
+#  define UNALIGNED_OK
+#endif
+
+#ifdef __STDC_VERSION__
+#  ifndef STDC
+#    define STDC
+#  endif
+#  if __STDC_VERSION__ >= 199901L
+#    ifndef STDC99
+#      define STDC99
+#    endif
+#  endif
+#endif
+#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__))
+#  define STDC
+#endif
+
+#if defined(__OS400__) && !defined(STDC)    /* iSeries (formerly AS/400). */
+#  define STDC
+#endif
+
+#ifndef STDC
+#  ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
+#    define const       /* note: need a more gentle solution here */
+#  endif
+#endif
+
+#if defined(ZLIB_CONST) && !defined(z_const)
+#  define z_const const
+#else
+#  define z_const
+#endif
+
+#ifdef Z_SOLO
+#  ifdef _WIN64
+     typedef unsigned long long z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#else
+#  define z_longlong long long
+#  if defined(NO_SIZE_T)
+     typedef unsigned NO_SIZE_T z_size_t;
+#  elif defined(STDC)
+#    include <stddef.h>
+     typedef size_t z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#  undef z_longlong
+#endif
+
+/* Maximum value for memLevel in deflateInit2 */
+#ifndef MAX_MEM_LEVEL
+#  ifdef MAXSEG_64K
+#    define MAX_MEM_LEVEL 8
+#  else
+#    define MAX_MEM_LEVEL 9
+#  endif
+#endif
+
+/* Maximum value for windowBits in deflateInit2 and inflateInit2.
+ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
+ * created by gzip. (Files created by minigzip can still be extracted by
+ * gzip.)
+ */
+#ifndef MAX_WBITS
+#  define MAX_WBITS   15 /* 32K LZ77 window */
+#endif
+
+/* The memory requirements for deflate are (in bytes):
+            (1 << (windowBits+2)) +  (1 << (memLevel+9))
+ that is: 128K for windowBits=15  +  128K for memLevel = 8  (default values)
+ plus a few kilobytes for small objects. For example, if you want to reduce
+ the default memory requirements from 256K to 128K, compile with
+     make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
+ Of course this will generally degrade compression (there's no free lunch).
+
+   The memory requirements for inflate are (in bytes) 1 << windowBits
+ that is, 32K for windowBits=15 (default value) plus about 7 kilobytes
+ for small objects.
+*/
+
+                        /* Type declarations */
+
+#ifndef OF /* function prototypes */
+#  ifdef STDC
+#    define OF(args)  args
+#  else
+#    define OF(args)  ()
+#  endif
+#endif
+
+/* The following definitions for FAR are needed only for MSDOS mixed
+ * model programming (small or medium model with some far allocations).
+ * This was tested only with MSC; for other MSDOS compilers you may have
+ * to define NO_MEMCPY in zutil.h.  If you don't need the mixed model,
+ * just define FAR to be empty.
+ */
+#ifdef SYS16BIT
+#  if defined(M_I86SM) || defined(M_I86MM)
+     /* MSC small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef _MSC_VER
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#  if (defined(__SMALL__) || defined(__MEDIUM__))
+     /* Turbo C small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef __BORLANDC__
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#endif
+
+#if defined(WINDOWS) || defined(WIN32)
+   /* If building or using zlib as a DLL, define ZLIB_DLL.
+    * This is not mandatory, but it offers a little performance increase.
+    */
+#  ifdef ZLIB_DLL
+#    if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500))
+#      ifdef ZLIB_INTERNAL
+#        define ZEXTERN extern __declspec(dllexport)
+#      else
+#        define ZEXTERN extern __declspec(dllimport)
+#      endif
+#    endif
+#  endif  /* ZLIB_DLL */
+   /* If building or using zlib with the WINAPI/WINAPIV calling convention,
+    * define ZLIB_WINAPI.
+    * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI.
+    */
+#  ifdef ZLIB_WINAPI
+#    ifdef FAR
+#      undef FAR
+#    endif
+#    ifndef WIN32_LEAN_AND_MEAN
+#      define WIN32_LEAN_AND_MEAN
+#    endif
+#    include <windows.h>
+     /* No need for _export, use ZLIB.DEF instead. */
+     /* For complete Windows compatibility, use WINAPI, not __stdcall. */
+#    define ZEXPORT WINAPI
+#    ifdef WIN32
+#      define ZEXPORTVA WINAPIV
+#    else
+#      define ZEXPORTVA FAR CDECL
+#    endif
+#  endif
+#endif
+
+#if defined (__BEOS__)
+#  ifdef ZLIB_DLL
+#    ifdef ZLIB_INTERNAL
+#      define ZEXPORT   __declspec(dllexport)
+#      define ZEXPORTVA __declspec(dllexport)
+#    else
+#      define ZEXPORT   __declspec(dllimport)
+#      define ZEXPORTVA __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+#ifndef ZEXTERN
+#  define ZEXTERN extern
+#endif
+#ifndef ZEXPORT
+#  define ZEXPORT
+#endif
+#ifndef ZEXPORTVA
+#  define ZEXPORTVA
+#endif
+
+#ifndef FAR
+#  define FAR
+#endif
+
+#if !defined(__MACTYPES__)
+typedef unsigned char  Byte;  /* 8 bits */
+#endif
+typedef unsigned int   uInt;  /* 16 bits or more */
+typedef unsigned long  uLong; /* 32 bits or more */
+
+#ifdef SMALL_MEDIUM
+   /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
+#  define Bytef Byte FAR
+#else
+   typedef Byte  FAR Bytef;
+#endif
+typedef char  FAR charf;
+typedef int   FAR intf;
+typedef uInt  FAR uIntf;
+typedef uLong FAR uLongf;
+
+#ifdef STDC
+   typedef void const *voidpc;
+   typedef void FAR   *voidpf;
+   typedef void       *voidp;
+#else
+   typedef Byte const *voidpc;
+   typedef Byte FAR   *voidpf;
+   typedef Byte       *voidp;
+#endif
+
+#if !defined(Z_U4) && !defined(Z_SOLO) && defined(STDC)
+#  include <limits.h>
+#  if (UINT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned
+#  elif (ULONG_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned long
+#  elif (USHRT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned short
+#  endif
+#endif
+
+#ifdef Z_U4
+   typedef Z_U4 z_crc_t;
+#else
+   typedef unsigned long z_crc_t;
+#endif
+
+#ifdef HAVE_UNISTD_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_UNISTD_H
+#endif
+
+#ifdef HAVE_STDARG_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_STDARG_H
+#endif
+
+#ifdef STDC
+#  ifndef Z_SOLO
+#    include <sys/types.h>      /* for off_t */
+#  endif
+#endif
+
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifndef Z_SOLO
+#    include <stdarg.h>         /* for va_list */
+#  endif
+#endif
+
+#ifdef _WIN32
+#  ifndef Z_SOLO
+#    include <stddef.h>         /* for wchar_t */
+#  endif
+#endif
+
+/* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and
+ * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even
+ * though the former does not conform to the LFS document), but considering
+ * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as
+ * equivalently requesting no 64-bit operations
+ */
+#if defined(_LARGEFILE64_SOURCE) && -_LARGEFILE64_SOURCE - -1 == 1
+#  undef _LARGEFILE64_SOURCE
+#endif
+
+#ifndef Z_HAVE_UNISTD_H
+#  ifdef __WATCOMC__
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_HAVE_UNISTD_H
+#  if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32)
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_SOLO
+#  if defined(Z_HAVE_UNISTD_H)
+#    include <unistd.h>         /* for SEEK_*, off_t, and _LFS64_LARGEFILE */
+#    ifdef VMS
+#      include <unixio.h>       /* for off_t */
+#    endif
+#    ifndef z_off_t
+#      define z_off_t off_t
+#    endif
+#  endif
+#endif
+
+#if defined(_LFS64_LARGEFILE) && _LFS64_LARGEFILE-0
+#  define Z_LFS64
+#endif
+
+#if defined(_LARGEFILE64_SOURCE) && defined(Z_LFS64)
+#  define Z_LARGE64
+#endif
+
+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS-0 == 64 && defined(Z_LFS64)
+#  define Z_WANT64
+#endif
+
+#if !defined(SEEK_SET) && !defined(Z_SOLO)
+#  define SEEK_SET        0       /* Seek from beginning of file.  */
+#  define SEEK_CUR        1       /* Seek from current position.  */
+#  define SEEK_END        2       /* Set file pointer to EOF plus "offset" */
+#endif
+
+#ifndef z_off_t
+#  define z_off_t long
+#endif
+
+#if !defined(_WIN32) && defined(Z_LARGE64)
+#  define z_off64_t off64_t
+#else
+#  if defined(_WIN32) && !defined(__GNUC__)
+#    define z_off64_t __int64
+#  else
+#    define z_off64_t z_off_t
+#  endif
+#endif
+
+/* MVS linker does not support external names larger than 8 bytes */
+#if defined(__MVS__)
+  #pragma map(deflateInit_,"DEIN")
+  #pragma map(deflateInit2_,"DEIN2")
+  #pragma map(deflateEnd,"DEEND")
+  #pragma map(deflateBound,"DEBND")
+  #pragma map(inflateInit_,"ININ")
+  #pragma map(inflateInit2_,"ININ2")
+  #pragma map(inflateEnd,"INEND")
+  #pragma map(inflateSync,"INSY")
+  #pragma map(inflateSetDictionary,"INSEDI")
+  #pragma map(compressBound,"CMBND")
+  #pragma map(inflate_table,"INTABL")
+  #pragma map(inflate_fast,"INFA")
+  #pragma map(inflate_copyright,"INCOPY")
+#endif
+
+#endif /* ZCONF_H */
diff --git a/zlib-1.3.1/zlib.3 b/zlib-1.3.1/zlib.3
new file mode 100644
index 00000000..c716020e
--- /dev/null
+++ b/zlib-1.3.1/zlib.3
@@ -0,0 +1,149 @@
+.TH ZLIB 3 "22 Jan 2024"
+.SH NAME
+zlib \- compression/decompression library
+.SH SYNOPSIS
+[see
+.I zlib.h
+for full description]
+.SH DESCRIPTION
+The
+.I zlib
+library is a general purpose data compression library.
+The code is thread safe, assuming that the standard library functions
+used are thread safe, such as memory allocation routines.
+It provides in-memory compression and decompression functions,
+including integrity checks of the uncompressed data.
+This version of the library supports only one compression method (deflation)
+but other algorithms may be added later
+with the same stream interface.
+.LP
+Compression can be done in a single step if the buffers are large enough
+or can be done by repeated calls of the compression function.
+In the latter case,
+the application must provide more input and/or consume the output
+(providing more output space) before each call.
+.LP
+The library also supports reading and writing files in
+.IR gzip (1)
+(.gz) format
+with an interface similar to that of stdio.
+.LP
+The library does not install any signal handler.
+The decoder checks the consistency of the compressed data,
+so the library should never crash even in the case of corrupted input.
+.LP
+All functions of the compression library are documented in the file
+.IR zlib.h .
+The distribution source includes examples of use of the library
+in the files
+.I test/example.c
+and
+.IR test/minigzip.c,
+as well as other examples in the
+.IR examples/
+directory.
+.LP
+Changes to this version are documented in the file
+.I ChangeLog
+that accompanies the source.
+.LP
+.I zlib
+is built in to many languages and operating systems, including but not limited to
+Java, Python, .NET, PHP, Perl, Ruby, Swift, and Go.
+.LP
+An experimental package to read and write files in the .zip format,
+written on top of
+.I zlib
+by Gilles Vollant (info@winimage.com),
+is available at:
+.IP
+http://www.winimage.com/zLibDll/minizip.html
+and also in the
+.I contrib/minizip
+directory of the main
+.I zlib
+source distribution.
+.SH "SEE ALSO"
+The
+.I zlib
+web site can be found at:
+.IP
+http://zlib.net/
+.LP
+The data format used by the
+.I zlib
+library is described by RFC
+(Request for Comments) 1950 to 1952 in the files:
+.IP
+http://tools.ietf.org/html/rfc1950 (for the zlib header and trailer format)
+.br
+http://tools.ietf.org/html/rfc1951 (for the deflate compressed data format)
+.br
+http://tools.ietf.org/html/rfc1952 (for the gzip header and trailer format)
+.LP
+Mark Nelson wrote an article about
+.I zlib
+for the Jan. 1997 issue of  Dr. Dobb's Journal;
+a copy of the article is available at:
+.IP
+http://marknelson.us/1997/01/01/zlib-engine/
+.SH "REPORTING PROBLEMS"
+Before reporting a problem,
+please check the
+.I zlib
+web site to verify that you have the latest version of
+.IR zlib ;
+otherwise,
+obtain the latest version and see if the problem still exists.
+Please read the
+.I zlib
+FAQ at:
+.IP
+http://zlib.net/zlib_faq.html
+.LP
+before asking for help.
+Send questions and/or comments to zlib@gzip.org,
+or (for the Windows DLL version) to Gilles Vollant (info@winimage.com).
+.SH AUTHORS AND LICENSE
+Version 1.3.1
+.LP
+Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
+.LP
+This software is provided 'as-is', without any express or implied
+warranty.  In no event will the authors be held liable for any damages
+arising from the use of this software.
+.LP
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+.LP
+.nr step 1 1
+.IP \n[step]. 3
+The origin of this software must not be misrepresented; you must not
+claim that you wrote the original software. If you use this software
+in a product, an acknowledgment in the product documentation would be
+appreciated but is not required.
+.IP \n+[step].
+Altered source versions must be plainly marked as such, and must not be
+misrepresented as being the original software.
+.IP \n+[step].
+This notice may not be removed or altered from any source distribution.
+.LP
+Jean-loup Gailly        Mark Adler
+.br
+jloup@gzip.org          madler@alumni.caltech.edu
+.LP
+The deflate format used by
+.I zlib
+was defined by Phil Katz.
+The deflate and
+.I zlib
+specifications were written by L. Peter Deutsch.
+Thanks to all the people who reported problems and suggested various
+improvements in
+.IR zlib ;
+who are too numerous to cite here.
+.LP
+UNIX manual page by R. P. C. Rodgers,
+U.S. National Library of Medicine (rodgers@nlm.nih.gov).
+.\" end of man page
diff --git a/zlib-1.3.1/zlib.3.pdf b/zlib-1.3.1/zlib.3.pdf
new file mode 100644
index 00000000..b224532b
Binary files /dev/null and b/zlib-1.3.1/zlib.3.pdf differ
diff --git a/zlib-1.3.1/zlib.h b/zlib-1.3.1/zlib.h
new file mode 100644
index 00000000..8d4b932e
--- /dev/null
+++ b/zlib-1.3.1/zlib.h
@@ -0,0 +1,1938 @@
+/* zlib.h -- interface of the 'zlib' general purpose compression library
+  version 1.3.1, January 22nd, 2024
+
+  Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+
+  The data format used by the zlib library is described by RFCs (Request for
+  Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950
+  (zlib format), rfc1951 (deflate format) and rfc1952 (gzip format).
+*/
+
+#ifndef ZLIB_H
+#define ZLIB_H
+
+#include "zconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ZLIB_VERSION "1.3.1"
+#define ZLIB_VERNUM 0x1310
+#define ZLIB_VER_MAJOR 1
+#define ZLIB_VER_MINOR 3
+#define ZLIB_VER_REVISION 1
+#define ZLIB_VER_SUBREVISION 0
+
+/*
+    The 'zlib' compression library provides in-memory compression and
+  decompression functions, including integrity checks of the uncompressed data.
+  This version of the library supports only one compression method (deflation)
+  but other algorithms will be added later and will have the same stream
+  interface.
+
+    Compression can be done in a single step if the buffers are large enough,
+  or can be done by repeated calls of the compression function.  In the latter
+  case, the application must provide more input and/or consume the output
+  (providing more output space) before each call.
+
+    The compressed data format used by default by the in-memory functions is
+  the zlib format, which is a zlib wrapper documented in RFC 1950, wrapped
+  around a deflate stream, which is itself documented in RFC 1951.
+
+    The library also supports reading and writing files in gzip (.gz) format
+  with an interface similar to that of stdio using the functions that start
+  with "gz".  The gzip format is different from the zlib format.  gzip is a
+  gzip wrapper, documented in RFC 1952, wrapped around a deflate stream.
+
+    This library can optionally read and write gzip and raw deflate streams in
+  memory as well.
+
+    The zlib format was designed to be compact and fast for use in memory
+  and on communications channels.  The gzip format was designed for single-
+  file compression on file systems, has a larger header than zlib to maintain
+  directory information, and uses a different, slower check method than zlib.
+
+    The library does not install any signal handler.  The decoder checks
+  the consistency of the compressed data, so the library should never crash
+  even in the case of corrupted input.
+*/
+
+typedef voidpf (*alloc_func)(voidpf opaque, uInt items, uInt size);
+typedef void   (*free_func)(voidpf opaque, voidpf address);
+
+struct internal_state;
+
+typedef struct z_stream_s {
+    z_const Bytef *next_in;     /* next input byte */
+    uInt     avail_in;  /* number of bytes available at next_in */
+    uLong    total_in;  /* total number of input bytes read so far */
+
+    Bytef    *next_out; /* next output byte will go here */
+    uInt     avail_out; /* remaining free space at next_out */
+    uLong    total_out; /* total number of bytes output so far */
+
+    z_const char *msg;  /* last error message, NULL if no error */
+    struct internal_state FAR *state; /* not visible by applications */
+
+    alloc_func zalloc;  /* used to allocate the internal state */
+    free_func  zfree;   /* used to free the internal state */
+    voidpf     opaque;  /* private data object passed to zalloc and zfree */
+
+    int     data_type;  /* best guess about the data type: binary or text
+                           for deflate, or the decoding state for inflate */
+    uLong   adler;      /* Adler-32 or CRC-32 value of the uncompressed data */
+    uLong   reserved;   /* reserved for future use */
+} z_stream;
+
+typedef z_stream FAR *z_streamp;
+
+/*
+     gzip header information passed to and from zlib routines.  See RFC 1952
+  for more details on the meanings of these fields.
+*/
+typedef struct gz_header_s {
+    int     text;       /* true if compressed data believed to be text */
+    uLong   time;       /* modification time */
+    int     xflags;     /* extra flags (not used when writing a gzip file) */
+    int     os;         /* operating system */
+    Bytef   *extra;     /* pointer to extra field or Z_NULL if none */
+    uInt    extra_len;  /* extra field length (valid if extra != Z_NULL) */
+    uInt    extra_max;  /* space at extra (only when reading header) */
+    Bytef   *name;      /* pointer to zero-terminated file name or Z_NULL */
+    uInt    name_max;   /* space at name (only when reading header) */
+    Bytef   *comment;   /* pointer to zero-terminated comment or Z_NULL */
+    uInt    comm_max;   /* space at comment (only when reading header) */
+    int     hcrc;       /* true if there was or will be a header crc */
+    int     done;       /* true when done reading gzip header (not used
+                           when writing a gzip file) */
+} gz_header;
+
+typedef gz_header FAR *gz_headerp;
+
+/*
+     The application must update next_in and avail_in when avail_in has dropped
+   to zero.  It must update next_out and avail_out when avail_out has dropped
+   to zero.  The application must initialize zalloc, zfree and opaque before
+   calling the init function.  All other fields are set by the compression
+   library and must not be updated by the application.
+
+     The opaque value provided by the application will be passed as the first
+   parameter for calls of zalloc and zfree.  This can be useful for custom
+   memory management.  The compression library attaches no meaning to the
+   opaque value.
+
+     zalloc must return Z_NULL if there is not enough memory for the object.
+   If zlib is used in a multi-threaded application, zalloc and zfree must be
+   thread safe.  In that case, zlib is thread-safe.  When zalloc and zfree are
+   Z_NULL on entry to the initialization function, they are set to internal
+   routines that use the standard library functions malloc() and free().
+
+     On 16-bit systems, the functions zalloc and zfree must be able to allocate
+   exactly 65536 bytes, but will not be required to allocate more than this if
+   the symbol MAXSEG_64K is defined (see zconf.h).  WARNING: On MSDOS, pointers
+   returned by zalloc for objects of exactly 65536 bytes *must* have their
+   offset normalized to zero.  The default allocation function provided by this
+   library ensures this (see zutil.c).  To reduce memory requirements and avoid
+   any allocation of 64K objects, at the expense of compression ratio, compile
+   the library with -DMAX_WBITS=14 (see zconf.h).
+
+     The fields total_in and total_out can be used for statistics or progress
+   reports.  After compression, total_in holds the total size of the
+   uncompressed data and may be saved for use by the decompressor (particularly
+   if the decompressor wants to decompress everything in a single step).
+*/
+
+                        /* constants */
+
+#define Z_NO_FLUSH      0
+#define Z_PARTIAL_FLUSH 1
+#define Z_SYNC_FLUSH    2
+#define Z_FULL_FLUSH    3
+#define Z_FINISH        4
+#define Z_BLOCK         5
+#define Z_TREES         6
+/* Allowed flush values; see deflate() and inflate() below for details */
+
+#define Z_OK            0
+#define Z_STREAM_END    1
+#define Z_NEED_DICT     2
+#define Z_ERRNO        (-1)
+#define Z_STREAM_ERROR (-2)
+#define Z_DATA_ERROR   (-3)
+#define Z_MEM_ERROR    (-4)
+#define Z_BUF_ERROR    (-5)
+#define Z_VERSION_ERROR (-6)
+/* Return codes for the compression/decompression functions. Negative values
+ * are errors, positive values are used for special but normal events.
+ */
+
+#define Z_NO_COMPRESSION         0
+#define Z_BEST_SPEED             1
+#define Z_BEST_COMPRESSION       9
+#define Z_DEFAULT_COMPRESSION  (-1)
+/* compression levels */
+
+#define Z_FILTERED            1
+#define Z_HUFFMAN_ONLY        2
+#define Z_RLE                 3
+#define Z_FIXED               4
+#define Z_DEFAULT_STRATEGY    0
+/* compression strategy; see deflateInit2() below for details */
+
+#define Z_BINARY   0
+#define Z_TEXT     1
+#define Z_ASCII    Z_TEXT   /* for compatibility with 1.2.2 and earlier */
+#define Z_UNKNOWN  2
+/* Possible values of the data_type field for deflate() */
+
+#define Z_DEFLATED   8
+/* The deflate compression method (the only one supported in this version) */
+
+#define Z_NULL  0  /* for initializing zalloc, zfree, opaque */
+
+#define zlib_version zlibVersion()
+/* for compatibility with versions < 1.0.2 */
+
+
+                        /* basic functions */
+
+ZEXTERN const char * ZEXPORT zlibVersion(void);
+/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
+   If the first character differs, the library code actually used is not
+   compatible with the zlib.h header file used by the application.  This check
+   is automatically made by deflateInit and inflateInit.
+ */
+
+/*
+ZEXTERN int ZEXPORT deflateInit(z_streamp strm, int level);
+
+     Initializes the internal stream state for compression.  The fields
+   zalloc, zfree and opaque must be initialized before by the caller.  If
+   zalloc and zfree are set to Z_NULL, deflateInit updates them to use default
+   allocation functions.  total_in, total_out, adler, and msg are initialized.
+
+     The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
+   1 gives best speed, 9 gives best compression, 0 gives no compression at all
+   (the input data is simply copied a block at a time).  Z_DEFAULT_COMPRESSION
+   requests a default compromise between speed and compression (currently
+   equivalent to level 6).
+
+     deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_STREAM_ERROR if level is not a valid compression level, or
+   Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
+   with the version assumed by the caller (ZLIB_VERSION).  msg is set to null
+   if there is no error message.  deflateInit does not perform any compression:
+   this will be done by deflate().
+*/
+
+
+ZEXTERN int ZEXPORT deflate(z_streamp strm, int flush);
+/*
+    deflate compresses as much data as possible, and stops when the input
+  buffer becomes empty or the output buffer becomes full.  It may introduce
+  some output latency (reading input without producing any output) except when
+  forced to flush.
+
+    The detailed semantics are as follows.  deflate performs one or both of the
+  following actions:
+
+  - Compress more input starting at next_in and update next_in and avail_in
+    accordingly.  If not all input can be processed (because there is not
+    enough room in the output buffer), next_in and avail_in are updated and
+    processing will resume at this point for the next call of deflate().
+
+  - Generate more output starting at next_out and update next_out and avail_out
+    accordingly.  This action is forced if the parameter flush is non zero.
+    Forcing flush frequently degrades the compression ratio, so this parameter
+    should be set only when necessary.  Some output may be provided even if
+    flush is zero.
+
+    Before the call of deflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming more
+  output, and updating avail_in or avail_out accordingly; avail_out should
+  never be zero before the call.  The application can consume the compressed
+  output when it wants, for example when the output buffer is full (avail_out
+  == 0), or after each call of deflate().  If deflate returns Z_OK and with
+  zero avail_out, it must be called again after making room in the output
+  buffer because there might be more output pending. See deflatePending(),
+  which can be used if desired to determine whether or not there is more output
+  in that case.
+
+    Normally the parameter flush is set to Z_NO_FLUSH, which allows deflate to
+  decide how much data to accumulate before producing output, in order to
+  maximize compression.
+
+    If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
+  flushed to the output buffer and the output is aligned on a byte boundary, so
+  that the decompressor can get all input data available so far.  (In
+  particular avail_in is zero after the call if enough output space has been
+  provided before the call.) Flushing may degrade compression for some
+  compression algorithms and so it should be used only when necessary.  This
+  completes the current deflate block and follows it with an empty stored block
+  that is three bits plus filler bits to the next byte, followed by four bytes
+  (00 00 ff ff).
+
+    If flush is set to Z_PARTIAL_FLUSH, all pending output is flushed to the
+  output buffer, but the output is not aligned to a byte boundary.  All of the
+  input data so far will be available to the decompressor, as for Z_SYNC_FLUSH.
+  This completes the current deflate block and follows it with an empty fixed
+  codes block that is 10 bits long.  This assures that enough bytes are output
+  in order for the decompressor to finish the block before the empty fixed
+  codes block.
+
+    If flush is set to Z_BLOCK, a deflate block is completed and emitted, as
+  for Z_SYNC_FLUSH, but the output is not aligned on a byte boundary, and up to
+  seven bits of the current block are held to be written as the next byte after
+  the next deflate block is completed.  In this case, the decompressor may not
+  be provided enough bits at this point in order to complete decompression of
+  the data provided so far to the compressor.  It may need to wait for the next
+  block to be emitted.  This is for advanced applications that need to control
+  the emission of deflate blocks.
+
+    If flush is set to Z_FULL_FLUSH, all output is flushed as with
+  Z_SYNC_FLUSH, and the compression state is reset so that decompression can
+  restart from this point if previous compressed data has been damaged or if
+  random access is desired.  Using Z_FULL_FLUSH too often can seriously degrade
+  compression.
+
+    If deflate returns with avail_out == 0, this function must be called again
+  with the same value of the flush parameter and more output space (updated
+  avail_out), until the flush is complete (deflate returns with non-zero
+  avail_out).  In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that
+  avail_out is greater than six when the flush marker begins, in order to avoid
+  repeated flush markers upon calling deflate() again when avail_out == 0.
+
+    If the parameter flush is set to Z_FINISH, pending input is processed,
+  pending output is flushed and deflate returns with Z_STREAM_END if there was
+  enough output space.  If deflate returns with Z_OK or Z_BUF_ERROR, this
+  function must be called again with Z_FINISH and more output space (updated
+  avail_out) but no more input data, until it returns with Z_STREAM_END or an
+  error.  After deflate has returned Z_STREAM_END, the only possible operations
+  on the stream are deflateReset or deflateEnd.
+
+    Z_FINISH can be used in the first deflate call after deflateInit if all the
+  compression is to be done in a single step.  In order to complete in one
+  call, avail_out must be at least the value returned by deflateBound (see
+  below).  Then deflate is guaranteed to return Z_STREAM_END.  If not enough
+  output space is provided, deflate will not return Z_STREAM_END, and it must
+  be called again as described above.
+
+    deflate() sets strm->adler to the Adler-32 checksum of all input read
+  so far (that is, total_in bytes).  If a gzip stream is being generated, then
+  strm->adler will be the CRC-32 checksum of the input read so far.  (See
+  deflateInit2 below.)
+
+    deflate() may update strm->data_type if it can make a good guess about
+  the input data type (Z_BINARY or Z_TEXT).  If in doubt, the data is
+  considered binary.  This field is only for information purposes and does not
+  affect the compression algorithm in any manner.
+
+    deflate() returns Z_OK if some progress has been made (more input
+  processed or more output produced), Z_STREAM_END if all input has been
+  consumed and all output has been produced (only when flush is set to
+  Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
+  if next_in or next_out was Z_NULL or the state was inadvertently written over
+  by the application), or Z_BUF_ERROR if no progress is possible (for example
+  avail_in or avail_out was zero).  Note that Z_BUF_ERROR is not fatal, and
+  deflate() can be called again with more input and more output space to
+  continue compressing.
+*/
+
+
+ZEXTERN int ZEXPORT deflateEnd(z_streamp strm);
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any pending
+   output.
+
+     deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
+   stream state was inconsistent, Z_DATA_ERROR if the stream was freed
+   prematurely (some input or output was discarded).  In the error case, msg
+   may be set but then points to a static string (which must not be
+   deallocated).
+*/
+
+
+/*
+ZEXTERN int ZEXPORT inflateInit(z_streamp strm);
+
+     Initializes the internal stream state for decompression.  The fields
+   next_in, avail_in, zalloc, zfree and opaque must be initialized before by
+   the caller.  In the current version of inflate, the provided input is not
+   read or consumed.  The allocation of a sliding window will be deferred to
+   the first call of inflate (if the decompression does not complete on the
+   first call).  If zalloc and zfree are set to Z_NULL, inflateInit updates
+   them to use default allocation functions.  total_in, total_out, adler, and
+   msg are initialized.
+
+     inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
+   version assumed by the caller, or Z_STREAM_ERROR if the parameters are
+   invalid, such as a null pointer to the structure.  msg is set to null if
+   there is no error message.  inflateInit does not perform any decompression.
+   Actual decompression will be done by inflate().  So next_in, and avail_in,
+   next_out, and avail_out are unused and unchanged.  The current
+   implementation of inflateInit() does not process any header information --
+   that is deferred until inflate() is called.
+*/
+
+
+ZEXTERN int ZEXPORT inflate(z_streamp strm, int flush);
+/*
+    inflate decompresses as much data as possible, and stops when the input
+  buffer becomes empty or the output buffer becomes full.  It may introduce
+  some output latency (reading input without producing any output) except when
+  forced to flush.
+
+  The detailed semantics are as follows.  inflate performs one or both of the
+  following actions:
+
+  - Decompress more input starting at next_in and update next_in and avail_in
+    accordingly.  If not all input can be processed (because there is not
+    enough room in the output buffer), then next_in and avail_in are updated
+    accordingly, and processing will resume at this point for the next call of
+    inflate().
+
+  - Generate more output starting at next_out and update next_out and avail_out
+    accordingly.  inflate() provides as much output as possible, until there is
+    no more input data or no more space in the output buffer (see below about
+    the flush parameter).
+
+    Before the call of inflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming more
+  output, and updating the next_* and avail_* values accordingly.  If the
+  caller of inflate() does not provide both available input and available
+  output space, it is possible that there will be no progress made.  The
+  application can consume the uncompressed output when it wants, for example
+  when the output buffer is full (avail_out == 0), or after each call of
+  inflate().  If inflate returns Z_OK and with zero avail_out, it must be
+  called again after making room in the output buffer because there might be
+  more output pending.
+
+    The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, Z_FINISH,
+  Z_BLOCK, or Z_TREES.  Z_SYNC_FLUSH requests that inflate() flush as much
+  output as possible to the output buffer.  Z_BLOCK requests that inflate()
+  stop if and when it gets to the next deflate block boundary.  When decoding
+  the zlib or gzip format, this will cause inflate() to return immediately
+  after the header and before the first block.  When doing a raw inflate,
+  inflate() will go ahead and process the first block, and will return when it
+  gets to the end of that block, or when it runs out of data.
+
+    The Z_BLOCK option assists in appending to or combining deflate streams.
+  To assist in this, on return inflate() always sets strm->data_type to the
+  number of unused bits in the last byte taken from strm->next_in, plus 64 if
+  inflate() is currently decoding the last block in the deflate stream, plus
+  128 if inflate() returned immediately after decoding an end-of-block code or
+  decoding the complete header up to just before the first byte of the deflate
+  stream.  The end-of-block will not be indicated until all of the uncompressed
+  data from that block has been written to strm->next_out.  The number of
+  unused bits may in general be greater than seven, except when bit 7 of
+  data_type is set, in which case the number of unused bits will be less than
+  eight.  data_type is set as noted here every time inflate() returns for all
+  flush options, and so can be used to determine the amount of currently
+  consumed input in bits.
+
+    The Z_TREES option behaves as Z_BLOCK does, but it also returns when the
+  end of each deflate block header is reached, before any actual data in that
+  block is decoded.  This allows the caller to determine the length of the
+  deflate block header for later use in random access within a deflate block.
+  256 is added to the value of strm->data_type when inflate() returns
+  immediately after reaching the end of the deflate block header.
+
+    inflate() should normally be called until it returns Z_STREAM_END or an
+  error.  However if all decompression is to be performed in a single step (a
+  single call of inflate), the parameter flush should be set to Z_FINISH.  In
+  this case all pending input is processed and all pending output is flushed;
+  avail_out must be large enough to hold all of the uncompressed data for the
+  operation to complete.  (The size of the uncompressed data may have been
+  saved by the compressor for this purpose.)  The use of Z_FINISH is not
+  required to perform an inflation in one step.  However it may be used to
+  inform inflate that a faster approach can be used for the single inflate()
+  call.  Z_FINISH also informs inflate to not maintain a sliding window if the
+  stream completes, which reduces inflate's memory footprint.  If the stream
+  does not complete, either because not all of the stream is provided or not
+  enough output space is provided, then a sliding window will be allocated and
+  inflate() can be called again to continue the operation as if Z_NO_FLUSH had
+  been used.
+
+     In this implementation, inflate() always flushes as much output as
+  possible to the output buffer, and always uses the faster approach on the
+  first call.  So the effects of the flush parameter in this implementation are
+  on the return value of inflate() as noted below, when inflate() returns early
+  when Z_BLOCK or Z_TREES is used, and when inflate() avoids the allocation of
+  memory for a sliding window when Z_FINISH is used.
+
+     If a preset dictionary is needed after this call (see inflateSetDictionary
+  below), inflate sets strm->adler to the Adler-32 checksum of the dictionary
+  chosen by the compressor and returns Z_NEED_DICT; otherwise it sets
+  strm->adler to the Adler-32 checksum of all output produced so far (that is,
+  total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described
+  below.  At the end of the stream, inflate() checks that its computed Adler-32
+  checksum is equal to that saved by the compressor and returns Z_STREAM_END
+  only if the checksum is correct.
+
+    inflate() can decompress and check either zlib-wrapped or gzip-wrapped
+  deflate data.  The header type is detected automatically, if requested when
+  initializing with inflateInit2().  Any information contained in the gzip
+  header is not retained unless inflateGetHeader() is used.  When processing
+  gzip-wrapped deflate data, strm->adler32 is set to the CRC-32 of the output
+  produced so far.  The CRC-32 is checked against the gzip trailer, as is the
+  uncompressed length, modulo 2^32.
+
+    inflate() returns Z_OK if some progress has been made (more input processed
+  or more output produced), Z_STREAM_END if the end of the compressed data has
+  been reached and all uncompressed output has been produced, Z_NEED_DICT if a
+  preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
+  corrupted (input stream not conforming to the zlib format or incorrect check
+  value, in which case strm->msg points to a string with a more specific
+  error), Z_STREAM_ERROR if the stream structure was inconsistent (for example
+  next_in or next_out was Z_NULL, or the state was inadvertently written over
+  by the application), Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR
+  if no progress was possible or if there was not enough room in the output
+  buffer when Z_FINISH is used.  Note that Z_BUF_ERROR is not fatal, and
+  inflate() can be called again with more input and more output space to
+  continue decompressing.  If Z_DATA_ERROR is returned, the application may
+  then call inflateSync() to look for a good compression block if a partial
+  recovery of the data is to be attempted.
+*/
+
+
+ZEXTERN int ZEXPORT inflateEnd(z_streamp strm);
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any pending
+   output.
+
+     inflateEnd returns Z_OK if success, or Z_STREAM_ERROR if the stream state
+   was inconsistent.
+*/
+
+
+                        /* Advanced functions */
+
+/*
+    The following functions are needed only in some special applications.
+*/
+
+/*
+ZEXTERN int ZEXPORT deflateInit2(z_streamp strm,
+                                 int level,
+                                 int method,
+                                 int windowBits,
+                                 int memLevel,
+                                 int strategy);
+
+     This is another version of deflateInit with more compression options.  The
+   fields zalloc, zfree and opaque must be initialized before by the caller.
+
+     The method parameter is the compression method.  It must be Z_DEFLATED in
+   this version of the library.
+
+     The windowBits parameter is the base two logarithm of the window size
+   (the size of the history buffer).  It should be in the range 8..15 for this
+   version of the library.  Larger values of this parameter result in better
+   compression at the expense of memory usage.  The default value is 15 if
+   deflateInit is used instead.
+
+     For the current implementation of deflate(), a windowBits value of 8 (a
+   window size of 256 bytes) is not supported.  As a result, a request for 8
+   will result in 9 (a 512-byte window).  In that case, providing 8 to
+   inflateInit2() will result in an error when the zlib header with 9 is
+   checked against the initialization of inflate().  The remedy is to not use 8
+   with deflateInit2() with this initialization, or at least in that case use 9
+   with inflateInit2().
+
+     windowBits can also be -8..-15 for raw deflate.  In this case, -windowBits
+   determines the window size.  deflate() will then generate raw deflate data
+   with no zlib header or trailer, and will not compute a check value.
+
+     windowBits can also be greater than 15 for optional gzip encoding.  Add
+   16 to windowBits to write a simple gzip header and trailer around the
+   compressed data instead of a zlib wrapper.  The gzip header will have no
+   file name, no extra data, no comment, no modification time (set to zero), no
+   header crc, and the operating system will be set to the appropriate value,
+   if the operating system was determined at compile time.  If a gzip stream is
+   being written, strm->adler is a CRC-32 instead of an Adler-32.
+
+     For raw deflate or gzip encoding, a request for a 256-byte window is
+   rejected as invalid, since only the zlib header provides a means of
+   transmitting the window size to the decompressor.
+
+     The memLevel parameter specifies how much memory should be allocated
+   for the internal compression state.  memLevel=1 uses minimum memory but is
+   slow and reduces compression ratio; memLevel=9 uses maximum memory for
+   optimal speed.  The default value is 8.  See zconf.h for total memory usage
+   as a function of windowBits and memLevel.
+
+     The strategy parameter is used to tune the compression algorithm.  Use the
+   value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
+   filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no
+   string match), or Z_RLE to limit match distances to one (run-length
+   encoding).  Filtered data consists mostly of small values with a somewhat
+   random distribution.  In this case, the compression algorithm is tuned to
+   compress them better.  The effect of Z_FILTERED is to force more Huffman
+   coding and less string matching; it is somewhat intermediate between
+   Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY.  Z_RLE is designed to be almost as
+   fast as Z_HUFFMAN_ONLY, but give better compression for PNG image data.  The
+   strategy parameter only affects the compression ratio but not the
+   correctness of the compressed output even if it is not set appropriately.
+   Z_FIXED prevents the use of dynamic Huffman codes, allowing for a simpler
+   decoder for special applications.
+
+     deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_STREAM_ERROR if any parameter is invalid (such as an invalid
+   method), or Z_VERSION_ERROR if the zlib library version (zlib_version) is
+   incompatible with the version assumed by the caller (ZLIB_VERSION).  msg is
+   set to null if there is no error message.  deflateInit2 does not perform any
+   compression: this will be done by deflate().
+*/
+
+ZEXTERN int ZEXPORT deflateSetDictionary(z_streamp strm,
+                                         const Bytef *dictionary,
+                                         uInt  dictLength);
+/*
+     Initializes the compression dictionary from the given byte sequence
+   without producing any compressed output.  When using the zlib format, this
+   function must be called immediately after deflateInit, deflateInit2 or
+   deflateReset, and before any call of deflate.  When doing raw deflate, this
+   function must be called either before any call of deflate, or immediately
+   after the completion of a deflate block, i.e. after all input has been
+   consumed and all output has been delivered when using any of the flush
+   options Z_BLOCK, Z_PARTIAL_FLUSH, Z_SYNC_FLUSH, or Z_FULL_FLUSH.  The
+   compressor and decompressor must use exactly the same dictionary (see
+   inflateSetDictionary).
+
+     The dictionary should consist of strings (byte sequences) that are likely
+   to be encountered later in the data to be compressed, with the most commonly
+   used strings preferably put towards the end of the dictionary.  Using a
+   dictionary is most useful when the data to be compressed is short and can be
+   predicted with good accuracy; the data can then be compressed better than
+   with the default empty dictionary.
+
+     Depending on the size of the compression data structures selected by
+   deflateInit or deflateInit2, a part of the dictionary may in effect be
+   discarded, for example if the dictionary is larger than the window size
+   provided in deflateInit or deflateInit2.  Thus the strings most likely to be
+   useful should be put at the end of the dictionary, not at the front.  In
+   addition, the current implementation of deflate will use at most the window
+   size minus 262 bytes of the provided dictionary.
+
+     Upon return of this function, strm->adler is set to the Adler-32 value
+   of the dictionary; the decompressor may later use this value to determine
+   which dictionary has been used by the compressor.  (The Adler-32 value
+   applies to the whole dictionary even if only a subset of the dictionary is
+   actually used by the compressor.) If a raw deflate was requested, then the
+   Adler-32 value is not computed and strm->adler is not set.
+
+     deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
+   parameter is invalid (e.g.  dictionary being Z_NULL) or the stream state is
+   inconsistent (for example if deflate has already been called for this stream
+   or if not at a block boundary for raw deflate).  deflateSetDictionary does
+   not perform any compression: this will be done by deflate().
+*/
+
+ZEXTERN int ZEXPORT deflateGetDictionary(z_streamp strm,
+                                         Bytef *dictionary,
+                                         uInt  *dictLength);
+/*
+     Returns the sliding dictionary being maintained by deflate.  dictLength is
+   set to the number of bytes in the dictionary, and that many bytes are copied
+   to dictionary.  dictionary must have enough space, where 32768 bytes is
+   always enough.  If deflateGetDictionary() is called with dictionary equal to
+   Z_NULL, then only the dictionary length is returned, and nothing is copied.
+   Similarly, if dictLength is Z_NULL, then it is not set.
+
+     deflateGetDictionary() may return a length less than the window size, even
+   when more than the window size in input has been provided. It may return up
+   to 258 bytes less in that case, due to how zlib's implementation of deflate
+   manages the sliding window and lookahead for matches, where matches can be
+   up to 258 bytes long. If the application needs the last window-size bytes of
+   input, then that would need to be saved by the application outside of zlib.
+
+     deflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the
+   stream state is inconsistent.
+*/
+
+ZEXTERN int ZEXPORT deflateCopy(z_streamp dest,
+                                z_streamp source);
+/*
+     Sets the destination stream as a complete copy of the source stream.
+
+     This function can be useful when several compression strategies will be
+   tried, for example when there are several ways of pre-processing the input
+   data with a filter.  The streams that will be discarded should then be freed
+   by calling deflateEnd.  Note that deflateCopy duplicates the internal
+   compression state which can be quite large, so this strategy is slow and can
+   consume lots of memory.
+
+     deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being Z_NULL).  msg is left unchanged in both source and
+   destination.
+*/
+
+ZEXTERN int ZEXPORT deflateReset(z_streamp strm);
+/*
+     This function is equivalent to deflateEnd followed by deflateInit, but
+   does not free and reallocate the internal compression state.  The stream
+   will leave the compression level and any other attributes that may have been
+   set unchanged.  total_in, total_out, adler, and msg are initialized.
+
+     deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL).
+*/
+
+ZEXTERN int ZEXPORT deflateParams(z_streamp strm,
+                                  int level,
+                                  int strategy);
+/*
+     Dynamically update the compression level and compression strategy.  The
+   interpretation of level and strategy is as in deflateInit2().  This can be
+   used to switch between compression and straight copy of the input data, or
+   to switch to a different kind of input data requiring a different strategy.
+   If the compression approach (which is a function of the level) or the
+   strategy is changed, and if there have been any deflate() calls since the
+   state was initialized or reset, then the input available so far is
+   compressed with the old level and strategy using deflate(strm, Z_BLOCK).
+   There are three approaches for the compression levels 0, 1..3, and 4..9
+   respectively.  The new level and strategy will take effect at the next call
+   of deflate().
+
+     If a deflate(strm, Z_BLOCK) is performed by deflateParams(), and it does
+   not have enough output space to complete, then the parameter change will not
+   take effect.  In this case, deflateParams() can be called again with the
+   same parameters and more output space to try again.
+
+     In order to assure a change in the parameters on the first try, the
+   deflate stream should be flushed using deflate() with Z_BLOCK or other flush
+   request until strm.avail_out is not zero, before calling deflateParams().
+   Then no more input data should be provided before the deflateParams() call.
+   If this is done, the old level and strategy will be applied to the data
+   compressed before deflateParams(), and the new level and strategy will be
+   applied to the data compressed after deflateParams().
+
+     deflateParams returns Z_OK on success, Z_STREAM_ERROR if the source stream
+   state was inconsistent or if a parameter was invalid, or Z_BUF_ERROR if
+   there was not enough output space to complete the compression of the
+   available input data before a change in the strategy or approach.  Note that
+   in the case of a Z_BUF_ERROR, the parameters are not changed.  A return
+   value of Z_BUF_ERROR is not fatal, in which case deflateParams() can be
+   retried with more output space.
+*/
+
+ZEXTERN int ZEXPORT deflateTune(z_streamp strm,
+                                int good_length,
+                                int max_lazy,
+                                int nice_length,
+                                int max_chain);
+/*
+     Fine tune deflate's internal compression parameters.  This should only be
+   used by someone who understands the algorithm used by zlib's deflate for
+   searching for the best matching string, and even then only by the most
+   fanatic optimizer trying to squeeze out the last compressed bit for their
+   specific input data.  Read the deflate.c source code for the meaning of the
+   max_lazy, good_length, nice_length, and max_chain parameters.
+
+     deflateTune() can be called after deflateInit() or deflateInit2(), and
+   returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream.
+ */
+
+ZEXTERN uLong ZEXPORT deflateBound(z_streamp strm,
+                                   uLong sourceLen);
+/*
+     deflateBound() returns an upper bound on the compressed size after
+   deflation of sourceLen bytes.  It must be called after deflateInit() or
+   deflateInit2(), and after deflateSetHeader(), if used.  This would be used
+   to allocate an output buffer for deflation in a single pass, and so would be
+   called before deflate().  If that first deflate() call is provided the
+   sourceLen input bytes, an output buffer allocated to the size returned by
+   deflateBound(), and the flush value Z_FINISH, then deflate() is guaranteed
+   to return Z_STREAM_END.  Note that it is possible for the compressed size to
+   be larger than the value returned by deflateBound() if flush options other
+   than Z_FINISH or Z_NO_FLUSH are used.
+*/
+
+ZEXTERN int ZEXPORT deflatePending(z_streamp strm,
+                                   unsigned *pending,
+                                   int *bits);
+/*
+     deflatePending() returns the number of bytes and bits of output that have
+   been generated, but not yet provided in the available output.  The bytes not
+   provided would be due to the available output space having being consumed.
+   The number of bits of output not provided are between 0 and 7, where they
+   await more bits to join them in order to fill out a full byte.  If pending
+   or bits are Z_NULL, then those values are not set.
+
+     deflatePending returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+ */
+
+ZEXTERN int ZEXPORT deflatePrime(z_streamp strm,
+                                 int bits,
+                                 int value);
+/*
+     deflatePrime() inserts bits in the deflate output stream.  The intent
+   is that this function is used to start off the deflate output with the bits
+   leftover from a previous deflate stream when appending to it.  As such, this
+   function can only be used for raw deflate, and must be used before the first
+   deflate() call after a deflateInit2() or deflateReset().  bits must be less
+   than or equal to 16, and that many of the least significant bits of value
+   will be inserted in the output.
+
+     deflatePrime returns Z_OK if success, Z_BUF_ERROR if there was not enough
+   room in the internal buffer to insert the bits, or Z_STREAM_ERROR if the
+   source stream state was inconsistent.
+*/
+
+ZEXTERN int ZEXPORT deflateSetHeader(z_streamp strm,
+                                     gz_headerp head);
+/*
+     deflateSetHeader() provides gzip header information for when a gzip
+   stream is requested by deflateInit2().  deflateSetHeader() may be called
+   after deflateInit2() or deflateReset() and before the first call of
+   deflate().  The text, time, os, extra field, name, and comment information
+   in the provided gz_header structure are written to the gzip header (xflag is
+   ignored -- the extra flags are set according to the compression level).  The
+   caller must assure that, if not Z_NULL, name and comment are terminated with
+   a zero byte, and that if extra is not Z_NULL, that extra_len bytes are
+   available there.  If hcrc is true, a gzip header crc is included.  Note that
+   the current versions of the command-line version of gzip (up through version
+   1.3.x) do not support header crc's, and will report that it is a "multi-part
+   gzip file" and give up.
+
+     If deflateSetHeader is not used, the default gzip header has text false,
+   the time set to zero, and os set to the current operating system, with no
+   extra, name, or comment fields.  The gzip header is returned to the default
+   state by deflateReset().
+
+     deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+/*
+ZEXTERN int ZEXPORT inflateInit2(z_streamp strm,
+                                 int windowBits);
+
+     This is another version of inflateInit with an extra parameter.  The
+   fields next_in, avail_in, zalloc, zfree and opaque must be initialized
+   before by the caller.
+
+     The windowBits parameter is the base two logarithm of the maximum window
+   size (the size of the history buffer).  It should be in the range 8..15 for
+   this version of the library.  The default value is 15 if inflateInit is used
+   instead.  windowBits must be greater than or equal to the windowBits value
+   provided to deflateInit2() while compressing, or it must be equal to 15 if
+   deflateInit2() was not used.  If a compressed stream with a larger window
+   size is given as input, inflate() will return with the error code
+   Z_DATA_ERROR instead of trying to allocate a larger window.
+
+     windowBits can also be zero to request that inflate use the window size in
+   the zlib header of the compressed stream.
+
+     windowBits can also be -8..-15 for raw inflate.  In this case, -windowBits
+   determines the window size.  inflate() will then process raw deflate data,
+   not looking for a zlib or gzip header, not generating a check value, and not
+   looking for any check values for comparison at the end of the stream.  This
+   is for use with other formats that use the deflate compressed data format
+   such as zip.  Those formats provide their own check values.  If a custom
+   format is developed using the raw deflate format for compressed data, it is
+   recommended that a check value such as an Adler-32 or a CRC-32 be applied to
+   the uncompressed data as is done in the zlib, gzip, and zip formats.  For
+   most applications, the zlib format should be used as is.  Note that comments
+   above on the use in deflateInit2() applies to the magnitude of windowBits.
+
+     windowBits can also be greater than 15 for optional gzip decoding.  Add
+   32 to windowBits to enable zlib and gzip decoding with automatic header
+   detection, or add 16 to decode only the gzip format (the zlib format will
+   return a Z_DATA_ERROR).  If a gzip stream is being decoded, strm->adler is a
+   CRC-32 instead of an Adler-32.  Unlike the gunzip utility and gzread() (see
+   below), inflate() will *not* automatically decode concatenated gzip members.
+   inflate() will return Z_STREAM_END at the end of the gzip member.  The state
+   would need to be reset to continue decoding a subsequent gzip member.  This
+   *must* be done if there is more data after a gzip member, in order for the
+   decompression to be compliant with the gzip standard (RFC 1952).
+
+     inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
+   version assumed by the caller, or Z_STREAM_ERROR if the parameters are
+   invalid, such as a null pointer to the structure.  msg is set to null if
+   there is no error message.  inflateInit2 does not perform any decompression
+   apart from possibly reading the zlib header if present: actual decompression
+   will be done by inflate().  (So next_in and avail_in may be modified, but
+   next_out and avail_out are unused and unchanged.) The current implementation
+   of inflateInit2() does not process any header information -- that is
+   deferred until inflate() is called.
+*/
+
+ZEXTERN int ZEXPORT inflateSetDictionary(z_streamp strm,
+                                         const Bytef *dictionary,
+                                         uInt  dictLength);
+/*
+     Initializes the decompression dictionary from the given uncompressed byte
+   sequence.  This function must be called immediately after a call of inflate,
+   if that call returned Z_NEED_DICT.  The dictionary chosen by the compressor
+   can be determined from the Adler-32 value returned by that call of inflate.
+   The compressor and decompressor must use exactly the same dictionary (see
+   deflateSetDictionary).  For raw inflate, this function can be called at any
+   time to set the dictionary.  If the provided dictionary is smaller than the
+   window and there is already data in the window, then the provided dictionary
+   will amend what's there.  The application must insure that the dictionary
+   that was used for compression is provided.
+
+     inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
+   parameter is invalid (e.g.  dictionary being Z_NULL) or the stream state is
+   inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
+   expected one (incorrect Adler-32 value).  inflateSetDictionary does not
+   perform any decompression: this will be done by subsequent calls of
+   inflate().
+*/
+
+ZEXTERN int ZEXPORT inflateGetDictionary(z_streamp strm,
+                                         Bytef *dictionary,
+                                         uInt  *dictLength);
+/*
+     Returns the sliding dictionary being maintained by inflate.  dictLength is
+   set to the number of bytes in the dictionary, and that many bytes are copied
+   to dictionary.  dictionary must have enough space, where 32768 bytes is
+   always enough.  If inflateGetDictionary() is called with dictionary equal to
+   Z_NULL, then only the dictionary length is returned, and nothing is copied.
+   Similarly, if dictLength is Z_NULL, then it is not set.
+
+     inflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the
+   stream state is inconsistent.
+*/
+
+ZEXTERN int ZEXPORT inflateSync(z_streamp strm);
+/*
+     Skips invalid compressed data until a possible full flush point (see above
+   for the description of deflate with Z_FULL_FLUSH) can be found, or until all
+   available input is skipped.  No output is provided.
+
+     inflateSync searches for a 00 00 FF FF pattern in the compressed data.
+   All full flush points have this pattern, but not all occurrences of this
+   pattern are full flush points.
+
+     inflateSync returns Z_OK if a possible full flush point has been found,
+   Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point
+   has been found, or Z_STREAM_ERROR if the stream structure was inconsistent.
+   In the success case, the application may save the current value of total_in
+   which indicates where valid compressed data was found.  In the error case,
+   the application may repeatedly call inflateSync, providing more input each
+   time, until success or end of the input data.
+*/
+
+ZEXTERN int ZEXPORT inflateCopy(z_streamp dest,
+                                z_streamp source);
+/*
+     Sets the destination stream as a complete copy of the source stream.
+
+     This function can be useful when randomly accessing a large stream.  The
+   first pass through the stream can periodically record the inflate state,
+   allowing restarting inflate at those points when randomly accessing the
+   stream.
+
+     inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being Z_NULL).  msg is left unchanged in both source and
+   destination.
+*/
+
+ZEXTERN int ZEXPORT inflateReset(z_streamp strm);
+/*
+     This function is equivalent to inflateEnd followed by inflateInit,
+   but does not free and reallocate the internal decompression state.  The
+   stream will keep attributes that may have been set by inflateInit2.
+   total_in, total_out, adler, and msg are initialized.
+
+     inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL).
+*/
+
+ZEXTERN int ZEXPORT inflateReset2(z_streamp strm,
+                                  int windowBits);
+/*
+     This function is the same as inflateReset, but it also permits changing
+   the wrap and window size requests.  The windowBits parameter is interpreted
+   the same as it is for inflateInit2.  If the window size is changed, then the
+   memory allocated for the window is freed, and the window will be reallocated
+   by inflate() if needed.
+
+     inflateReset2 returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL), or if
+   the windowBits parameter is invalid.
+*/
+
+ZEXTERN int ZEXPORT inflatePrime(z_streamp strm,
+                                 int bits,
+                                 int value);
+/*
+     This function inserts bits in the inflate input stream.  The intent is
+   that this function is used to start inflating at a bit position in the
+   middle of a byte.  The provided bits will be used before any bytes are used
+   from next_in.  This function should only be used with raw inflate, and
+   should be used before the first inflate() call after inflateInit2() or
+   inflateReset().  bits must be less than or equal to 16, and that many of the
+   least significant bits of value will be inserted in the input.
+
+     If bits is negative, then the input stream bit buffer is emptied.  Then
+   inflatePrime() can be called again to put bits in the buffer.  This is used
+   to clear out bits leftover after feeding inflate a block description prior
+   to feeding inflate codes.
+
+     inflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+ZEXTERN long ZEXPORT inflateMark(z_streamp strm);
+/*
+     This function returns two values, one in the lower 16 bits of the return
+   value, and the other in the remaining upper bits, obtained by shifting the
+   return value down 16 bits.  If the upper value is -1 and the lower value is
+   zero, then inflate() is currently decoding information outside of a block.
+   If the upper value is -1 and the lower value is non-zero, then inflate is in
+   the middle of a stored block, with the lower value equaling the number of
+   bytes from the input remaining to copy.  If the upper value is not -1, then
+   it is the number of bits back from the current bit position in the input of
+   the code (literal or length/distance pair) currently being processed.  In
+   that case the lower value is the number of bytes already emitted for that
+   code.
+
+     A code is being processed if inflate is waiting for more input to complete
+   decoding of the code, or if it has completed decoding but is waiting for
+   more output space to write the literal or match data.
+
+     inflateMark() is used to mark locations in the input data for random
+   access, which may be at bit positions, and to note those cases where the
+   output of a code may span boundaries of random access blocks.  The current
+   location in the input stream can be determined from avail_in and data_type
+   as noted in the description for the Z_BLOCK flush parameter for inflate.
+
+     inflateMark returns the value noted above, or -65536 if the provided
+   source stream state was inconsistent.
+*/
+
+ZEXTERN int ZEXPORT inflateGetHeader(z_streamp strm,
+                                     gz_headerp head);
+/*
+     inflateGetHeader() requests that gzip header information be stored in the
+   provided gz_header structure.  inflateGetHeader() may be called after
+   inflateInit2() or inflateReset(), and before the first call of inflate().
+   As inflate() processes the gzip stream, head->done is zero until the header
+   is completed, at which time head->done is set to one.  If a zlib stream is
+   being decoded, then head->done is set to -1 to indicate that there will be
+   no gzip header information forthcoming.  Note that Z_BLOCK or Z_TREES can be
+   used to force inflate() to return immediately after header processing is
+   complete and before any actual data is decompressed.
+
+     The text, time, xflags, and os fields are filled in with the gzip header
+   contents.  hcrc is set to true if there is a header CRC.  (The header CRC
+   was valid if done is set to one.) If extra is not Z_NULL, then extra_max
+   contains the maximum number of bytes to write to extra.  Once done is true,
+   extra_len contains the actual extra field length, and extra contains the
+   extra field, or that field truncated if extra_max is less than extra_len.
+   If name is not Z_NULL, then up to name_max characters are written there,
+   terminated with a zero unless the length is greater than name_max.  If
+   comment is not Z_NULL, then up to comm_max characters are written there,
+   terminated with a zero unless the length is greater than comm_max.  When any
+   of extra, name, or comment are not Z_NULL and the respective field is not
+   present in the header, then that field is set to Z_NULL to signal its
+   absence.  This allows the use of deflateSetHeader() with the returned
+   structure to duplicate the header.  However if those fields are set to
+   allocated memory, then the application will need to save those pointers
+   elsewhere so that they can be eventually freed.
+
+     If inflateGetHeader is not used, then the header information is simply
+   discarded.  The header is always checked for validity, including the header
+   CRC if present.  inflateReset() will reset the process to discard the header
+   information.  The application would need to call inflateGetHeader() again to
+   retrieve the header from the next gzip stream.
+
+     inflateGetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+/*
+ZEXTERN int ZEXPORT inflateBackInit(z_streamp strm, int windowBits,
+                                    unsigned char FAR *window);
+
+     Initialize the internal stream state for decompression using inflateBack()
+   calls.  The fields zalloc, zfree and opaque in strm must be initialized
+   before the call.  If zalloc and zfree are Z_NULL, then the default library-
+   derived memory allocation routines are used.  windowBits is the base two
+   logarithm of the window size, in the range 8..15.  window is a caller
+   supplied buffer of that size.  Except for special applications where it is
+   assured that deflate was used with small window sizes, windowBits must be 15
+   and a 32K byte window must be supplied to be able to decompress general
+   deflate streams.
+
+     See inflateBack() for the usage of these routines.
+
+     inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of
+   the parameters are invalid, Z_MEM_ERROR if the internal state could not be
+   allocated, or Z_VERSION_ERROR if the version of the library does not match
+   the version of the header file.
+*/
+
+typedef unsigned (*in_func)(void FAR *,
+                            z_const unsigned char FAR * FAR *);
+typedef int (*out_func)(void FAR *, unsigned char FAR *, unsigned);
+
+ZEXTERN int ZEXPORT inflateBack(z_streamp strm,
+                                in_func in, void FAR *in_desc,
+                                out_func out, void FAR *out_desc);
+/*
+     inflateBack() does a raw inflate with a single call using a call-back
+   interface for input and output.  This is potentially more efficient than
+   inflate() for file i/o applications, in that it avoids copying between the
+   output and the sliding window by simply making the window itself the output
+   buffer.  inflate() can be faster on modern CPUs when used with large
+   buffers.  inflateBack() trusts the application to not change the output
+   buffer passed by the output function, at least until inflateBack() returns.
+
+     inflateBackInit() must be called first to allocate the internal state
+   and to initialize the state with the user-provided window buffer.
+   inflateBack() may then be used multiple times to inflate a complete, raw
+   deflate stream with each call.  inflateBackEnd() is then called to free the
+   allocated state.
+
+     A raw deflate stream is one with no zlib or gzip header or trailer.
+   This routine would normally be used in a utility that reads zip or gzip
+   files and writes out uncompressed files.  The utility would decode the
+   header and process the trailer on its own, hence this routine expects only
+   the raw deflate stream to decompress.  This is different from the default
+   behavior of inflate(), which expects a zlib header and trailer around the
+   deflate stream.
+
+     inflateBack() uses two subroutines supplied by the caller that are then
+   called by inflateBack() for input and output.  inflateBack() calls those
+   routines until it reads a complete deflate stream and writes out all of the
+   uncompressed data, or until it encounters an error.  The function's
+   parameters and return types are defined above in the in_func and out_func
+   typedefs.  inflateBack() will call in(in_desc, &buf) which should return the
+   number of bytes of provided input, and a pointer to that input in buf.  If
+   there is no input available, in() must return zero -- buf is ignored in that
+   case -- and inflateBack() will return a buffer error.  inflateBack() will
+   call out(out_desc, buf, len) to write the uncompressed data buf[0..len-1].
+   out() should return zero on success, or non-zero on failure.  If out()
+   returns non-zero, inflateBack() will return with an error.  Neither in() nor
+   out() are permitted to change the contents of the window provided to
+   inflateBackInit(), which is also the buffer that out() uses to write from.
+   The length written by out() will be at most the window size.  Any non-zero
+   amount of input may be provided by in().
+
+     For convenience, inflateBack() can be provided input on the first call by
+   setting strm->next_in and strm->avail_in.  If that input is exhausted, then
+   in() will be called.  Therefore strm->next_in must be initialized before
+   calling inflateBack().  If strm->next_in is Z_NULL, then in() will be called
+   immediately for input.  If strm->next_in is not Z_NULL, then strm->avail_in
+   must also be initialized, and then if strm->avail_in is not zero, input will
+   initially be taken from strm->next_in[0 ..  strm->avail_in - 1].
+
+     The in_desc and out_desc parameters of inflateBack() is passed as the
+   first parameter of in() and out() respectively when they are called.  These
+   descriptors can be optionally used to pass any information that the caller-
+   supplied in() and out() functions need to do their job.
+
+     On return, inflateBack() will set strm->next_in and strm->avail_in to
+   pass back any unused input that was provided by the last in() call.  The
+   return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR
+   if in() or out() returned an error, Z_DATA_ERROR if there was a format error
+   in the deflate stream (in which case strm->msg is set to indicate the nature
+   of the error), or Z_STREAM_ERROR if the stream was not properly initialized.
+   In the case of Z_BUF_ERROR, an input or output error can be distinguished
+   using strm->next_in which will be Z_NULL only if in() returned an error.  If
+   strm->next_in is not Z_NULL, then the Z_BUF_ERROR was due to out() returning
+   non-zero.  (in() will always be called before out(), so strm->next_in is
+   assured to be defined if out() returns non-zero.)  Note that inflateBack()
+   cannot return Z_OK.
+*/
+
+ZEXTERN int ZEXPORT inflateBackEnd(z_streamp strm);
+/*
+     All memory allocated by inflateBackInit() is freed.
+
+     inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream
+   state was inconsistent.
+*/
+
+ZEXTERN uLong ZEXPORT zlibCompileFlags(void);
+/* Return flags indicating compile-time options.
+
+    Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other:
+     1.0: size of uInt
+     3.2: size of uLong
+     5.4: size of voidpf (pointer)
+     7.6: size of z_off_t
+
+    Compiler, assembler, and debug options:
+     8: ZLIB_DEBUG
+     9: ASMV or ASMINF -- use ASM code
+     10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention
+     11: 0 (reserved)
+
+    One-time table building (smaller code, but not thread-safe if true):
+     12: BUILDFIXED -- build static block decoding tables when needed
+     13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed
+     14,15: 0 (reserved)
+
+    Library content (indicates missing functionality):
+     16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking
+                          deflate code when not needed)
+     17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect
+                    and decode gzip streams (to avoid linking crc code)
+     18-19: 0 (reserved)
+
+    Operation variations (changes in library functionality):
+     20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate
+     21: FASTEST -- deflate algorithm with only one, lowest compression level
+     22,23: 0 (reserved)
+
+    The sprintf variant used by gzprintf (zero is best):
+     24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format
+     25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure!
+     26: 0 = returns value, 1 = void -- 1 means inferred string length returned
+
+    Remainder:
+     27-31: 0 (reserved)
+ */
+
+#ifndef Z_SOLO
+
+                        /* utility functions */
+
+/*
+     The following utility functions are implemented on top of the basic
+   stream-oriented functions.  To simplify the interface, some default options
+   are assumed (compression level and memory usage, standard memory allocation
+   functions).  The source code of these utility functions can be modified if
+   you need special options.
+*/
+
+ZEXTERN int ZEXPORT compress(Bytef *dest,   uLongf *destLen,
+                             const Bytef *source, uLong sourceLen);
+/*
+     Compresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer.  Upon entry, destLen is the total size
+   of the destination buffer, which must be at least the value returned by
+   compressBound(sourceLen).  Upon exit, destLen is the actual size of the
+   compressed data.  compress() is equivalent to compress2() with a level
+   parameter of Z_DEFAULT_COMPRESSION.
+
+     compress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer.
+*/
+
+ZEXTERN int ZEXPORT compress2(Bytef *dest,   uLongf *destLen,
+                              const Bytef *source, uLong sourceLen,
+                              int level);
+/*
+     Compresses the source buffer into the destination buffer.  The level
+   parameter has the same meaning as in deflateInit.  sourceLen is the byte
+   length of the source buffer.  Upon entry, destLen is the total size of the
+   destination buffer, which must be at least the value returned by
+   compressBound(sourceLen).  Upon exit, destLen is the actual size of the
+   compressed data.
+
+     compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer,
+   Z_STREAM_ERROR if the level parameter is invalid.
+*/
+
+ZEXTERN uLong ZEXPORT compressBound(uLong sourceLen);
+/*
+     compressBound() returns an upper bound on the compressed size after
+   compress() or compress2() on sourceLen bytes.  It would be used before a
+   compress() or compress2() call to allocate the destination buffer.
+*/
+
+ZEXTERN int ZEXPORT uncompress(Bytef *dest,   uLongf *destLen,
+                               const Bytef *source, uLong sourceLen);
+/*
+     Decompresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer.  Upon entry, destLen is the total size
+   of the destination buffer, which must be large enough to hold the entire
+   uncompressed data.  (The size of the uncompressed data must have been saved
+   previously by the compressor and transmitted to the decompressor by some
+   mechanism outside the scope of this compression library.) Upon exit, destLen
+   is the actual size of the uncompressed data.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete.  In
+   the case where there is not enough room, uncompress() will fill the output
+   buffer with the uncompressed data up to that point.
+*/
+
+ZEXTERN int ZEXPORT uncompress2(Bytef *dest,   uLongf *destLen,
+                                const Bytef *source, uLong *sourceLen);
+/*
+     Same as uncompress, except that sourceLen is a pointer, where the
+   length of the source is *sourceLen.  On return, *sourceLen is the number of
+   source bytes consumed.
+*/
+
+                        /* gzip file access functions */
+
+/*
+     This library supports reading and writing files in gzip (.gz) format with
+   an interface similar to that of stdio, using the functions that start with
+   "gz".  The gzip format is different from the zlib format.  gzip is a gzip
+   wrapper, documented in RFC 1952, wrapped around a deflate stream.
+*/
+
+typedef struct gzFile_s *gzFile;    /* semi-opaque gzip file descriptor */
+
+/*
+ZEXTERN gzFile ZEXPORT gzopen(const char *path, const char *mode);
+
+     Open the gzip (.gz) file at path for reading and decompressing, or
+   compressing and writing.  The mode parameter is as in fopen ("rb" or "wb")
+   but can also include a compression level ("wb9") or a strategy: 'f' for
+   filtered data as in "wb6f", 'h' for Huffman-only compression as in "wb1h",
+   'R' for run-length encoding as in "wb1R", or 'F' for fixed code compression
+   as in "wb9F".  (See the description of deflateInit2 for more information
+   about the strategy parameter.)  'T' will request transparent writing or
+   appending with no compression and not using the gzip format.
+
+     "a" can be used instead of "w" to request that the gzip stream that will
+   be written be appended to the file.  "+" will result in an error, since
+   reading and writing to the same gzip file is not supported.  The addition of
+   "x" when writing will create the file exclusively, which fails if the file
+   already exists.  On systems that support it, the addition of "e" when
+   reading or writing will set the flag to close the file on an execve() call.
+
+     These functions, as well as gzip, will read and decode a sequence of gzip
+   streams in a file.  The append function of gzopen() can be used to create
+   such a file.  (Also see gzflush() for another way to do this.)  When
+   appending, gzopen does not test whether the file begins with a gzip stream,
+   nor does it look for the end of the gzip streams to begin appending.  gzopen
+   will simply append a gzip stream to the existing file.
+
+     gzopen can be used to read a file which is not in gzip format; in this
+   case gzread will directly read from the file without decompression.  When
+   reading, this will be detected automatically by looking for the magic two-
+   byte gzip header.
+
+     gzopen returns NULL if the file could not be opened, if there was
+   insufficient memory to allocate the gzFile state, or if an invalid mode was
+   specified (an 'r', 'w', or 'a' was not provided, or '+' was provided).
+   errno can be checked to determine if the reason gzopen failed was that the
+   file could not be opened.
+*/
+
+ZEXTERN gzFile ZEXPORT gzdopen(int fd, const char *mode);
+/*
+     Associate a gzFile with the file descriptor fd.  File descriptors are
+   obtained from calls like open, dup, creat, pipe or fileno (if the file has
+   been previously opened with fopen).  The mode parameter is as in gzopen.
+
+     The next call of gzclose on the returned gzFile will also close the file
+   descriptor fd, just like fclose(fdopen(fd, mode)) closes the file descriptor
+   fd.  If you want to keep fd open, use fd = dup(fd_keep); gz = gzdopen(fd,
+   mode);.  The duplicated descriptor should be saved to avoid a leak, since
+   gzdopen does not close fd if it fails.  If you are using fileno() to get the
+   file descriptor from a FILE *, then you will have to use dup() to avoid
+   double-close()ing the file descriptor.  Both gzclose() and fclose() will
+   close the associated file descriptor, so they need to have different file
+   descriptors.
+
+     gzdopen returns NULL if there was insufficient memory to allocate the
+   gzFile state, if an invalid mode was specified (an 'r', 'w', or 'a' was not
+   provided, or '+' was provided), or if fd is -1.  The file descriptor is not
+   used until the next gz* read, write, seek, or close operation, so gzdopen
+   will not detect if fd is invalid (unless fd is -1).
+*/
+
+ZEXTERN int ZEXPORT gzbuffer(gzFile file, unsigned size);
+/*
+     Set the internal buffer size used by this library's functions for file to
+   size.  The default buffer size is 8192 bytes.  This function must be called
+   after gzopen() or gzdopen(), and before any other calls that read or write
+   the file.  The buffer memory allocation is always deferred to the first read
+   or write.  Three times that size in buffer space is allocated.  A larger
+   buffer size of, for example, 64K or 128K bytes will noticeably increase the
+   speed of decompression (reading).
+
+     The new buffer size also affects the maximum length for gzprintf().
+
+     gzbuffer() returns 0 on success, or -1 on failure, such as being called
+   too late.
+*/
+
+ZEXTERN int ZEXPORT gzsetparams(gzFile file, int level, int strategy);
+/*
+     Dynamically update the compression level and strategy for file.  See the
+   description of deflateInit2 for the meaning of these parameters. Previously
+   provided data is flushed before applying the parameter changes.
+
+     gzsetparams returns Z_OK if success, Z_STREAM_ERROR if the file was not
+   opened for writing, Z_ERRNO if there is an error writing the flushed data,
+   or Z_MEM_ERROR if there is a memory allocation error.
+*/
+
+ZEXTERN int ZEXPORT gzread(gzFile file, voidp buf, unsigned len);
+/*
+     Read and decompress up to len uncompressed bytes from file into buf.  If
+   the input file is not in gzip format, gzread copies the given number of
+   bytes into the buffer directly from the file.
+
+     After reaching the end of a gzip stream in the input, gzread will continue
+   to read, looking for another gzip stream.  Any number of gzip streams may be
+   concatenated in the input file, and will all be decompressed by gzread().
+   If something other than a gzip stream is encountered after a gzip stream,
+   that remaining trailing garbage is ignored (and no error is returned).
+
+     gzread can be used to read a gzip file that is being concurrently written.
+   Upon reaching the end of the input, gzread will return with the available
+   data.  If the error code returned by gzerror is Z_OK or Z_BUF_ERROR, then
+   gzclearerr can be used to clear the end of file indicator in order to permit
+   gzread to be tried again.  Z_OK indicates that a gzip stream was completed
+   on the last gzread.  Z_BUF_ERROR indicates that the input file ended in the
+   middle of a gzip stream.  Note that gzread does not return -1 in the event
+   of an incomplete gzip stream.  This error is deferred until gzclose(), which
+   will return Z_BUF_ERROR if the last gzread ended in the middle of a gzip
+   stream.  Alternatively, gzerror can be used before gzclose to detect this
+   case.
+
+     gzread returns the number of uncompressed bytes actually read, less than
+   len for end of file, or -1 for error.  If len is too large to fit in an int,
+   then nothing is read, -1 is returned, and the error state is set to
+   Z_STREAM_ERROR.
+*/
+
+ZEXTERN z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems,
+                                 gzFile file);
+/*
+     Read and decompress up to nitems items of size size from file into buf,
+   otherwise operating as gzread() does.  This duplicates the interface of
+   stdio's fread(), with size_t request and return types.  If the library
+   defines size_t, then z_size_t is identical to size_t.  If not, then z_size_t
+   is an unsigned integer type that can contain a pointer.
+
+     gzfread() returns the number of full items read of size size, or zero if
+   the end of the file was reached and a full item could not be read, or if
+   there was an error.  gzerror() must be consulted if zero is returned in
+   order to determine if there was an error.  If the multiplication of size and
+   nitems overflows, i.e. the product does not fit in a z_size_t, then nothing
+   is read, zero is returned, and the error state is set to Z_STREAM_ERROR.
+
+     In the event that the end of file is reached and only a partial item is
+   available at the end, i.e. the remaining uncompressed data length is not a
+   multiple of size, then the final partial item is nevertheless read into buf
+   and the end-of-file flag is set.  The length of the partial item read is not
+   provided, but could be inferred from the result of gztell().  This behavior
+   is the same as the behavior of fread() implementations in common libraries,
+   but it prevents the direct use of gzfread() to read a concurrently written
+   file, resetting and retrying on end-of-file, when size is not 1.
+*/
+
+ZEXTERN int ZEXPORT gzwrite(gzFile file, voidpc buf, unsigned len);
+/*
+     Compress and write the len uncompressed bytes at buf to file. gzwrite
+   returns the number of uncompressed bytes written or 0 in case of error.
+*/
+
+ZEXTERN z_size_t ZEXPORT gzfwrite(voidpc buf, z_size_t size,
+                                  z_size_t nitems, gzFile file);
+/*
+     Compress and write nitems items of size size from buf to file, duplicating
+   the interface of stdio's fwrite(), with size_t request and return types.  If
+   the library defines size_t, then z_size_t is identical to size_t.  If not,
+   then z_size_t is an unsigned integer type that can contain a pointer.
+
+     gzfwrite() returns the number of full items written of size size, or zero
+   if there was an error.  If the multiplication of size and nitems overflows,
+   i.e. the product does not fit in a z_size_t, then nothing is written, zero
+   is returned, and the error state is set to Z_STREAM_ERROR.
+*/
+
+ZEXTERN int ZEXPORTVA gzprintf(gzFile file, const char *format, ...);
+/*
+     Convert, format, compress, and write the arguments (...) to file under
+   control of the string format, as in fprintf.  gzprintf returns the number of
+   uncompressed bytes actually written, or a negative zlib error code in case
+   of error.  The number of uncompressed bytes written is limited to 8191, or
+   one less than the buffer size given to gzbuffer().  The caller should assure
+   that this limit is not exceeded.  If it is exceeded, then gzprintf() will
+   return an error (0) with nothing written.  In this case, there may also be a
+   buffer overflow with unpredictable consequences, which is possible only if
+   zlib was compiled with the insecure functions sprintf() or vsprintf(),
+   because the secure snprintf() or vsnprintf() functions were not available.
+   This can be determined using zlibCompileFlags().
+*/
+
+ZEXTERN int ZEXPORT gzputs(gzFile file, const char *s);
+/*
+     Compress and write the given null-terminated string s to file, excluding
+   the terminating null character.
+
+     gzputs returns the number of characters written, or -1 in case of error.
+*/
+
+ZEXTERN char * ZEXPORT gzgets(gzFile file, char *buf, int len);
+/*
+     Read and decompress bytes from file into buf, until len-1 characters are
+   read, or until a newline character is read and transferred to buf, or an
+   end-of-file condition is encountered.  If any characters are read or if len
+   is one, the string is terminated with a null character.  If no characters
+   are read due to an end-of-file or len is less than one, then the buffer is
+   left untouched.
+
+     gzgets returns buf which is a null-terminated string, or it returns NULL
+   for end-of-file or in case of error.  If there was an error, the contents at
+   buf are indeterminate.
+*/
+
+ZEXTERN int ZEXPORT gzputc(gzFile file, int c);
+/*
+     Compress and write c, converted to an unsigned char, into file.  gzputc
+   returns the value that was written, or -1 in case of error.
+*/
+
+ZEXTERN int ZEXPORT gzgetc(gzFile file);
+/*
+     Read and decompress one byte from file.  gzgetc returns this byte or -1
+   in case of end of file or error.  This is implemented as a macro for speed.
+   As such, it does not do all of the checking the other functions do.  I.e.
+   it does not check to see if file is NULL, nor whether the structure file
+   points to has been clobbered or not.
+*/
+
+ZEXTERN int ZEXPORT gzungetc(int c, gzFile file);
+/*
+     Push c back onto the stream for file to be read as the first character on
+   the next read.  At least one character of push-back is always allowed.
+   gzungetc() returns the character pushed, or -1 on failure.  gzungetc() will
+   fail if c is -1, and may fail if a character has been pushed but not read
+   yet.  If gzungetc is used immediately after gzopen or gzdopen, at least the
+   output buffer size of pushed characters is allowed.  (See gzbuffer above.)
+   The pushed character will be discarded if the stream is repositioned with
+   gzseek() or gzrewind().
+*/
+
+ZEXTERN int ZEXPORT gzflush(gzFile file, int flush);
+/*
+     Flush all pending output to file.  The parameter flush is as in the
+   deflate() function.  The return value is the zlib error number (see function
+   gzerror below).  gzflush is only permitted when writing.
+
+     If the flush parameter is Z_FINISH, the remaining data is written and the
+   gzip stream is completed in the output.  If gzwrite() is called again, a new
+   gzip stream will be started in the output.  gzread() is able to read such
+   concatenated gzip streams.
+
+     gzflush should be called only when strictly necessary because it will
+   degrade compression if called too often.
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT gzseek(gzFile file,
+                               z_off_t offset, int whence);
+
+     Set the starting position to offset relative to whence for the next gzread
+   or gzwrite on file.  The offset represents a number of bytes in the
+   uncompressed data stream.  The whence parameter is defined as in lseek(2);
+   the value SEEK_END is not supported.
+
+     If the file is opened for reading, this function is emulated but can be
+   extremely slow.  If the file is opened for writing, only forward seeks are
+   supported; gzseek then compresses a sequence of zeroes up to the new
+   starting position.
+
+     gzseek returns the resulting offset location as measured in bytes from
+   the beginning of the uncompressed stream, or -1 in case of error, in
+   particular if the file is opened for writing and the new starting position
+   would be before the current position.
+*/
+
+ZEXTERN int ZEXPORT    gzrewind(gzFile file);
+/*
+     Rewind file. This function is supported only for reading.
+
+     gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET).
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT    gztell(gzFile file);
+
+     Return the starting position for the next gzread or gzwrite on file.
+   This position represents a number of bytes in the uncompressed data stream,
+   and is zero when starting, even if appending or reading a gzip stream from
+   the middle of a file using gzdopen().
+
+     gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT gzoffset(gzFile file);
+
+     Return the current compressed (actual) read or write offset of file.  This
+   offset includes the count of bytes that precede the gzip stream, for example
+   when appending or when using gzdopen() for reading.  When reading, the
+   offset does not include as yet unused buffered input.  This information can
+   be used for a progress indicator.  On error, gzoffset() returns -1.
+*/
+
+ZEXTERN int ZEXPORT gzeof(gzFile file);
+/*
+     Return true (1) if the end-of-file indicator for file has been set while
+   reading, false (0) otherwise.  Note that the end-of-file indicator is set
+   only if the read tried to go past the end of the input, but came up short.
+   Therefore, just like feof(), gzeof() may return false even if there is no
+   more data to read, in the event that the last read request was for the exact
+   number of bytes remaining in the input file.  This will happen if the input
+   file size is an exact multiple of the buffer size.
+
+     If gzeof() returns true, then the read functions will return no more data,
+   unless the end-of-file indicator is reset by gzclearerr() and the input file
+   has grown since the previous end of file was detected.
+*/
+
+ZEXTERN int ZEXPORT gzdirect(gzFile file);
+/*
+     Return true (1) if file is being copied directly while reading, or false
+   (0) if file is a gzip stream being decompressed.
+
+     If the input file is empty, gzdirect() will return true, since the input
+   does not contain a gzip stream.
+
+     If gzdirect() is used immediately after gzopen() or gzdopen() it will
+   cause buffers to be allocated to allow reading the file to determine if it
+   is a gzip file.  Therefore if gzbuffer() is used, it should be called before
+   gzdirect().
+
+     When writing, gzdirect() returns true (1) if transparent writing was
+   requested ("wT" for the gzopen() mode), or false (0) otherwise.  (Note:
+   gzdirect() is not needed when writing.  Transparent writing must be
+   explicitly requested, so the application already knows the answer.  When
+   linking statically, using gzdirect() will include all of the zlib code for
+   gzip file reading and decompression, which may not be desired.)
+*/
+
+ZEXTERN int ZEXPORT    gzclose(gzFile file);
+/*
+     Flush all pending output for file, if necessary, close file and
+   deallocate the (de)compression state.  Note that once file is closed, you
+   cannot call gzerror with file, since its structures have been deallocated.
+   gzclose must not be called more than once on the same file, just as free
+   must not be called more than once on the same allocation.
+
+     gzclose will return Z_STREAM_ERROR if file is not valid, Z_ERRNO on a
+   file operation error, Z_MEM_ERROR if out of memory, Z_BUF_ERROR if the
+   last read ended in the middle of a gzip stream, or Z_OK on success.
+*/
+
+ZEXTERN int ZEXPORT gzclose_r(gzFile file);
+ZEXTERN int ZEXPORT gzclose_w(gzFile file);
+/*
+     Same as gzclose(), but gzclose_r() is only for use when reading, and
+   gzclose_w() is only for use when writing or appending.  The advantage to
+   using these instead of gzclose() is that they avoid linking in zlib
+   compression or decompression code that is not used when only reading or only
+   writing respectively.  If gzclose() is used, then both compression and
+   decompression code will be included the application when linking to a static
+   zlib library.
+*/
+
+ZEXTERN const char * ZEXPORT gzerror(gzFile file, int *errnum);
+/*
+     Return the error message for the last error which occurred on file.
+   errnum is set to zlib error number.  If an error occurred in the file system
+   and not in the compression library, errnum is set to Z_ERRNO and the
+   application may consult errno to get the exact error code.
+
+     The application must not modify the returned string.  Future calls to
+   this function may invalidate the previously returned string.  If file is
+   closed, then the string previously returned by gzerror will no longer be
+   available.
+
+     gzerror() should be used to distinguish errors from end-of-file for those
+   functions above that do not distinguish those cases in their return values.
+*/
+
+ZEXTERN void ZEXPORT gzclearerr(gzFile file);
+/*
+     Clear the error and end-of-file flags for file.  This is analogous to the
+   clearerr() function in stdio.  This is useful for continuing to read a gzip
+   file that is being written concurrently.
+*/
+
+#endif /* !Z_SOLO */
+
+                        /* checksum functions */
+
+/*
+     These functions are not related to compression but are exported
+   anyway because they might be useful in applications using the compression
+   library.
+*/
+
+ZEXTERN uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len);
+/*
+     Update a running Adler-32 checksum with the bytes buf[0..len-1] and
+   return the updated checksum. An Adler-32 value is in the range of a 32-bit
+   unsigned integer. If buf is Z_NULL, this function returns the required
+   initial value for the checksum.
+
+     An Adler-32 checksum is almost as reliable as a CRC-32 but can be computed
+   much faster.
+
+   Usage example:
+
+     uLong adler = adler32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       adler = adler32(adler, buffer, length);
+     }
+     if (adler != original_adler) error();
+*/
+
+ZEXTERN uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf,
+                                z_size_t len);
+/*
+     Same as adler32(), but with a size_t length.
+*/
+
+/*
+ZEXTERN uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2,
+                                      z_off_t len2);
+
+     Combine two Adler-32 checksums into one.  For two sequences of bytes, seq1
+   and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for
+   each, adler1 and adler2.  adler32_combine() returns the Adler-32 checksum of
+   seq1 and seq2 concatenated, requiring only adler1, adler2, and len2.  Note
+   that the z_off_t type (like off_t) is a signed integer.  If len2 is
+   negative, the result has no meaning or utility.
+*/
+
+ZEXTERN uLong ZEXPORT crc32(uLong crc, const Bytef *buf, uInt len);
+/*
+     Update a running CRC-32 with the bytes buf[0..len-1] and return the
+   updated CRC-32. A CRC-32 value is in the range of a 32-bit unsigned integer.
+   If buf is Z_NULL, this function returns the required initial value for the
+   crc. Pre- and post-conditioning (one's complement) is performed within this
+   function so it shouldn't be done by the application.
+
+   Usage example:
+
+     uLong crc = crc32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       crc = crc32(crc, buffer, length);
+     }
+     if (crc != original_crc) error();
+*/
+
+ZEXTERN uLong ZEXPORT crc32_z(uLong crc, const Bytef *buf,
+                              z_size_t len);
+/*
+     Same as crc32(), but with a size_t length.
+*/
+
+/*
+ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2);
+
+     Combine two CRC-32 check values into one.  For two sequences of bytes,
+   seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
+   calculated for each, crc1 and crc2.  crc32_combine() returns the CRC-32
+   check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
+   len2. len2 must be non-negative.
+*/
+
+/*
+ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2);
+
+     Return the operator corresponding to length len2, to be used with
+   crc32_combine_op(). len2 must be non-negative.
+*/
+
+ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op);
+/*
+     Give the same result as crc32_combine(), using op in place of len2. op is
+   is generated from len2 by crc32_combine_gen(). This will be faster than
+   crc32_combine() if the generated op is used more than once.
+*/
+
+
+                        /* various hacks, don't look :) */
+
+/* deflateInit and inflateInit are macros to allow checking the zlib version
+ * and the compiler's view of z_stream:
+ */
+ZEXTERN int ZEXPORT deflateInit_(z_streamp strm, int level,
+                                 const char *version, int stream_size);
+ZEXTERN int ZEXPORT inflateInit_(z_streamp strm,
+                                 const char *version, int stream_size);
+ZEXTERN int ZEXPORT deflateInit2_(z_streamp strm, int  level, int  method,
+                                  int windowBits, int memLevel,
+                                  int strategy, const char *version,
+                                  int stream_size);
+ZEXTERN int ZEXPORT inflateInit2_(z_streamp strm, int  windowBits,
+                                  const char *version, int stream_size);
+ZEXTERN int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
+                                     unsigned char FAR *window,
+                                     const char *version,
+                                     int stream_size);
+#ifdef Z_PREFIX_SET
+#  define z_deflateInit(strm, level) \
+          deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define z_inflateInit(strm) \
+          inflateInit_((strm), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define z_deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
+          deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
+                        (strategy), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define z_inflateInit2(strm, windowBits) \
+          inflateInit2_((strm), (windowBits), ZLIB_VERSION, \
+                        (int)sizeof(z_stream))
+#  define z_inflateBackInit(strm, windowBits, window) \
+          inflateBackInit_((strm), (windowBits), (window), \
+                           ZLIB_VERSION, (int)sizeof(z_stream))
+#else
+#  define deflateInit(strm, level) \
+          deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define inflateInit(strm) \
+          inflateInit_((strm), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
+          deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
+                        (strategy), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define inflateInit2(strm, windowBits) \
+          inflateInit2_((strm), (windowBits), ZLIB_VERSION, \
+                        (int)sizeof(z_stream))
+#  define inflateBackInit(strm, windowBits, window) \
+          inflateBackInit_((strm), (windowBits), (window), \
+                           ZLIB_VERSION, (int)sizeof(z_stream))
+#endif
+
+#ifndef Z_SOLO
+
+/* gzgetc() macro and its supporting function and exposed data structure.  Note
+ * that the real internal state is much larger than the exposed structure.
+ * This abbreviated structure exposes just enough for the gzgetc() macro.  The
+ * user should not mess with these exposed elements, since their names or
+ * behavior could change in the future, perhaps even capriciously.  They can
+ * only be used by the gzgetc() macro.  You have been warned.
+ */
+struct gzFile_s {
+    unsigned have;
+    unsigned char *next;
+    z_off64_t pos;
+};
+ZEXTERN int ZEXPORT gzgetc_(gzFile file);       /* backward compatibility */
+#ifdef Z_PREFIX_SET
+#  undef z_gzgetc
+#  define z_gzgetc(g) \
+          ((g)->have ? ((g)->have--, (g)->pos++, *((g)->next)++) : (gzgetc)(g))
+#else
+#  define gzgetc(g) \
+          ((g)->have ? ((g)->have--, (g)->pos++, *((g)->next)++) : (gzgetc)(g))
+#endif
+
+/* provide 64-bit offset functions if _LARGEFILE64_SOURCE defined, and/or
+ * change the regular functions to 64 bits if _FILE_OFFSET_BITS is 64 (if
+ * both are true, the application gets the *64 functions, and the regular
+ * functions are changed to 64 bits) -- in case these are set on systems
+ * without large file support, _LFS64_LARGEFILE must also be true
+ */
+#ifdef Z_LARGE64
+   ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+   ZEXTERN z_off64_t ZEXPORT gzseek64(gzFile, z_off64_t, int);
+   ZEXTERN z_off64_t ZEXPORT gztell64(gzFile);
+   ZEXTERN z_off64_t ZEXPORT gzoffset64(gzFile);
+   ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off64_t);
+   ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off64_t);
+   ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off64_t);
+#endif
+
+#if !defined(ZLIB_INTERNAL) && defined(Z_WANT64)
+#  ifdef Z_PREFIX_SET
+#    define z_gzopen z_gzopen64
+#    define z_gzseek z_gzseek64
+#    define z_gztell z_gztell64
+#    define z_gzoffset z_gzoffset64
+#    define z_adler32_combine z_adler32_combine64
+#    define z_crc32_combine z_crc32_combine64
+#    define z_crc32_combine_gen z_crc32_combine_gen64
+#  else
+#    define gzopen gzopen64
+#    define gzseek gzseek64
+#    define gztell gztell64
+#    define gzoffset gzoffset64
+#    define adler32_combine adler32_combine64
+#    define crc32_combine crc32_combine64
+#    define crc32_combine_gen crc32_combine_gen64
+#  endif
+#  ifndef Z_LARGE64
+     ZEXTERN gzFile ZEXPORT gzopen64(const char *, const char *);
+     ZEXTERN z_off_t ZEXPORT gzseek64(gzFile, z_off_t, int);
+     ZEXTERN z_off_t ZEXPORT gztell64(gzFile);
+     ZEXTERN z_off_t ZEXPORT gzoffset64(gzFile);
+     ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t);
+     ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t);
+     ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t);
+#  endif
+#else
+   ZEXTERN gzFile ZEXPORT gzopen(const char *, const char *);
+   ZEXTERN z_off_t ZEXPORT gzseek(gzFile, z_off_t, int);
+   ZEXTERN z_off_t ZEXPORT gztell(gzFile);
+   ZEXTERN z_off_t ZEXPORT gzoffset(gzFile);
+   ZEXTERN uLong ZEXPORT adler32_combine(uLong, uLong, z_off_t);
+   ZEXTERN uLong ZEXPORT crc32_combine(uLong, uLong, z_off_t);
+   ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t);
+#endif
+
+#else /* Z_SOLO */
+
+   ZEXTERN uLong ZEXPORT adler32_combine(uLong, uLong, z_off_t);
+   ZEXTERN uLong ZEXPORT crc32_combine(uLong, uLong, z_off_t);
+   ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t);
+
+#endif /* !Z_SOLO */
+
+/* undocumented functions */
+ZEXTERN const char   * ZEXPORT zError(int);
+ZEXTERN int            ZEXPORT inflateSyncPoint(z_streamp);
+ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table(void);
+ZEXTERN int            ZEXPORT inflateUndermine(z_streamp, int);
+ZEXTERN int            ZEXPORT inflateValidate(z_streamp, int);
+ZEXTERN unsigned long  ZEXPORT inflateCodesUsed(z_streamp);
+ZEXTERN int            ZEXPORT inflateResetKeep(z_streamp);
+ZEXTERN int            ZEXPORT deflateResetKeep(z_streamp);
+#if defined(_WIN32) && !defined(Z_SOLO)
+ZEXTERN gzFile         ZEXPORT gzopen_w(const wchar_t *path,
+                                        const char *mode);
+#endif
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifndef Z_SOLO
+ZEXTERN int            ZEXPORTVA gzvprintf(gzFile file,
+                                           const char *format,
+                                           va_list va);
+#  endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ZLIB_H */
diff --git a/zlib-1.3.1/zlib.map b/zlib-1.3.1/zlib.map
new file mode 100644
index 00000000..31544f2e
--- /dev/null
+++ b/zlib-1.3.1/zlib.map
@@ -0,0 +1,100 @@
+ZLIB_1.2.0 {
+  global:
+    compressBound;
+    deflateBound;
+    inflateBack;
+    inflateBackEnd;
+    inflateBackInit_;
+    inflateCopy;
+  local:
+    deflate_copyright;
+    inflate_copyright;
+    inflate_fast;
+    inflate_table;
+    zcalloc;
+    zcfree;
+    z_errmsg;
+    gz_error;
+    gz_intmax;
+    _*;
+};
+
+ZLIB_1.2.0.2 {
+    gzclearerr;
+    gzungetc;
+    zlibCompileFlags;
+} ZLIB_1.2.0;
+
+ZLIB_1.2.0.8 {
+    deflatePrime;
+} ZLIB_1.2.0.2;
+
+ZLIB_1.2.2 {
+    adler32_combine;
+    crc32_combine;
+    deflateSetHeader;
+    inflateGetHeader;
+} ZLIB_1.2.0.8;
+
+ZLIB_1.2.2.3 {
+    deflateTune;
+    gzdirect;
+} ZLIB_1.2.2;
+
+ZLIB_1.2.2.4 {
+    inflatePrime;
+} ZLIB_1.2.2.3;
+
+ZLIB_1.2.3.3 {
+    adler32_combine64;
+    crc32_combine64;
+    gzopen64;
+    gzseek64;
+    gztell64;
+    inflateUndermine;
+} ZLIB_1.2.2.4;
+
+ZLIB_1.2.3.4 {
+    inflateReset2;
+    inflateMark;
+} ZLIB_1.2.3.3;
+
+ZLIB_1.2.3.5 {
+    gzbuffer;
+    gzoffset;
+    gzoffset64;
+    gzclose_r;
+    gzclose_w;
+} ZLIB_1.2.3.4;
+
+ZLIB_1.2.5.1 {
+    deflatePending;
+} ZLIB_1.2.3.5;
+
+ZLIB_1.2.5.2 {
+    deflateResetKeep;
+    gzgetc_;
+    inflateResetKeep;
+} ZLIB_1.2.5.1;
+
+ZLIB_1.2.7.1 {
+    inflateGetDictionary;
+    gzvprintf;
+} ZLIB_1.2.5.2;
+
+ZLIB_1.2.9 {
+    inflateCodesUsed;
+    inflateValidate;
+    uncompress2;
+    gzfread;
+    gzfwrite;
+    deflateGetDictionary;
+    adler32_z;
+    crc32_z;
+} ZLIB_1.2.7.1;
+
+ZLIB_1.2.12 {
+	crc32_combine_gen;
+	crc32_combine_gen64;
+	crc32_combine_op;
+} ZLIB_1.2.9;
diff --git a/zlib-1.3.1/zlib.pc.cmakein b/zlib-1.3.1/zlib.pc.cmakein
new file mode 100644
index 00000000..a5e64293
--- /dev/null
+++ b/zlib-1.3.1/zlib.pc.cmakein
@@ -0,0 +1,13 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=@CMAKE_INSTALL_PREFIX@
+libdir=@INSTALL_LIB_DIR@
+sharedlibdir=@INSTALL_LIB_DIR@
+includedir=@INSTALL_INC_DIR@
+
+Name: zlib
+Description: zlib compression library
+Version: @VERSION@
+
+Requires:
+Libs: -L${libdir} -L${sharedlibdir} -lz
+Cflags: -I${includedir}
diff --git a/zlib-1.3.1/zlib.pc.in b/zlib-1.3.1/zlib.pc.in
new file mode 100644
index 00000000..7e5acf9c
--- /dev/null
+++ b/zlib-1.3.1/zlib.pc.in
@@ -0,0 +1,13 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+sharedlibdir=@sharedlibdir@
+includedir=@includedir@
+
+Name: zlib
+Description: zlib compression library
+Version: @VERSION@
+
+Requires:
+Libs: -L${libdir} -L${sharedlibdir} -lz
+Cflags: -I${includedir}
diff --git a/zlib-1.3.1/zutil.c b/zlib-1.3.1/zutil.c
new file mode 100644
index 00000000..b1c5d2d3
--- /dev/null
+++ b/zlib-1.3.1/zutil.c
@@ -0,0 +1,299 @@
+/* zutil.c -- target dependent utility functions for the compression library
+ * Copyright (C) 1995-2017 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zutil.h"
+#ifndef Z_SOLO
+#  include "gzguts.h"
+#endif
+
+z_const char * const z_errmsg[10] = {
+    (z_const char *)"need dictionary",     /* Z_NEED_DICT       2  */
+    (z_const char *)"stream end",          /* Z_STREAM_END      1  */
+    (z_const char *)"",                    /* Z_OK              0  */
+    (z_const char *)"file error",          /* Z_ERRNO         (-1) */
+    (z_const char *)"stream error",        /* Z_STREAM_ERROR  (-2) */
+    (z_const char *)"data error",          /* Z_DATA_ERROR    (-3) */
+    (z_const char *)"insufficient memory", /* Z_MEM_ERROR     (-4) */
+    (z_const char *)"buffer error",        /* Z_BUF_ERROR     (-5) */
+    (z_const char *)"incompatible version",/* Z_VERSION_ERROR (-6) */
+    (z_const char *)""
+};
+
+
+const char * ZEXPORT zlibVersion(void) {
+    return ZLIB_VERSION;
+}
+
+uLong ZEXPORT zlibCompileFlags(void) {
+    uLong flags;
+
+    flags = 0;
+    switch ((int)(sizeof(uInt))) {
+    case 2:     break;
+    case 4:     flags += 1;     break;
+    case 8:     flags += 2;     break;
+    default:    flags += 3;
+    }
+    switch ((int)(sizeof(uLong))) {
+    case 2:     break;
+    case 4:     flags += 1 << 2;        break;
+    case 8:     flags += 2 << 2;        break;
+    default:    flags += 3 << 2;
+    }
+    switch ((int)(sizeof(voidpf))) {
+    case 2:     break;
+    case 4:     flags += 1 << 4;        break;
+    case 8:     flags += 2 << 4;        break;
+    default:    flags += 3 << 4;
+    }
+    switch ((int)(sizeof(z_off_t))) {
+    case 2:     break;
+    case 4:     flags += 1 << 6;        break;
+    case 8:     flags += 2 << 6;        break;
+    default:    flags += 3 << 6;
+    }
+#ifdef ZLIB_DEBUG
+    flags += 1 << 8;
+#endif
+    /*
+#if defined(ASMV) || defined(ASMINF)
+    flags += 1 << 9;
+#endif
+     */
+#ifdef ZLIB_WINAPI
+    flags += 1 << 10;
+#endif
+#ifdef BUILDFIXED
+    flags += 1 << 12;
+#endif
+#ifdef DYNAMIC_CRC_TABLE
+    flags += 1 << 13;
+#endif
+#ifdef NO_GZCOMPRESS
+    flags += 1L << 16;
+#endif
+#ifdef NO_GZIP
+    flags += 1L << 17;
+#endif
+#ifdef PKZIP_BUG_WORKAROUND
+    flags += 1L << 20;
+#endif
+#ifdef FASTEST
+    flags += 1L << 21;
+#endif
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifdef NO_vsnprintf
+    flags += 1L << 25;
+#    ifdef HAS_vsprintf_void
+    flags += 1L << 26;
+#    endif
+#  else
+#    ifdef HAS_vsnprintf_void
+    flags += 1L << 26;
+#    endif
+#  endif
+#else
+    flags += 1L << 24;
+#  ifdef NO_snprintf
+    flags += 1L << 25;
+#    ifdef HAS_sprintf_void
+    flags += 1L << 26;
+#    endif
+#  else
+#    ifdef HAS_snprintf_void
+    flags += 1L << 26;
+#    endif
+#  endif
+#endif
+    return flags;
+}
+
+#ifdef ZLIB_DEBUG
+#include <stdlib.h>
+#  ifndef verbose
+#    define verbose 0
+#  endif
+int ZLIB_INTERNAL z_verbose = verbose;
+
+void ZLIB_INTERNAL z_error(char *m) {
+    fprintf(stderr, "%s\n", m);
+    exit(1);
+}
+#endif
+
+/* exported to allow conversion of error code to string for compress() and
+ * uncompress()
+ */
+const char * ZEXPORT zError(int err) {
+    return ERR_MSG(err);
+}
+
+#if defined(_WIN32_WCE) && _WIN32_WCE < 0x800
+    /* The older Microsoft C Run-Time Library for Windows CE doesn't have
+     * errno.  We define it as a global variable to simplify porting.
+     * Its value is always 0 and should not be used.
+     */
+    int errno = 0;
+#endif
+
+#ifndef HAVE_MEMCPY
+
+void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len) {
+    if (len == 0) return;
+    do {
+        *dest++ = *source++; /* ??? to be unrolled */
+    } while (--len != 0);
+}
+
+int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len) {
+    uInt j;
+
+    for (j = 0; j < len; j++) {
+        if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1;
+    }
+    return 0;
+}
+
+void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len) {
+    if (len == 0) return;
+    do {
+        *dest++ = 0;  /* ??? to be unrolled */
+    } while (--len != 0);
+}
+#endif
+
+#ifndef Z_SOLO
+
+#ifdef SYS16BIT
+
+#ifdef __TURBOC__
+/* Turbo C in 16-bit mode */
+
+#  define MY_ZCALLOC
+
+/* Turbo C malloc() does not allow dynamic allocation of 64K bytes
+ * and farmalloc(64K) returns a pointer with an offset of 8, so we
+ * must fix the pointer. Warning: the pointer must be put back to its
+ * original form in order to free it, use zcfree().
+ */
+
+#define MAX_PTR 10
+/* 10*64K = 640K */
+
+local int next_ptr = 0;
+
+typedef struct ptr_table_s {
+    voidpf org_ptr;
+    voidpf new_ptr;
+} ptr_table;
+
+local ptr_table table[MAX_PTR];
+/* This table is used to remember the original form of pointers
+ * to large buffers (64K). Such pointers are normalized with a zero offset.
+ * Since MSDOS is not a preemptive multitasking OS, this table is not
+ * protected from concurrent access. This hack doesn't work anyway on
+ * a protected system like OS/2. Use Microsoft C instead.
+ */
+
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size) {
+    voidpf buf;
+    ulg bsize = (ulg)items*size;
+
+    (void)opaque;
+
+    /* If we allocate less than 65520 bytes, we assume that farmalloc
+     * will return a usable pointer which doesn't have to be normalized.
+     */
+    if (bsize < 65520L) {
+        buf = farmalloc(bsize);
+        if (*(ush*)&buf != 0) return buf;
+    } else {
+        buf = farmalloc(bsize + 16L);
+    }
+    if (buf == NULL || next_ptr >= MAX_PTR) return NULL;
+    table[next_ptr].org_ptr = buf;
+
+    /* Normalize the pointer to seg:0 */
+    *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4;
+    *(ush*)&buf = 0;
+    table[next_ptr++].new_ptr = buf;
+    return buf;
+}
+
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
+    int n;
+
+    (void)opaque;
+
+    if (*(ush*)&ptr != 0) { /* object < 64K */
+        farfree(ptr);
+        return;
+    }
+    /* Find the original pointer */
+    for (n = 0; n < next_ptr; n++) {
+        if (ptr != table[n].new_ptr) continue;
+
+        farfree(table[n].org_ptr);
+        while (++n < next_ptr) {
+            table[n-1] = table[n];
+        }
+        next_ptr--;
+        return;
+    }
+    Assert(0, "zcfree: ptr not found");
+}
+
+#endif /* __TURBOC__ */
+
+
+#ifdef M_I86
+/* Microsoft C in 16-bit mode */
+
+#  define MY_ZCALLOC
+
+#if (!defined(_MSC_VER) || (_MSC_VER <= 600))
+#  define _halloc  halloc
+#  define _hfree   hfree
+#endif
+
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size) {
+    (void)opaque;
+    return _halloc((long)items, size);
+}
+
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
+    (void)opaque;
+    _hfree(ptr);
+}
+
+#endif /* M_I86 */
+
+#endif /* SYS16BIT */
+
+
+#ifndef MY_ZCALLOC /* Any system without a special alloc function */
+
+#ifndef STDC
+extern voidp malloc(uInt size);
+extern voidp calloc(uInt items, uInt size);
+extern void free(voidpf ptr);
+#endif
+
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size) {
+    (void)opaque;
+    return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) :
+                              (voidpf)calloc(items, size);
+}
+
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr) {
+    (void)opaque;
+    free(ptr);
+}
+
+#endif /* MY_ZCALLOC */
+
+#endif /* !Z_SOLO */
diff --git a/zlib-1.3.1/zutil.h b/zlib-1.3.1/zutil.h
new file mode 100644
index 00000000..48dd7feb
--- /dev/null
+++ b/zlib-1.3.1/zutil.h
@@ -0,0 +1,254 @@
+/* zutil.h -- internal interface and configuration of the compression library
+ * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZUTIL_H
+#define ZUTIL_H
+
+#ifdef HAVE_HIDDEN
+#  define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+#else
+#  define ZLIB_INTERNAL
+#endif
+
+#include "zlib.h"
+
+#if defined(STDC) && !defined(Z_SOLO)
+#  if !(defined(_WIN32_WCE) && defined(_MSC_VER))
+#    include <stddef.h>
+#  endif
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#ifndef local
+#  define local static
+#endif
+/* since "static" is used to mean two completely different things in C, we
+   define "local" for the non-static meaning of "static", for readability
+   (compile with -Dlocal if your debugger can't find static symbols) */
+
+typedef unsigned char  uch;
+typedef uch FAR uchf;
+typedef unsigned short ush;
+typedef ush FAR ushf;
+typedef unsigned long  ulg;
+
+#if !defined(Z_U8) && !defined(Z_SOLO) && defined(STDC)
+#  include <limits.h>
+#  if (ULONG_MAX == 0xffffffffffffffff)
+#    define Z_U8 unsigned long
+#  elif (ULLONG_MAX == 0xffffffffffffffff)
+#    define Z_U8 unsigned long long
+#  elif (UINT_MAX == 0xffffffffffffffff)
+#    define Z_U8 unsigned
+#  endif
+#endif
+
+extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
+/* (size given to avoid silly warnings with Visual C++) */
+
+#define ERR_MSG(err) z_errmsg[(err) < -6 || (err) > 2 ? 9 : 2 - (err)]
+
+#define ERR_RETURN(strm,err) \
+  return (strm->msg = ERR_MSG(err), (err))
+/* To be used only when the state is known to be valid */
+
+        /* common constants */
+
+#ifndef DEF_WBITS
+#  define DEF_WBITS MAX_WBITS
+#endif
+/* default windowBits for decompression. MAX_WBITS is for compression only */
+
+#if MAX_MEM_LEVEL >= 8
+#  define DEF_MEM_LEVEL 8
+#else
+#  define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#endif
+/* default memLevel */
+
+#define STORED_BLOCK 0
+#define STATIC_TREES 1
+#define DYN_TREES    2
+/* The three kinds of block type */
+
+#define MIN_MATCH  3
+#define MAX_MATCH  258
+/* The minimum and maximum match lengths */
+
+#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
+
+        /* target dependencies */
+
+#if defined(MSDOS) || (defined(WINDOWS) && !defined(WIN32))
+#  define OS_CODE  0x00
+#  ifndef Z_SOLO
+#    if defined(__TURBOC__) || defined(__BORLANDC__)
+#      if (__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
+         /* Allow compilation with ANSI keywords only enabled */
+         void _Cdecl farfree( void *block );
+         void *_Cdecl farmalloc( unsigned long nbytes );
+#      else
+#        include <alloc.h>
+#      endif
+#    else /* MSC or DJGPP */
+#      include <malloc.h>
+#    endif
+#  endif
+#endif
+
+#ifdef AMIGA
+#  define OS_CODE  1
+#endif
+
+#if defined(VAXC) || defined(VMS)
+#  define OS_CODE  2
+#  define F_OPEN(name, mode) \
+     fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
+#endif
+
+#ifdef __370__
+#  if __TARGET_LIB__ < 0x20000000
+#    define OS_CODE 4
+#  elif __TARGET_LIB__ < 0x40000000
+#    define OS_CODE 11
+#  else
+#    define OS_CODE 8
+#  endif
+#endif
+
+#if defined(ATARI) || defined(atarist)
+#  define OS_CODE  5
+#endif
+
+#ifdef OS2
+#  define OS_CODE  6
+#  if defined(M_I86) && !defined(Z_SOLO)
+#    include <malloc.h>
+#  endif
+#endif
+
+#if defined(MACOS)
+#  define OS_CODE  7
+#endif
+
+#ifdef __acorn
+#  define OS_CODE 13
+#endif
+
+#if defined(WIN32) && !defined(__CYGWIN__)
+#  define OS_CODE  10
+#endif
+
+#ifdef _BEOS_
+#  define OS_CODE  16
+#endif
+
+#ifdef __TOS_OS400__
+#  define OS_CODE 18
+#endif
+
+#ifdef __APPLE__
+#  define OS_CODE 19
+#endif
+
+#if defined(__BORLANDC__) && !defined(MSDOS)
+  #pragma warn -8004
+  #pragma warn -8008
+  #pragma warn -8066
+#endif
+
+/* provide prototypes for these when building zlib without LFS */
+#if !defined(_WIN32) && \
+    (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
+    ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t);
+    ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t);
+    ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t);
+#endif
+
+        /* common defaults */
+
+#ifndef OS_CODE
+#  define OS_CODE  3     /* assume Unix */
+#endif
+
+#ifndef F_OPEN
+#  define F_OPEN(name, mode) fopen((name), (mode))
+#endif
+
+         /* functions */
+
+#if defined(pyr) || defined(Z_SOLO)
+#  define NO_MEMCPY
+#endif
+#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
+ /* Use our own functions for small and medium model with MSC <= 5.0.
+  * You may have to use the same strategy for Borland C (untested).
+  * The __SC__ check is for Symantec.
+  */
+#  define NO_MEMCPY
+#endif
+#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
+#  define HAVE_MEMCPY
+#endif
+#ifdef HAVE_MEMCPY
+#  ifdef SMALL_MEDIUM /* MSDOS small or medium model */
+#    define zmemcpy _fmemcpy
+#    define zmemcmp _fmemcmp
+#    define zmemzero(dest, len) _fmemset(dest, 0, len)
+#  else
+#    define zmemcpy memcpy
+#    define zmemcmp memcmp
+#    define zmemzero(dest, len) memset(dest, 0, len)
+#  endif
+#else
+   void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len);
+   int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len);
+   void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len);
+#endif
+
+/* Diagnostic functions */
+#ifdef ZLIB_DEBUG
+#  include <stdio.h>
+   extern int ZLIB_INTERNAL z_verbose;
+   extern void ZLIB_INTERNAL z_error(char *m);
+#  define Assert(cond,msg) {if(!(cond)) z_error(msg);}
+#  define Trace(x) {if (z_verbose>=0) fprintf x ;}
+#  define Tracev(x) {if (z_verbose>0) fprintf x ;}
+#  define Tracevv(x) {if (z_verbose>1) fprintf x ;}
+#  define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
+#  define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
+#else
+#  define Assert(cond,msg)
+#  define Trace(x)
+#  define Tracev(x)
+#  define Tracevv(x)
+#  define Tracec(c,x)
+#  define Tracecv(c,x)
+#endif
+
+#ifndef Z_SOLO
+   voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items,
+                                unsigned size);
+   void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr);
+#endif
+
+#define ZALLOC(strm, items, size) \
+           (*((strm)->zalloc))((strm)->opaque, (items), (size))
+#define ZFREE(strm, addr)  (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
+#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
+
+/* Reverse the bytes in a 32-bit value */
+#define ZSWAP32(q) ((((q) >> 24) & 0xff) + (((q) >> 8) & 0xff00) + \
+                    (((q) & 0xff00) << 8) + (((q) & 0xff) << 24))
+
+#endif /* ZUTIL_H */